diff --git a/ACKNOWLEDGEMENTS.md b/ACKNOWLEDGEMENTS.md deleted file mode 100644 index a4dab0c4fff42e70de2f3687e46c9cc1b8db14c6..0000000000000000000000000000000000000000 --- a/ACKNOWLEDGEMENTS.md +++ /dev/null @@ -1,6 +0,0 @@ -Acknowlegements -=============== - -Please see our [Thanks!][] page for the current acknowledgements. - -[Thanks!]: https://www.openssl.org/community/thanks.html diff --git a/AUTHORS.md b/AUTHORS.md deleted file mode 100644 index dc6b534b82a576a66d03bf5bf7a9c8254e1c337c..0000000000000000000000000000000000000000 --- a/AUTHORS.md +++ /dev/null @@ -1,51 +0,0 @@ -Authors -======= - -This is the list of OpenSSL authors for copyright purposes. -It does not necessarily list everyone who has contributed code, -since in some cases, their employer may be the copyright holder. -To see the full list of contributors, see the revision history in -source control. - -Groups ------- - - * OpenSSL Software Services, Inc. - * OpenSSL Software Foundation, Inc. - -Individuals ------------ - - * Andy Polyakov - * Ben Laurie - * Ben Kaduk - * Bernd Edlinger - * Bodo Möller - * David Benjamin - * David von Oheimb - * Dmitry Belyavskiy (Дмитрий Белявский) - * Emilia Käsper - * Eric Young - * Geoff Thorpe - * Holger Reif - * Kurt Roeckx - * Lutz Jänicke - * Mark J. Cox - * Matt Caswell - * Matthias St. Pierre - * Nicola Tuveri - * Nils Larsch - * Patrick Steuer - * Paul Dale - * Paul C. Sutton - * Paul Yang - * Ralf S. Engelschall - * Rich Salz - * Richard Levitte - * Shane Lontis - * Stephen Henson - * Steve Marquess - * Tim Hudson - * Tomáš Mráz - * Ulf Möller - * Viktor Dukhovni diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md deleted file mode 100644 index efb4be87169575c4f9597dc2523fe7651f61b6a6..0000000000000000000000000000000000000000 --- a/CONTRIBUTING.md +++ /dev/null @@ -1,94 +0,0 @@ -HOW TO CONTRIBUTE TO OpenSSL -============================ - -Please visit our [Getting Started] page for other ideas about how to contribute. - - [Getting Started]: - -Development is done on GitHub in the [openssl/openssl] repository. - - [openssl/openssl]: - -To request new features or report bugs, please open an issue on GitHub - -To submit a patch, please open a pull request on GitHub. If you are thinking -of making a large contribution, open an issue for it before starting work, -to get comments from the community. Someone may be already working on -the same thing or there may be reasons why that feature isn't implemented. - -To make it easier to review and accept your pull request, please follow these -guidelines: - - 1. Anything other than a trivial contribution requires a [Contributor - License Agreement] (CLA), giving us permission to use your code. - If your contribution is too small to require a CLA (e.g. fixing a spelling - mistake), place the text "`CLA: trivial`" on a line by itself separated by - an empty line from the rest of the commit message. It is not sufficient to - only place the text in the GitHub pull request description. - - [Contributor License Agreement]: - - To amend a missing "`CLA: trivial`" line after submission, do the following: - - ``` - git commit --amend - [add the line, save and quit the editor] - git push -f - ``` - - 2. All source files should start with the following text (with - appropriate comment characters at the start of each line and the - year(s) updated): - - ``` - Copyright 20xx-20yy The OpenSSL Project Authors. All Rights Reserved. - - Licensed under the Apache License 2.0 (the "License"). You may not use - this file except in compliance with the License. You can obtain a copy - in the file LICENSE in the source distribution or at - https://www.openssl.org/source/license.html - ``` - - 3. Patches should be as current as possible; expect to have to rebase - often. We do not accept merge commits, you will have to remove them - (usually by rebasing) before it will be acceptable. - - 4. Patches should follow our [coding style] and compile without warnings. - Where `gcc` or `clang` is available you should use the - `--strict-warnings` `Configure` option. OpenSSL compiles on many varied - platforms: try to ensure you only use portable features. Clean builds via - GitHub Actions and AppVeyor are required, and they are started automatically - whenever a PR is created or updated. - - [coding style]: https://www.openssl.org/policies/technical/coding-style.html - - 5. When at all possible, patches should include tests. These can - either be added to an existing test, or completely new. Please see - [test/README.md](test/README.md) for information on the test framework. - - 6. New features or changed functionality must include - documentation. Please look at the "pod" files in doc/man[1357] for - examples of our style. Run "make doc-nits" to make sure that your - documentation changes are clean. - - 7. For user visible changes (API changes, behaviour changes, ...), - consider adding a note in [CHANGES.md](CHANGES.md). - This could be a summarising description of the change, and could - explain the grander details. - Have a look through existing entries for inspiration. - Please note that this is NOT simply a copy of git-log one-liners. - Also note that security fixes get an entry in [CHANGES.md](CHANGES.md). - This file helps users get more in depth information of what comes - with a specific release without having to sift through the higher - noise ratio in git-log. - - 8. For larger or more important user visible changes, as well as - security fixes, please add a line in [NEWS.md](NEWS.md). - On exception, it might be worth adding a multi-line entry (such as - the entry that announces all the types that became opaque with - OpenSSL 1.1.0). - This file helps users get a very quick summary of what comes with a - specific release, to see if an upgrade is worth the effort. - - 9. Guidelines how to integrate error output of new crypto library modules - can be found in [crypto/err/README.md](crypto/err/README.md). diff --git a/Configurations/00-base-templates.conf b/Configurations/00-base-templates.conf deleted file mode 100644 index 0e5d38d5a63273cf118819046ace4dd8665dae54..0000000000000000000000000000000000000000 --- a/Configurations/00-base-templates.conf +++ /dev/null @@ -1,141 +0,0 @@ -# -*- Mode: perl -*- -my %targets=( - DEFAULTS => { - template => 1, - - cflags => "", - cppflags => "", - lflags => "", - defines => [], - includes => [], - lib_cflags => "", - lib_cppflags => "", - lib_defines => [], - thread_scheme => "(unknown)", # Assume we don't know - thread_defines => [], - - unistd => "", - shared_target => "", - shared_cflag => "", - shared_defines => [], - shared_ldflag => "", - shared_rcflag => "", - - #### Defaults for the benefit of the config targets who don't inherit - #### a BASE and assume Unix defaults - #### THESE WILL DISAPPEAR IN OpenSSL 1.2 - build_scheme => [ "unified", "unix" ], - build_file => "Makefile", - - AR => "(unused)", - ARFLAGS => "(unused)", - CC => "cc", - HASHBANGPERL => "/usr/bin/env perl", - RANLIB => sub { which("$config{cross_compile_prefix}ranlib") - ? "ranlib" : "" }, - RC => "windres", - - #### THESE WILL BE ENABLED IN OpenSSL 1.2 - #HASHBANGPERL => "PERL", # Only Unix actually cares - }, - - BASE_common => { - template => 1, - - enable => [], - disable => [], - - defines => - sub { - my @defs = ( 'OPENSSL_BUILDING_OPENSSL' ); - push @defs, "ZLIB" unless $disabled{zlib}; - push @defs, "ZLIB_SHARED" unless $disabled{"zlib-dynamic"}; - return [ @defs ]; - }, - includes => - sub { - my @incs = (); - push @incs, $withargs{zlib_include} - if !$disabled{zlib} && $withargs{zlib_include}; - return [ @incs ]; - }, - }, - - BASE_unix => { - inherit_from => [ "BASE_common" ], - template => 1, - - AR => "ar", - ARFLAGS => "qc", - CC => "cc", - lflags => - sub { $withargs{zlib_lib} ? "-L".$withargs{zlib_lib} : () }, - ex_libs => - sub { !defined($disabled{zlib}) - && defined($disabled{"zlib-dynamic"}) - ? "-lz" : () }, - HASHBANGPERL => "/usr/bin/env perl", # Only Unix actually cares - RANLIB => sub { which("$config{cross_compile_prefix}ranlib") - ? "ranlib" : "" }, - RC => "windres", - - build_scheme => [ "unified", "unix" ], - build_file => "Makefile", - - perl_platform => 'Unix', - }, - - BASE_Windows => { - inherit_from => [ "BASE_common" ], - template => 1, - - lib_defines => - sub { - my @defs = (); - unless ($disabled{"zlib-dynamic"}) { - my $zlib = $withargs{zlib_lib} // "ZLIB1"; - push @defs, 'LIBZ=' . (quotify("perl", $zlib))[0]; - } - return [ @defs ]; - }, - ex_libs => - sub { - unless ($disabled{zlib}) { - if (defined($disabled{"zlib-dynamic"})) { - return $withargs{zlib_lib} // "ZLIB1"; - } - } - return (); - }, - - MT => "mt", - MTFLAGS => "-nologo", - mtinflag => "-manifest ", - mtoutflag => "-outputresource:", - - build_file => "makefile", - build_scheme => [ "unified", "windows" ], - - perl_platform => 'Windows', - }, - - BASE_VMS => { - inherit_from => [ "BASE_common" ], - template => 1, - - includes => - add(sub { - my @incs = (); - # GNV$ZLIB_INCLUDE is the standard logical name for later - # zlib incarnations. - push @incs, 'GNV$ZLIB_INCLUDE:' - if !$disabled{zlib} && !$withargs{zlib_include}; - return [ @incs ]; - }), - - build_file => "descrip.mms", - build_scheme => [ "unified", "VMS" ], - - perl_platform => 'VMS', - }, -); diff --git a/Configurations/10-main.conf b/Configurations/10-main.conf deleted file mode 100644 index b578a3c2a8616656aea4c089706381d349d96ced..0000000000000000000000000000000000000000 --- a/Configurations/10-main.conf +++ /dev/null @@ -1,1938 +0,0 @@ -## -*- mode: perl; -*- -## Standard openssl configuration targets. - -# Helper functions for the Windows configs -my $vc_win64a_info = {}; -sub vc_win64a_info { - unless (%$vc_win64a_info) { - if (`nasm -v 2>NUL` =~ /NASM version ([0-9]+\.[0-9]+)/ && $1 >= 2.0) { - $vc_win64a_info = { AS => "nasm", - ASFLAGS => "-g", - asflags => "-Ox -f win64 -DNEAR", - asoutflag => "-o " }; - } elsif ($disabled{asm}) { - # assembler is still used to compile uplink shim - $vc_win64a_info = { AS => "ml64", - ASFLAGS => "/nologo /Zi", - asflags => "/c /Cp /Cx", - asoutflag => "/Fo" }; - } else { - $die->("NASM not found - make sure it's installed and available on %PATH%\n"); - $vc_win64a_info = { AS => "{unknown}", - ASFLAGS => "", - asflags => "", - asoutflag => "" }; - } - } - return $vc_win64a_info; -} - -my $vc_win32_info = {}; -sub vc_win32_info { - unless (%$vc_win32_info) { - my $ver=`nasm -v 2>NUL`; - my $vew=`nasmw -v 2>NUL`; - if ($ver ne "" || $vew ne "") { - $vc_win32_info = { AS => $ver ge $vew ? "nasm" : "nasmw", - ASFLAGS => "", - asflags => "-f win32", - asoutflag => "-o ", - perlasm_scheme => "win32n" }; - } elsif ($disabled{asm}) { - # not actually used, uplink shim is inlined into C code - $vc_win32_info = { AS => "ml", - ASFLAGS => "/nologo /Zi", - asflags => "/Cp /coff /c /Cx", - asoutflag => "/Fo", - perlasm_scheme => "win32" }; - } else { - $die->("NASM not found - make sure it's installed and available on %PATH%\n"); - $vc_win32_info = { AS => "{unknown}", - ASFLAGS => "", - asflags => "", - asoutflag => "", - perlasm_scheme => "win32" }; - } - } - return $vc_win32_info; -} - -my $vc_wince_info = {}; -sub vc_wince_info { - unless (%$vc_wince_info) { - # sanity check - $die->('%OSVERSION% is not defined') if (!defined(env('OSVERSION'))); - $die->('%PLATFORM% is not defined') if (!defined(env('PLATFORM'))); - $die->('%TARGETCPU% is not defined') if (!defined(env('TARGETCPU'))); - - # - # Idea behind this is to mimic flags set by eVC++ IDE... - # - my $wcevers = env('OSVERSION'); # WCENNN - my $wcevernum; - my $wceverdotnum; - if ($wcevers =~ /^WCE([1-9])([0-9]{2})$/) { - $wcevernum = "$1$2"; - $wceverdotnum = "$1.$2"; - } else { - $die->('%OSVERSION% value is insane'); - $wcevernum = "{unknown}"; - $wceverdotnum = "{unknown}"; - } - my $wcecdefs = "-D_WIN32_WCE=$wcevernum -DUNDER_CE=$wcevernum"; # -D_WIN32_WCE=NNN - my $wcelflag = "/subsystem:windowsce,$wceverdotnum"; # ...,N.NN - - my $wceplatf = env('PLATFORM'); - - $wceplatf =~ tr/a-z0-9 /A-Z0-9_/; - $wcecdefs .= " -DWCE_PLATFORM_$wceplatf"; - - my $wcetgt = env('TARGETCPU'); # just shorter name... - SWITCH: for($wcetgt) { - /^X86/ && do { $wcecdefs.=" -Dx86 -D_X86_ -D_i386_ -Di_386_"; - $wcelflag.=" /machine:X86"; last; }; - /^ARMV4[IT]/ && do { $wcecdefs.=" -DARM -D_ARM_ -D$wcetgt"; - $wcecdefs.=" -DTHUMB -D_THUMB_" if($wcetgt=~/T$/); - $wcecdefs.=" -QRarch4T -QRinterwork-return"; - $wcelflag.=" /machine:THUMB"; last; }; - /^ARM/ && do { $wcecdefs.=" -DARM -D_ARM_ -D$wcetgt"; - $wcelflag.=" /machine:ARM"; last; }; - /^MIPSIV/ && do { $wcecdefs.=" -DMIPS -D_MIPS_ -DR4000 -D$wcetgt"; - $wcecdefs.=" -D_MIPS64 -QMmips4 -QMn32"; - $wcelflag.=" /machine:MIPSFPU"; last; }; - /^MIPS16/ && do { $wcecdefs.=" -DMIPS -D_MIPS_ -DR4000 -D$wcetgt"; - $wcecdefs.=" -DMIPSII -QMmips16"; - $wcelflag.=" /machine:MIPS16"; last; }; - /^MIPSII/ && do { $wcecdefs.=" -DMIPS -D_MIPS_ -DR4000 -D$wcetgt"; - $wcecdefs.=" -QMmips2"; - $wcelflag.=" /machine:MIPS"; last; }; - /^R4[0-9]{3}/ && do { $wcecdefs.=" -DMIPS -D_MIPS_ -DR4000"; - $wcelflag.=" /machine:MIPS"; last; }; - /^SH[0-9]/ && do { $wcecdefs.=" -D$wcetgt -D_${wcetgt}_ -DSHx"; - $wcecdefs.=" -Qsh4" if ($wcetgt =~ /^SH4/); - $wcelflag.=" /machine:$wcetgt"; last; }; - { $wcecdefs.=" -D$wcetgt -D_${wcetgt}_"; - $wcelflag.=" /machine:$wcetgt"; last; }; - } - - $vc_wince_info = { cppflags => $wcecdefs, - lflags => $wcelflag }; - } - return $vc_wince_info; -} - -# Helper functions for the VMS configs -my $vms_info = {}; -sub vms_info { - my $pointer_size_str = $config{target} =~ m|-p(\d+)$| ? $1 : ""; - - # For the case where Configure iterate through all config targets, such - # as when listing them and their details, we reset info if the pointer - # size changes. - if (%$vms_info && $vms_info->{pointer_size} ne $pointer_size_str) { - $vms_info = {}; - } - - unless (%$vms_info) { - $vms_info->{disable_warns} = [ - "CXXPRAGMANA", # Shut up about unknown / unsupported pragmas - ]; - $vms_info->{pointer_size} = $pointer_size_str; - if ($pointer_size_str eq "64") { - `PIPE CC /NOCROSS_REFERENCE /NOLIST /NOOBJECT /WARNINGS = DISABLE = ( MAYLOSEDATA3, EMPTYFILE ) NL: 2> NL:`; - if ($? == 0) { - push @{$vms_info->{disable_warns}}, "MAYLOSEDATA3"; - } - } - - unless ($disabled{zlib}) { - my $default_zlib = 'GNV$LIBZSHR' . $pointer_size_str; - if (defined($disabled{"zlib-dynamic"})) { - $vms_info->{zlib} = $withargs{zlib_lib} || "$default_zlib/SHARE"; - } else { - $vms_info->{def_zlib} = $withargs{zlib_lib} || $default_zlib; - # In case the --with-zlib-lib value contains something like - # /SHARE or /LIB or so at the end, remove it. - $vms_info->{def_zlib} =~ s|/.*$||g; - } - } - - if ($config{target} =~ /-ia64/) { - `PIPE ias -H 2> NL:`; - if ($? == 0) { - $vms_info->{AS} = "ias"; - $vms_info->{ASFLAGS} = '-d debug'; - $vms_info->{asflags} = '"-N" vms_upcase'; - $vms_info->{asoutflag} = "-o "; - $vms_info->{perlasm_scheme} = "ias"; - } - } - } - return $vms_info; -} - -my %targets = ( - -#### Basic configs that should work on any 32-bit box - "gcc" => { - inherit_from => [ "BASE_unix" ], - CC => "gcc", - CFLAGS => picker(debug => "-O0 -g", - release => "-O3"), - thread_scheme => "(unknown)", - bn_ops => "BN_LLONG", - }, - "cc" => { - inherit_from => [ "BASE_unix" ], - CC => "cc", - CFLAGS => "-O", - thread_scheme => "(unknown)", - }, - -#### VOS Configurations - "vos-gcc" => { - inherit_from => [ "BASE_unix" ], - CC => "gcc", - CFLAGS => picker(default => "-Wall", - debug => "-O0 -g", - release => "-O3"), - cppflags => "-D_POSIX_C_SOURCE=200112L -D_BSD -D_VOS_EXTENDED_NAMES", - lib_cppflags => "-DB_ENDIAN", - thread_scheme => "(unknown)", - sys_id => "VOS", - lflags => add("-Wl,-map"), - bn_ops => "BN_LLONG", - shared_extension => ".so", - }, - -#### Solaris configurations - "solaris-common" => { - inherit_from => [ "BASE_unix" ], - template => 1, - lib_cppflags => "-DFILIO_H", - ex_libs => add("-lsocket -lnsl -ldl"), - dso_scheme => "dlfcn", - thread_scheme => "pthreads", - }, -#### Solaris common with Sun C setups - "solaris-common-cc" => { - inherit_from => [ "solaris-common" ], - template => 1, - shared_target => "solaris", - shared_ldflag => "-Wl,-Bsymbolic", - shared_defflag => "-Wl,-M,", - shared_sonameflag=> "-Wl,-h,", - }, -#### Solaris common with GNU C setups - "solaris-common-gcc" => { - inherit_from => [ "solaris-common" ], - template => 1, - shared_target => "solaris-gcc-shared", # The rest is on shared_info.pl - }, -#### Solaris x86 with GNU C setups - "solaris-x86-gcc" => { - # NB. GNU C has to be configured to use GNU assembler, and not - # /usr/ccs/bin/as. Failure to comply will result in compile - # failures [at least] in 32-bit build. - inherit_from => [ "solaris-common-gcc" ], - CC => "gcc", - CFLAGS => add_before(picker(default => "-Wall", - debug => "-O0 -g", - release => "-O3 -fomit-frame-pointer")), - cflags => add(threads("-pthread")), - lib_cppflags => add("-DL_ENDIAN"), - ex_libs => add(threads("-pthread")), - bn_ops => "BN_LLONG", - shared_cflag => "-fPIC", - shared_ldflag => add_before("-shared -static-libgcc"), - asm_arch => 'x86', - perlasm_scheme => 'elf', - }, - "solaris64-x86_64-gcc" => { - # -shared -static-libgcc might appear controversial, but modules - # taken from static libgcc do not have relocations and linking - # them into our shared objects doesn't have any negative side - # effects. On the contrary, doing so makes it possible to use - # gcc shared build with Sun C. Given that gcc generates faster - # code [thanks to inline assembler], I would actually recommend - # to consider using gcc shared build even with vendor compiler:-) - # -- - inherit_from => [ "solaris-common-gcc" ], - CC => "gcc", - CFLAGS => add_before(picker(default => "-Wall", - debug => "-O0 -g", - release => "-O3")), - cflags => add_before("-m64", threads("-pthread")), - lib_cppflags => add("-DL_ENDIAN"), - ex_libs => add(threads("-pthread")), - bn_ops => "SIXTY_FOUR_BIT_LONG", - asm_arch => 'x86_64', - perlasm_scheme => "elf", - shared_cflag => "-fPIC", - shared_ldflag => add_before("-shared -static-libgcc"), - multilib => "/64", - }, - -#### Solaris x86 with Sun C setups - # There used to be solaris-x86-cc target, but it was removed, - # primarily because vendor assembler can't assemble our modules - # with -KPIC flag. As result it, assembly support, was not even - # available as option. But its lack means lack of side-channel - # resistant code, which is incompatible with security by today's - # standards. Fortunately gcc is readily available prepackaged - # option, which we can firmly point at... - # - # On related note, solaris64-x86_64-cc target won't compile code - # paths utilizing AVX and post-Haswell instruction extensions. - # Consider switching to solaris64-x86_64-gcc even here... - # - "solaris64-x86_64-cc" => { - inherit_from => [ "solaris-common-cc" ], - CC => "cc", - CFLAGS => add_before(picker(debug => "-g", - release => "-xO5 -xdepend -xbuiltin")), - cflags => add_before("-xarch=generic64 -xstrconst -Xa"), - cppflags => add(threads("-D_REENTRANT")), - lib_cppflags => add("-DL_ENDIAN"), - thread_scheme => "pthreads", - lflags => add(threads("-mt")), - ex_libs => add(threads("-lpthread")), - bn_ops => "SIXTY_FOUR_BIT_LONG", - asm_arch => 'x86_64', - perlasm_scheme => "elf", - shared_cflag => "-KPIC", - shared_ldflag => add_before("-G -dy -z text"), - multilib => "/64", - }, - -#### SPARC Solaris with GNU C setups - "solaris-sparcv7-gcc" => { - inherit_from => [ "solaris-common-gcc" ], - CC => "gcc", - CFLAGS => add_before(picker(default => "-Wall", - debug => "-O0 -g", - release => "-O3")), - cflags => add(threads("-pthread")), - lib_cppflags => add("-DB_ENDIAN -DBN_DIV2W"), - ex_libs => add(threads("-pthread")), - bn_ops => "BN_LLONG RC4_CHAR", - shared_cflag => "-fPIC", - shared_ldflag => add_before("-shared"), - }, - "solaris-sparcv8-gcc" => { - inherit_from => [ "solaris-sparcv7-gcc" ], - cflags => add_before("-mcpu=v8"), - asm_arch => 'sparcv8', - perlasm_scheme => 'void', - }, - "solaris-sparcv9-gcc" => { - # -m32 should be safe to add as long as driver recognizes - # -mcpu=ultrasparc - inherit_from => [ "solaris-sparcv7-gcc" ], - cflags => add_before("-m32 -mcpu=ultrasparc"), - asm_arch => 'sparcv9', - perlasm_scheme => 'void', - }, - "solaris64-sparcv9-gcc" => { - inherit_from => [ "solaris-sparcv9-gcc" ], - cflags => sub { my $f=join(" ",@_); $f =~ s/\-m32/-m64/; $f; }, - bn_ops => "BN_LLONG RC4_CHAR", - multilib => "/64", - }, - -#### SPARC Solaris with Sun C setups -# SC4.0 doesn't pass 'make test', upgrade to SC5.0 or SC4.2. -# SC4.2 is ok, better than gcc even on bn as long as you tell it -xarch=v8 -# SC5.0 note: Compiler common patch 107357-01 or later is required! - "solaris-sparcv7-cc" => { - inherit_from => [ "solaris-common-cc" ], - CC => "cc", - CFLAGS => add_before(picker(debug => "-g", - release => "-xO5 -xdepend")), - cflags => add_before("-xstrconst -Xa"), - cppflags => add(threads("-D_REENTRANT")), - lib_cppflags => add("-DB_ENDIAN -DBN_DIV2W"), - lflags => add(threads("-mt")), - ex_libs => add(threads("-lpthread")), - bn_ops => "BN_LLONG RC4_CHAR", - shared_cflag => "-KPIC", - shared_ldflag => add_before("-G -dy -z text"), - }, -#### - "solaris-sparcv8-cc" => { - inherit_from => [ "solaris-sparcv7-cc" ], - cflags => add_before("-xarch=v8"), - asm_arch => 'sparcv8', - perlasm_scheme => 'void', - }, - "solaris-sparcv9-cc" => { - inherit_from => [ "solaris-sparcv7-cc" ], - cflags => add_before("-xarch=v8plus"), - asm_arch => 'sparcv9', - perlasm_scheme => 'void', - }, - "solaris64-sparcv9-cc" => { - inherit_from => [ "solaris-sparcv7-cc" ], - cflags => add_before("-m64 -xarch=sparc"), - bn_ops => "BN_LLONG RC4_CHAR", - asm_arch => 'sparcv9', - perlasm_scheme => 'void', - multilib => "/64", - }, - -#### IRIX 6.x configs -# Only N32 and N64 ABIs are supported. - "irix-common" => { - inherit_from => [ "BASE_unix" ], - template => 1, - cppflags => threads("-D_SGI_MP_SOURCE"), - lib_cppflags => "-DB_ENDIAN", - ex_libs => add(threads("-lpthread")), - thread_scheme => "pthreads", - dso_scheme => "dlfcn", - shared_target => "self", - shared_ldflag => "-shared -Wl,-Bsymbolic", - shared_sonameflag=> "-Wl,-soname,", - }, - "irix-mips3-gcc" => { - inherit_from => [ "irix-common" ], - CC => "gcc", - CFLAGS => picker(debug => "-g -O0", - release => "-O3"), - LDFLAGS => "-static-libgcc", - cflags => "-mabi=n32", - bn_ops => "RC4_CHAR SIXTY_FOUR_BIT", - asm_arch => 'mips64', - perlasm_scheme => "n32", - multilib => "32", - }, - "irix-mips3-cc" => { - inherit_from => [ "irix-common" ], - CC => "cc", - CFLAGS => picker(debug => "-g -O0", - release => "-O2"), - cflags => "-n32 -mips3 -use_readonly_const -G0 -rdata_shared", - bn_ops => "RC4_CHAR SIXTY_FOUR_BIT", - asm_arch => 'mips64', - perlasm_scheme => "n32", - multilib => "32", - }, - # N64 ABI builds. - "irix64-mips4-gcc" => { - inherit_from => [ "irix-common" ], - CC => "gcc", - CFLAGS => picker(debug => "-g -O0", - release => "-O3"), - LDFLAGS => "-static-libgcc", - cflags => "-mabi=64 -mips4", - bn_ops => "RC4_CHAR SIXTY_FOUR_BIT_LONG", - asm_arch => 'mips64', - perlasm_scheme => "64", - multilib => "64", - }, - "irix64-mips4-cc" => { - inherit_from => [ "irix-common" ], - CC => "cc", - CFLAGS => picker(debug => "-g -O0", - release => "-O2"), - cflags => "-64 -mips4 -use_readonly_const -G0 -rdata_shared", - bn_ops => "RC4_CHAR SIXTY_FOUR_BIT_LONG", - asm_arch => 'mips64', - perlasm_scheme => "64", - multilib => "64", - }, - -#### Unified HP-UX ANSI C configs. -# Special notes: -# - Originally we were optimizing at +O4 level. It should be noted -# that the only difference between +O3 and +O4 is global inter- -# procedural analysis. As it has to be performed during the link -# stage the compiler leaves behind certain pseudo-code in lib*.a -# which might be release or even patch level specific. Generating -# the machine code for and analyzing the *whole* program appears -# to be *extremely* memory demanding while the performance gain is -# actually questionable. The situation is intensified by the default -# HP-UX data set size limit (infamous 'maxdsiz' tunable) of 64MB -# which is way too low for +O4. In other words, doesn't +O3 make -# more sense? -# - Keep in mind that the HP compiler by default generates code -# suitable for execution on the host you're currently compiling at. -# If the toolkit is meant to be used on various PA-RISC processors -# consider './Configure hpux-parisc-[g]cc +DAportable'. -# - -DMD32_XARRAY triggers workaround for compiler bug we ran into in -# 32-bit message digests. (For the moment of this writing) HP C -# doesn't seem to "digest" too many local variables (they make "him" -# chew forever:-). For more details look-up MD32_XARRAY comment in -# crypto/sha/sha_local.h. -# - originally there were 32-bit hpux-parisc2-* targets. They were -# scrapped, because a) they were not interchangeable with other 32-bit -# targets; b) performance-critical 32-bit assembly modules implement -# even PA-RISC 2.0-specific code paths, which are chosen at run-time, -# thus adequate performance is provided even with PA-RISC 1.1 build. - "hpux-common" => { - inherit_from => [ "BASE_unix" ], - template => 1, - defines => add("_XOPEN_SOURCE", "_XOPEN_SOURCE_EXTENDED", - "_HPUX_ALT_XOPEN_SOCKET_API"), - lib_cppflags => "-DB_ENDIAN", - thread_scheme => "pthreads", - dso_scheme => "dlfcn", # overridden in 32-bit PA-RISC builds - shared_target => "self", - bin_lflags => "-Wl,+s,+cdp,../:,+cdp,./:", - shared_ldflag => "-Wl,-B,symbolic,+vnocompatwarnings,-z,+s,+cdp,../:,+cdp,./:", - shared_sonameflag=> "-Wl,+h,", - }, - "hpux-parisc-gcc" => { - inherit_from => [ "hpux-common" ], - CC => "gcc", - CFLAGS => picker(debug => "-O0 -g", - release => "-O3"), - cflags => add(threads("-pthread")), - lib_cppflags => add("-DBN_DIV2W"), - ex_libs => add("-ldld", threads("-pthread")), - bn_ops => "BN_LLONG RC4_CHAR", - dso_scheme => "dl", - shared_cflag => "-fPIC", - shared_ldflag => add_before("-shared"), - shared_extension => ".sl.\$(SHLIB_VERSION_NUMBER)", - }, - "hpux-parisc1_1-gcc" => { - inherit_from => [ "hpux-parisc-gcc" ], - asm_arch => 'parisc11', - perlasm_scheme => "32", - multilib => "/pa1.1", - }, - "hpux64-parisc2-gcc" => { - inherit_from => [ "hpux-common" ], - CC => "gcc", - CFLAGS => combine(picker(debug => "-O0 -g", - release => "-O3")), - cflags => add(threads("-pthread")), - ex_libs => add("-ldl", threads("-pthread")), - bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHAR", - asm_arch => 'parisc20_64', - perlasm_scheme => "64", - shared_cflag => "-fpic", - shared_ldflag => add_before("-shared"), - shared_extension => ".sl.\$(SHLIB_VERSION_NUMBER)", - multilib => "/pa20_64", - }, - - # More attempts at unified 10.X and 11.X targets for HP C compiler. - "hpux-parisc-cc" => { - inherit_from => [ "hpux-common" ], - CC => "cc", - CFLAGS => picker(debug => "+O0 +d -g", - release => "+O3"), - cflags => "+Optrs_strongly_typed -Ae +ESlit", - cppflags => threads("-D_REENTRANT"), - lib_cppflags => add("-DBN_DIV2W -DMD32_XARRAY"), - ex_libs => add("-ldld", threads("-lpthread")), - bn_ops => "RC4_CHAR", - dso_scheme => "dl", - shared_cflag => "+Z", - shared_ldflag => add_before("-b"), - shared_extension => ".sl.\$(SHLIB_VERSION_NUMBER)", - }, - "hpux-parisc1_1-cc" => { - inherit_from => [ "hpux-parisc-cc" ], - cflags => add_before("+DA1.1"), - asm_arch => 'parisc11', - perlasm_scheme => "32", - multilib => "/pa1.1", - }, - "hpux64-parisc2-cc" => { - inherit_from => [ "hpux-common" ], - CC => "cc", - CFLAGS => picker(debug => "+O0 +d -g", - release => "+O3") , - cflags => "+DD64 +Optrs_strongly_typed -Ae +ESlit", - cppflags => threads("-D_REENTRANT") , - lib_cppflags => add("-DMD32_XARRAY"), - ex_libs => add("-ldl", threads("-lpthread")), - bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHAR", - asm_arch => 'parisc20_64', - perlasm_scheme => "64", - shared_cflag => "+Z", - shared_ldflag => add_before("-b"), - shared_extension => ".sl.\$(SHLIB_VERSION_NUMBER)", - multilib => "/pa20_64", - }, - - # HP/UX IA-64 targets - "hpux-ia64-cc" => { - inherit_from => [ "hpux-common" ], - CC => "cc", - CFLAGS => picker(debug => "+O0 +d -g", - release => "+O2"), - cflags => "-Ae +DD32 +Olit=all -z", - cppflags => add(threads("-D_REENTRANT")), - ex_libs => add("-ldl", threads("-lpthread")), - bn_ops => "SIXTY_FOUR_BIT", - asm_arch => 'ia64', - perlasm_scheme => 'void', - shared_cflag => "+Z", - shared_ldflag => add_before("-b"), - multilib => "/hpux32", - }, - "hpux64-ia64-cc" => { - inherit_from => [ "hpux-common" ], - CC => "cc", - CFLAGS => picker(debug => "+O0 +d -g", - release => "+O3"), - cflags => "-Ae +DD64 +Olit=all -z", - cppflags => threads("-D_REENTRANT"), - ex_libs => add("-ldl", threads("-lpthread")), - bn_ops => "SIXTY_FOUR_BIT_LONG", - asm_arch => 'ia64', - perlasm_scheme => 'void', - shared_cflag => "+Z", - shared_ldflag => add_before("-b"), - multilib => "/hpux64", - }, - # GCC builds... - "hpux-ia64-gcc" => { - inherit_from => [ "hpux-common" ], - CC => "gcc", - CFLAGS => picker(debug => "-O0 -g", - release => "-O3"), - cflags => add(threads("-pthread")), - ex_libs => add("-ldl", threads("-pthread")), - bn_ops => "SIXTY_FOUR_BIT", - asm_arch => 'ia64', - perlasm_scheme => 'void', - shared_cflag => "-fpic", - shared_ldflag => add_before("-shared"), - multilib => "/hpux32", - }, - "hpux64-ia64-gcc" => { - inherit_from => [ "hpux-common" ], - CC => "gcc", - CFLAGS => picker(debug => "-O0 -g", - release => "-O3"), - cflags => combine("-mlp64", threads("-pthread")), - ex_libs => add("-ldl", threads("-pthread")), - bn_ops => "SIXTY_FOUR_BIT_LONG", - asm_arch => 'ia64', - perlasm_scheme => 'void', - shared_cflag => "-fpic", - shared_ldflag => add_before("-shared"), - multilib => "/hpux64", - }, - -#### HP MPE/iX http://jazz.external.hp.com/src/openssl/ - "MPE/iX-gcc" => { - inherit_from => [ "BASE_unix" ], - CC => "gcc", - CFLAGS => "-O3", - cppflags => "-D_POSIX_SOURCE -D_SOCKET_SOURCE", - includes => [ "/SYSLOG/PUB" ], - lib_cppflags => "-DBN_DIV2W", - sys_id => "MPE", - lflags => add("-L/SYSLOG/PUB"), - ex_libs => add("-lsyslog -lsocket -lcurses"), - thread_scheme => "(unknown)", - bn_ops => "BN_LLONG", - }, - -#### DEC Alpha Tru64 targets. Tru64 is marketing name for OSF/1 version 4 -#### and forward. In reality 'uname -s' still returns "OSF1". Originally -#### there were even osf1-* configs targeting prior versions provided, -#### but not anymore... - "tru64-alpha-gcc" => { - inherit_from => [ "BASE_unix" ], - CC => "gcc", - CFLAGS => "-O3", - cflags => add("-std=c9x", threads("-pthread")), - cppflags => "-D_XOPEN_SOURCE=500 -D_OSF_SOURCE", - ex_libs => add("-lrt", threads("-pthread")), # for mlock(2) - bn_ops => "SIXTY_FOUR_BIT_LONG", - asm_arch => 'alpha', - perlasm_scheme => "void", - thread_scheme => "pthreads", - dso_scheme => "dlfcn", - shared_target => "alpha-osf1-shared", - shared_extension => ".so", - }, - "tru64-alpha-cc" => { - inherit_from => [ "BASE_unix" ], - CC => "cc", - CFLAGS => "-tune host -fast", - cflags => add("-std1 -readonly_strings", - threads("-pthread")), - cppflags => "-D_XOPEN_SOURCE=500 -D_OSF_SOURCE", - ex_libs => add("-lrt", threads("-pthread")), # for mlock(2) - bn_ops => "SIXTY_FOUR_BIT_LONG", - asm_arch => 'alpha', - perlasm_scheme => "void", - thread_scheme => "pthreads", - dso_scheme => "dlfcn", - shared_target => "alpha-osf1-shared", - shared_ldflag => "-msym", - shared_extension => ".so", - }, - -#### -#### Variety of LINUX:-) -#### -# *-generic* is endian-neutral target, but ./config is free to -# throw in -D[BL]_ENDIAN, whichever appropriate... - "linux-generic32" => { - inherit_from => [ "BASE_unix" ], - CC => "gcc", - CXX => "g++", - CFLAGS => picker(default => "-Wall", - debug => "-O0 -g", - release => "-O3"), - CXXFLAGS => picker(default => "-Wall", - debug => "-O0 -g", - release => "-O3"), - cflags => threads("-pthread"), - cxxflags => combine("-std=c++11", threads("-pthread")), - lib_cppflags => "-DOPENSSL_USE_NODELETE", - ex_libs => add("-ldl", threads("-pthread")), - bn_ops => "BN_LLONG RC4_CHAR", - thread_scheme => "pthreads", - dso_scheme => "dlfcn", - shared_target => "linux-shared", - shared_cflag => "-fPIC", - shared_ldflag => sub { $disabled{pinshared} ? () : "-Wl,-znodelete" }, - enable => [ "afalgeng" ], - }, - "linux-latomic" => { - inherit_from => [ "linux-generic32" ], - ex_libs => add(threads("-latomic")), - }, - "linux-generic64" => { - inherit_from => [ "linux-generic32" ], - bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHAR", - }, - - "linux-ppc" => { - inherit_from => [ "linux-latomic" ], - asm_arch => 'ppc32', - perlasm_scheme => "linux32", - lib_cppflags => add("-DB_ENDIAN"), - }, - "linux-ppc64" => { - inherit_from => [ "linux-generic64" ], - cflags => add("-m64"), - cxxflags => add("-m64"), - lib_cppflags => add("-DB_ENDIAN"), - asm_arch => 'ppc64', - perlasm_scheme => "linux64", - multilib => "64", - }, - "linux-ppc64le" => { - inherit_from => [ "linux-generic64" ], - cflags => add("-m64"), - cxxflags => add("-m64"), - lib_cppflags => add("-DL_ENDIAN"), - asm_arch => 'ppc64', - perlasm_scheme => "linux64le", - }, - - "linux-armv4" => { - ################################################################ - # Note that -march is not among compiler options in linux-armv4 - # target description. Not specifying one is intentional to give - # you choice to: - # - # a) rely on your compiler default by not specifying one; - # b) specify your target platform explicitly for optimal - # performance, e.g. -march=armv6 or -march=armv7-a; - # c) build "universal" binary that targets *range* of platforms - # by specifying minimum and maximum supported architecture; - # - # As for c) option. It actually makes no sense to specify - # maximum to be less than ARMv7, because it's the least - # requirement for run-time switch between platform-specific - # code paths. And without run-time switch performance would be - # equivalent to one for minimum. Secondly, there are some - # natural limitations that you'd have to accept and respect. - # Most notably you can *not* build "universal" binary for - # big-endian platform. This is because ARMv7 processor always - # picks instructions in little-endian order. Another similar - # limitation is that -mthumb can't "cross" -march=armv6t2 - # boundary, because that's where it became Thumb-2. Well, this - # limitation is a bit artificial, because it's not really - # impossible, but it's deemed too tricky to support. And of - # course you have to be sure that your binutils are actually - # up to the task of handling maximum target platform. With all - # this in mind here is an example of how to configure - # "universal" build: - # - # ./Configure linux-armv4 -march=armv6 -D__ARM_MAX_ARCH__=8 - # - inherit_from => [ "linux-latomic" ], - asm_arch => 'armv4', - perlasm_scheme => "linux32", - }, - "linux-aarch64" => { - inherit_from => [ "linux-generic64" ], - asm_arch => 'aarch64', - perlasm_scheme => "linux64", - }, - "linux-arm64ilp32" => { # https://wiki.linaro.org/Platform/arm64-ilp32 - inherit_from => [ "linux-generic32" ], - cflags => add("-mabi=ilp32"), - cxxflags => add("-mabi=ilp32"), - bn_ops => "SIXTY_FOUR_BIT RC4_CHAR", - asm_arch => 'aarch64', - perlasm_scheme => "linux64", - }, - - "linux-mips32" => { - # Configure script adds minimally required -march for assembly - # support, if no -march was specified at command line. - inherit_from => [ "linux-latomic" ], - cflags => add("-mabi=32"), - cxxflags => add("-mabi=32"), - asm_arch => 'mips32', - perlasm_scheme => "o32", - }, - # mips32 and mips64 below refer to contemporary MIPS Architecture - # specifications, MIPS32 and MIPS64, rather than to kernel bitness. - "linux-mips64" => { - inherit_from => [ "linux-latomic" ], - cflags => add("-mabi=n32"), - cxxflags => add("-mabi=n32"), - bn_ops => "RC4_CHAR SIXTY_FOUR_BIT", - asm_arch => 'mips64', - perlasm_scheme => "n32", - multilib => "32", - }, - "linux64-mips64" => { - inherit_from => [ "linux-generic64" ], - cflags => add("-mabi=64"), - cxxflags => add("-mabi=64"), - asm_arch => 'mips64', - perlasm_scheme => "64", - multilib => "64", - }, - - # riscv64 below refers to contemporary RISCV Architecture - # specifications, - "linux64-riscv64" => { - inherit_from => [ "linux-generic64"], - perlasm_scheme => "linux64", - }, - - # loongarch64 below refers to contemporary LoongArch Architecture - # specifications, - "linux64-loongarch64" => { - inherit_from => [ "linux-generic64"], - perlasm_scheme => "linux64", - }, - - #### IA-32 targets... - #### These two targets are a bit aged and are to be used on older Linux - #### machines where gcc doesn't understand -m32 and -m64 - "linux-elf" => { - inherit_from => [ "linux-generic32" ], - CFLAGS => add(picker(release => "-fomit-frame-pointer")), - lib_cppflags => add("-DL_ENDIAN"), - bn_ops => "BN_LLONG", - asm_arch => 'x86', - perlasm_scheme => "elf", - }, - "linux-aout" => { - inherit_from => [ "BASE_unix" ], - CC => "gcc", - CFLAGS => add(picker(default => "-Wall", - debug => "-O0 -g", - release => "-O3 -fomit-frame-pointer")), - lib_cppflags => add("-DL_ENDIAN"), - bn_ops => "BN_LLONG", - thread_scheme => "(unknown)", - asm_arch => 'x86', - perlasm_scheme => "a.out", - }, - - #### X86 / X86_64 targets - "linux-x86" => { - inherit_from => [ "linux-generic32" ], - CFLAGS => add(picker(release => "-fomit-frame-pointer")), - cflags => add("-m32"), - cxxflags => add("-m32"), - lib_cppflags => add("-DL_ENDIAN"), - bn_ops => "BN_LLONG", - asm_arch => 'x86', - perlasm_scheme => "elf", - }, - "linux-x86-clang" => { - inherit_from => [ "linux-x86" ], - CC => "clang", - CXX => "clang++", - ex_libs => add(threads("-latomic")), - }, - "linux-x86_64" => { - inherit_from => [ "linux-generic64" ], - cflags => add("-m64"), - cxxflags => add("-m64"), - lib_cppflags => add("-DL_ENDIAN"), - bn_ops => "SIXTY_FOUR_BIT_LONG", - asm_arch => 'x86_64', - perlasm_scheme => "elf", - multilib => "64", - }, - "linux-x86_64-clang" => { - inherit_from => [ "linux-x86_64" ], - CC => "clang", - CXX => "clang++", - }, - "linux-x32" => { - inherit_from => [ "linux-generic32" ], - cflags => add("-mx32"), - cxxflags => add("-mx32"), - lib_cppflags => add("-DL_ENDIAN"), - bn_ops => "SIXTY_FOUR_BIT", - asm_arch => 'x86_64', - perlasm_scheme => "elf32", - multilib => "x32", - }, - - "linux-ia64" => { - inherit_from => [ "linux-generic64" ], - bn_ops => "SIXTY_FOUR_BIT_LONG", - asm_arch => 'ia64', - perlasm_scheme => 'void', - }, - - "linux64-s390x" => { - inherit_from => [ "linux-generic64" ], - cflags => add("-m64"), - cxxflags => add("-m64"), - lib_cppflags => add("-DB_ENDIAN"), - asm_arch => 's390x', - perlasm_scheme => "64", - multilib => "64", - }, - "linux32-s390x" => { - #### So called "highgprs" target for z/Architecture CPUs - # "Highgprs" is kernel feature first implemented in Linux - # 2.6.32, see /proc/cpuinfo. The idea is to preserve most - # significant bits of general purpose registers not only - # upon 32-bit process context switch, but even on - # asynchronous signal delivery to such process. This makes - # it possible to deploy 64-bit instructions even in legacy - # application context and achieve better [or should we say - # adequate] performance. The build is binary compatible with - # linux-generic32, and the idea is to be able to install the - # resulting libcrypto.so alongside generic one, e.g. as - # /lib/highgprs/libcrypto.so.x.y, for ldconfig and run-time - # linker to autodiscover. Unfortunately it doesn't work just - # yet, because of couple of bugs in glibc - # sysdeps/s390/dl-procinfo.c affecting ldconfig and ld.so.1... - # - inherit_from => [ "linux-generic32" ], - cflags => add("-m31 -Wa,-mzarch"), - cxxflags => add("-m31 -Wa,-mzarch"), - lib_cppflags => add("-DB_ENDIAN"), - asm_arch => 's390x', - perlasm_scheme => "31", - multilib => "/highgprs", - }, - - #### SPARC Linux setups - "linux-sparcv8" => { - inherit_from => [ "linux-latomic" ], - cflags => add("-mcpu=v8"), - cxxflags => add("-mcpu=v8"), - lib_cppflags => add("-DB_ENDIAN -DBN_DIV2W"), - asm_arch => 'sparcv8', - perlasm_scheme => 'void', - }, - "linux-sparcv9" => { - # it's a real mess with -mcpu=ultrasparc option under Linux, - # but -Wa,-Av8plus should do the trick no matter what. - inherit_from => [ "linux-latomic" ], - cflags => add("-m32 -mcpu=ultrasparc -Wa,-Av8plus"), - cxxflags => add("-m32 -mcpu=ultrasparc -Wa,-Av8plus"), - lib_cppflags => add("-DB_ENDIAN -DBN_DIV2W"), - asm_arch => 'sparcv9', - perlasm_scheme => 'void', - }, - "linux64-sparcv9" => { - # GCC 3.1 is a requirement - inherit_from => [ "linux-generic64" ], - cflags => add("-m64 -mcpu=ultrasparc"), - cxxflags => add("-m64 -mcpu=ultrasparc"), - lib_cppflags => add("-DB_ENDIAN"), - ex_libs => add(threads("-latomic")), - bn_ops => "BN_LLONG RC4_CHAR", - asm_arch => 'sparcv9', - perlasm_scheme => 'void', - multilib => "64", - }, - - "linux-alpha-gcc" => { - inherit_from => [ "linux-generic64" ], - lib_cppflags => add("-DL_ENDIAN"), - bn_ops => "SIXTY_FOUR_BIT_LONG", - asm_arch => 'alpha', - perlasm_scheme => "void", - }, - "linux-c64xplus" => { - inherit_from => [ "BASE_unix" ], - # TI_CGT_C6000_7.3.x is a requirement - CC => "cl6x", - CFLAGS => "-o2 -ox -ms", - cflags => "--linux -ea=.s -eo=.o -mv6400+ -pden", - cxxflags => "--linux -ea=.s -eo=.o -mv6400+ -pden", - cppflags => combine("-DOPENSSL_SMALL_FOOTPRINT", - threads("-D_REENTRANT")), - bn_ops => "BN_LLONG", - thread_scheme => "pthreads", - asm_arch => 'c64xplus', - perlasm_scheme => "void", - dso_scheme => "dlfcn", - shared_target => "linux-shared", - shared_cflag => "--pic", - shared_ldflag => add("-z --sysv --shared"), - ranlib => "true", - }, - -#### *BSD - "BSD-generic32" => { - # As for thread cflag. Idea is to maintain "collective" set of - # flags, which would cover all BSD flavors. -pthread applies - # to them all, but is treated differently. OpenBSD expands is - # as -D_POSIX_THREAD -lc_r, which is sufficient. FreeBSD 4.x - # expands it as -lc_r, which has to be accompanied by explicit - # -D_THREAD_SAFE and sometimes -D_REENTRANT. FreeBSD 5.x - # expands it as -lc_r, which seems to be sufficient? - inherit_from => [ "BASE_unix" ], - CC => "cc", - CFLAGS => picker(default => "-Wall", - debug => "-O0 -g", - release => "-O3"), - cflags => threads("-pthread"), - cppflags => threads("-D_THREAD_SAFE -D_REENTRANT"), - ex_libs => add(threads("-pthread")), - enable => add("devcryptoeng"), - bn_ops => "BN_LLONG", - thread_scheme => "pthreads", - dso_scheme => "dlfcn", - shared_target => "bsd-gcc-shared", - shared_cflag => "-fPIC", - }, - "BSD-generic64" => { - inherit_from => [ "BSD-generic32" ], - bn_ops => "SIXTY_FOUR_BIT_LONG", - }, - - "BSD-x86" => { - inherit_from => [ "BSD-generic32" ], - CFLAGS => add(picker(release => "-fomit-frame-pointer")), - lib_cppflags => add("-DL_ENDIAN"), - bn_ops => "BN_LLONG", - asm_arch => 'x86', - perlasm_scheme => "a.out", - }, - "BSD-x86-elf" => { - inherit_from => [ "BSD-x86" ], - perlasm_scheme => "elf", - }, - - "BSD-sparcv8" => { - inherit_from => [ "BSD-generic32" ], - cflags => add("-mcpu=v8"), - lib_cppflags => add("-DB_ENDIAN"), - asm_arch => 'sparcv8', - perlasm_scheme => 'void', - }, - "BSD-sparc64" => { - # -DMD32_REG_T=int doesn't actually belong in sparc64 target, it - # simply *happens* to work around a compiler bug in gcc 3.3.3, - # triggered by RIPEMD160 code. - inherit_from => [ "BSD-generic64" ], - lib_cppflags => add("-DB_ENDIAN -DMD32_REG_T=int"), - bn_ops => "BN_LLONG", - asm_arch => 'sparcv9', - perlasm_scheme => 'void', - }, - - "BSD-ia64" => { - inherit_from => [ "BSD-generic64" ], - lib_cppflags => add("-DL_ENDIAN"), - bn_ops => "SIXTY_FOUR_BIT_LONG", - asm_arch => 'ia64', - perlasm_scheme => 'void', - }, - - "BSD-x86_64" => { - inherit_from => [ "BSD-generic64" ], - lib_cppflags => add("-DL_ENDIAN"), - bn_ops => "SIXTY_FOUR_BIT_LONG", - asm_arch => 'x86_64', - perlasm_scheme => "elf", - }, - - "BSD-aarch64" => { - inherit_from => [ "BSD-generic64" ], - lib_cppflags => add("-DL_ENDIAN"), - bn_ops => "SIXTY_FOUR_BIT_LONG", - asm_arch => 'aarch64', - perlasm_scheme => "linux64", - }, - - # riscv64 below refers to contemporary RISCV Architecture - # specifications, - "BSD-riscv64" => { - inherit_from => [ "BSD-generic64"], - perlasm_scheme => "linux64", - }, - - "bsdi-elf-gcc" => { - inherit_from => [ "BASE_unix" ], - CC => "gcc", - CFLAGS => "-fomit-frame-pointer -O3 -Wall", - lib_cppflags => "-DPERL5 -DL_ENDIAN", - ex_libs => add("-ldl"), - bn_ops => "BN_LLONG", - asm_arch => 'x86', - perlasm_scheme => "elf", - thread_scheme => "(unknown)", - dso_scheme => "dlfcn", - shared_target => "bsd-gcc-shared", - shared_cflag => "-fPIC", - }, - -#### SCO/Caldera targets. -# -# Originally we had like unixware-*, unixware-*-pentium, unixware-*-p6, etc. -# Now we only have blended unixware-* as it's the only one used by ./config. -# If you want to optimize for particular microarchitecture, bypass ./config -# and './Configure unixware-7 -Kpentium_pro' or whatever appropriate. -# Note that not all targets include assembler support. Mostly because of -# lack of motivation to support out-of-date platforms with out-of-date -# compiler drivers and assemblers. -# -# UnixWare 2.0x fails destest with -O. - "unixware-2.0" => { - inherit_from => [ "BASE_unix" ], - CC => "cc", - cflags => threads("-Kthread"), - lib_cppflags => "-DFILIO_H -DNO_STRINGS_H", - ex_libs => add("-lsocket -lnsl -lresolv -lx"), - thread_scheme => "uithreads", - }, - "unixware-2.1" => { - inherit_from => [ "BASE_unix" ], - CC => "cc", - CFLAGS => "-O", - cflags => threads("-Kthread"), - lib_cppflags => "-DFILIO_H", - ex_libs => add("-lsocket -lnsl -lresolv -lx"), - thread_scheme => "uithreads", - }, - "unixware-7" => { - inherit_from => [ "BASE_unix" ], - CC => "cc", - CFLAGS => "-O", - cflags => combine("-Kalloca", threads("-Kthread")), - lib_cppflags => "-DFILIO_H", - ex_libs => add("-lsocket -lnsl"), - thread_scheme => "uithreads", - bn_ops => "BN_LLONG", - asm_arch => 'x86', - perlasm_scheme => "elf-1", - dso_scheme => "dlfcn", - shared_target => "svr5-shared", - shared_cflag => "-Kpic", - }, - "unixware-7-gcc" => { - inherit_from => [ "BASE_unix" ], - CC => "gcc", - CFLAGS => "-O3 -fomit-frame-pointer -Wall", - cppflags => add(threads("-D_REENTRANT")), - lib_cppflags => add("-DL_ENDIAN -DFILIO_H"), - ex_libs => add("-lsocket -lnsl"), - bn_ops => "BN_LLONG", - thread_scheme => "pthreads", - asm_arch => 'x86', - perlasm_scheme => "elf-1", - dso_scheme => "dlfcn", - shared_target => "gnu-shared", - shared_cflag => "-fPIC", - }, -# SCO 5 - Ben Laurie says the -O breaks the SCO cc. - "sco5-cc" => { - inherit_from => [ "BASE_unix" ], - cc => "cc", - cflags => "-belf", - ex_libs => add("-lsocket -lnsl"), - thread_scheme => "(unknown)", - asm_arch => 'x86', - perlasm_scheme => "elf-1", - dso_scheme => "dlfcn", - shared_target => "svr3-shared", - shared_cflag => "-Kpic", - }, - "sco5-gcc" => { - inherit_from => [ "BASE_unix" ], - cc => "gcc", - cflags => "-O3 -fomit-frame-pointer", - ex_libs => add("-lsocket -lnsl"), - bn_ops => "BN_LLONG", - thread_scheme => "(unknown)", - asm_arch => 'x86', - perlasm_scheme => "elf-1", - dso_scheme => "dlfcn", - shared_target => "svr3-shared", - shared_cflag => "-fPIC", - }, - -#### IBM's AIX. - # Below targets assume AIX >=5. Caveat lector. If you are accustomed - # to control compilation "bitness" by setting $OBJECT_MODE environment - # variable, then you should know that in OpenSSL case it's considered - # only in ./config. Once configured, build procedure remains "deaf" to - # current value of $OBJECT_MODE. - "aix-common" => { - inherit_from => [ "BASE_unix" ], - template => 1, - sys_id => "AIX", - lib_cppflags => "-DB_ENDIAN", - lflags => "-Wl,-bsvr4", - thread_scheme => "pthreads", - dso_scheme => "dlfcn", - shared_target => "aix", - module_ldflags => "-Wl,-G,-bsymbolic,-bnoentry", - shared_ldflag => "-Wl,-G,-bsymbolic,-bnoentry", - shared_defflag => "-Wl,-bE:", - shared_fipsflag => "-Wl,-binitfini:_init:_cleanup", - perl_platform => 'AIX', - }, - "aix-gcc" => { - inherit_from => [ "aix-common" ], - CC => "gcc", - CFLAGS => picker(debug => "-O0 -g", - release => "-O"), - cflags => add(threads("-pthread")), - ex_libs => add(threads("-pthread")), - bn_ops => "BN_LLONG RC4_CHAR", - asm_arch => 'ppc32', - perlasm_scheme => "aix32", - shared_ldflag => add_before("-shared -static-libgcc"), - AR => add("-X32"), - RANLIB => add("-X32"), - }, - "aix64-gcc" => { - inherit_from => [ "aix-common" ], - CC => "gcc", - CFLAGS => picker(debug => "-O0 -g", - release => "-O"), - cflags => combine("-maix64", threads("-pthread")), - ex_libs => add(threads("-pthread")), - bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHAR", - asm_arch => 'ppc64', - perlasm_scheme => "aix64", - shared_ldflag => add_before("-shared -static-libgcc"), - shared_extension => "64.so.\$(SHLIB_VERSION_NUMBER)", - AR => add("-X64"), - RANLIB => add("-X64"), - }, - "aix64-gcc-as" => { - inherit_from => [ "aix64-gcc" ], - perlasm_scheme => "aix64-as", - }, - "aix-cc" => { - inherit_from => [ "aix-common" ], - CC => "cc", - CFLAGS => picker(debug => "-O0 -g", - release => "-O"), - cflags => combine("-q32 -qmaxmem=16384 -qro -qroconst", - threads("-qthreaded")), - cppflags => threads("-D_THREAD_SAFE"), - ex_libs => add(threads("-lpthreads")), - bn_ops => "BN_LLONG RC4_CHAR", - asm_arch => 'ppc32', - perlasm_scheme => "aix32", - shared_cflag => "-qpic", - AR => add("-X32"), - RANLIB => add("-X32"), - }, - "aix64-cc" => { - inherit_from => [ "aix-common" ], - CC => "cc", - CFLAGS => picker(debug => "-O0 -g", - release => "-O"), - cflags => combine("-q64 -qmaxmem=16384 -qro -qroconst", - threads("-qthreaded")), - cppflags => threads("-D_THREAD_SAFE"), - ex_libs => add(threads("-lpthreads")), - bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHAR", - asm_arch => 'ppc64', - perlasm_scheme => "aix64", - dso_scheme => "dlfcn", - shared_cflag => "-qpic", - shared_extension => "64.so.\$(SHLIB_VERSION_NUMBER)", - AR => add("-X64"), - RANLIB => add("-X64"), - }, - -# SIEMENS BS2000/OSD: an EBCDIC-based mainframe - "BS2000-OSD" => { - inherit_from => [ "BASE_unix" ], - CC => "c89", - CFLAGS => "-O", - cflags => "-XLLML -XLLMK -XL", - cppflags => "-DCHARSET_EBCDIC", - lib_cppflags => "-DB_ENDIAN", - ex_libs => add("-lsocket -lnsl"), - bn_ops => "THIRTY_TWO_BIT RC4_CHAR", - thread_scheme => "(unknown)", - }, - -#### Visual C targets -# -# Win64 targets, WIN64I denotes IA-64/Itanium and WIN64A - AMD64 -# -# Note about /wd4090, disable warning C4090. This warning returns false -# positives in some situations. Disabling it altogether masks both -# legitimate and false cases, but as we compile on multiple platforms, -# we rely on other compilers to catch legitimate cases. -# -# Also note that we force threads no matter what. Configuring "no-threads" -# is ignored. -# -# UNICODE is defined in VC-common and applies to all targets. It used to -# be an opt-in option for VC-WIN32, but not anymore. The original reason -# was because ANSI API was *native* system interface for no longer -# supported Windows 9x. Keep in mind that UNICODE only affects how -# OpenSSL libraries interact with underlying OS, it doesn't affect API -# that OpenSSL presents to application. - - "VC-common" => { - inherit_from => [ "BASE_Windows" ], - template => 1, - CC => "cl", - CPP => '$(CC) /EP /C', - CFLAGS => "/W3 /wd4090 /nologo", - coutflag => "/Fo", - LD => "link", - LDFLAGS => "/nologo /debug", - ldoutflag => "/out:", - ldpostoutflag => "", - ld_resp_delim => "\n", - bin_lflags => "setargv.obj", - makedepcmd => '$(CC) /Zs /showIncludes', - makedep_scheme => 'VC', - AR => "lib", - ARFLAGS => "/nologo", - aroutflag => "/out:", - ar_resp_delim => "\n", - RC => "rc", - rcoutflag => "/fo", - defines => add("OPENSSL_SYS_WIN32", "WIN32_LEAN_AND_MEAN", - "UNICODE", "_UNICODE", - "_CRT_SECURE_NO_DEPRECATE", - "_WINSOCK_DEPRECATED_NO_WARNINGS"), - lib_cflags => add("/Zi /Fdossl_static.pdb"), - lib_defines => add("L_ENDIAN"), - dso_cflags => "/Zi /Fddso.pdb", - bin_cflags => "/Zi /Fdapp.pdb", - # def_flag made to empty string so a .def file gets generated - shared_defflag => '', - shared_ldflag => "/dll", - shared_target => "win-shared", # meaningless except it gives Configure a hint - lddefflag => "/def:", - ldresflag => " ", - ld_implib_flag => "/implib:", - thread_scheme => "winthreads", - dso_scheme => "win32", - perl_platform => 'Windows::MSVC', - # additional parameter to build_scheme denotes install-path "flavour" - build_scheme => add("VC-common", { separator => undef }), - }, - "VC-noCE-common" => { - inherit_from => [ "VC-common" ], - template => 1, - CFLAGS => add(picker(debug => '/Od', - release => '/O2')), - cflags => add(picker(default => '/Gs0 /GF /Gy', - debug => - sub { - ($disabled{shared} ? "" : "/MDd"); - }, - release => - sub { - ($disabled{shared} ? "" : "/MD"); - })), - defines => add(picker(default => [], # works as type cast - debug => [ "DEBUG", "_DEBUG" ])), - lib_cflags => add(sub { $disabled{shared} ? "/MT /Zl" : () }), - # Following might/should appears controversial, i.e. defining - # /MDd without evaluating $disabled{shared}. It works in - # non-shared build because static library is compiled with /Zl - # and bares no reference to specific RTL. And it works in - # shared build because multiple /MDd options are not prohibited. - # But why /MDd in static build? Well, basically this is just a - # reference point, which allows to catch eventual errors that - # would prevent those who want to wrap OpenSSL into own .DLL. - # Why not /MD in release build then? Well, some are likely to - # prefer [non-debug] openssl.exe to be free from Micorosoft RTL - # redistributable. - bin_cflags => add(picker(debug => "/MDd", - release => sub { $disabled{shared} ? "/MT" : () }, - )), - bin_lflags => add("/subsystem:console /opt:ref"), - ex_libs => add(sub { - my @ex_libs = (); - push @ex_libs, 'ws2_32.lib' unless $disabled{sock}; - push @ex_libs, 'gdi32.lib advapi32.lib crypt32.lib user32.lib'; - return join(" ", @ex_libs); - }), - }, - "VC-WIN64-common" => { - inherit_from => [ "VC-noCE-common" ], - template => 1, - ex_libs => add(sub { - my @ex_libs = (); - push @ex_libs, 'bufferoverflowu.lib' if (`cl 2>&1` =~ /14\.00\.4[0-9]{4}\./); - return join(" ", @_, @ex_libs); - }), - bn_ops => add("SIXTY_FOUR_BIT"), - }, - "VC-WIN64I" => { - inherit_from => [ "VC-WIN64-common" ], - AS => "ias", - ASFLAGS => "-d debug", - asoutflag => "-o ", - sys_id => "WIN64I", - uplink_arch => 'ia64', - asm_arch => 'ia64', - perlasm_scheme => "ias", - multilib => "-ia64", - }, - "VC-WIN64A" => { - inherit_from => [ "VC-WIN64-common" ], - AS => sub { vc_win64a_info()->{AS} }, - ASFLAGS => sub { vc_win64a_info()->{ASFLAGS} }, - asoutflag => sub { vc_win64a_info()->{asoutflag} }, - asflags => sub { vc_win64a_info()->{asflags} }, - sys_id => "WIN64A", - uplink_arch => 'x86_64', - asm_arch => 'x86_64', - perlasm_scheme => "auto", - multilib => "-x64", - }, - "VC-WIN32" => { - inherit_from => [ "VC-noCE-common" ], - AS => sub { vc_win32_info()->{AS} }, - ASFLAGS => sub { vc_win32_info()->{ASFLAGS} }, - asoutflag => sub { vc_win32_info()->{asoutflag} }, - asflags => sub { vc_win32_info()->{asflags} }, - sys_id => "WIN32", - bn_ops => add("BN_LLONG"), - uplink_arch => 'common', - asm_arch => 'x86', - perlasm_scheme => sub { vc_win32_info()->{perlasm_scheme} }, - # "WOW" stands for "Windows on Windows", and "VC-WOW" engages - # some installation path heuristics in windows-makefile.tmpl... - build_scheme => add("VC-WOW", { separator => undef }), - }, - "VC-CE" => { - inherit_from => [ "VC-common" ], - CFLAGS => add(picker(debug => "/Od", - release => "/O1i")), - CPPDEFINES => picker(debug => [ "DEBUG", "_DEBUG" ]), - LDFLAGS => add("/nologo /opt:ref"), - cflags => - combine('/GF /Gy', - sub { vc_wince_info()->{cflags}; }, - sub { `cl 2>&1` =~ /Version ([0-9]+)\./ && $1>=14 - ? ($disabled{shared} ? " /MT" : " /MD") - : " /MC"; }), - cppflags => sub { vc_wince_info()->{cppflags}; }, - lib_defines => add("NO_CHMOD", "OPENSSL_SMALL_FOOTPRINT"), - lib_cppflags => sub { vc_wince_info()->{cppflags}; }, - includes => - add(combine(sub { defined(env('WCECOMPAT')) - ? '$(WCECOMPAT)/include' : (); }, - sub { defined(env('PORTSDK_LIBPATH')) - ? '$(PORTSDK_LIBPATH)/../../include' - : (); })), - lflags => add(combine(sub { vc_wince_info()->{lflags}; }, - sub { defined(env('PORTSDK_LIBPATH')) - ? "/entry:mainCRTstartup" : (); })), - sys_id => "WINCE", - bn_ops => add("BN_LLONG"), - ex_libs => add(sub { - my @ex_libs = (); - push @ex_libs, 'ws2.lib' unless $disabled{sock}; - push @ex_libs, 'crypt32.lib'; - if (defined(env('WCECOMPAT'))) { - my $x = '$(WCECOMPAT)/lib'; - if (-f "$x/env('TARGETCPU')/wcecompatex.lib") { - $x .= '/$(TARGETCPU)/wcecompatex.lib'; - } else { - $x .= '/wcecompatex.lib'; - } - push @ex_libs, $x; - } - push @ex_libs, '$(PORTSDK_LIBPATH)/portlib.lib' - if (defined(env('PORTSDK_LIBPATH'))); - push @ex_libs, '/nodefaultlib coredll.lib corelibc.lib' - if (env('TARGETCPU') =~ /^X86|^ARMV4[IT]/); - return join(" ", @ex_libs); - }), - }, - -#### MinGW - "mingw-common" => { - inherit_from => [ 'BASE_unix' ], - template => 1, - CC => "gcc", - CFLAGS => picker(default => "-Wall", - debug => "-g -O0", - release => "-O3"), - cppflags => combine("-DUNICODE -D_UNICODE -DWIN32_LEAN_AND_MEAN", - threads("-D_MT")), - lib_cppflags => "-DL_ENDIAN", - ex_libs => add("-lws2_32 -lgdi32 -lcrypt32"), - thread_scheme => "winthreads", - dso_scheme => "win32", - shared_target => "mingw-shared", - shared_cppflags => add("_WINDLL"), - shared_ldflag => "-static-libgcc", - - perl_platform => 'mingw', - }, - "mingw" => { - inherit_from => [ "mingw-common" ], - CFLAGS => add(picker(release => "-fomit-frame-pointer")), - cflags => "-m32", - sys_id => "MINGW32", - bn_ops => add("BN_LLONG"), - asm_arch => 'x86', - uplink_arch => 'x86', - perlasm_scheme => "coff", - shared_rcflag => "--target=pe-i386", - multilib => "", - }, - "mingw64" => { - # As for uplink_arch. Applink makes it possible to use - # .dll compiled with one compiler with application compiled with - # another compiler. It's possible to engage Applink support in - # mingw64 build, but it's not done, because until mingw64 - # supports structured exception handling, one can't seriously - # consider its binaries for using with non-mingw64 run-time - # environment. And as mingw64 is always consistent with itself, - # Applink is never engaged and can as well be omitted. - inherit_from => [ "mingw-common" ], - cflags => "-m64", - sys_id => "MINGW64", - bn_ops => add("SIXTY_FOUR_BIT"), - asm_arch => 'x86_64', - uplink_arch => undef, - perlasm_scheme => "mingw64", - shared_rcflag => "--target=pe-x86-64", - multilib => "64", - }, - -#### UEFI - "UEFI" => { - inherit_from => [ "BASE_unix" ], - CC => "cc", - CFLAGS => "-O", - lib_cppflags => "-DL_ENDIAN", - sys_id => "UEFI", - }, - "UEFI-x86" => { - inherit_from => [ "UEFI" ], - asm_arch => 'x86', - perlasm_scheme => "win32n", - }, - "UEFI-x86_64" => { - inherit_from => [ "UEFI" ], - asm_arch => 'x86_64', - perlasm_scheme => "nasm", - }, - -#### UWIN - "UWIN" => { - inherit_from => [ "BASE_unix" ], - CC => "cc", - CFLAGS => "-O -Wall", - lib_cppflags => "-DTERMIOS -DL_ENDIAN", - sys_id => "UWIN", - bn_ops => "BN_LLONG", - dso_scheme => "win32", - }, - -#### Cygwin - "Cygwin-common" => { - inherit_from => [ "BASE_unix" ], - template => 1, - - CC => "gcc", - CFLAGS => picker(default => "-Wall", - debug => "-g -O0", - release => "-O3"), - lib_cppflags => "-DTERMIOS -DL_ENDIAN", - sys_id => "CYGWIN", - thread_scheme => "pthread", - dso_scheme => "dlfcn", - shared_target => "cygwin-shared", - shared_cppflags => "-D_WINDLL", - - perl_platform => 'Cygwin', - }, - "Cygwin-x86" => { - inherit_from => [ "Cygwin-common" ], - CFLAGS => add(picker(release => "-O3 -fomit-frame-pointer")), - bn_ops => "BN_LLONG", - asm_arch => 'x86', - perlasm_scheme => "coff", - }, - "Cygwin-x86_64" => { - inherit_from => [ "Cygwin-common" ], - CC => "gcc", - bn_ops => "SIXTY_FOUR_BIT_LONG", - asm_arch => 'x86_64', - perlasm_scheme => "mingw64", - }, - # Backward compatibility for those using this target - "Cygwin" => { - inherit_from => [ "Cygwin-x86" ] - }, - # In case someone constructs the Cygwin target name themself - "Cygwin-i386" => { - inherit_from => [ "Cygwin-x86" ] - }, - "Cygwin-i486" => { - inherit_from => [ "Cygwin-x86" ] - }, - "Cygwin-i586" => { - inherit_from => [ "Cygwin-x86" ] - }, - "Cygwin-i686" => { - inherit_from => [ "Cygwin-x86" ] - }, - -##### MacOS X (a.k.a. Darwin) setup - "darwin-common" => { - inherit_from => [ "BASE_unix" ], - template => 1, - CC => "cc", - CFLAGS => picker(debug => "-g -O0", - release => "-O3"), - cppflags => threads("-D_REENTRANT"), - lflags => add("-Wl,-search_paths_first"), - sys_id => "MACOSX", - bn_ops => "BN_LLONG RC4_CHAR", - thread_scheme => "pthreads", - perlasm_scheme => "osx32", - dso_scheme => "dlfcn", - ranlib => "ranlib -c", - shared_target => "darwin-shared", - shared_cflag => "-fPIC", - shared_extension => ".\$(SHLIB_VERSION_NUMBER).dylib", - }, - # Option "freeze" such as -std=gnu9x can't negatively interfere - # with future defaults for below two targets, because MacOS X - # for PPC has no future, it was discontinued by vendor in 2009. - "darwin-ppc-cc" => { inherit_from => [ "darwin-ppc" ] }, # Historic alias - "darwin-ppc" => { - inherit_from => [ "darwin-common" ], - cflags => add("-arch ppc -std=gnu9x -Wa,-force_cpusubtype_ALL"), - lib_cppflags => add("-DB_ENDIAN"), - shared_cflag => add("-fno-common"), - asm_arch => 'ppc32', - perlasm_scheme => "osx32", - }, - "darwin64-ppc-cc" => { inherit_from => [ "darwin64-ppc" ] }, # Historic alias - "darwin64-ppc" => { - inherit_from => [ "darwin-common" ], - cflags => add("-arch ppc64 -std=gnu9x"), - lib_cppflags => add("-DB_ENDIAN"), - bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHAR", - asm_arch => 'ppc64', - perlasm_scheme => "osx64", - }, - "darwin-i386-cc" => { inherit_from => [ "darwin-i386" ] }, # Historic alias - "darwin-i386" => { - inherit_from => [ "darwin-common" ], - CFLAGS => add(picker(release => "-fomit-frame-pointer")), - cflags => add("-arch i386"), - lib_cppflags => add("-DL_ENDIAN"), - bn_ops => "BN_LLONG RC4_INT", - asm_arch => 'x86', - perlasm_scheme => "macosx", - }, - "darwin64-x86_64-cc" => { inherit_from => [ "darwin64-x86_64" ] }, # Historic alias - "darwin64-x86_64" => { - inherit_from => [ "darwin-common" ], - CFLAGS => add("-Wall"), - cflags => add("-arch x86_64"), - lib_cppflags => add("-DL_ENDIAN"), - bn_ops => "SIXTY_FOUR_BIT_LONG", - asm_arch => 'x86_64', - perlasm_scheme => "macosx", - }, - "darwin64-arm64-cc" => { inherit_from => [ "darwin64-arm64" ] }, # "Historic" alias - "darwin64-arm64" => { - inherit_from => [ "darwin-common" ], - CFLAGS => add("-Wall"), - cflags => add("-arch arm64"), - lib_cppflags => add("-DL_ENDIAN"), - bn_ops => "SIXTY_FOUR_BIT_LONG", - asm_arch => 'aarch64', - perlasm_scheme => "ios64", - }, - -##### GNU Hurd - "hurd-x86" => { - inherit_from => [ "BASE_unix" ], - CC => "gcc", - CFLAGS => "-O3 -fomit-frame-pointer -Wall", - cflags => threads("-pthread"), - lib_cppflags => "-DL_ENDIAN", - ex_libs => add("-ldl", threads("-pthread")), - bn_ops => "BN_LLONG", - asm_arch => 'x86', - perlasm_scheme => 'elf', - thread_scheme => "pthreads", - dso_scheme => "dlfcn", - shared_target => "linux-shared", - shared_cflag => "-fPIC", - }, - -##### VxWorks for various targets - "vxworks-ppc60x" => { - inherit_from => [ "BASE_unix" ], - CC => "ccppc", - CFLAGS => "-O2 -Wall -fstrength-reduce", - cflags => "-mrtp -mhard-float -mstrict-align -fno-implicit-fp -fno-builtin -fno-strict-aliasing", - cppflags => combine("-D_REENTRANT -DPPC32_fp60x -DCPU=PPC32", - "_DTOOL_FAMILY=gnu -DTOOL=gnu", - "-I\$(WIND_BASE)/target/usr/h", - "-I\$(WIND_BASE)/target/usr/h/wrn/coreip"), - sys_id => "VXWORKS", - lflags => add("-L \$(WIND_BASE)/target/usr/lib/ppc/PPC32/common"), - ex_libs => add("-Wl,--defsym,__wrs_rtp_base=0xe0000000"), - }, - "vxworks-ppcgen" => { - inherit_from => [ "BASE_unix" ], - CC => "ccppc", - CFLAGS => "-O1 -Wall", - cflags => "-mrtp -msoft-float -mstrict-align -fno-builtin -fno-strict-aliasing", - cppflags => combine("-D_REENTRANT -DPPC32 -DCPU=PPC32", - "-DTOOL_FAMILY=gnu -DTOOL=gnu", - "-I\$(WIND_BASE)/target/usr/h", - "-I\$(WIND_BASE)/target/usr/h/wrn/coreip"), - sys_id => "VXWORKS", - lflags => add("-L \$(WIND_BASE)/target/usr/lib/ppc/PPC32/sfcommon"), - ex_libs => add("-Wl,--defsym,__wrs_rtp_base=0xe0000000"), - }, - "vxworks-ppc405" => { - inherit_from => [ "BASE_unix" ], - CC => "ccppc", - CFLAGS => "-g", - cflags => "-msoft-float -mlongcall", - cppflags => combine("-D_REENTRANT -DPPC32 -DCPU=PPC405", - "-DTOOL_FAMILY=gnu -DTOOL=gnu", - "-I\$(WIND_BASE)/target/h"), - sys_id => "VXWORKS", - lflags => add("-r"), - }, - "vxworks-ppc750" => { - inherit_from => [ "BASE_unix" ], - CC => "ccppc", - CFLAGS => "-ansi -fvolatile -Wall \$(DEBUG_FLAG)", - cflags => "-nostdinc -fno-builtin -fno-for-scope -fsigned-char -msoft-float -mlongcall", - cppflags => combine("-DPPC750 -D_REENTRANT -DCPU=PPC604", - "-I\$(WIND_BASE)/target/h"), - sys_id => "VXWORKS", - lflags => add("-r"), - }, - "vxworks-ppc750-debug" => { - inherit_from => [ "BASE_unix" ], - CC => "ccppc", - CFLAGS => "-ansi -fvolatile -Wall -g", - cflags => "-nostdinc -fno-builtin -fno-for-scope -fsigned-char -msoft-float -mlongcall", - cppflags => combine("-DPPC750 -D_REENTRANT -DCPU=PPC604", - "-DPEDANTIC -DDEBUG", - "-I\$(WIND_BASE)/target/h"), - sys_id => "VXWORKS", - lflags => add("-r"), - }, - "vxworks-ppc860" => { - inherit_from => [ "BASE_unix" ], - CC => "ccppc", - cflags => "-nostdinc -msoft-float", - cppflags => combine("-DCPU=PPC860 -DNO_STRINGS_H", - "-I\$(WIND_BASE)/target/h"), - sys_id => "VXWORKS", - lflags => add("-r"), - }, - "vxworks-simlinux" => { - inherit_from => [ "BASE_unix" ], - CC => "ccpentium", - cflags => "-B\$(WIND_BASE)/host/\$(WIND_HOST_TYPE)/lib/gcc-lib/ -fno-builtin -fno-defer-pop", - cppflags => combine("-D_VSB_CONFIG_FILE=\"\$(WIND_BASE)/target/lib/h/config/vsbConfig.h\"", - "-DL_ENDIAN -DCPU=SIMLINUX -DNO_STRINGS_H", - "-DTOOL_FAMILY=gnu -DTOOL=gnu", - "-DOPENSSL_NO_HW_PADLOCK", - "-I\$(WIND_BASE)/target/h", - "-I\$(WIND_BASE)/target/h/wrn/coreip"), - sys_id => "VXWORKS", - lflags => add("-r"), - ranlib => "ranlibpentium", - }, - "vxworks-mips" => { - inherit_from => [ "BASE_unix" ], - CC => "ccmips", - CFLAGS => "-O -G 0", - cflags => "-mrtp -mips2 -B\$(WIND_BASE)/host/\$(WIND_HOST_TYPE)/lib/gcc-lib/ -msoft-float -mno-branch-likely -fno-builtin -fno-defer-pop", - cppflags => combine("-D_VSB_CONFIG_FILE=\"\$(WIND_BASE)/target/lib/h/config/vsbConfig.h\"", - "-DCPU=MIPS32 -DNO_STRINGS_H", - "-DTOOL_FAMILY=gnu -DTOOL=gnu", - "-DOPENSSL_NO_HW_PADLOCK", - threads("-D_REENTRANT"), - "-I\$(WIND_BASE)/target/h", - "-I\$(WIND_BASE)/target/h/wrn/coreip"), - sys_id => "VXWORKS", - lflags => add("-L \$(WIND_BASE)/target/usr/lib/mips/MIPSI32/sfcommon"), - ex_libs => add("-Wl,--defsym,__wrs_rtp_base=0xe0000000"), - thread_scheme => "pthreads", - asm_arch => 'mips32', - perlasm_scheme => "o32", - ranlib => "ranlibmips", - }, - -#### uClinux - "uClinux-dist" => { - inherit_from => [ "BASE_unix" ], - CC => sub { env('CC') }, - cppflags => threads("-D_REENTRANT"), - ex_libs => add("\$(LDLIBS)"), - bn_ops => "BN_LLONG", - thread_scheme => "pthreads", - dso_scheme => sub { env('LIBSSL_dlfcn') }, - shared_target => "linux-shared", - shared_cflag => "-fPIC", - ranlib => sub { env('RANLIB') }, - }, - "uClinux-dist64" => { - inherit_from => [ "BASE_unix" ], - CC => sub { env('CC') }, - cppflags => threads("-D_REENTRANT"), - ex_libs => add("\$(LDLIBS)"), - bn_ops => "SIXTY_FOUR_BIT_LONG", - thread_scheme => "pthreads", - dso_scheme => sub { env('LIBSSL_dlfcn') }, - shared_target => "linux-shared", - shared_cflag => "-fPIC", - ranlib => sub { env('RANLIB') }, - }, - - ##### VMS - # Most things happen in vms-generic. - # Note that vms_info extracts the pointer size from the end of - # the target name, and will assume that anything matching /-p\d+$/ - # indicates the pointer size setting for the desired target. - "vms-generic" => { - inherit_from => [ "BASE_VMS" ], - template => 1, - CC => "CC/DECC", - CPP => '$(CC)/PREPROCESS_ONLY=SYS$OUTPUT:', - CFLAGS => - combine(picker(default => "/STANDARD=(ISOC94,RELAXED)/NOLIST/PREFIX=ALL", - debug => "/NOOPTIMIZE/DEBUG", - release => "/OPTIMIZE/NODEBUG"), - sub { my @warnings = - @{vms_info()->{disable_warns}}; - @warnings - ? "/WARNINGS=DISABLE=(".join(",",@warnings).")" : (); }), - cflag_incfirst => '/FIRST_INCLUDE=', - lib_defines => - add("OPENSSL_USE_NODELETE", - sub { - return vms_info()->{def_zlib} - ? "LIBZ=\"\"\"".vms_info()->{def_zlib}."\"\"\"" : (); - }), - lflags => picker(default => "/MAP='F\$PARSE(\".MAP\",\"\$\@\")'", - debug => "/DEBUG/TRACEBACK", - release => "/NODEBUG/NOTRACEBACK"), - # Because of dso_cflags below, we can't set the generic |cflags| here, - # as it can't be overridden, so we set separate C flags for libraries - # and binaries instead. - bin_cflags => add("/NAMES=(AS_IS,SHORTENED)/EXTERN_MODEL=STRICT_REFDEF"), - lib_cflags => add("/NAMES=(AS_IS,SHORTENED)/EXTERN_MODEL=STRICT_REFDEF"), - # Strictly speaking, DSOs should not need to have name shortening, - # as all their exported symbols should be short enough to fit the - # linker's 31 character per symbol name limit. However, providers - # may be composed of more than one object file, and internal symbols - # may and do surpass the 31 character limit. - dso_cflags => add("/NAMES=(SHORTENED)"), - ex_libs => add(sub { return vms_info()->{zlib} || (); }), - shared_target => "vms-shared", - # def_flag made to empty string so a .opt file gets generated - shared_defflag => '', - dso_scheme => "vms", - thread_scheme => "pthreads", - - makedep_scheme => 'VMS C', - AS => sub { vms_info()->{AS} }, - ASFLAGS => sub { vms_info()->{ASFLAGS} }, - asoutflag => sub { vms_info()->{asoutflag} }, - asflags => sub { vms_info()->{asflags} }, - perlasm_scheme => sub { vms_info()->{perlasm_scheme} }, - - disable => add('pinshared', 'loadereng'), - - }, - - # From HELP CC/POINTER_SIZE: - # - # ---------- - # LONG[=ARGV] The compiler assumes 64-bit pointers. If the ARGV option to - # LONG or 64 is present, the main argument argv will be an - # array of long pointers instead of an array of short pointers. - # - # 64[=ARGV] Same as LONG. - # ---------- - # - # We don't want the hassle of dealing with 32-bit pointers with argv, so - # we force it to have 64-bit pointers, see the added cflags in the -p64 - # config targets below. - - "vms-alpha" => { - inherit_from => [ "vms-generic" ], - bn_ops => "SIXTY_FOUR_BIT RC4_INT", - pointer_size => "", - }, - "vms-alpha-p32" => { - inherit_from => [ "vms-alpha" ], - cflags => add("/POINTER_SIZE=32"), - pointer_size => "32", - }, - "vms-alpha-p64" => { - inherit_from => [ "vms-alpha" ], - cflags => add("/POINTER_SIZE=64=ARGV"), - pointer_size => "64", - }, - "vms-ia64" => { - inherit_from => [ "vms-generic" ], - bn_ops => "SIXTY_FOUR_BIT RC4_INT", - asm_arch => sub { vms_info()->{AS} ? 'ia64' : undef }, - perlasm_scheme => 'ias', - pointer_size => "", - - }, - "vms-ia64-p32" => { - inherit_from => [ "vms-ia64" ], - cflags => add("/POINTER_SIZE=32"), - pointer_size => "32", - }, - "vms-ia64-p64" => { - inherit_from => [ "vms-ia64" ], - cflags => add("/POINTER_SIZE=64=ARGV"), - pointer_size => "64", - }, - -); diff --git a/Configurations/15-android.conf b/Configurations/15-android.conf deleted file mode 100644 index 41ad9223e0945d65ecffc82e0e5c31fd130fd0fe..0000000000000000000000000000000000000000 --- a/Configurations/15-android.conf +++ /dev/null @@ -1,291 +0,0 @@ -#### Android... -# -# See NOTES-Android.md for details, and don't miss platform-specific -# comments below... - -{ - use File::Spec::Functions; - - my $android_ndk = {}; - my %triplet = ( - arm => "arm-linux-androideabi", - arm64 => "aarch64-linux-android", - mips => "mipsel-linux-android", - mips64 => "mips64el-linux-android", - x86 => "i686-linux-android", - x86_64 => "x86_64-linux-android", - ); - - sub android_ndk { - unless (%$android_ndk) { - if ($now_printing =~ m|^android|) { - return $android_ndk = { bn_ops => "BN_AUTO" }; - } - - my $ndk_var; - my $ndk; - foreach (qw(ANDROID_NDK_ROOT ANDROID_NDK)) { - $ndk_var = $_; - $ndk = $ENV{$ndk_var}; - last if defined $ndk; - } - die "\$ANDROID_NDK_ROOT is not defined" if (!$ndk); - my $is_standalone_toolchain = -f "$ndk/AndroidVersion.txt"; - my $ndk_src_props = "$ndk/source.properties"; - my $is_ndk = -f $ndk_src_props; - if ($is_ndk == $is_standalone_toolchain) { - die "\$ANDROID_NDK_ROOT=$ndk is invalid"; - } - $ndk = canonpath($ndk); - - my $ndkver = undef; - - if (open my $fh, "<$ndk_src_props") { - local $_; - while(<$fh>) { - if (m|Pkg\.Revision\s*=\s*([0-9]+)|) { - $ndkver = $1; - last; - } - } - close $fh; - } - - my ($sysroot, $api, $arch); - - $config{target} =~ m|[^-]+-([^-]+)$|; # split on dash - $arch = $1; - - if ($sysroot = $ENV{CROSS_SYSROOT}) { - $sysroot =~ m|/android-([0-9]+)/arch-(\w+)/?$|; - ($api, $arch) = ($1, $2); - } elsif ($is_standalone_toolchain) { - $sysroot = "$ndk/sysroot"; - } else { - $api = "*"; - - # see if user passed -D__ANDROID_API__=N - foreach (@{$useradd{CPPDEFINES}}, @{$user{CPPFLAGS}}) { - if (m|__ANDROID_API__=([0-9]+)|) { - $api = $1; - last; - } - } - - if (-d "$ndk/platforms") { - # list available platforms (numerically) - my @platforms = sort { $a =~ m/-([0-9]+)$/; my $aa = $1; - $b =~ m/-([0-9]+)$/; $aa <=> $1; - } glob("$ndk/platforms/android-$api"); - die "no $ndk/platforms/android-$api" if ($#platforms < 0); - - $sysroot = "@platforms[$#platforms]/arch-$arch"; - $sysroot =~ m|/android-([0-9]+)/arch-$arch|; - $api = $1; - } elsif ($api eq "*") { - # r22 Removed platforms dir, use this JSON file - my $path = "$ndk/meta/platforms.json"; - open my $fh, $path or die "Could not open '$path' $!"; - while (<$fh>) { - if (/"max": (\d+),/) { - $api = $1; - last; - } - } - close $fh; - } - die "Could not get default API Level" if ($api eq "*"); - } - die "no sysroot=$sysroot" if (length $sysroot && !-d $sysroot); - - my $triarch = $triplet{$arch}; - my $cflags; - my $cppflags; - - # see if there is NDK clang on $PATH, "universal" or "standalone" - if (which("clang") =~ m|^$ndk/.*/prebuilt/([^/]+)/|) { - my $host=$1; - # harmonize with gcc default - my $arm = $ndkver > 16 ? "armv7a" : "armv5te"; - (my $tridefault = $triarch) =~ s/^arm-/$arm-/; - (my $tritools = $triarch) =~ s/(?:x|i6)86(_64)?-.*/x86$1/; - if (length $sysroot) { - $cflags .= " -target $tridefault " - . "-gcc-toolchain \$($ndk_var)/toolchains" - . "/$tritools-4.9/prebuilt/$host"; - $user{CC} = "clang" if ($user{CC} !~ m|clang|); - } else { - $user{CC} = "$tridefault$api-clang"; - } - $user{CROSS_COMPILE} = undef; - if (which("llvm-ar") =~ m|^$ndk/.*/prebuilt/([^/]+)/|) { - $user{AR} = "llvm-ar"; - $user{ARFLAGS} = [ "rs" ]; - $user{RANLIB} = ":"; - } - } elsif ($is_standalone_toolchain) { - my $cc = $user{CC} // "clang"; - # One can probably argue that both clang and gcc should be - # probed, but support for "standalone toolchain" was added - # *after* announcement that gcc is being phased out, so - # favouring clang is considered adequate. Those who insist - # have option to enforce test for gcc with CC=gcc. - if (which("$triarch-$cc") !~ m|^$ndk|) { - die "no NDK $triarch-$cc on \$PATH"; - } - $user{CC} = $cc; - $user{CROSS_COMPILE} = "$triarch-"; - } elsif ($user{CC} eq "clang") { - die "no NDK clang on \$PATH"; - } else { - if (which("$triarch-gcc") !~ m|^$ndk/.*/prebuilt/([^/]+)/|) { - die "no NDK $triarch-gcc on \$PATH"; - } - $cflags .= " -mandroid"; - $user{CROSS_COMPILE} = "$triarch-"; - } - - if (length $sysroot) { - if (!-d "$sysroot/usr/include") { - my $incroot = "$ndk/sysroot/usr/include"; - die "no $incroot" if (!-d $incroot); - die "no $incroot/$triarch" if (!-d "$incroot/$triarch"); - $incroot =~ s|^$ndk/||; - $cppflags = "-D__ANDROID_API__=$api"; - $cppflags .= " -isystem \$($ndk_var)/$incroot/$triarch"; - $cppflags .= " -isystem \$($ndk_var)/$incroot"; - } - $sysroot =~ s|^$ndk/||; - $sysroot = " --sysroot=\$($ndk_var)/$sysroot"; - } - $android_ndk = { - cflags => $cflags . $sysroot, - cppflags => $cppflags, - bn_ops => $arch =~ m/64$/ ? "SIXTY_FOUR_BIT_LONG" - : "BN_LLONG", - }; - } - - return $android_ndk; - } -} - -my %targets = ( - "android" => { - inherit_from => [ "linux-generic32" ], - template => 1, - ################################################################ - # Special note about -pie. The underlying reason is that - # Lollipop refuses to run non-PIE. But what about older systems - # and NDKs? -fPIC was never problem, so the only concern is -pie. - # Older toolchains, e.g. r4, appear to handle it and binaries - # turn out mostly functional. "Mostly" means that oldest - # Androids, such as Froyo, fail to handle executable, but newer - # systems are perfectly capable of executing binaries targeting - # Froyo. Keep in mind that in the nutshell Android builds are - # about JNI, i.e. shared libraries, not applications. - cflags => add(sub { android_ndk()->{cflags} }), - cppflags => add(sub { android_ndk()->{cppflags} }), - cxxflags => add(sub { android_ndk()->{cflags} }), - bn_ops => sub { android_ndk()->{bn_ops} }, - bin_cflags => "-fPIE", - bin_lflags => "-pie", - enable => [ ], - shared_extension => ".so", - }, - "android-arm" => { - ################################################################ - # Contemporary Android applications can provide multiple JNI - # providers in .apk, targeting multiple architectures. Among - # them there is "place" for two ARM flavours: generic eabi and - # armv7-a/hard-float. However, it should be noted that OpenSSL's - # ability to engage NEON is not constrained by ABI choice, nor - # is your ability to call OpenSSL from your application code - # compiled with floating-point ABI other than default 'soft'. - # (Latter thanks to __attribute__((pcs("aapcs"))) declaration.) - # This means that choice of ARM libraries you provide in .apk - # is driven by application needs. For example if application - # itself benefits from NEON or is floating-point intensive, then - # it might be appropriate to provide both libraries. Otherwise - # just generic eabi would do. But in latter case it would be - # appropriate to - # - # ./Configure android-arm -D__ARM_MAX_ARCH__=8 - # - # in order to build "universal" binary and allow OpenSSL take - # advantage of NEON when it's available. - # - # Keep in mind that (just like with linux-armv4) we rely on - # compiler defaults, which is not necessarily what you had - # in mind, in which case you would have to pass additional - # -march and/or -mfloat-abi flags. NDK defaults to armv5te. - # Newer NDK versions reportedly require additional -latomic. - # - inherit_from => [ "android" ], - bn_ops => add("RC4_CHAR"), - asm_arch => 'armv4', - perlasm_scheme => "void", - }, - "android-arm64" => { - inherit_from => [ "android" ], - bn_ops => add("RC4_CHAR"), - asm_arch => 'aarch64', - perlasm_scheme => "linux64", - }, - - "android-mips" => { - inherit_from => [ "android" ], - bn_ops => add("RC4_CHAR"), - asm_arch => 'mips32', - perlasm_scheme => "o32", - }, - "android-mips64" => { - ################################################################ - # You are more than likely have to specify target processor - # on ./Configure command line. Trouble is that toolchain's - # default is MIPS64r6 (at least in r10d), but there are no - # such processors around (or they are too rare to spot one). - # Actual problem is that MIPS64r6 is binary incompatible - # with previous MIPS ISA versions, in sense that unlike - # prior versions original MIPS binary code will fail. - # - inherit_from => [ "android" ], - bn_ops => add("RC4_CHAR"), - asm_arch => 'mips64', - perlasm_scheme => "64", - }, - - "android-x86" => { - inherit_from => [ "android" ], - CFLAGS => add(picker(release => "-fomit-frame-pointer")), - bn_ops => add("RC4_INT"), - asm_arch => 'x86', - perlasm_scheme => "android", - ex_libs => add(threads("-latomic")), - }, - "android-x86_64" => { - inherit_from => [ "android" ], - bn_ops => add("RC4_INT"), - asm_arch => 'x86_64', - perlasm_scheme => "elf", - }, - - #################################################################### - # Backward compatible targets, (might) require $CROSS_SYSROOT - # - "android-armeabi" => { - inherit_from => [ "android-arm" ], - }, - "android64" => { - inherit_from => [ "android" ], - }, - "android64-aarch64" => { - inherit_from => [ "android-arm64" ], - }, - "android64-x86_64" => { - inherit_from => [ "android-x86_64" ], - }, - "android64-mips64" => { - inherit_from => [ "android-mips64" ], - }, -); diff --git a/Configurations/15-ios.conf b/Configurations/15-ios.conf deleted file mode 100644 index 54d37f63f445d450ae767903da4d102328b0f142..0000000000000000000000000000000000000000 --- a/Configurations/15-ios.conf +++ /dev/null @@ -1,64 +0,0 @@ -#### iPhoneOS/iOS -# -# It takes recent enough Xcode to use following two targets. It shouldn't -# be a problem by now, but if they don't work, original targets below -# that depend on manual definition of environment variables should still -# work... -# -my %targets = ( - "ios-common" => { - template => 1, - inherit_from => [ "darwin-common" ], - sys_id => "iOS", - disable => [ "shared", "async" ], - }, - "ios-xcrun" => { - inherit_from => [ "ios-common" ], - # It should be possible to go below iOS 6 and even add -arch armv6, - # thus targeting iPhone pre-3GS, but it's assumed to be irrelevant - # at this point. - CC => "xcrun -sdk iphoneos cc", - cflags => add("-arch armv7 -mios-version-min=6.0.0 -fno-common"), - asm_arch => 'armv4', - perlasm_scheme => "ios32", - }, - "ios64-xcrun" => { - inherit_from => [ "ios-common" ], - CC => "xcrun -sdk iphoneos cc", - cflags => add("-arch arm64 -mios-version-min=7.0.0 -fno-common"), - bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHAR", - asm_arch => 'aarch64', - perlasm_scheme => "ios64", - }, - "iossimulator-xcrun" => { - inherit_from => [ "ios-common" ], - CC => "xcrun -sdk iphonesimulator cc", - }, -# It takes three prior-set environment variables to make it work: -# -# CROSS_COMPILE=/where/toolchain/is/usr/bin/ [note ending slash] -# CROSS_TOP=/where/SDKs/are -# CROSS_SDK=iPhoneOSx.y.sdk -# -# Exact paths vary with Xcode releases, but for couple of last ones -# they would look like this: -# -# CROSS_COMPILE=`xcode-select --print-path`/Toolchains/XcodeDefault.xctoolchain/usr/bin/ -# CROSS_TOP=`xcode-select --print-path`/Platforms/iPhoneOS.platform/Developer -# CROSS_SDK=iPhoneOS.sdk -# - "iphoneos-cross" => { - inherit_from => [ "ios-common" ], - cflags => add("-isysroot \$(CROSS_TOP)/SDKs/\$(CROSS_SDK) -fno-common"), - }, - "ios-cross" => { - inherit_from => [ "ios-xcrun" ], - CC => "cc", - cflags => add("-isysroot \$(CROSS_TOP)/SDKs/\$(CROSS_SDK)"), - }, - "ios64-cross" => { - inherit_from => [ "ios64-xcrun" ], - CC => "cc", - cflags => add("-isysroot \$(CROSS_TOP)/SDKs/\$(CROSS_SDK)"), - }, -); diff --git a/Configurations/50-cppbuilder.conf b/Configurations/50-cppbuilder.conf deleted file mode 100644 index f19928cb03a25dbfb83a43b2b19ef941d133ce01..0000000000000000000000000000000000000000 --- a/Configurations/50-cppbuilder.conf +++ /dev/null @@ -1,62 +0,0 @@ -my %targets = ( - "BC-32" => { - inherit_from => [ "BASE_Windows" ], - sys_id => "WIN32", - bn_ops => "BN_LLONG", - thread_scheme => "winthreads", - cc => "bcc32c", - CPP => "cpp32 -oCON -Sc -Sr", - defines => add("WIN32_LEAN_AND_MEAN", "OPENSSL_SYS_WIN32", - "L_ENDIAN", "DSO_WIN32", "_stricmp=stricmp", - "_strnicmp=strnicmp", "_malloca=malloc", - "_freea=free", "_setmode=setmode"), - cflags => picker(default => add("-q -c", - threads("-tM"), - shared("-tR")), - debug => "-Od -v -vi- -D_DEBUG", - release => "-O2"), - bin_cflags => "-tWC", - lib_cflags => shared("-tWD -D_WINDLL -D_DLL"), - coutflag => "-o", - - # -Sx isn't documented, but 'cpp32 -H -S' explains it: - # - # -Sx Omit preprocessed text in output - makedepcmd => "cpp32 -oCON -Sx -Hp", - makedep_scheme => "embarcadero", - - LD => "ilink32", - LDFLAGS => picker(default => "-x -Gn -q -w-dup", - debug => '-j"$(BDS)\lib\win32c\debug" ' . - '-L"$(BDS)\lib\win32c\debug" -v', - release => '-j"$(BDS)\lib\win32c\release" ' . - '-L"$(BDS)\lib\win32c\release"'), - bin_lflags => "-ap -Tpe c0x32.obj wildargs.obj", - ldoutflag => ",", - ldpostoutflag => ",,", - ld_resp_delim => " +\n", - ex_libs => add(sub { - my @ex_libs = ("import32.lib", - ($disabled{shared} - ? ($disabled{threads} ? "cw32.lib" : "cw32mt.lib") - : ($disabled{threads} ? "cw32i.lib" : "cw32mti.lib"))); - push @ex_libs, "ws2_32.lib" unless $disabled{sock}; - return join(" ", @ex_libs); - }), - AR => "tlib", - ARFLAGS => "/P256 /N /u", - ar_resp_delim => " &\n", - RC => "brcc32", - RCFLAGS => '-i"$(BDS)\include\windows\sdk"', - rcoutflag => "-fo", - shared_target => "win-shared", - shared_ldflag => "-aa -Tpd c0d32.obj", - lddefflag => ",", - ldresflag => ",", - ld_implib_rule => 'implib -a $< $**', - dso_scheme => "win32", - shared_defflag => '', - perl_platform => 'Windows::cppbuilder', - uplink_arch => 'common', - } -); diff --git a/Configurations/50-djgpp.conf b/Configurations/50-djgpp.conf deleted file mode 100644 index fbe4911c420d68307940d9cc0ceda7857383b8a3..0000000000000000000000000000000000000000 --- a/Configurations/50-djgpp.conf +++ /dev/null @@ -1,18 +0,0 @@ -# We can't make any commitment to support the DJGPP platform, -# and rely entirely on the OpenSSL community to help is fine -# tune and test. - -my %targets = ( - "DJGPP" => { - inherit_from => [ "BASE_unix" ], - CC => "gcc", - CFLAGS => "-fomit-frame-pointer -O2 -Wall", - cflags => "-I/dev/env/WATT_ROOT/inc -DTERMIOS -DL_ENDIAN", - sys_id => "MSDOS", - lflags => add("-L/dev/env/WATT_ROOT/lib"), - ex_libs => add("-lwatt"), - bn_ops => "BN_LLONG", - asm_arch => 'x86', - perlasm_scheme => "a.out", - }, -); diff --git a/Configurations/50-haiku.conf b/Configurations/50-haiku.conf deleted file mode 100644 index 4580e71a3eb5e1c5ee1271bf7fa7d96f555784a8..0000000000000000000000000000000000000000 --- a/Configurations/50-haiku.conf +++ /dev/null @@ -1,35 +0,0 @@ -my %targets = ( - "haiku-common" => { - template => 1, - CC => "cc", - CFLAGS => add_before(picker(default => "-Wall", - debug => "-g -O0", - release => "-O2")), - cflags => add_before("-DL_ENDIAN -include \$(SRCDIR)/os-dep/haiku.h", - threads("-D_REENTRANT")), - AR => "ar", - ARFLAGS => "qc", - HASHBANGPERL => "/bin/env perl", - sys_id => "HAIKU", - ex_libs => "-lnetwork", - perlasm_scheme => "elf", - thread_scheme => "pthreads", - dso_scheme => "dlfcn", - shared_target => "gnu-shared", - shared_cflag => "-fPIC", - shared_ldflag => "-shared", - perl_platform => 'Unix', - }, - "haiku-x86" => { - inherit_from => [ "haiku-common" ], - CFLAGS => add(picker(release => "-fomit-frame-pointer")), - bn_ops => "BN_LLONG", - asm_arch => 'x86', - perlasm_scheme => 'elf', - }, - "haiku-x86_64" => { - inherit_from => [ "haiku-common" ], - cflags => add("-m64"), - bn_ops => "SIXTY_FOUR_BIT_LONG", - }, -); diff --git a/Configurations/50-masm.conf b/Configurations/50-masm.conf deleted file mode 100644 index 587a1e70e8ea397a2e56b144b8cfea2c9876db3b..0000000000000000000000000000000000000000 --- a/Configurations/50-masm.conf +++ /dev/null @@ -1,22 +0,0 @@ -# We can't make commitment to supporting Microsoft assembler, -# because it would mean supporting all masm versions. This in -# in turn is because masm is not really an interchangeable option, -# while users tend to have reasons to stick with specific Visual -# Studio versions. It's usually lesser hassle to make it work -# with latest assembler, but tweaking for older versions had -# proven to be daunting task. This is experimental target, for -# production builds stick with [up-to-date version of] nasm. - -my %targets = ( - "VC-WIN64A-masm" => { - inherit_from => [ "VC-WIN64-common" ], - AS => "ml64", - ASFLAGS => "/nologo /Zi", - asoutflag => "/Fo", - asflags => "/c /Cp /Cx", - sys_id => "WIN64A", - uplink_arch => 'x86_64', - asm_arch => 'x86_64', - perlasm_scheme => "masm", - }, -); diff --git a/Configurations/50-nonstop.conf b/Configurations/50-nonstop.conf deleted file mode 100644 index ed3fe828b318d0a90072573154cf3f3a2fc7b0e5..0000000000000000000000000000000000000000 --- a/Configurations/50-nonstop.conf +++ /dev/null @@ -1,315 +0,0 @@ -#### Nonstop configurations - # Common for all - 'nonstop-common' => { - inherit_from => [ 'BASE_unix' ], - template => 1, - cc => 'c99', - cflags => add_before(picker(debug => '-g -O0', - release => '-g -O2'), - '-Wextensions', - '-Wnowarn=203,220,272,734,770,1506', - '-Wbuild_neutral_library', - '-Wverbose'), - defines => add('OPENSSL_VPROC=$(OPENSSL_VPROC)', - '_XOPEN_SOURCE', - '_XOPEN_SOURCE_EXTENDED=1', - '_TANDEM_SOURCE', - 'B_ENDIAN'), - perl => '/usr/bin/perl', - shared_target => 'nonstop-shared', - shared_extension => ".so", - ex_libs => add('-lrld'), - enable => ['egd'], - dso_scheme => 'DLFCN', - sys_id => 'TANDEM', - }, - - ###################################################################### - # Additional variant settings, to be combined with nonstop-common - # Note that these do not inherit anything. However, the diverse values - # are merged with other entries in an 'inherit_from'. - # - # These combine: - # - System architecture (MIPS, Itanium, or x86) - # - Execution environment (oss [default] or guardian) - # - # Unfortunately, they can't be separated into independent templates, because - # a number of the above are encoded as different linkers, and by consequence, - # different c99 linker flags (-Wld, -Weld, and -Wxld) - # - # In addition, the are modifiers for: - # - Size of long + pointer (ilp32 [default] and lp64) - # - Float type (neutral and tandem) - # - # Unfortunately, because the float types affect the linker settings, those - # are divided per system architecture - # - # MIPS + guardian (unused but present for convenience): - 'nonstop-archenv-mips-guardian' => { - template => 1, - defines => ['NO_GETPID'], - cflags => '-Wtarget=tns/r -Wsystype=guardian', - lflags => '-Wld="-set systype guardian"', - shared_ldflag => '-Wshared -Wld="-soname $(@:lib%.so=%)"', - shared_defflag => '-Wld_obey=', - shared_argfileflag => '-Wld_obey=', - }, - - # Itanium + guardian: - 'nonstop-archenv-itanium-guardian' => { - template => 1, - defines => ['NO_GETPID', '_TANDEM_ARCH=2'], - cflags => '-Wtarget=tns/e -Wsystype=guardian', - lflags => '-Weld="-set systype guardian"', - shared_ldflag => '-Wshared -Weld="-soname $(@:lib%.so=%)"', - shared_defflag => '-Weld_obey=', - shared_argfileflag => '-Weld_obey=', - }, - - # x86 + guardian: - 'nonstop-archenv-x86_64-guardian' => { - template => 1, - defines => ['NO_GETPID', '_TANDEM_ARCH=3'], - cflags => '-Wtarget=tns/x -Wsystype=guardian', - lflags => '-Wxld="-set systype guardian"', - shared_ldflag => '-Wshared -Wxld="-soname $(@:lib%.so=%)"', - shared_defflag => '-Wxld_obey=', - shared_argfileflag => '-Wxld_obey=', - }, - - # MIPS + oss (unused but present for convenience): - 'nonstop-archenv-mips-oss' => { - template => 1, - cflags => '-Wtarget=tns/r -Wsystype=oss', - lflags => '-Wld="-set systype oss"', - shared_ldflag => '-Wshared', - shared_defflag => '-Wld_obey=', - shared_argfileflag => '-Wld_obey=', - }, - # Itanium + oss: - 'nonstop-archenv-itanium-oss' => { - template => 1, - defines => ['_TANDEM_ARCH=2'], - cflags => '-Wtarget=tns/e -Wsystype=oss', - lflags => '-Weld="-set systype oss"', - shared_ldflag => '-Wshared', - shared_defflag => '-Weld_obey=', - shared_argfileflag => '-Weld_obey=', - }, - # x86_64 + oss: - 'nonstop-archenv-x86_64-oss' => { - template => 1, - defines => ['_TANDEM_ARCH=3'], - cflags => '-Wtarget=tns/x -Wsystype=oss', - lflags => '-Wxld="-set systype oss"', - shared_ldflag => '-Wshared', - shared_defflag => '-Wxld_obey=', - shared_argfileflag => '-Wxld_obey=', - }, - - # Size variants - 'nonstop-ilp32' => { - template => 1, - cflags => '-Wilp32', - bn_ops => 'THIRTY_TWO_BIT', - }, - 'nonstop-lp64-itanium' => { - template => 1, - cflags => '-Wlp64', - bn_ops => 'SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR', - }, - 'nonstop-lp64-x86_64' => { - template => 1, - cflags => '-Wlp64', - lflags => '-Wxld="-set data_model lp64"', - bn_ops => 'SIXTY_FOUR_BIT', - }, - - # Float variants - 'nonstop-nfloat-mips' => { - template => 1, - lflags => '-Wld="-set floattype neutral_float"', - }, - 'nonstop-tfloat-mips' => { - template => 1, - lflags => '-Wld="-set floattype tandem_float"', - }, - 'nonstop-efloat-itanium' => { - template => 1, - cflags => '-WIEEE_float', - lflags => '-Weld="-set floattype ieee_float"', - }, - 'nonstop-nfloat-itanium' => { - template => 1, - lflags => '-Weld="-set floattype neutral_float"', - }, - 'nonstop-tfloat-itanium' => { - template => 1, - cflags => '-WTandem_float', - lflags => '-Weld="-set floattype tandem_float"', - }, - 'nonstop-efloat-x86_64' => { - template => 1, - cflags => '-WIEEE_float', - lflags => '-Wxld="-set floattype ieee_float"', - }, - 'nonstop-nfloat-x86_64' => { - template => 1, - lflags => '-Wxld="-set floattype neutral_float"', - }, - 'nonstop-tfloat-x86_64' => { - template => 1, - cflags => '-WTandem_float', - lflags => '-Wxld="-set floattype tandem_float"', - }, - - ###################################################################### - # Build models - 'nonstop-model-put' => { - template => 1, - defines => ['_PUT_MODEL_', - '_REENTRANT', '_THREAD_SUPPORT_FUNCTIONS'], - ex_libs => '-lput', - }, - 'nonstop-model-spt' => { - template => 1, - defines => ['_SPT_MODEL_', - '_REENTRANT', '_ENABLE_FLOSS_THREADS'], - ex_libs => '-lspt', - }, - - # Additional floss model that can be combined with any of the other models. - # If used without any of the other models, the entry that does so must - # disable threads. - 'nonstop-model-floss' => { - template => 1, - defines => ['OPENSSL_TANDEM_FLOSS'], - includes => ['/usr/local/include'], - ex_libs => '-lfloss', - }, - - ###################################################################### - # Now for the entries themselves, let's combine things! - 'nonstop-nsx' => { - inherit_from => [ 'nonstop-common', - 'nonstop-archenv-x86_64-oss', - 'nonstop-ilp32', - 'nonstop-efloat-x86_64' ], - disable => ['threads'], - }, - 'nonstop-nsx_put' => { - inherit_from => [ 'nonstop-common', - 'nonstop-archenv-x86_64-oss', - 'nonstop-ilp32', - 'nonstop-efloat-x86_64', - 'nonstop-model-put' ], - multilib => '-put', - }, - 'nonstop-nsx_64' => { - inherit_from => [ 'nonstop-common', - 'nonstop-archenv-x86_64-oss', - 'nonstop-lp64-x86_64', - 'nonstop-efloat-x86_64' ], - multilib => '64', - disable => ['threads'], - }, - 'nonstop-nsx_64_put' => { - inherit_from => [ 'nonstop-common', - 'nonstop-archenv-x86_64-oss', - 'nonstop-lp64-x86_64', - 'nonstop-efloat-x86_64', - 'nonstop-model-put' ], - multilib => '64-put', - }, - 'nonstop-nsx_spt' => { - inherit_from => [ 'nonstop-common', - 'nonstop-archenv-x86_64-oss', - 'nonstop-ilp32', - 'nonstop-efloat-x86_64', - 'nonstop-model-spt' ], - multilib => '-spt', - }, - 'nonstop-nsx_spt_floss' => { - inherit_from => [ 'nonstop-common', - 'nonstop-archenv-x86_64-oss', - 'nonstop-ilp32', - 'nonstop-efloat-x86_64', - 'nonstop-model-floss', - 'nonstop-model-spt'], - multilib => '-spt', - }, - 'nonstop-nsx_g' => { - inherit_from => [ 'nonstop-common', - 'nonstop-archenv-x86_64-guardian', - 'nonstop-ilp32', 'nonstop-nfloat-x86_64' ], - disable => ['threads'], - }, - 'nonstop-nsx_g_tandem' => { - inherit_from => [ 'nonstop-common', - 'nonstop-archenv-x86_64-guardian', - 'nonstop-ilp32', 'nonstop-tfloat-x86_64' ], - disable => ['threads'], - }, - 'nonstop-nsv' => { - inherit_from => [ 'nonstop-nsx' ], - }, - 'nonstop-nse' => { - inherit_from => [ 'nonstop-common', - 'nonstop-archenv-itanium-oss', - 'nonstop-ilp32', - 'nonstop-efloat-itanium' ], - disable => ['threads'], - }, - 'nonstop-nse_put' => { - inherit_from => [ 'nonstop-common', - 'nonstop-archenv-itanium-oss', - 'nonstop-ilp32', - 'nonstop-efloat-itanium', - 'nonstop-model-put' ], - multilib => '-put', - }, - 'nonstop-nse_64' => { - inherit_from => [ 'nonstop-common', - 'nonstop-archenv-itanium-oss', - 'nonstop-lp64-itanium', - 'nonstop-efloat-itanium' ], - multilib => '64', - disable => ['threads'], - }, - 'nonstop-nse_64_put' => { - inherit_from => [ 'nonstop-common', - 'nonstop-archenv-itanium-oss', - 'nonstop-lp64-itanium', - 'nonstop-efloat-itanium', - 'nonstop-model-put' ], - multilib => '64-put', - }, - 'nonstop-nse_spt' => { - inherit_from => [ 'nonstop-common', - 'nonstop-archenv-itanium-oss', - 'nonstop-ilp32', - 'nonstop-efloat-itanium', - 'nonstop-model-spt' ], - multilib => '-spt', - }, - 'nonstop-nse_spt_floss' => { - inherit_from => [ 'nonstop-common', - 'nonstop-archenv-itanium-oss', - 'nonstop-ilp32', - 'nonstop-efloat-itanium', - 'nonstop-model-floss', 'nonstop-model-spt' ], - multilib => '-spt', - }, - 'nonstop-nse_g' => { - inherit_from => [ 'nonstop-common', - 'nonstop-archenv-itanium-guardian', - 'nonstop-ilp32', 'nonstop-nfloat-itanium' ], - disable => ['threads'], - }, - - 'nonstop-nse_g_tandem' => { - inherit_from => [ 'nonstop-common', - 'nonstop-archenv-itanium-guardian', - 'nonstop-ilp32', 'nonstop-tfloat-itanium' ], - disable => ['threads'], - }, diff --git a/Configurations/50-os390.conf b/Configurations/50-os390.conf deleted file mode 100644 index 6e86cb64fe34df1e0024db1d98cd6f0515e282a4..0000000000000000000000000000000000000000 --- a/Configurations/50-os390.conf +++ /dev/null @@ -1,11 +0,0 @@ -## -*- mode: perl; -*- -( -# OS/390 Unix an EBCDIC-based Unix system on IBM mainframe - "OS390-Unix" => { - inherit_from => [ "BASE_unix" ], - cc => "cc", - cflags => "-O -DB_ENDIAN -DCHARSET_EBCDIC", - bn_ops => "THIRTY_TWO_BIT RC4_CHAR", - thread_scheme => "(unknown)", - } -); diff --git a/Configurations/50-vms-x86_64.conf b/Configurations/50-vms-x86_64.conf deleted file mode 100644 index ef6bd7b62c36a0c450621d329e85a04a97686b21..0000000000000000000000000000000000000000 --- a/Configurations/50-vms-x86_64.conf +++ /dev/null @@ -1,20 +0,0 @@ -## -*- mode: perl; -*- - -# OpenVMS for x86_64 is currently out on a field test. A native C compiler -# is currently not available, but there are cross-compilation tools for -# OpenVMS for Itanium. This configuration file holds the necessary target(s) -# to make that useful. -# -# The assumption is that *building* is done on Itanium, and then the source -# tree and build tree are transferred to x86_64, where tests can be performed, -# and installation can be done. - -( - 'vms-x86_64' => { - inherit_from => [ 'vms-generic' ], - CC => 'XCC', - bn_ops => 'SIXTY_FOUR_BIT', - pointer_size => '', - setup_commands => [ '@SYS$MANAGER:X86_XTOOLS$SYLOGIN.COM' ], - } -); diff --git a/Configurations/50-win-onecore.conf b/Configurations/50-win-onecore.conf deleted file mode 100644 index efa2c837bcba0917f544c0ddab6b1fdc84c6eff8..0000000000000000000000000000000000000000 --- a/Configurations/50-win-onecore.conf +++ /dev/null @@ -1,138 +0,0 @@ -## -*- mode: perl; -*- -# Windows OneCore targets. -# -# OneCore is new API stability "contract" that transcends Desktop, IoT and -# Mobile[?] Windows editions. It's a set up "umbrella" libraries that -# export subset of Win32 API that are common to all Windows 10 devices. -# -# OneCore Configuration temporarily dedicated for console applications -# due to disabled event logging, which is incompatible with one core. -# Error messages are provided via standard error only. -# TODO: extend error handling to use ETW based eventing -# (Or rework whole error messaging) - -my $UWP_info = {}; -sub UWP_info { - unless (%$UWP_info) { - my $SDKver = `powershell -Command \"& {\$(Get-Item \\\"hklm:\\SOFTWARE\\WOW6432Node\\Microsoft\\Microsoft SDKs\\Windows\\\").GetValue(\\\"CurrentVersion\\\")}\"`; - $SDKver =~ s|\R$||; - my @SDKver_split = split(/\./, $SDKver); - # SDK version older than 10.0.17763 don't support our ASM builds - if ($SDKver_split[0] < 10 - || ($SDKver_split[0] == 10 - && $SDKver_split[1] == 0 - && $SDKver_split[2] < 17763)) { - $UWP_info->{disable} = [ 'asm' ]; - } else { - $UWP_info->{disable} = [ ]; - } - } - return $UWP_info; -} - -my %targets = ( - "VC-WIN32-ONECORE" => { - inherit_from => [ "VC-WIN32" ], - # /NODEFAULTLIB:kernel32.lib is needed, because MSVCRT.LIB has - # hidden reference to kernel32.lib, but we don't actually want - # it in "onecore" build. - # /APPCONTAINER is needed for Universal Windows Platform compat - lflags => add("/NODEFAULTLIB:kernel32.lib /APPCONTAINER"), - defines => add("OPENSSL_SYS_WIN_CORE"), - ex_libs => "onecore.lib", - }, - "VC-WIN64A-ONECORE" => { - inherit_from => [ "VC-WIN64A" ], - lflags => add("/NODEFAULTLIB:kernel32.lib /APPCONTAINER"), - defines => add("OPENSSL_SYS_WIN_CORE"), - ex_libs => "onecore.lib", - }, - - # Windows on ARM targets. ARM compilers are additional components in - # VS2017, i.e. they are not installed by default. And when installed, - # there are no "ARM Tool Command Prompt"s on Start menu, you have - # to locate vcvarsall.bat and act accordingly. VC-WIN32-ARM has - # received limited testing with evp_test.exe on Windows 10 IoT Core, - # but not VC-WIN64-ARM, no hardware... In other words they are not - # actually supported... - # - # Another thing to keep in mind [in cross-compilation scenario such - # as this one] is that target's file system has nothing to do with - # compilation system's one. This means that you're are likely to use - # --prefix and --openssldir with target-specific values. 'nmake install' - # step is effectively meaningless in cross-compilation case, though - # it might be useful to 'nmake install DESTDIR=S:\ome\where' where you - # can point Visual Studio to when compiling custom application code. - - "VC-WIN32-ARM" => { - inherit_from => [ "VC-noCE-common" ], - defines => add("_ARM_WINAPI_PARTITION_DESKTOP_SDK_AVAILABLE", - "OPENSSL_SYS_WIN_CORE"), - bn_ops => "BN_LLONG RC4_CHAR", - lflags => add("/NODEFAULTLIB:kernel32.lib /APPCONTAINER"), - ex_libs => "onecore.lib", - multilib => "-arm", - }, - "VC-WIN64-ARM" => { - inherit_from => [ "VC-noCE-common" ], - defines => add("_ARM_WINAPI_PARTITION_DESKTOP_SDK_AVAILABLE", - "OPENSSL_SYS_WIN_CORE"), - bn_ops => "SIXTY_FOUR_BIT RC4_CHAR", - lflags => add("/NODEFAULTLIB:kernel32.lib /APPCONTAINER"), - ex_libs => "onecore.lib", - multilib => "-arm64", - }, - - # Universal Windows Platform (UWP) App Support - - # TODO - # - # The 'disable' attribute should have 'uplink'. - # however, these are checked in some 'inherit_from', which is processed - # very early, before the 'disable' attributes are seen. - # This is a problem that needs to be resolved in Configure first. - # - # But if you want to build library with Windows 10 Version 1809 SDK or - # earlier, the 'disable' attribute should also have 'asm'. - - "VC-WIN32-UWP" => { - inherit_from => [ "VC-WIN32-ONECORE" ], - lflags => add("/APPCONTAINER"), - defines => add("WINAPI_FAMILY=WINAPI_FAMILY_APP", - "_WIN32_WINNT=0x0A00"), - dso_scheme => "", - disable => sub { [ 'ui-console', 'stdio', 'async', 'uplink', - @{ UWP_info()->{disable} } ] }, - ex_libs => "WindowsApp.lib", - }, - "VC-WIN64A-UWP" => { - inherit_from => [ "VC-WIN64A-ONECORE" ], - lflags => add("/APPCONTAINER"), - defines => add("WINAPI_FAMILY=WINAPI_FAMILY_APP", - "_WIN32_WINNT=0x0A00"), - dso_scheme => "", - disable => sub { [ 'ui-console', 'stdio', 'async', 'uplink', - @{ UWP_info()->{disable} } ] }, - ex_libs => "WindowsApp.lib", - }, - "VC-WIN32-ARM-UWP" => { - inherit_from => [ "VC-WIN32-ARM" ], - lflags => add("/APPCONTAINER"), - defines => add("WINAPI_FAMILY=WINAPI_FAMILY_APP", - "_WIN32_WINNT=0x0A00"), - dso_scheme => "", - disable => sub { [ 'ui-console', 'stdio', 'async', 'uplink', - @{ UWP_info()->{disable} } ] }, - ex_libs => "WindowsApp.lib", - }, - "VC-WIN64-ARM-UWP" => { - inherit_from => [ "VC-WIN64-ARM" ], - lflags => add("/APPCONTAINER"), - defines => add("WINAPI_FAMILY=WINAPI_FAMILY_APP", - "_WIN32_WINNT=0x0A00"), - dso_scheme => "", - disable => sub { [ 'ui-console', 'stdio', 'async', 'uplink', - @{ UWP_info()->{disable} } ] }, - ex_libs => "WindowsApp.lib", - }, -); diff --git a/Configurations/README-design.md b/Configurations/README-design.md deleted file mode 100644 index ef21a3ae28402836164f375b4c5d2cb5e9fdb21c..0000000000000000000000000000000000000000 --- a/Configurations/README-design.md +++ /dev/null @@ -1,604 +0,0 @@ -Design document for the unified scheme data -=========================================== - -How are things connected? -------------------------- - -The unified scheme takes all its data from the `build.info` files seen -throughout the source tree. These files hold the minimum information -needed to build end product files from diverse sources. See the -section on `build.info` files below. - -From the information in `build.info` files, `Configure` builds up an -information database as a hash table called `%unified_info`, which is -stored in configdata.pm, found at the top of the build tree (which may -or may not be the same as the source tree). - -[`Configurations/common.tmpl`](common.tmpl) uses the data from `%unified_info` to -generate the rules for building end product files as well as -intermediary files with the help of a few functions found in the -build-file templates. See the section on build-file templates further -down for more information. - -build.info files ----------------- - -As mentioned earlier, `build.info` files are meant to hold the minimum -information needed to build output files, and therefore only (with a -few possible exceptions [1]) have information about end products (such -as scripts, library files and programs) and source files (such as C -files, C header files, assembler files, etc). Intermediate files such -as object files are rarely directly referred to in `build.info` files (and -when they are, it's always with the file name extension `.o`), they are -inferred by `Configure`. By the same rule of minimalism, end product -file name extensions (such as `.so`, `.a`, `.exe`, etc) are never mentioned -in `build.info`. Their file name extensions will be inferred by the -build-file templates, adapted for the platform they are meant for (see -sections on `%unified_info` and build-file templates further down). - -The variables `PROGRAMS`, `LIBS`, `MODULES` and `SCRIPTS` are used to declare -end products. There are variants for them with `_NO_INST` as suffix -(`PROGRAM_NO_INST` etc) to specify end products that shouldn't get installed. - -The variables `SOURCE`, `DEPEND`, `INCLUDE` and `DEFINE` are indexed by a -produced file, and their values are the source used to produce that -particular produced file, extra dependencies, include directories -needed, or C macros to be defined. - -All their values in all the `build.info` throughout the source tree are -collected together and form a set of programs, libraries, modules and -scripts to be produced, source files, dependencies, etc etc etc. - -Let's have a pretend example, a very limited contraption of OpenSSL, -composed of the program `apps/openssl`, the libraries `libssl` and -`libcrypto`, an module `engines/ossltest` and their sources and -dependencies. - - # build.info - LIBS=libcrypto libssl - INCLUDE[libcrypto]=include - INCLUDE[libssl]=include - DEPEND[libssl]=libcrypto - -This is the top directory `build.info` file, and it tells us that two -libraries are to be built, the include directory `include/` shall be -used throughout when building anything that will end up in each -library, and that the library `libssl` depend on the library -`libcrypto` to function properly. - - # apps/build.info - PROGRAMS=openssl - SOURCE[openssl]=openssl.c - INCLUDE[openssl]=.. ../include - DEPEND[openssl]=../libssl - -This is the `build.info` file in `apps/`, one may notice that all file -paths mentioned are relative to the directory the `build.info` file is -located in. This one tells us that there's a program to be built -called `apps/openss` (the file name extension will depend on the -platform and is therefore not mentioned in the `build.info` file). It's -built from one source file, `apps/openssl.c`, and building it requires -the use of `.` and `include/` include directories (both are declared -from the point of view of the `apps/` directory), and that the program -depends on the library `libssl` to function properly. - - # crypto/build.info - LIBS=../libcrypto - SOURCE[../libcrypto]=aes.c evp.c cversion.c - DEPEND[cversion.o]=buildinf.h - - GENERATE[buildinf.h]=../util/mkbuildinf.pl "$(CC) $(CFLAGS)" "$(PLATFORM)" - DEPEND[buildinf.h]=../Makefile - DEPEND[../util/mkbuildinf.pl]=../util/Foo.pm - -This is the `build.info` file in `crypto/`, and it tells us a little more -about what's needed to produce `libcrypto`. LIBS is used again to -declare that `libcrypto` is to be produced. This declaration is -really unnecessary as it's already mentioned in the top `build.info` -file, but can make the info file easier to understand. This is to -show that duplicate information isn't an issue. - -This `build.info` file informs us that `libcrypto` is built from a few -source files, `crypto/aes.c`, `crypto/evp.c` and `crypto/cversion.c`. -It also shows us that building the object file inferred from -`crypto/cversion.c` depends on `crypto/buildinf.h`. Finally, it -also shows the possibility to declare how some files are generated -using some script, in this case a perl script, and how such scripts -can be declared to depend on other files, in this case a perl module. - -Two things are worth an extra note: - -`DEPEND[cversion.o]` mentions an object file. DEPEND indexes is the -only location where it's valid to mention them - - # ssl/build.info - LIBS=../libssl - SOURCE[../libssl]=tls.c - -This is the build.info file in `ssl/`, and it tells us that the -library `libssl` is built from the source file `ssl/tls.c`. - - # engines/build.info - MODULES=dasync - SOURCE[dasync]=e_dasync.c - DEPEND[dasync]=../libcrypto - INCLUDE[dasync]=../include - - MODULES_NO_INST=ossltest - SOURCE[ossltest]=e_ossltest.c - DEPEND[ossltest]=../libcrypto.a - INCLUDE[ossltest]=../include - -This is the `build.info` file in `engines/`, telling us that two modules -called `engines/dasync` and `engines/ossltest` shall be built, that -`dasync`'s source is `engines/e_dasync.c` and `ossltest`'s source is -`engines/e_ossltest.c` and that the include directory `include/` may -be used when building anything that will be part of these modules. -Also, both modules depend on the library `libcrypto` to function -properly. `ossltest` is explicitly linked with the static variant of -the library `libcrypto`. Finally, only `dasync` is being installed, as -`ossltest` is only for internal testing. - -When `Configure` digests these `build.info` files, the accumulated -information comes down to this: - - LIBS=libcrypto libssl - SOURCE[libcrypto]=crypto/aes.c crypto/evp.c crypto/cversion.c - DEPEND[crypto/cversion.o]=crypto/buildinf.h - INCLUDE[libcrypto]=include - SOURCE[libssl]=ssl/tls.c - INCLUDE[libssl]=include - DEPEND[libssl]=libcrypto - - PROGRAMS=apps/openssl - SOURCE[apps/openssl]=apps/openssl.c - INCLUDE[apps/openssl]=. include - DEPEND[apps/openssl]=libssl - - MODULES=engines/dasync - SOURCE[engines/dasync]=engines/e_dasync.c - DEPEND[engines/dasync]=libcrypto - INCLUDE[engines/dasync]=include - - MODULES_NO_INST=engines/ossltest - SOURCE[engines/ossltest]=engines/e_ossltest.c - DEPEND[engines/ossltest]=libcrypto.a - INCLUDE[engines/ossltest]=include - - GENERATE[crypto/buildinf.h]=util/mkbuildinf.pl "$(CC) $(CFLAGS)" "$(PLATFORM)" - DEPEND[crypto/buildinf.h]=Makefile - DEPEND[util/mkbuildinf.pl]=util/Foo.pm - -A few notes worth mentioning: - -`LIBS` may be used to declare routine libraries only. - -`PROGRAMS` may be used to declare programs only. - -`MODULES` may be used to declare modules only. - -The indexes for `SOURCE` must only be end product files, such as -libraries, programs or modules. The values of `SOURCE` variables must -only be source files (possibly generated). - -`INCLUDE` and `DEPEND` shows a relationship between different files -(usually produced files) or between files and directories, such as a -program depending on a library, or between an object file and some -extra source file. - -When `Configure` processes the `build.info` files, it will take it as -truth without question, and will therefore perform very few checks. -If the build tree is separate from the source tree, it will assume -that all built files and up in the build directory and that all source -files are to be found in the source tree, if they can be found there. -`Configure` will assume that source files that can't be found in the -source tree (such as `crypto/bildinf.h` in the example above) are -generated and will be found in the build tree. - -The `%unified_info` database ----------------------------- - -The information in all the `build.info` get digested by `Configure` and -collected into the `%unified_info` database, divided into the following -indexes: - - depends => a hash table containing 'file' => [ 'dependency' ... ] - pairs. These are directly inferred from the DEPEND - variables in build.info files. - - modules => a list of modules. These are directly inferred from - the MODULES variable in build.info files. - - generate => a hash table containing 'file' => [ 'generator' ... ] - pairs. These are directly inferred from the GENERATE - variables in build.info files. - - includes => a hash table containing 'file' => [ 'include' ... ] - pairs. These are directly inferred from the INCLUDE - variables in build.info files. - - install => a hash table containing 'type' => [ 'file' ... ] pairs. - The types are 'programs', 'libraries', 'modules' and - 'scripts', and the array of files list the files of - that type that should be installed. - - libraries => a list of libraries. These are directly inferred from - the LIBS variable in build.info files. - - programs => a list of programs. These are directly inferred from - the PROGRAMS variable in build.info files. - - scripts => a list of scripts. There are directly inferred from - the SCRIPTS variable in build.info files. - - sources => a hash table containing 'file' => [ 'sourcefile' ... ] - pairs. These are indirectly inferred from the SOURCE - variables in build.info files. Object files are - mentioned in this hash table, with source files from - SOURCE variables, and AS source files for programs and - libraries. - - shared_sources => - a hash table just like 'sources', but only as source - files (object files) for building shared libraries. - -As an example, here is how the `build.info` files example from the -section above would be digested into a `%unified_info` table: - - our %unified_info = ( - "depends" => - { - "apps/openssl" => - [ - "libssl", - ], - "crypto/buildinf.h" => - [ - "Makefile", - ], - "crypto/cversion.o" => - [ - "crypto/buildinf.h", - ], - "engines/dasync" => - [ - "libcrypto", - ], - "engines/ossltest" => - [ - "libcrypto.a", - ], - "libssl" => - [ - "libcrypto", - ], - "util/mkbuildinf.pl" => - [ - "util/Foo.pm", - ], - }, - "modules" => - [ - "engines/dasync", - "engines/ossltest", - ], - "generate" => - { - "crypto/buildinf.h" => - [ - "util/mkbuildinf.pl", - "\"\$(CC)", - "\$(CFLAGS)\"", - "\"$(PLATFORM)\"", - ], - }, - "includes" => - { - "apps/openssl" => - [ - ".", - "include", - ], - "engines/ossltest" => - [ - "include" - ], - "libcrypto" => - [ - "include", - ], - "libssl" => - [ - "include", - ], - "util/mkbuildinf.pl" => - [ - "util", - ], - } - "install" => - { - "modules" => - [ - "engines/dasync", - ], - "libraries" => - [ - "libcrypto", - "libssl", - ], - "programs" => - [ - "apps/openssl", - ], - }, - "libraries" => - [ - "libcrypto", - "libssl", - ], - "programs" => - [ - "apps/openssl", - ], - "sources" => - { - "apps/openssl" => - [ - "apps/openssl.o", - ], - "apps/openssl.o" => - [ - "apps/openssl.c", - ], - "crypto/aes.o" => - [ - "crypto/aes.c", - ], - "crypto/cversion.o" => - [ - "crypto/cversion.c", - ], - "crypto/evp.o" => - [ - "crypto/evp.c", - ], - "engines/e_dasync.o" => - [ - "engines/e_dasync.c", - ], - "engines/dasync" => - [ - "engines/e_dasync.o", - ], - "engines/e_ossltest.o" => - [ - "engines/e_ossltest.c", - ], - "engines/ossltest" => - [ - "engines/e_ossltest.o", - ], - "libcrypto" => - [ - "crypto/aes.c", - "crypto/cversion.c", - "crypto/evp.c", - ], - "libssl" => - [ - "ssl/tls.c", - ], - "ssl/tls.o" => - [ - "ssl/tls.c", - ], - }, - ); - -As can be seen, everything in `%unified_info` is fairly simple suggest -of information. Still, it tells us that to build all programs, we -must build `apps/openssl`, and to build the latter, we will need to -build all its sources (`apps/openssl.o` in this case) and all the -other things it depends on (such as `libssl`). All those dependencies -need to be built as well, using the same logic, so to build `libssl`, -we need to build `ssl/tls.o` as well as `libcrypto`, and to build the -latter... - -Build-file templates --------------------- - -Build-file templates are essentially build-files (such as `Makefile` on -Unix) with perl code fragments mixed in. Those perl code fragment -will generate all the configuration dependent data, including all the -rules needed to build end product files and intermediary files alike. -At a minimum, there must be a perl code fragment that defines a set of -functions that are used to generates specific build-file rules, to -build static libraries from object files, to build shared libraries -from static libraries, to programs from object files and libraries, -etc. - - generatesrc - function that produces build file lines to generate - a source file from some input. - - It's called like this: - - generatesrc(src => "PATH/TO/tobegenerated", - generator => [ "generatingfile", ... ] - generator_incs => [ "INCL/PATH", ... ] - generator_deps => [ "dep1", ... ] - incs => [ "INCL/PATH", ... ], - deps => [ "dep1", ... ], - intent => one of "libs", "dso", "bin" ); - - 'src' has the name of the file to be generated. - 'generator' is the command or part of command to - generate the file, of which the first item is - expected to be the file to generate from. - generatesrc() is expected to analyse and figure out - exactly how to apply that file and how to capture - the result. 'generator_incs' and 'generator_deps' - are include directories and files that the generator - file itself depends on. 'incs' and 'deps' are - include directories and files that are used if $(CC) - is used as an intermediary step when generating the - end product (the file indicated by 'src'). 'intent' - indicates what the generated file is going to be - used for. - - src2obj - function that produces build file lines to build an - object file from source files and associated data. - - It's called like this: - - src2obj(obj => "PATH/TO/objectfile", - srcs => [ "PATH/TO/sourcefile", ... ], - deps => [ "dep1", ... ], - incs => [ "INCL/PATH", ... ] - intent => one of "lib", "dso", "bin" ); - - 'obj' has the intended object file with `.o` - extension, src2obj() is expected to change it to - something more suitable for the platform. - 'srcs' has the list of source files to build the - object file, with the first item being the source - file that directly corresponds to the object file. - 'deps' is a list of explicit dependencies. 'incs' - is a list of include file directories. Finally, - 'intent' indicates what this object file is going - to be used for. - - obj2lib - function that produces build file lines to build a - static library file ("libfoo.a" in Unix terms) from - object files. - - called like this: - - obj2lib(lib => "PATH/TO/libfile", - objs => [ "PATH/TO/objectfile", ... ]); - - 'lib' has the intended library file name *without* - extension, obj2lib is expected to add that. 'objs' - has the list of object files to build this library. - - libobj2shlib - backward compatibility function that's used the - same way as obj2shlib (described next), and was - expected to build the shared library from the - corresponding static library when that was suitable. - NOTE: building a shared library from a static - library is now DEPRECATED, as they no longer share - object files. Attempting to do this will fail. - - obj2shlib - function that produces build file lines to build a - shareable object library file ("libfoo.so" in Unix - terms) from the corresponding object files. - - called like this: - - obj2shlib(shlib => "PATH/TO/shlibfile", - lib => "PATH/TO/libfile", - objs => [ "PATH/TO/objectfile", ... ], - deps => [ "PATH/TO/otherlibfile", ... ]); - - 'lib' has the base (static) library file name - *without* extension. This is useful in case - supporting files are needed (such as import - libraries on Windows). - 'shlib' has the corresponding shared library name - *without* extension. 'deps' has the list of other - libraries (also *without* extension) this library - needs to be linked with. 'objs' has the list of - object files to build this library. - - obj2dso - function that produces build file lines to build a - dynamic shared object file from object files. - - called like this: - - obj2dso(lib => "PATH/TO/libfile", - objs => [ "PATH/TO/objectfile", ... ], - deps => [ "PATH/TO/otherlibfile", - ... ]); - - This is almost the same as obj2shlib, but the - intent is to build a shareable library that can be - loaded in runtime (a "plugin"...). - - obj2bin - function that produces build file lines to build an - executable file from object files. - - called like this: - - obj2bin(bin => "PATH/TO/binfile", - objs => [ "PATH/TO/objectfile", ... ], - deps => [ "PATH/TO/libfile", ... ]); - - 'bin' has the intended executable file name - *without* extension, obj2bin is expected to add - that. 'objs' has the list of object files to build - this library. 'deps' has the list of library files - (also *without* extension) that the programs needs - to be linked with. - - in2script - function that produces build file lines to build a - script file from some input. - - called like this: - - in2script(script => "PATH/TO/scriptfile", - sources => [ "PATH/TO/infile", ... ]); - - 'script' has the intended script file name. - 'sources' has the list of source files to build the - resulting script from. - -Along with the build-file templates is the driving template -[`Configurations/common.tmpl`](common.tmpl), which looks through all the -information in `%unified_info` and generates all the rulesets to build libraries, -programs and all intermediate files, using the rule generating -functions defined in the build-file template. - -As an example with the smaller `build.info` set we've seen as an -example, producing the rules to build `libcrypto` would result in the -following calls: - - # Note: obj2shlib will only be called if shared libraries are - # to be produced. - # Note 2: obj2shlib must convert the '.o' extension to whatever - # is suitable on the local platform. - obj2shlib(shlib => "libcrypto", - objs => [ "crypto/aes.o", "crypto/evp.o", "crypto/cversion.o" ], - deps => [ ]); - - obj2lib(lib => "libcrypto" - objs => [ "crypto/aes.o", "crypto/evp.o", "crypto/cversion.o" ]); - - src2obj(obj => "crypto/aes.o" - srcs => [ "crypto/aes.c" ], - deps => [ ], - incs => [ "include" ], - intent => "lib"); - - src2obj(obj => "crypto/evp.o" - srcs => [ "crypto/evp.c" ], - deps => [ ], - incs => [ "include" ], - intent => "lib"); - - src2obj(obj => "crypto/cversion.o" - srcs => [ "crypto/cversion.c" ], - deps => [ "crypto/buildinf.h" ], - incs => [ "include" ], - intent => "lib"); - - generatesrc(src => "crypto/buildinf.h", - generator => [ "util/mkbuildinf.pl", "\"$(CC)", - "$(CFLAGS)\"", "\"$(PLATFORM)\"" ], - generator_incs => [ "util" ], - generator_deps => [ "util/Foo.pm" ], - incs => [ ], - deps => [ ], - intent => "lib"); - -The returned strings from all those calls are then concatenated -together and written to the resulting build-file. diff --git a/Configurations/README.md b/Configurations/README.md deleted file mode 100644 index be8c394d0872b2f51aeb64873203883a54e1cd88..0000000000000000000000000000000000000000 --- a/Configurations/README.md +++ /dev/null @@ -1,661 +0,0 @@ -Intro -===== - -This directory contains a few sets of files that are used for -configuration in diverse ways: - - *.conf Target platform configurations, please read - 'Configurations of OpenSSL target platforms' for more - information. - *.tmpl Build file templates, please read 'Build-file - programming with the "unified" build system' as well - as 'Build info files' for more information. - *.pm Helper scripts / modules for the main `Configure` - script. See 'Configure helper scripts for more - information. - -Configurations of OpenSSL target platforms -========================================== - -Configuration targets are a collection of facts that we know about -different platforms and their capabilities. We organise them in a -hash table, where each entry represent a specific target. - -Note that configuration target names must be unique across all config -files. The Configure script does check that a config file doesn't -have config targets that shadow config targets from other files. - -In each table entry, the following keys are significant: - - inherit_from => Other targets to inherit values from. - Explained further below. [1] - template => Set to 1 if this isn't really a platform - target. Instead, this target is a template - upon which other targets can be built. - Explained further below. [1] - - sys_id => System identity for systems where that - is difficult to determine automatically. - - enable => Enable specific configuration features. - This MUST be an array of words. - disable => Disable specific configuration features. - This MUST be an array of words. - Note: if the same feature is both enabled - and disabled, disable wins. - - as => The assembler command. This is not always - used (for example on Unix, where the C - compiler is used instead). - asflags => Default assembler command flags [4]. - cpp => The C preprocessor command, normally not - given, as the build file defaults are - usually good enough. - cppflags => Default C preprocessor flags [4]. - defines => As an alternative, macro definitions may be - given here instead of in 'cppflags' [4]. - If given here, they MUST be as an array of - the string such as "MACRO=value", or just - "MACRO" for definitions without value. - includes => As an alternative, inclusion directories - may be given here instead of in 'cppflags' - [4]. If given here, the MUST be an array - of strings, one directory specification - each. - cc => The C compiler command, usually one of "cc", - "gcc" or "clang". This command is normally - also used to link object files and - libraries into the final program. - cxx => The C++ compiler command, usually one of - "c++", "g++" or "clang++". This command is - also used when linking a program where at - least one of the object file is made from - C++ source. - cflags => Defaults C compiler flags [4]. - cxxflags => Default C++ compiler flags [4]. If unset, - it gets the same value as cflags. - - (linking is a complex thing, see [3] below) - ld => Linker command, usually not defined - (meaning the compiler command is used - instead). - (NOTE: this is here for future use, it's - not implemented yet) - lflags => Default flags used when linking apps, - shared libraries or DSOs [4]. - ex_libs => Extra libraries that are needed when - linking shared libraries, DSOs or programs. - The value is also assigned to Libs.private - in $(libdir)/pkgconfig/libcrypto.pc. - - shared_cppflags => Extra C preprocessor flags used when - processing C files for shared libraries. - shared_cflag => Extra C compiler flags used when compiling - for shared libraries, typically something - like "-fPIC". - shared_ldflag => Extra linking flags used when linking - shared libraries. - module_cppflags - module_cflags - module_ldflags => Has the same function as the corresponding - 'shared_' attributes, but for building DSOs. - When unset, they get the same values as the - corresponding 'shared_' attributes. - - ar => The library archive command, the default is - "ar". - (NOTE: this is here for future use, it's - not implemented yet) - arflags => Flags to be used with the library archive - command. On Unix, this includes the - command letter, 'r' by default. - - ranlib => The library archive indexing command, the - default is 'ranlib' it it exists. - - unistd => An alternative header to the typical - ''. This is very rarely needed. - - shared_extension => File name extension used for shared - libraries. - obj_extension => File name extension used for object files. - On unix, this defaults to ".o" (NOTE: this - is here for future use, it's not - implemented yet) - exe_extension => File name extension used for executable - files. On unix, this defaults to "" (NOTE: - this is here for future use, it's not - implemented yet) - shlib_variant => A "variant" identifier inserted between the base - shared library name and the extension. On "unixy" - platforms (BSD, Linux, Solaris, MacOS/X, ...) this - supports installation of custom OpenSSL libraries - that don't conflict with other builds of OpenSSL - installed on the system. The variant identifier - becomes part of the SONAME of the library and also - any symbol versions (symbol versions are not used or - needed with MacOS/X). For example, on a system - where a default build would normally create the SSL - shared library as 'libssl.so -> libssl.so.1.1' with - the value of the symlink as the SONAME, a target - definition that sets 'shlib_variant => "-abc"' will - create 'libssl.so -> libssl-abc.so.1.1', again with - an SONAME equal to the value of the symlink. The - symbol versions associated with the variant library - would then be 'OPENSSL_ABC_' rather than - the default 'OPENSSL_'. The string inserted - into symbol versions is obtained by mapping all - letters in the "variant" identifier to upper case - and all non-alphanumeric characters to '_'. - - thread_scheme => The type of threads is used on the - configured platform. Currently known - values are "(unknown)", "pthreads", - "uithreads" (a.k.a solaris threads) and - "winthreads". Except for "(unknown)", the - actual value is currently ignored but may - be used in the future. See further notes - below [2]. - dso_scheme => The type of dynamic shared objects to build - for. This mostly comes into play with - modules, but can be used for other purposes - as well. Valid values are "DLFCN" - (dlopen() et al), "DLFCN_NO_H" (for systems - that use dlopen() et al but do not have - fcntl.h), "DL" (shl_load() et al), "WIN32" - and "VMS". - asm_arch => The architecture to be used for compiling assembly - source. This acts as a selector in build.info files. - uplink_arch => The architecture to be used for compiling uplink - source. This acts as a selector in build.info files. - This is separate from asm_arch because it's compiled - even when 'no-asm' is given, even though it contains - assembler source. - perlasm_scheme => The perlasm method used to create the - assembler files used when compiling with - assembler implementations. - shared_target => The shared library building method used. - This serves multiple purposes: - - as index for targets found in shared_info.pl. - - as linker script generation selector. - To serve both purposes, the index for shared_info.pl - should end with '-shared', and this suffix will be - removed for use as a linker script generation - selector. Note that the latter is only used if - 'shared_defflag' is defined. - build_scheme => The scheme used to build up a Makefile. - In its simplest form, the value is a string - with the name of the build scheme. - The value may also take the form of a list - of strings, if the build_scheme is to have - some options. In this case, the first - string in the list is the name of the build - scheme. - Currently recognised build scheme is "unified". - For the "unified" build scheme, this item - *must* be an array with the first being the - word "unified" and the second being a word - to identify the platform family. - - multilib => On systems that support having multiple - implementations of a library (typically a - 32-bit and a 64-bit variant), this is used - to have the different variants in different - directories. - - bn_ops => Building options (was just bignum options in - the earlier history of this option, hence the - name). This is a string of words that describe - algorithms' implementation parameters that - are optimal for the designated target platform, - such as the type of integers used to build up - the bignum, different ways to implement certain - ciphers and so on. To fully comprehend the - meaning, the best is to read the affected - source. - The valid words are: - - THIRTY_TWO_BIT bignum limbs are 32 bits, - this is default if no - option is specified, it - works on any supported - system [unless "wider" - limb size is implied in - assembly code]; - BN_LLONG bignum limbs are 32 bits, - but 64-bit 'unsigned long - long' is used internally - in calculations; - SIXTY_FOUR_BIT_LONG bignum limbs are 64 bits - and sizeof(long) is 8; - SIXTY_FOUR_BIT bignums limbs are 64 bits, - but execution environment - is ILP32; - RC4_CHAR RC4 key schedule is made - up of 'unsigned char's; - RC4_INT RC4 key schedule is made - up of 'unsigned int's; - -[1] as part of the target configuration, one can have a key called - `inherit_from` that indicates what other configurations to inherit - data from. These are resolved recursively. - - Inheritance works as a set of default values that can be overridden - by corresponding key values in the inheriting configuration. - - Note 1: any configuration table can be used as a template. - Note 2: pure templates have the attribute `template => 1` and - cannot be used as build targets. - - If several configurations are given in the `inherit_from` array, - the values of same attribute are concatenated with space - separation. With this, it's possible to have several smaller - templates for different configuration aspects that can be combined - into a complete configuration. - - Instead of a scalar value or an array, a value can be a code block - of the form `sub { /* your code here */ }`. This code block will - be called with the list of inherited values for that key as - arguments. In fact, the concatenation of strings is really done - by using `sub { join(" ",@_) }` on the list of inherited values. - - An example: - - "foo" => { - template => 1, - haha => "ha ha", - hoho => "ho", - ignored => "This should not appear in the end result", - }, - "bar" => { - template => 1, - haha => "ah", - hoho => "haho", - hehe => "hehe" - }, - "laughter" => { - inherit_from => [ "foo", "bar" ], - hehe => sub { join(" ",(@_,"!!!")) }, - ignored => "", - } - - The entry for "laughter" will become as follows after processing: - - "laughter" => { - haha => "ha ha ah", - hoho => "ho haho", - hehe => "hehe !!!", - ignored => "" - } - -[2] OpenSSL is built with threading capabilities unless the user - specifies `no-threads`. The value of the key `thread_scheme` may - be `(unknown)`, in which case the user MUST give some compilation - flags to `Configure`. - -[3] OpenSSL has three types of things to link from object files or - static libraries: - - - shared libraries; that would be libcrypto and libssl. - - shared objects (sometimes called dynamic libraries); that would - be the modules. - - applications; those are apps/openssl and all the test apps. - - Very roughly speaking, linking is done like this (words in braces - represent the configuration settings documented at the beginning - of this file): - - shared libraries: - {ld} $(CFLAGS) {lflags} {shared_ldflag} -o libfoo.so \ - foo/something.o foo/somethingelse.o {ex_libs} - - shared objects: - {ld} $(CFLAGS) {lflags} {module_ldflags} -o libeng.so \ - blah1.o blah2.o -lcrypto {ex_libs} - - applications: - {ld} $(CFLAGS) {lflags} -o app \ - app1.o utils.o -lssl -lcrypto {ex_libs} - -[4] There are variants of these attribute, prefixed with `lib_`, - `dso_` or `bin_`. Those variants replace the unprefixed attribute - when building library, DSO or program modules specifically. - -Historically, the target configurations came in form of a string with -values separated by colons. This use is deprecated. The string form -looked like this: - - "target" => "{cc}:{cflags}:{unistd}:{thread_cflag}:{sys_id}:{lflags}: - {bn_ops}:{cpuid_obj}:{bn_obj}:{ec_obj}:{des_obj}:{aes_obj}: - {bf_obj}:{md5_obj}:{sha1_obj}:{cast_obj}:{rc4_obj}: - {rmd160_obj}:{rc5_obj}:{wp_obj}:{cmll_obj}:{modes_obj}: - {padlock_obj}:{perlasm_scheme}:{dso_scheme}:{shared_target}: - {shared_cflag}:{shared_ldflag}:{shared_extension}:{ranlib}: - {arflags}:{multilib}" - -Build info files -================ - -The `build.info` files that are spread over the source tree contain the -minimum information needed to build and distribute OpenSSL. It uses a -simple and yet fairly powerful language to determine what needs to be -built, from what sources, and other relationships between files. - -For every `build.info` file, all file references are relative to the -directory of the `build.info` file for source files, and the -corresponding build directory for built files if the build tree -differs from the source tree. - -When processed, every line is processed with the perl module -Text::Template, using the delimiters `{-` and `-}`. The hashes -`%config` and `%target` are passed to the perl fragments, along with -$sourcedir and $builddir, which are the locations of the source -directory for the current `build.info` file and the corresponding build -directory, all relative to the top of the build tree. - -`Configure` only knows inherently about the top `build.info` file. For -any other directory that has one, further directories to look into -must be indicated like this: - - SUBDIRS=something someelse - -On to things to be built; they are declared by setting specific -variables: - - PROGRAMS=foo bar - LIBS=libsomething - MODULES=libeng - SCRIPTS=myhack - -Note that the files mentioned for PROGRAMS, LIBS and MODULES *must* be -without extensions. The build file templates will figure them out. - -For each thing to be built, it is then possible to say what sources -they are built from: - - PROGRAMS=foo bar - SOURCE[foo]=foo.c common.c - SOURCE[bar]=bar.c extra.c common.c - -It's also possible to tell some other dependencies: - - DEPEND[foo]=libsomething - DEPEND[libbar]=libsomethingelse - -(it could be argued that 'libsomething' and 'libsomethingelse' are -source as well. However, the files given through SOURCE are expected -to be located in the source tree while files given through DEPEND are -expected to be located in the build tree) - -It's also possible to depend on static libraries explicitly: - - DEPEND[foo]=libsomething.a - DEPEND[libbar]=libsomethingelse.a - -This should be rarely used, and care should be taken to make sure it's -only used when supported. For example, native Windows build doesn't -support building static libraries and DLLs at the same time, so using -static libraries on Windows can only be done when configured -`no-shared`. - -In some cases, it's desirable to include some source files in the -shared form of a library only: - - SHARED_SOURCE[libfoo]=dllmain.c - -For any file to be built, it's also possible to tell what extra -include paths the build of their source files should use: - - INCLUDE[foo]=include - -It's also possible to specify C macros that should be defined: - - DEFINE[foo]=FOO BAR=1 - -In some cases, one might want to generate some source files from -others, that's done as follows: - - GENERATE[foo.s]=asm/something.pl $(CFLAGS) - GENERATE[bar.s]=asm/bar.S - -The value of each GENERATE line is a command line or part of it. -Configure places no rules on the command line, except that the first -item must be the generator file. It is, however, entirely up to the -build file template to define exactly how those command lines should -be handled, how the output is captured and so on. - -Sometimes, the generator file itself depends on other files, for -example if it is a perl script that depends on other perl modules. -This can be expressed using DEPEND like this: - - DEPEND[asm/something.pl]=../perlasm/Foo.pm - -There may also be cases where the exact file isn't easily specified, -but an inclusion directory still needs to be specified. INCLUDE can -be used in that case: - - INCLUDE[asm/something.pl]=../perlasm - -NOTE: GENERATE lines are limited to one command only per GENERATE. - -Finally, you can have some simple conditional use of the `build.info` -information, looking like this: - - IF[1] - something - ELSIF[2] - something other - ELSE - something else - ENDIF - -The expression in square brackets is interpreted as a string in perl, -and will be seen as true if perl thinks it is, otherwise false. For -example, the above would have "something" used, since 1 is true. - -Together with the use of Text::Template, this can be used as -conditions based on something in the passed variables, for example: - - IF[{- $disabled{shared} -}] - LIBS=libcrypto - SOURCE[libcrypto]=... - ELSE - LIBS=libfoo - SOURCE[libfoo]=... - ENDIF - -Build-file programming with the "unified" build system -====================================================== - -"Build files" are called `Makefile` on Unix-like operating systems, -`descrip.mms` for MMS on VMS, `makefile` for `nmake` on Windows, etc. - -To use the "unified" build system, the target configuration needs to -set the three items `build_scheme`, `build_file` and `build_command`. -In the rest of this section, we will assume that `build_scheme` is set -to "unified" (see the configurations documentation above for the -details). - -For any name given by `build_file`, the "unified" system expects a -template file in `Configurations/` named like the build file, with -`.tmpl` appended, or in case of possible ambiguity, a combination of -the second `build_scheme` list item and the `build_file` name. For -example, if `build_file` is set to `Makefile`, the template could be -`Configurations/Makefile.tmpl` or `Configurations/unix-Makefile.tmpl`. -In case both `Configurations/unix-Makefile.tmpl` and -`Configurations/Makefile.tmpl` are present, the former takes precedence. - -The build-file template is processed with the perl module -Text::Template, using `{-` and `-}` as delimiters that enclose the -perl code fragments that generate configuration-dependent content. -Those perl fragments have access to all the hash variables from -configdata.pem. - -The build-file template is expected to define at least the following -perl functions in a perl code fragment enclosed with `{-` and `-}`. -They are all expected to return a string with the lines they produce. - - generatesrc - function that produces build file lines to generate - a source file from some input. - - It's called like this: - - generatesrc(src => "PATH/TO/tobegenerated", - generator => [ "generatingfile", ... ] - generator_incs => [ "INCL/PATH", ... ] - generator_deps => [ "dep1", ... ] - generator => [ "generatingfile", ... ] - incs => [ "INCL/PATH", ... ], - deps => [ "dep1", ... ], - intent => one of "libs", "dso", "bin" ); - - 'src' has the name of the file to be generated. - 'generator' is the command or part of command to - generate the file, of which the first item is - expected to be the file to generate from. - generatesrc() is expected to analyse and figure out - exactly how to apply that file and how to capture - the result. 'generator_incs' and 'generator_deps' - are include directories and files that the generator - file itself depends on. 'incs' and 'deps' are - include directories and files that are used if $(CC) - is used as an intermediary step when generating the - end product (the file indicated by 'src'). 'intent' - indicates what the generated file is going to be - used for. - - src2obj - function that produces build file lines to build an - object file from source files and associated data. - - It's called like this: - - src2obj(obj => "PATH/TO/objectfile", - srcs => [ "PATH/TO/sourcefile", ... ], - deps => [ "dep1", ... ], - incs => [ "INCL/PATH", ... ] - intent => one of "lib", "dso", "bin" ); - - 'obj' has the intended object file with '.o' - extension, src2obj() is expected to change it to - something more suitable for the platform. - 'srcs' has the list of source files to build the - object file, with the first item being the source - file that directly corresponds to the object file. - 'deps' is a list of explicit dependencies. 'incs' - is a list of include file directories. Finally, - 'intent' indicates what this object file is going - to be used for. - - obj2lib - function that produces build file lines to build a - static library file ("libfoo.a" in Unix terms) from - object files. - - called like this: - - obj2lib(lib => "PATH/TO/libfile", - objs => [ "PATH/TO/objectfile", ... ]); - - 'lib' has the intended library file name *without* - extension, obj2lib is expected to add that. 'objs' - has the list of object files to build this library. - - libobj2shlib - backward compatibility function that's used the - same way as obj2shlib (described next), and was - expected to build the shared library from the - corresponding static library when that was suitable. - NOTE: building a shared library from a static - library is now DEPRECATED, as they no longer share - object files. Attempting to do this will fail. - - obj2shlib - function that produces build file lines to build a - shareable object library file ("libfoo.so" in Unix - terms) from the corresponding object files. - - called like this: - - obj2shlib(shlib => "PATH/TO/shlibfile", - lib => "PATH/TO/libfile", - objs => [ "PATH/TO/objectfile", ... ], - deps => [ "PATH/TO/otherlibfile", ... ]); - - 'lib' has the base (static) library ffile name - *without* extension. This is useful in case - supporting files are needed (such as import - libraries on Windows). - 'shlib' has the corresponding shared library name - *without* extension. 'deps' has the list of other - libraries (also *without* extension) this library - needs to be linked with. 'objs' has the list of - object files to build this library. - - obj2dso - function that produces build file lines to build a - dynamic shared object file from object files. - - called like this: - - obj2dso(lib => "PATH/TO/libfile", - objs => [ "PATH/TO/objectfile", ... ], - deps => [ "PATH/TO/otherlibfile", - ... ]); - - This is almost the same as obj2shlib, but the - intent is to build a shareable library that can be - loaded in runtime (a "plugin"...). - - obj2bin - function that produces build file lines to build an - executable file from object files. - - called like this: - - obj2bin(bin => "PATH/TO/binfile", - objs => [ "PATH/TO/objectfile", ... ], - deps => [ "PATH/TO/libfile", ... ]); - - 'bin' has the intended executable file name - *without* extension, obj2bin is expected to add - that. 'objs' has the list of object files to build - this library. 'deps' has the list of library files - (also *without* extension) that the programs needs - to be linked with. - - in2script - function that produces build file lines to build a - script file from some input. - - called like this: - - in2script(script => "PATH/TO/scriptfile", - sources => [ "PATH/TO/infile", ... ]); - - 'script' has the intended script file name. - 'sources' has the list of source files to build the - resulting script from. - -In all cases, file file paths are relative to the build tree top, and -the build file actions run with the build tree top as current working -directory. - -Make sure to end the section with these functions with a string that -you thing is appropriate for the resulting build file. If nothing -else, end it like this: - - ""; # Make sure no lingering values end up in the Makefile - -} - -Configure helper scripts -======================== - -Configure uses helper scripts in this directory: - -Checker scripts ---------------- - -These scripts are per platform family, to check the integrity of the -tools used for configuration and building. The checker script used is -either `{build_platform}-{build_file}-checker.pm` or -`{build_platform}-checker.pm`, where `{build_platform}` is the second -`build_scheme` list element from the configuration target data, and -`{build_file}` is `build_file` from the same target data. - -If the check succeeds, the script is expected to end with a non-zero -expression. If the check fails, the script can end with a zero, or -with a `die`. diff --git a/Configurations/descrip.mms.tmpl b/Configurations/descrip.mms.tmpl deleted file mode 100644 index b7d1df25928053190a5d6fd97ac552d2601b7b06..0000000000000000000000000000000000000000 --- a/Configurations/descrip.mms.tmpl +++ /dev/null @@ -1,1415 +0,0 @@ -## descrip.mms to build OpenSSL on OpenVMS -## -## {- join("\n## ", @autowarntext) -} -{- - use File::Spec::Functions qw/:DEFAULT abs2rel rel2abs/; - use File::Basename; - use OpenSSL::Util; - - (our $osslprefix_q = platform->osslprefix()) =~ s/\$/\\\$/; - - our $sover_dirname = platform->shlib_version_as_filename(); - our $osslver = sprintf "%02d", split(/\./, $config{version}); - - our $sourcedir = $config{sourcedir}; - our $builddir = $config{builddir}; - sub make_unix_path { - # Split the native path - (my $vol, my $dirs, my $file) = File::Spec->splitpath($_[0]); - my @dirs = File::Spec->splitdir($dirs); - - # Reassemble it as a Unix path - $vol =~ s|:$||; - return File::Spec::Unix->catpath( - '', File::Spec::Unix->catdir('', $vol ? $vol : (), @dirs), $file); - } - sub sourcefile { - catfile($sourcedir, @_); - } - sub buildfile { - catfile($builddir, @_); - } - sub sourcedir { - catdir($sourcedir, @_); - } - sub builddir { - catdir($builddir, @_); - } - sub tree { - (my $x = shift) =~ s|\]$|...]|; - $x - } - - # Because we need to make two computations of these data, - # we store them in arrays for reuse - our @libs = - map { platform->staticname($_) } - @{$unified_info{libraries}}; - our @shlibs = - map { platform->sharedname($_) // () } - @{$unified_info{libraries}}; - our @install_libs = - map { platform->staticname($_) } - grep { !$unified_info{attributes}->{libraries}->{$_}->{noinst} } - @{$unified_info{libraries}}; - our @install_shlibs = - map { platform->sharedname($_) // () } - grep { !$unified_info{attributes}->{libraries}->{$_}->{noinst} } - @{$unified_info{libraries}}; - our @install_engines = - grep { !$unified_info{attributes}->{modules}->{$_}->{noinst} - && $unified_info{attributes}->{modules}->{$_}->{engine} } - @{$unified_info{modules}}; - our @install_modules = - grep { !$unified_info{attributes}->{modules}->{$_}->{noinst} - && !$unified_info{attributes}->{modules}->{$_}->{engine} - && !$unified_info{attributes}->{modules}->{$_}->{fips} } - @{$unified_info{modules}}; - our @install_fipsmodules = - grep { !$unified_info{attributes}->{modules}->{$_}->{noinst} - && $unified_info{attributes}->{modules}->{$_}->{fips} } - @{$unified_info{modules}}; - our @install_programs = - grep { !$unified_info{attributes}->{programs}->{$_}->{noinst} } - @{$unified_info{programs}}; - our @install_bin_scripts = - grep { !$unified_info{attributes}->{scripts}->{$_}->{noinst} - && !$unified_info{attributes}->{scripts}->{$_}->{misc} } - @{$unified_info{scripts}}; - our @install_misc_scripts = - grep { !$unified_info{attributes}->{scripts}->{$_}->{noinst} - && $unified_info{attributes}->{scripts}->{$_}->{misc} } - @{$unified_info{scripts}}; - - # Configured flags - - our @cnf_asflags = ($target{asflags} || (), @{$config{asflags}}); - our @cnf_defines = (@{$target{defines}}, @{$config{defines}}); - our @cnf_includes = (@{$target{includes}}, @{$config{includes}}); - our @cnf_cppflags = ($target{cppflags} || (), @{$config{cppflags}}); - our @cnf_cflags = ($target{cflags} || (), @{$config{cflags}}); - our @cnf_cxxflags = ($target{cxxflags} || (), @{$config{cxxflags}}); - our @cnf_ldflags = ($target{lflags} || (), @{$config{lflags}}); - our @cnf_ex_libs = (map{ ",$_" } @{$target{ex_libs}}, @{$config{ex_libs}}); - - # Variables starting with $lib_ are used to build library object files - # and shared libraries. - # Variables starting with $dso_ are used to build DSOs and their object files. - # Variables starting with $bin_ are used to build programs and their object - # files. - - # The following array is special and is treated separately from the rest of - # the lib_ variables. - our @lib_cppincludes = (@{$target{lib_includes}}, @{$target{shared_includes}}, - @{$config{lib_includes}}, @{$config{shared_includes}}, - @cnf_includes); - - our $lib_cppdefines = - join(',', @{$target{lib_defines}}, @{$target{shared_defines}}, - @{$config{lib_defines}}, @{$config{shared_defines}}, - @cnf_defines, - 'OPENSSLDIR="""$(OPENSSLDIR_C)"""', - 'ENGINESDIR="""$(ENGINESDIR_C)"""', - 'MODULESDIR="""$(MODULESDIR_C)"""' - ) - . '$(DEFINES)' - . "'extradefines'"; - our $lib_asflags = - join(' ', $target{lib_asflags} || (), @{$config{lib_asflags}}, - @cnf_asflags, '$(ASFLAGS)'); - our $lib_cppflags = - join('', $target{lib_cppflags} || (), $target{shared_cppflags} || (), - @{$config{lib_cppflags}}, @{$config{shared_cppflag}}, - @cnf_cppflags, '/DEFINE=('.$lib_cppdefines.')', '$(CPPFLAGS)'); - my @lib_cflags = ( $target{lib_cflags} // () ); - my @lib_cflags_no_inst = ( $target{no_inst_lib_cflags} // @lib_cflags ); - my @lib_cflags_cont = ( $target{shared_cflag} || (), - @{$config{lib_cflags}}, @{$config{shared_cflag}}, - $cnf_cflags, '$(CFLAGS)'); - our $lib_cflags = join('', @lib_cflags, @lib_cflags_cont ); - our $lib_cflags_no_inst = join('', @lib_cflags_no_inst, @lib_cflags_cont ); - our $lib_ldflags = - join('', $target{lib_lflags} || (), $target{shared_ldflag} || (), - @{$config{lib_lflags}}, @{$config{shared_ldflag}}, - @cnf_ldflags, '$(LDFLAGS)'); - our $lib_ex_libs = join('', @cnf_ex_libs, '$(EX_LIBS)'); - - # The following array is special and is treated separately from the rest of - # the dso_ variables. - our @dso_cppincludes = (@{$target{dso_includes}}, @{$target{module_includes}}, - @{$config{dso_includes}}, @{$config{module_includes}}, - @cnf_includes); - - our $dso_cppdefines = - join(',', @{$target{dso_defines}}, @{$target{module_defines}}, - @{$config{dso_defines}}, @{$config{module_defines}}, - @cnf_defines, - ) - . '$(DEFINES)' - . "'extradefines'"; - our $dso_asflags = - join(' ', $target{dso_asflags} || (), $target{module_asflags} || (), - @{$config{dso_asflags}}, @{$config{module_asflags}}, - @cnf_asflags, '$(ASFLAGS)'); - our $dso_cppflags = - join('', $target{dso_cppflags} || (), $target{module_cppflags} || (), - @{$config{dso_cppflags}}, @{$config{module_cppflag}}, - @cnf_cppflags, - '/DEFINE=('.$dso_cppdefines.')', - '$(CPPFLAGS)'); - my @dso_cflags = ( $target{dso_cflags} // () ); - my @dso_cflags_no_inst = ( $target{no_inst_dso_cflags} // @dso_cflags ); - my @dso_cflags_cont = ( $target{module_cflag} || (), - @{$config{dso_cflags}}, @{$config{module_cflag}}, - $cnf_cflags, '$(CFLAGS)'); - our $dso_cflags = join('', @dso_cflags, @dso_cflags_cont ); - our $dso_cflags_no_inst = join('', @dso_cflags_no_inst, @dso_cflags_cont ); - our $dso_ldflags = - join('', $target{dso_lflags} || (), $target{module_ldflag} || (), - @{$config{dso_lflags}}, @{$config{module_ldflag}}, - @cnf_ldflags, '$(LDFLAGS)'); - our $dso_ex_libs = join('', @cnf_ex_libs, '$(EX_LIBS)'); - - # The following array is special and is treated separately from the rest of - # the bin_ variables. - our @bin_cppincludes = (@{$target{bin_includes}}, - @{$config{bin_includes}}, - @cnf_includes); - - our $bin_cppdefines = - join(',', @{$target{bin_defines}}, - @{$config{bin_defines}}, - @cnf_defines, - ) - . '$(DEFINES)' - . "'extradefines'"; - our $bin_asflags = - join(' ', $target{bin_asflags} || (), - @{$config{bin_asflags}}, - @cnf_asflags, '$(ASFLAGS)'); - our $bin_cppflags = - join('', $target{bin_cppflags} || (), - @{$config{bin_cppflags}}, - @cnf_cppflags, - '/DEFINE=('.$bin_cppdefines.')', - '$(CPPFLAGS)'); - my @bin_cflags = ( $target{bin_cflags} // () ); - my @bin_cflags_no_inst = ( $target{no_inst_bin_cflags} // @bin_cflags ); - my @bin_cflags_cont = ( @{$config{bin_cflags}}, - $cnf_cflags, '$(CFLAGS)'); - our $bin_cflags = join('', @bin_cflags, @bin_cflags_cont ); - our $bin_cflags_no_inst = join('', @bin_cflags_no_inst, @bin_cflags_cont ); - our $bin_cflags = - join('', $target{bin_cflags} || (), - @{$config{bin_cflags}}, - @cnf_cflags, '$(CFLAGS)'); - our $bin_ldflags = - join('', $target{bin_lflags} || (), - @{$config{bin_lflags}}, - @cnf_ldflags, '$(LDFLAGS)'); - our $bin_ex_libs = join('', @cnf_ex_libs, '$(EX_LIBS)'); - - # This is a horrible hack, but is needed because recursive inclusion of files - # in different directories does not work well with VMS C. We try to help by - # specifying extra relative directories. They must always be in Unix format, - # relative to the directory where the .c file is located. The logic is that - # any inclusion, merged with one of these relative directories, will find the - # requested inclusion file. - foreach (grep /\[\.crypto\.async\.arch\].*\.o$/, keys %{$unified_info{sources}}) { - my $obj = platform->obj($_); - push @{$unified_info{includes_extra}->{$obj}}, qw(../); - } - foreach (grep /\[\.crypto\.ec\.curve448\].*?\.o$/, keys %{$unified_info{sources}}) { - my $obj = platform->obj($_); - push @{$unified_info{includes_extra}->{$obj}}, qw(./arch_32 ./arch64); - } - foreach (grep /\[\.crypto\.ec\.curve448.arch_(?:32|64)\].*?\.o$/, keys %{$unified_info{sources}}) { - my $obj = platform->obj($_); - push @{$unified_info{includes_extra}->{$obj}}, qw(../); - } - foreach (grep /\[\.ssl\.(?:record|statem)\].*?\.o$/, keys %{$unified_info{sources}}) { - my $obj = platform->obj($_); - # Most of the files in [.ssl.record] and [.ssl.statem] include - # "../ssl_local.h", which includes things like "record/record.h". - # Adding "../" as an inclusion directory helps making this sort of header - # from these directories. - push @{$unified_info{includes_extra}->{$obj}}, qw(../); - - } - foreach (grep /\[\.test\].*?\.o$/, keys %{$unified_info{sources}}) { - my $obj = platform->obj($_); - push @{$unified_info{includes_extra}->{$obj}}, qw(../ssl ./helpers); - } - foreach (grep /\[\.test\.helpers\].*?\.o$/, keys %{$unified_info{sources}}) { - my $obj = platform->obj($_); - push @{$unified_info{includes_extra}->{$obj}}, qw(../../ssl); - } - - # This makes sure things get built in the order they need - # to. You're welcome. - sub dependmagic { - my $target = shift; - - return "$target : build_generated\n\t\pipe \$(MMS) \$(MMSQUALIFIERS) depend && \$(MMS) \$(MMSQUALIFIERS) _$target\n_$target"; - } - ""; --} -PLATFORM={- $config{target} -} -OPTIONS={- $config{options} -} -CONFIGURE_ARGS=({- join(", ",quotify_l(@{$config{perlargv}})) -}) -SRCDIR={- $config{sourcedir} -} -BLDDIR={- $config{builddir} -} -FIPSKEY={- $config{FIPSKEY} -} - -# Allow both V and VERBOSE to indicate verbosity. This only applies -# to testing. -VERBOSE=$(V) -VERBOSE_FAILURE=$(VF) - -VERSION={- "$config{full_version}" -} -VERSION_NUMBER={- "$config{version}" -} -MAJOR={- $config{major} -} -MINOR={- $config{minor} -} -SHLIB_VERSION_NUMBER={- $config{shlib_version} -} -SHLIB_TARGET={- $target{shared_target} -} - -LIBS={- join(", ", map { "-\n\t".$_.".OLB" } @libs) -} -SHLIBS={- join(", ", map { "-\n\t".$_.".EXE" } @shlibs) -} -MODULES={- join(", ", map { "-\n\t".$_.".EXE" } - # Drop all modules that are dependencies, they will - # be processed through their dependents - grep { my $x = $_; - !grep { grep { $_ eq $x } @$_ } - values %{$unified_info{depends}} } - @{$unified_info{modules}}) -} -FIPSMODULE={- # We do some extra checking here, as there should be only one - use File::Basename; - our @fipsmodules = - grep { !$unified_info{attributes}->{modules}->{$_}->{noinst} - && $unified_info{attributes}->{modules}->{$_}->{fips} } - @{$unified_info{modules}}; - die "More that one FIPS module" if scalar @fipsmodules > 1; - join(" ", map { platform->dso($_) } @fipsmodules) -} -FIPSMODULENAME={- die "More that one FIPS module" if scalar @fipsmodules > 1; - join(", ", map { basename(platform->dso($_)) } @fipsmodules) -} -PROGRAMS={- join(", ", map { "-\n\t".$_.".EXE" } @{$unified_info{programs}}) -} -SCRIPTS={- join(", ", map { "-\n\t".$_ } @{$unified_info{scripts}}) -} -{- output_off() if $disabled{makedepend}; "" -} -DEPS={- our @deps = map { platform->isobj($_) ? platform->dep($_) : $_ } - grep { $unified_info{sources}->{$_}->[0] =~ /\.c$/ } - keys %{$unified_info{sources}}; - join(", ", map { "-\n\t".$_ } @deps); -} -{- output_on() if $disabled{makedepend}; "" -} -GENERATED_MANDATORY={- join(", ", - map { "-\n\t".$_ } @{$unified_info{depends}->{""}} ) -} -GENERATED_PODS={- # common0.tmpl provides @generated - join(", ", - map { my $x = $_; - ( - grep { - $unified_info{attributes}->{depends} - ->{$x}->{$_}->{pod} // 0 - } - keys %{$unified_info{attributes}->{depends}->{$x}} - ) ? "-\n\t".$x : (); - } - @generated) -} -GENERATED={- # common0.tmpl provides @generated - join(", ", map { platform->convertext($_) } @generated) -} - -INSTALL_LIBS={- join(", ", map { "-\n\t".$_.".OLB" } @install_libs) -} -INSTALL_SHLIBS={- join(", ", map { "-\n\t".$_.".EXE" } @install_shlibs) -} -INSTALL_ENGINES={- join(", ", map { "-\n\t".$_.".EXE" } @install_engines) -} -INSTALL_MODULES={- join(", ", map { "-\n\t".$_.".EXE" } @install_modules) -} -INSTALL_FIPSMODULE={- join(", ", map { "-\n\t".$_.".EXE" } @install_fipsmodules) -} -INSTALL_FIPSMODULECONF=[.providers]fipsmodule.cnf -INSTALL_PROGRAMS={- join(", ", map { "-\n\t".$_.".EXE" } @install_programs) -} -BIN_SCRIPTS={- join(", ", @install_bin_scripts) -} -MISC_SCRIPTS={- join(", ", @install_misc_scripts) -} -HTMLDOCS1={- join(", ", map { "-\n\t".$_ } @{$unified_info{htmldocs}->{man1}}) -} -HTMLDOCS3={- join(", ", map { "-\n\t".$_ } @{$unified_info{htmldocs}->{man3}}) -} -HTMLDOCS5={- join(", ", map { "-\n\t".$_ } @{$unified_info{htmldocs}->{man5}}) -} -HTMLDOCS7={- join(", ", map { "-\n\t".$_ } @{$unified_info{htmldocs}->{man7}}) -} - -APPS_OPENSSL="{- use File::Spec::Functions; - catfile("apps","openssl") -}" - -# DESTDIR is for package builders so that they can configure for, say, -# SYS$COMMON:[OPENSSL] and yet have everything installed in STAGING:[USER]. -# In that case, configure with --prefix=SYS$COMMON:[OPENSSL] and then run -# MMS with /MACROS=(DESTDIR=STAGING:[USER]). The result will end up in -# STAGING:[USER.OPENSSL]. -# Normally it is left empty. -DESTDIR= - -# Do not edit this manually. Use Configure --prefix=DIR to change this! -INSTALLTOP={- our $installtop = - catdir($config{prefix}) || "SYS\$COMMON:[OPENSSL]"; - $installtop -} -SYSTARTUP={- catdir($installtop, '[.SYS$STARTUP]'); -} -# This is the standard central area to store certificates, private keys... -OPENSSLDIR={- catdir($config{openssldir}) or - $config{prefix} ? catdir($config{prefix},"COMMON") - : "SYS\$COMMON:[OPENSSL-COMMON]" -} -# The same, but for C -OPENSSLDIR_C={- platform->osslprefix() -}DATAROOT:[000000] -# Where installed ENGINE modules reside, for C -ENGINESDIR_C={- platform->osslprefix() -}ENGINES{- $sover_dirname.$target{pointer_size} -}: -# Where modules reside, for C -MODULESDIR_C={- platform->osslprefix() -}MODULES{- $target{pointer_size} -}: - -##### User defined commands and flags ################################ - -CC={- $config{CC} -} -CPP={- $config{CPP} -} -DEFINES={- our $defines = join('', map { ",$_" } @{$config{CPPDEFINES}}) -} -#INCLUDES={- our $includes = join(',', @{$config{CPPINCLUDES}}) -} -CPPFLAGS={- our $cppflags = join('', @{$config{CPPFLAGS}}) -} -CFLAGS={- join('', @{$config{CFLAGS}}) -} -LDFLAGS={- join('', @{$config{LFLAGS}}) -} -EX_LIBS={- join('', map { ",$_" } @{$config{LDLIBS}}) -} - -PERL={- $config{PERL} -} - -AS={- $config{AS} -} -ASFLAGS={- join(' ', @{$config{ASFLAGS}}) -} - -##### Special command flags ########################################## - -ASOUTFLAG={- $target{asoutflag} -}$(OSSL_EMPTY) - -PERLASM_SCHEME={- $target{perlasm_scheme} -} - -# CPPFLAGS_Q is used for one thing only: to build up buildinf.h -CPPFLAGS_Q={- (my $c = $lib_cppflags.$cppflags) =~ s|"|""|g; - (my $d = $lib_cppdefines) =~ s|"|""|g; - my $i = join(',', @lib_cppincludes || (), '$(INCLUDES)'); - my $x = $c; - $x .= "/INCLUDE=($i)" if $i; - $x .= "/DEFINE=($d)" if $d; - $x; -} - -# .FIRST and .LAST are special targets with MMS and MMK. -NODEBUG=@ -.FIRST : - {- join( "\n \$(NODEBUG) ", @{ $target{setup_commands} // [] }, - '!' ) -} - $(NODEBUG) sourcetop = F$PARSE("$(SRCDIR)","[]A.;",,,"SYNTAX_ONLY,NO_CONCEAL") - ".][000000" - "[000000." - "][" - "]A.;" + ".]" - $(NODEBUG) DEFINE ossl_sourceroot 'sourcetop' - $(NODEBUG) ! - $(NODEBUG) staging_dir = "$(DESTDIR)" - $(NODEBUG) staging_instdir = "" - $(NODEBUG) staging_datadir = "" - $(NODEBUG) IF staging_dir .NES. "" THEN - - staging_instdir = F$PARSE("A.;",staging_dir,"[]",,"SYNTAX_ONLY") - $(NODEBUG) IF staging_instdir - "]A.;" .NES. staging_instdir THEN - - staging_instdir = staging_instdir - "]A.;" + ".OPENSSL-INSTALL]" - $(NODEBUG) IF staging_instdir - "A.;" .NES. staging_instdir THEN - - staging_instdir = staging_instdir - "A.;" + "[OPENSSL-INSTALL]" - $(NODEBUG) IF staging_dir .NES. "" THEN - - staging_datadir = F$PARSE("A.;",staging_dir,"[]",,"SYNTAX_ONLY") - $(NODEBUG) IF staging_datadir - "]A.;" .NES. staging_datadir THEN - - staging_datadir = staging_datadir - "]A.;" + ".OPENSSL-COMMON]" - $(NODEBUG) IF staging_datadir - "A.;" .NES. staging_datadir THEN - - staging_datadir = staging_datadir - "A.;" + "[OPENSSL-COMMON]" - $(NODEBUG) ! - $(NODEBUG) ! Installation logical names - $(NODEBUG) ! - $(NODEBUG) ! This also creates a few DCL variables that are used for - $(NODEBUG) ! the "install_msg" target. - $(NODEBUG) ! - $(NODEBUG) installroot = F$PARSE(staging_instdir,"$(INSTALLTOP)","[]A.;",,"SYNTAX_ONLY,NO_CONCEAL") - ".][000000" - "[000000." - "][" - "]A.;" - $(NODEBUG) installtop = installroot + ".]" - $(NODEBUG) dataroot = F$PARSE(staging_datadir,"$(OPENSSLDIR)","[]A.;",,"SYNTAX_ONLY,NO_CONCEAL") - ".][000000" - "[000000." - "][" - "]A.;" - $(NODEBUG) datatop = dataroot + ".]" - $(NODEBUG) DEFINE ossl_installroot 'installtop' - $(NODEBUG) DEFINE ossl_dataroot 'datatop' - $(NODEBUG) ! - $(NODEBUG) ! Override disturbing system logicals. We can't deassign - $(NODEBUG) ! them, so we create it instead. This is an unfortunate - $(NODEBUG) ! necessity. - $(NODEBUG) ! - $(NODEBUG) openssl_inc1 = F$PARSE("[.include.openssl]","A.;",,,"syntax_only") - "A.;" - $(NODEBUG) openssl_inc2 = F$PARSE("sourcetop:[include.openssl]","A.;",,,"SYNTAX_ONLY") - "A.;" - $(NODEBUG) DEFINE openssl 'openssl_inc1','openssl_inc2' - $(NODEBUG) ! - $(NODEBUG) ! Figure out the architecture - $(NODEBUG) ! - $(NODEBUG) arch = f$edit( f$getsyi( "arch_name"), "upcase") - $(NODEBUG) ! - $(NODEBUG) ! Set up logical names for the libraries, so LINK and - $(NODEBUG) ! running programs can use them. - $(NODEBUG) ! - $(NODEBUG) {- join("\n\t\$(NODEBUG) ", map { "DEFINE ".uc($_)." 'F\$ENV(\"DEFAULT\")'".uc($_)."\$(SHLIB_EXT)" } @shlibs) || "!" -} - -.LAST : - $(NODEBUG) {- join("\n\t\$(NODEBUG) ", map { "DEASSIGN ".uc($_) } @shlibs) || "!" -} - $(NODEBUG) DEASSIGN openssl - $(NODEBUG) DEASSIGN ossl_dataroot - $(NODEBUG) DEASSIGN ossl_installroot - $(NODEBUG) DEASSIGN ossl_sourceroot -.DEFAULT : - @ ! MMS cannot handle no actions... - -# The main targets ################################################### - -{- dependmagic('build_sw'); -} : build_libs_nodep, build_modules_nodep, build_programs_nodep -{- dependmagic('build_libs'); -} : build_libs_nodep -{- dependmagic('build_modules'); -} : build_modules_nodep -{- dependmagic('build_programs'); -} : build_programs_nodep - -build_generated_pods : $(GENERATED_PODS) -build_docs : build_html_docs -build_html_docs : $(HTMLDOCS1) $(HTMLDOCS3) $(HTMLDOCS5) $(HTMLDOCS7) - -build_generated : $(GENERATED_MANDATORY) -build_libs_nodep : $(LIBS), $(SHLIBS) -build_modules_nodep : $(MODULES) -build_programs_nodep : $(PROGRAMS), $(SCRIPTS) - -# Kept around for backward compatibility -build_apps build_tests : build_programs - -# Convenience target to prebuild all generated files, not just the mandatory -# ones -build_all_generated : $(GENERATED_MANDATORY) $(GENERATED) build_docs - @ ! {- output_off() if $disabled{makedepend}; "" -} - @ WRITE SYS$OUTPUT "Warning: consider configuring with no-makedepend, because if" - @ WRITE SYS$OUTPUT " target system doesn't have $(PERL)," - @ WRITE SYS$OUTPUT " then make will fail..." - @ ! {- output_on() if $disabled{makedepend}; "" -} - -all : build_sw build_docs - -test : tests -{- dependmagic('tests'); -} : build_programs_nodep, build_modules_nodep run_tests -run_tests : - @ ! {- output_off() if $disabled{tests}; "" -} - DEFINE SRCTOP "$(SRCDIR)" - DEFINE BLDTOP "$(BLDDIR)" - DEFINE FIPSKEY "$(FIPSKEY)" - IF "$(VERBOSE)" .NES. "" THEN DEFINE VERBOSE "$(VERBOSE)" - $(PERL) {- sourcefile("test", "run_tests.pl") -} $(TESTS) - DEASSIGN BLDTOP - DEASSIGN SRCTOP - DEASSIGN FIPSKEY - @ ! {- if ($disabled{tests}) { output_on(); } else { output_off(); } "" -} - @ WRITE SYS$OUTPUT "Tests are not supported with your chosen Configure options" - @ ! {- output_on() if !$disabled{tests}; "" -} - -list-tests : - @ ! {- output_off() if $disabled{tests}; "" -} - @ DEFINE SRCTOP "$(SRCDIR)" - @ $(PERL) {- sourcefile("test", "run_tests.pl") -} list - @ DEASSIGN SRCTOP - @ ! {- if ($disabled{tests}) { output_on(); } else { output_off(); } "" -} - @ WRITE SYS$OUTPUT "Tests are not supported with your chosen Configure options" - @ ! {- output_on() if !$disabled{tests}; "" -} - -install : install_sw install_ssldirs install_docs {- $disabled{fips} ? "" : "install_fips" -} install_msg - -install_msg : - @ WRITE SYS$OUTPUT "" - @ WRITE SYS$OUTPUT "######################################################################" - @ WRITE SYS$OUTPUT "" - @ IF "$(DESTDIR)" .EQS. "" THEN - - @{- sourcefile("VMS", "msg_install.com") -} "$(SYSTARTUP)" "{- $osslver -}" - @ IF "$(DESTDIR)" .NES. "" THEN - - @{- sourcefile("VMS", "msg_staging.com") -} - - "''installroot']" "''dataroot']" "$(INSTALLTOP)" "$(OPENSSLDIR)" - - "$(SYSTARTUP)" "{- $osslver -}" - -check_install : - spawn/nolog @ossl_installroot:[SYSTEST]openssl_ivp{- $osslver -}.com - -uninstall : uninstall_docs uninstall_sw {- $disabled{fips} ? "" : "uninstall_fips" -} - -# Because VMS wants the generation number (or *) to delete files, we can't -# use $(LIBS), $(PROGRAMS), $(GENERATED) and $(MODULES) directly. -libclean : - {- join("\n\t", map { "- DELETE $_.OLB;*" } @libs) || "@ !" -} - {- join("\n\t", map { "- DELETE $_.EXE;*,$_.MAP;*" } @shlibs) || "@ !" -} - -clean : libclean - {- join("\n\t", map { "- DELETE $_;*" } @{$unified_info{htmldocs}->{man1}}) || "@ !" -} - {- join("\n\t", map { "- DELETE $_;*" } @{$unified_info{htmldocs}->{man3}}) || "@ !" -} - {- join("\n\t", map { "- DELETE $_;*" } @{$unified_info{htmldocs}->{man5}}) || "@ !" -} - {- join("\n\t", map { "- DELETE $_;*" } @{$unified_info{htmldocs}->{man7}}) || "@ !" -} - {- join("\n\t", map { "- DELETE $_.EXE;*,$_.OPT;*" } @{$unified_info{programs}}) || "@ !" -} - {- join("\n\t", map { "- DELETE $_.EXE;*,$_.OPT;*" } @{$unified_info{modules}}) || "@ !" -} - {- join("\n\t", map { "- DELETE $_;*" } @{$unified_info{scripts}}) || "@ !" -} - {- join("\n\t", map { "- DELETE $_;*" } @{$unified_info{depends}->{""}}) || "@ !" -} - {- join("\n\t", map { "- DELETE $_;*" } @generated) || "@ !" -} - - DELETE [...]*.MAP;* - - DELETE [...]*.D;* - - DELETE [...]*.OBJ;*,*.LIS;* - - DELETE []CXX$DEMANGLER_DB.;* - - DELETE [.VMS]openssl_startup.com;* - - DELETE [.VMS]openssl_shutdown.com;* - - DELETE []vmsconfig.pm;* - -distclean : clean - - DELETE [.include.openssl]configuration.h;* - - DELETE configdata.pm;* - - DELETE descrip.mms;* - -depend : descrip.mms - @ ! {- output_off() if $disabled{makedepend}; "" -} - @ $(PERL) {- sourcefile("util", "add-depends.pl") -} "{- $config{makedep_scheme} -}" - @ ! {- output_on() if $disabled{makedepend}; "" -} - -# Install helper targets ############################################# - -install_sw : install_dev install_engines install_modules - - install_runtime install_startup install_ivp - -uninstall_sw : uninstall_dev uninstall_modules uninstall_engines - - uninstall_runtime uninstall_startup uninstall_ivp - -install_docs : install_html_docs - -uninstall_docs : uninstall_html_docs - -{- output_off() if $disabled{fips}; "" -} -install_fips : build_sw $(INSTALL_FIPSMODULECONF) - @ WRITE SYS$OUTPUT "*** Installing FIPS module" - - CREATE/DIR ossl_installroot:[MODULES{- $target{pointer_size} -}.'arch'] - - CREATE/DIR/PROT=(S:RWED,O:RWE,G:RE,W:RE) OSSL_DATAROOT:[000000] - COPY/PROT=W:RE $(INSTALL_FIPSMODULES) - - ossl_installroot:[MODULES{- $target{pointer_size} -}.'arch']$(FIPSMODULENAME) - @ WRITE SYS$OUTPUT "*** Installing FIPS module configuration" - COPY/PROT=W:RE $(INSTALL_FIPSMODULECONF) OSSL_DATAROOT:[000000] - -uninstall_fips : - @ WRITE SYS$OUTPUT "*** Uninstalling FIPS module configuration" - DELETE OSSL_DATAROOT:[000000]fipsmodule.cnf;* - @ WRITE SYS$OUTPUT "*** Uninstalling FIPS module" - DELETE ossl_installroot:[MODULES{- $target{pointer_size} -}.'arch']$(FIPSMODULENAME);* -{- output_on() if $disabled{fips}; "" -} - -install_ssldirs : check_INSTALLTOP - - CREATE/DIR/PROT=(S:RWED,O:RWE,G:RE,W:RE) OSSL_DATAROOT:[000000] - IF F$SEARCH("OSSL_DATAROOT:[000000]CERTS.DIR;1") .EQS. "" THEN - - CREATE/DIR/PROT=(S:RWED,O:RWE,G:RE,W:RE) OSSL_DATAROOT:[CERTS] - IF F$SEARCH("OSSL_DATAROOT:[000000]PRIVATE.DIR;1") .EQS. "" THEN - - CREATE/DIR/PROT=(S:RWED,O:RWE,G,W) OSSL_DATAROOT:[PRIVATE] - IF F$SEARCH("OSSL_DATAROOT:[000000]MISC.DIR;1") .EQS. "" THEN - - CREATE/DIR/PROT=(S:RWED,O:RWE,G,W) OSSL_DATAROOT:[MISC] - COPY/PROT=W:RE $(MISC_SCRIPTS) OSSL_DATAROOT:[MISC] - @ ! Install configuration file - COPY/PROT=W:R {- sourcefile("apps", "openssl-vms.cnf") -} - - ossl_dataroot:[000000]openssl.cnf-dist - IF F$SEARCH("OSSL_DATAROOT:[000000]openssl.cnf") .EQS. "" THEN - - COPY/PROT=W:R {- sourcefile("apps", "openssl-vms.cnf") -} - - ossl_dataroot:[000000]openssl.cnf - @ ! Install CTLOG configuration file - COPY/PROT=W:R {- sourcefile("apps", "ct_log_list.cnf") -} - - ossl_dataroot:[000000]ct_log_list.cnf-dist - IF F$SEARCH("OSSL_DATAROOT:[000000]ct_log_list.cnf") .EQS. "" THEN - - COPY/PROT=W:R {- sourcefile("apps", "ct_log_list.cnf") -} - - ossl_dataroot:[000000]ct_log_list.cnf - -install_dev : check_INSTALLTOP install_runtime_libs - @ WRITE SYS$OUTPUT "*** Installing development files" - @ ! Install header files - - CREATE/DIR ossl_installroot:[include.openssl] - COPY/PROT=W:R ossl_sourceroot:[include.openssl]*.h - - ossl_installroot:[include.openssl] - COPY/PROT=W:R [.include.openssl]*.h ossl_installroot:[include.openssl] - @ ! Install static (development) libraries - - CREATE/DIR ossl_installroot:[LIB.'arch'] - {- join("\n ", - map { "COPY/PROT=W:R $_.OLB ossl_installroot:[LIB.'arch']" } - @install_libs) -} - -install_engines : check_INSTALLTOP install_runtime_libs build_modules - @ {- output_off() unless scalar @install_engines; "" -} ! - @ WRITE SYS$OUTPUT "*** Installing engines" - - CREATE/DIR ossl_installroot:[ENGINES{- $sover_dirname.$target{pointer_size} -}.'arch'] - {- join("\n ", - map { "COPY/PROT=W:RE $_.EXE ossl_installroot:[ENGINES$sover_dirname$target{pointer_size}.'arch']" } - @install_engines) -} - @ {- output_on() unless scalar @install_engines; "" -} ! - -install_modules : check_INSTALLTOP install_runtime_libs build_modules - @ {- output_off() unless scalar @install_modules; "" -} ! - @ WRITE SYS$OUTPUT "*** Installing modules" - - CREATE/DIR ossl_installroot:[MODULES{- $target{pointer_size} -}.'arch'] - {- join("\n ", - map { "COPY/PROT=W:RE $_.EXE ossl_installroot:[MODULES$target{pointer_size}.'arch']" } - @install_modules) -} - @ {- output_on() unless scalar @install_modules; "" -} ! - -install_runtime : install_programs - -install_runtime_libs : check_INSTALLTOP build_libs - @ {- output_off() if $disabled{shared}; "" -} ! - @ WRITE SYS$OUTPUT "*** Installing shareable images" - @ ! Install shared (runtime) libraries - - CREATE/DIR ossl_installroot:[LIB.'arch'] - {- join("\n ", - map { "COPY/PROT=W:R $_.EXE ossl_installroot:[LIB.'arch']" } - @install_shlibs) -} - @ {- output_on() if $disabled{shared}; "" -} ! - -install_programs : check_INSTALLTOP install_runtime_libs build_programs - @ {- output_off() if $disabled{apps}; "" -} ! - @ ! Install the main program - - CREATE/DIR ossl_installroot:[EXE.'arch'] - COPY/PROT=W:RE [.APPS]openssl.EXE - - ossl_installroot:[EXE.'arch']openssl{- $osslver -}.EXE - @ ! Install scripts - COPY/PROT=W:RE $(BIN_SCRIPTS) ossl_installroot:[EXE] - @ ! {- output_on() if $disabled{apps}; "" -} - -install_startup : [.VMS]openssl_startup.com [.VMS]openssl_shutdown.com - - [.VMS]openssl_utils.com, check_INSTALLTOP - - CREATE/DIR ossl_installroot:[SYS$STARTUP] - COPY/PROT=W:RE [.VMS]openssl_startup.com - - ossl_installroot:[SYS$STARTUP]openssl_startup{- $osslver -}.com - COPY/PROT=W:RE [.VMS]openssl_shutdown.com - - ossl_installroot:[SYS$STARTUP]openssl_shutdown{- $osslver -}.com - COPY/PROT=W:RE [.VMS]openssl_utils.com - - ossl_installroot:[SYS$STARTUP]openssl_utils{- $osslver -}.com - -install_ivp : [.VMS]openssl_ivp.com check_INSTALLTOP - - CREATE/DIR ossl_installroot:[SYSTEST] - COPY/PROT=W:RE [.VMS]openssl_ivp.com - - ossl_installroot:[SYSTEST]openssl_ivp{- $osslver -}.com - -[.VMS]openssl_startup.com : vmsconfig.pm {- sourcefile("VMS", "openssl_startup.com.in") -} - - CREATE/DIR [.VMS] - $(PERL) "-I." "-Mvmsconfig" {- sourcefile("util", "dofile.pl") -} - - {- sourcefile("VMS", "openssl_startup.com.in") -} - - > [.VMS]openssl_startup.com - -[.VMS]openssl_utils.com : vmsconfig.pm {- sourcefile("VMS", "openssl_utils.com.in") -} - - CREATE/DIR [.VMS] - $(PERL) "-I." "-Mvmsconfig" {- sourcefile("util", "dofile.pl") -} - - {- sourcefile("VMS", "openssl_utils.com.in") -} - - > [.VMS]openssl_utils.com - -[.VMS]openssl_shutdown.com : vmsconfig.pm {- sourcefile("VMS", "openssl_shutdown.com.in") -} - - CREATE/DIR [.VMS] - $(PERL) "-I." "-Mvmsconfig" {- sourcefile("util", "dofile.pl") -} - - {- sourcefile("VMS", "openssl_shutdown.com.in") -} - - > [.VMS]openssl_shutdown.com - -[.VMS]openssl_ivp.com : vmsconfig.pm {- sourcefile("VMS", "openssl_ivp.com.in") -} - - CREATE/DIR [.VMS] - $(PERL) "-I." "-Mvmsconfig" {- sourcefile("util", "dofile.pl") -} - - {- sourcefile("VMS", "openssl_ivp.com.in") -} - - > [.VMS]openssl_ivp.com - -vmsconfig.pm : configdata.pm - OPEN/WRITE/SHARE=READ CONFIG []vmsconfig.pm - WRITE CONFIG "package vmsconfig;" - WRITE CONFIG "use strict; use warnings;" - WRITE CONFIG "use Exporter;" - WRITE CONFIG "our @ISA = qw(Exporter);" - WRITE CONFIG "our @EXPORT = qw(%config %target %withargs %unified_info %disabled);" - WRITE CONFIG "our %config = (" - WRITE CONFIG " target => '","{- $config{target} -}","'," - WRITE CONFIG " version => '","{- $config{version} -}","'," - WRITE CONFIG " shlib_version => '","{- $config{shlib_version} -}","'," - WRITE CONFIG " shlib_major => '","{- $config{shlib_major} -}","'," - WRITE CONFIG " shlib_minor => '","{- $config{shlib_minor} -}","'," - WRITE CONFIG " no_shared => '","{- $disabled{shared} -}","'," - WRITE CONFIG " INSTALLTOP => '$(INSTALLTOP)'," - WRITE CONFIG " OPENSSLDIR => '$(OPENSSLDIR)'," - WRITE CONFIG " pointer_size => '","{- $target{pointer_size} -}","'," - WRITE CONFIG ");" - WRITE CONFIG "our %target = ();" - WRITE CONFIG "our %disabled = ();" - WRITE CONFIG "our %withargs = ();" - WRITE CONFIG "our %unified_info = ();" - WRITE CONFIG "1;" - CLOSE CONFIG - -install_html_docs : check_INSTALLTOP build_html_docs - @ WRITE SYS$OUTPUT "*** Installing HTML docs" - - CREATE/DIR ossl_installroot:[HTML.MAN1] - - CREATE/DIR ossl_installroot:[HTML.MAN3] - - CREATE/DIR ossl_installroot:[HTML.MAN5] - - CREATE/DIR ossl_installroot:[HTML.MAN7] - {- join("\n ", - ( map { "COPY/PROT=W:RE $_ ossl_installroot:[HTML.MAN1]" } - @{$unified_info{htmldocs}->{man1}} ), - ( map { "COPY/PROT=W:RE $_ ossl_installroot:[HTML.MAN3]" } - @{$unified_info{htmldocs}->{man3}} ), - ( map { "COPY/PROT=W:RE $_ ossl_installroot:[HTML.MAN5]" } - @{$unified_info{htmldocs}->{man5}} ), - ( map { "COPY/PROT=W:RE $_ ossl_installroot:[HTML.MAN7]" } - @{$unified_info{htmldocs}->{man7}} )) -} - -check_INSTALLTOP : - @ IF "$(INSTALLTOP)" .EQS. "" THEN - - WRITE SYS$ERROR "INSTALLTOP should not be empty" - @ IF "$(INSTALLTOP)" .EQS. "" THEN - - EXIT %x10000002 - -# Developer targets ################################################## - -debug_logicals : - SH LOGICAL/PROC openssl,internal,ossl_installroot,ossl_dataroot - -# Building targets ################################################### - -descrip.mms : configdata.pm {- join(" ", @{$config{build_file_templates}}) -} - perl configdata.pm - @ WRITE SYS$OUTPUT "*************************************************" - @ WRITE SYS$OUTPUT "*** ***" - @ WRITE SYS$OUTPUT "*** Please run the same mms command again ***" - @ WRITE SYS$OUTPUT "*** ***" - @ WRITE SYS$OUTPUT "*************************************************" - @ PIPE ( EXIT %X10000000 ) - -configdata.pm : $(SRCDIR)Configure $(SRCDIR)config.com {- join(" ", @{$config{build_infos}}, @{$config{conf_files}}) -} - perl configdata.pm -r - @ WRITE SYS$OUTPUT "*************************************************" - @ WRITE SYS$OUTPUT "*** ***" - @ WRITE SYS$OUTPUT "*** Please run the same mms command again ***" - @ WRITE SYS$OUTPUT "*** ***" - @ WRITE SYS$OUTPUT "*************************************************" - @ PIPE ( EXIT %X10000000 ) - -reconfigure reconf : - perl configdata.pm -r - -{- - use File::Basename; - use File::Spec::Functions qw/abs2rel rel2abs catfile catdir/; - use File::Spec::Unix; - - # Helper function to convert dependencies in platform agnostic form to - # dependencies in platform form. - sub compute_platform_depends { - map { my $x = $_; - - grep { $x eq $_ } @{$unified_info{programs}} and platform->bin($x) - or grep { $x eq $_ } @{$unified_info{modules}} and platform->dso($x) - or grep { $x eq $_ } @{$unified_info{libraries}} and platform->lib($x) - or platform->convertext($x); } @_; - } - - # Helper function to figure out dependencies on libraries - # It takes a list of library names and outputs a list of dependencies - sub compute_lib_depends { - # Depending on shared libraries: - # On Windows POSIX layers, we depend on {libname}.dll.a - # On Unix platforms, we depend on {shlibname}.so - return map { - { lib => platform->sharedlib($_) // platform->staticlib($_), - attrs => $unified_info{attributes}->{libraries}->{$_} } - } @_; - } - - # Helper function to deal with inclusion directory specs. - # We're dealing with two issues: - # 1. A lot of include directory specs take up a lot of command line real - # estate, and the DCL command line is very limited (2KiB). - # 2. For optimal usage, include directory paths must be in Unix form, - # that's the only way the C compiler can merge multiple include paths - # in a sane way (we can stop worrying about 1.h including foo/2.h - # including ../3.h). - # - # To resolve 1, we need to create a file with include directory pragmas, - # and let the compiler use it with /FIRST_INCLUDE=. - # To resolve 2, we convert all include directory specs we get to Unix, - # with available File::Spec functions. - # - # We use CRC-24 from https://tools.ietf.org/html/rfc4880#section-6, - # reimplemented in Perl to get a workable and constant file name for each - # combination of include directory specs. It is assumed that the order of - # these directories don't matter. - # - # This function takes as input a list of include directories - # This function returns a list two things: - # 1. The file name to use with /FIRST_INCLUDE= - # 2. Text to insert into descrip.mms (may be the empty string) - sub crc24 { - my $input = shift; - - my $init_value = 0x00B704CE; - my $poly_value = 0x01864CFB; - - my $crc = $init_value; - - foreach my $x (unpack ('C*', $input)) { - $crc ^= $x << 16; - - for (my $i; $i < 8; $i++) { - $crc <<= 1; - if ($crc & 0x01000000) { - $crc ^= $poly_value; - } - } - } - $crc &= 0xFFFFFF; - - return $crc; - } - my %includefile_cache; - sub make_includefile { - my %dirs = map { - my $udir = make_unix_path(rel2abs($_)); - - $udir => 1; - } @_; - my @dirs = sort keys %dirs; - my $filename = sprintf 'incdirs_%x.h', crc24(join(',', @dirs)); - - if ($includefile_cache{$filename}) { - return ($filename, ""); - } - - my $scripture = <<"EOF"; -$filename : - open/write inc_output $filename -EOF - foreach (@dirs) { - $scripture .= <<"EOF"; - write inc_output "#pragma include_directory ""$_""" -EOF - } - $scripture .= <<"EOF"; - close inc_output -EOF - $includefile_cache{$filename} = $scripture; - - return ($filename, $scripture); - } - - # On VMS, (some) header file directories include the files - # __DECC_INCLUDE_EPILOGUE.H and __DECC_INCLUDE_PROLOGUE.H. - # When header files are generated, and the build directory - # isn't the same as the source directory, these files must - # be copied alongside the generated header file, or their - # effect will be lost. - # We use the same include file cache as make_includefile - # to check if the scripture to copy these files has already - # been generated. - sub make_decc_include_files { - my $outd = shift; - my $ind = shift; - - # If the build directory and the source directory are the - # same, there's no need to copy the prologue and epilogue - # files. - return ('') if $outd eq $ind; - - my $outprologue = catfile($outd, '__DECC_INCLUDE_PROLOGUE.H'); - my $outepilogue = catfile($outd, '__DECC_INCLUDE_EPILOGUE.H'); - my $inprologue = catfile($ind, '__DECC_INCLUDE_PROLOGUE.H'); - my $inepilogue = catfile($ind, '__DECC_INCLUDE_EPILOGUE.H'); - my @filenames = (); - my $scripture = ''; - - if ($includefile_cache{$outprologue}) { - push @filenames, $outprologue; - } elsif (-f $inprologue) { - my $local_scripture .= <<"EOF"; -$outprologue : $inprologue - COPY $inprologue $outprologue -EOF - $includefile_cache{$outprologue} = $local_scripture; - - push @filenames, $outprologue; - $scripture .= $local_scripture; - } - if ($includefile_cache{$outepilogue}) { - push @filenames, $outepilogue; - } elsif (-f $inepilogue) { - my $local_scripture .= <<"EOF"; -$outepilogue : $inepilogue - COPY $inepilogue $outepilogue -EOF - $includefile_cache{$outepilogue} = $local_scripture; - - push @filenames, $outepilogue; - $scripture .= $local_scripture; - } - - return (@filenames, $scripture); - } - - sub generatetarget { - my %args = @_; - my $deps = join(" ", compute_platform_depends(@{$args{deps}})); - return <<"EOF"; -$args{target} : $deps -EOF - } - - sub generatesrc { - my %args = @_; - my $gen0 = $args{generator}->[0]; - my $gen_args = join('', map { " $_" } - @{$args{generator}}[1..$#{$args{generator}}]); - my $gen_incs = join("", map { ' "-I'.$_.'"' } @{$args{generator_incs}}); - my $deps = join(", -\n\t\t", - compute_platform_depends(@{$args{generator_deps}}, - @{$args{deps}})); - - if ($args{src} =~ /\.html$/) { - # - # HTML generator - # - my $title = basename($args{src}, ".html"); - my $pod = $gen0; - my $mkpod2html = sourcefile('util', 'mkpod2html.pl'); - my $srcdoc = sourcedir('doc'); - return <<"EOF"; -$args{src} : $pod - \$(PERL) $mkpod2html -i $pod -o \$\@ -t "$title" -r "$srcdoc" -EOF - } elsif ($args{src} =~ /\.(\d)$/) { - # - # Man-page generator, on VMS we simply ignore man-pages - # - return ""; - } elsif (platform->isdef($args{src})) { - # - # Linker script-ish generator - # - my $target = platform->def($args{src}); - my $mkdef = sourcefile('util', 'mkdef.pl'); - my $ord_ver = $args{intent} eq 'lib' ? ' --version $(VERSION_NUMBER)' : ''; - my $ord_name = - $args{generator}->[1] || basename($args{product}, '.EXE'); - my $case_insensitive = - $target{$args{intent}.'_cflags'} =~ m|/NAMES=[^/]*AS_IS|i - ? '' : ' --case-insensitive'; - return <<"EOF"; -$target : $gen0 $deps $mkdef - \$(PERL) $mkdef$ord_ver --type $args{intent} --ordinals $gen0 --name $ord_name "--OS" "VMS"$case_insensitive > $target -EOF - } elsif (platform->isasm($args{src})) { - # - # Assembler generator - # - my $cppflags = - { shlib => "$lib_cflags $lib_cppflags", - lib => "$lib_cflags $lib_cppflags", - dso => "$dso_cflags $dso_cppflags", - bin => "$bin_cflags $bin_cppflags" } -> {$args{intent}}; - my $defs = join("", map { ",".$_ } @{$args{defs}}); - my $target = platform->asm($args{src}); - - my $generator; - if ($gen0 =~ /\.pl$/) { - $generator = '$(PERL)'.$gen_incs.' '.$gen0.$gen_args - .' '.$cppflags; - } elsif ($gen0 =~ /\.S$/) { - $generator = undef; - } else { - die "Generator type for $src unknown: $gen0.$gen_args\n"; - } - - if (defined($generator)) { - # If the target is named foo.S in build.info, we want to - # end up generating foo.s in two steps. - if ($args{src} =~ /\.S$/) { - return <<"EOF"; -$target : $gen0 $deps - $generator \$\@-S - \@ extradefines = "$defs" - PIPE \$(CPP) $cppflags \$\@-S | - - \$(PERL) -ne "/^#(\\s*line)?\\s*[0-9]+\\s+""/ or print" > \$\@-i - \@ DELETE/SYMBOL/LOCAL extradefines - RENAME \$\@-i \$\@ - DELETE \$\@-S; -EOF - } - # Otherwise.... - return <<"EOF"; -$target : $gen0 $deps - \@ extradefines = "$defs" - $generator \$\@ - \@ DELETE/SYMBOL/LOCAL extradefines -EOF - } - return <<"EOF"; -$target : $gen0 $deps - \@ extradefines = "$defs" - PIPE \$(CPP) $cppflags $gen0 | - - \$(PERL) "-ne" "/^#(\\s*line)?\\s*[0-9]+\\s+""/ or print" > \$\@ - \@ DELETE/SYMBOL/LOCAL extradefines -EOF - } elsif ($gen0 =~ m|^.*\.in$|) { - # - # "dofile" generator (file.in -> file) - # - my $dofile = abs2rel(rel2abs(catfile($config{sourcedir}, - "util", "dofile.pl")), - rel2abs($config{builddir})); - my @perlmodules = ( 'configdata.pm', - grep { $_ =~ m|\.pm$| } @{$args{deps}} ); - my %perlmoduleincs = map { '"-I'.dirname($_).'"' => 1 } @perlmodules; - my @decc_include_data - = make_decc_include_files(dirname($args{src}), dirname($gen0)); - my $decc_include_scripture = pop @decc_include_data; - $deps = join(' ', $deps, @decc_include_data, - compute_platform_depends(@perlmodules)); - @perlmodules = map { '"-M'.basename($_, '.pm').'"' } @perlmodules; - my $perlmodules = join(' ', '', sort keys %perlmoduleincs, @perlmodules); - - return <<"EOF"; -$args{src} : $gen0 $deps - \$(PERL)$perlmodules $dofile "-o$target{build_file}" $gen0$gen_args > \$\@ -$decc_include_scripture -EOF - } elsif (grep { $_ eq $gen0 } @{$unified_info{programs}}) { - # - # Generic generator using OpenSSL programs - # - - # Redo $gen0, to ensure that we have the proper extension - $gen0 = platform->bin($gen0); - return <<"EOF"; -$args{src} : $gen0 $deps - PIPE MCR $gen0$gen_args > \$@ -EOF - } else { - # - # Generic generator using Perl - # - return <<"EOF"; -$args{src} : $gen0 $deps - \$(PERL)$gen_incs $gen0$gen_args > \$\@ -EOF - } - } - - sub src2obj { - my $asmext = platform->asmext(); - my %args = @_; - my @srcs = - map { my $x = $_; - (platform->isasm($x) && grep { $x eq $_ } @generated) - ? platform->asm($x) : $x } - ( @{$args{srcs}} ); - my $obj = platform->obj($args{obj}); - my $dep = platform->dep($args{obj}); - my $deps = join(", -\n\t\t", @srcs, @{$args{deps}}); - - # Because VMS C isn't very good at combining a /INCLUDE path with - # #includes having a relative directory (like '#include "../foo.h"), - # the best choice is to move to the first source file's intended - # directory before compiling, and make sure to write the object file - # in the correct position (important when the object tree is other - # than the source tree). - my $forward = dirname($args{srcs}->[0]); - my $backward = abs2rel(rel2abs("."), rel2abs($forward)); - my $objd = abs2rel(rel2abs(dirname($obj)), rel2abs($forward)); - my $objn = basename($obj); - my $depd = abs2rel(rel2abs(dirname($dep)), rel2abs($forward)); - my $depn = basename($dep); - my $srcs = - join(", ", map { abs2rel(rel2abs($_), rel2abs($forward)) } @srcs); - my $incextra = join(',', map { "\"$_\"" } - @{$unified_info{includes_extra}->{$obj}}); - $incextra = "/INCLUDE=($incextra)" if $incextra; - - my $cflags; - if ($args{attrs}->{noinst}) { - $cflags .= { shlib => $lib_cflags_no_inst, - lib => $lib_cflags_no_inst, - dso => $dso_cflags_no_inst, - bin => $bin_cflags_no_inst } -> {$args{intent}}; - } else { - $cflags .= { shlib => $lib_cflags, - lib => $lib_cflags, - dso => $dso_cflags, - bin => $bin_cflags } -> {$args{intent}}; - } - $cflags .= { shlib => $lib_cppflags, - lib => $lib_cppflags, - dso => $dso_cppflags, - bin => $bin_cppflags } -> {$args{intent}}; - $cflags .= $incextra; - my $defs = join("", map { ",".$_ } @{$args{defs}}); - my $asflags = { shlib => $lib_asflags, - lib => $lib_asflags, - dso => $dso_asflags, - bin => $bin_asflags } -> {$args{intent}}; - - if ($srcs[0] =~ /\Q${asmext}\E$/) { - return <<"EOF"; -$obj : $deps - SET DEFAULT $forward - \$(AS) $asflags \$(ASOUTFLAG)${objd}${objn} $srcs - SET DEFAULT $backward - - PURGE $obj -EOF - } elsif ($srcs[0] =~ /.S$/) { - return <<"EOF"; -$obj : $deps - SET DEFAULT $forward - \@ $incs_on - \@ extradefines = "$defs" - PIPE \$(CPP) ${cflags} $srcs | - - \$(PERL) -ne "/^#(\\s*line)?\\s*[0-9]+\\s+""/ or print" - - > ${objd}${objn}-asm - \@ DELETE/SYMBOL/LOCAL extradefines - \@ $incs_off - SET DEFAULT $backward - \$(AS) $asflags \$(ASOUTFLAG)$obj $obj-asm - - PURGE $obj -EOF - } - - my ($incdir_filename, $incdir_scripture) = - make_includefile(@{ { shlib => [ @lib_cppincludes ], - lib => [ @lib_cppincludes ], - dso => [ @dso_cppincludes ], - bin => [ @bin_cppincludes ] } -> {$args{intent}} }, - @{$args{incs}}); - $deps .= ", -\n\t\t$incdir_filename"; - $cflags = - $target{cflag_incfirst} - . '"'.make_unix_path(rel2abs($incdir_filename)).'"' - . $cflags; - - my $depbuild = $disabled{makedepend} ? "" - : " /MMS=(FILE=${depd}${depn},TARGET=$obj)"; - - return <<"EOF"; -$obj : $deps - SET DEFAULT $forward - \@ $incs_on - \@ extradefines = "$defs" - \$(CC) ${cflags}${depbuild} /OBJECT=${objd}${objn} /REPOSITORY=$backward $srcs - \@ DELETE/SYMBOL/LOCAL extradefines - \@ $incs_off - SET DEFAULT $backward - - PURGE $obj -$incdir_scripture -EOF - } - sub obj2shlib { - my %args = @_; - my $shlibname = platform->sharedname($args{lib}); - my $shlib = platform->sharedlib($args{lib}); - my @objs = map { platform->convertext($_) } - grep { platform->isobj($_) } - @{$args{objs}}; - my @defs = map { platform->convertext($_) } - grep { platform->isdef($_) } - @{$args{objs}}; - my @deps = compute_lib_depends(@{$args{deps}}); - die "More than one symbol vector" if scalar @defs > 1; - my $deps = join(", -\n\t\t", @objs, @defs, map { $_->{lib} } @deps); - my $shlib_target = $disabled{shared} ? "" : $target{shared_target}; - my $translatesyms_pl = abs2rel(rel2abs(catfile($config{sourcedir}, - "VMS", "translatesyms.pl")), - rel2abs($config{builddir})); - # The "[]" hack is because in .OPT files, each line inherits the - # previous line's file spec as default, so if no directory spec - # is present in the current line and the previous line has one that - # doesn't apply, you're in for a surprise. - my $write_opt1 = - join(",-\"\n\t", map { my $x = $_ =~ /\[/ ? $_ : "[]".$_; - "WRITE OPT_FILE \"$x" } @objs). - "\""; - my $write_opt2 = - join("\n\t", map { my $x = $_->{lib} =~ /\[/ - ? $_->{lib} : "[]".$_->{lib}; - $x =~ s|(\.EXE)|$1/SHARE|; - $x =~ s|(\.OLB)|$1/LIB|; - "WRITE OPT_FILE \"$x\"" } @deps) - || "\@ !"; - return <<"EOF" -$shlib : $deps - \$(PERL) $translatesyms_pl \$(BLDDIR)CXX\$DEMANGLER_DB. < $defs[0] > $defs[0]-translated - OPEN/WRITE/SHARE=READ OPT_FILE $shlibname-components.OPT - $write_opt1 - $write_opt2 - CLOSE OPT_FILE - LINK ${lib_ldflags}/SHARE=\$\@ $defs[0]-translated/OPT,- - $shlibname-components.OPT/OPT \$(LIB_EX_LIBS) - DELETE $defs[0]-translated;*,$shlibname-components.OPT;* - PURGE $shlibname.EXE,$shlibname.MAP -EOF - . ($config{target} =~ m|alpha| ? "" : <<"EOF" - SET IMAGE/FLAGS=(NOCALL_DEBUG) \$\@ -EOF - ); - } - sub obj2dso { - my %args = @_; - my $dsoname = platform->dsoname($args{module}); - my $dso = platform->dso($args{module}); - my @objs = map { platform->convertext($_) } - grep { platform->isobj($_) } - @{$args{objs}}; - my @defs = map { platform->convertext($_) } - grep { platform->isdef($_) } - @{$args{objs}}; - my @deps = compute_lib_depends(@{$args{deps}}); - my $deps = join(", -\n\t\t", @objs, @defs, map { $_->{lib} } @deps); - die "More than one symbol vector" if scalar @defs > 1; - my $shlib_target = $disabled{shared} ? "" : $target{shared_target}; - # The "[]" hack is because in .OPT files, each line inherits the - # previous line's file spec as default, so if no directory spec - # is present in the current line and the previous line has one that - # doesn't apply, you're in for a surprise. - my $write_opt1 = - join(",-\"\n\t", map { my $x = $_ =~ /\[/ ? $_ : "[]".$_; - "WRITE OPT_FILE \"$x" } @objs). - "\""; - my $write_opt2 = - join("\n\t", map { my $x = $_->{lib} =~ /\[/ - ? $_->{lib} : "[]".$_->{lib}; - $x =~ s|(\.EXE)|$1/SHARE|; - $x =~ s|(\.OLB)|$1/LIB|; - "WRITE OPT_FILE \"$x\"" } @deps) - || "\@ !"; - return <<"EOF" -$dso : $deps - OPEN/WRITE/SHARE=READ OPT_FILE $dsoname-components.OPT - $write_opt1 - $write_opt2 - CLOSE OPT_FILE - LINK ${dso_ldflags}/SHARE=\$\@ $defs[0]/OPT,- - $dsoname-components.OPT/OPT \$(DSO_EX_LIBS) - - PURGE $dsoname.EXE,$dsoname.OPT,$dsoname.MAP -EOF - . ($config{target} =~ m|alpha| ? "" : <<"EOF" - SET IMAGE/FLAGS=(NOCALL_DEBUG) \$\@ -EOF - ); - } - sub obj2lib { - my %args = @_; - my $lib = platform->staticlib($args{lib}); - my @objs = map { platform->convertext($_) } - grep { platform->isobj($_) } - @{$args{objs}}; - my $objs = join(", -\n\t\t", @objs); - my $fill_lib = join("\n\t", (map { "LIBRARY/REPLACE $lib $_" } @objs)); - return <<"EOF"; -$lib : $objs - LIBRARY/CREATE/OBJECT $lib - $fill_lib - - PURGE $lib -EOF - } - sub obj2bin { - my %args = @_; - my $bin = platform->bin($args{bin}); - my $binname = platform->binname($args{bin}); - my @objs = map { platform->convertext($_) } - grep { platform->isobj($_) } - @{$args{objs}}; - my $objs = join(",", @objs); - my @deps = compute_lib_depends(@{$args{deps}}); - my $deps = join(", -\n\t\t", @objs, map { $_->{lib} } @deps); - - my $olb_count = scalar grep(m|\.OLB$|, map { $_->{lib} } @deps); - my $analyse_objs = "@ !"; - if ($olb_count > 0) { - my $analyse_quals = - $config{target} =~ m|alpha| ? "/GSD" : "/SECTIONS=SYMTAB"; - $analyse_objs = "- pipe ANALYSE/OBJECT$analyse_quals $objs | SEARCH SYS\$INPUT \"\"\"main\"\"\" ; nomain = \$severity .NE. 1" - } - # The "[]" hack is because in .OPT files, each line inherits the - # previous line's file spec as default, so if no directory spec - # is present in the current line and the previous line has one that - # doesn't apply, you're in for a surprise. - my $write_opt1 = - join(",-\"\n\t", map { my $x = $_ =~ /\[/ ? $_ : "[]".$_; - "\@ WRITE OPT_FILE \"$x" } @objs). - "\""; - my $write_opt2 = - join("\n\t", "WRITE OPT_FILE \"CASE_SENSITIVE=YES\"", - map { my @lines = (); - use Data::Dumper; - my $x = $_->{lib} =~ /\[/ - ? $_->{lib} : "[]".$_->{lib}; - if ($x =~ m|\.EXE$|) { - push @lines, "\@ WRITE OPT_FILE \"$x/SHARE\""; - } elsif ($x =~ m|\.OLB$|) { - # Special hack to include the MAIN object - # module explicitly. This will only be done - # if there isn't a 'main' in the program's - # object modules already. - my $main = $_->{attrs}->{has_main} - ? '/INCLUDE=main' : ''; - push @lines, - "\@ IF nomain THEN WRITE OPT_FILE \"$x/LIB$main\"", - "\@ IF .NOT. nomain THEN WRITE OPT_FILE \"$x/LIB\"" - } - @lines - } @deps) - || "\@ !"; - # The linking commands looks a bit complex, but it's for good reason. - # When you link, say, foo.obj, bar.obj and libsomething.exe/share, and - # bar.obj happens to have a symbol that also exists in libsomething.exe, - # the linker will warn about it, loudly, and will then choose to pick - # the first copy encountered (the one in bar.obj in this example). - # On Unix and on Windows, the corresponding maneuver goes through - # silently with the same effect. - # With some test programs, made for checking the internals of OpenSSL, - # we do this kind of linking deliberately, picking a few specific object - # files from within [.crypto] or [.ssl] so we can reach symbols that are - # otherwise unreachable (since the shareable images only exports the - # symbols listed in [.util]*.num), and then with the shared libraries - # themselves. So we need to silence the warning about multiply defined - # symbols, to mimic the way linking work on Unix and Windows, and so - # the build isn't interrupted (MMS stops when warnings are signaled, - # by default), and so someone building doesn't have to worry where it - # isn't necessary. If there are other warnings, however, we show them - # and let it break the build. - return <<"EOF" -$bin : $deps - $analyse_objs - @ OPEN/WRITE/SHARE=READ OPT_FILE $binname.OPT - $write_opt1 - $write_opt2 - @ CLOSE OPT_FILE - TYPE $binname.OPT ! For debugging - - pipe SPAWN/WAIT/NOLOG/OUT=$binname.LINKLOG - - LINK ${bin_ldflags}/EXEC=\$\@ $binname.OPT/OPT \$(BIN_EX_LIBS) ; - - link_status = \$status ; link_severity = link_status .AND. 7 - @ search_severity = 1 - -@ IF link_severity .EQ. 0 THEN - - pipe SEARCH $binname.LINKLOG "%","-"/MATCH=AND | - - SPAWN/WAIT/NOLOG/OUT=NLA0: - - SEARCH SYS\$INPUT: "-W-MULDEF,"/MATCH=NOR ; - - search_severity = \$severity - @ ! search_severity is 3 when the last search didn't find any matching - @ ! string: %SEARCH-I-NOMATCHES, no strings matched - @ ! If that was the result, we pretend linking got through without - @ ! fault or warning. - @ IF search_severity .EQ. 3 THEN link_severity = 1 - @ ! At this point, if link_severity shows that there was a fault - @ ! or warning, make sure to restore the linking status. - -@ IF .NOT. link_severity THEN TYPE $binname.LINKLOG - -@ DELETE $binname.LINKLOG;* - @ IF .NOT. link_severity THEN SPAWN/WAIT/NOLOG EXIT 'link_status' - - PURGE $bin,$binname.OPT -EOF - . ($config{target} =~ m|alpha| ? "" : <<"EOF" - SET IMAGE/FLAGS=(NOCALL_DEBUG) \$\@ -EOF - ); - } - sub in2script { - my %args = @_; - my $script = $args{script}; - return "" if grep { $_ eq $script } @{$args{sources}}; # No overwrite! - my $sources = join(" ", @{$args{sources}}); - my $dofile = abs2rel(rel2abs(catfile($config{sourcedir}, - "util", "dofile.pl")), - rel2abs($config{builddir})); - return <<"EOF"; -$script : $sources configdata.pm - \$(PERL) "-I\$(BLDDIR)" "-Mconfigdata" $dofile - - "-o$target{build_file}" $sources > $script - SET FILE/PROT=(S:RWED,O:RWED,G:RE,W:RE) $script - PURGE $script -EOF - } - "" # Important! This becomes part of the template result. --} diff --git a/Configurations/gentemplate.pm b/Configurations/gentemplate.pm deleted file mode 100644 index 3fd5f675c9c80caa65c463ddf30b1c9a4713c428..0000000000000000000000000000000000000000 --- a/Configurations/gentemplate.pm +++ /dev/null @@ -1,556 +0,0 @@ -package gentemplate; - -use strict; -use warnings; -use Carp; - -use Exporter; -use vars qw($VERSION @ISA @EXPORT @EXPORT_OK %EXPORT_TAGS); -@ISA = qw(Exporter); -@EXPORT = qw(gentemplate); - -use File::Basename; - -sub gentemplate { - my %opts = @_; - - my $generator = OpenSSL::GenTemplate->new(%opts); - - # Build mandatory header file generators - foreach (@{$generator->{info}->{depends}->{""}}) { $generator->dogenerate($_); } - - # Build all known targets, libraries, modules, programs and scripts. - # Everything else will be handled as a consequence. - foreach (@{$generator->{info}->{targets}}) { $generator->dotarget($_); } - foreach (@{$generator->{info}->{libraries}}) { $generator->dolib($_); } - foreach (@{$generator->{info}->{modules}}) { $generator->domodule($_); } - foreach (@{$generator->{info}->{programs}}) { $generator->dobin($_); } - foreach (@{$generator->{info}->{scripts}}) { $generator->doscript($_); } - foreach (sort keys %{$generator->{info}->{htmldocs}}) { $generator->dodocs('html', $_); } - foreach (sort keys %{$generator->{info}->{mandocs}}) { $generator->dodocs('man', $_); } - foreach (sort keys %{$generator->{info}->{dirinfo}}) { $generator->dodir($_); } -} - -package OpenSSL::GenTemplate; - -use OpenSSL::Util; - -sub new { - my $class = shift; - my %opts = @_; - - my $data = { - output => $opts{output}, - config => $opts{config} // {}, - disabled => $opts{disabled} // {}, - info => $opts{unified_info} // {}, - }; - - return bless $data, $class; -}; - -sub emit { - my $self = shift; - my $name = shift; - my %opts = @_; - my $fh = $self->{output}; - - die "No name?" unless $name; - print $fh "{-\n ", $name, '(', dump_data(\%opts), ');', " \n-}" - unless defined $opts{attrs}->{skip}; -} - -my $debug_resolvedepends = $ENV{BUILDFILE_DEBUG_DEPENDS}; -my $debug_rules = $ENV{BUILDFILE_DEBUG_RULES}; - -# A cache of objects for which a recipe has already been generated -our %cache; - -# collectdepends, expanddepends and reducedepends work together to make -# sure there are no duplicate or weak dependencies and that they are in -# the right order. This is used to sort the list of libraries that a -# build depends on. -sub extensionlesslib { - my @result = map { $_ =~ /(\.a)?$/; $` } @_; - return @result if wantarray; - return $result[0]; -} - -# collectdepends dives into the tree of dependencies and returns -# a list of all the non-weak ones. -sub collectdepends { - my $self = shift; - return () unless @_; - - my $thing = shift; - my $extensionlessthing = extensionlesslib($thing); - my @listsofar = @_; # to check if we're looping - my @list = @{ $self->{info}->{depends}->{$thing} // - $self->{info}->{depends}->{$extensionlessthing} - // [] }; - my @newlist = (); - - print STDERR "DEBUG[collectdepends] $thing > ", join(' ', @listsofar), "\n" - if $debug_resolvedepends; - foreach my $item (@list) { - my $extensionlessitem = extensionlesslib($item); - # It's time to break off when the dependency list starts looping - next if grep { extensionlesslib($_) eq $extensionlessitem } @listsofar; - # Don't add anything here if the dependency is weak - next if defined $self->{info}->{attributes}->{depends}->{$thing}->{$item}->{'weak'}; - my @resolved = $self->collectdepends($item, @listsofar, $item); - push @newlist, $item, @resolved; - } - print STDERR "DEBUG[collectdepends] $thing < ", join(' ', @newlist), "\n" - if $debug_resolvedepends; - @newlist; -} - -# expanddepends goes through a list of stuff, checks if they have any -# dependencies, and adds them at the end of the current position if -# they aren't already present later on. -sub expanddepends { - my $self = shift; - my @after = ( @_ ); - print STDERR "DEBUG[expanddepends]> ", join(' ', @after), "\n" - if $debug_resolvedepends; - my @before = (); - while (@after) { - my $item = shift @after; - print STDERR "DEBUG[expanddepends]\\ ", join(' ', @before), "\n" - if $debug_resolvedepends; - print STDERR "DEBUG[expanddepends] - ", $item, "\n" - if $debug_resolvedepends; - my @middle = ( - $item, - map { - my $x = $_; - my $extlessx = extensionlesslib($x); - if (grep { $extlessx eq extensionlesslib($_) } @before - and - !grep { $extlessx eq extensionlesslib($_) } @after) { - print STDERR "DEBUG[expanddepends] + ", $x, "\n" - if $debug_resolvedepends; - ( $x ) - } else { - print STDERR "DEBUG[expanddepends] ! ", $x, "\n" - if $debug_resolvedepends; - () - } - } @{$self->{info}->{depends}->{$item} // []} - ); - print STDERR "DEBUG[expanddepends] = ", join(' ', @middle), "\n" - if $debug_resolvedepends; - print STDERR "DEBUG[expanddepends]/ ", join(' ', @after), "\n" - if $debug_resolvedepends; - push @before, @middle; - } - print STDERR "DEBUG[expanddepends]< ", join(' ', @before), "\n" - if $debug_resolvedepends; - @before; -} - -# reducedepends looks through a list, and checks if each item is -# repeated later on. If it is, the earlier copy is dropped. -sub reducedepends { - my @list = @_; - print STDERR "DEBUG[reducedepends]> ", join(' ', @list), "\n" - if $debug_resolvedepends; - my @newlist = (); - my %replace = (); - while (@list) { - my $item = shift @list; - my $extensionlessitem = extensionlesslib($item); - if (grep { $extensionlessitem eq extensionlesslib($_) } @list) { - if ($item ne $extensionlessitem) { - # If this instance of the library is explicitly static, we - # prefer that to any shared library name, since it must have - # been done on purpose. - $replace{$extensionlessitem} = $item; - } - } else { - push @newlist, $item; - } - } - @newlist = map { $replace{$_} // $_; } @newlist; - print STDERR "DEBUG[reducedepends]< ", join(' ', @newlist), "\n" - if $debug_resolvedepends; - @newlist; -} - -# Do it all -# This takes multiple inputs and combine them into a single list of -# interdependent things. The returned value will include all the input. -# Callers are responsible for taking away the things they are building. -sub resolvedepends { - my $self = shift; - print STDERR "DEBUG[resolvedepends] START (", join(', ', @_), ")\n" - if $debug_resolvedepends; - my @all = - reducedepends($self->expanddepends(map { ( $_, $self->collectdepends($_) ) } @_)); - print STDERR "DEBUG[resolvedepends] END (", join(', ', @_), ") : ", - join(',', map { "\n $_" } @all), "\n" - if $debug_resolvedepends; - @all; -} - -# dogenerate is responsible for producing all the recipes that build -# generated source files. It recurses in case a dependency is also a -# generated source file. -sub dogenerate { - my $self = shift; - my $src = shift; - # Safety measure - return "" unless defined $self->{info}->{generate}->{$src}; - return "" if $cache{$src}; - my $obj = shift; - my $bin = shift; - my %opts = @_; - if ($self->{info}->{generate}->{$src}) { - die "$src is generated by Configure, should not appear in build file\n" - if ref $self->{info}->{generate}->{$src} eq ""; - my $script = $self->{info}->{generate}->{$src}->[0]; - my %attrs = %{$self->{info}->{attributes}->{generate}->{$src} // {}}; - $self->emit('generatesrc', - src => $src, - product => $bin, - generator => $self->{info}->{generate}->{$src}, - generator_incs => $self->{info}->{includes}->{$script} // [], - generator_deps => $self->{info}->{depends}->{$script} // [], - deps => $self->{info}->{depends}->{$src} // [], - incs => [ defined $obj ? @{$self->{info}->{includes}->{$obj} // []} : (), - defined $bin ? @{$self->{info}->{includes}->{$bin} // []} : () ], - defs => [ defined $obj ? @{$self->{info}->{defines}->{$obj} // []} : (), - defined $bin ? @{$self->{info}->{defines}->{$bin} // []} : () ], - attrs => { %attrs }, - %opts); - foreach (@{$self->{info}->{depends}->{$src} // []}) { - $self->dogenerate($_, $obj, $bin, %opts); - } - # The generator itself may be is generated - if ($self->{info}->{generate}->{$script}) { - $self->dogenerate($script, $obj, $bin, %opts); - } - } - $cache{$src} = 1; -} - -sub dotarget { - my $self = shift; - my $target = shift; - return "" if $cache{$target}; - $self->emit('generatetarget', - target => $target, - deps => $self->{info}->{depends}->{$target} // []); - foreach (@{$self->{info}->{depends}->{$target} // []}) { - $self->dogenerate($_); - } - $cache{$target} = 1; -} - -# doobj is responsible for producing all the recipes that build -# object files as well as dependency files. -sub doobj { - my $self = shift; - my $obj = shift; - return "" if $cache{$obj}; - my $bin = shift; - my %opts = @_; - if (@{$self->{info}->{sources}->{$obj} // []}) { - my @srcs = @{$self->{info}->{sources}->{$obj}}; - my @deps = @{$self->{info}->{depends}->{$obj} // []}; - my @incs = ( @{$self->{info}->{includes}->{$obj} // []}, - @{$self->{info}->{includes}->{$bin} // []} ); - my @defs = ( @{$self->{info}->{defines}->{$obj} // []}, - @{$self->{info}->{defines}->{$bin} // []} ); - print STDERR "DEBUG[doobj] \@srcs for $obj ($bin) : ", - join(",", map { "\n $_" } @srcs), "\n" - if $debug_rules; - print STDERR "DEBUG[doobj] \@deps for $obj ($bin) : ", - join(",", map { "\n $_" } @deps), "\n" - if $debug_rules; - print STDERR "DEBUG[doobj] \@incs for $obj ($bin) : ", - join(",", map { "\n $_" } @incs), "\n" - if $debug_rules; - print STDERR "DEBUG[doobj] \@defs for $obj ($bin) : ", - join(",", map { "\n $_" } @defs), "\n" - if $debug_rules; - print STDERR "DEBUG[doobj] \%opts for $obj ($bin) : ", , - join(",", map { "\n $_ = $opts{$_}" } sort keys %opts), "\n" - if $debug_rules; - $self->emit('src2obj', - obj => $obj, product => $bin, - srcs => [ @srcs ], deps => [ @deps ], - incs => [ @incs ], defs => [ @defs ], - %opts); - foreach ((@{$self->{info}->{sources}->{$obj}}, - @{$self->{info}->{depends}->{$obj} // []})) { - $self->dogenerate($_, $obj, $bin, %opts); - } - } - $cache{$obj} = 1; -} - -# Helper functions to grab all applicable intermediary files. -# This is particularly useful when a library is given as source -# rather than a dependency. In that case, we consider it to be a -# container with object file references, or possibly references -# to further libraries to pilfer in the same way. -sub getsrclibs { - my $self = shift; - my $section = shift; - - # For all input, see if it sources static libraries. If it does, - # return them together with the result of a recursive call. - map { ( $_, getsrclibs($section, $_) ) } - grep { $_ =~ m|\.a$| } - map { @{$self->{info}->{$section}->{$_} // []} } - @_; -} - -sub getlibobjs { - my $self = shift; - my $section = shift; - - # For all input, see if it's an intermediary file (library or object). - # If it is, collect the result of a recursive call, or if that returns - # an empty list, the element itself. Return the result. - map { - my @x = $self->getlibobjs($section, @{$self->{info}->{$section}->{$_}}); - @x ? @x : ( $_ ); - } - grep { defined $self->{info}->{$section}->{$_} } - @_; -} - -# dolib is responsible for building libraries. It will call -# obj2shlib if shared libraries are produced, and obj2lib in all -# cases. It also makes sure all object files for the library are -# built. -sub dolib { - my $self = shift; - my $lib = shift; - return "" if $cache{$lib}; - - my %attrs = %{$self->{info}->{attributes}->{libraries}->{$lib} // {}}; - - my @deps = ( $self->resolvedepends(getsrclibs('sources', $lib)) ); - - # We support two types of objs, those who are specific to this library - # (they end up in @objs) and those that we get indirectly, via other - # libraries (they end up in @foreign_objs). We get the latter any time - # someone has done something like this in build.info: - # SOURCE[libfoo.a]=libbar.a - # The indirect object files must be kept in a separate array so they - # don't get rebuilt unnecessarily (and with incorrect auxiliary - # information). - # - # Object files can't be collected commonly for shared and static - # libraries, because we contain their respective object files in - # {shared_sources} and {sources}, and because the implications are - # slightly different for each library form. - # - # We grab all these "foreign" object files recursively with getlibobjs(). - - unless ($self->{disabled}->{shared} || $lib =~ /\.a$/) { - # If this library sources other static libraries and those - # libraries are marked {noinst}, there's no need to include - # all of their object files. Instead, we treat those static - # libraries as dependents alongside any other library this - # one depends on, and let symbol resolution do its job. - my @sourced_libs = (); - my @objs = (); - my @foreign_objs = (); - my @deps = (); - foreach (@{$self->{info}->{shared_sources}->{$lib} // []}) { - if ($_ !~ m|\.a$|) { - push @objs, $_; - } elsif ($self->{info}->{attributes}->{libraries}->{$_}->{noinst}) { - push @deps, $_; - } else { - push @deps, $self->getsrclibs('sources', $_); - push @foreign_objs, $self->getlibobjs('sources', $_); - } - } - @deps = ( grep { $_ ne $lib } $self->resolvedepends($lib, @deps) ); - print STDERR "DEBUG[dolib:shlib] \%attrs for $lib : ", , - join(",", map { "\n $_ = $attrs{$_}" } sort keys %attrs), "\n" - if %attrs && $debug_rules; - print STDERR "DEBUG[dolib:shlib] \@deps for $lib : ", - join(",", map { "\n $_" } @deps), "\n" - if @deps && $debug_rules; - print STDERR "DEBUG[dolib:shlib] \@objs for $lib : ", - join(",", map { "\n $_" } @objs), "\n" - if @objs && $debug_rules; - print STDERR "DEBUG[dolib:shlib] \@foreign_objs for $lib : ", - join(",", map { "\n $_" } @foreign_objs), "\n" - if @foreign_objs && $debug_rules; - $self->emit('obj2shlib', - lib => $lib, - attrs => { %attrs }, - objs => [ @objs, @foreign_objs ], - deps => [ @deps ]); - foreach (@objs) { - # If this is somehow a compiled object, take care of it that way - # Otherwise, it might simply be generated - if (defined $self->{info}->{sources}->{$_}) { - if($_ =~ /\.a$/) { - $self->dolib($_); - } else { - $self->doobj($_, $lib, intent => "shlib", attrs => { %attrs }); - } - } else { - $self->dogenerate($_, undef, undef, intent => "lib"); - } - } - } - { - # When putting static libraries together, we cannot rely on any - # symbol resolution, so for all static libraries used as source for - # this one, as well as other libraries they depend on, we simply - # grab all their object files unconditionally, - # Symbol resolution will happen when any program, module or shared - # library is linked with this one. - my @objs = (); - my @sourcedeps = (); - my @foreign_objs = (); - foreach (@{$self->{info}->{sources}->{$lib}}) { - if ($_ !~ m|\.a$|) { - push @objs, $_; - } else { - push @sourcedeps, $_; - } - } - @sourcedeps = ( grep { $_ ne $lib } $self->resolvedepends(@sourcedeps) ); - print STDERR "DEBUG[dolib:lib] : \@sourcedeps for $_ : ", - join(",", map { "\n $_" } @sourcedeps), "\n" - if @sourcedeps && $debug_rules; - @foreign_objs = $self->getlibobjs('sources', @sourcedeps); - print STDERR "DEBUG[dolib:lib] \%attrs for $lib : ", , - join(",", map { "\n $_ = $attrs{$_}" } sort keys %attrs), "\n" - if %attrs && $debug_rules; - print STDERR "DEBUG[dolib:lib] \@objs for $lib : ", - join(",", map { "\n $_" } @objs), "\n" - if @objs && $debug_rules; - print STDERR "DEBUG[dolib:lib] \@foreign_objs for $lib : ", - join(",", map { "\n $_" } @foreign_objs), "\n" - if @foreign_objs && $debug_rules; - $self->emit('obj2lib', - lib => $lib, attrs => { %attrs }, - objs => [ @objs, @foreign_objs ]); - foreach (@objs) { - $self->doobj($_, $lib, intent => "lib", attrs => { %attrs }); - } - } - $cache{$lib} = 1; -} - -# domodule is responsible for building modules. It will call -# obj2dso, and also makes sure all object files for the library -# are built. -sub domodule { - my $self = shift; - my $module = shift; - return "" if $cache{$module}; - my %attrs = %{$self->{info}->{attributes}->{modules}->{$module} // {}}; - my @objs = @{$self->{info}->{sources}->{$module}}; - my @deps = ( grep { $_ ne $module } - $self->resolvedepends($module) ); - print STDERR "DEBUG[domodule] \%attrs for $module :", - join(",", map { "\n $_ = $attrs{$_}" } sort keys %attrs), "\n" - if $debug_rules; - print STDERR "DEBUG[domodule] \@objs for $module : ", - join(",", map { "\n $_" } @objs), "\n" - if $debug_rules; - print STDERR "DEBUG[domodule] \@deps for $module : ", - join(",", map { "\n $_" } @deps), "\n" - if $debug_rules; - $self->emit('obj2dso', - module => $module, - attrs => { %attrs }, - objs => [ @objs ], - deps => [ @deps ]); - foreach (@{$self->{info}->{sources}->{$module}}) { - # If this is somehow a compiled object, take care of it that way - # Otherwise, it might simply be generated - if (defined $self->{info}->{sources}->{$_}) { - $self->doobj($_, $module, intent => "dso", attrs => { %attrs }); - } else { - $self->dogenerate($_, undef, $module, intent => "dso"); - } - } - $cache{$module} = 1; -} - -# dobin is responsible for building programs. It will call obj2bin, -# and also makes sure all object files for the library are built. -sub dobin { - my $self = shift; - my $bin = shift; - return "" if $cache{$bin}; - my %attrs = %{$self->{info}->{attributes}->{programs}->{$bin} // {}}; - my @objs = @{$self->{info}->{sources}->{$bin}}; - my @deps = ( grep { $_ ne $bin } $self->resolvedepends($bin) ); - print STDERR "DEBUG[dobin] \%attrs for $bin : ", - join(",", map { "\n $_ = $attrs{$_}" } sort keys %attrs), "\n" - if %attrs && $debug_rules; - print STDERR "DEBUG[dobin] \@objs for $bin : ", - join(",", map { "\n $_" } @objs), "\n" - if @objs && $debug_rules; - print STDERR "DEBUG[dobin] \@deps for $bin : ", - join(",", map { "\n $_" } @deps), "\n" - if @deps && $debug_rules; - $self->emit('obj2bin', - bin => $bin, - attrs => { %attrs }, - objs => [ @objs ], - deps => [ @deps ]); - foreach (@objs) { - $self->doobj($_, $bin, intent => "bin", attrs => { %attrs }); - } - $cache{$bin} = 1; -} - -# doscript is responsible for building scripts from templates. It will -# call in2script. -sub doscript { - my $self = shift; - my $script = shift; - return "" if $cache{$script}; - $self->emit('in2script', - script => $script, - attrs => $self->{info}->{attributes}->{scripts}->{$script} // {}, - sources => $self->{info}->{sources}->{$script}); - $cache{$script} = 1; -} - -sub dodir { - my $self = shift; - my $dir = shift; - return "" if !exists(&generatedir) or $cache{$dir}; - $self->emit('generatedir', - dir => $dir, - deps => $self->{info}->{dirinfo}->{$dir}->{deps} // [], - %{$self->{info}->{dirinfo}->{$_}->{products}}); - $cache{$dir} = 1; -} - -# dodocs is responsible for building documentation from .pods. -# It will call generatesrc. -sub dodocs { - my $self = shift; - my $type = shift; - my $section = shift; - foreach my $doc (@{$self->{info}->{"${type}docs"}->{$section}}) { - next if $cache{$doc}; - $self->emit('generatesrc', - src => $doc, - generator => $self->{info}->{generate}->{$doc}); - foreach ((@{$self->{info}->{depends}->{$doc} // []})) { - $self->dogenerate($_, undef, undef); - } - $cache{$doc} = 1; - } -} - -1; diff --git a/Configurations/platform.pm b/Configurations/platform.pm deleted file mode 100644 index 909da0ac7202f78d8263f8f0fae4931895def7be..0000000000000000000000000000000000000000 --- a/Configurations/platform.pm +++ /dev/null @@ -1,18 +0,0 @@ -package platform; - -use strict; -use warnings; -use vars qw(@ISA); - -# Callers must make sure @INC has the build directory -use configdata; - -my $module = $target{perl_platform} || 'Unix'; -(my $module_path = $module) =~ s|::|/|g; - -require "platform/$module_path.pm"; -@ISA = ("platform::$module"); - -1; - -__END__ diff --git a/Configurations/platform/AIX.pm b/Configurations/platform/AIX.pm deleted file mode 100644 index c6c1437f962a6459732d28125a0ffc0b32be33b6..0000000000000000000000000000000000000000 --- a/Configurations/platform/AIX.pm +++ /dev/null @@ -1,29 +0,0 @@ -package platform::AIX; - -use strict; -use warnings; -use Carp; - -use vars qw(@ISA); - -require platform::Unix; -@ISA = qw(platform::Unix); - -# Assume someone set @INC right before loading this module -use configdata; - -sub dsoext { '.so' } -sub shlibextsimple { '.a' } - -# In shared mode, the default static library names clashes with the final -# "simple" full shared library name, so we add '_a' to the basename of the -# static libraries in that case. -sub staticname { - # Non-installed libraries are *always* static, and their names remain - # the same, except for the mandatory extension - my $in_libname = platform::BASE->staticname($_[1]); - return $in_libname - if $unified_info{attributes}->{libraries}->{$_[1]}->{noinst}; - - return platform::BASE->staticname($_[1]) . ($disabled{shared} ? '' : '_a'); -} diff --git a/Configurations/platform/BASE.pm b/Configurations/platform/BASE.pm deleted file mode 100644 index 1ab4bf18e91af68dc4709346d96c50615fddddc8..0000000000000000000000000000000000000000 --- a/Configurations/platform/BASE.pm +++ /dev/null @@ -1,98 +0,0 @@ -package platform::BASE; - -use strict; -use warnings; -use Carp; - -# Assume someone set @INC right before loading this module -use configdata; - -# Globally defined "platform specific" extensions, available for uniformity -sub depext { '.d' } - -# Functions to convert internal file representations to platform specific -# ones. Note that these all depend on extension functions that MUST be -# defined per platform. -# -# Currently known internal or semi-internal extensions are: -# -# .a For libraries that are made static only. -# Internal libraries only. -# .o For object files. -# .s, .S Assembler files. This is an actual extension on Unix -# .res Resource file. This is an actual extension on Windows - -sub binname { return $_[1] } # Name of executable binary -sub dsoname { return $_[1] } # Name of dynamic shared object (DSO) -sub sharedname { return __isshared($_[1]) ? $_[1] : undef } # Name of shared lib -sub staticname { return __base($_[1], '.a') } # Name of static lib - -# Convenience function to convert the shlib version to an acceptable part -# of a file or directory name. By default, we consider it acceptable as is. -sub shlib_version_as_filename { return $config{shlib_version} } - -# Convenience functions to convert the possible extension of an input file name -sub bin { return $_[0]->binname($_[1]) . $_[0]->binext() } -sub dso { return $_[0]->dsoname($_[1]) . $_[0]->dsoext() } -sub sharedlib { return __concat($_[0]->sharedname($_[1]), $_[0]->shlibext()) } -sub staticlib { return $_[0]->staticname($_[1]) . $_[0]->libext() } - -# More convenience functions for intermediary files -sub def { return __base($_[1], '.ld') . $_[0]->defext() } -sub obj { return __base($_[1], '.o') . $_[0]->objext() } -sub res { return __base($_[1], '.res') . $_[0]->resext() } -sub dep { return __base($_[1], '.o') . $_[0]->depext() } # <- objname -sub asm { return __base($_[1], '.S', '.s') . $_[0]->asmext() } - -# Another set of convenience functions for standard checks of certain -# internal extensions and conversion from internal to platform specific -# extension. Note that the latter doesn't deal with libraries because -# of ambivalence -sub isdef { return $_[1] =~ m|\.ld$|; } -sub isobj { return $_[1] =~ m|\.o$|; } -sub isres { return $_[1] =~ m|\.res$|; } -sub isasm { return $_[1] =~ m|\.[Ss]$|; } -sub isstaticlib { return $_[1] =~ m|\.a$|; } -sub convertext { - if ($_[0]->isdef($_[1])) { return $_[0]->def($_[1]); } - if ($_[0]->isobj($_[1])) { return $_[0]->obj($_[1]); } - if ($_[0]->isres($_[1])) { return $_[0]->res($_[1]); } - if ($_[0]->isasm($_[1])) { return $_[0]->asm($_[1]); } - if ($_[0]->isstaticlib($_[1])) { return $_[0]->staticlib($_[1]); } - return $_[1]; -} - -# Helpers ############################################################ - -# __base EXPR, LIST -# This returns the given path (EXPR) with the matching suffix from LIST stripped -sub __base { - my $path = shift; - foreach (@_) { - if ($path =~ m|\Q${_}\E$|) { - return $`; - } - } - return $path; -} - -# __isshared EXPR -# EXPR is supposed to be a library name. This will return true if that library -# can be assumed to be a shared library, otherwise false -sub __isshared { - return !($disabled{shared} || $_[0] =~ /\.a$/); -} - -# __concat LIST -# Returns the concatenation of all elements of LIST if none of them is -# undefined. If one of them is undefined, returns undef instead. -sub __concat { - my $result = ''; - foreach (@_) { - return undef unless defined $_; - $result .= $_; - } - return $result; -} - -1; diff --git a/Configurations/platform/Cygwin.pm b/Configurations/platform/Cygwin.pm deleted file mode 100644 index bc62e9db404c0e5aa88721d3c3e0fbfb88e767c1..0000000000000000000000000000000000000000 --- a/Configurations/platform/Cygwin.pm +++ /dev/null @@ -1,22 +0,0 @@ -package platform::Cygwin; - -use strict; -use warnings; -use Carp; - -use vars qw(@ISA); - -require platform::mingw; -@ISA = qw(platform::mingw); - -# Assume someone set @INC right before loading this module -use configdata; - -sub sharedname { - my $class = shift; - my $lib = platform::mingw->sharedname(@_); - $lib =~ s|^lib|cyg| if defined $lib; - return $lib; -} - -1; diff --git a/Configurations/platform/Unix.pm b/Configurations/platform/Unix.pm deleted file mode 100644 index 8db0ed912e3a2f56443c4870d92ca2f03544a90f..0000000000000000000000000000000000000000 --- a/Configurations/platform/Unix.pm +++ /dev/null @@ -1,87 +0,0 @@ -package platform::Unix; - -use strict; -use warnings; -use Carp; - -use vars qw(@ISA); - -require platform::BASE; -@ISA = qw(platform::BASE); - -# Assume someone set @INC right before loading this module -use configdata; - -sub binext { $target{exe_extension} || '' } -sub dsoext { $target{dso_extension} || platform->shlibextsimple() - || '.so' } -# Because these are also used in scripts and not just Makefile, we must -# convert $(SHLIB_VERSION_NUMBER) to the actual number. -sub shlibext { (my $x = $target{shared_extension} - || '.so.$(SHLIB_VERSION_NUMBER)') - =~ s|\.\$\(SHLIB_VERSION_NUMBER\) - |.$config{shlib_version}|x; - $x; } -sub libext { $target{lib_extension} || '.a' } -sub defext { $target{def_extension} || '.ld' } -sub objext { $target{obj_extension} || '.o' } -sub depext { $target{obj_extension} || '.d' } - -# Other extra that aren't defined in platform::BASE -sub shlibextsimple { (my $x = $target{shared_extension} || '.so') - =~ s|\.\$\(SHLIB_VERSION_NUMBER\)||; - $x; } -sub shlibvariant { $target{shlib_variant} || "" } -sub makedepcmd { $disabled{makedepend} ? undef : $config{makedepcmd} } - -# No conversion of assembler extension on Unix -sub asm { - return $_[1]; -} - -# At some point, we might decide that static libraries are called something -# other than the default... -sub staticname { - # Non-installed libraries are *always* static, and their names remain - # the same, except for the mandatory extension - my $in_libname = platform::BASE->staticname($_[1]); - return $in_libname - if $unified_info{attributes}->{libraries}->{$_[1]}->{noinst}; - - # We currently return the same name anyway... but we might choose to - # append '_static' or '_a' some time in the future. - return platform::BASE->staticname($_[1]); -} - -sub sharedname { - return platform::BASE::__concat(platform::BASE->sharedname($_[1]), - ($_[0]->shlibvariant() // '')); -} - -sub sharedname_simple { - return platform::BASE::__isshared($_[1]) ? $_[1] : undef; -} - -sub sharedlib_simple { - # This function returns the simplified shared library name (no version - # or variant in the shared library file name) if the simple variants of - # the base name or the suffix differ from the full variants of the same. - - # Note: if $_[1] isn't a shared library name, then $_[0]->sharedname() - # and $_[0]->sharedname_simple() will return undef. This needs being - # accounted for. - my $name = $_[0]->sharedname($_[1]); - my $simplename = $_[0]->sharedname_simple($_[1]); - my $ext = $_[0]->shlibext(); - my $simpleext = $_[0]->shlibextsimple(); - - return undef unless defined $simplename && defined $name; - return undef if ($name eq $simplename && $ext eq $simpleext); - return platform::BASE::__concat($simplename, $simpleext); -} - -sub sharedlib_import { - return undef; -} - -1; diff --git a/Configurations/platform/VMS.pm b/Configurations/platform/VMS.pm deleted file mode 100644 index 7d7835afeabc8adf0b5f533c80f7480da2c66626..0000000000000000000000000000000000000000 --- a/Configurations/platform/VMS.pm +++ /dev/null @@ -1,65 +0,0 @@ -package platform::VMS; - -use strict; -use warnings; -use Carp; - -use vars qw(@ISA); - -require platform::BASE; -@ISA = qw(platform::BASE); - -# Assume someone set @INC right before loading this module -use configdata; - -# VMS has a cultural standard where all installed libraries are prefixed. -# For OpenSSL, the choice is 'ossl$' (this prefix was claimed in a -# conversation with VSI, Tuesday January 26 2016) -sub osslprefix { 'OSSL$' } - -sub binext { '.EXE' } -sub dsoext { '.EXE' } -sub shlibext { '.EXE' } -sub libext { '.OLB' } -sub defext { '.OPT' } -sub objext { '.OBJ' } -sub depext { '.D' } -sub asmext { '.ASM' } - -# Other extra that aren't defined in platform::BASE -sub shlibvariant { $target{shlib_variant} || '' } - -sub optext { '.OPT' } -sub optname { return $_[1] } -sub opt { return $_[0]->optname($_[1]) . $_[0]->optext() } - -# Other projects include the pointer size in the name of installed libraries, -# so we do too. -sub staticname { - # Non-installed libraries are *always* static, and their names remain - # the same, except for the mandatory extension - my $in_libname = platform::BASE->staticname($_[1]); - return $in_libname - if $unified_info{attributes}->{libraries}->{$_[1]}->{noinst}; - - return platform::BASE::__concat($_[0]->osslprefix(), - platform::BASE->staticname($_[1]), - $target{pointer_size}); -} - -# To enable installation of multiple major OpenSSL releases, we include the -# version number in installed shared library names. -my $sover_filename = - join('', map { sprintf "%02d", $_ } split(m|\.|, $config{shlib_version})); -sub shlib_version_as_filename { - return $sover_filename; -} -sub sharedname { - return platform::BASE::__concat($_[0]->osslprefix(), - platform::BASE->sharedname($_[1]), - $_[0]->shlib_version_as_filename(), - ($_[0]->shlibvariant() // ''), - "_shr$target{pointer_size}"); -} - -1; diff --git a/Configurations/platform/Windows.pm b/Configurations/platform/Windows.pm deleted file mode 100644 index 4ecd6d513d1a741baad07a0adbaedaaf2f0a1c10..0000000000000000000000000000000000000000 --- a/Configurations/platform/Windows.pm +++ /dev/null @@ -1,64 +0,0 @@ -package platform::Windows; - -use strict; -use warnings; -use Carp; - -use vars qw(@ISA); - -require platform::BASE; -@ISA = qw(platform::BASE); - -# Assume someone set @INC right before loading this module -use configdata; - -sub binext { '.exe' } -sub dsoext { '.dll' } -sub shlibext { '.dll' } -sub libext { '.lib' } -sub defext { '.def' } -sub objext { '.obj' } -sub depext { '.d' } -sub asmext { '.asm' } - -# Other extra that aren't defined in platform::BASE -sub resext { '.res' } -sub shlibextimport { '.lib' } -sub shlibvariant { $target{shlib_variant} || '' } - -sub staticname { - # Non-installed libraries are *always* static, and their names remain - # the same, except for the mandatory extension - my $in_libname = platform::BASE->staticname($_[1]); - return $in_libname - if $unified_info{attributes}->{libraries}->{$_[1]}->{noinst}; - - # To make sure not to clash with an import library, we make the static - # variant of our installed libraries get '_static' added to their names. - return platform::BASE->staticname($_[1]) - . ($disabled{shared} ? '' : '_static'); -} - -# To mark forward compatibility, we include the OpenSSL major release version -# number in the installed shared library names. -(my $sover_filename = $config{shlib_version}) =~ s|\.|_|g; -sub shlib_version_as_filename { - return $sover_filename -} -sub sharedname { - return platform::BASE::__concat(platform::BASE->sharedname($_[1]), - "-", - $_[0]->shlib_version_as_filename(), - ($_[0]->shlibvariant() // '')); -} - -sub sharedname_import { - return platform::BASE::__isshared($_[1]) ? $_[1] : undef; -} - -sub sharedlib_import { - return platform::BASE::__concat($_[0]->sharedname_import($_[1]), - $_[0]->shlibextimport()); -} - -1; diff --git a/Configurations/platform/Windows/MSVC.pm b/Configurations/platform/Windows/MSVC.pm deleted file mode 100644 index 80188f354e9285b3011096a427831935e38eb378..0000000000000000000000000000000000000000 --- a/Configurations/platform/Windows/MSVC.pm +++ /dev/null @@ -1,44 +0,0 @@ -package platform::Windows::MSVC; - -use strict; -use warnings; -use Carp; - -use vars qw(@ISA); - -require platform::Windows; -@ISA = qw(platform::Windows); - -# Assume someone set @INC right before loading this module -use configdata; - -sub pdbext { '.pdb' } - -# It's possible that this variant of |sharedname| should be in Windows.pm. -# However, this variant was VC only in 1.1.1, so we maintain that here until -# further notice. -sub sharedname { - return platform::BASE::__concat(platform::BASE->sharedname($_[1]), - "-", - $_[0]->shlib_version_as_filename(), - ($target{multilib} // '' ), - ($_[0]->shlibvariant() // '')); -} - -sub staticlibpdb { - return platform::BASE::__concat($_[0]->staticname($_[1]), $_[0]->pdbext()); -} - -sub sharedlibpdb { - return platform::BASE::__concat($_[0]->sharedname($_[1]), $_[0]->pdbext()); -} - -sub dsopdb { - return platform::BASE::__concat($_[0]->dsoname($_[1]), $_[0]->pdbext()); -} - -sub binpdb { - return platform::BASE::__concat($_[0]->binname($_[1]), $_[0]->pdbext()); -} - -1; diff --git a/Configurations/platform/Windows/cppbuilder.pm b/Configurations/platform/Windows/cppbuilder.pm deleted file mode 100644 index b4d208d6d45693acaff504cf652461ea64050736..0000000000000000000000000000000000000000 --- a/Configurations/platform/Windows/cppbuilder.pm +++ /dev/null @@ -1,16 +0,0 @@ -package platform::Windows::cppbuilder; - -use vars qw(@ISA); - -require platform::Windows::MSVC; -@ISA = qw(platform::Windows::MSVC); - -sub pdbext { '.tds' } - -# C++Builder's Clang-based compilers prepend an underscore to __cdecl-convention -# C functions, and the linker needs those as the InternalName in the .def file. -sub export2internal { - return "_$_[1]"; -} - -1; diff --git a/Configurations/platform/mingw.pm b/Configurations/platform/mingw.pm deleted file mode 100644 index c4dbce80410ab8a6d07b6ec45c3e501a4478c7e5..0000000000000000000000000000000000000000 --- a/Configurations/platform/mingw.pm +++ /dev/null @@ -1,51 +0,0 @@ -package platform::mingw; - -use strict; -use warnings; -use Carp; - -use vars qw(@ISA); - -require platform::Unix; -@ISA = qw(platform::Unix); - -# Assume someone set @INC right before loading this module -use configdata; - -sub binext { '.exe' } -sub objext { '.obj' } -sub libext { '.a' } -sub dsoext { '.dll' } -sub defext { '.def' } - -# Other extra that aren't defined in platform::BASE -sub resext { '.res.obj' } -sub shlibext { '.dll' } -sub shlibextimport { $target{shared_import_extension} || '.dll.a' } -sub shlibextsimple { undef } -sub makedepcmd { $disabled{makedepend} ? undef : $config{makedepcmd} } - -(my $sover_filename = $config{shlib_version}) =~ s|\.|_|g; -sub shlib_version_as_filename { - return $sover_filename; -} -sub sharedname { - return platform::BASE::__concat(platform::BASE->sharedname($_[1]), - "-", - $_[0]->shlib_version_as_filename(), - ($config{target} eq "mingw64" - ? "-x64" : "")); -} - -# With Mingw and other DLL producers, there isn't any "simpler" shared -# library name. However, there is a static import library. -sub sharedlib_simple { - return undef; -} - -sub sharedlib_import { - return platform::BASE::__concat(platform::BASE->sharedname($_[1]), - $_[0]->shlibextimport()); -} - -1; diff --git a/Configurations/shared-info.pl b/Configurations/shared-info.pl deleted file mode 100644 index edd16f405594a7e0d25d479e7e04272679bf8061..0000000000000000000000000000000000000000 --- a/Configurations/shared-info.pl +++ /dev/null @@ -1,94 +0,0 @@ -#! /usr/bin/env perl -# -*- mode: perl; -*- -# Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - -# This is a collection of extra attributes to be used as input for creating -# shared libraries, currently on any Unix variant, including Unix like -# environments on Windows. - -sub detect_gnu_ld { - my @lines = - `$config{CROSS_COMPILE}$config{CC} -Wl,-V /dev/null 2>&1`; - return grep /^GNU ld/, @lines; -} -sub detect_gnu_cc { - my @lines = - `$config{CROSS_COMPILE}$config{CC} -v 2>&1`; - return grep /gcc/, @lines; -} - -my %shared_info; -%shared_info = ( - 'gnu-shared' => { - shared_ldflag => '-shared -Wl,-Bsymbolic', - shared_sonameflag => '-Wl,-soname=', - }, - 'linux-shared' => sub { - return { - %{$shared_info{'gnu-shared'}}, - shared_defflag => '-Wl,--version-script=', - dso_ldflags => - (grep /(?:^|\s)-fsanitize/, - @{$config{CFLAGS}}, @{$config{cflags}}) - ? '' - : '-Wl,-z,defs', - }; - }, - 'bsd-gcc-shared' => sub { return $shared_info{'linux-shared'}; }, - 'darwin-shared' => { - module_ldflags => '-bundle', - shared_ldflag => '-dynamiclib -current_version $(SHLIB_VERSION_NUMBER) -compatibility_version $(SHLIB_VERSION_NUMBER)', - shared_sonameflag => '-install_name $(libdir)/', - }, - 'cygwin-shared' => { - shared_ldflag => '-shared -Wl,--enable-auto-image-base', - shared_impflag => '-Wl,--out-implib=', - }, - 'mingw-shared' => sub { - return { - %{$shared_info{'cygwin-shared'}}, - # def_flag made to empty string so it still generates - # something - shared_defflag => '', - shared_argfileflag => '@', - }; - }, - 'alpha-osf1-shared' => sub { - return $shared_info{'gnu-shared'} if detect_gnu_ld(); - return { - module_ldflags => '-shared -Wl,-Bsymbolic', - shared_ldflag => '-shared -Wl,-Bsymbolic -set_version $(SHLIB_VERSION_NUMBER)', - }; - }, - 'svr3-shared' => sub { - return $shared_info{'gnu-shared'} if detect_gnu_ld(); - return { - shared_ldflag => '-G', - shared_sonameflag => '-h ', - }; - }, - 'svr5-shared' => sub { - return $shared_info{'gnu-shared'} if detect_gnu_ld(); - return { - shared_ldflag => detect_gnu_cc() ? '-shared' : '-G', - shared_sonameflag => '-h ', - }; - }, - 'solaris-gcc-shared' => sub { - return $shared_info{'linux-shared'} if detect_gnu_ld(); - return { - # Note: we should also have -shared here, but because some - # config targets define it with an added -static-libgcc - # following it, we don't want to change the order. This - # forces all solaris gcc config targets to define shared_ldflag - shared_ldflag => '-Wl,-Bsymbolic', - shared_defflag => "-Wl,-M,", - shared_sonameflag => "-Wl,-h,", - }; - }, -); diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl deleted file mode 100644 index 110ba0687d801221d3b89eeefd49ec1e3e85fc71..0000000000000000000000000000000000000000 --- a/Configurations/unix-Makefile.tmpl +++ /dev/null @@ -1,1993 +0,0 @@ -## -## Makefile for OpenSSL -## -## {- join("\n## ", @autowarntext) -} -{- - use OpenSSL::Util; - - our $makedep_scheme = $config{makedep_scheme}; - our $makedepcmd = platform->makedepcmd(); - - sub windowsdll { $config{target} =~ /^(?:Cygwin|mingw)/ } - - # Shared AIX support is special. We put libcrypto[64].so.ver into - # libcrypto.a and use libcrypto_a.a as static one. - sub sharedaix { !$disabled{shared} && $config{target} =~ /^aix/ } - - our $sover_dirname = platform->shlib_version_as_filename(); - - # This makes sure things get built in the order they need - # to. You're welcome. - sub dependmagic { - my $target = shift; - - return "$target: build_generated\n\t\$(MAKE) depend && \$(MAKE) _$target\n_$target"; - } - - our $COLUMNS = $ENV{COLUMNS}; - if ($COLUMNS =~ /^\d+$/) { - $COLUMNS = int($COLUMNS) - 2; # 2 to leave space for ending ' \' - } else { - $COLUMNS = 76; - } - - sub fill_lines { - my $item_sep = shift; # string - my $line_length = shift; # number of chars - - my @result = (); - my $resultpos = 0; - - foreach (@_) { - my $fill_line = $result[$resultpos] // ''; - my $newline = - ($fill_line eq '' ? '' : $fill_line . $item_sep) . $_; - - if (length($newline) > $line_length) { - # If this is a single item and the intended result line - # is empty, we put it there anyway - if ($fill_line eq '') { - $result[$resultpos++] = $newline; - } else { - $result[++$resultpos] = $_; - } - } else { - $result[$resultpos] = $newline; - } - } - return @result; - } - ''; --} -PLATFORM={- $config{target} -} -OPTIONS={- $config{options} -} -CONFIGURE_ARGS=({- join(", ",quotify_l(@{$config{perlargv}})) -}) -SRCDIR={- $config{sourcedir} -} -BLDDIR={- $config{builddir} -} -FIPSKEY={- $config{FIPSKEY} -} - -VERSION={- "$config{full_version}" -} -VERSION_NUMBER={- "$config{version}" -} -MAJOR={- $config{major} -} -MINOR={- $config{minor} -} -SHLIB_VERSION_NUMBER={- $config{shlib_version} -} -SHLIB_TARGET={- $target{shared_target} -} - -LIBS={- join(" \\\n" . ' ' x 5, - fill_lines(" ", $COLUMNS - 5, - map { platform->staticlib($_) // () } - @{$unified_info{libraries}})) -} -SHLIBS={- join(" \\\n" . ' ' x 7, - fill_lines(" ", $COLUMNS - 7, - map { platform->sharedlib($_) // () } - @{$unified_info{libraries}})) -} -SHLIB_INFO={- join(" \\\n" . ' ' x 11, - fill_lines(" ", $COLUMNS - 11, - map { my $x = platform->sharedlib($_); - my $y = platform->sharedlib_simple($_) // ''; - my $z = platform->sharedlib_import($_) // ''; - $x ? "\"$x;$y;$z\"" : () } - @{$unified_info{libraries}})) -} -MODULES={- join(" \\\n" . ' ' x 8, - fill_lines(" ", $COLUMNS - 8, - map { platform->dso($_) } - # Drop all modules that are dependencies, they will - # be processed through their dependents - grep { my $x = $_; - !grep { grep { $_ eq $x } @$_ } - values %{$unified_info{depends}} } - @{$unified_info{modules}})) -} -FIPSMODULE={- # We do some extra checking here, as there should be only one - use File::Basename; - our @fipsmodules = - grep { !$unified_info{attributes}->{modules}->{$_}->{noinst} - && $unified_info{attributes}->{modules}->{$_}->{fips} } - @{$unified_info{modules}}; - die "More that one FIPS module" if scalar @fipsmodules > 1; - join(" ", map { platform->dso($_) } @fipsmodules) -} -FIPSMODULENAME={- die "More that one FIPS module" if scalar @fipsmodules > 1; - join(" ", map { basename(platform->dso($_)) } @fipsmodules) -} - -PROGRAMS={- join(" \\\n" . ' ' x 9, - fill_lines(" ", $COLUMNS - 9, - map { platform->bin($_) } - @{$unified_info{programs}})) -} -SCRIPTS={- join(" \\\n" . ' ' x 8, - fill_lines(" ", $COLUMNS - 8, @{$unified_info{scripts}})) -} -{- output_off() if $disabled{makedepend}; "" -} -DEPS={- join(" \\\n" . ' ' x 5, - fill_lines(" ", $COLUMNS - 5, - map { platform->isobj($_) ? platform->dep($_) : () } - grep { $unified_info{sources}->{$_}->[0] =~ /\.c$/ } - keys %{$unified_info{sources}})); -} -{- output_on() if $disabled{makedepend}; "" -} -GENERATED_MANDATORY={- join(" \\\n" . ' ' x 20, - fill_lines(" ", $COLUMNS - 20, - @{$unified_info{depends}->{""}})) -} -GENERATED_PODS={- # common0.tmpl provides @generated - join(" \\\n" . ' ' x 15, - fill_lines(" ", $COLUMNS - 15, - map { my $x = $_; - ( - grep { - $unified_info{attributes}->{depends} - ->{$x}->{$_}->{pod} // 0 - } - keys %{$unified_info{attributes}->{depends}->{$x}} - ) ? $x : (); - } - @generated)) -} -GENERATED={- # common0.tmpl provides @generated - join(" \\\n" . ' ' x 5, - fill_lines(" ", $COLUMNS - 5, - map { platform->convertext($_) } @generated )) -} - -INSTALL_LIBS={- - join(" \\\n" . ' ' x 13, - fill_lines(" ", $COLUMNS - 13, - map { platform->staticlib($_) // () } - grep { !$unified_info{attributes}->{libraries}->{$_}->{noinst} } - @{$unified_info{libraries}})) --} -INSTALL_SHLIBS={- - join(" \\\n" . ' ' x 15, - fill_lines(" ", $COLUMNS - 15, - map { platform->sharedlib($_) // () } - grep { !$unified_info{attributes}->{libraries}->{$_}->{noinst} } - @{$unified_info{libraries}})) --} -INSTALL_SHLIB_INFO={- - join(" \\\n" . ' ' x 19, - fill_lines(" ", $COLUMNS - 19, - map { my $x = platform->sharedlib($_); - my $y = platform->sharedlib_simple($_) // ''; - my $z = platform->sharedlib_import($_) // ''; - $x ? "\"$x;$y;$z\"" : () } - grep { !$unified_info{attributes}->{libraries}->{$_}->{noinst} } - @{$unified_info{libraries}})) --} -INSTALL_ENGINES={- - join(" \\\n" . ' ' x 16, - fill_lines(" ", $COLUMNS - 16, - map { platform->dso($_) } - grep { !$unified_info{attributes}->{modules}->{$_}->{noinst} - && $unified_info{attributes}->{modules}->{$_}->{engine} } - @{$unified_info{modules}})) --} -INSTALL_MODULES={- - join(" \\\n" . ' ' x 16, - fill_lines(" ", $COLUMNS - 16, - map { platform->dso($_) } - grep { !$unified_info{attributes}->{modules}->{$_}->{noinst} - && !$unified_info{attributes}->{modules}->{$_}->{engine} - && !$unified_info{attributes}->{modules}->{$_}->{fips} } - @{$unified_info{modules}})) --} -INSTALL_FIPSMODULE={- - join(" \\\n" . ' ' x 16, - fill_lines(" ", $COLUMNS - 16, - map { platform->dso($_) } - grep { !$unified_info{attributes}->{modules}->{$_}->{noinst} - && $unified_info{attributes}->{modules}->{$_}->{fips} } - @{$unified_info{modules}})) --} -INSTALL_FIPSMODULECONF=providers/fipsmodule.cnf -INSTALL_PROGRAMS={- - join(" \\\n" . ' ' x 16, - fill_lines(" ", $COLUMNS - 16, map { platform->bin($_) } - grep { !$unified_info{attributes}->{programs}->{$_}->{noinst} } - @{$unified_info{programs}})) --} -BIN_SCRIPTS={- - join(" \\\n" . ' ' x 12, - fill_lines(" ", $COLUMNS - 12, - map { my $x = $unified_info{attributes}->{scripts}->{$_}->{linkname}; - $x ? "$_:$x" : $_ } - grep { !$unified_info{attributes}->{scripts}->{$_}->{noinst} - && !$unified_info{attributes}->{scripts}->{$_}->{misc} } - @{$unified_info{scripts}})) --} -MISC_SCRIPTS={- - join(" \\\n" . ' ' x 13, - fill_lines(" ", $COLUMNS - 13, - map { my $x = $unified_info{attributes}->{scripts}->{$_}->{linkname}; - $x ? "$_:$x" : $_ } - grep { !$unified_info{attributes}->{scripts}->{$_}->{noinst} - && $unified_info{attributes}->{scripts}->{$_}->{misc} } - @{$unified_info{scripts}})) --} -IMAGEDOCS1={- - join(" \\\n" . ' ' x 10, - fill_lines(" ", $COLUMNS - 10, - @{$unified_info{imagedocs}->{man1}})) -} -IMAGEDOCS3={- - join(" \\\n" . ' ' x 10, - fill_lines(" ", $COLUMNS - 10, - @{$unified_info{imagedocs}->{man3}})) -} -IMAGEDOCS5={- - join(" \\\n" . ' ' x 10, - fill_lines(" ", $COLUMNS - 10, - @{$unified_info{imagedocs}->{man5}})) -} -IMAGEDOCS7={- - join(" \\\n" . ' ' x 10, - fill_lines(" ", $COLUMNS - 10, - @{$unified_info{imagedocs}->{man7}})) -} -HTMLDOCS1={- - join(" \\\n" . ' ' x 10, - fill_lines(" ", $COLUMNS - 10, - @{$unified_info{htmldocs}->{man1}})) -} -HTMLDOCS3={- - join(" \\\n" . ' ' x 10, - fill_lines(" ", $COLUMNS - 10, - @{$unified_info{htmldocs}->{man3}})) -} -HTMLDOCS5={- - join(" \\\n" . ' ' x 10, - fill_lines(" ", $COLUMNS - 10, - @{$unified_info{htmldocs}->{man5}})) -} -HTMLDOCS7={- - join(" \\\n" . ' ' x 10, - fill_lines(" ", $COLUMNS - 10, - @{$unified_info{htmldocs}->{man7}})) -} -MANDOCS1={- - join(" \\\n" . ' ' x 9, - fill_lines(" ", $COLUMNS - 9, - @{$unified_info{mandocs}->{man1}})) -} -MANDOCS3={- - join(" \\\n" . ' ' x 9, - fill_lines(" ", $COLUMNS - 9, - @{$unified_info{mandocs}->{man3}})) -} -MANDOCS5={- - join(" \\\n" . ' ' x 9, - fill_lines(" ", $COLUMNS - 9, - @{$unified_info{mandocs}->{man5}})) -} -MANDOCS7={- - join(" \\\n" . ' ' x 9, - fill_lines(" ", $COLUMNS - 9, - @{$unified_info{mandocs}->{man7}})) -} - -APPS_OPENSSL="{- use File::Spec::Functions; - catfile("apps","openssl") -}" - -# DESTDIR is for package builders so that they can configure for, say, -# /usr/ and yet have everything installed to /tmp/somedir/usr/. -# Normally it is left empty. -DESTDIR= - -# Do not edit these manually. Use Configure with --prefix or --openssldir -# to change this! Short explanation in the top comment in Configure -INSTALLTOP={- # $prefix is used in the OPENSSLDIR perl snippet - # - our $prefix = $config{prefix} || "/usr/local"; - $prefix -} -OPENSSLDIR={- # - # The logic here is that if no --openssldir was given, - # OPENSSLDIR will get the value from $prefix plus "/ssl". - # If --openssldir was given and the value is an absolute - # path, OPENSSLDIR will get its value without change. - # If the value from --openssldir is a relative path, - # OPENSSLDIR will get $prefix with the --openssldir - # value appended as a subdirectory. - # - use File::Spec::Functions; - our $openssldir = - $config{openssldir} ? - (file_name_is_absolute($config{openssldir}) ? - $config{openssldir} - : catdir($prefix, $config{openssldir})) - : catdir($prefix, "ssl"); - $openssldir -} -LIBDIR={- our $libdir = $config{libdir}; - unless ($libdir) { - $libdir = "lib$target{multilib}"; - } - file_name_is_absolute($libdir) ? "" : $libdir -} -# $(libdir) is chosen to be compatible with the GNU coding standards -libdir={- file_name_is_absolute($libdir) - ? $libdir : '$(INSTALLTOP)/$(LIBDIR)' -} -ENGINESDIR=$(libdir)/engines-{- $sover_dirname -} -MODULESDIR=$(libdir)/ossl-modules - -# Convenience variable for those who want to set the rpath in shared -# libraries and applications -LIBRPATH=$(libdir) - -MANDIR=$(INSTALLTOP)/share/man -DOCDIR=$(INSTALLTOP)/share/doc/$(BASENAME) -HTMLDIR=$(DOCDIR)/html - -# MANSUFFIX is for the benefit of anyone who may want to have a suffix -# appended after the manpage file section number. "ssl" is popular, -# resulting in files such as config.5ssl rather than config.5. -MANSUFFIX=ossl -HTMLSUFFIX=html - -# For "optional" echo messages, to get "real" silence -ECHO = echo - -##### User defined commands and flags ################################ - -# We let the C compiler driver to take care of .s files. This is done in -# order to be excused from maintaining a separate set of architecture -# dependent assembler flags. E.g. if you throw -mcpu=ultrasparc at SPARC -# gcc, then the driver will automatically translate it to -xarch=v8plus -# and pass it down to assembler. In any case, we do not define AS or -# ASFLAGS for this reason. - -CROSS_COMPILE={- $config{CROSS_COMPILE} -} -CC=$(CROSS_COMPILE){- $config{CC} -} -CXX={- $config{CXX} ? "\$(CROSS_COMPILE)$config{CXX}" : '' -} -CPPFLAGS={- our $cppflags1 = join(" ", - (map { "-D".$_} @{$config{CPPDEFINES}}), - (map { "-I".$_} @{$config{CPPINCLUDES}}), - @{$config{CPPFLAGS}}) -} -CFLAGS={- join(' ', @{$config{CFLAGS}}) -} -CXXFLAGS={- join(' ', @{$config{CXXFLAGS}}) -} -LDFLAGS= {- join(' ', @{$config{LDFLAGS}}) -} -EX_LIBS= {- join(' ', @{$config{LDLIBS}}) -} - -MAKEDEPEND={- $config{makedepcmd} -} - -PERL={- $config{PERL} -} - -AR=$(CROSS_COMPILE){- $config{AR} -} -ARFLAGS= {- join(' ', @{$config{ARFLAGS}}) -} -RANLIB={- $config{RANLIB} ? "\$(CROSS_COMPILE)$config{RANLIB}" : "true"; -} -RC= $(CROSS_COMPILE){- $config{RC} -} -RCFLAGS={- join(' ', @{$config{RCFLAGS}}) -} {- $target{shared_rcflag} -} - -RM= rm -f -RMDIR= rmdir -TAR= {- $target{TAR} || "tar" -} -TARFLAGS= {- $target{TARFLAGS} -} - -BASENAME= openssl -NAME= $(BASENAME)-$(VERSION) -# Relative to $(SRCDIR) -TARFILE= ../$(NAME).tar - -##### Project flags ################################################## - -# Variables starting with CNF_ are common variables for all product types - -CNF_CPPFLAGS={- our $cppflags2 = - join(' ', $target{cppflags} || (), - (map { "-D".$_} @{$target{defines}}, - @{$config{defines}}), - (map { "-I".$_} @{$target{includes}}, - @{$config{includes}}), - @{$config{cppflags}}) -} -CNF_CFLAGS={- join(' ', $target{cflags} || (), - @{$config{cflags}}) -} -CNF_CXXFLAGS={- join(' ', $target{cxxflags} || (), - @{$config{cxxflags}}) -} -CNF_LDFLAGS={- join(' ', $target{lflags} || (), - @{$config{lflags}}) -} -CNF_EX_LIBS={- join(' ', $target{ex_libs} || (), - @{$config{ex_libs}}) -} - -# Variables starting with LIB_ are used to build library object files -# and shared libraries. -# Variables starting with DSO_ are used to build DSOs and their object files. -# Variables starting with BIN_ are used to build programs and their object -# files. - -LIB_CPPFLAGS={- our $lib_cppflags = - join(' ', $target{lib_cppflags} || (), - $target{shared_cppflag} || (), - (map { '-D'.$_ } - @{$target{lib_defines} || ()}, - @{$target{shared_defines} || ()}, - @{$config{lib_defines} || ()}, - @{$config{shared_defines} || ()}), - (map { '-I'.quotify1($_) } - @{$target{lib_includes}}, - @{$target{shared_includes}}, - @{$config{lib_includes}}, - @{$config{shared_includes}}), - @{$config{lib_cppflags}}, - @{$config{shared_cppflag}}); - join(' ', $lib_cppflags, - (map { '-D'.$_ } - 'OPENSSLDIR="\"$(OPENSSLDIR)\""', - 'ENGINESDIR="\"$(ENGINESDIR)\""', - 'MODULESDIR="\"$(MODULESDIR)\""'), - '$(CNF_CPPFLAGS)', '$(CPPFLAGS)') -} -LIB_CFLAGS={- join(' ', $target{lib_cflags} || (), - $target{shared_cflag} || (), - @{$config{lib_cflags}}, - @{$config{shared_cflag}}, - '$(CNF_CFLAGS)', '$(CFLAGS)') -} -LIB_CXXFLAGS={- join(' ', $target{lib_cxxflags} || (), - $target{shared_cxxflag} || (), - @{$config{lib_cxxflags}}, - @{$config{shared_cxxflag}}, - '$(CNF_CXXFLAGS)', '$(CXXFLAGS)') -} -LIB_LDFLAGS={- join(' ', $target{shared_ldflag} || (), - $config{shared_ldflag} || (), - '$(CNF_LDFLAGS)', '$(LDFLAGS)') -} -LIB_EX_LIBS=$(CNF_EX_LIBS) $(EX_LIBS) -DSO_CPPFLAGS={- join(' ', $target{dso_cppflags} || (), - $target{module_cppflags} || (), - (map { '-D'.$_ } - @{$target{dso_defines}}, - @{$target{module_defines}}, - @{$config{dso_defines} || ()}, - @{$config{module_defines} || ()}), - (map { '-I'.quotify1($_) } - @{$target{dso_includes}}, - @{$target{module_includes}}, - @{$config{dso_includes}}, - @{$config{module_includes}}), - @{$config{dso_cppflags}}, - @{$config{module_cppflags}}, - '$(CNF_CPPFLAGS)', '$(CPPFLAGS)') -} -DSO_CFLAGS={- join(' ', $target{dso_cflags} || (), - $target{module_cflags} || (), - @{$config{dso_cflags}}, - @{$config{module_cflags}}, - '$(CNF_CFLAGS)', '$(CFLAGS)') -} -DSO_CXXFLAGS={- join(' ', $target{dso_cxxflags} || (), - $target{module_cxxflags} || (), - @{$config{dso_cxxflags}}, - @{$config{module_cxxflag}}, - '$(CNF_CXXFLAGS)', '$(CXXFLAGS)') -} -DSO_LDFLAGS={- join(' ', $target{dso_ldflags} || (), - $target{module_ldflags} || (), - @{$config{dso_ldflags}}, - @{$config{module_ldflags}}, - '$(CNF_LDFLAGS)', '$(LDFLAGS)') -} -DSO_EX_LIBS=$(CNF_EX_LIBS) $(EX_LIBS) -BIN_CPPFLAGS={- join(' ', $target{bin_cppflags} || (), - (map { '-D'.$_ } @{$config{bin_defines} || ()}), - @{$config{bin_cppflags}}, - '$(CNF_CPPFLAGS)', '$(CPPFLAGS)') -} -BIN_CFLAGS={- join(' ', $target{bin_cflags} || (), - @{$config{bin_cflags}}, - '$(CNF_CFLAGS)', '$(CFLAGS)') -} -BIN_CXXFLAGS={- join(' ', $target{bin_cxxflags} || (), - @{$config{bin_cxxflags}}, - '$(CNF_CXXFLAGS)', '$(CXXFLAGS)') -} -BIN_LDFLAGS={- join(' ', $target{bin_lflags} || (), - @{$config{bin_lflags}}, - '$(CNF_LDFLAGS)', '$(LDFLAGS)') -} -BIN_EX_LIBS=$(CNF_EX_LIBS) $(EX_LIBS) - -# CPPFLAGS_Q is used for one thing only: to build up buildinf.h -CPPFLAGS_Q={- $cppflags1 =~ s|([\\"])|\\$1|g; - $cppflags2 =~ s|([\\"])|\\$1|g; - $lib_cppflags =~ s|([\\"])|\\$1|g; - join(' ', $lib_cppflags || (), $cppflags2 || (), - $cppflags1 || ()) -} - -PERLASM_SCHEME= {- $target{perlasm_scheme} -} - -# For x86 assembler: Set PROCESSOR to 386 if you want to support -# the 80386. -PROCESSOR= {- $config{processor} -} - -# We want error [and other] messages in English. Trouble is that make(1) -# doesn't pass macros down as environment variables unless there already -# was corresponding variable originally set. In other words we can only -# reassign environment variables, but not set new ones, not in portable -# manner that is. That's why we reassign several, just to be sure... -LC_ALL=C -LC_MESSAGES=C -LANG=C - -# The main targets ################################################### - -{- dependmagic('build_sw'); -}: build_libs_nodep build_modules_nodep build_programs_nodep link-utils -{- dependmagic('build_libs'); -}: build_libs_nodep -{- dependmagic('build_modules'); -}: build_modules_nodep -{- dependmagic('build_programs'); -}: build_programs_nodep - -build_generated_pods: $(GENERATED_PODS) -build_docs: build_man_docs build_html_docs -build_man_docs: $(MANDOCS1) $(MANDOCS3) $(MANDOCS5) $(MANDOCS7) -build_html_docs: $(HTMLDOCS1) $(HTMLDOCS3) $(HTMLDOCS5) $(HTMLDOCS7) - -build_generated: $(GENERATED_MANDATORY) -build_libs_nodep: libcrypto.pc libssl.pc openssl.pc -build_modules_nodep: $(MODULES) -build_programs_nodep: $(PROGRAMS) $(SCRIPTS) - -# Kept around for backward compatibility -build_apps build_tests: build_programs - -# Convenience target to prebuild all generated files, not just the mandatory -# ones -build_all_generated: $(GENERATED_MANDATORY) $(GENERATED) build_docs - @ : {- output_off() if $disabled{makedepend}; "" -} - @echo "Warning: consider configuring with no-makedepend, because if" - @echo " target system doesn't have $(PERL)," - @echo " then make will fail..." - @ : {- output_on() if $disabled{makedepend}; "" -} - -all: build_sw build_docs - -test: tests -{- dependmagic('tests'); -}: build_programs_nodep build_modules_nodep link-utils run_tests -run_tests: - @ : {- output_off() if $disabled{tests}; "" -} - ( SRCTOP=$(SRCDIR) \ - BLDTOP=$(BLDDIR) \ - PERL="$(PERL)" \ - FIPSKEY="$(FIPSKEY)" \ - EXE_EXT={- platform->binext() -} \ - $(PERL) $(SRCDIR)/test/run_tests.pl $(TESTS) ) - @ : {- if ($disabled{tests}) { output_on(); } else { output_off(); } "" -} - @echo "Tests are not supported with your chosen Configure options" - @ : {- output_on() if !$disabled{tests}; "" -} - -list-tests: - @ : {- output_off() if $disabled{tests}; "" -} - $(MAKE) run_tests TESTS=list - @ : {- if ($disabled{tests}) { output_on(); } else { output_off(); } "" -} - @echo "Tests are not supported with your chosen Configure options" - @ : {- output_on() if !$disabled{tests}; "" -} - -install: install_sw install_ssldirs install_docs {- $disabled{fips} ? "" : "install_fips" -} - -uninstall: uninstall_docs uninstall_sw {- $disabled{fips} ? "" : "uninstall_fips" -} - -libclean: - @set -e; for s in $(SHLIB_INFO); do \ - if [ "$$s" = ";" ]; then continue; fi; \ - s1=`echo "$$s" | cut -f1 -d";"`; \ - s2=`echo "$$s" | cut -f2 -d";"`; \ - s3=`echo "$$s" | cut -f3 -d";"`; \ - $(ECHO) $(RM) $$s1; {- output_off() unless windowsdll(); "" -}\ - $(RM) apps/$$s1; \ - $(RM) test/$$s1; \ - $(RM) fuzz/$$s1; {- output_on() unless windowsdll(); "" -}\ - $(RM) $$s1; \ - if [ "$$s2" != "" ]; then \ - $(ECHO) $(RM) $$s2; \ - $(RM) $$s2; \ - fi; \ - if [ "$$s3" != "" ]; then \ - $(ECHO) $(RM) $$s3; \ - $(RM) $$s3; \ - fi; \ - done - $(RM) $(LIBS) - $(RM) *{- platform->defext() -} - -clean: libclean - $(RM) $(HTMLDOCS1) - $(RM) $(HTMLDOCS3) - $(RM) $(HTMLDOCS5) - $(RM) $(HTMLDOCS7) - $(RM) $(MANDOCS1) - $(RM) $(MANDOCS3) - $(RM) $(MANDOCS5) - $(RM) $(MANDOCS7) - $(RM) $(PROGRAMS) $(TESTPROGS) $(MODULES) $(FIPSMODULE) $(SCRIPTS) - $(RM) $(GENERATED_MANDATORY) $(GENERATED) - -find . -name '*{- platform->depext() -}' \! -name '.*' \! -type d -exec $(RM) {} \; - -find . -name '*{- platform->objext() -}' \! -name '.*' \! -type d -exec $(RM) {} \; - $(RM) core - $(RM) tags TAGS doc-nits md-nits - $(RM) -r test/test-runs - $(RM) providers/fips*.new - $(RM) openssl.pc libcrypto.pc libssl.pc - -find . -type l \! -name '.*' -exec $(RM) {} \; - -distclean: clean - $(RM) include/openssl/configuration.h - $(RM) configdata.pm - $(RM) Makefile - -# We check if any depfile is newer than Makefile and decide to -# concatenate only if that is true. -depend: Makefile - @: {- output_off() if $disabled{makedepend}; "" -} - @$(PERL) $(SRCDIR)/util/add-depends.pl "{- $makedep_scheme -}" - @: {- output_on() if $disabled{makedepend}; "" -} - -# Install helper targets ############################################# - -install_sw: install_dev install_engines install_modules install_runtime - -uninstall_sw: uninstall_runtime uninstall_modules uninstall_engines uninstall_dev - -install_docs: install_man_docs install_html_docs - -uninstall_docs: uninstall_man_docs uninstall_html_docs - $(RM) -r $(DESTDIR)$(DOCDIR) - -{- output_off() if $disabled{fips}; "" -} -install_fips: build_sw $(INSTALL_FIPSMODULECONF) - @[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1) - @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(MODULESDIR) - @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(OPENSSLDIR) - @$(ECHO) "*** Installing FIPS module" - @$(ECHO) "install $(INSTALL_FIPSMODULE) -> $(DESTDIR)$(MODULESDIR)/$(FIPSMODULENAME)" - @cp "$(INSTALL_FIPSMODULE)" $(DESTDIR)$(MODULESDIR)/$(FIPSMODULENAME).new - @chmod 755 $(DESTDIR)$(MODULESDIR)/$(FIPSMODULENAME).new - @mv -f $(DESTDIR)$(MODULESDIR)/$(FIPSMODULENAME).new \ - $(DESTDIR)$(MODULESDIR)/$(FIPSMODULENAME) - @$(ECHO) "*** Installing FIPS module configuration" - @$(ECHO) "install $(INSTALL_FIPSMODULECONF) -> $(DESTDIR)$(OPENSSLDIR)/fipsmodule.cnf" - @cp $(INSTALL_FIPSMODULECONF) $(DESTDIR)$(OPENSSLDIR)/fipsmodule.cnf - -uninstall_fips: - @$(ECHO) "*** Uninstalling FIPS module configuration" - $(RM) $(DESTDIR)$(OPENSSLDIR)/fipsmodule.cnf - @$(ECHO) "*** Uninstalling FIPS module" - $(RM) $(DESTDIR)$(MODULESDIR)/$(FIPSMODULENAME) -{- if ($disabled{fips}) { output_on(); } else { output_off(); } "" -} -install_fips: - @$(ECHO) "The 'install_fips' target requires the 'enable-fips' option" - -uninstall_fips: - @$(ECHO) "The 'uninstall_fips' target requires the 'enable-fips' option" -{- output_on() if !$disabled{fips}; "" -} - - -install_ssldirs: - @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(OPENSSLDIR)/certs - @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(OPENSSLDIR)/private - @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(OPENSSLDIR)/misc - @set -e; for x in dummy $(MISC_SCRIPTS); do \ - if [ "$$x" = "dummy" ]; then continue; fi; \ - x1=`echo "$$x" | cut -f1 -d:`; \ - x2=`echo "$$x" | cut -f2 -d:`; \ - fn=`basename $$x1`; \ - $(ECHO) "install $$x1 -> $(DESTDIR)$(OPENSSLDIR)/misc/$$fn"; \ - cp $$x1 $(DESTDIR)$(OPENSSLDIR)/misc/$$fn.new; \ - chmod 755 $(DESTDIR)$(OPENSSLDIR)/misc/$$fn.new; \ - mv -f $(DESTDIR)$(OPENSSLDIR)/misc/$$fn.new \ - $(DESTDIR)$(OPENSSLDIR)/misc/$$fn; \ - if [ "$$x1" != "$$x2" ]; then \ - ln=`basename "$$x2"`; \ - : {- output_off() unless windowsdll(); "" -}; \ - $(ECHO) "copy $(DESTDIR)$(OPENSSLDIR)/misc/$$ln -> $(DESTDIR)$(OPENSSLDIR)/misc/$$fn"; \ - cp $(DESTDIR)$(OPENSSLDIR)/misc/$$fn $(DESTDIR)$(OPENSSLDIR)/misc/$$ln; \ - : {- output_on() unless windowsdll(); - output_off() if windowsdll(); "" -}; \ - $(ECHO) "link $(DESTDIR)$(OPENSSLDIR)/misc/$$ln -> $(DESTDIR)$(OPENSSLDIR)/misc/$$fn"; \ - ln -sf $$fn $(DESTDIR)$(OPENSSLDIR)/misc/$$ln; \ - : {- output_on() if windowsdll(); "" -}; \ - fi; \ - done - @$(ECHO) "install $(SRCDIR)/apps/openssl.cnf -> $(DESTDIR)$(OPENSSLDIR)/openssl.cnf.dist" - @cp $(SRCDIR)/apps/openssl.cnf $(DESTDIR)$(OPENSSLDIR)/openssl.cnf.new - @chmod 644 $(DESTDIR)$(OPENSSLDIR)/openssl.cnf.new - @mv -f $(DESTDIR)$(OPENSSLDIR)/openssl.cnf.new $(DESTDIR)$(OPENSSLDIR)/openssl.cnf.dist - @if [ ! -f "$(DESTDIR)$(OPENSSLDIR)/openssl.cnf" ]; then \ - $(ECHO) "install $(SRCDIR)/apps/openssl.cnf -> $(DESTDIR)$(OPENSSLDIR)/openssl.cnf"; \ - cp $(SRCDIR)/apps/openssl.cnf $(DESTDIR)$(OPENSSLDIR)/openssl.cnf; \ - chmod 644 $(DESTDIR)$(OPENSSLDIR)/openssl.cnf; \ - fi - @$(ECHO) "install $(SRCDIR)/apps/ct_log_list.cnf -> $(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf.dist" - @cp $(SRCDIR)/apps/ct_log_list.cnf $(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf.new - @chmod 644 $(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf.new - @mv -f $(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf.new $(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf.dist - @if [ ! -f "$(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf" ]; then \ - $(ECHO) "install $(SRCDIR)/apps/ct_log_list.cnf -> $(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf"; \ - cp $(SRCDIR)/apps/ct_log_list.cnf $(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf; \ - chmod 644 $(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf; \ - fi - -install_dev: install_runtime_libs - @[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1) - @$(ECHO) "*** Installing development files" - @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(INSTALLTOP)/include/openssl - @ : {- output_off() if $disabled{uplink}; "" -} - @$(ECHO) "install $(SRCDIR)/ms/applink.c -> $(DESTDIR)$(INSTALLTOP)/include/openssl/applink.c" - @cp $(SRCDIR)/ms/applink.c $(DESTDIR)$(INSTALLTOP)/include/openssl/applink.c - @chmod 644 $(DESTDIR)$(INSTALLTOP)/include/openssl/applink.c - @ : {- output_on() if $disabled{uplink}; "" -} - @set -e; for i in $(SRCDIR)/include/openssl/*.h \ - $(BLDDIR)/include/openssl/*.h; do \ - fn=`basename $$i`; \ - $(ECHO) "install $$i -> $(DESTDIR)$(INSTALLTOP)/include/openssl/$$fn"; \ - cp $$i $(DESTDIR)$(INSTALLTOP)/include/openssl/$$fn; \ - chmod 644 $(DESTDIR)$(INSTALLTOP)/include/openssl/$$fn; \ - done - @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(libdir) - @set -e; for l in $(INSTALL_LIBS); do \ - fn=`basename $$l`; \ - $(ECHO) "install $$l -> $(DESTDIR)$(libdir)/$$fn"; \ - cp $$l $(DESTDIR)$(libdir)/$$fn.new; \ - $(RANLIB) $(DESTDIR)$(libdir)/$$fn.new; \ - chmod 644 $(DESTDIR)$(libdir)/$$fn.new; \ - mv -f $(DESTDIR)$(libdir)/$$fn.new \ - $(DESTDIR)$(libdir)/$$fn; \ - done - @ : {- output_off() if $disabled{shared}; "" -} - @set -e; for s in $(INSTALL_SHLIB_INFO); do \ - s1=`echo "$$s" | cut -f1 -d";"`; \ - s2=`echo "$$s" | cut -f2 -d";"`; \ - s3=`echo "$$s" | cut -f3 -d";"`; \ - fn1=`basename "$$s1"`; \ - fn2=`basename "$$s2"`; \ - fn3=`basename "$$s3"`; \ - : {- output_off(); output_on() unless windowsdll() or sharedaix(); "" -}; \ - if [ "$$fn2" != "" ]; then \ - $(ECHO) "link $(DESTDIR)$(libdir)/$$fn2 -> $(DESTDIR)$(libdir)/$$fn1"; \ - ln -sf $$fn1 $(DESTDIR)$(libdir)/$$fn2; \ - fi; \ - : {- output_off() unless windowsdll() or sharedaix(); output_on() if windowsdll(); "" -}; \ - if [ "$$fn3" != "" ]; then \ - $(ECHO) "install $$s3 -> $(DESTDIR)$(libdir)/$$fn3"; \ - cp $$s3 $(DESTDIR)$(libdir)/$$fn3.new; \ - chmod 755 $(DESTDIR)$(libdir)/$$fn3.new; \ - mv -f $(DESTDIR)$(libdir)/$$fn3.new \ - $(DESTDIR)$(libdir)/$$fn3; \ - fi; \ - : {- output_off() if windowsdll(); output_on() if sharedaix(); "" -}; \ - a=$(DESTDIR)$(libdir)/$$fn2; \ - $(ECHO) "install $$s1 -> $$a"; \ - if [ -f $$a ]; then ( trap "rm -rf /tmp/ar.$$$$" INT 0; \ - mkdir /tmp/ar.$$$$; ( cd /tmp/ar.$$$$; \ - cp -f $$a $$a.new; \ - for so in `$(AR) t $$a`; do \ - $(AR) x $$a $$so; \ - chmod u+w $$so; \ - strip -X32_64 -e $$so; \ - $(AR) r $$a.new $$so; \ - done; \ - )); fi; \ - $(AR) r $$a.new $$s1; \ - mv -f $$a.new $$a; \ - : {- output_off() if sharedaix(); output_on(); "" -}; \ - done - @ : {- output_on() if $disabled{shared}; "" -} - @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(libdir)/pkgconfig - @$(ECHO) "install libcrypto.pc -> $(DESTDIR)$(libdir)/pkgconfig/libcrypto.pc" - @cp libcrypto.pc $(DESTDIR)$(libdir)/pkgconfig - @chmod 644 $(DESTDIR)$(libdir)/pkgconfig/libcrypto.pc - @$(ECHO) "install libssl.pc -> $(DESTDIR)$(libdir)/pkgconfig/libssl.pc" - @cp libssl.pc $(DESTDIR)$(libdir)/pkgconfig - @chmod 644 $(DESTDIR)$(libdir)/pkgconfig/libssl.pc - @$(ECHO) "install openssl.pc -> $(DESTDIR)$(libdir)/pkgconfig/openssl.pc" - @cp openssl.pc $(DESTDIR)$(libdir)/pkgconfig - @chmod 644 $(DESTDIR)$(libdir)/pkgconfig/openssl.pc - -uninstall_dev: uninstall_runtime_libs - @$(ECHO) "*** Uninstalling development files" - @ : {- output_off() if $disabled{uplink}; "" -} - @$(ECHO) "$(RM) $(DESTDIR)$(INSTALLTOP)/include/openssl/applink.c" - @$(RM) $(DESTDIR)$(INSTALLTOP)/include/openssl/applink.c - @ : {- output_on() if $disabled{uplink}; "" -} - @set -e; for i in $(SRCDIR)/include/openssl/*.h \ - $(BLDDIR)/include/openssl/*.h; do \ - fn=`basename $$i`; \ - $(ECHO) "$(RM) $(DESTDIR)$(INSTALLTOP)/include/openssl/$$fn"; \ - $(RM) $(DESTDIR)$(INSTALLTOP)/include/openssl/$$fn; \ - done - -$(RMDIR) $(DESTDIR)$(INSTALLTOP)/include/openssl - -$(RMDIR) $(DESTDIR)$(INSTALLTOP)/include - @set -e; for l in $(INSTALL_LIBS); do \ - fn=`basename $$l`; \ - $(ECHO) "$(RM) $(DESTDIR)$(libdir)/$$fn"; \ - $(RM) $(DESTDIR)$(libdir)/$$fn; \ - done - @ : {- output_off() if $disabled{shared}; "" -} - @set -e; for s in $(INSTALL_SHLIB_INFO); do \ - s1=`echo "$$s" | cut -f1 -d";"`; \ - s2=`echo "$$s" | cut -f2 -d";"`; \ - s3=`echo "$$s" | cut -f3 -d";"`; \ - fn1=`basename "$$s1"`; \ - fn2=`basename "$$s2"`; \ - fn3=`basename "$$s3"`; \ - : {- output_off() if windowsdll(); "" -}; \ - $(ECHO) "$(RM) $(DESTDIR)$(libdir)/$$fn1"; \ - $(RM) $(DESTDIR)$(libdir)/$$fn1; \ - if [ -n "$$fn2" ]; then \ - $(ECHO) "$(RM) $(DESTDIR)$(libdir)/$$fn2"; \ - $(RM) $(DESTDIR)$(libdir)/$$fn2; \ - fi; \ - : {- output_on() if windowsdll(); "" -}{- output_off() unless windowsdll(); "" -}; \ - if [ -n "$$fn3" ]; then \ - $(ECHO) "$(RM) $(DESTDIR)$(libdir)/$$fn3"; \ - $(RM) $(DESTDIR)$(libdir)/$$fn3; \ - fi; \ - : {- output_on() unless windowsdll(); "" -}; \ - done - @ : {- output_on() if $disabled{shared}; "" -} - $(RM) $(DESTDIR)$(libdir)/pkgconfig/libcrypto.pc - $(RM) $(DESTDIR)$(libdir)/pkgconfig/libssl.pc - $(RM) $(DESTDIR)$(libdir)/pkgconfig/openssl.pc - -$(RMDIR) $(DESTDIR)$(libdir)/pkgconfig - -$(RMDIR) $(DESTDIR)$(libdir) - -_install_modules_deps: install_runtime_libs build_modules - -install_engines: _install_modules_deps - @[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1) - @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(ENGINESDIR)/ - @$(ECHO) "*** Installing engines" - @set -e; for e in dummy $(INSTALL_ENGINES); do \ - if [ "$$e" = "dummy" ]; then continue; fi; \ - fn=`basename $$e`; \ - $(ECHO) "install $$e -> $(DESTDIR)$(ENGINESDIR)/$$fn"; \ - cp $$e $(DESTDIR)$(ENGINESDIR)/$$fn.new; \ - chmod 755 $(DESTDIR)$(ENGINESDIR)/$$fn.new; \ - mv -f $(DESTDIR)$(ENGINESDIR)/$$fn.new \ - $(DESTDIR)$(ENGINESDIR)/$$fn; \ - done - -uninstall_engines: - @$(ECHO) "*** Uninstalling engines" - @set -e; for e in dummy $(INSTALL_ENGINES); do \ - if [ "$$e" = "dummy" ]; then continue; fi; \ - fn=`basename $$e`; \ - $(ECHO) "$(RM) $(DESTDIR)$(ENGINESDIR)/$$fn"; \ - $(RM) $(DESTDIR)$(ENGINESDIR)/$$fn; \ - done - -$(RMDIR) $(DESTDIR)$(ENGINESDIR) - -install_modules: _install_modules_deps - @[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1) - @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(MODULESDIR)/ - @$(ECHO) "*** Installing modules" - @set -e; for e in dummy $(INSTALL_MODULES); do \ - if [ "$$e" = "dummy" ]; then continue; fi; \ - fn=`basename $$e`; \ - $(ECHO) "install $$e -> $(DESTDIR)$(MODULESDIR)/$$fn"; \ - cp $$e $(DESTDIR)$(MODULESDIR)/$$fn.new; \ - chmod 755 $(DESTDIR)$(MODULESDIR)/$$fn.new; \ - mv -f $(DESTDIR)$(MODULESDIR)/$$fn.new \ - $(DESTDIR)$(MODULESDIR)/$$fn; \ - done - -uninstall_modules: - @$(ECHO) "*** Uninstalling modules" - @set -e; for e in dummy $(INSTALL_MODULES); do \ - if [ "$$e" = "dummy" ]; then continue; fi; \ - fn=`basename $$e`; \ - $(ECHO) "$(RM) $(DESTDIR)$(MODULESDIR)/$$fn"; \ - $(RM) $(DESTDIR)$(MODULESDIR)/$$fn; \ - done - -$(RMDIR) $(DESTDIR)$(MODULESDIR) - -install_runtime: install_programs - -install_runtime_libs: build_libs - @[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1) - @ : {- output_off() if windowsdll(); "" -} - @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(libdir) - @ : {- output_on() if windowsdll(); output_off() unless windowsdll(); "" -} - @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(INSTALLTOP)/bin - @ : {- output_on() unless windowsdll(); "" -} - @$(ECHO) "*** Installing runtime libraries" - @set -e; for s in dummy $(INSTALL_SHLIBS); do \ - if [ "$$s" = "dummy" ]; then continue; fi; \ - fn=`basename $$s`; \ - : {- output_off() unless windowsdll(); "" -}; \ - $(ECHO) "install $$s -> $(DESTDIR)$(INSTALLTOP)/bin/$$fn"; \ - cp $$s $(DESTDIR)$(INSTALLTOP)/bin/$$fn.new; \ - chmod 755 $(DESTDIR)$(INSTALLTOP)/bin/$$fn.new; \ - mv -f $(DESTDIR)$(INSTALLTOP)/bin/$$fn.new \ - $(DESTDIR)$(INSTALLTOP)/bin/$$fn; \ - : {- output_on() unless windowsdll(); "" -}{- output_off() if windowsdll(); "" -}; \ - $(ECHO) "install $$s -> $(DESTDIR)$(libdir)/$$fn"; \ - cp $$s $(DESTDIR)$(libdir)/$$fn.new; \ - chmod 755 $(DESTDIR)$(libdir)/$$fn.new; \ - mv -f $(DESTDIR)$(libdir)/$$fn.new \ - $(DESTDIR)$(libdir)/$$fn; \ - : {- output_on() if windowsdll(); "" -}; \ - done - -install_programs: install_runtime_libs build_programs - @[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1) - @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(INSTALLTOP)/bin - @$(ECHO) "*** Installing runtime programs" - @set -e; for x in dummy $(INSTALL_PROGRAMS); do \ - if [ "$$x" = "dummy" ]; then continue; fi; \ - fn=`basename $$x`; \ - $(ECHO) "install $$x -> $(DESTDIR)$(INSTALLTOP)/bin/$$fn"; \ - cp $$x $(DESTDIR)$(INSTALLTOP)/bin/$$fn.new; \ - chmod 755 $(DESTDIR)$(INSTALLTOP)/bin/$$fn.new; \ - mv -f $(DESTDIR)$(INSTALLTOP)/bin/$$fn.new \ - $(DESTDIR)$(INSTALLTOP)/bin/$$fn; \ - done - @set -e; for x in dummy $(BIN_SCRIPTS); do \ - if [ "$$x" = "dummy" ]; then continue; fi; \ - fn=`basename $$x`; \ - $(ECHO) "install $$x -> $(DESTDIR)$(INSTALLTOP)/bin/$$fn"; \ - cp $$x $(DESTDIR)$(INSTALLTOP)/bin/$$fn.new; \ - chmod 755 $(DESTDIR)$(INSTALLTOP)/bin/$$fn.new; \ - mv -f $(DESTDIR)$(INSTALLTOP)/bin/$$fn.new \ - $(DESTDIR)$(INSTALLTOP)/bin/$$fn; \ - done - -uninstall_runtime: uninstall_programs uninstall_runtime_libs - -uninstall_programs: - @$(ECHO) "*** Uninstalling runtime programs" - @set -e; for x in dummy $(INSTALL_PROGRAMS); \ - do \ - if [ "$$x" = "dummy" ]; then continue; fi; \ - fn=`basename $$x`; \ - $(ECHO) "$(RM) $(DESTDIR)$(INSTALLTOP)/bin/$$fn"; \ - $(RM) $(DESTDIR)$(INSTALLTOP)/bin/$$fn; \ - done; - @set -e; for x in dummy $(BIN_SCRIPTS); \ - do \ - if [ "$$x" = "dummy" ]; then continue; fi; \ - fn=`basename $$x`; \ - $(ECHO) "$(RM) $(DESTDIR)$(INSTALLTOP)/bin/$$fn"; \ - $(RM) $(DESTDIR)$(INSTALLTOP)/bin/$$fn; \ - done - -$(RMDIR) $(DESTDIR)$(INSTALLTOP)/bin - -uninstall_runtime_libs: - @$(ECHO) "*** Uninstalling runtime libraries" - @ : {- output_off() unless windowsdll(); "" -} - @set -e; for s in dummy $(INSTALL_SHLIBS); do \ - if [ "$$s" = "dummy" ]; then continue; fi; \ - fn=`basename $$s`; \ - $(ECHO) "$(RM) $(DESTDIR)$(INSTALLTOP)/bin/$$fn"; \ - $(RM) $(DESTDIR)$(INSTALLTOP)/bin/$$fn; \ - done - @ : {- output_on() unless windowsdll(); "" -} - - -install_man_docs: build_man_docs - @[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1) - @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(MANDIR)/man1 - @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(MANDIR)/man3 - @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(MANDIR)/man5 - @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(MANDIR)/man7 - @$(ECHO) "*** Installing manpages" - @set -e; for x in dummy $(MANDOCS1); do \ - if [ "$$x" = "dummy" ]; then continue; fi; \ - fn=`basename $$x`; \ - $(ECHO) "install $$x -> $(DESTDIR)$(MANDIR)/man1/$${fn}$(MANSUFFIX)"; \ - cp $$x $(DESTDIR)$(MANDIR)/man1/$${fn}$(MANSUFFIX); \ - chmod 644 $(DESTDIR)$(MANDIR)/man1/$${fn}$(MANSUFFIX); \ - $(PERL) $(SRCDIR)/util/write-man-symlinks install $(SRCDIR)/doc/man1 $(BLDDIR)/doc/man1 $${fn}$(MANSUFFIX) $(DESTDIR)$(MANDIR)/man1; \ - done - @set -e; for x in dummy $(MANDOCS3); do \ - if [ "$$x" = "dummy" ]; then continue; fi; \ - fn=`basename $$x`; \ - $(ECHO) "install $$x -> $(DESTDIR)$(MANDIR)/man3/$${fn}$(MANSUFFIX)"; \ - cp $$x $(DESTDIR)$(MANDIR)/man3/$${fn}$(MANSUFFIX); \ - chmod 644 $(DESTDIR)$(MANDIR)/man3/$${fn}$(MANSUFFIX); \ - $(PERL) $(SRCDIR)/util/write-man-symlinks install $(SRCDIR)/doc/man3 $(BLDDIR)/doc/man3 $${fn}$(MANSUFFIX) $(DESTDIR)$(MANDIR)/man3; \ - done - @set -e; for x in dummy $(MANDOCS5); do \ - if [ "$$x" = "dummy" ]; then continue; fi; \ - fn=`basename $$x`; \ - $(ECHO) "install $$x -> $(DESTDIR)$(MANDIR)/man5/$${fn}$(MANSUFFIX)"; \ - cp $$x $(DESTDIR)$(MANDIR)/man5/$${fn}$(MANSUFFIX); \ - chmod 644 $(DESTDIR)$(MANDIR)/man5/$${fn}$(MANSUFFIX); \ - $(PERL) $(SRCDIR)/util/write-man-symlinks install $(SRCDIR)/doc/man5 $(BLDDIR)/doc/man5 $${fn}$(MANSUFFIX) $(DESTDIR)$(MANDIR)/man5; \ - done - @set -e; for x in dummy $(MANDOCS7); do \ - if [ "$$x" = "dummy" ]; then continue; fi; \ - fn=`basename $$x`; \ - $(ECHO) "install $$x -> $(DESTDIR)$(MANDIR)/man7/$${fn}$(MANSUFFIX)"; \ - cp $$x $(DESTDIR)$(MANDIR)/man7/$${fn}$(MANSUFFIX); \ - chmod 644 $(DESTDIR)$(MANDIR)/man7/$${fn}$(MANSUFFIX); \ - $(PERL) $(SRCDIR)/util/write-man-symlinks install $(SRCDIR)/doc/man7 $(BLDDIR)/doc/man7 $${fn}$(MANSUFFIX) $(DESTDIR)$(MANDIR)/man7; \ - done - -uninstall_man_docs: build_man_docs - @$(ECHO) "*** Uninstalling manpages" - @set -e; for x in dummy $(MANDOCS1); do \ - if [ "$$x" = "dummy" ]; then continue; fi; \ - fn=`basename $$x`; \ - $(ECHO) "$(RM) $(DESTDIR)$(MANDIR)/man1/$${fn}$(MANSUFFIX)"; \ - $(RM) $(DESTDIR)$(MANDIR)/man1/$${fn}$(MANSUFFIX); \ - $(PERL) $(SRCDIR)/util/write-man-symlinks uninstall $(SRCDIR)/doc/man1 $(BLDDIR)/doc/man1 $${fn}$(MANSUFFIX) $(DESTDIR)$(MANDIR)/man1; \ - done - @set -e; for x in dummy $(MANDOCS3); do \ - if [ "$$x" = "dummy" ]; then continue; fi; \ - fn=`basename $$x`; \ - $(ECHO) "$(RM) $(DESTDIR)$(MANDIR)/man3/$${fn}$(MANSUFFIX)"; \ - $(RM) $(DESTDIR)$(MANDIR)/man3/$${fn}$(MANSUFFIX); \ - $(PERL) $(SRCDIR)/util/write-man-symlinks uninstall $(SRCDIR)/doc/man3 $(BLDDIR)/doc/man3 $${fn}$(MANSUFFIX) $(DESTDIR)$(MANDIR)/man3; \ - done - @set -e; for x in dummy $(MANDOCS5); do \ - if [ "$$x" = "dummy" ]; then continue; fi; \ - fn=`basename $$x`; \ - $(ECHO) "$(RM) $(DESTDIR)$(MANDIR)/man5/$${fn}$(MANSUFFIX)"; \ - $(RM) $(DESTDIR)$(MANDIR)/man5/$${fn}$(MANSUFFIX); \ - $(PERL) $(SRCDIR)/util/write-man-symlinks uninstall $(SRCDIR)/doc/man5 $(BLDDIR)/doc/man5 $${fn}$(MANSUFFIX) $(DESTDIR)$(MANDIR)/man5; \ - done - @set -e; for x in dummy $(MANDOCS7); do \ - if [ "$$x" = "dummy" ]; then continue; fi; \ - fn=`basename $$x`; \ - $(ECHO) "$(RM) $(DESTDIR)$(MANDIR)/man7/$${fn}$(MANSUFFIX)"; \ - $(RM) $(DESTDIR)$(MANDIR)/man7/$${fn}$(MANSUFFIX); \ - $(PERL) $(SRCDIR)/util/write-man-symlinks uninstall $(SRCDIR)/doc/man7 $(BLDDIR)/doc/man7 $${fn}$(MANSUFFIX) $(DESTDIR)$(MANDIR)/man7; \ - done - -install_html_docs: install_image_docs build_html_docs - @[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1) - @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(HTMLDIR)/man1 - @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(HTMLDIR)/man3 - @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(HTMLDIR)/man5 - @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(HTMLDIR)/man7 - @$(ECHO) "*** Installing HTML manpages" - @set -e; for x in dummy $(HTMLDOCS1); do \ - if [ "$$x" = "dummy" ]; then continue; fi; \ - fn=`basename $$x`; \ - $(ECHO) "install $$x -> $(DESTDIR)$(HTMLDIR)/man1/$$fn"; \ - cp $$x $(DESTDIR)$(HTMLDIR)/man1/$$fn; \ - chmod 644 $(DESTDIR)$(HTMLDIR)/man1/$$fn; \ - done - @set -e; for x in dummy $(HTMLDOCS3); do \ - if [ "$$x" = "dummy" ]; then continue; fi; \ - fn=`basename $$x`; \ - $(ECHO) "install $$x -> $(DESTDIR)$(HTMLDIR)/man3/$$fn"; \ - cp $$x $(DESTDIR)$(HTMLDIR)/man3/$$fn; \ - chmod 644 $(DESTDIR)$(HTMLDIR)/man3/$$fn; \ - done - @set -e; for x in dummy $(HTMLDOCS5); do \ - if [ "$$x" = "dummy" ]; then continue; fi; \ - fn=`basename $$x`; \ - $(ECHO) "install $$x -> $(DESTDIR)$(HTMLDIR)/man5/$$fn"; \ - cp $$x $(DESTDIR)$(HTMLDIR)/man5/$$fn; \ - chmod 644 $(DESTDIR)$(HTMLDIR)/man5/$$fn; \ - done - @set -e; for x in dummy $(HTMLDOCS7); do \ - if [ "$$x" = "dummy" ]; then continue; fi; \ - fn=`basename $$x`; \ - $(ECHO) "install $$x -> $(DESTDIR)$(HTMLDIR)/man7/$$fn"; \ - cp $$x $(DESTDIR)$(HTMLDIR)/man7/$$fn; \ - chmod 644 $(DESTDIR)$(HTMLDIR)/man7/$$fn; \ - done - -uninstall_html_docs: uninstall_image_docs - @$(ECHO) "*** Uninstalling HTML manpages" - @set -e; for x in dummy $(HTMLDOCS1); do \ - if [ "$$x" = "dummy" ]; then continue; fi; \ - fn=`basename $$x`; \ - $(ECHO) "$(RM) $(DESTDIR)$(HTMLDIR)/man1/$$fn"; \ - $(RM) $(DESTDIR)$(HTMLDIR)/man1/$$fn; \ - done - @set -e; for x in dummy $(HTMLDOCS3); do \ - if [ "$$x" = "dummy" ]; then continue; fi; \ - fn=`basename $$x`; \ - $(ECHO) "$(RM) $(DESTDIR)$(HTMLDIR)/man3/$$fn"; \ - $(RM) $(DESTDIR)$(HTMLDIR)/man3/$$fn; \ - done - @set -e; for x in dummy $(HTMLDOCS5); do \ - if [ "$$x" = "dummy" ]; then continue; fi; \ - fn=`basename $$x`; \ - $(ECHO) "$(RM) $(DESTDIR)$(HTMLDIR)/man5/$$fn"; \ - $(RM) $(DESTDIR)$(HTMLDIR)/man5/$$fn; \ - done - @set -e; for x in dummy $(HTMLDOCS7); do \ - if [ "$$x" = "dummy" ]; then continue; fi; \ - fn=`basename $$x`; \ - $(ECHO) "$(RM) $(DESTDIR)$(HTMLDIR)/man7/$$fn"; \ - $(RM) $(DESTDIR)$(HTMLDIR)/man7/$$fn; \ - done - -install_image_docs: - @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(HTMLDIR)/man7/img - @set -e; for x in dummy $(IMAGEDOCS7); do \ - if [ "$$x" = "dummy" ]; then continue; fi; \ - fn=`basename $$x`; \ - $(ECHO) "install $$x -> $(DESTDIR)$(HTMLDIR)/man7/img/$$fn"; \ - cp $(SRCDIR)/$$x $(DESTDIR)$(HTMLDIR)/man7/img/$$fn; \ - chmod 644 $(DESTDIR)$(HTMLDIR)/man7/img/$$fn; \ - done - -uninstall_image_docs: - @set -e; for x in dummy $(IMAGEDOCS7); do \ - if [ "$$x" = "dummy" ]; then continue; fi; \ - fn=`basename $$x`; \ - $(ECHO) "$(RM) $(DESTDIR)$(HTMLDIR)/man7/img/$$fn"; \ - $(RM) $(DESTDIR)$(HTMLDIR)/man7/img/$$fn; \ - done - -# Developer targets (note: these are only available on Unix) ######### - -# It's important that generate_buildinfo comes after ordinals, as ordinals -# is sensitive to build.info changes. -update: generate errors ordinals generate_buildinfo - -generate: generate_apps generate_crypto_bn generate_crypto_objects \ - generate_crypto_conf generate_crypto_asn1 generate_fuzz_oids - -generate_buildinfo: generate_doc_buildinfo - -.PHONY: doc-nits md-nits -doc-nits: build_generated_pods - $(PERL) $(SRCDIR)/util/find-doc-nits -c -n -l -e - -# This uses "mdl", the markdownlint application, which is written in ruby. -# The source is at https://github.com/markdownlint/markdownlint -# If you have ruby installed, "gem install mdl" should work. -# Another option is at https://snapcraft.io/install/mdl/debian -# Finally, there's a Node.js version, which we haven't tried, that -# can be found at https://github.com/DavidAnson/markdownlint -md-nits: - mdl -s util/markdownlint.rb . - -# Test coverage is a good idea for the future -#coverage: $(PROGRAMS) $(TESTPROGRAMS) -# ... - -lint: - lint -DLINT $(INCLUDES) $(SRCS) - -generate_apps: - ( cd $(SRCDIR); $(PERL) VMS/VMSify-conf.pl \ - < apps/openssl.cnf > apps/openssl-vms.cnf ) - -generate_crypto_bn: - ( cd $(SRCDIR); $(PERL) crypto/bn/bn_prime.pl > crypto/bn/bn_prime.h ) - -generate_crypto_objects: - ( cd $(SRCDIR); $(PERL) crypto/objects/objects.pl -n \ - crypto/objects/objects.txt \ - crypto/objects/obj_mac.num \ - > crypto/objects/obj_mac.new && \ - mv crypto/objects/obj_mac.new crypto/objects/obj_mac.num ) - ( cd $(SRCDIR); $(PERL) crypto/objects/objects.pl \ - crypto/objects/objects.txt \ - crypto/objects/obj_mac.num \ - > include/openssl/obj_mac.h ) - ( cd $(SRCDIR); $(PERL) crypto/objects/obj_dat.pl \ - include/openssl/obj_mac.h \ - > crypto/objects/obj_dat.h ) - ( cd $(SRCDIR); $(PERL) crypto/objects/objxref.pl \ - crypto/objects/obj_mac.num \ - crypto/objects/obj_xref.txt \ - > crypto/objects/obj_xref.h ) - ( cd $(SRCDIR); sed -e '1,8d' crypto/objects/obj_compat.h >> include/openssl/obj_mac.h ) - -generate_crypto_conf: - ( cd $(SRCDIR); $(PERL) crypto/conf/keysets.pl \ - > crypto/conf/conf_def.h ) - -generate_crypto_asn1: - ( cd $(SRCDIR); $(PERL) crypto/asn1/charmap.pl \ - > crypto/asn1/charmap.h ) - -generate_fuzz_oids: - ( cd $(SRCDIR); $(PERL) fuzz/mkfuzzoids.pl \ - crypto/objects/obj_dat.h \ - > fuzz/oids.txt ) - -generate_doc_buildinfo: - ( $(PERL) -I$(BLDDIR) -Mconfigdata \ - $(SRCDIR)/util/dofile.pl -o Makefile \ - $(SRCDIR)/doc/build.info.in \ - > $(SRCDIR)/doc/build.info.new; \ - if ( test -e $(SRCDIR)/doc/build.info \ - && cmp $(SRCDIR)/doc/build.info.new $(SRCDIR)/doc/build.info \ - > /dev/null ); \ - then \ - rm $(SRCDIR)/doc/build.info.new; \ - else \ - mv $(SRCDIR)/doc/build.info.new $(SRCDIR)/doc/build.info; \ - fi ) - -generate_fips_sources: providers/fips.module.sources.new -providers/fips.module.sources.new: configdata.pm - rm -rf sources-tmp - mkdir sources-tmp - ( \ - srcdir=`cd $(SRCDIR); pwd`; \ - cd sources-tmp \ - && $$srcdir/Configure --banner=Configured enable-fips -O0 \ - && ./configdata.pm --query 'get_sources("providers/fips")' > sources1 \ - && $(MAKE) -sj 4 build_generated providers/fips.so \ - && find . -name '*.d' | xargs cat > dep1 \ - && $(MAKE) distclean \ - && $$srcdir/Configure --banner=Configured enable-fips no-asm -O0 \ - && ./configdata.pm --query 'get_sources("providers/fips")' > sources2 \ - && $(MAKE) -sj 4 build_generated providers/fips.so \ - && find . -name '*.d' | xargs cat > dep2 \ - && cat sources1 sources2 \ - | grep -v ' : \\$$' | grep -v util/providers.num \ - | sed -e 's/^ *//' -e 's/ *\\$$//' \ - | sort | uniq > sources \ - && cat dep1 dep2 \ - | $(PERL) -p -e 's/\\\n//' \ - | sed -e 's/^.*: *//' -e 's/ */ /g' \ - | fgrep -f sources \ - | tr ' ' '\n' \ - | sort | uniq > deps.raw \ - && cat deps.raw \ - | xargs ./configdata.pm --query 'get_sources(@ARGV)' \ - | $(PERL) -p -e 's/\\\n//' \ - | sed -e 's/\./\\\./g' -e 's/ : */:/' -e 's/^/s:/' -e 's/$$/:/' \ - > deps.sed \ - && cat deps.raw | sed -f deps.sed > deps \ - ) - ( \ - cat sources-tmp/sources sources-tmp/deps \ - | $(PERL) -p -e 's:^ *\Q../\E:: ;' \ - -e 's:^\Q$(SRCDIR)/\E:: if "$(SRCDIR)" ne "." ;' \ - -e 'my $$x; do { $$x = $$_; s:(^|/)((?!\Q../\E)[^/]*/)\Q..\E($$|/):$$1: } while ($$x ne $$_) ;' ; \ - cd $(SRCDIR); \ - for x in crypto/bn/asm/*.pl crypto/bn/asm/*.S \ - crypto/aes/asm/*.pl crypto/aes/asm/*.S \ - crypto/ec/asm/*.pl \ - crypto/modes/asm/*.pl \ - crypto/sha/asm/*.pl \ - crypto/x86_64cpuid.pl; do \ - echo "$$x"; \ - done \ - ) | sort | uniq > providers/fips.module.sources.new - rm -rf sources-tmp - -# Set to -force to force a rebuild -ERROR_REBUILD= -errors: - ( b=`pwd`; set -e; cd $(SRCDIR); \ - $(PERL) util/ck_errf.pl -strict -internal; \ - $(PERL) -I$$b util/mkerr.pl $(ERROR_REBUILD) -internal ) - ( b=`pwd`; set -e; cd $(SRCDIR)/engines; \ - for E in *.ec ; do \ - $(PERL) ../util/ck_errf.pl -strict \ - -conf $$E `basename $$E .ec`.c; \ - $(PERL) -I$$b ../util/mkerr.pl $(ERROR_REBUILD) -static \ - -conf $$E `basename $$E .ec`.c ; \ - done ) - -{- use File::Basename; - - my @sslheaders_tmpl = - qw( include/openssl/ssl.h - include/openssl/ssl2.h - include/openssl/ssl3.h - include/openssl/sslerr.h - include/openssl/tls1.h - include/openssl/dtls1.h - include/openssl/srtp.h - include/openssl/sslerr_legacy.h ); - my @cryptoheaders_tmpl = - qw( include/internal/dso.h - include/internal/o_dir.h - include/internal/err.h - include/internal/evp.h - include/internal/pem.h - include/internal/asn1.h - include/internal/sslconf.h ); - my @cryptoskipheaders = ( @sslheaders_tmpl, - qw( include/openssl/conf_api.h - include/openssl/ebcdic.h - include/openssl/opensslconf.h - include/openssl/symhacks.h ) ); - our %cryptoheaders = (); - our %sslheaders = (); - foreach my $d ( qw( include/openssl include/internal ) ) { - my @header_patterns = - map { catfile($config{sourcedir}, $d, $_) } ( '*.h', '*.h.in' ); - foreach my $f ( map { glob($_) } @header_patterns ) { - my $base = basename($f); - my $base_in = basename($f, '.in'); - my $dir = catfile($config{sourcedir}, $d); - if ($base ne $base_in) { - # We have a .h.in file, which means the header file is in the - # build tree. - $base = $base_in; - $dir = catfile($config{builddir}, $d); - } - my $new_f = catfile($dir, $base); - my $fn = "$d/$base"; - # The logic to add files to @cryptoheaders is a bit complex. The - # file to be added must be either in the public header directory - # or one of the pre-declared internal headers, and must under no - # circumstances be one of those that must be skipped. - $cryptoheaders{$new_f} = 1 - if (($d eq 'include/openssl' - || ( grep { $_ eq $fn } @cryptoheaders_tmpl )) - && !( grep { $_ eq $fn } @cryptoskipheaders )); - # The logic to add files to @sslheaders is much simpler... - $sslheaders{$new_f} = 1 if grep { $_ eq $fn } @sslheaders_tmpl; - } - } - ""; --} -CRYPTOHEADERS={- join(" \\\n" . ' ' x 14, - fill_lines(" ", $COLUMNS - 14, sort keys %cryptoheaders)) -} -SSLHEADERS={- join(" \\\n" . ' ' x 11, - fill_lines(" ", $COLUMNS - 11, sort keys %sslheaders)) -} - -renumber: build_generated - $(PERL) $(SRCDIR)/util/mknum.pl --version $(VERSION_NUMBER) --no-warnings \ - --ordinals $(SRCDIR)/util/libcrypto.num \ - --symhacks $(SRCDIR)/include/openssl/symhacks.h \ - --renumber \ - $(CRYPTOHEADERS) - $(PERL) $(SRCDIR)/util/mknum.pl --version $(VERSION_NUMBER) --no-warnings \ - --ordinals $(SRCDIR)/util/libssl.num \ - --symhacks $(SRCDIR)/include/openssl/symhacks.h \ - --renumber \ - $(SSLHEADERS) - -ordinals: build_generated - $(PERL) $(SRCDIR)/util/mknum.pl --version $(VERSION_NUMBER) --no-warnings \ - --ordinals $(SRCDIR)/util/libcrypto.num \ - --symhacks $(SRCDIR)/include/openssl/symhacks.h \ - $(CRYPTOHEADERS) - $(PERL) $(SRCDIR)/util/mknum.pl --version $(VERSION_NUMBER) --no-warnings \ - --ordinals $(SRCDIR)/util/libssl.num \ - --symhacks $(SRCDIR)/include/openssl/symhacks.h \ - $(SSLHEADERS) - -test_ordinals: - $(MAKE) run_tests TESTS=test_ordinals - -tags TAGS: FORCE - rm -f TAGS tags - -ctags -R . - -etags `find . -name '*.[ch]' -o -name '*.pm'` - -providers/fips.checksum.new: providers/fips.module.sources.new - @which unifdef > /dev/null || \ - ( echo >&2 "ERROR: unifdef not in your \$$PATH, FIPS checksums not calculated"; \ - false ) - ( sources=`pwd`/providers/fips.module.sources.new; \ - cd $(SRCDIR) \ - && cat $$sources \ - | xargs ./util/fips-checksums.sh ) \ - > providers/fips-sources.checksums.new \ - && sha256sum providers/fips-sources.checksums.new \ - | sed -e 's|\.new||' > providers/fips.checksum.new - -fips-checksums: providers/fips.checksum.new - -$(SRCDIR)/providers/fips.checksum: providers/fips.checksum.new - cp -p providers/fips.module.sources.new $(SRCDIR)/providers/fips.module.sources - cp -p providers/fips-sources.checksums.new $(SRCDIR)/providers/fips-sources.checksums - cp -p providers/fips.checksum.new $(SRCDIR)/providers/fips.checksum - -update-fips-checksums: $(SRCDIR)/providers/fips.checksum - -diff-fips-checksums: fips-checksums - diff -u $(SRCDIR)/providers/fips.module.sources providers/fips.module.sources.new - diff -u $(SRCDIR)/providers/fips-sources.checksums providers/fips-sources.checksums.new - diff -u $(SRCDIR)/providers/fips.checksum providers/fips.checksum.new - -# Release targets (note: only available on Unix) ##################### - -tar: - (cd $(SRCDIR); ./util/mktar.sh --name='$(NAME)' --tarfile='$(TARFILE)') - -# Helper targets ##################################################### - -link-utils: $(BLDDIR)/util/opensslwrap.sh $(BLDDIR)/apps/openssl.cnf - -$(BLDDIR)/util/opensslwrap.sh: Makefile - @if [ "$(SRCDIR)" != "$(BLDDIR)" ]; then \ - mkdir -p "$(BLDDIR)/util"; \ - ln -sf "../$(SRCDIR)/util/`basename "$@"`" "$(BLDDIR)/util"; \ - fi - -$(BLDDIR)/apps/openssl.cnf: Makefile - @if [ "$(SRCDIR)" != "$(BLDDIR)" ]; then \ - mkdir -p "$(BLDDIR)/apps"; \ - ln -sf "../$(SRCDIR)/apps/`basename "$@"`" "$(BLDDIR)/apps"; \ - fi - -FORCE: - -# Building targets ################################################### - -libcrypto.pc libssl.pc openssl.pc: Makefile $(LIBS) {- join(" ",map { platform->sharedlib_simple($_) // platform->sharedlib_import($_) // platform->sharedlib($_) // () } @{$unified_info{libraries}}) -} - -libcrypto.pc: - @ ( echo 'prefix=$(INSTALLTOP)'; \ - echo 'exec_prefix=$${prefix}'; \ - if [ -n "$(LIBDIR)" ]; then \ - echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \ - else \ - echo 'libdir=$(libdir)'; \ - fi; \ - echo 'includedir=$${prefix}/include'; \ - echo 'enginesdir=$${libdir}/engines-{- $sover_dirname -}'; \ - echo 'modulesdir=$${libdir}/ossl-modules'; \ - echo ''; \ - echo 'Name: OpenSSL-libcrypto'; \ - echo 'Description: OpenSSL cryptography library'; \ - echo 'Version: '$(VERSION); \ - echo 'Libs: -L$${libdir} -lcrypto'; \ - echo 'Libs.private: $(LIB_EX_LIBS)'; \ - echo 'Cflags: -I$${includedir}' ) > libcrypto.pc - -libssl.pc: - @ ( echo 'prefix=$(INSTALLTOP)'; \ - echo 'exec_prefix=$${prefix}'; \ - if [ -n "$(LIBDIR)" ]; then \ - echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \ - else \ - echo 'libdir=$(libdir)'; \ - fi; \ - echo 'includedir=$${prefix}/include'; \ - echo ''; \ - echo 'Name: OpenSSL-libssl'; \ - echo 'Description: Secure Sockets Layer and cryptography libraries'; \ - echo 'Version: '$(VERSION); \ - echo 'Requires.private: libcrypto'; \ - echo 'Libs: -L$${libdir} -lssl'; \ - echo 'Cflags: -I$${includedir}' ) > libssl.pc - -openssl.pc: - @ ( echo 'prefix=$(INSTALLTOP)'; \ - echo 'exec_prefix=$${prefix}'; \ - if [ -n "$(LIBDIR)" ]; then \ - echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \ - else \ - echo 'libdir=$(libdir)'; \ - fi; \ - echo 'includedir=$${prefix}/include'; \ - echo ''; \ - echo 'Name: OpenSSL'; \ - echo 'Description: Secure Sockets Layer and cryptography libraries and tools'; \ - echo 'Version: '$(VERSION); \ - echo 'Requires: libssl libcrypto' ) > openssl.pc - -Makefile: configdata.pm \ - {- join(" \\\n" . ' ' x 10, - fill_lines(" ", $COLUMNS - 10, - @{$config{build_file_templates}})) -} - @echo "Detected changed: $?" - $(PERL) configdata.pm - @echo "**************************************************" - @echo "*** ***" - @echo "*** Please run the same make command again ***" - @echo "*** ***" - @echo "**************************************************" - @false - -configdata.pm: $(SRCDIR)/Configure $(SRCDIR)/config \ - {- join(" \\\n" . ' ' x 15, - fill_lines(" ", $COLUMNS - 15, - @{$config{build_infos}}, - @{$config{conf_files}})) -} - @echo "Detected changed: $?" - $(PERL) configdata.pm -r - @echo "**************************************************" - @echo "*** ***" - @echo "*** Please run the same make command again ***" - @echo "*** ***" - @echo "**************************************************" - @false - -reconfigure reconf: - $(PERL) configdata.pm -r - -{- - use File::Basename; - use File::Spec::Functions qw/:DEFAULT abs2rel rel2abs/; - - # Helper function to convert dependencies in platform agnostic form to - # dependencies in platform form. - sub compute_platform_depends { - map { my $x = $_; - - grep { $x eq $_ } @{$unified_info{programs}} and platform->bin($x) - or grep { $x eq $_ } @{$unified_info{modules}} and platform->dso($x) - or grep { $x eq $_ } @{$unified_info{libraries}} and platform->lib($x) - or platform->convertext($x); } @_; - } - - # Helper function to figure out dependencies on libraries - # It takes a list of library names and outputs a list of dependencies - sub compute_lib_depends { - # Depending on shared libraries: - # On Windows POSIX layers, we depend on {libname}.dll.a - # On Unix platforms, we depend on {shlibname}.so - return map { platform->sharedlib_simple($_) - // platform->sharedlib_import($_) - // platform->sharedlib($_) - // platform->staticlib($_) - } @_; - } - - sub generatetarget { - my %args = @_; - my $deps = join(" ", compute_platform_depends(@{$args{deps}})); - return <<"EOF"; -$args{target}: $deps -EOF - } - - sub generatesrc { - my %args = @_; - my $gen0 = $args{generator}->[0]; - my $gen_args = join('', map { " $_" } - @{$args{generator}}[1..$#{$args{generator}}]); - my $gen_incs = join("", map { " -I".$_ } @{$args{generator_incs}}); - my $incs = join("", map { " -I".$_ } @{$args{incs}}); - my $defs = join("", map { " -D".$_ } @{$args{defs}}); - my $deps = join(" ", compute_platform_depends(@{$args{generator_deps}}, - @{$args{deps}})); - - if ($args{src} =~ /\.html$/) { - # - # HTML generator - # - my $title = basename($args{src}, ".html"); - my $pod = $gen0; - return <<"EOF"; -$args{src}: $pod - \$(PERL) \$(SRCDIR)/util/mkpod2html.pl -i "$pod" -o \$\@ -t "$title" -r "\$(SRCDIR)/doc" -EOF - } elsif ($args{src} =~ /\.(\d)$/) { - # - # Man-page generator - # - my $section = $1; - my $name = uc basename($args{src}, ".$section"); - my $pod = $gen0; - return <<"EOF"; -$args{src}: $pod - pod2man --name=$name --section=$section\$(MANSUFFIX) --center=OpenSSL \\ - --release=\$(VERSION) $pod >\$\@ -EOF - } elsif (platform->isdef($args{src})) { - # - # Linker script-ish generator - # - my $target = platform->def($args{src}); - (my $mkdef_os = $target{shared_target}) =~ s|-shared$||; - my $ord_ver = $args{intent} eq 'lib' ? ' --version $(VERSION_NUMBER)' : ''; - my $ord_name = $args{generator}->[1] || $args{product}; - return <<"EOF"; -$target: $gen0 $deps \$(SRCDIR)/util/mkdef.pl - \$(PERL) \$(SRCDIR)/util/mkdef.pl$ord_ver --type $args{intent} --ordinals $gen0 --name $ord_name --OS $mkdef_os > $target -EOF - } elsif (platform->isasm($args{src})) { - # - # Assembler generator - # - my $cppflags = { - shlib => '$(LIB_CFLAGS) $(LIB_CPPFLAGS)', - lib => '$(LIB_CFLAGS) $(LIB_CPPFLAGS)', - dso => '$(DSO_CFLAGS) $(DSO_CPPFLAGS)', - bin => '$(BIN_CFLAGS) $(BIN_CPPFLAGS)' - } -> {$args{intent}}; - - my $generator; - if ($gen0 =~ /\.pl$/) { - $generator = 'CC="$(CC)" $(PERL)'.$gen_incs.' '.$gen0.$gen_args - .' "$(PERLASM_SCHEME)"'.$incs.' '.$cppflags.$defs.' $(PROCESSOR)'; - } elsif ($gen0 =~ /\.m4$/) { - $generator = 'm4 -B 8192'.$gen_incs.' '.$gen0.$gen_args.' >' - } elsif ($gen0 =~ /\.S$/) { - $generator = undef; - } else { - die "Generator type for $args{src} unknown: $gen0\n"; - } - - if (defined($generator)) { - return <<"EOF"; -$args{src}: $gen0 $deps - $generator \$@ -EOF - } - return <<"EOF"; -$args{src}: $gen0 $deps - \$(CC) $incs $cppflags $defs -E $gen0 | \\ - \$(PERL) -ne '/^#(line)?\\s*[0-9]+/ or print' > \$@ -EOF - } elsif ($gen0 =~ m|^.*\.in$|) { - # - # "dofile" generator (file.in -> file) - # - my $dofile = abs2rel(rel2abs(catfile($config{sourcedir}, - "util", "dofile.pl")), - rel2abs($config{builddir})); - my @perlmodules = ( 'configdata.pm', - grep { $_ =~ m|\.pm$| } @{$args{deps}} ); - my %perlmoduleincs = map { '"-I'.dirname($_).'"' => 1 } @perlmodules; - $deps = join(' ', $deps, compute_platform_depends(@perlmodules)); - @perlmodules = map { "-M".basename($_, '.pm') } @perlmodules; - my $perlmodules = join(' ', '', sort keys %perlmoduleincs, @perlmodules); - return <<"EOF"; -$args{src}: $gen0 $deps - \$(PERL)$perlmodules "$dofile" "-o$target{build_file}" $gen0$gen_args > \$@ -EOF - } elsif (grep { $_ eq $gen0 } @{$unified_info{programs}}) { - # - # Generic generator using OpenSSL programs - # - - # Redo $gen0, to ensure that we have the proper extension where - # necessary. - $gen0 = platform->bin($gen0); - # Use $(PERL) to execute wrap.pl directly to avoid calling env - return <<"EOF"; -$args{src}: $gen0 $deps \$(BLDDIR)/util/wrap.pl - \$(PERL) \$(BLDDIR)/util/wrap.pl $gen0$gen_args > \$@ -EOF - } else { - # - # Generic generator using Perl - # - return <<"EOF"; -$args{src}: $gen0 $deps - \$(PERL)$gen_incs $gen0$gen_args > \$@ -EOF - } - } - - # Should one wonder about the end of the Perl snippet, it's because this - # second regexp eats up line endings as well, if the removed path is the - # last in the line. We may therefore need to put back a line ending. - sub src2obj { - my %args = @_; - my $obj = platform->convertext($args{obj}); - my $dep = platform->dep($args{obj}); - my @srcs = @{$args{srcs}}; - my $srcs = join(" ", @srcs); - my $deps = join(" ", @srcs, @{$args{deps}}); - my $incs = join("", map { " -I".$_ } @{$args{incs}}); - my $defs = join("", map { " -D".$_ } @{$args{defs}}); - my $cmd; - my $cmdflags; - my $cmdcompile; - if (grep /\.rc$/, @srcs) { - $cmd = '$(RC)'; - $cmdflags = '$(RCFLAGS)'; - $cmdcompile = ''; - } elsif (grep /\.(cc|cpp)$/, @srcs) { - $cmd = '$(CXX)'; - $cmdcompile = ' -c'; - $cmdflags = { - shlib => '$(LIB_CXXFLAGS) $(LIB_CPPFLAGS)', - lib => '$(LIB_CXXFLAGS) $(LIB_CPPFLAGS)', - dso => '$(DSO_CXXFLAGS) $(DSO_CPPFLAGS)', - bin => '$(BIN_CXXFLAGS) $(BIN_CPPFLAGS)' - } -> {$args{intent}}; - } else { - $cmd = '$(CC)'; - $cmdcompile = ' -c'; - $cmdflags = { - shlib => '$(LIB_CFLAGS) $(LIB_CPPFLAGS)', - lib => '$(LIB_CFLAGS) $(LIB_CPPFLAGS)', - dso => '$(DSO_CFLAGS) $(DSO_CPPFLAGS)', - bin => '$(BIN_CFLAGS) $(BIN_CPPFLAGS)' - } -> {$args{intent}}; - } - my $recipe; - # extension-specific rules - if (grep /\.s$/, @srcs) { - $recipe .= <<"EOF"; -$obj: $deps - $cmd $cmdflags -c -o \$\@ $srcs -EOF - } elsif (grep /\.S$/, @srcs) { - # Originally there was multi-step rule with $(CC) -E file.S - # followed by $(CC) -c file.s. It compensated for one of - # legacy platform compiler's inability to handle .S files. - # The platform is long discontinued by vendor so there is - # hardly a point to drag it along... - $recipe .= <<"EOF"; -$obj: $deps - $cmd $incs $defs $cmdflags -c -o \$\@ $srcs -EOF - } elsif ($makedep_scheme eq 'gcc' && !grep /\.rc$/, @srcs) { - $recipe .= <<"EOF"; -$obj: $deps - $cmd $incs $defs $cmdflags -MMD -MF $dep.tmp -MT \$\@ -c -o \$\@ $srcs - \@touch $dep.tmp - \@if cmp $dep.tmp $dep > /dev/null 2> /dev/null; then \\ - rm -f $dep.tmp; \\ - else \\ - mv $dep.tmp $dep; \\ - fi -EOF - } else { - $recipe .= <<"EOF"; -$obj: $deps - $cmd $incs $defs $cmdflags $cmdcompile -o \$\@ $srcs -EOF - if ($makedep_scheme eq 'makedepend') { - $recipe .= <<"EOF"; - \$(MAKEDEPEND) -f- -Y -- $incs $cmdflags -- $srcs 2>/dev/null \\ - > $dep -EOF - } - } - return $recipe; - } - # We *know* this routine is only called when we've configure 'shared'. - sub obj2shlib { - my %args = @_; - my @linkdirs = (); - my @linklibs = (); - foreach (@{$args{deps}}) { - if (platform->isstaticlib($_)) { - push @linklibs, platform->convertext($_); - } else { - my $d = "-L" . dirname($_); - my $l = basename($_); - $l =~ s/^lib//; - $l = "-l" . $l; - push @linklibs, $l; - push @linkdirs, $d unless grep { $d eq $_ } @linkdirs; - } - } - my $linkflags = join("", map { $_." " } @linkdirs); - my $linklibs = join("", map { $_." " } @linklibs); - my @objs = map { platform->convertext($_) } - grep { !platform->isdef($_) } - @{$args{objs}}; - my @defs = map { platform->def($_) } - grep { platform->isdef($_) } - @{$args{objs}}; - my @deps = compute_lib_depends(@{$args{deps}}); - die "More than one exported symbol map" if scalar @defs > 1; - - my $full = platform->sharedlib($args{lib}); - # $import is for Windows and subsystems thereof, where static import - # libraries for DLLs are a thing. On platforms that have this mechanism, - # $import has the name of this import library. On platforms that don't - # have this mechanism, $import will be |undef|. - my $import = platform->sharedlib_import($args{lib}); - # $simple is for platforms where full shared library names include the - # shared library version, and there's a simpler name that doesn't include - # that version. On such platforms, $simple has the simpler name. On - # other platforms, it will be |undef|. - my $simple = platform->sharedlib_simple($args{lib}); - - my $argfile = defined $target{shared_argfileflag} ? $full.".args" : undef; - my $shared_soname = ""; - $shared_soname .= ' '.$target{shared_sonameflag}.basename($full) - if defined $target{shared_sonameflag}; - my $shared_imp = ""; - $shared_imp .= ' '.$target{shared_impflag}.basename($import) - if defined $target{shared_impflag} && defined $import; - my $shared_def = join("", map { ' '.$target{shared_defflag}.$_ } @defs); - - # There is at least one platform where the compiler-as-linker needs to - # have one object file directly on the command line. That won't hurt - # any other platform, so we do that for everyone when there's an argfile - # to be had. This depends heavily on splice, which removes elements from - # the given array, and returns them so they can be captured. - my @argfileobjs = $argfile - ? splice(@objs, 1) - : (); - my $argfilecmds = $argfile - ? join("\n\t", map { "echo $_ >> $argfile" } @argfileobjs) - : undef; - my $argfiledeps = $argfile - ? join(" \\\n" . ' ' x (length($argfile) + 2), - fill_lines(' ', $COLUMNS - length($full) - 2, @argfileobjs)) - : undef; - my @fulldeps = (@objs, ($argfile ? $argfile : ()), @defs, @deps); - my @fullobjs = ( - @objs, - ($argfile ? $target{shared_argfileflag}.$argfile : ()) - ); - my $fulldeps = - join(" \\\n" . ' ' x (length($full) + 2), - fill_lines(' ', $COLUMNS - length($full) - 2, @fulldeps)); - my $fullobjs = - join(" \\\n\t\t", fill_lines(' ', $COLUMNS - 16, @fullobjs)); - - my $recipe = ''; - - if (defined $simple && $simple ne $full) { - if (sharedaix()) { - $recipe .= <<"EOF"; -$simple: $full - rm -f $simple && \\ - \$(AR) r $simple $full -EOF - } else { - $recipe .= <<"EOF"; -$simple: $full - rm -f $simple && \\ - ln -s $full $simple -EOF - } - } - if (defined $import) { - $recipe .= <<"EOF"; -$import: $full -EOF - } - $recipe .= <<"EOF"; -$full: $fulldeps - \$(CC) \$(LIB_CFLAGS) $linkflags\$(LIB_LDFLAGS)$shared_soname$shared_imp \\ - -o $full$shared_def \\ - $fullobjs \\ - $linklibs \$(LIB_EX_LIBS) -EOF - if (windowsdll()) { - $recipe .= <<"EOF"; - rm -f apps/$full - rm -f fuzz/$full - cp -p $full apps/ - cp -p $full fuzz/ -EOF - if (!$disabled{tests}) { - $recipe .= <<"EOF"; - rm -f test/$full - cp -p $full test/ -EOF - } - } - $recipe .= <<"EOF" if defined $argfile; -$argfile: $argfiledeps - \$(RM) $argfile - $argfilecmds -EOF - return $recipe; - } - sub obj2dso { - my %args = @_; - my $dso = platform->dso($args{module}); - my @linkdirs = (); - my @linklibs = (); - foreach (@{$args{deps}}) { - next unless defined $_; - if (platform->isstaticlib($_)) { - push @linklibs, platform->convertext($_); - } else { - my $d = "-L" . dirname($_); - my $l = basename($_); - $l =~ s/^lib//; - $l = "-l" . $l; - push @linklibs, $l; - push @linkdirs, $d unless grep { $d eq $_ } @linkdirs; - } - } - my $linkflags = join("", map { $_." " } @linkdirs); - my $linklibs = join("", map { $_." " } @linklibs); - my @objs = map { platform->convertext($_) } - grep { !platform->isdef($_) } - @{$args{objs}}; - my @defs = map { platform->def($_) } - grep { platform->isdef($_) } - @{$args{objs}}; - my @deps = compute_lib_depends(@{$args{deps}}); - my $shared_def = join("", map { ' '.$target{shared_defflag}.$_ } @defs); - # Next line needs to become "less magic" (see PR #11950) - $shared_def .= ' '.$target{shared_fipsflag} if (defined $target{shared_fipsflag} && $shared_def =~ m/providers\/fips/); - my $objs = join(" \\\n\t\t", fill_lines(' ', $COLUMNS - 16, @objs)); - my $deps = join(" \\\n" . ' ' x (length($dso) + 2), - fill_lines(' ', $COLUMNS - length($dso) - 2, - @objs, @defs, @deps)); - - return <<"EOF"; -$dso: $deps - \$(CC) \$(DSO_CFLAGS) $linkflags\$(DSO_LDFLAGS) \\ - -o $dso$shared_def \\ - $objs \\ - $linklibs\$(DSO_EX_LIBS) -EOF - } - sub obj2lib { - my %args = @_; - my $lib = platform->staticlib($args{lib}); - my @objs = map { platform->obj($_) } @{$args{objs}}; - my $deps = join(" \\\n" . ' ' x (length($lib) + 2), - fill_lines(' ', $COLUMNS - length($lib) - 2, @objs)); - my $max_per_call = 500; - my @objs_grouped; - push @objs_grouped, join(" ", splice @objs, 0, $max_per_call) while @objs; - my $fill_lib = - join("\n\t", (map { "\$(AR) \$(ARFLAGS) $lib $_" } @objs_grouped)); - return <<"EOF"; -$lib: $deps - \$(RM) $lib - $fill_lib - \$(RANLIB) \$\@ || echo Never mind. -EOF - } - sub obj2bin { - my %args = @_; - my $bin = platform->bin($args{bin}); - my @objs = map { platform->obj($_) } @{$args{objs}}; - my @deps = compute_lib_depends(@{$args{deps}}); - my $objs = join(" \\\n" . ' ' x (length($bin) + 2), - fill_lines(' ', $COLUMNS - length($bin) - 2, @objs)); - my @linkdirs = (); - my @linklibs = (); - foreach (@{$args{deps}}) { - next unless defined $_; - if (platform->isstaticlib($_)) { - push @linklibs, platform->convertext($_); - } else { - my $d = "-L" . dirname($_); - my $l = basename($_); - $l =~ s/^lib//; - $l = "-l" . $l; - push @linklibs, $l; - push @linkdirs, $d unless grep { $d eq $_ } @linkdirs; - } - } - my $linkflags = join("", map { $_." " } @linkdirs); - my $linklibs = join("", map { $_." " } @linklibs); - my $cmd = '$(CC)'; - my $cmdflags = '$(BIN_CFLAGS)'; - if (grep /_cc\.o$/, @{$args{objs}}) { - $cmd = '$(CXX)'; - $cmdflags = '$(BIN_CXXFLAGS)'; - } - - my $objs = join(" \\\n\t\t", fill_lines(' ', $COLUMNS - 16, @objs)); - my $deps = join(" \\\n" . ' ' x (length($bin) + 2), - fill_lines(' ', $COLUMNS - length($bin) - 2, - @objs, @deps)); - - return <<"EOF"; -$bin: $deps - rm -f $bin - \$\${LDCMD:-$cmd} $cmdflags $linkflags\$(BIN_LDFLAGS) \\ - -o $bin \\ - $objs \\ - $linklibs\$(BIN_EX_LIBS) -EOF - } - sub in2script { - my %args = @_; - my $script = $args{script}; - my $sources = join(" ", @{$args{sources}}); - my $dofile = abs2rel(rel2abs(catfile($config{sourcedir}, - "util", "dofile.pl")), - rel2abs($config{builddir})); - return <<"EOF"; -$script: $sources configdata.pm - \$(RM) "$script" - \$(PERL) "-I\$(BLDDIR)" -Mconfigdata "$dofile" \\ - "-o$target{build_file}" $sources > "$script" - chmod a+x $script -EOF - } - sub generatedir { - my %args = @_; - my $dir = $args{dir}; - my @deps = compute_platform_depends(@{$args{deps}}); - my @comments = (); - - # We already have a 'test' target, and the top directory is just plain - # silly - return if $dir eq "test" || $dir eq "."; - - foreach my $type (("dso", "lib", "bin", "script")) { - next unless defined($unified_info{dirinfo}->{$dir}->{products}->{$type}); - # For lib object files, we could update the library. However, it - # was decided that it's enough to build the directory local object - # files, so we don't need to add any actions, and the dependencies - # are already taken care of. - if ($type ne "lib") { - foreach my $prod (@{$unified_info{dirinfo}->{$dir}->{products}->{$type}}) { - if (dirname($prod) eq $dir) { - push @deps, compute_platform_depends($prod); - } else { - push @comments, "# No support to produce $type ".join(", ", @{$unified_info{dirinfo}->{$dir}->{products}->{$type}}); - } - } - } - } - - my $target = "$dir $dir/"; - my $deps = join(" \\\n\t", - fill_lines(' ', $COLUMNS - 8, @deps)); - my $comments = join("\n", "", @comments); - return <<"EOF"; -$target: \\ - $deps$comments -EOF - } - "" # Important! This becomes part of the template result. --} diff --git a/Configurations/unix-checker.pm b/Configurations/unix-checker.pm deleted file mode 100644 index d0f05a0d35043299e360e8c5d2606d656d8d4c12..0000000000000000000000000000000000000000 --- a/Configurations/unix-checker.pm +++ /dev/null @@ -1,22 +0,0 @@ -#! /usr/bin/env perl - -use Config; - -# Check that the perl implementation file modules generate paths that -# we expect for the platform -use File::Spec::Functions qw(:DEFAULT rel2abs); - -if (rel2abs('.') !~ m|/|) { - die <shlib_version_as_filename(); - - my $build_scheme = $target{build_scheme}; - my $install_flavour = $build_scheme->[$#$build_scheme]; # last element - my $win_installenv = - $install_flavour eq "VC-WOW" ? "ProgramFiles(x86)" - : "ProgramW6432"; - my $win_commonenv = - $install_flavour eq "VC-WOW" ? "CommonProgramFiles(x86)" - : "CommonProgramW6432"; - our $win_installroot = - defined($ENV{$win_installenv}) ? $win_installenv : 'ProgramFiles'; - our $win_commonroot = - defined($ENV{$win_commonenv}) ? $win_commonenv : 'CommonProgramFiles'; - - # expand variables early - $win_installroot = $ENV{$win_installroot}; - $win_commonroot = $ENV{$win_commonroot}; - - # This makes sure things get built in the order they need - # to. You're welcome. - sub dependmagic { - my $target = shift; - - return "$target: build_generated\n\t\$(MAKE) /\$(MAKEFLAGS) depend\n\t\$(MAKE) /\$(MAKEFLAGS) _$target\n_$target"; - } - ''; --} - -PLATFORM={- $config{target} -} -SRCDIR={- $config{sourcedir} -} -BLDDIR={- $config{builddir} -} -FIPSKEY={- $config{FIPSKEY} -} - -VERSION={- "$config{full_version}" -} -VERSION_NUMBER={- "$config{version}" -} -MAJOR={- $config{major} -} -MINOR={- $config{minor} -} - -SHLIB_VERSION_NUMBER={- $config{shlib_version} -} - -LIBS={- join(" ", map { ( platform->sharedlib_import($_), platform->staticlib($_) ) } @{$unified_info{libraries}}) -} -SHLIBS={- join(" ", map { platform->sharedlib($_) // () } @{$unified_info{libraries}}) -} -SHLIBPDBS={- join(" ", map { platform->sharedlibpdb($_) // () } @{$unified_info{libraries}}) -} -MODULES={- our @MODULES = map { platform->dso($_) } - # Drop all modules that are dependencies, they will - # be processed through their dependents - grep { my $x = $_; - !grep { grep { $_ eq $x } @$_ } - values %{$unified_info{depends}} } - @{$unified_info{modules}}; - join(" ", @MODULES) -} -MODULEPDBS={- join(" ", map { platform->dsopdb($_) } @{$unified_info{modules}}) -} -FIPSMODULE={- # We do some extra checking here, as there should be only one - use File::Basename; - our @fipsmodules = - grep { !$unified_info{attributes}->{modules}->{$_}->{noinst} - && $unified_info{attributes}->{modules}->{$_}->{fips} } - @{$unified_info{modules}}; - die "More that one FIPS module" if scalar @fipsmodules > 1; - join(" ", map { platform->dso($_) } @fipsmodules) -} -FIPSMODULENAME={- die "More that one FIPS module" if scalar @fipsmodules > 1; - join(", ", map { basename(platform->dso($_)) } @fipsmodules) -} -PROGRAMS={- our @PROGRAMS = map { platform->bin($_) } @{$unified_info{programs}}; join(" ", @PROGRAMS) -} -PROGRAMPDBS={- join(" ", map { $_.".pdb" } @{$unified_info{programs}}) -} -SCRIPTS={- our @SCRIPTS = @{$unified_info{scripts}}; join(" ", @SCRIPTS) -} -{- output_off() if $disabled{makedepend}; "" -} -DEPS={- join(" ", map { platform->isobj($_) ? platform->dep($_) : () } - grep { $unified_info{sources}->{$_}->[0] =~ /\.c$/ } - keys %{$unified_info{sources}}); -} -{- output_on() if $disabled{makedepend}; "" -} -GENERATED_MANDATORY={- our @GENERATED_MANDATORY = @{$unified_info{depends}->{""}}; - join(" ", @GENERATED_MANDATORY) -} -GENERATED={- # common0.tmpl provides @generated - our @GENERATED = map { platform->convertext($_) } @generated; - join(" ", @GENERATED) -} - -INSTALL_LIBS={- - join(" ", map { quotify1(platform->sharedlib_import($_) - // platform->staticlib($_)) } - grep { !$unified_info{attributes}->{libraries}->{$_}->{noinst} } - @{$unified_info{libraries}}) --} -INSTALL_SHLIBS={- - join(" ", map { my $x = platform->sharedlib($_); - $x ? quotify_l($x) : () } - grep { !$unified_info{attributes}->{libraries}->{$_}->{noinst} } - @{$unified_info{libraries}}) --} -INSTALL_SHLIBPDBS={- - join(" ", map { my $x = platform->sharedlibpdb($_); - $x ? quotify_l($x) : () } - grep { !$unified_info{attributes}->{libraries}->{$_}->{noinst} } - @{$unified_info{libraries}}) --} -INSTALL_ENGINES={- - join(" ", map { quotify1(platform->dso($_)) } - grep { !$unified_info{attributes}->{modules}->{$_}->{noinst} - && $unified_info{attributes}->{modules}->{$_}->{engine} } - @{$unified_info{modules}}) --} -INSTALL_ENGINEPDBS={- - join(" ", map { quotify1(platform->dsopdb($_)) } - grep { !$unified_info{attributes}->{modules}->{$_}->{noinst} - && $unified_info{attributes}->{modules}->{$_}->{engine} } - @{$unified_info{modules}}) --} -INSTALL_MODULES={- - join(" ", map { quotify1(platform->dso($_)) } - grep { !$unified_info{attributes}->{modules}->{$_}->{noinst} - && !$unified_info{attributes}->{modules}->{$_}->{engine} - && !$unified_info{attributes}->{modules}->{$_}->{fips} } - @{$unified_info{modules}}) --} -INSTALL_MODULEPDBS={- - join(" ", map { quotify1(platform->dsopdb($_)) } - grep { !$unified_info{attributes}->{modules}->{$_}->{noinst} - && !$unified_info{attributes}->{modules}->{$_}->{engine} } - @{$unified_info{modules}}) --} -INSTALL_FIPSMODULE={- - join(" ", map { quotify1(platform->dso($_)) } - grep { !$unified_info{attributes}->{modules}->{$_}->{noinst} - && $unified_info{attributes}->{modules}->{$_}->{fips} } - @{$unified_info{modules}}) --} -INSTALL_FIPSMODULECONF=providers\fipsmodule.cnf -INSTALL_PROGRAMS={- - join(" ", map { quotify1(platform->bin($_)) } - grep { !$unified_info{attributes}->{programs}->{$_}->{noinst} } - @{$unified_info{programs}}) --} -INSTALL_PROGRAMPDBS={- - join(" ", map { quotify1(platform->binpdb($_)) } - grep { !$unified_info{attributes}->{programs}->{$_}->{noinst} } - @{$unified_info{programs}}) --} -BIN_SCRIPTS={- - join(" ", map { quotify1($_) } - grep { !$unified_info{attributes}->{scripts}->{$_}->{noinst} - && !$unified_info{attributes}->{scripts}->{$_}->{misc} } - @{$unified_info{scripts}}) --} -MISC_SCRIPTS={- - join(" ", map { quotify1($_) } - grep { !$unified_info{attributes}->{scripts}->{$_}->{noinst} - && $unified_info{attributes}->{scripts}->{$_}->{misc} } - @{$unified_info{scripts}}) --} -IMAGEDOCS1={- our @IMAGEDOCS1 = @{$unified_info{imagedocs}->{man1}}; - join(" ", @IMAGEDOCS1) -} -IMAGEDOCS3={- our @IMAGEDOCS3 = @{$unified_info{imagedocs}->{man3}}; - join(" ", @IMAGEDOCS3) -} -IMAGEDOCS5={- our @IMAGEDOCS5 = @{$unified_info{imagedocs}->{man5}}; - join(" ", @IMAGEDOCS5) -} -IMAGEDOCS7={- our @IMAGEDOCS7 = @{$unified_info{imagedocs}->{man7}}; - join(" ", @IMAGEDOCS7) -} -HTMLDOCS1={- our @HTMLDOCS1 = @{$unified_info{htmldocs}->{man1}}; - join(" ", @HTMLDOCS1) -} -HTMLDOCS3={- our @HTMLDOCS3 = @{$unified_info{htmldocs}->{man3}}; - join(" ", @HTMLDOCS3) -} -HTMLDOCS5={- our @HTMLDOCS5 = @{$unified_info{htmldocs}->{man5}}; - join(" ", @HTMLDOCS5) -} -HTMLDOCS7={- our @HTMLDOCS7 = @{$unified_info{htmldocs}->{man7}}; - join(" ", @HTMLDOCS7) -} -HTMLDOCS1_BLDDIRS={- my %dirs = map { dirname($_) => 1 } @HTMLDOCS1; - join(' ', sort keys %dirs) -} -HTMLDOCS3_BLDDIRS={- my %dirs = map { dirname($_) => 1 } @HTMLDOCS3; - join(' ', sort keys %dirs) -} -HTMLDOCS5_BLDDIRS={- my %dirs = map { dirname($_) => 1 } @HTMLDOCS5; - join(' ', sort keys %dirs) -} -HTMLDOCS7_BLDDIRS={- my %dirs = map { dirname($_) => 1 } @HTMLDOCS7; - join(' ', sort keys %dirs) -} - -APPS_OPENSSL="{- use File::Spec::Functions; - catfile("apps","openssl") -}" - -# Do not edit these manually. Use Configure with --prefix or --openssldir -# to change this! Short explanation in the top comment in Configure -INSTALLTOP_dev={- # $prefix is used in the OPENSSLDIR perl snippet - # - use File::Spec::Functions qw(:DEFAULT splitpath); - our $prefix = canonpath($config{prefix} - || "$win_installroot\\OpenSSL"); - our ($prefix_dev, $prefix_dir, $prefix_file) = - splitpath($prefix, 1); - $prefix_dev -} -INSTALLTOP_dir={- canonpath($prefix_dir) -} -OPENSSLDIR_dev={- # - # The logic here is that if no --openssldir was given, - # OPENSSLDIR will get the value "$win_commonroot\\SSL". - # If --openssldir was given and the value is an absolute - # path, OPENSSLDIR will get its value without change. - # If the value from --openssldir is a relative path, - # OPENSSLDIR will get $prefix with the --openssldir - # value appended as a subdirectory. - # - use File::Spec::Functions qw(:DEFAULT splitpath); - our $openssldir = - $config{openssldir} ? - (file_name_is_absolute($config{openssldir}) ? - canonpath($config{openssldir}) - : catdir($prefix, $config{openssldir})) - : canonpath("$win_commonroot\\SSL"); - our ($openssldir_dev, $openssldir_dir, $openssldir_file) = - splitpath($openssldir, 1); - $openssldir_dev -} -OPENSSLDIR_dir={- canonpath($openssldir_dir) -} -LIBDIR={- our $libdir = $config{libdir} || "lib"; - file_name_is_absolute($libdir) ? "" : $libdir -} -MODULESDIR_dev={- use File::Spec::Functions qw(:DEFAULT splitpath catpath); - our $modulesprefix = catdir($prefix,$libdir); - our ($modulesprefix_dev, $modulesprefix_dir, - $modulesprefix_file) = - splitpath($modulesprefix, 1); - our $modulesdir_dev = $modulesprefix_dev; - our $modulesdir_dir = - catdir($modulesprefix_dir, "ossl-modules"); - our $modulesdir = catpath($modulesdir_dev, $modulesdir_dir); - our $enginesdir_dev = $modulesprefix_dev; - our $enginesdir_dir = - catdir($modulesprefix_dir, "engines-$sover_dirname"); - our $enginesdir = catpath($enginesdir_dev, $enginesdir_dir); - $modulesdir_dev -} -MODULESDIR_dir={- canonpath($modulesdir_dir) -} -ENGINESDIR_dev={- $enginesdir_dev -} -ENGINESDIR_dir={- canonpath($enginesdir_dir) -} -!IF "$(DESTDIR)" != "" -INSTALLTOP=$(DESTDIR)$(INSTALLTOP_dir) -OPENSSLDIR=$(DESTDIR)$(OPENSSLDIR_dir) -ENGINESDIR=$(DESTDIR)$(ENGINESDIR_dir) -MODULESDIR=$(DESTDIR)$(MODULESDIR_dir) -!ELSE -INSTALLTOP=$(INSTALLTOP_dev)$(INSTALLTOP_dir) -OPENSSLDIR=$(OPENSSLDIR_dev)$(OPENSSLDIR_dir) -ENGINESDIR=$(ENGINESDIR_dev)$(ENGINESDIR_dir) -MODULESDIR=$(MODULESDIR_dev)$(MODULESDIR_dir) -!ENDIF - -# $(libdir) is chosen to be compatible with the GNU coding standards -libdir={- file_name_is_absolute($libdir) - ? $libdir : '$(INSTALLTOP)\$(LIBDIR)' -} - -##### User defined commands and flags ################################ - -CC="{- $config{CC} -}" -CPP={- $config{CPP} -} -CPPFLAGS={- our $cppflags1 = join(" ", - (map { "-D".$_} @{$config{CPPDEFINES}}), - (map { " -I".$_} @{$config{CPPINCLUDES}}), - @{$config{CPPFLAGS}}) -} -CFLAGS={- join(' ', @{$config{CFLAGS}}) -} -LD="{- $config{LD} -}" -LDFLAGS={- join(' ', @{$config{LDFLAGS}}) -} -EX_LIBS={- join(' ', @{$config{LDLIBS}}) -} - -PERL={- $config{PERL} -} - -AR="{- $config{AR} -}" -ARFLAGS= {- join(' ', @{$config{ARFLAGS}}) -} - -MT="{- $config{MT} -}" -MTFLAGS= {- join(' ', @{$config{MTFLAGS}}) -} - -AS="{- $config{AS} -}" -ASFLAGS={- join(' ', @{$config{ASFLAGS}}) -} - -RC="{- $config{RC} -}" -RCFLAGS={- join(' ', @{$config{RCFLAGS}}) -} - -ECHO="$(PERL)" "$(SRCDIR)\util\echo.pl" - -##### Special command flags ########################################## - -COUTFLAG={- $target{coutflag} -}$(OSSL_EMPTY) -LDOUTFLAG={- $target{ldoutflag} -}$(OSSL_EMPTY) -AROUTFLAG={- $target{aroutflag} -}$(OSSL_EMPTY) -MTINFLAG={- $target{mtinflag} -}$(OSSL_EMPTY) -MTOUTFLAG={- $target{mtoutflag} -}$(OSSL_EMPTY) -ASOUTFLAG={- $target{asoutflag} -}$(OSSL_EMPTY) -RCOUTFLAG={- $target{rcoutflag} -}$(OSSL_EMPTY) - -##### Project flags ################################################## - -# Variables starting with CNF_ are common variables for all product types - -CNF_ASFLAGS={- join(' ', $target{asflags} || (), - @{$config{asflags}}) -} -CNF_CPPFLAGS={- our $cppfags2 = - join(' ', $target{cppflags} || (), - (map { '-D'.quotify1($_) } @{$target{defines}}, - @{$config{defines}}), - (map { '-I'.'"'.$_.'"' } @{$target{includes}}, - @{$config{includes}}), - @{$config{cppflags}}) -} -CNF_CFLAGS={- join(' ', $target{cflags} || (), - @{$config{cflags}}) -} -CNF_CXXFLAGS={- join(' ', $target{cxxflags} || (), - @{$config{cxxflags}}) -} -CNF_LDFLAGS={- join(' ', $target{lflags} || (), - @{$config{lflags}}) -} -CNF_EX_LIBS={- join(' ', $target{ex_libs} || (), - @{$config{ex_libs}}) -} - -# Variables starting with LIB_ are used to build library object files -# and shared libraries. -# Variables starting with DSO_ are used to build DSOs and their object files. -# Variables starting with BIN_ are used to build programs and their object -# files. - -LIB_ASFLAGS={- join(' ', $target{lib_asflags} || (), - @{$config{lib_asflags}}, - '$(CNF_ASFLAGS)', '$(ASFLAGS)') -} -LIB_CPPFLAGS={- our $lib_cppflags = - join(' ', $target{lib_cppflags} || (), - $target{shared_cppflag} || (), - (map { '-D'.quotify1($_) } - @{$target{lib_defines}}, - @{$target{shared_defines}}, - @{$config{lib_defines}}, - @{$config{shared_defines}}), - (map { '-I'.quotify1($_) } - @{$target{lib_includes}}, - @{$target{shared_includes}}, - @{$config{lib_includes}}, - @{$config{shared_includes}}), - @{$config{lib_cppflags}}, - @{$config{shared_cppflag}}); - join(' ', $lib_cppflags, - (map { '-D'.quotify1($_) } - "OPENSSLDIR=\"$openssldir\"", - "ENGINESDIR=\"$enginesdir\"", - "MODULESDIR=\"$modulesdir\""), - '$(CNF_CPPFLAGS)', '$(CPPFLAGS)') -} -LIB_CFLAGS={- join(' ', $target{lib_cflags} || (), - $target{shared_cflag} || (), - @{$config{lib_cflags}}, - @{$config{shared_cflag}}, - '$(CNF_CFLAGS)', '$(CFLAGS)') -} -LIB_LDFLAGS={- join(' ', $target{shared_ldflag} || (), - $config{shared_ldflag} || (), - '$(CNF_LDFLAGS)', '$(LDFLAGS)') -} -LIB_EX_LIBS=$(CNF_EX_LIBS) $(EX_LIBS) -DSO_ASFLAGS={- join(' ', $target{dso_asflags} || (), - $target{module_asflags} || (), - @{$config{dso_asflags}}, - @{$config{module_asflags}}, - '$(CNF_ASFLAGS)', '$(ASFLAGS)') -} -DSO_CPPFLAGS={- join(' ', $target{dso_cppflags} || (), - $target{module_cppflag} || (), - (map { '-D'.quotify1($_) } - @{$target{dso_defines}}, - @{$target{module_defines}}, - @{$config{dso_defines}}, - @{$config{module_defines}}), - (map { '-I'.quotify1($_) } - @{$target{dso_includes}}, - @{$target{module_includes}}, - @{$config{dso_includes}}, - @{$config{module_includes}}), - @{$config{dso_cppflags}}, - @{$config{module_cppflags}}, - '$(CNF_CPPFLAGS)', '$(CPPFLAGS)') -} -DSO_CFLAGS={- join(' ', $target{dso_cflags} || (), - $target{module_cflags} || (), - @{$config{dso_cflags}}, - @{$config{module_cflags}}, - '$(CNF_CFLAGS)', '$(CFLAGS)') -} -DSO_LDFLAGS={- join(' ', $target{dso_lflags} || (), - $target{module_ldflags} || (), - @{$config{dso_lflags}}, - @{$config{module_ldflags}}, - '$(CNF_LDFLAGS)', '$(LDFLAGS)') -} -DSO_EX_LIBS=$(CNF_EX_LIBS) $(EX_LIBS) -BIN_ASFLAGS={- join(' ', $target{bin_asflags} || (), - @{$config{bin_asflags}}, - '$(CNF_ASFLAGS)', '$(ASFLAGS)') -} -BIN_CPPFLAGS={- join(' ', $target{bin_cppflags} || (), - (map { '-D'.$_ } @{$config{bin_defines} || ()}), - @{$config{bin_cppflags}}, - '$(CNF_CPPFLAGS)', '$(CPPFLAGS)') -} -BIN_CFLAGS={- join(' ', $target{bin_cflags} || (), - @{$config{bin_cflags}}, - '$(CNF_CFLAGS)', '$(CFLAGS)') -} -BIN_LDFLAGS={- join(' ', $target{bin_lflags} || (), - @{$config{bin_lflags}}, - '$(CNF_LDFLAGS)', '$(LDFLAGS)') -} -BIN_EX_LIBS=$(CNF_EX_LIBS) $(EX_LIBS) - -# CPPFLAGS_Q is used for one thing only: to build up buildinf.h -CPPFLAGS_Q={- $cppflags1 =~ s|([\\"])|\\$1|g; - $cppflags2 =~ s|([\\"])|\\$1|g; - join(' ', $lib_cppflags || (), $cppflags2 || (), - $cppflags1 || ()) -} - -PERLASM_SCHEME= {- $target{perlasm_scheme} -} - -PROCESSOR= {- $config{processor} -} - -# The main targets ################################################### - -{- dependmagic('build_sw'); -}: build_libs_nodep build_modules_nodep build_programs_nodep copy-utils -{- dependmagic('build_libs'); -}: build_libs_nodep -{- dependmagic('build_modules'); -}: build_modules_nodep -{- dependmagic('build_programs'); -}: build_programs_nodep - -build_docs: build_html_docs -build_html_docs: $(HTMLDOCS1) $(HTMLDOCS3) $(HTMLDOCS5) $(HTMLDOCS7) - @ -build_generated: $(GENERATED_MANDATORY) - @ -build_libs_nodep: $(LIBS) {- join(" ",map { platform->sharedlib_import($_) // () } @{$unified_info{libraries}}) -} - @ -build_modules_nodep: $(MODULES) - @ -build_programs_nodep: $(PROGRAMS) $(SCRIPTS) - @ - -# Kept around for backward compatibility -build_apps build_tests: build_programs - -# Convenience target to prebuild all generated files, not just the mandatory -# ones -build_all_generated: $(GENERATED_MANDATORY) $(GENERATED) build_docs - @{- output_off() if $disabled{makedepend}; "\@rem" -} - @$(ECHO) "Warning: consider configuring with no-makedepend, because if" - @$(ECHO) " target system doesn't have $(PERL)," - @$(ECHO) " then make will fail..." - @{- output_on() if $disabled{makedepend}; "\@rem" -} - -all: build_sw build_docs - -test: tests -{- dependmagic('tests'); -}: build_programs_nodep build_modules_nodep copy-utils - @{- output_off() if $disabled{tests}; "\@rem" -} - cmd /C "set "SRCTOP=$(SRCDIR)" & set "BLDTOP=$(BLDDIR)" & set "PERL=$(PERL)" & set "FIPSKEY=$(FIPSKEY)" & "$(PERL)" "$(SRCDIR)\test\run_tests.pl" $(TESTS)" - @{- if ($disabled{tests}) { output_on(); } else { output_off(); } "" -} - @$(ECHO) "Tests are not supported with your chosen Configure options" - @{- output_on() if !$disabled{tests}; "\@rem" -} - -list-tests: - @{- output_off() if $disabled{tests}; "\@rem" -} - @cmd /C "set "SRCTOP=$(SRCDIR)" & "$(PERL)" "$(SRCDIR)\test\run_tests.pl" list" - @{- if ($disabled{tests}) { output_on(); } else { output_off(); } "" -} - @$(ECHO) "Tests are not supported with your chosen Configure options" - @{- output_on() if !$disabled{tests}; "\@rem" -} - -install: install_sw install_ssldirs install_docs {- $disabled{fips} ? "" : "install_fips" -} - -uninstall: uninstall_docs uninstall_sw {- $disabled{fips} ? "" : "uninstall_fips" -} - -libclean: - "$(PERL)" -e "map { m/(.*)\.dll$$/; unlink glob """{.,apps,test,fuzz}/$$1.*"""; } @ARGV" $(SHLIBS) - -del /Q /F $(LIBS) libcrypto.* libssl.* ossl_static.pdb - -clean: libclean - {- join("\n\t", map { "-del /Q /F $_" } @HTMLDOCS1) || "\@rem" -} - {- join("\n\t", map { "-del /Q /F $_" } @HTMLDOCS3) || "\@rem" -} - {- join("\n\t", map { "-del /Q /F $_" } @HTMLDOCS5) || "\@rem" -} - {- join("\n\t", map { "-del /Q /F $_" } @HTMLDOCS7) || "\@rem" -} - {- join("\n\t", map { "-del /Q /F $_" } @PROGRAMS) || "\@rem" -} - {- join("\n\t", map { "-del /Q /F $_" } @MODULES) || "\@rem" -} - {- join("\n\t", map { "-del /Q /F $_" } @SCRIPTS) || "\@rem" -} - {- join("\n\t", map { "-del /Q /F $_" } @GENERATED_MANDATORY) || "\@rem" -} - {- join("\n\t", map { "-del /Q /F $_" } @GENERATED) || "\@rem" -} - -del /Q /S /F *.d *.obj *.pdb *.ilk *.manifest - -del /Q /S /F engines\*.lib engines\*.exp - -del /Q /S /F apps\*.lib apps\*.rc apps\*.res apps\*.exp - -del /Q /S /F test\*.exp - -rd /Q /S test\test-runs - -distclean: clean - -del /Q /F include\openssl\configuration.h - -del /Q /F configdata.pm - -del /Q /F makefile - -depend: makefile - @ {- output_off() if $disabled{makedepend}; "\@rem" -} - @ "$(PERL)" "$(SRCDIR)\util\add-depends.pl" "{- $target{makedep_scheme} -}" - @ {- output_on() if $disabled{makedepend}; "\@rem" -} - -# Install helper targets ############################################# - -install_sw: install_dev install_engines install_modules install_runtime - -uninstall_sw: uninstall_runtime uninstall_modules uninstall_engines uninstall_dev - -install_docs: install_html_docs - -uninstall_docs: uninstall_html_docs - -{- output_off() if $disabled{fips}; "" -} -install_fips: build_sw $(INSTALL_FIPSMODULECONF) -# @[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1) - @"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(MODULESDIR)" - @"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(OPENSSLDIR)" - @$(ECHO) "*** Installing FIPS module" - @$(ECHO) "install $(INSTALL_FIPSMODULE) -> $(MODULESDIR)\$(FIPSMODULENAME)" - @"$(PERL)" "$(SRCDIR)\util\copy.pl" "$(INSTALL_FIPSMODULE)" "$(MODULESDIR)" - @$(ECHO) "*** Installing FIPS module configuration" - @$(ECHO) "install $(INSTALL_FIPSMODULECONF) -> $(OPENSSLDIR)\fipsmodule.cnf" - @"$(PERL)" "$(SRCDIR)\util\copy.pl" "$(INSTALL_FIPSMODULECONF)" "$(OPENSSLDIR)" - -uninstall_fips: - @$(ECHO) "*** Uninstalling FIPS module configuration" - $(RM) "$(OPENSSLDIR)\fipsmodule.cnf" - @$(ECHO) "*** Uninstalling FIPS module" - $(RM) "$(MODULESDIR)\$(FIPSMODULENAME)" -{- if ($disabled{fips}) { output_on(); } else { output_off(); } "" -} -install_fips: - @$(ECHO) "The 'install_fips' target requires the 'enable-fips' option" - -uninstall_fips: - @$(ECHO) "The 'uninstall_fips' target requires the 'enable-fips' option" -{- output_on() if !$disabled{fips}; "" -} - -install_ssldirs: - @"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(OPENSSLDIR)\certs" - @"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(OPENSSLDIR)\private" - @"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(OPENSSLDIR)\misc" - @"$(PERL)" "$(SRCDIR)\util\copy.pl" "$(SRCDIR)\apps\openssl.cnf" \ - "$(OPENSSLDIR)\openssl.cnf.dist" - @IF NOT EXIST "$(OPENSSLDIR)\openssl.cnf" \ - "$(PERL)" "$(SRCDIR)\util\copy.pl" "$(SRCDIR)\apps\openssl.cnf" \ - "$(OPENSSLDIR)\openssl.cnf" - @if not "$(MISC_SCRIPTS)"=="" \ - "$(PERL)" "$(SRCDIR)\util\copy.pl" $(MISC_SCRIPTS) \ - "$(OPENSSLDIR)\misc" - @"$(PERL)" "$(SRCDIR)\util\copy.pl" "$(SRCDIR)\apps\ct_log_list.cnf" \ - "$(OPENSSLDIR)\ct_log_list.cnf.dist" - @IF NOT EXIST "$(OPENSSLDIR)\ct_log_list.cnf" \ - "$(PERL)" "$(SRCDIR)\util\copy.pl" "$(SRCDIR)\apps\ct_log_list.cnf" \ - "$(OPENSSLDIR)\ct_log_list.cnf" - -install_dev: install_runtime_libs - @if "$(INSTALLTOP)"=="" ( $(ECHO) "INSTALLTOP should not be empty" & exit 1 ) - @$(ECHO) "*** Installing development files" - @"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(INSTALLTOP)\include\openssl" - @{- output_off() if $disabled{uplink}; "" -} - @"$(PERL)" "$(SRCDIR)\util\copy.pl" "$(SRCDIR)\ms\applink.c" \ - "$(INSTALLTOP)\include\openssl" - @{- output_on() if $disabled{uplink}; "" -} - @"$(PERL)" "$(SRCDIR)\util\copy.pl" "-exclude_re=/__DECC_" \ - "$(SRCDIR)\include\openssl\*.h" \ - "$(INSTALLTOP)\include\openssl" - @"$(PERL)" "$(SRCDIR)\util\copy.pl" "$(BLDDIR)\include\openssl\*.h" \ - "$(INSTALLTOP)\include\openssl" - @"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(libdir)" - @"$(PERL)" "$(SRCDIR)\util\copy.pl" $(INSTALL_LIBS) "$(libdir)" - @if "$(SHLIBS)"=="" \ - "$(PERL)" "$(SRCDIR)\util\copy.pl" ossl_static.pdb "$(libdir)" - -uninstall_dev: - -_install_modules_deps: install_runtime_libs build_modules - -install_engines: _install_modules_deps - @if "$(INSTALLTOP)"=="" ( $(ECHO) "INSTALLTOP should not be empty" & exit 1 ) - @$(ECHO) "*** Installing engines" - @"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(ENGINESDIR)" - @if not "$(INSTALL_ENGINES)"=="" \ - "$(PERL)" "$(SRCDIR)\util\copy.pl" $(INSTALL_ENGINES) "$(ENGINESDIR)" - @if not "$(INSTALL_ENGINES)"=="" \ - "$(PERL)" "$(SRCDIR)\util\copy.pl" $(INSTALL_ENGINEPDBS) "$(ENGINESDIR)" - -uninstall_engines: - -install_modules: _install_modules_deps - @if "$(INSTALLTOP)"=="" ( $(ECHO) "INSTALLTOP should not be empty" & exit 1 ) - @$(ECHO) "*** Installing modules" - @"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(MODULESDIR)" - @if not "$(INSTALL_MODULES)"=="" \ - "$(PERL)" "$(SRCDIR)\util\copy.pl" $(INSTALL_MODULES) "$(MODULESDIR)" - @if not "$(INSTALL_MODULES)"=="" \ - "$(PERL)" "$(SRCDIR)\util\copy.pl" $(INSTALL_MODULEPDBS) "$(MODULESDIR)" - -uninstall_modules: - -install_runtime: install_programs - -install_runtime_libs: build_libs - @if "$(INSTALLTOP)"=="" ( $(ECHO) "INSTALLTOP should not be empty" & exit 1 ) - @$(ECHO) "*** Installing runtime libraries" - @"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(INSTALLTOP)\bin" - @if not "$(SHLIBS)"=="" \ - "$(PERL)" "$(SRCDIR)\util\copy.pl" $(INSTALL_SHLIBS) "$(INSTALLTOP)\bin" - @if not "$(SHLIBS)"=="" \ - "$(PERL)" "$(SRCDIR)\util\copy.pl" $(INSTALL_SHLIBPDBS) \ - "$(INSTALLTOP)\bin" - -install_programs: install_runtime_libs build_programs - @if "$(INSTALLTOP)"=="" ( $(ECHO) "INSTALLTOP should not be empty" & exit 1 ) - @$(ECHO) "*** Installing runtime programs" - @if not "$(INSTALL_PROGRAMS)"=="" \ - "$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(INSTALLTOP)\bin" - @if not "$(INSTALL_PROGRAMS)"=="" \ - "$(PERL)" "$(SRCDIR)\util\copy.pl" $(INSTALL_PROGRAMS) \ - "$(INSTALLTOP)\bin" - @if not "$(INSTALL_PROGRAMS)"=="" \ - "$(PERL)" "$(SRCDIR)\util\copy.pl" $(INSTALL_PROGRAMPDBS) \ - "$(INSTALLTOP)\bin" - @if not "$(INSTALL_PROGRAMS)"=="" \ - "$(PERL)" "$(SRCDIR)\util\copy.pl" $(BIN_SCRIPTS) \ - "$(INSTALLTOP)\bin" - -uninstall_runtime: - -install_html_docs: install_image_docs build_html_docs - @if "$(INSTALLTOP)"=="" ( echo INSTALLTOP should not be empty & exit 1 ) - @echo *** Installing HTML docs - @"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(INSTALLTOP)\html\man1" - @"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(INSTALLTOP)\html\man3" - @"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(INSTALLTOP)\html\man5" - @"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(INSTALLTOP)\html\man7" - @"$(PERL)" "$(SRCDIR)\util\copy.pl" $(BLDDIR)\doc\html\man1\*.html \ - "$(INSTALLTOP)\html\man1" - @"$(PERL)" "$(SRCDIR)\util\copy.pl" $(BLDDIR)\doc\html\man3\*.html \ - "$(INSTALLTOP)\html\man3" - @"$(PERL)" "$(SRCDIR)\util\copy.pl" $(BLDDIR)\doc\html\man5\*.html \ - "$(INSTALLTOP)\html\man5" - @"$(PERL)" "$(SRCDIR)\util\copy.pl" $(BLDDIR)\doc\html\man7\*.html \ - "$(INSTALLTOP)\html\man7" - -uninstall_html_docs: uninstall_image_docs - -install_image_docs: - @if "$(INSTALLTOP)"=="" ( echo INSTALLTOP should not be empty & exit 1 ) - @echo *** Installing HTML images - @"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(INSTALLTOP)\html\man7\img" - @"$(PERL)" "$(SRCDIR)\util\copy.pl" $(SRCDIR)\doc\man7\img\*.png \ - "$(INSTALLTOP)\html\man7\img" - -uninstall_image_docs: - -# Helper targets ##################################################### - -copy-utils: $(BLDDIR)\apps\openssl.cnf - -$(BLDDIR)\apps\openssl.cnf: makefile - @if NOT EXIST "$(BLDDIR)\apps" mkdir "$(BLDDIR)\apps" - @if NOT "$(SRCDIR)"=="$(BLDDIR)" copy "$(SRCDIR)\apps\$(@F)" "$(BLDDIR)\apps" - -# Building targets ################################################### - -makefile: configdata.pm {- join(" ", map { '"'.$_.'"' } @{$config{build_file_templates}}) -} - @$(ECHO) "Detected changed: $?" - "$(PERL)" configdata.pm - @$(ECHO) "**************************************************" - @$(ECHO) "*** ***" - @$(ECHO) "*** Please run the same make command again ***" - @$(ECHO) "*** ***" - @$(ECHO) "**************************************************" - @exit 1 - -configdata.pm: "$(SRCDIR)\Configure" {- join(" ", map { '"'.$_.'"' } @{$config{build_infos}}, @{$config{conf_files}}) -} - @$(ECHO) "Detected changed: $?" - "$(PERL)" configdata.pm -r - @$(ECHO) "**************************************************" - @$(ECHO) "*** ***" - @$(ECHO) "*** Please run the same make command again ***" - @$(ECHO) "*** ***" - @$(ECHO) "**************************************************" - @exit 1 - -reconfigure reconf: - "$(PERL)" configdata.pm -r - -{- - use File::Basename; - use File::Spec::Functions qw/:DEFAULT abs2rel rel2abs file_name_is_absolute/; - - # Helper function to convert dependencies in platform agnostic form to - # dependencies in platform form. - sub compute_platform_depends { - map { my $x = $_; - - grep { $x eq $_ } @{$unified_info{programs}} and platform->bin($x) - or grep { $x eq $_ } @{$unified_info{modules}} and platform->dso($x) - or grep { $x eq $_ } @{$unified_info{libraries}} and platform->lib($x) - or platform->convertext($x); } @_; - } - - # Helper function to figure out dependencies on libraries - # It takes a list of library names and outputs a list of dependencies - sub compute_lib_depends { - if ($disabled{shared}) { - return map { platform->staticlib($_) } @_; - } - return map { platform->sharedlib_import($_) // platform->staticlib($_) } @_; - } - - sub generatetarget { - my %args = @_; - my $deps = join(" ", compute_platform_depends(@{$args{deps}})); - return <<"EOF"; -$args{target}: $deps -EOF - } - - # This function (and the next) avoids quoting paths of generated dependencies - # (in the build tree), but quotes paths of non-generated dependencies (in the - # source tree). This is a workaround for a limitation of C++Builder's make.exe - # in handling quoted paths: https://quality.embarcadero.com/browse/RSP-31756 - sub generatesrc { - my %args = @_; - my $gen0 = $args{generator}->[0]; - my $gen_args = join('', map { " $_" } - @{$args{generator}}[1..$#{$args{generator}}]); - my $gen_incs = join("", map { " -I\"$_\"" } @{$args{generator_incs}}); - my $incs = join("", map { " -I\"$_\"" } @{$args{incs}}); - my $defs = join("", map { " -D".$_ } @{$args{defs}}); - my $deps = join(' ', - map { file_name_is_absolute($_) || ($_ =~ m|^../|) ? "\"$_\"" : $_ } - compute_platform_depends(@{$args{generator_deps}}, - @{$args{deps}})); - - if ($args{src} =~ /\.html$/) { - # - # HTML generator - # - my $title = basename($args{src}, ".html"); - my $pod = $gen0; - return <<"EOF"; -$args{src}: "$pod" - "\$(PERL)" "\$(SRCDIR)/util/mkpod2html.pl" -i "$pod" -o \$\@ -t "$title" -r "\$(SRCDIR)/doc" -EOF - } elsif (platform->isdef($args{src})) { - # - # Linker script-ish generator - # - my $target = platform->def($args{src}); - my $mkdef = abs2rel(rel2abs(catfile($config{sourcedir}, - "util", "mkdef.pl")), - rel2abs($config{builddir})); - my $ord_ver = $args{intent} eq 'lib' ? ' --version $(VERSION_NUMBER)' : ''; - my $ord_name = - $args{generator}->[1] || basename(platform->dsoname($args{product})); - return <<"EOF"; -$target: $gen0 $deps $mkdef - "\$(PERL)" "$mkdef"$ord_ver --type $args{intent} --ordinals $gen0 --name $ord_name --OS windows > $target -EOF - } elsif (platform->isasm($args{src})) { - # - # Assembler generator - # - my $cppflags = { - shlib => '$(LIB_CFLAGS) $(LIB_CPPFLAGS)', - lib => '$(LIB_CFLAGS) $(LIB_CPPFLAGS)', - dso => '$(DSO_CFLAGS) $(DSO_CPPFLAGS)', - bin => '$(BIN_CFLAGS) $(BIN_CPPFLAGS)' - } -> {$args{intent}}; - my $target = platform->asm($args{src}); - - my $generator; - if ($gen0 =~ /\.pl$/) { - $generator = '"$(PERL)"'.$gen_incs.' "'.$gen0.'"'.$gen_args - .' "$(PERLASM_SCHEME)"'.$incs.' '.$cppflags.$defs.' $(PROCESSSOR)'; - } elsif ($gen0 =~ /\.S$/) { - $generator = undef; - } else { - die "Generator type for $src unknown: $gen0\n"; - } - - if (defined($generator)) { - # If the target is named foo.S in build.info, we want to - # end up generating foo.s in two steps. - if ($args{src} =~ /\.S$/) { - return <<"EOF"; -$target: "$gen0" $deps - cmd /C "set "ASM=\$(AS)" & $generator \$@.S" - \$(CPP) $incs $cppflags $defs \$@.S > \$@.i - move /Y \$@.i \$@ - del /Q \$@.S -EOF - } - # Otherwise.... - return <<"EOF"; -$target: "$gen0" $deps - cmd /C "set "ASM=\$(AS)" & $generator \$@" -EOF - } - return <<"EOF"; -$target: "$gen0" $deps - \$(CPP) $incs $cppflags $defs "$gen0" > \$@.i - move /Y \$@.i \$@ -EOF - } elsif ($gen0 =~ m|^.*\.in$|) { - # - # "dofile" generator (file.in -> file) - # - my $dofile = abs2rel(rel2abs(catfile($config{sourcedir}, - "util", "dofile.pl")), - rel2abs($config{builddir})); - my @perlmodules = ( 'configdata.pm', - grep { $_ =~ m|\.pm$| } @{$args{deps}} ); - my %perlmoduleincs = map { '"-I'.dirname($_).'"' => 1 } @perlmodules; - $deps = join(' ', $deps, compute_platform_depends(@perlmodules)); - @perlmodules = map { "-M".basename($_, '.pm') } @perlmodules; - my $perlmodules = join(' ', '', sort keys %perlmoduleincs, @perlmodules); - return <<"EOF"; -$args{src}: "$gen0" $deps - "\$(PERL)"$perlmodules "$dofile" "-o$target{build_file}" "$gen0"$gen_args > \$@ -EOF - } elsif (grep { $_ eq $gen0 } @{$unified_info{programs}}) { - # - # Generic generator using OpenSSL programs - # - - # Redo $gen0, to ensure that we have the proper extension. - $gen0 = platform->bin($gen0); - return <<"EOF"; -$args{src}: $gen0 $deps "\$(BLDDIR)\\util\\wrap.pl" - "\$(PERL)" "\$(BLDDIR)\\util\\wrap.pl" "$gen0"$gen_args > \$@ -EOF - } else { - # - # Generic generator using Perl - # - return <<"EOF"; -$args{src}: "$gen0" $deps - "\$(PERL)"$gen_incs "$gen0"$gen_args > \$@ -EOF - } - } - - sub src2obj { - my $asmext = platform->asmext(); - my %args = @_; - my @srcs = - map { my $x = $_; - (platform->isasm($x) && grep { $x eq $_ } @generated) - ? platform->asm($x) : $x } - ( @{$args{srcs}} ); - my $srcs = '"'.join('" "', @srcs).'"'; - my $deps = join(' ', - map { file_name_is_absolute($_) || ($_ =~ m|^../|) ? "\"$_\"" : $_ } - (@srcs, @{$args{deps}})); - my $incs = join("", map { ' -I"'.$_.'"' } @{$args{incs}}); - my $defs = join("", map { " -D".$_ } @{$args{defs}}); - my $cflags = { shlib => ' $(LIB_CFLAGS)', - lib => ' $(LIB_CFLAGS)', - dso => ' $(DSO_CFLAGS)', - bin => ' $(BIN_CFLAGS)' } -> {$args{intent}}; - $cflags .= $incs; - $cflags .= { shlib => ' $(LIB_CPPFLAGS)', - lib => ' $(LIB_CPPFLAGS)', - dso => ' $(DSO_CPPFLAGS)', - bin => ' $(BIN_CPPFLAGS)' } -> {$args{intent}}; - my $asflags = { shlib => ' $(LIB_ASFLAGS)', - lib => ' $(LIB_ASFLAGS)', - dso => ' $(DSO_ASFLAGS)', - bin => ' $(BIN_ASFLAGS)' } -> {$args{intent}}; - my $makedepcmd = $config{makedepcmd} unless $disabled{makedepend}; - if ($srcs[0] =~ /\.rc$/) { - my $res = platform->res($args{obj}); - return <<"EOF"; -$res: $deps - \$(RC) \$(RCFLAGS) \$(RCOUTFLAG)\$\@ $srcs -EOF - } - my $obj = platform->obj($args{obj}); - my $dep = platform->dep($args{obj}); - if ($srcs[0] =~ /\Q${asmext}\E$/) { - return <<"EOF"; -$obj: $deps - \$(AS) $asflags \$(ASOUTFLAG)\$\@ $srcs -EOF - } elsif ($srcs[0] =~ /.S$/) { - return <<"EOF"; -$obj: $deps - \$(CC) /EP -D__ASSEMBLER__ $cflags $defs $srcs > \$@.asm - \$(AS) $asflags \$(ASOUTFLAG)\$\@ \$@.asm -EOF - } - my $recipe = <<"EOF"; -$obj: $deps - \$(CC) $cflags $defs -c \$(COUTFLAG)\$\@ $srcs -EOF - $recipe .= <<"EOF" unless $disabled{makedepend}; - cmd /C "$makedepcmd $cflags $defs $srcs > $dep 2>&1" -EOF - return $recipe; - } - - # We *know* this routine is only called when we've configure 'shared'. - # Also, note that even though the import library built here looks like - # a static library, it really isn't. - sub obj2shlib { - my %args = @_; - my $lib = $args{lib}; - my @objs = map { platform->convertext($_) } - grep { platform->isobj($_) } - @{$args{objs}}; - my @ress = map { platform->convertext($_) } - grep { platform->isres($_) } - @{$args{objs}}; - my @defs = map { platform->def($_) } - grep { platform->isdef($_) } - @{$args{objs}}; - my @deps = compute_lib_depends(@{$args{deps}}); - die "More than one exported symbols list" if scalar @defs > 1; - my $linklibs = join("", map { "$_$target{ld_resp_delim}" } @deps); - my $objs = join($target{ld_resp_delim}, @objs); - my $ress = join($target{ld_resp_delim}, @ress); - my $deps = join(" ", @objs, @ress, @defs, @deps); - my $import = platform->sharedlib_import($lib); - my $dll = platform->sharedlib($lib); - my $shared_def = $target{lddefflag} . join("", @defs); - my $implib_rule = $target{ld_implib_rule} || ""; - my $implib_flag = $target{ld_implib_flag} - ? "$target{ld_implib_flag}$import" - : ""; - return <<"EOF" -# The import library may look like a static library, but it is not. -# We MUST make the import library depend on the DLL, in case someone -# mistakenly removes the latter. -$import: $dll - $implib_rule -$dll: $deps - IF EXIST $full.manifest DEL /F /Q $full.manifest - IF EXIST \$@ DEL /F /Q \$@ - cmd /C "\$(LD) \$(LDFLAGS) \$(LIB_LDFLAGS) @<< $implib_flag || (DEL /Q \$(\@B).* $import & EXIT 1)" -$objs$target{ld_resp_delim}\$(LDOUTFLAG)$dll$target{ldpostoutflag}$target{ld_resp_delim}$linklibs\$(LIB_EX_LIBS)$target{ld_resp_delim}$shared_def$target{ldresflag}$ress -<< - IF EXIST $dll.manifest \\ - \$(MT) \$(MTFLAGS) \$(MTINFLAG)$dll.manifest \$(MTOUTFLAG)$dll - IF EXIST apps\\$dll DEL /Q /F apps\\$dll - IF EXIST test\\$dll DEL /Q /F test\\$dll - IF EXIST fuzz\\$dll DEL /Q /F fuzz\\$dll - COPY $dll apps - COPY $dll test - COPY $dll fuzz -EOF - } - sub obj2dso { - my %args = @_; - my $dso = platform->dso($args{module}); - my $dso_n = platform->dsoname($args{module}); - my @objs = map { platform->convertext($_) } - grep { platform->isobj($_) } - @{$args{objs}}; - my @ress = map { platform->convertext($_) } - grep { platform->isres($_) } - @{$args{objs}}; - my @defs = map { platform->def($_) } - grep { platform->isdef($_) } - @{$args{objs}}; - my @deps = compute_lib_depends(@{$args{deps}}); - die "More than one exported symbols list" if scalar @defs > 1; - my $objs = join($target{ld_resp_delim}, @objs); - my $ress = join($target{ld_resp_delim}, @ress); - my $linklibs = join("", map { "$_$target{ld_resp_delim}" } @deps); - my $deps = join(" ", @objs, @ress, @defs, @deps); - my $shared_def = $target{lddefflag} . join("", @defs); - return <<"EOF"; -$dso: $deps - IF EXIST $dso.manifest DEL /F /Q $dso.manifest - cmd /C "\$(LD) \$(LDFLAGS) \$(DSO_LDFLAGS) @<< || (DEL /Q \$(\@B).* $dso_n.* & EXIT 1)" -$objs$target{ld_resp_delim}\$(LDOUTFLAG)$dso$target{ldpostoutflag}$target{ld_resp_delim}$linklibs \$(DSO_EX_LIBS)$target{ld_resp_delim}$shared_def$target{ldresflag}$ress -<< - IF EXIST $dso.manifest \\ - \$(MT) \$(MTFLAGS) \$(MTINFLAG)$dso.manifest \$(MTOUTFLAG)$dso -EOF - } - sub obj2lib { - my %args = @_; - my $lib = platform->staticlib($args{lib}); - my @objs = map { platform->obj($_) } @{$args{objs}}; - my $objs = join($target{ar_resp_delim}, @objs); - my $deps = join(" ", @objs); - return <<"EOF"; -$lib: $deps - \$(AR) \$(ARFLAGS) \$(AROUTFLAG)$lib @<< -$objs -<< -EOF - } - sub obj2bin { - my %args = @_; - my $bin = platform->bin($args{bin}); - my @objs = map { platform->convertext($_) } - grep { platform->isobj($_) } - @{$args{objs}}; - my @ress = map { platform->convertext($_) } - grep { platform->isres($_) } - @{$args{objs}}; - my @deps = compute_lib_depends(@{$args{deps}}); - my $objs = join($target{ld_resp_delim}, @objs); - my $ress = join($target{ld_resp_delim}, @ress); - my $linklibs = join("", map { "$_$target{ld_resp_delim}" } @deps); - my $deps = join(" ", @objs, @ress, @deps); - return <<"EOF"; -$bin: $deps - IF EXIST $bin.manifest DEL /F /Q $bin.manifest - \$(LD) \$(LDFLAGS) \$(BIN_LDFLAGS) @<< -$objs$target{ld_resp_delim}\$(LDOUTFLAG)$bin$target{ldpostoutflag}$target{ld_resp_delim}$linklibs\$(BIN_EX_LIBS)$target{ldresflag}$target{ldresflag}$ress -<< - IF EXIST $bin.manifest \\ - \$(MT) \$(MTFLAGS) \$(MTINFLAG)$bin.manifest \$(MTOUTFLAG)$bin -EOF - } - sub in2script { - my %args = @_; - my $script = $args{script}; - my $sources = '"'.join('" "', @{$args{sources}}).'"'; - my $dofile = abs2rel(rel2abs(catfile($config{sourcedir}, - "util", "dofile.pl")), - rel2abs($config{builddir})); - return <<"EOF"; -$script: $sources configdata.pm - "\$(PERL)" "-I\$(BLDDIR)" -Mconfigdata "$dofile" \\ - "-o$target{build_file}" $sources > \$@ -EOF - } - sub generatedir { - my %args = @_; - my $dir = $args{dir}; - my @deps = map { platform->convertext($_) } @{$args{deps}}; - my @actions = (); - my %extinfo = ( dso => platform->dsoext(), - lib => platform->libext(), - bin => platform->binext() ); - - # We already have a 'test' target, and the top directory is just plain - # silly - return if $dir eq "test" || $dir eq "."; - - foreach my $type (("dso", "lib", "bin", "script")) { - next unless defined($unified_info{dirinfo}->{$dir}->{products}->{$type}); - # For lib object files, we could update the library. However, - # LIB on Windows doesn't work that way, so we won't create any - # actions for it, and the dependencies are already taken care of. - if ($type ne "lib") { - foreach my $prod (@{$unified_info{dirinfo}->{$dir}->{products}->{$type}}) { - if (dirname($prod) eq $dir) { - push @deps, $prod.$extinfo{$type}; - } - } - } - } - - my $deps = join(" ", @deps); - my $actions = join("\n", "", @actions); - return <<"EOF"; -$dir $dir\\ : $deps$actions -EOF - } - "" # Important! This becomes part of the template result. --} diff --git a/Configure b/Configure deleted file mode 100755 index a558e5ab1a8b951a6cc7cb1de1ff89b98b05528b..0000000000000000000000000000000000000000 --- a/Configure +++ /dev/null @@ -1,3594 +0,0 @@ -#! /usr/bin/env perl -# -*- mode: perl; -*- -# Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - -## Configure -- OpenSSL source tree configuration script - -use 5.10.0; -use strict; -use Config; -use FindBin; -use lib "$FindBin::Bin/util/perl"; -use File::Basename; -use File::Spec::Functions qw/:DEFAULT abs2rel rel2abs splitdir/; -use File::Path qw/mkpath/; -use OpenSSL::fallback "$FindBin::Bin/external/perl/MODULES.txt"; -use OpenSSL::Glob; -use OpenSSL::Template; -use OpenSSL::config; - -# see INSTALL.md for instructions. - -my $orig_death_handler = $SIG{__DIE__}; -$SIG{__DIE__} = \&death_handler; - -my $usage="Usage: Configure [no- ...] [enable- ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-egd] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--config=FILE] os/compiler[:flags]\n"; - -my $banner = <<"EOF"; - -********************************************************************** -*** *** -*** OpenSSL has been successfully configured *** -*** *** -*** If you encounter a problem while building, please open an *** -*** issue on GitHub *** -*** and include the output from the following command: *** -*** *** -*** perl configdata.pm --dump *** -*** *** -*** (If you are new to OpenSSL, you might want to consult the *** -*** 'Troubleshooting' section in the INSTALL.md file first) *** -*** *** -********************************************************************** -EOF - -# Options: -# -# --config add the given configuration file, which will be read after -# any "Configurations*" files that are found in the same -# directory as this script. -# --prefix prefix for the OpenSSL installation, which includes the -# directories bin, lib, include, share/man, share/doc/openssl -# This becomes the value of INSTALLTOP in Makefile -# (Default: /usr/local) -# --openssldir OpenSSL data area, such as openssl.cnf, certificates and keys. -# If it's a relative directory, it will be added on the directory -# given with --prefix. -# This becomes the value of OPENSSLDIR in Makefile and in C. -# (Default: PREFIX/ssl) -# --banner=".." Output specified text instead of default completion banner -# -# -w Don't wait after showing a Configure warning -# -# --cross-compile-prefix Add specified prefix to binutils components. -# -# --api One of 0.9.8, 1.0.0, 1.0.1, 1.0.2, 1.1.0, 1.1.1, or 3.0 -# Define the public APIs as they were for that version -# including patch releases. If 'no-deprecated' is also -# given, do not compile support for interfaces deprecated -# up to and including the specified OpenSSL version. -# -# no-hw-xxx do not compile support for specific crypto hardware. -# Generic OpenSSL-style methods relating to this support -# are always compiled but return NULL if the hardware -# support isn't compiled. -# no-hw do not compile support for any crypto hardware. -# [no-]threads [don't] try to create a library that is suitable for -# multithreaded applications (default is "threads" if we -# know how to do it) -# [no-]shared [don't] try to create shared libraries when supported. -# [no-]pic [don't] try to build position independent code when supported. -# If disabled, it also disables shared and dynamic-engine. -# no-asm do not use assembler -# no-egd do not compile support for the entropy-gathering daemon APIs -# [no-]zlib [don't] compile support for zlib compression. -# zlib-dynamic Like "zlib", but the zlib library is expected to be a shared -# library and will be loaded in run-time by the OpenSSL library. -# sctp include SCTP support -# no-uplink Don't build support for UPLINK interface. -# enable-weak-ssl-ciphers -# Enable weak ciphers that are disabled by default. -# 386 generate 80386 code in assembly modules -# no-sse2 disables IA-32 SSE2 code in assembly modules, the above -# mentioned '386' option implies this one -# no- build without specified algorithm (dsa, idea, rc5, ...) -# - + All options which are unknown to the 'Configure' script are -# / passed through to the compiler. Unix-style options beginning -# with a '-' or '+' are recognized, as well as Windows-style -# options beginning with a '/'. If the option contains arguments -# separated by spaces, then the URL-style notation %20 can be -# used for the space character in order to avoid having to quote -# the option. For example, -opt%20arg gets expanded to -opt arg. -# In fact, any ASCII character can be encoded as %xx using its -# hexadecimal encoding. -# -static while -static is also a pass-through compiler option (and -# as such is limited to environments where it's actually -# meaningful), it triggers a number configuration options, -# namely no-pic, no-shared and no-threads. It is -# argued that the only reason to produce statically linked -# binaries (and in context it means executables linked with -# -static flag, and not just executables linked with static -# libcrypto.a) is to eliminate dependency on specific run-time, -# a.k.a. libc version. The mentioned config options are meant -# to achieve just that. Unfortunately on Linux it's impossible -# to eliminate the dependency completely for openssl executable -# because of getaddrinfo and gethostbyname calls, which can -# invoke dynamically loadable library facility anyway to meet -# the lookup requests. For this reason on Linux statically -# linked openssl executable has rather debugging value than -# production quality. -# -# BN_LLONG use the type 'long long' in crypto/bn/bn.h -# RC4_CHAR use 'char' instead of 'int' for RC4_INT in crypto/rc4/rc4.h -# Following are set automatically by this script -# -# MD5_ASM use some extra md5 assembler, -# SHA1_ASM use some extra sha1 assembler, must define L_ENDIAN for x86 -# RMD160_ASM use some extra ripemd160 assembler, -# SHA256_ASM sha256_block is implemented in assembler -# SHA512_ASM sha512_block is implemented in assembler -# AES_ASM AES_[en|de]crypt is implemented in assembler - -# Minimum warning options... any contributions to OpenSSL should at least -# get past these. Note that we only use these with C compilers, not with -# C++ compilers. - -# -DPEDANTIC complements -pedantic and is meant to mask code that -# is not strictly standard-compliant and/or implementation-specific, -# e.g. inline assembly, disregards to alignment requirements, such -# that -pedantic would complain about. Incidentally -DPEDANTIC has -# to be used even in sanitized builds, because sanitizer too is -# supposed to and does take notice of non-standard behaviour. Then -# -pedantic with pre-C9x compiler would also complain about 'long -# long' not being supported. As 64-bit algorithms are common now, -# it grew impossible to resolve this without sizeable additional -# code, so we just tell compiler to be pedantic about everything -# but 'long long' type. - -my @gcc_devteam_warn = qw( - -DPEDANTIC -pedantic -Wno-long-long -DUNUSEDRESULT_DEBUG - -Wall - -Wmissing-declarations - -Wextra - -Wno-unused-parameter - -Wno-missing-field-initializers - -Wswitch - -Wsign-compare - -Wshadow - -Wformat - -Wtype-limits - -Wundef - -Werror - -Wmissing-prototypes - -Wstrict-prototypes -); - -# These are used in addition to $gcc_devteam_warn when the compiler is clang. -# TODO(openssl-team): fix problems and investigate if (at least) the -# following warnings can also be enabled: -# -Wcast-align -# -Wunreachable-code -- no, too ugly/compiler-specific -# -Wlanguage-extension-token -- no, we use asm() -# -Wunused-macros -- no, too tricky for BN and _XOPEN_SOURCE etc -# -Wextended-offsetof -- no, needed in CMS ASN1 code -my @clang_devteam_warn = qw( - -Wno-unknown-warning-option - -Wswitch-default - -Wno-parentheses-equality - -Wno-language-extension-token - -Wno-extended-offsetof - -Wconditional-uninitialized - -Wincompatible-pointer-types-discards-qualifiers - -Wmissing-variable-declarations -); - -my @cl_devteam_warn = qw( - /WX -); - -my $strict_warnings = 0; - -# As for $BSDthreads. Idea is to maintain "collective" set of flags, -# which would cover all BSD flavors. -pthread applies to them all, -# but is treated differently. OpenBSD expands is as -D_POSIX_THREAD -# -lc_r, which is sufficient. FreeBSD 4.x expands it as -lc_r, -# which has to be accompanied by explicit -D_THREAD_SAFE and -# sometimes -D_REENTRANT. FreeBSD 5.x expands it as -lc_r, which -# seems to be sufficient? -our $BSDthreads="-pthread -D_THREAD_SAFE -D_REENTRANT"; - -# -# API compatibility name to version number mapping. -# -my $apitable = { - # This table expresses when API additions or changes can occur. - # The numbering used changes from 3.0 and on because we updated - # (solidified) our version numbering scheme at that point. - - # From 3.0 and on, we internalise the given version number in decimal - # as MAJOR * 10000 + MINOR * 100 + 0 - "3.0.0" => 30000, - "3.0" => 30000, - - # Note that before 3.0, we didn't have the same version number scheme. - # Still, the numbering we use here covers what we need. - "1.1.1" => 10101, - "1.1.0" => 10100, - "1.0.2" => 10002, - "1.0.1" => 10001, - "1.0.0" => 10000, - "0.9.8" => 908, -}; - -# For OpenSSL::config::get_platform -my %guess_opts = (); - -my $dryrun = 0; - -our %table = (); -our %config = (); -our %withargs = (); -our $now_printing; # set to current entry's name in print_table_entry - # (todo: right thing would be to encapsulate name - # into %target [class] and make print_table_entry - # a method) - -# Forward declarations ############################################### - -# read_config(filename) -# -# Reads a configuration file and populates %table with the contents -# (which the configuration file places in %targets). -sub read_config; - -# resolve_config(target) -# -# Resolves all the late evaluations, inheritances and so on for the -# chosen target and any target it inherits from. -sub resolve_config; - - -# Information collection ############################################# - -# Unified build supports separate build dir -my $srcdir = catdir(absolutedir(dirname($0))); # catdir ensures local syntax -my $blddir = catdir(absolutedir(".")); # catdir ensures local syntax - -# File::Spec::Unix doesn't detect case insensitivity, so we make sure to -# check if the source and build directory are really the same, and make -# them so. This avoids all kinds of confusion later on. -# We must check @File::Spec::ISA rather than using File::Spec->isa() to -# know if File::Spec ended up loading File::Spec::Unix. -$srcdir = $blddir - if (grep(/::Unix$/, @File::Spec::ISA) - && samedir($srcdir, $blddir)); - -my $dofile = abs2rel(catfile($srcdir, "util/dofile.pl")); - -my $local_config_envname = 'OPENSSL_LOCAL_CONFIG_DIR'; - -$config{sourcedir} = abs2rel($srcdir, $blddir); -$config{builddir} = abs2rel($blddir, $blddir); -# echo -n 'holy hand grenade of antioch' | openssl sha256 -$config{FIPSKEY} = - 'f4556650ac31d35461610bac4ed81b1a181b2d8a43ea2854cbae22ca74560813'; - -# Collect reconfiguration information if needed -my @argvcopy=@ARGV; - -if (grep /^reconf(igure)?$/, @argvcopy) { - die "reconfiguring with other arguments present isn't supported" - if scalar @argvcopy > 1; - if (-f "./configdata.pm") { - my $file = "./configdata.pm"; - unless (my $return = do $file) { - die "couldn't parse $file: $@" if $@; - die "couldn't do $file: $!" unless defined $return; - die "couldn't run $file" unless $return; - } - - @argvcopy = defined($configdata::config{perlargv}) ? - @{$configdata::config{perlargv}} : (); - die "Incorrect data to reconfigure, please do a normal configuration\n" - if (grep(/^reconf/,@argvcopy)); - $config{perlenv} = $configdata::config{perlenv} // {}; - } else { - die "Insufficient data to reconfigure, please do a normal configuration\n"; - } -} - -$config{perlargv} = [ @argvcopy ]; - -# Historical: if known directories in crypto/ have been removed, it means -# that those sub-systems are disabled. -# (the other option would be to removed them from the SUBDIRS statement in -# crypto/build.info) -# We reverse the input list for cosmetic purely reasons, to compensate that -# 'unshift' adds at the front of the list (i.e. in reverse input order). -foreach ( reverse sort( 'aes', 'aria', 'bf', 'camellia', 'cast', 'des', 'dh', - 'dsa', 'ec', 'hmac', 'idea', 'md2', 'md5', 'mdc2', - 'rc2', 'rc4', 'rc5', 'ripemd', 'seed', 'sha', - 'sm2', 'sm3', 'sm4') ) { - unshift @argvcopy, "no-$_" if ! -d catdir($srcdir, 'crypto', $_); -} - -# Collect version numbers -my %version = (); - -collect_information( - collect_from_file(catfile($srcdir,'VERSION.dat')), - qr/\s*(\w+)\s*=\s*(.*?)\s*$/ => - sub { - # Only define it if there is a value at all - if ($2 ne '') { - my $k = $1; - my $v = $2; - # Some values are quoted. Trim the quotes - $v = $1 if $v =~ /^"(.*)"$/; - $version{uc $k} = $v; - } - }, - "OTHERWISE" => - sub { die "Something wrong with this line:\n$_\nin $srcdir/VERSION.dat" }, - ); - -$config{major} = $version{MAJOR} // 'unknown'; -$config{minor} = $version{MINOR} // 'unknown'; -$config{patch} = $version{PATCH} // 'unknown'; -$config{prerelease} = - defined $version{PRE_RELEASE_TAG} ? "-$version{PRE_RELEASE_TAG}" : ''; -$config{build_metadata} = - defined $version{BUILD_METADATA} ? "+$version{BUILD_METADATA}" : ''; -$config{shlib_version} = $version{SHLIB_VERSION} // 'unknown'; -$config{release_date} = $version{RELEASE_DATE} // 'xx XXX xxxx'; - -$config{version} = "$config{major}.$config{minor}.$config{patch}"; -$config{full_version} = "$config{version}$config{prerelease}$config{build_metadata}"; - -die "erroneous version information in VERSION.dat: ", - "$config{version}, $config{shlib_version}\n" - unless (defined $version{MAJOR} - && defined $version{MINOR} - && defined $version{PATCH} - && defined $version{SHLIB_VERSION}); - -# Collect target configurations - -my $pattern = catfile(dirname($0), "Configurations", "*.conf"); -foreach (sort glob($pattern)) { - &read_config($_); -} - -if (defined env($local_config_envname)) { - if ($^O eq 'VMS') { - # VMS environment variables are logical names, - # which can be used as is - $pattern = $local_config_envname . ':' . '*.conf'; - } else { - $pattern = catfile(env($local_config_envname), '*.conf'); - } - - foreach (sort glob($pattern)) { - &read_config($_); - } -} - -# Save away perl command information -$config{perl_cmd} = $^X; -$config{perl_version} = $Config{version}; -$config{perl_archname} = $Config{archname}; - -$config{prefix}=""; -$config{openssldir}=""; -$config{processor}=""; -$config{libdir}=""; -my $auto_threads=1; # enable threads automatically? true by default -my $default_ranlib; - -# Known TLS and DTLS protocols -my @tls = qw(ssl3 tls1 tls1_1 tls1_2 tls1_3); -my @dtls = qw(dtls1 dtls1_2); - -# Explicitly known options that are possible to disable. They can -# be regexps, and will be used like this: /^no-${option}$/ -# For developers: keep it sorted alphabetically - -my @disablables = ( - "acvp-tests", - "afalgeng", - "aria", - "asan", - "asm", - "async", - "autoalginit", - "autoerrinit", - "autoload-config", - "bf", - "blake2", - "buildtest-c++", - "bulk", - "cached-fetch", - "camellia", - "capieng", - "cast", - "chacha", - "cmac", - "cmp", - "cms", - "comp", - "crypto-mdebug", - "ct", - "deprecated", - "des", - "devcryptoeng", - "dgram", - "dh", - "dsa", - "dso", - "dtls", - "dynamic-engine", - "ec", - "ec2m", - "ec_nistp_64_gcc_128", - "ecdh", - "ecdsa", - "egd", - "engine", - "err", - "external-tests", - "filenames", - "fips", - "fips-securitychecks", - "fuzz-afl", - "fuzz-libfuzzer", - "gost", - "idea", - "ktls", - "legacy", - "loadereng", - "makedepend", - "md2", - "md4", - "mdc2", - "module", - "msan", - "multiblock", - "nextprotoneg", - "ocb", - "ocsp", - "padlockeng", - "pic", - "pinshared", - "poly1305", - "posix-io", - "psk", - "rc2", - "rc4", - "rc5", - "rdrand", - "rfc3779", - "rmd160", - "scrypt", - "sctp", - "secure-memory", - "seed", - "shared", - "siphash", - "siv", - "sm2", - "sm3", - "sm4", - "sock", - "srp", - "srtp", - "sse2", - "ssl", - "ssl-trace", - "static-engine", - "stdio", - "tests", - "threads", - "tls", - "trace", - "ts", - "ubsan", - "ui-console", - "unit-test", - "uplink", - "weak-ssl-ciphers", - "whirlpool", - "zlib", - "zlib-dynamic", - ); -foreach my $proto ((@tls, @dtls)) - { - push(@disablables, $proto); - push(@disablables, "$proto-method") unless $proto eq "tls1_3"; - } - -# Internal disablables, for aliasing purposes. They serve no special -# purpose here, but allow scripts to get to know them through configdata.pm, -# where these are merged with @disablables. -# The actual aliasing mechanism is done via %disable_cascades -my @disablables_int = qw( - crmf - ); - -my %deprecated_disablables = ( - "ssl2" => undef, - "buf-freelists" => undef, - "crypto-mdebug-backtrace" => undef, - "hw" => "hw", # causes cascade, but no macro - "hw-padlock" => "padlockeng", - "ripemd" => "rmd160", - "ui" => "ui-console", - "heartbeats" => undef, - ); - -# All of the following are disabled by default: - -our %disabled = ( # "what" => "comment" - "fips" => "default", - "asan" => "default", - "buildtest-c++" => "default", - "crypto-mdebug" => "default", - "crypto-mdebug-backtrace" => "default", - "devcryptoeng" => "default", - "ec_nistp_64_gcc_128" => "default", - "egd" => "default", - "external-tests" => "default", - "fuzz-afl" => "default", - "fuzz-libfuzzer" => "default", - "ktls" => "default", - "md2" => "default", - "msan" => "default", - "rc5" => "default", - "sctp" => "default", - "ssl3" => "default", - "ssl3-method" => "default", - "trace" => "default", - "ubsan" => "default", - "unit-test" => "default", - "weak-ssl-ciphers" => "default", - "zlib" => "default", - "zlib-dynamic" => "default", - ); - -# Note: => pair form used for aesthetics, not to truly make a hash table -my @disable_cascades = ( - # "what" => [ "cascade", ... ] - "bulk" => [ "shared", "dso", - "aria", "async", "autoload-config", - "blake2", "bf", "camellia", "cast", "chacha", - "cmac", "cms", "cmp", "comp", "ct", - "des", "dgram", "dh", "dsa", - "ec", "engine", - "filenames", - "idea", "ktls", - "md4", "multiblock", "nextprotoneg", - "ocsp", "ocb", "poly1305", "psk", - "rc2", "rc4", "rmd160", - "seed", "siphash", "siv", - "sm3", "sm4", "srp", - "srtp", "ssl3-method", "ssl-trace", - "ts", "ui-console", "whirlpool", - "fips-securitychecks" ], - sub { $config{processor} eq "386" } - => [ "sse2" ], - "ssl" => [ "ssl3" ], - "ssl3-method" => [ "ssl3" ], - "zlib" => [ "zlib-dynamic" ], - "des" => [ "mdc2" ], - "ec" => [ "ec2m", "ecdsa", "ecdh", "sm2", "gost" ], - "dgram" => [ "dtls", "sctp" ], - "sock" => [ "dgram" ], - "dtls" => [ @dtls ], - sub { 0 == scalar grep { !$disabled{$_} } @dtls } - => [ "dtls" ], - - "tls" => [ @tls ], - sub { 0 == scalar grep { !$disabled{$_} } @tls } - => [ "tls" ], - - "crypto-mdebug" => [ "crypto-mdebug-backtrace" ], - - # If no modules, then no dynamic engines either - "module" => [ "dynamic-engine" ], - - # Without shared libraries, dynamic engines aren't possible. - # This is due to them having to link with libcrypto and register features - # using the ENGINE functionality, and since that relies on global tables, - # those *have* to be exacty the same as the ones accessed from the app, - # which cannot be guaranteed if shared libraries aren't present. - # (note that even with shared libraries, both the app and dynamic engines - # must be linked with the same library) - "shared" => [ "dynamic-engine", "uplink" ], - "dso" => [ "dynamic-engine", "module" ], - # Other modules don't necessarily have to link with libcrypto, so shared - # libraries do not have to be a condition to produce those. - - # Without position independent code, there can be no shared libraries - # or modules. - "pic" => [ "shared", "module" ], - - "module" => [ "fips", "dso" ], - - "engine" => [ "dynamic-engine", grep(/eng$/, @disablables) ], - "dynamic-engine" => [ "loadereng" ], - "hw" => [ "padlockeng" ], - - # no-autoalginit is only useful when building non-shared - "autoalginit" => [ "shared", "apps", "fips" ], - - "stdio" => [ "apps", "capieng", "egd" ], - "apps" => [ "tests" ], - "tests" => [ "external-tests" ], - "comp" => [ "zlib" ], - "sm3" => [ "sm2" ], - sub { !$disabled{"unit-test"} } => [ "heartbeats" ], - - sub { !$disabled{"msan"} } => [ "asm" ], - - "cmac" => [ "siv" ], - "legacy" => [ "md2" ], - - "cmp" => [ "crmf" ], - - "fips" => [ "fips-securitychecks", "acvp-tests" ], - - "deprecated-3.0" => [ "engine", "srp" ] - ); - -# Avoid protocol support holes. Also disable all versions below N, if version -# N is disabled while N+1 is enabled. -# -my @list = (reverse @tls); -while ((my $first, my $second) = (shift @list, shift @list)) { - last unless @list; - push @disable_cascades, ( sub { !$disabled{$first} && $disabled{$second} } - => [ @list ] ); - unshift @list, $second; -} -my @list = (reverse @dtls); -while ((my $first, my $second) = (shift @list, shift @list)) { - last unless @list; - push @disable_cascades, ( sub { !$disabled{$first} && $disabled{$second} } - => [ @list ] ); - unshift @list, $second; -} - -# Explicit "no-..." options will be collected in %disabled along with the defaults. -# To remove something from %disabled, use "enable-foo". -# For symmetry, "disable-foo" is a synonym for "no-foo". - -# For the "make variables" CPPINCLUDES and CPPDEFINES, we support lists with -# platform specific list separators. Users from those platforms should -# recognise those separators from how you set up the PATH to find executables. -# The default is the Unix like separator, :, but as an exception, we also -# support the space as separator. -my $list_separator_re = - { VMS => qr/(? qr/(? {$^O} // qr/(? env('AR'), - ARFLAGS => [], - AS => undef, - ASFLAGS => [], - CC => env('CC'), - CFLAGS => [ env('CFLAGS') || () ], - CXX => env('CXX'), - CXXFLAGS => [ env('CXXFLAGS') || () ], - CPP => undef, - CPPFLAGS => [ env('CPPFLAGS') || () ], # -D, -I, -Wp, - CPPDEFINES => [], # Alternative for -D - CPPINCLUDES => [], # Alternative for -I - CROSS_COMPILE => env('CROSS_COMPILE'), - HASHBANGPERL=> env('HASHBANGPERL') || env('PERL'), - LD => undef, - LDFLAGS => [ env('LDFLAGS') || () ], # -L, -Wl, - LDLIBS => [ env('LDLIBS') || () ], # -l - MT => undef, - MTFLAGS => [], - PERL => env('PERL') || ($^O ne "VMS" ? $^X : "perl"), - RANLIB => env('RANLIB'), - RC => env('RC') || env('WINDRES'), - RCFLAGS => [ env('RCFLAGS') || () ], - RM => undef, - ); -# Info about what "make variables" may be prefixed with the cross compiler -# prefix. This should NEVER mention any such variable with a list for value. -my @user_crossable = qw ( AR AS CC CXX CPP LD MT RANLIB RC ); -# The same but for flags given as Configure options. These are *additional* -# input, as opposed to the VAR=string option that override the corresponding -# config target attributes -my %useradd = ( - CPPDEFINES => [], - CPPINCLUDES => [], - CPPFLAGS => [], - CFLAGS => [], - CXXFLAGS => [], - LDFLAGS => [], - LDLIBS => [], - RCFLAGS => [], - ); - -my %user_synonyms = ( - HASHBANGPERL=> 'PERL', - RC => 'WINDRES', - ); - -# Some target attributes have been renamed, this is the translation table -my %target_attr_translate =( - ar => 'AR', - as => 'AS', - cc => 'CC', - cxx => 'CXX', - cpp => 'CPP', - hashbangperl => 'HASHBANGPERL', - ld => 'LD', - mt => 'MT', - ranlib => 'RANLIB', - rc => 'RC', - rm => 'RM', - ); - -# Initialisers coming from 'config' scripts -$config{defines} = [ split(/$list_separator_re/, env('__CNF_CPPDEFINES')) ]; -$config{includes} = [ split(/$list_separator_re/, env('__CNF_CPPINCLUDES')) ]; -$config{cppflags} = [ env('__CNF_CPPFLAGS') || () ]; -$config{cflags} = [ env('__CNF_CFLAGS') || () ]; -$config{cxxflags} = [ env('__CNF_CXXFLAGS') || () ]; -$config{lflags} = [ env('__CNF_LDFLAGS') || () ]; -$config{ex_libs} = [ env('__CNF_LDLIBS') || () ]; - -$config{openssl_api_defines}=[]; -$config{openssl_sys_defines}=[]; -$config{openssl_feature_defines}=[]; -$config{options}=""; -$config{build_type} = "release"; -my $target=""; - -my %cmdvars = (); # Stores FOO='blah' type arguments -my %unsupported_options = (); -my %deprecated_options = (); -# If you change this, update apps/version.c -my @known_seed_sources = qw(getrandom devrandom os egd none rdcpu librandom); -my @seed_sources = (); -while (@argvcopy) - { - $_ = shift @argvcopy; - - # Support env variable assignments among the options - if (m|^(\w+)=(.+)?$|) - { - $cmdvars{$1} = $2; - # Every time a variable is given as a configuration argument, - # it acts as a reset if the variable. - if (exists $user{$1}) - { - $user{$1} = ref $user{$1} eq "ARRAY" ? [] : undef; - } - #if (exists $useradd{$1}) - # { - # $useradd{$1} = []; - # } - next; - } - - # VMS is a case insensitive environment, and depending on settings - # out of our control, we may receive options uppercased. Let's - # downcase at least the part before any equal sign. - if ($^O eq "VMS") - { - s/^([^=]*)/lc($1)/e; - } - - # some people just can't read the instructions, clang people have to... - s/^-no-(?!integrated-as)/no-/; - - # rewrite some options in "enable-..." form - s /^-?-?shared$/enable-shared/; - s /^sctp$/enable-sctp/; - s /^threads$/enable-threads/; - s /^zlib$/enable-zlib/; - s /^zlib-dynamic$/enable-zlib-dynamic/; - s /^fips$/enable-fips/; - - if (/^(no|disable|enable)-(.+)$/) - { - my $word = $2; - if ($word !~ m|hw(?:-.+)| # special treatment for hw regexp opt - && !exists $deprecated_disablables{$word} - && !grep { $word eq $_ } @disablables) - { - $unsupported_options{$_} = 1; - next; - } - } - if (/^no-(.+)$/ || /^disable-(.+)$/) - { - foreach my $proto ((@tls, @dtls)) - { - if ($1 eq "$proto-method") - { - $disabled{"$proto"} = "option($proto-method)"; - last; - } - } - if ($1 eq "dtls") - { - foreach my $proto (@dtls) - { - $disabled{$proto} = "option(dtls)"; - } - $disabled{"dtls"} = "option(dtls)"; - } - elsif ($1 eq "ssl") - { - # Last one of its kind - $disabled{"ssl3"} = "option(ssl)"; - } - elsif ($1 eq "tls") - { - # XXX: Tests will fail if all SSL/TLS - # protocols are disabled. - foreach my $proto (@tls) - { - $disabled{$proto} = "option(tls)"; - } - } - elsif ($1 eq "static-engine") - { - delete $disabled{"dynamic-engine"}; - } - elsif ($1 eq "dynamic-engine") - { - $disabled{"dynamic-engine"} = "option"; - } - elsif (exists $deprecated_disablables{$1}) - { - $deprecated_options{$_} = 1; - if (defined $deprecated_disablables{$1}) - { - $disabled{$deprecated_disablables{$1}} = "option"; - } - } - elsif ($1 =~ m|hw(?:-.+)|) # deprecate hw options in regexp form - { - $deprecated_options{$_} = 1; - } - else - { - $disabled{$1} = "option"; - } - # No longer an automatic choice - $auto_threads = 0 if ($1 eq "threads"); - } - elsif (/^enable-(.+)$/) - { - if ($1 eq "static-engine") - { - $disabled{"dynamic-engine"} = "option"; - } - elsif ($1 eq "dynamic-engine") - { - delete $disabled{"dynamic-engine"}; - } - elsif ($1 eq "zlib-dynamic") - { - delete $disabled{"zlib"}; - } - my $algo = $1; - delete $disabled{$algo}; - - # No longer an automatic choice - $auto_threads = 0 if ($1 eq "threads"); - } - elsif (/^-d$/) # From older 'config' - { - $config{build_type} = "debug"; - } - elsif (/^-v$/) # From older 'config' - { - $guess_opts{verbose} = 1; - } - elsif (/^-w$/) - { - $guess_opts{nowait} = 1; - } - elsif (/^-t$/) # From older 'config' - { - $dryrun = 1; - } - elsif (/^--strict-warnings$/) - { - # Pretend that our strict flags is a C flag, and replace it - # with the proper flags later on - push @{$useradd{CFLAGS}}, '--ossl-strict-warnings'; - $strict_warnings=1; - } - elsif (/^--debug$/) - { - $config{build_type} = "debug"; - } - elsif (/^--release$/) - { - $config{build_type} = "release"; - } - elsif (/^386$/) - { $config{processor}=386; } - elsif (/^rsaref$/) - { - # No RSAref support any more since it's not needed. - # The check for the option is there so scripts aren't - # broken - } - elsif (m|^[-+/]|) - { - if (/^--prefix=(.*)$/) - { - $config{prefix}=$1; - die "Directory given with --prefix MUST be absolute\n" - unless file_name_is_absolute($config{prefix}); - } - elsif (/^--api=(.*)$/) - { - my $api = $1; - die "Unknown API compatibility level $api" - unless defined $apitable->{$api}; - $config{api}=$apitable->{$api}; - } - elsif (/^--libdir=(.*)$/) - { - $config{libdir}=$1; - } - elsif (/^--openssldir=(.*)$/) - { - $config{openssldir}=$1; - } - elsif (/^--with-zlib-lib=(.*)$/) - { - $withargs{zlib_lib}=$1; - } - elsif (/^--with-zlib-include=(.*)$/) - { - $withargs{zlib_include}=$1; - } - elsif (/^--with-fuzzer-lib=(.*)$/) - { - $withargs{fuzzer_lib}=$1; - } - elsif (/^--with-fuzzer-include=(.*)$/) - { - $withargs{fuzzer_include}=$1; - } - elsif (/^--with-rand-seed=(.*)$/) - { - foreach my $x (split(m|,|, $1)) - { - die "Unknown --with-rand-seed choice $x\n" - if ! grep { $x eq $_ } @known_seed_sources; - push @seed_sources, $x; - } - } - elsif (/^--fips-key=(.*)$/) - { - $user{FIPSKEY}=lc($1); - die "Non-hex character in FIPS key\n" - if $user{FIPSKEY} =~ /[^a-f0-9]/; - die "FIPS key must have even number of characters\n" - if length $1 & 1; - die "FIPS key too long (64 bytes max)\n" - if length $1 > 64; - } - elsif (/^--banner=(.*)$/) - { - $banner = $1 . "\n"; - } - elsif (/^--cross-compile-prefix=(.*)$/) - { - $user{CROSS_COMPILE}=$1; - } - elsif (/^--config=(.*)$/) - { - read_config $1; - } - elsif (/^-l(.*)$/) - { - push @{$useradd{LDLIBS}}, $_; - } - elsif (/^-framework$/) - { - push @{$useradd{LDLIBS}}, $_, shift(@argvcopy); - } - elsif (/^-L(.*)$/ or /^-Wl,/) - { - push @{$useradd{LDFLAGS}}, $_; - } - elsif (/^-rpath$/ or /^-R$/) - # -rpath is the OSF1 rpath flag - # -R is the old Solaris rpath flag - { - my $rpath = shift(@argvcopy) || ""; - $rpath .= " " if $rpath ne ""; - push @{$useradd{LDFLAGS}}, $_, $rpath; - } - elsif (/^-static$/) - { - push @{$useradd{LDFLAGS}}, $_; - } - elsif (m|^[-/]D(.*)$|) - { - push @{$useradd{CPPDEFINES}}, $1; - } - elsif (m|^[-/]I(.*)$|) - { - push @{$useradd{CPPINCLUDES}}, $1; - } - elsif (/^-Wp,$/) - { - push @{$useradd{CPPFLAGS}}, $1; - } - else # common if (/^[-+]/), just pass down... - { - # Treat %xx as an ASCII code (e.g. replace %20 by a space character). - # This provides a simple way to pass options with arguments separated - # by spaces without quoting (e.g. -opt%20arg translates to -opt arg). - $_ =~ s/%([0-9a-f]{1,2})/chr(hex($1))/gei; - push @{$useradd{CFLAGS}}, $_; - push @{$useradd{CXXFLAGS}}, $_; - } - } - elsif (m|^/|) - { - # Treat %xx as an ASCII code (e.g. replace %20 by a space character). - # This provides a simple way to pass options with arguments separated - # by spaces without quoting (e.g. /opt%20arg translates to /opt arg). - $_ =~ s/%([0-9a-f]{1,2})/chr(hex($1))/gei; - push @{$useradd{CFLAGS}}, $_; - push @{$useradd{CXXFLAGS}}, $_; - } - else - { - die "target already defined - $target (offending arg: $_)\n" if ($target ne ""); - $target=$_; - } - unless ($_ eq $target || /^no-/ || /^disable-/) - { - # "no-..." follows later after implied deactivations - # have been derived. (Don't take this too seriously, - # we really only write OPTIONS to the Makefile out of - # nostalgia.) - - if ($config{options} eq "") - { $config{options} = $_; } - else - { $config{options} .= " ".$_; } - } - } - -if (keys %deprecated_options) - { - warn "***** Deprecated options: ", - join(", ", keys %deprecated_options), "\n"; - } -if (keys %unsupported_options) - { - die "***** Unsupported options: ", - join(", ", keys %unsupported_options), "\n"; - } - -# If any %useradd entry has been set, we must check that the "make -# variables" haven't been set. We start by checking of any %useradd entry -# is set. -if (grep { scalar @$_ > 0 } values %useradd) { - # Hash of env / make variables names. The possible values are: - # 1 - "make vars" - # 2 - %useradd entry set - # 3 - both set - my %detected_vars = - map { my $v = 0; - $v += 1 if $cmdvars{$_}; - $v += 2 if @{$useradd{$_}}; - $_ => $v } - keys %useradd; - - # If any of the corresponding "make variables" is set, we error - if (grep { $_ & 1 } values %detected_vars) { - my $names = join(', ', grep { $detected_vars{$_} > 0 } - sort keys %detected_vars); - die <<"_____"; -***** Mixing make variables and additional compiler/linker flags as -***** configure command line option is not permitted. -***** Affected make variables: $names -_____ - } -} - -# Check through all supported command line variables to see if any of them -# were set, and canonicalise the values we got. If no compiler or linker -# flag or anything else that affects %useradd was set, we also check the -# environment for values. -my $anyuseradd = - grep { defined $_ && (ref $_ ne 'ARRAY' || @$_) } values %useradd; -foreach (keys %user) { - my $value = $cmdvars{$_}; - $value //= env($_) unless $anyuseradd; - $value //= - defined $user_synonyms{$_} ? $cmdvars{$user_synonyms{$_}} : undef; - $value //= defined $user_synonyms{$_} ? env($user_synonyms{$_}) : undef - unless $anyuseradd; - - if (defined $value) { - if (ref $user{$_} eq 'ARRAY') { - if ($_ eq 'CPPDEFINES' || $_ eq 'CPPINCLUDES') { - $user{$_} = [ split /$list_separator_re/, $value ]; - } else { - $user{$_} = [ $value ]; - } - } elsif (!defined $user{$_}) { - $user{$_} = $value; - } - } -} - -if (grep { /-rpath\b/ } ($user{LDFLAGS} ? @{$user{LDFLAGS}} : ()) - && !$disabled{shared} - && !($disabled{asan} && $disabled{msan} && $disabled{ubsan})) { - die "***** Cannot simultaneously use -rpath, shared libraries, and\n", - "***** any of asan, msan or ubsan\n"; -} - -# If no target was given, try guessing. -unless ($target) { - my %system_config = OpenSSL::config::get_platform(%guess_opts, %user); - - # The $system_config{disable} is used to populate %disabled with - # entries that aren't already there. - foreach ( @{$system_config{disable} // []} ) { - $disabled{$_} = 'system' unless defined $disabled{$_}; - } - delete $system_config{disable}; - - # Override config entries with stuff from the guesser. - # It's assumed that this really is nothing new. - %config = ( %config, %system_config ); - $target = $system_config{target}; -} - -sub disable { - my $disable_type = shift; - - for (@_) { - $disabled{$_} = $disable_type; - } - - my @tocheckfor = (@_ ? @_ : keys %disabled); - while (@tocheckfor) { - my %new_tocheckfor = (); - my @cascade_copy = (@disable_cascades); - while (@cascade_copy) { - my ($test, $descendents) = - (shift @cascade_copy, shift @cascade_copy); - if (ref($test) eq "CODE" ? $test->() : defined($disabled{$test})) { - foreach (grep { !defined($disabled{$_}) } @$descendents) { - $new_tocheckfor{$_} = 1; $disabled{$_} = "cascade"; - } - } - } - @tocheckfor = (keys %new_tocheckfor); - } -} -disable(); # First cascade run - -our $die = sub { die @_; }; -if ($target eq "TABLE") { - local $die = sub { warn @_; }; - foreach (sort keys %table) { - print_table_entry($_, "TABLE"); - } - exit 0; -} - -if ($target eq "LIST") { - foreach (sort keys %table) { - print $_,"\n" unless $table{$_}->{template}; - } - exit 0; -} - -if ($target eq "HASH") { - local $die = sub { warn @_; }; - print "%table = (\n"; - foreach (sort keys %table) { - print_table_entry($_, "HASH"); - } - exit 0; -} - -print "Configuring OpenSSL version $config{full_version} "; -print "for target $target\n"; - -if (scalar(@seed_sources) == 0) { - print "Using os-specific seed configuration\n"; - push @seed_sources, 'os'; -} -if (scalar(grep { $_ eq 'egd' } @seed_sources) > 0) { - delete $disabled{'egd'}; -} -if (scalar(grep { $_ eq 'none' } @seed_sources) > 0) { - die "Cannot seed with none and anything else" if scalar(@seed_sources) > 1; - warn <<_____ if scalar(@seed_sources) == 1; - -============================== WARNING =============================== -You have selected the --with-rand-seed=none option, which effectively -disables automatic reseeding of the OpenSSL random generator. -All operations depending on the random generator such as creating keys -will not work unless the random generator is seeded manually by the -application. - -Please read the 'Note on random number generation' section in the -INSTALL.md instructions and the RAND_DRBG(7) manual page for more -details. -============================== WARNING =============================== - -_____ -} -push @{$config{openssl_feature_defines}}, - map { (my $x = $_) =~ tr|[\-a-z]|[_A-Z]|; "OPENSSL_RAND_SEED_$x" } - @seed_sources; - -# Backward compatibility? -if ($target =~ m/^CygWin32(-.*)$/) { - $target = "Cygwin".$1; -} - -# Support for legacy targets having a name starting with 'debug-' -my ($d, $t) = $target =~ m/^(debug-)?(.*)$/; -if ($d) { - $config{build_type} = "debug"; - - # If we do not find debug-foo in the table, the target is set to foo. - if (!$table{$target}) { - $target = $t; - } -} - -if ($target) { - # It's possible that we have different config targets for specific - # toolchains, so we try to detect them, and go for the plain config - # target if not. - my $found; - foreach ( ( "$target-$user{CC}", "$target", undef ) ) { - $found=$_ if $table{$_} && !$table{$_}->{template}; - last if $found; - } - $target = $found; -} else { - # If we don't have a config target now, we try the C compiler as we - # fallback - my $cc = $user{CC} // 'cc'; - $target = $cc if $table{$cc} && !$table{$cc}->{template}; -} - -&usage unless $target; - -exit 0 if $dryrun; # From older 'config' - -$config{target} = $target; -my %target = resolve_config($target); - -foreach (keys %target_attr_translate) { - $target{$target_attr_translate{$_}} = $target{$_} - if $target{$_}; - delete $target{$_}; -} - -%target = ( %{$table{DEFAULTS}}, %target ); - -my %conf_files = map { $_ => 1 } (@{$target{_conf_fname_int}}); -$config{conf_files} = [ sort keys %conf_files ]; - -# Using sub disable within these loops may prove fragile, so we run -# a cascade afterwards -foreach my $feature (@{$target{disable}}) { - if (exists $deprecated_disablables{$feature}) { - warn "***** config $target disables deprecated feature $feature\n"; - } elsif (!grep { $feature eq $_ } @disablables) { - die "***** config $target disables unknown feature $feature\n"; - } - $disabled{$feature} = 'config'; -} -foreach my $feature (@{$target{enable}}) { - if ("default" eq ($disabled{$feature} // "")) { - if (exists $deprecated_disablables{$feature}) { - warn "***** config $target enables deprecated feature $feature\n"; - } elsif (!grep { $feature eq $_ } @disablables) { - die "***** config $target enables unknown feature $feature\n"; - } - delete $disabled{$feature}; - } -} - -# If uplink_arch isn't defined, disable uplink -$disabled{uplink} = 'no uplink_arch' unless (defined $target{uplink_arch}); -# If asm_arch isn't defined, disable asm -$disabled{asm} = 'no asm_arch' unless (defined $target{asm_arch}); - -disable(); # Run a cascade now - -$target{CXXFLAGS}//=$target{CFLAGS} if $target{CXX}; -$target{cxxflags}//=$target{cflags} if $target{CXX}; -$target{exe_extension}=".exe" if ($config{target} eq "DJGPP"); -$target{exe_extension}=".pm" if ($config{target} =~ /vos/); - -# Fill %config with values from %user, and in case those are undefined or -# empty, use values from %target (acting as a default). -foreach (keys %user) { - my $ref_type = ref $user{$_}; - - # Temporary function. Takes an intended ref type (empty string or "ARRAY") - # and a value that's to be coerced into that type. - my $mkvalue = sub { - my $type = shift; - my $value = shift; - my $undef_p = shift; - - die "Too many arguments for \$mkvalue" if @_; - - while (ref $value eq 'CODE') { - $value = $value->(); - } - - if ($type eq 'ARRAY') { - return undef unless defined $value; - return undef if ref $value ne 'ARRAY' && !$value; - return undef if ref $value eq 'ARRAY' && !@$value; - return [ $value ] unless ref $value eq 'ARRAY'; - } - return undef unless $value; - return $value; - }; - - $config{$_} = - $mkvalue->($ref_type, $user{$_}) - || $mkvalue->($ref_type, $target{$_}); - delete $config{$_} unless defined $config{$_}; -} - -# Finish up %config by appending things the user gave us on the command line -# apart from "make variables" -foreach (keys %useradd) { - # The must all be lists, so we assert that here - die "internal error: \$useradd{$_} isn't an ARRAY\n" - unless ref $useradd{$_} eq 'ARRAY'; - - if (defined $config{$_}) { - push @{$config{$_}}, @{$useradd{$_}}; - } else { - $config{$_} = [ @{$useradd{$_}} ]; - } -} -# At this point, we can forget everything about %user and %useradd, -# because it's now all been merged into the corresponding $config entry - -if (grep { $_ =~ /(?:^|\s)-static(?:\s|$)/ } @{$config{LDFLAGS}}) { - disable('static', 'pic', 'threads'); -} - -# Allow overriding the build file name -$config{build_file} = env('BUILDFILE') || $target{build_file} || "Makefile"; - -# Make sure build_scheme is consistent. -$target{build_scheme} = [ $target{build_scheme} ] - if ref($target{build_scheme}) ne "ARRAY"; - -my ($builder, $builder_platform, @builder_opts) = - @{$target{build_scheme}}; - -foreach my $checker (($builder_platform."-".$target{build_file}."-checker.pm", - $builder_platform."-checker.pm")) { - my $checker_path = catfile($srcdir, "Configurations", $checker); - if (-f $checker_path) { - my $fn = $ENV{CONFIGURE_CHECKER_WARN} - ? sub { warn $@; } : sub { die $@; }; - if (! do $checker_path) { - if ($@) { - $fn->($@); - } elsif ($!) { - $fn->($!); - } else { - $fn->("The detected tools didn't match the platform\n"); - } - } - last; - } -} - -push @{$config{defines}}, "NDEBUG" if $config{build_type} eq "release"; - -if ($target =~ /^mingw/ && `$config{CC} --target-help 2>&1` =~ m/-mno-cygwin/m) - { - push @{$config{cflags}}, "-mno-cygwin"; - push @{$config{cxxflags}}, "-mno-cygwin" if $config{CXX}; - push @{$config{shared_ldflag}}, "-mno-cygwin"; - } - -if ($target =~ /linux.*-mips/ && !$disabled{asm} - && !grep { $_ !~ /-m(ips|arch=)/ } (@{$config{CFLAGS}})) { - # minimally required architecture flags for assembly modules - my $value; - $value = '-mips2' if ($target =~ /mips32/); - $value = '-mips3' if ($target =~ /mips64/); - unshift @{$config{cflags}}, $value; - unshift @{$config{cxxflags}}, $value if $config{CXX}; -} - -# If threads aren't disabled, check how possible they are -unless ($disabled{threads}) { - if ($auto_threads) { - # Enabled by default, disable it forcibly if unavailable - if ($target{thread_scheme} eq "(unknown)") { - disable("unavailable", 'threads'); - } - } else { - # The user chose to enable threads explicitly, let's see - # if there's a chance that's possible - if ($target{thread_scheme} eq "(unknown)") { - # If the user asked for "threads" and we don't have internal - # knowledge how to do it, [s]he is expected to provide any - # system-dependent compiler options that are necessary. We - # can't truly check that the given options are correct, but - # we expect the user to know what [s]He is doing. - if (!@{$config{CFLAGS}} && !@{$config{CPPDEFINES}}) { - die "You asked for multi-threading support, but didn't\n" - ,"provide any system-specific compiler options\n"; - } - } - } -} - -# Find out if clang's sanitizers have been enabled with -fsanitize -# flags and ensure that the corresponding %disabled elements area -# removed to reflect that the sanitizers are indeed enabled. -my %detected_sanitizers = (); -foreach (grep /^-fsanitize=/, @{$config{CFLAGS} || []}) { - (my $checks = $_) =~ s/^-fsanitize=//; - foreach (split /,/, $checks) { - my $d = { address => 'asan', - undefined => 'ubsan', - memory => 'msan' } -> {$_}; - next unless defined $d; - - $detected_sanitizers{$d} = 1; - if (defined $disabled{$d}) { - die "***** Conflict between disabling $d and enabling $_ sanitizer" - if $disabled{$d} ne "default"; - delete $disabled{$d}; - } - } -} - -# If threads still aren't disabled, add a C macro to ensure the source -# code knows about it. Any other flag is taken care of by the configs. -unless($disabled{threads}) { - push @{$config{openssl_feature_defines}}, "OPENSSL_THREADS"; -} - -my $no_shared_warn=0; -if (($target{shared_target} // '') eq "") - { - $no_shared_warn = 1 - if (!$disabled{shared} || !$disabled{"dynamic-engine"}); - disable('no-shared-target', 'pic'); - } - -if ($disabled{"dynamic-engine"}) { - $config{dynamic_engines} = 0; -} else { - $config{dynamic_engines} = 1; -} - -unless ($disabled{asan} || defined $detected_sanitizers{asan}) { - push @{$config{cflags}}, "-fsanitize=address"; -} - -unless ($disabled{ubsan} || defined $detected_sanitizers{ubsan}) { - push @{$config{cflags}}, "-fsanitize=undefined", "-fno-sanitize-recover=all", "-DPEDANTIC"; -} - -unless ($disabled{msan} || defined $detected_sanitizers{msan}) { - push @{$config{cflags}}, "-fsanitize=memory"; -} - -unless ($disabled{"fuzz-libfuzzer"} && $disabled{"fuzz-afl"} - && $disabled{asan} && $disabled{ubsan} && $disabled{msan}) { - push @{$config{cflags}}, "-fno-omit-frame-pointer", "-g"; - push @{$config{cxxflags}}, "-fno-omit-frame-pointer", "-g" if $config{CXX}; -} -# -# Platform fix-ups -# - -# This saves the build files from having to check -if ($disabled{pic}) - { - foreach (qw(shared_cflag shared_cxxflag shared_cppflag - shared_defines shared_includes shared_ldflag - module_cflags module_cxxflags module_cppflags - module_defines module_includes module_lflags)) - { - delete $config{$_}; - $target{$_} = ""; - } - } -else - { - push @{$config{lib_defines}}, "OPENSSL_PIC"; - } - -if ($target{sys_id} ne "") - { - push @{$config{openssl_sys_defines}}, "OPENSSL_SYS_$target{sys_id}"; - } - -my %predefined_C = compiler_predefined($config{CROSS_COMPILE}.$config{CC}); -my %predefined_CXX = $config{CXX} - ? compiler_predefined($config{CROSS_COMPILE}.$config{CXX}) - : (); - -unless ($disabled{asm}) { - # big endian systems can use ELFv2 ABI - if ($target eq "linux-ppc64") { - $target{perlasm_scheme} = "linux64v2" if ($predefined_C{_CALL_ELF} == 2); - } -} - -# Check for makedepend capabilities. -if (!$disabled{makedepend}) { - # If the attribute makedep_scheme is defined, then we assume that the - # config target and its associated build file are programmed to deal - # with it. - # If makedep_scheme is undefined, we go looking for GCC compatible - # dependency making, and if that's not available, we try to fall back - # on 'makedepend'. - if ($target{makedep_scheme}) { - $config{makedep_scheme} = $target{makedep_scheme}; - # If the makedepcmd attribute is defined, copy it. If not, the - # build files will have to fend for themselves. - $config{makedepcmd} = $target{makedepcmd} if $target{makedepcmd}; - } elsif (($predefined_C{__GNUC__} // -1) >= 3 - && !($predefined_C{__APPLE_CC__} && !$predefined_C{__clang__})) { - # We know that GNU C version 3 and up as well as all clang - # versions support dependency generation, but Xcode did not - # handle $cc -M before clang support (but claims __GNUC__ = 3) - $config{makedep_scheme} = 'gcc'; - } else { - # In all other cases, we look for 'makedepend', and set the - # makedep_scheme value if we found it. - $config{makedepcmd} = which('makedepend'); - $config{makedep_scheme} = 'makedepend' if $config{makedepcmd}; - } - - # If no depend scheme is set, we disable makedepend - disable('unavailable', 'makedepend') unless $config{makedep_scheme}; -} - -if (!$disabled{asm} && !$predefined_C{__MACH__} && $^O ne 'VMS') { - # probe for -Wa,--noexecstack option... - if ($predefined_C{__clang__}) { - # clang has builtin assembler, which doesn't recognize --help, - # but it apparently recognizes the option in question on all - # supported platforms even when it's meaningless. In other words - # probe would fail, but probed option always accepted... - push @{$config{cflags}}, "-Wa,--noexecstack", "-Qunused-arguments"; - } else { - my $cc = $config{CROSS_COMPILE}.$config{CC}; - open(PIPE, "$cc -Wa,--help -c -o null.$$.o -x assembler /dev/null 2>&1 |"); - while() { - if (m/--noexecstack/) { - push @{$config{cflags}}, "-Wa,--noexecstack"; - last; - } - } - close(PIPE); - unlink("null.$$.o"); - } -} - -# Deal with bn_ops ################################################### - -$config{bn_ll} =0; -my $def_int="unsigned int"; -$config{rc4_int} =$def_int; -($config{b64l},$config{b64},$config{b32})=(0,0,1); - -my $count = 0; -foreach (sort split(/\s+/,$target{bn_ops})) { - $count++ if /SIXTY_FOUR_BIT|SIXTY_FOUR_BIT_LONG|THIRTY_TWO_BIT/; - $config{bn_ll}=1 if $_ eq 'BN_LLONG'; - $config{rc4_int}="unsigned char" if $_ eq 'RC4_CHAR'; - ($config{b64l},$config{b64},$config{b32}) - =(0,1,0) if $_ eq 'SIXTY_FOUR_BIT'; - ($config{b64l},$config{b64},$config{b32}) - =(1,0,0) if $_ eq 'SIXTY_FOUR_BIT_LONG'; - ($config{b64l},$config{b64},$config{b32}) - =(0,0,1) if $_ eq 'THIRTY_TWO_BIT'; -} -die "Exactly one of SIXTY_FOUR_BIT|SIXTY_FOUR_BIT_LONG|THIRTY_TWO_BIT can be set in bn_ops\n" - if $count > 1; - -$config{api} = $config{major} * 10000 + $config{minor} * 100 - unless $config{api}; -foreach (keys %$apitable) { - $disabled{"deprecated-$_"} = "deprecation" - if $disabled{deprecated} && $config{api} >= $apitable->{$_}; -} - -disable(); # Run a cascade now - -# Hack cflags for better warnings (dev option) ####################### - -# "Stringify" the C and C++ flags string. This permits it to be made part of -# a string and works as well on command lines. -$config{cflags} = [ map { (my $x = $_) =~ s/([\\\"])/\\$1/g; $x } - @{$config{cflags}} ]; -$config{cxxflags} = [ map { (my $x = $_) =~ s/([\\\"])/\\$1/g; $x } - @{$config{cxxflags}} ] if $config{CXX}; - -$config{openssl_api_defines} = [ - "OPENSSL_CONFIGURED_API=".$config{api}, -]; - -my @strict_warnings_collection=(); -if ($strict_warnings) - { - my $wopt; - my $gccver = $predefined_C{__GNUC__} // -1; - - if ($gccver >= 4) - { - push @strict_warnings_collection, @gcc_devteam_warn; - push @strict_warnings_collection, @clang_devteam_warn - if (defined($predefined_C{__clang__})); - } - elsif ($config{target} =~ /^VC-/) - { - push @strict_warnings_collection, @cl_devteam_warn; - } - else - { - warn "WARNING --strict-warnings requires gcc[>=4] or gcc-alike, or MSVC" - } - } - -$config{CFLAGS} = [ map { $_ eq '--ossl-strict-warnings' - ? @strict_warnings_collection - : ( $_ ) } - @{$config{CFLAGS}} ]; - -unless ($disabled{afalgeng}) { - $config{afalgeng}=""; - if (grep { $_ eq 'afalgeng' } @{$target{enable}}) { - my $minver = 4*10000 + 1*100 + 0; - if ($config{CROSS_COMPILE} eq "") { - my $verstr = `uname -r`; - my ($ma, $mi1, $mi2) = split("\\.", $verstr); - ($mi2) = $mi2 =~ /(\d+)/; - my $ver = $ma*10000 + $mi1*100 + $mi2; - if ($ver < $minver) { - disable('too-old-kernel', 'afalgeng'); - } else { - push @{$config{engdirs}}, "afalg"; - } - } else { - disable('cross-compiling', 'afalgeng'); - } - } else { - disable('not-linux', 'afalgeng'); - } -} - -unless ($disabled{devcryptoeng}) { - if ($target =~ m/^BSD/) { - my $maxver = 5*100 + 7; - my $sysstr = `uname -s`; - my $verstr = `uname -r`; - $sysstr =~ s|\R$||; - $verstr =~ s|\R$||; - my ($ma, $mi, @rest) = split m|\.|, $verstr; - my $ver = $ma*100 + $mi; - if ($sysstr eq 'OpenBSD' && $ver >= $maxver) { - disable('too-new-kernel', 'devcryptoeng'); - } - } -} - -unless ($disabled{ktls}) { - $config{ktls}=""; - my $cc = $config{CROSS_COMPILE}.$config{CC}; - if ($target =~ m/^linux/) { - system("printf '#include \n#include ' | $cc -E - >/dev/null 2>&1"); - if ($? != 0) { - disable('too-old-kernel', 'ktls'); - } - } elsif ($target =~ m/^BSD/) { - system("printf '#include \n#include ' | $cc -E - >/dev/null 2>&1"); - if ($? != 0) { - disable('too-old-freebsd', 'ktls'); - } - } else { - disable('not-linux-or-freebsd', 'ktls'); - } -} - -push @{$config{openssl_other_defines}}, "OPENSSL_NO_KTLS" if ($disabled{ktls}); - -# Get the extra flags used when building shared libraries and modules. We -# do this late because some of them depend on %disabled. - -# Make the flags to build DSOs the same as for shared libraries unless they -# are already defined -$target{module_cflags} = $target{shared_cflag} unless defined $target{module_cflags}; -$target{module_cxxflags} = $target{shared_cxxflag} unless defined $target{module_cxxflags}; -$target{module_ldflags} = $target{shared_ldflag} unless defined $target{module_ldflags}; -{ - my $shared_info_pl = - catfile(dirname($0), "Configurations", "shared-info.pl"); - my %shared_info = read_eval_file($shared_info_pl); - push @{$target{_conf_fname_int}}, $shared_info_pl; - my $si = $target{shared_target}; - while (ref $si ne "HASH") { - last if ! defined $si; - if (ref $si eq "CODE") { - $si = $si->(); - } else { - $si = $shared_info{$si}; - } - } - - # Some of the 'shared_target' values don't have any entries in - # %shared_info. That's perfectly fine, AS LONG AS the build file - # template knows how to handle this. That is currently the case for - # Windows and VMS. - if (defined $si) { - # Just as above, copy certain shared_* attributes to the corresponding - # module_ attribute unless the latter is already defined - $si->{module_cflags} = $si->{shared_cflag} unless defined $si->{module_cflags}; - $si->{module_cxxflags} = $si->{shared_cxxflag} unless defined $si->{module_cxxflags}; - $si->{module_ldflags} = $si->{shared_ldflag} unless defined $si->{module_ldflags}; - foreach (sort keys %$si) { - $target{$_} = defined $target{$_} - ? add($si->{$_})->($target{$_}) - : $si->{$_}; - } - } -} - -# ALL MODIFICATIONS TO %disabled, %config and %target MUST BE DONE FROM HERE ON - -###################################################################### -# Build up information for skipping certain directories depending on disabled -# features, as well as setting up macros for disabled features. - -# This is a tentative database of directories to skip. Some entries may not -# correspond to anything real, but that's ok, they will simply be ignored. -# The actual processing of these entries is done in the build.info lookup -# loop further down. -# -# The key is a Unix formatted path in the source tree, the value is an index -# into %disabled_info, so any existing path gets added to a corresponding -# 'skipped' entry in there with the list of skipped directories. -my %skipdir = (); -my %disabled_info = (); # For configdata.pm -foreach my $what (sort keys %disabled) { - # There are deprecated disablables that translate to themselves. - # They cause disabling cascades, but should otherwise not regiter. - next if $deprecated_disablables{$what}; - # The generated $disabled{"deprecated-x.y"} entries are special - # and treated properly elsewhere - next if $what =~ m|^deprecated-|; - - $config{options} .= " no-$what"; - - if (!grep { $what eq $_ } ( 'buildtest-c++', 'fips', 'threads', 'shared', - 'module', 'pic', 'dynamic-engine', 'makedepend', - 'zlib-dynamic', 'zlib', 'sse2', 'legacy' )) { - (my $WHAT = uc $what) =~ s|-|_|g; - my $skipdir = $what; - - # fix-up crypto/directory name(s) - $skipdir = "ripemd" if $what eq "rmd160"; - $skipdir = "whrlpool" if $what eq "whirlpool"; - - my $macro = $disabled_info{$what}->{macro} = "OPENSSL_NO_$WHAT"; - push @{$config{openssl_feature_defines}}, $macro; - - $skipdir{engines} = $what if $what eq 'engine'; - $skipdir{"crypto/$skipdir"} = $what - unless $what eq 'async' || $what eq 'err' || $what eq 'dso'; - } -} - -if ($disabled{"dynamic-engine"}) { - push @{$config{openssl_feature_defines}}, "OPENSSL_NO_DYNAMIC_ENGINE"; -} else { - push @{$config{openssl_feature_defines}}, "OPENSSL_NO_STATIC_ENGINE"; -} - -# If we use the unified build, collect information from build.info files -my %unified_info = (); - -my $buildinfo_debug = defined($ENV{CONFIGURE_DEBUG_BUILDINFO}); -if ($builder eq "unified") { - use Text::Template 1.46; - - sub cleandir { - my $base = shift; - my $dir = shift; - my $relativeto = shift || "."; - - $dir = catdir($base,$dir) unless isabsolute($dir); - - # Make sure the directories we're building in exists - mkpath($dir); - - my $res = abs2rel(absolutedir($dir), rel2abs($relativeto)); - #print STDERR "DEBUG[cleandir]: $dir , $base => $res\n"; - return $res; - } - - sub cleanfile { - my $base = shift; - my $file = shift; - my $relativeto = shift || "."; - - $file = catfile($base,$file) unless isabsolute($file); - - my $d = dirname($file); - my $f = basename($file); - - # Make sure the directories we're building in exists - mkpath($d); - - my $res = abs2rel(catfile(absolutedir($d), $f), rel2abs($relativeto)); - #print STDERR "DEBUG[cleanfile]: $d , $f => $res\n"; - return $res; - } - - # Store the name of the template file we will build the build file from - # in %config. This may be useful for the build file itself. - my @build_file_template_names = - ( $builder_platform."-".$target{build_file}.".tmpl", - $target{build_file}.".tmpl" ); - my @build_file_templates = (); - - # First, look in the user provided directory, if given - if (defined env($local_config_envname)) { - @build_file_templates = - map { - if ($^O eq 'VMS') { - # VMS environment variables are logical names, - # which can be used as is - $local_config_envname . ':' . $_; - } else { - catfile(env($local_config_envname), $_); - } - } - @build_file_template_names; - } - # Then, look in our standard directory - push @build_file_templates, - ( map { cleanfile($srcdir, catfile("Configurations", $_), $blddir) } - @build_file_template_names ); - - my $build_file_template; - for $_ (@build_file_templates) { - $build_file_template = $_; - last if -f $build_file_template; - - $build_file_template = undef; - } - if (!defined $build_file_template) { - die "*** Couldn't find any of:\n", join("\n", @build_file_templates), "\n"; - } - $config{build_file_templates} - = [ cleanfile($srcdir, catfile("Configurations", "common0.tmpl"), - $blddir), - $build_file_template ]; - - my @build_dirs = ( [ ] ); # current directory - - $config{build_infos} = [ ]; - - # We want to detect configdata.pm in the source tree, so we - # don't use it if the build tree is different. - my $src_configdata = cleanfile($srcdir, "configdata.pm", $blddir); - - # Any source file that we recognise is placed in this hash table, with - # the list of its intended destinations as value. When everything has - # been collected, there's a routine that checks that these source files - # exist, or if they are generated, that the generator exists. - my %check_exist = (); - my %check_generate = (); - - my %ordinals = (); - while (@build_dirs) { - my @curd = @{shift @build_dirs}; - my $sourced = catdir($srcdir, @curd); - my $buildd = catdir($blddir, @curd); - - my $unixdir = join('/', @curd); - if (exists $skipdir{$unixdir}) { - my $what = $skipdir{$unixdir}; - push @{$disabled_info{$what}->{skipped}}, catdir(@curd); - next; - } - - mkpath($buildd); - - my $f = 'build.info'; - # The basic things we're trying to build - my @programs = (); - my @libraries = (); - my @modules = (); - my @scripts = (); - - my %sources = (); - my %shared_sources = (); - my %includes = (); - my %defines = (); - my %depends = (); - my %generate = (); - my %imagedocs = (); - my %htmldocs = (); - my %mandocs = (); - - # Support for $variablename in build.info files. - # Embedded perl code is the ultimate master, still. If its output - # contains a dollar sign, it had better be escaped, or it will be - # taken for a variable name prefix. - my %variables = (); - # Variable name syntax - my $variable_name_re = qr/(?P[[:alpha:]][[:alnum:]_]*)/; - # Value modifier syntaxes - my $variable_subst_re = qr/\/(?P(?:\\\/|.)*?)\/(?P.*?)/; - # Variable reference - my $variable_simple_re = qr/(?(?:\\\/|.)*?)\}/; - # Tie it all together - my $variable_re = qr/${variable_simple_re}|${variable_w_mod_re}/; - - my $expand_variables = sub { - my $value = ''; - my $value_rest = shift; - - if ($ENV{CONFIGURE_DEBUG_VARIABLE_EXPAND}) { - print STDERR - "DEBUG[\$expand_variables] Parsed '$value_rest' ...\n" - } - - while ($value_rest =~ /${variable_re}/) { - # We must save important regexp values, because the next - # regexp clears them - my $mod = $+{MOD}; - my $variable_value = $variables{$+{VARIABLE}}; - - $value_rest = $'; - $value .= $`; - - # Process modifier expressions, if present - if (defined $mod) { - if ($mod =~ /^${variable_subst_re}$/) { - my $re = $+{RE}; - my $subst = $+{SUBST}; - - $variable_value =~ s/\Q$re\E/$subst/g; - - if ($ENV{CONFIGURE_DEBUG_VARIABLE_EXPAND}) { - print STDERR - "DEBUG[\$expand_variables] ... and substituted ", - "'$re' with '$subst'\n"; - } - } - } - - $value .= $variable_value; - } - if ($ENV{CONFIGURE_DEBUG_VARIABLE_EXPAND}) { - print STDERR - "DEBUG[\$expand_variables] ... into: '$value$value_rest'\n"; - } - return $value . $value_rest; - }; - - # Support for attributes in build.info files - my %attributes = (); - my $handle_attributes = sub { - my $attr_str = shift; - my $ref = shift; - my @goals = @_; - - return unless defined $attr_str; - - my @a = tokenize($attr_str, qr|\s*,\s*|); - foreach my $a (@a) { - my $ac = 1; - my $ak = $a; - my $av = 1; - if ($a =~ m|^(!)?(.*?)\s* = \s*(.*?)$|x) { - $ac = ! $1; - $ak = $2; - $av = $3; - } - foreach my $g (@goals) { - if ($ac) { - $$ref->{$g}->{$ak} = $av; - } else { - delete $$ref->{$g}->{$ak}; - } - } - } - }; - - # Support for pushing values on multiple indexes of a given hash - # array. - my $push_to = sub { - my $valueref = shift; - my $index_str = shift; # May be undef or empty - my $attrref = shift; # May be undef - my $attr_str = shift; - my @values = @_; - - if (defined $index_str) { - my @indexes = ( '' ); - if ($index_str !~ m|^\s*$|) { - @indexes = tokenize($index_str); - } - foreach (@indexes) { - push @{$valueref->{$_}}, @values; - if (defined $attrref) { - $handle_attributes->($attr_str, \$$attrref->{$_}, - @values); - } - } - } else { - push @$valueref, @values; - $handle_attributes->($attr_str, $attrref, @values) - if defined $attrref; - } - }; - - if ($buildinfo_debug) { - print STDERR "DEBUG: Reading ",catfile($sourced, $f),"\n"; - } - push @{$config{build_infos}}, catfile(abs2rel($sourced, $blddir), $f); - my $template = - Text::Template->new(TYPE => 'FILE', - SOURCE => catfile($sourced, $f), - PREPEND => qq{use lib "$FindBin::Bin/util/perl";}); - die "Something went wrong with $sourced/$f: $!\n" unless $template; - my @text = - split /^/m, - $template->fill_in(HASH => { config => \%config, - target => \%target, - disabled => \%disabled, - withargs => \%withargs, - builddir => abs2rel($buildd, $blddir), - sourcedir => abs2rel($sourced, $blddir), - buildtop => abs2rel($blddir, $blddir), - sourcetop => abs2rel($srcdir, $blddir) }, - DELIMITERS => [ "{-", "-}" ]); - - # The top item of this stack has the following values - # -2 positive already run and we found ELSE (following ELSIF should fail) - # -1 positive already run (skip until ENDIF) - # 0 negatives so far (if we're at a condition, check it) - # 1 last was positive (don't skip lines until next ELSE, ELSIF or ENDIF) - # 2 positive ELSE (following ELSIF should fail) - my @skip = (); - - # A few useful generic regexps - my $index_re = qr/\[\s*(?P(?:\\.|.)*?)\s*\]/; - my $cond_re = qr/\[\s*(?P(?:\\.|.)*?)\s*\]/; - my $attribs_re = qr/(?:\{\s*(?P(?:\\.|.)*?)\s*\})?/; - my $value_re = qr/(?P.*?)/; - collect_information( - collect_from_array([ @text ], - qr/\\$/ => sub { my $l1 = shift; my $l2 = shift; - $l1 =~ s/\\$//; $l1.$l2 }), - # Info we're looking for - qr/^\s* IF ${cond_re} \s*$/x - => sub { - if (! @skip || $skip[$#skip] > 0) { - push @skip, !! $expand_variables->($+{COND}); - } else { - push @skip, -1; - } - }, - qr/^\s* ELSIF ${cond_re} \s*$/x - => sub { die "ELSIF out of scope" if ! @skip; - die "ELSIF following ELSE" if abs($skip[$#skip]) == 2; - $skip[$#skip] = -1 if $skip[$#skip] != 0; - $skip[$#skip] = !! $expand_variables->($+{COND}) - if $skip[$#skip] == 0; }, - qr/^\s* ELSE \s*$/x - => sub { die "ELSE out of scope" if ! @skip; - $skip[$#skip] = -2 if $skip[$#skip] != 0; - $skip[$#skip] = 2 if $skip[$#skip] == 0; }, - qr/^\s* ENDIF \s*$/x - => sub { die "ENDIF out of scope" if ! @skip; - pop @skip; }, - qr/^\s* ${variable_re} \s* = \s* ${value_re} \s* $/x - => sub { - if (!@skip || $skip[$#skip] > 0) { - $variables{$+{VARIABLE}} = $expand_variables->($+{VALUE}); - } - }, - qr/^\s* SUBDIRS \s* = \s* ${value_re} \s* $/x - => sub { - if (!@skip || $skip[$#skip] > 0) { - foreach (tokenize($expand_variables->($+{VALUE}))) { - push @build_dirs, [ @curd, splitdir($_, 1) ]; - } - } - }, - qr/^\s* PROGRAMS ${attribs_re} \s* = \s* ${value_re} \s* $/x - => sub { $push_to->(\@programs, undef, - \$attributes{programs}, $+{ATTRIBS}, - tokenize($expand_variables->($+{VALUE}))) - if !@skip || $skip[$#skip] > 0; }, - qr/^\s* LIBS ${attribs_re} \s* = \s* ${value_re} \s* $/x - => sub { $push_to->(\@libraries, undef, - \$attributes{libraries}, $+{ATTRIBS}, - tokenize($expand_variables->($+{VALUE}))) - if !@skip || $skip[$#skip] > 0; }, - qr/^\s* MODULES ${attribs_re} \s* = \s* ${value_re} \s* $/x - => sub { $push_to->(\@modules, undef, - \$attributes{modules}, $+{ATTRIBS}, - tokenize($expand_variables->($+{VALUE}))) - if !@skip || $skip[$#skip] > 0; }, - qr/^\s* SCRIPTS ${attribs_re} \s* = \s* ${value_re} \s* $/x - => sub { $push_to->(\@scripts, undef, - \$attributes{scripts}, $+{ATTRIBS}, - tokenize($expand_variables->($+{VALUE}))) - if !@skip || $skip[$#skip] > 0; }, - qr/^\s* IMAGEDOCS ${index_re} \s* = \s* ${value_re} \s* $/x - => sub { $push_to->(\%imagedocs, $expand_variables->($+{INDEX}), - undef, undef, - tokenize($expand_variables->($+{VALUE}))) - if !@skip || $skip[$#skip] > 0; }, - qr/^\s* HTMLDOCS ${index_re} \s* = \s* ${value_re} \s* $/x - => sub { $push_to->(\%htmldocs, $expand_variables->($+{INDEX}), - undef, undef, - tokenize($expand_variables->($+{VALUE}))) - if !@skip || $skip[$#skip] > 0; }, - qr/^\s* MANDOCS ${index_re} \s* = \s* ${value_re} \s* $/x - => sub { $push_to->(\%mandocs, $expand_variables->($+{INDEX}), - undef, undef, - tokenize($expand_variables->($+{VALUE}))) - if !@skip || $skip[$#skip] > 0; }, - qr/^\s* SOURCE ${index_re} ${attribs_re} \s* = \s* ${value_re} \s* $/x - => sub { $push_to->(\%sources, $expand_variables->($+{INDEX}), - \$attributes{sources}, $+{ATTRIBS}, - tokenize($expand_variables->($+{VALUE}))) - if !@skip || $skip[$#skip] > 0; }, - qr/^\s* SHARED_SOURCE ${index_re} ${attribs_re} \s* = \s* ${value_re} \s* $/x - => sub { $push_to->(\%shared_sources, $expand_variables->($+{INDEX}), - \$attributes{sources}, $+{ATTRIBS}, - tokenize($expand_variables->($+{VALUE}))) - if !@skip || $skip[$#skip] > 0; }, - qr/^\s* INCLUDE ${index_re} \s* = \s* ${value_re} \s* $/x - => sub { $push_to->(\%includes, $expand_variables->($+{INDEX}), - undef, undef, - tokenize($expand_variables->($+{VALUE}))) - if !@skip || $skip[$#skip] > 0; }, - qr/^\s* DEFINE ${index_re} \s* = \s* ${value_re} \s* $/x - => sub { $push_to->(\%defines, $expand_variables->($+{INDEX}), - undef, undef, - tokenize($expand_variables->($+{VALUE}))) - if !@skip || $skip[$#skip] > 0; }, - qr/^\s* DEPEND ${index_re} ${attribs_re} \s* = \s* ${value_re} \s* $/x - => sub { $push_to->(\%depends, $expand_variables->($+{INDEX}), - \$attributes{depends}, $+{ATTRIBS}, - tokenize($expand_variables->($+{VALUE}))) - if !@skip || $skip[$#skip] > 0; }, - qr/^\s* GENERATE ${index_re} ${attribs_re} \s* = \s* ${value_re} \s* $/x - => sub { $push_to->(\%generate, $expand_variables->($+{INDEX}), - \$attributes{generate}, $+{ATTRIBS}, - $expand_variables->($+{VALUE})) - if !@skip || $skip[$#skip] > 0; }, - qr/^\s* (?:\#.*)? $/x => sub { }, - "OTHERWISE" => sub { die "Something wrong with this line:\n$_\nat $sourced/$f" }, - "BEFORE" => sub { - if ($buildinfo_debug) { - print STDERR "DEBUG: Parsing ",join(" ", @_),"\n"; - print STDERR "DEBUG: ... before parsing, skip stack is ",join(" ", map { int($_) } @skip),"\n"; - } - }, - "AFTER" => sub { - if ($buildinfo_debug) { - print STDERR "DEBUG: .... after parsing, skip stack is ",join(" ", map { int($_) } @skip),"\n"; - } - }, - ); - die "runaway IF?" if (@skip); - - if (grep { defined $attributes{modules}->{$_}->{engine} } keys %attributes - and !$config{dynamic_engines}) { - die <<"EOF" -ENGINES can only be used if configured with 'dynamic-engine'. -This is usually a fault in a build.info file. -EOF - } - - { - my %infos = ( programs => [ @programs ], - libraries => [ @libraries ], - modules => [ @modules ], - scripts => [ @scripts ] ); - foreach my $k (keys %infos) { - foreach (@{$infos{$k}}) { - my $item = cleanfile($buildd, $_, $blddir); - $unified_info{$k}->{$item} = 1; - - # Fix up associated attributes - $unified_info{attributes}->{$k}->{$item} = - $attributes{$k}->{$_} - if defined $attributes{$k}->{$_}; - } - } - } - - # Check that we haven't defined any library as both shared and - # explicitly static. That is forbidden. - my @doubles = (); - foreach (grep /\.a$/, keys %{$unified_info{libraries}}) { - (my $l = $_) =~ s/\.a$//; - push @doubles, $l if defined $unified_info{libraries}->{$l}; - } - die "these libraries are both explicitly static and shared:\n ", - join(" ", @doubles), "\n" - if @doubles; - - foreach (keys %sources) { - my $dest = $_; - my $ddest = cleanfile($buildd, $_, $blddir); - foreach (@{$sources{$dest}}) { - my $s = cleanfile($sourced, $_, $blddir); - - # If it's generated or we simply don't find it in the source - # tree, we assume it's in the build tree. - if ($s eq $src_configdata || $generate{$_} || ! -f $s) { - $s = cleanfile($buildd, $_, $blddir); - } - my $o = $_; - # We recognise C++, C and asm files - if ($s =~ /\.(cc|cpp|c|s|S)$/) { - push @{$check_exist{$s}}, $ddest; - $o =~ s/\.[csS]$/.o/; # C and assembler - $o =~ s/\.(cc|cpp)$/_cc.o/; # C++ - $o = cleanfile($buildd, $o, $blddir); - $unified_info{sources}->{$ddest}->{$o} = -1; - $unified_info{sources}->{$o}->{$s} = -1; - } elsif ($s =~ /\.rc$/) { - # We also recognise resource files - push @{$check_exist{$s}}, $ddest; - $o =~ s/\.rc$/.res/; # Resource configuration - $o = cleanfile($buildd, $o, $blddir); - $unified_info{sources}->{$ddest}->{$o} = -1; - $unified_info{sources}->{$o}->{$s} = -1; - } else { - push @{$check_exist{$s}}, $ddest; - $unified_info{sources}->{$ddest}->{$s} = 1; - } - # Fix up associated attributes - if ($o ne $_) { - $unified_info{attributes}->{sources}->{$ddest}->{$o} = - $unified_info{attributes}->{sources}->{$o}->{$s} = - $attributes{sources}->{$dest}->{$_} - if defined $attributes{sources}->{$dest}->{$_}; - } else { - $unified_info{attributes}->{sources}->{$ddest}->{$s} = - $attributes{sources}->{$dest}->{$_} - if defined $attributes{sources}->{$dest}->{$_}; - } - } - } - - foreach (keys %shared_sources) { - my $dest = $_; - my $ddest = cleanfile($buildd, $_, $blddir); - foreach (@{$shared_sources{$dest}}) { - my $s = cleanfile($sourced, $_, $blddir); - - # If it's generated or we simply don't find it in the source - # tree, we assume it's in the build tree. - if ($s eq $src_configdata || $generate{$_} || ! -f $s) { - $s = cleanfile($buildd, $_, $blddir); - } - - my $o = $_; - if ($s =~ /\.(cc|cpp|c|s|S)$/) { - # We recognise C++, C and asm files - push @{$check_exist{$s}}, $ddest; - $o =~ s/\.[csS]$/.o/; # C and assembler - $o =~ s/\.(cc|cpp)$/_cc.o/; # C++ - $o = cleanfile($buildd, $o, $blddir); - $unified_info{shared_sources}->{$ddest}->{$o} = -1; - $unified_info{sources}->{$o}->{$s} = -1; - } elsif ($s =~ /\.rc$/) { - # We also recognise resource files - push @{$check_exist{$s}}, $ddest; - $o =~ s/\.rc$/.res/; # Resource configuration - $o = cleanfile($buildd, $o, $blddir); - $unified_info{shared_sources}->{$ddest}->{$o} = -1; - $unified_info{sources}->{$o}->{$s} = -1; - } elsif ($s =~ /\.ld$/) { - # We also recognise linker scripts (or corresponding) - # We know they are generated files - push @{$check_exist{$s}}, $ddest; - $o = cleanfile($buildd, $_, $blddir); - $unified_info{shared_sources}->{$ddest}->{$o} = 1; - } else { - die "unrecognised source file type for shared library: $s\n"; - } - # Fix up associated attributes - if ($o ne $_) { - $unified_info{attributes}->{shared_sources}->{$ddest}->{$o} = - $unified_info{attributes}->{sources}->{$o}->{$s} = - $attributes{sources}->{$dest}->{$_} - if defined $attributes{sources}->{$dest}->{$_}; - } else { - $unified_info{attributes}->{shared_sources}->{$ddest}->{$o} = - $attributes{sources}->{$dest}->{$_} - if defined $attributes{sources}->{$dest}->{$_}; - } - } - } - - foreach (keys %generate) { - my $dest = $_; - my $ddest = cleanfile($buildd, $_, $blddir); - die "more than one generator for $dest: " - ,join(" ", @{$generate{$_}}),"\n" - if scalar @{$generate{$_}} > 1; - my @generator = split /\s+/, $generate{$dest}->[0]; - my $gen = $generator[0]; - $generator[0] = cleanfile($sourced, $gen, $blddir); - - # If the generator is itself generated, it's in the build tree - if ($generate{$gen} || ! -f $generator[0]) { - $generator[0] = cleanfile($buildd, $gen, $blddir); - } - $check_generate{$ddest}->{$generator[0]}++; - - $unified_info{generate}->{$ddest} = [ @generator ]; - # Fix up associated attributes - $unified_info{attributes}->{generate}->{$ddest} = - $attributes{generate}->{$dest}->{$gen} - if defined $attributes{generate}->{$dest}->{$gen}; - } - - foreach (keys %depends) { - my $dest = $_; - my $ddest = $dest; - - if ($dest =~ /^\|(.*)\|$/) { - # Collect the raw target - $unified_info{targets}->{$1} = 1; - $ddest = $1; - } elsif ($dest eq '') { - $ddest = ''; - } else { - $ddest = cleanfile($sourced, $_, $blddir); - - # If the destination doesn't exist in source, it can only be - # a generated file in the build tree. - if ($ddest eq $src_configdata || ! -f $ddest) { - $ddest = cleanfile($buildd, $_, $blddir); - } - } - foreach (@{$depends{$dest}}) { - my $d = cleanfile($sourced, $_, $blddir); - my $d2 = cleanfile($buildd, $_, $blddir); - - # If we know it's generated, or assume it is because we can't - # find it in the source tree, we set file we depend on to be - # in the build tree rather than the source tree. - if ($d eq $src_configdata - || (grep { $d2 eq $_ } - keys %{$unified_info{generate}}) - || ! -f $d) { - $d = $d2; - } - $unified_info{depends}->{$ddest}->{$d} = 1; - - # Fix up associated attributes - $unified_info{attributes}->{depends}->{$ddest}->{$d} = - $attributes{depends}->{$dest}->{$_} - if defined $attributes{depends}->{$dest}->{$_}; - } - } - - foreach (keys %includes) { - my $dest = $_; - my $ddest = cleanfile($sourced, $_, $blddir); - - # If the destination doesn't exist in source, it can only be - # a generated file in the build tree. - if ($ddest eq $src_configdata || ! -f $ddest) { - $ddest = cleanfile($buildd, $_, $blddir); - } - foreach (@{$includes{$dest}}) { - my $is = cleandir($sourced, $_, $blddir); - my $ib = cleandir($buildd, $_, $blddir); - push @{$unified_info{includes}->{$ddest}->{source}}, $is - unless grep { $_ eq $is } @{$unified_info{includes}->{$ddest}->{source}}; - push @{$unified_info{includes}->{$ddest}->{build}}, $ib - unless grep { $_ eq $ib } @{$unified_info{includes}->{$ddest}->{build}}; - } - } - - foreach my $dest (keys %defines) { - my $ddest; - - if ($dest ne "") { - $ddest = cleanfile($sourced, $dest, $blddir); - - # If the destination doesn't exist in source, it can only - # be a generated file in the build tree. - if (! -f $ddest) { - $ddest = cleanfile($buildd, $dest, $blddir); - } - } - foreach my $v (@{$defines{$dest}}) { - $v =~ m|^([^=]*)(=.*)?$|; - die "0 length macro name not permitted\n" if $1 eq ""; - if ($dest ne "") { - die "$1 defined more than once\n" - if defined $unified_info{defines}->{$ddest}->{$1}; - $unified_info{defines}->{$ddest}->{$1} = $2; - } else { - die "$1 defined more than once\n" - if grep { $v eq $_ } @{$config{defines}}; - push @{$config{defines}}, $v; - } - } - } - - foreach my $section (keys %imagedocs) { - foreach (@{$imagedocs{$section}}) { - my $imagedocs = cleanfile($buildd, $_, $blddir); - $unified_info{imagedocs}->{$section}->{$imagedocs} = 1; - } - } - - foreach my $section (keys %htmldocs) { - foreach (@{$htmldocs{$section}}) { - my $htmldocs = cleanfile($buildd, $_, $blddir); - $unified_info{htmldocs}->{$section}->{$htmldocs} = 1; - } - } - - foreach my $section (keys %mandocs) { - foreach (@{$mandocs{$section}}) { - my $mandocs = cleanfile($buildd, $_, $blddir); - $unified_info{mandocs}->{$section}->{$mandocs} = 1; - } - } - } - - my $ordinals_text = join(', ', sort keys %ordinals); - warn <<"EOF" if $ordinals_text; - -WARNING: ORDINALS were specified for $ordinals_text -They are ignored and should be replaced with a combination of GENERATE, -DEPEND and SHARED_SOURCE. -EOF - - # Check that each generated file is only generated once - my $ambiguous_generation = 0; - foreach (sort keys %check_generate) { - my @generators = sort keys %{$check_generate{$_}}; - my $generators_txt = join(', ', @generators); - if (scalar @generators > 1) { - warn "$_ is GENERATEd by more than one generator ($generators_txt)\n"; - $ambiguous_generation++; - } - if ($check_generate{$_}->{$generators[0]} > 1) { - warn "INFO: $_ has more than one GENERATE declaration (same generator)\n" - } - } - die "There are ambiguous source file generations\n" - if $ambiguous_generation > 0; - - # All given source files should exist, or if generated, their - # generator should exist. This loop ensures this is true. - my $missing = 0; - foreach my $orig (sort keys %check_exist) { - foreach my $dest (@{$check_exist{$orig}}) { - if ($orig ne $src_configdata) { - if ($orig =~ /\.a$/) { - # Static library names may be used as sources, so we - # need to detect those and give them special treatment. - unless (grep { $_ eq $orig } - keys %{$unified_info{libraries}}) { - warn "$orig is given as source for $dest, but no such library is built\n"; - $missing++; - } - } else { - # A source may be generated, and its generator may be - # generated as well. We therefore loop to dig out the - # first generator. - my $gen = $orig; - - while (my @next = keys %{$check_generate{$gen}}) { - $gen = $next[0]; - } - - if (! -f $gen) { - if ($gen ne $orig) { - $missing++; - warn "$orig is given as source for $dest, but its generator (leading to $gen) is missing\n"; - } else { - $missing++; - warn "$orig is given as source for $dest, but is missing\n"; - } - } - } - } - } - } - die "There are files missing\n" if $missing > 0; - - # Go through the sources of all libraries and check that the same basename - # doesn't appear more than once. Some static library archivers depend on - # them being unique. - { - my $err = 0; - foreach my $prod (keys %{$unified_info{libraries}}) { - my @prod_sources = - map { keys %{$unified_info{sources}->{$_}} } - keys %{$unified_info{sources}->{$prod}}; - my %srccnt = (); - - # Count how many times a given each source basename - # appears for each product. - foreach my $src (@prod_sources) { - $srccnt{basename $src}++; - } - - foreach my $src (keys %srccnt) { - if ((my $cnt = $srccnt{$src}) > 1) { - print STDERR "$src appears $cnt times for the product $prod\n"; - $err++ - } - } - } - die if $err > 0; - } - - # Massage the result - - # If we depend on a header file or a perl module, add an inclusion of - # its directory to allow smoothe inclusion - foreach my $dest (keys %{$unified_info{depends}}) { - next if $dest eq ""; - foreach my $d (keys %{$unified_info{depends}->{$dest}}) { - next unless $d =~ /\.(h|pm)$/; - my $i = dirname($d); - my $spot = - $d eq "configdata.pm" || defined($unified_info{generate}->{$d}) - ? 'build' : 'source'; - push @{$unified_info{includes}->{$dest}->{$spot}}, $i - unless grep { $_ eq $i } @{$unified_info{includes}->{$dest}->{$spot}}; - } - } - - # Go through all intermediary files and change their names to something that - # reflects what they will be built for. Note that for some source files, - # this leads to duplicate object files because they are used multiple times. - # the goal is to rename all object files according to this scheme: - # {productname}-{midfix}-{origobjname}.[o|res] - # the {midfix} is a keyword indicating the type of product, which is mostly - # valuable for libraries since they come in two forms. - # - # This also reorganises the {sources} and {shared_sources} so that the - # former only contains ALL object files that are supposed to end up in - # static libraries and programs, while the latter contains ALL object files - # that are supposed to end up in shared libraries and DSOs. - # The main reason for having two different source structures is to allow - # the same name to be used for the static and the shared variants of a - # library. - { - # Take copies so we don't get interference from added stuff - my %unified_copy = (); - foreach (('sources', 'shared_sources')) { - $unified_copy{$_} = { %{$unified_info{$_}} } - if defined($unified_info{$_}); - delete $unified_info{$_}; - } - foreach my $prodtype (('programs', 'libraries', 'modules', 'scripts')) { - # $intent serves multi purposes: - # - give a prefix for the new object files names - # - in the case of libraries, rearrange the object files so static - # libraries use the 'sources' structure exclusively, while shared - # libraries use the 'shared_sources' structure exclusively. - my $intent = { - programs => { bin => { src => [ 'sources' ], - dst => 'sources' } }, - libraries => { lib => { src => [ 'sources' ], - dst => 'sources' }, - shlib => { prodselect => - sub { grep !/\.a$/, @_ }, - src => [ 'sources', - 'shared_sources' ], - dst => 'shared_sources' } }, - modules => { dso => { src => [ 'sources' ], - dst => 'sources' } }, - scripts => { script => { src => [ 'sources' ], - dst => 'sources' } } - } -> {$prodtype}; - foreach my $kind (keys %$intent) { - next if ($intent->{$kind}->{dst} eq 'shared_sources' - && $disabled{shared}); - - my @src = @{$intent->{$kind}->{src}}; - my $dst = $intent->{$kind}->{dst}; - my $prodselect = $intent->{$kind}->{prodselect} // sub { @_ }; - foreach my $prod ($prodselect->(keys %{$unified_info{$prodtype}})) { - # %prod_sources has all applicable objects as keys, and - # their corresponding sources as values - my %prod_sources = - map { $_ => [ keys %{$unified_copy{sources}->{$_}} ] } - map { keys %{$unified_copy{$_}->{$prod}} } - @src; - foreach (keys %prod_sources) { - # Only affect object files and resource files, - # the others simply get a new value - # (+1 instead of -1) - if ($_ =~ /\.(o|res)$/) { - (my $prodname = $prod) =~ s|\.a$||; - my $newobj = - catfile(dirname($_), - basename($prodname) - . '-' . $kind - . '-' . basename($_)); - $unified_info{$dst}->{$prod}->{$newobj} = 1; - foreach my $src (@{$prod_sources{$_}}) { - $unified_info{sources}->{$newobj}->{$src} = 1; - # Adjust source attributes - my $attrs = $unified_info{attributes}->{sources}; - if (defined $attrs->{$prod} - && defined $attrs->{$prod}->{$_}) { - $attrs->{$prod}->{$newobj} = - $attrs->{$prod}->{$_}; - delete $attrs->{$prod}->{$_}; - } - foreach my $objsrc (keys %{$attrs->{$_} // {}}) { - $attrs->{$newobj}->{$objsrc} = - $attrs->{$_}->{$objsrc}; - delete $attrs->{$_}->{$objsrc}; - } - } - # Adjust dependencies - foreach my $deps (keys %{$unified_info{depends}->{$_}}) { - $unified_info{depends}->{$_}->{$deps} = -1; - $unified_info{depends}->{$newobj}->{$deps} = 1; - } - # Adjust includes - foreach my $k (('source', 'build')) { - next unless - defined($unified_info{includes}->{$_}->{$k}); - my @incs = @{$unified_info{includes}->{$_}->{$k}}; - $unified_info{includes}->{$newobj}->{$k} = [ @incs ]; - } - } else { - $unified_info{$dst}->{$prod}->{$_} = 1; - } - } - } - } - } - } - - # At this point, we have a number of sources with the value -1. They - # aren't part of the local build and are probably meant for a different - # platform, and can therefore be cleaned away. That happens when making - # %unified_info more efficient below. - - ### Make unified_info a bit more efficient - # One level structures - foreach (("programs", "libraries", "modules", "scripts", "targets")) { - $unified_info{$_} = [ sort keys %{$unified_info{$_}} ]; - } - # Two level structures - foreach my $l1 (("sources", "shared_sources", "ldadd", "depends", - "imagedocs", "htmldocs", "mandocs")) { - foreach my $l2 (sort keys %{$unified_info{$l1}}) { - my @items = - sort - grep { $unified_info{$l1}->{$l2}->{$_} > 0 } - keys %{$unified_info{$l1}->{$l2}}; - if (@items) { - $unified_info{$l1}->{$l2} = [ @items ]; - } else { - delete $unified_info{$l1}->{$l2}; - } - } - } - # Defines - foreach my $dest (sort keys %{$unified_info{defines}}) { - $unified_info{defines}->{$dest} - = [ map { $_.$unified_info{defines}->{$dest}->{$_} } - sort keys %{$unified_info{defines}->{$dest}} ]; - } - # Includes - foreach my $dest (sort keys %{$unified_info{includes}}) { - if (defined($unified_info{includes}->{$dest}->{build})) { - my @source_includes = (); - @source_includes = ( @{$unified_info{includes}->{$dest}->{source}} ) - if defined($unified_info{includes}->{$dest}->{source}); - $unified_info{includes}->{$dest} = - [ @{$unified_info{includes}->{$dest}->{build}} ]; - foreach my $inc (@source_includes) { - push @{$unified_info{includes}->{$dest}}, $inc - unless grep { $_ eq $inc } @{$unified_info{includes}->{$dest}}; - } - } elsif (defined($unified_info{includes}->{$dest}->{source})) { - $unified_info{includes}->{$dest} = - [ @{$unified_info{includes}->{$dest}->{source}} ]; - } else { - delete $unified_info{includes}->{$dest}; - } - } - - # For convenience collect information regarding directories where - # files are generated, those generated files and the end product - # they end up in where applicable. Then, add build rules for those - # directories - my %loopinfo = ( "lib" => [ @{$unified_info{libraries}} ], - "dso" => [ @{$unified_info{modules}} ], - "bin" => [ @{$unified_info{programs}} ], - "script" => [ @{$unified_info{scripts}} ], - "docs" => [ (map { @{$unified_info{imagedocs}->{$_} // []} } - keys %{$unified_info{imagedocs} // {}}), - (map { @{$unified_info{htmldocs}->{$_} // []} } - keys %{$unified_info{htmldocs} // {}}), - (map { @{$unified_info{mandocs}->{$_} // []} } - keys %{$unified_info{mandocs} // {}}) ] ); - foreach my $type (sort keys %loopinfo) { - foreach my $product (@{$loopinfo{$type}}) { - my %dirs = (); - my $pd = dirname($product); - - foreach (@{$unified_info{sources}->{$product} // []}, - @{$unified_info{shared_sources}->{$product} // []}) { - my $d = dirname($_); - - # We don't want to create targets for source directories - # when building out of source - next if ($config{sourcedir} ne $config{builddir} - && $d =~ m|^\Q$config{sourcedir}\E|); - # We already have a "test" target, and the current directory - # is just silly to make a target for - next if $d eq "test" || $d eq "."; - - $dirs{$d} = 1; - push @{$unified_info{dirinfo}->{$d}->{deps}}, $_ - if $d ne $pd; - } - foreach (sort keys %dirs) { - push @{$unified_info{dirinfo}->{$_}->{products}->{$type}}, - $product; - } - } - } -} - -# For the schemes that need it, we provide the old *_obj configs -# from the *_asm_obj ones -foreach (grep /_(asm|aux)_src$/, keys %target) { - my $src = $_; - (my $obj = $_) =~ s/_(asm|aux)_src$/_obj/; - $target{$obj} = $target{$src}; - $target{$obj} =~ s/\.[csS]\b/.o/g; # C and assembler - $target{$obj} =~ s/\.(cc|cpp)\b/_cc.o/g; # C++ -} - -# Write down our configuration where it fits ######################### - -my %template_vars = ( - config => \%config, - target => \%target, - disablables => \@disablables, - disablables_int => \@disablables_int, - disabled => \%disabled, - withargs => \%withargs, - unified_info => \%unified_info, - tls => \@tls, - dtls => \@dtls, - makevars => [ sort keys %user ], - disabled_info => \%disabled_info, - user_crossable => \@user_crossable, -); -my $configdata_outname = 'configdata.pm'; -open CONFIGDATA, ">$configdata_outname.new" - or die "Trying to create $configdata_outname.new: $!"; -my $configdata_tmplname = cleanfile($srcdir, "configdata.pm.in", $blddir); -my $configdata_tmpl = - OpenSSL::Template->new(TYPE => 'FILE', SOURCE => $configdata_tmplname); -$configdata_tmpl->fill_in( - FILENAME => $configdata_tmplname, - OUTPUT => \*CONFIGDATA, - HASH => { %template_vars, - autowarntext => [ - 'WARNING: do not edit!', - "Generated by Configure from $configdata_tmplname", - ] } -) or die $Text::Template::ERROR; -close CONFIGDATA; - -rename "$configdata_outname.new", $configdata_outname; -if ($builder_platform eq 'unix') { - my $mode = (0755 & ~umask); - chmod $mode, 'configdata.pm' - or warn sprintf("WARNING: Couldn't change mode for 'configdata.pm' to 0%03o: %s\n",$mode,$!); -} -print "Created $configdata_outname\n"; - -print "Running $configdata_outname\n"; -my $perlcmd = (quotify("maybeshell", $config{PERL}))[0]; -my $cmd = "$perlcmd $configdata_outname"; -#print STDERR "DEBUG[run_dofile]: \$cmd = $cmd\n"; -system($cmd); -exit 1 if $? != 0; - -$SIG{__DIE__} = $orig_death_handler; - -print <<"EOF" if ($disabled{threads} eq "unavailable"); - -The library could not be configured for supporting multi-threaded -applications as the compiler options required on this system are not known. -See file INSTALL.md for details if you need multi-threading. -EOF - -print <<"EOF" if ($no_shared_warn); - -The options 'shared', 'pic' and 'dynamic-engine' aren't supported on this -platform, so we will pretend you gave the option 'no-pic', which also disables -'shared' and 'dynamic-engine'. If you know how to implement shared libraries -or position independent code, please let us know (but please first make sure -you have tried with a current version of OpenSSL). -EOF - -print $banner; - -exit(0); - -###################################################################### -# -# Helpers and utility functions -# - -# Death handler, to print a helpful message in case of failure ####### -# -sub death_handler { - die @_ if $^S; # To prevent the added message in eval blocks - my $build_file = $target{build_file} // "build file"; - my @message = ( <<"_____", @_ ); - -Failure! $build_file wasn't produced. -Please read INSTALL.md and associated NOTES-* files. You may also have to -look over your available compiler tool chain or change your configuration. - -_____ - - # Dying is terminal, so it's ok to reset the signal handler here. - $SIG{__DIE__} = $orig_death_handler; - die @message; -} - -# Configuration file reading ######################################### - -# Note: All of the helper functions are for lazy evaluation. They all -# return a CODE ref, which will return the intended value when evaluated. -# Thus, whenever there's mention of a returned value, it's about that -# intended value. - -# Helper function to implement conditional value variants, with a default -# plus additional values based on the value of $config{build_type}. -# Arguments are given in hash table form: -# -# picker(default => "Basic string: ", -# debug => "debug", -# release => "release") -# -# When configuring with --debug, the resulting string will be -# "Basic string: debug", and when not, it will be "Basic string: release" -# -# This can be used to create variants of sets of flags according to the -# build type: -# -# cflags => picker(default => "-Wall", -# debug => "-g -O0", -# release => "-O3") -# -sub picker { - my %opts = @_; - return sub { add($opts{default} || (), - $opts{$config{build_type}} || ())->(); } -} - -# Helper function to combine several values of different types into one. -# This is useful if you want to combine a string with the result of a -# lazy function, such as: -# -# cflags => combine("-Wall", sub { $disabled{zlib} ? () : "-DZLIB" }) -# -sub combine { - my @stuff = @_; - return sub { add(@stuff)->(); } -} - -# Helper function to implement conditional values depending on the value -# of $disabled{threads}. Can be used as follows: -# -# cflags => combine("-Wall", threads("-pthread")) -# -sub threads { - my @flags = @_; - return sub { add($disabled{threads} ? () : @flags)->(); } -} - -sub shared { - my @flags = @_; - return sub { add($disabled{shared} ? () : @flags)->(); } -} - -our $add_called = 0; -# Helper function to implement adding values to already existing configuration -# values. It handles elements that are ARRAYs, CODEs and scalars -sub _add { - my $separator = shift; - - # If there's any ARRAY in the collection of values OR the separator - # is undef, we will return an ARRAY of combined values, otherwise a - # string of joined values with $separator as the separator. - my $found_array = !defined($separator); - - my @values = - map { - my $res = $_; - while (ref($res) eq "CODE") { - $res = $res->(); - } - if (defined($res)) { - if (ref($res) eq "ARRAY") { - $found_array = 1; - @$res; - } else { - $res; - } - } else { - (); - } - } (@_); - - $add_called = 1; - - if ($found_array) { - [ @values ]; - } else { - join($separator, grep { defined($_) && $_ ne "" } @values); - } -} -sub add_before { - my $separator = " "; - if (ref($_[$#_]) eq "HASH") { - my $opts = pop; - $separator = $opts->{separator}; - } - my @x = @_; - sub { _add($separator, @x, @_) }; -} -sub add { - my $separator = " "; - if (ref($_[$#_]) eq "HASH") { - my $opts = pop; - $separator = $opts->{separator}; - } - my @x = @_; - sub { _add($separator, @_, @x) }; -} - -sub read_eval_file { - my $fname = shift; - my $content; - my @result; - - open F, "< $fname" or die "Can't open '$fname': $!\n"; - { - undef local $/; - $content = ; - } - close F; - { - local $@; - - @result = ( eval $content ); - warn $@ if $@; - } - return wantarray ? @result : $result[0]; -} - -# configuration reader, evaluates the input file as a perl script and expects -# it to fill %targets with target configurations. Those are then added to -# %table. -sub read_config { - my $fname = shift; - my %targets; - - { - # Protect certain tables from tampering - local %table = (); - - %targets = read_eval_file($fname); - } - my %preexisting = (); - foreach (sort keys %targets) { - $preexisting{$_} = 1 if $table{$_}; - } - die <<"EOF", -The following config targets from $fname -shadow pre-existing config targets with the same name: -EOF - map { " $_\n" } sort keys %preexisting - if %preexisting; - - - # For each target, check that it's configured with a hash table. - foreach (keys %targets) { - if (ref($targets{$_}) ne "HASH") { - if (ref($targets{$_}) eq "") { - warn "Deprecated target configuration for $_, ignoring...\n"; - } else { - warn "Misconfigured target configuration for $_ (should be a hash table), ignoring...\n"; - } - delete $targets{$_}; - } else { - $targets{$_}->{_conf_fname_int} = add([ $fname ]); - } - } - - %table = (%table, %targets); - -} - -# configuration resolver. Will only resolve all the lazy evaluation -# codeblocks for the chosen target and all those it inherits from, -# recursively -sub resolve_config { - my $target = shift; - my @breadcrumbs = @_; - -# my $extra_checks = defined($ENV{CONFIGURE_EXTRA_CHECKS}); - - if (grep { $_ eq $target } @breadcrumbs) { - die "inherit_from loop! target backtrace:\n " - ,$target,"\n ",join("\n ", @breadcrumbs),"\n"; - } - - if (!defined($table{$target})) { - warn "Warning! target $target doesn't exist!\n"; - return (); - } - # Recurse through all inheritances. They will be resolved on the - # fly, so when this operation is done, they will all just be a - # bunch of attributes with string values. - # What we get here, though, are keys with references to lists of - # the combined values of them all. We will deal with lists after - # this stage is done. - my %combined_inheritance = (); - if ($table{$target}->{inherit_from}) { - my @inherit_from = - map { ref($_) eq "CODE" ? $_->() : $_ } @{$table{$target}->{inherit_from}}; - foreach (@inherit_from) { - my %inherited_config = resolve_config($_, $target, @breadcrumbs); - - # 'template' is a marker that's considered private to - # the config that had it. - delete $inherited_config{template}; - - foreach (keys %inherited_config) { - if (!$combined_inheritance{$_}) { - $combined_inheritance{$_} = []; - } - push @{$combined_inheritance{$_}}, $inherited_config{$_}; - } - } - } - - # We won't need inherit_from in this target any more, since we've - # resolved all the inheritances that lead to this - delete $table{$target}->{inherit_from}; - - # Now is the time to deal with those lists. Here's the place to - # decide what shall be done with those lists, all based on the - # values of the target we're currently dealing with. - # - If a value is a coderef, it will be executed with the list of - # inherited values as arguments. - # - If the corresponding key doesn't have a value at all or is the - # empty string, the inherited value list will be run through the - # default combiner (below), and the result becomes this target's - # value. - # - Otherwise, this target's value is assumed to be a string that - # will simply override the inherited list of values. - my $default_combiner = add(); - - my %all_keys = - map { $_ => 1 } (keys %combined_inheritance, - keys %{$table{$target}}); - - sub process_values { - my $object = shift; - my $inherited = shift; # Always a [ list ] - my $target = shift; - my $entry = shift; - - $add_called = 0; - - while(ref($object) eq "CODE") { - $object = $object->(@$inherited); - } - if (!defined($object)) { - return (); - } - elsif (ref($object) eq "ARRAY") { - local $add_called; # To make sure recursive calls don't affect it - return [ map { process_values($_, $inherited, $target, $entry) } - @$object ]; - } elsif (ref($object) eq "") { - return $object; - } else { - die "cannot handle reference type ",ref($object) - ," found in target ",$target," -> ",$entry,"\n"; - } - } - - foreach my $key (sort keys %all_keys) { - my $previous = $combined_inheritance{$key}; - - # Current target doesn't have a value for the current key? - # Assign it the default combiner, the rest of this loop body - # will handle it just like any other coderef. - if (!exists $table{$target}->{$key}) { - $table{$target}->{$key} = $default_combiner; - } - - $table{$target}->{$key} = process_values($table{$target}->{$key}, - $combined_inheritance{$key}, - $target, $key); - unless(defined($table{$target}->{$key})) { - delete $table{$target}->{$key}; - } -# if ($extra_checks && -# $previous && !($add_called || $previous ~~ $table{$target}->{$key})) { -# warn "$key got replaced in $target\n"; -# } - } - - # Finally done, return the result. - return %{$table{$target}}; -} - -sub usage - { - print STDERR $usage; - print STDERR "\npick os/compiler from:\n"; - my $j=0; - my $i; - my $k=0; - foreach $i (sort keys %table) - { - next if $table{$i}->{template}; - next if $i =~ /^debug/; - $k += length($i) + 1; - if ($k > 78) - { - print STDERR "\n"; - $k=length($i); - } - print STDERR $i . " "; - } - foreach $i (sort keys %table) - { - next if $table{$i}->{template}; - next if $i !~ /^debug/; - $k += length($i) + 1; - if ($k > 78) - { - print STDERR "\n"; - $k=length($i); - } - print STDERR $i . " "; - } - exit(1); - } - -sub compiler_predefined { - state %predefined; - my $cc = shift; - - return () if $^O eq 'VMS'; - - die 'compiler_predefined called without a compiler command' - unless $cc; - - if (! $predefined{$cc}) { - - $predefined{$cc} = {}; - - # collect compiler pre-defines from gcc or gcc-alike... - open(PIPE, "$cc -dM -E -x c /dev/null 2>&1 |"); - while (my $l = ) { - $l =~ m/^#define\s+(\w+(?:\(\w+\))?)(?:\s+(.+))?/ or last; - $predefined{$cc}->{$1} = $2 // ''; - } - close(PIPE); - } - - return %{$predefined{$cc}}; -} - -sub which -{ - my ($name)=@_; - - if (eval { require IPC::Cmd; 1; }) { - IPC::Cmd->import(); - return scalar IPC::Cmd::can_run($name); - } else { - # if there is $directories component in splitpath, - # then it's not something to test with $PATH... - return $name if (File::Spec->splitpath($name))[1]; - - foreach (File::Spec->path()) { - my $fullpath = catfile($_, "$name$target{exe_extension}"); - if (-f $fullpath and -x $fullpath) { - return $fullpath; - } - } - } -} - -sub env -{ - my $name = shift; - my %opts = @_; - - unless ($opts{cacheonly}) { - # Note that if $ENV{$name} doesn't exist or is undefined, - # $config{perlenv}->{$name} will be created with the value - # undef. This is intentional. - - $config{perlenv}->{$name} = $ENV{$name} - if ! exists $config{perlenv}->{$name}; - } - return $config{perlenv}->{$name}; -} - -# Configuration printer ############################################## - -sub print_table_entry -{ - local $now_printing = shift; - my %target = resolve_config($now_printing); - my $type = shift; - - # Don't print the templates - return if $target{template}; - - my @sequence = ( - "sys_id", - "cpp", - "cppflags", - "defines", - "includes", - "cc", - "cflags", - "ld", - "lflags", - "loutflag", - "ex_libs", - "bn_ops", - "enable", - "disable", - "poly1035_asm_src", - "thread_scheme", - "perlasm_scheme", - "dso_scheme", - "shared_target", - "shared_cflag", - "shared_defines", - "shared_ldflag", - "shared_rcflag", - "shared_extension", - "dso_extension", - "obj_extension", - "exe_extension", - "ranlib", - "ar", - "arflags", - "aroutflag", - "rc", - "rcflags", - "rcoutflag", - "mt", - "mtflags", - "mtinflag", - "mtoutflag", - "multilib", - "build_scheme", - ); - - if ($type eq "TABLE") { - print "\n"; - print "*** $now_printing\n"; - foreach (@sequence) { - if (ref($target{$_}) eq "ARRAY") { - printf "\$%-12s = %s\n", $_, join(" ", @{$target{$_}}); - } else { - printf "\$%-12s = %s\n", $_, $target{$_}; - } - } - } elsif ($type eq "HASH") { - my $largest = - length((sort { length($a) <=> length($b) } @sequence)[-1]); - print " '$now_printing' => {\n"; - foreach (@sequence) { - if ($target{$_}) { - if (ref($target{$_}) eq "ARRAY") { - print " '",$_,"'"," " x ($largest - length($_))," => [ ",join(", ", map { "'$_'" } @{$target{$_}})," ],\n"; - } else { - print " '",$_,"'"," " x ($largest - length($_))," => '",$target{$_},"',\n"; - } - } - } - print " },\n"; - } -} - -# Utility routines ################################################### - -# On VMS, if the given file is a logical name, File::Spec::Functions -# will consider it an absolute path. There are cases when we want a -# purely syntactic check without checking the environment. -sub isabsolute { - my $file = shift; - - # On non-platforms, we just use file_name_is_absolute(). - return file_name_is_absolute($file) unless $^O eq "VMS"; - - # If the file spec includes a device or a directory spec, - # file_name_is_absolute() is perfectly safe. - return file_name_is_absolute($file) if $file =~ m|[:\[]|; - - # Here, we know the given file spec isn't absolute - return 0; -} - -# Makes a directory absolute and cleans out /../ in paths like foo/../bar -# On some platforms, this uses rel2abs(), while on others, realpath() is used. -# realpath() requires that at least all path components except the last is an -# existing directory. On VMS, the last component of the directory spec must -# exist. -sub absolutedir { - my $dir = shift; - - # realpath() is quite buggy on VMS. It uses LIB$FID_TO_NAME, which - # will return the volume name for the device, no matter what. Also, - # it will return an incorrect directory spec if the argument is a - # directory that doesn't exist. - if ($^O eq "VMS") { - return rel2abs($dir); - } - - # We use realpath() on Unix, since no other will properly clean out - # a directory spec. - use Cwd qw/realpath/; - - return realpath($dir); -} - -# Check if all paths are one and the same, using stat. They must both exist -# We need this for the cases when File::Spec doesn't detect case insensitivity -# (File::Spec::Unix assumes case sensitivity) -sub samedir { - die "samedir expects two arguments\n" unless scalar @_ == 2; - - my @stat0 = stat($_[0]); # First argument - my @stat1 = stat($_[1]); # Second argument - - die "Couldn't stat $_[0]" unless @stat0; - die "Couldn't stat $_[1]" unless @stat1; - - # Compare device number - return 0 unless ($stat0[0] == $stat1[0]); - # Compare "inode". The perl manual recommends comparing as - # string rather than as number. - return 0 unless ($stat0[1] eq $stat1[1]); - - return 1; # All the same -} - -sub quotify { - my %processors = ( - perl => sub { my $x = shift; - $x =~ s/([\\\$\@"])/\\$1/g; - return '"'.$x.'"'; }, - maybeshell => sub { my $x = shift; - (my $y = $x) =~ s/([\\\"])/\\$1/g; - if ($x ne $y || $x =~ m|\s|) { - return '"'.$y.'"'; - } else { - return $x; - } - }, - ); - my $for = shift; - my $processor = - defined($processors{$for}) ? $processors{$for} : sub { shift; }; - - return map { $processor->($_); } @_; -} - -# collect_from_file($filename, $line_concat_cond_re, $line_concat) -# $filename is a file name to read from -# $line_concat_cond_re is a regexp detecting a line continuation ending -# $line_concat is a CODEref that takes care of concatenating two lines -sub collect_from_file { - my $filename = shift; - my $line_concat_cond_re = shift; - my $line_concat = shift; - - open my $fh, $filename || die "unable to read $filename: $!\n"; - return sub { - my $saved_line = ""; - $_ = ""; - while (<$fh>) { - s|\R$||; - if (defined $line_concat) { - $_ = $line_concat->($saved_line, $_); - $saved_line = ""; - } - if (defined $line_concat_cond_re && /$line_concat_cond_re/) { - $saved_line = $_; - next; - } - return $_; - } - die "$filename ending with continuation line\n" if $_; - close $fh; - return undef; - } -} - -# collect_from_array($array, $line_concat_cond_re, $line_concat) -# $array is an ARRAYref of lines -# $line_concat_cond_re is a regexp detecting a line continuation ending -# $line_concat is a CODEref that takes care of concatenating two lines -sub collect_from_array { - my $array = shift; - my $line_concat_cond_re = shift; - my $line_concat = shift; - my @array = (@$array); - - return sub { - my $saved_line = ""; - $_ = ""; - while (defined($_ = shift @array)) { - s|\R$||; - if (defined $line_concat) { - $_ = $line_concat->($saved_line, $_); - $saved_line = ""; - } - if (defined $line_concat_cond_re && /$line_concat_cond_re/) { - $saved_line = $_; - next; - } - return $_; - } - die "input text ending with continuation line\n" if $_; - return undef; - } -} - -# collect_information($lineiterator, $line_continue, $regexp => $CODEref, ...) -# $lineiterator is a CODEref that delivers one line at a time. -# All following arguments are regex/CODEref pairs, where the regexp detects a -# line and the CODEref does something with the result of the regexp. -sub collect_information { - my $lineiterator = shift; - my %collectors = @_; - - while(defined($_ = $lineiterator->())) { - s|\R$||; - my $found = 0; - if ($collectors{"BEFORE"}) { - $collectors{"BEFORE"}->($_); - } - foreach my $re (keys %collectors) { - if ($re !~ /^OTHERWISE|BEFORE|AFTER$/ && /$re/) { - $collectors{$re}->($lineiterator); - $found = 1; - }; - } - if ($collectors{"OTHERWISE"}) { - $collectors{"OTHERWISE"}->($lineiterator, $_) - unless $found || !defined $collectors{"OTHERWISE"}; - } - if ($collectors{"AFTER"}) { - $collectors{"AFTER"}->($_); - } - } -} - -# tokenize($line) -# tokenize($line,$separator) -# $line is a line of text to split up into tokens -# $separator [optional] is a regular expression that separates the tokens, -# the default being spaces. Do not use quotes of any kind as separators, -# that will give undefined results. -# Returns a list of tokens. -# -# Tokens are divided by separator (spaces by default). If the tokens include -# the separators, they have to be quoted with single or double quotes. -# Double quotes inside a double quoted token must be escaped. Escaping is done -# with backslash. -# Basically, the same quoting rules apply for " and ' as in any -# Unix shell. -sub tokenize { - my $line = my $debug_line = shift; - my $separator = shift // qr|\s+|; - my @result = (); - - if ($ENV{CONFIGURE_DEBUG_TOKENIZE}) { - print STDERR "DEBUG[tokenize]: \$separator = $separator\n"; - } - - while ($line =~ s|^${separator}||, $line ne "") { - my $token = ""; - again: - $line =~ m/^(.*?)(${separator}|"|'|$)/; - $token .= $1; - $line = $2.$'; - - if ($line =~ m/^"((?:[^"\\]+|\\.)*)"/) { - $token .= $1; - $line = $'; - goto again; - } elsif ($line =~ m/^'([^']*)'/) { - $token .= $1; - $line = $'; - goto again; - } - push @result, $token; - } - - if ($ENV{CONFIGURE_DEBUG_TOKENIZE}) { - print STDERR "DEBUG[tokenize]: Parsed '$debug_line' into:\n"; - print STDERR "DEBUG[tokenize]: ('", join("', '", @result), "')\n"; - } - return @result; -} diff --git a/FAQ.md b/FAQ.md deleted file mode 100644 index 30f5010ce3a480924209ae11c6e327f11d6dd9d4..0000000000000000000000000000000000000000 --- a/FAQ.md +++ /dev/null @@ -1,6 +0,0 @@ -Frequently Asked Questions (FAQ) -================================ - -The [Frequently Asked Questions][FAQ] are now maintained on the OpenSSL homepage. - - [FAQ]: https://www.openssl.org/docs/faq.html diff --git a/HACKING.md b/HACKING.md deleted file mode 100644 index 6375450c24134da541f83dbc45e2bd50f04a5439..0000000000000000000000000000000000000000 --- a/HACKING.md +++ /dev/null @@ -1,33 +0,0 @@ -MODIFYING OPENSSL SOURCE -======================== - -This document describes the way to add custom modifications to OpenSSL sources. - - If you are adding new public functions to the custom library build, you need to - either add a prototype in one of the existing OpenSSL header files; - or provide a new header file and edit - [Configurations/unix-Makefile.tmpl](Configurations/unix-Makefile.tmpl) - to pick up that file. - - After that perform the following steps: - - ./Configure -Werror --strict-warnings [your-options] - make update - make - make test - - `make update` ensures that your functions declarations are added to - `util/libcrypto.num` or `util/libssl.num`. - If you plan to submit the changes you made to OpenSSL - (see [CONTRIBUTING.md](CONTRIBUTING.md)), it's worth running: - - make doc-nits - - after running `make update` to ensure that documentation has correct format. - - `make update` also generates files related to OIDs (in the `crypto/objects/` - folder) and errors. - If a merge error occurs in one of these generated files then the - generated files need to be removed and regenerated using `make update`. - To aid in this process the generated files can be committed separately - so they can be removed easily. diff --git a/INSTALL.md b/INSTALL.md deleted file mode 100644 index 15b967d685b1b86a5aeea8a0f878923b4f29b433..0000000000000000000000000000000000000000 --- a/INSTALL.md +++ /dev/null @@ -1,1810 +0,0 @@ -Build and Install -================= - -This document describes installation on all supported operating -systems (the Unix/Linux family, including macOS), OpenVMS, -and Windows). - -Table of Contents -================= - - - [Prerequisites](#prerequisites) - - [Notational Conventions](#notational-conventions) - - [Quick Installation Guide](#quick-installation-guide) - - [Building OpenSSL](#building-openssl) - - [Installing OpenSSL](#installing-openssl) - - [Configuration Options](#configuration-options) - - [API Level](#api-level) - - [Cross Compile Prefix](#cross-compile-prefix) - - [Build Type](#build-type) - - [Directories](#directories) - - [Compiler Warnings](#compiler-warnings) - - [ZLib Flags](#zlib-flags) - - [Seeding the Random Generator](#seeding-the-random-generator) - - [Setting the FIPS HMAC key](#setting-the-FIPS-HMAC-key) - - [Enable and Disable Features](#enable-and-disable-features) - - [Displaying configuration data](#displaying-configuration-data) - - [Installation Steps in Detail](#installation-steps-in-detail) - - [Configure](#configure-openssl) - - [Build](#build-openssl) - - [Test](#test-openssl) - - [Install](#install-openssl) - - [Advanced Build Options](#advanced-build-options) - - [Environment Variables](#environment-variables) - - [Makefile Targets](#makefile-targets) - - [Running Selected Tests](#running-selected-tests) - - [Troubleshooting](#troubleshooting) - - [Configuration Problems](#configuration-problems) - - [Build Failures](#build-failures) - - [Test Failures](#test-failures) - - [Notes](#notes) - - [Notes on multi-threading](#notes-on-multi-threading) - - [Notes on shared libraries](#notes-on-shared-libraries) - - [Notes on random number generation](#notes-on-random-number-generation) - - [Notes on assembler modules compilation](#notes-on-assembler-modules-compilation) - -Prerequisites -============= - -To install OpenSSL, you will need: - - * A "make" implementation - * Perl 5 with core modules (please read [NOTES-PERL.md](NOTES-PERL.md)) - * The Perl module `Text::Template` (please read [NOTES-PERL.md](NOTES-PERL.md)) - * an ANSI C compiler - * a development environment in the form of development libraries and C - header files - * a supported operating system - -For additional platform specific requirements, solutions to specific -issues and other details, please read one of these: - - * [Notes for UNIX-like platforms](NOTES-UNIX.md) - * [Notes for Android platforms](NOTES-ANDROID.md) - * [Notes for Windows platforms](NOTES-WINDOWS.md) - * [Notes for the DOS platform with DJGPP](NOTES-DJGPP.md) - * [Notes for the OpenVMS platform](NOTES-VMS.md) - * [Notes on Perl](NOTES-PERL.md) - * [Notes on Valgrind](NOTES-VALGRIND.md) - -Notational conventions -====================== - -Throughout this document, we use the following conventions. - -Commands --------- - -Any line starting with a dollar sign is a command line. - - $ command - -The dollar sign indicates the shell prompt and is not to be entered as -part of the command. - -Choices -------- - -Several words in curly braces separated by pipe characters indicate a -**mandatory choice**, to be replaced with one of the given words. -For example, the line - - $ echo { WORD1 | WORD2 | WORD3 } - -represents one of the following three commands - - $ echo WORD1 - - or - - $ echo WORD2 - - or - - $ echo WORD3 - -One or several words in square brackets separated by pipe characters -denote an **optional choice**. It is similar to the mandatory choice, -but it can also be omitted entirely. - -So the line - - $ echo [ WORD1 | WORD2 | WORD3 ] - -represents one of the four commands - - $ echo WORD1 - - or - - $ echo WORD2 - - or - - $ echo WORD3 - - or - - $ echo - -Arguments ---------- - -**Mandatory arguments** are enclosed in double curly braces. -A simple example would be - - $ type {{ filename }} - -which is to be understood to use the command `type` on some file name -determined by the user. - -**Optional Arguments** are enclosed in double square brackets. - - [[ options ]] - -Note that the notation assumes spaces around `{`, `}`, `[`, `]`, `{{`, `}}` and -`[[`, `]]`. This is to differentiate from OpenVMS directory -specifications, which also use [ and ], but without spaces. - -Quick Installation Guide -======================== - -If you just want to get OpenSSL installed without bothering too much -about the details, here is the short version of how to build and install -OpenSSL. If any of the following steps fails, please consult the -[Installation in Detail](#installation-steps-in-detail) section below. - -Building OpenSSL ----------------- - -Use the following commands to configure, build and test OpenSSL. -The testing is optional, but recommended if you intend to install -OpenSSL for production use. - -### Unix / Linux / macOS - - $ ./Configure - $ make - $ make test - -### OpenVMS - -Use the following commands to build OpenSSL: - - $ perl Configure - $ mms - $ mms test - -### Windows - -If you are using Visual Studio, open a Developer Command Prompt and -issue the following commands to build OpenSSL. - - $ perl Configure - $ nmake - $ nmake test - -As mentioned in the [Choices](#choices) section, you need to pick one -of the four Configure targets in the first command. - -Most likely you will be using the `VC-WIN64A` target for 64bit Windows -binaries (AMD64) or `VC-WIN32` for 32bit Windows binaries (X86). -The other two options are `VC-WIN64I` (Intel IA64, Itanium) and -`VC-CE` (Windows CE) are rather uncommon nowadays. - -Installing OpenSSL ------------------- - -The following commands will install OpenSSL to a default system location. - -**Danger Zone:** even if you are impatient, please read the following two -paragraphs carefully before you install OpenSSL. - -For security reasons the default system location is by default not writable -for unprivileged users. So for the final installation step administrative -privileges are required. The default system location and the procedure to -obtain administrative privileges depends on the operating system. -It is recommended to compile and test OpenSSL with normal user privileges -and use administrative privileges only for the final installation step. - -On some platforms OpenSSL is preinstalled as part of the Operating System. -In this case it is highly recommended not to overwrite the system versions, -because other applications or libraries might depend on it. -To avoid breaking other applications, install your copy of OpenSSL to a -[different location](#installing-to-a-different-location) which is not in -the global search path for system libraries. - -Finally, if you plan on using the FIPS module, you need to read the -[Post-installation Notes](#post-installation-notes) further down. - -### Unix / Linux / macOS - -Depending on your distribution, you need to run the following command as -root user or prepend `sudo` to the command: - - $ make install - -By default, OpenSSL will be installed to - - /usr/local - -More precisely, the files will be installed into the subdirectories - - /usr/local/bin - /usr/local/lib - /usr/local/include - ... - -depending on the file type, as it is custom on Unix-like operating systems. - -### OpenVMS - -Use the following command to install OpenSSL. - - $ mms install - -By default, OpenSSL will be installed to - - SYS$COMMON:[OPENSSL] - -### Windows - -If you are using Visual Studio, open the Developer Command Prompt _elevated_ -and issue the following command. - - $ nmake install - -The easiest way to elevate the Command Prompt is to press and hold down -the both the `` and `` key while clicking the menu item in the -task menu. - -The default installation location is - - C:\Program Files\OpenSSL - -for native binaries, or - - C:\Program Files (x86)\OpenSSL - -for 32bit binaries on 64bit Windows (WOW64). - -#### Installing to a different location - -To install OpenSSL to a different location (for example into your home -directory for testing purposes) run `Configure` as shown in the following -examples. - -The options `--prefix` and `--openssldir` are explained in further detail in -[Directories](#directories) below, and the values used here are mere examples. - -On Unix: - - $ ./Configure --prefix=/opt/openssl --openssldir=/usr/local/ssl - -On OpenVMS: - - $ perl Configure --prefix=PROGRAM:[INSTALLS] --openssldir=SYS$MANAGER:[OPENSSL] - -Note: if you do add options to the configuration command, please make sure -you've read more than just this Quick Start, such as relevant `NOTES-*` files, -the options outline below, as configuration options may change the outcome -in otherwise unexpected ways. - -Configuration Options -===================== - -There are several options to `./Configure` to customize the build (note that -for Windows, the defaults for `--prefix` and `--openssldir` depend on what -configuration is used and what Windows implementation OpenSSL is built on. -For more information, see the [Notes for Windows platforms](NOTES-WINDOWS.md). - -API Level ---------- - - --api=x.y[.z] - -Build the OpenSSL libraries to support the API for the specified version. -If [no-deprecated](#no-deprecated) is also given, don't build with support -for deprecated APIs in or below the specified version number. For example, -adding - - --api=1.1.0 no-deprecated - -will remove support for all APIs that were deprecated in OpenSSL version -1.1.0 or below. This is a rather specialized option for developers. -If you just intend to remove all deprecated APIs up to the current version -entirely, just specify [no-deprecated](#no-deprecated). -If `--api` isn't given, it defaults to the current (minor) OpenSSL version. - -Cross Compile Prefix --------------------- - - --cross-compile-prefix= - -The `` to include in front of commands for your toolchain. - -It is likely to have to end with dash, e.g. `a-b-c-` would invoke GNU compiler -as `a-b-c-gcc`, etc. Unfortunately cross-compiling is too case-specific to put -together one-size-fits-all instructions. You might have to pass more flags or -set up environment variables to actually make it work. Android and iOS cases -are discussed in corresponding `Configurations/15-*.conf` files. But there are -cases when this option alone is sufficient. For example to build the mingw64 -target on Linux `--cross-compile-prefix=x86_64-w64-mingw32-` works. Naturally -provided that mingw packages are installed. Today Debian and Ubuntu users -have option to install a number of prepackaged cross-compilers along with -corresponding run-time and development packages for "alien" hardware. To give -another example `--cross-compile-prefix=mipsel-linux-gnu-` suffices in such -case. - -For cross compilation, you must [configure manually](#manual-configuration). -Also, note that `--openssldir` refers to target's file system, not one you are -building on. - -Build Type ----------- - - --debug - -Build OpenSSL with debugging symbols and zero optimization level. - - --release - -Build OpenSSL without debugging symbols. This is the default. - -Directories ------------ - -### libdir - - --libdir=DIR - -The name of the directory under the top of the installation directory tree -(see the `--prefix` option) where libraries will be installed. By default -this is `lib`. Note that on Windows only static libraries (`*.lib`) will -be stored in this location. Shared libraries (`*.dll`) will always be -installed to the `bin` directory. - -Some build targets have a multilib postfix set in the build configuration. -For these targets the default libdir is `lib`. Please use -`--libdir=lib` to override the libdir if adding the postfix is undesirable. - -### openssldir - - --openssldir=DIR - -Directory for OpenSSL configuration files, and also the default certificate -and key store. Defaults are: - - Unix: /usr/local/ssl - Windows: C:\Program Files\Common Files\SSL - OpenVMS: SYS$COMMON:[OPENSSL-COMMON] - -For 32bit Windows applications on Windows 64bit (WOW64), always replace -`C:\Program Files` by `C:\Program Files (x86)`. - -### prefix - - --prefix=DIR - -The top of the installation directory tree. Defaults are: - - Unix: /usr/local - Windows: C:\Program Files\OpenSSL - OpenVMS: SYS$COMMON:[OPENSSL] - -Compiler Warnings ------------------ - - --strict-warnings - -This is a developer flag that switches on various compiler options recommended -for OpenSSL development. It only works when using gcc or clang as the compiler. -If you are developing a patch for OpenSSL then it is recommended that you use -this option where possible. - -ZLib Flags ----------- - -### with-zlib-include - - --with-zlib-include=DIR - -The directory for the location of the zlib include file. This option is only -necessary if [zlib](#zlib) is used and the include file is not -already on the system include path. - -### with-zlib-lib - - --with-zlib-lib=LIB - -**On Unix**: this is the directory containing the zlib library. -If not provided the system library path will be used. - -**On Windows:** this is the filename of the zlib library (with or -without a path). This flag must be provided if the -[zlib-dynamic](#zlib-dynamic) option is not also used. If `zlib-dynamic` is used -then this flag is optional and defaults to `ZLIB1` if not provided. - -**On VMS:** this is the filename of the zlib library (with or without a path). -This flag is optional and if not provided then `GNV$LIBZSHR`, `GNV$LIBZSHR32` -or `GNV$LIBZSHR64` is used by default depending on the pointer size chosen. - -Seeding the Random Generator ----------------------------- - - --with-rand-seed=seed1[,seed2,...] - -A comma separated list of seeding methods which will be tried by OpenSSL -in order to obtain random input (a.k.a "entropy") for seeding its -cryptographically secure random number generator (CSPRNG). -The current seeding methods are: - -### os - -Use a trusted operating system entropy source. -This is the default method if such an entropy source exists. - -### getrandom - -Use the [getrandom(2)][man-getrandom] or equivalent system call. - -[man-getrandom]: http://man7.org/linux/man-pages/man2/getrandom.2.html - -### devrandom - -Use the first device from the `DEVRANDOM` list which can be opened to read -random bytes. The `DEVRANDOM` preprocessor constant expands to - - "/dev/urandom","/dev/random","/dev/srandom" - -on most unix-ish operating systems. - -### egd - -Check for an entropy generating daemon. -This source is ignored by the FIPS provider. - -### rdcpu - -Use the `RDSEED` or `RDRAND` command if provided by the CPU. - -### librandom - -Use librandom (not implemented yet). -This source is ignored by the FIPS provider. - -### none - -Disable automatic seeding. This is the default on some operating systems where -no suitable entropy source exists, or no support for it is implemented yet. -This option is ignored by the FIPS provider. - -For more information, see the section [Notes on random number generation][rng] -at the end of this document. - -[rng]: #notes-on-random-number-generation - -Setting the FIPS HMAC key -------------------------- - - --fips-key=value - -As part of its self-test validation, the FIPS module must verify itself -by performing a SHA-256 HMAC computation on itself. The default key is -the SHA256 value of "the holy handgrenade of antioch" and is sufficient -for meeting the FIPS requirements. - -To change the key to a different value, use this flag. The value should -be a hex string no more than 64 characters. - -Enable and Disable Features ---------------------------- - -Feature options always come in pairs, an option to enable feature -`xxxx`, and an option to disable it: - - [ enable-xxxx | no-xxxx ] - -Whether a feature is enabled or disabled by default, depends on the feature. -In the following list, always the non-default variant is documented: if -feature `xxxx` is disabled by default then `enable-xxxx` is documented and -if feature `xxxx` is enabled by default then `no-xxxx` is documented. - -### no-afalgeng - -Don't build the AFALG engine. - -This option will be forced on a platform that does not support AFALG. - -### enable-ktls - -Build with Kernel TLS support. - -This option will enable the use of the Kernel TLS data-path, which can improve -performance and allow for the use of sendfile and splice system calls on -TLS sockets. The Kernel may use TLS accelerators if any are available on the -system. This option will be forced off on systems that do not support the -Kernel TLS data-path. - -### enable-asan - -Build with the Address sanitiser. - -This is a developer option only. It may not work on all platforms and should -never be used in production environments. It will only work when used with -gcc or clang and should be used in conjunction with the [no-shared](#no-shared) -option. - -### enable-acvp-tests - -Build support for Automated Cryptographic Validation Protocol (ACVP) -tests. - -This is required for FIPS validation purposes. Certain ACVP tests require -access to algorithm internals that are not normally accessible. -Additional information related to ACVP can be found at -. - -### no-asm - -Do not use assembler code. - -This should be viewed as debugging/troubleshooting option rather than for -production use. On some platforms a small amount of assembler code may still -be used even with this option. - -### no-async - -Do not build support for async operations. - -### no-autoalginit - -Don't automatically load all supported ciphers and digests. - -Typically OpenSSL will make available all of its supported ciphers and digests. -For a statically linked application this may be undesirable if small executable -size is an objective. This only affects libcrypto. Ciphers and digests will -have to be loaded manually using `EVP_add_cipher()` and `EVP_add_digest()` -if this option is used. This option will force a non-shared build. - -### no-autoerrinit - -Don't automatically load all libcrypto/libssl error strings. - -Typically OpenSSL will automatically load human readable error strings. For a -statically linked application this may be undesirable if small executable size -is an objective. - -### no-autoload-config - -Don't automatically load the default `openssl.cnf` file. - -Typically OpenSSL will automatically load a system config file which configures -default SSL options. - -### enable-buildtest-c++ - -While testing, generate C++ buildtest files that simply check that the public -OpenSSL header files are usable standalone with C++. - -Enabling this option demands extra care. For any compiler flag given directly -as configuration option, you must ensure that it's valid for both the C and -the C++ compiler. If not, the C++ build test will most likely break. As an -alternative, you can use the language specific variables, `CFLAGS` and `CXXFLAGS`. - -### --banner=text - -Use the specified text instead of the default banner at the end of -configuration. - -### --w - -On platforms where the choice of 32-bit or 64-bit architecture -is not explicitly specified, `Configure` will print a warning -message and wait for a few seconds to let you interrupt the -configuration. Using this flag skips the wait. - -### no-bulk - -Build only some minimal set of features. -This is a developer option used internally for CI build tests of the project. - -### no-cached-fetch - -Never cache algorithms when they are fetched from a provider. Normally, a -provider indicates if the algorithms it supplies can be cached or not. Using -this option will reduce run-time memory usage but it also introduces a -significant performance penalty. This option is primarily designed to help -with detecting incorrect reference counting. - -### no-capieng - -Don't build the CAPI engine. - -This option will be forced if on a platform that does not support CAPI. - -### no-cmp - -Don't build support for Certificate Management Protocol (CMP) -and Certificate Request Message Format (CRMF). - -### no-cms - -Don't build support for Cryptographic Message Syntax (CMS). - -### no-comp - -Don't build support for SSL/TLS compression. - -If this option is enabled (the default), then compression will only work if -the zlib or `zlib-dynamic` options are also chosen. - -### enable-crypto-mdebug - -This now only enables the `failed-malloc` feature. - -### enable-crypto-mdebug-backtrace - -This is a no-op; the project uses the compiler's address/leak sanitizer instead. - -### no-ct - -Don't build support for Certificate Transparency (CT). - -### no-deprecated - -Don't build with support for deprecated APIs up until and including the version -given with `--api` (or the current version, if `--api` wasn't specified). - -### no-dgram - -Don't build support for datagram based BIOs. - -Selecting this option will also force the disabling of DTLS. - -### no-dso - -Don't build support for loading Dynamic Shared Objects (DSO) - -### enable-devcryptoeng - -Build the `/dev/crypto` engine. - -This option is automatically selected on the BSD platform, in which case it can -be disabled with `no-devcryptoeng`. - -### no-dynamic-engine - -Don't build the dynamically loaded engines. - -This only has an effect in a shared build. - -### no-ec - -Don't build support for Elliptic Curves. - -### no-ec2m - -Don't build support for binary Elliptic Curves - -### enable-ec_nistp_64_gcc_128 - -Enable support for optimised implementations of some commonly used NIST -elliptic curves. - -This option is only supported on platforms: - - - with little-endian storage of non-byte types - - that tolerate misaligned memory references - - where the compiler: - - supports the non-standard type `__uint128_t` - - defines the built-in macro `__SIZEOF_INT128__` - -### enable-egd - -Build support for gathering entropy from the Entropy Gathering Daemon (EGD). - -### no-engine - -Don't build support for loading engines. - -### no-err - -Don't compile in any error strings. - -### enable-external-tests - -Enable building of integration with external test suites. - -This is a developer option and may not work on all platforms. The following -external test suites are currently supported: - - - GOST engine test suite - - Python PYCA/Cryptography test suite - - krb5 test suite - -See the file [test/README-external.md](test/README-external.md) -for further details. - -### no-filenames - -Don't compile in filename and line number information (e.g. for errors and -memory allocation). - -### enable-fips - -Build (and install) the FIPS provider - -### no-fips-securitychecks - -Don't perform FIPS module run-time checks related to enforcement of security -parameters such as minimum security strength of keys. - -### enable-fuzz-libfuzzer, enable-fuzz-afl - -Build with support for fuzzing using either libfuzzer or AFL. - -These are developer options only. They may not work on all platforms and -should never be used in production environments. - -See the file [fuzz/README.md](fuzz/README.md) for further details. - -### no-gost - -Don't build support for GOST based ciphersuites. - -Note that if this feature is enabled then GOST ciphersuites are only available -if the GOST algorithms are also available through loading an externally supplied -engine. - -### no-legacy - -Don't build the legacy provider. - -Disabling this also disables the legacy algorithms: MD2 (already disabled by default). - -### no-makedepend - -Don't generate dependencies. - -### no-module - -Don't build any dynamically loadable engines. - -This also implies `no-dynamic-engine`. - -### no-multiblock - -Don't build support for writing multiple records in one go in libssl - -Note: this is a different capability to the pipelining functionality. - -### no-nextprotoneg - -Don't build support for the Next Protocol Negotiation (NPN) TLS extension. - -### no-ocsp - -Don't build support for Online Certificate Status Protocol (OCSP). - -### no-padlockeng - -Don't build the padlock engine. - -### no-hw-padlock - -As synonym for `no-padlockeng`. Deprecated and should not be used. - -### no-pic - -Don't build with support for Position Independent Code. - -### no-pinshared - -Don't pin the shared libraries. - -By default OpenSSL will attempt to stay in memory until the process exits. -This is so that libcrypto and libssl can be properly cleaned up automatically -via an `atexit()` handler. The handler is registered by libcrypto and cleans -up both libraries. On some platforms the `atexit()` handler will run on unload of -libcrypto (if it has been dynamically loaded) rather than at process exit. This -option can be used to stop OpenSSL from attempting to stay in memory until the -process exits. This could lead to crashes if either libcrypto or libssl have -already been unloaded at the point that the atexit handler is invoked, e.g. on a -platform which calls `atexit()` on unload of the library, and libssl is unloaded -before libcrypto then a crash is likely to happen. Applications can suppress -running of the `atexit()` handler at run time by using the -`OPENSSL_INIT_NO_ATEXIT` option to `OPENSSL_init_crypto()`. -See the man page for it for further details. - -### no-posix-io - -Don't use POSIX IO capabilities. - -### no-psk - -Don't build support for Pre-Shared Key based ciphersuites. - -### no-rdrand - -Don't use hardware RDRAND capabilities. - -### no-rfc3779 - -Don't build support for RFC3779, "X.509 Extensions for IP Addresses and -AS Identifiers". - -### sctp - -Build support for Stream Control Transmission Protocol (SCTP). - -### no-shared - -Do not create shared libraries, only static ones. - -See [Notes on shared libraries](#notes-on-shared-libraries) below. - -### no-sock - -Don't build support for socket BIOs. - -### no-srp - -Don't build support for Secure Remote Password (SRP) protocol or -SRP based ciphersuites. - -### no-srtp - -Don't build Secure Real-Time Transport Protocol (SRTP) support. - -### no-sse2 - -Exclude SSE2 code paths from 32-bit x86 assembly modules. - -Normally SSE2 extension is detected at run-time, but the decision whether or not -the machine code will be executed is taken solely on CPU capability vector. This -means that if you happen to run OS kernel which does not support SSE2 extension -on Intel P4 processor, then your application might be exposed to "illegal -instruction" exception. There might be a way to enable support in kernel, e.g. -FreeBSD kernel can be compiled with `CPU_ENABLE_SSE`, and there is a way to -disengage SSE2 code paths upon application start-up, but if you aim for wider -"audience" running such kernel, consider `no-sse2`. Both the `386` and `no-asm` -options imply `no-sse2`. - -### no-ssl-trace - -Don't build with SSL Trace capabilities. - -This removes the `-trace` option from `s_client` and `s_server`, and omits the -`SSL_trace()` function from libssl. - -Disabling `ssl-trace` may provide a small reduction in libssl binary size. - -### no-static-engine - -Don't build the statically linked engines. - -This only has an impact when not built "shared". - -### no-stdio - -Don't use anything from the C header file `stdio.h` that makes use of the `FILE` -type. Only libcrypto and libssl can be built in this way. Using this option will -suppress building the command line applications. Additionally, since the OpenSSL -tests also use the command line applications, the tests will also be skipped. - -### no-tests - -Don't build test programs or run any tests. - -### no-threads - -Don't build with support for multi-threaded applications. - -### threads - -Build with support for multi-threaded applications. Most platforms will enable -this by default. However, if on a platform where this is not the case then this -will usually require additional system-dependent options! - -See [Notes on multi-threading](#notes-on-multi-threading) below. - -### enable-trace - -Build with support for the integrated tracing api. - -See manual pages OSSL_trace_set_channel(3) and OSSL_trace_enabled(3) for details. - -### no-ts - -Don't build Time Stamping (TS) Authority support. - -### enable-ubsan - -Build with the Undefined Behaviour sanitiser (UBSAN). - -This is a developer option only. It may not work on all platforms and should -never be used in production environments. It will only work when used with -gcc or clang and should be used in conjunction with the `-DPEDANTIC` option -(or the `--strict-warnings` option). - -### no-ui-console - -Don't build with the User Interface (UI) console method - -The User Interface console method enables text based console prompts. - -### enable-unit-test - -Enable additional unit test APIs. - -This should not typically be used in production deployments. - -### no-uplink - -Don't build support for UPLINK interface. - -### enable-weak-ssl-ciphers - -Build support for SSL/TLS ciphers that are considered "weak" - -Enabling this includes for example the RC4 based ciphersuites. - -### zlib - -Build with support for zlib compression/decompression. - -### zlib-dynamic - -Like the zlib option, but has OpenSSL load the zlib library dynamically -when needed. - -This is only supported on systems where loading of shared libraries is supported. - -### 386 - -In 32-bit x86 builds, use the 80386 instruction set only in assembly modules - -The default x86 code is more efficient, but requires at least an 486 processor. -Note: This doesn't affect compiler generated code, so this option needs to be -accompanied by a corresponding compiler-specific option. - -### no-{protocol} - - no-{ssl|ssl3|tls|tls1|tls1_1|tls1_2|tls1_3|dtls|dtls1|dtls1_2} - -Don't build support for negotiating the specified SSL/TLS protocol. - -If `no-tls` is selected then all of `tls1`, `tls1_1`, `tls1_2` and `tls1_3` -are disabled. -Similarly `no-dtls` will disable `dtls1` and `dtls1_2`. The `no-ssl` option is -synonymous with `no-ssl3`. Note this only affects version negotiation. -OpenSSL will still provide the methods for applications to explicitly select -the individual protocol versions. - -### no-{protocol}-method - - no-{ssl3|tls1|tls1_1|tls1_2|dtls1|dtls1_2}-method - -Analogous to `no-{protocol}` but in addition do not build the methods for -applications to explicitly select individual protocol versions. Note that there -is no `no-tls1_3-method` option because there is no application method for -TLSv1.3. - -Using individual protocol methods directly is deprecated. Applications should -use `TLS_method()` instead. - -### enable-{algorithm} - - enable-{md2|rc5} - -Build with support for the specified algorithm. - -### no-{algorithm} - - no-{aria|bf|blake2|camellia|cast|chacha|cmac| - des|dh|dsa|ecdh|ecdsa|idea|md4|mdc2|ocb| - poly1305|rc2|rc4|rmd160|scrypt|seed| - siphash|siv|sm2|sm3|sm4|whirlpool} - -Build without support for the specified algorithm. - -The `ripemd` algorithm is deprecated and if used is synonymous with `rmd160`. - -### Compiler-specific options - - -Dxxx, -Ixxx, -Wp, -lxxx, -Lxxx, -Wl, -rpath, -R, -framework, -static - -These system specific options will be recognised and passed through to the -compiler to allow you to define preprocessor symbols, specify additional -libraries, library directories or other compiler options. It might be worth -noting that some compilers generate code specifically for processor the -compiler currently executes on. This is not necessarily what you might have -in mind, since it might be unsuitable for execution on other, typically older, -processor. Consult your compiler documentation. - -Take note of the [Environment Variables](#environment-variables) documentation -below and how these flags interact with those variables. - - -xxx, +xxx, /xxx - -Additional options that are not otherwise recognised are passed through as -they are to the compiler as well. Unix-style options beginning with a -`-` or `+` and Windows-style options beginning with a `/` are recognized. -Again, consult your compiler documentation. - -If the option contains arguments separated by spaces, then the URL-style -notation `%20` can be used for the space character in order to avoid having -to quote the option. For example, `-opt%20arg` gets expanded to `-opt arg`. -In fact, any ASCII character can be encoded as %xx using its hexadecimal -encoding. - -Take note of the [Environment Variables](#environment-variables) documentation -below and how these flags interact with those variables. - -### Environment Variables - - VAR=value - -Assign the given value to the environment variable `VAR` for `Configure`. - -These work just like normal environment variable assignments, but are supported -on all platforms and are confined to the configuration scripts only. -These assignments override the corresponding value in the inherited environment, -if there is one. - -The following variables are used as "`make` variables" and can be used as an -alternative to giving preprocessor, compiler and linker options directly as -configuration. The following variables are supported: - - AR The static library archiver. - ARFLAGS Flags for the static library archiver. - AS The assembler compiler. - ASFLAGS Flags for the assembler compiler. - CC The C compiler. - CFLAGS Flags for the C compiler. - CXX The C++ compiler. - CXXFLAGS Flags for the C++ compiler. - CPP The C/C++ preprocessor. - CPPFLAGS Flags for the C/C++ preprocessor. - CPPDEFINES List of CPP macro definitions, separated - by a platform specific character (':' or - space for Unix, ';' for Windows, ',' for - VMS). This can be used instead of using - -D (or what corresponds to that on your - compiler) in CPPFLAGS. - CPPINCLUDES List of CPP inclusion directories, separated - the same way as for CPPDEFINES. This can - be used instead of -I (or what corresponds - to that on your compiler) in CPPFLAGS. - HASHBANGPERL Perl invocation to be inserted after '#!' - in public perl scripts (only relevant on - Unix). - LD The program linker (not used on Unix, $(CC) - is used there). - LDFLAGS Flags for the shared library, DSO and - program linker. - LDLIBS Extra libraries to use when linking. - Takes the form of a space separated list - of library specifications on Unix and - Windows, and as a comma separated list of - libraries on VMS. - RANLIB The library archive indexer. - RC The Windows resource compiler. - RCFLAGS Flags for the Windows resource compiler. - RM The command to remove files and directories. - -These cannot be mixed with compiling/linking flags given on the command line. -In other words, something like this isn't permitted. - - $ ./Configure -DFOO CPPFLAGS=-DBAR -DCOOKIE - -Backward compatibility note: - -To be compatible with older configuration scripts, the environment variables -are ignored if compiling/linking flags are given on the command line, except -for the following: - - AR, CC, CXX, CROSS_COMPILE, HASHBANGPERL, PERL, RANLIB, RC, and WINDRES - -For example, the following command will not see `-DBAR`: - - $ CPPFLAGS=-DBAR ./Configure -DCOOKIE - -However, the following will see both set variables: - - $ CC=gcc CROSS_COMPILE=x86_64-w64-mingw32- ./Configure -DCOOKIE - -If `CC` is set, it is advisable to also set `CXX` to ensure both the C and C++ -compiler are in the same "family". This becomes relevant with -`enable-external-tests` and `enable-buildtest-c++`. - -### Reconfigure - - reconf - reconfigure - -Reconfigure from earlier data. - -This fetches the previous command line options and environment from data -saved in `configdata.pm` and runs the configuration process again, using -these options and environment. Note: NO other option is permitted together -with `reconf`. Note: The original configuration saves away values for ALL -environment variables that were used, and if they weren't defined, they are -still saved away with information that they weren't originally defined. -This information takes precedence over environment variables that are -defined when reconfiguring. - -Displaying configuration data ------------------------------ - -The configuration script itself will say very little, and finishes by -creating `configdata.pm`. This perl module can be loaded by other scripts -to find all the configuration data, and it can also be used as a script to -display all sorts of configuration data in a human readable form. - -For more information, please do: - - $ ./configdata.pm --help # Unix - -or - - $ perl configdata.pm --help # Windows and VMS - -Installation Steps in Detail -============================ - -Configure OpenSSL ------------------ - -### Automatic Configuration - -In previous version, the `config` script determined the platform type and -compiler and then called `Configure`. Starting with this release, they are -the same. - -#### Unix / Linux / macOS - - $ ./Configure [[ options ]] - -#### OpenVMS - - $ perl Configure [[ options ]] - -#### Windows - - $ perl Configure [[ options ]] - -### Manual Configuration - -OpenSSL knows about a range of different operating system, hardware and -compiler combinations. To see the ones it knows about, run - - $ ./Configure LIST # Unix - -or - - $ perl Configure LIST # All other platforms - -For the remainder of this text, the Unix form will be used in all examples. -Please use the appropriate form for your platform. - -Pick a suitable name from the list that matches your system. For most -operating systems there is a choice between using cc or gcc. -When you have identified your system (and if necessary compiler) use this -name as the argument to `Configure`. For example, a `linux-elf` user would -run: - - $ ./Configure linux-elf [[ options ]] - -### Creating your own Configuration - -If your system isn't listed, you will have to create a configuration -file named `Configurations/{{ something }}.conf` and add the correct -configuration for your system. See the available configs as examples -and read [Configurations/README.md](Configurations/README.md) and -[Configurations/README-design.md](Configurations/README-design.md) -for more information. - -The generic configurations `cc` or `gcc` should usually work on 32 bit -Unix-like systems. - -`Configure` creates a build file (`Makefile` on Unix, `makefile` on Windows -and `descrip.mms` on OpenVMS) from a suitable template in `Configurations/`, -and defines various macros in `include/openssl/configuration.h` (generated -from `include/openssl/configuration.h.in`. - -### Out of Tree Builds - -OpenSSL can be configured to build in a build directory separate from the -source code directory. It's done by placing yourself in some other -directory and invoking the configuration commands from there. - -#### Unix example - - $ mkdir /var/tmp/openssl-build - $ cd /var/tmp/openssl-build - $ /PATH/TO/OPENSSL/SOURCE/Configure [[ options ]] - -#### OpenVMS example - - $ set default sys$login: - $ create/dir [.tmp.openssl-build] - $ set default [.tmp.openssl-build] - $ perl D:[PATH.TO.OPENSSL.SOURCE]Configure [[ options ]] - -#### Windows example - - $ C: - $ mkdir \temp-openssl - $ cd \temp-openssl - $ perl d:\PATH\TO\OPENSSL\SOURCE\Configure [[ options ]] - -Paths can be relative just as well as absolute. `Configure` will do its best -to translate them to relative paths whenever possible. - -Build OpenSSL -------------- - -Build OpenSSL by running: - - $ make # Unix - $ mms ! (or mmk) OpenVMS - $ nmake # Windows - -This will build the OpenSSL libraries (`libcrypto.a` and `libssl.a` on -Unix, corresponding on other platforms) and the OpenSSL binary -(`openssl`). The libraries will be built in the top-level directory, -and the binary will be in the `apps/` subdirectory. - -If the build fails, take a look at the [Build Failures](#build-failures) -subsection of the [Troubleshooting](#troubleshooting) section. - -Test OpenSSL ------------- - -After a successful build, and before installing, the libraries should -be tested. Run: - - $ make test # Unix - $ mms test ! OpenVMS - $ nmake test # Windows - -**Warning:** you MUST run the tests from an unprivileged account (or disable -your privileges temporarily if your platform allows it). - -See [test/README.md](test/README.md) for further details how run tests. - -See [test/README-dev.md](test/README-dev.md) for guidelines on adding tests. - -Install OpenSSL ---------------- - -If everything tests ok, install OpenSSL with - - $ make install # Unix - $ mms install ! OpenVMS - $ nmake install # Windows - -Note that in order to perform the install step above you need to have -appropriate permissions to write to the installation directory. - -The above commands will install all the software components in this -directory tree under `` (the directory given with `--prefix` or -its default): - -### Unix / Linux / macOS - - bin/ Contains the openssl binary and a few other - utility scripts. - include/openssl - Contains the header files needed if you want - to build your own programs that use libcrypto - or libssl. - lib Contains the OpenSSL library files. - lib/engines Contains the OpenSSL dynamically loadable engines. - - share/man/man1 Contains the OpenSSL command line man-pages. - share/man/man3 Contains the OpenSSL library calls man-pages. - share/man/man5 Contains the OpenSSL configuration format man-pages. - share/man/man7 Contains the OpenSSL other misc man-pages. - - share/doc/openssl/html/man1 - share/doc/openssl/html/man3 - share/doc/openssl/html/man5 - share/doc/openssl/html/man7 - Contains the HTML rendition of the man-pages. - -### OpenVMS - -'arch' is replaced with the architecture name, `ALPHA` or `IA64`, -'sover' is replaced with the shared library version (`0101` for 1.1), and -'pz' is replaced with the pointer size OpenSSL was built with: - - [.EXE.'arch'] Contains the openssl binary. - [.EXE] Contains a few utility scripts. - [.include.openssl] - Contains the header files needed if you want - to build your own programs that use libcrypto - or libssl. - [.LIB.'arch'] Contains the OpenSSL library files. - [.ENGINES'sover''pz'.'arch'] - Contains the OpenSSL dynamically loadable engines. - [.SYS$STARTUP] Contains startup, login and shutdown scripts. - These define appropriate logical names and - command symbols. - [.SYSTEST] Contains the installation verification procedure. - [.HTML] Contains the HTML rendition of the manual pages. - -### Additional Directories - -Additionally, install will add the following directories under -OPENSSLDIR (the directory given with `--openssldir` or its default) -for you convenience: - - certs Initially empty, this is the default location - for certificate files. - private Initially empty, this is the default location - for private key files. - misc Various scripts. - -The installation directory should be appropriately protected to ensure -unprivileged users cannot make changes to OpenSSL binaries or files, or -install engines. If you already have a pre-installed version of OpenSSL as -part of your Operating System it is recommended that you do not overwrite -the system version and instead install to somewhere else. - -Package builders who want to configure the library for standard locations, -but have the package installed somewhere else so that it can easily be -packaged, can use - - $ make DESTDIR=/tmp/package-root install # Unix - $ mms/macro="DESTDIR=TMP:[PACKAGE-ROOT]" install ! OpenVMS - -The specified destination directory will be prepended to all installation -target paths. - -Compatibility issues with previous OpenSSL versions ---------------------------------------------------- - -### COMPILING existing applications - -Starting with version 1.1.0, OpenSSL hides a number of structures that were -previously open. This includes all internal libssl structures and a number -of EVP types. Accessor functions have been added to allow controlled access -to the structures' data. - -This means that some software needs to be rewritten to adapt to the new ways -of doing things. This often amounts to allocating an instance of a structure -explicitly where you could previously allocate them on the stack as automatic -variables, and using the provided accessor functions where you would previously -access a structure's field directly. - -Some APIs have changed as well. However, older APIs have been preserved when -possible. - -Post-installation Notes ------------------------ - -With the default OpenSSL installation comes a FIPS provider module, which -needs some post-installation attention, without which it will not be usable. -This involves using the following command: - - $ openssl fipsinstall - -See the openssl-fipsinstall(1) manual for details and examples. - -Advanced Build Options -====================== - -Environment Variables ---------------------- - -A number of environment variables can be used to provide additional control -over the build process. Typically these should be defined prior to running -`Configure`. Not all environment variables are relevant to all platforms. - - AR - The name of the ar executable to use. - - BUILDFILE - Use a different build file name than the platform default - ("Makefile" on Unix-like platforms, "makefile" on native Windows, - "descrip.mms" on OpenVMS). This requires that there is a - corresponding build file template. - See [Configurations/README.md](Configurations/README.md) - for further information. - - CC - The compiler to use. Configure will attempt to pick a default - compiler for your platform but this choice can be overridden - using this variable. Set it to the compiler executable you wish - to use, e.g. gcc or clang. - - CROSS_COMPILE - This environment variable has the same meaning as for the - "--cross-compile-prefix" Configure flag described above. If both - are set then the Configure flag takes precedence. - - HASHBANGPERL - The command string for the Perl executable to insert in the - #! line of perl scripts that will be publicly installed. - Default: /usr/bin/env perl - Note: the value of this variable is added to the same scripts - on all platforms, but it's only relevant on Unix-like platforms. - - KERNEL_BITS - This can be the value `32` or `64` to specify the architecture - when it is not "obvious" to the configuration. It should generally - not be necessary to specify this environment variable. - - NM - The name of the nm executable to use. - - OPENSSL_LOCAL_CONFIG_DIR - OpenSSL comes with a database of information about how it - should be built on different platforms as well as build file - templates for those platforms. The database is comprised of - ".conf" files in the Configurations directory. The build - file templates reside there as well as ".tmpl" files. See the - file [Configurations/README.md](Configurations/README.md) - for further information about the format of ".conf" files - as well as information on the ".tmpl" files. - In addition to the standard ".conf" and ".tmpl" files, it is - possible to create your own ".conf" and ".tmpl" files and - store them locally, outside the OpenSSL source tree. - This environment variable can be set to the directory where - these files are held and will be considered by Configure - before it looks in the standard directories. - - PERL - The name of the Perl executable to use when building OpenSSL. - Only needed if builing should use a different Perl executable - than what is used to run the Configure script. - - RANLIB - The name of the ranlib executable to use. - - RC - The name of the rc executable to use. The default will be as - defined for the target platform in the ".conf" file. If not - defined then "windres" will be used. The WINDRES environment - variable is synonymous to this. If both are defined then RC - takes precedence. - - WINDRES - See RC. - -Makefile Targets ----------------- - -The `Configure` script generates a Makefile in a format relevant to the specific -platform. The Makefiles provide a number of targets that can be used. Not all -targets may be available on all platforms. Only the most common targets are -described here. Examine the Makefiles themselves for the full list. - - all - The target to build all the software components and - documentation. - - build_sw - Build all the software components. - THIS IS THE DEFAULT TARGET. - - build_docs - Build all documentation components. - - clean - Remove all build artefacts and return the directory to a "clean" - state. - - depend - Rebuild the dependencies in the Makefiles. This is a legacy - option that no longer needs to be used since OpenSSL 1.1.0. - - install - Install all OpenSSL components. - - install_sw - Only install the OpenSSL software components. - - install_docs - Only install the OpenSSL documentation components. - - install_man_docs - Only install the OpenSSL man pages (Unix only). - - install_html_docs - Only install the OpenSSL HTML documentation. - - install_fips - Install the FIPS provider module configuration file. - - list-tests - Prints a list of all the self test names. - - test - Build and run the OpenSSL self tests. - - uninstall - Uninstall all OpenSSL components. - - reconfigure - reconf - Re-run the configuration process, as exactly as the last time - as possible. - - update - This is a developer option. If you are developing a patch for - OpenSSL you may need to use this if you want to update - automatically generated files; add new error codes or add new - (or change the visibility of) public API functions. (Unix only). - -Running Selected Tests ----------------------- - -You can specify a set of tests to be performed -using the `make` variable `TESTS`. - -See the section [Running Selected Tests of -test/README.md](test/README.md#running-selected-tests). - -Troubleshooting -=============== - -Configuration Problems ----------------------- - -### Selecting the correct target - -The `./Configure` script tries hard to guess your operating system, but in some -cases it does not succeed. You will see a message like the following: - - $ ./Configure - Operating system: x86-whatever-minix - This system (minix) is not supported. See file INSTALL.md for details. - -Even if the automatic target selection by the `./Configure` script fails, -chances are that you still might find a suitable target in the `Configurations` -directory, which you can supply to the `./Configure` command, -possibly after some adjustment. - -The `Configurations/` directory contains a lot of examples of such targets. -The main configuration file is [10-main.conf], which contains all targets that -are officially supported by the OpenSSL team. Other configuration files contain -targets contributed by other OpenSSL users. The list of targets can be found in -a Perl list `my %targets = ( ... )`. - - my %targets = ( - ... - "target-name" => { - inherit_from => [ "base-target" ], - CC => "...", - cflags => add("..."), - asm_arch => '...', - perlasm_scheme => "...", - }, - ... - ) - -If you call `./Configure` without arguments, it will give you a list of all -known targets. Using `grep`, you can lookup the target definition in the -`Configurations/` directory. For example the `android-x86_64` can be found in -[Configurations/15-android.conf](Configurations/15-android.conf). - -The directory contains two README files, which explain the general syntax and -design of the configuration files. - - - [Configurations/README.md](Configurations/README.md) - - [Configurations/README-design.md](Configurations/README-design.md) - -If you need further help, try to search the [openssl-users] mailing list -or the [GitHub Issues] for existing solutions. If you don't find anything, -you can [raise an issue] to ask a question yourself. - -More about our support resources can be found in the [SUPPORT] file. - -### Configuration Errors - -If the `./Configure` or `./Configure` command fails with an error message, -read the error message carefully and try to figure out whether you made -a mistake (e.g., by providing a wrong option), or whether the script is -working incorrectly. If you think you encountered a bug, please -[raise an issue] on GitHub to file a bug report. - -Along with a short description of the bug, please provide the complete -configure command line and the relevant output including the error message. - -Note: To make the output readable, pleace add a 'code fence' (three backquotes -` ``` ` on a separate line) before and after your output: - - ``` - ./Configure [your arguments...] - - [output...] - - ``` - -Build Failures --------------- - -If the build fails, look carefully at the output. Try to locate and understand -the error message. It might be that the compiler is already telling you -exactly what you need to do to fix your problem. - -There may be reasons for the failure that aren't problems in OpenSSL itself, -for example if the compiler reports missing standard or third party headers. - -If the build succeeded previously, but fails after a source or configuration -change, it might be helpful to clean the build tree before attempting another -build. Use this command: - - $ make clean # Unix - $ mms clean ! (or mmk) OpenVMS - $ nmake clean # Windows - -Assembler error messages can sometimes be sidestepped by using the `no-asm` -configuration option. See also [notes](#notes-on-assembler-modules-compilation). - -Compiling parts of OpenSSL with gcc and others with the system compiler will -result in unresolved symbols on some systems. - -If you are still having problems, try to search the [openssl-users] mailing -list or the [GitHub Issues] for existing solutions. If you think you -encountered an OpenSSL bug, please [raise an issue] to file a bug report. -Please take the time to review the existing issues first; maybe the bug was -already reported or has already been fixed. - -Test Failures -------------- - -If some tests fail, look at the output. There may be reasons for the failure -that isn't a problem in OpenSSL itself (like an OS malfunction or a Perl issue). - -You may want increased verbosity, that can be accomplished as described in -section [Test Failures of test/README.md](test/README.md#test-failures). - -You may also want to selectively specify which test(s) to perform. This can be -done using the `make` variable `TESTS` as described in section [Running -Selected Tests of test/README.md](test/README.md#running-selected-tests). - -If you find a problem with OpenSSL itself, try removing any -compiler optimization flags from the `CFLAGS` line in the Makefile and -run `make clean; make` or corresponding. - -To report a bug please open an issue on GitHub, at -. - -Notes -===== - -Notes on multi-threading ------------------------- - -For some systems, the OpenSSL `Configure` script knows what compiler options -are needed to generate a library that is suitable for multi-threaded -applications. On these systems, support for multi-threading is enabled -by default; use the `no-threads` option to disable (this should never be -necessary). - -On other systems, to enable support for multi-threading, you will have -to specify at least two options: `threads`, and a system-dependent option. -(The latter is `-D_REENTRANT` on various systems.) The default in this -case, obviously, is not to include support for multi-threading (but -you can still use `no-threads` to suppress an annoying warning message -from the `Configure` script.) - -OpenSSL provides built-in support for two threading models: pthreads (found on -most UNIX/Linux systems), and Windows threads. No other threading models are -supported. If your platform does not provide pthreads or Windows threads then -you should use `Configure` with the `no-threads` option. - -For pthreads, all locks are non-recursive. In addition, in a debug build, -the mutex attribute `PTHREAD_MUTEX_ERRORCHECK` is used. If this is not -available on your platform, you might have to add -`-DOPENSSL_NO_MUTEX_ERRORCHECK` to your `Configure` invocation. -(On Linux `PTHREAD_MUTEX_ERRORCHECK` is an enum value, so a built-in -ifdef test cannot be used.) - -Notes on shared libraries -------------------------- - -For most systems the OpenSSL `Configure` script knows what is needed to -build shared libraries for libcrypto and libssl. On these systems -the shared libraries will be created by default. This can be suppressed and -only static libraries created by using the `no-shared` option. On systems -where OpenSSL does not know how to build shared libraries the `no-shared` -option will be forced and only static libraries will be created. - -Shared libraries are named a little differently on different platforms. -One way or another, they all have the major OpenSSL version number as -part of the file name, i.e. for OpenSSL 1.1.x, `1.1` is somehow part of -the name. - -On most POSIX platforms, shared libraries are named `libcrypto.so.1.1` -and `libssl.so.1.1`. - -on Cygwin, shared libraries are named `cygcrypto-1.1.dll` and `cygssl-1.1.dll` -with import libraries `libcrypto.dll.a` and `libssl.dll.a`. - -On Windows build with MSVC or using MingW, shared libraries are named -`libcrypto-1_1.dll` and `libssl-1_1.dll` for 32-bit Windows, -`libcrypto-1_1-x64.dll` and `libssl-1_1-x64.dll` for 64-bit x86_64 Windows, -and `libcrypto-1_1-ia64.dll` and `libssl-1_1-ia64.dll` for IA64 Windows. -With MSVC, the import libraries are named `libcrypto.lib` and `libssl.lib`, -while with MingW, they are named `libcrypto.dll.a` and `libssl.dll.a`. - -On VMS, shareable images (VMS speak for shared libraries) are named -`ossl$libcrypto0101_shr.exe` and `ossl$libssl0101_shr.exe`. However, when -OpenSSL is specifically built for 32-bit pointers, the shareable images -are named `ossl$libcrypto0101_shr32.exe` and `ossl$libssl0101_shr32.exe` -instead, and when built for 64-bit pointers, they are named -`ossl$libcrypto0101_shr64.exe` and `ossl$libssl0101_shr64.exe`. - -Notes on random number generation ---------------------------------- - -Availability of cryptographically secure random numbers is required for -secret key generation. OpenSSL provides several options to seed the -internal CSPRNG. If not properly seeded, the internal CSPRNG will refuse -to deliver random bytes and a "PRNG not seeded error" will occur. - -The seeding method can be configured using the `--with-rand-seed` option, -which can be used to specify a comma separated list of seed methods. -However, in most cases OpenSSL will choose a suitable default method, -so it is not necessary to explicitly provide this option. Note also -that not all methods are available on all platforms. The FIPS provider will -silently ignore seed sources that were not validated. - -I) On operating systems which provide a suitable randomness source (in -form of a system call or system device), OpenSSL will use the optimal -available method to seed the CSPRNG from the operating system's -randomness sources. This corresponds to the option `--with-rand-seed=os`. - -II) On systems without such a suitable randomness source, automatic seeding -and reseeding is disabled (`--with-rand-seed=none`) and it may be necessary -to install additional support software to obtain a random seed and reseed -the CSPRNG manually. Please check out the manual pages for `RAND_add()`, -`RAND_bytes()`, `RAND_egd()`, and the FAQ for more information. - -Notes on assembler modules compilation --------------------------------------- - -Compilation of some code paths in assembler modules might depend on whether the -current assembler version supports certain ISA extensions or not. Code paths -that use the AES-NI, PCLMULQDQ, SSSE3, and SHA extensions are always assembled. -Apart from that, the minimum requirements for the assembler versions are shown -in the table below: - -| ISA extension | GNU as | nasm | llvm | -|---------------|--------|--------|---------| -| AVX | 2.19 | 2.09 | 3.0 | -| AVX2 | 2.22 | 2.10 | 3.1 | -| ADCX/ADOX | 2.23 | 2.10 | 3.3 | -| AVX512 | 2.25 | 2.11.8 | 3.6 (*) | -| AVX512IFMA | 2.26 | 2.11.8 | 6.0 (*) | -| VAES | 2.30 | 2.13.3 | 6.0 (*) | - ---- - -(*) Even though AVX512 support was implemented in llvm 3.6, prior to version 7.0 -an explicit -march flag was apparently required to compile assembly modules. But -then the compiler generates processor-specific code, which in turn contradicts -the idea of performing dispatch at run-time, which is facilitated by the special -variable `OPENSSL_ia32cap`. For versions older than 7.0, it is possible to work -around the problem by forcing the build procedure to use the following script: - - #!/bin/sh - exec clang -no-integrated-as "$@" - -instead of the real clang. In which case it doesn't matter what clang version -is used, as it is the version of the GNU assembler that will be checked. - ---- - - - -[openssl-users]: - - -[SUPPORT]: - ./SUPPORT.md - -[GitHub Issues]: - - -[raise an issue]: - - -[10-main.conf]: - Configurations/10-main.conf diff --git a/LICENSE.txt b/LICENSE.txt deleted file mode 100644 index 49cc83d2ee29d13453188217f0e4edd70c7f842f..0000000000000000000000000000000000000000 --- a/LICENSE.txt +++ /dev/null @@ -1,177 +0,0 @@ - - Apache License - Version 2.0, January 2004 - https://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS diff --git a/NOTES-ANDROID.md b/NOTES-ANDROID.md deleted file mode 100644 index eebf03a4c496a0692be1169c09c955ee824e7654..0000000000000000000000000000000000000000 --- a/NOTES-ANDROID.md +++ /dev/null @@ -1,90 +0,0 @@ -Notes for Android platforms -=========================== - - Requirement details - ------------------- - - Beside basic tools like perl and make you'll need to download the Android - NDK. It's available for Linux, macOS and Windows, but only Linux - version was actually tested. There is no reason to believe that macOS - wouldn't work. And as for Windows, it's unclear which "shell" would be - suitable, MSYS2 might have best chances. NDK version should play lesser - role, the goal is to support a range of most recent versions. - - Configuration - ------------- - - Android is a cross-compiled target and you can't rely on `./Configure` - to find out the configuration target for you. You have to name your - target explicitly; there are `android-arm`, `android-arm64`, `android-mips`, - `android-mip64`, `android-x86` and `android-x86_64` (`*MIPS` targets are no - longer supported with NDK R20+). - - Do not pass --cross-compile-prefix (as you might be tempted), as it - will be "calculated" automatically based on chosen platform. However, - you still need to know the prefix to extend your PATH, in order to - invoke `$(CROSS_COMPILE)clang` [`*gcc` on NDK 19 and lower] and company. - (`./Configure` will fail and give you a hint if you get it wrong.) - - Apart from `PATH` adjustment you need to set `ANDROID_NDK_ROOT` environment - to point at the `NDK` directory. If you're using a side-by-side NDK the path - will look something like `/some/where/android-sdk/ndk/`, and for a - standalone NDK the path will be something like `/some/where/android-ndk-`. - Both variables are significant at both configuration and compilation times. - The NDK customarily supports multiple Android API levels, e.g. `android-14`, - `android-21`, etc. By default latest API level is chosen. If you need to target - an older platform pass the argument `-D__ANDROID_API__=N` to `Configure`, - with `N` being the numerical value of the target platform version. For example, - to compile for Android 10 arm64 with a side-by-side NDK r20.0.5594570 - - export ANDROID_NDK_ROOT=/home/whoever/Android/android-sdk/ndk/20.0.5594570 - PATH=$ANDROID_NDK_ROOT/toolchains/llvm/prebuilt/linux-x86_64/bin:$ANDROID_NDK_ROOT/toolchains/arm-linux-androideabi-4.9/prebuilt/linux-x86_64/bin:$PATH - ./Configure android-arm64 -D__ANDROID_API__=29 - make - - Older versions of the NDK have GCC under their common prebuilt tools - directory, so the bin path will be slightly different. EG: to compile - for ICS on ARM with NDK 10d: - - export ANDROID_NDK_ROOT=/some/where/android-ndk-10d - PATH=$ANDROID_NDK_ROOT/toolchains/arm-linux-androideabi-4.8/prebuilt/linux-x86_64/bin:$PATH - ./Configure android-arm -D__ANDROID_API__=14 - make - - Caveat lector! Earlier OpenSSL versions relied on additional `CROSS_SYSROOT` - variable set to `$ANDROID_NDK_ROOT/platforms/android-/arch-` to - appoint headers-n-libraries' location. It's still recognized in order - to facilitate migration from older projects. However, since API level - appears in `CROSS_SYSROOT` value, passing `-D__ANDROID_API__=N` can be in - conflict, and mixing the two is therefore not supported. Migration to - `CROSS_SYSROOT`-less setup is recommended. - - One can engage clang by adjusting PATH to cover same NDK's clang. Just - keep in mind that if you miss it, Configure will try to use gcc... - Also, PATH would need even further adjustment to cover unprefixed, yet - target-specific, ar and ranlib. It's possible that you don't need to - bother, if binutils-multiarch is installed on your Linux system. - - Another option is to create so called "standalone toolchain" tailored - for single specific platform including Android API level, and assign its - location to `ANDROID_NDK_ROOT`. In such case you have to pass matching - target name to Configure and shouldn't use `-D__ANDROID_API__=N`. `PATH` - adjustment becomes simpler, `$ANDROID_NDK_ROOT/bin:$PATH` suffices. - - Running tests (on Linux) - ------------------------ - - This is not actually supported. Notes are meant rather as inspiration. - - Even though build output targets alien system, it's possible to execute - test suite on Linux system by employing qemu-user. The trick is static - linking. Pass -static to Configure, then edit generated Makefile and - remove occurrences of -ldl and -pie flags. You would also need to pick - API version that comes with usable static libraries, 42/2=21 used to - work. Once built, you should be able to - - env EXE_SHELL=qemu- make test - - If you need to pass additional flag to qemu, quotes are your friend, e.g. - - env EXE_SHELL="qemu-mips64el -cpu MIPS64R6-generic" make test diff --git a/NOTES-DJGPP.md b/NOTES-DJGPP.md deleted file mode 100644 index 0b23c48370b330563fbce262c57a07d79a8df5cc..0000000000000000000000000000000000000000 --- a/NOTES-DJGPP.md +++ /dev/null @@ -1,46 +0,0 @@ -Notes for the DOS platform with DJGPP -===================================== - - OpenSSL has been ported to DJGPP, a Unix look-alike 32-bit run-time - environment for 16-bit DOS, but only with long filename support. - If you wish to compile on native DOS with 8+3 filenames, you will - have to tweak the installation yourself, including renaming files - with illegal or duplicate names. - - You should have a full DJGPP environment installed, including the - latest versions of DJGPP, GCC, BINUTILS, BASH, etc. This package - requires that PERL and the PERL module `Text::Template` also be - installed (see [NOTES-PERL.md](NOTES-PERL.md)). - - All of these can be obtained from the usual DJGPP mirror sites or - directly at . For help on which - files to download, see the DJGPP "ZIP PICKER" page at - . You also need to have - the WATT-32 networking package installed before you try to compile - OpenSSL. This can be obtained from . - The Makefile assumes that the WATT-32 code is in the directory - specified by the environment variable WATT_ROOT. If you have watt-32 - in directory `watt32` under your main DJGPP directory, specify - `WATT_ROOT="/dev/env/DJDIR/watt32"`. - - To compile OpenSSL, start your BASH shell, then configure for DJGPP by - running `./Configure` with appropriate arguments: - - ./Configure no-threads --prefix=/dev/env/DJDIR DJGPP - - And finally fire up `make`. You may run out of DPMI selectors when - running in a DOS box under Windows. If so, just close the BASH - shell, go back to Windows, and restart BASH. Then run `make` again. - - RUN-TIME CAVEAT LECTOR - -------------- - - Quoting FAQ: - - "Cryptographic software needs a source of unpredictable data to work - correctly. Many open source operating systems provide a "randomness - device" (`/dev/urandom` or `/dev/random`) that serves this purpose." - - As of version 0.9.7f DJGPP port checks upon `/dev/urandom$` for a 3rd - party "randomness" DOS driver. One such driver, `NOISE.SYS`, can be - obtained from . diff --git a/NOTES-NONSTOP.md b/NOTES-NONSTOP.md deleted file mode 100644 index 586fbabef00f0401b6ce30833ec150e5f514c57c..0000000000000000000000000000000000000000 --- a/NOTES-NONSTOP.md +++ /dev/null @@ -1,242 +0,0 @@ -NOTES FOR THE HPE NONSTOP PLATFORM -============================== - -Requirement details -------------------- - -In addition to the requirements and instructions listed -in [INSTALL.md](INSTALL.md), the following are required as well: - - * The TNS/X platform supports hardware randomization. - Specify the `--with-rand-seed=rdcpu` option to the `./Configure` script. - This is recommended but not required. `egd` is supported at 3.0 but cannot - be used if FIPS is selected. - * The TNS/E platform does not support hardware randomization, so - specify the `--with-rand-seed=egd` option to the `./Configure` script. - -About c99 compiler ------------------- - -The c99 compiler is required for building OpenSSL from source. While c11 -may work, it has not been broadly tested. c99 is the only compiler -prerequisite needed to build OpenSSL 3.0 on this platform. You should also -have the FLOSS package installed on your system. The ITUGLIB FLOSS package -is the only FLOSS variant that has been broadly tested. - -Threading Models ----------------- - -OpenSSL can be built using unthreaded, POSIX User Threads (PUT), or Standard -POSIX Threads (SPT). Select the following build configuration for each on -the TNS/X (L-Series) platform: - - * `nonstop-nsx` or default will select an unthreaded build. - * `nonstop-nsx_put` selects the PUT build. - * `nonstop-nsx_64_put` selects the 64 bit file length PUT build. - * `nonstop-nsx_spt_floss` selects the SPT build with FLOSS. FLOSS is - required for SPT builds because of a known hang when using SPT on its own. - -### TNS/E Considerations - -The TNS/E platform is build using the same set of builds specifying `nse` -instead of `nsx` in the set above. - -You cannot build for TNS/E for FIPS, so you must specify the `no-fips` -option to `./Configure`. - -About Prefix and OpenSSLDir ---------------------------- - -Because there are many potential builds that must co-exist on any given -NonStop node, managing the location of your build distribution is crucial. -Keep each destination separate and distinct. Mixing any mode described in -this document can cause application instability. The recommended approach -is to specify the OpenSSL version and threading model in your configuration -options, and keeping your memory and float options consistent, for example: - - * For 1.1 `--prefix=/usr/local-ssl1.1 --openssldir=/usr/local-ssl1.1/ssl` - * For 1.1 PUT `--prefix=/usr/local-ssl1.1_put --openssldir=/usr/local-ssl1.1_put/ssl` - -As of 3.0, the NonStop configurations use the multilib attribute to distinguish -between different models: - - * For 3.0 `--prefix=/usr/local-ssl3.0 --openssldir=/usr/local-ssl3.0/ssl` - -The PUT model is placed in `${prefix}/lib-put` for 32-bit models and -`${prefix}/lib64-put` for 64-bit models. - -Use the `_RLD_LIB_PATH` environment variable in OSS to select the appropriate -directory containing `libcrypto.so` and `libssl.so`. In GUARDIAN, use the -`=_RLD_LIB_PATH` search define to locate the GUARDIAN subvolume where OpenSSL -is installed. - -Float Considerations --------------------- - -OpenSSL is built using IEEE Float mode by default. If you need a different -IEEE mode, create a new configuration specifying `tfloat-x86-64` (for Tandem -Float) or `nfloat-x86-64` (for Neutral Float). - -Memory Models -------------- - -The current OpenSSL default memory model uses the default platform address -model. If you need a different address model, you must specify the appropriate -c99 options for compile (`CFLAGS`) and linkers (`LDFLAGS`). - -Cross Compiling on Windows --------------------------- - -To configure and compile OpenSSL, you will need to set up a Cygwin environment. -The Cygwin tools should include bash, make, and any other normal tools required -for building programs. - -Your `PATH` must include the bin directory for the c99 cross-compiler, as in: - - export PATH=/cygdrive/c/Program\ Files\ \(x86\)/HPE\ NonStop/L16.05/usr/bin:$PATH - -This should be set before Configure is run. For the c99 cross-compiler to work -correctly, you also need the `COMP_ROOT` set, as in: - - export COMP_ROOT="C:\Program Files (x86)\HPE NonStop\L16.05" - -`COMP_ROOT` needs to be in Windows form. - -`Configure` must specify the `no-makedepend` option otherwise errors will -result when running the build because the c99 cross-compiler does not support -the `gcc -MT` option. An example of a `Configure` command to be run from the -OpenSSL directory is: - - ./Configure nonstop-nsx_64 no-makedepend --with-rand-seed=rdcpu - -Do not forget to include any OpenSSL cross-compiling prefix and certificate -options when creating your libraries. - -The OpenSSL test suite will not run on your workstation. In order to verify the -build, you will need to perform the build and test steps in OSS in your NonStop -server. You can also build under gcc and run the test suite for Windows but that -is not equivalent. - -**Note:** In the event that you are attempting a FIPS-compliant cross-compile, -be aware that signatures may not match between builds done under OSS and under -cross-compiles as the compilers do not necessarily generate identical objects. -Anything and everything to do with FIPS is outside the scope of this document. -Refer to the FIPS security policy for more information. - -The following build configurations have been successfully attempted at one -point or another. If you are successful in your cross-compile efforts, please -update this list: - -- nonstop-nsx_64 -- nonstop-nsx_64_put - -**Note:** Cross-compile builds for TNS/E have not been attempted, but should -follow the same considerations as for TNS/X above. SPT builds generally require -FLOSS, which is not available for workstation builds. As a result, SPT builds -of OpenSSL cannot be cross-compiled. - -Also see the NSDEE discussion below for more historical information. - -Cross Compiling with NSDEE --------------------------- - -**Note:** None of these builds have been tested by the platform maintainer and -are supplied for historical value. Please submit a Pull Request to OpenSSL -should these need to be adjusted. - -If you are attempting to build OpenSSL with NSDEE, you will need to specify -the following variables. The following set of compiler defines are required: - - # COMP_ROOT must be a full path for the build system (e.g. windows) - COMP_ROOT=$(cygpath -w /path/to/comp_root) - # CC must be executable by your shell - CC=/path/to/c99 - -### Optional Build Variables - - DBGFLAG="--debug" - CIPHENABLES="enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers enable-rc4" - -### Internal Known TNS/X to TNS/E Cross Compile Variables - -The following definition is required if you are building on TNS/X for TNS/E -and have access to a TNS/E machine on your EXPAND network - with an example -node named `\CS3`: - - SYSTEMLIBS="-L/E/cs3/usr/local/lib" - -Version Procedure (VPROC) Considerations ----------------------------------------- - -If you require a VPROC entry for platform version identification, use the -following variables: - -### For Itanium - - OPENSSL_VPROC_PREFIX=T0085H06 - -### For x86 - - OPENSSL_VPROC_PREFIX=T0085L01 - -### Common Definition - - export OPENSSL_VPROC=${OPENSSL_VPROC_PREFIX}_$( - . VERSION.dat - if [ -n "$PRE_RELEASE_TAG" ]; then - PRE_RELEASE_TAG="-$PRE_RELEASE_TAG" - fi - echo "$MAJOR.$MINOR.$PATCH$PRE_RELEASE_TAG$BUILD_METADATA" |\ - sed -e 's/[-.+]/_/g' - ) - -Example Configure Targets -------------------------- - -For OSS targets, the main DLL names will be `libssl.so` and `libcrypto.so`. -For GUARDIAN targets, DLL names will be `ssl` and `crypto`. The following -assumes that your PWD is set according to your installation standards. - - ./Configure nonstop-nsx --prefix=${PWD} \ - --openssldir=${PWD}/ssl no-threads \ - --with-rand-seed=rdcpu ${CIPHENABLES} ${DBGFLAG} ${SYSTEMLIBS} - ./Configure nonstop-nsx_g --prefix=${PWD} \ - --openssldir=${PWD}/ssl no-threads \ - --with-rand-seed=rdcpu ${CIPHENABLES} ${DBGFLAG} ${SYSTEMLIBS} - ./Configure nonstop-nsx_put --prefix=${PWD} \ - --openssldir=${PWD}/ssl threads "-D_REENTRANT" \ - --with-rand-seed=rdcpu ${CIPHENABLES} ${DBGFLAG} ${SYSTEMLIBS} - ./Configure nonstop-nsx_spt_floss --prefix=${PWD} \ - --openssldir=${PWD}/ssl threads "-D_REENTRANT" \ - --with-rand-seed=rdcpu ${CIPHENABLES} ${DBGFLAG} ${SYSTEMLIBS} - ./Configure nonstop-nsx_64 --prefix=${PWD} \ - --openssldir=${PWD}/ssl no-threads \ - --with-rand-seed=rdcpu ${CIPHENABLES} ${DBGFLAG} ${SYSTEMLIBS} - ./Configure nonstop-nsx_64_put --prefix=${PWD} \ - --openssldir=${PWD}/ssl threads "-D_REENTRANT" \ - --with-rand-seed=rdcpu ${CIPHENABLES} ${DBGFLAG} ${SYSTEMLIBS} - ./Configure nonstop-nsx_g_tandem --prefix=${PWD} \ - --openssldir=${PWD}/ssl no-threads \ - --with-rand-seed=rdcpu ${CIPHENABLES} ${DBGFLAG} ${SYSTEMLIBS} - - ./Configure nonstop-nse --prefix=${PWD} \ - --openssldir=${PWD}/ssl no-threads \ - --with-rand-seed=egd ${CIPHENABLES} ${DBGFLAG} ${SYSTEMLIBS} - ./Configure nonstop-nse_g --prefix=${PWD} \ - --openssldir=${PWD}/ssl no-threads \ - --with-rand-seed=egd ${CIPHENABLES} ${DBGFLAG} ${SYSTEMLIBS} - ./Configure nonstop-nse_put --prefix=${PWD} \ - --openssldir=${PWD}/ssl threads "-D_REENTRANT" \ - --with-rand-seed=egd ${CIPHENABLES} ${DBGFLAG} ${SYSTEMLIBS} - ./Configure nonstop-nse_spt_floss --prefix=${PWD} \ - --openssldir=${PWD}/ssl threads "-D_REENTRANT" \ - --with-rand-seed=egd ${CIPHENABLES} ${DBGFLAG} ${SYSTEMLIBS} - ./Configure nonstop-nse_64 --prefix=${PWD} \ - --openssldir=${PWD}/ssl no-threads \ - --with-rand-seed=egd ${CIPHENABLES} ${DBGFLAG} ${SYSTEMLIBS} - ./Configure nonstop-nse_64_put --prefix=${PWD} \ - --openssldir=${PWD}/ssl threads "-D_REENTRANT" - --with-rand-seed=egd ${CIPHENABLES} ${DBGFLAG} ${SYSTEMLIBS} - ./Configure nonstop-nse_g_tandem --prefix=${PWD} \ - --openssldir=${PWD}/ssl no-threads \ - --with-rand-seed=egd ${CIPHENABLES} ${DBGFLAG} ${SYSTEMLIBS} diff --git a/NOTES-PERL.md b/NOTES-PERL.md deleted file mode 100644 index b7fc83fc7d75a027046771fe152197d17f24b911..0000000000000000000000000000000000000000 --- a/NOTES-PERL.md +++ /dev/null @@ -1,127 +0,0 @@ -Notes on Perl -============= - - - [General Notes](#general-notes) - - [Perl on Windows](#perl-on-windows) - - [Perl on VMS](#perl-on-vms) - - [Perl on NonStop](#perl-on-nonstop) - - [Required Perl modules](#required-perl-modules) - - [Notes on installing a Perl module](#notes-on-installing-a-perl-module]) - -General Notes -------------- - -For our scripts, we rely quite a bit on Perl, and increasingly on -some core Perl modules. These Perl modules are part of the Perl -source, so if you build Perl on your own, you should be set. - -However, if you install Perl as binary packages, the outcome might -differ, and you may have to check that you do get the core modules -installed properly. We do not claim to know them all, but experience -has told us the following: - - - on Linux distributions based on Debian, the package `perl` will - install the core Perl modules as well, so you will be fine. - - on Linux distributions based on RPMs, you will need to install - `perl-core` rather than just `perl`. - -You MUST have at least Perl version 5.10.0 installed. This minimum -requirement is due to our use of regexp backslash sequence \R among -other features that didn't exist in core Perl before that version. - -Perl on Windows ---------------- - -There are a number of build targets that can be viewed as "Windows". -Indeed, there are `VC-*` configs targeting VisualStudio C, as well as -MinGW and Cygwin. The key recommendation is to use a Perl installation -that matches the build environment. For example, if you will build -on Cygwin be sure to use the Cygwin package manager to install Perl. -For MSYS builds use the MSYS provided Perl. -For VC-* builds we recommend Strawberry Perl, from . -An alternative is ActiveState Perl, from -for which you may need to explicitly select the Perl module Win32/Console.pm -available via . - -Perl on VMS ------------ - -You will need to install Perl separately. One way to do so is to -download the source from , unpacking it, reading -`README-VMS.md` and follow the instructions. Another way is to download a -`.PCSI` file from and install it using the -POLYCENTER install tool. - -Perl on NonStop ---------------- - -Perl is installed on HPE NonStop platforms as part of the Scripting Languages -package T1203PAX file. The package is shipped as part of a NonStop RVU -(Release Version Updates) package. Individual SPRs (Software Product Release) -representing fixes can be obtained from the Scout website at -. Follow the appropriate set of installation -instructions for your operating system release as described in the -Script Language User Guide available from the NonStop Technical Library. - -Required Perl modules ---------------------- - -We do our best to limit ourselves to core Perl modules to keep the -requirements down. There are just a few exceptions. - - * Text::Template this is required *for building* - - To avoid unnecessary initial hurdles, we include a copy of this module - in the source. It will work as a fallback if the module isn't already - installed. - - * `Test::More` this is required *for testing* - - We require the minimum version to be 0.96, which appeared in Perl 5.13.4, - because that version was the first to have all the features we're using. - This module is required for testing only! If you don't plan on running - the tests, you don't need to bother with this one. - -Notes on installing a Perl module ---------------------------------- - -There are a number of ways to install a perl module. In all -descriptions below, `Text::Template` will serve as an example. - -1. for Linux users, the easiest is to install with the use of your - favorite package manager. Usually, all you need to do is search - for the module name and to install the package that comes up. - - On Debian based Linux distributions, it would go like this: - - $ apt-cache search Text::Template - ... - libtext-template-perl - perl module to process text templates - $ sudo apt-get install libtext-template-perl - - Perl modules in Debian based distributions use package names like - the name of the module in question, with "lib" prepended and - "-perl" appended. - -2. Install using CPAN. This is very easy, but usually requires root - access: - - $ cpan -i Text::Template - - Note that this runs all the tests that the module to be installed - comes with. This is usually a smooth operation, but there are - platforms where a failure is indicated even though the actual tests - were successful. Should that happen, you can force an - installation regardless (that should be safe since you've already - seen the tests succeed!): - - $ cpan -f -i Text::Template - - Note: on VMS, you must quote any argument that contains upper case - characters, so the lines above would be: - - $ cpan -i "Text::Template" - - and: - - $ cpan -f -i "Text::Template" diff --git a/NOTES-UNIX.md b/NOTES-UNIX.md deleted file mode 100644 index 293793b60559f39ee69b2b8c4446199a9ce30133..0000000000000000000000000000000000000000 --- a/NOTES-UNIX.md +++ /dev/null @@ -1,115 +0,0 @@ -Notes for UNIX-like platforms -============================= - - For Unix/POSIX runtime systems on Windows, - please see the [Notes for Windows platforms](NOTES-WINDOWS.md). - - OpenSSL uses the compiler to link programs and shared libraries - --------------------------------------------------------------- - - OpenSSL's generated Makefile uses the C compiler command line to - link programs, shared libraries and dynamically loadable shared - objects. Because of this, any linking option that's given to the - configuration scripts MUST be in a form that the compiler can accept. - This varies between systems, where some have compilers that accept - linker flags directly, while others take them in `-Wl,` form. You need - to read your compiler documentation to figure out what is acceptable, - and `ld(1)` to figure out what linker options are available. - - Shared libraries and installation in non-default locations - ---------------------------------------------------------- - - Every Unix system has its own set of default locations for shared - libraries, such as `/lib`, `/usr/lib` or possibly `/usr/local/lib`. If - libraries are installed in non-default locations, dynamically linked - binaries will not find them and therefore fail to run, unless they get - a bit of help from a defined runtime shared library search path. - - For OpenSSL's application (the `openssl` command), our configuration - scripts do NOT generally set the runtime shared library search path for - you. It's therefore advisable to set it explicitly when configuring, - unless the libraries are to be installed in directories that you know - to be in the default list. - - Runtime shared library search paths are specified with different - linking options depending on operating system and versions thereof, and - are talked about differently in their respective documentation; - variations of RPATH are the most usual (note: ELF systems have two such - tags, more on that below). - - Possible options to set the runtime shared library search path include - the following: - - -Wl,-rpath,/whatever/path # Linux, *BSD, etc. - -R /whatever/path # Solaris - -Wl,-R,/whatever/path # AIX (-bsvr4 is passed internally) - -Wl,+b,/whatever/path # HP-UX - -rpath /whatever/path # Tru64, IRIX - - OpenSSL's configuration scripts recognise all these options and pass - them to the Makefile that they build. (In fact, all arguments starting - with `-Wl,` are recognised as linker options.) - Please note that 'l' in '-Wl' is lowercase L and not 1. - - Please do not use verbatim directories in your runtime shared library - search path! Some OpenSSL config targets add an extra directory level - for multilib installations. To help with that, the produced Makefile - includes the variable LIBRPATH, which is a convenience variable to be - used with the runtime shared library search path options, as shown in - this example: - - $ ./Configure --prefix=/usr/local/ssl --openssldir=/usr/local/ssl \ - '-Wl,-rpath,$(LIBRPATH)' - - On modern ELF based systems, there are two runtime search paths tags to - consider, `DT_RPATH` and `DT_RUNPATH`. Shared objects are searched for in - this order: - - 1. Using directories specified in DT_RPATH, unless DT_RUNPATH is also set. - 2. Using the environment variable LD_LIBRARY_PATH - 3. Using directories specified in DT_RUNPATH. - 4. Using system shared object caches and default directories. - - This means that the values in the environment variable `LD_LIBRARY_PATH` - won't matter if the library is found in the paths given by `DT_RPATH` - (and `DT_RUNPATH` isn't set). - - Exactly which of `DT_RPATH` or `DT_RUNPATH` is set by default appears to - depend on the system. For example, according to documentation, - `DT_RPATH` appears to be deprecated on Solaris in favor of `DT_RUNPATH`, - while on Debian GNU/Linux, either can be set, and `DT_RPATH` is the - default at the time of writing. - - How to choose which runtime search path tag is to be set depends on - your system, please refer to ld(1) for the exact information on your - system. As an example, the way to ensure the `DT_RUNPATH` is set on - Debian GNU/Linux systems rather than DT_RPATH is to tell the linker to - set new dtags, like this: - - $ ./Configure --prefix=/usr/local/ssl --openssldir=/usr/local/ssl \ - '-Wl,--enable-new-dtags,-rpath,$(LIBRPATH)' - - It might be worth noting that some/most ELF systems implement support - for runtime search path relative to the directory containing current - executable, by interpreting `$ORIGIN` along with some other internal - variables. Consult your system documentation. - - Linking your application - ------------------------ - - Third-party applications dynamically linked with OpenSSL (or any other) - shared library face exactly the same problem with non-default locations. - The OpenSSL config options mentioned above might or might not have bearing - on linking of the target application. "Might" means that under some - circumstances it would be sufficient to link with OpenSSL shared library - "naturally", i.e. with `-L/whatever/path -lssl -lcrypto`. But there are - also cases when you'd have to explicitly specify runtime search path - when linking your application. Consult your system documentation and use - above section as inspiration... - - Shared OpenSSL builds also install static libraries. Linking with the - latter is likely to require special care, because linkers usually look - for shared libraries first and tend to remain "blind" to static OpenSSL - libraries. Referring to system documentation would suffice, if not for - a corner case. On AIX static libraries (in shared build) are named - differently, add `_a` suffix to link with them, e.g. `-lcrypto_a`. diff --git a/NOTES-VALGRIND.md b/NOTES-VALGRIND.md deleted file mode 100644 index 2700324efa36d55bf8955ca96e83a83de27ef8d3..0000000000000000000000000000000000000000 --- a/NOTES-VALGRIND.md +++ /dev/null @@ -1,72 +0,0 @@ -Notes on Valgrind -================= - -Valgrind is a test harness that includes many tools such as memcheck, -which is commonly used to check for memory leaks, etc. The default tool -run by Valgrind is memcheck. There are other tools available, but this -will focus on memcheck. - -Valgrind runs programs in a virtual machine, this means OpenSSL unit -tests run under Valgrind will take longer than normal. - -Requirements ------------- - -1. Platform supported by Valgrind - See -2. Valgrind installed on the platform - See -3. OpenSSL compiled - See [INSTALL.md](INSTALL.md) - -Running Tests -------------- - -Test behavior can be modified by adjusting environment variables. - -`EXE_SHELL` - -This variable is used to specify the shell used to execute OpenSSL test -programs. The default wrapper (`util/wrap.pl`) initializes the environment -to allow programs to find shared libraries. The variable can be modified -to specify a different executable environment. - - EXE_SHELL=\ - "`/bin/pwd`/util/wrap.pl valgrind --error-exitcode=1 --leak-check=full -q" - -This will start up Valgrind with the default checker (`memcheck`). -The `--error-exitcode=1` option specifies that Valgrind should exit with an -error code of 1 when memory leaks occur. -The `--leak-check=full` option specifies extensive memory checking. -The `-q` option prints only error messages. -Additional Valgrind options may be added to the `EXE_SHELL` variable. - -`OPENSSL_ia32cap` - -This variable controls the processor-specific code on Intel processors. -By default, OpenSSL will attempt to figure out the capabilities of a -processor, and use it to its fullest capability. This variable can be -used to control what capabilities OpenSSL uses. - -As of valgrind-3.15.0 on Linux/x86_64, instructions up to AVX2 are -supported. Setting the following disables instructions beyond AVX2: - -`OPENSSL_ia32cap=":0"` - -This variable may need to be set to something different based on the -processor and Valgrind version you are running tests on. More information -may be found in [doc/man3/OPENSSL_ia32cap.pod](doc/man3/OPENSSL_ia32cap.pod). - -Additional variables (such as `VERBOSE` and `TESTS`) are described in the -file [test/README.md](test/README.md). - -Example command line: - - $ make test EXE_SHELL="`/bin/pwd`/util/wrap.pl valgrind --error-exitcode=1 \ - --leak-check=full -q" OPENSSL_ia32cap=":0" - -If an error occurs, you can then run the specific test via the `TESTS` variable -with the `VERBOSE` or `VF` or `VFP` options to gather additional information. - - $ make test VERBOSE=1 TESTS=test_test EXE_SHELL="`/bin/pwd`/util/wrap.pl \ - valgrind --error-exitcode=1 --leak-check=full -q" OPENSSL_ia32cap=":0" diff --git a/NOTES-VMS.md b/NOTES-VMS.md deleted file mode 100644 index e27f3d682a2a24554f20970280c949dcebe351be..0000000000000000000000000000000000000000 --- a/NOTES-VMS.md +++ /dev/null @@ -1,115 +0,0 @@ -Notes for the OpenVMS platform -============================== - - - [Requirement details](#requirement-details) - - [About ANSI C compiler](#about-ansi-c-compiler) - - [About ODS-5 directory names and Perl](#about-ods-5-directory-names-and-perl) - - [About MMS and DCL](#about-mms-and-dcl) - - [About debugging](#about-debugging) - - [Checking the distribution](#checking-the-distribution) - -Requirement details -------------------- - -In addition to the requirements and instructions listed -in [INSTALL.md](INSTALL.md), this are required as well: - - * At least ODS-5 disk organization for source and build. - Installation can be done on any existing disk organization. - -About ANSI C compiler ---------------------- - -An ANSI C compiled is needed among other things. This means that -VAX C is not and will not be supported. - -We have only tested with DEC C (aka HP VMS C / VSI C) and require -version 7.1 or later. Compiling with a different ANSI C compiler may -require some work. - -Please avoid using C RTL feature logical names `DECC$*` when building -and testing OpenSSL. Most of all, they can be disruptive when -running the tests, as they affect the Perl interpreter. - -About ODS-5 directory names and Perl ------------------------------------- - -It seems that the perl function canonpath() in the `File::Spec` module -doesn't treat file specifications where the last directory name -contains periods very well. Unfortunately, some versions of VMS tar -will keep the periods in the OpenSSL source directory instead of -converting them to underscore, thereby leaving your source in -something like `[.openssl-1^.1^.0]`. This will lead to issues when -configuring and building OpenSSL. - -We have no replacement for Perl's canonpath(), so the best workaround -for now is to rename the OpenSSL source directory, as follows (please -adjust for the actual source directory name you have): - - $ rename openssl-1^.1^.0.DIR openssl-1_1_0.DIR - -About MMS and DCL ------------------ - -MMS has certain limitations when it comes to line length, and DCL has -certain limitations when it comes to total command length. We do -what we can to mitigate, but there is the possibility that it's not -enough. Should you run into issues, a very simple solution is to set -yourself up a few logical names for the directory trees you're going -to use. - -About debugging ---------------- - -If you build for debugging, the default on VMS is that image -activation starts the debugger automatically, giving you a debug -prompt. Unfortunately, this disrupts all other uses, such as running -test programs in the test framework. - -Generally speaking, if you build for debugging, only use the programs -directly for debugging. Do not try to use them from a script, such -as running the test suite. - -### The following is not available on Alpha - -As a compromise, we're turning off the flag that makes the debugger -start automatically. If there is a program that you need to debug, -you need to turn that flag back on first, for example: - - $ set image /flag=call_debug [.test]evp_test.exe - -Then just run it and you will find yourself in a debugging session. -When done, we recommend that you turn that flag back off: - - $ set image /flag=nocall_debug [.test]evp_test.exe - -Checking the distribution -------------------------- - -There have been reports of places where the distribution didn't quite -get through, for example if you've copied the tree from a NFS-mounted -Unix mount point. - -The easiest way to check if everything got through as it should is to -check that this file exists: - - [.include.openssl]configuration^.h.in - -The best way to get a correct distribution is to download the gzipped -tar file from ftp://ftp.openssl.org/source/, use `GZIP -d` to uncompress -it and `VMSTAR` to unpack the resulting tar file. - -Gzip and VMSTAR are available here: - - - -Should you need it, you can find UnZip for VMS here: - - - - How the value of 'arch' is determined - ------------------------------------- - - 'arch' is mentioned in INSTALL. It's value is determined like this: - - arch = f$edit( f$getsyi( "arch_name"), "upcase") diff --git a/NOTES-WINDOWS.md b/NOTES-WINDOWS.md deleted file mode 100644 index b1d6c4fe13bbe049dcf08313d80027f5a6d58525..0000000000000000000000000000000000000000 --- a/NOTES-WINDOWS.md +++ /dev/null @@ -1,265 +0,0 @@ -Notes for Windows platforms -=========================== - - - [Native builds using Visual C++](#native-builds-using-visual-c++) - - [Native builds using Embarcadero C++Builder]( - #native-builds-using-embarcadero-c++-builder) - - [Native builds using MinGW](#native-builds-using-mingw) - - [Linking native applications](#linking-native-applications) - - [Hosted builds using Cygwin](#hosted-builds-using-cygwin) - -There are various options to build and run OpenSSL on the Windows platforms. - -"Native" OpenSSL uses the Windows APIs directly at run time. -To build a native OpenSSL you can either use: - - Microsoft Visual C++ (MSVC) C compiler on the command line -or - Embarcadero C++Builder -or - MinGW cross compiler - run on the GNU-like development environment MSYS2 - or run on Linux or Cygwin - -"Hosted" OpenSSL relies on an external POSIX compatibility layer -for building (using GNU/Unix shell, compiler, and tools) and at run time. -For this option you can use Cygwin. - -Native builds using Visual C++ -============================== - -The native builds using Visual C++ have a `VC-*` prefix. - -Requirement details -------------------- - -In addition to the requirements and instructions listed in `INSTALL.md`, -these are required as well: - -### Perl - -We recommend Strawberry Perl, available from -Please read NOTES.PERL for more information, including the use of CPAN. -An alternative is ActiveState Perl, -for which you may need to explicitly build the Perl module Win32/Console.pm -via and then download it. - -### Microsoft Visual C compiler. - -Since these are proprietary and ever-changing we cannot test them all. -Older versions may not work. Use a recent version wherever possible. - -### Netwide Assembler (NASM) - -NASM is the only supported assembler. It is available from . - -Quick start ------------ - - 1. Install Perl - - 2. Install NASM - - 3. Make sure both Perl and NASM are on your %PATH% - - 4. Use Visual Studio Developer Command Prompt with administrative privileges, - choosing one of its variants depending on the intended architecture. - Or run `cmd` and execute `vcvarsall.bat` with one of the options `x86`, - `x86_amd64`, `x86_arm`, `x86_arm64`, `amd64`, `amd64_x86`, `amd64_arm`, - or `amd64_arm64`. - This sets up the environment variables needed for `nmake.exe`, `cl.exe`, - etc. - See also - - - 5. From the root of the OpenSSL source directory enter - - `perl Configure VC-WIN32` if you want 32-bit OpenSSL or - - `perl Configure VC-WIN64A` if you want 64-bit OpenSSL or - - `perl Configure VC-WIN64-ARM` if you want Windows on Arm (win-arm64) - OpenSSL or - - `perl Configure` to let Configure figure out the platform - - 6. `nmake` - - 7. `nmake test` - - 8. `nmake install` - -For the full installation instructions, or if anything goes wrong at any stage, -check the INSTALL.md file. - -Installation directories ------------------------- - -The default installation directories are derived from environment -variables. - -For VC-WIN32, the following defaults are use: - - PREFIX: %ProgramFiles(x86)%\OpenSSL - OPENSSLDIR: %CommonProgramFiles(x86)%\SSL - -For VC-WIN64, the following defaults are use: - - PREFIX: %ProgramW6432%\OpenSSL - OPENSSLDIR: %CommonProgramW6432%\SSL - -Should those environment variables not exist (on a pure Win32 -installation for examples), these fallbacks are used: - - PREFIX: %ProgramFiles%\OpenSSL - OPENSSLDIR: %CommonProgramFiles%\SSL - -ALSO NOTE that those directories are usually write protected, even if -your account is in the Administrators group. To work around that, -start the command prompt by right-clicking on it and choosing "Run as -Administrator" before running `nmake install`. The other solution -is, of course, to choose a different set of directories by using -`--prefix` and `--openssldir` when configuring. - -Special notes for Universal Windows Platform builds, aka `VC-*-UWP` -------------------------------------------------------------------- - - - UWP targets only support building the static and dynamic libraries. - - - You should define the platform type to `uwp` and the target arch via - `vcvarsall.bat` before you compile. For example, if you want to build - `arm64` builds, you should run `vcvarsall.bat x86_arm64 uwp`. - -Native builds using Embarcadero C++Builder -========================================= - -This toolchain (a descendant of Turbo/Borland C++) is an alternative to MSVC. -OpenSSL currently includes an experimental 32-bit configuration targeting the -Clang-based compiler (`bcc32c.exe`) in v10.3.3 Community Edition. - - - 1. Install Perl. - - 2. Open the RAD Studio Command Prompt. - - 3. Go to the root of the OpenSSL source directory and run: - `perl Configure BC-32 --prefix=%CD%` - - 4. `make -N` - - 5. `make -N test` - - 6. Build your program against this OpenSSL: - * Set your include search path to the "include" subdirectory of OpenSSL. - * Set your library search path to the OpenSSL source directory. - -Note that this is very experimental. Support for 64-bit and other Configure -options is still pending. - -Native builds using MinGW -========================= - -MinGW offers an alternative way to build native OpenSSL, by cross compilation. - - * Usually the build is done on Windows in a GNU-like environment called MSYS2. - - MSYS2 provides GNU tools, a Unix-like command prompt, - and a UNIX compatibility layer for applications. - However, in this context it is only used for building OpenSSL. - The resulting OpenSSL does not rely on MSYS2 to run and is fully native. - - Requirement details - - - MSYS2 shell, from - - - Perl, at least version 5.10.0, which usually comes pre-installed with MSYS2 - - - make, installed using `pacman -S make` into the MSYS2 environment - - - MinGW[64] compiler: `mingw-w64-i686-gcc` and/or `mingw-w64-x86_64-gcc`. - These compilers must be on your MSYS2 $PATH. - A common error is to not have these on your $PATH. - The MSYS2 version of gcc will not work correctly here. - - In the MSYS2 shell do the configuration depending on the target architecture: - - ./Configure mingw ... - - or - - ./Configure mingw64 ... - - or - - ./Configure ... - - for the default architecture. - - Apart from that, follow the Unix / Linux instructions in `INSTALL.md`. - - * It is also possible to build mingw[64] on Linux or Cygwin. - - In this case configure with the corresponding `--cross-compile-prefix=` - option. For example - - ./Configure mingw --cross-compile-prefix=i686-w64-mingw32- ... - - or - - ./Configure mingw64 --cross-compile-prefix=x86_64-w64-mingw32- ... - - This requires that you've installed the necessary add-on packages for - mingw[64] cross compilation. - -Linking native applications -=========================== - -This section applies to all native builds. - -If you link with static OpenSSL libraries then you're expected to -additionally link your application with `WS2_32.LIB`, `GDI32.LIB`, -`ADVAPI32.LIB`, `CRYPT32.LIB` and `USER32.LIB`. Those developing -non-interactive service applications might feel concerned about -linking with `GDI32.LIB` and `USER32.LIB`, as they are justly associated -with interactive desktop, which is not available to service -processes. The toolkit is designed to detect in which context it's -currently executed, GUI, console app or service, and act accordingly, -namely whether or not to actually make GUI calls. Additionally those -who wish to `/DELAYLOAD:GDI32.DLL` and `/DELAYLOAD:USER32.DLL` and -actually keep them off service process should consider implementing -and exporting from .exe image in question own `_OPENSSL_isservice` not -relying on `USER32.DLL`. E.g., on Windows Vista and later you could: - - __declspec(dllexport) __cdecl BOOL _OPENSSL_isservice(void) - { - DWORD sess; - - if (ProcessIdToSessionId(GetCurrentProcessId(), &sess)) - return sess == 0; - return FALSE; - } - -If you link with OpenSSL .DLLs, then you're expected to include into -your application code a small "shim" snippet, which provides -the glue between the OpenSSL BIO layer and your compiler run-time. -See also the OPENSSL_Applink manual page. - -Hosted builds using Cygwin -========================== - -Cygwin implements a POSIX/Unix runtime system (`cygwin1.dll`) on top of the -Windows subsystem and provides a Bash shell and GNU tools environment. -Consequently, a build of OpenSSL with Cygwin is virtually identical to the -Unix procedure. - -To build OpenSSL using Cygwin, you need to: - - * Install Cygwin, see - - * Install Cygwin Perl, at least version 5.10.0 - and ensure it is in the $PATH - - * Run the Cygwin Bash shell - -Apart from that, follow the Unix / Linux instructions in INSTALL.md. - -NOTE: `make test` and normal file operations may fail in directories -mounted as text (i.e. `mount -t c:\somewhere /home`) due to Cygwin -stripping of carriage returns. To avoid this ensure that a binary -mount is used, e.g. `mount -b c:\somewhere /home`. diff --git a/README-ENGINES.md b/README-ENGINES.md deleted file mode 100644 index 9874276f13205b0ce90365b47194bd2edc85bcb2..0000000000000000000000000000000000000000 --- a/README-ENGINES.md +++ /dev/null @@ -1,316 +0,0 @@ -Engines -======= - -Deprecation Note ----------------- - -The ENGINE API was introduced in OpenSSL version 0.9.6 as a low level -interface for adding alternative implementations of cryptographic -primitives, most notably for integrating hardware crypto devices. - -The ENGINE interface has its limitations and it has been superseeded -by the [PROVIDER API](README-PROVIDERS.md), it is deprecated in OpenSSL -version 3.0. The following documentation is retained as an aid for -users who need to maintain or support existing ENGINE implementations. -Support for new hardware devices or new algorithms should be added -via providers, and existing engines should be converted to providers -as soon as possible. - -Built-in ENGINE implementations -------------------------------- - -There are currently built-in ENGINE implementations for the following -crypto devices: - - * Microsoft CryptoAPI - * VIA Padlock - * nCipher CHIL - -In addition, dynamic binding to external ENGINE implementations is now -provided by a special ENGINE called "dynamic". See the "DYNAMIC ENGINE" -section below for details. - -At this stage, a number of things are still needed and are being worked on: - - 1. Integration of EVP support. - 2. Configuration support. - 3. Documentation! - -Integration of EVP support --------------------------- - -With respect to EVP, this relates to support for ciphers and digests in -the ENGINE model so that alternative implementations of existing -algorithms/modes (or previously unimplemented ones) can be provided by -ENGINE implementations. - -Configuration support ---------------------- - -Configuration support currently exists in the ENGINE API itself, in the -form of "control commands". These allow an application to expose to the -user/admin the set of commands and parameter types a given ENGINE -implementation supports, and for an application to directly feed string -based input to those ENGINEs, in the form of name-value pairs. This is an -extensible way for ENGINEs to define their own "configuration" mechanisms -that are specific to a given ENGINE (eg. for a particular hardware -device) but that should be consistent across *all* OpenSSL-based -applications when they use that ENGINE. Work is in progress (or at least -in planning) for supporting these control commands from the CONF (or -NCONF) code so that applications using OpenSSL's existing configuration -file format can have ENGINE settings specified in much the same way. -Presently however, applications must use the ENGINE API itself to provide -such functionality. To see first hand the types of commands available -with the various compiled-in ENGINEs (see further down for dynamic -ENGINEs), use the "engine" openssl utility with full verbosity, i.e.: - - openssl engine -vvvv - -Documentation -------------- - -Documentation? Volunteers welcome! The source code is reasonably well -self-documenting, but some summaries and usage instructions are needed - -moreover, they are needed in the same POD format the existing OpenSSL -documentation is provided in. Any complete or incomplete contributions -would help make this happen. - -STABILITY & BUG-REPORTS -======================= - -What already exists is fairly stable as far as it has been tested, but -the test base has been a bit small most of the time. For the most part, -the vendors of the devices these ENGINEs support have contributed to the -development and/or testing of the implementations, and *usually* (with no -guarantees) have experience in using the ENGINE support to drive their -devices from common OpenSSL-based applications. Bugs and/or inexplicable -behaviour in using a specific ENGINE implementation should be sent to the -author of that implementation (if it is mentioned in the corresponding C -file), and in the case of implementations for commercial hardware -devices, also through whatever vendor support channels are available. If -none of this is possible, or the problem seems to be something about the -ENGINE API itself (ie. not necessarily specific to a particular ENGINE -implementation) then you should mail complete details to the relevant -OpenSSL mailing list. For a definition of "complete details", refer to -the OpenSSL "README" file. As for which list to send it to: - - * openssl-users: if you are *using* the ENGINE abstraction, either in an - pre-compiled application or in your own application code. - - * openssl-dev: if you are discussing problems with OpenSSL source code. - -USAGE -===== - -The default "openssl" ENGINE is always chosen when performing crypto -operations unless you specify otherwise. You must actively tell the -openssl utility commands to use anything else through a new command line -switch called "-engine". Also, if you want to use the ENGINE support in -your own code to do something similar, you must likewise explicitly -select the ENGINE implementation you want. - -Depending on the type of hardware, system, and configuration, "settings" -may need to be applied to an ENGINE for it to function as expected/hoped. -The recommended way of doing this is for the application to support -ENGINE "control commands" so that each ENGINE implementation can provide -whatever configuration primitives it might require and the application -can allow the user/admin (and thus the hardware vendor's support desk -also) to provide any such input directly to the ENGINE implementation. -This way, applications do not need to know anything specific to any -device, they only need to provide the means to carry such user/admin -input through to the ENGINE in question. Ie. this connects *you* (and -your helpdesk) to the specific ENGINE implementation (and device), and -allows application authors to not get buried in hassle supporting -arbitrary devices they know (and care) nothing about. - -A new "openssl" utility, "openssl engine", has been added in that allows -for testing and examination of ENGINE implementations. Basic usage -instructions are available by specifying the "-?" command line switch. - -DYNAMIC ENGINES -=============== - -The new "dynamic" ENGINE provides a low-overhead way to support ENGINE -implementations that aren't pre-compiled and linked into OpenSSL-based -applications. This could be because existing compiled-in implementations -have known problems and you wish to use a newer version with an existing -application. It could equally be because the application (or OpenSSL -library) you are using simply doesn't have support for the ENGINE you -wish to use, and the ENGINE provider (eg. hardware vendor) is providing -you with a self-contained implementation in the form of a shared-library. -The other use-case for "dynamic" is with applications that wish to -maintain the smallest foot-print possible and so do not link in various -ENGINE implementations from OpenSSL, but instead leaves you to provide -them, if you want them, in the form of "dynamic"-loadable -shared-libraries. It should be possible for hardware vendors to provide -their own shared-libraries to support arbitrary hardware to work with -applications based on OpenSSL 0.9.7 or later. If you're using an -application based on 0.9.7 (or later) and the support you desire is only -announced for versions later than the one you need, ask the vendor to -backport their ENGINE to the version you need. - -How does "dynamic" work? ------------------------- - -The dynamic ENGINE has a special flag in its implementation such that -every time application code asks for the 'dynamic' ENGINE, it in fact -gets its own copy of it. As such, multi-threaded code (or code that -multiplexes multiple uses of 'dynamic' in a single application in any -way at all) does not get confused by 'dynamic' being used to do many -independent things. Other ENGINEs typically don't do this so there is -only ever 1 ENGINE structure of its type (and reference counts are used -to keep order). The dynamic ENGINE itself provides absolutely no -cryptographic functionality, and any attempt to "initialise" the ENGINE -automatically fails. All it does provide are a few "control commands" -that can be used to control how it will load an external ENGINE -implementation from a shared-library. To see these control commands, -use the command-line; - - openssl engine -vvvv dynamic - -The "SO_PATH" control command should be used to identify the -shared-library that contains the ENGINE implementation, and "NO_VCHECK" -might possibly be useful if there is a minor version conflict and you -(or a vendor helpdesk) is convinced you can safely ignore it. -"ID" is probably only needed if a shared-library implements -multiple ENGINEs, but if you know the engine id you expect to be using, -it doesn't hurt to specify it (and this provides a sanity check if -nothing else). "LIST_ADD" is only required if you actually wish the -loaded ENGINE to be discoverable by application code later on using the -ENGINE's "id". For most applications, this isn't necessary - but some -application authors may have nifty reasons for using it. The "LOAD" -command is the only one that takes no parameters and is the command -that uses the settings from any previous commands to actually *load* -the shared-library ENGINE implementation. If this command succeeds, the -(copy of the) 'dynamic' ENGINE will magically morph into the ENGINE -that has been loaded from the shared-library. As such, any control -commands supported by the loaded ENGINE could then be executed as per -normal. Eg. if ENGINE "foo" is implemented in the shared-library -"libfoo.so" and it supports some special control command "CMD_FOO", the -following code would load and use it (NB: obviously this code has no -error checking); - - ENGINE *e = ENGINE_by_id("dynamic"); - ENGINE_ctrl_cmd_string(e, "SO_PATH", "/lib/libfoo.so", 0); - ENGINE_ctrl_cmd_string(e, "ID", "foo", 0); - ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0); - ENGINE_ctrl_cmd_string(e, "CMD_FOO", "some input data", 0); - -For testing, the "openssl engine" utility can be useful for this sort -of thing. For example the above code excerpt would achieve much the -same result as; - - openssl engine dynamic \ - -pre SO_PATH:/lib/libfoo.so \ - -pre ID:foo \ - -pre LOAD \ - -pre "CMD_FOO:some input data" - -Or to simply see the list of commands supported by the "foo" ENGINE; - - openssl engine -vvvv dynamic \ - -pre SO_PATH:/lib/libfoo.so \ - -pre ID:foo \ - -pre LOAD - -Applications that support the ENGINE API and more specifically, the -"control commands" mechanism, will provide some way for you to pass -such commands through to ENGINEs. As such, you would select "dynamic" -as the ENGINE to use, and the parameters/commands you pass would -control the *actual* ENGINE used. Each command is actually a name-value -pair and the value can sometimes be omitted (eg. the "LOAD" command). -Whilst the syntax demonstrated in "openssl engine" uses a colon to -separate the command name from the value, applications may provide -their own syntax for making that separation (eg. a win32 registry -key-value pair may be used by some applications). The reason for the -"-pre" syntax in the "openssl engine" utility is that some commands -might be issued to an ENGINE *after* it has been initialised for use. -Eg. if an ENGINE implementation requires a smart-card to be inserted -during initialisation (or a PIN to be typed, or whatever), there may be -a control command you can issue afterwards to "forget" the smart-card -so that additional initialisation is no longer possible. In -applications such as web-servers, where potentially volatile code may -run on the same host system, this may provide some arguable security -value. In such a case, the command would be passed to the ENGINE after -it has been initialised for use, and so the "-post" switch would be -used instead. Applications may provide a different syntax for -supporting this distinction, and some may simply not provide it at all -("-pre" is almost always what you're after, in reality). - -How do I build a "dynamic" ENGINE? ----------------------------------- - -This question is trickier - currently OpenSSL bundles various ENGINE -implementations that are statically built in, and any application that -calls the "ENGINE_load_builtin_engines()" function will automatically -have all such ENGINEs available (and occupying memory). Applications -that don't call that function have no ENGINEs available like that and -would have to use "dynamic" to load any such ENGINE - but on the other -hand such applications would only have the memory footprint of any -ENGINEs explicitly loaded using user/admin provided control commands. -The main advantage of not statically linking ENGINEs and only using -"dynamic" for hardware support is that any installation using no -"external" ENGINE suffers no unnecessary memory footprint from unused -ENGINEs. Likewise, installations that do require an ENGINE incur the -overheads from only *that* ENGINE once it has been loaded. - -Sounds good? Maybe, but currently building an ENGINE implementation as -a shared-library that can be loaded by "dynamic" isn't automated in -OpenSSL's build process. It can be done manually quite easily however. -Such a shared-library can either be built with any OpenSSL code it -needs statically linked in, or it can link dynamically against OpenSSL -if OpenSSL itself is built as a shared library. The instructions are -the same in each case, but in the former (statically linked any -dependencies on OpenSSL) you must ensure OpenSSL is built with -position-independent code ("PIC"). The default OpenSSL compilation may -already specify the relevant flags to do this, but you should consult -with your compiler documentation if you are in any doubt. - -This example will show building the "atalla" ENGINE in the -crypto/engine/ directory as a shared-library for use via the "dynamic" -ENGINE. - - 1. "cd" to the crypto/engine/ directory of a pre-compiled OpenSSL - source tree. - - 2. Recompile at least one source file so you can see all the compiler - flags (and syntax) being used to build normally. Eg; - - touch hw_atalla.c ; make - - will rebuild "hw_atalla.o" using all such flags. - - 3. Manually enter the same compilation line to compile the - "hw_atalla.c" file but with the following two changes; - * add "-DENGINE_DYNAMIC_SUPPORT" to the command line switches, - * change the output file from "hw_atalla.o" to something new, - eg. "tmp_atalla.o" - - 4. Link "tmp_atalla.o" into a shared-library using the top-level - OpenSSL libraries to resolve any dependencies. The syntax for doing - this depends heavily on your system/compiler and is a nightmare - known well to anyone who has worked with shared-library portability - before. 'gcc' on Linux, for example, would use the following syntax; - - gcc -shared -o dyn_atalla.so tmp_atalla.o -L../.. -lcrypto - - 5. Test your shared library using "openssl engine" as explained in the - previous section. Eg. from the top-level directory, you might try - - apps/openssl engine -vvvv dynamic \ - -pre SO_PATH:./crypto/engine/dyn_atalla.so -pre LOAD - -If the shared-library loads successfully, you will see both "-pre" -commands marked as "SUCCESS" and the list of control commands -displayed (because of "-vvvv") will be the control commands for the -*atalla* ENGINE (ie. *not* the 'dynamic' ENGINE). You can also add -the "-t" switch to the utility if you want it to try and initialise -the atalla ENGINE for use to test any possible hardware/driver issues. - -PROBLEMS -======== - -It seems like the ENGINE part doesn't work too well with CryptoSwift on Win32. -A quick test done right before the release showed that trying "openssl speed --engine cswift" generated errors. If the DSO gets enabled, an attempt is made -to write at memory address 0x00000002. diff --git a/README-FIPS.md b/README-FIPS.md deleted file mode 100644 index d8c3cd3dd0760832310e23fe84c76de5f40a1c55..0000000000000000000000000000000000000000 --- a/README-FIPS.md +++ /dev/null @@ -1,67 +0,0 @@ -OpenSSL FIPS support -==================== - -This release of OpenSSL includes a cryptographic module that is intended to be -FIPS 140-2 validated. The module is implemented as an OpenSSL provider. -A provider is essentially a dynamically loadable module which implements -cryptographic algorithms, see the [README-PROVIDERS](README-PROVIDERS.md) file -for further details. - -The OpenSSL FIPS provider comes as shared library called `fips.so` (on Unix) -resp. `fips.dll` (on Windows). The FIPS provider does not get built and -installed automatically. To enable it, you need to configure OpenSSL using -the `enable-fips` option. - -Installing the FIPS module -========================== - -If the FIPS provider is enabled, it gets installed automatically during the -normal installation process. Simply follow the normal procedure (configure, -make, make test, make install) as described in the [INSTALL](INSTALL.md) file. - -For example, on Unix the final command - - $ make install - -effectively executes the following install targets - - $ make install_sw - $ make install_ssldirs - $ make install_docs - $ make install_fips # for `enable-fips` only - -The `install_fips` make target can also be invoked explicitly to install -the FIPS provider independently, without installing the rest of OpenSSL. - -The Installation of the FIPS provider consists of two steps. In the first step, -the shared library is copied to its installed location, which by default is - - /usr/local/lib/ossl-modules/fips.so on Unix, and - C:\Program Files\OpenSSL\lib\ossl-modules\fips.dll on Windows. - -In the second step, the `openssl fipsinstall` command is executed, which completes -the installation by doing the following two things: - -- Runs the FIPS module self tests -- Generates the so-called FIPS module configuration file containing information - about the module such as the self test status, and the module checksum. - -The FIPS module must have the self tests run, and the FIPS module config file -output generated on every machine that it is to be used on. You must not copy -the FIPS module config file output data from one machine to another. - -On Unix the `openssl fipsinstall` command will be invoked as follows by default: - - $ openssl fipsinstall -out /usr/local/ssl/fipsmodule.cnf -module /usr/local/lib/ossl-modules/fips.so - -If you configured OpenSSL to be installed to a different location, the paths will -vary accordingly. In the rare case that you need to install the fipsmodule.cnf -to non-standard location, you can execute the `openssl fipsinstall` command manually. - -Using the FIPS Module in applications -===================================== - -Documentation about using the FIPS module is available on the [fips_module(7)] -manual page. - - [fips_module(7)]: https://www.openssl.org/docs/man3.0/man7/fips_module.html diff --git a/README-PROVIDERS.md b/README-PROVIDERS.md deleted file mode 100644 index 25e49c8618f7cc6829ece4c764e0cc627a632f73..0000000000000000000000000000000000000000 --- a/README-PROVIDERS.md +++ /dev/null @@ -1,145 +0,0 @@ -Providers -========= - - - [Standard Providers](#standard-providers) - - [The Default Provider](#the-default-provider) - - [The Legacy Provider](#the-legacy-provider) - - [The FIPS Provider](#the-fips-provider) - - [The Base Provider](#the-base-provider) - - [The Null Provider](#the-null-provider) - - [Loading Providers](#loading-providers) - -Standard Providers -================== - -Providers are containers for algorithm implementations. Whenever a cryptographic -algorithm is used via the high level APIs a provider is selected. It is that -provider implementation that actually does the required work. There are five -providers distributed with OpenSSL. In the future we expect third parties to -distribute their own providers which can be added to OpenSSL dynamically. -Documentation about writing providers is available on the [provider(7)] -manual page. - - [provider(7)]: https://www.openssl.org/docs/man3.0/man7/provider.html - -The Default Provider --------------------- - -The default provider collects together all of the standard built-in OpenSSL -algorithm implementations. If an application doesn't specify anything else -explicitly (e.g. in the application or via config), then this is the provider -that will be used. It is loaded automatically the first time that we try to -get an algorithm from a provider if no other provider has been loaded yet. -If another provider has already been loaded then it won't be loaded -automatically. Therefore if you want to use it in conjunction with other -providers then you must load it explicitly. - -This is a "built-in" provider which means that it is compiled and linked -into the libcrypto library and does not exist as a separate standalone module. - -The Legacy Provider -------------------- - -The legacy provider is a collection of legacy algorithms that are either no -longer in common use or considered insecure and strongly discouraged from use. -However, some applications may need to use these algorithms for backwards -compatibility reasons. This provider is **not** loaded by default. -This may mean that some applications upgrading from earlier versions of OpenSSL -may find that some algorithms are no longer available unless they load the -legacy provider explicitly. - -Algorithms in the legacy provider include MD2, MD4, MDC2, RMD160, CAST5, -BF (Blowfish), IDEA, SEED, RC2, RC4, RC5 and DES (but not 3DES). - -The FIPS Provider ------------------ - -The FIPS provider contains a sub-set of the algorithm implementations available -from the default provider, consisting of algorithms conforming to FIPS standards. -It is intended that this provider will be FIPS140-2 validated. - -In some cases there may be minor behavioural differences between algorithm -implementations in this provider compared to the equivalent algorithm in the -default provider. This is typically in order to conform to FIPS standards. - -The Base Provider ------------------ - -The base provider contains a small sub-set of non-cryptographic algorithms -available in the default provider. For example, it contains algorithms to -serialize and deserialize keys to files. If you do not load the default -provider then you should always load this one instead (in particular, if -you are using the FIPS provider). - -The Null Provider ------------------ - -The null provider is "built-in" to libcrypto and contains no algorithm -implementations. In order to guarantee that the default provider is not -automatically loaded, the null provider can be loaded instead. - -This can be useful if you are using non-default library contexts and want -to ensure that the default library context is never used unintentionally. - -Loading Providers -================= - -Providers to be loaded can be specified in the OpenSSL config file. -See the [config(5)] manual page for information about how to configure -providers via the config file, and how to automatically activate them. - - [config(5)]: https://www.openssl.org/docs/man3.0/man5/config.html - -The following is a minimal config file example to load and activate both -the legacy and the default provider in the default library context. - - openssl_conf = openssl_init - - [openssl_init] - providers = provider_sect - - [provider_sect] - default = default_sect - legacy = legacy_sect - - [default_sect] - activate = 1 - - [legacy_sect] - activate = 1 - -It is also possible to load providers programmatically. For example you can -load the legacy provider into the default library context as shown below. -Note that once you have explicitly loaded a provider into the library context -the default provider will no longer be automatically loaded. Therefore you will -often also want to explicitly load the default provider, as is done here: - - #include - #include - - #include - - int main(void) - { - OSSL_PROVIDER *legacy; - OSSL_PROVIDER *deflt; - - /* Load Multiple providers into the default (NULL) library context */ - legacy = OSSL_PROVIDER_load(NULL, "legacy"); - if (legacy == NULL) { - printf("Failed to load Legacy provider\n"); - exit(EXIT_FAILURE); - } - deflt = OSSL_PROVIDER_load(NULL, "default"); - if (deflt == NULL) { - printf("Failed to load Default provider\n"); - OSSL_PROVIDER_unload(legacy); - exit(EXIT_FAILURE); - } - - /* Rest of application */ - - OSSL_PROVIDER_unload(legacy); - OSSL_PROVIDER_unload(deflt); - exit(EXIT_SUCCESS); - } diff --git a/README.md b/README.md deleted file mode 100644 index f2f4fd39ad05bbd5c8ca5b8bcbc1def7be9e2e96..0000000000000000000000000000000000000000 --- a/README.md +++ /dev/null @@ -1,224 +0,0 @@ -Welcome to the OpenSSL Project -============================== - -[![openssl logo]][www.openssl.org] - -[![github actions ci badge]][github actions ci] -[![appveyor badge]][appveyor jobs] - -OpenSSL is a robust, commercial-grade, full-featured Open Source Toolkit -for the Transport Layer Security (TLS) protocol formerly known as the -Secure Sockets Layer (SSL) protocol. The protocol implementation is based -on a full-strength general purpose cryptographic library, which can also -be used stand-alone. - -OpenSSL is descended from the SSLeay library developed by Eric A. Young -and Tim J. Hudson. - -The official Home Page of the OpenSSL Project is [www.openssl.org]. - -Table of Contents -================= - - - [Overview](#overview) - - [Download](#download) - - [Build and Install](#build-and-install) - - [Documentation](#documentation) - - [License](#license) - - [Support](#support) - - [Contributing](#contributing) - - [Legalities](#legalities) - -Overview -======== - -The OpenSSL toolkit includes: - -- **libssl** - an implementation of all TLS protocol versions up to TLSv1.3 ([RFC 8446]). - -- **libcrypto** - a full-strength general purpose cryptographic library. It constitutes the - basis of the TLS implementation, but can also be used independently. - -- **openssl** - the OpenSSL command line tool, a swiss army knife for cryptographic tasks, - testing and analyzing. It can be used for - - creation of key parameters - - creation of X.509 certificates, CSRs and CRLs - - calculation of message digests - - encryption and decryption - - SSL/TLS client and server tests - - handling of S/MIME signed or encrypted mail - - and more... - -Download -======== - -For Production Use ------------------- - -Source code tarballs of the official releases can be downloaded from -[www.openssl.org/source](https://www.openssl.org/source). -The OpenSSL project does not distribute the toolkit in binary form. - -However, for a large variety of operating systems precompiled versions -of the OpenSSL toolkit are available. In particular on Linux and other -Unix operating systems it is normally recommended to link against the -precompiled shared libraries provided by the distributor or vendor. - -For Testing and Development ---------------------------- - -Although testing and development could in theory also be done using -the source tarballs, having a local copy of the git repository with -the entire project history gives you much more insight into the -code base. - -The official OpenSSL Git Repository is located at [git.openssl.org]. -There is a GitHub mirror of the repository at [github.com/openssl/openssl], -which is updated automatically from the former on every commit. - -A local copy of the Git Repository can be obtained by cloning it from -the original OpenSSL repository using - - git clone git://git.openssl.org/openssl.git - -or from the GitHub mirror using - - git clone https://github.com/openssl/openssl.git - -If you intend to contribute to OpenSSL, either to fix bugs or contribute -new features, you need to fork the OpenSSL repository openssl/openssl on -GitHub and clone your public fork instead. - - git clone https://github.com/yourname/openssl.git - -This is necessary, because all development of OpenSSL nowadays is done via -GitHub pull requests. For more details, see [Contributing](#contributing). - -Build and Install -================= - -After obtaining the Source, have a look at the [INSTALL](INSTALL.md) file for -detailed instructions about building and installing OpenSSL. For some -platforms, the installation instructions are amended by a platform specific -document. - - * [Notes for UNIX-like platforms](NOTES-UNIX.md) - * [Notes for Android platforms](NOTES-ANDROID.md) - * [Notes for Windows platforms](NOTES-WINDOWS.md) - * [Notes for the DOS platform with DJGPP](NOTES-DJGPP.md) - * [Notes for the OpenVMS platform](NOTES-VMS.md) - * [Notes on Perl](NOTES-PERL.md) - * [Notes on Valgrind](NOTES-VALGRIND.md) - -Specific notes on upgrading to OpenSSL 3.0 from previous versions can be found -in the [migration_guide(7ossl)] manual page. - -Documentation -============= - -Manual Pages ------------- - -The manual pages for the master branch and all current stable releases are -available online. - -- [OpenSSL master](https://www.openssl.org/docs/manmaster) -- [OpenSSL 3.0](https://www.openssl.org/docs/man3.0) -- [OpenSSL 1.1.1](https://www.openssl.org/docs/man1.1.1) - -Wiki ----- - -There is a Wiki at [wiki.openssl.org] which is currently not very active. -It contains a lot of useful information, not all of which is up to date. - -License -======= - -OpenSSL is licensed under the Apache License 2.0, which means that -you are free to get and use it for commercial and non-commercial -purposes as long as you fulfill its conditions. - -See the [LICENSE.txt](LICENSE.txt) file for more details. - -Support -======= - -There are various ways to get in touch. The correct channel depends on -your requirement. see the [SUPPORT](SUPPORT.md) file for more details. - -Contributing -============ - -If you are interested and willing to contribute to the OpenSSL project, -please take a look at the [CONTRIBUTING](CONTRIBUTING.md) file. - -Legalities -========== - -A number of nations restrict the use or export of cryptography. If you are -potentially subject to such restrictions you should seek legal advice before -attempting to develop or distribute cryptographic code. - -Copyright -========= - -Copyright (c) 1998-2022 The OpenSSL Project - -Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson - -All rights reserved. - - - -[www.openssl.org]: - - "OpenSSL Homepage" - -[git.openssl.org]: - - "OpenSSL Git Repository" - -[git.openssl.org]: - - "OpenSSL Git Repository" - -[github.com/openssl/openssl]: - - "OpenSSL GitHub Mirror" - -[wiki.openssl.org]: - - "OpenSSL Wiki" - -[migration_guide(7ossl)]: - - "OpenSSL Migration Guide" - -[RFC 8446]: - - - - -[openssl logo]: - doc/images/openssl.svg - "OpenSSL Logo" - -[github actions ci badge]: - - "GitHub Actions CI Status" - -[github actions ci]: - - "GitHub Actions CI" - -[appveyor badge]: - - "AppVeyor Build Status" - -[appveyor jobs]: - - "AppVeyor Jobs" diff --git a/SUPPORT.md b/SUPPORT.md deleted file mode 100644 index c0b6babe89ada919960cd7809dfdc6cc9db90463..0000000000000000000000000000000000000000 --- a/SUPPORT.md +++ /dev/null @@ -1,93 +0,0 @@ -OpenSSL User Support resources -============================== - -See the for details on how to -obtain commercial technical support. - -If you have general questions about using OpenSSL -------------------------------------------------- - -In this case the [openssl-users] mailing list is the right place for you. -The list is not only watched by the OpenSSL team members, but also by many -other OpenSSL users. Here you will most likely get the answer to your questions. -An overview over the [mailing lists](#mailing-lists) can be found below. - -If you think you found a Bug ----------------------------- - -*NOTE: this section assumes that you want to report it or figure it out and -fix it. What's written here is not to be taken as a recipe for how to get a -working production installation* - -If you have any problems with OpenSSL then please take the following steps -first: - -- Search the mailing lists and/or the GitHub issues to find out whether - the problem has already been reported. -- Download the latest version from the repository to see if the problem - has already been addressed. -- Configure without assembler support (`no-asm`) and check whether the - problem persists. -- Remove compiler optimization flags. - -Please keep in mind: Just because something doesn't work the way you expect -does not mean it is necessarily a bug in OpenSSL. If you are not sure, -consider searching the mail archives and posting a question to the -[openssl-users] mailing list first. - -### Open an Issue - -If you wish to report a bug, please open an [issue][github-issues] on GitHub -and include the following information: - -- OpenSSL version: output of `openssl version -a` -- Configuration data: output of `perl configdata.pm --dump` -- OS Name, Version, Hardware platform -- Compiler Details (name, version) -- Application Details (name, version) -- Problem Description (steps that will reproduce the problem, if known) -- Stack Traceback (if the application dumps core) - -Not only errors in the software, also errors in the documentation, in -particular the manual pages, can be reported as issues. - -### Submit a Pull Request - -The fastest way to get a bug fixed is to fix it yourself ;-). If you are -experienced in programming and know how to fix the bug, you can open a -pull request. The details are covered in the [Contributing][contributing] section. - -Don't hesitate to open a pull request, even if it's only a small change -like a grammatical or typographical error in the documentation. - -Mailing Lists -============= - -The OpenSSL maintains a number of [mailing lists] for various purposes. -The most important lists are: - -- [openssl-users] for general questions about using the OpenSSL software - and discussions between OpenSSL users. - -- [openssl-announce] for official announcements to the OpenSSL community. - -- [openssl-project] for discussion about the development roadmap - and governance. - -Only subscribers can post to [openssl-users] or [openssl-project]. The -archives are made public, however. For more information, see the [mailing -lists] page. - -There was an [openssl-dev] list that has been discontinued since development -is now taking place in the form of GitHub pull requests. Although not active -anymore, the searchable archive may still contain useful information. - - - -[mailing lists]: https://www.openssl.org/community/mailinglists.html -[openssl-users]: https://mta.openssl.org/mailman/listinfo/openssl-users -[openssl-announce]: https://mta.openssl.org/mailman/listinfo/openssl-announce -[openssl-project]: https://mta.openssl.org/mailman/listinfo/openssl-project -[openssl-dev]: https://mta.openssl.org/mailman/listinfo/openssl-dev -[github-issues]: https://github.com/openssl/openssl/issues/new/choose -[contributing]: https://github.com/openssl/openssl/blob/master/CONTRIBUTING.md diff --git a/VERSION.dat b/VERSION.dat deleted file mode 100644 index 922e15fce1768a0d1d295a086041109050e983e9..0000000000000000000000000000000000000000 --- a/VERSION.dat +++ /dev/null @@ -1,7 +0,0 @@ -MAJOR=3 -MINOR=0 -PATCH=7 -PRE_RELEASE_TAG= -BUILD_METADATA= -RELEASE_DATE="1 Nov 2022" -SHLIB_VERSION=3 diff --git a/VMS/VMSify-conf.pl b/VMS/VMSify-conf.pl deleted file mode 100644 index a3844e505c2b700b3d0e6a3ca1033975ed6d371f..0000000000000000000000000000000000000000 --- a/VMS/VMSify-conf.pl +++ /dev/null @@ -1,41 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - - -use strict; -use warnings; - -my @directory_vars = ( "dir", "certs", "crl_dir", "new_certs_dir" ); -my @file_vars = ( "database", "certificate", "serial", "crlnumber", - "crl", "private_key", "RANDFILE" ); -while() { - s|\R$||; - foreach my $d (@directory_vars) { - if (/^(\s*\#?\s*${d}\s*=\s*)\.\/([^\s\#]*)([\s\#].*)$/) { - $_ = "$1sys\\\$disk:\[.$2$3"; - } elsif (/^(\s*\#?\s*${d}\s*=\s*)(\w[^\s\#]*)([\s\#].*)$/) { - $_ = "$1sys\\\$disk:\[.$2$3"; - } - s/^(\s*\#?\s*${d}\s*=\s*\$\w+)\/([^\s\#]*)([\s\#].*)$/$1.$2\]$3/; - while(/^(\s*\#?\s*${d}\s*=\s*(\$\w+\.|sys\\\$disk:\[\.)[\w\.]+)\/([^\]]*)\](.*)$/) { - $_ = "$1.$3]$4"; - } - } - foreach my $f (@file_vars) { - s/^(\s*\#?\s*${f}\s*=\s*)\.\/(.*)$/$1sys\\\$disk:\[\/$2/; - while(/^(\s*\#?\s*${f}\s*=\s*(\$\w+|sys\\\$disk:\[)[^\/]*)\/(\w+\/[^\s\#]*)([\s\#].*)$/) { - $_ = "$1.$3$4"; - } - if (/^(\s*\#?\s*${f}\s*=\s*(\$\w+|sys\\\$disk:\[)[^\/]*)\/(\w+)([\s\#].*)$/) { - $_ = "$1]$3.$4"; - } elsif (/^(\s*\#?\s*${f}\s*=\s*(\$\w+|sys\\\$disk:\[)[^\/]*)\/([^\s\#]*)([\s\#].*)$/) { - $_ = "$1]$3$4"; - } - } - print $_,"\n"; -} diff --git a/VMS/openssl_ivp.com.in b/VMS/openssl_ivp.com.in deleted file mode 100644 index 6810792b38d3d66735321166f148df5a0b695134..0000000000000000000000000000000000000000 --- a/VMS/openssl_ivp.com.in +++ /dev/null @@ -1,56 +0,0 @@ -$ ! OpenSSL Internal Verification Procedure -$ ! -$ ! This script checks the consistency of a OpenSSL installation -$ ! It had better be spawned, as it creates process logicals -$ -$ ! Generated information -$ INSTALLTOP := {- $config{INSTALLTOP} -} -$ OPENSSLDIR := {- $config{OPENSSLDIR} -} -$ -$ ! Make sure that INSTALLTOP and OPENSSLDIR become something one -$ ! can use to call the startup procedure -$ INSTALLTOP_ = F$PARSE("A.;",INSTALLTOP,,,"NO_CONCEAL") - - - ".][000000" - "[000000." - "][" - "]A.;" + "." -$ OPENSSLDIR_ = F$PARSE("A.;",OPENSSLDIR,,,"NO_CONCEAL") - - - ".][000000" - "[000000." - "][" - "]A.;" + "." -$ -$ v := {- sprintf "%02d", split(/\./, $config{version}) -} -$ pz := {- $target{pointer_size} -} -$ -$ @'INSTALLTOP_'SYS$STARTUP]openssl_startup'v' -$ @'INSTALLTOP_'SYS$STARTUP]openssl_utils'v' -$ -$ IF F$SEARCH("OSSL$LIBCRYPTO''pz'") .EQS. "" - - .OR. F$SEARCH("OSSL$LIBSSL''pz'") .EQS. "" {- output_off() if $config{no_shared}; "" -}- - .OR. F$SEARCH("OSSL$LIBCRYPTO_SHR''pz'") .EQS. "" - - .OR. F$SEARCH("OSSL$LIBSSL_SHR''pz'") .EQS. "" {- output_on() if $config{no_shared}; "" -}- - .OR. F$SEARCH("OSSL$INCLUDE:[OPENSSL]crypto.h") .EQS. "" - - .OR. F$SEARCH("OPENSSL:crypto.h") .EQS. "" - - .OR. F$SEARCH("OSSL$EXE:OPENSSL''v'.EXE") .EQS. "" -$ THEN -$ WRITE SYS$ERROR "Installation inconsistent" -$ EXIT %x00018292 ! RMS$_FNF, file not found -$ ENDIF -$ -$ ON ERROR THEN GOTO error -$ -$ ! If something else is wrong with the installation, we're likely -$ ! to get an image activation error here -$ openssl version -a -$ -$ ! FUTURE ENHANCEMENT: Verify that engines are where they should be. -$ ! openssl engine -c -t checker -$ -$ ! Verify that the built in providers are reachable. If they aren't, -$ ! then we're likely to get an image activation error here -$ openssl list -provider base -providers -$ openssl list -provider default -providers -$ openssl list -provider legacy -providers -$ -$ WRITE SYS$ERROR "OpenSSL IVP passed" -$ EXIT %x10000001 -$ -$ error: -$ save_status = $STATUS -$ WRITE SYS$ERROR "OpenSSL IVP failed" -$ EXIT 'save_status' diff --git a/VMS/openssl_shutdown.com.in b/VMS/openssl_shutdown.com.in deleted file mode 100644 index 4193c900f9e99e10ac1752c5228f17edcbdf50cb..0000000000000000000000000000000000000000 --- a/VMS/openssl_shutdown.com.in +++ /dev/null @@ -1,57 +0,0 @@ -$ ! OpenSSL shutdown script -$ ! -$ ! This script deassigns the logical names used by the installation -$ ! of OpenSSL. It can do so at any level, defined by P1. -$ ! -$ ! P1 Qualifier(s) for DEASSIGN. -$ ! Default: /PROCESS -$ ! -$ ! P2 If the value is "NOALIASES", no alias logical names are -$ ! deassigned. -$ -$ status = %x10000001 ! Generic success -$ -$ ! In case there's a problem -$ ON CONTROL_Y THEN GOTO bailout -$ ON ERROR THEN GOTO bailout -$ -$ ! Find the architecture -$ IF F$GETSYI("CPU") .LT. 128 -$ THEN -$ arch := VAX -$ ELSE -$ arch := F$EDIT(F$GETSYI("ARCH_NAME"),"UPCASE") -$ IF arch .EQS. "" THEN GOTO unknown_arch -$ ENDIF -$ -$ ! Abbrevs -$ DEAS := DEASSIGN /NOLOG 'P1' -$ sv := {- platform->shlib_version_as_filename(); -} -$ pz := {- $target{pointer_size} -} -$ -$ DEAS OSSL$DATAROOT -$ DEAS OSSL$INSTROOT -$ DEAS OSSL$INCLUDE -$ DEAS OSSL$LIB -$ DEAS OSSL$SHARE -$ DEAS OSSL$ENGINES'sv''pz' -$ DEAS OSSL$MODULES'pz' -$ DEAS OSSL$EXE -$ DEAS OSSL$LIBCRYPTO'pz' -$ DEAS OSSL$LIBSSL'pz' -${- output_off() if $config{no_shared}; "" -} -$ DEAS OSSL$LIBCRYPTO'sv'_SHR'pz' -$ DEAS OSSL$LIBSSL'sv'_SHR'pz' -${- output_on() if $config{no_shared}; "" -} -$ DEAS OPENSSL -$ -$ IF P2 .NES. "NOALIASES" -$ THEN -$ DEAS OSSL$ENGINES'pz' -${- output_off() if $config{no_shared}; "" -} -$ DEAS OSSL$LIBCRYPTO_SHR'pz' -$ DEAS OSSL$LIBSSL_SHR'pz' -${- output_on() if $config{no_shared}; "" -} -$ ENDIF -$ -$ EXIT 'status' diff --git a/VMS/openssl_startup.com.in b/VMS/openssl_startup.com.in deleted file mode 100644 index bbf3e3b4e6e4881a8b8fec48b1b786eeb8bb8745..0000000000000000000000000000000000000000 --- a/VMS/openssl_startup.com.in +++ /dev/null @@ -1,125 +0,0 @@ -$ ! OpenSSL startup script -$ ! -$ ! This script defines the logical names used by the installation -$ ! of OpenSSL. It can provide those logical names at any level, -$ ! defined by P1. -$ ! -$ ! The logical names created are: -$ ! -$ ! OSSL$INSTROOT Installation root -$ ! OSSL$DATAROOT Data root (common directory -$ ! for certs etc) -$ ! OSSL$INCLUDE Include directory root -$ ! OSSL$LIB Where the static library files -$ ! are located -$ ! OSSL$SHARE Where the shareable image files -$ ! are located -$ ! OSSL$EXE Where the executables are located -$ ! OSSL$ENGINESnnn Where the engines modules are located -$ ! OSSL$MODULES Where the non-engine modules are located -$ ! OSSL$LIBCRYPTO The static crypto library -$ ! OSSL$LIBSSL The static ssl library -$ ! OSSL$LIBCRYPTOnnn_SHR The shareable crypto image -$ ! OSSL$LIBSSLnnn_SHR The shareable ssl image -$ ! OPENSSL is OSSL$INCLUDE:[OPENSSL] -$ ! -$ ! In all these, nnn is the OpenSSL version number. This allows -$ ! several OpenSSL versions to be installed simultaneously, which -$ ! matters for applications that are linked to the shareable images -$ ! or that depend on engines. -$ ! -$ ! In addition, unless P2 is "NOALIASES", these logical names are -$ ! created: -$ ! -$ ! OSSL$ENGINES Alias for OSSL$ENGINESnnn -$ ! OSSL$LIBCRYPTO_SHR Alias for OSSL$LIBCRYPTOnnn_SHR -$ ! OSSL$LIBSSL_SHR Alias for OSSL$LIBSSLnnn_SHR -$ ! -$ ! P1 Qualifier(s) for DEFINE. "/SYSTEM" would be typical when -$ ! calling this script from SYS$STARTUP:SYSTARTUP_VMS.COM, -$ ! while "/PROCESS" would be typical for a personal install. -$ ! Default: /PROCESS -$ ! -$ ! P2 If the value is "NOALIASES", no alias logical names are -$ ! created. -$ -$ status = %x10000001 ! Generic success -$ -$ ! In case there's a problem -$ ON CONTROL_Y THEN GOTO bailout -$ ON ERROR THEN GOTO bailout -$ -$ ! Find the architecture -$ IF F$GETSYI("CPU") .LT. 128 -$ THEN -$ arch := VAX -$ ELSE -$ arch = F$EDIT(F$GETSYI("ARCH_NAME"),"UPCASE") -$ IF arch .EQS. "" THEN GOTO unknown_arch -$ ENDIF -$ -$ ! Generated information -$ INSTALLTOP := {- $config{INSTALLTOP} -} -$ OPENSSLDIR := {- $config{OPENSSLDIR} -} -$ -$ ! Make sure that INSTALLTOP and OPENSSLDIR become something one -$ ! can build concealed logical names on -$ INSTALLTOP_ = F$PARSE("A.;",INSTALLTOP,,,"NO_CONCEAL") - - - ".][000000" - "[000000." - "][" - "]A.;" + "." -$ OPENSSLDIR_ = F$PARSE("A.;",OPENSSLDIR,,,"NO_CONCEAL") - - - ".][000000" - "[000000." - "][" - "]A.;" + "." -$ -$ DEFINE /TRANSLATION=CONCEALED /NOLOG WRK_INSTALLTOP 'INSTALLTOP_'] -$ DEFINE /TRANSLATION=CONCEALED /NOLOG WRK_OPENSSLDIR 'OPENSSLDIR_'] -$ -$ ! Check that things are in place, and specifically, the stuff -$ ! belonging to this architecture -$ IF F$SEARCH("WRK_INSTALLTOP:[000000]INCLUDE.DIR;1") .EQS. "" - - .OR. F$SEARCH("WRK_INSTALLTOP:[000000]LIB.DIR;1") .EQS. "" - - .OR. F$SEARCH("WRK_INSTALLTOP:[000000]EXE.DIR;1") .EQS. "" - - .OR. F$SEARCH("WRK_INSTALLTOP:[LIB]''arch'.DIR;1") .EQS. "" - - .OR. F$SEARCH("WRK_INSTALLTOP:[EXE]''arch'.DIR;1") .EQS. "" - - .OR. F$SEARCH("WRK_OPENSSLDIR:[000000]openssl.cnf") .EQS. "" -$ THEN -$ WRITE SYS$ERROR "''INSTALLTOP' doesn't look like an OpenSSL installation for ''arch'" -$ status = %x00018292 ! RMS$_FNF, file not found -$ GOTO bailout -$ ENDIF -$ -$ ! Abbrevs -$ DEFT := DEFINE /TRANSLATION=CONCEALED /NOLOG 'P1' -$ DEF := DEFINE /NOLOG 'P1' -$ sv := {- platform->shlib_version_as_filename(); -} -$ pz := {- $target{pointer_size} -} -$ -$ DEFT OSSL$DATAROOT 'OPENSSLDIR_'] -$ DEFT OSSL$INSTROOT 'INSTALLTOP_'] -$ DEFT OSSL$INCLUDE 'INSTALLTOP_'INCLUDE.] -$ DEF OSSL$LIB OSSL$INSTROOT:[LIB.'arch'] -$ DEF OSSL$SHARE OSSL$INSTROOT:[LIB.'arch'] -$ DEF OSSL$ENGINES'sv''pz' OSSL$INSTROOT:[ENGINES'sv''pz'.'arch'] -$ DEF OSSL$MODULES'pz' OSSL$INSTROOT:[MODULES'pz'.'arch'] -$ DEF OSSL$EXE OSSL$INSTROOT:[EXE.'arch'],- - OSSL$INSTROOT:[EXE] -$ DEF OSSL$LIBCRYPTO'pz' OSSL$LIB:OSSL$LIBCRYPTO'pz'.OLB -$ DEF OSSL$LIBSSL'pz' OSSL$LIB:OSSL$LIBSSL'pz'.OLB -${- output_off() if $config{no_shared}; "" -} -$ DEF OSSL$LIBCRYPTO'sv'_SHR'pz' OSSL$SHARE:OSSL$LIBCRYPTO'sv'_SHR'pz'.EXE -$ DEF OSSL$LIBSSL'sv'_SHR'pz' OSSL$SHARE:OSSL$LIBSSL'sv'_SHR'pz'.EXE -${- output_on() if $config{no_shared}; "" -} -$ DEF OPENSSL OSSL$INCLUDE:[OPENSSL] -$ -$ IF P2 .NES. "NOALIASES" -$ THEN -$ DEF OSSL$ENGINES'pz' OSSL$ENGINES'sv''pz' -${- output_off() if $config{no_shared}; "" -} -$ DEF OSSL$LIBCRYPTO_SHR'pz' OSSL$LIBCRYPTO'sv'_SHR'pz' -$ DEF OSSL$LIBSSL_SHR'pz' OSSL$LIBSSL'sv'_SHR'pz' -${- output_on() if $config{no_shared}; "" -} -$ ENDIF -$ -$ bailout: -$ DEASSIGN WRK_INSTALLTOP -$ DEASSIGN WRK_OPENSSLDIR -$ -$ EXIT 'status' diff --git a/VMS/openssl_utils.com.in b/VMS/openssl_utils.com.in deleted file mode 100644 index 900d0462c5a9c2ba8b6054fe052cee0fa6ec301c..0000000000000000000000000000000000000000 --- a/VMS/openssl_utils.com.in +++ /dev/null @@ -1,14 +0,0 @@ -$ ! OpenSSL utilities -$ ! -$ -$ v := {- sprintf "%02d", split(/\./, $config{version}) -} -$ -$ OPENSSL'v' :== $OSSL$EXE:OPENSSL'v' -$ OPENSSL :== $OSSL$EXE:OPENSSL'v' -$ -$ IF F$TYPE(PERL) .EQS. "STRING" -$ THEN -$ C_REHASH :== 'PERL' OSSL$EXE:c_rehash.pl -$ ELSE -$ WRITE SYS$ERROR "NOTE: no perl => no C_REHASH" -$ ENDIF diff --git a/VMS/translatesyms.pl b/VMS/translatesyms.pl deleted file mode 100644 index c7d1bc1ce75c5d27e35f64a087aff7d2475b7590..0000000000000000000000000000000000000000 --- a/VMS/translatesyms.pl +++ /dev/null @@ -1,62 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - - -# This script will translate any SYMBOL_VECTOR item that has a translation -# in CXX$DEMANGLER_DB. The latter is generated by and CC/DECC command that -# uses the qualifier /REPOSITORY with the build directory as value. When -# /NAMES=SHORTENED has been used, this file will hold the translations from -# the original symbols to the shortened variants. -# -# CXX$DEMAGLER_DB. is an ISAM file, but with the magic of RMS, it can be -# read as a text file, with each record as one line. -# -# The lines will have the following syntax for any symbol found that's longer -# than 31 characters: -# -# LONG_symbol_34567890123{cksum}$LONG_symbol_34567890123_more_than_31_chars -# -# $ is present at the end of the shortened symbol name, and is preceded by a -# 7 character checksum. The $ makes it easy to separate the shortened name -# from the original one. - -use strict; -use warnings; - -usage() if scalar @ARGV < 1; - -my %translations = (); - -open DEMANGLER_DATA, $ARGV[0] - or die "Couldn't open $ARGV[0]: $!\n"; -while() { - s|\R$||; - (my $translated, my $original) = split /\$/; - $translations{$original} = $translated.'$'; -} -close DEMANGLER_DATA; - -$| = 1; # Autoflush -while() { - s@ - ((?:[A-Za-z0-9_]+)\/)?([A-Za-z0-9_]+)=(PROCEDURE|DATA) - @ - if (defined($translations{$2})) { - my $trans = $translations{$2}; - my $trans_uc = uc $trans; - if (defined($1) && $trans ne $trans_uc) { - "$trans_uc/$trans=$3" - } else { - "$trans=$3" - } - } else { - $& - } - @gxe; - print $_; -} diff --git a/apps/CA.pl.in b/apps/CA.pl.in deleted file mode 100644 index f029470005d94689f03973d6a9e726bfc65dc39f..0000000000000000000000000000000000000000 --- a/apps/CA.pl.in +++ /dev/null @@ -1,236 +0,0 @@ -#!{- $config{HASHBANGPERL} -} -# Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - -# -# Wrapper around the ca to make it easier to use -# -# {- join("\n# ", @autowarntext) -} - -use strict; -use warnings; - -my $verbose = 1; -my @OPENSSL_CMDS = ("req", "ca", "pkcs12", "x509", "verify"); - -my $openssl = $ENV{'OPENSSL'} // "openssl"; -$ENV{'OPENSSL'} = $openssl; -my $OPENSSL_CONFIG = $ENV{"OPENSSL_CONFIG"} // ""; - -# Command invocations. -my $REQ = "$openssl req $OPENSSL_CONFIG"; -my $CA = "$openssl ca $OPENSSL_CONFIG"; -my $VERIFY = "$openssl verify"; -my $X509 = "$openssl x509"; -my $PKCS12 = "$openssl pkcs12"; - -# Default values for various configuration settings. -my $CATOP = "./demoCA"; -my $CAKEY = "cakey.pem"; -my $CAREQ = "careq.pem"; -my $CACERT = "cacert.pem"; -my $CACRL = "crl.pem"; -my $DAYS = "-days 365"; -my $CADAYS = "-days 1095"; # 3 years -my $NEWKEY = "newkey.pem"; -my $NEWREQ = "newreq.pem"; -my $NEWCERT = "newcert.pem"; -my $NEWP12 = "newcert.p12"; - -# Commandline parsing -my %EXTRA; -my $WHAT = shift @ARGV || ""; -@ARGV = parse_extra(@ARGV); -my $RET = 0; - -# Split out "-extra-CMD value", and return new |@ARGV|. Fill in -# |EXTRA{CMD}| with list of values. -sub parse_extra -{ - foreach ( @OPENSSL_CMDS ) { - $EXTRA{$_} = ''; - } - - my @result; - while ( scalar(@_) > 0 ) { - my $arg = shift; - if ( $arg !~ m/-extra-([a-z0-9]+)/ ) { - push @result, $arg; - next; - } - $arg =~ s/-extra-//; - die("Unknown \"-${arg}-extra\" option, exiting") - unless scalar grep { $arg eq $_ } @OPENSSL_CMDS; - $EXTRA{$arg} .= " " . shift; - } - return @result; -} - - -# See if reason for a CRL entry is valid; exit if not. -sub crl_reason_ok -{ - my $r = shift; - - if ($r eq 'unspecified' || $r eq 'keyCompromise' - || $r eq 'CACompromise' || $r eq 'affiliationChanged' - || $r eq 'superseded' || $r eq 'cessationOfOperation' - || $r eq 'certificateHold' || $r eq 'removeFromCRL') { - return 1; - } - print STDERR "Invalid CRL reason; must be one of:\n"; - print STDERR " unspecified, keyCompromise, CACompromise,\n"; - print STDERR " affiliationChanged, superseded, cessationOfOperation\n"; - print STDERR " certificateHold, removeFromCRL"; - exit 1; -} - -# Copy a PEM-format file; return like exit status (zero means ok) -sub copy_pemfile -{ - my ($infile, $outfile, $bound) = @_; - my $found = 0; - - open IN, $infile || die "Cannot open $infile, $!"; - open OUT, ">$outfile" || die "Cannot write to $outfile, $!"; - while () { - $found = 1 if /^-----BEGIN.*$bound/; - print OUT $_ if $found; - $found = 2, last if /^-----END.*$bound/; - } - close IN; - close OUT; - return $found == 2 ? 0 : 1; -} - -# Wrapper around system; useful for debugging. Returns just the exit status -sub run -{ - my $cmd = shift; - print "====\n$cmd\n" if $verbose; - my $status = system($cmd); - print "==> $status\n====\n" if $verbose; - return $status >> 8; -} - - -if ( $WHAT =~ /^(-\?|-h|-help)$/ ) { - print STDERR <${CATOP}/index.txt"; - close OUT; - open OUT, ">${CATOP}/crlnumber"; - print OUT "01\n"; - close OUT; - # ask user for existing CA certificate - print "CA certificate filename (or enter to create)\n"; - my $FILE; - $FILE = "" unless defined($FILE = ); - $FILE =~ s{\R$}{}; - if ($FILE ne "") { - copy_pemfile($FILE,"${CATOP}/private/$CAKEY", "PRIVATE"); - copy_pemfile($FILE,"${CATOP}/$CACERT", "CERTIFICATE"); - } else { - print "Making CA certificate ...\n"; - $RET = run("$REQ -new -keyout ${CATOP}/private/$CAKEY" - . " -out ${CATOP}/$CAREQ $EXTRA{req}"); - $RET = run("$CA -create_serial" - . " -out ${CATOP}/$CACERT $CADAYS -batch" - . " -keyfile ${CATOP}/private/$CAKEY -selfsign" - . " -extensions v3_ca" - . " -infiles ${CATOP}/$CAREQ $EXTRA{ca}") if $RET == 0; - print "CA certificate is in ${CATOP}/$CACERT\n" if $RET == 0; - } -} elsif ($WHAT eq '-pkcs12' ) { - my $cname = $ARGV[0]; - $cname = "My Certificate" unless defined $cname; - $RET = run("$PKCS12 -in $NEWCERT -inkey $NEWKEY" - . " -certfile ${CATOP}/$CACERT -out $NEWP12" - . " -export -name \"$cname\" $EXTRA{pkcs12}"); - print "PKCS #12 file is in $NEWP12\n" if $RET == 0; -} elsif ($WHAT eq '-xsign' ) { - $RET = run("$CA -policy policy_anything -infiles $NEWREQ $EXTRA{ca}"); -} elsif ($WHAT eq '-sign' ) { - $RET = run("$CA -policy policy_anything -out $NEWCERT" - . " -infiles $NEWREQ $EXTRA{ca}"); - print "Signed certificate is in $NEWCERT\n" if $RET == 0; -} elsif ($WHAT eq '-signCA' ) { - $RET = run("$CA -policy policy_anything -out $NEWCERT" - . " -extensions v3_ca -infiles $NEWREQ $EXTRA{ca}"); - print "Signed CA certificate is in $NEWCERT\n" if $RET == 0; -} elsif ($WHAT eq '-signcert' ) { - $RET = run("$X509 -x509toreq -in $NEWREQ -signkey $NEWREQ" - . " -out tmp.pem $EXTRA{x509}"); - $RET = run("$CA -policy policy_anything -out $NEWCERT" - . "-infiles tmp.pem $EXTRA{ca}") if $RET == 0; - print "Signed certificate is in $NEWCERT\n" if $RET == 0; -} elsif ($WHAT eq '-verify' ) { - my @files = @ARGV ? @ARGV : ( $NEWCERT ); - foreach my $file (@files) { - # -CAfile quoted for VMS, since the C RTL downcases all unquoted - # arguments to C programs - my $status = run("$VERIFY \"-CAfile\" ${CATOP}/$CACERT $file $EXTRA{verify}"); - $RET = $status if $status != 0; - } -} elsif ($WHAT eq '-crl' ) { - $RET = run("$CA -gencrl -out ${CATOP}/crl/$CACRL $EXTRA{ca}"); - print "Generated CRL is in ${CATOP}/crl/$CACRL\n" if $RET == 0; -} elsif ($WHAT eq '-revoke' ) { - my $cname = $ARGV[0]; - if (!defined $cname) { - print "Certificate filename is required; reason optional.\n"; - exit 1; - } - my $reason = $ARGV[1]; - $reason = " -crl_reason $reason" - if defined $reason && crl_reason_ok($reason); - $RET = run("$CA -revoke \"$cname\"" . $reason . $EXTRA{ca}); -} else { - print STDERR "Unknown arg \"$WHAT\"\n"; - print STDERR "Use -help for help.\n"; - exit 1; -} - -exit $RET; diff --git a/apps/asn1parse.c b/apps/asn1parse.c deleted file mode 100644 index f0bfd1d45fc4233f2f10d821d5dbc95f84ff8f2d..0000000000000000000000000000000000000000 --- a/apps/asn1parse.c +++ /dev/null @@ -1,362 +0,0 @@ -/* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include "apps.h" -#include "progs.h" -#include -#include -#include -#include -#include - -typedef enum OPTION_choice { - OPT_COMMON, - OPT_INFORM, OPT_IN, OPT_OUT, OPT_INDENT, OPT_NOOUT, - OPT_OID, OPT_OFFSET, OPT_LENGTH, OPT_DUMP, OPT_DLIMIT, - OPT_STRPARSE, OPT_GENSTR, OPT_GENCONF, OPT_STRICTPEM, - OPT_ITEM -} OPTION_CHOICE; - -const OPTIONS asn1parse_options[] = { - OPT_SECTION("General"), - {"help", OPT_HELP, '-', "Display this summary"}, - {"oid", OPT_OID, '<', "file of extra oid definitions"}, - - OPT_SECTION("I/O"), - {"inform", OPT_INFORM, 'F', "input format - one of DER PEM"}, - {"in", OPT_IN, '<', "input file"}, - {"out", OPT_OUT, '>', "output file (output format is always DER)"}, - {"noout", OPT_NOOUT, 0, "do not produce any output"}, - {"offset", OPT_OFFSET, 'p', "offset into file"}, - {"length", OPT_LENGTH, 'p', "length of section in file"}, - {"strparse", OPT_STRPARSE, 'p', - "offset; a series of these can be used to 'dig'"}, - {"genstr", OPT_GENSTR, 's', "string to generate ASN1 structure from"}, - {OPT_MORE_STR, 0, 0, "into multiple ASN1 blob wrappings"}, - {"genconf", OPT_GENCONF, 's', "file to generate ASN1 structure from"}, - {"strictpem", OPT_STRICTPEM, 0, - "do not attempt base64 decode outside PEM markers"}, - {"item", OPT_ITEM, 's', "item to parse and print"}, - {OPT_MORE_STR, 0, 0, "(-inform will be ignored)"}, - - OPT_SECTION("Formatting"), - {"i", OPT_INDENT, 0, "indents the output"}, - {"dump", OPT_DUMP, 0, "unknown data in hex form"}, - {"dlimit", OPT_DLIMIT, 'p', - "dump the first arg bytes of unknown data in hex form"}, - {NULL} -}; - -static int do_generate(char *genstr, const char *genconf, BUF_MEM *buf); - -int asn1parse_main(int argc, char **argv) -{ - ASN1_TYPE *at = NULL; - BIO *in = NULL, *b64 = NULL, *derout = NULL; - BUF_MEM *buf = NULL; - STACK_OF(OPENSSL_STRING) *osk = NULL; - char *genstr = NULL, *genconf = NULL; - char *infile = NULL, *oidfile = NULL, *derfile = NULL; - unsigned char *str = NULL; - char *name = NULL, *header = NULL, *prog; - const unsigned char *ctmpbuf; - int indent = 0, noout = 0, dump = 0, strictpem = 0, informat = FORMAT_PEM; - int offset = 0, ret = 1, i, j; - long num, tmplen; - unsigned char *tmpbuf; - unsigned int length = 0; - OPTION_CHOICE o; - const ASN1_ITEM *it = NULL; - - prog = opt_init(argc, argv, asn1parse_options); - - if ((osk = sk_OPENSSL_STRING_new_null()) == NULL) { - BIO_printf(bio_err, "%s: Memory allocation failure\n", prog); - goto end; - } - - while ((o = opt_next()) != OPT_EOF) { - switch (o) { - case OPT_EOF: - case OPT_ERR: - opthelp: - BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); - goto end; - case OPT_HELP: - opt_help(asn1parse_options); - ret = 0; - goto end; - case OPT_INFORM: - if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &informat)) - goto opthelp; - break; - case OPT_IN: - infile = opt_arg(); - break; - case OPT_OUT: - derfile = opt_arg(); - break; - case OPT_INDENT: - indent = 1; - break; - case OPT_NOOUT: - noout = 1; - break; - case OPT_OID: - oidfile = opt_arg(); - break; - case OPT_OFFSET: - offset = strtol(opt_arg(), NULL, 0); - break; - case OPT_LENGTH: - length = strtol(opt_arg(), NULL, 0); - break; - case OPT_DUMP: - dump = -1; - break; - case OPT_DLIMIT: - dump = strtol(opt_arg(), NULL, 0); - break; - case OPT_STRPARSE: - sk_OPENSSL_STRING_push(osk, opt_arg()); - break; - case OPT_GENSTR: - genstr = opt_arg(); - break; - case OPT_GENCONF: - genconf = opt_arg(); - break; - case OPT_STRICTPEM: - strictpem = 1; - informat = FORMAT_PEM; - break; - case OPT_ITEM: - it = ASN1_ITEM_lookup(opt_arg()); - if (it == NULL) { - size_t tmp; - - BIO_printf(bio_err, "Unknown item name %s\n", opt_arg()); - BIO_puts(bio_err, "Supported types:\n"); - for (tmp = 0;; tmp++) { - it = ASN1_ITEM_get(tmp); - if (it == NULL) - break; - BIO_printf(bio_err, " %s\n", it->sname); - } - goto end; - } - break; - } - } - - /* No extra args. */ - argc = opt_num_rest(); - if (argc != 0) - goto opthelp; - - if (oidfile != NULL) { - in = bio_open_default(oidfile, 'r', FORMAT_TEXT); - if (in == NULL) - goto end; - OBJ_create_objects(in); - BIO_free(in); - } - - if ((in = bio_open_default(infile, 'r', informat)) == NULL) - goto end; - - if (derfile && (derout = bio_open_default(derfile, 'w', FORMAT_ASN1)) == NULL) - goto end; - - if ((buf = BUF_MEM_new()) == NULL) - goto end; - if (strictpem) { - if (PEM_read_bio(in, &name, &header, &str, &num) != 1) { - BIO_printf(bio_err, "Error reading PEM file\n"); - ERR_print_errors(bio_err); - goto end; - } - buf->data = (char *)str; - buf->length = buf->max = num; - } else { - if (!BUF_MEM_grow(buf, BUFSIZ * 8)) - goto end; /* Pre-allocate :-) */ - - if (genstr || genconf) { - num = do_generate(genstr, genconf, buf); - if (num < 0) { - ERR_print_errors(bio_err); - goto end; - } - } else { - - if (informat == FORMAT_PEM) { - BIO *tmp; - - if ((b64 = BIO_new(BIO_f_base64())) == NULL) - goto end; - BIO_push(b64, in); - tmp = in; - in = b64; - b64 = tmp; - } - - num = 0; - for (;;) { - if (!BUF_MEM_grow(buf, num + BUFSIZ)) - goto end; - i = BIO_read(in, &(buf->data[num]), BUFSIZ); - if (i <= 0) - break; - num += i; - } - } - str = (unsigned char *)buf->data; - - } - - /* If any structs to parse go through in sequence */ - - if (sk_OPENSSL_STRING_num(osk)) { - tmpbuf = str; - tmplen = num; - for (i = 0; i < sk_OPENSSL_STRING_num(osk); i++) { - ASN1_TYPE *atmp; - int typ; - j = strtol(sk_OPENSSL_STRING_value(osk, i), NULL, 0); - if (j <= 0 || j >= tmplen) { - BIO_printf(bio_err, "'%s' is out of range\n", - sk_OPENSSL_STRING_value(osk, i)); - continue; - } - tmpbuf += j; - tmplen -= j; - atmp = at; - ctmpbuf = tmpbuf; - at = d2i_ASN1_TYPE(NULL, &ctmpbuf, tmplen); - ASN1_TYPE_free(atmp); - if (!at) { - BIO_printf(bio_err, "Error parsing structure\n"); - ERR_print_errors(bio_err); - goto end; - } - typ = ASN1_TYPE_get(at); - if ((typ == V_ASN1_OBJECT) - || (typ == V_ASN1_BOOLEAN) - || (typ == V_ASN1_NULL)) { - BIO_printf(bio_err, "Can't parse %s type\n", ASN1_tag2str(typ)); - ERR_print_errors(bio_err); - goto end; - } - /* hmm... this is a little evil but it works */ - tmpbuf = at->value.asn1_string->data; - tmplen = at->value.asn1_string->length; - } - str = tmpbuf; - num = tmplen; - } - - if (offset < 0 || offset >= num) { - BIO_printf(bio_err, "Error: offset out of range\n"); - goto end; - } - - num -= offset; - - if (length == 0 || length > (unsigned int)num) - length = (unsigned int)num; - if (derout != NULL) { - if (BIO_write(derout, str + offset, length) != (int)length) { - BIO_printf(bio_err, "Error writing output\n"); - ERR_print_errors(bio_err); - goto end; - } - } - if (!noout) { - const unsigned char *p = str + offset; - - if (it != NULL) { - ASN1_VALUE *value = ASN1_item_d2i(NULL, &p, length, it); - if (value == NULL) { - BIO_printf(bio_err, "Error parsing item %s\n", it->sname); - ERR_print_errors(bio_err); - goto end; - } - ASN1_item_print(bio_out, value, 0, it, NULL); - ASN1_item_free(value, it); - } else { - if (!ASN1_parse_dump(bio_out, p, length, indent, dump)) { - ERR_print_errors(bio_err); - goto end; - } - } - } - ret = 0; - end: - BIO_free(derout); - BIO_free(in); - BIO_free(b64); - if (ret != 0) - ERR_print_errors(bio_err); - BUF_MEM_free(buf); - OPENSSL_free(name); - OPENSSL_free(header); - ASN1_TYPE_free(at); - sk_OPENSSL_STRING_free(osk); - return ret; -} - -static int do_generate(char *genstr, const char *genconf, BUF_MEM *buf) -{ - CONF *cnf = NULL; - int len; - unsigned char *p; - ASN1_TYPE *atyp = NULL; - - if (genconf != NULL) { - if ((cnf = app_load_config(genconf)) == NULL) - goto err; - if (genstr == NULL) - genstr = NCONF_get_string(cnf, "default", "asn1"); - if (genstr == NULL) { - BIO_printf(bio_err, "Can't find 'asn1' in '%s'\n", genconf); - goto err; - } - } - - atyp = ASN1_generate_nconf(genstr, cnf); - NCONF_free(cnf); - cnf = NULL; - - if (atyp == NULL) - return -1; - - len = i2d_ASN1_TYPE(atyp, NULL); - - if (len <= 0) - goto err; - - if (!BUF_MEM_grow(buf, len)) - goto err; - - p = (unsigned char *)buf->data; - - i2d_ASN1_TYPE(atyp, &p); - - ASN1_TYPE_free(atyp); - return len; - - err: - NCONF_free(cnf); - ASN1_TYPE_free(atyp); - return -1; -} diff --git a/apps/build.info b/apps/build.info deleted file mode 100644 index 020d129f8cacca8f57df3f91c875f88c8b9356aa..0000000000000000000000000000000000000000 --- a/apps/build.info +++ /dev/null @@ -1,90 +0,0 @@ -SUBDIRS=lib - -# Program init source, that don't have direct linkage with the rest of the -# source, and can therefore not be part of a library. -IF[{- !$disabled{uplink} -}] - $INITSRC=../ms/applink.c -ENDIF -IF[{- $config{target} =~ /^vms-/ -}] - $INITSRC=vms_decc_init.c -ENDIF - -# Source for the 'openssl' program -$OPENSSLSRC=\ - openssl.c \ - asn1parse.c ca.c ciphers.c crl.c crl2pkcs7.c dgst.c \ - enc.c errstr.c \ - genpkey.c kdf.c mac.c nseq.c passwd.c pkcs7.c \ - pkcs8.c pkey.c pkeyparam.c pkeyutl.c prime.c rand.c req.c \ - s_client.c s_server.c s_time.c sess_id.c smime.c speed.c \ - spkac.c verify.c version.c x509.c rehash.c storeutl.c \ - list.c info.c fipsinstall.c pkcs12.c -IF[{- !$disabled{'ec'} -}] - $OPENSSLSRC=$OPENSSLSRC ec.c ecparam.c -ENDIF -IF[{- !$disabled{'ocsp'} -}] - $OPENSSLSRC=$OPENSSLSRC ocsp.c -ENDIF -IF[{- !$disabled{'srp'} -}] - $OPENSSLSRC=$OPENSSLSRC srp.c -ENDIF -IF[{- !$disabled{'ts'} -}] - $OPENSSLSRC=$OPENSSLSRC ts.c -ENDIF -IF[{- !$disabled{'dh'} -}] -$OPENSSLSRC=$OPENSSLSRC dhparam.c -ENDIF -IF[{- !$disabled{'dsa'} -}] -$OPENSSLSRC=$OPENSSLSRC dsa.c dsaparam.c gendsa.c -ENDIF -IF[{- !$disabled{'engine'} -}] -$OPENSSLSRC=$OPENSSLSRC engine.c -ENDIF -IF[{- !$disabled{'rsa'} -}] -$OPENSSLSRC=$OPENSSLSRC rsa.c genrsa.c -ENDIF -IF[{- !$disabled{'deprecated-3.0'} -}] - IF[{- !$disabled{'rsa'} -}] - $OPENSSLSRC=$OPENSSLSRC rsautl.c - ENDIF -ENDIF -IF[{- !$disabled{'cms'} -}] - $OPENSSLSRC=$OPENSSLSRC cms.c -ENDIF -IF[{- !$disabled{'cmp'} -}] - $OPENSSLSRC=$OPENSSLSRC cmp.c lib/cmp_mock_srv.c -ENDIF - -IF[{- !$disabled{apps} -}] - PROGRAMS=openssl - SOURCE[openssl]=$INITSRC $OPENSSLSRC - INCLUDE[openssl]=.. ../include include - DEPEND[openssl]=libapps.a ../libssl - - # The nocheck attribute is picked up by progs.pl as a signal not to look - # at that file; some systems may have locked it as the output file, and - # therefore don't allow it to be read at the same time, making progs.pl - # fail. - SOURCE[openssl]{nocheck}=progs.c - DEPEND[${OPENSSLSRC/.c/.o} progs.o]=progs.h - GENERATE[progs.c]=progs.pl "-C" $(APPS_OPENSSL) - GENERATE[progs.h]=progs.pl "-H" $(APPS_OPENSSL) - # progs.pl tries to read all 'openssl' sources, including progs.c, so we make - # sure things are generated in the correct order. - DEPEND[progs.h]=progs.c - # Because the files to look through may change (depends on $OPENSSLSRC), - # always depend on a changed configuration. - DEPEND[progs.c]=../configdata.pm - - IF[{- $config{target} =~ /^(?:Cygwin|mingw|VC-|BC-)/ -}] - GENERATE[openssl.rc]=../util/mkrc.pl openssl - SOURCE[openssl]=openssl.rc - ENDIF - - SCRIPTS{misc}=CA.pl - SOURCE[CA.pl]=CA.pl.in - # linkname tells build files that a symbolic link or copy of this script - # without extension must be installed as well. Unix or Unix lookalike only. - SCRIPTS{misc,linkname=tsget}=tsget.pl - SOURCE[tsget.pl]=tsget.in -ENDIF diff --git a/apps/ca.c b/apps/ca.c deleted file mode 100644 index e14a5cff78023c8b087bfce92e98846b8efab75c..0000000000000000000000000000000000000000 --- a/apps/ca.c +++ /dev/null @@ -1,2653 +0,0 @@ -/* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#ifndef W_OK -# ifdef OPENSSL_SYS_VMS -# include -# elif !defined(OPENSSL_SYS_VXWORKS) && !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_TANDEM) -# include -# endif -#endif - -#include "apps.h" -#include "progs.h" - -#ifndef W_OK -# define F_OK 0 -# define W_OK 2 -# define R_OK 4 -#endif - -#ifndef PATH_MAX -# define PATH_MAX 4096 -#endif - -#define BASE_SECTION "ca" - -#define ENV_DEFAULT_CA "default_ca" - -#define STRING_MASK "string_mask" -#define UTF8_IN "utf8" - -#define ENV_NEW_CERTS_DIR "new_certs_dir" -#define ENV_CERTIFICATE "certificate" -#define ENV_SERIAL "serial" -#define ENV_RAND_SERIAL "rand_serial" -#define ENV_CRLNUMBER "crlnumber" -#define ENV_PRIVATE_KEY "private_key" -#define ENV_DEFAULT_DAYS "default_days" -#define ENV_DEFAULT_STARTDATE "default_startdate" -#define ENV_DEFAULT_ENDDATE "default_enddate" -#define ENV_DEFAULT_CRL_DAYS "default_crl_days" -#define ENV_DEFAULT_CRL_HOURS "default_crl_hours" -#define ENV_DEFAULT_MD "default_md" -#define ENV_DEFAULT_EMAIL_DN "email_in_dn" -#define ENV_PRESERVE "preserve" -#define ENV_POLICY "policy" -#define ENV_EXTENSIONS "x509_extensions" -#define ENV_CRLEXT "crl_extensions" -#define ENV_MSIE_HACK "msie_hack" -#define ENV_NAMEOPT "name_opt" -#define ENV_CERTOPT "cert_opt" -#define ENV_EXTCOPY "copy_extensions" -#define ENV_UNIQUE_SUBJECT "unique_subject" - -#define ENV_DATABASE "database" - -/* Additional revocation information types */ -typedef enum { - REV_VALID = -1, /* Valid (not-revoked) status */ - REV_NONE = 0, /* No additional information */ - REV_CRL_REASON = 1, /* Value is CRL reason code */ - REV_HOLD = 2, /* Value is hold instruction */ - REV_KEY_COMPROMISE = 3, /* Value is cert key compromise time */ - REV_CA_COMPROMISE = 4 /* Value is CA key compromise time */ -} REVINFO_TYPE; - -static char *lookup_conf(const CONF *conf, const char *group, const char *tag); - -static int certify(X509 **xret, const char *infile, int informat, - EVP_PKEY *pkey, X509 *x509, - const char *dgst, - STACK_OF(OPENSSL_STRING) *sigopts, - STACK_OF(OPENSSL_STRING) *vfyopts, - STACK_OF(CONF_VALUE) *policy, CA_DB *db, - BIGNUM *serial, const char *subj, unsigned long chtype, - int multirdn, int email_dn, const char *startdate, - const char *enddate, - long days, int batch, const char *ext_sect, CONF *conf, - int verbose, unsigned long certopt, unsigned long nameopt, - int default_op, int ext_copy, int selfsign, unsigned long dateopt); -static int certify_cert(X509 **xret, const char *infile, int certformat, - const char *passin, EVP_PKEY *pkey, X509 *x509, - const char *dgst, - STACK_OF(OPENSSL_STRING) *sigopts, - STACK_OF(OPENSSL_STRING) *vfyopts, - STACK_OF(CONF_VALUE) *policy, CA_DB *db, - BIGNUM *serial, const char *subj, unsigned long chtype, - int multirdn, int email_dn, const char *startdate, - const char *enddate, long days, int batch, const char *ext_sect, - CONF *conf, int verbose, unsigned long certopt, - unsigned long nameopt, int default_op, int ext_copy, unsigned long dateopt); -static int certify_spkac(X509 **xret, const char *infile, EVP_PKEY *pkey, - X509 *x509, const char *dgst, - STACK_OF(OPENSSL_STRING) *sigopts, - STACK_OF(CONF_VALUE) *policy, CA_DB *db, - BIGNUM *serial, const char *subj, unsigned long chtype, - int multirdn, int email_dn, const char *startdate, - const char *enddate, long days, const char *ext_sect, CONF *conf, - int verbose, unsigned long certopt, - unsigned long nameopt, int default_op, int ext_copy, unsigned long dateopt); -static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, - const char *dgst, STACK_OF(OPENSSL_STRING) *sigopts, - STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial, - const char *subj, unsigned long chtype, int multirdn, - int email_dn, const char *startdate, const char *enddate, long days, - int batch, int verbose, X509_REQ *req, const char *ext_sect, - CONF *conf, unsigned long certopt, unsigned long nameopt, - int default_op, int ext_copy, int selfsign, unsigned long dateopt); -static int get_certificate_status(const char *ser_status, CA_DB *db); -static int do_updatedb(CA_DB *db); -static int check_time_format(const char *str); -static int do_revoke(X509 *x509, CA_DB *db, REVINFO_TYPE rev_type, - const char *extval); -static char *make_revocation_str(REVINFO_TYPE rev_type, const char *rev_arg); -static int make_revoked(X509_REVOKED *rev, const char *str); -static int old_entry_print(const ASN1_OBJECT *obj, const ASN1_STRING *str); -static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext); - -static CONF *extfile_conf = NULL; -static int preserve = 0; -static int msie_hack = 0; - -typedef enum OPTION_choice { - OPT_COMMON, - OPT_ENGINE, OPT_VERBOSE, OPT_CONFIG, OPT_NAME, OPT_SUBJ, OPT_UTF8, - OPT_CREATE_SERIAL, OPT_MULTIVALUE_RDN, OPT_STARTDATE, OPT_ENDDATE, - OPT_DAYS, OPT_MD, OPT_POLICY, OPT_KEYFILE, OPT_KEYFORM, OPT_PASSIN, - OPT_KEY, OPT_CERT, OPT_CERTFORM, OPT_SELFSIGN, - OPT_IN, OPT_INFORM, OPT_OUT, OPT_DATEOPT, OPT_OUTDIR, OPT_VFYOPT, - OPT_SIGOPT, OPT_NOTEXT, OPT_BATCH, OPT_PRESERVEDN, OPT_NOEMAILDN, - OPT_GENCRL, OPT_MSIE_HACK, OPT_CRL_LASTUPDATE, OPT_CRL_NEXTUPDATE, - OPT_CRLDAYS, OPT_CRLHOURS, OPT_CRLSEC, - OPT_INFILES, OPT_SS_CERT, OPT_SPKAC, OPT_REVOKE, OPT_VALID, - OPT_EXTENSIONS, OPT_EXTFILE, OPT_STATUS, OPT_UPDATEDB, OPT_CRLEXTS, - OPT_RAND_SERIAL, - OPT_R_ENUM, OPT_PROV_ENUM, - /* Do not change the order here; see related case statements below */ - OPT_CRL_REASON, OPT_CRL_HOLD, OPT_CRL_COMPROMISE, OPT_CRL_CA_COMPROMISE -} OPTION_CHOICE; - -const OPTIONS ca_options[] = { - {OPT_HELP_STR, 1, '-', "Usage: %s [options] [certreq...]\n"}, - - OPT_SECTION("General"), - {"help", OPT_HELP, '-', "Display this summary"}, - {"verbose", OPT_VERBOSE, '-', "Verbose output during processing"}, - {"outdir", OPT_OUTDIR, '/', "Where to put output cert"}, - {"in", OPT_IN, '<', "The input cert request(s)"}, - {"inform", OPT_INFORM, 'F', "CSR input format (DER or PEM); default PEM"}, - {"infiles", OPT_INFILES, '-', "The last argument, requests to process"}, - {"out", OPT_OUT, '>', "Where to put the output file(s)"}, - {"dateopt", OPT_DATEOPT, 's', "Datetime format used for printing. (rfc_822/iso_8601). Default is rfc_822."}, - {"notext", OPT_NOTEXT, '-', "Do not print the generated certificate"}, - {"batch", OPT_BATCH, '-', "Don't ask questions"}, - {"msie_hack", OPT_MSIE_HACK, '-', - "msie modifications to handle all Universal Strings"}, - {"ss_cert", OPT_SS_CERT, '<', "File contains a self signed cert to sign"}, - {"spkac", OPT_SPKAC, '<', - "File contains DN and signed public key and challenge"}, -#ifndef OPENSSL_NO_ENGINE - {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, -#endif - - OPT_SECTION("Configuration"), - {"config", OPT_CONFIG, 's', "A config file"}, - {"name", OPT_NAME, 's', "The particular CA definition to use"}, - {"section", OPT_NAME, 's', "An alias for -name"}, - {"policy", OPT_POLICY, 's', "The CA 'policy' to support"}, - - OPT_SECTION("Certificate"), - {"subj", OPT_SUBJ, 's', "Use arg instead of request's subject"}, - {"utf8", OPT_UTF8, '-', "Input characters are UTF8; default ASCII"}, - {"create_serial", OPT_CREATE_SERIAL, '-', - "If reading serial fails, create a new random serial"}, - {"rand_serial", OPT_RAND_SERIAL, '-', - "Always create a random serial; do not store it"}, - {"multivalue-rdn", OPT_MULTIVALUE_RDN, '-', - "Deprecated; multi-valued RDNs support is always on."}, - {"startdate", OPT_STARTDATE, 's', "Cert notBefore, YYMMDDHHMMSSZ"}, - {"enddate", OPT_ENDDATE, 's', - "YYMMDDHHMMSSZ cert notAfter (overrides -days)"}, - {"days", OPT_DAYS, 'p', "Number of days to certify the cert for"}, - {"extensions", OPT_EXTENSIONS, 's', - "Extension section (override value in config file)"}, - {"extfile", OPT_EXTFILE, '<', - "Configuration file with X509v3 extensions to add"}, - {"preserveDN", OPT_PRESERVEDN, '-', "Don't re-order the DN"}, - {"noemailDN", OPT_NOEMAILDN, '-', "Don't add the EMAIL field to the DN"}, - - OPT_SECTION("Signing"), - {"md", OPT_MD, 's', "Digest to use, such as sha256"}, - {"keyfile", OPT_KEYFILE, 's', "The CA private key"}, - {"keyform", OPT_KEYFORM, 'f', - "Private key file format (ENGINE, other values ignored)"}, - {"passin", OPT_PASSIN, 's', "Key and cert input file pass phrase source"}, - {"key", OPT_KEY, 's', - "Key to decrypt the private key or cert files if encrypted. Better use -passin"}, - {"cert", OPT_CERT, '<', "The CA cert"}, - {"certform", OPT_CERTFORM, 'F', - "Certificate input format (DER/PEM/P12); has no effect"}, - {"selfsign", OPT_SELFSIGN, '-', - "Sign a cert with the key associated with it"}, - {"sigopt", OPT_SIGOPT, 's', "Signature parameter in n:v form"}, - {"vfyopt", OPT_VFYOPT, 's', "Verification parameter in n:v form"}, - - OPT_SECTION("Revocation"), - {"gencrl", OPT_GENCRL, '-', "Generate a new CRL"}, - {"valid", OPT_VALID, 's', - "Add a Valid(not-revoked) DB entry about a cert (given in file)"}, - {"status", OPT_STATUS, 's', "Shows cert status given the serial number"}, - {"updatedb", OPT_UPDATEDB, '-', "Updates db for expired cert"}, - {"crlexts", OPT_CRLEXTS, 's', - "CRL extension section (override value in config file)"}, - {"crl_reason", OPT_CRL_REASON, 's', "revocation reason"}, - {"crl_hold", OPT_CRL_HOLD, 's', - "the hold instruction, an OID. Sets revocation reason to certificateHold"}, - {"crl_compromise", OPT_CRL_COMPROMISE, 's', - "sets compromise time to val and the revocation reason to keyCompromise"}, - {"crl_CA_compromise", OPT_CRL_CA_COMPROMISE, 's', - "sets compromise time to val and the revocation reason to CACompromise"}, - {"crl_lastupdate", OPT_CRL_LASTUPDATE, 's', - "Sets the CRL lastUpdate time to val (YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ)"}, - {"crl_nextupdate", OPT_CRL_NEXTUPDATE, 's', - "Sets the CRL nextUpdate time to val (YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ)"}, - {"crldays", OPT_CRLDAYS, 'p', "Days until the next CRL is due"}, - {"crlhours", OPT_CRLHOURS, 'p', "Hours until the next CRL is due"}, - {"crlsec", OPT_CRLSEC, 'p', "Seconds until the next CRL is due"}, - {"revoke", OPT_REVOKE, '<', "Revoke a cert (given in file)"}, - - OPT_R_OPTIONS, - OPT_PROV_OPTIONS, - - OPT_PARAMETERS(), - {"certreq", 0, 0, "Certificate requests to be signed (optional)"}, - {NULL} -}; - -int ca_main(int argc, char **argv) -{ - CONF *conf = NULL; - ENGINE *e = NULL; - BIGNUM *crlnumber = NULL, *serial = NULL; - EVP_PKEY *pkey = NULL; - BIO *in = NULL, *out = NULL, *Sout = NULL; - ASN1_INTEGER *tmpser; - CA_DB *db = NULL; - DB_ATTR db_attr; - STACK_OF(CONF_VALUE) *attribs = NULL; - STACK_OF(OPENSSL_STRING) *sigopts = NULL, *vfyopts = NULL; - STACK_OF(X509) *cert_sk = NULL; - X509_CRL *crl = NULL; - char *configfile = default_config_file, *section = NULL; - char def_dgst[80] = ""; - char *dgst = NULL, *policy = NULL, *keyfile = NULL; - char *certfile = NULL, *crl_ext = NULL, *crlnumberfile = NULL; - int certformat = FORMAT_UNDEF, informat = FORMAT_UNDEF; - unsigned long dateopt = ASN1_DTFLGS_RFC822; - const char *infile = NULL, *spkac_file = NULL, *ss_cert_file = NULL; - const char *extensions = NULL, *extfile = NULL, *passinarg = NULL; - char *passin = NULL; - char *outdir = NULL, *outfile = NULL, *rev_arg = NULL, *ser_status = NULL; - const char *serialfile = NULL, *subj = NULL; - char *prog, *startdate = NULL, *enddate = NULL; - char *dbfile = NULL, *f; - char new_cert[PATH_MAX]; - char tmp[10 + 1] = "\0"; - char *const *pp; - const char *p; - size_t outdirlen = 0; - int create_ser = 0, free_passin = 0, total = 0, total_done = 0; - int batch = 0, default_op = 1, doupdatedb = 0, ext_copy = EXT_COPY_NONE; - int keyformat = FORMAT_UNDEF, multirdn = 1, notext = 0, output_der = 0; - int ret = 1, email_dn = 1, req = 0, verbose = 0, gencrl = 0, dorevoke = 0; - int rand_ser = 0, i, j, selfsign = 0, def_ret; - char *crl_lastupdate = NULL, *crl_nextupdate = NULL; - long crldays = 0, crlhours = 0, crlsec = 0, days = 0; - unsigned long chtype = MBSTRING_ASC, certopt = 0; - X509 *x509 = NULL, *x509p = NULL, *x = NULL; - REVINFO_TYPE rev_type = REV_NONE; - X509_REVOKED *r = NULL; - OPTION_CHOICE o; - - prog = opt_init(argc, argv, ca_options); - while ((o = opt_next()) != OPT_EOF) { - switch (o) { - case OPT_EOF: - case OPT_ERR: -opthelp: - BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); - goto end; - case OPT_HELP: - opt_help(ca_options); - ret = 0; - goto end; - case OPT_IN: - req = 1; - infile = opt_arg(); - break; - case OPT_INFORM: - if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &informat)) - goto opthelp; - break; - case OPT_OUT: - outfile = opt_arg(); - break; - case OPT_DATEOPT: - if (!set_dateopt(&dateopt, opt_arg())) - goto opthelp; - break; - case OPT_VERBOSE: - verbose = 1; - break; - case OPT_CONFIG: - configfile = opt_arg(); - break; - case OPT_NAME: - section = opt_arg(); - break; - case OPT_SUBJ: - subj = opt_arg(); - /* preserve=1; */ - break; - case OPT_UTF8: - chtype = MBSTRING_UTF8; - break; - case OPT_RAND_SERIAL: - rand_ser = 1; - break; - case OPT_CREATE_SERIAL: - create_ser = 1; - break; - case OPT_MULTIVALUE_RDN: - /* obsolete */ - break; - case OPT_STARTDATE: - startdate = opt_arg(); - break; - case OPT_ENDDATE: - enddate = opt_arg(); - break; - case OPT_DAYS: - days = atoi(opt_arg()); - break; - case OPT_MD: - dgst = opt_arg(); - break; - case OPT_POLICY: - policy = opt_arg(); - break; - case OPT_KEYFILE: - keyfile = opt_arg(); - break; - case OPT_KEYFORM: - if (!opt_format(opt_arg(), OPT_FMT_ANY, &keyformat)) - goto opthelp; - break; - case OPT_PASSIN: - passinarg = opt_arg(); - break; - case OPT_R_CASES: - if (!opt_rand(o)) - goto end; - break; - case OPT_PROV_CASES: - if (!opt_provider(o)) - goto end; - break; - case OPT_KEY: - passin = opt_arg(); - break; - case OPT_CERT: - certfile = opt_arg(); - break; - case OPT_CERTFORM: - if (!opt_format(opt_arg(), OPT_FMT_ANY, &certformat)) - goto opthelp; - break; - case OPT_SELFSIGN: - selfsign = 1; - break; - case OPT_OUTDIR: - outdir = opt_arg(); - break; - case OPT_SIGOPT: - if (sigopts == NULL) - sigopts = sk_OPENSSL_STRING_new_null(); - if (sigopts == NULL || !sk_OPENSSL_STRING_push(sigopts, opt_arg())) - goto end; - break; - case OPT_VFYOPT: - if (vfyopts == NULL) - vfyopts = sk_OPENSSL_STRING_new_null(); - if (vfyopts == NULL || !sk_OPENSSL_STRING_push(vfyopts, opt_arg())) - goto end; - break; - case OPT_NOTEXT: - notext = 1; - break; - case OPT_BATCH: - batch = 1; - break; - case OPT_PRESERVEDN: - preserve = 1; - break; - case OPT_NOEMAILDN: - email_dn = 0; - break; - case OPT_GENCRL: - gencrl = 1; - break; - case OPT_MSIE_HACK: - msie_hack = 1; - break; - case OPT_CRL_LASTUPDATE: - crl_lastupdate = opt_arg(); - break; - case OPT_CRL_NEXTUPDATE: - crl_nextupdate = opt_arg(); - break; - case OPT_CRLDAYS: - crldays = atol(opt_arg()); - break; - case OPT_CRLHOURS: - crlhours = atol(opt_arg()); - break; - case OPT_CRLSEC: - crlsec = atol(opt_arg()); - break; - case OPT_INFILES: - req = 1; - goto end_of_options; - case OPT_SS_CERT: - ss_cert_file = opt_arg(); - req = 1; - break; - case OPT_SPKAC: - spkac_file = opt_arg(); - req = 1; - break; - case OPT_REVOKE: - infile = opt_arg(); - dorevoke = 1; - break; - case OPT_VALID: - infile = opt_arg(); - dorevoke = 2; - break; - case OPT_EXTENSIONS: - extensions = opt_arg(); - break; - case OPT_EXTFILE: - extfile = opt_arg(); - break; - case OPT_STATUS: - ser_status = opt_arg(); - break; - case OPT_UPDATEDB: - doupdatedb = 1; - break; - case OPT_CRLEXTS: - crl_ext = opt_arg(); - break; - case OPT_CRL_REASON: /* := REV_CRL_REASON */ - case OPT_CRL_HOLD: - case OPT_CRL_COMPROMISE: - case OPT_CRL_CA_COMPROMISE: - rev_arg = opt_arg(); - rev_type = (o - OPT_CRL_REASON) + REV_CRL_REASON; - break; - case OPT_ENGINE: - e = setup_engine(opt_arg(), 0); - break; - } - } - -end_of_options: - /* Remaining args are files to certify. */ - argc = opt_num_rest(); - argv = opt_rest(); - - if ((conf = app_load_config_verbose(configfile, 1)) == NULL) - goto end; - if (configfile != default_config_file && !app_load_modules(conf)) - goto end; - - /* Lets get the config section we are using */ - if (section == NULL - && (section = lookup_conf(conf, BASE_SECTION, ENV_DEFAULT_CA)) == NULL) - goto end; - - p = NCONF_get_string(conf, NULL, "oid_file"); - if (p == NULL) - ERR_clear_error(); - if (p != NULL) { - BIO *oid_bio = BIO_new_file(p, "r"); - - if (oid_bio == NULL) { - ERR_clear_error(); - } else { - OBJ_create_objects(oid_bio); - BIO_free(oid_bio); - } - } - if (!add_oid_section(conf)) - goto end; - - app_RAND_load_conf(conf, BASE_SECTION); - if (!app_RAND_load()) - goto end; - - f = NCONF_get_string(conf, section, STRING_MASK); - if (f == NULL) - ERR_clear_error(); - - if (f != NULL && !ASN1_STRING_set_default_mask_asc(f)) { - BIO_printf(bio_err, "Invalid global string mask setting %s\n", f); - goto end; - } - - if (chtype != MBSTRING_UTF8) { - f = NCONF_get_string(conf, section, UTF8_IN); - if (f == NULL) - ERR_clear_error(); - else if (strcmp(f, "yes") == 0) - chtype = MBSTRING_UTF8; - } - - db_attr.unique_subject = 1; - p = NCONF_get_string(conf, section, ENV_UNIQUE_SUBJECT); - if (p != NULL) - db_attr.unique_subject = parse_yesno(p, 1); - else - ERR_clear_error(); - - /*****************************************************************/ - /* report status of cert with serial number given on command line */ - if (ser_status) { - dbfile = lookup_conf(conf, section, ENV_DATABASE); - if (dbfile == NULL) - goto end; - - db = load_index(dbfile, &db_attr); - if (db == NULL) { - BIO_printf(bio_err, "Problem with index file: %s (could not load/parse file)\n", dbfile); - goto end; - } - - if (index_index(db) <= 0) - goto end; - - if (get_certificate_status(ser_status, db) != 1) - BIO_printf(bio_err, "Error verifying serial %s!\n", ser_status); - goto end; - } - - /*****************************************************************/ - /* we definitely need a private key, so let's get it */ - - if (keyfile == NULL - && (keyfile = lookup_conf(conf, section, ENV_PRIVATE_KEY)) == NULL) - goto end; - - if (passin == NULL) { - free_passin = 1; - if (!app_passwd(passinarg, NULL, &passin, NULL)) { - BIO_printf(bio_err, "Error getting password\n"); - goto end; - } - } - pkey = load_key(keyfile, keyformat, 0, passin, e, "CA private key"); - cleanse(passin); - if (pkey == NULL) - /* load_key() has already printed an appropriate message */ - goto end; - - /*****************************************************************/ - /* we need a certificate */ - if (!selfsign || spkac_file || ss_cert_file || gencrl) { - if (certfile == NULL - && (certfile = lookup_conf(conf, section, ENV_CERTIFICATE)) == NULL) - goto end; - - x509 = load_cert_pass(certfile, certformat, 1, passin, "CA certificate"); - if (x509 == NULL) - goto end; - - if (!X509_check_private_key(x509, pkey)) { - BIO_printf(bio_err, - "CA certificate and CA private key do not match\n"); - goto end; - } - } - if (!selfsign) - x509p = x509; - - f = NCONF_get_string(conf, BASE_SECTION, ENV_PRESERVE); - if (f == NULL) - ERR_clear_error(); - if ((f != NULL) && ((*f == 'y') || (*f == 'Y'))) - preserve = 1; - f = NCONF_get_string(conf, BASE_SECTION, ENV_MSIE_HACK); - if (f == NULL) - ERR_clear_error(); - if ((f != NULL) && ((*f == 'y') || (*f == 'Y'))) - msie_hack = 1; - - f = NCONF_get_string(conf, section, ENV_NAMEOPT); - - if (f != NULL) { - if (!set_nameopt(f)) { - BIO_printf(bio_err, "Invalid name options: \"%s\"\n", f); - goto end; - } - default_op = 0; - } - - f = NCONF_get_string(conf, section, ENV_CERTOPT); - - if (f != NULL) { - if (!set_cert_ex(&certopt, f)) { - BIO_printf(bio_err, "Invalid certificate options: \"%s\"\n", f); - goto end; - } - default_op = 0; - } else { - ERR_clear_error(); - } - - f = NCONF_get_string(conf, section, ENV_EXTCOPY); - - if (f != NULL) { - if (!set_ext_copy(&ext_copy, f)) { - BIO_printf(bio_err, "Invalid extension copy option: \"%s\"\n", f); - goto end; - } - } else { - ERR_clear_error(); - } - - /*****************************************************************/ - /* lookup where to write new certificates */ - if ((outdir == NULL) && (req)) { - - outdir = NCONF_get_string(conf, section, ENV_NEW_CERTS_DIR); - if (outdir == NULL) { - BIO_printf(bio_err, - "there needs to be defined a directory for new certificate to be placed in\n"); - goto end; - } -#ifndef OPENSSL_SYS_VMS - /* - * outdir is a directory spec, but access() for VMS demands a - * filename. We could use the DEC C routine to convert the - * directory syntax to Unix, and give that to app_isdir, - * but for now the fopen will catch the error if it's not a - * directory - */ - if (app_isdir(outdir) <= 0) { - BIO_printf(bio_err, "%s: %s is not a directory\n", prog, outdir); - perror(outdir); - goto end; - } -#endif - } - - /*****************************************************************/ - /* we need to load the database file */ - dbfile = lookup_conf(conf, section, ENV_DATABASE); - if (dbfile == NULL) - goto end; - - db = load_index(dbfile, &db_attr); - if (db == NULL) { - BIO_printf(bio_err, "Problem with index file: %s (could not load/parse file)\n", dbfile); - goto end; - } - - /* Lets check some fields */ - for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) { - pp = sk_OPENSSL_PSTRING_value(db->db->data, i); - if ((pp[DB_type][0] != DB_TYPE_REV) && (pp[DB_rev_date][0] != '\0')) { - BIO_printf(bio_err, - "entry %d: not revoked yet, but has a revocation date\n", - i + 1); - goto end; - } - if ((pp[DB_type][0] == DB_TYPE_REV) && - !make_revoked(NULL, pp[DB_rev_date])) { - BIO_printf(bio_err, " in entry %d\n", i + 1); - goto end; - } - if (!check_time_format((char *)pp[DB_exp_date])) { - BIO_printf(bio_err, "entry %d: invalid expiry date\n", i + 1); - goto end; - } - p = pp[DB_serial]; - j = strlen(p); - if (*p == '-') { - p++; - j--; - } - if ((j & 1) || (j < 2)) { - BIO_printf(bio_err, "entry %d: bad serial number length (%d)\n", - i + 1, j); - goto end; - } - for ( ; *p; p++) { - if (!isxdigit(_UC(*p))) { - BIO_printf(bio_err, - "entry %d: bad char 0%o '%c' in serial number\n", - i + 1, *p, *p); - goto end; - } - } - } - if (verbose) { - TXT_DB_write(bio_out, db->db); - BIO_printf(bio_err, "%d entries loaded from the database\n", - sk_OPENSSL_PSTRING_num(db->db->data)); - BIO_printf(bio_err, "generating index\n"); - } - - if (index_index(db) <= 0) - goto end; - - /*****************************************************************/ - /* Update the db file for expired certificates */ - if (doupdatedb) { - if (verbose) - BIO_printf(bio_err, "Updating %s ...\n", dbfile); - - i = do_updatedb(db); - if (i == -1) { - BIO_printf(bio_err, "Malloc failure\n"); - goto end; - } else if (i == 0) { - if (verbose) - BIO_printf(bio_err, "No entries found to mark expired\n"); - } else { - if (!save_index(dbfile, "new", db)) - goto end; - - if (!rotate_index(dbfile, "new", "old")) - goto end; - - if (verbose) - BIO_printf(bio_err, "Done. %d entries marked as expired\n", i); - } - } - - /*****************************************************************/ - /* Read extensions config file */ - if (extfile) { - if ((extfile_conf = app_load_config(extfile)) == NULL) { - ret = 1; - goto end; - } - - if (verbose) - BIO_printf(bio_err, "Successfully loaded extensions file %s\n", - extfile); - - /* We can have sections in the ext file */ - if (extensions == NULL) { - extensions = NCONF_get_string(extfile_conf, "default", "extensions"); - if (extensions == NULL) - extensions = "default"; - } - } - - /*****************************************************************/ - if (req || gencrl) { - if (spkac_file != NULL && outfile != NULL) { - output_der = 1; - batch = 1; - } - } - - def_ret = EVP_PKEY_get_default_digest_name(pkey, def_dgst, sizeof(def_dgst)); - /* - * EVP_PKEY_get_default_digest_name() returns 2 if the digest is - * mandatory for this algorithm. - */ - if (def_ret == 2 && strcmp(def_dgst, "UNDEF") == 0) { - /* The signing algorithm requires there to be no digest */ - dgst = NULL; - } else if (dgst == NULL - && (dgst = lookup_conf(conf, section, ENV_DEFAULT_MD)) == NULL) { - goto end; - } else { - if (strcmp(dgst, "default") == 0) { - if (def_ret <= 0) { - BIO_puts(bio_err, "no default digest\n"); - goto end; - } - dgst = def_dgst; - } - } - - if (req) { - if (email_dn == 1) { - char *tmp_email_dn = NULL; - - tmp_email_dn = NCONF_get_string(conf, section, ENV_DEFAULT_EMAIL_DN); - if (tmp_email_dn != NULL && strcmp(tmp_email_dn, "no") == 0) - email_dn = 0; - } - if (verbose) - BIO_printf(bio_err, "message digest is %s\n", dgst); - if (policy == NULL - && (policy = lookup_conf(conf, section, ENV_POLICY)) == NULL) - goto end; - - if (verbose) - BIO_printf(bio_err, "policy is %s\n", policy); - - if (NCONF_get_string(conf, section, ENV_RAND_SERIAL) != NULL) { - rand_ser = 1; - } else { - serialfile = lookup_conf(conf, section, ENV_SERIAL); - if (serialfile == NULL) - goto end; - } - - if (extfile_conf != NULL) { - /* Check syntax of extfile */ - X509V3_CTX ctx; - - X509V3_set_ctx_test(&ctx); - X509V3_set_nconf(&ctx, extfile_conf); - if (!X509V3_EXT_add_nconf(extfile_conf, &ctx, extensions, NULL)) { - BIO_printf(bio_err, - "Error checking certificate extensions from extfile section %s\n", - extensions); - ret = 1; - goto end; - } - } else { - /* - * no '-extfile' option, so we look for extensions in the main - * configuration file - */ - if (extensions == NULL) { - extensions = NCONF_get_string(conf, section, ENV_EXTENSIONS); - if (extensions == NULL) - ERR_clear_error(); - } - if (extensions != NULL) { - /* Check syntax of config file section */ - X509V3_CTX ctx; - - X509V3_set_ctx_test(&ctx); - X509V3_set_nconf(&ctx, conf); - if (!X509V3_EXT_add_nconf(conf, &ctx, extensions, NULL)) { - BIO_printf(bio_err, - "Error checking certificate extension config section %s\n", - extensions); - ret = 1; - goto end; - } - } - } - - if (startdate == NULL) { - startdate = NCONF_get_string(conf, section, ENV_DEFAULT_STARTDATE); - if (startdate == NULL) - ERR_clear_error(); - } - if (startdate != NULL && !ASN1_TIME_set_string_X509(NULL, startdate)) { - BIO_printf(bio_err, - "start date is invalid, it should be YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ\n"); - goto end; - } - if (startdate == NULL) - startdate = "today"; - - if (enddate == NULL) { - enddate = NCONF_get_string(conf, section, ENV_DEFAULT_ENDDATE); - if (enddate == NULL) - ERR_clear_error(); - } - if (enddate != NULL && !ASN1_TIME_set_string_X509(NULL, enddate)) { - BIO_printf(bio_err, - "end date is invalid, it should be YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ\n"); - goto end; - } - - if (days == 0) { - if (!NCONF_get_number(conf, section, ENV_DEFAULT_DAYS, &days)) - days = 0; - } - if (enddate == NULL && days == 0) { - BIO_printf(bio_err, "cannot lookup how many days to certify for\n"); - goto end; - } - - if (rand_ser) { - if ((serial = BN_new()) == NULL || !rand_serial(serial, NULL)) { - BIO_printf(bio_err, "error generating serial number\n"); - goto end; - } - } else { - serial = load_serial(serialfile, NULL, create_ser, NULL); - if (serial == NULL) { - BIO_printf(bio_err, "error while loading serial number\n"); - goto end; - } - if (verbose) { - if (BN_is_zero(serial)) { - BIO_printf(bio_err, "next serial number is 00\n"); - } else { - if ((f = BN_bn2hex(serial)) == NULL) - goto end; - BIO_printf(bio_err, "next serial number is %s\n", f); - OPENSSL_free(f); - } - } - } - - if ((attribs = NCONF_get_section(conf, policy)) == NULL) { - BIO_printf(bio_err, "unable to find 'section' for %s\n", policy); - goto end; - } - - if ((cert_sk = sk_X509_new_null()) == NULL) { - BIO_printf(bio_err, "Memory allocation failure\n"); - goto end; - } - if (spkac_file != NULL) { - total++; - j = certify_spkac(&x, spkac_file, pkey, x509, dgst, sigopts, - attribs, db, serial, subj, chtype, multirdn, - email_dn, startdate, enddate, days, extensions, - conf, verbose, certopt, get_nameopt(), default_op, - ext_copy, dateopt); - if (j < 0) - goto end; - if (j > 0) { - total_done++; - BIO_printf(bio_err, "\n"); - if (!BN_add_word(serial, 1)) - goto end; - if (!sk_X509_push(cert_sk, x)) { - BIO_printf(bio_err, "Memory allocation failure\n"); - goto end; - } - } - } - if (ss_cert_file != NULL) { - total++; - j = certify_cert(&x, ss_cert_file, certformat, passin, pkey, - x509, dgst, sigopts, vfyopts, attribs, - db, serial, subj, chtype, multirdn, email_dn, - startdate, enddate, days, batch, extensions, - conf, verbose, certopt, get_nameopt(), default_op, - ext_copy, dateopt); - if (j < 0) - goto end; - if (j > 0) { - total_done++; - BIO_printf(bio_err, "\n"); - if (!BN_add_word(serial, 1)) - goto end; - if (!sk_X509_push(cert_sk, x)) { - BIO_printf(bio_err, "Memory allocation failure\n"); - goto end; - } - } - } - if (infile != NULL) { - total++; - j = certify(&x, infile, informat, pkey, x509p, dgst, - sigopts, vfyopts, attribs, db, - serial, subj, chtype, multirdn, email_dn, startdate, - enddate, days, batch, extensions, conf, verbose, - certopt, get_nameopt(), default_op, ext_copy, selfsign, dateopt); - if (j < 0) - goto end; - if (j > 0) { - total_done++; - BIO_printf(bio_err, "\n"); - if (!BN_add_word(serial, 1)) - goto end; - if (!sk_X509_push(cert_sk, x)) { - BIO_printf(bio_err, "Memory allocation failure\n"); - goto end; - } - } - } - for (i = 0; i < argc; i++) { - total++; - j = certify(&x, argv[i], informat, pkey, x509p, dgst, - sigopts, vfyopts, - attribs, db, - serial, subj, chtype, multirdn, email_dn, startdate, - enddate, days, batch, extensions, conf, verbose, - certopt, get_nameopt(), default_op, ext_copy, selfsign, dateopt); - if (j < 0) - goto end; - if (j > 0) { - total_done++; - BIO_printf(bio_err, "\n"); - if (!BN_add_word(serial, 1)) { - X509_free(x); - goto end; - } - if (!sk_X509_push(cert_sk, x)) { - BIO_printf(bio_err, "Memory allocation failure\n"); - X509_free(x); - goto end; - } - } - } - /* - * we have a stack of newly certified certificates and a data base - * and serial number that need updating - */ - - if (sk_X509_num(cert_sk) > 0) { - if (!batch) { - BIO_printf(bio_err, - "\n%d out of %d certificate requests certified, commit? [y/n]", - total_done, total); - (void)BIO_flush(bio_err); - tmp[0] = '\0'; - if (fgets(tmp, sizeof(tmp), stdin) == NULL) { - BIO_printf(bio_err, "CERTIFICATION CANCELED: I/O error\n"); - ret = 0; - goto end; - } - if (tmp[0] != 'y' && tmp[0] != 'Y') { - BIO_printf(bio_err, "CERTIFICATION CANCELED\n"); - ret = 0; - goto end; - } - } - - BIO_printf(bio_err, "Write out database with %d new entries\n", - sk_X509_num(cert_sk)); - - if (serialfile != NULL - && !save_serial(serialfile, "new", serial, NULL)) - goto end; - - if (!save_index(dbfile, "new", db)) - goto end; - } - - outdirlen = OPENSSL_strlcpy(new_cert, outdir, sizeof(new_cert)); -#ifndef OPENSSL_SYS_VMS - outdirlen = OPENSSL_strlcat(new_cert, "/", sizeof(new_cert)); -#endif - - if (verbose) - BIO_printf(bio_err, "writing new certificates\n"); - - for (i = 0; i < sk_X509_num(cert_sk); i++) { - BIO *Cout = NULL; - X509 *xi = sk_X509_value(cert_sk, i); - const ASN1_INTEGER *serialNumber = X509_get0_serialNumber(xi); - const unsigned char *psn = ASN1_STRING_get0_data(serialNumber); - const int snl = ASN1_STRING_length(serialNumber); - const int filen_len = 2 * (snl > 0 ? snl : 1) + sizeof(".pem"); - char *n = new_cert + outdirlen; - - if (outdirlen + filen_len > PATH_MAX) { - BIO_printf(bio_err, "certificate file name too long\n"); - goto end; - } - - if (snl > 0) { - static const char HEX_DIGITS[] = "0123456789ABCDEF"; - - for (j = 0; j < snl; j++, psn++) { - *n++ = HEX_DIGITS[*psn >> 4]; - *n++ = HEX_DIGITS[*psn & 0x0F]; - } - } else { - *(n++) = '0'; - *(n++) = '0'; - } - *(n++) = '.'; - *(n++) = 'p'; - *(n++) = 'e'; - *(n++) = 'm'; - *n = '\0'; /* closing new_cert */ - if (verbose) - BIO_printf(bio_err, "writing %s\n", new_cert); - - Sout = bio_open_default(outfile, 'w', - output_der ? FORMAT_ASN1 : FORMAT_TEXT); - if (Sout == NULL) - goto end; - - Cout = BIO_new_file(new_cert, "w"); - if (Cout == NULL) { - perror(new_cert); - goto end; - } - write_new_certificate(Cout, xi, 0, notext); - write_new_certificate(Sout, xi, output_der, notext); - BIO_free_all(Cout); - BIO_free_all(Sout); - Sout = NULL; - } - - if (sk_X509_num(cert_sk)) { - /* Rename the database and the serial file */ - if (serialfile != NULL - && !rotate_serial(serialfile, "new", "old")) - goto end; - - if (!rotate_index(dbfile, "new", "old")) - goto end; - - BIO_printf(bio_err, "Data Base Updated\n"); - } - } - - /*****************************************************************/ - if (gencrl) { - int crl_v2 = 0; - if (crl_ext == NULL) { - crl_ext = NCONF_get_string(conf, section, ENV_CRLEXT); - if (crl_ext == NULL) - ERR_clear_error(); - } - if (crl_ext != NULL) { - /* Check syntax of file */ - X509V3_CTX ctx; - - X509V3_set_ctx_test(&ctx); - X509V3_set_nconf(&ctx, conf); - if (!X509V3_EXT_add_nconf(conf, &ctx, crl_ext, NULL)) { - BIO_printf(bio_err, - "Error checking CRL extension section %s\n", crl_ext); - ret = 1; - goto end; - } - } - - if ((crlnumberfile = NCONF_get_string(conf, section, ENV_CRLNUMBER)) - != NULL) - if ((crlnumber = load_serial(crlnumberfile, NULL, 0, NULL)) - == NULL) { - BIO_printf(bio_err, "error while loading CRL number\n"); - goto end; - } - - if (!crldays && !crlhours && !crlsec) { - if (!NCONF_get_number(conf, section, - ENV_DEFAULT_CRL_DAYS, &crldays)) - crldays = 0; - if (!NCONF_get_number(conf, section, - ENV_DEFAULT_CRL_HOURS, &crlhours)) - crlhours = 0; - ERR_clear_error(); - } - if ((crl_nextupdate == NULL) && - (crldays == 0) && (crlhours == 0) && (crlsec == 0)) { - BIO_printf(bio_err, - "cannot lookup how long until the next CRL is issued\n"); - goto end; - } - - if (verbose) - BIO_printf(bio_err, "making CRL\n"); - if ((crl = X509_CRL_new_ex(app_get0_libctx(), app_get0_propq())) == NULL) - goto end; - if (!X509_CRL_set_issuer_name(crl, X509_get_subject_name(x509))) - goto end; - - if (!set_crl_lastupdate(crl, crl_lastupdate)) { - BIO_puts(bio_err, "error setting CRL lastUpdate\n"); - ret = 1; - goto end; - } - - if (!set_crl_nextupdate(crl, crl_nextupdate, - crldays, crlhours, crlsec)) { - BIO_puts(bio_err, "error setting CRL nextUpdate\n"); - ret = 1; - goto end; - } - - for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) { - pp = sk_OPENSSL_PSTRING_value(db->db->data, i); - if (pp[DB_type][0] == DB_TYPE_REV) { - if ((r = X509_REVOKED_new()) == NULL) - goto end; - j = make_revoked(r, pp[DB_rev_date]); - if (!j) - goto end; - if (j == 2) - crl_v2 = 1; - if (!BN_hex2bn(&serial, pp[DB_serial])) - goto end; - tmpser = BN_to_ASN1_INTEGER(serial, NULL); - BN_free(serial); - serial = NULL; - if (!tmpser) - goto end; - X509_REVOKED_set_serialNumber(r, tmpser); - ASN1_INTEGER_free(tmpser); - X509_CRL_add0_revoked(crl, r); - } - } - - /* - * sort the data so it will be written in serial number order - */ - X509_CRL_sort(crl); - - /* we now have a CRL */ - if (verbose) - BIO_printf(bio_err, "signing CRL\n"); - - /* Add any extensions asked for */ - - if (crl_ext != NULL || crlnumberfile != NULL) { - X509V3_CTX crlctx; - - X509V3_set_ctx(&crlctx, x509, NULL, NULL, crl, 0); - X509V3_set_nconf(&crlctx, conf); - - if (crl_ext != NULL) - if (!X509V3_EXT_CRL_add_nconf(conf, &crlctx, crl_ext, crl)) { - BIO_printf(bio_err, - "Error adding CRL extensions from section %s\n", crl_ext); - goto end; - } - if (crlnumberfile != NULL) { - tmpser = BN_to_ASN1_INTEGER(crlnumber, NULL); - if (!tmpser) - goto end; - X509_CRL_add1_ext_i2d(crl, NID_crl_number, tmpser, 0, 0); - ASN1_INTEGER_free(tmpser); - crl_v2 = 1; - if (!BN_add_word(crlnumber, 1)) - goto end; - } - } - if (crl_ext != NULL || crl_v2) { - if (!X509_CRL_set_version(crl, X509_CRL_VERSION_2)) - goto end; - } - - /* we have a CRL number that need updating */ - if (crlnumberfile != NULL - && !save_serial(crlnumberfile, "new", crlnumber, NULL)) - goto end; - - BN_free(crlnumber); - crlnumber = NULL; - - if (!do_X509_CRL_sign(crl, pkey, dgst, sigopts)) - goto end; - - Sout = bio_open_default(outfile, 'w', - output_der ? FORMAT_ASN1 : FORMAT_TEXT); - if (Sout == NULL) - goto end; - - PEM_write_bio_X509_CRL(Sout, crl); - - /* Rename the crlnumber file */ - if (crlnumberfile != NULL - && !rotate_serial(crlnumberfile, "new", "old")) - goto end; - - } - /*****************************************************************/ - if (dorevoke) { - if (infile == NULL) { - BIO_printf(bio_err, "no input files\n"); - goto end; - } else { - X509 *revcert; - - revcert = load_cert_pass(infile, informat, 1, passin, - "certificate to be revoked"); - if (revcert == NULL) - goto end; - if (dorevoke == 2) - rev_type = REV_VALID; - j = do_revoke(revcert, db, rev_type, rev_arg); - if (j <= 0) - goto end; - X509_free(revcert); - - if (!save_index(dbfile, "new", db)) - goto end; - - if (!rotate_index(dbfile, "new", "old")) - goto end; - - BIO_printf(bio_err, "Data Base Updated\n"); - } - } - ret = 0; - - end: - if (ret) - ERR_print_errors(bio_err); - BIO_free_all(Sout); - BIO_free_all(out); - BIO_free_all(in); - sk_X509_pop_free(cert_sk, X509_free); - - cleanse(passin); - if (free_passin) - OPENSSL_free(passin); - BN_free(serial); - BN_free(crlnumber); - free_index(db); - sk_OPENSSL_STRING_free(sigopts); - sk_OPENSSL_STRING_free(vfyopts); - EVP_PKEY_free(pkey); - X509_free(x509); - X509_CRL_free(crl); - NCONF_free(conf); - NCONF_free(extfile_conf); - release_engine(e); - return ret; -} - -static char *lookup_conf(const CONF *conf, const char *section, const char *tag) -{ - char *entry = NCONF_get_string(conf, section, tag); - if (entry == NULL) - BIO_printf(bio_err, "variable lookup failed for %s::%s\n", section, tag); - return entry; -} - -static int certify(X509 **xret, const char *infile, int informat, - EVP_PKEY *pkey, X509 *x509, - const char *dgst, - STACK_OF(OPENSSL_STRING) *sigopts, - STACK_OF(OPENSSL_STRING) *vfyopts, - STACK_OF(CONF_VALUE) *policy, CA_DB *db, - BIGNUM *serial, const char *subj, unsigned long chtype, - int multirdn, int email_dn, const char *startdate, - const char *enddate, - long days, int batch, const char *ext_sect, CONF *lconf, - int verbose, unsigned long certopt, unsigned long nameopt, - int default_op, int ext_copy, int selfsign, unsigned long dateopt) -{ - X509_REQ *req = NULL; - EVP_PKEY *pktmp = NULL; - int ok = -1, i; - - req = load_csr(infile, informat, "certificate request"); - if (req == NULL) - goto end; - if ((pktmp = X509_REQ_get0_pubkey(req)) == NULL) { - BIO_printf(bio_err, "Error unpacking public key\n"); - goto end; - } - if (verbose) - X509_REQ_print_ex(bio_err, req, nameopt, X509_FLAG_COMPAT); - - BIO_printf(bio_err, "Check that the request matches the signature\n"); - ok = 0; - - if (selfsign && !X509_REQ_check_private_key(req, pkey)) { - BIO_printf(bio_err, - "Certificate request and CA private key do not match\n"); - goto end; - } - i = do_X509_REQ_verify(req, pktmp, vfyopts); - if (i < 0) { - BIO_printf(bio_err, "Signature verification problems...\n"); - goto end; - } - if (i == 0) { - BIO_printf(bio_err, - "Signature did not match the certificate request\n"); - goto end; - } - BIO_printf(bio_err, "Signature ok\n"); - - ok = do_body(xret, pkey, x509, dgst, sigopts, policy, db, serial, subj, - chtype, multirdn, email_dn, startdate, enddate, days, batch, - verbose, req, ext_sect, lconf, certopt, nameopt, default_op, - ext_copy, selfsign, dateopt); - - end: - ERR_print_errors(bio_err); - X509_REQ_free(req); - return ok; -} - -static int certify_cert(X509 **xret, const char *infile, int certformat, - const char *passin, EVP_PKEY *pkey, X509 *x509, - const char *dgst, - STACK_OF(OPENSSL_STRING) *sigopts, - STACK_OF(OPENSSL_STRING) *vfyopts, - STACK_OF(CONF_VALUE) *policy, CA_DB *db, - BIGNUM *serial, const char *subj, unsigned long chtype, - int multirdn, int email_dn, const char *startdate, - const char *enddate, long days, int batch, const char *ext_sect, - CONF *lconf, int verbose, unsigned long certopt, - unsigned long nameopt, int default_op, int ext_copy, unsigned long dateopt) -{ - X509 *template_cert = NULL; - X509_REQ *rreq = NULL; - EVP_PKEY *pktmp = NULL; - int ok = -1, i; - - if ((template_cert = load_cert_pass(infile, certformat, 1, passin, - "template certificate")) == NULL) - goto end; - if (verbose) - X509_print(bio_err, template_cert); - - BIO_printf(bio_err, "Check that the request matches the signature\n"); - - if ((pktmp = X509_get0_pubkey(template_cert)) == NULL) { - BIO_printf(bio_err, "error unpacking public key\n"); - goto end; - } - i = do_X509_verify(template_cert, pktmp, vfyopts); - if (i < 0) { - ok = 0; - BIO_printf(bio_err, "Signature verification problems....\n"); - goto end; - } - if (i == 0) { - ok = 0; - BIO_printf(bio_err, "Signature did not match the certificate\n"); - goto end; - } else { - BIO_printf(bio_err, "Signature ok\n"); - } - - if ((rreq = X509_to_X509_REQ(template_cert, NULL, NULL)) == NULL) - goto end; - - ok = do_body(xret, pkey, x509, dgst, sigopts, policy, db, serial, subj, - chtype, multirdn, email_dn, startdate, enddate, days, batch, - verbose, rreq, ext_sect, lconf, certopt, nameopt, default_op, - ext_copy, 0, dateopt); - - end: - X509_REQ_free(rreq); - X509_free(template_cert); - return ok; -} - -static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, - const char *dgst, STACK_OF(OPENSSL_STRING) *sigopts, - STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial, - const char *subj, unsigned long chtype, int multirdn, - int email_dn, const char *startdate, const char *enddate, long days, - int batch, int verbose, X509_REQ *req, const char *ext_sect, - CONF *lconf, unsigned long certopt, unsigned long nameopt, - int default_op, int ext_copy, int selfsign, unsigned long dateopt) -{ - const X509_NAME *name = NULL; - X509_NAME *CAname = NULL, *subject = NULL; - const ASN1_TIME *tm; - ASN1_STRING *str, *str2; - ASN1_OBJECT *obj; - X509 *ret = NULL; - X509_NAME_ENTRY *ne, *tne; - EVP_PKEY *pktmp; - int ok = -1, i, j, last, nid; - const char *p; - CONF_VALUE *cv; - OPENSSL_STRING row[DB_NUMBER]; - OPENSSL_STRING *irow = NULL; - OPENSSL_STRING *rrow = NULL; - char buf[25]; - X509V3_CTX ext_ctx; - - for (i = 0; i < DB_NUMBER; i++) - row[i] = NULL; - - if (subj) { - X509_NAME *n = parse_name(subj, chtype, multirdn, "subject"); - - if (!n) - goto end; - X509_REQ_set_subject_name(req, n); - X509_NAME_free(n); - } - - if (default_op) - BIO_printf(bio_err, "The Subject's Distinguished Name is as follows\n"); - - name = X509_REQ_get_subject_name(req); - for (i = 0; i < X509_NAME_entry_count(name); i++) { - ne = X509_NAME_get_entry(name, i); - str = X509_NAME_ENTRY_get_data(ne); - obj = X509_NAME_ENTRY_get_object(ne); - nid = OBJ_obj2nid(obj); - - if (msie_hack) { - /* assume all type should be strings */ - - if (str->type == V_ASN1_UNIVERSALSTRING) - ASN1_UNIVERSALSTRING_to_string(str); - - if (str->type == V_ASN1_IA5STRING && nid != NID_pkcs9_emailAddress) - str->type = V_ASN1_T61STRING; - - if (nid == NID_pkcs9_emailAddress - && str->type == V_ASN1_PRINTABLESTRING) - str->type = V_ASN1_IA5STRING; - } - - /* If no EMAIL is wanted in the subject */ - if (nid == NID_pkcs9_emailAddress && !email_dn) - continue; - - /* check some things */ - if (nid == NID_pkcs9_emailAddress && str->type != V_ASN1_IA5STRING) { - BIO_printf(bio_err, - "\nemailAddress type needs to be of type IA5STRING\n"); - goto end; - } - if (str->type != V_ASN1_BMPSTRING && str->type != V_ASN1_UTF8STRING) { - j = ASN1_PRINTABLE_type(str->data, str->length); - if ((j == V_ASN1_T61STRING && str->type != V_ASN1_T61STRING) || - (j == V_ASN1_IA5STRING && str->type == V_ASN1_PRINTABLESTRING)) - { - BIO_printf(bio_err, - "\nThe string contains characters that are illegal for the ASN.1 type\n"); - goto end; - } - } - - if (default_op) - old_entry_print(obj, str); - } - - /* Ok, now we check the 'policy' stuff. */ - if ((subject = X509_NAME_new()) == NULL) { - BIO_printf(bio_err, "Memory allocation failure\n"); - goto end; - } - - /* take a copy of the issuer name before we mess with it. */ - if (selfsign) - CAname = X509_NAME_dup(name); - else - CAname = X509_NAME_dup(X509_get_subject_name(x509)); - if (CAname == NULL) - goto end; - str = str2 = NULL; - - for (i = 0; i < sk_CONF_VALUE_num(policy); i++) { - cv = sk_CONF_VALUE_value(policy, i); /* get the object id */ - if ((j = OBJ_txt2nid(cv->name)) == NID_undef) { - BIO_printf(bio_err, - "%s:unknown object type in 'policy' configuration\n", - cv->name); - goto end; - } - obj = OBJ_nid2obj(j); - - last = -1; - for (;;) { - X509_NAME_ENTRY *push = NULL; - - /* lookup the object in the supplied name list */ - j = X509_NAME_get_index_by_OBJ(name, obj, last); - if (j < 0) { - if (last != -1) - break; - tne = NULL; - } else { - tne = X509_NAME_get_entry(name, j); - } - last = j; - - /* depending on the 'policy', decide what to do. */ - if (strcmp(cv->value, "optional") == 0) { - if (tne != NULL) - push = tne; - } else if (strcmp(cv->value, "supplied") == 0) { - if (tne == NULL) { - BIO_printf(bio_err, - "The %s field needed to be supplied and was missing\n", - cv->name); - goto end; - } else { - push = tne; - } - } else if (strcmp(cv->value, "match") == 0) { - int last2; - - if (tne == NULL) { - BIO_printf(bio_err, - "The mandatory %s field was missing\n", - cv->name); - goto end; - } - - last2 = -1; - - again2: - j = X509_NAME_get_index_by_OBJ(CAname, obj, last2); - if ((j < 0) && (last2 == -1)) { - BIO_printf(bio_err, - "The %s field does not exist in the CA certificate,\n" - "the 'policy' is misconfigured\n", cv->name); - goto end; - } - if (j >= 0) { - push = X509_NAME_get_entry(CAname, j); - str = X509_NAME_ENTRY_get_data(tne); - str2 = X509_NAME_ENTRY_get_data(push); - last2 = j; - if (ASN1_STRING_cmp(str, str2) != 0) - goto again2; - } - if (j < 0) { - BIO_printf(bio_err, - "The %s field is different between\n" - "CA certificate (%s) and the request (%s)\n", - cv->name, - ((str2 == NULL) ? "NULL" : (char *)str2->data), - ((str == NULL) ? "NULL" : (char *)str->data)); - goto end; - } - } else { - BIO_printf(bio_err, - "%s:invalid type in 'policy' configuration\n", - cv->value); - goto end; - } - - if (push != NULL) { - if (!X509_NAME_add_entry(subject, push, -1, 0)) { - BIO_printf(bio_err, "Memory allocation failure\n"); - goto end; - } - } - if (j < 0) - break; - } - } - - if (preserve) { - X509_NAME_free(subject); - /* subject=X509_NAME_dup(X509_REQ_get_subject_name(req)); */ - subject = X509_NAME_dup(name); - if (subject == NULL) - goto end; - } - - /* We are now totally happy, lets make and sign the certificate */ - if (verbose) - BIO_printf(bio_err, - "Everything appears to be ok, creating and signing the certificate\n"); - - if ((ret = X509_new_ex(app_get0_libctx(), app_get0_propq())) == NULL) - goto end; - - if (BN_to_ASN1_INTEGER(serial, X509_get_serialNumber(ret)) == NULL) - goto end; - if (selfsign) { - if (!X509_set_issuer_name(ret, subject)) - goto end; - } else { - if (!X509_set_issuer_name(ret, X509_get_subject_name(x509))) - goto end; - } - - if (!set_cert_times(ret, startdate, enddate, days)) - goto end; - - if (enddate != NULL) { - int tdays; - - if (!ASN1_TIME_diff(&tdays, NULL, NULL, X509_get0_notAfter(ret))) - goto end; - days = tdays; - } - - if (!X509_set_subject_name(ret, subject)) - goto end; - - pktmp = X509_REQ_get0_pubkey(req); - i = X509_set_pubkey(ret, pktmp); - if (!i) - goto end; - - /* Initialize the context structure */ - X509V3_set_ctx(&ext_ctx, selfsign ? ret : x509, - ret, req, NULL, X509V3_CTX_REPLACE); - - /* Lets add the extensions, if there are any */ - if (ext_sect) { - if (extfile_conf != NULL) { - if (verbose) - BIO_printf(bio_err, "Extra configuration file found\n"); - - /* Use the extfile_conf configuration db LHASH */ - X509V3_set_nconf(&ext_ctx, extfile_conf); - - /* Adds exts contained in the configuration file */ - if (!X509V3_EXT_add_nconf(extfile_conf, &ext_ctx, ext_sect, ret)) { - BIO_printf(bio_err, - "Error adding certificate extensions from extfile section %s\n", - ext_sect); - goto end; - } - if (verbose) - BIO_printf(bio_err, - "Successfully added extensions from file.\n"); - } else if (ext_sect) { - /* We found extensions to be set from config file */ - X509V3_set_nconf(&ext_ctx, lconf); - - if (!X509V3_EXT_add_nconf(lconf, &ext_ctx, ext_sect, ret)) { - BIO_printf(bio_err, - "Error adding certificate extensions from config section %s\n", - ext_sect); - goto end; - } - - if (verbose) - BIO_printf(bio_err, - "Successfully added extensions from config\n"); - } - } - - /* Copy extensions from request (if any) */ - - if (!copy_extensions(ret, req, ext_copy)) { - BIO_printf(bio_err, "ERROR: adding extensions from request\n"); - goto end; - } - - if (verbose) - BIO_printf(bio_err, - "The subject name appears to be ok, checking data base for clashes\n"); - - /* Build the correct Subject if no e-mail is wanted in the subject. */ - if (!email_dn) { - X509_NAME_ENTRY *tmpne; - X509_NAME *dn_subject; - - /* - * Its best to dup the subject DN and then delete any email addresses - * because this retains its structure. - */ - if ((dn_subject = X509_NAME_dup(subject)) == NULL) { - BIO_printf(bio_err, "Memory allocation failure\n"); - goto end; - } - i = -1; - while ((i = X509_NAME_get_index_by_NID(dn_subject, - NID_pkcs9_emailAddress, - i)) >= 0) { - tmpne = X509_NAME_delete_entry(dn_subject, i--); - X509_NAME_ENTRY_free(tmpne); - } - - if (!X509_set_subject_name(ret, dn_subject)) { - X509_NAME_free(dn_subject); - goto end; - } - X509_NAME_free(dn_subject); - } - - row[DB_name] = X509_NAME_oneline(X509_get_subject_name(ret), NULL, 0); - if (row[DB_name] == NULL) { - BIO_printf(bio_err, "Memory allocation failure\n"); - goto end; - } - - if (BN_is_zero(serial)) - row[DB_serial] = OPENSSL_strdup("00"); - else - row[DB_serial] = BN_bn2hex(serial); - if (row[DB_serial] == NULL) { - BIO_printf(bio_err, "Memory allocation failure\n"); - goto end; - } - - if (row[DB_name][0] == '\0') { - /* - * An empty subject! We'll use the serial number instead. If - * unique_subject is in use then we don't want different entries with - * empty subjects matching each other. - */ - OPENSSL_free(row[DB_name]); - row[DB_name] = OPENSSL_strdup(row[DB_serial]); - if (row[DB_name] == NULL) { - BIO_printf(bio_err, "Memory allocation failure\n"); - goto end; - } - } - - if (db->attributes.unique_subject) { - OPENSSL_STRING *crow = row; - - rrow = TXT_DB_get_by_index(db->db, DB_name, crow); - if (rrow != NULL) { - BIO_printf(bio_err, - "ERROR:There is already a certificate for %s\n", - row[DB_name]); - } - } - if (rrow == NULL) { - rrow = TXT_DB_get_by_index(db->db, DB_serial, row); - if (rrow != NULL) { - BIO_printf(bio_err, - "ERROR:Serial number %s has already been issued,\n", - row[DB_serial]); - BIO_printf(bio_err, - " check the database/serial_file for corruption\n"); - } - } - - if (rrow != NULL) { - BIO_printf(bio_err, "The matching entry has the following details\n"); - if (rrow[DB_type][0] == DB_TYPE_EXP) - p = "Expired"; - else if (rrow[DB_type][0] == DB_TYPE_REV) - p = "Revoked"; - else if (rrow[DB_type][0] == DB_TYPE_VAL) - p = "Valid"; - else - p = "\ninvalid type, Data base error\n"; - BIO_printf(bio_err, "Type :%s\n", p);; - if (rrow[DB_type][0] == DB_TYPE_REV) { - p = rrow[DB_exp_date]; - if (p == NULL) - p = "undef"; - BIO_printf(bio_err, "Was revoked on:%s\n", p); - } - p = rrow[DB_exp_date]; - if (p == NULL) - p = "undef"; - BIO_printf(bio_err, "Expires on :%s\n", p); - p = rrow[DB_serial]; - if (p == NULL) - p = "undef"; - BIO_printf(bio_err, "Serial Number :%s\n", p); - p = rrow[DB_file]; - if (p == NULL) - p = "undef"; - BIO_printf(bio_err, "File name :%s\n", p); - p = rrow[DB_name]; - if (p == NULL) - p = "undef"; - BIO_printf(bio_err, "Subject Name :%s\n", p); - ok = -1; /* This is now a 'bad' error. */ - goto end; - } - - if (!default_op) { - BIO_printf(bio_err, "Certificate Details:\n"); - /* - * Never print signature details because signature not present - */ - certopt |= X509_FLAG_NO_SIGDUMP | X509_FLAG_NO_SIGNAME; - X509_print_ex(bio_err, ret, nameopt, certopt); - } - - BIO_printf(bio_err, "Certificate is to be certified until "); - ASN1_TIME_print_ex(bio_err, X509_get0_notAfter(ret), dateopt); - if (days) - BIO_printf(bio_err, " (%ld days)", days); - BIO_printf(bio_err, "\n"); - - if (!batch) { - - BIO_printf(bio_err, "Sign the certificate? [y/n]:"); - (void)BIO_flush(bio_err); - buf[0] = '\0'; - if (fgets(buf, sizeof(buf), stdin) == NULL) { - BIO_printf(bio_err, - "CERTIFICATE WILL NOT BE CERTIFIED: I/O error\n"); - ok = 0; - goto end; - } - if (!(buf[0] == 'y' || buf[0] == 'Y')) { - BIO_printf(bio_err, "CERTIFICATE WILL NOT BE CERTIFIED\n"); - ok = 0; - goto end; - } - } - - pktmp = X509_get0_pubkey(ret); - if (EVP_PKEY_missing_parameters(pktmp) && - !EVP_PKEY_missing_parameters(pkey)) - EVP_PKEY_copy_parameters(pktmp, pkey); - - if (!do_X509_sign(ret, pkey, dgst, sigopts, &ext_ctx)) - goto end; - - /* We now just add it to the database as DB_TYPE_VAL('V') */ - row[DB_type] = OPENSSL_strdup("V"); - tm = X509_get0_notAfter(ret); - row[DB_exp_date] = app_malloc(tm->length + 1, "row expdate"); - memcpy(row[DB_exp_date], tm->data, tm->length); - row[DB_exp_date][tm->length] = '\0'; - row[DB_rev_date] = NULL; - row[DB_file] = OPENSSL_strdup("unknown"); - if ((row[DB_type] == NULL) || (row[DB_file] == NULL) - || (row[DB_name] == NULL)) { - BIO_printf(bio_err, "Memory allocation failure\n"); - goto end; - } - - irow = app_malloc(sizeof(*irow) * (DB_NUMBER + 1), "row space"); - for (i = 0; i < DB_NUMBER; i++) - irow[i] = row[i]; - irow[DB_NUMBER] = NULL; - - if (!TXT_DB_insert(db->db, irow)) { - BIO_printf(bio_err, "failed to update database\n"); - BIO_printf(bio_err, "TXT_DB error number %ld\n", db->db->error); - goto end; - } - irow = NULL; - ok = 1; - end: - if (ok != 1) { - for (i = 0; i < DB_NUMBER; i++) - OPENSSL_free(row[i]); - } - OPENSSL_free(irow); - - X509_NAME_free(CAname); - X509_NAME_free(subject); - if (ok <= 0) - X509_free(ret); - else - *xret = ret; - return ok; -} - -static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext) -{ - - if (output_der) { - (void)i2d_X509_bio(bp, x); - return; - } - if (!notext) - X509_print(bp, x); - PEM_write_bio_X509(bp, x); -} - -static int certify_spkac(X509 **xret, const char *infile, EVP_PKEY *pkey, - X509 *x509, const char *dgst, - STACK_OF(OPENSSL_STRING) *sigopts, - STACK_OF(CONF_VALUE) *policy, CA_DB *db, - BIGNUM *serial, const char *subj, unsigned long chtype, - int multirdn, int email_dn, const char *startdate, - const char *enddate, long days, const char *ext_sect, - CONF *lconf, int verbose, unsigned long certopt, - unsigned long nameopt, int default_op, int ext_copy, unsigned long dateopt) -{ - STACK_OF(CONF_VALUE) *sk = NULL; - LHASH_OF(CONF_VALUE) *parms = NULL; - X509_REQ *req = NULL; - CONF_VALUE *cv = NULL; - NETSCAPE_SPKI *spki = NULL; - char *type, *buf; - EVP_PKEY *pktmp = NULL; - X509_NAME *n = NULL; - X509_NAME_ENTRY *ne = NULL; - int ok = -1, i, j; - long errline; - int nid; - - /* - * Load input file into a hash table. (This is just an easy - * way to read and parse the file, then put it into a convenient - * STACK format). - */ - parms = CONF_load(NULL, infile, &errline); - if (parms == NULL) { - BIO_printf(bio_err, "error on line %ld of %s\n", errline, infile); - goto end; - } - - sk = CONF_get_section(parms, "default"); - if (sk_CONF_VALUE_num(sk) == 0) { - BIO_printf(bio_err, "no name/value pairs found in %s\n", infile); - goto end; - } - - /* - * Now create a dummy X509 request structure. We don't actually - * have an X509 request, but we have many of the components - * (a public key, various DN components). The idea is that we - * put these components into the right X509 request structure - * and we can use the same code as if you had a real X509 request. - */ - req = X509_REQ_new(); - if (req == NULL) - goto end; - - /* - * Build up the subject name set. - */ - n = X509_REQ_get_subject_name(req); - - for (i = 0;; i++) { - if (sk_CONF_VALUE_num(sk) <= i) - break; - - cv = sk_CONF_VALUE_value(sk, i); - type = cv->name; - /* - * Skip past any leading X. X: X, etc to allow for multiple instances - */ - for (buf = cv->name; *buf; buf++) - if ((*buf == ':') || (*buf == ',') || (*buf == '.')) { - buf++; - if (*buf) - type = buf; - break; - } - - buf = cv->value; - if ((nid = OBJ_txt2nid(type)) == NID_undef) { - if (strcmp(type, "SPKAC") == 0) { - spki = NETSCAPE_SPKI_b64_decode(cv->value, -1); - if (spki == NULL) { - BIO_printf(bio_err, - "unable to load Netscape SPKAC structure\n"); - goto end; - } - } - continue; - } - - if (!X509_NAME_add_entry_by_NID(n, nid, chtype, - (unsigned char *)buf, -1, -1, 0)) - goto end; - } - if (spki == NULL) { - BIO_printf(bio_err, "Netscape SPKAC structure not found in %s\n", - infile); - goto end; - } - - /* - * Now extract the key from the SPKI structure. - */ - - BIO_printf(bio_err, "Check that the SPKAC request matches the signature\n"); - - if ((pktmp = NETSCAPE_SPKI_get_pubkey(spki)) == NULL) { - BIO_printf(bio_err, "error unpacking SPKAC public key\n"); - goto end; - } - - j = NETSCAPE_SPKI_verify(spki, pktmp); - if (j <= 0) { - EVP_PKEY_free(pktmp); - BIO_printf(bio_err, - "signature verification failed on SPKAC public key\n"); - goto end; - } - BIO_printf(bio_err, "Signature ok\n"); - - X509_REQ_set_pubkey(req, pktmp); - EVP_PKEY_free(pktmp); - ok = do_body(xret, pkey, x509, dgst, sigopts, policy, db, serial, subj, - chtype, multirdn, email_dn, startdate, enddate, days, 1, - verbose, req, ext_sect, lconf, certopt, nameopt, default_op, - ext_copy, 0, dateopt); - end: - X509_REQ_free(req); - CONF_free(parms); - NETSCAPE_SPKI_free(spki); - X509_NAME_ENTRY_free(ne); - - return ok; -} - -static int check_time_format(const char *str) -{ - return ASN1_TIME_set_string(NULL, str); -} - -static int do_revoke(X509 *x509, CA_DB *db, REVINFO_TYPE rev_type, - const char *value) -{ - const ASN1_TIME *tm = NULL; - char *row[DB_NUMBER], **rrow, **irow; - char *rev_str = NULL; - BIGNUM *bn = NULL; - int ok = -1, i; - - for (i = 0; i < DB_NUMBER; i++) - row[i] = NULL; - row[DB_name] = X509_NAME_oneline(X509_get_subject_name(x509), NULL, 0); - bn = ASN1_INTEGER_to_BN(X509_get0_serialNumber(x509), NULL); - if (!bn) - goto end; - if (BN_is_zero(bn)) - row[DB_serial] = OPENSSL_strdup("00"); - else - row[DB_serial] = BN_bn2hex(bn); - BN_free(bn); - if (row[DB_name] != NULL && row[DB_name][0] == '\0') { - /* Entries with empty Subjects actually use the serial number instead */ - OPENSSL_free(row[DB_name]); - row[DB_name] = OPENSSL_strdup(row[DB_serial]); - } - if ((row[DB_name] == NULL) || (row[DB_serial] == NULL)) { - BIO_printf(bio_err, "Memory allocation failure\n"); - goto end; - } - /* - * We have to lookup by serial number because name lookup skips revoked - * certs - */ - rrow = TXT_DB_get_by_index(db->db, DB_serial, row); - if (rrow == NULL) { - BIO_printf(bio_err, - "Adding Entry with serial number %s to DB for %s\n", - row[DB_serial], row[DB_name]); - - /* We now just add it to the database as DB_TYPE_REV('V') */ - row[DB_type] = OPENSSL_strdup("V"); - tm = X509_get0_notAfter(x509); - row[DB_exp_date] = app_malloc(tm->length + 1, "row exp_data"); - memcpy(row[DB_exp_date], tm->data, tm->length); - row[DB_exp_date][tm->length] = '\0'; - row[DB_rev_date] = NULL; - row[DB_file] = OPENSSL_strdup("unknown"); - - if (row[DB_type] == NULL || row[DB_file] == NULL) { - BIO_printf(bio_err, "Memory allocation failure\n"); - goto end; - } - - irow = app_malloc(sizeof(*irow) * (DB_NUMBER + 1), "row ptr"); - for (i = 0; i < DB_NUMBER; i++) - irow[i] = row[i]; - irow[DB_NUMBER] = NULL; - - if (!TXT_DB_insert(db->db, irow)) { - BIO_printf(bio_err, "failed to update database\n"); - BIO_printf(bio_err, "TXT_DB error number %ld\n", db->db->error); - OPENSSL_free(irow); - goto end; - } - - for (i = 0; i < DB_NUMBER; i++) - row[i] = NULL; - - /* Revoke Certificate */ - if (rev_type == REV_VALID) - ok = 1; - else - /* Retry revocation after DB insertion */ - ok = do_revoke(x509, db, rev_type, value); - - goto end; - - } else if (index_name_cmp_noconst(row, rrow)) { - BIO_printf(bio_err, "ERROR:name does not match %s\n", row[DB_name]); - goto end; - } else if (rev_type == REV_VALID) { - BIO_printf(bio_err, "ERROR:Already present, serial number %s\n", - row[DB_serial]); - goto end; - } else if (rrow[DB_type][0] == DB_TYPE_REV) { - BIO_printf(bio_err, "ERROR:Already revoked, serial number %s\n", - row[DB_serial]); - goto end; - } else { - BIO_printf(bio_err, "Revoking Certificate %s.\n", rrow[DB_serial]); - rev_str = make_revocation_str(rev_type, value); - if (!rev_str) { - BIO_printf(bio_err, "Error in revocation arguments\n"); - goto end; - } - rrow[DB_type][0] = DB_TYPE_REV; - rrow[DB_type][1] = '\0'; - rrow[DB_rev_date] = rev_str; - } - ok = 1; - end: - for (i = 0; i < DB_NUMBER; i++) - OPENSSL_free(row[i]); - return ok; -} - -static int get_certificate_status(const char *serial, CA_DB *db) -{ - char *row[DB_NUMBER], **rrow; - int ok = -1, i; - size_t serial_len = strlen(serial); - - /* Free Resources */ - for (i = 0; i < DB_NUMBER; i++) - row[i] = NULL; - - /* Malloc needed char spaces */ - row[DB_serial] = app_malloc(serial_len + 2, "row serial#"); - - if (serial_len % 2) { - /* - * Set the first char to 0 - */ - row[DB_serial][0] = '0'; - - /* Copy String from serial to row[DB_serial] */ - memcpy(row[DB_serial] + 1, serial, serial_len); - row[DB_serial][serial_len + 1] = '\0'; - } else { - /* Copy String from serial to row[DB_serial] */ - memcpy(row[DB_serial], serial, serial_len); - row[DB_serial][serial_len] = '\0'; - } - - /* Make it Upper Case */ - make_uppercase(row[DB_serial]); - - ok = 1; - - /* Search for the certificate */ - rrow = TXT_DB_get_by_index(db->db, DB_serial, row); - if (rrow == NULL) { - BIO_printf(bio_err, "Serial %s not present in db.\n", row[DB_serial]); - ok = -1; - goto end; - } else if (rrow[DB_type][0] == DB_TYPE_VAL) { - BIO_printf(bio_err, "%s=Valid (%c)\n", - row[DB_serial], rrow[DB_type][0]); - goto end; - } else if (rrow[DB_type][0] == DB_TYPE_REV) { - BIO_printf(bio_err, "%s=Revoked (%c)\n", - row[DB_serial], rrow[DB_type][0]); - goto end; - } else if (rrow[DB_type][0] == DB_TYPE_EXP) { - BIO_printf(bio_err, "%s=Expired (%c)\n", - row[DB_serial], rrow[DB_type][0]); - goto end; - } else if (rrow[DB_type][0] == DB_TYPE_SUSP) { - BIO_printf(bio_err, "%s=Suspended (%c)\n", - row[DB_serial], rrow[DB_type][0]); - goto end; - } else { - BIO_printf(bio_err, "%s=Unknown (%c).\n", - row[DB_serial], rrow[DB_type][0]); - ok = -1; - } - end: - for (i = 0; i < DB_NUMBER; i++) { - OPENSSL_free(row[i]); - } - return ok; -} - -static int do_updatedb(CA_DB *db) -{ - ASN1_TIME *a_tm = NULL; - int i, cnt = 0; - char **rrow; - - a_tm = ASN1_TIME_new(); - if (a_tm == NULL) - return -1; - - /* get actual time */ - if (X509_gmtime_adj(a_tm, 0) == NULL) { - ASN1_TIME_free(a_tm); - return -1; - } - - for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) { - rrow = sk_OPENSSL_PSTRING_value(db->db->data, i); - - if (rrow[DB_type][0] == DB_TYPE_VAL) { - /* ignore entries that are not valid */ - ASN1_TIME *exp_date = NULL; - - exp_date = ASN1_TIME_new(); - if (exp_date == NULL) { - ASN1_TIME_free(a_tm); - return -1; - } - - if (!ASN1_TIME_set_string(exp_date, rrow[DB_exp_date])) { - ASN1_TIME_free(a_tm); - ASN1_TIME_free(exp_date); - return -1; - } - - if (ASN1_TIME_compare(exp_date, a_tm) <= 0) { - rrow[DB_type][0] = DB_TYPE_EXP; - rrow[DB_type][1] = '\0'; - cnt++; - - BIO_printf(bio_err, "%s=Expired\n", rrow[DB_serial]); - } - ASN1_TIME_free(exp_date); - } - } - - ASN1_TIME_free(a_tm); - return cnt; -} - -static const char *crl_reasons[] = { - /* CRL reason strings */ - "unspecified", - "keyCompromise", - "CACompromise", - "affiliationChanged", - "superseded", - "cessationOfOperation", - "certificateHold", - "removeFromCRL", - /* Additional pseudo reasons */ - "holdInstruction", - "keyTime", - "CAkeyTime" -}; - -#define NUM_REASONS OSSL_NELEM(crl_reasons) - -/* - * Given revocation information convert to a DB string. The format of the - * string is: revtime[,reason,extra]. Where 'revtime' is the revocation time - * (the current time). 'reason' is the optional CRL reason and 'extra' is any - * additional argument - */ - -static char *make_revocation_str(REVINFO_TYPE rev_type, const char *rev_arg) -{ - char *str; - const char *reason = NULL, *other = NULL; - ASN1_OBJECT *otmp; - ASN1_UTCTIME *revtm = NULL; - int i; - - switch (rev_type) { - case REV_NONE: - case REV_VALID: - break; - - case REV_CRL_REASON: - for (i = 0; i < 8; i++) { - if (OPENSSL_strcasecmp(rev_arg, crl_reasons[i]) == 0) { - reason = crl_reasons[i]; - break; - } - } - if (reason == NULL) { - BIO_printf(bio_err, "Unknown CRL reason %s\n", rev_arg); - return NULL; - } - break; - - case REV_HOLD: - /* Argument is an OID */ - otmp = OBJ_txt2obj(rev_arg, 0); - ASN1_OBJECT_free(otmp); - - if (otmp == NULL) { - BIO_printf(bio_err, "Invalid object identifier %s\n", rev_arg); - return NULL; - } - - reason = "holdInstruction"; - other = rev_arg; - break; - - case REV_KEY_COMPROMISE: - case REV_CA_COMPROMISE: - /* Argument is the key compromise time */ - if (!ASN1_GENERALIZEDTIME_set_string(NULL, rev_arg)) { - BIO_printf(bio_err, - "Invalid time format %s. Need YYYYMMDDHHMMSSZ\n", - rev_arg); - return NULL; - } - other = rev_arg; - if (rev_type == REV_KEY_COMPROMISE) - reason = "keyTime"; - else - reason = "CAkeyTime"; - - break; - } - - revtm = X509_gmtime_adj(NULL, 0); - - if (!revtm) - return NULL; - - i = revtm->length + 1; - - if (reason) - i += strlen(reason) + 1; - if (other) - i += strlen(other) + 1; - - str = app_malloc(i, "revocation reason"); - OPENSSL_strlcpy(str, (char *)revtm->data, i); - if (reason) { - OPENSSL_strlcat(str, ",", i); - OPENSSL_strlcat(str, reason, i); - } - if (other) { - OPENSSL_strlcat(str, ",", i); - OPENSSL_strlcat(str, other, i); - } - ASN1_UTCTIME_free(revtm); - return str; -} - -/*- - * Convert revocation field to X509_REVOKED entry - * return code: - * 0 error - * 1 OK - * 2 OK and some extensions added (i.e. V2 CRL) - */ - -static int make_revoked(X509_REVOKED *rev, const char *str) -{ - char *tmp = NULL; - int reason_code = -1; - int i, ret = 0; - ASN1_OBJECT *hold = NULL; - ASN1_GENERALIZEDTIME *comp_time = NULL; - ASN1_ENUMERATED *rtmp = NULL; - - ASN1_TIME *revDate = NULL; - - i = unpack_revinfo(&revDate, &reason_code, &hold, &comp_time, str); - - if (i == 0) - goto end; - - if (rev && !X509_REVOKED_set_revocationDate(rev, revDate)) - goto end; - - if (rev && (reason_code != OCSP_REVOKED_STATUS_NOSTATUS)) { - rtmp = ASN1_ENUMERATED_new(); - if (rtmp == NULL || !ASN1_ENUMERATED_set(rtmp, reason_code)) - goto end; - if (X509_REVOKED_add1_ext_i2d(rev, NID_crl_reason, rtmp, 0, 0) <= 0) - goto end; - } - - if (rev && comp_time) { - if (X509_REVOKED_add1_ext_i2d - (rev, NID_invalidity_date, comp_time, 0, 0) <= 0) - goto end; - } - if (rev && hold) { - if (X509_REVOKED_add1_ext_i2d - (rev, NID_hold_instruction_code, hold, 0, 0) <= 0) - goto end; - } - - if (reason_code != OCSP_REVOKED_STATUS_NOSTATUS) - ret = 2; - else - ret = 1; - - end: - - OPENSSL_free(tmp); - ASN1_OBJECT_free(hold); - ASN1_GENERALIZEDTIME_free(comp_time); - ASN1_ENUMERATED_free(rtmp); - ASN1_TIME_free(revDate); - - return ret; -} - -static int old_entry_print(const ASN1_OBJECT *obj, const ASN1_STRING *str) -{ - char buf[25], *pbuf; - const char *p; - int j; - - j = i2a_ASN1_OBJECT(bio_err, obj); - pbuf = buf; - for (j = 22 - j; j > 0; j--) - *(pbuf++) = ' '; - *(pbuf++) = ':'; - *(pbuf++) = '\0'; - BIO_puts(bio_err, buf); - - if (str->type == V_ASN1_PRINTABLESTRING) - BIO_printf(bio_err, "PRINTABLE:'"); - else if (str->type == V_ASN1_T61STRING) - BIO_printf(bio_err, "T61STRING:'"); - else if (str->type == V_ASN1_IA5STRING) - BIO_printf(bio_err, "IA5STRING:'"); - else if (str->type == V_ASN1_UNIVERSALSTRING) - BIO_printf(bio_err, "UNIVERSALSTRING:'"); - else - BIO_printf(bio_err, "ASN.1 %2d:'", str->type); - - p = (const char *)str->data; - for (j = str->length; j > 0; j--) { - if ((*p >= ' ') && (*p <= '~')) - BIO_printf(bio_err, "%c", *p); - else if (*p & 0x80) - BIO_printf(bio_err, "\\0x%02X", *p); - else if ((unsigned char)*p == 0xf7) - BIO_printf(bio_err, "^?"); - else - BIO_printf(bio_err, "^%c", *p + '@'); - p++; - } - BIO_printf(bio_err, "'\n"); - return 1; -} - -int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold, - ASN1_GENERALIZEDTIME **pinvtm, const char *str) -{ - char *tmp; - char *rtime_str, *reason_str = NULL, *arg_str = NULL, *p; - int reason_code = -1; - int ret = 0; - unsigned int i; - ASN1_OBJECT *hold = NULL; - ASN1_GENERALIZEDTIME *comp_time = NULL; - - tmp = OPENSSL_strdup(str); - if (!tmp) { - BIO_printf(bio_err, "memory allocation failure\n"); - goto end; - } - - p = strchr(tmp, ','); - - rtime_str = tmp; - - if (p) { - *p = '\0'; - p++; - reason_str = p; - p = strchr(p, ','); - if (p) { - *p = '\0'; - arg_str = p + 1; - } - } - - if (prevtm) { - *prevtm = ASN1_UTCTIME_new(); - if (*prevtm == NULL) { - BIO_printf(bio_err, "memory allocation failure\n"); - goto end; - } - if (!ASN1_UTCTIME_set_string(*prevtm, rtime_str)) { - BIO_printf(bio_err, "invalid revocation date %s\n", rtime_str); - goto end; - } - } - if (reason_str) { - for (i = 0; i < NUM_REASONS; i++) { - if (OPENSSL_strcasecmp(reason_str, crl_reasons[i]) == 0) { - reason_code = i; - break; - } - } - if (reason_code == OCSP_REVOKED_STATUS_NOSTATUS) { - BIO_printf(bio_err, "invalid reason code %s\n", reason_str); - goto end; - } - - if (reason_code == 7) { - reason_code = OCSP_REVOKED_STATUS_REMOVEFROMCRL; - } else if (reason_code == 8) { /* Hold instruction */ - if (!arg_str) { - BIO_printf(bio_err, "missing hold instruction\n"); - goto end; - } - reason_code = OCSP_REVOKED_STATUS_CERTIFICATEHOLD; - hold = OBJ_txt2obj(arg_str, 0); - - if (!hold) { - BIO_printf(bio_err, "invalid object identifier %s\n", arg_str); - goto end; - } - if (phold) - *phold = hold; - else - ASN1_OBJECT_free(hold); - } else if ((reason_code == 9) || (reason_code == 10)) { - if (!arg_str) { - BIO_printf(bio_err, "missing compromised time\n"); - goto end; - } - comp_time = ASN1_GENERALIZEDTIME_new(); - if (comp_time == NULL) { - BIO_printf(bio_err, "memory allocation failure\n"); - goto end; - } - if (!ASN1_GENERALIZEDTIME_set_string(comp_time, arg_str)) { - BIO_printf(bio_err, "invalid compromised time %s\n", arg_str); - goto end; - } - if (reason_code == 9) - reason_code = OCSP_REVOKED_STATUS_KEYCOMPROMISE; - else - reason_code = OCSP_REVOKED_STATUS_CACOMPROMISE; - } - } - - if (preason) - *preason = reason_code; - if (pinvtm) { - *pinvtm = comp_time; - comp_time = NULL; - } - - ret = 1; - - end: - - OPENSSL_free(tmp); - ASN1_GENERALIZEDTIME_free(comp_time); - - return ret; -} diff --git a/apps/ciphers.c b/apps/ciphers.c deleted file mode 100644 index 42a0bb79f6514de2242fa65d5a5fd4eaaf1c911e..0000000000000000000000000000000000000000 --- a/apps/ciphers.c +++ /dev/null @@ -1,285 +0,0 @@ -/* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include "apps.h" -#include "progs.h" -#include -#include -#include "s_apps.h" - -typedef enum OPTION_choice { - OPT_COMMON, - OPT_STDNAME, - OPT_CONVERT, - OPT_SSL3, - OPT_TLS1, - OPT_TLS1_1, - OPT_TLS1_2, - OPT_TLS1_3, - OPT_PSK, - OPT_SRP, - OPT_CIPHERSUITES, - OPT_V, OPT_UPPER_V, OPT_S, OPT_PROV_ENUM -} OPTION_CHOICE; - -const OPTIONS ciphers_options[] = { - {OPT_HELP_STR, 1, '-', "Usage: %s [options] [cipher]\n"}, - - OPT_SECTION("General"), - {"help", OPT_HELP, '-', "Display this summary"}, - - OPT_SECTION("Output"), - {"v", OPT_V, '-', "Verbose listing of the SSL/TLS ciphers"}, - {"V", OPT_UPPER_V, '-', "Even more verbose"}, - {"stdname", OPT_STDNAME, '-', "Show standard cipher names"}, - {"convert", OPT_CONVERT, 's', "Convert standard name into OpenSSL name"}, - - OPT_SECTION("Cipher specification"), - {"s", OPT_S, '-', "Only supported ciphers"}, -#ifndef OPENSSL_NO_SSL3 - {"ssl3", OPT_SSL3, '-', "Ciphers compatible with SSL3"}, -#endif -#ifndef OPENSSL_NO_TLS1 - {"tls1", OPT_TLS1, '-', "Ciphers compatible with TLS1"}, -#endif -#ifndef OPENSSL_NO_TLS1_1 - {"tls1_1", OPT_TLS1_1, '-', "Ciphers compatible with TLS1.1"}, -#endif -#ifndef OPENSSL_NO_TLS1_2 - {"tls1_2", OPT_TLS1_2, '-', "Ciphers compatible with TLS1.2"}, -#endif -#ifndef OPENSSL_NO_TLS1_3 - {"tls1_3", OPT_TLS1_3, '-', "Ciphers compatible with TLS1.3"}, -#endif -#ifndef OPENSSL_NO_PSK - {"psk", OPT_PSK, '-', "Include ciphersuites requiring PSK"}, -#endif -#ifndef OPENSSL_NO_SRP - {"srp", OPT_SRP, '-', "(deprecated) Include ciphersuites requiring SRP"}, -#endif - {"ciphersuites", OPT_CIPHERSUITES, 's', - "Configure the TLSv1.3 ciphersuites to use"}, - OPT_PROV_OPTIONS, - - OPT_PARAMETERS(), - {"cipher", 0, 0, "Cipher string to decode (optional)"}, - {NULL} -}; - -#ifndef OPENSSL_NO_PSK -static unsigned int dummy_psk(SSL *ssl, const char *hint, char *identity, - unsigned int max_identity_len, - unsigned char *psk, - unsigned int max_psk_len) -{ - return 0; -} -#endif - -int ciphers_main(int argc, char **argv) -{ - SSL_CTX *ctx = NULL; - SSL *ssl = NULL; - STACK_OF(SSL_CIPHER) *sk = NULL; - const SSL_METHOD *meth = TLS_server_method(); - int ret = 1, i, verbose = 0, Verbose = 0, use_supported = 0; - int stdname = 0; -#ifndef OPENSSL_NO_PSK - int psk = 0; -#endif -#ifndef OPENSSL_NO_SRP - int srp = 0; -#endif - const char *p; - char *ciphers = NULL, *prog, *convert = NULL, *ciphersuites = NULL; - char buf[512]; - OPTION_CHOICE o; - int min_version = 0, max_version = 0; - - prog = opt_init(argc, argv, ciphers_options); - while ((o = opt_next()) != OPT_EOF) { - switch (o) { - case OPT_EOF: - case OPT_ERR: - opthelp: - BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); - goto end; - case OPT_HELP: - opt_help(ciphers_options); - ret = 0; - goto end; - case OPT_V: - verbose = 1; - break; - case OPT_UPPER_V: - verbose = Verbose = 1; - break; - case OPT_S: - use_supported = 1; - break; - case OPT_STDNAME: - stdname = verbose = 1; - break; - case OPT_CONVERT: - convert = opt_arg(); - break; - case OPT_SSL3: - min_version = SSL3_VERSION; - max_version = SSL3_VERSION; - break; - case OPT_TLS1: - min_version = TLS1_VERSION; - max_version = TLS1_VERSION; - break; - case OPT_TLS1_1: - min_version = TLS1_1_VERSION; - max_version = TLS1_1_VERSION; - break; - case OPT_TLS1_2: - min_version = TLS1_2_VERSION; - max_version = TLS1_2_VERSION; - break; - case OPT_TLS1_3: - min_version = TLS1_3_VERSION; - max_version = TLS1_3_VERSION; - break; - case OPT_PSK: -#ifndef OPENSSL_NO_PSK - psk = 1; -#endif - break; - case OPT_SRP: -#ifndef OPENSSL_NO_SRP - srp = 1; -#endif - break; - case OPT_CIPHERSUITES: - ciphersuites = opt_arg(); - break; - case OPT_PROV_CASES: - if (!opt_provider(o)) - goto end; - break; - } - } - - /* Optional arg is cipher name. */ - argv = opt_rest(); - argc = opt_num_rest(); - if (argc == 1) - ciphers = argv[0]; - else if (argc != 0) - goto opthelp; - - if (convert != NULL) { - BIO_printf(bio_out, "OpenSSL cipher name: %s\n", - OPENSSL_cipher_name(convert)); - ret = 0; - goto end; - } - - ctx = SSL_CTX_new_ex(app_get0_libctx(), app_get0_propq(), meth); - if (ctx == NULL) - goto err; - if (SSL_CTX_set_min_proto_version(ctx, min_version) == 0) - goto err; - if (SSL_CTX_set_max_proto_version(ctx, max_version) == 0) - goto err; - -#ifndef OPENSSL_NO_PSK - if (psk) - SSL_CTX_set_psk_client_callback(ctx, dummy_psk); -#endif -#ifndef OPENSSL_NO_SRP - if (srp) - set_up_dummy_srp(ctx); -#endif - - if (ciphersuites != NULL && !SSL_CTX_set_ciphersuites(ctx, ciphersuites)) { - BIO_printf(bio_err, "Error setting TLSv1.3 ciphersuites\n"); - goto err; - } - - if (ciphers != NULL) { - if (!SSL_CTX_set_cipher_list(ctx, ciphers)) { - BIO_printf(bio_err, "Error in cipher list\n"); - goto err; - } - } - ssl = SSL_new(ctx); - if (ssl == NULL) - goto err; - - if (use_supported) - sk = SSL_get1_supported_ciphers(ssl); - else - sk = SSL_get_ciphers(ssl); - - if (!verbose) { - for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) { - const SSL_CIPHER *c = sk_SSL_CIPHER_value(sk, i); - - if (!ossl_assert(c != NULL)) - continue; - - p = SSL_CIPHER_get_name(c); - if (p == NULL) - break; - if (i != 0) - BIO_printf(bio_out, ":"); - BIO_printf(bio_out, "%s", p); - } - BIO_printf(bio_out, "\n"); - } else { - - for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) { - const SSL_CIPHER *c; - - c = sk_SSL_CIPHER_value(sk, i); - - if (!ossl_assert(c != NULL)) - continue; - - if (Verbose) { - unsigned long id = SSL_CIPHER_get_id(c); - int id0 = (int)(id >> 24); - int id1 = (int)((id >> 16) & 0xffL); - int id2 = (int)((id >> 8) & 0xffL); - int id3 = (int)(id & 0xffL); - - if ((id & 0xff000000L) == 0x03000000L) - BIO_printf(bio_out, " 0x%02X,0x%02X - ", id2, id3); /* SSL3 - * cipher */ - else - BIO_printf(bio_out, "0x%02X,0x%02X,0x%02X,0x%02X - ", id0, id1, id2, id3); /* whatever */ - } - if (stdname) { - const char *nm = SSL_CIPHER_standard_name(c); - if (nm == NULL) - nm = "UNKNOWN"; - BIO_printf(bio_out, "%-45s - ", nm); - } - BIO_puts(bio_out, SSL_CIPHER_description(c, buf, sizeof(buf))); - } - } - - ret = 0; - goto end; - err: - ERR_print_errors(bio_err); - end: - if (use_supported) - sk_SSL_CIPHER_free(sk); - SSL_CTX_free(ctx); - SSL_free(ssl); - return ret; -} diff --git a/apps/cmp.c b/apps/cmp.c deleted file mode 100644 index f98e5ab938820ed0b2084de121d3f6e04cfd07ab..0000000000000000000000000000000000000000 --- a/apps/cmp.c +++ /dev/null @@ -1,3023 +0,0 @@ -/* - * Copyright 2007-2022 The OpenSSL Project Authors. All Rights Reserved. - * Copyright Nokia 2007-2019 - * Copyright Siemens AG 2015-2019 - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* This app is disabled when OPENSSL_NO_CMP is defined. */ - -#include -#include - -#include "apps.h" -#include "http_server.h" -#include "s_apps.h" -#include "progs.h" - -#include "cmp_mock_srv.h" - -/* tweaks needed due to missing unistd.h on Windows */ -#if defined(_WIN32) && !defined(__BORLANDC__) -# define access _access -#endif -#ifndef F_OK -# define F_OK 0 -#endif - -#include -#include -#include - -/* explicit #includes not strictly needed since implied by the above: */ -#include -#include -#include -#include -#include -#include -#include -#include -#include - -static char *prog; -static char *opt_config = NULL; -#define CMP_SECTION "cmp" -#define SECTION_NAME_MAX 40 /* max length of section name */ -#define DEFAULT_SECTION "default" -static char *opt_section = CMP_SECTION; -static int opt_verbosity = OSSL_CMP_LOG_INFO; - -static int read_config(void); - -static CONF *conf = NULL; /* OpenSSL config file context structure */ -static OSSL_CMP_CTX *cmp_ctx = NULL; /* the client-side CMP context */ - -/* the type of cmp command we want to send */ -typedef enum { - CMP_IR, - CMP_KUR, - CMP_CR, - CMP_P10CR, - CMP_RR, - CMP_GENM -} cmp_cmd_t; - -/* message transfer */ -#ifndef OPENSSL_NO_SOCK -static char *opt_server = NULL; -static char *opt_proxy = NULL; -static char *opt_no_proxy = NULL; -#endif -static char *opt_recipient = NULL; -static char *opt_path = NULL; -static int opt_keep_alive = 1; -static int opt_msg_timeout = -1; -static int opt_total_timeout = -1; - -/* server authentication */ -static char *opt_trusted = NULL; -static char *opt_untrusted = NULL; -static char *opt_srvcert = NULL; -static char *opt_expect_sender = NULL; -static int opt_ignore_keyusage = 0; -static int opt_unprotected_errors = 0; -static char *opt_extracertsout = NULL; -static char *opt_cacertsout = NULL; - -/* client authentication */ -static char *opt_ref = NULL; -static char *opt_secret = NULL; -static char *opt_cert = NULL; -static char *opt_own_trusted = NULL; -static char *opt_key = NULL; -static char *opt_keypass = NULL; -static char *opt_digest = NULL; -static char *opt_mac = NULL; -static char *opt_extracerts = NULL; -static int opt_unprotected_requests = 0; - -/* generic message */ -static char *opt_cmd_s = NULL; -static int opt_cmd = -1; -static char *opt_geninfo = NULL; -static char *opt_infotype_s = NULL; -static int opt_infotype = NID_undef; - -/* certificate enrollment */ -static char *opt_newkey = NULL; -static char *opt_newkeypass = NULL; -static char *opt_subject = NULL; -static char *opt_issuer = NULL; -static int opt_days = 0; -static char *opt_reqexts = NULL; -static char *opt_sans = NULL; -static int opt_san_nodefault = 0; -static char *opt_policies = NULL; -static char *opt_policy_oids = NULL; -static int opt_policy_oids_critical = 0; -static int opt_popo = OSSL_CRMF_POPO_NONE - 1; -static char *opt_csr = NULL; -static char *opt_out_trusted = NULL; -static int opt_implicit_confirm = 0; -static int opt_disable_confirm = 0; -static char *opt_certout = NULL; -static char *opt_chainout = NULL; - -/* certificate enrollment and revocation */ -static char *opt_oldcert = NULL; -static int opt_revreason = CRL_REASON_NONE; - -/* credentials format */ -static char *opt_certform_s = "PEM"; -static int opt_certform = FORMAT_PEM; -static char *opt_keyform_s = NULL; -static int opt_keyform = FORMAT_UNDEF; -static char *opt_otherpass = NULL; -static char *opt_engine = NULL; - -#ifndef OPENSSL_NO_SOCK -/* TLS connection */ -static int opt_tls_used = 0; -static char *opt_tls_cert = NULL; -static char *opt_tls_key = NULL; -static char *opt_tls_keypass = NULL; -static char *opt_tls_extra = NULL; -static char *opt_tls_trusted = NULL; -static char *opt_tls_host = NULL; -#endif - -/* client-side debugging */ -static int opt_batch = 0; -static int opt_repeat = 1; -static char *opt_reqin = NULL; -static int opt_reqin_new_tid = 0; -static char *opt_reqout = NULL; -static char *opt_rspin = NULL; -static char *opt_rspout = NULL; -static int opt_use_mock_srv = 0; - -/* mock server */ -#ifndef OPENSSL_NO_SOCK -static char *opt_port = NULL; -static int opt_max_msgs = 0; -#endif -static char *opt_srv_ref = NULL; -static char *opt_srv_secret = NULL; -static char *opt_srv_cert = NULL; -static char *opt_srv_key = NULL; -static char *opt_srv_keypass = NULL; - -static char *opt_srv_trusted = NULL; -static char *opt_srv_untrusted = NULL; -static char *opt_rsp_cert = NULL; -static char *opt_rsp_extracerts = NULL; -static char *opt_rsp_capubs = NULL; -static int opt_poll_count = 0; -static int opt_check_after = 1; -static int opt_grant_implicitconf = 0; - -static int opt_pkistatus = OSSL_CMP_PKISTATUS_accepted; -static int opt_failure = INT_MIN; -static int opt_failurebits = 0; -static char *opt_statusstring = NULL; -static int opt_send_error = 0; -static int opt_send_unprotected = 0; -static int opt_send_unprot_err = 0; -static int opt_accept_unprotected = 0; -static int opt_accept_unprot_err = 0; -static int opt_accept_raverified = 0; - -static X509_VERIFY_PARAM *vpm = NULL; - -typedef enum OPTION_choice { - OPT_COMMON, - OPT_CONFIG, OPT_SECTION, OPT_VERBOSITY, - - OPT_CMD, OPT_INFOTYPE, OPT_GENINFO, - - OPT_NEWKEY, OPT_NEWKEYPASS, OPT_SUBJECT, OPT_ISSUER, - OPT_DAYS, OPT_REQEXTS, - OPT_SANS, OPT_SAN_NODEFAULT, - OPT_POLICIES, OPT_POLICY_OIDS, OPT_POLICY_OIDS_CRITICAL, - OPT_POPO, OPT_CSR, - OPT_OUT_TRUSTED, OPT_IMPLICIT_CONFIRM, OPT_DISABLE_CONFIRM, - OPT_CERTOUT, OPT_CHAINOUT, - - OPT_OLDCERT, OPT_REVREASON, - -#ifndef OPENSSL_NO_SOCK - OPT_SERVER, OPT_PROXY, OPT_NO_PROXY, -#endif - OPT_RECIPIENT, OPT_PATH, - OPT_KEEP_ALIVE, OPT_MSG_TIMEOUT, OPT_TOTAL_TIMEOUT, - - OPT_TRUSTED, OPT_UNTRUSTED, OPT_SRVCERT, - OPT_EXPECT_SENDER, - OPT_IGNORE_KEYUSAGE, OPT_UNPROTECTED_ERRORS, - OPT_EXTRACERTSOUT, OPT_CACERTSOUT, - - OPT_REF, OPT_SECRET, OPT_CERT, OPT_OWN_TRUSTED, OPT_KEY, OPT_KEYPASS, - OPT_DIGEST, OPT_MAC, OPT_EXTRACERTS, - OPT_UNPROTECTED_REQUESTS, - - OPT_CERTFORM, OPT_KEYFORM, - OPT_OTHERPASS, -#ifndef OPENSSL_NO_ENGINE - OPT_ENGINE, -#endif - OPT_PROV_ENUM, - OPT_R_ENUM, - -#ifndef OPENSSL_NO_SOCK - OPT_TLS_USED, OPT_TLS_CERT, OPT_TLS_KEY, - OPT_TLS_KEYPASS, - OPT_TLS_EXTRA, OPT_TLS_TRUSTED, OPT_TLS_HOST, -#endif - - OPT_BATCH, OPT_REPEAT, - OPT_REQIN, OPT_REQIN_NEW_TID, OPT_REQOUT, OPT_RSPIN, OPT_RSPOUT, - OPT_USE_MOCK_SRV, - -#ifndef OPENSSL_NO_SOCK - OPT_PORT, OPT_MAX_MSGS, -#endif - OPT_SRV_REF, OPT_SRV_SECRET, - OPT_SRV_CERT, OPT_SRV_KEY, OPT_SRV_KEYPASS, - OPT_SRV_TRUSTED, OPT_SRV_UNTRUSTED, - OPT_RSP_CERT, OPT_RSP_EXTRACERTS, OPT_RSP_CAPUBS, - OPT_POLL_COUNT, OPT_CHECK_AFTER, - OPT_GRANT_IMPLICITCONF, - OPT_PKISTATUS, OPT_FAILURE, - OPT_FAILUREBITS, OPT_STATUSSTRING, - OPT_SEND_ERROR, OPT_SEND_UNPROTECTED, - OPT_SEND_UNPROT_ERR, OPT_ACCEPT_UNPROTECTED, - OPT_ACCEPT_UNPROT_ERR, OPT_ACCEPT_RAVERIFIED, - - OPT_V_ENUM -} OPTION_CHOICE; - -const OPTIONS cmp_options[] = { - /* entries must be in the same order as enumerated above!! */ - {"help", OPT_HELP, '-', "Display this summary"}, - {"config", OPT_CONFIG, 's', - "Configuration file to use. \"\" = none. Default from env variable OPENSSL_CONF"}, - {"section", OPT_SECTION, 's', - "Section(s) in config file to get options from. \"\" = 'default'. Default 'cmp'"}, - {"verbosity", OPT_VERBOSITY, 'N', - "Log level; 3=ERR, 4=WARN, 6=INFO, 7=DEBUG, 8=TRACE. Default 6 = INFO"}, - - OPT_SECTION("Generic message"), - {"cmd", OPT_CMD, 's', "CMP request to send: ir/cr/kur/p10cr/rr/genm"}, - {"infotype", OPT_INFOTYPE, 's', - "InfoType name for requesting specific info in genm, e.g. 'signKeyPairTypes'"}, - {"geninfo", OPT_GENINFO, 's', - "generalInfo integer values to place in request PKIHeader with given OID"}, - {OPT_MORE_STR, 0, 0, - "specified in the form :int:, e.g. \"1.2.3.4:int:56789\""}, - - OPT_SECTION("Certificate enrollment"), - {"newkey", OPT_NEWKEY, 's', - "Private or public key for the requested cert. Default: CSR key or client key"}, - {"newkeypass", OPT_NEWKEYPASS, 's', "New private key pass phrase source"}, - {"subject", OPT_SUBJECT, 's', - "Distinguished Name (DN) of subject to use in the requested cert template"}, - {OPT_MORE_STR, 0, 0, - "For kur, default is subject of -csr arg or reference cert (see -oldcert)"}, - {OPT_MORE_STR, 0, 0, - "this default is used for ir and cr only if no Subject Alt Names are set"}, - {"issuer", OPT_ISSUER, 's', - "DN of the issuer to place in the requested certificate template"}, - {OPT_MORE_STR, 0, 0, - "also used as recipient if neither -recipient nor -srvcert are given"}, - {"days", OPT_DAYS, 'N', - "Requested validity time of the new certificate in number of days"}, - {"reqexts", OPT_REQEXTS, 's', - "Name of config file section defining certificate request extensions."}, - {OPT_MORE_STR, 0, 0, - "Augments or replaces any extensions contained CSR given with -csr"}, - {"sans", OPT_SANS, 's', - "Subject Alt Names (IPADDR/DNS/URI) to add as (critical) cert req extension"}, - {"san_nodefault", OPT_SAN_NODEFAULT, '-', - "Do not take default SANs from reference certificate (see -oldcert)"}, - {"policies", OPT_POLICIES, 's', - "Name of config file section defining policies certificate request extension"}, - {"policy_oids", OPT_POLICY_OIDS, 's', - "Policy OID(s) to add as policies certificate request extension"}, - {"policy_oids_critical", OPT_POLICY_OIDS_CRITICAL, '-', - "Flag the policy OID(s) given with -policy_oids as critical"}, - {"popo", OPT_POPO, 'n', - "Proof-of-Possession (POPO) method to use for ir/cr/kur where"}, - {OPT_MORE_STR, 0, 0, - "-1 = NONE, 0 = RAVERIFIED, 1 = SIGNATURE (default), 2 = KEYENC"}, - {"csr", OPT_CSR, 's', - "PKCS#10 CSR file in PEM or DER format to convert or to use in p10cr"}, - {"out_trusted", OPT_OUT_TRUSTED, 's', - "Certificates to trust when verifying newly enrolled certificates"}, - {"implicit_confirm", OPT_IMPLICIT_CONFIRM, '-', - "Request implicit confirmation of newly enrolled certificates"}, - {"disable_confirm", OPT_DISABLE_CONFIRM, '-', - "Do not confirm newly enrolled certificate w/o requesting implicit"}, - {OPT_MORE_STR, 0, 0, - "confirmation. WARNING: This leads to behavior violating RFC 4210"}, - {"certout", OPT_CERTOUT, 's', - "File to save newly enrolled certificate"}, - {"chainout", OPT_CHAINOUT, 's', - "File to save the chain of newly enrolled certificate"}, - - OPT_SECTION("Certificate enrollment and revocation"), - - {"oldcert", OPT_OLDCERT, 's', - "Certificate to be updated (defaulting to -cert) or to be revoked in rr;"}, - {OPT_MORE_STR, 0, 0, - "also used as reference (defaulting to -cert) for subject DN and SANs."}, - {OPT_MORE_STR, 0, 0, - "Issuer is used as recipient unless -recipient, -srvcert, or -issuer given"}, - {"revreason", OPT_REVREASON, 'n', - "Reason code to include in revocation request (rr); possible values:"}, - {OPT_MORE_STR, 0, 0, - "0..6, 8..10 (see RFC5280, 5.3.1) or -1. Default -1 = none included"}, - - OPT_SECTION("Message transfer"), -#ifdef OPENSSL_NO_SOCK - {OPT_MORE_STR, 0, 0, - "NOTE: -server, -proxy, and -no_proxy not supported due to no-sock build"}, -#else - {"server", OPT_SERVER, 's', - "[http[s]://]address[:port][/path] of CMP server. Default port 80 or 443."}, - {OPT_MORE_STR, 0, 0, - "address may be a DNS name or an IP address; path can be overridden by -path"}, - {"proxy", OPT_PROXY, 's', - "[http[s]://]address[:port][/path] of HTTP(S) proxy to use; path is ignored"}, - {"no_proxy", OPT_NO_PROXY, 's', - "List of addresses of servers not to use HTTP(S) proxy for"}, - {OPT_MORE_STR, 0, 0, - "Default from environment variable 'no_proxy', else 'NO_PROXY', else none"}, -#endif - {"recipient", OPT_RECIPIENT, 's', - "DN of CA. Default: subject of -srvcert, -issuer, issuer of -oldcert or -cert"}, - {"path", OPT_PATH, 's', - "HTTP path (aka CMP alias) at the CMP server. Default from -server, else \"/\""}, - {"keep_alive", OPT_KEEP_ALIVE, 'N', - "Persistent HTTP connections. 0: no, 1 (the default): request, 2: require"}, - {"msg_timeout", OPT_MSG_TIMEOUT, 'N', - "Number of seconds allowed per CMP message round trip, or 0 for infinite"}, - {"total_timeout", OPT_TOTAL_TIMEOUT, 'N', - "Overall time an enrollment incl. polling may take. Default 0 = infinite"}, - - OPT_SECTION("Server authentication"), - {"trusted", OPT_TRUSTED, 's', - "Certificates to trust as chain roots when verifying signed CMP responses"}, - {OPT_MORE_STR, 0, 0, "unless -srvcert is given"}, - {"untrusted", OPT_UNTRUSTED, 's', - "Intermediate CA certs for chain construction for CMP/TLS/enrolled certs"}, - {"srvcert", OPT_SRVCERT, 's', - "Server cert to pin and trust directly when verifying signed CMP responses"}, - {"expect_sender", OPT_EXPECT_SENDER, 's', - "DN of expected sender of responses. Defaults to subject of -srvcert, if any"}, - {"ignore_keyusage", OPT_IGNORE_KEYUSAGE, '-', - "Ignore CMP signer cert key usage, else 'digitalSignature' must be allowed"}, - {"unprotected_errors", OPT_UNPROTECTED_ERRORS, '-', - "Accept missing or invalid protection of regular error messages and negative"}, - {OPT_MORE_STR, 0, 0, - "certificate responses (ip/cp/kup), revocation responses (rp), and PKIConf"}, - {OPT_MORE_STR, 0, 0, - "WARNING: This setting leads to behavior allowing violation of RFC 4210"}, - {"extracertsout", OPT_EXTRACERTSOUT, 's', - "File to save extra certificates received in the extraCerts field"}, - {"cacertsout", OPT_CACERTSOUT, 's', - "File to save CA certificates received in the caPubs field of 'ip' messages"}, - - OPT_SECTION("Client authentication"), - {"ref", OPT_REF, 's', - "Reference value to use as senderKID in case no -cert is given"}, - {"secret", OPT_SECRET, 's', - "Prefer PBM (over signatures) for protecting msgs with given password source"}, - {"cert", OPT_CERT, 's', - "Client's CMP signer certificate; its public key must match the -key argument"}, - {OPT_MORE_STR, 0, 0, - "This also used as default reference for subject DN and SANs."}, - {OPT_MORE_STR, 0, 0, - "Any further certs included are appended to the untrusted certs"}, - {"own_trusted", OPT_OWN_TRUSTED, 's', - "Optional certs to verify chain building for own CMP signer cert"}, - {"key", OPT_KEY, 's', "CMP signer private key, not used when -secret given"}, - {"keypass", OPT_KEYPASS, 's', - "Client private key (and cert and old cert) pass phrase source"}, - {"digest", OPT_DIGEST, 's', - "Digest to use in message protection and POPO signatures. Default \"sha256\""}, - {"mac", OPT_MAC, 's', - "MAC algorithm to use in PBM-based message protection. Default \"hmac-sha1\""}, - {"extracerts", OPT_EXTRACERTS, 's', - "Certificates to append in extraCerts field of outgoing messages."}, - {OPT_MORE_STR, 0, 0, - "This can be used as the default CMP signer cert chain to include"}, - {"unprotected_requests", OPT_UNPROTECTED_REQUESTS, '-', - "Send messages without CMP-level protection"}, - - OPT_SECTION("Credentials format"), - {"certform", OPT_CERTFORM, 's', - "Format (PEM or DER) to use when saving a certificate to a file. Default PEM"}, - {"keyform", OPT_KEYFORM, 's', - "Format of the key input (ENGINE, other values ignored)"}, - {"otherpass", OPT_OTHERPASS, 's', - "Pass phrase source potentially needed for loading certificates of others"}, -#ifndef OPENSSL_NO_ENGINE - {"engine", OPT_ENGINE, 's', - "Use crypto engine with given identifier, possibly a hardware device."}, - {OPT_MORE_STR, 0, 0, - "Engines may also be defined in OpenSSL config file engine section."}, -#endif - OPT_PROV_OPTIONS, - OPT_R_OPTIONS, - - OPT_SECTION("TLS connection"), -#ifdef OPENSSL_NO_SOCK - {OPT_MORE_STR, 0, 0, - "NOTE: -tls_used and all other TLS options not supported due to no-sock build"}, -#else - {"tls_used", OPT_TLS_USED, '-', - "Enable using TLS (also when other TLS options are not set)"}, - {"tls_cert", OPT_TLS_CERT, 's', - "Client's TLS certificate. May include chain to be provided to TLS server"}, - {"tls_key", OPT_TLS_KEY, 's', - "Private key for the client's TLS certificate"}, - {"tls_keypass", OPT_TLS_KEYPASS, 's', - "Pass phrase source for the client's private TLS key (and TLS cert)"}, - {"tls_extra", OPT_TLS_EXTRA, 's', - "Extra certificates to provide to TLS server during TLS handshake"}, - {"tls_trusted", OPT_TLS_TRUSTED, 's', - "Trusted certificates to use for verifying the TLS server certificate;"}, - {OPT_MORE_STR, 0, 0, "this implies host name validation"}, - {"tls_host", OPT_TLS_HOST, 's', - "Address to be checked (rather than -server) during TLS host name validation"}, -#endif - - OPT_SECTION("Client-side debugging"), - {"batch", OPT_BATCH, '-', - "Do not interactively prompt for input when a password is required etc."}, - {"repeat", OPT_REPEAT, 'p', - "Invoke the transaction the given positive number of times. Default 1"}, - {"reqin", OPT_REQIN, 's', "Take sequence of CMP requests from file(s)"}, - {"reqin_new_tid", OPT_REQIN_NEW_TID, '-', - "Use fresh transactionID for CMP requests read from -reqin"}, - {"reqout", OPT_REQOUT, 's', "Save sequence of CMP requests to file(s)"}, - {"rspin", OPT_RSPIN, 's', - "Process sequence of CMP responses provided in file(s), skipping server"}, - {"rspout", OPT_RSPOUT, 's', "Save sequence of CMP responses to file(s)"}, - - {"use_mock_srv", OPT_USE_MOCK_SRV, '-', - "Use internal mock server at API level, bypassing socket-based HTTP"}, - - OPT_SECTION("Mock server"), -#ifdef OPENSSL_NO_SOCK - {OPT_MORE_STR, 0, 0, - "NOTE: -port and -max_msgs not supported due to no-sock build"}, -#else - {"port", OPT_PORT, 's', - "Act as HTTP-based mock server listening on given port"}, - {"max_msgs", OPT_MAX_MSGS, 'N', - "max number of messages handled by HTTP mock server. Default: 0 = unlimited"}, -#endif - - {"srv_ref", OPT_SRV_REF, 's', - "Reference value to use as senderKID of server in case no -srv_cert is given"}, - {"srv_secret", OPT_SRV_SECRET, 's', - "Password source for server authentication with a pre-shared key (secret)"}, - {"srv_cert", OPT_SRV_CERT, 's', "Certificate of the server"}, - {"srv_key", OPT_SRV_KEY, 's', - "Private key used by the server for signing messages"}, - {"srv_keypass", OPT_SRV_KEYPASS, 's', - "Server private key (and cert) pass phrase source"}, - - {"srv_trusted", OPT_SRV_TRUSTED, 's', - "Trusted certificates for client authentication"}, - {"srv_untrusted", OPT_SRV_UNTRUSTED, 's', - "Intermediate certs that may be useful for verifying CMP protection"}, - {"rsp_cert", OPT_RSP_CERT, 's', - "Certificate to be returned as mock enrollment result"}, - {"rsp_extracerts", OPT_RSP_EXTRACERTS, 's', - "Extra certificates to be included in mock certification responses"}, - {"rsp_capubs", OPT_RSP_CAPUBS, 's', - "CA certificates to be included in mock ip response"}, - {"poll_count", OPT_POLL_COUNT, 'N', - "Number of times the client must poll before receiving a certificate"}, - {"check_after", OPT_CHECK_AFTER, 'N', - "The check_after value (time to wait) to include in poll response"}, - {"grant_implicitconf", OPT_GRANT_IMPLICITCONF, '-', - "Grant implicit confirmation of newly enrolled certificate"}, - - {"pkistatus", OPT_PKISTATUS, 'N', - "PKIStatus to be included in server response. Possible values: 0..6"}, - {"failure", OPT_FAILURE, 'N', - "A single failure info bit number to include in server response, 0..26"}, - {"failurebits", OPT_FAILUREBITS, 'N', - "Number representing failure bits to include in server response, 0..2^27 - 1"}, - {"statusstring", OPT_STATUSSTRING, 's', - "Status string to be included in server response"}, - {"send_error", OPT_SEND_ERROR, '-', - "Force server to reply with error message"}, - {"send_unprotected", OPT_SEND_UNPROTECTED, '-', - "Send response messages without CMP-level protection"}, - {"send_unprot_err", OPT_SEND_UNPROT_ERR, '-', - "In case of negative responses, server shall send unprotected error messages,"}, - {OPT_MORE_STR, 0, 0, - "certificate responses (ip/cp/kup), and revocation responses (rp)."}, - {OPT_MORE_STR, 0, 0, - "WARNING: This setting leads to behavior violating RFC 4210"}, - {"accept_unprotected", OPT_ACCEPT_UNPROTECTED, '-', - "Accept missing or invalid protection of requests"}, - {"accept_unprot_err", OPT_ACCEPT_UNPROT_ERR, '-', - "Accept unprotected error messages from client"}, - {"accept_raverified", OPT_ACCEPT_RAVERIFIED, '-', - "Accept RAVERIFIED as proof-of-possession (POPO)"}, - - OPT_V_OPTIONS, - {NULL} -}; - -typedef union { - char **txt; - int *num; - long *num_long; -} varref; -static varref cmp_vars[] = { /* must be in same order as enumerated above! */ - {&opt_config}, {&opt_section}, {(char **)&opt_verbosity}, - - {&opt_cmd_s}, {&opt_infotype_s}, {&opt_geninfo}, - - {&opt_newkey}, {&opt_newkeypass}, {&opt_subject}, {&opt_issuer}, - {(char **)&opt_days}, {&opt_reqexts}, - {&opt_sans}, {(char **)&opt_san_nodefault}, - {&opt_policies}, {&opt_policy_oids}, {(char **)&opt_policy_oids_critical}, - {(char **)&opt_popo}, {&opt_csr}, - {&opt_out_trusted}, - {(char **)&opt_implicit_confirm}, {(char **)&opt_disable_confirm}, - {&opt_certout}, {&opt_chainout}, - - {&opt_oldcert}, {(char **)&opt_revreason}, - -#ifndef OPENSSL_NO_SOCK - {&opt_server}, {&opt_proxy}, {&opt_no_proxy}, -#endif - {&opt_recipient}, {&opt_path}, {(char **)&opt_keep_alive}, - {(char **)&opt_msg_timeout}, {(char **)&opt_total_timeout}, - - {&opt_trusted}, {&opt_untrusted}, {&opt_srvcert}, - {&opt_expect_sender}, - {(char **)&opt_ignore_keyusage}, {(char **)&opt_unprotected_errors}, - {&opt_extracertsout}, {&opt_cacertsout}, - - {&opt_ref}, {&opt_secret}, - {&opt_cert}, {&opt_own_trusted}, {&opt_key}, {&opt_keypass}, - {&opt_digest}, {&opt_mac}, {&opt_extracerts}, - {(char **)&opt_unprotected_requests}, - - {&opt_certform_s}, {&opt_keyform_s}, - {&opt_otherpass}, -#ifndef OPENSSL_NO_ENGINE - {&opt_engine}, -#endif - -#ifndef OPENSSL_NO_SOCK - {(char **)&opt_tls_used}, {&opt_tls_cert}, {&opt_tls_key}, - {&opt_tls_keypass}, - {&opt_tls_extra}, {&opt_tls_trusted}, {&opt_tls_host}, -#endif - - {(char **)&opt_batch}, {(char **)&opt_repeat}, - {&opt_reqin}, {(char **)&opt_reqin_new_tid}, - {&opt_reqout}, {&opt_rspin}, {&opt_rspout}, - - {(char **)&opt_use_mock_srv}, -#ifndef OPENSSL_NO_SOCK - {&opt_port}, {(char **)&opt_max_msgs}, -#endif - {&opt_srv_ref}, {&opt_srv_secret}, - {&opt_srv_cert}, {&opt_srv_key}, {&opt_srv_keypass}, - {&opt_srv_trusted}, {&opt_srv_untrusted}, - {&opt_rsp_cert}, {&opt_rsp_extracerts}, {&opt_rsp_capubs}, - {(char **)&opt_poll_count}, {(char **)&opt_check_after}, - {(char **)&opt_grant_implicitconf}, - {(char **)&opt_pkistatus}, {(char **)&opt_failure}, - {(char **)&opt_failurebits}, {&opt_statusstring}, - {(char **)&opt_send_error}, {(char **)&opt_send_unprotected}, - {(char **)&opt_send_unprot_err}, {(char **)&opt_accept_unprotected}, - {(char **)&opt_accept_unprot_err}, {(char **)&opt_accept_raverified}, - - {NULL} -}; - -#define FUNC (strcmp(OPENSSL_FUNC, "(unknown function)") == 0 \ - ? "CMP" : OPENSSL_FUNC) -#define CMP_print(bio, level, prefix, msg, a1, a2, a3) \ - ((void)(level > opt_verbosity ? 0 : \ - (BIO_printf(bio, "%s:%s:%d:CMP %s: " msg "\n", \ - FUNC, OPENSSL_FILE, OPENSSL_LINE, prefix, a1, a2, a3)))) -#define CMP_DEBUG(m, a1, a2, a3) \ - CMP_print(bio_out, OSSL_CMP_LOG_DEBUG, "debug", m, a1, a2, a3) -#define CMP_debug(msg) CMP_DEBUG(msg"%s%s%s", "", "", "") -#define CMP_debug1(msg, a1) CMP_DEBUG(msg"%s%s", a1, "", "") -#define CMP_debug2(msg, a1, a2) CMP_DEBUG(msg"%s", a1, a2, "") -#define CMP_debug3(msg, a1, a2, a3) CMP_DEBUG(msg, a1, a2, a3) -#define CMP_INFO(msg, a1, a2, a3) \ - CMP_print(bio_out, OSSL_CMP_LOG_INFO, "info", msg, a1, a2, a3) -#define CMP_info(msg) CMP_INFO(msg"%s%s%s", "", "", "") -#define CMP_info1(msg, a1) CMP_INFO(msg"%s%s", a1, "", "") -#define CMP_info2(msg, a1, a2) CMP_INFO(msg"%s", a1, a2, "") -#define CMP_info3(msg, a1, a2, a3) CMP_INFO(msg, a1, a2, a3) -#define CMP_WARN(m, a1, a2, a3) \ - CMP_print(bio_out, OSSL_CMP_LOG_WARNING, "warning", m, a1, a2, a3) -#define CMP_warn(msg) CMP_WARN(msg"%s%s%s", "", "", "") -#define CMP_warn1(msg, a1) CMP_WARN(msg"%s%s", a1, "", "") -#define CMP_warn2(msg, a1, a2) CMP_WARN(msg"%s", a1, a2, "") -#define CMP_warn3(msg, a1, a2, a3) CMP_WARN(msg, a1, a2, a3) -#define CMP_ERR(msg, a1, a2, a3) \ - CMP_print(bio_err, OSSL_CMP_LOG_ERR, "error", msg, a1, a2, a3) -#define CMP_err(msg) CMP_ERR(msg"%s%s%s", "", "", "") -#define CMP_err1(msg, a1) CMP_ERR(msg"%s%s", a1, "", "") -#define CMP_err2(msg, a1, a2) CMP_ERR(msg"%s", a1, a2, "") -#define CMP_err3(msg, a1, a2, a3) CMP_ERR(msg, a1, a2, a3) - -static int print_to_bio_out(const char *func, const char *file, int line, - OSSL_CMP_severity level, const char *msg) -{ - return OSSL_CMP_print_to_bio(bio_out, func, file, line, level, msg); -} - -static int print_to_bio_err(const char *func, const char *file, int line, - OSSL_CMP_severity level, const char *msg) -{ - return OSSL_CMP_print_to_bio(bio_err, func, file, line, level, msg); -} - -static int set_verbosity(int level) -{ - if (level < OSSL_CMP_LOG_EMERG || level > OSSL_CMP_LOG_MAX) { - CMP_err1("Logging verbosity level %d out of range (0 .. 8)", level); - return 0; - } - opt_verbosity = level; - return 1; -} - -static EVP_PKEY *load_key_pwd(const char *uri, int format, - const char *pass, ENGINE *eng, const char *desc) -{ - char *pass_string = get_passwd(pass, desc); - EVP_PKEY *pkey = load_key(uri, format, 0, pass_string, eng, desc); - - clear_free(pass_string); - return pkey; -} - -static X509 *load_cert_pwd(const char *uri, const char *pass, const char *desc) -{ - X509 *cert; - char *pass_string = get_passwd(pass, desc); - - cert = load_cert_pass(uri, FORMAT_UNDEF, 0, pass_string, desc); - clear_free(pass_string); - return cert; -} - -static X509_REQ *load_csr_autofmt(const char *infile, const char *desc) -{ - X509_REQ *csr; - BIO *bio_bak = bio_err; - - bio_err = NULL; /* do not show errors on more than one try */ - csr = load_csr(infile, FORMAT_PEM, desc); - bio_err = bio_bak; - if (csr == NULL) { - ERR_clear_error(); - csr = load_csr(infile, FORMAT_ASN1, desc); - } - if (csr == NULL) { - ERR_print_errors(bio_err); - BIO_printf(bio_err, "error: unable to load %s from file '%s'\n", desc, - infile); - } else { - EVP_PKEY *pkey = X509_REQ_get0_pubkey(csr); - int ret = do_X509_REQ_verify(csr, pkey, NULL /* vfyopts */); - - if (pkey == NULL || ret < 0) - CMP_warn("error while verifying CSR self-signature"); - else if (ret == 0) - CMP_warn("CSR self-signature does not match the contents"); - } - return csr; -} - -/* set expected host name/IP addr and clears the email addr in the given ts */ -static int truststore_set_host_etc(X509_STORE *ts, const char *host) -{ - X509_VERIFY_PARAM *ts_vpm = X509_STORE_get0_param(ts); - - /* first clear any host names, IP, and email addresses */ - if (!X509_VERIFY_PARAM_set1_host(ts_vpm, NULL, 0) - || !X509_VERIFY_PARAM_set1_ip(ts_vpm, NULL, 0) - || !X509_VERIFY_PARAM_set1_email(ts_vpm, NULL, 0)) - return 0; - X509_VERIFY_PARAM_set_hostflags(ts_vpm, - X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT | - X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS); - return (host != NULL && X509_VERIFY_PARAM_set1_ip_asc(ts_vpm, host)) - || X509_VERIFY_PARAM_set1_host(ts_vpm, host, 0); -} - -/* write OSSL_CMP_MSG DER-encoded to the specified file name item */ -static int write_PKIMESSAGE(const OSSL_CMP_MSG *msg, char **filenames) -{ - char *file; - - if (msg == NULL || filenames == NULL) { - CMP_err("NULL arg to write_PKIMESSAGE"); - return 0; - } - if (*filenames == NULL) { - CMP_err("not enough file names provided for writing PKIMessage"); - return 0; - } - - file = *filenames; - *filenames = next_item(file); - if (OSSL_CMP_MSG_write(file, msg) < 0) { - CMP_err1("cannot write PKIMessage to file '%s'", file); - return 0; - } - return 1; -} - -/* read DER-encoded OSSL_CMP_MSG from the specified file name item */ -static OSSL_CMP_MSG *read_PKIMESSAGE(char **filenames) -{ - char *file; - OSSL_CMP_MSG *ret; - - if (filenames == NULL) { - CMP_err("NULL arg to read_PKIMESSAGE"); - return NULL; - } - if (*filenames == NULL) { - CMP_err("not enough file names provided for reading PKIMessage"); - return NULL; - } - - file = *filenames; - *filenames = next_item(file); - - ret = OSSL_CMP_MSG_read(file, app_get0_libctx(), app_get0_propq()); - if (ret == NULL) - CMP_err1("cannot read PKIMessage from file '%s'", file); - return ret; -} - -/*- - * Sends the PKIMessage req and on success place the response in *res - * basically like OSSL_CMP_MSG_http_perform(), but in addition allows - * to dump the sequence of requests and responses to files and/or - * to take the sequence of requests and responses from files. - */ -static OSSL_CMP_MSG *read_write_req_resp(OSSL_CMP_CTX *ctx, - const OSSL_CMP_MSG *req) -{ - OSSL_CMP_MSG *req_new = NULL; - OSSL_CMP_MSG *res = NULL; - OSSL_CMP_PKIHEADER *hdr; - const char *prev_opt_rspin = opt_rspin; - - if (req != NULL && opt_reqout != NULL - && !write_PKIMESSAGE(req, &opt_reqout)) - goto err; - if (opt_reqin != NULL && opt_rspin == NULL) { - if ((req_new = read_PKIMESSAGE(&opt_reqin)) == NULL) - goto err; - /*- - * The transaction ID in req_new read from opt_reqin may not be fresh. - * In this case the server may complain "Transaction id already in use." - * The following workaround unfortunately requires re-protection. - */ - if (opt_reqin_new_tid - && !OSSL_CMP_MSG_update_transactionID(ctx, req_new)) - goto err; - } - - if (opt_rspin != NULL) { - res = read_PKIMESSAGE(&opt_rspin); - } else { - const OSSL_CMP_MSG *actual_req = opt_reqin != NULL ? req_new : req; - - res = opt_use_mock_srv - ? OSSL_CMP_CTX_server_perform(ctx, actual_req) - : OSSL_CMP_MSG_http_perform(ctx, actual_req); - } - if (res == NULL) - goto err; - - if (opt_reqin != NULL || prev_opt_rspin != NULL) { - /* need to satisfy nonce and transactionID checks */ - ASN1_OCTET_STRING *nonce; - ASN1_OCTET_STRING *tid; - - hdr = OSSL_CMP_MSG_get0_header(res); - nonce = OSSL_CMP_HDR_get0_recipNonce(hdr); - tid = OSSL_CMP_HDR_get0_transactionID(hdr); - if (!OSSL_CMP_CTX_set1_senderNonce(ctx, nonce) - || !OSSL_CMP_CTX_set1_transactionID(ctx, tid)) { - OSSL_CMP_MSG_free(res); - res = NULL; - goto err; - } - } - - if (opt_rspout != NULL && !write_PKIMESSAGE(res, &opt_rspout)) { - OSSL_CMP_MSG_free(res); - res = NULL; - } - - err: - OSSL_CMP_MSG_free(req_new); - return res; -} - -static int set_name(const char *str, - int (*set_fn) (OSSL_CMP_CTX *ctx, const X509_NAME *name), - OSSL_CMP_CTX *ctx, const char *desc) -{ - if (str != NULL) { - X509_NAME *n = parse_name(str, MBSTRING_ASC, 1, desc); - - if (n == NULL) - return 0; - if (!(*set_fn) (ctx, n)) { - X509_NAME_free(n); - CMP_err("out of memory"); - return 0; - } - X509_NAME_free(n); - } - return 1; -} - -static int set_gennames(OSSL_CMP_CTX *ctx, char *names, const char *desc) -{ - char *next; - - for (; names != NULL; names = next) { - GENERAL_NAME *n; - - next = next_item(names); - if (strcmp(names, "critical") == 0) { - (void)OSSL_CMP_CTX_set_option(ctx, - OSSL_CMP_OPT_SUBJECTALTNAME_CRITICAL, - 1); - continue; - } - - /* try IP address first, then URI or domain name */ - (void)ERR_set_mark(); - n = a2i_GENERAL_NAME(NULL, NULL, NULL, GEN_IPADD, names, 0); - if (n == NULL) - n = a2i_GENERAL_NAME(NULL, NULL, NULL, - strchr(names, ':') != NULL ? GEN_URI : GEN_DNS, - names, 0); - (void)ERR_pop_to_mark(); - - if (n == NULL) { - CMP_err2("bad syntax of %s '%s'", desc, names); - return 0; - } - if (!OSSL_CMP_CTX_push1_subjectAltName(ctx, n)) { - GENERAL_NAME_free(n); - CMP_err("out of memory"); - return 0; - } - GENERAL_NAME_free(n); - } - return 1; -} - -static X509_STORE *load_trusted(char *input, int for_new_cert, const char *desc) -{ - X509_STORE *ts = load_certstore(input, opt_otherpass, desc, vpm); - - if (ts == NULL) - return NULL; - X509_STORE_set_verify_cb(ts, X509_STORE_CTX_print_verify_cb); - - /* copy vpm to store */ - if (X509_STORE_set1_param(ts, vpm /* may be NULL */) - && (for_new_cert || truststore_set_host_etc(ts, NULL))) - return ts; - BIO_printf(bio_err, "error setting verification parameters for %s\n", desc); - OSSL_CMP_CTX_print_errors(cmp_ctx); - X509_STORE_free(ts); - return NULL; -} - -typedef int (*add_X509_stack_fn_t)(void *ctx, const STACK_OF(X509) *certs); - -static int setup_certs(char *files, const char *desc, void *ctx, - add_X509_stack_fn_t set1_fn) -{ - STACK_OF(X509) *certs; - int ok; - - if (files == NULL) - return 1; - if ((certs = load_certs_multifile(files, opt_otherpass, desc, vpm)) == NULL) - return 0; - ok = (*set1_fn)(ctx, certs); - sk_X509_pop_free(certs, X509_free); - return ok; -} - - -/* - * parse and transform some options, checking their syntax. - * Returns 1 on success, 0 on error - */ -static int transform_opts(void) -{ - if (opt_cmd_s != NULL) { - if (!strcmp(opt_cmd_s, "ir")) { - opt_cmd = CMP_IR; - } else if (!strcmp(opt_cmd_s, "kur")) { - opt_cmd = CMP_KUR; - } else if (!strcmp(opt_cmd_s, "cr")) { - opt_cmd = CMP_CR; - } else if (!strcmp(opt_cmd_s, "p10cr")) { - opt_cmd = CMP_P10CR; - } else if (!strcmp(opt_cmd_s, "rr")) { - opt_cmd = CMP_RR; - } else if (!strcmp(opt_cmd_s, "genm")) { - opt_cmd = CMP_GENM; - } else { - CMP_err1("unknown cmp command '%s'", opt_cmd_s); - return 0; - } - } else { - CMP_err("no cmp command to execute"); - return 0; - } - -#ifndef OPENSSL_NO_ENGINE -# define FORMAT_OPTIONS (OPT_FMT_PEMDER | OPT_FMT_PKCS12 | OPT_FMT_ENGINE) -#else -# define FORMAT_OPTIONS (OPT_FMT_PEMDER | OPT_FMT_PKCS12) -#endif - - if (opt_keyform_s != NULL - && !opt_format(opt_keyform_s, FORMAT_OPTIONS, &opt_keyform)) { - CMP_err("unknown option given for key loading format"); - return 0; - } - -#undef FORMAT_OPTIONS - - if (opt_certform_s != NULL - && !opt_format(opt_certform_s, OPT_FMT_PEMDER, &opt_certform)) { - CMP_err("unknown option given for certificate storing format"); - return 0; - } - - return 1; -} - -static OSSL_CMP_SRV_CTX *setup_srv_ctx(ENGINE *engine) -{ - OSSL_CMP_CTX *ctx; /* extra CMP (client) ctx partly used by server */ - OSSL_CMP_SRV_CTX *srv_ctx = ossl_cmp_mock_srv_new(app_get0_libctx(), - app_get0_propq()); - - if (srv_ctx == NULL) - return NULL; - ctx = OSSL_CMP_SRV_CTX_get0_cmp_ctx(srv_ctx); - - if (opt_srv_ref == NULL) { - if (opt_srv_cert == NULL) { - /* opt_srv_cert should determine the sender */ - CMP_err("must give -srv_ref for mock server if no -srv_cert given"); - goto err; - } - } else { - if (!OSSL_CMP_CTX_set1_referenceValue(ctx, (unsigned char *)opt_srv_ref, - strlen(opt_srv_ref))) - goto err; - } - - if (opt_srv_secret != NULL) { - int res; - char *pass_str = get_passwd(opt_srv_secret, "PBMAC secret of mock server"); - - if (pass_str != NULL) { - cleanse(opt_srv_secret); - res = OSSL_CMP_CTX_set1_secretValue(ctx, (unsigned char *)pass_str, - strlen(pass_str)); - clear_free(pass_str); - if (res == 0) - goto err; - } - } else if (opt_srv_cert == NULL) { - CMP_err("mock server credentials must be given if -use_mock_srv or -port is used"); - goto err; - } else { - CMP_warn("mock server will not be able to handle PBM-protected requests since -srv_secret is not given"); - } - - if (opt_srv_secret == NULL - && ((opt_srv_cert == NULL) != (opt_srv_key == NULL))) { - CMP_err("must give both -srv_cert and -srv_key options or neither"); - goto err; - } - if (opt_srv_cert != NULL) { - X509 *srv_cert = load_cert_pwd(opt_srv_cert, opt_srv_keypass, - "certificate of the mock server"); - - if (srv_cert == NULL || !OSSL_CMP_CTX_set1_cert(ctx, srv_cert)) { - X509_free(srv_cert); - goto err; - } - X509_free(srv_cert); - } - if (opt_srv_key != NULL) { - EVP_PKEY *pkey = load_key_pwd(opt_srv_key, opt_keyform, - opt_srv_keypass, - engine, "private key for mock server cert"); - - if (pkey == NULL || !OSSL_CMP_CTX_set1_pkey(ctx, pkey)) { - EVP_PKEY_free(pkey); - goto err; - } - EVP_PKEY_free(pkey); - } - cleanse(opt_srv_keypass); - - if (opt_srv_trusted != NULL) { - X509_STORE *ts = - load_trusted(opt_srv_trusted, 0, "certs trusted by mock server"); - - if (ts == NULL || !OSSL_CMP_CTX_set0_trustedStore(ctx, ts)) { - X509_STORE_free(ts); - goto err; - } - } else { - CMP_warn("mock server will not be able to handle signature-protected requests since -srv_trusted is not given"); - } - if (!setup_certs(opt_srv_untrusted, - "untrusted certificates for mock server", ctx, - (add_X509_stack_fn_t)OSSL_CMP_CTX_set1_untrusted)) - goto err; - - if (opt_rsp_cert == NULL) { - CMP_warn("no -rsp_cert given for mock server"); - } else { - X509 *cert = load_cert_pwd(opt_rsp_cert, opt_keypass, - "cert to be returned by the mock server"); - - if (cert == NULL) - goto err; - /* from server perspective the server is the client */ - if (!ossl_cmp_mock_srv_set1_certOut(srv_ctx, cert)) { - X509_free(cert); - goto err; - } - X509_free(cert); - } - if (!setup_certs(opt_rsp_extracerts, - "CMP extra certificates for mock server", srv_ctx, - (add_X509_stack_fn_t)ossl_cmp_mock_srv_set1_chainOut)) - goto err; - if (!setup_certs(opt_rsp_capubs, "caPubs for mock server", srv_ctx, - (add_X509_stack_fn_t)ossl_cmp_mock_srv_set1_caPubsOut)) - goto err; - (void)ossl_cmp_mock_srv_set_pollCount(srv_ctx, opt_poll_count); - (void)ossl_cmp_mock_srv_set_checkAfterTime(srv_ctx, opt_check_after); - if (opt_grant_implicitconf) - (void)OSSL_CMP_SRV_CTX_set_grant_implicit_confirm(srv_ctx, 1); - - if (opt_failure != INT_MIN) { /* option has been set explicity */ - if (opt_failure < 0 || OSSL_CMP_PKIFAILUREINFO_MAX < opt_failure) { - CMP_err1("-failure out of range, should be >= 0 and <= %d", - OSSL_CMP_PKIFAILUREINFO_MAX); - goto err; - } - if (opt_failurebits != 0) - CMP_warn("-failurebits overrides -failure"); - else - opt_failurebits = 1 << opt_failure; - } - if ((unsigned)opt_failurebits > OSSL_CMP_PKIFAILUREINFO_MAX_BIT_PATTERN) { - CMP_err("-failurebits out of range"); - goto err; - } - if (!ossl_cmp_mock_srv_set_statusInfo(srv_ctx, opt_pkistatus, - opt_failurebits, opt_statusstring)) - goto err; - - if (opt_send_error) - (void)ossl_cmp_mock_srv_set_send_error(srv_ctx, 1); - - if (opt_send_unprotected) - (void)OSSL_CMP_CTX_set_option(ctx, OSSL_CMP_OPT_UNPROTECTED_SEND, 1); - if (opt_send_unprot_err) - (void)OSSL_CMP_SRV_CTX_set_send_unprotected_errors(srv_ctx, 1); - if (opt_accept_unprotected) - (void)OSSL_CMP_SRV_CTX_set_accept_unprotected(srv_ctx, 1); - if (opt_accept_unprot_err) - (void)OSSL_CMP_CTX_set_option(ctx, OSSL_CMP_OPT_UNPROTECTED_ERRORS, 1); - if (opt_accept_raverified) - (void)OSSL_CMP_SRV_CTX_set_accept_raverified(srv_ctx, 1); - - return srv_ctx; - - err: - ossl_cmp_mock_srv_free(srv_ctx); - return NULL; -} - -/* - * set up verification aspects of OSSL_CMP_CTX w.r.t. opts from config file/CLI. - * Returns pointer on success, NULL on error - */ -static int setup_verification_ctx(OSSL_CMP_CTX *ctx) -{ - if (!setup_certs(opt_untrusted, "untrusted certificates", ctx, - (add_X509_stack_fn_t)OSSL_CMP_CTX_set1_untrusted)) - return 0; - - if (opt_srvcert != NULL || opt_trusted != NULL) { - X509 *srvcert; - X509_STORE *ts; - int ok; - - if (opt_srvcert != NULL) { - if (opt_trusted != NULL) { - CMP_warn("-trusted option is ignored since -srvcert option is present"); - opt_trusted = NULL; - } - if (opt_recipient != NULL) { - CMP_warn("-recipient option is ignored since -srvcert option is present"); - opt_recipient = NULL; - } - srvcert = load_cert_pwd(opt_srvcert, opt_otherpass, - "directly trusted CMP server certificate"); - ok = srvcert != NULL && OSSL_CMP_CTX_set1_srvCert(ctx, srvcert); - X509_free(srvcert); - if (!ok) - return 0; - } - if (opt_trusted != NULL) { - /* - * the 0 arg below clears any expected host/ip/email address; - * opt_expect_sender is used instead - */ - ts = load_trusted(opt_trusted, 0, "certs trusted by client"); - - if (ts == NULL || !OSSL_CMP_CTX_set0_trustedStore(ctx, ts)) { - X509_STORE_free(ts); - return 0; - } - } - } - - if (opt_ignore_keyusage) - (void)OSSL_CMP_CTX_set_option(ctx, OSSL_CMP_OPT_IGNORE_KEYUSAGE, 1); - - if (opt_unprotected_errors) - (void)OSSL_CMP_CTX_set_option(ctx, OSSL_CMP_OPT_UNPROTECTED_ERRORS, 1); - - if (opt_out_trusted != NULL) { /* for use in OSSL_CMP_certConf_cb() */ - X509_VERIFY_PARAM *out_vpm = NULL; - X509_STORE *out_trusted = - load_trusted(opt_out_trusted, 1, - "trusted certs for verifying newly enrolled cert"); - - if (out_trusted == NULL) - return 0; - /* ignore any -attime here, new certs are current anyway */ - out_vpm = X509_STORE_get0_param(out_trusted); - X509_VERIFY_PARAM_clear_flags(out_vpm, X509_V_FLAG_USE_CHECK_TIME); - - (void)OSSL_CMP_CTX_set_certConf_cb_arg(ctx, out_trusted); - } - - if (opt_disable_confirm) - (void)OSSL_CMP_CTX_set_option(ctx, OSSL_CMP_OPT_DISABLE_CONFIRM, 1); - - if (opt_implicit_confirm) - (void)OSSL_CMP_CTX_set_option(ctx, OSSL_CMP_OPT_IMPLICIT_CONFIRM, 1); - - return 1; -} - -#ifndef OPENSSL_NO_SOCK -/* - * set up ssl_ctx for the OSSL_CMP_CTX based on options from config file/CLI. - * Returns pointer on success, NULL on error - */ -static SSL_CTX *setup_ssl_ctx(OSSL_CMP_CTX *ctx, const char *host, - ENGINE *engine) -{ - STACK_OF(X509) *untrusted = OSSL_CMP_CTX_get0_untrusted(ctx); - EVP_PKEY *pkey = NULL; - X509_STORE *trust_store = NULL; - SSL_CTX *ssl_ctx; - int i; - - ssl_ctx = SSL_CTX_new(TLS_client_method()); - if (ssl_ctx == NULL) - return NULL; - - if (opt_tls_trusted != NULL) { - trust_store = load_trusted(opt_tls_trusted, 0, "trusted TLS certs"); - if (trust_store == NULL) - goto err; - SSL_CTX_set_cert_store(ssl_ctx, trust_store); - } - - if (opt_tls_cert != NULL && opt_tls_key != NULL) { - X509 *cert; - STACK_OF(X509) *certs = NULL; - int ok; - - if (!load_cert_certs(opt_tls_cert, &cert, &certs, 0, opt_tls_keypass, - "TLS client certificate (optionally with chain)", - vpm)) - /* need opt_tls_keypass if opt_tls_cert is encrypted PKCS#12 file */ - goto err; - - ok = SSL_CTX_use_certificate(ssl_ctx, cert) > 0; - X509_free(cert); - - /* - * Any further certs and any untrusted certs are used for constructing - * the chain to be provided with the TLS client cert to the TLS server. - */ - if (!ok || !SSL_CTX_set0_chain(ssl_ctx, certs)) { - CMP_err1("unable to use client TLS certificate file '%s'", - opt_tls_cert); - sk_X509_pop_free(certs, X509_free); - goto err; - } - for (i = 0; i < sk_X509_num(untrusted); i++) { - cert = sk_X509_value(untrusted, i); - if (!SSL_CTX_add1_chain_cert(ssl_ctx, cert)) { - CMP_err("could not add untrusted cert to TLS client cert chain"); - goto err; - } - } - - { - X509_VERIFY_PARAM *tls_vpm = NULL; - unsigned long bak_flags = 0; /* compiler warns without init */ - - if (trust_store != NULL) { - tls_vpm = X509_STORE_get0_param(trust_store); - bak_flags = X509_VERIFY_PARAM_get_flags(tls_vpm); - /* disable any cert status/revocation checking etc. */ - X509_VERIFY_PARAM_clear_flags(tls_vpm, - ~(X509_V_FLAG_USE_CHECK_TIME - | X509_V_FLAG_NO_CHECK_TIME)); - } - CMP_debug("trying to build cert chain for own TLS cert"); - if (SSL_CTX_build_cert_chain(ssl_ctx, - SSL_BUILD_CHAIN_FLAG_UNTRUSTED | - SSL_BUILD_CHAIN_FLAG_NO_ROOT)) { - CMP_debug("success building cert chain for own TLS cert"); - } else { - OSSL_CMP_CTX_print_errors(ctx); - CMP_warn("could not build cert chain for own TLS cert"); - } - if (trust_store != NULL) - X509_VERIFY_PARAM_set_flags(tls_vpm, bak_flags); - } - - /* If present we append to the list also the certs from opt_tls_extra */ - if (opt_tls_extra != NULL) { - STACK_OF(X509) *tls_extra = load_certs_multifile(opt_tls_extra, - opt_otherpass, - "extra certificates for TLS", - vpm); - int res = 1; - - if (tls_extra == NULL) - goto err; - for (i = 0; i < sk_X509_num(tls_extra); i++) { - cert = sk_X509_value(tls_extra, i); - if (res != 0) - res = SSL_CTX_add_extra_chain_cert(ssl_ctx, cert); - if (res == 0) - X509_free(cert); - } - sk_X509_free(tls_extra); - if (res == 0) { - BIO_printf(bio_err, "error: unable to add TLS extra certs\n"); - goto err; - } - } - - pkey = load_key_pwd(opt_tls_key, opt_keyform, opt_tls_keypass, - engine, "TLS client private key"); - cleanse(opt_tls_keypass); - if (pkey == NULL) - goto err; - /* - * verify the key matches the cert, - * not using SSL_CTX_check_private_key(ssl_ctx) - * because it gives poor and sometimes misleading diagnostics - */ - if (!X509_check_private_key(SSL_CTX_get0_certificate(ssl_ctx), - pkey)) { - CMP_err2("TLS private key '%s' does not match the TLS certificate '%s'\n", - opt_tls_key, opt_tls_cert); - EVP_PKEY_free(pkey); - pkey = NULL; /* otherwise, for some reason double free! */ - goto err; - } - if (SSL_CTX_use_PrivateKey(ssl_ctx, pkey) <= 0) { - CMP_err1("unable to use TLS client private key '%s'", opt_tls_key); - EVP_PKEY_free(pkey); - pkey = NULL; /* otherwise, for some reason double free! */ - goto err; - } - EVP_PKEY_free(pkey); /* we do not need the handle any more */ - } - if (opt_tls_trusted != NULL) { - /* enable and parameterize server hostname/IP address check */ - if (!truststore_set_host_etc(trust_store, - opt_tls_host != NULL ? opt_tls_host : host)) - goto err; - SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_PEER, NULL); - } - return ssl_ctx; - err: - SSL_CTX_free(ssl_ctx); - return NULL; -} -#endif /* OPENSSL_NO_SOCK */ - -/* - * set up protection aspects of OSSL_CMP_CTX based on options from config - * file/CLI while parsing options and checking their consistency. - * Returns 1 on success, 0 on error - */ -static int setup_protection_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine) -{ - if (!opt_unprotected_requests && opt_secret == NULL && opt_key == NULL) { - CMP_err("must give -key or -secret unless -unprotected_requests is used"); - return 0; - } - - if (opt_ref == NULL && opt_cert == NULL && opt_subject == NULL) { - /* cert or subject should determine the sender */ - CMP_err("must give -ref if no -cert and no -subject given"); - return 0; - } - if (!opt_secret && ((opt_cert == NULL) != (opt_key == NULL))) { - CMP_err("must give both -cert and -key options or neither"); - return 0; - } - if (opt_secret != NULL) { - char *pass_string = get_passwd(opt_secret, "PBMAC"); - int res; - - if (pass_string != NULL) { - cleanse(opt_secret); - res = OSSL_CMP_CTX_set1_secretValue(ctx, - (unsigned char *)pass_string, - strlen(pass_string)); - clear_free(pass_string); - if (res == 0) - return 0; - } - if (opt_cert != NULL || opt_key != NULL) - CMP_warn("-cert and -key not used for protection since -secret is given"); - } - if (opt_ref != NULL - && !OSSL_CMP_CTX_set1_referenceValue(ctx, (unsigned char *)opt_ref, - strlen(opt_ref))) - return 0; - - if (opt_key != NULL) { - EVP_PKEY *pkey = load_key_pwd(opt_key, opt_keyform, opt_keypass, engine, - "private key for CMP client certificate"); - - if (pkey == NULL || !OSSL_CMP_CTX_set1_pkey(ctx, pkey)) { - EVP_PKEY_free(pkey); - return 0; - } - EVP_PKEY_free(pkey); - } - if (opt_secret == NULL && opt_srvcert == NULL && opt_trusted == NULL) - CMP_warn("will not authenticate server due to missing -secret, -trusted, or -srvcert"); - - if (opt_cert != NULL) { - X509 *cert; - STACK_OF(X509) *certs = NULL; - X509_STORE *own_trusted = NULL; - int ok; - - if (!load_cert_certs(opt_cert, &cert, &certs, 0, opt_keypass, - "CMP client certificate (optionally with chain)", - vpm)) - /* opt_keypass is needed if opt_cert is an encrypted PKCS#12 file */ - return 0; - ok = OSSL_CMP_CTX_set1_cert(ctx, cert); - X509_free(cert); - if (!ok) { - CMP_err("out of memory"); - } else { - if (opt_own_trusted != NULL) { - own_trusted = load_trusted(opt_own_trusted, 0, - "trusted certs for verifying own CMP signer cert"); - ok = own_trusted != NULL; - } - ok = ok && OSSL_CMP_CTX_build_cert_chain(ctx, own_trusted, certs); - } - X509_STORE_free(own_trusted); - sk_X509_pop_free(certs, X509_free); - if (!ok) - return 0; - } else if (opt_own_trusted != NULL) { - CMP_warn("-own_trusted option is ignored without -cert"); - } - - if (!setup_certs(opt_extracerts, "extra certificates for CMP", ctx, - (add_X509_stack_fn_t)OSSL_CMP_CTX_set1_extraCertsOut)) - return 0; - cleanse(opt_otherpass); - - if (opt_unprotected_requests) - (void)OSSL_CMP_CTX_set_option(ctx, OSSL_CMP_OPT_UNPROTECTED_SEND, 1); - - if (opt_digest != NULL) { - int digest = OBJ_ln2nid(opt_digest); - - if (digest == NID_undef) { - CMP_err1("digest algorithm name not recognized: '%s'", opt_digest); - return 0; - } - if (!OSSL_CMP_CTX_set_option(ctx, OSSL_CMP_OPT_DIGEST_ALGNID, digest) - || !OSSL_CMP_CTX_set_option(ctx, OSSL_CMP_OPT_OWF_ALGNID, digest)) { - CMP_err1("digest algorithm name not supported: '%s'", opt_digest); - return 0; - } - } - - if (opt_mac != NULL) { - int mac = OBJ_ln2nid(opt_mac); - if (mac == NID_undef) { - CMP_err1("MAC algorithm name not recognized: '%s'", opt_mac); - return 0; - } - (void)OSSL_CMP_CTX_set_option(ctx, OSSL_CMP_OPT_MAC_ALGNID, mac); - } - return 1; -} - -/* - * set up IR/CR/KUR/CertConf/RR specific parts of the OSSL_CMP_CTX - * based on options from config file/CLI. - * Returns pointer on success, NULL on error - */ -static int setup_request_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine) -{ - X509_REQ *csr = NULL; - X509_EXTENSIONS *exts = NULL; - X509V3_CTX ext_ctx; - - if (opt_subject == NULL - && opt_csr == NULL && opt_oldcert == NULL && opt_cert == NULL - && opt_cmd != CMP_RR && opt_cmd != CMP_GENM) - CMP_warn("no -subject given; no -csr or -oldcert or -cert available for fallback"); - - if (opt_cmd == CMP_IR || opt_cmd == CMP_CR || opt_cmd == CMP_KUR) { - if (opt_newkey == NULL && opt_key == NULL && opt_csr == NULL) { - CMP_err("missing -newkey (or -key) to be certified and no -csr given"); - return 0; - } - if (opt_certout == NULL) { - CMP_err("-certout not given, nowhere to save newly enrolled certificate"); - return 0; - } - if (!set_name(opt_subject, OSSL_CMP_CTX_set1_subjectName, ctx, "subject") - || !set_name(opt_issuer, OSSL_CMP_CTX_set1_issuer, ctx, "issuer")) - return 0; - } else { - const char *msg = "option is ignored for commands other than 'ir', 'cr', and 'kur'"; - - if (opt_subject != NULL) { - if (opt_ref == NULL && opt_cert == NULL) { - /* use subject as default sender unless oldcert subject is used */ - if (!set_name(opt_subject, OSSL_CMP_CTX_set1_subjectName, ctx, "subject")) - return 0; - } else { - CMP_warn1("-subject %s since -ref or -cert is given", msg); - } - } - if (opt_issuer != NULL) - CMP_warn1("-issuer %s", msg); - if (opt_reqexts != NULL) - CMP_warn1("-reqexts %s", msg); - if (opt_san_nodefault) - CMP_warn1("-san_nodefault %s", msg); - if (opt_sans != NULL) - CMP_warn1("-sans %s", msg); - if (opt_policies != NULL) - CMP_warn1("-policies %s", msg); - if (opt_policy_oids != NULL) - CMP_warn1("-policy_oids %s", msg); - } - if (opt_cmd == CMP_KUR) { - char *ref_cert = opt_oldcert != NULL ? opt_oldcert : opt_cert; - - if (ref_cert == NULL && opt_csr == NULL) { - CMP_err("missing -oldcert for certificate to be updated and no -csr given"); - return 0; - } - if (opt_subject != NULL) - CMP_warn2("given -subject '%s' overrides the subject of '%s' for KUR", - opt_subject, ref_cert != NULL ? ref_cert : opt_csr); - } - if (opt_cmd == CMP_RR) { - if (opt_oldcert == NULL && opt_csr == NULL) { - CMP_err("missing -oldcert for certificate to be revoked and no -csr given"); - return 0; - } - if (opt_oldcert != NULL && opt_csr != NULL) - CMP_warn("ignoring -csr since certificate to be revoked is given"); - } - if (opt_cmd == CMP_P10CR && opt_csr == NULL) { - CMP_err("missing PKCS#10 CSR for p10cr"); - return 0; - } - - if (opt_recipient == NULL && opt_srvcert == NULL && opt_issuer == NULL - && opt_oldcert == NULL && opt_cert == NULL) - CMP_warn("missing -recipient, -srvcert, -issuer, -oldcert or -cert; recipient will be set to \"NULL-DN\""); - - if (opt_cmd == CMP_P10CR || opt_cmd == CMP_RR) { - const char *msg = "option is ignored for 'p10cr' and 'rr' commands"; - - if (opt_newkeypass != NULL) - CMP_warn1("-newkeytype %s", msg); - if (opt_newkey != NULL) - CMP_warn1("-newkey %s", msg); - if (opt_days != 0) - CMP_warn1("-days %s", msg); - if (opt_popo != OSSL_CRMF_POPO_NONE - 1) - CMP_warn1("-popo %s", msg); - } else if (opt_newkey != NULL) { - const char *file = opt_newkey; - const int format = opt_keyform; - const char *pass = opt_newkeypass; - const char *desc = "new private key for cert to be enrolled"; - EVP_PKEY *pkey; - int priv = 1; - BIO *bio_bak = bio_err; - - bio_err = NULL; /* suppress diagnostics on first try loading key */ - pkey = load_key_pwd(file, format, pass, engine, desc); - bio_err = bio_bak; - if (pkey == NULL) { - ERR_clear_error(); - desc = opt_csr == NULL - ? "fallback public key for cert to be enrolled" - : "public key for checking cert resulting from p10cr"; - pkey = load_pubkey(file, format, 0, pass, engine, desc); - priv = 0; - } - cleanse(opt_newkeypass); - if (pkey == NULL || !OSSL_CMP_CTX_set0_newPkey(ctx, priv, pkey)) { - EVP_PKEY_free(pkey); - return 0; - } - } - - if (opt_days > 0 - && !OSSL_CMP_CTX_set_option(ctx, OSSL_CMP_OPT_VALIDITY_DAYS, - opt_days)) { - CMP_err("could not set requested cert validity period"); - return 0; - } - - if (opt_policies != NULL && opt_policy_oids != NULL) { - CMP_err("cannot have policies both via -policies and via -policy_oids"); - return 0; - } - - if (opt_csr != NULL) { - if (opt_cmd == CMP_GENM) { - CMP_warn("-csr option is ignored for command 'genm'"); - } else { - if ((csr = load_csr_autofmt(opt_csr, "PKCS#10 CSR")) == NULL) - return 0; - if (!OSSL_CMP_CTX_set1_p10CSR(ctx, csr)) - goto oom; - } - } - if (opt_reqexts != NULL || opt_policies != NULL) { - if ((exts = sk_X509_EXTENSION_new_null()) == NULL) - goto oom; - X509V3_set_ctx(&ext_ctx, NULL, NULL, csr, NULL, X509V3_CTX_REPLACE); - X509V3_set_nconf(&ext_ctx, conf); - if (opt_reqexts != NULL - && !X509V3_EXT_add_nconf_sk(conf, &ext_ctx, opt_reqexts, &exts)) { - CMP_err1("cannot load certificate request extension section '%s'", - opt_reqexts); - goto exts_err; - } - if (opt_policies != NULL - && !X509V3_EXT_add_nconf_sk(conf, &ext_ctx, opt_policies, &exts)) { - CMP_err1("cannot load policy cert request extension section '%s'", - opt_policies); - goto exts_err; - } - OSSL_CMP_CTX_set0_reqExtensions(ctx, exts); - } - X509_REQ_free(csr); - /* After here, must not goto oom/exts_err */ - - if (OSSL_CMP_CTX_reqExtensions_have_SAN(ctx) && opt_sans != NULL) { - CMP_err("cannot have Subject Alternative Names both via -reqexts and via -sans"); - return 0; - } - if (!set_gennames(ctx, opt_sans, "Subject Alternative Name")) - return 0; - - if (opt_san_nodefault) { - if (opt_sans != NULL) - CMP_warn("-opt_san_nodefault has no effect when -sans is used"); - (void)OSSL_CMP_CTX_set_option(ctx, - OSSL_CMP_OPT_SUBJECTALTNAME_NODEFAULT, 1); - } - - if (opt_policy_oids_critical) { - if (opt_policy_oids == NULL) - CMP_warn("-opt_policy_oids_critical has no effect unless -policy_oids is given"); - (void)OSSL_CMP_CTX_set_option(ctx, OSSL_CMP_OPT_POLICIES_CRITICAL, 1); - } - - while (opt_policy_oids != NULL) { - ASN1_OBJECT *policy; - POLICYINFO *pinfo; - char *next = next_item(opt_policy_oids); - - if ((policy = OBJ_txt2obj(opt_policy_oids, 1)) == 0) { - CMP_err1("unknown policy OID '%s'", opt_policy_oids); - return 0; - } - - if ((pinfo = POLICYINFO_new()) == NULL) { - ASN1_OBJECT_free(policy); - return 0; - } - pinfo->policyid = policy; - - if (!OSSL_CMP_CTX_push0_policy(ctx, pinfo)) { - CMP_err1("cannot add policy with OID '%s'", opt_policy_oids); - POLICYINFO_free(pinfo); - return 0; - } - opt_policy_oids = next; - } - - if (opt_popo >= OSSL_CRMF_POPO_NONE) - (void)OSSL_CMP_CTX_set_option(ctx, OSSL_CMP_OPT_POPO_METHOD, opt_popo); - - if (opt_oldcert != NULL) { - if (opt_cmd == CMP_GENM) { - CMP_warn("-oldcert option is ignored for command 'genm'"); - } else { - X509 *oldcert = load_cert_pwd(opt_oldcert, opt_keypass, - opt_cmd == CMP_KUR ? - "certificate to be updated" : - opt_cmd == CMP_RR ? - "certificate to be revoked" : - "reference certificate (oldcert)"); - /* opt_keypass needed if opt_oldcert is an encrypted PKCS#12 file */ - - if (oldcert == NULL) - return 0; - if (!OSSL_CMP_CTX_set1_oldCert(ctx, oldcert)) { - X509_free(oldcert); - CMP_err("out of memory"); - return 0; - } - X509_free(oldcert); - } - } - cleanse(opt_keypass); - if (opt_revreason > CRL_REASON_NONE) - (void)OSSL_CMP_CTX_set_option(ctx, OSSL_CMP_OPT_REVOCATION_REASON, - opt_revreason); - - return 1; - - oom: - CMP_err("out of memory"); - exts_err: - sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free); - X509_REQ_free(csr); - return 0; -} - -static int handle_opt_geninfo(OSSL_CMP_CTX *ctx) -{ - long value; - ASN1_OBJECT *type; - ASN1_INTEGER *aint; - ASN1_TYPE *val; - OSSL_CMP_ITAV *itav; - char *endstr; - char *valptr = strchr(opt_geninfo, ':'); - - if (valptr == NULL) { - CMP_err("missing ':' in -geninfo option"); - return 0; - } - valptr[0] = '\0'; - valptr++; - - if (OPENSSL_strncasecmp(valptr, "int:", 4) != 0) { - CMP_err("missing 'int:' in -geninfo option"); - return 0; - } - valptr += 4; - - value = strtol(valptr, &endstr, 10); - if (endstr == valptr || *endstr != '\0') { - CMP_err("cannot parse int in -geninfo option"); - return 0; - } - - type = OBJ_txt2obj(opt_geninfo, 1); - if (type == NULL) { - CMP_err("cannot parse OID in -geninfo option"); - return 0; - } - - if ((aint = ASN1_INTEGER_new()) == NULL) - goto oom; - - val = ASN1_TYPE_new(); - if (!ASN1_INTEGER_set(aint, value) || val == NULL) { - ASN1_INTEGER_free(aint); - goto oom; - } - ASN1_TYPE_set(val, V_ASN1_INTEGER, aint); - itav = OSSL_CMP_ITAV_create(type, val); - if (itav == NULL) { - ASN1_TYPE_free(val); - goto oom; - } - - if (!OSSL_CMP_CTX_push0_geninfo_ITAV(ctx, itav)) { - OSSL_CMP_ITAV_free(itav); - return 0; - } - return 1; - - oom: - ASN1_OBJECT_free(type); - CMP_err("out of memory"); - return 0; -} - - -/* - * set up the client-side OSSL_CMP_CTX based on options from config file/CLI - * while parsing options and checking their consistency. - * Prints reason for error to bio_err. - * Returns 1 on success, 0 on error - */ -static int setup_client_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine) -{ - int ret = 0; - char *host = NULL, *port = NULL, *path = NULL, *used_path = opt_path; -#ifndef OPENSSL_NO_SOCK - int portnum, ssl; - static char server_port[32] = { '\0' }; - const char *proxy_host = NULL; -#endif - char server_buf[200] = "mock server"; - char proxy_buf[200] = ""; - - if (!opt_use_mock_srv && opt_rspin == NULL) { /* note: -port is not given */ -#ifndef OPENSSL_NO_SOCK - if (opt_server == NULL) { - CMP_err("missing -server or -use_mock_srv or -rspin option"); - goto err; - } -#else - CMP_err("missing -use_mock_srv or -rspin option; -server option is not supported due to no-sock build"); - goto err; -#endif - } -#ifndef OPENSSL_NO_SOCK - if (opt_server == NULL) { - if (opt_proxy != NULL) - CMP_warn("ignoring -proxy option since -server is not given"); - if (opt_no_proxy != NULL) - CMP_warn("ignoring -no_proxy option since -server is not given"); - if (opt_tls_used) { - CMP_warn("ignoring -tls_used option since -server is not given"); - opt_tls_used = 0; - } - goto set_path; - } - if (!OSSL_HTTP_parse_url(opt_server, &ssl, NULL /* user */, &host, &port, - &portnum, &path, NULL /* q */, NULL /* frag */)) { - CMP_err1("cannot parse -server URL: %s", opt_server); - goto err; - } - if (ssl && !opt_tls_used) { - CMP_err("missing -tls_used option since -server URL indicates https"); - goto err; - } - - BIO_snprintf(server_port, sizeof(server_port), "%s", port); - if (opt_path == NULL) - used_path = path; - if (!OSSL_CMP_CTX_set1_server(ctx, host) - || !OSSL_CMP_CTX_set_serverPort(ctx, portnum)) - goto oom; - if (opt_proxy != NULL && !OSSL_CMP_CTX_set1_proxy(ctx, opt_proxy)) - goto oom; - if (opt_no_proxy != NULL && !OSSL_CMP_CTX_set1_no_proxy(ctx, opt_no_proxy)) - goto oom; - (void)BIO_snprintf(server_buf, sizeof(server_buf), "http%s://%s:%s/%s", - opt_tls_used ? "s" : "", host, port, - *used_path == '/' ? used_path + 1 : used_path); - - proxy_host = OSSL_HTTP_adapt_proxy(opt_proxy, opt_no_proxy, host, ssl); - if (proxy_host != NULL) - (void)BIO_snprintf(proxy_buf, sizeof(proxy_buf), " via %s", proxy_host); - - set_path: -#endif - - if (!OSSL_CMP_CTX_set1_serverPath(ctx, used_path)) - goto oom; - if (!transform_opts()) - goto err; - - if (opt_infotype_s != NULL) { - char id_buf[100] = "id-it-"; - - strncat(id_buf, opt_infotype_s, sizeof(id_buf) - strlen(id_buf) - 1); - if ((opt_infotype = OBJ_sn2nid(id_buf)) == NID_undef) { - CMP_err("unknown OID name in -infotype option"); - goto err; - } - } - - if (!setup_verification_ctx(ctx)) - goto err; - - if (opt_keep_alive != 1) - (void)OSSL_CMP_CTX_set_option(ctx, OSSL_CMP_OPT_KEEP_ALIVE, - opt_keep_alive); - if (opt_total_timeout > 0 && opt_msg_timeout > 0 - && opt_total_timeout < opt_msg_timeout) { - CMP_err2("-total_timeout argument = %d must not be < %d (-msg_timeout)", - opt_total_timeout, opt_msg_timeout); - goto err; - } - if (opt_msg_timeout >= 0) /* must do this before setup_ssl_ctx() */ - (void)OSSL_CMP_CTX_set_option(ctx, OSSL_CMP_OPT_MSG_TIMEOUT, - opt_msg_timeout); - if (opt_total_timeout >= 0) - (void)OSSL_CMP_CTX_set_option(ctx, OSSL_CMP_OPT_TOTAL_TIMEOUT, - opt_total_timeout); - - if (opt_reqin != NULL && opt_rspin != NULL) - CMP_warn("-reqin is ignored since -rspin is present"); - if (opt_reqin_new_tid && opt_reqin == NULL) - CMP_warn("-reqin_new_tid is ignored since -reqin is not present"); - if (opt_reqin != NULL || opt_reqout != NULL - || opt_rspin != NULL || opt_rspout != NULL || opt_use_mock_srv) - (void)OSSL_CMP_CTX_set_transfer_cb(ctx, read_write_req_resp); - -#ifndef OPENSSL_NO_SOCK - if (opt_tls_used) { - APP_HTTP_TLS_INFO *info; - - if (opt_tls_cert != NULL - || opt_tls_key != NULL || opt_tls_keypass != NULL) { - if (opt_tls_key == NULL) { - CMP_err("missing -tls_key option"); - goto err; - } else if (opt_tls_cert == NULL) { - CMP_err("missing -tls_cert option"); - goto err; - } - } - - if ((info = OPENSSL_zalloc(sizeof(*info))) == NULL) - goto err; - (void)OSSL_CMP_CTX_set_http_cb_arg(ctx, info); - info->server = opt_server; - info->port = server_port; - /* workaround for callback design flaw, see #17088: */ - info->use_proxy = proxy_host != NULL; - info->timeout = OSSL_CMP_CTX_get_option(ctx, OSSL_CMP_OPT_MSG_TIMEOUT); - info->ssl_ctx = setup_ssl_ctx(ctx, host, engine); - - if (info->ssl_ctx == NULL) - goto err; - (void)OSSL_CMP_CTX_set_http_cb(ctx, app_http_tls_cb); - } -#endif - - if (!setup_protection_ctx(ctx, engine)) - goto err; - - if (!setup_request_ctx(ctx, engine)) - goto err; - - if (!set_name(opt_recipient, OSSL_CMP_CTX_set1_recipient, ctx, "recipient") - || !set_name(opt_expect_sender, OSSL_CMP_CTX_set1_expected_sender, - ctx, "expected sender")) - goto err; - - if (opt_geninfo != NULL && !handle_opt_geninfo(ctx)) - goto err; - - /* not printing earlier, to minimize confusion in case setup fails before */ - if (opt_rspin != NULL) - CMP_info("will not contact any server since -rspin is given"); - else - CMP_info2("will contact %s%s", server_buf, proxy_buf); - - ret = 1; - - err: - OPENSSL_free(host); - OPENSSL_free(port); - OPENSSL_free(path); - return ret; - oom: - CMP_err("out of memory"); - goto err; -} - -/* - * write out the given certificate to the output specified by bio. - * Depending on options use either PEM or DER format. - * Returns 1 on success, 0 on error - */ -static int write_cert(BIO *bio, X509 *cert) -{ - if ((opt_certform == FORMAT_PEM && PEM_write_bio_X509(bio, cert)) - || (opt_certform == FORMAT_ASN1 && i2d_X509_bio(bio, cert))) - return 1; - if (opt_certform != FORMAT_PEM && opt_certform != FORMAT_ASN1) - BIO_printf(bio_err, - "error: unsupported type '%s' for writing certificates\n", - opt_certform_s); - return 0; -} - -/* - * If destFile != NULL writes out a stack of certs to the given file. - * In any case frees the certs. - * Depending on options use either PEM or DER format, - * where DER does not make much sense for writing more than one cert! - * Returns number of written certificates on success, -1 on error. - */ -static int save_free_certs(OSSL_CMP_CTX *ctx, - STACK_OF(X509) *certs, char *destFile, char *desc) -{ - BIO *bio = NULL; - int i; - int n = sk_X509_num(certs); - - if (destFile == NULL) - goto end; - CMP_info3("received %d %s certificate(s), saving to file '%s'", - n, desc, destFile); - if (n > 1 && opt_certform != FORMAT_PEM) - CMP_warn("saving more than one certificate in non-PEM format"); - - if (destFile == NULL || (bio = BIO_new(BIO_s_file())) == NULL - || !BIO_write_filename(bio, (char *)destFile)) { - CMP_err1("could not open file '%s' for writing", destFile); - n = -1; - goto end; - } - - for (i = 0; i < n; i++) { - if (!write_cert(bio, sk_X509_value(certs, i))) { - CMP_err1("cannot write certificate to file '%s'", destFile); - n = -1; - goto end; - } - } - - end: - BIO_free(bio); - sk_X509_pop_free(certs, X509_free); - return n; -} - -static void print_itavs(STACK_OF(OSSL_CMP_ITAV) *itavs) -{ - OSSL_CMP_ITAV *itav = NULL; - char buf[128]; - int i, r; - int n = sk_OSSL_CMP_ITAV_num(itavs); /* itavs == NULL leads to 0 */ - - if (n == 0) { - CMP_info("genp contains no ITAV"); - return; - } - - for (i = 0; i < n; i++) { - itav = sk_OSSL_CMP_ITAV_value(itavs, i); - r = OBJ_obj2txt(buf, 128, OSSL_CMP_ITAV_get0_type(itav), 0); - if (r < 0) - CMP_err("could not get ITAV details"); - else if (r == 0) - CMP_info("genp contains empty ITAV"); - else - CMP_info1("genp contains ITAV of type: %s", buf); - } -} - -static char opt_item[SECTION_NAME_MAX + 1]; -/* get previous name from a comma or space-separated list of names */ -static const char *prev_item(const char *opt, const char *end) -{ - const char *beg; - size_t len; - - if (end == opt) - return NULL; - beg = end; - while (beg > opt) { - --beg; - if (beg[0] == ',' || isspace(beg[0])) { - ++beg; - break; - } - } - len = end - beg; - if (len > SECTION_NAME_MAX) { - CMP_warn3("using only first %d characters of section name starting with \"%.*s\"", - SECTION_NAME_MAX, SECTION_NAME_MAX, beg); - len = SECTION_NAME_MAX; - } - memcpy(opt_item, beg, len); - opt_item[len] = '\0'; - while (beg > opt) { - --beg; - if (beg[0] != ',' && !isspace(beg[0])) { - ++beg; - break; - } - } - return beg; -} - -/* get str value for name from a comma-separated hierarchy of config sections */ -static char *conf_get_string(const CONF *src_conf, const char *groups, - const char *name) -{ - char *res = NULL; - const char *end = groups + strlen(groups); - - while ((end = prev_item(groups, end)) != NULL) { - if ((res = NCONF_get_string(src_conf, opt_item, name)) != NULL) - return res; - } - return res; -} - -/* get long val for name from a comma-separated hierarchy of config sections */ -static int conf_get_number_e(const CONF *conf_, const char *groups, - const char *name, long *result) -{ - char *str = conf_get_string(conf_, groups, name); - char *tailptr; - long res; - - if (str == NULL || *str == '\0') - return 0; - - res = strtol(str, &tailptr, 10); - if (res == LONG_MIN || res == LONG_MAX || *tailptr != '\0') - return 0; - - *result = res; - return 1; -} - -/* - * use the command line option table to read values from the CMP section - * of openssl.cnf. Defaults are taken from the config file, they can be - * overwritten on the command line. - */ -static int read_config(void) -{ - unsigned int i; - long num = 0; - char *txt = NULL; - const OPTIONS *opt; - int start_opt = OPT_VERBOSITY - OPT_HELP; - int start_idx = OPT_VERBOSITY - 2; - /* - * starting with offset OPT_VERBOSITY because OPT_CONFIG and OPT_SECTION - * would not make sense within the config file. - */ - int n_options = OSSL_NELEM(cmp_options) - 1; - - for (opt = &cmp_options[start_opt], i = start_idx; - opt->name != NULL; i++, opt++) - if (!strcmp(opt->name, OPT_SECTION_STR) - || !strcmp(opt->name, OPT_MORE_STR)) - n_options--; - OPENSSL_assert(OSSL_NELEM(cmp_vars) == n_options - + OPT_PROV__FIRST + 1 - OPT_PROV__LAST - + OPT_R__FIRST + 1 - OPT_R__LAST - + OPT_V__FIRST + 1 - OPT_V__LAST); - for (opt = &cmp_options[start_opt], i = start_idx; - opt->name != NULL; i++, opt++) { - int provider_option = (OPT_PROV__FIRST <= opt->retval - && opt->retval < OPT_PROV__LAST); - int rand_state_option = (OPT_R__FIRST <= opt->retval - && opt->retval < OPT_R__LAST); - int verification_option = (OPT_V__FIRST <= opt->retval - && opt->retval < OPT_V__LAST); - - if (strcmp(opt->name, OPT_SECTION_STR) == 0 - || strcmp(opt->name, OPT_MORE_STR) == 0) { - i--; - continue; - } - if (provider_option || rand_state_option || verification_option) - i--; - switch (opt->valtype) { - case '-': - case 'p': - case 'n': - case 'N': - case 'l': - if (!conf_get_number_e(conf, opt_section, opt->name, &num)) { - ERR_clear_error(); - continue; /* option not provided */ - } - if (opt->valtype == 'p' && num <= 0) { - opt_printf_stderr("Non-positive number \"%ld\" for config option -%s\n", - num, opt->name); - return -1; - } - if (opt->valtype == 'N' && num < 0) { - opt_printf_stderr("Negative number \"%ld\" for config option -%s\n", - num, opt->name); - return -1; - } - break; - case 's': - case '>': - case 'M': - txt = conf_get_string(conf, opt_section, opt->name); - if (txt == NULL) { - ERR_clear_error(); - continue; /* option not provided */ - } - break; - default: - CMP_err2("internal: unsupported type '%c' for option '%s'", - opt->valtype, opt->name); - return 0; - break; - } - if (provider_option || verification_option) { - int conf_argc = 1; - char *conf_argv[3]; - char arg1[82]; - - BIO_snprintf(arg1, 81, "-%s", (char *)opt->name); - conf_argv[0] = prog; - conf_argv[1] = arg1; - if (opt->valtype == '-') { - if (num != 0) - conf_argc = 2; - } else { - conf_argc = 3; - conf_argv[2] = conf_get_string(conf, opt_section, opt->name); - /* not NULL */ - } - if (conf_argc > 1) { - (void)opt_init(conf_argc, conf_argv, cmp_options); - - if (provider_option - ? !opt_provider(opt_next()) - : !opt_verify(opt_next(), vpm)) { - CMP_err2("for option '%s' in config file section '%s'", - opt->name, opt_section); - return 0; - } - } - } else { - switch (opt->valtype) { - case '-': - case 'p': - case 'n': - case 'N': - if (num < INT_MIN || INT_MAX < num) { - BIO_printf(bio_err, - "integer value out of range for option '%s'\n", - opt->name); - return 0; - } - *cmp_vars[i].num = (int)num; - break; - case 'l': - *cmp_vars[i].num_long = num; - break; - default: - if (txt != NULL && txt[0] == '\0') - txt = NULL; /* reset option on empty string input */ - *cmp_vars[i].txt = txt; - break; - } - } - } - - return 1; -} - -static char *opt_str(void) -{ - char *arg = opt_arg(); - - if (arg[0] == '\0') { - CMP_warn1("%s option argument is empty string, resetting option", - opt_flag()); - arg = NULL; - } else if (arg[0] == '-') { - CMP_warn1("%s option argument starts with hyphen", opt_flag()); - } - return arg; -} - -/* returns 1 on success, 0 on error, -1 on -help (i.e., stop with success) */ -static int get_opts(int argc, char **argv) -{ - OPTION_CHOICE o; - - prog = opt_init(argc, argv, cmp_options); - - while ((o = opt_next()) != OPT_EOF) { - switch (o) { - case OPT_EOF: - case OPT_ERR: - opthelp: - BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); - return 0; - case OPT_HELP: - opt_help(cmp_options); - return -1; - case OPT_CONFIG: /* has already been handled */ - case OPT_SECTION: /* has already been handled */ - break; - case OPT_VERBOSITY: - if (!set_verbosity(opt_int_arg())) - goto opthelp; - break; -#ifndef OPENSSL_NO_SOCK - case OPT_SERVER: - opt_server = opt_str(); - break; - case OPT_PROXY: - opt_proxy = opt_str(); - break; - case OPT_NO_PROXY: - opt_no_proxy = opt_str(); - break; -#endif - case OPT_RECIPIENT: - opt_recipient = opt_str(); - break; - case OPT_PATH: - opt_path = opt_str(); - break; - case OPT_KEEP_ALIVE: - opt_keep_alive = opt_int_arg(); - if (opt_keep_alive > 2) { - CMP_err("-keep_alive argument must be 0, 1, or 2"); - goto opthelp; - } - break; - case OPT_MSG_TIMEOUT: - opt_msg_timeout = opt_int_arg(); - break; - case OPT_TOTAL_TIMEOUT: - opt_total_timeout = opt_int_arg(); - break; -#ifndef OPENSSL_NO_SOCK - case OPT_TLS_USED: - opt_tls_used = 1; - break; - case OPT_TLS_CERT: - opt_tls_cert = opt_str(); - break; - case OPT_TLS_KEY: - opt_tls_key = opt_str(); - break; - case OPT_TLS_KEYPASS: - opt_tls_keypass = opt_str(); - break; - case OPT_TLS_EXTRA: - opt_tls_extra = opt_str(); - break; - case OPT_TLS_TRUSTED: - opt_tls_trusted = opt_str(); - break; - case OPT_TLS_HOST: - opt_tls_host = opt_str(); - break; -#endif - - case OPT_REF: - opt_ref = opt_str(); - break; - case OPT_SECRET: - opt_secret = opt_str(); - break; - case OPT_CERT: - opt_cert = opt_str(); - break; - case OPT_OWN_TRUSTED: - opt_own_trusted = opt_str(); - break; - case OPT_KEY: - opt_key = opt_str(); - break; - case OPT_KEYPASS: - opt_keypass = opt_str(); - break; - case OPT_DIGEST: - opt_digest = opt_str(); - break; - case OPT_MAC: - opt_mac = opt_str(); - break; - case OPT_EXTRACERTS: - opt_extracerts = opt_str(); - break; - case OPT_UNPROTECTED_REQUESTS: - opt_unprotected_requests = 1; - break; - - case OPT_TRUSTED: - opt_trusted = opt_str(); - break; - case OPT_UNTRUSTED: - opt_untrusted = opt_str(); - break; - case OPT_SRVCERT: - opt_srvcert = opt_str(); - break; - case OPT_EXPECT_SENDER: - opt_expect_sender = opt_str(); - break; - case OPT_IGNORE_KEYUSAGE: - opt_ignore_keyusage = 1; - break; - case OPT_UNPROTECTED_ERRORS: - opt_unprotected_errors = 1; - break; - case OPT_EXTRACERTSOUT: - opt_extracertsout = opt_str(); - break; - case OPT_CACERTSOUT: - opt_cacertsout = opt_str(); - break; - - case OPT_V_CASES: - if (!opt_verify(o, vpm)) - goto opthelp; - break; - case OPT_CMD: - opt_cmd_s = opt_str(); - break; - case OPT_INFOTYPE: - opt_infotype_s = opt_str(); - break; - case OPT_GENINFO: - opt_geninfo = opt_str(); - break; - - case OPT_NEWKEY: - opt_newkey = opt_str(); - break; - case OPT_NEWKEYPASS: - opt_newkeypass = opt_str(); - break; - case OPT_SUBJECT: - opt_subject = opt_str(); - break; - case OPT_ISSUER: - opt_issuer = opt_str(); - break; - case OPT_DAYS: - opt_days = opt_int_arg(); - break; - case OPT_REQEXTS: - opt_reqexts = opt_str(); - break; - case OPT_SANS: - opt_sans = opt_str(); - break; - case OPT_SAN_NODEFAULT: - opt_san_nodefault = 1; - break; - case OPT_POLICIES: - opt_policies = opt_str(); - break; - case OPT_POLICY_OIDS: - opt_policy_oids = opt_str(); - break; - case OPT_POLICY_OIDS_CRITICAL: - opt_policy_oids_critical = 1; - break; - case OPT_POPO: - opt_popo = opt_int_arg(); - if (opt_popo < OSSL_CRMF_POPO_NONE - || opt_popo > OSSL_CRMF_POPO_KEYENC) { - CMP_err("invalid popo spec. Valid values are -1 .. 2"); - goto opthelp; - } - break; - case OPT_CSR: - opt_csr = opt_arg(); - break; - case OPT_OUT_TRUSTED: - opt_out_trusted = opt_str(); - break; - case OPT_IMPLICIT_CONFIRM: - opt_implicit_confirm = 1; - break; - case OPT_DISABLE_CONFIRM: - opt_disable_confirm = 1; - break; - case OPT_CERTOUT: - opt_certout = opt_str(); - break; - case OPT_CHAINOUT: - opt_chainout = opt_str(); - break; - case OPT_OLDCERT: - opt_oldcert = opt_str(); - break; - case OPT_REVREASON: - opt_revreason = opt_int_arg(); - if (opt_revreason < CRL_REASON_NONE - || opt_revreason > CRL_REASON_AA_COMPROMISE - || opt_revreason == 7) { - CMP_err("invalid revreason. Valid values are -1 .. 6, 8 .. 10"); - goto opthelp; - } - break; - case OPT_CERTFORM: - opt_certform_s = opt_str(); - break; - case OPT_KEYFORM: - opt_keyform_s = opt_str(); - break; - case OPT_OTHERPASS: - opt_otherpass = opt_str(); - break; -#ifndef OPENSSL_NO_ENGINE - case OPT_ENGINE: - opt_engine = opt_str(); - break; -#endif - case OPT_PROV_CASES: - if (!opt_provider(o)) - goto opthelp; - break; - case OPT_R_CASES: - if (!opt_rand(o)) - goto opthelp; - break; - - case OPT_BATCH: - opt_batch = 1; - break; - case OPT_REPEAT: - opt_repeat = opt_int_arg(); - break; - case OPT_REQIN: - opt_reqin = opt_str(); - break; - case OPT_REQIN_NEW_TID: - opt_reqin_new_tid = 1; - break; - case OPT_REQOUT: - opt_reqout = opt_str(); - break; - case OPT_RSPIN: - opt_rspin = opt_str(); - break; - case OPT_RSPOUT: - opt_rspout = opt_str(); - break; - case OPT_USE_MOCK_SRV: - opt_use_mock_srv = 1; - break; - -#ifndef OPENSSL_NO_SOCK - case OPT_PORT: - opt_port = opt_str(); - break; - case OPT_MAX_MSGS: - opt_max_msgs = opt_int_arg(); - break; -#endif - case OPT_SRV_REF: - opt_srv_ref = opt_str(); - break; - case OPT_SRV_SECRET: - opt_srv_secret = opt_str(); - break; - case OPT_SRV_CERT: - opt_srv_cert = opt_str(); - break; - case OPT_SRV_KEY: - opt_srv_key = opt_str(); - break; - case OPT_SRV_KEYPASS: - opt_srv_keypass = opt_str(); - break; - case OPT_SRV_TRUSTED: - opt_srv_trusted = opt_str(); - break; - case OPT_SRV_UNTRUSTED: - opt_srv_untrusted = opt_str(); - break; - case OPT_RSP_CERT: - opt_rsp_cert = opt_str(); - break; - case OPT_RSP_EXTRACERTS: - opt_rsp_extracerts = opt_str(); - break; - case OPT_RSP_CAPUBS: - opt_rsp_capubs = opt_str(); - break; - case OPT_POLL_COUNT: - opt_poll_count = opt_int_arg(); - break; - case OPT_CHECK_AFTER: - opt_check_after = opt_int_arg(); - break; - case OPT_GRANT_IMPLICITCONF: - opt_grant_implicitconf = 1; - break; - case OPT_PKISTATUS: - opt_pkistatus = opt_int_arg(); - break; - case OPT_FAILURE: - opt_failure = opt_int_arg(); - break; - case OPT_FAILUREBITS: - opt_failurebits = opt_int_arg(); - break; - case OPT_STATUSSTRING: - opt_statusstring = opt_str(); - break; - case OPT_SEND_ERROR: - opt_send_error = 1; - break; - case OPT_SEND_UNPROTECTED: - opt_send_unprotected = 1; - break; - case OPT_SEND_UNPROT_ERR: - opt_send_unprot_err = 1; - break; - case OPT_ACCEPT_UNPROTECTED: - opt_accept_unprotected = 1; - break; - case OPT_ACCEPT_UNPROT_ERR: - opt_accept_unprot_err = 1; - break; - case OPT_ACCEPT_RAVERIFIED: - opt_accept_raverified = 1; - break; - } - } - - /* No extra args. */ - argc = opt_num_rest(); - argv = opt_rest(); - if (argc != 0) - goto opthelp; - return 1; -} - -#ifndef OPENSSL_NO_SOCK -static int cmp_server(OSSL_CMP_CTX *srv_cmp_ctx) { - BIO *acbio; - BIO *cbio = NULL; - int keep_alive = 0; - int msgs = 0; - int retry = 1; - int ret = 1; - - if ((acbio = http_server_init_bio(prog, opt_port)) == NULL) - return 0; - while (opt_max_msgs <= 0 || msgs < opt_max_msgs) { - char *path = NULL; - OSSL_CMP_MSG *req = NULL; - OSSL_CMP_MSG *resp = NULL; - - ret = http_server_get_asn1_req(ASN1_ITEM_rptr(OSSL_CMP_MSG), - (ASN1_VALUE **)&req, &path, - &cbio, acbio, &keep_alive, - prog, opt_port, 0, 0); - if (ret == 0) { /* no request yet */ - if (retry) { - ossl_sleep(1000); - retry = 0; - continue; - } - ret = 0; - goto next; - } - if (ret++ == -1) /* fatal error */ - break; - - ret = 0; - msgs++; - if (req != NULL) { - if (strcmp(path, "") != 0 && strcmp(path, "pkix/") != 0) { - (void)http_server_send_status(cbio, 404, "Not Found"); - CMP_err1("expecting empty path or 'pkix/' but got '%s'", - path); - OPENSSL_free(path); - OSSL_CMP_MSG_free(req); - goto next; - } - OPENSSL_free(path); - resp = OSSL_CMP_CTX_server_perform(cmp_ctx, req); - OSSL_CMP_MSG_free(req); - if (resp == NULL) { - (void)http_server_send_status(cbio, - 500, "Internal Server Error"); - break; /* treated as fatal error */ - } - ret = http_server_send_asn1_resp(cbio, keep_alive, - "application/pkixcmp", - ASN1_ITEM_rptr(OSSL_CMP_MSG), - (const ASN1_VALUE *)resp); - OSSL_CMP_MSG_free(resp); - if (!ret) - break; /* treated as fatal error */ - } - next: - if (!ret) { /* on transmission error, cancel CMP transaction */ - (void)OSSL_CMP_CTX_set1_transactionID(srv_cmp_ctx, NULL); - (void)OSSL_CMP_CTX_set1_senderNonce(srv_cmp_ctx, NULL); - } - if (!ret || !keep_alive - || OSSL_CMP_CTX_get_status(srv_cmp_ctx) == -1 - /* transaction closed by OSSL_CMP_CTX_server_perform() */) { - BIO_free_all(cbio); - cbio = NULL; - } - } - - BIO_free_all(cbio); - BIO_free_all(acbio); - return ret; -} -#endif - -int cmp_main(int argc, char **argv) -{ - char *configfile = NULL; - int i; - X509 *newcert = NULL; - ENGINE *engine = NULL; - OSSL_CMP_CTX *srv_cmp_ctx = NULL; - int ret = 0; /* default: failure */ - - prog = opt_appname(argv[0]); - if (argc <= 1) { - opt_help(cmp_options); - goto err; - } - - /* - * handle options -config, -section, and -verbosity upfront - * to take effect for other options - */ - for (i = 1; i < argc - 1; i++) { - if (*argv[i] == '-') { - if (!strcmp(argv[i] + 1, cmp_options[OPT_CONFIG - OPT_HELP].name)) - opt_config = argv[++i]; - else if (!strcmp(argv[i] + 1, - cmp_options[OPT_SECTION - OPT_HELP].name)) - opt_section = argv[++i]; - else if (strcmp(argv[i] + 1, - cmp_options[OPT_VERBOSITY - OPT_HELP].name) == 0 - && !set_verbosity(atoi(argv[++i]))) - goto err; - } - } - if (opt_section[0] == '\0') /* empty string */ - opt_section = DEFAULT_SECTION; - - vpm = X509_VERIFY_PARAM_new(); - if (vpm == NULL) { - CMP_err("out of memory"); - goto err; - } - - /* read default values for options from config file */ - configfile = opt_config != NULL ? opt_config : default_config_file; - if (configfile != NULL && configfile[0] != '\0' /* non-empty string */ - && (configfile != default_config_file || access(configfile, F_OK) != -1)) { - CMP_info2("using section(s) '%s' of OpenSSL configuration file '%s'", - opt_section, configfile); - conf = app_load_config(configfile); - if (conf == NULL) { - goto err; - } else { - if (strcmp(opt_section, CMP_SECTION) == 0) { /* default */ - if (!NCONF_get_section(conf, opt_section)) - CMP_info2("no [%s] section found in config file '%s';" - " will thus use just [default] and unnamed section if present", - opt_section, configfile); - } else { - const char *end = opt_section + strlen(opt_section); - while ((end = prev_item(opt_section, end)) != NULL) { - if (!NCONF_get_section(conf, opt_item)) { - CMP_err2("no [%s] section found in config file '%s'", - opt_item, configfile); - goto err; - } - } - } - ret = read_config(); - if (!set_verbosity(opt_verbosity)) /* just for checking range */ - ret = -1; - if (ret <= 0) { - if (ret == -1) - BIO_printf(bio_err, "Use -help for summary.\n"); - goto err; - } - } - } - (void)BIO_flush(bio_err); /* prevent interference with opt_help() */ - - ret = get_opts(argc, argv); - if (ret <= 0) - goto err; - ret = 0; - if (!app_RAND_load()) - goto err; - - if (opt_batch) - set_base_ui_method(UI_null()); - - if (opt_engine != NULL) { - engine = setup_engine_methods(opt_engine, 0 /* not: ENGINE_METHOD_ALL */, 0); - if (engine == NULL) { - CMP_err1("cannot load engine %s", opt_engine); - goto err; - } - } - - cmp_ctx = OSSL_CMP_CTX_new(app_get0_libctx(), app_get0_propq()); - if (cmp_ctx == NULL) - goto err; - OSSL_CMP_CTX_set_log_verbosity(cmp_ctx, opt_verbosity); - if (!OSSL_CMP_CTX_set_log_cb(cmp_ctx, print_to_bio_out)) { - CMP_err1("cannot set up error reporting and logging for %s", prog); - goto err; - } - -#ifndef OPENSSL_NO_SOCK - if ((opt_tls_cert != NULL || opt_tls_key != NULL - || opt_tls_keypass != NULL || opt_tls_extra != NULL - || opt_tls_trusted != NULL || opt_tls_host != NULL) - && !opt_tls_used) - CMP_warn("Ingnoring TLS options(s) since -tls_used is not given"); - if (opt_port != NULL) { - if (opt_tls_used) { - CMP_err("-tls_used option not supported with -port option"); - goto err; - } - if (opt_use_mock_srv || opt_server != NULL || opt_rspin != NULL) { - CMP_err("cannot use -port with -use_mock_srv, -server, or -rspin options"); - goto err; - } - } - if (opt_server != NULL && opt_use_mock_srv) { - CMP_err("cannot use both -server and -use_mock_srv options"); - goto err; - } -#endif - if (opt_rspin != NULL && opt_use_mock_srv) { - CMP_err("cannot use both -rspin and -use_mock_srv options"); - goto err; - } - - if (opt_use_mock_srv -#ifndef OPENSSL_NO_SOCK - || opt_port != NULL -#endif - ) { - OSSL_CMP_SRV_CTX *srv_ctx; - - if ((srv_ctx = setup_srv_ctx(engine)) == NULL) - goto err; - srv_cmp_ctx = OSSL_CMP_SRV_CTX_get0_cmp_ctx(srv_ctx); - OSSL_CMP_CTX_set_transfer_cb_arg(cmp_ctx, srv_ctx); - if (!OSSL_CMP_CTX_set_log_cb(srv_cmp_ctx, print_to_bio_err)) { - CMP_err1("cannot set up error reporting and logging for %s", prog); - goto err; - } - OSSL_CMP_CTX_set_log_verbosity(srv_cmp_ctx, opt_verbosity); - } - -#ifndef OPENSSL_NO_SOCK - if (opt_tls_used && (opt_use_mock_srv || opt_rspin != NULL)) { - CMP_warn("ignoring -tls_used option since -use_mock_srv or -rspin is given"); - opt_tls_used = 0; - } - - if (opt_port != NULL) { /* act as very basic CMP HTTP server */ - ret = cmp_server(srv_cmp_ctx); - goto err; - } - - /* act as CMP client, possibly using internal mock server */ - - if (opt_server != NULL) { - if (opt_rspin != NULL) { - CMP_warn("ignoring -server option since -rspin is given"); - opt_server = NULL; - } - } -#endif - - if (!setup_client_ctx(cmp_ctx, engine)) { - CMP_err("cannot set up CMP context"); - goto err; - } - for (i = 0; i < opt_repeat; i++) { - /* everything is ready, now connect and perform the command! */ - switch (opt_cmd) { - case CMP_IR: - newcert = OSSL_CMP_exec_IR_ses(cmp_ctx); - if (newcert != NULL) - ret = 1; - break; - case CMP_KUR: - newcert = OSSL_CMP_exec_KUR_ses(cmp_ctx); - if (newcert != NULL) - ret = 1; - break; - case CMP_CR: - newcert = OSSL_CMP_exec_CR_ses(cmp_ctx); - if (newcert != NULL) - ret = 1; - break; - case CMP_P10CR: - newcert = OSSL_CMP_exec_P10CR_ses(cmp_ctx); - if (newcert != NULL) - ret = 1; - break; - case CMP_RR: - ret = OSSL_CMP_exec_RR_ses(cmp_ctx); - break; - case CMP_GENM: - { - STACK_OF(OSSL_CMP_ITAV) *itavs; - - if (opt_infotype != NID_undef) { - OSSL_CMP_ITAV *itav = - OSSL_CMP_ITAV_create(OBJ_nid2obj(opt_infotype), NULL); - if (itav == NULL) - goto err; - OSSL_CMP_CTX_push0_genm_ITAV(cmp_ctx, itav); - } - - if ((itavs = OSSL_CMP_exec_GENM_ses(cmp_ctx)) != NULL) { - print_itavs(itavs); - sk_OSSL_CMP_ITAV_pop_free(itavs, OSSL_CMP_ITAV_free); - ret = 1; - } - break; - } - default: - break; - } - if (OSSL_CMP_CTX_get_status(cmp_ctx) < 0) - goto err; /* we got no response, maybe even did not send request */ - - { - /* print PKIStatusInfo */ - int status = OSSL_CMP_CTX_get_status(cmp_ctx); - char *buf = app_malloc(OSSL_CMP_PKISI_BUFLEN, "PKIStatusInfo buf"); - const char *string = - OSSL_CMP_CTX_snprint_PKIStatus(cmp_ctx, buf, - OSSL_CMP_PKISI_BUFLEN); - const char *from = "", *server = ""; - -#ifndef OPENSSL_NO_SOCK - if (opt_server != NULL) { - from = " from "; - server = opt_server; - } -#endif - CMP_print(bio_err, - status == OSSL_CMP_PKISTATUS_accepted - ? OSSL_CMP_LOG_INFO : - status == OSSL_CMP_PKISTATUS_rejection - || status == OSSL_CMP_PKISTATUS_waiting - ? OSSL_CMP_LOG_ERR : OSSL_CMP_LOG_WARNING, - status == OSSL_CMP_PKISTATUS_accepted ? "info" : - status == OSSL_CMP_PKISTATUS_rejection ? "server error" : - status == OSSL_CMP_PKISTATUS_waiting ? "internal error" - : "warning", - "received%s%s %s", from, server, - string != NULL ? string : ""); - OPENSSL_free(buf); - } - - if (save_free_certs(cmp_ctx, OSSL_CMP_CTX_get1_extraCertsIn(cmp_ctx), - opt_extracertsout, "extra") < 0) - ret = 0; - if (!ret) - goto err; - ret = 0; - if (save_free_certs(cmp_ctx, OSSL_CMP_CTX_get1_caPubs(cmp_ctx), - opt_cacertsout, "CA") < 0) - goto err; - if (newcert != NULL) { - STACK_OF(X509) *certs = sk_X509_new_null(); - - if (!X509_add_cert(certs, newcert, X509_ADD_FLAG_UP_REF)) { - sk_X509_free(certs); - goto err; - } - if (save_free_certs(cmp_ctx, certs, opt_certout, "enrolled") < 0) - goto err; - } - if (save_free_certs(cmp_ctx, OSSL_CMP_CTX_get1_newChain(cmp_ctx), - opt_chainout, "chain") < 0) - goto err; - - if (!OSSL_CMP_CTX_reinit(cmp_ctx)) - goto err; - } - ret = 1; - - err: - /* in case we ended up here on error without proper cleaning */ - cleanse(opt_keypass); - cleanse(opt_newkeypass); - cleanse(opt_otherpass); -#ifndef OPENSSL_NO_SOCK - cleanse(opt_tls_keypass); -#endif - cleanse(opt_secret); - cleanse(opt_srv_keypass); - cleanse(opt_srv_secret); - - if (ret != 1) - OSSL_CMP_CTX_print_errors(cmp_ctx); - - if (cmp_ctx != NULL) { -#ifndef OPENSSL_NO_SOCK - APP_HTTP_TLS_INFO *info = OSSL_CMP_CTX_get_http_cb_arg(cmp_ctx); - -#endif - ossl_cmp_mock_srv_free(OSSL_CMP_CTX_get_transfer_cb_arg(cmp_ctx)); - X509_STORE_free(OSSL_CMP_CTX_get_certConf_cb_arg(cmp_ctx)); - /* cannot free info already here, as it may be used indirectly by: */ - OSSL_CMP_CTX_free(cmp_ctx); -#ifndef OPENSSL_NO_SOCK - APP_HTTP_TLS_INFO_free(info); -#endif - } - X509_VERIFY_PARAM_free(vpm); - release_engine(engine); - - NCONF_free(conf); /* must not do as long as opt_... variables are used */ - OSSL_CMP_log_close(); - - return ret == 0 ? EXIT_FAILURE : EXIT_SUCCESS; /* ret == -1 for -help */ -} diff --git a/apps/cms.c b/apps/cms.c deleted file mode 100644 index 76c7896719376f106754b15565a0014b92959dff..0000000000000000000000000000000000000000 --- a/apps/cms.c +++ /dev/null @@ -1,1453 +0,0 @@ -/* - * Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* CMS utility function */ - -#include -#include -#include "apps.h" -#include "progs.h" - -#include -#include -#include -#include -#include -#include - -static int save_certs(char *signerfile, STACK_OF(X509) *signers); -static int cms_cb(int ok, X509_STORE_CTX *ctx); -static void receipt_request_print(CMS_ContentInfo *cms); -static CMS_ReceiptRequest -*make_receipt_request(STACK_OF(OPENSSL_STRING) *rr_to, int rr_allorfirst, - STACK_OF(OPENSSL_STRING) *rr_from); -static int cms_set_pkey_param(EVP_PKEY_CTX *pctx, - STACK_OF(OPENSSL_STRING) *param); - -#define SMIME_OP 0x100 -#define SMIME_IP 0x200 -#define SMIME_SIGNERS 0x400 -#define SMIME_ENCRYPT (1 | SMIME_OP) -#define SMIME_DECRYPT (2 | SMIME_IP) -#define SMIME_SIGN (3 | SMIME_OP | SMIME_SIGNERS) -#define SMIME_VERIFY (4 | SMIME_IP) -#define SMIME_RESIGN (5 | SMIME_IP | SMIME_OP | SMIME_SIGNERS) -#define SMIME_SIGN_RECEIPT (6 | SMIME_IP | SMIME_OP) -#define SMIME_VERIFY_RECEIPT (7 | SMIME_IP) -#define SMIME_DIGEST_CREATE (8 | SMIME_OP) -#define SMIME_DIGEST_VERIFY (9 | SMIME_IP) -#define SMIME_COMPRESS (10 | SMIME_OP) -#define SMIME_UNCOMPRESS (11 | SMIME_IP) -#define SMIME_ENCRYPTED_ENCRYPT (12 | SMIME_OP) -#define SMIME_ENCRYPTED_DECRYPT (13 | SMIME_IP) -#define SMIME_DATA_CREATE (14 | SMIME_OP) -#define SMIME_DATA_OUT (15 | SMIME_IP) -#define SMIME_CMSOUT (16 | SMIME_IP | SMIME_OP) - -static int verify_err = 0; - -typedef struct cms_key_param_st cms_key_param; - -struct cms_key_param_st { - int idx; - STACK_OF(OPENSSL_STRING) *param; - cms_key_param *next; -}; - -typedef enum OPTION_choice { - OPT_COMMON, - OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, OPT_ENCRYPT, - OPT_DECRYPT, OPT_SIGN, OPT_CADES, OPT_SIGN_RECEIPT, OPT_RESIGN, - OPT_VERIFY, OPT_VERIFY_RETCODE, OPT_VERIFY_RECEIPT, - OPT_CMSOUT, OPT_DATA_OUT, OPT_DATA_CREATE, OPT_DIGEST_VERIFY, - OPT_DIGEST_CREATE, OPT_COMPRESS, OPT_UNCOMPRESS, - OPT_ED_DECRYPT, OPT_ED_ENCRYPT, OPT_DEBUG_DECRYPT, OPT_TEXT, - OPT_ASCIICRLF, OPT_NOINTERN, OPT_NOVERIFY, OPT_NOCERTS, - OPT_NOATTR, OPT_NODETACH, OPT_NOSMIMECAP, OPT_BINARY, OPT_KEYID, - OPT_NOSIGS, OPT_NO_CONTENT_VERIFY, OPT_NO_ATTR_VERIFY, OPT_INDEF, - OPT_NOINDEF, OPT_CRLFEOL, OPT_NOOUT, OPT_RR_PRINT, - OPT_RR_ALL, OPT_RR_FIRST, OPT_RCTFORM, OPT_CERTFILE, OPT_CAFILE, - OPT_CAPATH, OPT_CASTORE, OPT_NOCAPATH, OPT_NOCAFILE, OPT_NOCASTORE, - OPT_CONTENT, OPT_PRINT, OPT_NAMEOPT, - OPT_SECRETKEY, OPT_SECRETKEYID, OPT_PWRI_PASSWORD, OPT_ECONTENT_TYPE, - OPT_PASSIN, OPT_TO, OPT_FROM, OPT_SUBJECT, OPT_SIGNER, OPT_RECIP, - OPT_CERTSOUT, OPT_MD, OPT_INKEY, OPT_KEYFORM, OPT_KEYOPT, OPT_RR_FROM, - OPT_RR_TO, OPT_AES128_WRAP, OPT_AES192_WRAP, OPT_AES256_WRAP, - OPT_3DES_WRAP, OPT_WRAP, OPT_ENGINE, - OPT_R_ENUM, - OPT_PROV_ENUM, OPT_CONFIG, - OPT_V_ENUM, - OPT_CIPHER, - OPT_ORIGINATOR -} OPTION_CHOICE; - -const OPTIONS cms_options[] = { - {OPT_HELP_STR, 1, '-', "Usage: %s [options] [cert...]\n"}, - {"help", OPT_HELP, '-', "Display this summary"}, - - OPT_SECTION("General"), - {"in", OPT_IN, '<', "Input file"}, - {"out", OPT_OUT, '>', "Output file"}, - OPT_CONFIG_OPTION, - - OPT_SECTION("Operation"), - {"encrypt", OPT_ENCRYPT, '-', "Encrypt message"}, - {"decrypt", OPT_DECRYPT, '-', "Decrypt encrypted message"}, - {"sign", OPT_SIGN, '-', "Sign message"}, - {"verify", OPT_VERIFY, '-', "Verify signed message"}, - {"resign", OPT_RESIGN, '-', "Resign a signed message"}, - {"sign_receipt", OPT_SIGN_RECEIPT, '-', - "Generate a signed receipt for a message"}, - {"verify_receipt", OPT_VERIFY_RECEIPT, '<', - "Verify receipts; exit if receipt signatures do not verify"}, - {"digest_create", OPT_DIGEST_CREATE, '-', - "Create a CMS \"DigestedData\" object"}, - {"digest_verify", OPT_DIGEST_VERIFY, '-', - "Verify a CMS \"DigestedData\" object and output it"}, - {"compress", OPT_COMPRESS, '-', "Create a CMS \"CompressedData\" object"}, - {"uncompress", OPT_UNCOMPRESS, '-', - "Uncompress a CMS \"CompressedData\" object"}, - {"EncryptedData_encrypt", OPT_ED_ENCRYPT, '-', - "Create CMS \"EncryptedData\" object using symmetric key"}, - {"EncryptedData_decrypt", OPT_ED_DECRYPT, '-', - "Decrypt CMS \"EncryptedData\" object using symmetric key"}, - {"data_create", OPT_DATA_CREATE, '-', "Create a CMS \"Data\" object"}, - {"data_out", OPT_DATA_OUT, '-', "Copy CMS \"Data\" object to output"}, - {"cmsout", OPT_CMSOUT, '-', "Output CMS structure"}, - - OPT_SECTION("File format"), - {"inform", OPT_INFORM, 'c', "Input format SMIME (default), PEM or DER"}, - {"outform", OPT_OUTFORM, 'c', - "Output format SMIME (default), PEM or DER"}, - {"rctform", OPT_RCTFORM, 'F', "Receipt file format"}, - {"stream", OPT_INDEF, '-', "Enable CMS streaming"}, - {"indef", OPT_INDEF, '-', "Same as -stream"}, - {"noindef", OPT_NOINDEF, '-', "Disable CMS streaming"}, - {"binary", OPT_BINARY, '-', - "Treat input as binary: do not translate to canonical form"}, - {"crlfeol", OPT_CRLFEOL, '-', - "Use CRLF as EOL termination instead of CR only" }, - {"asciicrlf", OPT_ASCIICRLF, '-', - "Perform CRLF canonicalisation when signing"}, - - OPT_SECTION("Keys and passwords"), - {"pwri_password", OPT_PWRI_PASSWORD, 's', - "Specific password for recipient"}, - {"secretkey", OPT_SECRETKEY, 's', - "Use specified hex-encoded key to decrypt/encrypt recipients or content"}, - {"secretkeyid", OPT_SECRETKEYID, 's', - "Identity of the -secretkey for CMS \"KEKRecipientInfo\" object"}, - {"inkey", OPT_INKEY, 's', - "Input private key (if not signer or recipient)"}, - {"passin", OPT_PASSIN, 's', "Input file pass phrase source"}, - {"keyopt", OPT_KEYOPT, 's', "Set public key parameters as n:v pairs"}, - {"keyform", OPT_KEYFORM, 'f', - "Input private key format (ENGINE, other values ignored)"}, -#ifndef OPENSSL_NO_ENGINE - {"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"}, -#endif - OPT_PROV_OPTIONS, - OPT_R_OPTIONS, - - OPT_SECTION("Encryption and decryption"), - {"originator", OPT_ORIGINATOR, 's', "Originator certificate file"}, - {"recip", OPT_RECIP, '<', "Recipient cert file"}, - {"cert...", OPT_PARAM, '.', - "Recipient certs (optional; used only when encrypting)"}, - {"", OPT_CIPHER, '-', - "The encryption algorithm to use (any supported cipher)"}, - {"wrap", OPT_WRAP, 's', - "Key wrap algorithm to use when encrypting with key agreement"}, - {"aes128-wrap", OPT_AES128_WRAP, '-', "Use AES128 to wrap key"}, - {"aes192-wrap", OPT_AES192_WRAP, '-', "Use AES192 to wrap key"}, - {"aes256-wrap", OPT_AES256_WRAP, '-', "Use AES256 to wrap key"}, - {"des3-wrap", OPT_3DES_WRAP, '-', "Use 3DES-EDE to wrap key"}, - {"debug_decrypt", OPT_DEBUG_DECRYPT, '-', - "Disable MMA protection, return error if no recipient found (see doc)"}, - - OPT_SECTION("Signing"), - {"md", OPT_MD, 's', "Digest algorithm to use"}, - {"signer", OPT_SIGNER, 's', "Signer certificate input file"}, - {"certfile", OPT_CERTFILE, '<', "Other certificates file"}, - {"cades", OPT_CADES, '-', - "Include signingCertificate attribute (CAdES-BES)"}, - {"nodetach", OPT_NODETACH, '-', "Use opaque signing"}, - {"nocerts", OPT_NOCERTS, '-', - "Don't include signer's certificate when signing"}, - {"noattr", OPT_NOATTR, '-', "Don't include any signed attributes"}, - {"nosmimecap", OPT_NOSMIMECAP, '-', "Omit the SMIMECapabilities attribute"}, - {"receipt_request_all", OPT_RR_ALL, '-', - "When signing, create a receipt request for all recipients"}, - {"receipt_request_first", OPT_RR_FIRST, '-', - "When signing, create a receipt request for first recipient"}, - {"receipt_request_from", OPT_RR_FROM, 's', - "Create signed receipt request with specified email address"}, - {"receipt_request_to", OPT_RR_TO, 's', - "Create signed receipt targeted to specified address"}, - - OPT_SECTION("Verification"), - {"signer", OPT_DUP, 's', "Signer certificate(s) output file"}, - {"content", OPT_CONTENT, '<', - "Supply or override content for detached signature"}, - {"no_content_verify", OPT_NO_CONTENT_VERIFY, '-', - "Do not verify signed content signatures"}, - {"no_attr_verify", OPT_NO_ATTR_VERIFY, '-', - "Do not verify signed attribute signatures"}, - {"nosigs", OPT_NOSIGS, '-', "Don't verify message signature"}, - {"noverify", OPT_NOVERIFY, '-', "Don't verify signers certificate"}, - {"nointern", OPT_NOINTERN, '-', - "Don't search certificates in message for signer"}, - {"cades", OPT_DUP, '-', "Check signingCertificate (CAdES-BES)"}, - {"verify_retcode", OPT_VERIFY_RETCODE, '-', - "Exit non-zero on verification failure"}, - {"CAfile", OPT_CAFILE, '<', "Trusted certificates file"}, - {"CApath", OPT_CAPATH, '/', "Trusted certificates directory"}, - {"CAstore", OPT_CASTORE, ':', "Trusted certificates store URI"}, - {"no-CAfile", OPT_NOCAFILE, '-', - "Do not load the default certificates file"}, - {"no-CApath", OPT_NOCAPATH, '-', - "Do not load certificates from the default certificates directory"}, - {"no-CAstore", OPT_NOCASTORE, '-', - "Do not load certificates from the default certificates store"}, - - OPT_SECTION("Output"), - {"keyid", OPT_KEYID, '-', "Use subject key identifier"}, - {"econtent_type", OPT_ECONTENT_TYPE, 's', "OID for external content"}, - {"text", OPT_TEXT, '-', "Include or delete text MIME headers"}, - {"certsout", OPT_CERTSOUT, '>', "Certificate output file"}, - {"to", OPT_TO, 's', "To address"}, - {"from", OPT_FROM, 's', "From address"}, - {"subject", OPT_SUBJECT, 's', "Subject"}, - - OPT_SECTION("Printing"), - {"noout", OPT_NOOUT, '-', - "For the -cmsout operation do not output the parsed CMS structure"}, - {"print", OPT_PRINT, '-', - "For the -cmsout operation print out all fields of the CMS structure"}, - {"nameopt", OPT_NAMEOPT, 's', - "For the -print option specifies various strings printing options"}, - {"receipt_request_print", OPT_RR_PRINT, '-', "Print CMS Receipt Request" }, - - OPT_V_OPTIONS, - {NULL} -}; - -static CMS_ContentInfo *load_content_info(int informat, BIO *in, int flags, - BIO **indata, const char *name) -{ - CMS_ContentInfo *ret, *ci; - - ret = CMS_ContentInfo_new_ex(app_get0_libctx(), app_get0_propq()); - if (ret == NULL) { - BIO_printf(bio_err, "Error allocating CMS_contentinfo\n"); - return NULL; - } - switch (informat) { - case FORMAT_SMIME: - ci = SMIME_read_CMS_ex(in, flags, indata, &ret); - break; - case FORMAT_PEM: - ci = PEM_read_bio_CMS(in, &ret, NULL, NULL); - break; - case FORMAT_ASN1: - ci = d2i_CMS_bio(in, &ret); - break; - default: - BIO_printf(bio_err, "Bad input format for %s\n", name); - goto err; - } - if (ci == NULL) { - BIO_printf(bio_err, "Error reading %s Content Info\n", name); - goto err; - } - return ret; - err: - CMS_ContentInfo_free(ret); - return NULL; -} - -int cms_main(int argc, char **argv) -{ - CONF *conf = NULL; - ASN1_OBJECT *econtent_type = NULL; - BIO *in = NULL, *out = NULL, *indata = NULL, *rctin = NULL; - CMS_ContentInfo *cms = NULL, *rcms = NULL; - CMS_ReceiptRequest *rr = NULL; - ENGINE *e = NULL; - EVP_PKEY *key = NULL; - EVP_CIPHER *cipher = NULL, *wrap_cipher = NULL; - EVP_MD *sign_md = NULL; - STACK_OF(OPENSSL_STRING) *rr_to = NULL, *rr_from = NULL; - STACK_OF(OPENSSL_STRING) *sksigners = NULL, *skkeys = NULL; - STACK_OF(X509) *encerts = sk_X509_new_null(), *other = NULL; - X509 *cert = NULL, *recip = NULL, *signer = NULL, *originator = NULL; - X509_STORE *store = NULL; - X509_VERIFY_PARAM *vpm = X509_VERIFY_PARAM_new(); - char *certfile = NULL, *keyfile = NULL, *contfile = NULL; - const char *CAfile = NULL, *CApath = NULL, *CAstore = NULL; - char *certsoutfile = NULL, *digestname = NULL, *wrapname = NULL; - int noCAfile = 0, noCApath = 0, noCAstore = 0; - char *infile = NULL, *outfile = NULL, *rctfile = NULL; - char *passinarg = NULL, *passin = NULL, *signerfile = NULL; - char *originatorfile = NULL, *recipfile = NULL, *ciphername = NULL; - char *to = NULL, *from = NULL, *subject = NULL, *prog; - cms_key_param *key_first = NULL, *key_param = NULL; - int flags = CMS_DETACHED, binary_files = 0; - int noout = 0, print = 0, keyidx = -1, vpmtouched = 0; - int informat = FORMAT_SMIME, outformat = FORMAT_SMIME; - int operation = 0, ret = 1, rr_print = 0, rr_allorfirst = -1; - int verify_retcode = 0, rctformat = FORMAT_SMIME, keyform = FORMAT_UNDEF; - size_t secret_keylen = 0, secret_keyidlen = 0; - unsigned char *pwri_pass = NULL, *pwri_tmp = NULL; - unsigned char *secret_key = NULL, *secret_keyid = NULL; - long ltmp; - const char *mime_eol = "\n"; - OPTION_CHOICE o; - OSSL_LIB_CTX *libctx = app_get0_libctx(); - - if (encerts == NULL || vpm == NULL) - goto end; - - prog = opt_init(argc, argv, cms_options); - while ((o = opt_next()) != OPT_EOF) { - switch (o) { - case OPT_EOF: - case OPT_ERR: - opthelp: - BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); - goto end; - case OPT_HELP: - opt_help(cms_options); - ret = 0; - goto end; - case OPT_INFORM: - if (!opt_format(opt_arg(), OPT_FMT_PDS, &informat)) - goto opthelp; - break; - case OPT_OUTFORM: - if (!opt_format(opt_arg(), OPT_FMT_PDS, &outformat)) - goto opthelp; - break; - case OPT_OUT: - outfile = opt_arg(); - break; - - case OPT_ENCRYPT: - operation = SMIME_ENCRYPT; - break; - case OPT_DECRYPT: - operation = SMIME_DECRYPT; - break; - case OPT_SIGN: - operation = SMIME_SIGN; - break; - case OPT_VERIFY: - operation = SMIME_VERIFY; - break; - case OPT_RESIGN: - operation = SMIME_RESIGN; - break; - case OPT_SIGN_RECEIPT: - operation = SMIME_SIGN_RECEIPT; - break; - case OPT_VERIFY_RECEIPT: - operation = SMIME_VERIFY_RECEIPT; - rctfile = opt_arg(); - break; - case OPT_VERIFY_RETCODE: - verify_retcode = 1; - break; - case OPT_DIGEST_CREATE: - operation = SMIME_DIGEST_CREATE; - break; - case OPT_DIGEST_VERIFY: - operation = SMIME_DIGEST_VERIFY; - break; - case OPT_COMPRESS: - operation = SMIME_COMPRESS; - break; - case OPT_UNCOMPRESS: - operation = SMIME_UNCOMPRESS; - break; - case OPT_ED_ENCRYPT: - operation = SMIME_ENCRYPTED_ENCRYPT; - break; - case OPT_ED_DECRYPT: - operation = SMIME_ENCRYPTED_DECRYPT; - break; - case OPT_DATA_CREATE: - operation = SMIME_DATA_CREATE; - break; - case OPT_DATA_OUT: - operation = SMIME_DATA_OUT; - break; - case OPT_CMSOUT: - operation = SMIME_CMSOUT; - break; - - case OPT_DEBUG_DECRYPT: - flags |= CMS_DEBUG_DECRYPT; - break; - case OPT_TEXT: - flags |= CMS_TEXT; - break; - case OPT_ASCIICRLF: - flags |= CMS_ASCIICRLF; - break; - case OPT_NOINTERN: - flags |= CMS_NOINTERN; - break; - case OPT_NOVERIFY: - flags |= CMS_NO_SIGNER_CERT_VERIFY; - break; - case OPT_NOCERTS: - flags |= CMS_NOCERTS; - break; - case OPT_NOATTR: - flags |= CMS_NOATTR; - break; - case OPT_NODETACH: - flags &= ~CMS_DETACHED; - break; - case OPT_NOSMIMECAP: - flags |= CMS_NOSMIMECAP; - break; - case OPT_BINARY: - flags |= CMS_BINARY; - break; - case OPT_CADES: - flags |= CMS_CADES; - break; - case OPT_KEYID: - flags |= CMS_USE_KEYID; - break; - case OPT_NOSIGS: - flags |= CMS_NOSIGS; - break; - case OPT_NO_CONTENT_VERIFY: - flags |= CMS_NO_CONTENT_VERIFY; - break; - case OPT_NO_ATTR_VERIFY: - flags |= CMS_NO_ATTR_VERIFY; - break; - case OPT_INDEF: - flags |= CMS_STREAM; - break; - case OPT_NOINDEF: - flags &= ~CMS_STREAM; - break; - case OPT_CRLFEOL: - mime_eol = "\r\n"; - flags |= CMS_CRLFEOL; - break; - case OPT_NOOUT: - noout = 1; - break; - case OPT_RR_PRINT: - rr_print = 1; - break; - case OPT_RR_ALL: - rr_allorfirst = 0; - break; - case OPT_RR_FIRST: - rr_allorfirst = 1; - break; - case OPT_RCTFORM: - if (!opt_format(opt_arg(), - OPT_FMT_PEMDER | OPT_FMT_SMIME, &rctformat)) - goto opthelp; - break; - case OPT_CERTFILE: - certfile = opt_arg(); - break; - case OPT_CAFILE: - CAfile = opt_arg(); - break; - case OPT_CAPATH: - CApath = opt_arg(); - break; - case OPT_CASTORE: - CAstore = opt_arg(); - break; - case OPT_NOCAFILE: - noCAfile = 1; - break; - case OPT_NOCAPATH: - noCApath = 1; - break; - case OPT_NOCASTORE: - noCAstore = 1; - break; - case OPT_IN: - infile = opt_arg(); - break; - case OPT_CONTENT: - contfile = opt_arg(); - break; - case OPT_RR_FROM: - if (rr_from == NULL - && (rr_from = sk_OPENSSL_STRING_new_null()) == NULL) - goto end; - sk_OPENSSL_STRING_push(rr_from, opt_arg()); - break; - case OPT_RR_TO: - if (rr_to == NULL - && (rr_to = sk_OPENSSL_STRING_new_null()) == NULL) - goto end; - sk_OPENSSL_STRING_push(rr_to, opt_arg()); - break; - case OPT_PRINT: - noout = print = 1; - break; - case OPT_NAMEOPT: - if (!set_nameopt(opt_arg())) - goto opthelp; - break; - case OPT_SECRETKEY: - if (secret_key != NULL) { - BIO_printf(bio_err, "Invalid key (supplied twice) %s\n", - opt_arg()); - goto opthelp; - } - secret_key = OPENSSL_hexstr2buf(opt_arg(), <mp); - if (secret_key == NULL) { - BIO_printf(bio_err, "Invalid key %s\n", opt_arg()); - goto end; - } - secret_keylen = (size_t)ltmp; - break; - case OPT_SECRETKEYID: - if (secret_keyid != NULL) { - BIO_printf(bio_err, "Invalid id (supplied twice) %s\n", - opt_arg()); - goto opthelp; - } - secret_keyid = OPENSSL_hexstr2buf(opt_arg(), <mp); - if (secret_keyid == NULL) { - BIO_printf(bio_err, "Invalid id %s\n", opt_arg()); - goto opthelp; - } - secret_keyidlen = (size_t)ltmp; - break; - case OPT_PWRI_PASSWORD: - pwri_pass = (unsigned char *)opt_arg(); - break; - case OPT_ECONTENT_TYPE: - if (econtent_type != NULL) { - BIO_printf(bio_err, "Invalid OID (supplied twice) %s\n", - opt_arg()); - goto opthelp; - } - econtent_type = OBJ_txt2obj(opt_arg(), 0); - if (econtent_type == NULL) { - BIO_printf(bio_err, "Invalid OID %s\n", opt_arg()); - goto opthelp; - } - break; - case OPT_ENGINE: - e = setup_engine(opt_arg(), 0); - break; - case OPT_PASSIN: - passinarg = opt_arg(); - break; - case OPT_TO: - to = opt_arg(); - break; - case OPT_FROM: - from = opt_arg(); - break; - case OPT_SUBJECT: - subject = opt_arg(); - break; - case OPT_CERTSOUT: - certsoutfile = opt_arg(); - break; - case OPT_MD: - digestname = opt_arg(); - break; - case OPT_SIGNER: - /* If previous -signer argument add signer to list */ - if (signerfile != NULL) { - if (sksigners == NULL - && (sksigners = sk_OPENSSL_STRING_new_null()) == NULL) - goto end; - sk_OPENSSL_STRING_push(sksigners, signerfile); - if (keyfile == NULL) - keyfile = signerfile; - if (skkeys == NULL - && (skkeys = sk_OPENSSL_STRING_new_null()) == NULL) - goto end; - sk_OPENSSL_STRING_push(skkeys, keyfile); - keyfile = NULL; - } - signerfile = opt_arg(); - break; - case OPT_ORIGINATOR: - originatorfile = opt_arg(); - break; - case OPT_INKEY: - /* If previous -inkey argument add signer to list */ - if (keyfile != NULL) { - if (signerfile == NULL) { - BIO_puts(bio_err, "Illegal -inkey without -signer\n"); - goto end; - } - if (sksigners == NULL - && (sksigners = sk_OPENSSL_STRING_new_null()) == NULL) - goto end; - sk_OPENSSL_STRING_push(sksigners, signerfile); - signerfile = NULL; - if (skkeys == NULL - && (skkeys = sk_OPENSSL_STRING_new_null()) == NULL) - goto end; - sk_OPENSSL_STRING_push(skkeys, keyfile); - } - keyfile = opt_arg(); - break; - case OPT_KEYFORM: - if (!opt_format(opt_arg(), OPT_FMT_ANY, &keyform)) - goto opthelp; - break; - case OPT_RECIP: - if (operation == SMIME_ENCRYPT) { - cert = load_cert(opt_arg(), FORMAT_UNDEF, - "recipient certificate file"); - if (cert == NULL) - goto end; - sk_X509_push(encerts, cert); - cert = NULL; - } else { - recipfile = opt_arg(); - } - break; - case OPT_CIPHER: - ciphername = opt_unknown(); - break; - case OPT_KEYOPT: - keyidx = -1; - if (operation == SMIME_ENCRYPT) { - if (sk_X509_num(encerts) > 0) - keyidx += sk_X509_num(encerts); - } else { - if (keyfile != NULL || signerfile != NULL) - keyidx++; - if (skkeys != NULL) - keyidx += sk_OPENSSL_STRING_num(skkeys); - } - if (keyidx < 0) { - BIO_printf(bio_err, "No key specified\n"); - goto opthelp; - } - if (key_param == NULL || key_param->idx != keyidx) { - cms_key_param *nparam; - nparam = app_malloc(sizeof(*nparam), "key param buffer"); - if ((nparam->param = sk_OPENSSL_STRING_new_null()) == NULL) { - OPENSSL_free(nparam); - goto end; - } - nparam->idx = keyidx; - nparam->next = NULL; - if (key_first == NULL) - key_first = nparam; - else - key_param->next = nparam; - key_param = nparam; - } - sk_OPENSSL_STRING_push(key_param->param, opt_arg()); - break; - case OPT_V_CASES: - if (!opt_verify(o, vpm)) - goto end; - vpmtouched++; - break; - case OPT_R_CASES: - if (!opt_rand(o)) - goto end; - break; - case OPT_PROV_CASES: - if (!opt_provider(o)) - goto end; - break; - case OPT_CONFIG: - conf = app_load_config_modules(opt_arg()); - if (conf == NULL) - goto end; - break; - case OPT_WRAP: - wrapname = opt_arg(); - break; - case OPT_AES128_WRAP: - case OPT_AES192_WRAP: - case OPT_AES256_WRAP: - case OPT_3DES_WRAP: - wrapname = opt_flag() + 1; - break; - } - } - if (!app_RAND_load()) - goto end; - - if (digestname != NULL) { - if (!opt_md(digestname, &sign_md)) - goto end; - } - if (ciphername != NULL) { - if (!opt_cipher_any(ciphername, &cipher)) - goto end; - } - if (wrapname != NULL) { - if (!opt_cipher_any(wrapname, &wrap_cipher)) - goto end; - } - - /* Remaining args are files to process. */ - argc = opt_num_rest(); - argv = opt_rest(); - - if ((rr_allorfirst != -1 || rr_from != NULL) && rr_to == NULL) { - BIO_puts(bio_err, "No Signed Receipts Recipients\n"); - goto opthelp; - } - - if (!(operation & SMIME_SIGNERS) && (rr_to != NULL || rr_from != NULL)) { - BIO_puts(bio_err, "Signed receipts only allowed with -sign\n"); - goto opthelp; - } - if (!(operation & SMIME_SIGNERS) && (skkeys != NULL || sksigners != NULL)) { - BIO_puts(bio_err, "Multiple signers or keys not allowed\n"); - goto opthelp; - } - - if ((flags & CMS_CADES) != 0) { - if ((flags & CMS_NOATTR) != 0) { - BIO_puts(bio_err, "Incompatible options: " - "CAdES requires signed attributes\n"); - goto opthelp; - } - if (operation == SMIME_VERIFY - && (flags & (CMS_NO_SIGNER_CERT_VERIFY | CMS_NO_ATTR_VERIFY)) != 0) { - BIO_puts(bio_err, "Incompatible options: CAdES validation requires" - " certs and signed attributes validations\n"); - goto opthelp; - } - } - - if (operation & SMIME_SIGNERS) { - if (keyfile != NULL && signerfile == NULL) { - BIO_puts(bio_err, "Illegal -inkey without -signer\n"); - goto opthelp; - } - /* Check to see if any final signer needs to be appended */ - if (signerfile != NULL) { - if (sksigners == NULL - && (sksigners = sk_OPENSSL_STRING_new_null()) == NULL) - goto end; - sk_OPENSSL_STRING_push(sksigners, signerfile); - if (skkeys == NULL && (skkeys = sk_OPENSSL_STRING_new_null()) == NULL) - goto end; - if (keyfile == NULL) - keyfile = signerfile; - sk_OPENSSL_STRING_push(skkeys, keyfile); - } - if (sksigners == NULL) { - BIO_printf(bio_err, "No signer certificate specified\n"); - goto opthelp; - } - signerfile = NULL; - keyfile = NULL; - } else if (operation == SMIME_DECRYPT) { - if (recipfile == NULL && keyfile == NULL - && secret_key == NULL && pwri_pass == NULL) { - BIO_printf(bio_err, - "No recipient certificate or key specified\n"); - goto opthelp; - } - } else if (operation == SMIME_ENCRYPT) { - if (*argv == NULL && secret_key == NULL - && pwri_pass == NULL && sk_X509_num(encerts) <= 0) { - BIO_printf(bio_err, "No recipient(s) certificate(s) specified\n"); - goto opthelp; - } - } else if (!operation) { - BIO_printf(bio_err, "No operation option (-encrypt|-decrypt|-sign|-verify|...) specified.\n"); - goto opthelp; - } - - if (!app_passwd(passinarg, NULL, &passin, NULL)) { - BIO_printf(bio_err, "Error getting password\n"); - goto end; - } - - ret = 2; - - if ((operation & SMIME_SIGNERS) == 0) { - if ((flags & CMS_DETACHED) == 0) - BIO_printf(bio_err, - "Warning: -nodetach option is ignored for non-signing operation\n"); - - flags &= ~CMS_DETACHED; - } - if ((operation & SMIME_IP) == 0 && contfile != NULL) - BIO_printf(bio_err, - "Warning: -contfile option is ignored for the given operation\n"); - - if ((flags & CMS_BINARY) != 0) { - if (!(operation & SMIME_OP)) - outformat = FORMAT_BINARY; - if (!(operation & SMIME_IP)) - informat = FORMAT_BINARY; - if ((operation & SMIME_SIGNERS) != 0 && (flags & CMS_DETACHED) != 0) - binary_files = 1; - if ((operation & SMIME_IP) != 0 && contfile == NULL) - binary_files = 1; - } - - if (operation == SMIME_ENCRYPT) { - if (!cipher) { -#ifndef OPENSSL_NO_DES - cipher = (EVP_CIPHER *)EVP_des_ede3_cbc(); -#else - BIO_printf(bio_err, "No cipher selected\n"); - goto end; -#endif - } - - if (secret_key && !secret_keyid) { - BIO_printf(bio_err, "No secret key id\n"); - goto end; - } - - if (*argv != NULL) { - if (operation == SMIME_ENCRYPT) { - for (; *argv != NULL; argv++) { - cert = load_cert(*argv, FORMAT_UNDEF, - "recipient certificate file"); - if (cert == NULL) - goto end; - sk_X509_push(encerts, cert); - cert = NULL; - } - } else { - BIO_printf(bio_err, "Warning: recipient certificate file parameters ignored for operation other than -encrypt\n"); - } - } - } - - if (certfile != NULL) { - if (!load_certs(certfile, 0, &other, NULL, "certificate file")) { - ERR_print_errors(bio_err); - goto end; - } - } - - if (recipfile != NULL && (operation == SMIME_DECRYPT)) { - if ((recip = load_cert(recipfile, FORMAT_UNDEF, - "recipient certificate file")) == NULL) { - ERR_print_errors(bio_err); - goto end; - } - } - - if (originatorfile != NULL) { - if ((originator = load_cert(originatorfile, FORMAT_UNDEF, - "originator certificate file")) == NULL) { - ERR_print_errors(bio_err); - goto end; - } - } - - if (operation == SMIME_SIGN_RECEIPT) { - if ((signer = load_cert(signerfile, FORMAT_UNDEF, - "receipt signer certificate file")) == NULL) { - ERR_print_errors(bio_err); - goto end; - } - } - - if ((operation == SMIME_DECRYPT) || (operation == SMIME_ENCRYPT)) { - if (keyfile == NULL) - keyfile = recipfile; - } else if ((operation == SMIME_SIGN) || (operation == SMIME_SIGN_RECEIPT)) { - if (keyfile == NULL) - keyfile = signerfile; - } else { - keyfile = NULL; - } - - if (keyfile != NULL) { - key = load_key(keyfile, keyform, 0, passin, e, "signing key"); - if (key == NULL) - goto end; - } - - in = bio_open_default(infile, 'r', - binary_files ? FORMAT_BINARY : informat); - if (in == NULL) - goto end; - - if (operation & SMIME_IP) { - cms = load_content_info(informat, in, flags, &indata, "SMIME"); - if (cms == NULL) - goto end; - if (contfile != NULL) { - BIO_free(indata); - if ((indata = BIO_new_file(contfile, "rb")) == NULL) { - BIO_printf(bio_err, "Can't read content file %s\n", contfile); - goto end; - } - } - if (certsoutfile != NULL) { - STACK_OF(X509) *allcerts; - allcerts = CMS_get1_certs(cms); - if (!save_certs(certsoutfile, allcerts)) { - BIO_printf(bio_err, - "Error writing certs to %s\n", certsoutfile); - ret = 5; - goto end; - } - sk_X509_pop_free(allcerts, X509_free); - } - } - - if (rctfile != NULL) { - char *rctmode = (rctformat == FORMAT_ASN1) ? "rb" : "r"; - - if ((rctin = BIO_new_file(rctfile, rctmode)) == NULL) { - BIO_printf(bio_err, "Can't open receipt file %s\n", rctfile); - goto end; - } - - rcms = load_content_info(rctformat, rctin, 0, NULL, "receipt"); - if (rcms == NULL) - goto end; - } - - out = bio_open_default(outfile, 'w', - binary_files ? FORMAT_BINARY : outformat); - if (out == NULL) - goto end; - - if ((operation == SMIME_VERIFY) || (operation == SMIME_VERIFY_RECEIPT)) { - if ((store = setup_verify(CAfile, noCAfile, CApath, noCApath, - CAstore, noCAstore)) == NULL) - goto end; - X509_STORE_set_verify_cb(store, cms_cb); - if (vpmtouched) - X509_STORE_set1_param(store, vpm); - } - - ret = 3; - - if (operation == SMIME_DATA_CREATE) { - cms = CMS_data_create_ex(in, flags, libctx, app_get0_propq()); - } else if (operation == SMIME_DIGEST_CREATE) { - cms = CMS_digest_create_ex(in, sign_md, flags, libctx, app_get0_propq()); - } else if (operation == SMIME_COMPRESS) { - cms = CMS_compress(in, -1, flags); - } else if (operation == SMIME_ENCRYPT) { - int i; - flags |= CMS_PARTIAL; - cms = CMS_encrypt_ex(NULL, in, cipher, flags, libctx, app_get0_propq()); - if (cms == NULL) - goto end; - for (i = 0; i < sk_X509_num(encerts); i++) { - CMS_RecipientInfo *ri; - cms_key_param *kparam; - int tflags = flags | CMS_KEY_PARAM; - /* This flag enforces allocating the EVP_PKEY_CTX for the recipient here */ - EVP_PKEY_CTX *pctx; - X509 *x = sk_X509_value(encerts, i); - int res; - - for (kparam = key_first; kparam; kparam = kparam->next) { - if (kparam->idx == i) { - break; - } - } - ri = CMS_add1_recipient(cms, x, key, originator, tflags); - if (ri == NULL) - goto end; - - pctx = CMS_RecipientInfo_get0_pkey_ctx(ri); - if (kparam != NULL) { - if (!cms_set_pkey_param(pctx, kparam->param)) - goto end; - } - - res = EVP_PKEY_CTX_ctrl(pctx, -1, -1, - EVP_PKEY_CTRL_CIPHER, - EVP_CIPHER_get_nid(cipher), NULL); - if (res <= 0 && res != -2) - goto end; - - if (CMS_RecipientInfo_type(ri) == CMS_RECIPINFO_AGREE - && wrap_cipher != NULL) { - EVP_CIPHER_CTX *wctx; - wctx = CMS_RecipientInfo_kari_get0_ctx(ri); - EVP_EncryptInit_ex(wctx, wrap_cipher, NULL, NULL, NULL); - } - } - - if (secret_key != NULL) { - if (!CMS_add0_recipient_key(cms, NID_undef, - secret_key, secret_keylen, - secret_keyid, secret_keyidlen, - NULL, NULL, NULL)) - goto end; - /* NULL these because call absorbs them */ - secret_key = NULL; - secret_keyid = NULL; - } - if (pwri_pass != NULL) { - pwri_tmp = (unsigned char *)OPENSSL_strdup((char *)pwri_pass); - if (pwri_tmp == NULL) - goto end; - if (CMS_add0_recipient_password(cms, - -1, NID_undef, NID_undef, - pwri_tmp, -1, NULL) == NULL) - goto end; - pwri_tmp = NULL; - } - if (!(flags & CMS_STREAM)) { - if (!CMS_final(cms, in, NULL, flags)) - goto end; - } - } else if (operation == SMIME_ENCRYPTED_ENCRYPT) { - cms = CMS_EncryptedData_encrypt_ex(in, cipher, secret_key, - secret_keylen, flags, libctx, app_get0_propq()); - - } else if (operation == SMIME_SIGN_RECEIPT) { - CMS_ContentInfo *srcms = NULL; - STACK_OF(CMS_SignerInfo) *sis; - CMS_SignerInfo *si; - sis = CMS_get0_SignerInfos(cms); - if (sis == NULL) - goto end; - si = sk_CMS_SignerInfo_value(sis, 0); - srcms = CMS_sign_receipt(si, signer, key, other, flags); - if (srcms == NULL) - goto end; - CMS_ContentInfo_free(cms); - cms = srcms; - } else if (operation & SMIME_SIGNERS) { - int i; - /* - * If detached data content we enable streaming if S/MIME output - * format. - */ - if (operation == SMIME_SIGN) { - - if (flags & CMS_DETACHED) { - if (outformat == FORMAT_SMIME) - flags |= CMS_STREAM; - } - flags |= CMS_PARTIAL; - cms = CMS_sign_ex(NULL, NULL, other, in, flags, libctx, app_get0_propq()); - if (cms == NULL) - goto end; - if (econtent_type != NULL) - CMS_set1_eContentType(cms, econtent_type); - - if (rr_to != NULL - && ((rr = make_receipt_request(rr_to, rr_allorfirst, rr_from)) - == NULL)) { - BIO_puts(bio_err, "Signed Receipt Request Creation Error\n"); - goto end; - } - } else { - flags |= CMS_REUSE_DIGEST; - } - for (i = 0; i < sk_OPENSSL_STRING_num(sksigners); i++) { - CMS_SignerInfo *si; - cms_key_param *kparam; - int tflags = flags; - signerfile = sk_OPENSSL_STRING_value(sksigners, i); - keyfile = sk_OPENSSL_STRING_value(skkeys, i); - - signer = load_cert(signerfile, FORMAT_UNDEF, "signer certificate"); - if (signer == NULL) { - ret = 2; - goto end; - } - key = load_key(keyfile, keyform, 0, passin, e, "signing key"); - if (key == NULL) { - ret = 2; - goto end; - } - - for (kparam = key_first; kparam; kparam = kparam->next) { - if (kparam->idx == i) { - tflags |= CMS_KEY_PARAM; - break; - } - } - si = CMS_add1_signer(cms, signer, key, sign_md, tflags); - if (si == NULL) - goto end; - if (kparam != NULL) { - EVP_PKEY_CTX *pctx; - pctx = CMS_SignerInfo_get0_pkey_ctx(si); - if (!cms_set_pkey_param(pctx, kparam->param)) - goto end; - } - if (rr != NULL && !CMS_add1_ReceiptRequest(si, rr)) - goto end; - X509_free(signer); - signer = NULL; - EVP_PKEY_free(key); - key = NULL; - } - /* If not streaming or resigning finalize structure */ - if ((operation == SMIME_SIGN) && !(flags & CMS_STREAM)) { - if (!CMS_final(cms, in, NULL, flags)) - goto end; - } - } - - if (cms == NULL) { - BIO_printf(bio_err, "Error creating CMS structure\n"); - goto end; - } - - ret = 4; - if (operation == SMIME_DECRYPT) { - if (flags & CMS_DEBUG_DECRYPT) - CMS_decrypt(cms, NULL, NULL, NULL, NULL, flags); - - if (secret_key != NULL) { - if (!CMS_decrypt_set1_key(cms, - secret_key, secret_keylen, - secret_keyid, secret_keyidlen)) { - BIO_puts(bio_err, "Error decrypting CMS using secret key\n"); - goto end; - } - } - - if (key != NULL) { - if (!CMS_decrypt_set1_pkey_and_peer(cms, key, recip, originator)) { - BIO_puts(bio_err, "Error decrypting CMS using private key\n"); - goto end; - } - } - - if (pwri_pass != NULL) { - if (!CMS_decrypt_set1_password(cms, pwri_pass, -1)) { - BIO_puts(bio_err, "Error decrypting CMS using password\n"); - goto end; - } - } - - if (!CMS_decrypt(cms, NULL, NULL, indata, out, flags)) { - BIO_printf(bio_err, "Error decrypting CMS structure\n"); - goto end; - } - } else if (operation == SMIME_DATA_OUT) { - if (!CMS_data(cms, out, flags)) - goto end; - } else if (operation == SMIME_UNCOMPRESS) { - if (!CMS_uncompress(cms, indata, out, flags)) - goto end; - } else if (operation == SMIME_DIGEST_VERIFY) { - if (CMS_digest_verify(cms, indata, out, flags) > 0) { - BIO_printf(bio_err, "Verification successful\n"); - } else { - BIO_printf(bio_err, "Verification failure\n"); - goto end; - } - } else if (operation == SMIME_ENCRYPTED_DECRYPT) { - if (!CMS_EncryptedData_decrypt(cms, secret_key, secret_keylen, - indata, out, flags)) - goto end; - } else if (operation == SMIME_VERIFY) { - if (CMS_verify(cms, other, store, indata, out, flags) > 0) { - BIO_printf(bio_err, "%s Verification successful\n", - (flags & CMS_CADES) != 0 ? "CAdES" : "CMS"); - } else { - BIO_printf(bio_err, "%s Verification failure\n", - (flags & CMS_CADES) != 0 ? "CAdES" : "CMS"); - if (verify_retcode) - ret = verify_err + 32; - goto end; - } - if (signerfile != NULL) { - STACK_OF(X509) *signers = CMS_get0_signers(cms); - - if (!save_certs(signerfile, signers)) { - BIO_printf(bio_err, - "Error writing signers to %s\n", signerfile); - ret = 5; - goto end; - } - sk_X509_free(signers); - } - if (rr_print) - receipt_request_print(cms); - - } else if (operation == SMIME_VERIFY_RECEIPT) { - if (CMS_verify_receipt(rcms, cms, other, store, flags) > 0) { - BIO_printf(bio_err, "Verification successful\n"); - } else { - BIO_printf(bio_err, "Verification failure\n"); - goto end; - } - } else { - if (noout) { - if (print) { - ASN1_PCTX *pctx = NULL; - if (get_nameopt() != XN_FLAG_ONELINE) { - pctx = ASN1_PCTX_new(); - if (pctx != NULL) { /* Print anyway if malloc failed */ - ASN1_PCTX_set_flags(pctx, ASN1_PCTX_FLAGS_SHOW_ABSENT); - ASN1_PCTX_set_str_flags(pctx, get_nameopt()); - ASN1_PCTX_set_nm_flags(pctx, get_nameopt()); - } - } - CMS_ContentInfo_print_ctx(out, cms, 0, pctx); - ASN1_PCTX_free(pctx); - } - } else if (outformat == FORMAT_SMIME) { - if (to) - BIO_printf(out, "To: %s%s", to, mime_eol); - if (from) - BIO_printf(out, "From: %s%s", from, mime_eol); - if (subject) - BIO_printf(out, "Subject: %s%s", subject, mime_eol); - if (operation == SMIME_RESIGN) - ret = SMIME_write_CMS(out, cms, indata, flags); - else - ret = SMIME_write_CMS(out, cms, in, flags); - } else if (outformat == FORMAT_PEM) { - ret = PEM_write_bio_CMS_stream(out, cms, in, flags); - } else if (outformat == FORMAT_ASN1) { - ret = i2d_CMS_bio_stream(out, cms, in, flags); - } else { - BIO_printf(bio_err, "Bad output format for CMS file\n"); - goto end; - } - if (ret <= 0) { - ret = 6; - goto end; - } - } - ret = 0; - end: - if (ret) - ERR_print_errors(bio_err); - sk_X509_pop_free(encerts, X509_free); - sk_X509_pop_free(other, X509_free); - X509_VERIFY_PARAM_free(vpm); - sk_OPENSSL_STRING_free(sksigners); - sk_OPENSSL_STRING_free(skkeys); - OPENSSL_free(secret_key); - OPENSSL_free(secret_keyid); - OPENSSL_free(pwri_tmp); - ASN1_OBJECT_free(econtent_type); - CMS_ReceiptRequest_free(rr); - sk_OPENSSL_STRING_free(rr_to); - sk_OPENSSL_STRING_free(rr_from); - for (key_param = key_first; key_param;) { - cms_key_param *tparam; - sk_OPENSSL_STRING_free(key_param->param); - tparam = key_param->next; - OPENSSL_free(key_param); - key_param = tparam; - } - X509_STORE_free(store); - X509_free(cert); - X509_free(recip); - X509_free(signer); - EVP_PKEY_free(key); - EVP_CIPHER_free(cipher); - EVP_CIPHER_free(wrap_cipher); - EVP_MD_free(sign_md); - CMS_ContentInfo_free(cms); - CMS_ContentInfo_free(rcms); - release_engine(e); - BIO_free(rctin); - BIO_free(in); - BIO_free(indata); - BIO_free_all(out); - OPENSSL_free(passin); - NCONF_free(conf); - return ret; -} - -static int save_certs(char *signerfile, STACK_OF(X509) *signers) -{ - int i; - BIO *tmp; - if (signerfile == NULL) - return 1; - tmp = BIO_new_file(signerfile, "w"); - if (tmp == NULL) - return 0; - for (i = 0; i < sk_X509_num(signers); i++) - PEM_write_bio_X509(tmp, sk_X509_value(signers, i)); - BIO_free(tmp); - return 1; -} - -/* Minimal callback just to output policy info (if any) */ - -static int cms_cb(int ok, X509_STORE_CTX *ctx) -{ - int error; - - error = X509_STORE_CTX_get_error(ctx); - - verify_err = error; - - if ((error != X509_V_ERR_NO_EXPLICIT_POLICY) - && ((error != X509_V_OK) || (ok != 2))) - return ok; - - policies_print(ctx); - - return ok; - -} - -static void gnames_stack_print(STACK_OF(GENERAL_NAMES) *gns) -{ - STACK_OF(GENERAL_NAME) *gens; - GENERAL_NAME *gen; - int i, j; - - for (i = 0; i < sk_GENERAL_NAMES_num(gns); i++) { - gens = sk_GENERAL_NAMES_value(gns, i); - for (j = 0; j < sk_GENERAL_NAME_num(gens); j++) { - gen = sk_GENERAL_NAME_value(gens, j); - BIO_puts(bio_err, " "); - GENERAL_NAME_print(bio_err, gen); - BIO_puts(bio_err, "\n"); - } - } - return; -} - -static void receipt_request_print(CMS_ContentInfo *cms) -{ - STACK_OF(CMS_SignerInfo) *sis; - CMS_SignerInfo *si; - CMS_ReceiptRequest *rr; - int allorfirst; - STACK_OF(GENERAL_NAMES) *rto, *rlist; - ASN1_STRING *scid; - int i, rv; - sis = CMS_get0_SignerInfos(cms); - for (i = 0; i < sk_CMS_SignerInfo_num(sis); i++) { - si = sk_CMS_SignerInfo_value(sis, i); - rv = CMS_get1_ReceiptRequest(si, &rr); - BIO_printf(bio_err, "Signer %d:\n", i + 1); - if (rv == 0) { - BIO_puts(bio_err, " No Receipt Request\n"); - } else if (rv < 0) { - BIO_puts(bio_err, " Receipt Request Parse Error\n"); - ERR_print_errors(bio_err); - } else { - const char *id; - int idlen; - CMS_ReceiptRequest_get0_values(rr, &scid, &allorfirst, - &rlist, &rto); - BIO_puts(bio_err, " Signed Content ID:\n"); - idlen = ASN1_STRING_length(scid); - id = (const char *)ASN1_STRING_get0_data(scid); - BIO_dump_indent(bio_err, id, idlen, 4); - BIO_puts(bio_err, " Receipts From"); - if (rlist != NULL) { - BIO_puts(bio_err, " List:\n"); - gnames_stack_print(rlist); - } else if (allorfirst == 1) { - BIO_puts(bio_err, ": First Tier\n"); - } else if (allorfirst == 0) { - BIO_puts(bio_err, ": All\n"); - } else { - BIO_printf(bio_err, " Unknown (%d)\n", allorfirst); - } - BIO_puts(bio_err, " Receipts To:\n"); - gnames_stack_print(rto); - } - CMS_ReceiptRequest_free(rr); - } -} - -static STACK_OF(GENERAL_NAMES) *make_names_stack(STACK_OF(OPENSSL_STRING) *ns) -{ - int i; - STACK_OF(GENERAL_NAMES) *ret; - GENERAL_NAMES *gens = NULL; - GENERAL_NAME *gen = NULL; - ret = sk_GENERAL_NAMES_new_null(); - if (ret == NULL) - goto err; - for (i = 0; i < sk_OPENSSL_STRING_num(ns); i++) { - char *str = sk_OPENSSL_STRING_value(ns, i); - gen = a2i_GENERAL_NAME(NULL, NULL, NULL, GEN_EMAIL, str, 0); - if (gen == NULL) - goto err; - gens = GENERAL_NAMES_new(); - if (gens == NULL) - goto err; - if (!sk_GENERAL_NAME_push(gens, gen)) - goto err; - gen = NULL; - if (!sk_GENERAL_NAMES_push(ret, gens)) - goto err; - gens = NULL; - } - - return ret; - - err: - sk_GENERAL_NAMES_pop_free(ret, GENERAL_NAMES_free); - GENERAL_NAMES_free(gens); - GENERAL_NAME_free(gen); - return NULL; -} - -static CMS_ReceiptRequest -*make_receipt_request(STACK_OF(OPENSSL_STRING) *rr_to, int rr_allorfirst, - STACK_OF(OPENSSL_STRING) *rr_from) -{ - STACK_OF(GENERAL_NAMES) *rct_to = NULL, *rct_from = NULL; - - rct_to = make_names_stack(rr_to); - if (rct_to == NULL) - goto err; - if (rr_from != NULL) { - rct_from = make_names_stack(rr_from); - if (rct_from == NULL) - goto err; - } else { - rct_from = NULL; - } - return CMS_ReceiptRequest_create0_ex(NULL, -1, rr_allorfirst, rct_from, - rct_to, app_get0_libctx()); - err: - sk_GENERAL_NAMES_pop_free(rct_to, GENERAL_NAMES_free); - return NULL; -} - -static int cms_set_pkey_param(EVP_PKEY_CTX *pctx, - STACK_OF(OPENSSL_STRING) *param) -{ - char *keyopt; - int i; - if (sk_OPENSSL_STRING_num(param) <= 0) - return 1; - for (i = 0; i < sk_OPENSSL_STRING_num(param); i++) { - keyopt = sk_OPENSSL_STRING_value(param, i); - if (pkey_ctrl_string(pctx, keyopt) <= 0) { - BIO_printf(bio_err, "parameter error \"%s\"\n", keyopt); - ERR_print_errors(bio_err); - return 0; - } - } - return 1; -} diff --git a/apps/crl.c b/apps/crl.c deleted file mode 100644 index 2158a107e55174cc2623c60061bc6519aca8689c..0000000000000000000000000000000000000000 --- a/apps/crl.c +++ /dev/null @@ -1,396 +0,0 @@ -/* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include "apps.h" -#include "progs.h" -#include -#include -#include -#include -#include - -typedef enum OPTION_choice { - OPT_COMMON, - OPT_INFORM, OPT_IN, OPT_OUTFORM, OPT_OUT, OPT_KEYFORM, OPT_KEY, - OPT_ISSUER, OPT_LASTUPDATE, OPT_NEXTUPDATE, OPT_FINGERPRINT, - OPT_CRLNUMBER, OPT_BADSIG, OPT_GENDELTA, OPT_CAPATH, OPT_CAFILE, OPT_CASTORE, - OPT_NOCAPATH, OPT_NOCAFILE, OPT_NOCASTORE, OPT_VERIFY, OPT_DATEOPT, OPT_TEXT, OPT_HASH, - OPT_HASH_OLD, OPT_NOOUT, OPT_NAMEOPT, OPT_MD, OPT_PROV_ENUM -} OPTION_CHOICE; - -const OPTIONS crl_options[] = { - OPT_SECTION("General"), - {"help", OPT_HELP, '-', "Display this summary"}, - {"verify", OPT_VERIFY, '-', "Verify CRL signature"}, - - OPT_SECTION("Input"), - {"in", OPT_IN, '<', "Input file - default stdin"}, - {"inform", OPT_INFORM, 'F', "CRL input format (DER or PEM); has no effect"}, - {"key", OPT_KEY, '<', "CRL signing Private key to use"}, - {"keyform", OPT_KEYFORM, 'F', "Private key file format (DER/PEM/P12); has no effect"}, - - OPT_SECTION("Output"), - {"out", OPT_OUT, '>', "output file - default stdout"}, - {"outform", OPT_OUTFORM, 'F', "Output format - default PEM"}, - {"dateopt", OPT_DATEOPT, 's', "Datetime format used for printing. (rfc_822/iso_8601). Default is rfc_822."}, - {"text", OPT_TEXT, '-', "Print out a text format version"}, - {"hash", OPT_HASH, '-', "Print hash value"}, -#ifndef OPENSSL_NO_MD5 - {"hash_old", OPT_HASH_OLD, '-', "Print old-style (MD5) hash value"}, -#endif - {"nameopt", OPT_NAMEOPT, 's', "Certificate subject/issuer name printing options"}, - {"", OPT_MD, '-', "Any supported digest"}, - - OPT_SECTION("CRL"), - {"issuer", OPT_ISSUER, '-', "Print issuer DN"}, - {"lastupdate", OPT_LASTUPDATE, '-', "Set lastUpdate field"}, - {"nextupdate", OPT_NEXTUPDATE, '-', "Set nextUpdate field"}, - {"noout", OPT_NOOUT, '-', "No CRL output"}, - {"fingerprint", OPT_FINGERPRINT, '-', "Print the crl fingerprint"}, - {"crlnumber", OPT_CRLNUMBER, '-', "Print CRL number"}, - {"badsig", OPT_BADSIG, '-', "Corrupt last byte of loaded CRL signature (for test)" }, - {"gendelta", OPT_GENDELTA, '<', "Other CRL to compare/diff to the Input one"}, - - OPT_SECTION("Certificate"), - {"CApath", OPT_CAPATH, '/', "Verify CRL using certificates in dir"}, - {"CAfile", OPT_CAFILE, '<', "Verify CRL using certificates in file name"}, - {"CAstore", OPT_CASTORE, ':', "Verify CRL using certificates in store URI"}, - {"no-CAfile", OPT_NOCAFILE, '-', - "Do not load the default certificates file"}, - {"no-CApath", OPT_NOCAPATH, '-', - "Do not load certificates from the default certificates directory"}, - {"no-CAstore", OPT_NOCASTORE, '-', - "Do not load certificates from the default certificates store"}, - OPT_PROV_OPTIONS, - {NULL} -}; - -int crl_main(int argc, char **argv) -{ - X509_CRL *x = NULL; - BIO *out = NULL; - X509_STORE *store = NULL; - X509_STORE_CTX *ctx = NULL; - X509_LOOKUP *lookup = NULL; - X509_OBJECT *xobj = NULL; - EVP_PKEY *pkey; - EVP_MD *digest = (EVP_MD *)EVP_sha1(); - char *infile = NULL, *outfile = NULL, *crldiff = NULL, *keyfile = NULL; - char *digestname = NULL; - const char *CAfile = NULL, *CApath = NULL, *CAstore = NULL, *prog; - OPTION_CHOICE o; - int hash = 0, issuer = 0, lastupdate = 0, nextupdate = 0, noout = 0; - int informat = FORMAT_UNDEF, outformat = FORMAT_PEM, keyformat = FORMAT_UNDEF; - int ret = 1, num = 0, badsig = 0, fingerprint = 0, crlnumber = 0; - int text = 0, do_ver = 0, noCAfile = 0, noCApath = 0, noCAstore = 0; - unsigned long dateopt = ASN1_DTFLGS_RFC822; - int i; -#ifndef OPENSSL_NO_MD5 - int hash_old = 0; -#endif - - prog = opt_init(argc, argv, crl_options); - while ((o = opt_next()) != OPT_EOF) { - switch (o) { - case OPT_EOF: - case OPT_ERR: - opthelp: - BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); - goto end; - case OPT_HELP: - opt_help(crl_options); - ret = 0; - goto end; - case OPT_INFORM: - if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &informat)) - goto opthelp; - break; - case OPT_IN: - infile = opt_arg(); - break; - case OPT_OUTFORM: - if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &outformat)) - goto opthelp; - break; - case OPT_OUT: - outfile = opt_arg(); - break; - case OPT_KEYFORM: - if (!opt_format(opt_arg(), OPT_FMT_ANY, &keyformat)) - goto opthelp; - break; - case OPT_KEY: - keyfile = opt_arg(); - break; - case OPT_GENDELTA: - crldiff = opt_arg(); - break; - case OPT_CAPATH: - CApath = opt_arg(); - do_ver = 1; - break; - case OPT_CAFILE: - CAfile = opt_arg(); - do_ver = 1; - break; - case OPT_CASTORE: - CAstore = opt_arg(); - do_ver = 1; - break; - case OPT_NOCAPATH: - noCApath = 1; - break; - case OPT_NOCAFILE: - noCAfile = 1; - break; - case OPT_NOCASTORE: - noCAstore = 1; - break; - case OPT_HASH_OLD: -#ifndef OPENSSL_NO_MD5 - hash_old = ++num; -#endif - break; - case OPT_VERIFY: - do_ver = 1; - break; - case OPT_DATEOPT: - if (!set_dateopt(&dateopt, opt_arg())) - goto opthelp; - break; - case OPT_TEXT: - text = 1; - break; - case OPT_HASH: - hash = ++num; - break; - case OPT_ISSUER: - issuer = ++num; - break; - case OPT_LASTUPDATE: - lastupdate = ++num; - break; - case OPT_NEXTUPDATE: - nextupdate = ++num; - break; - case OPT_NOOUT: - noout = 1; - break; - case OPT_FINGERPRINT: - fingerprint = ++num; - break; - case OPT_CRLNUMBER: - crlnumber = ++num; - break; - case OPT_BADSIG: - badsig = 1; - break; - case OPT_NAMEOPT: - if (!set_nameopt(opt_arg())) - goto opthelp; - break; - case OPT_MD: - digestname = opt_unknown(); - break; - case OPT_PROV_CASES: - if (!opt_provider(o)) - goto end; - break; - } - } - - /* No remaining args. */ - argc = opt_num_rest(); - if (argc != 0) - goto opthelp; - - if (digestname != NULL) { - if (!opt_md(digestname, &digest)) - goto opthelp; - } - x = load_crl(infile, informat, 1, "CRL"); - if (x == NULL) - goto end; - - if (do_ver) { - if ((store = setup_verify(CAfile, noCAfile, CApath, noCApath, - CAstore, noCAstore)) == NULL) - goto end; - lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file()); - if (lookup == NULL) - goto end; - ctx = X509_STORE_CTX_new(); - if (ctx == NULL || !X509_STORE_CTX_init(ctx, store, NULL, NULL)) { - BIO_printf(bio_err, "Error initialising X509 store\n"); - goto end; - } - - xobj = X509_STORE_CTX_get_obj_by_subject(ctx, X509_LU_X509, - X509_CRL_get_issuer(x)); - if (xobj == NULL) { - BIO_printf(bio_err, "Error getting CRL issuer certificate\n"); - goto end; - } - pkey = X509_get_pubkey(X509_OBJECT_get0_X509(xobj)); - X509_OBJECT_free(xobj); - if (pkey == NULL) { - BIO_printf(bio_err, "Error getting CRL issuer public key\n"); - goto end; - } - i = X509_CRL_verify(x, pkey); - EVP_PKEY_free(pkey); - if (i < 0) - goto end; - if (i == 0) - BIO_printf(bio_err, "verify failure\n"); - else - BIO_printf(bio_err, "verify OK\n"); - } - - if (crldiff != NULL) { - X509_CRL *newcrl, *delta; - if (!keyfile) { - BIO_puts(bio_err, "Missing CRL signing key\n"); - goto end; - } - newcrl = load_crl(crldiff, informat, 0, "other CRL"); - if (!newcrl) - goto end; - pkey = load_key(keyfile, keyformat, 0, NULL, NULL, "CRL signing key"); - if (pkey == NULL) { - X509_CRL_free(newcrl); - goto end; - } - delta = X509_CRL_diff(x, newcrl, pkey, digest, 0); - X509_CRL_free(newcrl); - EVP_PKEY_free(pkey); - if (delta) { - X509_CRL_free(x); - x = delta; - } else { - BIO_puts(bio_err, "Error creating delta CRL\n"); - goto end; - } - } - - if (badsig) { - const ASN1_BIT_STRING *sig; - - X509_CRL_get0_signature(x, &sig, NULL); - corrupt_signature(sig); - } - - if (num) { - for (i = 1; i <= num; i++) { - if (issuer == i) { - print_name(bio_out, "issuer=", X509_CRL_get_issuer(x)); - } - if (crlnumber == i) { - ASN1_INTEGER *crlnum; - - crlnum = X509_CRL_get_ext_d2i(x, NID_crl_number, NULL, NULL); - BIO_printf(bio_out, "crlNumber="); - if (crlnum) { - BIO_puts(bio_out, "0x"); - i2a_ASN1_INTEGER(bio_out, crlnum); - ASN1_INTEGER_free(crlnum); - } else { - BIO_puts(bio_out, ""); - } - BIO_printf(bio_out, "\n"); - } - if (hash == i) { - int ok; - unsigned long hash_value = - X509_NAME_hash_ex(X509_CRL_get_issuer(x), app_get0_libctx(), - app_get0_propq(), &ok); - - if (num > 1) - BIO_printf(bio_out, "issuer name hash="); - if (ok) { - BIO_printf(bio_out, "%08lx\n", hash_value); - } else { - BIO_puts(bio_out, ""); - goto end; - } - } -#ifndef OPENSSL_NO_MD5 - if (hash_old == i) { - if (num > 1) - BIO_printf(bio_out, "issuer name old hash="); - BIO_printf(bio_out, "%08lx\n", - X509_NAME_hash_old(X509_CRL_get_issuer(x))); - } -#endif - if (lastupdate == i) { - BIO_printf(bio_out, "lastUpdate="); - ASN1_TIME_print_ex(bio_out, X509_CRL_get0_lastUpdate(x), dateopt); - BIO_printf(bio_out, "\n"); - } - if (nextupdate == i) { - BIO_printf(bio_out, "nextUpdate="); - if (X509_CRL_get0_nextUpdate(x)) - ASN1_TIME_print_ex(bio_out, X509_CRL_get0_nextUpdate(x), dateopt); - else - BIO_printf(bio_out, "NONE"); - BIO_printf(bio_out, "\n"); - } - if (fingerprint == i) { - int j; - unsigned int n; - unsigned char md[EVP_MAX_MD_SIZE]; - - if (!X509_CRL_digest(x, digest, md, &n)) { - BIO_printf(bio_err, "out of memory\n"); - goto end; - } - BIO_printf(bio_out, "%s Fingerprint=", - EVP_MD_get0_name(digest)); - for (j = 0; j < (int)n; j++) { - BIO_printf(bio_out, "%02X%c", md[j], (j + 1 == (int)n) - ? '\n' : ':'); - } - } - } - } - out = bio_open_default(outfile, 'w', outformat); - if (out == NULL) - goto end; - - if (text) - X509_CRL_print_ex(out, x, get_nameopt()); - - if (noout) { - ret = 0; - goto end; - } - - if (outformat == FORMAT_ASN1) - i = (int)i2d_X509_CRL_bio(out, x); - else - i = PEM_write_bio_X509_CRL(out, x); - if (!i) { - BIO_printf(bio_err, "unable to write CRL\n"); - goto end; - } - ret = 0; - - end: - if (ret != 0) - ERR_print_errors(bio_err); - BIO_free_all(out); - EVP_MD_free(digest); - X509_CRL_free(x); - X509_STORE_CTX_free(ctx); - X509_STORE_free(store); - return ret; -} diff --git a/apps/crl2pkcs7.c b/apps/crl2pkcs7.c deleted file mode 100644 index fe59e654270d07bef481a7083a5c4f54e778794b..0000000000000000000000000000000000000000 --- a/apps/crl2pkcs7.c +++ /dev/null @@ -1,233 +0,0 @@ -/* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include "apps.h" -#include "progs.h" -#include -#include -#include -#include -#include -#include - -static int add_certs_from_file(STACK_OF(X509) *stack, char *certfile); - -typedef enum OPTION_choice { - OPT_COMMON, - OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, OPT_NOCRL, OPT_CERTFILE, - OPT_PROV_ENUM -} OPTION_CHOICE; - -const OPTIONS crl2pkcs7_options[] = { - OPT_SECTION("General"), - {"help", OPT_HELP, '-', "Display this summary"}, - - OPT_SECTION("Input"), - {"in", OPT_IN, '<', "Input file"}, - {"inform", OPT_INFORM, 'F', "Input format - DER or PEM"}, - {"nocrl", OPT_NOCRL, '-', "No crl to load, just certs from '-certfile'"}, - {"certfile", OPT_CERTFILE, '<', - "File of chain of certs to a trusted CA; can be repeated"}, - - OPT_SECTION("Output"), - {"out", OPT_OUT, '>', "Output file"}, - {"outform", OPT_OUTFORM, 'F', "Output format - DER or PEM"}, - - OPT_PROV_OPTIONS, - {NULL} -}; - -int crl2pkcs7_main(int argc, char **argv) -{ - BIO *in = NULL, *out = NULL; - PKCS7 *p7 = NULL; - PKCS7_SIGNED *p7s = NULL; - STACK_OF(OPENSSL_STRING) *certflst = NULL; - STACK_OF(X509) *cert_stack = NULL; - STACK_OF(X509_CRL) *crl_stack = NULL; - X509_CRL *crl = NULL; - char *infile = NULL, *outfile = NULL, *prog, *certfile; - int i = 0, informat = FORMAT_PEM, outformat = FORMAT_PEM, ret = 1, nocrl = - 0; - OPTION_CHOICE o; - - prog = opt_init(argc, argv, crl2pkcs7_options); - while ((o = opt_next()) != OPT_EOF) { - switch (o) { - case OPT_EOF: - case OPT_ERR: - opthelp: - BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); - goto end; - case OPT_HELP: - opt_help(crl2pkcs7_options); - ret = 0; - goto end; - case OPT_INFORM: - if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &informat)) - goto opthelp; - break; - case OPT_OUTFORM: - if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &outformat)) - goto opthelp; - break; - case OPT_IN: - infile = opt_arg(); - break; - case OPT_OUT: - outfile = opt_arg(); - break; - case OPT_NOCRL: - nocrl = 1; - break; - case OPT_CERTFILE: - if ((certflst == NULL) - && (certflst = sk_OPENSSL_STRING_new_null()) == NULL) - goto end; - if (!sk_OPENSSL_STRING_push(certflst, opt_arg())) - goto end; - break; - case OPT_PROV_CASES: - if (!opt_provider(o)) - goto end; - break; - } - } - - /* No remaining args. */ - argc = opt_num_rest(); - if (argc != 0) - goto opthelp; - - if (!nocrl) { - in = bio_open_default(infile, 'r', informat); - if (in == NULL) - goto end; - - if (informat == FORMAT_ASN1) - crl = d2i_X509_CRL_bio(in, NULL); - else if (informat == FORMAT_PEM) - crl = PEM_read_bio_X509_CRL(in, NULL, NULL, NULL); - if (crl == NULL) { - BIO_printf(bio_err, "unable to load CRL\n"); - ERR_print_errors(bio_err); - goto end; - } - } - - if ((p7 = PKCS7_new()) == NULL) - goto end; - if ((p7s = PKCS7_SIGNED_new()) == NULL) - goto end; - p7->type = OBJ_nid2obj(NID_pkcs7_signed); - p7->d.sign = p7s; - p7s->contents->type = OBJ_nid2obj(NID_pkcs7_data); - - if (!ASN1_INTEGER_set(p7s->version, 1)) - goto end; - - if (crl != NULL) { - if ((crl_stack = sk_X509_CRL_new_null()) == NULL) - goto end; - p7s->crl = crl_stack; - sk_X509_CRL_push(crl_stack, crl); - crl = NULL; /* now part of p7 for OPENSSL_freeing */ - } - - if (certflst != NULL) { - if ((cert_stack = sk_X509_new_null()) == NULL) - goto end; - p7s->cert = cert_stack; - - for (i = 0; i < sk_OPENSSL_STRING_num(certflst); i++) { - certfile = sk_OPENSSL_STRING_value(certflst, i); - if (add_certs_from_file(cert_stack, certfile) < 0) { - BIO_printf(bio_err, "error loading certificates\n"); - ERR_print_errors(bio_err); - goto end; - } - } - } - - out = bio_open_default(outfile, 'w', outformat); - if (out == NULL) - goto end; - - if (outformat == FORMAT_ASN1) - i = i2d_PKCS7_bio(out, p7); - else if (outformat == FORMAT_PEM) - i = PEM_write_bio_PKCS7(out, p7); - if (!i) { - BIO_printf(bio_err, "unable to write pkcs7 object\n"); - ERR_print_errors(bio_err); - goto end; - } - ret = 0; - end: - sk_OPENSSL_STRING_free(certflst); - BIO_free(in); - BIO_free_all(out); - PKCS7_free(p7); - X509_CRL_free(crl); - - return ret; -} - -/*- - *---------------------------------------------------------------------- - * int add_certs_from_file - * - * Read a list of certificates to be checked from a file. - * - * Results: - * number of certs added if successful, -1 if not. - *---------------------------------------------------------------------- - */ -static int add_certs_from_file(STACK_OF(X509) *stack, char *certfile) -{ - BIO *in = NULL; - int count = 0; - int ret = -1; - STACK_OF(X509_INFO) *sk = NULL; - X509_INFO *xi; - - in = BIO_new_file(certfile, "r"); - if (in == NULL) { - BIO_printf(bio_err, "error opening the file, %s\n", certfile); - goto end; - } - - /* This loads from a file, a stack of x509/crl/pkey sets */ - sk = PEM_X509_INFO_read_bio(in, NULL, NULL, NULL); - if (sk == NULL) { - BIO_printf(bio_err, "error reading the file, %s\n", certfile); - goto end; - } - - /* scan over it and pull out the CRL's */ - while (sk_X509_INFO_num(sk)) { - xi = sk_X509_INFO_shift(sk); - if (xi->x509 != NULL) { - sk_X509_push(stack, xi->x509); - xi->x509 = NULL; - count++; - } - X509_INFO_free(xi); - } - - ret = count; - end: - /* never need to OPENSSL_free x */ - BIO_free(in); - sk_X509_INFO_free(sk); - return ret; -} diff --git a/apps/dgst.c b/apps/dgst.c deleted file mode 100644 index 5f36cbcb7791db536d55216c2166e57b3cbd766a..0000000000000000000000000000000000000000 --- a/apps/dgst.c +++ /dev/null @@ -1,650 +0,0 @@ -/* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include "apps.h" -#include "progs.h" -#include -#include -#include -#include -#include -#include -#include -#include - -#undef BUFSIZE -#define BUFSIZE 1024*8 - -int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout, int xoflen, - EVP_PKEY *key, unsigned char *sigin, int siglen, - const char *sig_name, const char *md_name, - const char *file); -static void show_digests(const OBJ_NAME *name, void *bio_); - -struct doall_dgst_digests { - BIO *bio; - int n; -}; - -typedef enum OPTION_choice { - OPT_COMMON, - OPT_LIST, - OPT_C, OPT_R, OPT_OUT, OPT_SIGN, OPT_PASSIN, OPT_VERIFY, - OPT_PRVERIFY, OPT_SIGNATURE, OPT_KEYFORM, OPT_ENGINE, OPT_ENGINE_IMPL, - OPT_HEX, OPT_BINARY, OPT_DEBUG, OPT_FIPS_FINGERPRINT, - OPT_HMAC, OPT_MAC, OPT_SIGOPT, OPT_MACOPT, OPT_XOFLEN, - OPT_DIGEST, - OPT_R_ENUM, OPT_PROV_ENUM -} OPTION_CHOICE; - -const OPTIONS dgst_options[] = { - {OPT_HELP_STR, 1, '-', "Usage: %s [options] [file...]\n"}, - - OPT_SECTION("General"), - {"help", OPT_HELP, '-', "Display this summary"}, - {"list", OPT_LIST, '-', "List digests"}, -#ifndef OPENSSL_NO_ENGINE - {"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"}, - {"engine_impl", OPT_ENGINE_IMPL, '-', - "Also use engine given by -engine for digest operations"}, -#endif - {"passin", OPT_PASSIN, 's', "Input file pass phrase source"}, - - OPT_SECTION("Output"), - {"c", OPT_C, '-', "Print the digest with separating colons"}, - {"r", OPT_R, '-', "Print the digest in coreutils format"}, - {"out", OPT_OUT, '>', "Output to filename rather than stdout"}, - {"keyform", OPT_KEYFORM, 'f', "Key file format (ENGINE, other values ignored)"}, - {"hex", OPT_HEX, '-', "Print as hex dump"}, - {"binary", OPT_BINARY, '-', "Print in binary form"}, - {"xoflen", OPT_XOFLEN, 'p', "Output length for XOF algorithms. To obtain the maximum security strength set this to 32 (or greater) for SHAKE128, and 64 (or greater) for SHAKE256"}, - {"d", OPT_DEBUG, '-', "Print debug info"}, - {"debug", OPT_DEBUG, '-', "Print debug info"}, - - OPT_SECTION("Signing"), - {"sign", OPT_SIGN, 's', "Sign digest using private key"}, - {"verify", OPT_VERIFY, 's', "Verify a signature using public key"}, - {"prverify", OPT_PRVERIFY, 's', "Verify a signature using private key"}, - {"sigopt", OPT_SIGOPT, 's', "Signature parameter in n:v form"}, - {"signature", OPT_SIGNATURE, '<', "File with signature to verify"}, - {"hmac", OPT_HMAC, 's', "Create hashed MAC with key"}, - {"mac", OPT_MAC, 's', "Create MAC (not necessarily HMAC)"}, - {"macopt", OPT_MACOPT, 's', "MAC algorithm parameters in n:v form or key"}, - {"", OPT_DIGEST, '-', "Any supported digest"}, - {"fips-fingerprint", OPT_FIPS_FINGERPRINT, '-', - "Compute HMAC with the key used in OpenSSL-FIPS fingerprint"}, - - OPT_R_OPTIONS, - OPT_PROV_OPTIONS, - - OPT_PARAMETERS(), - {"file", 0, 0, "Files to digest (optional; default is stdin)"}, - {NULL} -}; - -int dgst_main(int argc, char **argv) -{ - BIO *in = NULL, *inp, *bmd = NULL, *out = NULL; - ENGINE *e = NULL, *impl = NULL; - EVP_PKEY *sigkey = NULL; - STACK_OF(OPENSSL_STRING) *sigopts = NULL, *macopts = NULL; - char *hmac_key = NULL; - char *mac_name = NULL, *digestname = NULL; - char *passinarg = NULL, *passin = NULL; - EVP_MD *md = NULL; - const char *outfile = NULL, *keyfile = NULL, *prog = NULL; - const char *sigfile = NULL; - const char *md_name = NULL; - OPTION_CHOICE o; - int separator = 0, debug = 0, keyform = FORMAT_UNDEF, siglen = 0; - int i, ret = EXIT_FAILURE, out_bin = -1, want_pub = 0, do_verify = 0; - int xoflen = 0; - unsigned char *buf = NULL, *sigbuf = NULL; - int engine_impl = 0; - struct doall_dgst_digests dec; - - buf = app_malloc(BUFSIZE, "I/O buffer"); - md = (EVP_MD *)EVP_get_digestbyname(argv[0]); - - prog = opt_init(argc, argv, dgst_options); - while ((o = opt_next()) != OPT_EOF) { - switch (o) { - case OPT_EOF: - case OPT_ERR: - opthelp: - BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); - goto end; - case OPT_HELP: - opt_help(dgst_options); - ret = EXIT_SUCCESS; - goto end; - case OPT_LIST: - BIO_printf(bio_out, "Supported digests:\n"); - dec.bio = bio_out; - dec.n = 0; - OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_MD_METH, - show_digests, &dec); - BIO_printf(bio_out, "\n"); - ret = EXIT_SUCCESS; - goto end; - case OPT_C: - separator = 1; - break; - case OPT_R: - separator = 2; - break; - case OPT_R_CASES: - if (!opt_rand(o)) - goto end; - break; - case OPT_OUT: - outfile = opt_arg(); - break; - case OPT_SIGN: - keyfile = opt_arg(); - break; - case OPT_PASSIN: - passinarg = opt_arg(); - break; - case OPT_VERIFY: - keyfile = opt_arg(); - want_pub = do_verify = 1; - break; - case OPT_PRVERIFY: - keyfile = opt_arg(); - do_verify = 1; - break; - case OPT_SIGNATURE: - sigfile = opt_arg(); - break; - case OPT_KEYFORM: - if (!opt_format(opt_arg(), OPT_FMT_ANY, &keyform)) - goto opthelp; - break; - case OPT_ENGINE: - e = setup_engine(opt_arg(), 0); - break; - case OPT_ENGINE_IMPL: - engine_impl = 1; - break; - case OPT_HEX: - out_bin = 0; - break; - case OPT_BINARY: - out_bin = 1; - break; - case OPT_XOFLEN: - xoflen = atoi(opt_arg()); - break; - case OPT_DEBUG: - debug = 1; - break; - case OPT_FIPS_FINGERPRINT: - hmac_key = "etaonrishdlcupfm"; - break; - case OPT_HMAC: - hmac_key = opt_arg(); - break; - case OPT_MAC: - mac_name = opt_arg(); - break; - case OPT_SIGOPT: - if (!sigopts) - sigopts = sk_OPENSSL_STRING_new_null(); - if (!sigopts || !sk_OPENSSL_STRING_push(sigopts, opt_arg())) - goto opthelp; - break; - case OPT_MACOPT: - if (!macopts) - macopts = sk_OPENSSL_STRING_new_null(); - if (!macopts || !sk_OPENSSL_STRING_push(macopts, opt_arg())) - goto opthelp; - break; - case OPT_DIGEST: - digestname = opt_unknown(); - break; - case OPT_PROV_CASES: - if (!opt_provider(o)) - goto end; - break; - } - } - - /* Remaining args are files to digest. */ - argc = opt_num_rest(); - argv = opt_rest(); - if (keyfile != NULL && argc > 1) { - BIO_printf(bio_err, "%s: Can only sign or verify one file.\n", prog); - goto end; - } - if (!app_RAND_load()) - goto end; - - if (digestname != NULL) { - if (!opt_md(digestname, &md)) - goto opthelp; - } - - if (do_verify && sigfile == NULL) { - BIO_printf(bio_err, - "No signature to verify: use the -signature option\n"); - goto end; - } - if (engine_impl) - impl = e; - - in = BIO_new(BIO_s_file()); - bmd = BIO_new(BIO_f_md()); - if (in == NULL || bmd == NULL) - goto end; - - if (debug) { - BIO_set_callback_ex(in, BIO_debug_callback_ex); - /* needed for windows 3.1 */ - BIO_set_callback_arg(in, (char *)bio_err); - } - - if (!app_passwd(passinarg, NULL, &passin, NULL)) { - BIO_printf(bio_err, "Error getting password\n"); - goto end; - } - - if (out_bin == -1) { - if (keyfile != NULL) - out_bin = 1; - else - out_bin = 0; - } - - out = bio_open_default(outfile, 'w', out_bin ? FORMAT_BINARY : FORMAT_TEXT); - if (out == NULL) - goto end; - - if ((!(mac_name == NULL) + !(keyfile == NULL) + !(hmac_key == NULL)) > 1) { - BIO_printf(bio_err, "MAC and signing key cannot both be specified\n"); - goto end; - } - - if (keyfile != NULL) { - int type; - - if (want_pub) - sigkey = load_pubkey(keyfile, keyform, 0, NULL, e, "public key"); - else - sigkey = load_key(keyfile, keyform, 0, passin, e, "private key"); - if (sigkey == NULL) { - /* - * load_[pub]key() has already printed an appropriate message - */ - goto end; - } - type = EVP_PKEY_get_id(sigkey); - if (type == EVP_PKEY_ED25519 || type == EVP_PKEY_ED448) { - /* - * We implement PureEdDSA for these which doesn't have a separate - * digest, and only supports one shot. - */ - BIO_printf(bio_err, "Key type not supported for this operation\n"); - goto end; - } - } - - if (mac_name != NULL) { - EVP_PKEY_CTX *mac_ctx = NULL; - - if (!init_gen_str(&mac_ctx, mac_name, impl, 0, NULL, NULL)) - goto end; - if (macopts != NULL) { - for (i = 0; i < sk_OPENSSL_STRING_num(macopts); i++) { - char *macopt = sk_OPENSSL_STRING_value(macopts, i); - - if (pkey_ctrl_string(mac_ctx, macopt) <= 0) { - EVP_PKEY_CTX_free(mac_ctx); - BIO_printf(bio_err, "MAC parameter error \"%s\"\n", macopt); - goto end; - } - } - } - - sigkey = app_keygen(mac_ctx, mac_name, 0, 0 /* not verbose */); - /* Verbose output would make external-tests gost-engine fail */ - EVP_PKEY_CTX_free(mac_ctx); - } - - if (hmac_key != NULL) { - if (md == NULL) { - md = (EVP_MD *)EVP_sha256(); - digestname = SN_sha256; - } - sigkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, impl, - (unsigned char *)hmac_key, - strlen(hmac_key)); - if (sigkey == NULL) - goto end; - } - - if (sigkey != NULL) { - EVP_MD_CTX *mctx = NULL; - EVP_PKEY_CTX *pctx = NULL; - int res; - - if (BIO_get_md_ctx(bmd, &mctx) <= 0) { - BIO_printf(bio_err, "Error getting context\n"); - goto end; - } - if (do_verify) - if (impl == NULL) - res = EVP_DigestVerifyInit_ex(mctx, &pctx, digestname, - app_get0_libctx(), - app_get0_propq(), sigkey, NULL); - else - res = EVP_DigestVerifyInit(mctx, &pctx, md, impl, sigkey); - else - if (impl == NULL) - res = EVP_DigestSignInit_ex(mctx, &pctx, digestname, - app_get0_libctx(), - app_get0_propq(), sigkey, NULL); - else - res = EVP_DigestSignInit(mctx, &pctx, md, impl, sigkey); - if (res == 0) { - BIO_printf(bio_err, "Error setting context\n"); - goto end; - } - if (sigopts != NULL) { - for (i = 0; i < sk_OPENSSL_STRING_num(sigopts); i++) { - char *sigopt = sk_OPENSSL_STRING_value(sigopts, i); - - if (pkey_ctrl_string(pctx, sigopt) <= 0) { - BIO_printf(bio_err, "Signature parameter error \"%s\"\n", - sigopt); - goto end; - } - } - } - } - /* we use md as a filter, reading from 'in' */ - else { - EVP_MD_CTX *mctx = NULL; - if (BIO_get_md_ctx(bmd, &mctx) <= 0) { - BIO_printf(bio_err, "Error getting context\n"); - goto end; - } - if (md == NULL) - md = (EVP_MD *)EVP_sha256(); - if (!EVP_DigestInit_ex(mctx, md, impl)) { - BIO_printf(bio_err, "Error setting digest\n"); - goto end; - } - } - - if (sigfile != NULL && sigkey != NULL) { - BIO *sigbio = BIO_new_file(sigfile, "rb"); - - if (sigbio == NULL) { - BIO_printf(bio_err, "Error opening signature file %s\n", sigfile); - goto end; - } - siglen = EVP_PKEY_get_size(sigkey); - sigbuf = app_malloc(siglen, "signature buffer"); - siglen = BIO_read(sigbio, sigbuf, siglen); - BIO_free(sigbio); - if (siglen <= 0) { - BIO_printf(bio_err, "Error reading signature file %s\n", sigfile); - goto end; - } - } - inp = BIO_push(bmd, in); - - if (md == NULL) { - EVP_MD_CTX *tctx; - - BIO_get_md_ctx(bmd, &tctx); - md = EVP_MD_CTX_get1_md(tctx); - } - if (md != NULL) - md_name = EVP_MD_get0_name(md); - - if (xoflen > 0) { - if (!(EVP_MD_get_flags(md) & EVP_MD_FLAG_XOF)) { - BIO_printf(bio_err, "Length can only be specified for XOF\n"); - goto end; - } - /* - * Signing using XOF is not supported by any algorithms currently since - * each algorithm only calls EVP_DigestFinal_ex() in their sign_final - * and verify_final methods. - */ - if (sigkey != NULL) { - BIO_printf(bio_err, "Signing key cannot be specified for XOF\n"); - goto end; - } - } - - if (argc == 0) { - BIO_set_fp(in, stdin, BIO_NOCLOSE); - ret = do_fp(out, buf, inp, separator, out_bin, xoflen, sigkey, sigbuf, - siglen, NULL, md_name, "stdin"); - } else { - const char *sig_name = NULL; - - if (out_bin == 0) { - if (sigkey != NULL) - sig_name = EVP_PKEY_get0_type_name(sigkey); - } - ret = EXIT_SUCCESS; - for (i = 0; i < argc; i++) { - if (BIO_read_filename(in, argv[i]) <= 0) { - perror(argv[i]); - ret = EXIT_FAILURE; - continue; - } else { - if (do_fp(out, buf, inp, separator, out_bin, xoflen, - sigkey, sigbuf, siglen, sig_name, md_name, argv[i])) - ret = EXIT_FAILURE; - } - (void)BIO_reset(bmd); - } - } - end: - if (ret != EXIT_SUCCESS) - ERR_print_errors(bio_err); - OPENSSL_clear_free(buf, BUFSIZE); - BIO_free(in); - OPENSSL_free(passin); - BIO_free_all(out); - EVP_MD_free(md); - EVP_PKEY_free(sigkey); - sk_OPENSSL_STRING_free(sigopts); - sk_OPENSSL_STRING_free(macopts); - OPENSSL_free(sigbuf); - BIO_free(bmd); - release_engine(e); - return ret; -} - -static void show_digests(const OBJ_NAME *name, void *arg) -{ - struct doall_dgst_digests *dec = (struct doall_dgst_digests *)arg; - const EVP_MD *md = NULL; - - /* Filter out signed digests (a.k.a signature algorithms) */ - if (strstr(name->name, "rsa") != NULL || strstr(name->name, "RSA") != NULL) - return; - - if (!islower((unsigned char)*name->name)) - return; - - /* Filter out message digests that we cannot use */ - md = EVP_MD_fetch(app_get0_libctx(), name->name, app_get0_propq()); - if (md == NULL) - return; - - BIO_printf(dec->bio, "-%-25s", name->name); - if (++dec->n == 3) { - BIO_printf(dec->bio, "\n"); - dec->n = 0; - } else { - BIO_printf(dec->bio, " "); - } -} - -/* - * The newline_escape_filename function performs newline escaping for any - * filename that contains a newline. This function also takes a pointer - * to backslash. The backslash pointer is a flag to indicating whether a newline - * is present in the filename. If a newline is present, the backslash flag is - * set and the output format will contain a backslash at the beginning of the - * digest output. This output format is to replicate the output format found - * in the '*sum' checksum programs. This aims to preserve backward - * compatibility. - */ -static const char *newline_escape_filename(const char *file, int * backslash) -{ - size_t i, e = 0, length = strlen(file), newline_count = 0, mem_len = 0; - char *file_cpy = NULL; - - for (i = 0; i < length; i++) - if (file[i] == '\n') - newline_count++; - - mem_len = length + newline_count + 1; - file_cpy = app_malloc(mem_len, file); - i = 0; - - while(e < length) { - const char c = file[e]; - if (c == '\n') { - file_cpy[i++] = '\\'; - file_cpy[i++] = 'n'; - *backslash = 1; - } else { - file_cpy[i++] = c; - } - e++; - } - file_cpy[i] = '\0'; - return (const char*)file_cpy; -} - - -int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout, int xoflen, - EVP_PKEY *key, unsigned char *sigin, int siglen, - const char *sig_name, const char *md_name, - const char *file) -{ - size_t len = BUFSIZE; - int i, backslash = 0, ret = EXIT_FAILURE; - unsigned char *allocated_buf = NULL; - - while (BIO_pending(bp) || !BIO_eof(bp)) { - i = BIO_read(bp, (char *)buf, BUFSIZE); - if (i < 0) { - BIO_printf(bio_err, "Read error in %s\n", file); - goto end; - } - if (i == 0) - break; - } - if (sigin != NULL) { - EVP_MD_CTX *ctx; - BIO_get_md_ctx(bp, &ctx); - i = EVP_DigestVerifyFinal(ctx, sigin, (unsigned int)siglen); - if (i > 0) { - BIO_printf(out, "Verified OK\n"); - } else if (i == 0) { - BIO_printf(out, "Verification failure\n"); - goto end; - } else { - BIO_printf(bio_err, "Error verifying data\n"); - goto end; - } - ret = EXIT_SUCCESS; - goto end; - } - if (key != NULL) { - EVP_MD_CTX *ctx; - size_t tmplen; - - BIO_get_md_ctx(bp, &ctx); - if (!EVP_DigestSignFinal(ctx, NULL, &tmplen)) { - BIO_printf(bio_err, "Error getting maximum length of signed data\n"); - goto end; - } - if (tmplen > BUFSIZE) { - len = tmplen; - allocated_buf = app_malloc(len, "Signature buffer"); - buf = allocated_buf; - } - if (!EVP_DigestSignFinal(ctx, buf, &len)) { - BIO_printf(bio_err, "Error signing data\n"); - goto end; - } - } else if (xoflen > 0) { - EVP_MD_CTX *ctx; - - len = xoflen; - if (len > BUFSIZE) { - allocated_buf = app_malloc(len, "Digest buffer"); - buf = allocated_buf; - } - - BIO_get_md_ctx(bp, &ctx); - - if (!EVP_DigestFinalXOF(ctx, buf, len)) { - BIO_printf(bio_err, "Error Digesting Data\n"); - goto end; - } - } else { - len = BIO_gets(bp, (char *)buf, BUFSIZE); - if ((int)len < 0) - goto end; - } - - if (binout) { - BIO_write(out, buf, len); - } else if (sep == 2) { - file = newline_escape_filename(file, &backslash); - - if (backslash == 1) - BIO_puts(out, "\\"); - - for (i = 0; i < (int)len; i++) - BIO_printf(out, "%02x", buf[i]); - - BIO_printf(out, " *%s\n", file); - OPENSSL_free((char *)file); - } else { - if (sig_name != NULL) { - BIO_puts(out, sig_name); - if (md_name != NULL) - BIO_printf(out, "-%s", md_name); - BIO_printf(out, "(%s)= ", file); - } else if (md_name != NULL) { - BIO_printf(out, "%s(%s)= ", md_name, file); - } else { - BIO_printf(out, "(%s)= ", file); - } - for (i = 0; i < (int)len; i++) { - if (sep && (i != 0)) - BIO_printf(out, ":"); - BIO_printf(out, "%02x", buf[i]); - } - BIO_printf(out, "\n"); - } - - ret = EXIT_SUCCESS; - end: - if (allocated_buf != NULL) - OPENSSL_clear_free(allocated_buf, len); - - return ret; -} diff --git a/apps/dhparam.c b/apps/dhparam.c deleted file mode 100644 index 43906cea56497bc115953d258c984e4f6f36a4ec..0000000000000000000000000000000000000000 --- a/apps/dhparam.c +++ /dev/null @@ -1,416 +0,0 @@ -/* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include - -#include -#include -#include -#include -#include "apps.h" -#include "progs.h" -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#define DEFBITS 2048 - -static EVP_PKEY *dsa_to_dh(EVP_PKEY *dh); -static int gendh_cb(EVP_PKEY_CTX *ctx); - -typedef enum OPTION_choice { - OPT_COMMON, - OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, - OPT_ENGINE, OPT_CHECK, OPT_TEXT, OPT_NOOUT, - OPT_DSAPARAM, OPT_2, OPT_3, OPT_5, - OPT_R_ENUM, OPT_PROV_ENUM -} OPTION_CHOICE; - -const OPTIONS dhparam_options[] = { - {OPT_HELP_STR, 1, '-', "Usage: %s [options] [numbits]\n"}, - - OPT_SECTION("General"), - {"help", OPT_HELP, '-', "Display this summary"}, - {"check", OPT_CHECK, '-', "Check the DH parameters"}, -#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_DEPRECATED_3_0) - {"dsaparam", OPT_DSAPARAM, '-', - "Read or generate DSA parameters, convert to DH"}, -#endif -#ifndef OPENSSL_NO_ENGINE - {"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"}, -#endif - - OPT_SECTION("Input"), - {"in", OPT_IN, '<', "Input file"}, - {"inform", OPT_INFORM, 'F', "Input format, DER or PEM"}, - - OPT_SECTION("Output"), - {"out", OPT_OUT, '>', "Output file"}, - {"outform", OPT_OUTFORM, 'F', "Output format, DER or PEM"}, - {"text", OPT_TEXT, '-', "Print a text form of the DH parameters"}, - {"noout", OPT_NOOUT, '-', "Don't output any DH parameters"}, - {"2", OPT_2, '-', "Generate parameters using 2 as the generator value"}, - {"3", OPT_3, '-', "Generate parameters using 3 as the generator value"}, - {"5", OPT_5, '-', "Generate parameters using 5 as the generator value"}, - - OPT_R_OPTIONS, - OPT_PROV_OPTIONS, - - OPT_PARAMETERS(), - {"numbits", 0, 0, "Number of bits if generating parameters (optional)"}, - {NULL} -}; - -int dhparam_main(int argc, char **argv) -{ - BIO *in = NULL, *out = NULL; - EVP_PKEY *pkey = NULL, *tmppkey = NULL; - EVP_PKEY_CTX *ctx = NULL; - char *infile = NULL, *outfile = NULL, *prog; - ENGINE *e = NULL; - int dsaparam = 0; - int text = 0, ret = 1, num = 0, g = 0; - int informat = FORMAT_PEM, outformat = FORMAT_PEM, check = 0, noout = 0; - OPTION_CHOICE o; - - prog = opt_init(argc, argv, dhparam_options); - while ((o = opt_next()) != OPT_EOF) { - switch (o) { - case OPT_EOF: - case OPT_ERR: - opthelp: - BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); - goto end; - case OPT_HELP: - opt_help(dhparam_options); - ret = 0; - goto end; - case OPT_INFORM: - if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &informat)) - goto opthelp; - break; - case OPT_OUTFORM: - if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &outformat)) - goto opthelp; - break; - case OPT_IN: - infile = opt_arg(); - break; - case OPT_OUT: - outfile = opt_arg(); - break; - case OPT_ENGINE: - e = setup_engine(opt_arg(), 0); - break; - case OPT_CHECK: - check = 1; - break; - case OPT_TEXT: - text = 1; - break; - case OPT_DSAPARAM: - dsaparam = 1; - break; - case OPT_2: - g = 2; - break; - case OPT_3: - g = 3; - break; - case OPT_5: - g = 5; - break; - case OPT_NOOUT: - noout = 1; - break; - case OPT_R_CASES: - if (!opt_rand(o)) - goto end; - break; - case OPT_PROV_CASES: - if (!opt_provider(o)) - goto end; - break; - } - } - - /* One optional argument, bitsize to generate. */ - argc = opt_num_rest(); - argv = opt_rest(); - if (argc == 1) { - if (!opt_int(argv[0], &num) || num <= 0) - goto opthelp; - } else if (argc != 0) { - goto opthelp; - } - if (!app_RAND_load()) - goto end; - - if (g && !num) - num = DEFBITS; - - if (dsaparam && g) { - BIO_printf(bio_err, - "Error, generator may not be chosen for DSA parameters\n"); - goto end; - } - - out = bio_open_default(outfile, 'w', outformat); - if (out == NULL) - goto end; - - /* DH parameters */ - if (num && !g) - g = 2; - - if (num) { - const char *alg = dsaparam ? "DSA" : "DH"; - - if (infile != NULL) { - BIO_printf(bio_err, "Warning, input file %s ignored\n", infile); - } - - ctx = EVP_PKEY_CTX_new_from_name(app_get0_libctx(), alg, app_get0_propq()); - if (ctx == NULL) { - BIO_printf(bio_err, - "Error, %s param generation context allocation failed\n", - alg); - goto end; - } - EVP_PKEY_CTX_set_cb(ctx, gendh_cb); - EVP_PKEY_CTX_set_app_data(ctx, bio_err); - BIO_printf(bio_err, - "Generating %s parameters, %d bit long %sprime\n", - alg, num, dsaparam ? "" : "safe "); - - if (EVP_PKEY_paramgen_init(ctx) <= 0) { - BIO_printf(bio_err, - "Error, unable to initialise %s parameters\n", - alg); - goto end; - } - - if (dsaparam) { - if (EVP_PKEY_CTX_set_dsa_paramgen_bits(ctx, num) <= 0) { - BIO_printf(bio_err, "Error, unable to set DSA prime length\n"); - goto end; - } - } else { - if (EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, num) <= 0) { - BIO_printf(bio_err, "Error, unable to set DH prime length\n"); - goto end; - } - if (EVP_PKEY_CTX_set_dh_paramgen_generator(ctx, g) <= 0) { - BIO_printf(bio_err, "Error, unable to set generator\n"); - goto end; - } - } - - tmppkey = app_paramgen(ctx, alg); - EVP_PKEY_CTX_free(ctx); - ctx = NULL; - if (dsaparam) { - pkey = dsa_to_dh(tmppkey); - if (pkey == NULL) - goto end; - EVP_PKEY_free(tmppkey); - } else { - pkey = tmppkey; - } - tmppkey = NULL; - } else { - OSSL_DECODER_CTX *decoderctx = NULL; - const char *keytype = "DH"; - int done; - - in = bio_open_default(infile, 'r', informat); - if (in == NULL) - goto end; - - do { - /* - * We assume we're done unless we explicitly want to retry and set - * this to 0 below. - */ - done = 1; - /* - * We set NULL for the keytype to allow any key type. We don't know - * if we're going to get DH or DHX (or DSA in the event of dsaparam). - * We check that we got one of those key types afterwards. - */ - decoderctx - = OSSL_DECODER_CTX_new_for_pkey(&tmppkey, - (informat == FORMAT_ASN1) - ? "DER" : "PEM", - NULL, - (informat == FORMAT_ASN1) - ? keytype : NULL, - OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS, - NULL, NULL); - - if (decoderctx != NULL - && !OSSL_DECODER_from_bio(decoderctx, in) - && informat == FORMAT_ASN1 - && strcmp(keytype, "DH") == 0) { - /* - * When reading DER we explicitly state the expected keytype - * because, unlike PEM, there is no header to declare what - * the contents of the DER file are. The decoders just try - * and guess. Unfortunately with DHX key types they may guess - * wrong and think we have a DSA keytype. Therefore we try - * both DH and DHX sequentially. - */ - keytype = "DHX"; - /* - * BIO_reset() returns 0 for success for file BIOs only!!! - * This won't work for stdin (and never has done) - */ - if (BIO_reset(in) == 0) - done = 0; - } - OSSL_DECODER_CTX_free(decoderctx); - } while (!done); - if (tmppkey == NULL) { - BIO_printf(bio_err, "Error, unable to load parameters\n"); - goto end; - } - - if (dsaparam) { - if (!EVP_PKEY_is_a(tmppkey, "DSA")) { - BIO_printf(bio_err, "Error, unable to load DSA parameters\n"); - goto end; - } - pkey = dsa_to_dh(tmppkey); - if (pkey == NULL) - goto end; - } else { - if (!EVP_PKEY_is_a(tmppkey, "DH") - && !EVP_PKEY_is_a(tmppkey, "DHX")) { - BIO_printf(bio_err, "Error, unable to load DH parameters\n"); - goto end; - } - pkey = tmppkey; - tmppkey = NULL; - } - } - - if (text) - EVP_PKEY_print_params(out, pkey, 4, NULL); - - if (check) { - ctx = EVP_PKEY_CTX_new_from_pkey(app_get0_libctx(), pkey, app_get0_propq()); - if (ctx == NULL) { - BIO_printf(bio_err, "Error, failed to check DH parameters\n"); - goto end; - } - if (EVP_PKEY_param_check(ctx) <= 0) { - BIO_printf(bio_err, "Error, invalid parameters generated\n"); - goto end; - } - BIO_printf(bio_err, "DH parameters appear to be ok.\n"); - } - - if (!noout) { - OSSL_ENCODER_CTX *ectx = - OSSL_ENCODER_CTX_new_for_pkey(pkey, - OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS, - outformat == FORMAT_ASN1 - ? "DER" : "PEM", - NULL, NULL); - - if (ectx == NULL || !OSSL_ENCODER_to_bio(ectx, out)) { - OSSL_ENCODER_CTX_free(ectx); - BIO_printf(bio_err, "Error, unable to write DH parameters\n"); - goto end; - } - OSSL_ENCODER_CTX_free(ectx); - } - ret = 0; - end: - if (ret != 0) - ERR_print_errors(bio_err); - BIO_free(in); - BIO_free_all(out); - EVP_PKEY_free(pkey); - EVP_PKEY_free(tmppkey); - EVP_PKEY_CTX_free(ctx); - release_engine(e); - return ret; -} - -/* - * Historically we had the low level call DSA_dup_DH() to do this. - * That is now deprecated with no replacement. Since we still need to do this - * for backwards compatibility reasons, we do it "manually". - */ -static EVP_PKEY *dsa_to_dh(EVP_PKEY *dh) -{ - OSSL_PARAM_BLD *tmpl = NULL; - OSSL_PARAM *params = NULL; - BIGNUM *bn_p = NULL, *bn_q = NULL, *bn_g = NULL; - EVP_PKEY_CTX *ctx = NULL; - EVP_PKEY *pkey = NULL; - - if (!EVP_PKEY_get_bn_param(dh, OSSL_PKEY_PARAM_FFC_P, &bn_p) - || !EVP_PKEY_get_bn_param(dh, OSSL_PKEY_PARAM_FFC_Q, &bn_q) - || !EVP_PKEY_get_bn_param(dh, OSSL_PKEY_PARAM_FFC_G, &bn_g)) { - BIO_printf(bio_err, "Error, failed to set DH parameters\n"); - goto err; - } - - if ((tmpl = OSSL_PARAM_BLD_new()) == NULL - || !OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_FFC_P, - bn_p) - || !OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_FFC_Q, - bn_q) - || !OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_FFC_G, - bn_g) - || (params = OSSL_PARAM_BLD_to_param(tmpl)) == NULL) { - BIO_printf(bio_err, "Error, failed to set DH parameters\n"); - goto err; - } - - ctx = EVP_PKEY_CTX_new_from_name(app_get0_libctx(), "DHX", app_get0_propq()); - if (ctx == NULL - || EVP_PKEY_fromdata_init(ctx) <= 0 - || EVP_PKEY_fromdata(ctx, &pkey, EVP_PKEY_KEY_PARAMETERS, params) <= 0) { - BIO_printf(bio_err, "Error, failed to set DH parameters\n"); - goto err; - } - - err: - EVP_PKEY_CTX_free(ctx); - OSSL_PARAM_free(params); - OSSL_PARAM_BLD_free(tmpl); - BN_free(bn_p); - BN_free(bn_q); - BN_free(bn_g); - return pkey; -} - -static int gendh_cb(EVP_PKEY_CTX *ctx) -{ - int p = EVP_PKEY_CTX_get_keygen_info(ctx, 0); - BIO *b = EVP_PKEY_CTX_get_app_data(ctx); - static const char symbols[] = ".+*\n"; - char c = (p >= 0 && (size_t)p < sizeof(symbols) - 1) ? symbols[p] : '?'; - - BIO_write(b, &c, 1); - (void)BIO_flush(b); - return 1; -} diff --git a/apps/dsa.c b/apps/dsa.c deleted file mode 100644 index 51c02843539fadf6e4d9f3e514b672dc0cf3c005..0000000000000000000000000000000000000000 --- a/apps/dsa.c +++ /dev/null @@ -1,311 +0,0 @@ -/* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include - -#include -#include -#include -#include -#include "apps.h" -#include "progs.h" -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#ifndef OPENSSL_NO_RC4 -# define DEFAULT_PVK_ENCR_STRENGTH 2 -#else -# define DEFAULT_PVK_ENCR_STRENGTH 0 -#endif - -typedef enum OPTION_choice { - OPT_COMMON, - OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, OPT_ENGINE, - /* Do not change the order here; see case statements below */ - OPT_PVK_NONE, OPT_PVK_WEAK, OPT_PVK_STRONG, - OPT_NOOUT, OPT_TEXT, OPT_MODULUS, OPT_PUBIN, - OPT_PUBOUT, OPT_CIPHER, OPT_PASSIN, OPT_PASSOUT, - OPT_PROV_ENUM -} OPTION_CHOICE; - -const OPTIONS dsa_options[] = { - OPT_SECTION("General"), - {"help", OPT_HELP, '-', "Display this summary"}, - {"", OPT_CIPHER, '-', "Any supported cipher"}, -#ifndef OPENSSL_NO_RC4 - {"pvk-strong", OPT_PVK_STRONG, '-', "Enable 'Strong' PVK encoding level (default)"}, - {"pvk-weak", OPT_PVK_WEAK, '-', "Enable 'Weak' PVK encoding level"}, - {"pvk-none", OPT_PVK_NONE, '-', "Don't enforce PVK encoding"}, -#endif -#ifndef OPENSSL_NO_ENGINE - {"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"}, -#endif - - OPT_SECTION("Input"), - {"in", OPT_IN, 's', "Input key"}, - {"inform", OPT_INFORM, 'f', "Input format (DER/PEM/PVK); has no effect"}, - {"pubin", OPT_PUBIN, '-', "Expect a public key in input file"}, - {"passin", OPT_PASSIN, 's', "Input file pass phrase source"}, - - OPT_SECTION("Output"), - {"out", OPT_OUT, '>', "Output file"}, - {"outform", OPT_OUTFORM, 'f', "Output format, DER PEM PVK"}, - {"noout", OPT_NOOUT, '-', "Don't print key out"}, - {"text", OPT_TEXT, '-', "Print the key in text"}, - {"modulus", OPT_MODULUS, '-', "Print the DSA public value"}, - {"pubout", OPT_PUBOUT, '-', "Output public key, not private"}, - {"passout", OPT_PASSOUT, 's', "Output file pass phrase source"}, - - OPT_PROV_OPTIONS, - {NULL} -}; - -int dsa_main(int argc, char **argv) -{ - BIO *out = NULL; - ENGINE *e = NULL; - EVP_PKEY *pkey = NULL; - EVP_CIPHER *enc = NULL; - char *infile = NULL, *outfile = NULL, *prog; - char *passin = NULL, *passout = NULL, *passinarg = NULL, *passoutarg = NULL; - OPTION_CHOICE o; - int informat = FORMAT_UNDEF, outformat = FORMAT_PEM, text = 0, noout = 0; - int modulus = 0, pubin = 0, pubout = 0, ret = 1; - int pvk_encr = DEFAULT_PVK_ENCR_STRENGTH; - int private = 0; - const char *output_type = NULL, *ciphername = NULL; - const char *output_structure = NULL; - int selection = 0; - OSSL_ENCODER_CTX *ectx = NULL; - - prog = opt_init(argc, argv, dsa_options); - while ((o = opt_next()) != OPT_EOF) { - switch (o) { - case OPT_EOF: - case OPT_ERR: - opthelp: - ret = 0; - BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); - goto end; - case OPT_HELP: - opt_help(dsa_options); - ret = 0; - goto end; - case OPT_INFORM: - if (!opt_format(opt_arg(), OPT_FMT_ANY, &informat)) - goto opthelp; - break; - case OPT_IN: - infile = opt_arg(); - break; - case OPT_OUTFORM: - if (!opt_format(opt_arg(), OPT_FMT_ANY, &outformat)) - goto opthelp; - break; - case OPT_OUT: - outfile = opt_arg(); - break; - case OPT_ENGINE: - e = setup_engine(opt_arg(), 0); - break; - case OPT_PASSIN: - passinarg = opt_arg(); - break; - case OPT_PASSOUT: - passoutarg = opt_arg(); - break; - case OPT_PVK_STRONG: /* pvk_encr:= 2 */ - case OPT_PVK_WEAK: /* pvk_encr:= 1 */ - case OPT_PVK_NONE: /* pvk_encr:= 0 */ -#ifndef OPENSSL_NO_RC4 - pvk_encr = (o - OPT_PVK_NONE); -#endif - break; - case OPT_NOOUT: - noout = 1; - break; - case OPT_TEXT: - text = 1; - break; - case OPT_MODULUS: - modulus = 1; - break; - case OPT_PUBIN: - pubin = 1; - break; - case OPT_PUBOUT: - pubout = 1; - break; - case OPT_CIPHER: - ciphername = opt_unknown(); - break; - case OPT_PROV_CASES: - if (!opt_provider(o)) - goto end; - break; - } - } - - /* No extra args. */ - argc = opt_num_rest(); - if (argc != 0) - goto opthelp; - - if (ciphername != NULL) { - if (!opt_cipher(ciphername, &enc)) - goto end; - } - private = pubin || pubout ? 0 : 1; - if (text && !pubin) - private = 1; - - if (!app_passwd(passinarg, passoutarg, &passin, &passout)) { - BIO_printf(bio_err, "Error getting passwords\n"); - goto end; - } - - BIO_printf(bio_err, "read DSA key\n"); - if (pubin) - pkey = load_pubkey(infile, informat, 1, passin, e, "public key"); - else - pkey = load_key(infile, informat, 1, passin, e, "private key"); - - if (pkey == NULL) { - BIO_printf(bio_err, "unable to load Key\n"); - ERR_print_errors(bio_err); - goto end; - } - if (!EVP_PKEY_is_a(pkey, "DSA")) { - BIO_printf(bio_err, "Not a DSA key\n"); - goto end; - } - - out = bio_open_owner(outfile, outformat, private); - if (out == NULL) - goto end; - - if (text) { - assert(pubin || private); - if ((pubin && EVP_PKEY_print_public(out, pkey, 0, NULL) <= 0) - || (!pubin && EVP_PKEY_print_private(out, pkey, 0, NULL) <= 0)) { - perror(outfile); - ERR_print_errors(bio_err); - goto end; - } - } - - if (modulus) { - BIGNUM *pub_key = NULL; - - if (!EVP_PKEY_get_bn_param(pkey, "pub", &pub_key)) { - ERR_print_errors(bio_err); - goto end; - } - BIO_printf(out, "Public Key="); - BN_print(out, pub_key); - BIO_printf(out, "\n"); - BN_free(pub_key); - } - - if (noout) { - ret = 0; - goto end; - } - BIO_printf(bio_err, "writing DSA key\n"); - if (outformat == FORMAT_ASN1) { - output_type = "DER"; - } else if (outformat == FORMAT_PEM) { - output_type = "PEM"; - } else if (outformat == FORMAT_MSBLOB) { - output_type = "MSBLOB"; - } else if (outformat == FORMAT_PVK) { - if (pubin) { - BIO_printf(bio_err, "PVK form impossible with public key input\n"); - goto end; - } - output_type = "PVK"; - } else { - BIO_printf(bio_err, "bad output format specified for outfile\n"); - goto end; - } - - if (outformat == FORMAT_ASN1 || outformat == FORMAT_PEM) { - if (pubout || pubin) - output_structure = "SubjectPublicKeyInfo"; - else - output_structure = "type-specific"; - } - - /* Select what you want in the output */ - if (pubout || pubin) { - selection = OSSL_KEYMGMT_SELECT_PUBLIC_KEY; - } else { - assert(private); - selection = (OSSL_KEYMGMT_SELECT_KEYPAIR - | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS); - } - - /* Perform the encoding */ - ectx = OSSL_ENCODER_CTX_new_for_pkey(pkey, selection, output_type, - output_structure, NULL); - if (OSSL_ENCODER_CTX_get_num_encoders(ectx) == 0) { - BIO_printf(bio_err, "%s format not supported\n", output_type); - goto end; - } - - /* Passphrase setup */ - if (enc != NULL) - OSSL_ENCODER_CTX_set_cipher(ectx, EVP_CIPHER_get0_name(enc), NULL); - - /* Default passphrase prompter */ - if (enc != NULL || outformat == FORMAT_PVK) { - OSSL_ENCODER_CTX_set_passphrase_ui(ectx, get_ui_method(), NULL); - if (passout != NULL) - /* When passout given, override the passphrase prompter */ - OSSL_ENCODER_CTX_set_passphrase(ectx, - (const unsigned char *)passout, - strlen(passout)); - } - - /* PVK requires a bit more */ - if (outformat == FORMAT_PVK) { - OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; - - params[0] = OSSL_PARAM_construct_int("encrypt-level", &pvk_encr); - if (!OSSL_ENCODER_CTX_set_params(ectx, params)) { - BIO_printf(bio_err, "invalid PVK encryption level\n"); - goto end; - } - } - - if (!OSSL_ENCODER_to_bio(ectx, out)) { - BIO_printf(bio_err, "unable to write key\n"); - goto end; - } - ret = 0; - end: - if (ret != 0) - ERR_print_errors(bio_err); - OSSL_ENCODER_CTX_free(ectx); - BIO_free_all(out); - EVP_PKEY_free(pkey); - EVP_CIPHER_free(enc); - release_engine(e); - OPENSSL_free(passin); - OPENSSL_free(passout); - return ret; -} diff --git a/apps/dsaparam.c b/apps/dsaparam.c deleted file mode 100644 index b5555282be6e18ad2275488c7226f82b9f2dff58..0000000000000000000000000000000000000000 --- a/apps/dsaparam.c +++ /dev/null @@ -1,256 +0,0 @@ -/* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include - -#include -#include -#include "apps.h" -#include -#include -#include "apps.h" -#include "progs.h" -#include -#include -#include -#include -#include -#include - -static int verbose = 0; - -static int gendsa_cb(EVP_PKEY_CTX *ctx); - -typedef enum OPTION_choice { - OPT_COMMON, - OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, OPT_TEXT, - OPT_NOOUT, OPT_GENKEY, OPT_ENGINE, OPT_VERBOSE, - OPT_R_ENUM, OPT_PROV_ENUM -} OPTION_CHOICE; - -const OPTIONS dsaparam_options[] = { - {OPT_HELP_STR, 1, '-', "Usage: %s [options] [numbits]\n"}, - - OPT_SECTION("General"), - {"help", OPT_HELP, '-', "Display this summary"}, -#ifndef OPENSSL_NO_ENGINE - {"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"}, -#endif - - OPT_SECTION("Input"), - {"in", OPT_IN, '<', "Input file"}, - {"inform", OPT_INFORM, 'F', "Input format - DER or PEM"}, - - OPT_SECTION("Output"), - {"out", OPT_OUT, '>', "Output file"}, - {"outform", OPT_OUTFORM, 'F', "Output format - DER or PEM"}, - {"text", OPT_TEXT, '-', "Print as text"}, - {"noout", OPT_NOOUT, '-', "No output"}, - {"verbose", OPT_VERBOSE, '-', "Verbose output"}, - {"genkey", OPT_GENKEY, '-', "Generate a DSA key"}, - - OPT_R_OPTIONS, - OPT_PROV_OPTIONS, - - OPT_PARAMETERS(), - {"numbits", 0, 0, "Number of bits if generating parameters (optional)"}, - {NULL} -}; - -int dsaparam_main(int argc, char **argv) -{ - ENGINE *e = NULL; - BIO *out = NULL; - EVP_PKEY *params = NULL, *pkey = NULL; - EVP_PKEY_CTX *ctx = NULL; - int numbits = -1, num = 0, genkey = 0; - int informat = FORMAT_UNDEF, outformat = FORMAT_PEM, noout = 0; - int ret = 1, i, text = 0, private = 0; - char *infile = NULL, *outfile = NULL, *prog; - OPTION_CHOICE o; - - prog = opt_init(argc, argv, dsaparam_options); - while ((o = opt_next()) != OPT_EOF) { - switch (o) { - case OPT_EOF: - case OPT_ERR: - opthelp: - BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); - goto end; - case OPT_HELP: - opt_help(dsaparam_options); - ret = 0; - goto end; - case OPT_INFORM: - if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &informat)) - goto opthelp; - break; - case OPT_IN: - infile = opt_arg(); - break; - case OPT_OUTFORM: - if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &outformat)) - goto opthelp; - break; - case OPT_OUT: - outfile = opt_arg(); - break; - case OPT_ENGINE: - e = setup_engine(opt_arg(), 0); - break; - case OPT_TEXT: - text = 1; - break; - case OPT_GENKEY: - genkey = 1; - break; - case OPT_R_CASES: - if (!opt_rand(o)) - goto end; - break; - case OPT_PROV_CASES: - if (!opt_provider(o)) - goto end; - break; - case OPT_NOOUT: - noout = 1; - break; - case OPT_VERBOSE: - verbose = 1; - break; - } - } - - /* Optional arg is bitsize. */ - argc = opt_num_rest(); - argv = opt_rest(); - if (argc == 1) { - if (!opt_int(argv[0], &num) || num < 0) - goto opthelp; - } else if (argc != 0) { - goto opthelp; - } - if (!app_RAND_load()) - goto end; - - /* generate a key */ - numbits = num; - private = genkey ? 1 : 0; - - out = bio_open_owner(outfile, outformat, private); - if (out == NULL) - goto end; - - ctx = EVP_PKEY_CTX_new_from_name(app_get0_libctx(), "DSA", app_get0_propq()); - if (ctx == NULL) { - BIO_printf(bio_err, - "Error, DSA parameter generation context allocation failed\n"); - goto end; - } - if (numbits > 0) { - if (numbits > OPENSSL_DSA_MAX_MODULUS_BITS) - BIO_printf(bio_err, - "Warning: It is not recommended to use more than %d bit for DSA keys.\n" - " Your key size is %d! Larger key size may behave not as expected.\n", - OPENSSL_DSA_MAX_MODULUS_BITS, numbits); - - EVP_PKEY_CTX_set_cb(ctx, gendsa_cb); - EVP_PKEY_CTX_set_app_data(ctx, bio_err); - if (verbose) { - BIO_printf(bio_err, "Generating DSA parameters, %d bit long prime\n", - num); - BIO_printf(bio_err, "This could take some time\n"); - } - if (EVP_PKEY_paramgen_init(ctx) <= 0) { - BIO_printf(bio_err, - "Error, DSA key generation paramgen init failed\n"); - goto end; - } - if (EVP_PKEY_CTX_set_dsa_paramgen_bits(ctx, num) <= 0) { - BIO_printf(bio_err, - "Error, DSA key generation setting bit length failed\n"); - goto end; - } - params = app_paramgen(ctx, "DSA"); - } else { - params = load_keyparams(infile, informat, 1, "DSA", "DSA parameters"); - } - if (params == NULL) { - /* Error message should already have been displayed */ - goto end; - } - - if (text) { - EVP_PKEY_print_params(out, params, 0, NULL); - } - - if (outformat == FORMAT_ASN1 && genkey) - noout = 1; - - if (!noout) { - if (outformat == FORMAT_ASN1) - i = i2d_KeyParams_bio(out, params); - else - i = PEM_write_bio_Parameters(out, params); - if (!i) { - BIO_printf(bio_err, "Error, unable to write DSA parameters\n"); - goto end; - } - } - if (genkey) { - EVP_PKEY_CTX_free(ctx); - ctx = EVP_PKEY_CTX_new_from_pkey(app_get0_libctx(), params, - app_get0_propq()); - if (ctx == NULL) { - BIO_printf(bio_err, - "Error, DSA key generation context allocation failed\n"); - goto end; - } - if (EVP_PKEY_keygen_init(ctx) <= 0) { - BIO_printf(bio_err, - "Error, unable to initialise for key generation\n"); - goto end; - } - pkey = app_keygen(ctx, "DSA", numbits, verbose); - assert(private); - if (outformat == FORMAT_ASN1) - i = i2d_PrivateKey_bio(out, pkey); - else - i = PEM_write_bio_PrivateKey(out, pkey, NULL, NULL, 0, NULL, NULL); - } - ret = 0; - end: - if (ret != 0) - ERR_print_errors(bio_err); - BIO_free_all(out); - EVP_PKEY_CTX_free(ctx); - EVP_PKEY_free(pkey); - EVP_PKEY_free(params); - release_engine(e); - return ret; -} - -static int gendsa_cb(EVP_PKEY_CTX *ctx) -{ - static const char symbols[] = ".+*\n"; - int p; - char c; - BIO *b; - - if (!verbose) - return 1; - - b = EVP_PKEY_CTX_get_app_data(ctx); - p = EVP_PKEY_CTX_get_keygen_info(ctx, 0); - c = (p >= 0 && (size_t)p < sizeof(symbols) - 1) ? symbols[p] : '?'; - - BIO_write(b, &c, 1); - (void)BIO_flush(b); - return 1; -} diff --git a/apps/ec.c b/apps/ec.c deleted file mode 100644 index e2dd6f2b48f3d416e58f3921bfa22d0d6fd5ca3c..0000000000000000000000000000000000000000 --- a/apps/ec.c +++ /dev/null @@ -1,294 +0,0 @@ -/* - * Copyright 2002-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include "apps.h" -#include "progs.h" -#include "ec_common.h" - -typedef enum OPTION_choice { - OPT_COMMON, - OPT_INFORM, OPT_OUTFORM, OPT_ENGINE, OPT_IN, OPT_OUT, - OPT_NOOUT, OPT_TEXT, OPT_PARAM_OUT, OPT_PUBIN, OPT_PUBOUT, - OPT_PASSIN, OPT_PASSOUT, OPT_PARAM_ENC, OPT_CONV_FORM, OPT_CIPHER, - OPT_NO_PUBLIC, OPT_CHECK, OPT_PROV_ENUM -} OPTION_CHOICE; - -const OPTIONS ec_options[] = { - OPT_SECTION("General"), - {"help", OPT_HELP, '-', "Display this summary"}, -#ifndef OPENSSL_NO_ENGINE - {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, -#endif - - OPT_SECTION("Input"), - {"in", OPT_IN, 's', "Input file"}, - {"inform", OPT_INFORM, 'f', "Input format (DER/PEM/P12/ENGINE)"}, - {"pubin", OPT_PUBIN, '-', "Expect a public key in input file"}, - {"passin", OPT_PASSIN, 's', "Input file pass phrase source"}, - {"check", OPT_CHECK, '-', "check key consistency"}, - {"", OPT_CIPHER, '-', "Any supported cipher"}, - {"param_enc", OPT_PARAM_ENC, 's', - "Specifies the way the ec parameters are encoded"}, - {"conv_form", OPT_CONV_FORM, 's', "Specifies the point conversion form "}, - - OPT_SECTION("Output"), - {"out", OPT_OUT, '>', "Output file"}, - {"outform", OPT_OUTFORM, 'F', "Output format - DER or PEM"}, - {"noout", OPT_NOOUT, '-', "Don't print key out"}, - {"text", OPT_TEXT, '-', "Print the key"}, - {"param_out", OPT_PARAM_OUT, '-', "Print the elliptic curve parameters"}, - {"pubout", OPT_PUBOUT, '-', "Output public key, not private"}, - {"no_public", OPT_NO_PUBLIC, '-', "exclude public key from private key"}, - {"passout", OPT_PASSOUT, 's', "Output file pass phrase source"}, - - OPT_PROV_OPTIONS, - {NULL} -}; - -int ec_main(int argc, char **argv) -{ - OSSL_ENCODER_CTX *ectx = NULL; - OSSL_DECODER_CTX *dctx = NULL; - EVP_PKEY_CTX *pctx = NULL; - EVP_PKEY *eckey = NULL; - BIO *out = NULL; - ENGINE *e = NULL; - EVP_CIPHER *enc = NULL; - char *infile = NULL, *outfile = NULL, *ciphername = NULL, *prog; - char *passin = NULL, *passout = NULL, *passinarg = NULL, *passoutarg = NULL; - OPTION_CHOICE o; - int informat = FORMAT_UNDEF, outformat = FORMAT_PEM, text = 0, noout = 0; - int pubin = 0, pubout = 0, param_out = 0, ret = 1, private = 0; - int check = 0; - char *asn1_encoding = NULL; - char *point_format = NULL; - int no_public = 0; - - prog = opt_init(argc, argv, ec_options); - while ((o = opt_next()) != OPT_EOF) { - switch (o) { - case OPT_EOF: - case OPT_ERR: - opthelp: - BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); - goto end; - case OPT_HELP: - opt_help(ec_options); - ret = 0; - goto end; - case OPT_INFORM: - if (!opt_format(opt_arg(), OPT_FMT_ANY, &informat)) - goto opthelp; - break; - case OPT_IN: - infile = opt_arg(); - break; - case OPT_OUTFORM: - if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &outformat)) - goto opthelp; - break; - case OPT_OUT: - outfile = opt_arg(); - break; - case OPT_NOOUT: - noout = 1; - break; - case OPT_TEXT: - text = 1; - break; - case OPT_PARAM_OUT: - param_out = 1; - break; - case OPT_PUBIN: - pubin = 1; - break; - case OPT_PUBOUT: - pubout = 1; - break; - case OPT_PASSIN: - passinarg = opt_arg(); - break; - case OPT_PASSOUT: - passoutarg = opt_arg(); - break; - case OPT_ENGINE: - e = setup_engine(opt_arg(), 0); - break; - case OPT_CIPHER: - ciphername = opt_unknown(); - break; - case OPT_CONV_FORM: - point_format = opt_arg(); - if (!opt_string(point_format, point_format_options)) - goto opthelp; - break; - case OPT_PARAM_ENC: - asn1_encoding = opt_arg(); - if (!opt_string(asn1_encoding, asn1_encoding_options)) - goto opthelp; - break; - case OPT_NO_PUBLIC: - no_public = 1; - break; - case OPT_CHECK: - check = 1; - break; - case OPT_PROV_CASES: - if (!opt_provider(o)) - goto end; - break; - } - } - - /* No extra arguments. */ - argc = opt_num_rest(); - if (argc != 0) - goto opthelp; - - if (ciphername != NULL) { - if (!opt_cipher(ciphername, &enc)) - goto opthelp; - } - private = param_out || pubin || pubout ? 0 : 1; - if (text && !pubin) - private = 1; - - if (!app_passwd(passinarg, passoutarg, &passin, &passout)) { - BIO_printf(bio_err, "Error getting passwords\n"); - goto end; - } - - BIO_printf(bio_err, "read EC key\n"); - - if (pubin) - eckey = load_pubkey(infile, informat, 1, passin, e, "public key"); - else - eckey = load_key(infile, informat, 1, passin, e, "private key"); - - if (eckey == NULL) { - BIO_printf(bio_err, "unable to load Key\n"); - goto end; - } - - out = bio_open_owner(outfile, outformat, private); - if (out == NULL) - goto end; - - if (point_format - && !EVP_PKEY_set_utf8_string_param( - eckey, OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT, - point_format)) { - BIO_printf(bio_err, "unable to set point conversion format\n"); - goto end; - } - - if (asn1_encoding != NULL - && !EVP_PKEY_set_utf8_string_param( - eckey, OSSL_PKEY_PARAM_EC_ENCODING, asn1_encoding)) { - BIO_printf(bio_err, "unable to set asn1 encoding format\n"); - goto end; - } - - if (no_public) { - if (!EVP_PKEY_set_int_param(eckey, OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC, 0)) { - BIO_printf(bio_err, "unable to disable public key encoding\n"); - goto end; - } - } else { - if (!EVP_PKEY_set_int_param(eckey, OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC, 1)) { - BIO_printf(bio_err, "unable to enable public key encoding\n"); - goto end; - } - } - - if (text) { - assert(pubin || private); - if ((pubin && EVP_PKEY_print_public(out, eckey, 0, NULL) <= 0) - || (!pubin && EVP_PKEY_print_private(out, eckey, 0, NULL) <= 0)) { - BIO_printf(bio_err, "unable to print EC key\n"); - goto end; - } - } - - if (check) { - pctx = EVP_PKEY_CTX_new_from_pkey(NULL, eckey, NULL); - if (pctx == NULL) { - BIO_printf(bio_err, "unable to check EC key\n"); - goto end; - } - if (EVP_PKEY_check(pctx) <= 0) - BIO_printf(bio_err, "EC Key Invalid!\n"); - else - BIO_printf(bio_err, "EC Key valid.\n"); - ERR_print_errors(bio_err); - } - - if (!noout) { - int selection; - const char *output_type = outformat == FORMAT_ASN1 ? "DER" : "PEM"; - const char *output_structure = "type-specific"; - - BIO_printf(bio_err, "writing EC key\n"); - if (param_out) { - selection = OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS; - } else if (pubin || pubout) { - selection = OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS - | OSSL_KEYMGMT_SELECT_PUBLIC_KEY; - output_structure = "SubjectPublicKeyInfo"; - } else { - selection = OSSL_KEYMGMT_SELECT_ALL; - assert(private); - } - - ectx = OSSL_ENCODER_CTX_new_for_pkey(eckey, selection, - output_type, output_structure, - NULL); - if (enc != NULL) { - OSSL_ENCODER_CTX_set_cipher(ectx, EVP_CIPHER_get0_name(enc), NULL); - /* Default passphrase prompter */ - OSSL_ENCODER_CTX_set_passphrase_ui(ectx, get_ui_method(), NULL); - if (passout != NULL) - /* When passout given, override the passphrase prompter */ - OSSL_ENCODER_CTX_set_passphrase(ectx, - (const unsigned char *)passout, - strlen(passout)); - } - if (!OSSL_ENCODER_to_bio(ectx, out)) { - BIO_printf(bio_err, "unable to write EC key\n"); - goto end; - } - } - - ret = 0; -end: - if (ret != 0) - ERR_print_errors(bio_err); - BIO_free_all(out); - EVP_PKEY_free(eckey); - EVP_CIPHER_free(enc); - OSSL_ENCODER_CTX_free(ectx); - OSSL_DECODER_CTX_free(dctx); - EVP_PKEY_CTX_free(pctx); - release_engine(e); - if (passin != NULL) - OPENSSL_clear_free(passin, strlen(passin)); - if (passout != NULL) - OPENSSL_clear_free(passout, strlen(passout)); - return ret; -} diff --git a/apps/ecparam.c b/apps/ecparam.c deleted file mode 100644 index 9e9ad136837b27373a10d8862e05fb7eedf50532..0000000000000000000000000000000000000000 --- a/apps/ecparam.c +++ /dev/null @@ -1,352 +0,0 @@ -/* - * Copyright 2002-2022 The OpenSSL Project Authors. All Rights Reserved. - * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include "apps.h" -#include "progs.h" -#include "ec_common.h" - -typedef enum OPTION_choice { - OPT_COMMON, - OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, OPT_TEXT, - OPT_CHECK, OPT_LIST_CURVES, OPT_NO_SEED, OPT_NOOUT, OPT_NAME, - OPT_CONV_FORM, OPT_PARAM_ENC, OPT_GENKEY, OPT_ENGINE, OPT_CHECK_NAMED, - OPT_R_ENUM, OPT_PROV_ENUM -} OPTION_CHOICE; - -const OPTIONS ecparam_options[] = { - OPT_SECTION("General"), - {"help", OPT_HELP, '-', "Display this summary"}, - {"list_curves", OPT_LIST_CURVES, '-', - "Prints a list of all curve 'short names'"}, -#ifndef OPENSSL_NO_ENGINE - {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, -#endif - - {"genkey", OPT_GENKEY, '-', "Generate ec key"}, - {"in", OPT_IN, '<', "Input file - default stdin"}, - {"inform", OPT_INFORM, 'F', "Input format - default PEM (DER or PEM)"}, - {"out", OPT_OUT, '>', "Output file - default stdout"}, - {"outform", OPT_OUTFORM, 'F', "Output format - default PEM"}, - - OPT_SECTION("Output"), - {"text", OPT_TEXT, '-', "Print the ec parameters in text form"}, - {"noout", OPT_NOOUT, '-', "Do not print the ec parameter"}, - {"param_enc", OPT_PARAM_ENC, 's', - "Specifies the way the ec parameters are encoded"}, - - OPT_SECTION("Parameter"), - {"check", OPT_CHECK, '-', "Validate the ec parameters"}, - {"check_named", OPT_CHECK_NAMED, '-', - "Check that named EC curve parameters have not been modified"}, - {"no_seed", OPT_NO_SEED, '-', - "If 'explicit' parameters are chosen do not use the seed"}, - {"name", OPT_NAME, 's', - "Use the ec parameters with specified 'short name'"}, - {"conv_form", OPT_CONV_FORM, 's', "Specifies the point conversion form "}, - - OPT_R_OPTIONS, - OPT_PROV_OPTIONS, - {NULL} -}; - -static int list_builtin_curves(BIO *out) -{ - int ret = 0; - EC_builtin_curve *curves = NULL; - size_t n, crv_len = EC_get_builtin_curves(NULL, 0); - - curves = app_malloc((int)sizeof(*curves) * crv_len, "list curves"); - if (!EC_get_builtin_curves(curves, crv_len)) - goto end; - - for (n = 0; n < crv_len; n++) { - const char *comment = curves[n].comment; - const char *sname = OBJ_nid2sn(curves[n].nid); - - if (comment == NULL) - comment = "CURVE DESCRIPTION NOT AVAILABLE"; - if (sname == NULL) - sname = ""; - - BIO_printf(out, " %-10s: ", sname); - BIO_printf(out, "%s\n", comment); - } - ret = 1; -end: - OPENSSL_free(curves); - return ret; -} - -int ecparam_main(int argc, char **argv) -{ - EVP_PKEY_CTX *gctx_params = NULL, *gctx_key = NULL, *pctx = NULL; - EVP_PKEY *params_key = NULL, *key = NULL; - OSSL_ENCODER_CTX *ectx_key = NULL, *ectx_params = NULL; - OSSL_DECODER_CTX *dctx_params = NULL; - ENGINE *e = NULL; - BIO *out = NULL; - char *curve_name = NULL; - char *asn1_encoding = NULL; - char *point_format = NULL; - char *infile = NULL, *outfile = NULL, *prog; - OPTION_CHOICE o; - int informat = FORMAT_PEM, outformat = FORMAT_PEM, noout = 0; - int ret = 1, private = 0; - int no_seed = 0, check = 0, check_named = 0, text = 0, genkey = 0; - int list_curves = 0; - - prog = opt_init(argc, argv, ecparam_options); - while ((o = opt_next()) != OPT_EOF) { - switch (o) { - case OPT_EOF: - case OPT_ERR: - opthelp: - BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); - goto end; - case OPT_HELP: - opt_help(ecparam_options); - ret = 0; - goto end; - case OPT_INFORM: - if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &informat)) - goto opthelp; - break; - case OPT_IN: - infile = opt_arg(); - break; - case OPT_OUTFORM: - if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &outformat)) - goto opthelp; - break; - case OPT_OUT: - outfile = opt_arg(); - break; - case OPT_TEXT: - text = 1; - break; - case OPT_CHECK: - check = 1; - break; - case OPT_CHECK_NAMED: - check_named = 1; - break; - case OPT_LIST_CURVES: - list_curves = 1; - break; - case OPT_NO_SEED: - no_seed = 1; - break; - case OPT_NOOUT: - noout = 1; - break; - case OPT_NAME: - curve_name = opt_arg(); - break; - case OPT_CONV_FORM: - point_format = opt_arg(); - if (!opt_string(point_format, point_format_options)) - goto opthelp; - break; - case OPT_PARAM_ENC: - asn1_encoding = opt_arg(); - if (!opt_string(asn1_encoding, asn1_encoding_options)) - goto opthelp; - break; - case OPT_GENKEY: - genkey = 1; - break; - case OPT_R_CASES: - if (!opt_rand(o)) - goto end; - break; - case OPT_PROV_CASES: - if (!opt_provider(o)) - goto end; - break; - case OPT_ENGINE: - e = setup_engine(opt_arg(), 0); - break; - } - } - - /* No extra args. */ - argc = opt_num_rest(); - if (argc != 0) - goto opthelp; - - if (!app_RAND_load()) - goto end; - - private = genkey ? 1 : 0; - - out = bio_open_owner(outfile, outformat, private); - if (out == NULL) - goto end; - - if (list_curves) { - if (list_builtin_curves(out)) - ret = 0; - goto end; - } - - if (curve_name != NULL) { - OSSL_PARAM params[4]; - OSSL_PARAM *p = params; - - if (strcmp(curve_name, "secp192r1") == 0) { - BIO_printf(bio_err, - "using curve name prime192v1 instead of secp192r1\n"); - curve_name = SN_X9_62_prime192v1; - } else if (strcmp(curve_name, "secp256r1") == 0) { - BIO_printf(bio_err, - "using curve name prime256v1 instead of secp256r1\n"); - curve_name = SN_X9_62_prime256v1; - } - *p++ = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME, - curve_name, 0); - if (asn1_encoding != NULL) - *p++ = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_EC_ENCODING, - asn1_encoding, 0); - if (point_format != NULL) - *p++ = OSSL_PARAM_construct_utf8_string( - OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT, - point_format, 0); - *p = OSSL_PARAM_construct_end(); - - if (OPENSSL_strcasecmp(curve_name, "SM2") == 0) - gctx_params = EVP_PKEY_CTX_new_from_name(app_get0_libctx(), "sm2", - app_get0_propq()); - else - gctx_params = EVP_PKEY_CTX_new_from_name(app_get0_libctx(), "ec", - app_get0_propq()); - if (gctx_params == NULL - || EVP_PKEY_keygen_init(gctx_params) <= 0 - || EVP_PKEY_CTX_set_params(gctx_params, params) <= 0 - || EVP_PKEY_keygen(gctx_params, ¶ms_key) <= 0) { - BIO_printf(bio_err, "unable to generate key\n"); - goto end; - } - } else { - params_key = load_keyparams(infile, informat, 1, "EC", "EC parameters"); - if (params_key == NULL || !EVP_PKEY_is_a(params_key, "EC")) - goto end; - if (point_format - && !EVP_PKEY_set_utf8_string_param( - params_key, OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT, - point_format)) { - BIO_printf(bio_err, "unable to set point conversion format\n"); - goto end; - } - - if (asn1_encoding != NULL - && !EVP_PKEY_set_utf8_string_param( - params_key, OSSL_PKEY_PARAM_EC_ENCODING, asn1_encoding)) { - BIO_printf(bio_err, "unable to set asn1 encoding format\n"); - goto end; - } - } - - if (no_seed - && !EVP_PKEY_set_octet_string_param(params_key, OSSL_PKEY_PARAM_EC_SEED, - NULL, 0)) { - BIO_printf(bio_err, "unable to clear seed\n"); - goto end; - } - - if (text - && !EVP_PKEY_print_params(out, params_key, 0, NULL)) { - BIO_printf(bio_err, "unable to print params\n"); - goto end; - } - - if (check || check_named) { - BIO_printf(bio_err, "checking elliptic curve parameters: "); - - if (check_named - && !EVP_PKEY_set_utf8_string_param(params_key, - OSSL_PKEY_PARAM_EC_GROUP_CHECK_TYPE, - OSSL_PKEY_EC_GROUP_CHECK_NAMED)) { - BIO_printf(bio_err, "unable to set check_type\n"); - goto end; - } - pctx = EVP_PKEY_CTX_new_from_pkey(app_get0_libctx(), params_key, - app_get0_propq()); - if (pctx == NULL || EVP_PKEY_param_check(pctx) <= 0) { - BIO_printf(bio_err, "failed\n"); - goto end; - } - BIO_printf(bio_err, "ok\n"); - } - - if (outformat == FORMAT_ASN1 && genkey) - noout = 1; - - if (!noout) { - ectx_params = OSSL_ENCODER_CTX_new_for_pkey( - params_key, OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS, - outformat == FORMAT_ASN1 ? "DER" : "PEM", NULL, NULL); - if (!OSSL_ENCODER_to_bio(ectx_params, out)) { - BIO_printf(bio_err, "unable to write elliptic curve parameters\n"); - goto end; - } - } - - if (genkey) { - /* - * NOTE: EC keygen does not normally need to pass in the param_key - * for named curves. This can be achieved using: - * gctx = EVP_PKEY_CTX_new_from_name(NULL, "EC", NULL); - * EVP_PKEY_keygen_init(gctx); - * EVP_PKEY_CTX_set_group_name(gctx, curvename); - * EVP_PKEY_keygen(gctx, &key) <= 0) - */ - gctx_key = EVP_PKEY_CTX_new_from_pkey(app_get0_libctx(), params_key, - app_get0_propq()); - if (EVP_PKEY_keygen_init(gctx_key) <= 0 - || EVP_PKEY_keygen(gctx_key, &key) <= 0) { - BIO_printf(bio_err, "unable to generate key\n"); - goto end; - } - assert(private); - ectx_key = OSSL_ENCODER_CTX_new_for_pkey( - key, OSSL_KEYMGMT_SELECT_ALL, - outformat == FORMAT_ASN1 ? "DER" : "PEM", NULL, NULL); - if (!OSSL_ENCODER_to_bio(ectx_key, out)) { - BIO_printf(bio_err, "unable to write elliptic " - "curve parameters\n"); - goto end; - } - } - - ret = 0; -end: - if (ret != 0) - ERR_print_errors(bio_err); - release_engine(e); - EVP_PKEY_free(params_key); - EVP_PKEY_free(key); - EVP_PKEY_CTX_free(pctx); - EVP_PKEY_CTX_free(gctx_params); - EVP_PKEY_CTX_free(gctx_key); - OSSL_DECODER_CTX_free(dctx_params); - OSSL_ENCODER_CTX_free(ectx_params); - OSSL_ENCODER_CTX_free(ectx_key); - BIO_free_all(out); - return ret; -} diff --git a/apps/enc.c b/apps/enc.c deleted file mode 100644 index 3dd609856304eed7c4090e0d55e94ecd0ac94397..0000000000000000000000000000000000000000 --- a/apps/enc.c +++ /dev/null @@ -1,696 +0,0 @@ -/* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include -#include "apps.h" -#include "progs.h" -#include -#include -#include -#include -#include -#include -#include -#ifndef OPENSSL_NO_COMP -# include -#endif -#include - -#undef SIZE -#undef BSIZE -#define SIZE (512) -#define BSIZE (8*1024) - -static int set_hex(const char *in, unsigned char *out, int size); -static void show_ciphers(const OBJ_NAME *name, void *bio_); - -struct doall_enc_ciphers { - BIO *bio; - int n; -}; - -typedef enum OPTION_choice { - OPT_COMMON, - OPT_LIST, - OPT_E, OPT_IN, OPT_OUT, OPT_PASS, OPT_ENGINE, OPT_D, OPT_P, OPT_V, - OPT_NOPAD, OPT_SALT, OPT_NOSALT, OPT_DEBUG, OPT_UPPER_P, OPT_UPPER_A, - OPT_A, OPT_Z, OPT_BUFSIZE, OPT_K, OPT_KFILE, OPT_UPPER_K, OPT_NONE, - OPT_UPPER_S, OPT_IV, OPT_MD, OPT_ITER, OPT_PBKDF2, OPT_CIPHER, - OPT_R_ENUM, OPT_PROV_ENUM -} OPTION_CHOICE; - -const OPTIONS enc_options[] = { - OPT_SECTION("General"), - {"help", OPT_HELP, '-', "Display this summary"}, - {"list", OPT_LIST, '-', "List ciphers"}, -#ifndef OPENSSL_NO_DEPRECATED_3_0 - {"ciphers", OPT_LIST, '-', "Alias for -list"}, -#endif - {"e", OPT_E, '-', "Encrypt"}, - {"d", OPT_D, '-', "Decrypt"}, - {"p", OPT_P, '-', "Print the iv/key"}, - {"P", OPT_UPPER_P, '-', "Print the iv/key and exit"}, -#ifndef OPENSSL_NO_ENGINE - {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, -#endif - - OPT_SECTION("Input"), - {"in", OPT_IN, '<', "Input file"}, - {"k", OPT_K, 's', "Passphrase"}, - {"kfile", OPT_KFILE, '<', "Read passphrase from file"}, - - OPT_SECTION("Output"), - {"out", OPT_OUT, '>', "Output file"}, - {"pass", OPT_PASS, 's', "Passphrase source"}, - {"v", OPT_V, '-', "Verbose output"}, - {"a", OPT_A, '-', "Base64 encode/decode, depending on encryption flag"}, - {"base64", OPT_A, '-', "Same as option -a"}, - {"A", OPT_UPPER_A, '-', - "Used with -[base64|a] to specify base64 buffer as a single line"}, - - OPT_SECTION("Encryption"), - {"nopad", OPT_NOPAD, '-', "Disable standard block padding"}, - {"salt", OPT_SALT, '-', "Use salt in the KDF (default)"}, - {"nosalt", OPT_NOSALT, '-', "Do not use salt in the KDF"}, - {"debug", OPT_DEBUG, '-', "Print debug info"}, - - {"bufsize", OPT_BUFSIZE, 's', "Buffer size"}, - {"K", OPT_UPPER_K, 's', "Raw key, in hex"}, - {"S", OPT_UPPER_S, 's', "Salt, in hex"}, - {"iv", OPT_IV, 's', "IV in hex"}, - {"md", OPT_MD, 's', "Use specified digest to create a key from the passphrase"}, - {"iter", OPT_ITER, 'p', "Specify the iteration count and force use of PBKDF2"}, - {"pbkdf2", OPT_PBKDF2, '-', "Use password-based key derivation function 2"}, - {"none", OPT_NONE, '-', "Don't encrypt"}, -#ifdef ZLIB - {"z", OPT_Z, '-', "Compress or decompress encrypted data using zlib"}, -#endif - {"", OPT_CIPHER, '-', "Any supported cipher"}, - - OPT_R_OPTIONS, - OPT_PROV_OPTIONS, - {NULL} -}; - -int enc_main(int argc, char **argv) -{ - static char buf[128]; - static const char magic[] = "Salted__"; - ENGINE *e = NULL; - BIO *in = NULL, *out = NULL, *b64 = NULL, *benc = NULL, *rbio = - NULL, *wbio = NULL; - EVP_CIPHER_CTX *ctx = NULL; - EVP_CIPHER *cipher = NULL; - EVP_MD *dgst = NULL; - const char *digestname = NULL; - char *hkey = NULL, *hiv = NULL, *hsalt = NULL, *p; - char *infile = NULL, *outfile = NULL, *prog; - char *str = NULL, *passarg = NULL, *pass = NULL, *strbuf = NULL; - const char *ciphername = NULL; - char mbuf[sizeof(magic) - 1]; - OPTION_CHOICE o; - int bsize = BSIZE, verbose = 0, debug = 0, olb64 = 0, nosalt = 0; - int enc = 1, printkey = 0, i, k; - int base64 = 0, informat = FORMAT_BINARY, outformat = FORMAT_BINARY; - int ret = 1, inl, nopad = 0; - unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH]; - unsigned char *buff = NULL, salt[PKCS5_SALT_LEN]; - int pbkdf2 = 0; - int iter = 0; - long n; - struct doall_enc_ciphers dec; -#ifdef ZLIB - int do_zlib = 0; - BIO *bzl = NULL; -#endif - - /* first check the command name */ - if (strcmp(argv[0], "base64") == 0) - base64 = 1; -#ifdef ZLIB - else if (strcmp(argv[0], "zlib") == 0) - do_zlib = 1; -#endif - else if (strcmp(argv[0], "enc") != 0) - ciphername = argv[0]; - - prog = opt_init(argc, argv, enc_options); - while ((o = opt_next()) != OPT_EOF) { - switch (o) { - case OPT_EOF: - case OPT_ERR: - opthelp: - BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); - goto end; - case OPT_HELP: - opt_help(enc_options); - ret = 0; - goto end; - case OPT_LIST: - BIO_printf(bio_out, "Supported ciphers:\n"); - dec.bio = bio_out; - dec.n = 0; - OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_CIPHER_METH, - show_ciphers, &dec); - BIO_printf(bio_out, "\n"); - ret = 0; - goto end; - case OPT_E: - enc = 1; - break; - case OPT_IN: - infile = opt_arg(); - break; - case OPT_OUT: - outfile = opt_arg(); - break; - case OPT_PASS: - passarg = opt_arg(); - break; - case OPT_ENGINE: - e = setup_engine(opt_arg(), 0); - break; - case OPT_D: - enc = 0; - break; - case OPT_P: - printkey = 1; - break; - case OPT_V: - verbose = 1; - break; - case OPT_NOPAD: - nopad = 1; - break; - case OPT_SALT: - nosalt = 0; - break; - case OPT_NOSALT: - nosalt = 1; - break; - case OPT_DEBUG: - debug = 1; - break; - case OPT_UPPER_P: - printkey = 2; - break; - case OPT_UPPER_A: - olb64 = 1; - break; - case OPT_A: - base64 = 1; - break; - case OPT_Z: -#ifdef ZLIB - do_zlib = 1; -#endif - break; - case OPT_BUFSIZE: - p = opt_arg(); - i = (int)strlen(p) - 1; - k = i >= 1 && p[i] == 'k'; - if (k) - p[i] = '\0'; - if (!opt_long(opt_arg(), &n) - || n < 0 || (k && n >= LONG_MAX / 1024)) - goto opthelp; - if (k) - n *= 1024; - bsize = (int)n; - break; - case OPT_K: - str = opt_arg(); - break; - case OPT_KFILE: - in = bio_open_default(opt_arg(), 'r', FORMAT_TEXT); - if (in == NULL) - goto opthelp; - i = BIO_gets(in, buf, sizeof(buf)); - BIO_free(in); - in = NULL; - if (i <= 0) { - BIO_printf(bio_err, - "%s Can't read key from %s\n", prog, opt_arg()); - goto opthelp; - } - while (--i > 0 && (buf[i] == '\r' || buf[i] == '\n')) - buf[i] = '\0'; - if (i <= 0) { - BIO_printf(bio_err, "%s: zero length password\n", prog); - goto opthelp; - } - str = buf; - break; - case OPT_UPPER_K: - hkey = opt_arg(); - break; - case OPT_UPPER_S: - hsalt = opt_arg(); - break; - case OPT_IV: - hiv = opt_arg(); - break; - case OPT_MD: - digestname = opt_arg(); - break; - case OPT_CIPHER: - ciphername = opt_unknown(); - break; - case OPT_ITER: - iter = opt_int_arg(); - pbkdf2 = 1; - break; - case OPT_PBKDF2: - pbkdf2 = 1; - if (iter == 0) /* do not overwrite a chosen value */ - iter = 10000; - break; - case OPT_NONE: - cipher = NULL; - break; - case OPT_R_CASES: - if (!opt_rand(o)) - goto end; - break; - case OPT_PROV_CASES: - if (!opt_provider(o)) - goto end; - break; - } - } - - /* No extra arguments. */ - argc = opt_num_rest(); - if (argc != 0) - goto opthelp; - if (!app_RAND_load()) - goto end; - - /* Get the cipher name, either from progname (if set) or flag. */ - if (ciphername != NULL) { - if (!opt_cipher(ciphername, &cipher)) - goto opthelp; - } - if (digestname != NULL) { - if (!opt_md(digestname, &dgst)) - goto opthelp; - } - if (dgst == NULL) - dgst = (EVP_MD *)EVP_sha256(); - - if (iter == 0) - iter = 1; - - /* It must be large enough for a base64 encoded line */ - if (base64 && bsize < 80) - bsize = 80; - if (verbose) - BIO_printf(bio_err, "bufsize=%d\n", bsize); - -#ifdef ZLIB - if (!do_zlib) -#endif - if (base64) { - if (enc) - outformat = FORMAT_BASE64; - else - informat = FORMAT_BASE64; - } - - strbuf = app_malloc(SIZE, "strbuf"); - buff = app_malloc(EVP_ENCODE_LENGTH(bsize), "evp buffer"); - - if (infile == NULL) { - in = dup_bio_in(informat); - } else { - in = bio_open_default(infile, 'r', informat); - } - if (in == NULL) - goto end; - - if (str == NULL && passarg != NULL) { - if (!app_passwd(passarg, NULL, &pass, NULL)) { - BIO_printf(bio_err, "Error getting password\n"); - goto end; - } - str = pass; - } - - if ((str == NULL) && (cipher != NULL) && (hkey == NULL)) { - if (1) { -#ifndef OPENSSL_NO_UI_CONSOLE - for (;;) { - char prompt[200]; - - BIO_snprintf(prompt, sizeof(prompt), "enter %s %s password:", - EVP_CIPHER_get0_name(cipher), - (enc) ? "encryption" : "decryption"); - strbuf[0] = '\0'; - i = EVP_read_pw_string((char *)strbuf, SIZE, prompt, enc); - if (i == 0) { - if (strbuf[0] == '\0') { - ret = 1; - goto end; - } - str = strbuf; - break; - } - if (i < 0) { - BIO_printf(bio_err, "bad password read\n"); - goto end; - } - } - } else { -#endif - BIO_printf(bio_err, "password required\n"); - goto end; - } - } - - out = bio_open_default(outfile, 'w', outformat); - if (out == NULL) - goto end; - - if (debug) { - BIO_set_callback_ex(in, BIO_debug_callback_ex); - BIO_set_callback_ex(out, BIO_debug_callback_ex); - BIO_set_callback_arg(in, (char *)bio_err); - BIO_set_callback_arg(out, (char *)bio_err); - } - - rbio = in; - wbio = out; - -#ifdef ZLIB - if (do_zlib) { - if ((bzl = BIO_new(BIO_f_zlib())) == NULL) - goto end; - if (debug) { - BIO_set_callback_ex(bzl, BIO_debug_callback_ex); - BIO_set_callback_arg(bzl, (char *)bio_err); - } - if (enc) - wbio = BIO_push(bzl, wbio); - else - rbio = BIO_push(bzl, rbio); - } -#endif - - if (base64) { - if ((b64 = BIO_new(BIO_f_base64())) == NULL) - goto end; - if (debug) { - BIO_set_callback_ex(b64, BIO_debug_callback_ex); - BIO_set_callback_arg(b64, (char *)bio_err); - } - if (olb64) - BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL); - if (enc) - wbio = BIO_push(b64, wbio); - else - rbio = BIO_push(b64, rbio); - } - - if (cipher != NULL) { - if (str != NULL) { /* a passphrase is available */ - /* - * Salt handling: if encrypting generate a salt if not supplied, - * and write to output BIO. If decrypting use salt from input BIO - * if not given with args - */ - unsigned char *sptr; - size_t str_len = strlen(str); - - if (nosalt) { - sptr = NULL; - } else { - if (hsalt != NULL && !set_hex(hsalt, salt, sizeof(salt))) { - BIO_printf(bio_err, "invalid hex salt value\n"); - goto end; - } - if (enc) { /* encryption */ - if (hsalt == NULL) { - if (RAND_bytes(salt, sizeof(salt)) <= 0) { - BIO_printf(bio_err, "RAND_bytes failed\n"); - goto end; - } - /* - * If -P option then don't bother writing. - * If salt is given, shouldn't either ? - */ - if ((printkey != 2) - && (BIO_write(wbio, magic, - sizeof(magic) - 1) != sizeof(magic) - 1 - || BIO_write(wbio, - (char *)salt, - sizeof(salt)) != sizeof(salt))) { - BIO_printf(bio_err, "error writing output file\n"); - goto end; - } - } - } else { /* decryption */ - if (hsalt == NULL) { - if (BIO_read(rbio, mbuf, sizeof(mbuf)) != sizeof(mbuf)) { - BIO_printf(bio_err, "error reading input file\n"); - goto end; - } - if (memcmp(mbuf, magic, sizeof(mbuf)) == 0) { /* file IS salted */ - if (BIO_read(rbio, salt, - sizeof(salt)) != sizeof(salt)) { - BIO_printf(bio_err, "error reading input file\n"); - goto end; - } - } else { /* file is NOT salted, NO salt available */ - BIO_printf(bio_err, "bad magic number\n"); - goto end; - } - } - } - sptr = salt; - } - - if (pbkdf2 == 1) { - /* - * derive key and default iv - * concatenated into a temporary buffer - */ - unsigned char tmpkeyiv[EVP_MAX_KEY_LENGTH + EVP_MAX_IV_LENGTH]; - int iklen = EVP_CIPHER_get_key_length(cipher); - int ivlen = EVP_CIPHER_get_iv_length(cipher); - /* not needed if HASH_UPDATE() is fixed : */ - int islen = (sptr != NULL ? sizeof(salt) : 0); - if (!PKCS5_PBKDF2_HMAC(str, str_len, sptr, islen, - iter, dgst, iklen+ivlen, tmpkeyiv)) { - BIO_printf(bio_err, "PKCS5_PBKDF2_HMAC failed\n"); - goto end; - } - /* split and move data back to global buffer */ - memcpy(key, tmpkeyiv, iklen); - memcpy(iv, tmpkeyiv+iklen, ivlen); - } else { - BIO_printf(bio_err, "*** WARNING : " - "deprecated key derivation used.\n" - "Using -iter or -pbkdf2 would be better.\n"); - if (!EVP_BytesToKey(cipher, dgst, sptr, - (unsigned char *)str, str_len, - 1, key, iv)) { - BIO_printf(bio_err, "EVP_BytesToKey failed\n"); - goto end; - } - } - /* - * zero the complete buffer or the string passed from the command - * line. - */ - if (str == strbuf) - OPENSSL_cleanse(str, SIZE); - else - OPENSSL_cleanse(str, str_len); - } - if (hiv != NULL) { - int siz = EVP_CIPHER_get_iv_length(cipher); - if (siz == 0) { - BIO_printf(bio_err, "warning: iv not used by this cipher\n"); - } else if (!set_hex(hiv, iv, siz)) { - BIO_printf(bio_err, "invalid hex iv value\n"); - goto end; - } - } - if ((hiv == NULL) && (str == NULL) - && EVP_CIPHER_get_iv_length(cipher) != 0) { - /* - * No IV was explicitly set and no IV was generated. - * Hence the IV is undefined, making correct decryption impossible. - */ - BIO_printf(bio_err, "iv undefined\n"); - goto end; - } - if (hkey != NULL) { - if (!set_hex(hkey, key, EVP_CIPHER_get_key_length(cipher))) { - BIO_printf(bio_err, "invalid hex key value\n"); - goto end; - } - /* wiping secret data as we no longer need it */ - cleanse(hkey); - } - - if ((benc = BIO_new(BIO_f_cipher())) == NULL) - goto end; - - /* - * Since we may be changing parameters work on the encryption context - * rather than calling BIO_set_cipher(). - */ - - BIO_get_cipher_ctx(benc, &ctx); - - if (!EVP_CipherInit_ex(ctx, cipher, e, NULL, NULL, enc)) { - BIO_printf(bio_err, "Error setting cipher %s\n", - EVP_CIPHER_get0_name(cipher)); - ERR_print_errors(bio_err); - goto end; - } - - if (nopad) - EVP_CIPHER_CTX_set_padding(ctx, 0); - - if (!EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, enc)) { - BIO_printf(bio_err, "Error setting cipher %s\n", - EVP_CIPHER_get0_name(cipher)); - ERR_print_errors(bio_err); - goto end; - } - - if (debug) { - BIO_set_callback_ex(benc, BIO_debug_callback_ex); - BIO_set_callback_arg(benc, (char *)bio_err); - } - - if (printkey) { - if (!nosalt) { - printf("salt="); - for (i = 0; i < (int)sizeof(salt); i++) - printf("%02X", salt[i]); - printf("\n"); - } - if (EVP_CIPHER_get_key_length(cipher) > 0) { - printf("key="); - for (i = 0; i < EVP_CIPHER_get_key_length(cipher); i++) - printf("%02X", key[i]); - printf("\n"); - } - if (EVP_CIPHER_get_iv_length(cipher) > 0) { - printf("iv ="); - for (i = 0; i < EVP_CIPHER_get_iv_length(cipher); i++) - printf("%02X", iv[i]); - printf("\n"); - } - if (printkey == 2) { - ret = 0; - goto end; - } - } - } - - /* Only encrypt/decrypt as we write the file */ - if (benc != NULL) - wbio = BIO_push(benc, wbio); - - while (BIO_pending(rbio) || !BIO_eof(rbio)) { - inl = BIO_read(rbio, (char *)buff, bsize); - if (inl <= 0) - break; - if (BIO_write(wbio, (char *)buff, inl) != inl) { - BIO_printf(bio_err, "error writing output file\n"); - goto end; - } - } - if (!BIO_flush(wbio)) { - BIO_printf(bio_err, "bad decrypt\n"); - goto end; - } - - ret = 0; - if (verbose) { - BIO_printf(bio_err, "bytes read : %8ju\n", BIO_number_read(in)); - BIO_printf(bio_err, "bytes written: %8ju\n", BIO_number_written(out)); - } - end: - ERR_print_errors(bio_err); - OPENSSL_free(strbuf); - OPENSSL_free(buff); - BIO_free(in); - BIO_free_all(out); - BIO_free(benc); - BIO_free(b64); - EVP_MD_free(dgst); - EVP_CIPHER_free(cipher); -#ifdef ZLIB - BIO_free(bzl); -#endif - release_engine(e); - OPENSSL_free(pass); - return ret; -} - -static void show_ciphers(const OBJ_NAME *name, void *arg) -{ - struct doall_enc_ciphers *dec = (struct doall_enc_ciphers *)arg; - const EVP_CIPHER *cipher; - - if (!islower((unsigned char)*name->name)) - return; - - /* Filter out ciphers that we cannot use */ - cipher = EVP_get_cipherbyname(name->name); - if (cipher == NULL - || (EVP_CIPHER_get_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) != 0 - || EVP_CIPHER_get_mode(cipher) == EVP_CIPH_XTS_MODE) - return; - - BIO_printf(dec->bio, "-%-25s", name->name); - if (++dec->n == 3) { - BIO_printf(dec->bio, "\n"); - dec->n = 0; - } else - BIO_printf(dec->bio, " "); -} - -static int set_hex(const char *in, unsigned char *out, int size) -{ - int i, n; - unsigned char j; - - i = size * 2; - n = strlen(in); - if (n > i) { - BIO_printf(bio_err, "hex string is too long, ignoring excess\n"); - n = i; /* ignore exceeding part */ - } else if (n < i) { - BIO_printf(bio_err, "hex string is too short, padding with zero bytes to length\n"); - } - - memset(out, 0, size); - for (i = 0; i < n; i++) { - j = (unsigned char)*in++; - if (!isxdigit(j)) { - BIO_printf(bio_err, "non-hex digit\n"); - return 0; - } - j = (unsigned char)OPENSSL_hexchar2int(j); - if (i & 1) - out[i / 2] |= j; - else - out[i / 2] = (j << 4); - } - return 1; -} diff --git a/apps/engine.c b/apps/engine.c deleted file mode 100644 index 1b0f64309c6f975111acb766643a335da2eadffe..0000000000000000000000000000000000000000 --- a/apps/engine.c +++ /dev/null @@ -1,493 +0,0 @@ -/* - * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* We need to use some engine deprecated APIs */ -#define OPENSSL_SUPPRESS_DEPRECATED - -#include - -#include "apps.h" -#include "progs.h" -#include -#include -#include -#include -#include -#include -#include - -typedef enum OPTION_choice { - OPT_COMMON, - OPT_C, OPT_T, OPT_TT, OPT_PRE, OPT_POST, - OPT_V = 100, OPT_VV, OPT_VVV, OPT_VVVV -} OPTION_CHOICE; - -const OPTIONS engine_options[] = { - {OPT_HELP_STR, 1, '-', "Usage: %s [options] engine...\n"}, - - OPT_SECTION("General"), - {"help", OPT_HELP, '-', "Display this summary"}, - {"t", OPT_T, '-', "Check that specified engine is available"}, - {"pre", OPT_PRE, 's', "Run command against the ENGINE before loading it"}, - {"post", OPT_POST, 's', "Run command against the ENGINE after loading it"}, - - OPT_SECTION("Output"), - {"v", OPT_V, '-', "List 'control commands' For each specified engine"}, - {"vv", OPT_VV, '-', "Also display each command's description"}, - {"vvv", OPT_VVV, '-', "Also add the input flags for each command"}, - {"vvvv", OPT_VVVV, '-', "Also show internal input flags"}, - {"c", OPT_C, '-', "List the capabilities of specified engine"}, - {"tt", OPT_TT, '-', "Display error trace for unavailable engines"}, - {OPT_MORE_STR, OPT_EOF, 1, - "Commands are like \"SO_PATH:/lib/libdriver.so\""}, - - OPT_PARAMETERS(), - {"engine", 0, 0, "ID of engine(s) to load"}, - {NULL} -}; - -static int append_buf(char **buf, int *size, const char *s) -{ - const int expand = 256; - int len = strlen(s) + 1; - char *p = *buf; - - if (p == NULL) { - *size = ((len + expand - 1) / expand) * expand; - p = *buf = app_malloc(*size, "engine buffer"); - } else { - const int blen = strlen(p); - - if (blen > 0) - len += 2 + blen; - - if (len > *size) { - *size = ((len + expand - 1) / expand) * expand; - p = OPENSSL_realloc(p, *size); - if (p == NULL) { - OPENSSL_free(*buf); - *buf = NULL; - return 0; - } - *buf = p; - } - - if (blen > 0) { - p += blen; - *p++ = ','; - *p++ = ' '; - } - } - - strcpy(p, s); - return 1; -} - -static int util_flags(BIO *out, unsigned int flags, const char *indent) -{ - int started = 0, err = 0; - /* Indent before displaying input flags */ - BIO_printf(out, "%s%s(input flags): ", indent, indent); - if (flags == 0) { - BIO_printf(out, "\n"); - return 1; - } - /* - * If the object is internal, mark it in a way that shows instead of - * having it part of all the other flags, even if it really is. - */ - if (flags & ENGINE_CMD_FLAG_INTERNAL) { - BIO_printf(out, "[Internal] "); - } - - if (flags & ENGINE_CMD_FLAG_NUMERIC) { - BIO_printf(out, "NUMERIC"); - started = 1; - } - /* - * Now we check that no combinations of the mutually exclusive NUMERIC, - * STRING, and NO_INPUT flags have been used. Future flags that can be - * OR'd together with these would need to added after these to preserve - * the testing logic. - */ - if (flags & ENGINE_CMD_FLAG_STRING) { - if (started) { - BIO_printf(out, "|"); - err = 1; - } - BIO_printf(out, "STRING"); - started = 1; - } - if (flags & ENGINE_CMD_FLAG_NO_INPUT) { - if (started) { - BIO_printf(out, "|"); - err = 1; - } - BIO_printf(out, "NO_INPUT"); - started = 1; - } - /* Check for unknown flags */ - flags = flags & ~ENGINE_CMD_FLAG_NUMERIC & - ~ENGINE_CMD_FLAG_STRING & - ~ENGINE_CMD_FLAG_NO_INPUT & ~ENGINE_CMD_FLAG_INTERNAL; - if (flags) { - if (started) - BIO_printf(out, "|"); - BIO_printf(out, "<0x%04X>", flags); - } - if (err) - BIO_printf(out, " "); - BIO_printf(out, "\n"); - return 1; -} - -static int util_verbose(ENGINE *e, int verbose, BIO *out, const char *indent) -{ - static const int line_wrap = 78; - int num; - int ret = 0; - char *name = NULL; - char *desc = NULL; - int flags; - int xpos = 0; - STACK_OF(OPENSSL_STRING) *cmds = NULL; - if (!ENGINE_ctrl(e, ENGINE_CTRL_HAS_CTRL_FUNCTION, 0, NULL, NULL) || - ((num = ENGINE_ctrl(e, ENGINE_CTRL_GET_FIRST_CMD_TYPE, - 0, NULL, NULL)) <= 0)) { - return 1; - } - - cmds = sk_OPENSSL_STRING_new_null(); - if (cmds == NULL) - goto err; - - do { - int len; - /* Get the command input flags */ - if ((flags = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FLAGS, num, - NULL, NULL)) < 0) - goto err; - if (!(flags & ENGINE_CMD_FLAG_INTERNAL) || verbose >= 4) { - /* Get the command name */ - if ((len = ENGINE_ctrl(e, ENGINE_CTRL_GET_NAME_LEN_FROM_CMD, num, - NULL, NULL)) <= 0) - goto err; - name = app_malloc(len + 1, "name buffer"); - if (ENGINE_ctrl(e, ENGINE_CTRL_GET_NAME_FROM_CMD, num, name, - NULL) <= 0) - goto err; - /* Get the command description */ - if ((len = ENGINE_ctrl(e, ENGINE_CTRL_GET_DESC_LEN_FROM_CMD, num, - NULL, NULL)) < 0) - goto err; - if (len > 0) { - desc = app_malloc(len + 1, "description buffer"); - if (ENGINE_ctrl(e, ENGINE_CTRL_GET_DESC_FROM_CMD, num, desc, - NULL) <= 0) - goto err; - } - /* Now decide on the output */ - if (xpos == 0) - /* Do an indent */ - xpos = BIO_puts(out, indent); - else - /* Otherwise prepend a ", " */ - xpos += BIO_printf(out, ", "); - if (verbose == 1) { - /* - * We're just listing names, comma-delimited - */ - if ((xpos > (int)strlen(indent)) && - (xpos + (int)strlen(name) > line_wrap)) { - BIO_printf(out, "\n"); - xpos = BIO_puts(out, indent); - } - xpos += BIO_printf(out, "%s", name); - } else { - /* We're listing names plus descriptions */ - BIO_printf(out, "%s: %s\n", name, - (desc == NULL) ? "" : desc); - /* ... and sometimes input flags */ - if ((verbose >= 3) && !util_flags(out, flags, indent)) - goto err; - xpos = 0; - } - } - OPENSSL_free(name); - name = NULL; - OPENSSL_free(desc); - desc = NULL; - /* Move to the next command */ - num = ENGINE_ctrl(e, ENGINE_CTRL_GET_NEXT_CMD_TYPE, num, NULL, NULL); - } while (num > 0); - if (xpos > 0) - BIO_printf(out, "\n"); - ret = 1; - err: - sk_OPENSSL_STRING_free(cmds); - OPENSSL_free(name); - OPENSSL_free(desc); - return ret; -} - -static void util_do_cmds(ENGINE *e, STACK_OF(OPENSSL_STRING) *cmds, - BIO *out, const char *indent) -{ - int loop, res, num = sk_OPENSSL_STRING_num(cmds); - - if (num < 0) { - BIO_printf(out, "[Error]: internal stack error\n"); - return; - } - for (loop = 0; loop < num; loop++) { - char buf[256]; - const char *cmd, *arg; - cmd = sk_OPENSSL_STRING_value(cmds, loop); - res = 1; /* assume success */ - /* Check if this command has no ":arg" */ - if ((arg = strstr(cmd, ":")) == NULL) { - if (!ENGINE_ctrl_cmd_string(e, cmd, NULL, 0)) - res = 0; - } else { - if ((int)(arg - cmd) > 254) { - BIO_printf(out, "[Error]: command name too long\n"); - return; - } - memcpy(buf, cmd, (int)(arg - cmd)); - buf[arg - cmd] = '\0'; - arg++; /* Move past the ":" */ - /* Call the command with the argument */ - if (!ENGINE_ctrl_cmd_string(e, buf, arg, 0)) - res = 0; - } - if (res) { - BIO_printf(out, "[Success]: %s\n", cmd); - } else { - BIO_printf(out, "[Failure]: %s\n", cmd); - ERR_print_errors(out); - } - } -} - -struct util_store_cap_data { - ENGINE *engine; - char **cap_buf; - int *cap_size; - int ok; -}; -static void util_store_cap(const OSSL_STORE_LOADER *loader, void *arg) -{ - struct util_store_cap_data *ctx = arg; - - if (OSSL_STORE_LOADER_get0_engine(loader) == ctx->engine) { - char buf[256]; - BIO_snprintf(buf, sizeof(buf), "STORE(%s)", - OSSL_STORE_LOADER_get0_scheme(loader)); - if (!append_buf(ctx->cap_buf, ctx->cap_size, buf)) - ctx->ok = 0; - } -} - -int engine_main(int argc, char **argv) -{ - int ret = 1, i; - int verbose = 0, list_cap = 0, test_avail = 0, test_avail_noise = 0; - ENGINE *e; - STACK_OF(OPENSSL_CSTRING) *engines = sk_OPENSSL_CSTRING_new_null(); - STACK_OF(OPENSSL_STRING) *pre_cmds = sk_OPENSSL_STRING_new_null(); - STACK_OF(OPENSSL_STRING) *post_cmds = sk_OPENSSL_STRING_new_null(); - BIO *out; - const char *indent = " "; - OPTION_CHOICE o; - char *prog; - char *argv1; - - out = dup_bio_out(FORMAT_TEXT); - if (engines == NULL || pre_cmds == NULL || post_cmds == NULL) - goto end; - - /* Remember the original command name, parse/skip any leading engine - * names, and then setup to parse the rest of the line as flags. */ - prog = argv[0]; - while ((argv1 = argv[1]) != NULL && *argv1 != '-') { - sk_OPENSSL_CSTRING_push(engines, argv1); - argc--; - argv++; - } - argv[0] = prog; - opt_init(argc, argv, engine_options); - - while ((o = opt_next()) != OPT_EOF) { - switch (o) { - case OPT_EOF: - case OPT_ERR: - BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); - goto end; - case OPT_HELP: - opt_help(engine_options); - ret = 0; - goto end; - case OPT_VVVV: - case OPT_VVV: - case OPT_VV: - case OPT_V: - /* Convert to an integer from one to four. */ - i = (int)(o - OPT_V) + 1; - if (verbose < i) - verbose = i; - break; - case OPT_C: - list_cap = 1; - break; - case OPT_TT: - test_avail_noise++; - /* fall thru */ - case OPT_T: - test_avail++; - break; - case OPT_PRE: - sk_OPENSSL_STRING_push(pre_cmds, opt_arg()); - break; - case OPT_POST: - sk_OPENSSL_STRING_push(post_cmds, opt_arg()); - break; - } - } - - /* Any remaining arguments are engine names. */ - argc = opt_num_rest(); - argv = opt_rest(); - for ( ; *argv; argv++) { - if (**argv == '-') { - BIO_printf(bio_err, "%s: Cannot mix flags and engine names.\n", - prog); - BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); - goto end; - } - sk_OPENSSL_CSTRING_push(engines, *argv); - } - - if (sk_OPENSSL_CSTRING_num(engines) == 0) { - for (e = ENGINE_get_first(); e != NULL; e = ENGINE_get_next(e)) { - sk_OPENSSL_CSTRING_push(engines, ENGINE_get_id(e)); - } - } - - ret = 0; - for (i = 0; i < sk_OPENSSL_CSTRING_num(engines); i++) { - const char *id = sk_OPENSSL_CSTRING_value(engines, i); - if ((e = ENGINE_by_id(id)) != NULL) { - const char *name = ENGINE_get_name(e); - /* - * Do "id" first, then "name". Easier to auto-parse. - */ - BIO_printf(out, "(%s) %s\n", id, name); - util_do_cmds(e, pre_cmds, out, indent); - if (strcmp(ENGINE_get_id(e), id) != 0) { - BIO_printf(out, "Loaded: (%s) %s\n", - ENGINE_get_id(e), ENGINE_get_name(e)); - } - if (list_cap) { - int cap_size = 256; - char *cap_buf = NULL; - int k, n; - const int *nids; - ENGINE_CIPHERS_PTR fn_c; - ENGINE_DIGESTS_PTR fn_d; - ENGINE_PKEY_METHS_PTR fn_pk; - - if (ENGINE_get_RSA(e) != NULL - && !append_buf(&cap_buf, &cap_size, "RSA")) - goto end; - if (ENGINE_get_DSA(e) != NULL - && !append_buf(&cap_buf, &cap_size, "DSA")) - goto end; - if (ENGINE_get_DH(e) != NULL - && !append_buf(&cap_buf, &cap_size, "DH")) - goto end; - if (ENGINE_get_RAND(e) != NULL - && !append_buf(&cap_buf, &cap_size, "RAND")) - goto end; - - fn_c = ENGINE_get_ciphers(e); - if (fn_c == NULL) - goto skip_ciphers; - n = fn_c(e, NULL, &nids, 0); - for (k = 0; k < n; ++k) - if (!append_buf(&cap_buf, &cap_size, OBJ_nid2sn(nids[k]))) - goto end; - - skip_ciphers: - fn_d = ENGINE_get_digests(e); - if (fn_d == NULL) - goto skip_digests; - n = fn_d(e, NULL, &nids, 0); - for (k = 0; k < n; ++k) - if (!append_buf(&cap_buf, &cap_size, OBJ_nid2sn(nids[k]))) - goto end; - - skip_digests: - fn_pk = ENGINE_get_pkey_meths(e); - if (fn_pk == NULL) - goto skip_pmeths; - n = fn_pk(e, NULL, &nids, 0); - for (k = 0; k < n; ++k) - if (!append_buf(&cap_buf, &cap_size, OBJ_nid2sn(nids[k]))) - goto end; - skip_pmeths: - { - struct util_store_cap_data store_ctx; - - store_ctx.engine = e; - store_ctx.cap_buf = &cap_buf; - store_ctx.cap_size = &cap_size; - store_ctx.ok = 1; - - OSSL_STORE_do_all_loaders(util_store_cap, &store_ctx); - if (!store_ctx.ok) - goto end; - } - if (cap_buf != NULL && (*cap_buf != '\0')) - BIO_printf(out, " [%s]\n", cap_buf); - - OPENSSL_free(cap_buf); - } - if (test_avail) { - BIO_printf(out, "%s", indent); - if (ENGINE_init(e)) { - BIO_printf(out, "[ available ]\n"); - util_do_cmds(e, post_cmds, out, indent); - ENGINE_finish(e); - } else { - BIO_printf(out, "[ unavailable ]\n"); - if (test_avail_noise) - ERR_print_errors_fp(stdout); - ERR_clear_error(); - } - } - if ((verbose > 0) && !util_verbose(e, verbose, out, indent)) - goto end; - ENGINE_free(e); - } else { - ERR_print_errors(bio_err); - /* because exit codes above 127 have special meaning on Unix */ - if (++ret > 127) - ret = 127; - } - } - - end: - - ERR_print_errors(bio_err); - sk_OPENSSL_CSTRING_free(engines); - sk_OPENSSL_STRING_free(pre_cmds); - sk_OPENSSL_STRING_free(post_cmds); - BIO_free_all(out); - return ret; -} diff --git a/apps/errstr.c b/apps/errstr.c deleted file mode 100644 index 782705a78a33d27d0139ae7dbaa4fa86b4ad9505..0000000000000000000000000000000000000000 --- a/apps/errstr.c +++ /dev/null @@ -1,74 +0,0 @@ -/* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include "apps.h" -#include "progs.h" -#include -#include -#include - -typedef enum OPTION_choice { - OPT_ERR = -1, OPT_EOF = 0, OPT_HELP -} OPTION_CHOICE; - -const OPTIONS errstr_options[] = { - {OPT_HELP_STR, 1, '-', "Usage: %s [options] errnum...\n"}, - - OPT_SECTION("General"), - {"help", OPT_HELP, '-', "Display this summary"}, - - OPT_PARAMETERS(), - {"errnum", 0, 0, "Error number(s) to decode"}, - {NULL} -}; - -int errstr_main(int argc, char **argv) -{ - OPTION_CHOICE o; - char buf[256], *prog; - int ret = 1; - unsigned long l; - - prog = opt_init(argc, argv, errstr_options); - while ((o = opt_next()) != OPT_EOF) { - switch (o) { - case OPT_EOF: - case OPT_ERR: - BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); - goto end; - case OPT_HELP: - opt_help(errstr_options); - ret = 0; - goto end; - } - } - - /* - * We're not really an SSL application so this won't auto-init, but - * we're still interested in SSL error strings - */ - OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS - | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL); - - /* All remaining arg are error code. */ - ret = 0; - for (argv = opt_rest(); *argv != NULL; argv++) { - if (sscanf(*argv, "%lx", &l) == 0) { - ret++; - } else { - ERR_error_string_n(l, buf, sizeof(buf)); - BIO_printf(bio_out, "%s\n", buf); - } - } - end: - return ret; -} diff --git a/apps/fipsinstall.c b/apps/fipsinstall.c deleted file mode 100644 index d0efdf7643bd3252e90c32ae6285f0524b765a71..0000000000000000000000000000000000000000 --- a/apps/fipsinstall.c +++ /dev/null @@ -1,590 +0,0 @@ -/* - * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include "apps.h" -#include "progs.h" - -#define BUFSIZE 4096 - -/* Configuration file values */ -#define VERSION_KEY "version" -#define VERSION_VAL "1" -#define INSTALL_STATUS_VAL "INSTALL_SELF_TEST_KATS_RUN" - -static OSSL_CALLBACK self_test_events; -static char *self_test_corrupt_desc = NULL; -static char *self_test_corrupt_type = NULL; -static int self_test_log = 1; -static int quiet = 0; - -typedef enum OPTION_choice { - OPT_COMMON, - OPT_IN, OPT_OUT, OPT_MODULE, - OPT_PROV_NAME, OPT_SECTION_NAME, OPT_MAC_NAME, OPT_MACOPT, OPT_VERIFY, - OPT_NO_LOG, OPT_CORRUPT_DESC, OPT_CORRUPT_TYPE, OPT_QUIET, OPT_CONFIG, - OPT_NO_CONDITIONAL_ERRORS, - OPT_NO_SECURITY_CHECKS, - OPT_SELF_TEST_ONLOAD -} OPTION_CHOICE; - -const OPTIONS fipsinstall_options[] = { - OPT_SECTION("General"), - {"help", OPT_HELP, '-', "Display this summary"}, - {"verify", OPT_VERIFY, '-', - "Verify a config file instead of generating one"}, - {"module", OPT_MODULE, '<', "File name of the provider module"}, - {"provider_name", OPT_PROV_NAME, 's', "FIPS provider name"}, - {"section_name", OPT_SECTION_NAME, 's', - "FIPS Provider config section name (optional)"}, - {"no_conditional_errors", OPT_NO_CONDITIONAL_ERRORS, '-', - "Disable the ability of the fips module to enter an error state if" - " any conditional self tests fail"}, - {"no_security_checks", OPT_NO_SECURITY_CHECKS, '-', - "Disable the run-time FIPS security checks in the module"}, - {"self_test_onload", OPT_SELF_TEST_ONLOAD, '-', - "Forces self tests to always run on module load"}, - OPT_SECTION("Input"), - {"in", OPT_IN, '<', "Input config file, used when verifying"}, - - OPT_SECTION("Output"), - {"out", OPT_OUT, '>', "Output config file, used when generating"}, - {"mac_name", OPT_MAC_NAME, 's', "MAC name"}, - {"macopt", OPT_MACOPT, 's', "MAC algorithm parameters in n:v form. " - "See 'PARAMETER NAMES' in the EVP_MAC_ docs"}, - {"noout", OPT_NO_LOG, '-', "Disable logging of self test events"}, - {"corrupt_desc", OPT_CORRUPT_DESC, 's', "Corrupt a self test by description"}, - {"corrupt_type", OPT_CORRUPT_TYPE, 's', "Corrupt a self test by type"}, - {"config", OPT_CONFIG, '<', "The parent config to verify"}, - {"quiet", OPT_QUIET, '-', "No messages, just exit status"}, - {NULL} -}; - -static int do_mac(EVP_MAC_CTX *ctx, unsigned char *tmp, BIO *in, - unsigned char *out, size_t *out_len) -{ - int ret = 0; - int i; - size_t outsz = *out_len; - - if (!EVP_MAC_init(ctx, NULL, 0, NULL)) - goto err; - if (EVP_MAC_CTX_get_mac_size(ctx) > outsz) - goto end; - while ((i = BIO_read(in, (char *)tmp, BUFSIZE)) != 0) { - if (i < 0 || !EVP_MAC_update(ctx, tmp, i)) - goto err; - } -end: - if (!EVP_MAC_final(ctx, out, out_len, outsz)) - goto err; - ret = 1; -err: - return ret; -} - -static int load_fips_prov_and_run_self_test(const char *prov_name) -{ - int ret = 0; - OSSL_PROVIDER *prov = NULL; - - prov = OSSL_PROVIDER_load(NULL, prov_name); - if (prov == NULL) { - BIO_printf(bio_err, "Failed to load FIPS module\n"); - goto end; - } - ret = 1; -end: - OSSL_PROVIDER_unload(prov); - return ret; -} - -static int print_mac(BIO *bio, const char *label, const unsigned char *mac, - size_t len) -{ - int ret; - char *hexstr = NULL; - - hexstr = OPENSSL_buf2hexstr(mac, (long)len); - if (hexstr == NULL) - return 0; - ret = BIO_printf(bio, "%s = %s\n", label, hexstr); - OPENSSL_free(hexstr); - return ret; -} - -static int write_config_header(BIO *out, const char *prov_name, - const char *section) -{ - return BIO_printf(out, "openssl_conf = openssl_init\n\n") - && BIO_printf(out, "[openssl_init]\n") - && BIO_printf(out, "providers = provider_section\n\n") - && BIO_printf(out, "[provider_section]\n") - && BIO_printf(out, "%s = %s\n\n", prov_name, section); -} - -/* - * Outputs a fips related config file that contains entries for the fips - * module checksum, installation indicator checksum and the options - * conditional_errors and security_checks. - * - * Returns 1 if the config file is written otherwise it returns 0 on error. - */ -static int write_config_fips_section(BIO *out, const char *section, - unsigned char *module_mac, - size_t module_mac_len, - int conditional_errors, - int security_checks, - unsigned char *install_mac, - size_t install_mac_len) -{ - int ret = 0; - - if (BIO_printf(out, "[%s]\n", section) <= 0 - || BIO_printf(out, "activate = 1\n") <= 0 - || BIO_printf(out, "%s = %s\n", OSSL_PROV_FIPS_PARAM_INSTALL_VERSION, - VERSION_VAL) <= 0 - || BIO_printf(out, "%s = %s\n", OSSL_PROV_FIPS_PARAM_CONDITIONAL_ERRORS, - conditional_errors ? "1" : "0") <= 0 - || BIO_printf(out, "%s = %s\n", OSSL_PROV_FIPS_PARAM_SECURITY_CHECKS, - security_checks ? "1" : "0") <= 0 - || !print_mac(out, OSSL_PROV_FIPS_PARAM_MODULE_MAC, module_mac, - module_mac_len)) - goto end; - - if (install_mac != NULL && install_mac_len > 0) { - if (!print_mac(out, OSSL_PROV_FIPS_PARAM_INSTALL_MAC, install_mac, - install_mac_len) - || BIO_printf(out, "%s = %s\n", OSSL_PROV_FIPS_PARAM_INSTALL_STATUS, - INSTALL_STATUS_VAL) <= 0) - goto end; - } - ret = 1; -end: - return ret; -} - -static CONF *generate_config_and_load(const char *prov_name, - const char *section, - unsigned char *module_mac, - size_t module_mac_len, - int conditional_errors, - int security_checks) -{ - BIO *mem_bio = NULL; - CONF *conf = NULL; - - mem_bio = BIO_new(BIO_s_mem()); - if (mem_bio == NULL) - return 0; - if (!write_config_header(mem_bio, prov_name, section) - || !write_config_fips_section(mem_bio, section, - module_mac, module_mac_len, - conditional_errors, - security_checks, - NULL, 0)) - goto end; - - conf = app_load_config_bio(mem_bio, NULL); - if (conf == NULL) - goto end; - - if (CONF_modules_load(conf, NULL, 0) <= 0) - goto end; - BIO_free(mem_bio); - return conf; -end: - NCONF_free(conf); - BIO_free(mem_bio); - return NULL; -} - -static void free_config_and_unload(CONF *conf) -{ - if (conf != NULL) { - NCONF_free(conf); - CONF_modules_unload(1); - } -} - -static int verify_module_load(const char *parent_config_file) -{ - return OSSL_LIB_CTX_load_config(NULL, parent_config_file); -} - -/* - * Returns 1 if the config file entries match the passed in module_mac and - * install_mac values, otherwise it returns 0. - */ -static int verify_config(const char *infile, const char *section, - unsigned char *module_mac, size_t module_mac_len, - unsigned char *install_mac, size_t install_mac_len) -{ - int ret = 0; - char *s = NULL; - unsigned char *buf1 = NULL, *buf2 = NULL; - long len; - CONF *conf = NULL; - - /* read in the existing values and check they match the saved values */ - conf = app_load_config(infile); - if (conf == NULL) - goto end; - - s = NCONF_get_string(conf, section, OSSL_PROV_FIPS_PARAM_INSTALL_VERSION); - if (s == NULL || strcmp(s, VERSION_VAL) != 0) { - BIO_printf(bio_err, "version not found\n"); - goto end; - } - s = NCONF_get_string(conf, section, OSSL_PROV_FIPS_PARAM_MODULE_MAC); - if (s == NULL) { - BIO_printf(bio_err, "Module integrity MAC not found\n"); - goto end; - } - buf1 = OPENSSL_hexstr2buf(s, &len); - if (buf1 == NULL - || (size_t)len != module_mac_len - || memcmp(module_mac, buf1, module_mac_len) != 0) { - BIO_printf(bio_err, "Module integrity mismatch\n"); - goto end; - } - if (install_mac != NULL && install_mac_len > 0) { - s = NCONF_get_string(conf, section, OSSL_PROV_FIPS_PARAM_INSTALL_STATUS); - if (s == NULL || strcmp(s, INSTALL_STATUS_VAL) != 0) { - BIO_printf(bio_err, "install status not found\n"); - goto end; - } - s = NCONF_get_string(conf, section, OSSL_PROV_FIPS_PARAM_INSTALL_MAC); - if (s == NULL) { - BIO_printf(bio_err, "Install indicator MAC not found\n"); - goto end; - } - buf2 = OPENSSL_hexstr2buf(s, &len); - if (buf2 == NULL - || (size_t)len != install_mac_len - || memcmp(install_mac, buf2, install_mac_len) != 0) { - BIO_printf(bio_err, "Install indicator status mismatch\n"); - goto end; - } - } - ret = 1; -end: - OPENSSL_free(buf1); - OPENSSL_free(buf2); - NCONF_free(conf); - return ret; -} - -int fipsinstall_main(int argc, char **argv) -{ - int ret = 1, verify = 0, gotkey = 0, gotdigest = 0, self_test_onload = 0; - int enable_conditional_errors = 1, enable_security_checks = 1; - const char *section_name = "fips_sect"; - const char *mac_name = "HMAC"; - const char *prov_name = "fips"; - BIO *module_bio = NULL, *mem_bio = NULL, *fout = NULL; - char *in_fname = NULL, *out_fname = NULL, *prog; - char *module_fname = NULL, *parent_config = NULL, *module_path = NULL; - const char *tail; - EVP_MAC_CTX *ctx = NULL, *ctx2 = NULL; - STACK_OF(OPENSSL_STRING) *opts = NULL; - OPTION_CHOICE o; - unsigned char *read_buffer = NULL; - unsigned char module_mac[EVP_MAX_MD_SIZE]; - size_t module_mac_len = EVP_MAX_MD_SIZE; - unsigned char install_mac[EVP_MAX_MD_SIZE]; - size_t install_mac_len = EVP_MAX_MD_SIZE; - EVP_MAC *mac = NULL; - CONF *conf = NULL; - - if ((opts = sk_OPENSSL_STRING_new_null()) == NULL) - goto end; - - prog = opt_init(argc, argv, fipsinstall_options); - while ((o = opt_next()) != OPT_EOF) { - switch (o) { - case OPT_EOF: - case OPT_ERR: -opthelp: - BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); - goto cleanup; - case OPT_HELP: - opt_help(fipsinstall_options); - ret = 0; - goto end; - case OPT_IN: - in_fname = opt_arg(); - break; - case OPT_OUT: - out_fname = opt_arg(); - break; - case OPT_NO_CONDITIONAL_ERRORS: - enable_conditional_errors = 0; - break; - case OPT_NO_SECURITY_CHECKS: - enable_security_checks = 0; - break; - case OPT_QUIET: - quiet = 1; - /* FALLTHROUGH */ - case OPT_NO_LOG: - self_test_log = 0; - break; - case OPT_CORRUPT_DESC: - self_test_corrupt_desc = opt_arg(); - break; - case OPT_CORRUPT_TYPE: - self_test_corrupt_type = opt_arg(); - break; - case OPT_PROV_NAME: - prov_name = opt_arg(); - break; - case OPT_MODULE: - module_fname = opt_arg(); - break; - case OPT_SECTION_NAME: - section_name = opt_arg(); - break; - case OPT_MAC_NAME: - mac_name = opt_arg(); - break; - case OPT_CONFIG: - parent_config = opt_arg(); - break; - case OPT_MACOPT: - if (!sk_OPENSSL_STRING_push(opts, opt_arg())) - goto opthelp; - if (strncmp(opt_arg(), "hexkey:", 7) == 0) - gotkey = 1; - else if (strncmp(opt_arg(), "digest:", 7) == 0) - gotdigest = 1; - break; - case OPT_VERIFY: - verify = 1; - break; - case OPT_SELF_TEST_ONLOAD: - self_test_onload = 1; - break; - } - } - - /* No extra arguments. */ - argc = opt_num_rest(); - if (argc != 0 || (verify && in_fname == NULL)) - goto opthelp; - - if (parent_config != NULL) { - /* Test that a parent config can load the module */ - if (verify_module_load(parent_config)) { - ret = OSSL_PROVIDER_available(NULL, prov_name) ? 0 : 1; - if (!quiet) - BIO_printf(bio_err, "FIPS provider is %s\n", - ret == 0 ? "available" : " not available"); - } - goto end; - } - if (module_fname == NULL) - goto opthelp; - - tail = opt_path_end(module_fname); - if (tail != NULL) { - module_path = OPENSSL_strdup(module_fname); - if (module_path == NULL) - goto end; - module_path[tail - module_fname] = '\0'; - if (!OSSL_PROVIDER_set_default_search_path(NULL, module_path)) - goto end; - } - - if (self_test_log - || self_test_corrupt_desc != NULL - || self_test_corrupt_type != NULL) - OSSL_SELF_TEST_set_callback(NULL, self_test_events, NULL); - - /* Use the default FIPS HMAC digest and key if not specified. */ - if (!gotdigest && !sk_OPENSSL_STRING_push(opts, "digest:SHA256")) - goto end; - if (!gotkey && !sk_OPENSSL_STRING_push(opts, "hexkey:" FIPS_KEY_STRING)) - goto end; - - module_bio = bio_open_default(module_fname, 'r', FORMAT_BINARY); - if (module_bio == NULL) { - BIO_printf(bio_err, "Failed to open module file\n"); - goto end; - } - - read_buffer = app_malloc(BUFSIZE, "I/O buffer"); - if (read_buffer == NULL) - goto end; - - mac = EVP_MAC_fetch(app_get0_libctx(), mac_name, app_get0_propq()); - if (mac == NULL) { - BIO_printf(bio_err, "Unable to get MAC of type %s\n", mac_name); - goto end; - } - - ctx = EVP_MAC_CTX_new(mac); - if (ctx == NULL) { - BIO_printf(bio_err, "Unable to create MAC CTX for module check\n"); - goto end; - } - - if (opts != NULL) { - int ok = 1; - OSSL_PARAM *params = - app_params_new_from_opts(opts, EVP_MAC_settable_ctx_params(mac)); - - if (params == NULL) - goto end; - - if (!EVP_MAC_CTX_set_params(ctx, params)) { - BIO_printf(bio_err, "MAC parameter error\n"); - ERR_print_errors(bio_err); - ok = 0; - } - app_params_free(params); - if (!ok) - goto end; - } - - ctx2 = EVP_MAC_CTX_dup(ctx); - if (ctx2 == NULL) { - BIO_printf(bio_err, "Unable to create MAC CTX for install indicator\n"); - goto end; - } - - if (!do_mac(ctx, read_buffer, module_bio, module_mac, &module_mac_len)) - goto end; - - if (self_test_onload == 0) { - mem_bio = BIO_new_mem_buf((const void *)INSTALL_STATUS_VAL, - strlen(INSTALL_STATUS_VAL)); - if (mem_bio == NULL) { - BIO_printf(bio_err, "Unable to create memory BIO\n"); - goto end; - } - if (!do_mac(ctx2, read_buffer, mem_bio, install_mac, &install_mac_len)) - goto end; - } else { - install_mac_len = 0; - } - - if (verify) { - if (!verify_config(in_fname, section_name, module_mac, module_mac_len, - install_mac, install_mac_len)) - goto end; - if (!quiet) - BIO_printf(bio_err, "VERIFY PASSED\n"); - } else { - - conf = generate_config_and_load(prov_name, section_name, module_mac, - module_mac_len, - enable_conditional_errors, - enable_security_checks); - if (conf == NULL) - goto end; - if (!load_fips_prov_and_run_self_test(prov_name)) - goto end; - - fout = - out_fname == NULL ? dup_bio_out(FORMAT_TEXT) - : bio_open_default(out_fname, 'w', FORMAT_TEXT); - if (fout == NULL) { - BIO_printf(bio_err, "Failed to open file\n"); - goto end; - } - if (!write_config_fips_section(fout, section_name, - module_mac, module_mac_len, - enable_conditional_errors, - enable_security_checks, - install_mac, install_mac_len)) - goto end; - if (!quiet) - BIO_printf(bio_err, "INSTALL PASSED\n"); - } - - ret = 0; -end: - if (ret == 1) { - if (!quiet) - BIO_printf(bio_err, "%s FAILED\n", verify ? "VERIFY" : "INSTALL"); - ERR_print_errors(bio_err); - } - -cleanup: - OPENSSL_free(module_path); - BIO_free(fout); - BIO_free(mem_bio); - BIO_free(module_bio); - sk_OPENSSL_STRING_free(opts); - EVP_MAC_free(mac); - EVP_MAC_CTX_free(ctx2); - EVP_MAC_CTX_free(ctx); - OPENSSL_free(read_buffer); - free_config_and_unload(conf); - return ret; -} - -static int self_test_events(const OSSL_PARAM params[], void *arg) -{ - const OSSL_PARAM *p = NULL; - const char *phase = NULL, *type = NULL, *desc = NULL; - int ret = 0; - - p = OSSL_PARAM_locate_const(params, OSSL_PROV_PARAM_SELF_TEST_PHASE); - if (p == NULL || p->data_type != OSSL_PARAM_UTF8_STRING) - goto err; - phase = (const char *)p->data; - - p = OSSL_PARAM_locate_const(params, OSSL_PROV_PARAM_SELF_TEST_DESC); - if (p == NULL || p->data_type != OSSL_PARAM_UTF8_STRING) - goto err; - desc = (const char *)p->data; - - p = OSSL_PARAM_locate_const(params, OSSL_PROV_PARAM_SELF_TEST_TYPE); - if (p == NULL || p->data_type != OSSL_PARAM_UTF8_STRING) - goto err; - type = (const char *)p->data; - - if (self_test_log) { - if (strcmp(phase, OSSL_SELF_TEST_PHASE_START) == 0) - BIO_printf(bio_err, "%s : (%s) : ", desc, type); - else if (strcmp(phase, OSSL_SELF_TEST_PHASE_PASS) == 0 - || strcmp(phase, OSSL_SELF_TEST_PHASE_FAIL) == 0) - BIO_printf(bio_err, "%s\n", phase); - } - /* - * The self test code will internally corrupt the KAT test result if an - * error is returned during the corrupt phase. - */ - if (strcmp(phase, OSSL_SELF_TEST_PHASE_CORRUPT) == 0 - && (self_test_corrupt_desc != NULL - || self_test_corrupt_type != NULL)) { - if (self_test_corrupt_desc != NULL - && strcmp(self_test_corrupt_desc, desc) != 0) - goto end; - if (self_test_corrupt_type != NULL - && strcmp(self_test_corrupt_type, type) != 0) - goto end; - BIO_printf(bio_err, "%s ", phase); - goto err; - } -end: - ret = 1; -err: - return ret; -} diff --git a/apps/gendsa.c b/apps/gendsa.c deleted file mode 100644 index 27feb793fed23cac1a9bff0ac5e5e625073511e3..0000000000000000000000000000000000000000 --- a/apps/gendsa.c +++ /dev/null @@ -1,168 +0,0 @@ -/* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include - -#include -#include -#include -#include -#include "apps.h" -#include "progs.h" -#include -#include -#include -#include -#include -#include - -typedef enum OPTION_choice { - OPT_COMMON, - OPT_OUT, OPT_PASSOUT, OPT_ENGINE, OPT_CIPHER, OPT_VERBOSE, - OPT_R_ENUM, OPT_PROV_ENUM -} OPTION_CHOICE; - -const OPTIONS gendsa_options[] = { - {OPT_HELP_STR, 1, '-', "Usage: %s [options] dsaparam-file\n"}, - - OPT_SECTION("General"), - {"help", OPT_HELP, '-', "Display this summary"}, -#ifndef OPENSSL_NO_ENGINE - {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, -#endif - - OPT_SECTION("Output"), - {"out", OPT_OUT, '>', "Output the key to the specified file"}, - {"passout", OPT_PASSOUT, 's', "Output file pass phrase source"}, - OPT_R_OPTIONS, - OPT_PROV_OPTIONS, - {"", OPT_CIPHER, '-', "Encrypt the output with any supported cipher"}, - {"verbose", OPT_VERBOSE, '-', "Verbose output"}, - - OPT_PARAMETERS(), - {"dsaparam-file", 0, 0, "File containing DSA parameters"}, - {NULL} -}; - -int gendsa_main(int argc, char **argv) -{ - ENGINE *e = NULL; - BIO *out = NULL, *in = NULL; - EVP_PKEY *pkey = NULL; - EVP_PKEY_CTX *ctx = NULL; - EVP_CIPHER *enc = NULL; - char *dsaparams = NULL, *ciphername = NULL; - char *outfile = NULL, *passoutarg = NULL, *passout = NULL, *prog; - OPTION_CHOICE o; - int ret = 1, private = 0, verbose = 0, nbits; - - prog = opt_init(argc, argv, gendsa_options); - while ((o = opt_next()) != OPT_EOF) { - switch (o) { - case OPT_EOF: - case OPT_ERR: - opthelp: - BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); - goto end; - case OPT_HELP: - ret = 0; - opt_help(gendsa_options); - goto end; - case OPT_OUT: - outfile = opt_arg(); - break; - case OPT_PASSOUT: - passoutarg = opt_arg(); - break; - case OPT_ENGINE: - e = setup_engine(opt_arg(), 0); - break; - case OPT_R_CASES: - if (!opt_rand(o)) - goto end; - break; - case OPT_PROV_CASES: - if (!opt_provider(o)) - goto end; - break; - case OPT_CIPHER: - ciphername = opt_unknown(); - break; - case OPT_VERBOSE: - verbose = 1; - break; - } - } - - /* One argument, the params file. */ - argc = opt_num_rest(); - argv = opt_rest(); - if (argc != 1) - goto opthelp; - dsaparams = argv[0]; - - if (!app_RAND_load()) - goto end; - - if (ciphername != NULL) { - if (!opt_cipher(ciphername, &enc)) - goto end; - } - private = 1; - - if (!app_passwd(NULL, passoutarg, NULL, &passout)) { - BIO_printf(bio_err, "Error getting password\n"); - goto end; - } - - pkey = load_keyparams(dsaparams, FORMAT_UNDEF, 1, "DSA", "DSA parameters"); - - out = bio_open_owner(outfile, FORMAT_PEM, private); - if (out == NULL) - goto end2; - - nbits = EVP_PKEY_get_bits(pkey); - if (nbits > OPENSSL_DSA_MAX_MODULUS_BITS) - BIO_printf(bio_err, - "Warning: It is not recommended to use more than %d bit for DSA keys.\n" - " Your key size is %d! Larger key size may behave not as expected.\n", - OPENSSL_DSA_MAX_MODULUS_BITS, EVP_PKEY_get_bits(pkey)); - - ctx = EVP_PKEY_CTX_new_from_pkey(app_get0_libctx(), pkey, app_get0_propq()); - if (ctx == NULL) { - BIO_printf(bio_err, "unable to create PKEY context\n"); - goto end; - } - EVP_PKEY_free(pkey); - pkey = NULL; - if (EVP_PKEY_keygen_init(ctx) <= 0) { - BIO_printf(bio_err, "unable to set up for key generation\n"); - goto end; - } - pkey = app_keygen(ctx, "DSA", nbits, verbose); - - assert(private); - if (!PEM_write_bio_PrivateKey(out, pkey, enc, NULL, 0, NULL, passout)) { - BIO_printf(bio_err, "unable to output generated key\n"); - goto end; - } - ret = 0; - end: - if (ret != 0) - ERR_print_errors(bio_err); - end2: - BIO_free(in); - BIO_free_all(out); - EVP_PKEY_free(pkey); - EVP_PKEY_CTX_free(ctx); - EVP_CIPHER_free(enc); - release_engine(e); - OPENSSL_free(passout); - return ret; -} diff --git a/apps/genpkey.c b/apps/genpkey.c deleted file mode 100644 index d00754eeaca09fb62e37f08e4a5f211435cd5c90..0000000000000000000000000000000000000000 --- a/apps/genpkey.c +++ /dev/null @@ -1,342 +0,0 @@ -/* - * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include "apps.h" -#include "progs.h" -#include -#include -#include - -static int quiet; - -static int init_keygen_file(EVP_PKEY_CTX **pctx, const char *file, ENGINE *e, - OSSL_LIB_CTX *libctx, const char *propq); -static int genpkey_cb(EVP_PKEY_CTX *ctx); - -typedef enum OPTION_choice { - OPT_COMMON, - OPT_ENGINE, OPT_OUTFORM, OPT_OUT, OPT_PASS, OPT_PARAMFILE, - OPT_ALGORITHM, OPT_PKEYOPT, OPT_GENPARAM, OPT_TEXT, OPT_CIPHER, - OPT_QUIET, OPT_CONFIG, - OPT_PROV_ENUM -} OPTION_CHOICE; - -const OPTIONS genpkey_options[] = { - OPT_SECTION("General"), - {"help", OPT_HELP, '-', "Display this summary"}, -#ifndef OPENSSL_NO_ENGINE - {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, -#endif - {"paramfile", OPT_PARAMFILE, '<', "Parameters file"}, - {"algorithm", OPT_ALGORITHM, 's', "The public key algorithm"}, - {"quiet", OPT_QUIET, '-', "Do not output status while generating keys"}, - {"pkeyopt", OPT_PKEYOPT, 's', - "Set the public key algorithm option as opt:value"}, - OPT_CONFIG_OPTION, - - OPT_SECTION("Output"), - {"out", OPT_OUT, '>', "Output file"}, - {"outform", OPT_OUTFORM, 'F', "output format (DER or PEM)"}, - {"pass", OPT_PASS, 's', "Output file pass phrase source"}, - {"genparam", OPT_GENPARAM, '-', "Generate parameters, not key"}, - {"text", OPT_TEXT, '-', "Print the in text"}, - {"", OPT_CIPHER, '-', "Cipher to use to encrypt the key"}, - - OPT_PROV_OPTIONS, - - /* This is deliberately last. */ - {OPT_HELP_STR, 1, 1, - "Order of options may be important! See the documentation.\n"}, - {NULL} -}; - -int genpkey_main(int argc, char **argv) -{ - CONF *conf = NULL; - BIO *in = NULL, *out = NULL; - ENGINE *e = NULL; - EVP_PKEY *pkey = NULL; - EVP_PKEY_CTX *ctx = NULL; - char *outfile = NULL, *passarg = NULL, *pass = NULL, *prog, *p; - const char *ciphername = NULL, *paramfile = NULL, *algname = NULL; - EVP_CIPHER *cipher = NULL; - OPTION_CHOICE o; - int outformat = FORMAT_PEM, text = 0, ret = 1, rv, do_param = 0; - int private = 0, i; - OSSL_LIB_CTX *libctx = app_get0_libctx(); - STACK_OF(OPENSSL_STRING) *keyopt = NULL; - - prog = opt_init(argc, argv, genpkey_options); - keyopt = sk_OPENSSL_STRING_new_null(); - if (keyopt == NULL) - goto end; - while ((o = opt_next()) != OPT_EOF) { - switch (o) { - case OPT_EOF: - case OPT_ERR: - opthelp: - BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); - goto end; - case OPT_HELP: - ret = 0; - opt_help(genpkey_options); - goto end; - case OPT_OUTFORM: - if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &outformat)) - goto opthelp; - break; - case OPT_OUT: - outfile = opt_arg(); - break; - case OPT_PASS: - passarg = opt_arg(); - break; - case OPT_ENGINE: - e = setup_engine(opt_arg(), 0); - break; - case OPT_PARAMFILE: - if (do_param == 1) - goto opthelp; - paramfile = opt_arg(); - break; - case OPT_ALGORITHM: - algname = opt_arg(); - break; - case OPT_PKEYOPT: - if (!sk_OPENSSL_STRING_push(keyopt, opt_arg())) - goto end; - break; - case OPT_QUIET: - quiet = 1; - break; - case OPT_GENPARAM: - do_param = 1; - break; - case OPT_TEXT: - text = 1; - break; - case OPT_CIPHER: - ciphername = opt_unknown(); - break; - case OPT_CONFIG: - conf = app_load_config_modules(opt_arg()); - if (conf == NULL) - goto end; - break; - case OPT_PROV_CASES: - if (!opt_provider(o)) - goto end; - break; - } - } - - /* No extra arguments. */ - argc = opt_num_rest(); - if (argc != 0) - goto opthelp; - - /* Fetch cipher, etc. */ - if (paramfile != NULL) { - if (!init_keygen_file(&ctx, paramfile, e, libctx, app_get0_propq())) - goto end; - } - if (algname != NULL) { - if (!init_gen_str(&ctx, algname, e, do_param, libctx, app_get0_propq())) - goto end; - } - if (ctx == NULL) - goto opthelp; - - for (i = 0; i < sk_OPENSSL_STRING_num(keyopt); i++) { - p = sk_OPENSSL_STRING_value(keyopt, i); - if (pkey_ctrl_string(ctx, p) <= 0) { - BIO_printf(bio_err, "%s: Error setting %s parameter:\n", prog, p); - ERR_print_errors(bio_err); - goto end; - } - } - if (ciphername != NULL) - if (!opt_cipher(ciphername, &cipher) || do_param == 1) - goto opthelp; - - private = do_param ? 0 : 1; - - if (!app_passwd(passarg, NULL, &pass, NULL)) { - BIO_puts(bio_err, "Error getting password\n"); - goto end; - } - - out = bio_open_owner(outfile, outformat, private); - if (out == NULL) - goto end; - - EVP_PKEY_CTX_set_cb(ctx, genpkey_cb); - EVP_PKEY_CTX_set_app_data(ctx, bio_err); - - pkey = do_param ? app_paramgen(ctx, algname) - : app_keygen(ctx, algname, 0, 0 /* not verbose */); - - if (do_param) { - rv = PEM_write_bio_Parameters(out, pkey); - } else if (outformat == FORMAT_PEM) { - assert(private); - rv = PEM_write_bio_PrivateKey(out, pkey, cipher, NULL, 0, NULL, pass); - } else if (outformat == FORMAT_ASN1) { - assert(private); - rv = i2d_PrivateKey_bio(out, pkey); - } else { - BIO_printf(bio_err, "Bad format specified for key\n"); - goto end; - } - - ret = 0; - - if (rv <= 0) { - BIO_puts(bio_err, "Error writing key\n"); - ret = 1; - } - - if (text) { - if (do_param) - rv = EVP_PKEY_print_params(out, pkey, 0, NULL); - else - rv = EVP_PKEY_print_private(out, pkey, 0, NULL); - - if (rv <= 0) { - BIO_puts(bio_err, "Error printing key\n"); - ret = 1; - } - } - - end: - sk_OPENSSL_STRING_free(keyopt); - if (ret != 0) - ERR_print_errors(bio_err); - EVP_PKEY_free(pkey); - EVP_PKEY_CTX_free(ctx); - EVP_CIPHER_free(cipher); - BIO_free_all(out); - BIO_free(in); - release_engine(e); - OPENSSL_free(pass); - NCONF_free(conf); - return ret; -} - -static int init_keygen_file(EVP_PKEY_CTX **pctx, const char *file, ENGINE *e, - OSSL_LIB_CTX *libctx, const char *propq) -{ - BIO *pbio; - EVP_PKEY *pkey = NULL; - EVP_PKEY_CTX *ctx = NULL; - if (*pctx) { - BIO_puts(bio_err, "Parameters already set!\n"); - return 0; - } - - pbio = BIO_new_file(file, "r"); - if (pbio == NULL) { - BIO_printf(bio_err, "Can't open parameter file %s\n", file); - return 0; - } - - pkey = PEM_read_bio_Parameters_ex(pbio, NULL, libctx, propq); - BIO_free(pbio); - - if (pkey == NULL) { - BIO_printf(bio_err, "Error reading parameter file %s\n", file); - return 0; - } - - if (e != NULL) - ctx = EVP_PKEY_CTX_new(pkey, e); - else - ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, propq); - if (ctx == NULL) - goto err; - if (EVP_PKEY_keygen_init(ctx) <= 0) - goto err; - EVP_PKEY_free(pkey); - *pctx = ctx; - return 1; - - err: - BIO_puts(bio_err, "Error initializing context\n"); - ERR_print_errors(bio_err); - EVP_PKEY_CTX_free(ctx); - EVP_PKEY_free(pkey); - return 0; - -} - -int init_gen_str(EVP_PKEY_CTX **pctx, - const char *algname, ENGINE *e, int do_param, - OSSL_LIB_CTX *libctx, const char *propq) -{ - EVP_PKEY_CTX *ctx = NULL; - int pkey_id; - - if (*pctx) { - BIO_puts(bio_err, "Algorithm already set!\n"); - return 0; - } - - pkey_id = get_legacy_pkey_id(libctx, algname, e); - if (pkey_id != NID_undef) - ctx = EVP_PKEY_CTX_new_id(pkey_id, e); - else - ctx = EVP_PKEY_CTX_new_from_name(libctx, algname, propq); - - if (ctx == NULL) - goto err; - if (do_param) { - if (EVP_PKEY_paramgen_init(ctx) <= 0) - goto err; - } else { - if (EVP_PKEY_keygen_init(ctx) <= 0) - goto err; - } - - *pctx = ctx; - return 1; - - err: - BIO_printf(bio_err, "Error initializing %s context\n", algname); - ERR_print_errors(bio_err); - EVP_PKEY_CTX_free(ctx); - return 0; - -} - -static int genpkey_cb(EVP_PKEY_CTX *ctx) -{ - char c = '*'; - BIO *b = EVP_PKEY_CTX_get_app_data(ctx); - - if (quiet) - return 1; - - switch (EVP_PKEY_CTX_get_keygen_info(ctx, 0)) { - case 0: - c = '.'; - break; - case 1: - c = '+'; - break; - case 3: - c = '\n'; - break; - } - - BIO_write(b, &c, 1); - (void)BIO_flush(b); - return 1; -} diff --git a/apps/genrsa.c b/apps/genrsa.c deleted file mode 100644 index 4436b7fa1745a9f75f3c90c3cddb0767aa785d63..0000000000000000000000000000000000000000 --- a/apps/genrsa.c +++ /dev/null @@ -1,269 +0,0 @@ -/* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include - -#include -#include -#include -#include -#include "apps.h" -#include "progs.h" -#include -#include -#include -#include -#include -#include -#include -#include - -#define DEFBITS 2048 -#define DEFPRIMES 2 - -static int verbose = 0; - -static int genrsa_cb(EVP_PKEY_CTX *ctx); - -typedef enum OPTION_choice { - OPT_COMMON, -#ifndef OPENSSL_NO_DEPRECATED_3_0 - OPT_3, -#endif - OPT_F4, OPT_ENGINE, - OPT_OUT, OPT_PASSOUT, OPT_CIPHER, OPT_PRIMES, OPT_VERBOSE, - OPT_R_ENUM, OPT_PROV_ENUM, OPT_TRADITIONAL -} OPTION_CHOICE; - -const OPTIONS genrsa_options[] = { - {OPT_HELP_STR, 1, '-', "Usage: %s [options] numbits\n"}, - - OPT_SECTION("General"), - {"help", OPT_HELP, '-', "Display this summary"}, -#ifndef OPENSSL_NO_ENGINE - {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, -#endif - - OPT_SECTION("Input"), -#ifndef OPENSSL_NO_DEPRECATED_3_0 - {"3", OPT_3, '-', "(deprecated) Use 3 for the E value"}, -#endif - {"F4", OPT_F4, '-', "Use the Fermat number F4 (0x10001) for the E value"}, - {"f4", OPT_F4, '-', "Use the Fermat number F4 (0x10001) for the E value"}, - - OPT_SECTION("Output"), - {"out", OPT_OUT, '>', "Output the key to specified file"}, - {"passout", OPT_PASSOUT, 's', "Output file pass phrase source"}, - {"primes", OPT_PRIMES, 'p', "Specify number of primes"}, - {"verbose", OPT_VERBOSE, '-', "Verbose output"}, - {"traditional", OPT_TRADITIONAL, '-', - "Use traditional format for private keys"}, - {"", OPT_CIPHER, '-', "Encrypt the output with any supported cipher"}, - - OPT_R_OPTIONS, - OPT_PROV_OPTIONS, - - OPT_PARAMETERS(), - {"numbits", 0, 0, "Size of key in bits"}, - {NULL} -}; - -int genrsa_main(int argc, char **argv) -{ - BN_GENCB *cb = BN_GENCB_new(); - ENGINE *eng = NULL; - BIGNUM *bn = BN_new(); - BIO *out = NULL; - EVP_PKEY *pkey = NULL; - EVP_PKEY_CTX *ctx = NULL; - EVP_CIPHER *enc = NULL; - int ret = 1, num = DEFBITS, private = 0, primes = DEFPRIMES; - unsigned long f4 = RSA_F4; - char *outfile = NULL, *passoutarg = NULL, *passout = NULL; - char *prog, *hexe, *dece, *ciphername = NULL; - OPTION_CHOICE o; - int traditional = 0; - - if (bn == NULL || cb == NULL) - goto end; - - prog = opt_init(argc, argv, genrsa_options); - while ((o = opt_next()) != OPT_EOF) { - switch (o) { - case OPT_EOF: - case OPT_ERR: -opthelp: - BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); - goto end; - case OPT_HELP: - ret = 0; - opt_help(genrsa_options); - goto end; -#ifndef OPENSSL_NO_DEPRECATED_3_0 - case OPT_3: - f4 = RSA_3; - break; -#endif - case OPT_F4: - f4 = RSA_F4; - break; - case OPT_OUT: - outfile = opt_arg(); - break; - case OPT_ENGINE: - eng = setup_engine(opt_arg(), 0); - break; - case OPT_R_CASES: - if (!opt_rand(o)) - goto end; - break; - case OPT_PROV_CASES: - if (!opt_provider(o)) - goto end; - break; - case OPT_PASSOUT: - passoutarg = opt_arg(); - break; - case OPT_CIPHER: - ciphername = opt_unknown(); - break; - case OPT_PRIMES: - primes = opt_int_arg(); - break; - case OPT_VERBOSE: - verbose = 1; - break; - case OPT_TRADITIONAL: - traditional = 1; - break; - } - } - - /* One optional argument, the bitsize. */ - argc = opt_num_rest(); - argv = opt_rest(); - - if (argc == 1) { - if (!opt_int(argv[0], &num) || num <= 0) - goto end; - if (num > OPENSSL_RSA_MAX_MODULUS_BITS) - BIO_printf(bio_err, - "Warning: It is not recommended to use more than %d bit for RSA keys.\n" - " Your key size is %d! Larger key size may behave not as expected.\n", - OPENSSL_RSA_MAX_MODULUS_BITS, num); - } else if (argc > 0) { - BIO_printf(bio_err, "Extra arguments given.\n"); - goto opthelp; - } - - if (!app_RAND_load()) - goto end; - - private = 1; - if (ciphername != NULL) { - if (!opt_cipher(ciphername, &enc)) - goto end; - } - if (!app_passwd(NULL, passoutarg, NULL, &passout)) { - BIO_printf(bio_err, "Error getting password\n"); - goto end; - } - - out = bio_open_owner(outfile, FORMAT_PEM, private); - if (out == NULL) - goto end; - - if (!init_gen_str(&ctx, "RSA", eng, 0, app_get0_libctx(), - app_get0_propq())) - goto end; - - EVP_PKEY_CTX_set_cb(ctx, genrsa_cb); - EVP_PKEY_CTX_set_app_data(ctx, bio_err); - - if (EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, num) <= 0) { - BIO_printf(bio_err, "Error setting RSA length\n"); - goto end; - } - if (!BN_set_word(bn, f4)) { - BIO_printf(bio_err, "Error allocating RSA public exponent\n"); - goto end; - } - if (EVP_PKEY_CTX_set1_rsa_keygen_pubexp(ctx, bn) <= 0) { - BIO_printf(bio_err, "Error setting RSA public exponent\n"); - goto end; - } - if (EVP_PKEY_CTX_set_rsa_keygen_primes(ctx, primes) <= 0) { - BIO_printf(bio_err, "Error setting number of primes\n"); - goto end; - } - pkey = app_keygen(ctx, "RSA", num, verbose); - - if (verbose) { - BIGNUM *e = NULL; - - /* Every RSA key has an 'e' */ - EVP_PKEY_get_bn_param(pkey, "e", &e); - if (e == NULL) { - BIO_printf(bio_err, "Error cannot access RSA e\n"); - goto end; - } - hexe = BN_bn2hex(e); - dece = BN_bn2dec(e); - if (hexe && dece) { - BIO_printf(bio_err, "e is %s (0x%s)\n", dece, hexe); - } - OPENSSL_free(hexe); - OPENSSL_free(dece); - BN_free(e); - } - if (traditional) { - if (!PEM_write_bio_PrivateKey_traditional(out, pkey, enc, NULL, 0, - NULL, passout)) - goto end; - } else { - if (!PEM_write_bio_PrivateKey(out, pkey, enc, NULL, 0, NULL, passout)) - goto end; - } - - ret = 0; - end: - BN_free(bn); - BN_GENCB_free(cb); - EVP_PKEY_CTX_free(ctx); - EVP_PKEY_free(pkey); - EVP_CIPHER_free(enc); - BIO_free_all(out); - release_engine(eng); - OPENSSL_free(passout); - if (ret != 0) - ERR_print_errors(bio_err); - return ret; -} - -static int genrsa_cb(EVP_PKEY_CTX *ctx) -{ - char c = '*'; - BIO *b = EVP_PKEY_CTX_get_app_data(ctx); - int p = EVP_PKEY_CTX_get_keygen_info(ctx, 0); - - if (!verbose) - return 1; - - if (p == 0) - c = '.'; - if (p == 1) - c = '+'; - if (p == 2) - c = '*'; - if (p == 3) - c = '\n'; - BIO_write(b, &c, 1); - (void)BIO_flush(b); - return 1; -} diff --git a/apps/include/__DECC_INCLUDE_EPILOGUE.H b/apps/include/__DECC_INCLUDE_EPILOGUE.H deleted file mode 100644 index 2ab493330675b8c7831e20c40c4a100aff48ae52..0000000000000000000000000000000000000000 --- a/apps/include/__DECC_INCLUDE_EPILOGUE.H +++ /dev/null @@ -1,22 +0,0 @@ -/* - * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * This file is only used by HP C/C++ on VMS, and is included automatically - * after each header file from this directory - */ - -/* - * The C++ compiler doesn't understand these pragmas, even though it - * understands the corresponding command line qualifier. - */ -#ifndef __cplusplus -/* restore state. Must correspond to the save in __decc_include_prologue.h */ -# pragma names restore -#endif diff --git a/apps/include/__DECC_INCLUDE_PROLOGUE.H b/apps/include/__DECC_INCLUDE_PROLOGUE.H deleted file mode 100644 index 8e95fa97548817f6dd0e3dce43b94f58d4825bb4..0000000000000000000000000000000000000000 --- a/apps/include/__DECC_INCLUDE_PROLOGUE.H +++ /dev/null @@ -1,26 +0,0 @@ -/* - * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * This file is only used by HP C/C++ on VMS, and is included automatically - * after each header file from this directory - */ - -/* - * The C++ compiler doesn't understand these pragmas, even though it - * understands the corresponding command line qualifier. - */ -#ifndef __cplusplus -/* save state */ -# pragma names save -/* have the compiler shorten symbols larger than 31 chars to 23 chars - * followed by a 8 hex char CRC - */ -# pragma names as_is,shortened -#endif diff --git a/apps/include/app_libctx.h b/apps/include/app_libctx.h deleted file mode 100644 index 17c0afc713d2c130f4fae86d9752cded0f9df1b5..0000000000000000000000000000000000000000 --- a/apps/include/app_libctx.h +++ /dev/null @@ -1,20 +0,0 @@ -/* - * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#ifndef OSSL_APPS_LIBCTX_H -# define OSSL_APPS_LIBCTX_H - -# include - -OSSL_LIB_CTX *app_create_libctx(void); -OSSL_LIB_CTX *app_get0_libctx(void); -int app_set_propq(const char *arg); -const char *app_get0_propq(void); - -#endif diff --git a/apps/include/app_params.h b/apps/include/app_params.h deleted file mode 100644 index 79f8f58b3122fc8df7141dbf71c8f18332bee89e..0000000000000000000000000000000000000000 --- a/apps/include/app_params.h +++ /dev/null @@ -1,14 +0,0 @@ -/* - * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include - -int print_param_types(const char *thing, const OSSL_PARAM *pdefs, int indent); -void print_param_value(const OSSL_PARAM *p, int indent); - diff --git a/apps/include/apps.h b/apps/include/apps.h deleted file mode 100644 index baacd0025d680dbb9816e79698adeeaf861e1718..0000000000000000000000000000000000000000 --- a/apps/include/apps.h +++ /dev/null @@ -1,348 +0,0 @@ -/* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#ifndef OSSL_APPS_H -# define OSSL_APPS_H - -# include "e_os.h" /* struct timeval for DTLS */ -# include "internal/nelem.h" -# include "internal/sockets.h" /* for openssl_fdset() */ -# include "internal/cryptlib.h" /* ossl_assert() */ -# include - -# include -# include -# ifndef OPENSSL_NO_POSIX_IO -# include -# include -# endif - -# include -# include -# include -# include -# include -# include -# include -# include -# include -# include -# include "apps_ui.h" -# include "opt.h" -# include "fmt.h" -# include "platform.h" -# include "engine_loader.h" -# include "app_libctx.h" - -/* - * quick macro when you need to pass an unsigned char instead of a char. - * this is true for some implementations of the is*() functions, for - * example. - */ -# define _UC(c) ((unsigned char)(c)) - -void app_RAND_load_conf(CONF *c, const char *section); -int app_RAND_write(void); -int app_RAND_load(void); - -extern char *default_config_file; /* may be "" */ -extern BIO *bio_in; -extern BIO *bio_out; -extern BIO *bio_err; -extern const unsigned char tls13_aes128gcmsha256_id[]; -extern const unsigned char tls13_aes256gcmsha384_id[]; -extern BIO_ADDR *ourpeer; - -BIO *dup_bio_in(int format); -BIO *dup_bio_out(int format); -BIO *dup_bio_err(int format); -BIO *bio_open_owner(const char *filename, int format, int private); -BIO *bio_open_default(const char *filename, char mode, int format); -BIO *bio_open_default_quiet(const char *filename, char mode, int format); -CONF *app_load_config_bio(BIO *in, const char *filename); -#define app_load_config(filename) app_load_config_internal(filename, 0) -#define app_load_config_quiet(filename) app_load_config_internal(filename, 1) -CONF *app_load_config_internal(const char *filename, int quiet); -CONF *app_load_config_verbose(const char *filename, int verbose); -int app_load_modules(const CONF *config); -CONF *app_load_config_modules(const char *configfile); -void unbuffer(FILE *fp); -void wait_for_async(SSL *s); -# if defined(OPENSSL_SYS_MSDOS) -int has_stdin_waiting(void); -# endif - -void corrupt_signature(const ASN1_STRING *signature); -int set_cert_times(X509 *x, const char *startdate, const char *enddate, - int days); -int set_crl_lastupdate(X509_CRL *crl, const char *lastupdate); -int set_crl_nextupdate(X509_CRL *crl, const char *nextupdate, - long days, long hours, long secs); - -typedef struct args_st { - int size; - int argc; - char **argv; -} ARGS; - -/* We need both wrap and the "real" function because libcrypto uses both. */ -int wrap_password_callback(char *buf, int bufsiz, int verify, void *cb_data); - -int chopup_args(ARGS *arg, char *buf); -void dump_cert_text(BIO *out, X509 *x); -void print_name(BIO *out, const char *title, const X509_NAME *nm); -void print_bignum_var(BIO *, const BIGNUM *, const char*, - int, unsigned char *); -void print_array(BIO *, const char *, int, const unsigned char *); -int set_nameopt(const char *arg); -unsigned long get_nameopt(void); -int set_dateopt(unsigned long *dateopt, const char *arg); -int set_cert_ex(unsigned long *flags, const char *arg); -int set_name_ex(unsigned long *flags, const char *arg); -int set_ext_copy(int *copy_type, const char *arg); -int copy_extensions(X509 *x, X509_REQ *req, int copy_type); -char *get_passwd(const char *pass, const char *desc); -int app_passwd(const char *arg1, const char *arg2, char **pass1, char **pass2); -int add_oid_section(CONF *conf); -X509_REQ *load_csr(const char *file, int format, const char *desc); -X509 *load_cert_pass(const char *uri, int format, int maybe_stdin, - const char *pass, const char *desc); -#define load_cert(uri, format, desc) load_cert_pass(uri, format, 1, NULL, desc) -X509_CRL *load_crl(const char *uri, int format, int maybe_stdin, - const char *desc); -void cleanse(char *str); -void clear_free(char *str); -EVP_PKEY *load_key(const char *uri, int format, int maybe_stdin, - const char *pass, ENGINE *e, const char *desc); -EVP_PKEY *load_pubkey(const char *uri, int format, int maybe_stdin, - const char *pass, ENGINE *e, const char *desc); -EVP_PKEY *load_keyparams(const char *uri, int format, int maybe_stdin, - const char *keytype, const char *desc); -EVP_PKEY *load_keyparams_suppress(const char *uri, int format, int maybe_stdin, - const char *keytype, const char *desc, - int suppress_decode_errors); -char *next_item(char *opt); /* in list separated by comma and/or space */ -int load_cert_certs(const char *uri, - X509 **pcert, STACK_OF(X509) **pcerts, - int exclude_http, const char *pass, const char *desc, - X509_VERIFY_PARAM *vpm); -STACK_OF(X509) *load_certs_multifile(char *files, const char *pass, - const char *desc, X509_VERIFY_PARAM *vpm); -X509_STORE *load_certstore(char *input, const char *pass, const char *desc, - X509_VERIFY_PARAM *vpm); -int load_certs(const char *uri, int maybe_stdin, STACK_OF(X509) **certs, - const char *pass, const char *desc); -int load_crls(const char *uri, STACK_OF(X509_CRL) **crls, - const char *pass, const char *desc); -int load_key_certs_crls(const char *uri, int format, int maybe_stdin, - const char *pass, const char *desc, - EVP_PKEY **ppkey, EVP_PKEY **ppubkey, - EVP_PKEY **pparams, - X509 **pcert, STACK_OF(X509) **pcerts, - X509_CRL **pcrl, STACK_OF(X509_CRL) **pcrls); -int load_key_cert_crl(const char *uri, int format, int maybe_stdin, - const char *pass, const char *desc, - EVP_PKEY **ppkey, EVP_PKEY **ppubkey, - X509 **pcert, X509_CRL **pcrl); -X509_STORE *setup_verify(const char *CAfile, int noCAfile, - const char *CApath, int noCApath, - const char *CAstore, int noCAstore); -__owur int ctx_set_verify_locations(SSL_CTX *ctx, - const char *CAfile, int noCAfile, - const char *CApath, int noCApath, - const char *CAstore, int noCAstore); - -# ifndef OPENSSL_NO_CT - -/* - * Sets the file to load the Certificate Transparency log list from. - * If path is NULL, loads from the default file path. - * Returns 1 on success, 0 otherwise. - */ -__owur int ctx_set_ctlog_list_file(SSL_CTX *ctx, const char *path); - -# endif - -ENGINE *setup_engine_methods(const char *id, unsigned int methods, int debug); -# define setup_engine(e, debug) setup_engine_methods(e, (unsigned int)-1, debug) -void release_engine(ENGINE *e); -int init_engine(ENGINE *e); -int finish_engine(ENGINE *e); -char *make_engine_uri(ENGINE *e, const char *key_id, const char *desc); - -int get_legacy_pkey_id(OSSL_LIB_CTX *libctx, const char *algname, ENGINE *e); -const EVP_MD *get_digest_from_engine(const char *name); -const EVP_CIPHER *get_cipher_from_engine(const char *name); - -# ifndef OPENSSL_NO_OCSP -OCSP_RESPONSE *process_responder(OCSP_REQUEST *req, const char *host, - const char *port, const char *path, - const char *proxy, const char *no_proxy, - int use_ssl, STACK_OF(CONF_VALUE) *headers, - int req_timeout); -# endif - -/* Functions defined in ca.c and also used in ocsp.c */ -int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold, - ASN1_GENERALIZEDTIME **pinvtm, const char *str); - -# define DB_type 0 -# define DB_exp_date 1 -# define DB_rev_date 2 -# define DB_serial 3 /* index - unique */ -# define DB_file 4 -# define DB_name 5 /* index - unique when active and not - * disabled */ -# define DB_NUMBER 6 - -# define DB_TYPE_REV 'R' /* Revoked */ -# define DB_TYPE_EXP 'E' /* Expired */ -# define DB_TYPE_VAL 'V' /* Valid ; inserted with: ca ... -valid */ -# define DB_TYPE_SUSP 'S' /* Suspended */ - -typedef struct db_attr_st { - int unique_subject; -} DB_ATTR; -typedef struct ca_db_st { - DB_ATTR attributes; - TXT_DB *db; - char *dbfname; -# ifndef OPENSSL_NO_POSIX_IO - struct stat dbst; -# endif -} CA_DB; - -void app_bail_out(char *fmt, ...); -void *app_malloc(size_t sz, const char *what); - -/* load_serial, save_serial, and rotate_serial are also used for CRL numbers */ -BIGNUM *load_serial(const char *serialfile, int *exists, int create, - ASN1_INTEGER **retai); -int save_serial(const char *serialfile, const char *suffix, - const BIGNUM *serial, ASN1_INTEGER **retai); -int rotate_serial(const char *serialfile, const char *new_suffix, - const char *old_suffix); -int rand_serial(BIGNUM *b, ASN1_INTEGER *ai); - -CA_DB *load_index(const char *dbfile, DB_ATTR *dbattr); -int index_index(CA_DB *db); -int save_index(const char *dbfile, const char *suffix, CA_DB *db); -int rotate_index(const char *dbfile, const char *new_suffix, - const char *old_suffix); -void free_index(CA_DB *db); -# define index_name_cmp_noconst(a, b) \ - index_name_cmp((const OPENSSL_CSTRING *)CHECKED_PTR_OF(OPENSSL_STRING, a), \ - (const OPENSSL_CSTRING *)CHECKED_PTR_OF(OPENSSL_STRING, b)) -int index_name_cmp(const OPENSSL_CSTRING *a, const OPENSSL_CSTRING *b); -int parse_yesno(const char *str, int def); - -X509_NAME *parse_name(const char *str, int chtype, int multirdn, - const char *desc); -void policies_print(X509_STORE_CTX *ctx); -int bio_to_mem(unsigned char **out, int maxlen, BIO *in); -int pkey_ctrl_string(EVP_PKEY_CTX *ctx, const char *value); -int x509_ctrl_string(X509 *x, const char *value); -int x509_req_ctrl_string(X509_REQ *x, const char *value); -int init_gen_str(EVP_PKEY_CTX **pctx, - const char *algname, ENGINE *e, int do_param, - OSSL_LIB_CTX *libctx, const char *propq); -int do_X509_sign(X509 *x, EVP_PKEY *pkey, const char *md, - STACK_OF(OPENSSL_STRING) *sigopts, X509V3_CTX *ext_ctx); -int do_X509_verify(X509 *x, EVP_PKEY *pkey, STACK_OF(OPENSSL_STRING) *vfyopts); -int do_X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const char *md, - STACK_OF(OPENSSL_STRING) *sigopts); -int do_X509_REQ_verify(X509_REQ *x, EVP_PKEY *pkey, - STACK_OF(OPENSSL_STRING) *vfyopts); -int do_X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const char *md, - STACK_OF(OPENSSL_STRING) *sigopts); - -extern char *psk_key; - - -unsigned char *next_protos_parse(size_t *outlen, const char *in); - -void print_cert_checks(BIO *bio, X509 *x, - const char *checkhost, - const char *checkemail, const char *checkip); - -void store_setup_crl_download(X509_STORE *st); - -typedef struct app_http_tls_info_st { - const char *server; - const char *port; - int use_proxy; - long timeout; - SSL_CTX *ssl_ctx; -} APP_HTTP_TLS_INFO; -BIO *app_http_tls_cb(BIO *hbio, /* APP_HTTP_TLS_INFO */ void *arg, - int connect, int detail); -void APP_HTTP_TLS_INFO_free(APP_HTTP_TLS_INFO *info); -# ifndef OPENSSL_NO_SOCK -ASN1_VALUE *app_http_get_asn1(const char *url, const char *proxy, - const char *no_proxy, SSL_CTX *ssl_ctx, - const STACK_OF(CONF_VALUE) *headers, - long timeout, const char *expected_content_type, - const ASN1_ITEM *it); -ASN1_VALUE *app_http_post_asn1(const char *host, const char *port, - const char *path, const char *proxy, - const char *no_proxy, SSL_CTX *ctx, - const STACK_OF(CONF_VALUE) *headers, - const char *content_type, - ASN1_VALUE *req, const ASN1_ITEM *req_it, - const char *expected_content_type, - long timeout, const ASN1_ITEM *rsp_it); -# endif - -# define EXT_COPY_NONE 0 -# define EXT_COPY_ADD 1 -# define EXT_COPY_ALL 2 - -# define NETSCAPE_CERT_HDR "certificate" - -# define APP_PASS_LEN 1024 - -/* - * IETF RFC 5280 says serial number must be <= 20 bytes. Use 159 bits - * so that the first bit will never be one, so that the DER encoding - * rules won't force a leading octet. - */ -# define SERIAL_RAND_BITS 159 - -int app_isdir(const char *); -int app_access(const char *, int flag); -int fileno_stdin(void); -int fileno_stdout(void); -int raw_read_stdin(void *, int); -int raw_write_stdout(const void *, int); - -# define TM_START 0 -# define TM_STOP 1 -double app_tminterval(int stop, int usertime); - -void make_uppercase(char *string); - -typedef struct verify_options_st { - int depth; - int quiet; - int error; - int return_error; -} VERIFY_CB_ARGS; - -extern VERIFY_CB_ARGS verify_args; - -OSSL_PARAM *app_params_new_from_opts(STACK_OF(OPENSSL_STRING) *opts, - const OSSL_PARAM *paramdefs); -void app_params_free(OSSL_PARAM *params); -int app_provider_load(OSSL_LIB_CTX *libctx, const char *provider_name); -void app_providers_cleanup(void); - -EVP_PKEY *app_keygen(EVP_PKEY_CTX *ctx, const char *alg, int bits, int verbose); -EVP_PKEY *app_paramgen(EVP_PKEY_CTX *ctx, const char *alg); - -#endif diff --git a/apps/include/apps_ui.h b/apps/include/apps_ui.h deleted file mode 100644 index 6875b7c372d93533a6fde0c2bf1f3783e58b5585..0000000000000000000000000000000000000000 --- a/apps/include/apps_ui.h +++ /dev/null @@ -1,29 +0,0 @@ -/* - * Copyright 2018-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#ifndef OSSL_APPS_UI_H -# define OSSL_APPS_UI_H - - -# define PW_MIN_LENGTH 4 -typedef struct pw_cb_data { - const void *password; - const char *prompt_info; -} PW_CB_DATA; - -int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_data); - -int setup_ui_method(void); -void destroy_ui_method(void); -int set_base_ui_method(const UI_METHOD *ui_method); -const UI_METHOD *get_ui_method(void); - -extern BIO *bio_err; - -#endif diff --git a/apps/include/cmp_mock_srv.h b/apps/include/cmp_mock_srv.h deleted file mode 100644 index 6beba1473590a7e6462c5412061bcf95bf9c82f8..0000000000000000000000000000000000000000 --- a/apps/include/cmp_mock_srv.h +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved. - * Copyright Siemens AG 2018-2020 - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#ifndef OSSL_APPS_CMP_MOCK_SRV_H -# define OSSL_APPS_CMP_MOCK_SRV_H - -# include -# ifndef OPENSSL_NO_CMP - -# include - -OSSL_CMP_SRV_CTX *ossl_cmp_mock_srv_new(OSSL_LIB_CTX *libctx, - const char *propq); -void ossl_cmp_mock_srv_free(OSSL_CMP_SRV_CTX *srv_ctx); - -int ossl_cmp_mock_srv_set1_certOut(OSSL_CMP_SRV_CTX *srv_ctx, X509 *cert); -int ossl_cmp_mock_srv_set1_chainOut(OSSL_CMP_SRV_CTX *srv_ctx, - STACK_OF(X509) *chain); -int ossl_cmp_mock_srv_set1_caPubsOut(OSSL_CMP_SRV_CTX *srv_ctx, - STACK_OF(X509) *caPubs); -int ossl_cmp_mock_srv_set_statusInfo(OSSL_CMP_SRV_CTX *srv_ctx, int status, - int fail_info, const char *text); -int ossl_cmp_mock_srv_set_send_error(OSSL_CMP_SRV_CTX *srv_ctx, int val); -int ossl_cmp_mock_srv_set_pollCount(OSSL_CMP_SRV_CTX *srv_ctx, int count); -int ossl_cmp_mock_srv_set_checkAfterTime(OSSL_CMP_SRV_CTX *srv_ctx, int sec); - -# endif /* !defined(OPENSSL_NO_CMP) */ -#endif /* !defined(OSSL_APPS_CMP_MOCK_SRV_H) */ diff --git a/apps/include/ec_common.h b/apps/include/ec_common.h deleted file mode 100644 index f5711657a299b93a765580e4c047829b02fed080..0000000000000000000000000000000000000000 --- a/apps/include/ec_common.h +++ /dev/null @@ -1,23 +0,0 @@ -/* - * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#ifndef OPENSSL_NO_EC -static const char *point_format_options[] = { - "uncompressed", - "compressed", - "hybrid", - NULL -}; - -static const char *asn1_encoding_options[] = { - "named_curve", - "explicit", - NULL -}; -#endif diff --git a/apps/include/engine_loader.h b/apps/include/engine_loader.h deleted file mode 100644 index fa80fc96567c74c7fdcff165c3359b0d74a375f7..0000000000000000000000000000000000000000 --- a/apps/include/engine_loader.h +++ /dev/null @@ -1,21 +0,0 @@ -/* - * Copyright 2018-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ -#ifndef HEADER_ENGINE_LOADER_H -# define HEADER_ENGINE_LOADER_H - -# include - -/* this is a private URI scheme */ -# define ENGINE_SCHEME "org.openssl.engine" -# define ENGINE_SCHEME_COLON (ENGINE_SCHEME ":") - -int setup_engine_loader(void); -void destroy_engine_loader(void); - -#endif diff --git a/apps/include/fmt.h b/apps/include/fmt.h deleted file mode 100644 index 98dfed7dc0a2d8cd5163d58db19da4d49be24085..0000000000000000000000000000000000000000 --- a/apps/include/fmt.h +++ /dev/null @@ -1,45 +0,0 @@ -/* - * Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * Options are shared by apps (see apps.h) and the test system - * (see test/testutil.h'). - * In order to remove the dependency between apps and options, the following - * shared fields have been moved into this file. - */ - -#ifndef OSSL_APPS_FMT_H -#define OSSL_APPS_FMT_H - -/* - * On some platforms, it's important to distinguish between text and binary - * files. On some, there might even be specific file formats for different - * contents. The FORMAT_xxx macros are meant to express an intent with the - * file being read or created. - */ -# define B_FORMAT_TEXT 0x8000 -# define FORMAT_UNDEF 0 -# define FORMAT_TEXT (1 | B_FORMAT_TEXT) /* Generic text */ -# define FORMAT_BINARY 2 /* Generic binary */ -# define FORMAT_BASE64 (3 | B_FORMAT_TEXT) /* Base64 */ -# define FORMAT_ASN1 4 /* ASN.1/DER */ -# define FORMAT_PEM (5 | B_FORMAT_TEXT) -# define FORMAT_PKCS12 6 -# define FORMAT_SMIME (7 | B_FORMAT_TEXT) -# define FORMAT_ENGINE 8 /* Not really a file format */ -# define FORMAT_PEMRSA (9 | B_FORMAT_TEXT) /* PEM RSAPublicKey format */ -# define FORMAT_ASN1RSA 10 /* DER RSAPublicKey format */ -# define FORMAT_MSBLOB 11 /* MS Key blob format */ -# define FORMAT_PVK 12 /* MS PVK file format */ -# define FORMAT_HTTP 13 /* Download using HTTP */ -# define FORMAT_NSS 14 /* NSS keylog format */ - -int FMT_istext(int format); - -#endif /* OSSL_APPS_FMT_H_ */ diff --git a/apps/include/function.h b/apps/include/function.h deleted file mode 100644 index 14e8dd3886704b3946a41bae2d02b68588133865..0000000000000000000000000000000000000000 --- a/apps/include/function.h +++ /dev/null @@ -1,44 +0,0 @@ -/* - * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#ifndef OSSL_APPS_FUNCTION_H -# define OSSL_APPS_FUNCTION_H - -# include -# include "opt.h" - -#define DEPRECATED_NO_ALTERNATIVE "unknown" - -typedef enum FUNC_TYPE { - FT_none, FT_general, FT_md, FT_cipher, FT_pkey, - FT_md_alg, FT_cipher_alg -} FUNC_TYPE; - -typedef struct function_st { - FUNC_TYPE type; - const char *name; - int (*func)(int argc, char *argv[]); - const OPTIONS *help; - const char *deprecated_alternative; - const char *deprecated_version; -} FUNCTION; - -DEFINE_LHASH_OF(FUNCTION); - -/* Structure to hold the number of columns to be displayed and the - * field width used to display them. - */ -typedef struct { - int columns; - int width; -} DISPLAY_COLUMNS; - -void calculate_columns(FUNCTION *functions, DISPLAY_COLUMNS *dc); - -#endif diff --git a/apps/include/http_server.h b/apps/include/http_server.h deleted file mode 100644 index 8c339660a65ea68e46bfe4c6395feae4452ca644..0000000000000000000000000000000000000000 --- a/apps/include/http_server.h +++ /dev/null @@ -1,125 +0,0 @@ -/* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#ifndef OSSL_HTTP_SERVER_H -# define OSSL_HTTP_SERVER_H - -# include "apps.h" - -# ifndef HAVE_FORK -# if defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_WINDOWS) -# define HAVE_FORK 0 -# else -# define HAVE_FORK 1 -# endif -# endif - -# if HAVE_FORK -# undef NO_FORK -# else -# define NO_FORK -# endif - -# if !defined(NO_FORK) && !defined(OPENSSL_NO_SOCK) \ - && !defined(OPENSSL_NO_POSIX_IO) -# define HTTP_DAEMON -# include -# include -# include -# include -# define MAXERRLEN 1000 /* limit error text sent to syslog to 1000 bytes */ -# else -# undef LOG_DEBUG -# undef LOG_INFO -# undef LOG_WARNING -# undef LOG_ERR -# define LOG_DEBUG 7 -# define LOG_INFO 6 -# define LOG_WARNING 4 -# define LOG_ERR 3 -# endif - -/*- - * Log a message to syslog if multi-threaded HTTP_DAEMON, else to bio_err - * prog: the name of the current app - * level: the severity of the message, e.g., LOG_ERR - * fmt: message with potential extra parameters like with printf() - * returns nothing - */ -void log_message(const char *prog, int level, const char *fmt, ...); - -# ifndef OPENSSL_NO_SOCK -/*- - * Initialize an HTTP server by setting up its listening BIO - * prog: the name of the current app - * port: the port to listen on - * returns a BIO for accepting requests, NULL on error - */ -BIO *http_server_init_bio(const char *prog, const char *port); - -/*- - * Accept an ASN.1-formatted HTTP request - * it: the expected request ASN.1 type - * preq: pointer to variable where to place the parsed request - * ppath: pointer to variable where to place the request path, or NULL - * pcbio: pointer to variable where to place the BIO for sending the response to - * acbio: the listening bio (typically as returned by http_server_init_bio()) - * found_keep_alive: for returning flag if client requests persistent connection - * prog: the name of the current app, for diagnostics only - * port: the local port listening to, for diagnostics only - * accept_get: whether to accept GET requests (in addition to POST requests) - * timeout: connection timeout (in seconds), or 0 for none/infinite - * returns 0 in case caller should retry, then *preq == *ppath == *pcbio == NULL - * returns -1 on fatal error; also then holds *preq == *ppath == *pcbio == NULL - * returns 1 otherwise. In this case it is guaranteed that *pcbio != NULL while - * *ppath == NULL and *preq == NULL if and only if the request is invalid, - * On return value 1 the caller is responsible for sending an HTTP response, - * using http_server_send_asn1_resp() or http_server_send_status(). - * The caller must free any non-NULL *preq, *ppath, and *pcbio pointers. - */ -int http_server_get_asn1_req(const ASN1_ITEM *it, ASN1_VALUE **preq, - char **ppath, BIO **pcbio, BIO *acbio, - int *found_keep_alive, - const char *prog, const char *port, - int accept_get, int timeout); - -/*- - * Send an ASN.1-formatted HTTP response - * cbio: destination BIO (typically as returned by http_server_get_asn1_req()) - * note: cbio should not do an encoding that changes the output length - * keep_alive: grant persistent connnection - * content_type: string identifying the type of the response - * it: the response ASN.1 type - * resp: the response to send - * returns 1 on success, 0 on failure - */ -int http_server_send_asn1_resp(BIO *cbio, int keep_alive, - const char *content_type, - const ASN1_ITEM *it, const ASN1_VALUE *resp); - -/*- - * Send a trivial HTTP response, typically to report an error or OK - * cbio: destination BIO (typically as returned by http_server_get_asn1_req()) - * status: the status code to send - * reason: the corresponding human-readable string - * returns 1 on success, 0 on failure - */ -int http_server_send_status(BIO *cbio, int status, const char *reason); - -# endif - -# ifdef HTTP_DAEMON -extern int multi; -extern int acfd; - -void socket_timeout(int signum); -void spawn_loop(const char *prog); -# endif - -#endif diff --git a/apps/include/names.h b/apps/include/names.h deleted file mode 100644 index f4d6f6a9a333d4423ee0ffec222e4a11d6d8ca21..0000000000000000000000000000000000000000 --- a/apps/include/names.h +++ /dev/null @@ -1,17 +0,0 @@ -/* - * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include - -/* Standard comparing function for names */ -int name_cmp(const char * const *a, const char * const *b); -/* collect_names is meant to be used with EVP_{type}_doall_names */ -void collect_names(const char *name, void *vdata); -/* Sorts and prints a stack of names to |out| */ -void print_names(BIO *out, STACK_OF(OPENSSL_CSTRING) *names); diff --git a/apps/include/opt.h b/apps/include/opt.h deleted file mode 100644 index 4f83a0ed53c939c6e2dc5be5fd5ffc04de3694a3..0000000000000000000000000000000000000000 --- a/apps/include/opt.h +++ /dev/null @@ -1,400 +0,0 @@ -/* - * Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ -#ifndef OSSL_APPS_OPT_H -#define OSSL_APPS_OPT_H - -#include -#include -#include -#include - -#define OPT_COMMON OPT_ERR = -1, OPT_EOF = 0, OPT_HELP - -/* - * Common verification options. - */ -# define OPT_V_ENUM \ - OPT_V__FIRST=2000, \ - OPT_V_POLICY, OPT_V_PURPOSE, OPT_V_VERIFY_NAME, OPT_V_VERIFY_DEPTH, \ - OPT_V_ATTIME, OPT_V_VERIFY_HOSTNAME, OPT_V_VERIFY_EMAIL, \ - OPT_V_VERIFY_IP, OPT_V_IGNORE_CRITICAL, OPT_V_ISSUER_CHECKS, \ - OPT_V_CRL_CHECK, OPT_V_CRL_CHECK_ALL, OPT_V_POLICY_CHECK, \ - OPT_V_EXPLICIT_POLICY, OPT_V_INHIBIT_ANY, OPT_V_INHIBIT_MAP, \ - OPT_V_X509_STRICT, OPT_V_EXTENDED_CRL, OPT_V_USE_DELTAS, \ - OPT_V_POLICY_PRINT, OPT_V_CHECK_SS_SIG, OPT_V_TRUSTED_FIRST, \ - OPT_V_SUITEB_128_ONLY, OPT_V_SUITEB_128, OPT_V_SUITEB_192, \ - OPT_V_PARTIAL_CHAIN, OPT_V_NO_ALT_CHAINS, OPT_V_NO_CHECK_TIME, \ - OPT_V_VERIFY_AUTH_LEVEL, OPT_V_ALLOW_PROXY_CERTS, \ - OPT_V__LAST - -# define OPT_V_OPTIONS \ - OPT_SECTION("Validation"), \ - { "policy", OPT_V_POLICY, 's', "adds policy to the acceptable policy set"}, \ - { "purpose", OPT_V_PURPOSE, 's', \ - "certificate chain purpose"}, \ - { "verify_name", OPT_V_VERIFY_NAME, 's', "verification policy name"}, \ - { "verify_depth", OPT_V_VERIFY_DEPTH, 'n', \ - "chain depth limit" }, \ - { "auth_level", OPT_V_VERIFY_AUTH_LEVEL, 'n', \ - "chain authentication security level" }, \ - { "attime", OPT_V_ATTIME, 'M', "verification epoch time" }, \ - { "verify_hostname", OPT_V_VERIFY_HOSTNAME, 's', \ - "expected peer hostname" }, \ - { "verify_email", OPT_V_VERIFY_EMAIL, 's', \ - "expected peer email" }, \ - { "verify_ip", OPT_V_VERIFY_IP, 's', \ - "expected peer IP address" }, \ - { "ignore_critical", OPT_V_IGNORE_CRITICAL, '-', \ - "permit unhandled critical extensions"}, \ - { "issuer_checks", OPT_V_ISSUER_CHECKS, '-', "(deprecated)"}, \ - { "crl_check", OPT_V_CRL_CHECK, '-', "check leaf certificate revocation" }, \ - { "crl_check_all", OPT_V_CRL_CHECK_ALL, '-', "check full chain revocation" }, \ - { "policy_check", OPT_V_POLICY_CHECK, '-', "perform rfc5280 policy checks"}, \ - { "explicit_policy", OPT_V_EXPLICIT_POLICY, '-', \ - "set policy variable require-explicit-policy"}, \ - { "inhibit_any", OPT_V_INHIBIT_ANY, '-', \ - "set policy variable inhibit-any-policy"}, \ - { "inhibit_map", OPT_V_INHIBIT_MAP, '-', \ - "set policy variable inhibit-policy-mapping"}, \ - { "x509_strict", OPT_V_X509_STRICT, '-', \ - "disable certificate compatibility work-arounds"}, \ - { "extended_crl", OPT_V_EXTENDED_CRL, '-', \ - "enable extended CRL features"}, \ - { "use_deltas", OPT_V_USE_DELTAS, '-', \ - "use delta CRLs"}, \ - { "policy_print", OPT_V_POLICY_PRINT, '-', \ - "print policy processing diagnostics"}, \ - { "check_ss_sig", OPT_V_CHECK_SS_SIG, '-', \ - "check root CA self-signatures"}, \ - { "trusted_first", OPT_V_TRUSTED_FIRST, '-', \ - "search trust store first (default)" }, \ - { "suiteB_128_only", OPT_V_SUITEB_128_ONLY, '-', "Suite B 128-bit-only mode"}, \ - { "suiteB_128", OPT_V_SUITEB_128, '-', \ - "Suite B 128-bit mode allowing 192-bit algorithms"}, \ - { "suiteB_192", OPT_V_SUITEB_192, '-', "Suite B 192-bit-only mode" }, \ - { "partial_chain", OPT_V_PARTIAL_CHAIN, '-', \ - "accept chains anchored by intermediate trust-store CAs"}, \ - { "no_alt_chains", OPT_V_NO_ALT_CHAINS, '-', "(deprecated)" }, \ - { "no_check_time", OPT_V_NO_CHECK_TIME, '-', "ignore certificate validity time" }, \ - { "allow_proxy_certs", OPT_V_ALLOW_PROXY_CERTS, '-', "allow the use of proxy certificates" } - -# define OPT_V_CASES \ - OPT_V__FIRST: case OPT_V__LAST: break; \ - case OPT_V_POLICY: \ - case OPT_V_PURPOSE: \ - case OPT_V_VERIFY_NAME: \ - case OPT_V_VERIFY_DEPTH: \ - case OPT_V_VERIFY_AUTH_LEVEL: \ - case OPT_V_ATTIME: \ - case OPT_V_VERIFY_HOSTNAME: \ - case OPT_V_VERIFY_EMAIL: \ - case OPT_V_VERIFY_IP: \ - case OPT_V_IGNORE_CRITICAL: \ - case OPT_V_ISSUER_CHECKS: \ - case OPT_V_CRL_CHECK: \ - case OPT_V_CRL_CHECK_ALL: \ - case OPT_V_POLICY_CHECK: \ - case OPT_V_EXPLICIT_POLICY: \ - case OPT_V_INHIBIT_ANY: \ - case OPT_V_INHIBIT_MAP: \ - case OPT_V_X509_STRICT: \ - case OPT_V_EXTENDED_CRL: \ - case OPT_V_USE_DELTAS: \ - case OPT_V_POLICY_PRINT: \ - case OPT_V_CHECK_SS_SIG: \ - case OPT_V_TRUSTED_FIRST: \ - case OPT_V_SUITEB_128_ONLY: \ - case OPT_V_SUITEB_128: \ - case OPT_V_SUITEB_192: \ - case OPT_V_PARTIAL_CHAIN: \ - case OPT_V_NO_ALT_CHAINS: \ - case OPT_V_NO_CHECK_TIME: \ - case OPT_V_ALLOW_PROXY_CERTS - -/* - * Common "extended validation" options. - */ -# define OPT_X_ENUM \ - OPT_X__FIRST=1000, \ - OPT_X_KEY, OPT_X_CERT, OPT_X_CHAIN, OPT_X_CHAIN_BUILD, \ - OPT_X_CERTFORM, OPT_X_KEYFORM, \ - OPT_X__LAST - -# define OPT_X_OPTIONS \ - OPT_SECTION("Extended certificate"), \ - { "xkey", OPT_X_KEY, '<', "key for Extended certificates"}, \ - { "xcert", OPT_X_CERT, '<', "cert for Extended certificates"}, \ - { "xchain", OPT_X_CHAIN, '<', "chain for Extended certificates"}, \ - { "xchain_build", OPT_X_CHAIN_BUILD, '-', \ - "build certificate chain for the extended certificates"}, \ - { "xcertform", OPT_X_CERTFORM, 'F', \ - "format of Extended certificate (PEM/DER/P12); has no effect" }, \ - { "xkeyform", OPT_X_KEYFORM, 'F', \ - "format of Extended certificate's key (DER/PEM/P12); has no effect"} - -# define OPT_X_CASES \ - OPT_X__FIRST: case OPT_X__LAST: break; \ - case OPT_X_KEY: \ - case OPT_X_CERT: \ - case OPT_X_CHAIN: \ - case OPT_X_CHAIN_BUILD: \ - case OPT_X_CERTFORM: \ - case OPT_X_KEYFORM - -/* - * Common SSL options. - * Any changes here must be coordinated with ../ssl/ssl_conf.c - */ -# define OPT_S_ENUM \ - OPT_S__FIRST=3000, \ - OPT_S_NOSSL3, OPT_S_NOTLS1, OPT_S_NOTLS1_1, OPT_S_NOTLS1_2, \ - OPT_S_NOTLS1_3, OPT_S_BUGS, OPT_S_NO_COMP, OPT_S_NOTICKET, \ - OPT_S_SERVERPREF, OPT_S_LEGACYRENEG, OPT_S_CLIENTRENEG, \ - OPT_S_LEGACYCONN, \ - OPT_S_ONRESUMP, OPT_S_NOLEGACYCONN, OPT_S_ALLOW_NO_DHE_KEX, \ - OPT_S_PRIORITIZE_CHACHA, \ - OPT_S_STRICT, OPT_S_SIGALGS, OPT_S_CLIENTSIGALGS, OPT_S_GROUPS, \ - OPT_S_CURVES, OPT_S_NAMEDCURVE, OPT_S_CIPHER, OPT_S_CIPHERSUITES, \ - OPT_S_RECORD_PADDING, OPT_S_DEBUGBROKE, OPT_S_COMP, \ - OPT_S_MINPROTO, OPT_S_MAXPROTO, \ - OPT_S_NO_RENEGOTIATION, OPT_S_NO_MIDDLEBOX, OPT_S_NO_ETM, OPT_S__LAST - -# define OPT_S_OPTIONS \ - OPT_SECTION("TLS/SSL"), \ - {"no_ssl3", OPT_S_NOSSL3, '-',"Just disable SSLv3" }, \ - {"no_tls1", OPT_S_NOTLS1, '-', "Just disable TLSv1"}, \ - {"no_tls1_1", OPT_S_NOTLS1_1, '-', "Just disable TLSv1.1" }, \ - {"no_tls1_2", OPT_S_NOTLS1_2, '-', "Just disable TLSv1.2"}, \ - {"no_tls1_3", OPT_S_NOTLS1_3, '-', "Just disable TLSv1.3"}, \ - {"bugs", OPT_S_BUGS, '-', "Turn on SSL bug compatibility"}, \ - {"no_comp", OPT_S_NO_COMP, '-', "Disable SSL/TLS compression (default)" }, \ - {"comp", OPT_S_COMP, '-', "Use SSL/TLS-level compression" }, \ - {"no_ticket", OPT_S_NOTICKET, '-', \ - "Disable use of TLS session tickets"}, \ - {"serverpref", OPT_S_SERVERPREF, '-', "Use server's cipher preferences"}, \ - {"legacy_renegotiation", OPT_S_LEGACYRENEG, '-', \ - "Enable use of legacy renegotiation (dangerous)"}, \ - {"client_renegotiation", OPT_S_CLIENTRENEG, '-', \ - "Allow client-initiated renegotiation" }, \ - {"no_renegotiation", OPT_S_NO_RENEGOTIATION, '-', \ - "Disable all renegotiation."}, \ - {"legacy_server_connect", OPT_S_LEGACYCONN, '-', \ - "Allow initial connection to servers that don't support RI"}, \ - {"no_resumption_on_reneg", OPT_S_ONRESUMP, '-', \ - "Disallow session resumption on renegotiation"}, \ - {"no_legacy_server_connect", OPT_S_NOLEGACYCONN, '-', \ - "Disallow initial connection to servers that don't support RI"}, \ - {"allow_no_dhe_kex", OPT_S_ALLOW_NO_DHE_KEX, '-', \ - "In TLSv1.3 allow non-(ec)dhe based key exchange on resumption"}, \ - {"prioritize_chacha", OPT_S_PRIORITIZE_CHACHA, '-', \ - "Prioritize ChaCha ciphers when preferred by clients"}, \ - {"strict", OPT_S_STRICT, '-', \ - "Enforce strict certificate checks as per TLS standard"}, \ - {"sigalgs", OPT_S_SIGALGS, 's', \ - "Signature algorithms to support (colon-separated list)" }, \ - {"client_sigalgs", OPT_S_CLIENTSIGALGS, 's', \ - "Signature algorithms to support for client certificate" \ - " authentication (colon-separated list)" }, \ - {"groups", OPT_S_GROUPS, 's', \ - "Groups to advertise (colon-separated list)" }, \ - {"curves", OPT_S_CURVES, 's', \ - "Groups to advertise (colon-separated list)" }, \ - {"named_curve", OPT_S_NAMEDCURVE, 's', \ - "Elliptic curve used for ECDHE (server-side only)" }, \ - {"cipher", OPT_S_CIPHER, 's', "Specify TLSv1.2 and below cipher list to be used"}, \ - {"ciphersuites", OPT_S_CIPHERSUITES, 's', "Specify TLSv1.3 ciphersuites to be used"}, \ - {"min_protocol", OPT_S_MINPROTO, 's', "Specify the minimum protocol version to be used"}, \ - {"max_protocol", OPT_S_MAXPROTO, 's', "Specify the maximum protocol version to be used"}, \ - {"record_padding", OPT_S_RECORD_PADDING, 's', \ - "Block size to pad TLS 1.3 records to."}, \ - {"debug_broken_protocol", OPT_S_DEBUGBROKE, '-', \ - "Perform all sorts of protocol violations for testing purposes"}, \ - {"no_middlebox", OPT_S_NO_MIDDLEBOX, '-', \ - "Disable TLSv1.3 middlebox compat mode" }, \ - {"no_etm", OPT_S_NO_ETM, '-', \ - "Disable Encrypt-then-Mac extension"} - -# define OPT_S_CASES \ - OPT_S__FIRST: case OPT_S__LAST: break; \ - case OPT_S_NOSSL3: \ - case OPT_S_NOTLS1: \ - case OPT_S_NOTLS1_1: \ - case OPT_S_NOTLS1_2: \ - case OPT_S_NOTLS1_3: \ - case OPT_S_BUGS: \ - case OPT_S_NO_COMP: \ - case OPT_S_COMP: \ - case OPT_S_NOTICKET: \ - case OPT_S_SERVERPREF: \ - case OPT_S_LEGACYRENEG: \ - case OPT_S_CLIENTRENEG: \ - case OPT_S_LEGACYCONN: \ - case OPT_S_ONRESUMP: \ - case OPT_S_NOLEGACYCONN: \ - case OPT_S_ALLOW_NO_DHE_KEX: \ - case OPT_S_PRIORITIZE_CHACHA: \ - case OPT_S_STRICT: \ - case OPT_S_SIGALGS: \ - case OPT_S_CLIENTSIGALGS: \ - case OPT_S_GROUPS: \ - case OPT_S_CURVES: \ - case OPT_S_NAMEDCURVE: \ - case OPT_S_CIPHER: \ - case OPT_S_CIPHERSUITES: \ - case OPT_S_RECORD_PADDING: \ - case OPT_S_NO_RENEGOTIATION: \ - case OPT_S_MINPROTO: \ - case OPT_S_MAXPROTO: \ - case OPT_S_DEBUGBROKE: \ - case OPT_S_NO_MIDDLEBOX: \ - case OPT_S_NO_ETM - -#define IS_NO_PROT_FLAG(o) \ - (o == OPT_S_NOSSL3 || o == OPT_S_NOTLS1 || o == OPT_S_NOTLS1_1 \ - || o == OPT_S_NOTLS1_2 || o == OPT_S_NOTLS1_3) - -/* - * Random state options. - */ -# define OPT_R_ENUM \ - OPT_R__FIRST=1500, OPT_R_RAND, OPT_R_WRITERAND, OPT_R__LAST - -# define OPT_R_OPTIONS \ - OPT_SECTION("Random state"), \ - {"rand", OPT_R_RAND, 's', "Load the given file(s) into the random number generator"}, \ - {"writerand", OPT_R_WRITERAND, '>', "Write random data to the specified file"} - -# define OPT_R_CASES \ - OPT_R__FIRST: case OPT_R__LAST: break; \ - case OPT_R_RAND: case OPT_R_WRITERAND - -/* - * Provider options. - */ -# define OPT_PROV_ENUM \ - OPT_PROV__FIRST=1600, \ - OPT_PROV_PROVIDER, OPT_PROV_PROVIDER_PATH, OPT_PROV_PROPQUERY, \ - OPT_PROV__LAST - -# define OPT_CONFIG_OPTION \ - { "config", OPT_CONFIG, '<', "Load a configuration file (this may load modules)" } - -# define OPT_PROV_OPTIONS \ - OPT_SECTION("Provider"), \ - { "provider-path", OPT_PROV_PROVIDER_PATH, 's', "Provider load path (must be before 'provider' argument if required)" }, \ - { "provider", OPT_PROV_PROVIDER, 's', "Provider to load (can be specified multiple times)" }, \ - { "propquery", OPT_PROV_PROPQUERY, 's', "Property query used when fetching algorithms" } - -# define OPT_PROV_CASES \ - OPT_PROV__FIRST: case OPT_PROV__LAST: break; \ - case OPT_PROV_PROVIDER: \ - case OPT_PROV_PROVIDER_PATH: \ - case OPT_PROV_PROPQUERY - -/* - * Option parsing. - */ -extern const char OPT_HELP_STR[]; -extern const char OPT_MORE_STR[]; -extern const char OPT_SECTION_STR[]; -extern const char OPT_PARAM_STR[]; - -typedef struct options_st { - const char *name; - int retval; - /* - * value type: - no value (also the value zero), n number, p positive - * number, u unsigned, l long, s string, < input file, > output file, - * f any format, F der/pem format, E der/pem/engine format identifier. - * l, n and u include zero; p does not. - */ - int valtype; - const char *helpstr; -} OPTIONS; -/* Special retval values: */ -#define OPT_PARAM 0 /* same as OPT_EOF usually defined in apps */ -#define OPT_DUP -2 /* marks duplicate occurrence of option in help output */ - -/* - * A string/int pairing; widely use for option value lookup, hence the - * name OPT_PAIR. But that name is misleading in s_cb.c, so we also use - * the "generic" name STRINT_PAIR. - */ -typedef struct string_int_pair_st { - const char *name; - int retval; -} OPT_PAIR, STRINT_PAIR; - -/* Flags to pass into opt_format; see FORMAT_xxx, below. */ -# define OPT_FMT_PEMDER (1L << 1) -# define OPT_FMT_PKCS12 (1L << 2) -# define OPT_FMT_SMIME (1L << 3) -# define OPT_FMT_ENGINE (1L << 4) -# define OPT_FMT_MSBLOB (1L << 5) -/* (1L << 6) was OPT_FMT_NETSCAPE, but wasn't used */ -# define OPT_FMT_NSS (1L << 7) -# define OPT_FMT_TEXT (1L << 8) -# define OPT_FMT_HTTP (1L << 9) -# define OPT_FMT_PVK (1L << 10) -# define OPT_FMT_PDE (OPT_FMT_PEMDER | OPT_FMT_ENGINE) -# define OPT_FMT_PDS (OPT_FMT_PEMDER | OPT_FMT_SMIME) -# define OPT_FMT_ANY ( \ - OPT_FMT_PEMDER | OPT_FMT_PKCS12 | OPT_FMT_SMIME | \ - OPT_FMT_ENGINE | OPT_FMT_MSBLOB | OPT_FMT_NSS | \ - OPT_FMT_TEXT | OPT_FMT_HTTP | OPT_FMT_PVK) - -/* Divide options into sections when displaying usage */ -#define OPT_SECTION(sec) { OPT_SECTION_STR, 1, '-', sec " options:\n" } -#define OPT_PARAMETERS() { OPT_PARAM_STR, 1, '-', "Parameters:\n" } - -const char *opt_path_end(const char *filename); -char *opt_init(int ac, char **av, const OPTIONS * o); -char *opt_progname(const char *argv0); -char *opt_appname(const char *argv0); -char *opt_getprog(void); -void opt_help(const OPTIONS * list); - -void opt_begin(void); -int opt_next(void); -char *opt_flag(void); -char *opt_arg(void); -char *opt_unknown(void); -int opt_cipher(const char *name, EVP_CIPHER **cipherp); -int opt_cipher_any(const char *name, EVP_CIPHER **cipherp); -int opt_cipher_silent(const char *name, EVP_CIPHER **cipherp); -int opt_md(const char *name, EVP_MD **mdp); -int opt_md_silent(const char *name, EVP_MD **mdp); - -int opt_int(const char *arg, int *result); -int opt_int_arg(void); -int opt_long(const char *arg, long *result); -int opt_ulong(const char *arg, unsigned long *result); -int opt_intmax(const char *arg, ossl_intmax_t *result); -int opt_uintmax(const char *arg, ossl_uintmax_t *result); - -int opt_isdir(const char *name); -int opt_format(const char *s, unsigned long flags, int *result); -void print_format_error(int format, unsigned long flags); -int opt_printf_stderr(const char *fmt, ...); -int opt_string(const char *name, const char **options); -int opt_pair(const char *arg, const OPT_PAIR * pairs, int *result); - -int opt_verify(int i, X509_VERIFY_PARAM *vpm); -int opt_rand(int i); -int opt_provider(int i); -int opt_provider_option_given(void); - -char **opt_rest(void); -int opt_num_rest(void); - -/* Returns non-zero if legacy paths are still available */ -int opt_legacy_okay(void); - - -#endif /* OSSL_APPS_OPT_H */ diff --git a/apps/include/platform.h b/apps/include/platform.h deleted file mode 100644 index 491559df31528fe5ff3f2c593fc976f8902b79fe..0000000000000000000000000000000000000000 --- a/apps/include/platform.h +++ /dev/null @@ -1,32 +0,0 @@ -/* - * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#ifndef OSSL_APPS_PLATFORM_H -# define OSSL_APPS_PLATFORM_H - -# include - -# if defined(OPENSSL_SYS_VMS) && defined(__DECC) -/* - * VMS C only for now, implemented in vms_decc_init.c - * If other C compilers forget to terminate argv with NULL, this function - * can be re-used. - */ -char **copy_argv(int *argc, char *argv[]); -# endif - -# ifdef _WIN32 -/* - * Win32-specific argv initialization that splits OS-supplied UNICODE - * command line string to array of UTF8-encoded strings. - */ -void win32_utf8argv(int *argc, char **argv[]); -# endif - -#endif diff --git a/apps/include/s_apps.h b/apps/include/s_apps.h deleted file mode 100644 index d610df40be3feb750a53bbddb8040d2e9da1c1a4..0000000000000000000000000000000000000000 --- a/apps/include/s_apps.h +++ /dev/null @@ -1,108 +0,0 @@ -/* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include - -#include -#include - -#define PORT "4433" -#define PROTOCOL "tcp" - -typedef int (*do_server_cb)(int s, int stype, int prot, unsigned char *context); -int report_server_accept(BIO *out, int asock, int with_address, int with_pid); -int do_server(int *accept_sock, const char *host, const char *port, - int family, int type, int protocol, do_server_cb cb, - unsigned char *context, int naccept, BIO *bio_s_out); - -int verify_callback(int ok, X509_STORE_CTX *ctx); - -int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file); -int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key, - STACK_OF(X509) *chain, int build_chain); -int ssl_print_sigalgs(BIO *out, SSL *s); -int ssl_print_point_formats(BIO *out, SSL *s); -int ssl_print_groups(BIO *out, SSL *s, int noshared); -int ssl_print_tmp_key(BIO *out, SSL *s); -int init_client(int *sock, const char *host, const char *port, - const char *bindhost, const char *bindport, - int family, int type, int protocol); -int should_retry(int i); -void do_ssl_shutdown(SSL *ssl); - -long bio_dump_callback(BIO *bio, int cmd, const char *argp, size_t len, - int argi, long argl, int ret, size_t *processed); - -void apps_ssl_info_callback(const SSL *s, int where, int ret); -void msg_cb(int write_p, int version, int content_type, const void *buf, - size_t len, SSL *ssl, void *arg); -void tlsext_cb(SSL *s, int client_server, int type, const unsigned char *data, - int len, void *arg); - -int generate_cookie_callback(SSL *ssl, unsigned char *cookie, - unsigned int *cookie_len); -int verify_cookie_callback(SSL *ssl, const unsigned char *cookie, - unsigned int cookie_len); - -#ifdef __VMS /* 31 char symbol name limit */ -# define generate_stateless_cookie_callback generate_stateless_cookie_cb -# define verify_stateless_cookie_callback verify_stateless_cookie_cb -#endif - -int generate_stateless_cookie_callback(SSL *ssl, unsigned char *cookie, - size_t *cookie_len); -int verify_stateless_cookie_callback(SSL *ssl, const unsigned char *cookie, - size_t cookie_len); - -typedef struct ssl_excert_st SSL_EXCERT; - -void ssl_ctx_set_excert(SSL_CTX *ctx, SSL_EXCERT *exc); -void ssl_excert_free(SSL_EXCERT *exc); -int args_excert(int option, SSL_EXCERT **pexc); -int load_excert(SSL_EXCERT **pexc); -void print_verify_detail(SSL *s, BIO *bio); -void print_ssl_summary(SSL *s); -int config_ctx(SSL_CONF_CTX *cctx, STACK_OF(OPENSSL_STRING) *str, SSL_CTX *ctx); -int ssl_ctx_add_crls(SSL_CTX *ctx, STACK_OF(X509_CRL) *crls, - int crl_download); -int ssl_load_stores(SSL_CTX *ctx, const char *vfyCApath, - const char *vfyCAfile, const char *vfyCAstore, - const char *chCApath, const char *chCAfile, - const char *chCAstore, STACK_OF(X509_CRL) *crls, - int crl_download); -void ssl_ctx_security_debug(SSL_CTX *ctx, int verbose); -int set_keylog_file(SSL_CTX *ctx, const char *keylog_file); -void print_ca_names(BIO *bio, SSL *s); - -#ifndef OPENSSL_NO_SRP -/* The client side SRP context that we pass to all SRP related callbacks */ -typedef struct srp_arg_st { - char *srppassin; - char *srplogin; - int msg; /* copy from c_msg */ - int debug; /* copy from c_debug */ - int amp; /* allow more groups */ - int strength; /* minimal size for N */ -} SRP_ARG; - -int set_up_srp_arg(SSL_CTX *ctx, SRP_ARG *srp_arg, int srp_lateuser, int c_msg, - int c_debug); -void set_up_dummy_srp(SSL_CTX *ctx); - -/* The server side SRP context that we pass to all SRP related callbacks */ -typedef struct srpsrvparm_st { - char *login; - SRP_VBASE *vb; - SRP_user_pwd *user; -} srpsrvparm; - -int set_up_srp_verifier_file(SSL_CTX *ctx, srpsrvparm *srp_callback_parm, - char *srpuserseed, char *srp_verifier_file); -void lookup_srp_user(srpsrvparm *srp_callback_parm, BIO *bio_s_out); -#endif /* OPENSSL_NO_SRP */ diff --git a/apps/include/vms_term_sock.h b/apps/include/vms_term_sock.h deleted file mode 100644 index eae37b1af931f74b31517dfacb1d109ce031f574..0000000000000000000000000000000000000000 --- a/apps/include/vms_term_sock.h +++ /dev/null @@ -1,31 +0,0 @@ -/* - * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. - * Copyright 2016 VMS Software, Inc. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#ifndef OSSL_APPS_VMS_TERM_SOCK_H -# define OSSL_APPS_VMS_TERM_SOCK_H - -/* -** Terminal Socket Function Codes -*/ -# define TERM_SOCK_CREATE 1 -# define TERM_SOCK_DELETE 2 - -/* -** Terminal Socket Status Codes -*/ -# define TERM_SOCK_FAILURE 0 -# define TERM_SOCK_SUCCESS 1 - -/* -** Terminal Socket Prototype -*/ -int TerminalSocket (int FunctionCode, int *ReturnSocket); - -#endif diff --git a/apps/info.c b/apps/info.c deleted file mode 100644 index c68603652f218b6976a47e55f8697ca9e1e02496..0000000000000000000000000000000000000000 --- a/apps/info.c +++ /dev/null @@ -1,104 +0,0 @@ -/* - * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "apps.h" -#include "progs.h" - -typedef enum OPTION_choice { - OPT_COMMON, - OPT_CONFIGDIR, OPT_ENGINESDIR, OPT_MODULESDIR, OPT_DSOEXT, OPT_DIRNAMESEP, - OPT_LISTSEP, OPT_SEEDS, OPT_CPUSETTINGS -} OPTION_CHOICE; - -const OPTIONS info_options[] = { - - OPT_SECTION("General"), - {"help", OPT_HELP, '-', "Display this summary"}, - - OPT_SECTION("Output"), - {"configdir", OPT_CONFIGDIR, '-', "Default configuration file directory"}, - {"enginesdir", OPT_ENGINESDIR, '-', "Default engine module directory"}, - {"modulesdir", OPT_MODULESDIR, '-', - "Default module directory (other than engine modules)"}, - {"dsoext", OPT_DSOEXT, '-', "Configured extension for modules"}, - {"dirnamesep", OPT_DIRNAMESEP, '-', "Directory-filename separator"}, - {"listsep", OPT_LISTSEP, '-', "List separator character"}, - {"seeds", OPT_SEEDS, '-', "Seed sources"}, - {"cpusettings", OPT_CPUSETTINGS, '-', "CPU settings info"}, - {NULL} -}; - -int info_main(int argc, char **argv) -{ - int ret = 1, dirty = 0, type = 0; - char *prog; - OPTION_CHOICE o; - - prog = opt_init(argc, argv, info_options); - while ((o = opt_next()) != OPT_EOF) { - switch (o) { - default: -opthelp: - BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); - goto end; - case OPT_HELP: - opt_help(info_options); - ret = 0; - goto end; - case OPT_CONFIGDIR: - type = OPENSSL_INFO_CONFIG_DIR; - dirty++; - break; - case OPT_ENGINESDIR: - type = OPENSSL_INFO_ENGINES_DIR; - dirty++; - break; - case OPT_MODULESDIR: - type = OPENSSL_INFO_MODULES_DIR; - dirty++; - break; - case OPT_DSOEXT: - type = OPENSSL_INFO_DSO_EXTENSION; - dirty++; - break; - case OPT_DIRNAMESEP: - type = OPENSSL_INFO_DIR_FILENAME_SEPARATOR; - dirty++; - break; - case OPT_LISTSEP: - type = OPENSSL_INFO_LIST_SEPARATOR; - dirty++; - break; - case OPT_SEEDS: - type = OPENSSL_INFO_SEED_SOURCE; - dirty++; - break; - case OPT_CPUSETTINGS: - type = OPENSSL_INFO_CPU_SETTINGS; - dirty++; - break; - } - } - if (opt_num_rest() != 0) - goto opthelp; - if (dirty > 1) { - BIO_printf(bio_err, "%s: Only one item allowed\n", prog); - goto opthelp; - } - if (dirty == 0) { - BIO_printf(bio_err, "%s: No items chosen\n", prog); - goto opthelp; - } - - BIO_printf(bio_out, "%s\n", OPENSSL_info(type)); - ret = 0; - end: - return ret; -} diff --git a/apps/insta.ca.crt b/apps/insta.ca.crt deleted file mode 100644 index 6aea6d4f9794cdfb0900a3f0aba6f67b5221fde0..0000000000000000000000000000000000000000 Binary files a/apps/insta.ca.crt and /dev/null differ diff --git a/apps/kdf.c b/apps/kdf.c deleted file mode 100644 index 89ee1f69c7669ff85263e0bd1a7f299103008ee9..0000000000000000000000000000000000000000 --- a/apps/kdf.c +++ /dev/null @@ -1,211 +0,0 @@ -/* - * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include - -#include "apps.h" -#include "progs.h" -#include -#include -#include -#include -#include - -typedef enum OPTION_choice { - OPT_COMMON, - OPT_KDFOPT, OPT_BIN, OPT_KEYLEN, OPT_OUT, - OPT_CIPHER, OPT_DIGEST, OPT_MAC, - OPT_PROV_ENUM -} OPTION_CHOICE; - -const OPTIONS kdf_options[] = { - {OPT_HELP_STR, 1, '-', "Usage: %s [options] kdf_name\n"}, - - OPT_SECTION("General"), - {"help", OPT_HELP, '-', "Display this summary"}, - {"kdfopt", OPT_KDFOPT, 's', "KDF algorithm control parameters in n:v form"}, - {"cipher", OPT_CIPHER, 's', "Cipher"}, - {"digest", OPT_DIGEST, 's', "Digest"}, - {"mac", OPT_MAC, 's', "MAC"}, - {OPT_MORE_STR, 1, '-', "See 'Supported Controls' in the EVP_KDF_ docs\n"}, - {"keylen", OPT_KEYLEN, 's', "The size of the output derived key"}, - - OPT_SECTION("Output"), - {"out", OPT_OUT, '>', "Output to filename rather than stdout"}, - {"binary", OPT_BIN, '-', - "Output in binary format (default is hexadecimal)"}, - - OPT_PROV_OPTIONS, - - OPT_PARAMETERS(), - {"kdf_name", 0, 0, "Name of the KDF algorithm"}, - {NULL} -}; - -static char *alloc_kdf_algorithm_name(STACK_OF(OPENSSL_STRING) **optp, - const char *name, const char *arg) -{ - size_t len = strlen(name) + strlen(arg) + 2; - char *res; - - if (*optp == NULL) - *optp = sk_OPENSSL_STRING_new_null(); - if (*optp == NULL) - return NULL; - - res = app_malloc(len, "algorithm name"); - BIO_snprintf(res, len, "%s:%s", name, arg); - if (sk_OPENSSL_STRING_push(*optp, res)) - return res; - OPENSSL_free(res); - return NULL; -} - -int kdf_main(int argc, char **argv) -{ - int ret = 1, out_bin = 0; - OPTION_CHOICE o; - STACK_OF(OPENSSL_STRING) *opts = NULL; - char *prog, *hexout = NULL; - const char *outfile = NULL; - unsigned char *dkm_bytes = NULL; - size_t dkm_len = 0; - BIO *out = NULL; - EVP_KDF *kdf = NULL; - EVP_KDF_CTX *ctx = NULL; - char *digest = NULL, *cipher = NULL, *mac = NULL; - - prog = opt_init(argc, argv, kdf_options); - while ((o = opt_next()) != OPT_EOF) { - switch (o) { - default: -opthelp: - BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); - goto err; - case OPT_HELP: - opt_help(kdf_options); - ret = 0; - goto err; - case OPT_BIN: - out_bin = 1; - break; - case OPT_KEYLEN: - dkm_len = (size_t)atoi(opt_arg()); - break; - case OPT_OUT: - outfile = opt_arg(); - break; - case OPT_KDFOPT: - if (opts == NULL) - opts = sk_OPENSSL_STRING_new_null(); - if (opts == NULL || !sk_OPENSSL_STRING_push(opts, opt_arg())) - goto opthelp; - break; - case OPT_CIPHER: - OPENSSL_free(cipher); - cipher = alloc_kdf_algorithm_name(&opts, "cipher", opt_arg()); - if (cipher == NULL) - goto opthelp; - break; - case OPT_DIGEST: - OPENSSL_free(digest); - digest = alloc_kdf_algorithm_name(&opts, "digest", opt_arg()); - if (digest == NULL) - goto opthelp; - break; - case OPT_MAC: - OPENSSL_free(mac); - mac = alloc_kdf_algorithm_name(&opts, "mac", opt_arg()); - if (mac == NULL) - goto opthelp; - break; - case OPT_PROV_CASES: - if (!opt_provider(o)) - goto err; - break; - } - } - - /* One argument, the KDF name. */ - argc = opt_num_rest(); - argv = opt_rest(); - if (argc != 1) - goto opthelp; - - if ((kdf = EVP_KDF_fetch(app_get0_libctx(), argv[0], - app_get0_propq())) == NULL) { - BIO_printf(bio_err, "Invalid KDF name %s\n", argv[0]); - goto opthelp; - } - - ctx = EVP_KDF_CTX_new(kdf); - if (ctx == NULL) - goto err; - - if (opts != NULL) { - int ok = 1; - OSSL_PARAM *params = - app_params_new_from_opts(opts, EVP_KDF_settable_ctx_params(kdf)); - - if (params == NULL) - goto err; - - if (!EVP_KDF_CTX_set_params(ctx, params)) { - BIO_printf(bio_err, "KDF parameter error\n"); - ERR_print_errors(bio_err); - ok = 0; - } - app_params_free(params); - if (!ok) - goto err; - } - - out = bio_open_default(outfile, 'w', out_bin ? FORMAT_BINARY : FORMAT_TEXT); - if (out == NULL) - goto err; - - if (dkm_len <= 0) { - BIO_printf(bio_err, "Invalid derived key length.\n"); - goto err; - } - dkm_bytes = app_malloc(dkm_len, "out buffer"); - if (dkm_bytes == NULL) - goto err; - - if (!EVP_KDF_derive(ctx, dkm_bytes, dkm_len, NULL)) { - BIO_printf(bio_err, "EVP_KDF_derive failed\n"); - goto err; - } - - if (out_bin) { - BIO_write(out, dkm_bytes, dkm_len); - } else { - hexout = OPENSSL_buf2hexstr(dkm_bytes, dkm_len); - if (hexout == NULL) { - BIO_printf(bio_err, "Memory allocation failure\n"); - goto err; - } - BIO_printf(out, "%s\n\n", hexout); - } - - ret = 0; -err: - if (ret != 0) - ERR_print_errors(bio_err); - OPENSSL_clear_free(dkm_bytes, dkm_len); - sk_OPENSSL_STRING_free(opts); - EVP_KDF_free(kdf); - EVP_KDF_CTX_free(ctx); - BIO_free(out); - OPENSSL_free(hexout); - OPENSSL_free(cipher); - OPENSSL_free(digest); - OPENSSL_free(mac); - return ret; -} diff --git a/apps/lib/app_libctx.c b/apps/lib/app_libctx.c deleted file mode 100644 index 4b9ec40e85276a9db844a6645e13bba8ad4f3b90..0000000000000000000000000000000000000000 --- a/apps/lib/app_libctx.c +++ /dev/null @@ -1,48 +0,0 @@ -/* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ -#include "app_libctx.h" -#include "apps.h" - -static OSSL_LIB_CTX *app_libctx = NULL; -static const char *app_propq = NULL; - -int app_set_propq(const char *arg) -{ - app_propq = arg; - return 1; -} - -const char *app_get0_propq(void) -{ - return app_propq; -} - -OSSL_LIB_CTX *app_get0_libctx(void) -{ - return app_libctx; -} - -OSSL_LIB_CTX *app_create_libctx(void) -{ - /* - * Load the NULL provider into the default library context and create a - * library context which will then be used for any OPT_PROV options. - */ - if (app_libctx == NULL) { - if (!app_provider_load(NULL, "null")) { - opt_printf_stderr( "Failed to create null provider\n"); - return NULL; - } - app_libctx = OSSL_LIB_CTX_new(); - } - if (app_libctx == NULL) - opt_printf_stderr("Failed to create library context\n"); - return app_libctx; -} - diff --git a/apps/lib/app_params.c b/apps/lib/app_params.c deleted file mode 100644 index 95e1298ee9269120d1202968f824d9c021285d07..0000000000000000000000000000000000000000 --- a/apps/lib/app_params.c +++ /dev/null @@ -1,132 +0,0 @@ -/* - * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include "apps.h" -#include "app_params.h" - -static int describe_param_type(char *buf, size_t bufsz, const OSSL_PARAM *param) -{ - const char *type_mod = ""; - const char *type = NULL; - int show_type_number = 0; - int printed_len; - - switch (param->data_type) { - case OSSL_PARAM_UNSIGNED_INTEGER: - type_mod = "unsigned "; - /* FALLTHRU */ - case OSSL_PARAM_INTEGER: - type = "integer"; - break; - case OSSL_PARAM_UTF8_PTR: - type_mod = "pointer to a "; - /* FALLTHRU */ - case OSSL_PARAM_UTF8_STRING: - type = "UTF8 encoded string"; - break; - case OSSL_PARAM_OCTET_PTR: - type_mod = "pointer to an "; - /* FALLTHRU */ - case OSSL_PARAM_OCTET_STRING: - type = "octet string"; - break; - default: - type = "unknown type"; - show_type_number = 1; - break; - } - - printed_len = BIO_snprintf(buf, bufsz, "%s: ", param->key); - if (printed_len > 0) { - buf += printed_len; - bufsz -= printed_len; - } - printed_len = BIO_snprintf(buf, bufsz, "%s%s", type_mod, type); - if (printed_len > 0) { - buf += printed_len; - bufsz -= printed_len; - } - if (show_type_number) { - printed_len = BIO_snprintf(buf, bufsz, " [%d]", param->data_type); - if (printed_len > 0) { - buf += printed_len; - bufsz -= printed_len; - } - } - if (param->data_size == 0) - printed_len = BIO_snprintf(buf, bufsz, " (arbitrary size)"); - else - printed_len = BIO_snprintf(buf, bufsz, " (max %zu bytes large)", - param->data_size); - if (printed_len > 0) { - buf += printed_len; - bufsz -= printed_len; - } - *buf = '\0'; - return 1; -} - -int print_param_types(const char *thing, const OSSL_PARAM *pdefs, int indent) -{ - if (pdefs == NULL) { - return 1; - } else if (pdefs->key == NULL) { - /* - * An empty list? This shouldn't happen, but let's just make sure to - * say something if there's a badly written provider... - */ - BIO_printf(bio_out, "%*sEmpty list of %s (!!!)\n", indent, "", thing); - } else { - BIO_printf(bio_out, "%*s%s:\n", indent, "", thing); - for (; pdefs->key != NULL; pdefs++) { - char buf[200]; /* This should be ample space */ - - describe_param_type(buf, sizeof(buf), pdefs); - BIO_printf(bio_out, "%*s %s\n", indent, "", buf); - } - } - return 1; -} - -void print_param_value(const OSSL_PARAM *p, int indent) -{ - int64_t i; - uint64_t u; - - printf("%*s%s: ", indent, "", p->key); - switch (p->data_type) { - case OSSL_PARAM_UNSIGNED_INTEGER: - if (OSSL_PARAM_get_uint64(p, &u)) - BIO_printf(bio_out, "%llu\n", (unsigned long long int)u); - else - BIO_printf(bio_out, "error getting value\n"); - break; - case OSSL_PARAM_INTEGER: - if (OSSL_PARAM_get_int64(p, &i)) - BIO_printf(bio_out, "%lld\n", (long long int)i); - else - BIO_printf(bio_out, "error getting value\n"); - break; - case OSSL_PARAM_UTF8_PTR: - BIO_printf(bio_out, "'%s'\n", *(char **)(p->data)); - break; - case OSSL_PARAM_UTF8_STRING: - BIO_printf(bio_out, "'%s'\n", (char *)p->data); - break; - case OSSL_PARAM_OCTET_PTR: - case OSSL_PARAM_OCTET_STRING: - BIO_printf(bio_out, "<%zu bytes>\n", p->data_size); - break; - default: - BIO_printf(bio_out, "unknown type (%u) of %zu bytes\n", - p->data_type, p->data_size); - break; - } -} - diff --git a/apps/lib/app_provider.c b/apps/lib/app_provider.c deleted file mode 100644 index 63f78ae07d80b1c34df03ca560cc787c5cab6d30..0000000000000000000000000000000000000000 --- a/apps/lib/app_provider.c +++ /dev/null @@ -1,92 +0,0 @@ -/* - * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include "apps.h" -#include -#include -#include -#include - -/* Non-zero if any of the provider options have been seen */ -static int provider_option_given = 0; - -DEFINE_STACK_OF(OSSL_PROVIDER) - -/* - * See comments in opt_verify for explanation of this. - */ -enum prov_range { OPT_PROV_ENUM }; - -static STACK_OF(OSSL_PROVIDER) *app_providers = NULL; - -static void provider_free(OSSL_PROVIDER *prov) -{ - OSSL_PROVIDER_unload(prov); -} - -int app_provider_load(OSSL_LIB_CTX *libctx, const char *provider_name) -{ - OSSL_PROVIDER *prov; - - prov = OSSL_PROVIDER_load(libctx, provider_name); - if (prov == NULL) { - opt_printf_stderr("%s: unable to load provider %s\n" - "Hint: use -provider-path option or OPENSSL_MODULES environment variable.\n", - opt_getprog(), provider_name); - ERR_print_errors(bio_err); - return 0; - } - if (app_providers == NULL) - app_providers = sk_OSSL_PROVIDER_new_null(); - if (app_providers == NULL - || !sk_OSSL_PROVIDER_push(app_providers, prov)) { - app_providers_cleanup(); - return 0; - } - return 1; -} - -void app_providers_cleanup(void) -{ - sk_OSSL_PROVIDER_pop_free(app_providers, provider_free); - app_providers = NULL; -} - -static int opt_provider_path(const char *path) -{ - if (path != NULL && *path == '\0') - path = NULL; - return OSSL_PROVIDER_set_default_search_path(app_get0_libctx(), path); -} - -int opt_provider(int opt) -{ - const int given = provider_option_given; - - provider_option_given = 1; - switch ((enum prov_range)opt) { - case OPT_PROV__FIRST: - case OPT_PROV__LAST: - return 1; - case OPT_PROV_PROVIDER: - return app_provider_load(app_get0_libctx(), opt_arg()); - case OPT_PROV_PROVIDER_PATH: - return opt_provider_path(opt_arg()); - case OPT_PROV_PROPQUERY: - return app_set_propq(opt_arg()); - } - /* Should never get here but if we do, undo what we did earlier */ - provider_option_given = given; - return 0; -} - -int opt_provider_option_given(void) -{ - return provider_option_given; -} diff --git a/apps/lib/app_rand.c b/apps/lib/app_rand.c deleted file mode 100644 index 713792ead40a3d486ec21ffc03df6761ac5e460c..0000000000000000000000000000000000000000 --- a/apps/lib/app_rand.c +++ /dev/null @@ -1,124 +0,0 @@ -/* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include "apps.h" -#include -#include -#include -#include - -static char *save_rand_file; -static STACK_OF(OPENSSL_STRING) *randfiles; - -void app_RAND_load_conf(CONF *c, const char *section) -{ - const char *randfile = NCONF_get_string(c, section, "RANDFILE"); - - if (randfile == NULL) { - ERR_clear_error(); - return; - } - if (RAND_load_file(randfile, -1) < 0) { - BIO_printf(bio_err, "Can't load %s into RNG\n", randfile); - ERR_print_errors(bio_err); - } - if (save_rand_file == NULL) { - save_rand_file = OPENSSL_strdup(randfile); - /* If some internal memory errors have occurred */ - if (save_rand_file == NULL) { - BIO_printf(bio_err, "Can't duplicate %s\n", randfile); - ERR_print_errors(bio_err); - } - } -} - -static int loadfiles(char *name) -{ - char *p; - int last, ret = 1; - - for ( ; ; ) { - last = 0; - for (p = name; *p != '\0' && *p != LIST_SEPARATOR_CHAR; p++) - continue; - if (*p == '\0') - last = 1; - *p = '\0'; - if (RAND_load_file(name, -1) < 0) { - BIO_printf(bio_err, "Can't load %s into RNG\n", name); - ERR_print_errors(bio_err); - ret = 0; - } - if (last) - break; - name = p + 1; - if (*name == '\0') - break; - } - return ret; -} - -int app_RAND_load(void) -{ - char *p; - int i, ret = 1; - - for (i = 0; i < sk_OPENSSL_STRING_num(randfiles); i++) { - p = sk_OPENSSL_STRING_value(randfiles, i); - if (!loadfiles(p)) - ret = 0; - } - sk_OPENSSL_STRING_free(randfiles); - return ret; -} - -int app_RAND_write(void) -{ - int ret = 1; - - if (save_rand_file == NULL) - return 1; - if (RAND_write_file(save_rand_file) == -1) { - BIO_printf(bio_err, "Cannot write random bytes:\n"); - ERR_print_errors(bio_err); - ret = 0; - } - OPENSSL_free(save_rand_file); - save_rand_file = NULL; - return ret; -} - - -/* - * See comments in opt_verify for explanation of this. - */ -enum r_range { OPT_R_ENUM }; - -int opt_rand(int opt) -{ - switch ((enum r_range)opt) { - case OPT_R__FIRST: - case OPT_R__LAST: - break; - case OPT_R_RAND: - if (randfiles == NULL - && (randfiles = sk_OPENSSL_STRING_new_null()) == NULL) - return 0; - if (!sk_OPENSSL_STRING_push(randfiles, opt_arg())) - return 0; - break; - case OPT_R_WRITERAND: - OPENSSL_free(save_rand_file); - save_rand_file = OPENSSL_strdup(opt_arg()); - if (save_rand_file == NULL) - return 0; - break; - } - return 1; -} diff --git a/apps/lib/app_x509.c b/apps/lib/app_x509.c deleted file mode 100644 index f2c22948f20160968eb100a135d65a256846d858..0000000000000000000000000000000000000000 --- a/apps/lib/app_x509.c +++ /dev/null @@ -1,137 +0,0 @@ -/* - * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "apps.h" - -/* - * X509_ctrl_str() is sorely lacking in libcrypto, but is still needed to - * allow the application to process verification options in a manner similar - * to signature or other options that pass through EVP_PKEY_CTX_ctrl_str(), - * for uniformity. - * - * As soon as more stuff is added, the code will need serious rework. For - * the moment, it only handles the FIPS 196 / SM2 distinguishing ID. - */ -#ifdef EVP_PKEY_CTRL_SET1_ID -static ASN1_OCTET_STRING *mk_octet_string(void *value, size_t value_n) -{ - ASN1_OCTET_STRING *v = ASN1_OCTET_STRING_new(); - - if (v == NULL) { - BIO_printf(bio_err, "error: allocation failed\n"); - } else if (!ASN1_OCTET_STRING_set(v, value, (int)value_n)) { - ASN1_OCTET_STRING_free(v); - v = NULL; - } - return v; -} -#endif - -static int x509_ctrl(void *object, int cmd, void *value, size_t value_n) -{ - switch (cmd) { -#ifdef EVP_PKEY_CTRL_SET1_ID - case EVP_PKEY_CTRL_SET1_ID: - { - ASN1_OCTET_STRING *v = mk_octet_string(value, value_n); - - if (v == NULL) { - BIO_printf(bio_err, - "error: setting distinguishing ID in certificate failed\n"); - return 0; - } - - X509_set0_distinguishing_id(object, v); - return 1; - } -#endif - default: - break; - } - return -2; /* typical EVP_PKEY return for "unsupported" */ -} - -static int x509_req_ctrl(void *object, int cmd, void *value, size_t value_n) -{ - switch (cmd) { -#ifdef EVP_PKEY_CTRL_SET1_ID - case EVP_PKEY_CTRL_SET1_ID: - { - ASN1_OCTET_STRING *v = mk_octet_string(value, value_n); - - if (v == NULL) { - BIO_printf(bio_err, - "error: setting distinguishing ID in certificate signing request failed\n"); - return 0; - } - - X509_REQ_set0_distinguishing_id(object, v); - return 1; - } -#endif - default: - break; - } - return -2; /* typical EVP_PKEY return for "unsupported" */ -} - -static int do_x509_ctrl_string(int (*ctrl)(void *object, int cmd, - void *value, size_t value_n), - void *object, const char *value) -{ - int rv = 0; - char *stmp, *vtmp = NULL; - size_t vtmp_len = 0; - int cmd = 0; /* Will get command values that make sense somehow */ - - stmp = OPENSSL_strdup(value); - if (stmp == NULL) - return -1; - vtmp = strchr(stmp, ':'); - if (vtmp != NULL) { - *vtmp = 0; - vtmp++; - vtmp_len = strlen(vtmp); - } - - if (strcmp(stmp, "distid") == 0) { -#ifdef EVP_PKEY_CTRL_SET1_ID - cmd = EVP_PKEY_CTRL_SET1_ID; /* ... except we put it in X509 */ -#endif - } else if (strcmp(stmp, "hexdistid") == 0) { - if (vtmp != NULL) { - void *hexid; - long hexid_len = 0; - - hexid = OPENSSL_hexstr2buf((const char *)vtmp, &hexid_len); - OPENSSL_free(stmp); - stmp = vtmp = hexid; - vtmp_len = (size_t)hexid_len; - } -#ifdef EVP_PKEY_CTRL_SET1_ID - cmd = EVP_PKEY_CTRL_SET1_ID; /* ... except we put it in X509 */ -#endif - } - - rv = ctrl(object, cmd, vtmp, vtmp_len); - - OPENSSL_free(stmp); - return rv; -} - -int x509_ctrl_string(X509 *x, const char *value) -{ - return do_x509_ctrl_string(x509_ctrl, x, value); -} - -int x509_req_ctrl_string(X509_REQ *x, const char *value) -{ - return do_x509_ctrl_string(x509_req_ctrl, x, value); -} diff --git a/apps/lib/apps.c b/apps/lib/apps.c deleted file mode 100644 index 9456a21868a45b95937da520a08a74f3f7bd1bf6..0000000000000000000000000000000000000000 --- a/apps/lib/apps.c +++ /dev/null @@ -1,3396 +0,0 @@ -/* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#if !defined(_POSIX_C_SOURCE) && defined(OPENSSL_SYS_VMS) -/* - * On VMS, you need to define this to get the declaration of fileno(). The - * value 2 is to make sure no function defined in POSIX-2 is left undefined. - */ -# define _POSIX_C_SOURCE 2 -#endif - -#ifndef OPENSSL_NO_ENGINE -/* We need to use some deprecated APIs */ -# define OPENSSL_SUPPRESS_DEPRECATED -# include -#endif - -#include -#include -#include -#include -#ifndef OPENSSL_NO_POSIX_IO -# include -# include -#endif -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include "s_apps.h" -#include "apps.h" - -#ifdef _WIN32 -static int WIN32_rename(const char *from, const char *to); -# define rename(from,to) WIN32_rename((from),(to)) -#endif - -#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) -# include -#endif - -#if defined(OPENSSL_SYS_MSDOS) && !defined(_WIN32) || defined(__BORLANDC__) -# define _kbhit kbhit -#endif - -static BIO *bio_open_default_(const char *filename, char mode, int format, - int quiet); - -#define PASS_SOURCE_SIZE_MAX 4 - -DEFINE_STACK_OF(CONF) - -typedef struct { - const char *name; - unsigned long flag; - unsigned long mask; -} NAME_EX_TBL; - -static int set_table_opts(unsigned long *flags, const char *arg, - const NAME_EX_TBL * in_tbl); -static int set_multi_opts(unsigned long *flags, const char *arg, - const NAME_EX_TBL * in_tbl); -static -int load_key_certs_crls_suppress(const char *uri, int format, int maybe_stdin, - const char *pass, const char *desc, - EVP_PKEY **ppkey, EVP_PKEY **ppubkey, - EVP_PKEY **pparams, - X509 **pcert, STACK_OF(X509) **pcerts, - X509_CRL **pcrl, STACK_OF(X509_CRL) **pcrls, - int suppress_decode_errors); - -int app_init(long mesgwin); - -int chopup_args(ARGS *arg, char *buf) -{ - int quoted; - char c = '\0', *p = NULL; - - arg->argc = 0; - if (arg->size == 0) { - arg->size = 20; - arg->argv = app_malloc(sizeof(*arg->argv) * arg->size, "argv space"); - } - - for (p = buf;;) { - /* Skip whitespace. */ - while (*p && isspace(_UC(*p))) - p++; - if (*p == '\0') - break; - - /* The start of something good :-) */ - if (arg->argc >= arg->size) { - char **tmp; - arg->size += 20; - tmp = OPENSSL_realloc(arg->argv, sizeof(*arg->argv) * arg->size); - if (tmp == NULL) - return 0; - arg->argv = tmp; - } - quoted = *p == '\'' || *p == '"'; - if (quoted) - c = *p++; - arg->argv[arg->argc++] = p; - - /* now look for the end of this */ - if (quoted) { - while (*p && *p != c) - p++; - *p++ = '\0'; - } else { - while (*p && !isspace(_UC(*p))) - p++; - if (*p) - *p++ = '\0'; - } - } - arg->argv[arg->argc] = NULL; - return 1; -} - -#ifndef APP_INIT -int app_init(long mesgwin) -{ - return 1; -} -#endif - -int ctx_set_verify_locations(SSL_CTX *ctx, - const char *CAfile, int noCAfile, - const char *CApath, int noCApath, - const char *CAstore, int noCAstore) -{ - if (CAfile == NULL && CApath == NULL && CAstore == NULL) { - if (!noCAfile && SSL_CTX_set_default_verify_file(ctx) <= 0) - return 0; - if (!noCApath && SSL_CTX_set_default_verify_dir(ctx) <= 0) - return 0; - if (!noCAstore && SSL_CTX_set_default_verify_store(ctx) <= 0) - return 0; - - return 1; - } - - if (CAfile != NULL && !SSL_CTX_load_verify_file(ctx, CAfile)) - return 0; - if (CApath != NULL && !SSL_CTX_load_verify_dir(ctx, CApath)) - return 0; - if (CAstore != NULL && !SSL_CTX_load_verify_store(ctx, CAstore)) - return 0; - return 1; -} - -#ifndef OPENSSL_NO_CT - -int ctx_set_ctlog_list_file(SSL_CTX *ctx, const char *path) -{ - if (path == NULL) - return SSL_CTX_set_default_ctlog_list_file(ctx); - - return SSL_CTX_set_ctlog_list_file(ctx, path); -} - -#endif - -static unsigned long nmflag = 0; -static char nmflag_set = 0; - -int set_nameopt(const char *arg) -{ - int ret = set_name_ex(&nmflag, arg); - - if (ret) - nmflag_set = 1; - - return ret; -} - -unsigned long get_nameopt(void) -{ - return (nmflag_set) ? nmflag : XN_FLAG_ONELINE; -} - -void dump_cert_text(BIO *out, X509 *x) -{ - print_name(out, "subject=", X509_get_subject_name(x)); - print_name(out, "issuer=", X509_get_issuer_name(x)); -} - -int wrap_password_callback(char *buf, int bufsiz, int verify, void *userdata) -{ - return password_callback(buf, bufsiz, verify, (PW_CB_DATA *)userdata); -} - - -static char *app_get_pass(const char *arg, int keepbio); - -char *get_passwd(const char *pass, const char *desc) -{ - char *result = NULL; - - if (desc == NULL) - desc = ""; - if (!app_passwd(pass, NULL, &result, NULL)) - BIO_printf(bio_err, "Error getting password for %s\n", desc); - if (pass != NULL && result == NULL) { - BIO_printf(bio_err, - "Trying plain input string (better precede with 'pass:')\n"); - result = OPENSSL_strdup(pass); - if (result == NULL) - BIO_printf(bio_err, "Out of memory getting password for %s\n", desc); - } - return result; -} - -int app_passwd(const char *arg1, const char *arg2, char **pass1, char **pass2) -{ - int same = arg1 != NULL && arg2 != NULL && strcmp(arg1, arg2) == 0; - - if (arg1 != NULL) { - *pass1 = app_get_pass(arg1, same); - if (*pass1 == NULL) - return 0; - } else if (pass1 != NULL) { - *pass1 = NULL; - } - if (arg2 != NULL) { - *pass2 = app_get_pass(arg2, same ? 2 : 0); - if (*pass2 == NULL) - return 0; - } else if (pass2 != NULL) { - *pass2 = NULL; - } - return 1; -} - -static char *app_get_pass(const char *arg, int keepbio) -{ - static BIO *pwdbio = NULL; - char *tmp, tpass[APP_PASS_LEN]; - int i; - - /* PASS_SOURCE_SIZE_MAX = max number of chars before ':' in below strings */ - if (strncmp(arg, "pass:", 5) == 0) - return OPENSSL_strdup(arg + 5); - if (strncmp(arg, "env:", 4) == 0) { - tmp = getenv(arg + 4); - if (tmp == NULL) { - BIO_printf(bio_err, "No environment variable %s\n", arg + 4); - return NULL; - } - return OPENSSL_strdup(tmp); - } - if (!keepbio || pwdbio == NULL) { - if (strncmp(arg, "file:", 5) == 0) { - pwdbio = BIO_new_file(arg + 5, "r"); - if (pwdbio == NULL) { - BIO_printf(bio_err, "Can't open file %s\n", arg + 5); - return NULL; - } -#if !defined(_WIN32) - /* - * Under _WIN32, which covers even Win64 and CE, file - * descriptors referenced by BIO_s_fd are not inherited - * by child process and therefore below is not an option. - * It could have been an option if bss_fd.c was operating - * on real Windows descriptors, such as those obtained - * with CreateFile. - */ - } else if (strncmp(arg, "fd:", 3) == 0) { - BIO *btmp; - i = atoi(arg + 3); - if (i >= 0) - pwdbio = BIO_new_fd(i, BIO_NOCLOSE); - if ((i < 0) || pwdbio == NULL) { - BIO_printf(bio_err, "Can't access file descriptor %s\n", arg + 3); - return NULL; - } - /* - * Can't do BIO_gets on an fd BIO so add a buffering BIO - */ - btmp = BIO_new(BIO_f_buffer()); - if (btmp == NULL) { - BIO_free_all(pwdbio); - pwdbio = NULL; - BIO_printf(bio_err, "Out of memory\n"); - return NULL; - } - pwdbio = BIO_push(btmp, pwdbio); -#endif - } else if (strcmp(arg, "stdin") == 0) { - pwdbio = dup_bio_in(FORMAT_TEXT); - if (pwdbio == NULL) { - BIO_printf(bio_err, "Can't open BIO for stdin\n"); - return NULL; - } - } else { - /* argument syntax error; do not reveal too much about arg */ - tmp = strchr(arg, ':'); - if (tmp == NULL || tmp - arg > PASS_SOURCE_SIZE_MAX) - BIO_printf(bio_err, - "Invalid password argument, missing ':' within the first %d chars\n", - PASS_SOURCE_SIZE_MAX + 1); - else - BIO_printf(bio_err, - "Invalid password argument, starting with \"%.*s\"\n", - (int)(tmp - arg + 1), arg); - return NULL; - } - } - i = BIO_gets(pwdbio, tpass, APP_PASS_LEN); - if (keepbio != 1) { - BIO_free_all(pwdbio); - pwdbio = NULL; - } - if (i <= 0) { - BIO_printf(bio_err, "Error reading password from BIO\n"); - return NULL; - } - tmp = strchr(tpass, '\n'); - if (tmp != NULL) - *tmp = 0; - return OPENSSL_strdup(tpass); -} - -CONF *app_load_config_bio(BIO *in, const char *filename) -{ - long errorline = -1; - CONF *conf; - int i; - - conf = NCONF_new_ex(app_get0_libctx(), NULL); - i = NCONF_load_bio(conf, in, &errorline); - if (i > 0) - return conf; - - if (errorline <= 0) { - BIO_printf(bio_err, "%s: Can't load ", opt_getprog()); - } else { - BIO_printf(bio_err, "%s: Error on line %ld of ", opt_getprog(), - errorline); - } - if (filename != NULL) - BIO_printf(bio_err, "config file \"%s\"\n", filename); - else - BIO_printf(bio_err, "config input"); - - NCONF_free(conf); - return NULL; -} - -CONF *app_load_config_verbose(const char *filename, int verbose) -{ - if (verbose) { - if (*filename == '\0') - BIO_printf(bio_err, "No configuration used\n"); - else - BIO_printf(bio_err, "Using configuration from %s\n", filename); - } - return app_load_config_internal(filename, 0); -} - -CONF *app_load_config_internal(const char *filename, int quiet) -{ - BIO *in; - CONF *conf; - - if (filename == NULL || *filename != '\0') { - if ((in = bio_open_default_(filename, 'r', FORMAT_TEXT, quiet)) == NULL) - return NULL; - conf = app_load_config_bio(in, filename); - BIO_free(in); - } else { - /* Return empty config if filename is empty string. */ - conf = NCONF_new_ex(app_get0_libctx(), NULL); - } - return conf; -} - -int app_load_modules(const CONF *config) -{ - CONF *to_free = NULL; - - if (config == NULL) - config = to_free = app_load_config_quiet(default_config_file); - if (config == NULL) - return 1; - - if (CONF_modules_load(config, NULL, 0) <= 0) { - BIO_printf(bio_err, "Error configuring OpenSSL modules\n"); - ERR_print_errors(bio_err); - NCONF_free(to_free); - return 0; - } - NCONF_free(to_free); - return 1; -} - -int add_oid_section(CONF *conf) -{ - char *p; - STACK_OF(CONF_VALUE) *sktmp; - CONF_VALUE *cnf; - int i; - - if ((p = NCONF_get_string(conf, NULL, "oid_section")) == NULL) { - ERR_clear_error(); - return 1; - } - if ((sktmp = NCONF_get_section(conf, p)) == NULL) { - BIO_printf(bio_err, "problem loading oid section %s\n", p); - return 0; - } - for (i = 0; i < sk_CONF_VALUE_num(sktmp); i++) { - cnf = sk_CONF_VALUE_value(sktmp, i); - if (OBJ_create(cnf->value, cnf->name, cnf->name) == NID_undef) { - BIO_printf(bio_err, "problem creating object %s=%s\n", - cnf->name, cnf->value); - return 0; - } - } - return 1; -} - -CONF *app_load_config_modules(const char *configfile) -{ - CONF *conf = NULL; - - if (configfile != NULL) { - if ((conf = app_load_config_verbose(configfile, 1)) == NULL) - return NULL; - if (configfile != default_config_file && !app_load_modules(conf)) { - NCONF_free(conf); - conf = NULL; - } - } - return conf; -} - -#define IS_HTTP(uri) ((uri) != NULL \ - && strncmp(uri, OSSL_HTTP_PREFIX, strlen(OSSL_HTTP_PREFIX)) == 0) -#define IS_HTTPS(uri) ((uri) != NULL \ - && strncmp(uri, OSSL_HTTPS_PREFIX, strlen(OSSL_HTTPS_PREFIX)) == 0) - -X509 *load_cert_pass(const char *uri, int format, int maybe_stdin, - const char *pass, const char *desc) -{ - X509 *cert = NULL; - - if (desc == NULL) - desc = "certificate"; - if (IS_HTTPS(uri)) - BIO_printf(bio_err, "Loading %s over HTTPS is unsupported\n", desc); - else if (IS_HTTP(uri)) - cert = X509_load_http(uri, NULL, NULL, 0 /* timeout */); - else - (void)load_key_certs_crls(uri, format, maybe_stdin, pass, desc, - NULL, NULL, NULL, &cert, NULL, NULL, NULL); - if (cert == NULL) { - BIO_printf(bio_err, "Unable to load %s\n", desc); - ERR_print_errors(bio_err); - } - return cert; -} - -X509_CRL *load_crl(const char *uri, int format, int maybe_stdin, - const char *desc) -{ - X509_CRL *crl = NULL; - - if (desc == NULL) - desc = "CRL"; - if (IS_HTTPS(uri)) - BIO_printf(bio_err, "Loading %s over HTTPS is unsupported\n", desc); - else if (IS_HTTP(uri)) - crl = X509_CRL_load_http(uri, NULL, NULL, 0 /* timeout */); - else - (void)load_key_certs_crls(uri, format, maybe_stdin, NULL, desc, - NULL, NULL, NULL, NULL, NULL, &crl, NULL); - if (crl == NULL) { - BIO_printf(bio_err, "Unable to load %s\n", desc); - ERR_print_errors(bio_err); - } - return crl; -} - -X509_REQ *load_csr(const char *file, int format, const char *desc) -{ - X509_REQ *req = NULL; - BIO *in; - - if (format == FORMAT_UNDEF) - format = FORMAT_PEM; - if (desc == NULL) - desc = "CSR"; - in = bio_open_default(file, 'r', format); - if (in == NULL) - goto end; - - if (format == FORMAT_ASN1) - req = d2i_X509_REQ_bio(in, NULL); - else if (format == FORMAT_PEM) - req = PEM_read_bio_X509_REQ(in, NULL, NULL, NULL); - else - print_format_error(format, OPT_FMT_PEMDER); - - end: - if (req == NULL) { - BIO_printf(bio_err, "Unable to load %s\n", desc); - ERR_print_errors(bio_err); - } - BIO_free(in); - return req; -} - -void cleanse(char *str) -{ - if (str != NULL) - OPENSSL_cleanse(str, strlen(str)); -} - -void clear_free(char *str) -{ - if (str != NULL) - OPENSSL_clear_free(str, strlen(str)); -} - -EVP_PKEY *load_key(const char *uri, int format, int may_stdin, - const char *pass, ENGINE *e, const char *desc) -{ - EVP_PKEY *pkey = NULL; - char *allocated_uri = NULL; - - if (desc == NULL) - desc = "private key"; - - if (format == FORMAT_ENGINE) { - uri = allocated_uri = make_engine_uri(e, uri, desc); - } - (void)load_key_certs_crls(uri, format, may_stdin, pass, desc, - &pkey, NULL, NULL, NULL, NULL, NULL, NULL); - - OPENSSL_free(allocated_uri); - return pkey; -} - -EVP_PKEY *load_pubkey(const char *uri, int format, int maybe_stdin, - const char *pass, ENGINE *e, const char *desc) -{ - EVP_PKEY *pkey = NULL; - char *allocated_uri = NULL; - - if (desc == NULL) - desc = "public key"; - - if (format == FORMAT_ENGINE) { - uri = allocated_uri = make_engine_uri(e, uri, desc); - } - (void)load_key_certs_crls(uri, format, maybe_stdin, pass, desc, - NULL, &pkey, NULL, NULL, NULL, NULL, NULL); - - OPENSSL_free(allocated_uri); - return pkey; -} - -EVP_PKEY *load_keyparams_suppress(const char *uri, int format, int maybe_stdin, - const char *keytype, const char *desc, - int suppress_decode_errors) -{ - EVP_PKEY *params = NULL; - - if (desc == NULL) - desc = "key parameters"; - - (void)load_key_certs_crls_suppress(uri, format, maybe_stdin, NULL, desc, - NULL, NULL, ¶ms, NULL, NULL, NULL, - NULL, suppress_decode_errors); - if (params != NULL && keytype != NULL && !EVP_PKEY_is_a(params, keytype)) { - if (!suppress_decode_errors) { - BIO_printf(bio_err, - "Unable to load %s from %s (unexpected parameters type)\n", - desc, uri); - ERR_print_errors(bio_err); - } - EVP_PKEY_free(params); - params = NULL; - } - return params; -} - -EVP_PKEY *load_keyparams(const char *uri, int format, int maybe_stdin, - const char *keytype, const char *desc) -{ - return load_keyparams_suppress(uri, format, maybe_stdin, keytype, desc, 0); -} - -void app_bail_out(char *fmt, ...) -{ - va_list args; - - va_start(args, fmt); - BIO_vprintf(bio_err, fmt, args); - va_end(args); - ERR_print_errors(bio_err); - exit(EXIT_FAILURE); -} - -void *app_malloc(size_t sz, const char *what) -{ - void *vp = OPENSSL_malloc(sz); - - if (vp == NULL) - app_bail_out("%s: Could not allocate %zu bytes for %s\n", - opt_getprog(), sz, what); - return vp; -} - -char *next_item(char *opt) /* in list separated by comma and/or space */ -{ - /* advance to separator (comma or whitespace), if any */ - while (*opt != ',' && !isspace(*opt) && *opt != '\0') - opt++; - if (*opt != '\0') { - /* terminate current item */ - *opt++ = '\0'; - /* skip over any whitespace after separator */ - while (isspace(*opt)) - opt++; - } - return *opt == '\0' ? NULL : opt; /* NULL indicates end of input */ -} - -static void warn_cert_msg(const char *uri, X509 *cert, const char *msg) -{ - char *subj = X509_NAME_oneline(X509_get_subject_name(cert), NULL, 0); - - BIO_printf(bio_err, "Warning: certificate from '%s' with subject '%s' %s\n", - uri, subj, msg); - OPENSSL_free(subj); -} - -static void warn_cert(const char *uri, X509 *cert, int warn_EE, - X509_VERIFY_PARAM *vpm) -{ - uint32_t ex_flags = X509_get_extension_flags(cert); - int res = X509_cmp_timeframe(vpm, X509_get0_notBefore(cert), - X509_get0_notAfter(cert)); - - if (res != 0) - warn_cert_msg(uri, cert, res > 0 ? "has expired" : "not yet valid"); - if (warn_EE && (ex_flags & EXFLAG_V1) == 0 && (ex_flags & EXFLAG_CA) == 0) - warn_cert_msg(uri, cert, "is not a CA cert"); -} - -static void warn_certs(const char *uri, STACK_OF(X509) *certs, int warn_EE, - X509_VERIFY_PARAM *vpm) -{ - int i; - - for (i = 0; i < sk_X509_num(certs); i++) - warn_cert(uri, sk_X509_value(certs, i), warn_EE, vpm); -} - -int load_cert_certs(const char *uri, - X509 **pcert, STACK_OF(X509) **pcerts, - int exclude_http, const char *pass, const char *desc, - X509_VERIFY_PARAM *vpm) -{ - int ret = 0; - char *pass_string; - - if (exclude_http && (OPENSSL_strncasecmp(uri, "http://", 7) == 0 - || OPENSSL_strncasecmp(uri, "https://", 8) == 0)) { - BIO_printf(bio_err, "error: HTTP retrieval not allowed for %s\n", desc); - return ret; - } - pass_string = get_passwd(pass, desc); - ret = load_key_certs_crls(uri, FORMAT_UNDEF, 0, pass_string, desc, - NULL, NULL, NULL, - pcert, pcerts, NULL, NULL); - clear_free(pass_string); - - if (ret) { - if (pcert != NULL) - warn_cert(uri, *pcert, 0, vpm); - if (pcerts != NULL) - warn_certs(uri, *pcerts, 1, vpm); - } else { - if (pcerts != NULL) { - sk_X509_pop_free(*pcerts, X509_free); - *pcerts = NULL; - } - } - return ret; -} - -STACK_OF(X509) *load_certs_multifile(char *files, const char *pass, - const char *desc, X509_VERIFY_PARAM *vpm) -{ - STACK_OF(X509) *certs = NULL; - STACK_OF(X509) *result = sk_X509_new_null(); - - if (files == NULL) - goto err; - if (result == NULL) - goto oom; - - while (files != NULL) { - char *next = next_item(files); - - if (!load_cert_certs(files, NULL, &certs, 0, pass, desc, vpm)) - goto err; - if (!X509_add_certs(result, certs, - X509_ADD_FLAG_UP_REF | X509_ADD_FLAG_NO_DUP)) - goto oom; - sk_X509_pop_free(certs, X509_free); - certs = NULL; - files = next; - } - return result; - - oom: - BIO_printf(bio_err, "out of memory\n"); - err: - sk_X509_pop_free(certs, X509_free); - sk_X509_pop_free(result, X509_free); - return NULL; -} - -static X509_STORE *sk_X509_to_store(X509_STORE *store /* may be NULL */, - const STACK_OF(X509) *certs /* may NULL */) -{ - int i; - - if (store == NULL) - store = X509_STORE_new(); - if (store == NULL) - return NULL; - for (i = 0; i < sk_X509_num(certs); i++) { - if (!X509_STORE_add_cert(store, sk_X509_value(certs, i))) { - X509_STORE_free(store); - return NULL; - } - } - return store; -} - -/* - * Create cert store structure with certificates read from given file(s). - * Returns pointer to created X509_STORE on success, NULL on error. - */ -X509_STORE *load_certstore(char *input, const char *pass, const char *desc, - X509_VERIFY_PARAM *vpm) -{ - X509_STORE *store = NULL; - STACK_OF(X509) *certs = NULL; - - while (input != NULL) { - char *next = next_item(input); - int ok; - - if (!load_cert_certs(input, NULL, &certs, 1, pass, desc, vpm)) { - X509_STORE_free(store); - return NULL; - } - ok = (store = sk_X509_to_store(store, certs)) != NULL; - sk_X509_pop_free(certs, X509_free); - certs = NULL; - if (!ok) - return NULL; - input = next; - } - return store; -} - -/* - * Initialize or extend, if *certs != NULL, a certificate stack. - * The caller is responsible for freeing *certs if its value is left not NULL. - */ -int load_certs(const char *uri, int maybe_stdin, STACK_OF(X509) **certs, - const char *pass, const char *desc) -{ - int was_NULL = *certs == NULL; - int ret = load_key_certs_crls(uri, FORMAT_UNDEF, maybe_stdin, - pass, desc, NULL, NULL, - NULL, NULL, certs, NULL, NULL); - - if (!ret && was_NULL) { - sk_X509_pop_free(*certs, X509_free); - *certs = NULL; - } - return ret; -} - -/* - * Initialize or extend, if *crls != NULL, a certificate stack. - * The caller is responsible for freeing *crls if its value is left not NULL. - */ -int load_crls(const char *uri, STACK_OF(X509_CRL) **crls, - const char *pass, const char *desc) -{ - int was_NULL = *crls == NULL; - int ret = load_key_certs_crls(uri, FORMAT_UNDEF, 0, pass, desc, - NULL, NULL, NULL, - NULL, NULL, NULL, crls); - - if (!ret && was_NULL) { - sk_X509_CRL_pop_free(*crls, X509_CRL_free); - *crls = NULL; - } - return ret; -} - -static const char *format2string(int format) -{ - switch(format) { - case FORMAT_PEM: - return "PEM"; - case FORMAT_ASN1: - return "DER"; - } - return NULL; -} - -/* Set type expectation, but clear it if objects of different types expected. */ -#define SET_EXPECT(expect, val) ((expect) = (expect) < 0 ? (val) : ((expect) == (val) ? (val) : 0)) -/* - * Load those types of credentials for which the result pointer is not NULL. - * Reads from stdio if uri is NULL and maybe_stdin is nonzero. - * For non-NULL ppkey, pcert, and pcrl the first suitable value found is loaded. - * If pcerts is non-NULL and *pcerts == NULL then a new cert list is allocated. - * If pcerts is non-NULL then all available certificates are appended to *pcerts - * except any certificate assigned to *pcert. - * If pcrls is non-NULL and *pcrls == NULL then a new list of CRLs is allocated. - * If pcrls is non-NULL then all available CRLs are appended to *pcerts - * except any CRL assigned to *pcrl. - * In any case (also on error) the caller is responsible for freeing all members - * of *pcerts and *pcrls (as far as they are not NULL). - */ -static -int load_key_certs_crls_suppress(const char *uri, int format, int maybe_stdin, - const char *pass, const char *desc, - EVP_PKEY **ppkey, EVP_PKEY **ppubkey, - EVP_PKEY **pparams, - X509 **pcert, STACK_OF(X509) **pcerts, - X509_CRL **pcrl, STACK_OF(X509_CRL) **pcrls, - int suppress_decode_errors) -{ - PW_CB_DATA uidata; - OSSL_STORE_CTX *ctx = NULL; - OSSL_LIB_CTX *libctx = app_get0_libctx(); - const char *propq = app_get0_propq(); - int ncerts = 0; - int ncrls = 0; - const char *failed = - ppkey != NULL ? "key" : ppubkey != NULL ? "public key" : - pparams != NULL ? "params" : pcert != NULL ? "cert" : - pcrl != NULL ? "CRL" : pcerts != NULL ? "certs" : - pcrls != NULL ? "CRLs" : NULL; - int cnt_expectations = 0; - int expect = -1; - const char *input_type; - OSSL_PARAM itp[2]; - const OSSL_PARAM *params = NULL; - - if (ppkey != NULL) { - *ppkey = NULL; - cnt_expectations++; - SET_EXPECT(expect, OSSL_STORE_INFO_PKEY); - } - if (ppubkey != NULL) { - *ppubkey = NULL; - cnt_expectations++; - SET_EXPECT(expect, OSSL_STORE_INFO_PUBKEY); - } - if (pparams != NULL) { - *pparams = NULL; - cnt_expectations++; - SET_EXPECT(expect, OSSL_STORE_INFO_PARAMS); - } - if (pcert != NULL) { - *pcert = NULL; - cnt_expectations++; - SET_EXPECT(expect, OSSL_STORE_INFO_CERT); - } - if (pcerts != NULL) { - if (*pcerts == NULL && (*pcerts = sk_X509_new_null()) == NULL) { - BIO_printf(bio_err, "Out of memory loading"); - goto end; - } - cnt_expectations++; - SET_EXPECT(expect, OSSL_STORE_INFO_CERT); - } - if (pcrl != NULL) { - *pcrl = NULL; - cnt_expectations++; - SET_EXPECT(expect, OSSL_STORE_INFO_CRL); - } - if (pcrls != NULL) { - if (*pcrls == NULL && (*pcrls = sk_X509_CRL_new_null()) == NULL) { - BIO_printf(bio_err, "Out of memory loading"); - goto end; - } - cnt_expectations++; - SET_EXPECT(expect, OSSL_STORE_INFO_CRL); - } - if (cnt_expectations == 0) { - BIO_printf(bio_err, "Internal error: nothing to load from %s\n", - uri != NULL ? uri : ""); - return 0; - } - - uidata.password = pass; - uidata.prompt_info = uri; - - if ((input_type = format2string(format)) != NULL) { - itp[0] = OSSL_PARAM_construct_utf8_string(OSSL_STORE_PARAM_INPUT_TYPE, - (char *)input_type, 0); - itp[1] = OSSL_PARAM_construct_end(); - params = itp; - } - - if (uri == NULL) { - BIO *bio; - - if (!maybe_stdin) { - BIO_printf(bio_err, "No filename or uri specified for loading"); - goto end; - } - uri = ""; - unbuffer(stdin); - bio = BIO_new_fp(stdin, 0); - if (bio != NULL) { - ctx = OSSL_STORE_attach(bio, "file", libctx, propq, - get_ui_method(), &uidata, params, - NULL, NULL); - BIO_free(bio); - } - } else { - ctx = OSSL_STORE_open_ex(uri, libctx, propq, get_ui_method(), &uidata, - params, NULL, NULL); - } - if (ctx == NULL) { - BIO_printf(bio_err, "Could not open file or uri for loading"); - goto end; - } - if (expect > 0 && !OSSL_STORE_expect(ctx, expect)) - goto end; - - failed = NULL; - while (cnt_expectations > 0 && !OSSL_STORE_eof(ctx)) { - OSSL_STORE_INFO *info = OSSL_STORE_load(ctx); - int type, ok = 1; - - /* - * This can happen (for example) if we attempt to load a file with - * multiple different types of things in it - but the thing we just - * tried to load wasn't one of the ones we wanted, e.g. if we're trying - * to load a certificate but the file has both the private key and the - * certificate in it. We just retry until eof. - */ - if (info == NULL) { - continue; - } - - type = OSSL_STORE_INFO_get_type(info); - switch (type) { - case OSSL_STORE_INFO_PKEY: - if (ppkey != NULL && *ppkey == NULL) { - ok = (*ppkey = OSSL_STORE_INFO_get1_PKEY(info)) != NULL; - cnt_expectations -= ok; - } - /* - * An EVP_PKEY with private parts also holds the public parts, - * so if the caller asked for a public key, and we got a private - * key, we can still pass it back. - */ - if (ok && ppubkey != NULL && *ppubkey == NULL) { - ok = ((*ppubkey = OSSL_STORE_INFO_get1_PKEY(info)) != NULL); - cnt_expectations -= ok; - } - break; - case OSSL_STORE_INFO_PUBKEY: - if (ppubkey != NULL && *ppubkey == NULL) { - ok = ((*ppubkey = OSSL_STORE_INFO_get1_PUBKEY(info)) != NULL); - cnt_expectations -= ok; - } - break; - case OSSL_STORE_INFO_PARAMS: - if (pparams != NULL && *pparams == NULL) { - ok = ((*pparams = OSSL_STORE_INFO_get1_PARAMS(info)) != NULL); - cnt_expectations -= ok; - } - break; - case OSSL_STORE_INFO_CERT: - if (pcert != NULL && *pcert == NULL) { - ok = (*pcert = OSSL_STORE_INFO_get1_CERT(info)) != NULL; - cnt_expectations -= ok; - } - else if (pcerts != NULL) - ok = X509_add_cert(*pcerts, - OSSL_STORE_INFO_get1_CERT(info), - X509_ADD_FLAG_DEFAULT); - ncerts += ok; - break; - case OSSL_STORE_INFO_CRL: - if (pcrl != NULL && *pcrl == NULL) { - ok = (*pcrl = OSSL_STORE_INFO_get1_CRL(info)) != NULL; - cnt_expectations -= ok; - } - else if (pcrls != NULL) - ok = sk_X509_CRL_push(*pcrls, OSSL_STORE_INFO_get1_CRL(info)); - ncrls += ok; - break; - default: - /* skip any other type */ - break; - } - OSSL_STORE_INFO_free(info); - if (!ok) { - failed = info == NULL ? NULL : OSSL_STORE_INFO_type_string(type); - BIO_printf(bio_err, "Error reading"); - break; - } - } - - end: - OSSL_STORE_close(ctx); - if (failed == NULL) { - int any = 0; - - if ((ppkey != NULL && *ppkey == NULL) - || (ppubkey != NULL && *ppubkey == NULL)) { - failed = "key"; - } else if (pparams != NULL && *pparams == NULL) { - failed = "params"; - } else if ((pcert != NULL || pcerts != NULL) && ncerts == 0) { - if (pcert == NULL) - any = 1; - failed = "cert"; - } else if ((pcrl != NULL || pcrls != NULL) && ncrls == 0) { - if (pcrl == NULL) - any = 1; - failed = "CRL"; - } - if (!suppress_decode_errors) { - if (failed != NULL) - BIO_printf(bio_err, "Could not read"); - if (any) - BIO_printf(bio_err, " any"); - } - } - if (!suppress_decode_errors && failed != NULL) { - if (desc != NULL && strstr(desc, failed) != NULL) { - BIO_printf(bio_err, " %s", desc); - } else { - BIO_printf(bio_err, " %s", failed); - if (desc != NULL) - BIO_printf(bio_err, " of %s", desc); - } - if (uri != NULL) - BIO_printf(bio_err, " from %s", uri); - BIO_printf(bio_err, "\n"); - ERR_print_errors(bio_err); - } - if (suppress_decode_errors || failed == NULL) - /* clear any spurious errors */ - ERR_clear_error(); - return failed == NULL; -} - -int load_key_certs_crls(const char *uri, int format, int maybe_stdin, - const char *pass, const char *desc, - EVP_PKEY **ppkey, EVP_PKEY **ppubkey, - EVP_PKEY **pparams, - X509 **pcert, STACK_OF(X509) **pcerts, - X509_CRL **pcrl, STACK_OF(X509_CRL) **pcrls) -{ - return load_key_certs_crls_suppress(uri, format, maybe_stdin, pass, desc, - ppkey, ppubkey, pparams, pcert, pcerts, - pcrl, pcrls, 0); -} - -#define X509V3_EXT_UNKNOWN_MASK (0xfL << 16) -/* Return error for unknown extensions */ -#define X509V3_EXT_DEFAULT 0 -/* Print error for unknown extensions */ -#define X509V3_EXT_ERROR_UNKNOWN (1L << 16) -/* ASN1 parse unknown extensions */ -#define X509V3_EXT_PARSE_UNKNOWN (2L << 16) -/* BIO_dump unknown extensions */ -#define X509V3_EXT_DUMP_UNKNOWN (3L << 16) - -#define X509_FLAG_CA (X509_FLAG_NO_ISSUER | X509_FLAG_NO_PUBKEY | \ - X509_FLAG_NO_HEADER | X509_FLAG_NO_VERSION) - -int set_cert_ex(unsigned long *flags, const char *arg) -{ - static const NAME_EX_TBL cert_tbl[] = { - {"compatible", X509_FLAG_COMPAT, 0xffffffffl}, - {"ca_default", X509_FLAG_CA, 0xffffffffl}, - {"no_header", X509_FLAG_NO_HEADER, 0}, - {"no_version", X509_FLAG_NO_VERSION, 0}, - {"no_serial", X509_FLAG_NO_SERIAL, 0}, - {"no_signame", X509_FLAG_NO_SIGNAME, 0}, - {"no_validity", X509_FLAG_NO_VALIDITY, 0}, - {"no_subject", X509_FLAG_NO_SUBJECT, 0}, - {"no_issuer", X509_FLAG_NO_ISSUER, 0}, - {"no_pubkey", X509_FLAG_NO_PUBKEY, 0}, - {"no_extensions", X509_FLAG_NO_EXTENSIONS, 0}, - {"no_sigdump", X509_FLAG_NO_SIGDUMP, 0}, - {"no_aux", X509_FLAG_NO_AUX, 0}, - {"no_attributes", X509_FLAG_NO_ATTRIBUTES, 0}, - {"ext_default", X509V3_EXT_DEFAULT, X509V3_EXT_UNKNOWN_MASK}, - {"ext_error", X509V3_EXT_ERROR_UNKNOWN, X509V3_EXT_UNKNOWN_MASK}, - {"ext_parse", X509V3_EXT_PARSE_UNKNOWN, X509V3_EXT_UNKNOWN_MASK}, - {"ext_dump", X509V3_EXT_DUMP_UNKNOWN, X509V3_EXT_UNKNOWN_MASK}, - {NULL, 0, 0} - }; - return set_multi_opts(flags, arg, cert_tbl); -} - -int set_name_ex(unsigned long *flags, const char *arg) -{ - static const NAME_EX_TBL ex_tbl[] = { - {"esc_2253", ASN1_STRFLGS_ESC_2253, 0}, - {"esc_2254", ASN1_STRFLGS_ESC_2254, 0}, - {"esc_ctrl", ASN1_STRFLGS_ESC_CTRL, 0}, - {"esc_msb", ASN1_STRFLGS_ESC_MSB, 0}, - {"use_quote", ASN1_STRFLGS_ESC_QUOTE, 0}, - {"utf8", ASN1_STRFLGS_UTF8_CONVERT, 0}, - {"ignore_type", ASN1_STRFLGS_IGNORE_TYPE, 0}, - {"show_type", ASN1_STRFLGS_SHOW_TYPE, 0}, - {"dump_all", ASN1_STRFLGS_DUMP_ALL, 0}, - {"dump_nostr", ASN1_STRFLGS_DUMP_UNKNOWN, 0}, - {"dump_der", ASN1_STRFLGS_DUMP_DER, 0}, - {"compat", XN_FLAG_COMPAT, 0xffffffffL}, - {"sep_comma_plus", XN_FLAG_SEP_COMMA_PLUS, XN_FLAG_SEP_MASK}, - {"sep_comma_plus_space", XN_FLAG_SEP_CPLUS_SPC, XN_FLAG_SEP_MASK}, - {"sep_semi_plus_space", XN_FLAG_SEP_SPLUS_SPC, XN_FLAG_SEP_MASK}, - {"sep_multiline", XN_FLAG_SEP_MULTILINE, XN_FLAG_SEP_MASK}, - {"dn_rev", XN_FLAG_DN_REV, 0}, - {"nofname", XN_FLAG_FN_NONE, XN_FLAG_FN_MASK}, - {"sname", XN_FLAG_FN_SN, XN_FLAG_FN_MASK}, - {"lname", XN_FLAG_FN_LN, XN_FLAG_FN_MASK}, - {"align", XN_FLAG_FN_ALIGN, 0}, - {"oid", XN_FLAG_FN_OID, XN_FLAG_FN_MASK}, - {"space_eq", XN_FLAG_SPC_EQ, 0}, - {"dump_unknown", XN_FLAG_DUMP_UNKNOWN_FIELDS, 0}, - {"RFC2253", XN_FLAG_RFC2253, 0xffffffffL}, - {"oneline", XN_FLAG_ONELINE, 0xffffffffL}, - {"multiline", XN_FLAG_MULTILINE, 0xffffffffL}, - {"ca_default", XN_FLAG_MULTILINE, 0xffffffffL}, - {NULL, 0, 0} - }; - if (set_multi_opts(flags, arg, ex_tbl) == 0) - return 0; - if (*flags != XN_FLAG_COMPAT - && (*flags & XN_FLAG_SEP_MASK) == 0) - *flags |= XN_FLAG_SEP_CPLUS_SPC; - return 1; -} - -int set_dateopt(unsigned long *dateopt, const char *arg) -{ - if (OPENSSL_strcasecmp(arg, "rfc_822") == 0) - *dateopt = ASN1_DTFLGS_RFC822; - else if (OPENSSL_strcasecmp(arg, "iso_8601") == 0) - *dateopt = ASN1_DTFLGS_ISO8601; - else - return 0; - return 1; -} - -int set_ext_copy(int *copy_type, const char *arg) -{ - if (OPENSSL_strcasecmp(arg, "none") == 0) - *copy_type = EXT_COPY_NONE; - else if (OPENSSL_strcasecmp(arg, "copy") == 0) - *copy_type = EXT_COPY_ADD; - else if (OPENSSL_strcasecmp(arg, "copyall") == 0) - *copy_type = EXT_COPY_ALL; - else - return 0; - return 1; -} - -int copy_extensions(X509 *x, X509_REQ *req, int copy_type) -{ - STACK_OF(X509_EXTENSION) *exts; - int i, ret = 0; - - if (x == NULL || req == NULL) - return 0; - if (copy_type == EXT_COPY_NONE) - return 1; - exts = X509_REQ_get_extensions(req); - - for (i = 0; i < sk_X509_EXTENSION_num(exts); i++) { - X509_EXTENSION *ext = sk_X509_EXTENSION_value(exts, i); - ASN1_OBJECT *obj = X509_EXTENSION_get_object(ext); - int idx = X509_get_ext_by_OBJ(x, obj, -1); - - /* Does extension exist in target? */ - if (idx != -1) { - /* If normal copy don't override existing extension */ - if (copy_type == EXT_COPY_ADD) - continue; - /* Delete all extensions of same type */ - do { - X509_EXTENSION_free(X509_delete_ext(x, idx)); - idx = X509_get_ext_by_OBJ(x, obj, -1); - } while (idx != -1); - } - if (!X509_add_ext(x, ext, -1)) - goto end; - } - ret = 1; - - end: - sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free); - return ret; -} - -static int set_multi_opts(unsigned long *flags, const char *arg, - const NAME_EX_TBL * in_tbl) -{ - STACK_OF(CONF_VALUE) *vals; - CONF_VALUE *val; - int i, ret = 1; - if (!arg) - return 0; - vals = X509V3_parse_list(arg); - for (i = 0; i < sk_CONF_VALUE_num(vals); i++) { - val = sk_CONF_VALUE_value(vals, i); - if (!set_table_opts(flags, val->name, in_tbl)) - ret = 0; - } - sk_CONF_VALUE_pop_free(vals, X509V3_conf_free); - return ret; -} - -static int set_table_opts(unsigned long *flags, const char *arg, - const NAME_EX_TBL * in_tbl) -{ - char c; - const NAME_EX_TBL *ptbl; - c = arg[0]; - - if (c == '-') { - c = 0; - arg++; - } else if (c == '+') { - c = 1; - arg++; - } else { - c = 1; - } - - for (ptbl = in_tbl; ptbl->name; ptbl++) { - if (OPENSSL_strcasecmp(arg, ptbl->name) == 0) { - *flags &= ~ptbl->mask; - if (c) - *flags |= ptbl->flag; - else - *flags &= ~ptbl->flag; - return 1; - } - } - return 0; -} - -void print_name(BIO *out, const char *title, const X509_NAME *nm) -{ - char *buf; - char mline = 0; - int indent = 0; - unsigned long lflags = get_nameopt(); - - if (out == NULL) - return; - if (title != NULL) - BIO_puts(out, title); - if ((lflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) { - mline = 1; - indent = 4; - } - if (lflags == XN_FLAG_COMPAT) { - buf = X509_NAME_oneline(nm, 0, 0); - BIO_puts(out, buf); - BIO_puts(out, "\n"); - OPENSSL_free(buf); - } else { - if (mline) - BIO_puts(out, "\n"); - X509_NAME_print_ex(out, nm, indent, lflags); - BIO_puts(out, "\n"); - } -} - -void print_bignum_var(BIO *out, const BIGNUM *in, const char *var, - int len, unsigned char *buffer) -{ - BIO_printf(out, " static unsigned char %s_%d[] = {", var, len); - if (BN_is_zero(in)) { - BIO_printf(out, "\n 0x00"); - } else { - int i, l; - - l = BN_bn2bin(in, buffer); - for (i = 0; i < l; i++) { - BIO_printf(out, (i % 10) == 0 ? "\n " : " "); - if (i < l - 1) - BIO_printf(out, "0x%02X,", buffer[i]); - else - BIO_printf(out, "0x%02X", buffer[i]); - } - } - BIO_printf(out, "\n };\n"); -} - -void print_array(BIO *out, const char* title, int len, const unsigned char* d) -{ - int i; - - BIO_printf(out, "unsigned char %s[%d] = {", title, len); - for (i = 0; i < len; i++) { - if ((i % 10) == 0) - BIO_printf(out, "\n "); - if (i < len - 1) - BIO_printf(out, "0x%02X, ", d[i]); - else - BIO_printf(out, "0x%02X", d[i]); - } - BIO_printf(out, "\n};\n"); -} - -X509_STORE *setup_verify(const char *CAfile, int noCAfile, - const char *CApath, int noCApath, - const char *CAstore, int noCAstore) -{ - X509_STORE *store = X509_STORE_new(); - X509_LOOKUP *lookup; - OSSL_LIB_CTX *libctx = app_get0_libctx(); - const char *propq = app_get0_propq(); - - if (store == NULL) - goto end; - - if (CAfile != NULL || !noCAfile) { - lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file()); - if (lookup == NULL) - goto end; - if (CAfile != NULL) { - if (X509_LOOKUP_load_file_ex(lookup, CAfile, X509_FILETYPE_PEM, - libctx, propq) <= 0) { - BIO_printf(bio_err, "Error loading file %s\n", CAfile); - goto end; - } - } else { - X509_LOOKUP_load_file_ex(lookup, NULL, X509_FILETYPE_DEFAULT, - libctx, propq); - } - } - - if (CApath != NULL || !noCApath) { - lookup = X509_STORE_add_lookup(store, X509_LOOKUP_hash_dir()); - if (lookup == NULL) - goto end; - if (CApath != NULL) { - if (X509_LOOKUP_add_dir(lookup, CApath, X509_FILETYPE_PEM) <= 0) { - BIO_printf(bio_err, "Error loading directory %s\n", CApath); - goto end; - } - } else { - X509_LOOKUP_add_dir(lookup, NULL, X509_FILETYPE_DEFAULT); - } - } - - if (CAstore != NULL || !noCAstore) { - lookup = X509_STORE_add_lookup(store, X509_LOOKUP_store()); - if (lookup == NULL) - goto end; - if (!X509_LOOKUP_add_store_ex(lookup, CAstore, libctx, propq)) { - if (CAstore != NULL) - BIO_printf(bio_err, "Error loading store URI %s\n", CAstore); - goto end; - } - } - - ERR_clear_error(); - return store; - end: - ERR_print_errors(bio_err); - X509_STORE_free(store); - return NULL; -} - -static unsigned long index_serial_hash(const OPENSSL_CSTRING *a) -{ - const char *n; - - n = a[DB_serial]; - while (*n == '0') - n++; - return OPENSSL_LH_strhash(n); -} - -static int index_serial_cmp(const OPENSSL_CSTRING *a, - const OPENSSL_CSTRING *b) -{ - const char *aa, *bb; - - for (aa = a[DB_serial]; *aa == '0'; aa++) ; - for (bb = b[DB_serial]; *bb == '0'; bb++) ; - return strcmp(aa, bb); -} - -static int index_name_qual(char **a) -{ - return (a[0][0] == 'V'); -} - -static unsigned long index_name_hash(const OPENSSL_CSTRING *a) -{ - return OPENSSL_LH_strhash(a[DB_name]); -} - -int index_name_cmp(const OPENSSL_CSTRING *a, const OPENSSL_CSTRING *b) -{ - return strcmp(a[DB_name], b[DB_name]); -} - -static IMPLEMENT_LHASH_HASH_FN(index_serial, OPENSSL_CSTRING) -static IMPLEMENT_LHASH_COMP_FN(index_serial, OPENSSL_CSTRING) -static IMPLEMENT_LHASH_HASH_FN(index_name, OPENSSL_CSTRING) -static IMPLEMENT_LHASH_COMP_FN(index_name, OPENSSL_CSTRING) -#undef BSIZE -#define BSIZE 256 -BIGNUM *load_serial(const char *serialfile, int *exists, int create, - ASN1_INTEGER **retai) -{ - BIO *in = NULL; - BIGNUM *ret = NULL; - char buf[1024]; - ASN1_INTEGER *ai = NULL; - - ai = ASN1_INTEGER_new(); - if (ai == NULL) - goto err; - - in = BIO_new_file(serialfile, "r"); - if (exists != NULL) - *exists = in != NULL; - if (in == NULL) { - if (!create) { - perror(serialfile); - goto err; - } - ERR_clear_error(); - ret = BN_new(); - if (ret == NULL) { - BIO_printf(bio_err, "Out of memory\n"); - } else if (!rand_serial(ret, ai)) { - BIO_printf(bio_err, "Error creating random number to store in %s\n", - serialfile); - BN_free(ret); - ret = NULL; - } - } else { - if (!a2i_ASN1_INTEGER(in, ai, buf, 1024)) { - BIO_printf(bio_err, "Unable to load number from %s\n", - serialfile); - goto err; - } - ret = ASN1_INTEGER_to_BN(ai, NULL); - if (ret == NULL) { - BIO_printf(bio_err, "Error converting number from bin to BIGNUM\n"); - goto err; - } - } - - if (ret != NULL && retai != NULL) { - *retai = ai; - ai = NULL; - } - err: - if (ret == NULL) - ERR_print_errors(bio_err); - BIO_free(in); - ASN1_INTEGER_free(ai); - return ret; -} - -int save_serial(const char *serialfile, const char *suffix, const BIGNUM *serial, - ASN1_INTEGER **retai) -{ - char buf[1][BSIZE]; - BIO *out = NULL; - int ret = 0; - ASN1_INTEGER *ai = NULL; - int j; - - if (suffix == NULL) - j = strlen(serialfile); - else - j = strlen(serialfile) + strlen(suffix) + 1; - if (j >= BSIZE) { - BIO_printf(bio_err, "File name too long\n"); - goto err; - } - - if (suffix == NULL) - OPENSSL_strlcpy(buf[0], serialfile, BSIZE); - else { -#ifndef OPENSSL_SYS_VMS - j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s.%s", serialfile, suffix); -#else - j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s-%s", serialfile, suffix); -#endif - } - out = BIO_new_file(buf[0], "w"); - if (out == NULL) { - goto err; - } - - if ((ai = BN_to_ASN1_INTEGER(serial, NULL)) == NULL) { - BIO_printf(bio_err, "error converting serial to ASN.1 format\n"); - goto err; - } - i2a_ASN1_INTEGER(out, ai); - BIO_puts(out, "\n"); - ret = 1; - if (retai) { - *retai = ai; - ai = NULL; - } - err: - if (!ret) - ERR_print_errors(bio_err); - BIO_free_all(out); - ASN1_INTEGER_free(ai); - return ret; -} - -int rotate_serial(const char *serialfile, const char *new_suffix, - const char *old_suffix) -{ - char buf[2][BSIZE]; - int i, j; - - i = strlen(serialfile) + strlen(old_suffix); - j = strlen(serialfile) + strlen(new_suffix); - if (i > j) - j = i; - if (j + 1 >= BSIZE) { - BIO_printf(bio_err, "File name too long\n"); - goto err; - } -#ifndef OPENSSL_SYS_VMS - j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s.%s", serialfile, new_suffix); - j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s.%s", serialfile, old_suffix); -#else - j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s-%s", serialfile, new_suffix); - j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s-%s", serialfile, old_suffix); -#endif - if (rename(serialfile, buf[1]) < 0 && errno != ENOENT -#ifdef ENOTDIR - && errno != ENOTDIR -#endif - ) { - BIO_printf(bio_err, - "Unable to rename %s to %s\n", serialfile, buf[1]); - perror("reason"); - goto err; - } - if (rename(buf[0], serialfile) < 0) { - BIO_printf(bio_err, - "Unable to rename %s to %s\n", buf[0], serialfile); - perror("reason"); - rename(buf[1], serialfile); - goto err; - } - return 1; - err: - ERR_print_errors(bio_err); - return 0; -} - -int rand_serial(BIGNUM *b, ASN1_INTEGER *ai) -{ - BIGNUM *btmp; - int ret = 0; - - btmp = b == NULL ? BN_new() : b; - if (btmp == NULL) - return 0; - - if (!BN_rand(btmp, SERIAL_RAND_BITS, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY)) - goto error; - if (ai && !BN_to_ASN1_INTEGER(btmp, ai)) - goto error; - - ret = 1; - - error: - - if (btmp != b) - BN_free(btmp); - - return ret; -} - -CA_DB *load_index(const char *dbfile, DB_ATTR *db_attr) -{ - CA_DB *retdb = NULL; - TXT_DB *tmpdb = NULL; - BIO *in; - CONF *dbattr_conf = NULL; - char buf[BSIZE]; -#ifndef OPENSSL_NO_POSIX_IO - FILE *dbfp; - struct stat dbst; -#endif - - in = BIO_new_file(dbfile, "r"); - if (in == NULL) - goto err; - -#ifndef OPENSSL_NO_POSIX_IO - BIO_get_fp(in, &dbfp); - if (fstat(fileno(dbfp), &dbst) == -1) { - ERR_raise_data(ERR_LIB_SYS, errno, - "calling fstat(%s)", dbfile); - goto err; - } -#endif - - if ((tmpdb = TXT_DB_read(in, DB_NUMBER)) == NULL) - goto err; - -#ifndef OPENSSL_SYS_VMS - BIO_snprintf(buf, sizeof(buf), "%s.attr", dbfile); -#else - BIO_snprintf(buf, sizeof(buf), "%s-attr", dbfile); -#endif - dbattr_conf = app_load_config_quiet(buf); - - retdb = app_malloc(sizeof(*retdb), "new DB"); - retdb->db = tmpdb; - tmpdb = NULL; - if (db_attr) - retdb->attributes = *db_attr; - else { - retdb->attributes.unique_subject = 1; - } - - if (dbattr_conf) { - char *p = NCONF_get_string(dbattr_conf, NULL, "unique_subject"); - if (p) { - retdb->attributes.unique_subject = parse_yesno(p, 1); - } - } - - retdb->dbfname = OPENSSL_strdup(dbfile); -#ifndef OPENSSL_NO_POSIX_IO - retdb->dbst = dbst; -#endif - - err: - ERR_print_errors(bio_err); - NCONF_free(dbattr_conf); - TXT_DB_free(tmpdb); - BIO_free_all(in); - return retdb; -} - -/* - * Returns > 0 on success, <= 0 on error - */ -int index_index(CA_DB *db) -{ - if (!TXT_DB_create_index(db->db, DB_serial, NULL, - LHASH_HASH_FN(index_serial), - LHASH_COMP_FN(index_serial))) { - BIO_printf(bio_err, - "Error creating serial number index:(%ld,%ld,%ld)\n", - db->db->error, db->db->arg1, db->db->arg2); - goto err; - } - - if (db->attributes.unique_subject - && !TXT_DB_create_index(db->db, DB_name, index_name_qual, - LHASH_HASH_FN(index_name), - LHASH_COMP_FN(index_name))) { - BIO_printf(bio_err, "Error creating name index:(%ld,%ld,%ld)\n", - db->db->error, db->db->arg1, db->db->arg2); - goto err; - } - return 1; - err: - ERR_print_errors(bio_err); - return 0; -} - -int save_index(const char *dbfile, const char *suffix, CA_DB *db) -{ - char buf[3][BSIZE]; - BIO *out; - int j; - - j = strlen(dbfile) + strlen(suffix); - if (j + 6 >= BSIZE) { - BIO_printf(bio_err, "File name too long\n"); - goto err; - } -#ifndef OPENSSL_SYS_VMS - j = BIO_snprintf(buf[2], sizeof(buf[2]), "%s.attr", dbfile); - j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s.attr.%s", dbfile, suffix); - j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s.%s", dbfile, suffix); -#else - j = BIO_snprintf(buf[2], sizeof(buf[2]), "%s-attr", dbfile); - j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s-attr-%s", dbfile, suffix); - j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s-%s", dbfile, suffix); -#endif - out = BIO_new_file(buf[0], "w"); - if (out == NULL) { - perror(dbfile); - BIO_printf(bio_err, "Unable to open '%s'\n", dbfile); - goto err; - } - j = TXT_DB_write(out, db->db); - BIO_free(out); - if (j <= 0) - goto err; - - out = BIO_new_file(buf[1], "w"); - if (out == NULL) { - perror(buf[2]); - BIO_printf(bio_err, "Unable to open '%s'\n", buf[2]); - goto err; - } - BIO_printf(out, "unique_subject = %s\n", - db->attributes.unique_subject ? "yes" : "no"); - BIO_free(out); - - return 1; - err: - ERR_print_errors(bio_err); - return 0; -} - -int rotate_index(const char *dbfile, const char *new_suffix, - const char *old_suffix) -{ - char buf[5][BSIZE]; - int i, j; - - i = strlen(dbfile) + strlen(old_suffix); - j = strlen(dbfile) + strlen(new_suffix); - if (i > j) - j = i; - if (j + 6 >= BSIZE) { - BIO_printf(bio_err, "File name too long\n"); - goto err; - } -#ifndef OPENSSL_SYS_VMS - j = BIO_snprintf(buf[4], sizeof(buf[4]), "%s.attr", dbfile); - j = BIO_snprintf(buf[3], sizeof(buf[3]), "%s.attr.%s", dbfile, old_suffix); - j = BIO_snprintf(buf[2], sizeof(buf[2]), "%s.attr.%s", dbfile, new_suffix); - j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s.%s", dbfile, old_suffix); - j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s.%s", dbfile, new_suffix); -#else - j = BIO_snprintf(buf[4], sizeof(buf[4]), "%s-attr", dbfile); - j = BIO_snprintf(buf[3], sizeof(buf[3]), "%s-attr-%s", dbfile, old_suffix); - j = BIO_snprintf(buf[2], sizeof(buf[2]), "%s-attr-%s", dbfile, new_suffix); - j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s-%s", dbfile, old_suffix); - j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s-%s", dbfile, new_suffix); -#endif - if (rename(dbfile, buf[1]) < 0 && errno != ENOENT -#ifdef ENOTDIR - && errno != ENOTDIR -#endif - ) { - BIO_printf(bio_err, "Unable to rename %s to %s\n", dbfile, buf[1]); - perror("reason"); - goto err; - } - if (rename(buf[0], dbfile) < 0) { - BIO_printf(bio_err, "Unable to rename %s to %s\n", buf[0], dbfile); - perror("reason"); - rename(buf[1], dbfile); - goto err; - } - if (rename(buf[4], buf[3]) < 0 && errno != ENOENT -#ifdef ENOTDIR - && errno != ENOTDIR -#endif - ) { - BIO_printf(bio_err, "Unable to rename %s to %s\n", buf[4], buf[3]); - perror("reason"); - rename(dbfile, buf[0]); - rename(buf[1], dbfile); - goto err; - } - if (rename(buf[2], buf[4]) < 0) { - BIO_printf(bio_err, "Unable to rename %s to %s\n", buf[2], buf[4]); - perror("reason"); - rename(buf[3], buf[4]); - rename(dbfile, buf[0]); - rename(buf[1], dbfile); - goto err; - } - return 1; - err: - ERR_print_errors(bio_err); - return 0; -} - -void free_index(CA_DB *db) -{ - if (db) { - TXT_DB_free(db->db); - OPENSSL_free(db->dbfname); - OPENSSL_free(db); - } -} - -int parse_yesno(const char *str, int def) -{ - if (str) { - switch (*str) { - case 'f': /* false */ - case 'F': /* FALSE */ - case 'n': /* no */ - case 'N': /* NO */ - case '0': /* 0 */ - return 0; - case 't': /* true */ - case 'T': /* TRUE */ - case 'y': /* yes */ - case 'Y': /* YES */ - case '1': /* 1 */ - return 1; - } - } - return def; -} - -/* - * name is expected to be in the format /type0=value0/type1=value1/type2=... - * where + can be used instead of / to form multi-valued RDNs if canmulti - * and characters may be escaped by \ - */ -X509_NAME *parse_name(const char *cp, int chtype, int canmulti, - const char *desc) -{ - int nextismulti = 0; - char *work; - X509_NAME *n; - - if (*cp++ != '/') { - BIO_printf(bio_err, - "%s: %s name is expected to be in the format " - "/type0=value0/type1=value1/type2=... where characters may " - "be escaped by \\. This name is not in that format: '%s'\n", - opt_getprog(), desc, --cp); - return NULL; - } - - n = X509_NAME_new(); - if (n == NULL) { - BIO_printf(bio_err, "%s: Out of memory\n", opt_getprog()); - return NULL; - } - work = OPENSSL_strdup(cp); - if (work == NULL) { - BIO_printf(bio_err, "%s: Error copying %s name input\n", - opt_getprog(), desc); - goto err; - } - - while (*cp != '\0') { - char *bp = work; - char *typestr = bp; - unsigned char *valstr; - int nid; - int ismulti = nextismulti; - nextismulti = 0; - - /* Collect the type */ - while (*cp != '\0' && *cp != '=') - *bp++ = *cp++; - *bp++ = '\0'; - if (*cp == '\0') { - BIO_printf(bio_err, - "%s: Missing '=' after RDN type string '%s' in %s name string\n", - opt_getprog(), typestr, desc); - goto err; - } - ++cp; - - /* Collect the value. */ - valstr = (unsigned char *)bp; - for (; *cp != '\0' && *cp != '/'; *bp++ = *cp++) { - /* unescaped '+' symbol string signals further member of multiRDN */ - if (canmulti && *cp == '+') { - nextismulti = 1; - break; - } - if (*cp == '\\' && *++cp == '\0') { - BIO_printf(bio_err, - "%s: Escape character at end of %s name string\n", - opt_getprog(), desc); - goto err; - } - } - *bp++ = '\0'; - - /* If not at EOS (must be + or /), move forward. */ - if (*cp != '\0') - ++cp; - - /* Parse */ - nid = OBJ_txt2nid(typestr); - if (nid == NID_undef) { - BIO_printf(bio_err, - "%s: Skipping unknown %s name attribute \"%s\"\n", - opt_getprog(), desc, typestr); - if (ismulti) - BIO_printf(bio_err, - "Hint: a '+' in a value string needs be escaped using '\\' else a new member of a multi-valued RDN is expected\n"); - continue; - } - if (*valstr == '\0') { - BIO_printf(bio_err, - "%s: No value provided for %s name attribute \"%s\", skipped\n", - opt_getprog(), desc, typestr); - continue; - } - if (!X509_NAME_add_entry_by_NID(n, nid, chtype, - valstr, strlen((char *)valstr), - -1, ismulti ? -1 : 0)) { - ERR_print_errors(bio_err); - BIO_printf(bio_err, - "%s: Error adding %s name attribute \"/%s=%s\"\n", - opt_getprog(), desc, typestr ,valstr); - goto err; - } - } - - OPENSSL_free(work); - return n; - - err: - X509_NAME_free(n); - OPENSSL_free(work); - return NULL; -} - -/* - * Read whole contents of a BIO into an allocated memory buffer and return - * it. - */ - -int bio_to_mem(unsigned char **out, int maxlen, BIO *in) -{ - BIO *mem; - int len, ret; - unsigned char tbuf[1024]; - - mem = BIO_new(BIO_s_mem()); - if (mem == NULL) - return -1; - for (;;) { - if ((maxlen != -1) && maxlen < 1024) - len = maxlen; - else - len = 1024; - len = BIO_read(in, tbuf, len); - if (len < 0) { - BIO_free(mem); - return -1; - } - if (len == 0) - break; - if (BIO_write(mem, tbuf, len) != len) { - BIO_free(mem); - return -1; - } - maxlen -= len; - - if (maxlen == 0) - break; - } - ret = BIO_get_mem_data(mem, (char **)out); - BIO_set_flags(mem, BIO_FLAGS_MEM_RDONLY); - BIO_free(mem); - return ret; -} - -int pkey_ctrl_string(EVP_PKEY_CTX *ctx, const char *value) -{ - int rv = 0; - char *stmp, *vtmp = NULL; - - stmp = OPENSSL_strdup(value); - if (stmp == NULL) - return -1; - vtmp = strchr(stmp, ':'); - if (vtmp == NULL) - goto err; - - *vtmp = 0; - vtmp++; - rv = EVP_PKEY_CTX_ctrl_str(ctx, stmp, vtmp); - - err: - OPENSSL_free(stmp); - return rv; -} - -static void nodes_print(const char *name, STACK_OF(X509_POLICY_NODE) *nodes) -{ - X509_POLICY_NODE *node; - int i; - - BIO_printf(bio_err, "%s Policies:", name); - if (nodes) { - BIO_puts(bio_err, "\n"); - for (i = 0; i < sk_X509_POLICY_NODE_num(nodes); i++) { - node = sk_X509_POLICY_NODE_value(nodes, i); - X509_POLICY_NODE_print(bio_err, node, 2); - } - } else { - BIO_puts(bio_err, " \n"); - } -} - -void policies_print(X509_STORE_CTX *ctx) -{ - X509_POLICY_TREE *tree; - int explicit_policy; - tree = X509_STORE_CTX_get0_policy_tree(ctx); - explicit_policy = X509_STORE_CTX_get_explicit_policy(ctx); - - BIO_printf(bio_err, "Require explicit Policy: %s\n", - explicit_policy ? "True" : "False"); - - nodes_print("Authority", X509_policy_tree_get0_policies(tree)); - nodes_print("User", X509_policy_tree_get0_user_policies(tree)); -} - -/*- - * next_protos_parse parses a comma separated list of strings into a string - * in a format suitable for passing to SSL_CTX_set_next_protos_advertised. - * outlen: (output) set to the length of the resulting buffer on success. - * err: (maybe NULL) on failure, an error message line is written to this BIO. - * in: a NUL terminated string like "abc,def,ghi" - * - * returns: a malloc'd buffer or NULL on failure. - */ -unsigned char *next_protos_parse(size_t *outlen, const char *in) -{ - size_t len; - unsigned char *out; - size_t i, start = 0; - size_t skipped = 0; - - len = strlen(in); - if (len == 0 || len >= 65535) - return NULL; - - out = app_malloc(len + 1, "NPN buffer"); - for (i = 0; i <= len; ++i) { - if (i == len || in[i] == ',') { - /* - * Zero-length ALPN elements are invalid on the wire, we could be - * strict and reject the entire string, but just ignoring extra - * commas seems harmless and more friendly. - * - * Every comma we skip in this way puts the input buffer another - * byte ahead of the output buffer, so all stores into the output - * buffer need to be decremented by the number commas skipped. - */ - if (i == start) { - ++start; - ++skipped; - continue; - } - if (i - start > 255) { - OPENSSL_free(out); - return NULL; - } - out[start-skipped] = (unsigned char)(i - start); - start = i + 1; - } else { - out[i + 1 - skipped] = in[i]; - } - } - - if (len <= skipped) { - OPENSSL_free(out); - return NULL; - } - - *outlen = len + 1 - skipped; - return out; -} - -void print_cert_checks(BIO *bio, X509 *x, - const char *checkhost, - const char *checkemail, const char *checkip) -{ - if (x == NULL) - return; - if (checkhost) { - BIO_printf(bio, "Hostname %s does%s match certificate\n", - checkhost, - X509_check_host(x, checkhost, 0, 0, NULL) == 1 - ? "" : " NOT"); - } - - if (checkemail) { - BIO_printf(bio, "Email %s does%s match certificate\n", - checkemail, X509_check_email(x, checkemail, 0, 0) - ? "" : " NOT"); - } - - if (checkip) { - BIO_printf(bio, "IP %s does%s match certificate\n", - checkip, X509_check_ip_asc(x, checkip, 0) ? "" : " NOT"); - } -} - -static int do_pkey_ctx_init(EVP_PKEY_CTX *pkctx, STACK_OF(OPENSSL_STRING) *opts) -{ - int i; - - if (opts == NULL) - return 1; - - for (i = 0; i < sk_OPENSSL_STRING_num(opts); i++) { - char *opt = sk_OPENSSL_STRING_value(opts, i); - if (pkey_ctrl_string(pkctx, opt) <= 0) { - BIO_printf(bio_err, "parameter error \"%s\"\n", opt); - ERR_print_errors(bio_err); - return 0; - } - } - - return 1; -} - -static int do_x509_init(X509 *x, STACK_OF(OPENSSL_STRING) *opts) -{ - int i; - - if (opts == NULL) - return 1; - - for (i = 0; i < sk_OPENSSL_STRING_num(opts); i++) { - char *opt = sk_OPENSSL_STRING_value(opts, i); - if (x509_ctrl_string(x, opt) <= 0) { - BIO_printf(bio_err, "parameter error \"%s\"\n", opt); - ERR_print_errors(bio_err); - return 0; - } - } - - return 1; -} - -static int do_x509_req_init(X509_REQ *x, STACK_OF(OPENSSL_STRING) *opts) -{ - int i; - - if (opts == NULL) - return 1; - - for (i = 0; i < sk_OPENSSL_STRING_num(opts); i++) { - char *opt = sk_OPENSSL_STRING_value(opts, i); - if (x509_req_ctrl_string(x, opt) <= 0) { - BIO_printf(bio_err, "parameter error \"%s\"\n", opt); - ERR_print_errors(bio_err); - return 0; - } - } - - return 1; -} - -static int do_sign_init(EVP_MD_CTX *ctx, EVP_PKEY *pkey, - const char *md, STACK_OF(OPENSSL_STRING) *sigopts) -{ - EVP_PKEY_CTX *pkctx = NULL; - char def_md[80]; - - if (ctx == NULL) - return 0; - /* - * EVP_PKEY_get_default_digest_name() returns 2 if the digest is mandatory - * for this algorithm. - */ - if (EVP_PKEY_get_default_digest_name(pkey, def_md, sizeof(def_md)) == 2 - && strcmp(def_md, "UNDEF") == 0) { - /* The signing algorithm requires there to be no digest */ - md = NULL; - } - - return EVP_DigestSignInit_ex(ctx, &pkctx, md, app_get0_libctx(), - app_get0_propq(), pkey, NULL) - && do_pkey_ctx_init(pkctx, sigopts); -} - -static int adapt_keyid_ext(X509 *cert, X509V3_CTX *ext_ctx, - const char *name, const char *value, int add_default) -{ - const STACK_OF(X509_EXTENSION) *exts = X509_get0_extensions(cert); - X509_EXTENSION *new_ext = X509V3_EXT_nconf(NULL, ext_ctx, name, value); - int idx, rv = 0; - - if (new_ext == NULL) - return rv; - - idx = X509v3_get_ext_by_OBJ(exts, X509_EXTENSION_get_object(new_ext), -1); - if (idx >= 0) { - X509_EXTENSION *found_ext = X509v3_get_ext(exts, idx); - ASN1_OCTET_STRING *data = X509_EXTENSION_get_data(found_ext); - int disabled = ASN1_STRING_length(data) <= 2; /* config said "none" */ - - if (disabled) { - X509_delete_ext(cert, idx); - X509_EXTENSION_free(found_ext); - } /* else keep existing key identifier, which might be outdated */ - rv = 1; - } else { - rv = !add_default || X509_add_ext(cert, new_ext, -1); - } - X509_EXTENSION_free(new_ext); - return rv; -} - -/* Ensure RFC 5280 compliance, adapt keyIDs as needed, and sign the cert info */ -int do_X509_sign(X509 *cert, EVP_PKEY *pkey, const char *md, - STACK_OF(OPENSSL_STRING) *sigopts, X509V3_CTX *ext_ctx) -{ - const STACK_OF(X509_EXTENSION) *exts = X509_get0_extensions(cert); - EVP_MD_CTX *mctx = EVP_MD_CTX_new(); - int self_sign; - int rv = 0; - - if (sk_X509_EXTENSION_num(exts /* may be NULL */) > 0) { - /* Prevent X509_V_ERR_EXTENSIONS_REQUIRE_VERSION_3 */ - if (!X509_set_version(cert, X509_VERSION_3)) - goto end; - - /* - * Add default SKID before such that default AKID can make use of it - * in case the certificate is self-signed - */ - /* Prevent X509_V_ERR_MISSING_SUBJECT_KEY_IDENTIFIER */ - if (!adapt_keyid_ext(cert, ext_ctx, "subjectKeyIdentifier", "hash", 1)) - goto end; - /* Prevent X509_V_ERR_MISSING_AUTHORITY_KEY_IDENTIFIER */ - ERR_set_mark(); - self_sign = X509_check_private_key(cert, pkey); - ERR_pop_to_mark(); - if (!adapt_keyid_ext(cert, ext_ctx, "authorityKeyIdentifier", - "keyid, issuer", !self_sign)) - goto end; - } - - if (mctx != NULL && do_sign_init(mctx, pkey, md, sigopts) > 0) - rv = (X509_sign_ctx(cert, mctx) > 0); - end: - EVP_MD_CTX_free(mctx); - return rv; -} - -/* Sign the certificate request info */ -int do_X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const char *md, - STACK_OF(OPENSSL_STRING) *sigopts) -{ - int rv = 0; - EVP_MD_CTX *mctx = EVP_MD_CTX_new(); - - if (do_sign_init(mctx, pkey, md, sigopts) > 0) - rv = (X509_REQ_sign_ctx(x, mctx) > 0); - EVP_MD_CTX_free(mctx); - return rv; -} - -/* Sign the CRL info */ -int do_X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const char *md, - STACK_OF(OPENSSL_STRING) *sigopts) -{ - int rv = 0; - EVP_MD_CTX *mctx = EVP_MD_CTX_new(); - - if (do_sign_init(mctx, pkey, md, sigopts) > 0) - rv = (X509_CRL_sign_ctx(x, mctx) > 0); - EVP_MD_CTX_free(mctx); - return rv; -} - -/* - * do_X509_verify returns 1 if the signature is valid, - * 0 if the signature check fails, or -1 if error occurs. - */ -int do_X509_verify(X509 *x, EVP_PKEY *pkey, STACK_OF(OPENSSL_STRING) *vfyopts) -{ - int rv = 0; - - if (do_x509_init(x, vfyopts) > 0) - rv = X509_verify(x, pkey); - else - rv = -1; - return rv; -} - -/* - * do_X509_REQ_verify returns 1 if the signature is valid, - * 0 if the signature check fails, or -1 if error occurs. - */ -int do_X509_REQ_verify(X509_REQ *x, EVP_PKEY *pkey, - STACK_OF(OPENSSL_STRING) *vfyopts) -{ - int rv = 0; - - if (do_x509_req_init(x, vfyopts) > 0) - rv = X509_REQ_verify_ex(x, pkey, - app_get0_libctx(), app_get0_propq()); - else - rv = -1; - return rv; -} - -/* Get first http URL from a DIST_POINT structure */ - -static const char *get_dp_url(DIST_POINT *dp) -{ - GENERAL_NAMES *gens; - GENERAL_NAME *gen; - int i, gtype; - ASN1_STRING *uri; - if (!dp->distpoint || dp->distpoint->type != 0) - return NULL; - gens = dp->distpoint->name.fullname; - for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) { - gen = sk_GENERAL_NAME_value(gens, i); - uri = GENERAL_NAME_get0_value(gen, >ype); - if (gtype == GEN_URI && ASN1_STRING_length(uri) > 6) { - const char *uptr = (const char *)ASN1_STRING_get0_data(uri); - - if (IS_HTTP(uptr)) /* can/should not use HTTPS here */ - return uptr; - } - } - return NULL; -} - -/* - * Look through a CRLDP structure and attempt to find an http URL to - * downloads a CRL from. - */ - -static X509_CRL *load_crl_crldp(STACK_OF(DIST_POINT) *crldp) -{ - int i; - const char *urlptr = NULL; - for (i = 0; i < sk_DIST_POINT_num(crldp); i++) { - DIST_POINT *dp = sk_DIST_POINT_value(crldp, i); - urlptr = get_dp_url(dp); - if (urlptr != NULL) - return load_crl(urlptr, FORMAT_UNDEF, 0, "CRL via CDP"); - } - return NULL; -} - -/* - * Example of downloading CRLs from CRLDP: - * not usable for real world as it always downloads and doesn't cache anything. - */ - -static STACK_OF(X509_CRL) *crls_http_cb(const X509_STORE_CTX *ctx, - const X509_NAME *nm) -{ - X509 *x; - STACK_OF(X509_CRL) *crls = NULL; - X509_CRL *crl; - STACK_OF(DIST_POINT) *crldp; - - crls = sk_X509_CRL_new_null(); - if (!crls) - return NULL; - x = X509_STORE_CTX_get_current_cert(ctx); - crldp = X509_get_ext_d2i(x, NID_crl_distribution_points, NULL, NULL); - crl = load_crl_crldp(crldp); - sk_DIST_POINT_pop_free(crldp, DIST_POINT_free); - if (!crl) { - sk_X509_CRL_free(crls); - return NULL; - } - sk_X509_CRL_push(crls, crl); - /* Try to download delta CRL */ - crldp = X509_get_ext_d2i(x, NID_freshest_crl, NULL, NULL); - crl = load_crl_crldp(crldp); - sk_DIST_POINT_pop_free(crldp, DIST_POINT_free); - if (crl) - sk_X509_CRL_push(crls, crl); - return crls; -} - -void store_setup_crl_download(X509_STORE *st) -{ - X509_STORE_set_lookup_crls_cb(st, crls_http_cb); -} - -#ifndef OPENSSL_NO_SOCK -static const char *tls_error_hint(void) -{ - unsigned long err = ERR_peek_error(); - - if (ERR_GET_LIB(err) != ERR_LIB_SSL) - err = ERR_peek_last_error(); - if (ERR_GET_LIB(err) != ERR_LIB_SSL) - return NULL; - - switch (ERR_GET_REASON(err)) { - case SSL_R_WRONG_VERSION_NUMBER: - return "The server does not support (a suitable version of) TLS"; - case SSL_R_UNKNOWN_PROTOCOL: - return "The server does not support HTTPS"; - case SSL_R_CERTIFICATE_VERIFY_FAILED: - return "Cannot authenticate server via its TLS certificate, likely due to mismatch with our trusted TLS certs or missing revocation status"; - case SSL_AD_REASON_OFFSET + TLS1_AD_UNKNOWN_CA: - return "Server did not accept our TLS certificate, likely due to mismatch with server's trust anchor or missing revocation status"; - case SSL_AD_REASON_OFFSET + SSL3_AD_HANDSHAKE_FAILURE: - return "TLS handshake failure. Possibly the server requires our TLS certificate but did not receive it"; - default: /* no error or no hint available for error */ - return NULL; - } -} - -/* HTTP callback function that supports TLS connection also via HTTPS proxy */ -BIO *app_http_tls_cb(BIO *bio, void *arg, int connect, int detail) -{ - APP_HTTP_TLS_INFO *info = (APP_HTTP_TLS_INFO *)arg; - SSL_CTX *ssl_ctx = info->ssl_ctx; - - if (ssl_ctx == NULL) /* not using TLS */ - return bio; - if (connect) { - SSL *ssl; - BIO *sbio = NULL; - - /* adapt after fixing callback design flaw, see #17088 */ - if ((info->use_proxy - && !OSSL_HTTP_proxy_connect(bio, info->server, info->port, - NULL, NULL, /* no proxy credentials */ - info->timeout, bio_err, opt_getprog())) - || (sbio = BIO_new(BIO_f_ssl())) == NULL) { - return NULL; - } - if (ssl_ctx == NULL || (ssl = SSL_new(ssl_ctx)) == NULL) { - BIO_free(sbio); - return NULL; - } - - /* adapt after fixing callback design flaw, see #17088 */ - SSL_set_tlsext_host_name(ssl, info->server); /* not critical to do */ - - SSL_set_connect_state(ssl); - BIO_set_ssl(sbio, ssl, BIO_CLOSE); - - bio = BIO_push(sbio, bio); - } - if (!connect) { - const char *hint; - BIO *cbio; - - if (!detail) { /* disconnecting after error */ - hint = tls_error_hint(); - if (hint != NULL) - ERR_add_error_data(2, " : ", hint); - } - if (ssl_ctx != NULL) { - (void)ERR_set_mark(); - BIO_ssl_shutdown(bio); - cbio = BIO_pop(bio); /* connect+HTTP BIO */ - BIO_free(bio); /* SSL BIO */ - (void)ERR_pop_to_mark(); /* hide SSL_R_READ_BIO_NOT_SET etc. */ - bio = cbio; - } - } - return bio; -} - -void APP_HTTP_TLS_INFO_free(APP_HTTP_TLS_INFO *info) -{ - if (info != NULL) { - SSL_CTX_free(info->ssl_ctx); - OPENSSL_free(info); - } -} - -ASN1_VALUE *app_http_get_asn1(const char *url, const char *proxy, - const char *no_proxy, SSL_CTX *ssl_ctx, - const STACK_OF(CONF_VALUE) *headers, - long timeout, const char *expected_content_type, - const ASN1_ITEM *it) -{ - APP_HTTP_TLS_INFO info; - char *server; - char *port; - int use_ssl; - BIO *mem; - ASN1_VALUE *resp = NULL; - - if (url == NULL || it == NULL) { - ERR_raise(ERR_LIB_HTTP, ERR_R_PASSED_NULL_PARAMETER); - return NULL; - } - - if (!OSSL_HTTP_parse_url(url, &use_ssl, NULL /* userinfo */, &server, &port, - NULL /* port_num, */, NULL, NULL, NULL)) - return NULL; - if (use_ssl && ssl_ctx == NULL) { - ERR_raise_data(ERR_LIB_HTTP, ERR_R_PASSED_NULL_PARAMETER, - "missing SSL_CTX"); - goto end; - } - if (!use_ssl && ssl_ctx != NULL) { - ERR_raise_data(ERR_LIB_HTTP, ERR_R_PASSED_INVALID_ARGUMENT, - "SSL_CTX given but use_ssl == 0"); - goto end; - } - - info.server = server; - info.port = port; - info.use_proxy = /* workaround for callback design flaw, see #17088 */ - OSSL_HTTP_adapt_proxy(proxy, no_proxy, server, use_ssl) != NULL; - info.timeout = timeout; - info.ssl_ctx = ssl_ctx; - mem = OSSL_HTTP_get(url, proxy, no_proxy, NULL /* bio */, NULL /* rbio */, - app_http_tls_cb, &info, 0 /* buf_size */, headers, - expected_content_type, 1 /* expect_asn1 */, - OSSL_HTTP_DEFAULT_MAX_RESP_LEN, timeout); - resp = ASN1_item_d2i_bio(it, mem, NULL); - BIO_free(mem); - - end: - OPENSSL_free(server); - OPENSSL_free(port); - return resp; - -} - -ASN1_VALUE *app_http_post_asn1(const char *host, const char *port, - const char *path, const char *proxy, - const char *no_proxy, SSL_CTX *ssl_ctx, - const STACK_OF(CONF_VALUE) *headers, - const char *content_type, - ASN1_VALUE *req, const ASN1_ITEM *req_it, - const char *expected_content_type, - long timeout, const ASN1_ITEM *rsp_it) -{ - int use_ssl = ssl_ctx != NULL; - APP_HTTP_TLS_INFO info; - BIO *rsp, *req_mem = ASN1_item_i2d_mem_bio(req_it, req); - ASN1_VALUE *res; - - if (req_mem == NULL) - return NULL; - - info.server = host; - info.port = port; - info.use_proxy = /* workaround for callback design flaw, see #17088 */ - OSSL_HTTP_adapt_proxy(proxy, no_proxy, host, use_ssl) != NULL; - info.timeout = timeout; - info.ssl_ctx = ssl_ctx; - rsp = OSSL_HTTP_transfer(NULL, host, port, path, use_ssl, - proxy, no_proxy, NULL /* bio */, NULL /* rbio */, - app_http_tls_cb, &info, - 0 /* buf_size */, headers, content_type, req_mem, - expected_content_type, 1 /* expect_asn1 */, - OSSL_HTTP_DEFAULT_MAX_RESP_LEN, timeout, - 0 /* keep_alive */); - BIO_free(req_mem); - res = ASN1_item_d2i_bio(rsp_it, rsp, NULL); - BIO_free(rsp); - return res; -} - -#endif - -/* - * Platform-specific sections - */ -#if defined(_WIN32) -# ifdef fileno -# undef fileno -# define fileno(a) (int)_fileno(a) -# endif - -# include -# include - -static int WIN32_rename(const char *from, const char *to) -{ - TCHAR *tfrom = NULL, *tto; - DWORD err; - int ret = 0; - - if (sizeof(TCHAR) == 1) { - tfrom = (TCHAR *)from; - tto = (TCHAR *)to; - } else { /* UNICODE path */ - - size_t i, flen = strlen(from) + 1, tlen = strlen(to) + 1; - tfrom = malloc(sizeof(*tfrom) * (flen + tlen)); - if (tfrom == NULL) - goto err; - tto = tfrom + flen; -# if !defined(_WIN32_WCE) || _WIN32_WCE>=101 - if (!MultiByteToWideChar(CP_ACP, 0, from, flen, (WCHAR *)tfrom, flen)) -# endif - for (i = 0; i < flen; i++) - tfrom[i] = (TCHAR)from[i]; -# if !defined(_WIN32_WCE) || _WIN32_WCE>=101 - if (!MultiByteToWideChar(CP_ACP, 0, to, tlen, (WCHAR *)tto, tlen)) -# endif - for (i = 0; i < tlen; i++) - tto[i] = (TCHAR)to[i]; - } - - if (MoveFile(tfrom, tto)) - goto ok; - err = GetLastError(); - if (err == ERROR_ALREADY_EXISTS || err == ERROR_FILE_EXISTS) { - if (DeleteFile(tto) && MoveFile(tfrom, tto)) - goto ok; - err = GetLastError(); - } - if (err == ERROR_FILE_NOT_FOUND || err == ERROR_PATH_NOT_FOUND) - errno = ENOENT; - else if (err == ERROR_ACCESS_DENIED) - errno = EACCES; - else - errno = EINVAL; /* we could map more codes... */ - err: - ret = -1; - ok: - if (tfrom != NULL && tfrom != (TCHAR *)from) - free(tfrom); - return ret; -} -#endif - -/* app_tminterval section */ -#if defined(_WIN32) -double app_tminterval(int stop, int usertime) -{ - FILETIME now; - double ret = 0; - static ULARGE_INTEGER tmstart; - static int warning = 1; -# ifdef _WIN32_WINNT - static HANDLE proc = NULL; - - if (proc == NULL) { - if (check_winnt()) - proc = OpenProcess(PROCESS_QUERY_INFORMATION, FALSE, - GetCurrentProcessId()); - if (proc == NULL) - proc = (HANDLE) - 1; - } - - if (usertime && proc != (HANDLE) - 1) { - FILETIME junk; - GetProcessTimes(proc, &junk, &junk, &junk, &now); - } else -# endif - { - SYSTEMTIME systime; - - if (usertime && warning) { - BIO_printf(bio_err, "To get meaningful results, run " - "this program on idle system.\n"); - warning = 0; - } - GetSystemTime(&systime); - SystemTimeToFileTime(&systime, &now); - } - - if (stop == TM_START) { - tmstart.u.LowPart = now.dwLowDateTime; - tmstart.u.HighPart = now.dwHighDateTime; - } else { - ULARGE_INTEGER tmstop; - - tmstop.u.LowPart = now.dwLowDateTime; - tmstop.u.HighPart = now.dwHighDateTime; - - ret = (__int64)(tmstop.QuadPart - tmstart.QuadPart) * 1e-7; - } - - return ret; -} -#elif defined(OPENSSL_SYS_VXWORKS) -# include - -double app_tminterval(int stop, int usertime) -{ - double ret = 0; -# ifdef CLOCK_REALTIME - static struct timespec tmstart; - struct timespec now; -# else - static unsigned long tmstart; - unsigned long now; -# endif - static int warning = 1; - - if (usertime && warning) { - BIO_printf(bio_err, "To get meaningful results, run " - "this program on idle system.\n"); - warning = 0; - } -# ifdef CLOCK_REALTIME - clock_gettime(CLOCK_REALTIME, &now); - if (stop == TM_START) - tmstart = now; - else - ret = ((now.tv_sec + now.tv_nsec * 1e-9) - - (tmstart.tv_sec + tmstart.tv_nsec * 1e-9)); -# else - now = tickGet(); - if (stop == TM_START) - tmstart = now; - else - ret = (now - tmstart) / (double)sysClkRateGet(); -# endif - return ret; -} - -#elif defined(_SC_CLK_TCK) /* by means of unistd.h */ -# include - -double app_tminterval(int stop, int usertime) -{ - double ret = 0; - struct tms rus; - clock_t now = times(&rus); - static clock_t tmstart; - - if (usertime) - now = rus.tms_utime; - - if (stop == TM_START) { - tmstart = now; - } else { - long int tck = sysconf(_SC_CLK_TCK); - ret = (now - tmstart) / (double)tck; - } - - return ret; -} - -#else -# include -# include - -double app_tminterval(int stop, int usertime) -{ - double ret = 0; - struct rusage rus; - struct timeval now; - static struct timeval tmstart; - - if (usertime) - getrusage(RUSAGE_SELF, &rus), now = rus.ru_utime; - else - gettimeofday(&now, NULL); - - if (stop == TM_START) - tmstart = now; - else - ret = ((now.tv_sec + now.tv_usec * 1e-6) - - (tmstart.tv_sec + tmstart.tv_usec * 1e-6)); - - return ret; -} -#endif - -int app_access(const char* name, int flag) -{ -#ifdef _WIN32 - return _access(name, flag); -#else - return access(name, flag); -#endif -} - -int app_isdir(const char *name) -{ - return opt_isdir(name); -} - -/* raw_read|write section */ -#if defined(__VMS) -# include "vms_term_sock.h" -static int stdin_sock = -1; - -static void close_stdin_sock(void) -{ - TerminalSocket (TERM_SOCK_DELETE, &stdin_sock); -} - -int fileno_stdin(void) -{ - if (stdin_sock == -1) { - TerminalSocket(TERM_SOCK_CREATE, &stdin_sock); - atexit(close_stdin_sock); - } - - return stdin_sock; -} -#else -int fileno_stdin(void) -{ - return fileno(stdin); -} -#endif - -int fileno_stdout(void) -{ - return fileno(stdout); -} - -#if defined(_WIN32) && defined(STD_INPUT_HANDLE) -int raw_read_stdin(void *buf, int siz) -{ - DWORD n; - if (ReadFile(GetStdHandle(STD_INPUT_HANDLE), buf, siz, &n, NULL)) - return n; - else - return -1; -} -#elif defined(__VMS) -# include - -int raw_read_stdin(void *buf, int siz) -{ - return recv(fileno_stdin(), buf, siz, 0); -} -#else -# if defined(__TANDEM) -# if defined(OPENSSL_TANDEM_FLOSS) -# include -# endif -# endif -int raw_read_stdin(void *buf, int siz) -{ - return read(fileno_stdin(), buf, siz); -} -#endif - -#if defined(_WIN32) && defined(STD_OUTPUT_HANDLE) -int raw_write_stdout(const void *buf, int siz) -{ - DWORD n; - if (WriteFile(GetStdHandle(STD_OUTPUT_HANDLE), buf, siz, &n, NULL)) - return n; - else - return -1; -} -#elif defined(OPENSSL_SYS_TANDEM) && defined(OPENSSL_THREADS) && defined(_SPT_MODEL_) -# if defined(__TANDEM) -# if defined(OPENSSL_TANDEM_FLOSS) -# include -# endif -# endif -int raw_write_stdout(const void *buf,int siz) -{ - return write(fileno(stdout),(void*)buf,siz); -} -#else -# if defined(__TANDEM) -# if defined(OPENSSL_TANDEM_FLOSS) -# include -# endif -# endif -int raw_write_stdout(const void *buf, int siz) -{ - return write(fileno_stdout(), buf, siz); -} -#endif - -/* - * Centralized handling of input and output files with format specification - * The format is meant to show what the input and output is supposed to be, - * and is therefore a show of intent more than anything else. However, it - * does impact behavior on some platforms, such as differentiating between - * text and binary input/output on non-Unix platforms - */ -BIO *dup_bio_in(int format) -{ - return BIO_new_fp(stdin, - BIO_NOCLOSE | (FMT_istext(format) ? BIO_FP_TEXT : 0)); -} - -BIO *dup_bio_out(int format) -{ - BIO *b = BIO_new_fp(stdout, - BIO_NOCLOSE | (FMT_istext(format) ? BIO_FP_TEXT : 0)); - void *prefix = NULL; - - if (b == NULL) - return NULL; - -#ifdef OPENSSL_SYS_VMS - if (FMT_istext(format)) - b = BIO_push(BIO_new(BIO_f_linebuffer()), b); -#endif - - if (FMT_istext(format) - && (prefix = getenv("HARNESS_OSSL_PREFIX")) != NULL) { - b = BIO_push(BIO_new(BIO_f_prefix()), b); - BIO_set_prefix(b, prefix); - } - - return b; -} - -BIO *dup_bio_err(int format) -{ - BIO *b = BIO_new_fp(stderr, - BIO_NOCLOSE | (FMT_istext(format) ? BIO_FP_TEXT : 0)); -#ifdef OPENSSL_SYS_VMS - if (b != NULL && FMT_istext(format)) - b = BIO_push(BIO_new(BIO_f_linebuffer()), b); -#endif - return b; -} - -void unbuffer(FILE *fp) -{ -/* - * On VMS, setbuf() will only take 32-bit pointers, and a compilation - * with /POINTER_SIZE=64 will give off a MAYLOSEDATA2 warning here. - * However, we trust that the C RTL will never give us a FILE pointer - * above the first 4 GB of memory, so we simply turn off the warning - * temporarily. - */ -#if defined(OPENSSL_SYS_VMS) && defined(__DECC) -# pragma environment save -# pragma message disable maylosedata2 -#endif - setbuf(fp, NULL); -#if defined(OPENSSL_SYS_VMS) && defined(__DECC) -# pragma environment restore -#endif -} - -static const char *modestr(char mode, int format) -{ - OPENSSL_assert(mode == 'a' || mode == 'r' || mode == 'w'); - - switch (mode) { - case 'a': - return FMT_istext(format) ? "a" : "ab"; - case 'r': - return FMT_istext(format) ? "r" : "rb"; - case 'w': - return FMT_istext(format) ? "w" : "wb"; - } - /* The assert above should make sure we never reach this point */ - return NULL; -} - -static const char *modeverb(char mode) -{ - switch (mode) { - case 'a': - return "appending"; - case 'r': - return "reading"; - case 'w': - return "writing"; - } - return "(doing something)"; -} - -/* - * Open a file for writing, owner-read-only. - */ -BIO *bio_open_owner(const char *filename, int format, int private) -{ - FILE *fp = NULL; - BIO *b = NULL; - int textmode, bflags; -#ifndef OPENSSL_NO_POSIX_IO - int fd = -1, mode; -#endif - - if (!private || filename == NULL || strcmp(filename, "-") == 0) - return bio_open_default(filename, 'w', format); - - textmode = FMT_istext(format); -#ifndef OPENSSL_NO_POSIX_IO - mode = O_WRONLY; -# ifdef O_CREAT - mode |= O_CREAT; -# endif -# ifdef O_TRUNC - mode |= O_TRUNC; -# endif - if (!textmode) { -# ifdef O_BINARY - mode |= O_BINARY; -# elif defined(_O_BINARY) - mode |= _O_BINARY; -# endif - } - -# ifdef OPENSSL_SYS_VMS - /* VMS doesn't have O_BINARY, it just doesn't make sense. But, - * it still needs to know that we're going binary, or fdopen() - * will fail with "invalid argument"... so we tell VMS what the - * context is. - */ - if (!textmode) - fd = open(filename, mode, 0600, "ctx=bin"); - else -# endif - fd = open(filename, mode, 0600); - if (fd < 0) - goto err; - fp = fdopen(fd, modestr('w', format)); -#else /* OPENSSL_NO_POSIX_IO */ - /* Have stdio but not Posix IO, do the best we can */ - fp = fopen(filename, modestr('w', format)); -#endif /* OPENSSL_NO_POSIX_IO */ - if (fp == NULL) - goto err; - bflags = BIO_CLOSE; - if (textmode) - bflags |= BIO_FP_TEXT; - b = BIO_new_fp(fp, bflags); - if (b != NULL) - return b; - - err: - BIO_printf(bio_err, "%s: Can't open \"%s\" for writing, %s\n", - opt_getprog(), filename, strerror(errno)); - ERR_print_errors(bio_err); - /* If we have fp, then fdopen took over fd, so don't close both. */ - if (fp != NULL) - fclose(fp); -#ifndef OPENSSL_NO_POSIX_IO - else if (fd >= 0) - close(fd); -#endif - return NULL; -} - -static BIO *bio_open_default_(const char *filename, char mode, int format, - int quiet) -{ - BIO *ret; - - if (filename == NULL || strcmp(filename, "-") == 0) { - ret = mode == 'r' ? dup_bio_in(format) : dup_bio_out(format); - if (quiet) { - ERR_clear_error(); - return ret; - } - if (ret != NULL) - return ret; - BIO_printf(bio_err, - "Can't open %s, %s\n", - mode == 'r' ? "stdin" : "stdout", strerror(errno)); - } else { - ret = BIO_new_file(filename, modestr(mode, format)); - if (quiet) { - ERR_clear_error(); - return ret; - } - if (ret != NULL) - return ret; - BIO_printf(bio_err, - "Can't open \"%s\" for %s, %s\n", - filename, modeverb(mode), strerror(errno)); - } - ERR_print_errors(bio_err); - return NULL; -} - -BIO *bio_open_default(const char *filename, char mode, int format) -{ - return bio_open_default_(filename, mode, format, 0); -} - -BIO *bio_open_default_quiet(const char *filename, char mode, int format) -{ - return bio_open_default_(filename, mode, format, 1); -} - -void wait_for_async(SSL *s) -{ - /* On Windows select only works for sockets, so we simply don't wait */ -#ifndef OPENSSL_SYS_WINDOWS - int width = 0; - fd_set asyncfds; - OSSL_ASYNC_FD *fds; - size_t numfds; - size_t i; - - if (!SSL_get_all_async_fds(s, NULL, &numfds)) - return; - if (numfds == 0) - return; - fds = app_malloc(sizeof(OSSL_ASYNC_FD) * numfds, "allocate async fds"); - if (!SSL_get_all_async_fds(s, fds, &numfds)) { - OPENSSL_free(fds); - return; - } - - FD_ZERO(&asyncfds); - for (i = 0; i < numfds; i++) { - if (width <= (int)fds[i]) - width = (int)fds[i] + 1; - openssl_fdset((int)fds[i], &asyncfds); - } - select(width, (void *)&asyncfds, NULL, NULL, NULL); - OPENSSL_free(fds); -#endif -} - -/* if OPENSSL_SYS_WINDOWS is defined then so is OPENSSL_SYS_MSDOS */ -#if defined(OPENSSL_SYS_MSDOS) -int has_stdin_waiting(void) -{ -# if defined(OPENSSL_SYS_WINDOWS) - HANDLE inhand = GetStdHandle(STD_INPUT_HANDLE); - DWORD events = 0; - INPUT_RECORD inputrec; - DWORD insize = 1; - BOOL peeked; - - if (inhand == INVALID_HANDLE_VALUE) { - return 0; - } - - peeked = PeekConsoleInput(inhand, &inputrec, insize, &events); - if (!peeked) { - /* Probably redirected input? _kbhit() does not work in this case */ - if (!feof(stdin)) { - return 1; - } - return 0; - } -# endif - return _kbhit(); -} -#endif - -/* Corrupt a signature by modifying final byte */ -void corrupt_signature(const ASN1_STRING *signature) -{ - unsigned char *s = signature->data; - s[signature->length - 1] ^= 0x1; -} - -int set_cert_times(X509 *x, const char *startdate, const char *enddate, - int days) -{ - if (startdate == NULL || strcmp(startdate, "today") == 0) { - if (X509_gmtime_adj(X509_getm_notBefore(x), 0) == NULL) - return 0; - } else { - if (!ASN1_TIME_set_string_X509(X509_getm_notBefore(x), startdate)) - return 0; - } - if (enddate == NULL) { - if (X509_time_adj_ex(X509_getm_notAfter(x), days, 0, NULL) - == NULL) - return 0; - } else if (!ASN1_TIME_set_string_X509(X509_getm_notAfter(x), enddate)) { - return 0; - } - return 1; -} - -int set_crl_lastupdate(X509_CRL *crl, const char *lastupdate) -{ - int ret = 0; - ASN1_TIME *tm = ASN1_TIME_new(); - - if (tm == NULL) - goto end; - - if (lastupdate == NULL) { - if (X509_gmtime_adj(tm, 0) == NULL) - goto end; - } else { - if (!ASN1_TIME_set_string_X509(tm, lastupdate)) - goto end; - } - - if (!X509_CRL_set1_lastUpdate(crl, tm)) - goto end; - - ret = 1; -end: - ASN1_TIME_free(tm); - return ret; -} - -int set_crl_nextupdate(X509_CRL *crl, const char *nextupdate, - long days, long hours, long secs) -{ - int ret = 0; - ASN1_TIME *tm = ASN1_TIME_new(); - - if (tm == NULL) - goto end; - - if (nextupdate == NULL) { - if (X509_time_adj_ex(tm, days, hours * 60 * 60 + secs, NULL) == NULL) - goto end; - } else { - if (!ASN1_TIME_set_string_X509(tm, nextupdate)) - goto end; - } - - if (!X509_CRL_set1_nextUpdate(crl, tm)) - goto end; - - ret = 1; -end: - ASN1_TIME_free(tm); - return ret; -} - -void make_uppercase(char *string) -{ - int i; - - for (i = 0; string[i] != '\0'; i++) - string[i] = toupper((unsigned char)string[i]); -} - -/* This function is defined here due to visibility of bio_err */ -int opt_printf_stderr(const char *fmt, ...) -{ - va_list ap; - int ret; - - va_start(ap, fmt); - ret = BIO_vprintf(bio_err, fmt, ap); - va_end(ap); - return ret; -} - -OSSL_PARAM *app_params_new_from_opts(STACK_OF(OPENSSL_STRING) *opts, - const OSSL_PARAM *paramdefs) -{ - OSSL_PARAM *params = NULL; - size_t sz = (size_t)sk_OPENSSL_STRING_num(opts); - size_t params_n; - char *opt = "", *stmp, *vtmp = NULL; - int found = 1; - - if (opts == NULL) - return NULL; - - params = OPENSSL_zalloc(sizeof(OSSL_PARAM) * (sz + 1)); - if (params == NULL) - return NULL; - - for (params_n = 0; params_n < sz; params_n++) { - opt = sk_OPENSSL_STRING_value(opts, (int)params_n); - if ((stmp = OPENSSL_strdup(opt)) == NULL - || (vtmp = strchr(stmp, ':')) == NULL) - goto err; - /* Replace ':' with 0 to terminate the string pointed to by stmp */ - *vtmp = 0; - /* Skip over the separator so that vmtp points to the value */ - vtmp++; - if (!OSSL_PARAM_allocate_from_text(¶ms[params_n], paramdefs, - stmp, vtmp, strlen(vtmp), &found)) - goto err; - OPENSSL_free(stmp); - } - params[params_n] = OSSL_PARAM_construct_end(); - return params; -err: - OPENSSL_free(stmp); - BIO_printf(bio_err, "Parameter %s '%s'\n", found ? "error" : "unknown", - opt); - ERR_print_errors(bio_err); - app_params_free(params); - return NULL; -} - -void app_params_free(OSSL_PARAM *params) -{ - int i; - - if (params != NULL) { - for (i = 0; params[i].key != NULL; ++i) - OPENSSL_free(params[i].data); - OPENSSL_free(params); - } -} - -EVP_PKEY *app_keygen(EVP_PKEY_CTX *ctx, const char *alg, int bits, int verbose) -{ - EVP_PKEY *res = NULL; - - if (verbose && alg != NULL) { - BIO_printf(bio_err, "Generating %s key", alg); - if (bits > 0) - BIO_printf(bio_err, " with %d bits\n", bits); - else - BIO_printf(bio_err, "\n"); - } - if (!RAND_status()) - BIO_printf(bio_err, "Warning: generating random key material may take a long time\n" - "if the system has a poor entropy source\n"); - if (EVP_PKEY_keygen(ctx, &res) <= 0) - app_bail_out("%s: Error generating %s key\n", opt_getprog(), - alg != NULL ? alg : "asymmetric"); - return res; -} - -EVP_PKEY *app_paramgen(EVP_PKEY_CTX *ctx, const char *alg) -{ - EVP_PKEY *res = NULL; - - if (!RAND_status()) - BIO_printf(bio_err, "Warning: generating random key parameters may take a long time\n" - "if the system has a poor entropy source\n"); - if (EVP_PKEY_paramgen(ctx, &res) <= 0) - app_bail_out("%s: Generating %s key parameters failed\n", - opt_getprog(), alg != NULL ? alg : "asymmetric"); - return res; -} - -/* - * Return non-zero if the legacy path is still an option. - * This decision is based on the global command line operations and the - * behaviour thus far. - */ -int opt_legacy_okay(void) -{ - int provider_options = opt_provider_option_given(); - int libctx = app_get0_libctx() != NULL || app_get0_propq() != NULL; -#ifndef OPENSSL_NO_ENGINE - ENGINE *e = ENGINE_get_first(); - - if (e != NULL) { - ENGINE_free(e); - return 1; - } -#endif - /* - * Having a provider option specified or a custom library context or - * property query, is a sure sign we're not using legacy. - */ - if (provider_options || libctx) - return 0; - return 1; -} diff --git a/apps/lib/apps_ui.c b/apps/lib/apps_ui.c deleted file mode 100644 index 00e0ba5d999693a7497dbac217c6be066a63f409..0000000000000000000000000000000000000000 --- a/apps/lib/apps_ui.c +++ /dev/null @@ -1,223 +0,0 @@ -/* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include "apps_ui.h" - -static UI_METHOD *ui_method = NULL; -static const UI_METHOD *ui_base_method = NULL; - -static int ui_open(UI *ui) -{ - int (*opener)(UI *ui) = UI_method_get_opener(ui_base_method); - - if (opener != NULL) - return opener(ui); - return 1; -} - -static int ui_read(UI *ui, UI_STRING *uis) -{ - int (*reader)(UI *ui, UI_STRING *uis) = NULL; - - if (UI_get_input_flags(uis) & UI_INPUT_FLAG_DEFAULT_PWD - && UI_get0_user_data(ui)) { - switch (UI_get_string_type(uis)) { - case UIT_PROMPT: - case UIT_VERIFY: - { - const char *password = - ((PW_CB_DATA *)UI_get0_user_data(ui))->password; - - if (password != NULL) { - UI_set_result(ui, uis, password); - return 1; - } - } - break; - case UIT_NONE: - case UIT_BOOLEAN: - case UIT_INFO: - case UIT_ERROR: - break; - } - } - - reader = UI_method_get_reader(ui_base_method); - if (reader != NULL) - return reader(ui, uis); - /* Default to the empty password if we've got nothing better */ - UI_set_result(ui, uis, ""); - return 1; -} - -static int ui_write(UI *ui, UI_STRING *uis) -{ - int (*writer)(UI *ui, UI_STRING *uis) = NULL; - - if (UI_get_input_flags(uis) & UI_INPUT_FLAG_DEFAULT_PWD - && UI_get0_user_data(ui)) { - switch (UI_get_string_type(uis)) { - case UIT_PROMPT: - case UIT_VERIFY: - { - const char *password = - ((PW_CB_DATA *)UI_get0_user_data(ui))->password; - - if (password != NULL) - return 1; - } - break; - case UIT_NONE: - case UIT_BOOLEAN: - case UIT_INFO: - case UIT_ERROR: - break; - } - } - - writer = UI_method_get_writer(ui_base_method); - if (writer != NULL) - return writer(ui, uis); - return 1; -} - -static int ui_close(UI *ui) -{ - int (*closer)(UI *ui) = UI_method_get_closer(ui_base_method); - - if (closer != NULL) - return closer(ui); - return 1; -} - -/* object_name defaults to prompt_info from ui user data if present */ -static char *ui_prompt_construct(UI *ui, const char *phrase_desc, - const char *object_name) -{ - PW_CB_DATA *cb_data = (PW_CB_DATA *)UI_get0_user_data(ui); - - if (phrase_desc == NULL) - phrase_desc = "pass phrase"; - if (object_name == NULL && cb_data != NULL) - object_name = cb_data->prompt_info; - return UI_construct_prompt(NULL, phrase_desc, object_name); -} - -int set_base_ui_method(const UI_METHOD *ui_meth) -{ - if (ui_meth == NULL) - ui_meth = UI_null(); - ui_base_method = ui_meth; - return 1; -} - -int setup_ui_method(void) -{ - ui_base_method = UI_null(); -#ifndef OPENSSL_NO_UI_CONSOLE - ui_base_method = UI_OpenSSL(); -#endif - ui_method = UI_create_method("OpenSSL application user interface"); - return ui_method != NULL - && 0 == UI_method_set_opener(ui_method, ui_open) - && 0 == UI_method_set_reader(ui_method, ui_read) - && 0 == UI_method_set_writer(ui_method, ui_write) - && 0 == UI_method_set_closer(ui_method, ui_close) - && 0 == UI_method_set_prompt_constructor(ui_method, - ui_prompt_construct); -} - -void destroy_ui_method(void) -{ - if (ui_method != NULL) { - UI_destroy_method(ui_method); - ui_method = NULL; - } -} - -const UI_METHOD *get_ui_method(void) -{ - return ui_method; -} - -static void *ui_malloc(int sz, const char *what) -{ - void *vp = OPENSSL_malloc(sz); - - if (vp == NULL) { - BIO_printf(bio_err, "Could not allocate %d bytes for %s\n", sz, what); - ERR_print_errors(bio_err); - exit(1); - } - return vp; -} - -int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_data) -{ - int res = 0; - UI *ui; - int ok = 0; - char *buff = NULL; - int ui_flags = 0; - const char *prompt_info = NULL; - char *prompt; - - if ((ui = UI_new_method(ui_method)) == NULL) - return 0; - - if (cb_data != NULL && cb_data->prompt_info != NULL) - prompt_info = cb_data->prompt_info; - prompt = UI_construct_prompt(ui, "pass phrase", prompt_info); - if (prompt == NULL) { - BIO_printf(bio_err, "Out of memory\n"); - UI_free(ui); - return 0; - } - - ui_flags |= UI_INPUT_FLAG_DEFAULT_PWD; - UI_ctrl(ui, UI_CTRL_PRINT_ERRORS, 1, 0, 0); - - /* We know that there is no previous user data to return to us */ - (void)UI_add_user_data(ui, cb_data); - - ok = UI_add_input_string(ui, prompt, ui_flags, buf, - PW_MIN_LENGTH, bufsiz - 1); - - if (ok >= 0 && verify) { - buff = ui_malloc(bufsiz, "password buffer"); - ok = UI_add_verify_string(ui, prompt, ui_flags, buff, - PW_MIN_LENGTH, bufsiz - 1, buf); - } - if (ok >= 0) - do { - ok = UI_process(ui); - } while (ok < 0 && UI_ctrl(ui, UI_CTRL_IS_REDOABLE, 0, 0, 0)); - - OPENSSL_clear_free(buff, (unsigned int)bufsiz); - - if (ok >= 0) - res = strlen(buf); - if (ok == -1) { - BIO_printf(bio_err, "User interface error\n"); - ERR_print_errors(bio_err); - OPENSSL_cleanse(buf, (unsigned int)bufsiz); - res = 0; - } - if (ok == -2) { - BIO_printf(bio_err, "aborted!\n"); - OPENSSL_cleanse(buf, (unsigned int)bufsiz); - res = 0; - } - UI_free(ui); - OPENSSL_free(prompt); - return res; -} diff --git a/apps/lib/build.info b/apps/lib/build.info deleted file mode 100644 index 923ef5d92b83efc0167273896ee4ad2771dade7c..0000000000000000000000000000000000000000 --- a/apps/lib/build.info +++ /dev/null @@ -1,23 +0,0 @@ -# Auxiliary program source -IF[{- $config{target} =~ /^(?:VC-|mingw|BC-)/ -}] - # It's called 'init', but doesn't have much 'init' in it... - $AUXLIBAPPSSRC=win32_init.c -ENDIF -IF[{- $config{target} =~ /^vms-/ -}] - $AUXLIBAPPSSRC=vms_term_sock.c vms_decc_argv.c -ENDIF - -# Source for libapps -$LIBAPPSSRC=apps.c apps_ui.c opt.c fmt.c s_cb.c s_socket.c app_rand.c \ - columns.c app_params.c names.c app_provider.c app_x509.c http_server.c \ - engine.c engine_loader.c app_libctx.c - -IF[{- !$disabled{apps} -}] - LIBS{noinst}=../libapps.a - SOURCE[../libapps.a]=$LIBAPPSSRC $AUXLIBAPPSSRC - INCLUDE[../libapps.a]=../.. ../../include ../include -ENDIF - -IF[{- !$disabled{srp} -}] - SOURCE[../libapps.a]=tlssrp_depr.c -ENDIF diff --git a/apps/lib/cmp_mock_srv.c b/apps/lib/cmp_mock_srv.c deleted file mode 100644 index 1fb5adca1ad5774438e8c7f27cfc36a018357a2d..0000000000000000000000000000000000000000 --- a/apps/lib/cmp_mock_srv.c +++ /dev/null @@ -1,450 +0,0 @@ -/* - * Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved. - * Copyright Siemens AG 2018-2020 - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or atf - * https://www.openssl.org/source/license.html - */ - -#include "apps.h" -#include "cmp_mock_srv.h" - -#include -#include -#include - -/* the context for the CMP mock server */ -typedef struct -{ - X509 *certOut; /* certificate to be returned in cp/ip/kup msg */ - STACK_OF(X509) *chainOut; /* chain of certOut to add to extraCerts field */ - STACK_OF(X509) *caPubsOut; /* certs to return in caPubs field of ip msg */ - OSSL_CMP_PKISI *statusOut; /* status for ip/cp/kup/rp msg unless polling */ - int sendError; /* send error response also on valid requests */ - OSSL_CMP_MSG *certReq; /* ir/cr/p10cr/kur remembered while polling */ - int certReqId; /* id of last ir/cr/kur, used for polling */ - int pollCount; /* number of polls before actual cert response */ - int curr_pollCount; /* number of polls so far for current request */ - int checkAfterTime; /* time the client should wait between polling */ -} mock_srv_ctx; - - -static void mock_srv_ctx_free(mock_srv_ctx *ctx) -{ - if (ctx == NULL) - return; - - OSSL_CMP_PKISI_free(ctx->statusOut); - X509_free(ctx->certOut); - sk_X509_pop_free(ctx->chainOut, X509_free); - sk_X509_pop_free(ctx->caPubsOut, X509_free); - OSSL_CMP_MSG_free(ctx->certReq); - OPENSSL_free(ctx); -} - -static mock_srv_ctx *mock_srv_ctx_new(void) -{ - mock_srv_ctx *ctx = OPENSSL_zalloc(sizeof(mock_srv_ctx)); - - if (ctx == NULL) - goto err; - - if ((ctx->statusOut = OSSL_CMP_PKISI_new()) == NULL) - goto err; - - ctx->certReqId = -1; - - /* all other elements are initialized to 0 or NULL, respectively */ - return ctx; - err: - mock_srv_ctx_free(ctx); - return NULL; -} - -int ossl_cmp_mock_srv_set1_certOut(OSSL_CMP_SRV_CTX *srv_ctx, X509 *cert) -{ - mock_srv_ctx *ctx = OSSL_CMP_SRV_CTX_get0_custom_ctx(srv_ctx); - - if (ctx == NULL) { - ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); - return 0; - } - if (cert == NULL || X509_up_ref(cert)) { - X509_free(ctx->certOut); - ctx->certOut = cert; - return 1; - } - return 0; -} - -int ossl_cmp_mock_srv_set1_chainOut(OSSL_CMP_SRV_CTX *srv_ctx, - STACK_OF(X509) *chain) -{ - mock_srv_ctx *ctx = OSSL_CMP_SRV_CTX_get0_custom_ctx(srv_ctx); - STACK_OF(X509) *chain_copy = NULL; - - if (ctx == NULL) { - ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); - return 0; - } - if (chain != NULL && (chain_copy = X509_chain_up_ref(chain)) == NULL) - return 0; - sk_X509_pop_free(ctx->chainOut, X509_free); - ctx->chainOut = chain_copy; - return 1; -} - -int ossl_cmp_mock_srv_set1_caPubsOut(OSSL_CMP_SRV_CTX *srv_ctx, - STACK_OF(X509) *caPubs) -{ - mock_srv_ctx *ctx = OSSL_CMP_SRV_CTX_get0_custom_ctx(srv_ctx); - STACK_OF(X509) *caPubs_copy = NULL; - - if (ctx == NULL) { - ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); - return 0; - } - if (caPubs != NULL && (caPubs_copy = X509_chain_up_ref(caPubs)) == NULL) - return 0; - sk_X509_pop_free(ctx->caPubsOut, X509_free); - ctx->caPubsOut = caPubs_copy; - return 1; -} - -int ossl_cmp_mock_srv_set_statusInfo(OSSL_CMP_SRV_CTX *srv_ctx, int status, - int fail_info, const char *text) -{ - mock_srv_ctx *ctx = OSSL_CMP_SRV_CTX_get0_custom_ctx(srv_ctx); - OSSL_CMP_PKISI *si; - - if (ctx == NULL) { - ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); - return 0; - } - if ((si = OSSL_CMP_STATUSINFO_new(status, fail_info, text)) == NULL) - return 0; - OSSL_CMP_PKISI_free(ctx->statusOut); - ctx->statusOut = si; - return 1; -} - -int ossl_cmp_mock_srv_set_send_error(OSSL_CMP_SRV_CTX *srv_ctx, int val) -{ - mock_srv_ctx *ctx = OSSL_CMP_SRV_CTX_get0_custom_ctx(srv_ctx); - - if (ctx == NULL) { - ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); - return 0; - } - ctx->sendError = val != 0; - return 1; -} - -int ossl_cmp_mock_srv_set_pollCount(OSSL_CMP_SRV_CTX *srv_ctx, int count) -{ - mock_srv_ctx *ctx = OSSL_CMP_SRV_CTX_get0_custom_ctx(srv_ctx); - - if (ctx == NULL) { - ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); - return 0; - } - if (count < 0) { - ERR_raise(ERR_LIB_CMP, CMP_R_INVALID_ARGS); - return 0; - } - ctx->pollCount = count; - return 1; -} - -int ossl_cmp_mock_srv_set_checkAfterTime(OSSL_CMP_SRV_CTX *srv_ctx, int sec) -{ - mock_srv_ctx *ctx = OSSL_CMP_SRV_CTX_get0_custom_ctx(srv_ctx); - - if (ctx == NULL) { - ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); - return 0; - } - ctx->checkAfterTime = sec; - return 1; -} - -static OSSL_CMP_PKISI *process_cert_request(OSSL_CMP_SRV_CTX *srv_ctx, - const OSSL_CMP_MSG *cert_req, - int certReqId, - const OSSL_CRMF_MSG *crm, - const X509_REQ *p10cr, - X509 **certOut, - STACK_OF(X509) **chainOut, - STACK_OF(X509) **caPubs) -{ - mock_srv_ctx *ctx = OSSL_CMP_SRV_CTX_get0_custom_ctx(srv_ctx); - OSSL_CMP_PKISI *si = NULL; - - if (ctx == NULL || cert_req == NULL - || certOut == NULL || chainOut == NULL || caPubs == NULL) { - ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); - return NULL; - } - if (ctx->sendError) { - ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_PROCESSING_MESSAGE); - return NULL; - } - - *certOut = NULL; - *chainOut = NULL; - *caPubs = NULL; - ctx->certReqId = certReqId; - - if (ctx->pollCount > 0 && ctx->curr_pollCount == 0) { - /* start polling */ - if (ctx->certReq != NULL) { - /* already in polling mode */ - ERR_raise(ERR_LIB_CMP, CMP_R_UNEXPECTED_PKIBODY); - return NULL; - } - if ((ctx->certReq = OSSL_CMP_MSG_dup(cert_req)) == NULL) - return NULL; - return OSSL_CMP_STATUSINFO_new(OSSL_CMP_PKISTATUS_waiting, 0, NULL); - } - if (ctx->curr_pollCount >= ctx->pollCount) - /* give final response after polling */ - ctx->curr_pollCount = 0; - - if (OSSL_CMP_MSG_get_bodytype(cert_req) == OSSL_CMP_KUR - && crm != NULL && ctx->certOut != NULL) { - const OSSL_CRMF_CERTID *cid = OSSL_CRMF_MSG_get0_regCtrl_oldCertID(crm); - const X509_NAME *issuer = X509_get_issuer_name(ctx->certOut); - const ASN1_INTEGER *serial = X509_get0_serialNumber(ctx->certOut); - - if (cid == NULL) { - ERR_raise(ERR_LIB_CMP, CMP_R_MISSING_CERTID); - return NULL; - } - if (issuer != NULL - && X509_NAME_cmp(issuer, OSSL_CRMF_CERTID_get0_issuer(cid)) != 0) { - ERR_raise(ERR_LIB_CMP, CMP_R_WRONG_CERTID); - return NULL; - } - if (serial != NULL - && ASN1_INTEGER_cmp(serial, - OSSL_CRMF_CERTID_get0_serialNumber(cid)) != 0) { - ERR_raise(ERR_LIB_CMP, CMP_R_WRONG_CERTID); - return NULL; - } - } - - if (ctx->certOut != NULL - && (*certOut = X509_dup(ctx->certOut)) == NULL) - goto err; - if (ctx->chainOut != NULL - && (*chainOut = X509_chain_up_ref(ctx->chainOut)) == NULL) - goto err; - if (ctx->caPubsOut != NULL - && (*caPubs = X509_chain_up_ref(ctx->caPubsOut)) == NULL) - goto err; - if (ctx->statusOut != NULL - && (si = OSSL_CMP_PKISI_dup(ctx->statusOut)) == NULL) - goto err; - return si; - - err: - X509_free(*certOut); - *certOut = NULL; - sk_X509_pop_free(*chainOut, X509_free); - *chainOut = NULL; - sk_X509_pop_free(*caPubs, X509_free); - *caPubs = NULL; - return NULL; -} - -static OSSL_CMP_PKISI *process_rr(OSSL_CMP_SRV_CTX *srv_ctx, - const OSSL_CMP_MSG *rr, - const X509_NAME *issuer, - const ASN1_INTEGER *serial) -{ - mock_srv_ctx *ctx = OSSL_CMP_SRV_CTX_get0_custom_ctx(srv_ctx); - - if (ctx == NULL || rr == NULL) { - ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); - return NULL; - } - if (ctx->sendError || ctx->certOut == NULL) { - ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_PROCESSING_MESSAGE); - return NULL; - } - - /* Allow any RR derived from CSR, which may include subject and serial */ - if (issuer == NULL || serial == NULL) - return OSSL_CMP_PKISI_dup(ctx->statusOut); - - /* accept revocation only for the certificate we sent in ir/cr/kur */ - if (X509_NAME_cmp(issuer, X509_get_issuer_name(ctx->certOut)) != 0 - || ASN1_INTEGER_cmp(serial, - X509_get0_serialNumber(ctx->certOut)) != 0) { - ERR_raise_data(ERR_LIB_CMP, CMP_R_REQUEST_NOT_ACCEPTED, - "wrong certificate to revoke"); - return NULL; - } - return OSSL_CMP_PKISI_dup(ctx->statusOut); -} - -static int process_genm(OSSL_CMP_SRV_CTX *srv_ctx, - const OSSL_CMP_MSG *genm, - const STACK_OF(OSSL_CMP_ITAV) *in, - STACK_OF(OSSL_CMP_ITAV) **out) -{ - mock_srv_ctx *ctx = OSSL_CMP_SRV_CTX_get0_custom_ctx(srv_ctx); - - if (ctx == NULL || genm == NULL || in == NULL || out == NULL) { - ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); - return 0; - } - if (ctx->sendError) { - ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_PROCESSING_MESSAGE); - return 0; - } - - *out = sk_OSSL_CMP_ITAV_deep_copy(in, OSSL_CMP_ITAV_dup, - OSSL_CMP_ITAV_free); - return *out != NULL; -} - -static void process_error(OSSL_CMP_SRV_CTX *srv_ctx, const OSSL_CMP_MSG *error, - const OSSL_CMP_PKISI *statusInfo, - const ASN1_INTEGER *errorCode, - const OSSL_CMP_PKIFREETEXT *errorDetails) -{ - mock_srv_ctx *ctx = OSSL_CMP_SRV_CTX_get0_custom_ctx(srv_ctx); - char buf[OSSL_CMP_PKISI_BUFLEN]; - char *sibuf; - int i; - - if (ctx == NULL || error == NULL) { - ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); - return; - } - - BIO_printf(bio_err, "mock server received error:\n"); - - if (statusInfo == NULL) { - BIO_printf(bio_err, "pkiStatusInfo absent\n"); - } else { - sibuf = OSSL_CMP_snprint_PKIStatusInfo(statusInfo, buf, sizeof(buf)); - BIO_printf(bio_err, "pkiStatusInfo: %s\n", - sibuf != NULL ? sibuf: ""); - } - - if (errorCode == NULL) - BIO_printf(bio_err, "errorCode absent\n"); - else - BIO_printf(bio_err, "errorCode: %ld\n", ASN1_INTEGER_get(errorCode)); - - if (sk_ASN1_UTF8STRING_num(errorDetails) <= 0) { - BIO_printf(bio_err, "errorDetails absent\n"); - } else { - BIO_printf(bio_err, "errorDetails: "); - for (i = 0; i < sk_ASN1_UTF8STRING_num(errorDetails); i++) { - if (i > 0) - BIO_printf(bio_err, ", "); - BIO_printf(bio_err, "\""); - ASN1_STRING_print(bio_err, - sk_ASN1_UTF8STRING_value(errorDetails, i)); - BIO_printf(bio_err, "\""); - } - BIO_printf(bio_err, "\n"); - } -} - -static int process_certConf(OSSL_CMP_SRV_CTX *srv_ctx, - const OSSL_CMP_MSG *certConf, int certReqId, - const ASN1_OCTET_STRING *certHash, - const OSSL_CMP_PKISI *si) -{ - mock_srv_ctx *ctx = OSSL_CMP_SRV_CTX_get0_custom_ctx(srv_ctx); - ASN1_OCTET_STRING *digest; - - if (ctx == NULL || certConf == NULL || certHash == NULL) { - ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); - return 0; - } - if (ctx->sendError || ctx->certOut == NULL) { - ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_PROCESSING_MESSAGE); - return 0; - } - - if (certReqId != ctx->certReqId) { - /* in case of error, invalid reqId -1 */ - ERR_raise(ERR_LIB_CMP, CMP_R_BAD_REQUEST_ID); - return 0; - } - - if ((digest = X509_digest_sig(ctx->certOut, NULL, NULL)) == NULL) - return 0; - if (ASN1_OCTET_STRING_cmp(certHash, digest) != 0) { - ASN1_OCTET_STRING_free(digest); - ERR_raise(ERR_LIB_CMP, CMP_R_CERTHASH_UNMATCHED); - return 0; - } - ASN1_OCTET_STRING_free(digest); - return 1; -} - -static int process_pollReq(OSSL_CMP_SRV_CTX *srv_ctx, - const OSSL_CMP_MSG *pollReq, int certReqId, - OSSL_CMP_MSG **certReq, int64_t *check_after) -{ - mock_srv_ctx *ctx = OSSL_CMP_SRV_CTX_get0_custom_ctx(srv_ctx); - - if (ctx == NULL || pollReq == NULL - || certReq == NULL || check_after == NULL) { - ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); - return 0; - } - if (ctx->sendError) { - *certReq = NULL; - ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_PROCESSING_MESSAGE); - return 0; - } - if (ctx->certReq == NULL) { - /* not currently in polling mode */ - *certReq = NULL; - ERR_raise(ERR_LIB_CMP, CMP_R_UNEXPECTED_PKIBODY); - return 0; - } - - if (++ctx->curr_pollCount >= ctx->pollCount) { - /* end polling */ - *certReq = ctx->certReq; - ctx->certReq = NULL; - *check_after = 0; - } else { - *certReq = NULL; - *check_after = ctx->checkAfterTime; - } - return 1; -} - -OSSL_CMP_SRV_CTX *ossl_cmp_mock_srv_new(OSSL_LIB_CTX *libctx, const char *propq) -{ - OSSL_CMP_SRV_CTX *srv_ctx = OSSL_CMP_SRV_CTX_new(libctx, propq); - mock_srv_ctx *ctx = mock_srv_ctx_new(); - - if (srv_ctx != NULL && ctx != NULL - && OSSL_CMP_SRV_CTX_init(srv_ctx, ctx, process_cert_request, - process_rr, process_genm, process_error, - process_certConf, process_pollReq)) - return srv_ctx; - - mock_srv_ctx_free(ctx); - OSSL_CMP_SRV_CTX_free(srv_ctx); - return NULL; -} - -void ossl_cmp_mock_srv_free(OSSL_CMP_SRV_CTX *srv_ctx) -{ - if (srv_ctx != NULL) - mock_srv_ctx_free(OSSL_CMP_SRV_CTX_get0_custom_ctx(srv_ctx)); - OSSL_CMP_SRV_CTX_free(srv_ctx); -} diff --git a/apps/lib/columns.c b/apps/lib/columns.c deleted file mode 100644 index aa58fe1781f5f6f3e4ec5fde4ab4038d070db270..0000000000000000000000000000000000000000 --- a/apps/lib/columns.c +++ /dev/null @@ -1,27 +0,0 @@ -/* - * Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "apps.h" -#include "function.h" - -void calculate_columns(FUNCTION *functions, DISPLAY_COLUMNS *dc) -{ - FUNCTION *f; - int len, maxlen = 0; - - for (f = functions; f->name != NULL; ++f) - if (f->type == FT_general || f->type == FT_md || f->type == FT_cipher) - if ((len = strlen(f->name)) > maxlen) - maxlen = len; - - dc->width = maxlen + 2; - dc->columns = (80 - 1) / dc->width; -} - diff --git a/apps/lib/engine.c b/apps/lib/engine.c deleted file mode 100644 index 209c4b6b03c269e9b8e23eacfcc6e2bf8adf0dbd..0000000000000000000000000000000000000000 --- a/apps/lib/engine.c +++ /dev/null @@ -1,193 +0,0 @@ -/* - * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * Here is a set of wrappers for the ENGINE API, which are no-ops when the - * ENGINE API is disabled / removed. - * We need to suppress deprecation warnings to make this work. - */ -#define OPENSSL_SUPPRESS_DEPRECATED - -#include /* strcmp */ - -#include /* Ensure we have the ENGINE type, regardless */ -#include -#ifndef OPENSSL_NO_ENGINE -# include -#endif -#include "apps.h" - -#ifndef OPENSSL_NO_ENGINE -/* Try to load an engine in a shareable library */ -static ENGINE *try_load_engine(const char *engine) -{ - ENGINE *e = NULL; - - if ((e = ENGINE_by_id("dynamic")) != NULL) { - if (!ENGINE_ctrl_cmd_string(e, "SO_PATH", engine, 0) - || !ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0)) { - ENGINE_free(e); - e = NULL; - } - } - return e; -} -#endif - -ENGINE *setup_engine_methods(const char *id, unsigned int methods, int debug) -{ - ENGINE *e = NULL; - -#ifndef OPENSSL_NO_ENGINE - if (id != NULL) { - if (strcmp(id, "auto") == 0) { - BIO_printf(bio_err, "Enabling auto ENGINE support\n"); - ENGINE_register_all_complete(); - return NULL; - } - if ((e = ENGINE_by_id(id)) == NULL - && (e = try_load_engine(id)) == NULL) { - BIO_printf(bio_err, "Invalid engine \"%s\"\n", id); - ERR_print_errors(bio_err); - return NULL; - } - if (debug) - (void)ENGINE_ctrl(e, ENGINE_CTRL_SET_LOGSTREAM, 0, bio_err, 0); - if (!ENGINE_ctrl_cmd(e, "SET_USER_INTERFACE", 0, - (void *)get_ui_method(), 0, 1) - || !ENGINE_set_default(e, methods)) { - BIO_printf(bio_err, "Cannot use engine \"%s\"\n", ENGINE_get_id(e)); - ERR_print_errors(bio_err); - ENGINE_free(e); - return NULL; - } - - BIO_printf(bio_err, "Engine \"%s\" set.\n", ENGINE_get_id(e)); - } -#endif - return e; -} - -void release_engine(ENGINE *e) -{ -#ifndef OPENSSL_NO_ENGINE - /* Free our "structural" reference. */ - ENGINE_free(e); -#endif -} - -int init_engine(ENGINE *e) -{ - int rv = 1; - -#ifndef OPENSSL_NO_ENGINE - rv = ENGINE_init(e); -#endif - return rv; -} - -int finish_engine(ENGINE *e) -{ - int rv = 1; - -#ifndef OPENSSL_NO_ENGINE - rv = ENGINE_finish(e); -#endif - return rv; -} - -char *make_engine_uri(ENGINE *e, const char *key_id, const char *desc) -{ - char *new_uri = NULL; - -#ifndef OPENSSL_NO_ENGINE - if (e == NULL) { - BIO_printf(bio_err, "No engine specified for loading %s\n", desc); - } else if (key_id == NULL) { - BIO_printf(bio_err, "No engine key id specified for loading %s\n", desc); - } else { - const char *engineid = ENGINE_get_id(e); - size_t uri_sz = - sizeof(ENGINE_SCHEME_COLON) - 1 - + strlen(engineid) - + 1 /* : */ - + strlen(key_id) - + 1 /* \0 */ - ; - - new_uri = OPENSSL_malloc(uri_sz); - if (new_uri != NULL) { - OPENSSL_strlcpy(new_uri, ENGINE_SCHEME_COLON, uri_sz); - OPENSSL_strlcat(new_uri, engineid, uri_sz); - OPENSSL_strlcat(new_uri, ":", uri_sz); - OPENSSL_strlcat(new_uri, key_id, uri_sz); - } - } -#else - BIO_printf(bio_err, "Engines not supported for loading %s\n", desc); -#endif - return new_uri; -} - -int get_legacy_pkey_id(OSSL_LIB_CTX *libctx, const char *algname, ENGINE *e) -{ - const EVP_PKEY_ASN1_METHOD *ameth; - ENGINE *tmpeng = NULL; - int pkey_id = NID_undef; - - ERR_set_mark(); - ameth = EVP_PKEY_asn1_find_str(&tmpeng, algname, -1); - -#if !defined(OPENSSL_NO_ENGINE) - ENGINE_finish(tmpeng); - - if (ameth == NULL && e != NULL) - ameth = ENGINE_get_pkey_asn1_meth_str(e, algname, -1); - else -#endif - /* We're only interested if it comes from an ENGINE */ - if (tmpeng == NULL) - ameth = NULL; - - ERR_pop_to_mark(); - if (ameth == NULL) - return NID_undef; - - EVP_PKEY_asn1_get0_info(&pkey_id, NULL, NULL, NULL, NULL, ameth); - - return pkey_id; -} - -const EVP_MD *get_digest_from_engine(const char *name) -{ -#ifndef OPENSSL_NO_ENGINE - ENGINE *eng; - - eng = ENGINE_get_digest_engine(OBJ_sn2nid(name)); - if (eng != NULL) { - ENGINE_finish(eng); - return EVP_get_digestbyname(name); - } -#endif - return NULL; -} - -const EVP_CIPHER *get_cipher_from_engine(const char *name) -{ -#ifndef OPENSSL_NO_ENGINE - ENGINE *eng; - - eng = ENGINE_get_cipher_engine(OBJ_sn2nid(name)); - if (eng != NULL) { - ENGINE_finish(eng); - return EVP_get_cipherbyname(name); - } -#endif - return NULL; -} diff --git a/apps/lib/engine_loader.c b/apps/lib/engine_loader.c deleted file mode 100644 index 42775a89f361e8c1202874b865fedbb00bf60e6b..0000000000000000000000000000000000000000 --- a/apps/lib/engine_loader.c +++ /dev/null @@ -1,203 +0,0 @@ -/* - * Copyright 2018-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * Here is an STORE loader for ENGINE backed keys. It relies on deprecated - * functions, and therefore need to have deprecation warnings suppressed. - * This file is not compiled at all in a '--api=3 no-deprecated' configuration. - */ -#define OPENSSL_SUPPRESS_DEPRECATED - -#include "apps.h" - -#ifndef OPENSSL_NO_ENGINE - -# include -# include -# include -# include - -/* - * Support for legacy private engine keys via the 'org.openssl.engine:' scheme - * - * org.openssl.engine:{engineid}:{keyid} - * - * Note: we ONLY support ENGINE_load_private_key() and ENGINE_load_public_key() - * Note 2: This scheme has a precedent in code in PKIX-SSH. for exactly - * this sort of purpose. - */ - -/* Local definition of OSSL_STORE_LOADER_CTX */ -struct ossl_store_loader_ctx_st { - ENGINE *e; /* Structural reference */ - char *keyid; - int expected; - int loaded; /* 0 = key not loaded yet, 1 = key loaded */ -}; - -static OSSL_STORE_LOADER_CTX *OSSL_STORE_LOADER_CTX_new(ENGINE *e, char *keyid) -{ - OSSL_STORE_LOADER_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx)); - - if (ctx != NULL) { - ctx->e = e; - ctx->keyid = keyid; - } - return ctx; -} - -static void OSSL_STORE_LOADER_CTX_free(OSSL_STORE_LOADER_CTX *ctx) -{ - if (ctx != NULL) { - ENGINE_free(ctx->e); - OPENSSL_free(ctx->keyid); - OPENSSL_free(ctx); - } -} - -static OSSL_STORE_LOADER_CTX *engine_open(const OSSL_STORE_LOADER *loader, - const char *uri, - const UI_METHOD *ui_method, - void *ui_data) -{ - const char *p = uri, *q; - ENGINE *e = NULL; - char *keyid = NULL; - OSSL_STORE_LOADER_CTX *ctx = NULL; - - if (OPENSSL_strncasecmp(p, ENGINE_SCHEME_COLON, sizeof(ENGINE_SCHEME_COLON) - 1) - != 0) - return NULL; - p += sizeof(ENGINE_SCHEME_COLON) - 1; - - /* Look for engine ID */ - q = strchr(p, ':'); - if (q != NULL /* There is both an engine ID and a key ID */ - && p[0] != ':' /* The engine ID is at least one character */ - && q[1] != '\0') { /* The key ID is at least one character */ - char engineid[256]; - size_t engineid_l = q - p; - - strncpy(engineid, p, engineid_l); - engineid[engineid_l] = '\0'; - e = ENGINE_by_id(engineid); - - keyid = OPENSSL_strdup(q + 1); - } - - if (e != NULL && keyid != NULL) - ctx = OSSL_STORE_LOADER_CTX_new(e, keyid); - - if (ctx == NULL) { - OPENSSL_free(keyid); - ENGINE_free(e); - } - - return ctx; -} - -static int engine_expect(OSSL_STORE_LOADER_CTX *ctx, int expected) -{ - if (expected == 0 - || expected == OSSL_STORE_INFO_PUBKEY - || expected == OSSL_STORE_INFO_PKEY) { - ctx->expected = expected; - return 1; - } - return 0; -} - -static OSSL_STORE_INFO *engine_load(OSSL_STORE_LOADER_CTX *ctx, - const UI_METHOD *ui_method, void *ui_data) -{ - EVP_PKEY *pkey = NULL, *pubkey = NULL; - OSSL_STORE_INFO *info = NULL; - - if (ctx->loaded == 0) { - if (ENGINE_init(ctx->e)) { - if (ctx->expected == 0 - || ctx->expected == OSSL_STORE_INFO_PKEY) - pkey = - ENGINE_load_private_key(ctx->e, ctx->keyid, - (UI_METHOD *)ui_method, ui_data); - if ((pkey == NULL && ctx->expected == 0) - || ctx->expected == OSSL_STORE_INFO_PUBKEY) - pubkey = - ENGINE_load_public_key(ctx->e, ctx->keyid, - (UI_METHOD *)ui_method, ui_data); - ENGINE_finish(ctx->e); - } - } - - ctx->loaded = 1; - - if (pubkey != NULL) - info = OSSL_STORE_INFO_new_PUBKEY(pubkey); - else if (pkey != NULL) - info = OSSL_STORE_INFO_new_PKEY(pkey); - if (info == NULL) { - EVP_PKEY_free(pkey); - EVP_PKEY_free(pubkey); - } - return info; -} - -static int engine_eof(OSSL_STORE_LOADER_CTX *ctx) -{ - return ctx->loaded != 0; -} - -static int engine_error(OSSL_STORE_LOADER_CTX *ctx) -{ - return 0; -} - -static int engine_close(OSSL_STORE_LOADER_CTX *ctx) -{ - OSSL_STORE_LOADER_CTX_free(ctx); - return 1; -} - -int setup_engine_loader(void) -{ - OSSL_STORE_LOADER *loader = NULL; - - if ((loader = OSSL_STORE_LOADER_new(NULL, ENGINE_SCHEME)) == NULL - || !OSSL_STORE_LOADER_set_open(loader, engine_open) - || !OSSL_STORE_LOADER_set_expect(loader, engine_expect) - || !OSSL_STORE_LOADER_set_load(loader, engine_load) - || !OSSL_STORE_LOADER_set_eof(loader, engine_eof) - || !OSSL_STORE_LOADER_set_error(loader, engine_error) - || !OSSL_STORE_LOADER_set_close(loader, engine_close) - || !OSSL_STORE_register_loader(loader)) { - OSSL_STORE_LOADER_free(loader); - loader = NULL; - } - - return loader != NULL; -} - -void destroy_engine_loader(void) -{ - OSSL_STORE_LOADER *loader = OSSL_STORE_unregister_loader(ENGINE_SCHEME); - OSSL_STORE_LOADER_free(loader); -} - -#else /* !OPENSSL_NO_ENGINE */ - -int setup_engine_loader(void) -{ - return 0; -} - -void destroy_engine_loader(void) -{ -} - -#endif diff --git a/apps/lib/fmt.c b/apps/lib/fmt.c deleted file mode 100644 index af0e63b85b14c57e947e8a8d06d660fe6db64dba..0000000000000000000000000000000000000000 --- a/apps/lib/fmt.c +++ /dev/null @@ -1,15 +0,0 @@ -/* - * Copyright 2018-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include "fmt.h" - -int FMT_istext(int format) -{ - return (format & B_FORMAT_TEXT) == B_FORMAT_TEXT; -} diff --git a/apps/lib/http_server.c b/apps/lib/http_server.c deleted file mode 100644 index a7fe5e1a58b0abe6e95dae3bf0e2d2d1caa138a2..0000000000000000000000000000000000000000 --- a/apps/lib/http_server.c +++ /dev/null @@ -1,533 +0,0 @@ -/* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* Very basic HTTP server */ - -#if !defined(_POSIX_C_SOURCE) && defined(OPENSSL_SYS_VMS) -/* - * On VMS, you need to define this to get the declaration of fileno(). The - * value 2 is to make sure no function defined in POSIX-2 is left undefined. - */ -# define _POSIX_C_SOURCE 2 -#endif - -#include -#include -#include "http_server.h" -#include "internal/sockets.h" -#include -#include -#include "s_apps.h" - -#if defined(__TANDEM) -# if defined(OPENSSL_TANDEM_FLOSS) -# include -# endif -#endif - -static int verbosity = LOG_INFO; - -#define HTTP_PREFIX "HTTP/" -#define HTTP_VERSION_PATT "1." /* allow 1.x */ -#define HTTP_PREFIX_VERSION HTTP_PREFIX""HTTP_VERSION_PATT -#define HTTP_1_0 HTTP_PREFIX_VERSION"0" /* "HTTP/1.0" */ - -#ifdef HTTP_DAEMON - -int multi = 0; /* run multiple responder processes */ -int acfd = (int) INVALID_SOCKET; - -static int print_syslog(const char *str, size_t len, void *levPtr) -{ - int level = *(int *)levPtr; - int ilen = len > MAXERRLEN ? MAXERRLEN : len; - - syslog(level, "%.*s", ilen, str); - - return ilen; -} -#endif - -void log_message(const char *prog, int level, const char *fmt, ...) -{ - va_list ap; - - if (verbosity < level) - return; - - va_start(ap, fmt); -#ifdef HTTP_DAEMON - if (multi) { - char buf[1024]; - - if (vsnprintf(buf, sizeof(buf), fmt, ap) > 0) - syslog(level, "%s", buf); - if (level <= LOG_ERR) - ERR_print_errors_cb(print_syslog, &level); - } else -#endif - { - BIO_printf(bio_err, "%s: ", prog); - BIO_vprintf(bio_err, fmt, ap); - BIO_printf(bio_err, "\n"); - (void)BIO_flush(bio_err); - } - va_end(ap); -} - -#ifdef HTTP_DAEMON -void socket_timeout(int signum) -{ - if (acfd != (int)INVALID_SOCKET) - (void)shutdown(acfd, SHUT_RD); -} - -static void killall(int ret, pid_t *kidpids) -{ - int i; - - for (i = 0; i < multi; ++i) - if (kidpids[i] != 0) - (void)kill(kidpids[i], SIGTERM); - OPENSSL_free(kidpids); - ossl_sleep(1000); - exit(ret); -} - -static int termsig = 0; - -static void noteterm(int sig) -{ - termsig = sig; -} - -/* - * Loop spawning up to `multi` child processes, only child processes return - * from this function. The parent process loops until receiving a termination - * signal, kills extant children and exits without returning. - */ -void spawn_loop(const char *prog) -{ - pid_t *kidpids = NULL; - int status; - int procs = 0; - int i; - - openlog(prog, LOG_PID, LOG_DAEMON); - - if (setpgid(0, 0)) { - syslog(LOG_ERR, "fatal: error detaching from parent process group: %s", - strerror(errno)); - exit(1); - } - kidpids = app_malloc(multi * sizeof(*kidpids), "child PID array"); - for (i = 0; i < multi; ++i) - kidpids[i] = 0; - - signal(SIGINT, noteterm); - signal(SIGTERM, noteterm); - - while (termsig == 0) { - pid_t fpid; - - /* - * Wait for a child to replace when we're at the limit. - * Slow down if a child exited abnormally or waitpid() < 0 - */ - while (termsig == 0 && procs >= multi) { - if ((fpid = waitpid(-1, &status, 0)) > 0) { - for (i = 0; i < procs; ++i) { - if (kidpids[i] == fpid) { - kidpids[i] = 0; - --procs; - break; - } - } - if (i >= multi) { - syslog(LOG_ERR, "fatal: internal error: " - "no matching child slot for pid: %ld", - (long) fpid); - killall(1, kidpids); - } - if (status != 0) { - if (WIFEXITED(status)) - syslog(LOG_WARNING, "child process: %ld, exit status: %d", - (long)fpid, WEXITSTATUS(status)); - else if (WIFSIGNALED(status)) - syslog(LOG_WARNING, "child process: %ld, term signal %d%s", - (long)fpid, WTERMSIG(status), -# ifdef WCOREDUMP - WCOREDUMP(status) ? " (core dumped)" : -# endif - ""); - ossl_sleep(1000); - } - break; - } else if (errno != EINTR) { - syslog(LOG_ERR, "fatal: waitpid(): %s", strerror(errno)); - killall(1, kidpids); - } - } - if (termsig) - break; - - switch (fpid = fork()) { - case -1: /* error */ - /* System critically low on memory, pause and try again later */ - ossl_sleep(30000); - break; - case 0: /* child */ - OPENSSL_free(kidpids); - signal(SIGINT, SIG_DFL); - signal(SIGTERM, SIG_DFL); - if (termsig) - _exit(0); - if (RAND_poll() <= 0) { - syslog(LOG_ERR, "fatal: RAND_poll() failed"); - _exit(1); - } - return; - default: /* parent */ - for (i = 0; i < multi; ++i) { - if (kidpids[i] == 0) { - kidpids[i] = fpid; - procs++; - break; - } - } - if (i >= multi) { - syslog(LOG_ERR, "fatal: internal error: no free child slots"); - killall(1, kidpids); - } - break; - } - } - - /* The loop above can only break on termsig */ - syslog(LOG_INFO, "terminating on signal: %d", termsig); - killall(0, kidpids); -} -#endif - -#ifndef OPENSSL_NO_SOCK -BIO *http_server_init_bio(const char *prog, const char *port) -{ - BIO *acbio = NULL, *bufbio; - int asock; - - bufbio = BIO_new(BIO_f_buffer()); - if (bufbio == NULL) - goto err; - acbio = BIO_new(BIO_s_accept()); - if (acbio == NULL - || BIO_set_bind_mode(acbio, BIO_BIND_REUSEADDR) < 0 - || BIO_set_accept_port(acbio, port) < 0) { - log_message(prog, LOG_ERR, "Error setting up accept BIO"); - goto err; - } - - BIO_set_accept_bios(acbio, bufbio); - bufbio = NULL; - if (BIO_do_accept(acbio) <= 0) { - log_message(prog, LOG_ERR, "Error starting accept"); - goto err; - } - - /* Report back what address and port are used */ - BIO_get_fd(acbio, &asock); - if (!report_server_accept(bio_out, asock, 1, 1)) { - log_message(prog, LOG_ERR, "Error printing ACCEPT string"); - goto err; - } - - return acbio; - - err: - BIO_free_all(acbio); - BIO_free(bufbio); - return NULL; -} - -/* - * Decode %xx URL-decoding in-place. Ignores malformed sequences. - */ -static int urldecode(char *p) -{ - unsigned char *out = (unsigned char *)p; - unsigned char *save = out; - - for (; *p; p++) { - if (*p != '%') { - *out++ = *p; - } else if (isxdigit(_UC(p[1])) && isxdigit(_UC(p[2]))) { - /* Don't check, can't fail because of ixdigit() call. */ - *out++ = (OPENSSL_hexchar2int(p[1]) << 4) - | OPENSSL_hexchar2int(p[2]); - p += 2; - } else { - return -1; - } - } - *out = '\0'; - return (int)(out - save); -} - -/* if *pcbio != NULL, continue given connected session, else accept new */ -/* if found_keep_alive != NULL, return this way connection persistence state */ -int http_server_get_asn1_req(const ASN1_ITEM *it, ASN1_VALUE **preq, - char **ppath, BIO **pcbio, BIO *acbio, - int *found_keep_alive, - const char *prog, const char *port, - int accept_get, int timeout) -{ - BIO *cbio = *pcbio, *getbio = NULL, *b64 = NULL; - int len; - char reqbuf[2048], inbuf[2048]; - char *meth, *url, *end; - ASN1_VALUE *req; - int ret = 0; - - *preq = NULL; - if (ppath != NULL) - *ppath = NULL; - - if (cbio == NULL) { - log_message(prog, LOG_DEBUG, - "Awaiting new connection on port %s...", port); - if (BIO_do_accept(acbio) <= 0) - /* Connection loss before accept() is routine, ignore silently */ - return ret; - - *pcbio = cbio = BIO_pop(acbio); - } else { - log_message(prog, LOG_DEBUG, "Awaiting next request..."); - } - if (cbio == NULL) { - /* Cannot call http_server_send_status(cbio, ...) */ - ret = -1; - goto out; - } - -# ifdef HTTP_DAEMON - if (timeout > 0) { - (void)BIO_get_fd(cbio, &acfd); - alarm(timeout); - } -# endif - - /* Read the request line. */ - len = BIO_gets(cbio, reqbuf, sizeof(reqbuf)); - if (len == 0) - return ret; - ret = 1; - if (len < 0) { - log_message(prog, LOG_WARNING, "Request line read error"); - (void)http_server_send_status(cbio, 400, "Bad Request"); - goto out; - } - if ((end = strchr(reqbuf, '\r')) != NULL - || (end = strchr(reqbuf, '\n')) != NULL) - *end = '\0'; - log_message(prog, LOG_INFO, "Received request, 1st line: %s", reqbuf); - - meth = reqbuf; - url = meth + 3; - if ((accept_get && strncmp(meth, "GET ", 4) == 0) - || (url++, strncmp(meth, "POST ", 5) == 0)) { - static const char http_version_str[] = " "HTTP_PREFIX_VERSION; - static const size_t http_version_str_len = sizeof(http_version_str) - 1; - - /* Expecting (GET|POST) {sp} /URL {sp} HTTP/1.x */ - *(url++) = '\0'; - while (*url == ' ') - url++; - if (*url != '/') { - log_message(prog, LOG_WARNING, - "Invalid %s -- URL does not begin with '/': %s", - meth, url); - (void)http_server_send_status(cbio, 400, "Bad Request"); - goto out; - } - url++; - - /* Splice off the HTTP version identifier. */ - for (end = url; *end != '\0'; end++) - if (*end == ' ') - break; - if (strncmp(end, http_version_str, http_version_str_len) != 0) { - log_message(prog, LOG_WARNING, - "Invalid %s -- bad HTTP/version string: %s", - meth, end + 1); - (void)http_server_send_status(cbio, 400, "Bad Request"); - goto out; - } - *end = '\0'; - /* above HTTP 1.0, connection persistence is the default */ - if (found_keep_alive != NULL) - *found_keep_alive = end[http_version_str_len] > '0'; - - /*- - * Skip "GET / HTTP..." requests often used by load-balancers. - * 'url' was incremented above to point to the first byte *after* - * the leading slash, so in case 'GET / ' it is now an empty string. - */ - if (strlen(meth) == 3 && url[0] == '\0') { - (void)http_server_send_status(cbio, 200, "OK"); - goto out; - } - - len = urldecode(url); - if (len < 0) { - log_message(prog, LOG_WARNING, - "Invalid %s request -- bad URL encoding: %s", - meth, url); - (void)http_server_send_status(cbio, 400, "Bad Request"); - goto out; - } - if (strlen(meth) == 3) { /* GET */ - if ((getbio = BIO_new_mem_buf(url, len)) == NULL - || (b64 = BIO_new(BIO_f_base64())) == NULL) { - log_message(prog, LOG_ERR, - "Could not allocate base64 bio with size = %d", - len); - goto fatal; - } - BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL); - getbio = BIO_push(b64, getbio); - } - } else { - log_message(prog, LOG_WARNING, - "HTTP request does not begin with %sPOST: %s", - accept_get ? "GET or " : "", reqbuf); - (void)http_server_send_status(cbio, 400, "Bad Request"); - goto out; - } - - /* chop any further/duplicate leading or trailing '/' */ - while (*url == '/') - url++; - while (end >= url + 2 && end[-2] == '/' && end[-1] == '/') - end--; - *end = '\0'; - - /* Read and skip past the headers. */ - for (;;) { - char *key, *value, *line_end = NULL; - - len = BIO_gets(cbio, inbuf, sizeof(inbuf)); - if (len <= 0) { - log_message(prog, LOG_WARNING, "Error reading HTTP header"); - (void)http_server_send_status(cbio, 400, "Bad Request"); - goto out; - } - - if (inbuf[0] == '\r' || inbuf[0] == '\n') - break; - - key = inbuf; - value = strchr(key, ':'); - if (value == NULL) { - log_message(prog, LOG_WARNING, - "Error parsing HTTP header: missing ':'"); - (void)http_server_send_status(cbio, 400, "Bad Request"); - goto out; - } - *(value++) = '\0'; - while (*value == ' ') - value++; - line_end = strchr(value, '\r'); - if (line_end == NULL) { - line_end = strchr(value, '\n'); - if (line_end == NULL) { - log_message(prog, LOG_WARNING, - "Error parsing HTTP header: missing end of line"); - (void)http_server_send_status(cbio, 400, "Bad Request"); - goto out; - } - } - *line_end = '\0'; - /* https://tools.ietf.org/html/rfc7230#section-6.3 Persistence */ - if (found_keep_alive != NULL - && OPENSSL_strcasecmp(key, "Connection") == 0) { - if (OPENSSL_strcasecmp(value, "keep-alive") == 0) - *found_keep_alive = 1; - else if (OPENSSL_strcasecmp(value, "close") == 0) - *found_keep_alive = 0; - } - } - -# ifdef HTTP_DAEMON - /* Clear alarm before we close the client socket */ - alarm(0); - timeout = 0; -# endif - - /* Try to read and parse request */ - req = ASN1_item_d2i_bio(it, getbio != NULL ? getbio : cbio, NULL); - if (req == NULL) { - log_message(prog, LOG_WARNING, - "Error parsing DER-encoded request content"); - (void)http_server_send_status(cbio, 400, "Bad Request"); - } else if (ppath != NULL && (*ppath = OPENSSL_strdup(url)) == NULL) { - log_message(prog, LOG_ERR, - "Out of memory allocating %zu bytes", strlen(url) + 1); - ASN1_item_free(req, it); - goto fatal; - } - - *preq = req; - - out: - BIO_free_all(getbio); -# ifdef HTTP_DAEMON - if (timeout > 0) - alarm(0); - acfd = (int)INVALID_SOCKET; -# endif - return ret; - - fatal: - (void)http_server_send_status(cbio, 500, "Internal Server Error"); - if (ppath != NULL) { - OPENSSL_free(*ppath); - *ppath = NULL; - } - BIO_free_all(cbio); - *pcbio = NULL; - ret = -1; - goto out; -} - -/* assumes that cbio does not do an encoding that changes the output length */ -int http_server_send_asn1_resp(BIO *cbio, int keep_alive, - const char *content_type, - const ASN1_ITEM *it, const ASN1_VALUE *resp) -{ - int ret = BIO_printf(cbio, HTTP_1_0" 200 OK\r\n%s" - "Content-type: %s\r\n" - "Content-Length: %d\r\n\r\n", - keep_alive ? "Connection: keep-alive\r\n" : "", - content_type, - ASN1_item_i2d(resp, NULL, it)) > 0 - && ASN1_item_i2d_bio(it, cbio, resp) > 0; - - (void)BIO_flush(cbio); - return ret; -} - -int http_server_send_status(BIO *cbio, int status, const char *reason) -{ - int ret = BIO_printf(cbio, HTTP_1_0" %d %s\r\n\r\n", - /* This implicitly cancels keep-alive */ - status, reason) > 0; - - (void)BIO_flush(cbio); - return ret; -} -#endif diff --git a/apps/lib/names.c b/apps/lib/names.c deleted file mode 100644 index 4788ae84b9158ade1b2a003c4f849059fe054da6..0000000000000000000000000000000000000000 --- a/apps/lib/names.c +++ /dev/null @@ -1,45 +0,0 @@ -/* - * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include "names.h" -#include "openssl/crypto.h" - -int name_cmp(const char * const *a, const char * const *b) -{ - return OPENSSL_strcasecmp(*a, *b); -} - -void collect_names(const char *name, void *vdata) -{ - STACK_OF(OPENSSL_CSTRING) *names = vdata; - - sk_OPENSSL_CSTRING_push(names, name); -} - -void print_names(BIO *out, STACK_OF(OPENSSL_CSTRING) *names) -{ - int i = sk_OPENSSL_CSTRING_num(names); - int j; - - sk_OPENSSL_CSTRING_sort(names); - if (i > 1) - BIO_printf(out, "{ "); - for (j = 0; j < i; j++) { - const char *name = sk_OPENSSL_CSTRING_value(names, j); - - if (j > 0) - BIO_printf(out, ", "); - BIO_printf(out, "%s", name); - } - if (i > 1) - BIO_printf(out, " }"); -} diff --git a/apps/lib/opt.c b/apps/lib/opt.c deleted file mode 100644 index 157367982d2fa9f71a596d927aceda38e5fe35e0..0000000000000000000000000000000000000000 --- a/apps/lib/opt.c +++ /dev/null @@ -1,1198 +0,0 @@ -/* - * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * This file is also used by the test suite. Do not #include "apps.h". - */ -#include "opt.h" -#include "fmt.h" -#include "app_libctx.h" -#include "internal/nelem.h" -#include "internal/numbers.h" -#include -#if !defined(OPENSSL_SYS_MSDOS) -# include -#endif - -#include -#include -#include -#include -#include -#include -#include - -#define MAX_OPT_HELP_WIDTH 30 -const char OPT_HELP_STR[] = "-H"; -const char OPT_MORE_STR[] = "-M"; -const char OPT_SECTION_STR[] = "-S"; -const char OPT_PARAM_STR[] = "-P"; - -/* Our state */ -static char **argv; -static int argc; -static int opt_index; -static char *arg; -static char *flag; -static char *dunno; -static const OPTIONS *unknown; -static const OPTIONS *opts; -static char prog[40]; - -/* - * Return the simple name of the program; removing various platform gunk. - */ -#if defined(OPENSSL_SYS_WIN32) - -const char *opt_path_end(const char *filename) -{ - const char *p; - - /* find the last '/', '\' or ':' */ - for (p = filename + strlen(filename); --p > filename; ) - if (*p == '/' || *p == '\\' || *p == ':') { - p++; - break; - } - return p; -} - -char *opt_progname(const char *argv0) -{ - size_t i, n; - const char *p; - char *q; - - p = opt_path_end(argv0); - - /* Strip off trailing nonsense. */ - n = strlen(p); - if (n > 4 && - (strcmp(&p[n - 4], ".exe") == 0 || strcmp(&p[n - 4], ".EXE") == 0)) - n -= 4; - - /* Copy over the name, in lowercase. */ - if (n > sizeof(prog) - 1) - n = sizeof(prog) - 1; - for (q = prog, i = 0; i < n; i++, p++) - *q++ = tolower((unsigned char)*p); - *q = '\0'; - return prog; -} - -#elif defined(OPENSSL_SYS_VMS) - -const char *opt_path_end(const char *filename) -{ - const char *p; - - /* Find last special character sys:[foo.bar]openssl */ - for (p = filename + strlen(filename); --p > filename;) - if (*p == ':' || *p == ']' || *p == '>') { - p++; - break; - } - return p; -} - -char *opt_progname(const char *argv0) -{ - const char *p, *q; - - /* Find last special character sys:[foo.bar]openssl */ - p = opt_path_end(argv0); - q = strrchr(p, '.'); - if (prog != p) - strncpy(prog, p, sizeof(prog) - 1); - prog[sizeof(prog) - 1] = '\0'; - if (q != NULL && q - p < sizeof(prog)) - prog[q - p] = '\0'; - return prog; -} - -#else - -const char *opt_path_end(const char *filename) -{ - const char *p; - - /* Could use strchr, but this is like the ones above. */ - for (p = filename + strlen(filename); --p > filename;) - if (*p == '/') { - p++; - break; - } - return p; -} - -char *opt_progname(const char *argv0) -{ - const char *p; - - p = opt_path_end(argv0); - if (prog != p) - strncpy(prog, p, sizeof(prog) - 1); - prog[sizeof(prog) - 1] = '\0'; - return prog; -} -#endif - -char *opt_appname(const char *argv0) -{ - size_t len = strlen(prog); - - if (argv0 != NULL) - BIO_snprintf(prog + len, sizeof(prog) - len - 1, " %s", argv0); - return prog; -} - -char *opt_getprog(void) -{ - return prog; -} - -/* Set up the arg parsing. */ -char *opt_init(int ac, char **av, const OPTIONS *o) -{ - /* Store state. */ - argc = ac; - argv = av; - opt_begin(); - opts = o; - unknown = NULL; - - /* Make sure prog name is set for usage output */ - (void)opt_progname(argv[0]); - - /* Check all options up until the PARAM marker (if present) */ - for (; o->name != NULL && o->name != OPT_PARAM_STR; ++o) { -#ifndef NDEBUG - const OPTIONS *next; - int duplicated, i; -#endif - - if (o->name == OPT_HELP_STR - || o->name == OPT_MORE_STR - || o->name == OPT_SECTION_STR) - continue; -#ifndef NDEBUG - i = o->valtype; - - /* Make sure options are legit. */ - OPENSSL_assert(o->name[0] != '-'); - if (o->valtype == '.') - OPENSSL_assert(o->retval == OPT_PARAM); - else - OPENSSL_assert(o->retval == OPT_DUP || o->retval > OPT_PARAM); - switch (i) { - case 0: case '-': case '.': - case '/': case '<': case '>': case 'E': case 'F': - case 'M': case 'U': case 'f': case 'l': case 'n': case 'p': case 's': - case 'u': case 'c': case ':': case 'N': - break; - default: - OPENSSL_assert(0); - } - - /* Make sure there are no duplicates. */ - for (next = o + 1; next->name; ++next) { - /* - * Some compilers inline strcmp and the assert string is too long. - */ - duplicated = next->retval != OPT_DUP - && strcmp(o->name, next->name) == 0; - if (duplicated) { - opt_printf_stderr("%s: Internal error: duplicate option %s\n", - prog, o->name); - OPENSSL_assert(!duplicated); - } - } -#endif - if (o->name[0] == '\0') { - OPENSSL_assert(unknown == NULL); - unknown = o; - OPENSSL_assert(unknown->valtype == 0 || unknown->valtype == '-'); - } - } - return prog; -} - -static OPT_PAIR formats[] = { - {"PEM/DER", OPT_FMT_PEMDER}, - {"pkcs12", OPT_FMT_PKCS12}, - {"smime", OPT_FMT_SMIME}, - {"engine", OPT_FMT_ENGINE}, - {"msblob", OPT_FMT_MSBLOB}, - {"nss", OPT_FMT_NSS}, - {"text", OPT_FMT_TEXT}, - {"http", OPT_FMT_HTTP}, - {"pvk", OPT_FMT_PVK}, - {NULL} -}; - -/* Print an error message about a failed format parse. */ -static int opt_format_error(const char *s, unsigned long flags) -{ - OPT_PAIR *ap; - - if (flags == OPT_FMT_PEMDER) { - opt_printf_stderr("%s: Bad format \"%s\"; must be pem or der\n", - prog, s); - } else { - opt_printf_stderr("%s: Bad format \"%s\"; must be one of:\n", - prog, s); - for (ap = formats; ap->name; ap++) - if (flags & ap->retval) - opt_printf_stderr(" %s\n", ap->name); - } - return 0; -} - -/* Parse a format string, put it into *result; return 0 on failure, else 1. */ -int opt_format(const char *s, unsigned long flags, int *result) -{ - switch (*s) { - default: - opt_printf_stderr("%s: Bad format \"%s\"\n", prog, s); - return 0; - case 'D': - case 'd': - if ((flags & OPT_FMT_PEMDER) == 0) - return opt_format_error(s, flags); - *result = FORMAT_ASN1; - break; - case 'T': - case 't': - if ((flags & OPT_FMT_TEXT) == 0) - return opt_format_error(s, flags); - *result = FORMAT_TEXT; - break; - case 'N': - case 'n': - if ((flags & OPT_FMT_NSS) == 0) - return opt_format_error(s, flags); - if (strcmp(s, "NSS") != 0 && strcmp(s, "nss") != 0) - return opt_format_error(s, flags); - *result = FORMAT_NSS; - break; - case 'S': - case 's': - if ((flags & OPT_FMT_SMIME) == 0) - return opt_format_error(s, flags); - *result = FORMAT_SMIME; - break; - case 'M': - case 'm': - if ((flags & OPT_FMT_MSBLOB) == 0) - return opt_format_error(s, flags); - *result = FORMAT_MSBLOB; - break; - case 'E': - case 'e': - if ((flags & OPT_FMT_ENGINE) == 0) - return opt_format_error(s, flags); - *result = FORMAT_ENGINE; - break; - case 'H': - case 'h': - if ((flags & OPT_FMT_HTTP) == 0) - return opt_format_error(s, flags); - *result = FORMAT_HTTP; - break; - case '1': - if ((flags & OPT_FMT_PKCS12) == 0) - return opt_format_error(s, flags); - *result = FORMAT_PKCS12; - break; - case 'P': - case 'p': - if (s[1] == '\0' || strcmp(s, "PEM") == 0 || strcmp(s, "pem") == 0) { - if ((flags & OPT_FMT_PEMDER) == 0) - return opt_format_error(s, flags); - *result = FORMAT_PEM; - } else if (strcmp(s, "PVK") == 0 || strcmp(s, "pvk") == 0) { - if ((flags & OPT_FMT_PVK) == 0) - return opt_format_error(s, flags); - *result = FORMAT_PVK; - } else if (strcmp(s, "P12") == 0 || strcmp(s, "p12") == 0 - || strcmp(s, "PKCS12") == 0 || strcmp(s, "pkcs12") == 0) { - if ((flags & OPT_FMT_PKCS12) == 0) - return opt_format_error(s, flags); - *result = FORMAT_PKCS12; - } else { - opt_printf_stderr("%s: Bad format \"%s\"\n", prog, s); - return 0; - } - break; - } - return 1; -} - -/* Return string representing the given format. */ -static const char *format2str(int format) -{ - switch (format) { - default: - return "(undefined)"; - case FORMAT_PEM: - return "PEM"; - case FORMAT_ASN1: - return "DER"; - case FORMAT_TEXT: - return "TEXT"; - case FORMAT_NSS: - return "NSS"; - case FORMAT_SMIME: - return "SMIME"; - case FORMAT_MSBLOB: - return "MSBLOB"; - case FORMAT_ENGINE: - return "ENGINE"; - case FORMAT_HTTP: - return "HTTP"; - case FORMAT_PKCS12: - return "P12"; - case FORMAT_PVK: - return "PVK"; - } -} - -/* Print an error message about unsuitable/unsupported format requested. */ -void print_format_error(int format, unsigned long flags) -{ - (void)opt_format_error(format2str(format), flags); -} - -/* - * Parse a cipher name, put it in *cipherp after freeing what was there, if - * cipherp is not NULL. Return 0 on failure, else 1. - */ -int opt_cipher_silent(const char *name, EVP_CIPHER **cipherp) -{ - EVP_CIPHER *c; - - ERR_set_mark(); - if ((c = EVP_CIPHER_fetch(app_get0_libctx(), name, - app_get0_propq())) != NULL - || (opt_legacy_okay() - && (c = (EVP_CIPHER *)EVP_get_cipherbyname(name)) != NULL)) { - ERR_pop_to_mark(); - if (cipherp != NULL) { - EVP_CIPHER_free(*cipherp); - *cipherp = c; - } else { - EVP_CIPHER_free(c); - } - return 1; - } - ERR_clear_last_mark(); - return 0; -} - -int opt_cipher_any(const char *name, EVP_CIPHER **cipherp) -{ - int ret; - - if ((ret = opt_cipher_silent(name, cipherp)) == 0) - opt_printf_stderr("%s: Unknown cipher: %s\n", prog, name); - return ret; -} - -int opt_cipher(const char *name, EVP_CIPHER **cipherp) -{ - int mode, ret = 0; - unsigned long int flags; - EVP_CIPHER *c = NULL; - - if (opt_cipher_any(name, &c)) { - mode = EVP_CIPHER_get_mode(c); - flags = EVP_CIPHER_get_flags(c); - if (mode == EVP_CIPH_XTS_MODE) { - opt_printf_stderr("%s XTS ciphers not supported\n", prog); - } else if ((flags & EVP_CIPH_FLAG_AEAD_CIPHER) != 0) { - opt_printf_stderr("%s: AEAD ciphers not supported\n", prog); - } else { - ret = 1; - if (cipherp != NULL) - *cipherp = c; - } - } - return ret; -} - -/* - * Parse message digest name, put it in *EVP_MD; return 0 on failure, else 1. - */ -int opt_md_silent(const char *name, EVP_MD **mdp) -{ - EVP_MD *md; - - ERR_set_mark(); - if ((md = EVP_MD_fetch(app_get0_libctx(), name, app_get0_propq())) != NULL - || (opt_legacy_okay() - && (md = (EVP_MD *)EVP_get_digestbyname(name)) != NULL)) { - ERR_pop_to_mark(); - if (mdp != NULL) { - EVP_MD_free(*mdp); - *mdp = md; - } else { - EVP_MD_free(md); - } - return 1; - } - ERR_clear_last_mark(); - return 0; -} - -int opt_md(const char *name, EVP_MD **mdp) -{ - int ret; - - if ((ret = opt_md_silent(name, mdp)) == 0) - opt_printf_stderr("%s: Unknown option or message digest: %s\n", prog, - name != NULL ? name : "\"\""); - return ret; -} - -/* Look through a list of name/value pairs. */ -int opt_pair(const char *name, const OPT_PAIR* pairs, int *result) -{ - const OPT_PAIR *pp; - - for (pp = pairs; pp->name; pp++) - if (strcmp(pp->name, name) == 0) { - *result = pp->retval; - return 1; - } - opt_printf_stderr("%s: Value must be one of:\n", prog); - for (pp = pairs; pp->name; pp++) - opt_printf_stderr("\t%s\n", pp->name); - return 0; -} - -/* Look through a list of valid names */ -int opt_string(const char *name, const char **options) -{ - const char **p; - - for (p = options; *p != NULL; p++) - if (strcmp(*p, name) == 0) - return 1; - opt_printf_stderr("%s: Value must be one of:\n", prog); - for (p = options; *p != NULL; p++) - opt_printf_stderr("\t%s\n", *p); - return 0; -} - -/* Parse an int, put it into *result; return 0 on failure, else 1. */ -int opt_int(const char *value, int *result) -{ - long l; - - if (!opt_long(value, &l)) - return 0; - *result = (int)l; - if (*result != l) { - opt_printf_stderr("%s: Value \"%s\" outside integer range\n", - prog, value); - return 0; - } - return 1; -} - -/* Parse and return an integer, assuming range has been checked before. */ -int opt_int_arg(void) -{ - int result = -1; - - (void)opt_int(arg, &result); - return result; -} - -static void opt_number_error(const char *v) -{ - size_t i = 0; - struct strstr_pair_st { - char *prefix; - char *name; - } b[] = { - {"0x", "a hexadecimal"}, - {"0X", "a hexadecimal"}, - {"0", "an octal"} - }; - - for (i = 0; i < OSSL_NELEM(b); i++) { - if (strncmp(v, b[i].prefix, strlen(b[i].prefix)) == 0) { - opt_printf_stderr("%s: Can't parse \"%s\" as %s number\n", - prog, v, b[i].name); - return; - } - } - opt_printf_stderr("%s: Can't parse \"%s\" as a number\n", prog, v); - return; -} - -/* Parse a long, put it into *result; return 0 on failure, else 1. */ -int opt_long(const char *value, long *result) -{ - int oerrno = errno; - long l; - char *endp; - - errno = 0; - l = strtol(value, &endp, 0); - if (*endp - || endp == value - || ((l == LONG_MAX || l == LONG_MIN) && errno == ERANGE) - || (l == 0 && errno != 0)) { - opt_number_error(value); - errno = oerrno; - return 0; - } - *result = l; - errno = oerrno; - return 1; -} - -#if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L && \ - defined(INTMAX_MAX) && defined(UINTMAX_MAX) && \ - !defined(OPENSSL_NO_INTTYPES_H) - -/* Parse an intmax_t, put it into *result; return 0 on failure, else 1. */ -int opt_intmax(const char *value, ossl_intmax_t *result) -{ - int oerrno = errno; - intmax_t m; - char *endp; - - errno = 0; - m = strtoimax(value, &endp, 0); - if (*endp - || endp == value - || ((m == INTMAX_MAX || m == INTMAX_MIN) - && errno == ERANGE) - || (m == 0 && errno != 0)) { - opt_number_error(value); - errno = oerrno; - return 0; - } - /* Ensure that the value in |m| is never too big for |*result| */ - if (sizeof(m) > sizeof(*result) - && (m < OSSL_INTMAX_MIN || m > OSSL_INTMAX_MAX)) { - opt_number_error(value); - return 0; - } - *result = (ossl_intmax_t)m; - errno = oerrno; - return 1; -} - -/* Parse a uintmax_t, put it into *result; return 0 on failure, else 1. */ -int opt_uintmax(const char *value, ossl_uintmax_t *result) -{ - int oerrno = errno; - uintmax_t m; - char *endp; - - errno = 0; - m = strtoumax(value, &endp, 0); - if (*endp - || endp == value - || (m == UINTMAX_MAX && errno == ERANGE) - || (m == 0 && errno != 0)) { - opt_number_error(value); - errno = oerrno; - return 0; - } - /* Ensure that the value in |m| is never too big for |*result| */ - if (sizeof(m) > sizeof(*result) - && m > OSSL_UINTMAX_MAX) { - opt_number_error(value); - return 0; - } - *result = (ossl_intmax_t)m; - errno = oerrno; - return 1; -} -#else -/* Fallback implementations based on long */ -int opt_intmax(const char *value, ossl_intmax_t *result) -{ - long m; - int ret; - - if ((ret = opt_long(value, &m))) - *result = m; - return ret; -} - -int opt_uintmax(const char *value, ossl_uintmax_t *result) -{ - unsigned long m; - int ret; - - if ((ret = opt_ulong(value, &m))) - *result = m; - return ret; -} -#endif - -/* - * Parse an unsigned long, put it into *result; return 0 on failure, else 1. - */ -int opt_ulong(const char *value, unsigned long *result) -{ - int oerrno = errno; - char *endptr; - unsigned long l; - - errno = 0; - l = strtoul(value, &endptr, 0); - if (*endptr - || endptr == value - || ((l == ULONG_MAX) && errno == ERANGE) - || (l == 0 && errno != 0)) { - opt_number_error(value); - errno = oerrno; - return 0; - } - *result = l; - errno = oerrno; - return 1; -} - -/* - * We pass opt as an int but cast it to "enum range" so that all the - * items in the OPT_V_ENUM enumeration are caught; this makes -Wswitch - * in gcc do the right thing. - */ -enum range { OPT_V_ENUM }; - -int opt_verify(int opt, X509_VERIFY_PARAM *vpm) -{ - int i; - ossl_intmax_t t = 0; - ASN1_OBJECT *otmp; - X509_PURPOSE *xptmp; - const X509_VERIFY_PARAM *vtmp; - - OPENSSL_assert(vpm != NULL); - OPENSSL_assert(opt > OPT_V__FIRST); - OPENSSL_assert(opt < OPT_V__LAST); - - switch ((enum range)opt) { - case OPT_V__FIRST: - case OPT_V__LAST: - return 0; - case OPT_V_POLICY: - otmp = OBJ_txt2obj(opt_arg(), 0); - if (otmp == NULL) { - opt_printf_stderr("%s: Invalid Policy %s\n", prog, opt_arg()); - return 0; - } - X509_VERIFY_PARAM_add0_policy(vpm, otmp); - break; - case OPT_V_PURPOSE: - /* purpose name -> purpose index */ - i = X509_PURPOSE_get_by_sname(opt_arg()); - if (i < 0) { - opt_printf_stderr("%s: Invalid purpose %s\n", prog, opt_arg()); - return 0; - } - - /* purpose index -> purpose object */ - xptmp = X509_PURPOSE_get0(i); - - /* purpose object -> purpose value */ - i = X509_PURPOSE_get_id(xptmp); - - if (!X509_VERIFY_PARAM_set_purpose(vpm, i)) { - opt_printf_stderr("%s: Internal error setting purpose %s\n", - prog, opt_arg()); - return 0; - } - break; - case OPT_V_VERIFY_NAME: - vtmp = X509_VERIFY_PARAM_lookup(opt_arg()); - if (vtmp == NULL) { - opt_printf_stderr("%s: Invalid verify name %s\n", - prog, opt_arg()); - return 0; - } - X509_VERIFY_PARAM_set1(vpm, vtmp); - break; - case OPT_V_VERIFY_DEPTH: - i = atoi(opt_arg()); - if (i >= 0) - X509_VERIFY_PARAM_set_depth(vpm, i); - break; - case OPT_V_VERIFY_AUTH_LEVEL: - i = atoi(opt_arg()); - if (i >= 0) - X509_VERIFY_PARAM_set_auth_level(vpm, i); - break; - case OPT_V_ATTIME: - if (!opt_intmax(opt_arg(), &t)) - return 0; - if (t != (time_t)t) { - opt_printf_stderr("%s: epoch time out of range %s\n", - prog, opt_arg()); - return 0; - } - X509_VERIFY_PARAM_set_time(vpm, (time_t)t); - break; - case OPT_V_VERIFY_HOSTNAME: - if (!X509_VERIFY_PARAM_set1_host(vpm, opt_arg(), 0)) - return 0; - break; - case OPT_V_VERIFY_EMAIL: - if (!X509_VERIFY_PARAM_set1_email(vpm, opt_arg(), 0)) - return 0; - break; - case OPT_V_VERIFY_IP: - if (!X509_VERIFY_PARAM_set1_ip_asc(vpm, opt_arg())) - return 0; - break; - case OPT_V_IGNORE_CRITICAL: - X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_IGNORE_CRITICAL); - break; - case OPT_V_ISSUER_CHECKS: - /* NOP, deprecated */ - break; - case OPT_V_CRL_CHECK: - X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_CRL_CHECK); - break; - case OPT_V_CRL_CHECK_ALL: - X509_VERIFY_PARAM_set_flags(vpm, - X509_V_FLAG_CRL_CHECK | - X509_V_FLAG_CRL_CHECK_ALL); - break; - case OPT_V_POLICY_CHECK: - X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_POLICY_CHECK); - break; - case OPT_V_EXPLICIT_POLICY: - X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_EXPLICIT_POLICY); - break; - case OPT_V_INHIBIT_ANY: - X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_INHIBIT_ANY); - break; - case OPT_V_INHIBIT_MAP: - X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_INHIBIT_MAP); - break; - case OPT_V_X509_STRICT: - X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_X509_STRICT); - break; - case OPT_V_EXTENDED_CRL: - X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_EXTENDED_CRL_SUPPORT); - break; - case OPT_V_USE_DELTAS: - X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_USE_DELTAS); - break; - case OPT_V_POLICY_PRINT: - X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_NOTIFY_POLICY); - break; - case OPT_V_CHECK_SS_SIG: - X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_CHECK_SS_SIGNATURE); - break; - case OPT_V_TRUSTED_FIRST: - X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_TRUSTED_FIRST); - break; - case OPT_V_SUITEB_128_ONLY: - X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_SUITEB_128_LOS_ONLY); - break; - case OPT_V_SUITEB_128: - X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_SUITEB_128_LOS); - break; - case OPT_V_SUITEB_192: - X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_SUITEB_192_LOS); - break; - case OPT_V_PARTIAL_CHAIN: - X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_PARTIAL_CHAIN); - break; - case OPT_V_NO_ALT_CHAINS: - X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_NO_ALT_CHAINS); - break; - case OPT_V_NO_CHECK_TIME: - X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_NO_CHECK_TIME); - break; - case OPT_V_ALLOW_PROXY_CERTS: - X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_ALLOW_PROXY_CERTS); - break; - } - return 1; - -} - -void opt_begin(void) -{ - opt_index = 1; - arg = NULL; - flag = NULL; -} - -/* - * Parse the next flag (and value if specified), return 0 if done, -1 on - * error, otherwise the flag's retval. - */ -int opt_next(void) -{ - char *p; - const OPTIONS *o; - int ival; - long lval; - unsigned long ulval; - ossl_intmax_t imval; - ossl_uintmax_t umval; - - /* Look at current arg; at end of the list? */ - arg = NULL; - p = argv[opt_index]; - if (p == NULL) - return 0; - - /* If word doesn't start with a -, we're done. */ - if (*p != '-') - return 0; - - /* Hit "--" ? We're done. */ - opt_index++; - if (strcmp(p, "--") == 0) - return 0; - - /* Allow -nnn and --nnn */ - if (*++p == '-') - p++; - flag = p - 1; - - /* If we have --flag=foo, snip it off */ - if ((arg = strchr(p, '=')) != NULL) - *arg++ = '\0'; - for (o = opts; o->name; ++o) { - /* If not this option, move on to the next one. */ - if (!(strcmp(p, "h") == 0 && strcmp(o->name, "help") == 0) - && strcmp(p, o->name) != 0) - continue; - - /* If it doesn't take a value, make sure none was given. */ - if (o->valtype == 0 || o->valtype == '-') { - if (arg) { - opt_printf_stderr("%s: Option -%s does not take a value\n", - prog, p); - return -1; - } - return o->retval; - } - - /* Want a value; get the next param if =foo not used. */ - if (arg == NULL) { - if (argv[opt_index] == NULL) { - opt_printf_stderr("%s: Option -%s needs a value\n", - prog, o->name); - return -1; - } - arg = argv[opt_index++]; - } - - /* Syntax-check value. */ - switch (o->valtype) { - default: - case 's': - case ':': - /* Just a string. */ - break; - case '.': - /* Parameters */ - break; - case '/': - if (opt_isdir(arg) > 0) - break; - opt_printf_stderr("%s: Not a directory: %s\n", prog, arg); - return -1; - case '<': - /* Input file. */ - break; - case '>': - /* Output file. */ - break; - case 'p': - case 'n': - case 'N': - if (!opt_int(arg, &ival)) - return -1; - if (o->valtype == 'p' && ival <= 0) { - opt_printf_stderr("%s: Non-positive number \"%s\" for option -%s\n", - prog, arg, o->name); - return -1; - } - if (o->valtype == 'N' && ival < 0) { - opt_printf_stderr("%s: Negative number \"%s\" for option -%s\n", - prog, arg, o->name); - return -1; - } - break; - case 'M': - if (!opt_intmax(arg, &imval)) - return -1; - break; - case 'U': - if (!opt_uintmax(arg, &umval)) - return -1; - break; - case 'l': - if (!opt_long(arg, &lval)) - return -1; - break; - case 'u': - if (!opt_ulong(arg, &ulval)) - return -1; - break; - case 'c': - case 'E': - case 'F': - case 'f': - if (opt_format(arg, - o->valtype == 'c' ? OPT_FMT_PDS : - o->valtype == 'E' ? OPT_FMT_PDE : - o->valtype == 'F' ? OPT_FMT_PEMDER - : OPT_FMT_ANY, &ival)) - break; - opt_printf_stderr("%s: Invalid format \"%s\" for option -%s\n", - prog, arg, o->name); - return -1; - } - - /* Return the flag value. */ - return o->retval; - } - if (unknown != NULL) { - dunno = p; - return unknown->retval; - } - opt_printf_stderr("%s: Unknown option: -%s\n", prog, p); - return -1; -} - -/* Return the most recent flag parameter. */ -char *opt_arg(void) -{ - return arg; -} - -/* Return the most recent flag (option name including the preceding '-'). */ -char *opt_flag(void) -{ - return flag; -} - -/* Return the unknown option. */ -char *opt_unknown(void) -{ - return dunno; -} - -/* Return the rest of the arguments after parsing flags. */ -char **opt_rest(void) -{ - return &argv[opt_index]; -} - -/* How many items in remaining args? */ -int opt_num_rest(void) -{ - int i = 0; - char **pp; - - for (pp = opt_rest(); *pp; pp++, i++) - continue; - return i; -} - -/* Return a string describing the parameter type. */ -static const char *valtype2param(const OPTIONS *o) -{ - switch (o->valtype) { - case 0: - case '-': - return ""; - case ':': - return "uri"; - case 's': - return "val"; - case '/': - return "dir"; - case '<': - return "infile"; - case '>': - return "outfile"; - case 'p': - return "+int"; - case 'n': - return "int"; - case 'l': - return "long"; - case 'u': - return "ulong"; - case 'E': - return "PEM|DER|ENGINE"; - case 'F': - return "PEM|DER"; - case 'f': - return "format"; - case 'M': - return "intmax"; - case 'N': - return "nonneg"; - case 'U': - return "uintmax"; - } - return "parm"; -} - -static void opt_print(const OPTIONS *o, int doingparams, int width) -{ - const char* help; - char start[80 + 1]; - char *p; - - help = o->helpstr ? o->helpstr : "(No additional info)"; - if (o->name == OPT_HELP_STR) { - opt_printf_stderr(help, prog); - return; - } - if (o->name == OPT_SECTION_STR) { - opt_printf_stderr("\n"); - opt_printf_stderr(help, prog); - return; - } - if (o->name == OPT_PARAM_STR) { - opt_printf_stderr("\nParameters:\n"); - return; - } - - /* Pad out prefix */ - memset(start, ' ', sizeof(start) - 1); - start[sizeof(start) - 1] = '\0'; - - if (o->name == OPT_MORE_STR) { - /* Continuation of previous line; pad and print. */ - start[width] = '\0'; - opt_printf_stderr("%s %s\n", start, help); - return; - } - - /* Build up the "-flag [param]" part. */ - p = start; - *p++ = ' '; - if (!doingparams) - *p++ = '-'; - if (o->name[0]) - p += strlen(strcpy(p, o->name)); - else - *p++ = '*'; - if (o->valtype != '-') { - *p++ = ' '; - p += strlen(strcpy(p, valtype2param(o))); - } - *p = ' '; - if ((int)(p - start) >= MAX_OPT_HELP_WIDTH) { - *p = '\0'; - opt_printf_stderr("%s\n", start); - memset(start, ' ', sizeof(start)); - } - start[width] = '\0'; - opt_printf_stderr("%s %s\n", start, help); -} - -void opt_help(const OPTIONS *list) -{ - const OPTIONS *o; - int i, sawparams = 0, width = 5; - int standard_prolog; - char start[80 + 1]; - - /* Starts with its own help message? */ - standard_prolog = list[0].name != OPT_HELP_STR; - - /* Find the widest help. */ - for (o = list; o->name; o++) { - if (o->name == OPT_MORE_STR) - continue; - i = 2 + (int)strlen(o->name); - if (o->valtype != '-') - i += 1 + strlen(valtype2param(o)); - if (i < MAX_OPT_HELP_WIDTH && i > width) - width = i; - OPENSSL_assert(i < (int)sizeof(start)); - } - - if (standard_prolog) { - opt_printf_stderr("Usage: %s [options]\n", prog); - if (list[0].name != OPT_SECTION_STR) - opt_printf_stderr("Valid options are:\n", prog); - } - - /* Now let's print. */ - for (o = list; o->name; o++) { - if (o->name == OPT_PARAM_STR) - sawparams = 1; - opt_print(o, sawparams, width); - } -} - -/* opt_isdir section */ -#ifdef _WIN32 -# include -int opt_isdir(const char *name) -{ - DWORD attr; -# if defined(UNICODE) || defined(_UNICODE) - size_t i, len_0 = strlen(name) + 1; - WCHAR tempname[MAX_PATH]; - - if (len_0 > MAX_PATH) - return -1; - -# if !defined(_WIN32_WCE) || _WIN32_WCE>=101 - if (!MultiByteToWideChar(CP_ACP, 0, name, len_0, tempname, MAX_PATH)) -# endif - for (i = 0; i < len_0; i++) - tempname[i] = (WCHAR)name[i]; - - attr = GetFileAttributes(tempname); -# else - attr = GetFileAttributes(name); -# endif - if (attr == INVALID_FILE_ATTRIBUTES) - return -1; - return ((attr & FILE_ATTRIBUTE_DIRECTORY) != 0); -} -#else -# include -# ifndef S_ISDIR -# if defined(_S_IFMT) && defined(_S_IFDIR) -# define S_ISDIR(a) (((a) & _S_IFMT) == _S_IFDIR) -# else -# define S_ISDIR(a) (((a) & S_IFMT) == S_IFDIR) -# endif -# endif - -int opt_isdir(const char *name) -{ -# if defined(S_ISDIR) - struct stat st; - - if (stat(name, &st) == 0) - return S_ISDIR(st.st_mode); - else - return -1; -# else - return -1; -# endif -} -#endif diff --git a/apps/lib/s_cb.c b/apps/lib/s_cb.c deleted file mode 100644 index f2ddd94c3de4df941c8533c76e9daf3bf5a1371c..0000000000000000000000000000000000000000 --- a/apps/lib/s_cb.c +++ /dev/null @@ -1,1569 +0,0 @@ -/* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* callback functions used by s_client, s_server, and s_time */ -#include -#include -#include /* for memcpy() and strcmp() */ -#include "apps.h" -#include -#include -#include -#include -#include -#include -#include -#ifndef OPENSSL_NO_DH -# include -#endif -#include "s_apps.h" - -#define COOKIE_SECRET_LENGTH 16 - -VERIFY_CB_ARGS verify_args = { -1, 0, X509_V_OK, 0 }; - -#ifndef OPENSSL_NO_SOCK -static unsigned char cookie_secret[COOKIE_SECRET_LENGTH]; -static int cookie_initialized = 0; -#endif -static BIO *bio_keylog = NULL; - -static const char *lookup(int val, const STRINT_PAIR* list, const char* def) -{ - for ( ; list->name; ++list) - if (list->retval == val) - return list->name; - return def; -} - -int verify_callback(int ok, X509_STORE_CTX *ctx) -{ - X509 *err_cert; - int err, depth; - - err_cert = X509_STORE_CTX_get_current_cert(ctx); - err = X509_STORE_CTX_get_error(ctx); - depth = X509_STORE_CTX_get_error_depth(ctx); - - if (!verify_args.quiet || !ok) { - BIO_printf(bio_err, "depth=%d ", depth); - if (err_cert != NULL) { - X509_NAME_print_ex(bio_err, - X509_get_subject_name(err_cert), - 0, get_nameopt()); - BIO_puts(bio_err, "\n"); - } else { - BIO_puts(bio_err, "\n"); - } - } - if (!ok) { - BIO_printf(bio_err, "verify error:num=%d:%s\n", err, - X509_verify_cert_error_string(err)); - if (verify_args.depth < 0 || verify_args.depth >= depth) { - if (!verify_args.return_error) - ok = 1; - verify_args.error = err; - } else { - ok = 0; - verify_args.error = X509_V_ERR_CERT_CHAIN_TOO_LONG; - } - } - switch (err) { - case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: - if (err_cert != NULL) { - BIO_puts(bio_err, "issuer= "); - X509_NAME_print_ex(bio_err, X509_get_issuer_name(err_cert), - 0, get_nameopt()); - BIO_puts(bio_err, "\n"); - } - break; - case X509_V_ERR_CERT_NOT_YET_VALID: - case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: - if (err_cert != NULL) { - BIO_printf(bio_err, "notBefore="); - ASN1_TIME_print(bio_err, X509_get0_notBefore(err_cert)); - BIO_printf(bio_err, "\n"); - } - break; - case X509_V_ERR_CERT_HAS_EXPIRED: - case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: - if (err_cert != NULL) { - BIO_printf(bio_err, "notAfter="); - ASN1_TIME_print(bio_err, X509_get0_notAfter(err_cert)); - BIO_printf(bio_err, "\n"); - } - break; - case X509_V_ERR_NO_EXPLICIT_POLICY: - if (!verify_args.quiet) - policies_print(ctx); - break; - } - if (err == X509_V_OK && ok == 2 && !verify_args.quiet) - policies_print(ctx); - if (ok && !verify_args.quiet) - BIO_printf(bio_err, "verify return:%d\n", ok); - return ok; -} - -int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file) -{ - if (cert_file != NULL) { - if (SSL_CTX_use_certificate_file(ctx, cert_file, - SSL_FILETYPE_PEM) <= 0) { - BIO_printf(bio_err, "unable to get certificate from '%s'\n", - cert_file); - ERR_print_errors(bio_err); - return 0; - } - if (key_file == NULL) - key_file = cert_file; - if (SSL_CTX_use_PrivateKey_file(ctx, key_file, SSL_FILETYPE_PEM) <= 0) { - BIO_printf(bio_err, "unable to get private key from '%s'\n", - key_file); - ERR_print_errors(bio_err); - return 0; - } - - /* - * If we are using DSA, we can copy the parameters from the private - * key - */ - - /* - * Now we know that a key and cert have been set against the SSL - * context - */ - if (!SSL_CTX_check_private_key(ctx)) { - BIO_printf(bio_err, - "Private key does not match the certificate public key\n"); - return 0; - } - } - return 1; -} - -int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key, - STACK_OF(X509) *chain, int build_chain) -{ - int chflags = chain ? SSL_BUILD_CHAIN_FLAG_CHECK : 0; - - if (cert == NULL) - return 1; - if (SSL_CTX_use_certificate(ctx, cert) <= 0) { - BIO_printf(bio_err, "error setting certificate\n"); - ERR_print_errors(bio_err); - return 0; - } - - if (SSL_CTX_use_PrivateKey(ctx, key) <= 0) { - BIO_printf(bio_err, "error setting private key\n"); - ERR_print_errors(bio_err); - return 0; - } - - /* - * Now we know that a key and cert have been set against the SSL context - */ - if (!SSL_CTX_check_private_key(ctx)) { - BIO_printf(bio_err, - "Private key does not match the certificate public key\n"); - return 0; - } - if (chain && !SSL_CTX_set1_chain(ctx, chain)) { - BIO_printf(bio_err, "error setting certificate chain\n"); - ERR_print_errors(bio_err); - return 0; - } - if (build_chain && !SSL_CTX_build_cert_chain(ctx, chflags)) { - BIO_printf(bio_err, "error building certificate chain\n"); - ERR_print_errors(bio_err); - return 0; - } - return 1; -} - -static STRINT_PAIR cert_type_list[] = { - {"RSA sign", TLS_CT_RSA_SIGN}, - {"DSA sign", TLS_CT_DSS_SIGN}, - {"RSA fixed DH", TLS_CT_RSA_FIXED_DH}, - {"DSS fixed DH", TLS_CT_DSS_FIXED_DH}, - {"ECDSA sign", TLS_CT_ECDSA_SIGN}, - {"RSA fixed ECDH", TLS_CT_RSA_FIXED_ECDH}, - {"ECDSA fixed ECDH", TLS_CT_ECDSA_FIXED_ECDH}, - {"GOST01 Sign", TLS_CT_GOST01_SIGN}, - {"GOST12 Sign", TLS_CT_GOST12_IANA_SIGN}, - {NULL} -}; - -static void ssl_print_client_cert_types(BIO *bio, SSL *s) -{ - const unsigned char *p; - int i; - int cert_type_num = SSL_get0_certificate_types(s, &p); - - if (!cert_type_num) - return; - BIO_puts(bio, "Client Certificate Types: "); - for (i = 0; i < cert_type_num; i++) { - unsigned char cert_type = p[i]; - const char *cname = lookup((int)cert_type, cert_type_list, NULL); - - if (i) - BIO_puts(bio, ", "); - if (cname != NULL) - BIO_puts(bio, cname); - else - BIO_printf(bio, "UNKNOWN (%d),", cert_type); - } - BIO_puts(bio, "\n"); -} - -static const char *get_sigtype(int nid) -{ - switch (nid) { - case EVP_PKEY_RSA: - return "RSA"; - - case EVP_PKEY_RSA_PSS: - return "RSA-PSS"; - - case EVP_PKEY_DSA: - return "DSA"; - - case EVP_PKEY_EC: - return "ECDSA"; - - case NID_ED25519: - return "Ed25519"; - - case NID_ED448: - return "Ed448"; - - case NID_id_GostR3410_2001: - return "gost2001"; - - case NID_id_GostR3410_2012_256: - return "gost2012_256"; - - case NID_id_GostR3410_2012_512: - return "gost2012_512"; - - default: - return NULL; - } -} - -static int do_print_sigalgs(BIO *out, SSL *s, int shared) -{ - int i, nsig, client; - - client = SSL_is_server(s) ? 0 : 1; - if (shared) - nsig = SSL_get_shared_sigalgs(s, 0, NULL, NULL, NULL, NULL, NULL); - else - nsig = SSL_get_sigalgs(s, -1, NULL, NULL, NULL, NULL, NULL); - if (nsig == 0) - return 1; - - if (shared) - BIO_puts(out, "Shared "); - - if (client) - BIO_puts(out, "Requested "); - BIO_puts(out, "Signature Algorithms: "); - for (i = 0; i < nsig; i++) { - int hash_nid, sign_nid; - unsigned char rhash, rsign; - const char *sstr = NULL; - if (shared) - SSL_get_shared_sigalgs(s, i, &sign_nid, &hash_nid, NULL, - &rsign, &rhash); - else - SSL_get_sigalgs(s, i, &sign_nid, &hash_nid, NULL, &rsign, &rhash); - if (i) - BIO_puts(out, ":"); - sstr = get_sigtype(sign_nid); - if (sstr) - BIO_printf(out, "%s", sstr); - else - BIO_printf(out, "0x%02X", (int)rsign); - if (hash_nid != NID_undef) - BIO_printf(out, "+%s", OBJ_nid2sn(hash_nid)); - else if (sstr == NULL) - BIO_printf(out, "+0x%02X", (int)rhash); - } - BIO_puts(out, "\n"); - return 1; -} - -int ssl_print_sigalgs(BIO *out, SSL *s) -{ - int nid; - - if (!SSL_is_server(s)) - ssl_print_client_cert_types(out, s); - do_print_sigalgs(out, s, 0); - do_print_sigalgs(out, s, 1); - if (SSL_get_peer_signature_nid(s, &nid) && nid != NID_undef) - BIO_printf(out, "Peer signing digest: %s\n", OBJ_nid2sn(nid)); - if (SSL_get_peer_signature_type_nid(s, &nid)) - BIO_printf(out, "Peer signature type: %s\n", get_sigtype(nid)); - return 1; -} - -#ifndef OPENSSL_NO_EC -int ssl_print_point_formats(BIO *out, SSL *s) -{ - int i, nformats; - const char *pformats; - - nformats = SSL_get0_ec_point_formats(s, &pformats); - if (nformats <= 0) - return 1; - BIO_puts(out, "Supported Elliptic Curve Point Formats: "); - for (i = 0; i < nformats; i++, pformats++) { - if (i) - BIO_puts(out, ":"); - switch (*pformats) { - case TLSEXT_ECPOINTFORMAT_uncompressed: - BIO_puts(out, "uncompressed"); - break; - - case TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime: - BIO_puts(out, "ansiX962_compressed_prime"); - break; - - case TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2: - BIO_puts(out, "ansiX962_compressed_char2"); - break; - - default: - BIO_printf(out, "unknown(%d)", (int)*pformats); - break; - - } - } - BIO_puts(out, "\n"); - return 1; -} - -int ssl_print_groups(BIO *out, SSL *s, int noshared) -{ - int i, ngroups, *groups, nid; - - ngroups = SSL_get1_groups(s, NULL); - if (ngroups <= 0) - return 1; - groups = app_malloc(ngroups * sizeof(int), "groups to print"); - SSL_get1_groups(s, groups); - - BIO_puts(out, "Supported groups: "); - for (i = 0; i < ngroups; i++) { - if (i) - BIO_puts(out, ":"); - nid = groups[i]; - BIO_printf(out, "%s", SSL_group_to_name(s, nid)); - } - OPENSSL_free(groups); - if (noshared) { - BIO_puts(out, "\n"); - return 1; - } - BIO_puts(out, "\nShared groups: "); - ngroups = SSL_get_shared_group(s, -1); - for (i = 0; i < ngroups; i++) { - if (i) - BIO_puts(out, ":"); - nid = SSL_get_shared_group(s, i); - BIO_printf(out, "%s", SSL_group_to_name(s, nid)); - } - if (ngroups == 0) - BIO_puts(out, "NONE"); - BIO_puts(out, "\n"); - return 1; -} -#endif - -int ssl_print_tmp_key(BIO *out, SSL *s) -{ - EVP_PKEY *key; - - if (!SSL_get_peer_tmp_key(s, &key)) - return 1; - BIO_puts(out, "Server Temp Key: "); - switch (EVP_PKEY_get_id(key)) { - case EVP_PKEY_RSA: - BIO_printf(out, "RSA, %d bits\n", EVP_PKEY_get_bits(key)); - break; - - case EVP_PKEY_DH: - BIO_printf(out, "DH, %d bits\n", EVP_PKEY_get_bits(key)); - break; -#ifndef OPENSSL_NO_EC - case EVP_PKEY_EC: - { - char name[80]; - size_t name_len; - - if (!EVP_PKEY_get_utf8_string_param(key, OSSL_PKEY_PARAM_GROUP_NAME, - name, sizeof(name), &name_len)) - strcpy(name, "?"); - BIO_printf(out, "ECDH, %s, %d bits\n", name, EVP_PKEY_get_bits(key)); - } - break; -#endif - default: - BIO_printf(out, "%s, %d bits\n", OBJ_nid2sn(EVP_PKEY_get_id(key)), - EVP_PKEY_get_bits(key)); - } - EVP_PKEY_free(key); - return 1; -} - -long bio_dump_callback(BIO *bio, int cmd, const char *argp, size_t len, - int argi, long argl, int ret, size_t *processed) -{ - BIO *out; - - out = (BIO *)BIO_get_callback_arg(bio); - if (out == NULL) - return ret; - - if (cmd == (BIO_CB_READ | BIO_CB_RETURN)) { - if (ret > 0 && processed != NULL) { - BIO_printf(out, "read from %p [%p] (%zu bytes => %zu (0x%zX))\n", - (void *)bio, (void *)argp, len, *processed, *processed); - BIO_dump(out, argp, (int)*processed); - } else { - BIO_printf(out, "read from %p [%p] (%zu bytes => %d)\n", - (void *)bio, (void *)argp, len, ret); - } - } else if (cmd == (BIO_CB_WRITE | BIO_CB_RETURN)) { - if (ret > 0 && processed != NULL) { - BIO_printf(out, "write to %p [%p] (%zu bytes => %zu (0x%zX))\n", - (void *)bio, (void *)argp, len, *processed, *processed); - BIO_dump(out, argp, (int)*processed); - } else { - BIO_printf(out, "write to %p [%p] (%zu bytes => %d)\n", - (void *)bio, (void *)argp, len, ret); - } - } - return ret; -} - -void apps_ssl_info_callback(const SSL *s, int where, int ret) -{ - const char *str; - int w; - - w = where & ~SSL_ST_MASK; - - if (w & SSL_ST_CONNECT) - str = "SSL_connect"; - else if (w & SSL_ST_ACCEPT) - str = "SSL_accept"; - else - str = "undefined"; - - if (where & SSL_CB_LOOP) { - BIO_printf(bio_err, "%s:%s\n", str, SSL_state_string_long(s)); - } else if (where & SSL_CB_ALERT) { - str = (where & SSL_CB_READ) ? "read" : "write"; - BIO_printf(bio_err, "SSL3 alert %s:%s:%s\n", - str, - SSL_alert_type_string_long(ret), - SSL_alert_desc_string_long(ret)); - } else if (where & SSL_CB_EXIT) { - if (ret == 0) - BIO_printf(bio_err, "%s:failed in %s\n", - str, SSL_state_string_long(s)); - else if (ret < 0) - BIO_printf(bio_err, "%s:error in %s\n", - str, SSL_state_string_long(s)); - } -} - -static STRINT_PAIR ssl_versions[] = { - {"SSL 3.0", SSL3_VERSION}, - {"TLS 1.0", TLS1_VERSION}, - {"TLS 1.1", TLS1_1_VERSION}, - {"TLS 1.2", TLS1_2_VERSION}, - {"TLS 1.3", TLS1_3_VERSION}, - {"DTLS 1.0", DTLS1_VERSION}, - {"DTLS 1.0 (bad)", DTLS1_BAD_VER}, - {NULL} -}; - -static STRINT_PAIR alert_types[] = { - {" close_notify", 0}, - {" end_of_early_data", 1}, - {" unexpected_message", 10}, - {" bad_record_mac", 20}, - {" decryption_failed", 21}, - {" record_overflow", 22}, - {" decompression_failure", 30}, - {" handshake_failure", 40}, - {" bad_certificate", 42}, - {" unsupported_certificate", 43}, - {" certificate_revoked", 44}, - {" certificate_expired", 45}, - {" certificate_unknown", 46}, - {" illegal_parameter", 47}, - {" unknown_ca", 48}, - {" access_denied", 49}, - {" decode_error", 50}, - {" decrypt_error", 51}, - {" export_restriction", 60}, - {" protocol_version", 70}, - {" insufficient_security", 71}, - {" internal_error", 80}, - {" inappropriate_fallback", 86}, - {" user_canceled", 90}, - {" no_renegotiation", 100}, - {" missing_extension", 109}, - {" unsupported_extension", 110}, - {" certificate_unobtainable", 111}, - {" unrecognized_name", 112}, - {" bad_certificate_status_response", 113}, - {" bad_certificate_hash_value", 114}, - {" unknown_psk_identity", 115}, - {" certificate_required", 116}, - {NULL} -}; - -static STRINT_PAIR handshakes[] = { - {", HelloRequest", SSL3_MT_HELLO_REQUEST}, - {", ClientHello", SSL3_MT_CLIENT_HELLO}, - {", ServerHello", SSL3_MT_SERVER_HELLO}, - {", HelloVerifyRequest", DTLS1_MT_HELLO_VERIFY_REQUEST}, - {", NewSessionTicket", SSL3_MT_NEWSESSION_TICKET}, - {", EndOfEarlyData", SSL3_MT_END_OF_EARLY_DATA}, - {", EncryptedExtensions", SSL3_MT_ENCRYPTED_EXTENSIONS}, - {", Certificate", SSL3_MT_CERTIFICATE}, - {", ServerKeyExchange", SSL3_MT_SERVER_KEY_EXCHANGE}, - {", CertificateRequest", SSL3_MT_CERTIFICATE_REQUEST}, - {", ServerHelloDone", SSL3_MT_SERVER_DONE}, - {", CertificateVerify", SSL3_MT_CERTIFICATE_VERIFY}, - {", ClientKeyExchange", SSL3_MT_CLIENT_KEY_EXCHANGE}, - {", Finished", SSL3_MT_FINISHED}, - {", CertificateUrl", SSL3_MT_CERTIFICATE_URL}, - {", CertificateStatus", SSL3_MT_CERTIFICATE_STATUS}, - {", SupplementalData", SSL3_MT_SUPPLEMENTAL_DATA}, - {", KeyUpdate", SSL3_MT_KEY_UPDATE}, -#ifndef OPENSSL_NO_NEXTPROTONEG - {", NextProto", SSL3_MT_NEXT_PROTO}, -#endif - {", MessageHash", SSL3_MT_MESSAGE_HASH}, - {NULL} -}; - -void msg_cb(int write_p, int version, int content_type, const void *buf, - size_t len, SSL *ssl, void *arg) -{ - BIO *bio = arg; - const char *str_write_p = write_p ? ">>>" : "<<<"; - char tmpbuf[128]; - const char *str_version, *str_content_type = "", *str_details1 = "", *str_details2 = ""; - const unsigned char* bp = buf; - - if (version == SSL3_VERSION || - version == TLS1_VERSION || - version == TLS1_1_VERSION || - version == TLS1_2_VERSION || - version == TLS1_3_VERSION || - version == DTLS1_VERSION || version == DTLS1_BAD_VER) { - str_version = lookup(version, ssl_versions, "???"); - switch (content_type) { - case SSL3_RT_CHANGE_CIPHER_SPEC: - /* type 20 */ - str_content_type = ", ChangeCipherSpec"; - break; - case SSL3_RT_ALERT: - /* type 21 */ - str_content_type = ", Alert"; - str_details1 = ", ???"; - if (len == 2) { - switch (bp[0]) { - case 1: - str_details1 = ", warning"; - break; - case 2: - str_details1 = ", fatal"; - break; - } - str_details2 = lookup((int)bp[1], alert_types, " ???"); - } - break; - case SSL3_RT_HANDSHAKE: - /* type 22 */ - str_content_type = ", Handshake"; - str_details1 = "???"; - if (len > 0) - str_details1 = lookup((int)bp[0], handshakes, "???"); - break; - case SSL3_RT_APPLICATION_DATA: - /* type 23 */ - str_content_type = ", ApplicationData"; - break; - case SSL3_RT_HEADER: - /* type 256 */ - str_content_type = ", RecordHeader"; - break; - case SSL3_RT_INNER_CONTENT_TYPE: - /* type 257 */ - str_content_type = ", InnerContent"; - break; - default: - BIO_snprintf(tmpbuf, sizeof(tmpbuf)-1, ", Unknown (content_type=%d)", content_type); - str_content_type = tmpbuf; - } - } else { - BIO_snprintf(tmpbuf, sizeof(tmpbuf)-1, "Not TLS data or unknown version (version=%d, content_type=%d)", version, content_type); - str_version = tmpbuf; - } - - BIO_printf(bio, "%s %s%s [length %04lx]%s%s\n", str_write_p, str_version, - str_content_type, (unsigned long)len, str_details1, - str_details2); - - if (len > 0) { - size_t num, i; - - BIO_printf(bio, " "); - num = len; - for (i = 0; i < num; i++) { - if (i % 16 == 0 && i > 0) - BIO_printf(bio, "\n "); - BIO_printf(bio, " %02x", ((const unsigned char *)buf)[i]); - } - if (i < len) - BIO_printf(bio, " ..."); - BIO_printf(bio, "\n"); - } - (void)BIO_flush(bio); -} - -static STRINT_PAIR tlsext_types[] = { - {"server name", TLSEXT_TYPE_server_name}, - {"max fragment length", TLSEXT_TYPE_max_fragment_length}, - {"client certificate URL", TLSEXT_TYPE_client_certificate_url}, - {"trusted CA keys", TLSEXT_TYPE_trusted_ca_keys}, - {"truncated HMAC", TLSEXT_TYPE_truncated_hmac}, - {"status request", TLSEXT_TYPE_status_request}, - {"user mapping", TLSEXT_TYPE_user_mapping}, - {"client authz", TLSEXT_TYPE_client_authz}, - {"server authz", TLSEXT_TYPE_server_authz}, - {"cert type", TLSEXT_TYPE_cert_type}, - {"supported_groups", TLSEXT_TYPE_supported_groups}, - {"EC point formats", TLSEXT_TYPE_ec_point_formats}, - {"SRP", TLSEXT_TYPE_srp}, - {"signature algorithms", TLSEXT_TYPE_signature_algorithms}, - {"use SRTP", TLSEXT_TYPE_use_srtp}, - {"session ticket", TLSEXT_TYPE_session_ticket}, - {"renegotiation info", TLSEXT_TYPE_renegotiate}, - {"signed certificate timestamps", TLSEXT_TYPE_signed_certificate_timestamp}, - {"TLS padding", TLSEXT_TYPE_padding}, -#ifdef TLSEXT_TYPE_next_proto_neg - {"next protocol", TLSEXT_TYPE_next_proto_neg}, -#endif -#ifdef TLSEXT_TYPE_encrypt_then_mac - {"encrypt-then-mac", TLSEXT_TYPE_encrypt_then_mac}, -#endif -#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation - {"application layer protocol negotiation", - TLSEXT_TYPE_application_layer_protocol_negotiation}, -#endif -#ifdef TLSEXT_TYPE_extended_master_secret - {"extended master secret", TLSEXT_TYPE_extended_master_secret}, -#endif - {"key share", TLSEXT_TYPE_key_share}, - {"supported versions", TLSEXT_TYPE_supported_versions}, - {"psk", TLSEXT_TYPE_psk}, - {"psk kex modes", TLSEXT_TYPE_psk_kex_modes}, - {"certificate authorities", TLSEXT_TYPE_certificate_authorities}, - {"post handshake auth", TLSEXT_TYPE_post_handshake_auth}, - {NULL} -}; - -/* from rfc8446 4.2.3. + gost (https://tools.ietf.org/id/draft-smyshlyaev-tls12-gost-suites-04.html) */ -static STRINT_PAIR signature_tls13_scheme_list[] = { - {"rsa_pkcs1_sha1", 0x0201 /* TLSEXT_SIGALG_rsa_pkcs1_sha1 */}, - {"ecdsa_sha1", 0x0203 /* TLSEXT_SIGALG_ecdsa_sha1 */}, -/* {"rsa_pkcs1_sha224", 0x0301 TLSEXT_SIGALG_rsa_pkcs1_sha224}, not in rfc8446 */ -/* {"ecdsa_sha224", 0x0303 TLSEXT_SIGALG_ecdsa_sha224} not in rfc8446 */ - {"rsa_pkcs1_sha256", 0x0401 /* TLSEXT_SIGALG_rsa_pkcs1_sha256 */}, - {"ecdsa_secp256r1_sha256", 0x0403 /* TLSEXT_SIGALG_ecdsa_secp256r1_sha256 */}, - {"rsa_pkcs1_sha384", 0x0501 /* TLSEXT_SIGALG_rsa_pkcs1_sha384 */}, - {"ecdsa_secp384r1_sha384", 0x0503 /* TLSEXT_SIGALG_ecdsa_secp384r1_sha384 */}, - {"rsa_pkcs1_sha512", 0x0601 /* TLSEXT_SIGALG_rsa_pkcs1_sha512 */}, - {"ecdsa_secp521r1_sha512", 0x0603 /* TLSEXT_SIGALG_ecdsa_secp521r1_sha512 */}, - {"rsa_pss_rsae_sha256", 0x0804 /* TLSEXT_SIGALG_rsa_pss_rsae_sha256 */}, - {"rsa_pss_rsae_sha384", 0x0805 /* TLSEXT_SIGALG_rsa_pss_rsae_sha384 */}, - {"rsa_pss_rsae_sha512", 0x0806 /* TLSEXT_SIGALG_rsa_pss_rsae_sha512 */}, - {"ed25519", 0x0807 /* TLSEXT_SIGALG_ed25519 */}, - {"ed448", 0x0808 /* TLSEXT_SIGALG_ed448 */}, - {"rsa_pss_pss_sha256", 0x0809 /* TLSEXT_SIGALG_rsa_pss_pss_sha256 */}, - {"rsa_pss_pss_sha384", 0x080a /* TLSEXT_SIGALG_rsa_pss_pss_sha384 */}, - {"rsa_pss_pss_sha512", 0x080b /* TLSEXT_SIGALG_rsa_pss_pss_sha512 */}, - {"gostr34102001", 0xeded /* TLSEXT_SIGALG_gostr34102001_gostr3411 */}, - {"gostr34102012_256", 0xeeee /* TLSEXT_SIGALG_gostr34102012_256_gostr34112012_256 */}, - {"gostr34102012_512", 0xefef /* TLSEXT_SIGALG_gostr34102012_512_gostr34112012_512 */}, - {NULL} -}; - -/* from rfc5246 7.4.1.4.1. */ -static STRINT_PAIR signature_tls12_alg_list[] = { - {"anonymous", TLSEXT_signature_anonymous /* 0 */}, - {"RSA", TLSEXT_signature_rsa /* 1 */}, - {"DSA", TLSEXT_signature_dsa /* 2 */}, - {"ECDSA", TLSEXT_signature_ecdsa /* 3 */}, - {NULL} -}; - -/* from rfc5246 7.4.1.4.1. */ -static STRINT_PAIR signature_tls12_hash_list[] = { - {"none", TLSEXT_hash_none /* 0 */}, - {"MD5", TLSEXT_hash_md5 /* 1 */}, - {"SHA1", TLSEXT_hash_sha1 /* 2 */}, - {"SHA224", TLSEXT_hash_sha224 /* 3 */}, - {"SHA256", TLSEXT_hash_sha256 /* 4 */}, - {"SHA384", TLSEXT_hash_sha384 /* 5 */}, - {"SHA512", TLSEXT_hash_sha512 /* 6 */}, - {NULL} -}; - -void tlsext_cb(SSL *s, int client_server, int type, - const unsigned char *data, int len, void *arg) -{ - BIO *bio = arg; - const char *extname = lookup(type, tlsext_types, "unknown"); - - BIO_printf(bio, "TLS %s extension \"%s\" (id=%d), len=%d\n", - client_server ? "server" : "client", extname, type, len); - BIO_dump(bio, (const char *)data, len); - (void)BIO_flush(bio); -} - -#ifndef OPENSSL_NO_SOCK -int generate_stateless_cookie_callback(SSL *ssl, unsigned char *cookie, - size_t *cookie_len) -{ - unsigned char *buffer = NULL; - size_t length = 0; - unsigned short port; - BIO_ADDR *lpeer = NULL, *peer = NULL; - int res = 0; - - /* Initialize a random secret */ - if (!cookie_initialized) { - if (RAND_bytes(cookie_secret, COOKIE_SECRET_LENGTH) <= 0) { - BIO_printf(bio_err, "error setting random cookie secret\n"); - return 0; - } - cookie_initialized = 1; - } - - if (SSL_is_dtls(ssl)) { - lpeer = peer = BIO_ADDR_new(); - if (peer == NULL) { - BIO_printf(bio_err, "memory full\n"); - return 0; - } - - /* Read peer information */ - (void)BIO_dgram_get_peer(SSL_get_rbio(ssl), peer); - } else { - peer = ourpeer; - } - - /* Create buffer with peer's address and port */ - if (!BIO_ADDR_rawaddress(peer, NULL, &length)) { - BIO_printf(bio_err, "Failed getting peer address\n"); - BIO_ADDR_free(lpeer); - return 0; - } - OPENSSL_assert(length != 0); - port = BIO_ADDR_rawport(peer); - length += sizeof(port); - buffer = app_malloc(length, "cookie generate buffer"); - - memcpy(buffer, &port, sizeof(port)); - BIO_ADDR_rawaddress(peer, buffer + sizeof(port), NULL); - - if (EVP_Q_mac(NULL, "HMAC", NULL, "SHA1", NULL, - cookie_secret, COOKIE_SECRET_LENGTH, buffer, length, - cookie, DTLS1_COOKIE_LENGTH, cookie_len) == NULL) { - BIO_printf(bio_err, - "Error calculating HMAC-SHA1 of buffer with secret\n"); - goto end; - } - res = 1; -end: - OPENSSL_free(buffer); - BIO_ADDR_free(lpeer); - - return res; -} - -int verify_stateless_cookie_callback(SSL *ssl, const unsigned char *cookie, - size_t cookie_len) -{ - unsigned char result[EVP_MAX_MD_SIZE]; - size_t resultlength; - - /* Note: we check cookie_initialized because if it's not, - * it cannot be valid */ - if (cookie_initialized - && generate_stateless_cookie_callback(ssl, result, &resultlength) - && cookie_len == resultlength - && memcmp(result, cookie, resultlength) == 0) - return 1; - - return 0; -} - -int generate_cookie_callback(SSL *ssl, unsigned char *cookie, - unsigned int *cookie_len) -{ - size_t temp = 0; - int res = generate_stateless_cookie_callback(ssl, cookie, &temp); - - if (res != 0) - *cookie_len = (unsigned int)temp; - return res; -} - -int verify_cookie_callback(SSL *ssl, const unsigned char *cookie, - unsigned int cookie_len) -{ - return verify_stateless_cookie_callback(ssl, cookie, cookie_len); -} - -#endif - -/* - * Example of extended certificate handling. Where the standard support of - * one certificate per algorithm is not sufficient an application can decide - * which certificate(s) to use at runtime based on whatever criteria it deems - * appropriate. - */ - -/* Linked list of certificates, keys and chains */ -struct ssl_excert_st { - int certform; - const char *certfile; - int keyform; - const char *keyfile; - const char *chainfile; - X509 *cert; - EVP_PKEY *key; - STACK_OF(X509) *chain; - int build_chain; - struct ssl_excert_st *next, *prev; -}; - -static STRINT_PAIR chain_flags[] = { - {"Overall Validity", CERT_PKEY_VALID}, - {"Sign with EE key", CERT_PKEY_SIGN}, - {"EE signature", CERT_PKEY_EE_SIGNATURE}, - {"CA signature", CERT_PKEY_CA_SIGNATURE}, - {"EE key parameters", CERT_PKEY_EE_PARAM}, - {"CA key parameters", CERT_PKEY_CA_PARAM}, - {"Explicitly sign with EE key", CERT_PKEY_EXPLICIT_SIGN}, - {"Issuer Name", CERT_PKEY_ISSUER_NAME}, - {"Certificate Type", CERT_PKEY_CERT_TYPE}, - {NULL} -}; - -static void print_chain_flags(SSL *s, int flags) -{ - STRINT_PAIR *pp; - - for (pp = chain_flags; pp->name; ++pp) - BIO_printf(bio_err, "\t%s: %s\n", - pp->name, - (flags & pp->retval) ? "OK" : "NOT OK"); - BIO_printf(bio_err, "\tSuite B: "); - if (SSL_set_cert_flags(s, 0) & SSL_CERT_FLAG_SUITEB_128_LOS) - BIO_puts(bio_err, flags & CERT_PKEY_SUITEB ? "OK\n" : "NOT OK\n"); - else - BIO_printf(bio_err, "not tested\n"); -} - -/* - * Very basic selection callback: just use any certificate chain reported as - * valid. More sophisticated could prioritise according to local policy. - */ -static int set_cert_cb(SSL *ssl, void *arg) -{ - int i, rv; - SSL_EXCERT *exc = arg; -#ifdef CERT_CB_TEST_RETRY - static int retry_cnt; - - if (retry_cnt < 5) { - retry_cnt++; - BIO_printf(bio_err, - "Certificate callback retry test: count %d\n", - retry_cnt); - return -1; - } -#endif - SSL_certs_clear(ssl); - - if (exc == NULL) - return 1; - - /* - * Go to end of list and traverse backwards since we prepend newer - * entries this retains the original order. - */ - while (exc->next != NULL) - exc = exc->next; - - i = 0; - - while (exc != NULL) { - i++; - rv = SSL_check_chain(ssl, exc->cert, exc->key, exc->chain); - BIO_printf(bio_err, "Checking cert chain %d:\nSubject: ", i); - X509_NAME_print_ex(bio_err, X509_get_subject_name(exc->cert), 0, - get_nameopt()); - BIO_puts(bio_err, "\n"); - print_chain_flags(ssl, rv); - if (rv & CERT_PKEY_VALID) { - if (!SSL_use_certificate(ssl, exc->cert) - || !SSL_use_PrivateKey(ssl, exc->key)) { - return 0; - } - /* - * NB: we wouldn't normally do this as it is not efficient - * building chains on each connection better to cache the chain - * in advance. - */ - if (exc->build_chain) { - if (!SSL_build_cert_chain(ssl, 0)) - return 0; - } else if (exc->chain != NULL) { - if (!SSL_set1_chain(ssl, exc->chain)) - return 0; - } - } - exc = exc->prev; - } - return 1; -} - -void ssl_ctx_set_excert(SSL_CTX *ctx, SSL_EXCERT *exc) -{ - SSL_CTX_set_cert_cb(ctx, set_cert_cb, exc); -} - -static int ssl_excert_prepend(SSL_EXCERT **pexc) -{ - SSL_EXCERT *exc = app_malloc(sizeof(*exc), "prepend cert"); - - memset(exc, 0, sizeof(*exc)); - - exc->next = *pexc; - *pexc = exc; - - if (exc->next) { - exc->certform = exc->next->certform; - exc->keyform = exc->next->keyform; - exc->next->prev = exc; - } else { - exc->certform = FORMAT_PEM; - exc->keyform = FORMAT_PEM; - } - return 1; - -} - -void ssl_excert_free(SSL_EXCERT *exc) -{ - SSL_EXCERT *curr; - - if (exc == NULL) - return; - while (exc) { - X509_free(exc->cert); - EVP_PKEY_free(exc->key); - sk_X509_pop_free(exc->chain, X509_free); - curr = exc; - exc = exc->next; - OPENSSL_free(curr); - } -} - -int load_excert(SSL_EXCERT **pexc) -{ - SSL_EXCERT *exc = *pexc; - - if (exc == NULL) - return 1; - /* If nothing in list, free and set to NULL */ - if (exc->certfile == NULL && exc->next == NULL) { - ssl_excert_free(exc); - *pexc = NULL; - return 1; - } - for (; exc; exc = exc->next) { - if (exc->certfile == NULL) { - BIO_printf(bio_err, "Missing filename\n"); - return 0; - } - exc->cert = load_cert(exc->certfile, exc->certform, - "Server Certificate"); - if (exc->cert == NULL) - return 0; - if (exc->keyfile != NULL) { - exc->key = load_key(exc->keyfile, exc->keyform, - 0, NULL, NULL, "server key"); - } else { - exc->key = load_key(exc->certfile, exc->certform, - 0, NULL, NULL, "server key"); - } - if (exc->key == NULL) - return 0; - if (exc->chainfile != NULL) { - if (!load_certs(exc->chainfile, 0, &exc->chain, NULL, "server chain")) - return 0; - } - } - return 1; -} - -enum range { OPT_X_ENUM }; - -int args_excert(int opt, SSL_EXCERT **pexc) -{ - SSL_EXCERT *exc = *pexc; - - assert(opt > OPT_X__FIRST); - assert(opt < OPT_X__LAST); - - if (exc == NULL) { - if (!ssl_excert_prepend(&exc)) { - BIO_printf(bio_err, " %s: Error initialising xcert\n", - opt_getprog()); - goto err; - } - *pexc = exc; - } - - switch ((enum range)opt) { - case OPT_X__FIRST: - case OPT_X__LAST: - return 0; - case OPT_X_CERT: - if (exc->certfile != NULL && !ssl_excert_prepend(&exc)) { - BIO_printf(bio_err, "%s: Error adding xcert\n", opt_getprog()); - goto err; - } - *pexc = exc; - exc->certfile = opt_arg(); - break; - case OPT_X_KEY: - if (exc->keyfile != NULL) { - BIO_printf(bio_err, "%s: Key already specified\n", opt_getprog()); - goto err; - } - exc->keyfile = opt_arg(); - break; - case OPT_X_CHAIN: - if (exc->chainfile != NULL) { - BIO_printf(bio_err, "%s: Chain already specified\n", - opt_getprog()); - goto err; - } - exc->chainfile = opt_arg(); - break; - case OPT_X_CHAIN_BUILD: - exc->build_chain = 1; - break; - case OPT_X_CERTFORM: - if (!opt_format(opt_arg(), OPT_FMT_ANY, &exc->certform)) - return 0; - break; - case OPT_X_KEYFORM: - if (!opt_format(opt_arg(), OPT_FMT_ANY, &exc->keyform)) - return 0; - break; - } - return 1; - - err: - ERR_print_errors(bio_err); - ssl_excert_free(exc); - *pexc = NULL; - return 0; -} - -static void print_raw_cipherlist(SSL *s) -{ - const unsigned char *rlist; - static const unsigned char scsv_id[] = { 0, 0xFF }; - size_t i, rlistlen, num; - - if (!SSL_is_server(s)) - return; - num = SSL_get0_raw_cipherlist(s, NULL); - OPENSSL_assert(num == 2); - rlistlen = SSL_get0_raw_cipherlist(s, &rlist); - BIO_puts(bio_err, "Client cipher list: "); - for (i = 0; i < rlistlen; i += num, rlist += num) { - const SSL_CIPHER *c = SSL_CIPHER_find(s, rlist); - if (i) - BIO_puts(bio_err, ":"); - if (c != NULL) { - BIO_puts(bio_err, SSL_CIPHER_get_name(c)); - } else if (memcmp(rlist, scsv_id, num) == 0) { - BIO_puts(bio_err, "SCSV"); - } else { - size_t j; - BIO_puts(bio_err, "0x"); - for (j = 0; j < num; j++) - BIO_printf(bio_err, "%02X", rlist[j]); - } - } - BIO_puts(bio_err, "\n"); -} - -/* - * Hex encoder for TLSA RRdata, not ':' delimited. - */ -static char *hexencode(const unsigned char *data, size_t len) -{ - static const char *hex = "0123456789abcdef"; - char *out; - char *cp; - size_t outlen = 2 * len + 1; - int ilen = (int) outlen; - - if (outlen < len || ilen < 0 || outlen != (size_t)ilen) { - BIO_printf(bio_err, "%s: %zu-byte buffer too large to hexencode\n", - opt_getprog(), len); - exit(1); - } - cp = out = app_malloc(ilen, "TLSA hex data buffer"); - - while (len-- > 0) { - *cp++ = hex[(*data >> 4) & 0x0f]; - *cp++ = hex[*data++ & 0x0f]; - } - *cp = '\0'; - return out; -} - -void print_verify_detail(SSL *s, BIO *bio) -{ - int mdpth; - EVP_PKEY *mspki; - long verify_err = SSL_get_verify_result(s); - - if (verify_err == X509_V_OK) { - const char *peername = SSL_get0_peername(s); - - BIO_printf(bio, "Verification: OK\n"); - if (peername != NULL) - BIO_printf(bio, "Verified peername: %s\n", peername); - } else { - const char *reason = X509_verify_cert_error_string(verify_err); - - BIO_printf(bio, "Verification error: %s\n", reason); - } - - if ((mdpth = SSL_get0_dane_authority(s, NULL, &mspki)) >= 0) { - uint8_t usage, selector, mtype; - const unsigned char *data = NULL; - size_t dlen = 0; - char *hexdata; - - mdpth = SSL_get0_dane_tlsa(s, &usage, &selector, &mtype, &data, &dlen); - - /* - * The TLSA data field can be quite long when it is a certificate, - * public key or even a SHA2-512 digest. Because the initial octets of - * ASN.1 certificates and public keys contain mostly boilerplate OIDs - * and lengths, we show the last 12 bytes of the data instead, as these - * are more likely to distinguish distinct TLSA records. - */ -#define TLSA_TAIL_SIZE 12 - if (dlen > TLSA_TAIL_SIZE) - hexdata = hexencode(data + dlen - TLSA_TAIL_SIZE, TLSA_TAIL_SIZE); - else - hexdata = hexencode(data, dlen); - BIO_printf(bio, "DANE TLSA %d %d %d %s%s %s at depth %d\n", - usage, selector, mtype, - (dlen > TLSA_TAIL_SIZE) ? "..." : "", hexdata, - (mspki != NULL) ? "signed the certificate" : - mdpth ? "matched TA certificate" : "matched EE certificate", - mdpth); - OPENSSL_free(hexdata); - } -} - -void print_ssl_summary(SSL *s) -{ - const SSL_CIPHER *c; - X509 *peer; - - BIO_printf(bio_err, "Protocol version: %s\n", SSL_get_version(s)); - print_raw_cipherlist(s); - c = SSL_get_current_cipher(s); - BIO_printf(bio_err, "Ciphersuite: %s\n", SSL_CIPHER_get_name(c)); - do_print_sigalgs(bio_err, s, 0); - peer = SSL_get0_peer_certificate(s); - if (peer != NULL) { - int nid; - - BIO_puts(bio_err, "Peer certificate: "); - X509_NAME_print_ex(bio_err, X509_get_subject_name(peer), - 0, get_nameopt()); - BIO_puts(bio_err, "\n"); - if (SSL_get_peer_signature_nid(s, &nid)) - BIO_printf(bio_err, "Hash used: %s\n", OBJ_nid2sn(nid)); - if (SSL_get_peer_signature_type_nid(s, &nid)) - BIO_printf(bio_err, "Signature type: %s\n", get_sigtype(nid)); - print_verify_detail(s, bio_err); - } else { - BIO_puts(bio_err, "No peer certificate\n"); - } -#ifndef OPENSSL_NO_EC - ssl_print_point_formats(bio_err, s); - if (SSL_is_server(s)) - ssl_print_groups(bio_err, s, 1); - else - ssl_print_tmp_key(bio_err, s); -#else - if (!SSL_is_server(s)) - ssl_print_tmp_key(bio_err, s); -#endif -} - -int config_ctx(SSL_CONF_CTX *cctx, STACK_OF(OPENSSL_STRING) *str, - SSL_CTX *ctx) -{ - int i; - - SSL_CONF_CTX_set_ssl_ctx(cctx, ctx); - for (i = 0; i < sk_OPENSSL_STRING_num(str); i += 2) { - const char *flag = sk_OPENSSL_STRING_value(str, i); - const char *arg = sk_OPENSSL_STRING_value(str, i + 1); - - if (SSL_CONF_cmd(cctx, flag, arg) <= 0) { - BIO_printf(bio_err, "Call to SSL_CONF_cmd(%s, %s) failed\n", - flag, arg == NULL ? "" : arg); - ERR_print_errors(bio_err); - return 0; - } - } - if (!SSL_CONF_CTX_finish(cctx)) { - BIO_puts(bio_err, "Error finishing context\n"); - ERR_print_errors(bio_err); - return 0; - } - return 1; -} - -static int add_crls_store(X509_STORE *st, STACK_OF(X509_CRL) *crls) -{ - X509_CRL *crl; - int i, ret = 1; - - for (i = 0; i < sk_X509_CRL_num(crls); i++) { - crl = sk_X509_CRL_value(crls, i); - if (!X509_STORE_add_crl(st, crl)) - ret = 0; - } - return ret; -} - -int ssl_ctx_add_crls(SSL_CTX *ctx, STACK_OF(X509_CRL) *crls, int crl_download) -{ - X509_STORE *st; - - st = SSL_CTX_get_cert_store(ctx); - add_crls_store(st, crls); - if (crl_download) - store_setup_crl_download(st); - return 1; -} - -int ssl_load_stores(SSL_CTX *ctx, - const char *vfyCApath, const char *vfyCAfile, - const char *vfyCAstore, - const char *chCApath, const char *chCAfile, - const char *chCAstore, - STACK_OF(X509_CRL) *crls, int crl_download) -{ - X509_STORE *vfy = NULL, *ch = NULL; - int rv = 0; - - if (vfyCApath != NULL || vfyCAfile != NULL || vfyCAstore != NULL) { - vfy = X509_STORE_new(); - if (vfy == NULL) - goto err; - if (vfyCAfile != NULL && !X509_STORE_load_file(vfy, vfyCAfile)) - goto err; - if (vfyCApath != NULL && !X509_STORE_load_path(vfy, vfyCApath)) - goto err; - if (vfyCAstore != NULL && !X509_STORE_load_store(vfy, vfyCAstore)) - goto err; - add_crls_store(vfy, crls); - SSL_CTX_set1_verify_cert_store(ctx, vfy); - if (crl_download) - store_setup_crl_download(vfy); - } - if (chCApath != NULL || chCAfile != NULL || chCAstore != NULL) { - ch = X509_STORE_new(); - if (ch == NULL) - goto err; - if (chCAfile != NULL && !X509_STORE_load_file(ch, chCAfile)) - goto err; - if (chCApath != NULL && !X509_STORE_load_path(ch, chCApath)) - goto err; - if (chCAstore != NULL && !X509_STORE_load_store(ch, chCAstore)) - goto err; - SSL_CTX_set1_chain_cert_store(ctx, ch); - } - rv = 1; - err: - X509_STORE_free(vfy); - X509_STORE_free(ch); - return rv; -} - -/* Verbose print out of security callback */ - -typedef struct { - BIO *out; - int verbose; - int (*old_cb) (const SSL *s, const SSL_CTX *ctx, int op, int bits, int nid, - void *other, void *ex); -} security_debug_ex; - -static STRINT_PAIR callback_types[] = { - {"Supported Ciphersuite", SSL_SECOP_CIPHER_SUPPORTED}, - {"Shared Ciphersuite", SSL_SECOP_CIPHER_SHARED}, - {"Check Ciphersuite", SSL_SECOP_CIPHER_CHECK}, -#ifndef OPENSSL_NO_DH - {"Temp DH key bits", SSL_SECOP_TMP_DH}, -#endif - {"Supported Curve", SSL_SECOP_CURVE_SUPPORTED}, - {"Shared Curve", SSL_SECOP_CURVE_SHARED}, - {"Check Curve", SSL_SECOP_CURVE_CHECK}, - {"Supported Signature Algorithm", SSL_SECOP_SIGALG_SUPPORTED}, - {"Shared Signature Algorithm", SSL_SECOP_SIGALG_SHARED}, - {"Check Signature Algorithm", SSL_SECOP_SIGALG_CHECK}, - {"Signature Algorithm mask", SSL_SECOP_SIGALG_MASK}, - {"Certificate chain EE key", SSL_SECOP_EE_KEY}, - {"Certificate chain CA key", SSL_SECOP_CA_KEY}, - {"Peer Chain EE key", SSL_SECOP_PEER_EE_KEY}, - {"Peer Chain CA key", SSL_SECOP_PEER_CA_KEY}, - {"Certificate chain CA digest", SSL_SECOP_CA_MD}, - {"Peer chain CA digest", SSL_SECOP_PEER_CA_MD}, - {"SSL compression", SSL_SECOP_COMPRESSION}, - {"Session ticket", SSL_SECOP_TICKET}, - {NULL} -}; - -static int security_callback_debug(const SSL *s, const SSL_CTX *ctx, - int op, int bits, int nid, - void *other, void *ex) -{ - security_debug_ex *sdb = ex; - int rv, show_bits = 1, cert_md = 0; - const char *nm; - int show_nm; - - rv = sdb->old_cb(s, ctx, op, bits, nid, other, ex); - if (rv == 1 && sdb->verbose < 2) - return 1; - BIO_puts(sdb->out, "Security callback: "); - - nm = lookup(op, callback_types, NULL); - show_nm = nm != NULL; - switch (op) { - case SSL_SECOP_TICKET: - case SSL_SECOP_COMPRESSION: - show_bits = 0; - show_nm = 0; - break; - case SSL_SECOP_VERSION: - BIO_printf(sdb->out, "Version=%s", lookup(nid, ssl_versions, "???")); - show_bits = 0; - show_nm = 0; - break; - case SSL_SECOP_CA_MD: - case SSL_SECOP_PEER_CA_MD: - cert_md = 1; - break; - case SSL_SECOP_SIGALG_SUPPORTED: - case SSL_SECOP_SIGALG_SHARED: - case SSL_SECOP_SIGALG_CHECK: - case SSL_SECOP_SIGALG_MASK: - show_nm = 0; - break; - } - if (show_nm) - BIO_printf(sdb->out, "%s=", nm); - - switch (op & SSL_SECOP_OTHER_TYPE) { - - case SSL_SECOP_OTHER_CIPHER: - BIO_puts(sdb->out, SSL_CIPHER_get_name(other)); - break; - -#ifndef OPENSSL_NO_EC - case SSL_SECOP_OTHER_CURVE: - { - const char *cname; - cname = EC_curve_nid2nist(nid); - if (cname == NULL) - cname = OBJ_nid2sn(nid); - BIO_puts(sdb->out, cname); - } - break; -#endif - case SSL_SECOP_OTHER_CERT: - { - if (cert_md) { - int sig_nid = X509_get_signature_nid(other); - - BIO_puts(sdb->out, OBJ_nid2sn(sig_nid)); - } else { - EVP_PKEY *pkey = X509_get0_pubkey(other); - - if (pkey == NULL) { - BIO_printf(sdb->out, "Public key missing"); - } else { - const char *algname = ""; - - EVP_PKEY_asn1_get0_info(NULL, NULL, NULL, NULL, - &algname, EVP_PKEY_get0_asn1(pkey)); - BIO_printf(sdb->out, "%s, bits=%d", - algname, EVP_PKEY_get_bits(pkey)); - } - } - break; - } - case SSL_SECOP_OTHER_SIGALG: - { - const unsigned char *salg = other; - const char *sname = NULL; - int raw_sig_code = (salg[0] << 8) + salg[1]; /* always big endian (msb, lsb) */ - /* raw_sig_code: signature_scheme from tls1.3, or signature_and_hash from tls1.2 */ - - if (nm != NULL) - BIO_printf(sdb->out, "%s", nm); - else - BIO_printf(sdb->out, "s_cb.c:security_callback_debug op=0x%x", op); - - sname = lookup(raw_sig_code, signature_tls13_scheme_list, NULL); - if (sname != NULL) { - BIO_printf(sdb->out, " scheme=%s", sname); - } else { - int alg_code = salg[1]; - int hash_code = salg[0]; - const char *alg_str = lookup(alg_code, signature_tls12_alg_list, NULL); - const char *hash_str = lookup(hash_code, signature_tls12_hash_list, NULL); - - if (alg_str != NULL && hash_str != NULL) - BIO_printf(sdb->out, " digest=%s, algorithm=%s", hash_str, alg_str); - else - BIO_printf(sdb->out, " scheme=unknown(0x%04x)", raw_sig_code); - } - } - - } - - if (show_bits) - BIO_printf(sdb->out, ", security bits=%d", bits); - BIO_printf(sdb->out, ": %s\n", rv ? "yes" : "no"); - return rv; -} - -void ssl_ctx_security_debug(SSL_CTX *ctx, int verbose) -{ - static security_debug_ex sdb; - - sdb.out = bio_err; - sdb.verbose = verbose; - sdb.old_cb = SSL_CTX_get_security_callback(ctx); - SSL_CTX_set_security_callback(ctx, security_callback_debug); - SSL_CTX_set0_security_ex_data(ctx, &sdb); -} - -static void keylog_callback(const SSL *ssl, const char *line) -{ - if (bio_keylog == NULL) { - BIO_printf(bio_err, "Keylog callback is invoked without valid file!\n"); - return; - } - - /* - * There might be concurrent writers to the keylog file, so we must ensure - * that the given line is written at once. - */ - BIO_printf(bio_keylog, "%s\n", line); - (void)BIO_flush(bio_keylog); -} - -int set_keylog_file(SSL_CTX *ctx, const char *keylog_file) -{ - /* Close any open files */ - BIO_free_all(bio_keylog); - bio_keylog = NULL; - - if (ctx == NULL || keylog_file == NULL) { - /* Keylogging is disabled, OK. */ - return 0; - } - - /* - * Append rather than write in order to allow concurrent modification. - * Furthermore, this preserves existing keylog files which is useful when - * the tool is run multiple times. - */ - bio_keylog = BIO_new_file(keylog_file, "a"); - if (bio_keylog == NULL) { - BIO_printf(bio_err, "Error writing keylog file %s\n", keylog_file); - return 1; - } - - /* Write a header for seekable, empty files (this excludes pipes). */ - if (BIO_tell(bio_keylog) == 0) { - BIO_puts(bio_keylog, - "# SSL/TLS secrets log file, generated by OpenSSL\n"); - (void)BIO_flush(bio_keylog); - } - SSL_CTX_set_keylog_callback(ctx, keylog_callback); - return 0; -} - -void print_ca_names(BIO *bio, SSL *s) -{ - const char *cs = SSL_is_server(s) ? "server" : "client"; - const STACK_OF(X509_NAME) *sk = SSL_get0_peer_CA_list(s); - int i; - - if (sk == NULL || sk_X509_NAME_num(sk) == 0) { - if (!SSL_is_server(s)) - BIO_printf(bio, "---\nNo %s certificate CA names sent\n", cs); - return; - } - - BIO_printf(bio, "---\nAcceptable %s certificate CA names\n",cs); - for (i = 0; i < sk_X509_NAME_num(sk); i++) { - X509_NAME_print_ex(bio, sk_X509_NAME_value(sk, i), 0, get_nameopt()); - BIO_write(bio, "\n", 1); - } -} diff --git a/apps/lib/s_socket.c b/apps/lib/s_socket.c deleted file mode 100644 index 059afe47b9049128f92e49a4f7f45cf51cc45402..0000000000000000000000000000000000000000 --- a/apps/lib/s_socket.c +++ /dev/null @@ -1,455 +0,0 @@ -/* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* socket-related functions used by s_client and s_server */ -#include -#include -#include -#include -#include -#include - -/* - * With IPv6, it looks like Digital has mixed up the proper order of - * recursive header file inclusion, resulting in the compiler complaining - * that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which is - * needed to have fileno() declared correctly... So let's define u_int - */ -#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__U_INT) -# define __U_INT -typedef unsigned int u_int; -#endif - -#ifdef _WIN32 -# include - -/* MSVC renamed some POSIX functions to have an underscore prefix. */ -# ifdef _MSC_VER -# define getpid _getpid -# endif -#endif - -#ifndef OPENSSL_NO_SOCK - -# include "apps.h" -# include "s_apps.h" -# include "internal/sockets.h" - -# if defined(__TANDEM) -# if defined(OPENSSL_TANDEM_FLOSS) -# include -# endif -# endif - -# include -# include - -/* Keep track of our peer's address for the cookie callback */ -BIO_ADDR *ourpeer = NULL; - -/* - * init_client - helper routine to set up socket communication - * @sock: pointer to storage of resulting socket. - * @host: the host name or path (for AF_UNIX) to connect to. - * @port: the port to connect to (ignored for AF_UNIX). - * @bindhost: source host or path (for AF_UNIX). - * @bindport: source port (ignored for AF_UNIX). - * @family: desired socket family, may be AF_INET, AF_INET6, AF_UNIX or - * AF_UNSPEC - * @type: socket type, must be SOCK_STREAM or SOCK_DGRAM - * @protocol: socket protocol, e.g. IPPROTO_TCP or IPPROTO_UDP (or 0 for any) - * - * This will create a socket and use it to connect to a host:port, or if - * family == AF_UNIX, to the path found in host. - * - * If the host has more than one address, it will try them one by one until - * a successful connection is established. The resulting socket will be - * found in *sock on success, it will be given INVALID_SOCKET otherwise. - * - * Returns 1 on success, 0 on failure. - */ -int init_client(int *sock, const char *host, const char *port, - const char *bindhost, const char *bindport, - int family, int type, int protocol) -{ - BIO_ADDRINFO *res = NULL; - BIO_ADDRINFO *bindaddr = NULL; - const BIO_ADDRINFO *ai = NULL; - const BIO_ADDRINFO *bi = NULL; - int found = 0; - int ret; - - if (BIO_sock_init() != 1) - return 0; - - ret = BIO_lookup_ex(host, port, BIO_LOOKUP_CLIENT, family, type, protocol, - &res); - if (ret == 0) { - ERR_print_errors(bio_err); - return 0; - } - - if (bindhost != NULL || bindport != NULL) { - ret = BIO_lookup_ex(bindhost, bindport, BIO_LOOKUP_CLIENT, - family, type, protocol, &bindaddr); - if (ret == 0) { - ERR_print_errors (bio_err); - goto out; - } - } - - ret = 0; - for (ai = res; ai != NULL; ai = BIO_ADDRINFO_next(ai)) { - /* Admittedly, these checks are quite paranoid, we should not get - * anything in the BIO_ADDRINFO chain that we haven't - * asked for. */ - OPENSSL_assert((family == AF_UNSPEC - || family == BIO_ADDRINFO_family(ai)) - && (type == 0 || type == BIO_ADDRINFO_socktype(ai)) - && (protocol == 0 - || protocol == BIO_ADDRINFO_protocol(ai))); - - if (bindaddr != NULL) { - for (bi = bindaddr; bi != NULL; bi = BIO_ADDRINFO_next(bi)) { - if (BIO_ADDRINFO_family(bi) == BIO_ADDRINFO_family(ai)) - break; - } - if (bi == NULL) - continue; - ++found; - } - - *sock = BIO_socket(BIO_ADDRINFO_family(ai), BIO_ADDRINFO_socktype(ai), - BIO_ADDRINFO_protocol(ai), 0); - if (*sock == INVALID_SOCKET) { - /* Maybe the kernel doesn't support the socket family, even if - * BIO_lookup() added it in the returned result... - */ - continue; - } - - if (bi != NULL) { - if (!BIO_bind(*sock, BIO_ADDRINFO_address(bi), - BIO_SOCK_REUSEADDR)) { - BIO_closesocket(*sock); - *sock = INVALID_SOCKET; - break; - } - } - -#ifndef OPENSSL_NO_SCTP - if (protocol == IPPROTO_SCTP) { - /* - * For SCTP we have to set various options on the socket prior to - * connecting. This is done automatically by BIO_new_dgram_sctp(). - * We don't actually need the created BIO though so we free it again - * immediately. - */ - BIO *tmpbio = BIO_new_dgram_sctp(*sock, BIO_NOCLOSE); - - if (tmpbio == NULL) { - ERR_print_errors(bio_err); - return 0; - } - BIO_free(tmpbio); - } -#endif - - if (!BIO_connect(*sock, BIO_ADDRINFO_address(ai), - BIO_ADDRINFO_protocol(ai) == IPPROTO_TCP ? BIO_SOCK_NODELAY : 0)) { - BIO_closesocket(*sock); - *sock = INVALID_SOCKET; - continue; - } - - /* Success, don't try any more addresses */ - break; - } - - if (*sock == INVALID_SOCKET) { - if (bindaddr != NULL && !found) { - BIO_printf(bio_err, "Can't bind %saddress for %s%s%s\n", -#ifdef AF_INET6 - BIO_ADDRINFO_family(res) == AF_INET6 ? "IPv6 " : -#endif - BIO_ADDRINFO_family(res) == AF_INET ? "IPv4 " : - BIO_ADDRINFO_family(res) == AF_UNIX ? "unix " : "", - bindhost != NULL ? bindhost : "", - bindport != NULL ? ":" : "", - bindport != NULL ? bindport : ""); - ERR_clear_error(); - ret = 0; - } - ERR_print_errors(bio_err); - } else { - /* Remove any stale errors from previous connection attempts */ - ERR_clear_error(); - ret = 1; - } -out: - if (bindaddr != NULL) { - BIO_ADDRINFO_free (bindaddr); - } - BIO_ADDRINFO_free(res); - return ret; -} - -int report_server_accept(BIO *out, int asock, int with_address, int with_pid) -{ - int success = 1; - - if (BIO_printf(out, "ACCEPT") <= 0) - return 0; - if (with_address) { - union BIO_sock_info_u info; - char *hostname = NULL; - char *service = NULL; - - if ((info.addr = BIO_ADDR_new()) != NULL - && BIO_sock_info(asock, BIO_SOCK_INFO_ADDRESS, &info) - && (hostname = BIO_ADDR_hostname_string(info.addr, 1)) != NULL - && (service = BIO_ADDR_service_string(info.addr, 1)) != NULL) { - success = BIO_printf(out, - strchr(hostname, ':') == NULL - ? /* IPv4 */ " %s:%s" - : /* IPv6 */ " [%s]:%s", - hostname, service) > 0; - } else { - (void)BIO_printf(out, "unknown:error\n"); - success = 0; - } - OPENSSL_free(hostname); - OPENSSL_free(service); - BIO_ADDR_free(info.addr); - } - if (with_pid) - success = success && BIO_printf(out, " PID=%d", getpid()) > 0; - success = success && BIO_printf(out, "\n") > 0; - (void)BIO_flush(out); - - return success; -} - -/* - * do_server - helper routine to perform a server operation - * @accept_sock: pointer to storage of resulting socket. - * @host: the host name or path (for AF_UNIX) to connect to. - * @port: the port to connect to (ignored for AF_UNIX). - * @family: desired socket family, may be AF_INET, AF_INET6, AF_UNIX or - * AF_UNSPEC - * @type: socket type, must be SOCK_STREAM or SOCK_DGRAM - * @cb: pointer to a function that receives the accepted socket and - * should perform the communication with the connecting client. - * @context: pointer to memory that's passed verbatim to the cb function. - * @naccept: number of times an incoming connect should be accepted. If -1, - * unlimited number. - * - * This will create a socket and use it to listen to a host:port, or if - * family == AF_UNIX, to the path found in host, then start accepting - * incoming connections and run cb on the resulting socket. - * - * 0 on failure, something other on success. - */ -int do_server(int *accept_sock, const char *host, const char *port, - int family, int type, int protocol, do_server_cb cb, - unsigned char *context, int naccept, BIO *bio_s_out) -{ - int asock = 0; - int sock; - int i; - BIO_ADDRINFO *res = NULL; - const BIO_ADDRINFO *next; - int sock_family, sock_type, sock_protocol, sock_port; - const BIO_ADDR *sock_address; - int sock_family_fallback = AF_UNSPEC; - const BIO_ADDR *sock_address_fallback = NULL; - int sock_options = BIO_SOCK_REUSEADDR; - int ret = 0; - - if (BIO_sock_init() != 1) - return 0; - - if (!BIO_lookup_ex(host, port, BIO_LOOKUP_SERVER, family, type, protocol, - &res)) { - ERR_print_errors(bio_err); - return 0; - } - - /* Admittedly, these checks are quite paranoid, we should not get - * anything in the BIO_ADDRINFO chain that we haven't asked for */ - OPENSSL_assert((family == AF_UNSPEC || family == BIO_ADDRINFO_family(res)) - && (type == 0 || type == BIO_ADDRINFO_socktype(res)) - && (protocol == 0 || protocol == BIO_ADDRINFO_protocol(res))); - - sock_family = BIO_ADDRINFO_family(res); - sock_type = BIO_ADDRINFO_socktype(res); - sock_protocol = BIO_ADDRINFO_protocol(res); - sock_address = BIO_ADDRINFO_address(res); - next = BIO_ADDRINFO_next(res); -#ifdef AF_INET6 - if (sock_family == AF_INET6) - sock_options |= BIO_SOCK_V6_ONLY; - if (next != NULL - && BIO_ADDRINFO_socktype(next) == sock_type - && BIO_ADDRINFO_protocol(next) == sock_protocol) { - if (sock_family == AF_INET - && BIO_ADDRINFO_family(next) == AF_INET6) { - /* In case AF_INET6 is returned but not supported by the - * kernel, retry with the first detected address family */ - sock_family_fallback = sock_family; - sock_address_fallback = sock_address; - sock_family = AF_INET6; - sock_address = BIO_ADDRINFO_address(next); - } else if (sock_family == AF_INET6 - && BIO_ADDRINFO_family(next) == AF_INET) { - sock_options &= ~BIO_SOCK_V6_ONLY; - } - } -#endif - - asock = BIO_socket(sock_family, sock_type, sock_protocol, 0); - if (asock == INVALID_SOCKET && sock_family_fallback != AF_UNSPEC) { - asock = BIO_socket(sock_family_fallback, sock_type, sock_protocol, 0); - sock_address = sock_address_fallback; - } - if (asock == INVALID_SOCKET - || !BIO_listen(asock, sock_address, sock_options)) { - BIO_ADDRINFO_free(res); - ERR_print_errors(bio_err); - if (asock != INVALID_SOCKET) - BIO_closesocket(asock); - goto end; - } - -#ifndef OPENSSL_NO_SCTP - if (protocol == IPPROTO_SCTP) { - /* - * For SCTP we have to set various options on the socket prior to - * accepting. This is done automatically by BIO_new_dgram_sctp(). - * We don't actually need the created BIO though so we free it again - * immediately. - */ - BIO *tmpbio = BIO_new_dgram_sctp(asock, BIO_NOCLOSE); - - if (tmpbio == NULL) { - BIO_closesocket(asock); - ERR_print_errors(bio_err); - goto end; - } - BIO_free(tmpbio); - } -#endif - - sock_port = BIO_ADDR_rawport(sock_address); - - BIO_ADDRINFO_free(res); - res = NULL; - - if (!report_server_accept(bio_s_out, asock, sock_port == 0, 0)) { - BIO_closesocket(asock); - ERR_print_errors(bio_err); - goto end; - } - - if (accept_sock != NULL) - *accept_sock = asock; - for (;;) { - char sink[64]; - struct timeval timeout; - fd_set readfds; - - if (type == SOCK_STREAM) { - BIO_ADDR_free(ourpeer); - ourpeer = BIO_ADDR_new(); - if (ourpeer == NULL) { - BIO_closesocket(asock); - ERR_print_errors(bio_err); - goto end; - } - do { - sock = BIO_accept_ex(asock, ourpeer, 0); - } while (sock < 0 && BIO_sock_should_retry(sock)); - if (sock < 0) { - ERR_print_errors(bio_err); - BIO_closesocket(asock); - break; - } - BIO_set_tcp_ndelay(sock, 1); - i = (*cb)(sock, type, protocol, context); - - /* - * If we ended with an alert being sent, but still with data in the - * network buffer to be read, then calling BIO_closesocket() will - * result in a TCP-RST being sent. On some platforms (notably - * Windows) then this will result in the peer immediately abandoning - * the connection including any buffered alert data before it has - * had a chance to be read. Shutting down the sending side first, - * and then closing the socket sends TCP-FIN first followed by - * TCP-RST. This seems to allow the peer to read the alert data. - */ - shutdown(sock, 1); /* SHUT_WR */ - /* - * We just said we have nothing else to say, but it doesn't mean - * that the other side has nothing. It's even recommended to - * consume incoming data. [In testing context this ensures that - * alerts are passed on...] - */ - timeout.tv_sec = 0; - timeout.tv_usec = 500000; /* some extreme round-trip */ - do { - FD_ZERO(&readfds); - openssl_fdset(sock, &readfds); - } while (select(sock + 1, &readfds, NULL, NULL, &timeout) > 0 - && readsocket(sock, sink, sizeof(sink)) > 0); - - BIO_closesocket(sock); - } else { - i = (*cb)(asock, type, protocol, context); - } - - if (naccept != -1) - naccept--; - if (i < 0 || naccept == 0) { - BIO_closesocket(asock); - ret = i; - break; - } - } - end: -# ifdef AF_UNIX - if (family == AF_UNIX) - unlink(host); -# endif - BIO_ADDR_free(ourpeer); - ourpeer = NULL; - return ret; -} - -void do_ssl_shutdown(SSL *ssl) -{ - int ret; - - do { - /* We only do unidirectional shutdown */ - ret = SSL_shutdown(ssl); - if (ret < 0) { - switch (SSL_get_error(ssl, ret)) { - case SSL_ERROR_WANT_READ: - case SSL_ERROR_WANT_WRITE: - case SSL_ERROR_WANT_ASYNC: - case SSL_ERROR_WANT_ASYNC_JOB: - /* We just do busy waiting. Nothing clever */ - continue; - } - ret = 0; - } - } while (ret < 0); -} - -#endif /* OPENSSL_NO_SOCK */ diff --git a/apps/lib/tlssrp_depr.c b/apps/lib/tlssrp_depr.c deleted file mode 100644 index 91c19b096e9a23989c1edec78c3b85db2cff57ee..0000000000000000000000000000000000000000 --- a/apps/lib/tlssrp_depr.c +++ /dev/null @@ -1,231 +0,0 @@ -/* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * Copyright 2005 Nokia. All rights reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * This file is to enable backwards compatibility for the SRP features of - * s_client, s_server and ciphers. All of those features are deprecated and will - * eventually disappear. In the meantime, to continue to support them, we - * need to access deprecated SRP APIs. - */ -#define OPENSSL_SUPPRESS_DEPRECATED - -#include -#include -#include -#include -#include "apps_ui.h" -#include "apps.h" -#include "s_apps.h" - -static int srp_Verify_N_and_g(const BIGNUM *N, const BIGNUM *g) -{ - BN_CTX *bn_ctx = BN_CTX_new(); - BIGNUM *p = BN_new(); - BIGNUM *r = BN_new(); - int ret = - g != NULL && N != NULL && bn_ctx != NULL && BN_is_odd(N) && - BN_check_prime(N, bn_ctx, NULL) == 1 && - p != NULL && BN_rshift1(p, N) && - /* p = (N-1)/2 */ - BN_check_prime(p, bn_ctx, NULL) == 1 && - r != NULL && - /* verify g^((N-1)/2) == -1 (mod N) */ - BN_mod_exp(r, g, p, N, bn_ctx) && - BN_add_word(r, 1) && BN_cmp(r, N) == 0; - - BN_free(r); - BN_free(p); - BN_CTX_free(bn_ctx); - return ret; -} - -/*- - * This callback is used here for two purposes: - * - extended debugging - * - making some primality tests for unknown groups - * The callback is only called for a non default group. - * - * An application does not need the call back at all if - * only the standard groups are used. In real life situations, - * client and server already share well known groups, - * thus there is no need to verify them. - * Furthermore, in case that a server actually proposes a group that - * is not one of those defined in RFC 5054, it is more appropriate - * to add the group to a static list and then compare since - * primality tests are rather cpu consuming. - */ - -static int ssl_srp_verify_param_cb(SSL *s, void *arg) -{ - SRP_ARG *srp_arg = (SRP_ARG *)arg; - BIGNUM *N = NULL, *g = NULL; - - if (((N = SSL_get_srp_N(s)) == NULL) || ((g = SSL_get_srp_g(s)) == NULL)) - return 0; - if (srp_arg->debug || srp_arg->msg || srp_arg->amp == 1) { - BIO_printf(bio_err, "SRP parameters:\n"); - BIO_printf(bio_err, "\tN="); - BN_print(bio_err, N); - BIO_printf(bio_err, "\n\tg="); - BN_print(bio_err, g); - BIO_printf(bio_err, "\n"); - } - - if (SRP_check_known_gN_param(g, N)) - return 1; - - if (srp_arg->amp == 1) { - if (srp_arg->debug) - BIO_printf(bio_err, - "SRP param N and g are not known params, going to check deeper.\n"); - - /* - * The srp_moregroups is a real debugging feature. Implementors - * should rather add the value to the known ones. The minimal size - * has already been tested. - */ - if (BN_num_bits(g) <= BN_BITS && srp_Verify_N_and_g(N, g)) - return 1; - } - BIO_printf(bio_err, "SRP param N and g rejected.\n"); - return 0; -} - -#define PWD_STRLEN 1024 - -static char *ssl_give_srp_client_pwd_cb(SSL *s, void *arg) -{ - SRP_ARG *srp_arg = (SRP_ARG *)arg; - char *pass = app_malloc(PWD_STRLEN + 1, "SRP password buffer"); - PW_CB_DATA cb_tmp; - int l; - - cb_tmp.password = (char *)srp_arg->srppassin; - cb_tmp.prompt_info = "SRP user"; - if ((l = password_callback(pass, PWD_STRLEN, 0, &cb_tmp)) < 0) { - BIO_printf(bio_err, "Can't read Password\n"); - OPENSSL_free(pass); - return NULL; - } - *(pass + l) = '\0'; - - return pass; -} - -int set_up_srp_arg(SSL_CTX *ctx, SRP_ARG *srp_arg, int srp_lateuser, int c_msg, - int c_debug) -{ - if (!srp_lateuser && !SSL_CTX_set_srp_username(ctx, srp_arg->srplogin)) { - BIO_printf(bio_err, "Unable to set SRP username\n"); - return 0; - } - srp_arg->msg = c_msg; - srp_arg->debug = c_debug; - SSL_CTX_set_srp_cb_arg(ctx, &srp_arg); - SSL_CTX_set_srp_client_pwd_callback(ctx, ssl_give_srp_client_pwd_cb); - SSL_CTX_set_srp_strength(ctx, srp_arg->strength); - if (c_msg || c_debug || srp_arg->amp == 0) - SSL_CTX_set_srp_verify_param_callback(ctx, ssl_srp_verify_param_cb); - - return 1; -} - -static char *dummy_srp(SSL *ssl, void *arg) -{ - return ""; -} - -void set_up_dummy_srp(SSL_CTX *ctx) -{ - SSL_CTX_set_srp_client_pwd_callback(ctx, dummy_srp); -} - -/* - * This callback pretends to require some asynchronous logic in order to - * obtain a verifier. When the callback is called for a new connection we - * return with a negative value. This will provoke the accept etc to return - * with an LOOKUP_X509. The main logic of the reinvokes the suspended call - * (which would normally occur after a worker has finished) and we set the - * user parameters. - */ -static int ssl_srp_server_param_cb(SSL *s, int *ad, void *arg) -{ - srpsrvparm *p = (srpsrvparm *) arg; - int ret = SSL3_AL_FATAL; - - if (p->login == NULL && p->user == NULL) { - p->login = SSL_get_srp_username(s); - BIO_printf(bio_err, "SRP username = \"%s\"\n", p->login); - return -1; - } - - if (p->user == NULL) { - BIO_printf(bio_err, "User %s doesn't exist\n", p->login); - goto err; - } - - if (SSL_set_srp_server_param - (s, p->user->N, p->user->g, p->user->s, p->user->v, - p->user->info) < 0) { - *ad = SSL_AD_INTERNAL_ERROR; - goto err; - } - BIO_printf(bio_err, - "SRP parameters set: username = \"%s\" info=\"%s\" \n", - p->login, p->user->info); - ret = SSL_ERROR_NONE; - - err: - SRP_user_pwd_free(p->user); - p->user = NULL; - p->login = NULL; - return ret; -} - -int set_up_srp_verifier_file(SSL_CTX *ctx, srpsrvparm *srp_callback_parm, - char *srpuserseed, char *srp_verifier_file) -{ - int ret; - - srp_callback_parm->vb = SRP_VBASE_new(srpuserseed); - srp_callback_parm->user = NULL; - srp_callback_parm->login = NULL; - - if (srp_callback_parm->vb == NULL) { - BIO_printf(bio_err, "Failed to initialize SRP verifier file \n"); - return 0; - } - if ((ret = - SRP_VBASE_init(srp_callback_parm->vb, - srp_verifier_file)) != SRP_NO_ERROR) { - BIO_printf(bio_err, - "Cannot initialize SRP verifier file \"%s\":ret=%d\n", - srp_verifier_file, ret); - return 0; - } - SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, verify_callback); - SSL_CTX_set_srp_cb_arg(ctx, &srp_callback_parm); - SSL_CTX_set_srp_username_callback(ctx, ssl_srp_server_param_cb); - - return 1; -} - -void lookup_srp_user(srpsrvparm *srp_callback_parm, BIO *bio_s_out) -{ - SRP_user_pwd_free(srp_callback_parm->user); - srp_callback_parm->user = SRP_VBASE_get1_by_user(srp_callback_parm->vb, - srp_callback_parm->login); - - if (srp_callback_parm->user != NULL) - BIO_printf(bio_s_out, "LOOKUP done %s\n", - srp_callback_parm->user->info); - else - BIO_printf(bio_s_out, "LOOKUP not successful\n"); -} diff --git a/apps/lib/vms_decc_argv.c b/apps/lib/vms_decc_argv.c deleted file mode 100644 index 031e5afdeca0be42f7862bd257007832035ccef6..0000000000000000000000000000000000000000 --- a/apps/lib/vms_decc_argv.c +++ /dev/null @@ -1,72 +0,0 @@ -/* - * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include "platform.h" /* for copy_argv() */ - -char **newargv = NULL; - -static void cleanup_argv(void) -{ - OPENSSL_free(newargv); - newargv = NULL; -} - -char **copy_argv(int *argc, char *argv[]) -{ - /*- - * The note below is for historical purpose. On VMS now we always - * copy argv "safely." - * - * 2011-03-22 SMS. - * If we have 32-bit pointers everywhere, then we're safe, and - * we bypass this mess, as on non-VMS systems. - * Problem 1: Compaq/HP C before V7.3 always used 32-bit - * pointers for argv[]. - * Fix 1: For a 32-bit argv[], when we're using 64-bit pointers - * everywhere else, we always allocate and use a 64-bit - * duplicate of argv[]. - * Problem 2: Compaq/HP C V7.3 (Alpha, IA64) before ECO1 failed - * to NULL-terminate a 64-bit argv[]. (As this was written, the - * compiler ECO was available only on IA64.) - * Fix 2: Unless advised not to (VMS_TRUST_ARGV), we test a - * 64-bit argv[argc] for NULL, and, if necessary, use a - * (properly) NULL-terminated (64-bit) duplicate of argv[]. - * The same code is used in either case to duplicate argv[]. - * Some of these decisions could be handled in preprocessing, - * but the code tends to get even uglier, and the penalty for - * deciding at compile- or run-time is tiny. - */ - - int i, count = *argc; - char **p = newargv; - - cleanup_argv(); - - /* - * We purposefully use OPENSSL_malloc() rather than app_malloc() here, - * to avoid symbol name clashes in test programs that would otherwise - * get them when linking with all of libapps.a. - * See comment in test/build.info. - */ - newargv = OPENSSL_malloc(sizeof(*newargv) * (count + 1)); - if (newargv == NULL) - return NULL; - - /* Register automatic cleanup on first use */ - if (p == NULL) - OPENSSL_atexit(cleanup_argv); - - for (i = 0; i < count; i++) - newargv[i] = argv[i]; - newargv[i] = NULL; - *argc = i; - return newargv; -} diff --git a/apps/lib/vms_term_sock.c b/apps/lib/vms_term_sock.c deleted file mode 100644 index 97fb3943265c426d8c4aae076a4e4713408b1df5..0000000000000000000000000000000000000000 --- a/apps/lib/vms_term_sock.c +++ /dev/null @@ -1,591 +0,0 @@ -/* - * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. - * Copyright 2016 VMS Software, Inc. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#ifdef __VMS -# define OPENSSL_SYS_VMS -# pragma message disable DOLLARID - - -# include - -# if !defined(_POSIX_C_SOURCE) && defined(OPENSSL_SYS_VMS) -/* - * On VMS, you need to define this to get the declaration of fileno(). The - * value 2 is to make sure no function defined in POSIX-2 is left undefined. - */ -# define _POSIX_C_SOURCE 2 -# endif - -# include - -# undef _POSIX_C_SOURCE - -# include -# include -# include -# include -# include -# include -# include -# include -# include -# ifdef __alpha -# include -# else -typedef struct _iosb { /* Copied from IOSBDEF.H for Alpha */ -# pragma __nomember_alignment - __union { - __struct { - unsigned short int iosb$w_status; /* Final I/O status */ - __union { - __struct { /* 16-bit byte count variant */ - unsigned short int iosb$w_bcnt; /* 16-bit byte count */ - __union { - unsigned int iosb$l_dev_depend; /* 32-bit device dependent info */ - unsigned int iosb$l_pid; /* 32-bit pid */ - } iosb$r_l; - } iosb$r_bcnt_16; - __struct { /* 32-bit byte count variant */ - unsigned int iosb$l_bcnt; /* 32-bit byte count (unaligned) */ - unsigned short int iosb$w_dev_depend_high; /* 16-bit device dependent info */ - } iosb$r_bcnt_32; - } iosb$r_devdepend; - } iosb$r_io_64; - __struct { - __union { - unsigned int iosb$l_getxxi_status; /* Final GETxxI status */ - unsigned int iosb$l_reg_status; /* Final $Registry status */ - } iosb$r_l_status; - unsigned int iosb$l_reserved; /* Reserved field */ - } iosb$r_get_64; - } iosb$r_io_get; -} IOSB; - -# if !defined(__VAXC) -# define iosb$w_status iosb$r_io_get.iosb$r_io_64.iosb$w_status -# define iosb$w_bcnt iosb$r_io_get.iosb$r_io_64.iosb$r_devdepend.iosb$r_bcnt_16.iosb$w_bcnt -# define iosb$r_l iosb$r_io_get.iosb$r_io_64.iosb$r_devdepend.iosb$r_bcnt_16.iosb$r_l -# define iosb$l_dev_depend iosb$r_l.iosb$l_dev_depend -# define iosb$l_pid iosb$r_l.iosb$l_pid -# define iosb$l_bcnt iosb$r_io_get.iosb$r_io_64.iosb$r_devdepend.iosb$r_bcnt_32.iosb$l_bcnt -# define iosb$w_dev_depend_high iosb$r_io_get.iosb$r_io_64.iosb$r_devdepend.iosb$r_bcnt_32.iosb$w_dev_depend_high -# define iosb$l_getxxi_status iosb$r_io_get.iosb$r_get_64.iosb$r_l_status.iosb$l_getxxi_status -# define iosb$l_reg_status iosb$r_io_get.iosb$r_get_64.iosb$r_l_status.iosb$l_reg_status -# endif /* #if !defined(__VAXC) */ - -# endif /* End of IOSBDEF */ - -# include -# include -# include -# include -# include -# include - -# include "vms_term_sock.h" - -# ifdef __alpha -static struct _iosb TerminalDeviceIosb; -# else -IOSB TerminalDeviceIosb; -# endif - -static char TerminalDeviceBuff[255 + 2]; -static int TerminalSocketPair[2] = {0, 0}; -static unsigned short TerminalDeviceChan = 0; - -static int CreateSocketPair (int, int, int, int *); -static void SocketPairTimeoutAst (int); -static int TerminalDeviceAst (int); -static void LogMessage (char *, ...); - -/* -** Socket Pair Timeout Value (must be 0-59 seconds) -*/ -# define SOCKET_PAIR_TIMEOUT_VALUE 20 - -/* -** Socket Pair Timeout Block which is passed to timeout AST -*/ -typedef struct _SocketPairTimeoutBlock { - unsigned short SockChan1; - unsigned short SockChan2; -} SPTB; - -# ifdef TERM_SOCK_TEST - -/*----------------------------------------------------------------------------*/ -/* */ -/*----------------------------------------------------------------------------*/ -int main (int argc, char *argv[], char *envp[]) -{ - char TermBuff[80]; - int TermSock, - status, - len; - - LogMessage ("Enter 'q' or 'Q' to quit ..."); - while (OPENSSL_strcasecmp (TermBuff, "Q")) { - /* - ** Create the terminal socket - */ - status = TerminalSocket (TERM_SOCK_CREATE, &TermSock); - if (status != TERM_SOCK_SUCCESS) - exit (1); - - /* - ** Process the terminal input - */ - LogMessage ("Waiting on terminal I/O ...\n"); - len = recv (TermSock, TermBuff, sizeof(TermBuff), 0) ; - TermBuff[len] = '\0'; - LogMessage ("Received terminal I/O [%s]", TermBuff); - - /* - ** Delete the terminal socket - */ - status = TerminalSocket (TERM_SOCK_DELETE, &TermSock); - if (status != TERM_SOCK_SUCCESS) - exit (1); - } - - return 1; - -} -# endif - -/*----------------------------------------------------------------------------*/ -/* */ -/*----------------------------------------------------------------------------*/ -int TerminalSocket (int FunctionCode, int *ReturnSocket) -{ - int status; - $DESCRIPTOR (TerminalDeviceDesc, "SYS$COMMAND"); - - /* - ** Process the requested function code - */ - switch (FunctionCode) { - case TERM_SOCK_CREATE: - /* - ** Create a socket pair - */ - status = CreateSocketPair (AF_INET, SOCK_STREAM, 0, TerminalSocketPair); - if (status == -1) { - LogMessage ("TerminalSocket: CreateSocketPair () - %08X", status); - if (TerminalSocketPair[0]) - close (TerminalSocketPair[0]); - if (TerminalSocketPair[1]) - close (TerminalSocketPair[1]); - return TERM_SOCK_FAILURE; - } - - /* - ** Assign a channel to the terminal device - */ - status = sys$assign (&TerminalDeviceDesc, - &TerminalDeviceChan, - 0, 0, 0); - if (! (status & 1)) { - LogMessage ("TerminalSocket: SYS$ASSIGN () - %08X", status); - close (TerminalSocketPair[0]); - close (TerminalSocketPair[1]); - return TERM_SOCK_FAILURE; - } - - /* - ** Queue an async IO to the terminal device - */ - status = sys$qio (EFN$C_ENF, - TerminalDeviceChan, - IO$_READVBLK, - &TerminalDeviceIosb, - TerminalDeviceAst, - 0, - TerminalDeviceBuff, - sizeof(TerminalDeviceBuff) - 2, - 0, 0, 0, 0); - if (! (status & 1)) { - LogMessage ("TerminalSocket: SYS$QIO () - %08X", status); - close (TerminalSocketPair[0]); - close (TerminalSocketPair[1]); - return TERM_SOCK_FAILURE; - } - - /* - ** Return the input side of the socket pair - */ - *ReturnSocket = TerminalSocketPair[1]; - break; - - case TERM_SOCK_DELETE: - /* - ** Cancel any pending IO on the terminal channel - */ - status = sys$cancel (TerminalDeviceChan); - if (! (status & 1)) { - LogMessage ("TerminalSocket: SYS$CANCEL () - %08X", status); - close (TerminalSocketPair[0]); - close (TerminalSocketPair[1]); - return TERM_SOCK_FAILURE; - } - - /* - ** Deassign the terminal channel - */ - status = sys$dassgn (TerminalDeviceChan); - if (! (status & 1)) { - LogMessage ("TerminalSocket: SYS$DASSGN () - %08X", status); - close (TerminalSocketPair[0]); - close (TerminalSocketPair[1]); - return TERM_SOCK_FAILURE; - } - - /* - ** Close the terminal socket pair - */ - close (TerminalSocketPair[0]); - close (TerminalSocketPair[1]); - - /* - ** Return the initialized socket - */ - *ReturnSocket = 0; - break; - - default: - /* - ** Invalid function code - */ - LogMessage ("TerminalSocket: Invalid Function Code - %d", FunctionCode); - return TERM_SOCK_FAILURE; - break; - } - - /* - ** Return success - */ - return TERM_SOCK_SUCCESS; - -} - -/*----------------------------------------------------------------------------*/ -/* */ -/*----------------------------------------------------------------------------*/ -static int CreateSocketPair (int SocketFamily, - int SocketType, - int SocketProtocol, - int *SocketPair) -{ - struct dsc$descriptor AscTimeDesc = {0, DSC$K_DTYPE_T, DSC$K_CLASS_S, NULL}; - static const char* LocalHostAddr = {"127.0.0.1"}; - unsigned short TcpAcceptChan = 0, - TcpDeviceChan = 0; - unsigned long BinTimeBuff[2]; - struct sockaddr_in sin; - char AscTimeBuff[32]; - short LocalHostPort; - int status; - unsigned int slen; - -# ifdef __alpha - struct _iosb iosb; -# else - IOSB iosb; -# endif - - int SockDesc1 = 0, - SockDesc2 = 0; - SPTB sptb; - $DESCRIPTOR (TcpDeviceDesc, "TCPIP$DEVICE"); - - /* - ** Create a socket - */ - SockDesc1 = socket (SocketFamily, SocketType, 0); - if (SockDesc1 < 0) { - LogMessage ("CreateSocketPair: socket () - %d", errno); - return -1; - } - - /* - ** Initialize the socket information - */ - slen = sizeof(sin); - memset ((char *) &sin, 0, slen); - sin.sin_family = SocketFamily; - sin.sin_addr.s_addr = inet_addr (LocalHostAddr); - sin.sin_port = 0; - - /* - ** Bind the socket to the local IP - */ - status = bind (SockDesc1, (struct sockaddr *) &sin, slen); - if (status < 0) { - LogMessage ("CreateSocketPair: bind () - %d", errno); - close (SockDesc1); - return -1; - } - - /* - ** Get the socket name so we can save the port number - */ - status = getsockname (SockDesc1, (struct sockaddr *) &sin, &slen); - if (status < 0) { - LogMessage ("CreateSocketPair: getsockname () - %d", errno); - close (SockDesc1); - return -1; - } else - LocalHostPort = sin.sin_port; - - /* - ** Setup a listen for the socket - */ - listen (SockDesc1, 5); - - /* - ** Get the binary (64-bit) time of the specified timeout value - */ - sprintf (AscTimeBuff, "0 0:0:%02d.00", SOCKET_PAIR_TIMEOUT_VALUE); - AscTimeDesc.dsc$w_length = strlen (AscTimeBuff); - AscTimeDesc.dsc$a_pointer = AscTimeBuff; - status = sys$bintim (&AscTimeDesc, BinTimeBuff); - if (! (status & 1)) { - LogMessage ("CreateSocketPair: SYS$BINTIM () - %08X", status); - close (SockDesc1); - return -1; - } - - /* - ** Assign another channel to the TCP/IP device for the accept. - ** This is the channel that ends up being connected to. - */ - status = sys$assign (&TcpDeviceDesc, &TcpDeviceChan, 0, 0, 0); - if (! (status & 1)) { - LogMessage ("CreateSocketPair: SYS$ASSIGN () - %08X", status); - close (SockDesc1); - return -1; - } - - /* - ** Get the channel of the first socket for the accept - */ - TcpAcceptChan = decc$get_sdc (SockDesc1); - - /* - ** Perform the accept using $QIO so we can do this asynchronously - */ - status = sys$qio (EFN$C_ENF, - TcpAcceptChan, - IO$_ACCESS | IO$M_ACCEPT, - &iosb, - 0, 0, 0, 0, 0, - &TcpDeviceChan, - 0, 0); - if (! (status & 1)) { - LogMessage ("CreateSocketPair: SYS$QIO () - %08X", status); - close (SockDesc1); - sys$dassgn (TcpDeviceChan); - return -1; - } - - /* - ** Create the second socket to do the connect - */ - SockDesc2 = socket (SocketFamily, SocketType, 0); - if (SockDesc2 < 0) { - LogMessage ("CreateSocketPair: socket () - %d", errno); - sys$cancel (TcpAcceptChan); - close (SockDesc1); - sys$dassgn (TcpDeviceChan); - return (-1) ; - } - - /* - ** Setup the Socket Pair Timeout Block - */ - sptb.SockChan1 = TcpAcceptChan; - sptb.SockChan2 = decc$get_sdc (SockDesc2); - - /* - ** Before we block on the connect, set a timer that can cancel I/O on our - ** two sockets if it never connects. - */ - status = sys$setimr (EFN$C_ENF, - BinTimeBuff, - SocketPairTimeoutAst, - &sptb, - 0); - if (! (status & 1)) { - LogMessage ("CreateSocketPair: SYS$SETIMR () - %08X", status); - sys$cancel (TcpAcceptChan); - close (SockDesc1); - close (SockDesc2); - sys$dassgn (TcpDeviceChan); - return -1; - } - - /* - ** Now issue the connect - */ - memset ((char *) &sin, 0, sizeof(sin)) ; - sin.sin_family = SocketFamily; - sin.sin_addr.s_addr = inet_addr (LocalHostAddr) ; - sin.sin_port = LocalHostPort ; - - status = connect (SockDesc2, (struct sockaddr *) &sin, sizeof(sin)); - if (status < 0 ) { - LogMessage ("CreateSocketPair: connect () - %d", errno); - sys$cantim (&sptb, 0); - sys$cancel (TcpAcceptChan); - close (SockDesc1); - close (SockDesc2); - sys$dassgn (TcpDeviceChan); - return -1; - } - - /* - ** Wait for the asynch $QIO to finish. Note that if the I/O was aborted - ** (SS$_ABORT), then we probably canceled it from the AST routine - so log - ** a timeout. - */ - status = sys$synch (EFN$C_ENF, &iosb); - if (! (iosb.iosb$w_status & 1)) { - if (iosb.iosb$w_status == SS$_ABORT) - LogMessage ("CreateSocketPair: SYS$QIO(iosb) timeout"); - else { - LogMessage ("CreateSocketPair: SYS$QIO(iosb) - %d", - iosb.iosb$w_status); - sys$cantim (&sptb, 0); - } - close (SockDesc1); - close (SockDesc2); - sys$dassgn (TcpDeviceChan); - return -1; - } - - /* - ** Here we're successfully connected, so cancel the timer, convert the - ** I/O channel to a socket fd, close the listener socket and return the - ** connected pair. - */ - sys$cantim (&sptb, 0); - - close (SockDesc1) ; - SocketPair[0] = SockDesc2 ; - SocketPair[1] = socket_fd (TcpDeviceChan); - - return (0) ; - -} - -/*----------------------------------------------------------------------------*/ -/* */ -/*----------------------------------------------------------------------------*/ -static void SocketPairTimeoutAst (int astparm) -{ - SPTB *sptb = (SPTB *) astparm; - - sys$cancel (sptb->SockChan2); /* Cancel the connect() */ - sys$cancel (sptb->SockChan1); /* Cancel the accept() */ - - return; - -} - -/*----------------------------------------------------------------------------*/ -/* */ -/*----------------------------------------------------------------------------*/ -static int TerminalDeviceAst (int astparm) -{ - int status; - - /* - ** Terminate the terminal buffer - */ - TerminalDeviceBuff[TerminalDeviceIosb.iosb$w_bcnt] = '\0'; - strcat (TerminalDeviceBuff, "\n"); - - /* - ** Send the data read from the terminal device through the socket pair - */ - send (TerminalSocketPair[0], TerminalDeviceBuff, - TerminalDeviceIosb.iosb$w_bcnt + 1, 0); - - /* - ** Queue another async IO to the terminal device - */ - status = sys$qio (EFN$C_ENF, - TerminalDeviceChan, - IO$_READVBLK, - &TerminalDeviceIosb, - TerminalDeviceAst, - 0, - TerminalDeviceBuff, - sizeof(TerminalDeviceBuff) - 1, - 0, 0, 0, 0); - - /* - ** Return status - */ - return status; - -} - -/*----------------------------------------------------------------------------*/ -/* */ -/*----------------------------------------------------------------------------*/ -static void LogMessage (char *msg, ...) -{ - char *Month[] = {"Jan", "Feb", "Mar", "Apr", "May", "Jun", - "Jul", "Aug", "Sep", "Oct", "Nov", "Dec"}; - static unsigned int pid = 0; - va_list args; - time_t CurTime; - struct tm *LocTime; - char MsgBuff[256]; - - /* - ** Get the process pid - */ - if (pid == 0) - pid = getpid (); - - /* - ** Convert the current time into local time - */ - CurTime = time (NULL); - LocTime = localtime (&CurTime); - - /* - ** Format the message buffer - */ - sprintf (MsgBuff, "%02d-%s-%04d %02d:%02d:%02d [%08X] %s\n", - LocTime->tm_mday, Month[LocTime->tm_mon], - (LocTime->tm_year + 1900), LocTime->tm_hour, LocTime->tm_min, - LocTime->tm_sec, pid, msg); - - /* - ** Get any variable arguments and add them to the print of the message - ** buffer - */ - va_start (args, msg); - vfprintf (stderr, MsgBuff, args); - va_end (args); - - /* - ** Flush standard error output - */ - fsync (fileno (stderr)); - - return; - -} -#endif diff --git a/apps/lib/win32_init.c b/apps/lib/win32_init.c deleted file mode 100644 index 6d2be0c62942182831211ce1e2eb428248fddf71..0000000000000000000000000000000000000000 --- a/apps/lib/win32_init.c +++ /dev/null @@ -1,307 +0,0 @@ -/* - * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include - -#if defined(CP_UTF8) - -static UINT saved_cp; -static int newargc; -static char **newargv; - -static void cleanup(void) -{ - int i; - - SetConsoleOutputCP(saved_cp); - - for (i = 0; i < newargc; i++) - free(newargv[i]); - - free(newargv); -} - -/* - * Incrementally [re]allocate newargv and keep it NULL-terminated. - */ -static int validate_argv(int argc) -{ - static int size = 0; - - if (argc >= size) { - char **ptr; - - while (argc >= size) - size += 64; - - ptr = realloc(newargv, size * sizeof(newargv[0])); - if (ptr == NULL) - return 0; - - (newargv = ptr)[argc] = NULL; - } else { - newargv[argc] = NULL; - } - - return 1; -} - -static int process_glob(WCHAR *wstr, int wlen) -{ - int i, slash, udlen; - WCHAR saved_char; - WIN32_FIND_DATAW data; - HANDLE h; - - /* - * Note that we support wildcard characters only in filename part - * of the path, and not in directories. Windows users are used to - * this, that's why recursive glob processing is not implemented. - */ - /* - * Start by looking for last slash or backslash, ... - */ - for (slash = 0, i = 0; i < wlen; i++) - if (wstr[i] == L'/' || wstr[i] == L'\\') - slash = i + 1; - /* - * ... then look for asterisk or question mark in the file name. - */ - for (i = slash; i < wlen; i++) - if (wstr[i] == L'*' || wstr[i] == L'?') - break; - - if (i == wlen) - return 0; /* definitely not a glob */ - - saved_char = wstr[wlen]; - wstr[wlen] = L'\0'; - h = FindFirstFileW(wstr, &data); - wstr[wlen] = saved_char; - if (h == INVALID_HANDLE_VALUE) - return 0; /* not a valid glob, just pass... */ - - if (slash) - udlen = WideCharToMultiByte(CP_UTF8, 0, wstr, slash, - NULL, 0, NULL, NULL); - else - udlen = 0; - - do { - int uflen; - char *arg; - - /* - * skip over . and .. - */ - if (data.cFileName[0] == L'.') { - if ((data.cFileName[1] == L'\0') || - (data.cFileName[1] == L'.' && data.cFileName[2] == L'\0')) - continue; - } - - if (!validate_argv(newargc + 1)) - break; - - /* - * -1 below means "scan for trailing '\0' *and* count it", - * so that |uflen| covers even trailing '\0'. - */ - uflen = WideCharToMultiByte(CP_UTF8, 0, data.cFileName, -1, - NULL, 0, NULL, NULL); - - arg = malloc(udlen + uflen); - if (arg == NULL) - break; - - if (udlen) - WideCharToMultiByte(CP_UTF8, 0, wstr, slash, - arg, udlen, NULL, NULL); - - WideCharToMultiByte(CP_UTF8, 0, data.cFileName, -1, - arg + udlen, uflen, NULL, NULL); - - newargv[newargc++] = arg; - } while (FindNextFileW(h, &data)); - - CloseHandle(h); - - return 1; -} - -void win32_utf8argv(int *argc, char **argv[]) -{ - const WCHAR *wcmdline; - WCHAR *warg, *wend, *p; - int wlen, ulen, valid = 1; - char *arg; - - if (GetEnvironmentVariableW(L"OPENSSL_WIN32_UTF8", NULL, 0) == 0) - return; - - newargc = 0; - newargv = NULL; - if (!validate_argv(newargc)) - return; - - wcmdline = GetCommandLineW(); - if (wcmdline == NULL) return; - - /* - * make a copy of the command line, since we might have to modify it... - */ - wlen = wcslen(wcmdline); - p = _alloca((wlen + 1) * sizeof(WCHAR)); - wcscpy(p, wcmdline); - - while (*p != L'\0') { - int in_quote = 0; - - if (*p == L' ' || *p == L'\t') { - p++; /* skip over whitespace */ - continue; - } - - /* - * Note: because we may need to fiddle with the number of backslashes, - * the argument string is copied into itself. This is safe because - * the number of characters will never expand. - */ - warg = wend = p; - while (*p != L'\0' - && (in_quote || (*p != L' ' && *p != L'\t'))) { - switch (*p) { - case L'\\': - /* - * Microsoft documentation on how backslashes are treated - * is: - * - * + Backslashes are interpreted literally, unless they - * immediately precede a double quotation mark. - * + If an even number of backslashes is followed by a double - * quotation mark, one backslash is placed in the argv array - * for every pair of backslashes, and the double quotation - * mark is interpreted as a string delimiter. - * + If an odd number of backslashes is followed by a double - * quotation mark, one backslash is placed in the argv array - * for every pair of backslashes, and the double quotation - * mark is "escaped" by the remaining backslash, causing a - * literal double quotation mark (") to be placed in argv. - * - * Ref: https://msdn.microsoft.com/en-us/library/17w5ykft.aspx - * - * Though referred page doesn't mention it, multiple qouble - * quotes are also special. Pair of double quotes in quoted - * string is counted as single double quote. - */ - { - const WCHAR *q = p; - int i; - - while (*p == L'\\') - p++; - - if (*p == L'"') { - int i; - - for (i = (p - q) / 2; i > 0; i--) - *wend++ = L'\\'; - - /* - * if odd amount of backslashes before the quote, - * said quote is part of the argument, not a delimiter - */ - if ((p - q) % 2 == 1) - *wend++ = *p++; - } else { - for (i = p - q; i > 0; i--) - *wend++ = L'\\'; - } - } - break; - case L'"': - /* - * Without the preceding backslash (or when preceded with an - * even number of backslashes), the double quote is a simple - * string delimiter and just slightly change the parsing state - */ - if (in_quote && p[1] == L'"') - *wend++ = *p++; - else - in_quote = !in_quote; - p++; - break; - default: - /* - * Any other non-delimiter character is just taken verbatim - */ - *wend++ = *p++; - } - } - - wlen = wend - warg; - - if (wlen == 0 || !process_glob(warg, wlen)) { - if (!validate_argv(newargc + 1)) { - valid = 0; - break; - } - - ulen = 0; - if (wlen > 0) { - ulen = WideCharToMultiByte(CP_UTF8, 0, warg, wlen, - NULL, 0, NULL, NULL); - if (ulen <= 0) - continue; - } - - arg = malloc(ulen + 1); - if (arg == NULL) { - valid = 0; - break; - } - - if (wlen > 0) - WideCharToMultiByte(CP_UTF8, 0, warg, wlen, - arg, ulen, NULL, NULL); - arg[ulen] = '\0'; - - newargv[newargc++] = arg; - } - } - - if (valid) { - saved_cp = GetConsoleOutputCP(); - SetConsoleOutputCP(CP_UTF8); - - *argc = newargc; - *argv = newargv; - - atexit(cleanup); - } else if (newargv != NULL) { - int i; - - for (i = 0; i < newargc; i++) - free(newargv[i]); - - free(newargv); - - newargc = 0; - newargv = NULL; - } - - return; -} -#else -void win32_utf8argv(int *argc, char **argv[]) -{ return; } -#endif diff --git a/apps/list.c b/apps/list.c deleted file mode 100644 index 514abacfc835fd884bfa67eb991b90d4ed920488..0000000000000000000000000000000000000000 --- a/apps/list.c +++ /dev/null @@ -1,1706 +0,0 @@ -/* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* We need to use some deprecated APIs */ -#define OPENSSL_SUPPRESS_DEPRECATED - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include "apps.h" -#include "app_params.h" -#include "progs.h" -#include "opt.h" -#include "names.h" - -static int verbose = 0; -static const char *select_name = NULL; - -/* Checks to see if algorithms are fetchable */ -#define IS_FETCHABLE(type, TYPE) \ - static int is_ ## type ## _fetchable(const TYPE *alg) \ - { \ - TYPE *impl; \ - const char *propq = app_get0_propq(); \ - OSSL_LIB_CTX *libctx = app_get0_libctx(); \ - const char *name = TYPE ## _get0_name(alg); \ - \ - ERR_set_mark(); \ - impl = TYPE ## _fetch(libctx, name, propq); \ - ERR_pop_to_mark(); \ - if (impl == NULL) \ - return 0; \ - TYPE ## _free(impl); \ - return 1; \ - } -IS_FETCHABLE(cipher, EVP_CIPHER) -IS_FETCHABLE(digest, EVP_MD) -IS_FETCHABLE(mac, EVP_MAC) -IS_FETCHABLE(kdf, EVP_KDF) -IS_FETCHABLE(rand, EVP_RAND) -IS_FETCHABLE(keymgmt, EVP_KEYMGMT) -IS_FETCHABLE(signature, EVP_SIGNATURE) -IS_FETCHABLE(kem, EVP_KEM) -IS_FETCHABLE(asym_cipher, EVP_ASYM_CIPHER) -IS_FETCHABLE(keyexch, EVP_KEYEXCH) -IS_FETCHABLE(decoder, OSSL_DECODER) -IS_FETCHABLE(encoder, OSSL_ENCODER) - -#ifndef OPENSSL_NO_DEPRECATED_3_0 -static int include_legacy(void) -{ - return app_get0_propq() == NULL; -} - -static void legacy_cipher_fn(const EVP_CIPHER *c, - const char *from, const char *to, void *arg) -{ - if (select_name != NULL - && (c == NULL - || OPENSSL_strcasecmp(select_name, EVP_CIPHER_get0_name(c)) != 0)) - return; - if (c != NULL) { - BIO_printf(arg, " %s\n", EVP_CIPHER_get0_name(c)); - } else { - if (from == NULL) - from = ""; - if (to == NULL) - to = ""; - BIO_printf(arg, " %s => %s\n", from, to); - } -} -#endif - -DEFINE_STACK_OF(EVP_CIPHER) -static int cipher_cmp(const EVP_CIPHER * const *a, - const EVP_CIPHER * const *b) -{ - return strcmp(OSSL_PROVIDER_get0_name(EVP_CIPHER_get0_provider(*a)), - OSSL_PROVIDER_get0_name(EVP_CIPHER_get0_provider(*b))); -} - -static void collect_ciphers(EVP_CIPHER *cipher, void *stack) -{ - STACK_OF(EVP_CIPHER) *cipher_stack = stack; - - if (is_cipher_fetchable(cipher) - && sk_EVP_CIPHER_push(cipher_stack, cipher) > 0) - EVP_CIPHER_up_ref(cipher); -} - -static void list_ciphers(void) -{ - STACK_OF(EVP_CIPHER) *ciphers = sk_EVP_CIPHER_new(cipher_cmp); - int i; - - if (ciphers == NULL) { - BIO_printf(bio_err, "ERROR: Memory allocation\n"); - return; - } -#ifndef OPENSSL_NO_DEPRECATED_3_0 - if (include_legacy()) { - BIO_printf(bio_out, "Legacy:\n"); - EVP_CIPHER_do_all_sorted(legacy_cipher_fn, bio_out); - } -#endif - - BIO_printf(bio_out, "Provided:\n"); - EVP_CIPHER_do_all_provided(app_get0_libctx(), collect_ciphers, ciphers); - sk_EVP_CIPHER_sort(ciphers); - for (i = 0; i < sk_EVP_CIPHER_num(ciphers); i++) { - const EVP_CIPHER *c = sk_EVP_CIPHER_value(ciphers, i); - STACK_OF(OPENSSL_CSTRING) *names = NULL; - - if (select_name != NULL && !EVP_CIPHER_is_a(c, select_name)) - continue; - - names = sk_OPENSSL_CSTRING_new(name_cmp); - if (names != NULL && EVP_CIPHER_names_do_all(c, collect_names, names)) { - BIO_printf(bio_out, " "); - print_names(bio_out, names); - - BIO_printf(bio_out, " @ %s\n", - OSSL_PROVIDER_get0_name(EVP_CIPHER_get0_provider(c))); - - if (verbose) { - const char *desc = EVP_CIPHER_get0_description(c); - - if (desc != NULL) - BIO_printf(bio_out, " description: %s\n", desc); - print_param_types("retrievable algorithm parameters", - EVP_CIPHER_gettable_params(c), 4); - print_param_types("retrievable operation parameters", - EVP_CIPHER_gettable_ctx_params(c), 4); - print_param_types("settable operation parameters", - EVP_CIPHER_settable_ctx_params(c), 4); - } - } - sk_OPENSSL_CSTRING_free(names); - } - sk_EVP_CIPHER_pop_free(ciphers, EVP_CIPHER_free); -} - -#ifndef OPENSSL_NO_DEPRECATED_3_0 -static void legacy_md_fn(const EVP_MD *m, - const char *from, const char *to, void *arg) -{ - if (m != NULL) { - BIO_printf(arg, " %s\n", EVP_MD_get0_name(m)); - } else { - if (from == NULL) - from = ""; - if (to == NULL) - to = ""; - BIO_printf((BIO *)arg, " %s => %s\n", from, to); - } -} -#endif - -DEFINE_STACK_OF(EVP_MD) -static int md_cmp(const EVP_MD * const *a, const EVP_MD * const *b) -{ - return strcmp(OSSL_PROVIDER_get0_name(EVP_MD_get0_provider(*a)), - OSSL_PROVIDER_get0_name(EVP_MD_get0_provider(*b))); -} - -static void collect_digests(EVP_MD *digest, void *stack) -{ - STACK_OF(EVP_MD) *digest_stack = stack; - - if (is_digest_fetchable(digest) - && sk_EVP_MD_push(digest_stack, digest) > 0) - EVP_MD_up_ref(digest); -} - -static void list_digests(void) -{ - STACK_OF(EVP_MD) *digests = sk_EVP_MD_new(md_cmp); - int i; - - if (digests == NULL) { - BIO_printf(bio_err, "ERROR: Memory allocation\n"); - return; - } -#ifndef OPENSSL_NO_DEPRECATED_3_0 - if (include_legacy()) { - BIO_printf(bio_out, "Legacy:\n"); - EVP_MD_do_all_sorted(legacy_md_fn, bio_out); - } -#endif - - BIO_printf(bio_out, "Provided:\n"); - EVP_MD_do_all_provided(app_get0_libctx(), collect_digests, digests); - sk_EVP_MD_sort(digests); - for (i = 0; i < sk_EVP_MD_num(digests); i++) { - const EVP_MD *m = sk_EVP_MD_value(digests, i); - STACK_OF(OPENSSL_CSTRING) *names = NULL; - - if (select_name != NULL && !EVP_MD_is_a(m, select_name)) - continue; - - names = sk_OPENSSL_CSTRING_new(name_cmp); - if (names != NULL && EVP_MD_names_do_all(m, collect_names, names)) { - BIO_printf(bio_out, " "); - print_names(bio_out, names); - - BIO_printf(bio_out, " @ %s\n", - OSSL_PROVIDER_get0_name(EVP_MD_get0_provider(m))); - - if (verbose) { - const char *desc = EVP_MD_get0_description(m); - - if (desc != NULL) - BIO_printf(bio_out, " description: %s\n", desc); - print_param_types("retrievable algorithm parameters", - EVP_MD_gettable_params(m), 4); - print_param_types("retrievable operation parameters", - EVP_MD_gettable_ctx_params(m), 4); - print_param_types("settable operation parameters", - EVP_MD_settable_ctx_params(m), 4); - } - } - sk_OPENSSL_CSTRING_free(names); - } - sk_EVP_MD_pop_free(digests, EVP_MD_free); -} - -DEFINE_STACK_OF(EVP_MAC) -static int mac_cmp(const EVP_MAC * const *a, const EVP_MAC * const *b) -{ - return strcmp(OSSL_PROVIDER_get0_name(EVP_MAC_get0_provider(*a)), - OSSL_PROVIDER_get0_name(EVP_MAC_get0_provider(*b))); -} - -static void collect_macs(EVP_MAC *mac, void *stack) -{ - STACK_OF(EVP_MAC) *mac_stack = stack; - - if (is_mac_fetchable(mac) - && sk_EVP_MAC_push(mac_stack, mac) > 0) - EVP_MAC_up_ref(mac); -} - -static void list_macs(void) -{ - STACK_OF(EVP_MAC) *macs = sk_EVP_MAC_new(mac_cmp); - int i; - - if (macs == NULL) { - BIO_printf(bio_err, "ERROR: Memory allocation\n"); - return; - } - BIO_printf(bio_out, "Provided MACs:\n"); - EVP_MAC_do_all_provided(app_get0_libctx(), collect_macs, macs); - sk_EVP_MAC_sort(macs); - for (i = 0; i < sk_EVP_MAC_num(macs); i++) { - const EVP_MAC *m = sk_EVP_MAC_value(macs, i); - STACK_OF(OPENSSL_CSTRING) *names = NULL; - - if (select_name != NULL && !EVP_MAC_is_a(m, select_name)) - continue; - - names = sk_OPENSSL_CSTRING_new(name_cmp); - if (names != NULL && EVP_MAC_names_do_all(m, collect_names, names)) { - BIO_printf(bio_out, " "); - print_names(bio_out, names); - - BIO_printf(bio_out, " @ %s\n", - OSSL_PROVIDER_get0_name(EVP_MAC_get0_provider(m))); - - if (verbose) { - const char *desc = EVP_MAC_get0_description(m); - - if (desc != NULL) - BIO_printf(bio_out, " description: %s\n", desc); - print_param_types("retrievable algorithm parameters", - EVP_MAC_gettable_params(m), 4); - print_param_types("retrievable operation parameters", - EVP_MAC_gettable_ctx_params(m), 4); - print_param_types("settable operation parameters", - EVP_MAC_settable_ctx_params(m), 4); - } - } - sk_OPENSSL_CSTRING_free(names); - } - sk_EVP_MAC_pop_free(macs, EVP_MAC_free); -} - -/* - * KDFs and PRFs - */ -DEFINE_STACK_OF(EVP_KDF) -static int kdf_cmp(const EVP_KDF * const *a, const EVP_KDF * const *b) -{ - return strcmp(OSSL_PROVIDER_get0_name(EVP_KDF_get0_provider(*a)), - OSSL_PROVIDER_get0_name(EVP_KDF_get0_provider(*b))); -} - -static void collect_kdfs(EVP_KDF *kdf, void *stack) -{ - STACK_OF(EVP_KDF) *kdf_stack = stack; - - if (is_kdf_fetchable(kdf) - && sk_EVP_KDF_push(kdf_stack, kdf) > 0) - EVP_KDF_up_ref(kdf); -} - -static void list_kdfs(void) -{ - STACK_OF(EVP_KDF) *kdfs = sk_EVP_KDF_new(kdf_cmp); - int i; - - if (kdfs == NULL) { - BIO_printf(bio_err, "ERROR: Memory allocation\n"); - return; - } - BIO_printf(bio_out, "Provided KDFs and PDFs:\n"); - EVP_KDF_do_all_provided(app_get0_libctx(), collect_kdfs, kdfs); - sk_EVP_KDF_sort(kdfs); - for (i = 0; i < sk_EVP_KDF_num(kdfs); i++) { - const EVP_KDF *k = sk_EVP_KDF_value(kdfs, i); - STACK_OF(OPENSSL_CSTRING) *names = NULL; - - if (select_name != NULL && !EVP_KDF_is_a(k, select_name)) - continue; - - names = sk_OPENSSL_CSTRING_new(name_cmp); - if (names != NULL && EVP_KDF_names_do_all(k, collect_names, names)) { - BIO_printf(bio_out, " "); - print_names(bio_out, names); - - BIO_printf(bio_out, " @ %s\n", - OSSL_PROVIDER_get0_name(EVP_KDF_get0_provider(k))); - - if (verbose) { - const char *desc = EVP_KDF_get0_description(k); - - if (desc != NULL) - BIO_printf(bio_out, " description: %s\n", desc); - print_param_types("retrievable algorithm parameters", - EVP_KDF_gettable_params(k), 4); - print_param_types("retrievable operation parameters", - EVP_KDF_gettable_ctx_params(k), 4); - print_param_types("settable operation parameters", - EVP_KDF_settable_ctx_params(k), 4); - } - } - sk_OPENSSL_CSTRING_free(names); - } - sk_EVP_KDF_pop_free(kdfs, EVP_KDF_free); -} - -/* - * RANDs - */ -DEFINE_STACK_OF(EVP_RAND) - -static int rand_cmp(const EVP_RAND * const *a, const EVP_RAND * const *b) -{ - int ret = OPENSSL_strcasecmp(EVP_RAND_get0_name(*a), EVP_RAND_get0_name(*b)); - - if (ret == 0) - ret = strcmp(OSSL_PROVIDER_get0_name(EVP_RAND_get0_provider(*a)), - OSSL_PROVIDER_get0_name(EVP_RAND_get0_provider(*b))); - - return ret; -} - -static void collect_rands(EVP_RAND *rand, void *stack) -{ - STACK_OF(EVP_RAND) *rand_stack = stack; - - if (is_rand_fetchable(rand) - && sk_EVP_RAND_push(rand_stack, rand) > 0) - EVP_RAND_up_ref(rand); -} - -static void list_random_generators(void) -{ - STACK_OF(EVP_RAND) *rands = sk_EVP_RAND_new(rand_cmp); - int i; - - if (rands == NULL) { - BIO_printf(bio_err, "ERROR: Memory allocation\n"); - return; - } - BIO_printf(bio_out, "Provided RNGs and seed sources:\n"); - EVP_RAND_do_all_provided(app_get0_libctx(), collect_rands, rands); - sk_EVP_RAND_sort(rands); - for (i = 0; i < sk_EVP_RAND_num(rands); i++) { - const EVP_RAND *m = sk_EVP_RAND_value(rands, i); - - if (select_name != NULL - && OPENSSL_strcasecmp(EVP_RAND_get0_name(m), select_name) != 0) - continue; - BIO_printf(bio_out, " %s", EVP_RAND_get0_name(m)); - BIO_printf(bio_out, " @ %s\n", - OSSL_PROVIDER_get0_name(EVP_RAND_get0_provider(m))); - - if (verbose) { - const char *desc = EVP_RAND_get0_description(m); - - if (desc != NULL) - BIO_printf(bio_out, " description: %s\n", desc); - print_param_types("retrievable algorithm parameters", - EVP_RAND_gettable_params(m), 4); - print_param_types("retrievable operation parameters", - EVP_RAND_gettable_ctx_params(m), 4); - print_param_types("settable operation parameters", - EVP_RAND_settable_ctx_params(m), 4); - } - } - sk_EVP_RAND_pop_free(rands, EVP_RAND_free); -} - -static void display_random(const char *name, EVP_RAND_CTX *drbg) -{ - EVP_RAND *rand; - uint64_t u; - const char *p; - const OSSL_PARAM *gettables; - OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; - unsigned char buf[1000]; - - BIO_printf(bio_out, "%s:\n", name); - if (drbg != NULL) { - rand = EVP_RAND_CTX_get0_rand(drbg); - - BIO_printf(bio_out, " %s", EVP_RAND_get0_name(rand)); - BIO_printf(bio_out, " @ %s\n", - OSSL_PROVIDER_get0_name(EVP_RAND_get0_provider(rand))); - - switch (EVP_RAND_get_state(drbg)) { - case EVP_RAND_STATE_UNINITIALISED: - p = "uninitialised"; - break; - case EVP_RAND_STATE_READY: - p = "ready"; - break; - case EVP_RAND_STATE_ERROR: - p = "error"; - break; - default: - p = "unknown"; - break; - } - BIO_printf(bio_out, " state = %s\n", p); - - gettables = EVP_RAND_gettable_ctx_params(rand); - if (gettables != NULL) - for (; gettables->key != NULL; gettables++) { - /* State has been dealt with already, so ignore */ - if (OPENSSL_strcasecmp(gettables->key, OSSL_RAND_PARAM_STATE) == 0) - continue; - /* Outside of verbose mode, we skip non-string values */ - if (gettables->data_type != OSSL_PARAM_UTF8_STRING - && gettables->data_type != OSSL_PARAM_UTF8_PTR - && !verbose) - continue; - params->key = gettables->key; - params->data_type = gettables->data_type; - if (gettables->data_type == OSSL_PARAM_UNSIGNED_INTEGER - || gettables->data_type == OSSL_PARAM_INTEGER) { - params->data = &u; - params->data_size = sizeof(u); - } else { - params->data = buf; - params->data_size = sizeof(buf); - } - params->return_size = 0; - if (EVP_RAND_CTX_get_params(drbg, params)) - print_param_value(params, 2); - } - } -} - -static void list_random_instances(void) -{ - display_random("primary", RAND_get0_primary(NULL)); - display_random("public", RAND_get0_public(NULL)); - display_random("private", RAND_get0_private(NULL)); -} - -/* - * Encoders - */ -DEFINE_STACK_OF(OSSL_ENCODER) -static int encoder_cmp(const OSSL_ENCODER * const *a, - const OSSL_ENCODER * const *b) -{ - return strcmp(OSSL_PROVIDER_get0_name(OSSL_ENCODER_get0_provider(*a)), - OSSL_PROVIDER_get0_name(OSSL_ENCODER_get0_provider(*b))); -} - -static void collect_encoders(OSSL_ENCODER *encoder, void *stack) -{ - STACK_OF(OSSL_ENCODER) *encoder_stack = stack; - - if (is_encoder_fetchable(encoder) - && sk_OSSL_ENCODER_push(encoder_stack, encoder) > 0) - OSSL_ENCODER_up_ref(encoder); -} - -static void list_encoders(void) -{ - STACK_OF(OSSL_ENCODER) *encoders; - int i; - - encoders = sk_OSSL_ENCODER_new(encoder_cmp); - if (encoders == NULL) { - BIO_printf(bio_err, "ERROR: Memory allocation\n"); - return; - } - BIO_printf(bio_out, "Provided ENCODERs:\n"); - OSSL_ENCODER_do_all_provided(app_get0_libctx(), collect_encoders, - encoders); - sk_OSSL_ENCODER_sort(encoders); - - for (i = 0; i < sk_OSSL_ENCODER_num(encoders); i++) { - OSSL_ENCODER *k = sk_OSSL_ENCODER_value(encoders, i); - STACK_OF(OPENSSL_CSTRING) *names = NULL; - - if (select_name != NULL && !OSSL_ENCODER_is_a(k, select_name)) - continue; - - names = sk_OPENSSL_CSTRING_new(name_cmp); - if (names != NULL && OSSL_ENCODER_names_do_all(k, collect_names, names)) { - BIO_printf(bio_out, " "); - print_names(bio_out, names); - - BIO_printf(bio_out, " @ %s (%s)\n", - OSSL_PROVIDER_get0_name(OSSL_ENCODER_get0_provider(k)), - OSSL_ENCODER_get0_properties(k)); - - if (verbose) { - const char *desc = OSSL_ENCODER_get0_description(k); - - if (desc != NULL) - BIO_printf(bio_out, " description: %s\n", desc); - print_param_types("settable operation parameters", - OSSL_ENCODER_settable_ctx_params(k), 4); - } - } - sk_OPENSSL_CSTRING_free(names); - } - sk_OSSL_ENCODER_pop_free(encoders, OSSL_ENCODER_free); -} - -/* - * Decoders - */ -DEFINE_STACK_OF(OSSL_DECODER) -static int decoder_cmp(const OSSL_DECODER * const *a, - const OSSL_DECODER * const *b) -{ - return strcmp(OSSL_PROVIDER_get0_name(OSSL_DECODER_get0_provider(*a)), - OSSL_PROVIDER_get0_name(OSSL_DECODER_get0_provider(*b))); -} - -static void collect_decoders(OSSL_DECODER *decoder, void *stack) -{ - STACK_OF(OSSL_DECODER) *decoder_stack = stack; - - if (is_decoder_fetchable(decoder) - && sk_OSSL_DECODER_push(decoder_stack, decoder) > 0) - OSSL_DECODER_up_ref(decoder); -} - -static void list_decoders(void) -{ - STACK_OF(OSSL_DECODER) *decoders; - int i; - - decoders = sk_OSSL_DECODER_new(decoder_cmp); - if (decoders == NULL) { - BIO_printf(bio_err, "ERROR: Memory allocation\n"); - return; - } - BIO_printf(bio_out, "Provided DECODERs:\n"); - OSSL_DECODER_do_all_provided(app_get0_libctx(), collect_decoders, - decoders); - sk_OSSL_DECODER_sort(decoders); - - for (i = 0; i < sk_OSSL_DECODER_num(decoders); i++) { - OSSL_DECODER *k = sk_OSSL_DECODER_value(decoders, i); - STACK_OF(OPENSSL_CSTRING) *names = NULL; - - if (select_name != NULL && !OSSL_DECODER_is_a(k, select_name)) - continue; - - names = sk_OPENSSL_CSTRING_new(name_cmp); - if (names != NULL && OSSL_DECODER_names_do_all(k, collect_names, names)) { - BIO_printf(bio_out, " "); - print_names(bio_out, names); - - BIO_printf(bio_out, " @ %s (%s)\n", - OSSL_PROVIDER_get0_name(OSSL_DECODER_get0_provider(k)), - OSSL_DECODER_get0_properties(k)); - - if (verbose) { - const char *desc = OSSL_DECODER_get0_description(k); - - if (desc != NULL) - BIO_printf(bio_out, " description: %s\n", desc); - print_param_types("settable operation parameters", - OSSL_DECODER_settable_ctx_params(k), 4); - } - } - sk_OPENSSL_CSTRING_free(names); - } - sk_OSSL_DECODER_pop_free(decoders, OSSL_DECODER_free); -} - -DEFINE_STACK_OF(EVP_KEYMGMT) -static int keymanager_cmp(const EVP_KEYMGMT * const *a, - const EVP_KEYMGMT * const *b) -{ - return strcmp(OSSL_PROVIDER_get0_name(EVP_KEYMGMT_get0_provider(*a)), - OSSL_PROVIDER_get0_name(EVP_KEYMGMT_get0_provider(*b))); -} - -static void collect_keymanagers(EVP_KEYMGMT *km, void *stack) -{ - STACK_OF(EVP_KEYMGMT) *km_stack = stack; - - if (is_keymgmt_fetchable(km) - && sk_EVP_KEYMGMT_push(km_stack, km) > 0) - EVP_KEYMGMT_up_ref(km); -} - -static void list_keymanagers(void) -{ - int i; - STACK_OF(EVP_KEYMGMT) *km_stack = sk_EVP_KEYMGMT_new(keymanager_cmp); - - EVP_KEYMGMT_do_all_provided(app_get0_libctx(), collect_keymanagers, - km_stack); - sk_EVP_KEYMGMT_sort(km_stack); - - for (i = 0; i < sk_EVP_KEYMGMT_num(km_stack); i++) { - EVP_KEYMGMT *k = sk_EVP_KEYMGMT_value(km_stack, i); - STACK_OF(OPENSSL_CSTRING) *names = NULL; - - if (select_name != NULL && !EVP_KEYMGMT_is_a(k, select_name)) - continue; - - names = sk_OPENSSL_CSTRING_new(name_cmp); - if (names != NULL && EVP_KEYMGMT_names_do_all(k, collect_names, names)) { - const char *desc = EVP_KEYMGMT_get0_description(k); - - BIO_printf(bio_out, " Name: "); - if (desc != NULL) - BIO_printf(bio_out, "%s", desc); - else - BIO_printf(bio_out, "%s", sk_OPENSSL_CSTRING_value(names, 0)); - BIO_printf(bio_out, "\n"); - BIO_printf(bio_out, " Type: Provider Algorithm\n"); - BIO_printf(bio_out, " IDs: "); - print_names(bio_out, names); - BIO_printf(bio_out, " @ %s\n", - OSSL_PROVIDER_get0_name(EVP_KEYMGMT_get0_provider(k))); - - if (verbose) { - print_param_types("settable key generation parameters", - EVP_KEYMGMT_gen_settable_params(k), 4); - print_param_types("settable operation parameters", - EVP_KEYMGMT_settable_params(k), 4); - print_param_types("retrievable operation parameters", - EVP_KEYMGMT_gettable_params(k), 4); - } - } - sk_OPENSSL_CSTRING_free(names); - } - sk_EVP_KEYMGMT_pop_free(km_stack, EVP_KEYMGMT_free); -} - -DEFINE_STACK_OF(EVP_SIGNATURE) -static int signature_cmp(const EVP_SIGNATURE * const *a, - const EVP_SIGNATURE * const *b) -{ - return strcmp(OSSL_PROVIDER_get0_name(EVP_SIGNATURE_get0_provider(*a)), - OSSL_PROVIDER_get0_name(EVP_SIGNATURE_get0_provider(*b))); -} - -static void collect_signatures(EVP_SIGNATURE *sig, void *stack) -{ - STACK_OF(EVP_SIGNATURE) *sig_stack = stack; - - if (is_signature_fetchable(sig) - && sk_EVP_SIGNATURE_push(sig_stack, sig) > 0) - EVP_SIGNATURE_up_ref(sig); -} - -static void list_signatures(void) -{ - int i, count = 0; - STACK_OF(EVP_SIGNATURE) *sig_stack = sk_EVP_SIGNATURE_new(signature_cmp); - - EVP_SIGNATURE_do_all_provided(app_get0_libctx(), collect_signatures, - sig_stack); - sk_EVP_SIGNATURE_sort(sig_stack); - - for (i = 0; i < sk_EVP_SIGNATURE_num(sig_stack); i++) { - EVP_SIGNATURE *k = sk_EVP_SIGNATURE_value(sig_stack, i); - STACK_OF(OPENSSL_CSTRING) *names = NULL; - - if (select_name != NULL && !EVP_SIGNATURE_is_a(k, select_name)) - continue; - - names = sk_OPENSSL_CSTRING_new(name_cmp); - if (names != NULL && EVP_SIGNATURE_names_do_all(k, collect_names, names)) { - count++; - BIO_printf(bio_out, " "); - print_names(bio_out, names); - - BIO_printf(bio_out, " @ %s\n", - OSSL_PROVIDER_get0_name(EVP_SIGNATURE_get0_provider(k))); - - if (verbose) { - const char *desc = EVP_SIGNATURE_get0_description(k); - - if (desc != NULL) - BIO_printf(bio_out, " description: %s\n", desc); - print_param_types("settable operation parameters", - EVP_SIGNATURE_settable_ctx_params(k), 4); - print_param_types("retrievable operation parameters", - EVP_SIGNATURE_gettable_ctx_params(k), 4); - } - } - sk_OPENSSL_CSTRING_free(names); - } - sk_EVP_SIGNATURE_pop_free(sig_stack, EVP_SIGNATURE_free); - if (count == 0) - BIO_printf(bio_out, " -\n"); -} - -DEFINE_STACK_OF(EVP_KEM) -static int kem_cmp(const EVP_KEM * const *a, - const EVP_KEM * const *b) -{ - return strcmp(OSSL_PROVIDER_get0_name(EVP_KEM_get0_provider(*a)), - OSSL_PROVIDER_get0_name(EVP_KEM_get0_provider(*b))); -} - -static void collect_kem(EVP_KEM *kem, void *stack) -{ - STACK_OF(EVP_KEM) *kem_stack = stack; - - if (is_kem_fetchable(kem) - && sk_EVP_KEM_push(kem_stack, kem) > 0) - EVP_KEM_up_ref(kem); -} - -static void list_kems(void) -{ - int i, count = 0; - STACK_OF(EVP_KEM) *kem_stack = sk_EVP_KEM_new(kem_cmp); - - EVP_KEM_do_all_provided(app_get0_libctx(), collect_kem, kem_stack); - sk_EVP_KEM_sort(kem_stack); - - for (i = 0; i < sk_EVP_KEM_num(kem_stack); i++) { - EVP_KEM *k = sk_EVP_KEM_value(kem_stack, i); - STACK_OF(OPENSSL_CSTRING) *names = NULL; - - if (select_name != NULL && !EVP_KEM_is_a(k, select_name)) - continue; - - names = sk_OPENSSL_CSTRING_new(name_cmp); - if (names != NULL && EVP_KEM_names_do_all(k, collect_names, names)) { - count++; - BIO_printf(bio_out, " "); - print_names(bio_out, names); - - BIO_printf(bio_out, " @ %s\n", - OSSL_PROVIDER_get0_name(EVP_KEM_get0_provider(k))); - - if (verbose) { - const char *desc = EVP_KEM_get0_description(k); - - if (desc != NULL) - BIO_printf(bio_out, " description: %s\n", desc); - print_param_types("settable operation parameters", - EVP_KEM_settable_ctx_params(k), 4); - print_param_types("retrievable operation parameters", - EVP_KEM_gettable_ctx_params(k), 4); - } - } - sk_OPENSSL_CSTRING_free(names); - } - sk_EVP_KEM_pop_free(kem_stack, EVP_KEM_free); - if (count == 0) - BIO_printf(bio_out, " -\n"); -} - -DEFINE_STACK_OF(EVP_ASYM_CIPHER) -static int asymcipher_cmp(const EVP_ASYM_CIPHER * const *a, - const EVP_ASYM_CIPHER * const *b) -{ - return strcmp(OSSL_PROVIDER_get0_name(EVP_ASYM_CIPHER_get0_provider(*a)), - OSSL_PROVIDER_get0_name(EVP_ASYM_CIPHER_get0_provider(*b))); -} - -static void collect_asymciph(EVP_ASYM_CIPHER *asym_cipher, void *stack) -{ - STACK_OF(EVP_ASYM_CIPHER) *asym_cipher_stack = stack; - - if (is_asym_cipher_fetchable(asym_cipher) - && sk_EVP_ASYM_CIPHER_push(asym_cipher_stack, asym_cipher) > 0) - EVP_ASYM_CIPHER_up_ref(asym_cipher); -} - -static void list_asymciphers(void) -{ - int i, count = 0; - STACK_OF(EVP_ASYM_CIPHER) *asymciph_stack = - sk_EVP_ASYM_CIPHER_new(asymcipher_cmp); - - EVP_ASYM_CIPHER_do_all_provided(app_get0_libctx(), collect_asymciph, - asymciph_stack); - sk_EVP_ASYM_CIPHER_sort(asymciph_stack); - - for (i = 0; i < sk_EVP_ASYM_CIPHER_num(asymciph_stack); i++) { - EVP_ASYM_CIPHER *k = sk_EVP_ASYM_CIPHER_value(asymciph_stack, i); - STACK_OF(OPENSSL_CSTRING) *names = NULL; - - if (select_name != NULL && !EVP_ASYM_CIPHER_is_a(k, select_name)) - continue; - - names = sk_OPENSSL_CSTRING_new(name_cmp); - if (names != NULL - && EVP_ASYM_CIPHER_names_do_all(k, collect_names, names)) { - count++; - BIO_printf(bio_out, " "); - print_names(bio_out, names); - - BIO_printf(bio_out, " @ %s\n", - OSSL_PROVIDER_get0_name(EVP_ASYM_CIPHER_get0_provider(k))); - - if (verbose) { - const char *desc = EVP_ASYM_CIPHER_get0_description(k); - - if (desc != NULL) - BIO_printf(bio_out, " description: %s\n", desc); - print_param_types("settable operation parameters", - EVP_ASYM_CIPHER_settable_ctx_params(k), 4); - print_param_types("retrievable operation parameters", - EVP_ASYM_CIPHER_gettable_ctx_params(k), 4); - } - } - sk_OPENSSL_CSTRING_free(names); - } - sk_EVP_ASYM_CIPHER_pop_free(asymciph_stack, EVP_ASYM_CIPHER_free); - if (count == 0) - BIO_printf(bio_out, " -\n"); -} - -DEFINE_STACK_OF(EVP_KEYEXCH) -static int kex_cmp(const EVP_KEYEXCH * const *a, - const EVP_KEYEXCH * const *b) -{ - return strcmp(OSSL_PROVIDER_get0_name(EVP_KEYEXCH_get0_provider(*a)), - OSSL_PROVIDER_get0_name(EVP_KEYEXCH_get0_provider(*b))); -} - -static void collect_kex(EVP_KEYEXCH *kex, void *stack) -{ - STACK_OF(EVP_KEYEXCH) *kex_stack = stack; - - if (is_keyexch_fetchable(kex) - && sk_EVP_KEYEXCH_push(kex_stack, kex) > 0) - EVP_KEYEXCH_up_ref(kex); -} - -static void list_keyexchanges(void) -{ - int i, count = 0; - STACK_OF(EVP_KEYEXCH) *kex_stack = sk_EVP_KEYEXCH_new(kex_cmp); - - EVP_KEYEXCH_do_all_provided(app_get0_libctx(), collect_kex, kex_stack); - sk_EVP_KEYEXCH_sort(kex_stack); - - for (i = 0; i < sk_EVP_KEYEXCH_num(kex_stack); i++) { - EVP_KEYEXCH *k = sk_EVP_KEYEXCH_value(kex_stack, i); - STACK_OF(OPENSSL_CSTRING) *names = NULL; - - if (select_name != NULL && !EVP_KEYEXCH_is_a(k, select_name)) - continue; - - names = sk_OPENSSL_CSTRING_new(name_cmp); - if (names != NULL && EVP_KEYEXCH_names_do_all(k, collect_names, names)) { - count++; - BIO_printf(bio_out, " "); - print_names(bio_out, names); - - BIO_printf(bio_out, " @ %s\n", - OSSL_PROVIDER_get0_name(EVP_KEYEXCH_get0_provider(k))); - - if (verbose) { - const char *desc = EVP_KEYEXCH_get0_description(k); - - if (desc != NULL) - BIO_printf(bio_out, " description: %s\n", desc); - print_param_types("settable operation parameters", - EVP_KEYEXCH_settable_ctx_params(k), 4); - print_param_types("retrievable operation parameters", - EVP_KEYEXCH_gettable_ctx_params(k), 4); - } - } - sk_OPENSSL_CSTRING_free(names); - } - sk_EVP_KEYEXCH_pop_free(kex_stack, EVP_KEYEXCH_free); - if (count == 0) - BIO_printf(bio_out, " -\n"); -} - -static void list_objects(void) -{ - int max_nid = OBJ_new_nid(0); - int i; - char *oid_buf = NULL; - int oid_size = 0; - - /* Skip 0, since that's NID_undef */ - for (i = 1; i < max_nid; i++) { - const ASN1_OBJECT *obj = OBJ_nid2obj(i); - const char *sn = OBJ_nid2sn(i); - const char *ln = OBJ_nid2ln(i); - int n = 0; - - /* - * If one of the retrieved objects somehow generated an error, - * we ignore it. The check for NID_undef below will detect the - * error and simply skip to the next NID. - */ - ERR_clear_error(); - - if (OBJ_obj2nid(obj) == NID_undef) - continue; - - if ((n = OBJ_obj2txt(NULL, 0, obj, 1)) == 0) { - BIO_printf(bio_out, "# None-OID object: %s, %s\n", sn, ln); - continue; - } - if (n < 0) - break; /* Error */ - - if (n > oid_size) { - oid_buf = OPENSSL_realloc(oid_buf, n + 1); - if (oid_buf == NULL) { - BIO_printf(bio_err, "ERROR: Memory allocation\n"); - break; /* Error */ - } - oid_size = n + 1; - } - if (OBJ_obj2txt(oid_buf, oid_size, obj, 1) < 0) - break; /* Error */ - if (ln == NULL || strcmp(sn, ln) == 0) - BIO_printf(bio_out, "%s = %s\n", sn, oid_buf); - else - BIO_printf(bio_out, "%s = %s, %s\n", sn, ln, oid_buf); - } - - OPENSSL_free(oid_buf); -} - -static void list_options_for_command(const char *command) -{ - const FUNCTION *fp; - const OPTIONS *o; - - for (fp = functions; fp->name != NULL; fp++) - if (strcmp(fp->name, command) == 0) - break; - if (fp->name == NULL) { - BIO_printf(bio_err, "Invalid command '%s'; type \"help\" for a list.\n", - command); - return; - } - - if ((o = fp->help) == NULL) - return; - - for ( ; o->name != NULL; o++) { - char c = o->valtype; - - if (o->name == OPT_PARAM_STR) - break; - - if (o->name == OPT_HELP_STR - || o->name == OPT_MORE_STR - || o->name == OPT_SECTION_STR - || o->name[0] == '\0') - continue; - BIO_printf(bio_out, "%s %c\n", o->name, c == '\0' ? '-' : c); - } - /* Always output the -- marker since it is sometimes documented. */ - BIO_printf(bio_out, "- -\n"); -} - -static int is_md_available(const char *name) -{ - EVP_MD *md; - const char *propq = app_get0_propq(); - - /* Look through providers' digests */ - ERR_set_mark(); - md = EVP_MD_fetch(app_get0_libctx(), name, propq); - ERR_pop_to_mark(); - if (md != NULL) { - EVP_MD_free(md); - return 1; - } - - return propq != NULL || get_digest_from_engine(name) == NULL ? 0 : 1; -} - -static int is_cipher_available(const char *name) -{ - EVP_CIPHER *cipher; - const char *propq = app_get0_propq(); - - /* Look through providers' ciphers */ - ERR_set_mark(); - cipher = EVP_CIPHER_fetch(app_get0_libctx(), name, propq); - ERR_pop_to_mark(); - if (cipher != NULL) { - EVP_CIPHER_free(cipher); - return 1; - } - - return propq != NULL || get_cipher_from_engine(name) == NULL ? 0 : 1; -} - -static void list_type(FUNC_TYPE ft, int one) -{ - FUNCTION *fp; - int i = 0; - DISPLAY_COLUMNS dc; - - memset(&dc, 0, sizeof(dc)); - if (!one) - calculate_columns(functions, &dc); - - for (fp = functions; fp->name != NULL; fp++) { - if (fp->type != ft) - continue; - switch (ft) { - case FT_cipher: - if (!is_cipher_available(fp->name)) - continue; - break; - case FT_md: - if (!is_md_available(fp->name)) - continue; - break; - default: - break; - } - if (one) { - BIO_printf(bio_out, "%s\n", fp->name); - } else { - if (i % dc.columns == 0 && i > 0) - BIO_printf(bio_out, "\n"); - BIO_printf(bio_out, "%-*s", dc.width, fp->name); - i++; - } - } - if (!one) - BIO_printf(bio_out, "\n\n"); -} - -static void list_pkey(void) -{ -#ifndef OPENSSL_NO_DEPRECATED_3_0 - int i; - - if (select_name == NULL && include_legacy()) { - BIO_printf(bio_out, "Legacy:\n"); - for (i = 0; i < EVP_PKEY_asn1_get_count(); i++) { - const EVP_PKEY_ASN1_METHOD *ameth; - int pkey_id, pkey_base_id, pkey_flags; - const char *pinfo, *pem_str; - ameth = EVP_PKEY_asn1_get0(i); - EVP_PKEY_asn1_get0_info(&pkey_id, &pkey_base_id, &pkey_flags, - &pinfo, &pem_str, ameth); - if (pkey_flags & ASN1_PKEY_ALIAS) { - BIO_printf(bio_out, " Name: %s\n", OBJ_nid2ln(pkey_id)); - BIO_printf(bio_out, "\tAlias for: %s\n", - OBJ_nid2ln(pkey_base_id)); - } else { - BIO_printf(bio_out, " Name: %s\n", pinfo); - BIO_printf(bio_out, "\tType: %s Algorithm\n", - pkey_flags & ASN1_PKEY_DYNAMIC ? - "External" : "Builtin"); - BIO_printf(bio_out, "\tOID: %s\n", OBJ_nid2ln(pkey_id)); - if (pem_str == NULL) - pem_str = "(none)"; - BIO_printf(bio_out, "\tPEM string: %s\n", pem_str); - } - } - } -#endif - BIO_printf(bio_out, "Provided:\n"); - BIO_printf(bio_out, " Key Managers:\n"); - list_keymanagers(); -} - -static void list_pkey_meth(void) -{ -#ifndef OPENSSL_NO_DEPRECATED_3_0 - size_t i; - size_t meth_count = EVP_PKEY_meth_get_count(); - - if (select_name == NULL && include_legacy()) { - BIO_printf(bio_out, "Legacy:\n"); - for (i = 0; i < meth_count; i++) { - const EVP_PKEY_METHOD *pmeth = EVP_PKEY_meth_get0(i); - int pkey_id, pkey_flags; - - EVP_PKEY_meth_get0_info(&pkey_id, &pkey_flags, pmeth); - BIO_printf(bio_out, " %s\n", OBJ_nid2ln(pkey_id)); - BIO_printf(bio_out, "\tType: %s Algorithm\n", - pkey_flags & ASN1_PKEY_DYNAMIC ? "External" : "Builtin"); - } - } -#endif - BIO_printf(bio_out, "Provided:\n"); - BIO_printf(bio_out, " Encryption:\n"); - list_asymciphers(); - BIO_printf(bio_out, " Key Exchange:\n"); - list_keyexchanges(); - BIO_printf(bio_out, " Signatures:\n"); - list_signatures(); - BIO_printf(bio_out, " Key encapsulation:\n"); - list_kems(); -} - -DEFINE_STACK_OF(OSSL_STORE_LOADER) -static int store_cmp(const OSSL_STORE_LOADER * const *a, - const OSSL_STORE_LOADER * const *b) -{ - return strcmp(OSSL_PROVIDER_get0_name(OSSL_STORE_LOADER_get0_provider(*a)), - OSSL_PROVIDER_get0_name(OSSL_STORE_LOADER_get0_provider(*b))); -} - -static void collect_store_loaders(OSSL_STORE_LOADER *store, void *stack) -{ - STACK_OF(OSSL_STORE_LOADER) *store_stack = stack; - - if (sk_OSSL_STORE_LOADER_push(store_stack, store) > 0) - OSSL_STORE_LOADER_up_ref(store); -} - -static void list_store_loaders(void) -{ - STACK_OF(OSSL_STORE_LOADER) *stores = sk_OSSL_STORE_LOADER_new(store_cmp); - int i; - - if (stores == NULL) { - BIO_printf(bio_err, "ERROR: Memory allocation\n"); - return; - } - BIO_printf(bio_out, "Provided STORE LOADERs:\n"); - OSSL_STORE_LOADER_do_all_provided(app_get0_libctx(), collect_store_loaders, - stores); - sk_OSSL_STORE_LOADER_sort(stores); - for (i = 0; i < sk_OSSL_STORE_LOADER_num(stores); i++) { - const OSSL_STORE_LOADER *m = sk_OSSL_STORE_LOADER_value(stores, i); - STACK_OF(OPENSSL_CSTRING) *names = NULL; - - if (select_name != NULL && !OSSL_STORE_LOADER_is_a(m, select_name)) - continue; - - names = sk_OPENSSL_CSTRING_new(name_cmp); - if (names != NULL && OSSL_STORE_LOADER_names_do_all(m, collect_names, - names)) { - BIO_printf(bio_out, " "); - print_names(bio_out, names); - - BIO_printf(bio_out, " @ %s\n", - OSSL_PROVIDER_get0_name(OSSL_STORE_LOADER_get0_provider(m))); - } - sk_OPENSSL_CSTRING_free(names); - } - sk_OSSL_STORE_LOADER_pop_free(stores, OSSL_STORE_LOADER_free); -} - -DEFINE_STACK_OF(OSSL_PROVIDER) -static int provider_cmp(const OSSL_PROVIDER * const *a, - const OSSL_PROVIDER * const *b) -{ - return strcmp(OSSL_PROVIDER_get0_name(*a), OSSL_PROVIDER_get0_name(*b)); -} - -static int collect_providers(OSSL_PROVIDER *provider, void *stack) -{ - STACK_OF(OSSL_PROVIDER) *provider_stack = stack; - - sk_OSSL_PROVIDER_push(provider_stack, provider); - return 1; -} - -static void list_provider_info(void) -{ - STACK_OF(OSSL_PROVIDER) *providers = sk_OSSL_PROVIDER_new(provider_cmp); - OSSL_PARAM params[5]; - char *name, *version, *buildinfo; - int status; - int i; - - if (providers == NULL) { - BIO_printf(bio_err, "ERROR: Memory allocation\n"); - return; - } - BIO_printf(bio_out, "Providers:\n"); - OSSL_PROVIDER_do_all(NULL, &collect_providers, providers); - sk_OSSL_PROVIDER_sort(providers); - for (i = 0; i < sk_OSSL_PROVIDER_num(providers); i++) { - const OSSL_PROVIDER *prov = sk_OSSL_PROVIDER_value(providers, i); - - /* Query the "known" information parameters, the order matches below */ - params[0] = OSSL_PARAM_construct_utf8_ptr(OSSL_PROV_PARAM_NAME, - &name, 0); - params[1] = OSSL_PARAM_construct_utf8_ptr(OSSL_PROV_PARAM_VERSION, - &version, 0); - params[2] = OSSL_PARAM_construct_int(OSSL_PROV_PARAM_STATUS, &status); - params[3] = OSSL_PARAM_construct_utf8_ptr(OSSL_PROV_PARAM_BUILDINFO, - &buildinfo, 0); - params[4] = OSSL_PARAM_construct_end(); - OSSL_PARAM_set_all_unmodified(params); - if (!OSSL_PROVIDER_get_params(prov, params)) { - BIO_printf(bio_err, "ERROR: Unable to query provider parameters\n"); - return; - } - - /* Print out the provider information, the params order matches above */ - BIO_printf(bio_out, " %s\n", OSSL_PROVIDER_get0_name(prov)); - if (OSSL_PARAM_modified(params)) - BIO_printf(bio_out, " name: %s\n", name); - if (OSSL_PARAM_modified(params + 1)) - BIO_printf(bio_out, " version: %s\n", version); - if (OSSL_PARAM_modified(params + 2)) - BIO_printf(bio_out, " status: %sactive\n", status ? "" : "in"); - if (verbose) { - if (OSSL_PARAM_modified(params + 3)) - BIO_printf(bio_out, " build info: %s\n", buildinfo); - print_param_types("gettable provider parameters", - OSSL_PROVIDER_gettable_params(prov), 4); - } - } - sk_OSSL_PROVIDER_free(providers); -} - -#ifndef OPENSSL_NO_DEPRECATED_3_0 -static void list_engines(void) -{ -# ifndef OPENSSL_NO_ENGINE - ENGINE *e; - - BIO_puts(bio_out, "Engines:\n"); - e = ENGINE_get_first(); - while (e) { - BIO_printf(bio_out, "%s\n", ENGINE_get_id(e)); - e = ENGINE_get_next(e); - } -# else - BIO_puts(bio_out, "Engine support is disabled.\n"); -# endif -} -#endif - -static void list_disabled(void) -{ - BIO_puts(bio_out, "Disabled algorithms:\n"); -#ifdef OPENSSL_NO_ARIA - BIO_puts(bio_out, "ARIA\n"); -#endif -#ifdef OPENSSL_NO_BF - BIO_puts(bio_out, "BF\n"); -#endif -#ifdef OPENSSL_NO_BLAKE2 - BIO_puts(bio_out, "BLAKE2\n"); -#endif -#ifdef OPENSSL_NO_CAMELLIA - BIO_puts(bio_out, "CAMELLIA\n"); -#endif -#ifdef OPENSSL_NO_CAST - BIO_puts(bio_out, "CAST\n"); -#endif -#ifdef OPENSSL_NO_CMAC - BIO_puts(bio_out, "CMAC\n"); -#endif -#ifdef OPENSSL_NO_CMS - BIO_puts(bio_out, "CMS\n"); -#endif -#ifdef OPENSSL_NO_COMP - BIO_puts(bio_out, "COMP\n"); -#endif -#ifdef OPENSSL_NO_DES - BIO_puts(bio_out, "DES\n"); -#endif -#ifdef OPENSSL_NO_DGRAM - BIO_puts(bio_out, "DGRAM\n"); -#endif -#ifdef OPENSSL_NO_DH - BIO_puts(bio_out, "DH\n"); -#endif -#ifdef OPENSSL_NO_DSA - BIO_puts(bio_out, "DSA\n"); -#endif -#if defined(OPENSSL_NO_DTLS) - BIO_puts(bio_out, "DTLS\n"); -#endif -#if defined(OPENSSL_NO_DTLS1) - BIO_puts(bio_out, "DTLS1\n"); -#endif -#if defined(OPENSSL_NO_DTLS1_2) - BIO_puts(bio_out, "DTLS1_2\n"); -#endif -#ifdef OPENSSL_NO_EC - BIO_puts(bio_out, "EC\n"); -#endif -#ifdef OPENSSL_NO_EC2M - BIO_puts(bio_out, "EC2M\n"); -#endif -#if defined(OPENSSL_NO_ENGINE) && !defined(OPENSSL_NO_DEPRECATED_3_0) - BIO_puts(bio_out, "ENGINE\n"); -#endif -#ifdef OPENSSL_NO_GOST - BIO_puts(bio_out, "GOST\n"); -#endif -#ifdef OPENSSL_NO_IDEA - BIO_puts(bio_out, "IDEA\n"); -#endif -#ifdef OPENSSL_NO_MD2 - BIO_puts(bio_out, "MD2\n"); -#endif -#ifdef OPENSSL_NO_MD4 - BIO_puts(bio_out, "MD4\n"); -#endif -#ifdef OPENSSL_NO_MD5 - BIO_puts(bio_out, "MD5\n"); -#endif -#ifdef OPENSSL_NO_MDC2 - BIO_puts(bio_out, "MDC2\n"); -#endif -#ifdef OPENSSL_NO_OCB - BIO_puts(bio_out, "OCB\n"); -#endif -#ifdef OPENSSL_NO_OCSP - BIO_puts(bio_out, "OCSP\n"); -#endif -#ifdef OPENSSL_NO_PSK - BIO_puts(bio_out, "PSK\n"); -#endif -#ifdef OPENSSL_NO_RC2 - BIO_puts(bio_out, "RC2\n"); -#endif -#ifdef OPENSSL_NO_RC4 - BIO_puts(bio_out, "RC4\n"); -#endif -#ifdef OPENSSL_NO_RC5 - BIO_puts(bio_out, "RC5\n"); -#endif -#ifdef OPENSSL_NO_RMD160 - BIO_puts(bio_out, "RMD160\n"); -#endif -#ifdef OPENSSL_NO_SCRYPT - BIO_puts(bio_out, "SCRYPT\n"); -#endif -#ifdef OPENSSL_NO_SCTP - BIO_puts(bio_out, "SCTP\n"); -#endif -#ifdef OPENSSL_NO_SEED - BIO_puts(bio_out, "SEED\n"); -#endif -#ifdef OPENSSL_NO_SM2 - BIO_puts(bio_out, "SM2\n"); -#endif -#ifdef OPENSSL_NO_SM3 - BIO_puts(bio_out, "SM3\n"); -#endif -#ifdef OPENSSL_NO_SM4 - BIO_puts(bio_out, "SM4\n"); -#endif -#ifdef OPENSSL_NO_SOCK - BIO_puts(bio_out, "SOCK\n"); -#endif -#ifdef OPENSSL_NO_SRP - BIO_puts(bio_out, "SRP\n"); -#endif -#ifdef OPENSSL_NO_SRTP - BIO_puts(bio_out, "SRTP\n"); -#endif -#ifdef OPENSSL_NO_SSL3 - BIO_puts(bio_out, "SSL3\n"); -#endif -#ifdef OPENSSL_NO_TLS1 - BIO_puts(bio_out, "TLS1\n"); -#endif -#ifdef OPENSSL_NO_TLS1_1 - BIO_puts(bio_out, "TLS1_1\n"); -#endif -#ifdef OPENSSL_NO_TLS1_2 - BIO_puts(bio_out, "TLS1_2\n"); -#endif -#ifdef OPENSSL_NO_WHIRLPOOL - BIO_puts(bio_out, "WHIRLPOOL\n"); -#endif -#ifndef ZLIB - BIO_puts(bio_out, "ZLIB\n"); -#endif -} - -/* Unified enum for help and list commands. */ -typedef enum HELPLIST_CHOICE { - OPT_COMMON, - OPT_ONE, OPT_VERBOSE, - OPT_COMMANDS, OPT_DIGEST_COMMANDS, OPT_MAC_ALGORITHMS, OPT_OPTIONS, - OPT_DIGEST_ALGORITHMS, OPT_CIPHER_COMMANDS, OPT_CIPHER_ALGORITHMS, - OPT_PK_ALGORITHMS, OPT_PK_METHOD, OPT_DISABLED, - OPT_KDF_ALGORITHMS, OPT_RANDOM_INSTANCES, OPT_RANDOM_GENERATORS, - OPT_ENCODERS, OPT_DECODERS, OPT_KEYMANAGERS, OPT_KEYEXCHANGE_ALGORITHMS, - OPT_KEM_ALGORITHMS, OPT_SIGNATURE_ALGORITHMS, OPT_ASYM_CIPHER_ALGORITHMS, - OPT_STORE_LOADERS, OPT_PROVIDER_INFO, - OPT_OBJECTS, OPT_SELECT_NAME, -#ifndef OPENSSL_NO_DEPRECATED_3_0 - OPT_ENGINES, -#endif - OPT_PROV_ENUM -} HELPLIST_CHOICE; - -const OPTIONS list_options[] = { - - OPT_SECTION("General"), - {"help", OPT_HELP, '-', "Display this summary"}, - - OPT_SECTION("Output"), - {"1", OPT_ONE, '-', "List in one column"}, - {"verbose", OPT_VERBOSE, '-', "Verbose listing"}, - {"select", OPT_SELECT_NAME, 's', "Select a single algorithm"}, - {"commands", OPT_COMMANDS, '-', "List of standard commands"}, - {"standard-commands", OPT_COMMANDS, '-', "List of standard commands"}, -#ifndef OPENSSL_NO_DEPRECATED_3_0 - {"digest-commands", OPT_DIGEST_COMMANDS, '-', - "List of message digest commands (deprecated)"}, -#endif - {"digest-algorithms", OPT_DIGEST_ALGORITHMS, '-', - "List of message digest algorithms"}, - {"kdf-algorithms", OPT_KDF_ALGORITHMS, '-', - "List of key derivation and pseudo random function algorithms"}, - {"random-instances", OPT_RANDOM_INSTANCES, '-', - "List the primary, public and private random number generator details"}, - {"random-generators", OPT_RANDOM_GENERATORS, '-', - "List of random number generators"}, - {"mac-algorithms", OPT_MAC_ALGORITHMS, '-', - "List of message authentication code algorithms"}, -#ifndef OPENSSL_NO_DEPRECATED_3_0 - {"cipher-commands", OPT_CIPHER_COMMANDS, '-', - "List of cipher commands (deprecated)"}, -#endif - {"cipher-algorithms", OPT_CIPHER_ALGORITHMS, '-', - "List of symmetric cipher algorithms"}, - {"encoders", OPT_ENCODERS, '-', "List of encoding methods" }, - {"decoders", OPT_DECODERS, '-', "List of decoding methods" }, - {"key-managers", OPT_KEYMANAGERS, '-', "List of key managers" }, - {"key-exchange-algorithms", OPT_KEYEXCHANGE_ALGORITHMS, '-', - "List of key exchange algorithms" }, - {"kem-algorithms", OPT_KEM_ALGORITHMS, '-', - "List of key encapsulation mechanism algorithms" }, - {"signature-algorithms", OPT_SIGNATURE_ALGORITHMS, '-', - "List of signature algorithms" }, - {"asymcipher-algorithms", OPT_ASYM_CIPHER_ALGORITHMS, '-', - "List of asymmetric cipher algorithms" }, - {"public-key-algorithms", OPT_PK_ALGORITHMS, '-', - "List of public key algorithms"}, - {"public-key-methods", OPT_PK_METHOD, '-', - "List of public key methods"}, - {"store-loaders", OPT_STORE_LOADERS, '-', - "List of store loaders"}, - {"providers", OPT_PROVIDER_INFO, '-', - "List of provider information"}, -#ifndef OPENSSL_NO_DEPRECATED_3_0 - {"engines", OPT_ENGINES, '-', - "List of loaded engines"}, -#endif - {"disabled", OPT_DISABLED, '-', "List of disabled features"}, - {"options", OPT_OPTIONS, 's', - "List options for specified command"}, - {"objects", OPT_OBJECTS, '-', - "List built in objects (OID<->name mappings)"}, - - OPT_PROV_OPTIONS, - {NULL} -}; - -int list_main(int argc, char **argv) -{ - char *prog; - HELPLIST_CHOICE o; - int one = 0, done = 0; - struct { - unsigned int commands:1; - unsigned int random_instances:1; - unsigned int random_generators:1; - unsigned int digest_commands:1; - unsigned int digest_algorithms:1; - unsigned int kdf_algorithms:1; - unsigned int mac_algorithms:1; - unsigned int cipher_commands:1; - unsigned int cipher_algorithms:1; - unsigned int encoder_algorithms:1; - unsigned int decoder_algorithms:1; - unsigned int keymanager_algorithms:1; - unsigned int signature_algorithms:1; - unsigned int keyexchange_algorithms:1; - unsigned int kem_algorithms:1; - unsigned int asym_cipher_algorithms:1; - unsigned int pk_algorithms:1; - unsigned int pk_method:1; - unsigned int store_loaders:1; - unsigned int provider_info:1; -#ifndef OPENSSL_NO_DEPRECATED_3_0 - unsigned int engines:1; -#endif - unsigned int disabled:1; - unsigned int objects:1; - unsigned int options:1; - } todo = { 0, }; - - verbose = 0; /* Clear a possible previous call */ - - prog = opt_init(argc, argv, list_options); - while ((o = opt_next()) != OPT_EOF) { - switch (o) { - case OPT_EOF: /* Never hit, but suppresses warning */ - case OPT_ERR: -opthelp: - BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); - return 1; - case OPT_HELP: - opt_help(list_options); - return 0; - case OPT_ONE: - one = 1; - break; - case OPT_COMMANDS: - todo.commands = 1; - break; - case OPT_DIGEST_COMMANDS: - todo.digest_commands = 1; - break; - case OPT_DIGEST_ALGORITHMS: - todo.digest_algorithms = 1; - break; - case OPT_KDF_ALGORITHMS: - todo.kdf_algorithms = 1; - break; - case OPT_RANDOM_INSTANCES: - todo.random_instances = 1; - break; - case OPT_RANDOM_GENERATORS: - todo.random_generators = 1; - break; - case OPT_MAC_ALGORITHMS: - todo.mac_algorithms = 1; - break; - case OPT_CIPHER_COMMANDS: - todo.cipher_commands = 1; - break; - case OPT_CIPHER_ALGORITHMS: - todo.cipher_algorithms = 1; - break; - case OPT_ENCODERS: - todo.encoder_algorithms = 1; - break; - case OPT_DECODERS: - todo.decoder_algorithms = 1; - break; - case OPT_KEYMANAGERS: - todo.keymanager_algorithms = 1; - break; - case OPT_SIGNATURE_ALGORITHMS: - todo.signature_algorithms = 1; - break; - case OPT_KEYEXCHANGE_ALGORITHMS: - todo.keyexchange_algorithms = 1; - break; - case OPT_KEM_ALGORITHMS: - todo.kem_algorithms = 1; - break; - case OPT_ASYM_CIPHER_ALGORITHMS: - todo.asym_cipher_algorithms = 1; - break; - case OPT_PK_ALGORITHMS: - todo.pk_algorithms = 1; - break; - case OPT_PK_METHOD: - todo.pk_method = 1; - break; - case OPT_STORE_LOADERS: - todo.store_loaders = 1; - break; - case OPT_PROVIDER_INFO: - todo.provider_info = 1; - break; -#ifndef OPENSSL_NO_DEPRECATED_3_0 - case OPT_ENGINES: - todo.engines = 1; - break; -#endif - case OPT_DISABLED: - todo.disabled = 1; - break; - case OPT_OBJECTS: - todo.objects = 1; - break; - case OPT_OPTIONS: - list_options_for_command(opt_arg()); - break; - case OPT_VERBOSE: - verbose = 1; - break; - case OPT_SELECT_NAME: - select_name = opt_arg(); - break; - case OPT_PROV_CASES: - if (!opt_provider(o)) - return 1; - break; - } - done = 1; - } - - /* No extra arguments. */ - if (opt_num_rest() != 0) - goto opthelp; - - if (todo.commands) - list_type(FT_general, one); - if (todo.random_instances) - list_random_instances(); - if (todo.random_generators) - list_random_generators(); - if (todo.digest_commands) - list_type(FT_md, one); - if (todo.digest_algorithms) - list_digests(); - if (todo.kdf_algorithms) - list_kdfs(); - if (todo.mac_algorithms) - list_macs(); - if (todo.cipher_commands) - list_type(FT_cipher, one); - if (todo.cipher_algorithms) - list_ciphers(); - if (todo.encoder_algorithms) - list_encoders(); - if (todo.decoder_algorithms) - list_decoders(); - if (todo.keymanager_algorithms) - list_keymanagers(); - if (todo.signature_algorithms) - list_signatures(); - if (todo.asym_cipher_algorithms) - list_asymciphers(); - if (todo.keyexchange_algorithms) - list_keyexchanges(); - if (todo.kem_algorithms) - list_kems(); - if (todo.pk_algorithms) - list_pkey(); - if (todo.pk_method) - list_pkey_meth(); - if (todo.store_loaders) - list_store_loaders(); - if (todo.provider_info) - list_provider_info(); -#ifndef OPENSSL_NO_DEPRECATED_3_0 - if (todo.engines) - list_engines(); -#endif - if (todo.disabled) - list_disabled(); - if (todo.objects) - list_objects(); - - if (!done) - goto opthelp; - - return 0; -} diff --git a/apps/mac.c b/apps/mac.c deleted file mode 100644 index a9b6a265f49aebcb233fc49bdfbaf8a56fe46978..0000000000000000000000000000000000000000 --- a/apps/mac.c +++ /dev/null @@ -1,237 +0,0 @@ -/* - * Copyright 2018-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include - -#include "apps.h" -#include "progs.h" -#include -#include -#include -#include -#include - -#undef BUFSIZE -#define BUFSIZE 1024*8 - -typedef enum OPTION_choice { - OPT_COMMON, - OPT_MACOPT, OPT_BIN, OPT_IN, OPT_OUT, - OPT_CIPHER, OPT_DIGEST, - OPT_PROV_ENUM -} OPTION_CHOICE; - -const OPTIONS mac_options[] = { - {OPT_HELP_STR, 1, '-', "Usage: %s [options] mac_name\n"}, - - OPT_SECTION("General"), - {"help", OPT_HELP, '-', "Display this summary"}, - {"macopt", OPT_MACOPT, 's', "MAC algorithm parameters in n:v form"}, - {"cipher", OPT_CIPHER, 's', "Cipher"}, - {"digest", OPT_DIGEST, 's', "Digest"}, - {OPT_MORE_STR, 1, '-', "See 'PARAMETER NAMES' in the EVP_MAC_ docs"}, - - OPT_SECTION("Input"), - {"in", OPT_IN, '<', "Input file to MAC (default is stdin)"}, - - OPT_SECTION("Output"), - {"out", OPT_OUT, '>', "Output to filename rather than stdout"}, - {"binary", OPT_BIN, '-', - "Output in binary format (default is hexadecimal)"}, - - OPT_PROV_OPTIONS, - - OPT_PARAMETERS(), - {"mac_name", 0, 0, "MAC algorithm"}, - {NULL} -}; - -static char *alloc_mac_algorithm_name(STACK_OF(OPENSSL_STRING) **optp, - const char *name, const char *arg) -{ - size_t len = strlen(name) + strlen(arg) + 2; - char *res; - - if (*optp == NULL) - *optp = sk_OPENSSL_STRING_new_null(); - if (*optp == NULL) - return NULL; - - res = app_malloc(len, "algorithm name"); - BIO_snprintf(res, len, "%s:%s", name, arg); - if (sk_OPENSSL_STRING_push(*optp, res)) - return res; - OPENSSL_free(res); - return NULL; -} - -int mac_main(int argc, char **argv) -{ - int ret = 1; - char *prog; - EVP_MAC *mac = NULL; - OPTION_CHOICE o; - EVP_MAC_CTX *ctx = NULL; - STACK_OF(OPENSSL_STRING) *opts = NULL; - unsigned char *buf = NULL; - size_t len; - int i; - BIO *in = NULL, *out = NULL; - const char *outfile = NULL; - const char *infile = NULL; - int out_bin = 0; - int inform = FORMAT_BINARY; - char *digest = NULL, *cipher = NULL; - OSSL_PARAM *params = NULL; - - prog = opt_init(argc, argv, mac_options); - buf = app_malloc(BUFSIZE, "I/O buffer"); - while ((o = opt_next()) != OPT_EOF) { - switch (o) { - default: -opthelp: - BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); - goto err; - case OPT_HELP: - opt_help(mac_options); - ret = 0; - goto err; - case OPT_BIN: - out_bin = 1; - break; - case OPT_IN: - infile = opt_arg(); - break; - case OPT_OUT: - outfile = opt_arg(); - break; - case OPT_MACOPT: - if (opts == NULL) - opts = sk_OPENSSL_STRING_new_null(); - if (opts == NULL || !sk_OPENSSL_STRING_push(opts, opt_arg())) - goto opthelp; - break; - case OPT_CIPHER: - OPENSSL_free(cipher); - cipher = alloc_mac_algorithm_name(&opts, "cipher", opt_arg()); - if (cipher == NULL) - goto opthelp; - break; - case OPT_DIGEST: - OPENSSL_free(digest); - digest = alloc_mac_algorithm_name(&opts, "digest", opt_arg()); - if (digest == NULL) - goto opthelp; - break; - case OPT_PROV_CASES: - if (!opt_provider(o)) - goto err; - break; - } - } - - /* One argument, the MAC name. */ - argc = opt_num_rest(); - argv = opt_rest(); - if (argc != 1) - goto opthelp; - - mac = EVP_MAC_fetch(app_get0_libctx(), argv[0], app_get0_propq()); - if (mac == NULL) { - BIO_printf(bio_err, "Invalid MAC name %s\n", argv[0]); - goto opthelp; - } - - ctx = EVP_MAC_CTX_new(mac); - if (ctx == NULL) - goto err; - - if (opts != NULL) { - int ok = 1; - - params = app_params_new_from_opts(opts, - EVP_MAC_settable_ctx_params(mac)); - if (params == NULL) - goto err; - - if (!EVP_MAC_CTX_set_params(ctx, params)) { - BIO_printf(bio_err, "MAC parameter error\n"); - ERR_print_errors(bio_err); - ok = 0; - } - app_params_free(params); - if (!ok) - goto err; - } - - in = bio_open_default(infile, 'r', inform); - if (in == NULL) - goto err; - - out = bio_open_default(outfile, 'w', out_bin ? FORMAT_BINARY : FORMAT_TEXT); - if (out == NULL) - goto err; - - if (!EVP_MAC_init(ctx, NULL, 0, NULL)) { - BIO_printf(bio_err, "EVP_MAC_Init failed\n"); - goto err; - } - - while (BIO_pending(in) || !BIO_eof(in)) { - i = BIO_read(in, (char *)buf, BUFSIZE); - if (i < 0) { - BIO_printf(bio_err, "Read Error in '%s'\n", infile); - ERR_print_errors(bio_err); - goto err; - } - if (i == 0) - break; - if (!EVP_MAC_update(ctx, buf, i)) { - BIO_printf(bio_err, "EVP_MAC_update failed\n"); - goto err; - } - } - - if (!EVP_MAC_final(ctx, NULL, &len, 0)) { - BIO_printf(bio_err, "EVP_MAC_final failed\n"); - goto err; - } - if (len > BUFSIZE) { - BIO_printf(bio_err, "output len is too large\n"); - goto err; - } - - if (!EVP_MAC_final(ctx, buf, &len, BUFSIZE)) { - BIO_printf(bio_err, "EVP_MAC_final failed\n"); - goto err; - } - - if (out_bin) { - BIO_write(out, buf, len); - } else { - for (i = 0; i < (int)len; ++i) - BIO_printf(out, "%02X", buf[i]); - if (outfile == NULL) - BIO_printf(out,"\n"); - } - - ret = 0; -err: - if (ret != 0) - ERR_print_errors(bio_err); - OPENSSL_clear_free(buf, BUFSIZE); - OPENSSL_free(cipher); - OPENSSL_free(digest); - sk_OPENSSL_STRING_free(opts); - BIO_free(in); - BIO_free(out); - EVP_MAC_CTX_free(ctx); - EVP_MAC_free(mac); - return ret; -} diff --git a/apps/nseq.c b/apps/nseq.c deleted file mode 100644 index d5524370f26c850571ebc7c2b0a79dc4cf55a555..0000000000000000000000000000000000000000 --- a/apps/nseq.c +++ /dev/null @@ -1,130 +0,0 @@ -/* - * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include "apps.h" -#include "progs.h" -#include -#include - -typedef enum OPTION_choice { - OPT_COMMON, - OPT_TOSEQ, OPT_IN, OPT_OUT, - OPT_PROV_ENUM -} OPTION_CHOICE; - -const OPTIONS nseq_options[] = { - OPT_SECTION("General"), - {"help", OPT_HELP, '-', "Display this summary"}, - - OPT_SECTION("Input"), - {"in", OPT_IN, '<', "Input file"}, - - OPT_SECTION("Output"), - {"toseq", OPT_TOSEQ, '-', "Output NS Sequence file"}, - {"out", OPT_OUT, '>', "Output file"}, - - OPT_PROV_OPTIONS, - {NULL} -}; - -int nseq_main(int argc, char **argv) -{ - BIO *in = NULL, *out = NULL; - X509 *x509 = NULL; - NETSCAPE_CERT_SEQUENCE *seq = NULL; - OPTION_CHOICE o; - int toseq = 0, ret = 1, i; - char *infile = NULL, *outfile = NULL, *prog; - - prog = opt_init(argc, argv, nseq_options); - while ((o = opt_next()) != OPT_EOF) { - switch (o) { - case OPT_EOF: - case OPT_ERR: - opthelp: - BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); - goto end; - case OPT_HELP: - ret = 0; - opt_help(nseq_options); - goto end; - case OPT_TOSEQ: - toseq = 1; - break; - case OPT_IN: - infile = opt_arg(); - break; - case OPT_OUT: - outfile = opt_arg(); - break; - case OPT_PROV_CASES: - if (!opt_provider(o)) - goto end; - break; - } - } - - /* No extra arguments. */ - argc = opt_num_rest(); - if (argc != 0) - goto opthelp; - - in = bio_open_default(infile, 'r', FORMAT_PEM); - if (in == NULL) - goto end; - out = bio_open_default(outfile, 'w', FORMAT_PEM); - if (out == NULL) - goto end; - - if (toseq) { - seq = NETSCAPE_CERT_SEQUENCE_new(); - if (seq == NULL) - goto end; - seq->certs = sk_X509_new_null(); - if (seq->certs == NULL) - goto end; - while ((x509 = PEM_read_bio_X509(in, NULL, NULL, NULL))) { - if (!sk_X509_push(seq->certs, x509)) - goto end; - } - - if (!sk_X509_num(seq->certs)) { - BIO_printf(bio_err, "%s: Error reading certs file %s\n", - prog, infile); - ERR_print_errors(bio_err); - goto end; - } - PEM_write_bio_NETSCAPE_CERT_SEQUENCE(out, seq); - ret = 0; - goto end; - } - - seq = PEM_read_bio_NETSCAPE_CERT_SEQUENCE(in, NULL, NULL, NULL); - if (seq == NULL) { - BIO_printf(bio_err, "%s: Error reading sequence file %s\n", - prog, infile); - ERR_print_errors(bio_err); - goto end; - } - - for (i = 0; i < sk_X509_num(seq->certs); i++) { - x509 = sk_X509_value(seq->certs, i); - dump_cert_text(out, x509); - PEM_write_bio_X509(out, x509); - } - ret = 0; - end: - BIO_free(in); - BIO_free_all(out); - NETSCAPE_CERT_SEQUENCE_free(seq); - - return ret; -} diff --git a/apps/ocsp.c b/apps/ocsp.c deleted file mode 100644 index 50bf55f33850457556a27b09c3a55dd02e253d07..0000000000000000000000000000000000000000 --- a/apps/ocsp.c +++ /dev/null @@ -1,1260 +0,0 @@ -/* - * Copyright 2001-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include - -#ifdef OPENSSL_SYS_VMS - /* So fd_set and friends get properly defined on OpenVMS */ -# define _XOPEN_SOURCE_EXTENDED -#endif - -#include -#include -#include -#include -#include - -/* Needs to be included before the openssl headers */ -#include "apps.h" -#include "http_server.h" -#include "progs.h" -#include "internal/sockets.h" -#include -#include -#include -#include -#include -#include -#include - -#if defined(__TANDEM) -# if defined(OPENSSL_TANDEM_FLOSS) -# include -# endif -#endif - -#if defined(OPENSSL_SYS_VXWORKS) -/* not supported */ -int setpgid(pid_t pid, pid_t pgid) -{ - errno = ENOSYS; - return 0; -} -/* not supported */ -pid_t fork(void) -{ - errno = ENOSYS; - return (pid_t) -1; -} -#endif -/* Maximum leeway in validity period: default 5 minutes */ -#define MAX_VALIDITY_PERIOD (5 * 60) - -static int add_ocsp_cert(OCSP_REQUEST **req, X509 *cert, - const EVP_MD *cert_id_md, X509 *issuer, - STACK_OF(OCSP_CERTID) *ids); -static int add_ocsp_serial(OCSP_REQUEST **req, char *serial, - const EVP_MD *cert_id_md, X509 *issuer, - STACK_OF(OCSP_CERTID) *ids); -static int print_ocsp_summary(BIO *out, OCSP_BASICRESP *bs, OCSP_REQUEST *req, - STACK_OF(OPENSSL_STRING) *names, - STACK_OF(OCSP_CERTID) *ids, long nsec, - long maxage); -static void make_ocsp_response(BIO *err, OCSP_RESPONSE **resp, OCSP_REQUEST *req, - CA_DB *db, STACK_OF(X509) *ca, X509 *rcert, - EVP_PKEY *rkey, const EVP_MD *md, - STACK_OF(OPENSSL_STRING) *sigopts, - STACK_OF(X509) *rother, unsigned long flags, - int nmin, int ndays, int badsig, - const EVP_MD *resp_md); - -static char **lookup_serial(CA_DB *db, ASN1_INTEGER *ser); -static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio, - const char *port, int timeout); -static int send_ocsp_response(BIO *cbio, const OCSP_RESPONSE *resp); -static char *prog; - -#ifdef HTTP_DAEMON -static int index_changed(CA_DB *); -#endif - -typedef enum OPTION_choice { - OPT_COMMON, - OPT_OUTFILE, OPT_TIMEOUT, OPT_URL, OPT_HOST, OPT_PORT, -#ifndef OPENSSL_NO_SOCK - OPT_PROXY, OPT_NO_PROXY, -#endif - OPT_IGNORE_ERR, OPT_NOVERIFY, OPT_NONCE, OPT_NO_NONCE, - OPT_RESP_NO_CERTS, OPT_RESP_KEY_ID, OPT_NO_CERTS, - OPT_NO_SIGNATURE_VERIFY, OPT_NO_CERT_VERIFY, OPT_NO_CHAIN, - OPT_NO_CERT_CHECKS, OPT_NO_EXPLICIT, OPT_TRUST_OTHER, - OPT_NO_INTERN, OPT_BADSIG, OPT_TEXT, OPT_REQ_TEXT, OPT_RESP_TEXT, - OPT_REQIN, OPT_RESPIN, OPT_SIGNER, OPT_VAFILE, OPT_SIGN_OTHER, - OPT_VERIFY_OTHER, OPT_CAFILE, OPT_CAPATH, OPT_CASTORE, OPT_NOCAFILE, - OPT_NOCAPATH, OPT_NOCASTORE, - OPT_VALIDITY_PERIOD, OPT_STATUS_AGE, OPT_SIGNKEY, OPT_REQOUT, - OPT_RESPOUT, OPT_PATH, OPT_ISSUER, OPT_CERT, OPT_SERIAL, - OPT_INDEX, OPT_CA, OPT_NMIN, OPT_REQUEST, OPT_NDAYS, OPT_RSIGNER, - OPT_RKEY, OPT_ROTHER, OPT_RMD, OPT_RSIGOPT, OPT_HEADER, - OPT_PASSIN, - OPT_RCID, - OPT_V_ENUM, - OPT_MD, - OPT_MULTI, OPT_PROV_ENUM -} OPTION_CHOICE; - -const OPTIONS ocsp_options[] = { - OPT_SECTION("General"), - {"help", OPT_HELP, '-', "Display this summary"}, - {"ignore_err", OPT_IGNORE_ERR, '-', - "Ignore error on OCSP request or response and continue running"}, - {"CAfile", OPT_CAFILE, '<', "Trusted certificates file"}, - {"CApath", OPT_CAPATH, '<', "Trusted certificates directory"}, - {"CAstore", OPT_CASTORE, ':', "Trusted certificates store URI"}, - {"no-CAfile", OPT_NOCAFILE, '-', - "Do not load the default certificates file"}, - {"no-CApath", OPT_NOCAPATH, '-', - "Do not load certificates from the default certificates directory"}, - {"no-CAstore", OPT_NOCASTORE, '-', - "Do not load certificates from the default certificates store"}, - - OPT_SECTION("Responder"), - {"timeout", OPT_TIMEOUT, 'p', - "Connection timeout (in seconds) to the OCSP responder"}, - {"resp_no_certs", OPT_RESP_NO_CERTS, '-', - "Don't include any certificates in response"}, -#ifdef HTTP_DAEMON - {"multi", OPT_MULTI, 'p', "run multiple responder processes"}, -#endif - {"no_certs", OPT_NO_CERTS, '-', - "Don't include any certificates in signed request"}, - {"badsig", OPT_BADSIG, '-', - "Corrupt last byte of loaded OCSP response signature (for test)"}, - {"CA", OPT_CA, '<', "CA certificate"}, - {"nmin", OPT_NMIN, 'p', "Number of minutes before next update"}, - {"nrequest", OPT_REQUEST, 'p', - "Number of requests to accept (default unlimited)"}, - {"reqin", OPT_REQIN, 's', "File with the DER-encoded request"}, - {"signer", OPT_SIGNER, '<', "Certificate to sign OCSP request with"}, - {"sign_other", OPT_SIGN_OTHER, '<', - "Additional certificates to include in signed request"}, - {"index", OPT_INDEX, '<', "Certificate status index file"}, - {"ndays", OPT_NDAYS, 'p', "Number of days before next update"}, - {"rsigner", OPT_RSIGNER, '<', - "Responder certificate to sign responses with"}, - {"rkey", OPT_RKEY, '<', "Responder key to sign responses with"}, - {"passin", OPT_PASSIN, 's', "Responder key pass phrase source"}, - {"rother", OPT_ROTHER, '<', "Other certificates to include in response"}, - {"rmd", OPT_RMD, 's', "Digest Algorithm to use in signature of OCSP response"}, - {"rsigopt", OPT_RSIGOPT, 's', "OCSP response signature parameter in n:v form"}, - {"header", OPT_HEADER, 's', "key=value header to add"}, - {"rcid", OPT_RCID, 's', "Use specified algorithm for cert id in response"}, - {"", OPT_MD, '-', "Any supported digest algorithm (sha1,sha256, ... )"}, - - OPT_SECTION("Client"), - {"url", OPT_URL, 's', "Responder URL"}, - {"host", OPT_HOST, 's', "TCP/IP hostname:port to connect to"}, - {"port", OPT_PORT, 'N', "Port to run responder on"}, - {"path", OPT_PATH, 's', "Path to use in OCSP request"}, -#ifndef OPENSSL_NO_SOCK - {"proxy", OPT_PROXY, 's', - "[http[s]://]host[:port][/path] of HTTP(S) proxy to use; path is ignored"}, - {"no_proxy", OPT_NO_PROXY, 's', - "List of addresses of servers not to use HTTP(S) proxy for"}, - {OPT_MORE_STR, 0, 0, - "Default from environment variable 'no_proxy', else 'NO_PROXY', else none"}, -#endif - {"out", OPT_OUTFILE, '>', "Output filename"}, - {"noverify", OPT_NOVERIFY, '-', "Don't verify response at all"}, - {"nonce", OPT_NONCE, '-', "Add OCSP nonce to request"}, - {"no_nonce", OPT_NO_NONCE, '-', "Don't add OCSP nonce to request"}, - {"no_signature_verify", OPT_NO_SIGNATURE_VERIFY, '-', - "Don't check signature on response"}, - {"resp_key_id", OPT_RESP_KEY_ID, '-', - "Identify response by signing certificate key ID"}, - {"no_cert_verify", OPT_NO_CERT_VERIFY, '-', - "Don't check signing certificate"}, - {"text", OPT_TEXT, '-', "Print text form of request and response"}, - {"req_text", OPT_REQ_TEXT, '-', "Print text form of request"}, - {"resp_text", OPT_RESP_TEXT, '-', "Print text form of response"}, - {"no_chain", OPT_NO_CHAIN, '-', "Don't chain verify response"}, - {"no_cert_checks", OPT_NO_CERT_CHECKS, '-', - "Don't do additional checks on signing certificate"}, - {"no_explicit", OPT_NO_EXPLICIT, '-', - "Do not explicitly check the chain, just verify the root"}, - {"trust_other", OPT_TRUST_OTHER, '-', - "Don't verify additional certificates"}, - {"no_intern", OPT_NO_INTERN, '-', - "Don't search certificates contained in response for signer"}, - {"respin", OPT_RESPIN, 's', "File with the DER-encoded response"}, - {"VAfile", OPT_VAFILE, '<', "Validator certificates file"}, - {"verify_other", OPT_VERIFY_OTHER, '<', - "Additional certificates to search for signer"}, - {"cert", OPT_CERT, '<', "Certificate to check"}, - {"serial", OPT_SERIAL, 's', "Serial number to check"}, - {"validity_period", OPT_VALIDITY_PERIOD, 'u', - "Maximum validity discrepancy in seconds"}, - {"signkey", OPT_SIGNKEY, 's', "Private key to sign OCSP request with"}, - {"reqout", OPT_REQOUT, 's', "Output file for the DER-encoded request"}, - {"respout", OPT_RESPOUT, 's', "Output file for the DER-encoded response"}, - {"issuer", OPT_ISSUER, '<', "Issuer certificate"}, - {"status_age", OPT_STATUS_AGE, 'p', "Maximum status age in seconds"}, - - OPT_V_OPTIONS, - OPT_PROV_OPTIONS, - {NULL} -}; - -int ocsp_main(int argc, char **argv) -{ - BIO *acbio = NULL, *cbio = NULL, *derbio = NULL, *out = NULL; - EVP_MD *cert_id_md = NULL, *rsign_md = NULL; - STACK_OF(OPENSSL_STRING) *rsign_sigopts = NULL; - int trailing_md = 0; - CA_DB *rdb = NULL; - EVP_PKEY *key = NULL, *rkey = NULL; - OCSP_BASICRESP *bs = NULL; - OCSP_REQUEST *req = NULL; - OCSP_RESPONSE *resp = NULL; - STACK_OF(CONF_VALUE) *headers = NULL; - STACK_OF(OCSP_CERTID) *ids = NULL; - STACK_OF(OPENSSL_STRING) *reqnames = NULL; - STACK_OF(X509) *sign_other = NULL, *verify_other = NULL, *rother = NULL; - STACK_OF(X509) *issuers = NULL; - X509 *issuer = NULL, *cert = NULL; - STACK_OF(X509) *rca_cert = NULL; - EVP_MD *resp_certid_md = NULL; - X509 *signer = NULL, *rsigner = NULL; - X509_STORE *store = NULL; - X509_VERIFY_PARAM *vpm = NULL; - const char *CAfile = NULL, *CApath = NULL, *CAstore = NULL; - char *header, *value, *respdigname = NULL; - char *host = NULL, *port = NULL, *path = "/", *outfile = NULL; -#ifndef OPENSSL_NO_SOCK - char *opt_proxy = NULL; - char *opt_no_proxy = NULL; -#endif - char *rca_filename = NULL, *reqin = NULL, *respin = NULL; - char *reqout = NULL, *respout = NULL, *ridx_filename = NULL; - char *rsignfile = NULL, *rkeyfile = NULL; - char *passinarg = NULL, *passin = NULL; - char *sign_certfile = NULL, *verify_certfile = NULL, *rcertfile = NULL; - char *signfile = NULL, *keyfile = NULL; - char *thost = NULL, *tport = NULL, *tpath = NULL; - int noCAfile = 0, noCApath = 0, noCAstore = 0; - int accept_count = -1, add_nonce = 1, noverify = 0, use_ssl = -1; - int vpmtouched = 0, badsig = 0, i, ignore_err = 0, nmin = 0, ndays = -1; - int req_text = 0, resp_text = 0, res, ret = 1; - int req_timeout = -1; - long nsec = MAX_VALIDITY_PERIOD, maxage = -1; - unsigned long sign_flags = 0, verify_flags = 0, rflags = 0; - OPTION_CHOICE o; - - if ((reqnames = sk_OPENSSL_STRING_new_null()) == NULL - || (ids = sk_OCSP_CERTID_new_null()) == NULL - || (vpm = X509_VERIFY_PARAM_new()) == NULL) - goto end; - - prog = opt_init(argc, argv, ocsp_options); - while ((o = opt_next()) != OPT_EOF) { - switch (o) { - case OPT_EOF: - case OPT_ERR: - opthelp: - BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); - goto end; - case OPT_HELP: - ret = 0; - opt_help(ocsp_options); - goto end; - case OPT_OUTFILE: - outfile = opt_arg(); - break; - case OPT_TIMEOUT: -#ifndef OPENSSL_NO_SOCK - req_timeout = atoi(opt_arg()); -#endif - break; - case OPT_URL: - OPENSSL_free(thost); - OPENSSL_free(tport); - OPENSSL_free(tpath); - thost = tport = tpath = NULL; - if (!OSSL_HTTP_parse_url(opt_arg(), &use_ssl, NULL /* userinfo */, - &host, &port, NULL /* port_num */, - &path, NULL /* qry */, NULL /* frag */)) { - BIO_printf(bio_err, "%s Error parsing -url argument\n", prog); - goto end; - } - thost = host; - tport = port; - tpath = path; - break; - case OPT_HOST: - host = opt_arg(); - break; - case OPT_PORT: - port = opt_arg(); - break; - case OPT_PATH: - path = opt_arg(); - break; -#ifndef OPENSSL_NO_SOCK - case OPT_PROXY: - opt_proxy = opt_arg(); - break; - case OPT_NO_PROXY: - opt_no_proxy = opt_arg(); - break; -#endif - case OPT_IGNORE_ERR: - ignore_err = 1; - break; - case OPT_NOVERIFY: - noverify = 1; - break; - case OPT_NONCE: - add_nonce = 2; - break; - case OPT_NO_NONCE: - add_nonce = 0; - break; - case OPT_RESP_NO_CERTS: - rflags |= OCSP_NOCERTS; - break; - case OPT_RESP_KEY_ID: - rflags |= OCSP_RESPID_KEY; - break; - case OPT_NO_CERTS: - sign_flags |= OCSP_NOCERTS; - break; - case OPT_NO_SIGNATURE_VERIFY: - verify_flags |= OCSP_NOSIGS; - break; - case OPT_NO_CERT_VERIFY: - verify_flags |= OCSP_NOVERIFY; - break; - case OPT_NO_CHAIN: - verify_flags |= OCSP_NOCHAIN; - break; - case OPT_NO_CERT_CHECKS: - verify_flags |= OCSP_NOCHECKS; - break; - case OPT_NO_EXPLICIT: - verify_flags |= OCSP_NOEXPLICIT; - break; - case OPT_TRUST_OTHER: - verify_flags |= OCSP_TRUSTOTHER; - break; - case OPT_NO_INTERN: - verify_flags |= OCSP_NOINTERN; - break; - case OPT_BADSIG: - badsig = 1; - break; - case OPT_TEXT: - req_text = resp_text = 1; - break; - case OPT_REQ_TEXT: - req_text = 1; - break; - case OPT_RESP_TEXT: - resp_text = 1; - break; - case OPT_REQIN: - reqin = opt_arg(); - break; - case OPT_RESPIN: - respin = opt_arg(); - break; - case OPT_SIGNER: - signfile = opt_arg(); - break; - case OPT_VAFILE: - verify_certfile = opt_arg(); - verify_flags |= OCSP_TRUSTOTHER; - break; - case OPT_SIGN_OTHER: - sign_certfile = opt_arg(); - break; - case OPT_VERIFY_OTHER: - verify_certfile = opt_arg(); - break; - case OPT_CAFILE: - CAfile = opt_arg(); - break; - case OPT_CAPATH: - CApath = opt_arg(); - break; - case OPT_CASTORE: - CAstore = opt_arg(); - break; - case OPT_NOCAFILE: - noCAfile = 1; - break; - case OPT_NOCAPATH: - noCApath = 1; - break; - case OPT_NOCASTORE: - noCAstore = 1; - break; - case OPT_V_CASES: - if (!opt_verify(o, vpm)) - goto end; - vpmtouched++; - break; - case OPT_VALIDITY_PERIOD: - opt_long(opt_arg(), &nsec); - break; - case OPT_STATUS_AGE: - opt_long(opt_arg(), &maxage); - break; - case OPT_SIGNKEY: - keyfile = opt_arg(); - break; - case OPT_REQOUT: - reqout = opt_arg(); - break; - case OPT_RESPOUT: - respout = opt_arg(); - break; - case OPT_ISSUER: - issuer = load_cert(opt_arg(), FORMAT_UNDEF, "issuer certificate"); - if (issuer == NULL) - goto end; - if (issuers == NULL) { - if ((issuers = sk_X509_new_null()) == NULL) - goto end; - } - if (!sk_X509_push(issuers, issuer)) - goto end; - break; - case OPT_CERT: - X509_free(cert); - cert = load_cert(opt_arg(), FORMAT_UNDEF, "certificate"); - if (cert == NULL) - goto end; - if (cert_id_md == NULL) - cert_id_md = (EVP_MD *)EVP_sha1(); - if (!add_ocsp_cert(&req, cert, cert_id_md, issuer, ids)) - goto end; - if (!sk_OPENSSL_STRING_push(reqnames, opt_arg())) - goto end; - trailing_md = 0; - break; - case OPT_SERIAL: - if (cert_id_md == NULL) - cert_id_md = (EVP_MD *)EVP_sha1(); - if (!add_ocsp_serial(&req, opt_arg(), cert_id_md, issuer, ids)) - goto end; - if (!sk_OPENSSL_STRING_push(reqnames, opt_arg())) - goto end; - trailing_md = 0; - break; - case OPT_INDEX: - ridx_filename = opt_arg(); - break; - case OPT_CA: - rca_filename = opt_arg(); - break; - case OPT_NMIN: - nmin = opt_int_arg(); - if (ndays == -1) - ndays = 0; - break; - case OPT_REQUEST: - accept_count = opt_int_arg(); - break; - case OPT_NDAYS: - ndays = atoi(opt_arg()); - break; - case OPT_RSIGNER: - rsignfile = opt_arg(); - break; - case OPT_RKEY: - rkeyfile = opt_arg(); - break; - case OPT_PASSIN: - passinarg = opt_arg(); - break; - case OPT_ROTHER: - rcertfile = opt_arg(); - break; - case OPT_RMD: /* Response MessageDigest */ - respdigname = opt_arg(); - break; - case OPT_RSIGOPT: - if (rsign_sigopts == NULL) - rsign_sigopts = sk_OPENSSL_STRING_new_null(); - if (rsign_sigopts == NULL - || !sk_OPENSSL_STRING_push(rsign_sigopts, opt_arg())) - goto end; - break; - case OPT_HEADER: - header = opt_arg(); - value = strchr(header, '='); - if (value == NULL) { - BIO_printf(bio_err, "Missing = in header key=value\n"); - goto opthelp; - } - *value++ = '\0'; - if (!X509V3_add_value(header, value, &headers)) - goto end; - break; - case OPT_RCID: - if (!opt_md(opt_arg(), &resp_certid_md)) - goto opthelp; - break; - case OPT_MD: - if (trailing_md) { - BIO_printf(bio_err, - "%s: Digest must be before -cert or -serial\n", - prog); - goto opthelp; - } - if (!opt_md(opt_unknown(), &cert_id_md)) - goto opthelp; - trailing_md = 1; - break; - case OPT_MULTI: -#ifdef HTTP_DAEMON - multi = atoi(opt_arg()); -#endif - break; - case OPT_PROV_CASES: - if (!opt_provider(o)) - goto end; - break; - } - } - - /* No extra arguments. */ - argc = opt_num_rest(); - if (argc != 0) - goto opthelp; - - if (trailing_md) { - BIO_printf(bio_err, "%s: Digest must be before -cert or -serial\n", - prog); - goto opthelp; - } - - if (respdigname != NULL) { - if (!opt_md(respdigname, &rsign_md)) - goto end; - } - - /* Have we anything to do? */ - if (req == NULL && reqin == NULL - && respin == NULL && !(port != NULL && ridx_filename != NULL)) - goto opthelp; - - out = bio_open_default(outfile, 'w', FORMAT_TEXT); - if (out == NULL) - goto end; - - if (req == NULL && (add_nonce != 2)) - add_nonce = 0; - - if (req == NULL && reqin != NULL) { - derbio = bio_open_default(reqin, 'r', FORMAT_ASN1); - if (derbio == NULL) - goto end; - req = d2i_OCSP_REQUEST_bio(derbio, NULL); - BIO_free(derbio); - if (req == NULL) { - BIO_printf(bio_err, "Error reading OCSP request\n"); - goto end; - } - } - - if (req == NULL && port != NULL) { -#ifndef OPENSSL_NO_SOCK - acbio = http_server_init_bio(prog, port); - if (acbio == NULL) - goto end; -#else - BIO_printf(bio_err, "Cannot act as server - sockets not supported\n"); - goto end; -#endif - } - - if (rsignfile != NULL) { - if (rkeyfile == NULL) - rkeyfile = rsignfile; - rsigner = load_cert(rsignfile, FORMAT_UNDEF, "responder certificate"); - if (rsigner == NULL) { - BIO_printf(bio_err, "Error loading responder certificate\n"); - goto end; - } - if (!load_certs(rca_filename, 0, &rca_cert, NULL, "CA certificates")) - goto end; - if (rcertfile != NULL) { - if (!load_certs(rcertfile, 0, &rother, NULL, - "responder other certificates")) - goto end; - } - if (!app_passwd(passinarg, NULL, &passin, NULL)) { - BIO_printf(bio_err, "Error getting password\n"); - goto end; - } - rkey = load_key(rkeyfile, FORMAT_UNDEF, 0, passin, NULL, - "responder private key"); - if (rkey == NULL) - goto end; - } - - if (ridx_filename != NULL - && (rkey == NULL || rsigner == NULL || rca_cert == NULL)) { - BIO_printf(bio_err, - "Responder mode requires certificate, key, and CA.\n"); - goto end; - } - - if (ridx_filename != NULL) { - rdb = load_index(ridx_filename, NULL); - if (rdb == NULL || index_index(rdb) <= 0) { - BIO_printf(bio_err, - "Problem with index file: %s (could not load/parse file)\n", - ridx_filename); - ret = 1; - goto end; - } - } - -#ifdef HTTP_DAEMON - if (multi && acbio != NULL) - spawn_loop(prog); - if (acbio != NULL && req_timeout > 0) - signal(SIGALRM, socket_timeout); -#endif - - if (acbio != NULL) - log_message(prog, LOG_INFO, "waiting for OCSP client connections..."); - -redo_accept: - - if (acbio != NULL) { -#ifdef HTTP_DAEMON - if (index_changed(rdb)) { - CA_DB *newrdb = load_index(ridx_filename, NULL); - - if (newrdb != NULL && index_index(newrdb) > 0) { - free_index(rdb); - rdb = newrdb; - } else { - free_index(newrdb); - log_message(prog, LOG_ERR, "error reloading updated index: %s", - ridx_filename); - } - } -#endif - - req = NULL; - res = do_responder(&req, &cbio, acbio, port, req_timeout); - if (res == 0) - goto redo_accept; - - if (req == NULL) { - if (res == 1) { - resp = - OCSP_response_create(OCSP_RESPONSE_STATUS_MALFORMEDREQUEST, - NULL); - send_ocsp_response(cbio, resp); - } - goto done_resp; - } - } - - if (req == NULL - && (signfile != NULL || reqout != NULL - || host != NULL || add_nonce || ridx_filename != NULL)) { - BIO_printf(bio_err, "Need an OCSP request for this operation!\n"); - goto end; - } - - if (req != NULL && add_nonce) { - if (!OCSP_request_add1_nonce(req, NULL, -1)) - goto end; - } - - if (signfile != NULL) { - if (keyfile == NULL) - keyfile = signfile; - signer = load_cert(signfile, FORMAT_UNDEF, "signer certificate"); - if (signer == NULL) { - BIO_printf(bio_err, "Error loading signer certificate\n"); - goto end; - } - if (sign_certfile != NULL) { - if (!load_certs(sign_certfile, 0, &sign_other, NULL, - "signer certificates")) - goto end; - } - key = load_key(keyfile, FORMAT_UNDEF, 0, NULL, NULL, - "signer private key"); - if (key == NULL) - goto end; - - if (!OCSP_request_sign(req, signer, key, NULL, - sign_other, sign_flags)) { - BIO_printf(bio_err, "Error signing OCSP request\n"); - goto end; - } - } - - if (req_text && req != NULL) - OCSP_REQUEST_print(out, req, 0); - - if (reqout != NULL) { - derbio = bio_open_default(reqout, 'w', FORMAT_ASN1); - if (derbio == NULL) - goto end; - i2d_OCSP_REQUEST_bio(derbio, req); - BIO_free(derbio); - } - - if (rdb != NULL) { - make_ocsp_response(bio_err, &resp, req, rdb, rca_cert, rsigner, rkey, - rsign_md, rsign_sigopts, rother, rflags, nmin, ndays, - badsig, resp_certid_md); - if (cbio != NULL) - send_ocsp_response(cbio, resp); - } else if (host != NULL) { -#ifndef OPENSSL_NO_SOCK - resp = process_responder(req, host, port, path, opt_proxy, opt_no_proxy, - use_ssl, headers, req_timeout); - if (resp == NULL) - goto end; -#else - BIO_printf(bio_err, - "Error creating connect BIO - sockets not supported\n"); - goto end; -#endif - } else if (respin != NULL) { - derbio = bio_open_default(respin, 'r', FORMAT_ASN1); - if (derbio == NULL) - goto end; - resp = d2i_OCSP_RESPONSE_bio(derbio, NULL); - BIO_free(derbio); - if (resp == NULL) { - BIO_printf(bio_err, "Error reading OCSP response\n"); - goto end; - } - } else { - ret = 0; - goto end; - } - - done_resp: - - if (respout != NULL) { - derbio = bio_open_default(respout, 'w', FORMAT_ASN1); - if (derbio == NULL) - goto end; - i2d_OCSP_RESPONSE_bio(derbio, resp); - BIO_free(derbio); - } - - i = OCSP_response_status(resp); - if (i != OCSP_RESPONSE_STATUS_SUCCESSFUL) { - BIO_printf(out, "Responder Error: %s (%d)\n", - OCSP_response_status_str(i), i); - if (!ignore_err) - goto end; - } - - if (resp_text) - OCSP_RESPONSE_print(out, resp, 0); - - /* If running as responder don't verify our own response */ - if (cbio != NULL) { - /* If not unlimited, see if we took all we should. */ - if (accept_count != -1 && --accept_count <= 0) { - ret = 0; - goto end; - } - BIO_free_all(cbio); - cbio = NULL; - OCSP_REQUEST_free(req); - req = NULL; - OCSP_RESPONSE_free(resp); - resp = NULL; - goto redo_accept; - } - if (ridx_filename != NULL) { - ret = 0; - goto end; - } - - if (store == NULL) { - store = setup_verify(CAfile, noCAfile, CApath, noCApath, - CAstore, noCAstore); - if (!store) - goto end; - } - if (vpmtouched) - X509_STORE_set1_param(store, vpm); - if (verify_certfile != NULL) { - if (!load_certs(verify_certfile, 0, &verify_other, NULL, - "validator certificates")) - goto end; - } - - bs = OCSP_response_get1_basic(resp); - if (bs == NULL) { - BIO_printf(bio_err, "Error parsing response\n"); - goto end; - } - - ret = 0; - - if (!noverify) { - if (req != NULL && ((i = OCSP_check_nonce(req, bs)) <= 0)) { - if (i == -1) - BIO_printf(bio_err, "WARNING: no nonce in response\n"); - else { - BIO_printf(bio_err, "Nonce Verify error\n"); - ret = 1; - goto end; - } - } - - i = OCSP_basic_verify(bs, verify_other, store, verify_flags); - if (i <= 0 && issuers) { - i = OCSP_basic_verify(bs, issuers, store, OCSP_TRUSTOTHER); - if (i > 0) - ERR_clear_error(); - } - if (i <= 0) { - BIO_printf(bio_err, "Response Verify Failure\n"); - ERR_print_errors(bio_err); - ret = 1; - } else { - BIO_printf(bio_err, "Response verify OK\n"); - } - } - - if (!print_ocsp_summary(out, bs, req, reqnames, ids, nsec, maxage)) - ret = 1; - - end: - ERR_print_errors(bio_err); - X509_free(signer); - X509_STORE_free(store); - X509_VERIFY_PARAM_free(vpm); - sk_OPENSSL_STRING_free(rsign_sigopts); - EVP_PKEY_free(key); - EVP_PKEY_free(rkey); - EVP_MD_free(cert_id_md); - EVP_MD_free(rsign_md); - EVP_MD_free(resp_certid_md); - X509_free(cert); - sk_X509_pop_free(issuers, X509_free); - X509_free(rsigner); - sk_X509_pop_free(rca_cert, X509_free); - free_index(rdb); - BIO_free_all(cbio); - BIO_free_all(acbio); - BIO_free_all(out); - OCSP_REQUEST_free(req); - OCSP_RESPONSE_free(resp); - OCSP_BASICRESP_free(bs); - sk_OPENSSL_STRING_free(reqnames); - sk_OCSP_CERTID_free(ids); - sk_X509_pop_free(sign_other, X509_free); - sk_X509_pop_free(verify_other, X509_free); - sk_CONF_VALUE_pop_free(headers, X509V3_conf_free); - OPENSSL_free(thost); - OPENSSL_free(tport); - OPENSSL_free(tpath); - - return ret; -} - -#ifdef HTTP_DAEMON - -static int index_changed(CA_DB *rdb) -{ - struct stat sb; - - if (rdb != NULL && stat(rdb->dbfname, &sb) != -1) { - if (rdb->dbst.st_mtime != sb.st_mtime - || rdb->dbst.st_ctime != sb.st_ctime - || rdb->dbst.st_ino != sb.st_ino - || rdb->dbst.st_dev != sb.st_dev) { - syslog(LOG_INFO, "index file changed, reloading"); - return 1; - } - } - return 0; -} - -#endif - -static int add_ocsp_cert(OCSP_REQUEST **req, X509 *cert, - const EVP_MD *cert_id_md, X509 *issuer, - STACK_OF(OCSP_CERTID) *ids) -{ - OCSP_CERTID *id; - - if (issuer == NULL) { - BIO_printf(bio_err, "No issuer certificate specified\n"); - return 0; - } - if (*req == NULL) - *req = OCSP_REQUEST_new(); - if (*req == NULL) - goto err; - id = OCSP_cert_to_id(cert_id_md, cert, issuer); - if (id == NULL || !sk_OCSP_CERTID_push(ids, id)) - goto err; - if (!OCSP_request_add0_id(*req, id)) - goto err; - return 1; - - err: - BIO_printf(bio_err, "Error Creating OCSP request\n"); - return 0; -} - -static int add_ocsp_serial(OCSP_REQUEST **req, char *serial, - const EVP_MD *cert_id_md, X509 *issuer, - STACK_OF(OCSP_CERTID) *ids) -{ - OCSP_CERTID *id; - const X509_NAME *iname; - ASN1_BIT_STRING *ikey; - ASN1_INTEGER *sno; - - if (issuer == NULL) { - BIO_printf(bio_err, "No issuer certificate specified\n"); - return 0; - } - if (*req == NULL) - *req = OCSP_REQUEST_new(); - if (*req == NULL) - goto err; - iname = X509_get_subject_name(issuer); - ikey = X509_get0_pubkey_bitstr(issuer); - sno = s2i_ASN1_INTEGER(NULL, serial); - if (sno == NULL) { - BIO_printf(bio_err, "Error converting serial number %s\n", serial); - return 0; - } - id = OCSP_cert_id_new(cert_id_md, iname, ikey, sno); - ASN1_INTEGER_free(sno); - if (id == NULL || !sk_OCSP_CERTID_push(ids, id)) - goto err; - if (!OCSP_request_add0_id(*req, id)) - goto err; - return 1; - - err: - BIO_printf(bio_err, "Error Creating OCSP request\n"); - return 0; -} - -static int print_ocsp_summary(BIO *out, OCSP_BASICRESP *bs, OCSP_REQUEST *req, - STACK_OF(OPENSSL_STRING) *names, - STACK_OF(OCSP_CERTID) *ids, long nsec, - long maxage) -{ - OCSP_CERTID *id; - const char *name; - int i, status, reason; - ASN1_GENERALIZEDTIME *rev, *thisupd, *nextupd; - int ret = 1; - - if (req == NULL || !sk_OPENSSL_STRING_num(names)) - return 1; - - if (bs == NULL || !sk_OCSP_CERTID_num(ids)) - return 0; - - for (i = 0; i < sk_OCSP_CERTID_num(ids); i++) { - id = sk_OCSP_CERTID_value(ids, i); - name = sk_OPENSSL_STRING_value(names, i); - BIO_printf(out, "%s: ", name); - - if (!OCSP_resp_find_status(bs, id, &status, &reason, - &rev, &thisupd, &nextupd)) { - BIO_puts(out, "ERROR: No Status found.\n"); - ret = 0; - continue; - } - - /* - * Check validity: if invalid write to output BIO so we know which - * response this refers to. - */ - if (!OCSP_check_validity(thisupd, nextupd, nsec, maxage)) { - BIO_puts(out, "WARNING: Status times invalid.\n"); - ERR_print_errors(out); - } - BIO_printf(out, "%s\n", OCSP_cert_status_str(status)); - - BIO_puts(out, "\tThis Update: "); - ASN1_GENERALIZEDTIME_print(out, thisupd); - BIO_puts(out, "\n"); - - if (nextupd) { - BIO_puts(out, "\tNext Update: "); - ASN1_GENERALIZEDTIME_print(out, nextupd); - BIO_puts(out, "\n"); - } - - if (status != V_OCSP_CERTSTATUS_REVOKED) - continue; - - if (reason != -1) - BIO_printf(out, "\tReason: %s\n", OCSP_crl_reason_str(reason)); - - BIO_puts(out, "\tRevocation Time: "); - ASN1_GENERALIZEDTIME_print(out, rev); - BIO_puts(out, "\n"); - } - return ret; -} - -static void make_ocsp_response(BIO *err, OCSP_RESPONSE **resp, OCSP_REQUEST *req, - CA_DB *db, STACK_OF(X509) *ca, X509 *rcert, - EVP_PKEY *rkey, const EVP_MD *rmd, - STACK_OF(OPENSSL_STRING) *sigopts, - STACK_OF(X509) *rother, unsigned long flags, - int nmin, int ndays, int badsig, - const EVP_MD *resp_md) -{ - ASN1_TIME *thisupd = NULL, *nextupd = NULL; - OCSP_CERTID *cid; - OCSP_BASICRESP *bs = NULL; - int i, id_count; - EVP_MD_CTX *mctx = NULL; - EVP_PKEY_CTX *pkctx = NULL; - - id_count = OCSP_request_onereq_count(req); - - if (id_count <= 0) { - *resp = - OCSP_response_create(OCSP_RESPONSE_STATUS_MALFORMEDREQUEST, NULL); - goto end; - } - - bs = OCSP_BASICRESP_new(); - thisupd = X509_gmtime_adj(NULL, 0); - if (ndays != -1) - nextupd = X509_time_adj_ex(NULL, ndays, nmin * 60, NULL); - - /* Examine each certificate id in the request */ - for (i = 0; i < id_count; i++) { - OCSP_ONEREQ *one; - ASN1_INTEGER *serial; - char **inf; - int jj; - int found = 0; - ASN1_OBJECT *cert_id_md_oid; - const EVP_MD *cert_id_md; - OCSP_CERTID *cid_resp_md = NULL; - - one = OCSP_request_onereq_get0(req, i); - cid = OCSP_onereq_get0_id(one); - - OCSP_id_get0_info(NULL, &cert_id_md_oid, NULL, NULL, cid); - - cert_id_md = EVP_get_digestbyobj(cert_id_md_oid); - if (cert_id_md == NULL) { - *resp = OCSP_response_create(OCSP_RESPONSE_STATUS_INTERNALERROR, - NULL); - goto end; - } - for (jj = 0; jj < sk_X509_num(ca) && !found; jj++) { - X509 *ca_cert = sk_X509_value(ca, jj); - OCSP_CERTID *ca_id = OCSP_cert_to_id(cert_id_md, NULL, ca_cert); - - if (OCSP_id_issuer_cmp(ca_id, cid) == 0) { - found = 1; - if (resp_md != NULL) - cid_resp_md = OCSP_cert_to_id(resp_md, NULL, ca_cert); - } - OCSP_CERTID_free(ca_id); - } - OCSP_id_get0_info(NULL, NULL, NULL, &serial, cid); - inf = lookup_serial(db, serial); - - /* at this point, we can have cid be an alias of cid_resp_md */ - cid = (cid_resp_md != NULL) ? cid_resp_md : cid; - - if (!found) { - OCSP_basic_add1_status(bs, cid, - V_OCSP_CERTSTATUS_UNKNOWN, - 0, NULL, thisupd, nextupd); - continue; - } - if (inf == NULL) { - OCSP_basic_add1_status(bs, cid, - V_OCSP_CERTSTATUS_UNKNOWN, - 0, NULL, thisupd, nextupd); - } else if (inf[DB_type][0] == DB_TYPE_VAL) { - OCSP_basic_add1_status(bs, cid, - V_OCSP_CERTSTATUS_GOOD, - 0, NULL, thisupd, nextupd); - } else if (inf[DB_type][0] == DB_TYPE_REV) { - ASN1_OBJECT *inst = NULL; - ASN1_TIME *revtm = NULL; - ASN1_GENERALIZEDTIME *invtm = NULL; - OCSP_SINGLERESP *single; - int reason = -1; - - unpack_revinfo(&revtm, &reason, &inst, &invtm, inf[DB_rev_date]); - single = OCSP_basic_add1_status(bs, cid, - V_OCSP_CERTSTATUS_REVOKED, - reason, revtm, thisupd, nextupd); - if (single == NULL) { - *resp = OCSP_response_create(OCSP_RESPONSE_STATUS_INTERNALERROR, - NULL); - goto end; - } - if (invtm != NULL) - OCSP_SINGLERESP_add1_ext_i2d(single, NID_invalidity_date, - invtm, 0, 0); - else if (inst != NULL) - OCSP_SINGLERESP_add1_ext_i2d(single, - NID_hold_instruction_code, inst, - 0, 0); - ASN1_OBJECT_free(inst); - ASN1_TIME_free(revtm); - ASN1_GENERALIZEDTIME_free(invtm); - } - OCSP_CERTID_free(cid_resp_md); - } - - OCSP_copy_nonce(bs, req); - - mctx = EVP_MD_CTX_new(); - if ( mctx == NULL || !EVP_DigestSignInit(mctx, &pkctx, rmd, NULL, rkey)) { - *resp = OCSP_response_create(OCSP_RESPONSE_STATUS_INTERNALERROR, NULL); - goto end; - } - for (i = 0; i < sk_OPENSSL_STRING_num(sigopts); i++) { - char *sigopt = sk_OPENSSL_STRING_value(sigopts, i); - - if (pkey_ctrl_string(pkctx, sigopt) <= 0) { - BIO_printf(err, "parameter error \"%s\"\n", sigopt); - ERR_print_errors(bio_err); - *resp = OCSP_response_create(OCSP_RESPONSE_STATUS_INTERNALERROR, - NULL); - goto end; - } - } - if (!OCSP_basic_sign_ctx(bs, rcert, mctx, rother, flags)) { - *resp = OCSP_response_create(OCSP_RESPONSE_STATUS_INTERNALERROR, bs); - goto end; - } - - if (badsig) { - const ASN1_OCTET_STRING *sig = OCSP_resp_get0_signature(bs); - corrupt_signature(sig); - } - - *resp = OCSP_response_create(OCSP_RESPONSE_STATUS_SUCCESSFUL, bs); - - end: - EVP_MD_CTX_free(mctx); - ASN1_TIME_free(thisupd); - ASN1_TIME_free(nextupd); - OCSP_BASICRESP_free(bs); -} - -static char **lookup_serial(CA_DB *db, ASN1_INTEGER *ser) -{ - int i; - BIGNUM *bn = NULL; - char *itmp, *row[DB_NUMBER], **rrow; - for (i = 0; i < DB_NUMBER; i++) - row[i] = NULL; - bn = ASN1_INTEGER_to_BN(ser, NULL); - OPENSSL_assert(bn); /* FIXME: should report an error at this - * point and abort */ - if (BN_is_zero(bn)) { - itmp = OPENSSL_strdup("00"); - OPENSSL_assert(itmp); - } else { - itmp = BN_bn2hex(bn); - } - row[DB_serial] = itmp; - BN_free(bn); - rrow = TXT_DB_get_by_index(db->db, DB_serial, row); - OPENSSL_free(itmp); - return rrow; -} - -static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio, - const char *port, int timeout) -{ -#ifndef OPENSSL_NO_SOCK - return http_server_get_asn1_req(ASN1_ITEM_rptr(OCSP_REQUEST), - (ASN1_VALUE **)preq, NULL, pcbio, acbio, - NULL /* found_keep_alive */, - prog, port, 1 /* accept_get */, timeout); -#else - BIO_printf(bio_err, - "Error getting OCSP request - sockets not supported\n"); - *preq = NULL; - return 0; -#endif -} - -static int send_ocsp_response(BIO *cbio, const OCSP_RESPONSE *resp) -{ -#ifndef OPENSSL_NO_SOCK - return http_server_send_asn1_resp(cbio, - 0 /* no keep-alive */, - "application/ocsp-response", - ASN1_ITEM_rptr(OCSP_RESPONSE), - (const ASN1_VALUE *)resp); -#else - BIO_printf(bio_err, - "Error sending OCSP response - sockets not supported\n"); - return 0; -#endif -} - -#ifndef OPENSSL_NO_SOCK -OCSP_RESPONSE *process_responder(OCSP_REQUEST *req, const char *host, - const char *port, const char *path, - const char *proxy, const char *no_proxy, - int use_ssl, STACK_OF(CONF_VALUE) *headers, - int req_timeout) -{ - SSL_CTX *ctx = NULL; - OCSP_RESPONSE *resp = NULL; - - if (use_ssl == 1) { - ctx = SSL_CTX_new(TLS_client_method()); - if (ctx == NULL) { - BIO_printf(bio_err, "Error creating SSL context.\n"); - goto end; - } - } - - resp = (OCSP_RESPONSE *) - app_http_post_asn1(host, port, path, proxy, no_proxy, - ctx, headers, "application/ocsp-request", - (ASN1_VALUE *)req, ASN1_ITEM_rptr(OCSP_REQUEST), - "application/ocsp-response", - req_timeout, ASN1_ITEM_rptr(OCSP_RESPONSE)); - - if (resp == NULL) - BIO_printf(bio_err, "Error querying OCSP responder\n"); - - end: - SSL_CTX_free(ctx); - return resp; -} -#endif diff --git a/apps/openssl-vms.cnf b/apps/openssl-vms.cnf deleted file mode 100644 index 59c6776a1e0e714a87e5709c009174ca12e092c5..0000000000000000000000000000000000000000 --- a/apps/openssl-vms.cnf +++ /dev/null @@ -1,390 +0,0 @@ -# -# OpenSSL example configuration file. -# See doc/man5/config.pod for more info. -# -# This is mostly being used for generation of certificate requests, -# but may be used for auto loading of providers - -# Note that you can include other files from the main configuration -# file using the .include directive. -#.include filename - -# This definition stops the following lines choking if HOME isn't -# defined. -HOME = . - - # Use this in order to automatically load providers. -openssl_conf = openssl_init - -# Comment out the next line to ignore configuration errors -config_diagnostics = 1 - -# Extra OBJECT IDENTIFIER info: -# oid_file = $ENV::HOME/.oid -oid_section = new_oids - -# To use this configuration file with the "-extfile" option of the -# "openssl x509" utility, name here the section containing the -# X.509v3 extensions to use: -# extensions = -# (Alternatively, use a configuration file that has only -# X.509v3 extensions in its main [= default] section.) - -[ new_oids ] -# We can add new OIDs in here for use by 'ca', 'req' and 'ts'. -# Add a simple OID like this: -# testoid1=1.2.3.4 -# Or use config file substitution like this: -# testoid2=${testoid1}.5.6 - -# Policies used by the TSA examples. -tsa_policy1 = 1.2.3.4.1 -tsa_policy2 = 1.2.3.4.5.6 -tsa_policy3 = 1.2.3.4.5.7 - -# For FIPS -# Optionally include a file that is generated by the OpenSSL fipsinstall -# application. This file contains configuration data required by the OpenSSL -# fips provider. It contains a named section e.g. [fips_sect] which is -# referenced from the [provider_sect] below. -# Refer to the OpenSSL security policy for more information. -# .include fipsmodule.cnf - -[openssl_init] -providers = provider_sect - -# List of providers to load -[provider_sect] -default = default_sect -# The fips section name should match the section name inside the -# included fipsmodule.cnf. -# fips = fips_sect - -# If no providers are activated explicitly, the default one is activated implicitly. -# See man 7 OSSL_PROVIDER-default for more details. -# -# If you add a section explicitly activating any other provider(s), you most -# probably need to explicitly activate the default provider, otherwise it -# becomes unavailable in openssl. As a consequence applications depending on -# OpenSSL may not work correctly which could lead to significant system -# problems including inability to remotely access the system. -[default_sect] -# activate = 1 - - -#################################################################### -[ ca ] -default_ca = CA_default # The default ca section - -#################################################################### -[ CA_default ] - -dir = sys\$disk:[.demoCA # Where everything is kept -certs = $dir.certs] # Where the issued certs are kept -crl_dir = $dir.crl] # Where the issued crl are kept -database = $dir]index.txt # database index file. -#unique_subject = no # Set to 'no' to allow creation of - # several certs with same subject. -new_certs_dir = $dir.newcerts] # default place for new certs. - -certificate = $dir]cacert.pem # The CA certificate -serial = $dir]serial. # The current serial number -crlnumber = $dir]crlnumber. # the current crl number - # must be commented out to leave a V1 CRL -crl = $dir]crl.pem # The current CRL -private_key = $dir.private]cakey.pem# The private key - -x509_extensions = usr_cert # The extensions to add to the cert - -# Comment out the following two lines for the "traditional" -# (and highly broken) format. -name_opt = ca_default # Subject Name options -cert_opt = ca_default # Certificate field options - -# Extension copying option: use with caution. -# copy_extensions = copy - -# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs -# so this is commented out by default to leave a V1 CRL. -# crlnumber must also be commented out to leave a V1 CRL. -# crl_extensions = crl_ext - -default_days = 365 # how long to certify for -default_crl_days= 30 # how long before next CRL -default_md = default # use public key default MD -preserve = no # keep passed DN ordering - -# A few difference way of specifying how similar the request should look -# For type CA, the listed attributes must be the same, and the optional -# and supplied fields are just that :-) -policy = policy_match - -# For the CA policy -[ policy_match ] -countryName = match -stateOrProvinceName = match -organizationName = match -organizationalUnitName = optional -commonName = supplied -emailAddress = optional - -# For the 'anything' policy -# At this point in time, you must list all acceptable 'object' -# types. -[ policy_anything ] -countryName = optional -stateOrProvinceName = optional -localityName = optional -organizationName = optional -organizationalUnitName = optional -commonName = supplied -emailAddress = optional - -#################################################################### -[ req ] -default_bits = 2048 -default_keyfile = privkey.pem -distinguished_name = req_distinguished_name -attributes = req_attributes -x509_extensions = v3_ca # The extensions to add to the self signed cert - -# Passwords for private keys if not present they will be prompted for -# input_password = secret -# output_password = secret - -# This sets a mask for permitted string types. There are several options. -# default: PrintableString, T61String, BMPString. -# pkix : PrintableString, BMPString (PKIX recommendation before 2004) -# utf8only: only UTF8Strings (PKIX recommendation after 2004). -# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings). -# MASK:XXXX a literal mask value. -# WARNING: ancient versions of Netscape crash on BMPStrings or UTF8Strings. -string_mask = utf8only - -# req_extensions = v3_req # The extensions to add to a certificate request - -[ req_distinguished_name ] -countryName = Country Name (2 letter code) -countryName_default = AU -countryName_min = 2 -countryName_max = 2 - -stateOrProvinceName = State or Province Name (full name) -stateOrProvinceName_default = Some-State - -localityName = Locality Name (eg, city) - -0.organizationName = Organization Name (eg, company) -0.organizationName_default = Internet Widgits Pty Ltd - -# we can do this but it is not needed normally :-) -#1.organizationName = Second Organization Name (eg, company) -#1.organizationName_default = World Wide Web Pty Ltd - -organizationalUnitName = Organizational Unit Name (eg, section) -#organizationalUnitName_default = - -commonName = Common Name (e.g. server FQDN or YOUR name) -commonName_max = 64 - -emailAddress = Email Address -emailAddress_max = 64 - -# SET-ex3 = SET extension number 3 - -[ req_attributes ] -challengePassword = A challenge password -challengePassword_min = 4 -challengePassword_max = 20 - -unstructuredName = An optional company name - -[ usr_cert ] - -# These extensions are added when 'ca' signs a request. - -# This goes against PKIX guidelines but some CAs do it and some software -# requires this to avoid interpreting an end user certificate as a CA. - -basicConstraints=CA:FALSE - -# This is typical in keyUsage for a client certificate. -# keyUsage = nonRepudiation, digitalSignature, keyEncipherment - -# PKIX recommendations harmless if included in all certificates. -subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid,issuer - -# This stuff is for subjectAltName and issuerAltname. -# Import the email address. -# subjectAltName=email:copy -# An alternative to produce certificates that aren't -# deprecated according to PKIX. -# subjectAltName=email:move - -# Copy subject details -# issuerAltName=issuer:copy - -# This is required for TSA certificates. -# extendedKeyUsage = critical,timeStamping - -[ v3_req ] - -# Extensions to add to a certificate request - -basicConstraints = CA:FALSE -keyUsage = nonRepudiation, digitalSignature, keyEncipherment - -[ v3_ca ] - - -# Extensions for a typical CA - - -# PKIX recommendation. - -subjectKeyIdentifier=hash - -authorityKeyIdentifier=keyid:always,issuer - -basicConstraints = critical,CA:true - -# Key usage: this is typical for a CA certificate. However since it will -# prevent it being used as an test self-signed certificate it is best -# left out by default. -# keyUsage = cRLSign, keyCertSign - -# Include email address in subject alt name: another PKIX recommendation -# subjectAltName=email:copy -# Copy issuer details -# issuerAltName=issuer:copy - -# DER hex encoding of an extension: beware experts only! -# obj=DER:02:03 -# Where 'obj' is a standard or added object -# You can even override a supported extension: -# basicConstraints= critical, DER:30:03:01:01:FF - -[ crl_ext ] - -# CRL extensions. -# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL. - -# issuerAltName=issuer:copy -authorityKeyIdentifier=keyid:always - -[ proxy_cert_ext ] -# These extensions should be added when creating a proxy certificate - -# This goes against PKIX guidelines but some CAs do it and some software -# requires this to avoid interpreting an end user certificate as a CA. - -basicConstraints=CA:FALSE - -# This is typical in keyUsage for a client certificate. -# keyUsage = nonRepudiation, digitalSignature, keyEncipherment - -# PKIX recommendations harmless if included in all certificates. -subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid,issuer - -# This stuff is for subjectAltName and issuerAltname. -# Import the email address. -# subjectAltName=email:copy -# An alternative to produce certificates that aren't -# deprecated according to PKIX. -# subjectAltName=email:move - -# Copy subject details -# issuerAltName=issuer:copy - -# This really needs to be in place for it to be a proxy certificate. -proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo - -#################################################################### -[ tsa ] - -default_tsa = tsa_config1 # the default TSA section - -[ tsa_config1 ] - -# These are used by the TSA reply generation only. -dir = sys\$disk:[.demoCA # TSA root directory -serial = $dir]tsaserial. # The current serial number (mandatory) -crypto_device = builtin # OpenSSL engine to use for signing -signer_cert = $dir/tsacert.pem # The TSA signing certificate - # (optional) -certs = $dir.cacert.pem] # Certificate chain to include in reply - # (optional) -signer_key = $dir/private/tsakey.pem # The TSA private key (optional) -signer_digest = sha256 # Signing digest to use. (Optional) -default_policy = tsa_policy1 # Policy if request did not specify it - # (optional) -other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional) -digests = sha1, sha256, sha384, sha512 # Acceptable message digests (mandatory) -accuracy = secs:1, millisecs:500, microsecs:100 # (optional) -clock_precision_digits = 0 # number of digits after dot. (optional) -ordering = yes # Is ordering defined for timestamps? - # (optional, default: no) -tsa_name = yes # Must the TSA name be included in the reply? - # (optional, default: no) -ess_cert_id_chain = no # Must the ESS cert id chain be included? - # (optional, default: no) -ess_cert_id_alg = sha1 # algorithm to compute certificate - # identifier (optional, default: sha1) - -[insta] # CMP using Insta Demo CA -# Message transfer -server = pki.certificate.fi:8700 -# proxy = # set this as far as needed, e.g., http://192.168.1.1:8080 -# tls_use = 0 -path = pkix/ - -# Server authentication -recipient = "/C=FI/O=Insta Demo/CN=Insta Demo CA" # or set srvcert or issuer -ignore_keyusage = 1 # potentially needed quirk -unprotected_errors = 1 # potentially needed quirk -extracertsout = insta.extracerts.pem - -# Client authentication -ref = 3078 # user identification -secret = pass:insta # can be used for both client and server side - -# Generic message options -cmd = ir # default operation, can be overridden on cmd line with, e.g., kur - -# Certificate enrollment -subject = "/CN=openssl-cmp-test" -newkey = insta.priv.pem -out_trusted = insta.ca.crt -certout = insta.cert.pem - -[pbm] # Password-based protection for Insta CA -# Server and client authentication -ref = $insta::ref # 3078 -secret = $insta::secret # pass:insta - -[signature] # Signature-based protection for Insta CA -# Server authentication -trusted = insta.ca.crt # does not include keyUsage digitalSignature - -# Client authentication -secret = # disable PBM -key = $insta::newkey # insta.priv.pem -cert = $insta::certout # insta.cert.pem - -[ir] -cmd = ir - -[cr] -cmd = cr - -[kur] -# Certificate update -cmd = kur -oldcert = $insta::certout # insta.cert.pem - -[rr] -# Certificate revocation -cmd = rr -oldcert = $insta::certout # insta.cert.pem diff --git a/apps/openssl.c b/apps/openssl.c deleted file mode 100644 index a3056c799f85706446575a6acbecb0672c71e62b..0000000000000000000000000000000000000000 --- a/apps/openssl.c +++ /dev/null @@ -1,482 +0,0 @@ -/* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#ifndef OPENSSL_NO_ENGINE -# include -#endif -#include -/* Needed to get the other O_xxx flags. */ -#ifdef OPENSSL_SYS_VMS -# include -#endif -#include "apps.h" -#include "progs.h" - -/* - * The LHASH callbacks ("hash" & "cmp") have been replaced by functions with - * the base prototypes (we cast each variable inside the function to the - * required type of "FUNCTION*"). This removes the necessity for - * macro-generated wrapper functions. - */ -static LHASH_OF(FUNCTION) *prog_init(void); -static int do_cmd(LHASH_OF(FUNCTION) *prog, int argc, char *argv[]); -char *default_config_file = NULL; - -BIO *bio_in = NULL; -BIO *bio_out = NULL; -BIO *bio_err = NULL; - -static void warn_deprecated(const FUNCTION *fp) -{ - if (fp->deprecated_version != NULL) - BIO_printf(bio_err, "The command %s was deprecated in version %s.", - fp->name, fp->deprecated_version); - else - BIO_printf(bio_err, "The command %s is deprecated.", fp->name); - if (strcmp(fp->deprecated_alternative, DEPRECATED_NO_ALTERNATIVE) != 0) - BIO_printf(bio_err, " Use '%s' instead.", fp->deprecated_alternative); - BIO_printf(bio_err, "\n"); -} - -static int apps_startup(void) -{ - const char *use_libctx = NULL; -#ifdef SIGPIPE - signal(SIGPIPE, SIG_IGN); -#endif - - /* Set non-default library initialisation settings */ - if (!OPENSSL_init_ssl(OPENSSL_INIT_ENGINE_ALL_BUILTIN - | OPENSSL_INIT_LOAD_CONFIG, NULL)) - return 0; - - (void)setup_ui_method(); - (void)setup_engine_loader(); - - /* - * NOTE: This is an undocumented feature required for testing only. - * There are no guarantees that it will exist in future builds. - */ - use_libctx = getenv("OPENSSL_TEST_LIBCTX"); - if (use_libctx != NULL) { - /* Set this to "1" to create a global libctx */ - if (strcmp(use_libctx, "1") == 0) { - if (app_create_libctx() == NULL) - return 0; - } - } - - return 1; -} - -static void apps_shutdown(void) -{ - app_providers_cleanup(); - OSSL_LIB_CTX_free(app_get0_libctx()); - destroy_engine_loader(); - destroy_ui_method(); -} - - -#ifndef OPENSSL_NO_TRACE -typedef struct tracedata_st { - BIO *bio; - unsigned int ingroup:1; -} tracedata; - -static size_t internal_trace_cb(const char *buf, size_t cnt, - int category, int cmd, void *vdata) -{ - int ret = 0; - tracedata *trace_data = vdata; - char buffer[256], *hex; - CRYPTO_THREAD_ID tid; - - switch (cmd) { - case OSSL_TRACE_CTRL_BEGIN: - if (trace_data->ingroup) { - BIO_printf(bio_err, "ERROR: tracing already started\n"); - return 0; - } - trace_data->ingroup = 1; - - tid = CRYPTO_THREAD_get_current_id(); - hex = OPENSSL_buf2hexstr((const unsigned char *)&tid, sizeof(tid)); - BIO_snprintf(buffer, sizeof(buffer), "TRACE[%s]:%s: ", - hex == NULL ? "" : hex, - OSSL_trace_get_category_name(category)); - OPENSSL_free(hex); - BIO_set_prefix(trace_data->bio, buffer); - break; - case OSSL_TRACE_CTRL_WRITE: - if (!trace_data->ingroup) { - BIO_printf(bio_err, "ERROR: writing when tracing not started\n"); - return 0; - } - - ret = BIO_write(trace_data->bio, buf, cnt); - break; - case OSSL_TRACE_CTRL_END: - if (!trace_data->ingroup) { - BIO_printf(bio_err, "ERROR: finishing when tracing not started\n"); - return 0; - } - trace_data->ingroup = 0; - - BIO_set_prefix(trace_data->bio, NULL); - - break; - } - - return ret < 0 ? 0 : ret; -} - -DEFINE_STACK_OF(tracedata) -static STACK_OF(tracedata) *trace_data_stack; - -static void tracedata_free(tracedata *data) -{ - BIO_free_all(data->bio); - OPENSSL_free(data); -} - -static STACK_OF(tracedata) *trace_data_stack; - -static void cleanup_trace(void) -{ - sk_tracedata_pop_free(trace_data_stack, tracedata_free); -} - -static void setup_trace_category(int category) -{ - BIO *channel; - tracedata *trace_data; - BIO *bio = NULL; - - if (OSSL_trace_enabled(category)) - return; - - bio = BIO_new(BIO_f_prefix()); - channel = BIO_push(bio, dup_bio_err(FORMAT_TEXT)); - trace_data = OPENSSL_zalloc(sizeof(*trace_data)); - - if (trace_data == NULL - || bio == NULL - || (trace_data->bio = channel) == NULL - || OSSL_trace_set_callback(category, internal_trace_cb, - trace_data) == 0 - || sk_tracedata_push(trace_data_stack, trace_data) == 0) { - - fprintf(stderr, - "warning: unable to setup trace callback for category '%s'.\n", - OSSL_trace_get_category_name(category)); - - OSSL_trace_set_callback(category, NULL, NULL); - BIO_free_all(channel); - } -} - -static void setup_trace(const char *str) -{ - char *val; - - /* - * We add this handler as early as possible to ensure it's executed - * as late as possible, i.e. after the TRACE code has done its cleanup - * (which happens last in OPENSSL_cleanup). - */ - atexit(cleanup_trace); - - trace_data_stack = sk_tracedata_new_null(); - val = OPENSSL_strdup(str); - - if (val != NULL) { - char *valp = val; - char *item; - - for (valp = val; (item = strtok(valp, ",")) != NULL; valp = NULL) { - int category = OSSL_trace_get_category_num(item); - - if (category == OSSL_TRACE_CATEGORY_ALL) { - while (++category < OSSL_TRACE_CATEGORY_NUM) - setup_trace_category(category); - break; - } else if (category > 0) { - setup_trace_category(category); - } else { - fprintf(stderr, - "warning: unknown trace category: '%s'.\n", item); - } - } - } - - OPENSSL_free(val); -} -#endif /* OPENSSL_NO_TRACE */ - -static char *help_argv[] = { "help", NULL }; - -int main(int argc, char *argv[]) -{ - FUNCTION f, *fp; - LHASH_OF(FUNCTION) *prog = NULL; - char *pname; - const char *fname; - ARGS arg; - int global_help = 0; - int ret = 0; - - arg.argv = NULL; - arg.size = 0; - - /* Set up some of the environment. */ - bio_in = dup_bio_in(FORMAT_TEXT); - bio_out = dup_bio_out(FORMAT_TEXT); - bio_err = dup_bio_err(FORMAT_TEXT); - -#if defined(OPENSSL_SYS_VMS) && defined(__DECC) - argv = copy_argv(&argc, argv); -#elif defined(_WIN32) - /* Replace argv[] with UTF-8 encoded strings. */ - win32_utf8argv(&argc, &argv); -#endif - -#ifndef OPENSSL_NO_TRACE - setup_trace(getenv("OPENSSL_TRACE")); -#endif - - if ((fname = "apps_startup", !apps_startup()) - || (fname = "prog_init", (prog = prog_init()) == NULL)) { - BIO_printf(bio_err, - "FATAL: Startup failure (dev note: %s()) for %s\n", - fname, argv[0]); - ERR_print_errors(bio_err); - ret = 1; - goto end; - } - pname = opt_progname(argv[0]); - - default_config_file = CONF_get1_default_config_file(); - if (default_config_file == NULL) - app_bail_out("%s: could not get default config file\n", pname); - - /* first check the program name */ - f.name = pname; - fp = lh_FUNCTION_retrieve(prog, &f); - if (fp == NULL) { - /* We assume we've been called as 'openssl ...' */ - global_help = argc > 1 - && (strcmp(argv[1], "-help") == 0 || strcmp(argv[1], "--help") == 0 - || strcmp(argv[1], "-h") == 0 || strcmp(argv[1], "--h") == 0); - argc--; - argv++; - opt_appname(argc == 1 || global_help ? "help" : argv[0]); - } else { - argv[0] = pname; - } - - /* If there's a command, run with that, otherwise "help". */ - ret = argc == 0 || global_help - ? do_cmd(prog, 1, help_argv) - : do_cmd(prog, argc, argv); - - end: - OPENSSL_free(default_config_file); - lh_FUNCTION_free(prog); - OPENSSL_free(arg.argv); - if (!app_RAND_write()) - ret = EXIT_FAILURE; - - BIO_free(bio_in); - BIO_free_all(bio_out); - apps_shutdown(); - BIO_free_all(bio_err); - EXIT(ret); -} - -typedef enum HELP_CHOICE { - OPT_hERR = -1, OPT_hEOF = 0, OPT_hHELP -} HELP_CHOICE; - -const OPTIONS help_options[] = { - {OPT_HELP_STR, 1, '-', "Usage: help [options] [command]\n"}, - - OPT_SECTION("General"), - {"help", OPT_hHELP, '-', "Display this summary"}, - - OPT_PARAMETERS(), - {"command", 0, 0, "Name of command to display help (optional)"}, - {NULL} -}; - - -int help_main(int argc, char **argv) -{ - FUNCTION *fp; - int i, nl; - FUNC_TYPE tp; - char *prog; - HELP_CHOICE o; - DISPLAY_COLUMNS dc; - char *new_argv[3]; - - prog = opt_init(argc, argv, help_options); - while ((o = opt_next()) != OPT_hEOF) { - switch (o) { - case OPT_hERR: - case OPT_hEOF: - BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); - return 1; - case OPT_hHELP: - opt_help(help_options); - return 0; - } - } - - /* One optional argument, the command to get help for. */ - if (opt_num_rest() == 1) { - new_argv[0] = opt_rest()[0]; - new_argv[1] = "--help"; - new_argv[2] = NULL; - return do_cmd(prog_init(), 2, new_argv); - } - if (opt_num_rest() != 0) { - BIO_printf(bio_err, "Usage: %s\n", prog); - return 1; - } - - calculate_columns(functions, &dc); - BIO_printf(bio_err, "%s:\n\nStandard commands", prog); - i = 0; - tp = FT_none; - for (fp = functions; fp->name != NULL; fp++) { - nl = 0; - if (i++ % dc.columns == 0) { - BIO_printf(bio_err, "\n"); - nl = 1; - } - if (fp->type != tp) { - tp = fp->type; - if (!nl) - BIO_printf(bio_err, "\n"); - if (tp == FT_md) { - i = 1; - BIO_printf(bio_err, - "\nMessage Digest commands (see the `dgst' command for more details)\n"); - } else if (tp == FT_cipher) { - i = 1; - BIO_printf(bio_err, - "\nCipher commands (see the `enc' command for more details)\n"); - } - } - BIO_printf(bio_err, "%-*s", dc.width, fp->name); - } - BIO_printf(bio_err, "\n\n"); - return 0; -} - -static int do_cmd(LHASH_OF(FUNCTION) *prog, int argc, char *argv[]) -{ - FUNCTION f, *fp; - - if (argc <= 0 || argv[0] == NULL) - return 0; - memset(&f, 0, sizeof(f)); - f.name = argv[0]; - fp = lh_FUNCTION_retrieve(prog, &f); - if (fp == NULL) { - if (EVP_get_digestbyname(argv[0])) { - f.type = FT_md; - f.func = dgst_main; - fp = &f; - } else if (EVP_get_cipherbyname(argv[0])) { - f.type = FT_cipher; - f.func = enc_main; - fp = &f; - } - } - if (fp != NULL) { - if (fp->deprecated_alternative != NULL) - warn_deprecated(fp); - return fp->func(argc, argv); - } - if ((strncmp(argv[0], "no-", 3)) == 0) { - /* - * User is asking if foo is unsupported, by trying to "run" the - * no-foo command. Strange. - */ - f.name = argv[0] + 3; - if (lh_FUNCTION_retrieve(prog, &f) == NULL) { - BIO_printf(bio_out, "%s\n", argv[0]); - return 0; - } - BIO_printf(bio_out, "%s\n", argv[0] + 3); - return 1; - } - - BIO_printf(bio_err, "Invalid command '%s'; type \"help\" for a list.\n", - argv[0]); - return 1; -} - -static int function_cmp(const FUNCTION * a, const FUNCTION * b) -{ - return strncmp(a->name, b->name, 8); -} - -static unsigned long function_hash(const FUNCTION * a) -{ - return OPENSSL_LH_strhash(a->name); -} - -static int SortFnByName(const void *_f1, const void *_f2) -{ - const FUNCTION *f1 = _f1; - const FUNCTION *f2 = _f2; - - if (f1->type != f2->type) - return f1->type - f2->type; - return strcmp(f1->name, f2->name); -} - -static LHASH_OF(FUNCTION) *prog_init(void) -{ - static LHASH_OF(FUNCTION) *ret = NULL; - static int prog_inited = 0; - FUNCTION *f; - size_t i; - - if (prog_inited) - return ret; - - prog_inited = 1; - - /* Sort alphabetically within category. For nicer help displays. */ - for (i = 0, f = functions; f->name != NULL; ++f, ++i) - ; - qsort(functions, i, sizeof(*functions), SortFnByName); - - if ((ret = lh_FUNCTION_new(function_hash, function_cmp)) == NULL) - return NULL; - - for (f = functions; f->name != NULL; f++) - (void)lh_FUNCTION_insert(ret, f); - return ret; -} diff --git a/apps/openssl.cnf b/apps/openssl.cnf deleted file mode 100644 index 03330e0120a291fc10e942f0d25f6f5af16f776f..0000000000000000000000000000000000000000 --- a/apps/openssl.cnf +++ /dev/null @@ -1,390 +0,0 @@ -# -# OpenSSL example configuration file. -# See doc/man5/config.pod for more info. -# -# This is mostly being used for generation of certificate requests, -# but may be used for auto loading of providers - -# Note that you can include other files from the main configuration -# file using the .include directive. -#.include filename - -# This definition stops the following lines choking if HOME isn't -# defined. -HOME = . - - # Use this in order to automatically load providers. -openssl_conf = openssl_init - -# Comment out the next line to ignore configuration errors -config_diagnostics = 1 - -# Extra OBJECT IDENTIFIER info: -# oid_file = $ENV::HOME/.oid -oid_section = new_oids - -# To use this configuration file with the "-extfile" option of the -# "openssl x509" utility, name here the section containing the -# X.509v3 extensions to use: -# extensions = -# (Alternatively, use a configuration file that has only -# X.509v3 extensions in its main [= default] section.) - -[ new_oids ] -# We can add new OIDs in here for use by 'ca', 'req' and 'ts'. -# Add a simple OID like this: -# testoid1=1.2.3.4 -# Or use config file substitution like this: -# testoid2=${testoid1}.5.6 - -# Policies used by the TSA examples. -tsa_policy1 = 1.2.3.4.1 -tsa_policy2 = 1.2.3.4.5.6 -tsa_policy3 = 1.2.3.4.5.7 - -# For FIPS -# Optionally include a file that is generated by the OpenSSL fipsinstall -# application. This file contains configuration data required by the OpenSSL -# fips provider. It contains a named section e.g. [fips_sect] which is -# referenced from the [provider_sect] below. -# Refer to the OpenSSL security policy for more information. -# .include fipsmodule.cnf - -[openssl_init] -providers = provider_sect - -# List of providers to load -[provider_sect] -default = default_sect -# The fips section name should match the section name inside the -# included fipsmodule.cnf. -# fips = fips_sect - -# If no providers are activated explicitly, the default one is activated implicitly. -# See man 7 OSSL_PROVIDER-default for more details. -# -# If you add a section explicitly activating any other provider(s), you most -# probably need to explicitly activate the default provider, otherwise it -# becomes unavailable in openssl. As a consequence applications depending on -# OpenSSL may not work correctly which could lead to significant system -# problems including inability to remotely access the system. -[default_sect] -# activate = 1 - - -#################################################################### -[ ca ] -default_ca = CA_default # The default ca section - -#################################################################### -[ CA_default ] - -dir = ./demoCA # Where everything is kept -certs = $dir/certs # Where the issued certs are kept -crl_dir = $dir/crl # Where the issued crl are kept -database = $dir/index.txt # database index file. -#unique_subject = no # Set to 'no' to allow creation of - # several certs with same subject. -new_certs_dir = $dir/newcerts # default place for new certs. - -certificate = $dir/cacert.pem # The CA certificate -serial = $dir/serial # The current serial number -crlnumber = $dir/crlnumber # the current crl number - # must be commented out to leave a V1 CRL -crl = $dir/crl.pem # The current CRL -private_key = $dir/private/cakey.pem# The private key - -x509_extensions = usr_cert # The extensions to add to the cert - -# Comment out the following two lines for the "traditional" -# (and highly broken) format. -name_opt = ca_default # Subject Name options -cert_opt = ca_default # Certificate field options - -# Extension copying option: use with caution. -# copy_extensions = copy - -# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs -# so this is commented out by default to leave a V1 CRL. -# crlnumber must also be commented out to leave a V1 CRL. -# crl_extensions = crl_ext - -default_days = 365 # how long to certify for -default_crl_days= 30 # how long before next CRL -default_md = default # use public key default MD -preserve = no # keep passed DN ordering - -# A few difference way of specifying how similar the request should look -# For type CA, the listed attributes must be the same, and the optional -# and supplied fields are just that :-) -policy = policy_match - -# For the CA policy -[ policy_match ] -countryName = match -stateOrProvinceName = match -organizationName = match -organizationalUnitName = optional -commonName = supplied -emailAddress = optional - -# For the 'anything' policy -# At this point in time, you must list all acceptable 'object' -# types. -[ policy_anything ] -countryName = optional -stateOrProvinceName = optional -localityName = optional -organizationName = optional -organizationalUnitName = optional -commonName = supplied -emailAddress = optional - -#################################################################### -[ req ] -default_bits = 2048 -default_keyfile = privkey.pem -distinguished_name = req_distinguished_name -attributes = req_attributes -x509_extensions = v3_ca # The extensions to add to the self signed cert - -# Passwords for private keys if not present they will be prompted for -# input_password = secret -# output_password = secret - -# This sets a mask for permitted string types. There are several options. -# default: PrintableString, T61String, BMPString. -# pkix : PrintableString, BMPString (PKIX recommendation before 2004) -# utf8only: only UTF8Strings (PKIX recommendation after 2004). -# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings). -# MASK:XXXX a literal mask value. -# WARNING: ancient versions of Netscape crash on BMPStrings or UTF8Strings. -string_mask = utf8only - -# req_extensions = v3_req # The extensions to add to a certificate request - -[ req_distinguished_name ] -countryName = Country Name (2 letter code) -countryName_default = AU -countryName_min = 2 -countryName_max = 2 - -stateOrProvinceName = State or Province Name (full name) -stateOrProvinceName_default = Some-State - -localityName = Locality Name (eg, city) - -0.organizationName = Organization Name (eg, company) -0.organizationName_default = Internet Widgits Pty Ltd - -# we can do this but it is not needed normally :-) -#1.organizationName = Second Organization Name (eg, company) -#1.organizationName_default = World Wide Web Pty Ltd - -organizationalUnitName = Organizational Unit Name (eg, section) -#organizationalUnitName_default = - -commonName = Common Name (e.g. server FQDN or YOUR name) -commonName_max = 64 - -emailAddress = Email Address -emailAddress_max = 64 - -# SET-ex3 = SET extension number 3 - -[ req_attributes ] -challengePassword = A challenge password -challengePassword_min = 4 -challengePassword_max = 20 - -unstructuredName = An optional company name - -[ usr_cert ] - -# These extensions are added when 'ca' signs a request. - -# This goes against PKIX guidelines but some CAs do it and some software -# requires this to avoid interpreting an end user certificate as a CA. - -basicConstraints=CA:FALSE - -# This is typical in keyUsage for a client certificate. -# keyUsage = nonRepudiation, digitalSignature, keyEncipherment - -# PKIX recommendations harmless if included in all certificates. -subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid,issuer - -# This stuff is for subjectAltName and issuerAltname. -# Import the email address. -# subjectAltName=email:copy -# An alternative to produce certificates that aren't -# deprecated according to PKIX. -# subjectAltName=email:move - -# Copy subject details -# issuerAltName=issuer:copy - -# This is required for TSA certificates. -# extendedKeyUsage = critical,timeStamping - -[ v3_req ] - -# Extensions to add to a certificate request - -basicConstraints = CA:FALSE -keyUsage = nonRepudiation, digitalSignature, keyEncipherment - -[ v3_ca ] - - -# Extensions for a typical CA - - -# PKIX recommendation. - -subjectKeyIdentifier=hash - -authorityKeyIdentifier=keyid:always,issuer - -basicConstraints = critical,CA:true - -# Key usage: this is typical for a CA certificate. However since it will -# prevent it being used as an test self-signed certificate it is best -# left out by default. -# keyUsage = cRLSign, keyCertSign - -# Include email address in subject alt name: another PKIX recommendation -# subjectAltName=email:copy -# Copy issuer details -# issuerAltName=issuer:copy - -# DER hex encoding of an extension: beware experts only! -# obj=DER:02:03 -# Where 'obj' is a standard or added object -# You can even override a supported extension: -# basicConstraints= critical, DER:30:03:01:01:FF - -[ crl_ext ] - -# CRL extensions. -# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL. - -# issuerAltName=issuer:copy -authorityKeyIdentifier=keyid:always - -[ proxy_cert_ext ] -# These extensions should be added when creating a proxy certificate - -# This goes against PKIX guidelines but some CAs do it and some software -# requires this to avoid interpreting an end user certificate as a CA. - -basicConstraints=CA:FALSE - -# This is typical in keyUsage for a client certificate. -# keyUsage = nonRepudiation, digitalSignature, keyEncipherment - -# PKIX recommendations harmless if included in all certificates. -subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid,issuer - -# This stuff is for subjectAltName and issuerAltname. -# Import the email address. -# subjectAltName=email:copy -# An alternative to produce certificates that aren't -# deprecated according to PKIX. -# subjectAltName=email:move - -# Copy subject details -# issuerAltName=issuer:copy - -# This really needs to be in place for it to be a proxy certificate. -proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo - -#################################################################### -[ tsa ] - -default_tsa = tsa_config1 # the default TSA section - -[ tsa_config1 ] - -# These are used by the TSA reply generation only. -dir = ./demoCA # TSA root directory -serial = $dir/tsaserial # The current serial number (mandatory) -crypto_device = builtin # OpenSSL engine to use for signing -signer_cert = $dir/tsacert.pem # The TSA signing certificate - # (optional) -certs = $dir/cacert.pem # Certificate chain to include in reply - # (optional) -signer_key = $dir/private/tsakey.pem # The TSA private key (optional) -signer_digest = sha256 # Signing digest to use. (Optional) -default_policy = tsa_policy1 # Policy if request did not specify it - # (optional) -other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional) -digests = sha1, sha256, sha384, sha512 # Acceptable message digests (mandatory) -accuracy = secs:1, millisecs:500, microsecs:100 # (optional) -clock_precision_digits = 0 # number of digits after dot. (optional) -ordering = yes # Is ordering defined for timestamps? - # (optional, default: no) -tsa_name = yes # Must the TSA name be included in the reply? - # (optional, default: no) -ess_cert_id_chain = no # Must the ESS cert id chain be included? - # (optional, default: no) -ess_cert_id_alg = sha1 # algorithm to compute certificate - # identifier (optional, default: sha1) - -[insta] # CMP using Insta Demo CA -# Message transfer -server = pki.certificate.fi:8700 -# proxy = # set this as far as needed, e.g., http://192.168.1.1:8080 -# tls_use = 0 -path = pkix/ - -# Server authentication -recipient = "/C=FI/O=Insta Demo/CN=Insta Demo CA" # or set srvcert or issuer -ignore_keyusage = 1 # potentially needed quirk -unprotected_errors = 1 # potentially needed quirk -extracertsout = insta.extracerts.pem - -# Client authentication -ref = 3078 # user identification -secret = pass:insta # can be used for both client and server side - -# Generic message options -cmd = ir # default operation, can be overridden on cmd line with, e.g., kur - -# Certificate enrollment -subject = "/CN=openssl-cmp-test" -newkey = insta.priv.pem -out_trusted = insta.ca.crt -certout = insta.cert.pem - -[pbm] # Password-based protection for Insta CA -# Server and client authentication -ref = $insta::ref # 3078 -secret = $insta::secret # pass:insta - -[signature] # Signature-based protection for Insta CA -# Server authentication -trusted = insta.ca.crt # does not include keyUsage digitalSignature - -# Client authentication -secret = # disable PBM -key = $insta::newkey # insta.priv.pem -cert = $insta::certout # insta.cert.pem - -[ir] -cmd = ir - -[cr] -cmd = cr - -[kur] -# Certificate update -cmd = kur -oldcert = $insta::certout # insta.cert.pem - -[rr] -# Certificate revocation -cmd = rr -oldcert = $insta::certout # insta.cert.pem diff --git a/apps/passwd.c b/apps/passwd.c deleted file mode 100644 index 64b2e76c147ae4d885ca50194aeedf87018e73c3..0000000000000000000000000000000000000000 --- a/apps/passwd.c +++ /dev/null @@ -1,847 +0,0 @@ -/* - * Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include - -#include "apps.h" -#include "progs.h" - -#include -#include -#include -#include -#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_DEPRECATED_3_0) -# include -#endif -#include -#include - -static const unsigned char cov_2char[64] = { - /* from crypto/des/fcrypt.c */ - 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, - 0x36, 0x37, 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, - 0x45, 0x46, 0x47, 0x48, 0x49, 0x4A, 0x4B, 0x4C, - 0x4D, 0x4E, 0x4F, 0x50, 0x51, 0x52, 0x53, 0x54, - 0x55, 0x56, 0x57, 0x58, 0x59, 0x5A, 0x61, 0x62, - 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6A, - 0x6B, 0x6C, 0x6D, 0x6E, 0x6F, 0x70, 0x71, 0x72, - 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7A -}; - -static const char ascii_dollar[] = { 0x24, 0x00 }; - -typedef enum { - passwd_unset = 0, - passwd_md5, - passwd_apr1, - passwd_sha256, - passwd_sha512, - passwd_aixmd5 -} passwd_modes; - -static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p, - char *passwd, BIO *out, int quiet, int table, - int reverse, size_t pw_maxlen, passwd_modes mode); - -typedef enum OPTION_choice { - OPT_COMMON, - OPT_IN, - OPT_NOVERIFY, OPT_QUIET, OPT_TABLE, OPT_REVERSE, OPT_APR1, - OPT_1, OPT_5, OPT_6, OPT_AIXMD5, OPT_SALT, OPT_STDIN, - OPT_R_ENUM, OPT_PROV_ENUM -} OPTION_CHOICE; - -const OPTIONS passwd_options[] = { - {OPT_HELP_STR, 1, '-', "Usage: %s [options] [password]\n"}, - - OPT_SECTION("General"), - {"help", OPT_HELP, '-', "Display this summary"}, - - OPT_SECTION("Input"), - {"in", OPT_IN, '<', "Read passwords from file"}, - {"noverify", OPT_NOVERIFY, '-', - "Never verify when reading password from terminal"}, - {"stdin", OPT_STDIN, '-', "Read passwords from stdin"}, - - OPT_SECTION("Output"), - {"quiet", OPT_QUIET, '-', "No warnings"}, - {"table", OPT_TABLE, '-', "Format output as table"}, - {"reverse", OPT_REVERSE, '-', "Switch table columns"}, - - OPT_SECTION("Cryptographic"), - {"salt", OPT_SALT, 's', "Use provided salt"}, - {"6", OPT_6, '-', "SHA512-based password algorithm"}, - {"5", OPT_5, '-', "SHA256-based password algorithm"}, - {"apr1", OPT_APR1, '-', "MD5-based password algorithm, Apache variant"}, - {"1", OPT_1, '-', "MD5-based password algorithm"}, - {"aixmd5", OPT_AIXMD5, '-', "AIX MD5-based password algorithm"}, - - OPT_R_OPTIONS, - OPT_PROV_OPTIONS, - - OPT_PARAMETERS(), - {"password", 0, 0, "Password text to digest (optional)"}, - {NULL} -}; - -int passwd_main(int argc, char **argv) -{ - BIO *in = NULL; - char *infile = NULL, *salt = NULL, *passwd = NULL, **passwds = NULL; - char *salt_malloc = NULL, *passwd_malloc = NULL, *prog; - OPTION_CHOICE o; - int in_stdin = 0, pw_source_defined = 0; -#ifndef OPENSSL_NO_UI_CONSOLE - int in_noverify = 0; -#endif - int passed_salt = 0, quiet = 0, table = 0, reverse = 0; - int ret = 1; - passwd_modes mode = passwd_unset; - size_t passwd_malloc_size = 0; - size_t pw_maxlen = 256; /* arbitrary limit, should be enough for most - * passwords */ - - prog = opt_init(argc, argv, passwd_options); - while ((o = opt_next()) != OPT_EOF) { - switch (o) { - case OPT_EOF: - case OPT_ERR: - opthelp: - BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); - goto end; - case OPT_HELP: - opt_help(passwd_options); - ret = 0; - goto end; - case OPT_IN: - if (pw_source_defined) - goto opthelp; - infile = opt_arg(); - pw_source_defined = 1; - break; - case OPT_NOVERIFY: -#ifndef OPENSSL_NO_UI_CONSOLE - in_noverify = 1; -#endif - break; - case OPT_QUIET: - quiet = 1; - break; - case OPT_TABLE: - table = 1; - break; - case OPT_REVERSE: - reverse = 1; - break; - case OPT_1: - if (mode != passwd_unset) - goto opthelp; - mode = passwd_md5; - break; - case OPT_5: - if (mode != passwd_unset) - goto opthelp; - mode = passwd_sha256; - break; - case OPT_6: - if (mode != passwd_unset) - goto opthelp; - mode = passwd_sha512; - break; - case OPT_APR1: - if (mode != passwd_unset) - goto opthelp; - mode = passwd_apr1; - break; - case OPT_AIXMD5: - if (mode != passwd_unset) - goto opthelp; - mode = passwd_aixmd5; - break; - case OPT_SALT: - passed_salt = 1; - salt = opt_arg(); - break; - case OPT_STDIN: - if (pw_source_defined) - goto opthelp; - in_stdin = 1; - pw_source_defined = 1; - break; - case OPT_R_CASES: - if (!opt_rand(o)) - goto end; - break; - case OPT_PROV_CASES: - if (!opt_provider(o)) - goto end; - break; - } - } - - /* All remaining arguments are the password text */ - argc = opt_num_rest(); - argv = opt_rest(); - if (*argv != NULL) { - if (pw_source_defined) - goto opthelp; - pw_source_defined = 1; - passwds = argv; - } - - if (!app_RAND_load()) - goto end; - - if (mode == passwd_unset) { - /* use default */ - mode = passwd_md5; - } - - if (infile != NULL && in_stdin) { - BIO_printf(bio_err, "%s: Can't combine -in and -stdin\n", prog); - goto end; - } - - if (infile != NULL || in_stdin) { - /* - * If in_stdin is true, we know that infile is NULL, and that - * bio_open_default() will give us back an alias for stdin. - */ - in = bio_open_default(infile, 'r', FORMAT_TEXT); - if (in == NULL) - goto end; - } - - if (passwds == NULL) { - /* no passwords on the command line */ - - passwd_malloc_size = pw_maxlen + 2; - /* longer than necessary so that we can warn about truncation */ - passwd = passwd_malloc = - app_malloc(passwd_malloc_size, "password buffer"); - } - - if ((in == NULL) && (passwds == NULL)) { - /* - * we use the following method to make sure what - * in the 'else' section is always compiled, to - * avoid rot of not-frequently-used code. - */ - if (1) { -#ifndef OPENSSL_NO_UI_CONSOLE - /* build a null-terminated list */ - static char *passwds_static[2] = { NULL, NULL }; - - passwds = passwds_static; - if (in == NULL) { - if (EVP_read_pw_string - (passwd_malloc, passwd_malloc_size, "Password: ", - !(passed_salt || in_noverify)) != 0) - goto end; - } - passwds[0] = passwd_malloc; - } else { -#endif - BIO_printf(bio_err, "password required\n"); - goto end; - } - } - - if (in == NULL) { - assert(passwds != NULL); - assert(*passwds != NULL); - - do { /* loop over list of passwords */ - passwd = *passwds++; - if (!do_passwd(passed_salt, &salt, &salt_malloc, passwd, bio_out, - quiet, table, reverse, pw_maxlen, mode)) - goto end; - } while (*passwds != NULL); - } else { - /* in != NULL */ - int done; - - assert(passwd != NULL); - do { - int r = BIO_gets(in, passwd, pw_maxlen + 1); - if (r > 0) { - char *c = (strchr(passwd, '\n')); - if (c != NULL) { - *c = 0; /* truncate at newline */ - } else { - /* ignore rest of line */ - char trash[BUFSIZ]; - do - r = BIO_gets(in, trash, sizeof(trash)); - while ((r > 0) && (!strchr(trash, '\n'))); - } - - if (!do_passwd - (passed_salt, &salt, &salt_malloc, passwd, bio_out, quiet, - table, reverse, pw_maxlen, mode)) - goto end; - } - done = (r <= 0); - } while (!done); - } - ret = 0; - - end: -#if 0 - ERR_print_errors(bio_err); -#endif - OPENSSL_free(salt_malloc); - OPENSSL_free(passwd_malloc); - BIO_free(in); - return ret; -} - -/* - * MD5-based password algorithm (should probably be available as a library - * function; then the static buffer would not be acceptable). For magic - * string "1", this should be compatible to the MD5-based BSD password - * algorithm. For 'magic' string "apr1", this is compatible to the MD5-based - * Apache password algorithm. (Apparently, the Apache password algorithm is - * identical except that the 'magic' string was changed -- the laziest - * application of the NIH principle I've ever encountered.) - */ -static char *md5crypt(const char *passwd, const char *magic, const char *salt) -{ - /* "$apr1$..salt..$.......md5hash..........\0" */ - static char out_buf[6 + 9 + 24 + 2]; - unsigned char buf[MD5_DIGEST_LENGTH]; - char ascii_magic[5]; /* "apr1" plus '\0' */ - char ascii_salt[9]; /* Max 8 chars plus '\0' */ - char *ascii_passwd = NULL; - char *salt_out; - int n; - unsigned int i; - EVP_MD_CTX *md = NULL, *md2 = NULL; - size_t passwd_len, salt_len, magic_len; - - passwd_len = strlen(passwd); - - out_buf[0] = 0; - magic_len = strlen(magic); - OPENSSL_strlcpy(ascii_magic, magic, sizeof(ascii_magic)); -#ifdef CHARSET_EBCDIC - if ((magic[0] & 0x80) != 0) /* High bit is 1 in EBCDIC alnums */ - ebcdic2ascii(ascii_magic, ascii_magic, magic_len); -#endif - - /* The salt gets truncated to 8 chars */ - OPENSSL_strlcpy(ascii_salt, salt, sizeof(ascii_salt)); - salt_len = strlen(ascii_salt); -#ifdef CHARSET_EBCDIC - ebcdic2ascii(ascii_salt, ascii_salt, salt_len); -#endif - -#ifdef CHARSET_EBCDIC - ascii_passwd = OPENSSL_strdup(passwd); - if (ascii_passwd == NULL) - return NULL; - ebcdic2ascii(ascii_passwd, ascii_passwd, passwd_len); - passwd = ascii_passwd; -#endif - - if (magic_len > 0) { - OPENSSL_strlcat(out_buf, ascii_dollar, sizeof(out_buf)); - - if (magic_len > 4) /* assert it's "1" or "apr1" */ - goto err; - - OPENSSL_strlcat(out_buf, ascii_magic, sizeof(out_buf)); - OPENSSL_strlcat(out_buf, ascii_dollar, sizeof(out_buf)); - } - - OPENSSL_strlcat(out_buf, ascii_salt, sizeof(out_buf)); - - if (strlen(out_buf) > 6 + 8) /* assert "$apr1$..salt.." */ - goto err; - - salt_out = out_buf; - if (magic_len > 0) - salt_out += 2 + magic_len; - - if (salt_len > 8) - goto err; - - md = EVP_MD_CTX_new(); - if (md == NULL - || !EVP_DigestInit_ex(md, EVP_md5(), NULL) - || !EVP_DigestUpdate(md, passwd, passwd_len)) - goto err; - - if (magic_len > 0) - if (!EVP_DigestUpdate(md, ascii_dollar, 1) - || !EVP_DigestUpdate(md, ascii_magic, magic_len) - || !EVP_DigestUpdate(md, ascii_dollar, 1)) - goto err; - - if (!EVP_DigestUpdate(md, ascii_salt, salt_len)) - goto err; - - md2 = EVP_MD_CTX_new(); - if (md2 == NULL - || !EVP_DigestInit_ex(md2, EVP_md5(), NULL) - || !EVP_DigestUpdate(md2, passwd, passwd_len) - || !EVP_DigestUpdate(md2, ascii_salt, salt_len) - || !EVP_DigestUpdate(md2, passwd, passwd_len) - || !EVP_DigestFinal_ex(md2, buf, NULL)) - goto err; - - for (i = passwd_len; i > sizeof(buf); i -= sizeof(buf)) { - if (!EVP_DigestUpdate(md, buf, sizeof(buf))) - goto err; - } - if (!EVP_DigestUpdate(md, buf, i)) - goto err; - - n = passwd_len; - while (n) { - if (!EVP_DigestUpdate(md, (n & 1) ? "\0" : passwd, 1)) - goto err; - n >>= 1; - } - if (!EVP_DigestFinal_ex(md, buf, NULL)) - goto err; - - for (i = 0; i < 1000; i++) { - if (!EVP_DigestInit_ex(md2, EVP_md5(), NULL)) - goto err; - if (!EVP_DigestUpdate(md2, - (i & 1) ? (const unsigned char *)passwd : buf, - (i & 1) ? passwd_len : sizeof(buf))) - goto err; - if (i % 3) { - if (!EVP_DigestUpdate(md2, ascii_salt, salt_len)) - goto err; - } - if (i % 7) { - if (!EVP_DigestUpdate(md2, passwd, passwd_len)) - goto err; - } - if (!EVP_DigestUpdate(md2, - (i & 1) ? buf : (const unsigned char *)passwd, - (i & 1) ? sizeof(buf) : passwd_len)) - goto err; - if (!EVP_DigestFinal_ex(md2, buf, NULL)) - goto err; - } - EVP_MD_CTX_free(md2); - EVP_MD_CTX_free(md); - md2 = NULL; - md = NULL; - - { - /* transform buf into output string */ - unsigned char buf_perm[sizeof(buf)]; - int dest, source; - char *output; - - /* silly output permutation */ - for (dest = 0, source = 0; dest < 14; - dest++, source = (source + 6) % 17) - buf_perm[dest] = buf[source]; - buf_perm[14] = buf[5]; - buf_perm[15] = buf[11]; -# ifndef PEDANTIC /* Unfortunately, this generates a "no - * effect" warning */ - assert(16 == sizeof(buf_perm)); -# endif - - output = salt_out + salt_len; - assert(output == out_buf + strlen(out_buf)); - - *output++ = ascii_dollar[0]; - - for (i = 0; i < 15; i += 3) { - *output++ = cov_2char[buf_perm[i + 2] & 0x3f]; - *output++ = cov_2char[((buf_perm[i + 1] & 0xf) << 2) | - (buf_perm[i + 2] >> 6)]; - *output++ = cov_2char[((buf_perm[i] & 3) << 4) | - (buf_perm[i + 1] >> 4)]; - *output++ = cov_2char[buf_perm[i] >> 2]; - } - assert(i == 15); - *output++ = cov_2char[buf_perm[i] & 0x3f]; - *output++ = cov_2char[buf_perm[i] >> 6]; - *output = 0; - assert(strlen(out_buf) < sizeof(out_buf)); -#ifdef CHARSET_EBCDIC - ascii2ebcdic(out_buf, out_buf, strlen(out_buf)); -#endif - } - - return out_buf; - - err: - OPENSSL_free(ascii_passwd); - EVP_MD_CTX_free(md2); - EVP_MD_CTX_free(md); - return NULL; -} - -/* - * SHA based password algorithm, describe by Ulrich Drepper here: - * https://www.akkadia.org/drepper/SHA-crypt.txt - * (note that it's in the public domain) - */ -static char *shacrypt(const char *passwd, const char *magic, const char *salt) -{ - /* Prefix for optional rounds specification. */ - static const char rounds_prefix[] = "rounds="; - /* Maximum salt string length. */ -# define SALT_LEN_MAX 16 - /* Default number of rounds if not explicitly specified. */ -# define ROUNDS_DEFAULT 5000 - /* Minimum number of rounds. */ -# define ROUNDS_MIN 1000 - /* Maximum number of rounds. */ -# define ROUNDS_MAX 999999999 - - /* "$6$rounds=$......salt......$...shahash(up to 86 chars)...\0" */ - static char out_buf[3 + 17 + 17 + 86 + 1]; - unsigned char buf[SHA512_DIGEST_LENGTH]; - unsigned char temp_buf[SHA512_DIGEST_LENGTH]; - size_t buf_size = 0; - char ascii_magic[2]; - char ascii_salt[17]; /* Max 16 chars plus '\0' */ - char *ascii_passwd = NULL; - size_t n; - EVP_MD_CTX *md = NULL, *md2 = NULL; - const EVP_MD *sha = NULL; - size_t passwd_len, salt_len, magic_len; - unsigned int rounds = ROUNDS_DEFAULT; /* Default */ - char rounds_custom = 0; - char *p_bytes = NULL; - char *s_bytes = NULL; - char *cp = NULL; - - passwd_len = strlen(passwd); - magic_len = strlen(magic); - - /* assert it's "5" or "6" */ - if (magic_len != 1) - return NULL; - - switch (magic[0]) { - case '5': - sha = EVP_sha256(); - buf_size = 32; - break; - case '6': - sha = EVP_sha512(); - buf_size = 64; - break; - default: - return NULL; - } - - if (strncmp(salt, rounds_prefix, sizeof(rounds_prefix) - 1) == 0) { - const char *num = salt + sizeof(rounds_prefix) - 1; - char *endp; - unsigned long int srounds = strtoul (num, &endp, 10); - if (*endp == '$') { - salt = endp + 1; - if (srounds > ROUNDS_MAX) - rounds = ROUNDS_MAX; - else if (srounds < ROUNDS_MIN) - rounds = ROUNDS_MIN; - else - rounds = (unsigned int)srounds; - rounds_custom = 1; - } else { - return NULL; - } - } - - OPENSSL_strlcpy(ascii_magic, magic, sizeof(ascii_magic)); -#ifdef CHARSET_EBCDIC - if ((magic[0] & 0x80) != 0) /* High bit is 1 in EBCDIC alnums */ - ebcdic2ascii(ascii_magic, ascii_magic, magic_len); -#endif - - /* The salt gets truncated to 16 chars */ - OPENSSL_strlcpy(ascii_salt, salt, sizeof(ascii_salt)); - salt_len = strlen(ascii_salt); -#ifdef CHARSET_EBCDIC - ebcdic2ascii(ascii_salt, ascii_salt, salt_len); -#endif - -#ifdef CHARSET_EBCDIC - ascii_passwd = OPENSSL_strdup(passwd); - if (ascii_passwd == NULL) - return NULL; - ebcdic2ascii(ascii_passwd, ascii_passwd, passwd_len); - passwd = ascii_passwd; -#endif - - out_buf[0] = 0; - OPENSSL_strlcat(out_buf, ascii_dollar, sizeof(out_buf)); - OPENSSL_strlcat(out_buf, ascii_magic, sizeof(out_buf)); - OPENSSL_strlcat(out_buf, ascii_dollar, sizeof(out_buf)); - if (rounds_custom) { - char tmp_buf[80]; /* "rounds=999999999" */ - sprintf(tmp_buf, "rounds=%u", rounds); -#ifdef CHARSET_EBCDIC - /* In case we're really on a ASCII based platform and just pretend */ - if (tmp_buf[0] != 0x72) /* ASCII 'r' */ - ebcdic2ascii(tmp_buf, tmp_buf, strlen(tmp_buf)); -#endif - OPENSSL_strlcat(out_buf, tmp_buf, sizeof(out_buf)); - OPENSSL_strlcat(out_buf, ascii_dollar, sizeof(out_buf)); - } - OPENSSL_strlcat(out_buf, ascii_salt, sizeof(out_buf)); - - /* assert "$5$rounds=999999999$......salt......" */ - if (strlen(out_buf) > 3 + 17 * rounds_custom + salt_len ) - goto err; - - md = EVP_MD_CTX_new(); - if (md == NULL - || !EVP_DigestInit_ex(md, sha, NULL) - || !EVP_DigestUpdate(md, passwd, passwd_len) - || !EVP_DigestUpdate(md, ascii_salt, salt_len)) - goto err; - - md2 = EVP_MD_CTX_new(); - if (md2 == NULL - || !EVP_DigestInit_ex(md2, sha, NULL) - || !EVP_DigestUpdate(md2, passwd, passwd_len) - || !EVP_DigestUpdate(md2, ascii_salt, salt_len) - || !EVP_DigestUpdate(md2, passwd, passwd_len) - || !EVP_DigestFinal_ex(md2, buf, NULL)) - goto err; - - for (n = passwd_len; n > buf_size; n -= buf_size) { - if (!EVP_DigestUpdate(md, buf, buf_size)) - goto err; - } - if (!EVP_DigestUpdate(md, buf, n)) - goto err; - - n = passwd_len; - while (n) { - if (!EVP_DigestUpdate(md, - (n & 1) ? buf : (const unsigned char *)passwd, - (n & 1) ? buf_size : passwd_len)) - goto err; - n >>= 1; - } - if (!EVP_DigestFinal_ex(md, buf, NULL)) - goto err; - - /* P sequence */ - if (!EVP_DigestInit_ex(md2, sha, NULL)) - goto err; - - for (n = passwd_len; n > 0; n--) - if (!EVP_DigestUpdate(md2, passwd, passwd_len)) - goto err; - - if (!EVP_DigestFinal_ex(md2, temp_buf, NULL)) - goto err; - - if ((p_bytes = OPENSSL_zalloc(passwd_len)) == NULL) - goto err; - for (cp = p_bytes, n = passwd_len; n > buf_size; n -= buf_size, cp += buf_size) - memcpy(cp, temp_buf, buf_size); - memcpy(cp, temp_buf, n); - - /* S sequence */ - if (!EVP_DigestInit_ex(md2, sha, NULL)) - goto err; - - for (n = 16 + buf[0]; n > 0; n--) - if (!EVP_DigestUpdate(md2, ascii_salt, salt_len)) - goto err; - - if (!EVP_DigestFinal_ex(md2, temp_buf, NULL)) - goto err; - - if ((s_bytes = OPENSSL_zalloc(salt_len)) == NULL) - goto err; - for (cp = s_bytes, n = salt_len; n > buf_size; n -= buf_size, cp += buf_size) - memcpy(cp, temp_buf, buf_size); - memcpy(cp, temp_buf, n); - - for (n = 0; n < rounds; n++) { - if (!EVP_DigestInit_ex(md2, sha, NULL)) - goto err; - if (!EVP_DigestUpdate(md2, - (n & 1) ? (const unsigned char *)p_bytes : buf, - (n & 1) ? passwd_len : buf_size)) - goto err; - if (n % 3) { - if (!EVP_DigestUpdate(md2, s_bytes, salt_len)) - goto err; - } - if (n % 7) { - if (!EVP_DigestUpdate(md2, p_bytes, passwd_len)) - goto err; - } - if (!EVP_DigestUpdate(md2, - (n & 1) ? buf : (const unsigned char *)p_bytes, - (n & 1) ? buf_size : passwd_len)) - goto err; - if (!EVP_DigestFinal_ex(md2, buf, NULL)) - goto err; - } - EVP_MD_CTX_free(md2); - EVP_MD_CTX_free(md); - md2 = NULL; - md = NULL; - OPENSSL_free(p_bytes); - OPENSSL_free(s_bytes); - p_bytes = NULL; - s_bytes = NULL; - - cp = out_buf + strlen(out_buf); - *cp++ = ascii_dollar[0]; - -# define b64_from_24bit(B2, B1, B0, N) \ - do { \ - unsigned int w = ((B2) << 16) | ((B1) << 8) | (B0); \ - int i = (N); \ - while (i-- > 0) \ - { \ - *cp++ = cov_2char[w & 0x3f]; \ - w >>= 6; \ - } \ - } while (0) - - switch (magic[0]) { - case '5': - b64_from_24bit (buf[0], buf[10], buf[20], 4); - b64_from_24bit (buf[21], buf[1], buf[11], 4); - b64_from_24bit (buf[12], buf[22], buf[2], 4); - b64_from_24bit (buf[3], buf[13], buf[23], 4); - b64_from_24bit (buf[24], buf[4], buf[14], 4); - b64_from_24bit (buf[15], buf[25], buf[5], 4); - b64_from_24bit (buf[6], buf[16], buf[26], 4); - b64_from_24bit (buf[27], buf[7], buf[17], 4); - b64_from_24bit (buf[18], buf[28], buf[8], 4); - b64_from_24bit (buf[9], buf[19], buf[29], 4); - b64_from_24bit (0, buf[31], buf[30], 3); - break; - case '6': - b64_from_24bit (buf[0], buf[21], buf[42], 4); - b64_from_24bit (buf[22], buf[43], buf[1], 4); - b64_from_24bit (buf[44], buf[2], buf[23], 4); - b64_from_24bit (buf[3], buf[24], buf[45], 4); - b64_from_24bit (buf[25], buf[46], buf[4], 4); - b64_from_24bit (buf[47], buf[5], buf[26], 4); - b64_from_24bit (buf[6], buf[27], buf[48], 4); - b64_from_24bit (buf[28], buf[49], buf[7], 4); - b64_from_24bit (buf[50], buf[8], buf[29], 4); - b64_from_24bit (buf[9], buf[30], buf[51], 4); - b64_from_24bit (buf[31], buf[52], buf[10], 4); - b64_from_24bit (buf[53], buf[11], buf[32], 4); - b64_from_24bit (buf[12], buf[33], buf[54], 4); - b64_from_24bit (buf[34], buf[55], buf[13], 4); - b64_from_24bit (buf[56], buf[14], buf[35], 4); - b64_from_24bit (buf[15], buf[36], buf[57], 4); - b64_from_24bit (buf[37], buf[58], buf[16], 4); - b64_from_24bit (buf[59], buf[17], buf[38], 4); - b64_from_24bit (buf[18], buf[39], buf[60], 4); - b64_from_24bit (buf[40], buf[61], buf[19], 4); - b64_from_24bit (buf[62], buf[20], buf[41], 4); - b64_from_24bit (0, 0, buf[63], 2); - break; - default: - goto err; - } - *cp = '\0'; -#ifdef CHARSET_EBCDIC - ascii2ebcdic(out_buf, out_buf, strlen(out_buf)); -#endif - - return out_buf; - - err: - EVP_MD_CTX_free(md2); - EVP_MD_CTX_free(md); - OPENSSL_free(p_bytes); - OPENSSL_free(s_bytes); - OPENSSL_free(ascii_passwd); - return NULL; -} - -static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p, - char *passwd, BIO *out, int quiet, int table, - int reverse, size_t pw_maxlen, passwd_modes mode) -{ - char *hash = NULL; - - assert(salt_p != NULL); - assert(salt_malloc_p != NULL); - - /* first make sure we have a salt */ - if (!passed_salt) { - size_t saltlen = 0; - size_t i; - - if (mode == passwd_md5 || mode == passwd_apr1 || mode == passwd_aixmd5) - saltlen = 8; - - if (mode == passwd_sha256 || mode == passwd_sha512) - saltlen = 16; - - assert(saltlen != 0); - - if (*salt_malloc_p == NULL) - *salt_p = *salt_malloc_p = app_malloc(saltlen + 1, "salt buffer"); - if (RAND_bytes((unsigned char *)*salt_p, saltlen) <= 0) - goto end; - - for (i = 0; i < saltlen; i++) - (*salt_p)[i] = cov_2char[(*salt_p)[i] & 0x3f]; /* 6 bits */ - (*salt_p)[i] = 0; -# ifdef CHARSET_EBCDIC - /* The password encryption function will convert back to ASCII */ - ascii2ebcdic(*salt_p, *salt_p, saltlen); -# endif - } - - assert(*salt_p != NULL); - - /* truncate password if necessary */ - if ((strlen(passwd) > pw_maxlen)) { - if (!quiet) - /* - * XXX: really we should know how to print a size_t, not cast it - */ - BIO_printf(bio_err, - "Warning: truncating password to %u characters\n", - (unsigned)pw_maxlen); - passwd[pw_maxlen] = 0; - } - assert(strlen(passwd) <= pw_maxlen); - - /* now compute password hash */ - if (mode == passwd_md5 || mode == passwd_apr1) - hash = md5crypt(passwd, (mode == passwd_md5 ? "1" : "apr1"), *salt_p); - if (mode == passwd_aixmd5) - hash = md5crypt(passwd, "", *salt_p); - if (mode == passwd_sha256 || mode == passwd_sha512) - hash = shacrypt(passwd, (mode == passwd_sha256 ? "5" : "6"), *salt_p); - assert(hash != NULL); - - if (table && !reverse) - BIO_printf(out, "%s\t%s\n", passwd, hash); - else if (table && reverse) - BIO_printf(out, "%s\t%s\n", hash, passwd); - else - BIO_printf(out, "%s\n", hash); - return 1; - - end: - return 0; -} diff --git a/apps/pkcs12.c b/apps/pkcs12.c deleted file mode 100644 index b442d358f8b7038009901cf29b4aa3ee07430fbd..0000000000000000000000000000000000000000 --- a/apps/pkcs12.c +++ /dev/null @@ -1,1231 +0,0 @@ -/* - * Copyright 1999-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include - -#include -#include -#include -#include "apps.h" -#include "progs.h" -#include -#include -#include -#include -#include -#include - -#define NOKEYS 0x1 -#define NOCERTS 0x2 -#define INFO 0x4 -#define CLCERTS 0x8 -#define CACERTS 0x10 - -#define PASSWD_BUF_SIZE 2048 - -#define WARN_EXPORT(opt) \ - BIO_printf(bio_err, "Warning: -%s option ignored with -export\n", opt); -#define WARN_NO_EXPORT(opt) \ - BIO_printf(bio_err, "Warning: -%s option ignored without -export\n", opt); - -static int get_cert_chain(X509 *cert, X509_STORE *store, - STACK_OF(X509) *untrusted_certs, - STACK_OF(X509) **chain); -int dump_certs_keys_p12(BIO *out, const PKCS12 *p12, - const char *pass, int passlen, int options, - char *pempass, const EVP_CIPHER *enc); -int dump_certs_pkeys_bags(BIO *out, const STACK_OF(PKCS12_SAFEBAG) *bags, - const char *pass, int passlen, int options, - char *pempass, const EVP_CIPHER *enc); -int dump_certs_pkeys_bag(BIO *out, const PKCS12_SAFEBAG *bags, - const char *pass, int passlen, - int options, char *pempass, const EVP_CIPHER *enc); -void print_attribute(BIO *out, const ASN1_TYPE *av); -int print_attribs(BIO *out, const STACK_OF(X509_ATTRIBUTE) *attrlst, - const char *name); -void hex_prin(BIO *out, unsigned char *buf, int len); -static int alg_print(const X509_ALGOR *alg); -int cert_load(BIO *in, STACK_OF(X509) *sk); -static int set_pbe(int *ppbe, const char *str); - -typedef enum OPTION_choice { - OPT_COMMON, - OPT_CIPHER, OPT_NOKEYS, OPT_KEYEX, OPT_KEYSIG, OPT_NOCERTS, OPT_CLCERTS, - OPT_CACERTS, OPT_NOOUT, OPT_INFO, OPT_CHAIN, OPT_TWOPASS, OPT_NOMACVER, -#ifndef OPENSSL_NO_DES - OPT_DESCERT, -#endif - OPT_EXPORT, OPT_ITER, OPT_NOITER, OPT_MACITER, OPT_NOMACITER, - OPT_NOMAC, OPT_LMK, OPT_NODES, OPT_NOENC, OPT_MACALG, OPT_CERTPBE, OPT_KEYPBE, - OPT_INKEY, OPT_CERTFILE, OPT_UNTRUSTED, OPT_PASSCERTS, - OPT_NAME, OPT_CSP, OPT_CANAME, - OPT_IN, OPT_OUT, OPT_PASSIN, OPT_PASSOUT, OPT_PASSWORD, OPT_CAPATH, - OPT_CAFILE, OPT_CASTORE, OPT_NOCAPATH, OPT_NOCAFILE, OPT_NOCASTORE, OPT_ENGINE, - OPT_R_ENUM, OPT_PROV_ENUM, -#ifndef OPENSSL_NO_DES - OPT_LEGACY_ALG -#endif -} OPTION_CHOICE; - -const OPTIONS pkcs12_options[] = { - OPT_SECTION("General"), - {"help", OPT_HELP, '-', "Display this summary"}, - {"in", OPT_IN, '<', "Input file"}, - {"out", OPT_OUT, '>', "Output file"}, - {"passin", OPT_PASSIN, 's', "Input file pass phrase source"}, - {"passout", OPT_PASSOUT, 's', "Output file pass phrase source"}, - {"password", OPT_PASSWORD, 's', "Set PKCS#12 import/export password source"}, - {"twopass", OPT_TWOPASS, '-', "Separate MAC, encryption passwords"}, - {"nokeys", OPT_NOKEYS, '-', "Don't output private keys"}, - {"nocerts", OPT_NOCERTS, '-', "Don't output certificates"}, - {"noout", OPT_NOOUT, '-', "Don't output anything, just verify PKCS#12 input"}, -#ifndef OPENSSL_NO_DES - {"legacy", OPT_LEGACY_ALG, '-', -# ifdef OPENSSL_NO_RC2 - "Use legacy encryption algorithm 3DES_CBC for keys and certs" -# else - "Use legacy encryption: 3DES_CBC for keys, RC2_CBC for certs" -# endif - }, -#endif -#ifndef OPENSSL_NO_ENGINE - {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, -#endif - OPT_PROV_OPTIONS, - OPT_R_OPTIONS, - - OPT_SECTION("PKCS#12 import (parsing PKCS#12)"), - {"info", OPT_INFO, '-', "Print info about PKCS#12 structure"}, - {"nomacver", OPT_NOMACVER, '-', "Don't verify integrity MAC"}, - {"clcerts", OPT_CLCERTS, '-', "Only output client certificates"}, - {"cacerts", OPT_CACERTS, '-', "Only output CA certificates"}, - {"", OPT_CIPHER, '-', "Any supported cipher for output encryption"}, - {"noenc", OPT_NOENC, '-', "Don't encrypt private keys"}, - {"nodes", OPT_NODES, '-', "Don't encrypt private keys; deprecated"}, - - OPT_SECTION("PKCS#12 output (export)"), - {"export", OPT_EXPORT, '-', "Create PKCS12 file"}, - {"inkey", OPT_INKEY, 's', "Private key, else read from -in input file"}, - {"certfile", OPT_CERTFILE, '<', "Extra certificates for PKCS12 output"}, - {"passcerts", OPT_PASSCERTS, 's', "Certificate file pass phrase source"}, - {"chain", OPT_CHAIN, '-', "Build and add certificate chain for EE cert,"}, - {OPT_MORE_STR, 0, 0, - "which is the 1st cert from -in matching the private key (if given)"}, - {"untrusted", OPT_UNTRUSTED, '<', "Untrusted certificates for chain building"}, - {"CAfile", OPT_CAFILE, '<', "PEM-format file of CA's"}, - {"CApath", OPT_CAPATH, '/', "PEM-format directory of CA's"}, - {"CAstore", OPT_CASTORE, ':', "URI to store of CA's"}, - {"no-CAfile", OPT_NOCAFILE, '-', - "Do not load the default certificates file"}, - {"no-CApath", OPT_NOCAPATH, '-', - "Do not load certificates from the default certificates directory"}, - {"no-CAstore", OPT_NOCASTORE, '-', - "Do not load certificates from the default certificates store"}, - {"name", OPT_NAME, 's', "Use name as friendly name"}, - {"caname", OPT_CANAME, 's', - "Use name as CA friendly name (can be repeated)"}, - {"CSP", OPT_CSP, 's', "Microsoft CSP name"}, - {"LMK", OPT_LMK, '-', - "Add local machine keyset attribute to private key"}, - {"keyex", OPT_KEYEX, '-', "Set key type to MS key exchange"}, - {"keysig", OPT_KEYSIG, '-', "Set key type to MS key signature"}, - {"keypbe", OPT_KEYPBE, 's', "Private key PBE algorithm (default AES-256 CBC)"}, - {"certpbe", OPT_CERTPBE, 's', - "Certificate PBE algorithm (default PBES2 with PBKDF2 and AES-256 CBC)"}, -#ifndef OPENSSL_NO_DES - {"descert", OPT_DESCERT, '-', - "Encrypt output with 3DES (default PBES2 with PBKDF2 and AES-256 CBC)"}, -#endif - {"macalg", OPT_MACALG, 's', - "Digest algorithm to use in MAC (default SHA256)"}, - {"iter", OPT_ITER, 'p', "Specify the iteration count for encryption and MAC"}, - {"noiter", OPT_NOITER, '-', "Don't use encryption iteration"}, - {"nomaciter", OPT_NOMACITER, '-', "Don't use MAC iteration)"}, - {"maciter", OPT_MACITER, '-', "Unused, kept for backwards compatibility"}, - {"nomac", OPT_NOMAC, '-', "Don't generate MAC"}, - {NULL} -}; - -int pkcs12_main(int argc, char **argv) -{ - char *infile = NULL, *outfile = NULL, *keyname = NULL, *certfile = NULL; - char *untrusted = NULL, *ciphername = NULL, *enc_flag = NULL; - char *passcertsarg = NULL, *passcerts = NULL; - char *name = NULL, *csp_name = NULL; - char pass[PASSWD_BUF_SIZE] = "", macpass[PASSWD_BUF_SIZE] = ""; - int export_pkcs12 = 0, options = 0, chain = 0, twopass = 0, keytype = 0; -#ifndef OPENSSL_NO_DES - int use_legacy = 0; -#endif - /* use library defaults for the iter, maciter, cert, and key PBE */ - int iter = 0, maciter = 0; - int cert_pbe = NID_undef; - int key_pbe = NID_undef; - int ret = 1, macver = 1, add_lmk = 0, private = 0; - int noprompt = 0; - char *passinarg = NULL, *passoutarg = NULL, *passarg = NULL; - char *passin = NULL, *passout = NULL, *macalg = NULL; - char *cpass = NULL, *mpass = NULL, *badpass = NULL; - const char *CApath = NULL, *CAfile = NULL, *CAstore = NULL, *prog; - int noCApath = 0, noCAfile = 0, noCAstore = 0; - ENGINE *e = NULL; - BIO *in = NULL, *out = NULL; - PKCS12 *p12 = NULL; - STACK_OF(OPENSSL_STRING) *canames = NULL; - EVP_CIPHER *default_enc = (EVP_CIPHER *)EVP_aes_256_cbc(); - EVP_CIPHER *enc = (EVP_CIPHER *)default_enc; - OPTION_CHOICE o; - - prog = opt_init(argc, argv, pkcs12_options); - while ((o = opt_next()) != OPT_EOF) { - switch (o) { - case OPT_EOF: - case OPT_ERR: - opthelp: - BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); - goto end; - case OPT_HELP: - opt_help(pkcs12_options); - ret = 0; - goto end; - case OPT_NOKEYS: - options |= NOKEYS; - break; - case OPT_KEYEX: - keytype = KEY_EX; - break; - case OPT_KEYSIG: - keytype = KEY_SIG; - break; - case OPT_NOCERTS: - options |= NOCERTS; - break; - case OPT_CLCERTS: - options |= CLCERTS; - break; - case OPT_CACERTS: - options |= CACERTS; - break; - case OPT_NOOUT: - options |= (NOKEYS | NOCERTS); - break; - case OPT_INFO: - options |= INFO; - break; - case OPT_CHAIN: - chain = 1; - break; - case OPT_TWOPASS: - twopass = 1; - break; - case OPT_NOMACVER: - macver = 0; - break; -#ifndef OPENSSL_NO_DES - case OPT_DESCERT: - cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; - break; -#endif - case OPT_EXPORT: - export_pkcs12 = 1; - break; - case OPT_NODES: - case OPT_NOENC: - /* - * |enc_flag| stores the name of the option used so it - * can be printed if an error message is output. - */ - enc_flag = opt_flag() + 1; - enc = NULL; - ciphername = NULL; - break; - case OPT_CIPHER: - ciphername = opt_unknown(); - enc_flag = opt_unknown(); - break; - case OPT_ITER: - maciter = iter = opt_int_arg(); - break; - case OPT_NOITER: - iter = 1; - break; - case OPT_MACITER: - /* no-op */ - break; - case OPT_NOMACITER: - maciter = 1; - break; - case OPT_NOMAC: - cert_pbe = -1; - maciter = -1; - break; - case OPT_MACALG: - macalg = opt_arg(); - break; - case OPT_CERTPBE: - if (!set_pbe(&cert_pbe, opt_arg())) - goto opthelp; - break; - case OPT_KEYPBE: - if (!set_pbe(&key_pbe, opt_arg())) - goto opthelp; - break; - case OPT_R_CASES: - if (!opt_rand(o)) - goto end; - break; - case OPT_INKEY: - keyname = opt_arg(); - break; - case OPT_CERTFILE: - certfile = opt_arg(); - break; - case OPT_UNTRUSTED: - untrusted = opt_arg(); - break; - case OPT_PASSCERTS: - passcertsarg = opt_arg(); - break; - case OPT_NAME: - name = opt_arg(); - break; - case OPT_LMK: - add_lmk = 1; - break; - case OPT_CSP: - csp_name = opt_arg(); - break; - case OPT_CANAME: - if (canames == NULL - && (canames = sk_OPENSSL_STRING_new_null()) == NULL) - goto end; - sk_OPENSSL_STRING_push(canames, opt_arg()); - break; - case OPT_IN: - infile = opt_arg(); - break; - case OPT_OUT: - outfile = opt_arg(); - break; - case OPT_PASSIN: - passinarg = opt_arg(); - break; - case OPT_PASSOUT: - passoutarg = opt_arg(); - break; - case OPT_PASSWORD: - passarg = opt_arg(); - break; - case OPT_CAPATH: - CApath = opt_arg(); - break; - case OPT_CASTORE: - CAstore = opt_arg(); - break; - case OPT_CAFILE: - CAfile = opt_arg(); - break; - case OPT_NOCAPATH: - noCApath = 1; - break; - case OPT_NOCASTORE: - noCAstore = 1; - break; - case OPT_NOCAFILE: - noCAfile = 1; - break; - case OPT_ENGINE: - e = setup_engine(opt_arg(), 0); - break; -#ifndef OPENSSL_NO_DES - case OPT_LEGACY_ALG: - use_legacy = 1; - break; -#endif - case OPT_PROV_CASES: - if (!opt_provider(o)) - goto end; - break; - } - } - - /* No extra arguments. */ - argc = opt_num_rest(); - if (argc != 0) - goto opthelp; - - if (!app_RAND_load()) - goto end; - - if (ciphername != NULL) { - if (!opt_cipher_any(ciphername, &enc)) - goto opthelp; - } - if (export_pkcs12) { - if ((options & INFO) != 0) - WARN_EXPORT("info"); - if (macver == 0) - WARN_EXPORT("nomacver"); - if ((options & CLCERTS) != 0) - WARN_EXPORT("clcerts"); - if ((options & CACERTS) != 0) - WARN_EXPORT("cacerts"); - if (enc != default_enc) - BIO_printf(bio_err, - "Warning: output encryption option -%s ignored with -export\n", enc_flag); - } else { - if (keyname != NULL) - WARN_NO_EXPORT("inkey"); - if (certfile != NULL) - WARN_NO_EXPORT("certfile"); - if (passcertsarg != NULL) - WARN_NO_EXPORT("passcerts"); - if (chain) - WARN_NO_EXPORT("chain"); - if (untrusted != NULL) - WARN_NO_EXPORT("untrusted"); - if (CAfile != NULL) - WARN_NO_EXPORT("CAfile"); - if (CApath != NULL) - WARN_NO_EXPORT("CApath"); - if (CAstore != NULL) - WARN_NO_EXPORT("CAstore"); - if (noCAfile) - WARN_NO_EXPORT("no-CAfile"); - if (noCApath) - WARN_NO_EXPORT("no-CApath"); - if (noCAstore) - WARN_NO_EXPORT("no-CAstore"); - if (name != NULL) - WARN_NO_EXPORT("name"); - if (canames != NULL) - WARN_NO_EXPORT("caname"); - if (csp_name != NULL) - WARN_NO_EXPORT("CSP"); - if (add_lmk) - WARN_NO_EXPORT("LMK"); - if (keytype == KEY_EX) - WARN_NO_EXPORT("keyex"); - if (keytype == KEY_SIG) - WARN_NO_EXPORT("keysig"); - if (key_pbe != NID_undef) - WARN_NO_EXPORT("keypbe"); - if (cert_pbe != NID_undef && cert_pbe != -1) - WARN_NO_EXPORT("certpbe and -descert"); - if (macalg != NULL) - WARN_NO_EXPORT("macalg"); - if (iter != 0) - WARN_NO_EXPORT("iter and -noiter"); - if (maciter == 1) - WARN_NO_EXPORT("nomaciter"); - if (cert_pbe == -1 && maciter == -1) - WARN_NO_EXPORT("nomac"); - } -#ifndef OPENSSL_NO_DES - if (use_legacy) { - /* load the legacy provider if not loaded already*/ - if (!OSSL_PROVIDER_available(app_get0_libctx(), "legacy")) { - if (!app_provider_load(app_get0_libctx(), "legacy")) - goto end; - /* load the default provider explicitly */ - if (!app_provider_load(app_get0_libctx(), "default")) - goto end; - } - if (cert_pbe == NID_undef) { - /* Adapt default algorithm */ -# ifndef OPENSSL_NO_RC2 - cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC; -# else - cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; -# endif - } - - if (key_pbe == NID_undef) - key_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; - if (enc == default_enc) - enc = (EVP_CIPHER *)EVP_des_ede3_cbc(); - if (macalg == NULL) - macalg = "sha1"; - } -#endif - - private = 1; - - if (!app_passwd(passcertsarg, NULL, &passcerts, NULL)) { - BIO_printf(bio_err, "Error getting certificate file password\n"); - goto end; - } - - if (passarg != NULL) { - if (export_pkcs12) - passoutarg = passarg; - else - passinarg = passarg; - } - - if (!app_passwd(passinarg, passoutarg, &passin, &passout)) { - BIO_printf(bio_err, "Error getting passwords\n"); - goto end; - } - - if (cpass == NULL) { - if (export_pkcs12) - cpass = passout; - else - cpass = passin; - } - - if (cpass != NULL) { - mpass = cpass; - noprompt = 1; - if (twopass) { - if (export_pkcs12) - BIO_printf(bio_err, "Option -twopass cannot be used with -passout or -password\n"); - else - BIO_printf(bio_err, "Option -twopass cannot be used with -passin or -password\n"); - goto end; - } - } else { - cpass = pass; - mpass = macpass; - } - - if (twopass) { - /* To avoid bit rot */ - if (1) { -#ifndef OPENSSL_NO_UI_CONSOLE - if (EVP_read_pw_string( - macpass, sizeof(macpass), "Enter MAC Password:", export_pkcs12)) { - BIO_printf(bio_err, "Can't read Password\n"); - goto end; - } - } else { -#endif - BIO_printf(bio_err, "Unsupported option -twopass\n"); - goto end; - } - } - - if (export_pkcs12) { - EVP_PKEY *key = NULL; - X509 *ee_cert = NULL, *x = NULL; - STACK_OF(X509) *certs = NULL; - STACK_OF(X509) *untrusted_certs = NULL; - EVP_MD *macmd = NULL; - unsigned char *catmp = NULL; - int i; - - if ((options & (NOCERTS | NOKEYS)) == (NOCERTS | NOKEYS)) { - BIO_printf(bio_err, "Nothing to export due to -noout or -nocerts and -nokeys\n"); - goto export_end; - } - - if ((options & NOCERTS) != 0) { - chain = 0; - BIO_printf(bio_err, "Warning: -chain option ignored with -nocerts\n"); - } - - if (!(options & NOKEYS)) { - key = load_key(keyname ? keyname : infile, - FORMAT_PEM, 1, passin, e, - keyname ? - "private key from -inkey file" : - "private key from -in file"); - if (key == NULL) - goto export_end; - } - - /* Load all certs in input file */ - if (!(options & NOCERTS)) { - if (!load_certs(infile, 1, &certs, passin, - "certificates from -in file")) - goto export_end; - if (sk_X509_num(certs) < 1) { - BIO_printf(bio_err, "No certificate in -in file %s\n", infile); - goto export_end; - } - - if (key != NULL) { - /* Look for matching private key */ - for (i = 0; i < sk_X509_num(certs); i++) { - x = sk_X509_value(certs, i); - if (X509_check_private_key(x, key)) { - ee_cert = x; - /* Zero keyid and alias */ - X509_keyid_set1(ee_cert, NULL, 0); - X509_alias_set1(ee_cert, NULL, 0); - /* Remove from list */ - (void)sk_X509_delete(certs, i); - break; - } - } - if (ee_cert == NULL) { - BIO_printf(bio_err, - "No cert in -in file '%s' matches private key\n", - infile); - goto export_end; - } - } - } - - /* Load any untrusted certificates for chain building */ - if (untrusted != NULL) { - if (!load_certs(untrusted, 0, &untrusted_certs, passcerts, - "untrusted certificates")) - goto export_end; - } - - /* If chaining get chain from end entity cert */ - if (chain) { - int vret; - STACK_OF(X509) *chain2; - X509_STORE *store; - X509 *ee_cert_tmp = ee_cert; - - /* Assume the first cert if we haven't got anything else */ - if (ee_cert_tmp == NULL && certs != NULL) - ee_cert_tmp = sk_X509_value(certs, 0); - - if (ee_cert_tmp == NULL) { - BIO_printf(bio_err, - "No end entity certificate to check with -chain\n"); - goto export_end; - } - - if ((store = setup_verify(CAfile, noCAfile, CApath, noCApath, - CAstore, noCAstore)) - == NULL) - goto export_end; - - vret = get_cert_chain(ee_cert_tmp, store, untrusted_certs, &chain2); - X509_STORE_free(store); - - if (vret == X509_V_OK) { - int add_certs; - /* Remove from chain2 the first (end entity) certificate */ - X509_free(sk_X509_shift(chain2)); - /* Add the remaining certs (except for duplicates) */ - add_certs = X509_add_certs(certs, chain2, X509_ADD_FLAG_UP_REF - | X509_ADD_FLAG_NO_DUP); - sk_X509_pop_free(chain2, X509_free); - if (!add_certs) - goto export_end; - } else { - if (vret != X509_V_ERR_UNSPECIFIED) - BIO_printf(bio_err, "Error getting chain: %s\n", - X509_verify_cert_error_string(vret)); - goto export_end; - } - } - - /* Add any extra certificates asked for */ - if (certfile != NULL) { - if (!load_certs(certfile, 0, &certs, passcerts, - "extra certificates from -certfile")) - goto export_end; - } - - /* Add any CA names */ - for (i = 0; i < sk_OPENSSL_STRING_num(canames); i++) { - catmp = (unsigned char *)sk_OPENSSL_STRING_value(canames, i); - X509_alias_set1(sk_X509_value(certs, i), catmp, -1); - } - - if (csp_name != NULL && key != NULL) - EVP_PKEY_add1_attr_by_NID(key, NID_ms_csp_name, - MBSTRING_ASC, (unsigned char *)csp_name, - -1); - - if (add_lmk && key != NULL) - EVP_PKEY_add1_attr_by_NID(key, NID_LocalKeySet, 0, NULL, -1); - - if (!noprompt && !(enc == NULL && maciter == -1)) { - /* To avoid bit rot */ - if (1) { -#ifndef OPENSSL_NO_UI_CONSOLE - if (EVP_read_pw_string(pass, sizeof(pass), - "Enter Export Password:", 1)) { - BIO_printf(bio_err, "Can't read Password\n"); - goto export_end; - } - } else { -#endif - BIO_printf(bio_err, "Password required\n"); - goto export_end; - } - } - - if (!twopass) - OPENSSL_strlcpy(macpass, pass, sizeof(macpass)); - - p12 = PKCS12_create_ex(cpass, name, key, ee_cert, certs, - key_pbe, cert_pbe, iter, -1, keytype, - app_get0_libctx(), app_get0_propq()); - - if (p12 == NULL) { - BIO_printf(bio_err, "Error creating PKCS12 structure for %s\n", - outfile); - goto export_end; - } - - if (macalg != NULL) { - if (!opt_md(macalg, &macmd)) - goto opthelp; - } - - if (maciter != -1) - if (!PKCS12_set_mac(p12, mpass, -1, NULL, 0, maciter, macmd)) { - BIO_printf(bio_err, "Error creating PKCS12 MAC; no PKCS12KDF support?\n"); - BIO_printf(bio_err, "Use -nomac if MAC not required and PKCS12KDF support not available.\n"); - goto export_end; - } - - assert(private); - - out = bio_open_owner(outfile, FORMAT_PKCS12, private); - if (out == NULL) - goto end; - - i2d_PKCS12_bio(out, p12); - - ret = 0; - - export_end: - - EVP_PKEY_free(key); - EVP_MD_free(macmd); - sk_X509_pop_free(certs, X509_free); - sk_X509_pop_free(untrusted_certs, X509_free); - X509_free(ee_cert); - - ERR_print_errors(bio_err); - goto end; - - } - - in = bio_open_default(infile, 'r', FORMAT_PKCS12); - if (in == NULL) - goto end; - out = bio_open_owner(outfile, FORMAT_PEM, private); - if (out == NULL) - goto end; - - p12 = PKCS12_init_ex(NID_pkcs7_data, app_get0_libctx(), app_get0_propq()); - if (p12 == NULL) { - ERR_print_errors(bio_err); - goto end; - } - if ((p12 = d2i_PKCS12_bio(in, &p12)) == NULL) { - ERR_print_errors(bio_err); - goto end; - } - - if (!noprompt) { - if (1) { -#ifndef OPENSSL_NO_UI_CONSOLE - if (EVP_read_pw_string(pass, sizeof(pass), "Enter Import Password:", - 0)) { - BIO_printf(bio_err, "Can't read Password\n"); - goto end; - } - } else { -#endif - BIO_printf(bio_err, "Password required\n"); - goto end; - } - } - - if (!twopass) - OPENSSL_strlcpy(macpass, pass, sizeof(macpass)); - - if ((options & INFO) && PKCS12_mac_present(p12)) { - const ASN1_INTEGER *tmaciter; - const X509_ALGOR *macalgid; - const ASN1_OBJECT *macobj; - const ASN1_OCTET_STRING *tmac; - const ASN1_OCTET_STRING *tsalt; - - PKCS12_get0_mac(&tmac, &macalgid, &tsalt, &tmaciter, p12); - /* current hash algorithms do not use parameters so extract just name, - in future alg_print() may be needed */ - X509_ALGOR_get0(&macobj, NULL, NULL, macalgid); - BIO_puts(bio_err, "MAC: "); - i2a_ASN1_OBJECT(bio_err, macobj); - BIO_printf(bio_err, ", Iteration %ld\n", - tmaciter != NULL ? ASN1_INTEGER_get(tmaciter) : 1L); - BIO_printf(bio_err, "MAC length: %ld, salt length: %ld\n", - tmac != NULL ? ASN1_STRING_length(tmac) : 0L, - tsalt != NULL ? ASN1_STRING_length(tsalt) : 0L); - } - if (macver) { - EVP_KDF *pkcs12kdf; - - pkcs12kdf = EVP_KDF_fetch(app_get0_libctx(), "PKCS12KDF", - app_get0_propq()); - if (pkcs12kdf == NULL) { - BIO_printf(bio_err, "Error verifying PKCS12 MAC; no PKCS12KDF support.\n"); - BIO_printf(bio_err, "Use -nomacver if MAC verification is not required.\n"); - goto end; - } - EVP_KDF_free(pkcs12kdf); - /* If we enter empty password try no password first */ - if (!mpass[0] && PKCS12_verify_mac(p12, NULL, 0)) { - /* If mac and crypto pass the same set it to NULL too */ - if (!twopass) - cpass = NULL; - } else if (!PKCS12_verify_mac(p12, mpass, -1)) { - /* - * May be UTF8 from previous version of OpenSSL: - * convert to a UTF8 form which will translate - * to the same Unicode password. - */ - unsigned char *utmp; - int utmplen; - unsigned long err = ERR_peek_error(); - - if (ERR_GET_LIB(err) == ERR_LIB_PKCS12 - && ERR_GET_REASON(err) == PKCS12_R_MAC_ABSENT) { - BIO_printf(bio_err, "Warning: MAC is absent!\n"); - goto dump; - } - - utmp = OPENSSL_asc2uni(mpass, -1, NULL, &utmplen); - if (utmp == NULL) - goto end; - badpass = OPENSSL_uni2utf8(utmp, utmplen); - OPENSSL_free(utmp); - if (!PKCS12_verify_mac(p12, badpass, -1)) { - BIO_printf(bio_err, "Mac verify error: invalid password?\n"); - ERR_print_errors(bio_err); - goto end; - } else { - BIO_printf(bio_err, "Warning: using broken algorithm\n"); - if (!twopass) - cpass = badpass; - } - } - } - - dump: - assert(private); - if (!dump_certs_keys_p12(out, p12, cpass, -1, options, passout, enc)) { - BIO_printf(bio_err, "Error outputting keys and certificates\n"); - ERR_print_errors(bio_err); - goto end; - } - ret = 0; - end: - PKCS12_free(p12); - release_engine(e); - BIO_free(in); - BIO_free_all(out); - sk_OPENSSL_STRING_free(canames); - OPENSSL_free(badpass); - OPENSSL_free(passcerts); - OPENSSL_free(passin); - OPENSSL_free(passout); - return ret; -} - -int dump_certs_keys_p12(BIO *out, const PKCS12 *p12, const char *pass, - int passlen, int options, char *pempass, - const EVP_CIPHER *enc) -{ - STACK_OF(PKCS7) *asafes = NULL; - STACK_OF(PKCS12_SAFEBAG) *bags; - int i, bagnid; - int ret = 0; - PKCS7 *p7; - - if ((asafes = PKCS12_unpack_authsafes(p12)) == NULL) - return 0; - for (i = 0; i < sk_PKCS7_num(asafes); i++) { - p7 = sk_PKCS7_value(asafes, i); - bagnid = OBJ_obj2nid(p7->type); - if (bagnid == NID_pkcs7_data) { - bags = PKCS12_unpack_p7data(p7); - if (options & INFO) - BIO_printf(bio_err, "PKCS7 Data\n"); - } else if (bagnid == NID_pkcs7_encrypted) { - if (options & INFO) { - BIO_printf(bio_err, "PKCS7 Encrypted data: "); - alg_print(p7->d.encrypted->enc_data->algorithm); - } - bags = PKCS12_unpack_p7encdata(p7, pass, passlen); - } else { - continue; - } - if (!bags) - goto err; - if (!dump_certs_pkeys_bags(out, bags, pass, passlen, - options, pempass, enc)) { - sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); - goto err; - } - sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); - bags = NULL; - } - ret = 1; - - err: - sk_PKCS7_pop_free(asafes, PKCS7_free); - return ret; -} - -int dump_certs_pkeys_bags(BIO *out, const STACK_OF(PKCS12_SAFEBAG) *bags, - const char *pass, int passlen, int options, - char *pempass, const EVP_CIPHER *enc) -{ - int i; - for (i = 0; i < sk_PKCS12_SAFEBAG_num(bags); i++) { - if (!dump_certs_pkeys_bag(out, - sk_PKCS12_SAFEBAG_value(bags, i), - pass, passlen, options, pempass, enc)) - return 0; - } - return 1; -} - -int dump_certs_pkeys_bag(BIO *out, const PKCS12_SAFEBAG *bag, - const char *pass, int passlen, int options, - char *pempass, const EVP_CIPHER *enc) -{ - EVP_PKEY *pkey; - PKCS8_PRIV_KEY_INFO *p8; - const PKCS8_PRIV_KEY_INFO *p8c; - X509 *x509; - const STACK_OF(X509_ATTRIBUTE) *attrs; - int ret = 0; - - attrs = PKCS12_SAFEBAG_get0_attrs(bag); - - switch (PKCS12_SAFEBAG_get_nid(bag)) { - case NID_keyBag: - if (options & INFO) - BIO_printf(bio_err, "Key bag\n"); - if (options & NOKEYS) - return 1; - print_attribs(out, attrs, "Bag Attributes"); - p8c = PKCS12_SAFEBAG_get0_p8inf(bag); - if ((pkey = EVP_PKCS82PKEY(p8c)) == NULL) - return 0; - print_attribs(out, PKCS8_pkey_get0_attrs(p8c), "Key Attributes"); - ret = PEM_write_bio_PrivateKey(out, pkey, enc, NULL, 0, NULL, pempass); - EVP_PKEY_free(pkey); - break; - - case NID_pkcs8ShroudedKeyBag: - if (options & INFO) { - const X509_SIG *tp8; - const X509_ALGOR *tp8alg; - - BIO_printf(bio_err, "Shrouded Keybag: "); - tp8 = PKCS12_SAFEBAG_get0_pkcs8(bag); - X509_SIG_get0(tp8, &tp8alg, NULL); - alg_print(tp8alg); - } - if (options & NOKEYS) - return 1; - print_attribs(out, attrs, "Bag Attributes"); - if ((p8 = PKCS12_decrypt_skey(bag, pass, passlen)) == NULL) - return 0; - if ((pkey = EVP_PKCS82PKEY(p8)) == NULL) { - PKCS8_PRIV_KEY_INFO_free(p8); - return 0; - } - print_attribs(out, PKCS8_pkey_get0_attrs(p8), "Key Attributes"); - PKCS8_PRIV_KEY_INFO_free(p8); - ret = PEM_write_bio_PrivateKey(out, pkey, enc, NULL, 0, NULL, pempass); - EVP_PKEY_free(pkey); - break; - - case NID_certBag: - if (options & INFO) - BIO_printf(bio_err, "Certificate bag\n"); - if (options & NOCERTS) - return 1; - if (PKCS12_SAFEBAG_get0_attr(bag, NID_localKeyID)) { - if (options & CACERTS) - return 1; - } else if (options & CLCERTS) - return 1; - print_attribs(out, attrs, "Bag Attributes"); - if (PKCS12_SAFEBAG_get_bag_nid(bag) != NID_x509Certificate) - return 1; - if ((x509 = PKCS12_SAFEBAG_get1_cert(bag)) == NULL) - return 0; - dump_cert_text(out, x509); - ret = PEM_write_bio_X509(out, x509); - X509_free(x509); - break; - - case NID_secretBag: - if (options & INFO) - BIO_printf(bio_err, "Secret bag\n"); - print_attribs(out, attrs, "Bag Attributes"); - BIO_printf(bio_err, "Bag Type: "); - i2a_ASN1_OBJECT(bio_err, PKCS12_SAFEBAG_get0_bag_type(bag)); - BIO_printf(bio_err, "\nBag Value: "); - print_attribute(out, PKCS12_SAFEBAG_get0_bag_obj(bag)); - return 1; - - case NID_safeContentsBag: - if (options & INFO) - BIO_printf(bio_err, "Safe Contents bag\n"); - print_attribs(out, attrs, "Bag Attributes"); - return dump_certs_pkeys_bags(out, PKCS12_SAFEBAG_get0_safes(bag), - pass, passlen, options, pempass, enc); - - default: - BIO_printf(bio_err, "Warning unsupported bag type: "); - i2a_ASN1_OBJECT(bio_err, PKCS12_SAFEBAG_get0_type(bag)); - BIO_printf(bio_err, "\n"); - return 1; - } - return ret; -} - -/* Given a single certificate return a verified chain or NULL if error */ - -static int get_cert_chain(X509 *cert, X509_STORE *store, - STACK_OF(X509) *untrusted_certs, - STACK_OF(X509) **chain) -{ - X509_STORE_CTX *store_ctx = NULL; - STACK_OF(X509) *chn = NULL; - int i = 0; - - store_ctx = X509_STORE_CTX_new_ex(app_get0_libctx(), app_get0_propq()); - if (store_ctx == NULL) { - i = X509_V_ERR_UNSPECIFIED; - goto end; - } - if (!X509_STORE_CTX_init(store_ctx, store, cert, untrusted_certs)) { - i = X509_V_ERR_UNSPECIFIED; - goto end; - } - - - if (X509_verify_cert(store_ctx) > 0) - chn = X509_STORE_CTX_get1_chain(store_ctx); - else if ((i = X509_STORE_CTX_get_error(store_ctx)) == 0) - i = X509_V_ERR_UNSPECIFIED; - -end: - X509_STORE_CTX_free(store_ctx); - *chain = chn; - return i; -} - -static int alg_print(const X509_ALGOR *alg) -{ - int pbenid, aparamtype; - const ASN1_OBJECT *aoid; - const void *aparam; - PBEPARAM *pbe = NULL; - - X509_ALGOR_get0(&aoid, &aparamtype, &aparam, alg); - - pbenid = OBJ_obj2nid(aoid); - - BIO_printf(bio_err, "%s", OBJ_nid2ln(pbenid)); - - /* - * If PBE algorithm is PBES2 decode algorithm parameters - * for additional details. - */ - if (pbenid == NID_pbes2) { - PBE2PARAM *pbe2 = NULL; - int encnid; - if (aparamtype == V_ASN1_SEQUENCE) - pbe2 = ASN1_item_unpack(aparam, ASN1_ITEM_rptr(PBE2PARAM)); - if (pbe2 == NULL) { - BIO_puts(bio_err, ", "); - goto done; - } - X509_ALGOR_get0(&aoid, &aparamtype, &aparam, pbe2->keyfunc); - pbenid = OBJ_obj2nid(aoid); - X509_ALGOR_get0(&aoid, NULL, NULL, pbe2->encryption); - encnid = OBJ_obj2nid(aoid); - BIO_printf(bio_err, ", %s, %s", OBJ_nid2ln(pbenid), - OBJ_nid2sn(encnid)); - /* If KDF is PBKDF2 decode parameters */ - if (pbenid == NID_id_pbkdf2) { - PBKDF2PARAM *kdf = NULL; - int prfnid; - if (aparamtype == V_ASN1_SEQUENCE) - kdf = ASN1_item_unpack(aparam, ASN1_ITEM_rptr(PBKDF2PARAM)); - if (kdf == NULL) { - BIO_puts(bio_err, ", "); - goto done; - } - - if (kdf->prf == NULL) { - prfnid = NID_hmacWithSHA1; - } else { - X509_ALGOR_get0(&aoid, NULL, NULL, kdf->prf); - prfnid = OBJ_obj2nid(aoid); - } - BIO_printf(bio_err, ", Iteration %ld, PRF %s", - ASN1_INTEGER_get(kdf->iter), OBJ_nid2sn(prfnid)); - PBKDF2PARAM_free(kdf); -#ifndef OPENSSL_NO_SCRYPT - } else if (pbenid == NID_id_scrypt) { - SCRYPT_PARAMS *kdf = NULL; - - if (aparamtype == V_ASN1_SEQUENCE) - kdf = ASN1_item_unpack(aparam, ASN1_ITEM_rptr(SCRYPT_PARAMS)); - if (kdf == NULL) { - BIO_puts(bio_err, ", "); - goto done; - } - BIO_printf(bio_err, ", Salt length: %d, Cost(N): %ld, " - "Block size(r): %ld, Parallelism(p): %ld", - ASN1_STRING_length(kdf->salt), - ASN1_INTEGER_get(kdf->costParameter), - ASN1_INTEGER_get(kdf->blockSize), - ASN1_INTEGER_get(kdf->parallelizationParameter)); - SCRYPT_PARAMS_free(kdf); -#endif - } - PBE2PARAM_free(pbe2); - } else { - if (aparamtype == V_ASN1_SEQUENCE) - pbe = ASN1_item_unpack(aparam, ASN1_ITEM_rptr(PBEPARAM)); - if (pbe == NULL) { - BIO_puts(bio_err, ", "); - goto done; - } - BIO_printf(bio_err, ", Iteration %ld", ASN1_INTEGER_get(pbe->iter)); - PBEPARAM_free(pbe); - } - done: - BIO_puts(bio_err, "\n"); - return 1; -} - -/* Load all certificates from a given file */ - -int cert_load(BIO *in, STACK_OF(X509) *sk) -{ - int ret = 0; - X509 *cert; - - while ((cert = PEM_read_bio_X509(in, NULL, NULL, NULL))) { - ret = 1; - if (!sk_X509_push(sk, cert)) - return 0; - } - if (ret) - ERR_clear_error(); - return ret; -} - -/* Generalised x509 attribute value print */ - -void print_attribute(BIO *out, const ASN1_TYPE *av) -{ - char *value; - - switch (av->type) { - case V_ASN1_BMPSTRING: - value = OPENSSL_uni2asc(av->value.bmpstring->data, - av->value.bmpstring->length); - BIO_printf(out, "%s\n", value); - OPENSSL_free(value); - break; - - case V_ASN1_UTF8STRING: - BIO_printf(out, "%.*s\n", av->value.utf8string->length, - av->value.utf8string->data); - break; - - case V_ASN1_OCTET_STRING: - hex_prin(out, av->value.octet_string->data, - av->value.octet_string->length); - BIO_printf(out, "\n"); - break; - - case V_ASN1_BIT_STRING: - hex_prin(out, av->value.bit_string->data, - av->value.bit_string->length); - BIO_printf(out, "\n"); - break; - - default: - BIO_printf(out, "\n", av->type); - break; - } -} - -/* Generalised attribute print: handle PKCS#8 and bag attributes */ - -int print_attribs(BIO *out, const STACK_OF(X509_ATTRIBUTE) *attrlst, - const char *name) -{ - X509_ATTRIBUTE *attr; - ASN1_TYPE *av; - int i, j, attr_nid; - if (!attrlst) { - BIO_printf(out, "%s: \n", name); - return 1; - } - if (!sk_X509_ATTRIBUTE_num(attrlst)) { - BIO_printf(out, "%s: \n", name); - return 1; - } - BIO_printf(out, "%s\n", name); - for (i = 0; i < sk_X509_ATTRIBUTE_num(attrlst); i++) { - ASN1_OBJECT *attr_obj; - attr = sk_X509_ATTRIBUTE_value(attrlst, i); - attr_obj = X509_ATTRIBUTE_get0_object(attr); - attr_nid = OBJ_obj2nid(attr_obj); - BIO_printf(out, " "); - if (attr_nid == NID_undef) { - i2a_ASN1_OBJECT(out, attr_obj); - BIO_printf(out, ": "); - } else { - BIO_printf(out, "%s: ", OBJ_nid2ln(attr_nid)); - } - - if (X509_ATTRIBUTE_count(attr)) { - for (j = 0; j < X509_ATTRIBUTE_count(attr); j++) - { - av = X509_ATTRIBUTE_get0_type(attr, j); - print_attribute(out, av); - } - } else { - BIO_printf(out, "\n"); - } - } - return 1; -} - -void hex_prin(BIO *out, unsigned char *buf, int len) -{ - int i; - for (i = 0; i < len; i++) - BIO_printf(out, "%02X ", buf[i]); -} - -static int set_pbe(int *ppbe, const char *str) -{ - if (!str) - return 0; - if (strcmp(str, "NONE") == 0) { - *ppbe = -1; - return 1; - } - *ppbe = OBJ_txt2nid(str); - if (*ppbe == NID_undef) { - BIO_printf(bio_err, "Unknown PBE algorithm %s\n", str); - return 0; - } - return 1; -} diff --git a/apps/pkcs7.c b/apps/pkcs7.c deleted file mode 100644 index ba11e8151ae931f57f569db5f625d89222556e0a..0000000000000000000000000000000000000000 --- a/apps/pkcs7.c +++ /dev/null @@ -1,220 +0,0 @@ -/* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include -#include "apps.h" -#include "progs.h" -#include -#include -#include -#include -#include -#include - -typedef enum OPTION_choice { - OPT_COMMON, - OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, OPT_NOOUT, - OPT_TEXT, OPT_PRINT, OPT_PRINT_CERTS, OPT_ENGINE, - OPT_PROV_ENUM -} OPTION_CHOICE; - -const OPTIONS pkcs7_options[] = { - OPT_SECTION("General"), - {"help", OPT_HELP, '-', "Display this summary"}, -#ifndef OPENSSL_NO_ENGINE - {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, -#endif - - OPT_SECTION("Input"), - {"in", OPT_IN, '<', "Input file"}, - {"inform", OPT_INFORM, 'F', "Input format - DER or PEM"}, - - OPT_SECTION("Output"), - {"outform", OPT_OUTFORM, 'F', "Output format - DER or PEM"}, - {"out", OPT_OUT, '>', "Output file"}, - {"noout", OPT_NOOUT, '-', "Don't output encoded data"}, - {"text", OPT_TEXT, '-', "Print full details of certificates"}, - {"print", OPT_PRINT, '-', "Print out all fields of the PKCS7 structure"}, - {"print_certs", OPT_PRINT_CERTS, '-', - "Print_certs print any certs or crl in the input"}, - - OPT_PROV_OPTIONS, - {NULL} -}; - -int pkcs7_main(int argc, char **argv) -{ - ENGINE *e = NULL; - PKCS7 *p7 = NULL, *p7i; - BIO *in = NULL, *out = NULL; - int informat = FORMAT_PEM, outformat = FORMAT_PEM; - char *infile = NULL, *outfile = NULL, *prog; - int i, print_certs = 0, text = 0, noout = 0, p7_print = 0, ret = 1; - OPTION_CHOICE o; - OSSL_LIB_CTX *libctx = app_get0_libctx(); - - prog = opt_init(argc, argv, pkcs7_options); - while ((o = opt_next()) != OPT_EOF) { - switch (o) { - case OPT_EOF: - case OPT_ERR: - opthelp: - BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); - goto end; - case OPT_HELP: - opt_help(pkcs7_options); - ret = 0; - goto end; - case OPT_INFORM: - if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &informat)) - goto opthelp; - break; - case OPT_OUTFORM: - if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &outformat)) - goto opthelp; - break; - case OPT_IN: - infile = opt_arg(); - break; - case OPT_OUT: - outfile = opt_arg(); - break; - case OPT_NOOUT: - noout = 1; - break; - case OPT_TEXT: - text = 1; - break; - case OPT_PRINT: - p7_print = 1; - break; - case OPT_PRINT_CERTS: - print_certs = 1; - break; - case OPT_ENGINE: - e = setup_engine(opt_arg(), 0); - break; - case OPT_PROV_CASES: - if (!opt_provider(o)) - goto end; - break; - } - } - - /* No extra arguments. */ - argc = opt_num_rest(); - if (argc != 0) - goto opthelp; - - in = bio_open_default(infile, 'r', informat); - if (in == NULL) - goto end; - - p7 = PKCS7_new_ex(libctx, app_get0_propq()); - if (p7 == NULL) { - BIO_printf(bio_err, "unable to allocate PKCS7 object\n"); - ERR_print_errors(bio_err); - goto end; - } - - if (informat == FORMAT_ASN1) - p7i = d2i_PKCS7_bio(in, &p7); - else - p7i = PEM_read_bio_PKCS7(in, &p7, NULL, NULL); - if (p7i == NULL) { - BIO_printf(bio_err, "unable to load PKCS7 object\n"); - ERR_print_errors(bio_err); - goto end; - } - - out = bio_open_default(outfile, 'w', outformat); - if (out == NULL) - goto end; - - if (p7_print) - PKCS7_print_ctx(out, p7, 0, NULL); - - if (print_certs) { - STACK_OF(X509) *certs = NULL; - STACK_OF(X509_CRL) *crls = NULL; - - i = OBJ_obj2nid(p7->type); - switch (i) { - case NID_pkcs7_signed: - if (p7->d.sign != NULL) { - certs = p7->d.sign->cert; - crls = p7->d.sign->crl; - } - break; - case NID_pkcs7_signedAndEnveloped: - if (p7->d.signed_and_enveloped != NULL) { - certs = p7->d.signed_and_enveloped->cert; - crls = p7->d.signed_and_enveloped->crl; - } - break; - default: - break; - } - - if (certs != NULL) { - X509 *x; - - for (i = 0; i < sk_X509_num(certs); i++) { - x = sk_X509_value(certs, i); - if (text) - X509_print(out, x); - else - dump_cert_text(out, x); - - if (!noout) - PEM_write_bio_X509(out, x); - BIO_puts(out, "\n"); - } - } - if (crls != NULL) { - X509_CRL *crl; - - for (i = 0; i < sk_X509_CRL_num(crls); i++) { - crl = sk_X509_CRL_value(crls, i); - - X509_CRL_print_ex(out, crl, get_nameopt()); - - if (!noout) - PEM_write_bio_X509_CRL(out, crl); - BIO_puts(out, "\n"); - } - } - - ret = 0; - goto end; - } - - if (!noout) { - if (outformat == FORMAT_ASN1) - i = i2d_PKCS7_bio(out, p7); - else - i = PEM_write_bio_PKCS7(out, p7); - - if (!i) { - BIO_printf(bio_err, "unable to write pkcs7 object\n"); - ERR_print_errors(bio_err); - goto end; - } - } - ret = 0; - end: - PKCS7_free(p7); - release_engine(e); - BIO_free(in); - BIO_free_all(out); - return ret; -} diff --git a/apps/pkcs8.c b/apps/pkcs8.c deleted file mode 100644 index 6b09b909eb7a0f03d55cf737a03c2c2dfd1956ea..0000000000000000000000000000000000000000 --- a/apps/pkcs8.c +++ /dev/null @@ -1,381 +0,0 @@ -/* - * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include "apps.h" -#include "progs.h" -#include -#include -#include -#include - -typedef enum OPTION_choice { - OPT_COMMON, - OPT_INFORM, OPT_OUTFORM, OPT_ENGINE, OPT_IN, OPT_OUT, - OPT_TOPK8, OPT_NOITER, OPT_NOCRYPT, -#ifndef OPENSSL_NO_SCRYPT - OPT_SCRYPT, OPT_SCRYPT_N, OPT_SCRYPT_R, OPT_SCRYPT_P, -#endif - OPT_V2, OPT_V1, OPT_V2PRF, OPT_ITER, OPT_PASSIN, OPT_PASSOUT, - OPT_TRADITIONAL, - OPT_R_ENUM, OPT_PROV_ENUM -} OPTION_CHOICE; - -const OPTIONS pkcs8_options[] = { - OPT_SECTION("General"), - {"help", OPT_HELP, '-', "Display this summary"}, -#ifndef OPENSSL_NO_ENGINE - {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, -#endif - {"v1", OPT_V1, 's', "Use PKCS#5 v1.5 and cipher"}, - {"v2", OPT_V2, 's', "Use PKCS#5 v2.0 and cipher"}, - {"v2prf", OPT_V2PRF, 's', "Set the PRF algorithm to use with PKCS#5 v2.0"}, - - OPT_SECTION("Input"), - {"in", OPT_IN, '<', "Input file"}, - {"inform", OPT_INFORM, 'F', "Input format (DER or PEM)"}, - {"passin", OPT_PASSIN, 's', "Input file pass phrase source"}, - {"nocrypt", OPT_NOCRYPT, '-', "Use or expect unencrypted private key"}, - - OPT_SECTION("Output"), - {"out", OPT_OUT, '>', "Output file"}, - {"outform", OPT_OUTFORM, 'F', "Output format (DER or PEM)"}, - {"topk8", OPT_TOPK8, '-', "Output PKCS8 file"}, - {"passout", OPT_PASSOUT, 's', "Output file pass phrase source"}, - {"traditional", OPT_TRADITIONAL, '-', "use traditional format private key"}, - {"iter", OPT_ITER, 'p', "Specify the iteration count"}, - {"noiter", OPT_NOITER, '-', "Use 1 as iteration count"}, - -#ifndef OPENSSL_NO_SCRYPT - OPT_SECTION("Scrypt"), - {"scrypt", OPT_SCRYPT, '-', "Use scrypt algorithm"}, - {"scrypt_N", OPT_SCRYPT_N, 's', "Set scrypt N parameter"}, - {"scrypt_r", OPT_SCRYPT_R, 's', "Set scrypt r parameter"}, - {"scrypt_p", OPT_SCRYPT_P, 's', "Set scrypt p parameter"}, -#endif - - OPT_R_OPTIONS, - OPT_PROV_OPTIONS, - {NULL} -}; - -int pkcs8_main(int argc, char **argv) -{ - BIO *in = NULL, *out = NULL; - ENGINE *e = NULL; - EVP_PKEY *pkey = NULL; - PKCS8_PRIV_KEY_INFO *p8inf = NULL; - X509_SIG *p8 = NULL; - EVP_CIPHER *cipher = NULL; - char *infile = NULL, *outfile = NULL, *ciphername = NULL; - char *passinarg = NULL, *passoutarg = NULL, *prog; -#ifndef OPENSSL_NO_UI_CONSOLE - char pass[APP_PASS_LEN]; -#endif - char *passin = NULL, *passout = NULL, *p8pass = NULL; - OPTION_CHOICE o; - int nocrypt = 0, ret = 1, iter = PKCS12_DEFAULT_ITER; - int informat = FORMAT_UNDEF, outformat = FORMAT_PEM, topk8 = 0, pbe_nid = -1; - int private = 0, traditional = 0; -#ifndef OPENSSL_NO_SCRYPT - long scrypt_N = 0, scrypt_r = 0, scrypt_p = 0; -#endif - - prog = opt_init(argc, argv, pkcs8_options); - while ((o = opt_next()) != OPT_EOF) { - switch (o) { - case OPT_EOF: - case OPT_ERR: - opthelp: - BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); - goto end; - case OPT_HELP: - opt_help(pkcs8_options); - ret = 0; - goto end; - case OPT_INFORM: - if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &informat)) - goto opthelp; - break; - case OPT_IN: - infile = opt_arg(); - break; - case OPT_OUTFORM: - if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &outformat)) - goto opthelp; - break; - case OPT_OUT: - outfile = opt_arg(); - break; - case OPT_TOPK8: - topk8 = 1; - break; - case OPT_NOITER: - iter = 1; - break; - case OPT_NOCRYPT: - nocrypt = 1; - break; - case OPT_R_CASES: - if (!opt_rand(o)) - goto end; - break; - case OPT_PROV_CASES: - if (!opt_provider(o)) - goto end; - break; - case OPT_TRADITIONAL: - traditional = 1; - break; - case OPT_V2: - ciphername = opt_arg(); - break; - case OPT_V1: - pbe_nid = OBJ_txt2nid(opt_arg()); - if (pbe_nid == NID_undef) { - BIO_printf(bio_err, - "%s: Unknown PBE algorithm %s\n", prog, opt_arg()); - goto opthelp; - } - break; - case OPT_V2PRF: - pbe_nid = OBJ_txt2nid(opt_arg()); - if (!EVP_PBE_find(EVP_PBE_TYPE_PRF, pbe_nid, NULL, NULL, 0)) { - BIO_printf(bio_err, - "%s: Unknown PRF algorithm %s\n", prog, opt_arg()); - goto opthelp; - } - if (cipher == NULL) - cipher = (EVP_CIPHER *)EVP_aes_256_cbc(); - break; - case OPT_ITER: - iter = opt_int_arg(); - break; - case OPT_PASSIN: - passinarg = opt_arg(); - break; - case OPT_PASSOUT: - passoutarg = opt_arg(); - break; - case OPT_ENGINE: - e = setup_engine(opt_arg(), 0); - break; -#ifndef OPENSSL_NO_SCRYPT - case OPT_SCRYPT: - scrypt_N = 16384; - scrypt_r = 8; - scrypt_p = 1; - if (cipher == NULL) - cipher = (EVP_CIPHER *)EVP_aes_256_cbc(); - break; - case OPT_SCRYPT_N: - if (!opt_long(opt_arg(), &scrypt_N) || scrypt_N <= 0) - goto opthelp; - break; - case OPT_SCRYPT_R: - if (!opt_long(opt_arg(), &scrypt_r) || scrypt_r <= 0) - goto opthelp; - break; - case OPT_SCRYPT_P: - if (!opt_long(opt_arg(), &scrypt_p) || scrypt_p <= 0) - goto opthelp; - break; -#endif - } - } - - /* No extra arguments. */ - argc = opt_num_rest(); - if (argc != 0) - goto opthelp; - - private = 1; - if (!app_RAND_load()) - goto end; - - if (ciphername != NULL) { - if (!opt_cipher(ciphername, &cipher)) - goto opthelp; - } - - if (!app_passwd(passinarg, passoutarg, &passin, &passout)) { - BIO_printf(bio_err, "Error getting passwords\n"); - goto end; - } - - if ((pbe_nid == -1) && cipher == NULL) - cipher = (EVP_CIPHER *)EVP_aes_256_cbc(); - - in = bio_open_default(infile, 'r', - informat == FORMAT_UNDEF ? FORMAT_PEM : informat); - if (in == NULL) - goto end; - out = bio_open_owner(outfile, outformat, private); - if (out == NULL) - goto end; - - if (topk8) { - pkey = load_key(infile, informat, 1, passin, e, "key"); - if (pkey == NULL) - goto end; - if ((p8inf = EVP_PKEY2PKCS8(pkey)) == NULL) { - BIO_printf(bio_err, "Error converting key\n"); - ERR_print_errors(bio_err); - goto end; - } - if (nocrypt) { - assert(private); - if (outformat == FORMAT_PEM) { - PEM_write_bio_PKCS8_PRIV_KEY_INFO(out, p8inf); - } else if (outformat == FORMAT_ASN1) { - i2d_PKCS8_PRIV_KEY_INFO_bio(out, p8inf); - } else { - BIO_printf(bio_err, "Bad format specified for key\n"); - goto end; - } - } else { - X509_ALGOR *pbe; - if (cipher) { -#ifndef OPENSSL_NO_SCRYPT - if (scrypt_N && scrypt_r && scrypt_p) - pbe = PKCS5_pbe2_set_scrypt(cipher, NULL, 0, NULL, - scrypt_N, scrypt_r, scrypt_p); - else -#endif - pbe = PKCS5_pbe2_set_iv(cipher, iter, NULL, 0, NULL, - pbe_nid); - } else { - pbe = PKCS5_pbe_set(pbe_nid, iter, NULL, 0); - } - if (pbe == NULL) { - BIO_printf(bio_err, "Error setting PBE algorithm\n"); - ERR_print_errors(bio_err); - goto end; - } - if (passout != NULL) { - p8pass = passout; - } else if (1) { - /* To avoid bit rot */ -#ifndef OPENSSL_NO_UI_CONSOLE - p8pass = pass; - if (EVP_read_pw_string - (pass, sizeof(pass), "Enter Encryption Password:", 1)) { - X509_ALGOR_free(pbe); - goto end; - } - } else { -#endif - BIO_printf(bio_err, "Password required\n"); - goto end; - } - p8 = PKCS8_set0_pbe(p8pass, strlen(p8pass), p8inf, pbe); - if (p8 == NULL) { - X509_ALGOR_free(pbe); - BIO_printf(bio_err, "Error encrypting key\n"); - ERR_print_errors(bio_err); - goto end; - } - assert(private); - if (outformat == FORMAT_PEM) - PEM_write_bio_PKCS8(out, p8); - else if (outformat == FORMAT_ASN1) - i2d_PKCS8_bio(out, p8); - else { - BIO_printf(bio_err, "Bad format specified for key\n"); - goto end; - } - } - - ret = 0; - goto end; - } - - if (nocrypt) { - if (informat == FORMAT_PEM || informat == FORMAT_UNDEF) { - p8inf = PEM_read_bio_PKCS8_PRIV_KEY_INFO(in, NULL, NULL, NULL); - } else if (informat == FORMAT_ASN1) { - p8inf = d2i_PKCS8_PRIV_KEY_INFO_bio(in, NULL); - } else { - BIO_printf(bio_err, "Bad format specified for key\n"); - goto end; - } - } else { - if (informat == FORMAT_PEM || informat == FORMAT_UNDEF) { - p8 = PEM_read_bio_PKCS8(in, NULL, NULL, NULL); - } else if (informat == FORMAT_ASN1) { - p8 = d2i_PKCS8_bio(in, NULL); - } else { - BIO_printf(bio_err, "Bad format specified for key\n"); - goto end; - } - - if (p8 == NULL) { - BIO_printf(bio_err, "Error reading key\n"); - ERR_print_errors(bio_err); - goto end; - } - if (passin != NULL) { - p8pass = passin; - } else if (1) { -#ifndef OPENSSL_NO_UI_CONSOLE - p8pass = pass; - if (EVP_read_pw_string(pass, sizeof(pass), "Enter Password:", 0)) { - BIO_printf(bio_err, "Can't read Password\n"); - goto end; - } - } else { -#endif - BIO_printf(bio_err, "Password required\n"); - goto end; - } - p8inf = PKCS8_decrypt(p8, p8pass, strlen(p8pass)); - } - - if (p8inf == NULL) { - BIO_printf(bio_err, "Error decrypting key\n"); - ERR_print_errors(bio_err); - goto end; - } - - if ((pkey = EVP_PKCS82PKEY(p8inf)) == NULL) { - BIO_printf(bio_err, "Error converting key\n"); - ERR_print_errors(bio_err); - goto end; - } - - assert(private); - if (outformat == FORMAT_PEM) { - if (traditional) - PEM_write_bio_PrivateKey_traditional(out, pkey, NULL, NULL, 0, - NULL, passout); - else - PEM_write_bio_PrivateKey(out, pkey, NULL, NULL, 0, NULL, passout); - } else if (outformat == FORMAT_ASN1) { - i2d_PrivateKey_bio(out, pkey); - } else { - BIO_printf(bio_err, "Bad format specified for key\n"); - goto end; - } - ret = 0; - - end: - X509_SIG_free(p8); - PKCS8_PRIV_KEY_INFO_free(p8inf); - EVP_PKEY_free(pkey); - EVP_CIPHER_free(cipher); - release_engine(e); - BIO_free_all(out); - BIO_free(in); - OPENSSL_free(passin); - OPENSSL_free(passout); - - return ret; -} diff --git a/apps/pkey.c b/apps/pkey.c deleted file mode 100644 index fb3899b08ec841418ecf52d9d601652e522aad98..0000000000000000000000000000000000000000 --- a/apps/pkey.c +++ /dev/null @@ -1,332 +0,0 @@ -/* - * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include "apps.h" -#include "progs.h" -#include "ec_common.h" -#include -#include -#include -#include - -typedef enum OPTION_choice { - OPT_COMMON, - OPT_INFORM, OPT_OUTFORM, OPT_PASSIN, OPT_PASSOUT, OPT_ENGINE, - OPT_IN, OPT_OUT, OPT_PUBIN, OPT_PUBOUT, OPT_TEXT_PUB, - OPT_TEXT, OPT_NOOUT, OPT_CIPHER, OPT_TRADITIONAL, OPT_CHECK, OPT_PUB_CHECK, - OPT_EC_PARAM_ENC, OPT_EC_CONV_FORM, - OPT_PROV_ENUM -} OPTION_CHOICE; - -const OPTIONS pkey_options[] = { - OPT_SECTION("General"), - {"help", OPT_HELP, '-', "Display this summary"}, -#ifndef OPENSSL_NO_ENGINE - {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, -#endif - OPT_PROV_OPTIONS, - - {"check", OPT_CHECK, '-', "Check key consistency"}, - {"pubcheck", OPT_PUB_CHECK, '-', "Check public key consistency"}, - - OPT_SECTION("Input"), - {"in", OPT_IN, 's', "Input key"}, - {"inform", OPT_INFORM, 'f', - "Key input format (ENGINE, other values ignored)"}, - {"passin", OPT_PASSIN, 's', "Key input pass phrase source"}, - {"pubin", OPT_PUBIN, '-', - "Read only public components from key input"}, - - OPT_SECTION("Output"), - {"out", OPT_OUT, '>', "Output file for encoded and/or text output"}, - {"outform", OPT_OUTFORM, 'F', "Output encoding format (DER or PEM)"}, - {"", OPT_CIPHER, '-', "Any supported cipher to be used for encryption"}, - {"passout", OPT_PASSOUT, 's', "Output PEM file pass phrase source"}, - {"traditional", OPT_TRADITIONAL, '-', - "Use traditional format for private key PEM output"}, - {"pubout", OPT_PUBOUT, '-', "Restrict encoded output to public components"}, - {"noout", OPT_NOOUT, '-', "Do not output the key in encoded form"}, - {"text", OPT_TEXT, '-', "Output key components in plaintext"}, - {"text_pub", OPT_TEXT_PUB, '-', - "Output only public key components in text form"}, - {"ec_conv_form", OPT_EC_CONV_FORM, 's', - "Specifies the EC point conversion form in the encoding"}, - {"ec_param_enc", OPT_EC_PARAM_ENC, 's', - "Specifies the way the EC parameters are encoded"}, - - {NULL} -}; - -int pkey_main(int argc, char **argv) -{ - BIO *out = NULL; - ENGINE *e = NULL; - EVP_PKEY *pkey = NULL; - EVP_PKEY_CTX *ctx = NULL; - EVP_CIPHER *cipher = NULL; - char *infile = NULL, *outfile = NULL, *passin = NULL, *passout = NULL; - char *passinarg = NULL, *passoutarg = NULL, *ciphername = NULL, *prog; - OPTION_CHOICE o; - int informat = FORMAT_UNDEF, outformat = FORMAT_PEM; - int pubin = 0, pubout = 0, text_pub = 0, text = 0, noout = 0, ret = 1; - int private = 0, traditional = 0, check = 0, pub_check = 0; -#ifndef OPENSSL_NO_EC - char *asn1_encoding = NULL; - char *point_format = NULL; -#endif - - prog = opt_init(argc, argv, pkey_options); - while ((o = opt_next()) != OPT_EOF) { - switch (o) { - case OPT_EOF: - case OPT_ERR: - opthelp: - BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); - goto end; - case OPT_HELP: - opt_help(pkey_options); - ret = 0; - goto end; - case OPT_INFORM: - if (!opt_format(opt_arg(), OPT_FMT_ANY, &informat)) - goto opthelp; - break; - case OPT_OUTFORM: - if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &outformat)) - goto opthelp; - break; - case OPT_PASSIN: - passinarg = opt_arg(); - break; - case OPT_PASSOUT: - passoutarg = opt_arg(); - break; - case OPT_ENGINE: - e = setup_engine(opt_arg(), 0); - break; - case OPT_IN: - infile = opt_arg(); - break; - case OPT_OUT: - outfile = opt_arg(); - break; - case OPT_PUBIN: - pubin = pubout = 1; - break; - case OPT_PUBOUT: - pubout = 1; - break; - case OPT_TEXT_PUB: - text_pub = 1; - break; - case OPT_TEXT: - text = 1; - break; - case OPT_NOOUT: - noout = 1; - break; - case OPT_TRADITIONAL: - traditional = 1; - break; - case OPT_CHECK: - check = 1; - break; - case OPT_PUB_CHECK: - pub_check = 1; - break; - case OPT_CIPHER: - ciphername = opt_unknown(); - break; - case OPT_EC_CONV_FORM: -#ifdef OPENSSL_NO_EC - goto opthelp; -#else - point_format = opt_arg(); - if (!opt_string(point_format, point_format_options)) - goto opthelp; - break; -#endif - case OPT_EC_PARAM_ENC: -#ifdef OPENSSL_NO_EC - goto opthelp; -#else - asn1_encoding = opt_arg(); - if (!opt_string(asn1_encoding, asn1_encoding_options)) - goto opthelp; - break; -#endif - case OPT_PROV_CASES: - if (!opt_provider(o)) - goto end; - break; - } - } - - /* No extra arguments. */ - argc = opt_num_rest(); - if (argc != 0) - goto opthelp; - - if (text && text_pub) - BIO_printf(bio_err, - "Warning: The -text option is ignored with -text_pub\n"); - if (traditional && (noout || outformat != FORMAT_PEM)) - BIO_printf(bio_err, - "Warning: The -traditional is ignored since there is no PEM output\n"); - - /* -pubout and -text is the same as -text_pub */ - if (!text_pub && pubout && text) { - text = 0; - text_pub = 1; - } - - private = (!noout && !pubout) || (text && !text_pub); - - if (ciphername != NULL) { - if (!opt_cipher(ciphername, &cipher)) - goto opthelp; - } - if (cipher == NULL) { - if (passoutarg != NULL) - BIO_printf(bio_err, - "Warning: The -passout option is ignored without a cipher option\n"); - } else { - if (noout || outformat != FORMAT_PEM) { - BIO_printf(bio_err, - "Error: Cipher options are supported only for PEM output\n"); - goto end; - } - } - if (!app_passwd(passinarg, passoutarg, &passin, &passout)) { - BIO_printf(bio_err, "Error getting passwords\n"); - goto end; - } - - out = bio_open_owner(outfile, outformat, private); - if (out == NULL) - goto end; - - if (pubin) - pkey = load_pubkey(infile, informat, 1, passin, e, "Public Key"); - else - pkey = load_key(infile, informat, 1, passin, e, "key"); - if (pkey == NULL) - goto end; - -#ifndef OPENSSL_NO_EC - if (asn1_encoding != NULL || point_format != NULL) { - OSSL_PARAM params[3], *p = params; - - if (!EVP_PKEY_is_a(pkey, "EC")) - goto end; - - if (asn1_encoding != NULL) - *p++ = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_EC_ENCODING, - asn1_encoding, 0); - if (point_format != NULL) - *p++ = OSSL_PARAM_construct_utf8_string( - OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT, - point_format, 0); - *p = OSSL_PARAM_construct_end(); - if (EVP_PKEY_set_params(pkey, params) <= 0) - goto end; - } -#endif - - if (check || pub_check) { - int r; - - ctx = EVP_PKEY_CTX_new(pkey, e); - if (ctx == NULL) { - ERR_print_errors(bio_err); - goto end; - } - - if (check) - r = EVP_PKEY_check(ctx); - else - r = EVP_PKEY_public_check(ctx); - - if (r == 1) { - BIO_printf(out, "Key is valid\n"); - } else { - /* - * Note: at least for RSA keys if this function returns - * -1, there will be no error reasons. - */ - BIO_printf(bio_err, "Key is invalid\n"); - ERR_print_errors(bio_err); - goto end; - } - } - - if (!noout) { - if (outformat == FORMAT_PEM) { - if (pubout) { - if (!PEM_write_bio_PUBKEY(out, pkey)) - goto end; - } else { - assert(private); - if (traditional) { - if (!PEM_write_bio_PrivateKey_traditional(out, pkey, cipher, - NULL, 0, NULL, - passout)) - goto end; - } else { - if (!PEM_write_bio_PrivateKey(out, pkey, cipher, - NULL, 0, NULL, passout)) - goto end; - } - } - } else if (outformat == FORMAT_ASN1) { - if (text || text_pub) { - BIO_printf(bio_err, - "Error: Text output cannot be combined with DER output\n"); - goto end; - } - if (pubout) { - if (!i2d_PUBKEY_bio(out, pkey)) - goto end; - } else { - assert(private); - if (!i2d_PrivateKey_bio(out, pkey)) - goto end; - } - } else { - BIO_printf(bio_err, "Bad format specified for key\n"); - goto end; - } - } - - if (text_pub) { - if (EVP_PKEY_print_public(out, pkey, 0, NULL) <= 0) - goto end; - } else if (text) { - assert(private); - if (EVP_PKEY_print_private(out, pkey, 0, NULL) <= 0) - goto end; - } - - ret = 0; - - end: - if (ret != 0) - ERR_print_errors(bio_err); - EVP_PKEY_CTX_free(ctx); - EVP_PKEY_free(pkey); - EVP_CIPHER_free(cipher); - release_engine(e); - BIO_free_all(out); - OPENSSL_free(passin); - OPENSSL_free(passout); - - return ret; -} diff --git a/apps/pkeyparam.c b/apps/pkeyparam.c deleted file mode 100644 index b02882ccc296a7af0c9d1d756b3ab46ed33d0111..0000000000000000000000000000000000000000 --- a/apps/pkeyparam.c +++ /dev/null @@ -1,154 +0,0 @@ -/* - * Copyright 2006-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include "apps.h" -#include "progs.h" -#include -#include -#include - -typedef enum OPTION_choice { - OPT_COMMON, - OPT_IN, OPT_OUT, OPT_TEXT, OPT_NOOUT, - OPT_ENGINE, OPT_CHECK, - OPT_PROV_ENUM -} OPTION_CHOICE; - -const OPTIONS pkeyparam_options[] = { - OPT_SECTION("General"), - {"help", OPT_HELP, '-', "Display this summary"}, -#ifndef OPENSSL_NO_ENGINE - {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, -#endif - {"check", OPT_CHECK, '-', "Check key param consistency"}, - - OPT_SECTION("Input"), - {"in", OPT_IN, '<', "Input file"}, - - OPT_SECTION("Output"), - {"out", OPT_OUT, '>', "Output file"}, - {"text", OPT_TEXT, '-', "Print parameters as text"}, - {"noout", OPT_NOOUT, '-', "Don't output encoded parameters"}, - - OPT_PROV_OPTIONS, - {NULL} -}; - -int pkeyparam_main(int argc, char **argv) -{ - ENGINE *e = NULL; - BIO *in = NULL, *out = NULL; - EVP_PKEY *pkey = NULL; - EVP_PKEY_CTX *ctx = NULL; - int text = 0, noout = 0, ret = EXIT_FAILURE, check = 0, r; - OPTION_CHOICE o; - char *infile = NULL, *outfile = NULL, *prog; - - prog = opt_init(argc, argv, pkeyparam_options); - while ((o = opt_next()) != OPT_EOF) { - switch (o) { - case OPT_EOF: - case OPT_ERR: - opthelp: - BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); - goto end; - case OPT_HELP: - opt_help(pkeyparam_options); - ret = 0; - goto end; - case OPT_IN: - infile = opt_arg(); - break; - case OPT_OUT: - outfile = opt_arg(); - break; - case OPT_ENGINE: - e = setup_engine(opt_arg(), 0); - break; - case OPT_TEXT: - text = 1; - break; - case OPT_NOOUT: - noout = 1; - break; - case OPT_CHECK: - check = 1; - break; - case OPT_PROV_CASES: - if (!opt_provider(o)) - goto end; - break; - } - } - - /* No extra arguments. */ - argc = opt_num_rest(); - if (argc != 0) - goto opthelp; - - in = bio_open_default(infile, 'r', FORMAT_PEM); - if (in == NULL) - goto end; - out = bio_open_default(outfile, 'w', FORMAT_PEM); - if (out == NULL) - goto end; - pkey = PEM_read_bio_Parameters_ex(in, NULL, app_get0_libctx(), - app_get0_propq()); - if (pkey == NULL) { - BIO_printf(bio_err, "Error reading parameters\n"); - ERR_print_errors(bio_err); - goto end; - } - - if (check) { - if (e == NULL) - ctx = EVP_PKEY_CTX_new_from_pkey(app_get0_libctx(), pkey, - app_get0_propq()); - else - ctx = EVP_PKEY_CTX_new(pkey, e); - if (ctx == NULL) { - ERR_print_errors(bio_err); - goto end; - } - - r = EVP_PKEY_param_check(ctx); - - if (r == 1) { - BIO_printf(out, "Parameters are valid\n"); - } else { - /* - * Note: at least for RSA keys if this function returns - * -1, there will be no error reasons. - */ - BIO_printf(bio_err, "Parameters are invalid\n"); - ERR_print_errors(bio_err); - goto end; - } - } - - if (!noout) - PEM_write_bio_Parameters(out, pkey); - - if (text) - EVP_PKEY_print_params(out, pkey, 0, NULL); - - ret = EXIT_SUCCESS; - - end: - EVP_PKEY_CTX_free(ctx); - EVP_PKEY_free(pkey); - release_engine(e); - BIO_free_all(out); - BIO_free(in); - - return ret; -} diff --git a/apps/pkeyutl.c b/apps/pkeyutl.c deleted file mode 100644 index 518a74166153fd04dc7491566704a36f60cb39dd..0000000000000000000000000000000000000000 --- a/apps/pkeyutl.c +++ /dev/null @@ -1,801 +0,0 @@ -/* - * Copyright 2006-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include "apps.h" -#include "progs.h" -#include -#include -#include -#include -#include - -#define KEY_NONE 0 -#define KEY_PRIVKEY 1 -#define KEY_PUBKEY 2 -#define KEY_CERT 3 - -static EVP_PKEY_CTX *init_ctx(const char *kdfalg, int *pkeysize, - const char *keyfile, int keyform, int key_type, - char *passinarg, int pkey_op, ENGINE *e, - const int impl, int rawin, EVP_PKEY **ppkey, - EVP_MD_CTX *mctx, const char *digestname, - OSSL_LIB_CTX *libctx, const char *propq); - -static int setup_peer(EVP_PKEY_CTX *ctx, int peerform, const char *file, - ENGINE *e); - -static int do_keyop(EVP_PKEY_CTX *ctx, int pkey_op, - unsigned char *out, size_t *poutlen, - const unsigned char *in, size_t inlen); - -static int do_raw_keyop(int pkey_op, EVP_MD_CTX *mctx, - EVP_PKEY *pkey, BIO *in, - int filesize, unsigned char *sig, int siglen, - unsigned char **out, size_t *poutlen); - -typedef enum OPTION_choice { - OPT_COMMON, - OPT_ENGINE, OPT_ENGINE_IMPL, OPT_IN, OPT_OUT, - OPT_PUBIN, OPT_CERTIN, OPT_ASN1PARSE, OPT_HEXDUMP, OPT_SIGN, - OPT_VERIFY, OPT_VERIFYRECOVER, OPT_REV, OPT_ENCRYPT, OPT_DECRYPT, - OPT_DERIVE, OPT_SIGFILE, OPT_INKEY, OPT_PEERKEY, OPT_PASSIN, - OPT_PEERFORM, OPT_KEYFORM, OPT_PKEYOPT, OPT_PKEYOPT_PASSIN, OPT_KDF, - OPT_KDFLEN, OPT_R_ENUM, OPT_PROV_ENUM, - OPT_CONFIG, - OPT_RAWIN, OPT_DIGEST -} OPTION_CHOICE; - -const OPTIONS pkeyutl_options[] = { - OPT_SECTION("General"), - {"help", OPT_HELP, '-', "Display this summary"}, -#ifndef OPENSSL_NO_ENGINE - {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, - {"engine_impl", OPT_ENGINE_IMPL, '-', - "Also use engine given by -engine for crypto operations"}, -#endif - {"sign", OPT_SIGN, '-', "Sign input data with private key"}, - {"verify", OPT_VERIFY, '-', "Verify with public key"}, - {"encrypt", OPT_ENCRYPT, '-', "Encrypt input data with public key"}, - {"decrypt", OPT_DECRYPT, '-', "Decrypt input data with private key"}, - {"derive", OPT_DERIVE, '-', "Derive shared secret"}, - OPT_CONFIG_OPTION, - - OPT_SECTION("Input"), - {"in", OPT_IN, '<', "Input file - default stdin"}, - {"rawin", OPT_RAWIN, '-', "Indicate the input data is in raw form"}, - {"pubin", OPT_PUBIN, '-', "Input is a public key"}, - {"inkey", OPT_INKEY, 's', "Input private key file"}, - {"passin", OPT_PASSIN, 's', "Input file pass phrase source"}, - {"peerkey", OPT_PEERKEY, 's', "Peer key file used in key derivation"}, - {"peerform", OPT_PEERFORM, 'E', "Peer key format (DER/PEM/P12/ENGINE)"}, - {"certin", OPT_CERTIN, '-', "Input is a cert with a public key"}, - {"rev", OPT_REV, '-', "Reverse the order of the input buffer"}, - {"sigfile", OPT_SIGFILE, '<', "Signature file (verify operation only)"}, - {"keyform", OPT_KEYFORM, 'E', "Private key format (ENGINE, other values ignored)"}, - - OPT_SECTION("Output"), - {"out", OPT_OUT, '>', "Output file - default stdout"}, - {"asn1parse", OPT_ASN1PARSE, '-', "asn1parse the output data"}, - {"hexdump", OPT_HEXDUMP, '-', "Hex dump output"}, - {"verifyrecover", OPT_VERIFYRECOVER, '-', - "Verify with public key, recover original data"}, - - OPT_SECTION("Signing/Derivation"), - {"digest", OPT_DIGEST, 's', - "Specify the digest algorithm when signing the raw input data"}, - {"pkeyopt", OPT_PKEYOPT, 's', "Public key options as opt:value"}, - {"pkeyopt_passin", OPT_PKEYOPT_PASSIN, 's', - "Public key option that is read as a passphrase argument opt:passphrase"}, - {"kdf", OPT_KDF, 's', "Use KDF algorithm"}, - {"kdflen", OPT_KDFLEN, 'p', "KDF algorithm output length"}, - - OPT_R_OPTIONS, - OPT_PROV_OPTIONS, - {NULL} -}; - -int pkeyutl_main(int argc, char **argv) -{ - CONF *conf = NULL; - BIO *in = NULL, *out = NULL; - ENGINE *e = NULL; - EVP_PKEY_CTX *ctx = NULL; - EVP_PKEY *pkey = NULL; - char *infile = NULL, *outfile = NULL, *sigfile = NULL, *passinarg = NULL; - char hexdump = 0, asn1parse = 0, rev = 0, *prog; - unsigned char *buf_in = NULL, *buf_out = NULL, *sig = NULL; - OPTION_CHOICE o; - int buf_inlen = 0, siglen = -1; - int keyform = FORMAT_UNDEF, peerform = FORMAT_UNDEF; - int keysize = -1, pkey_op = EVP_PKEY_OP_SIGN, key_type = KEY_PRIVKEY; - int engine_impl = 0; - int ret = 1, rv = -1; - size_t buf_outlen; - const char *inkey = NULL; - const char *peerkey = NULL; - const char *kdfalg = NULL, *digestname = NULL; - int kdflen = 0; - STACK_OF(OPENSSL_STRING) *pkeyopts = NULL; - STACK_OF(OPENSSL_STRING) *pkeyopts_passin = NULL; - int rawin = 0; - EVP_MD_CTX *mctx = NULL; - EVP_MD *md = NULL; - int filesize = -1; - OSSL_LIB_CTX *libctx = app_get0_libctx(); - - prog = opt_init(argc, argv, pkeyutl_options); - while ((o = opt_next()) != OPT_EOF) { - switch (o) { - case OPT_EOF: - case OPT_ERR: - opthelp: - BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); - goto end; - case OPT_HELP: - opt_help(pkeyutl_options); - ret = 0; - goto end; - case OPT_IN: - infile = opt_arg(); - break; - case OPT_OUT: - outfile = opt_arg(); - break; - case OPT_SIGFILE: - sigfile = opt_arg(); - break; - case OPT_ENGINE_IMPL: - engine_impl = 1; - break; - case OPT_INKEY: - inkey = opt_arg(); - break; - case OPT_PEERKEY: - peerkey = opt_arg(); - break; - case OPT_PASSIN: - passinarg = opt_arg(); - break; - case OPT_PEERFORM: - if (!opt_format(opt_arg(), OPT_FMT_ANY, &peerform)) - goto opthelp; - break; - case OPT_KEYFORM: - if (!opt_format(opt_arg(), OPT_FMT_ANY, &keyform)) - goto opthelp; - break; - case OPT_R_CASES: - if (!opt_rand(o)) - goto end; - break; - case OPT_CONFIG: - conf = app_load_config_modules(opt_arg()); - if (conf == NULL) - goto end; - break; - case OPT_PROV_CASES: - if (!opt_provider(o)) - goto end; - break; - case OPT_ENGINE: - e = setup_engine(opt_arg(), 0); - break; - case OPT_PUBIN: - key_type = KEY_PUBKEY; - break; - case OPT_CERTIN: - key_type = KEY_CERT; - break; - case OPT_ASN1PARSE: - asn1parse = 1; - break; - case OPT_HEXDUMP: - hexdump = 1; - break; - case OPT_SIGN: - pkey_op = EVP_PKEY_OP_SIGN; - break; - case OPT_VERIFY: - pkey_op = EVP_PKEY_OP_VERIFY; - break; - case OPT_VERIFYRECOVER: - pkey_op = EVP_PKEY_OP_VERIFYRECOVER; - break; - case OPT_ENCRYPT: - pkey_op = EVP_PKEY_OP_ENCRYPT; - break; - case OPT_DECRYPT: - pkey_op = EVP_PKEY_OP_DECRYPT; - break; - case OPT_DERIVE: - pkey_op = EVP_PKEY_OP_DERIVE; - break; - case OPT_KDF: - pkey_op = EVP_PKEY_OP_DERIVE; - key_type = KEY_NONE; - kdfalg = opt_arg(); - break; - case OPT_KDFLEN: - kdflen = atoi(opt_arg()); - break; - case OPT_REV: - rev = 1; - break; - case OPT_PKEYOPT: - if ((pkeyopts == NULL && - (pkeyopts = sk_OPENSSL_STRING_new_null()) == NULL) || - sk_OPENSSL_STRING_push(pkeyopts, opt_arg()) == 0) { - BIO_puts(bio_err, "out of memory\n"); - goto end; - } - break; - case OPT_PKEYOPT_PASSIN: - if ((pkeyopts_passin == NULL && - (pkeyopts_passin = sk_OPENSSL_STRING_new_null()) == NULL) || - sk_OPENSSL_STRING_push(pkeyopts_passin, opt_arg()) == 0) { - BIO_puts(bio_err, "out of memory\n"); - goto end; - } - break; - case OPT_RAWIN: - rawin = 1; - break; - case OPT_DIGEST: - digestname = opt_arg(); - break; - } - } - - /* No extra arguments. */ - argc = opt_num_rest(); - if (argc != 0) - goto opthelp; - - if (!app_RAND_load()) - goto end; - - if (rawin && pkey_op != EVP_PKEY_OP_SIGN && pkey_op != EVP_PKEY_OP_VERIFY) { - BIO_printf(bio_err, - "%s: -rawin can only be used with -sign or -verify\n", - prog); - goto opthelp; - } - - if (digestname != NULL && !rawin) { - BIO_printf(bio_err, - "%s: -digest can only be used with -rawin\n", - prog); - goto opthelp; - } - - if (rawin && rev) { - BIO_printf(bio_err, "%s: -rev cannot be used with raw input\n", - prog); - goto opthelp; - } - - if (kdfalg != NULL) { - if (kdflen == 0) { - BIO_printf(bio_err, - "%s: no KDF length given (-kdflen parameter).\n", prog); - goto opthelp; - } - } else if (inkey == NULL) { - BIO_printf(bio_err, - "%s: no private key given (-inkey parameter).\n", prog); - goto opthelp; - } else if (peerkey != NULL && pkey_op != EVP_PKEY_OP_DERIVE) { - BIO_printf(bio_err, - "%s: no peer key given (-peerkey parameter).\n", prog); - goto opthelp; - } - - if (rawin) { - if ((mctx = EVP_MD_CTX_new()) == NULL) { - BIO_printf(bio_err, "Error: out of memory\n"); - goto end; - } - } - ctx = init_ctx(kdfalg, &keysize, inkey, keyform, key_type, - passinarg, pkey_op, e, engine_impl, rawin, &pkey, - mctx, digestname, libctx, app_get0_propq()); - if (ctx == NULL) { - BIO_printf(bio_err, "%s: Error initializing context\n", prog); - goto end; - } - if (peerkey != NULL && !setup_peer(ctx, peerform, peerkey, e)) { - BIO_printf(bio_err, "%s: Error setting up peer key\n", prog); - goto end; - } - if (pkeyopts != NULL) { - int num = sk_OPENSSL_STRING_num(pkeyopts); - int i; - - for (i = 0; i < num; ++i) { - const char *opt = sk_OPENSSL_STRING_value(pkeyopts, i); - - if (pkey_ctrl_string(ctx, opt) <= 0) { - BIO_printf(bio_err, "%s: Can't set parameter \"%s\":\n", - prog, opt); - goto end; - } - } - } - if (pkeyopts_passin != NULL) { - int num = sk_OPENSSL_STRING_num(pkeyopts_passin); - int i; - - for (i = 0; i < num; i++) { - char *opt = sk_OPENSSL_STRING_value(pkeyopts_passin, i); - char *passin = strchr(opt, ':'); - char *passwd; - - if (passin == NULL) { - /* Get password interactively */ - char passwd_buf[4096]; - int r; - - BIO_snprintf(passwd_buf, sizeof(passwd_buf), "Enter %s: ", opt); - r = EVP_read_pw_string(passwd_buf, sizeof(passwd_buf) - 1, - passwd_buf, 0); - if (r < 0) { - if (r == -2) - BIO_puts(bio_err, "user abort\n"); - else - BIO_puts(bio_err, "entry failed\n"); - goto end; - } - passwd = OPENSSL_strdup(passwd_buf); - if (passwd == NULL) { - BIO_puts(bio_err, "out of memory\n"); - goto end; - } - } else { - /* Get password as a passin argument: First split option name - * and passphrase argument into two strings */ - *passin = 0; - passin++; - if (app_passwd(passin, NULL, &passwd, NULL) == 0) { - BIO_printf(bio_err, "failed to get '%s'\n", opt); - goto end; - } - } - - if (EVP_PKEY_CTX_ctrl_str(ctx, opt, passwd) <= 0) { - BIO_printf(bio_err, "%s: Can't set parameter \"%s\":\n", - prog, opt); - goto end; - } - OPENSSL_free(passwd); - } - } - - if (sigfile != NULL && (pkey_op != EVP_PKEY_OP_VERIFY)) { - BIO_printf(bio_err, - "%s: Signature file specified for non verify\n", prog); - goto end; - } - - if (sigfile == NULL && (pkey_op == EVP_PKEY_OP_VERIFY)) { - BIO_printf(bio_err, - "%s: No signature file specified for verify\n", prog); - goto end; - } - - if (pkey_op != EVP_PKEY_OP_DERIVE) { - in = bio_open_default(infile, 'r', FORMAT_BINARY); - if (infile != NULL) { - struct stat st; - - if (stat(infile, &st) == 0 && st.st_size <= INT_MAX) - filesize = (int)st.st_size; - } - if (in == NULL) - goto end; - } - out = bio_open_default(outfile, 'w', FORMAT_BINARY); - if (out == NULL) - goto end; - - if (sigfile != NULL) { - BIO *sigbio = BIO_new_file(sigfile, "rb"); - - if (sigbio == NULL) { - BIO_printf(bio_err, "Can't open signature file %s\n", sigfile); - goto end; - } - siglen = bio_to_mem(&sig, keysize * 10, sigbio); - BIO_free(sigbio); - if (siglen < 0) { - BIO_printf(bio_err, "Error reading signature data\n"); - goto end; - } - } - - /* Raw input data is handled elsewhere */ - if (in != NULL && !rawin) { - /* Read the input data */ - buf_inlen = bio_to_mem(&buf_in, keysize * 10, in); - if (buf_inlen < 0) { - BIO_printf(bio_err, "Error reading input Data\n"); - goto end; - } - if (rev) { - size_t i; - unsigned char ctmp; - size_t l = (size_t)buf_inlen; - for (i = 0; i < l / 2; i++) { - ctmp = buf_in[i]; - buf_in[i] = buf_in[l - 1 - i]; - buf_in[l - 1 - i] = ctmp; - } - } - } - - /* Sanity check the input if the input is not raw */ - if (!rawin - && buf_inlen > EVP_MAX_MD_SIZE - && (pkey_op == EVP_PKEY_OP_SIGN - || pkey_op == EVP_PKEY_OP_VERIFY)) { - BIO_printf(bio_err, - "Error: The input data looks too long to be a hash\n"); - goto end; - } - - if (pkey_op == EVP_PKEY_OP_VERIFY) { - if (rawin) { - rv = do_raw_keyop(pkey_op, mctx, pkey, in, filesize, sig, siglen, - NULL, 0); - } else { - rv = EVP_PKEY_verify(ctx, sig, (size_t)siglen, - buf_in, (size_t)buf_inlen); - } - if (rv == 1) { - BIO_puts(out, "Signature Verified Successfully\n"); - ret = 0; - } else { - BIO_puts(out, "Signature Verification Failure\n"); - } - goto end; - } - if (rawin) { - /* rawin allocates the buffer in do_raw_keyop() */ - rv = do_raw_keyop(pkey_op, mctx, pkey, in, filesize, NULL, 0, - &buf_out, (size_t *)&buf_outlen); - } else { - if (kdflen != 0) { - buf_outlen = kdflen; - rv = 1; - } else { - rv = do_keyop(ctx, pkey_op, NULL, (size_t *)&buf_outlen, - buf_in, (size_t)buf_inlen); - } - if (rv > 0 && buf_outlen != 0) { - buf_out = app_malloc(buf_outlen, "buffer output"); - rv = do_keyop(ctx, pkey_op, - buf_out, (size_t *)&buf_outlen, - buf_in, (size_t)buf_inlen); - } - } - if (rv <= 0) { - if (pkey_op != EVP_PKEY_OP_DERIVE) { - BIO_puts(bio_err, "Public Key operation error\n"); - } else { - BIO_puts(bio_err, "Key derivation failed\n"); - } - goto end; - } - ret = 0; - - if (asn1parse) { - if (!ASN1_parse_dump(out, buf_out, buf_outlen, 1, -1)) - ERR_print_errors(bio_err); /* but still return success */ - } else if (hexdump) { - BIO_dump(out, (char *)buf_out, buf_outlen); - } else { - BIO_write(out, buf_out, buf_outlen); - } - - end: - if (ret != 0) - ERR_print_errors(bio_err); - EVP_MD_CTX_free(mctx); - EVP_PKEY_CTX_free(ctx); - EVP_MD_free(md); - release_engine(e); - BIO_free(in); - BIO_free_all(out); - OPENSSL_free(buf_in); - OPENSSL_free(buf_out); - OPENSSL_free(sig); - sk_OPENSSL_STRING_free(pkeyopts); - sk_OPENSSL_STRING_free(pkeyopts_passin); - NCONF_free(conf); - return ret; -} - -static EVP_PKEY_CTX *init_ctx(const char *kdfalg, int *pkeysize, - const char *keyfile, int keyform, int key_type, - char *passinarg, int pkey_op, ENGINE *e, - const int engine_impl, int rawin, - EVP_PKEY **ppkey, EVP_MD_CTX *mctx, const char *digestname, - OSSL_LIB_CTX *libctx, const char *propq) -{ - EVP_PKEY *pkey = NULL; - EVP_PKEY_CTX *ctx = NULL; - ENGINE *impl = NULL; - char *passin = NULL; - int rv = -1; - X509 *x; - - if (((pkey_op == EVP_PKEY_OP_SIGN) || (pkey_op == EVP_PKEY_OP_DECRYPT) - || (pkey_op == EVP_PKEY_OP_DERIVE)) - && (key_type != KEY_PRIVKEY && kdfalg == NULL)) { - BIO_printf(bio_err, "A private key is needed for this operation\n"); - goto end; - } - if (!app_passwd(passinarg, NULL, &passin, NULL)) { - BIO_printf(bio_err, "Error getting password\n"); - goto end; - } - switch (key_type) { - case KEY_PRIVKEY: - pkey = load_key(keyfile, keyform, 0, passin, e, "private key"); - break; - - case KEY_PUBKEY: - pkey = load_pubkey(keyfile, keyform, 0, NULL, e, "public key"); - break; - - case KEY_CERT: - x = load_cert(keyfile, keyform, "Certificate"); - if (x) { - pkey = X509_get_pubkey(x); - X509_free(x); - } - break; - - case KEY_NONE: - break; - - } - -#ifndef OPENSSL_NO_ENGINE - if (engine_impl) - impl = e; -#endif - - if (kdfalg != NULL) { - int kdfnid = OBJ_sn2nid(kdfalg); - - if (kdfnid == NID_undef) { - kdfnid = OBJ_ln2nid(kdfalg); - if (kdfnid == NID_undef) { - BIO_printf(bio_err, "The given KDF \"%s\" is unknown.\n", - kdfalg); - goto end; - } - } - if (impl != NULL) - ctx = EVP_PKEY_CTX_new_id(kdfnid, impl); - else - ctx = EVP_PKEY_CTX_new_from_name(libctx, kdfalg, propq); - } else { - if (pkey == NULL) - goto end; - - *pkeysize = EVP_PKEY_get_size(pkey); - if (impl != NULL) - ctx = EVP_PKEY_CTX_new(pkey, impl); - else - ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, propq); - if (ppkey != NULL) - *ppkey = pkey; - EVP_PKEY_free(pkey); - } - - if (ctx == NULL) - goto end; - - if (rawin) { - EVP_MD_CTX_set_pkey_ctx(mctx, ctx); - - switch (pkey_op) { - case EVP_PKEY_OP_SIGN: - rv = EVP_DigestSignInit_ex(mctx, NULL, digestname, libctx, propq, - pkey, NULL); - break; - - case EVP_PKEY_OP_VERIFY: - rv = EVP_DigestVerifyInit_ex(mctx, NULL, digestname, libctx, propq, - pkey, NULL); - break; - } - - } else { - switch (pkey_op) { - case EVP_PKEY_OP_SIGN: - rv = EVP_PKEY_sign_init(ctx); - break; - - case EVP_PKEY_OP_VERIFY: - rv = EVP_PKEY_verify_init(ctx); - break; - - case EVP_PKEY_OP_VERIFYRECOVER: - rv = EVP_PKEY_verify_recover_init(ctx); - break; - - case EVP_PKEY_OP_ENCRYPT: - rv = EVP_PKEY_encrypt_init(ctx); - break; - - case EVP_PKEY_OP_DECRYPT: - rv = EVP_PKEY_decrypt_init(ctx); - break; - - case EVP_PKEY_OP_DERIVE: - rv = EVP_PKEY_derive_init(ctx); - break; - } - } - - if (rv <= 0) { - EVP_PKEY_CTX_free(ctx); - ctx = NULL; - } - - end: - OPENSSL_free(passin); - return ctx; - -} - -static int setup_peer(EVP_PKEY_CTX *ctx, int peerform, const char *file, - ENGINE *e) -{ - EVP_PKEY *peer = NULL; - ENGINE *engine = NULL; - int ret; - - if (peerform == FORMAT_ENGINE) - engine = e; - peer = load_pubkey(file, peerform, 0, NULL, engine, "peer key"); - if (peer == NULL) { - BIO_printf(bio_err, "Error reading peer key %s\n", file); - return 0; - } - - ret = EVP_PKEY_derive_set_peer(ctx, peer) > 0; - - EVP_PKEY_free(peer); - return ret; -} - -static int do_keyop(EVP_PKEY_CTX *ctx, int pkey_op, - unsigned char *out, size_t *poutlen, - const unsigned char *in, size_t inlen) -{ - int rv = 0; - switch (pkey_op) { - case EVP_PKEY_OP_VERIFYRECOVER: - rv = EVP_PKEY_verify_recover(ctx, out, poutlen, in, inlen); - break; - - case EVP_PKEY_OP_SIGN: - rv = EVP_PKEY_sign(ctx, out, poutlen, in, inlen); - break; - - case EVP_PKEY_OP_ENCRYPT: - rv = EVP_PKEY_encrypt(ctx, out, poutlen, in, inlen); - break; - - case EVP_PKEY_OP_DECRYPT: - rv = EVP_PKEY_decrypt(ctx, out, poutlen, in, inlen); - break; - - case EVP_PKEY_OP_DERIVE: - rv = EVP_PKEY_derive(ctx, out, poutlen); - break; - - } - return rv; -} - -#define TBUF_MAXSIZE 2048 - -static int do_raw_keyop(int pkey_op, EVP_MD_CTX *mctx, - EVP_PKEY *pkey, BIO *in, - int filesize, unsigned char *sig, int siglen, - unsigned char **out, size_t *poutlen) -{ - int rv = 0; - unsigned char tbuf[TBUF_MAXSIZE]; - unsigned char *mbuf = NULL; - int buf_len = 0; - - /* Some algorithms only support oneshot digests */ - if (EVP_PKEY_get_id(pkey) == EVP_PKEY_ED25519 - || EVP_PKEY_get_id(pkey) == EVP_PKEY_ED448) { - if (filesize < 0) { - BIO_printf(bio_err, - "Error: unable to determine file size for oneshot operation\n"); - goto end; - } - mbuf = app_malloc(filesize, "oneshot sign/verify buffer"); - switch(pkey_op) { - case EVP_PKEY_OP_VERIFY: - buf_len = BIO_read(in, mbuf, filesize); - if (buf_len != filesize) { - BIO_printf(bio_err, "Error reading raw input data\n"); - goto end; - } - rv = EVP_DigestVerify(mctx, sig, (size_t)siglen, mbuf, buf_len); - break; - case EVP_PKEY_OP_SIGN: - buf_len = BIO_read(in, mbuf, filesize); - if (buf_len != filesize) { - BIO_printf(bio_err, "Error reading raw input data\n"); - goto end; - } - rv = EVP_DigestSign(mctx, NULL, poutlen, mbuf, buf_len); - if (rv == 1 && out != NULL) { - *out = app_malloc(*poutlen, "buffer output"); - rv = EVP_DigestSign(mctx, *out, poutlen, mbuf, buf_len); - } - break; - } - goto end; - } - - switch(pkey_op) { - case EVP_PKEY_OP_VERIFY: - for (;;) { - buf_len = BIO_read(in, tbuf, TBUF_MAXSIZE); - if (buf_len == 0) - break; - if (buf_len < 0) { - BIO_printf(bio_err, "Error reading raw input data\n"); - goto end; - } - rv = EVP_DigestVerifyUpdate(mctx, tbuf, (size_t)buf_len); - if (rv != 1) { - BIO_printf(bio_err, "Error verifying raw input data\n"); - goto end; - } - } - rv = EVP_DigestVerifyFinal(mctx, sig, (size_t)siglen); - break; - case EVP_PKEY_OP_SIGN: - for (;;) { - buf_len = BIO_read(in, tbuf, TBUF_MAXSIZE); - if (buf_len == 0) - break; - if (buf_len < 0) { - BIO_printf(bio_err, "Error reading raw input data\n"); - goto end; - } - rv = EVP_DigestSignUpdate(mctx, tbuf, (size_t)buf_len); - if (rv != 1) { - BIO_printf(bio_err, "Error signing raw input data\n"); - goto end; - } - } - rv = EVP_DigestSignFinal(mctx, NULL, poutlen); - if (rv == 1 && out != NULL) { - *out = app_malloc(*poutlen, "buffer output"); - rv = EVP_DigestSignFinal(mctx, *out, poutlen); - } - break; - } - - end: - OPENSSL_free(mbuf); - return rv; -} diff --git a/apps/prime.c b/apps/prime.c deleted file mode 100644 index e269493d5cd7b0df8f7d425fe6a4d3e9e3e3217a..0000000000000000000000000000000000000000 --- a/apps/prime.c +++ /dev/null @@ -1,144 +0,0 @@ -/* - * Copyright 2004-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include - -#include "apps.h" -#include "progs.h" -#include - -typedef enum OPTION_choice { - OPT_COMMON, - OPT_HEX, OPT_GENERATE, OPT_BITS, OPT_SAFE, OPT_CHECKS, - OPT_PROV_ENUM -} OPTION_CHOICE; - -const OPTIONS prime_options[] = { - {OPT_HELP_STR, 1, '-', "Usage: %s [options] [number...]\n"}, - - OPT_SECTION("General"), - {"help", OPT_HELP, '-', "Display this summary"}, - {"bits", OPT_BITS, 'p', "Size of number in bits"}, - {"checks", OPT_CHECKS, 'p', "Number of checks"}, - - OPT_SECTION("Output"), - {"hex", OPT_HEX, '-', "Hex output"}, - {"generate", OPT_GENERATE, '-', "Generate a prime"}, - {"safe", OPT_SAFE, '-', - "When used with -generate, generate a safe prime"}, - - OPT_PROV_OPTIONS, - - OPT_PARAMETERS(), - {"number", 0, 0, "Number(s) to check for primality if not generating"}, - {NULL} -}; - -int prime_main(int argc, char **argv) -{ - BIGNUM *bn = NULL; - int hex = 0, generate = 0, bits = 0, safe = 0, ret = 1; - char *prog; - OPTION_CHOICE o; - - prog = opt_init(argc, argv, prime_options); - while ((o = opt_next()) != OPT_EOF) { - switch (o) { - case OPT_EOF: - case OPT_ERR: -opthelp: - BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); - goto end; - case OPT_HELP: - opt_help(prime_options); - ret = 0; - goto end; - case OPT_HEX: - hex = 1; - break; - case OPT_GENERATE: - generate = 1; - break; - case OPT_BITS: - bits = atoi(opt_arg()); - break; - case OPT_SAFE: - safe = 1; - break; - case OPT_CHECKS: - /* ignore parameter and argument */ - opt_arg(); - break; - case OPT_PROV_CASES: - if (!opt_provider(o)) - goto end; - break; - } - } - - /* Optional arguments are numbers to check. */ - argc = opt_num_rest(); - argv = opt_rest(); - if (generate) { - if (argc != 0) - goto opthelp; - } else if (argc == 0) { - goto opthelp; - } - - if (generate) { - char *s; - - if (!bits) { - BIO_printf(bio_err, "Specify the number of bits.\n"); - goto end; - } - bn = BN_new(); - if (bn == NULL) { - BIO_printf(bio_err, "Out of memory.\n"); - goto end; - } - if (!BN_generate_prime_ex(bn, bits, safe, NULL, NULL, NULL)) { - BIO_printf(bio_err, "Failed to generate prime.\n"); - goto end; - } - s = hex ? BN_bn2hex(bn) : BN_bn2dec(bn); - if (s == NULL) { - BIO_printf(bio_err, "Out of memory.\n"); - goto end; - } - BIO_printf(bio_out, "%s\n", s); - OPENSSL_free(s); - } else { - for ( ; *argv; argv++) { - int r; - - if (hex) - r = BN_hex2bn(&bn, argv[0]); - else - r = BN_dec2bn(&bn, argv[0]); - - if (!r) { - BIO_printf(bio_err, "Failed to process value (%s)\n", argv[0]); - goto end; - } - - BN_print(bio_out, bn); - BIO_printf(bio_out, " (%s) %s prime\n", - argv[0], - BN_check_prime(bn, NULL, NULL) - ? "is" : "is not"); - } - } - - ret = 0; - end: - BN_free(bn); - return ret; -} diff --git a/apps/progs.pl b/apps/progs.pl deleted file mode 100644 index 29f9be13ca088d56f1a3b1ed81a319c01faf813b..0000000000000000000000000000000000000000 --- a/apps/progs.pl +++ /dev/null @@ -1,220 +0,0 @@ -#! /usr/bin/env perl -# Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - -# Generate progs.h file by looking for command mains in list of C files -# passed on the command line. - -use strict; -use warnings; -use lib '.'; -use configdata qw/@disablables %unified_info/; - -my $opt = shift @ARGV; -die "Unrecognised option, must be -C or -H\n" - unless ($opt eq '-H' || $opt eq '-C'); - -my %commands = (); -my $cmdre = qr/^\s*int\s+([a-z_][a-z0-9_]*)_main\(\s*int\s+argc\s*,/; -my $apps_openssl = shift @ARGV; -my $YEAR = [gmtime($ENV{SOURCE_DATE_EPOCH} || time())]->[5] + 1900; - -# because the program apps/openssl has object files as sources, and -# they then have the corresponding C files as source, we need to chain -# the lookups in %unified_info -my @openssl_source = - map { @{$unified_info{sources}->{$_}} } - grep { /\.o$/ - && !$unified_info{attributes}->{sources}->{$apps_openssl}->{$_}->{nocheck} } - @{$unified_info{sources}->{$apps_openssl}}; - -foreach my $filename (@openssl_source) { - open F, $filename or die "Couldn't open $filename: $!\n"; - foreach ( grep /$cmdre/, ) { - my @foo = /$cmdre/; - $commands{$1} = 1; - } - close F; -} - -@ARGV = sort keys %commands; - -if ($opt eq '-H') { - print <<"EOF"; -/* - * WARNING: do not edit! - * Generated by apps/progs.pl - * - * Copyright 1995-$YEAR The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include "function.h" - -EOF - - foreach (@ARGV) { - printf "extern int %s_main(int argc, char *argv[]);\n", $_; - } - print "\n"; - - foreach (@ARGV) { - printf "extern const OPTIONS %s_options[];\n", $_; - } - print "\n"; - print "extern FUNCTION functions[];\n"; -} - -if ($opt eq '-C') { - print <<"EOF"; -/* - * WARNING: do not edit! - * Generated by apps/progs.pl - * - * Copyright 1995-$YEAR The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include "progs.h" - -EOF - - my %cmd_disabler = ( - ciphers => "sock", - genrsa => "rsa", - gendsa => "dsa", - dsaparam => "dsa", - gendh => "dh", - dhparam => "dh", - ecparam => "ec", - ); - my %cmd_deprecated = ( -# The format of this table is: -# [0] = alternative command to use instead -# [1] = deprecented in this version -# [2] = preprocessor conditional for exclusing irrespective of deprecation -# rsa => [ "pkey", "3_0", "rsa" ], -# genrsa => [ "genpkey", "3_0", "rsa" ], - rsautl => [ "pkeyutl", "3_0", "rsa" ], -# dhparam => [ "pkeyparam", "3_0", "dh" ], -# dsaparam => [ "pkeyparam", "3_0", "dsa" ], -# dsa => [ "pkey", "3_0", "dsa" ], -# gendsa => [ "genpkey", "3_0", "dsa" ], -# ec => [ "pkey", "3_0", "ec" ], -# ecparam => [ "pkeyparam", "3_0", "ec" ], - ); - - print "FUNCTION functions[] = {\n"; - foreach my $cmd ( @ARGV ) { - my $str = - " {FT_general, \"$cmd\", ${cmd}_main, ${cmd}_options, NULL, NULL},\n"; - if ($cmd =~ /^s_/) { - print "#ifndef OPENSSL_NO_SOCK\n${str}#endif\n"; - } elsif (my $deprecated = $cmd_deprecated{$cmd}) { - my @dep = @{$deprecated}; - my $daltprg = $dep[0]; - my $dver = $dep[1]; - my $dsys = $dep[2]; - print "#if !defined(OPENSSL_NO_DEPRECATED_" . $dver . ")"; - if ($dsys) { - print " && !defined(OPENSSL_NO_" . uc($dsys) . ")"; - } - $dver =~ s/_/./g; - my $dalt = "\"" . $daltprg . "\", \"" . $dver . "\""; - $str =~ s/NULL, NULL/$dalt/; - print "\n${str}#endif\n"; - } elsif (grep { $cmd eq $_ } @disablables) { - print "#ifndef OPENSSL_NO_" . uc($cmd) . "\n${str}#endif\n"; - } elsif (my $disabler = $cmd_disabler{$cmd}) { - print "#ifndef OPENSSL_NO_" . uc($disabler) . "\n${str}#endif\n"; - } else { - print $str; - } - } - - my %md_disabler = ( - blake2b512 => "blake2", - blake2s256 => "blake2", - ); - foreach my $cmd ( - "md2", "md4", "md5", - "sha1", "sha224", "sha256", "sha384", - "sha512", "sha512-224", "sha512-256", - "sha3-224", "sha3-256", "sha3-384", "sha3-512", - "shake128", "shake256", - "mdc2", "rmd160", "blake2b512", "blake2s256", - "sm3" - ) { - my $str = " {FT_md, \"$cmd\", dgst_main, NULL, NULL},\n"; - if (grep { $cmd eq $_ } @disablables) { - print "#ifndef OPENSSL_NO_" . uc($cmd) . "\n${str}#endif\n"; - } elsif (my $disabler = $md_disabler{$cmd}) { - print "#ifndef OPENSSL_NO_" . uc($disabler) . "\n${str}#endif\n"; - } else { - print $str; - } - } - - my %cipher_disabler = ( - des3 => "des", - desx => "des", - cast5 => "cast", - ); - foreach my $cmd ( - "aes-128-cbc", "aes-128-ecb", - "aes-192-cbc", "aes-192-ecb", - "aes-256-cbc", "aes-256-ecb", - "aria-128-cbc", "aria-128-cfb", - "aria-128-ctr", "aria-128-ecb", "aria-128-ofb", - "aria-128-cfb1", "aria-128-cfb8", - "aria-192-cbc", "aria-192-cfb", - "aria-192-ctr", "aria-192-ecb", "aria-192-ofb", - "aria-192-cfb1", "aria-192-cfb8", - "aria-256-cbc", "aria-256-cfb", - "aria-256-ctr", "aria-256-ecb", "aria-256-ofb", - "aria-256-cfb1", "aria-256-cfb8", - "camellia-128-cbc", "camellia-128-ecb", - "camellia-192-cbc", "camellia-192-ecb", - "camellia-256-cbc", "camellia-256-ecb", - "base64", "zlib", - "des", "des3", "desx", "idea", "seed", "rc4", "rc4-40", - "rc2", "bf", "cast", "rc5", - "des-ecb", "des-ede", "des-ede3", - "des-cbc", "des-ede-cbc","des-ede3-cbc", - "des-cfb", "des-ede-cfb","des-ede3-cfb", - "des-ofb", "des-ede-ofb","des-ede3-ofb", - "idea-cbc","idea-ecb", "idea-cfb", "idea-ofb", - "seed-cbc","seed-ecb", "seed-cfb", "seed-ofb", - "rc2-cbc", "rc2-ecb", "rc2-cfb","rc2-ofb", "rc2-64-cbc", "rc2-40-cbc", - "bf-cbc", "bf-ecb", "bf-cfb", "bf-ofb", - "cast5-cbc","cast5-ecb", "cast5-cfb","cast5-ofb", - "cast-cbc", "rc5-cbc", "rc5-ecb", "rc5-cfb", "rc5-ofb", - "sm4-cbc", "sm4-ecb", "sm4-cfb", "sm4-ofb", "sm4-ctr" - ) { - my $str = " {FT_cipher, \"$cmd\", enc_main, enc_options, NULL},\n"; - (my $algo = $cmd) =~ s/-.*//g; - if ($cmd eq "zlib") { - print "#ifdef ZLIB\n${str}#endif\n"; - } elsif (grep { $algo eq $_ } @disablables) { - print "#ifndef OPENSSL_NO_" . uc($algo) . "\n${str}#endif\n"; - } elsif (my $disabler = $cipher_disabler{$algo}) { - print "#ifndef OPENSSL_NO_" . uc($disabler) . "\n${str}#endif\n"; - } else { - print $str; - } - } - - print " {0, NULL, NULL, NULL, NULL}\n};\n"; -} diff --git a/apps/rand.c b/apps/rand.c deleted file mode 100644 index cbf495d5bc5378278991a6993b61841b42f37a43..0000000000000000000000000000000000000000 --- a/apps/rand.c +++ /dev/null @@ -1,149 +0,0 @@ -/* - * Copyright 1998-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include "apps.h" -#include "progs.h" - -#include -#include -#include - -#include -#include -#include - -typedef enum OPTION_choice { - OPT_COMMON, - OPT_OUT, OPT_ENGINE, OPT_BASE64, OPT_HEX, - OPT_R_ENUM, OPT_PROV_ENUM -} OPTION_CHOICE; - -const OPTIONS rand_options[] = { - {OPT_HELP_STR, 1, '-', "Usage: %s [options] num\n"}, - - OPT_SECTION("General"), - {"help", OPT_HELP, '-', "Display this summary"}, -#ifndef OPENSSL_NO_ENGINE - {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, -#endif - - OPT_SECTION("Output"), - {"out", OPT_OUT, '>', "Output file"}, - {"base64", OPT_BASE64, '-', "Base64 encode output"}, - {"hex", OPT_HEX, '-', "Hex encode output"}, - - OPT_R_OPTIONS, - OPT_PROV_OPTIONS, - - OPT_PARAMETERS(), - {"num", 0, 0, "Number of bytes to generate"}, - {NULL} -}; - -int rand_main(int argc, char **argv) -{ - ENGINE *e = NULL; - BIO *out = NULL; - char *outfile = NULL, *prog; - OPTION_CHOICE o; - int format = FORMAT_BINARY, i, num = -1, r, ret = 1; - - prog = opt_init(argc, argv, rand_options); - while ((o = opt_next()) != OPT_EOF) { - switch (o) { - case OPT_EOF: - case OPT_ERR: - opthelp: - BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); - goto end; - case OPT_HELP: - opt_help(rand_options); - ret = 0; - goto end; - case OPT_OUT: - outfile = opt_arg(); - break; - case OPT_ENGINE: - e = setup_engine(opt_arg(), 0); - break; - case OPT_R_CASES: - if (!opt_rand(o)) - goto end; - break; - case OPT_BASE64: - format = FORMAT_BASE64; - break; - case OPT_HEX: - format = FORMAT_TEXT; - break; - case OPT_PROV_CASES: - if (!opt_provider(o)) - goto end; - break; - } - } - - /* Optional argument is number of bytes to generate. */ - argc = opt_num_rest(); - argv = opt_rest(); - if (argc == 1) { - if (!opt_int(argv[0], &num) || num <= 0) - goto opthelp; - } else if (argc != 0) { - goto opthelp; - } - - if (!app_RAND_load()) - goto end; - - out = bio_open_default(outfile, 'w', format); - if (out == NULL) - goto end; - - if (format == FORMAT_BASE64) { - BIO *b64 = BIO_new(BIO_f_base64()); - if (b64 == NULL) - goto end; - out = BIO_push(b64, out); - } - - while (num > 0) { - unsigned char buf[4096]; - int chunk; - - chunk = num; - if (chunk > (int)sizeof(buf)) - chunk = sizeof(buf); - r = RAND_bytes(buf, chunk); - if (r <= 0) - goto end; - if (format != FORMAT_TEXT) { - if (BIO_write(out, buf, chunk) != chunk) - goto end; - } else { - for (i = 0; i < chunk; i++) - if (BIO_printf(out, "%02x", buf[i]) != 2) - goto end; - } - num -= chunk; - } - if (format == FORMAT_TEXT) - BIO_puts(out, "\n"); - if (BIO_flush(out) <= 0) - goto end; - - ret = 0; - - end: - if (ret != 0) - ERR_print_errors(bio_err); - release_engine(e); - BIO_free_all(out); - return ret; -} diff --git a/apps/rehash.c b/apps/rehash.c deleted file mode 100644 index e4a4e14fd4971fa12c75749bc09cf992a6e54040..0000000000000000000000000000000000000000 --- a/apps/rehash.c +++ /dev/null @@ -1,573 +0,0 @@ -/* - * Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved. - * Copyright (c) 2013-2014 Timo Teräs - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include "apps.h" -#include "progs.h" - -#if defined(OPENSSL_SYS_UNIX) || defined(__APPLE__) || \ - (defined(__VMS) && defined(__DECC) && __CRTL_VER >= 80300000) -# include -# include -# include -# include -# include -# include -# include - -/* - * Make sure that the processing of symbol names is treated the same as when - * libcrypto is built. This is done automatically for public headers (see - * include/openssl/__DECC_INCLUDE_PROLOGUE.H and __DECC_INCLUDE_EPILOGUE.H), - * but not for internal headers. - */ -# ifdef __VMS -# pragma names save -# pragma names as_is,shortened -# endif - -# include "internal/o_dir.h" - -# ifdef __VMS -# pragma names restore -# endif - -# include -# include -# include - -# ifndef PATH_MAX -# define PATH_MAX 4096 -# endif -# ifndef NAME_MAX -# define NAME_MAX 255 -# endif -# define MAX_COLLISIONS 256 - -# if defined(OPENSSL_SYS_VXWORKS) -/* - * VxWorks has no symbolic links - */ - -# define lstat(path, buf) stat(path, buf) - -int symlink(const char *target, const char *linkpath) -{ - errno = ENOSYS; - return -1; -} - -ssize_t readlink(const char *pathname, char *buf, size_t bufsiz) -{ - errno = ENOSYS; - return -1; -} -# endif - -typedef struct hentry_st { - struct hentry_st *next; - char *filename; - unsigned short old_id; - unsigned char need_symlink; - unsigned char digest[EVP_MAX_MD_SIZE]; -} HENTRY; - -typedef struct bucket_st { - struct bucket_st *next; - HENTRY *first_entry, *last_entry; - unsigned int hash; - unsigned short type; - unsigned short num_needed; -} BUCKET; - -enum Type { - /* Keep in sync with |suffixes|, below. */ - TYPE_CERT=0, TYPE_CRL=1 -}; - -enum Hash { - HASH_OLD, HASH_NEW, HASH_BOTH -}; - - -static int evpmdsize; -static const EVP_MD *evpmd; -static int remove_links = 1; -static int verbose = 0; -static BUCKET *hash_table[257]; - -static const char *suffixes[] = { "", "r" }; -static const char *extensions[] = { "pem", "crt", "cer", "crl" }; - - -static void bit_set(unsigned char *set, unsigned int bit) -{ - set[bit >> 3] |= 1 << (bit & 0x7); -} - -static int bit_isset(unsigned char *set, unsigned int bit) -{ - return set[bit >> 3] & (1 << (bit & 0x7)); -} - - -/* - * Process an entry; return number of errors. - */ -static int add_entry(enum Type type, unsigned int hash, const char *filename, - const unsigned char *digest, int need_symlink, - unsigned short old_id) -{ - static BUCKET nilbucket; - static HENTRY nilhentry; - BUCKET *bp; - HENTRY *ep, *found = NULL; - unsigned int ndx = (type + hash) % OSSL_NELEM(hash_table); - - for (bp = hash_table[ndx]; bp; bp = bp->next) - if (bp->type == type && bp->hash == hash) - break; - if (bp == NULL) { - bp = app_malloc(sizeof(*bp), "hash bucket"); - *bp = nilbucket; - bp->next = hash_table[ndx]; - bp->type = type; - bp->hash = hash; - hash_table[ndx] = bp; - } - - for (ep = bp->first_entry; ep; ep = ep->next) { - if (digest && memcmp(digest, ep->digest, evpmdsize) == 0) { - BIO_printf(bio_err, - "%s: warning: skipping duplicate %s in %s\n", - opt_getprog(), - type == TYPE_CERT ? "certificate" : "CRL", filename); - return 0; - } - if (strcmp(filename, ep->filename) == 0) { - found = ep; - if (digest == NULL) - break; - } - } - ep = found; - if (ep == NULL) { - if (bp->num_needed >= MAX_COLLISIONS) { - BIO_printf(bio_err, - "%s: error: hash table overflow for %s\n", - opt_getprog(), filename); - return 1; - } - ep = app_malloc(sizeof(*ep), "collision bucket"); - *ep = nilhentry; - ep->old_id = ~0; - ep->filename = OPENSSL_strdup(filename); - if (ep->filename == NULL) { - OPENSSL_free(ep); - ep = NULL; - BIO_printf(bio_err, "out of memory\n"); - return 1; - } - if (bp->last_entry) - bp->last_entry->next = ep; - if (bp->first_entry == NULL) - bp->first_entry = ep; - bp->last_entry = ep; - } - - if (old_id < ep->old_id) - ep->old_id = old_id; - if (need_symlink && !ep->need_symlink) { - ep->need_symlink = 1; - bp->num_needed++; - memcpy(ep->digest, digest, evpmdsize); - } - return 0; -} - -/* - * Check if a symlink goes to the right spot; return 0 if okay. - * This can be -1 if bad filename, or an error count. - */ -static int handle_symlink(const char *filename, const char *fullpath) -{ - unsigned int hash = 0; - int i, type, id; - unsigned char ch; - char linktarget[PATH_MAX], *endptr; - ossl_ssize_t n; - - for (i = 0; i < 8; i++) { - ch = filename[i]; - if (!isxdigit(ch)) - return -1; - hash <<= 4; - hash += OPENSSL_hexchar2int(ch); - } - if (filename[i++] != '.') - return -1; - for (type = OSSL_NELEM(suffixes) - 1; type > 0; type--) { - const char *suffix = suffixes[type]; - if (OPENSSL_strncasecmp(suffix, &filename[i], strlen(suffix)) == 0) - break; - } - i += strlen(suffixes[type]); - - id = strtoul(&filename[i], &endptr, 10); - if (*endptr != '\0') - return -1; - - n = readlink(fullpath, linktarget, sizeof(linktarget)); - if (n < 0 || n >= (int)sizeof(linktarget)) - return -1; - linktarget[n] = 0; - - return add_entry(type, hash, linktarget, NULL, 0, id); -} - -/* - * process a file, return number of errors. - */ -static int do_file(const char *filename, const char *fullpath, enum Hash h) -{ - STACK_OF (X509_INFO) *inf = NULL; - X509_INFO *x; - const X509_NAME *name = NULL; - BIO *b; - const char *ext; - unsigned char digest[EVP_MAX_MD_SIZE]; - int type, errs = 0; - size_t i; - - /* Does it end with a recognized extension? */ - if ((ext = strrchr(filename, '.')) == NULL) - goto end; - for (i = 0; i < OSSL_NELEM(extensions); i++) { - if (OPENSSL_strcasecmp(extensions[i], ext + 1) == 0) - break; - } - if (i >= OSSL_NELEM(extensions)) - goto end; - - /* Does it have X.509 data in it? */ - if ((b = BIO_new_file(fullpath, "r")) == NULL) { - BIO_printf(bio_err, "%s: error: skipping %s, cannot open file\n", - opt_getprog(), filename); - errs++; - goto end; - } - inf = PEM_X509_INFO_read_bio(b, NULL, NULL, NULL); - BIO_free(b); - if (inf == NULL) - goto end; - - if (sk_X509_INFO_num(inf) != 1) { - BIO_printf(bio_err, - "%s: warning: skipping %s," - "it does not contain exactly one certificate or CRL\n", - opt_getprog(), filename); - /* This is not an error. */ - goto end; - } - x = sk_X509_INFO_value(inf, 0); - if (x->x509 != NULL) { - type = TYPE_CERT; - name = X509_get_subject_name(x->x509); - if (!X509_digest(x->x509, evpmd, digest, NULL)) { - BIO_printf(bio_err, "out of memory\n"); - ++errs; - goto end; - } - } else if (x->crl != NULL) { - type = TYPE_CRL; - name = X509_CRL_get_issuer(x->crl); - if (!X509_CRL_digest(x->crl, evpmd, digest, NULL)) { - BIO_printf(bio_err, "out of memory\n"); - ++errs; - goto end; - } - } else { - ++errs; - goto end; - } - if (name != NULL) { - if (h == HASH_NEW || h == HASH_BOTH) { - int ok; - unsigned long hash_value = - X509_NAME_hash_ex(name, - app_get0_libctx(), app_get0_propq(), &ok); - - if (ok) { - errs += add_entry(type, hash_value, filename, digest, 1, ~0); - } else { - BIO_printf(bio_err, "%s: error calculating SHA1 hash value\n", - opt_getprog()); - errs++; - } - } - if ((h == HASH_OLD) || (h == HASH_BOTH)) - errs += add_entry(type, X509_NAME_hash_old(name), - filename, digest, 1, ~0); - } - -end: - sk_X509_INFO_pop_free(inf, X509_INFO_free); - return errs; -} - -static void str_free(char *s) -{ - OPENSSL_free(s); -} - -static int ends_with_dirsep(const char *path) -{ - if (*path != '\0') - path += strlen(path) - 1; -# if defined __VMS - if (*path == ']' || *path == '>' || *path == ':') - return 1; -# elif defined _WIN32 - if (*path == '\\') - return 1; -# endif - return *path == '/'; -} - -/* - * Process a directory; return number of errors found. - */ -static int do_dir(const char *dirname, enum Hash h) -{ - BUCKET *bp, *nextbp; - HENTRY *ep, *nextep; - OPENSSL_DIR_CTX *d = NULL; - struct stat st; - unsigned char idmask[MAX_COLLISIONS / 8]; - int n, numfiles, nextid, buflen, errs = 0; - size_t i; - const char *pathsep; - const char *filename; - char *buf, *copy = NULL; - STACK_OF(OPENSSL_STRING) *files = NULL; - - if (app_access(dirname, W_OK) < 0) { - BIO_printf(bio_err, "Skipping %s, can't write\n", dirname); - return 1; - } - buflen = strlen(dirname); - pathsep = (buflen && !ends_with_dirsep(dirname)) ? "/": ""; - buflen += NAME_MAX + 1 + 1; - buf = app_malloc(buflen, "filename buffer"); - - if (verbose) - BIO_printf(bio_out, "Doing %s\n", dirname); - - if ((files = sk_OPENSSL_STRING_new_null()) == NULL) { - BIO_printf(bio_err, "Skipping %s, out of memory\n", dirname); - errs = 1; - goto err; - } - while ((filename = OPENSSL_DIR_read(&d, dirname)) != NULL) { - if ((copy = OPENSSL_strdup(filename)) == NULL - || sk_OPENSSL_STRING_push(files, copy) == 0) { - OPENSSL_free(copy); - BIO_puts(bio_err, "out of memory\n"); - errs = 1; - goto err; - } - } - OPENSSL_DIR_end(&d); - sk_OPENSSL_STRING_sort(files); - - numfiles = sk_OPENSSL_STRING_num(files); - for (n = 0; n < numfiles; ++n) { - filename = sk_OPENSSL_STRING_value(files, n); - if (BIO_snprintf(buf, buflen, "%s%s%s", - dirname, pathsep, filename) >= buflen) - continue; - if (lstat(buf, &st) < 0) - continue; - if (S_ISLNK(st.st_mode) && handle_symlink(filename, buf) == 0) - continue; - errs += do_file(filename, buf, h); - } - - for (i = 0; i < OSSL_NELEM(hash_table); i++) { - for (bp = hash_table[i]; bp; bp = nextbp) { - nextbp = bp->next; - nextid = 0; - memset(idmask, 0, (bp->num_needed + 7) / 8); - for (ep = bp->first_entry; ep; ep = ep->next) - if (ep->old_id < bp->num_needed) - bit_set(idmask, ep->old_id); - - for (ep = bp->first_entry; ep; ep = nextep) { - nextep = ep->next; - if (ep->old_id < bp->num_needed) { - /* Link exists, and is used as-is */ - BIO_snprintf(buf, buflen, "%08x.%s%d", bp->hash, - suffixes[bp->type], ep->old_id); - if (verbose) - BIO_printf(bio_out, "link %s -> %s\n", - ep->filename, buf); - } else if (ep->need_symlink) { - /* New link needed (it may replace something) */ - while (bit_isset(idmask, nextid)) - nextid++; - - BIO_snprintf(buf, buflen, "%s%s%n%08x.%s%d", - dirname, pathsep, &n, bp->hash, - suffixes[bp->type], nextid); - if (verbose) - BIO_printf(bio_out, "link %s -> %s\n", - ep->filename, &buf[n]); - if (unlink(buf) < 0 && errno != ENOENT) { - BIO_printf(bio_err, - "%s: Can't unlink %s, %s\n", - opt_getprog(), buf, strerror(errno)); - errs++; - } - if (symlink(ep->filename, buf) < 0) { - BIO_printf(bio_err, - "%s: Can't symlink %s, %s\n", - opt_getprog(), ep->filename, - strerror(errno)); - errs++; - } - bit_set(idmask, nextid); - } else if (remove_links) { - /* Link to be deleted */ - BIO_snprintf(buf, buflen, "%s%s%n%08x.%s%d", - dirname, pathsep, &n, bp->hash, - suffixes[bp->type], ep->old_id); - if (verbose) - BIO_printf(bio_out, "unlink %s\n", - &buf[n]); - if (unlink(buf) < 0 && errno != ENOENT) { - BIO_printf(bio_err, - "%s: Can't unlink %s, %s\n", - opt_getprog(), buf, strerror(errno)); - errs++; - } - } - OPENSSL_free(ep->filename); - OPENSSL_free(ep); - } - OPENSSL_free(bp); - } - hash_table[i] = NULL; - } - - err: - sk_OPENSSL_STRING_pop_free(files, str_free); - OPENSSL_free(buf); - return errs; -} - -typedef enum OPTION_choice { - OPT_COMMON, - OPT_COMPAT, OPT_OLD, OPT_N, OPT_VERBOSE, - OPT_PROV_ENUM -} OPTION_CHOICE; - -const OPTIONS rehash_options[] = { - {OPT_HELP_STR, 1, '-', "Usage: %s [options] [directory...]\n"}, - - OPT_SECTION("General"), - {"help", OPT_HELP, '-', "Display this summary"}, - {"h", OPT_HELP, '-', "Display this summary"}, - {"compat", OPT_COMPAT, '-', "Create both new- and old-style hash links"}, - {"old", OPT_OLD, '-', "Use old-style hash to generate links"}, - {"n", OPT_N, '-', "Do not remove existing links"}, - - OPT_SECTION("Output"), - {"v", OPT_VERBOSE, '-', "Verbose output"}, - - OPT_PROV_OPTIONS, - - OPT_PARAMETERS(), - {"directory", 0, 0, "One or more directories to process (optional)"}, - {NULL} -}; - - -int rehash_main(int argc, char **argv) -{ - const char *env, *prog; - char *e, *m; - int errs = 0; - OPTION_CHOICE o; - enum Hash h = HASH_NEW; - - prog = opt_init(argc, argv, rehash_options); - while ((o = opt_next()) != OPT_EOF) { - switch (o) { - case OPT_EOF: - case OPT_ERR: - BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); - goto end; - case OPT_HELP: - opt_help(rehash_options); - goto end; - case OPT_COMPAT: - h = HASH_BOTH; - break; - case OPT_OLD: - h = HASH_OLD; - break; - case OPT_N: - remove_links = 0; - break; - case OPT_VERBOSE: - verbose = 1; - break; - case OPT_PROV_CASES: - if (!opt_provider(o)) - goto end; - break; - } - } - - /* Optional arguments are directories to scan. */ - argc = opt_num_rest(); - argv = opt_rest(); - - evpmd = EVP_sha1(); - evpmdsize = EVP_MD_get_size(evpmd); - - if (*argv != NULL) { - while (*argv != NULL) - errs += do_dir(*argv++, h); - } else if ((env = getenv(X509_get_default_cert_dir_env())) != NULL) { - char lsc[2] = { LIST_SEPARATOR_CHAR, '\0' }; - m = OPENSSL_strdup(env); - for (e = strtok(m, lsc); e != NULL; e = strtok(NULL, lsc)) - errs += do_dir(e, h); - OPENSSL_free(m); - } else { - errs += do_dir(X509_get_default_cert_dir(), h); - } - - end: - return errs; -} - -#else -const OPTIONS rehash_options[] = { - {NULL} -}; - -int rehash_main(int argc, char **argv) -{ - BIO_printf(bio_err, "Not available; use c_rehash script\n"); - return 1; -} - -#endif /* defined(OPENSSL_SYS_UNIX) || defined(__APPLE__) */ diff --git a/apps/req.c b/apps/req.c deleted file mode 100644 index 23757044ab7f467824d0e32bc8095ea93852e606..0000000000000000000000000000000000000000 --- a/apps/req.c +++ /dev/null @@ -1,1682 +0,0 @@ -/* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include -#include -#include "apps.h" -#include "progs.h" -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#ifndef OPENSSL_NO_DSA -# include -#endif - -#define BITS "default_bits" -#define KEYFILE "default_keyfile" -#define PROMPT "prompt" -#define DISTINGUISHED_NAME "distinguished_name" -#define ATTRIBUTES "attributes" -#define V3_EXTENSIONS "x509_extensions" -#define REQ_EXTENSIONS "req_extensions" -#define STRING_MASK "string_mask" -#define UTF8_IN "utf8" - -#define DEFAULT_KEY_LENGTH 2048 -#define MIN_KEY_LENGTH 512 -#define DEFAULT_DAYS 30 /* default cert validity period in days */ -#define UNSET_DAYS -2 /* -1 may be used for testing expiration checks */ -#define EXT_COPY_UNSET -1 - -static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, X509_NAME *fsubj, - int mutlirdn, int attribs, unsigned long chtype); -static int prompt_info(X509_REQ *req, - STACK_OF(CONF_VALUE) *dn_sk, const char *dn_sect, - STACK_OF(CONF_VALUE) *attr_sk, const char *attr_sect, - int attribs, unsigned long chtype); -static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *sk, - STACK_OF(CONF_VALUE) *attr, int attribs, - unsigned long chtype); -static int add_attribute_object(X509_REQ *req, char *text, const char *def, - char *value, int nid, int n_min, int n_max, - unsigned long chtype); -static int add_DN_object(X509_NAME *n, char *text, const char *def, - char *value, int nid, int n_min, int n_max, - unsigned long chtype, int mval); -static int genpkey_cb(EVP_PKEY_CTX *ctx); -static int build_data(char *text, const char *def, char *value, - int n_min, int n_max, char *buf, const int buf_size, - const char *desc1, const char *desc2); -static int req_check_len(int len, int n_min, int n_max); -static int check_end(const char *str, const char *end); -static int join(char buf[], size_t buf_size, const char *name, - const char *tail, const char *desc); -static EVP_PKEY_CTX *set_keygen_ctx(const char *gstr, - char **pkeytype, long *pkeylen, - ENGINE *keygen_engine); - -static const char *section = "req"; -static CONF *req_conf = NULL; -static CONF *addext_conf = NULL; -static int batch = 0; - -typedef enum OPTION_choice { - OPT_COMMON, - OPT_INFORM, OPT_OUTFORM, OPT_ENGINE, OPT_KEYGEN_ENGINE, OPT_KEY, - OPT_PUBKEY, OPT_NEW, OPT_CONFIG, OPT_KEYFORM, OPT_IN, OPT_OUT, - OPT_KEYOUT, OPT_PASSIN, OPT_PASSOUT, OPT_NEWKEY, - OPT_PKEYOPT, OPT_SIGOPT, OPT_VFYOPT, OPT_BATCH, OPT_NEWHDR, OPT_MODULUS, - OPT_VERIFY, OPT_NOENC, OPT_NODES, OPT_NOOUT, OPT_VERBOSE, OPT_UTF8, - OPT_NAMEOPT, OPT_REQOPT, OPT_SUBJ, OPT_SUBJECT, OPT_TEXT, OPT_X509, - OPT_CA, OPT_CAKEY, - OPT_MULTIVALUE_RDN, OPT_DAYS, OPT_SET_SERIAL, - OPT_COPY_EXTENSIONS, OPT_ADDEXT, OPT_EXTENSIONS, - OPT_REQEXTS, OPT_PRECERT, OPT_MD, - OPT_SECTION, - OPT_R_ENUM, OPT_PROV_ENUM -} OPTION_CHOICE; - -const OPTIONS req_options[] = { - OPT_SECTION("General"), - {"help", OPT_HELP, '-', "Display this summary"}, -#ifndef OPENSSL_NO_ENGINE - {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, - {"keygen_engine", OPT_KEYGEN_ENGINE, 's', - "Specify engine to be used for key generation operations"}, -#endif - {"in", OPT_IN, '<', "X.509 request input file (default stdin)"}, - {"inform", OPT_INFORM, 'F', "Input format - DER or PEM"}, - {"verify", OPT_VERIFY, '-', "Verify self-signature on the request"}, - - OPT_SECTION("Certificate"), - {"new", OPT_NEW, '-', "New request"}, - {"config", OPT_CONFIG, '<', "Request template file"}, - {"section", OPT_SECTION, 's', "Config section to use (default \"req\")"}, - {"utf8", OPT_UTF8, '-', "Input characters are UTF8 (default ASCII)"}, - {"nameopt", OPT_NAMEOPT, 's', "Certificate subject/issuer name printing options"}, - {"reqopt", OPT_REQOPT, 's', "Various request text options"}, - {"text", OPT_TEXT, '-', "Text form of request"}, - {"x509", OPT_X509, '-', - "Output an X.509 certificate structure instead of a cert request"}, - {"CA", OPT_CA, '<', "Issuer cert to use for signing a cert, implies -x509"}, - {"CAkey", OPT_CAKEY, 's', - "Issuer private key to use with -CA; default is -CA arg"}, - {OPT_MORE_STR, 1, 1, "(Required by some CA's)"}, - {"subj", OPT_SUBJ, 's', "Set or modify subject of request or cert"}, - {"subject", OPT_SUBJECT, '-', - "Print the subject of the output request or cert"}, - {"multivalue-rdn", OPT_MULTIVALUE_RDN, '-', - "Deprecated; multi-valued RDNs support is always on."}, - {"days", OPT_DAYS, 'p', "Number of days cert is valid for"}, - {"set_serial", OPT_SET_SERIAL, 's', "Serial number to use"}, - {"copy_extensions", OPT_COPY_EXTENSIONS, 's', - "copy extensions from request when using -x509"}, - {"addext", OPT_ADDEXT, 's', - "Additional cert extension key=value pair (may be given more than once)"}, - {"extensions", OPT_EXTENSIONS, 's', - "Cert extension section (override value in config file)"}, - {"reqexts", OPT_REQEXTS, 's', - "Request extension section (override value in config file)"}, - {"precert", OPT_PRECERT, '-', - "Add a poison extension to the generated cert (implies -new)"}, - - OPT_SECTION("Keys and Signing"), - {"key", OPT_KEY, 's', "Key for signing, and to include unless -in given"}, - {"keyform", OPT_KEYFORM, 'f', "Key file format (ENGINE, other values ignored)"}, - {"pubkey", OPT_PUBKEY, '-', "Output public key"}, - {"keyout", OPT_KEYOUT, '>', "File to write private key to"}, - {"passin", OPT_PASSIN, 's', "Private key and certificate password source"}, - {"passout", OPT_PASSOUT, 's', "Output file pass phrase source"}, - {"newkey", OPT_NEWKEY, 's', - "Generate new key with [:] or [:] or param:"}, - {"pkeyopt", OPT_PKEYOPT, 's', "Public key options as opt:value"}, - {"sigopt", OPT_SIGOPT, 's', "Signature parameter in n:v form"}, - {"vfyopt", OPT_VFYOPT, 's', "Verification parameter in n:v form"}, - {"", OPT_MD, '-', "Any supported digest"}, - - OPT_SECTION("Output"), - {"out", OPT_OUT, '>', "Output file"}, - {"outform", OPT_OUTFORM, 'F', "Output format - DER or PEM"}, - {"batch", OPT_BATCH, '-', - "Do not ask anything during request generation"}, - {"verbose", OPT_VERBOSE, '-', "Verbose output"}, - {"noenc", OPT_NOENC, '-', "Don't encrypt private keys"}, - {"nodes", OPT_NODES, '-', "Don't encrypt private keys; deprecated"}, - {"noout", OPT_NOOUT, '-', "Do not output REQ"}, - {"newhdr", OPT_NEWHDR, '-', "Output \"NEW\" in the header lines"}, - {"modulus", OPT_MODULUS, '-', "RSA modulus"}, - - OPT_R_OPTIONS, - OPT_PROV_OPTIONS, - {NULL} -}; - -/* - * An LHASH of strings, where each string is an extension name. - */ -static unsigned long ext_name_hash(const OPENSSL_STRING *a) -{ - return OPENSSL_LH_strhash((const char *)a); -} - -static int ext_name_cmp(const OPENSSL_STRING *a, const OPENSSL_STRING *b) -{ - return strcmp((const char *)a, (const char *)b); -} - -static void exts_cleanup(OPENSSL_STRING *x) -{ - OPENSSL_free((char *)x); -} - -/* - * Is the |kv| key already duplicated? This is remarkably tricky to get right. - * Return 0 if unique, -1 on runtime error; 1 if found or a syntax error. - */ -static int duplicated(LHASH_OF(OPENSSL_STRING) *addexts, char *kv) -{ - char *p; - size_t off; - - /* Check syntax. */ - /* Skip leading whitespace, make a copy. */ - while (*kv && isspace(*kv)) - if (*++kv == '\0') - return 1; - if ((p = strchr(kv, '=')) == NULL) - return 1; - off = p - kv; - if ((kv = OPENSSL_strdup(kv)) == NULL) - return -1; - - /* Skip trailing space before the equal sign. */ - for (p = kv + off; p > kv; --p) - if (!isspace(p[-1])) - break; - if (p == kv) { - OPENSSL_free(kv); - return 1; - } - *p = '\0'; - - /* Finally have a clean "key"; see if it's there [by attempt to add it]. */ - p = (char *)lh_OPENSSL_STRING_insert(addexts, (OPENSSL_STRING *)kv); - if (p != NULL) { - OPENSSL_free(p); - return 1; - } else if (lh_OPENSSL_STRING_error(addexts)) { - OPENSSL_free(kv); - return -1; - } - - return 0; -} - -int req_main(int argc, char **argv) -{ - ASN1_INTEGER *serial = NULL; - BIO *out = NULL; - ENGINE *e = NULL, *gen_eng = NULL; - EVP_PKEY *pkey = NULL, *CAkey = NULL; - EVP_PKEY_CTX *genctx = NULL; - STACK_OF(OPENSSL_STRING) *pkeyopts = NULL, *sigopts = NULL, *vfyopts = NULL; - LHASH_OF(OPENSSL_STRING) *addexts = NULL; - X509 *new_x509 = NULL, *CAcert = NULL; - X509_REQ *req = NULL; - EVP_CIPHER *cipher = NULL; - EVP_MD *md = NULL; - int ext_copy = EXT_COPY_UNSET; - BIO *addext_bio = NULL; - char *extensions = NULL; - const char *infile = NULL, *CAfile = NULL, *CAkeyfile = NULL; - char *outfile = NULL, *keyfile = NULL, *digest = NULL; - char *keyalgstr = NULL, *p, *prog, *passargin = NULL, *passargout = NULL; - char *passin = NULL, *passout = NULL; - char *nofree_passin = NULL, *nofree_passout = NULL; - char *req_exts = NULL, *subj = NULL; - X509_NAME *fsubj = NULL; - char *template = default_config_file, *keyout = NULL; - const char *keyalg = NULL; - OPTION_CHOICE o; - int days = UNSET_DAYS; - int ret = 1, gen_x509 = 0, i = 0, newreq = 0, verbose = 0; - int informat = FORMAT_UNDEF, outformat = FORMAT_PEM, keyform = FORMAT_UNDEF; - int modulus = 0, multirdn = 1, verify = 0, noout = 0, text = 0; - int noenc = 0, newhdr = 0, subject = 0, pubkey = 0, precert = 0; - long newkey_len = -1; - unsigned long chtype = MBSTRING_ASC, reqflag = 0; - -#ifndef OPENSSL_NO_DES - cipher = (EVP_CIPHER *)EVP_des_ede3_cbc(); -#endif - - prog = opt_init(argc, argv, req_options); - while ((o = opt_next()) != OPT_EOF) { - switch (o) { - case OPT_EOF: - case OPT_ERR: - opthelp: - BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); - goto end; - case OPT_HELP: - opt_help(req_options); - ret = 0; - goto end; - case OPT_INFORM: - if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &informat)) - goto opthelp; - break; - case OPT_OUTFORM: - if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &outformat)) - goto opthelp; - break; - case OPT_ENGINE: - e = setup_engine(opt_arg(), 0); - break; - case OPT_KEYGEN_ENGINE: -#ifndef OPENSSL_NO_ENGINE - gen_eng = setup_engine(opt_arg(), 0); - if (gen_eng == NULL) { - BIO_printf(bio_err, "Can't find keygen engine %s\n", *argv); - goto opthelp; - } -#endif - break; - case OPT_KEY: - keyfile = opt_arg(); - break; - case OPT_PUBKEY: - pubkey = 1; - break; - case OPT_NEW: - newreq = 1; - break; - case OPT_CONFIG: - template = opt_arg(); - break; - case OPT_SECTION: - section = opt_arg(); - break; - case OPT_KEYFORM: - if (!opt_format(opt_arg(), OPT_FMT_ANY, &keyform)) - goto opthelp; - break; - case OPT_IN: - infile = opt_arg(); - break; - case OPT_OUT: - outfile = opt_arg(); - break; - case OPT_KEYOUT: - keyout = opt_arg(); - break; - case OPT_PASSIN: - passargin = opt_arg(); - break; - case OPT_PASSOUT: - passargout = opt_arg(); - break; - case OPT_R_CASES: - if (!opt_rand(o)) - goto end; - break; - case OPT_PROV_CASES: - if (!opt_provider(o)) - goto end; - break; - case OPT_NEWKEY: - keyalg = opt_arg(); - newreq = 1; - break; - case OPT_PKEYOPT: - if (pkeyopts == NULL) - pkeyopts = sk_OPENSSL_STRING_new_null(); - if (pkeyopts == NULL - || !sk_OPENSSL_STRING_push(pkeyopts, opt_arg())) - goto opthelp; - break; - case OPT_SIGOPT: - if (!sigopts) - sigopts = sk_OPENSSL_STRING_new_null(); - if (!sigopts || !sk_OPENSSL_STRING_push(sigopts, opt_arg())) - goto opthelp; - break; - case OPT_VFYOPT: - if (!vfyopts) - vfyopts = sk_OPENSSL_STRING_new_null(); - if (!vfyopts || !sk_OPENSSL_STRING_push(vfyopts, opt_arg())) - goto opthelp; - break; - case OPT_BATCH: - batch = 1; - break; - case OPT_NEWHDR: - newhdr = 1; - break; - case OPT_MODULUS: - modulus = 1; - break; - case OPT_VERIFY: - verify = 1; - break; - case OPT_NODES: - case OPT_NOENC: - noenc = 1; - break; - case OPT_NOOUT: - noout = 1; - break; - case OPT_VERBOSE: - verbose = 1; - break; - case OPT_UTF8: - chtype = MBSTRING_UTF8; - break; - case OPT_NAMEOPT: - if (!set_nameopt(opt_arg())) - goto opthelp; - break; - case OPT_REQOPT: - if (!set_cert_ex(&reqflag, opt_arg())) - goto opthelp; - break; - case OPT_TEXT: - text = 1; - break; - case OPT_X509: - gen_x509 = 1; - break; - case OPT_CA: - CAfile = opt_arg(); - gen_x509 = 1; - break; - case OPT_CAKEY: - CAkeyfile = opt_arg(); - break; - case OPT_DAYS: - days = atoi(opt_arg()); - if (days < -1) { - BIO_printf(bio_err, "%s: -days parameter arg must be >= -1\n", - prog); - goto end; - } - break; - case OPT_SET_SERIAL: - if (serial != NULL) { - BIO_printf(bio_err, "Serial number supplied twice\n"); - goto opthelp; - } - serial = s2i_ASN1_INTEGER(NULL, opt_arg()); - if (serial == NULL) - goto opthelp; - break; - case OPT_SUBJECT: - subject = 1; - break; - case OPT_SUBJ: - subj = opt_arg(); - break; - case OPT_MULTIVALUE_RDN: - /* obsolete */ - break; - case OPT_COPY_EXTENSIONS: - if (!set_ext_copy(&ext_copy, opt_arg())) { - BIO_printf(bio_err, "Invalid extension copy option: \"%s\"\n", - opt_arg()); - goto end; - } - break; - case OPT_ADDEXT: - p = opt_arg(); - if (addexts == NULL) { - addexts = lh_OPENSSL_STRING_new(ext_name_hash, ext_name_cmp); - addext_bio = BIO_new(BIO_s_mem()); - if (addexts == NULL || addext_bio == NULL) - goto end; - } - i = duplicated(addexts, p); - if (i == 1) { - BIO_printf(bio_err, "Duplicate extension: %s\n", p); - goto opthelp; - } - if (i < 0 || BIO_printf(addext_bio, "%s\n", p) < 0) - goto end; - break; - case OPT_EXTENSIONS: - extensions = opt_arg(); - break; - case OPT_REQEXTS: - req_exts = opt_arg(); - break; - case OPT_PRECERT: - newreq = precert = 1; - break; - case OPT_MD: - digest = opt_unknown(); - break; - } - } - - /* No extra arguments. */ - argc = opt_num_rest(); - if (argc != 0) - goto opthelp; - - if (!app_RAND_load()) - goto end; - - if (!gen_x509) { - if (days != UNSET_DAYS) - BIO_printf(bio_err, "Ignoring -days without -x509; not generating a certificate\n"); - if (ext_copy == EXT_COPY_NONE) - BIO_printf(bio_err, "Ignoring -copy_extensions 'none' when -x509 is not given\n"); - } - if (gen_x509 && infile == NULL) - newreq = 1; - - if (!app_passwd(passargin, passargout, &passin, &passout)) { - BIO_printf(bio_err, "Error getting passwords\n"); - goto end; - } - - if ((req_conf = app_load_config_verbose(template, verbose)) == NULL) - goto end; - if (addext_bio != NULL) { - if (verbose) - BIO_printf(bio_err, - "Using additional configuration from -addext options\n"); - if ((addext_conf = app_load_config_bio(addext_bio, NULL)) == NULL) - goto end; - } - if (template != default_config_file && !app_load_modules(req_conf)) - goto end; - - if (req_conf != NULL) { - p = NCONF_get_string(req_conf, NULL, "oid_file"); - if (p == NULL) - ERR_clear_error(); - if (p != NULL) { - BIO *oid_bio = BIO_new_file(p, "r"); - - if (oid_bio == NULL) { - if (verbose) - BIO_printf(bio_err, - "Problems opening '%s' for extra OIDs\n", p); - } else { - OBJ_create_objects(oid_bio); - BIO_free(oid_bio); - } - } - } - if (!add_oid_section(req_conf)) - goto end; - - /* Check that any specified digest is fetchable */ - if (digest != NULL) { - if (!opt_md(digest, &md)) { - ERR_clear_error(); - goto opthelp; - } - EVP_MD_free(md); - } else { - /* No digest specified, default to configuration */ - p = NCONF_get_string(req_conf, section, "default_md"); - if (p == NULL) - ERR_clear_error(); - else - digest = p; - } - - if (extensions == NULL) { - extensions = NCONF_get_string(req_conf, section, V3_EXTENSIONS); - if (extensions == NULL) - ERR_clear_error(); - } - if (extensions != NULL) { - /* Check syntax of file */ - X509V3_CTX ctx; - - X509V3_set_ctx_test(&ctx); - X509V3_set_nconf(&ctx, req_conf); - if (!X509V3_EXT_add_nconf(req_conf, &ctx, extensions, NULL)) { - BIO_printf(bio_err, - "Error checking x509 extension section %s\n", - extensions); - goto end; - } - } - if (addext_conf != NULL) { - /* Check syntax of command line extensions */ - X509V3_CTX ctx; - - X509V3_set_ctx_test(&ctx); - X509V3_set_nconf(&ctx, addext_conf); - if (!X509V3_EXT_add_nconf(addext_conf, &ctx, "default", NULL)) { - BIO_printf(bio_err, "Error checking extensions defined using -addext\n"); - goto end; - } - } - - if (passin == NULL) { - passin = nofree_passin = - NCONF_get_string(req_conf, section, "input_password"); - if (passin == NULL) - ERR_clear_error(); - } - - if (passout == NULL) { - passout = nofree_passout = - NCONF_get_string(req_conf, section, "output_password"); - if (passout == NULL) - ERR_clear_error(); - } - - p = NCONF_get_string(req_conf, section, STRING_MASK); - if (p == NULL) - ERR_clear_error(); - - if (p != NULL && !ASN1_STRING_set_default_mask_asc(p)) { - BIO_printf(bio_err, "Invalid global string mask setting %s\n", p); - goto end; - } - - if (chtype != MBSTRING_UTF8) { - p = NCONF_get_string(req_conf, section, UTF8_IN); - if (p == NULL) - ERR_clear_error(); - else if (strcmp(p, "yes") == 0) - chtype = MBSTRING_UTF8; - } - - if (req_exts == NULL) { - req_exts = NCONF_get_string(req_conf, section, REQ_EXTENSIONS); - if (req_exts == NULL) - ERR_clear_error(); - } - if (req_exts != NULL) { - /* Check syntax of file */ - X509V3_CTX ctx; - - X509V3_set_ctx_test(&ctx); - X509V3_set_nconf(&ctx, req_conf); - if (!X509V3_EXT_add_nconf(req_conf, &ctx, req_exts, NULL)) { - BIO_printf(bio_err, - "Error checking request extension section %s\n", - req_exts); - goto end; - } - } - - if (keyfile != NULL) { - pkey = load_key(keyfile, keyform, 0, passin, e, "private key"); - if (pkey == NULL) - goto end; - app_RAND_load_conf(req_conf, section); - } - if (newreq && pkey == NULL) { - app_RAND_load_conf(req_conf, section); - - if (!NCONF_get_number(req_conf, section, BITS, &newkey_len)) - newkey_len = DEFAULT_KEY_LENGTH; - - genctx = set_keygen_ctx(keyalg, &keyalgstr, &newkey_len, gen_eng); - if (genctx == NULL) - goto end; - - if (newkey_len < MIN_KEY_LENGTH - && (EVP_PKEY_CTX_is_a(genctx, "RSA") - || EVP_PKEY_CTX_is_a(genctx, "RSA-PSS") - || EVP_PKEY_CTX_is_a(genctx, "DSA"))) { - BIO_printf(bio_err, "Private key length too short, needs to be at least %d bits, not %ld.\n", - MIN_KEY_LENGTH, newkey_len); - goto end; - } - - if (newkey_len > OPENSSL_RSA_MAX_MODULUS_BITS - && (EVP_PKEY_CTX_is_a(genctx, "RSA") - || EVP_PKEY_CTX_is_a(genctx, "RSA-PSS"))) - BIO_printf(bio_err, - "Warning: It is not recommended to use more than %d bit for RSA keys.\n" - " Your key size is %ld! Larger key size may behave not as expected.\n", - OPENSSL_RSA_MAX_MODULUS_BITS, newkey_len); - -#ifndef OPENSSL_NO_DSA - if (EVP_PKEY_CTX_is_a(genctx, "DSA") - && newkey_len > OPENSSL_DSA_MAX_MODULUS_BITS) - BIO_printf(bio_err, - "Warning: It is not recommended to use more than %d bit for DSA keys.\n" - " Your key size is %ld! Larger key size may behave not as expected.\n", - OPENSSL_DSA_MAX_MODULUS_BITS, newkey_len); -#endif - - if (pkeyopts != NULL) { - char *genopt; - for (i = 0; i < sk_OPENSSL_STRING_num(pkeyopts); i++) { - genopt = sk_OPENSSL_STRING_value(pkeyopts, i); - if (pkey_ctrl_string(genctx, genopt) <= 0) { - BIO_printf(bio_err, "Key parameter error \"%s\"\n", genopt); - goto end; - } - } - } - - EVP_PKEY_CTX_set_cb(genctx, genpkey_cb); - EVP_PKEY_CTX_set_app_data(genctx, bio_err); - - pkey = app_keygen(genctx, keyalgstr, newkey_len, verbose); - - EVP_PKEY_CTX_free(genctx); - genctx = NULL; - } - if (keyout == NULL && keyfile == NULL) { - keyout = NCONF_get_string(req_conf, section, KEYFILE); - if (keyout == NULL) - ERR_clear_error(); - } - - if (pkey != NULL && (keyfile == NULL || keyout != NULL)) { - if (verbose) { - BIO_printf(bio_err, "Writing private key to "); - if (keyout == NULL) - BIO_printf(bio_err, "stdout\n"); - else - BIO_printf(bio_err, "'%s'\n", keyout); - } - out = bio_open_owner(keyout, outformat, newreq); - if (out == NULL) - goto end; - - p = NCONF_get_string(req_conf, section, "encrypt_rsa_key"); - if (p == NULL) { - ERR_clear_error(); - p = NCONF_get_string(req_conf, section, "encrypt_key"); - if (p == NULL) - ERR_clear_error(); - } - if ((p != NULL) && (strcmp(p, "no") == 0)) - cipher = NULL; - if (noenc) - cipher = NULL; - - i = 0; - loop: - if (!PEM_write_bio_PrivateKey(out, pkey, cipher, - NULL, 0, NULL, passout)) { - if ((ERR_GET_REASON(ERR_peek_error()) == - PEM_R_PROBLEMS_GETTING_PASSWORD) && (i < 3)) { - ERR_clear_error(); - i++; - goto loop; - } - goto end; - } - BIO_free(out); - out = NULL; - BIO_printf(bio_err, "-----\n"); - } - - /* - * subj is expected to be in the format /type0=value0/type1=value1/type2=... - * where characters may be escaped by \ - */ - if (subj != NULL - && (fsubj = parse_name(subj, chtype, multirdn, "subject")) == NULL) - goto end; - - if (!newreq) { - req = load_csr(infile /* if NULL, reads from stdin */, - informat, "X509 request"); - if (req == NULL) - goto end; - } - - if (CAkeyfile == NULL) - CAkeyfile = CAfile; - if (CAkeyfile != NULL) { - if (CAfile == NULL) { - BIO_printf(bio_err, - "Warning: Ignoring -CAkey option since no -CA option is given\n"); - } else { - if ((CAkey = load_key(CAkeyfile, FORMAT_UNDEF, - 0, passin, e, - CAkeyfile != CAfile - ? "issuer private key from -CAkey arg" - : "issuer private key from -CA arg")) == NULL) - goto end; - } - } - if (CAfile != NULL) { - if ((CAcert = load_cert_pass(CAfile, FORMAT_UNDEF, 1, passin, - "issuer cert from -CA arg")) == NULL) - goto end; - if (!X509_check_private_key(CAcert, CAkey)) { - BIO_printf(bio_err, - "Issuer CA certificate and key do not match\n"); - goto end; - } - } - if (newreq || gen_x509) { - if (CAcert == NULL && pkey == NULL) { - BIO_printf(bio_err, "Must provide a signature key using -key or" - " provide -CA / -CAkey\n"); - goto end; - } - - if (req == NULL) { - req = X509_REQ_new_ex(app_get0_libctx(), app_get0_propq()); - if (req == NULL) { - goto end; - } - - if (!make_REQ(req, pkey, fsubj, multirdn, !gen_x509, chtype)){ - BIO_printf(bio_err, "Error making certificate request\n"); - goto end; - } - /* Note that -x509 can take over -key and -subj option values. */ - } - if (gen_x509) { - EVP_PKEY *pub_key = X509_REQ_get0_pubkey(req); - EVP_PKEY *issuer_key = CAcert != NULL ? CAkey : pkey; - X509V3_CTX ext_ctx; - X509_NAME *issuer = CAcert != NULL ? X509_get_subject_name(CAcert) : - X509_REQ_get_subject_name(req); - X509_NAME *n_subj = fsubj != NULL ? fsubj : - X509_REQ_get_subject_name(req); - - if ((new_x509 = X509_new_ex(app_get0_libctx(), - app_get0_propq())) == NULL) - goto end; - - if (serial != NULL) { - if (!X509_set_serialNumber(new_x509, serial)) - goto end; - } else { - if (!rand_serial(NULL, X509_get_serialNumber(new_x509))) - goto end; - } - - if (!X509_set_issuer_name(new_x509, issuer)) - goto end; - if (days == UNSET_DAYS) { - days = DEFAULT_DAYS; - } - if (!set_cert_times(new_x509, NULL, NULL, days)) - goto end; - if (!X509_set_subject_name(new_x509, n_subj)) - goto end; - if (!pub_key || !X509_set_pubkey(new_x509, pub_key)) - goto end; - if (ext_copy == EXT_COPY_UNSET) { - if (infile != NULL) - BIO_printf(bio_err, "Warning: No -copy_extensions given; ignoring any extensions in the request\n"); - } else if (!copy_extensions(new_x509, req, ext_copy)) { - BIO_printf(bio_err, "Error copying extensions from request\n"); - goto end; - } - - /* Set up V3 context struct */ - X509V3_set_ctx(&ext_ctx, CAcert != NULL ? CAcert : new_x509, - new_x509, NULL, NULL, X509V3_CTX_REPLACE); - /* prepare fallback for AKID, but only if issuer cert == new_x509 */ - if (CAcert == NULL) { - if (!X509V3_set_issuer_pkey(&ext_ctx, issuer_key)) - goto end; - ERR_set_mark(); - if (!X509_check_private_key(new_x509, issuer_key)) - BIO_printf(bio_err, - "Warning: Signature key and public key of cert do not match\n"); - ERR_pop_to_mark(); - } - X509V3_set_nconf(&ext_ctx, req_conf); - - /* Add extensions */ - if (extensions != NULL - && !X509V3_EXT_add_nconf(req_conf, &ext_ctx, extensions, - new_x509)) { - BIO_printf(bio_err, "Error adding x509 extensions from section %s\n", - extensions); - goto end; - } - if (addext_conf != NULL - && !X509V3_EXT_add_nconf(addext_conf, &ext_ctx, "default", - new_x509)) { - BIO_printf(bio_err, "Error adding extensions defined via -addext\n"); - goto end; - } - - /* If a pre-cert was requested, we need to add a poison extension */ - if (precert) { - if (X509_add1_ext_i2d(new_x509, NID_ct_precert_poison, - NULL, 1, 0) != 1) { - BIO_printf(bio_err, "Error adding poison extension\n"); - goto end; - } - } - - i = do_X509_sign(new_x509, issuer_key, digest, sigopts, &ext_ctx); - if (!i) - goto end; - } else { - X509V3_CTX ext_ctx; - - /* Set up V3 context struct */ - X509V3_set_ctx(&ext_ctx, NULL, NULL, req, NULL, 0); - X509V3_set_nconf(&ext_ctx, req_conf); - - /* Add extensions */ - if (req_exts != NULL - && !X509V3_EXT_REQ_add_nconf(req_conf, &ext_ctx, - req_exts, req)) { - BIO_printf(bio_err, "Error adding request extensions from section %s\n", - req_exts); - goto end; - } - if (addext_conf != NULL - && !X509V3_EXT_REQ_add_nconf(addext_conf, &ext_ctx, "default", - req)) { - BIO_printf(bio_err, "Error adding extensions defined via -addext\n"); - goto end; - } - i = do_X509_REQ_sign(req, pkey, digest, sigopts); - if (!i) - goto end; - } - } - - if (subj != NULL && !newreq && !gen_x509) { - if (verbose) { - BIO_printf(out, "Modifying subject of certificate request\n"); - print_name(out, "Old subject=", X509_REQ_get_subject_name(req)); - } - - if (!X509_REQ_set_subject_name(req, fsubj)) { - BIO_printf(bio_err, "Error modifying subject of certificate request\n"); - goto end; - } - - if (verbose) { - print_name(out, "New subject=", X509_REQ_get_subject_name(req)); - } - } - - if (verify) { - EVP_PKEY *tpubkey = pkey; - - if (tpubkey == NULL) { - tpubkey = X509_REQ_get0_pubkey(req); - if (tpubkey == NULL) - goto end; - } - - i = do_X509_REQ_verify(req, tpubkey, vfyopts); - - if (i < 0) - goto end; - if (i == 0) - BIO_printf(bio_err, "Certificate request self-signature verify failure\n"); - else /* i > 0 */ - BIO_printf(bio_err, "Certificate request self-signature verify OK\n"); - } - - if (noout && !text && !modulus && !subject && !pubkey) { - ret = 0; - goto end; - } - - out = bio_open_default(outfile, - keyout != NULL && outfile != NULL && - strcmp(keyout, outfile) == 0 ? 'a' : 'w', - outformat); - if (out == NULL) - goto end; - - if (pubkey) { - EVP_PKEY *tpubkey = X509_REQ_get0_pubkey(req); - - if (tpubkey == NULL) { - BIO_printf(bio_err, "Error getting public key\n"); - goto end; - } - PEM_write_bio_PUBKEY(out, tpubkey); - } - - if (text) { - if (gen_x509) - ret = X509_print_ex(out, new_x509, get_nameopt(), reqflag); - else - ret = X509_REQ_print_ex(out, req, get_nameopt(), reqflag); - - if (ret == 0) { - if (gen_x509) - BIO_printf(bio_err, "Error printing certificate\n"); - else - BIO_printf(bio_err, "Error printing certificate request\n"); - goto end; - } - } - - if (subject) { - print_name(out, "subject=", gen_x509 - ? X509_get_subject_name(new_x509) - : X509_REQ_get_subject_name(req)); - } - - if (modulus) { - EVP_PKEY *tpubkey; - - if (gen_x509) - tpubkey = X509_get0_pubkey(new_x509); - else - tpubkey = X509_REQ_get0_pubkey(req); - if (tpubkey == NULL) { - fprintf(stdout, "Modulus is unavailable\n"); - goto end; - } - fprintf(stdout, "Modulus="); - if (EVP_PKEY_is_a(tpubkey, "RSA") || EVP_PKEY_is_a(tpubkey, "RSA-PSS")) { - BIGNUM *n = NULL; - - if (!EVP_PKEY_get_bn_param(tpubkey, "n", &n)) - goto end; - BN_print(out, n); - BN_free(n); - } else { - fprintf(stdout, "Wrong Algorithm type"); - } - fprintf(stdout, "\n"); - } - - if (!noout && !gen_x509) { - if (outformat == FORMAT_ASN1) - i = i2d_X509_REQ_bio(out, req); - else if (newhdr) - i = PEM_write_bio_X509_REQ_NEW(out, req); - else - i = PEM_write_bio_X509_REQ(out, req); - if (!i) { - BIO_printf(bio_err, "Unable to write certificate request\n"); - goto end; - } - } - if (!noout && gen_x509 && new_x509 != NULL) { - if (outformat == FORMAT_ASN1) - i = i2d_X509_bio(out, new_x509); - else - i = PEM_write_bio_X509(out, new_x509); - if (!i) { - BIO_printf(bio_err, "Unable to write X509 certificate\n"); - goto end; - } - } - ret = 0; - end: - if (ret) { - ERR_print_errors(bio_err); - } - NCONF_free(req_conf); - NCONF_free(addext_conf); - BIO_free(addext_bio); - BIO_free_all(out); - EVP_PKEY_free(pkey); - EVP_PKEY_CTX_free(genctx); - sk_OPENSSL_STRING_free(pkeyopts); - sk_OPENSSL_STRING_free(sigopts); - sk_OPENSSL_STRING_free(vfyopts); - lh_OPENSSL_STRING_doall(addexts, exts_cleanup); - lh_OPENSSL_STRING_free(addexts); -#ifndef OPENSSL_NO_ENGINE - release_engine(gen_eng); -#endif - OPENSSL_free(keyalgstr); - X509_REQ_free(req); - X509_NAME_free(fsubj); - X509_free(new_x509); - X509_free(CAcert); - EVP_PKEY_free(CAkey); - ASN1_INTEGER_free(serial); - release_engine(e); - if (passin != nofree_passin) - OPENSSL_free(passin); - if (passout != nofree_passout) - OPENSSL_free(passout); - return ret; -} - -static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, X509_NAME *fsubj, - int multirdn, int attribs, unsigned long chtype) -{ - int ret = 0, i; - char no_prompt = 0; - STACK_OF(CONF_VALUE) *dn_sk = NULL, *attr_sk = NULL; - char *tmp, *dn_sect, *attr_sect; - - tmp = NCONF_get_string(req_conf, section, PROMPT); - if (tmp == NULL) - ERR_clear_error(); - if ((tmp != NULL) && strcmp(tmp, "no") == 0) - no_prompt = 1; - - dn_sect = NCONF_get_string(req_conf, section, DISTINGUISHED_NAME); - if (dn_sect == NULL) { - ERR_clear_error(); - } else { - dn_sk = NCONF_get_section(req_conf, dn_sect); - if (dn_sk == NULL) { - BIO_printf(bio_err, "Unable to get '%s' section\n", dn_sect); - goto err; - } - } - - attr_sect = NCONF_get_string(req_conf, section, ATTRIBUTES); - if (attr_sect == NULL) { - ERR_clear_error(); - } else { - attr_sk = NCONF_get_section(req_conf, attr_sect); - if (attr_sk == NULL) { - BIO_printf(bio_err, "Unable to get '%s' section\n", attr_sect); - goto err; - } - } - - /* so far there is only version 1 */ - if (!X509_REQ_set_version(req, X509_REQ_VERSION_1)) - goto err; - - if (fsubj != NULL) - i = X509_REQ_set_subject_name(req, fsubj); - else if (no_prompt) - i = auto_info(req, dn_sk, attr_sk, attribs, chtype); - else - i = prompt_info(req, dn_sk, dn_sect, attr_sk, attr_sect, attribs, - chtype); - if (!i) - goto err; - - if (!X509_REQ_set_pubkey(req, pkey)) - goto err; - - ret = 1; - err: - return ret; -} - -static int prompt_info(X509_REQ *req, - STACK_OF(CONF_VALUE) *dn_sk, const char *dn_sect, - STACK_OF(CONF_VALUE) *attr_sk, const char *attr_sect, - int attribs, unsigned long chtype) -{ - int i; - char *p, *q; - char buf[100]; - int nid, mval; - long n_min, n_max; - char *type, *value; - const char *def; - CONF_VALUE *v; - X509_NAME *subj = X509_REQ_get_subject_name(req); - - if (!batch) { - BIO_printf(bio_err, - "You are about to be asked to enter information that will be incorporated\n"); - BIO_printf(bio_err, "into your certificate request.\n"); - BIO_printf(bio_err, - "What you are about to enter is what is called a Distinguished Name or a DN.\n"); - BIO_printf(bio_err, - "There are quite a few fields but you can leave some blank\n"); - BIO_printf(bio_err, - "For some fields there will be a default value,\n"); - BIO_printf(bio_err, - "If you enter '.', the field will be left blank.\n"); - BIO_printf(bio_err, "-----\n"); - } - - if (sk_CONF_VALUE_num(dn_sk)) { - i = -1; - start: - for (;;) { - i++; - if (sk_CONF_VALUE_num(dn_sk) <= i) - break; - - v = sk_CONF_VALUE_value(dn_sk, i); - p = q = NULL; - type = v->name; - if (!check_end(type, "_min") || !check_end(type, "_max") || - !check_end(type, "_default") || !check_end(type, "_value")) - continue; - /* - * Skip past any leading X. X: X, etc to allow for multiple - * instances - */ - for (p = v->name; *p; p++) - if ((*p == ':') || (*p == ',') || (*p == '.')) { - p++; - if (*p) - type = p; - break; - } - if (*type == '+') { - mval = -1; - type++; - } else { - mval = 0; - } - /* If OBJ not recognised ignore it */ - if ((nid = OBJ_txt2nid(type)) == NID_undef) - goto start; - if (!join(buf, sizeof(buf), v->name, "_default", "Name")) - return 0; - if ((def = NCONF_get_string(req_conf, dn_sect, buf)) == NULL) { - ERR_clear_error(); - def = ""; - } - - if (!join(buf, sizeof(buf), v->name, "_value", "Name")) - return 0; - if ((value = NCONF_get_string(req_conf, dn_sect, buf)) == NULL) { - ERR_clear_error(); - value = NULL; - } - - if (!join(buf, sizeof(buf), v->name, "_min", "Name")) - return 0; - if (!NCONF_get_number(req_conf, dn_sect, buf, &n_min)) { - ERR_clear_error(); - n_min = -1; - } - - if (!join(buf, sizeof(buf), v->name, "_max", "Name")) - return 0; - if (!NCONF_get_number(req_conf, dn_sect, buf, &n_max)) { - ERR_clear_error(); - n_max = -1; - } - - if (!add_DN_object(subj, v->value, def, value, nid, - n_min, n_max, chtype, mval)) - return 0; - } - if (X509_NAME_entry_count(subj) == 0) { - BIO_printf(bio_err, "Error: No objects specified in config file\n"); - return 0; - } - - if (attribs) { - if ((attr_sk != NULL) && (sk_CONF_VALUE_num(attr_sk) > 0) - && (!batch)) { - BIO_printf(bio_err, - "\nPlease enter the following 'extra' attributes\n"); - BIO_printf(bio_err, - "to be sent with your certificate request\n"); - } - - i = -1; - start2: - for (;;) { - i++; - if ((attr_sk == NULL) || (sk_CONF_VALUE_num(attr_sk) <= i)) - break; - - v = sk_CONF_VALUE_value(attr_sk, i); - type = v->name; - if ((nid = OBJ_txt2nid(type)) == NID_undef) - goto start2; - - if (!join(buf, sizeof(buf), type, "_default", "Name")) - return 0; - if ((def = NCONF_get_string(req_conf, attr_sect, buf)) - == NULL) { - ERR_clear_error(); - def = ""; - } - - if (!join(buf, sizeof(buf), type, "_value", "Name")) - return 0; - if ((value = NCONF_get_string(req_conf, attr_sect, buf)) - == NULL) { - ERR_clear_error(); - value = NULL; - } - - if (!join(buf, sizeof(buf), type, "_min", "Name")) - return 0; - if (!NCONF_get_number(req_conf, attr_sect, buf, &n_min)) { - ERR_clear_error(); - n_min = -1; - } - - if (!join(buf, sizeof(buf), type, "_max", "Name")) - return 0; - if (!NCONF_get_number(req_conf, attr_sect, buf, &n_max)) { - ERR_clear_error(); - n_max = -1; - } - - if (!add_attribute_object(req, - v->value, def, value, nid, n_min, - n_max, chtype)) - return 0; - } - } - } else { - BIO_printf(bio_err, "No template, please set one up.\n"); - return 0; - } - - return 1; - -} - -static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *dn_sk, - STACK_OF(CONF_VALUE) *attr_sk, int attribs, - unsigned long chtype) -{ - int i, spec_char, plus_char; - char *p, *q; - char *type; - CONF_VALUE *v; - X509_NAME *subj; - - subj = X509_REQ_get_subject_name(req); - - for (i = 0; i < sk_CONF_VALUE_num(dn_sk); i++) { - int mval; - v = sk_CONF_VALUE_value(dn_sk, i); - p = q = NULL; - type = v->name; - /* - * Skip past any leading X. X: X, etc to allow for multiple instances - */ - for (p = v->name; *p; p++) { -#ifndef CHARSET_EBCDIC - spec_char = (*p == ':' || *p == ',' || *p == '.'); -#else - spec_char = (*p == os_toascii[':'] || *p == os_toascii[','] - || *p == os_toascii['.']); -#endif - if (spec_char) { - p++; - if (*p) - type = p; - break; - } - } -#ifndef CHARSET_EBCDIC - plus_char = (*type == '+'); -#else - plus_char = (*type == os_toascii['+']); -#endif - if (plus_char) { - type++; - mval = -1; - } else { - mval = 0; - } - if (!X509_NAME_add_entry_by_txt(subj, type, chtype, - (unsigned char *)v->value, -1, -1, - mval)) - return 0; - - } - - if (!X509_NAME_entry_count(subj)) { - BIO_printf(bio_err, "Error: No objects specified in config file\n"); - return 0; - } - if (attribs) { - for (i = 0; i < sk_CONF_VALUE_num(attr_sk); i++) { - v = sk_CONF_VALUE_value(attr_sk, i); - if (!X509_REQ_add1_attr_by_txt(req, v->name, chtype, - (unsigned char *)v->value, -1)) - return 0; - } - } - return 1; -} - -static int add_DN_object(X509_NAME *n, char *text, const char *def, - char *value, int nid, int n_min, int n_max, - unsigned long chtype, int mval) -{ - int ret = 0; - char buf[1024]; - - ret = build_data(text, def, value, n_min, n_max, buf, sizeof(buf), - "DN value", "DN default"); - if ((ret == 0) || (ret == 1)) - return ret; - ret = 1; - - if (!X509_NAME_add_entry_by_NID(n, nid, chtype, - (unsigned char *)buf, -1, -1, mval)) - ret = 0; - - return ret; -} - -static int add_attribute_object(X509_REQ *req, char *text, const char *def, - char *value, int nid, int n_min, - int n_max, unsigned long chtype) -{ - int ret = 0; - char buf[1024]; - - ret = build_data(text, def, value, n_min, n_max, buf, sizeof(buf), - "Attribute value", "Attribute default"); - if ((ret == 0) || (ret == 1)) - return ret; - ret = 1; - - if (!X509_REQ_add1_attr_by_NID(req, nid, chtype, - (unsigned char *)buf, -1)) { - BIO_printf(bio_err, "Error adding attribute\n"); - ret = 0; - } - - return ret; -} - -static int build_data(char *text, const char *def, char *value, - int n_min, int n_max, char *buf, const int buf_size, - const char *desc1, const char *desc2) -{ - int i; - start: - if (!batch) - BIO_printf(bio_err, "%s [%s]:", text, def); - (void)BIO_flush(bio_err); - if (value != NULL) { - if (!join(buf, buf_size, value, "\n", desc1)) - return 0; - BIO_printf(bio_err, "%s\n", value); - } else { - buf[0] = '\0'; - if (!batch) { - if (!fgets(buf, buf_size, stdin)) - return 0; - } else { - buf[0] = '\n'; - buf[1] = '\0'; - } - } - - if (buf[0] == '\0') - return 0; - if (buf[0] == '\n') { - if ((def == NULL) || (def[0] == '\0')) - return 1; - if (!join(buf, buf_size, def, "\n", desc2)) - return 0; - } else if ((buf[0] == '.') && (buf[1] == '\n')) { - return 1; - } - - i = strlen(buf); - if (buf[i - 1] != '\n') { - BIO_printf(bio_err, "Missing newline at end of input\n"); - return 0; - } - buf[--i] = '\0'; -#ifdef CHARSET_EBCDIC - ebcdic2ascii(buf, buf, i); -#endif - if (!req_check_len(i, n_min, n_max)) { - if (batch || value) - return 0; - goto start; - } - return 2; -} - -static int req_check_len(int len, int n_min, int n_max) -{ - if (n_min > 0 && len < n_min) { - BIO_printf(bio_err, - "String too short, must be at least %d bytes long\n", n_min); - return 0; - } - if (n_max >= 0 && len > n_max) { - BIO_printf(bio_err, - "String too long, must be at most %d bytes long\n", n_max); - return 0; - } - return 1; -} - -/* Check if the end of a string matches 'end' */ -static int check_end(const char *str, const char *end) -{ - size_t elen, slen; - const char *tmp; - - elen = strlen(end); - slen = strlen(str); - if (elen > slen) - return 1; - tmp = str + slen - elen; - return strcmp(tmp, end); -} - -/* - * Merge the two strings together into the result buffer checking for - * overflow and producing an error message if there is. - */ -static int join(char buf[], size_t buf_size, const char *name, - const char *tail, const char *desc) -{ - const size_t name_len = strlen(name), tail_len = strlen(tail); - - if (name_len + tail_len + 1 > buf_size) { - BIO_printf(bio_err, "%s '%s' too long\n", desc, name); - return 0; - } - memcpy(buf, name, name_len); - memcpy(buf + name_len, tail, tail_len + 1); - return 1; -} - -static EVP_PKEY_CTX *set_keygen_ctx(const char *gstr, - char **pkeytype, long *pkeylen, - ENGINE *keygen_engine) -{ - EVP_PKEY_CTX *gctx = NULL; - EVP_PKEY *param = NULL; - long keylen = -1; - BIO *pbio = NULL; - const char *keytype = NULL; - size_t keytypelen = 0; - int expect_paramfile = 0; - const char *paramfile = NULL; - - /* Treat the first part of gstr, and only that */ - if (gstr == NULL) { - /* - * Special case: when no string given, default to RSA and the - * key length given by |*pkeylen|. - */ - keytype = "RSA"; - keylen = *pkeylen; - } else if (gstr[0] >= '0' && gstr[0] <= '9') { - /* Special case: only keylength given from string, so default to RSA */ - keytype = "RSA"; - /* The second part treatment will do the rest */ - } else { - const char *p = strchr(gstr, ':'); - int len; - - if (p != NULL) - len = p - gstr; - else - len = strlen(gstr); - - if (strncmp(gstr, "param", len) == 0) { - expect_paramfile = 1; - if (p == NULL) { - BIO_printf(bio_err, - "Parameter file requested but no path given: %s\n", - gstr); - return NULL; - } - } else { - keytype = gstr; - keytypelen = len; - } - - if (p != NULL) - gstr = gstr + len + 1; - else - gstr = NULL; - } - - /* Treat the second part of gstr, if there is one */ - if (gstr != NULL) { - /* If the second part starts with a digit, we assume it's a size */ - if (!expect_paramfile && gstr[0] >= '0' && gstr[0] <= '9') - keylen = atol(gstr); - else - paramfile = gstr; - } - - if (paramfile != NULL) { - pbio = BIO_new_file(paramfile, "r"); - if (pbio == NULL) { - BIO_printf(bio_err, "Cannot open parameter file %s\n", paramfile); - return NULL; - } - param = PEM_read_bio_Parameters(pbio, NULL); - - if (param == NULL) { - X509 *x; - - (void)BIO_reset(pbio); - x = PEM_read_bio_X509(pbio, NULL, NULL, NULL); - if (x != NULL) { - param = X509_get_pubkey(x); - X509_free(x); - } - } - - BIO_free(pbio); - - if (param == NULL) { - BIO_printf(bio_err, "Error reading parameter file %s\n", paramfile); - return NULL; - } - if (keytype == NULL) { - keytype = EVP_PKEY_get0_type_name(param); - if (keytype == NULL) { - EVP_PKEY_free(param); - BIO_puts(bio_err, "Unable to determine key type\n"); - return NULL; - } - } - } - - if (keytypelen > 0) - *pkeytype = OPENSSL_strndup(keytype, keytypelen); - else - *pkeytype = OPENSSL_strdup(keytype); - - if (*pkeytype == NULL) { - BIO_printf(bio_err, "Out of memory\n"); - EVP_PKEY_free(param); - return NULL; - } - - if (keylen >= 0) - *pkeylen = keylen; - - if (param != NULL) { - if (!EVP_PKEY_is_a(param, *pkeytype)) { - BIO_printf(bio_err, "Key type does not match parameters\n"); - EVP_PKEY_free(param); - return NULL; - } - - if (keygen_engine != NULL) - gctx = EVP_PKEY_CTX_new(param, keygen_engine); - else - gctx = EVP_PKEY_CTX_new_from_pkey(app_get0_libctx(), - param, app_get0_propq()); - *pkeylen = EVP_PKEY_get_bits(param); - EVP_PKEY_free(param); - } else { - if (keygen_engine != NULL) { - int pkey_id = get_legacy_pkey_id(app_get0_libctx(), *pkeytype, - keygen_engine); - - if (pkey_id != NID_undef) - gctx = EVP_PKEY_CTX_new_id(pkey_id, keygen_engine); - } else { - gctx = EVP_PKEY_CTX_new_from_name(app_get0_libctx(), - *pkeytype, app_get0_propq()); - } - } - - if (gctx == NULL) { - BIO_puts(bio_err, "Error allocating keygen context\n"); - return NULL; - } - - if (EVP_PKEY_keygen_init(gctx) <= 0) { - BIO_puts(bio_err, "Error initializing keygen context\n"); - EVP_PKEY_CTX_free(gctx); - return NULL; - } - if (keylen == -1 && (EVP_PKEY_CTX_is_a(gctx, "RSA") - || EVP_PKEY_CTX_is_a(gctx, "RSA-PSS"))) - keylen = *pkeylen; - - if (keylen != -1) { - OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END }; - size_t bits = keylen; - - params[0] = - OSSL_PARAM_construct_size_t(OSSL_PKEY_PARAM_BITS, &bits); - if (EVP_PKEY_CTX_set_params(gctx, params) <= 0) { - BIO_puts(bio_err, "Error setting keysize\n"); - EVP_PKEY_CTX_free(gctx); - return NULL; - } - } - - return gctx; -} - -static int genpkey_cb(EVP_PKEY_CTX *ctx) -{ - char c = '*'; - BIO *b = EVP_PKEY_CTX_get_app_data(ctx); - int p; - p = EVP_PKEY_CTX_get_keygen_info(ctx, 0); - if (p == 0) - c = '.'; - if (p == 1) - c = '+'; - if (p == 2) - c = '*'; - if (p == 3) - c = '\n'; - BIO_write(b, &c, 1); - (void)BIO_flush(b); - return 1; -} diff --git a/apps/rsa.c b/apps/rsa.c deleted file mode 100644 index 0da342c38f2cec1a87826b9f36806cb6a6b092aa..0000000000000000000000000000000000000000 --- a/apps/rsa.c +++ /dev/null @@ -1,415 +0,0 @@ -/* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* Necessary for legacy RSA public key export */ -#define OPENSSL_SUPPRESS_DEPRECATED - -#include - -#include -#include -#include -#include -#include "apps.h" -#include "progs.h" -#include -#include -#include -#include -#include -#include -#include -#include - -/* - * This include is to get OSSL_KEYMGMT_SELECT_*, which feels a bit - * much just for those macros... they might serve better as EVP macros. - */ -#include - -#ifndef OPENSSL_NO_RC4 -# define DEFAULT_PVK_ENCR_STRENGTH 2 -#else -# define DEFAULT_PVK_ENCR_STRENGTH 0 -#endif - -typedef enum OPTION_choice { - OPT_COMMON, - OPT_INFORM, OPT_OUTFORM, OPT_ENGINE, OPT_IN, OPT_OUT, - OPT_PUBIN, OPT_PUBOUT, OPT_PASSOUT, OPT_PASSIN, - OPT_RSAPUBKEY_IN, OPT_RSAPUBKEY_OUT, - /* Do not change the order here; see case statements below */ - OPT_PVK_NONE, OPT_PVK_WEAK, OPT_PVK_STRONG, - OPT_NOOUT, OPT_TEXT, OPT_MODULUS, OPT_CHECK, OPT_CIPHER, - OPT_PROV_ENUM, OPT_TRADITIONAL -} OPTION_CHOICE; - -const OPTIONS rsa_options[] = { - OPT_SECTION("General"), - {"help", OPT_HELP, '-', "Display this summary"}, - {"check", OPT_CHECK, '-', "Verify key consistency"}, - {"", OPT_CIPHER, '-', "Any supported cipher"}, -#ifndef OPENSSL_NO_ENGINE - {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, -#endif - - OPT_SECTION("Input"), - {"in", OPT_IN, 's', "Input file"}, - {"inform", OPT_INFORM, 'f', "Input format (DER/PEM/P12/ENGINE)"}, - {"pubin", OPT_PUBIN, '-', "Expect a public key in input file"}, - {"RSAPublicKey_in", OPT_RSAPUBKEY_IN, '-', "Input is an RSAPublicKey"}, - {"passin", OPT_PASSIN, 's', "Input file pass phrase source"}, - - OPT_SECTION("Output"), - {"out", OPT_OUT, '>', "Output file"}, - {"outform", OPT_OUTFORM, 'f', "Output format, one of DER PEM PVK"}, - {"pubout", OPT_PUBOUT, '-', "Output a public key"}, - {"RSAPublicKey_out", OPT_RSAPUBKEY_OUT, '-', "Output is an RSAPublicKey"}, - {"passout", OPT_PASSOUT, 's', "Output file pass phrase source"}, - {"noout", OPT_NOOUT, '-', "Don't print key out"}, - {"text", OPT_TEXT, '-', "Print the key in text"}, - {"modulus", OPT_MODULUS, '-', "Print the RSA key modulus"}, - {"traditional", OPT_TRADITIONAL, '-', - "Use traditional format for private keys"}, - -#ifndef OPENSSL_NO_RC4 - OPT_SECTION("PVK"), - {"pvk-strong", OPT_PVK_STRONG, '-', "Enable 'Strong' PVK encoding level (default)"}, - {"pvk-weak", OPT_PVK_WEAK, '-', "Enable 'Weak' PVK encoding level"}, - {"pvk-none", OPT_PVK_NONE, '-', "Don't enforce PVK encoding"}, -#endif - - OPT_PROV_OPTIONS, - {NULL} -}; - -static int try_legacy_encoding(EVP_PKEY *pkey, int outformat, int pubout, - BIO *out) -{ - int ret = 0; -#ifndef OPENSSL_NO_DEPRECATED_3_0 - const RSA *rsa = EVP_PKEY_get0_RSA(pkey); - - if (rsa == NULL) - return 0; - - if (outformat == FORMAT_ASN1) { - if (pubout == 2) - ret = i2d_RSAPublicKey_bio(out, rsa) > 0; - else - ret = i2d_RSA_PUBKEY_bio(out, rsa) > 0; - } else if (outformat == FORMAT_PEM) { - if (pubout == 2) - ret = PEM_write_bio_RSAPublicKey(out, rsa) > 0; - else - ret = PEM_write_bio_RSA_PUBKEY(out, rsa) > 0; -# ifndef OPENSSL_NO_DSA - } else if (outformat == FORMAT_MSBLOB || outformat == FORMAT_PVK) { - ret = i2b_PublicKey_bio(out, pkey) > 0; -# endif - } -#endif - - return ret; -} - -int rsa_main(int argc, char **argv) -{ - ENGINE *e = NULL; - BIO *out = NULL; - EVP_PKEY *pkey = NULL; - EVP_PKEY_CTX *pctx; - EVP_CIPHER *enc = NULL; - char *infile = NULL, *outfile = NULL, *ciphername = NULL, *prog; - char *passin = NULL, *passout = NULL, *passinarg = NULL, *passoutarg = NULL; - int private = 0; - int informat = FORMAT_UNDEF, outformat = FORMAT_PEM, text = 0, check = 0; - int noout = 0, modulus = 0, pubin = 0, pubout = 0, ret = 1; - int pvk_encr = DEFAULT_PVK_ENCR_STRENGTH; - OPTION_CHOICE o; - int traditional = 0; - const char *output_type = NULL; - const char *output_structure = NULL; - int selection = 0; - OSSL_ENCODER_CTX *ectx = NULL; - - prog = opt_init(argc, argv, rsa_options); - while ((o = opt_next()) != OPT_EOF) { - switch (o) { - case OPT_EOF: - case OPT_ERR: - opthelp: - BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); - goto end; - case OPT_HELP: - opt_help(rsa_options); - ret = 0; - goto end; - case OPT_INFORM: - if (!opt_format(opt_arg(), OPT_FMT_ANY, &informat)) - goto opthelp; - break; - case OPT_IN: - infile = opt_arg(); - break; - case OPT_OUTFORM: - if (!opt_format(opt_arg(), OPT_FMT_ANY, &outformat)) - goto opthelp; - break; - case OPT_OUT: - outfile = opt_arg(); - break; - case OPT_PASSIN: - passinarg = opt_arg(); - break; - case OPT_PASSOUT: - passoutarg = opt_arg(); - break; - case OPT_ENGINE: - e = setup_engine(opt_arg(), 0); - break; - case OPT_PUBIN: - pubin = 1; - break; - case OPT_PUBOUT: - pubout = 1; - break; - case OPT_RSAPUBKEY_IN: - pubin = 2; - break; - case OPT_RSAPUBKEY_OUT: - pubout = 2; - break; - case OPT_PVK_STRONG: /* pvk_encr:= 2 */ - case OPT_PVK_WEAK: /* pvk_encr:= 1 */ - case OPT_PVK_NONE: /* pvk_encr:= 0 */ - pvk_encr = (o - OPT_PVK_NONE); - break; - case OPT_NOOUT: - noout = 1; - break; - case OPT_TEXT: - text = 1; - break; - case OPT_MODULUS: - modulus = 1; - break; - case OPT_CHECK: - check = 1; - break; - case OPT_CIPHER: - ciphername = opt_unknown(); - break; - case OPT_PROV_CASES: - if (!opt_provider(o)) - goto end; - break; - case OPT_TRADITIONAL: - traditional = 1; - break; - } - } - - /* No extra arguments. */ - argc = opt_num_rest(); - if (argc != 0) - goto opthelp; - - if (ciphername != NULL) { - if (!opt_cipher(ciphername, &enc)) - goto opthelp; - } - private = (text && !pubin) || (!pubout && !noout) ? 1 : 0; - - if (!app_passwd(passinarg, passoutarg, &passin, &passout)) { - BIO_printf(bio_err, "Error getting passwords\n"); - goto end; - } - if (check && pubin) { - BIO_printf(bio_err, "Only private keys can be checked\n"); - goto end; - } - - if (pubin) { - int tmpformat = FORMAT_UNDEF; - - if (pubin == 2) { - if (informat == FORMAT_PEM) - tmpformat = FORMAT_PEMRSA; - else if (informat == FORMAT_ASN1) - tmpformat = FORMAT_ASN1RSA; - } else { - tmpformat = informat; - } - - pkey = load_pubkey(infile, tmpformat, 1, passin, e, "public key"); - } else { - pkey = load_key(infile, informat, 1, passin, e, "private key"); - } - - if (pkey == NULL) { - ERR_print_errors(bio_err); - goto end; - } - if (!EVP_PKEY_is_a(pkey, "RSA") && !EVP_PKEY_is_a(pkey, "RSA-PSS")) { - BIO_printf(bio_err, "Not an RSA key\n"); - goto end; - } - - out = bio_open_owner(outfile, outformat, private); - if (out == NULL) - goto end; - - if (text) { - assert(pubin || private); - if ((pubin && EVP_PKEY_print_public(out, pkey, 0, NULL) <= 0) - || (!pubin && EVP_PKEY_print_private(out, pkey, 0, NULL) <= 0)) { - perror(outfile); - ERR_print_errors(bio_err); - goto end; - } - } - - if (modulus) { - BIGNUM *n = NULL; - - /* Every RSA key has an 'n' */ - EVP_PKEY_get_bn_param(pkey, "n", &n); - BIO_printf(out, "Modulus="); - BN_print(out, n); - BIO_printf(out, "\n"); - BN_free(n); - } - - if (check) { - int r; - - pctx = EVP_PKEY_CTX_new_from_pkey(NULL, pkey, NULL); - if (pctx == NULL) { - BIO_printf(bio_err, "RSA unable to create PKEY context\n"); - ERR_print_errors(bio_err); - goto end; - } - r = EVP_PKEY_check(pctx); - EVP_PKEY_CTX_free(pctx); - - if (r == 1) { - BIO_printf(out, "RSA key ok\n"); - } else if (r == 0) { - BIO_printf(bio_err, "RSA key not ok\n"); - ERR_print_errors(bio_err); - } else if (r < 0) { - ERR_print_errors(bio_err); - goto end; - } - } - - if (noout) { - ret = 0; - goto end; - } - BIO_printf(bio_err, "writing RSA key\n"); - - /* Choose output type for the format */ - if (outformat == FORMAT_ASN1) { - output_type = "DER"; - } else if (outformat == FORMAT_PEM) { - output_type = "PEM"; - } else if (outformat == FORMAT_MSBLOB) { - output_type = "MSBLOB"; - } else if (outformat == FORMAT_PVK) { - if (pubin) { - BIO_printf(bio_err, "PVK form impossible with public key input\n"); - goto end; - } - output_type = "PVK"; - } else { - BIO_printf(bio_err, "bad output format specified for outfile\n"); - goto end; - } - - /* Select what you want in the output */ - if (pubout || pubin) { - selection = OSSL_KEYMGMT_SELECT_PUBLIC_KEY; - } else { - assert(private); - selection = (OSSL_KEYMGMT_SELECT_KEYPAIR - | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS); - } - - /* For DER based output, select the desired output structure */ - if (outformat == FORMAT_ASN1 || outformat == FORMAT_PEM) { - if (pubout || pubin) { - if (pubout == 2) - output_structure = "pkcs1"; /* "type-specific" would work too */ - else - output_structure = "SubjectPublicKeyInfo"; - } else { - assert(private); - if (traditional) - output_structure = "pkcs1"; /* "type-specific" would work too */ - else - output_structure = "PrivateKeyInfo"; - } - } - - /* Now, perform the encoding */ - ectx = OSSL_ENCODER_CTX_new_for_pkey(pkey, selection, - output_type, output_structure, - NULL); - if (OSSL_ENCODER_CTX_get_num_encoders(ectx) == 0) { - if ((!pubout && !pubin) - || !try_legacy_encoding(pkey, outformat, pubout, out)) - BIO_printf(bio_err, "%s format not supported\n", output_type); - else - ret = 0; - goto end; - } - - /* Passphrase setup */ - if (enc != NULL) - OSSL_ENCODER_CTX_set_cipher(ectx, EVP_CIPHER_get0_name(enc), NULL); - - /* Default passphrase prompter */ - if (enc != NULL || outformat == FORMAT_PVK) { - OSSL_ENCODER_CTX_set_passphrase_ui(ectx, get_ui_method(), NULL); - if (passout != NULL) - /* When passout given, override the passphrase prompter */ - OSSL_ENCODER_CTX_set_passphrase(ectx, - (const unsigned char *)passout, - strlen(passout)); - } - - /* PVK is a bit special... */ - if (outformat == FORMAT_PVK) { - OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; - - params[0] = OSSL_PARAM_construct_int("encrypt-level", &pvk_encr); - if (!OSSL_ENCODER_CTX_set_params(ectx, params)) { - BIO_printf(bio_err, "invalid PVK encryption level\n"); - goto end; - } - } - - if (!OSSL_ENCODER_to_bio(ectx, out)) { - BIO_printf(bio_err, "unable to write key\n"); - ERR_print_errors(bio_err); - goto end; - } - ret = 0; - end: - OSSL_ENCODER_CTX_free(ectx); - release_engine(e); - BIO_free_all(out); - EVP_PKEY_free(pkey); - EVP_CIPHER_free(enc); - OPENSSL_free(passin); - OPENSSL_free(passout); - return ret; -} diff --git a/apps/rsautl.c b/apps/rsautl.c deleted file mode 100644 index ae0206014d82face05d91230c4618109ddb7779c..0000000000000000000000000000000000000000 --- a/apps/rsautl.c +++ /dev/null @@ -1,293 +0,0 @@ -/* - * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include - -#include "apps.h" -#include "progs.h" -#include -#include -#include -#include - -#define RSA_SIGN 1 -#define RSA_VERIFY 2 -#define RSA_ENCRYPT 3 -#define RSA_DECRYPT 4 - -#define KEY_PRIVKEY 1 -#define KEY_PUBKEY 2 -#define KEY_CERT 3 - -typedef enum OPTION_choice { - OPT_COMMON, - OPT_ENGINE, OPT_IN, OPT_OUT, OPT_ASN1PARSE, OPT_HEXDUMP, - OPT_RSA_RAW, OPT_OAEP, OPT_PKCS, OPT_X931, - OPT_SIGN, OPT_VERIFY, OPT_REV, OPT_ENCRYPT, OPT_DECRYPT, - OPT_PUBIN, OPT_CERTIN, OPT_INKEY, OPT_PASSIN, OPT_KEYFORM, - OPT_R_ENUM, OPT_PROV_ENUM -} OPTION_CHOICE; - -const OPTIONS rsautl_options[] = { - OPT_SECTION("General"), - {"help", OPT_HELP, '-', "Display this summary"}, - {"sign", OPT_SIGN, '-', "Sign with private key"}, - {"verify", OPT_VERIFY, '-', "Verify with public key"}, - {"encrypt", OPT_ENCRYPT, '-', "Encrypt with public key"}, - {"decrypt", OPT_DECRYPT, '-', "Decrypt with private key"}, -#ifndef OPENSSL_NO_ENGINE - {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, -#endif - - OPT_SECTION("Input"), - {"in", OPT_IN, '<', "Input file"}, - {"inkey", OPT_INKEY, 's', "Input key"}, - {"keyform", OPT_KEYFORM, 'E', "Private key format (ENGINE, other values ignored)"}, - {"pubin", OPT_PUBIN, '-', "Input is an RSA public"}, - {"certin", OPT_CERTIN, '-', "Input is a cert carrying an RSA public key"}, - {"rev", OPT_REV, '-', "Reverse the order of the input buffer"}, - {"passin", OPT_PASSIN, 's', "Input file pass phrase source"}, - - OPT_SECTION("Output"), - {"out", OPT_OUT, '>', "Output file"}, - {"raw", OPT_RSA_RAW, '-', "Use no padding"}, - {"pkcs", OPT_PKCS, '-', "Use PKCS#1 v1.5 padding (default)"}, - {"x931", OPT_X931, '-', "Use ANSI X9.31 padding"}, - {"oaep", OPT_OAEP, '-', "Use PKCS#1 OAEP"}, - {"asn1parse", OPT_ASN1PARSE, '-', - "Run output through asn1parse; useful with -verify"}, - {"hexdump", OPT_HEXDUMP, '-', "Hex dump output"}, - - OPT_R_OPTIONS, - OPT_PROV_OPTIONS, - {NULL} -}; - -int rsautl_main(int argc, char **argv) -{ - BIO *in = NULL, *out = NULL; - ENGINE *e = NULL; - EVP_PKEY *pkey = NULL; - EVP_PKEY_CTX *ctx = NULL; - X509 *x; - char *infile = NULL, *outfile = NULL, *keyfile = NULL; - char *passinarg = NULL, *passin = NULL, *prog; - char rsa_mode = RSA_VERIFY, key_type = KEY_PRIVKEY; - unsigned char *rsa_in = NULL, *rsa_out = NULL, pad = RSA_PKCS1_PADDING; - size_t rsa_inlen, rsa_outlen = 0; - int keyformat = FORMAT_UNDEF, keysize, ret = 1, rv; - int hexdump = 0, asn1parse = 0, need_priv = 0, rev = 0; - OPTION_CHOICE o; - - prog = opt_init(argc, argv, rsautl_options); - while ((o = opt_next()) != OPT_EOF) { - switch (o) { - case OPT_EOF: - case OPT_ERR: - opthelp: - BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); - goto end; - case OPT_HELP: - opt_help(rsautl_options); - ret = 0; - goto end; - case OPT_KEYFORM: - if (!opt_format(opt_arg(), OPT_FMT_ANY, &keyformat)) - goto opthelp; - break; - case OPT_IN: - infile = opt_arg(); - break; - case OPT_OUT: - outfile = opt_arg(); - break; - case OPT_ENGINE: - e = setup_engine(opt_arg(), 0); - break; - case OPT_ASN1PARSE: - asn1parse = 1; - break; - case OPT_HEXDUMP: - hexdump = 1; - break; - case OPT_RSA_RAW: - pad = RSA_NO_PADDING; - break; - case OPT_OAEP: - pad = RSA_PKCS1_OAEP_PADDING; - break; - case OPT_PKCS: - pad = RSA_PKCS1_PADDING; - break; - case OPT_X931: - pad = RSA_X931_PADDING; - break; - case OPT_SIGN: - rsa_mode = RSA_SIGN; - need_priv = 1; - break; - case OPT_VERIFY: - rsa_mode = RSA_VERIFY; - break; - case OPT_REV: - rev = 1; - break; - case OPT_ENCRYPT: - rsa_mode = RSA_ENCRYPT; - break; - case OPT_DECRYPT: - rsa_mode = RSA_DECRYPT; - need_priv = 1; - break; - case OPT_PUBIN: - key_type = KEY_PUBKEY; - break; - case OPT_CERTIN: - key_type = KEY_CERT; - break; - case OPT_INKEY: - keyfile = opt_arg(); - break; - case OPT_PASSIN: - passinarg = opt_arg(); - break; - case OPT_R_CASES: - if (!opt_rand(o)) - goto end; - break; - case OPT_PROV_CASES: - if (!opt_provider(o)) - goto end; - break; - } - } - - /* No extra arguments. */ - argc = opt_num_rest(); - if (argc != 0) - goto opthelp; - - if (!app_RAND_load()) - goto end; - - if (need_priv && (key_type != KEY_PRIVKEY)) { - BIO_printf(bio_err, "A private key is needed for this operation\n"); - goto end; - } - - if (!app_passwd(passinarg, NULL, &passin, NULL)) { - BIO_printf(bio_err, "Error getting password\n"); - goto end; - } - - switch (key_type) { - case KEY_PRIVKEY: - pkey = load_key(keyfile, keyformat, 0, passin, e, "private key"); - break; - - case KEY_PUBKEY: - pkey = load_pubkey(keyfile, keyformat, 0, NULL, e, "public key"); - break; - - case KEY_CERT: - x = load_cert(keyfile, FORMAT_UNDEF, "Certificate"); - if (x) { - pkey = X509_get_pubkey(x); - X509_free(x); - } - break; - } - - if (pkey == NULL) - return 1; - - in = bio_open_default(infile, 'r', FORMAT_BINARY); - if (in == NULL) - goto end; - out = bio_open_default(outfile, 'w', FORMAT_BINARY); - if (out == NULL) - goto end; - - keysize = EVP_PKEY_get_size(pkey); - - rsa_in = app_malloc(keysize * 2, "hold rsa key"); - rsa_out = app_malloc(keysize, "output rsa key"); - rsa_outlen = keysize; - - /* Read the input data */ - rv = BIO_read(in, rsa_in, keysize * 2); - if (rv < 0) { - BIO_printf(bio_err, "Error reading input Data\n"); - goto end; - } - rsa_inlen = rv; - if (rev) { - size_t i; - unsigned char ctmp; - - for (i = 0; i < rsa_inlen / 2; i++) { - ctmp = rsa_in[i]; - rsa_in[i] = rsa_in[rsa_inlen - 1 - i]; - rsa_in[rsa_inlen - 1 - i] = ctmp; - } - } - - if ((ctx = EVP_PKEY_CTX_new_from_pkey(NULL, pkey, NULL)) == NULL) - goto end; - - switch (rsa_mode) { - case RSA_VERIFY: - rv = EVP_PKEY_verify_recover_init(ctx) - && EVP_PKEY_CTX_set_rsa_padding(ctx, pad) - && EVP_PKEY_verify_recover(ctx, rsa_out, &rsa_outlen, - rsa_in, rsa_inlen); - break; - case RSA_SIGN: - rv = EVP_PKEY_sign_init(ctx) - && EVP_PKEY_CTX_set_rsa_padding(ctx, pad) - && EVP_PKEY_sign(ctx, rsa_out, &rsa_outlen, rsa_in, rsa_inlen); - break; - case RSA_ENCRYPT: - rv = EVP_PKEY_encrypt_init(ctx) - && EVP_PKEY_CTX_set_rsa_padding(ctx, pad) - && EVP_PKEY_encrypt(ctx, rsa_out, &rsa_outlen, rsa_in, rsa_inlen); - break; - case RSA_DECRYPT: - rv = EVP_PKEY_decrypt_init(ctx) - && EVP_PKEY_CTX_set_rsa_padding(ctx, pad) - && EVP_PKEY_decrypt(ctx, rsa_out, &rsa_outlen, rsa_in, rsa_inlen); - break; - } - - if (!rv) { - BIO_printf(bio_err, "RSA operation error\n"); - ERR_print_errors(bio_err); - goto end; - } - ret = 0; - if (asn1parse) { - if (!ASN1_parse_dump(out, rsa_out, rsa_outlen, 1, -1)) { - ERR_print_errors(bio_err); - } - } else if (hexdump) { - BIO_dump(out, (char *)rsa_out, rsa_outlen); - } else { - BIO_write(out, rsa_out, rsa_outlen); - } - end: - EVP_PKEY_CTX_free(ctx); - EVP_PKEY_free(pkey); - release_engine(e); - BIO_free(in); - BIO_free_all(out); - OPENSSL_free(rsa_in); - OPENSSL_free(rsa_out); - OPENSSL_free(passin); - return ret; -} diff --git a/apps/s_client.c b/apps/s_client.c deleted file mode 100644 index a9142386428de0bd05e791c2a00998eae0f37fab..0000000000000000000000000000000000000000 --- a/apps/s_client.c +++ /dev/null @@ -1,3539 +0,0 @@ -/* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. - * Copyright 2005 Nokia. All rights reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include "e_os.h" -#include -#include -#include -#include -#include -#include - -#ifndef OPENSSL_NO_SOCK - -/* - * With IPv6, it looks like Digital has mixed up the proper order of - * recursive header file inclusion, resulting in the compiler complaining - * that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which is - * needed to have fileno() declared correctly... So let's define u_int - */ -#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__U_INT) -# define __U_INT -typedef unsigned int u_int; -#endif - -#include "apps.h" -#include "progs.h" -#include -#include -#include -#include -#include -#include -#include -#include -#include -#ifndef OPENSSL_NO_CT -# include -#endif -#include "s_apps.h" -#include "timeouts.h" -#include "internal/sockets.h" - -#if defined(__has_feature) -# if __has_feature(memory_sanitizer) -# include -# endif -#endif - -#undef BUFSIZZ -#define BUFSIZZ 1024*8 -#define S_CLIENT_IRC_READ_TIMEOUT 8 - -static char *prog; -static int c_debug = 0; -static int c_showcerts = 0; -static char *keymatexportlabel = NULL; -static int keymatexportlen = 20; -static BIO *bio_c_out = NULL; -static int c_quiet = 0; -static char *sess_out = NULL; -static SSL_SESSION *psksess = NULL; - -static void print_stuff(BIO *berr, SSL *con, int full); -#ifndef OPENSSL_NO_OCSP -static int ocsp_resp_cb(SSL *s, void *arg); -#endif -static int ldap_ExtendedResponse_parse(const char *buf, long rem); -static int is_dNS_name(const char *host); - -static int saved_errno; - -static void save_errno(void) -{ - saved_errno = errno; - errno = 0; -} - -static int restore_errno(void) -{ - int ret = errno; - errno = saved_errno; - return ret; -} - -/* Default PSK identity and key */ -static char *psk_identity = "Client_identity"; - -#ifndef OPENSSL_NO_PSK -static unsigned int psk_client_cb(SSL *ssl, const char *hint, char *identity, - unsigned int max_identity_len, - unsigned char *psk, - unsigned int max_psk_len) -{ - int ret; - long key_len; - unsigned char *key; - - if (c_debug) - BIO_printf(bio_c_out, "psk_client_cb\n"); - if (!hint) { - /* no ServerKeyExchange message */ - if (c_debug) - BIO_printf(bio_c_out, - "NULL received PSK identity hint, continuing anyway\n"); - } else if (c_debug) { - BIO_printf(bio_c_out, "Received PSK identity hint '%s'\n", hint); - } - - /* - * lookup PSK identity and PSK key based on the given identity hint here - */ - ret = BIO_snprintf(identity, max_identity_len, "%s", psk_identity); - if (ret < 0 || (unsigned int)ret > max_identity_len) - goto out_err; - if (c_debug) - BIO_printf(bio_c_out, "created identity '%s' len=%d\n", identity, - ret); - - /* convert the PSK key to binary */ - key = OPENSSL_hexstr2buf(psk_key, &key_len); - if (key == NULL) { - BIO_printf(bio_err, "Could not convert PSK key '%s' to buffer\n", - psk_key); - return 0; - } - if (max_psk_len > INT_MAX || key_len > (long)max_psk_len) { - BIO_printf(bio_err, - "psk buffer of callback is too small (%d) for key (%ld)\n", - max_psk_len, key_len); - OPENSSL_free(key); - return 0; - } - - memcpy(psk, key, key_len); - OPENSSL_free(key); - - if (c_debug) - BIO_printf(bio_c_out, "created PSK len=%ld\n", key_len); - - return key_len; - out_err: - if (c_debug) - BIO_printf(bio_err, "Error in PSK client callback\n"); - return 0; -} -#endif - -const unsigned char tls13_aes128gcmsha256_id[] = { 0x13, 0x01 }; -const unsigned char tls13_aes256gcmsha384_id[] = { 0x13, 0x02 }; - -static int psk_use_session_cb(SSL *s, const EVP_MD *md, - const unsigned char **id, size_t *idlen, - SSL_SESSION **sess) -{ - SSL_SESSION *usesess = NULL; - const SSL_CIPHER *cipher = NULL; - - if (psksess != NULL) { - SSL_SESSION_up_ref(psksess); - usesess = psksess; - } else { - long key_len; - unsigned char *key = OPENSSL_hexstr2buf(psk_key, &key_len); - - if (key == NULL) { - BIO_printf(bio_err, "Could not convert PSK key '%s' to buffer\n", - psk_key); - return 0; - } - - /* We default to SHA-256 */ - cipher = SSL_CIPHER_find(s, tls13_aes128gcmsha256_id); - if (cipher == NULL) { - BIO_printf(bio_err, "Error finding suitable ciphersuite\n"); - OPENSSL_free(key); - return 0; - } - - usesess = SSL_SESSION_new(); - if (usesess == NULL - || !SSL_SESSION_set1_master_key(usesess, key, key_len) - || !SSL_SESSION_set_cipher(usesess, cipher) - || !SSL_SESSION_set_protocol_version(usesess, TLS1_3_VERSION)) { - OPENSSL_free(key); - goto err; - } - OPENSSL_free(key); - } - - cipher = SSL_SESSION_get0_cipher(usesess); - if (cipher == NULL) - goto err; - - if (md != NULL && SSL_CIPHER_get_handshake_digest(cipher) != md) { - /* PSK not usable, ignore it */ - *id = NULL; - *idlen = 0; - *sess = NULL; - SSL_SESSION_free(usesess); - } else { - *sess = usesess; - *id = (unsigned char *)psk_identity; - *idlen = strlen(psk_identity); - } - - return 1; - - err: - SSL_SESSION_free(usesess); - return 0; -} - -/* This is a context that we pass to callbacks */ -typedef struct tlsextctx_st { - BIO *biodebug; - int ack; -} tlsextctx; - -static int ssl_servername_cb(SSL *s, int *ad, void *arg) -{ - tlsextctx *p = (tlsextctx *) arg; - const char *hn = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name); - if (SSL_get_servername_type(s) != -1) - p->ack = !SSL_session_reused(s) && hn != NULL; - else - BIO_printf(bio_err, "Can't use SSL_get_servername\n"); - - return SSL_TLSEXT_ERR_OK; -} - -#ifndef OPENSSL_NO_NEXTPROTONEG -/* This the context that we pass to next_proto_cb */ -typedef struct tlsextnextprotoctx_st { - unsigned char *data; - size_t len; - int status; -} tlsextnextprotoctx; - -static tlsextnextprotoctx next_proto; - -static int next_proto_cb(SSL *s, unsigned char **out, unsigned char *outlen, - const unsigned char *in, unsigned int inlen, - void *arg) -{ - tlsextnextprotoctx *ctx = arg; - - if (!c_quiet) { - /* We can assume that |in| is syntactically valid. */ - unsigned i; - BIO_printf(bio_c_out, "Protocols advertised by server: "); - for (i = 0; i < inlen;) { - if (i) - BIO_write(bio_c_out, ", ", 2); - BIO_write(bio_c_out, &in[i + 1], in[i]); - i += in[i] + 1; - } - BIO_write(bio_c_out, "\n", 1); - } - - ctx->status = - SSL_select_next_proto(out, outlen, in, inlen, ctx->data, ctx->len); - return SSL_TLSEXT_ERR_OK; -} -#endif /* ndef OPENSSL_NO_NEXTPROTONEG */ - -static int serverinfo_cli_parse_cb(SSL *s, unsigned int ext_type, - const unsigned char *in, size_t inlen, - int *al, void *arg) -{ - char pem_name[100]; - unsigned char ext_buf[4 + 65536]; - - /* Reconstruct the type/len fields prior to extension data */ - inlen &= 0xffff; /* for formal memcmpy correctness */ - ext_buf[0] = (unsigned char)(ext_type >> 8); - ext_buf[1] = (unsigned char)(ext_type); - ext_buf[2] = (unsigned char)(inlen >> 8); - ext_buf[3] = (unsigned char)(inlen); - memcpy(ext_buf + 4, in, inlen); - - BIO_snprintf(pem_name, sizeof(pem_name), "SERVERINFO FOR EXTENSION %d", - ext_type); - PEM_write_bio(bio_c_out, pem_name, "", ext_buf, 4 + inlen); - return 1; -} - -/* - * Hex decoder that tolerates optional whitespace. Returns number of bytes - * produced, advances inptr to end of input string. - */ -static ossl_ssize_t hexdecode(const char **inptr, void *result) -{ - unsigned char **out = (unsigned char **)result; - const char *in = *inptr; - unsigned char *ret = app_malloc(strlen(in) / 2, "hexdecode"); - unsigned char *cp = ret; - uint8_t byte; - int nibble = 0; - - if (ret == NULL) - return -1; - - for (byte = 0; *in; ++in) { - int x; - - if (isspace(_UC(*in))) - continue; - x = OPENSSL_hexchar2int(*in); - if (x < 0) { - OPENSSL_free(ret); - return 0; - } - byte |= (char)x; - if ((nibble ^= 1) == 0) { - *cp++ = byte; - byte = 0; - } else { - byte <<= 4; - } - } - if (nibble != 0) { - OPENSSL_free(ret); - return 0; - } - *inptr = in; - - return cp - (*out = ret); -} - -/* - * Decode unsigned 0..255, returns 1 on success, <= 0 on failure. Advances - * inptr to next field skipping leading whitespace. - */ -static ossl_ssize_t checked_uint8(const char **inptr, void *out) -{ - uint8_t *result = (uint8_t *)out; - const char *in = *inptr; - char *endp; - long v; - int e; - - save_errno(); - v = strtol(in, &endp, 10); - e = restore_errno(); - - if (((v == LONG_MIN || v == LONG_MAX) && e == ERANGE) || - endp == in || !isspace(_UC(*endp)) || - v != (*result = (uint8_t) v)) { - return -1; - } - for (in = endp; isspace(_UC(*in)); ++in) - continue; - - *inptr = in; - return 1; -} - -struct tlsa_field { - void *var; - const char *name; - ossl_ssize_t (*parser)(const char **, void *); -}; - -static int tlsa_import_rr(SSL *con, const char *rrdata) -{ - /* Not necessary to re-init these values; the "parsers" do that. */ - static uint8_t usage; - static uint8_t selector; - static uint8_t mtype; - static unsigned char *data; - static struct tlsa_field tlsa_fields[] = { - { &usage, "usage", checked_uint8 }, - { &selector, "selector", checked_uint8 }, - { &mtype, "mtype", checked_uint8 }, - { &data, "data", hexdecode }, - { NULL, } - }; - struct tlsa_field *f; - int ret; - const char *cp = rrdata; - ossl_ssize_t len = 0; - - for (f = tlsa_fields; f->var; ++f) { - /* Returns number of bytes produced, advances cp to next field */ - if ((len = f->parser(&cp, f->var)) <= 0) { - BIO_printf(bio_err, "%s: warning: bad TLSA %s field in: %s\n", - prog, f->name, rrdata); - return 0; - } - } - /* The data field is last, so len is its length */ - ret = SSL_dane_tlsa_add(con, usage, selector, mtype, data, len); - OPENSSL_free(data); - - if (ret == 0) { - ERR_print_errors(bio_err); - BIO_printf(bio_err, "%s: warning: unusable TLSA rrdata: %s\n", - prog, rrdata); - return 0; - } - if (ret < 0) { - ERR_print_errors(bio_err); - BIO_printf(bio_err, "%s: warning: error loading TLSA rrdata: %s\n", - prog, rrdata); - return 0; - } - return ret; -} - -static int tlsa_import_rrset(SSL *con, STACK_OF(OPENSSL_STRING) *rrset) -{ - int num = sk_OPENSSL_STRING_num(rrset); - int count = 0; - int i; - - for (i = 0; i < num; ++i) { - char *rrdata = sk_OPENSSL_STRING_value(rrset, i); - if (tlsa_import_rr(con, rrdata) > 0) - ++count; - } - return count > 0; -} - -typedef enum OPTION_choice { - OPT_COMMON, - OPT_4, OPT_6, OPT_HOST, OPT_PORT, OPT_CONNECT, OPT_BIND, OPT_UNIX, - OPT_XMPPHOST, OPT_VERIFY, OPT_NAMEOPT, - OPT_CERT, OPT_CRL, OPT_CRL_DOWNLOAD, OPT_SESS_OUT, OPT_SESS_IN, - OPT_CERTFORM, OPT_CRLFORM, OPT_VERIFY_RET_ERROR, OPT_VERIFY_QUIET, - OPT_BRIEF, OPT_PREXIT, OPT_CRLF, OPT_QUIET, OPT_NBIO, - OPT_SSL_CLIENT_ENGINE, OPT_IGN_EOF, OPT_NO_IGN_EOF, - OPT_DEBUG, OPT_TLSEXTDEBUG, OPT_STATUS, OPT_WDEBUG, - OPT_MSG, OPT_MSGFILE, OPT_ENGINE, OPT_TRACE, OPT_SECURITY_DEBUG, - OPT_SECURITY_DEBUG_VERBOSE, OPT_SHOWCERTS, OPT_NBIO_TEST, OPT_STATE, - OPT_PSK_IDENTITY, OPT_PSK, OPT_PSK_SESS, -#ifndef OPENSSL_NO_SRP - OPT_SRPUSER, OPT_SRPPASS, OPT_SRP_STRENGTH, OPT_SRP_LATEUSER, - OPT_SRP_MOREGROUPS, -#endif - OPT_SSL3, OPT_SSL_CONFIG, - OPT_TLS1_3, OPT_TLS1_2, OPT_TLS1_1, OPT_TLS1, OPT_DTLS, OPT_DTLS1, - OPT_DTLS1_2, OPT_SCTP, OPT_TIMEOUT, OPT_MTU, OPT_KEYFORM, OPT_PASS, - OPT_CERT_CHAIN, OPT_KEY, OPT_RECONNECT, OPT_BUILD_CHAIN, - OPT_NEXTPROTONEG, OPT_ALPN, - OPT_CAPATH, OPT_NOCAPATH, OPT_CHAINCAPATH, OPT_VERIFYCAPATH, - OPT_CAFILE, OPT_NOCAFILE, OPT_CHAINCAFILE, OPT_VERIFYCAFILE, - OPT_CASTORE, OPT_NOCASTORE, OPT_CHAINCASTORE, OPT_VERIFYCASTORE, - OPT_SERVERINFO, OPT_STARTTLS, OPT_SERVERNAME, OPT_NOSERVERNAME, OPT_ASYNC, - OPT_USE_SRTP, OPT_KEYMATEXPORT, OPT_KEYMATEXPORTLEN, OPT_PROTOHOST, - OPT_MAXFRAGLEN, OPT_MAX_SEND_FRAG, OPT_SPLIT_SEND_FRAG, OPT_MAX_PIPELINES, - OPT_READ_BUF, OPT_KEYLOG_FILE, OPT_EARLY_DATA, OPT_REQCAFILE, - OPT_V_ENUM, - OPT_X_ENUM, - OPT_S_ENUM, OPT_IGNORE_UNEXPECTED_EOF, - OPT_FALLBACKSCSV, OPT_NOCMDS, OPT_PROXY, OPT_PROXY_USER, OPT_PROXY_PASS, - OPT_DANE_TLSA_DOMAIN, -#ifndef OPENSSL_NO_CT - OPT_CT, OPT_NOCT, OPT_CTLOG_FILE, -#endif - OPT_DANE_TLSA_RRDATA, OPT_DANE_EE_NO_NAME, - OPT_ENABLE_PHA, - OPT_SCTP_LABEL_BUG, - OPT_R_ENUM, OPT_PROV_ENUM -} OPTION_CHOICE; - -const OPTIONS s_client_options[] = { - {OPT_HELP_STR, 1, '-', "Usage: %s [options] [host:port]\n"}, - - OPT_SECTION("General"), - {"help", OPT_HELP, '-', "Display this summary"}, -#ifndef OPENSSL_NO_ENGINE - {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, - {"ssl_client_engine", OPT_SSL_CLIENT_ENGINE, 's', - "Specify engine to be used for client certificate operations"}, -#endif - {"ssl_config", OPT_SSL_CONFIG, 's', "Use specified section for SSL_CTX configuration"}, -#ifndef OPENSSL_NO_CT - {"ct", OPT_CT, '-', "Request and parse SCTs (also enables OCSP stapling)"}, - {"noct", OPT_NOCT, '-', "Do not request or parse SCTs (default)"}, - {"ctlogfile", OPT_CTLOG_FILE, '<', "CT log list CONF file"}, -#endif - - OPT_SECTION("Network"), - {"host", OPT_HOST, 's', "Use -connect instead"}, - {"port", OPT_PORT, 'p', "Use -connect instead"}, - {"connect", OPT_CONNECT, 's', - "TCP/IP where to connect; default: " PORT ")"}, - {"bind", OPT_BIND, 's', "bind local address for connection"}, - {"proxy", OPT_PROXY, 's', - "Connect to via specified proxy to the real server"}, - {"proxy_user", OPT_PROXY_USER, 's', "UserID for proxy authentication"}, - {"proxy_pass", OPT_PROXY_PASS, 's', "Proxy authentication password source"}, -#ifdef AF_UNIX - {"unix", OPT_UNIX, 's', "Connect over the specified Unix-domain socket"}, -#endif - {"4", OPT_4, '-', "Use IPv4 only"}, -#ifdef AF_INET6 - {"6", OPT_6, '-', "Use IPv6 only"}, -#endif - {"maxfraglen", OPT_MAXFRAGLEN, 'p', - "Enable Maximum Fragment Length Negotiation (len values: 512, 1024, 2048 and 4096)"}, - {"max_send_frag", OPT_MAX_SEND_FRAG, 'p', "Maximum Size of send frames "}, - {"split_send_frag", OPT_SPLIT_SEND_FRAG, 'p', - "Size used to split data for encrypt pipelines"}, - {"max_pipelines", OPT_MAX_PIPELINES, 'p', - "Maximum number of encrypt/decrypt pipelines to be used"}, - {"read_buf", OPT_READ_BUF, 'p', - "Default read buffer size to be used for connections"}, - {"fallback_scsv", OPT_FALLBACKSCSV, '-', "Send the fallback SCSV"}, - - OPT_SECTION("Identity"), - {"cert", OPT_CERT, '<', "Client certificate file to use"}, - {"certform", OPT_CERTFORM, 'F', - "Client certificate file format (PEM/DER/P12); has no effect"}, - {"cert_chain", OPT_CERT_CHAIN, '<', - "Client certificate chain file (in PEM format)"}, - {"build_chain", OPT_BUILD_CHAIN, '-', "Build client certificate chain"}, - {"key", OPT_KEY, 's', "Private key file to use; default: -cert file"}, - {"keyform", OPT_KEYFORM, 'E', "Key format (ENGINE, other values ignored)"}, - {"pass", OPT_PASS, 's', "Private key and cert file pass phrase source"}, - {"verify", OPT_VERIFY, 'p', "Turn on peer certificate verification"}, - {"nameopt", OPT_NAMEOPT, 's', "Certificate subject/issuer name printing options"}, - {"CApath", OPT_CAPATH, '/', "PEM format directory of CA's"}, - {"CAfile", OPT_CAFILE, '<', "PEM format file of CA's"}, - {"CAstore", OPT_CASTORE, ':', "URI to store of CA's"}, - {"no-CAfile", OPT_NOCAFILE, '-', - "Do not load the default certificates file"}, - {"no-CApath", OPT_NOCAPATH, '-', - "Do not load certificates from the default certificates directory"}, - {"no-CAstore", OPT_NOCASTORE, '-', - "Do not load certificates from the default certificates store"}, - {"requestCAfile", OPT_REQCAFILE, '<', - "PEM format file of CA names to send to the server"}, - {"dane_tlsa_domain", OPT_DANE_TLSA_DOMAIN, 's', "DANE TLSA base domain"}, - {"dane_tlsa_rrdata", OPT_DANE_TLSA_RRDATA, 's', - "DANE TLSA rrdata presentation form"}, - {"dane_ee_no_namechecks", OPT_DANE_EE_NO_NAME, '-', - "Disable name checks when matching DANE-EE(3) TLSA records"}, - {"psk_identity", OPT_PSK_IDENTITY, 's', "PSK identity"}, - {"psk", OPT_PSK, 's', "PSK in hex (without 0x)"}, - {"psk_session", OPT_PSK_SESS, '<', "File to read PSK SSL session from"}, - {"name", OPT_PROTOHOST, 's', - "Hostname to use for \"-starttls lmtp\", \"-starttls smtp\" or \"-starttls xmpp[-server]\""}, - - OPT_SECTION("Session"), - {"reconnect", OPT_RECONNECT, '-', - "Drop and re-make the connection with the same Session-ID"}, - {"sess_out", OPT_SESS_OUT, '>', "File to write SSL session to"}, - {"sess_in", OPT_SESS_IN, '<', "File to read SSL session from"}, - - OPT_SECTION("Input/Output"), - {"crlf", OPT_CRLF, '-', "Convert LF from terminal into CRLF"}, - {"quiet", OPT_QUIET, '-', "No s_client output"}, - {"ign_eof", OPT_IGN_EOF, '-', "Ignore input eof (default when -quiet)"}, - {"no_ign_eof", OPT_NO_IGN_EOF, '-', "Don't ignore input eof"}, - {"starttls", OPT_STARTTLS, 's', - "Use the appropriate STARTTLS command before starting TLS"}, - {"xmpphost", OPT_XMPPHOST, 's', - "Alias of -name option for \"-starttls xmpp[-server]\""}, - {"brief", OPT_BRIEF, '-', - "Restrict output to brief summary of connection parameters"}, - {"prexit", OPT_PREXIT, '-', - "Print session information when the program exits"}, - - OPT_SECTION("Debug"), - {"showcerts", OPT_SHOWCERTS, '-', - "Show all certificates sent by the server"}, - {"debug", OPT_DEBUG, '-', "Extra output"}, - {"msg", OPT_MSG, '-', "Show protocol messages"}, - {"msgfile", OPT_MSGFILE, '>', - "File to send output of -msg or -trace, instead of stdout"}, - {"nbio_test", OPT_NBIO_TEST, '-', "More ssl protocol testing"}, - {"state", OPT_STATE, '-', "Print the ssl states"}, - {"keymatexport", OPT_KEYMATEXPORT, 's', - "Export keying material using label"}, - {"keymatexportlen", OPT_KEYMATEXPORTLEN, 'p', - "Export len bytes of keying material; default 20"}, - {"security_debug", OPT_SECURITY_DEBUG, '-', - "Enable security debug messages"}, - {"security_debug_verbose", OPT_SECURITY_DEBUG_VERBOSE, '-', - "Output more security debug output"}, -#ifndef OPENSSL_NO_SSL_TRACE - {"trace", OPT_TRACE, '-', "Show trace output of protocol messages"}, -#endif -#ifdef WATT32 - {"wdebug", OPT_WDEBUG, '-', "WATT-32 tcp debugging"}, -#endif - {"keylogfile", OPT_KEYLOG_FILE, '>', "Write TLS secrets to file"}, - {"nocommands", OPT_NOCMDS, '-', "Do not use interactive command letters"}, - {"servername", OPT_SERVERNAME, 's', - "Set TLS extension servername (SNI) in ClientHello (default)"}, - {"noservername", OPT_NOSERVERNAME, '-', - "Do not send the server name (SNI) extension in the ClientHello"}, - {"tlsextdebug", OPT_TLSEXTDEBUG, '-', - "Hex dump of all TLS extensions received"}, - {"ignore_unexpected_eof", OPT_IGNORE_UNEXPECTED_EOF, '-', - "Do not treat lack of close_notify from a peer as an error"}, -#ifndef OPENSSL_NO_OCSP - {"status", OPT_STATUS, '-', "Request certificate status from server"}, -#endif - {"serverinfo", OPT_SERVERINFO, 's', - "types Send empty ClientHello extensions (comma-separated numbers)"}, - {"alpn", OPT_ALPN, 's', - "Enable ALPN extension, considering named protocols supported (comma-separated list)"}, - {"async", OPT_ASYNC, '-', "Support asynchronous operation"}, - {"nbio", OPT_NBIO, '-', "Use non-blocking IO"}, - - OPT_SECTION("Protocol and version"), -#ifndef OPENSSL_NO_SSL3 - {"ssl3", OPT_SSL3, '-', "Just use SSLv3"}, -#endif -#ifndef OPENSSL_NO_TLS1 - {"tls1", OPT_TLS1, '-', "Just use TLSv1"}, -#endif -#ifndef OPENSSL_NO_TLS1_1 - {"tls1_1", OPT_TLS1_1, '-', "Just use TLSv1.1"}, -#endif -#ifndef OPENSSL_NO_TLS1_2 - {"tls1_2", OPT_TLS1_2, '-', "Just use TLSv1.2"}, -#endif -#ifndef OPENSSL_NO_TLS1_3 - {"tls1_3", OPT_TLS1_3, '-', "Just use TLSv1.3"}, -#endif -#ifndef OPENSSL_NO_DTLS - {"dtls", OPT_DTLS, '-', "Use any version of DTLS"}, - {"timeout", OPT_TIMEOUT, '-', - "Enable send/receive timeout on DTLS connections"}, - {"mtu", OPT_MTU, 'p', "Set the link layer MTU"}, -#endif -#ifndef OPENSSL_NO_DTLS1 - {"dtls1", OPT_DTLS1, '-', "Just use DTLSv1"}, -#endif -#ifndef OPENSSL_NO_DTLS1_2 - {"dtls1_2", OPT_DTLS1_2, '-', "Just use DTLSv1.2"}, -#endif -#ifndef OPENSSL_NO_SCTP - {"sctp", OPT_SCTP, '-', "Use SCTP"}, - {"sctp_label_bug", OPT_SCTP_LABEL_BUG, '-', "Enable SCTP label length bug"}, -#endif -#ifndef OPENSSL_NO_NEXTPROTONEG - {"nextprotoneg", OPT_NEXTPROTONEG, 's', - "Enable NPN extension, considering named protocols supported (comma-separated list)"}, -#endif - {"early_data", OPT_EARLY_DATA, '<', "File to send as early data"}, - {"enable_pha", OPT_ENABLE_PHA, '-', "Enable post-handshake-authentication"}, -#ifndef OPENSSL_NO_SRTP - {"use_srtp", OPT_USE_SRTP, 's', - "Offer SRTP key management with a colon-separated profile list"}, -#endif -#ifndef OPENSSL_NO_SRP - {"srpuser", OPT_SRPUSER, 's', "(deprecated) SRP authentication for 'user'"}, - {"srppass", OPT_SRPPASS, 's', "(deprecated) Password for 'user'"}, - {"srp_lateuser", OPT_SRP_LATEUSER, '-', - "(deprecated) SRP username into second ClientHello message"}, - {"srp_moregroups", OPT_SRP_MOREGROUPS, '-', - "(deprecated) Tolerate other than the known g N values."}, - {"srp_strength", OPT_SRP_STRENGTH, 'p', - "(deprecated) Minimal length in bits for N"}, -#endif - - OPT_R_OPTIONS, - OPT_S_OPTIONS, - OPT_V_OPTIONS, - {"CRL", OPT_CRL, '<', "CRL file to use"}, - {"crl_download", OPT_CRL_DOWNLOAD, '-', "Download CRL from distribution points"}, - {"CRLform", OPT_CRLFORM, 'F', "CRL format (PEM or DER); default PEM"}, - {"verify_return_error", OPT_VERIFY_RET_ERROR, '-', - "Close connection on verification error"}, - {"verify_quiet", OPT_VERIFY_QUIET, '-', "Restrict verify output to errors"}, - {"chainCAfile", OPT_CHAINCAFILE, '<', - "CA file for certificate chain (PEM format)"}, - {"chainCApath", OPT_CHAINCAPATH, '/', - "Use dir as certificate store path to build CA certificate chain"}, - {"chainCAstore", OPT_CHAINCASTORE, ':', - "CA store URI for certificate chain"}, - {"verifyCAfile", OPT_VERIFYCAFILE, '<', - "CA file for certificate verification (PEM format)"}, - {"verifyCApath", OPT_VERIFYCAPATH, '/', - "Use dir as certificate store path to verify CA certificate"}, - {"verifyCAstore", OPT_VERIFYCASTORE, ':', - "CA store URI for certificate verification"}, - OPT_X_OPTIONS, - OPT_PROV_OPTIONS, - - OPT_PARAMETERS(), - {"host:port", 0, 0, "Where to connect; same as -connect option"}, - {NULL} -}; - -typedef enum PROTOCOL_choice { - PROTO_OFF, - PROTO_SMTP, - PROTO_POP3, - PROTO_IMAP, - PROTO_FTP, - PROTO_TELNET, - PROTO_XMPP, - PROTO_XMPP_SERVER, - PROTO_IRC, - PROTO_MYSQL, - PROTO_POSTGRES, - PROTO_LMTP, - PROTO_NNTP, - PROTO_SIEVE, - PROTO_LDAP -} PROTOCOL_CHOICE; - -static const OPT_PAIR services[] = { - {"smtp", PROTO_SMTP}, - {"pop3", PROTO_POP3}, - {"imap", PROTO_IMAP}, - {"ftp", PROTO_FTP}, - {"xmpp", PROTO_XMPP}, - {"xmpp-server", PROTO_XMPP_SERVER}, - {"telnet", PROTO_TELNET}, - {"irc", PROTO_IRC}, - {"mysql", PROTO_MYSQL}, - {"postgres", PROTO_POSTGRES}, - {"lmtp", PROTO_LMTP}, - {"nntp", PROTO_NNTP}, - {"sieve", PROTO_SIEVE}, - {"ldap", PROTO_LDAP}, - {NULL, 0} -}; - -#define IS_INET_FLAG(o) \ - (o == OPT_4 || o == OPT_6 || o == OPT_HOST || o == OPT_PORT || o == OPT_CONNECT) -#define IS_UNIX_FLAG(o) (o == OPT_UNIX) - -#define IS_PROT_FLAG(o) \ - (o == OPT_SSL3 || o == OPT_TLS1 || o == OPT_TLS1_1 || o == OPT_TLS1_2 \ - || o == OPT_TLS1_3 || o == OPT_DTLS || o == OPT_DTLS1 || o == OPT_DTLS1_2) - -/* Free |*dest| and optionally set it to a copy of |source|. */ -static void freeandcopy(char **dest, const char *source) -{ - OPENSSL_free(*dest); - *dest = NULL; - if (source != NULL) - *dest = OPENSSL_strdup(source); -} - -static int new_session_cb(SSL *s, SSL_SESSION *sess) -{ - - if (sess_out != NULL) { - BIO *stmp = BIO_new_file(sess_out, "w"); - - if (stmp == NULL) { - BIO_printf(bio_err, "Error writing session file %s\n", sess_out); - } else { - PEM_write_bio_SSL_SESSION(stmp, sess); - BIO_free(stmp); - } - } - - /* - * Session data gets dumped on connection for TLSv1.2 and below, and on - * arrival of the NewSessionTicket for TLSv1.3. - */ - if (SSL_version(s) == TLS1_3_VERSION) { - BIO_printf(bio_c_out, - "---\nPost-Handshake New Session Ticket arrived:\n"); - SSL_SESSION_print(bio_c_out, sess); - BIO_printf(bio_c_out, "---\n"); - } - - /* - * We always return a "fail" response so that the session gets freed again - * because we haven't used the reference. - */ - return 0; -} - -int s_client_main(int argc, char **argv) -{ - BIO *sbio; - EVP_PKEY *key = NULL; - SSL *con = NULL; - SSL_CTX *ctx = NULL; - STACK_OF(X509) *chain = NULL; - X509 *cert = NULL; - X509_VERIFY_PARAM *vpm = NULL; - SSL_EXCERT *exc = NULL; - SSL_CONF_CTX *cctx = NULL; - STACK_OF(OPENSSL_STRING) *ssl_args = NULL; - char *dane_tlsa_domain = NULL; - STACK_OF(OPENSSL_STRING) *dane_tlsa_rrset = NULL; - int dane_ee_no_name = 0; - STACK_OF(X509_CRL) *crls = NULL; - const SSL_METHOD *meth = TLS_client_method(); - const char *CApath = NULL, *CAfile = NULL, *CAstore = NULL; - char *cbuf = NULL, *sbuf = NULL, *mbuf = NULL; - char *proxystr = NULL, *proxyuser = NULL; - char *proxypassarg = NULL, *proxypass = NULL; - char *connectstr = NULL, *bindstr = NULL; - char *cert_file = NULL, *key_file = NULL, *chain_file = NULL; - char *chCApath = NULL, *chCAfile = NULL, *chCAstore = NULL, *host = NULL; - char *thost = NULL, *tport = NULL; - char *port = NULL; - char *bindhost = NULL, *bindport = NULL; - char *passarg = NULL, *pass = NULL; - char *vfyCApath = NULL, *vfyCAfile = NULL, *vfyCAstore = NULL; - char *ReqCAfile = NULL; - char *sess_in = NULL, *crl_file = NULL, *p; - const char *protohost = NULL; - struct timeval timeout, *timeoutp; - fd_set readfds, writefds; - int noCApath = 0, noCAfile = 0, noCAstore = 0; - int build_chain = 0, cbuf_len, cbuf_off, cert_format = FORMAT_UNDEF; - int key_format = FORMAT_UNDEF, crlf = 0, full_log = 1, mbuf_len = 0; - int prexit = 0; - int sdebug = 0; - int reconnect = 0, verify = SSL_VERIFY_NONE, vpmtouched = 0; - int ret = 1, in_init = 1, i, nbio_test = 0, sock = -1, k, width, state = 0; - int sbuf_len, sbuf_off, cmdletters = 1; - int socket_family = AF_UNSPEC, socket_type = SOCK_STREAM, protocol = 0; - int starttls_proto = PROTO_OFF, crl_format = FORMAT_UNDEF, crl_download = 0; - int write_tty, read_tty, write_ssl, read_ssl, tty_on, ssl_pending; -#if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS) - int at_eof = 0; -#endif - int read_buf_len = 0; - int fallback_scsv = 0; - OPTION_CHOICE o; -#ifndef OPENSSL_NO_DTLS - int enable_timeouts = 0; - long socket_mtu = 0; -#endif -#ifndef OPENSSL_NO_ENGINE - ENGINE *ssl_client_engine = NULL; -#endif - ENGINE *e = NULL; -#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) - struct timeval tv; -#endif - const char *servername = NULL; - char *sname_alloc = NULL; - int noservername = 0; - const char *alpn_in = NULL; - tlsextctx tlsextcbp = { NULL, 0 }; - const char *ssl_config = NULL; -#define MAX_SI_TYPES 100 - unsigned short serverinfo_types[MAX_SI_TYPES]; - int serverinfo_count = 0, start = 0, len; -#ifndef OPENSSL_NO_NEXTPROTONEG - const char *next_proto_neg_in = NULL; -#endif -#ifndef OPENSSL_NO_SRP - char *srppass = NULL; - int srp_lateuser = 0; - SRP_ARG srp_arg = { NULL, NULL, 0, 0, 0, 1024 }; -#endif -#ifndef OPENSSL_NO_SRTP - char *srtp_profiles = NULL; -#endif -#ifndef OPENSSL_NO_CT - char *ctlog_file = NULL; - int ct_validation = 0; -#endif - int min_version = 0, max_version = 0, prot_opt = 0, no_prot_opt = 0; - int async = 0; - unsigned int max_send_fragment = 0; - unsigned int split_send_fragment = 0, max_pipelines = 0; - enum { use_inet, use_unix, use_unknown } connect_type = use_unknown; - int count4or6 = 0; - uint8_t maxfraglen = 0; - int c_nbio = 0, c_msg = 0, c_ign_eof = 0, c_brief = 0; - int c_tlsextdebug = 0; -#ifndef OPENSSL_NO_OCSP - int c_status_req = 0; -#endif - BIO *bio_c_msg = NULL; - const char *keylog_file = NULL, *early_data_file = NULL; -#ifndef OPENSSL_NO_DTLS - int isdtls = 0; -#endif - char *psksessf = NULL; - int enable_pha = 0; -#ifndef OPENSSL_NO_SCTP - int sctp_label_bug = 0; -#endif - int ignore_unexpected_eof = 0; - - FD_ZERO(&readfds); - FD_ZERO(&writefds); -/* Known false-positive of MemorySanitizer. */ -#if defined(__has_feature) -# if __has_feature(memory_sanitizer) - __msan_unpoison(&readfds, sizeof(readfds)); - __msan_unpoison(&writefds, sizeof(writefds)); -# endif -#endif - - c_quiet = 0; - c_debug = 0; - c_showcerts = 0; - c_nbio = 0; - port = OPENSSL_strdup(PORT); - vpm = X509_VERIFY_PARAM_new(); - cctx = SSL_CONF_CTX_new(); - - if (port == NULL || vpm == NULL || cctx == NULL) { - BIO_printf(bio_err, "%s: out of memory\n", opt_getprog()); - goto end; - } - - cbuf = app_malloc(BUFSIZZ, "cbuf"); - sbuf = app_malloc(BUFSIZZ, "sbuf"); - mbuf = app_malloc(BUFSIZZ, "mbuf"); - - SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_CLIENT | SSL_CONF_FLAG_CMDLINE); - - prog = opt_init(argc, argv, s_client_options); - while ((o = opt_next()) != OPT_EOF) { - /* Check for intermixing flags. */ - if (connect_type == use_unix && IS_INET_FLAG(o)) { - BIO_printf(bio_err, - "%s: Intermixed protocol flags (unix and internet domains)\n", - prog); - goto end; - } - if (connect_type == use_inet && IS_UNIX_FLAG(o)) { - BIO_printf(bio_err, - "%s: Intermixed protocol flags (internet and unix domains)\n", - prog); - goto end; - } - - if (IS_PROT_FLAG(o) && ++prot_opt > 1) { - BIO_printf(bio_err, "Cannot supply multiple protocol flags\n"); - goto end; - } - if (IS_NO_PROT_FLAG(o)) - no_prot_opt++; - if (prot_opt == 1 && no_prot_opt) { - BIO_printf(bio_err, - "Cannot supply both a protocol flag and '-no_'\n"); - goto end; - } - - switch (o) { - case OPT_EOF: - case OPT_ERR: - opthelp: - BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); - goto end; - case OPT_HELP: - opt_help(s_client_options); - ret = 0; - goto end; - case OPT_4: - connect_type = use_inet; - socket_family = AF_INET; - count4or6++; - break; -#ifdef AF_INET6 - case OPT_6: - connect_type = use_inet; - socket_family = AF_INET6; - count4or6++; - break; -#endif - case OPT_HOST: - connect_type = use_inet; - freeandcopy(&host, opt_arg()); - break; - case OPT_PORT: - connect_type = use_inet; - freeandcopy(&port, opt_arg()); - break; - case OPT_CONNECT: - connect_type = use_inet; - freeandcopy(&connectstr, opt_arg()); - break; - case OPT_BIND: - freeandcopy(&bindstr, opt_arg()); - break; - case OPT_PROXY: - proxystr = opt_arg(); - break; - case OPT_PROXY_USER: - proxyuser = opt_arg(); - break; - case OPT_PROXY_PASS: - proxypassarg = opt_arg(); - break; -#ifdef AF_UNIX - case OPT_UNIX: - connect_type = use_unix; - socket_family = AF_UNIX; - freeandcopy(&host, opt_arg()); - break; -#endif - case OPT_XMPPHOST: - /* fall through, since this is an alias */ - case OPT_PROTOHOST: - protohost = opt_arg(); - break; - case OPT_VERIFY: - verify = SSL_VERIFY_PEER; - verify_args.depth = atoi(opt_arg()); - if (!c_quiet) - BIO_printf(bio_err, "verify depth is %d\n", verify_args.depth); - break; - case OPT_CERT: - cert_file = opt_arg(); - break; - case OPT_NAMEOPT: - if (!set_nameopt(opt_arg())) - goto end; - break; - case OPT_CRL: - crl_file = opt_arg(); - break; - case OPT_CRL_DOWNLOAD: - crl_download = 1; - break; - case OPT_SESS_OUT: - sess_out = opt_arg(); - break; - case OPT_SESS_IN: - sess_in = opt_arg(); - break; - case OPT_CERTFORM: - if (!opt_format(opt_arg(), OPT_FMT_ANY, &cert_format)) - goto opthelp; - break; - case OPT_CRLFORM: - if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &crl_format)) - goto opthelp; - break; - case OPT_VERIFY_RET_ERROR: - verify = SSL_VERIFY_PEER; - verify_args.return_error = 1; - break; - case OPT_VERIFY_QUIET: - verify_args.quiet = 1; - break; - case OPT_BRIEF: - c_brief = verify_args.quiet = c_quiet = 1; - break; - case OPT_S_CASES: - if (ssl_args == NULL) - ssl_args = sk_OPENSSL_STRING_new_null(); - if (ssl_args == NULL - || !sk_OPENSSL_STRING_push(ssl_args, opt_flag()) - || !sk_OPENSSL_STRING_push(ssl_args, opt_arg())) { - BIO_printf(bio_err, "%s: Memory allocation failure\n", prog); - goto end; - } - break; - case OPT_V_CASES: - if (!opt_verify(o, vpm)) - goto end; - vpmtouched++; - break; - case OPT_X_CASES: - if (!args_excert(o, &exc)) - goto end; - break; - case OPT_IGNORE_UNEXPECTED_EOF: - ignore_unexpected_eof = 1; - break; - case OPT_PREXIT: - prexit = 1; - break; - case OPT_CRLF: - crlf = 1; - break; - case OPT_QUIET: - c_quiet = c_ign_eof = 1; - break; - case OPT_NBIO: - c_nbio = 1; - break; - case OPT_NOCMDS: - cmdletters = 0; - break; - case OPT_ENGINE: - e = setup_engine(opt_arg(), 1); - break; - case OPT_SSL_CLIENT_ENGINE: -#ifndef OPENSSL_NO_ENGINE - ssl_client_engine = setup_engine(opt_arg(), 0); - if (ssl_client_engine == NULL) { - BIO_printf(bio_err, "Error getting client auth engine\n"); - goto opthelp; - } -#endif - break; - case OPT_R_CASES: - if (!opt_rand(o)) - goto end; - break; - case OPT_PROV_CASES: - if (!opt_provider(o)) - goto end; - break; - case OPT_IGN_EOF: - c_ign_eof = 1; - break; - case OPT_NO_IGN_EOF: - c_ign_eof = 0; - break; - case OPT_DEBUG: - c_debug = 1; - break; - case OPT_TLSEXTDEBUG: - c_tlsextdebug = 1; - break; - case OPT_STATUS: -#ifndef OPENSSL_NO_OCSP - c_status_req = 1; -#endif - break; - case OPT_WDEBUG: -#ifdef WATT32 - dbug_init(); -#endif - break; - case OPT_MSG: - c_msg = 1; - break; - case OPT_MSGFILE: - bio_c_msg = BIO_new_file(opt_arg(), "w"); - if (bio_c_msg == NULL) { - BIO_printf(bio_err, "Error writing file %s\n", opt_arg()); - goto end; - } - break; - case OPT_TRACE: -#ifndef OPENSSL_NO_SSL_TRACE - c_msg = 2; -#endif - break; - case OPT_SECURITY_DEBUG: - sdebug = 1; - break; - case OPT_SECURITY_DEBUG_VERBOSE: - sdebug = 2; - break; - case OPT_SHOWCERTS: - c_showcerts = 1; - break; - case OPT_NBIO_TEST: - nbio_test = 1; - break; - case OPT_STATE: - state = 1; - break; - case OPT_PSK_IDENTITY: - psk_identity = opt_arg(); - break; - case OPT_PSK: - for (p = psk_key = opt_arg(); *p; p++) { - if (isxdigit(_UC(*p))) - continue; - BIO_printf(bio_err, "Not a hex number '%s'\n", psk_key); - goto end; - } - break; - case OPT_PSK_SESS: - psksessf = opt_arg(); - break; -#ifndef OPENSSL_NO_SRP - case OPT_SRPUSER: - srp_arg.srplogin = opt_arg(); - if (min_version < TLS1_VERSION) - min_version = TLS1_VERSION; - break; - case OPT_SRPPASS: - srppass = opt_arg(); - if (min_version < TLS1_VERSION) - min_version = TLS1_VERSION; - break; - case OPT_SRP_STRENGTH: - srp_arg.strength = atoi(opt_arg()); - BIO_printf(bio_err, "SRP minimal length for N is %d\n", - srp_arg.strength); - if (min_version < TLS1_VERSION) - min_version = TLS1_VERSION; - break; - case OPT_SRP_LATEUSER: - srp_lateuser = 1; - if (min_version < TLS1_VERSION) - min_version = TLS1_VERSION; - break; - case OPT_SRP_MOREGROUPS: - srp_arg.amp = 1; - if (min_version < TLS1_VERSION) - min_version = TLS1_VERSION; - break; -#endif - case OPT_SSL_CONFIG: - ssl_config = opt_arg(); - break; - case OPT_SSL3: - min_version = SSL3_VERSION; - max_version = SSL3_VERSION; - socket_type = SOCK_STREAM; -#ifndef OPENSSL_NO_DTLS - isdtls = 0; -#endif - break; - case OPT_TLS1_3: - min_version = TLS1_3_VERSION; - max_version = TLS1_3_VERSION; - socket_type = SOCK_STREAM; -#ifndef OPENSSL_NO_DTLS - isdtls = 0; -#endif - break; - case OPT_TLS1_2: - min_version = TLS1_2_VERSION; - max_version = TLS1_2_VERSION; - socket_type = SOCK_STREAM; -#ifndef OPENSSL_NO_DTLS - isdtls = 0; -#endif - break; - case OPT_TLS1_1: - min_version = TLS1_1_VERSION; - max_version = TLS1_1_VERSION; - socket_type = SOCK_STREAM; -#ifndef OPENSSL_NO_DTLS - isdtls = 0; -#endif - break; - case OPT_TLS1: - min_version = TLS1_VERSION; - max_version = TLS1_VERSION; - socket_type = SOCK_STREAM; -#ifndef OPENSSL_NO_DTLS - isdtls = 0; -#endif - break; - case OPT_DTLS: -#ifndef OPENSSL_NO_DTLS - meth = DTLS_client_method(); - socket_type = SOCK_DGRAM; - isdtls = 1; -#endif - break; - case OPT_DTLS1: -#ifndef OPENSSL_NO_DTLS1 - meth = DTLS_client_method(); - min_version = DTLS1_VERSION; - max_version = DTLS1_VERSION; - socket_type = SOCK_DGRAM; - isdtls = 1; -#endif - break; - case OPT_DTLS1_2: -#ifndef OPENSSL_NO_DTLS1_2 - meth = DTLS_client_method(); - min_version = DTLS1_2_VERSION; - max_version = DTLS1_2_VERSION; - socket_type = SOCK_DGRAM; - isdtls = 1; -#endif - break; - case OPT_SCTP: -#ifndef OPENSSL_NO_SCTP - protocol = IPPROTO_SCTP; -#endif - break; - case OPT_SCTP_LABEL_BUG: -#ifndef OPENSSL_NO_SCTP - sctp_label_bug = 1; -#endif - break; - case OPT_TIMEOUT: -#ifndef OPENSSL_NO_DTLS - enable_timeouts = 1; -#endif - break; - case OPT_MTU: -#ifndef OPENSSL_NO_DTLS - socket_mtu = atol(opt_arg()); -#endif - break; - case OPT_FALLBACKSCSV: - fallback_scsv = 1; - break; - case OPT_KEYFORM: - if (!opt_format(opt_arg(), OPT_FMT_ANY, &key_format)) - goto opthelp; - break; - case OPT_PASS: - passarg = opt_arg(); - break; - case OPT_CERT_CHAIN: - chain_file = opt_arg(); - break; - case OPT_KEY: - key_file = opt_arg(); - break; - case OPT_RECONNECT: - reconnect = 5; - break; - case OPT_CAPATH: - CApath = opt_arg(); - break; - case OPT_NOCAPATH: - noCApath = 1; - break; - case OPT_CHAINCAPATH: - chCApath = opt_arg(); - break; - case OPT_VERIFYCAPATH: - vfyCApath = opt_arg(); - break; - case OPT_BUILD_CHAIN: - build_chain = 1; - break; - case OPT_REQCAFILE: - ReqCAfile = opt_arg(); - break; - case OPT_CAFILE: - CAfile = opt_arg(); - break; - case OPT_NOCAFILE: - noCAfile = 1; - break; -#ifndef OPENSSL_NO_CT - case OPT_NOCT: - ct_validation = 0; - break; - case OPT_CT: - ct_validation = 1; - break; - case OPT_CTLOG_FILE: - ctlog_file = opt_arg(); - break; -#endif - case OPT_CHAINCAFILE: - chCAfile = opt_arg(); - break; - case OPT_VERIFYCAFILE: - vfyCAfile = opt_arg(); - break; - case OPT_CASTORE: - CAstore = opt_arg(); - break; - case OPT_NOCASTORE: - noCAstore = 1; - break; - case OPT_CHAINCASTORE: - chCAstore = opt_arg(); - break; - case OPT_VERIFYCASTORE: - vfyCAstore = opt_arg(); - break; - case OPT_DANE_TLSA_DOMAIN: - dane_tlsa_domain = opt_arg(); - break; - case OPT_DANE_TLSA_RRDATA: - if (dane_tlsa_rrset == NULL) - dane_tlsa_rrset = sk_OPENSSL_STRING_new_null(); - if (dane_tlsa_rrset == NULL || - !sk_OPENSSL_STRING_push(dane_tlsa_rrset, opt_arg())) { - BIO_printf(bio_err, "%s: Memory allocation failure\n", prog); - goto end; - } - break; - case OPT_DANE_EE_NO_NAME: - dane_ee_no_name = 1; - break; - case OPT_NEXTPROTONEG: -#ifndef OPENSSL_NO_NEXTPROTONEG - next_proto_neg_in = opt_arg(); -#endif - break; - case OPT_ALPN: - alpn_in = opt_arg(); - break; - case OPT_SERVERINFO: - p = opt_arg(); - len = strlen(p); - for (start = 0, i = 0; i <= len; ++i) { - if (i == len || p[i] == ',') { - serverinfo_types[serverinfo_count] = atoi(p + start); - if (++serverinfo_count == MAX_SI_TYPES) - break; - start = i + 1; - } - } - break; - case OPT_STARTTLS: - if (!opt_pair(opt_arg(), services, &starttls_proto)) - goto end; - break; - case OPT_SERVERNAME: - servername = opt_arg(); - break; - case OPT_NOSERVERNAME: - noservername = 1; - break; - case OPT_USE_SRTP: -#ifndef OPENSSL_NO_SRTP - srtp_profiles = opt_arg(); -#endif - break; - case OPT_KEYMATEXPORT: - keymatexportlabel = opt_arg(); - break; - case OPT_KEYMATEXPORTLEN: - keymatexportlen = atoi(opt_arg()); - break; - case OPT_ASYNC: - async = 1; - break; - case OPT_MAXFRAGLEN: - len = atoi(opt_arg()); - switch (len) { - case 512: - maxfraglen = TLSEXT_max_fragment_length_512; - break; - case 1024: - maxfraglen = TLSEXT_max_fragment_length_1024; - break; - case 2048: - maxfraglen = TLSEXT_max_fragment_length_2048; - break; - case 4096: - maxfraglen = TLSEXT_max_fragment_length_4096; - break; - default: - BIO_printf(bio_err, - "%s: Max Fragment Len %u is out of permitted values", - prog, len); - goto opthelp; - } - break; - case OPT_MAX_SEND_FRAG: - max_send_fragment = atoi(opt_arg()); - break; - case OPT_SPLIT_SEND_FRAG: - split_send_fragment = atoi(opt_arg()); - break; - case OPT_MAX_PIPELINES: - max_pipelines = atoi(opt_arg()); - break; - case OPT_READ_BUF: - read_buf_len = atoi(opt_arg()); - break; - case OPT_KEYLOG_FILE: - keylog_file = opt_arg(); - break; - case OPT_EARLY_DATA: - early_data_file = opt_arg(); - break; - case OPT_ENABLE_PHA: - enable_pha = 1; - break; - } - } - - /* Optional argument is connect string if -connect not used. */ - argc = opt_num_rest(); - if (argc == 1) { - /* Don't allow -connect and a separate argument. */ - if (connectstr != NULL) { - BIO_printf(bio_err, - "%s: cannot provide both -connect option and target parameter\n", - prog); - goto opthelp; - } - connect_type = use_inet; - freeandcopy(&connectstr, *opt_rest()); - } else if (argc != 0) { - goto opthelp; - } - if (!app_RAND_load()) - goto end; - - if (count4or6 >= 2) { - BIO_printf(bio_err, "%s: Can't use both -4 and -6\n", prog); - goto opthelp; - } - if (noservername) { - if (servername != NULL) { - BIO_printf(bio_err, - "%s: Can't use -servername and -noservername together\n", - prog); - goto opthelp; - } - if (dane_tlsa_domain != NULL) { - BIO_printf(bio_err, - "%s: Can't use -dane_tlsa_domain and -noservername together\n", - prog); - goto opthelp; - } - } - -#ifndef OPENSSL_NO_NEXTPROTONEG - if (min_version == TLS1_3_VERSION && next_proto_neg_in != NULL) { - BIO_printf(bio_err, "Cannot supply -nextprotoneg with TLSv1.3\n"); - goto opthelp; - } -#endif - - if (connectstr != NULL) { - int res; - char *tmp_host = host, *tmp_port = port; - - res = BIO_parse_hostserv(connectstr, &host, &port, BIO_PARSE_PRIO_HOST); - if (tmp_host != host) - OPENSSL_free(tmp_host); - if (tmp_port != port) - OPENSSL_free(tmp_port); - if (!res) { - BIO_printf(bio_err, - "%s: -connect argument or target parameter malformed or ambiguous\n", - prog); - goto end; - } - } - - if (proxystr != NULL) { - int res; - char *tmp_host = host, *tmp_port = port; - - if (host == NULL || port == NULL) { - BIO_printf(bio_err, "%s: -proxy requires use of -connect or target parameter\n", prog); - goto opthelp; - } - - if (servername == NULL && !noservername) { - servername = sname_alloc = OPENSSL_strdup(host); - if (sname_alloc == NULL) { - BIO_printf(bio_err, "%s: out of memory\n", prog); - goto end; - } - } - - /* Retain the original target host:port for use in the HTTP proxy connect string */ - thost = OPENSSL_strdup(host); - tport = OPENSSL_strdup(port); - if (thost == NULL || tport == NULL) { - BIO_printf(bio_err, "%s: out of memory\n", prog); - goto end; - } - - res = BIO_parse_hostserv(proxystr, &host, &port, BIO_PARSE_PRIO_HOST); - if (tmp_host != host) - OPENSSL_free(tmp_host); - if (tmp_port != port) - OPENSSL_free(tmp_port); - if (!res) { - BIO_printf(bio_err, - "%s: -proxy argument malformed or ambiguous\n", prog); - goto end; - } - } - - if (bindstr != NULL) { - int res; - res = BIO_parse_hostserv(bindstr, &bindhost, &bindport, - BIO_PARSE_PRIO_HOST); - if (!res) { - BIO_printf(bio_err, - "%s: -bind argument parameter malformed or ambiguous\n", - prog); - goto end; - } - } - -#ifdef AF_UNIX - if (socket_family == AF_UNIX && socket_type != SOCK_STREAM) { - BIO_printf(bio_err, - "Can't use unix sockets and datagrams together\n"); - goto end; - } -#endif - -#ifndef OPENSSL_NO_SCTP - if (protocol == IPPROTO_SCTP) { - if (socket_type != SOCK_DGRAM) { - BIO_printf(bio_err, "Can't use -sctp without DTLS\n"); - goto end; - } - /* SCTP is unusual. It uses DTLS over a SOCK_STREAM protocol */ - socket_type = SOCK_STREAM; - } -#endif - -#if !defined(OPENSSL_NO_NEXTPROTONEG) - next_proto.status = -1; - if (next_proto_neg_in) { - next_proto.data = - next_protos_parse(&next_proto.len, next_proto_neg_in); - if (next_proto.data == NULL) { - BIO_printf(bio_err, "Error parsing -nextprotoneg argument\n"); - goto end; - } - } else - next_proto.data = NULL; -#endif - - if (!app_passwd(passarg, NULL, &pass, NULL)) { - BIO_printf(bio_err, "Error getting private key password\n"); - goto end; - } - - if (!app_passwd(proxypassarg, NULL, &proxypass, NULL)) { - BIO_printf(bio_err, "Error getting proxy password\n"); - goto end; - } - - if (proxypass != NULL && proxyuser == NULL) { - BIO_printf(bio_err, "Error: Must specify proxy_user with proxy_pass\n"); - goto end; - } - - if (key_file == NULL) - key_file = cert_file; - - if (key_file != NULL) { - key = load_key(key_file, key_format, 0, pass, e, - "client certificate private key"); - if (key == NULL) - goto end; - } - - if (cert_file != NULL) { - cert = load_cert_pass(cert_file, cert_format, 1, pass, - "client certificate"); - if (cert == NULL) - goto end; - } - - if (chain_file != NULL) { - if (!load_certs(chain_file, 0, &chain, pass, "client certificate chain")) - goto end; - } - - if (crl_file != NULL) { - X509_CRL *crl; - crl = load_crl(crl_file, crl_format, 0, "CRL"); - if (crl == NULL) - goto end; - crls = sk_X509_CRL_new_null(); - if (crls == NULL || !sk_X509_CRL_push(crls, crl)) { - BIO_puts(bio_err, "Error adding CRL\n"); - ERR_print_errors(bio_err); - X509_CRL_free(crl); - goto end; - } - } - - if (!load_excert(&exc)) - goto end; - - if (bio_c_out == NULL) { - if (c_quiet && !c_debug) { - bio_c_out = BIO_new(BIO_s_null()); - if (c_msg && bio_c_msg == NULL) { - bio_c_msg = dup_bio_out(FORMAT_TEXT); - if (bio_c_msg == NULL) { - BIO_printf(bio_err, "Out of memory\n"); - goto end; - } - } - } else { - bio_c_out = dup_bio_out(FORMAT_TEXT); - } - - if (bio_c_out == NULL) { - BIO_printf(bio_err, "Unable to create BIO\n"); - goto end; - } - } -#ifndef OPENSSL_NO_SRP - if (!app_passwd(srppass, NULL, &srp_arg.srppassin, NULL)) { - BIO_printf(bio_err, "Error getting password\n"); - goto end; - } -#endif - - ctx = SSL_CTX_new_ex(app_get0_libctx(), app_get0_propq(), meth); - if (ctx == NULL) { - ERR_print_errors(bio_err); - goto end; - } - - SSL_CTX_clear_mode(ctx, SSL_MODE_AUTO_RETRY); - - if (sdebug) - ssl_ctx_security_debug(ctx, sdebug); - - if (!config_ctx(cctx, ssl_args, ctx)) - goto end; - - if (ssl_config != NULL) { - if (SSL_CTX_config(ctx, ssl_config) == 0) { - BIO_printf(bio_err, "Error using configuration \"%s\"\n", - ssl_config); - ERR_print_errors(bio_err); - goto end; - } - } - -#ifndef OPENSSL_NO_SCTP - if (protocol == IPPROTO_SCTP && sctp_label_bug == 1) - SSL_CTX_set_mode(ctx, SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG); -#endif - - if (min_version != 0 - && SSL_CTX_set_min_proto_version(ctx, min_version) == 0) - goto end; - if (max_version != 0 - && SSL_CTX_set_max_proto_version(ctx, max_version) == 0) - goto end; - - if (ignore_unexpected_eof) - SSL_CTX_set_options(ctx, SSL_OP_IGNORE_UNEXPECTED_EOF); - - if (vpmtouched && !SSL_CTX_set1_param(ctx, vpm)) { - BIO_printf(bio_err, "Error setting verify params\n"); - ERR_print_errors(bio_err); - goto end; - } - - if (async) { - SSL_CTX_set_mode(ctx, SSL_MODE_ASYNC); - } - - if (max_send_fragment > 0 - && !SSL_CTX_set_max_send_fragment(ctx, max_send_fragment)) { - BIO_printf(bio_err, "%s: Max send fragment size %u is out of permitted range\n", - prog, max_send_fragment); - goto end; - } - - if (split_send_fragment > 0 - && !SSL_CTX_set_split_send_fragment(ctx, split_send_fragment)) { - BIO_printf(bio_err, "%s: Split send fragment size %u is out of permitted range\n", - prog, split_send_fragment); - goto end; - } - - if (max_pipelines > 0 - && !SSL_CTX_set_max_pipelines(ctx, max_pipelines)) { - BIO_printf(bio_err, "%s: Max pipelines %u is out of permitted range\n", - prog, max_pipelines); - goto end; - } - - if (read_buf_len > 0) { - SSL_CTX_set_default_read_buffer_len(ctx, read_buf_len); - } - - if (maxfraglen > 0 - && !SSL_CTX_set_tlsext_max_fragment_length(ctx, maxfraglen)) { - BIO_printf(bio_err, - "%s: Max Fragment Length code %u is out of permitted values" - "\n", prog, maxfraglen); - goto end; - } - - if (!ssl_load_stores(ctx, - vfyCApath, vfyCAfile, vfyCAstore, - chCApath, chCAfile, chCAstore, - crls, crl_download)) { - BIO_printf(bio_err, "Error loading store locations\n"); - ERR_print_errors(bio_err); - goto end; - } - if (ReqCAfile != NULL) { - STACK_OF(X509_NAME) *nm = sk_X509_NAME_new_null(); - - if (nm == NULL || !SSL_add_file_cert_subjects_to_stack(nm, ReqCAfile)) { - sk_X509_NAME_pop_free(nm, X509_NAME_free); - BIO_printf(bio_err, "Error loading CA names\n"); - ERR_print_errors(bio_err); - goto end; - } - SSL_CTX_set0_CA_list(ctx, nm); - } -#ifndef OPENSSL_NO_ENGINE - if (ssl_client_engine) { - if (!SSL_CTX_set_client_cert_engine(ctx, ssl_client_engine)) { - BIO_puts(bio_err, "Error setting client auth engine\n"); - ERR_print_errors(bio_err); - release_engine(ssl_client_engine); - goto end; - } - release_engine(ssl_client_engine); - } -#endif - -#ifndef OPENSSL_NO_PSK - if (psk_key != NULL) { - if (c_debug) - BIO_printf(bio_c_out, "PSK key given, setting client callback\n"); - SSL_CTX_set_psk_client_callback(ctx, psk_client_cb); - } -#endif - if (psksessf != NULL) { - BIO *stmp = BIO_new_file(psksessf, "r"); - - if (stmp == NULL) { - BIO_printf(bio_err, "Can't open PSK session file %s\n", psksessf); - ERR_print_errors(bio_err); - goto end; - } - psksess = PEM_read_bio_SSL_SESSION(stmp, NULL, 0, NULL); - BIO_free(stmp); - if (psksess == NULL) { - BIO_printf(bio_err, "Can't read PSK session file %s\n", psksessf); - ERR_print_errors(bio_err); - goto end; - } - } - if (psk_key != NULL || psksess != NULL) - SSL_CTX_set_psk_use_session_callback(ctx, psk_use_session_cb); - -#ifndef OPENSSL_NO_SRTP - if (srtp_profiles != NULL) { - /* Returns 0 on success! */ - if (SSL_CTX_set_tlsext_use_srtp(ctx, srtp_profiles) != 0) { - BIO_printf(bio_err, "Error setting SRTP profile\n"); - ERR_print_errors(bio_err); - goto end; - } - } -#endif - - if (exc != NULL) - ssl_ctx_set_excert(ctx, exc); - -#if !defined(OPENSSL_NO_NEXTPROTONEG) - if (next_proto.data != NULL) - SSL_CTX_set_next_proto_select_cb(ctx, next_proto_cb, &next_proto); -#endif - if (alpn_in) { - size_t alpn_len; - unsigned char *alpn = next_protos_parse(&alpn_len, alpn_in); - - if (alpn == NULL) { - BIO_printf(bio_err, "Error parsing -alpn argument\n"); - goto end; - } - /* Returns 0 on success! */ - if (SSL_CTX_set_alpn_protos(ctx, alpn, alpn_len) != 0) { - BIO_printf(bio_err, "Error setting ALPN\n"); - goto end; - } - OPENSSL_free(alpn); - } - - for (i = 0; i < serverinfo_count; i++) { - if (!SSL_CTX_add_client_custom_ext(ctx, - serverinfo_types[i], - NULL, NULL, NULL, - serverinfo_cli_parse_cb, NULL)) { - BIO_printf(bio_err, - "Warning: Unable to add custom extension %u, skipping\n", - serverinfo_types[i]); - } - } - - if (state) - SSL_CTX_set_info_callback(ctx, apps_ssl_info_callback); - -#ifndef OPENSSL_NO_CT - /* Enable SCT processing, without early connection termination */ - if (ct_validation && - !SSL_CTX_enable_ct(ctx, SSL_CT_VALIDATION_PERMISSIVE)) { - ERR_print_errors(bio_err); - goto end; - } - - if (!ctx_set_ctlog_list_file(ctx, ctlog_file)) { - if (ct_validation) { - ERR_print_errors(bio_err); - goto end; - } - - /* - * If CT validation is not enabled, the log list isn't needed so don't - * show errors or abort. We try to load it regardless because then we - * can show the names of the logs any SCTs came from (SCTs may be seen - * even with validation disabled). - */ - ERR_clear_error(); - } -#endif - - SSL_CTX_set_verify(ctx, verify, verify_callback); - - if (!ctx_set_verify_locations(ctx, CAfile, noCAfile, CApath, noCApath, - CAstore, noCAstore)) { - ERR_print_errors(bio_err); - goto end; - } - - ssl_ctx_add_crls(ctx, crls, crl_download); - - if (!set_cert_key_stuff(ctx, cert, key, chain, build_chain)) - goto end; - - if (!noservername) { - tlsextcbp.biodebug = bio_err; - SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb); - SSL_CTX_set_tlsext_servername_arg(ctx, &tlsextcbp); - } -#ifndef OPENSSL_NO_SRP - if (srp_arg.srplogin != NULL - && !set_up_srp_arg(ctx, &srp_arg, srp_lateuser, c_msg, c_debug)) - goto end; -# endif - - if (dane_tlsa_domain != NULL) { - if (SSL_CTX_dane_enable(ctx) <= 0) { - BIO_printf(bio_err, - "%s: Error enabling DANE TLSA authentication.\n", - prog); - ERR_print_errors(bio_err); - goto end; - } - } - - /* - * In TLSv1.3 NewSessionTicket messages arrive after the handshake and can - * come at any time. Therefore we use a callback to write out the session - * when we know about it. This approach works for < TLSv1.3 as well. - */ - SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_CLIENT - | SSL_SESS_CACHE_NO_INTERNAL_STORE); - SSL_CTX_sess_set_new_cb(ctx, new_session_cb); - - if (set_keylog_file(ctx, keylog_file)) - goto end; - - con = SSL_new(ctx); - if (con == NULL) - goto end; - - if (enable_pha) - SSL_set_post_handshake_auth(con, 1); - - if (sess_in != NULL) { - SSL_SESSION *sess; - BIO *stmp = BIO_new_file(sess_in, "r"); - if (stmp == NULL) { - BIO_printf(bio_err, "Can't open session file %s\n", sess_in); - ERR_print_errors(bio_err); - goto end; - } - sess = PEM_read_bio_SSL_SESSION(stmp, NULL, 0, NULL); - BIO_free(stmp); - if (sess == NULL) { - BIO_printf(bio_err, "Can't open session file %s\n", sess_in); - ERR_print_errors(bio_err); - goto end; - } - if (!SSL_set_session(con, sess)) { - BIO_printf(bio_err, "Can't set session\n"); - ERR_print_errors(bio_err); - goto end; - } - - SSL_SESSION_free(sess); - } - - if (fallback_scsv) - SSL_set_mode(con, SSL_MODE_SEND_FALLBACK_SCSV); - - if (!noservername && (servername != NULL || dane_tlsa_domain == NULL)) { - if (servername == NULL) { - if(host == NULL || is_dNS_name(host)) - servername = (host == NULL) ? "localhost" : host; - } - if (servername != NULL && !SSL_set_tlsext_host_name(con, servername)) { - BIO_printf(bio_err, "Unable to set TLS servername extension.\n"); - ERR_print_errors(bio_err); - goto end; - } - } - - if (dane_tlsa_domain != NULL) { - if (SSL_dane_enable(con, dane_tlsa_domain) <= 0) { - BIO_printf(bio_err, "%s: Error enabling DANE TLSA " - "authentication.\n", prog); - ERR_print_errors(bio_err); - goto end; - } - if (dane_tlsa_rrset == NULL) { - BIO_printf(bio_err, "%s: DANE TLSA authentication requires at " - "least one -dane_tlsa_rrdata option.\n", prog); - goto end; - } - if (tlsa_import_rrset(con, dane_tlsa_rrset) <= 0) { - BIO_printf(bio_err, "%s: Failed to import any TLSA " - "records.\n", prog); - goto end; - } - if (dane_ee_no_name) - SSL_dane_set_flags(con, DANE_FLAG_NO_DANE_EE_NAMECHECKS); - } else if (dane_tlsa_rrset != NULL) { - BIO_printf(bio_err, "%s: DANE TLSA authentication requires the " - "-dane_tlsa_domain option.\n", prog); - goto end; - } - - re_start: - if (init_client(&sock, host, port, bindhost, bindport, socket_family, - socket_type, protocol) == 0) { - BIO_printf(bio_err, "connect:errno=%d\n", get_last_socket_error()); - BIO_closesocket(sock); - goto end; - } - BIO_printf(bio_c_out, "CONNECTED(%08X)\n", sock); - - if (c_nbio) { - if (!BIO_socket_nbio(sock, 1)) { - ERR_print_errors(bio_err); - goto end; - } - BIO_printf(bio_c_out, "Turned on non blocking io\n"); - } -#ifndef OPENSSL_NO_DTLS - if (isdtls) { - union BIO_sock_info_u peer_info; - -#ifndef OPENSSL_NO_SCTP - if (protocol == IPPROTO_SCTP) - sbio = BIO_new_dgram_sctp(sock, BIO_NOCLOSE); - else -#endif - sbio = BIO_new_dgram(sock, BIO_NOCLOSE); - - if (sbio == NULL || (peer_info.addr = BIO_ADDR_new()) == NULL) { - BIO_printf(bio_err, "memory allocation failure\n"); - BIO_free(sbio); - BIO_closesocket(sock); - goto end; - } - if (!BIO_sock_info(sock, BIO_SOCK_INFO_ADDRESS, &peer_info)) { - BIO_printf(bio_err, "getsockname:errno=%d\n", - get_last_socket_error()); - BIO_free(sbio); - BIO_ADDR_free(peer_info.addr); - BIO_closesocket(sock); - goto end; - } - - (void)BIO_ctrl_set_connected(sbio, peer_info.addr); - BIO_ADDR_free(peer_info.addr); - peer_info.addr = NULL; - - if (enable_timeouts) { - timeout.tv_sec = 0; - timeout.tv_usec = DGRAM_RCV_TIMEOUT; - BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_RECV_TIMEOUT, 0, &timeout); - - timeout.tv_sec = 0; - timeout.tv_usec = DGRAM_SND_TIMEOUT; - BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_SEND_TIMEOUT, 0, &timeout); - } - - if (socket_mtu) { - if (socket_mtu < DTLS_get_link_min_mtu(con)) { - BIO_printf(bio_err, "MTU too small. Must be at least %ld\n", - DTLS_get_link_min_mtu(con)); - BIO_free(sbio); - goto shut; - } - SSL_set_options(con, SSL_OP_NO_QUERY_MTU); - if (!DTLS_set_link_mtu(con, socket_mtu)) { - BIO_printf(bio_err, "Failed to set MTU\n"); - BIO_free(sbio); - goto shut; - } - } else { - /* want to do MTU discovery */ - BIO_ctrl(sbio, BIO_CTRL_DGRAM_MTU_DISCOVER, 0, NULL); - } - } else -#endif /* OPENSSL_NO_DTLS */ - sbio = BIO_new_socket(sock, BIO_NOCLOSE); - - if (sbio == NULL) { - BIO_printf(bio_err, "Unable to create BIO\n"); - ERR_print_errors(bio_err); - BIO_closesocket(sock); - goto end; - } - - if (nbio_test) { - BIO *test; - - test = BIO_new(BIO_f_nbio_test()); - if (test == NULL) { - BIO_printf(bio_err, "Unable to create BIO\n"); - BIO_free(sbio); - goto shut; - } - sbio = BIO_push(test, sbio); - } - - if (c_debug) { - BIO_set_callback_ex(sbio, bio_dump_callback); - BIO_set_callback_arg(sbio, (char *)bio_c_out); - } - if (c_msg) { -#ifndef OPENSSL_NO_SSL_TRACE - if (c_msg == 2) - SSL_set_msg_callback(con, SSL_trace); - else -#endif - SSL_set_msg_callback(con, msg_cb); - SSL_set_msg_callback_arg(con, bio_c_msg ? bio_c_msg : bio_c_out); - } - - if (c_tlsextdebug) { - SSL_set_tlsext_debug_callback(con, tlsext_cb); - SSL_set_tlsext_debug_arg(con, bio_c_out); - } -#ifndef OPENSSL_NO_OCSP - if (c_status_req) { - SSL_set_tlsext_status_type(con, TLSEXT_STATUSTYPE_ocsp); - SSL_CTX_set_tlsext_status_cb(ctx, ocsp_resp_cb); - SSL_CTX_set_tlsext_status_arg(ctx, bio_c_out); - } -#endif - - SSL_set_bio(con, sbio, sbio); - SSL_set_connect_state(con); - - /* ok, lets connect */ - if (fileno_stdin() > SSL_get_fd(con)) - width = fileno_stdin() + 1; - else - width = SSL_get_fd(con) + 1; - - read_tty = 1; - write_tty = 0; - tty_on = 0; - read_ssl = 1; - write_ssl = 1; - - cbuf_len = 0; - cbuf_off = 0; - sbuf_len = 0; - sbuf_off = 0; - - if (proxystr != NULL) { - /* Here we must use the connect string target host & port */ - if (!OSSL_HTTP_proxy_connect(sbio, thost, tport, proxyuser, proxypass, - 0 /* no timeout */, bio_err, prog)) - goto shut; - } - - switch ((PROTOCOL_CHOICE) starttls_proto) { - case PROTO_OFF: - break; - case PROTO_LMTP: - case PROTO_SMTP: - { - /* - * This is an ugly hack that does a lot of assumptions. We do - * have to handle multi-line responses which may come in a single - * packet or not. We therefore have to use BIO_gets() which does - * need a buffering BIO. So during the initial chitchat we do - * push a buffering BIO into the chain that is removed again - * later on to not disturb the rest of the s_client operation. - */ - int foundit = 0; - BIO *fbio = BIO_new(BIO_f_buffer()); - - if (fbio == NULL) { - BIO_printf(bio_err, "Unable to create BIO\n"); - goto shut; - } - BIO_push(fbio, sbio); - /* Wait for multi-line response to end from LMTP or SMTP */ - do { - mbuf_len = BIO_gets(fbio, mbuf, BUFSIZZ); - } while (mbuf_len > 3 && mbuf[3] == '-'); - if (protohost == NULL) - protohost = "mail.example.com"; - if (starttls_proto == (int)PROTO_LMTP) - BIO_printf(fbio, "LHLO %s\r\n", protohost); - else - BIO_printf(fbio, "EHLO %s\r\n", protohost); - (void)BIO_flush(fbio); - /* - * Wait for multi-line response to end LHLO LMTP or EHLO SMTP - * response. - */ - do { - mbuf_len = BIO_gets(fbio, mbuf, BUFSIZZ); - if (strstr(mbuf, "STARTTLS")) - foundit = 1; - } while (mbuf_len > 3 && mbuf[3] == '-'); - (void)BIO_flush(fbio); - BIO_pop(fbio); - BIO_free(fbio); - if (!foundit) - BIO_printf(bio_err, - "Didn't find STARTTLS in server response," - " trying anyway...\n"); - BIO_printf(sbio, "STARTTLS\r\n"); - BIO_read(sbio, sbuf, BUFSIZZ); - } - break; - case PROTO_POP3: - { - BIO_read(sbio, mbuf, BUFSIZZ); - BIO_printf(sbio, "STLS\r\n"); - mbuf_len = BIO_read(sbio, sbuf, BUFSIZZ); - if (mbuf_len < 0) { - BIO_printf(bio_err, "BIO_read failed\n"); - goto end; - } - } - break; - case PROTO_IMAP: - { - int foundit = 0; - BIO *fbio = BIO_new(BIO_f_buffer()); - - if (fbio == NULL) { - BIO_printf(bio_err, "Unable to create BIO\n"); - goto shut; - } - BIO_push(fbio, sbio); - BIO_gets(fbio, mbuf, BUFSIZZ); - /* STARTTLS command requires CAPABILITY... */ - BIO_printf(fbio, ". CAPABILITY\r\n"); - (void)BIO_flush(fbio); - /* wait for multi-line CAPABILITY response */ - do { - mbuf_len = BIO_gets(fbio, mbuf, BUFSIZZ); - if (strstr(mbuf, "STARTTLS")) - foundit = 1; - } - while (mbuf_len > 3 && mbuf[0] != '.'); - (void)BIO_flush(fbio); - BIO_pop(fbio); - BIO_free(fbio); - if (!foundit) - BIO_printf(bio_err, - "Didn't find STARTTLS in server response," - " trying anyway...\n"); - BIO_printf(sbio, ". STARTTLS\r\n"); - BIO_read(sbio, sbuf, BUFSIZZ); - } - break; - case PROTO_FTP: - { - BIO *fbio = BIO_new(BIO_f_buffer()); - - if (fbio == NULL) { - BIO_printf(bio_err, "Unable to create BIO\n"); - goto shut; - } - BIO_push(fbio, sbio); - /* wait for multi-line response to end from FTP */ - do { - mbuf_len = BIO_gets(fbio, mbuf, BUFSIZZ); - } - while (mbuf_len > 3 && (!isdigit(mbuf[0]) || !isdigit(mbuf[1]) || !isdigit(mbuf[2]) || mbuf[3] != ' ')); - (void)BIO_flush(fbio); - BIO_pop(fbio); - BIO_free(fbio); - BIO_printf(sbio, "AUTH TLS\r\n"); - BIO_read(sbio, sbuf, BUFSIZZ); - } - break; - case PROTO_XMPP: - case PROTO_XMPP_SERVER: - { - int seen = 0; - BIO_printf(sbio, "", - starttls_proto == PROTO_XMPP ? "client" : "server", - protohost ? protohost : host); - seen = BIO_read(sbio, mbuf, BUFSIZZ); - if (seen < 0) { - BIO_printf(bio_err, "BIO_read failed\n"); - goto end; - } - mbuf[seen] = '\0'; - while (!strstr - (mbuf, ""); - seen = BIO_read(sbio, sbuf, BUFSIZZ); - if (seen < 0) { - BIO_printf(bio_err, "BIO_read failed\n"); - goto shut; - } - sbuf[seen] = '\0'; - if (!strstr(sbuf, "= bytes) { - BIO_printf(bio_err, "Cannot confirm server version. "); - goto shut; - } else if (packet[pos++] == '\0') { - break; - } - } - - /* make sure we have at least 15 bytes left in the packet */ - if (pos + 15 > bytes) { - BIO_printf(bio_err, - "MySQL server handshake packet is broken.\n"); - goto shut; - } - - pos += 12; /* skip over conn id[4] + SALT[8] */ - if (packet[pos++] != '\0') { /* verify filler */ - BIO_printf(bio_err, - "MySQL packet is broken.\n"); - goto shut; - } - - /* capability flags[2] */ - if (!((packet[pos] + (packet[pos + 1] << 8)) & ssl_flg)) { - BIO_printf(bio_err, "MySQL server does not support SSL.\n"); - goto shut; - } - - /* Sending SSL Handshake packet. */ - BIO_write(sbio, ssl_req, sizeof(ssl_req)); - (void)BIO_flush(sbio); - } - break; - case PROTO_POSTGRES: - { - static const unsigned char ssl_request[] = { - /* Length SSLRequest */ - 0, 0, 0, 8, 4, 210, 22, 47 - }; - int bytes; - - /* Send SSLRequest packet */ - BIO_write(sbio, ssl_request, 8); - (void)BIO_flush(sbio); - - /* Reply will be a single S if SSL is enabled */ - bytes = BIO_read(sbio, sbuf, BUFSIZZ); - if (bytes != 1 || sbuf[0] != 'S') - goto shut; - } - break; - case PROTO_NNTP: - { - int foundit = 0; - BIO *fbio = BIO_new(BIO_f_buffer()); - - if (fbio == NULL) { - BIO_printf(bio_err, "Unable to create BIO\n"); - goto end; - } - BIO_push(fbio, sbio); - BIO_gets(fbio, mbuf, BUFSIZZ); - /* STARTTLS command requires CAPABILITIES... */ - BIO_printf(fbio, "CAPABILITIES\r\n"); - (void)BIO_flush(fbio); - BIO_gets(fbio, mbuf, BUFSIZZ); - /* no point in trying to parse the CAPABILITIES response if there is none */ - if (strstr(mbuf, "101") != NULL) { - /* wait for multi-line CAPABILITIES response */ - do { - mbuf_len = BIO_gets(fbio, mbuf, BUFSIZZ); - if (strstr(mbuf, "STARTTLS")) - foundit = 1; - } while (mbuf_len > 1 && mbuf[0] != '.'); - } - (void)BIO_flush(fbio); - BIO_pop(fbio); - BIO_free(fbio); - if (!foundit) - BIO_printf(bio_err, - "Didn't find STARTTLS in server response," - " trying anyway...\n"); - BIO_printf(sbio, "STARTTLS\r\n"); - mbuf_len = BIO_read(sbio, mbuf, BUFSIZZ); - if (mbuf_len < 0) { - BIO_printf(bio_err, "BIO_read failed\n"); - goto end; - } - mbuf[mbuf_len] = '\0'; - if (strstr(mbuf, "382") == NULL) { - BIO_printf(bio_err, "STARTTLS failed: %s", mbuf); - goto shut; - } - } - break; - case PROTO_SIEVE: - { - int foundit = 0; - BIO *fbio = BIO_new(BIO_f_buffer()); - - if (fbio == NULL) { - BIO_printf(bio_err, "Unable to create BIO\n"); - goto end; - } - BIO_push(fbio, sbio); - /* wait for multi-line response to end from Sieve */ - do { - mbuf_len = BIO_gets(fbio, mbuf, BUFSIZZ); - /* - * According to RFC 5804 § 1.7, capability - * is case-insensitive, make it uppercase - */ - if (mbuf_len > 1 && mbuf[0] == '"') { - make_uppercase(mbuf); - if (strncmp(mbuf, "\"STARTTLS\"", 10) == 0) - foundit = 1; - } - } while (mbuf_len > 1 && mbuf[0] == '"'); - (void)BIO_flush(fbio); - BIO_pop(fbio); - BIO_free(fbio); - if (!foundit) - BIO_printf(bio_err, - "Didn't find STARTTLS in server response," - " trying anyway...\n"); - BIO_printf(sbio, "STARTTLS\r\n"); - mbuf_len = BIO_read(sbio, mbuf, BUFSIZZ); - if (mbuf_len < 0) { - BIO_printf(bio_err, "BIO_read failed\n"); - goto end; - } - mbuf[mbuf_len] = '\0'; - if (mbuf_len < 2) { - BIO_printf(bio_err, "STARTTLS failed: %s", mbuf); - goto shut; - } - /* - * According to RFC 5804 § 2.2, response codes are case- - * insensitive, make it uppercase but preserve the response. - */ - strncpy(sbuf, mbuf, 2); - make_uppercase(sbuf); - if (strncmp(sbuf, "OK", 2) != 0) { - BIO_printf(bio_err, "STARTTLS not supported: %s", mbuf); - goto shut; - } - } - break; - case PROTO_LDAP: - { - /* StartTLS Operation according to RFC 4511 */ - static char ldap_tls_genconf[] = "asn1=SEQUENCE:LDAPMessage\n" - "[LDAPMessage]\n" - "messageID=INTEGER:1\n" - "extendedReq=EXPLICIT:23A,IMPLICIT:0C," - "FORMAT:ASCII,OCT:1.3.6.1.4.1.1466.20037\n"; - long errline = -1; - char *genstr = NULL; - int result = -1; - ASN1_TYPE *atyp = NULL; - BIO *ldapbio = BIO_new(BIO_s_mem()); - CONF *cnf = NCONF_new(NULL); - - if (ldapbio == NULL || cnf == NULL) { - BIO_free(ldapbio); - NCONF_free(cnf); - goto end; - } - BIO_puts(ldapbio, ldap_tls_genconf); - if (NCONF_load_bio(cnf, ldapbio, &errline) <= 0) { - BIO_free(ldapbio); - NCONF_free(cnf); - if (errline <= 0) { - BIO_printf(bio_err, "NCONF_load_bio failed\n"); - goto end; - } else { - BIO_printf(bio_err, "Error on line %ld\n", errline); - goto end; - } - } - BIO_free(ldapbio); - genstr = NCONF_get_string(cnf, "default", "asn1"); - if (genstr == NULL) { - NCONF_free(cnf); - BIO_printf(bio_err, "NCONF_get_string failed\n"); - goto end; - } - atyp = ASN1_generate_nconf(genstr, cnf); - if (atyp == NULL) { - NCONF_free(cnf); - BIO_printf(bio_err, "ASN1_generate_nconf failed\n"); - goto end; - } - NCONF_free(cnf); - - /* Send SSLRequest packet */ - BIO_write(sbio, atyp->value.sequence->data, - atyp->value.sequence->length); - (void)BIO_flush(sbio); - ASN1_TYPE_free(atyp); - - mbuf_len = BIO_read(sbio, mbuf, BUFSIZZ); - if (mbuf_len < 0) { - BIO_printf(bio_err, "BIO_read failed\n"); - goto end; - } - result = ldap_ExtendedResponse_parse(mbuf, mbuf_len); - if (result < 0) { - BIO_printf(bio_err, "ldap_ExtendedResponse_parse failed\n"); - goto shut; - } else if (result > 0) { - BIO_printf(bio_err, "STARTTLS failed, LDAP Result Code: %i\n", - result); - goto shut; - } - mbuf_len = 0; - } - break; - } - - if (early_data_file != NULL - && ((SSL_get0_session(con) != NULL - && SSL_SESSION_get_max_early_data(SSL_get0_session(con)) > 0) - || (psksess != NULL - && SSL_SESSION_get_max_early_data(psksess) > 0))) { - BIO *edfile = BIO_new_file(early_data_file, "r"); - size_t readbytes, writtenbytes; - int finish = 0; - - if (edfile == NULL) { - BIO_printf(bio_err, "Cannot open early data file\n"); - goto shut; - } - - while (!finish) { - if (!BIO_read_ex(edfile, cbuf, BUFSIZZ, &readbytes)) - finish = 1; - - while (!SSL_write_early_data(con, cbuf, readbytes, &writtenbytes)) { - switch (SSL_get_error(con, 0)) { - case SSL_ERROR_WANT_WRITE: - case SSL_ERROR_WANT_ASYNC: - case SSL_ERROR_WANT_READ: - /* Just keep trying - busy waiting */ - continue; - default: - BIO_printf(bio_err, "Error writing early data\n"); - BIO_free(edfile); - ERR_print_errors(bio_err); - goto shut; - } - } - } - - BIO_free(edfile); - } - - for (;;) { - FD_ZERO(&readfds); - FD_ZERO(&writefds); - - if (SSL_is_dtls(con) && DTLSv1_get_timeout(con, &timeout)) - timeoutp = &timeout; - else - timeoutp = NULL; - - if (!SSL_is_init_finished(con) && SSL_total_renegotiations(con) == 0 - && SSL_get_key_update_type(con) == SSL_KEY_UPDATE_NONE) { - in_init = 1; - tty_on = 0; - } else { - tty_on = 1; - if (in_init) { - in_init = 0; - if (c_brief) { - BIO_puts(bio_err, "CONNECTION ESTABLISHED\n"); - print_ssl_summary(con); - } - - print_stuff(bio_c_out, con, full_log); - if (full_log > 0) - full_log--; - - if (starttls_proto) { - BIO_write(bio_err, mbuf, mbuf_len); - /* We don't need to know any more */ - if (!reconnect) - starttls_proto = PROTO_OFF; - } - - if (reconnect) { - reconnect--; - BIO_printf(bio_c_out, - "drop connection and then reconnect\n"); - do_ssl_shutdown(con); - SSL_set_connect_state(con); - BIO_closesocket(SSL_get_fd(con)); - goto re_start; - } - } - } - - ssl_pending = read_ssl && SSL_has_pending(con); - - if (!ssl_pending) { -#if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS) - if (tty_on) { - /* - * Note that select() returns when read _would not block_, - * and EOF satisfies that. To avoid a CPU-hogging loop, - * set the flag so we exit. - */ - if (read_tty && !at_eof) - openssl_fdset(fileno_stdin(), &readfds); -#if !defined(OPENSSL_SYS_VMS) - if (write_tty) - openssl_fdset(fileno_stdout(), &writefds); -#endif - } - if (read_ssl) - openssl_fdset(SSL_get_fd(con), &readfds); - if (write_ssl) - openssl_fdset(SSL_get_fd(con), &writefds); -#else - if (!tty_on || !write_tty) { - if (read_ssl) - openssl_fdset(SSL_get_fd(con), &readfds); - if (write_ssl) - openssl_fdset(SSL_get_fd(con), &writefds); - } -#endif - - /* - * Note: under VMS with SOCKETSHR the second parameter is - * currently of type (int *) whereas under other systems it is - * (void *) if you don't have a cast it will choke the compiler: - * if you do have a cast then you can either go for (int *) or - * (void *). - */ -#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) - /* - * Under Windows/DOS we make the assumption that we can always - * write to the tty: therefore if we need to write to the tty we - * just fall through. Otherwise we timeout the select every - * second and see if there are any keypresses. Note: this is a - * hack, in a proper Windows application we wouldn't do this. - */ - i = 0; - if (!write_tty) { - if (read_tty) { - tv.tv_sec = 1; - tv.tv_usec = 0; - i = select(width, (void *)&readfds, (void *)&writefds, - NULL, &tv); - if (!i && (!has_stdin_waiting() || !read_tty)) - continue; - } else - i = select(width, (void *)&readfds, (void *)&writefds, - NULL, timeoutp); - } -#else - i = select(width, (void *)&readfds, (void *)&writefds, - NULL, timeoutp); -#endif - if (i < 0) { - BIO_printf(bio_err, "bad select %d\n", - get_last_socket_error()); - goto shut; - } - } - - if (SSL_is_dtls(con) && DTLSv1_handle_timeout(con) > 0) - BIO_printf(bio_err, "TIMEOUT occurred\n"); - - if (!ssl_pending && FD_ISSET(SSL_get_fd(con), &writefds)) { - k = SSL_write(con, &(cbuf[cbuf_off]), (unsigned int)cbuf_len); - switch (SSL_get_error(con, k)) { - case SSL_ERROR_NONE: - cbuf_off += k; - cbuf_len -= k; - if (k <= 0) - goto end; - /* we have done a write(con,NULL,0); */ - if (cbuf_len <= 0) { - read_tty = 1; - write_ssl = 0; - } else { /* if (cbuf_len > 0) */ - - read_tty = 0; - write_ssl = 1; - } - break; - case SSL_ERROR_WANT_WRITE: - BIO_printf(bio_c_out, "write W BLOCK\n"); - write_ssl = 1; - read_tty = 0; - break; - case SSL_ERROR_WANT_ASYNC: - BIO_printf(bio_c_out, "write A BLOCK\n"); - wait_for_async(con); - write_ssl = 1; - read_tty = 0; - break; - case SSL_ERROR_WANT_READ: - BIO_printf(bio_c_out, "write R BLOCK\n"); - write_tty = 0; - read_ssl = 1; - write_ssl = 0; - break; - case SSL_ERROR_WANT_X509_LOOKUP: - BIO_printf(bio_c_out, "write X BLOCK\n"); - break; - case SSL_ERROR_ZERO_RETURN: - if (cbuf_len != 0) { - BIO_printf(bio_c_out, "shutdown\n"); - ret = 0; - goto shut; - } else { - read_tty = 1; - write_ssl = 0; - break; - } - - case SSL_ERROR_SYSCALL: - if ((k != 0) || (cbuf_len != 0)) { - BIO_printf(bio_err, "write:errno=%d\n", - get_last_socket_error()); - goto shut; - } else { - read_tty = 1; - write_ssl = 0; - } - break; - case SSL_ERROR_WANT_ASYNC_JOB: - /* This shouldn't ever happen in s_client - treat as an error */ - case SSL_ERROR_SSL: - ERR_print_errors(bio_err); - goto shut; - } - } -#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VMS) - /* Assume Windows/DOS/BeOS can always write */ - else if (!ssl_pending && write_tty) -#else - else if (!ssl_pending && FD_ISSET(fileno_stdout(), &writefds)) -#endif - { -#ifdef CHARSET_EBCDIC - ascii2ebcdic(&(sbuf[sbuf_off]), &(sbuf[sbuf_off]), sbuf_len); -#endif - i = raw_write_stdout(&(sbuf[sbuf_off]), sbuf_len); - - if (i <= 0) { - BIO_printf(bio_c_out, "DONE\n"); - ret = 0; - goto shut; - } - - sbuf_len -= i; - sbuf_off += i; - if (sbuf_len <= 0) { - read_ssl = 1; - write_tty = 0; - } - } else if (ssl_pending || FD_ISSET(SSL_get_fd(con), &readfds)) { -#ifdef RENEG - { - static int iiii; - if (++iiii == 52) { - SSL_renegotiate(con); - iiii = 0; - } - } -#endif - k = SSL_read(con, sbuf, 1024 /* BUFSIZZ */ ); - - switch (SSL_get_error(con, k)) { - case SSL_ERROR_NONE: - if (k <= 0) - goto end; - sbuf_off = 0; - sbuf_len = k; - - read_ssl = 0; - write_tty = 1; - break; - case SSL_ERROR_WANT_ASYNC: - BIO_printf(bio_c_out, "read A BLOCK\n"); - wait_for_async(con); - write_tty = 0; - read_ssl = 1; - if ((read_tty == 0) && (write_ssl == 0)) - write_ssl = 1; - break; - case SSL_ERROR_WANT_WRITE: - BIO_printf(bio_c_out, "read W BLOCK\n"); - write_ssl = 1; - read_tty = 0; - break; - case SSL_ERROR_WANT_READ: - BIO_printf(bio_c_out, "read R BLOCK\n"); - write_tty = 0; - read_ssl = 1; - if ((read_tty == 0) && (write_ssl == 0)) - write_ssl = 1; - break; - case SSL_ERROR_WANT_X509_LOOKUP: - BIO_printf(bio_c_out, "read X BLOCK\n"); - break; - case SSL_ERROR_SYSCALL: - ret = get_last_socket_error(); - if (c_brief) - BIO_puts(bio_err, "CONNECTION CLOSED BY SERVER\n"); - else - BIO_printf(bio_err, "read:errno=%d\n", ret); - goto shut; - case SSL_ERROR_ZERO_RETURN: - BIO_printf(bio_c_out, "closed\n"); - ret = 0; - goto shut; - case SSL_ERROR_WANT_ASYNC_JOB: - /* This shouldn't ever happen in s_client. Treat as an error */ - case SSL_ERROR_SSL: - ERR_print_errors(bio_err); - goto shut; - } - } -/* OPENSSL_SYS_MSDOS includes OPENSSL_SYS_WINDOWS */ -#if defined(OPENSSL_SYS_MSDOS) - else if (has_stdin_waiting()) -#else - else if (FD_ISSET(fileno_stdin(), &readfds)) -#endif - { - if (crlf) { - int j, lf_num; - - i = raw_read_stdin(cbuf, BUFSIZZ / 2); - lf_num = 0; - /* both loops are skipped when i <= 0 */ - for (j = 0; j < i; j++) - if (cbuf[j] == '\n') - lf_num++; - for (j = i - 1; j >= 0; j--) { - cbuf[j + lf_num] = cbuf[j]; - if (cbuf[j] == '\n') { - lf_num--; - i++; - cbuf[j + lf_num] = '\r'; - } - } - assert(lf_num == 0); - } else - i = raw_read_stdin(cbuf, BUFSIZZ); -#if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS) - if (i == 0) - at_eof = 1; -#endif - - if ((!c_ign_eof) && ((i <= 0) || (cbuf[0] == 'Q' && cmdletters))) { - BIO_printf(bio_err, "DONE\n"); - ret = 0; - goto shut; - } - - if ((!c_ign_eof) && (cbuf[0] == 'R' && cmdletters)) { - BIO_printf(bio_err, "RENEGOTIATING\n"); - SSL_renegotiate(con); - cbuf_len = 0; - } else if (!c_ign_eof && (cbuf[0] == 'K' || cbuf[0] == 'k' ) - && cmdletters) { - BIO_printf(bio_err, "KEYUPDATE\n"); - SSL_key_update(con, - cbuf[0] == 'K' ? SSL_KEY_UPDATE_REQUESTED - : SSL_KEY_UPDATE_NOT_REQUESTED); - cbuf_len = 0; - } else { - cbuf_len = i; - cbuf_off = 0; -#ifdef CHARSET_EBCDIC - ebcdic2ascii(cbuf, cbuf, i); -#endif - } - - write_ssl = 1; - read_tty = 0; - } - } - - shut: - if (in_init) - print_stuff(bio_c_out, con, full_log); - do_ssl_shutdown(con); - - /* - * If we ended with an alert being sent, but still with data in the - * network buffer to be read, then calling BIO_closesocket() will - * result in a TCP-RST being sent. On some platforms (notably - * Windows) then this will result in the peer immediately abandoning - * the connection including any buffered alert data before it has - * had a chance to be read. Shutting down the sending side first, - * and then closing the socket sends TCP-FIN first followed by - * TCP-RST. This seems to allow the peer to read the alert data. - */ - shutdown(SSL_get_fd(con), 1); /* SHUT_WR */ - /* - * We just said we have nothing else to say, but it doesn't mean that - * the other side has nothing. It's even recommended to consume incoming - * data. [In testing context this ensures that alerts are passed on...] - */ - timeout.tv_sec = 0; - timeout.tv_usec = 500000; /* some extreme round-trip */ - do { - FD_ZERO(&readfds); - openssl_fdset(sock, &readfds); - } while (select(sock + 1, &readfds, NULL, NULL, &timeout) > 0 - && BIO_read(sbio, sbuf, BUFSIZZ) > 0); - - BIO_closesocket(SSL_get_fd(con)); - end: - if (con != NULL) { - if (prexit != 0) - print_stuff(bio_c_out, con, 1); - SSL_free(con); - } - SSL_SESSION_free(psksess); -#if !defined(OPENSSL_NO_NEXTPROTONEG) - OPENSSL_free(next_proto.data); -#endif - SSL_CTX_free(ctx); - set_keylog_file(NULL, NULL); - X509_free(cert); - sk_X509_CRL_pop_free(crls, X509_CRL_free); - EVP_PKEY_free(key); - sk_X509_pop_free(chain, X509_free); - OPENSSL_free(pass); -#ifndef OPENSSL_NO_SRP - OPENSSL_free(srp_arg.srppassin); -#endif - OPENSSL_free(sname_alloc); - OPENSSL_free(connectstr); - OPENSSL_free(bindstr); - OPENSSL_free(bindhost); - OPENSSL_free(bindport); - OPENSSL_free(host); - OPENSSL_free(port); - OPENSSL_free(thost); - OPENSSL_free(tport); - X509_VERIFY_PARAM_free(vpm); - ssl_excert_free(exc); - sk_OPENSSL_STRING_free(ssl_args); - sk_OPENSSL_STRING_free(dane_tlsa_rrset); - SSL_CONF_CTX_free(cctx); - OPENSSL_clear_free(cbuf, BUFSIZZ); - OPENSSL_clear_free(sbuf, BUFSIZZ); - OPENSSL_clear_free(mbuf, BUFSIZZ); - clear_free(proxypass); - release_engine(e); - BIO_free(bio_c_out); - bio_c_out = NULL; - BIO_free(bio_c_msg); - bio_c_msg = NULL; - return ret; -} - -static void print_stuff(BIO *bio, SSL *s, int full) -{ - X509 *peer = NULL; - STACK_OF(X509) *sk; - const SSL_CIPHER *c; - EVP_PKEY *public_key; - int i, istls13 = (SSL_version(s) == TLS1_3_VERSION); - long verify_result; -#ifndef OPENSSL_NO_COMP - const COMP_METHOD *comp, *expansion; -#endif - unsigned char *exportedkeymat; -#ifndef OPENSSL_NO_CT - const SSL_CTX *ctx = SSL_get_SSL_CTX(s); -#endif - - if (full) { - int got_a_chain = 0; - - sk = SSL_get_peer_cert_chain(s); - if (sk != NULL) { - got_a_chain = 1; - - BIO_printf(bio, "---\nCertificate chain\n"); - for (i = 0; i < sk_X509_num(sk); i++) { - BIO_printf(bio, "%2d s:", i); - X509_NAME_print_ex(bio, X509_get_subject_name(sk_X509_value(sk, i)), 0, get_nameopt()); - BIO_puts(bio, "\n"); - BIO_printf(bio, " i:"); - X509_NAME_print_ex(bio, X509_get_issuer_name(sk_X509_value(sk, i)), 0, get_nameopt()); - BIO_puts(bio, "\n"); - public_key = X509_get_pubkey(sk_X509_value(sk, i)); - if (public_key != NULL) { - BIO_printf(bio, " a:PKEY: %s, %d (bit); sigalg: %s\n", - OBJ_nid2sn(EVP_PKEY_get_base_id(public_key)), - EVP_PKEY_get_bits(public_key), - OBJ_nid2sn(X509_get_signature_nid(sk_X509_value(sk, i)))); - EVP_PKEY_free(public_key); - } - BIO_printf(bio, " v:NotBefore: "); - ASN1_TIME_print(bio, X509_get0_notBefore(sk_X509_value(sk, i))); - BIO_printf(bio, "; NotAfter: "); - ASN1_TIME_print(bio, X509_get0_notAfter(sk_X509_value(sk, i))); - BIO_puts(bio, "\n"); - if (c_showcerts) - PEM_write_bio_X509(bio, sk_X509_value(sk, i)); - } - } - - BIO_printf(bio, "---\n"); - peer = SSL_get0_peer_certificate(s); - if (peer != NULL) { - BIO_printf(bio, "Server certificate\n"); - - /* Redundant if we showed the whole chain */ - if (!(c_showcerts && got_a_chain)) - PEM_write_bio_X509(bio, peer); - dump_cert_text(bio, peer); - } else { - BIO_printf(bio, "no peer certificate available\n"); - } - print_ca_names(bio, s); - - ssl_print_sigalgs(bio, s); - ssl_print_tmp_key(bio, s); - -#ifndef OPENSSL_NO_CT - /* - * When the SSL session is anonymous, or resumed via an abbreviated - * handshake, no SCTs are provided as part of the handshake. While in - * a resumed session SCTs may be present in the session's certificate, - * no callbacks are invoked to revalidate these, and in any case that - * set of SCTs may be incomplete. Thus it makes little sense to - * attempt to display SCTs from a resumed session's certificate, and of - * course none are associated with an anonymous peer. - */ - if (peer != NULL && !SSL_session_reused(s) && SSL_ct_is_enabled(s)) { - const STACK_OF(SCT) *scts = SSL_get0_peer_scts(s); - int sct_count = scts != NULL ? sk_SCT_num(scts) : 0; - - BIO_printf(bio, "---\nSCTs present (%i)\n", sct_count); - if (sct_count > 0) { - const CTLOG_STORE *log_store = SSL_CTX_get0_ctlog_store(ctx); - - BIO_printf(bio, "---\n"); - for (i = 0; i < sct_count; ++i) { - SCT *sct = sk_SCT_value(scts, i); - - BIO_printf(bio, "SCT validation status: %s\n", - SCT_validation_status_string(sct)); - SCT_print(sct, bio, 0, log_store); - if (i < sct_count - 1) - BIO_printf(bio, "\n---\n"); - } - BIO_printf(bio, "\n"); - } - } -#endif - - BIO_printf(bio, - "---\nSSL handshake has read %ju bytes " - "and written %ju bytes\n", - BIO_number_read(SSL_get_rbio(s)), - BIO_number_written(SSL_get_wbio(s))); - } - print_verify_detail(s, bio); - BIO_printf(bio, (SSL_session_reused(s) ? "---\nReused, " : "---\nNew, ")); - c = SSL_get_current_cipher(s); - BIO_printf(bio, "%s, Cipher is %s\n", - SSL_CIPHER_get_version(c), SSL_CIPHER_get_name(c)); - if (peer != NULL) { - EVP_PKEY *pktmp; - - pktmp = X509_get0_pubkey(peer); - BIO_printf(bio, "Server public key is %d bit\n", - EVP_PKEY_get_bits(pktmp)); - } - BIO_printf(bio, "Secure Renegotiation IS%s supported\n", - SSL_get_secure_renegotiation_support(s) ? "" : " NOT"); -#ifndef OPENSSL_NO_COMP - comp = SSL_get_current_compression(s); - expansion = SSL_get_current_expansion(s); - BIO_printf(bio, "Compression: %s\n", - comp ? SSL_COMP_get_name(comp) : "NONE"); - BIO_printf(bio, "Expansion: %s\n", - expansion ? SSL_COMP_get_name(expansion) : "NONE"); -#endif -#ifndef OPENSSL_NO_KTLS - if (BIO_get_ktls_send(SSL_get_wbio(s))) - BIO_printf(bio_err, "Using Kernel TLS for sending\n"); - if (BIO_get_ktls_recv(SSL_get_rbio(s))) - BIO_printf(bio_err, "Using Kernel TLS for receiving\n"); -#endif - - if (OSSL_TRACE_ENABLED(TLS)) { - /* Print out local port of connection: useful for debugging */ - int sock; - union BIO_sock_info_u info; - - sock = SSL_get_fd(s); - if ((info.addr = BIO_ADDR_new()) != NULL - && BIO_sock_info(sock, BIO_SOCK_INFO_ADDRESS, &info)) { - BIO_printf(bio_c_out, "LOCAL PORT is %u\n", - ntohs(BIO_ADDR_rawport(info.addr))); - } - BIO_ADDR_free(info.addr); - } - -#if !defined(OPENSSL_NO_NEXTPROTONEG) - if (next_proto.status != -1) { - const unsigned char *proto; - unsigned int proto_len; - SSL_get0_next_proto_negotiated(s, &proto, &proto_len); - BIO_printf(bio, "Next protocol: (%d) ", next_proto.status); - BIO_write(bio, proto, proto_len); - BIO_write(bio, "\n", 1); - } -#endif - { - const unsigned char *proto; - unsigned int proto_len; - SSL_get0_alpn_selected(s, &proto, &proto_len); - if (proto_len > 0) { - BIO_printf(bio, "ALPN protocol: "); - BIO_write(bio, proto, proto_len); - BIO_write(bio, "\n", 1); - } else - BIO_printf(bio, "No ALPN negotiated\n"); - } - -#ifndef OPENSSL_NO_SRTP - { - SRTP_PROTECTION_PROFILE *srtp_profile = - SSL_get_selected_srtp_profile(s); - - if (srtp_profile) - BIO_printf(bio, "SRTP Extension negotiated, profile=%s\n", - srtp_profile->name); - } -#endif - - if (istls13) { - switch (SSL_get_early_data_status(s)) { - case SSL_EARLY_DATA_NOT_SENT: - BIO_printf(bio, "Early data was not sent\n"); - break; - - case SSL_EARLY_DATA_REJECTED: - BIO_printf(bio, "Early data was rejected\n"); - break; - - case SSL_EARLY_DATA_ACCEPTED: - BIO_printf(bio, "Early data was accepted\n"); - break; - - } - - /* - * We also print the verify results when we dump session information, - * but in TLSv1.3 we may not get that right away (or at all) depending - * on when we get a NewSessionTicket. Therefore we print it now as well. - */ - verify_result = SSL_get_verify_result(s); - BIO_printf(bio, "Verify return code: %ld (%s)\n", verify_result, - X509_verify_cert_error_string(verify_result)); - } else { - /* In TLSv1.3 we do this on arrival of a NewSessionTicket */ - SSL_SESSION_print(bio, SSL_get_session(s)); - } - - if (SSL_get_session(s) != NULL && keymatexportlabel != NULL) { - BIO_printf(bio, "Keying material exporter:\n"); - BIO_printf(bio, " Label: '%s'\n", keymatexportlabel); - BIO_printf(bio, " Length: %i bytes\n", keymatexportlen); - exportedkeymat = app_malloc(keymatexportlen, "export key"); - if (SSL_export_keying_material(s, exportedkeymat, - keymatexportlen, - keymatexportlabel, - strlen(keymatexportlabel), - NULL, 0, 0) <= 0) { - BIO_printf(bio, " Error\n"); - } else { - BIO_printf(bio, " Keying material: "); - for (i = 0; i < keymatexportlen; i++) - BIO_printf(bio, "%02X", exportedkeymat[i]); - BIO_printf(bio, "\n"); - } - OPENSSL_free(exportedkeymat); - } - BIO_printf(bio, "---\n"); - /* flush, or debugging output gets mixed with http response */ - (void)BIO_flush(bio); -} - -# ifndef OPENSSL_NO_OCSP -static int ocsp_resp_cb(SSL *s, void *arg) -{ - const unsigned char *p; - int len; - OCSP_RESPONSE *rsp; - len = SSL_get_tlsext_status_ocsp_resp(s, &p); - BIO_puts(arg, "OCSP response: "); - if (p == NULL) { - BIO_puts(arg, "no response sent\n"); - return 1; - } - rsp = d2i_OCSP_RESPONSE(NULL, &p, len); - if (rsp == NULL) { - BIO_puts(arg, "response parse error\n"); - BIO_dump_indent(arg, (char *)p, len, 4); - return 0; - } - BIO_puts(arg, "\n======================================\n"); - OCSP_RESPONSE_print(arg, rsp, 0); - BIO_puts(arg, "======================================\n"); - OCSP_RESPONSE_free(rsp); - return 1; -} -# endif - -static int ldap_ExtendedResponse_parse(const char *buf, long rem) -{ - const unsigned char *cur, *end; - long len; - int tag, xclass, inf, ret = -1; - - cur = (const unsigned char *)buf; - end = cur + rem; - - /* - * From RFC 4511: - * - * LDAPMessage ::= SEQUENCE { - * messageID MessageID, - * protocolOp CHOICE { - * ... - * extendedResp ExtendedResponse, - * ... }, - * controls [0] Controls OPTIONAL } - * - * ExtendedResponse ::= [APPLICATION 24] SEQUENCE { - * COMPONENTS OF LDAPResult, - * responseName [10] LDAPOID OPTIONAL, - * responseValue [11] OCTET STRING OPTIONAL } - * - * LDAPResult ::= SEQUENCE { - * resultCode ENUMERATED { - * success (0), - * ... - * other (80), - * ... }, - * matchedDN LDAPDN, - * diagnosticMessage LDAPString, - * referral [3] Referral OPTIONAL } - */ - - /* pull SEQUENCE */ - inf = ASN1_get_object(&cur, &len, &tag, &xclass, rem); - if (inf != V_ASN1_CONSTRUCTED || tag != V_ASN1_SEQUENCE || - (rem = end - cur, len > rem)) { - BIO_printf(bio_err, "Unexpected LDAP response\n"); - goto end; - } - - rem = len; /* ensure that we don't overstep the SEQUENCE */ - - /* pull MessageID */ - inf = ASN1_get_object(&cur, &len, &tag, &xclass, rem); - if (inf != V_ASN1_UNIVERSAL || tag != V_ASN1_INTEGER || - (rem = end - cur, len > rem)) { - BIO_printf(bio_err, "No MessageID\n"); - goto end; - } - - cur += len; /* shall we check for MessageId match or just skip? */ - - /* pull [APPLICATION 24] */ - rem = end - cur; - inf = ASN1_get_object(&cur, &len, &tag, &xclass, rem); - if (inf != V_ASN1_CONSTRUCTED || xclass != V_ASN1_APPLICATION || - tag != 24) { - BIO_printf(bio_err, "Not ExtendedResponse\n"); - goto end; - } - - /* pull resultCode */ - rem = end - cur; - inf = ASN1_get_object(&cur, &len, &tag, &xclass, rem); - if (inf != V_ASN1_UNIVERSAL || tag != V_ASN1_ENUMERATED || len == 0 || - (rem = end - cur, len > rem)) { - BIO_printf(bio_err, "Not LDAPResult\n"); - goto end; - } - - /* len should always be one, but just in case... */ - for (ret = 0, inf = 0; inf < len; inf++) { - ret <<= 8; - ret |= cur[inf]; - } - /* There is more data, but we don't care... */ - end: - return ret; -} - -/* - * Host dNS Name verifier: used for checking that the hostname is in dNS format - * before setting it as SNI - */ -static int is_dNS_name(const char *host) -{ - const size_t MAX_LABEL_LENGTH = 63; - size_t i; - int isdnsname = 0; - size_t length = strlen(host); - size_t label_length = 0; - int all_numeric = 1; - - /* - * Deviation from strict DNS name syntax, also check names with '_' - * Check DNS name syntax, any '-' or '.' must be internal, - * and on either side of each '.' we can't have a '-' or '.'. - * - * If the name has just one label, we don't consider it a DNS name. - */ - for (i = 0; i < length && label_length < MAX_LABEL_LENGTH; ++i) { - char c = host[i]; - - if ((c >= 'a' && c <= 'z') - || (c >= 'A' && c <= 'Z') - || c == '_') { - label_length += 1; - all_numeric = 0; - continue; - } - - if (c >= '0' && c <= '9') { - label_length += 1; - continue; - } - - /* Dot and hyphen cannot be first or last. */ - if (i > 0 && i < length - 1) { - if (c == '-') { - label_length += 1; - continue; - } - /* - * Next to a dot the preceding and following characters must not be - * another dot or a hyphen. Otherwise, record that the name is - * plausible, since it has two or more labels. - */ - if (c == '.' - && host[i + 1] != '.' - && host[i - 1] != '-' - && host[i + 1] != '-') { - label_length = 0; - isdnsname = 1; - continue; - } - } - isdnsname = 0; - break; - } - - /* dNS name must not be all numeric and labels must be shorter than 64 characters. */ - isdnsname &= !all_numeric && !(label_length == MAX_LABEL_LENGTH); - - return isdnsname; -} -#endif /* OPENSSL_NO_SOCK */ diff --git a/apps/s_server.c b/apps/s_server.c deleted file mode 100644 index cfd3deb1bea20077b012d151e214be77b71942d1..0000000000000000000000000000000000000000 --- a/apps/s_server.c +++ /dev/null @@ -1,3790 +0,0 @@ -/* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. - * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved - * Copyright 2005 Nokia. All rights reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include -#if defined(_WIN32) -/* Included before async.h to avoid some warnings */ -# include -#endif - -#include -#include -#include -#include - -#ifndef OPENSSL_NO_SOCK - -/* - * With IPv6, it looks like Digital has mixed up the proper order of - * recursive header file inclusion, resulting in the compiler complaining - * that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which is - * needed to have fileno() declared correctly... So let's define u_int - */ -#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__U_INT) -# define __U_INT -typedef unsigned int u_int; -#endif - -#include -#include "apps.h" -#include "progs.h" -#include -#include -#include -#include -#include -#include -#ifndef OPENSSL_NO_DH -# include -#endif -#include -#include "s_apps.h" -#include "timeouts.h" -#ifdef CHARSET_EBCDIC -#include -#endif -#include "internal/sockets.h" - -static int not_resumable_sess_cb(SSL *s, int is_forward_secure); -static int sv_body(int s, int stype, int prot, unsigned char *context); -static int www_body(int s, int stype, int prot, unsigned char *context); -static int rev_body(int s, int stype, int prot, unsigned char *context); -static void close_accept_socket(void); -static int init_ssl_connection(SSL *s); -static void print_stats(BIO *bp, SSL_CTX *ctx); -static int generate_session_id(SSL *ssl, unsigned char *id, - unsigned int *id_len); -static void init_session_cache_ctx(SSL_CTX *sctx); -static void free_sessions(void); -static void print_connection_info(SSL *con); - -static const int bufsize = 16 * 1024; -static int accept_socket = -1; - -#define TEST_CERT "server.pem" -#define TEST_CERT2 "server2.pem" - -static int s_nbio = 0; -static int s_nbio_test = 0; -static int s_crlf = 0; -static SSL_CTX *ctx = NULL; -static SSL_CTX *ctx2 = NULL; -static int www = 0; - -static BIO *bio_s_out = NULL; -static BIO *bio_s_msg = NULL; -static int s_debug = 0; -static int s_tlsextdebug = 0; -static int s_msg = 0; -static int s_quiet = 0; -static int s_ign_eof = 0; -static int s_brief = 0; - -static char *keymatexportlabel = NULL; -static int keymatexportlen = 20; - -static int async = 0; - -static int use_sendfile = 0; - -static const char *session_id_prefix = NULL; - -#ifndef OPENSSL_NO_DTLS -static int enable_timeouts = 0; -static long socket_mtu; -#endif - -/* - * We define this but make it always be 0 in no-dtls builds to simplify the - * code. - */ -static int dtlslisten = 0; -static int stateless = 0; - -static int early_data = 0; -static SSL_SESSION *psksess = NULL; - -static char *psk_identity = "Client_identity"; -char *psk_key = NULL; /* by default PSK is not used */ - -static char http_server_binmode = 0; /* for now: 0/1 = default/binary */ - -#ifndef OPENSSL_NO_PSK -static unsigned int psk_server_cb(SSL *ssl, const char *identity, - unsigned char *psk, - unsigned int max_psk_len) -{ - long key_len = 0; - unsigned char *key; - - if (s_debug) - BIO_printf(bio_s_out, "psk_server_cb\n"); - - if (!SSL_is_dtls(ssl) && SSL_version(ssl) >= TLS1_3_VERSION) { - /* - * This callback is designed for use in (D)TLSv1.2 (or below). It is - * possible to use a single callback for all protocol versions - but it - * is preferred to use a dedicated callback for TLSv1.3. For TLSv1.3 we - * have psk_find_session_cb. - */ - return 0; - } - - if (identity == NULL) { - BIO_printf(bio_err, "Error: client did not send PSK identity\n"); - goto out_err; - } - if (s_debug) - BIO_printf(bio_s_out, "identity_len=%d identity=%s\n", - (int)strlen(identity), identity); - - /* here we could lookup the given identity e.g. from a database */ - if (strcmp(identity, psk_identity) != 0) { - BIO_printf(bio_s_out, "PSK warning: client identity not what we expected" - " (got '%s' expected '%s')\n", identity, psk_identity); - } else { - if (s_debug) - BIO_printf(bio_s_out, "PSK client identity found\n"); - } - - /* convert the PSK key to binary */ - key = OPENSSL_hexstr2buf(psk_key, &key_len); - if (key == NULL) { - BIO_printf(bio_err, "Could not convert PSK key '%s' to buffer\n", - psk_key); - return 0; - } - if (key_len > (int)max_psk_len) { - BIO_printf(bio_err, - "psk buffer of callback is too small (%d) for key (%ld)\n", - max_psk_len, key_len); - OPENSSL_free(key); - return 0; - } - - memcpy(psk, key, key_len); - OPENSSL_free(key); - - if (s_debug) - BIO_printf(bio_s_out, "fetched PSK len=%ld\n", key_len); - return key_len; - out_err: - if (s_debug) - BIO_printf(bio_err, "Error in PSK server callback\n"); - (void)BIO_flush(bio_err); - (void)BIO_flush(bio_s_out); - return 0; -} -#endif - -static int psk_find_session_cb(SSL *ssl, const unsigned char *identity, - size_t identity_len, SSL_SESSION **sess) -{ - SSL_SESSION *tmpsess = NULL; - unsigned char *key; - long key_len; - const SSL_CIPHER *cipher = NULL; - - if (strlen(psk_identity) != identity_len - || memcmp(psk_identity, identity, identity_len) != 0) { - *sess = NULL; - return 1; - } - - if (psksess != NULL) { - SSL_SESSION_up_ref(psksess); - *sess = psksess; - return 1; - } - - key = OPENSSL_hexstr2buf(psk_key, &key_len); - if (key == NULL) { - BIO_printf(bio_err, "Could not convert PSK key '%s' to buffer\n", - psk_key); - return 0; - } - - /* We default to SHA256 */ - cipher = SSL_CIPHER_find(ssl, tls13_aes128gcmsha256_id); - if (cipher == NULL) { - BIO_printf(bio_err, "Error finding suitable ciphersuite\n"); - OPENSSL_free(key); - return 0; - } - - tmpsess = SSL_SESSION_new(); - if (tmpsess == NULL - || !SSL_SESSION_set1_master_key(tmpsess, key, key_len) - || !SSL_SESSION_set_cipher(tmpsess, cipher) - || !SSL_SESSION_set_protocol_version(tmpsess, SSL_version(ssl))) { - OPENSSL_free(key); - return 0; - } - OPENSSL_free(key); - *sess = tmpsess; - - return 1; -} - -#ifndef OPENSSL_NO_SRP -static srpsrvparm srp_callback_parm; -#endif - -static int local_argc = 0; -static char **local_argv; - -#ifdef CHARSET_EBCDIC -static int ebcdic_new(BIO *bi); -static int ebcdic_free(BIO *a); -static int ebcdic_read(BIO *b, char *out, int outl); -static int ebcdic_write(BIO *b, const char *in, int inl); -static long ebcdic_ctrl(BIO *b, int cmd, long num, void *ptr); -static int ebcdic_gets(BIO *bp, char *buf, int size); -static int ebcdic_puts(BIO *bp, const char *str); - -# define BIO_TYPE_EBCDIC_FILTER (18|0x0200) -static BIO_METHOD *methods_ebcdic = NULL; - -/* This struct is "unwarranted chumminess with the compiler." */ -typedef struct { - size_t alloced; - char buff[1]; -} EBCDIC_OUTBUFF; - -static const BIO_METHOD *BIO_f_ebcdic_filter() -{ - if (methods_ebcdic == NULL) { - methods_ebcdic = BIO_meth_new(BIO_TYPE_EBCDIC_FILTER, - "EBCDIC/ASCII filter"); - if (methods_ebcdic == NULL - || !BIO_meth_set_write(methods_ebcdic, ebcdic_write) - || !BIO_meth_set_read(methods_ebcdic, ebcdic_read) - || !BIO_meth_set_puts(methods_ebcdic, ebcdic_puts) - || !BIO_meth_set_gets(methods_ebcdic, ebcdic_gets) - || !BIO_meth_set_ctrl(methods_ebcdic, ebcdic_ctrl) - || !BIO_meth_set_create(methods_ebcdic, ebcdic_new) - || !BIO_meth_set_destroy(methods_ebcdic, ebcdic_free)) - return NULL; - } - return methods_ebcdic; -} - -static int ebcdic_new(BIO *bi) -{ - EBCDIC_OUTBUFF *wbuf; - - wbuf = app_malloc(sizeof(*wbuf) + 1024, "ebcdic wbuf"); - wbuf->alloced = 1024; - wbuf->buff[0] = '\0'; - - BIO_set_data(bi, wbuf); - BIO_set_init(bi, 1); - return 1; -} - -static int ebcdic_free(BIO *a) -{ - EBCDIC_OUTBUFF *wbuf; - - if (a == NULL) - return 0; - wbuf = BIO_get_data(a); - OPENSSL_free(wbuf); - BIO_set_data(a, NULL); - BIO_set_init(a, 0); - - return 1; -} - -static int ebcdic_read(BIO *b, char *out, int outl) -{ - int ret = 0; - BIO *next = BIO_next(b); - - if (out == NULL || outl == 0) - return 0; - if (next == NULL) - return 0; - - ret = BIO_read(next, out, outl); - if (ret > 0) - ascii2ebcdic(out, out, ret); - return ret; -} - -static int ebcdic_write(BIO *b, const char *in, int inl) -{ - EBCDIC_OUTBUFF *wbuf; - BIO *next = BIO_next(b); - int ret = 0; - int num; - - if ((in == NULL) || (inl <= 0)) - return 0; - if (next == NULL) - return 0; - - wbuf = (EBCDIC_OUTBUFF *) BIO_get_data(b); - - if (inl > (num = wbuf->alloced)) { - num = num + num; /* double the size */ - if (num < inl) - num = inl; - OPENSSL_free(wbuf); - wbuf = app_malloc(sizeof(*wbuf) + num, "grow ebcdic wbuf"); - - wbuf->alloced = num; - wbuf->buff[0] = '\0'; - - BIO_set_data(b, wbuf); - } - - ebcdic2ascii(wbuf->buff, in, inl); - - ret = BIO_write(next, wbuf->buff, inl); - - return ret; -} - -static long ebcdic_ctrl(BIO *b, int cmd, long num, void *ptr) -{ - long ret; - BIO *next = BIO_next(b); - - if (next == NULL) - return 0; - switch (cmd) { - case BIO_CTRL_DUP: - ret = 0L; - break; - default: - ret = BIO_ctrl(next, cmd, num, ptr); - break; - } - return ret; -} - -static int ebcdic_gets(BIO *bp, char *buf, int size) -{ - int i, ret = 0; - BIO *next = BIO_next(bp); - - if (next == NULL) - return 0; -/* return(BIO_gets(bp->next_bio,buf,size));*/ - for (i = 0; i < size - 1; ++i) { - ret = ebcdic_read(bp, &buf[i], 1); - if (ret <= 0) - break; - else if (buf[i] == '\n') { - ++i; - break; - } - } - if (i < size) - buf[i] = '\0'; - return (ret < 0 && i == 0) ? ret : i; -} - -static int ebcdic_puts(BIO *bp, const char *str) -{ - if (BIO_next(bp) == NULL) - return 0; - return ebcdic_write(bp, str, strlen(str)); -} -#endif - -/* This is a context that we pass to callbacks */ -typedef struct tlsextctx_st { - char *servername; - BIO *biodebug; - int extension_error; -} tlsextctx; - -static int ssl_servername_cb(SSL *s, int *ad, void *arg) -{ - tlsextctx *p = (tlsextctx *) arg; - const char *servername = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name); - - if (servername != NULL && p->biodebug != NULL) { - const char *cp = servername; - unsigned char uc; - - BIO_printf(p->biodebug, "Hostname in TLS extension: \""); - while ((uc = *cp++) != 0) - BIO_printf(p->biodebug, - (((uc) & ~127) == 0) && isprint(uc) ? "%c" : "\\x%02x", uc); - BIO_printf(p->biodebug, "\"\n"); - } - - if (p->servername == NULL) - return SSL_TLSEXT_ERR_NOACK; - - if (servername != NULL) { - if (OPENSSL_strcasecmp(servername, p->servername)) - return p->extension_error; - if (ctx2 != NULL) { - BIO_printf(p->biodebug, "Switching server context.\n"); - SSL_set_SSL_CTX(s, ctx2); - } - } - return SSL_TLSEXT_ERR_OK; -} - -/* Structure passed to cert status callback */ -typedef struct tlsextstatusctx_st { - int timeout; - /* File to load OCSP Response from (or NULL if no file) */ - char *respin; - /* Default responder to use */ - char *host, *path, *port; - char *proxy, *no_proxy; - int use_ssl; - int verbose; -} tlsextstatusctx; - -static tlsextstatusctx tlscstatp = { -1 }; - -#ifndef OPENSSL_NO_OCSP - -/* - * Helper function to get an OCSP_RESPONSE from a responder. This is a - * simplified version. It examines certificates each time and makes one OCSP - * responder query for each request. A full version would store details such as - * the OCSP certificate IDs and minimise the number of OCSP responses by caching - * them until they were considered "expired". - */ -static int get_ocsp_resp_from_responder(SSL *s, tlsextstatusctx *srctx, - OCSP_RESPONSE **resp) -{ - char *host = NULL, *port = NULL, *path = NULL; - char *proxy = NULL, *no_proxy = NULL; - int use_ssl; - STACK_OF(OPENSSL_STRING) *aia = NULL; - X509 *x = NULL; - X509_STORE_CTX *inctx = NULL; - X509_OBJECT *obj; - OCSP_REQUEST *req = NULL; - OCSP_CERTID *id = NULL; - STACK_OF(X509_EXTENSION) *exts; - int ret = SSL_TLSEXT_ERR_NOACK; - int i; - - /* Build up OCSP query from server certificate */ - x = SSL_get_certificate(s); - aia = X509_get1_ocsp(x); - if (aia != NULL) { - if (!OSSL_HTTP_parse_url(sk_OPENSSL_STRING_value(aia, 0), &use_ssl, - NULL, &host, &port, NULL, &path, NULL, NULL)) { - BIO_puts(bio_err, "cert_status: can't parse AIA URL\n"); - goto err; - } - if (srctx->verbose) - BIO_printf(bio_err, "cert_status: AIA URL: %s\n", - sk_OPENSSL_STRING_value(aia, 0)); - } else { - if (srctx->host == NULL) { - BIO_puts(bio_err, - "cert_status: no AIA and no default responder URL\n"); - goto done; - } - host = srctx->host; - path = srctx->path; - port = srctx->port; - use_ssl = srctx->use_ssl; - } - proxy = srctx->proxy; - no_proxy = srctx->no_proxy; - - inctx = X509_STORE_CTX_new(); - if (inctx == NULL) - goto err; - if (!X509_STORE_CTX_init(inctx, - SSL_CTX_get_cert_store(SSL_get_SSL_CTX(s)), - NULL, NULL)) - goto err; - obj = X509_STORE_CTX_get_obj_by_subject(inctx, X509_LU_X509, - X509_get_issuer_name(x)); - if (obj == NULL) { - BIO_puts(bio_err, "cert_status: Can't retrieve issuer certificate.\n"); - goto done; - } - id = OCSP_cert_to_id(NULL, x, X509_OBJECT_get0_X509(obj)); - X509_OBJECT_free(obj); - if (id == NULL) - goto err; - req = OCSP_REQUEST_new(); - if (req == NULL) - goto err; - if (!OCSP_request_add0_id(req, id)) - goto err; - id = NULL; - /* Add any extensions to the request */ - SSL_get_tlsext_status_exts(s, &exts); - for (i = 0; i < sk_X509_EXTENSION_num(exts); i++) { - X509_EXTENSION *ext = sk_X509_EXTENSION_value(exts, i); - if (!OCSP_REQUEST_add_ext(req, ext, -1)) - goto err; - } - *resp = process_responder(req, host, port, path, proxy, no_proxy, - use_ssl, NULL /* headers */, srctx->timeout); - if (*resp == NULL) { - BIO_puts(bio_err, "cert_status: error querying responder\n"); - goto done; - } - - ret = SSL_TLSEXT_ERR_OK; - goto done; - - err: - ret = SSL_TLSEXT_ERR_ALERT_FATAL; - done: - /* - * If we parsed aia we need to free; otherwise they were copied and we - * don't - */ - if (aia != NULL) { - OPENSSL_free(host); - OPENSSL_free(path); - OPENSSL_free(port); - X509_email_free(aia); - } - OCSP_CERTID_free(id); - OCSP_REQUEST_free(req); - X509_STORE_CTX_free(inctx); - return ret; -} - -/* - * Certificate Status callback. This is called when a client includes a - * certificate status request extension. The response is either obtained from a - * file, or from an OCSP responder. - */ -static int cert_status_cb(SSL *s, void *arg) -{ - tlsextstatusctx *srctx = arg; - OCSP_RESPONSE *resp = NULL; - unsigned char *rspder = NULL; - int rspderlen; - int ret = SSL_TLSEXT_ERR_ALERT_FATAL; - - if (srctx->verbose) - BIO_puts(bio_err, "cert_status: callback called\n"); - - if (srctx->respin != NULL) { - BIO *derbio = bio_open_default(srctx->respin, 'r', FORMAT_ASN1); - if (derbio == NULL) { - BIO_puts(bio_err, "cert_status: Cannot open OCSP response file\n"); - goto err; - } - resp = d2i_OCSP_RESPONSE_bio(derbio, NULL); - BIO_free(derbio); - if (resp == NULL) { - BIO_puts(bio_err, "cert_status: Error reading OCSP response\n"); - goto err; - } - } else { - ret = get_ocsp_resp_from_responder(s, srctx, &resp); - if (ret != SSL_TLSEXT_ERR_OK) - goto err; - } - - rspderlen = i2d_OCSP_RESPONSE(resp, &rspder); - if (rspderlen <= 0) - goto err; - - SSL_set_tlsext_status_ocsp_resp(s, rspder, rspderlen); - if (srctx->verbose) { - BIO_puts(bio_err, "cert_status: ocsp response sent:\n"); - OCSP_RESPONSE_print(bio_err, resp, 2); - } - - ret = SSL_TLSEXT_ERR_OK; - - err: - if (ret != SSL_TLSEXT_ERR_OK) - ERR_print_errors(bio_err); - - OCSP_RESPONSE_free(resp); - - return ret; -} -#endif - -#ifndef OPENSSL_NO_NEXTPROTONEG -/* This is the context that we pass to next_proto_cb */ -typedef struct tlsextnextprotoctx_st { - unsigned char *data; - size_t len; -} tlsextnextprotoctx; - -static int next_proto_cb(SSL *s, const unsigned char **data, - unsigned int *len, void *arg) -{ - tlsextnextprotoctx *next_proto = arg; - - *data = next_proto->data; - *len = next_proto->len; - - return SSL_TLSEXT_ERR_OK; -} -#endif /* ndef OPENSSL_NO_NEXTPROTONEG */ - -/* This the context that we pass to alpn_cb */ -typedef struct tlsextalpnctx_st { - unsigned char *data; - size_t len; -} tlsextalpnctx; - -static int alpn_cb(SSL *s, const unsigned char **out, unsigned char *outlen, - const unsigned char *in, unsigned int inlen, void *arg) -{ - tlsextalpnctx *alpn_ctx = arg; - - if (!s_quiet) { - /* We can assume that |in| is syntactically valid. */ - unsigned int i; - BIO_printf(bio_s_out, "ALPN protocols advertised by the client: "); - for (i = 0; i < inlen;) { - if (i) - BIO_write(bio_s_out, ", ", 2); - BIO_write(bio_s_out, &in[i + 1], in[i]); - i += in[i] + 1; - } - BIO_write(bio_s_out, "\n", 1); - } - - if (SSL_select_next_proto - ((unsigned char **)out, outlen, alpn_ctx->data, alpn_ctx->len, in, - inlen) != OPENSSL_NPN_NEGOTIATED) { - return SSL_TLSEXT_ERR_ALERT_FATAL; - } - - if (!s_quiet) { - BIO_printf(bio_s_out, "ALPN protocols selected: "); - BIO_write(bio_s_out, *out, *outlen); - BIO_write(bio_s_out, "\n", 1); - } - - return SSL_TLSEXT_ERR_OK; -} - -static int not_resumable_sess_cb(SSL *s, int is_forward_secure) -{ - /* disable resumption for sessions with forward secure ciphers */ - return is_forward_secure; -} - -typedef enum OPTION_choice { - OPT_COMMON, - OPT_ENGINE, - OPT_4, OPT_6, OPT_ACCEPT, OPT_PORT, OPT_UNIX, OPT_UNLINK, OPT_NACCEPT, - OPT_VERIFY, OPT_NAMEOPT, OPT_UPPER_V_VERIFY, OPT_CONTEXT, OPT_CERT, OPT_CRL, - OPT_CRL_DOWNLOAD, OPT_SERVERINFO, OPT_CERTFORM, OPT_KEY, OPT_KEYFORM, - OPT_PASS, OPT_CERT_CHAIN, OPT_DHPARAM, OPT_DCERTFORM, OPT_DCERT, - OPT_DKEYFORM, OPT_DPASS, OPT_DKEY, OPT_DCERT_CHAIN, OPT_NOCERT, - OPT_CAPATH, OPT_NOCAPATH, OPT_CHAINCAPATH, OPT_VERIFYCAPATH, OPT_NO_CACHE, - OPT_EXT_CACHE, OPT_CRLFORM, OPT_VERIFY_RET_ERROR, OPT_VERIFY_QUIET, - OPT_BUILD_CHAIN, OPT_CAFILE, OPT_NOCAFILE, OPT_CHAINCAFILE, - OPT_VERIFYCAFILE, - OPT_CASTORE, OPT_NOCASTORE, OPT_CHAINCASTORE, OPT_VERIFYCASTORE, - OPT_NBIO, OPT_NBIO_TEST, OPT_IGN_EOF, OPT_NO_IGN_EOF, - OPT_DEBUG, OPT_TLSEXTDEBUG, OPT_STATUS, OPT_STATUS_VERBOSE, - OPT_STATUS_TIMEOUT, OPT_PROXY, OPT_NO_PROXY, OPT_STATUS_URL, - OPT_STATUS_FILE, OPT_MSG, OPT_MSGFILE, - OPT_TRACE, OPT_SECURITY_DEBUG, OPT_SECURITY_DEBUG_VERBOSE, OPT_STATE, - OPT_CRLF, OPT_QUIET, OPT_BRIEF, OPT_NO_DHE, - OPT_NO_RESUME_EPHEMERAL, OPT_PSK_IDENTITY, OPT_PSK_HINT, OPT_PSK, - OPT_PSK_SESS, OPT_SRPVFILE, OPT_SRPUSERSEED, OPT_REV, OPT_WWW, - OPT_UPPER_WWW, OPT_HTTP, OPT_ASYNC, OPT_SSL_CONFIG, - OPT_MAX_SEND_FRAG, OPT_SPLIT_SEND_FRAG, OPT_MAX_PIPELINES, OPT_READ_BUF, - OPT_SSL3, OPT_TLS1_3, OPT_TLS1_2, OPT_TLS1_1, OPT_TLS1, OPT_DTLS, OPT_DTLS1, - OPT_DTLS1_2, OPT_SCTP, OPT_TIMEOUT, OPT_MTU, OPT_LISTEN, OPT_STATELESS, - OPT_ID_PREFIX, OPT_SERVERNAME, OPT_SERVERNAME_FATAL, - OPT_CERT2, OPT_KEY2, OPT_NEXTPROTONEG, OPT_ALPN, OPT_SENDFILE, - OPT_SRTP_PROFILES, OPT_KEYMATEXPORT, OPT_KEYMATEXPORTLEN, - OPT_KEYLOG_FILE, OPT_MAX_EARLY, OPT_RECV_MAX_EARLY, OPT_EARLY_DATA, - OPT_S_NUM_TICKETS, OPT_ANTI_REPLAY, OPT_NO_ANTI_REPLAY, OPT_SCTP_LABEL_BUG, - OPT_HTTP_SERVER_BINMODE, OPT_NOCANAMES, OPT_IGNORE_UNEXPECTED_EOF, - OPT_R_ENUM, - OPT_S_ENUM, - OPT_V_ENUM, - OPT_X_ENUM, - OPT_PROV_ENUM -} OPTION_CHOICE; - -const OPTIONS s_server_options[] = { - OPT_SECTION("General"), - {"help", OPT_HELP, '-', "Display this summary"}, - {"ssl_config", OPT_SSL_CONFIG, 's', - "Configure SSL_CTX using the given configuration value"}, -#ifndef OPENSSL_NO_SSL_TRACE - {"trace", OPT_TRACE, '-', "trace protocol messages"}, -#endif -#ifndef OPENSSL_NO_ENGINE - {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, -#endif - - OPT_SECTION("Network"), - {"port", OPT_PORT, 'p', - "TCP/IP port to listen on for connections (default is " PORT ")"}, - {"accept", OPT_ACCEPT, 's', - "TCP/IP optional host and port to listen on for connections (default is *:" PORT ")"}, -#ifdef AF_UNIX - {"unix", OPT_UNIX, 's', "Unix domain socket to accept on"}, - {"unlink", OPT_UNLINK, '-', "For -unix, unlink existing socket first"}, -#endif - {"4", OPT_4, '-', "Use IPv4 only"}, - {"6", OPT_6, '-', "Use IPv6 only"}, - - OPT_SECTION("Identity"), - {"context", OPT_CONTEXT, 's', "Set session ID context"}, - {"CAfile", OPT_CAFILE, '<', "PEM format file of CA's"}, - {"CApath", OPT_CAPATH, '/', "PEM format directory of CA's"}, - {"CAstore", OPT_CASTORE, ':', "URI to store of CA's"}, - {"no-CAfile", OPT_NOCAFILE, '-', - "Do not load the default certificates file"}, - {"no-CApath", OPT_NOCAPATH, '-', - "Do not load certificates from the default certificates directory"}, - {"no-CAstore", OPT_NOCASTORE, '-', - "Do not load certificates from the default certificates store URI"}, - {"nocert", OPT_NOCERT, '-', "Don't use any certificates (Anon-DH)"}, - {"verify", OPT_VERIFY, 'n', "Turn on peer certificate verification"}, - {"Verify", OPT_UPPER_V_VERIFY, 'n', - "Turn on peer certificate verification, must have a cert"}, - {"nameopt", OPT_NAMEOPT, 's', "Certificate subject/issuer name printing options"}, - {"cert", OPT_CERT, '<', "Server certificate file to use; default " TEST_CERT}, - {"cert2", OPT_CERT2, '<', - "Certificate file to use for servername; default " TEST_CERT2}, - {"certform", OPT_CERTFORM, 'F', - "Server certificate file format (PEM/DER/P12); has no effect"}, - {"cert_chain", OPT_CERT_CHAIN, '<', - "Server certificate chain file in PEM format"}, - {"build_chain", OPT_BUILD_CHAIN, '-', "Build server certificate chain"}, - {"serverinfo", OPT_SERVERINFO, 's', - "PEM serverinfo file for certificate"}, - {"key", OPT_KEY, 's', - "Private key file to use; default is -cert file or else" TEST_CERT}, - {"key2", OPT_KEY2, '<', - "-Private Key file to use for servername if not in -cert2"}, - {"keyform", OPT_KEYFORM, 'f', "Key format (ENGINE, other values ignored)"}, - {"pass", OPT_PASS, 's', "Private key and cert file pass phrase source"}, - {"dcert", OPT_DCERT, '<', - "Second server certificate file to use (usually for DSA)"}, - {"dcertform", OPT_DCERTFORM, 'F', - "Second server certificate file format (PEM/DER/P12); has no effect"}, - {"dcert_chain", OPT_DCERT_CHAIN, '<', - "second server certificate chain file in PEM format"}, - {"dkey", OPT_DKEY, '<', - "Second private key file to use (usually for DSA)"}, - {"dkeyform", OPT_DKEYFORM, 'F', - "Second key file format (ENGINE, other values ignored)"}, - {"dpass", OPT_DPASS, 's', - "Second private key and cert file pass phrase source"}, - {"dhparam", OPT_DHPARAM, '<', "DH parameters file to use"}, - {"servername", OPT_SERVERNAME, 's', - "Servername for HostName TLS extension"}, - {"servername_fatal", OPT_SERVERNAME_FATAL, '-', - "On servername mismatch send fatal alert (default warning alert)"}, - {"nbio_test", OPT_NBIO_TEST, '-', "Test with the non-blocking test bio"}, - {"crlf", OPT_CRLF, '-', "Convert LF from terminal into CRLF"}, - {"quiet", OPT_QUIET, '-', "No server output"}, - {"no_resume_ephemeral", OPT_NO_RESUME_EPHEMERAL, '-', - "Disable caching and tickets if ephemeral (EC)DH is used"}, - {"www", OPT_WWW, '-', "Respond to a 'GET /' with a status page"}, - {"WWW", OPT_UPPER_WWW, '-', "Respond to a 'GET with the file ./path"}, - {"ignore_unexpected_eof", OPT_IGNORE_UNEXPECTED_EOF, '-', - "Do not treat lack of close_notify from a peer as an error"}, - {"tlsextdebug", OPT_TLSEXTDEBUG, '-', - "Hex dump of all TLS extensions received"}, - {"HTTP", OPT_HTTP, '-', "Like -WWW but ./path includes HTTP headers"}, - {"id_prefix", OPT_ID_PREFIX, 's', - "Generate SSL/TLS session IDs prefixed by arg"}, - {"keymatexport", OPT_KEYMATEXPORT, 's', - "Export keying material using label"}, - {"keymatexportlen", OPT_KEYMATEXPORTLEN, 'p', - "Export len bytes of keying material; default 20"}, - {"CRL", OPT_CRL, '<', "CRL file to use"}, - {"CRLform", OPT_CRLFORM, 'F', "CRL file format (PEM or DER); default PEM"}, - {"crl_download", OPT_CRL_DOWNLOAD, '-', - "Download CRLs from distribution points in certificate CDP entries"}, - {"chainCAfile", OPT_CHAINCAFILE, '<', - "CA file for certificate chain (PEM format)"}, - {"chainCApath", OPT_CHAINCAPATH, '/', - "use dir as certificate store path to build CA certificate chain"}, - {"chainCAstore", OPT_CHAINCASTORE, ':', - "use URI as certificate store to build CA certificate chain"}, - {"verifyCAfile", OPT_VERIFYCAFILE, '<', - "CA file for certificate verification (PEM format)"}, - {"verifyCApath", OPT_VERIFYCAPATH, '/', - "use dir as certificate store path to verify CA certificate"}, - {"verifyCAstore", OPT_VERIFYCASTORE, ':', - "use URI as certificate store to verify CA certificate"}, - {"no_cache", OPT_NO_CACHE, '-', "Disable session cache"}, - {"ext_cache", OPT_EXT_CACHE, '-', - "Disable internal cache, set up and use external cache"}, - {"verify_return_error", OPT_VERIFY_RET_ERROR, '-', - "Close connection on verification error"}, - {"verify_quiet", OPT_VERIFY_QUIET, '-', - "No verify output except verify errors"}, - {"ign_eof", OPT_IGN_EOF, '-', "Ignore input EOF (default when -quiet)"}, - {"no_ign_eof", OPT_NO_IGN_EOF, '-', "Do not ignore input EOF"}, - -#ifndef OPENSSL_NO_OCSP - OPT_SECTION("OCSP"), - {"status", OPT_STATUS, '-', "Request certificate status from server"}, - {"status_verbose", OPT_STATUS_VERBOSE, '-', - "Print more output in certificate status callback"}, - {"status_timeout", OPT_STATUS_TIMEOUT, 'n', - "Status request responder timeout"}, - {"status_url", OPT_STATUS_URL, 's', "Status request fallback URL"}, - {"proxy", OPT_PROXY, 's', - "[http[s]://]host[:port][/path] of HTTP(S) proxy to use; path is ignored"}, - {"no_proxy", OPT_NO_PROXY, 's', - "List of addresses of servers not to use HTTP(S) proxy for"}, - {OPT_MORE_STR, 0, 0, - "Default from environment variable 'no_proxy', else 'NO_PROXY', else none"}, - {"status_file", OPT_STATUS_FILE, '<', - "File containing DER encoded OCSP Response"}, -#endif - - OPT_SECTION("Debug"), - {"security_debug", OPT_SECURITY_DEBUG, '-', - "Print output from SSL/TLS security framework"}, - {"security_debug_verbose", OPT_SECURITY_DEBUG_VERBOSE, '-', - "Print more output from SSL/TLS security framework"}, - {"brief", OPT_BRIEF, '-', - "Restrict output to brief summary of connection parameters"}, - {"rev", OPT_REV, '-', - "act as an echo server that sends back received text reversed"}, - {"debug", OPT_DEBUG, '-', "Print more output"}, - {"msg", OPT_MSG, '-', "Show protocol messages"}, - {"msgfile", OPT_MSGFILE, '>', - "File to send output of -msg or -trace, instead of stdout"}, - {"state", OPT_STATE, '-', "Print the SSL states"}, - {"async", OPT_ASYNC, '-', "Operate in asynchronous mode"}, - {"max_pipelines", OPT_MAX_PIPELINES, 'p', - "Maximum number of encrypt/decrypt pipelines to be used"}, - {"naccept", OPT_NACCEPT, 'p', "Terminate after #num connections"}, - {"keylogfile", OPT_KEYLOG_FILE, '>', "Write TLS secrets to file"}, - - OPT_SECTION("Network"), - {"nbio", OPT_NBIO, '-', "Use non-blocking IO"}, - {"timeout", OPT_TIMEOUT, '-', "Enable timeouts"}, - {"mtu", OPT_MTU, 'p', "Set link-layer MTU"}, - {"read_buf", OPT_READ_BUF, 'p', - "Default read buffer size to be used for connections"}, - {"split_send_frag", OPT_SPLIT_SEND_FRAG, 'p', - "Size used to split data for encrypt pipelines"}, - {"max_send_frag", OPT_MAX_SEND_FRAG, 'p', "Maximum Size of send frames "}, - - OPT_SECTION("Server identity"), - {"psk_identity", OPT_PSK_IDENTITY, 's', "PSK identity to expect"}, -#ifndef OPENSSL_NO_PSK - {"psk_hint", OPT_PSK_HINT, 's', "PSK identity hint to use"}, -#endif - {"psk", OPT_PSK, 's', "PSK in hex (without 0x)"}, - {"psk_session", OPT_PSK_SESS, '<', "File to read PSK SSL session from"}, -#ifndef OPENSSL_NO_SRP - {"srpvfile", OPT_SRPVFILE, '<', "(deprecated) The verifier file for SRP"}, - {"srpuserseed", OPT_SRPUSERSEED, 's', - "(deprecated) A seed string for a default user salt"}, -#endif - - OPT_SECTION("Protocol and version"), - {"max_early_data", OPT_MAX_EARLY, 'n', - "The maximum number of bytes of early data as advertised in tickets"}, - {"recv_max_early_data", OPT_RECV_MAX_EARLY, 'n', - "The maximum number of bytes of early data (hard limit)"}, - {"early_data", OPT_EARLY_DATA, '-', "Attempt to read early data"}, - {"num_tickets", OPT_S_NUM_TICKETS, 'n', - "The number of TLSv1.3 session tickets that a server will automatically issue" }, - {"anti_replay", OPT_ANTI_REPLAY, '-', "Switch on anti-replay protection (default)"}, - {"no_anti_replay", OPT_NO_ANTI_REPLAY, '-', "Switch off anti-replay protection"}, - {"http_server_binmode", OPT_HTTP_SERVER_BINMODE, '-', "opening files in binary mode when acting as http server (-WWW and -HTTP)"}, - {"no_ca_names", OPT_NOCANAMES, '-', - "Disable TLS Extension CA Names"}, - {"stateless", OPT_STATELESS, '-', "Require TLSv1.3 cookies"}, -#ifndef OPENSSL_NO_SSL3 - {"ssl3", OPT_SSL3, '-', "Just talk SSLv3"}, -#endif -#ifndef OPENSSL_NO_TLS1 - {"tls1", OPT_TLS1, '-', "Just talk TLSv1"}, -#endif -#ifndef OPENSSL_NO_TLS1_1 - {"tls1_1", OPT_TLS1_1, '-', "Just talk TLSv1.1"}, -#endif -#ifndef OPENSSL_NO_TLS1_2 - {"tls1_2", OPT_TLS1_2, '-', "just talk TLSv1.2"}, -#endif -#ifndef OPENSSL_NO_TLS1_3 - {"tls1_3", OPT_TLS1_3, '-', "just talk TLSv1.3"}, -#endif -#ifndef OPENSSL_NO_DTLS - {"dtls", OPT_DTLS, '-', "Use any DTLS version"}, - {"listen", OPT_LISTEN, '-', - "Listen for a DTLS ClientHello with a cookie and then connect"}, -#endif -#ifndef OPENSSL_NO_DTLS1 - {"dtls1", OPT_DTLS1, '-', "Just talk DTLSv1"}, -#endif -#ifndef OPENSSL_NO_DTLS1_2 - {"dtls1_2", OPT_DTLS1_2, '-', "Just talk DTLSv1.2"}, -#endif -#ifndef OPENSSL_NO_SCTP - {"sctp", OPT_SCTP, '-', "Use SCTP"}, - {"sctp_label_bug", OPT_SCTP_LABEL_BUG, '-', "Enable SCTP label length bug"}, -#endif -#ifndef OPENSSL_NO_SRTP - {"use_srtp", OPT_SRTP_PROFILES, 's', - "Offer SRTP key management with a colon-separated profile list"}, -#endif - {"no_dhe", OPT_NO_DHE, '-', "Disable ephemeral DH"}, -#ifndef OPENSSL_NO_NEXTPROTONEG - {"nextprotoneg", OPT_NEXTPROTONEG, 's', - "Set the advertised protocols for the NPN extension (comma-separated list)"}, -#endif - {"alpn", OPT_ALPN, 's', - "Set the advertised protocols for the ALPN extension (comma-separated list)"}, -#ifndef OPENSSL_NO_KTLS - {"sendfile", OPT_SENDFILE, '-', "Use sendfile to response file with -WWW"}, -#endif - - OPT_R_OPTIONS, - OPT_S_OPTIONS, - OPT_V_OPTIONS, - OPT_X_OPTIONS, - OPT_PROV_OPTIONS, - {NULL} -}; - -#define IS_PROT_FLAG(o) \ - (o == OPT_SSL3 || o == OPT_TLS1 || o == OPT_TLS1_1 || o == OPT_TLS1_2 \ - || o == OPT_TLS1_3 || o == OPT_DTLS || o == OPT_DTLS1 || o == OPT_DTLS1_2) - -int s_server_main(int argc, char *argv[]) -{ - ENGINE *engine = NULL; - EVP_PKEY *s_key = NULL, *s_dkey = NULL; - SSL_CONF_CTX *cctx = NULL; - const SSL_METHOD *meth = TLS_server_method(); - SSL_EXCERT *exc = NULL; - STACK_OF(OPENSSL_STRING) *ssl_args = NULL; - STACK_OF(X509) *s_chain = NULL, *s_dchain = NULL; - STACK_OF(X509_CRL) *crls = NULL; - X509 *s_cert = NULL, *s_dcert = NULL; - X509_VERIFY_PARAM *vpm = NULL; - const char *CApath = NULL, *CAfile = NULL, *CAstore = NULL; - const char *chCApath = NULL, *chCAfile = NULL, *chCAstore = NULL; - char *dpassarg = NULL, *dpass = NULL; - char *passarg = NULL, *pass = NULL; - char *vfyCApath = NULL, *vfyCAfile = NULL, *vfyCAstore = NULL; - char *crl_file = NULL, *prog; -#ifdef AF_UNIX - int unlink_unix_path = 0; -#endif - do_server_cb server_cb; - int vpmtouched = 0, build_chain = 0, no_cache = 0, ext_cache = 0; - char *dhfile = NULL; - int no_dhe = 0; - int nocert = 0, ret = 1; - int noCApath = 0, noCAfile = 0, noCAstore = 0; - int s_cert_format = FORMAT_UNDEF, s_key_format = FORMAT_UNDEF; - int s_dcert_format = FORMAT_UNDEF, s_dkey_format = FORMAT_UNDEF; - int rev = 0, naccept = -1, sdebug = 0; - int socket_family = AF_UNSPEC, socket_type = SOCK_STREAM, protocol = 0; - int state = 0, crl_format = FORMAT_UNDEF, crl_download = 0; - char *host = NULL; - char *port = NULL; - unsigned char *context = NULL; - OPTION_CHOICE o; - EVP_PKEY *s_key2 = NULL; - X509 *s_cert2 = NULL; - tlsextctx tlsextcbp = { NULL, NULL, SSL_TLSEXT_ERR_ALERT_WARNING }; - const char *ssl_config = NULL; - int read_buf_len = 0; -#ifndef OPENSSL_NO_NEXTPROTONEG - const char *next_proto_neg_in = NULL; - tlsextnextprotoctx next_proto = { NULL, 0 }; -#endif - const char *alpn_in = NULL; - tlsextalpnctx alpn_ctx = { NULL, 0 }; -#ifndef OPENSSL_NO_PSK - /* by default do not send a PSK identity hint */ - char *psk_identity_hint = NULL; -#endif - char *p; -#ifndef OPENSSL_NO_SRP - char *srpuserseed = NULL; - char *srp_verifier_file = NULL; -#endif -#ifndef OPENSSL_NO_SRTP - char *srtp_profiles = NULL; -#endif - int min_version = 0, max_version = 0, prot_opt = 0, no_prot_opt = 0; - int s_server_verify = SSL_VERIFY_NONE; - int s_server_session_id_context = 1; /* anything will do */ - const char *s_cert_file = TEST_CERT, *s_key_file = NULL, *s_chain_file = NULL; - const char *s_cert_file2 = TEST_CERT2, *s_key_file2 = NULL; - char *s_dcert_file = NULL, *s_dkey_file = NULL, *s_dchain_file = NULL; -#ifndef OPENSSL_NO_OCSP - int s_tlsextstatus = 0; -#endif - int no_resume_ephemeral = 0; - unsigned int max_send_fragment = 0; - unsigned int split_send_fragment = 0, max_pipelines = 0; - const char *s_serverinfo_file = NULL; - const char *keylog_file = NULL; - int max_early_data = -1, recv_max_early_data = -1; - char *psksessf = NULL; - int no_ca_names = 0; -#ifndef OPENSSL_NO_SCTP - int sctp_label_bug = 0; -#endif - int ignore_unexpected_eof = 0; - - /* Init of few remaining global variables */ - local_argc = argc; - local_argv = argv; - - ctx = ctx2 = NULL; - s_nbio = s_nbio_test = 0; - www = 0; - bio_s_out = NULL; - s_debug = 0; - s_msg = 0; - s_quiet = 0; - s_brief = 0; - async = 0; - use_sendfile = 0; - - port = OPENSSL_strdup(PORT); - cctx = SSL_CONF_CTX_new(); - vpm = X509_VERIFY_PARAM_new(); - if (port == NULL || cctx == NULL || vpm == NULL) - goto end; - SSL_CONF_CTX_set_flags(cctx, - SSL_CONF_FLAG_SERVER | SSL_CONF_FLAG_CMDLINE); - - prog = opt_init(argc, argv, s_server_options); - while ((o = opt_next()) != OPT_EOF) { - if (IS_PROT_FLAG(o) && ++prot_opt > 1) { - BIO_printf(bio_err, "Cannot supply multiple protocol flags\n"); - goto end; - } - if (IS_NO_PROT_FLAG(o)) - no_prot_opt++; - if (prot_opt == 1 && no_prot_opt) { - BIO_printf(bio_err, - "Cannot supply both a protocol flag and '-no_'\n"); - goto end; - } - switch (o) { - case OPT_EOF: - case OPT_ERR: - opthelp: - BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); - goto end; - case OPT_HELP: - opt_help(s_server_options); - ret = 0; - goto end; - - case OPT_4: -#ifdef AF_UNIX - if (socket_family == AF_UNIX) { - OPENSSL_free(host); host = NULL; - OPENSSL_free(port); port = NULL; - } -#endif - socket_family = AF_INET; - break; - case OPT_6: - if (1) { -#ifdef AF_INET6 -#ifdef AF_UNIX - if (socket_family == AF_UNIX) { - OPENSSL_free(host); host = NULL; - OPENSSL_free(port); port = NULL; - } -#endif - socket_family = AF_INET6; - } else { -#endif - BIO_printf(bio_err, "%s: IPv6 domain sockets unsupported\n", prog); - goto end; - } - break; - case OPT_PORT: -#ifdef AF_UNIX - if (socket_family == AF_UNIX) { - socket_family = AF_UNSPEC; - } -#endif - OPENSSL_free(port); port = NULL; - OPENSSL_free(host); host = NULL; - if (BIO_parse_hostserv(opt_arg(), NULL, &port, BIO_PARSE_PRIO_SERV) < 1) { - BIO_printf(bio_err, - "%s: -port argument malformed or ambiguous\n", - port); - goto end; - } - break; - case OPT_ACCEPT: -#ifdef AF_UNIX - if (socket_family == AF_UNIX) { - socket_family = AF_UNSPEC; - } -#endif - OPENSSL_free(port); port = NULL; - OPENSSL_free(host); host = NULL; - if (BIO_parse_hostserv(opt_arg(), &host, &port, BIO_PARSE_PRIO_SERV) < 1) { - BIO_printf(bio_err, - "%s: -accept argument malformed or ambiguous\n", - port); - goto end; - } - break; -#ifdef AF_UNIX - case OPT_UNIX: - socket_family = AF_UNIX; - OPENSSL_free(host); host = OPENSSL_strdup(opt_arg()); - if (host == NULL) - goto end; - OPENSSL_free(port); port = NULL; - break; - case OPT_UNLINK: - unlink_unix_path = 1; - break; -#endif - case OPT_NACCEPT: - naccept = atol(opt_arg()); - break; - case OPT_VERIFY: - s_server_verify = SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE; - verify_args.depth = atoi(opt_arg()); - if (!s_quiet) - BIO_printf(bio_err, "verify depth is %d\n", verify_args.depth); - break; - case OPT_UPPER_V_VERIFY: - s_server_verify = - SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT | - SSL_VERIFY_CLIENT_ONCE; - verify_args.depth = atoi(opt_arg()); - if (!s_quiet) - BIO_printf(bio_err, - "verify depth is %d, must return a certificate\n", - verify_args.depth); - break; - case OPT_CONTEXT: - context = (unsigned char *)opt_arg(); - break; - case OPT_CERT: - s_cert_file = opt_arg(); - break; - case OPT_NAMEOPT: - if (!set_nameopt(opt_arg())) - goto end; - break; - case OPT_CRL: - crl_file = opt_arg(); - break; - case OPT_CRL_DOWNLOAD: - crl_download = 1; - break; - case OPT_SERVERINFO: - s_serverinfo_file = opt_arg(); - break; - case OPT_CERTFORM: - if (!opt_format(opt_arg(), OPT_FMT_ANY, &s_cert_format)) - goto opthelp; - break; - case OPT_KEY: - s_key_file = opt_arg(); - break; - case OPT_KEYFORM: - if (!opt_format(opt_arg(), OPT_FMT_ANY, &s_key_format)) - goto opthelp; - break; - case OPT_PASS: - passarg = opt_arg(); - break; - case OPT_CERT_CHAIN: - s_chain_file = opt_arg(); - break; - case OPT_DHPARAM: - dhfile = opt_arg(); - break; - case OPT_DCERTFORM: - if (!opt_format(opt_arg(), OPT_FMT_ANY, &s_dcert_format)) - goto opthelp; - break; - case OPT_DCERT: - s_dcert_file = opt_arg(); - break; - case OPT_DKEYFORM: - if (!opt_format(opt_arg(), OPT_FMT_ANY, &s_dkey_format)) - goto opthelp; - break; - case OPT_DPASS: - dpassarg = opt_arg(); - break; - case OPT_DKEY: - s_dkey_file = opt_arg(); - break; - case OPT_DCERT_CHAIN: - s_dchain_file = opt_arg(); - break; - case OPT_NOCERT: - nocert = 1; - break; - case OPT_CAPATH: - CApath = opt_arg(); - break; - case OPT_NOCAPATH: - noCApath = 1; - break; - case OPT_CHAINCAPATH: - chCApath = opt_arg(); - break; - case OPT_VERIFYCAPATH: - vfyCApath = opt_arg(); - break; - case OPT_CASTORE: - CAstore = opt_arg(); - break; - case OPT_NOCASTORE: - noCAstore = 1; - break; - case OPT_CHAINCASTORE: - chCAstore = opt_arg(); - break; - case OPT_VERIFYCASTORE: - vfyCAstore = opt_arg(); - break; - case OPT_NO_CACHE: - no_cache = 1; - break; - case OPT_EXT_CACHE: - ext_cache = 1; - break; - case OPT_CRLFORM: - if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &crl_format)) - goto opthelp; - break; - case OPT_S_CASES: - case OPT_S_NUM_TICKETS: - case OPT_ANTI_REPLAY: - case OPT_NO_ANTI_REPLAY: - if (ssl_args == NULL) - ssl_args = sk_OPENSSL_STRING_new_null(); - if (ssl_args == NULL - || !sk_OPENSSL_STRING_push(ssl_args, opt_flag()) - || !sk_OPENSSL_STRING_push(ssl_args, opt_arg())) { - BIO_printf(bio_err, "%s: Memory allocation failure\n", prog); - goto end; - } - break; - case OPT_V_CASES: - if (!opt_verify(o, vpm)) - goto end; - vpmtouched++; - break; - case OPT_X_CASES: - if (!args_excert(o, &exc)) - goto end; - break; - case OPT_VERIFY_RET_ERROR: - verify_args.return_error = 1; - break; - case OPT_VERIFY_QUIET: - verify_args.quiet = 1; - break; - case OPT_BUILD_CHAIN: - build_chain = 1; - break; - case OPT_CAFILE: - CAfile = opt_arg(); - break; - case OPT_NOCAFILE: - noCAfile = 1; - break; - case OPT_CHAINCAFILE: - chCAfile = opt_arg(); - break; - case OPT_VERIFYCAFILE: - vfyCAfile = opt_arg(); - break; - case OPT_NBIO: - s_nbio = 1; - break; - case OPT_NBIO_TEST: - s_nbio = s_nbio_test = 1; - break; - case OPT_IGN_EOF: - s_ign_eof = 1; - break; - case OPT_NO_IGN_EOF: - s_ign_eof = 0; - break; - case OPT_DEBUG: - s_debug = 1; - break; - case OPT_TLSEXTDEBUG: - s_tlsextdebug = 1; - break; - case OPT_STATUS: -#ifndef OPENSSL_NO_OCSP - s_tlsextstatus = 1; -#endif - break; - case OPT_STATUS_VERBOSE: -#ifndef OPENSSL_NO_OCSP - s_tlsextstatus = tlscstatp.verbose = 1; -#endif - break; - case OPT_STATUS_TIMEOUT: -#ifndef OPENSSL_NO_OCSP - s_tlsextstatus = 1; - tlscstatp.timeout = atoi(opt_arg()); -#endif - break; - case OPT_PROXY: -#ifndef OPENSSL_NO_OCSP - tlscstatp.proxy = opt_arg(); -#endif - break; - case OPT_NO_PROXY: -#ifndef OPENSSL_NO_OCSP - tlscstatp.no_proxy = opt_arg(); -#endif - break; - case OPT_STATUS_URL: -#ifndef OPENSSL_NO_OCSP - s_tlsextstatus = 1; - if (!OSSL_HTTP_parse_url(opt_arg(), &tlscstatp.use_ssl, NULL, - &tlscstatp.host, &tlscstatp.port, NULL, - &tlscstatp.path, NULL, NULL)) { - BIO_printf(bio_err, "Error parsing -status_url argument\n"); - goto end; - } -#endif - break; - case OPT_STATUS_FILE: -#ifndef OPENSSL_NO_OCSP - s_tlsextstatus = 1; - tlscstatp.respin = opt_arg(); -#endif - break; - case OPT_MSG: - s_msg = 1; - break; - case OPT_MSGFILE: - bio_s_msg = BIO_new_file(opt_arg(), "w"); - if (bio_s_msg == NULL) { - BIO_printf(bio_err, "Error writing file %s\n", opt_arg()); - goto end; - } - break; - case OPT_TRACE: -#ifndef OPENSSL_NO_SSL_TRACE - s_msg = 2; -#endif - break; - case OPT_SECURITY_DEBUG: - sdebug = 1; - break; - case OPT_SECURITY_DEBUG_VERBOSE: - sdebug = 2; - break; - case OPT_STATE: - state = 1; - break; - case OPT_CRLF: - s_crlf = 1; - break; - case OPT_QUIET: - s_quiet = 1; - break; - case OPT_BRIEF: - s_quiet = s_brief = verify_args.quiet = 1; - break; - case OPT_NO_DHE: - no_dhe = 1; - break; - case OPT_NO_RESUME_EPHEMERAL: - no_resume_ephemeral = 1; - break; - case OPT_PSK_IDENTITY: - psk_identity = opt_arg(); - break; - case OPT_PSK_HINT: -#ifndef OPENSSL_NO_PSK - psk_identity_hint = opt_arg(); -#endif - break; - case OPT_PSK: - for (p = psk_key = opt_arg(); *p; p++) { - if (isxdigit(_UC(*p))) - continue; - BIO_printf(bio_err, "Not a hex number '%s'\n", psk_key); - goto end; - } - break; - case OPT_PSK_SESS: - psksessf = opt_arg(); - break; - case OPT_SRPVFILE: -#ifndef OPENSSL_NO_SRP - srp_verifier_file = opt_arg(); - if (min_version < TLS1_VERSION) - min_version = TLS1_VERSION; -#endif - break; - case OPT_SRPUSERSEED: -#ifndef OPENSSL_NO_SRP - srpuserseed = opt_arg(); - if (min_version < TLS1_VERSION) - min_version = TLS1_VERSION; -#endif - break; - case OPT_REV: - rev = 1; - break; - case OPT_WWW: - www = 1; - break; - case OPT_UPPER_WWW: - www = 2; - break; - case OPT_HTTP: - www = 3; - break; - case OPT_SSL_CONFIG: - ssl_config = opt_arg(); - break; - case OPT_SSL3: - min_version = SSL3_VERSION; - max_version = SSL3_VERSION; - break; - case OPT_TLS1_3: - min_version = TLS1_3_VERSION; - max_version = TLS1_3_VERSION; - break; - case OPT_TLS1_2: - min_version = TLS1_2_VERSION; - max_version = TLS1_2_VERSION; - break; - case OPT_TLS1_1: - min_version = TLS1_1_VERSION; - max_version = TLS1_1_VERSION; - break; - case OPT_TLS1: - min_version = TLS1_VERSION; - max_version = TLS1_VERSION; - break; - case OPT_DTLS: -#ifndef OPENSSL_NO_DTLS - meth = DTLS_server_method(); - socket_type = SOCK_DGRAM; -#endif - break; - case OPT_DTLS1: -#ifndef OPENSSL_NO_DTLS - meth = DTLS_server_method(); - min_version = DTLS1_VERSION; - max_version = DTLS1_VERSION; - socket_type = SOCK_DGRAM; -#endif - break; - case OPT_DTLS1_2: -#ifndef OPENSSL_NO_DTLS - meth = DTLS_server_method(); - min_version = DTLS1_2_VERSION; - max_version = DTLS1_2_VERSION; - socket_type = SOCK_DGRAM; -#endif - break; - case OPT_SCTP: -#ifndef OPENSSL_NO_SCTP - protocol = IPPROTO_SCTP; -#endif - break; - case OPT_SCTP_LABEL_BUG: -#ifndef OPENSSL_NO_SCTP - sctp_label_bug = 1; -#endif - break; - case OPT_TIMEOUT: -#ifndef OPENSSL_NO_DTLS - enable_timeouts = 1; -#endif - break; - case OPT_MTU: -#ifndef OPENSSL_NO_DTLS - socket_mtu = atol(opt_arg()); -#endif - break; - case OPT_LISTEN: -#ifndef OPENSSL_NO_DTLS - dtlslisten = 1; -#endif - break; - case OPT_STATELESS: - stateless = 1; - break; - case OPT_ID_PREFIX: - session_id_prefix = opt_arg(); - break; - case OPT_ENGINE: -#ifndef OPENSSL_NO_ENGINE - engine = setup_engine(opt_arg(), s_debug); -#endif - break; - case OPT_R_CASES: - if (!opt_rand(o)) - goto end; - break; - case OPT_PROV_CASES: - if (!opt_provider(o)) - goto end; - break; - case OPT_SERVERNAME: - tlsextcbp.servername = opt_arg(); - break; - case OPT_SERVERNAME_FATAL: - tlsextcbp.extension_error = SSL_TLSEXT_ERR_ALERT_FATAL; - break; - case OPT_CERT2: - s_cert_file2 = opt_arg(); - break; - case OPT_KEY2: - s_key_file2 = opt_arg(); - break; - case OPT_NEXTPROTONEG: -# ifndef OPENSSL_NO_NEXTPROTONEG - next_proto_neg_in = opt_arg(); -#endif - break; - case OPT_ALPN: - alpn_in = opt_arg(); - break; - case OPT_SRTP_PROFILES: -#ifndef OPENSSL_NO_SRTP - srtp_profiles = opt_arg(); -#endif - break; - case OPT_KEYMATEXPORT: - keymatexportlabel = opt_arg(); - break; - case OPT_KEYMATEXPORTLEN: - keymatexportlen = atoi(opt_arg()); - break; - case OPT_ASYNC: - async = 1; - break; - case OPT_MAX_SEND_FRAG: - max_send_fragment = atoi(opt_arg()); - break; - case OPT_SPLIT_SEND_FRAG: - split_send_fragment = atoi(opt_arg()); - break; - case OPT_MAX_PIPELINES: - max_pipelines = atoi(opt_arg()); - break; - case OPT_READ_BUF: - read_buf_len = atoi(opt_arg()); - break; - case OPT_KEYLOG_FILE: - keylog_file = opt_arg(); - break; - case OPT_MAX_EARLY: - max_early_data = atoi(opt_arg()); - if (max_early_data < 0) { - BIO_printf(bio_err, "Invalid value for max_early_data\n"); - goto end; - } - break; - case OPT_RECV_MAX_EARLY: - recv_max_early_data = atoi(opt_arg()); - if (recv_max_early_data < 0) { - BIO_printf(bio_err, "Invalid value for recv_max_early_data\n"); - goto end; - } - break; - case OPT_EARLY_DATA: - early_data = 1; - if (max_early_data == -1) - max_early_data = SSL3_RT_MAX_PLAIN_LENGTH; - break; - case OPT_HTTP_SERVER_BINMODE: - http_server_binmode = 1; - break; - case OPT_NOCANAMES: - no_ca_names = 1; - break; - case OPT_SENDFILE: -#ifndef OPENSSL_NO_KTLS - use_sendfile = 1; -#endif - break; - case OPT_IGNORE_UNEXPECTED_EOF: - ignore_unexpected_eof = 1; - break; - } - } - - /* No extra arguments. */ - argc = opt_num_rest(); - if (argc != 0) - goto opthelp; - - if (!app_RAND_load()) - goto end; - -#ifndef OPENSSL_NO_NEXTPROTONEG - if (min_version == TLS1_3_VERSION && next_proto_neg_in != NULL) { - BIO_printf(bio_err, "Cannot supply -nextprotoneg with TLSv1.3\n"); - goto opthelp; - } -#endif -#ifndef OPENSSL_NO_DTLS - if (www && socket_type == SOCK_DGRAM) { - BIO_printf(bio_err, "Can't use -HTTP, -www or -WWW with DTLS\n"); - goto end; - } - - if (dtlslisten && socket_type != SOCK_DGRAM) { - BIO_printf(bio_err, "Can only use -listen with DTLS\n"); - goto end; - } -#endif - - if (stateless && socket_type != SOCK_STREAM) { - BIO_printf(bio_err, "Can only use --stateless with TLS\n"); - goto end; - } - -#ifdef AF_UNIX - if (socket_family == AF_UNIX && socket_type != SOCK_STREAM) { - BIO_printf(bio_err, - "Can't use unix sockets and datagrams together\n"); - goto end; - } -#endif - if (early_data && (www > 0 || rev)) { - BIO_printf(bio_err, - "Can't use -early_data in combination with -www, -WWW, -HTTP, or -rev\n"); - goto end; - } - -#ifndef OPENSSL_NO_SCTP - if (protocol == IPPROTO_SCTP) { - if (socket_type != SOCK_DGRAM) { - BIO_printf(bio_err, "Can't use -sctp without DTLS\n"); - goto end; - } - /* SCTP is unusual. It uses DTLS over a SOCK_STREAM protocol */ - socket_type = SOCK_STREAM; - } -#endif - -#ifndef OPENSSL_NO_KTLS - if (use_sendfile && www <= 1) { - BIO_printf(bio_err, "Can't use -sendfile without -WWW or -HTTP\n"); - goto end; - } -#endif - - if (!app_passwd(passarg, dpassarg, &pass, &dpass)) { - BIO_printf(bio_err, "Error getting password\n"); - goto end; - } - - if (s_key_file == NULL) - s_key_file = s_cert_file; - - if (s_key_file2 == NULL) - s_key_file2 = s_cert_file2; - - if (!load_excert(&exc)) - goto end; - - if (nocert == 0) { - s_key = load_key(s_key_file, s_key_format, 0, pass, engine, - "server certificate private key"); - if (s_key == NULL) - goto end; - - s_cert = load_cert_pass(s_cert_file, s_cert_format, 1, pass, - "server certificate"); - - if (s_cert == NULL) - goto end; - if (s_chain_file != NULL) { - if (!load_certs(s_chain_file, 0, &s_chain, NULL, - "server certificate chain")) - goto end; - } - - if (tlsextcbp.servername != NULL) { - s_key2 = load_key(s_key_file2, s_key_format, 0, pass, engine, - "second server certificate private key"); - if (s_key2 == NULL) - goto end; - - s_cert2 = load_cert_pass(s_cert_file2, s_cert_format, 1, pass, - "second server certificate"); - - if (s_cert2 == NULL) - goto end; - } - } -#if !defined(OPENSSL_NO_NEXTPROTONEG) - if (next_proto_neg_in) { - next_proto.data = next_protos_parse(&next_proto.len, next_proto_neg_in); - if (next_proto.data == NULL) - goto end; - } -#endif - alpn_ctx.data = NULL; - if (alpn_in) { - alpn_ctx.data = next_protos_parse(&alpn_ctx.len, alpn_in); - if (alpn_ctx.data == NULL) - goto end; - } - - if (crl_file != NULL) { - X509_CRL *crl; - crl = load_crl(crl_file, crl_format, 0, "CRL"); - if (crl == NULL) - goto end; - crls = sk_X509_CRL_new_null(); - if (crls == NULL || !sk_X509_CRL_push(crls, crl)) { - BIO_puts(bio_err, "Error adding CRL\n"); - ERR_print_errors(bio_err); - X509_CRL_free(crl); - goto end; - } - } - - if (s_dcert_file != NULL) { - - if (s_dkey_file == NULL) - s_dkey_file = s_dcert_file; - - s_dkey = load_key(s_dkey_file, s_dkey_format, - 0, dpass, engine, "second certificate private key"); - if (s_dkey == NULL) - goto end; - - s_dcert = load_cert_pass(s_dcert_file, s_dcert_format, 1, dpass, - "second server certificate"); - - if (s_dcert == NULL) { - ERR_print_errors(bio_err); - goto end; - } - if (s_dchain_file != NULL) { - if (!load_certs(s_dchain_file, 0, &s_dchain, NULL, - "second server certificate chain")) - goto end; - } - - } - - if (bio_s_out == NULL) { - if (s_quiet && !s_debug) { - bio_s_out = BIO_new(BIO_s_null()); - if (s_msg && bio_s_msg == NULL) { - bio_s_msg = dup_bio_out(FORMAT_TEXT); - if (bio_s_msg == NULL) { - BIO_printf(bio_err, "Out of memory\n"); - goto end; - } - } - } else { - bio_s_out = dup_bio_out(FORMAT_TEXT); - } - } - - if (bio_s_out == NULL) - goto end; - - if (nocert) { - s_cert_file = NULL; - s_key_file = NULL; - s_dcert_file = NULL; - s_dkey_file = NULL; - s_cert_file2 = NULL; - s_key_file2 = NULL; - } - - ctx = SSL_CTX_new_ex(app_get0_libctx(), app_get0_propq(), meth); - if (ctx == NULL) { - ERR_print_errors(bio_err); - goto end; - } - - SSL_CTX_clear_mode(ctx, SSL_MODE_AUTO_RETRY); - - if (sdebug) - ssl_ctx_security_debug(ctx, sdebug); - - if (!config_ctx(cctx, ssl_args, ctx)) - goto end; - - if (ssl_config) { - if (SSL_CTX_config(ctx, ssl_config) == 0) { - BIO_printf(bio_err, "Error using configuration \"%s\"\n", - ssl_config); - ERR_print_errors(bio_err); - goto end; - } - } -#ifndef OPENSSL_NO_SCTP - if (protocol == IPPROTO_SCTP && sctp_label_bug == 1) - SSL_CTX_set_mode(ctx, SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG); -#endif - - if (min_version != 0 - && SSL_CTX_set_min_proto_version(ctx, min_version) == 0) - goto end; - if (max_version != 0 - && SSL_CTX_set_max_proto_version(ctx, max_version) == 0) - goto end; - - if (session_id_prefix) { - if (strlen(session_id_prefix) >= 32) - BIO_printf(bio_err, - "warning: id_prefix is too long, only one new session will be possible\n"); - if (!SSL_CTX_set_generate_session_id(ctx, generate_session_id)) { - BIO_printf(bio_err, "error setting 'id_prefix'\n"); - ERR_print_errors(bio_err); - goto end; - } - BIO_printf(bio_err, "id_prefix '%s' set.\n", session_id_prefix); - } - if (exc != NULL) - ssl_ctx_set_excert(ctx, exc); - - if (state) - SSL_CTX_set_info_callback(ctx, apps_ssl_info_callback); - if (no_cache) - SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF); - else if (ext_cache) - init_session_cache_ctx(ctx); - else - SSL_CTX_sess_set_cache_size(ctx, 128); - - if (async) { - SSL_CTX_set_mode(ctx, SSL_MODE_ASYNC); - } - - if (no_ca_names) { - SSL_CTX_set_options(ctx, SSL_OP_DISABLE_TLSEXT_CA_NAMES); - } - - if (ignore_unexpected_eof) - SSL_CTX_set_options(ctx, SSL_OP_IGNORE_UNEXPECTED_EOF); - - if (max_send_fragment > 0 - && !SSL_CTX_set_max_send_fragment(ctx, max_send_fragment)) { - BIO_printf(bio_err, "%s: Max send fragment size %u is out of permitted range\n", - prog, max_send_fragment); - goto end; - } - - if (split_send_fragment > 0 - && !SSL_CTX_set_split_send_fragment(ctx, split_send_fragment)) { - BIO_printf(bio_err, "%s: Split send fragment size %u is out of permitted range\n", - prog, split_send_fragment); - goto end; - } - if (max_pipelines > 0 - && !SSL_CTX_set_max_pipelines(ctx, max_pipelines)) { - BIO_printf(bio_err, "%s: Max pipelines %u is out of permitted range\n", - prog, max_pipelines); - goto end; - } - - if (read_buf_len > 0) { - SSL_CTX_set_default_read_buffer_len(ctx, read_buf_len); - } -#ifndef OPENSSL_NO_SRTP - if (srtp_profiles != NULL) { - /* Returns 0 on success! */ - if (SSL_CTX_set_tlsext_use_srtp(ctx, srtp_profiles) != 0) { - BIO_printf(bio_err, "Error setting SRTP profile\n"); - ERR_print_errors(bio_err); - goto end; - } - } -#endif - - if (!ctx_set_verify_locations(ctx, CAfile, noCAfile, CApath, noCApath, - CAstore, noCAstore)) { - ERR_print_errors(bio_err); - goto end; - } - if (vpmtouched && !SSL_CTX_set1_param(ctx, vpm)) { - BIO_printf(bio_err, "Error setting verify params\n"); - ERR_print_errors(bio_err); - goto end; - } - - ssl_ctx_add_crls(ctx, crls, 0); - - if (!ssl_load_stores(ctx, - vfyCApath, vfyCAfile, vfyCAstore, - chCApath, chCAfile, chCAstore, - crls, crl_download)) { - BIO_printf(bio_err, "Error loading store locations\n"); - ERR_print_errors(bio_err); - goto end; - } - - if (s_cert2) { - ctx2 = SSL_CTX_new_ex(app_get0_libctx(), app_get0_propq(), meth); - if (ctx2 == NULL) { - ERR_print_errors(bio_err); - goto end; - } - } - - if (ctx2 != NULL) { - BIO_printf(bio_s_out, "Setting secondary ctx parameters\n"); - - if (sdebug) - ssl_ctx_security_debug(ctx2, sdebug); - - if (session_id_prefix) { - if (strlen(session_id_prefix) >= 32) - BIO_printf(bio_err, - "warning: id_prefix is too long, only one new session will be possible\n"); - if (!SSL_CTX_set_generate_session_id(ctx2, generate_session_id)) { - BIO_printf(bio_err, "error setting 'id_prefix'\n"); - ERR_print_errors(bio_err); - goto end; - } - BIO_printf(bio_err, "id_prefix '%s' set.\n", session_id_prefix); - } - if (exc != NULL) - ssl_ctx_set_excert(ctx2, exc); - - if (state) - SSL_CTX_set_info_callback(ctx2, apps_ssl_info_callback); - - if (no_cache) - SSL_CTX_set_session_cache_mode(ctx2, SSL_SESS_CACHE_OFF); - else if (ext_cache) - init_session_cache_ctx(ctx2); - else - SSL_CTX_sess_set_cache_size(ctx2, 128); - - if (async) - SSL_CTX_set_mode(ctx2, SSL_MODE_ASYNC); - - if (!ctx_set_verify_locations(ctx2, CAfile, noCAfile, CApath, - noCApath, CAstore, noCAstore)) { - ERR_print_errors(bio_err); - goto end; - } - if (vpmtouched && !SSL_CTX_set1_param(ctx2, vpm)) { - BIO_printf(bio_err, "Error setting verify params\n"); - ERR_print_errors(bio_err); - goto end; - } - - ssl_ctx_add_crls(ctx2, crls, 0); - if (!config_ctx(cctx, ssl_args, ctx2)) - goto end; - } -#ifndef OPENSSL_NO_NEXTPROTONEG - if (next_proto.data) - SSL_CTX_set_next_protos_advertised_cb(ctx, next_proto_cb, - &next_proto); -#endif - if (alpn_ctx.data) - SSL_CTX_set_alpn_select_cb(ctx, alpn_cb, &alpn_ctx); - - if (!no_dhe) { - EVP_PKEY *dhpkey = NULL; - - if (dhfile != NULL) - dhpkey = load_keyparams(dhfile, FORMAT_UNDEF, 0, "DH", "DH parameters"); - else if (s_cert_file != NULL) - dhpkey = load_keyparams_suppress(s_cert_file, FORMAT_UNDEF, 0, "DH", - "DH parameters", 1); - - if (dhpkey != NULL) { - BIO_printf(bio_s_out, "Setting temp DH parameters\n"); - } else { - BIO_printf(bio_s_out, "Using default temp DH parameters\n"); - } - (void)BIO_flush(bio_s_out); - - if (dhpkey == NULL) { - SSL_CTX_set_dh_auto(ctx, 1); - } else { - /* - * We need 2 references: one for use by ctx and one for use by - * ctx2 - */ - if (!EVP_PKEY_up_ref(dhpkey)) { - EVP_PKEY_free(dhpkey); - goto end; - } - if (!SSL_CTX_set0_tmp_dh_pkey(ctx, dhpkey)) { - BIO_puts(bio_err, "Error setting temp DH parameters\n"); - ERR_print_errors(bio_err); - /* Free 2 references */ - EVP_PKEY_free(dhpkey); - EVP_PKEY_free(dhpkey); - goto end; - } - } - - if (ctx2 != NULL) { - if (dhfile != NULL) { - EVP_PKEY *dhpkey2 = load_keyparams_suppress(s_cert_file2, - FORMAT_UNDEF, - 0, "DH", - "DH parameters", 1); - - if (dhpkey2 != NULL) { - BIO_printf(bio_s_out, "Setting temp DH parameters\n"); - (void)BIO_flush(bio_s_out); - - EVP_PKEY_free(dhpkey); - dhpkey = dhpkey2; - } - } - if (dhpkey == NULL) { - SSL_CTX_set_dh_auto(ctx2, 1); - } else if (!SSL_CTX_set0_tmp_dh_pkey(ctx2, dhpkey)) { - BIO_puts(bio_err, "Error setting temp DH parameters\n"); - ERR_print_errors(bio_err); - EVP_PKEY_free(dhpkey); - goto end; - } - dhpkey = NULL; - } - EVP_PKEY_free(dhpkey); - } - - if (!set_cert_key_stuff(ctx, s_cert, s_key, s_chain, build_chain)) - goto end; - - if (s_serverinfo_file != NULL - && !SSL_CTX_use_serverinfo_file(ctx, s_serverinfo_file)) { - ERR_print_errors(bio_err); - goto end; - } - - if (ctx2 != NULL - && !set_cert_key_stuff(ctx2, s_cert2, s_key2, NULL, build_chain)) - goto end; - - if (s_dcert != NULL) { - if (!set_cert_key_stuff(ctx, s_dcert, s_dkey, s_dchain, build_chain)) - goto end; - } - - if (no_resume_ephemeral) { - SSL_CTX_set_not_resumable_session_callback(ctx, - not_resumable_sess_cb); - - if (ctx2 != NULL) - SSL_CTX_set_not_resumable_session_callback(ctx2, - not_resumable_sess_cb); - } -#ifndef OPENSSL_NO_PSK - if (psk_key != NULL) { - if (s_debug) - BIO_printf(bio_s_out, "PSK key given, setting server callback\n"); - SSL_CTX_set_psk_server_callback(ctx, psk_server_cb); - } - - if (psk_identity_hint != NULL) { - if (min_version == TLS1_3_VERSION) { - BIO_printf(bio_s_out, "PSK warning: there is NO identity hint in TLSv1.3\n"); - } else { - if (!SSL_CTX_use_psk_identity_hint(ctx, psk_identity_hint)) { - BIO_printf(bio_err, "error setting PSK identity hint to context\n"); - ERR_print_errors(bio_err); - goto end; - } - } - } -#endif - if (psksessf != NULL) { - BIO *stmp = BIO_new_file(psksessf, "r"); - - if (stmp == NULL) { - BIO_printf(bio_err, "Can't open PSK session file %s\n", psksessf); - ERR_print_errors(bio_err); - goto end; - } - psksess = PEM_read_bio_SSL_SESSION(stmp, NULL, 0, NULL); - BIO_free(stmp); - if (psksess == NULL) { - BIO_printf(bio_err, "Can't read PSK session file %s\n", psksessf); - ERR_print_errors(bio_err); - goto end; - } - - } - - if (psk_key != NULL || psksess != NULL) - SSL_CTX_set_psk_find_session_callback(ctx, psk_find_session_cb); - - SSL_CTX_set_verify(ctx, s_server_verify, verify_callback); - if (!SSL_CTX_set_session_id_context(ctx, - (void *)&s_server_session_id_context, - sizeof(s_server_session_id_context))) { - BIO_printf(bio_err, "error setting session id context\n"); - ERR_print_errors(bio_err); - goto end; - } - - /* Set DTLS cookie generation and verification callbacks */ - SSL_CTX_set_cookie_generate_cb(ctx, generate_cookie_callback); - SSL_CTX_set_cookie_verify_cb(ctx, verify_cookie_callback); - - /* Set TLS1.3 cookie generation and verification callbacks */ - SSL_CTX_set_stateless_cookie_generate_cb(ctx, generate_stateless_cookie_callback); - SSL_CTX_set_stateless_cookie_verify_cb(ctx, verify_stateless_cookie_callback); - - if (ctx2 != NULL) { - SSL_CTX_set_verify(ctx2, s_server_verify, verify_callback); - if (!SSL_CTX_set_session_id_context(ctx2, - (void *)&s_server_session_id_context, - sizeof(s_server_session_id_context))) { - BIO_printf(bio_err, "error setting session id context\n"); - ERR_print_errors(bio_err); - goto end; - } - tlsextcbp.biodebug = bio_s_out; - SSL_CTX_set_tlsext_servername_callback(ctx2, ssl_servername_cb); - SSL_CTX_set_tlsext_servername_arg(ctx2, &tlsextcbp); - SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb); - SSL_CTX_set_tlsext_servername_arg(ctx, &tlsextcbp); - } - -#ifndef OPENSSL_NO_SRP - if (srp_verifier_file != NULL) { - if (!set_up_srp_verifier_file(ctx, &srp_callback_parm, srpuserseed, - srp_verifier_file)) - goto end; - } else -#endif - if (CAfile != NULL) { - SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file(CAfile)); - - if (ctx2) - SSL_CTX_set_client_CA_list(ctx2, SSL_load_client_CA_file(CAfile)); - } -#ifndef OPENSSL_NO_OCSP - if (s_tlsextstatus) { - SSL_CTX_set_tlsext_status_cb(ctx, cert_status_cb); - SSL_CTX_set_tlsext_status_arg(ctx, &tlscstatp); - if (ctx2) { - SSL_CTX_set_tlsext_status_cb(ctx2, cert_status_cb); - SSL_CTX_set_tlsext_status_arg(ctx2, &tlscstatp); - } - } -#endif - if (set_keylog_file(ctx, keylog_file)) - goto end; - - if (max_early_data >= 0) - SSL_CTX_set_max_early_data(ctx, max_early_data); - if (recv_max_early_data >= 0) - SSL_CTX_set_recv_max_early_data(ctx, recv_max_early_data); - - if (rev) - server_cb = rev_body; - else if (www) - server_cb = www_body; - else - server_cb = sv_body; -#ifdef AF_UNIX - if (socket_family == AF_UNIX - && unlink_unix_path) - unlink(host); -#endif - do_server(&accept_socket, host, port, socket_family, socket_type, protocol, - server_cb, context, naccept, bio_s_out); - print_stats(bio_s_out, ctx); - ret = 0; - end: - SSL_CTX_free(ctx); - SSL_SESSION_free(psksess); - set_keylog_file(NULL, NULL); - X509_free(s_cert); - sk_X509_CRL_pop_free(crls, X509_CRL_free); - X509_free(s_dcert); - EVP_PKEY_free(s_key); - EVP_PKEY_free(s_dkey); - sk_X509_pop_free(s_chain, X509_free); - sk_X509_pop_free(s_dchain, X509_free); - OPENSSL_free(pass); - OPENSSL_free(dpass); - OPENSSL_free(host); - OPENSSL_free(port); - X509_VERIFY_PARAM_free(vpm); - free_sessions(); - OPENSSL_free(tlscstatp.host); - OPENSSL_free(tlscstatp.port); - OPENSSL_free(tlscstatp.path); - SSL_CTX_free(ctx2); - X509_free(s_cert2); - EVP_PKEY_free(s_key2); -#ifndef OPENSSL_NO_NEXTPROTONEG - OPENSSL_free(next_proto.data); -#endif - OPENSSL_free(alpn_ctx.data); - ssl_excert_free(exc); - sk_OPENSSL_STRING_free(ssl_args); - SSL_CONF_CTX_free(cctx); - release_engine(engine); - BIO_free(bio_s_out); - bio_s_out = NULL; - BIO_free(bio_s_msg); - bio_s_msg = NULL; -#ifdef CHARSET_EBCDIC - BIO_meth_free(methods_ebcdic); -#endif - return ret; -} - -static void print_stats(BIO *bio, SSL_CTX *ssl_ctx) -{ - BIO_printf(bio, "%4ld items in the session cache\n", - SSL_CTX_sess_number(ssl_ctx)); - BIO_printf(bio, "%4ld client connects (SSL_connect())\n", - SSL_CTX_sess_connect(ssl_ctx)); - BIO_printf(bio, "%4ld client renegotiates (SSL_connect())\n", - SSL_CTX_sess_connect_renegotiate(ssl_ctx)); - BIO_printf(bio, "%4ld client connects that finished\n", - SSL_CTX_sess_connect_good(ssl_ctx)); - BIO_printf(bio, "%4ld server accepts (SSL_accept())\n", - SSL_CTX_sess_accept(ssl_ctx)); - BIO_printf(bio, "%4ld server renegotiates (SSL_accept())\n", - SSL_CTX_sess_accept_renegotiate(ssl_ctx)); - BIO_printf(bio, "%4ld server accepts that finished\n", - SSL_CTX_sess_accept_good(ssl_ctx)); - BIO_printf(bio, "%4ld session cache hits\n", SSL_CTX_sess_hits(ssl_ctx)); - BIO_printf(bio, "%4ld session cache misses\n", - SSL_CTX_sess_misses(ssl_ctx)); - BIO_printf(bio, "%4ld session cache timeouts\n", - SSL_CTX_sess_timeouts(ssl_ctx)); - BIO_printf(bio, "%4ld callback cache hits\n", - SSL_CTX_sess_cb_hits(ssl_ctx)); - BIO_printf(bio, "%4ld cache full overflows (%ld allowed)\n", - SSL_CTX_sess_cache_full(ssl_ctx), - SSL_CTX_sess_get_cache_size(ssl_ctx)); -} - -static long int count_reads_callback(BIO *bio, int cmd, const char *argp, size_t len, - int argi, long argl, int ret, size_t *processed) -{ - unsigned int *p_counter = (unsigned int *)BIO_get_callback_arg(bio); - - switch (cmd) { - case BIO_CB_READ: /* No break here */ - case BIO_CB_GETS: - if (p_counter != NULL) - ++*p_counter; - break; - default: - break; - } - - if (s_debug) { - BIO_set_callback_arg(bio, (char *)bio_s_out); - ret = (int)bio_dump_callback(bio, cmd, argp, len, argi, argl, ret, processed); - BIO_set_callback_arg(bio, (char *)p_counter); - } - - return ret; -} - -static int sv_body(int s, int stype, int prot, unsigned char *context) -{ - char *buf = NULL; - fd_set readfds; - int ret = 1, width; - int k, i; - unsigned long l; - SSL *con = NULL; - BIO *sbio; - struct timeval timeout; -#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)) - struct timeval *timeoutp; -#endif -#ifndef OPENSSL_NO_DTLS -# ifndef OPENSSL_NO_SCTP - int isdtls = (stype == SOCK_DGRAM || prot == IPPROTO_SCTP); -# else - int isdtls = (stype == SOCK_DGRAM); -# endif -#endif - - buf = app_malloc(bufsize, "server buffer"); - if (s_nbio) { - if (!BIO_socket_nbio(s, 1)) - ERR_print_errors(bio_err); - else if (!s_quiet) - BIO_printf(bio_err, "Turned on non blocking io\n"); - } - - con = SSL_new(ctx); - if (con == NULL) { - ret = -1; - goto err; - } - - if (s_tlsextdebug) { - SSL_set_tlsext_debug_callback(con, tlsext_cb); - SSL_set_tlsext_debug_arg(con, bio_s_out); - } - - if (context != NULL - && !SSL_set_session_id_context(con, context, - strlen((char *)context))) { - BIO_printf(bio_err, "Error setting session id context\n"); - ret = -1; - goto err; - } - - if (!SSL_clear(con)) { - BIO_printf(bio_err, "Error clearing SSL connection\n"); - ret = -1; - goto err; - } -#ifndef OPENSSL_NO_DTLS - if (isdtls) { -# ifndef OPENSSL_NO_SCTP - if (prot == IPPROTO_SCTP) - sbio = BIO_new_dgram_sctp(s, BIO_NOCLOSE); - else -# endif - sbio = BIO_new_dgram(s, BIO_NOCLOSE); - if (sbio == NULL) { - BIO_printf(bio_err, "Unable to create BIO\n"); - ERR_print_errors(bio_err); - goto err; - } - - if (enable_timeouts) { - timeout.tv_sec = 0; - timeout.tv_usec = DGRAM_RCV_TIMEOUT; - BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_RECV_TIMEOUT, 0, &timeout); - - timeout.tv_sec = 0; - timeout.tv_usec = DGRAM_SND_TIMEOUT; - BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_SEND_TIMEOUT, 0, &timeout); - } - - if (socket_mtu) { - if (socket_mtu < DTLS_get_link_min_mtu(con)) { - BIO_printf(bio_err, "MTU too small. Must be at least %ld\n", - DTLS_get_link_min_mtu(con)); - ret = -1; - BIO_free(sbio); - goto err; - } - SSL_set_options(con, SSL_OP_NO_QUERY_MTU); - if (!DTLS_set_link_mtu(con, socket_mtu)) { - BIO_printf(bio_err, "Failed to set MTU\n"); - ret = -1; - BIO_free(sbio); - goto err; - } - } else - /* want to do MTU discovery */ - BIO_ctrl(sbio, BIO_CTRL_DGRAM_MTU_DISCOVER, 0, NULL); - -# ifndef OPENSSL_NO_SCTP - if (prot != IPPROTO_SCTP) -# endif - /* Turn on cookie exchange. Not necessary for SCTP */ - SSL_set_options(con, SSL_OP_COOKIE_EXCHANGE); - } else -#endif - sbio = BIO_new_socket(s, BIO_NOCLOSE); - - if (sbio == NULL) { - BIO_printf(bio_err, "Unable to create BIO\n"); - ERR_print_errors(bio_err); - goto err; - } - - if (s_nbio_test) { - BIO *test; - - test = BIO_new(BIO_f_nbio_test()); - if (test == NULL) { - BIO_printf(bio_err, "Unable to create BIO\n"); - ret = -1; - BIO_free(sbio); - goto err; - } - - sbio = BIO_push(test, sbio); - } - - SSL_set_bio(con, sbio, sbio); - SSL_set_accept_state(con); - /* SSL_set_fd(con,s); */ - - BIO_set_callback_ex(SSL_get_rbio(con), count_reads_callback); - if (s_msg) { -#ifndef OPENSSL_NO_SSL_TRACE - if (s_msg == 2) - SSL_set_msg_callback(con, SSL_trace); - else -#endif - SSL_set_msg_callback(con, msg_cb); - SSL_set_msg_callback_arg(con, bio_s_msg ? bio_s_msg : bio_s_out); - } - - if (s_tlsextdebug) { - SSL_set_tlsext_debug_callback(con, tlsext_cb); - SSL_set_tlsext_debug_arg(con, bio_s_out); - } - - if (early_data) { - int write_header = 1, edret = SSL_READ_EARLY_DATA_ERROR; - size_t readbytes; - - while (edret != SSL_READ_EARLY_DATA_FINISH) { - for (;;) { - edret = SSL_read_early_data(con, buf, bufsize, &readbytes); - if (edret != SSL_READ_EARLY_DATA_ERROR) - break; - - switch (SSL_get_error(con, 0)) { - case SSL_ERROR_WANT_WRITE: - case SSL_ERROR_WANT_ASYNC: - case SSL_ERROR_WANT_READ: - /* Just keep trying - busy waiting */ - continue; - default: - BIO_printf(bio_err, "Error reading early data\n"); - ERR_print_errors(bio_err); - goto err; - } - } - if (readbytes > 0) { - if (write_header) { - BIO_printf(bio_s_out, "Early data received:\n"); - write_header = 0; - } - raw_write_stdout(buf, (unsigned int)readbytes); - (void)BIO_flush(bio_s_out); - } - } - if (write_header) { - if (SSL_get_early_data_status(con) == SSL_EARLY_DATA_NOT_SENT) - BIO_printf(bio_s_out, "No early data received\n"); - else - BIO_printf(bio_s_out, "Early data was rejected\n"); - } else { - BIO_printf(bio_s_out, "\nEnd of early data\n"); - } - if (SSL_is_init_finished(con)) - print_connection_info(con); - } - - if (fileno_stdin() > s) - width = fileno_stdin() + 1; - else - width = s + 1; - for (;;) { - int read_from_terminal; - int read_from_sslcon; - - read_from_terminal = 0; - read_from_sslcon = SSL_has_pending(con) - || (async && SSL_waiting_for_async(con)); - - if (!read_from_sslcon) { - FD_ZERO(&readfds); -#if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS) - openssl_fdset(fileno_stdin(), &readfds); -#endif - openssl_fdset(s, &readfds); - /* - * Note: under VMS with SOCKETSHR the second parameter is - * currently of type (int *) whereas under other systems it is - * (void *) if you don't have a cast it will choke the compiler: - * if you do have a cast then you can either go for (int *) or - * (void *). - */ -#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) - /* - * Under DOS (non-djgpp) and Windows we can't select on stdin: - * only on sockets. As a workaround we timeout the select every - * second and check for any keypress. In a proper Windows - * application we wouldn't do this because it is inefficient. - */ - timeout.tv_sec = 1; - timeout.tv_usec = 0; - i = select(width, (void *)&readfds, NULL, NULL, &timeout); - if (has_stdin_waiting()) - read_from_terminal = 1; - if ((i < 0) || (!i && !read_from_terminal)) - continue; -#else - if (SSL_is_dtls(con) && DTLSv1_get_timeout(con, &timeout)) - timeoutp = &timeout; - else - timeoutp = NULL; - - i = select(width, (void *)&readfds, NULL, NULL, timeoutp); - - if ((SSL_is_dtls(con)) && DTLSv1_handle_timeout(con) > 0) - BIO_printf(bio_err, "TIMEOUT occurred\n"); - - if (i <= 0) - continue; - if (FD_ISSET(fileno_stdin(), &readfds)) - read_from_terminal = 1; -#endif - if (FD_ISSET(s, &readfds)) - read_from_sslcon = 1; - } - if (read_from_terminal) { - if (s_crlf) { - int j, lf_num; - - i = raw_read_stdin(buf, bufsize / 2); - lf_num = 0; - /* both loops are skipped when i <= 0 */ - for (j = 0; j < i; j++) - if (buf[j] == '\n') - lf_num++; - for (j = i - 1; j >= 0; j--) { - buf[j + lf_num] = buf[j]; - if (buf[j] == '\n') { - lf_num--; - i++; - buf[j + lf_num] = '\r'; - } - } - assert(lf_num == 0); - } else { - i = raw_read_stdin(buf, bufsize); - } - - if (!s_quiet && !s_brief) { - if ((i <= 0) || (buf[0] == 'Q')) { - BIO_printf(bio_s_out, "DONE\n"); - (void)BIO_flush(bio_s_out); - BIO_closesocket(s); - close_accept_socket(); - ret = -11; - goto err; - } - if ((i <= 0) || (buf[0] == 'q')) { - BIO_printf(bio_s_out, "DONE\n"); - (void)BIO_flush(bio_s_out); - if (SSL_version(con) != DTLS1_VERSION) - BIO_closesocket(s); - /* - * close_accept_socket(); ret= -11; - */ - goto err; - } - if ((buf[0] == 'r') && ((buf[1] == '\n') || (buf[1] == '\r'))) { - SSL_renegotiate(con); - i = SSL_do_handshake(con); - printf("SSL_do_handshake -> %d\n", i); - i = 0; /* 13; */ - continue; - } - if ((buf[0] == 'R') && ((buf[1] == '\n') || (buf[1] == '\r'))) { - SSL_set_verify(con, - SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE, - NULL); - SSL_renegotiate(con); - i = SSL_do_handshake(con); - printf("SSL_do_handshake -> %d\n", i); - i = 0; /* 13; */ - continue; - } - if ((buf[0] == 'K' || buf[0] == 'k') - && ((buf[1] == '\n') || (buf[1] == '\r'))) { - SSL_key_update(con, buf[0] == 'K' ? - SSL_KEY_UPDATE_REQUESTED - : SSL_KEY_UPDATE_NOT_REQUESTED); - i = SSL_do_handshake(con); - printf("SSL_do_handshake -> %d\n", i); - i = 0; - continue; - } - if (buf[0] == 'c' && ((buf[1] == '\n') || (buf[1] == '\r'))) { - SSL_set_verify(con, SSL_VERIFY_PEER, NULL); - i = SSL_verify_client_post_handshake(con); - if (i == 0) { - printf("Failed to initiate request\n"); - ERR_print_errors(bio_err); - } else { - i = SSL_do_handshake(con); - printf("SSL_do_handshake -> %d\n", i); - i = 0; - } - continue; - } - if (buf[0] == 'P') { - static const char str[] = "Lets print some clear text\n"; - BIO_write(SSL_get_wbio(con), str, sizeof(str) -1); - } - if (buf[0] == 'S') { - print_stats(bio_s_out, SSL_get_SSL_CTX(con)); - } - } -#ifdef CHARSET_EBCDIC - ebcdic2ascii(buf, buf, i); -#endif - l = k = 0; - for (;;) { - /* should do a select for the write */ -#ifdef RENEG - static count = 0; - if (++count == 100) { - count = 0; - SSL_renegotiate(con); - } -#endif - k = SSL_write(con, &(buf[l]), (unsigned int)i); -#ifndef OPENSSL_NO_SRP - while (SSL_get_error(con, k) == SSL_ERROR_WANT_X509_LOOKUP) { - BIO_printf(bio_s_out, "LOOKUP renego during write\n"); - - lookup_srp_user(&srp_callback_parm, bio_s_out); - - k = SSL_write(con, &(buf[l]), (unsigned int)i); - } -#endif - switch (SSL_get_error(con, k)) { - case SSL_ERROR_NONE: - break; - case SSL_ERROR_WANT_ASYNC: - BIO_printf(bio_s_out, "Write BLOCK (Async)\n"); - (void)BIO_flush(bio_s_out); - wait_for_async(con); - break; - case SSL_ERROR_WANT_WRITE: - case SSL_ERROR_WANT_READ: - case SSL_ERROR_WANT_X509_LOOKUP: - BIO_printf(bio_s_out, "Write BLOCK\n"); - (void)BIO_flush(bio_s_out); - break; - case SSL_ERROR_WANT_ASYNC_JOB: - /* - * This shouldn't ever happen in s_server. Treat as an error - */ - case SSL_ERROR_SYSCALL: - case SSL_ERROR_SSL: - BIO_printf(bio_s_out, "ERROR\n"); - (void)BIO_flush(bio_s_out); - ERR_print_errors(bio_err); - ret = 1; - goto err; - /* break; */ - case SSL_ERROR_ZERO_RETURN: - BIO_printf(bio_s_out, "DONE\n"); - (void)BIO_flush(bio_s_out); - ret = 1; - goto err; - } - if (k > 0) { - l += k; - i -= k; - } - if (i <= 0) - break; - } - } - if (read_from_sslcon) { - /* - * init_ssl_connection handles all async events itself so if we're - * waiting for async then we shouldn't go back into - * init_ssl_connection - */ - if ((!async || !SSL_waiting_for_async(con)) - && !SSL_is_init_finished(con)) { - /* - * Count number of reads during init_ssl_connection. - * It helps us to distinguish configuration errors from errors - * caused by a client. - */ - unsigned int read_counter = 0; - - BIO_set_callback_arg(SSL_get_rbio(con), (char *)&read_counter); - i = init_ssl_connection(con); - BIO_set_callback_arg(SSL_get_rbio(con), NULL); - - /* - * If initialization fails without reads, then - * there was a fatal error in configuration. - */ - if (i <= 0 && read_counter == 0) { - ret = -1; - goto err; - } - if (i < 0) { - ret = 0; - goto err; - } else if (i == 0) { - ret = 1; - goto err; - } - } else { - again: - i = SSL_read(con, (char *)buf, bufsize); -#ifndef OPENSSL_NO_SRP - while (SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP) { - BIO_printf(bio_s_out, "LOOKUP renego during read\n"); - - lookup_srp_user(&srp_callback_parm, bio_s_out); - - i = SSL_read(con, (char *)buf, bufsize); - } -#endif - switch (SSL_get_error(con, i)) { - case SSL_ERROR_NONE: -#ifdef CHARSET_EBCDIC - ascii2ebcdic(buf, buf, i); -#endif - raw_write_stdout(buf, (unsigned int)i); - (void)BIO_flush(bio_s_out); - if (SSL_has_pending(con)) - goto again; - break; - case SSL_ERROR_WANT_ASYNC: - BIO_printf(bio_s_out, "Read BLOCK (Async)\n"); - (void)BIO_flush(bio_s_out); - wait_for_async(con); - break; - case SSL_ERROR_WANT_WRITE: - case SSL_ERROR_WANT_READ: - BIO_printf(bio_s_out, "Read BLOCK\n"); - (void)BIO_flush(bio_s_out); - break; - case SSL_ERROR_WANT_ASYNC_JOB: - /* - * This shouldn't ever happen in s_server. Treat as an error - */ - case SSL_ERROR_SYSCALL: - case SSL_ERROR_SSL: - BIO_printf(bio_s_out, "ERROR\n"); - (void)BIO_flush(bio_s_out); - ERR_print_errors(bio_err); - ret = 1; - goto err; - case SSL_ERROR_ZERO_RETURN: - BIO_printf(bio_s_out, "DONE\n"); - (void)BIO_flush(bio_s_out); - ret = 1; - goto err; - } - } - } - } - err: - if (con != NULL) { - BIO_printf(bio_s_out, "shutting down SSL\n"); - do_ssl_shutdown(con); - SSL_free(con); - } - BIO_printf(bio_s_out, "CONNECTION CLOSED\n"); - OPENSSL_clear_free(buf, bufsize); - return ret; -} - -static void close_accept_socket(void) -{ - BIO_printf(bio_err, "shutdown accept socket\n"); - if (accept_socket >= 0) { - BIO_closesocket(accept_socket); - } -} - -static int is_retryable(SSL *con, int i) -{ - int err = SSL_get_error(con, i); - - /* If it's not a fatal error, it must be retryable */ - return (err != SSL_ERROR_SSL) - && (err != SSL_ERROR_SYSCALL) - && (err != SSL_ERROR_ZERO_RETURN); -} - -static int init_ssl_connection(SSL *con) -{ - int i; - long verify_err; - int retry = 0; - - if (dtlslisten || stateless) { - BIO_ADDR *client = NULL; - - if (dtlslisten) { - if ((client = BIO_ADDR_new()) == NULL) { - BIO_printf(bio_err, "ERROR - memory\n"); - return 0; - } - i = DTLSv1_listen(con, client); - } else { - i = SSL_stateless(con); - } - if (i > 0) { - BIO *wbio; - int fd = -1; - - if (dtlslisten) { - wbio = SSL_get_wbio(con); - if (wbio) { - BIO_get_fd(wbio, &fd); - } - - if (!wbio || BIO_connect(fd, client, 0) == 0) { - BIO_printf(bio_err, "ERROR - unable to connect\n"); - BIO_ADDR_free(client); - return 0; - } - - (void)BIO_ctrl_set_connected(wbio, client); - BIO_ADDR_free(client); - dtlslisten = 0; - } else { - stateless = 0; - } - i = SSL_accept(con); - } else { - BIO_ADDR_free(client); - } - } else { - do { - i = SSL_accept(con); - - if (i <= 0) - retry = is_retryable(con, i); -#ifdef CERT_CB_TEST_RETRY - { - while (i <= 0 - && SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP - && SSL_get_state(con) == TLS_ST_SR_CLNT_HELLO) { - BIO_printf(bio_err, - "LOOKUP from certificate callback during accept\n"); - i = SSL_accept(con); - if (i <= 0) - retry = is_retryable(con, i); - } - } -#endif - -#ifndef OPENSSL_NO_SRP - while (i <= 0 - && SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP) { - BIO_printf(bio_s_out, "LOOKUP during accept %s\n", - srp_callback_parm.login); - - lookup_srp_user(&srp_callback_parm, bio_s_out); - - i = SSL_accept(con); - if (i <= 0) - retry = is_retryable(con, i); - } -#endif - } while (i < 0 && SSL_waiting_for_async(con)); - } - - if (i <= 0) { - if (((dtlslisten || stateless) && i == 0) - || (!dtlslisten && !stateless && retry)) { - BIO_printf(bio_s_out, "DELAY\n"); - return 1; - } - - BIO_printf(bio_err, "ERROR\n"); - - verify_err = SSL_get_verify_result(con); - if (verify_err != X509_V_OK) { - BIO_printf(bio_err, "verify error:%s\n", - X509_verify_cert_error_string(verify_err)); - } - /* Always print any error messages */ - ERR_print_errors(bio_err); - return 0; - } - - print_connection_info(con); - return 1; -} - -static void print_connection_info(SSL *con) -{ - const char *str; - X509 *peer; - char buf[BUFSIZ]; -#if !defined(OPENSSL_NO_NEXTPROTONEG) - const unsigned char *next_proto_neg; - unsigned next_proto_neg_len; -#endif - unsigned char *exportedkeymat; - int i; - - if (s_brief) - print_ssl_summary(con); - - PEM_write_bio_SSL_SESSION(bio_s_out, SSL_get_session(con)); - - peer = SSL_get0_peer_certificate(con); - if (peer != NULL) { - BIO_printf(bio_s_out, "Client certificate\n"); - PEM_write_bio_X509(bio_s_out, peer); - dump_cert_text(bio_s_out, peer); - peer = NULL; - } - - if (SSL_get_shared_ciphers(con, buf, sizeof(buf)) != NULL) - BIO_printf(bio_s_out, "Shared ciphers:%s\n", buf); - str = SSL_CIPHER_get_name(SSL_get_current_cipher(con)); - ssl_print_sigalgs(bio_s_out, con); -#ifndef OPENSSL_NO_EC - ssl_print_point_formats(bio_s_out, con); - ssl_print_groups(bio_s_out, con, 0); -#endif - print_ca_names(bio_s_out, con); - BIO_printf(bio_s_out, "CIPHER is %s\n", (str != NULL) ? str : "(NONE)"); - -#if !defined(OPENSSL_NO_NEXTPROTONEG) - SSL_get0_next_proto_negotiated(con, &next_proto_neg, &next_proto_neg_len); - if (next_proto_neg) { - BIO_printf(bio_s_out, "NEXTPROTO is "); - BIO_write(bio_s_out, next_proto_neg, next_proto_neg_len); - BIO_printf(bio_s_out, "\n"); - } -#endif -#ifndef OPENSSL_NO_SRTP - { - SRTP_PROTECTION_PROFILE *srtp_profile - = SSL_get_selected_srtp_profile(con); - - if (srtp_profile) - BIO_printf(bio_s_out, "SRTP Extension negotiated, profile=%s\n", - srtp_profile->name); - } -#endif - if (SSL_session_reused(con)) - BIO_printf(bio_s_out, "Reused session-id\n"); - BIO_printf(bio_s_out, "Secure Renegotiation IS%s supported\n", - SSL_get_secure_renegotiation_support(con) ? "" : " NOT"); - if ((SSL_get_options(con) & SSL_OP_NO_RENEGOTIATION)) - BIO_printf(bio_s_out, "Renegotiation is DISABLED\n"); - - if (keymatexportlabel != NULL) { - BIO_printf(bio_s_out, "Keying material exporter:\n"); - BIO_printf(bio_s_out, " Label: '%s'\n", keymatexportlabel); - BIO_printf(bio_s_out, " Length: %i bytes\n", keymatexportlen); - exportedkeymat = app_malloc(keymatexportlen, "export key"); - if (SSL_export_keying_material(con, exportedkeymat, - keymatexportlen, - keymatexportlabel, - strlen(keymatexportlabel), - NULL, 0, 0) <= 0) { - BIO_printf(bio_s_out, " Error\n"); - } else { - BIO_printf(bio_s_out, " Keying material: "); - for (i = 0; i < keymatexportlen; i++) - BIO_printf(bio_s_out, "%02X", exportedkeymat[i]); - BIO_printf(bio_s_out, "\n"); - } - OPENSSL_free(exportedkeymat); - } -#ifndef OPENSSL_NO_KTLS - if (BIO_get_ktls_send(SSL_get_wbio(con))) - BIO_printf(bio_err, "Using Kernel TLS for sending\n"); - if (BIO_get_ktls_recv(SSL_get_rbio(con))) - BIO_printf(bio_err, "Using Kernel TLS for receiving\n"); -#endif - - (void)BIO_flush(bio_s_out); -} - -static int www_body(int s, int stype, int prot, unsigned char *context) -{ - char *buf = NULL; - int ret = 1; - int i, j, k, dot; - SSL *con; - const SSL_CIPHER *c; - BIO *io, *ssl_bio, *sbio; -#ifdef RENEG - int total_bytes = 0; -#endif - int width; -#ifndef OPENSSL_NO_KTLS - int use_sendfile_for_req = use_sendfile; -#endif - fd_set readfds; - const char *opmode; -#ifdef CHARSET_EBCDIC - BIO *filter; -#endif - - /* Set width for a select call if needed */ - width = s + 1; - - /* as we use BIO_gets(), and it always null terminates data, we need - * to allocate 1 byte longer buffer to fit the full 2^14 byte record */ - buf = app_malloc(bufsize + 1, "server www buffer"); - io = BIO_new(BIO_f_buffer()); - ssl_bio = BIO_new(BIO_f_ssl()); - if ((io == NULL) || (ssl_bio == NULL)) - goto err; - - if (s_nbio) { - if (!BIO_socket_nbio(s, 1)) - ERR_print_errors(bio_err); - else if (!s_quiet) - BIO_printf(bio_err, "Turned on non blocking io\n"); - } - - /* lets make the output buffer a reasonable size */ - if (!BIO_set_write_buffer_size(io, bufsize)) - goto err; - - if ((con = SSL_new(ctx)) == NULL) - goto err; - - if (s_tlsextdebug) { - SSL_set_tlsext_debug_callback(con, tlsext_cb); - SSL_set_tlsext_debug_arg(con, bio_s_out); - } - - if (context != NULL - && !SSL_set_session_id_context(con, context, - strlen((char *)context))) { - SSL_free(con); - goto err; - } - - sbio = BIO_new_socket(s, BIO_NOCLOSE); - if (sbio == NULL) { - SSL_free(con); - goto err; - } - - if (s_nbio_test) { - BIO *test; - - test = BIO_new(BIO_f_nbio_test()); - if (test == NULL) { - SSL_free(con); - BIO_free(sbio); - goto err; - } - - sbio = BIO_push(test, sbio); - } - SSL_set_bio(con, sbio, sbio); - SSL_set_accept_state(con); - - /* No need to free |con| after this. Done by BIO_free(ssl_bio) */ - BIO_set_ssl(ssl_bio, con, BIO_CLOSE); - BIO_push(io, ssl_bio); - ssl_bio = NULL; -#ifdef CHARSET_EBCDIC - filter = BIO_new(BIO_f_ebcdic_filter()); - if (filter == NULL) - goto err; - - io = BIO_push(filter, io); -#endif - - if (s_debug) { - BIO_set_callback_ex(SSL_get_rbio(con), bio_dump_callback); - BIO_set_callback_arg(SSL_get_rbio(con), (char *)bio_s_out); - } - if (s_msg) { -#ifndef OPENSSL_NO_SSL_TRACE - if (s_msg == 2) - SSL_set_msg_callback(con, SSL_trace); - else -#endif - SSL_set_msg_callback(con, msg_cb); - SSL_set_msg_callback_arg(con, bio_s_msg ? bio_s_msg : bio_s_out); - } - - for (;;) { - i = BIO_gets(io, buf, bufsize + 1); - if (i < 0) { /* error */ - if (!BIO_should_retry(io) && !SSL_waiting_for_async(con)) { - if (!s_quiet) - ERR_print_errors(bio_err); - goto err; - } else { - BIO_printf(bio_s_out, "read R BLOCK\n"); -#ifndef OPENSSL_NO_SRP - if (BIO_should_io_special(io) - && BIO_get_retry_reason(io) == BIO_RR_SSL_X509_LOOKUP) { - BIO_printf(bio_s_out, "LOOKUP renego during read\n"); - - lookup_srp_user(&srp_callback_parm, bio_s_out); - - continue; - } -#endif - ossl_sleep(1000); - continue; - } - } else if (i == 0) { /* end of input */ - ret = 1; - goto end; - } - - /* else we have data */ - if (((www == 1) && (strncmp("GET ", buf, 4) == 0)) || - ((www == 2) && (strncmp("GET /stats ", buf, 11) == 0))) { - char *p; - X509 *peer = NULL; - STACK_OF(SSL_CIPHER) *sk; - static const char *space = " "; - - if (www == 1 && strncmp("GET /reneg", buf, 10) == 0) { - if (strncmp("GET /renegcert", buf, 14) == 0) - SSL_set_verify(con, - SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE, - NULL); - i = SSL_renegotiate(con); - BIO_printf(bio_s_out, "SSL_renegotiate -> %d\n", i); - /* Send the HelloRequest */ - i = SSL_do_handshake(con); - if (i <= 0) { - BIO_printf(bio_s_out, "SSL_do_handshake() Retval %d\n", - SSL_get_error(con, i)); - ERR_print_errors(bio_err); - goto err; - } - /* Wait for a ClientHello to come back */ - FD_ZERO(&readfds); - openssl_fdset(s, &readfds); - i = select(width, (void *)&readfds, NULL, NULL, NULL); - if (i <= 0 || !FD_ISSET(s, &readfds)) { - BIO_printf(bio_s_out, - "Error waiting for client response\n"); - ERR_print_errors(bio_err); - goto err; - } - /* - * We're not actually expecting any data here and we ignore - * any that is sent. This is just to force the handshake that - * we're expecting to come from the client. If they haven't - * sent one there's not much we can do. - */ - BIO_gets(io, buf, bufsize + 1); - } - - BIO_puts(io, - "HTTP/1.0 200 ok\r\nContent-type: text/html\r\n\r\n"); - BIO_puts(io, "\n"); - BIO_puts(io, "
\n");
-            /* BIO_puts(io, OpenSSL_version(OPENSSL_VERSION)); */
-            BIO_puts(io, "\n");
-            for (i = 0; i < local_argc; i++) {
-                const char *myp;
-                for (myp = local_argv[i]; *myp; myp++)
-                    switch (*myp) {
-                    case '<':
-                        BIO_puts(io, "<");
-                        break;
-                    case '>':
-                        BIO_puts(io, ">");
-                        break;
-                    case '&':
-                        BIO_puts(io, "&");
-                        break;
-                    default:
-                        BIO_write(io, myp, 1);
-                        break;
-                    }
-                BIO_write(io, " ", 1);
-            }
-            BIO_puts(io, "\n");
-
-            BIO_printf(io,
-                       "Secure Renegotiation IS%s supported\n",
-                       SSL_get_secure_renegotiation_support(con) ?
-                       "" : " NOT");
-
-            /*
-             * The following is evil and should not really be done
-             */
-            BIO_printf(io, "Ciphers supported in s_server binary\n");
-            sk = SSL_get_ciphers(con);
-            j = sk_SSL_CIPHER_num(sk);
-            for (i = 0; i < j; i++) {
-                c = sk_SSL_CIPHER_value(sk, i);
-                BIO_printf(io, "%-11s:%-25s ",
-                           SSL_CIPHER_get_version(c), SSL_CIPHER_get_name(c));
-                if ((((i + 1) % 2) == 0) && (i + 1 != j))
-                    BIO_puts(io, "\n");
-            }
-            BIO_puts(io, "\n");
-            p = SSL_get_shared_ciphers(con, buf, bufsize);
-            if (p != NULL) {
-                BIO_printf(io,
-                           "---\nCiphers common between both SSL end points:\n");
-                j = i = 0;
-                while (*p) {
-                    if (*p == ':') {
-                        BIO_write(io, space, 26 - j);
-                        i++;
-                        j = 0;
-                        BIO_write(io, ((i % 3) ? " " : "\n"), 1);
-                    } else {
-                        BIO_write(io, p, 1);
-                        j++;
-                    }
-                    p++;
-                }
-                BIO_puts(io, "\n");
-            }
-            ssl_print_sigalgs(io, con);
-#ifndef OPENSSL_NO_EC
-            ssl_print_groups(io, con, 0);
-#endif
-            print_ca_names(io, con);
-            BIO_printf(io, (SSL_session_reused(con)
-                            ? "---\nReused, " : "---\nNew, "));
-            c = SSL_get_current_cipher(con);
-            BIO_printf(io, "%s, Cipher is %s\n",
-                       SSL_CIPHER_get_version(c), SSL_CIPHER_get_name(c));
-            SSL_SESSION_print(io, SSL_get_session(con));
-            BIO_printf(io, "---\n");
-            print_stats(io, SSL_get_SSL_CTX(con));
-            BIO_printf(io, "---\n");
-            peer = SSL_get0_peer_certificate(con);
-            if (peer != NULL) {
-                BIO_printf(io, "Client certificate\n");
-                X509_print(io, peer);
-                PEM_write_bio_X509(io, peer);
-                peer = NULL;
-            } else {
-                BIO_puts(io, "no client certificate available\n");
-            }
-            BIO_puts(io, "
\r\n\r\n"); - break; - } else if ((www == 2 || www == 3) - && (strncmp("GET /", buf, 5) == 0)) { - BIO *file; - char *p, *e; - static const char *text = - "HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n"; - - /* skip the '/' */ - p = &(buf[5]); - - dot = 1; - for (e = p; *e != '\0'; e++) { - if (e[0] == ' ') - break; - - if (e[0] == ':') { - /* Windows drive. We treat this the same way as ".." */ - dot = -1; - break; - } - - switch (dot) { - case 1: - dot = (e[0] == '.') ? 2 : 0; - break; - case 2: - dot = (e[0] == '.') ? 3 : 0; - break; - case 3: - dot = (e[0] == '/' || e[0] == '\\') ? -1 : 0; - break; - } - if (dot == 0) - dot = (e[0] == '/' || e[0] == '\\') ? 1 : 0; - } - dot = (dot == 3) || (dot == -1); /* filename contains ".." - * component */ - - if (*e == '\0') { - BIO_puts(io, text); - BIO_printf(io, "'%s' is an invalid file name\r\n", p); - break; - } - *e = '\0'; - - if (dot) { - BIO_puts(io, text); - BIO_printf(io, "'%s' contains '..' or ':'\r\n", p); - break; - } - - if (*p == '/' || *p == '\\') { - BIO_puts(io, text); - BIO_printf(io, "'%s' is an invalid path\r\n", p); - break; - } - - /* if a directory, do the index thang */ - if (app_isdir(p) > 0) { - BIO_puts(io, text); - BIO_printf(io, "'%s' is a directory\r\n", p); - break; - } - - opmode = (http_server_binmode == 1) ? "rb" : "r"; - if ((file = BIO_new_file(p, opmode)) == NULL) { - BIO_puts(io, text); - BIO_printf(io, "Error opening '%s' mode='%s'\r\n", p, opmode); - ERR_print_errors(io); - break; - } - - if (!s_quiet) - BIO_printf(bio_err, "FILE:%s\n", p); - - if (www == 2) { - i = strlen(p); - if (((i > 5) && (strcmp(&(p[i - 5]), ".html") == 0)) || - ((i > 4) && (strcmp(&(p[i - 4]), ".php") == 0)) || - ((i > 4) && (strcmp(&(p[i - 4]), ".htm") == 0))) - BIO_puts(io, - "HTTP/1.0 200 ok\r\nContent-type: text/html\r\n\r\n"); - else - BIO_puts(io, - "HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n"); - } - /* send the file */ -#ifndef OPENSSL_NO_KTLS - if (use_sendfile_for_req && !BIO_get_ktls_send(SSL_get_wbio(con))) { - BIO_printf(bio_err, "Warning: sendfile requested but KTLS is not available\n"); - use_sendfile_for_req = 0; - } - if (use_sendfile_for_req) { - FILE *fp = NULL; - int fd; - struct stat st; - off_t offset = 0; - size_t filesize; - - BIO_get_fp(file, &fp); - fd = fileno(fp); - if (fstat(fd, &st) < 0) { - BIO_printf(io, "Error fstat '%s'\r\n", p); - ERR_print_errors(io); - goto write_error; - } - - filesize = st.st_size; - if (((int)BIO_flush(io)) < 0) - goto write_error; - - for (;;) { - i = SSL_sendfile(con, fd, offset, filesize, 0); - if (i < 0) { - BIO_printf(io, "Error SSL_sendfile '%s'\r\n", p); - ERR_print_errors(io); - break; - } else { - offset += i; - filesize -= i; - } - - if (filesize <= 0) { - if (!s_quiet) - BIO_printf(bio_err, "KTLS SENDFILE '%s' OK\n", p); - - break; - } - } - } else -#endif - { - for (;;) { - i = BIO_read(file, buf, bufsize); - if (i <= 0) - break; - -#ifdef RENEG - total_bytes += i; - BIO_printf(bio_err, "%d\n", i); - if (total_bytes > 3 * 1024) { - total_bytes = 0; - BIO_printf(bio_err, "RENEGOTIATE\n"); - SSL_renegotiate(con); - } -#endif - - for (j = 0; j < i;) { -#ifdef RENEG - static count = 0; - if (++count == 13) - SSL_renegotiate(con); -#endif - k = BIO_write(io, &(buf[j]), i - j); - if (k <= 0) { - if (!BIO_should_retry(io) - && !SSL_waiting_for_async(con)) { - goto write_error; - } else { - BIO_printf(bio_s_out, "rwrite W BLOCK\n"); - } - } else { - j += k; - } - } - } - } - write_error: - BIO_free(file); - break; - } - } - - for (;;) { - i = (int)BIO_flush(io); - if (i <= 0) { - if (!BIO_should_retry(io)) - break; - } else - break; - } - end: - /* make sure we re-use sessions */ - do_ssl_shutdown(con); - - err: - OPENSSL_free(buf); - BIO_free(ssl_bio); - BIO_free_all(io); - return ret; -} - -static int rev_body(int s, int stype, int prot, unsigned char *context) -{ - char *buf = NULL; - int i; - int ret = 1; - SSL *con; - BIO *io, *ssl_bio, *sbio; -#ifdef CHARSET_EBCDIC - BIO *filter; -#endif - - /* as we use BIO_gets(), and it always null terminates data, we need - * to allocate 1 byte longer buffer to fit the full 2^14 byte record */ - buf = app_malloc(bufsize + 1, "server rev buffer"); - io = BIO_new(BIO_f_buffer()); - ssl_bio = BIO_new(BIO_f_ssl()); - if ((io == NULL) || (ssl_bio == NULL)) - goto err; - - /* lets make the output buffer a reasonable size */ - if (!BIO_set_write_buffer_size(io, bufsize)) - goto err; - - if ((con = SSL_new(ctx)) == NULL) - goto err; - - if (s_tlsextdebug) { - SSL_set_tlsext_debug_callback(con, tlsext_cb); - SSL_set_tlsext_debug_arg(con, bio_s_out); - } - if (context != NULL - && !SSL_set_session_id_context(con, context, - strlen((char *)context))) { - SSL_free(con); - ERR_print_errors(bio_err); - goto err; - } - - sbio = BIO_new_socket(s, BIO_NOCLOSE); - if (sbio == NULL) { - SSL_free(con); - ERR_print_errors(bio_err); - goto err; - } - - SSL_set_bio(con, sbio, sbio); - SSL_set_accept_state(con); - - /* No need to free |con| after this. Done by BIO_free(ssl_bio) */ - BIO_set_ssl(ssl_bio, con, BIO_CLOSE); - BIO_push(io, ssl_bio); - ssl_bio = NULL; -#ifdef CHARSET_EBCDIC - filter = BIO_new(BIO_f_ebcdic_filter()); - if (filter == NULL) - goto err; - - io = BIO_push(filter, io); -#endif - - if (s_debug) { - BIO_set_callback_ex(SSL_get_rbio(con), bio_dump_callback); - BIO_set_callback_arg(SSL_get_rbio(con), (char *)bio_s_out); - } - if (s_msg) { -#ifndef OPENSSL_NO_SSL_TRACE - if (s_msg == 2) - SSL_set_msg_callback(con, SSL_trace); - else -#endif - SSL_set_msg_callback(con, msg_cb); - SSL_set_msg_callback_arg(con, bio_s_msg ? bio_s_msg : bio_s_out); - } - - for (;;) { - i = BIO_do_handshake(io); - if (i > 0) - break; - if (!BIO_should_retry(io)) { - BIO_puts(bio_err, "CONNECTION FAILURE\n"); - ERR_print_errors(bio_err); - goto end; - } -#ifndef OPENSSL_NO_SRP - if (BIO_should_io_special(io) - && BIO_get_retry_reason(io) == BIO_RR_SSL_X509_LOOKUP) { - BIO_printf(bio_s_out, "LOOKUP renego during accept\n"); - - lookup_srp_user(&srp_callback_parm, bio_s_out); - - continue; - } -#endif - } - BIO_printf(bio_err, "CONNECTION ESTABLISHED\n"); - print_ssl_summary(con); - - for (;;) { - i = BIO_gets(io, buf, bufsize + 1); - if (i < 0) { /* error */ - if (!BIO_should_retry(io)) { - if (!s_quiet) - ERR_print_errors(bio_err); - goto err; - } else { - BIO_printf(bio_s_out, "read R BLOCK\n"); -#ifndef OPENSSL_NO_SRP - if (BIO_should_io_special(io) - && BIO_get_retry_reason(io) == BIO_RR_SSL_X509_LOOKUP) { - BIO_printf(bio_s_out, "LOOKUP renego during read\n"); - - lookup_srp_user(&srp_callback_parm, bio_s_out); - - continue; - } -#endif - ossl_sleep(1000); - continue; - } - } else if (i == 0) { /* end of input */ - ret = 1; - BIO_printf(bio_err, "CONNECTION CLOSED\n"); - goto end; - } else { - char *p = buf + i - 1; - while (i && (*p == '\n' || *p == '\r')) { - p--; - i--; - } - if (!s_ign_eof && (i == 5) && (strncmp(buf, "CLOSE", 5) == 0)) { - ret = 1; - BIO_printf(bio_err, "CONNECTION CLOSED\n"); - goto end; - } - BUF_reverse((unsigned char *)buf, NULL, i); - buf[i] = '\n'; - BIO_write(io, buf, i + 1); - for (;;) { - i = BIO_flush(io); - if (i > 0) - break; - if (!BIO_should_retry(io)) - goto end; - } - } - } - end: - /* make sure we re-use sessions */ - do_ssl_shutdown(con); - - err: - - OPENSSL_free(buf); - BIO_free(ssl_bio); - BIO_free_all(io); - return ret; -} - -#define MAX_SESSION_ID_ATTEMPTS 10 -static int generate_session_id(SSL *ssl, unsigned char *id, - unsigned int *id_len) -{ - unsigned int count = 0; - unsigned int session_id_prefix_len = strlen(session_id_prefix); - - do { - if (RAND_bytes(id, *id_len) <= 0) - return 0; - /* - * Prefix the session_id with the required prefix. NB: If our prefix - * is too long, clip it - but there will be worse effects anyway, eg. - * the server could only possibly create 1 session ID (ie. the - * prefix!) so all future session negotiations will fail due to - * conflicts. - */ - memcpy(id, session_id_prefix, - (session_id_prefix_len < *id_len) ? - session_id_prefix_len : *id_len); - } - while (SSL_has_matching_session_id(ssl, id, *id_len) && - (++count < MAX_SESSION_ID_ATTEMPTS)); - if (count >= MAX_SESSION_ID_ATTEMPTS) - return 0; - return 1; -} - -/* - * By default s_server uses an in-memory cache which caches SSL_SESSION - * structures without any serialization. This hides some bugs which only - * become apparent in deployed servers. By implementing a basic external - * session cache some issues can be debugged using s_server. - */ - -typedef struct simple_ssl_session_st { - unsigned char *id; - unsigned int idlen; - unsigned char *der; - int derlen; - struct simple_ssl_session_st *next; -} simple_ssl_session; - -static simple_ssl_session *first = NULL; - -static int add_session(SSL *ssl, SSL_SESSION *session) -{ - simple_ssl_session *sess = app_malloc(sizeof(*sess), "get session"); - unsigned char *p; - - SSL_SESSION_get_id(session, &sess->idlen); - sess->derlen = i2d_SSL_SESSION(session, NULL); - if (sess->derlen < 0) { - BIO_printf(bio_err, "Error encoding session\n"); - OPENSSL_free(sess); - return 0; - } - - sess->id = OPENSSL_memdup(SSL_SESSION_get_id(session, NULL), sess->idlen); - sess->der = app_malloc(sess->derlen, "get session buffer"); - if (!sess->id) { - BIO_printf(bio_err, "Out of memory adding to external cache\n"); - OPENSSL_free(sess->id); - OPENSSL_free(sess->der); - OPENSSL_free(sess); - return 0; - } - p = sess->der; - - /* Assume it still works. */ - if (i2d_SSL_SESSION(session, &p) != sess->derlen) { - BIO_printf(bio_err, "Unexpected session encoding length\n"); - OPENSSL_free(sess->id); - OPENSSL_free(sess->der); - OPENSSL_free(sess); - return 0; - } - - sess->next = first; - first = sess; - BIO_printf(bio_err, "New session added to external cache\n"); - return 0; -} - -static SSL_SESSION *get_session(SSL *ssl, const unsigned char *id, int idlen, - int *do_copy) -{ - simple_ssl_session *sess; - *do_copy = 0; - for (sess = first; sess; sess = sess->next) { - if (idlen == (int)sess->idlen && !memcmp(sess->id, id, idlen)) { - const unsigned char *p = sess->der; - BIO_printf(bio_err, "Lookup session: cache hit\n"); - return d2i_SSL_SESSION(NULL, &p, sess->derlen); - } - } - BIO_printf(bio_err, "Lookup session: cache miss\n"); - return NULL; -} - -static void del_session(SSL_CTX *sctx, SSL_SESSION *session) -{ - simple_ssl_session *sess, *prev = NULL; - const unsigned char *id; - unsigned int idlen; - id = SSL_SESSION_get_id(session, &idlen); - for (sess = first; sess; sess = sess->next) { - if (idlen == sess->idlen && !memcmp(sess->id, id, idlen)) { - if (prev) - prev->next = sess->next; - else - first = sess->next; - OPENSSL_free(sess->id); - OPENSSL_free(sess->der); - OPENSSL_free(sess); - return; - } - prev = sess; - } -} - -static void init_session_cache_ctx(SSL_CTX *sctx) -{ - SSL_CTX_set_session_cache_mode(sctx, - SSL_SESS_CACHE_NO_INTERNAL | - SSL_SESS_CACHE_SERVER); - SSL_CTX_sess_set_new_cb(sctx, add_session); - SSL_CTX_sess_set_get_cb(sctx, get_session); - SSL_CTX_sess_set_remove_cb(sctx, del_session); -} - -static void free_sessions(void) -{ - simple_ssl_session *sess, *tsess; - for (sess = first; sess;) { - OPENSSL_free(sess->id); - OPENSSL_free(sess->der); - tsess = sess; - sess = sess->next; - OPENSSL_free(tsess); - } - first = NULL; -} - -#endif /* OPENSSL_NO_SOCK */ diff --git a/apps/s_time.c b/apps/s_time.c deleted file mode 100644 index 1a58e19de53fe7eeaa3c469df6aa54534e32ca35..0000000000000000000000000000000000000000 --- a/apps/s_time.c +++ /dev/null @@ -1,473 +0,0 @@ -/* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include - -#include - -#ifndef OPENSSL_NO_SOCK - -#include "apps.h" -#include "progs.h" -#include -#include -#include -#include "s_apps.h" -#include -#include "internal/sockets.h" -#if !defined(OPENSSL_SYS_MSDOS) -# include -#endif - -#define SSL_CONNECT_NAME "localhost:4433" - -#define SECONDS 30 -#define SECONDSSTR "30" - -static SSL *doConnection(SSL *scon, const char *host, SSL_CTX *ctx); - -/* - * Define a HTTP get command globally. - * Also define the size of the command, this is two bytes less than - * the size of the string because the %s is replaced by the URL. - */ -static const char fmt_http_get_cmd[] = "GET %s HTTP/1.0\r\n\r\n"; -static const size_t fmt_http_get_cmd_size = sizeof(fmt_http_get_cmd) - 2; - -typedef enum OPTION_choice { - OPT_COMMON, - OPT_CONNECT, OPT_CIPHER, OPT_CIPHERSUITES, OPT_CERT, OPT_NAMEOPT, OPT_KEY, - OPT_CAPATH, OPT_CAFILE, OPT_CASTORE, - OPT_NOCAPATH, OPT_NOCAFILE, OPT_NOCASTORE, - OPT_NEW, OPT_REUSE, OPT_BUGS, OPT_VERIFY, OPT_TIME, OPT_SSL3, - OPT_WWW, OPT_TLS1, OPT_TLS1_1, OPT_TLS1_2, OPT_TLS1_3, - OPT_PROV_ENUM -} OPTION_CHOICE; - -const OPTIONS s_time_options[] = { - OPT_SECTION("General"), - {"help", OPT_HELP, '-', "Display this summary"}, - - OPT_SECTION("Connection"), - {"connect", OPT_CONNECT, 's', - "Where to connect as post:port (default is " SSL_CONNECT_NAME ")"}, - {"new", OPT_NEW, '-', "Just time new connections"}, - {"reuse", OPT_REUSE, '-', "Just time connection reuse"}, - {"bugs", OPT_BUGS, '-', "Turn on SSL bug compatibility"}, - {"cipher", OPT_CIPHER, 's', "TLSv1.2 and below cipher list to be used"}, - {"ciphersuites", OPT_CIPHERSUITES, 's', - "Specify TLSv1.3 ciphersuites to be used"}, -#ifndef OPENSSL_NO_SSL3 - {"ssl3", OPT_SSL3, '-', "Just use SSLv3"}, -#endif -#ifndef OPENSSL_NO_TLS1 - {"tls1", OPT_TLS1, '-', "Just use TLSv1.0"}, -#endif -#ifndef OPENSSL_NO_TLS1_1 - {"tls1_1", OPT_TLS1_1, '-', "Just use TLSv1.1"}, -#endif -#ifndef OPENSSL_NO_TLS1_2 - {"tls1_2", OPT_TLS1_2, '-', "Just use TLSv1.2"}, -#endif -#ifndef OPENSSL_NO_TLS1_3 - {"tls1_3", OPT_TLS1_3, '-', "Just use TLSv1.3"}, -#endif - {"verify", OPT_VERIFY, 'p', - "Turn on peer certificate verification, set depth"}, - {"time", OPT_TIME, 'p', "Seconds to collect data, default " SECONDSSTR}, - {"www", OPT_WWW, 's', "Fetch specified page from the site"}, - - OPT_SECTION("Certificate"), - {"nameopt", OPT_NAMEOPT, 's', "Certificate subject/issuer name printing options"}, - {"cert", OPT_CERT, '<', "Cert file to use, PEM format assumed"}, - {"key", OPT_KEY, '<', "File with key, PEM; default is -cert file"}, - {"cafile", OPT_CAFILE, '<', "PEM format file of CA's"}, - {"CAfile", OPT_CAFILE, '<', "PEM format file of CA's"}, - {"CApath", OPT_CAPATH, '/', "PEM format directory of CA's"}, - {"CAstore", OPT_CASTORE, ':', "URI to store of CA's"}, - {"no-CAfile", OPT_NOCAFILE, '-', - "Do not load the default certificates file"}, - {"no-CApath", OPT_NOCAPATH, '-', - "Do not load certificates from the default certificates directory"}, - {"no-CAstore", OPT_NOCASTORE, '-', - "Do not load certificates from the default certificates store URI"}, - - OPT_PROV_OPTIONS, - {NULL} -}; - -#define START 0 -#define STOP 1 - -static double tm_Time_F(int s) -{ - return app_tminterval(s, 1); -} - -int s_time_main(int argc, char **argv) -{ - char buf[1024 * 8]; - SSL *scon = NULL; - SSL_CTX *ctx = NULL; - const SSL_METHOD *meth = NULL; - char *CApath = NULL, *CAfile = NULL, *CAstore = NULL; - char *cipher = NULL, *ciphersuites = NULL; - char *www_path = NULL; - char *host = SSL_CONNECT_NAME, *certfile = NULL, *keyfile = NULL, *prog; - double totalTime = 0.0; - int noCApath = 0, noCAfile = 0, noCAstore = 0; - int maxtime = SECONDS, nConn = 0, perform = 3, ret = 1, i, st_bugs = 0; - long bytes_read = 0, finishtime = 0; - OPTION_CHOICE o; - int min_version = 0, max_version = 0, ver, buf_len, fd; - size_t buf_size; - - meth = TLS_client_method(); - - prog = opt_init(argc, argv, s_time_options); - while ((o = opt_next()) != OPT_EOF) { - switch (o) { - case OPT_EOF: - case OPT_ERR: - opthelp: - BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); - goto end; - case OPT_HELP: - opt_help(s_time_options); - ret = 0; - goto end; - case OPT_CONNECT: - host = opt_arg(); - break; - case OPT_REUSE: - perform = 2; - break; - case OPT_NEW: - perform = 1; - break; - case OPT_VERIFY: - verify_args.depth = opt_int_arg(); - BIO_printf(bio_err, "%s: verify depth is %d\n", - prog, verify_args.depth); - break; - case OPT_CERT: - certfile = opt_arg(); - break; - case OPT_NAMEOPT: - if (!set_nameopt(opt_arg())) - goto end; - break; - case OPT_KEY: - keyfile = opt_arg(); - break; - case OPT_CAPATH: - CApath = opt_arg(); - break; - case OPT_CAFILE: - CAfile = opt_arg(); - break; - case OPT_NOCAPATH: - noCApath = 1; - break; - case OPT_NOCAFILE: - noCAfile = 1; - break; - case OPT_CASTORE: - CAstore = opt_arg(); - break; - case OPT_NOCASTORE: - noCAstore = 1; - break; - case OPT_CIPHER: - cipher = opt_arg(); - break; - case OPT_CIPHERSUITES: - ciphersuites = opt_arg(); - break; - case OPT_BUGS: - st_bugs = 1; - break; - case OPT_TIME: - maxtime = opt_int_arg(); - break; - case OPT_WWW: - www_path = opt_arg(); - buf_size = strlen(www_path) + fmt_http_get_cmd_size; - if (buf_size > sizeof(buf)) { - BIO_printf(bio_err, "%s: -www option is too long\n", prog); - goto end; - } - break; - case OPT_SSL3: - min_version = SSL3_VERSION; - max_version = SSL3_VERSION; - break; - case OPT_TLS1: - min_version = TLS1_VERSION; - max_version = TLS1_VERSION; - break; - case OPT_TLS1_1: - min_version = TLS1_1_VERSION; - max_version = TLS1_1_VERSION; - break; - case OPT_TLS1_2: - min_version = TLS1_2_VERSION; - max_version = TLS1_2_VERSION; - break; - case OPT_TLS1_3: - min_version = TLS1_3_VERSION; - max_version = TLS1_3_VERSION; - break; - case OPT_PROV_CASES: - if (!opt_provider(o)) - goto end; - break; - } - } - - /* No extra arguments. */ - argc = opt_num_rest(); - if (argc != 0) - goto opthelp; - - if (cipher == NULL) - cipher = getenv("SSL_CIPHER"); - - if ((ctx = SSL_CTX_new(meth)) == NULL) - goto end; - - SSL_CTX_set_quiet_shutdown(ctx, 1); - if (SSL_CTX_set_min_proto_version(ctx, min_version) == 0) - goto end; - if (SSL_CTX_set_max_proto_version(ctx, max_version) == 0) - goto end; - - if (st_bugs) - SSL_CTX_set_options(ctx, SSL_OP_ALL); - if (cipher != NULL && !SSL_CTX_set_cipher_list(ctx, cipher)) - goto end; - if (ciphersuites != NULL && !SSL_CTX_set_ciphersuites(ctx, ciphersuites)) - goto end; - if (!set_cert_stuff(ctx, certfile, keyfile)) - goto end; - - if (!ctx_set_verify_locations(ctx, CAfile, noCAfile, CApath, noCApath, - CAstore, noCAstore)) { - ERR_print_errors(bio_err); - goto end; - } - if (!(perform & 1)) - goto next; - printf("Collecting connection statistics for %d seconds\n", maxtime); - - /* Loop and time how long it takes to make connections */ - - bytes_read = 0; - finishtime = (long)time(NULL) + maxtime; - tm_Time_F(START); - for (;;) { - if (finishtime < (long)time(NULL)) - break; - - if ((scon = doConnection(NULL, host, ctx)) == NULL) - goto end; - - if (www_path != NULL) { - buf_len = BIO_snprintf(buf, sizeof(buf), fmt_http_get_cmd, - www_path); - if (buf_len <= 0 || SSL_write(scon, buf, buf_len) <= 0) - goto end; - while ((i = SSL_read(scon, buf, sizeof(buf))) > 0) - bytes_read += i; - } - SSL_set_shutdown(scon, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN); - BIO_closesocket(SSL_get_fd(scon)); - - nConn += 1; - if (SSL_session_reused(scon)) { - ver = 'r'; - } else { - ver = SSL_version(scon); - if (ver == TLS1_VERSION) - ver = 't'; - else if (ver == SSL3_VERSION) - ver = '3'; - else - ver = '*'; - } - fputc(ver, stdout); - fflush(stdout); - - SSL_free(scon); - scon = NULL; - } - totalTime += tm_Time_F(STOP); /* Add the time for this iteration */ - - i = (int)((long)time(NULL) - finishtime + maxtime); - printf - ("\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n", - nConn, totalTime, ((double)nConn / totalTime), bytes_read); - printf - ("%d connections in %ld real seconds, %ld bytes read per connection\n", - nConn, (long)time(NULL) - finishtime + maxtime, - nConn > 0 ? bytes_read / nConn : 0l); - - /* - * Now loop and time connections using the same session id over and over - */ - - next: - if (!(perform & 2)) - goto end; - printf("\n\nNow timing with session id reuse.\n"); - - /* Get an SSL object so we can reuse the session id */ - if ((scon = doConnection(NULL, host, ctx)) == NULL) { - BIO_printf(bio_err, "Unable to get connection\n"); - goto end; - } - - if (www_path != NULL) { - buf_len = BIO_snprintf(buf, sizeof(buf), fmt_http_get_cmd, www_path); - if (buf_len <= 0 || SSL_write(scon, buf, buf_len) <= 0) - goto end; - while ((i = SSL_read(scon, buf, sizeof(buf))) > 0) - continue; - } - SSL_set_shutdown(scon, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN); - if ((fd = SSL_get_fd(scon)) >= 0) - BIO_closesocket(fd); - - nConn = 0; - totalTime = 0.0; - - finishtime = (long)time(NULL) + maxtime; - - printf("starting\n"); - bytes_read = 0; - tm_Time_F(START); - - for (;;) { - if (finishtime < (long)time(NULL)) - break; - - if ((doConnection(scon, host, ctx)) == NULL) - goto end; - - if (www_path != NULL) { - buf_len = BIO_snprintf(buf, sizeof(buf), fmt_http_get_cmd, - www_path); - if (buf_len <= 0 || SSL_write(scon, buf, buf_len) <= 0) - goto end; - while ((i = SSL_read(scon, buf, sizeof(buf))) > 0) - bytes_read += i; - } - SSL_set_shutdown(scon, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN); - if ((fd = SSL_get_fd(scon)) >= 0) - BIO_closesocket(fd); - - nConn += 1; - if (SSL_session_reused(scon)) { - ver = 'r'; - } else { - ver = SSL_version(scon); - if (ver == TLS1_VERSION) - ver = 't'; - else if (ver == SSL3_VERSION) - ver = '3'; - else - ver = '*'; - } - fputc(ver, stdout); - fflush(stdout); - } - totalTime += tm_Time_F(STOP); /* Add the time for this iteration */ - - printf - ("\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n", - nConn, totalTime, ((double)nConn / totalTime), bytes_read); - if (nConn > 0) - printf - ("%d connections in %ld real seconds, %ld bytes read per connection\n", - nConn, (long)time(NULL) - finishtime + maxtime, bytes_read / nConn); - else - printf("0 connections in %ld real seconds\n", - (long)time(NULL) - finishtime + maxtime); - ret = 0; - - end: - SSL_free(scon); - SSL_CTX_free(ctx); - return ret; -} - -/*- - * doConnection - make a connection - */ -static SSL *doConnection(SSL *scon, const char *host, SSL_CTX *ctx) -{ - BIO *conn; - SSL *serverCon; - int i; - - if ((conn = BIO_new(BIO_s_connect())) == NULL) - return NULL; - - if (BIO_set_conn_hostname(conn, host) <= 0 - || BIO_set_conn_mode(conn, BIO_SOCK_NODELAY) <= 0) { - BIO_free(conn); - return NULL; - } - - if (scon == NULL) { - serverCon = SSL_new(ctx); - if (serverCon == NULL) { - BIO_free(conn); - return NULL; - } - } else { - serverCon = scon; - SSL_set_connect_state(serverCon); - } - - SSL_set_bio(serverCon, conn, conn); - - /* ok, lets connect */ - i = SSL_connect(serverCon); - if (i <= 0) { - BIO_printf(bio_err, "ERROR\n"); - if (verify_args.error != X509_V_OK) - BIO_printf(bio_err, "verify error:%s\n", - X509_verify_cert_error_string(verify_args.error)); - else - ERR_print_errors(bio_err); - if (scon == NULL) - SSL_free(serverCon); - return NULL; - } - -#if defined(SOL_SOCKET) && defined(SO_LINGER) - { - struct linger no_linger; - int fd; - - no_linger.l_onoff = 1; - no_linger.l_linger = 0; - fd = SSL_get_fd(serverCon); - if (fd >= 0) - (void)setsockopt(fd, SOL_SOCKET, SO_LINGER, (char*)&no_linger, - sizeof(no_linger)); - } -#endif - - return serverCon; -} -#endif /* OPENSSL_NO_SOCK */ diff --git a/apps/sess_id.c b/apps/sess_id.c deleted file mode 100644 index 714c0f77877e17894349aad659c11631e1e326d2..0000000000000000000000000000000000000000 --- a/apps/sess_id.c +++ /dev/null @@ -1,198 +0,0 @@ -/* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include "apps.h" -#include "progs.h" -#include -#include -#include -#include -#include - -typedef enum OPTION_choice { - OPT_COMMON, - OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, - OPT_TEXT, OPT_CERT, OPT_NOOUT, OPT_CONTEXT -} OPTION_CHOICE; - -const OPTIONS sess_id_options[] = { - OPT_SECTION("General"), - {"help", OPT_HELP, '-', "Display this summary"}, - {"context", OPT_CONTEXT, 's', "Set the session ID context"}, - - OPT_SECTION("Input"), - {"in", OPT_IN, 's', "Input file - default stdin"}, - {"inform", OPT_INFORM, 'F', "Input format - default PEM (DER or PEM)"}, - - OPT_SECTION("Output"), - {"out", OPT_OUT, '>', "Output file - default stdout"}, - {"outform", OPT_OUTFORM, 'f', - "Output format - default PEM (PEM, DER or NSS)"}, - {"text", OPT_TEXT, '-', "Print ssl session id details"}, - {"cert", OPT_CERT, '-', "Output certificate "}, - {"noout", OPT_NOOUT, '-', "Don't output the encoded session info"}, - {NULL} -}; - -static SSL_SESSION *load_sess_id(char *file, int format); - -int sess_id_main(int argc, char **argv) -{ - SSL_SESSION *x = NULL; - X509 *peer = NULL; - BIO *out = NULL; - char *infile = NULL, *outfile = NULL, *context = NULL, *prog; - int informat = FORMAT_PEM, outformat = FORMAT_PEM; - int cert = 0, noout = 0, text = 0, ret = 1, i, num = 0; - OPTION_CHOICE o; - - prog = opt_init(argc, argv, sess_id_options); - while ((o = opt_next()) != OPT_EOF) { - switch (o) { - case OPT_EOF: - case OPT_ERR: - opthelp: - BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); - goto end; - case OPT_HELP: - opt_help(sess_id_options); - ret = 0; - goto end; - case OPT_INFORM: - if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &informat)) - goto opthelp; - break; - case OPT_OUTFORM: - if (!opt_format(opt_arg(), OPT_FMT_PEMDER | OPT_FMT_NSS, - &outformat)) - goto opthelp; - break; - case OPT_IN: - infile = opt_arg(); - break; - case OPT_OUT: - outfile = opt_arg(); - break; - case OPT_TEXT: - text = ++num; - break; - case OPT_CERT: - cert = ++num; - break; - case OPT_NOOUT: - noout = ++num; - break; - case OPT_CONTEXT: - context = opt_arg(); - break; - } - } - - /* No extra arguments. */ - argc = opt_num_rest(); - if (argc != 0) - goto opthelp; - - x = load_sess_id(infile, informat); - if (x == NULL) { - goto end; - } - peer = SSL_SESSION_get0_peer(x); - - if (context != NULL) { - size_t ctx_len = strlen(context); - if (ctx_len > SSL_MAX_SID_CTX_LENGTH) { - BIO_printf(bio_err, "Context too long\n"); - goto end; - } - if (!SSL_SESSION_set1_id_context(x, (unsigned char *)context, - ctx_len)) { - BIO_printf(bio_err, "Error setting id context\n"); - goto end; - } - } - - if (!noout || text) { - out = bio_open_default(outfile, 'w', outformat); - if (out == NULL) - goto end; - } - - if (text) { - SSL_SESSION_print(out, x); - - if (cert) { - if (peer == NULL) - BIO_puts(out, "No certificate present\n"); - else - X509_print(out, peer); - } - } - - if (!noout && !cert) { - if (outformat == FORMAT_ASN1) { - i = i2d_SSL_SESSION_bio(out, x); - } else if (outformat == FORMAT_PEM) { - i = PEM_write_bio_SSL_SESSION(out, x); - } else if (outformat == FORMAT_NSS) { - i = SSL_SESSION_print_keylog(out, x); - } else { - BIO_printf(bio_err, "bad output format specified for outfile\n"); - goto end; - } - if (!i) { - BIO_printf(bio_err, "unable to write SSL_SESSION\n"); - goto end; - } - } else if (!noout && (peer != NULL)) { /* just print the certificate */ - if (outformat == FORMAT_ASN1) { - i = (int)i2d_X509_bio(out, peer); - } else if (outformat == FORMAT_PEM) { - i = PEM_write_bio_X509(out, peer); - } else { - BIO_printf(bio_err, "bad output format specified for outfile\n"); - goto end; - } - if (!i) { - BIO_printf(bio_err, "unable to write X509\n"); - goto end; - } - } - ret = 0; - end: - BIO_free_all(out); - SSL_SESSION_free(x); - return ret; -} - -static SSL_SESSION *load_sess_id(char *infile, int format) -{ - SSL_SESSION *x = NULL; - BIO *in = NULL; - - in = bio_open_default(infile, 'r', format); - if (in == NULL) - goto end; - if (format == FORMAT_ASN1) - x = d2i_SSL_SESSION_bio(in, NULL); - else - x = PEM_read_bio_SSL_SESSION(in, NULL, NULL, NULL); - if (x == NULL) { - BIO_printf(bio_err, "unable to load SSL_SESSION\n"); - ERR_print_errors(bio_err); - goto end; - } - - end: - BIO_free(in); - return x; -} diff --git a/apps/smime.c b/apps/smime.c deleted file mode 100644 index a2ff0b5be75c834894be863a74155e1f09b39f68..0000000000000000000000000000000000000000 --- a/apps/smime.c +++ /dev/null @@ -1,709 +0,0 @@ -/* - * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* S/MIME utility function */ - -#include -#include -#include "apps.h" -#include "progs.h" -#include -#include -#include -#include -#include - -static int save_certs(char *signerfile, STACK_OF(X509) *signers); -static int smime_cb(int ok, X509_STORE_CTX *ctx); - -#define SMIME_OP 0x10 -#define SMIME_IP 0x20 -#define SMIME_SIGNERS 0x40 -#define SMIME_ENCRYPT (1 | SMIME_OP) -#define SMIME_DECRYPT (2 | SMIME_IP) -#define SMIME_SIGN (3 | SMIME_OP | SMIME_SIGNERS) -#define SMIME_VERIFY (4 | SMIME_IP) -#define SMIME_PK7OUT (5 | SMIME_IP | SMIME_OP) -#define SMIME_RESIGN (6 | SMIME_IP | SMIME_OP | SMIME_SIGNERS) - -typedef enum OPTION_choice { - OPT_COMMON, - OPT_ENCRYPT, OPT_DECRYPT, OPT_SIGN, OPT_RESIGN, OPT_VERIFY, - OPT_PK7OUT, OPT_TEXT, OPT_NOINTERN, OPT_NOVERIFY, OPT_NOCHAIN, - OPT_NOCERTS, OPT_NOATTR, OPT_NODETACH, OPT_NOSMIMECAP, - OPT_BINARY, OPT_NOSIGS, OPT_STREAM, OPT_INDEF, OPT_NOINDEF, - OPT_CRLFEOL, OPT_ENGINE, OPT_PASSIN, - OPT_TO, OPT_FROM, OPT_SUBJECT, OPT_SIGNER, OPT_RECIP, OPT_MD, - OPT_CIPHER, OPT_INKEY, OPT_KEYFORM, OPT_CERTFILE, OPT_CAFILE, - OPT_CAPATH, OPT_CASTORE, OPT_NOCAFILE, OPT_NOCAPATH, OPT_NOCASTORE, - OPT_R_ENUM, OPT_PROV_ENUM, OPT_CONFIG, - OPT_V_ENUM, - OPT_IN, OPT_INFORM, OPT_OUT, - OPT_OUTFORM, OPT_CONTENT -} OPTION_CHOICE; - -const OPTIONS smime_options[] = { - {OPT_HELP_STR, 1, '-', "Usage: %s [options] [cert...]\n"}, - - OPT_SECTION("General"), - {"help", OPT_HELP, '-', "Display this summary"}, - {"in", OPT_IN, '<', "Input file"}, - {"inform", OPT_INFORM, 'c', "Input format SMIME (default), PEM or DER"}, - {"out", OPT_OUT, '>', "Output file"}, - {"outform", OPT_OUTFORM, 'c', - "Output format SMIME (default), PEM or DER"}, - {"inkey", OPT_INKEY, 's', - "Input private key (if not signer or recipient)"}, - {"keyform", OPT_KEYFORM, 'f', "Input private key format (ENGINE, other values ignored)"}, -#ifndef OPENSSL_NO_ENGINE - {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, -#endif - {"stream", OPT_STREAM, '-', "Enable CMS streaming" }, - {"indef", OPT_INDEF, '-', "Same as -stream" }, - {"noindef", OPT_NOINDEF, '-', "Disable CMS streaming"}, - OPT_CONFIG_OPTION, - - OPT_SECTION("Action"), - {"encrypt", OPT_ENCRYPT, '-', "Encrypt message"}, - {"decrypt", OPT_DECRYPT, '-', "Decrypt encrypted message"}, - {"sign", OPT_SIGN, '-', "Sign message"}, - {"resign", OPT_RESIGN, '-', "Resign a signed message"}, - {"verify", OPT_VERIFY, '-', "Verify signed message"}, - - OPT_SECTION("Signing/Encryption"), - {"passin", OPT_PASSIN, 's', "Input file pass phrase source"}, - {"md", OPT_MD, 's', "Digest algorithm to use when signing or resigning"}, - {"", OPT_CIPHER, '-', "Any supported cipher"}, - {"pk7out", OPT_PK7OUT, '-', "Output PKCS#7 structure"}, - {"nointern", OPT_NOINTERN, '-', - "Don't search certificates in message for signer"}, - {"nodetach", OPT_NODETACH, '-', "Use opaque signing"}, - {"noattr", OPT_NOATTR, '-', "Don't include any signed attributes"}, - {"binary", OPT_BINARY, '-', "Don't translate message to text"}, - {"signer", OPT_SIGNER, 's', "Signer certificate file"}, - {"content", OPT_CONTENT, '<', - "Supply or override content for detached signature"}, - {"nocerts", OPT_NOCERTS, '-', - "Don't include signers certificate when signing"}, - - OPT_SECTION("Verification/Decryption"), - {"nosigs", OPT_NOSIGS, '-', "Don't verify message signature"}, - {"noverify", OPT_NOVERIFY, '-', "Don't verify signers certificate"}, - - {"certfile", OPT_CERTFILE, '<', "Other certificates file"}, - {"recip", OPT_RECIP, '<', "Recipient certificate file for decryption"}, - - OPT_SECTION("Email"), - {"to", OPT_TO, 's', "To address"}, - {"from", OPT_FROM, 's', "From address"}, - {"subject", OPT_SUBJECT, 's', "Subject"}, - {"text", OPT_TEXT, '-', "Include or delete text MIME headers"}, - {"nosmimecap", OPT_NOSMIMECAP, '-', "Omit the SMIMECapabilities attribute"}, - - OPT_SECTION("Certificate chain"), - {"CApath", OPT_CAPATH, '/', "Trusted certificates directory"}, - {"CAfile", OPT_CAFILE, '<', "Trusted certificates file"}, - {"CAstore", OPT_CASTORE, ':', "Trusted certificates store URI"}, - {"no-CAfile", OPT_NOCAFILE, '-', - "Do not load the default certificates file"}, - {"no-CApath", OPT_NOCAPATH, '-', - "Do not load certificates from the default certificates directory"}, - {"no-CAstore", OPT_NOCASTORE, '-', - "Do not load certificates from the default certificates store"}, - {"nochain", OPT_NOCHAIN, '-', - "set PKCS7_NOCHAIN so certificates contained in the message are not used as untrusted CAs" }, - {"crlfeol", OPT_CRLFEOL, '-', "Use CRLF as EOL termination instead of CR only"}, - - OPT_R_OPTIONS, - OPT_V_OPTIONS, - OPT_PROV_OPTIONS, - - OPT_PARAMETERS(), - {"cert", 0, 0, "Recipient certs, used when encrypting"}, - {NULL} -}; - -int smime_main(int argc, char **argv) -{ - CONF *conf = NULL; - BIO *in = NULL, *out = NULL, *indata = NULL; - EVP_PKEY *key = NULL; - PKCS7 *p7 = NULL; - STACK_OF(OPENSSL_STRING) *sksigners = NULL, *skkeys = NULL; - STACK_OF(X509) *encerts = NULL, *other = NULL; - X509 *cert = NULL, *recip = NULL, *signer = NULL; - X509_STORE *store = NULL; - X509_VERIFY_PARAM *vpm = NULL; - EVP_CIPHER *cipher = NULL; - EVP_MD *sign_md = NULL; - const char *CAfile = NULL, *CApath = NULL, *CAstore = NULL, *prog = NULL; - char *certfile = NULL, *keyfile = NULL, *contfile = NULL; - char *infile = NULL, *outfile = NULL, *signerfile = NULL, *recipfile = NULL; - char *passinarg = NULL, *passin = NULL, *to = NULL, *from = NULL; - char *subject = NULL, *digestname = NULL, *ciphername = NULL; - OPTION_CHOICE o; - int noCApath = 0, noCAfile = 0, noCAstore = 0; - int flags = PKCS7_DETACHED, operation = 0, ret = 0, indef = 0; - int informat = FORMAT_SMIME, outformat = FORMAT_SMIME, keyform = - FORMAT_UNDEF; - int vpmtouched = 0, rv = 0; - ENGINE *e = NULL; - const char *mime_eol = "\n"; - OSSL_LIB_CTX *libctx = app_get0_libctx(); - - if ((vpm = X509_VERIFY_PARAM_new()) == NULL) - return 1; - - prog = opt_init(argc, argv, smime_options); - while ((o = opt_next()) != OPT_EOF) { - switch (o) { - case OPT_EOF: - case OPT_ERR: - opthelp: - BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); - goto end; - case OPT_HELP: - opt_help(smime_options); - ret = 0; - goto end; - case OPT_INFORM: - if (!opt_format(opt_arg(), OPT_FMT_PDS, &informat)) - goto opthelp; - break; - case OPT_IN: - infile = opt_arg(); - break; - case OPT_OUTFORM: - if (!opt_format(opt_arg(), OPT_FMT_PDS, &outformat)) - goto opthelp; - break; - case OPT_OUT: - outfile = opt_arg(); - break; - case OPT_ENCRYPT: - operation = SMIME_ENCRYPT; - break; - case OPT_DECRYPT: - operation = SMIME_DECRYPT; - break; - case OPT_SIGN: - operation = SMIME_SIGN; - break; - case OPT_RESIGN: - operation = SMIME_RESIGN; - break; - case OPT_VERIFY: - operation = SMIME_VERIFY; - break; - case OPT_PK7OUT: - operation = SMIME_PK7OUT; - break; - case OPT_TEXT: - flags |= PKCS7_TEXT; - break; - case OPT_NOINTERN: - flags |= PKCS7_NOINTERN; - break; - case OPT_NOVERIFY: - flags |= PKCS7_NOVERIFY; - break; - case OPT_NOCHAIN: - flags |= PKCS7_NOCHAIN; - break; - case OPT_NOCERTS: - flags |= PKCS7_NOCERTS; - break; - case OPT_NOATTR: - flags |= PKCS7_NOATTR; - break; - case OPT_NODETACH: - flags &= ~PKCS7_DETACHED; - break; - case OPT_NOSMIMECAP: - flags |= PKCS7_NOSMIMECAP; - break; - case OPT_BINARY: - flags |= PKCS7_BINARY; - break; - case OPT_NOSIGS: - flags |= PKCS7_NOSIGS; - break; - case OPT_STREAM: - case OPT_INDEF: - indef = 1; - break; - case OPT_NOINDEF: - indef = 0; - break; - case OPT_CRLFEOL: - flags |= PKCS7_CRLFEOL; - mime_eol = "\r\n"; - break; - case OPT_R_CASES: - if (!opt_rand(o)) - goto end; - break; - case OPT_PROV_CASES: - if (!opt_provider(o)) - goto end; - break; - case OPT_CONFIG: - conf = app_load_config_modules(opt_arg()); - if (conf == NULL) - goto end; - break; - case OPT_ENGINE: - e = setup_engine(opt_arg(), 0); - break; - case OPT_PASSIN: - passinarg = opt_arg(); - break; - case OPT_TO: - to = opt_arg(); - break; - case OPT_FROM: - from = opt_arg(); - break; - case OPT_SUBJECT: - subject = opt_arg(); - break; - case OPT_SIGNER: - /* If previous -signer argument add signer to list */ - if (signerfile != NULL) { - if (sksigners == NULL - && (sksigners = sk_OPENSSL_STRING_new_null()) == NULL) - goto end; - sk_OPENSSL_STRING_push(sksigners, signerfile); - if (keyfile == NULL) - keyfile = signerfile; - if (skkeys == NULL - && (skkeys = sk_OPENSSL_STRING_new_null()) == NULL) - goto end; - sk_OPENSSL_STRING_push(skkeys, keyfile); - keyfile = NULL; - } - signerfile = opt_arg(); - break; - case OPT_RECIP: - recipfile = opt_arg(); - break; - case OPT_MD: - digestname = opt_arg(); - break; - case OPT_CIPHER: - ciphername = opt_unknown(); - break; - case OPT_INKEY: - /* If previous -inkey argument add signer to list */ - if (keyfile != NULL) { - if (signerfile == NULL) { - BIO_printf(bio_err, - "%s: Must have -signer before -inkey\n", prog); - goto opthelp; - } - if (sksigners == NULL - && (sksigners = sk_OPENSSL_STRING_new_null()) == NULL) - goto end; - sk_OPENSSL_STRING_push(sksigners, signerfile); - signerfile = NULL; - if (skkeys == NULL - && (skkeys = sk_OPENSSL_STRING_new_null()) == NULL) - goto end; - sk_OPENSSL_STRING_push(skkeys, keyfile); - } - keyfile = opt_arg(); - break; - case OPT_KEYFORM: - if (!opt_format(opt_arg(), OPT_FMT_ANY, &keyform)) - goto opthelp; - break; - case OPT_CERTFILE: - certfile = opt_arg(); - break; - case OPT_CAFILE: - CAfile = opt_arg(); - break; - case OPT_CAPATH: - CApath = opt_arg(); - break; - case OPT_CASTORE: - CAstore = opt_arg(); - break; - case OPT_NOCAFILE: - noCAfile = 1; - break; - case OPT_NOCAPATH: - noCApath = 1; - break; - case OPT_NOCASTORE: - noCAstore = 1; - break; - case OPT_CONTENT: - contfile = opt_arg(); - break; - case OPT_V_CASES: - if (!opt_verify(o, vpm)) - goto opthelp; - vpmtouched++; - break; - } - } - - /* Extra arguments are files with recipient keys. */ - argc = opt_num_rest(); - argv = opt_rest(); - - if (!app_RAND_load()) - goto end; - - if (digestname != NULL) { - if (!opt_md(digestname, &sign_md)) - goto opthelp; - } - if (ciphername != NULL) { - if (!opt_cipher_any(ciphername, &cipher)) - goto opthelp; - } - if (!(operation & SMIME_SIGNERS) && (skkeys != NULL || sksigners != NULL)) { - BIO_puts(bio_err, "Multiple signers or keys not allowed\n"); - goto opthelp; - } - if (!operation) { - BIO_puts(bio_err, - "No operation (-encrypt|-sign|...) specified\n"); - goto opthelp; - } - - if (operation & SMIME_SIGNERS) { - /* Check to see if any final signer needs to be appended */ - if (keyfile && !signerfile) { - BIO_puts(bio_err, "Illegal -inkey without -signer\n"); - goto opthelp; - } - if (signerfile != NULL) { - if (sksigners == NULL - && (sksigners = sk_OPENSSL_STRING_new_null()) == NULL) - goto end; - sk_OPENSSL_STRING_push(sksigners, signerfile); - if (!skkeys && (skkeys = sk_OPENSSL_STRING_new_null()) == NULL) - goto end; - if (!keyfile) - keyfile = signerfile; - sk_OPENSSL_STRING_push(skkeys, keyfile); - } - if (sksigners == NULL) { - BIO_printf(bio_err, "No signer certificate specified\n"); - goto opthelp; - } - signerfile = NULL; - keyfile = NULL; - } else if (operation == SMIME_DECRYPT) { - if (recipfile == NULL && keyfile == NULL) { - BIO_printf(bio_err, - "No recipient certificate or key specified\n"); - goto opthelp; - } - } else if (operation == SMIME_ENCRYPT) { - if (argc == 0) { - BIO_printf(bio_err, "No recipient(s) certificate(s) specified\n"); - goto opthelp; - } - } - - if (!app_passwd(passinarg, NULL, &passin, NULL)) { - BIO_printf(bio_err, "Error getting password\n"); - goto end; - } - - ret = 2; - - if (!(operation & SMIME_SIGNERS)) - flags &= ~PKCS7_DETACHED; - - if (!(operation & SMIME_OP)) { - if (flags & PKCS7_BINARY) - outformat = FORMAT_BINARY; - } - - if (!(operation & SMIME_IP)) { - if (flags & PKCS7_BINARY) - informat = FORMAT_BINARY; - } - - if (operation == SMIME_ENCRYPT) { - if (cipher == NULL) { -#ifndef OPENSSL_NO_DES - cipher = (EVP_CIPHER *)EVP_des_ede3_cbc(); -#else - BIO_printf(bio_err, "No cipher selected\n"); - goto end; -#endif - } - encerts = sk_X509_new_null(); - if (encerts == NULL) - goto end; - while (*argv != NULL) { - cert = load_cert(*argv, FORMAT_UNDEF, - "recipient certificate file"); - if (cert == NULL) - goto end; - sk_X509_push(encerts, cert); - cert = NULL; - argv++; - } - } - - if (certfile != NULL) { - if (!load_certs(certfile, 0, &other, NULL, "certificates")) { - ERR_print_errors(bio_err); - goto end; - } - } - - if (recipfile != NULL && (operation == SMIME_DECRYPT)) { - if ((recip = load_cert(recipfile, FORMAT_UNDEF, - "recipient certificate file")) == NULL) { - ERR_print_errors(bio_err); - goto end; - } - } - - if (operation == SMIME_DECRYPT) { - if (keyfile == NULL) - keyfile = recipfile; - } else if (operation == SMIME_SIGN) { - if (keyfile == NULL) - keyfile = signerfile; - } else { - keyfile = NULL; - } - - if (keyfile != NULL) { - key = load_key(keyfile, keyform, 0, passin, e, "signing key"); - if (key == NULL) - goto end; - } - - in = bio_open_default(infile, 'r', informat); - if (in == NULL) - goto end; - - if (operation & SMIME_IP) { - PKCS7 *p7_in = NULL; - - p7 = PKCS7_new_ex(libctx, app_get0_propq()); - if (p7 == NULL) { - BIO_printf(bio_err, "Error allocating PKCS7 object\n"); - goto end; - } - if (informat == FORMAT_SMIME) { - p7_in = SMIME_read_PKCS7_ex(in, &indata, &p7); - } else if (informat == FORMAT_PEM) { - p7_in = PEM_read_bio_PKCS7(in, &p7, NULL, NULL); - } else if (informat == FORMAT_ASN1) { - p7_in = d2i_PKCS7_bio(in, &p7); - } else { - BIO_printf(bio_err, "Bad input format for PKCS#7 file\n"); - goto end; - } - - if (p7_in == NULL) { - BIO_printf(bio_err, "Error reading S/MIME message\n"); - goto end; - } - if (contfile != NULL) { - BIO_free(indata); - if ((indata = BIO_new_file(contfile, "rb")) == NULL) { - BIO_printf(bio_err, "Can't read content file %s\n", contfile); - goto end; - } - } - } - - out = bio_open_default(outfile, 'w', outformat); - if (out == NULL) - goto end; - - if (operation == SMIME_VERIFY) { - if ((store = setup_verify(CAfile, noCAfile, CApath, noCApath, - CAstore, noCAstore)) == NULL) - goto end; - X509_STORE_set_verify_cb(store, smime_cb); - if (vpmtouched) - X509_STORE_set1_param(store, vpm); - } - - ret = 3; - - if (operation == SMIME_ENCRYPT) { - if (indef) - flags |= PKCS7_STREAM; - p7 = PKCS7_encrypt_ex(encerts, in, cipher, flags, libctx, app_get0_propq()); - } else if (operation & SMIME_SIGNERS) { - int i; - /* - * If detached data content we only enable streaming if S/MIME output - * format. - */ - if (operation == SMIME_SIGN) { - if (flags & PKCS7_DETACHED) { - if (outformat == FORMAT_SMIME) - flags |= PKCS7_STREAM; - } else if (indef) { - flags |= PKCS7_STREAM; - } - flags |= PKCS7_PARTIAL; - p7 = PKCS7_sign_ex(NULL, NULL, other, in, flags, libctx, app_get0_propq()); - if (p7 == NULL) - goto end; - if (flags & PKCS7_NOCERTS) { - for (i = 0; i < sk_X509_num(other); i++) { - X509 *x = sk_X509_value(other, i); - PKCS7_add_certificate(p7, x); - } - } - } else { - flags |= PKCS7_REUSE_DIGEST; - } - for (i = 0; i < sk_OPENSSL_STRING_num(sksigners); i++) { - signerfile = sk_OPENSSL_STRING_value(sksigners, i); - keyfile = sk_OPENSSL_STRING_value(skkeys, i); - signer = load_cert(signerfile, FORMAT_UNDEF, "signer certificate"); - if (signer == NULL) - goto end; - key = load_key(keyfile, keyform, 0, passin, e, "signing key"); - if (key == NULL) - goto end; - - if (!PKCS7_sign_add_signer(p7, signer, key, sign_md, flags)) - goto end; - X509_free(signer); - signer = NULL; - EVP_PKEY_free(key); - key = NULL; - } - /* If not streaming or resigning finalize structure */ - if ((operation == SMIME_SIGN) && !(flags & PKCS7_STREAM)) { - if (!PKCS7_final(p7, in, flags)) - goto end; - } - } - - if (p7 == NULL) { - BIO_printf(bio_err, "Error creating PKCS#7 structure\n"); - goto end; - } - - ret = 4; - if (operation == SMIME_DECRYPT) { - if (!PKCS7_decrypt(p7, key, recip, out, flags)) { - BIO_printf(bio_err, "Error decrypting PKCS#7 structure\n"); - goto end; - } - } else if (operation == SMIME_VERIFY) { - STACK_OF(X509) *signers; - if (PKCS7_verify(p7, other, store, indata, out, flags)) - BIO_printf(bio_err, "Verification successful\n"); - else { - BIO_printf(bio_err, "Verification failure\n"); - goto end; - } - signers = PKCS7_get0_signers(p7, other, flags); - if (!save_certs(signerfile, signers)) { - BIO_printf(bio_err, "Error writing signers to %s\n", signerfile); - ret = 5; - goto end; - } - sk_X509_free(signers); - } else if (operation == SMIME_PK7OUT) { - PEM_write_bio_PKCS7(out, p7); - } else { - if (to) - BIO_printf(out, "To: %s%s", to, mime_eol); - if (from) - BIO_printf(out, "From: %s%s", from, mime_eol); - if (subject) - BIO_printf(out, "Subject: %s%s", subject, mime_eol); - if (outformat == FORMAT_SMIME) { - if (operation == SMIME_RESIGN) - rv = SMIME_write_PKCS7(out, p7, indata, flags); - else - rv = SMIME_write_PKCS7(out, p7, in, flags); - } else if (outformat == FORMAT_PEM) { - rv = PEM_write_bio_PKCS7_stream(out, p7, in, flags); - } else if (outformat == FORMAT_ASN1) { - rv = i2d_PKCS7_bio_stream(out, p7, in, flags); - } else { - BIO_printf(bio_err, "Bad output format for PKCS#7 file\n"); - goto end; - } - if (rv == 0) { - BIO_printf(bio_err, "Error writing output\n"); - ret = 3; - goto end; - } - } - ret = 0; - end: - if (ret) - ERR_print_errors(bio_err); - sk_X509_pop_free(encerts, X509_free); - sk_X509_pop_free(other, X509_free); - X509_VERIFY_PARAM_free(vpm); - sk_OPENSSL_STRING_free(sksigners); - sk_OPENSSL_STRING_free(skkeys); - X509_STORE_free(store); - X509_free(cert); - X509_free(recip); - X509_free(signer); - EVP_PKEY_free(key); - EVP_MD_free(sign_md); - EVP_CIPHER_free(cipher); - PKCS7_free(p7); - release_engine(e); - BIO_free(in); - BIO_free(indata); - BIO_free_all(out); - OPENSSL_free(passin); - NCONF_free(conf); - return ret; -} - -static int save_certs(char *signerfile, STACK_OF(X509) *signers) -{ - int i; - BIO *tmp; - - if (signerfile == NULL) - return 1; - tmp = BIO_new_file(signerfile, "w"); - if (tmp == NULL) - return 0; - for (i = 0; i < sk_X509_num(signers); i++) - PEM_write_bio_X509(tmp, sk_X509_value(signers, i)); - BIO_free(tmp); - return 1; -} - -/* Minimal callback just to output policy info (if any) */ - -static int smime_cb(int ok, X509_STORE_CTX *ctx) -{ - int error; - - error = X509_STORE_CTX_get_error(ctx); - - if ((error != X509_V_ERR_NO_EXPLICIT_POLICY) - && ((error != X509_V_OK) || (ok != 2))) - return ok; - - policies_print(ctx); - - return ok; -} diff --git a/apps/speed.c b/apps/speed.c deleted file mode 100644 index d180a41f369f81f818fdd9f7c60052153c367353..0000000000000000000000000000000000000000 --- a/apps/speed.c +++ /dev/null @@ -1,3720 +0,0 @@ -/* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. - * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#undef SECONDS -#define SECONDS 3 -#define PKEY_SECONDS 10 - -#define RSA_SECONDS PKEY_SECONDS -#define DSA_SECONDS PKEY_SECONDS -#define ECDSA_SECONDS PKEY_SECONDS -#define ECDH_SECONDS PKEY_SECONDS -#define EdDSA_SECONDS PKEY_SECONDS -#define SM2_SECONDS PKEY_SECONDS -#define FFDH_SECONDS PKEY_SECONDS - -/* We need to use some deprecated APIs */ -#define OPENSSL_SUPPRESS_DEPRECATED - -#include -#include -#include -#include -#include "apps.h" -#include "progs.h" -#include "internal/numbers.h" -#include -#include -#include -#include -#include -#include -#include -#if !defined(OPENSSL_SYS_MSDOS) -# include -#endif - -#if defined(__TANDEM) -# if defined(OPENSSL_TANDEM_FLOSS) -# include -# endif -#endif - -#if defined(_WIN32) -# include -#endif - -#include -#include -#include "./testrsa.h" -#ifndef OPENSSL_NO_DH -# include -#endif -#include -#include -#include "./testdsa.h" -#include - -#ifndef HAVE_FORK -# if defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_VXWORKS) -# define HAVE_FORK 0 -# else -# define HAVE_FORK 1 -# include -# endif -#endif - -#if HAVE_FORK -# undef NO_FORK -#else -# define NO_FORK -#endif - -#define MAX_MISALIGNMENT 63 -#define MAX_ECDH_SIZE 256 -#define MISALIGN 64 -#define MAX_FFDH_SIZE 1024 - -#ifndef RSA_DEFAULT_PRIME_NUM -# define RSA_DEFAULT_PRIME_NUM 2 -#endif - -typedef struct openssl_speed_sec_st { - int sym; - int rsa; - int dsa; - int ecdsa; - int ecdh; - int eddsa; - int sm2; - int ffdh; -} openssl_speed_sec_t; - -static volatile int run = 0; - -static int mr = 0; /* machine-readeable output format to merge fork results */ -static int usertime = 1; - -static double Time_F(int s); -static void print_message(const char *s, long num, int length, int tm); -static void pkey_print_message(const char *str, const char *str2, - long num, unsigned int bits, int sec); -static void print_result(int alg, int run_no, int count, double time_used); -#ifndef NO_FORK -static int do_multi(int multi, int size_num); -#endif - -static const int lengths_list[] = { - 16, 64, 256, 1024, 8 * 1024, 16 * 1024 -}; -#define SIZE_NUM OSSL_NELEM(lengths_list) -static const int *lengths = lengths_list; - -static const int aead_lengths_list[] = { - 2, 31, 136, 1024, 8 * 1024, 16 * 1024 -}; - -#define START 0 -#define STOP 1 - -#ifdef SIGALRM - -static void alarmed(int sig) -{ - signal(SIGALRM, alarmed); - run = 0; -} - -static double Time_F(int s) -{ - double ret = app_tminterval(s, usertime); - if (s == STOP) - alarm(0); - return ret; -} - -#elif defined(_WIN32) - -# define SIGALRM -1 - -static unsigned int lapse; -static volatile unsigned int schlock; -static void alarm_win32(unsigned int secs) -{ - lapse = secs * 1000; -} - -# define alarm alarm_win32 - -static DWORD WINAPI sleepy(VOID * arg) -{ - schlock = 1; - Sleep(lapse); - run = 0; - return 0; -} - -static double Time_F(int s) -{ - double ret; - static HANDLE thr; - - if (s == START) { - schlock = 0; - thr = CreateThread(NULL, 4096, sleepy, NULL, 0, NULL); - if (thr == NULL) { - DWORD err = GetLastError(); - BIO_printf(bio_err, "unable to CreateThread (%lu)", err); - ExitProcess(err); - } - while (!schlock) - Sleep(0); /* scheduler spinlock */ - ret = app_tminterval(s, usertime); - } else { - ret = app_tminterval(s, usertime); - if (run) - TerminateThread(thr, 0); - CloseHandle(thr); - } - - return ret; -} -#else -# error "SIGALRM not defined and the platform is not Windows" -#endif - -static void multiblock_speed(const EVP_CIPHER *evp_cipher, int lengths_single, - const openssl_speed_sec_t *seconds); - -static int opt_found(const char *name, unsigned int *result, - const OPT_PAIR pairs[], unsigned int nbelem) -{ - unsigned int idx; - - for (idx = 0; idx < nbelem; ++idx, pairs++) - if (strcmp(name, pairs->name) == 0) { - *result = pairs->retval; - return 1; - } - return 0; -} -#define opt_found(value, pairs, result)\ - opt_found(value, result, pairs, OSSL_NELEM(pairs)) - -typedef enum OPTION_choice { - OPT_COMMON, - OPT_ELAPSED, OPT_EVP, OPT_HMAC, OPT_DECRYPT, OPT_ENGINE, OPT_MULTI, - OPT_MR, OPT_MB, OPT_MISALIGN, OPT_ASYNCJOBS, OPT_R_ENUM, OPT_PROV_ENUM, - OPT_PRIMES, OPT_SECONDS, OPT_BYTES, OPT_AEAD, OPT_CMAC -} OPTION_CHOICE; - -const OPTIONS speed_options[] = { - {OPT_HELP_STR, 1, '-', "Usage: %s [options] [algorithm...]\n"}, - - OPT_SECTION("General"), - {"help", OPT_HELP, '-', "Display this summary"}, - {"mb", OPT_MB, '-', - "Enable (tls1>=1) multi-block mode on EVP-named cipher"}, - {"mr", OPT_MR, '-', "Produce machine readable output"}, -#ifndef NO_FORK - {"multi", OPT_MULTI, 'p', "Run benchmarks in parallel"}, -#endif -#ifndef OPENSSL_NO_ASYNC - {"async_jobs", OPT_ASYNCJOBS, 'p', - "Enable async mode and start specified number of jobs"}, -#endif -#ifndef OPENSSL_NO_ENGINE - {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, -#endif - {"primes", OPT_PRIMES, 'p', "Specify number of primes (for RSA only)"}, - - OPT_SECTION("Selection"), - {"evp", OPT_EVP, 's', "Use EVP-named cipher or digest"}, - {"hmac", OPT_HMAC, 's', "HMAC using EVP-named digest"}, - {"cmac", OPT_CMAC, 's', "CMAC using EVP-named cipher"}, - {"decrypt", OPT_DECRYPT, '-', - "Time decryption instead of encryption (only EVP)"}, - {"aead", OPT_AEAD, '-', - "Benchmark EVP-named AEAD cipher in TLS-like sequence"}, - - OPT_SECTION("Timing"), - {"elapsed", OPT_ELAPSED, '-', - "Use wall-clock time instead of CPU user time as divisor"}, - {"seconds", OPT_SECONDS, 'p', - "Run benchmarks for specified amount of seconds"}, - {"bytes", OPT_BYTES, 'p', - "Run [non-PKI] benchmarks on custom-sized buffer"}, - {"misalign", OPT_MISALIGN, 'p', - "Use specified offset to mis-align buffers"}, - - OPT_R_OPTIONS, - OPT_PROV_OPTIONS, - - OPT_PARAMETERS(), - {"algorithm", 0, 0, "Algorithm(s) to test (optional; otherwise tests all)"}, - {NULL} -}; - -enum { - D_MD2, D_MDC2, D_MD4, D_MD5, D_SHA1, D_RMD160, - D_SHA256, D_SHA512, D_WHIRLPOOL, D_HMAC, - D_CBC_DES, D_EDE3_DES, D_RC4, D_CBC_IDEA, D_CBC_SEED, - D_CBC_RC2, D_CBC_RC5, D_CBC_BF, D_CBC_CAST, - D_CBC_128_AES, D_CBC_192_AES, D_CBC_256_AES, - D_CBC_128_CML, D_CBC_192_CML, D_CBC_256_CML, - D_EVP, D_GHASH, D_RAND, D_EVP_CMAC, ALGOR_NUM -}; -/* name of algorithms to test. MUST BE KEEP IN SYNC with above enum ! */ -static const char *names[ALGOR_NUM] = { - "md2", "mdc2", "md4", "md5", "sha1", "rmd160", - "sha256", "sha512", "whirlpool", "hmac(md5)", - "des-cbc", "des-ede3", "rc4", "idea-cbc", "seed-cbc", - "rc2-cbc", "rc5-cbc", "blowfish", "cast-cbc", - "aes-128-cbc", "aes-192-cbc", "aes-256-cbc", - "camellia-128-cbc", "camellia-192-cbc", "camellia-256-cbc", - "evp", "ghash", "rand", "cmac" -}; - -/* list of configured algorithm (remaining), with some few alias */ -static const OPT_PAIR doit_choices[] = { - {"md2", D_MD2}, - {"mdc2", D_MDC2}, - {"md4", D_MD4}, - {"md5", D_MD5}, - {"hmac", D_HMAC}, - {"sha1", D_SHA1}, - {"sha256", D_SHA256}, - {"sha512", D_SHA512}, - {"whirlpool", D_WHIRLPOOL}, - {"ripemd", D_RMD160}, - {"rmd160", D_RMD160}, - {"ripemd160", D_RMD160}, - {"rc4", D_RC4}, - {"des-cbc", D_CBC_DES}, - {"des-ede3", D_EDE3_DES}, - {"aes-128-cbc", D_CBC_128_AES}, - {"aes-192-cbc", D_CBC_192_AES}, - {"aes-256-cbc", D_CBC_256_AES}, - {"camellia-128-cbc", D_CBC_128_CML}, - {"camellia-192-cbc", D_CBC_192_CML}, - {"camellia-256-cbc", D_CBC_256_CML}, - {"rc2-cbc", D_CBC_RC2}, - {"rc2", D_CBC_RC2}, - {"rc5-cbc", D_CBC_RC5}, - {"rc5", D_CBC_RC5}, - {"idea-cbc", D_CBC_IDEA}, - {"idea", D_CBC_IDEA}, - {"seed-cbc", D_CBC_SEED}, - {"seed", D_CBC_SEED}, - {"bf-cbc", D_CBC_BF}, - {"blowfish", D_CBC_BF}, - {"bf", D_CBC_BF}, - {"cast-cbc", D_CBC_CAST}, - {"cast", D_CBC_CAST}, - {"cast5", D_CBC_CAST}, - {"ghash", D_GHASH}, - {"rand", D_RAND} -}; - -static double results[ALGOR_NUM][SIZE_NUM]; - -enum { R_DSA_512, R_DSA_1024, R_DSA_2048, DSA_NUM }; -static const OPT_PAIR dsa_choices[DSA_NUM] = { - {"dsa512", R_DSA_512}, - {"dsa1024", R_DSA_1024}, - {"dsa2048", R_DSA_2048} -}; -static double dsa_results[DSA_NUM][2]; /* 2 ops: sign then verify */ - -enum { - R_RSA_512, R_RSA_1024, R_RSA_2048, R_RSA_3072, R_RSA_4096, R_RSA_7680, - R_RSA_15360, RSA_NUM -}; -static const OPT_PAIR rsa_choices[RSA_NUM] = { - {"rsa512", R_RSA_512}, - {"rsa1024", R_RSA_1024}, - {"rsa2048", R_RSA_2048}, - {"rsa3072", R_RSA_3072}, - {"rsa4096", R_RSA_4096}, - {"rsa7680", R_RSA_7680}, - {"rsa15360", R_RSA_15360} -}; - -static double rsa_results[RSA_NUM][2]; /* 2 ops: sign then verify */ - -#ifndef OPENSSL_NO_DH -enum ff_params_t { - R_FFDH_2048, R_FFDH_3072, R_FFDH_4096, R_FFDH_6144, R_FFDH_8192, FFDH_NUM -}; - -static const OPT_PAIR ffdh_choices[FFDH_NUM] = { - {"ffdh2048", R_FFDH_2048}, - {"ffdh3072", R_FFDH_3072}, - {"ffdh4096", R_FFDH_4096}, - {"ffdh6144", R_FFDH_6144}, - {"ffdh8192", R_FFDH_8192}, -}; - -static double ffdh_results[FFDH_NUM][1]; /* 1 op: derivation */ -#endif /* OPENSSL_NO_DH */ - -enum ec_curves_t { - R_EC_P160, R_EC_P192, R_EC_P224, R_EC_P256, R_EC_P384, R_EC_P521, -#ifndef OPENSSL_NO_EC2M - R_EC_K163, R_EC_K233, R_EC_K283, R_EC_K409, R_EC_K571, - R_EC_B163, R_EC_B233, R_EC_B283, R_EC_B409, R_EC_B571, -#endif - R_EC_BRP256R1, R_EC_BRP256T1, R_EC_BRP384R1, R_EC_BRP384T1, - R_EC_BRP512R1, R_EC_BRP512T1, ECDSA_NUM -}; -/* list of ecdsa curves */ -static const OPT_PAIR ecdsa_choices[ECDSA_NUM] = { - {"ecdsap160", R_EC_P160}, - {"ecdsap192", R_EC_P192}, - {"ecdsap224", R_EC_P224}, - {"ecdsap256", R_EC_P256}, - {"ecdsap384", R_EC_P384}, - {"ecdsap521", R_EC_P521}, -#ifndef OPENSSL_NO_EC2M - {"ecdsak163", R_EC_K163}, - {"ecdsak233", R_EC_K233}, - {"ecdsak283", R_EC_K283}, - {"ecdsak409", R_EC_K409}, - {"ecdsak571", R_EC_K571}, - {"ecdsab163", R_EC_B163}, - {"ecdsab233", R_EC_B233}, - {"ecdsab283", R_EC_B283}, - {"ecdsab409", R_EC_B409}, - {"ecdsab571", R_EC_B571}, -#endif - {"ecdsabrp256r1", R_EC_BRP256R1}, - {"ecdsabrp256t1", R_EC_BRP256T1}, - {"ecdsabrp384r1", R_EC_BRP384R1}, - {"ecdsabrp384t1", R_EC_BRP384T1}, - {"ecdsabrp512r1", R_EC_BRP512R1}, - {"ecdsabrp512t1", R_EC_BRP512T1} -}; -enum { R_EC_X25519 = ECDSA_NUM, R_EC_X448, EC_NUM }; -/* list of ecdh curves, extension of |ecdsa_choices| list above */ -static const OPT_PAIR ecdh_choices[EC_NUM] = { - {"ecdhp160", R_EC_P160}, - {"ecdhp192", R_EC_P192}, - {"ecdhp224", R_EC_P224}, - {"ecdhp256", R_EC_P256}, - {"ecdhp384", R_EC_P384}, - {"ecdhp521", R_EC_P521}, -#ifndef OPENSSL_NO_EC2M - {"ecdhk163", R_EC_K163}, - {"ecdhk233", R_EC_K233}, - {"ecdhk283", R_EC_K283}, - {"ecdhk409", R_EC_K409}, - {"ecdhk571", R_EC_K571}, - {"ecdhb163", R_EC_B163}, - {"ecdhb233", R_EC_B233}, - {"ecdhb283", R_EC_B283}, - {"ecdhb409", R_EC_B409}, - {"ecdhb571", R_EC_B571}, -#endif - {"ecdhbrp256r1", R_EC_BRP256R1}, - {"ecdhbrp256t1", R_EC_BRP256T1}, - {"ecdhbrp384r1", R_EC_BRP384R1}, - {"ecdhbrp384t1", R_EC_BRP384T1}, - {"ecdhbrp512r1", R_EC_BRP512R1}, - {"ecdhbrp512t1", R_EC_BRP512T1}, - {"ecdhx25519", R_EC_X25519}, - {"ecdhx448", R_EC_X448} -}; - -static double ecdh_results[EC_NUM][1]; /* 1 op: derivation */ -static double ecdsa_results[ECDSA_NUM][2]; /* 2 ops: sign then verify */ - -enum { R_EC_Ed25519, R_EC_Ed448, EdDSA_NUM }; -static const OPT_PAIR eddsa_choices[EdDSA_NUM] = { - {"ed25519", R_EC_Ed25519}, - {"ed448", R_EC_Ed448} - -}; -static double eddsa_results[EdDSA_NUM][2]; /* 2 ops: sign then verify */ - -#ifndef OPENSSL_NO_SM2 -enum { R_EC_CURVESM2, SM2_NUM }; -static const OPT_PAIR sm2_choices[SM2_NUM] = { - {"curveSM2", R_EC_CURVESM2} -}; -# define SM2_ID "TLSv1.3+GM+Cipher+Suite" -# define SM2_ID_LEN sizeof("TLSv1.3+GM+Cipher+Suite") - 1 -static double sm2_results[SM2_NUM][2]; /* 2 ops: sign then verify */ -#endif /* OPENSSL_NO_SM2 */ - -#define COND(unused_cond) (run && count < INT_MAX) -#define COUNT(d) (count) - -typedef struct loopargs_st { - ASYNC_JOB *inprogress_job; - ASYNC_WAIT_CTX *wait_ctx; - unsigned char *buf; - unsigned char *buf2; - unsigned char *buf_malloc; - unsigned char *buf2_malloc; - unsigned char *key; - size_t buflen; - size_t sigsize; - EVP_PKEY_CTX *rsa_sign_ctx[RSA_NUM]; - EVP_PKEY_CTX *rsa_verify_ctx[RSA_NUM]; - EVP_PKEY_CTX *dsa_sign_ctx[DSA_NUM]; - EVP_PKEY_CTX *dsa_verify_ctx[DSA_NUM]; - EVP_PKEY_CTX *ecdsa_sign_ctx[ECDSA_NUM]; - EVP_PKEY_CTX *ecdsa_verify_ctx[ECDSA_NUM]; - EVP_PKEY_CTX *ecdh_ctx[EC_NUM]; - EVP_MD_CTX *eddsa_ctx[EdDSA_NUM]; - EVP_MD_CTX *eddsa_ctx2[EdDSA_NUM]; -#ifndef OPENSSL_NO_SM2 - EVP_MD_CTX *sm2_ctx[SM2_NUM]; - EVP_MD_CTX *sm2_vfy_ctx[SM2_NUM]; - EVP_PKEY *sm2_pkey[SM2_NUM]; -#endif - unsigned char *secret_a; - unsigned char *secret_b; - size_t outlen[EC_NUM]; -#ifndef OPENSSL_NO_DH - EVP_PKEY_CTX *ffdh_ctx[FFDH_NUM]; - unsigned char *secret_ff_a; - unsigned char *secret_ff_b; -#endif - EVP_CIPHER_CTX *ctx; - EVP_MAC_CTX *mctx; -} loopargs_t; -static int run_benchmark(int async_jobs, int (*loop_function) (void *), - loopargs_t * loopargs); - -static unsigned int testnum; - -/* Nb of iterations to do per algorithm and key-size */ -static long c[ALGOR_NUM][SIZE_NUM]; - -static char *evp_mac_mdname = "md5"; -static char *evp_hmac_name = NULL; -static const char *evp_md_name = NULL; -static char *evp_mac_ciphername = "aes-128-cbc"; -static char *evp_cmac_name = NULL; - -static int have_md(const char *name) -{ - int ret = 0; - EVP_MD *md = NULL; - - if (opt_md_silent(name, &md)) { - EVP_MD_CTX *ctx = EVP_MD_CTX_new(); - - if (ctx != NULL && EVP_DigestInit(ctx, md) > 0) - ret = 1; - EVP_MD_CTX_free(ctx); - EVP_MD_free(md); - } - return ret; -} - -static int have_cipher(const char *name) -{ - int ret = 0; - EVP_CIPHER *cipher = NULL; - - if (opt_cipher_silent(name, &cipher)) { - EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new(); - - if (ctx != NULL - && EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, 1) > 0) - ret = 1; - EVP_CIPHER_CTX_free(ctx); - EVP_CIPHER_free(cipher); - } - return ret; -} - -static int EVP_Digest_loop(const char *mdname, int algindex, void *args) -{ - loopargs_t *tempargs = *(loopargs_t **) args; - unsigned char *buf = tempargs->buf; - unsigned char digest[EVP_MAX_MD_SIZE]; - int count; - EVP_MD *md = NULL; - - if (!opt_md_silent(mdname, &md)) - return -1; - for (count = 0; COND(c[algindex][testnum]); count++) { - if (!EVP_Digest(buf, (size_t)lengths[testnum], digest, NULL, md, - NULL)) { - count = -1; - break; - } - } - EVP_MD_free(md); - return count; -} - -static int EVP_Digest_md_loop(void *args) -{ - return EVP_Digest_loop(evp_md_name, D_EVP, args); -} - -static int EVP_Digest_MD2_loop(void *args) -{ - return EVP_Digest_loop("md2", D_MD2, args); -} - -static int EVP_Digest_MDC2_loop(void *args) -{ - return EVP_Digest_loop("mdc2", D_MDC2, args); -} - -static int EVP_Digest_MD4_loop(void *args) -{ - return EVP_Digest_loop("md4", D_MD4, args); -} - -static int MD5_loop(void *args) -{ - return EVP_Digest_loop("md5", D_MD5, args); -} - -static int EVP_MAC_loop(int algindex, void *args) -{ - loopargs_t *tempargs = *(loopargs_t **) args; - unsigned char *buf = tempargs->buf; - EVP_MAC_CTX *mctx = tempargs->mctx; - unsigned char mac[EVP_MAX_MD_SIZE]; - int count; - - for (count = 0; COND(c[algindex][testnum]); count++) { - size_t outl; - - if (!EVP_MAC_init(mctx, NULL, 0, NULL) - || !EVP_MAC_update(mctx, buf, lengths[testnum]) - || !EVP_MAC_final(mctx, mac, &outl, sizeof(mac))) - return -1; - } - return count; -} - -static int HMAC_loop(void *args) -{ - return EVP_MAC_loop(D_HMAC, args); -} - -static int CMAC_loop(void *args) -{ - return EVP_MAC_loop(D_EVP_CMAC, args); -} - -static int SHA1_loop(void *args) -{ - return EVP_Digest_loop("sha1", D_SHA1, args); -} - -static int SHA256_loop(void *args) -{ - return EVP_Digest_loop("sha256", D_SHA256, args); -} - -static int SHA512_loop(void *args) -{ - return EVP_Digest_loop("sha512", D_SHA512, args); -} - -static int WHIRLPOOL_loop(void *args) -{ - return EVP_Digest_loop("whirlpool", D_WHIRLPOOL, args); -} - -static int EVP_Digest_RMD160_loop(void *args) -{ - return EVP_Digest_loop("ripemd160", D_RMD160, args); -} - -static int algindex; - -static int EVP_Cipher_loop(void *args) -{ - loopargs_t *tempargs = *(loopargs_t **) args; - unsigned char *buf = tempargs->buf; - int count; - - if (tempargs->ctx == NULL) - return -1; - for (count = 0; COND(c[algindex][testnum]); count++) - if (EVP_Cipher(tempargs->ctx, buf, buf, (size_t)lengths[testnum]) <= 0) - return -1; - return count; -} - -static int GHASH_loop(void *args) -{ - loopargs_t *tempargs = *(loopargs_t **) args; - unsigned char *buf = tempargs->buf; - EVP_MAC_CTX *mctx = tempargs->mctx; - int count; - - /* just do the update in the loop to be comparable with 1.1.1 */ - for (count = 0; COND(c[D_GHASH][testnum]); count++) { - if (!EVP_MAC_update(mctx, buf, lengths[testnum])) - return -1; - } - return count; -} - -#define MAX_BLOCK_SIZE 128 - -static unsigned char iv[2 * MAX_BLOCK_SIZE / 8]; - -static EVP_CIPHER_CTX *init_evp_cipher_ctx(const char *ciphername, - const unsigned char *key, - int keylen) -{ - EVP_CIPHER_CTX *ctx = NULL; - EVP_CIPHER *cipher = NULL; - - if (!opt_cipher_silent(ciphername, &cipher)) - return NULL; - - if ((ctx = EVP_CIPHER_CTX_new()) == NULL) - goto end; - - if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, 1)) { - EVP_CIPHER_CTX_free(ctx); - ctx = NULL; - goto end; - } - - if (EVP_CIPHER_CTX_set_key_length(ctx, keylen) <= 0) { - EVP_CIPHER_CTX_free(ctx); - ctx = NULL; - goto end; - } - - if (!EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, 1)) { - EVP_CIPHER_CTX_free(ctx); - ctx = NULL; - goto end; - } - -end: - EVP_CIPHER_free(cipher); - return ctx; -} - -static int RAND_bytes_loop(void *args) -{ - loopargs_t *tempargs = *(loopargs_t **) args; - unsigned char *buf = tempargs->buf; - int count; - - for (count = 0; COND(c[D_RAND][testnum]); count++) - RAND_bytes(buf, lengths[testnum]); - return count; -} - -static int decrypt = 0; -static int EVP_Update_loop(void *args) -{ - loopargs_t *tempargs = *(loopargs_t **) args; - unsigned char *buf = tempargs->buf; - EVP_CIPHER_CTX *ctx = tempargs->ctx; - int outl, count, rc; - - if (decrypt) { - for (count = 0; COND(c[D_EVP][testnum]); count++) { - rc = EVP_DecryptUpdate(ctx, buf, &outl, buf, lengths[testnum]); - if (rc != 1) { - /* reset iv in case of counter overflow */ - EVP_CipherInit_ex(ctx, NULL, NULL, NULL, iv, -1); - } - } - } else { - for (count = 0; COND(c[D_EVP][testnum]); count++) { - rc = EVP_EncryptUpdate(ctx, buf, &outl, buf, lengths[testnum]); - if (rc != 1) { - /* reset iv in case of counter overflow */ - EVP_CipherInit_ex(ctx, NULL, NULL, NULL, iv, -1); - } - } - } - if (decrypt) - EVP_DecryptFinal_ex(ctx, buf, &outl); - else - EVP_EncryptFinal_ex(ctx, buf, &outl); - return count; -} - -/* - * CCM does not support streaming. For the purpose of performance measurement, - * each message is encrypted using the same (key,iv)-pair. Do not use this - * code in your application. - */ -static int EVP_Update_loop_ccm(void *args) -{ - loopargs_t *tempargs = *(loopargs_t **) args; - unsigned char *buf = tempargs->buf; - EVP_CIPHER_CTX *ctx = tempargs->ctx; - int outl, count; - unsigned char tag[12]; - - if (decrypt) { - for (count = 0; COND(c[D_EVP][testnum]); count++) { - (void)EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, sizeof(tag), - tag); - /* reset iv */ - (void)EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, iv); - /* counter is reset on every update */ - (void)EVP_DecryptUpdate(ctx, buf, &outl, buf, lengths[testnum]); - } - } else { - for (count = 0; COND(c[D_EVP][testnum]); count++) { - /* restore iv length field */ - (void)EVP_EncryptUpdate(ctx, NULL, &outl, NULL, lengths[testnum]); - /* counter is reset on every update */ - (void)EVP_EncryptUpdate(ctx, buf, &outl, buf, lengths[testnum]); - } - } - if (decrypt) - (void)EVP_DecryptFinal_ex(ctx, buf, &outl); - else - (void)EVP_EncryptFinal_ex(ctx, buf, &outl); - return count; -} - -/* - * To make AEAD benchmarking more relevant perform TLS-like operations, - * 13-byte AAD followed by payload. But don't use TLS-formatted AAD, as - * payload length is not actually limited by 16KB... - */ -static int EVP_Update_loop_aead(void *args) -{ - loopargs_t *tempargs = *(loopargs_t **) args; - unsigned char *buf = tempargs->buf; - EVP_CIPHER_CTX *ctx = tempargs->ctx; - int outl, count; - unsigned char aad[13] = { 0xcc }; - unsigned char faketag[16] = { 0xcc }; - - if (decrypt) { - for (count = 0; COND(c[D_EVP][testnum]); count++) { - (void)EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, iv); - (void)EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, - sizeof(faketag), faketag); - (void)EVP_DecryptUpdate(ctx, NULL, &outl, aad, sizeof(aad)); - (void)EVP_DecryptUpdate(ctx, buf, &outl, buf, lengths[testnum]); - (void)EVP_DecryptFinal_ex(ctx, buf + outl, &outl); - } - } else { - for (count = 0; COND(c[D_EVP][testnum]); count++) { - (void)EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv); - (void)EVP_EncryptUpdate(ctx, NULL, &outl, aad, sizeof(aad)); - (void)EVP_EncryptUpdate(ctx, buf, &outl, buf, lengths[testnum]); - (void)EVP_EncryptFinal_ex(ctx, buf + outl, &outl); - } - } - return count; -} - -static long rsa_c[RSA_NUM][2]; /* # RSA iteration test */ - -static int RSA_sign_loop(void *args) -{ - loopargs_t *tempargs = *(loopargs_t **) args; - unsigned char *buf = tempargs->buf; - unsigned char *buf2 = tempargs->buf2; - size_t *rsa_num = &tempargs->sigsize; - EVP_PKEY_CTX **rsa_sign_ctx = tempargs->rsa_sign_ctx; - int ret, count; - - for (count = 0; COND(rsa_c[testnum][0]); count++) { - *rsa_num = tempargs->buflen; - ret = EVP_PKEY_sign(rsa_sign_ctx[testnum], buf2, rsa_num, buf, 36); - if (ret <= 0) { - BIO_printf(bio_err, "RSA sign failure\n"); - ERR_print_errors(bio_err); - count = -1; - break; - } - } - return count; -} - -static int RSA_verify_loop(void *args) -{ - loopargs_t *tempargs = *(loopargs_t **) args; - unsigned char *buf = tempargs->buf; - unsigned char *buf2 = tempargs->buf2; - size_t rsa_num = tempargs->sigsize; - EVP_PKEY_CTX **rsa_verify_ctx = tempargs->rsa_verify_ctx; - int ret, count; - - for (count = 0; COND(rsa_c[testnum][1]); count++) { - ret = EVP_PKEY_verify(rsa_verify_ctx[testnum], buf2, rsa_num, buf, 36); - if (ret <= 0) { - BIO_printf(bio_err, "RSA verify failure\n"); - ERR_print_errors(bio_err); - count = -1; - break; - } - } - return count; -} - -#ifndef OPENSSL_NO_DH -static long ffdh_c[FFDH_NUM][1]; - -static int FFDH_derive_key_loop(void *args) -{ - loopargs_t *tempargs = *(loopargs_t **) args; - EVP_PKEY_CTX *ffdh_ctx = tempargs->ffdh_ctx[testnum]; - unsigned char *derived_secret = tempargs->secret_ff_a; - int count; - - for (count = 0; COND(ffdh_c[testnum][0]); count++) { - /* outlen can be overwritten with a too small value (no padding used) */ - size_t outlen = MAX_FFDH_SIZE; - - EVP_PKEY_derive(ffdh_ctx, derived_secret, &outlen); - } - return count; -} -#endif /* OPENSSL_NO_DH */ - -static long dsa_c[DSA_NUM][2]; -static int DSA_sign_loop(void *args) -{ - loopargs_t *tempargs = *(loopargs_t **) args; - unsigned char *buf = tempargs->buf; - unsigned char *buf2 = tempargs->buf2; - size_t *dsa_num = &tempargs->sigsize; - EVP_PKEY_CTX **dsa_sign_ctx = tempargs->dsa_sign_ctx; - int ret, count; - - for (count = 0; COND(dsa_c[testnum][0]); count++) { - *dsa_num = tempargs->buflen; - ret = EVP_PKEY_sign(dsa_sign_ctx[testnum], buf2, dsa_num, buf, 20); - if (ret <= 0) { - BIO_printf(bio_err, "DSA sign failure\n"); - ERR_print_errors(bio_err); - count = -1; - break; - } - } - return count; -} - -static int DSA_verify_loop(void *args) -{ - loopargs_t *tempargs = *(loopargs_t **) args; - unsigned char *buf = tempargs->buf; - unsigned char *buf2 = tempargs->buf2; - size_t dsa_num = tempargs->sigsize; - EVP_PKEY_CTX **dsa_verify_ctx = tempargs->dsa_verify_ctx; - int ret, count; - - for (count = 0; COND(dsa_c[testnum][1]); count++) { - ret = EVP_PKEY_verify(dsa_verify_ctx[testnum], buf2, dsa_num, buf, 20); - if (ret <= 0) { - BIO_printf(bio_err, "DSA verify failure\n"); - ERR_print_errors(bio_err); - count = -1; - break; - } - } - return count; -} - -static long ecdsa_c[ECDSA_NUM][2]; -static int ECDSA_sign_loop(void *args) -{ - loopargs_t *tempargs = *(loopargs_t **) args; - unsigned char *buf = tempargs->buf; - unsigned char *buf2 = tempargs->buf2; - size_t *ecdsa_num = &tempargs->sigsize; - EVP_PKEY_CTX **ecdsa_sign_ctx = tempargs->ecdsa_sign_ctx; - int ret, count; - - for (count = 0; COND(ecdsa_c[testnum][0]); count++) { - *ecdsa_num = tempargs->buflen; - ret = EVP_PKEY_sign(ecdsa_sign_ctx[testnum], buf2, ecdsa_num, buf, 20); - if (ret <= 0) { - BIO_printf(bio_err, "ECDSA sign failure\n"); - ERR_print_errors(bio_err); - count = -1; - break; - } - } - return count; -} - -static int ECDSA_verify_loop(void *args) -{ - loopargs_t *tempargs = *(loopargs_t **) args; - unsigned char *buf = tempargs->buf; - unsigned char *buf2 = tempargs->buf2; - size_t ecdsa_num = tempargs->sigsize; - EVP_PKEY_CTX **ecdsa_verify_ctx = tempargs->ecdsa_verify_ctx; - int ret, count; - - for (count = 0; COND(ecdsa_c[testnum][1]); count++) { - ret = EVP_PKEY_verify(ecdsa_verify_ctx[testnum], buf2, ecdsa_num, - buf, 20); - if (ret <= 0) { - BIO_printf(bio_err, "ECDSA verify failure\n"); - ERR_print_errors(bio_err); - count = -1; - break; - } - } - return count; -} - -/* ******************************************************************** */ -static long ecdh_c[EC_NUM][1]; - -static int ECDH_EVP_derive_key_loop(void *args) -{ - loopargs_t *tempargs = *(loopargs_t **) args; - EVP_PKEY_CTX *ctx = tempargs->ecdh_ctx[testnum]; - unsigned char *derived_secret = tempargs->secret_a; - int count; - size_t *outlen = &(tempargs->outlen[testnum]); - - for (count = 0; COND(ecdh_c[testnum][0]); count++) - EVP_PKEY_derive(ctx, derived_secret, outlen); - - return count; -} - -static long eddsa_c[EdDSA_NUM][2]; -static int EdDSA_sign_loop(void *args) -{ - loopargs_t *tempargs = *(loopargs_t **) args; - unsigned char *buf = tempargs->buf; - EVP_MD_CTX **edctx = tempargs->eddsa_ctx; - unsigned char *eddsasig = tempargs->buf2; - size_t *eddsasigsize = &tempargs->sigsize; - int ret, count; - - for (count = 0; COND(eddsa_c[testnum][0]); count++) { - ret = EVP_DigestSign(edctx[testnum], eddsasig, eddsasigsize, buf, 20); - if (ret == 0) { - BIO_printf(bio_err, "EdDSA sign failure\n"); - ERR_print_errors(bio_err); - count = -1; - break; - } - } - return count; -} - -static int EdDSA_verify_loop(void *args) -{ - loopargs_t *tempargs = *(loopargs_t **) args; - unsigned char *buf = tempargs->buf; - EVP_MD_CTX **edctx = tempargs->eddsa_ctx2; - unsigned char *eddsasig = tempargs->buf2; - size_t eddsasigsize = tempargs->sigsize; - int ret, count; - - for (count = 0; COND(eddsa_c[testnum][1]); count++) { - ret = EVP_DigestVerify(edctx[testnum], eddsasig, eddsasigsize, buf, 20); - if (ret != 1) { - BIO_printf(bio_err, "EdDSA verify failure\n"); - ERR_print_errors(bio_err); - count = -1; - break; - } - } - return count; -} - -#ifndef OPENSSL_NO_SM2 -static long sm2_c[SM2_NUM][2]; -static int SM2_sign_loop(void *args) -{ - loopargs_t *tempargs = *(loopargs_t **) args; - unsigned char *buf = tempargs->buf; - EVP_MD_CTX **sm2ctx = tempargs->sm2_ctx; - unsigned char *sm2sig = tempargs->buf2; - size_t sm2sigsize; - int ret, count; - EVP_PKEY **sm2_pkey = tempargs->sm2_pkey; - const size_t max_size = EVP_PKEY_get_size(sm2_pkey[testnum]); - - for (count = 0; COND(sm2_c[testnum][0]); count++) { - sm2sigsize = max_size; - - if (!EVP_DigestSignInit(sm2ctx[testnum], NULL, EVP_sm3(), - NULL, sm2_pkey[testnum])) { - BIO_printf(bio_err, "SM2 init sign failure\n"); - ERR_print_errors(bio_err); - count = -1; - break; - } - ret = EVP_DigestSign(sm2ctx[testnum], sm2sig, &sm2sigsize, - buf, 20); - if (ret == 0) { - BIO_printf(bio_err, "SM2 sign failure\n"); - ERR_print_errors(bio_err); - count = -1; - break; - } - /* update the latest returned size and always use the fixed buffer size */ - tempargs->sigsize = sm2sigsize; - } - - return count; -} - -static int SM2_verify_loop(void *args) -{ - loopargs_t *tempargs = *(loopargs_t **) args; - unsigned char *buf = tempargs->buf; - EVP_MD_CTX **sm2ctx = tempargs->sm2_vfy_ctx; - unsigned char *sm2sig = tempargs->buf2; - size_t sm2sigsize = tempargs->sigsize; - int ret, count; - EVP_PKEY **sm2_pkey = tempargs->sm2_pkey; - - for (count = 0; COND(sm2_c[testnum][1]); count++) { - if (!EVP_DigestVerifyInit(sm2ctx[testnum], NULL, EVP_sm3(), - NULL, sm2_pkey[testnum])) { - BIO_printf(bio_err, "SM2 verify init failure\n"); - ERR_print_errors(bio_err); - count = -1; - break; - } - ret = EVP_DigestVerify(sm2ctx[testnum], sm2sig, sm2sigsize, - buf, 20); - if (ret != 1) { - BIO_printf(bio_err, "SM2 verify failure\n"); - ERR_print_errors(bio_err); - count = -1; - break; - } - } - return count; -} -#endif /* OPENSSL_NO_SM2 */ - -static int run_benchmark(int async_jobs, - int (*loop_function) (void *), loopargs_t * loopargs) -{ - int job_op_count = 0; - int total_op_count = 0; - int num_inprogress = 0; - int error = 0, i = 0, ret = 0; - OSSL_ASYNC_FD job_fd = 0; - size_t num_job_fds = 0; - - if (async_jobs == 0) { - return loop_function((void *)&loopargs); - } - - for (i = 0; i < async_jobs && !error; i++) { - loopargs_t *looparg_item = loopargs + i; - - /* Copy pointer content (looparg_t item address) into async context */ - ret = ASYNC_start_job(&loopargs[i].inprogress_job, loopargs[i].wait_ctx, - &job_op_count, loop_function, - (void *)&looparg_item, sizeof(looparg_item)); - switch (ret) { - case ASYNC_PAUSE: - ++num_inprogress; - break; - case ASYNC_FINISH: - if (job_op_count == -1) { - error = 1; - } else { - total_op_count += job_op_count; - } - break; - case ASYNC_NO_JOBS: - case ASYNC_ERR: - BIO_printf(bio_err, "Failure in the job\n"); - ERR_print_errors(bio_err); - error = 1; - break; - } - } - - while (num_inprogress > 0) { -#if defined(OPENSSL_SYS_WINDOWS) - DWORD avail = 0; -#elif defined(OPENSSL_SYS_UNIX) - int select_result = 0; - OSSL_ASYNC_FD max_fd = 0; - fd_set waitfdset; - - FD_ZERO(&waitfdset); - - for (i = 0; i < async_jobs && num_inprogress > 0; i++) { - if (loopargs[i].inprogress_job == NULL) - continue; - - if (!ASYNC_WAIT_CTX_get_all_fds - (loopargs[i].wait_ctx, NULL, &num_job_fds) - || num_job_fds > 1) { - BIO_printf(bio_err, "Too many fds in ASYNC_WAIT_CTX\n"); - ERR_print_errors(bio_err); - error = 1; - break; - } - ASYNC_WAIT_CTX_get_all_fds(loopargs[i].wait_ctx, &job_fd, - &num_job_fds); - FD_SET(job_fd, &waitfdset); - if (job_fd > max_fd) - max_fd = job_fd; - } - - if (max_fd >= (OSSL_ASYNC_FD)FD_SETSIZE) { - BIO_printf(bio_err, - "Error: max_fd (%d) must be smaller than FD_SETSIZE (%d). " - "Decrease the value of async_jobs\n", - max_fd, FD_SETSIZE); - ERR_print_errors(bio_err); - error = 1; - break; - } - - select_result = select(max_fd + 1, &waitfdset, NULL, NULL, NULL); - if (select_result == -1 && errno == EINTR) - continue; - - if (select_result == -1) { - BIO_printf(bio_err, "Failure in the select\n"); - ERR_print_errors(bio_err); - error = 1; - break; - } - - if (select_result == 0) - continue; -#endif - - for (i = 0; i < async_jobs; i++) { - if (loopargs[i].inprogress_job == NULL) - continue; - - if (!ASYNC_WAIT_CTX_get_all_fds - (loopargs[i].wait_ctx, NULL, &num_job_fds) - || num_job_fds > 1) { - BIO_printf(bio_err, "Too many fds in ASYNC_WAIT_CTX\n"); - ERR_print_errors(bio_err); - error = 1; - break; - } - ASYNC_WAIT_CTX_get_all_fds(loopargs[i].wait_ctx, &job_fd, - &num_job_fds); - -#if defined(OPENSSL_SYS_UNIX) - if (num_job_fds == 1 && !FD_ISSET(job_fd, &waitfdset)) - continue; -#elif defined(OPENSSL_SYS_WINDOWS) - if (num_job_fds == 1 - && !PeekNamedPipe(job_fd, NULL, 0, NULL, &avail, NULL) - && avail > 0) - continue; -#endif - - ret = ASYNC_start_job(&loopargs[i].inprogress_job, - loopargs[i].wait_ctx, &job_op_count, - loop_function, (void *)(loopargs + i), - sizeof(loopargs_t)); - switch (ret) { - case ASYNC_PAUSE: - break; - case ASYNC_FINISH: - if (job_op_count == -1) { - error = 1; - } else { - total_op_count += job_op_count; - } - --num_inprogress; - loopargs[i].inprogress_job = NULL; - break; - case ASYNC_NO_JOBS: - case ASYNC_ERR: - --num_inprogress; - loopargs[i].inprogress_job = NULL; - BIO_printf(bio_err, "Failure in the job\n"); - ERR_print_errors(bio_err); - error = 1; - break; - } - } - } - - return error ? -1 : total_op_count; -} - -typedef struct ec_curve_st { - const char *name; - unsigned int nid; - unsigned int bits; - size_t sigsize; /* only used for EdDSA curves */ -} EC_CURVE; - -static EVP_PKEY *get_ecdsa(const EC_CURVE *curve) -{ - EVP_PKEY_CTX *kctx = NULL; - EVP_PKEY *key = NULL; - - /* Ensure that the error queue is empty */ - if (ERR_peek_error()) { - BIO_printf(bio_err, - "WARNING: the error queue contains previous unhandled errors.\n"); - ERR_print_errors(bio_err); - } - - /* - * Let's try to create a ctx directly from the NID: this works for - * curves like Curve25519 that are not implemented through the low - * level EC interface. - * If this fails we try creating a EVP_PKEY_EC generic param ctx, - * then we set the curve by NID before deriving the actual keygen - * ctx for that specific curve. - */ - kctx = EVP_PKEY_CTX_new_id(curve->nid, NULL); - if (kctx == NULL) { - EVP_PKEY_CTX *pctx = NULL; - EVP_PKEY *params = NULL; - /* - * If we reach this code EVP_PKEY_CTX_new_id() failed and a - * "int_ctx_new:unsupported algorithm" error was added to the - * error queue. - * We remove it from the error queue as we are handling it. - */ - unsigned long error = ERR_peek_error(); - - if (error == ERR_peek_last_error() /* oldest and latest errors match */ - /* check that the error origin matches */ - && ERR_GET_LIB(error) == ERR_LIB_EVP - && (ERR_GET_REASON(error) == EVP_R_UNSUPPORTED_ALGORITHM - || ERR_GET_REASON(error) == ERR_R_UNSUPPORTED)) - ERR_get_error(); /* pop error from queue */ - if (ERR_peek_error()) { - BIO_printf(bio_err, - "Unhandled error in the error queue during EC key setup.\n"); - ERR_print_errors(bio_err); - return NULL; - } - - /* Create the context for parameter generation */ - if ((pctx = EVP_PKEY_CTX_new_from_name(NULL, "EC", NULL)) == NULL - || EVP_PKEY_paramgen_init(pctx) <= 0 - || EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, - curve->nid) <= 0 - || EVP_PKEY_paramgen(pctx, ¶ms) <= 0) { - BIO_printf(bio_err, "EC params init failure.\n"); - ERR_print_errors(bio_err); - EVP_PKEY_CTX_free(pctx); - return NULL; - } - EVP_PKEY_CTX_free(pctx); - - /* Create the context for the key generation */ - kctx = EVP_PKEY_CTX_new(params, NULL); - EVP_PKEY_free(params); - } - if (kctx == NULL - || EVP_PKEY_keygen_init(kctx) <= 0 - || EVP_PKEY_keygen(kctx, &key) <= 0) { - BIO_printf(bio_err, "EC key generation failure.\n"); - ERR_print_errors(bio_err); - key = NULL; - } - EVP_PKEY_CTX_free(kctx); - return key; -} - -#define stop_it(do_it, test_num)\ - memset(do_it + test_num, 0, OSSL_NELEM(do_it) - test_num); - -int speed_main(int argc, char **argv) -{ - ENGINE *e = NULL; - loopargs_t *loopargs = NULL; - const char *prog; - const char *engine_id = NULL; - EVP_CIPHER *evp_cipher = NULL; - EVP_MAC *mac = NULL; - double d = 0.0; - OPTION_CHOICE o; - int async_init = 0, multiblock = 0, pr_header = 0; - uint8_t doit[ALGOR_NUM] = { 0 }; - int ret = 1, misalign = 0, lengths_single = 0, aead = 0; - long count = 0; - unsigned int size_num = SIZE_NUM; - unsigned int i, k, loopargs_len = 0, async_jobs = 0; - int keylen; - int buflen; - BIGNUM *bn = NULL; - EVP_PKEY_CTX *genctx = NULL; -#ifndef NO_FORK - int multi = 0; -#endif - long op_count = 1; - openssl_speed_sec_t seconds = { SECONDS, RSA_SECONDS, DSA_SECONDS, - ECDSA_SECONDS, ECDH_SECONDS, - EdDSA_SECONDS, SM2_SECONDS, - FFDH_SECONDS }; - - static const unsigned char key32[32] = { - 0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, - 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, - 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34, - 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34, 0x56 - }; - static const unsigned char deskey[] = { - 0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, /* key1 */ - 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, /* key2 */ - 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34 /* key3 */ - }; - static const struct { - const unsigned char *data; - unsigned int length; - unsigned int bits; - } rsa_keys[] = { - { test512, sizeof(test512), 512 }, - { test1024, sizeof(test1024), 1024 }, - { test2048, sizeof(test2048), 2048 }, - { test3072, sizeof(test3072), 3072 }, - { test4096, sizeof(test4096), 4096 }, - { test7680, sizeof(test7680), 7680 }, - { test15360, sizeof(test15360), 15360 } - }; - uint8_t rsa_doit[RSA_NUM] = { 0 }; - int primes = RSA_DEFAULT_PRIME_NUM; -#ifndef OPENSSL_NO_DH - typedef struct ffdh_params_st { - const char *name; - unsigned int nid; - unsigned int bits; - } FFDH_PARAMS; - - static const FFDH_PARAMS ffdh_params[FFDH_NUM] = { - {"ffdh2048", NID_ffdhe2048, 2048}, - {"ffdh3072", NID_ffdhe3072, 3072}, - {"ffdh4096", NID_ffdhe4096, 4096}, - {"ffdh6144", NID_ffdhe6144, 6144}, - {"ffdh8192", NID_ffdhe8192, 8192} - }; - uint8_t ffdh_doit[FFDH_NUM] = { 0 }; - -#endif /* OPENSSL_NO_DH */ - static const unsigned int dsa_bits[DSA_NUM] = { 512, 1024, 2048 }; - uint8_t dsa_doit[DSA_NUM] = { 0 }; - /* - * We only test over the following curves as they are representative, To - * add tests over more curves, simply add the curve NID and curve name to - * the following arrays and increase the |ecdh_choices| and |ecdsa_choices| - * lists accordingly. - */ - static const EC_CURVE ec_curves[EC_NUM] = { - /* Prime Curves */ - {"secp160r1", NID_secp160r1, 160}, - {"nistp192", NID_X9_62_prime192v1, 192}, - {"nistp224", NID_secp224r1, 224}, - {"nistp256", NID_X9_62_prime256v1, 256}, - {"nistp384", NID_secp384r1, 384}, - {"nistp521", NID_secp521r1, 521}, -#ifndef OPENSSL_NO_EC2M - /* Binary Curves */ - {"nistk163", NID_sect163k1, 163}, - {"nistk233", NID_sect233k1, 233}, - {"nistk283", NID_sect283k1, 283}, - {"nistk409", NID_sect409k1, 409}, - {"nistk571", NID_sect571k1, 571}, - {"nistb163", NID_sect163r2, 163}, - {"nistb233", NID_sect233r1, 233}, - {"nistb283", NID_sect283r1, 283}, - {"nistb409", NID_sect409r1, 409}, - {"nistb571", NID_sect571r1, 571}, -#endif - {"brainpoolP256r1", NID_brainpoolP256r1, 256}, - {"brainpoolP256t1", NID_brainpoolP256t1, 256}, - {"brainpoolP384r1", NID_brainpoolP384r1, 384}, - {"brainpoolP384t1", NID_brainpoolP384t1, 384}, - {"brainpoolP512r1", NID_brainpoolP512r1, 512}, - {"brainpoolP512t1", NID_brainpoolP512t1, 512}, - /* Other and ECDH only ones */ - {"X25519", NID_X25519, 253}, - {"X448", NID_X448, 448} - }; - static const EC_CURVE ed_curves[EdDSA_NUM] = { - /* EdDSA */ - {"Ed25519", NID_ED25519, 253, 64}, - {"Ed448", NID_ED448, 456, 114} - }; -#ifndef OPENSSL_NO_SM2 - static const EC_CURVE sm2_curves[SM2_NUM] = { - /* SM2 */ - {"CurveSM2", NID_sm2, 256} - }; - uint8_t sm2_doit[SM2_NUM] = { 0 }; -#endif - uint8_t ecdsa_doit[ECDSA_NUM] = { 0 }; - uint8_t ecdh_doit[EC_NUM] = { 0 }; - uint8_t eddsa_doit[EdDSA_NUM] = { 0 }; - - /* checks declarated curves against choices list. */ - OPENSSL_assert(ed_curves[EdDSA_NUM - 1].nid == NID_ED448); - OPENSSL_assert(strcmp(eddsa_choices[EdDSA_NUM - 1].name, "ed448") == 0); - - OPENSSL_assert(ec_curves[EC_NUM - 1].nid == NID_X448); - OPENSSL_assert(strcmp(ecdh_choices[EC_NUM - 1].name, "ecdhx448") == 0); - - OPENSSL_assert(ec_curves[ECDSA_NUM - 1].nid == NID_brainpoolP512t1); - OPENSSL_assert(strcmp(ecdsa_choices[ECDSA_NUM - 1].name, "ecdsabrp512t1") == 0); - -#ifndef OPENSSL_NO_SM2 - OPENSSL_assert(sm2_curves[SM2_NUM - 1].nid == NID_sm2); - OPENSSL_assert(strcmp(sm2_choices[SM2_NUM - 1].name, "curveSM2") == 0); -#endif - - prog = opt_init(argc, argv, speed_options); - while ((o = opt_next()) != OPT_EOF) { - switch (o) { - case OPT_EOF: - case OPT_ERR: - opterr: - BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); - goto end; - case OPT_HELP: - opt_help(speed_options); - ret = 0; - goto end; - case OPT_ELAPSED: - usertime = 0; - break; - case OPT_EVP: - if (doit[D_EVP]) { - BIO_printf(bio_err, "%s: -evp option cannot be used more than once\n", prog); - goto opterr; - } - ERR_set_mark(); - if (!opt_cipher_silent(opt_arg(), &evp_cipher)) { - if (have_md(opt_arg())) - evp_md_name = opt_arg(); - } - if (evp_cipher == NULL && evp_md_name == NULL) { - ERR_clear_last_mark(); - BIO_printf(bio_err, - "%s: %s is an unknown cipher or digest\n", - prog, opt_arg()); - goto end; - } - ERR_pop_to_mark(); - doit[D_EVP] = 1; - break; - case OPT_HMAC: - if (!have_md(opt_arg())) { - BIO_printf(bio_err, "%s: %s is an unknown digest\n", - prog, opt_arg()); - goto end; - } - evp_mac_mdname = opt_arg(); - doit[D_HMAC] = 1; - break; - case OPT_CMAC: - if (!have_cipher(opt_arg())) { - BIO_printf(bio_err, "%s: %s is an unknown cipher\n", - prog, opt_arg()); - goto end; - } - evp_mac_ciphername = opt_arg(); - doit[D_EVP_CMAC] = 1; - break; - case OPT_DECRYPT: - decrypt = 1; - break; - case OPT_ENGINE: - /* - * In a forked execution, an engine might need to be - * initialised by each child process, not by the parent. - * So store the name here and run setup_engine() later on. - */ - engine_id = opt_arg(); - break; - case OPT_MULTI: -#ifndef NO_FORK - multi = atoi(opt_arg()); - if ((size_t)multi >= SIZE_MAX / sizeof(int)) { - BIO_printf(bio_err, "%s: multi argument too large\n", prog); - return 0; - } -#endif - break; - case OPT_ASYNCJOBS: -#ifndef OPENSSL_NO_ASYNC - async_jobs = atoi(opt_arg()); - if (!ASYNC_is_capable()) { - BIO_printf(bio_err, - "%s: async_jobs specified but async not supported\n", - prog); - goto opterr; - } - if (async_jobs > 99999) { - BIO_printf(bio_err, "%s: too many async_jobs\n", prog); - goto opterr; - } -#endif - break; - case OPT_MISALIGN: - misalign = opt_int_arg(); - if (misalign > MISALIGN) { - BIO_printf(bio_err, - "%s: Maximum offset is %d\n", prog, MISALIGN); - goto opterr; - } - break; - case OPT_MR: - mr = 1; - break; - case OPT_MB: - multiblock = 1; -#ifdef OPENSSL_NO_MULTIBLOCK - BIO_printf(bio_err, - "%s: -mb specified but multi-block support is disabled\n", - prog); - goto end; -#endif - break; - case OPT_R_CASES: - if (!opt_rand(o)) - goto end; - break; - case OPT_PROV_CASES: - if (!opt_provider(o)) - goto end; - break; - case OPT_PRIMES: - primes = opt_int_arg(); - break; - case OPT_SECONDS: - seconds.sym = seconds.rsa = seconds.dsa = seconds.ecdsa - = seconds.ecdh = seconds.eddsa - = seconds.sm2 = seconds.ffdh = atoi(opt_arg()); - break; - case OPT_BYTES: - lengths_single = atoi(opt_arg()); - lengths = &lengths_single; - size_num = 1; - break; - case OPT_AEAD: - aead = 1; - break; - } - } - - /* Remaining arguments are algorithms. */ - argc = opt_num_rest(); - argv = opt_rest(); - - if (!app_RAND_load()) - goto end; - - for (; *argv; argv++) { - const char *algo = *argv; - - if (opt_found(algo, doit_choices, &i)) { - doit[i] = 1; - continue; - } - if (strcmp(algo, "des") == 0) { - doit[D_CBC_DES] = doit[D_EDE3_DES] = 1; - continue; - } - if (strcmp(algo, "sha") == 0) { - doit[D_SHA1] = doit[D_SHA256] = doit[D_SHA512] = 1; - continue; - } -#ifndef OPENSSL_NO_DEPRECATED_3_0 - if (strcmp(algo, "openssl") == 0) /* just for compatibility */ - continue; -#endif - if (strncmp(algo, "rsa", 3) == 0) { - if (algo[3] == '\0') { - memset(rsa_doit, 1, sizeof(rsa_doit)); - continue; - } - if (opt_found(algo, rsa_choices, &i)) { - rsa_doit[i] = 1; - continue; - } - } -#ifndef OPENSSL_NO_DH - if (strncmp(algo, "ffdh", 4) == 0) { - if (algo[4] == '\0') { - memset(ffdh_doit, 1, sizeof(ffdh_doit)); - continue; - } - if (opt_found(algo, ffdh_choices, &i)) { - ffdh_doit[i] = 2; - continue; - } - } -#endif - if (strncmp(algo, "dsa", 3) == 0) { - if (algo[3] == '\0') { - memset(dsa_doit, 1, sizeof(dsa_doit)); - continue; - } - if (opt_found(algo, dsa_choices, &i)) { - dsa_doit[i] = 2; - continue; - } - } - if (strcmp(algo, "aes") == 0) { - doit[D_CBC_128_AES] = doit[D_CBC_192_AES] = doit[D_CBC_256_AES] = 1; - continue; - } - if (strcmp(algo, "camellia") == 0) { - doit[D_CBC_128_CML] = doit[D_CBC_192_CML] = doit[D_CBC_256_CML] = 1; - continue; - } - if (strncmp(algo, "ecdsa", 5) == 0) { - if (algo[5] == '\0') { - memset(ecdsa_doit, 1, sizeof(ecdsa_doit)); - continue; - } - if (opt_found(algo, ecdsa_choices, &i)) { - ecdsa_doit[i] = 2; - continue; - } - } - if (strncmp(algo, "ecdh", 4) == 0) { - if (algo[4] == '\0') { - memset(ecdh_doit, 1, sizeof(ecdh_doit)); - continue; - } - if (opt_found(algo, ecdh_choices, &i)) { - ecdh_doit[i] = 2; - continue; - } - } - if (strcmp(algo, "eddsa") == 0) { - memset(eddsa_doit, 1, sizeof(eddsa_doit)); - continue; - } - if (opt_found(algo, eddsa_choices, &i)) { - eddsa_doit[i] = 2; - continue; - } -#ifndef OPENSSL_NO_SM2 - if (strcmp(algo, "sm2") == 0) { - memset(sm2_doit, 1, sizeof(sm2_doit)); - continue; - } - if (opt_found(algo, sm2_choices, &i)) { - sm2_doit[i] = 2; - continue; - } -#endif - BIO_printf(bio_err, "%s: Unknown algorithm %s\n", prog, algo); - goto end; - } - - /* Sanity checks */ - if (aead) { - if (evp_cipher == NULL) { - BIO_printf(bio_err, "-aead can be used only with an AEAD cipher\n"); - goto end; - } else if (!(EVP_CIPHER_get_flags(evp_cipher) & - EVP_CIPH_FLAG_AEAD_CIPHER)) { - BIO_printf(bio_err, "%s is not an AEAD cipher\n", - EVP_CIPHER_get0_name(evp_cipher)); - goto end; - } - } - if (multiblock) { - if (evp_cipher == NULL) { - BIO_printf(bio_err, "-mb can be used only with a multi-block" - " capable cipher\n"); - goto end; - } else if (!(EVP_CIPHER_get_flags(evp_cipher) & - EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK)) { - BIO_printf(bio_err, "%s is not a multi-block capable\n", - EVP_CIPHER_get0_name(evp_cipher)); - goto end; - } else if (async_jobs > 0) { - BIO_printf(bio_err, "Async mode is not supported with -mb"); - goto end; - } - } - - /* Initialize the job pool if async mode is enabled */ - if (async_jobs > 0) { - async_init = ASYNC_init_thread(async_jobs, async_jobs); - if (!async_init) { - BIO_printf(bio_err, "Error creating the ASYNC job pool\n"); - goto end; - } - } - - loopargs_len = (async_jobs == 0 ? 1 : async_jobs); - loopargs = - app_malloc(loopargs_len * sizeof(loopargs_t), "array of loopargs"); - memset(loopargs, 0, loopargs_len * sizeof(loopargs_t)); - - for (i = 0; i < loopargs_len; i++) { - if (async_jobs > 0) { - loopargs[i].wait_ctx = ASYNC_WAIT_CTX_new(); - if (loopargs[i].wait_ctx == NULL) { - BIO_printf(bio_err, "Error creating the ASYNC_WAIT_CTX\n"); - goto end; - } - } - - buflen = lengths[size_num - 1]; - if (buflen < 36) /* size of random vector in RSA benchmark */ - buflen = 36; - if (INT_MAX - (MAX_MISALIGNMENT + 1) < buflen) { - BIO_printf(bio_err, "Error: buffer size too large\n"); - goto end; - } - buflen += MAX_MISALIGNMENT + 1; - loopargs[i].buf_malloc = app_malloc(buflen, "input buffer"); - loopargs[i].buf2_malloc = app_malloc(buflen, "input buffer"); - memset(loopargs[i].buf_malloc, 0, buflen); - memset(loopargs[i].buf2_malloc, 0, buflen); - - /* Align the start of buffers on a 64 byte boundary */ - loopargs[i].buf = loopargs[i].buf_malloc + misalign; - loopargs[i].buf2 = loopargs[i].buf2_malloc + misalign; - loopargs[i].buflen = buflen - misalign; - loopargs[i].sigsize = buflen - misalign; - loopargs[i].secret_a = app_malloc(MAX_ECDH_SIZE, "ECDH secret a"); - loopargs[i].secret_b = app_malloc(MAX_ECDH_SIZE, "ECDH secret b"); -#ifndef OPENSSL_NO_DH - loopargs[i].secret_ff_a = app_malloc(MAX_FFDH_SIZE, "FFDH secret a"); - loopargs[i].secret_ff_b = app_malloc(MAX_FFDH_SIZE, "FFDH secret b"); -#endif - } - -#ifndef NO_FORK - if (multi && do_multi(multi, size_num)) - goto show_res; -#endif - - /* Initialize the engine after the fork */ - e = setup_engine(engine_id, 0); - - /* No parameters; turn on everything. */ - if (argc == 0 && !doit[D_EVP] && !doit[D_HMAC] && !doit[D_EVP_CMAC]) { - memset(doit, 1, sizeof(doit)); - doit[D_EVP] = doit[D_EVP_CMAC] = 0; - ERR_set_mark(); - for (i = D_MD2; i <= D_WHIRLPOOL; i++) { - if (!have_md(names[i])) - doit[i] = 0; - } - for (i = D_CBC_DES; i <= D_CBC_256_CML; i++) { - if (!have_cipher(names[i])) - doit[i] = 0; - } - if ((mac = EVP_MAC_fetch(app_get0_libctx(), "GMAC", - app_get0_propq())) != NULL) { - EVP_MAC_free(mac); - mac = NULL; - } else { - doit[D_GHASH] = 0; - } - if ((mac = EVP_MAC_fetch(app_get0_libctx(), "HMAC", - app_get0_propq())) != NULL) { - EVP_MAC_free(mac); - mac = NULL; - } else { - doit[D_HMAC] = 0; - } - ERR_pop_to_mark(); - memset(rsa_doit, 1, sizeof(rsa_doit)); -#ifndef OPENSSL_NO_DH - memset(ffdh_doit, 1, sizeof(ffdh_doit)); -#endif - memset(dsa_doit, 1, sizeof(dsa_doit)); - memset(ecdsa_doit, 1, sizeof(ecdsa_doit)); - memset(ecdh_doit, 1, sizeof(ecdh_doit)); - memset(eddsa_doit, 1, sizeof(eddsa_doit)); -#ifndef OPENSSL_NO_SM2 - memset(sm2_doit, 1, sizeof(sm2_doit)); -#endif - } - for (i = 0; i < ALGOR_NUM; i++) - if (doit[i]) - pr_header++; - - if (usertime == 0 && !mr) - BIO_printf(bio_err, - "You have chosen to measure elapsed time " - "instead of user CPU time.\n"); - -#if SIGALRM > 0 - signal(SIGALRM, alarmed); -#endif - - if (doit[D_MD2]) { - for (testnum = 0; testnum < size_num; testnum++) { - print_message(names[D_MD2], c[D_MD2][testnum], lengths[testnum], - seconds.sym); - Time_F(START); - count = run_benchmark(async_jobs, EVP_Digest_MD2_loop, loopargs); - d = Time_F(STOP); - print_result(D_MD2, testnum, count, d); - if (count < 0) - break; - } - } - - if (doit[D_MDC2]) { - for (testnum = 0; testnum < size_num; testnum++) { - print_message(names[D_MDC2], c[D_MDC2][testnum], lengths[testnum], - seconds.sym); - Time_F(START); - count = run_benchmark(async_jobs, EVP_Digest_MDC2_loop, loopargs); - d = Time_F(STOP); - print_result(D_MDC2, testnum, count, d); - if (count < 0) - break; - } - } - - if (doit[D_MD4]) { - for (testnum = 0; testnum < size_num; testnum++) { - print_message(names[D_MD4], c[D_MD4][testnum], lengths[testnum], - seconds.sym); - Time_F(START); - count = run_benchmark(async_jobs, EVP_Digest_MD4_loop, loopargs); - d = Time_F(STOP); - print_result(D_MD4, testnum, count, d); - if (count < 0) - break; - } - } - - if (doit[D_MD5]) { - for (testnum = 0; testnum < size_num; testnum++) { - print_message(names[D_MD5], c[D_MD5][testnum], lengths[testnum], - seconds.sym); - Time_F(START); - count = run_benchmark(async_jobs, MD5_loop, loopargs); - d = Time_F(STOP); - print_result(D_MD5, testnum, count, d); - if (count < 0) - break; - } - } - - if (doit[D_SHA1]) { - for (testnum = 0; testnum < size_num; testnum++) { - print_message(names[D_SHA1], c[D_SHA1][testnum], lengths[testnum], - seconds.sym); - Time_F(START); - count = run_benchmark(async_jobs, SHA1_loop, loopargs); - d = Time_F(STOP); - print_result(D_SHA1, testnum, count, d); - if (count < 0) - break; - } - } - - if (doit[D_SHA256]) { - for (testnum = 0; testnum < size_num; testnum++) { - print_message(names[D_SHA256], c[D_SHA256][testnum], - lengths[testnum], seconds.sym); - Time_F(START); - count = run_benchmark(async_jobs, SHA256_loop, loopargs); - d = Time_F(STOP); - print_result(D_SHA256, testnum, count, d); - if (count < 0) - break; - } - } - - if (doit[D_SHA512]) { - for (testnum = 0; testnum < size_num; testnum++) { - print_message(names[D_SHA512], c[D_SHA512][testnum], - lengths[testnum], seconds.sym); - Time_F(START); - count = run_benchmark(async_jobs, SHA512_loop, loopargs); - d = Time_F(STOP); - print_result(D_SHA512, testnum, count, d); - if (count < 0) - break; - } - } - - if (doit[D_WHIRLPOOL]) { - for (testnum = 0; testnum < size_num; testnum++) { - print_message(names[D_WHIRLPOOL], c[D_WHIRLPOOL][testnum], - lengths[testnum], seconds.sym); - Time_F(START); - count = run_benchmark(async_jobs, WHIRLPOOL_loop, loopargs); - d = Time_F(STOP); - print_result(D_WHIRLPOOL, testnum, count, d); - if (count < 0) - break; - } - } - - if (doit[D_RMD160]) { - for (testnum = 0; testnum < size_num; testnum++) { - print_message(names[D_RMD160], c[D_RMD160][testnum], - lengths[testnum], seconds.sym); - Time_F(START); - count = run_benchmark(async_jobs, EVP_Digest_RMD160_loop, loopargs); - d = Time_F(STOP); - print_result(D_RMD160, testnum, count, d); - if (count < 0) - break; - } - } - - if (doit[D_HMAC]) { - static const char hmac_key[] = "This is a key..."; - int len = strlen(hmac_key); - OSSL_PARAM params[3]; - - mac = EVP_MAC_fetch(app_get0_libctx(), "HMAC", app_get0_propq()); - if (mac == NULL || evp_mac_mdname == NULL) - goto end; - - evp_hmac_name = app_malloc(sizeof("hmac()") + strlen(evp_mac_mdname), - "HMAC name"); - sprintf(evp_hmac_name, "hmac(%s)", evp_mac_mdname); - names[D_HMAC] = evp_hmac_name; - - params[0] = - OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST, - evp_mac_mdname, 0); - params[1] = - OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_KEY, - (char *)hmac_key, len); - params[2] = OSSL_PARAM_construct_end(); - - for (i = 0; i < loopargs_len; i++) { - loopargs[i].mctx = EVP_MAC_CTX_new(mac); - if (loopargs[i].mctx == NULL) - goto end; - - if (!EVP_MAC_CTX_set_params(loopargs[i].mctx, params)) - goto skip_hmac; /* Digest not found */ - } - for (testnum = 0; testnum < size_num; testnum++) { - print_message(names[D_HMAC], c[D_HMAC][testnum], lengths[testnum], - seconds.sym); - Time_F(START); - count = run_benchmark(async_jobs, HMAC_loop, loopargs); - d = Time_F(STOP); - print_result(D_HMAC, testnum, count, d); - if (count < 0) - break; - } - for (i = 0; i < loopargs_len; i++) - EVP_MAC_CTX_free(loopargs[i].mctx); - EVP_MAC_free(mac); - mac = NULL; - } -skip_hmac: - if (doit[D_CBC_DES]) { - int st = 1; - - for (i = 0; st && i < loopargs_len; i++) { - loopargs[i].ctx = init_evp_cipher_ctx("des-cbc", deskey, - sizeof(deskey) / 3); - st = loopargs[i].ctx != NULL; - } - algindex = D_CBC_DES; - for (testnum = 0; st && testnum < size_num; testnum++) { - print_message(names[D_CBC_DES], c[D_CBC_DES][testnum], - lengths[testnum], seconds.sym); - Time_F(START); - count = run_benchmark(async_jobs, EVP_Cipher_loop, loopargs); - d = Time_F(STOP); - print_result(D_CBC_DES, testnum, count, d); - } - for (i = 0; i < loopargs_len; i++) - EVP_CIPHER_CTX_free(loopargs[i].ctx); - } - - if (doit[D_EDE3_DES]) { - int st = 1; - - for (i = 0; st && i < loopargs_len; i++) { - loopargs[i].ctx = init_evp_cipher_ctx("des-ede3-cbc", deskey, - sizeof(deskey)); - st = loopargs[i].ctx != NULL; - } - algindex = D_EDE3_DES; - for (testnum = 0; st && testnum < size_num; testnum++) { - print_message(names[D_EDE3_DES], c[D_EDE3_DES][testnum], - lengths[testnum], seconds.sym); - Time_F(START); - count = - run_benchmark(async_jobs, EVP_Cipher_loop, loopargs); - d = Time_F(STOP); - print_result(D_EDE3_DES, testnum, count, d); - } - for (i = 0; i < loopargs_len; i++) - EVP_CIPHER_CTX_free(loopargs[i].ctx); - } - - for (k = 0; k < 3; k++) { - algindex = D_CBC_128_AES + k; - if (doit[algindex]) { - int st = 1; - - keylen = 16 + k * 8; - for (i = 0; st && i < loopargs_len; i++) { - loopargs[i].ctx = init_evp_cipher_ctx(names[algindex], - key32, keylen); - st = loopargs[i].ctx != NULL; - } - - for (testnum = 0; st && testnum < size_num; testnum++) { - print_message(names[algindex], c[algindex][testnum], - lengths[testnum], seconds.sym); - Time_F(START); - count = - run_benchmark(async_jobs, EVP_Cipher_loop, loopargs); - d = Time_F(STOP); - print_result(algindex, testnum, count, d); - } - for (i = 0; i < loopargs_len; i++) - EVP_CIPHER_CTX_free(loopargs[i].ctx); - } - } - - for (k = 0; k < 3; k++) { - algindex = D_CBC_128_CML + k; - if (doit[algindex]) { - int st = 1; - - keylen = 16 + k * 8; - for (i = 0; st && i < loopargs_len; i++) { - loopargs[i].ctx = init_evp_cipher_ctx(names[algindex], - key32, keylen); - st = loopargs[i].ctx != NULL; - } - - for (testnum = 0; st && testnum < size_num; testnum++) { - print_message(names[algindex], c[algindex][testnum], - lengths[testnum], seconds.sym); - Time_F(START); - count = - run_benchmark(async_jobs, EVP_Cipher_loop, loopargs); - d = Time_F(STOP); - print_result(algindex, testnum, count, d); - } - for (i = 0; i < loopargs_len; i++) - EVP_CIPHER_CTX_free(loopargs[i].ctx); - } - } - - for (algindex = D_RC4; algindex <= D_CBC_CAST; algindex++) { - if (doit[algindex]) { - int st = 1; - - keylen = 16; - for (i = 0; st && i < loopargs_len; i++) { - loopargs[i].ctx = init_evp_cipher_ctx(names[algindex], - key32, keylen); - st = loopargs[i].ctx != NULL; - } - - for (testnum = 0; st && testnum < size_num; testnum++) { - print_message(names[algindex], c[algindex][testnum], - lengths[testnum], seconds.sym); - Time_F(START); - count = - run_benchmark(async_jobs, EVP_Cipher_loop, loopargs); - d = Time_F(STOP); - print_result(algindex, testnum, count, d); - } - for (i = 0; i < loopargs_len; i++) - EVP_CIPHER_CTX_free(loopargs[i].ctx); - } - } - if (doit[D_GHASH]) { - static const char gmac_iv[] = "0123456789ab"; - OSSL_PARAM params[3]; - - mac = EVP_MAC_fetch(app_get0_libctx(), "GMAC", app_get0_propq()); - if (mac == NULL) - goto end; - - params[0] = OSSL_PARAM_construct_utf8_string(OSSL_ALG_PARAM_CIPHER, - "aes-128-gcm", 0); - params[1] = OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_IV, - (char *)gmac_iv, - sizeof(gmac_iv) - 1); - params[2] = OSSL_PARAM_construct_end(); - - for (i = 0; i < loopargs_len; i++) { - loopargs[i].mctx = EVP_MAC_CTX_new(mac); - if (loopargs[i].mctx == NULL) - goto end; - - if (!EVP_MAC_init(loopargs[i].mctx, key32, 16, params)) - goto end; - } - for (testnum = 0; testnum < size_num; testnum++) { - print_message(names[D_GHASH], c[D_GHASH][testnum], lengths[testnum], - seconds.sym); - Time_F(START); - count = run_benchmark(async_jobs, GHASH_loop, loopargs); - d = Time_F(STOP); - print_result(D_GHASH, testnum, count, d); - if (count < 0) - break; - } - for (i = 0; i < loopargs_len; i++) - EVP_MAC_CTX_free(loopargs[i].mctx); - EVP_MAC_free(mac); - mac = NULL; - } - - if (doit[D_RAND]) { - for (testnum = 0; testnum < size_num; testnum++) { - print_message(names[D_RAND], c[D_RAND][testnum], lengths[testnum], - seconds.sym); - Time_F(START); - count = run_benchmark(async_jobs, RAND_bytes_loop, loopargs); - d = Time_F(STOP); - print_result(D_RAND, testnum, count, d); - } - } - - if (doit[D_EVP]) { - if (evp_cipher != NULL) { - int (*loopfunc) (void *) = EVP_Update_loop; - - if (multiblock && (EVP_CIPHER_get_flags(evp_cipher) & - EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK)) { - multiblock_speed(evp_cipher, lengths_single, &seconds); - ret = 0; - goto end; - } - - names[D_EVP] = EVP_CIPHER_get0_name(evp_cipher); - - if (EVP_CIPHER_get_mode(evp_cipher) == EVP_CIPH_CCM_MODE) { - loopfunc = EVP_Update_loop_ccm; - } else if (aead && (EVP_CIPHER_get_flags(evp_cipher) & - EVP_CIPH_FLAG_AEAD_CIPHER)) { - loopfunc = EVP_Update_loop_aead; - if (lengths == lengths_list) { - lengths = aead_lengths_list; - size_num = OSSL_NELEM(aead_lengths_list); - } - } - - for (testnum = 0; testnum < size_num; testnum++) { - print_message(names[D_EVP], c[D_EVP][testnum], lengths[testnum], - seconds.sym); - - for (k = 0; k < loopargs_len; k++) { - loopargs[k].ctx = EVP_CIPHER_CTX_new(); - if (loopargs[k].ctx == NULL) { - BIO_printf(bio_err, "\nEVP_CIPHER_CTX_new failure\n"); - exit(1); - } - if (!EVP_CipherInit_ex(loopargs[k].ctx, evp_cipher, NULL, - NULL, iv, decrypt ? 0 : 1)) { - BIO_printf(bio_err, "\nEVP_CipherInit_ex failure\n"); - ERR_print_errors(bio_err); - exit(1); - } - - EVP_CIPHER_CTX_set_padding(loopargs[k].ctx, 0); - - keylen = EVP_CIPHER_CTX_get_key_length(loopargs[k].ctx); - loopargs[k].key = app_malloc(keylen, "evp_cipher key"); - EVP_CIPHER_CTX_rand_key(loopargs[k].ctx, loopargs[k].key); - if (!EVP_CipherInit_ex(loopargs[k].ctx, NULL, NULL, - loopargs[k].key, NULL, -1)) { - BIO_printf(bio_err, "\nEVP_CipherInit_ex failure\n"); - ERR_print_errors(bio_err); - exit(1); - } - OPENSSL_clear_free(loopargs[k].key, keylen); - - /* SIV mode only allows for a single Update operation */ - if (EVP_CIPHER_get_mode(evp_cipher) == EVP_CIPH_SIV_MODE) - (void)EVP_CIPHER_CTX_ctrl(loopargs[k].ctx, - EVP_CTRL_SET_SPEED, 1, NULL); - } - - Time_F(START); - count = run_benchmark(async_jobs, loopfunc, loopargs); - d = Time_F(STOP); - for (k = 0; k < loopargs_len; k++) - EVP_CIPHER_CTX_free(loopargs[k].ctx); - print_result(D_EVP, testnum, count, d); - } - } else if (evp_md_name != NULL) { - names[D_EVP] = evp_md_name; - - for (testnum = 0; testnum < size_num; testnum++) { - print_message(names[D_EVP], c[D_EVP][testnum], lengths[testnum], - seconds.sym); - Time_F(START); - count = run_benchmark(async_jobs, EVP_Digest_md_loop, loopargs); - d = Time_F(STOP); - print_result(D_EVP, testnum, count, d); - if (count < 0) - break; - } - } - } - - if (doit[D_EVP_CMAC]) { - OSSL_PARAM params[3]; - EVP_CIPHER *cipher = NULL; - - mac = EVP_MAC_fetch(app_get0_libctx(), "CMAC", app_get0_propq()); - if (mac == NULL || evp_mac_ciphername == NULL) - goto end; - if (!opt_cipher(evp_mac_ciphername, &cipher)) - goto end; - - keylen = EVP_CIPHER_get_key_length(cipher); - EVP_CIPHER_free(cipher); - if (keylen <= 0 || keylen > (int)sizeof(key32)) { - BIO_printf(bio_err, "\nRequested CMAC cipher with unsupported key length.\n"); - goto end; - } - evp_cmac_name = app_malloc(sizeof("cmac()") - + strlen(evp_mac_ciphername), "CMAC name"); - sprintf(evp_cmac_name, "cmac(%s)", evp_mac_ciphername); - names[D_EVP_CMAC] = evp_cmac_name; - - params[0] = OSSL_PARAM_construct_utf8_string(OSSL_ALG_PARAM_CIPHER, - evp_mac_ciphername, 0); - params[1] = OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_KEY, - (char *)key32, keylen); - params[2] = OSSL_PARAM_construct_end(); - - for (i = 0; i < loopargs_len; i++) { - loopargs[i].mctx = EVP_MAC_CTX_new(mac); - if (loopargs[i].mctx == NULL) - goto end; - - if (!EVP_MAC_CTX_set_params(loopargs[i].mctx, params)) - goto end; - } - - for (testnum = 0; testnum < size_num; testnum++) { - print_message(names[D_EVP_CMAC], c[D_EVP_CMAC][testnum], - lengths[testnum], seconds.sym); - Time_F(START); - count = run_benchmark(async_jobs, CMAC_loop, loopargs); - d = Time_F(STOP); - print_result(D_EVP_CMAC, testnum, count, d); - if (count < 0) - break; - } - for (i = 0; i < loopargs_len; i++) - EVP_MAC_CTX_free(loopargs[i].mctx); - EVP_MAC_free(mac); - mac = NULL; - } - - for (i = 0; i < loopargs_len; i++) - if (RAND_bytes(loopargs[i].buf, 36) <= 0) - goto end; - - for (testnum = 0; testnum < RSA_NUM; testnum++) { - EVP_PKEY *rsa_key = NULL; - int st = 0; - - if (!rsa_doit[testnum]) - continue; - - if (primes > RSA_DEFAULT_PRIME_NUM) { - /* we haven't set keys yet, generate multi-prime RSA keys */ - bn = BN_new(); - st = bn != NULL - && BN_set_word(bn, RSA_F4) - && init_gen_str(&genctx, "RSA", NULL, 0, NULL, NULL) - && EVP_PKEY_CTX_set_rsa_keygen_bits(genctx, rsa_keys[testnum].bits) > 0 - && EVP_PKEY_CTX_set1_rsa_keygen_pubexp(genctx, bn) > 0 - && EVP_PKEY_CTX_set_rsa_keygen_primes(genctx, primes) > 0 - && EVP_PKEY_keygen(genctx, &rsa_key); - BN_free(bn); - bn = NULL; - EVP_PKEY_CTX_free(genctx); - genctx = NULL; - } else { - const unsigned char *p = rsa_keys[testnum].data; - - st = (rsa_key = d2i_PrivateKey(EVP_PKEY_RSA, NULL, &p, - rsa_keys[testnum].length)) != NULL; - } - - for (i = 0; st && i < loopargs_len; i++) { - loopargs[i].rsa_sign_ctx[testnum] = EVP_PKEY_CTX_new(rsa_key, NULL); - loopargs[i].sigsize = loopargs[i].buflen; - if (loopargs[i].rsa_sign_ctx[testnum] == NULL - || EVP_PKEY_sign_init(loopargs[i].rsa_sign_ctx[testnum]) <= 0 - || EVP_PKEY_sign(loopargs[i].rsa_sign_ctx[testnum], - loopargs[i].buf2, - &loopargs[i].sigsize, - loopargs[i].buf, 36) <= 0) - st = 0; - } - if (!st) { - BIO_printf(bio_err, - "RSA sign setup failure. No RSA sign will be done.\n"); - ERR_print_errors(bio_err); - op_count = 1; - } else { - pkey_print_message("private", "rsa", - rsa_c[testnum][0], rsa_keys[testnum].bits, - seconds.rsa); - /* RSA_blinding_on(rsa_key[testnum],NULL); */ - Time_F(START); - count = run_benchmark(async_jobs, RSA_sign_loop, loopargs); - d = Time_F(STOP); - BIO_printf(bio_err, - mr ? "+R1:%ld:%d:%.2f\n" - : "%ld %u bits private RSA's in %.2fs\n", - count, rsa_keys[testnum].bits, d); - rsa_results[testnum][0] = (double)count / d; - op_count = count; - } - - for (i = 0; st && i < loopargs_len; i++) { - loopargs[i].rsa_verify_ctx[testnum] = EVP_PKEY_CTX_new(rsa_key, - NULL); - if (loopargs[i].rsa_verify_ctx[testnum] == NULL - || EVP_PKEY_verify_init(loopargs[i].rsa_verify_ctx[testnum]) <= 0 - || EVP_PKEY_verify(loopargs[i].rsa_verify_ctx[testnum], - loopargs[i].buf2, - loopargs[i].sigsize, - loopargs[i].buf, 36) <= 0) - st = 0; - } - if (!st) { - BIO_printf(bio_err, - "RSA verify setup failure. No RSA verify will be done.\n"); - ERR_print_errors(bio_err); - rsa_doit[testnum] = 0; - } else { - pkey_print_message("public", "rsa", - rsa_c[testnum][1], rsa_keys[testnum].bits, - seconds.rsa); - Time_F(START); - count = run_benchmark(async_jobs, RSA_verify_loop, loopargs); - d = Time_F(STOP); - BIO_printf(bio_err, - mr ? "+R2:%ld:%d:%.2f\n" - : "%ld %u bits public RSA's in %.2fs\n", - count, rsa_keys[testnum].bits, d); - rsa_results[testnum][1] = (double)count / d; - } - - if (op_count <= 1) { - /* if longer than 10s, don't do any more */ - stop_it(rsa_doit, testnum); - } - EVP_PKEY_free(rsa_key); - } - - for (testnum = 0; testnum < DSA_NUM; testnum++) { - EVP_PKEY *dsa_key = NULL; - int st; - - if (!dsa_doit[testnum]) - continue; - - st = (dsa_key = get_dsa(dsa_bits[testnum])) != NULL; - - for (i = 0; st && i < loopargs_len; i++) { - loopargs[i].dsa_sign_ctx[testnum] = EVP_PKEY_CTX_new(dsa_key, - NULL); - loopargs[i].sigsize = loopargs[i].buflen; - if (loopargs[i].dsa_sign_ctx[testnum] == NULL - || EVP_PKEY_sign_init(loopargs[i].dsa_sign_ctx[testnum]) <= 0 - - || EVP_PKEY_sign(loopargs[i].dsa_sign_ctx[testnum], - loopargs[i].buf2, - &loopargs[i].sigsize, - loopargs[i].buf, 20) <= 0) - st = 0; - } - if (!st) { - BIO_printf(bio_err, - "DSA sign setup failure. No DSA sign will be done.\n"); - ERR_print_errors(bio_err); - op_count = 1; - } else { - pkey_print_message("sign", "dsa", - dsa_c[testnum][0], dsa_bits[testnum], - seconds.dsa); - Time_F(START); - count = run_benchmark(async_jobs, DSA_sign_loop, loopargs); - d = Time_F(STOP); - BIO_printf(bio_err, - mr ? "+R3:%ld:%u:%.2f\n" - : "%ld %u bits DSA signs in %.2fs\n", - count, dsa_bits[testnum], d); - dsa_results[testnum][0] = (double)count / d; - op_count = count; - } - - for (i = 0; st && i < loopargs_len; i++) { - loopargs[i].dsa_verify_ctx[testnum] = EVP_PKEY_CTX_new(dsa_key, - NULL); - if (loopargs[i].dsa_verify_ctx[testnum] == NULL - || EVP_PKEY_verify_init(loopargs[i].dsa_verify_ctx[testnum]) <= 0 - || EVP_PKEY_verify(loopargs[i].dsa_verify_ctx[testnum], - loopargs[i].buf2, - loopargs[i].sigsize, - loopargs[i].buf, 36) <= 0) - st = 0; - } - if (!st) { - BIO_printf(bio_err, - "DSA verify setup failure. No DSA verify will be done.\n"); - ERR_print_errors(bio_err); - dsa_doit[testnum] = 0; - } else { - pkey_print_message("verify", "dsa", - dsa_c[testnum][1], dsa_bits[testnum], - seconds.dsa); - Time_F(START); - count = run_benchmark(async_jobs, DSA_verify_loop, loopargs); - d = Time_F(STOP); - BIO_printf(bio_err, - mr ? "+R4:%ld:%u:%.2f\n" - : "%ld %u bits DSA verify in %.2fs\n", - count, dsa_bits[testnum], d); - dsa_results[testnum][1] = (double)count / d; - } - - if (op_count <= 1) { - /* if longer than 10s, don't do any more */ - stop_it(dsa_doit, testnum); - } - EVP_PKEY_free(dsa_key); - } - - for (testnum = 0; testnum < ECDSA_NUM; testnum++) { - EVP_PKEY *ecdsa_key = NULL; - int st; - - if (!ecdsa_doit[testnum]) - continue; - - st = (ecdsa_key = get_ecdsa(&ec_curves[testnum])) != NULL; - - for (i = 0; st && i < loopargs_len; i++) { - loopargs[i].ecdsa_sign_ctx[testnum] = EVP_PKEY_CTX_new(ecdsa_key, - NULL); - loopargs[i].sigsize = loopargs[i].buflen; - if (loopargs[i].ecdsa_sign_ctx[testnum] == NULL - || EVP_PKEY_sign_init(loopargs[i].ecdsa_sign_ctx[testnum]) <= 0 - - || EVP_PKEY_sign(loopargs[i].ecdsa_sign_ctx[testnum], - loopargs[i].buf2, - &loopargs[i].sigsize, - loopargs[i].buf, 20) <= 0) - st = 0; - } - if (!st) { - BIO_printf(bio_err, - "ECDSA sign setup failure. No ECDSA sign will be done.\n"); - ERR_print_errors(bio_err); - op_count = 1; - } else { - pkey_print_message("sign", "ecdsa", - ecdsa_c[testnum][0], ec_curves[testnum].bits, - seconds.ecdsa); - Time_F(START); - count = run_benchmark(async_jobs, ECDSA_sign_loop, loopargs); - d = Time_F(STOP); - BIO_printf(bio_err, - mr ? "+R5:%ld:%u:%.2f\n" - : "%ld %u bits ECDSA signs in %.2fs\n", - count, ec_curves[testnum].bits, d); - ecdsa_results[testnum][0] = (double)count / d; - op_count = count; - } - - for (i = 0; st && i < loopargs_len; i++) { - loopargs[i].ecdsa_verify_ctx[testnum] = EVP_PKEY_CTX_new(ecdsa_key, - NULL); - if (loopargs[i].ecdsa_verify_ctx[testnum] == NULL - || EVP_PKEY_verify_init(loopargs[i].ecdsa_verify_ctx[testnum]) <= 0 - || EVP_PKEY_verify(loopargs[i].ecdsa_verify_ctx[testnum], - loopargs[i].buf2, - loopargs[i].sigsize, - loopargs[i].buf, 20) <= 0) - st = 0; - } - if (!st) { - BIO_printf(bio_err, - "ECDSA verify setup failure. No ECDSA verify will be done.\n"); - ERR_print_errors(bio_err); - ecdsa_doit[testnum] = 0; - } else { - pkey_print_message("verify", "ecdsa", - ecdsa_c[testnum][1], ec_curves[testnum].bits, - seconds.ecdsa); - Time_F(START); - count = run_benchmark(async_jobs, ECDSA_verify_loop, loopargs); - d = Time_F(STOP); - BIO_printf(bio_err, - mr ? "+R6:%ld:%u:%.2f\n" - : "%ld %u bits ECDSA verify in %.2fs\n", - count, ec_curves[testnum].bits, d); - ecdsa_results[testnum][1] = (double)count / d; - } - - if (op_count <= 1) { - /* if longer than 10s, don't do any more */ - stop_it(ecdsa_doit, testnum); - } - } - - for (testnum = 0; testnum < EC_NUM; testnum++) { - int ecdh_checks = 1; - - if (!ecdh_doit[testnum]) - continue; - - for (i = 0; i < loopargs_len; i++) { - EVP_PKEY_CTX *test_ctx = NULL; - EVP_PKEY_CTX *ctx = NULL; - EVP_PKEY *key_A = NULL; - EVP_PKEY *key_B = NULL; - size_t outlen; - size_t test_outlen; - - if ((key_A = get_ecdsa(&ec_curves[testnum])) == NULL /* generate secret key A */ - || (key_B = get_ecdsa(&ec_curves[testnum])) == NULL /* generate secret key B */ - || (ctx = EVP_PKEY_CTX_new(key_A, NULL)) == NULL /* derivation ctx from skeyA */ - || EVP_PKEY_derive_init(ctx) <= 0 /* init derivation ctx */ - || EVP_PKEY_derive_set_peer(ctx, key_B) <= 0 /* set peer pubkey in ctx */ - || EVP_PKEY_derive(ctx, NULL, &outlen) <= 0 /* determine max length */ - || outlen == 0 /* ensure outlen is a valid size */ - || outlen > MAX_ECDH_SIZE /* avoid buffer overflow */) { - ecdh_checks = 0; - BIO_printf(bio_err, "ECDH key generation failure.\n"); - ERR_print_errors(bio_err); - op_count = 1; - break; - } - - /* - * Here we perform a test run, comparing the output of a*B and b*A; - * we try this here and assume that further EVP_PKEY_derive calls - * never fail, so we can skip checks in the actually benchmarked - * code, for maximum performance. - */ - if ((test_ctx = EVP_PKEY_CTX_new(key_B, NULL)) == NULL /* test ctx from skeyB */ - || !EVP_PKEY_derive_init(test_ctx) /* init derivation test_ctx */ - || !EVP_PKEY_derive_set_peer(test_ctx, key_A) /* set peer pubkey in test_ctx */ - || !EVP_PKEY_derive(test_ctx, NULL, &test_outlen) /* determine max length */ - || !EVP_PKEY_derive(ctx, loopargs[i].secret_a, &outlen) /* compute a*B */ - || !EVP_PKEY_derive(test_ctx, loopargs[i].secret_b, &test_outlen) /* compute b*A */ - || test_outlen != outlen /* compare output length */) { - ecdh_checks = 0; - BIO_printf(bio_err, "ECDH computation failure.\n"); - ERR_print_errors(bio_err); - op_count = 1; - break; - } - - /* Compare the computation results: CRYPTO_memcmp() returns 0 if equal */ - if (CRYPTO_memcmp(loopargs[i].secret_a, - loopargs[i].secret_b, outlen)) { - ecdh_checks = 0; - BIO_printf(bio_err, "ECDH computations don't match.\n"); - ERR_print_errors(bio_err); - op_count = 1; - break; - } - - loopargs[i].ecdh_ctx[testnum] = ctx; - loopargs[i].outlen[testnum] = outlen; - - EVP_PKEY_free(key_A); - EVP_PKEY_free(key_B); - EVP_PKEY_CTX_free(test_ctx); - test_ctx = NULL; - } - if (ecdh_checks != 0) { - pkey_print_message("", "ecdh", - ecdh_c[testnum][0], - ec_curves[testnum].bits, seconds.ecdh); - Time_F(START); - count = - run_benchmark(async_jobs, ECDH_EVP_derive_key_loop, loopargs); - d = Time_F(STOP); - BIO_printf(bio_err, - mr ? "+R7:%ld:%d:%.2f\n" : - "%ld %u-bits ECDH ops in %.2fs\n", count, - ec_curves[testnum].bits, d); - ecdh_results[testnum][0] = (double)count / d; - op_count = count; - } - - if (op_count <= 1) { - /* if longer than 10s, don't do any more */ - stop_it(ecdh_doit, testnum); - } - } - - for (testnum = 0; testnum < EdDSA_NUM; testnum++) { - int st = 1; - EVP_PKEY *ed_pkey = NULL; - EVP_PKEY_CTX *ed_pctx = NULL; - - if (!eddsa_doit[testnum]) - continue; /* Ignore Curve */ - for (i = 0; i < loopargs_len; i++) { - loopargs[i].eddsa_ctx[testnum] = EVP_MD_CTX_new(); - if (loopargs[i].eddsa_ctx[testnum] == NULL) { - st = 0; - break; - } - loopargs[i].eddsa_ctx2[testnum] = EVP_MD_CTX_new(); - if (loopargs[i].eddsa_ctx2[testnum] == NULL) { - st = 0; - break; - } - - if ((ed_pctx = EVP_PKEY_CTX_new_id(ed_curves[testnum].nid, - NULL)) == NULL - || EVP_PKEY_keygen_init(ed_pctx) <= 0 - || EVP_PKEY_keygen(ed_pctx, &ed_pkey) <= 0) { - st = 0; - EVP_PKEY_CTX_free(ed_pctx); - break; - } - EVP_PKEY_CTX_free(ed_pctx); - - if (!EVP_DigestSignInit(loopargs[i].eddsa_ctx[testnum], NULL, NULL, - NULL, ed_pkey)) { - st = 0; - EVP_PKEY_free(ed_pkey); - break; - } - if (!EVP_DigestVerifyInit(loopargs[i].eddsa_ctx2[testnum], NULL, - NULL, NULL, ed_pkey)) { - st = 0; - EVP_PKEY_free(ed_pkey); - break; - } - - EVP_PKEY_free(ed_pkey); - ed_pkey = NULL; - } - if (st == 0) { - BIO_printf(bio_err, "EdDSA failure.\n"); - ERR_print_errors(bio_err); - op_count = 1; - } else { - for (i = 0; i < loopargs_len; i++) { - /* Perform EdDSA signature test */ - loopargs[i].sigsize = ed_curves[testnum].sigsize; - st = EVP_DigestSign(loopargs[i].eddsa_ctx[testnum], - loopargs[i].buf2, &loopargs[i].sigsize, - loopargs[i].buf, 20); - if (st == 0) - break; - } - if (st == 0) { - BIO_printf(bio_err, - "EdDSA sign failure. No EdDSA sign will be done.\n"); - ERR_print_errors(bio_err); - op_count = 1; - } else { - pkey_print_message("sign", ed_curves[testnum].name, - eddsa_c[testnum][0], - ed_curves[testnum].bits, seconds.eddsa); - Time_F(START); - count = run_benchmark(async_jobs, EdDSA_sign_loop, loopargs); - d = Time_F(STOP); - - BIO_printf(bio_err, - mr ? "+R8:%ld:%u:%s:%.2f\n" : - "%ld %u bits %s signs in %.2fs \n", - count, ed_curves[testnum].bits, - ed_curves[testnum].name, d); - eddsa_results[testnum][0] = (double)count / d; - op_count = count; - } - /* Perform EdDSA verification test */ - for (i = 0; i < loopargs_len; i++) { - st = EVP_DigestVerify(loopargs[i].eddsa_ctx2[testnum], - loopargs[i].buf2, loopargs[i].sigsize, - loopargs[i].buf, 20); - if (st != 1) - break; - } - if (st != 1) { - BIO_printf(bio_err, - "EdDSA verify failure. No EdDSA verify will be done.\n"); - ERR_print_errors(bio_err); - eddsa_doit[testnum] = 0; - } else { - pkey_print_message("verify", ed_curves[testnum].name, - eddsa_c[testnum][1], - ed_curves[testnum].bits, seconds.eddsa); - Time_F(START); - count = run_benchmark(async_jobs, EdDSA_verify_loop, loopargs); - d = Time_F(STOP); - BIO_printf(bio_err, - mr ? "+R9:%ld:%u:%s:%.2f\n" - : "%ld %u bits %s verify in %.2fs\n", - count, ed_curves[testnum].bits, - ed_curves[testnum].name, d); - eddsa_results[testnum][1] = (double)count / d; - } - - if (op_count <= 1) { - /* if longer than 10s, don't do any more */ - stop_it(eddsa_doit, testnum); - } - } - } - -#ifndef OPENSSL_NO_SM2 - for (testnum = 0; testnum < SM2_NUM; testnum++) { - int st = 1; - EVP_PKEY *sm2_pkey = NULL; - - if (!sm2_doit[testnum]) - continue; /* Ignore Curve */ - /* Init signing and verification */ - for (i = 0; i < loopargs_len; i++) { - EVP_PKEY_CTX *sm2_pctx = NULL; - EVP_PKEY_CTX *sm2_vfy_pctx = NULL; - EVP_PKEY_CTX *pctx = NULL; - st = 0; - - loopargs[i].sm2_ctx[testnum] = EVP_MD_CTX_new(); - loopargs[i].sm2_vfy_ctx[testnum] = EVP_MD_CTX_new(); - if (loopargs[i].sm2_ctx[testnum] == NULL - || loopargs[i].sm2_vfy_ctx[testnum] == NULL) - break; - - sm2_pkey = NULL; - - st = !((pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_SM2, NULL)) == NULL - || EVP_PKEY_keygen_init(pctx) <= 0 - || EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, - sm2_curves[testnum].nid) <= 0 - || EVP_PKEY_keygen(pctx, &sm2_pkey) <= 0); - EVP_PKEY_CTX_free(pctx); - if (st == 0) - break; - - st = 0; /* set back to zero */ - /* attach it sooner to rely on main final cleanup */ - loopargs[i].sm2_pkey[testnum] = sm2_pkey; - loopargs[i].sigsize = EVP_PKEY_get_size(sm2_pkey); - - sm2_pctx = EVP_PKEY_CTX_new(sm2_pkey, NULL); - sm2_vfy_pctx = EVP_PKEY_CTX_new(sm2_pkey, NULL); - if (sm2_pctx == NULL || sm2_vfy_pctx == NULL) { - EVP_PKEY_CTX_free(sm2_vfy_pctx); - break; - } - - /* attach them directly to respective ctx */ - EVP_MD_CTX_set_pkey_ctx(loopargs[i].sm2_ctx[testnum], sm2_pctx); - EVP_MD_CTX_set_pkey_ctx(loopargs[i].sm2_vfy_ctx[testnum], sm2_vfy_pctx); - - /* - * No need to allow user to set an explicit ID here, just use - * the one defined in the 'draft-yang-tls-tl13-sm-suites' I-D. - */ - if (EVP_PKEY_CTX_set1_id(sm2_pctx, SM2_ID, SM2_ID_LEN) != 1 - || EVP_PKEY_CTX_set1_id(sm2_vfy_pctx, SM2_ID, SM2_ID_LEN) != 1) - break; - - if (!EVP_DigestSignInit(loopargs[i].sm2_ctx[testnum], NULL, - EVP_sm3(), NULL, sm2_pkey)) - break; - if (!EVP_DigestVerifyInit(loopargs[i].sm2_vfy_ctx[testnum], NULL, - EVP_sm3(), NULL, sm2_pkey)) - break; - st = 1; /* mark loop as succeeded */ - } - if (st == 0) { - BIO_printf(bio_err, "SM2 init failure.\n"); - ERR_print_errors(bio_err); - op_count = 1; - } else { - for (i = 0; i < loopargs_len; i++) { - /* Perform SM2 signature test */ - st = EVP_DigestSign(loopargs[i].sm2_ctx[testnum], - loopargs[i].buf2, &loopargs[i].sigsize, - loopargs[i].buf, 20); - if (st == 0) - break; - } - if (st == 0) { - BIO_printf(bio_err, - "SM2 sign failure. No SM2 sign will be done.\n"); - ERR_print_errors(bio_err); - op_count = 1; - } else { - pkey_print_message("sign", sm2_curves[testnum].name, - sm2_c[testnum][0], - sm2_curves[testnum].bits, seconds.sm2); - Time_F(START); - count = run_benchmark(async_jobs, SM2_sign_loop, loopargs); - d = Time_F(STOP); - - BIO_printf(bio_err, - mr ? "+R10:%ld:%u:%s:%.2f\n" : - "%ld %u bits %s signs in %.2fs \n", - count, sm2_curves[testnum].bits, - sm2_curves[testnum].name, d); - sm2_results[testnum][0] = (double)count / d; - op_count = count; - } - - /* Perform SM2 verification test */ - for (i = 0; i < loopargs_len; i++) { - st = EVP_DigestVerify(loopargs[i].sm2_vfy_ctx[testnum], - loopargs[i].buf2, loopargs[i].sigsize, - loopargs[i].buf, 20); - if (st != 1) - break; - } - if (st != 1) { - BIO_printf(bio_err, - "SM2 verify failure. No SM2 verify will be done.\n"); - ERR_print_errors(bio_err); - sm2_doit[testnum] = 0; - } else { - pkey_print_message("verify", sm2_curves[testnum].name, - sm2_c[testnum][1], - sm2_curves[testnum].bits, seconds.sm2); - Time_F(START); - count = run_benchmark(async_jobs, SM2_verify_loop, loopargs); - d = Time_F(STOP); - BIO_printf(bio_err, - mr ? "+R11:%ld:%u:%s:%.2f\n" - : "%ld %u bits %s verify in %.2fs\n", - count, sm2_curves[testnum].bits, - sm2_curves[testnum].name, d); - sm2_results[testnum][1] = (double)count / d; - } - - if (op_count <= 1) { - /* if longer than 10s, don't do any more */ - for (testnum++; testnum < SM2_NUM; testnum++) - sm2_doit[testnum] = 0; - } - } - } -#endif /* OPENSSL_NO_SM2 */ - -#ifndef OPENSSL_NO_DH - for (testnum = 0; testnum < FFDH_NUM; testnum++) { - int ffdh_checks = 1; - - if (!ffdh_doit[testnum]) - continue; - - for (i = 0; i < loopargs_len; i++) { - EVP_PKEY *pkey_A = NULL; - EVP_PKEY *pkey_B = NULL; - EVP_PKEY_CTX *ffdh_ctx = NULL; - EVP_PKEY_CTX *test_ctx = NULL; - size_t secret_size; - size_t test_out; - - /* Ensure that the error queue is empty */ - if (ERR_peek_error()) { - BIO_printf(bio_err, - "WARNING: the error queue contains previous unhandled errors.\n"); - ERR_print_errors(bio_err); - } - - pkey_A = EVP_PKEY_new(); - if (!pkey_A) { - BIO_printf(bio_err, "Error while initialising EVP_PKEY (out of memory?).\n"); - ERR_print_errors(bio_err); - op_count = 1; - ffdh_checks = 0; - break; - } - pkey_B = EVP_PKEY_new(); - if (!pkey_B) { - BIO_printf(bio_err, "Error while initialising EVP_PKEY (out of memory?).\n"); - ERR_print_errors(bio_err); - op_count = 1; - ffdh_checks = 0; - break; - } - - ffdh_ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_DH, NULL); - if (!ffdh_ctx) { - BIO_printf(bio_err, "Error while allocating EVP_PKEY_CTX.\n"); - ERR_print_errors(bio_err); - op_count = 1; - ffdh_checks = 0; - break; - } - - if (EVP_PKEY_keygen_init(ffdh_ctx) <= 0) { - BIO_printf(bio_err, "Error while initialising EVP_PKEY_CTX.\n"); - ERR_print_errors(bio_err); - op_count = 1; - ffdh_checks = 0; - break; - } - if (EVP_PKEY_CTX_set_dh_nid(ffdh_ctx, ffdh_params[testnum].nid) <= 0) { - BIO_printf(bio_err, "Error setting DH key size for keygen.\n"); - ERR_print_errors(bio_err); - op_count = 1; - ffdh_checks = 0; - break; - } - - if (EVP_PKEY_keygen(ffdh_ctx, &pkey_A) <= 0 || - EVP_PKEY_keygen(ffdh_ctx, &pkey_B) <= 0) { - BIO_printf(bio_err, "FFDH key generation failure.\n"); - ERR_print_errors(bio_err); - op_count = 1; - ffdh_checks = 0; - break; - } - - EVP_PKEY_CTX_free(ffdh_ctx); - - /* - * check if the derivation works correctly both ways so that - * we know if future derive calls will fail, and we can skip - * error checking in benchmarked code - */ - ffdh_ctx = EVP_PKEY_CTX_new(pkey_A, NULL); - if (ffdh_ctx == NULL) { - BIO_printf(bio_err, "Error while allocating EVP_PKEY_CTX.\n"); - ERR_print_errors(bio_err); - op_count = 1; - ffdh_checks = 0; - break; - } - if (EVP_PKEY_derive_init(ffdh_ctx) <= 0) { - BIO_printf(bio_err, "FFDH derivation context init failure.\n"); - ERR_print_errors(bio_err); - op_count = 1; - ffdh_checks = 0; - break; - } - if (EVP_PKEY_derive_set_peer(ffdh_ctx, pkey_B) <= 0) { - BIO_printf(bio_err, "Assigning peer key for derivation failed.\n"); - ERR_print_errors(bio_err); - op_count = 1; - ffdh_checks = 0; - break; - } - if (EVP_PKEY_derive(ffdh_ctx, NULL, &secret_size) <= 0) { - BIO_printf(bio_err, "Checking size of shared secret failed.\n"); - ERR_print_errors(bio_err); - op_count = 1; - ffdh_checks = 0; - break; - } - if (secret_size > MAX_FFDH_SIZE) { - BIO_printf(bio_err, "Assertion failure: shared secret too large.\n"); - op_count = 1; - ffdh_checks = 0; - break; - } - if (EVP_PKEY_derive(ffdh_ctx, - loopargs[i].secret_ff_a, - &secret_size) <= 0) { - BIO_printf(bio_err, "Shared secret derive failure.\n"); - ERR_print_errors(bio_err); - op_count = 1; - ffdh_checks = 0; - break; - } - /* Now check from side B */ - test_ctx = EVP_PKEY_CTX_new(pkey_B, NULL); - if (!test_ctx) { - BIO_printf(bio_err, "Error while allocating EVP_PKEY_CTX.\n"); - ERR_print_errors(bio_err); - op_count = 1; - ffdh_checks = 0; - break; - } - if (!EVP_PKEY_derive_init(test_ctx) || - !EVP_PKEY_derive_set_peer(test_ctx, pkey_A) || - !EVP_PKEY_derive(test_ctx, NULL, &test_out) || - !EVP_PKEY_derive(test_ctx, loopargs[i].secret_ff_b, &test_out) || - test_out != secret_size) { - BIO_printf(bio_err, "FFDH computation failure.\n"); - op_count = 1; - ffdh_checks = 0; - break; - } - - /* compare the computed secrets */ - if (CRYPTO_memcmp(loopargs[i].secret_ff_a, - loopargs[i].secret_ff_b, secret_size)) { - BIO_printf(bio_err, "FFDH computations don't match.\n"); - ERR_print_errors(bio_err); - op_count = 1; - ffdh_checks = 0; - break; - } - - loopargs[i].ffdh_ctx[testnum] = ffdh_ctx; - - EVP_PKEY_free(pkey_A); - pkey_A = NULL; - EVP_PKEY_free(pkey_B); - pkey_B = NULL; - EVP_PKEY_CTX_free(test_ctx); - test_ctx = NULL; - } - if (ffdh_checks != 0) { - pkey_print_message("", "ffdh", ffdh_c[testnum][0], - ffdh_params[testnum].bits, seconds.ffdh); - Time_F(START); - count = - run_benchmark(async_jobs, FFDH_derive_key_loop, loopargs); - d = Time_F(STOP); - BIO_printf(bio_err, - mr ? "+R12:%ld:%d:%.2f\n" : - "%ld %u-bits FFDH ops in %.2fs\n", count, - ffdh_params[testnum].bits, d); - ffdh_results[testnum][0] = (double)count / d; - op_count = count; - } - if (op_count <= 1) { - /* if longer than 10s, don't do any more */ - stop_it(ffdh_doit, testnum); - } - } -#endif /* OPENSSL_NO_DH */ -#ifndef NO_FORK - show_res: -#endif - if (!mr) { - printf("version: %s\n", OpenSSL_version(OPENSSL_FULL_VERSION_STRING)); - printf("%s\n", OpenSSL_version(OPENSSL_BUILT_ON)); - printf("options: %s\n", BN_options()); - printf("%s\n", OpenSSL_version(OPENSSL_CFLAGS)); - printf("%s\n", OpenSSL_version(OPENSSL_CPU_INFO)); - } - - if (pr_header) { - if (mr) { - printf("+H"); - } else { - printf("The 'numbers' are in 1000s of bytes per second processed.\n"); - printf("type "); - } - for (testnum = 0; testnum < size_num; testnum++) - printf(mr ? ":%d" : "%7d bytes", lengths[testnum]); - printf("\n"); - } - - for (k = 0; k < ALGOR_NUM; k++) { - if (!doit[k]) - continue; - if (mr) - printf("+F:%u:%s", k, names[k]); - else - printf("%-13s", names[k]); - for (testnum = 0; testnum < size_num; testnum++) { - if (results[k][testnum] > 10000 && !mr) - printf(" %11.2fk", results[k][testnum] / 1e3); - else - printf(mr ? ":%.2f" : " %11.2f ", results[k][testnum]); - } - printf("\n"); - } - testnum = 1; - for (k = 0; k < RSA_NUM; k++) { - if (!rsa_doit[k]) - continue; - if (testnum && !mr) { - printf("%18ssign verify sign/s verify/s\n", " "); - testnum = 0; - } - if (mr) - printf("+F2:%u:%u:%f:%f\n", - k, rsa_keys[k].bits, rsa_results[k][0], rsa_results[k][1]); - else - printf("rsa %4u bits %8.6fs %8.6fs %8.1f %8.1f\n", - rsa_keys[k].bits, 1.0 / rsa_results[k][0], 1.0 / rsa_results[k][1], - rsa_results[k][0], rsa_results[k][1]); - } - testnum = 1; - for (k = 0; k < DSA_NUM; k++) { - if (!dsa_doit[k]) - continue; - if (testnum && !mr) { - printf("%18ssign verify sign/s verify/s\n", " "); - testnum = 0; - } - if (mr) - printf("+F3:%u:%u:%f:%f\n", - k, dsa_bits[k], dsa_results[k][0], dsa_results[k][1]); - else - printf("dsa %4u bits %8.6fs %8.6fs %8.1f %8.1f\n", - dsa_bits[k], 1.0 / dsa_results[k][0], 1.0 / dsa_results[k][1], - dsa_results[k][0], dsa_results[k][1]); - } - testnum = 1; - for (k = 0; k < OSSL_NELEM(ecdsa_doit); k++) { - if (!ecdsa_doit[k]) - continue; - if (testnum && !mr) { - printf("%30ssign verify sign/s verify/s\n", " "); - testnum = 0; - } - - if (mr) - printf("+F4:%u:%u:%f:%f\n", - k, ec_curves[k].bits, - ecdsa_results[k][0], ecdsa_results[k][1]); - else - printf("%4u bits ecdsa (%s) %8.4fs %8.4fs %8.1f %8.1f\n", - ec_curves[k].bits, ec_curves[k].name, - 1.0 / ecdsa_results[k][0], 1.0 / ecdsa_results[k][1], - ecdsa_results[k][0], ecdsa_results[k][1]); - } - - testnum = 1; - for (k = 0; k < EC_NUM; k++) { - if (!ecdh_doit[k]) - continue; - if (testnum && !mr) { - printf("%30sop op/s\n", " "); - testnum = 0; - } - if (mr) - printf("+F5:%u:%u:%f:%f\n", - k, ec_curves[k].bits, - ecdh_results[k][0], 1.0 / ecdh_results[k][0]); - - else - printf("%4u bits ecdh (%s) %8.4fs %8.1f\n", - ec_curves[k].bits, ec_curves[k].name, - 1.0 / ecdh_results[k][0], ecdh_results[k][0]); - } - - testnum = 1; - for (k = 0; k < OSSL_NELEM(eddsa_doit); k++) { - if (!eddsa_doit[k]) - continue; - if (testnum && !mr) { - printf("%30ssign verify sign/s verify/s\n", " "); - testnum = 0; - } - - if (mr) - printf("+F6:%u:%u:%s:%f:%f\n", - k, ed_curves[k].bits, ed_curves[k].name, - eddsa_results[k][0], eddsa_results[k][1]); - else - printf("%4u bits EdDSA (%s) %8.4fs %8.4fs %8.1f %8.1f\n", - ed_curves[k].bits, ed_curves[k].name, - 1.0 / eddsa_results[k][0], 1.0 / eddsa_results[k][1], - eddsa_results[k][0], eddsa_results[k][1]); - } - -#ifndef OPENSSL_NO_SM2 - testnum = 1; - for (k = 0; k < OSSL_NELEM(sm2_doit); k++) { - if (!sm2_doit[k]) - continue; - if (testnum && !mr) { - printf("%30ssign verify sign/s verify/s\n", " "); - testnum = 0; - } - - if (mr) - printf("+F7:%u:%u:%s:%f:%f\n", - k, sm2_curves[k].bits, sm2_curves[k].name, - sm2_results[k][0], sm2_results[k][1]); - else - printf("%4u bits SM2 (%s) %8.4fs %8.4fs %8.1f %8.1f\n", - sm2_curves[k].bits, sm2_curves[k].name, - 1.0 / sm2_results[k][0], 1.0 / sm2_results[k][1], - sm2_results[k][0], sm2_results[k][1]); - } -#endif -#ifndef OPENSSL_NO_DH - testnum = 1; - for (k = 0; k < FFDH_NUM; k++) { - if (!ffdh_doit[k]) - continue; - if (testnum && !mr) { - printf("%23sop op/s\n", " "); - testnum = 0; - } - if (mr) - printf("+F8:%u:%u:%f:%f\n", - k, ffdh_params[k].bits, - ffdh_results[k][0], 1.0 / ffdh_results[k][0]); - - else - printf("%4u bits ffdh %8.4fs %8.1f\n", - ffdh_params[k].bits, - 1.0 / ffdh_results[k][0], ffdh_results[k][0]); - } -#endif /* OPENSSL_NO_DH */ - - ret = 0; - - end: - ERR_print_errors(bio_err); - for (i = 0; i < loopargs_len; i++) { - OPENSSL_free(loopargs[i].buf_malloc); - OPENSSL_free(loopargs[i].buf2_malloc); - - BN_free(bn); - EVP_PKEY_CTX_free(genctx); - for (k = 0; k < RSA_NUM; k++) { - EVP_PKEY_CTX_free(loopargs[i].rsa_sign_ctx[k]); - EVP_PKEY_CTX_free(loopargs[i].rsa_verify_ctx[k]); - } -#ifndef OPENSSL_NO_DH - OPENSSL_free(loopargs[i].secret_ff_a); - OPENSSL_free(loopargs[i].secret_ff_b); - for (k = 0; k < FFDH_NUM; k++) - EVP_PKEY_CTX_free(loopargs[i].ffdh_ctx[k]); -#endif - for (k = 0; k < DSA_NUM; k++) { - EVP_PKEY_CTX_free(loopargs[i].dsa_sign_ctx[k]); - EVP_PKEY_CTX_free(loopargs[i].dsa_verify_ctx[k]); - } - for (k = 0; k < ECDSA_NUM; k++) { - EVP_PKEY_CTX_free(loopargs[i].ecdsa_sign_ctx[k]); - EVP_PKEY_CTX_free(loopargs[i].ecdsa_verify_ctx[k]); - } - for (k = 0; k < EC_NUM; k++) - EVP_PKEY_CTX_free(loopargs[i].ecdh_ctx[k]); - for (k = 0; k < EdDSA_NUM; k++) { - EVP_MD_CTX_free(loopargs[i].eddsa_ctx[k]); - EVP_MD_CTX_free(loopargs[i].eddsa_ctx2[k]); - } -#ifndef OPENSSL_NO_SM2 - for (k = 0; k < SM2_NUM; k++) { - EVP_PKEY_CTX *pctx = NULL; - - /* free signing ctx */ - if (loopargs[i].sm2_ctx[k] != NULL - && (pctx = EVP_MD_CTX_get_pkey_ctx(loopargs[i].sm2_ctx[k])) != NULL) - EVP_PKEY_CTX_free(pctx); - EVP_MD_CTX_free(loopargs[i].sm2_ctx[k]); - /* free verification ctx */ - if (loopargs[i].sm2_vfy_ctx[k] != NULL - && (pctx = EVP_MD_CTX_get_pkey_ctx(loopargs[i].sm2_vfy_ctx[k])) != NULL) - EVP_PKEY_CTX_free(pctx); - EVP_MD_CTX_free(loopargs[i].sm2_vfy_ctx[k]); - /* free pkey */ - EVP_PKEY_free(loopargs[i].sm2_pkey[k]); - } -#endif - OPENSSL_free(loopargs[i].secret_a); - OPENSSL_free(loopargs[i].secret_b); - } - OPENSSL_free(evp_hmac_name); - OPENSSL_free(evp_cmac_name); - - if (async_jobs > 0) { - for (i = 0; i < loopargs_len; i++) - ASYNC_WAIT_CTX_free(loopargs[i].wait_ctx); - } - - if (async_init) { - ASYNC_cleanup_thread(); - } - OPENSSL_free(loopargs); - release_engine(e); - EVP_CIPHER_free(evp_cipher); - EVP_MAC_free(mac); - return ret; -} - -static void print_message(const char *s, long num, int length, int tm) -{ - BIO_printf(bio_err, - mr ? "+DT:%s:%d:%d\n" - : "Doing %s for %ds on %d size blocks: ", s, tm, length); - (void)BIO_flush(bio_err); - run = 1; - alarm(tm); -} - -static void pkey_print_message(const char *str, const char *str2, long num, - unsigned int bits, int tm) -{ - BIO_printf(bio_err, - mr ? "+DTP:%d:%s:%s:%d\n" - : "Doing %u bits %s %s's for %ds: ", bits, str, str2, tm); - (void)BIO_flush(bio_err); - run = 1; - alarm(tm); -} - -static void print_result(int alg, int run_no, int count, double time_used) -{ - if (count == -1) { - BIO_printf(bio_err, "%s error!\n", names[alg]); - ERR_print_errors(bio_err); - return; - } - BIO_printf(bio_err, - mr ? "+R:%d:%s:%f\n" - : "%d %s's in %.2fs\n", count, names[alg], time_used); - results[alg][run_no] = ((double)count) / time_used * lengths[run_no]; -} - -#ifndef NO_FORK -static char *sstrsep(char **string, const char *delim) -{ - char isdelim[256]; - char *token = *string; - - if (**string == 0) - return NULL; - - memset(isdelim, 0, sizeof(isdelim)); - isdelim[0] = 1; - - while (*delim) { - isdelim[(unsigned char)(*delim)] = 1; - delim++; - } - - while (!isdelim[(unsigned char)(**string)]) - (*string)++; - - if (**string) { - **string = 0; - (*string)++; - } - - return token; -} - -static int do_multi(int multi, int size_num) -{ - int n; - int fd[2]; - int *fds; - int status; - static char sep[] = ":"; - - fds = app_malloc(sizeof(*fds) * multi, "fd buffer for do_multi"); - for (n = 0; n < multi; ++n) { - if (pipe(fd) == -1) { - BIO_printf(bio_err, "pipe failure\n"); - exit(1); - } - fflush(stdout); - (void)BIO_flush(bio_err); - if (fork()) { - close(fd[1]); - fds[n] = fd[0]; - } else { - close(fd[0]); - close(1); - if (dup(fd[1]) == -1) { - BIO_printf(bio_err, "dup failed\n"); - exit(1); - } - close(fd[1]); - mr = 1; - usertime = 0; - OPENSSL_free(fds); - return 0; - } - printf("Forked child %d\n", n); - } - - /* for now, assume the pipe is long enough to take all the output */ - for (n = 0; n < multi; ++n) { - FILE *f; - char buf[1024]; - char *p; - - f = fdopen(fds[n], "r"); - while (fgets(buf, sizeof(buf), f)) { - p = strchr(buf, '\n'); - if (p) - *p = '\0'; - if (buf[0] != '+') { - BIO_printf(bio_err, - "Don't understand line '%s' from child %d\n", buf, - n); - continue; - } - printf("Got: %s from %d\n", buf, n); - if (strncmp(buf, "+F:", 3) == 0) { - int alg; - int j; - - p = buf + 3; - alg = atoi(sstrsep(&p, sep)); - sstrsep(&p, sep); - for (j = 0; j < size_num; ++j) - results[alg][j] += atof(sstrsep(&p, sep)); - } else if (strncmp(buf, "+F2:", 4) == 0) { - int k; - double d; - - p = buf + 4; - k = atoi(sstrsep(&p, sep)); - sstrsep(&p, sep); - - d = atof(sstrsep(&p, sep)); - rsa_results[k][0] += d; - - d = atof(sstrsep(&p, sep)); - rsa_results[k][1] += d; - } else if (strncmp(buf, "+F3:", 4) == 0) { - int k; - double d; - - p = buf + 4; - k = atoi(sstrsep(&p, sep)); - sstrsep(&p, sep); - - d = atof(sstrsep(&p, sep)); - dsa_results[k][0] += d; - - d = atof(sstrsep(&p, sep)); - dsa_results[k][1] += d; - } else if (strncmp(buf, "+F4:", 4) == 0) { - int k; - double d; - - p = buf + 4; - k = atoi(sstrsep(&p, sep)); - sstrsep(&p, sep); - - d = atof(sstrsep(&p, sep)); - ecdsa_results[k][0] += d; - - d = atof(sstrsep(&p, sep)); - ecdsa_results[k][1] += d; - } else if (strncmp(buf, "+F5:", 4) == 0) { - int k; - double d; - - p = buf + 4; - k = atoi(sstrsep(&p, sep)); - sstrsep(&p, sep); - - d = atof(sstrsep(&p, sep)); - ecdh_results[k][0] += d; - } else if (strncmp(buf, "+F6:", 4) == 0) { - int k; - double d; - - p = buf + 4; - k = atoi(sstrsep(&p, sep)); - sstrsep(&p, sep); - sstrsep(&p, sep); - - d = atof(sstrsep(&p, sep)); - eddsa_results[k][0] += d; - - d = atof(sstrsep(&p, sep)); - eddsa_results[k][1] += d; -# ifndef OPENSSL_NO_SM2 - } else if (strncmp(buf, "+F7:", 4) == 0) { - int k; - double d; - - p = buf + 4; - k = atoi(sstrsep(&p, sep)); - sstrsep(&p, sep); - sstrsep(&p, sep); - - d = atof(sstrsep(&p, sep)); - sm2_results[k][0] += d; - - d = atof(sstrsep(&p, sep)); - sm2_results[k][1] += d; -# endif /* OPENSSL_NO_SM2 */ -# ifndef OPENSSL_NO_DH - } else if (strncmp(buf, "+F8:", 4) == 0) { - int k; - double d; - - p = buf + 4; - k = atoi(sstrsep(&p, sep)); - sstrsep(&p, sep); - - d = atof(sstrsep(&p, sep)); - ffdh_results[k][0] += d; -# endif /* OPENSSL_NO_DH */ - } else if (strncmp(buf, "+H:", 3) == 0) { - ; - } else { - BIO_printf(bio_err, "Unknown type '%s' from child %d\n", buf, - n); - } - } - - fclose(f); - } - OPENSSL_free(fds); - for (n = 0; n < multi; ++n) { - while (wait(&status) == -1) - if (errno != EINTR) { - BIO_printf(bio_err, "Waitng for child failed with 0x%x\n", - errno); - return 1; - } - if (WIFEXITED(status) && WEXITSTATUS(status)) { - BIO_printf(bio_err, "Child exited with %d\n", WEXITSTATUS(status)); - } else if (WIFSIGNALED(status)) { - BIO_printf(bio_err, "Child terminated by signal %d\n", - WTERMSIG(status)); - } - } - return 1; -} -#endif - -static void multiblock_speed(const EVP_CIPHER *evp_cipher, int lengths_single, - const openssl_speed_sec_t *seconds) -{ - static const int mblengths_list[] = - { 8 * 1024, 2 * 8 * 1024, 4 * 8 * 1024, 8 * 8 * 1024, 8 * 16 * 1024 }; - const int *mblengths = mblengths_list; - int j, count, keylen, num = OSSL_NELEM(mblengths_list); - const char *alg_name; - unsigned char *inp = NULL, *out = NULL, *key, no_key[32], no_iv[16]; - EVP_CIPHER_CTX *ctx = NULL; - double d = 0.0; - - if (lengths_single) { - mblengths = &lengths_single; - num = 1; - } - - inp = app_malloc(mblengths[num - 1], "multiblock input buffer"); - out = app_malloc(mblengths[num - 1] + 1024, "multiblock output buffer"); - if ((ctx = EVP_CIPHER_CTX_new()) == NULL) - app_bail_out("failed to allocate cipher context\n"); - if (!EVP_EncryptInit_ex(ctx, evp_cipher, NULL, NULL, no_iv)) - app_bail_out("failed to initialise cipher context\n"); - - if ((keylen = EVP_CIPHER_CTX_get_key_length(ctx)) < 0) { - BIO_printf(bio_err, "Impossible negative key length: %d\n", keylen); - goto err; - } - key = app_malloc(keylen, "evp_cipher key"); - if (EVP_CIPHER_CTX_rand_key(ctx, key) <= 0) - app_bail_out("failed to generate random cipher key\n"); - if (!EVP_EncryptInit_ex(ctx, NULL, NULL, key, NULL)) - app_bail_out("failed to set cipher key\n"); - OPENSSL_clear_free(key, keylen); - - if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_MAC_KEY, - sizeof(no_key), no_key) <= 0) - app_bail_out("failed to set AEAD key\n"); - if ((alg_name = EVP_CIPHER_get0_name(evp_cipher)) == NULL) - app_bail_out("failed to get cipher name\n"); - - for (j = 0; j < num; j++) { - print_message(alg_name, 0, mblengths[j], seconds->sym); - Time_F(START); - for (count = 0; run && count < INT_MAX; count++) { - unsigned char aad[EVP_AEAD_TLS1_AAD_LEN]; - EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM mb_param; - size_t len = mblengths[j]; - int packlen; - - memset(aad, 0, 8); /* avoid uninitialized values */ - aad[8] = 23; /* SSL3_RT_APPLICATION_DATA */ - aad[9] = 3; /* version */ - aad[10] = 2; - aad[11] = 0; /* length */ - aad[12] = 0; - mb_param.out = NULL; - mb_param.inp = aad; - mb_param.len = len; - mb_param.interleave = 8; - - packlen = EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_TLS1_1_MULTIBLOCK_AAD, - sizeof(mb_param), &mb_param); - - if (packlen > 0) { - mb_param.out = out; - mb_param.inp = inp; - mb_param.len = len; - (void)EVP_CIPHER_CTX_ctrl(ctx, - EVP_CTRL_TLS1_1_MULTIBLOCK_ENCRYPT, - sizeof(mb_param), &mb_param); - } else { - int pad; - - RAND_bytes(out, 16); - len += 16; - aad[11] = (unsigned char)(len >> 8); - aad[12] = (unsigned char)(len); - pad = EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_TLS1_AAD, - EVP_AEAD_TLS1_AAD_LEN, aad); - EVP_Cipher(ctx, out, inp, len + pad); - } - } - d = Time_F(STOP); - BIO_printf(bio_err, mr ? "+R:%d:%s:%f\n" - : "%d %s's in %.2fs\n", count, "evp", d); - results[D_EVP][j] = ((double)count) / d * mblengths[j]; - } - - if (mr) { - fprintf(stdout, "+H"); - for (j = 0; j < num; j++) - fprintf(stdout, ":%d", mblengths[j]); - fprintf(stdout, "\n"); - fprintf(stdout, "+F:%d:%s", D_EVP, alg_name); - for (j = 0; j < num; j++) - fprintf(stdout, ":%.2f", results[D_EVP][j]); - fprintf(stdout, "\n"); - } else { - fprintf(stdout, - "The 'numbers' are in 1000s of bytes per second processed.\n"); - fprintf(stdout, "type "); - for (j = 0; j < num; j++) - fprintf(stdout, "%7d bytes", mblengths[j]); - fprintf(stdout, "\n"); - fprintf(stdout, "%-24s", alg_name); - - for (j = 0; j < num; j++) { - if (results[D_EVP][j] > 10000) - fprintf(stdout, " %11.2fk", results[D_EVP][j] / 1e3); - else - fprintf(stdout, " %11.2f ", results[D_EVP][j]); - } - fprintf(stdout, "\n"); - } - - err: - OPENSSL_free(inp); - OPENSSL_free(out); - EVP_CIPHER_CTX_free(ctx); -} diff --git a/apps/spkac.c b/apps/spkac.c deleted file mode 100644 index d92be7d6450ea19ac695f415a39f319234620dc5..0000000000000000000000000000000000000000 --- a/apps/spkac.c +++ /dev/null @@ -1,233 +0,0 @@ -/* - * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include -#include "apps.h" -#include "progs.h" -#include -#include -#include -#include -#include -#include - -typedef enum OPTION_choice { - OPT_COMMON, - OPT_NOOUT, OPT_PUBKEY, OPT_VERIFY, OPT_IN, OPT_OUT, - OPT_ENGINE, OPT_KEY, OPT_CHALLENGE, OPT_PASSIN, OPT_SPKAC, - OPT_SPKSECT, OPT_KEYFORM, OPT_DIGEST, - OPT_PROV_ENUM -} OPTION_CHOICE; - -const OPTIONS spkac_options[] = { - OPT_SECTION("General"), - {"help", OPT_HELP, '-', "Display this summary"}, - {"spksect", OPT_SPKSECT, 's', - "Specify the name of an SPKAC-dedicated section of configuration"}, -#ifndef OPENSSL_NO_ENGINE - {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, -#endif - - OPT_SECTION("Input"), - {"in", OPT_IN, '<', "Input file"}, - {"key", OPT_KEY, '<', "Create SPKAC using private key"}, - {"keyform", OPT_KEYFORM, 'f', "Private key file format (ENGINE, other values ignored)"}, - {"passin", OPT_PASSIN, 's', "Input file pass phrase source"}, - {"challenge", OPT_CHALLENGE, 's', "Challenge string"}, - {"spkac", OPT_SPKAC, 's', "Alternative SPKAC name"}, - - OPT_SECTION("Output"), - {"digest", OPT_DIGEST, 's', "Sign new SPKAC with the specified digest (default: MD5)" }, - {"out", OPT_OUT, '>', "Output file"}, - {"noout", OPT_NOOUT, '-', "Don't print SPKAC"}, - {"pubkey", OPT_PUBKEY, '-', "Output public key"}, - {"verify", OPT_VERIFY, '-', "Verify SPKAC signature"}, - - OPT_PROV_OPTIONS, - {NULL} -}; - -int spkac_main(int argc, char **argv) -{ - BIO *out = NULL; - CONF *conf = NULL; - ENGINE *e = NULL; - EVP_PKEY *pkey = NULL; - NETSCAPE_SPKI *spki = NULL; - char *challenge = NULL, *keyfile = NULL; - char *infile = NULL, *outfile = NULL, *passinarg = NULL, *passin = NULL; - char *spkstr = NULL, *prog; - const char *spkac = "SPKAC", *spksect = "default"; - const char *digest = "MD5"; - EVP_MD *md = NULL; - int i, ret = 1, verify = 0, noout = 0, pubkey = 0; - int keyformat = FORMAT_UNDEF; - OPTION_CHOICE o; - - prog = opt_init(argc, argv, spkac_options); - while ((o = opt_next()) != OPT_EOF) { - switch (o) { - case OPT_EOF: - case OPT_ERR: - opthelp: - BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); - goto end; - case OPT_HELP: - opt_help(spkac_options); - ret = 0; - goto end; - case OPT_IN: - infile = opt_arg(); - break; - case OPT_OUT: - outfile = opt_arg(); - break; - case OPT_NOOUT: - noout = 1; - break; - case OPT_PUBKEY: - pubkey = 1; - break; - case OPT_VERIFY: - verify = 1; - break; - case OPT_PASSIN: - passinarg = opt_arg(); - break; - case OPT_KEY: - keyfile = opt_arg(); - break; - case OPT_KEYFORM: - if (!opt_format(opt_arg(), OPT_FMT_ANY, &keyformat)) - goto opthelp; - break; - case OPT_CHALLENGE: - challenge = opt_arg(); - break; - case OPT_SPKAC: - spkac = opt_arg(); - break; - case OPT_SPKSECT: - spksect = opt_arg(); - break; - case OPT_DIGEST: - digest = opt_arg(); - break; - case OPT_ENGINE: - e = setup_engine(opt_arg(), 0); - break; - case OPT_PROV_CASES: - if (!opt_provider(o)) - goto end; - break; - } - } - - /* No extra arguments. */ - argc = opt_num_rest(); - if (argc != 0) - goto opthelp; - - if (!app_passwd(passinarg, NULL, &passin, NULL)) { - BIO_printf(bio_err, "Error getting password\n"); - goto end; - } - - if (keyfile != NULL) { - if (!opt_md(digest, &md)) - goto end; - - pkey = load_key(strcmp(keyfile, "-") ? keyfile : NULL, - keyformat, 1, passin, e, "private key"); - if (pkey == NULL) - goto end; - spki = NETSCAPE_SPKI_new(); - if (spki == NULL) - goto end; - if (challenge != NULL) - ASN1_STRING_set(spki->spkac->challenge, - challenge, (int)strlen(challenge)); - if (!NETSCAPE_SPKI_set_pubkey(spki, pkey)) { - BIO_printf(bio_err, "Error setting public key\n"); - goto end; - } - i = NETSCAPE_SPKI_sign(spki, pkey, md); - if (i <= 0) { - BIO_printf(bio_err, "Error signing SPKAC\n"); - goto end; - } - spkstr = NETSCAPE_SPKI_b64_encode(spki); - if (spkstr == NULL) - goto end; - - out = bio_open_default(outfile, 'w', FORMAT_TEXT); - if (out == NULL) { - OPENSSL_free(spkstr); - goto end; - } - BIO_printf(out, "SPKAC=%s\n", spkstr); - OPENSSL_free(spkstr); - ret = 0; - goto end; - } - - if ((conf = app_load_config(infile)) == NULL) - goto end; - - spkstr = NCONF_get_string(conf, spksect, spkac); - - if (spkstr == NULL) { - BIO_printf(bio_err, "Can't find SPKAC called \"%s\"\n", spkac); - ERR_print_errors(bio_err); - goto end; - } - - spki = NETSCAPE_SPKI_b64_decode(spkstr, -1); - - if (spki == NULL) { - BIO_printf(bio_err, "Error loading SPKAC\n"); - ERR_print_errors(bio_err); - goto end; - } - - out = bio_open_default(outfile, 'w', FORMAT_TEXT); - if (out == NULL) - goto end; - - if (!noout) - NETSCAPE_SPKI_print(out, spki); - pkey = NETSCAPE_SPKI_get_pubkey(spki); - if (verify) { - i = NETSCAPE_SPKI_verify(spki, pkey); - if (i > 0) { - BIO_printf(bio_err, "Signature OK\n"); - } else { - BIO_printf(bio_err, "Signature Failure\n"); - ERR_print_errors(bio_err); - goto end; - } - } - if (pubkey) - PEM_write_bio_PUBKEY(out, pkey); - - ret = 0; - - end: - EVP_MD_free(md); - NCONF_free(conf); - NETSCAPE_SPKI_free(spki); - BIO_free_all(out); - EVP_PKEY_free(pkey); - release_engine(e); - OPENSSL_free(passin); - return ret; -} diff --git a/apps/srp.c b/apps/srp.c deleted file mode 100644 index a9466f830289b018af5267d0ea2de9b310730cd3..0000000000000000000000000000000000000000 --- a/apps/srp.c +++ /dev/null @@ -1,631 +0,0 @@ -/* - * Copyright 2004-2021 The OpenSSL Project Authors. All Rights Reserved. - * Copyright (c) 2004, EdelKey Project. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - * - * Originally written by Christophe Renou and Peter Sylvester, - * for the EdelKey project. - */ - -/* SRP is deprecated, so we're going to have to use some deprecated APIs */ -#define OPENSSL_SUPPRESS_DEPRECATED - -#include - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include "apps.h" -#include "progs.h" - -#define BASE_SECTION "srp" -#define CONFIG_FILE "openssl.cnf" - - -#define ENV_DATABASE "srpvfile" -#define ENV_DEFAULT_SRP "default_srp" - -static int get_index(CA_DB *db, char *id, char type) -{ - char **pp; - int i; - if (id == NULL) - return -1; - if (type == DB_SRP_INDEX) { - for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) { - pp = sk_OPENSSL_PSTRING_value(db->db->data, i); - if (pp[DB_srptype][0] == DB_SRP_INDEX - && strcmp(id, pp[DB_srpid]) == 0) - return i; - } - } else { - for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) { - pp = sk_OPENSSL_PSTRING_value(db->db->data, i); - - if (pp[DB_srptype][0] != DB_SRP_INDEX - && strcmp(id, pp[DB_srpid]) == 0) - return i; - } - } - - return -1; -} - -static void print_entry(CA_DB *db, int indx, int verbose, char *s) -{ - if (indx >= 0 && verbose) { - int j; - char **pp = sk_OPENSSL_PSTRING_value(db->db->data, indx); - BIO_printf(bio_err, "%s \"%s\"\n", s, pp[DB_srpid]); - for (j = 0; j < DB_NUMBER; j++) { - BIO_printf(bio_err, " %d = \"%s\"\n", j, pp[j]); - } - } -} - -static void print_index(CA_DB *db, int indexindex, int verbose) -{ - print_entry(db, indexindex, verbose, "g N entry"); -} - -static void print_user(CA_DB *db, int userindex, int verbose) -{ - if (verbose > 0) { - char **pp = sk_OPENSSL_PSTRING_value(db->db->data, userindex); - - if (pp[DB_srptype][0] != 'I') { - print_entry(db, userindex, verbose, "User entry"); - print_entry(db, get_index(db, pp[DB_srpgN], 'I'), verbose, - "g N entry"); - } - - } -} - -static int update_index(CA_DB *db, char **row) -{ - char **irow; - int i; - - irow = app_malloc(sizeof(*irow) * (DB_NUMBER + 1), "row pointers"); - for (i = 0; i < DB_NUMBER; i++) - irow[i] = row[i]; - irow[DB_NUMBER] = NULL; - - if (!TXT_DB_insert(db->db, irow)) { - BIO_printf(bio_err, "failed to update srpvfile\n"); - BIO_printf(bio_err, "TXT_DB error number %ld\n", db->db->error); - OPENSSL_free(irow); - return 0; - } - return 1; -} - -static char *lookup_conf(const CONF *conf, const char *section, const char *tag) -{ - char *entry = NCONF_get_string(conf, section, tag); - if (entry == NULL) - BIO_printf(bio_err, "variable lookup failed for %s::%s\n", section, tag); - return entry; -} - -static char *srp_verify_user(const char *user, const char *srp_verifier, - char *srp_usersalt, const char *g, const char *N, - const char *passin, int verbose) -{ - char password[1025]; - PW_CB_DATA cb_tmp; - char *verifier = NULL; - char *gNid = NULL; - int len; - - cb_tmp.prompt_info = user; - cb_tmp.password = passin; - - len = password_callback(password, sizeof(password)-1, 0, &cb_tmp); - if (len > 0) { - password[len] = 0; - if (verbose) - BIO_printf(bio_err, - "Validating\n user=\"%s\"\n srp_verifier=\"%s\"\n srp_usersalt=\"%s\"\n g=\"%s\"\n N=\"%s\"\n", - user, srp_verifier, srp_usersalt, g, N); - if (verbose > 1) - BIO_printf(bio_err, "Pass %s\n", password); - - OPENSSL_assert(srp_usersalt != NULL); - if ((gNid = SRP_create_verifier(user, password, &srp_usersalt, - &verifier, N, g)) == NULL) { - BIO_printf(bio_err, "Internal error validating SRP verifier\n"); - } else { - if (strcmp(verifier, srp_verifier)) - gNid = NULL; - OPENSSL_free(verifier); - } - OPENSSL_cleanse(password, len); - } - return gNid; -} - -static char *srp_create_user(char *user, char **srp_verifier, - char **srp_usersalt, char *g, char *N, - char *passout, int verbose) -{ - char password[1025]; - PW_CB_DATA cb_tmp; - char *gNid = NULL; - char *salt = NULL; - int len; - cb_tmp.prompt_info = user; - cb_tmp.password = passout; - - len = password_callback(password, sizeof(password)-1, 1, &cb_tmp); - if (len > 0) { - password[len] = 0; - if (verbose) - BIO_printf(bio_err, "Creating\n user=\"%s\"\n g=\"%s\"\n N=\"%s\"\n", - user, g, N); - if ((gNid = SRP_create_verifier(user, password, &salt, - srp_verifier, N, g)) == NULL) { - BIO_printf(bio_err, "Internal error creating SRP verifier\n"); - } else { - *srp_usersalt = salt; - } - OPENSSL_cleanse(password, len); - if (verbose > 1) - BIO_printf(bio_err, "gNid=%s salt =\"%s\"\n verifier =\"%s\"\n", - gNid, salt, *srp_verifier); - - } - return gNid; -} - -typedef enum OPTION_choice { - OPT_COMMON, - OPT_VERBOSE, OPT_CONFIG, OPT_NAME, OPT_SRPVFILE, OPT_ADD, - OPT_DELETE, OPT_MODIFY, OPT_LIST, OPT_GN, OPT_USERINFO, - OPT_PASSIN, OPT_PASSOUT, OPT_ENGINE, OPT_R_ENUM, OPT_PROV_ENUM -} OPTION_CHOICE; - -const OPTIONS srp_options[] = { - {OPT_HELP_STR, 1, '-', "Usage: %s [options] [user...]\n"}, - - OPT_SECTION("General"), - {"help", OPT_HELP, '-', "Display this summary"}, - {"verbose", OPT_VERBOSE, '-', "Talk a lot while doing things"}, - {"config", OPT_CONFIG, '<', "A config file"}, - {"name", OPT_NAME, 's', "The particular srp definition to use"}, -#ifndef OPENSSL_NO_ENGINE - {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, -#endif - - OPT_SECTION("Action"), - {"add", OPT_ADD, '-', "Add a user and SRP verifier"}, - {"modify", OPT_MODIFY, '-', "Modify the SRP verifier of an existing user"}, - {"delete", OPT_DELETE, '-', "Delete user from verifier file"}, - {"list", OPT_LIST, '-', "List users"}, - - OPT_SECTION("Configuration"), - {"srpvfile", OPT_SRPVFILE, '<', "The srp verifier file name"}, - {"gn", OPT_GN, 's', "Set g and N values to be used for new verifier"}, - {"userinfo", OPT_USERINFO, 's', "Additional info to be set for user"}, - {"passin", OPT_PASSIN, 's', "Input file pass phrase source"}, - {"passout", OPT_PASSOUT, 's', "Output file pass phrase source"}, - - OPT_R_OPTIONS, - OPT_PROV_OPTIONS, - - OPT_PARAMETERS(), - {"user", 0, 0, "Username(s) to process (optional)"}, - {NULL} -}; - -int srp_main(int argc, char **argv) -{ - ENGINE *e = NULL; - CA_DB *db = NULL; - CONF *conf = NULL; - int gNindex = -1, maxgN = -1, ret = 1, errors = 0, verbose = 0, i; - int doupdatedb = 0, mode = OPT_ERR; - char *user = NULL, *passinarg = NULL, *passoutarg = NULL; - char *passin = NULL, *passout = NULL, *gN = NULL, *userinfo = NULL; - char *section = NULL; - char **gNrow = NULL, *configfile = NULL; - char *srpvfile = NULL, **pp, *prog; - OPTION_CHOICE o; - - prog = opt_init(argc, argv, srp_options); - while ((o = opt_next()) != OPT_EOF) { - switch (o) { - case OPT_EOF: - case OPT_ERR: - opthelp: - BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); - goto end; - case OPT_HELP: - opt_help(srp_options); - ret = 0; - goto end; - case OPT_VERBOSE: - verbose++; - break; - case OPT_CONFIG: - configfile = opt_arg(); - break; - case OPT_NAME: - section = opt_arg(); - break; - case OPT_SRPVFILE: - srpvfile = opt_arg(); - break; - case OPT_ADD: - case OPT_DELETE: - case OPT_MODIFY: - case OPT_LIST: - if (mode != OPT_ERR) { - BIO_printf(bio_err, - "%s: Only one of -add/-delete/-modify/-list\n", - prog); - goto opthelp; - } - mode = o; - break; - case OPT_GN: - gN = opt_arg(); - break; - case OPT_USERINFO: - userinfo = opt_arg(); - break; - case OPT_PASSIN: - passinarg = opt_arg(); - break; - case OPT_PASSOUT: - passoutarg = opt_arg(); - break; - case OPT_ENGINE: - e = setup_engine(opt_arg(), 0); - break; - case OPT_R_CASES: - if (!opt_rand(o)) - goto end; - break; - case OPT_PROV_CASES: - if (!opt_provider(o)) - goto end; - break; - } - } - - /* Optional parameters are usernames. */ - argc = opt_num_rest(); - argv = opt_rest(); - - if (!app_RAND_load()) - goto end; - - if (srpvfile != NULL && configfile != NULL) { - BIO_printf(bio_err, - "-srpvfile and -configfile cannot be specified together.\n"); - goto end; - } - if (mode == OPT_ERR) { - BIO_printf(bio_err, - "Exactly one of the options -add, -delete, -modify -list must be specified.\n"); - goto opthelp; - } - if (mode == OPT_DELETE || mode == OPT_MODIFY || mode == OPT_ADD) { - if (argc == 0) { - BIO_printf(bio_err, "Need at least one user.\n"); - goto opthelp; - } - user = *argv++; - } - if ((passinarg != NULL || passoutarg != NULL) && argc != 1) { - BIO_printf(bio_err, - "-passin, -passout arguments only valid with one user.\n"); - goto opthelp; - } - - if (!app_passwd(passinarg, passoutarg, &passin, &passout)) { - BIO_printf(bio_err, "Error getting passwords\n"); - goto end; - } - - if (srpvfile == NULL) { - if (configfile == NULL) - configfile = default_config_file; - - conf = app_load_config_verbose(configfile, verbose); - if (conf == NULL) - goto end; - if (configfile != default_config_file && !app_load_modules(conf)) - goto end; - - /* Lets get the config section we are using */ - if (section == NULL) { - if (verbose) - BIO_printf(bio_err, - "trying to read " ENV_DEFAULT_SRP - " in " BASE_SECTION "\n"); - - section = lookup_conf(conf, BASE_SECTION, ENV_DEFAULT_SRP); - if (section == NULL) - goto end; - } - - app_RAND_load_conf(conf, BASE_SECTION); - - if (verbose) - BIO_printf(bio_err, - "trying to read " ENV_DATABASE " in section \"%s\"\n", - section); - - srpvfile = lookup_conf(conf, section, ENV_DATABASE); - if (srpvfile == NULL) - goto end; - } - - if (verbose) - BIO_printf(bio_err, "Trying to read SRP verifier file \"%s\"\n", - srpvfile); - - db = load_index(srpvfile, NULL); - if (db == NULL) { - BIO_printf(bio_err, "Problem with index file: %s (could not load/parse file)\n", srpvfile); - goto end; - } - - /* Lets check some fields */ - for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) { - pp = sk_OPENSSL_PSTRING_value(db->db->data, i); - - if (pp[DB_srptype][0] == DB_SRP_INDEX) { - maxgN = i; - if ((gNindex < 0) && (gN != NULL) && strcmp(gN, pp[DB_srpid]) == 0) - gNindex = i; - - print_index(db, i, verbose > 1); - } - } - - if (verbose) - BIO_printf(bio_err, "Database initialised\n"); - - if (gNindex >= 0) { - gNrow = sk_OPENSSL_PSTRING_value(db->db->data, gNindex); - print_entry(db, gNindex, verbose > 1, "Default g and N"); - } else if (maxgN > 0 && !SRP_get_default_gN(gN)) { - BIO_printf(bio_err, "No g and N value for index \"%s\"\n", gN); - goto end; - } else { - if (verbose) - BIO_printf(bio_err, "Database has no g N information.\n"); - gNrow = NULL; - } - - if (verbose > 1) - BIO_printf(bio_err, "Starting user processing\n"); - - while (mode == OPT_LIST || user != NULL) { - int userindex = -1; - - if (user != NULL && verbose > 1) - BIO_printf(bio_err, "Processing user \"%s\"\n", user); - if ((userindex = get_index(db, user, 'U')) >= 0) - print_user(db, userindex, (verbose > 0) || mode == OPT_LIST); - - if (mode == OPT_LIST) { - if (user == NULL) { - BIO_printf(bio_err, "List all users\n"); - - for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) - print_user(db, i, 1); - } else if (userindex < 0) { - BIO_printf(bio_err, - "user \"%s\" does not exist, ignored. t\n", user); - errors++; - } - } else if (mode == OPT_ADD) { - if (userindex >= 0) { - /* reactivation of a new user */ - char **row = - sk_OPENSSL_PSTRING_value(db->db->data, userindex); - BIO_printf(bio_err, "user \"%s\" reactivated.\n", user); - row[DB_srptype][0] = 'V'; - - doupdatedb = 1; - } else { - char *row[DB_NUMBER]; - char *gNid; - row[DB_srpverifier] = NULL; - row[DB_srpsalt] = NULL; - row[DB_srpinfo] = NULL; - if (! - (gNid = - srp_create_user(user, &(row[DB_srpverifier]), - &(row[DB_srpsalt]), - gNrow ? gNrow[DB_srpsalt] : gN, - gNrow ? gNrow[DB_srpverifier] : NULL, - passout, verbose))) { - BIO_printf(bio_err, - "Cannot create srp verifier for user \"%s\", operation abandoned .\n", - user); - errors++; - goto end; - } - row[DB_srpid] = OPENSSL_strdup(user); - row[DB_srptype] = OPENSSL_strdup("v"); - row[DB_srpgN] = OPENSSL_strdup(gNid); - - if ((row[DB_srpid] == NULL) - || (row[DB_srpgN] == NULL) - || (row[DB_srptype] == NULL) - || (row[DB_srpverifier] == NULL) - || (row[DB_srpsalt] == NULL) - || (userinfo - && ((row[DB_srpinfo] = OPENSSL_strdup(userinfo)) == NULL)) - || !update_index(db, row)) { - OPENSSL_free(row[DB_srpid]); - OPENSSL_free(row[DB_srpgN]); - OPENSSL_free(row[DB_srpinfo]); - OPENSSL_free(row[DB_srptype]); - OPENSSL_free(row[DB_srpverifier]); - OPENSSL_free(row[DB_srpsalt]); - goto end; - } - doupdatedb = 1; - } - } else if (mode == OPT_MODIFY) { - if (userindex < 0) { - BIO_printf(bio_err, - "user \"%s\" does not exist, operation ignored.\n", - user); - errors++; - } else { - - char **row = - sk_OPENSSL_PSTRING_value(db->db->data, userindex); - char type = row[DB_srptype][0]; - if (type == 'v') { - BIO_printf(bio_err, - "user \"%s\" already updated, operation ignored.\n", - user); - errors++; - } else { - char *gNid; - - if (row[DB_srptype][0] == 'V') { - int user_gN; - char **irow = NULL; - if (verbose) - BIO_printf(bio_err, - "Verifying password for user \"%s\"\n", - user); - if ((user_gN = - get_index(db, row[DB_srpgN], DB_SRP_INDEX)) >= 0) - irow = - sk_OPENSSL_PSTRING_value(db->db->data, - userindex); - - if (!srp_verify_user - (user, row[DB_srpverifier], row[DB_srpsalt], - irow ? irow[DB_srpsalt] : row[DB_srpgN], - irow ? irow[DB_srpverifier] : NULL, passin, - verbose)) { - BIO_printf(bio_err, - "Invalid password for user \"%s\", operation abandoned.\n", - user); - errors++; - goto end; - } - } - if (verbose) - BIO_printf(bio_err, "Password for user \"%s\" ok.\n", - user); - - if (! - (gNid = - srp_create_user(user, &(row[DB_srpverifier]), - &(row[DB_srpsalt]), - gNrow ? gNrow[DB_srpsalt] : NULL, - gNrow ? gNrow[DB_srpverifier] : NULL, - passout, verbose))) { - BIO_printf(bio_err, - "Cannot create srp verifier for user \"%s\", operation abandoned.\n", - user); - errors++; - goto end; - } - - row[DB_srptype][0] = 'v'; - row[DB_srpgN] = OPENSSL_strdup(gNid); - - if (row[DB_srpid] == NULL - || row[DB_srpgN] == NULL - || row[DB_srptype] == NULL - || row[DB_srpverifier] == NULL - || row[DB_srpsalt] == NULL - || (userinfo - && ((row[DB_srpinfo] = OPENSSL_strdup(userinfo)) - == NULL))) - goto end; - - doupdatedb = 1; - } - } - } else if (mode == OPT_DELETE) { - if (userindex < 0) { - BIO_printf(bio_err, - "user \"%s\" does not exist, operation ignored. t\n", - user); - errors++; - } else { - char **xpp = sk_OPENSSL_PSTRING_value(db->db->data, userindex); - - BIO_printf(bio_err, "user \"%s\" revoked. t\n", user); - xpp[DB_srptype][0] = 'R'; - doupdatedb = 1; - } - } - user = *argv++; - if (user == NULL) { - /* no more processing in any mode if no users left */ - break; - } - } - - if (verbose) - BIO_printf(bio_err, "User procession done.\n"); - - if (doupdatedb) { - /* Lets check some fields */ - for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) { - pp = sk_OPENSSL_PSTRING_value(db->db->data, i); - - if (pp[DB_srptype][0] == 'v') { - pp[DB_srptype][0] = 'V'; - print_user(db, i, verbose); - } - } - - if (verbose) - BIO_printf(bio_err, "Trying to update srpvfile.\n"); - if (!save_index(srpvfile, "new", db)) - goto end; - - if (verbose) - BIO_printf(bio_err, "Temporary srpvfile created.\n"); - if (!rotate_index(srpvfile, "new", "old")) - goto end; - - if (verbose) - BIO_printf(bio_err, "srpvfile updated.\n"); - } - - ret = (errors != 0); - end: - if (errors != 0) - if (verbose) - BIO_printf(bio_err, "User errors %d.\n", errors); - - if (verbose) - BIO_printf(bio_err, "SRP terminating with code %d.\n", ret); - - OPENSSL_free(passin); - OPENSSL_free(passout); - if (ret) - ERR_print_errors(bio_err); - NCONF_free(conf); - free_index(db); - release_engine(e); - return ret; -} diff --git a/apps/storeutl.c b/apps/storeutl.c deleted file mode 100644 index 1368caae92df17d74a8e72d22b535680b895e684..0000000000000000000000000000000000000000 --- a/apps/storeutl.c +++ /dev/null @@ -1,500 +0,0 @@ -/* - * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include - -#include "apps.h" -#include "progs.h" -#include -#include -#include -#include /* s2i_ASN1_INTEGER */ - -static int process(const char *uri, const UI_METHOD *uimeth, PW_CB_DATA *uidata, - int expected, int criterion, OSSL_STORE_SEARCH *search, - int text, int noout, int recursive, int indent, BIO *out, - const char *prog, OSSL_LIB_CTX *libctx); - -typedef enum OPTION_choice { - OPT_COMMON, - OPT_ENGINE, OPT_OUT, OPT_PASSIN, - OPT_NOOUT, OPT_TEXT, OPT_RECURSIVE, - OPT_SEARCHFOR_CERTS, OPT_SEARCHFOR_KEYS, OPT_SEARCHFOR_CRLS, - OPT_CRITERION_SUBJECT, OPT_CRITERION_ISSUER, OPT_CRITERION_SERIAL, - OPT_CRITERION_FINGERPRINT, OPT_CRITERION_ALIAS, - OPT_MD, OPT_PROV_ENUM -} OPTION_CHOICE; - -const OPTIONS storeutl_options[] = { - {OPT_HELP_STR, 1, '-', "Usage: %s [options] uri\n"}, - - OPT_SECTION("General"), - {"help", OPT_HELP, '-', "Display this summary"}, - {"", OPT_MD, '-', "Any supported digest"}, -#ifndef OPENSSL_NO_ENGINE - {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, -#endif - - OPT_SECTION("Search"), - {"certs", OPT_SEARCHFOR_CERTS, '-', "Search for certificates only"}, - {"keys", OPT_SEARCHFOR_KEYS, '-', "Search for keys only"}, - {"crls", OPT_SEARCHFOR_CRLS, '-', "Search for CRLs only"}, - {"subject", OPT_CRITERION_SUBJECT, 's', "Search by subject"}, - {"issuer", OPT_CRITERION_ISSUER, 's', "Search by issuer and serial, issuer name"}, - {"serial", OPT_CRITERION_SERIAL, 's', "Search by issuer and serial, serial number"}, - {"fingerprint", OPT_CRITERION_FINGERPRINT, 's', "Search by public key fingerprint, given in hex"}, - {"alias", OPT_CRITERION_ALIAS, 's', "Search by alias"}, - {"r", OPT_RECURSIVE, '-', "Recurse through names"}, - - OPT_SECTION("Input"), - {"passin", OPT_PASSIN, 's', "Input file pass phrase source"}, - - OPT_SECTION("Output"), - {"out", OPT_OUT, '>', "Output file - default stdout"}, - {"text", OPT_TEXT, '-', "Print a text form of the objects"}, - {"noout", OPT_NOOUT, '-', "No PEM output, just status"}, - - OPT_PROV_OPTIONS, - - OPT_PARAMETERS(), - {"uri", 0, 0, "URI of the store object"}, - {NULL} -}; - -int storeutl_main(int argc, char *argv[]) -{ - int ret = 1, noout = 0, text = 0, recursive = 0; - char *outfile = NULL, *passin = NULL, *passinarg = NULL; - BIO *out = NULL; - ENGINE *e = NULL; - OPTION_CHOICE o; - char *prog = opt_init(argc, argv, storeutl_options); - PW_CB_DATA pw_cb_data; - int expected = 0; - int criterion = 0; - X509_NAME *subject = NULL, *issuer = NULL; - ASN1_INTEGER *serial = NULL; - unsigned char *fingerprint = NULL; - size_t fingerprintlen = 0; - char *alias = NULL, *digestname = NULL; - OSSL_STORE_SEARCH *search = NULL; - EVP_MD *digest = NULL; - OSSL_LIB_CTX *libctx = app_get0_libctx(); - - while ((o = opt_next()) != OPT_EOF) { - switch (o) { - case OPT_EOF: - case OPT_ERR: - opthelp: - BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); - goto end; - case OPT_HELP: - opt_help(storeutl_options); - ret = 0; - goto end; - case OPT_OUT: - outfile = opt_arg(); - break; - case OPT_PASSIN: - passinarg = opt_arg(); - break; - case OPT_NOOUT: - noout = 1; - break; - case OPT_TEXT: - text = 1; - break; - case OPT_RECURSIVE: - recursive = 1; - break; - case OPT_SEARCHFOR_CERTS: - case OPT_SEARCHFOR_KEYS: - case OPT_SEARCHFOR_CRLS: - if (expected != 0) { - BIO_printf(bio_err, "%s: only one search type can be given.\n", - prog); - goto end; - } - { - static const struct { - enum OPTION_choice choice; - int type; - } map[] = { - {OPT_SEARCHFOR_CERTS, OSSL_STORE_INFO_CERT}, - {OPT_SEARCHFOR_KEYS, OSSL_STORE_INFO_PKEY}, - {OPT_SEARCHFOR_CRLS, OSSL_STORE_INFO_CRL}, - }; - size_t i; - - for (i = 0; i < OSSL_NELEM(map); i++) { - if (o == map[i].choice) { - expected = map[i].type; - break; - } - } - /* - * If expected wasn't set at this point, it means the map - * isn't synchronised with the possible options leading here. - */ - OPENSSL_assert(expected != 0); - } - break; - case OPT_CRITERION_SUBJECT: - if (criterion != 0) { - BIO_printf(bio_err, "%s: criterion already given.\n", - prog); - goto end; - } - criterion = OSSL_STORE_SEARCH_BY_NAME; - if (subject != NULL) { - BIO_printf(bio_err, "%s: subject already given.\n", - prog); - goto end; - } - subject = parse_name(opt_arg(), MBSTRING_UTF8, 1, "subject"); - if (subject == NULL) - goto end; - break; - case OPT_CRITERION_ISSUER: - if (criterion != 0 - || (criterion == OSSL_STORE_SEARCH_BY_ISSUER_SERIAL - && issuer != NULL)) { - BIO_printf(bio_err, "%s: criterion already given.\n", - prog); - goto end; - } - criterion = OSSL_STORE_SEARCH_BY_ISSUER_SERIAL; - if (issuer != NULL) { - BIO_printf(bio_err, "%s: issuer already given.\n", - prog); - goto end; - } - issuer = parse_name(opt_arg(), MBSTRING_UTF8, 1, "issuer"); - if (issuer == NULL) - goto end; - break; - case OPT_CRITERION_SERIAL: - if (criterion != 0 - || (criterion == OSSL_STORE_SEARCH_BY_ISSUER_SERIAL - && serial != NULL)) { - BIO_printf(bio_err, "%s: criterion already given.\n", - prog); - goto end; - } - criterion = OSSL_STORE_SEARCH_BY_ISSUER_SERIAL; - if (serial != NULL) { - BIO_printf(bio_err, "%s: serial number already given.\n", - prog); - goto end; - } - if ((serial = s2i_ASN1_INTEGER(NULL, opt_arg())) == NULL) { - BIO_printf(bio_err, "%s: can't parse serial number argument.\n", - prog); - goto end; - } - break; - case OPT_CRITERION_FINGERPRINT: - if (criterion != 0 - || (criterion == OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT - && fingerprint != NULL)) { - BIO_printf(bio_err, "%s: criterion already given.\n", - prog); - goto end; - } - criterion = OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT; - if (fingerprint != NULL) { - BIO_printf(bio_err, "%s: fingerprint already given.\n", - prog); - goto end; - } - { - long tmplen = 0; - - if ((fingerprint = OPENSSL_hexstr2buf(opt_arg(), &tmplen)) - == NULL) { - BIO_printf(bio_err, - "%s: can't parse fingerprint argument.\n", - prog); - goto end; - } - fingerprintlen = (size_t)tmplen; - } - break; - case OPT_CRITERION_ALIAS: - if (criterion != 0) { - BIO_printf(bio_err, "%s: criterion already given.\n", - prog); - goto end; - } - criterion = OSSL_STORE_SEARCH_BY_ALIAS; - if (alias != NULL) { - BIO_printf(bio_err, "%s: alias already given.\n", - prog); - goto end; - } - if ((alias = OPENSSL_strdup(opt_arg())) == NULL) { - BIO_printf(bio_err, "%s: can't parse alias argument.\n", - prog); - goto end; - } - break; - case OPT_ENGINE: - e = setup_engine(opt_arg(), 0); - break; - case OPT_MD: - digestname = opt_unknown(); - break; - case OPT_PROV_CASES: - if (!opt_provider(o)) - goto end; - break; - } - } - - /* One argument, the URI */ - argc = opt_num_rest(); - argv = opt_rest(); - if (argc != 1) - goto opthelp; - - if (digestname != NULL) { - if (!opt_md(digestname, &digest)) - goto opthelp; - } - - if (criterion != 0) { - switch (criterion) { - case OSSL_STORE_SEARCH_BY_NAME: - if ((search = OSSL_STORE_SEARCH_by_name(subject)) == NULL) { - ERR_print_errors(bio_err); - goto end; - } - break; - case OSSL_STORE_SEARCH_BY_ISSUER_SERIAL: - if (issuer == NULL || serial == NULL) { - BIO_printf(bio_err, - "%s: both -issuer and -serial must be given.\n", - prog); - goto end; - } - if ((search = OSSL_STORE_SEARCH_by_issuer_serial(issuer, serial)) - == NULL) { - ERR_print_errors(bio_err); - goto end; - } - break; - case OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT: - if ((search = OSSL_STORE_SEARCH_by_key_fingerprint(digest, - fingerprint, - fingerprintlen)) - == NULL) { - ERR_print_errors(bio_err); - goto end; - } - break; - case OSSL_STORE_SEARCH_BY_ALIAS: - if ((search = OSSL_STORE_SEARCH_by_alias(alias)) == NULL) { - ERR_print_errors(bio_err); - goto end; - } - break; - } - } - - if (!app_passwd(passinarg, NULL, &passin, NULL)) { - BIO_printf(bio_err, "Error getting passwords\n"); - goto end; - } - pw_cb_data.password = passin; - pw_cb_data.prompt_info = argv[0]; - - out = bio_open_default(outfile, 'w', FORMAT_TEXT); - if (out == NULL) - goto end; - - ret = process(argv[0], get_ui_method(), &pw_cb_data, - expected, criterion, search, - text, noout, recursive, 0, out, prog, libctx); - - end: - EVP_MD_free(digest); - OPENSSL_free(fingerprint); - OPENSSL_free(alias); - ASN1_INTEGER_free(serial); - X509_NAME_free(subject); - X509_NAME_free(issuer); - OSSL_STORE_SEARCH_free(search); - BIO_free_all(out); - OPENSSL_free(passin); - release_engine(e); - return ret; -} - -static int indent_printf(int indent, BIO *bio, const char *format, ...) -{ - va_list args; - int ret; - - va_start(args, format); - - ret = BIO_printf(bio, "%*s", indent, "") + BIO_vprintf(bio, format, args); - - va_end(args); - return ret; -} - -static int process(const char *uri, const UI_METHOD *uimeth, PW_CB_DATA *uidata, - int expected, int criterion, OSSL_STORE_SEARCH *search, - int text, int noout, int recursive, int indent, BIO *out, - const char *prog, OSSL_LIB_CTX *libctx) -{ - OSSL_STORE_CTX *store_ctx = NULL; - int ret = 1, items = 0; - - if ((store_ctx = OSSL_STORE_open_ex(uri, libctx, app_get0_propq(), uimeth, uidata, - NULL, NULL, NULL)) - == NULL) { - BIO_printf(bio_err, "Couldn't open file or uri %s\n", uri); - ERR_print_errors(bio_err); - return ret; - } - - if (expected != 0) { - if (!OSSL_STORE_expect(store_ctx, expected)) { - ERR_print_errors(bio_err); - goto end2; - } - } - - if (criterion != 0) { - if (!OSSL_STORE_supports_search(store_ctx, criterion)) { - BIO_printf(bio_err, - "%s: the store scheme doesn't support the given search criteria.\n", - prog); - goto end2; - } - - if (!OSSL_STORE_find(store_ctx, search)) { - ERR_print_errors(bio_err); - goto end2; - } - } - - /* From here on, we count errors, and we'll return the count at the end */ - ret = 0; - - for (;;) { - OSSL_STORE_INFO *info = OSSL_STORE_load(store_ctx); - int type = info == NULL ? 0 : OSSL_STORE_INFO_get_type(info); - const char *infostr = - info == NULL ? NULL : OSSL_STORE_INFO_type_string(type); - - if (info == NULL) { - if (OSSL_STORE_error(store_ctx)) { - if (recursive) - ERR_clear_error(); - else - ERR_print_errors(bio_err); - if (OSSL_STORE_eof(store_ctx)) - break; - ret++; - continue; - } - - if (OSSL_STORE_eof(store_ctx)) - break; - - BIO_printf(bio_err, - "ERROR: OSSL_STORE_load() returned NULL without " - "eof or error indications\n"); - BIO_printf(bio_err, " This is an error in the loader\n"); - ERR_print_errors(bio_err); - ret++; - break; - } - - if (type == OSSL_STORE_INFO_NAME) { - const char *name = OSSL_STORE_INFO_get0_NAME(info); - const char *desc = OSSL_STORE_INFO_get0_NAME_description(info); - indent_printf(indent, bio_out, "%d: %s: %s\n", items, infostr, - name); - if (desc != NULL) - indent_printf(indent, bio_out, "%s\n", desc); - } else { - indent_printf(indent, bio_out, "%d: %s\n", items, infostr); - } - - /* - * Unfortunately, PEM_X509_INFO_write_bio() is sorely lacking in - * functionality, so we must figure out how exactly to write things - * ourselves... - */ - switch (type) { - case OSSL_STORE_INFO_NAME: - if (recursive) { - const char *suburi = OSSL_STORE_INFO_get0_NAME(info); - ret += process(suburi, uimeth, uidata, - expected, criterion, search, - text, noout, recursive, indent + 2, out, prog, - libctx); - } - break; - case OSSL_STORE_INFO_PARAMS: - if (text) - EVP_PKEY_print_params(out, OSSL_STORE_INFO_get0_PARAMS(info), - 0, NULL); - if (!noout) - PEM_write_bio_Parameters(out, - OSSL_STORE_INFO_get0_PARAMS(info)); - break; - case OSSL_STORE_INFO_PUBKEY: - if (text) - EVP_PKEY_print_public(out, OSSL_STORE_INFO_get0_PUBKEY(info), - 0, NULL); - if (!noout) - PEM_write_bio_PUBKEY(out, OSSL_STORE_INFO_get0_PUBKEY(info)); - break; - case OSSL_STORE_INFO_PKEY: - if (text) - EVP_PKEY_print_private(out, OSSL_STORE_INFO_get0_PKEY(info), - 0, NULL); - if (!noout) - PEM_write_bio_PrivateKey(out, OSSL_STORE_INFO_get0_PKEY(info), - NULL, NULL, 0, NULL, NULL); - break; - case OSSL_STORE_INFO_CERT: - if (text) - X509_print(out, OSSL_STORE_INFO_get0_CERT(info)); - if (!noout) - PEM_write_bio_X509(out, OSSL_STORE_INFO_get0_CERT(info)); - break; - case OSSL_STORE_INFO_CRL: - if (text) - X509_CRL_print(out, OSSL_STORE_INFO_get0_CRL(info)); - if (!noout) - PEM_write_bio_X509_CRL(out, OSSL_STORE_INFO_get0_CRL(info)); - break; - default: - BIO_printf(bio_err, "!!! Unknown code\n"); - ret++; - break; - } - items++; - OSSL_STORE_INFO_free(info); - } - indent_printf(indent, out, "Total found: %d\n", items); - - end2: - if (!OSSL_STORE_close(store_ctx)) { - ERR_print_errors(bio_err); - ret++; - } - - return ret; -} diff --git a/apps/testdsa.h b/apps/testdsa.h deleted file mode 100644 index d80d2cf7f2d2d7419caa604a58f365e0def31439..0000000000000000000000000000000000000000 --- a/apps/testdsa.h +++ /dev/null @@ -1,279 +0,0 @@ -/* - * Copyright 1998-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include - -/* used by speed.c */ -EVP_PKEY *get_dsa(int); - -static unsigned char dsa512_priv[] = { - 0x65, 0xe5, 0xc7, 0x38, 0x60, 0x24, 0xb5, 0x89, 0xd4, 0x9c, 0xeb, 0x4c, - 0x9c, 0x1d, 0x7a, 0x22, 0xbd, 0xd1, 0xc2, 0xd2, -}; - -static unsigned char dsa512_pub[] = { - 0x00, 0x95, 0xa7, 0x0d, 0xec, 0x93, 0x68, 0xba, 0x5f, 0xf7, 0x5f, 0x07, - 0xf2, 0x3b, 0xad, 0x6b, 0x01, 0xdc, 0xbe, 0xec, 0xde, 0x04, 0x7a, 0x3a, - 0x27, 0xb3, 0xec, 0x49, 0xfd, 0x08, 0x43, 0x3d, 0x7e, 0xa8, 0x2c, 0x5e, - 0x7b, 0xbb, 0xfc, 0xf4, 0x6e, 0xeb, 0x6c, 0xb0, 0x6e, 0xf8, 0x02, 0x12, - 0x8c, 0x38, 0x5d, 0x83, 0x56, 0x7d, 0xee, 0x53, 0x05, 0x3e, 0x24, 0x84, - 0xbe, 0xba, 0x0a, 0x6b, 0xc8, -}; - -static unsigned char dsa512_p[] = { - 0x9D, 0x1B, 0x69, 0x8E, 0x26, 0xDB, 0xF2, 0x2B, 0x11, 0x70, 0x19, 0x86, - 0xF6, 0x19, 0xC8, 0xF8, 0x19, 0xF2, 0x18, 0x53, 0x94, 0x46, 0x06, 0xD0, - 0x62, 0x50, 0x33, 0x4B, 0x02, 0x3C, 0x52, 0x30, 0x03, 0x8B, 0x3B, 0xF9, - 0x5F, 0xD1, 0x24, 0x06, 0x4F, 0x7B, 0x4C, 0xBA, 0xAA, 0x40, 0x9B, 0xFD, - 0x96, 0xE4, 0x37, 0x33, 0xBB, 0x2D, 0x5A, 0xD7, 0x5A, 0x11, 0x40, 0x66, - 0xA2, 0x76, 0x7D, 0x31, -}; - -static unsigned char dsa512_q[] = { - 0xFB, 0x53, 0xEF, 0x50, 0xB4, 0x40, 0x92, 0x31, 0x56, 0x86, 0x53, 0x7A, - 0xE8, 0x8B, 0x22, 0x9A, 0x49, 0xFB, 0x71, 0x8F, -}; - -static unsigned char dsa512_g[] = { - 0x83, 0x3E, 0x88, 0xE5, 0xC5, 0x89, 0x73, 0xCE, 0x3B, 0x6C, 0x01, 0x49, - 0xBF, 0xB3, 0xC7, 0x9F, 0x0A, 0xEA, 0x44, 0x91, 0xE5, 0x30, 0xAA, 0xD9, - 0xBE, 0x5B, 0x5F, 0xB7, 0x10, 0xD7, 0x89, 0xB7, 0x8E, 0x74, 0xFB, 0xCF, - 0x29, 0x1E, 0xEB, 0xA8, 0x2C, 0x54, 0x51, 0xB8, 0x10, 0xDE, 0xA0, 0xCE, - 0x2F, 0xCC, 0x24, 0x6B, 0x90, 0x77, 0xDE, 0xA2, 0x68, 0xA6, 0x52, 0x12, - 0xA2, 0x03, 0x9D, 0x20, -}; - -static unsigned char dsa1024_priv[] = { - 0x7d, 0x21, 0xda, 0xbb, 0x62, 0x15, 0x47, 0x36, 0x07, 0x67, 0x12, 0xe8, - 0x8c, 0xaa, 0x1c, 0xcd, 0x38, 0x12, 0x61, 0x18, -}; - -static unsigned char dsa1024_pub[] = { - 0x3c, 0x4e, 0x9c, 0x2a, 0x7f, 0x16, 0xc1, 0x25, 0xeb, 0xac, 0x78, 0x63, - 0x90, 0x14, 0x8c, 0x8b, 0xf4, 0x68, 0x43, 0x3c, 0x2d, 0xee, 0x65, 0x50, - 0x7d, 0x9c, 0x8f, 0x8c, 0x8a, 0x51, 0xd6, 0x11, 0x2b, 0x99, 0xaf, 0x1e, - 0x90, 0x97, 0xb5, 0xd3, 0xa6, 0x20, 0x25, 0xd6, 0xfe, 0x43, 0x02, 0xd5, - 0x91, 0x7d, 0xa7, 0x8c, 0xdb, 0xc9, 0x85, 0xa3, 0x36, 0x48, 0xf7, 0x68, - 0xaa, 0x60, 0xb1, 0xf7, 0x05, 0x68, 0x3a, 0xa3, 0x3f, 0xd3, 0x19, 0x82, - 0xd8, 0x82, 0x7a, 0x77, 0xfb, 0xef, 0xf4, 0x15, 0x0a, 0xeb, 0x06, 0x04, - 0x7f, 0x53, 0x07, 0x0c, 0xbc, 0xcb, 0x2d, 0x83, 0xdb, 0x3e, 0xd1, 0x28, - 0xa5, 0xa1, 0x31, 0xe0, 0x67, 0xfa, 0x50, 0xde, 0x9b, 0x07, 0x83, 0x7e, - 0x2c, 0x0b, 0xc3, 0x13, 0x50, 0x61, 0xe5, 0xad, 0xbd, 0x36, 0xb8, 0x97, - 0x4e, 0x40, 0x7d, 0xe8, 0x83, 0x0d, 0xbc, 0x4b -}; - -static unsigned char dsa1024_p[] = { - 0xA7, 0x3F, 0x6E, 0x85, 0xBF, 0x41, 0x6A, 0x29, 0x7D, 0xF0, 0x9F, 0x47, - 0x19, 0x30, 0x90, 0x9A, 0x09, 0x1D, 0xDA, 0x6A, 0x33, 0x1E, 0xC5, 0x3D, - 0x86, 0x96, 0xB3, 0x15, 0xE0, 0x53, 0x2E, 0x8F, 0xE0, 0x59, 0x82, 0x73, - 0x90, 0x3E, 0x75, 0x31, 0x99, 0x47, 0x7A, 0x52, 0xFB, 0x85, 0xE4, 0xD9, - 0xA6, 0x7B, 0x38, 0x9B, 0x68, 0x8A, 0x84, 0x9B, 0x87, 0xC6, 0x1E, 0xB5, - 0x7E, 0x86, 0x4B, 0x53, 0x5B, 0x59, 0xCF, 0x71, 0x65, 0x19, 0x88, 0x6E, - 0xCE, 0x66, 0xAE, 0x6B, 0x88, 0x36, 0xFB, 0xEC, 0x28, 0xDC, 0xC2, 0xD7, - 0xA5, 0xBB, 0xE5, 0x2C, 0x39, 0x26, 0x4B, 0xDA, 0x9A, 0x70, 0x18, 0x95, - 0x37, 0x95, 0x10, 0x56, 0x23, 0xF6, 0x15, 0xED, 0xBA, 0x04, 0x5E, 0xDE, - 0x39, 0x4F, 0xFD, 0xB7, 0x43, 0x1F, 0xB5, 0xA4, 0x65, 0x6F, 0xCD, 0x80, - 0x11, 0xE4, 0x70, 0x95, 0x5B, 0x50, 0xCD, 0x49, -}; - -static unsigned char dsa1024_q[] = { - 0xF7, 0x07, 0x31, 0xED, 0xFA, 0x6C, 0x06, 0x03, 0xD5, 0x85, 0x8A, 0x1C, - 0xAC, 0x9C, 0x65, 0xE7, 0x50, 0x66, 0x65, 0x6F, -}; - -static unsigned char dsa1024_g[] = { - 0x4D, 0xDF, 0x4C, 0x03, 0xA6, 0x91, 0x8A, 0xF5, 0x19, 0x6F, 0x50, 0x46, - 0x25, 0x99, 0xE5, 0x68, 0x6F, 0x30, 0xE3, 0x69, 0xE1, 0xE5, 0xB3, 0x5D, - 0x98, 0xBB, 0x28, 0x86, 0x48, 0xFC, 0xDE, 0x99, 0x04, 0x3F, 0x5F, 0x88, - 0x0C, 0x9C, 0x73, 0x24, 0x0D, 0x20, 0x5D, 0xB9, 0x2A, 0x9A, 0x3F, 0x18, - 0x96, 0x27, 0xE4, 0x62, 0x87, 0xC1, 0x7B, 0x74, 0x62, 0x53, 0xFC, 0x61, - 0x27, 0xA8, 0x7A, 0x91, 0x09, 0x9D, 0xB6, 0xF1, 0x4D, 0x9C, 0x54, 0x0F, - 0x58, 0x06, 0xEE, 0x49, 0x74, 0x07, 0xCE, 0x55, 0x7E, 0x23, 0xCE, 0x16, - 0xF6, 0xCA, 0xDC, 0x5A, 0x61, 0x01, 0x7E, 0xC9, 0x71, 0xB5, 0x4D, 0xF6, - 0xDC, 0x34, 0x29, 0x87, 0x68, 0xF6, 0x5E, 0x20, 0x93, 0xB3, 0xDB, 0xF5, - 0xE4, 0x09, 0x6C, 0x41, 0x17, 0x95, 0x92, 0xEB, 0x01, 0xB5, 0x73, 0xA5, - 0x6A, 0x7E, 0xD8, 0x32, 0xED, 0x0E, 0x02, 0xB8, -}; - -static unsigned char dsa2048_priv[] = { - 0x32, 0x67, 0x92, 0xf6, 0xc4, 0xe2, 0xe2, 0xe8, 0xa0, 0x8b, 0x6b, 0x45, - 0x0c, 0x8a, 0x76, 0xb0, 0xee, 0xcf, 0x91, 0xa7, -}; - -static unsigned char dsa2048_pub[] = { - 0x17, 0x8f, 0xa8, 0x11, 0x84, 0x92, 0xec, 0x83, 0x47, 0xc7, 0x6a, 0xb0, - 0x92, 0xaf, 0x5a, 0x20, 0x37, 0xa3, 0x64, 0x79, 0xd2, 0xd0, 0x3d, 0xcd, - 0xe0, 0x61, 0x88, 0x88, 0x21, 0xcc, 0x74, 0x5d, 0xce, 0x4c, 0x51, 0x47, - 0xf0, 0xc5, 0x5c, 0x4c, 0x82, 0x7a, 0xaf, 0x72, 0xad, 0xb9, 0xe0, 0x53, - 0xf2, 0x78, 0xb7, 0xf0, 0xb5, 0x48, 0x7f, 0x8a, 0x3a, 0x18, 0xd1, 0x9f, - 0x8b, 0x7d, 0xa5, 0x47, 0xb7, 0x95, 0xab, 0x98, 0xf8, 0x7b, 0x74, 0x50, - 0x56, 0x8e, 0x57, 0xf0, 0xee, 0xf5, 0xb7, 0xba, 0xab, 0x85, 0x86, 0xf9, - 0x2b, 0xef, 0x41, 0x56, 0xa0, 0xa4, 0x9f, 0xb7, 0x38, 0x00, 0x46, 0x0a, - 0xa6, 0xf1, 0xfc, 0x1f, 0xd8, 0x4e, 0x85, 0x44, 0x92, 0x43, 0x21, 0x5d, - 0x6e, 0xcc, 0xc2, 0xcb, 0x26, 0x31, 0x0d, 0x21, 0xc4, 0xbd, 0x8d, 0x24, - 0xbc, 0xd9, 0x18, 0x19, 0xd7, 0xdc, 0xf1, 0xe7, 0x93, 0x50, 0x48, 0x03, - 0x2c, 0xae, 0x2e, 0xe7, 0x49, 0x88, 0x5f, 0x93, 0x57, 0x27, 0x99, 0x36, - 0xb4, 0x20, 0xab, 0xfc, 0xa7, 0x2b, 0xf2, 0xd9, 0x98, 0xd7, 0xd4, 0x34, - 0x9d, 0x96, 0x50, 0x58, 0x9a, 0xea, 0x54, 0xf3, 0xee, 0xf5, 0x63, 0x14, - 0xee, 0x85, 0x83, 0x74, 0x76, 0xe1, 0x52, 0x95, 0xc3, 0xf7, 0xeb, 0x04, - 0x04, 0x7b, 0xa7, 0x28, 0x1b, 0xcc, 0xea, 0x4a, 0x4e, 0x84, 0xda, 0xd8, - 0x9c, 0x79, 0xd8, 0x9b, 0x66, 0x89, 0x2f, 0xcf, 0xac, 0xd7, 0x79, 0xf9, - 0xa9, 0xd8, 0x45, 0x13, 0x78, 0xb9, 0x00, 0x14, 0xc9, 0x7e, 0x22, 0x51, - 0x86, 0x67, 0xb0, 0x9f, 0x26, 0x11, 0x23, 0xc8, 0x38, 0xd7, 0x70, 0x1d, - 0x15, 0x8e, 0x4d, 0x4f, 0x95, 0x97, 0x40, 0xa1, 0xc2, 0x7e, 0x01, 0x18, - 0x72, 0xf4, 0x10, 0xe6, 0x8d, 0x52, 0x16, 0x7f, 0xf2, 0xc9, 0xf8, 0x33, - 0x8b, 0x33, 0xb7, 0xce, -}; - -static unsigned char dsa2048_p[] = { - 0xA0, 0x25, 0xFA, 0xAD, 0xF4, 0x8E, 0xB9, 0xE5, 0x99, 0xF3, 0x5D, 0x6F, - 0x4F, 0x83, 0x34, 0xE2, 0x7E, 0xCF, 0x6F, 0xBF, 0x30, 0xAF, 0x6F, 0x81, - 0xEB, 0xF8, 0xC4, 0x13, 0xD9, 0xA0, 0x5D, 0x8B, 0x5C, 0x8E, 0xDC, 0xC2, - 0x1D, 0x0B, 0x41, 0x32, 0xB0, 0x1F, 0xFE, 0xEF, 0x0C, 0xC2, 0xA2, 0x7E, - 0x68, 0x5C, 0x28, 0x21, 0xE9, 0xF5, 0xB1, 0x58, 0x12, 0x63, 0x4C, 0x19, - 0x4E, 0xFF, 0x02, 0x4B, 0x92, 0xED, 0xD2, 0x07, 0x11, 0x4D, 0x8C, 0x58, - 0x16, 0x5C, 0x55, 0x8E, 0xAD, 0xA3, 0x67, 0x7D, 0xB9, 0x86, 0x6E, 0x0B, - 0xE6, 0x54, 0x6F, 0x40, 0xAE, 0x0E, 0x67, 0x4C, 0xF9, 0x12, 0x5B, 0x3C, - 0x08, 0x7A, 0xF7, 0xFC, 0x67, 0x86, 0x69, 0xE7, 0x0A, 0x94, 0x40, 0xBF, - 0x8B, 0x76, 0xFE, 0x26, 0xD1, 0xF2, 0xA1, 0x1A, 0x84, 0xA1, 0x43, 0x56, - 0x28, 0xBC, 0x9A, 0x5F, 0xD7, 0x3B, 0x69, 0x89, 0x8A, 0x36, 0x2C, 0x51, - 0xDF, 0x12, 0x77, 0x2F, 0x57, 0x7B, 0xA0, 0xAA, 0xDD, 0x7F, 0xA1, 0x62, - 0x3B, 0x40, 0x7B, 0x68, 0x1A, 0x8F, 0x0D, 0x38, 0xBB, 0x21, 0x5D, 0x18, - 0xFC, 0x0F, 0x46, 0xF7, 0xA3, 0xB0, 0x1D, 0x23, 0xC3, 0xD2, 0xC7, 0x72, - 0x51, 0x18, 0xDF, 0x46, 0x95, 0x79, 0xD9, 0xBD, 0xB5, 0x19, 0x02, 0x2C, - 0x87, 0xDC, 0xE7, 0x57, 0x82, 0x7E, 0xF1, 0x8B, 0x06, 0x3D, 0x00, 0xA5, - 0x7B, 0x6B, 0x26, 0x27, 0x91, 0x0F, 0x6A, 0x77, 0xE4, 0xD5, 0x04, 0xE4, - 0x12, 0x2C, 0x42, 0xFF, 0xD2, 0x88, 0xBB, 0xD3, 0x92, 0xA0, 0xF9, 0xC8, - 0x51, 0x64, 0x14, 0x5C, 0xD8, 0xF9, 0x6C, 0x47, 0x82, 0xB4, 0x1C, 0x7F, - 0x09, 0xB8, 0xF0, 0x25, 0x83, 0x1D, 0x3F, 0x3F, 0x05, 0xB3, 0x21, 0x0A, - 0x5D, 0xA7, 0xD8, 0x54, 0xC3, 0x65, 0x7D, 0xC3, 0xB0, 0x1D, 0xBF, 0xAE, - 0xF8, 0x68, 0xCF, 0x9B, -}; - -static unsigned char dsa2048_q[] = { - 0x97, 0xE7, 0x33, 0x4D, 0xD3, 0x94, 0x3E, 0x0B, 0xDB, 0x62, 0x74, 0xC6, - 0xA1, 0x08, 0xDD, 0x19, 0xA3, 0x75, 0x17, 0x1B, -}; - -static unsigned char dsa2048_g[] = { - 0x2C, 0x78, 0x16, 0x59, 0x34, 0x63, 0xF4, 0xF3, 0x92, 0xFC, 0xB5, 0xA5, - 0x4F, 0x13, 0xDE, 0x2F, 0x1C, 0xA4, 0x3C, 0xAE, 0xAD, 0x38, 0x3F, 0x7E, - 0x90, 0xBF, 0x96, 0xA6, 0xAE, 0x25, 0x90, 0x72, 0xF5, 0x8E, 0x80, 0x0C, - 0x39, 0x1C, 0xD9, 0xEC, 0xBA, 0x90, 0x5B, 0x3A, 0xE8, 0x58, 0x6C, 0x9E, - 0x30, 0x42, 0x37, 0x02, 0x31, 0x82, 0xBC, 0x6A, 0xDF, 0x6A, 0x09, 0x29, - 0xE3, 0xC0, 0x46, 0xD1, 0xCB, 0x85, 0xEC, 0x0C, 0x30, 0x5E, 0xEA, 0xC8, - 0x39, 0x8E, 0x22, 0x9F, 0x22, 0x10, 0xD2, 0x34, 0x61, 0x68, 0x37, 0x3D, - 0x2E, 0x4A, 0x5B, 0x9A, 0xF5, 0xC1, 0x48, 0xC6, 0xF6, 0xDC, 0x63, 0x1A, - 0xD3, 0x96, 0x64, 0xBA, 0x34, 0xC9, 0xD1, 0xA0, 0xD1, 0xAE, 0x6C, 0x2F, - 0x48, 0x17, 0x93, 0x14, 0x43, 0xED, 0xF0, 0x21, 0x30, 0x19, 0xC3, 0x1B, - 0x5F, 0xDE, 0xA3, 0xF0, 0x70, 0x78, 0x18, 0xE1, 0xA8, 0xE4, 0xEE, 0x2E, - 0x00, 0xA5, 0xE4, 0xB3, 0x17, 0xC8, 0x0C, 0x7D, 0x6E, 0x42, 0xDC, 0xB7, - 0x46, 0x00, 0x36, 0x4D, 0xD4, 0x46, 0xAA, 0x3D, 0x3C, 0x46, 0x89, 0x40, - 0xBF, 0x1D, 0x84, 0x77, 0x0A, 0x75, 0xF3, 0x87, 0x1D, 0x08, 0x4C, 0xA6, - 0xD1, 0xA9, 0x1C, 0x1E, 0x12, 0x1E, 0xE1, 0xC7, 0x30, 0x28, 0x76, 0xA5, - 0x7F, 0x6C, 0x85, 0x96, 0x2B, 0x6F, 0xDB, 0x80, 0x66, 0x26, 0xAE, 0xF5, - 0x93, 0xC7, 0x8E, 0xAE, 0x9A, 0xED, 0xE4, 0xCA, 0x04, 0xEA, 0x3B, 0x72, - 0xEF, 0xDC, 0x87, 0xED, 0x0D, 0xA5, 0x4C, 0x4A, 0xDD, 0x71, 0x22, 0x64, - 0x59, 0x69, 0x4E, 0x8E, 0xBF, 0x43, 0xDC, 0xAB, 0x8E, 0x66, 0xBB, 0x01, - 0xB6, 0xF4, 0xE7, 0xFD, 0xD2, 0xAD, 0x9F, 0x36, 0xC1, 0xA0, 0x29, 0x99, - 0xD1, 0x96, 0x70, 0x59, 0x06, 0x78, 0x35, 0xBD, 0x65, 0x55, 0x52, 0x9E, - 0xF8, 0xB2, 0xE5, 0x38, -}; - -typedef struct testdsa_st { - unsigned char *priv; - unsigned char *pub; - unsigned char *p; - unsigned char *g; - unsigned char *q; - int priv_l; - int pub_l; - int p_l; - int g_l; - int q_l; -} testdsa; - -#define set_dsa_ptr(st, bits) \ - do { \ - st.priv = dsa##bits##_priv; \ - st.pub = dsa##bits##_pub; \ - st.p = dsa##bits##_p; \ - st.g = dsa##bits##_g; \ - st.q = dsa##bits##_q; \ - st.priv_l = sizeof(dsa##bits##_priv); \ - st.pub_l = sizeof(dsa##bits##_pub); \ - st.p_l = sizeof(dsa##bits##_p); \ - st.g_l = sizeof(dsa##bits##_g); \ - st.q_l = sizeof(dsa##bits##_q); \ - } while (0) - -EVP_PKEY *get_dsa(int dsa_bits) -{ - EVP_PKEY *pkey = NULL; - BIGNUM *priv_key, *pub_key, *p, *q, *g; - EVP_PKEY_CTX *pctx; - testdsa dsa_t; - OSSL_PARAM_BLD *tmpl = NULL; - OSSL_PARAM *params = NULL; - - switch (dsa_bits) { - case 512: - set_dsa_ptr(dsa_t, 512); - break; - case 1024: - set_dsa_ptr(dsa_t, 1024); - break; - case 2048: - set_dsa_ptr(dsa_t, 2048); - break; - default: - return NULL; - } - - if ((pctx = EVP_PKEY_CTX_new_from_name(NULL, "DSA", NULL)) == NULL) - return NULL; - - priv_key = BN_bin2bn(dsa_t.priv, dsa_t.priv_l, NULL); - pub_key = BN_bin2bn(dsa_t.pub, dsa_t.pub_l, NULL); - p = BN_bin2bn(dsa_t.p, dsa_t.p_l, NULL); - q = BN_bin2bn(dsa_t.q, dsa_t.q_l, NULL); - g = BN_bin2bn(dsa_t.g, dsa_t.g_l, NULL); - if (priv_key == NULL || pub_key == NULL || p == NULL || q == NULL - || g == NULL) { - goto err; - } - if ((tmpl = OSSL_PARAM_BLD_new()) == NULL - || !OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_FFC_P, - p) - || !OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_FFC_Q, - q) - || !OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_FFC_G, - g) - || !OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_PRIV_KEY, - priv_key) - || !OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_PUB_KEY, - pub_key) - || (params = OSSL_PARAM_BLD_to_param(tmpl)) == NULL) - goto err; - - if (EVP_PKEY_fromdata_init(pctx) <= 0 - || EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR, - params) <= 0) - pkey = NULL; -err: - OSSL_PARAM_free(params); - OSSL_PARAM_BLD_free(tmpl); - BN_free(priv_key); - BN_free(pub_key); - BN_free(p); - BN_free(q); - BN_free(g); - EVP_PKEY_CTX_free(pctx); - return pkey; -} diff --git a/apps/testrsa.h b/apps/testrsa.h deleted file mode 100644 index 8c3a967414c6c421d5595d78e8e240495ce16569..0000000000000000000000000000000000000000 --- a/apps/testrsa.h +++ /dev/null @@ -1,1960 +0,0 @@ -/* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -static unsigned char test512[] = { - 0x30, 0x82, 0x01, 0x3a, 0x02, 0x01, 0x00, 0x02, 0x41, 0x00, - 0xd6, 0x33, 0xb9, 0xc8, 0xfb, 0x4f, 0x3c, 0x7d, 0xc0, 0x01, - 0x86, 0xd0, 0xe7, 0xa0, 0x55, 0xf2, 0x95, 0x93, 0xcc, 0x4f, - 0xb7, 0x5b, 0x67, 0x5b, 0x94, 0x68, 0xc9, 0x34, 0x15, 0xde, - 0xa5, 0x2e, 0x1c, 0x33, 0xc2, 0x6e, 0xfc, 0x34, 0x5e, 0x71, - 0x13, 0xb7, 0xd6, 0xee, 0xd8, 0xa5, 0x65, 0x05, 0x72, 0x87, - 0xa8, 0xb0, 0x77, 0xfe, 0x57, 0xf5, 0xfc, 0x5f, 0x55, 0x83, - 0x87, 0xdd, 0x57, 0x49, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, - 0x41, 0x00, 0xa7, 0xf7, 0x91, 0xc5, 0x0f, 0x84, 0x57, 0xdc, - 0x07, 0xf7, 0x6a, 0x7f, 0x60, 0x52, 0xb3, 0x72, 0xf1, 0x66, - 0x1f, 0x7d, 0x97, 0x3b, 0x9e, 0xb6, 0x0a, 0x8f, 0x8c, 0xcf, - 0x42, 0x23, 0x00, 0x04, 0xd4, 0x28, 0x0e, 0x1c, 0x90, 0xc4, - 0x11, 0x25, 0x25, 0xa5, 0x93, 0xa5, 0x2f, 0x70, 0x02, 0xdf, - 0x81, 0x9c, 0x49, 0x03, 0xa0, 0xf8, 0x6d, 0x54, 0x2e, 0x26, - 0xde, 0xaa, 0x85, 0x59, 0xa8, 0x31, 0x02, 0x21, 0x00, 0xeb, - 0x47, 0xd7, 0x3b, 0xf6, 0xc3, 0xdd, 0x5a, 0x46, 0xc5, 0xb9, - 0x2b, 0x9a, 0xa0, 0x09, 0x8f, 0xa6, 0xfb, 0xf3, 0x78, 0x7a, - 0x33, 0x70, 0x9d, 0x0f, 0x42, 0x6b, 0x13, 0x68, 0x24, 0xd3, - 0x15, 0x02, 0x21, 0x00, 0xe9, 0x10, 0xb0, 0xb3, 0x0d, 0xe2, - 0x82, 0x68, 0x77, 0x8a, 0x6e, 0x7c, 0xda, 0xbc, 0x3e, 0x53, - 0x83, 0xfb, 0xd6, 0x22, 0xe7, 0xb5, 0xae, 0x6e, 0x80, 0xda, - 0x00, 0x55, 0x97, 0xc1, 0xd0, 0x65, 0x02, 0x20, 0x4c, 0xf8, - 0x73, 0xb1, 0x6a, 0x49, 0x29, 0x61, 0x1f, 0x46, 0x10, 0x0d, - 0xf3, 0xc7, 0xe7, 0x58, 0xd7, 0x88, 0x15, 0x5e, 0x94, 0x9b, - 0xbf, 0x7b, 0xa2, 0x42, 0x58, 0x45, 0x41, 0x0c, 0xcb, 0x01, - 0x02, 0x20, 0x12, 0x11, 0xba, 0x31, 0x57, 0x9d, 0x3d, 0x11, - 0x0e, 0x5b, 0x8c, 0x2f, 0x5f, 0xe2, 0x02, 0x4f, 0x05, 0x47, - 0x8c, 0x15, 0x8e, 0xb3, 0x56, 0x3f, 0xb8, 0xfb, 0xad, 0xd4, - 0xf4, 0xfc, 0x10, 0xc5, 0x02, 0x20, 0x18, 0xa1, 0x29, 0x99, - 0x5b, 0xd9, 0xc8, 0xd4, 0xfc, 0x49, 0x7a, 0x2a, 0x21, 0x2c, - 0x49, 0xe4, 0x4f, 0xeb, 0xef, 0x51, 0xf1, 0xab, 0x6d, 0xfb, - 0x4b, 0x14, 0xe9, 0x4b, 0x52, 0xb5, 0x82, 0x2c, -}; - -static unsigned char test1024[] = { - 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, - 0x00, 0xdc, 0x98, 0x43, 0xe8, 0x3d, 0x43, 0x5b, 0xe4, 0x05, - 0xcd, 0xd0, 0xa9, 0x3e, 0xcb, 0x83, 0x75, 0xf6, 0xb5, 0xa5, - 0x9f, 0x6b, 0xe9, 0x34, 0x41, 0x29, 0x18, 0xfa, 0x6a, 0x55, - 0x4d, 0x70, 0xfc, 0xec, 0xae, 0x87, 0x38, 0x0a, 0x20, 0xa9, - 0xc0, 0x45, 0x77, 0x6e, 0x57, 0x60, 0x57, 0xf4, 0xed, 0x96, - 0x22, 0xcb, 0x8f, 0xe1, 0x33, 0x3a, 0x17, 0x1f, 0xed, 0x37, - 0xa5, 0x6f, 0xeb, 0xa6, 0xbc, 0x12, 0x80, 0x1d, 0x53, 0xbd, - 0x70, 0xeb, 0x21, 0x76, 0x3e, 0xc9, 0x2f, 0x1a, 0x45, 0x24, - 0x82, 0xff, 0xcd, 0x59, 0x32, 0x06, 0x2e, 0x12, 0x3b, 0x23, - 0x78, 0xed, 0x12, 0x3d, 0xe0, 0x8d, 0xf9, 0x67, 0x4f, 0x37, - 0x4e, 0x47, 0x02, 0x4c, 0x2d, 0xc0, 0x4f, 0x1f, 0xb3, 0x94, - 0xe1, 0x41, 0x2e, 0x2d, 0x90, 0x10, 0xfc, 0x82, 0x91, 0x8b, - 0x0f, 0x22, 0xd4, 0xf2, 0xfc, 0x2c, 0xab, 0x53, 0x55, 0x02, - 0x03, 0x01, 0x00, 0x01, 0x02, 0x81, 0x80, 0x2b, 0xcc, 0x3f, - 0x8f, 0x58, 0xba, 0x8b, 0x00, 0x16, 0xf6, 0xea, 0x3a, 0xf0, - 0x30, 0xd0, 0x05, 0x17, 0xda, 0xb0, 0xeb, 0x9a, 0x2d, 0x4f, - 0x26, 0xb0, 0xd6, 0x38, 0xc1, 0xeb, 0xf5, 0xd8, 0x3d, 0x1f, - 0x70, 0xf7, 0x7f, 0xf4, 0xe2, 0xcf, 0x51, 0x51, 0x79, 0x88, - 0xfa, 0xe8, 0x32, 0x0e, 0x7b, 0x2d, 0x97, 0xf2, 0xfa, 0xba, - 0x27, 0xc5, 0x9c, 0xd9, 0xc5, 0xeb, 0x8a, 0x79, 0x52, 0x3c, - 0x64, 0x34, 0x7d, 0xc2, 0xcf, 0x28, 0xc7, 0x4e, 0xd5, 0x43, - 0x0b, 0xd1, 0xa6, 0xca, 0x6d, 0x03, 0x2d, 0x72, 0x23, 0xbc, - 0x6d, 0x05, 0xfa, 0x16, 0x09, 0x2f, 0x2e, 0x5c, 0xb6, 0xee, - 0x74, 0xdd, 0xd2, 0x48, 0x8e, 0x36, 0x0c, 0x06, 0x3d, 0x4d, - 0xe5, 0x10, 0x82, 0xeb, 0x6a, 0xf3, 0x4b, 0x9f, 0xd6, 0xed, - 0x11, 0xb1, 0x6e, 0xec, 0xf4, 0xfe, 0x8e, 0x75, 0x94, 0x20, - 0x2f, 0xcb, 0xac, 0x46, 0xf1, 0x02, 0x41, 0x00, 0xf9, 0x8c, - 0xa3, 0x85, 0xb1, 0xdd, 0x29, 0xaf, 0x65, 0xc1, 0x33, 0xf3, - 0x95, 0xc5, 0x52, 0x68, 0x0b, 0xd4, 0xf1, 0xe5, 0x0e, 0x02, - 0x9f, 0x4f, 0xfa, 0x77, 0xdc, 0x46, 0x9e, 0xc7, 0xa6, 0xe4, - 0x16, 0x29, 0xda, 0xb0, 0x07, 0xcf, 0x5b, 0xa9, 0x12, 0x8a, - 0xdd, 0x63, 0x0a, 0xde, 0x2e, 0x8c, 0x66, 0x8b, 0x8c, 0xdc, - 0x19, 0xa3, 0x7e, 0xf4, 0x3b, 0xd0, 0x1a, 0x8c, 0xa4, 0xc2, - 0xe1, 0xd3, 0x02, 0x41, 0x00, 0xe2, 0x4c, 0x05, 0xf2, 0x04, - 0x86, 0x4e, 0x61, 0x43, 0xdb, 0xb0, 0xb9, 0x96, 0x86, 0x52, - 0x2c, 0xca, 0x8d, 0x7b, 0xab, 0x0b, 0x13, 0x0d, 0x7e, 0x38, - 0x5b, 0xe2, 0x2e, 0x7b, 0x0e, 0xe7, 0x19, 0x99, 0x38, 0xe7, - 0xf2, 0x21, 0xbd, 0x85, 0x85, 0xe3, 0xfd, 0x28, 0x77, 0x20, - 0x31, 0x71, 0x2c, 0xd0, 0xff, 0xfb, 0x2e, 0xaf, 0x85, 0xb4, - 0x86, 0xca, 0xf3, 0xbb, 0xca, 0xaa, 0x0f, 0x95, 0x37, 0x02, - 0x40, 0x0e, 0x41, 0x9a, 0x95, 0xe8, 0xb3, 0x59, 0xce, 0x4b, - 0x61, 0xde, 0x35, 0xec, 0x38, 0x79, 0x9c, 0xb8, 0x10, 0x52, - 0x41, 0x63, 0xab, 0x82, 0xae, 0x6f, 0x00, 0xa9, 0xf4, 0xde, - 0xdd, 0x49, 0x0b, 0x7e, 0xb8, 0xa5, 0x65, 0xa9, 0x0c, 0x8f, - 0x8f, 0xf9, 0x1f, 0x35, 0xc6, 0x92, 0xb8, 0x5e, 0xb0, 0x66, - 0xab, 0x52, 0x40, 0xc0, 0xb6, 0x36, 0x6a, 0x7d, 0x80, 0x46, - 0x04, 0x02, 0xe5, 0x9f, 0x41, 0x02, 0x41, 0x00, 0xc0, 0xad, - 0xcc, 0x4e, 0x21, 0xee, 0x1d, 0x24, 0x91, 0xfb, 0xa7, 0x80, - 0x8d, 0x9a, 0xb6, 0xb3, 0x2e, 0x8f, 0xc2, 0xe1, 0x82, 0xdf, - 0x69, 0x18, 0xb4, 0x71, 0xff, 0xa6, 0x65, 0xde, 0xed, 0x84, - 0x8d, 0x42, 0xb7, 0xb3, 0x21, 0x69, 0x56, 0x1c, 0x07, 0x60, - 0x51, 0x29, 0x04, 0xff, 0x34, 0x06, 0xdd, 0xb9, 0x67, 0x2c, - 0x7c, 0x04, 0x93, 0x0e, 0x46, 0x15, 0xbb, 0x2a, 0xb7, 0x1b, - 0xe7, 0x87, 0x02, 0x40, 0x78, 0xda, 0x5d, 0x07, 0x51, 0x0c, - 0x16, 0x7a, 0x9f, 0x29, 0x20, 0x84, 0x0d, 0x42, 0xfa, 0xd7, - 0x00, 0xd8, 0x77, 0x7e, 0xb0, 0xb0, 0x6b, 0xd6, 0x5b, 0x53, - 0xb8, 0x9b, 0x7a, 0xcd, 0xc7, 0x2b, 0xb8, 0x6a, 0x63, 0xa9, - 0xfb, 0x6f, 0xa4, 0x72, 0xbf, 0x4c, 0x5d, 0x00, 0x14, 0xba, - 0xfa, 0x59, 0x88, 0xed, 0xe4, 0xe0, 0x8c, 0xa2, 0xec, 0x14, - 0x7e, 0x2d, 0xe2, 0xf0, 0x46, 0x49, 0x95, 0x45, -}; - -static unsigned char test2048[] = { - 0x30, 0x82, 0x04, 0xa3, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, - 0x01, 0x00, 0xc0, 0xc0, 0xce, 0x3e, 0x3c, 0x53, 0x67, 0x3f, - 0x4f, 0xc5, 0x2f, 0xa4, 0xc2, 0x5a, 0x2f, 0x58, 0xfd, 0x27, - 0x52, 0x6a, 0xe8, 0xcf, 0x4a, 0x73, 0x47, 0x8d, 0x25, 0x0f, - 0x5f, 0x03, 0x26, 0x78, 0xef, 0xf0, 0x22, 0x12, 0xd3, 0xde, - 0x47, 0xb2, 0x1c, 0x0b, 0x38, 0x63, 0x1a, 0x6c, 0x85, 0x7a, - 0x80, 0xc6, 0x8f, 0xa0, 0x41, 0xaf, 0x62, 0xc4, 0x67, 0x32, - 0x88, 0xf8, 0xa6, 0x9c, 0xf5, 0x23, 0x1d, 0xe4, 0xac, 0x3f, - 0x29, 0xf9, 0xec, 0xe1, 0x8b, 0x26, 0x03, 0x2c, 0xb2, 0xab, - 0xf3, 0x7d, 0xb5, 0xca, 0x49, 0xc0, 0x8f, 0x1c, 0xdf, 0x33, - 0x3a, 0x60, 0xda, 0x3c, 0xb0, 0x16, 0xf8, 0xa9, 0x12, 0x8f, - 0x64, 0xac, 0x23, 0x0c, 0x69, 0x64, 0x97, 0x5d, 0x99, 0xd4, - 0x09, 0x83, 0x9b, 0x61, 0xd3, 0xac, 0xf0, 0xde, 0xdd, 0x5e, - 0x9f, 0x44, 0x94, 0xdb, 0x3a, 0x4d, 0x97, 0xe8, 0x52, 0x29, - 0xf7, 0xdb, 0x94, 0x07, 0x45, 0x90, 0x78, 0x1e, 0x31, 0x0b, - 0x80, 0xf7, 0x57, 0xad, 0x1c, 0x79, 0xc5, 0xcb, 0x32, 0xb0, - 0xce, 0xcd, 0x74, 0xb3, 0xe2, 0x94, 0xc5, 0x78, 0x2f, 0x34, - 0x1a, 0x45, 0xf7, 0x8c, 0x52, 0xa5, 0xbc, 0x8d, 0xec, 0xd1, - 0x2f, 0x31, 0x3b, 0xf0, 0x49, 0x59, 0x5e, 0x88, 0x9d, 0x15, - 0x92, 0x35, 0x32, 0xc1, 0xe7, 0x61, 0xec, 0x50, 0x48, 0x7c, - 0xba, 0x05, 0xf9, 0xf8, 0xf8, 0xa7, 0x8c, 0x83, 0xe8, 0x66, - 0x5b, 0xeb, 0xfe, 0xd8, 0x4f, 0xdd, 0x6d, 0x36, 0xc0, 0xb2, - 0x90, 0x0f, 0xb8, 0x52, 0xf9, 0x04, 0x9b, 0x40, 0x2c, 0x27, - 0xd6, 0x36, 0x8e, 0xc2, 0x1b, 0x44, 0xf3, 0x92, 0xd5, 0x15, - 0x9e, 0x9a, 0xbc, 0xf3, 0x7d, 0x03, 0xd7, 0x02, 0x14, 0x20, - 0xe9, 0x10, 0x92, 0xfd, 0xf9, 0xfc, 0x8f, 0xe5, 0x18, 0xe1, - 0x95, 0xcc, 0x9e, 0x60, 0xa6, 0xfa, 0x38, 0x4d, 0x02, 0x03, - 0x01, 0x00, 0x01, 0x02, 0x82, 0x01, 0x00, 0x00, 0xc3, 0xc3, - 0x0d, 0xb4, 0x27, 0x90, 0x8d, 0x4b, 0xbf, 0xb8, 0x84, 0xaa, - 0xd0, 0xb8, 0xc7, 0x5d, 0x99, 0xbe, 0x55, 0xf6, 0x3e, 0x7c, - 0x49, 0x20, 0xcb, 0x8a, 0x8e, 0x19, 0x0e, 0x66, 0x24, 0xac, - 0xaf, 0x03, 0x33, 0x97, 0xeb, 0x95, 0xd5, 0x3b, 0x0f, 0x40, - 0x56, 0x04, 0x50, 0xd1, 0xe6, 0xbe, 0x84, 0x0b, 0x25, 0xd3, - 0x9c, 0xe2, 0x83, 0x6c, 0xf5, 0x62, 0x5d, 0xba, 0x2b, 0x7d, - 0x3d, 0x7a, 0x6c, 0xe1, 0xd2, 0x0e, 0x54, 0x93, 0x80, 0x01, - 0x91, 0x51, 0x09, 0xe8, 0x5b, 0x8e, 0x47, 0xbd, 0x64, 0xe4, - 0x0e, 0x03, 0x83, 0x55, 0xcf, 0x5a, 0x37, 0xf0, 0x25, 0xb5, - 0x7d, 0x21, 0xd7, 0x69, 0xdf, 0x6f, 0xc2, 0xcf, 0x10, 0xc9, - 0x8a, 0x40, 0x9f, 0x7a, 0x70, 0xc0, 0xe8, 0xe8, 0xc0, 0xe6, - 0x9a, 0x15, 0x0a, 0x8d, 0x4e, 0x46, 0xcb, 0x7a, 0xdb, 0xb3, - 0xcb, 0x83, 0x02, 0xc4, 0xf0, 0xab, 0xeb, 0x02, 0x01, 0x0e, - 0x23, 0xfc, 0x1d, 0xc4, 0xbd, 0xd4, 0xaa, 0x5d, 0x31, 0x46, - 0x99, 0xce, 0x9e, 0xf8, 0x04, 0x75, 0x10, 0x67, 0xc4, 0x53, - 0x47, 0x44, 0xfa, 0xc2, 0x25, 0x73, 0x7e, 0xd0, 0x8e, 0x59, - 0xd1, 0xb2, 0x5a, 0xf4, 0xc7, 0x18, 0x92, 0x2f, 0x39, 0xab, - 0xcd, 0xa3, 0xb5, 0xc2, 0xb9, 0xc7, 0xb9, 0x1b, 0x9f, 0x48, - 0xfa, 0x13, 0xc6, 0x98, 0x4d, 0xca, 0x84, 0x9c, 0x06, 0xca, - 0xe7, 0x89, 0x01, 0x04, 0xc4, 0x6c, 0xfd, 0x29, 0x59, 0x35, - 0xe7, 0xf3, 0xdd, 0xce, 0x64, 0x59, 0xbf, 0x21, 0x13, 0xa9, - 0x9f, 0x0e, 0xc5, 0xff, 0xbd, 0x33, 0x00, 0xec, 0xac, 0x6b, - 0x11, 0xef, 0x51, 0x5e, 0xad, 0x07, 0x15, 0xde, 0xb8, 0x5f, - 0xc6, 0xb9, 0xa3, 0x22, 0x65, 0x46, 0x83, 0x14, 0xdf, 0xd0, - 0xf1, 0x44, 0x8a, 0xe1, 0x9c, 0x23, 0x33, 0xb4, 0x97, 0x33, - 0xe6, 0x6b, 0x81, 0x02, 0x81, 0x81, 0x00, 0xec, 0x12, 0xa7, - 0x59, 0x74, 0x6a, 0xde, 0x3e, 0xad, 0xd8, 0x36, 0x80, 0x50, - 0xa2, 0xd5, 0x21, 0x81, 0x07, 0xf1, 0xd0, 0x91, 0xf2, 0x6c, - 0x12, 0x2f, 0x9d, 0x1a, 0x26, 0xf8, 0x30, 0x65, 0xdf, 0xe8, - 0xc0, 0x9b, 0x6a, 0x30, 0x98, 0x82, 0x87, 0xec, 0xa2, 0x56, - 0x87, 0x62, 0x6f, 0xe7, 0x9f, 0xf6, 0x56, 0xe6, 0x71, 0x8f, - 0x49, 0x86, 0x93, 0x5a, 0x4d, 0x34, 0x58, 0xfe, 0xd9, 0x04, - 0x13, 0xaf, 0x79, 0xb7, 0xad, 0x11, 0xd1, 0x30, 0x9a, 0x14, - 0x06, 0xa0, 0xfa, 0xb7, 0x55, 0xdc, 0x6c, 0x5a, 0x4c, 0x2c, - 0x59, 0x56, 0xf6, 0xe8, 0x9d, 0xaf, 0x0a, 0x78, 0x99, 0x06, - 0x06, 0x9e, 0xe7, 0x9c, 0x51, 0x55, 0x43, 0xfc, 0x3b, 0x6c, - 0x0b, 0xbf, 0x2d, 0x41, 0xa7, 0xaf, 0xb7, 0xe0, 0xe8, 0x28, - 0x18, 0xb4, 0x13, 0xd1, 0xe6, 0x97, 0xd0, 0x9f, 0x6a, 0x80, - 0xca, 0xdd, 0x1a, 0x7e, 0x15, 0x02, 0x81, 0x81, 0x00, 0xd1, - 0x06, 0x0c, 0x1f, 0xe3, 0xd0, 0xab, 0xd6, 0xca, 0x7c, 0xbc, - 0x7d, 0x13, 0x35, 0xce, 0x27, 0xcd, 0xd8, 0x49, 0x51, 0x63, - 0x64, 0x0f, 0xca, 0x06, 0x12, 0xfc, 0x07, 0x3e, 0xaf, 0x61, - 0x6d, 0xe2, 0x53, 0x39, 0x27, 0xae, 0xc3, 0x11, 0x9e, 0x94, - 0x01, 0x4f, 0xe3, 0xf3, 0x67, 0xf9, 0x77, 0xf9, 0xe7, 0x95, - 0x3a, 0x6f, 0xe2, 0x20, 0x73, 0x3e, 0xa4, 0x7a, 0x28, 0xd4, - 0x61, 0x97, 0xf6, 0x17, 0xa0, 0x23, 0x10, 0x2b, 0xce, 0x84, - 0x57, 0x7e, 0x25, 0x1f, 0xf4, 0xa8, 0x54, 0xd2, 0x65, 0x94, - 0xcc, 0x95, 0x0a, 0xab, 0x30, 0xc1, 0x59, 0x1f, 0x61, 0x8e, - 0xb9, 0x6b, 0xd7, 0x4e, 0xb9, 0x83, 0x43, 0x79, 0x85, 0x11, - 0xbc, 0x0f, 0xae, 0x25, 0x20, 0x05, 0xbc, 0xd2, 0x48, 0xa1, - 0x68, 0x09, 0x84, 0xf6, 0x12, 0x9a, 0x66, 0xb9, 0x2b, 0xbb, - 0x76, 0x03, 0x17, 0x46, 0x4e, 0x97, 0x59, 0x02, 0x81, 0x80, - 0x09, 0x4c, 0xfa, 0xd6, 0xe5, 0x65, 0x48, 0x78, 0x43, 0xb5, - 0x1f, 0x00, 0x93, 0x2c, 0xb7, 0x24, 0xe8, 0xc6, 0x7d, 0x5a, - 0x70, 0x45, 0x92, 0xc8, 0x6c, 0xa3, 0xcd, 0xe1, 0xf7, 0x29, - 0x40, 0xfa, 0x3f, 0x5b, 0x47, 0x44, 0x39, 0xc1, 0xe8, 0x72, - 0x9e, 0x7a, 0x0e, 0xda, 0xaa, 0xa0, 0x2a, 0x09, 0xfd, 0x54, - 0x93, 0x23, 0xaa, 0x37, 0x85, 0x5b, 0xcc, 0xd4, 0xf9, 0xd8, - 0xff, 0xc1, 0x61, 0x0d, 0xbd, 0x7e, 0x18, 0x24, 0x73, 0x6d, - 0x40, 0x72, 0xf1, 0x93, 0x09, 0x48, 0x97, 0x6c, 0x84, 0x90, - 0xa8, 0x46, 0x14, 0x01, 0x39, 0x11, 0xe5, 0x3c, 0x41, 0x27, - 0x32, 0x75, 0x24, 0xed, 0xa1, 0xd9, 0x12, 0x29, 0x8a, 0x28, - 0x71, 0x89, 0x8d, 0xca, 0x30, 0xb0, 0x01, 0xc4, 0x2f, 0x82, - 0x19, 0x14, 0x4c, 0x70, 0x1c, 0xb8, 0x23, 0x2e, 0xe8, 0x90, - 0x49, 0x97, 0x92, 0x97, 0x6b, 0x7a, 0x9d, 0xb9, 0x02, 0x81, - 0x80, 0x0f, 0x0e, 0xa1, 0x76, 0xf6, 0xa1, 0x44, 0x8f, 0xaf, - 0x7c, 0x76, 0xd3, 0x87, 0xbb, 0xbb, 0x83, 0x10, 0x88, 0x01, - 0x18, 0x14, 0xd1, 0xd3, 0x75, 0x59, 0x24, 0xaa, 0xf5, 0x16, - 0xa5, 0xe9, 0x9d, 0xd1, 0xcc, 0xee, 0xf4, 0x15, 0xd9, 0xc5, - 0x7e, 0x27, 0xe9, 0x44, 0x49, 0x06, 0x72, 0xb9, 0xfc, 0xd3, - 0x8a, 0xc4, 0x2c, 0x36, 0x7d, 0x12, 0x9b, 0x5a, 0xaa, 0xdc, - 0x85, 0xee, 0x6e, 0xad, 0x54, 0xb3, 0xf4, 0xfc, 0x31, 0xa1, - 0x06, 0x3a, 0x70, 0x57, 0x0c, 0xf3, 0x95, 0x5b, 0x3e, 0xe8, - 0xfd, 0x1a, 0x4f, 0xf6, 0x78, 0x93, 0x46, 0x6a, 0xd7, 0x31, - 0xb4, 0x84, 0x64, 0x85, 0x09, 0x38, 0x89, 0x92, 0x94, 0x1c, - 0xbf, 0xe2, 0x3c, 0x2a, 0xe0, 0xff, 0x99, 0xa3, 0xf0, 0x2b, - 0x31, 0xc2, 0x36, 0xcd, 0x60, 0xbf, 0x9d, 0x2d, 0x74, 0x32, - 0xe8, 0x9c, 0x93, 0x6e, 0xbb, 0x91, 0x7b, 0xfd, 0xd9, 0x02, - 0x81, 0x81, 0x00, 0xa2, 0x71, 0x25, 0x38, 0xeb, 0x2a, 0xe9, - 0x37, 0xcd, 0xfe, 0x44, 0xce, 0x90, 0x3f, 0x52, 0x87, 0x84, - 0x52, 0x1b, 0xae, 0x8d, 0x22, 0x94, 0xce, 0x38, 0xe6, 0x04, - 0x88, 0x76, 0x85, 0x9a, 0xd3, 0x14, 0x09, 0xe5, 0x69, 0x9a, - 0xff, 0x58, 0x92, 0x02, 0x6a, 0x7d, 0x7c, 0x1e, 0x2c, 0xfd, - 0xa8, 0xca, 0x32, 0x14, 0x4f, 0x0d, 0x84, 0x0d, 0x37, 0x43, - 0xbf, 0xe4, 0x5d, 0x12, 0xc8, 0x24, 0x91, 0x27, 0x8d, 0x46, - 0xd9, 0x54, 0x53, 0xe7, 0x62, 0x71, 0xa8, 0x2b, 0x71, 0x41, - 0x8d, 0x75, 0xf8, 0x3a, 0xa0, 0x61, 0x29, 0x46, 0xa6, 0xe5, - 0x82, 0xfa, 0x3a, 0xd9, 0x08, 0xfa, 0xfc, 0x63, 0xfd, 0x6b, - 0x30, 0xbc, 0xf4, 0x4e, 0x9e, 0x8c, 0x25, 0x0c, 0xb6, 0x55, - 0xe7, 0x3c, 0xd4, 0x4e, 0x0b, 0xfd, 0x8b, 0xc3, 0x0e, 0x1d, - 0x9c, 0x44, 0x57, 0x8f, 0x1f, 0x86, 0xf7, 0xd5, 0x1b, 0xe4, - 0x95, -}; - -static unsigned char test3072[] = { - 0x30, 0x82, 0x06, 0xe3, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, - 0x81, 0x00, 0xbc, 0x3b, 0x23, 0xc0, 0x33, 0xa7, 0x8b, 0xaa, - 0xca, 0xa3, 0x8c, 0x94, 0xf2, 0x4c, 0x52, 0x08, 0x85, 0x80, - 0xfc, 0x36, 0x15, 0xfa, 0x03, 0x06, 0xb6, 0xd6, 0x3f, 0x60, - 0x8a, 0x89, 0x0d, 0xba, 0x1a, 0x51, 0x0b, 0x12, 0xea, 0x71, - 0x77, 0xf6, 0x3a, 0x30, 0x21, 0x3d, 0x24, 0xf8, 0x2e, 0xd0, - 0x17, 0x3a, 0x85, 0x94, 0x25, 0x42, 0x89, 0xff, 0x6a, 0x68, - 0xdf, 0x1f, 0x86, 0xae, 0xa5, 0xbb, 0x9a, 0x79, 0xf6, 0x69, - 0x94, 0xfe, 0xde, 0xfe, 0xce, 0x1b, 0x2e, 0xae, 0x1d, 0x91, - 0xcb, 0xb9, 0xf1, 0x2d, 0xd8, 0x00, 0x82, 0x51, 0x8e, 0xf9, - 0xfd, 0xac, 0xf1, 0x0e, 0x7f, 0xb7, 0x95, 0x85, 0x35, 0xf9, - 0xcb, 0xbe, 0x5f, 0xd3, 0x58, 0xe3, 0xa1, 0x54, 0x9e, 0x30, - 0xb1, 0x8d, 0x01, 0x97, 0x82, 0x06, 0x8e, 0x77, 0xfb, 0xce, - 0x50, 0x2f, 0xbf, 0xf1, 0xff, 0x57, 0x0a, 0x42, 0x03, 0xfd, - 0x0e, 0xba, 0x1e, 0xca, 0x85, 0xc1, 0x9b, 0xa5, 0x9d, 0x09, - 0x0e, 0xe9, 0xbb, 0xc5, 0x73, 0x47, 0x0d, 0x39, 0x3c, 0x64, - 0x06, 0x9a, 0x79, 0x3f, 0x50, 0x87, 0x9c, 0x18, 0x2d, 0x62, - 0x01, 0xfc, 0xed, 0xc1, 0x58, 0x28, 0x21, 0x94, 0x1e, 0xf9, - 0x2d, 0x96, 0x4f, 0xd0, 0xbc, 0xf1, 0xe0, 0x8a, 0xfa, 0x4d, - 0xb6, 0x78, 0x4a, 0xde, 0x17, 0x59, 0xb0, 0x22, 0xa0, 0x9a, - 0xd3, 0x70, 0xb6, 0xc2, 0xbe, 0xbc, 0x96, 0xca, 0x41, 0x5f, - 0x58, 0x4e, 0xce, 0xef, 0x64, 0x45, 0xdd, 0x3f, 0x81, 0x92, - 0xcc, 0x40, 0x79, 0xfc, 0x19, 0xe2, 0xbc, 0x77, 0x2f, 0x43, - 0xfb, 0x8e, 0xad, 0x82, 0x4a, 0x0b, 0xb1, 0xbc, 0x09, 0x8a, - 0x80, 0xc3, 0x0f, 0xef, 0xd2, 0x06, 0xd3, 0x4b, 0x0c, 0x7f, - 0xae, 0x60, 0x3f, 0x2e, 0x52, 0xb4, 0xe4, 0xc2, 0x5c, 0xa6, - 0x71, 0xc0, 0x13, 0x9c, 0xca, 0xa6, 0x0d, 0x13, 0xd7, 0xb7, - 0x14, 0x94, 0x3f, 0x0d, 0x8b, 0x06, 0x70, 0x2f, 0x15, 0x82, - 0x8d, 0x47, 0x45, 0xa6, 0x00, 0x8a, 0x14, 0x91, 0xde, 0x2f, - 0x50, 0x17, 0xe3, 0x1d, 0x34, 0x29, 0x8c, 0xe4, 0x57, 0x74, - 0x2a, 0x3a, 0x82, 0x65, 0x26, 0xf7, 0x8d, 0xcc, 0x1b, 0x8f, - 0xaf, 0xe5, 0x85, 0xe5, 0xbe, 0x85, 0xd6, 0xb7, 0x04, 0xe8, - 0xf5, 0xd4, 0x74, 0xe2, 0x54, 0x14, 0xdd, 0x58, 0xcf, 0x1f, - 0x11, 0x8a, 0x9f, 0x82, 0xa2, 0x01, 0xf9, 0xc2, 0xdf, 0x7b, - 0x84, 0xb1, 0xd8, 0x5b, 0x70, 0xbb, 0x24, 0xe7, 0xd0, 0x2a, - 0x75, 0x3d, 0x55, 0xac, 0x45, 0xe9, 0xab, 0xc6, 0x84, 0x8a, - 0xe7, 0x6d, 0x26, 0x12, 0x89, 0xb5, 0x67, 0xe8, 0x46, 0x9d, - 0x46, 0x1a, 0xfa, 0x2d, 0xc0, 0x5b, 0x60, 0x46, 0x8b, 0xb7, - 0x32, 0x03, 0xff, 0x75, 0xee, 0x9f, 0x3c, 0xdd, 0xb6, 0x35, - 0x4e, 0x82, 0xbd, 0x99, 0x73, 0x51, 0x02, 0x03, 0x01, 0x00, - 0x01, 0x02, 0x82, 0x01, 0x80, 0x42, 0xee, 0xa4, 0x9f, 0xcb, - 0xbe, 0x60, 0x23, 0xb3, 0x3a, 0xc4, 0xda, 0x91, 0xee, 0x21, - 0x9d, 0x76, 0x1b, 0x8f, 0x93, 0x8b, 0xed, 0x02, 0xf6, 0x78, - 0x3d, 0x66, 0xfb, 0xe5, 0x47, 0x26, 0xe2, 0x6e, 0x49, 0x33, - 0x2e, 0xde, 0xbe, 0xca, 0x71, 0x7b, 0xef, 0x71, 0x62, 0x54, - 0xab, 0x0b, 0xba, 0x63, 0x08, 0x24, 0x47, 0xb1, 0x98, 0x1f, - 0x89, 0xfb, 0x44, 0x9f, 0x52, 0x8e, 0x89, 0xbb, 0xd5, 0x21, - 0xf1, 0x0c, 0x76, 0x2e, 0xcd, 0x12, 0x6e, 0x78, 0xcb, 0xa1, - 0xa5, 0xb8, 0x4e, 0x07, 0xab, 0x6e, 0xdf, 0x66, 0x57, 0x87, - 0xff, 0x88, 0x5f, 0xcc, 0x9c, 0x9a, 0x7b, 0x15, 0x5f, 0x2a, - 0x83, 0xdb, 0xd5, 0x9f, 0x65, 0x6a, 0x9d, 0xb4, 0x95, 0xfc, - 0xe0, 0x22, 0x00, 0x1e, 0xa2, 0x8d, 0x56, 0x5a, 0x9e, 0x0a, - 0x3b, 0x10, 0x07, 0x24, 0xec, 0x55, 0xcc, 0xaf, 0x87, 0x3b, - 0xd6, 0x8d, 0xa4, 0x86, 0x80, 0x18, 0x42, 0xdb, 0x9d, 0x24, - 0xc3, 0x97, 0x3b, 0x89, 0x5a, 0x03, 0xb3, 0x0a, 0x72, 0xd1, - 0x78, 0xf0, 0xc8, 0x80, 0xb0, 0x9d, 0x3c, 0xae, 0x5e, 0x0a, - 0x5b, 0x6e, 0x87, 0xd3, 0x3d, 0x25, 0x2e, 0x03, 0x33, 0x01, - 0xfd, 0xb1, 0xa5, 0xd9, 0x58, 0x01, 0xb9, 0xaf, 0xf6, 0x32, - 0x6a, 0x38, 0xe7, 0x39, 0x63, 0x3c, 0xfc, 0x0c, 0x41, 0x90, - 0x28, 0x40, 0x03, 0xcd, 0xfb, 0xde, 0x80, 0x74, 0x21, 0xaa, - 0xae, 0x58, 0xe9, 0x97, 0x18, 0x85, 0x58, 0x3d, 0x2b, 0xd6, - 0x61, 0xf6, 0xe8, 0xbc, 0x6d, 0x2a, 0xf3, 0xb8, 0xea, 0x8c, - 0x64, 0x44, 0xc6, 0xd3, 0x9f, 0x00, 0x7b, 0xb2, 0x52, 0x18, - 0x11, 0x04, 0x96, 0xb7, 0x05, 0xbb, 0xc2, 0x38, 0x5b, 0xa7, - 0x0a, 0x84, 0xb6, 0x4f, 0x02, 0x63, 0xa4, 0x57, 0x00, 0xe3, - 0xde, 0xe4, 0xf2, 0xb3, 0x55, 0xd9, 0x00, 0xa9, 0xd2, 0x5c, - 0x69, 0x9f, 0xe5, 0x80, 0x4f, 0x23, 0x7c, 0xd9, 0xa7, 0x77, - 0x4a, 0xbb, 0x09, 0x6d, 0x45, 0x02, 0xcf, 0x32, 0x90, 0xfd, - 0x10, 0xb6, 0xb3, 0x93, 0xd9, 0x3b, 0x1d, 0x57, 0x66, 0xb5, - 0xb3, 0xb1, 0x6e, 0x53, 0x5f, 0x04, 0x60, 0x29, 0xcd, 0xe8, - 0xb8, 0xab, 0x62, 0x82, 0x33, 0x40, 0xc7, 0xf8, 0x64, 0x60, - 0x0e, 0xab, 0x06, 0x3e, 0xa0, 0xa3, 0x62, 0x11, 0x3f, 0x67, - 0x5d, 0x24, 0x9e, 0x60, 0x29, 0xdc, 0x4c, 0xd5, 0x13, 0xee, - 0x3d, 0xb7, 0x84, 0x93, 0x27, 0xb5, 0x6a, 0xf9, 0xf0, 0xdd, - 0x50, 0xac, 0x46, 0x3c, 0xe6, 0xd5, 0xec, 0xf7, 0xb7, 0x9f, - 0x23, 0x39, 0x9c, 0x88, 0x8c, 0x5a, 0x62, 0x3f, 0x8d, 0x4a, - 0xd7, 0xeb, 0x5e, 0x1e, 0x49, 0xf8, 0xa9, 0x53, 0x11, 0x75, - 0xd0, 0x43, 0x1e, 0xc7, 0x29, 0x22, 0x80, 0x1f, 0xc5, 0x83, - 0x8d, 0x20, 0x04, 0x87, 0x7f, 0x57, 0x8c, 0xf5, 0xa1, 0x02, - 0x81, 0xc1, 0x00, 0xf7, 0xaa, 0xf5, 0xa5, 0x00, 0xdb, 0xd6, - 0x11, 0xfc, 0x07, 0x6d, 0x22, 0x24, 0x2b, 0x4b, 0xc5, 0x67, - 0x0f, 0x37, 0xa5, 0xdb, 0x8f, 0x38, 0xe2, 0x05, 0x43, 0x9a, - 0x44, 0x05, 0x3f, 0xa9, 0xac, 0x4c, 0x98, 0x3c, 0x72, 0x38, - 0xc3, 0x89, 0x33, 0x58, 0x73, 0x51, 0xcc, 0x5d, 0x2f, 0x8f, - 0x6d, 0x3f, 0xa1, 0x22, 0x9e, 0xfb, 0x9a, 0xb4, 0xb8, 0x79, - 0x95, 0xaf, 0x83, 0xcf, 0x5a, 0xb7, 0x14, 0x14, 0x0c, 0x51, - 0x8a, 0x11, 0xe6, 0xd6, 0x21, 0x1e, 0x17, 0x13, 0xd3, 0x69, - 0x7a, 0x3a, 0xd5, 0xaf, 0x3f, 0xb8, 0x25, 0x01, 0xcb, 0x2b, - 0xe6, 0xfc, 0x03, 0xd8, 0xd4, 0xf7, 0x20, 0xe0, 0x21, 0xef, - 0x1a, 0xca, 0x61, 0xeb, 0x8e, 0x96, 0x45, 0x8e, 0x5c, 0xe6, - 0x81, 0x0b, 0x2d, 0x05, 0x32, 0xf9, 0x41, 0x62, 0xb4, 0x33, - 0x98, 0x10, 0x3a, 0xcd, 0xf0, 0x7a, 0x8b, 0x1a, 0x48, 0xd7, - 0x3b, 0x01, 0xf5, 0x18, 0x65, 0x8f, 0x3c, 0xc2, 0x31, 0x3b, - 0xd3, 0xa7, 0x17, 0x5f, 0x7c, 0x0c, 0xe7, 0x25, 0x18, 0x5a, - 0x08, 0xe1, 0x09, 0x89, 0x13, 0xa7, 0xc5, 0x12, 0xab, 0x88, - 0x30, 0xcd, 0x06, 0xf9, 0xba, 0x6f, 0xca, 0x9c, 0x8a, 0xda, - 0x3e, 0x53, 0x90, 0xd7, 0x16, 0x2e, 0xfc, 0xbc, 0xad, 0xd6, - 0x3d, 0xc0, 0x66, 0x4c, 0x02, 0x3d, 0x31, 0xfd, 0x6c, 0xdb, - 0x1c, 0xdf, 0x96, 0x33, 0x23, 0x02, 0x81, 0xc1, 0x00, 0xc2, - 0x90, 0x47, 0xc4, 0xfb, 0x59, 0xf0, 0xc5, 0x14, 0x75, 0x29, - 0xfa, 0x77, 0xa1, 0x8d, 0xd4, 0x90, 0xa1, 0x0d, 0x3f, 0x16, - 0x88, 0xe3, 0x4c, 0x8f, 0x8f, 0x18, 0x8c, 0x9c, 0x8a, 0xd5, - 0xa7, 0x41, 0x99, 0xf3, 0x80, 0x8e, 0xb1, 0xb8, 0x63, 0xd8, - 0x3f, 0x95, 0xd0, 0xd0, 0x2b, 0xf5, 0xe6, 0x93, 0xe8, 0xfe, - 0xd0, 0x73, 0xd5, 0xbd, 0xb4, 0xee, 0x51, 0x19, 0x6a, 0x10, - 0xca, 0xc8, 0xba, 0xa4, 0x4d, 0x84, 0x54, 0x38, 0x17, 0xb5, - 0xd0, 0xa8, 0x75, 0x22, 0xc5, 0x1b, 0x61, 0xa6, 0x51, 0x88, - 0x63, 0xf0, 0x4f, 0xd1, 0x88, 0xd9, 0x16, 0x49, 0x30, 0xe1, - 0xa8, 0x47, 0xc9, 0x30, 0x1d, 0x5c, 0x75, 0xd8, 0x89, 0xb6, - 0x1d, 0x45, 0xd8, 0x0f, 0x94, 0x89, 0xb3, 0xe4, 0x51, 0xfa, - 0x21, 0xff, 0x6f, 0xb6, 0x30, 0x6f, 0x33, 0x24, 0xbc, 0x09, - 0x98, 0xe9, 0x20, 0x02, 0x0b, 0xde, 0xff, 0xc5, 0x06, 0xb6, - 0x28, 0xa3, 0xa1, 0x07, 0xe8, 0xe1, 0xd2, 0xc2, 0xf1, 0xd1, - 0x23, 0x6b, 0x4c, 0x3a, 0xae, 0x85, 0xec, 0xf9, 0xff, 0xa7, - 0x9b, 0x25, 0xb8, 0x95, 0x1d, 0xa8, 0x14, 0x81, 0x4f, 0x79, - 0x4f, 0xd6, 0x39, 0x5d, 0xe6, 0x5f, 0xd2, 0x34, 0x54, 0x8b, - 0x1e, 0x40, 0x4c, 0x15, 0x5a, 0x45, 0xce, 0x0c, 0xb0, 0xdf, - 0xa1, 0x17, 0xb8, 0xb0, 0x6a, 0x82, 0xa5, 0x97, 0x92, 0x70, - 0xfb, 0x02, 0x81, 0xc0, 0x77, 0x46, 0x44, 0x2b, 0x04, 0xf0, - 0xda, 0x75, 0xaa, 0xd4, 0xc0, 0xc0, 0x32, 0x7f, 0x0f, 0x6c, - 0xb0, 0x27, 0x69, 0xfb, 0x5c, 0x73, 0xeb, 0x47, 0x1e, 0x95, - 0xe2, 0x13, 0x64, 0x1b, 0xb6, 0xd1, 0x1d, 0xca, 0x2b, 0x42, - 0x2f, 0x08, 0x2c, 0x69, 0x27, 0xed, 0xd1, 0xb5, 0x04, 0x23, - 0xc5, 0x85, 0x2d, 0xa1, 0xa2, 0x94, 0xc2, 0x43, 0x4d, 0x49, - 0x92, 0x74, 0x7e, 0x24, 0x92, 0x95, 0xf3, 0x99, 0x9d, 0xd6, - 0x18, 0xe6, 0xcf, 0x9c, 0x45, 0xff, 0x89, 0x08, 0x40, 0x2a, - 0x0e, 0xa0, 0x28, 0xf9, 0x83, 0xfe, 0xc1, 0xe6, 0x40, 0xa8, - 0xe2, 0x29, 0xc9, 0xb0, 0xe8, 0x9a, 0x17, 0xb2, 0x23, 0x7e, - 0xf4, 0x32, 0x08, 0xc9, 0x83, 0xb2, 0x15, 0xb8, 0xc5, 0xc9, - 0x03, 0xd1, 0x9d, 0xda, 0x3e, 0xa8, 0xbf, 0xd5, 0xb7, 0x7d, - 0x65, 0x63, 0x94, 0x5d, 0x5d, 0x94, 0xb4, 0xcf, 0x8d, 0x07, - 0x0b, 0x70, 0x85, 0x8e, 0xce, 0x03, 0x0b, 0x2a, 0x8d, 0xb3, - 0x3c, 0x46, 0xc0, 0x2f, 0xc7, 0x72, 0x6c, 0x9c, 0x5d, 0x07, - 0x0f, 0x45, 0x3b, 0x6b, 0x66, 0x32, 0xab, 0x17, 0x83, 0xd8, - 0x4c, 0x2c, 0x84, 0x71, 0x19, 0x8f, 0xaa, 0x0a, 0xff, 0xbc, - 0xf7, 0x42, 0x10, 0xe8, 0xae, 0x4d, 0x26, 0xaf, 0xdd, 0x06, - 0x33, 0x29, 0x66, 0x21, 0x5d, 0xf5, 0xae, 0x17, 0x07, 0x1f, - 0x87, 0x9e, 0xae, 0x27, 0x1d, 0xd5, 0x02, 0x81, 0xc0, 0x56, - 0x17, 0x4f, 0x9a, 0x8a, 0xf9, 0xde, 0x3e, 0xe6, 0x71, 0x7d, - 0x94, 0xb5, 0xb0, 0xc7, 0xb8, 0x62, 0x12, 0xd1, 0x70, 0xb4, - 0x00, 0xf8, 0x4a, 0xdd, 0x4f, 0x1d, 0x36, 0xc2, 0xe1, 0xef, - 0xee, 0x25, 0x6a, 0x00, 0xc4, 0x46, 0xdf, 0xbe, 0xce, 0x77, - 0x56, 0x93, 0x6d, 0x25, 0x5f, 0xfe, 0x5b, 0xfb, 0xe0, 0xe2, - 0x37, 0xcc, 0xb9, 0xac, 0x4a, 0xce, 0x15, 0x16, 0xa0, 0xc7, - 0x33, 0x63, 0xa4, 0xaa, 0xa5, 0x1e, 0x43, 0xc1, 0xda, 0x43, - 0xfa, 0x43, 0x40, 0x29, 0x95, 0x7c, 0x2b, 0x36, 0x53, 0xe7, - 0x7d, 0x09, 0x4d, 0xd8, 0x52, 0xac, 0x74, 0x5f, 0x08, 0x81, - 0x21, 0x5c, 0x3a, 0x5a, 0xce, 0xf3, 0x25, 0xb6, 0x1e, 0x21, - 0x76, 0x4c, 0x7c, 0x71, 0x50, 0x71, 0xaa, 0x27, 0x02, 0x5b, - 0x23, 0x06, 0x0b, 0x21, 0x5b, 0xc7, 0x28, 0xa3, 0x3d, 0x8d, - 0x25, 0x9b, 0x2a, 0x2d, 0x9d, 0xa1, 0x1c, 0x1d, 0xcb, 0x7d, - 0x78, 0xf8, 0x06, 0x7e, 0x20, 0x7f, 0x24, 0x2a, 0x5c, 0xa4, - 0x04, 0xff, 0x2a, 0x68, 0xe0, 0xe6, 0xa3, 0xd8, 0x6f, 0x56, - 0x73, 0xa1, 0x3a, 0x4e, 0xc9, 0x23, 0xa1, 0x87, 0x22, 0x6a, - 0x74, 0x78, 0x3f, 0x44, 0x1c, 0x77, 0x13, 0xe5, 0x51, 0xef, - 0x89, 0x00, 0x3c, 0x6a, 0x4a, 0x5a, 0x8e, 0xf5, 0x30, 0xa2, - 0x93, 0x7e, 0x92, 0x9b, 0x85, 0x55, 0xaf, 0xfe, 0x24, 0xaf, - 0x57, 0x02, 0x81, 0xc1, 0x00, 0xa4, 0xc2, 0x6a, 0x59, 0x45, - 0xea, 0x71, 0x7d, 0x4c, 0xaf, 0xaf, 0xd6, 0x55, 0x97, 0x73, - 0xc5, 0xa1, 0x3c, 0xf6, 0x59, 0x23, 0xb6, 0x1f, 0x5e, 0x9c, - 0x96, 0x0f, 0x97, 0x66, 0x82, 0x91, 0x48, 0x36, 0x70, 0x02, - 0x67, 0xde, 0x34, 0xa6, 0x95, 0x7b, 0x51, 0x43, 0x66, 0xa4, - 0x16, 0x45, 0x59, 0x12, 0xdb, 0x35, 0x19, 0x4b, 0xbf, 0x1d, - 0xab, 0xf3, 0x3f, 0xb4, 0xb4, 0x6f, 0x66, 0xb0, 0x67, 0xc6, - 0x77, 0x2c, 0x46, 0xa8, 0x03, 0x64, 0x9a, 0x13, 0x9d, 0x40, - 0x22, 0x56, 0x76, 0x1a, 0x7c, 0x1e, 0xe2, 0xda, 0x7f, 0x09, - 0xcf, 0x10, 0xe3, 0xf2, 0xf4, 0x2a, 0x3b, 0x46, 0xc7, 0x61, - 0x9b, 0xef, 0x4a, 0x18, 0x60, 0x8c, 0x32, 0x71, 0xb9, 0xdd, - 0xac, 0xa0, 0xc6, 0x8d, 0x3f, 0xab, 0xc3, 0x21, 0x2c, 0xeb, - 0x91, 0x8f, 0xc7, 0x43, 0x0d, 0x0c, 0x67, 0x9e, 0xab, 0xe6, - 0x8d, 0xb6, 0x2d, 0x41, 0xca, 0x43, 0xd8, 0xcb, 0x30, 0xfb, - 0x3b, 0x40, 0x0d, 0x10, 0x9b, 0xb1, 0x55, 0x93, 0x73, 0x8b, - 0x60, 0xef, 0xc0, 0xee, 0xc0, 0xa6, 0x7a, 0x79, 0x90, 0xfd, - 0x4c, 0x25, 0xd4, 0x4f, 0x67, 0xbe, 0xf7, 0x86, 0x3c, 0x5d, - 0x2b, 0x7d, 0x97, 0x3d, 0xa2, 0x91, 0xa5, 0x06, 0x69, 0xf6, - 0x7a, 0xb8, 0x77, 0xe6, 0x70, 0xa9, 0xd8, 0x86, 0x4b, 0xa6, - 0xcf, 0x67, 0x1d, 0x33, 0xcf, 0xfe, 0x3e -}; - -static unsigned char test4096[] = { - 0x30, 0x82, 0x09, 0x29, 0x02, 0x01, 0x00, 0x02, 0x82, 0x02, - 0x01, 0x00, 0xc0, 0x71, 0xac, 0x1a, 0x13, 0x88, 0x82, 0x43, - 0x3b, 0x51, 0x57, 0x71, 0x8d, 0xb6, 0x2b, 0x82, 0x65, 0x21, - 0x53, 0x5f, 0x28, 0x29, 0x4f, 0x8d, 0x7c, 0x8a, 0xb9, 0x44, - 0xb3, 0x28, 0x41, 0x4f, 0xd3, 0xfa, 0x6a, 0xf8, 0xb9, 0x28, - 0x50, 0x39, 0x67, 0x53, 0x2c, 0x3c, 0xd7, 0xcb, 0x96, 0x41, - 0x40, 0x32, 0xbb, 0xeb, 0x70, 0xae, 0x1f, 0xb0, 0x65, 0xf7, - 0x3a, 0xd9, 0x22, 0xfd, 0x10, 0xae, 0xbd, 0x02, 0xe2, 0xdd, - 0xf3, 0xc2, 0x79, 0x3c, 0xc6, 0xfc, 0x75, 0xbb, 0xaf, 0x4e, - 0x3a, 0x36, 0xc2, 0x4f, 0xea, 0x25, 0xdf, 0x13, 0x16, 0x4b, - 0x20, 0xfe, 0x4b, 0x69, 0x16, 0xc4, 0x7f, 0x1a, 0x43, 0xa6, - 0x17, 0x1b, 0xb9, 0x0a, 0xf3, 0x09, 0x86, 0x28, 0x89, 0xcf, - 0x2c, 0xd0, 0xd4, 0x81, 0xaf, 0xc6, 0x6d, 0xe6, 0x21, 0x8d, - 0xee, 0xef, 0xea, 0xdc, 0xb7, 0xc6, 0x3b, 0x63, 0x9f, 0x0e, - 0xad, 0x89, 0x78, 0x23, 0x18, 0xbf, 0x70, 0x7e, 0x84, 0xe0, - 0x37, 0xec, 0xdb, 0x8e, 0x9c, 0x3e, 0x6a, 0x19, 0xcc, 0x99, - 0x72, 0xe6, 0xb5, 0x7d, 0x6d, 0xfa, 0xe5, 0xd3, 0xe4, 0x90, - 0xb5, 0xb2, 0xb2, 0x12, 0x70, 0x4e, 0xca, 0xf8, 0x10, 0xf8, - 0xa3, 0x14, 0xc2, 0x48, 0x19, 0xeb, 0x60, 0x99, 0xbb, 0x2a, - 0x1f, 0xb1, 0x7a, 0xb1, 0x3d, 0x24, 0xfb, 0xa0, 0x29, 0xda, - 0xbd, 0x1b, 0xd7, 0xa4, 0xbf, 0xef, 0x60, 0x2d, 0x22, 0xca, - 0x65, 0x98, 0xf1, 0xc4, 0xe1, 0xc9, 0x02, 0x6b, 0x16, 0x28, - 0x2f, 0xa1, 0xaa, 0x79, 0x00, 0xda, 0xdc, 0x7c, 0x43, 0xf7, - 0x42, 0x3c, 0xa0, 0xef, 0x68, 0xf7, 0xdf, 0xb9, 0x69, 0xfb, - 0x8e, 0x01, 0xed, 0x01, 0x42, 0xb5, 0x4e, 0x57, 0xa6, 0x26, - 0xb8, 0xd0, 0x7b, 0x56, 0x6d, 0x03, 0xc6, 0x40, 0x8c, 0x8c, - 0x2a, 0x55, 0xd7, 0x9c, 0x35, 0x00, 0x94, 0x93, 0xec, 0x03, - 0xeb, 0x22, 0xef, 0x77, 0xbb, 0x79, 0x13, 0x3f, 0x15, 0xa1, - 0x8f, 0xca, 0xdf, 0xfd, 0xd3, 0xb8, 0xe1, 0xd4, 0xcc, 0x09, - 0x3f, 0x3c, 0x2c, 0xdb, 0xd1, 0x49, 0x7f, 0x38, 0x07, 0x83, - 0x6d, 0xeb, 0x08, 0x66, 0xe9, 0x06, 0x44, 0x12, 0xac, 0x95, - 0x22, 0x90, 0x23, 0x67, 0xd4, 0x08, 0xcc, 0xf4, 0xb7, 0xdc, - 0xcc, 0x87, 0xd4, 0xac, 0x69, 0x35, 0x4c, 0xb5, 0x39, 0x36, - 0xcd, 0xa4, 0xd2, 0x95, 0xca, 0x0d, 0xc5, 0xda, 0xc2, 0xc5, - 0x22, 0x32, 0x28, 0x08, 0xe3, 0xd2, 0x8b, 0x38, 0x30, 0xdc, - 0x8c, 0x75, 0x4f, 0x6a, 0xec, 0x7a, 0xac, 0x16, 0x3e, 0xa8, - 0xd4, 0x6a, 0x45, 0xe1, 0xa8, 0x4f, 0x2e, 0x80, 0x34, 0xaa, - 0x54, 0x1b, 0x02, 0x95, 0x7d, 0x8a, 0x6d, 0xcc, 0x79, 0xca, - 0xf2, 0xa4, 0x2e, 0x8d, 0xfb, 0xfe, 0x15, 0x51, 0x10, 0x0e, - 0x4d, 0x88, 0xb1, 0xc7, 0xf4, 0x79, 0xdb, 0xf0, 0xb4, 0x56, - 0x44, 0x37, 0xca, 0x5a, 0xc1, 0x8c, 0x48, 0xac, 0xae, 0x48, - 0x80, 0x83, 0x01, 0x3f, 0xde, 0xd9, 0xd3, 0x2c, 0x51, 0x46, - 0xb1, 0x41, 0xb6, 0xc6, 0x91, 0x72, 0xf9, 0x83, 0x55, 0x1b, - 0x8c, 0xba, 0xf3, 0x73, 0xe5, 0x2c, 0x74, 0x50, 0x3a, 0xbe, - 0xc5, 0x2f, 0xa7, 0xb2, 0x6d, 0x8c, 0x9e, 0x13, 0x77, 0xa3, - 0x13, 0xcd, 0x6d, 0x8c, 0x45, 0xe1, 0xfc, 0x0b, 0xb7, 0x69, - 0xe9, 0x27, 0xbc, 0x65, 0xc3, 0xfa, 0x9b, 0xd0, 0xef, 0xfe, - 0xe8, 0x1f, 0xb3, 0x5e, 0x34, 0xf4, 0x8c, 0xea, 0xfc, 0xd3, - 0x81, 0xbf, 0x3d, 0x30, 0xb2, 0xb4, 0x01, 0xe8, 0x43, 0x0f, - 0xba, 0x02, 0x23, 0x42, 0x76, 0x82, 0x31, 0x73, 0x91, 0xed, - 0x07, 0x46, 0x61, 0x0d, 0x39, 0x83, 0x40, 0xce, 0x7a, 0xd4, - 0xdb, 0x80, 0x2c, 0x1f, 0x0d, 0xd1, 0x34, 0xd4, 0x92, 0xe3, - 0xd4, 0xf1, 0xc2, 0x01, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, - 0x82, 0x02, 0x01, 0x00, 0x97, 0x6c, 0xda, 0x6e, 0xea, 0x4f, - 0xcf, 0xaf, 0xf7, 0x4c, 0xd9, 0xf1, 0x90, 0x00, 0x77, 0xdb, - 0xf2, 0x97, 0x76, 0x72, 0xb9, 0xb7, 0x47, 0xd1, 0x9c, 0xdd, - 0xcb, 0x4a, 0x33, 0x6e, 0xc9, 0x75, 0x76, 0xe6, 0xe4, 0xa5, - 0x31, 0x8c, 0x77, 0x13, 0xb4, 0x29, 0xcd, 0xf5, 0x52, 0x17, - 0xef, 0xf3, 0x08, 0x00, 0xe3, 0xbd, 0x2e, 0xbc, 0xd4, 0x52, - 0x88, 0xe9, 0x30, 0x75, 0x0b, 0x02, 0xf5, 0xcd, 0x89, 0x0c, - 0x6c, 0x57, 0x19, 0x27, 0x3d, 0x1e, 0x85, 0xb4, 0xc1, 0x2f, - 0x1d, 0x92, 0x00, 0x5c, 0x76, 0x29, 0x4b, 0xa4, 0xe1, 0x12, - 0xb3, 0xc8, 0x09, 0xfe, 0x0e, 0x78, 0x72, 0x61, 0xcb, 0x61, - 0x6f, 0x39, 0x91, 0x95, 0x4e, 0xd5, 0x3e, 0xc7, 0x8f, 0xb8, - 0xf6, 0x36, 0xfe, 0x9c, 0x93, 0x9a, 0x38, 0x25, 0x7a, 0xf4, - 0x4a, 0x12, 0xd4, 0xa0, 0x13, 0xbd, 0xf9, 0x1d, 0x12, 0x3e, - 0x21, 0x39, 0xfb, 0x72, 0xe0, 0x05, 0x3d, 0xc3, 0xe5, 0x50, - 0xa8, 0x5d, 0x85, 0xa3, 0xea, 0x5f, 0x1c, 0xb2, 0x3f, 0xea, - 0x6d, 0x03, 0x91, 0x55, 0xd8, 0x19, 0x0a, 0x21, 0x12, 0x16, - 0xd9, 0x12, 0xc4, 0xe6, 0x07, 0x18, 0x5b, 0x26, 0xa4, 0xae, - 0xed, 0x2b, 0xb7, 0xa6, 0xed, 0xf8, 0xad, 0xec, 0x77, 0xe6, - 0x7f, 0x4f, 0x76, 0x00, 0xc0, 0xfa, 0x15, 0x92, 0xb4, 0x2c, - 0x22, 0xc2, 0xeb, 0x6a, 0xad, 0x14, 0x05, 0xb2, 0xe5, 0x8a, - 0x9e, 0x85, 0x83, 0xcc, 0x04, 0xf1, 0x56, 0x78, 0x44, 0x5e, - 0xde, 0xe0, 0x60, 0x1a, 0x65, 0x79, 0x31, 0x23, 0x05, 0xbb, - 0x01, 0xff, 0xdd, 0x2e, 0xb7, 0xb3, 0xaa, 0x74, 0xe0, 0xa5, - 0x94, 0xaf, 0x4b, 0xde, 0x58, 0x0f, 0x55, 0xde, 0x33, 0xf6, - 0xe3, 0xd6, 0x34, 0x36, 0x57, 0xd6, 0x79, 0x91, 0x2e, 0xbe, - 0x3b, 0xd9, 0x4e, 0xb6, 0x9d, 0x21, 0x5c, 0xd3, 0x48, 0x14, - 0x7f, 0x4a, 0xc4, 0x60, 0xa9, 0x29, 0xf8, 0x53, 0x7f, 0x88, - 0x11, 0x2d, 0xb5, 0xc5, 0x2d, 0x6f, 0xee, 0x85, 0x0b, 0xf7, - 0x8d, 0x9a, 0xbe, 0xb0, 0x42, 0xf2, 0x2e, 0x71, 0xaf, 0x19, - 0x31, 0x6d, 0xec, 0xcd, 0x6f, 0x2b, 0x23, 0xdf, 0xb4, 0x40, - 0xaf, 0x2c, 0x0a, 0xc3, 0x1b, 0x7d, 0x7d, 0x03, 0x1d, 0x4b, - 0xf3, 0xb5, 0xe0, 0x85, 0xd8, 0xdf, 0x91, 0x6b, 0x0a, 0x69, - 0xf7, 0xf2, 0x69, 0x66, 0x5b, 0xf1, 0xcf, 0x46, 0x7d, 0xe9, - 0x70, 0xfa, 0x6d, 0x7e, 0x75, 0x4e, 0xa9, 0x77, 0xe6, 0x8c, - 0x02, 0xf7, 0x14, 0x4d, 0xa5, 0x41, 0x8f, 0x3f, 0xc1, 0x62, - 0x1e, 0x71, 0x5e, 0x38, 0xb4, 0xd6, 0xe6, 0xe1, 0x4b, 0xc2, - 0x2c, 0x30, 0x83, 0x81, 0x6f, 0x49, 0x2e, 0x96, 0xe6, 0xc9, - 0x9a, 0xf7, 0x5d, 0x09, 0xa0, 0x55, 0x02, 0xa5, 0x3a, 0x25, - 0x23, 0xd0, 0x92, 0xc3, 0xa3, 0xe3, 0x0e, 0x12, 0x2f, 0x4d, - 0xef, 0xf3, 0x55, 0x5a, 0xbe, 0xe6, 0x19, 0x86, 0x31, 0xab, - 0x75, 0x9a, 0xd3, 0xf0, 0x2c, 0xc5, 0x41, 0x92, 0xd9, 0x1f, - 0x5f, 0x11, 0x8c, 0x75, 0x1c, 0x63, 0xd0, 0x02, 0x80, 0x2c, - 0x68, 0xcb, 0x93, 0xfb, 0x51, 0x73, 0x49, 0xb4, 0x60, 0xda, - 0xe2, 0x26, 0xaf, 0xa9, 0x46, 0x12, 0xb8, 0xec, 0x50, 0xdd, - 0x12, 0x06, 0x5f, 0xce, 0x59, 0xe6, 0xf6, 0x1c, 0xe0, 0x54, - 0x10, 0xad, 0xf6, 0xcd, 0x98, 0xcc, 0x0f, 0xfb, 0xcb, 0x41, - 0x14, 0x9d, 0xed, 0xe4, 0xb4, 0x74, 0x5f, 0x09, 0x60, 0xc7, - 0x12, 0xf6, 0x7b, 0x3c, 0x8f, 0xa7, 0x20, 0xbc, 0xe4, 0xb1, - 0xef, 0xeb, 0xa4, 0x93, 0xc5, 0x06, 0xca, 0x9a, 0x27, 0x9d, - 0x87, 0xf3, 0xde, 0xca, 0xe5, 0xe7, 0xf6, 0x1c, 0x01, 0x65, - 0x5b, 0xfb, 0x19, 0x79, 0x6e, 0x08, 0x26, 0xc5, 0xc8, 0x28, - 0x0e, 0xb6, 0x3b, 0x07, 0x08, 0xc1, 0x02, 0x82, 0x01, 0x01, - 0x00, 0xe8, 0x1c, 0x73, 0xa6, 0xb8, 0xe0, 0x0e, 0x6d, 0x8d, - 0x1b, 0xb9, 0x53, 0xed, 0x58, 0x94, 0xe6, 0x1d, 0x60, 0x14, - 0x5c, 0x76, 0x43, 0xc4, 0x58, 0x19, 0xc4, 0x24, 0xe8, 0xbc, - 0x1b, 0x3b, 0x0b, 0x13, 0x24, 0x45, 0x54, 0x0e, 0xcc, 0x37, - 0xf0, 0xe0, 0x63, 0x7d, 0xc3, 0xf7, 0xfb, 0x81, 0x74, 0x81, - 0xc4, 0x0f, 0x1a, 0x21, 0x48, 0xaf, 0xce, 0xc1, 0xc4, 0x94, - 0x18, 0x06, 0x44, 0x8d, 0xd3, 0xd2, 0x22, 0x2d, 0x2d, 0x3e, - 0x5a, 0x31, 0xdc, 0x95, 0x8e, 0xf4, 0x41, 0xfc, 0x58, 0xc9, - 0x40, 0x92, 0x17, 0x5f, 0xe3, 0xda, 0xac, 0x9e, 0x3f, 0x1c, - 0x2a, 0x6b, 0x58, 0x5f, 0x48, 0x78, 0x20, 0xb1, 0xaf, 0x24, - 0x9b, 0x3c, 0x20, 0x8b, 0x93, 0x25, 0x9e, 0xe6, 0x6b, 0xbc, - 0x13, 0x42, 0x14, 0x6c, 0x36, 0x31, 0xff, 0x7a, 0xd1, 0xc1, - 0x1a, 0x26, 0x14, 0x7f, 0xa9, 0x76, 0xa7, 0x0c, 0xf8, 0xcc, - 0xed, 0x07, 0x6a, 0xd2, 0xdf, 0x62, 0xee, 0x0a, 0x7c, 0x84, - 0xcb, 0x49, 0x90, 0xb2, 0x03, 0x0d, 0xa2, 0x82, 0x06, 0x77, - 0xf1, 0xcd, 0x67, 0xf2, 0x47, 0x21, 0x02, 0x3f, 0x43, 0x21, - 0xf0, 0x46, 0x30, 0x62, 0x51, 0x72, 0xb1, 0xe7, 0x48, 0xc6, - 0x67, 0x12, 0xcd, 0x9e, 0xd6, 0x15, 0xe5, 0x21, 0xed, 0xfa, - 0x8f, 0x30, 0xa6, 0x41, 0xfe, 0xb6, 0xfa, 0x8f, 0x34, 0x14, - 0x19, 0xe8, 0x11, 0xf7, 0xa5, 0x77, 0x3e, 0xb7, 0xf9, 0x39, - 0x07, 0x8c, 0x67, 0x2a, 0xab, 0x7b, 0x08, 0xf8, 0xb0, 0x06, - 0xa8, 0xea, 0x2f, 0x8f, 0xfa, 0xcc, 0xcc, 0x40, 0xce, 0xf3, - 0x70, 0x4f, 0x3f, 0x7f, 0xe2, 0x0c, 0xea, 0x76, 0x4a, 0x35, - 0x4e, 0x47, 0xad, 0x2b, 0xa7, 0x97, 0x5d, 0x74, 0x43, 0x97, - 0x90, 0xd2, 0xfb, 0xd9, 0xf9, 0x96, 0x01, 0x33, 0x05, 0xed, - 0x7b, 0x03, 0x05, 0xad, 0xf8, 0x49, 0x03, 0x02, 0x82, 0x01, - 0x01, 0x00, 0xd4, 0x40, 0x17, 0x66, 0x10, 0x92, 0x95, 0xc8, - 0xec, 0x62, 0xa9, 0x7a, 0xcb, 0x93, 0x8e, 0xe6, 0x53, 0xd4, - 0x80, 0x48, 0x27, 0x4b, 0x41, 0xce, 0x61, 0xdf, 0xbf, 0x94, - 0xa4, 0x3d, 0x71, 0x03, 0x0b, 0xed, 0x25, 0x71, 0x98, 0xa4, - 0xd6, 0xd5, 0x4a, 0x57, 0xf5, 0x6c, 0x1b, 0xda, 0x21, 0x7d, - 0x35, 0x45, 0xb3, 0xf3, 0x6a, 0xd9, 0xd3, 0x43, 0xe8, 0x5c, - 0x54, 0x1c, 0x83, 0x1b, 0xb4, 0x5f, 0xf2, 0x97, 0x24, 0x2e, - 0xdc, 0x40, 0xde, 0x92, 0x23, 0x59, 0x8e, 0xbc, 0xd2, 0xa1, - 0xf2, 0xe0, 0x4c, 0xdd, 0x0b, 0xd1, 0xe7, 0xae, 0x65, 0xbc, - 0xb5, 0xf5, 0x5b, 0x98, 0xe9, 0xd7, 0xc2, 0xb7, 0x0e, 0x55, - 0x71, 0x0e, 0x3c, 0x0a, 0x24, 0x6b, 0xa6, 0xe6, 0x14, 0x61, - 0x11, 0xfd, 0x33, 0x42, 0x99, 0x2b, 0x84, 0x77, 0x74, 0x92, - 0x91, 0xf5, 0x79, 0x79, 0xcf, 0xad, 0x8e, 0x04, 0xef, 0x80, - 0x1e, 0x57, 0xf4, 0x14, 0xf5, 0x35, 0x09, 0x74, 0xb2, 0x13, - 0x71, 0x58, 0x6b, 0xea, 0x32, 0x5d, 0xf3, 0xd3, 0x76, 0x48, - 0x39, 0x10, 0x23, 0x84, 0x9d, 0xbe, 0x92, 0x77, 0x4a, 0xed, - 0x70, 0x3e, 0x1a, 0xa2, 0x6c, 0xb3, 0x81, 0x00, 0xc3, 0xc9, - 0xe4, 0x52, 0xc8, 0x24, 0x88, 0x0c, 0x41, 0xad, 0x87, 0x5a, - 0xea, 0xa3, 0x7a, 0x85, 0x1c, 0x5e, 0x31, 0x7f, 0xc3, 0x35, - 0xc6, 0xfa, 0x10, 0xc8, 0x75, 0x10, 0xc4, 0x96, 0x99, 0xe7, - 0xfe, 0x01, 0xb4, 0x74, 0xdb, 0xb4, 0x11, 0xc3, 0xc8, 0x8c, - 0xf6, 0xf7, 0x3b, 0x66, 0x50, 0xfc, 0xdb, 0xeb, 0xca, 0x47, - 0x85, 0x89, 0xe1, 0x65, 0xd9, 0x62, 0x34, 0x3c, 0x70, 0xd8, - 0x2e, 0xb4, 0x2f, 0x65, 0x3c, 0x4a, 0xa6, 0x2a, 0xe7, 0xc7, - 0xd8, 0x41, 0x8f, 0x8a, 0x43, 0xbf, 0x42, 0xf2, 0x4d, 0xbc, - 0xfc, 0x9e, 0x27, 0x95, 0xfb, 0x75, 0xff, 0xab, 0x02, 0x82, - 0x01, 0x00, 0x41, 0x2f, 0x44, 0x57, 0x6d, 0x12, 0x17, 0x5b, - 0x32, 0xc6, 0xb7, 0x6c, 0x57, 0x7a, 0x8a, 0x0e, 0x79, 0xef, - 0x72, 0xa8, 0x68, 0xda, 0x2d, 0x38, 0xe4, 0xbb, 0x8d, 0xf6, - 0x02, 0x65, 0xcf, 0x56, 0x13, 0xe1, 0x1a, 0xcb, 0x39, 0x80, - 0xa6, 0xb1, 0x32, 0x03, 0x1e, 0xdd, 0xbb, 0x35, 0xd9, 0xac, - 0x43, 0x89, 0x31, 0x08, 0x90, 0x92, 0x5e, 0x35, 0x3d, 0x7b, - 0x9c, 0x6f, 0x86, 0xcb, 0x17, 0xdd, 0x85, 0xe4, 0xed, 0x35, - 0x08, 0x8e, 0xc1, 0xf4, 0x05, 0xd8, 0x68, 0xc6, 0x63, 0x3c, - 0xf7, 0xff, 0xf7, 0x47, 0x33, 0x39, 0xc5, 0x3e, 0xb7, 0x0e, - 0x58, 0x35, 0x9d, 0x81, 0xea, 0xf8, 0x6a, 0x2c, 0x1c, 0x5a, - 0x68, 0x78, 0x64, 0x11, 0x6b, 0xc1, 0x3e, 0x4e, 0x7a, 0xbd, - 0x84, 0xcb, 0x0f, 0xc2, 0xb6, 0x85, 0x1d, 0xd3, 0x76, 0xc5, - 0x93, 0x6a, 0x69, 0x89, 0x56, 0x34, 0xdc, 0x4a, 0x9b, 0xbc, - 0xff, 0xa8, 0x0d, 0x6e, 0x35, 0x9c, 0x60, 0xa7, 0x23, 0x30, - 0xc7, 0x06, 0x64, 0x39, 0x8b, 0x94, 0x89, 0xee, 0xba, 0x7f, - 0x60, 0x8d, 0xfa, 0xb6, 0x97, 0x76, 0xdc, 0x51, 0x4a, 0x3c, - 0xeb, 0x3a, 0x14, 0x2c, 0x20, 0x60, 0x69, 0x4a, 0x86, 0xfe, - 0x8c, 0x21, 0x84, 0x49, 0x54, 0xb3, 0x20, 0xe1, 0x01, 0x7f, - 0x58, 0xdf, 0x7f, 0xb5, 0x21, 0x51, 0x8c, 0x47, 0x9f, 0x91, - 0xeb, 0x97, 0x3e, 0xf2, 0x54, 0xcf, 0x16, 0x46, 0xf9, 0xd9, - 0xb6, 0xe7, 0x64, 0xc9, 0xd0, 0x54, 0xea, 0x2f, 0xa1, 0xcf, - 0xa5, 0x7f, 0x28, 0x8d, 0x84, 0xec, 0xd5, 0x39, 0x03, 0x76, - 0x5b, 0x2d, 0x8e, 0x43, 0xf2, 0x01, 0x24, 0xc9, 0x6f, 0xc0, - 0xf5, 0x69, 0x6f, 0x7d, 0xb5, 0x85, 0xd2, 0x5f, 0x7f, 0x78, - 0x40, 0x07, 0x7f, 0x09, 0x15, 0xb5, 0x1f, 0x28, 0x65, 0x10, - 0xe4, 0x19, 0xa8, 0xc6, 0x9e, 0x8d, 0xdc, 0xcb, 0x02, 0x82, - 0x01, 0x00, 0x13, 0x01, 0xee, 0x56, 0x80, 0x93, 0x70, 0x00, - 0x7f, 0x52, 0xd2, 0x94, 0xa1, 0x98, 0x84, 0x4a, 0x92, 0x25, - 0x4c, 0x9b, 0xa9, 0x91, 0x2e, 0xc2, 0x79, 0xb7, 0x5c, 0xe3, - 0xc5, 0xd5, 0x8e, 0xc2, 0x54, 0x16, 0x17, 0xad, 0x55, 0x9b, - 0x25, 0x76, 0x12, 0x63, 0x50, 0x22, 0x2f, 0x58, 0x58, 0x79, - 0x6b, 0x04, 0xe3, 0xf9, 0x9f, 0x8f, 0x04, 0x41, 0x67, 0x94, - 0xa5, 0x1f, 0xac, 0x8a, 0x15, 0x9c, 0x26, 0x10, 0x6c, 0xf8, - 0x19, 0x57, 0x61, 0xd7, 0x3a, 0x7d, 0x31, 0xb0, 0x2d, 0x38, - 0xbd, 0x94, 0x62, 0xad, 0xc4, 0xfa, 0x36, 0x42, 0x42, 0xf0, - 0x24, 0x67, 0x65, 0x9d, 0x8b, 0x0b, 0x7c, 0x6f, 0x82, 0x44, - 0x1a, 0x8c, 0xc8, 0xc9, 0xab, 0xbb, 0x4c, 0x45, 0xfc, 0x7b, - 0x38, 0xee, 0x30, 0xe1, 0xfc, 0xef, 0x8d, 0xbc, 0x58, 0xdf, - 0x2b, 0x5d, 0x0d, 0x54, 0xe0, 0x49, 0x4d, 0x97, 0x99, 0x8f, - 0x22, 0xa8, 0x83, 0xbe, 0x40, 0xbb, 0x50, 0x2e, 0x78, 0x28, - 0x0f, 0x95, 0x78, 0x8c, 0x8f, 0x98, 0x24, 0x56, 0xc2, 0x97, - 0xf3, 0x2c, 0x43, 0xd2, 0x03, 0x82, 0x66, 0x81, 0x72, 0x5f, - 0x53, 0x16, 0xec, 0xb1, 0xb1, 0x04, 0x5e, 0x40, 0x20, 0x48, - 0x7b, 0x3f, 0x02, 0x97, 0x6a, 0xeb, 0x96, 0x12, 0x21, 0x35, - 0xfe, 0x1f, 0x47, 0xc0, 0x95, 0xea, 0xc5, 0x8a, 0x08, 0x84, - 0x4f, 0x5e, 0x63, 0x94, 0x60, 0x0f, 0x71, 0x5b, 0x7f, 0x4a, - 0xec, 0x4f, 0x60, 0xc6, 0xba, 0x4a, 0x24, 0xf1, 0x20, 0x8b, - 0xa7, 0x2e, 0x3a, 0xce, 0x8d, 0xe0, 0x27, 0x1d, 0xb5, 0x8e, - 0xb4, 0x21, 0xc5, 0xe2, 0xa6, 0x16, 0x0a, 0x51, 0x83, 0x55, - 0x88, 0xd1, 0x30, 0x11, 0x63, 0xd5, 0xd7, 0x8d, 0xae, 0x16, - 0x12, 0x82, 0xc4, 0x85, 0x00, 0x4e, 0x27, 0x83, 0xa5, 0x7c, - 0x90, 0x2e, 0xe5, 0xa2, 0xa3, 0xd3, 0x4c, 0x63, 0x02, 0x82, - 0x01, 0x01, 0x00, 0x86, 0x08, 0x98, 0x98, 0xa5, 0x00, 0x05, - 0x39, 0x77, 0xd9, 0x66, 0xb3, 0xcf, 0xca, 0xa0, 0x71, 0xb3, - 0x50, 0xce, 0x3d, 0xb1, 0x93, 0x95, 0x35, 0xc4, 0xd4, 0x2e, - 0x90, 0xdf, 0x0f, 0xfc, 0x60, 0xc1, 0x94, 0x68, 0x61, 0x43, - 0xca, 0x9a, 0x23, 0x4a, 0x1e, 0x45, 0x72, 0x99, 0xb5, 0x1e, - 0x61, 0x8d, 0x77, 0x0f, 0xa0, 0xbb, 0xd7, 0x77, 0xb4, 0x2a, - 0x15, 0x11, 0x88, 0x2d, 0xb3, 0x56, 0x61, 0x5e, 0x6a, 0xed, - 0xa4, 0x46, 0x4a, 0x3f, 0x50, 0x11, 0xd6, 0xba, 0xb6, 0xd7, - 0x95, 0x65, 0x53, 0xc3, 0xa1, 0x8f, 0xe0, 0xa3, 0xf5, 0x1c, - 0xfd, 0xaf, 0x6e, 0x43, 0xd7, 0x17, 0xa7, 0xd3, 0x81, 0x1b, - 0xa4, 0xdf, 0xe0, 0x97, 0x8a, 0x46, 0x03, 0xd3, 0x46, 0x0e, - 0x83, 0x48, 0x4e, 0xd2, 0x02, 0xcb, 0xc0, 0xad, 0x79, 0x95, - 0x8c, 0x96, 0xba, 0x40, 0x34, 0x11, 0x71, 0x5e, 0xe9, 0x11, - 0xf9, 0xc5, 0x4a, 0x5e, 0x91, 0x9d, 0xf5, 0x92, 0x4f, 0xeb, - 0xc6, 0x70, 0x02, 0x2d, 0x3d, 0x04, 0xaa, 0xe9, 0x3a, 0x8e, - 0xd5, 0xa8, 0xad, 0xf7, 0xce, 0x0d, 0x16, 0xb2, 0xec, 0x0a, - 0x9c, 0xf5, 0x94, 0x39, 0xb9, 0x8a, 0xfc, 0x1e, 0xf9, 0xcc, - 0xf2, 0x5f, 0x21, 0x31, 0x74, 0x72, 0x6b, 0x64, 0xae, 0x35, - 0x61, 0x8d, 0x0d, 0xcb, 0xe7, 0xda, 0x39, 0xca, 0xf3, 0x21, - 0x66, 0x0b, 0x95, 0xd7, 0x0a, 0x7c, 0xca, 0xa1, 0xa9, 0x5a, - 0xe8, 0xac, 0xe0, 0x71, 0x54, 0xaf, 0x28, 0xcf, 0xd5, 0x70, - 0x89, 0xe0, 0xf3, 0x9e, 0x43, 0x6c, 0x8d, 0x7b, 0x99, 0x01, - 0x68, 0x4d, 0xa1, 0x45, 0x46, 0x0c, 0x43, 0xbc, 0xcc, 0x2c, - 0xdd, 0xc5, 0x46, 0xc8, 0x4e, 0x0e, 0xbe, 0xed, 0xb9, 0x26, - 0xab, 0x2e, 0xdb, 0xeb, 0x8f, 0xff, 0xdb, 0xb0, 0xc6, 0x55, - 0xaf, 0xf8, 0x2a, 0x91, 0x9d, 0x50, 0x44, 0x21, 0x17, -}; - -static unsigned char test7680[] = { - 0x30, 0x82, 0x11, 0x09, 0x02, 0x01, 0x00, 0x02, 0x82, 0x03, - 0xc1, 0x00, 0xe3, 0x27, 0x46, 0x99, 0xb5, 0x17, 0xab, 0xfa, - 0x65, 0x05, 0x7a, 0x06, 0x81, 0x14, 0xce, 0x43, 0x21, 0x49, - 0x0f, 0x08, 0xf1, 0x70, 0xb4, 0xc1, 0x10, 0xd1, 0x87, 0xf8, - 0x29, 0x91, 0x36, 0x66, 0x2d, 0xbe, 0x7b, 0x1d, 0xa2, 0x0b, - 0x20, 0x38, 0xd9, 0x8e, 0x78, 0x27, 0xcf, 0xb5, 0x45, 0x58, - 0x3d, 0xf4, 0xda, 0xf0, 0xdc, 0x21, 0x17, 0x52, 0xcd, 0x68, - 0xe2, 0x81, 0xac, 0x88, 0x61, 0x10, 0xbc, 0xb0, 0x7f, 0xe4, - 0xf3, 0x78, 0xb7, 0x28, 0x6c, 0x5f, 0x5c, 0xc2, 0x8d, 0x3d, - 0xb0, 0x87, 0x41, 0x15, 0x2e, 0x09, 0x5f, 0xea, 0x06, 0x7f, - 0xe9, 0x35, 0x18, 0x90, 0x50, 0xad, 0xf6, 0xb9, 0xfd, 0x33, - 0x02, 0x1a, 0x99, 0x9e, 0xa5, 0x7d, 0x2c, 0x3b, 0x24, 0xe7, - 0x31, 0x35, 0x73, 0x9a, 0xb0, 0xfe, 0x03, 0xfc, 0xc6, 0x98, - 0x78, 0xd9, 0x66, 0x95, 0xa5, 0x12, 0xbc, 0x1e, 0x82, 0xbc, - 0xf1, 0xc5, 0x31, 0xcd, 0xa6, 0xb1, 0x0c, 0x02, 0xbf, 0x7f, - 0xb7, 0xaf, 0x5f, 0xd6, 0xed, 0xf7, 0xc1, 0x59, 0x86, 0x3a, - 0x35, 0x95, 0x54, 0x21, 0x8d, 0x6a, 0xb3, 0xd1, 0x2b, 0x71, - 0xf5, 0xf1, 0x66, 0x00, 0xb1, 0x88, 0xee, 0x3b, 0xa4, 0x41, - 0x52, 0x1a, 0xf5, 0x0e, 0x32, 0xb6, 0xbf, 0x52, 0xab, 0x51, - 0x55, 0x91, 0x32, 0x4f, 0xaf, 0x91, 0xac, 0xf7, 0xff, 0x8e, - 0x3b, 0x2b, 0x61, 0xe9, 0x6d, 0x1d, 0x68, 0x80, 0x90, 0x79, - 0x34, 0x96, 0xca, 0x49, 0x43, 0x7c, 0x89, 0x4e, 0x5e, 0x31, - 0xb5, 0xce, 0x01, 0x9b, 0x09, 0xaf, 0x92, 0x06, 0x24, 0xe7, - 0x22, 0x35, 0xcc, 0xa2, 0x0b, 0xfb, 0x5b, 0x87, 0x65, 0x71, - 0xff, 0x64, 0x3e, 0xf9, 0xe8, 0x33, 0xa0, 0xc3, 0x4e, 0xb2, - 0x41, 0x98, 0x54, 0xeb, 0x13, 0x99, 0xfb, 0x32, 0x78, 0x7e, - 0xda, 0x4f, 0xd3, 0x46, 0x6a, 0xb5, 0x78, 0x81, 0x3f, 0x04, - 0x13, 0x5f, 0x67, 0xaf, 0x88, 0xa5, 0x9e, 0x0d, 0xc5, 0xf3, - 0xe7, 0x4c, 0x51, 0xf5, 0x51, 0x4a, 0xa4, 0x58, 0x64, 0xd9, - 0xa2, 0x32, 0x54, 0x36, 0xce, 0x38, 0xd8, 0xc2, 0x0e, 0x0d, - 0x60, 0x8e, 0x32, 0x7f, 0x90, 0x8a, 0xbc, 0x88, 0xbe, 0x6a, - 0xc0, 0x47, 0x0f, 0x02, 0x41, 0xff, 0x3b, 0x7e, 0xc5, 0xa6, - 0x33, 0x1d, 0x19, 0xd1, 0xd5, 0x67, 0x6c, 0xbf, 0x16, 0xb0, - 0x7e, 0x80, 0x10, 0xbf, 0x7f, 0xdd, 0xd0, 0xf4, 0xc3, 0x94, - 0x2c, 0x9a, 0x2c, 0xda, 0x69, 0x4e, 0xd6, 0x7b, 0x40, 0x4d, - 0x2a, 0x27, 0xcb, 0x5a, 0xe5, 0x2d, 0x3f, 0x7d, 0x51, 0x9d, - 0x9f, 0x70, 0xde, 0x50, 0xb1, 0xd3, 0xd2, 0x38, 0x4d, 0x1c, - 0xca, 0xc2, 0x1e, 0x80, 0xd0, 0x36, 0x82, 0x04, 0xe6, 0x17, - 0x79, 0x9f, 0x2e, 0xc9, 0xed, 0x2b, 0xd5, 0x1b, 0xfa, 0x7d, - 0x1a, 0x80, 0xb5, 0x0e, 0x2f, 0x05, 0xbe, 0x4a, 0x1b, 0xfe, - 0x0a, 0xad, 0x01, 0xde, 0x91, 0xc8, 0xf9, 0x81, 0xbe, 0xc7, - 0xaf, 0xe7, 0x87, 0xed, 0x9d, 0xb8, 0x6c, 0xad, 0x65, 0xed, - 0x5e, 0xd3, 0x67, 0x8c, 0x62, 0x3a, 0xe7, 0xfd, 0x67, 0xe0, - 0xbb, 0x57, 0xaf, 0x56, 0xeb, 0x4a, 0x58, 0x6e, 0xad, 0xf2, - 0xbe, 0xc3, 0x70, 0x29, 0xf8, 0xeb, 0x68, 0x45, 0xa0, 0xbd, - 0xcd, 0xa5, 0xb4, 0xd9, 0x01, 0xb7, 0x44, 0xeb, 0x97, 0xf3, - 0x0c, 0x56, 0xe4, 0x26, 0xd0, 0xa5, 0xb1, 0xa3, 0x49, 0x6e, - 0x88, 0xf2, 0x22, 0xe2, 0x7b, 0x58, 0x3a, 0xd9, 0x52, 0xa4, - 0xb1, 0x4c, 0x5c, 0x7c, 0xf0, 0x88, 0x7b, 0x9f, 0x06, 0xe9, - 0x32, 0x4e, 0xf2, 0x64, 0x83, 0x8b, 0xa2, 0xea, 0x1d, 0x25, - 0xf1, 0x8d, 0x16, 0x8b, 0xe0, 0xab, 0xd2, 0xe9, 0xe4, 0x6b, - 0x7d, 0x76, 0x98, 0x22, 0x53, 0x31, 0x6b, 0xcc, 0xf1, 0xe5, - 0x1d, 0xd7, 0xa5, 0xb0, 0xea, 0x6b, 0x38, 0x14, 0x0c, 0x06, - 0x10, 0x27, 0xd8, 0x33, 0xf3, 0x9a, 0xae, 0x94, 0xdd, 0x0b, - 0xb4, 0x6d, 0xe5, 0x91, 0xdd, 0xf1, 0x0f, 0x27, 0xa4, 0x94, - 0x55, 0xf0, 0xde, 0x07, 0x29, 0xe6, 0x3f, 0x26, 0x19, 0xa1, - 0xdd, 0xd1, 0x06, 0x99, 0xda, 0x54, 0x23, 0x3c, 0xf5, 0x5c, - 0x2e, 0x96, 0xa9, 0x21, 0x23, 0x25, 0x2e, 0x6f, 0xf1, 0xf9, - 0x11, 0x54, 0xe5, 0x7b, 0xb9, 0x1f, 0x11, 0xe2, 0x9e, 0x6b, - 0x61, 0x8b, 0xa3, 0x8b, 0xc1, 0x20, 0x9b, 0xfb, 0x51, 0xef, - 0xbb, 0xb9, 0xf6, 0xaf, 0x66, 0xb3, 0x2c, 0x25, 0xef, 0x76, - 0xcb, 0xbf, 0x7a, 0x93, 0x2f, 0xe1, 0x17, 0x56, 0xc1, 0x00, - 0x33, 0xb5, 0xd9, 0x91, 0x05, 0x31, 0xcc, 0x72, 0xcd, 0x4a, - 0x93, 0x9a, 0xe3, 0x21, 0x42, 0x9e, 0xb8, 0x4e, 0x6c, 0x27, - 0x93, 0xf0, 0x7f, 0x22, 0xdb, 0xe5, 0xb3, 0xa3, 0xf7, 0xe7, - 0x80, 0xbb, 0x91, 0xca, 0xf7, 0xe8, 0x52, 0xb8, 0x11, 0x64, - 0x66, 0x25, 0x94, 0xf8, 0x6f, 0x0b, 0x3b, 0xb7, 0xff, 0x80, - 0x9e, 0x36, 0xe9, 0x88, 0x2e, 0xab, 0x05, 0xbf, 0x99, 0x9f, - 0x2b, 0x4f, 0xc6, 0xb1, 0x13, 0x5b, 0x06, 0xff, 0x0a, 0x7b, - 0xbc, 0x7f, 0x07, 0xa0, 0x35, 0xc2, 0x2d, 0x44, 0x3e, 0xad, - 0x44, 0xcb, 0x47, 0x18, 0x26, 0x71, 0x7b, 0x17, 0xc9, 0x6d, - 0xb5, 0x4b, 0xcf, 0xdf, 0x14, 0x2c, 0x6c, 0xdf, 0x21, 0xce, - 0x93, 0x49, 0x34, 0x69, 0x49, 0xfd, 0x3e, 0x71, 0x5b, 0xfa, - 0x07, 0xc5, 0x7e, 0x5e, 0x54, 0x1a, 0x3c, 0xa6, 0x29, 0xb5, - 0xbf, 0x0d, 0xf1, 0xc6, 0xa4, 0x61, 0xd6, 0x17, 0x1d, 0xf0, - 0xa2, 0x78, 0x8f, 0xbc, 0x7e, 0x0c, 0xb4, 0xf0, 0x1e, 0x05, - 0xea, 0xb5, 0xad, 0x68, 0x95, 0x0b, 0x27, 0xb4, 0x29, 0x7c, - 0x70, 0x2a, 0x9a, 0x0a, 0x39, 0xd4, 0x76, 0xb7, 0x72, 0x30, - 0x5e, 0xae, 0x9c, 0x4a, 0x55, 0xc7, 0x46, 0xd7, 0x5f, 0xbe, - 0x10, 0x61, 0x25, 0x18, 0x7a, 0x9f, 0xd3, 0x05, 0x3d, 0x6f, - 0x9a, 0x1e, 0xec, 0x2b, 0x03, 0xe0, 0x49, 0x6a, 0x9c, 0xd6, - 0xdb, 0xc2, 0xa1, 0xe1, 0x0a, 0xbb, 0x31, 0x42, 0xc8, 0x43, - 0x4e, 0x7c, 0xa9, 0x7c, 0x60, 0xea, 0xbe, 0xf1, 0x8b, 0xe8, - 0xb2, 0x90, 0x83, 0x14, 0x21, 0xe4, 0xb3, 0x0d, 0x7c, 0x63, - 0x3c, 0x98, 0x55, 0xc6, 0x44, 0xa6, 0xa8, 0x1e, 0x42, 0xb7, - 0x89, 0xa8, 0xbd, 0xb8, 0x34, 0x3d, 0x09, 0x80, 0x99, 0x73, - 0x9f, 0xaf, 0x17, 0x56, 0xf2, 0x73, 0x3e, 0x1e, 0x6e, 0xe9, - 0x18, 0xa0, 0x5b, 0x69, 0xce, 0xfd, 0x3d, 0x77, 0x81, 0x95, - 0x3b, 0xf1, 0xde, 0x26, 0xe9, 0x27, 0xef, 0x92, 0x2a, 0x97, - 0xdc, 0x95, 0xa5, 0xa3, 0xb0, 0xfb, 0x96, 0x89, 0x4f, 0xe6, - 0xc1, 0x42, 0x0b, 0xfd, 0xb4, 0x6d, 0x0a, 0x9f, 0x9b, 0x31, - 0xd8, 0x21, 0x38, 0x8a, 0xee, 0xb6, 0x5c, 0x12, 0xa8, 0xb4, - 0x07, 0x79, 0x41, 0xa7, 0x7f, 0x13, 0x74, 0xad, 0x0b, 0xee, - 0x28, 0x52, 0xac, 0x2f, 0x4d, 0x30, 0x1c, 0xc5, 0xa6, 0xa5, - 0x61, 0x42, 0xbd, 0xe1, 0x4f, 0xd3, 0xec, 0x66, 0xf2, 0x63, - 0xf4, 0x93, 0xdb, 0x35, 0x2d, 0x3b, 0x71, 0x25, 0x09, 0xde, - 0xda, 0x46, 0xda, 0xe2, 0xa7, 0xa3, 0xdf, 0xcd, 0xbf, 0x58, - 0x05, 0x25, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x03, - 0xc0, 0x5f, 0xd5, 0x15, 0x1b, 0x09, 0xe4, 0xa7, 0xc0, 0xa6, - 0xd8, 0x0d, 0xa8, 0x2a, 0xd3, 0x1d, 0x46, 0x03, 0x07, 0xf0, - 0x98, 0xe4, 0x4b, 0x99, 0x66, 0x8e, 0x72, 0xe7, 0xbb, 0x51, - 0xc6, 0x1a, 0xbe, 0x36, 0xf4, 0x52, 0xba, 0xa8, 0xbf, 0xaa, - 0xe3, 0x71, 0x1d, 0x83, 0x21, 0xc0, 0xa6, 0x88, 0x4f, 0xf7, - 0x2b, 0x93, 0x26, 0xe4, 0xa7, 0xed, 0x50, 0x18, 0xaa, 0xf4, - 0x4c, 0xa2, 0xfe, 0x92, 0x7c, 0xde, 0x2e, 0x54, 0x76, 0xc2, - 0x25, 0x1e, 0x98, 0xa6, 0x48, 0x01, 0x39, 0x6f, 0x1f, 0x24, - 0x97, 0x9b, 0x64, 0x95, 0x1c, 0x8d, 0x63, 0x8d, 0x44, 0x6f, - 0x9d, 0xdf, 0xf4, 0x1a, 0xa5, 0x9a, 0x1e, 0xd3, 0x6c, 0xae, - 0xa9, 0x8c, 0x3f, 0xfb, 0x2f, 0x78, 0xf6, 0xa6, 0xd6, 0x06, - 0xd3, 0xb7, 0x26, 0xff, 0x1e, 0xdb, 0x8d, 0xcc, 0x37, 0x4d, - 0x5c, 0xe2, 0xc3, 0xa5, 0x75, 0xe6, 0xf9, 0xb4, 0x4c, 0x84, - 0x6f, 0x9e, 0x58, 0x55, 0xc8, 0x01, 0xfa, 0x32, 0xd2, 0x6e, - 0x2b, 0x45, 0xf2, 0xc6, 0x48, 0xad, 0x40, 0xd8, 0xb9, 0x3c, - 0x1b, 0xf8, 0xf7, 0x82, 0xd3, 0x0e, 0x73, 0xe3, 0xb1, 0x5b, - 0x82, 0x71, 0x77, 0x3f, 0x6f, 0x36, 0x9a, 0xe0, 0xec, 0x51, - 0xf8, 0x5f, 0x84, 0x92, 0xee, 0xb8, 0x7e, 0xe7, 0x1a, 0x14, - 0x50, 0x82, 0x7a, 0x4d, 0xe6, 0xd6, 0xa3, 0x76, 0x24, 0x8a, - 0x5f, 0xfe, 0x19, 0xdd, 0xd7, 0xf7, 0x5b, 0xae, 0x18, 0x04, - 0x90, 0xcd, 0x5c, 0xe5, 0x64, 0xe8, 0x04, 0xb1, 0x06, 0xa5, - 0xdd, 0xf8, 0x9d, 0x71, 0x13, 0xaa, 0x36, 0x7f, 0x61, 0x27, - 0xf4, 0xac, 0x95, 0x7d, 0x1a, 0x99, 0x7d, 0xe0, 0xd5, 0x9c, - 0x5a, 0xad, 0x9a, 0xff, 0x54, 0xb0, 0xb1, 0x55, 0x45, 0x2d, - 0x19, 0x58, 0x52, 0x28, 0xdd, 0xe0, 0xb5, 0x65, 0x52, 0x97, - 0x45, 0xf0, 0x2b, 0x98, 0x1f, 0x61, 0x6c, 0x9d, 0xaa, 0x59, - 0x85, 0xf9, 0x97, 0x7b, 0xbd, 0xeb, 0x95, 0x81, 0xfb, 0x29, - 0x8c, 0xf0, 0x52, 0xdf, 0xed, 0xee, 0xb2, 0x00, 0x32, 0x35, - 0x14, 0xa8, 0xa4, 0xca, 0x91, 0xff, 0x18, 0xb7, 0x96, 0xfb, - 0x32, 0x62, 0xa9, 0xa0, 0xd0, 0x77, 0x43, 0xf5, 0x99, 0xd1, - 0xee, 0xe8, 0xad, 0x1a, 0x2c, 0xd4, 0xeb, 0xe1, 0xf5, 0x01, - 0x41, 0x78, 0xc0, 0x27, 0x19, 0x50, 0x2e, 0xba, 0x22, 0xd1, - 0xeb, 0xb3, 0xa5, 0x27, 0x0b, 0xec, 0xf9, 0x26, 0x7e, 0x1f, - 0xe7, 0x17, 0x9f, 0x39, 0xa8, 0x72, 0x22, 0x63, 0x79, 0x6a, - 0x9c, 0x89, 0x55, 0x9a, 0xb4, 0x61, 0x41, 0xbc, 0xaa, 0x14, - 0x37, 0x29, 0x03, 0xc0, 0x52, 0x4e, 0x31, 0x44, 0x8f, 0x2e, - 0x17, 0x81, 0x88, 0xf4, 0xce, 0xda, 0x41, 0xb8, 0xd5, 0x14, - 0x91, 0x8c, 0xca, 0xd2, 0x0d, 0x99, 0x06, 0x09, 0xc2, 0xb7, - 0xe8, 0xae, 0xfa, 0x01, 0xea, 0x99, 0x62, 0x68, 0xb6, 0xdf, - 0xc8, 0x27, 0xae, 0xbf, 0xb0, 0x9b, 0x5b, 0x1a, 0xa2, 0xe2, - 0x5a, 0x7a, 0xe5, 0x4b, 0x92, 0x1f, 0xff, 0x73, 0xae, 0x16, - 0x40, 0x78, 0x42, 0x28, 0xbb, 0x13, 0x5e, 0xbc, 0x71, 0x7a, - 0x78, 0x3e, 0xd8, 0x1b, 0xc2, 0x2c, 0xd6, 0xdc, 0xfa, 0x39, - 0x72, 0xf8, 0xa2, 0x2c, 0x8b, 0x1c, 0x5d, 0xab, 0xb8, 0x07, - 0xc7, 0xae, 0x29, 0x93, 0x68, 0xbf, 0x61, 0xe9, 0xa4, 0x37, - 0x83, 0x7d, 0x13, 0xc7, 0x18, 0xf0, 0x7d, 0xa4, 0x20, 0x47, - 0x14, 0x68, 0x95, 0x46, 0x56, 0x6d, 0xd5, 0x7b, 0xe1, 0x51, - 0x8f, 0x96, 0xc1, 0x7b, 0x35, 0x09, 0x7a, 0x89, 0x0e, 0xdf, - 0x12, 0xd5, 0xe1, 0x9c, 0x2a, 0x94, 0x95, 0x43, 0x93, 0x48, - 0xa6, 0x23, 0xe6, 0xd8, 0xf2, 0xb8, 0x0e, 0xba, 0x6d, 0x61, - 0x03, 0xaf, 0x40, 0x63, 0x2b, 0x2f, 0xee, 0x61, 0x4c, 0xc4, - 0x70, 0x3d, 0x78, 0xc1, 0x4f, 0x8e, 0x0b, 0x9b, 0x06, 0x35, - 0x6d, 0x6d, 0x83, 0x37, 0xbb, 0x39, 0x7d, 0x7f, 0x33, 0x93, - 0xc4, 0xeb, 0x8e, 0xfc, 0xda, 0xf0, 0x54, 0xfe, 0x1d, 0xc4, - 0xd3, 0x83, 0x99, 0xdf, 0x65, 0xee, 0x00, 0x7d, 0x86, 0x27, - 0xd4, 0x3a, 0x6b, 0xe6, 0x82, 0x8e, 0x58, 0x2d, 0x03, 0x38, - 0xef, 0x6c, 0x82, 0x87, 0x18, 0x3b, 0x47, 0xe7, 0xbc, 0xe1, - 0x58, 0x70, 0x4d, 0x46, 0x96, 0x34, 0x60, 0x96, 0x15, 0x09, - 0x3c, 0x84, 0x40, 0xaf, 0x80, 0x32, 0x75, 0xc7, 0x23, 0x6c, - 0xfb, 0x1d, 0x57, 0x73, 0x19, 0x09, 0xe8, 0x1a, 0x4c, 0x02, - 0x5c, 0x7e, 0x4e, 0xbe, 0x75, 0xf8, 0x73, 0xff, 0x2d, 0x54, - 0x19, 0x55, 0xf5, 0xf4, 0x1b, 0xc9, 0xbc, 0xc2, 0x19, 0xcb, - 0xb7, 0x4e, 0x6a, 0x0d, 0xff, 0xca, 0x7d, 0xd0, 0x88, 0x91, - 0x8b, 0x9b, 0x21, 0xa4, 0xa2, 0x43, 0x0d, 0xbc, 0x9e, 0x73, - 0x7d, 0x54, 0x7d, 0x95, 0xcc, 0x63, 0x5e, 0xc1, 0xb8, 0xe6, - 0x27, 0xff, 0x20, 0x07, 0xe8, 0x6e, 0x7e, 0xf2, 0x0f, 0x5a, - 0x09, 0xef, 0xe5, 0x4d, 0x80, 0x39, 0x95, 0xd5, 0xf4, 0xee, - 0x3b, 0xca, 0x7c, 0x73, 0xf8, 0x39, 0x5a, 0xc1, 0x1d, 0x7d, - 0x94, 0x72, 0x32, 0xad, 0x58, 0xe2, 0xfc, 0x71, 0x6e, 0x66, - 0xaa, 0xa1, 0x59, 0xd6, 0xac, 0xab, 0xbe, 0x8c, 0x53, 0x99, - 0xcd, 0xe8, 0x2d, 0xb5, 0xb3, 0x46, 0x58, 0x2e, 0x16, 0xd7, - 0x4d, 0x8b, 0x7d, 0x4a, 0xb1, 0x4c, 0x85, 0x91, 0x1b, 0x57, - 0x54, 0xf8, 0x14, 0x59, 0xdb, 0xc4, 0x2c, 0x9c, 0x08, 0x6d, - 0x3d, 0xd7, 0xf6, 0xa6, 0xe6, 0xb3, 0x2a, 0xe7, 0x29, 0x1c, - 0xab, 0xb4, 0xed, 0x13, 0x19, 0xf8, 0xb6, 0x60, 0x92, 0x44, - 0x53, 0xd4, 0xa9, 0x7e, 0xba, 0x21, 0xa2, 0xdc, 0x6e, 0xa5, - 0x5e, 0x53, 0x59, 0x3c, 0x52, 0x61, 0x7b, 0x5f, 0x19, 0xad, - 0xc8, 0x6d, 0x68, 0x8d, 0x7a, 0xc9, 0xd6, 0xef, 0xeb, 0x67, - 0x4f, 0xca, 0xe7, 0xf6, 0x29, 0x36, 0x97, 0xfb, 0x3e, 0x37, - 0x95, 0x85, 0x71, 0x70, 0xf6, 0x63, 0x86, 0x2a, 0x29, 0xd7, - 0x9a, 0x96, 0x76, 0xa7, 0x47, 0x98, 0x4e, 0x06, 0x31, 0xaf, - 0xf3, 0x4f, 0x2a, 0x65, 0x90, 0x6a, 0x4b, 0x8e, 0x43, 0x79, - 0xe2, 0xdd, 0xce, 0x08, 0x1c, 0x01, 0xec, 0x38, 0x41, 0xdd, - 0x19, 0xd8, 0xf3, 0x36, 0x03, 0x35, 0x03, 0xaf, 0x1c, 0x45, - 0x3c, 0xac, 0x13, 0xaa, 0x36, 0x16, 0x48, 0x77, 0xb3, 0xbe, - 0xa3, 0xb3, 0x9d, 0x7f, 0x20, 0xca, 0x74, 0x65, 0xac, 0x93, - 0xa7, 0x54, 0xad, 0xc8, 0x68, 0x0e, 0xf8, 0x44, 0x1f, 0xad, - 0x2c, 0xb7, 0x9a, 0x9a, 0x07, 0xe5, 0xcd, 0x87, 0xe0, 0x14, - 0xb5, 0xaf, 0xd3, 0xd7, 0xcf, 0x13, 0x9f, 0x3b, 0xbd, 0xfe, - 0x29, 0x0b, 0x72, 0xf5, 0x4c, 0x54, 0x94, 0xc7, 0x66, 0xec, - 0xa8, 0x41, 0x96, 0x3d, 0x17, 0xed, 0x19, 0xc0, 0x82, 0x3e, - 0x5f, 0x9a, 0x91, 0xfe, 0xd1, 0x2f, 0xb8, 0x94, 0xaa, 0x58, - 0x68, 0x95, 0x31, 0x87, 0x57, 0x9a, 0x75, 0x94, 0x4d, 0x38, - 0x7d, 0x56, 0x82, 0x81, 0x9c, 0xb9, 0x34, 0x2b, 0xe7, 0x40, - 0xd9, 0x3c, 0x77, 0x5b, 0x95, 0x51, 0x06, 0x11, 0x41, 0xe3, - 0x8b, 0xb7, 0x32, 0xeb, 0xe1, 0x05, 0x1b, 0x10, 0xa8, 0x0e, - 0xa1, 0x02, 0x82, 0x01, 0xe1, 0x00, 0xfa, 0x38, 0x34, 0xfe, - 0x55, 0x87, 0x71, 0x62, 0x47, 0x00, 0x33, 0x64, 0x67, 0x70, - 0x79, 0x76, 0xdf, 0xfe, 0xc3, 0x28, 0x38, 0xdf, 0x90, 0xd4, - 0xc0, 0xee, 0x98, 0xbf, 0x9d, 0x9b, 0x85, 0xd8, 0x61, 0x65, - 0xa5, 0x70, 0xf5, 0xd2, 0x2c, 0xbf, 0x2f, 0xb5, 0x55, 0x79, - 0x92, 0x13, 0xba, 0x4d, 0x3c, 0x39, 0xbf, 0xd5, 0x31, 0x13, - 0x7a, 0x31, 0xf4, 0x8b, 0xce, 0xf8, 0xd0, 0xd3, 0x9b, 0xe2, - 0xee, 0x31, 0xdb, 0xba, 0xcc, 0x1a, 0xba, 0x1c, 0x8d, 0xee, - 0xea, 0xcb, 0xd3, 0x5a, 0xad, 0x87, 0xd6, 0xf9, 0x15, 0x2f, - 0x6e, 0x00, 0x06, 0x74, 0x25, 0x8d, 0xff, 0xc8, 0xa6, 0x11, - 0x1c, 0xe8, 0x16, 0x1a, 0xde, 0x53, 0x05, 0xb9, 0x53, 0x55, - 0x28, 0x83, 0x3d, 0xbe, 0x61, 0x0c, 0xc4, 0x98, 0x7d, 0xf6, - 0xec, 0x36, 0xc3, 0xe5, 0xe7, 0x1d, 0x14, 0x64, 0xcb, 0x0d, - 0x62, 0x5d, 0x7a, 0xcd, 0x88, 0xfc, 0x66, 0x4e, 0xf9, 0x36, - 0x47, 0x95, 0x18, 0x3a, 0x48, 0x2a, 0xff, 0x62, 0x8f, 0x6c, - 0xe2, 0xc2, 0xe9, 0xd3, 0x6a, 0x45, 0x5c, 0xf5, 0x89, 0x53, - 0x5c, 0xbe, 0xcf, 0xad, 0x87, 0x22, 0x9c, 0x31, 0x48, 0xdb, - 0xd8, 0xe4, 0xe5, 0x38, 0xae, 0xc2, 0xb0, 0xd2, 0xba, 0xb7, - 0x30, 0x53, 0x2d, 0xb1, 0x35, 0xf1, 0x58, 0x0f, 0x8a, 0x06, - 0x51, 0x76, 0xb9, 0x2c, 0x32, 0xe0, 0xd1, 0xaa, 0x82, 0x34, - 0x69, 0x71, 0x1c, 0x5f, 0x35, 0xa8, 0x9d, 0x11, 0xac, 0x13, - 0xdb, 0x7b, 0xf6, 0x93, 0xe3, 0xb9, 0xbd, 0xd9, 0xb2, 0x86, - 0xff, 0x61, 0x88, 0x2b, 0x72, 0x5c, 0x84, 0xe1, 0x0c, 0x72, - 0xab, 0x44, 0xff, 0x23, 0x13, 0xaf, 0xd1, 0x5a, 0xd3, 0xea, - 0x73, 0xfe, 0xd5, 0xa4, 0x7d, 0x9e, 0x4e, 0xac, 0x03, 0x93, - 0x72, 0x14, 0x2d, 0x96, 0x6f, 0xee, 0xb4, 0xcd, 0x4e, 0xab, - 0xea, 0x71, 0x93, 0x81, 0xe0, 0x3d, 0xcd, 0x61, 0x96, 0x25, - 0x76, 0xbd, 0xc4, 0xb5, 0xdd, 0x7c, 0xf1, 0xb9, 0xe1, 0x2c, - 0x58, 0x1b, 0xa4, 0x46, 0x4b, 0x12, 0x57, 0x58, 0xaa, 0x3a, - 0xae, 0x89, 0xa3, 0xb3, 0xcf, 0x1f, 0x8d, 0x67, 0xdf, 0x6d, - 0x7e, 0x8e, 0xfa, 0xc5, 0x09, 0x73, 0x46, 0x56, 0x55, 0x90, - 0xeb, 0x77, 0x4e, 0x16, 0x4f, 0x68, 0x7b, 0x1f, 0x61, 0x23, - 0xec, 0xa9, 0x71, 0x30, 0x33, 0x25, 0xc7, 0x4e, 0x26, 0x2e, - 0x4e, 0x2b, 0xc2, 0x64, 0x5f, 0xf5, 0x8f, 0x7a, 0x4b, 0x1c, - 0x06, 0xb3, 0x91, 0xf6, 0x9b, 0x51, 0xb7, 0xb0, 0x64, 0x72, - 0x04, 0xe5, 0xfa, 0x14, 0x2f, 0xed, 0x61, 0x29, 0x03, 0x73, - 0x19, 0x15, 0x6e, 0x2c, 0x8b, 0x0e, 0xec, 0x4d, 0xf1, 0xe3, - 0x6f, 0x58, 0x7c, 0xc9, 0x48, 0x67, 0x3f, 0x51, 0xb5, 0xb7, - 0x26, 0x46, 0xa7, 0x25, 0x79, 0x55, 0xfe, 0x3a, 0x44, 0xb4, - 0x44, 0xfc, 0xb8, 0x14, 0x34, 0x47, 0xd7, 0xa3, 0x0e, 0x76, - 0xe7, 0x83, 0x9a, 0x02, 0xc3, 0xcf, 0x2b, 0xd9, 0x83, 0x93, - 0xd5, 0xee, 0x99, 0x74, 0x45, 0x62, 0x23, 0xa6, 0x02, 0xc9, - 0xc0, 0x10, 0x70, 0x0a, 0x99, 0x29, 0x0c, 0x79, 0x04, 0x4c, - 0x77, 0x21, 0x96, 0xf0, 0xa5, 0x17, 0x22, 0xbe, 0xab, 0x9b, - 0xd7, 0x42, 0xd3, 0xe9, 0xc0, 0x42, 0x44, 0x7d, 0x9d, 0xc9, - 0x3d, 0xf9, 0x36, 0x97, 0x1b, 0x75, 0x52, 0x8f, 0xe9, 0xb9, - 0x8c, 0xa7, 0x64, 0x19, 0x5b, 0x5d, 0x60, 0xb4, 0x42, 0x95, - 0xc9, 0xdb, 0x82, 0x03, 0xc6, 0xb0, 0x28, 0x72, 0x64, 0x03, - 0x41, 0x4d, 0x8f, 0xc6, 0xd0, 0xcd, 0x02, 0x82, 0x01, 0xe1, - 0x00, 0xe8, 0x66, 0xa7, 0xf9, 0x0f, 0x5a, 0x21, 0xfc, 0x88, - 0x4e, 0x91, 0xd5, 0x4a, 0xf0, 0xf4, 0x32, 0xe5, 0x0d, 0xf3, - 0x06, 0x95, 0xd0, 0x4e, 0x47, 0x0c, 0x04, 0x66, 0x77, 0xfd, - 0xb8, 0x93, 0x0d, 0xff, 0x8f, 0x97, 0xa0, 0x4a, 0x36, 0x37, - 0xa6, 0x5e, 0x95, 0x79, 0xc8, 0xb2, 0x21, 0x98, 0x81, 0xf1, - 0xb8, 0xf4, 0x52, 0xaf, 0x3c, 0x8c, 0x86, 0x85, 0x55, 0x56, - 0xfc, 0x90, 0xe3, 0x32, 0x50, 0x7c, 0x54, 0x07, 0x9e, 0xed, - 0xfc, 0xd4, 0xb9, 0x5c, 0x98, 0x22, 0xfb, 0x72, 0xd7, 0x83, - 0xf0, 0xd1, 0x61, 0x10, 0xbd, 0x68, 0x5d, 0x72, 0xc1, 0xce, - 0x92, 0x43, 0x77, 0x9f, 0xb8, 0x8d, 0x8e, 0xf2, 0xe3, 0x62, - 0x4a, 0x93, 0x03, 0xd3, 0xd9, 0x01, 0xa8, 0x99, 0x6f, 0xa3, - 0x4c, 0x6d, 0x7a, 0xf2, 0x9e, 0x8e, 0x6b, 0xbc, 0xe4, 0x9d, - 0x8e, 0xe7, 0x25, 0x86, 0xa4, 0xa9, 0xc2, 0xef, 0xdf, 0xbb, - 0x6e, 0x3d, 0x4b, 0x57, 0x95, 0x81, 0x6f, 0x68, 0x3f, 0x19, - 0xa8, 0xff, 0x5a, 0x08, 0x7a, 0xe4, 0x4c, 0x4e, 0xb4, 0xea, - 0xf4, 0xc8, 0x2f, 0xef, 0x8c, 0x5e, 0xcd, 0x62, 0x1c, 0x8c, - 0x93, 0x60, 0x5d, 0xa3, 0x11, 0x64, 0x0b, 0xeb, 0x6d, 0x21, - 0xbc, 0x3a, 0x5b, 0x5c, 0x0c, 0xa7, 0x8a, 0xc6, 0xa8, 0xe1, - 0x48, 0x81, 0x01, 0xb5, 0x65, 0xab, 0x2e, 0xbe, 0x38, 0x94, - 0xf7, 0xa6, 0x33, 0xc1, 0x6e, 0x0b, 0x88, 0x38, 0xe7, 0x1b, - 0x04, 0x9a, 0x10, 0x2d, 0x1d, 0x3f, 0x5f, 0x5f, 0xc8, 0xef, - 0xcd, 0xc5, 0x16, 0xdc, 0x84, 0xc0, 0x66, 0xe0, 0xa3, 0xfc, - 0xfa, 0x96, 0xc7, 0xb7, 0xec, 0x4f, 0x40, 0x0a, 0xc5, 0xbe, - 0x6d, 0x39, 0x4a, 0x7e, 0x91, 0x4f, 0xe1, 0x03, 0xd2, 0x39, - 0xbc, 0x87, 0x69, 0xa1, 0xf0, 0x6d, 0x11, 0xf5, 0xb4, 0x9d, - 0xae, 0x76, 0x6b, 0xc6, 0xbf, 0xe4, 0x47, 0xbc, 0x4d, 0x13, - 0x88, 0xa8, 0x83, 0xf5, 0xae, 0x1d, 0xfb, 0x4d, 0x4c, 0x44, - 0x03, 0xd8, 0xa4, 0x2e, 0x4d, 0xf8, 0x5f, 0x45, 0x94, 0x58, - 0xd7, 0xd9, 0x4b, 0x47, 0xd8, 0xfc, 0x35, 0x05, 0xed, 0xb4, - 0xb6, 0xc2, 0x36, 0x2e, 0xba, 0xd2, 0x7a, 0xba, 0x69, 0x34, - 0xbf, 0xf1, 0xa1, 0x5e, 0x17, 0x71, 0x89, 0xd3, 0x54, 0x57, - 0x05, 0x2b, 0x82, 0xe3, 0x0a, 0x64, 0x5c, 0x3b, 0x8c, 0x6b, - 0xc7, 0x10, 0x8a, 0xb5, 0xd3, 0xd7, 0x90, 0xeb, 0xdb, 0x1d, - 0xa0, 0xbf, 0x6b, 0xea, 0xcd, 0x31, 0x7a, 0x8d, 0x64, 0xcc, - 0x58, 0xc0, 0x07, 0xa4, 0x6e, 0x14, 0x0b, 0xf3, 0xea, 0x3e, - 0x87, 0x9f, 0x7c, 0xb8, 0x1c, 0x22, 0x26, 0x8a, 0x7d, 0x90, - 0xdd, 0x57, 0x28, 0x38, 0xcc, 0x0e, 0x71, 0x92, 0x89, 0xee, - 0x79, 0x88, 0xbc, 0x05, 0x21, 0xda, 0x42, 0x92, 0x52, 0x66, - 0xac, 0x4a, 0xe5, 0xf5, 0x6e, 0x47, 0xd5, 0xba, 0x37, 0xd3, - 0x7c, 0x89, 0xd4, 0xd8, 0x6f, 0xde, 0x63, 0x44, 0xb5, 0x88, - 0xdd, 0xb1, 0x30, 0xb4, 0x6d, 0xcd, 0xbf, 0xc8, 0x34, 0x27, - 0x59, 0x7d, 0x79, 0xdc, 0x96, 0x5b, 0x8e, 0xc0, 0x87, 0xc0, - 0x4e, 0x40, 0x07, 0x13, 0x91, 0x6b, 0x3a, 0x12, 0x03, 0x64, - 0x70, 0xaf, 0x80, 0x24, 0x1c, 0x5c, 0xfb, 0xf5, 0xc0, 0x74, - 0x5e, 0xaf, 0x06, 0x18, 0x04, 0x67, 0x4a, 0xbd, 0xac, 0xd7, - 0xca, 0xbe, 0x4e, 0xa1, 0x19, 0x48, 0x7d, 0xa6, 0x59, 0xf6, - 0x1a, 0x62, 0x50, 0x53, 0x46, 0xa4, 0x5b, 0x9c, 0x5a, 0xfd, - 0x89, 0x9d, 0xd4, 0xde, 0xf4, 0xa7, 0x3d, 0x88, 0x73, 0xa5, - 0xb9, 0x02, 0x82, 0x01, 0xe1, 0x00, 0xe7, 0x70, 0x59, 0xc3, - 0xed, 0xc4, 0x6b, 0xa1, 0xa5, 0x5e, 0x90, 0x2a, 0x8c, 0x6a, - 0xc2, 0x4e, 0xab, 0xfc, 0xee, 0xf2, 0x23, 0x38, 0xd6, 0xb3, - 0x93, 0x08, 0x9e, 0x0c, 0x8e, 0x71, 0x2d, 0xa9, 0xe8, 0xdc, - 0xa5, 0xdc, 0x07, 0xe3, 0xb1, 0x33, 0xdd, 0xa2, 0xf2, 0x3e, - 0x92, 0x58, 0xe0, 0xf7, 0x53, 0x7f, 0x6e, 0xea, 0x78, 0x8c, - 0x35, 0x78, 0x43, 0x63, 0x95, 0xbb, 0x1b, 0x1c, 0xbf, 0x91, - 0x75, 0x14, 0x74, 0xd3, 0x20, 0xba, 0x8f, 0xee, 0x9d, 0x71, - 0xa1, 0x87, 0x8a, 0x24, 0xd3, 0x61, 0x53, 0xfb, 0xec, 0x16, - 0x84, 0xbe, 0x4d, 0x39, 0xdd, 0x0a, 0xac, 0xce, 0x20, 0x9c, - 0xaf, 0x8a, 0x13, 0xf8, 0x22, 0x2f, 0xd4, 0x99, 0x88, 0x74, - 0xba, 0x16, 0x3a, 0x63, 0xff, 0x4c, 0x5a, 0x03, 0x5a, 0x6f, - 0xac, 0x29, 0x33, 0xa5, 0x50, 0xd1, 0xda, 0xed, 0x27, 0xcb, - 0x67, 0x72, 0x63, 0x85, 0xfc, 0xf0, 0xc8, 0x88, 0xbf, 0x85, - 0xef, 0x4b, 0xfe, 0xae, 0xd9, 0xd5, 0xbb, 0x86, 0xa4, 0x76, - 0xe8, 0x7f, 0xb4, 0xdb, 0xb1, 0xee, 0x1a, 0x7f, 0x99, 0xd7, - 0x9b, 0x6f, 0x7a, 0x94, 0x5c, 0xec, 0x2c, 0x60, 0x81, 0xad, - 0xa7, 0xbe, 0x80, 0x2e, 0x9f, 0xa6, 0xc0, 0xfb, 0x09, 0x6d, - 0x2b, 0xab, 0xa4, 0x15, 0xc7, 0x79, 0x46, 0x24, 0x89, 0x5c, - 0x32, 0xb9, 0x87, 0xa9, 0x54, 0x1e, 0x12, 0x90, 0x8e, 0x02, - 0x80, 0x8c, 0xf8, 0xdb, 0x2f, 0xbc, 0x98, 0x1b, 0xa2, 0x78, - 0x73, 0x89, 0x03, 0x97, 0xe3, 0x09, 0x08, 0x8b, 0x75, 0xcf, - 0xdc, 0x23, 0x90, 0x59, 0xef, 0x5b, 0x98, 0x24, 0xb8, 0xe8, - 0xcf, 0x75, 0xf0, 0x2f, 0xb7, 0xa3, 0xe6, 0x17, 0x06, 0xf0, - 0x52, 0xfe, 0x21, 0x0a, 0x16, 0x8e, 0xf8, 0xe1, 0xae, 0x25, - 0x11, 0x5d, 0x8c, 0x95, 0x1b, 0x4f, 0x45, 0xb8, 0xa8, 0xcd, - 0xe6, 0xf9, 0xca, 0xa0, 0x54, 0x93, 0x95, 0x86, 0x6f, 0xe4, - 0x93, 0x22, 0x0f, 0xf2, 0xcf, 0xbd, 0x23, 0xb0, 0xf4, 0x8f, - 0x99, 0xa7, 0x67, 0x99, 0x05, 0x13, 0x1f, 0xeb, 0x88, 0xf8, - 0xe2, 0x3b, 0xb9, 0x49, 0x35, 0x89, 0x4f, 0xb8, 0x06, 0x37, - 0x36, 0xda, 0x75, 0x25, 0x0f, 0x0a, 0xaa, 0xc2, 0x6c, 0x3e, - 0xb1, 0x2d, 0x16, 0xf3, 0x17, 0xdb, 0xe2, 0x16, 0x32, 0x39, - 0x92, 0x4b, 0x5f, 0xc0, 0x5f, 0x6e, 0xd0, 0x1c, 0x7e, 0xc0, - 0x51, 0xd9, 0xb3, 0xe2, 0x37, 0xc7, 0xe0, 0x40, 0x13, 0x7d, - 0x06, 0xcd, 0xcd, 0x72, 0xb6, 0x53, 0x2d, 0x7e, 0x60, 0x49, - 0xfe, 0x31, 0xe1, 0xd0, 0x0e, 0x4c, 0x98, 0x93, 0xe0, 0xf6, - 0xf2, 0xfa, 0x99, 0x7f, 0x65, 0xd8, 0x15, 0xc6, 0x3a, 0xb8, - 0x4d, 0x63, 0x21, 0x78, 0xe4, 0x19, 0x6b, 0xbd, 0xde, 0x40, - 0x5b, 0x8c, 0xfa, 0x49, 0x75, 0x23, 0x8f, 0x14, 0xc2, 0x3b, - 0xa3, 0x9b, 0xc5, 0x80, 0x1a, 0xa3, 0x60, 0xd7, 0x17, 0x27, - 0xf0, 0x18, 0x0f, 0xba, 0x02, 0xf7, 0x7a, 0xed, 0xa4, 0x00, - 0x77, 0xde, 0x4b, 0xdd, 0xf9, 0xd7, 0x3e, 0x75, 0xed, 0x1a, - 0x43, 0x26, 0x71, 0x1b, 0xbc, 0x72, 0xf5, 0x70, 0x72, 0x03, - 0x70, 0x25, 0x87, 0x81, 0x6a, 0x92, 0x2d, 0xb7, 0x02, 0xf0, - 0x10, 0x79, 0x65, 0x9d, 0x4e, 0x11, 0x7d, 0x5c, 0x5b, 0x37, - 0xaa, 0xb4, 0xfa, 0x43, 0x66, 0x48, 0x6c, 0x67, 0x64, 0x9e, - 0x15, 0x75, 0x36, 0xe7, 0x25, 0x55, 0x07, 0x7f, 0x74, 0x1f, - 0x2c, 0x28, 0x76, 0xe7, 0x9b, 0x3d, 0x91, 0x0b, 0xcd, 0x6a, - 0x1d, 0x5a, 0xea, 0x63, 0xd0, 0xf9, 0x02, 0x82, 0x01, 0xe0, - 0x3e, 0x31, 0xf2, 0xf4, 0x29, 0x92, 0xa2, 0x93, 0xd5, 0xda, - 0xc9, 0x16, 0x7e, 0xf6, 0xdb, 0x33, 0x9f, 0xaf, 0x4b, 0x01, - 0xd1, 0x28, 0x2d, 0x3a, 0xc0, 0x51, 0x91, 0x26, 0xbd, 0xa5, - 0x1e, 0xdd, 0xd9, 0x2e, 0x11, 0x93, 0x19, 0x29, 0x47, 0x5d, - 0x63, 0xe4, 0xb6, 0xf1, 0xea, 0x12, 0x29, 0xa1, 0x65, 0x12, - 0x6d, 0x78, 0x8f, 0x63, 0x31, 0xec, 0x72, 0x54, 0x73, 0x72, - 0x26, 0x48, 0x57, 0x57, 0xc8, 0xde, 0x28, 0x27, 0xf5, 0x62, - 0xfb, 0x7f, 0x1b, 0xf3, 0xaf, 0x31, 0x01, 0xfc, 0x01, 0x58, - 0x7a, 0x80, 0x72, 0x9d, 0x6e, 0x07, 0xcc, 0x45, 0x67, 0xc6, - 0x26, 0xfe, 0x25, 0xa5, 0x9b, 0x64, 0xcd, 0x45, 0xe3, 0x31, - 0x38, 0x05, 0x07, 0x36, 0x05, 0x46, 0x9c, 0xc1, 0x8e, 0xbf, - 0x4e, 0x71, 0x5f, 0xea, 0xe5, 0x0c, 0x9a, 0x41, 0xc8, 0x94, - 0xcc, 0xf1, 0x73, 0x06, 0x30, 0x54, 0x76, 0x23, 0xb7, 0x22, - 0x7a, 0x8e, 0xe6, 0x42, 0xa1, 0xa0, 0x32, 0x12, 0xe9, 0x08, - 0x1c, 0x46, 0x79, 0x0c, 0x82, 0x7a, 0x95, 0x79, 0xbf, 0x83, - 0x80, 0xeb, 0xab, 0x3d, 0x32, 0xc5, 0xde, 0x62, 0xeb, 0x90, - 0x29, 0x73, 0x05, 0xc8, 0x0a, 0xb1, 0x51, 0xf1, 0x23, 0xdd, - 0x1e, 0xf5, 0x02, 0x3e, 0x74, 0xbc, 0x24, 0x0c, 0x60, 0x36, - 0x2a, 0x28, 0x4d, 0xe6, 0x86, 0x98, 0x7c, 0xd9, 0xe1, 0xac, - 0x21, 0x33, 0xaa, 0xa9, 0x8b, 0xb6, 0x8a, 0x1b, 0xf7, 0x54, - 0x14, 0xf3, 0x0d, 0x4f, 0xcd, 0x7c, 0xf5, 0xc2, 0x6d, 0xc2, - 0xf0, 0xe2, 0xfc, 0x63, 0x1e, 0xa6, 0xa9, 0xa9, 0xd9, 0x73, - 0x2a, 0xd5, 0x0a, 0x38, 0xd8, 0xc0, 0xb7, 0xe1, 0x51, 0xe4, - 0x23, 0x37, 0xf7, 0x85, 0x66, 0x0e, 0x3f, 0x1a, 0x8c, 0xcf, - 0x12, 0xa2, 0x47, 0x6f, 0x73, 0x91, 0x21, 0xe3, 0x93, 0x6b, - 0x74, 0x4f, 0xc5, 0xa1, 0xe7, 0x32, 0xf7, 0x86, 0xdd, 0x1a, - 0x6e, 0x96, 0xda, 0x32, 0x1d, 0xdd, 0xfa, 0x42, 0xd5, 0xd4, - 0xfd, 0xae, 0x7a, 0xa1, 0xed, 0x3d, 0x79, 0xfe, 0x88, 0x84, - 0x43, 0xa7, 0xec, 0xf3, 0x7a, 0x13, 0xaa, 0xa1, 0x82, 0x02, - 0x83, 0x19, 0x43, 0x0a, 0x46, 0x78, 0x07, 0xd9, 0x4d, 0xff, - 0xac, 0x67, 0xd6, 0x29, 0x89, 0xfe, 0x2b, 0xab, 0x5f, 0x9a, - 0x87, 0x99, 0x80, 0xaf, 0x70, 0x4a, 0x6a, 0xb9, 0x5a, 0xc2, - 0xac, 0x7f, 0xa2, 0xc7, 0xad, 0xe2, 0x1f, 0xec, 0xc5, 0x12, - 0x17, 0x08, 0x87, 0x8f, 0x20, 0x95, 0xbe, 0xaf, 0x62, 0x2c, - 0xc2, 0x3f, 0x89, 0x56, 0xd8, 0x50, 0x96, 0x97, 0x72, 0xe2, - 0x92, 0xe1, 0x2a, 0xd8, 0x84, 0x9f, 0x31, 0xe3, 0x06, 0xd8, - 0xe5, 0x91, 0x63, 0x19, 0xe1, 0x27, 0xad, 0xe2, 0xf2, 0x0a, - 0x5e, 0x78, 0x8b, 0x1b, 0x13, 0x31, 0x4b, 0xbd, 0x77, 0xb2, - 0xd6, 0x5c, 0x92, 0x81, 0x50, 0x02, 0x37, 0xd2, 0xe6, 0xeb, - 0x66, 0x6b, 0xaa, 0xfc, 0xcd, 0x54, 0x5d, 0xb8, 0x03, 0x87, - 0xe8, 0xfa, 0xb2, 0xde, 0xcb, 0xf8, 0x6e, 0x58, 0xde, 0xcb, - 0x09, 0x54, 0x8a, 0x9f, 0x46, 0xa3, 0x7e, 0x8d, 0x15, 0xff, - 0x1b, 0x0d, 0x89, 0xc4, 0x1a, 0x21, 0x31, 0x5e, 0xed, 0x0b, - 0x67, 0x3c, 0x70, 0xed, 0x92, 0x48, 0xef, 0xec, 0xf0, 0x77, - 0xc2, 0x79, 0x6c, 0x06, 0x09, 0xaa, 0xab, 0xf6, 0x4c, 0xcd, - 0xfa, 0x7e, 0x4a, 0x88, 0xdc, 0xa8, 0x9b, 0xd3, 0x69, 0x94, - 0x88, 0x09, 0x1d, 0x30, 0x43, 0x9e, 0x2c, 0xcb, 0x01, 0x1d, - 0x4a, 0x3b, 0x04, 0xec, 0x0e, 0xb1, 0xde, 0x09, 0xad, 0x29, - 0x02, 0x82, 0x01, 0xe1, 0x00, 0x9f, 0x02, 0x13, 0x7a, 0xd0, - 0xa9, 0x8a, 0x7a, 0xa0, 0x05, 0xbb, 0x44, 0x6f, 0xaf, 0xf7, - 0xe3, 0xd4, 0x35, 0xef, 0x73, 0x39, 0xd5, 0xe0, 0xa2, 0x0f, - 0x1a, 0x25, 0xa8, 0xf7, 0xc2, 0xa5, 0xec, 0x57, 0xf8, 0x0d, - 0x2a, 0xb6, 0x64, 0x03, 0x8c, 0x22, 0x0f, 0xe7, 0x98, 0xa1, - 0x12, 0xfe, 0x24, 0xef, 0x61, 0x28, 0x9f, 0xa7, 0x22, 0x6b, - 0x6d, 0xab, 0x8d, 0x7d, 0x2a, 0x8b, 0xae, 0x8b, 0xfd, 0xcb, - 0xd5, 0x0b, 0x79, 0x1b, 0x89, 0xcb, 0x5b, 0x7a, 0x8c, 0xdc, - 0xe8, 0x8d, 0xdd, 0x35, 0x9f, 0x06, 0x69, 0x64, 0x12, 0xeb, - 0x46, 0x79, 0xdf, 0x82, 0x2c, 0x89, 0x75, 0x9e, 0x7a, 0xec, - 0xad, 0xe5, 0x88, 0x31, 0xfa, 0x86, 0x93, 0xca, 0xf1, 0x2d, - 0x9b, 0x62, 0x5a, 0xe9, 0x43, 0x09, 0xf3, 0x8c, 0xe5, 0xc7, - 0xc0, 0xce, 0x86, 0xe7, 0xdb, 0xc7, 0x4d, 0x27, 0xd5, 0xee, - 0x76, 0xce, 0x35, 0x30, 0x47, 0xef, 0x00, 0x1b, 0x69, 0x9a, - 0x3f, 0xa5, 0x2a, 0xc9, 0x07, 0xab, 0x99, 0xba, 0x2a, 0xe7, - 0xfb, 0xa9, 0x4e, 0xb9, 0xae, 0x2c, 0x50, 0xfc, 0x35, 0x49, - 0xe6, 0x97, 0x78, 0x3c, 0xb1, 0x59, 0xd7, 0x1d, 0x4e, 0x4e, - 0xea, 0xde, 0xa0, 0xd0, 0xc4, 0x1d, 0xb1, 0xd3, 0x53, 0x1e, - 0xf9, 0xbf, 0xb3, 0x6a, 0x17, 0xb4, 0xda, 0xcc, 0x27, 0x19, - 0xc6, 0x35, 0xe8, 0x28, 0xd3, 0xe3, 0x76, 0x3a, 0xdc, 0xd0, - 0x75, 0xc8, 0xb4, 0x6c, 0xbe, 0x84, 0x2a, 0x45, 0xd1, 0x43, - 0x22, 0x54, 0xd7, 0xc5, 0xd0, 0xd7, 0x73, 0x35, 0x6b, 0xa8, - 0xfa, 0xad, 0x60, 0xc0, 0x64, 0xc1, 0x58, 0x89, 0x09, 0x81, - 0x0a, 0x0b, 0xea, 0x33, 0x91, 0xb0, 0xef, 0x53, 0x50, 0x41, - 0xae, 0xd9, 0xee, 0xbe, 0x9e, 0xf0, 0x0b, 0xa0, 0x7c, 0xbf, - 0x3f, 0xc9, 0x4b, 0xe0, 0x48, 0xd8, 0x10, 0xd5, 0x2e, 0xce, - 0xf0, 0x7c, 0xd8, 0x05, 0xde, 0x09, 0x7e, 0x8c, 0x63, 0x4c, - 0xdb, 0x8b, 0x91, 0xcd, 0x7f, 0xb6, 0x6b, 0xad, 0xce, 0xb1, - 0x17, 0x6c, 0xf7, 0x08, 0x0d, 0x7c, 0xda, 0x4f, 0x0a, 0x07, - 0xd0, 0xae, 0x72, 0x3c, 0x67, 0x4a, 0x44, 0x54, 0x47, 0xce, - 0xe1, 0x17, 0x07, 0x12, 0xde, 0x52, 0xef, 0xef, 0x4c, 0x2b, - 0x42, 0x7d, 0x09, 0x80, 0x36, 0x34, 0xdc, 0x45, 0x6f, 0xb0, - 0x2d, 0xab, 0xa0, 0x0c, 0x58, 0xae, 0x35, 0xd3, 0x9b, 0x37, - 0xc1, 0x1d, 0xeb, 0xfe, 0xc3, 0x04, 0xc9, 0x1d, 0xe7, 0x3d, - 0x16, 0x64, 0xed, 0xf5, 0xe8, 0xdf, 0x99, 0xa4, 0xfb, 0xad, - 0x79, 0x88, 0xd5, 0x8c, 0x62, 0x33, 0x9e, 0x35, 0xa6, 0x7f, - 0x9d, 0xb6, 0x1a, 0x40, 0x6d, 0xc3, 0x89, 0x5d, 0x7b, 0xe2, - 0xc8, 0xd3, 0x16, 0x13, 0x07, 0x9a, 0x38, 0x22, 0x33, 0x03, - 0xac, 0x70, 0x3e, 0xce, 0x32, 0x56, 0x0b, 0x58, 0x56, 0xb8, - 0xe9, 0xd8, 0x42, 0x35, 0x6c, 0xb9, 0x02, 0xb3, 0x64, 0xeb, - 0xaa, 0x09, 0x3f, 0xac, 0x66, 0x08, 0xb4, 0x5f, 0x3e, 0xb4, - 0xec, 0x39, 0xb1, 0x99, 0xe4, 0x5d, 0x1d, 0x32, 0x14, 0xc1, - 0x48, 0x8f, 0x6c, 0x65, 0x87, 0x34, 0x50, 0xa4, 0xf4, 0x9b, - 0x5b, 0x2e, 0xb5, 0x79, 0x0d, 0x11, 0x62, 0xa4, 0x35, 0x9c, - 0x6f, 0x92, 0xd0, 0x68, 0x07, 0xdd, 0x69, 0x85, 0x48, 0xe3, - 0x5d, 0x10, 0x34, 0xaf, 0xea, 0x41, 0x72, 0x5a, 0x71, 0x00, - 0xf8, 0xe6, 0x47, 0x7f, 0xa0, 0x6f, 0x91, 0x96, 0x40, 0x00, - 0x40, 0x70, 0xfb, 0x63, 0xcf, 0xc9, 0x36, 0x04, 0x1c, 0x3b, - 0x11, 0x08, 0x29, 0x81, 0x9f -}; - -static unsigned char test15360[] = { - 0x30, 0x82, 0x21, 0xe8, 0x02, 0x01, 0x00, 0x02, 0x82, 0x07, - 0x81, 0x00, 0xad, 0x3f, 0xaa, 0xdc, 0x8c, 0x85, 0xcb, 0x60, - 0xd2, 0xf5, 0x30, 0xa1, 0x0f, 0x26, 0xec, 0xdf, 0xfc, 0x91, - 0x39, 0xbd, 0x3e, 0x8f, 0x99, 0x64, 0x1e, 0x51, 0xd2, 0x27, - 0x5e, 0x76, 0xcd, 0x86, 0x33, 0x07, 0xf9, 0xbd, 0x3b, 0x06, - 0xc3, 0x3c, 0x85, 0xcb, 0x7e, 0x91, 0x14, 0xb0, 0x0b, 0x77, - 0x22, 0x30, 0x71, 0xb8, 0xbb, 0x74, 0x30, 0x33, 0x35, 0x56, - 0x34, 0x47, 0x10, 0x8f, 0x88, 0xe2, 0x6f, 0xdc, 0x3b, 0xe9, - 0x58, 0x9d, 0x0c, 0xdc, 0x8f, 0x70, 0x41, 0x7a, 0x12, 0xd2, - 0x9a, 0x35, 0xbe, 0x0a, 0x57, 0x13, 0x0c, 0xe9, 0xbf, 0x77, - 0x54, 0x00, 0x74, 0xb7, 0x1a, 0x3e, 0xa7, 0xe9, 0xb6, 0xe7, - 0x4f, 0x1e, 0xa4, 0xc0, 0x7c, 0x4c, 0x66, 0xc5, 0xce, 0xad, - 0x96, 0x1b, 0xe2, 0x1a, 0xf1, 0x3d, 0x8b, 0x50, 0xcf, 0xe2, - 0x15, 0x21, 0x6d, 0x83, 0x95, 0x00, 0xee, 0x97, 0xc4, 0xae, - 0xc9, 0x38, 0x62, 0x6c, 0xb2, 0xe7, 0x7f, 0x15, 0x0a, 0xab, - 0x86, 0xb9, 0xd9, 0x8a, 0xf8, 0xeb, 0x88, 0x5d, 0xdc, 0x0c, - 0x1e, 0xc5, 0xe6, 0xa1, 0x7b, 0xbf, 0xf1, 0x02, 0xe3, 0xad, - 0xf8, 0xed, 0x17, 0x9f, 0x83, 0x11, 0x31, 0x3b, 0xad, 0xb4, - 0xf9, 0x8d, 0x1d, 0x56, 0x9b, 0xac, 0x68, 0x55, 0x0a, 0x74, - 0x20, 0xee, 0x57, 0xe7, 0x1c, 0x6d, 0x05, 0xa1, 0x4e, 0xa5, - 0x11, 0x99, 0xb4, 0x86, 0xdb, 0x58, 0xe7, 0xf6, 0xb6, 0x4f, - 0x92, 0x58, 0x57, 0x9b, 0x74, 0x04, 0xe5, 0xd1, 0x1d, 0x7c, - 0x4b, 0xb8, 0x1f, 0x5d, 0x0e, 0x93, 0xee, 0x44, 0x18, 0xb6, - 0x58, 0x0e, 0xa1, 0x0b, 0x8e, 0x2e, 0x99, 0x4c, 0x72, 0x91, - 0xfa, 0xfa, 0xe2, 0x22, 0x05, 0x5d, 0x2b, 0x2d, 0xd8, 0x60, - 0xd5, 0x1b, 0x08, 0x56, 0x2b, 0xb5, 0x21, 0xdb, 0x1a, 0xe6, - 0xa8, 0x39, 0xa2, 0xf4, 0x58, 0xcb, 0xd2, 0xf9, 0xce, 0xc0, - 0x1e, 0x1b, 0xf9, 0xa7, 0x37, 0xca, 0xa3, 0x77, 0x6e, 0xb1, - 0xaf, 0x33, 0xb5, 0x6d, 0x5f, 0x33, 0x2e, 0x1a, 0x34, 0xdb, - 0x42, 0xbe, 0x5f, 0xf9, 0x09, 0xb7, 0x9f, 0xd4, 0x09, 0xfb, - 0x87, 0x13, 0x3c, 0xe2, 0x27, 0xb8, 0xf3, 0x1d, 0x7e, 0x92, - 0xdd, 0x87, 0x86, 0x55, 0x69, 0x9b, 0x55, 0xcd, 0xef, 0x7a, - 0x71, 0x5d, 0x81, 0x3a, 0xd9, 0xf7, 0x7f, 0xde, 0xe0, 0x92, - 0xd9, 0x78, 0x0f, 0x1d, 0x43, 0xb1, 0x1e, 0x29, 0xc1, 0x49, - 0xb6, 0x5e, 0x85, 0x83, 0xd9, 0x04, 0xfd, 0x79, 0xd8, 0x47, - 0x03, 0x2e, 0x85, 0x19, 0xfd, 0x63, 0xe7, 0xa4, 0x8b, 0xc0, - 0x94, 0x0e, 0xb7, 0x54, 0x97, 0xd6, 0x44, 0x5d, 0x63, 0x12, - 0xff, 0xdd, 0xde, 0x2c, 0x00, 0x0e, 0xc9, 0xca, 0x7e, 0xa2, - 0x65, 0x25, 0xb0, 0x1d, 0xa9, 0x20, 0x4f, 0xdd, 0xea, 0x3a, - 0xb5, 0xe8, 0x0f, 0xf3, 0xb2, 0xb7, 0x00, 0x4a, 0xe8, 0xa4, - 0x83, 0x49, 0xbd, 0x78, 0xdf, 0xac, 0x2c, 0x37, 0x81, 0xb3, - 0xf3, 0xb7, 0x13, 0x93, 0x3e, 0xb2, 0x79, 0x55, 0xf2, 0xd8, - 0x9c, 0xf7, 0xf2, 0xf1, 0xd5, 0x6c, 0x9c, 0xff, 0xec, 0xf4, - 0xea, 0x08, 0x3c, 0x65, 0x35, 0xb7, 0x09, 0x03, 0x6d, 0x99, - 0x1d, 0x5b, 0x73, 0x06, 0x61, 0xb4, 0xf0, 0xc5, 0xdb, 0x3e, - 0xe0, 0x1d, 0xa8, 0x5b, 0x7a, 0x5b, 0x5b, 0x9c, 0x11, 0x75, - 0x83, 0x1d, 0xf4, 0x73, 0x27, 0xf3, 0x79, 0xf2, 0x82, 0xd6, - 0x28, 0x45, 0x58, 0x23, 0x6c, 0x29, 0xd3, 0x50, 0x51, 0x1b, - 0x38, 0xef, 0x89, 0x90, 0x84, 0xa2, 0x4c, 0x35, 0x7b, 0x30, - 0x5e, 0xbd, 0x1a, 0xd5, 0xdf, 0xcd, 0xcd, 0x74, 0x3f, 0x2e, - 0x01, 0xea, 0x33, 0x07, 0x74, 0xfb, 0x86, 0x75, 0x20, 0x0e, - 0x4f, 0xbf, 0x65, 0xd4, 0x15, 0x19, 0x6f, 0x8d, 0x37, 0xcd, - 0xb6, 0x6f, 0x50, 0x9d, 0x5e, 0x04, 0x81, 0x7d, 0xec, 0xd6, - 0xbb, 0x40, 0x1b, 0xe0, 0xf5, 0xd5, 0x86, 0x26, 0xc5, 0x41, - 0x84, 0x0e, 0x3e, 0x73, 0xb7, 0xa4, 0xbe, 0x2a, 0xfe, 0xd7, - 0xe4, 0x4d, 0x5c, 0x2d, 0x6a, 0x04, 0xe6, 0xdd, 0x28, 0xa0, - 0x75, 0x4c, 0xe0, 0x23, 0x2c, 0xad, 0xec, 0xaa, 0x72, 0xfd, - 0x03, 0xc0, 0x65, 0xfa, 0xc4, 0x3c, 0x25, 0x10, 0xae, 0x3f, - 0x09, 0x96, 0x4e, 0xff, 0xfe, 0xc7, 0xe4, 0x9e, 0xec, 0xb5, - 0x6e, 0xec, 0xf3, 0x7a, 0x83, 0x7a, 0x8b, 0xbb, 0x91, 0x8d, - 0xab, 0x3c, 0x4d, 0x7f, 0x34, 0x77, 0xbe, 0x0c, 0x87, 0xf2, - 0xc3, 0xd6, 0xcb, 0xcc, 0xfa, 0x1e, 0xaf, 0x21, 0x24, 0xe9, - 0xaa, 0x89, 0x61, 0x0c, 0x7a, 0x1c, 0x7d, 0x00, 0x87, 0x69, - 0x30, 0xa0, 0xb4, 0x3b, 0x96, 0x1c, 0x00, 0x14, 0x07, 0xb8, - 0x3f, 0x59, 0x62, 0x3a, 0x3f, 0xfb, 0x68, 0xb8, 0x81, 0x7d, - 0x4a, 0x9d, 0x1c, 0xa2, 0x07, 0xa3, 0xb1, 0x42, 0x7b, 0xfa, - 0x9b, 0xbc, 0x94, 0x30, 0x7e, 0xea, 0xe7, 0x40, 0x7e, 0xd4, - 0x0f, 0x33, 0x3b, 0x57, 0xda, 0x8b, 0x6d, 0x64, 0xd5, 0xe4, - 0x91, 0x83, 0xf0, 0x3d, 0xae, 0x8b, 0x91, 0xf0, 0xcd, 0xb1, - 0xa0, 0xe0, 0x0d, 0xe1, 0xbb, 0x22, 0x78, 0x1f, 0x3a, 0xe5, - 0x53, 0x28, 0xf0, 0x35, 0xae, 0x71, 0xe6, 0xfd, 0x63, 0xb2, - 0x9c, 0x3f, 0xdd, 0x95, 0x7b, 0xc4, 0xe9, 0x2f, 0xd9, 0x93, - 0x3a, 0x10, 0x42, 0x1c, 0x90, 0xab, 0xfb, 0xd3, 0x02, 0xe9, - 0x59, 0xbc, 0x53, 0x7e, 0xf3, 0xe1, 0x52, 0x15, 0xa6, 0x58, - 0x9e, 0xc1, 0xa6, 0x0e, 0x2e, 0x35, 0x07, 0x3a, 0xc3, 0x1f, - 0xaa, 0x58, 0xe7, 0xc6, 0x33, 0x6a, 0x39, 0x4b, 0x21, 0x15, - 0x3d, 0x92, 0x4e, 0x5e, 0xf9, 0x01, 0xd6, 0x0f, 0x28, 0x61, - 0x15, 0xdf, 0xed, 0x6f, 0x75, 0xc4, 0x8f, 0xcb, 0x16, 0x55, - 0x09, 0xc7, 0x24, 0xb2, 0x0c, 0x49, 0x25, 0x8d, 0x5e, 0xf1, - 0x0e, 0xe0, 0xe2, 0xc4, 0xcc, 0x1f, 0x4e, 0x60, 0x5c, 0x5e, - 0xc6, 0x7f, 0x68, 0x7f, 0xdb, 0x1a, 0x01, 0x67, 0x07, 0xb1, - 0x56, 0x93, 0xf2, 0x26, 0x81, 0xc0, 0x33, 0xb8, 0x48, 0xf9, - 0x2c, 0x5c, 0x18, 0x29, 0xed, 0xe0, 0x6c, 0xa0, 0xac, 0xd2, - 0x90, 0x4b, 0x52, 0x87, 0xbb, 0xb5, 0x05, 0xd8, 0x56, 0xc5, - 0xb8, 0x8f, 0x3f, 0x49, 0x52, 0x9a, 0xa2, 0xd0, 0x40, 0x80, - 0x5b, 0x16, 0x15, 0xbc, 0x74, 0x8e, 0x00, 0x10, 0xaf, 0xfb, - 0x6d, 0xba, 0xcb, 0xbc, 0xe6, 0x13, 0x75, 0xce, 0x27, 0xae, - 0x85, 0x57, 0x6c, 0xc0, 0x8a, 0x84, 0x6f, 0x34, 0x16, 0xd4, - 0x35, 0xd2, 0xcc, 0x55, 0x00, 0xc1, 0xd8, 0x28, 0x2c, 0x9c, - 0x84, 0x78, 0xbf, 0xf0, 0x3b, 0x0d, 0x9f, 0x81, 0xd4, 0xef, - 0x99, 0x77, 0x53, 0xd2, 0x8e, 0x43, 0x52, 0xf0, 0x32, 0x7e, - 0xba, 0xbf, 0xb6, 0x0e, 0x9d, 0x9b, 0x00, 0xd0, 0x50, 0x55, - 0x67, 0x5a, 0x2c, 0x8b, 0x9b, 0x29, 0xfb, 0x41, 0x74, 0x4c, - 0xb7, 0xd8, 0x98, 0xa2, 0xfb, 0x73, 0x07, 0x96, 0xef, 0xcd, - 0x47, 0x13, 0x1d, 0xe2, 0xb1, 0xac, 0xf3, 0xcf, 0x47, 0x98, - 0x7b, 0x6f, 0xf6, 0x32, 0x44, 0x41, 0x78, 0x09, 0x8e, 0x64, - 0x0c, 0xbf, 0xe2, 0x0f, 0x8c, 0x44, 0x2f, 0x4e, 0x55, 0xe0, - 0xc6, 0xfd, 0x05, 0x74, 0x18, 0x1a, 0xb9, 0xfa, 0xcb, 0xd3, - 0xfa, 0x69, 0x50, 0x63, 0xce, 0x2b, 0xef, 0x92, 0x0f, 0x11, - 0xd4, 0x9b, 0x53, 0x6c, 0xed, 0xc5, 0x0b, 0x7c, 0xbd, 0xa1, - 0x5d, 0xdf, 0xab, 0xcf, 0xaa, 0x83, 0x5e, 0xa8, 0xc5, 0xfe, - 0x91, 0x2b, 0x23, 0x1f, 0x39, 0x3d, 0x71, 0x74, 0xbf, 0xa2, - 0xf1, 0xda, 0x2f, 0x29, 0x02, 0x9b, 0xea, 0x48, 0x2c, 0xaf, - 0xe7, 0xa9, 0xf5, 0x68, 0xab, 0x8f, 0x18, 0xb9, 0x7b, 0x28, - 0xf0, 0x92, 0xfb, 0x07, 0xd7, 0xbd, 0x43, 0xcd, 0x7f, 0xfc, - 0xb9, 0x5f, 0x24, 0xf8, 0x48, 0x2e, 0xbe, 0x42, 0x87, 0x80, - 0x38, 0x78, 0x9e, 0x8c, 0x52, 0x6d, 0xfa, 0x2e, 0x46, 0x35, - 0x7a, 0x59, 0x88, 0xb9, 0x3e, 0xcb, 0x79, 0xb4, 0x8a, 0x9e, - 0xd5, 0xd0, 0x30, 0x8c, 0xb2, 0x0c, 0x9d, 0x8d, 0x2d, 0x64, - 0x0b, 0xf6, 0xeb, 0xf1, 0xde, 0xea, 0x74, 0xfc, 0xbc, 0x01, - 0x18, 0x48, 0x4e, 0x35, 0x02, 0x83, 0x01, 0xb2, 0x50, 0xa0, - 0x44, 0x19, 0x30, 0x00, 0x12, 0x4a, 0xa0, 0x6d, 0x6b, 0x8b, - 0xf1, 0xce, 0xda, 0x2e, 0x16, 0x35, 0x52, 0x26, 0xf9, 0xbe, - 0xb1, 0x37, 0xfc, 0x0a, 0x8b, 0x6f, 0x06, 0x11, 0x7b, 0xf7, - 0xa8, 0x40, 0xbd, 0x8d, 0x94, 0xa4, 0xa2, 0xe0, 0xb6, 0xdf, - 0x62, 0xc0, 0x6f, 0xb3, 0x5d, 0x84, 0xb9, 0xaa, 0x2f, 0xc1, - 0x3b, 0xcb, 0x20, 0xc6, 0x68, 0x69, 0x15, 0x74, 0xbc, 0xdb, - 0x43, 0x9c, 0x4a, 0xfc, 0x72, 0xc1, 0xf5, 0x87, 0x80, 0xe8, - 0x6c, 0xd5, 0xc1, 0x2e, 0x34, 0x5e, 0x96, 0x76, 0x08, 0x3e, - 0x45, 0xe4, 0xa0, 0x4a, 0x7a, 0xc1, 0x67, 0x38, 0xf2, 0x31, - 0x1f, 0x7b, 0x0f, 0x54, 0xbd, 0x0d, 0x1f, 0x9e, 0x8e, 0x99, - 0x8b, 0x58, 0xd9, 0x94, 0x87, 0xaa, 0x8b, 0x82, 0x5d, 0x5e, - 0xe8, 0x50, 0xf4, 0xf2, 0xc7, 0xe9, 0x85, 0x6b, 0xd2, 0xef, - 0x13, 0xc1, 0xed, 0x57, 0x2a, 0xc5, 0xd6, 0x5d, 0xa4, 0x3b, - 0x29, 0xba, 0xab, 0x1b, 0xaa, 0x21, 0x41, 0xe9, 0xdc, 0x47, - 0x88, 0xef, 0x0c, 0xfc, 0xb2, 0xdc, 0xf7, 0xdb, 0x55, 0x4d, - 0x70, 0xc7, 0xe2, 0x8a, 0x8a, 0xe1, 0xde, 0xcf, 0xe5, 0xca, - 0x23, 0x36, 0x29, 0xe5, 0xfc, 0x54, 0x66, 0xda, 0xe9, 0xab, - 0x58, 0x20, 0xb2, 0x8e, 0xb2, 0x7d, 0x5d, 0xb8, 0xc7, 0x6c, - 0x48, 0x53, 0x2b, 0x47, 0xe0, 0x12, 0x00, 0x0e, 0xfe, 0xa5, - 0x93, 0x34, 0xf9, 0x3e, 0xa6, 0x3f, 0x56, 0xaa, 0x43, 0x65, - 0xbb, 0x5a, 0x70, 0x3e, 0x62, 0xac, 0x3f, 0x5b, 0x90, 0x02, - 0x50, 0x5d, 0x05, 0xa8, 0xd5, 0x67, 0x1a, 0x62, 0xec, 0xd4, - 0xde, 0x29, 0x04, 0xac, 0x6d, 0x15, 0x5d, 0xa0, 0xec, 0xf2, - 0x57, 0x13, 0x0e, 0x17, 0x96, 0x0c, 0x32, 0x6a, 0xc5, 0xe0, - 0xa8, 0xff, 0x85, 0xa4, 0xa3, 0xe3, 0x0e, 0x35, 0x5d, 0xd1, - 0x28, 0x84, 0xaa, 0xc4, 0x84, 0xcd, 0x25, 0x63, 0x85, 0x82, - 0x3e, 0x12, 0x30, 0x17, 0x57, 0x45, 0xb8, 0xb4, 0x34, 0x01, - 0x3a, 0xa2, 0x77, 0x61, 0xc8, 0x3d, 0x1f, 0xc5, 0x0e, 0x4a, - 0xbb, 0xf6, 0xa0, 0x5d, 0x79, 0x4b, 0xc8, 0xf3, 0x9c, 0x87, - 0x05, 0x2f, 0xea, 0x25, 0x28, 0x91, 0x69, 0x77, 0x7c, 0xba, - 0xea, 0x4a, 0x75, 0x2e, 0x2b, 0x17, 0x83, 0x50, 0x32, 0x43, - 0x4f, 0xcd, 0xf1, 0x77, 0xb1, 0x22, 0x0a, 0x8b, 0x69, 0x58, - 0x09, 0x35, 0x07, 0x6d, 0x61, 0x4a, 0x8d, 0x18, 0x65, 0x6e, - 0x9b, 0x62, 0x07, 0xd0, 0x6a, 0x92, 0x39, 0x05, 0x80, 0x14, - 0xfa, 0x1c, 0x93, 0x84, 0x0c, 0xb5, 0x8c, 0x41, 0x91, 0x4e, - 0x48, 0xf0, 0xf2, 0xba, 0x1d, 0x73, 0x2f, 0x1e, 0xa1, 0x55, - 0xc3, 0x02, 0x8c, 0xb1, 0xf2, 0x37, 0xa6, 0x9a, 0x6b, 0xcd, - 0x45, 0x2e, 0x08, 0x90, 0x26, 0x63, 0x91, 0xff, 0x22, 0x5e, - 0xcd, 0xae, 0x9b, 0x19, 0x1e, 0x10, 0x62, 0x4e, 0x1f, 0x2d, - 0x81, 0x69, 0x4f, 0x41, 0xe5, 0x94, 0xff, 0x7e, 0xcc, 0x15, - 0x36, 0x1e, 0x29, 0x59, 0x37, 0xe7, 0x64, 0x40, 0x17, 0x1a, - 0x32, 0xba, 0x01, 0x26, 0x30, 0x80, 0x60, 0x07, 0x86, 0x6e, - 0xd4, 0xb3, 0xe2, 0x44, 0x16, 0x33, 0xf2, 0x4c, 0x84, 0x0e, - 0xb1, 0x4a, 0xc7, 0x92, 0xa6, 0xa3, 0x42, 0x36, 0x05, 0x3e, - 0x74, 0xa8, 0xb1, 0xc5, 0x63, 0x59, 0x0d, 0x1e, 0x36, 0x45, - 0x2b, 0x36, 0x5e, 0xca, 0xab, 0x97, 0x49, 0xd3, 0xab, 0xae, - 0x63, 0x0a, 0xd1, 0x03, 0x57, 0x88, 0xa4, 0xa4, 0x3c, 0xda, - 0x15, 0x49, 0x1a, 0x5d, 0xe6, 0x5e, 0xb9, 0x82, 0x23, 0xc0, - 0x83, 0x96, 0xfe, 0x38, 0x0b, 0x80, 0x0e, 0xde, 0x22, 0xeb, - 0x5d, 0xe4, 0x56, 0x32, 0xbe, 0xe0, 0xc0, 0x6e, 0x69, 0x63, - 0x27, 0x4e, 0x00, 0x58, 0x80, 0x70, 0xd9, 0xcc, 0x4e, 0xae, - 0x6c, 0x5e, 0x6a, 0x43, 0x81, 0xfd, 0x45, 0xb2, 0xa4, 0x6c, - 0xf0, 0x9c, 0x66, 0x5c, 0x7d, 0x5c, 0x78, 0x55, 0x33, 0x4b, - 0x3c, 0x3b, 0x1d, 0x18, 0x58, 0x79, 0x6a, 0x02, 0xec, 0xce, - 0x53, 0x69, 0xc0, 0x17, 0xed, 0x57, 0xaf, 0x71, 0x5b, 0x42, - 0x1b, 0x49, 0xd8, 0xe8, 0x96, 0x80, 0xb6, 0x48, 0x1b, 0x7c, - 0xf8, 0x74, 0x1c, 0xb1, 0xc4, 0x10, 0xb7, 0xf4, 0x97, 0x7e, - 0x6b, 0x8f, 0x54, 0xba, 0x37, 0xb9, 0x35, 0x9e, 0x7b, 0x17, - 0x16, 0x9b, 0x89, 0x39, 0xae, 0x4f, 0x2e, 0x18, 0x65, 0xb4, - 0x76, 0x20, 0x9a, 0x58, 0xe2, 0x57, 0x6e, 0x1c, 0x3f, 0x8e, - 0x9a, 0xbb, 0xd8, 0xfc, 0x4c, 0xd6, 0x2d, 0xc1, 0xa6, 0x46, - 0xac, 0x13, 0x1e, 0xa7, 0xf7, 0x1d, 0x28, 0x3a, 0xf4, 0xd6, - 0x48, 0xfb, 0xe5, 0xb3, 0x84, 0x94, 0x47, 0x92, 0xae, 0x9a, - 0x58, 0xc5, 0xac, 0x23, 0x1b, 0xb5, 0xcd, 0x96, 0xd2, 0x5e, - 0xb2, 0x41, 0xfc, 0x9a, 0xae, 0x19, 0xf1, 0x7b, 0x4b, 0x53, - 0x1b, 0xfa, 0xa5, 0x0c, 0x49, 0x6d, 0xff, 0xf4, 0x51, 0x88, - 0x19, 0x04, 0xd9, 0x85, 0x8e, 0xe2, 0x3a, 0x62, 0x31, 0x5c, - 0x6e, 0xe8, 0x4d, 0x04, 0x1d, 0xd8, 0xc2, 0x7b, 0x51, 0xe7, - 0x59, 0xbc, 0x85, 0x5c, 0xc4, 0xcc, 0xad, 0xcb, 0x93, 0x69, - 0x18, 0xe4, 0x71, 0x9e, 0x63, 0x33, 0x99, 0xb6, 0x3b, 0x23, - 0x11, 0x17, 0x7a, 0x3d, 0x6f, 0xb9, 0x6b, 0xf1, 0xf2, 0xa7, - 0x03, 0xfd, 0xf0, 0xcd, 0x5b, 0xb5, 0xda, 0x9a, 0xd9, 0x95, - 0x02, 0x76, 0xd8, 0x38, 0xd3, 0xbd, 0xa0, 0x4a, 0x9a, 0xab, - 0x70, 0xde, 0xc6, 0xf9, 0xa5, 0x19, 0x9c, 0xc4, 0xf9, 0x07, - 0x4d, 0xea, 0x15, 0xc2, 0x91, 0x4d, 0x54, 0xa9, 0x2c, 0xca, - 0xdf, 0xaa, 0xd1, 0xc4, 0xc0, 0x18, 0x77, 0x28, 0x2a, 0x2c, - 0xc3, 0x7c, 0x26, 0xbd, 0xd8, 0x0d, 0x51, 0xa1, 0x4d, 0xad, - 0x76, 0x76, 0xaa, 0xa9, 0x45, 0x82, 0x4f, 0x76, 0xfb, 0x1a, - 0xd3, 0x71, 0x3c, 0x55, 0xa2, 0x5c, 0xe0, 0xd6, 0xda, 0x35, - 0xbe, 0x25, 0x23, 0x26, 0x51, 0xc6, 0xb4, 0xf3, 0x3e, 0x2c, - 0x54, 0x09, 0xc7, 0x6f, 0xa5, 0x08, 0x81, 0xba, 0x75, 0xda, - 0xcb, 0x4d, 0x05, 0xdd, 0xca, 0x93, 0x48, 0x30, 0xe8, 0x4a, - 0x1f, 0xfd, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x07, - 0x80, 0x25, 0x2f, 0xbc, 0x49, 0xf8, 0xb3, 0xa3, 0x32, 0xd6, - 0x35, 0x20, 0xca, 0x01, 0x49, 0x96, 0xa0, 0x81, 0x42, 0xde, - 0xc4, 0xdb, 0x0f, 0xd1, 0x99, 0xe6, 0xd4, 0x23, 0x2a, 0xa6, - 0x21, 0x13, 0xfe, 0x51, 0x27, 0xce, 0x18, 0x2a, 0xfa, 0x49, - 0x9f, 0xcd, 0x0c, 0x1f, 0xcf, 0x9e, 0x44, 0x27, 0x41, 0xdc, - 0x09, 0xcf, 0xef, 0x19, 0xf5, 0x57, 0x7f, 0x36, 0x5c, 0x99, - 0x7e, 0x03, 0x74, 0xfb, 0xa9, 0xb6, 0xde, 0xeb, 0xd1, 0x2b, - 0x5f, 0x12, 0x6a, 0xa9, 0x33, 0x2c, 0x2a, 0xba, 0xad, 0x8f, - 0xc2, 0x27, 0x57, 0x6a, 0xd7, 0x40, 0xf7, 0x4f, 0x4c, 0x9a, - 0xb0, 0x3a, 0x5d, 0x2e, 0xf9, 0xf1, 0xea, 0xbd, 0x82, 0xaa, - 0xbd, 0xe6, 0x19, 0x16, 0xd5, 0x03, 0x5e, 0x43, 0xfd, 0x88, - 0x71, 0xd5, 0xb7, 0x78, 0xbe, 0x80, 0x0f, 0xc9, 0x7f, 0x3a, - 0x8f, 0xe1, 0x44, 0xd4, 0x0f, 0xce, 0x26, 0xaf, 0x65, 0xe0, - 0xf5, 0x04, 0x53, 0x56, 0x97, 0x4f, 0xf4, 0xc1, 0x44, 0x8d, - 0xf7, 0x88, 0x55, 0x47, 0x16, 0xaf, 0x3f, 0x8e, 0x42, 0xdf, - 0xbc, 0x14, 0xc3, 0xe6, 0x9f, 0x0d, 0x69, 0x54, 0x5b, 0x7c, - 0x49, 0xcf, 0xbf, 0x42, 0x4f, 0xc7, 0x64, 0x8a, 0xe5, 0x84, - 0x87, 0x20, 0x9b, 0xfd, 0x70, 0x25, 0x38, 0xd3, 0xb4, 0x97, - 0x78, 0xf1, 0x4f, 0x3f, 0x0f, 0xbb, 0x9c, 0xa3, 0x17, 0xd5, - 0x4e, 0x4b, 0xac, 0x82, 0x9a, 0x73, 0xb7, 0xc5, 0xec, 0x10, - 0x7a, 0x7b, 0xdb, 0x77, 0x2c, 0xb1, 0xf3, 0x8f, 0xc3, 0xa5, - 0x31, 0x11, 0x32, 0x55, 0x35, 0xb5, 0x77, 0xd2, 0x62, 0x19, - 0x46, 0x92, 0x94, 0xbb, 0x61, 0x0f, 0x30, 0x94, 0x8a, 0xf6, - 0xf7, 0x30, 0xe0, 0xa2, 0x8c, 0x1b, 0xff, 0x8c, 0x29, 0x44, - 0xb4, 0xb7, 0xb6, 0x5f, 0x4d, 0x52, 0xc6, 0x07, 0xe1, 0x28, - 0x8c, 0xae, 0x88, 0x8a, 0x22, 0xbd, 0xd7, 0x36, 0xe4, 0x8f, - 0xd1, 0xeb, 0x65, 0x54, 0x19, 0x5f, 0xba, 0xfb, 0xfc, 0x91, - 0xa1, 0xa4, 0xb8, 0xa4, 0x2d, 0x85, 0x20, 0xc4, 0xe5, 0xa7, - 0x4e, 0xdb, 0xa4, 0xc5, 0xcc, 0x2f, 0x37, 0x41, 0x29, 0x47, - 0x15, 0xff, 0x04, 0x80, 0x08, 0x37, 0xce, 0xc5, 0xe3, 0x5a, - 0x3f, 0x83, 0xbb, 0x03, 0x9e, 0xfe, 0xec, 0xe4, 0x11, 0x41, - 0x12, 0x13, 0xf2, 0x00, 0xe5, 0x1a, 0x02, 0x49, 0xeb, 0xdb, - 0x57, 0xe4, 0xce, 0xa0, 0x3f, 0xfd, 0x3c, 0x73, 0x2b, 0x92, - 0x44, 0x79, 0x9e, 0x12, 0x4f, 0xfa, 0xe4, 0x53, 0x62, 0xf2, - 0xb0, 0xe2, 0x8a, 0xf0, 0x93, 0xa8, 0x1d, 0xee, 0x8d, 0x58, - 0x7a, 0x4c, 0x29, 0x91, 0x29, 0xc1, 0xa4, 0xd5, 0xe6, 0x37, - 0x1b, 0x75, 0x5b, 0xb6, 0x6b, 0x76, 0x2e, 0xcb, 0xbd, 0xa9, - 0xbe, 0x4c, 0x2e, 0x21, 0xa6, 0x38, 0xde, 0x66, 0x2f, 0x51, - 0xea, 0x4c, 0xba, 0x3f, 0x4a, 0xfe, 0x7a, 0x15, 0xb3, 0x72, - 0x26, 0xba, 0xcf, 0x9e, 0x1b, 0x03, 0xa6, 0xaa, 0x65, 0x68, - 0xd3, 0x8c, 0x15, 0x17, 0xe9, 0x11, 0x18, 0x3c, 0xb6, 0xf8, - 0x02, 0x54, 0x98, 0x49, 0xfa, 0x35, 0x3c, 0xcd, 0xac, 0xc8, - 0x2b, 0x1a, 0x63, 0x93, 0x03, 0x05, 0xa1, 0x41, 0xbe, 0x12, - 0xca, 0x15, 0x47, 0x72, 0x63, 0x77, 0x26, 0xd0, 0xe7, 0x8f, - 0x0d, 0x6e, 0x9c, 0xac, 0x07, 0xbe, 0x03, 0x22, 0xd0, 0x39, - 0x63, 0x8d, 0x9b, 0xc6, 0x20, 0x81, 0xb5, 0x67, 0x15, 0xf6, - 0xb0, 0xe3, 0xb9, 0x3e, 0xb7, 0x3f, 0x8f, 0x46, 0xc9, 0x74, - 0x10, 0x1e, 0x53, 0xf1, 0xd4, 0x30, 0x4d, 0x6e, 0x72, 0xb4, - 0x73, 0x1c, 0xb6, 0x79, 0x82, 0x60, 0x2e, 0x2a, 0x7d, 0x82, - 0x95, 0xb5, 0x7c, 0x4d, 0x44, 0xcb, 0xd8, 0x8a, 0x17, 0xe8, - 0x50, 0x29, 0xd8, 0x3a, 0xeb, 0x29, 0xc1, 0x83, 0x0f, 0xd9, - 0xaf, 0xcc, 0xfa, 0xea, 0x3a, 0x47, 0x5d, 0x33, 0x1f, 0xe8, - 0x33, 0x5b, 0x88, 0x8e, 0xdb, 0xd5, 0x1e, 0xaf, 0x4a, 0x5f, - 0xc0, 0xfa, 0xf0, 0xb5, 0xa3, 0x5b, 0xda, 0x38, 0xb7, 0x38, - 0x5e, 0xce, 0x81, 0x44, 0xf7, 0x66, 0x62, 0x64, 0x1d, 0x04, - 0xf0, 0x8a, 0x4f, 0xa2, 0x80, 0x76, 0x83, 0x23, 0x89, 0x61, - 0x6b, 0xc3, 0xb7, 0xee, 0xb5, 0x06, 0x33, 0xad, 0x63, 0x04, - 0x78, 0xc9, 0xde, 0x32, 0xde, 0xcf, 0x18, 0xb9, 0xb0, 0x3b, - 0xee, 0x0a, 0x58, 0xea, 0xad, 0xbc, 0x1e, 0x77, 0xa0, 0x93, - 0xf7, 0xae, 0x9e, 0xb6, 0x31, 0x59, 0x8e, 0xb1, 0x03, 0x8f, - 0xbb, 0xa4, 0x25, 0x0c, 0x2e, 0xd7, 0xe2, 0x62, 0x5c, 0xf1, - 0x68, 0xe9, 0x76, 0xd7, 0x23, 0x14, 0x45, 0xaf, 0xcb, 0x09, - 0x50, 0x05, 0x3f, 0xa0, 0xf9, 0xc3, 0x9e, 0x89, 0x05, 0xa8, - 0x3b, 0x54, 0x55, 0x32, 0x74, 0x91, 0x46, 0xc1, 0x2c, 0x96, - 0x7e, 0x60, 0xad, 0xfa, 0xbb, 0xcd, 0x09, 0x7b, 0x39, 0x10, - 0x82, 0x8a, 0xc0, 0x5a, 0x0d, 0xab, 0xb3, 0x71, 0x45, 0xad, - 0x39, 0x8e, 0xec, 0x4d, 0x91, 0x8d, 0xda, 0x8d, 0xfa, 0xb0, - 0xad, 0x44, 0x3c, 0xc9, 0x21, 0x56, 0x22, 0xfc, 0xd3, 0xba, - 0xb7, 0x3c, 0xe3, 0x8d, 0xda, 0x59, 0x34, 0x42, 0xdd, 0x04, - 0x5b, 0x8e, 0x2b, 0xc7, 0x94, 0xd5, 0x42, 0xe0, 0x4a, 0x6f, - 0x35, 0x5a, 0x27, 0x82, 0xd8, 0x82, 0x40, 0xee, 0x0f, 0xa6, - 0xef, 0xe4, 0x70, 0xe3, 0x30, 0xb7, 0x2d, 0xd4, 0xbb, 0x27, - 0xb2, 0xbf, 0xad, 0x49, 0x45, 0xbc, 0xeb, 0xbe, 0xb7, 0xd8, - 0xe3, 0xb1, 0xf3, 0xeb, 0x41, 0x20, 0x9b, 0x21, 0x54, 0xc3, - 0xa8, 0xaf, 0x9f, 0x20, 0x5c, 0x15, 0x8e, 0x25, 0xbc, 0xbc, - 0x69, 0x91, 0xfe, 0xda, 0xad, 0xe5, 0x37, 0x7d, 0xb0, 0x51, - 0x14, 0xae, 0x8f, 0x35, 0x15, 0x0a, 0xd4, 0x49, 0xa7, 0xd9, - 0x20, 0x70, 0xa4, 0xf2, 0xf4, 0x24, 0x66, 0x52, 0xd1, 0xa5, - 0x22, 0xea, 0x29, 0xd9, 0xb2, 0x82, 0x8d, 0x36, 0x66, 0x75, - 0x6e, 0xd5, 0x8c, 0x54, 0x08, 0x21, 0xf2, 0xee, 0x78, 0xc7, - 0x1f, 0x9c, 0x63, 0x5d, 0x88, 0x56, 0xd1, 0xa0, 0x80, 0x33, - 0x60, 0x55, 0x23, 0x72, 0xd6, 0xb0, 0x1a, 0x50, 0xde, 0x25, - 0x70, 0xb5, 0x77, 0x42, 0xf8, 0x19, 0x18, 0x15, 0x8f, 0xfd, - 0x0c, 0x6a, 0x46, 0x1f, 0xbf, 0xe7, 0x60, 0x91, 0xe7, 0xbb, - 0x25, 0x63, 0x66, 0xff, 0x11, 0x97, 0xbb, 0xfd, 0x3a, 0x17, - 0x94, 0x77, 0xb4, 0xc5, 0x21, 0xba, 0x30, 0x94, 0xdd, 0xe5, - 0xeb, 0x1d, 0x01, 0xba, 0xf9, 0xb0, 0x30, 0xdb, 0x11, 0x93, - 0xb7, 0xfa, 0x79, 0xe8, 0x5e, 0xb3, 0x39, 0xf4, 0x51, 0x68, - 0x31, 0xce, 0xe9, 0x0e, 0x93, 0xde, 0xff, 0xec, 0x27, 0xbd, - 0xa6, 0x1a, 0x4c, 0xe0, 0x92, 0x5c, 0xd4, 0x07, 0xd2, 0xa1, - 0xdd, 0x12, 0x83, 0xd2, 0x9a, 0x79, 0xb3, 0x3c, 0xfb, 0x07, - 0xe3, 0x18, 0x1a, 0xa3, 0x24, 0x80, 0xb4, 0xcc, 0xf4, 0xc6, - 0xa5, 0x6c, 0x25, 0xd7, 0x99, 0x1a, 0x30, 0xf0, 0xa9, 0xfc, - 0x2e, 0x83, 0x44, 0xac, 0x64, 0x76, 0x34, 0xb0, 0xa6, 0x6f, - 0x20, 0x5a, 0x14, 0xf2, 0x07, 0xa7, 0x6f, 0x4d, 0xab, 0xf5, - 0xfc, 0x9d, 0xd6, 0x3e, 0x82, 0x48, 0x31, 0x25, 0x47, 0xc9, - 0x0e, 0x1d, 0xdb, 0x98, 0x91, 0x56, 0xf5, 0xfe, 0x66, 0x8d, - 0x48, 0xf0, 0x4c, 0x6c, 0x2c, 0x96, 0x54, 0x43, 0xec, 0x76, - 0xf2, 0xe1, 0x76, 0x68, 0xc8, 0xe1, 0xde, 0x0d, 0x8e, 0x6f, - 0xfc, 0x15, 0xd5, 0x93, 0x92, 0xfe, 0xca, 0x9b, 0x30, 0x61, - 0x03, 0x0b, 0xca, 0x99, 0x2f, 0xd3, 0x15, 0xe9, 0x66, 0x81, - 0xbd, 0x56, 0x17, 0x14, 0x4a, 0x2e, 0xf1, 0x34, 0x84, 0x55, - 0x9d, 0xc0, 0x2b, 0xa7, 0x4a, 0xee, 0xf1, 0x7c, 0x67, 0xc7, - 0xf3, 0x08, 0x1e, 0x6d, 0x6b, 0x5b, 0xcc, 0x81, 0x91, 0x5c, - 0x94, 0x1a, 0x80, 0xda, 0x3a, 0xce, 0x36, 0x05, 0xb0, 0x7a, - 0xe8, 0xd0, 0xb4, 0x57, 0x9c, 0xf9, 0xea, 0xf3, 0x26, 0x1d, - 0xcb, 0xf8, 0xdd, 0x65, 0xaf, 0xf7, 0xcd, 0xf7, 0xa1, 0x3d, - 0xfc, 0x9a, 0x3b, 0x08, 0xb9, 0xfa, 0x3c, 0x16, 0x49, 0x4a, - 0xf1, 0xba, 0x4d, 0x31, 0xdd, 0x5e, 0x4f, 0x3d, 0x66, 0x22, - 0x1b, 0x08, 0x91, 0x7d, 0xc6, 0xaf, 0x15, 0x07, 0x3c, 0xa1, - 0xf7, 0x07, 0xfd, 0x3e, 0x90, 0xbb, 0x6f, 0x7a, 0xe9, 0xe1, - 0x2f, 0xb9, 0xee, 0x91, 0x8e, 0x18, 0xcc, 0x8d, 0x1d, 0x22, - 0xa0, 0xa0, 0x28, 0x25, 0xfc, 0xd4, 0x94, 0xd3, 0xaa, 0xcf, - 0xce, 0xd0, 0x85, 0x82, 0x6f, 0x20, 0x9f, 0x55, 0x0e, 0xe5, - 0x72, 0x0d, 0x17, 0x3e, 0x34, 0xc7, 0x2c, 0x0a, 0x14, 0x45, - 0x27, 0xe2, 0xc7, 0x2f, 0x86, 0xa1, 0x55, 0x3e, 0x78, 0x03, - 0xe9, 0x78, 0x2e, 0xd3, 0x99, 0xee, 0xa0, 0x14, 0xf8, 0xe3, - 0x6c, 0xeb, 0x3f, 0x9a, 0xf3, 0x15, 0xce, 0xd5, 0x76, 0xf6, - 0x3a, 0x86, 0x30, 0x76, 0xf9, 0x88, 0x30, 0xf5, 0x4a, 0x50, - 0x58, 0x80, 0xe9, 0xd9, 0xd4, 0xb9, 0x34, 0x42, 0xa6, 0x4e, - 0x9c, 0x1a, 0x07, 0x16, 0x9e, 0xee, 0xe4, 0x88, 0x04, 0x8e, - 0xa8, 0xe7, 0xcd, 0xe8, 0x47, 0x1e, 0x54, 0x45, 0xd2, 0x65, - 0xd8, 0xee, 0x4b, 0xbd, 0xd0, 0x85, 0xaa, 0xfb, 0x06, 0x53, - 0x91, 0x7e, 0xe0, 0x59, 0x20, 0x57, 0x6a, 0xee, 0xd8, 0x9f, - 0x77, 0x7f, 0xd7, 0x40, 0x63, 0xbb, 0x21, 0x75, 0x76, 0x11, - 0x27, 0xcf, 0x05, 0xbb, 0x41, 0x30, 0x98, 0xbf, 0xdc, 0x5f, - 0xc6, 0xa4, 0x1e, 0x30, 0xa1, 0x53, 0xd4, 0x36, 0x7f, 0x2e, - 0x86, 0xd7, 0xd9, 0x95, 0x29, 0xd5, 0x46, 0x18, 0x60, 0x27, - 0xe4, 0x6f, 0xcb, 0xf4, 0xe2, 0xfe, 0xff, 0x3e, 0xff, 0x15, - 0xc6, 0xf2, 0x31, 0xf9, 0x2a, 0xc8, 0x05, 0x4e, 0x7c, 0x2e, - 0x92, 0xc8, 0x41, 0x4f, 0x9e, 0x23, 0x21, 0x4d, 0x74, 0xf8, - 0xc3, 0x44, 0x39, 0xc2, 0x69, 0x4b, 0x2e, 0x76, 0x5e, 0x44, - 0x12, 0x65, 0x31, 0x98, 0xbe, 0x0a, 0x10, 0x11, 0x12, 0x2c, - 0x67, 0x3d, 0x85, 0x2e, 0xd3, 0x97, 0x54, 0x1e, 0xb6, 0xad, - 0xd9, 0x45, 0x11, 0x53, 0x04, 0x7c, 0x3f, 0xf4, 0xc9, 0xac, - 0x82, 0x1b, 0x84, 0xf4, 0x20, 0x6b, 0xf1, 0xf5, 0x72, 0x04, - 0x24, 0xc1, 0xd3, 0x42, 0x43, 0x52, 0x9d, 0x2d, 0xd3, 0x89, - 0x8e, 0xd8, 0x28, 0xb9, 0xa2, 0xb4, 0xed, 0xbc, 0x76, 0x87, - 0x55, 0x67, 0x39, 0xd9, 0xb7, 0x20, 0x6a, 0xec, 0xec, 0xb8, - 0x14, 0x51, 0x91, 0xb9, 0x96, 0x0f, 0x7a, 0x3a, 0x12, 0xde, - 0x14, 0x3b, 0x83, 0xcf, 0x41, 0x5b, 0x5d, 0xff, 0x33, 0x68, - 0xdb, 0x53, 0x64, 0x93, 0xb1, 0xc3, 0x8a, 0x46, 0xa8, 0x44, - 0x9c, 0x14, 0x12, 0x6c, 0x92, 0x6f, 0xae, 0xc3, 0x45, 0xb2, - 0xa1, 0x67, 0x81, 0x3c, 0x22, 0x47, 0xfd, 0xa4, 0x7a, 0x79, - 0xa8, 0x0a, 0xfb, 0x7a, 0x91, 0x6e, 0xe9, 0x53, 0xec, 0x98, - 0x82, 0x57, 0xad, 0x05, 0x38, 0x55, 0xc1, 0xce, 0x3a, 0x04, - 0x4d, 0x12, 0x72, 0x37, 0x4a, 0x36, 0x54, 0x3f, 0x67, 0x8a, - 0xee, 0xd9, 0xf3, 0x80, 0xd5, 0xd7, 0xb8, 0xfc, 0x6e, 0x4f, - 0x60, 0x2b, 0x5a, 0xa4, 0xc5, 0x05, 0xdb, 0xe5, 0x09, 0xe3, - 0xeb, 0xa2, 0x51, 0x33, 0x30, 0x96, 0x46, 0x01, 0x26, 0x8f, - 0x38, 0xc9, 0x97, 0x32, 0x2d, 0xb4, 0x59, 0x15, 0x15, 0x38, - 0x66, 0x66, 0xfe, 0xcb, 0xee, 0xc1, 0xf6, 0x4e, 0xb7, 0xdf, - 0x7b, 0x63, 0xe6, 0x3f, 0xe0, 0x1c, 0x97, 0xed, 0x86, 0xf3, - 0xd2, 0xad, 0x42, 0x29, 0x20, 0x28, 0xa6, 0x59, 0x58, 0x7d, - 0x8f, 0x5c, 0x43, 0x07, 0xd1, 0x7e, 0x83, 0xba, 0x9c, 0x1b, - 0xfe, 0x17, 0x9e, 0xc8, 0x09, 0x63, 0x9a, 0x2d, 0x61, 0x33, - 0x51, 0x46, 0x01, 0xa8, 0xe9, 0x43, 0x1e, 0x4e, 0xfe, 0x61, - 0x1a, 0x28, 0x11, 0x65, 0x70, 0x43, 0x9f, 0xfc, 0x21, 0x1d, - 0x76, 0x7b, 0x40, 0x08, 0x18, 0xd3, 0xe8, 0xc2, 0xe3, 0x8c, - 0xe7, 0x27, 0xc2, 0xec, 0xb0, 0x08, 0x3e, 0x6b, 0x8f, 0x77, - 0x6d, 0x9e, 0xa6, 0xab, 0xce, 0x9a, 0xf8, 0x8f, 0x77, 0xb3, - 0xf4, 0xe8, 0x8b, 0xe7, 0xd9, 0xa1, 0x95, 0x40, 0x6b, 0xca, - 0x21, 0x98, 0xff, 0xdc, 0xdc, 0x96, 0xc3, 0x08, 0x81, 0x72, - 0x9a, 0xdd, 0xe2, 0xcf, 0x95, 0x99, 0xa6, 0xa3, 0x5e, 0x9e, - 0x25, 0x60, 0xa3, 0xc3, 0x39, 0xf7, 0x54, 0x6c, 0xf2, 0x75, - 0xa9, 0x38, 0x12, 0x38, 0x4d, 0x42, 0xe8, 0xec, 0x13, 0x25, - 0xa0, 0xf8, 0x04, 0xb8, 0xf6, 0x66, 0x0b, 0x56, 0xe1, 0xfb, - 0x26, 0x03, 0xe6, 0xa5, 0xf1, 0x4d, 0x7f, 0xa5, 0x9d, 0x58, - 0x71, 0xd8, 0xc7, 0x6a, 0xbe, 0xdc, 0x90, 0x89, 0xb1, 0x36, - 0xb4, 0xb6, 0xb4, 0xbb, 0xaf, 0x6e, 0x43, 0x10, 0xa6, 0xea, - 0xee, 0x12, 0xcb, 0x08, 0x2c, 0x4e, 0x66, 0xf0, 0x1f, 0xf4, - 0xbf, 0xd3, 0xeb, 0x63, 0x48, 0xd0, 0xbe, 0x8a, 0xed, 0x24, - 0xdb, 0x0f, 0x23, 0x1d, 0x2e, 0x30, 0x97, 0x0f, 0xd8, 0xc6, - 0x3b, 0x04, 0x2f, 0x33, 0x78, 0x20, 0x6e, 0xb1, 0x33, 0x03, - 0x27, 0xac, 0x0a, 0x37, 0x15, 0x31, 0xef, 0x4d, 0x43, 0xcc, - 0xa0, 0x49, 0x80, 0xe3, 0x8c, 0xc0, 0xf3, 0xf7, 0x2d, 0x37, - 0x1d, 0xd3, 0x90, 0x5f, 0xad, 0x31, 0xb5, 0x95, 0x17, 0x69, - 0x4b, 0xec, 0x84, 0x9d, 0x2b, 0x8d, 0xdd, 0x9b, 0x58, 0x04, - 0xba, 0x28, 0x0e, 0x28, 0xc1, 0x54, 0x6c, 0xb0, 0x25, 0x0c, - 0x4f, 0x98, 0x47, 0xf7, 0x93, 0xc2, 0xae, 0x2f, 0x6d, 0x29, - 0x9c, 0x3d, 0xe3, 0xb5, 0xe3, 0x28, 0x43, 0x14, 0xe6, 0x92, - 0x4c, 0x79, 0x90, 0x59, 0x75, 0x77, 0x56, 0x43, 0xda, 0xac, - 0xa9, 0x42, 0xd7, 0xca, 0x95, 0x73, 0x26, 0x54, 0x1f, 0x3a, - 0x8a, 0x37, 0x64, 0xd7, 0xcf, 0xe1, 0x31, 0xf7, 0x40, 0x59, - 0xfd, 0xff, 0xea, 0x72, 0xfd, 0xc4, 0xde, 0xe3, 0x4d, 0x8a, - 0xf5, 0x80, 0xc0, 0x61, 0x21, 0xbd, 0xbd, 0x8e, 0x42, 0xd5, - 0x4c, 0xe4, 0xf4, 0x78, 0x31, 0xca, 0xf1, 0xec, 0x7c, 0x7b, - 0x85, 0x6a, 0x05, 0x54, 0xbe, 0x38, 0x54, 0x2f, 0x1f, 0xda, - 0x9f, 0x98, 0xe2, 0x79, 0xd7, 0x42, 0xca, 0xba, 0x85, 0x21, - 0xe2, 0xcb, 0x2b, 0xae, 0x4a, 0x4e, 0x35, 0xfb, 0xcf, 0x3d, - 0xc5, 0xae, 0x27, 0x30, 0xa9, 0x45, 0xe6, 0x3b, 0x43, 0x3e, - 0x35, 0xe3, 0xf2, 0x0d, 0x53, 0x32, 0x2b, 0xf6, 0xe6, 0xc7, - 0xd5, 0x02, 0x82, 0x03, 0xc1, 0x00, 0xd4, 0x04, 0x9b, 0xef, - 0x5d, 0x58, 0xb0, 0xa3, 0xaa, 0xd2, 0xab, 0x53, 0x65, 0x99, - 0x03, 0x49, 0x48, 0x4d, 0xf5, 0xdf, 0x5d, 0x16, 0x14, 0x11, - 0x60, 0x45, 0x1b, 0xff, 0x4a, 0x60, 0x2b, 0x37, 0x63, 0xf6, - 0xa7, 0x8a, 0xa8, 0xff, 0x08, 0x97, 0x08, 0xfc, 0xbb, 0xb3, - 0x20, 0xa3, 0xcd, 0xd9, 0x58, 0xdb, 0x16, 0x1b, 0x88, 0x02, - 0x1e, 0x0f, 0x43, 0x9b, 0x16, 0x7e, 0xbe, 0xb1, 0x9c, 0x13, - 0x10, 0xdc, 0xa1, 0x56, 0xff, 0xa3, 0xff, 0x5e, 0x69, 0x30, - 0xee, 0x7e, 0x76, 0x5f, 0x84, 0x94, 0xeb, 0x8f, 0x58, 0xf8, - 0xcf, 0xbb, 0x99, 0x6e, 0xf0, 0xd8, 0x32, 0xf6, 0xce, 0x48, - 0x6f, 0x7c, 0xc8, 0x8f, 0xd3, 0x86, 0x22, 0x49, 0x9f, 0xde, - 0x11, 0x05, 0xa4, 0xdc, 0x92, 0xfb, 0x0f, 0xfa, 0x09, 0x4d, - 0x17, 0x1a, 0xe2, 0x76, 0x67, 0x40, 0xa9, 0x5b, 0x1b, 0x54, - 0x66, 0x48, 0xf7, 0xc3, 0x59, 0xd4, 0xcf, 0x55, 0xd0, 0x7f, - 0x3b, 0xb0, 0xa2, 0xd8, 0xec, 0xb7, 0x88, 0xe7, 0xb0, 0x30, - 0x72, 0x42, 0x65, 0xe2, 0x91, 0xa7, 0x9b, 0xf6, 0x07, 0x45, - 0x52, 0x51, 0xaa, 0xbe, 0x32, 0x35, 0xe4, 0x88, 0x23, 0xe7, - 0xcb, 0x3c, 0x1c, 0xfb, 0x0b, 0x96, 0xd5, 0xb3, 0x92, 0x86, - 0x79, 0x5b, 0x47, 0x93, 0xd6, 0xbd, 0xc7, 0x21, 0x17, 0xd0, - 0xc9, 0xc7, 0x69, 0x84, 0x80, 0x98, 0xaf, 0x2c, 0x63, 0xd1, - 0xef, 0x6e, 0xca, 0x84, 0x30, 0x32, 0x83, 0x2d, 0x49, 0xbb, - 0x1f, 0x2a, 0xfe, 0x40, 0x7c, 0x03, 0xd4, 0x45, 0xdc, 0xfe, - 0x94, 0xf9, 0xe4, 0x36, 0x47, 0xfa, 0x7e, 0x2e, 0x93, 0x03, - 0xf8, 0x15, 0xf9, 0xce, 0xc3, 0x5b, 0x76, 0x10, 0xec, 0x89, - 0x8c, 0xce, 0x25, 0xa5, 0x77, 0x9a, 0xc5, 0x1e, 0xdd, 0x07, - 0x1b, 0x5b, 0xac, 0x6f, 0xdb, 0x94, 0x85, 0xdf, 0x02, 0x22, - 0xd1, 0xa9, 0x01, 0x8e, 0x63, 0xa1, 0xee, 0x94, 0x9c, 0xdb, - 0xb4, 0x1a, 0x43, 0xe1, 0x1f, 0x4e, 0x2f, 0x68, 0x50, 0x0c, - 0x2f, 0x5b, 0xc5, 0x1b, 0xe1, 0x8d, 0x4b, 0xe0, 0x63, 0x8d, - 0x7a, 0x30, 0xbe, 0xb7, 0x2e, 0x02, 0xc6, 0x02, 0xac, 0xa8, - 0xb8, 0x65, 0xc6, 0x28, 0xee, 0xe4, 0xec, 0x99, 0xa1, 0x9a, - 0xfd, 0x1f, 0xb5, 0x85, 0x7a, 0x94, 0x16, 0xe2, 0xe7, 0x74, - 0x06, 0x54, 0x1b, 0xd0, 0xaf, 0x58, 0x4e, 0x50, 0x7e, 0xd6, - 0xe4, 0x31, 0xd2, 0x0c, 0xd7, 0x9d, 0xe2, 0x00, 0x30, 0xbe, - 0x26, 0x30, 0x48, 0x99, 0x98, 0x58, 0x54, 0x5a, 0xc4, 0x0a, - 0x6c, 0xa1, 0x06, 0xe9, 0x38, 0xe6, 0x79, 0x39, 0x00, 0x9e, - 0xb6, 0xe3, 0xf7, 0x01, 0xcf, 0x2f, 0x82, 0x5e, 0xc3, 0x21, - 0x1b, 0x79, 0x93, 0xb5, 0xe4, 0x39, 0x9d, 0x32, 0x9d, 0x72, - 0xa4, 0xa8, 0xc9, 0x90, 0xce, 0xaf, 0xc0, 0x00, 0xad, 0x20, - 0x87, 0x26, 0xc7, 0xd3, 0x5f, 0x2e, 0xf0, 0x5e, 0xf8, 0x8b, - 0x85, 0xa3, 0xc6, 0x66, 0xd8, 0x2f, 0x86, 0xfe, 0x7d, 0x8d, - 0x22, 0xa5, 0x6d, 0x68, 0x3e, 0x87, 0x6e, 0xf7, 0xf1, 0xf0, - 0x07, 0xc4, 0xe3, 0xf1, 0x84, 0xc4, 0x93, 0x42, 0x06, 0x20, - 0x80, 0x64, 0xb3, 0x52, 0x5c, 0xa5, 0xcf, 0xee, 0xfe, 0xa4, - 0x09, 0x41, 0xbe, 0xaa, 0x78, 0x52, 0x76, 0x3f, 0xf7, 0xe8, - 0xa1, 0x6b, 0x0a, 0xbc, 0x22, 0xbe, 0xdf, 0x72, 0x7b, 0xea, - 0x90, 0x43, 0xee, 0xc2, 0x0b, 0x26, 0xdc, 0x02, 0x26, 0xa7, - 0x50, 0x04, 0x7a, 0x06, 0x91, 0xae, 0x93, 0xd5, 0xd2, 0xc9, - 0xa1, 0xe1, 0xfc, 0xb9, 0x8c, 0x94, 0xca, 0xa8, 0x1c, 0x2c, - 0x57, 0x97, 0x3e, 0x50, 0xed, 0x93, 0x45, 0x7a, 0x2c, 0x59, - 0x7b, 0x34, 0x8f, 0xcd, 0xd6, 0x17, 0x93, 0xd8, 0xde, 0xe8, - 0xb0, 0x9e, 0x27, 0x15, 0xc5, 0xbb, 0xa5, 0xbb, 0xc2, 0x30, - 0x9b, 0xc7, 0x27, 0x02, 0x18, 0xd8, 0xdb, 0xa4, 0x84, 0x37, - 0x64, 0xf7, 0xf7, 0xf1, 0xc8, 0x86, 0x4c, 0x64, 0x97, 0x08, - 0xe9, 0x4e, 0x0e, 0xb6, 0x92, 0xe9, 0x4c, 0x7b, 0x7f, 0xe1, - 0xcc, 0xa0, 0x71, 0xa7, 0x34, 0x48, 0x46, 0xbb, 0x37, 0xce, - 0xb0, 0x4d, 0x39, 0xa8, 0x0e, 0xab, 0xf6, 0x2f, 0x7c, 0x88, - 0xae, 0xcf, 0x90, 0xc6, 0x01, 0xd3, 0x5b, 0x37, 0xe9, 0xb1, - 0x28, 0x42, 0x14, 0xbf, 0x59, 0x35, 0x04, 0xab, 0x46, 0x6e, - 0xa8, 0x29, 0xe2, 0x7a, 0x77, 0x0e, 0x07, 0x67, 0xe4, 0x2b, - 0x03, 0xd2, 0x02, 0x36, 0x16, 0xd7, 0x81, 0x5d, 0x38, 0x9c, - 0x68, 0x9c, 0xf5, 0x9e, 0x49, 0x7d, 0x99, 0xfd, 0xcd, 0x1d, - 0xd2, 0xdf, 0x3c, 0x36, 0x19, 0x85, 0xaa, 0xb1, 0x30, 0x7a, - 0x21, 0xb1, 0x83, 0x16, 0xcf, 0xd1, 0x75, 0xa5, 0x9d, 0xd7, - 0xc1, 0x60, 0xa8, 0xdb, 0x1e, 0xb9, 0x3e, 0x9c, 0x12, 0x42, - 0xe8, 0x47, 0x49, 0x18, 0x9f, 0x5c, 0x12, 0xd1, 0x69, 0xd5, - 0x7d, 0xa8, 0x3c, 0xda, 0x35, 0x8a, 0x6c, 0x63, 0xb8, 0x62, - 0x8a, 0x61, 0xfa, 0xf2, 0x61, 0x11, 0x1e, 0xb6, 0xf3, 0x5c, - 0x62, 0x9d, 0xa7, 0x62, 0x0c, 0x87, 0x93, 0xe2, 0x23, 0x6c, - 0x3d, 0xa9, 0x2c, 0x4b, 0xd5, 0x7f, 0xfe, 0x72, 0x27, 0x36, - 0x06, 0xcb, 0x65, 0x38, 0xef, 0x13, 0x57, 0x6a, 0xc9, 0xc6, - 0x4f, 0x51, 0xd0, 0x90, 0x06, 0xa0, 0x23, 0x65, 0x95, 0xce, - 0x16, 0x8f, 0x8d, 0xb2, 0xf9, 0x7f, 0x3c, 0x2c, 0x30, 0x5a, - 0x38, 0xf1, 0x62, 0x79, 0x4b, 0xe5, 0xd7, 0x0a, 0x3f, 0x83, - 0x5f, 0x46, 0x26, 0x97, 0xb7, 0x08, 0x8c, 0x5b, 0xb8, 0x02, - 0x28, 0xf2, 0x4d, 0xdf, 0x93, 0x97, 0xc5, 0x94, 0x4b, 0x0e, - 0x42, 0xc3, 0x35, 0x91, 0x6b, 0x69, 0x61, 0x76, 0x7f, 0x94, - 0xcf, 0x0b, 0x81, 0x33, 0xff, 0xf3, 0x0c, 0xc7, 0x01, 0x94, - 0x94, 0xa9, 0xed, 0xcd, 0x4b, 0xc8, 0xcb, 0x91, 0xf9, 0x7a, - 0x47, 0xcd, 0x79, 0x3c, 0xa6, 0xde, 0x52, 0xd2, 0x47, 0x5c, - 0x10, 0x62, 0xbb, 0xe5, 0x32, 0xde, 0x83, 0xcf, 0xa8, 0x52, - 0xb3, 0xe7, 0xf9, 0xec, 0x17, 0x34, 0xbf, 0x33, 0x5d, 0xb2, - 0x4e, 0x56, 0xf7, 0x29, 0xd9, 0x5c, 0x1b, 0x83, 0x01, 0xbb, - 0xb9, 0x2b, 0x95, 0x52, 0x08, 0xab, 0xa4, 0x51, 0x03, 0xa1, - 0xfb, 0x6a, 0x50, 0xcd, 0xa8, 0x9d, 0x95, 0x6f, 0x7e, 0xb1, - 0x80, 0x1e, 0x9d, 0x81, 0x01, 0x26, 0x41, 0x78, 0x36, 0x3c, - 0x8a, 0x44, 0xf4, 0x98, 0x88, 0x1c, 0x5d, 0x06, 0xd3, 0xd2, - 0xb2, 0x58, 0x7d, 0xa1, 0x45, 0x1b, 0xbf, 0x8c, 0xf6, 0x6a, - 0xfa, 0xfd, 0x08, 0x29, 0x3e, 0x91, 0x57, 0xf1, 0x3d, 0x20, - 0xed, 0x49, 0x6e, 0x9c, 0x46, 0xd5, 0x08, 0x8d, 0x9b, 0xf8, - 0xef, 0xa3, 0x3a, 0x98, 0xcb, 0xb4, 0xcb, 0x5b, 0x30, 0x25, - 0x20, 0xcc, 0x04, 0xa1, 0xeb, 0xeb, 0xee, 0x1b, 0x36, 0x85, - 0xc1, 0x93, 0x16, 0x5a, 0x31, 0xdf, 0xd6, 0x0e, 0x73, 0x9e, - 0x63, 0x6e, 0x96, 0x90, 0x54, 0xd2, 0xc2, 0x53, 0x69, 0x93, - 0xd5, 0x54, 0xca, 0xd8, 0x84, 0xf7, 0x8f, 0x9a, 0xd1, 0x80, - 0x0d, 0x57, 0xa8, 0x26, 0xbe, 0x45, 0x64, 0xd5, 0x2b, 0xbb, - 0x45, 0xb5, 0x08, 0xb9, 0x37, 0x57, 0x02, 0x82, 0x03, 0xc1, - 0x00, 0xd1, 0x30, 0x2e, 0xb7, 0x9b, 0xe7, 0x5d, 0x13, 0x74, - 0x1f, 0x52, 0xf2, 0x02, 0x18, 0xe9, 0x07, 0x87, 0x9e, 0xed, - 0xde, 0x83, 0x92, 0xcf, 0x73, 0x61, 0x21, 0xc4, 0x62, 0x30, - 0x6c, 0xa2, 0x36, 0xbd, 0xe2, 0xc5, 0x19, 0xf6, 0xdf, 0x51, - 0x7b, 0xca, 0xd4, 0xe4, 0x51, 0x83, 0x49, 0x27, 0xdd, 0xbd, - 0xb0, 0x10, 0x79, 0x39, 0xdd, 0x0e, 0x3d, 0x65, 0xad, 0x6d, - 0xa3, 0x95, 0x52, 0x85, 0xdb, 0x18, 0x94, 0x60, 0xaa, 0xc0, - 0xc8, 0x8b, 0xdb, 0xfe, 0xf9, 0xf0, 0x86, 0xf9, 0x33, 0x8a, - 0xd7, 0xbe, 0x8d, 0x43, 0x83, 0x4d, 0xe4, 0x17, 0x2b, 0x46, - 0x54, 0x44, 0x1b, 0xbe, 0x52, 0x64, 0x47, 0x02, 0x6c, 0x4a, - 0x64, 0xb4, 0x3f, 0x21, 0x2f, 0xbb, 0xe3, 0x72, 0x7c, 0x26, - 0x14, 0xdf, 0x80, 0x50, 0xd4, 0x94, 0xe9, 0xc6, 0x7d, 0x71, - 0xd8, 0xaf, 0xfb, 0x74, 0x36, 0x33, 0xbe, 0x58, 0x63, 0xad, - 0xcb, 0xdf, 0xc0, 0x73, 0x9e, 0x19, 0xb0, 0x65, 0xe1, 0xd1, - 0x10, 0x44, 0xf1, 0xf0, 0x08, 0xa3, 0x09, 0x25, 0xeb, 0xd5, - 0xcb, 0xdd, 0x98, 0xdd, 0xbc, 0x09, 0x2c, 0xef, 0xc1, 0x8d, - 0x43, 0x15, 0x41, 0xc2, 0xa1, 0x84, 0x37, 0x70, 0x5a, 0xd5, - 0xf5, 0xb2, 0x6a, 0x1f, 0xbb, 0xcc, 0x30, 0xb9, 0xd9, 0xc7, - 0x36, 0x21, 0xf3, 0x69, 0x3e, 0x91, 0x38, 0x4d, 0xa5, 0xc4, - 0xf7, 0x84, 0x90, 0x34, 0x0e, 0x47, 0x7e, 0x26, 0xf2, 0x98, - 0x25, 0x26, 0xda, 0xf0, 0x4e, 0x55, 0xea, 0x4d, 0x9b, 0x8a, - 0x4a, 0xe1, 0x1f, 0xa0, 0x07, 0x90, 0x9e, 0x59, 0x64, 0xae, - 0xd9, 0xd6, 0x7e, 0x72, 0xa1, 0xc4, 0xea, 0x7d, 0xbd, 0x1f, - 0x7d, 0x2b, 0xd9, 0x2c, 0xdc, 0x8b, 0xc0, 0xda, 0x52, 0x0c, - 0xd1, 0xd0, 0x56, 0xb7, 0x93, 0xc7, 0x26, 0x79, 0x71, 0xd0, - 0x0d, 0xae, 0xaa, 0xa7, 0xe4, 0xc1, 0x59, 0x27, 0x68, 0x97, - 0x9a, 0xff, 0x3d, 0x36, 0x07, 0x55, 0x77, 0x07, 0x97, 0x69, - 0xf3, 0x99, 0x91, 0x3f, 0x63, 0xfd, 0x70, 0x8c, 0xa1, 0xeb, - 0xc5, 0x21, 0xa3, 0xfe, 0x99, 0x96, 0x11, 0x37, 0xb9, 0xe6, - 0x93, 0xf8, 0xd0, 0xb1, 0xa3, 0x57, 0x7a, 0xa8, 0x63, 0xdd, - 0x09, 0x56, 0xb0, 0x3b, 0xa6, 0x59, 0xc7, 0x89, 0x54, 0x16, - 0xe9, 0x2d, 0x78, 0x7d, 0xaf, 0x4e, 0x0a, 0x5b, 0x62, 0x3b, - 0x0b, 0xcb, 0x24, 0x89, 0x4e, 0x1c, 0x3d, 0xe1, 0xbd, 0x5a, - 0x3e, 0xc5, 0xfd, 0x15, 0x3d, 0x08, 0x38, 0x33, 0x5e, 0x37, - 0x4c, 0xe3, 0xe3, 0xe9, 0xc4, 0x1d, 0x2b, 0xd4, 0x58, 0x25, - 0x58, 0x23, 0x8e, 0xc6, 0x83, 0x9a, 0xf3, 0x9a, 0x78, 0xe9, - 0xa7, 0xca, 0xd7, 0xdd, 0x89, 0x20, 0x6e, 0x02, 0xea, 0x6b, - 0x37, 0x74, 0xda, 0xa0, 0xc2, 0x5a, 0x2b, 0x80, 0x1c, 0x28, - 0x91, 0x0d, 0x50, 0x64, 0xf0, 0x12, 0xe7, 0xc4, 0x7e, 0xdd, - 0x28, 0x3b, 0x26, 0x9a, 0xf4, 0x39, 0x56, 0xa4, 0x72, 0x4d, - 0xcb, 0x67, 0x3c, 0x68, 0xb2, 0x6f, 0xf0, 0xd0, 0x15, 0x90, - 0xc8, 0x08, 0xbb, 0x0b, 0x08, 0x6b, 0x8a, 0xde, 0x41, 0x57, - 0xbc, 0x63, 0x0e, 0x00, 0x8d, 0xf8, 0xdd, 0x93, 0xce, 0x58, - 0x7b, 0xa8, 0xb9, 0x64, 0x26, 0x06, 0xe7, 0x71, 0x23, 0x0f, - 0x41, 0xf1, 0xb7, 0xae, 0x59, 0x2e, 0xd0, 0x73, 0xc5, 0xd9, - 0xdc, 0x0e, 0x1c, 0x02, 0x58, 0x69, 0xb3, 0x15, 0x6d, 0x96, - 0x2b, 0xdb, 0x7b, 0x3b, 0x6c, 0x38, 0x32, 0x6b, 0xd8, 0x08, - 0xb2, 0xbd, 0xa7, 0x49, 0x43, 0xeb, 0x90, 0x42, 0x70, 0xc5, - 0xba, 0xcd, 0x4a, 0x44, 0x8f, 0x83, 0x0d, 0x17, 0x51, 0x5a, - 0x95, 0xa2, 0x57, 0x9a, 0x16, 0x19, 0x91, 0xbb, 0x90, 0x5c, - 0x2a, 0x16, 0xe8, 0x26, 0x10, 0x3c, 0xb7, 0x10, 0x5c, 0xf8, - 0xc5, 0x15, 0x2b, 0x70, 0x75, 0x69, 0xba, 0x7b, 0x3d, 0x0b, - 0x57, 0xac, 0x39, 0x12, 0x2e, 0xd6, 0xd9, 0x13, 0x74, 0x8e, - 0xa8, 0x0b, 0x17, 0xe1, 0x03, 0x7a, 0xba, 0x1d, 0x07, 0x91, - 0x8c, 0x2a, 0x3a, 0x8d, 0xe0, 0x2a, 0x94, 0xd4, 0x16, 0x35, - 0x64, 0x8b, 0x92, 0x2c, 0x2f, 0xa4, 0x18, 0xfe, 0x3f, 0x02, - 0x19, 0x8c, 0xb9, 0xeb, 0xaf, 0x01, 0x06, 0xa8, 0x37, 0x7f, - 0xe2, 0x44, 0x10, 0xce, 0xeb, 0x8d, 0xd0, 0x73, 0xc4, 0x1e, - 0x3d, 0x2c, 0xaf, 0x77, 0xb2, 0xef, 0xe5, 0x95, 0x8b, 0xdf, - 0x02, 0xfc, 0x93, 0xb8, 0xa9, 0x27, 0x88, 0x1d, 0x1d, 0x82, - 0x9f, 0xb6, 0xe4, 0x12, 0x05, 0x79, 0xb6, 0x1c, 0x41, 0x0d, - 0xc1, 0x53, 0x49, 0x8f, 0x3d, 0xc9, 0xad, 0x84, 0xcb, 0x0b, - 0x88, 0x7e, 0xfe, 0x73, 0x59, 0x21, 0x64, 0xc5, 0x50, 0x53, - 0xdc, 0x98, 0xc6, 0x43, 0xb8, 0xf5, 0xc3, 0xa1, 0xf5, 0xb2, - 0xd8, 0x86, 0xe9, 0xae, 0x98, 0xf9, 0x3b, 0x99, 0xc0, 0xe7, - 0xd7, 0x4a, 0xed, 0xac, 0x89, 0x84, 0xb0, 0x8e, 0xd3, 0xab, - 0xec, 0x03, 0x02, 0x12, 0x4b, 0x44, 0x17, 0x4d, 0x98, 0x26, - 0x1e, 0x51, 0xc5, 0xbb, 0xcd, 0xdc, 0x50, 0xab, 0x83, 0x37, - 0x49, 0x90, 0x1e, 0x34, 0xad, 0x81, 0x22, 0x6c, 0xe4, 0xdd, - 0x19, 0x01, 0x09, 0x25, 0x2d, 0x9e, 0x52, 0x90, 0x72, 0xa1, - 0x68, 0x3d, 0x0c, 0x49, 0x99, 0x19, 0x75, 0x5a, 0xca, 0x08, - 0x69, 0xa1, 0xd2, 0x88, 0x8c, 0xea, 0xcf, 0x9c, 0xbc, 0x23, - 0xad, 0x3f, 0xb9, 0xfc, 0xb9, 0x30, 0x0d, 0xd6, 0xd9, 0x65, - 0x0c, 0x7e, 0x99, 0x68, 0x35, 0x26, 0x07, 0xd1, 0x55, 0xbf, - 0x8e, 0xde, 0xe7, 0xe7, 0x01, 0xcb, 0xca, 0x0a, 0x39, 0x2e, - 0xcc, 0x19, 0xec, 0x77, 0xf3, 0xab, 0xb2, 0xe6, 0x0e, 0x54, - 0x06, 0x01, 0x50, 0x77, 0xd3, 0x61, 0x36, 0x05, 0x90, 0xe4, - 0xd8, 0xc4, 0x1d, 0xf5, 0xc7, 0xfa, 0x65, 0xf0, 0x46, 0x6a, - 0x5f, 0xa7, 0xc3, 0x8c, 0x6f, 0x04, 0x7f, 0xcf, 0x97, 0xb9, - 0x68, 0x92, 0x31, 0x09, 0x02, 0x9f, 0x22, 0xc9, 0xf8, 0xe6, - 0x7e, 0xa8, 0x95, 0x5b, 0x6b, 0xfe, 0x9c, 0x4e, 0x63, 0x2d, - 0x8c, 0x1a, 0x4c, 0x8b, 0x14, 0x79, 0x08, 0xd5, 0x96, 0x76, - 0xd1, 0xb4, 0x2f, 0xae, 0x5d, 0x91, 0x88, 0x7c, 0xdd, 0xd2, - 0x06, 0x86, 0xcf, 0x0a, 0x83, 0x6f, 0xda, 0xca, 0x71, 0x7c, - 0xe7, 0xe5, 0x34, 0xa8, 0x9a, 0x53, 0x8d, 0xa5, 0xaa, 0x5d, - 0xb5, 0x17, 0x81, 0x34, 0x6f, 0xbe, 0xbb, 0xb6, 0x58, 0x22, - 0x90, 0x80, 0xf6, 0x9c, 0x1c, 0xb0, 0x79, 0x8f, 0x92, 0x5b, - 0x7d, 0x1c, 0x71, 0x5f, 0xb4, 0x87, 0x36, 0xbe, 0x81, 0x8d, - 0x4a, 0xfc, 0x28, 0x72, 0x81, 0xaf, 0x5f, 0xbd, 0x5f, 0x99, - 0xe3, 0xc9, 0x37, 0xb0, 0x6e, 0xad, 0x70, 0x96, 0xfa, 0xe3, - 0x99, 0xf7, 0x08, 0x14, 0x21, 0x21, 0xb7, 0x1a, 0xaa, 0xe8, - 0x07, 0xb6, 0xfd, 0xa3, 0x7a, 0x2d, 0x93, 0x64, 0x8f, 0x89, - 0x2c, 0x71, 0x49, 0x71, 0xb8, 0x45, 0xca, 0xe0, 0x7c, 0x00, - 0x8d, 0xbd, 0xb8, 0x1c, 0x3a, 0x94, 0xa2, 0xa7, 0x6d, 0x0a, - 0x2e, 0x84, 0xaf, 0xbd, 0xab, 0x05, 0x95, 0x64, 0x8b, 0x05, - 0xc8, 0xc9, 0x4e, 0xea, 0xb5, 0x96, 0x4a, 0x47, 0xdd, 0xf2, - 0xcb, 0x02, 0x82, 0x03, 0xc0, 0x59, 0xb3, 0xd9, 0x85, 0xdc, - 0xa8, 0xb9, 0x93, 0x85, 0xa2, 0xbc, 0x79, 0xfc, 0x72, 0x50, - 0xc1, 0xa0, 0xa5, 0xdb, 0x71, 0x35, 0xa1, 0x31, 0xbc, 0x68, - 0x4e, 0xd5, 0x19, 0x9e, 0x0e, 0x32, 0x3a, 0xad, 0x40, 0x9e, - 0x82, 0x3c, 0x1e, 0x2b, 0x34, 0x3b, 0xc9, 0x32, 0x61, 0x07, - 0x5e, 0x46, 0xa9, 0xbe, 0xbe, 0x73, 0x0c, 0x12, 0xef, 0x52, - 0x68, 0x82, 0xe2, 0x0b, 0x12, 0x74, 0xfc, 0x10, 0x5c, 0xc0, - 0xb5, 0x98, 0x4d, 0x86, 0xbb, 0x8c, 0x40, 0x15, 0xa1, 0x6e, - 0x46, 0x73, 0x2e, 0xd6, 0x99, 0x6b, 0x50, 0xab, 0x04, 0x1a, - 0x5f, 0xf4, 0xfa, 0xcb, 0x4b, 0xad, 0xc4, 0x5e, 0x62, 0xa7, - 0x48, 0xd4, 0x52, 0x85, 0xdc, 0x2a, 0x85, 0x9b, 0xee, 0x08, - 0xa5, 0xaa, 0xaa, 0xe8, 0x44, 0xf0, 0xed, 0x89, 0x21, 0xe4, - 0xb4, 0xab, 0x3c, 0x0d, 0x53, 0x7e, 0x53, 0xdd, 0xac, 0x47, - 0xda, 0x77, 0x79, 0x5f, 0x78, 0x7a, 0x80, 0x84, 0x46, 0x50, - 0xaa, 0xdb, 0x3b, 0x8c, 0x6b, 0xda, 0xb0, 0xac, 0x0a, 0xd3, - 0x4c, 0xe4, 0x6e, 0x87, 0xd1, 0xb2, 0x5a, 0xd5, 0x98, 0xae, - 0xcb, 0x7e, 0xc2, 0x19, 0xdc, 0x53, 0x64, 0x86, 0x4c, 0x7b, - 0xe0, 0x63, 0x22, 0x94, 0x34, 0xad, 0x15, 0xdc, 0xd8, 0xa8, - 0x5f, 0xc6, 0x58, 0xf6, 0x72, 0x34, 0xdd, 0xfb, 0x85, 0x8a, - 0xd9, 0xa3, 0xfb, 0x3b, 0xad, 0x5d, 0xf0, 0x1a, 0x0b, 0xa8, - 0x91, 0xe7, 0x7d, 0x26, 0x27, 0x38, 0xf8, 0xe0, 0x49, 0x1b, - 0x56, 0xc5, 0x5b, 0xe3, 0x1c, 0x7b, 0xa3, 0x53, 0x6d, 0x22, - 0xfa, 0xd7, 0x63, 0x5f, 0xf0, 0xcb, 0x92, 0x49, 0x01, 0x54, - 0xe5, 0x77, 0x5b, 0xd3, 0xab, 0xce, 0xb8, 0x3a, 0x5b, 0xb8, - 0x07, 0x40, 0x46, 0x51, 0xe4, 0x59, 0xa2, 0x45, 0x41, 0xcc, - 0x81, 0x6c, 0xe3, 0xa6, 0xb3, 0xa0, 0x30, 0x4a, 0x67, 0x10, - 0xed, 0xc0, 0x8a, 0xcd, 0xfc, 0xa5, 0x44, 0x9b, 0x59, 0x19, - 0x4a, 0x43, 0x8d, 0xec, 0x00, 0xd8, 0x6d, 0xf9, 0xf0, 0x2d, - 0xd9, 0x55, 0xfc, 0x05, 0xe2, 0x12, 0x48, 0x4d, 0xd6, 0x7d, - 0xec, 0x41, 0xc4, 0x9e, 0xe2, 0xed, 0x84, 0x14, 0x29, 0x0e, - 0x5b, 0x81, 0x0b, 0xb0, 0x87, 0x8a, 0xd3, 0x35, 0x5c, 0xad, - 0xdb, 0xcc, 0xa1, 0x3c, 0xcb, 0x8b, 0x23, 0x55, 0x69, 0xf1, - 0x83, 0x84, 0x81, 0x36, 0xae, 0xd5, 0xf3, 0x98, 0xb6, 0xb2, - 0xb5, 0xa1, 0x79, 0x6d, 0x80, 0x8f, 0x2e, 0x25, 0x71, 0x4e, - 0x16, 0xff, 0xa0, 0x7c, 0xa4, 0x62, 0x8c, 0x44, 0x85, 0x64, - 0x90, 0x7c, 0xac, 0x10, 0x36, 0xf2, 0xf2, 0xfb, 0x20, 0x2b, - 0xa1, 0x27, 0xd0, 0xcc, 0x27, 0xfd, 0xb0, 0xba, 0x3e, 0x37, - 0xb1, 0xa8, 0x9d, 0x3c, 0x82, 0x63, 0xd0, 0x16, 0x6d, 0x7a, - 0xdd, 0x2e, 0xea, 0xe5, 0x87, 0xd6, 0x64, 0x72, 0xdb, 0x60, - 0x53, 0x38, 0x18, 0x66, 0x1d, 0x25, 0xf6, 0x08, 0x92, 0x7f, - 0x68, 0x5b, 0x79, 0x07, 0xde, 0x93, 0xee, 0xf8, 0x8f, 0xce, - 0x28, 0xcf, 0xb1, 0x5b, 0x43, 0x51, 0xdf, 0xf5, 0xac, 0xe8, - 0x9c, 0x95, 0x14, 0x8a, 0x67, 0xe1, 0x25, 0xfe, 0x11, 0xa2, - 0x40, 0xf8, 0xdd, 0xcf, 0xf5, 0x17, 0x94, 0xb6, 0x88, 0x10, - 0xa2, 0x90, 0x58, 0xef, 0xaf, 0x73, 0xf8, 0x7c, 0x9b, 0x20, - 0x30, 0x79, 0xca, 0x3f, 0xa9, 0x22, 0x40, 0xfd, 0xcc, 0xb0, - 0x5d, 0x0d, 0x97, 0x6b, 0xc0, 0x75, 0x35, 0x33, 0xc5, 0x76, - 0x45, 0x6e, 0x9b, 0x78, 0xe7, 0xb4, 0x04, 0xb3, 0xba, 0x3b, - 0x93, 0xb1, 0xa9, 0x8f, 0xa1, 0x24, 0x5d, 0x1c, 0x0e, 0x66, - 0xc0, 0xc6, 0xcc, 0xd6, 0xb7, 0x88, 0x9d, 0xb8, 0x45, 0xe3, - 0xaa, 0xc9, 0x6c, 0xfd, 0x37, 0xdc, 0x85, 0xd5, 0x49, 0xfd, - 0xef, 0xeb, 0xf9, 0x7a, 0x3f, 0x7a, 0x4f, 0x86, 0x49, 0xaa, - 0x9f, 0x08, 0x12, 0x0b, 0x11, 0x35, 0x5c, 0xd5, 0xd3, 0xda, - 0x14, 0x50, 0x03, 0x2c, 0x24, 0x26, 0x0e, 0x29, 0x18, 0xcc, - 0x1d, 0x0a, 0x7c, 0x94, 0x8b, 0xc0, 0xa0, 0x3f, 0xea, 0xf8, - 0xf8, 0xa9, 0x1d, 0x65, 0x31, 0x6f, 0x3b, 0xa6, 0xd0, 0xfc, - 0x26, 0xb0, 0x4e, 0x3a, 0x66, 0xe7, 0x32, 0x10, 0x2e, 0x84, - 0x47, 0xad, 0xa9, 0x18, 0xfc, 0xa3, 0x8b, 0x74, 0x84, 0x4f, - 0xd4, 0x25, 0x93, 0x0f, 0xdb, 0x2e, 0xae, 0x88, 0x8e, 0x28, - 0xf8, 0x0f, 0xaa, 0x60, 0xd4, 0xbe, 0xad, 0x66, 0x0c, 0x0d, - 0x01, 0xbd, 0x8d, 0xc4, 0xfc, 0x48, 0xef, 0x78, 0x14, 0x34, - 0xee, 0xb3, 0xbc, 0xd4, 0xbb, 0x1f, 0x7c, 0x12, 0x5c, 0x9b, - 0xeb, 0x77, 0x3e, 0x2c, 0x6e, 0x31, 0x59, 0xe6, 0x78, 0xc5, - 0xe8, 0xa4, 0xdd, 0xf1, 0xef, 0x5d, 0x27, 0x45, 0x31, 0x13, - 0xd0, 0x21, 0xa1, 0x13, 0xce, 0xac, 0x7e, 0xbb, 0xfb, 0x32, - 0xeb, 0x76, 0x31, 0xc4, 0xba, 0xdf, 0xfb, 0x5a, 0x1b, 0xc9, - 0x9e, 0x74, 0xa0, 0x9e, 0x26, 0x82, 0xd5, 0x6e, 0x1d, 0xc3, - 0x0e, 0xd1, 0x6d, 0xdb, 0x43, 0xb3, 0x0b, 0x14, 0xcb, 0xf1, - 0xad, 0x62, 0x34, 0x49, 0xb8, 0xd3, 0x08, 0xca, 0x93, 0xf1, - 0x42, 0xb2, 0x4b, 0x23, 0x79, 0x93, 0xde, 0x18, 0x58, 0xf3, - 0x66, 0xfa, 0xdc, 0xab, 0xca, 0x33, 0x22, 0x2b, 0x5c, 0x8c, - 0x12, 0xc1, 0x7b, 0x2e, 0x52, 0x72, 0xa7, 0x78, 0x4a, 0x49, - 0xa1, 0x53, 0x02, 0x76, 0x2d, 0x2e, 0xf8, 0x43, 0x3c, 0xe8, - 0xfa, 0xb7, 0xff, 0x39, 0xed, 0x74, 0x9e, 0x11, 0x61, 0x33, - 0xde, 0x2a, 0x55, 0xe6, 0x4a, 0xe7, 0x97, 0xa6, 0xb2, 0xc3, - 0x40, 0x41, 0x52, 0x66, 0xcf, 0xbf, 0xf8, 0x8e, 0x08, 0xea, - 0x96, 0x4d, 0x03, 0xc9, 0xbe, 0x3c, 0x4e, 0x36, 0x8c, 0x6f, - 0x4d, 0x1e, 0xcd, 0x31, 0x6d, 0x53, 0xea, 0x9e, 0xf0, 0x8e, - 0x35, 0x97, 0x37, 0x54, 0xe9, 0x0f, 0xb8, 0x23, 0x25, 0x69, - 0x5b, 0xb5, 0xff, 0xc3, 0x5a, 0x2d, 0x10, 0x6a, 0xc0, 0xb8, - 0xee, 0x0d, 0x31, 0x5b, 0xe4, 0x69, 0x40, 0x62, 0xa7, 0x1b, - 0x16, 0xfa, 0xd6, 0xb8, 0xba, 0xc8, 0x6a, 0xa3, 0x29, 0xdd, - 0x9b, 0x4d, 0xd7, 0x96, 0xef, 0x31, 0x74, 0xac, 0x37, 0x10, - 0x91, 0x30, 0x0c, 0x15, 0x3f, 0x09, 0xb6, 0x7d, 0x22, 0xfb, - 0x8c, 0x6f, 0xc3, 0x93, 0xa3, 0x98, 0xa6, 0x23, 0xa4, 0x55, - 0xe0, 0x9e, 0x23, 0x06, 0xa9, 0x78, 0xe9, 0xb3, 0x88, 0xc9, - 0xb7, 0x83, 0x05, 0x46, 0x11, 0x3a, 0x0a, 0xb9, 0x74, 0x5b, - 0xa0, 0xb5, 0x06, 0x96, 0x86, 0xb6, 0xf4, 0x9d, 0x0d, 0x86, - 0x43, 0xa8, 0x40, 0x4b, 0x08, 0x93, 0x7c, 0xad, 0xb0, 0x50, - 0xb4, 0xd0, 0xe7, 0xad, 0xd0, 0x54, 0x5e, 0x15, 0xaf, 0xad, - 0x34, 0x12, 0x86, 0xb3, 0x29, 0x3b, 0x20, 0xc9, 0xad, 0xeb, - 0xc2, 0x65, 0xf3, 0x5c, 0x2d, 0xe5, 0xff, 0xfd, 0x81, 0x79, - 0xf5, 0x11, 0x6f, 0xf7, 0xca, 0x0c, 0x76, 0xf0, 0xd4, 0x02, - 0x9d, 0xb7, 0x76, 0x39, 0x6d, 0x32, 0x6a, 0xb8, 0x30, 0xa4, - 0x01, 0xcc, 0x10, 0xef, 0xb1, 0x0e, 0x41, 0x22, 0x82, 0x5b, - 0x22, 0xcb, 0x32, 0x19, 0x2e, 0xa3, 0x0a, 0xce, 0x05, 0xdd, - 0xe8, 0x4a, 0x58, 0x92, 0xe1, 0x02, 0x82, 0x03, 0xc0, 0x22, - 0x0f, 0x95, 0x5b, 0xc2, 0x1f, 0xde, 0xf0, 0xde, 0xf4, 0x86, - 0xbd, 0xef, 0x07, 0x7d, 0x52, 0x03, 0x8c, 0x26, 0x31, 0x17, - 0xfd, 0x5c, 0x97, 0xed, 0xd5, 0xe0, 0xb3, 0x18, 0x2d, 0x68, - 0x10, 0x3f, 0xc4, 0xdf, 0xd1, 0x05, 0x78, 0x81, 0x3d, 0x05, - 0xde, 0xba, 0x3a, 0x67, 0x85, 0x0e, 0xdf, 0xb5, 0x16, 0x28, - 0xe8, 0x84, 0x3a, 0x71, 0x2a, 0x20, 0x17, 0x28, 0x05, 0xfd, - 0xb7, 0x4d, 0x22, 0x4a, 0x93, 0x46, 0x56, 0x27, 0x43, 0xc0, - 0x3a, 0x16, 0xff, 0x3d, 0x61, 0xcc, 0xcb, 0xce, 0xac, 0xa8, - 0x53, 0x3a, 0x0d, 0xf4, 0x2d, 0xd2, 0x73, 0xf2, 0x64, 0xa0, - 0x1e, 0x60, 0x53, 0xec, 0x0d, 0xff, 0xe0, 0x00, 0x10, 0xfb, - 0xa4, 0x57, 0xd3, 0xfc, 0xe4, 0xe0, 0xec, 0x44, 0x0b, 0x1c, - 0x05, 0x39, 0xa4, 0x13, 0x87, 0x29, 0x11, 0x9d, 0xea, 0xe9, - 0x64, 0xa9, 0x1c, 0x76, 0x3a, 0x65, 0x0b, 0xfd, 0xed, 0x77, - 0x46, 0x4f, 0xcd, 0x0b, 0x63, 0xc4, 0x83, 0x0b, 0x56, 0x79, - 0xd3, 0x67, 0x01, 0x11, 0x02, 0xd9, 0x50, 0xd8, 0x23, 0xf4, - 0xb6, 0x02, 0x4c, 0xae, 0xb5, 0xc9, 0x68, 0x1b, 0x87, 0x33, - 0xbb, 0xdc, 0x64, 0x0e, 0x32, 0x34, 0xb2, 0x25, 0xaa, 0x76, - 0xdd, 0x7e, 0xc3, 0x46, 0x51, 0x1c, 0xc1, 0xd0, 0x05, 0x09, - 0x6c, 0x27, 0xd3, 0xcf, 0x33, 0x7a, 0xb9, 0x26, 0x24, 0x23, - 0x4a, 0x93, 0x9f, 0x4b, 0x96, 0xc7, 0xe2, 0xb2, 0x51, 0x42, - 0x4d, 0x5d, 0xd9, 0x73, 0x75, 0xce, 0x23, 0x28, 0x56, 0x5e, - 0xe7, 0x96, 0x58, 0x04, 0xfd, 0x33, 0x93, 0x08, 0x41, 0x62, - 0x02, 0x7e, 0xc9, 0xc6, 0x55, 0x64, 0x19, 0xda, 0x39, 0xb8, - 0x5d, 0x09, 0x47, 0xf3, 0xdd, 0x77, 0xee, 0xea, 0x35, 0x73, - 0x95, 0xdb, 0x18, 0x4d, 0xd1, 0xfe, 0xee, 0x40, 0x31, 0x2a, - 0x22, 0x91, 0x69, 0xd6, 0xed, 0x9c, 0x54, 0x14, 0x73, 0x61, - 0x61, 0xe7, 0x1d, 0x34, 0x96, 0x47, 0xff, 0x28, 0x7a, 0x48, - 0xa3, 0xf4, 0xcd, 0x64, 0x23, 0xe2, 0x52, 0x2f, 0x20, 0x8f, - 0x04, 0xb3, 0xdc, 0xf0, 0x29, 0x67, 0x88, 0x76, 0x79, 0xdb, - 0x86, 0xa7, 0x95, 0xf0, 0x15, 0x81, 0xbb, 0x98, 0xee, 0xff, - 0x55, 0x7c, 0xb0, 0xee, 0x67, 0x65, 0xfd, 0xf2, 0x29, 0x0f, - 0x85, 0x51, 0xf9, 0xac, 0x5c, 0x55, 0x5a, 0xde, 0x40, 0x62, - 0x58, 0x55, 0x9f, 0x09, 0x4c, 0x2e, 0x28, 0x75, 0xbc, 0x48, - 0xe2, 0x97, 0x85, 0xb3, 0x83, 0xeb, 0x21, 0x49, 0x21, 0xd4, - 0xed, 0x74, 0x4f, 0xc1, 0x6c, 0x34, 0x8c, 0x11, 0xb0, 0x93, - 0x41, 0x99, 0x23, 0x2e, 0xa4, 0xc1, 0x9f, 0x34, 0x74, 0x64, - 0xbb, 0xd7, 0x4f, 0x8f, 0x9f, 0x3a, 0x0c, 0x4f, 0x5e, 0xdd, - 0x41, 0x07, 0xf1, 0xfd, 0x5a, 0x9d, 0xe6, 0x77, 0xd8, 0x7e, - 0x71, 0x7b, 0xad, 0xf7, 0x76, 0x13, 0x71, 0x90, 0xb3, 0x0f, - 0x46, 0x8e, 0xee, 0x7b, 0x33, 0x97, 0x5d, 0x21, 0x3b, 0xa0, - 0x58, 0x9e, 0xb7, 0x87, 0x30, 0x8f, 0xc1, 0x23, 0x2c, 0xde, - 0xf7, 0x0d, 0xa9, 0xd6, 0x50, 0xeb, 0x35, 0x7a, 0x82, 0xab, - 0x22, 0x49, 0x86, 0xd4, 0x61, 0xc7, 0xc2, 0x4e, 0x77, 0xfc, - 0x16, 0x0b, 0xaf, 0x81, 0x6a, 0x47, 0xea, 0xac, 0x7e, 0x51, - 0x4c, 0x56, 0x30, 0x21, 0x46, 0x41, 0xc3, 0x92, 0x60, 0x99, - 0x4f, 0x88, 0x36, 0x3b, 0x27, 0xb4, 0xb2, 0x7e, 0x44, 0x2f, - 0xdd, 0x95, 0xe4, 0x5e, 0x16, 0x1f, 0xa7, 0x32, 0x6b, 0x60, - 0x24, 0x0f, 0xf2, 0xe6, 0x35, 0x3c, 0x0c, 0x3e, 0xb5, 0xd6, - 0xdd, 0x63, 0xe2, 0x76, 0x35, 0x38, 0x79, 0xbf, 0xa5, 0x23, - 0xa4, 0xdd, 0xeb, 0x01, 0x48, 0xd0, 0x60, 0x86, 0x11, 0x38, - 0x5f, 0x9e, 0x6b, 0x00, 0x67, 0xd2, 0x5b, 0x41, 0x0a, 0x5e, - 0x13, 0x0f, 0xa1, 0x9e, 0x90, 0x85, 0xa6, 0x7f, 0xe5, 0x4b, - 0x9e, 0x93, 0x4e, 0x5b, 0x1f, 0x47, 0x62, 0xb0, 0x23, 0xbe, - 0x82, 0xa9, 0xd9, 0xb6, 0x2e, 0xfd, 0xb1, 0x10, 0xca, 0xe0, - 0xc9, 0x5d, 0xf6, 0x85, 0x18, 0x6c, 0x9c, 0x1d, 0x1f, 0x7c, - 0xf6, 0x55, 0x09, 0x80, 0xcf, 0xac, 0xfe, 0x37, 0x6a, 0x4f, - 0x96, 0xaa, 0x40, 0x79, 0x8b, 0x4a, 0xf2, 0x96, 0x79, 0x12, - 0x1a, 0x26, 0x87, 0x06, 0x35, 0x4d, 0xd4, 0x3e, 0x14, 0x39, - 0xe5, 0x6c, 0x39, 0x0f, 0x84, 0xb3, 0x5f, 0xed, 0xf4, 0xff, - 0x89, 0x52, 0x05, 0x00, 0xf1, 0xd1, 0xc3, 0xcf, 0x54, 0x10, - 0x24, 0x7c, 0xa6, 0xb5, 0x95, 0xa8, 0x6e, 0x13, 0x3e, 0x4a, - 0x40, 0x6c, 0xf9, 0x63, 0x90, 0x44, 0x52, 0x07, 0x53, 0xb7, - 0x51, 0xd9, 0x18, 0x47, 0x2e, 0xb0, 0x4e, 0x0f, 0x09, 0x99, - 0x3a, 0x97, 0x26, 0x53, 0xa6, 0x02, 0x06, 0x0e, 0x93, 0xe1, - 0x0b, 0xc5, 0xa9, 0x14, 0xd3, 0xd6, 0x8a, 0x29, 0x75, 0xcd, - 0xb6, 0x7b, 0x64, 0x7c, 0xdd, 0x7e, 0xb4, 0x0a, 0x87, 0x48, - 0x4a, 0x1b, 0x0e, 0x74, 0x4c, 0xd3, 0x0e, 0x96, 0x0e, 0x53, - 0xc4, 0x3d, 0x7b, 0x1c, 0x87, 0x6a, 0x15, 0xd8, 0x77, 0xba, - 0xe6, 0xa0, 0x2f, 0x2c, 0x1a, 0x9d, 0xde, 0x79, 0xfd, 0xab, - 0x44, 0x80, 0xf0, 0x37, 0x9a, 0x3b, 0xf8, 0xde, 0x3d, 0x29, - 0xcb, 0x89, 0x64, 0x4b, 0x57, 0xe7, 0x6b, 0x84, 0x09, 0x27, - 0x17, 0x2f, 0xb2, 0xba, 0x3d, 0x09, 0xc9, 0x3c, 0x89, 0xe6, - 0x19, 0x73, 0x83, 0xf7, 0xc6, 0x19, 0x18, 0x96, 0xb2, 0x7d, - 0x1e, 0x9f, 0x70, 0x1f, 0xfc, 0x1f, 0xe2, 0xb5, 0x69, 0x1e, - 0xf4, 0x65, 0x91, 0xce, 0x4b, 0xdc, 0x74, 0x49, 0x21, 0x64, - 0x8b, 0x33, 0x50, 0xd2, 0xc1, 0x33, 0x62, 0x5b, 0xde, 0x0a, - 0x72, 0xbe, 0xc0, 0x05, 0x51, 0x15, 0x80, 0xed, 0x32, 0x3a, - 0x64, 0xa2, 0x73, 0x68, 0x5b, 0x16, 0xcf, 0x70, 0x5c, 0x98, - 0xe5, 0x67, 0x45, 0x60, 0x57, 0x2b, 0x47, 0x0a, 0x22, 0x73, - 0xc3, 0x56, 0x33, 0x3e, 0x14, 0x1d, 0x0c, 0xd1, 0x03, 0x08, - 0x92, 0x21, 0x2b, 0xa9, 0x6e, 0x6b, 0xf9, 0x0c, 0x1e, 0x86, - 0xdd, 0xb5, 0xbb, 0xa4, 0xa5, 0x82, 0x99, 0x98, 0x49, 0x36, - 0xec, 0x98, 0x98, 0x95, 0xac, 0xc2, 0xa0, 0x1f, 0xa5, 0x7e, - 0x67, 0xd1, 0xcf, 0x6a, 0xf4, 0x16, 0x08, 0x7a, 0x8d, 0x0b, - 0xae, 0x12, 0x51, 0xe6, 0x8e, 0xe6, 0xcd, 0xa1, 0xaa, 0x6d, - 0xe4, 0x54, 0xd4, 0x69, 0x1b, 0x09, 0x6a, 0xba, 0x5e, 0x0b, - 0x11, 0x9c, 0x83, 0xb3, 0x5c, 0x67, 0xbb, 0x2d, 0xf8, 0x66, - 0x1c, 0x33, 0xb8, 0x22, 0x58, 0x10, 0x96, 0xe9, 0x99, 0xaf, - 0x0b, 0x2a, 0xf1, 0xe0, 0xcb, 0x56, 0xfb, 0x6d, 0x04, 0x40, - 0xec, 0x37, 0x67, 0x1e, 0x08, 0x7a, 0x1c, 0xe9, 0xd8, 0x54, - 0xf7, 0xd4, 0xc7, 0x3c, 0x45, 0x23, 0x2b, 0x76, 0xd2, 0x62, - 0xc2, 0x53, 0xce, 0xfe, 0x02, 0xc4, 0xd9, 0xf6, 0x3c, 0xed, - 0x49, 0x47, 0x21, 0xf9, 0x03, 0x3a, 0xa0, 0x16, 0x3a, 0xfe, - 0x0c, 0x2f, 0x54, 0x7e, 0x85, 0x29, 0x7b, 0xc0, 0xaf, 0xa8, - 0x5d, 0x31, 0x25, 0xda, 0xa7, 0xe3, 0x92, 0x1b, 0x64, 0x01, - 0x1b, 0x3f, 0x6e, 0x47, 0xc5, 0x5a, 0x84, 0x52, 0x17, 0x02, - 0x82, 0x03, 0xc1, 0x00, 0x81, 0x99, 0x2e, 0x72, 0x41, 0x6e, - 0x86, 0xeb, 0x6f, 0x42, 0xd1, 0x38, 0x6e, 0xaa, 0x1a, 0xd5, - 0x0a, 0xad, 0x51, 0xb1, 0xce, 0xd6, 0x35, 0xbe, 0x34, 0xd8, - 0xc1, 0xe4, 0x5f, 0xdf, 0x2e, 0xe4, 0x90, 0xf2, 0x61, 0x21, - 0x46, 0xc6, 0xfe, 0xab, 0x0f, 0x6c, 0x97, 0x78, 0xcd, 0x55, - 0x86, 0x83, 0x61, 0x99, 0x49, 0x14, 0x86, 0xc6, 0x86, 0xf1, - 0x41, 0x66, 0xc9, 0x39, 0x52, 0x99, 0x49, 0x07, 0xd6, 0x9d, - 0xb7, 0x40, 0x34, 0x5f, 0xe7, 0x3a, 0xfa, 0x95, 0xeb, 0xa1, - 0x03, 0xb7, 0x52, 0x71, 0x93, 0x30, 0x0b, 0x51, 0x58, 0x82, - 0x07, 0x2f, 0x44, 0xa9, 0x4f, 0x9b, 0x1b, 0xf3, 0xd6, 0x21, - 0x3d, 0x68, 0xef, 0x3f, 0xaf, 0xc2, 0x6f, 0xa0, 0xd5, 0x2b, - 0xb8, 0x73, 0x84, 0x67, 0x36, 0x8b, 0xa4, 0x25, 0xe0, 0x86, - 0xd9, 0x14, 0x5c, 0x6c, 0xd8, 0x61, 0xe1, 0x0a, 0x6c, 0xaf, - 0xbb, 0x9c, 0xf6, 0x74, 0xca, 0x5a, 0x04, 0xac, 0x85, 0xc1, - 0x1b, 0x4d, 0xf2, 0x07, 0xb6, 0x1e, 0x97, 0x7b, 0x75, 0xdf, - 0x9b, 0x8a, 0x31, 0xc6, 0x90, 0xd5, 0x8d, 0x39, 0xc2, 0x54, - 0xf4, 0xe2, 0x83, 0x57, 0x12, 0x19, 0xf5, 0xb2, 0xd2, 0x53, - 0x81, 0x6d, 0xf0, 0x09, 0xc9, 0x80, 0x8b, 0x07, 0x7c, 0x59, - 0xcd, 0x78, 0x00, 0xd6, 0x44, 0x7f, 0xe4, 0xdb, 0x77, 0x02, - 0x00, 0x25, 0x79, 0x91, 0xc9, 0xde, 0xd0, 0xed, 0x3f, 0xfc, - 0x37, 0x36, 0xea, 0xf0, 0x56, 0x50, 0xe7, 0x38, 0xca, 0xe1, - 0x67, 0x12, 0x96, 0x55, 0x3e, 0xff, 0x97, 0xe5, 0xa7, 0x03, - 0x5b, 0x72, 0x80, 0xd6, 0xa5, 0x23, 0x39, 0x78, 0x07, 0xc8, - 0x83, 0x19, 0x74, 0xfb, 0x79, 0xc2, 0x9e, 0xbd, 0xf9, 0xaf, - 0x09, 0x0f, 0xbd, 0x3d, 0x34, 0xe8, 0x44, 0x89, 0xb1, 0xf1, - 0x2b, 0xa5, 0xff, 0x22, 0xc9, 0x47, 0xe2, 0x31, 0xb5, 0x6b, - 0x8a, 0x65, 0x5f, 0x81, 0x5f, 0x89, 0xb0, 0x03, 0x5d, 0x53, - 0x0e, 0xdd, 0xfb, 0xe5, 0x70, 0xaa, 0xd2, 0x37, 0x4d, 0xa1, - 0x7c, 0xf2, 0xe4, 0x7f, 0xf1, 0x4a, 0xaf, 0x12, 0xd1, 0x83, - 0xdc, 0xb2, 0x9e, 0xc1, 0x95, 0x3d, 0x04, 0x9f, 0xa3, 0xad, - 0xcc, 0x78, 0x14, 0x9a, 0xf9, 0x58, 0x39, 0x08, 0x15, 0xda, - 0x1b, 0x94, 0x50, 0x2d, 0x44, 0xc0, 0x23, 0x1c, 0x36, 0x5f, - 0x16, 0x08, 0xa3, 0xdf, 0x9e, 0x4f, 0xbb, 0x07, 0xcd, 0xe3, - 0x8c, 0xbf, 0xf1, 0xc3, 0x3e, 0x98, 0xf8, 0x49, 0x79, 0x58, - 0xc9, 0x0f, 0x47, 0xc0, 0xab, 0x2f, 0x21, 0x63, 0xf6, 0xe6, - 0xfe, 0x8a, 0xea, 0xbc, 0x32, 0x63, 0xca, 0x75, 0xf8, 0xa4, - 0x1b, 0x6c, 0xfe, 0x9a, 0x6e, 0x68, 0x1f, 0x48, 0x59, 0xfb, - 0x34, 0x43, 0x10, 0xd5, 0x0d, 0x80, 0x54, 0xcb, 0x67, 0x21, - 0xc7, 0x13, 0x85, 0x38, 0x0c, 0xf9, 0x40, 0x2e, 0x2e, 0x4a, - 0x05, 0x9e, 0x51, 0xae, 0xdd, 0xba, 0x23, 0x83, 0x66, 0x2a, - 0xbf, 0x7f, 0xca, 0x9c, 0x6c, 0x2d, 0x6b, 0x7d, 0x68, 0x52, - 0x81, 0x56, 0x2f, 0xea, 0xf9, 0xe7, 0xf1, 0x55, 0x16, 0xfc, - 0x29, 0xe2, 0xa5, 0x1e, 0x0a, 0x06, 0xe0, 0x85, 0x4e, 0xa6, - 0x5d, 0x20, 0x9d, 0x2b, 0xa2, 0xad, 0xaa, 0xd6, 0x9b, 0xd2, - 0x98, 0x29, 0x45, 0x5c, 0x55, 0xc0, 0x91, 0xa2, 0x65, 0xcd, - 0xac, 0xc6, 0x1a, 0x53, 0xa1, 0x46, 0x13, 0xf9, 0xfe, 0x1a, - 0xf6, 0xdf, 0xa5, 0x1a, 0x58, 0x7c, 0x81, 0x2e, 0x46, 0x46, - 0xf7, 0x2f, 0xd6, 0xaa, 0x21, 0xb0, 0x0e, 0x7e, 0xac, 0xb8, - 0xc6, 0x76, 0x62, 0x82, 0x3b, 0x0a, 0x36, 0xbe, 0x97, 0x16, - 0xd5, 0x79, 0x55, 0x15, 0x64, 0x2a, 0xbe, 0x19, 0x4e, 0x93, - 0x3b, 0x44, 0x7c, 0xe2, 0xfc, 0x18, 0x4e, 0x83, 0x37, 0xfb, - 0x26, 0x78, 0x6d, 0x24, 0x6b, 0x48, 0x21, 0x67, 0xde, 0xf5, - 0x00, 0x22, 0x9a, 0xec, 0x40, 0x16, 0x96, 0x8a, 0x3f, 0xd5, - 0xa6, 0x5e, 0x03, 0x84, 0xbb, 0x15, 0x4d, 0x55, 0x71, 0x00, - 0x90, 0xc2, 0x96, 0x25, 0x01, 0xab, 0xe6, 0x47, 0x44, 0x6f, - 0xf9, 0x53, 0x80, 0x2b, 0xa8, 0x83, 0xc8, 0x14, 0x77, 0x13, - 0x00, 0x66, 0xee, 0x7e, 0x7a, 0xa0, 0x28, 0x65, 0xf3, 0x31, - 0xb6, 0xac, 0xd7, 0x87, 0x84, 0x29, 0xed, 0x5b, 0xcd, 0x74, - 0xc0, 0x89, 0x51, 0x11, 0x9a, 0xd5, 0x7b, 0xe0, 0x9c, 0xd0, - 0x8d, 0x72, 0xe3, 0x77, 0xda, 0x0a, 0xc2, 0xdc, 0x6f, 0xad, - 0x49, 0x03, 0xfa, 0xe6, 0x7e, 0xa6, 0x24, 0x32, 0xe6, 0x8f, - 0xd9, 0x70, 0xfa, 0x59, 0x70, 0xa9, 0xa3, 0x08, 0x7d, 0x89, - 0xc4, 0x96, 0x61, 0xc2, 0xf5, 0xe5, 0xb5, 0x3b, 0x0d, 0xec, - 0xb8, 0x9c, 0xee, 0x09, 0x77, 0x27, 0xbd, 0x35, 0x66, 0x90, - 0x9e, 0x46, 0xf7, 0xbd, 0xa6, 0xc5, 0x31, 0xd4, 0x6a, 0x52, - 0x17, 0x5d, 0x0a, 0x0e, 0x2c, 0x34, 0x7a, 0x6a, 0x21, 0xac, - 0x42, 0xf0, 0x31, 0xde, 0x48, 0xe0, 0x27, 0xd0, 0x79, 0xc9, - 0x06, 0x94, 0x7b, 0x51, 0x4b, 0x5b, 0x02, 0x6a, 0x19, 0xba, - 0x71, 0x45, 0x9c, 0xdf, 0xe6, 0x30, 0x9e, 0xaa, 0xad, 0xa1, - 0x87, 0xf6, 0x37, 0xde, 0xa2, 0x97, 0x68, 0x20, 0x2d, 0x5a, - 0xdc, 0xdd, 0x91, 0x63, 0x5f, 0x79, 0xda, 0x99, 0x20, 0x3a, - 0x4b, 0xe5, 0x43, 0x0e, 0x12, 0x70, 0x57, 0x91, 0xfa, 0xee, - 0xc4, 0xb6, 0xb6, 0xb1, 0xf1, 0x06, 0xbd, 0xcf, 0x8d, 0x2a, - 0x05, 0xc0, 0x07, 0x23, 0x84, 0x85, 0xef, 0x9c, 0xbb, 0x6f, - 0x5f, 0x4a, 0x9a, 0x27, 0x9f, 0x9f, 0x32, 0x97, 0xe8, 0x24, - 0xb9, 0x64, 0x2c, 0x39, 0xff, 0x2f, 0x4b, 0xc4, 0x7e, 0x65, - 0xfe, 0xbb, 0x5c, 0xa0, 0xb2, 0x6e, 0xc4, 0xb6, 0x93, 0x2b, - 0x51, 0x9e, 0x2e, 0x1f, 0xd8, 0xcf, 0x60, 0xe0, 0x75, 0x15, - 0xf9, 0xa0, 0x67, 0x99, 0x88, 0x2b, 0x76, 0xce, 0x41, 0x42, - 0x10, 0x29, 0x89, 0xbf, 0xca, 0xb7, 0x61, 0x08, 0x94, 0xee, - 0xa0, 0xb3, 0x3a, 0x09, 0xc5, 0x6f, 0x04, 0xf9, 0x1b, 0xb5, - 0x64, 0x99, 0x08, 0xe4, 0xcc, 0xce, 0xdf, 0x71, 0x65, 0x8a, - 0x6d, 0x62, 0xde, 0x76, 0x1d, 0x6d, 0x6b, 0x78, 0x22, 0x32, - 0x63, 0xdd, 0x53, 0x7d, 0xec, 0xed, 0x9d, 0x82, 0xa9, 0x2c, - 0x5c, 0x8a, 0x17, 0xdd, 0x85, 0xf9, 0xd2, 0xac, 0x6e, 0x98, - 0x60, 0x2e, 0x08, 0xd4, 0x06, 0x76, 0xf4, 0x97, 0xca, 0xb1, - 0x72, 0x50, 0x5b, 0x83, 0xea, 0xbb, 0x39, 0x0f, 0x18, 0xb3, - 0xb8, 0x03, 0xee, 0x7c, 0x84, 0xa9, 0x69, 0xcd, 0x1d, 0xbd, - 0xe2, 0xb7, 0xce, 0xe2, 0x6f, 0x03, 0x49, 0x52, 0x67, 0xa0, - 0x1b, 0x23, 0x43, 0x92, 0x2c, 0x7c, 0x3b, 0x65, 0xe8, 0x61, - 0x99, 0xde, 0xb5, 0xf1, 0x63, 0x73, 0x92, 0x6c, 0x70, 0x8b, - 0x83, 0x10, 0xb4, 0x06, 0x2c, 0x99, 0x12, 0x73, 0xec, 0x87, - 0x92, 0x09, 0x67, 0x96, 0xd6, 0x9c, 0x9f, 0x35, 0x48, 0x48, - 0x3b, 0x44, 0x00, 0x73, 0x1c, 0x59, 0xeb, 0x81, 0x7b, 0xd1, - 0xda, 0x76, 0xcf, 0xc2, 0x4d, 0xf1, 0xa2, 0x5b, 0x2f, 0x5f, - 0x91, 0x29, 0x6e, 0x08, 0x37, 0xd6, 0xaa, 0xd2, 0xf8, 0x4f, - 0x5e, 0x00, 0x16, 0x52 -}; diff --git a/apps/timeouts.h b/apps/timeouts.h deleted file mode 100644 index 002852724763d8aa6ab9b8ffe124b5a98b1e2870..0000000000000000000000000000000000000000 --- a/apps/timeouts.h +++ /dev/null @@ -1,17 +0,0 @@ -/* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#ifndef OSSL_APPS_TIMEOUTS_H -# define OSSL_APPS_TIMEOUTS_H - -/* numbers in us */ -# define DGRAM_RCV_TIMEOUT 250000 -# define DGRAM_SND_TIMEOUT 250000 - -#endif /* ! OSSL_APPS_TIMEOUTS_H */ diff --git a/apps/ts.c b/apps/ts.c deleted file mode 100644 index 57292e187cd2234b5ad8a801aba9363ce76fa285..0000000000000000000000000000000000000000 --- a/apps/ts.c +++ /dev/null @@ -1,1034 +0,0 @@ -/* - * Copyright 2006-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include -#include "apps.h" -#include "progs.h" -#include -#include -#include -#include -#include -#include - -/* Request nonce length, in bits (must be a multiple of 8). */ -#define NONCE_LENGTH 64 - -/* Name of config entry that defines the OID file. */ -#define ENV_OID_FILE "oid_file" - -/* Is |EXACTLY_ONE| of three pointers set? */ -#define EXACTLY_ONE(a, b, c) \ - (( a && !b && !c) || \ - ( b && !a && !c) || \ - ( c && !a && !b)) - -static ASN1_OBJECT *txt2obj(const char *oid); -static CONF *load_config_file(const char *configfile); - -/* Query related functions. */ -static int query_command(const char *data, const char *digest, - const EVP_MD *md, const char *policy, int no_nonce, - int cert, const char *in, const char *out, int text); -static TS_REQ *create_query(BIO *data_bio, const char *digest, const EVP_MD *md, - const char *policy, int no_nonce, int cert); -static int create_digest(BIO *input, const char *digest, - const EVP_MD *md, unsigned char **md_value); -static ASN1_INTEGER *create_nonce(int bits); - -/* Reply related functions. */ -static int reply_command(CONF *conf, const char *section, const char *engine, - const char *queryfile, const char *passin, const char *inkey, - const EVP_MD *md, const char *signer, const char *chain, - const char *policy, const char *in, int token_in, - const char *out, int token_out, int text); -static TS_RESP *read_PKCS7(BIO *in_bio); -static TS_RESP *create_response(CONF *conf, const char *section, const char *engine, - const char *queryfile, const char *passin, - const char *inkey, const EVP_MD *md, const char *signer, - const char *chain, const char *policy); -static ASN1_INTEGER *serial_cb(TS_RESP_CTX *ctx, void *data); -static ASN1_INTEGER *next_serial(const char *serialfile); -static int save_ts_serial(const char *serialfile, ASN1_INTEGER *serial); - -/* Verify related functions. */ -static int verify_command(const char *data, const char *digest, const char *queryfile, - const char *in, int token_in, - const char *CApath, const char *CAfile, - const char *CAstore, - char *untrusted, X509_VERIFY_PARAM *vpm); -static TS_VERIFY_CTX *create_verify_ctx(const char *data, const char *digest, - const char *queryfile, - const char *CApath, const char *CAfile, - const char *CAstore, - char *untrusted, - X509_VERIFY_PARAM *vpm); -static X509_STORE *create_cert_store(const char *CApath, const char *CAfile, - const char *CAstore, X509_VERIFY_PARAM *vpm); -static int verify_cb(int ok, X509_STORE_CTX *ctx); - -typedef enum OPTION_choice { - OPT_COMMON, - OPT_ENGINE, OPT_CONFIG, OPT_SECTION, OPT_QUERY, OPT_DATA, - OPT_DIGEST, OPT_TSPOLICY, OPT_NO_NONCE, OPT_CERT, - OPT_IN, OPT_TOKEN_IN, OPT_OUT, OPT_TOKEN_OUT, OPT_TEXT, - OPT_REPLY, OPT_QUERYFILE, OPT_PASSIN, OPT_INKEY, OPT_SIGNER, - OPT_CHAIN, OPT_VERIFY, OPT_CAPATH, OPT_CAFILE, OPT_CASTORE, OPT_UNTRUSTED, - OPT_MD, OPT_V_ENUM, OPT_R_ENUM, OPT_PROV_ENUM -} OPTION_CHOICE; - -const OPTIONS ts_options[] = { - OPT_SECTION("General"), - {"help", OPT_HELP, '-', "Display this summary"}, - {"config", OPT_CONFIG, '<', "Configuration file"}, - {"section", OPT_SECTION, 's', "Section to use within config file"}, -#ifndef OPENSSL_NO_ENGINE - {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, -#endif - {"inkey", OPT_INKEY, 's', "File with private key for reply"}, - {"signer", OPT_SIGNER, 's', "Signer certificate file"}, - {"chain", OPT_CHAIN, '<', "File with signer CA chain"}, - {"CAfile", OPT_CAFILE, '<', "File with trusted CA certs"}, - {"CApath", OPT_CAPATH, '/', "Path to trusted CA files"}, - {"CAstore", OPT_CASTORE, ':', "URI to trusted CA store"}, - {"untrusted", OPT_UNTRUSTED, '<', "Extra untrusted certs"}, - {"token_in", OPT_TOKEN_IN, '-', "Input is a PKCS#7 file"}, - {"token_out", OPT_TOKEN_OUT, '-', "Output is a PKCS#7 file"}, - {"passin", OPT_PASSIN, 's', "Input file pass phrase source"}, - {"", OPT_MD, '-', "Any supported digest"}, - - OPT_SECTION("Query"), - {"query", OPT_QUERY, '-', "Generate a TS query"}, - {"data", OPT_DATA, '<', "File to hash"}, - {"digest", OPT_DIGEST, 's', "Digest (as a hex string)"}, - {"queryfile", OPT_QUERYFILE, '<', "File containing a TS query"}, - {"cert", OPT_CERT, '-', "Put cert request into query"}, - {"in", OPT_IN, '<', "Input file"}, - - OPT_SECTION("Verify"), - {"verify", OPT_VERIFY, '-', "Verify a TS response"}, - {"reply", OPT_REPLY, '-', "Generate a TS reply"}, - {"tspolicy", OPT_TSPOLICY, 's', "Policy OID to use"}, - {"no_nonce", OPT_NO_NONCE, '-', "Do not include a nonce"}, - {"out", OPT_OUT, '>', "Output file"}, - {"text", OPT_TEXT, '-', "Output text (not DER)"}, - - OPT_R_OPTIONS, - OPT_V_OPTIONS, - OPT_PROV_OPTIONS, - {NULL} -}; - -/* - * This command is so complex, special help is needed. - */ -static char* opt_helplist[] = { - "", - "Typical uses:", - " openssl ts -query [-rand file...] [-config file] [-data file]", - " [-digest hexstring] [-tspolicy oid] [-no_nonce] [-cert]", - " [-in file] [-out file] [-text]", - "", - " openssl ts -reply [-config file] [-section tsa_section]", - " [-queryfile file] [-passin password]", - " [-signer tsa_cert.pem] [-inkey private_key.pem]", - " [-chain certs_file.pem] [-tspolicy oid]", - " [-in file] [-token_in] [-out file] [-token_out]", -#ifndef OPENSSL_NO_ENGINE - " [-text] [-engine id]", -#else - " [-text]", -#endif - "", - " openssl ts -verify -CApath dir -CAfile root-cert.pem -CAstore uri", - " -untrusted extra-certs.pem [-data file] [-digest hexstring]", - " [-queryfile request.tsq] -in response.tsr [-token_in] ...", - NULL, -}; - -int ts_main(int argc, char **argv) -{ - CONF *conf = NULL; - const char *CAfile = NULL, *prog; - char *untrusted = NULL; - const char *configfile = default_config_file, *engine = NULL; - const char *section = NULL, *digestname = NULL; - char **helpp; - char *password = NULL; - char *data = NULL, *digest = NULL, *policy = NULL; - char *in = NULL, *out = NULL, *queryfile = NULL, *passin = NULL; - char *inkey = NULL, *signer = NULL, *chain = NULL, *CApath = NULL; - char *CAstore = NULL; - EVP_MD *md = NULL; - OPTION_CHOICE o, mode = OPT_ERR; - int ret = 1, no_nonce = 0, cert = 0, text = 0; - int vpmtouched = 0; - X509_VERIFY_PARAM *vpm = NULL; - /* Input is ContentInfo instead of TimeStampResp. */ - int token_in = 0; - /* Output is ContentInfo instead of TimeStampResp. */ - int token_out = 0; - - if ((vpm = X509_VERIFY_PARAM_new()) == NULL) - goto end; - - prog = opt_init(argc, argv, ts_options); - while ((o = opt_next()) != OPT_EOF) { - switch (o) { - case OPT_EOF: - case OPT_ERR: - opthelp: - BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); - goto end; - case OPT_HELP: - opt_help(ts_options); - for (helpp = opt_helplist; *helpp; ++helpp) - BIO_printf(bio_err, "%s\n", *helpp); - ret = 0; - goto end; - case OPT_CONFIG: - configfile = opt_arg(); - break; - case OPT_SECTION: - section = opt_arg(); - break; - case OPT_QUERY: - case OPT_REPLY: - case OPT_VERIFY: - if (mode != OPT_ERR) - goto opthelp; - mode = o; - break; - case OPT_DATA: - data = opt_arg(); - break; - case OPT_DIGEST: - digest = opt_arg(); - break; - case OPT_R_CASES: - if (!opt_rand(o)) - goto end; - break; - case OPT_PROV_CASES: - if (!opt_provider(o)) - goto end; - break; - case OPT_TSPOLICY: - policy = opt_arg(); - break; - case OPT_NO_NONCE: - no_nonce = 1; - break; - case OPT_CERT: - cert = 1; - break; - case OPT_IN: - in = opt_arg(); - break; - case OPT_TOKEN_IN: - token_in = 1; - break; - case OPT_OUT: - out = opt_arg(); - break; - case OPT_TOKEN_OUT: - token_out = 1; - break; - case OPT_TEXT: - text = 1; - break; - case OPT_QUERYFILE: - queryfile = opt_arg(); - break; - case OPT_PASSIN: - passin = opt_arg(); - break; - case OPT_INKEY: - inkey = opt_arg(); - break; - case OPT_SIGNER: - signer = opt_arg(); - break; - case OPT_CHAIN: - chain = opt_arg(); - break; - case OPT_CAPATH: - CApath = opt_arg(); - break; - case OPT_CAFILE: - CAfile = opt_arg(); - break; - case OPT_CASTORE: - CAstore = opt_arg(); - break; - case OPT_UNTRUSTED: - untrusted = opt_arg(); - break; - case OPT_ENGINE: - engine = opt_arg(); - break; - case OPT_MD: - digestname = opt_unknown(); - break; - case OPT_V_CASES: - if (!opt_verify(o, vpm)) - goto end; - vpmtouched++; - break; - } - } - - /* No extra arguments. */ - argc = opt_num_rest(); - if (argc != 0 || mode == OPT_ERR) - goto opthelp; - - if (!app_RAND_load()) - goto end; - - if (digestname != NULL) { - if (!opt_md(digestname, &md)) - goto opthelp; - } - if (mode == OPT_REPLY && passin && - !app_passwd(passin, NULL, &password, NULL)) { - BIO_printf(bio_err, "Error getting password.\n"); - goto end; - } - - if ((conf = load_config_file(configfile)) == NULL) - goto end; - if (configfile != default_config_file && !app_load_modules(conf)) - goto end; - - /* Check parameter consistency and execute the appropriate function. */ - if (mode == OPT_QUERY) { - if (vpmtouched) - goto opthelp; - if ((data != NULL) && (digest != NULL)) - goto opthelp; - ret = !query_command(data, digest, md, policy, no_nonce, cert, - in, out, text); - } else if (mode == OPT_REPLY) { - if (vpmtouched) - goto opthelp; - if ((in != NULL) && (queryfile != NULL)) - goto opthelp; - if (in == NULL) { - if ((conf == NULL) || (token_in != 0)) - goto opthelp; - } - ret = !reply_command(conf, section, engine, queryfile, - password, inkey, md, signer, chain, policy, - in, token_in, out, token_out, text); - - } else if (mode == OPT_VERIFY) { - if ((in == NULL) || !EXACTLY_ONE(queryfile, data, digest)) - goto opthelp; - ret = !verify_command(data, digest, queryfile, in, token_in, - CApath, CAfile, CAstore, untrusted, - vpmtouched ? vpm : NULL); - } else { - goto opthelp; - } - - end: - X509_VERIFY_PARAM_free(vpm); - EVP_MD_free(md); - NCONF_free(conf); - OPENSSL_free(password); - return ret; -} - -/* - * Configuration file-related function definitions. - */ - -static ASN1_OBJECT *txt2obj(const char *oid) -{ - ASN1_OBJECT *oid_obj = NULL; - - if ((oid_obj = OBJ_txt2obj(oid, 0)) == NULL) - BIO_printf(bio_err, "cannot convert %s to OID\n", oid); - - return oid_obj; -} - -static CONF *load_config_file(const char *configfile) -{ - CONF *conf = app_load_config(configfile); - - if (conf != NULL) { - const char *p; - - BIO_printf(bio_err, "Using configuration from %s\n", configfile); - p = NCONF_get_string(conf, NULL, ENV_OID_FILE); - if (p != NULL) { - BIO *oid_bio = BIO_new_file(p, "r"); - if (!oid_bio) - ERR_print_errors(bio_err); - else { - OBJ_create_objects(oid_bio); - BIO_free_all(oid_bio); - } - } else - ERR_clear_error(); - if (!add_oid_section(conf)) - ERR_print_errors(bio_err); - } - return conf; -} - -/* - * Query-related method definitions. - */ -static int query_command(const char *data, const char *digest, const EVP_MD *md, - const char *policy, int no_nonce, - int cert, const char *in, const char *out, int text) -{ - int ret = 0; - TS_REQ *query = NULL; - BIO *in_bio = NULL; - BIO *data_bio = NULL; - BIO *out_bio = NULL; - - /* Build query object. */ - if (in != NULL) { - if ((in_bio = bio_open_default(in, 'r', FORMAT_ASN1)) == NULL) - goto end; - query = d2i_TS_REQ_bio(in_bio, NULL); - } else { - if (digest == NULL - && (data_bio = bio_open_default(data, 'r', FORMAT_ASN1)) == NULL) - goto end; - query = create_query(data_bio, digest, md, policy, no_nonce, cert); - } - if (query == NULL) - goto end; - - if (text) { - if ((out_bio = bio_open_default(out, 'w', FORMAT_TEXT)) == NULL) - goto end; - if (!TS_REQ_print_bio(out_bio, query)) - goto end; - } else { - if ((out_bio = bio_open_default(out, 'w', FORMAT_ASN1)) == NULL) - goto end; - if (!i2d_TS_REQ_bio(out_bio, query)) - goto end; - } - - ret = 1; - - end: - ERR_print_errors(bio_err); - BIO_free_all(in_bio); - BIO_free_all(data_bio); - BIO_free_all(out_bio); - TS_REQ_free(query); - return ret; -} - -static TS_REQ *create_query(BIO *data_bio, const char *digest, const EVP_MD *md, - const char *policy, int no_nonce, int cert) -{ - int ret = 0; - TS_REQ *ts_req = NULL; - int len; - TS_MSG_IMPRINT *msg_imprint = NULL; - X509_ALGOR *algo = NULL; - unsigned char *data = NULL; - ASN1_OBJECT *policy_obj = NULL; - ASN1_INTEGER *nonce_asn1 = NULL; - - if (md == NULL && (md = EVP_get_digestbyname("sha256")) == NULL) - goto err; - if ((ts_req = TS_REQ_new()) == NULL) - goto err; - if (!TS_REQ_set_version(ts_req, 1)) - goto err; - if ((msg_imprint = TS_MSG_IMPRINT_new()) == NULL) - goto err; - if ((algo = X509_ALGOR_new()) == NULL) - goto err; - if ((algo->algorithm = OBJ_nid2obj(EVP_MD_get_type(md))) == NULL) - goto err; - if ((algo->parameter = ASN1_TYPE_new()) == NULL) - goto err; - algo->parameter->type = V_ASN1_NULL; - if (!TS_MSG_IMPRINT_set_algo(msg_imprint, algo)) - goto err; - if ((len = create_digest(data_bio, digest, md, &data)) == 0) - goto err; - if (!TS_MSG_IMPRINT_set_msg(msg_imprint, data, len)) - goto err; - if (!TS_REQ_set_msg_imprint(ts_req, msg_imprint)) - goto err; - if (policy && (policy_obj = txt2obj(policy)) == NULL) - goto err; - if (policy_obj && !TS_REQ_set_policy_id(ts_req, policy_obj)) - goto err; - - /* Setting nonce if requested. */ - if (!no_nonce && (nonce_asn1 = create_nonce(NONCE_LENGTH)) == NULL) - goto err; - if (nonce_asn1 && !TS_REQ_set_nonce(ts_req, nonce_asn1)) - goto err; - if (!TS_REQ_set_cert_req(ts_req, cert)) - goto err; - - ret = 1; - err: - if (!ret) { - TS_REQ_free(ts_req); - ts_req = NULL; - BIO_printf(bio_err, "could not create query\n"); - ERR_print_errors(bio_err); - } - TS_MSG_IMPRINT_free(msg_imprint); - X509_ALGOR_free(algo); - OPENSSL_free(data); - ASN1_OBJECT_free(policy_obj); - ASN1_INTEGER_free(nonce_asn1); - return ts_req; -} - -static int create_digest(BIO *input, const char *digest, const EVP_MD *md, - unsigned char **md_value) -{ - int md_value_len; - int rv = 0; - EVP_MD_CTX *md_ctx = NULL; - - md_value_len = EVP_MD_get_size(md); - if (md_value_len < 0) - return 0; - - if (input != NULL) { - unsigned char buffer[4096]; - int length; - - md_ctx = EVP_MD_CTX_new(); - if (md_ctx == NULL) - return 0; - *md_value = app_malloc(md_value_len, "digest buffer"); - if (!EVP_DigestInit(md_ctx, md)) - goto err; - while ((length = BIO_read(input, buffer, sizeof(buffer))) > 0) { - if (!EVP_DigestUpdate(md_ctx, buffer, length)) - goto err; - } - if (!EVP_DigestFinal(md_ctx, *md_value, NULL)) - goto err; - md_value_len = EVP_MD_get_size(md); - } else { - long digest_len; - - *md_value = OPENSSL_hexstr2buf(digest, &digest_len); - if (*md_value == NULL || md_value_len != digest_len) { - OPENSSL_free(*md_value); - *md_value = NULL; - BIO_printf(bio_err, "bad digest, %d bytes " - "must be specified\n", md_value_len); - return 0; - } - } - rv = md_value_len; - err: - EVP_MD_CTX_free(md_ctx); - return rv; -} - -static ASN1_INTEGER *create_nonce(int bits) -{ - unsigned char buf[20]; - ASN1_INTEGER *nonce = NULL; - int len = (bits - 1) / 8 + 1; - int i; - - if (len > (int)sizeof(buf)) - goto err; - if (RAND_bytes(buf, len) <= 0) - goto err; - - /* Find the first non-zero byte and creating ASN1_INTEGER object. */ - for (i = 0; i < len && !buf[i]; ++i) - continue; - if ((nonce = ASN1_INTEGER_new()) == NULL) - goto err; - OPENSSL_free(nonce->data); - nonce->length = len - i; - nonce->data = app_malloc(nonce->length + 1, "nonce buffer"); - memcpy(nonce->data, buf + i, nonce->length); - return nonce; - - err: - BIO_printf(bio_err, "could not create nonce\n"); - ASN1_INTEGER_free(nonce); - return NULL; -} - -/* - * Reply-related method definitions. - */ - -static int reply_command(CONF *conf, const char *section, const char *engine, - const char *queryfile, const char *passin, const char *inkey, - const EVP_MD *md, const char *signer, const char *chain, - const char *policy, const char *in, int token_in, - const char *out, int token_out, int text) -{ - int ret = 0; - TS_RESP *response = NULL; - BIO *in_bio = NULL; - BIO *query_bio = NULL; - BIO *inkey_bio = NULL; - BIO *signer_bio = NULL; - BIO *out_bio = NULL; - - if (in != NULL) { - if ((in_bio = BIO_new_file(in, "rb")) == NULL) - goto end; - if (token_in) { - response = read_PKCS7(in_bio); - } else { - response = d2i_TS_RESP_bio(in_bio, NULL); - } - } else { - response = create_response(conf, section, engine, queryfile, - passin, inkey, md, signer, chain, policy); - if (response != NULL) - BIO_printf(bio_err, "Response has been generated.\n"); - else - BIO_printf(bio_err, "Response is not generated.\n"); - } - if (response == NULL) - goto end; - - /* Write response. */ - if (text) { - if ((out_bio = bio_open_default(out, 'w', FORMAT_TEXT)) == NULL) - goto end; - if (token_out) { - TS_TST_INFO *tst_info = TS_RESP_get_tst_info(response); - if (!TS_TST_INFO_print_bio(out_bio, tst_info)) - goto end; - } else { - if (!TS_RESP_print_bio(out_bio, response)) - goto end; - } - } else { - if ((out_bio = bio_open_default(out, 'w', FORMAT_ASN1)) == NULL) - goto end; - if (token_out) { - PKCS7 *token = TS_RESP_get_token(response); - if (!i2d_PKCS7_bio(out_bio, token)) - goto end; - } else { - if (!i2d_TS_RESP_bio(out_bio, response)) - goto end; - } - } - - ret = 1; - - end: - ERR_print_errors(bio_err); - BIO_free_all(in_bio); - BIO_free_all(query_bio); - BIO_free_all(inkey_bio); - BIO_free_all(signer_bio); - BIO_free_all(out_bio); - TS_RESP_free(response); - return ret; -} - -/* Reads a PKCS7 token and adds default 'granted' status info to it. */ -static TS_RESP *read_PKCS7(BIO *in_bio) -{ - int ret = 0; - PKCS7 *token = NULL; - TS_TST_INFO *tst_info = NULL; - TS_RESP *resp = NULL; - TS_STATUS_INFO *si = NULL; - - if ((token = d2i_PKCS7_bio(in_bio, NULL)) == NULL) - goto end; - if ((tst_info = PKCS7_to_TS_TST_INFO(token)) == NULL) - goto end; - if ((resp = TS_RESP_new()) == NULL) - goto end; - if ((si = TS_STATUS_INFO_new()) == NULL) - goto end; - if (!TS_STATUS_INFO_set_status(si, TS_STATUS_GRANTED)) - goto end; - if (!TS_RESP_set_status_info(resp, si)) - goto end; - TS_RESP_set_tst_info(resp, token, tst_info); - token = NULL; /* Ownership is lost. */ - tst_info = NULL; /* Ownership is lost. */ - ret = 1; - - end: - PKCS7_free(token); - TS_TST_INFO_free(tst_info); - if (!ret) { - TS_RESP_free(resp); - resp = NULL; - } - TS_STATUS_INFO_free(si); - return resp; -} - -static TS_RESP *create_response(CONF *conf, const char *section, const char *engine, - const char *queryfile, const char *passin, - const char *inkey, const EVP_MD *md, const char *signer, - const char *chain, const char *policy) -{ - int ret = 0; - TS_RESP *response = NULL; - BIO *query_bio = NULL; - TS_RESP_CTX *resp_ctx = NULL; - - if ((query_bio = BIO_new_file(queryfile, "rb")) == NULL) - goto end; - if ((section = TS_CONF_get_tsa_section(conf, section)) == NULL) - goto end; - if ((resp_ctx = TS_RESP_CTX_new()) == NULL) - goto end; - if (!TS_CONF_set_serial(conf, section, serial_cb, resp_ctx)) - goto end; -#ifndef OPENSSL_NO_ENGINE - if (!TS_CONF_set_crypto_device(conf, section, engine)) - goto end; -#endif - if (!TS_CONF_set_signer_cert(conf, section, signer, resp_ctx)) - goto end; - if (!TS_CONF_set_certs(conf, section, chain, resp_ctx)) - goto end; - if (!TS_CONF_set_signer_key(conf, section, inkey, passin, resp_ctx)) - goto end; - - if (md) { - if (!TS_RESP_CTX_set_signer_digest(resp_ctx, md)) - goto end; - } else if (!TS_CONF_set_signer_digest(conf, section, NULL, resp_ctx)) { - goto end; - } - - if (!TS_CONF_set_ess_cert_id_digest(conf, section, resp_ctx)) - goto end; - if (!TS_CONF_set_def_policy(conf, section, policy, resp_ctx)) - goto end; - if (!TS_CONF_set_policies(conf, section, resp_ctx)) - goto end; - if (!TS_CONF_set_digests(conf, section, resp_ctx)) - goto end; - if (!TS_CONF_set_accuracy(conf, section, resp_ctx)) - goto end; - if (!TS_CONF_set_clock_precision_digits(conf, section, resp_ctx)) - goto end; - if (!TS_CONF_set_ordering(conf, section, resp_ctx)) - goto end; - if (!TS_CONF_set_tsa_name(conf, section, resp_ctx)) - goto end; - if (!TS_CONF_set_ess_cert_id_chain(conf, section, resp_ctx)) - goto end; - if ((response = TS_RESP_create_response(resp_ctx, query_bio)) == NULL) - goto end; - ret = 1; - - end: - if (!ret) { - TS_RESP_free(response); - response = NULL; - } - TS_RESP_CTX_free(resp_ctx); - BIO_free_all(query_bio); - return response; -} - -static ASN1_INTEGER *serial_cb(TS_RESP_CTX *ctx, void *data) -{ - const char *serial_file = (const char *)data; - ASN1_INTEGER *serial = next_serial(serial_file); - - if (serial == NULL) { - TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION, - "Error during serial number " - "generation."); - TS_RESP_CTX_add_failure_info(ctx, TS_INFO_ADD_INFO_NOT_AVAILABLE); - } else { - save_ts_serial(serial_file, serial); - } - - return serial; -} - -static ASN1_INTEGER *next_serial(const char *serialfile) -{ - int ret = 0; - BIO *in = NULL; - ASN1_INTEGER *serial = NULL; - BIGNUM *bn = NULL; - - if ((serial = ASN1_INTEGER_new()) == NULL) - goto err; - - if ((in = BIO_new_file(serialfile, "r")) == NULL) { - ERR_clear_error(); - BIO_printf(bio_err, "Warning: could not open file %s for " - "reading, using serial number: 1\n", serialfile); - if (!ASN1_INTEGER_set(serial, 1)) - goto err; - } else { - char buf[1024]; - if (!a2i_ASN1_INTEGER(in, serial, buf, sizeof(buf))) { - BIO_printf(bio_err, "unable to load number from %s\n", - serialfile); - goto err; - } - if ((bn = ASN1_INTEGER_to_BN(serial, NULL)) == NULL) - goto err; - ASN1_INTEGER_free(serial); - serial = NULL; - if (!BN_add_word(bn, 1)) - goto err; - if ((serial = BN_to_ASN1_INTEGER(bn, NULL)) == NULL) - goto err; - } - ret = 1; - - err: - if (!ret) { - ASN1_INTEGER_free(serial); - serial = NULL; - } - BIO_free_all(in); - BN_free(bn); - return serial; -} - -static int save_ts_serial(const char *serialfile, ASN1_INTEGER *serial) -{ - int ret = 0; - BIO *out = NULL; - - if ((out = BIO_new_file(serialfile, "w")) == NULL) - goto err; - if (i2a_ASN1_INTEGER(out, serial) <= 0) - goto err; - if (BIO_puts(out, "\n") <= 0) - goto err; - ret = 1; - err: - if (!ret) - BIO_printf(bio_err, "could not save serial number to %s\n", - serialfile); - BIO_free_all(out); - return ret; -} - - -/* - * Verify-related method definitions. - */ - -static int verify_command(const char *data, const char *digest, const char *queryfile, - const char *in, int token_in, - const char *CApath, const char *CAfile, - const char *CAstore, char *untrusted, - X509_VERIFY_PARAM *vpm) -{ - BIO *in_bio = NULL; - PKCS7 *token = NULL; - TS_RESP *response = NULL; - TS_VERIFY_CTX *verify_ctx = NULL; - int ret = 0; - - if ((in_bio = BIO_new_file(in, "rb")) == NULL) - goto end; - if (token_in) { - if ((token = d2i_PKCS7_bio(in_bio, NULL)) == NULL) - goto end; - } else { - if ((response = d2i_TS_RESP_bio(in_bio, NULL)) == NULL) - goto end; - } - - if ((verify_ctx = create_verify_ctx(data, digest, queryfile, - CApath, CAfile, CAstore, untrusted, - vpm)) == NULL) - goto end; - - ret = token_in - ? TS_RESP_verify_token(verify_ctx, token) - : TS_RESP_verify_response(verify_ctx, response); - - end: - printf("Verification: "); - if (ret) - printf("OK\n"); - else { - printf("FAILED\n"); - ERR_print_errors(bio_err); - } - - BIO_free_all(in_bio); - PKCS7_free(token); - TS_RESP_free(response); - TS_VERIFY_CTX_free(verify_ctx); - return ret; -} - -static TS_VERIFY_CTX *create_verify_ctx(const char *data, const char *digest, - const char *queryfile, - const char *CApath, const char *CAfile, - const char *CAstore, - char *untrusted, - X509_VERIFY_PARAM *vpm) -{ - TS_VERIFY_CTX *ctx = NULL; - STACK_OF(X509) *certs; - BIO *input = NULL; - TS_REQ *request = NULL; - int ret = 0; - int f = 0; - - if (data != NULL || digest != NULL) { - if ((ctx = TS_VERIFY_CTX_new()) == NULL) - goto err; - f = TS_VFY_VERSION | TS_VFY_SIGNER; - if (data != NULL) { - BIO *out = NULL; - - f |= TS_VFY_DATA; - if ((out = BIO_new_file(data, "rb")) == NULL) - goto err; - if (TS_VERIFY_CTX_set_data(ctx, out) == NULL) { - BIO_free_all(out); - goto err; - } - } else if (digest != NULL) { - long imprint_len; - unsigned char *hexstr = OPENSSL_hexstr2buf(digest, &imprint_len); - f |= TS_VFY_IMPRINT; - if (TS_VERIFY_CTX_set_imprint(ctx, hexstr, imprint_len) == NULL) { - BIO_printf(bio_err, "invalid digest string\n"); - goto err; - } - } - - } else if (queryfile != NULL) { - if ((input = BIO_new_file(queryfile, "rb")) == NULL) - goto err; - if ((request = d2i_TS_REQ_bio(input, NULL)) == NULL) - goto err; - if ((ctx = TS_REQ_to_TS_VERIFY_CTX(request, NULL)) == NULL) - goto err; - } else { - return NULL; - } - - /* Add the signature verification flag and arguments. */ - TS_VERIFY_CTX_add_flags(ctx, f | TS_VFY_SIGNATURE); - - /* Initialising the X509_STORE object. */ - if (TS_VERIFY_CTX_set_store(ctx, - create_cert_store(CApath, CAfile, CAstore, vpm)) - == NULL) - goto err; - - /* Loading any extra untrusted certificates. */ - if (untrusted != NULL) { - certs = load_certs_multifile(untrusted, NULL, "extra untrusted certs", - vpm); - if (certs == NULL || TS_VERIFY_CTX_set_certs(ctx, certs) == NULL) - goto err; - } - ret = 1; - - err: - if (!ret) { - TS_VERIFY_CTX_free(ctx); - ctx = NULL; - } - BIO_free_all(input); - TS_REQ_free(request); - return ctx; -} - -static X509_STORE *create_cert_store(const char *CApath, const char *CAfile, - const char *CAstore, X509_VERIFY_PARAM *vpm) -{ - X509_STORE *cert_ctx = NULL; - X509_LOOKUP *lookup = NULL; - OSSL_LIB_CTX *libctx = app_get0_libctx(); - const char *propq = app_get0_propq(); - - cert_ctx = X509_STORE_new(); - if (cert_ctx == NULL) { - BIO_printf(bio_err, "memory allocation failure\n"); - return NULL; - } - X509_STORE_set_verify_cb(cert_ctx, verify_cb); - if (CApath != NULL) { - lookup = X509_STORE_add_lookup(cert_ctx, X509_LOOKUP_hash_dir()); - if (lookup == NULL) { - BIO_printf(bio_err, "memory allocation failure\n"); - goto err; - } - if (X509_LOOKUP_add_dir(lookup, CApath, X509_FILETYPE_PEM) <= 0) { - BIO_printf(bio_err, "Error loading directory %s\n", CApath); - goto err; - } - } - - if (CAfile != NULL) { - lookup = X509_STORE_add_lookup(cert_ctx, X509_LOOKUP_file()); - if (lookup == NULL) { - BIO_printf(bio_err, "memory allocation failure\n"); - goto err; - } - if (X509_LOOKUP_load_file_ex(lookup, CAfile, X509_FILETYPE_PEM, libctx, - propq) <= 0) { - BIO_printf(bio_err, "Error loading file %s\n", CAfile); - goto err; - } - } - - if (CAstore != NULL) { - lookup = X509_STORE_add_lookup(cert_ctx, X509_LOOKUP_store()); - if (lookup == NULL) { - BIO_printf(bio_err, "memory allocation failure\n"); - goto err; - } - if (X509_LOOKUP_load_store_ex(lookup, CAstore, libctx, propq) <= 0) { - BIO_printf(bio_err, "Error loading store URI %s\n", CAstore); - goto err; - } - } - - if (vpm != NULL) - X509_STORE_set1_param(cert_ctx, vpm); - - return cert_ctx; - - err: - X509_STORE_free(cert_ctx); - return NULL; -} - -static int verify_cb(int ok, X509_STORE_CTX *ctx) -{ - return ok; -} diff --git a/apps/verify.c b/apps/verify.c deleted file mode 100644 index 3aae931f69dfbef4195875f522d4265fc49546d4..0000000000000000000000000000000000000000 --- a/apps/verify.c +++ /dev/null @@ -1,393 +0,0 @@ -/* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include "apps.h" -#include "progs.h" -#include -#include -#include -#include -#include - -static int cb(int ok, X509_STORE_CTX *ctx); -static int check(X509_STORE *ctx, const char *file, - STACK_OF(X509) *uchain, STACK_OF(X509) *tchain, - STACK_OF(X509_CRL) *crls, int show_chain, - STACK_OF(OPENSSL_STRING) *opts); -static int v_verbose = 0, vflags = 0; - -typedef enum OPTION_choice { - OPT_COMMON, - OPT_ENGINE, OPT_CAPATH, OPT_CAFILE, OPT_CASTORE, - OPT_NOCAPATH, OPT_NOCAFILE, OPT_NOCASTORE, - OPT_UNTRUSTED, OPT_TRUSTED, OPT_CRLFILE, OPT_CRL_DOWNLOAD, OPT_SHOW_CHAIN, - OPT_V_ENUM, OPT_NAMEOPT, OPT_VFYOPT, - OPT_VERBOSE, - OPT_PROV_ENUM -} OPTION_CHOICE; - -const OPTIONS verify_options[] = { - {OPT_HELP_STR, 1, '-', "Usage: %s [options] [cert...]\n"}, - - OPT_SECTION("General"), - {"help", OPT_HELP, '-', "Display this summary"}, -#ifndef OPENSSL_NO_ENGINE - {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, -#endif - {"verbose", OPT_VERBOSE, '-', - "Print extra information about the operations being performed."}, - {"nameopt", OPT_NAMEOPT, 's', "Certificate subject/issuer name printing options"}, - - OPT_SECTION("Certificate chain"), - {"trusted", OPT_TRUSTED, '<', "A file of trusted certificates"}, - {"CAfile", OPT_CAFILE, '<', "A file of trusted certificates"}, - {"CApath", OPT_CAPATH, '/', "A directory of files with trusted certificates"}, - {"CAstore", OPT_CASTORE, ':', "URI to a store of trusted certificates"}, - {"no-CAfile", OPT_NOCAFILE, '-', - "Do not load the default trusted certificates file"}, - {"no-CApath", OPT_NOCAPATH, '-', - "Do not load trusted certificates from the default directory"}, - {"no-CAstore", OPT_NOCASTORE, '-', - "Do not load trusted certificates from the default certificates store"}, - {"untrusted", OPT_UNTRUSTED, '<', "A file of untrusted certificates"}, - {"CRLfile", OPT_CRLFILE, '<', - "File containing one or more CRL's (in PEM format) to load"}, - {"crl_download", OPT_CRL_DOWNLOAD, '-', - "Try downloading CRL information for certificates via their CDP entries"}, - {"show_chain", OPT_SHOW_CHAIN, '-', - "Display information about the certificate chain"}, - - OPT_V_OPTIONS, - {"vfyopt", OPT_VFYOPT, 's', "Verification parameter in n:v form"}, - - OPT_PROV_OPTIONS, - - OPT_PARAMETERS(), - {"cert", 0, 0, "Certificate(s) to verify (optional; stdin used otherwise)"}, - {NULL} -}; - -int verify_main(int argc, char **argv) -{ - ENGINE *e = NULL; - STACK_OF(X509) *untrusted = NULL, *trusted = NULL; - STACK_OF(X509_CRL) *crls = NULL; - STACK_OF(OPENSSL_STRING) *vfyopts = NULL; - X509_STORE *store = NULL; - X509_VERIFY_PARAM *vpm = NULL; - const char *prog, *CApath = NULL, *CAfile = NULL, *CAstore = NULL; - int noCApath = 0, noCAfile = 0, noCAstore = 0; - int vpmtouched = 0, crl_download = 0, show_chain = 0, i = 0, ret = 1; - OPTION_CHOICE o; - - if ((vpm = X509_VERIFY_PARAM_new()) == NULL) - goto end; - - prog = opt_init(argc, argv, verify_options); - while ((o = opt_next()) != OPT_EOF) { - switch (o) { - case OPT_EOF: - case OPT_ERR: - opthelp: - BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); - goto end; - case OPT_HELP: - opt_help(verify_options); - BIO_printf(bio_err, "\nRecognized certificate chain purposes:\n"); - for (i = 0; i < X509_PURPOSE_get_count(); i++) { - X509_PURPOSE *ptmp = X509_PURPOSE_get0(i); - - BIO_printf(bio_err, " %-15s %s\n", - X509_PURPOSE_get0_sname(ptmp), - X509_PURPOSE_get0_name(ptmp)); - } - - BIO_printf(bio_err, "Recognized certificate policy names:\n"); - for (i = 0; i < X509_VERIFY_PARAM_get_count(); i++) { - const X509_VERIFY_PARAM *vptmp = X509_VERIFY_PARAM_get0(i); - - BIO_printf(bio_err, " %s\n", - X509_VERIFY_PARAM_get0_name(vptmp)); - } - ret = 0; - goto end; - case OPT_V_CASES: - if (!opt_verify(o, vpm)) - goto end; - vpmtouched++; - break; - case OPT_CAPATH: - CApath = opt_arg(); - break; - case OPT_CAFILE: - CAfile = opt_arg(); - break; - case OPT_CASTORE: - CAstore = opt_arg(); - break; - case OPT_NOCAPATH: - noCApath = 1; - break; - case OPT_NOCAFILE: - noCAfile = 1; - break; - case OPT_NOCASTORE: - noCAstore = 1; - break; - case OPT_UNTRUSTED: - /* Zero or more times */ - if (!load_certs(opt_arg(), 0, &untrusted, NULL, - "untrusted certificates")) - goto end; - break; - case OPT_TRUSTED: - /* Zero or more times */ - noCAfile = 1; - noCApath = 1; - noCAstore = 1; - if (!load_certs(opt_arg(), 0, &trusted, NULL, "trusted certificates")) - goto end; - break; - case OPT_CRLFILE: - /* Zero or more times */ - if (!load_crls(opt_arg(), &crls, NULL, "other CRLs")) - goto end; - break; - case OPT_CRL_DOWNLOAD: - crl_download = 1; - break; - case OPT_ENGINE: - if ((e = setup_engine(opt_arg(), 0)) == NULL) { - /* Failure message already displayed */ - goto end; - } - break; - case OPT_SHOW_CHAIN: - show_chain = 1; - break; - case OPT_NAMEOPT: - if (!set_nameopt(opt_arg())) - goto end; - break; - case OPT_VFYOPT: - if (!vfyopts) - vfyopts = sk_OPENSSL_STRING_new_null(); - if (!vfyopts || !sk_OPENSSL_STRING_push(vfyopts, opt_arg())) - goto opthelp; - break; - case OPT_VERBOSE: - v_verbose = 1; - break; - case OPT_PROV_CASES: - if (!opt_provider(o)) - goto end; - break; - } - } - - /* Extra arguments are certificates to verify. */ - argc = opt_num_rest(); - argv = opt_rest(); - - if (trusted != NULL - && (CAfile != NULL || CApath != NULL || CAstore != NULL)) { - BIO_printf(bio_err, - "%s: Cannot use -trusted with -CAfile, -CApath or -CAstore\n", - prog); - goto end; - } - - if ((store = setup_verify(CAfile, noCAfile, CApath, noCApath, - CAstore, noCAstore)) == NULL) - goto end; - X509_STORE_set_verify_cb(store, cb); - - if (vpmtouched) - X509_STORE_set1_param(store, vpm); - - ERR_clear_error(); - - if (crl_download) - store_setup_crl_download(store); - - ret = 0; - if (argc < 1) { - if (check(store, NULL, untrusted, trusted, crls, show_chain, - vfyopts) != 1) - ret = -1; - } else { - for (i = 0; i < argc; i++) - if (check(store, argv[i], untrusted, trusted, crls, show_chain, - vfyopts) != 1) - ret = -1; - } - - end: - X509_VERIFY_PARAM_free(vpm); - X509_STORE_free(store); - sk_X509_pop_free(untrusted, X509_free); - sk_X509_pop_free(trusted, X509_free); - sk_X509_CRL_pop_free(crls, X509_CRL_free); - sk_OPENSSL_STRING_free(vfyopts); - release_engine(e); - return (ret < 0 ? 2 : ret); -} - -static int check(X509_STORE *ctx, const char *file, - STACK_OF(X509) *uchain, STACK_OF(X509) *tchain, - STACK_OF(X509_CRL) *crls, int show_chain, - STACK_OF(OPENSSL_STRING) *opts) -{ - X509 *x = NULL; - int i = 0, ret = 0; - X509_STORE_CTX *csc; - STACK_OF(X509) *chain = NULL; - int num_untrusted; - - x = load_cert(file, FORMAT_UNDEF, "certificate file"); - if (x == NULL) - goto end; - - if (opts != NULL) { - for (i = 0; i < sk_OPENSSL_STRING_num(opts); i++) { - char *opt = sk_OPENSSL_STRING_value(opts, i); - if (x509_ctrl_string(x, opt) <= 0) { - BIO_printf(bio_err, "parameter error \"%s\"\n", opt); - ERR_print_errors(bio_err); - X509_free(x); - return 0; - } - } - } - - csc = X509_STORE_CTX_new(); - if (csc == NULL) { - BIO_printf(bio_err, "error %s: X.509 store context allocation failed\n", - (file == NULL) ? "stdin" : file); - goto end; - } - - X509_STORE_set_flags(ctx, vflags); - if (!X509_STORE_CTX_init(csc, ctx, x, uchain)) { - X509_STORE_CTX_free(csc); - BIO_printf(bio_err, - "error %s: X.509 store context initialization failed\n", - (file == NULL) ? "stdin" : file); - goto end; - } - if (tchain != NULL) - X509_STORE_CTX_set0_trusted_stack(csc, tchain); - if (crls != NULL) - X509_STORE_CTX_set0_crls(csc, crls); - i = X509_verify_cert(csc); - if (i > 0 && X509_STORE_CTX_get_error(csc) == X509_V_OK) { - BIO_printf(bio_out, "%s: OK\n", (file == NULL) ? "stdin" : file); - ret = 1; - if (show_chain) { - int j; - - chain = X509_STORE_CTX_get1_chain(csc); - num_untrusted = X509_STORE_CTX_get_num_untrusted(csc); - BIO_printf(bio_out, "Chain:\n"); - for (j = 0; j < sk_X509_num(chain); j++) { - X509 *cert = sk_X509_value(chain, j); - BIO_printf(bio_out, "depth=%d: ", j); - X509_NAME_print_ex_fp(stdout, - X509_get_subject_name(cert), - 0, get_nameopt()); - if (j < num_untrusted) - BIO_printf(bio_out, " (untrusted)"); - BIO_printf(bio_out, "\n"); - } - sk_X509_pop_free(chain, X509_free); - } - } else { - BIO_printf(bio_err, - "error %s: verification failed\n", - (file == NULL) ? "stdin" : file); - } - X509_STORE_CTX_free(csc); - - end: - if (i <= 0) - ERR_print_errors(bio_err); - X509_free(x); - - return ret; -} - -static int cb(int ok, X509_STORE_CTX *ctx) -{ - int cert_error = X509_STORE_CTX_get_error(ctx); - X509 *current_cert = X509_STORE_CTX_get_current_cert(ctx); - - if (!ok) { - if (current_cert != NULL) { - X509_NAME_print_ex(bio_err, - X509_get_subject_name(current_cert), - 0, get_nameopt()); - BIO_printf(bio_err, "\n"); - } - BIO_printf(bio_err, "%serror %d at %d depth lookup: %s\n", - X509_STORE_CTX_get0_parent_ctx(ctx) ? "[CRL path] " : "", - cert_error, - X509_STORE_CTX_get_error_depth(ctx), - X509_verify_cert_error_string(cert_error)); - - /* - * Pretend that some errors are ok, so they don't stop further - * processing of the certificate chain. Setting ok = 1 does this. - * After X509_verify_cert() is done, we verify that there were - * no actual errors, even if the returned value was positive. - */ - switch (cert_error) { - case X509_V_ERR_NO_EXPLICIT_POLICY: - policies_print(ctx); - /* fall thru */ - case X509_V_ERR_CERT_HAS_EXPIRED: - /* Continue even if the leaf is a self-signed cert */ - case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: - /* Continue after extension errors too */ - case X509_V_ERR_INVALID_CA: - case X509_V_ERR_INVALID_NON_CA: - case X509_V_ERR_PATH_LENGTH_EXCEEDED: - case X509_V_ERR_CRL_HAS_EXPIRED: - case X509_V_ERR_CRL_NOT_YET_VALID: - case X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION: - /* errors due to strict conformance checking (-x509_strict) */ - case X509_V_ERR_INVALID_PURPOSE: - case X509_V_ERR_PATHLEN_INVALID_FOR_NON_CA: - case X509_V_ERR_PATHLEN_WITHOUT_KU_KEY_CERT_SIGN: - case X509_V_ERR_CA_BCONS_NOT_CRITICAL: - case X509_V_ERR_CA_CERT_MISSING_KEY_USAGE: - case X509_V_ERR_KU_KEY_CERT_SIGN_INVALID_FOR_NON_CA: - case X509_V_ERR_ISSUER_NAME_EMPTY: - case X509_V_ERR_SUBJECT_NAME_EMPTY: - case X509_V_ERR_EMPTY_SUBJECT_SAN_NOT_CRITICAL: - case X509_V_ERR_EMPTY_SUBJECT_ALT_NAME: - case X509_V_ERR_SIGNATURE_ALGORITHM_INCONSISTENCY: - case X509_V_ERR_AUTHORITY_KEY_IDENTIFIER_CRITICAL: - case X509_V_ERR_SUBJECT_KEY_IDENTIFIER_CRITICAL: - case X509_V_ERR_MISSING_AUTHORITY_KEY_IDENTIFIER: - case X509_V_ERR_MISSING_SUBJECT_KEY_IDENTIFIER: - case X509_V_ERR_EXTENSIONS_REQUIRE_VERSION_3: - ok = 1; - } - return ok; - - } - if (cert_error == X509_V_OK && ok == 2) - policies_print(ctx); - if (!v_verbose) - ERR_clear_error(); - return ok; -} diff --git a/apps/version.c b/apps/version.c deleted file mode 100644 index cab17a46bf18a0f1d17af8c884d55ffec6052e52..0000000000000000000000000000000000000000 --- a/apps/version.c +++ /dev/null @@ -1,151 +0,0 @@ -/* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include "apps.h" -#include "progs.h" -#include -#include -#include - -typedef enum OPTION_choice { - OPT_COMMON, - OPT_B, OPT_D, OPT_E, OPT_M, OPT_F, OPT_O, OPT_P, OPT_V, OPT_A, OPT_R, OPT_C -} OPTION_CHOICE; - -const OPTIONS version_options[] = { - OPT_SECTION("General"), - {"help", OPT_HELP, '-', "Display this summary"}, - - OPT_SECTION("Output"), - {"a", OPT_A, '-', "Show all data"}, - {"b", OPT_B, '-', "Show build date"}, - {"d", OPT_D, '-', "Show configuration directory"}, - {"e", OPT_E, '-', "Show engines directory"}, - {"m", OPT_M, '-', "Show modules directory"}, - {"f", OPT_F, '-', "Show compiler flags used"}, - {"o", OPT_O, '-', "Show some internal datatype options"}, - {"p", OPT_P, '-', "Show target build platform"}, - {"r", OPT_R, '-', "Show random seeding options"}, - {"v", OPT_V, '-', "Show library version"}, - {"c", OPT_C, '-', "Show CPU settings info"}, - {NULL} -}; - -int version_main(int argc, char **argv) -{ - int ret = 1, dirty = 0, seed = 0; - int cflags = 0, version = 0, date = 0, options = 0, platform = 0, dir = 0; - int engdir = 0, moddir = 0, cpuinfo = 0; - char *prog; - OPTION_CHOICE o; - - prog = opt_init(argc, argv, version_options); - while ((o = opt_next()) != OPT_EOF) { - switch (o) { - case OPT_EOF: - case OPT_ERR: -opthelp: - BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); - goto end; - case OPT_HELP: - opt_help(version_options); - ret = 0; - goto end; - case OPT_B: - dirty = date = 1; - break; - case OPT_D: - dirty = dir = 1; - break; - case OPT_E: - dirty = engdir = 1; - break; - case OPT_M: - dirty = moddir = 1; - break; - case OPT_F: - dirty = cflags = 1; - break; - case OPT_O: - dirty = options = 1; - break; - case OPT_P: - dirty = platform = 1; - break; - case OPT_R: - dirty = seed = 1; - break; - case OPT_V: - dirty = version = 1; - break; - case OPT_C: - dirty = cpuinfo = 1; - break; - case OPT_A: - seed = options = cflags = version = date = platform - = dir = engdir = moddir = cpuinfo - = 1; - break; - } - } - - /* No extra arguments. */ - argc = opt_num_rest(); - if (argc != 0) - goto opthelp; - - if (!dirty) - version = 1; - - if (version) - printf("%s (Library: %s)\n", - OPENSSL_VERSION_TEXT, OpenSSL_version(OPENSSL_VERSION)); - if (date) - printf("%s\n", OpenSSL_version(OPENSSL_BUILT_ON)); - if (platform) - printf("%s\n", OpenSSL_version(OPENSSL_PLATFORM)); - if (options) { - printf("options: "); - printf(" %s", BN_options()); - printf("\n"); - } - if (cflags) - printf("%s\n", OpenSSL_version(OPENSSL_CFLAGS)); - if (dir) - printf("%s\n", OpenSSL_version(OPENSSL_DIR)); - if (engdir) - printf("%s\n", OpenSSL_version(OPENSSL_ENGINES_DIR)); - if (moddir) - printf("%s\n", OpenSSL_version(OPENSSL_MODULES_DIR)); - if (seed) { - const char *src = OPENSSL_info(OPENSSL_INFO_SEED_SOURCE); - printf("Seeding source: %s\n", src ? src : "N/A"); - } - if (cpuinfo) - printf("%s\n", OpenSSL_version(OPENSSL_CPU_INFO)); - ret = 0; - end: - return ret; -} - - -#if defined(__TANDEM) && defined(OPENSSL_VPROC) -/* - * Define a VPROC function for the openssl program. - * This is used by platform version identification tools. - * Do not inline this procedure or make it static. - */ -# define OPENSSL_VPROC_STRING_(x) x##_OPENSSL -# define OPENSSL_VPROC_STRING(x) OPENSSL_VPROC_STRING_(x) -# define OPENSSL_VPROC_FUNC OPENSSL_VPROC_STRING(OPENSSL_VPROC) -void OPENSSL_VPROC_FUNC(void) {} -#endif diff --git a/apps/vms_decc_init.c b/apps/vms_decc_init.c deleted file mode 100644 index 21481e27bf936a0f820482403f4c81d810b2382c..0000000000000000000000000000000000000000 --- a/apps/vms_decc_init.c +++ /dev/null @@ -1,176 +0,0 @@ -/* - * Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#if defined( __VMS) && !defined( OPENSSL_NO_DECC_INIT) && \ - defined( __DECC) && !defined( __VAX) && (__CRTL_VER >= 70301000) -# define USE_DECC_INIT 1 -#endif - -#ifdef USE_DECC_INIT - -/* - * ---------------------------------------------------------------------- - * decc_init() On non-VAX systems, uses LIB$INITIALIZE to set a collection - * of C RTL features without using the DECC$* logical name method. - * ---------------------------------------------------------------------- - */ - -# include -# include -# include - -/* Global storage. */ - -/* Flag to sense if decc_init() was called. */ - -int decc_init_done = -1; - -/* Structure to hold a DECC$* feature name and its desired value. */ - -typedef struct { - char *name; - int value; -} decc_feat_t; - -/* - * Array of DECC$* feature names and their desired values. Note: - * DECC$ARGV_PARSE_STYLE is the urgent one. - */ - -decc_feat_t decc_feat_array[] = { - /* Preserve command-line case with SET PROCESS/PARSE_STYLE=EXTENDED */ - {"DECC$ARGV_PARSE_STYLE", 1}, - - /* Preserve case for file names on ODS5 disks. */ - {"DECC$EFS_CASE_PRESERVE", 1}, - - /* - * Enable multiple dots (and most characters) in ODS5 file names, while - * preserving VMS-ness of ";version". - */ - {"DECC$EFS_CHARSET", 1}, - - /* List terminator. */ - {(char *)NULL, 0} -}; - - -/* LIB$INITIALIZE initialization function. */ - -static void decc_init(void) -{ - char *openssl_debug_decc_init; - int verbose = 0; - int feat_index; - int feat_value; - int feat_value_max; - int feat_value_min; - int i; - int sts; - - /* Get debug option. */ - openssl_debug_decc_init = getenv("OPENSSL_DEBUG_DECC_INIT"); - if (openssl_debug_decc_init != NULL) { - verbose = strtol(openssl_debug_decc_init, NULL, 10); - if (verbose <= 0) { - verbose = 1; - } - } - - /* Set the global flag to indicate that LIB$INITIALIZE worked. */ - decc_init_done = 1; - - /* Loop through all items in the decc_feat_array[]. */ - - for (i = 0; decc_feat_array[i].name != NULL; i++) { - /* Get the feature index. */ - feat_index = decc$feature_get_index(decc_feat_array[i].name); - if (feat_index >= 0) { - /* Valid item. Collect its properties. */ - feat_value = decc$feature_get_value(feat_index, 1); - feat_value_min = decc$feature_get_value(feat_index, 2); - feat_value_max = decc$feature_get_value(feat_index, 3); - - /* Check the validity of our desired value. */ - if ((decc_feat_array[i].value >= feat_value_min) && - (decc_feat_array[i].value <= feat_value_max)) { - /* Valid value. Set it if necessary. */ - if (feat_value != decc_feat_array[i].value) { - sts = decc$feature_set_value(feat_index, - 1, decc_feat_array[i].value); - - if (verbose > 1) { - fprintf(stderr, " %s = %d, sts = %d.\n", - decc_feat_array[i].name, - decc_feat_array[i].value, sts); - } - } - } else { - /* Invalid DECC feature value. */ - fprintf(stderr, - " INVALID DECC$FEATURE VALUE, %d: %d <= %s <= %d.\n", - feat_value, - feat_value_min, decc_feat_array[i].name, - feat_value_max); - } - } else { - /* Invalid DECC feature name. */ - fprintf(stderr, - " UNKNOWN DECC$FEATURE: %s.\n", decc_feat_array[i].name); - } - } - - if (verbose > 0) { - fprintf(stderr, " DECC_INIT complete.\n"); - } -} - -/* Get "decc_init()" into a valid, loaded LIB$INITIALIZE PSECT. */ - -# pragma nostandard - -/* - * Establish the LIB$INITIALIZE PSECTs, with proper alignment and other - * attributes. Note that "nopic" is significant only on VAX. - */ -# pragma extern_model save - -# if __INITIAL_POINTER_SIZE == 64 -# define PSECT_ALIGN 3 -# else -# define PSECT_ALIGN 2 -# endif - -# pragma extern_model strict_refdef "LIB$INITIALIZ" PSECT_ALIGN, nopic, nowrt -const int spare[8] = { 0 }; - -# pragma extern_model strict_refdef "LIB$INITIALIZE" PSECT_ALIGN, nopic, nowrt -void (*const x_decc_init) () = decc_init; - -# pragma extern_model restore - -/* Fake reference to ensure loading the LIB$INITIALIZE PSECT. */ - -# pragma extern_model save - -int LIB$INITIALIZE(void); - -# pragma extern_model strict_refdef -int dmy_lib$initialize = (int)LIB$INITIALIZE; - -# pragma extern_model restore - -# pragma standard - -#else /* def USE_DECC_INIT */ - -/* Dummy code to avoid a %CC-W-EMPTYFILE complaint. */ -int decc_init_dummy(void); - -#endif /* def USE_DECC_INIT */ diff --git a/apps/x509.c b/apps/x509.c deleted file mode 100644 index a919d787457c97005008b27d6deeeefa3da0f714..0000000000000000000000000000000000000000 --- a/apps/x509.c +++ /dev/null @@ -1,1267 +0,0 @@ -/* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include "apps.h" -#include "progs.h" -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#ifndef OPENSSL_NO_DSA -# include -#endif - -#undef POSTFIX -#define POSTFIX ".srl" -#define DEFAULT_DAYS 30 /* default cert validity period in days */ -#define UNSET_DAYS -2 /* -1 is used for testing expiration checks */ -#define EXT_COPY_UNSET -1 - -static int callb(int ok, X509_STORE_CTX *ctx); -static ASN1_INTEGER *x509_load_serial(const char *CAfile, - const char *serialfile, int create); -static int purpose_print(BIO *bio, X509 *cert, X509_PURPOSE *pt); -static int print_x509v3_exts(BIO *bio, X509 *x, const char *ext_names); - -typedef enum OPTION_choice { - OPT_COMMON, - OPT_INFORM, OPT_OUTFORM, OPT_KEYFORM, OPT_REQ, OPT_CAFORM, - OPT_CAKEYFORM, OPT_VFYOPT, OPT_SIGOPT, OPT_DAYS, OPT_PASSIN, OPT_EXTFILE, - OPT_EXTENSIONS, OPT_IN, OPT_OUT, OPT_KEY, OPT_SIGNKEY, OPT_CA, OPT_CAKEY, - OPT_CASERIAL, OPT_SET_SERIAL, OPT_NEW, OPT_FORCE_PUBKEY, OPT_SUBJ, - OPT_ADDTRUST, OPT_ADDREJECT, OPT_SETALIAS, OPT_CERTOPT, OPT_DATEOPT, OPT_NAMEOPT, - OPT_EMAIL, OPT_OCSP_URI, OPT_SERIAL, OPT_NEXT_SERIAL, - OPT_MODULUS, OPT_PUBKEY, OPT_X509TOREQ, OPT_TEXT, OPT_HASH, - OPT_ISSUER_HASH, OPT_SUBJECT, OPT_ISSUER, OPT_FINGERPRINT, OPT_DATES, - OPT_PURPOSE, OPT_STARTDATE, OPT_ENDDATE, OPT_CHECKEND, OPT_CHECKHOST, - OPT_CHECKEMAIL, OPT_CHECKIP, OPT_NOOUT, OPT_TRUSTOUT, OPT_CLRTRUST, - OPT_CLRREJECT, OPT_ALIAS, OPT_CACREATESERIAL, OPT_CLREXT, OPT_OCSPID, - OPT_SUBJECT_HASH_OLD, OPT_ISSUER_HASH_OLD, OPT_COPY_EXTENSIONS, - OPT_BADSIG, OPT_MD, OPT_ENGINE, OPT_NOCERT, OPT_PRESERVE_DATES, - OPT_R_ENUM, OPT_PROV_ENUM, OPT_EXT -} OPTION_CHOICE; - -const OPTIONS x509_options[] = { - OPT_SECTION("General"), - {"help", OPT_HELP, '-', "Display this summary"}, - - {"in", OPT_IN, '<', - "Certificate input, or CSR input file with -req (default stdin)"}, - {"passin", OPT_PASSIN, 's', "Private key and cert file pass-phrase source"}, - {"new", OPT_NEW, '-', "Generate a certificate from scratch"}, - {"x509toreq", OPT_X509TOREQ, '-', - "Output a certification request (rather than a certificate)"}, - {"req", OPT_REQ, '-', "Input is a CSR file (rather than a certificate)"}, - {"copy_extensions", OPT_COPY_EXTENSIONS, 's', - "copy extensions when converting from CSR to x509 or vice versa"}, - {"inform", OPT_INFORM, 'f', - "CSR input file format (DER or PEM) - default PEM"}, - {"vfyopt", OPT_VFYOPT, 's', "CSR verification parameter in n:v form"}, - {"key", OPT_KEY, 's', - "Key for signing, and to include unless using -force_pubkey"}, - {"signkey", OPT_SIGNKEY, 's', - "Same as -key"}, - {"keyform", OPT_KEYFORM, 'E', - "Key input format (ENGINE, other values ignored)"}, - {"out", OPT_OUT, '>', "Output file - default stdout"}, - {"outform", OPT_OUTFORM, 'f', - "Output format (DER or PEM) - default PEM"}, - {"nocert", OPT_NOCERT, '-', - "No cert output (except for requested printing)"}, - {"noout", OPT_NOOUT, '-', "No output (except for requested printing)"}, - - OPT_SECTION("Certificate printing"), - {"text", OPT_TEXT, '-', "Print the certificate in text form"}, - {"dateopt", OPT_DATEOPT, 's', "Datetime format used for printing. (rfc_822/iso_8601). Default is rfc_822."}, - {"certopt", OPT_CERTOPT, 's', "Various certificate text printing options"}, - {"fingerprint", OPT_FINGERPRINT, '-', "Print the certificate fingerprint"}, - {"alias", OPT_ALIAS, '-', "Print certificate alias"}, - {"serial", OPT_SERIAL, '-', "Print serial number value"}, - {"startdate", OPT_STARTDATE, '-', "Print the notBefore field"}, - {"enddate", OPT_ENDDATE, '-', "Print the notAfter field"}, - {"dates", OPT_DATES, '-', "Print both notBefore and notAfter fields"}, - {"subject", OPT_SUBJECT, '-', "Print subject DN"}, - {"issuer", OPT_ISSUER, '-', "Print issuer DN"}, - {"nameopt", OPT_NAMEOPT, 's', - "Certificate subject/issuer name printing options"}, - {"email", OPT_EMAIL, '-', "Print email address(es)"}, - {"hash", OPT_HASH, '-', "Synonym for -subject_hash (for backward compat)"}, - {"subject_hash", OPT_HASH, '-', "Print subject hash value"}, -#ifndef OPENSSL_NO_MD5 - {"subject_hash_old", OPT_SUBJECT_HASH_OLD, '-', - "Print old-style (MD5) subject hash value"}, -#endif - {"issuer_hash", OPT_ISSUER_HASH, '-', "Print issuer hash value"}, -#ifndef OPENSSL_NO_MD5 - {"issuer_hash_old", OPT_ISSUER_HASH_OLD, '-', - "Print old-style (MD5) issuer hash value"}, -#endif - {"ext", OPT_EXT, 's', - "Restrict which X.509 extensions to print and/or copy"}, - {"ocspid", OPT_OCSPID, '-', - "Print OCSP hash values for the subject name and public key"}, - {"ocsp_uri", OPT_OCSP_URI, '-', "Print OCSP Responder URL(s)"}, - {"purpose", OPT_PURPOSE, '-', "Print out certificate purposes"}, - {"pubkey", OPT_PUBKEY, '-', "Print the public key in PEM format"}, - {"modulus", OPT_MODULUS, '-', "Print the RSA key modulus"}, - - OPT_SECTION("Certificate checking"), - {"checkend", OPT_CHECKEND, 'M', - "Check whether cert expires in the next arg seconds"}, - {OPT_MORE_STR, 1, 1, "Exit 1 (failure) if so, 0 if not"}, - {"checkhost", OPT_CHECKHOST, 's', "Check certificate matches host"}, - {"checkemail", OPT_CHECKEMAIL, 's', "Check certificate matches email"}, - {"checkip", OPT_CHECKIP, 's', "Check certificate matches ipaddr"}, - - OPT_SECTION("Certificate output"), - {"set_serial", OPT_SET_SERIAL, 's', - "Serial number to use, overrides -CAserial"}, - {"next_serial", OPT_NEXT_SERIAL, '-', - "Increment current certificate serial number"}, - {"days", OPT_DAYS, 'n', - "Number of days until newly generated certificate expires - default 30"}, - {"preserve_dates", OPT_PRESERVE_DATES, '-', - "Preserve existing validity dates"}, - {"subj", OPT_SUBJ, 's', "Set or override certificate subject (and issuer)"}, - {"force_pubkey", OPT_FORCE_PUBKEY, '<', - "Place the given key in new certificate"}, - {"clrext", OPT_CLREXT, '-', - "Do not take over any extensions from the source certificate or request"}, - {"extfile", OPT_EXTFILE, '<', "Config file with X509V3 extensions to add"}, - {"extensions", OPT_EXTENSIONS, 's', - "Section of extfile to use - default: unnamed section"}, - {"sigopt", OPT_SIGOPT, 's', "Signature parameter, in n:v form"}, - {"badsig", OPT_BADSIG, '-', - "Corrupt last byte of certificate signature (for test)"}, - {"", OPT_MD, '-', "Any supported digest, used for signing and printing"}, - - OPT_SECTION("Micro-CA"), - {"CA", OPT_CA, '<', - "Use the given CA certificate, conflicts with -key"}, - {"CAform", OPT_CAFORM, 'F', "CA cert format (PEM/DER/P12); has no effect"}, - {"CAkey", OPT_CAKEY, 's', "The corresponding CA key; default is -CA arg"}, - {"CAkeyform", OPT_CAKEYFORM, 'E', - "CA key format (ENGINE, other values ignored)"}, - {"CAserial", OPT_CASERIAL, 's', - "File that keeps track of CA-generated serial number"}, - {"CAcreateserial", OPT_CACREATESERIAL, '-', - "Create CA serial number file if it does not exist"}, - - OPT_SECTION("Certificate trust output"), - {"trustout", OPT_TRUSTOUT, '-', "Mark certificate PEM output as trusted"}, - {"setalias", OPT_SETALIAS, 's', "Set certificate alias (nickname)"}, - {"clrtrust", OPT_CLRTRUST, '-', "Clear all trusted purposes"}, - {"addtrust", OPT_ADDTRUST, 's', "Trust certificate for a given purpose"}, - {"clrreject", OPT_CLRREJECT, '-', - "Clears all the prohibited or rejected uses of the certificate"}, - {"addreject", OPT_ADDREJECT, 's', - "Reject certificate for a given purpose"}, - - OPT_R_OPTIONS, -#ifndef OPENSSL_NO_ENGINE - {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, -#endif - OPT_PROV_OPTIONS, - {NULL} -}; - -static void warn_copying(ASN1_OBJECT *excluded, const char *names) -{ - const char *sn = OBJ_nid2sn(OBJ_obj2nid(excluded)); - - if (names != NULL && strstr(names, sn) != NULL) - BIO_printf(bio_err, - "Warning: -ext should not specify copying %s extension to CSR; ignoring this\n", - sn); -} - -static X509_REQ *x509_to_req(X509 *cert, int ext_copy, const char *names) -{ - const STACK_OF(X509_EXTENSION) *cert_exts = X509_get0_extensions(cert); - int i, n = sk_X509_EXTENSION_num(cert_exts /* may be NULL */); - ASN1_OBJECT *skid = OBJ_nid2obj(NID_subject_key_identifier); - ASN1_OBJECT *akid = OBJ_nid2obj(NID_authority_key_identifier); - STACK_OF(X509_EXTENSION) *exts; - X509_REQ *req = X509_to_X509_REQ(cert, NULL, NULL); - - if (req == NULL) - return NULL; - - /* - * Filter out SKID and AKID extensions, which make no sense in a CSR. - * If names is not NULL, copy only those extensions listed there. - */ - warn_copying(skid, names); - warn_copying(akid, names); - if ((exts = sk_X509_EXTENSION_new_reserve(NULL, n)) == NULL) - goto err; - for (i = 0; i < n; i++) { - X509_EXTENSION *ex = sk_X509_EXTENSION_value(cert_exts, i); - ASN1_OBJECT *obj = X509_EXTENSION_get_object(ex); - - if (OBJ_cmp(obj, skid) != 0 && OBJ_cmp(obj, akid) != 0 - && !sk_X509_EXTENSION_push(exts, ex)) - goto err; - } - - if (sk_X509_EXTENSION_num(exts) > 0) { - if (ext_copy != EXT_COPY_UNSET && ext_copy != EXT_COPY_NONE - && !X509_REQ_add_extensions(req, exts)) { - BIO_printf(bio_err, "Error copying extensions from certificate\n"); - goto err; - } - } - sk_X509_EXTENSION_free(exts); - return req; - - err: - sk_X509_EXTENSION_free(exts); - X509_REQ_free(req); - return NULL; -} - -static int self_signed(X509_STORE *ctx, X509 *cert) -{ - X509_STORE_CTX *xsc = X509_STORE_CTX_new(); - int ret = 0; - - if (xsc == NULL || !X509_STORE_CTX_init(xsc, ctx, cert, NULL)) { - BIO_printf(bio_err, "Error initialising X509 store\n"); - } else { - X509_STORE_CTX_set_flags(xsc, X509_V_FLAG_CHECK_SS_SIGNATURE); - ret = X509_verify_cert(xsc) > 0; - } - X509_STORE_CTX_free(xsc); - return ret; -} - -int x509_main(int argc, char **argv) -{ - ASN1_INTEGER *sno = NULL; - ASN1_OBJECT *objtmp = NULL; - BIO *out = NULL; - CONF *extconf = NULL; - int ext_copy = EXT_COPY_UNSET; - X509V3_CTX ext_ctx; - EVP_PKEY *privkey = NULL, *CAkey = NULL, *pubkey = NULL; - EVP_PKEY *pkey; - int newcert = 0; - char *subj = NULL, *digest = NULL; - X509_NAME *fsubj = NULL; - const unsigned long chtype = MBSTRING_ASC; - const int multirdn = 1; - STACK_OF(ASN1_OBJECT) *trust = NULL, *reject = NULL; - STACK_OF(OPENSSL_STRING) *sigopts = NULL, *vfyopts = NULL; - X509 *x = NULL, *xca = NULL, *issuer_cert; - X509_REQ *req = NULL, *rq = NULL; - X509_STORE *ctx = NULL; - char *CAkeyfile = NULL, *CAserial = NULL, *pubkeyfile = NULL, *alias = NULL; - char *checkhost = NULL, *checkemail = NULL, *checkip = NULL; - char *ext_names = NULL; - char *extsect = NULL, *extfile = NULL, *passin = NULL, *passinarg = NULL; - char *infile = NULL, *outfile = NULL, *privkeyfile = NULL, *CAfile = NULL; - char *prog; - int days = UNSET_DAYS; /* not explicitly set */ - int x509toreq = 0, modulus = 0, print_pubkey = 0, pprint = 0; - int CAformat = FORMAT_UNDEF, CAkeyformat = FORMAT_UNDEF; - unsigned long dateopt = ASN1_DTFLGS_RFC822; - int fingerprint = 0, reqfile = 0, checkend = 0; - int informat = FORMAT_UNDEF, outformat = FORMAT_PEM, keyformat = FORMAT_UNDEF; - int next_serial = 0, subject_hash = 0, issuer_hash = 0, ocspid = 0; - int noout = 0, CA_createserial = 0, email = 0; - int ocsp_uri = 0, trustout = 0, clrtrust = 0, clrreject = 0, aliasout = 0; - int ret = 1, i, j, num = 0, badsig = 0, clrext = 0, nocert = 0; - int text = 0, serial = 0, subject = 0, issuer = 0, startdate = 0, ext = 0; - int enddate = 0; - time_t checkoffset = 0; - unsigned long certflag = 0; - int preserve_dates = 0; - OPTION_CHOICE o; - ENGINE *e = NULL; -#ifndef OPENSSL_NO_MD5 - int subject_hash_old = 0, issuer_hash_old = 0; -#endif - - ctx = X509_STORE_new(); - if (ctx == NULL) - goto end; - X509_STORE_set_verify_cb(ctx, callb); - - prog = opt_init(argc, argv, x509_options); - while ((o = opt_next()) != OPT_EOF) { - switch (o) { - case OPT_EOF: - case OPT_ERR: - opthelp: - BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); - goto end; - case OPT_HELP: - opt_help(x509_options); - ret = 0; - goto end; - case OPT_INFORM: - if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &informat)) - goto opthelp; - break; - case OPT_IN: - infile = opt_arg(); - break; - case OPT_OUTFORM: - if (!opt_format(opt_arg(), OPT_FMT_ANY, &outformat)) - goto opthelp; - break; - case OPT_KEYFORM: - if (!opt_format(opt_arg(), OPT_FMT_ANY, &keyformat)) - goto opthelp; - break; - case OPT_CAFORM: - if (!opt_format(opt_arg(), OPT_FMT_ANY, &CAformat)) - goto opthelp; - break; - case OPT_CAKEYFORM: - if (!opt_format(opt_arg(), OPT_FMT_ANY, &CAkeyformat)) - goto opthelp; - break; - case OPT_OUT: - outfile = opt_arg(); - break; - case OPT_REQ: - reqfile = 1; - break; - - case OPT_DATEOPT: - if (!set_dateopt(&dateopt, opt_arg())) { - BIO_printf(bio_err, - "Invalid date format: %s\n", opt_arg()); - goto end; - } - break; - case OPT_COPY_EXTENSIONS: - if (!set_ext_copy(&ext_copy, opt_arg())) { - BIO_printf(bio_err, - "Invalid extension copy option: %s\n", opt_arg()); - goto end; - } - break; - - case OPT_SIGOPT: - if (!sigopts) - sigopts = sk_OPENSSL_STRING_new_null(); - if (!sigopts || !sk_OPENSSL_STRING_push(sigopts, opt_arg())) - goto opthelp; - break; - case OPT_VFYOPT: - if (!vfyopts) - vfyopts = sk_OPENSSL_STRING_new_null(); - if (!vfyopts || !sk_OPENSSL_STRING_push(vfyopts, opt_arg())) - goto opthelp; - break; - case OPT_DAYS: - days = atoi(opt_arg()); - if (days < -1) { - BIO_printf(bio_err, "%s: -days parameter arg must be >= -1\n", - prog); - goto end; - } - break; - case OPT_PASSIN: - passinarg = opt_arg(); - break; - case OPT_EXTFILE: - extfile = opt_arg(); - break; - case OPT_R_CASES: - if (!opt_rand(o)) - goto end; - break; - case OPT_PROV_CASES: - if (!opt_provider(o)) - goto end; - break; - case OPT_EXTENSIONS: - extsect = opt_arg(); - break; - case OPT_KEY: - case OPT_SIGNKEY: - privkeyfile = opt_arg(); - break; - case OPT_CA: - CAfile = opt_arg(); - break; - case OPT_CAKEY: - CAkeyfile = opt_arg(); - break; - case OPT_CASERIAL: - CAserial = opt_arg(); - break; - case OPT_SET_SERIAL: - if (sno != NULL) { - BIO_printf(bio_err, "Serial number supplied twice\n"); - goto opthelp; - } - if ((sno = s2i_ASN1_INTEGER(NULL, opt_arg())) == NULL) - goto opthelp; - break; - case OPT_NEW: - newcert = 1; - break; - case OPT_FORCE_PUBKEY: - pubkeyfile = opt_arg(); - break; - case OPT_SUBJ: - subj = opt_arg(); - break; - case OPT_ADDTRUST: - if (trust == NULL && (trust = sk_ASN1_OBJECT_new_null()) == NULL) - goto end; - if ((objtmp = OBJ_txt2obj(opt_arg(), 0)) == NULL) { - BIO_printf(bio_err, "%s: Invalid trust object value %s\n", - prog, opt_arg()); - goto opthelp; - } - sk_ASN1_OBJECT_push(trust, objtmp); - trustout = 1; - break; - case OPT_ADDREJECT: - if (reject == NULL && (reject = sk_ASN1_OBJECT_new_null()) == NULL) - goto end; - if ((objtmp = OBJ_txt2obj(opt_arg(), 0)) == NULL) { - BIO_printf(bio_err, "%s: Invalid reject object value %s\n", - prog, opt_arg()); - goto opthelp; - } - sk_ASN1_OBJECT_push(reject, objtmp); - trustout = 1; - break; - case OPT_SETALIAS: - alias = opt_arg(); - trustout = 1; - break; - case OPT_CERTOPT: - if (!set_cert_ex(&certflag, opt_arg())) - goto opthelp; - break; - case OPT_NAMEOPT: - if (!set_nameopt(opt_arg())) - goto opthelp; - break; - case OPT_ENGINE: - e = setup_engine(opt_arg(), 0); - break; - case OPT_EMAIL: - email = ++num; - break; - case OPT_OCSP_URI: - ocsp_uri = ++num; - break; - case OPT_SERIAL: - serial = ++num; - break; - case OPT_NEXT_SERIAL: - next_serial = ++num; - break; - case OPT_MODULUS: - modulus = ++num; - break; - case OPT_PUBKEY: - print_pubkey = ++num; - break; - case OPT_X509TOREQ: - x509toreq = 1; - break; - case OPT_TEXT: - text = ++num; - break; - case OPT_SUBJECT: - subject = ++num; - break; - case OPT_ISSUER: - issuer = ++num; - break; - case OPT_FINGERPRINT: - fingerprint = ++num; - break; - case OPT_HASH: - subject_hash = ++num; - break; - case OPT_ISSUER_HASH: - issuer_hash = ++num; - break; - case OPT_PURPOSE: - pprint = ++num; - break; - case OPT_STARTDATE: - startdate = ++num; - break; - case OPT_ENDDATE: - enddate = ++num; - break; - case OPT_NOOUT: - noout = ++num; - break; - case OPT_EXT: - ext = ++num; - ext_names = opt_arg(); - break; - case OPT_NOCERT: - nocert = 1; - break; - case OPT_TRUSTOUT: - trustout = 1; - break; - case OPT_CLRTRUST: - clrtrust = ++num; - break; - case OPT_CLRREJECT: - clrreject = ++num; - break; - case OPT_ALIAS: - aliasout = ++num; - break; - case OPT_CACREATESERIAL: - CA_createserial = 1; - break; - case OPT_CLREXT: - clrext = 1; - break; - case OPT_OCSPID: - ocspid = ++num; - break; - case OPT_BADSIG: - badsig = 1; - break; -#ifndef OPENSSL_NO_MD5 - case OPT_SUBJECT_HASH_OLD: - subject_hash_old = ++num; - break; - case OPT_ISSUER_HASH_OLD: - issuer_hash_old = ++num; - break; -#else - case OPT_SUBJECT_HASH_OLD: - case OPT_ISSUER_HASH_OLD: - break; -#endif - case OPT_DATES: - startdate = ++num; - enddate = ++num; - break; - case OPT_CHECKEND: - checkend = 1; - { - ossl_intmax_t temp = 0; - if (!opt_intmax(opt_arg(), &temp)) - goto opthelp; - checkoffset = (time_t)temp; - if ((ossl_intmax_t)checkoffset != temp) { - BIO_printf(bio_err, "%s: Checkend time out of range %s\n", - prog, opt_arg()); - goto opthelp; - } - } - break; - case OPT_CHECKHOST: - checkhost = opt_arg(); - break; - case OPT_CHECKEMAIL: - checkemail = opt_arg(); - break; - case OPT_CHECKIP: - checkip = opt_arg(); - break; - case OPT_PRESERVE_DATES: - preserve_dates = 1; - break; - case OPT_MD: - digest = opt_unknown(); - break; - } - } - - /* No extra arguments. */ - argc = opt_num_rest(); - if (argc != 0) - goto opthelp; - - if (!app_RAND_load()) - goto end; - - if (preserve_dates && days != UNSET_DAYS) { - BIO_printf(bio_err, "Cannot use -preserve_dates with -days option\n"); - goto end; - } - if (days == UNSET_DAYS) - days = DEFAULT_DAYS; - - if (!app_passwd(passinarg, NULL, &passin, NULL)) { - BIO_printf(bio_err, "Error getting password\n"); - goto end; - } - - if (!X509_STORE_set_default_paths_ex(ctx, app_get0_libctx(), - app_get0_propq())) - goto end; - - if (newcert && infile != NULL) { - BIO_printf(bio_err, "The -in option cannot be used with -new\n"); - goto end; - } - if (newcert && reqfile) { - BIO_printf(bio_err, - "The -req option cannot be used with -new\n"); - goto end; - } - if (privkeyfile != NULL) { - privkey = load_key(privkeyfile, keyformat, 0, passin, e, "private key"); - if (privkey == NULL) - goto end; - } - if (pubkeyfile != NULL) { - if ((pubkey = load_pubkey(pubkeyfile, keyformat, 0, NULL, e, - "explicitly set public key")) == NULL) - goto end; - } - - if (newcert) { - if (subj == NULL) { - BIO_printf(bio_err, - "The -new option requires a subject to be set using -subj\n"); - goto end; - } - if (privkeyfile == NULL && pubkeyfile == NULL) { - BIO_printf(bio_err, - "The -new option requires using the -key or -force_pubkey option\n"); - goto end; - } - } - if (subj != NULL - && (fsubj = parse_name(subj, chtype, multirdn, "subject")) == NULL) - goto end; - - if (CAkeyfile == NULL) - CAkeyfile = CAfile; - if (CAfile != NULL) { - if (privkeyfile != NULL) { - BIO_printf(bio_err, "Cannot use both -key/-signkey and -CA option\n"); - goto end; - } - } else { -#define WARN_NO_CA(opt) BIO_printf(bio_err, \ - "Warning: ignoring " opt " option since -CA option is not given\n"); - if (CAkeyfile != NULL) - WARN_NO_CA("-CAkey"); - if (CAkeyformat != FORMAT_UNDEF) - WARN_NO_CA("-CAkeyform"); - if (CAformat != FORMAT_UNDEF) - WARN_NO_CA("-CAform"); - if (CAserial != NULL) - WARN_NO_CA("-CAserial"); - if (CA_createserial) - WARN_NO_CA("-CAcreateserial"); - } - - if (extfile == NULL) { - if (extsect != NULL) - BIO_printf(bio_err, - "Warning: ignoring -extensions option without -extfile\n"); - } else { - X509V3_CTX ctx2; - - if ((extconf = app_load_config(extfile)) == NULL) - goto end; - if (extsect == NULL) { - extsect = NCONF_get_string(extconf, "default", "extensions"); - if (extsect == NULL) { - ERR_clear_error(); - extsect = "default"; - } - } - X509V3_set_ctx_test(&ctx2); - X509V3_set_nconf(&ctx2, extconf); - if (!X509V3_EXT_add_nconf(extconf, &ctx2, extsect, NULL)) { - BIO_printf(bio_err, - "Error checking extension section %s\n", extsect); - goto end; - } - } - - if (reqfile) { - req = load_csr(infile, informat, "certificate request input"); - if (req == NULL) - goto end; - - if ((pkey = X509_REQ_get0_pubkey(req)) == NULL) { - BIO_printf(bio_err, "Error unpacking public key from CSR\n"); - goto end; - } - i = do_X509_REQ_verify(req, pkey, vfyopts); - if (i <= 0) { - BIO_printf(bio_err, i < 0 - ? "Error while verifying certificate request self-signature\n" - : "Certificate request self-signature did not match the contents\n"); - goto end; - } - BIO_printf(bio_err, "Certificate request self-signature ok\n"); - - print_name(bio_err, "subject=", X509_REQ_get_subject_name(req)); - } else if (!x509toreq && ext_copy != EXT_COPY_UNSET) { - BIO_printf(bio_err, "Warning: ignoring -copy_extensions since neither -x509toreq nor -req is given\n"); - } - - if (reqfile || newcert) { - if (preserve_dates) - BIO_printf(bio_err, - "Warning: ignoring -preserve_dates option with -req or -new\n"); - preserve_dates = 0; - if (privkeyfile == NULL && CAkeyfile == NULL) { - BIO_printf(bio_err, - "We need a private key to sign with, use -key or -CAkey or -CA with private key\n"); - goto end; - } - if ((x = X509_new_ex(app_get0_libctx(), app_get0_propq())) == NULL) - goto end; - if (CAfile == NULL && sno == NULL) { - sno = ASN1_INTEGER_new(); - if (sno == NULL || !rand_serial(NULL, sno)) - goto end; - } - if (req != NULL && ext_copy != EXT_COPY_UNSET) { - if (clrext && ext_copy != EXT_COPY_NONE) { - BIO_printf(bio_err, "Must not use -clrext together with -copy_extensions\n"); - goto end; - } else if (!copy_extensions(x, req, ext_copy)) { - BIO_printf(bio_err, "Error copying extensions from request\n"); - goto end; - } - } - } else { - x = load_cert_pass(infile, informat, 1, passin, "certificate"); - if (x == NULL) - goto end; - } - if ((fsubj != NULL || req != NULL) - && !X509_set_subject_name(x, fsubj != NULL ? fsubj : - X509_REQ_get_subject_name(req))) - goto end; - if ((pubkey != NULL || privkey != NULL || req != NULL) - && !X509_set_pubkey(x, pubkey != NULL ? pubkey : - privkey != NULL ? privkey : - X509_REQ_get0_pubkey(req))) - goto end; - - if (CAfile != NULL) { - xca = load_cert_pass(CAfile, CAformat, 1, passin, "CA certificate"); - if (xca == NULL) - goto end; - } - - out = bio_open_default(outfile, 'w', outformat); - if (out == NULL) - goto end; - - if (!noout || text || next_serial) - OBJ_create("2.99999.3", "SET.ex3", "SET x509v3 extension 3"); - - if (alias) - X509_alias_set1(x, (unsigned char *)alias, -1); - - if (clrtrust) - X509_trust_clear(x); - if (clrreject) - X509_reject_clear(x); - - if (trust != NULL) { - for (i = 0; i < sk_ASN1_OBJECT_num(trust); i++) - X509_add1_trust_object(x, sk_ASN1_OBJECT_value(trust, i)); - } - - if (reject != NULL) { - for (i = 0; i < sk_ASN1_OBJECT_num(reject); i++) - X509_add1_reject_object(x, sk_ASN1_OBJECT_value(reject, i)); - } - - if (clrext && ext_names != NULL) - BIO_printf(bio_err, "Warning: Ignoring -ext since -clrext is given\n"); - for (i = X509_get_ext_count(x) - 1; i >= 0; i--) { - X509_EXTENSION *ex = X509_get_ext(x, i); - const char *sn = OBJ_nid2sn(OBJ_obj2nid(X509_EXTENSION_get_object(ex))); - - if (clrext || (ext_names != NULL && strstr(ext_names, sn) == NULL)) - X509_EXTENSION_free(X509_delete_ext(x, i)); - } - - issuer_cert = x; - if (CAfile != NULL) { - issuer_cert = xca; - if (sno == NULL) - sno = x509_load_serial(CAfile, CAserial, CA_createserial); - if (sno == NULL) - goto end; - if (!x509toreq && !reqfile && !newcert && !self_signed(ctx, x)) - goto end; - } - - if (sno != NULL && !X509_set_serialNumber(x, sno)) - goto end; - - if (reqfile || newcert || privkey != NULL || CAfile != NULL) { - if (!preserve_dates && !set_cert_times(x, NULL, NULL, days)) - goto end; - if (!X509_set_issuer_name(x, X509_get_subject_name(issuer_cert))) - goto end; - } - - X509V3_set_ctx(&ext_ctx, issuer_cert, x, NULL, NULL, X509V3_CTX_REPLACE); - /* prepare fallback for AKID, but only if issuer cert equals subject cert */ - if (CAfile == NULL) { - if (!X509V3_set_issuer_pkey(&ext_ctx, privkey)) - goto end; - } - if (extconf != NULL && !x509toreq) { - X509V3_set_nconf(&ext_ctx, extconf); - if (!X509V3_EXT_add_nconf(extconf, &ext_ctx, extsect, x)) { - BIO_printf(bio_err, - "Error adding extensions from section %s\n", extsect); - goto end; - } - } - - /* At this point the contents of the certificate x have been finished. */ - - pkey = X509_get0_pubkey(x); - if ((print_pubkey != 0 || modulus != 0) && pkey == NULL) { - BIO_printf(bio_err, "Error getting public key\n"); - goto end; - } - - if (x509toreq) { /* also works in conjunction with -req */ - if (privkey == NULL) { - BIO_printf(bio_err, "Must specify request signing key using -key\n"); - goto end; - } - if (clrext && ext_copy != EXT_COPY_NONE) { - BIO_printf(bio_err, "Must not use -clrext together with -copy_extensions\n"); - goto end; - } - if ((rq = x509_to_req(x, ext_copy, ext_names)) == NULL) - goto end; - if (extconf != NULL) { - X509V3_set_nconf(&ext_ctx, extconf); - if (!X509V3_EXT_REQ_add_nconf(extconf, &ext_ctx, extsect, rq)) { - BIO_printf(bio_err, - "Error adding request extensions from section %s\n", extsect); - goto end; - } - } - if (!do_X509_REQ_sign(rq, privkey, digest, sigopts)) - goto end; - if (!noout) { - if (outformat == FORMAT_ASN1) { - X509_REQ_print_ex(out, rq, get_nameopt(), X509_FLAG_COMPAT); - i = i2d_X509_bio(out, x); - } else { - i = PEM_write_bio_X509_REQ(out, rq); - } - if (!i) { - BIO_printf(bio_err, - "Unable to write certificate request\n"); - goto end; - } - } - noout = 1; - } else if (privkey != NULL) { - if (!do_X509_sign(x, privkey, digest, sigopts, &ext_ctx)) - goto end; - } else if (CAfile != NULL) { - if ((CAkey = load_key(CAkeyfile, CAkeyformat, - 0, passin, e, "CA private key")) == NULL) - goto end; - if (!X509_check_private_key(xca, CAkey)) { - BIO_printf(bio_err, - "CA certificate and CA private key do not match\n"); - goto end; - } - - if (!do_X509_sign(x, CAkey, digest, sigopts, &ext_ctx)) - goto end; - } - if (badsig) { - const ASN1_BIT_STRING *signature; - - X509_get0_signature(&signature, NULL, x); - corrupt_signature(signature); - } - - /* Process print options in the given order, as indicated by index i */ - for (i = 1; i <= num; i++) { - if (i == issuer) { - print_name(out, "issuer=", X509_get_issuer_name(x)); - } else if (i == subject) { - print_name(out, "subject=", X509_get_subject_name(x)); - } else if (i == serial) { - BIO_printf(out, "serial="); - i2a_ASN1_INTEGER(out, X509_get0_serialNumber(x)); - BIO_printf(out, "\n"); - } else if (i == next_serial) { - ASN1_INTEGER *ser; - BIGNUM *bnser = ASN1_INTEGER_to_BN(X509_get0_serialNumber(x), NULL); - - if (bnser == NULL) - goto end; - if (!BN_add_word(bnser, 1) - || (ser = BN_to_ASN1_INTEGER(bnser, NULL)) == NULL) { - BN_free(bnser); - goto end; - } - BN_free(bnser); - i2a_ASN1_INTEGER(out, ser); - ASN1_INTEGER_free(ser); - BIO_puts(out, "\n"); - } else if (i == email || i == ocsp_uri) { - STACK_OF(OPENSSL_STRING) *emlst = - i == email ? X509_get1_email(x) : X509_get1_ocsp(x); - - for (j = 0; j < sk_OPENSSL_STRING_num(emlst); j++) - BIO_printf(out, "%s\n", sk_OPENSSL_STRING_value(emlst, j)); - X509_email_free(emlst); - } else if (i == aliasout) { - unsigned char *alstr = X509_alias_get0(x, NULL); - - if (alstr) - BIO_printf(out, "%s\n", alstr); - else - BIO_puts(out, "\n"); - } else if (i == subject_hash) { - BIO_printf(out, "%08lx\n", X509_subject_name_hash(x)); -#ifndef OPENSSL_NO_MD5 - } else if (i == subject_hash_old) { - BIO_printf(out, "%08lx\n", X509_subject_name_hash_old(x)); -#endif - } else if (i == issuer_hash) { - BIO_printf(out, "%08lx\n", X509_issuer_name_hash(x)); -#ifndef OPENSSL_NO_MD5 - } else if (i == issuer_hash_old) { - BIO_printf(out, "%08lx\n", X509_issuer_name_hash_old(x)); -#endif - } else if (i == pprint) { - BIO_printf(out, "Certificate purposes:\n"); - for (j = 0; j < X509_PURPOSE_get_count(); j++) - purpose_print(out, x, X509_PURPOSE_get0(j)); - } else if (i == modulus) { - BIO_printf(out, "Modulus="); - if (EVP_PKEY_is_a(pkey, "RSA") || EVP_PKEY_is_a(pkey, "RSA-PSS")) { - BIGNUM *n = NULL; - - /* Every RSA key has an 'n' */ - EVP_PKEY_get_bn_param(pkey, "n", &n); - BN_print(out, n); - BN_free(n); - } else if (EVP_PKEY_is_a(pkey, "DSA")) { - BIGNUM *dsapub = NULL; - - /* Every DSA key has a 'pub' */ - EVP_PKEY_get_bn_param(pkey, "pub", &dsapub); - BN_print(out, dsapub); - BN_free(dsapub); - } else { - BIO_printf(out, "No modulus for this public key type"); - } - BIO_printf(out, "\n"); - } else if (i == print_pubkey) { - PEM_write_bio_PUBKEY(out, pkey); - } else if (i == text) { - X509_print_ex(out, x, get_nameopt(), certflag); - } else if (i == startdate) { - BIO_puts(out, "notBefore="); - ASN1_TIME_print_ex(out, X509_get0_notBefore(x), dateopt); - BIO_puts(out, "\n"); - } else if (i == enddate) { - BIO_puts(out, "notAfter="); - ASN1_TIME_print_ex(out, X509_get0_notAfter(x), dateopt); - BIO_puts(out, "\n"); - } else if (i == fingerprint) { - unsigned int n; - unsigned char md[EVP_MAX_MD_SIZE]; - const char *fdigname = digest; - EVP_MD *fdig; - int digres; - - if (fdigname == NULL) - fdigname = "SHA1"; - - if ((fdig = EVP_MD_fetch(app_get0_libctx(), fdigname, - app_get0_propq())) == NULL) { - BIO_printf(bio_err, "Unknown digest\n"); - goto end; - } - digres = X509_digest(x, fdig, md, &n); - EVP_MD_free(fdig); - if (!digres) { - BIO_printf(bio_err, "Out of memory\n"); - goto end; - } - - BIO_printf(out, "%s Fingerprint=", fdigname); - for (j = 0; j < (int)n; j++) - BIO_printf(out, "%02X%c", md[j], (j + 1 == (int)n) ? '\n' : ':'); - } else if (i == ocspid) { - X509_ocspid_print(out, x); - } else if (i == ext) { - print_x509v3_exts(out, x, ext_names); - } - } - - if (checkend) { - time_t tcheck = time(NULL) + checkoffset; - - ret = X509_cmp_time(X509_get0_notAfter(x), &tcheck) < 0; - if (ret) - BIO_printf(out, "Certificate will expire\n"); - else - BIO_printf(out, "Certificate will not expire\n"); - goto end; - } - - print_cert_checks(out, x, checkhost, checkemail, checkip); - - if (noout || nocert) { - ret = 0; - goto end; - } - - if (outformat == FORMAT_ASN1) { - i = i2d_X509_bio(out, x); - } else if (outformat == FORMAT_PEM) { - if (trustout) - i = PEM_write_bio_X509_AUX(out, x); - else - i = PEM_write_bio_X509(out, x); - } else { - BIO_printf(bio_err, "Bad output format specified for outfile\n"); - goto end; - } - if (!i) { - BIO_printf(bio_err, "Unable to write certificate\n"); - goto end; - } - ret = 0; - - end: - if (ret != 0) - ERR_print_errors(bio_err); - NCONF_free(extconf); - BIO_free_all(out); - X509_STORE_free(ctx); - X509_NAME_free(fsubj); - X509_REQ_free(req); - X509_free(x); - X509_free(xca); - EVP_PKEY_free(privkey); - EVP_PKEY_free(CAkey); - EVP_PKEY_free(pubkey); - sk_OPENSSL_STRING_free(sigopts); - sk_OPENSSL_STRING_free(vfyopts); - X509_REQ_free(rq); - ASN1_INTEGER_free(sno); - sk_ASN1_OBJECT_pop_free(trust, ASN1_OBJECT_free); - sk_ASN1_OBJECT_pop_free(reject, ASN1_OBJECT_free); - release_engine(e); - clear_free(passin); - return ret; -} - -static ASN1_INTEGER *x509_load_serial(const char *CAfile, - const char *serialfile, int create) -{ - char *buf = NULL; - ASN1_INTEGER *bs = NULL; - BIGNUM *serial = NULL; - int defaultfile = 0, file_exists; - - if (serialfile == NULL) { - const char *p = strrchr(CAfile, '.'); - size_t len = p != NULL ? (size_t)(p - CAfile) : strlen(CAfile); - - buf = app_malloc(len + sizeof(POSTFIX), "serial# buffer"); - memcpy(buf, CAfile, len); - memcpy(buf + len, POSTFIX, sizeof(POSTFIX)); - serialfile = buf; - defaultfile = 1; - } - - serial = load_serial(serialfile, &file_exists, create || defaultfile, NULL); - if (serial == NULL) - goto end; - - if (!BN_add_word(serial, 1)) { - BIO_printf(bio_err, "Serial number increment failure\n"); - goto end; - } - - if (file_exists || create) - save_serial(serialfile, NULL, serial, &bs); - else - bs = BN_to_ASN1_INTEGER(serial, NULL); - - end: - OPENSSL_free(buf); - BN_free(serial); - return bs; -} - -static int callb(int ok, X509_STORE_CTX *ctx) -{ - int err; - X509 *err_cert; - - /* - * It is ok to use a self-signed certificate. This case will catch both - * the initial ok == 0 and the final ok == 1 calls to this function. - */ - err = X509_STORE_CTX_get_error(ctx); - if (err == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT) - return 1; - - /* - * BAD we should have gotten an error. Normally if everything worked - * X509_STORE_CTX_get_error(ctx) will still be set to - * DEPTH_ZERO_SELF_.... - */ - if (ok) { - BIO_printf(bio_err, - "Error with certificate to be certified - should be self-signed\n"); - return 0; - } else { - err_cert = X509_STORE_CTX_get_current_cert(ctx); - print_name(bio_err, "subject=", X509_get_subject_name(err_cert)); - BIO_printf(bio_err, - "Error with certificate - error %d at depth %d\n%s\n", err, - X509_STORE_CTX_get_error_depth(ctx), - X509_verify_cert_error_string(err)); - return 1; - } -} - -static int purpose_print(BIO *bio, X509 *cert, X509_PURPOSE *pt) -{ - int id, i, idret; - const char *pname; - id = X509_PURPOSE_get_id(pt); - pname = X509_PURPOSE_get0_name(pt); - for (i = 0; i < 2; i++) { - idret = X509_check_purpose(cert, id, i); - BIO_printf(bio, "%s%s : ", pname, i ? " CA" : ""); - if (idret == 1) - BIO_printf(bio, "Yes\n"); - else if (idret == 0) - BIO_printf(bio, "No\n"); - else - BIO_printf(bio, "Yes (WARNING code=%d)\n", idret); - } - return 1; -} - -static int parse_ext_names(char *names, const char **result) -{ - char *p, *q; - int cnt = 0, len = 0; - - p = q = names; - len = strlen(names); - - while (q - names <= len) { - if (*q != ',' && *q != '\0') { - q++; - continue; - } - if (p != q) { - /* found */ - if (result != NULL) { - result[cnt] = p; - *q = '\0'; - } - cnt++; - } - p = ++q; - } - - return cnt; -} - -static int print_x509v3_exts(BIO *bio, X509 *x, const char *ext_names) -{ - const STACK_OF(X509_EXTENSION) *exts = NULL; - STACK_OF(X509_EXTENSION) *exts2 = NULL; - X509_EXTENSION *ext = NULL; - ASN1_OBJECT *obj; - int i, j, ret = 0, num, nn = 0; - const char *sn, **names = NULL; - char *tmp_ext_names = NULL; - - exts = X509_get0_extensions(x); - if ((num = sk_X509_EXTENSION_num(exts)) <= 0) { - BIO_printf(bio_err, "No extensions in certificate\n"); - ret = 1; - goto end; - } - - /* parse comma separated ext name string */ - if ((tmp_ext_names = OPENSSL_strdup(ext_names)) == NULL) - goto end; - if ((nn = parse_ext_names(tmp_ext_names, NULL)) == 0) { - BIO_printf(bio, "Invalid extension names: %s\n", ext_names); - goto end; - } - if ((names = OPENSSL_malloc(sizeof(char *) * nn)) == NULL) - goto end; - parse_ext_names(tmp_ext_names, names); - - for (i = 0; i < num; i++) { - ext = sk_X509_EXTENSION_value(exts, i); - - /* check if this ext is what we want */ - obj = X509_EXTENSION_get_object(ext); - sn = OBJ_nid2sn(OBJ_obj2nid(obj)); - if (sn == NULL || strcmp(sn, "UNDEF") == 0) - continue; - - for (j = 0; j < nn; j++) { - if (strcmp(sn, names[j]) == 0) { - /* push the extension into a new stack */ - if (exts2 == NULL - && (exts2 = sk_X509_EXTENSION_new_null()) == NULL) - goto end; - if (!sk_X509_EXTENSION_push(exts2, ext)) - goto end; - } - } - } - - if (!sk_X509_EXTENSION_num(exts2)) { - BIO_printf(bio, "No extensions matched with %s\n", ext_names); - ret = 1; - goto end; - } - - ret = X509V3_extensions_print(bio, NULL, exts2, 0, 0); - end: - sk_X509_EXTENSION_free(exts2); - OPENSSL_free(names); - OPENSSL_free(tmp_ext_names); - return ret; -} diff --git a/appveyor.yml b/appveyor.yml deleted file mode 100644 index 9bb6f04e0a44cb0df6c81e4bc373fb61f7cc69ac..0000000000000000000000000000000000000000 --- a/appveyor.yml +++ /dev/null @@ -1,82 +0,0 @@ -image: - - Visual Studio 2017 - -platform: - - x64 - - x86 - -environment: - fast_finish: true - matrix: - - VSVER: 15 - -configuration: - - shared - - minimal - -for: - - - branches: - only: - - master - configuration: - - shared - - plain - - minimal - -before_build: - - ps: >- - Install-Module VSSetup -Scope CurrentUser - - ps: >- - Get-VSSetupInstance -All - - ps: >- - If ($env:Platform -Match "x86") { - $env:VCVARS_PLATFORM="x86" - $env:TARGET="VC-WIN32 no-asm --strict-warnings" - } Else { - $env:VCVARS_PLATFORM="amd64" - $env:TARGET="VC-WIN64A-masm" - } - - ps: >- - If ($env:Configuration -Match "shared") { - $env:CONFIG_OPTS="enable-fips" - } ElseIf ($env:Configuration -Match "minimal") { - $env:CONFIG_OPTS="no-bulk no-asm -DOPENSSL_SMALL_FOOTPRINT" - } Else { - $env:CONFIG_OPTS="no-fips no-shared" - } - - call "C:\Program Files (x86)\Microsoft Visual Studio\2017\Community\VC\Auxiliary\Build\vcvarsall.bat" %VCVARS_PLATFORM% - - mkdir _build - - cd _build - - perl ..\Configure %TARGET% no-makedepend %CONFIG_OPTS% - - perl configdata.pm --dump - - cd .. - - ps: >- - If ($env:BUILDONLY -or $env:MAKEVERBOSE) { - $env:NMAKE="nmake" - } Else { - $env:NMAKE="nmake /S" - } - - ps: >- - gci env:* | sort-object name - -build_script: - - cd _build - - "%NMAKE% build_all_generated" - - "%NMAKE% PERL=no-perl" - - cd .. - -test_script: - - cd _build - - ps: >- - if ($env:Configuration -Match "plain") { - cmd /c "%NMAKE% test VERBOSE_FAILURE=yes 2>&1" - } Else { - cmd /c "%NMAKE% test VERBOSE_FAILURE=yes TESTS=-test_fuzz 2>&1" - } - - ps: >- - if ($env:Configuration -Match "shared") { - mkdir ..\_install - cmd /c "%NMAKE% install DESTDIR=..\_install 2>&1" - } - - cd .. diff --git a/build.info b/build.info deleted file mode 100644 index 5a8421623b97651178223b51743d2dfa4730bcf6..0000000000000000000000000000000000000000 --- a/build.info +++ /dev/null @@ -1,92 +0,0 @@ -# Note that some of these directories are filtered in Configure. Look for -# %skipdir there for further explanations. - -SUBDIRS=crypto ssl apps util tools fuzz providers doc -IF[{- !$disabled{tests} -}] - SUBDIRS=test -ENDIF -IF[{- !$disabled{'deprecated-3.0'} -}] - SUBDIRS=engines -ENDIF - -LIBS=libcrypto libssl -INCLUDE[libcrypto]=. include -INCLUDE[libssl]=. include -DEPEND[libssl]=libcrypto - -# Empty DEPEND "indices" means the dependencies are expected to be built -# unconditionally before anything else. -DEPEND[]=include/openssl/asn1.h \ - include/openssl/asn1t.h \ - include/openssl/bio.h \ - include/openssl/cmp.h \ - include/openssl/cms.h \ - include/openssl/conf.h \ - include/openssl/crmf.h \ - include/openssl/crypto.h \ - include/openssl/ct.h \ - include/openssl/err.h \ - include/openssl/ess.h \ - include/openssl/fipskey.h \ - include/openssl/lhash.h \ - include/openssl/opensslv.h \ - include/openssl/ocsp.h \ - include/openssl/pkcs12.h \ - include/openssl/pkcs7.h \ - include/openssl/safestack.h \ - include/openssl/srp.h \ - include/openssl/ssl.h \ - include/openssl/ui.h \ - include/openssl/x509.h \ - include/openssl/x509v3.h \ - include/openssl/x509_vfy.h \ - include/crypto/bn_conf.h include/crypto/dso_conf.h - -GENERATE[include/openssl/asn1.h]=include/openssl/asn1.h.in -GENERATE[include/openssl/asn1t.h]=include/openssl/asn1t.h.in -GENERATE[include/openssl/bio.h]=include/openssl/bio.h.in -GENERATE[include/openssl/cmp.h]=include/openssl/cmp.h.in -GENERATE[include/openssl/cms.h]=include/openssl/cms.h.in -GENERATE[include/openssl/conf.h]=include/openssl/conf.h.in -# include/openssl/configuration.h is generated by configdata.pm -# We still need this information for the FIPS module checksum, but the attribute -# 'skip' ensures that nothing is actually done with it. -GENERATE[include/openssl/configuration.h]{skip}=include/openssl/configuration.h.in -GENERATE[include/openssl/crmf.h]=include/openssl/crmf.h.in -GENERATE[include/openssl/crypto.h]=include/openssl/crypto.h.in -GENERATE[include/openssl/ct.h]=include/openssl/ct.h.in -GENERATE[include/openssl/err.h]=include/openssl/err.h.in -GENERATE[include/openssl/ess.h]=include/openssl/ess.h.in -GENERATE[include/openssl/fipskey.h]=include/openssl/fipskey.h.in -GENERATE[include/openssl/lhash.h]=include/openssl/lhash.h.in -GENERATE[include/openssl/ocsp.h]=include/openssl/ocsp.h.in -GENERATE[include/openssl/opensslv.h]=include/openssl/opensslv.h.in -GENERATE[include/openssl/pkcs12.h]=include/openssl/pkcs12.h.in -GENERATE[include/openssl/pkcs7.h]=include/openssl/pkcs7.h.in -GENERATE[include/openssl/safestack.h]=include/openssl/safestack.h.in -GENERATE[include/openssl/srp.h]=include/openssl/srp.h.in -GENERATE[include/openssl/ssl.h]=include/openssl/ssl.h.in -GENERATE[include/openssl/ui.h]=include/openssl/ui.h.in -GENERATE[include/openssl/x509.h]=include/openssl/x509.h.in -GENERATE[include/openssl/x509v3.h]=include/openssl/x509v3.h.in -GENERATE[include/openssl/x509_vfy.h]=include/openssl/x509_vfy.h.in -GENERATE[include/crypto/bn_conf.h]=include/crypto/bn_conf.h.in -GENERATE[include/crypto/dso_conf.h]=include/crypto/dso_conf.h.in - -IF[{- defined $target{shared_defflag} -}] - SHARED_SOURCE[libcrypto]=libcrypto.ld - SHARED_SOURCE[libssl]=libssl.ld - - GENERATE[libcrypto.ld]=util/libcrypto.num libcrypto - GENERATE[libssl.ld]=util/libssl.num libssl - DEPEND[libcrypto.ld libssl.ld]=configdata.pm util/perl/OpenSSL/Ordinals.pm -ENDIF - -IF[{- $config{target} =~ /^(?:Cygwin|mingw|VC-|BC-)/ -}] - GENERATE[libcrypto.rc]=util/mkrc.pl libcrypto - GENERATE[libssl.rc]=util/mkrc.pl libssl - DEPEND[libcrypto.rc libssl.rc]=configdata.pm - - SHARED_SOURCE[libcrypto]=libcrypto.rc - SHARED_SOURCE[libssl]=libssl.rc -ENDIF diff --git a/config b/config deleted file mode 100755 index e194d4bde4f608087751fd512107281ba0b3ada5..0000000000000000000000000000000000000000 --- a/config +++ /dev/null @@ -1,10 +0,0 @@ -#! /bin/sh -# Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - -THERE=`dirname $0` -exec "$THERE/Configure" "$@" diff --git a/config.com b/config.com deleted file mode 100644 index 21a6bce1be4527d4c6c59b36b3ce64750094112d..0000000000000000000000000000000000000000 --- a/config.com +++ /dev/null @@ -1,93 +0,0 @@ -$ ! OpenSSL config: determine the architecture and run Configure -$ ! Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. -$ ! -$ ! Licensed under the Apache License 2.0 (the "License"). You may not use -$ ! this file except in compliance with the License. You can obtain a -$ ! copy in the file LICENSE in the source distribution or at -$ ! https://www.openssl.org/source/license.html -$ ! -$ ! Very simple for the moment, it will take the following arguments: -$ ! -$ ! -32 or 32 sets /POINTER_SIZE=32 -$ ! -64 or 64 sets /POINTER_SIZE=64 -$ ! -d sets debugging -$ ! -h prints a usage and exits -$ ! -t test mode, doesn't run Configure -$ -$ arch = f$edit( f$getsyi( "arch_name"), "lowercase") -$ pointer_size = "" -$ dryrun = 0 -$ verbose = 0 -$ here = F$PARSE("A.;",F$ENVIRONMENT("PROCEDURE"),,,"SYNTAX_ONLY") - "A.;" -$ -$ collected_args = "" -$ P_index = 0 -$ LOOP1: -$ P_index = P_index + 1 -$ IF P_index .GT. 8 THEN GOTO ENDLOOP1 -$ P = F$EDIT(P1,"TRIM,LOWERCASE") -$ IF P .EQS. "-h" -$ THEN -$ dryrun = 1 -$ P = "" -$ TYPE SYS$INPUT -$ DECK -Usage: @config [options] - - -32 or 32 Build with 32-bit pointer size. - -64 or 64 Build with 64-bit pointer size. - -d Build with debugging. - -t Test mode, do not run the Configure perl script. - -v Verbose mode, show the exact Configure call that is being made. - -h This help. - -Any other text will be passed to the Configure perl script. -See INSTALL.md for instructions. - -$ EOD -$ ENDIF -$ IF P .EQS. "-t" -$ THEN -$ dryrun = 1 -$ verbose = 1 -$ P = "" -$ ENDIF -$ IF P .EQS. "-v" -$ THEN -$ verbose = 1 -$ P = "" -$ ENDIF -$ IF P .EQS. "-32" .OR. P .EQS. "32" -$ THEN -$ pointer_size = "-P32" -$ P = "" -$ ENDIF -$ IF P .EQS. "-64" .OR. P .EQS. "64" -$ THEN -$ pointer_size = "-P64" -$ P = "" -$ ENDIF -$ IF P .EQS. "-d" -$ THEN -$ collected_args = collected_args + " --debug" -$ P = "" -$ ENDIF -$ IF P .NES. "" THEN - - collected_args = collected_args + " """ + P1 + """" -$ P1 = P2 -$ P2 = P3 -$ P3 = P4 -$ P4 = P5 -$ P5 = P6 -$ P6 = P7 -$ P7 = P8 -$ P8 = "" -$ GOTO LOOP1 -$ ENDLOOP1: -$ -$ target = "vms-''arch'''pointer_size'" -$ IF verbose THEN - - WRITE SYS$OUTPUT "PERL ''here'Configure ""''target'""",collected_args -$ IF .not. dryrun THEN - - PERL 'here'Configure "''target'"'collected_args' -$ EXIT $STATUS diff --git a/configdata.pm.in b/configdata.pm.in deleted file mode 100644 index bef90608463c32bdbea4585634098d30cff28966..0000000000000000000000000000000000000000 --- a/configdata.pm.in +++ /dev/null @@ -1,487 +0,0 @@ -#! {- $config{HASHBANGPERL} -} -# -*- mode: perl -*- -{- - # We must make sourcedir() return an absolute path, because configdata.pm - # may be loaded as a module from any script in any directory, making - # relative paths untrustable. Because the result is used with 'use lib', - # we must ensure that it returns a Unix style path. Mixing File::Spec - # and File::Spec::Unix does just that. - use File::Spec::Unix; - use File::Spec; - use Cwd qw(abs_path); - sub _fixup_path { - my $path = shift; - - # Make the path absolute at all times - $path = abs_path($path); - - if ($^O eq 'VMS') { - # Convert any path of the VMS form VOLUME:[DIR1.DIR2]FILE to the - # Unix form /VOLUME/DIR1/DIR2/FILE, which is what VMS perl supports - # for 'use lib'. - - # Start with spliting the native path - (my $vol, my $dirs, my $file) = File::Spec->splitpath($path); - my @dirs = File::Spec->splitdir($dirs); - - # Reassemble it as a Unix path - $vol =~ s|:$||; - $dirs = File::Spec::Unix->catdir('', $vol, @dirs); - $path = File::Spec::Unix->catpath('', $dirs, $file); - } - - return $path; - } - sub sourcedir { - return _fixup_path(File::Spec->catdir($config{sourcedir}, @_)) - } - sub sourcefile { - return _fixup_path(File::Spec->catfile($config{sourcedir}, @_)) - } - use lib sourcedir('util', 'perl'); - use OpenSSL::Util; --} -package configdata; - -use strict; -use warnings; - -use Exporter; -our @ISA = qw(Exporter); -our @EXPORT = qw( - %config %target %disabled %withargs %unified_info - @disablables @disablables_int -); - -our %config = ({- dump_data(\%config, indent => 0); -}); -our %target = ({- dump_data(\%target, indent => 0); -}); -our @disablables = ({- dump_data(\@disablables, indent => 0) -}); -our @disablables_int = ({- dump_data(\@disablables_int, indent => 0) -}); -our %disabled = ({- dump_data(\%disabled, indent => 0); -}); -our %withargs = ({- dump_data(\%withargs, indent => 0); -}); -our %unified_info = ({- dump_data(\%unified_info, indent => 0); -}); - -# Unexported, only used by OpenSSL::Test::Utils::available_protocols() -our %available_protocols = ( - tls => [{- dump_data(\@tls, indent => 0) -}], - dtls => [{- dump_data(\@dtls, indent => 0) -}], -); - -# The following data is only used when this files is use as a script -my @makevars = ({- dump_data(\@makevars, indent => 0); -}); -my %disabled_info = ({- dump_data(\%disabled_info, indent => 0); -}); -my @user_crossable = qw( {- join (' ', @user_crossable) -} ); - -# If run directly, we can give some answers, and even reconfigure -unless (caller) { - use Getopt::Long; - use File::Spec::Functions; - use File::Basename; - use File::Compare qw(compare_text); - use File::Copy; - use Pod::Usage; - - use lib '{- sourcedir('util', 'perl') -}'; - use OpenSSL::fallback '{- sourcefile('external', 'perl', 'MODULES.txt') -}'; - - my $here = dirname($0); - - if (scalar @ARGV == 0) { - # With no arguments, re-create the build file - # We do that in two steps, where the first step emits perl - # snipets. - - my $buildfile = $target{build_file}; - my $buildfile_template = "$buildfile.in"; - my @autowarntext = ( - 'WARNING: do not edit!', - "Generated by configdata.pm from " - .join(", ", @{$config{build_file_templates}}), - "via $buildfile_template" - ); - my %gendata = ( - config => \%config, - target => \%target, - disabled => \%disabled, - withargs => \%withargs, - unified_info => \%unified_info, - autowarntext => \@autowarntext, - ); - - use lib '.'; - use lib '{- sourcedir('Configurations') -}'; - use gentemplate; - - open my $buildfile_template_fh, ">$buildfile_template" - or die "Trying to create $buildfile_template: $!"; - foreach (@{$config{build_file_templates}}) { - copy($_, $buildfile_template_fh) - or die "Trying to copy $_ into $buildfile_template: $!"; - } - gentemplate(output => $buildfile_template_fh, %gendata); - close $buildfile_template_fh; - print 'Created ',$buildfile_template,"\n"; - - use OpenSSL::Template; - - my $prepend = <<'_____'; -use File::Spec::Functions; -use lib '{- sourcedir('util', 'perl') -}'; -use lib '{- sourcedir('Configurations') -}'; -use lib '{- $config{builddir} -}'; -use platform; -_____ - - my $tmpl; - open BUILDFILE, ">$buildfile.new" - or die "Trying to create $buildfile.new: $!"; - $tmpl = OpenSSL::Template->new(TYPE => 'FILE', - SOURCE => $buildfile_template); - $tmpl->fill_in(FILENAME => $_, - OUTPUT => \*BUILDFILE, - HASH => \%gendata, - PREPEND => $prepend, - # To ensure that global variables and functions - # defined in one template stick around for the - # next, making them combinable - PACKAGE => 'OpenSSL::safe') - or die $Text::Template::ERROR; - close BUILDFILE; - rename("$buildfile.new", $buildfile) - or die "Trying to rename $buildfile.new to $buildfile: $!"; - print 'Created ',$buildfile,"\n"; - - my $configuration_h = - catfile('include', 'openssl', 'configuration.h'); - my $configuration_h_in = - catfile($config{sourcedir}, 'include', 'openssl', 'configuration.h.in'); - open CONFIGURATION_H, ">${configuration_h}.new" - or die "Trying to create ${configuration_h}.new: $!"; - $tmpl = OpenSSL::Template->new(TYPE => 'FILE', - SOURCE => $configuration_h_in); - $tmpl->fill_in(FILENAME => $_, - OUTPUT => \*CONFIGURATION_H, - HASH => \%gendata, - PREPEND => $prepend, - # To ensure that global variables and functions - # defined in one template stick around for the - # next, making them combinable - PACKAGE => 'OpenSSL::safe') - or die $Text::Template::ERROR; - close CONFIGURATION_H; - - # When using stat() on Windows, we can get it to perform better by - # avoid some data. This doesn't affect the mtime field, so we're not - # losing anything... - ${^WIN32_SLOPPY_STAT} = 1; - - my $update_configuration_h = 0; - if (-f $configuration_h) { - my $configuration_h_mtime = (stat($configuration_h))[9]; - my $configuration_h_in_mtime = (stat($configuration_h_in))[9]; - - # If configuration.h.in was updated after the last configuration.h, - # or if configuration.h.new differs configuration.h, we update - # configuration.h - if ($configuration_h_mtime < $configuration_h_in_mtime - || compare_text("${configuration_h}.new", $configuration_h) != 0) { - $update_configuration_h = 1; - } else { - # If nothing has changed, let's just drop the new one and - # pretend like nothing happened - unlink "${configuration_h}.new" - } - } else { - $update_configuration_h = 1; - } - - if ($update_configuration_h) { - rename("${configuration_h}.new", $configuration_h) - or die "Trying to rename ${configuration_h}.new to $configuration_h: $!"; - print 'Created ',$configuration_h,"\n"; - } - - exit(0); - } - - my $dump = undef; - my $cmdline = undef; - my $options = undef; - my $target = undef; - my $envvars = undef; - my $makevars = undef; - my $buildparams = undef; - my $reconf = undef; - my $verbose = undef; - my $query = undef; - my $help = undef; - my $man = undef; - GetOptions('dump|d' => \$dump, - 'command-line|c' => \$cmdline, - 'options|o' => \$options, - 'target|t' => \$target, - 'environment|e' => \$envvars, - 'make-variables|m' => \$makevars, - 'build-parameters|b' => \$buildparams, - 'reconfigure|reconf|r' => \$reconf, - 'verbose|v' => \$verbose, - 'query|q=s' => \$query, - 'help' => \$help, - 'man' => \$man) - or die "Errors in command line arguments\n"; - - # We allow extra arguments with --query. That allows constructs like - # this: - # ./configdata.pm --query 'get_sources(@ARGV)' file1 file2 file3 - if (!$query && scalar @ARGV > 0) { - print STDERR <<"_____"; -Unrecognised arguments. -For more information, do '$0 --help' -_____ - exit(2); - } - - if ($help) { - pod2usage(-exitval => 0, - -verbose => 1); - } - if ($man) { - pod2usage(-exitval => 0, - -verbose => 2); - } - if ($dump || $cmdline) { - print "\nCommand line (with current working directory = $here):\n\n"; - print ' ',join(' ', - $config{PERL}, - catfile($config{sourcedir}, 'Configure'), - @{$config{perlargv}}), "\n"; - print "\nPerl information:\n\n"; - print ' ',$config{perl_cmd},"\n"; - print ' ',$config{perl_version},' for ',$config{perl_archname},"\n"; - } - if ($dump || $options) { - my $longest = 0; - my $longest2 = 0; - foreach my $what (@disablables) { - $longest = length($what) if $longest < length($what); - $longest2 = length($disabled{$what}) - if $disabled{$what} && $longest2 < length($disabled{$what}); - } - print "\nEnabled features:\n\n"; - foreach my $what (@disablables) { - print " $what\n" unless $disabled{$what}; - } - print "\nDisabled features:\n\n"; - foreach my $what (@disablables) { - if ($disabled{$what}) { - print " $what", ' ' x ($longest - length($what) + 1), - "[$disabled{$what}]", ' ' x ($longest2 - length($disabled{$what}) + 1); - print $disabled_info{$what}->{macro} - if $disabled_info{$what}->{macro}; - print ' (skip ', - join(', ', @{$disabled_info{$what}->{skipped}}), - ')' - if $disabled_info{$what}->{skipped}; - print "\n"; - } - } - } - if ($dump || $target) { - print "\nConfig target attributes:\n\n"; - foreach (sort keys %target) { - next if $_ =~ m|^_| || $_ eq 'template'; - my $quotify = sub { - map { - if (defined $_) { - (my $x = $_) =~ s|([\\\$\@"])|\\$1|g; "\"$x\"" - } else { - "undef"; - } - } @_; - }; - print ' ', $_, ' => '; - if (ref($target{$_}) eq "ARRAY") { - print '[ ', join(', ', $quotify->(@{$target{$_}})), " ],\n"; - } else { - print $quotify->($target{$_}), ",\n" - } - } - } - if ($dump || $envvars) { - print "\nRecorded environment:\n\n"; - foreach (sort keys %{$config{perlenv}}) { - print ' ',$_,' = ',($config{perlenv}->{$_} || ''),"\n"; - } - } - if ($dump || $makevars) { - print "\nMakevars:\n\n"; - foreach my $var (@makevars) { - my $prefix = ''; - $prefix = $config{CROSS_COMPILE} - if grep { $var eq $_ } @user_crossable; - $prefix //= ''; - print ' ',$var,' ' x (16 - length $var),'= ', - (ref $config{$var} eq 'ARRAY' - ? join(' ', @{$config{$var}}) - : $prefix.$config{$var}), - "\n" - if defined $config{$var}; - } - - my @buildfile = ($config{builddir}, $config{build_file}); - unshift @buildfile, $here - unless file_name_is_absolute($config{builddir}); - my $buildfile = canonpath(catdir(@buildfile)); - print <<"_____"; - -NOTE: These variables only represent the configuration view. The build file -template may have processed these variables further, please have a look at the -build file for more exact data: - $buildfile -_____ - } - if ($dump || $buildparams) { - my @buildfile = ($config{builddir}, $config{build_file}); - unshift @buildfile, $here - unless file_name_is_absolute($config{builddir}); - print "\nbuild file:\n\n"; - print " ", canonpath(catfile(@buildfile)),"\n"; - - print "\nbuild file templates:\n\n"; - foreach (@{$config{build_file_templates}}) { - my @tmpl = ($_); - unshift @tmpl, $here - unless file_name_is_absolute($config{sourcedir}); - print ' ',canonpath(catfile(@tmpl)),"\n"; - } - } - if ($reconf) { - if ($verbose) { - print 'Reconfiguring with: ', join(' ',@{$config{perlargv}}), "\n"; - foreach (sort keys %{$config{perlenv}}) { - print ' ',$_,' = ',($config{perlenv}->{$_} || ""),"\n"; - } - } - - chdir $here; - exec $^X,catfile($config{sourcedir}, 'Configure'),'reconf'; - } - if ($query) { - use OpenSSL::Config::Query; - - my $confquery = OpenSSL::Config::Query->new(info => \%unified_info, - config => \%config); - my $result = eval "\$confquery->$query"; - - # We may need a result class with a printing function at some point. - # Until then, we assume that we get a scalar, or a list or a hash table - # with scalar values and simply print them in some orderly fashion. - if (ref $result eq 'ARRAY') { - print "$_\n" foreach @$result; - } elsif (ref $result eq 'HASH') { - print "$_ : \\\n ", join(" \\\n ", @{$result->{$_}}), "\n" - foreach sort keys %$result; - } elsif (ref $result eq 'SCALAR') { - print "$$result\n"; - } - } -} - -1; - -__END__ - -=head1 NAME - -configdata.pm - configuration data for OpenSSL builds - -=head1 SYNOPSIS - -Interactive: - - perl configdata.pm [options] - -As data bank module: - - use configdata; - -=head1 DESCRIPTION - -This module can be used in two modes, interactively and as a module containing -all the data recorded by OpenSSL's Configure script. - -When used interactively, simply run it as any perl script. -If run with no arguments, it will rebuild the build file (Makefile or -corresponding). -With at least one option, it will instead get the information you ask for, or -re-run the configuration process. -See L below for more information. - -When loaded as a module, you get a few databanks with useful information to -perform build related tasks. The databanks are: - - %config Configured things. - %target The OpenSSL config target with all inheritances - resolved. - %disabled The features that are disabled. - @disablables The list of features that can be disabled. - %withargs All data given through --with-THING options. - %unified_info All information that was computed from the build.info - files. - -=head1 OPTIONS - -=over 4 - -=item B<--help> - -Print a brief help message and exit. - -=item B<--man> - -Print the manual page and exit. - -=item B<--dump> | B<-d> - -Print all relevant configuration data. This is equivalent to B<--command-line> -B<--options> B<--target> B<--environment> B<--make-variables> -B<--build-parameters>. - -=item B<--command-line> | B<-c> - -Print the current configuration command line. - -=item B<--options> | B<-o> - -Print the features, both enabled and disabled, and display defined macro and -skipped directories where applicable. - -=item B<--target> | B<-t> - -Print the config attributes for this config target. - -=item B<--environment> | B<-e> - -Print the environment variables and their values at the time of configuration. - -=item B<--make-variables> | B<-m> - -Print the main make variables generated in the current configuration - -=item B<--build-parameters> | B<-b> - -Print the build parameters, i.e. build file and build file templates. - -=item B<--reconfigure> | B<--reconf> | B<-r> - -Re-run the configuration process. - -=item B<--verbose> | B<-v> - -Verbose output. - -=back - -=cut - -EOF diff --git a/crypto/LPdir_nyi.c b/crypto/LPdir_nyi.c deleted file mode 100644 index a1540785f87d48735c306d6d82bc062c8abe6574..0000000000000000000000000000000000000000 --- a/crypto/LPdir_nyi.c +++ /dev/null @@ -1,56 +0,0 @@ -/* - * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * This file is dual-licensed and is also available under the following - * terms: - * - * Copyright (c) 2004, Richard Levitte - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#ifndef LPDIR_H -# include "LPdir.h" -#endif - -struct LP_dir_context_st { - void *dummy; -}; -const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory) -{ - errno = EINVAL; - return 0; -} - -int LP_find_file_end(LP_DIR_CTX **ctx) -{ - errno = EINVAL; - return 0; -} diff --git a/crypto/LPdir_unix.c b/crypto/LPdir_unix.c deleted file mode 100644 index bc0e924e46a741be5ffb3c76dac23d9009986c64..0000000000000000000000000000000000000000 --- a/crypto/LPdir_unix.c +++ /dev/null @@ -1,169 +0,0 @@ -/* - * Copyright 2004-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * This file is dual-licensed and is also available under the following - * terms: - * - * Copyright (c) 2004, 2018, Richard Levitte - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT - * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE - * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#include -#include -#include -#include -#include -#include -#include -#ifndef LPDIR_H -# include "LPdir.h" -#endif -#ifdef __VMS -# include -#endif - -/* - * The POSIX macro for the maximum number of characters in a file path is - * NAME_MAX. However, some operating systems use PATH_MAX instead. - * Therefore, it seems natural to first check for PATH_MAX and use that, and - * if it doesn't exist, use NAME_MAX. - */ -#if defined(PATH_MAX) -# define LP_ENTRY_SIZE PATH_MAX -#elif defined(NAME_MAX) -# define LP_ENTRY_SIZE NAME_MAX -#endif - -/* - * Of course, there's the possibility that neither PATH_MAX nor NAME_MAX - * exist. It's also possible that NAME_MAX exists but is define to a very - * small value (HP-UX offers 14), so we need to check if we got a result, and - * if it meets a minimum standard, and create or change it if not. - */ -#if !defined(LP_ENTRY_SIZE) || LP_ENTRY_SIZE<255 -# undef LP_ENTRY_SIZE -# define LP_ENTRY_SIZE 255 -#endif - -struct LP_dir_context_st { - DIR *dir; - char entry_name[LP_ENTRY_SIZE + 1]; -#ifdef __VMS - int expect_file_generations; - char previous_entry_name[LP_ENTRY_SIZE + 1]; -#endif -}; - -const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory) -{ - struct dirent *direntry = NULL; - - if (ctx == NULL || directory == NULL) { - errno = EINVAL; - return 0; - } - - errno = 0; - if (*ctx == NULL) { - *ctx = malloc(sizeof(**ctx)); - if (*ctx == NULL) { - errno = ENOMEM; - return 0; - } - memset(*ctx, 0, sizeof(**ctx)); - -#ifdef __VMS - { - char c = directory[strlen(directory) - 1]; - - if (c == ']' || c == '>' || c == ':') - (*ctx)->expect_file_generations = 1; - } -#endif - - (*ctx)->dir = opendir(directory); - if ((*ctx)->dir == NULL) { - int save_errno = errno; /* Probably not needed, but I'm paranoid */ - free(*ctx); - *ctx = NULL; - errno = save_errno; - return 0; - } - } - -#ifdef __VMS - strncpy((*ctx)->previous_entry_name, (*ctx)->entry_name, - sizeof((*ctx)->previous_entry_name)); - - again: -#endif - - direntry = readdir((*ctx)->dir); - if (direntry == NULL) { - return 0; - } - - OPENSSL_strlcpy((*ctx)->entry_name, direntry->d_name, - sizeof((*ctx)->entry_name)); -#ifdef __VMS - if ((*ctx)->expect_file_generations) { - char *p = (*ctx)->entry_name + strlen((*ctx)->entry_name); - - while(p > (*ctx)->entry_name && isdigit(p[-1])) - p--; - if (p > (*ctx)->entry_name && p[-1] == ';') - p[-1] = '\0'; - if (OPENSSL_strcasecmp((*ctx)->entry_name, - (*ctx)->previous_entry_name) == 0) - goto again; - } -#endif - return (*ctx)->entry_name; -} - -int LP_find_file_end(LP_DIR_CTX **ctx) -{ - if (ctx != NULL && *ctx != NULL) { - int ret = closedir((*ctx)->dir); - - free(*ctx); - switch (ret) { - case 0: - return 1; - case -1: - return 0; - default: - break; - } - } - errno = EINVAL; - return 0; -} diff --git a/crypto/LPdir_vms.c b/crypto/LPdir_vms.c deleted file mode 100644 index 51043263ae6708e64e6a77987d5e97b3e211750d..0000000000000000000000000000000000000000 --- a/crypto/LPdir_vms.c +++ /dev/null @@ -1,207 +0,0 @@ -/* - * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * This file is dual-licensed and is also available under the following - * terms: - * - * Copyright (c) 2004, Richard Levitte - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT - * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE - * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#ifndef LPDIR_H -# include "LPdir.h" -#endif -#include "vms_rms.h" - -/* Some compiler options hide EVMSERR. */ -#ifndef EVMSERR -# define EVMSERR 65535 /* error for non-translatable VMS errors */ -#endif - -struct LP_dir_context_st { - unsigned long VMS_context; - char filespec[NAMX_MAXRSS + 1]; - char result[NAMX_MAXRSS + 1]; - struct dsc$descriptor_d filespec_dsc; - struct dsc$descriptor_d result_dsc; -}; - -const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory) -{ - int status; - char *p, *r; - size_t l; - unsigned long flags = 0; - -/* Arrange 32-bit pointer to (copied) string storage, if needed. */ -#if __INITIAL_POINTER_SIZE == 64 -# pragma pointer_size save -# pragma pointer_size 32 - char *ctx_filespec_32p; -# pragma pointer_size restore - char ctx_filespec_32[NAMX_MAXRSS + 1]; -#endif /* __INITIAL_POINTER_SIZE == 64 */ - -#ifdef NAML$C_MAXRSS - flags |= LIB$M_FIL_LONG_NAMES; -#endif - - if (ctx == NULL || directory == NULL) { - errno = EINVAL; - return 0; - } - - errno = 0; - if (*ctx == NULL) { - size_t filespeclen = strlen(directory); - char *filespec = NULL; - - if (filespeclen == 0) { - errno = ENOENT; - return 0; - } - - /* MUST be a VMS directory specification! Let's estimate if it is. */ - if (directory[filespeclen - 1] != ']' - && directory[filespeclen - 1] != '>' - && directory[filespeclen - 1] != ':') { - errno = EINVAL; - return 0; - } - - filespeclen += 4; /* "*.*;" */ - - if (filespeclen > NAMX_MAXRSS) { - errno = ENAMETOOLONG; - return 0; - } - - *ctx = malloc(sizeof(**ctx)); - if (*ctx == NULL) { - errno = ENOMEM; - return 0; - } - memset(*ctx, 0, sizeof(**ctx)); - - strcpy((*ctx)->filespec, directory); - strcat((*ctx)->filespec, "*.*;"); - -/* Arrange 32-bit pointer to (copied) string storage, if needed. */ -#if __INITIAL_POINTER_SIZE == 64 -# define CTX_FILESPEC ctx_filespec_32p - /* Copy the file name to storage with a 32-bit pointer. */ - ctx_filespec_32p = ctx_filespec_32; - strcpy(ctx_filespec_32p, (*ctx)->filespec); -#else /* __INITIAL_POINTER_SIZE == 64 */ -# define CTX_FILESPEC (*ctx)->filespec -#endif /* __INITIAL_POINTER_SIZE == 64 [else] */ - - (*ctx)->filespec_dsc.dsc$w_length = filespeclen; - (*ctx)->filespec_dsc.dsc$b_dtype = DSC$K_DTYPE_T; - (*ctx)->filespec_dsc.dsc$b_class = DSC$K_CLASS_S; - (*ctx)->filespec_dsc.dsc$a_pointer = CTX_FILESPEC; - } - - (*ctx)->result_dsc.dsc$w_length = 0; - (*ctx)->result_dsc.dsc$b_dtype = DSC$K_DTYPE_T; - (*ctx)->result_dsc.dsc$b_class = DSC$K_CLASS_D; - (*ctx)->result_dsc.dsc$a_pointer = 0; - - status = lib$find_file(&(*ctx)->filespec_dsc, &(*ctx)->result_dsc, - &(*ctx)->VMS_context, 0, 0, 0, &flags); - - if (status == RMS$_NMF) { - errno = 0; - vaxc$errno = status; - return NULL; - } - - if (!$VMS_STATUS_SUCCESS(status)) { - errno = EVMSERR; - vaxc$errno = status; - return NULL; - } - - /* - * Quick, cheap and dirty way to discard any device and directory, since - * we only want file names - */ - l = (*ctx)->result_dsc.dsc$w_length; - p = (*ctx)->result_dsc.dsc$a_pointer; - r = p; - for (; *p; p++) { - if (*p == '^' && p[1] != '\0') { /* Take care of ODS-5 escapes */ - p++; - } else if (*p == ':' || *p == '>' || *p == ']') { - l -= p + 1 - r; - r = p + 1; - } else if (*p == ';') { - l = p - r; - break; - } - } - - strncpy((*ctx)->result, r, l); - (*ctx)->result[l] = '\0'; - str$free1_dx(&(*ctx)->result_dsc); - - return (*ctx)->result; -} - -int LP_find_file_end(LP_DIR_CTX **ctx) -{ - if (ctx != NULL && *ctx != NULL) { - int status = lib$find_file_end(&(*ctx)->VMS_context); - - free(*ctx); - - if (!$VMS_STATUS_SUCCESS(status)) { - errno = EVMSERR; - vaxc$errno = status; - return 0; - } - return 1; - } - errno = EINVAL; - return 0; -} diff --git a/crypto/LPdir_win.c b/crypto/LPdir_win.c deleted file mode 100644 index 83cbe1fc09071bf0012edb429682023d4b785b06..0000000000000000000000000000000000000000 --- a/crypto/LPdir_win.c +++ /dev/null @@ -1,214 +0,0 @@ -/* - * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * This file is dual-licensed and is also available under the following - * terms: - * - * Copyright (c) 2004, Richard Levitte - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT - * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE - * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#include -#include -#include "internal/numbers.h" -#ifndef LPDIR_H -# include "LPdir.h" -#endif - -/* - * We're most likely overcautious here, but let's reserve for broken WinCE - * headers and explicitly opt for UNICODE call. Keep in mind that our WinCE - * builds are compiled with -DUNICODE [as well as -D_UNICODE]. - */ -#if defined(LP_SYS_WINCE) && !defined(FindFirstFile) -# define FindFirstFile FindFirstFileW -#endif -#if defined(LP_SYS_WINCE) && !defined(FindNextFile) -# define FindNextFile FindNextFileW -#endif - -#ifndef NAME_MAX -# define NAME_MAX 255 -#endif - -#ifdef CP_UTF8 -# define CP_DEFAULT CP_UTF8 -#else -# define CP_DEFAULT CP_ACP -#endif - -struct LP_dir_context_st { - WIN32_FIND_DATA ctx; - HANDLE handle; - char entry_name[NAME_MAX + 1]; -}; - -const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory) -{ - if (ctx == NULL || directory == NULL) { - errno = EINVAL; - return 0; - } - - errno = 0; - if (*ctx == NULL) { - size_t dirlen = strlen(directory); - - if (dirlen == 0 || dirlen > INT_MAX - 3) { - errno = ENOENT; - return 0; - } - - *ctx = malloc(sizeof(**ctx)); - if (*ctx == NULL) { - errno = ENOMEM; - return 0; - } - memset(*ctx, 0, sizeof(**ctx)); - - if (sizeof(TCHAR) != sizeof(char)) { - TCHAR *wdir = NULL; - /* len_0 denotes string length *with* trailing 0 */ - size_t index = 0, len_0 = dirlen + 1; -#ifdef LP_MULTIBYTE_AVAILABLE - int sz = 0; - UINT cp; - - do { -# ifdef CP_UTF8 - if ((sz = MultiByteToWideChar((cp = CP_UTF8), 0, - directory, len_0, - NULL, 0)) > 0 || - GetLastError() != ERROR_NO_UNICODE_TRANSLATION) - break; -# endif - sz = MultiByteToWideChar((cp = CP_ACP), 0, - directory, len_0, - NULL, 0); - } while (0); - - if (sz > 0) { - /* - * allocate two additional characters in case we need to - * concatenate asterisk, |sz| covers trailing '\0'! - */ - wdir = _alloca((sz + 2) * sizeof(TCHAR)); - if (!MultiByteToWideChar(cp, 0, directory, len_0, - (WCHAR *)wdir, sz)) { - free(*ctx); - *ctx = NULL; - errno = EINVAL; - return 0; - } - } else -#endif - { - sz = len_0; - /* - * allocate two additional characters in case we need to - * concatenate asterisk, |sz| covers trailing '\0'! - */ - wdir = _alloca((sz + 2) * sizeof(TCHAR)); - for (index = 0; index < len_0; index++) - wdir[index] = (TCHAR)directory[index]; - } - - sz--; /* wdir[sz] is trailing '\0' now */ - if (wdir[sz - 1] != TEXT('*')) { - if (wdir[sz - 1] != TEXT('/') && wdir[sz - 1] != TEXT('\\')) - _tcscpy(wdir + sz, TEXT("/*")); - else - _tcscpy(wdir + sz, TEXT("*")); - } - - (*ctx)->handle = FindFirstFile(wdir, &(*ctx)->ctx); - } else { - if (directory[dirlen - 1] != '*') { - char *buf = _alloca(dirlen + 3); - - strcpy(buf, directory); - if (buf[dirlen - 1] != '/' && buf[dirlen - 1] != '\\') - strcpy(buf + dirlen, "/*"); - else - strcpy(buf + dirlen, "*"); - - directory = buf; - } - - (*ctx)->handle = FindFirstFile((TCHAR *)directory, &(*ctx)->ctx); - } - - if ((*ctx)->handle == INVALID_HANDLE_VALUE) { - free(*ctx); - *ctx = NULL; - errno = EINVAL; - return 0; - } - } else { - if (FindNextFile((*ctx)->handle, &(*ctx)->ctx) == FALSE) { - return 0; - } - } - if (sizeof(TCHAR) != sizeof(char)) { - TCHAR *wdir = (*ctx)->ctx.cFileName; - size_t index, len_0 = 0; - - while (wdir[len_0] && len_0 < (sizeof((*ctx)->entry_name) - 1)) - len_0++; - len_0++; - -#ifdef LP_MULTIBYTE_AVAILABLE - if (!WideCharToMultiByte(CP_DEFAULT, 0, (WCHAR *)wdir, len_0, - (*ctx)->entry_name, - sizeof((*ctx)->entry_name), NULL, 0)) -#endif - for (index = 0; index < len_0; index++) - (*ctx)->entry_name[index] = (char)wdir[index]; - } else - strncpy((*ctx)->entry_name, (const char *)(*ctx)->ctx.cFileName, - sizeof((*ctx)->entry_name) - 1); - - (*ctx)->entry_name[sizeof((*ctx)->entry_name) - 1] = '\0'; - - return (*ctx)->entry_name; -} - -int LP_find_file_end(LP_DIR_CTX **ctx) -{ - if (ctx != NULL && *ctx != NULL) { - FindClose((*ctx)->handle); - free(*ctx); - *ctx = NULL; - return 1; - } - errno = EINVAL; - return 0; -} diff --git a/crypto/LPdir_win32.c b/crypto/LPdir_win32.c deleted file mode 100644 index b29e096ff30f939de5c38f9674a7f8bf38c0df30..0000000000000000000000000000000000000000 --- a/crypto/LPdir_win32.c +++ /dev/null @@ -1,41 +0,0 @@ -/* - * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * This file is dual-licensed and is also available under the following - * terms: - * - * Copyright (c) 2004, Richard Levitte - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT - * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE - * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#define LP_SYS_WIN32 -#define LP_MULTIBYTE_AVAILABLE -#include "LPdir_win.c" diff --git a/crypto/LPdir_wince.c b/crypto/LPdir_wince.c deleted file mode 100644 index ebf89628272a502d909e8eb3fabfcad7deca70cc..0000000000000000000000000000000000000000 --- a/crypto/LPdir_wince.c +++ /dev/null @@ -1,44 +0,0 @@ -/* - * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * This file is dual-licensed and is also available under the following - * terms: - * - * Copyright (c) 2004, Richard Levitte - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT - * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE - * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#define LP_SYS_WINCE -/* - * We might want to define LP_MULTIBYTE_AVAILABLE here. It's currently under - * investigation what the exact conditions would be - */ -#include "LPdir_win.c" diff --git a/crypto/README-sparse_array.md b/crypto/README-sparse_array.md deleted file mode 100644 index bc2ff0cb8aeee4e16e81de3e00400861fadbd094..0000000000000000000000000000000000000000 --- a/crypto/README-sparse_array.md +++ /dev/null @@ -1,156 +0,0 @@ -Sparse Arrays -============= - -The `sparse_array.c` file contains an implementation of a sparse array that -attempts to be both space and time efficient. - -The sparse array is represented using a tree structure. Each node in the -tree contains a block of pointers to either the user supplied leaf values or -to another node. - -There are a number of parameters used to define the block size: - - OPENSSL_SA_BLOCK_BITS Specifies the number of bits covered by each block - SA_BLOCK_MAX Specifies the number of pointers in each block - SA_BLOCK_MASK Specifies a bit mask to perform modulo block size - SA_BLOCK_MAX_LEVELS Indicates the maximum possible height of the tree - -These constants are inter-related: - - SA_BLOCK_MAX = 2 ^ OPENSSL_SA_BLOCK_BITS - SA_BLOCK_MASK = SA_BLOCK_MAX - 1 - SA_BLOCK_MAX_LEVELS = number of bits in size_t divided by - OPENSSL_SA_BLOCK_BITS rounded up to the next multiple - of OPENSSL_SA_BLOCK_BITS - -`OPENSSL_SA_BLOCK_BITS` can be defined at compile time and this overrides the -built in setting. - -As a space and performance optimisation, the height of the tree is usually -less than the maximum possible height. Only sufficient height is allocated to -accommodate the largest index added to the data structure. - -The largest index used to add a value to the array determines the tree height: - - +----------------------+---------------------+ - | Largest Added Index | Height of Tree | - +----------------------+---------------------+ - | SA_BLOCK_MAX - 1 | 1 | - | SA_BLOCK_MAX ^ 2 - 1 | 2 | - | SA_BLOCK_MAX ^ 3 - 1 | 3 | - | ... | ... | - | size_t max | SA_BLOCK_MAX_LEVELS | - +----------------------+---------------------+ - -The tree height is dynamically increased as needed based on additions. - -An empty tree is represented by a NULL root pointer. Inserting a value at -index 0 results in the allocation of a top level node full of null pointers -except for the single pointer to the user's data (N = SA_BLOCK_MAX for -brevity): - - +----+ - |Root| - |Node| - +-+--+ - | - | - | - v - +-+-+---+---+---+---+ - | 0 | 1 | 2 |...|N-1| - | |nil|nil|...|nil| - +-+-+---+---+---+---+ - | - | - | - v - +-+--+ - |User| - |Data| - +----+ - Index 0 - -Inserting at element 2N+1 creates a new root node and pushes down the old root -node. It then creates a second second level node to hold the pointer to the -user's new data: - - +----+ - |Root| - |Node| - +-+--+ - | - | - | - v - +-+-+---+---+---+---+ - | 0 | 1 | 2 |...|N-1| - | |nil| |...|nil| - +-+-+---+-+-+---+---+ - | | - | +------------------+ - | | - v v - +-+-+---+---+---+---+ +-+-+---+---+---+---+ - | 0 | 1 | 2 |...|N-1| | 0 | 1 | 2 |...|N-1| - |nil| |nil|...|nil| |nil| |nil|...|nil| - +-+-+---+---+---+---+ +---+-+-+---+---+---+ - | | - | | - | | - v v - +-+--+ +-+--+ - |User| |User| - |Data| |Data| - +----+ +----+ - Index 0 Index 2N+1 - -The nodes themselves are allocated in a sparse manner. Only nodes which exist -along a path from the root of the tree to an added leaf will be allocated. -The complexity is hidden and nodes are allocated on an as needed basis. -Because the data is expected to be sparse this doesn't result in a large waste -of space. - -Values can be removed from the sparse array by setting their index position to -NULL. The data structure does not attempt to reclaim nodes or reduce the -height of the tree on removal. For example, now setting index 0 to NULL would -result in: - - +----+ - |Root| - |Node| - +-+--+ - | - | - | - v - +-+-+---+---+---+---+ - | 0 | 1 | 2 |...|N-1| - | |nil| |...|nil| - +-+-+---+-+-+---+---+ - | | - | +------------------+ - | | - v v - +-+-+---+---+---+---+ +-+-+---+---+---+---+ - | 0 | 1 | 2 |...|N-1| | 0 | 1 | 2 |...|N-1| - |nil|nil|nil|...|nil| |nil| |nil|...|nil| - +---+---+---+---+---+ +---+-+-+---+---+---+ - | - | - | - v - +-+--+ - |User| - |Data| - +----+ - Index 2N+1 - -Accesses to elements in the sparse array take O(log n) time where n is the -largest element. The base of the logarithm is `SA_BLOCK_MAX`, so for moderately -small indices (e.g. NIDs), single level (constant time) access is achievable. -Space usage is O(minimum(m, n log(n)) where m is the number of elements in the -array. - -Note: sparse arrays only include pointers to types. -Thus, `SPARSE_ARRAY_OF(char)` can be used to store a string. diff --git a/crypto/aes/aes_cbc.c b/crypto/aes/aes_cbc.c deleted file mode 100644 index f2d5381b86d79f306e9d6626083a3f63fd75db04..0000000000000000000000000000000000000000 --- a/crypto/aes/aes_cbc.c +++ /dev/null @@ -1,31 +0,0 @@ -/* - * Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * AES low level APIs are deprecated for public use, but still ok for internal - * use where we're using them to implement the higher level EVP interface, as is - * the case here. - */ -#include "internal/deprecated.h" - -#include -#include - -void AES_cbc_encrypt(const unsigned char *in, unsigned char *out, - size_t len, const AES_KEY *key, - unsigned char *ivec, const int enc) -{ - - if (enc) - CRYPTO_cbc128_encrypt(in, out, len, key, ivec, - (block128_f) AES_encrypt); - else - CRYPTO_cbc128_decrypt(in, out, len, key, ivec, - (block128_f) AES_decrypt); -} diff --git a/crypto/aes/aes_cfb.c b/crypto/aes/aes_cfb.c deleted file mode 100644 index e5fcbb87f6090fff231a329a021916055d886eb3..0000000000000000000000000000000000000000 --- a/crypto/aes/aes_cfb.c +++ /dev/null @@ -1,49 +0,0 @@ -/* - * Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * AES_encrypt is deprecated - but we need to use it to implement these other - * deprecated APIs. - */ -#include "internal/deprecated.h" - -#include -#include - -/* - * The input and output encrypted as though 128bit cfb mode is being used. - * The extra state information to record how much of the 128bit block we have - * used is contained in *num; - */ - -void AES_cfb128_encrypt(const unsigned char *in, unsigned char *out, - size_t length, const AES_KEY *key, - unsigned char *ivec, int *num, const int enc) -{ - - CRYPTO_cfb128_encrypt(in, out, length, key, ivec, num, enc, - (block128_f) AES_encrypt); -} - -/* N.B. This expects the input to be packed, MS bit first */ -void AES_cfb1_encrypt(const unsigned char *in, unsigned char *out, - size_t length, const AES_KEY *key, - unsigned char *ivec, int *num, const int enc) -{ - CRYPTO_cfb128_1_encrypt(in, out, length, key, ivec, num, enc, - (block128_f) AES_encrypt); -} - -void AES_cfb8_encrypt(const unsigned char *in, unsigned char *out, - size_t length, const AES_KEY *key, - unsigned char *ivec, int *num, const int enc) -{ - CRYPTO_cfb128_8_encrypt(in, out, length, key, ivec, num, enc, - (block128_f) AES_encrypt); -} diff --git a/crypto/aes/aes_core.c b/crypto/aes/aes_core.c deleted file mode 100644 index 3413ce8f4378a898f1837d81ff1210a4e10499e5..0000000000000000000000000000000000000000 --- a/crypto/aes/aes_core.c +++ /dev/null @@ -1,2013 +0,0 @@ -/* - * Copyright 2002-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/** - * rijndael-alg-fst.c - * - * @version 3.0 (December 2000) - * - * Optimised ANSI C code for the Rijndael cipher (now AES) - * - * @author Vincent Rijmen - * @author Antoon Bosselaers - * @author Paulo Barreto - * - * This code is hereby placed in the public domain. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS - * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED - * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE - * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR - * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, - * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE - * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, - * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/* Note: rewritten a little bit to provide error control and an OpenSSL- - compatible API */ - -/* - * AES low level APIs are deprecated for public use, but still ok for internal - * use where we're using them to implement the higher level EVP interface, as is - * the case here. - */ -#include "internal/deprecated.h" - -#include - -#include -#include -#include -#include "aes_local.h" - -#if defined(OPENSSL_AES_CONST_TIME) && !defined(AES_ASM) - -# if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__) -# define U64(C) C##UI64 -# elif defined(__arch64__) -# define U64(C) C##UL -# else -# define U64(C) C##ULL -# endif - -typedef union { - unsigned char b[8]; - u32 w[2]; - u64 d; -} uni; - -/* - * Compute w := (w * x) mod (x^8 + x^4 + x^3 + x^1 + 1) - * Therefore the name "xtime". - */ -static void XtimeWord(u32 *w) -{ - u32 a, b; - - a = *w; - b = a & 0x80808080u; - a ^= b; - b -= b >> 7; - b &= 0x1B1B1B1Bu; - b ^= a << 1; - *w = b; -} - -static void XtimeLong(u64 *w) -{ - u64 a, b; - - a = *w; - b = a & U64(0x8080808080808080); - a ^= b; - b -= b >> 7; - b &= U64(0x1B1B1B1B1B1B1B1B); - b ^= a << 1; - *w = b; -} - -/* - * This computes w := S * w ^ -1 + c, where c = {01100011}. - * Instead of using GF(2^8) mod (x^8+x^4+x^3+x+1} we do the inversion - * in GF(GF(GF(2^2)^2)^2) mod (X^2+X+8) - * and GF(GF(2^2)^2) mod (X^2+X+2) - * and GF(2^2) mod (X^2+X+1) - * The first part of the algorithm below transfers the coordinates - * {0x01,0x02,0x04,0x08,0x10,0x20,0x40,0x80} => - * {1,Y,Y^2,Y^3,Y^4,Y^5,Y^6,Y^7} with Y=0x41: - * {0x01,0x41,0x66,0x6c,0x56,0x9a,0x58,0xc4} - * The last part undoes the coordinate transfer and the final affine - * transformation S: - * b[i] = b[i] + b[(i+4)%8] + b[(i+5)%8] + b[(i+6)%8] + b[(i+7)%8] + c[i] - * in one step. - * The multiplication in GF(2^2^2^2) is done in ordinary coords: - * A = (a0*1 + a1*x^4) - * B = (b0*1 + b1*x^4) - * AB = ((a0*b0 + 8*a1*b1)*1 + (a1*b0 + (a0+a1)*b1)*x^4) - * When A = (a0,a1) is given we want to solve AB = 1: - * (a) 1 = a0*b0 + 8*a1*b1 - * (b) 0 = a1*b0 + (a0+a1)*b1 - * => multiply (a) by a1 and (b) by a0 - * (c) a1 = a1*a0*b0 + (8*a1*a1)*b1 - * (d) 0 = a1*a0*b0 + (a0*a0+a1*a0)*b1 - * => add (c) + (d) - * (e) a1 = (a0*a0 + a1*a0 + 8*a1*a1)*b1 - * => therefore - * b1 = (a0*a0 + a1*a0 + 8*a1*a1)^-1 * a1 - * => and adding (a1*b0) to (b) we get - * (f) a1*b0 = (a0+a1)*b1 - * => therefore - * b0 = (a0*a0 + a1*a0 + 8*a1*a1)^-1 * (a0+a1) - * Note this formula also works for the case - * (a0+a1)*a0 + 8*a1*a1 = 0 - * if the inverse element for 0^-1 is mapped to 0. - * Repeat the same for GF(2^2^2) and GF(2^2). - * We get the following algorithm: - * inv8(a0,a1): - * x0 = a0^a1 - * [y0,y1] = mul4([x0,a1],[a0,a1]); (*) - * y1 = mul4(8,y1); - * t = inv4(y0^y1); - * [b0,b1] = mul4([x0,a1],[t,t]); (*) - * return [b0,b1]; - * The non-linear multiplies (*) can be done in parallel at no extra cost. - */ -static void SubWord(u32 *w) -{ - u32 x, y, a1, a2, a3, a4, a5, a6; - - x = *w; - y = ((x & 0xFEFEFEFEu) >> 1) | ((x & 0x01010101u) << 7); - x &= 0xDDDDDDDDu; - x ^= y & 0x57575757u; - y = ((y & 0xFEFEFEFEu) >> 1) | ((y & 0x01010101u) << 7); - x ^= y & 0x1C1C1C1Cu; - y = ((y & 0xFEFEFEFEu) >> 1) | ((y & 0x01010101u) << 7); - x ^= y & 0x4A4A4A4Au; - y = ((y & 0xFEFEFEFEu) >> 1) | ((y & 0x01010101u) << 7); - x ^= y & 0x42424242u; - y = ((y & 0xFEFEFEFEu) >> 1) | ((y & 0x01010101u) << 7); - x ^= y & 0x64646464u; - y = ((y & 0xFEFEFEFEu) >> 1) | ((y & 0x01010101u) << 7); - x ^= y & 0xE0E0E0E0u; - a1 = x; - a1 ^= (x & 0xF0F0F0F0u) >> 4; - a2 = ((x & 0xCCCCCCCCu) >> 2) | ((x & 0x33333333u) << 2); - a3 = x & a1; - a3 ^= (a3 & 0xAAAAAAAAu) >> 1; - a3 ^= (((x << 1) & a1) ^ ((a1 << 1) & x)) & 0xAAAAAAAAu; - a4 = a2 & a1; - a4 ^= (a4 & 0xAAAAAAAAu) >> 1; - a4 ^= (((a2 << 1) & a1) ^ ((a1 << 1) & a2)) & 0xAAAAAAAAu; - a5 = (a3 & 0xCCCCCCCCu) >> 2; - a3 ^= ((a4 << 2) ^ a4) & 0xCCCCCCCCu; - a4 = a5 & 0x22222222u; - a4 |= a4 >> 1; - a4 ^= (a5 << 1) & 0x22222222u; - a3 ^= a4; - a5 = a3 & 0xA0A0A0A0u; - a5 |= a5 >> 1; - a5 ^= (a3 << 1) & 0xA0A0A0A0u; - a4 = a5 & 0xC0C0C0C0u; - a6 = a4 >> 2; - a4 ^= (a5 << 2) & 0xC0C0C0C0u; - a5 = a6 & 0x20202020u; - a5 |= a5 >> 1; - a5 ^= (a6 << 1) & 0x20202020u; - a4 |= a5; - a3 ^= a4 >> 4; - a3 &= 0x0F0F0F0Fu; - a2 = a3; - a2 ^= (a3 & 0x0C0C0C0Cu) >> 2; - a4 = a3 & a2; - a4 ^= (a4 & 0x0A0A0A0A0Au) >> 1; - a4 ^= (((a3 << 1) & a2) ^ ((a2 << 1) & a3)) & 0x0A0A0A0Au; - a5 = a4 & 0x08080808u; - a5 |= a5 >> 1; - a5 ^= (a4 << 1) & 0x08080808u; - a4 ^= a5 >> 2; - a4 &= 0x03030303u; - a4 ^= (a4 & 0x02020202u) >> 1; - a4 |= a4 << 2; - a3 = a2 & a4; - a3 ^= (a3 & 0x0A0A0A0Au) >> 1; - a3 ^= (((a2 << 1) & a4) ^ ((a4 << 1) & a2)) & 0x0A0A0A0Au; - a3 |= a3 << 4; - a2 = ((a1 & 0xCCCCCCCCu) >> 2) | ((a1 & 0x33333333u) << 2); - x = a1 & a3; - x ^= (x & 0xAAAAAAAAu) >> 1; - x ^= (((a1 << 1) & a3) ^ ((a3 << 1) & a1)) & 0xAAAAAAAAu; - a4 = a2 & a3; - a4 ^= (a4 & 0xAAAAAAAAu) >> 1; - a4 ^= (((a2 << 1) & a3) ^ ((a3 << 1) & a2)) & 0xAAAAAAAAu; - a5 = (x & 0xCCCCCCCCu) >> 2; - x ^= ((a4 << 2) ^ a4) & 0xCCCCCCCCu; - a4 = a5 & 0x22222222u; - a4 |= a4 >> 1; - a4 ^= (a5 << 1) & 0x22222222u; - x ^= a4; - y = ((x & 0xFEFEFEFEu) >> 1) | ((x & 0x01010101u) << 7); - x &= 0x39393939u; - x ^= y & 0x3F3F3F3Fu; - y = ((y & 0xFCFCFCFCu) >> 2) | ((y & 0x03030303u) << 6); - x ^= y & 0x97979797u; - y = ((y & 0xFEFEFEFEu) >> 1) | ((y & 0x01010101u) << 7); - x ^= y & 0x9B9B9B9Bu; - y = ((y & 0xFEFEFEFEu) >> 1) | ((y & 0x01010101u) << 7); - x ^= y & 0x3C3C3C3Cu; - y = ((y & 0xFEFEFEFEu) >> 1) | ((y & 0x01010101u) << 7); - x ^= y & 0xDDDDDDDDu; - y = ((y & 0xFEFEFEFEu) >> 1) | ((y & 0x01010101u) << 7); - x ^= y & 0x72727272u; - x ^= 0x63636363u; - *w = x; -} - -static void SubLong(u64 *w) -{ - u64 x, y, a1, a2, a3, a4, a5, a6; - - x = *w; - y = ((x & U64(0xFEFEFEFEFEFEFEFE)) >> 1) | ((x & U64(0x0101010101010101)) << 7); - x &= U64(0xDDDDDDDDDDDDDDDD); - x ^= y & U64(0x5757575757575757); - y = ((y & U64(0xFEFEFEFEFEFEFEFE)) >> 1) | ((y & U64(0x0101010101010101)) << 7); - x ^= y & U64(0x1C1C1C1C1C1C1C1C); - y = ((y & U64(0xFEFEFEFEFEFEFEFE)) >> 1) | ((y & U64(0x0101010101010101)) << 7); - x ^= y & U64(0x4A4A4A4A4A4A4A4A); - y = ((y & U64(0xFEFEFEFEFEFEFEFE)) >> 1) | ((y & U64(0x0101010101010101)) << 7); - x ^= y & U64(0x4242424242424242); - y = ((y & U64(0xFEFEFEFEFEFEFEFE)) >> 1) | ((y & U64(0x0101010101010101)) << 7); - x ^= y & U64(0x6464646464646464); - y = ((y & U64(0xFEFEFEFEFEFEFEFE)) >> 1) | ((y & U64(0x0101010101010101)) << 7); - x ^= y & U64(0xE0E0E0E0E0E0E0E0); - a1 = x; - a1 ^= (x & U64(0xF0F0F0F0F0F0F0F0)) >> 4; - a2 = ((x & U64(0xCCCCCCCCCCCCCCCC)) >> 2) | ((x & U64(0x3333333333333333)) << 2); - a3 = x & a1; - a3 ^= (a3 & U64(0xAAAAAAAAAAAAAAAA)) >> 1; - a3 ^= (((x << 1) & a1) ^ ((a1 << 1) & x)) & U64(0xAAAAAAAAAAAAAAAA); - a4 = a2 & a1; - a4 ^= (a4 & U64(0xAAAAAAAAAAAAAAAA)) >> 1; - a4 ^= (((a2 << 1) & a1) ^ ((a1 << 1) & a2)) & U64(0xAAAAAAAAAAAAAAAA); - a5 = (a3 & U64(0xCCCCCCCCCCCCCCCC)) >> 2; - a3 ^= ((a4 << 2) ^ a4) & U64(0xCCCCCCCCCCCCCCCC); - a4 = a5 & U64(0x2222222222222222); - a4 |= a4 >> 1; - a4 ^= (a5 << 1) & U64(0x2222222222222222); - a3 ^= a4; - a5 = a3 & U64(0xA0A0A0A0A0A0A0A0); - a5 |= a5 >> 1; - a5 ^= (a3 << 1) & U64(0xA0A0A0A0A0A0A0A0); - a4 = a5 & U64(0xC0C0C0C0C0C0C0C0); - a6 = a4 >> 2; - a4 ^= (a5 << 2) & U64(0xC0C0C0C0C0C0C0C0); - a5 = a6 & U64(0x2020202020202020); - a5 |= a5 >> 1; - a5 ^= (a6 << 1) & U64(0x2020202020202020); - a4 |= a5; - a3 ^= a4 >> 4; - a3 &= U64(0x0F0F0F0F0F0F0F0F); - a2 = a3; - a2 ^= (a3 & U64(0x0C0C0C0C0C0C0C0C)) >> 2; - a4 = a3 & a2; - a4 ^= (a4 & U64(0x0A0A0A0A0A0A0A0A)) >> 1; - a4 ^= (((a3 << 1) & a2) ^ ((a2 << 1) & a3)) & U64(0x0A0A0A0A0A0A0A0A); - a5 = a4 & U64(0x0808080808080808); - a5 |= a5 >> 1; - a5 ^= (a4 << 1) & U64(0x0808080808080808); - a4 ^= a5 >> 2; - a4 &= U64(0x0303030303030303); - a4 ^= (a4 & U64(0x0202020202020202)) >> 1; - a4 |= a4 << 2; - a3 = a2 & a4; - a3 ^= (a3 & U64(0x0A0A0A0A0A0A0A0A)) >> 1; - a3 ^= (((a2 << 1) & a4) ^ ((a4 << 1) & a2)) & U64(0x0A0A0A0A0A0A0A0A); - a3 |= a3 << 4; - a2 = ((a1 & U64(0xCCCCCCCCCCCCCCCC)) >> 2) | ((a1 & U64(0x3333333333333333)) << 2); - x = a1 & a3; - x ^= (x & U64(0xAAAAAAAAAAAAAAAA)) >> 1; - x ^= (((a1 << 1) & a3) ^ ((a3 << 1) & a1)) & U64(0xAAAAAAAAAAAAAAAA); - a4 = a2 & a3; - a4 ^= (a4 & U64(0xAAAAAAAAAAAAAAAA)) >> 1; - a4 ^= (((a2 << 1) & a3) ^ ((a3 << 1) & a2)) & U64(0xAAAAAAAAAAAAAAAA); - a5 = (x & U64(0xCCCCCCCCCCCCCCCC)) >> 2; - x ^= ((a4 << 2) ^ a4) & U64(0xCCCCCCCCCCCCCCCC); - a4 = a5 & U64(0x2222222222222222); - a4 |= a4 >> 1; - a4 ^= (a5 << 1) & U64(0x2222222222222222); - x ^= a4; - y = ((x & U64(0xFEFEFEFEFEFEFEFE)) >> 1) | ((x & U64(0x0101010101010101)) << 7); - x &= U64(0x3939393939393939); - x ^= y & U64(0x3F3F3F3F3F3F3F3F); - y = ((y & U64(0xFCFCFCFCFCFCFCFC)) >> 2) | ((y & U64(0x0303030303030303)) << 6); - x ^= y & U64(0x9797979797979797); - y = ((y & U64(0xFEFEFEFEFEFEFEFE)) >> 1) | ((y & U64(0x0101010101010101)) << 7); - x ^= y & U64(0x9B9B9B9B9B9B9B9B); - y = ((y & U64(0xFEFEFEFEFEFEFEFE)) >> 1) | ((y & U64(0x0101010101010101)) << 7); - x ^= y & U64(0x3C3C3C3C3C3C3C3C); - y = ((y & U64(0xFEFEFEFEFEFEFEFE)) >> 1) | ((y & U64(0x0101010101010101)) << 7); - x ^= y & U64(0xDDDDDDDDDDDDDDDD); - y = ((y & U64(0xFEFEFEFEFEFEFEFE)) >> 1) | ((y & U64(0x0101010101010101)) << 7); - x ^= y & U64(0x7272727272727272); - x ^= U64(0x6363636363636363); - *w = x; -} - -/* - * This computes w := (S^-1 * (w + c))^-1 - */ -static void InvSubLong(u64 *w) -{ - u64 x, y, a1, a2, a3, a4, a5, a6; - - x = *w; - x ^= U64(0x6363636363636363); - y = ((x & U64(0xFEFEFEFEFEFEFEFE)) >> 1) | ((x & U64(0x0101010101010101)) << 7); - x &= U64(0xFDFDFDFDFDFDFDFD); - x ^= y & U64(0x5E5E5E5E5E5E5E5E); - y = ((y & U64(0xFEFEFEFEFEFEFEFE)) >> 1) | ((y & U64(0x0101010101010101)) << 7); - x ^= y & U64(0xF3F3F3F3F3F3F3F3); - y = ((y & U64(0xFEFEFEFEFEFEFEFE)) >> 1) | ((y & U64(0x0101010101010101)) << 7); - x ^= y & U64(0xF5F5F5F5F5F5F5F5); - y = ((y & U64(0xFEFEFEFEFEFEFEFE)) >> 1) | ((y & U64(0x0101010101010101)) << 7); - x ^= y & U64(0x7878787878787878); - y = ((y & U64(0xFEFEFEFEFEFEFEFE)) >> 1) | ((y & U64(0x0101010101010101)) << 7); - x ^= y & U64(0x7777777777777777); - y = ((y & U64(0xFEFEFEFEFEFEFEFE)) >> 1) | ((y & U64(0x0101010101010101)) << 7); - x ^= y & U64(0x1515151515151515); - y = ((y & U64(0xFEFEFEFEFEFEFEFE)) >> 1) | ((y & U64(0x0101010101010101)) << 7); - x ^= y & U64(0xA5A5A5A5A5A5A5A5); - a1 = x; - a1 ^= (x & U64(0xF0F0F0F0F0F0F0F0)) >> 4; - a2 = ((x & U64(0xCCCCCCCCCCCCCCCC)) >> 2) | ((x & U64(0x3333333333333333)) << 2); - a3 = x & a1; - a3 ^= (a3 & U64(0xAAAAAAAAAAAAAAAA)) >> 1; - a3 ^= (((x << 1) & a1) ^ ((a1 << 1) & x)) & U64(0xAAAAAAAAAAAAAAAA); - a4 = a2 & a1; - a4 ^= (a4 & U64(0xAAAAAAAAAAAAAAAA)) >> 1; - a4 ^= (((a2 << 1) & a1) ^ ((a1 << 1) & a2)) & U64(0xAAAAAAAAAAAAAAAA); - a5 = (a3 & U64(0xCCCCCCCCCCCCCCCC)) >> 2; - a3 ^= ((a4 << 2) ^ a4) & U64(0xCCCCCCCCCCCCCCCC); - a4 = a5 & U64(0x2222222222222222); - a4 |= a4 >> 1; - a4 ^= (a5 << 1) & U64(0x2222222222222222); - a3 ^= a4; - a5 = a3 & U64(0xA0A0A0A0A0A0A0A0); - a5 |= a5 >> 1; - a5 ^= (a3 << 1) & U64(0xA0A0A0A0A0A0A0A0); - a4 = a5 & U64(0xC0C0C0C0C0C0C0C0); - a6 = a4 >> 2; - a4 ^= (a5 << 2) & U64(0xC0C0C0C0C0C0C0C0); - a5 = a6 & U64(0x2020202020202020); - a5 |= a5 >> 1; - a5 ^= (a6 << 1) & U64(0x2020202020202020); - a4 |= a5; - a3 ^= a4 >> 4; - a3 &= U64(0x0F0F0F0F0F0F0F0F); - a2 = a3; - a2 ^= (a3 & U64(0x0C0C0C0C0C0C0C0C)) >> 2; - a4 = a3 & a2; - a4 ^= (a4 & U64(0x0A0A0A0A0A0A0A0A)) >> 1; - a4 ^= (((a3 << 1) & a2) ^ ((a2 << 1) & a3)) & U64(0x0A0A0A0A0A0A0A0A); - a5 = a4 & U64(0x0808080808080808); - a5 |= a5 >> 1; - a5 ^= (a4 << 1) & U64(0x0808080808080808); - a4 ^= a5 >> 2; - a4 &= U64(0x0303030303030303); - a4 ^= (a4 & U64(0x0202020202020202)) >> 1; - a4 |= a4 << 2; - a3 = a2 & a4; - a3 ^= (a3 & U64(0x0A0A0A0A0A0A0A0A)) >> 1; - a3 ^= (((a2 << 1) & a4) ^ ((a4 << 1) & a2)) & U64(0x0A0A0A0A0A0A0A0A); - a3 |= a3 << 4; - a2 = ((a1 & U64(0xCCCCCCCCCCCCCCCC)) >> 2) | ((a1 & U64(0x3333333333333333)) << 2); - x = a1 & a3; - x ^= (x & U64(0xAAAAAAAAAAAAAAAA)) >> 1; - x ^= (((a1 << 1) & a3) ^ ((a3 << 1) & a1)) & U64(0xAAAAAAAAAAAAAAAA); - a4 = a2 & a3; - a4 ^= (a4 & U64(0xAAAAAAAAAAAAAAAA)) >> 1; - a4 ^= (((a2 << 1) & a3) ^ ((a3 << 1) & a2)) & U64(0xAAAAAAAAAAAAAAAA); - a5 = (x & U64(0xCCCCCCCCCCCCCCCC)) >> 2; - x ^= ((a4 << 2) ^ a4) & U64(0xCCCCCCCCCCCCCCCC); - a4 = a5 & U64(0x2222222222222222); - a4 |= a4 >> 1; - a4 ^= (a5 << 1) & U64(0x2222222222222222); - x ^= a4; - y = ((x & U64(0xFEFEFEFEFEFEFEFE)) >> 1) | ((x & U64(0x0101010101010101)) << 7); - x &= U64(0xB5B5B5B5B5B5B5B5); - x ^= y & U64(0x4040404040404040); - y = ((y & U64(0xFEFEFEFEFEFEFEFE)) >> 1) | ((y & U64(0x0101010101010101)) << 7); - x ^= y & U64(0x8080808080808080); - y = ((y & U64(0xFEFEFEFEFEFEFEFE)) >> 1) | ((y & U64(0x0101010101010101)) << 7); - x ^= y & U64(0x1616161616161616); - y = ((y & U64(0xFEFEFEFEFEFEFEFE)) >> 1) | ((y & U64(0x0101010101010101)) << 7); - x ^= y & U64(0xEBEBEBEBEBEBEBEB); - y = ((y & U64(0xFEFEFEFEFEFEFEFE)) >> 1) | ((y & U64(0x0101010101010101)) << 7); - x ^= y & U64(0x9797979797979797); - y = ((y & U64(0xFEFEFEFEFEFEFEFE)) >> 1) | ((y & U64(0x0101010101010101)) << 7); - x ^= y & U64(0xFBFBFBFBFBFBFBFB); - y = ((y & U64(0xFEFEFEFEFEFEFEFE)) >> 1) | ((y & U64(0x0101010101010101)) << 7); - x ^= y & U64(0x7D7D7D7D7D7D7D7D); - *w = x; -} - -static void ShiftRows(u64 *state) -{ - unsigned char s[4]; - unsigned char *s0; - int r; - - s0 = (unsigned char *)state; - for (r = 0; r < 4; r++) { - s[0] = s0[0*4 + r]; - s[1] = s0[1*4 + r]; - s[2] = s0[2*4 + r]; - s[3] = s0[3*4 + r]; - s0[0*4 + r] = s[(r+0) % 4]; - s0[1*4 + r] = s[(r+1) % 4]; - s0[2*4 + r] = s[(r+2) % 4]; - s0[3*4 + r] = s[(r+3) % 4]; - } -} - -static void InvShiftRows(u64 *state) -{ - unsigned char s[4]; - unsigned char *s0; - int r; - - s0 = (unsigned char *)state; - for (r = 0; r < 4; r++) { - s[0] = s0[0*4 + r]; - s[1] = s0[1*4 + r]; - s[2] = s0[2*4 + r]; - s[3] = s0[3*4 + r]; - s0[0*4 + r] = s[(4-r) % 4]; - s0[1*4 + r] = s[(5-r) % 4]; - s0[2*4 + r] = s[(6-r) % 4]; - s0[3*4 + r] = s[(7-r) % 4]; - } -} - -static void MixColumns(u64 *state) -{ - uni s1; - uni s; - int c; - - for (c = 0; c < 2; c++) { - s1.d = state[c]; - s.d = s1.d; - s.d ^= ((s.d & U64(0xFFFF0000FFFF0000)) >> 16) - | ((s.d & U64(0x0000FFFF0000FFFF)) << 16); - s.d ^= ((s.d & U64(0xFF00FF00FF00FF00)) >> 8) - | ((s.d & U64(0x00FF00FF00FF00FF)) << 8); - s.d ^= s1.d; - XtimeLong(&s1.d); - s.d ^= s1.d; - s.b[0] ^= s1.b[1]; - s.b[1] ^= s1.b[2]; - s.b[2] ^= s1.b[3]; - s.b[3] ^= s1.b[0]; - s.b[4] ^= s1.b[5]; - s.b[5] ^= s1.b[6]; - s.b[6] ^= s1.b[7]; - s.b[7] ^= s1.b[4]; - state[c] = s.d; - } -} - -static void InvMixColumns(u64 *state) -{ - uni s1; - uni s; - int c; - - for (c = 0; c < 2; c++) { - s1.d = state[c]; - s.d = s1.d; - s.d ^= ((s.d & U64(0xFFFF0000FFFF0000)) >> 16) - | ((s.d & U64(0x0000FFFF0000FFFF)) << 16); - s.d ^= ((s.d & U64(0xFF00FF00FF00FF00)) >> 8) - | ((s.d & U64(0x00FF00FF00FF00FF)) << 8); - s.d ^= s1.d; - XtimeLong(&s1.d); - s.d ^= s1.d; - s.b[0] ^= s1.b[1]; - s.b[1] ^= s1.b[2]; - s.b[2] ^= s1.b[3]; - s.b[3] ^= s1.b[0]; - s.b[4] ^= s1.b[5]; - s.b[5] ^= s1.b[6]; - s.b[6] ^= s1.b[7]; - s.b[7] ^= s1.b[4]; - XtimeLong(&s1.d); - s1.d ^= ((s1.d & U64(0xFFFF0000FFFF0000)) >> 16) - | ((s1.d & U64(0x0000FFFF0000FFFF)) << 16); - s.d ^= s1.d; - XtimeLong(&s1.d); - s1.d ^= ((s1.d & U64(0xFF00FF00FF00FF00)) >> 8) - | ((s1.d & U64(0x00FF00FF00FF00FF)) << 8); - s.d ^= s1.d; - state[c] = s.d; - } -} - -static void AddRoundKey(u64 *state, const u64 *w) -{ - state[0] ^= w[0]; - state[1] ^= w[1]; -} - -static void Cipher(const unsigned char *in, unsigned char *out, - const u64 *w, int nr) -{ - u64 state[2]; - int i; - - memcpy(state, in, 16); - - AddRoundKey(state, w); - - for (i = 1; i < nr; i++) { - SubLong(&state[0]); - SubLong(&state[1]); - ShiftRows(state); - MixColumns(state); - AddRoundKey(state, w + i*2); - } - - SubLong(&state[0]); - SubLong(&state[1]); - ShiftRows(state); - AddRoundKey(state, w + nr*2); - - memcpy(out, state, 16); -} - -static void InvCipher(const unsigned char *in, unsigned char *out, - const u64 *w, int nr) - -{ - u64 state[2]; - int i; - - memcpy(state, in, 16); - - AddRoundKey(state, w + nr*2); - - for (i = nr - 1; i > 0; i--) { - InvShiftRows(state); - InvSubLong(&state[0]); - InvSubLong(&state[1]); - AddRoundKey(state, w + i*2); - InvMixColumns(state); - } - - InvShiftRows(state); - InvSubLong(&state[0]); - InvSubLong(&state[1]); - AddRoundKey(state, w); - - memcpy(out, state, 16); -} - -static void RotWord(u32 *x) -{ - unsigned char *w0; - unsigned char tmp; - - w0 = (unsigned char *)x; - tmp = w0[0]; - w0[0] = w0[1]; - w0[1] = w0[2]; - w0[2] = w0[3]; - w0[3] = tmp; -} - -static void KeyExpansion(const unsigned char *key, u64 *w, - int nr, int nk) -{ - u32 rcon; - uni prev; - u32 temp; - int i, n; - - memcpy(w, key, nk*4); - memcpy(&rcon, "\1\0\0\0", 4); - n = nk/2; - prev.d = w[n-1]; - for (i = n; i < (nr+1)*2; i++) { - temp = prev.w[1]; - if (i % n == 0) { - RotWord(&temp); - SubWord(&temp); - temp ^= rcon; - XtimeWord(&rcon); - } else if (nk > 6 && i % n == 2) { - SubWord(&temp); - } - prev.d = w[i-n]; - prev.w[0] ^= temp; - prev.w[1] ^= prev.w[0]; - w[i] = prev.d; - } -} - -/** - * Expand the cipher key into the encryption key schedule. - */ -int AES_set_encrypt_key(const unsigned char *userKey, const int bits, - AES_KEY *key) -{ - u64 *rk; - - if (!userKey || !key) - return -1; - if (bits != 128 && bits != 192 && bits != 256) - return -2; - - rk = (u64*)key->rd_key; - - if (bits == 128) - key->rounds = 10; - else if (bits == 192) - key->rounds = 12; - else - key->rounds = 14; - - KeyExpansion(userKey, rk, key->rounds, bits/32); - return 0; -} - -/** - * Expand the cipher key into the decryption key schedule. - */ -int AES_set_decrypt_key(const unsigned char *userKey, const int bits, - AES_KEY *key) -{ - return AES_set_encrypt_key(userKey, bits, key); -} - -/* - * Encrypt a single block - * in and out can overlap - */ -void AES_encrypt(const unsigned char *in, unsigned char *out, - const AES_KEY *key) -{ - const u64 *rk; - - assert(in && out && key); - rk = (u64*)key->rd_key; - - Cipher(in, out, rk, key->rounds); -} - -/* - * Decrypt a single block - * in and out can overlap - */ -void AES_decrypt(const unsigned char *in, unsigned char *out, - const AES_KEY *key) -{ - const u64 *rk; - - assert(in && out && key); - rk = (u64*)key->rd_key; - - InvCipher(in, out, rk, key->rounds); -} -#elif !defined(AES_ASM) -/*- -Te0[x] = S [x].[02, 01, 01, 03]; -Te1[x] = S [x].[03, 02, 01, 01]; -Te2[x] = S [x].[01, 03, 02, 01]; -Te3[x] = S [x].[01, 01, 03, 02]; - -Td0[x] = Si[x].[0e, 09, 0d, 0b]; -Td1[x] = Si[x].[0b, 0e, 09, 0d]; -Td2[x] = Si[x].[0d, 0b, 0e, 09]; -Td3[x] = Si[x].[09, 0d, 0b, 0e]; -Td4[x] = Si[x].[01]; -*/ - -static const u32 Te0[256] = { - 0xc66363a5U, 0xf87c7c84U, 0xee777799U, 0xf67b7b8dU, - 0xfff2f20dU, 0xd66b6bbdU, 0xde6f6fb1U, 0x91c5c554U, - 0x60303050U, 0x02010103U, 0xce6767a9U, 0x562b2b7dU, - 0xe7fefe19U, 0xb5d7d762U, 0x4dababe6U, 0xec76769aU, - 0x8fcaca45U, 0x1f82829dU, 0x89c9c940U, 0xfa7d7d87U, - 0xeffafa15U, 0xb25959ebU, 0x8e4747c9U, 0xfbf0f00bU, - 0x41adadecU, 0xb3d4d467U, 0x5fa2a2fdU, 0x45afafeaU, - 0x239c9cbfU, 0x53a4a4f7U, 0xe4727296U, 0x9bc0c05bU, - 0x75b7b7c2U, 0xe1fdfd1cU, 0x3d9393aeU, 0x4c26266aU, - 0x6c36365aU, 0x7e3f3f41U, 0xf5f7f702U, 0x83cccc4fU, - 0x6834345cU, 0x51a5a5f4U, 0xd1e5e534U, 0xf9f1f108U, - 0xe2717193U, 0xabd8d873U, 0x62313153U, 0x2a15153fU, - 0x0804040cU, 0x95c7c752U, 0x46232365U, 0x9dc3c35eU, - 0x30181828U, 0x379696a1U, 0x0a05050fU, 0x2f9a9ab5U, - 0x0e070709U, 0x24121236U, 0x1b80809bU, 0xdfe2e23dU, - 0xcdebeb26U, 0x4e272769U, 0x7fb2b2cdU, 0xea75759fU, - 0x1209091bU, 0x1d83839eU, 0x582c2c74U, 0x341a1a2eU, - 0x361b1b2dU, 0xdc6e6eb2U, 0xb45a5aeeU, 0x5ba0a0fbU, - 0xa45252f6U, 0x763b3b4dU, 0xb7d6d661U, 0x7db3b3ceU, - 0x5229297bU, 0xdde3e33eU, 0x5e2f2f71U, 0x13848497U, - 0xa65353f5U, 0xb9d1d168U, 0x00000000U, 0xc1eded2cU, - 0x40202060U, 0xe3fcfc1fU, 0x79b1b1c8U, 0xb65b5bedU, - 0xd46a6abeU, 0x8dcbcb46U, 0x67bebed9U, 0x7239394bU, - 0x944a4adeU, 0x984c4cd4U, 0xb05858e8U, 0x85cfcf4aU, - 0xbbd0d06bU, 0xc5efef2aU, 0x4faaaae5U, 0xedfbfb16U, - 0x864343c5U, 0x9a4d4dd7U, 0x66333355U, 0x11858594U, - 0x8a4545cfU, 0xe9f9f910U, 0x04020206U, 0xfe7f7f81U, - 0xa05050f0U, 0x783c3c44U, 0x259f9fbaU, 0x4ba8a8e3U, - 0xa25151f3U, 0x5da3a3feU, 0x804040c0U, 0x058f8f8aU, - 0x3f9292adU, 0x219d9dbcU, 0x70383848U, 0xf1f5f504U, - 0x63bcbcdfU, 0x77b6b6c1U, 0xafdada75U, 0x42212163U, - 0x20101030U, 0xe5ffff1aU, 0xfdf3f30eU, 0xbfd2d26dU, - 0x81cdcd4cU, 0x180c0c14U, 0x26131335U, 0xc3ecec2fU, - 0xbe5f5fe1U, 0x359797a2U, 0x884444ccU, 0x2e171739U, - 0x93c4c457U, 0x55a7a7f2U, 0xfc7e7e82U, 0x7a3d3d47U, - 0xc86464acU, 0xba5d5de7U, 0x3219192bU, 0xe6737395U, - 0xc06060a0U, 0x19818198U, 0x9e4f4fd1U, 0xa3dcdc7fU, - 0x44222266U, 0x542a2a7eU, 0x3b9090abU, 0x0b888883U, - 0x8c4646caU, 0xc7eeee29U, 0x6bb8b8d3U, 0x2814143cU, - 0xa7dede79U, 0xbc5e5ee2U, 0x160b0b1dU, 0xaddbdb76U, - 0xdbe0e03bU, 0x64323256U, 0x743a3a4eU, 0x140a0a1eU, - 0x924949dbU, 0x0c06060aU, 0x4824246cU, 0xb85c5ce4U, - 0x9fc2c25dU, 0xbdd3d36eU, 0x43acacefU, 0xc46262a6U, - 0x399191a8U, 0x319595a4U, 0xd3e4e437U, 0xf279798bU, - 0xd5e7e732U, 0x8bc8c843U, 0x6e373759U, 0xda6d6db7U, - 0x018d8d8cU, 0xb1d5d564U, 0x9c4e4ed2U, 0x49a9a9e0U, - 0xd86c6cb4U, 0xac5656faU, 0xf3f4f407U, 0xcfeaea25U, - 0xca6565afU, 0xf47a7a8eU, 0x47aeaee9U, 0x10080818U, - 0x6fbabad5U, 0xf0787888U, 0x4a25256fU, 0x5c2e2e72U, - 0x381c1c24U, 0x57a6a6f1U, 0x73b4b4c7U, 0x97c6c651U, - 0xcbe8e823U, 0xa1dddd7cU, 0xe874749cU, 0x3e1f1f21U, - 0x964b4bddU, 0x61bdbddcU, 0x0d8b8b86U, 0x0f8a8a85U, - 0xe0707090U, 0x7c3e3e42U, 0x71b5b5c4U, 0xcc6666aaU, - 0x904848d8U, 0x06030305U, 0xf7f6f601U, 0x1c0e0e12U, - 0xc26161a3U, 0x6a35355fU, 0xae5757f9U, 0x69b9b9d0U, - 0x17868691U, 0x99c1c158U, 0x3a1d1d27U, 0x279e9eb9U, - 0xd9e1e138U, 0xebf8f813U, 0x2b9898b3U, 0x22111133U, - 0xd26969bbU, 0xa9d9d970U, 0x078e8e89U, 0x339494a7U, - 0x2d9b9bb6U, 0x3c1e1e22U, 0x15878792U, 0xc9e9e920U, - 0x87cece49U, 0xaa5555ffU, 0x50282878U, 0xa5dfdf7aU, - 0x038c8c8fU, 0x59a1a1f8U, 0x09898980U, 0x1a0d0d17U, - 0x65bfbfdaU, 0xd7e6e631U, 0x844242c6U, 0xd06868b8U, - 0x824141c3U, 0x299999b0U, 0x5a2d2d77U, 0x1e0f0f11U, - 0x7bb0b0cbU, 0xa85454fcU, 0x6dbbbbd6U, 0x2c16163aU, -}; -static const u32 Te1[256] = { - 0xa5c66363U, 0x84f87c7cU, 0x99ee7777U, 0x8df67b7bU, - 0x0dfff2f2U, 0xbdd66b6bU, 0xb1de6f6fU, 0x5491c5c5U, - 0x50603030U, 0x03020101U, 0xa9ce6767U, 0x7d562b2bU, - 0x19e7fefeU, 0x62b5d7d7U, 0xe64dababU, 0x9aec7676U, - 0x458fcacaU, 0x9d1f8282U, 0x4089c9c9U, 0x87fa7d7dU, - 0x15effafaU, 0xebb25959U, 0xc98e4747U, 0x0bfbf0f0U, - 0xec41adadU, 0x67b3d4d4U, 0xfd5fa2a2U, 0xea45afafU, - 0xbf239c9cU, 0xf753a4a4U, 0x96e47272U, 0x5b9bc0c0U, - 0xc275b7b7U, 0x1ce1fdfdU, 0xae3d9393U, 0x6a4c2626U, - 0x5a6c3636U, 0x417e3f3fU, 0x02f5f7f7U, 0x4f83ccccU, - 0x5c683434U, 0xf451a5a5U, 0x34d1e5e5U, 0x08f9f1f1U, - 0x93e27171U, 0x73abd8d8U, 0x53623131U, 0x3f2a1515U, - 0x0c080404U, 0x5295c7c7U, 0x65462323U, 0x5e9dc3c3U, - 0x28301818U, 0xa1379696U, 0x0f0a0505U, 0xb52f9a9aU, - 0x090e0707U, 0x36241212U, 0x9b1b8080U, 0x3ddfe2e2U, - 0x26cdebebU, 0x694e2727U, 0xcd7fb2b2U, 0x9fea7575U, - 0x1b120909U, 0x9e1d8383U, 0x74582c2cU, 0x2e341a1aU, - 0x2d361b1bU, 0xb2dc6e6eU, 0xeeb45a5aU, 0xfb5ba0a0U, - 0xf6a45252U, 0x4d763b3bU, 0x61b7d6d6U, 0xce7db3b3U, - 0x7b522929U, 0x3edde3e3U, 0x715e2f2fU, 0x97138484U, - 0xf5a65353U, 0x68b9d1d1U, 0x00000000U, 0x2cc1ededU, - 0x60402020U, 0x1fe3fcfcU, 0xc879b1b1U, 0xedb65b5bU, - 0xbed46a6aU, 0x468dcbcbU, 0xd967bebeU, 0x4b723939U, - 0xde944a4aU, 0xd4984c4cU, 0xe8b05858U, 0x4a85cfcfU, - 0x6bbbd0d0U, 0x2ac5efefU, 0xe54faaaaU, 0x16edfbfbU, - 0xc5864343U, 0xd79a4d4dU, 0x55663333U, 0x94118585U, - 0xcf8a4545U, 0x10e9f9f9U, 0x06040202U, 0x81fe7f7fU, - 0xf0a05050U, 0x44783c3cU, 0xba259f9fU, 0xe34ba8a8U, - 0xf3a25151U, 0xfe5da3a3U, 0xc0804040U, 0x8a058f8fU, - 0xad3f9292U, 0xbc219d9dU, 0x48703838U, 0x04f1f5f5U, - 0xdf63bcbcU, 0xc177b6b6U, 0x75afdadaU, 0x63422121U, - 0x30201010U, 0x1ae5ffffU, 0x0efdf3f3U, 0x6dbfd2d2U, - 0x4c81cdcdU, 0x14180c0cU, 0x35261313U, 0x2fc3ececU, - 0xe1be5f5fU, 0xa2359797U, 0xcc884444U, 0x392e1717U, - 0x5793c4c4U, 0xf255a7a7U, 0x82fc7e7eU, 0x477a3d3dU, - 0xacc86464U, 0xe7ba5d5dU, 0x2b321919U, 0x95e67373U, - 0xa0c06060U, 0x98198181U, 0xd19e4f4fU, 0x7fa3dcdcU, - 0x66442222U, 0x7e542a2aU, 0xab3b9090U, 0x830b8888U, - 0xca8c4646U, 0x29c7eeeeU, 0xd36bb8b8U, 0x3c281414U, - 0x79a7dedeU, 0xe2bc5e5eU, 0x1d160b0bU, 0x76addbdbU, - 0x3bdbe0e0U, 0x56643232U, 0x4e743a3aU, 0x1e140a0aU, - 0xdb924949U, 0x0a0c0606U, 0x6c482424U, 0xe4b85c5cU, - 0x5d9fc2c2U, 0x6ebdd3d3U, 0xef43acacU, 0xa6c46262U, - 0xa8399191U, 0xa4319595U, 0x37d3e4e4U, 0x8bf27979U, - 0x32d5e7e7U, 0x438bc8c8U, 0x596e3737U, 0xb7da6d6dU, - 0x8c018d8dU, 0x64b1d5d5U, 0xd29c4e4eU, 0xe049a9a9U, - 0xb4d86c6cU, 0xfaac5656U, 0x07f3f4f4U, 0x25cfeaeaU, - 0xafca6565U, 0x8ef47a7aU, 0xe947aeaeU, 0x18100808U, - 0xd56fbabaU, 0x88f07878U, 0x6f4a2525U, 0x725c2e2eU, - 0x24381c1cU, 0xf157a6a6U, 0xc773b4b4U, 0x5197c6c6U, - 0x23cbe8e8U, 0x7ca1ddddU, 0x9ce87474U, 0x213e1f1fU, - 0xdd964b4bU, 0xdc61bdbdU, 0x860d8b8bU, 0x850f8a8aU, - 0x90e07070U, 0x427c3e3eU, 0xc471b5b5U, 0xaacc6666U, - 0xd8904848U, 0x05060303U, 0x01f7f6f6U, 0x121c0e0eU, - 0xa3c26161U, 0x5f6a3535U, 0xf9ae5757U, 0xd069b9b9U, - 0x91178686U, 0x5899c1c1U, 0x273a1d1dU, 0xb9279e9eU, - 0x38d9e1e1U, 0x13ebf8f8U, 0xb32b9898U, 0x33221111U, - 0xbbd26969U, 0x70a9d9d9U, 0x89078e8eU, 0xa7339494U, - 0xb62d9b9bU, 0x223c1e1eU, 0x92158787U, 0x20c9e9e9U, - 0x4987ceceU, 0xffaa5555U, 0x78502828U, 0x7aa5dfdfU, - 0x8f038c8cU, 0xf859a1a1U, 0x80098989U, 0x171a0d0dU, - 0xda65bfbfU, 0x31d7e6e6U, 0xc6844242U, 0xb8d06868U, - 0xc3824141U, 0xb0299999U, 0x775a2d2dU, 0x111e0f0fU, - 0xcb7bb0b0U, 0xfca85454U, 0xd66dbbbbU, 0x3a2c1616U, -}; -static const u32 Te2[256] = { - 0x63a5c663U, 0x7c84f87cU, 0x7799ee77U, 0x7b8df67bU, - 0xf20dfff2U, 0x6bbdd66bU, 0x6fb1de6fU, 0xc55491c5U, - 0x30506030U, 0x01030201U, 0x67a9ce67U, 0x2b7d562bU, - 0xfe19e7feU, 0xd762b5d7U, 0xabe64dabU, 0x769aec76U, - 0xca458fcaU, 0x829d1f82U, 0xc94089c9U, 0x7d87fa7dU, - 0xfa15effaU, 0x59ebb259U, 0x47c98e47U, 0xf00bfbf0U, - 0xadec41adU, 0xd467b3d4U, 0xa2fd5fa2U, 0xafea45afU, - 0x9cbf239cU, 0xa4f753a4U, 0x7296e472U, 0xc05b9bc0U, - 0xb7c275b7U, 0xfd1ce1fdU, 0x93ae3d93U, 0x266a4c26U, - 0x365a6c36U, 0x3f417e3fU, 0xf702f5f7U, 0xcc4f83ccU, - 0x345c6834U, 0xa5f451a5U, 0xe534d1e5U, 0xf108f9f1U, - 0x7193e271U, 0xd873abd8U, 0x31536231U, 0x153f2a15U, - 0x040c0804U, 0xc75295c7U, 0x23654623U, 0xc35e9dc3U, - 0x18283018U, 0x96a13796U, 0x050f0a05U, 0x9ab52f9aU, - 0x07090e07U, 0x12362412U, 0x809b1b80U, 0xe23ddfe2U, - 0xeb26cdebU, 0x27694e27U, 0xb2cd7fb2U, 0x759fea75U, - 0x091b1209U, 0x839e1d83U, 0x2c74582cU, 0x1a2e341aU, - 0x1b2d361bU, 0x6eb2dc6eU, 0x5aeeb45aU, 0xa0fb5ba0U, - 0x52f6a452U, 0x3b4d763bU, 0xd661b7d6U, 0xb3ce7db3U, - 0x297b5229U, 0xe33edde3U, 0x2f715e2fU, 0x84971384U, - 0x53f5a653U, 0xd168b9d1U, 0x00000000U, 0xed2cc1edU, - 0x20604020U, 0xfc1fe3fcU, 0xb1c879b1U, 0x5bedb65bU, - 0x6abed46aU, 0xcb468dcbU, 0xbed967beU, 0x394b7239U, - 0x4ade944aU, 0x4cd4984cU, 0x58e8b058U, 0xcf4a85cfU, - 0xd06bbbd0U, 0xef2ac5efU, 0xaae54faaU, 0xfb16edfbU, - 0x43c58643U, 0x4dd79a4dU, 0x33556633U, 0x85941185U, - 0x45cf8a45U, 0xf910e9f9U, 0x02060402U, 0x7f81fe7fU, - 0x50f0a050U, 0x3c44783cU, 0x9fba259fU, 0xa8e34ba8U, - 0x51f3a251U, 0xa3fe5da3U, 0x40c08040U, 0x8f8a058fU, - 0x92ad3f92U, 0x9dbc219dU, 0x38487038U, 0xf504f1f5U, - 0xbcdf63bcU, 0xb6c177b6U, 0xda75afdaU, 0x21634221U, - 0x10302010U, 0xff1ae5ffU, 0xf30efdf3U, 0xd26dbfd2U, - 0xcd4c81cdU, 0x0c14180cU, 0x13352613U, 0xec2fc3ecU, - 0x5fe1be5fU, 0x97a23597U, 0x44cc8844U, 0x17392e17U, - 0xc45793c4U, 0xa7f255a7U, 0x7e82fc7eU, 0x3d477a3dU, - 0x64acc864U, 0x5de7ba5dU, 0x192b3219U, 0x7395e673U, - 0x60a0c060U, 0x81981981U, 0x4fd19e4fU, 0xdc7fa3dcU, - 0x22664422U, 0x2a7e542aU, 0x90ab3b90U, 0x88830b88U, - 0x46ca8c46U, 0xee29c7eeU, 0xb8d36bb8U, 0x143c2814U, - 0xde79a7deU, 0x5ee2bc5eU, 0x0b1d160bU, 0xdb76addbU, - 0xe03bdbe0U, 0x32566432U, 0x3a4e743aU, 0x0a1e140aU, - 0x49db9249U, 0x060a0c06U, 0x246c4824U, 0x5ce4b85cU, - 0xc25d9fc2U, 0xd36ebdd3U, 0xacef43acU, 0x62a6c462U, - 0x91a83991U, 0x95a43195U, 0xe437d3e4U, 0x798bf279U, - 0xe732d5e7U, 0xc8438bc8U, 0x37596e37U, 0x6db7da6dU, - 0x8d8c018dU, 0xd564b1d5U, 0x4ed29c4eU, 0xa9e049a9U, - 0x6cb4d86cU, 0x56faac56U, 0xf407f3f4U, 0xea25cfeaU, - 0x65afca65U, 0x7a8ef47aU, 0xaee947aeU, 0x08181008U, - 0xbad56fbaU, 0x7888f078U, 0x256f4a25U, 0x2e725c2eU, - 0x1c24381cU, 0xa6f157a6U, 0xb4c773b4U, 0xc65197c6U, - 0xe823cbe8U, 0xdd7ca1ddU, 0x749ce874U, 0x1f213e1fU, - 0x4bdd964bU, 0xbddc61bdU, 0x8b860d8bU, 0x8a850f8aU, - 0x7090e070U, 0x3e427c3eU, 0xb5c471b5U, 0x66aacc66U, - 0x48d89048U, 0x03050603U, 0xf601f7f6U, 0x0e121c0eU, - 0x61a3c261U, 0x355f6a35U, 0x57f9ae57U, 0xb9d069b9U, - 0x86911786U, 0xc15899c1U, 0x1d273a1dU, 0x9eb9279eU, - 0xe138d9e1U, 0xf813ebf8U, 0x98b32b98U, 0x11332211U, - 0x69bbd269U, 0xd970a9d9U, 0x8e89078eU, 0x94a73394U, - 0x9bb62d9bU, 0x1e223c1eU, 0x87921587U, 0xe920c9e9U, - 0xce4987ceU, 0x55ffaa55U, 0x28785028U, 0xdf7aa5dfU, - 0x8c8f038cU, 0xa1f859a1U, 0x89800989U, 0x0d171a0dU, - 0xbfda65bfU, 0xe631d7e6U, 0x42c68442U, 0x68b8d068U, - 0x41c38241U, 0x99b02999U, 0x2d775a2dU, 0x0f111e0fU, - 0xb0cb7bb0U, 0x54fca854U, 0xbbd66dbbU, 0x163a2c16U, -}; -static const u32 Te3[256] = { - 0x6363a5c6U, 0x7c7c84f8U, 0x777799eeU, 0x7b7b8df6U, - 0xf2f20dffU, 0x6b6bbdd6U, 0x6f6fb1deU, 0xc5c55491U, - 0x30305060U, 0x01010302U, 0x6767a9ceU, 0x2b2b7d56U, - 0xfefe19e7U, 0xd7d762b5U, 0xababe64dU, 0x76769aecU, - 0xcaca458fU, 0x82829d1fU, 0xc9c94089U, 0x7d7d87faU, - 0xfafa15efU, 0x5959ebb2U, 0x4747c98eU, 0xf0f00bfbU, - 0xadadec41U, 0xd4d467b3U, 0xa2a2fd5fU, 0xafafea45U, - 0x9c9cbf23U, 0xa4a4f753U, 0x727296e4U, 0xc0c05b9bU, - 0xb7b7c275U, 0xfdfd1ce1U, 0x9393ae3dU, 0x26266a4cU, - 0x36365a6cU, 0x3f3f417eU, 0xf7f702f5U, 0xcccc4f83U, - 0x34345c68U, 0xa5a5f451U, 0xe5e534d1U, 0xf1f108f9U, - 0x717193e2U, 0xd8d873abU, 0x31315362U, 0x15153f2aU, - 0x04040c08U, 0xc7c75295U, 0x23236546U, 0xc3c35e9dU, - 0x18182830U, 0x9696a137U, 0x05050f0aU, 0x9a9ab52fU, - 0x0707090eU, 0x12123624U, 0x80809b1bU, 0xe2e23ddfU, - 0xebeb26cdU, 0x2727694eU, 0xb2b2cd7fU, 0x75759feaU, - 0x09091b12U, 0x83839e1dU, 0x2c2c7458U, 0x1a1a2e34U, - 0x1b1b2d36U, 0x6e6eb2dcU, 0x5a5aeeb4U, 0xa0a0fb5bU, - 0x5252f6a4U, 0x3b3b4d76U, 0xd6d661b7U, 0xb3b3ce7dU, - 0x29297b52U, 0xe3e33eddU, 0x2f2f715eU, 0x84849713U, - 0x5353f5a6U, 0xd1d168b9U, 0x00000000U, 0xeded2cc1U, - 0x20206040U, 0xfcfc1fe3U, 0xb1b1c879U, 0x5b5bedb6U, - 0x6a6abed4U, 0xcbcb468dU, 0xbebed967U, 0x39394b72U, - 0x4a4ade94U, 0x4c4cd498U, 0x5858e8b0U, 0xcfcf4a85U, - 0xd0d06bbbU, 0xefef2ac5U, 0xaaaae54fU, 0xfbfb16edU, - 0x4343c586U, 0x4d4dd79aU, 0x33335566U, 0x85859411U, - 0x4545cf8aU, 0xf9f910e9U, 0x02020604U, 0x7f7f81feU, - 0x5050f0a0U, 0x3c3c4478U, 0x9f9fba25U, 0xa8a8e34bU, - 0x5151f3a2U, 0xa3a3fe5dU, 0x4040c080U, 0x8f8f8a05U, - 0x9292ad3fU, 0x9d9dbc21U, 0x38384870U, 0xf5f504f1U, - 0xbcbcdf63U, 0xb6b6c177U, 0xdada75afU, 0x21216342U, - 0x10103020U, 0xffff1ae5U, 0xf3f30efdU, 0xd2d26dbfU, - 0xcdcd4c81U, 0x0c0c1418U, 0x13133526U, 0xecec2fc3U, - 0x5f5fe1beU, 0x9797a235U, 0x4444cc88U, 0x1717392eU, - 0xc4c45793U, 0xa7a7f255U, 0x7e7e82fcU, 0x3d3d477aU, - 0x6464acc8U, 0x5d5de7baU, 0x19192b32U, 0x737395e6U, - 0x6060a0c0U, 0x81819819U, 0x4f4fd19eU, 0xdcdc7fa3U, - 0x22226644U, 0x2a2a7e54U, 0x9090ab3bU, 0x8888830bU, - 0x4646ca8cU, 0xeeee29c7U, 0xb8b8d36bU, 0x14143c28U, - 0xdede79a7U, 0x5e5ee2bcU, 0x0b0b1d16U, 0xdbdb76adU, - 0xe0e03bdbU, 0x32325664U, 0x3a3a4e74U, 0x0a0a1e14U, - 0x4949db92U, 0x06060a0cU, 0x24246c48U, 0x5c5ce4b8U, - 0xc2c25d9fU, 0xd3d36ebdU, 0xacacef43U, 0x6262a6c4U, - 0x9191a839U, 0x9595a431U, 0xe4e437d3U, 0x79798bf2U, - 0xe7e732d5U, 0xc8c8438bU, 0x3737596eU, 0x6d6db7daU, - 0x8d8d8c01U, 0xd5d564b1U, 0x4e4ed29cU, 0xa9a9e049U, - 0x6c6cb4d8U, 0x5656faacU, 0xf4f407f3U, 0xeaea25cfU, - 0x6565afcaU, 0x7a7a8ef4U, 0xaeaee947U, 0x08081810U, - 0xbabad56fU, 0x787888f0U, 0x25256f4aU, 0x2e2e725cU, - 0x1c1c2438U, 0xa6a6f157U, 0xb4b4c773U, 0xc6c65197U, - 0xe8e823cbU, 0xdddd7ca1U, 0x74749ce8U, 0x1f1f213eU, - 0x4b4bdd96U, 0xbdbddc61U, 0x8b8b860dU, 0x8a8a850fU, - 0x707090e0U, 0x3e3e427cU, 0xb5b5c471U, 0x6666aaccU, - 0x4848d890U, 0x03030506U, 0xf6f601f7U, 0x0e0e121cU, - 0x6161a3c2U, 0x35355f6aU, 0x5757f9aeU, 0xb9b9d069U, - 0x86869117U, 0xc1c15899U, 0x1d1d273aU, 0x9e9eb927U, - 0xe1e138d9U, 0xf8f813ebU, 0x9898b32bU, 0x11113322U, - 0x6969bbd2U, 0xd9d970a9U, 0x8e8e8907U, 0x9494a733U, - 0x9b9bb62dU, 0x1e1e223cU, 0x87879215U, 0xe9e920c9U, - 0xcece4987U, 0x5555ffaaU, 0x28287850U, 0xdfdf7aa5U, - 0x8c8c8f03U, 0xa1a1f859U, 0x89898009U, 0x0d0d171aU, - 0xbfbfda65U, 0xe6e631d7U, 0x4242c684U, 0x6868b8d0U, - 0x4141c382U, 0x9999b029U, 0x2d2d775aU, 0x0f0f111eU, - 0xb0b0cb7bU, 0x5454fca8U, 0xbbbbd66dU, 0x16163a2cU, -}; - -static const u32 Td0[256] = { - 0x51f4a750U, 0x7e416553U, 0x1a17a4c3U, 0x3a275e96U, - 0x3bab6bcbU, 0x1f9d45f1U, 0xacfa58abU, 0x4be30393U, - 0x2030fa55U, 0xad766df6U, 0x88cc7691U, 0xf5024c25U, - 0x4fe5d7fcU, 0xc52acbd7U, 0x26354480U, 0xb562a38fU, - 0xdeb15a49U, 0x25ba1b67U, 0x45ea0e98U, 0x5dfec0e1U, - 0xc32f7502U, 0x814cf012U, 0x8d4697a3U, 0x6bd3f9c6U, - 0x038f5fe7U, 0x15929c95U, 0xbf6d7aebU, 0x955259daU, - 0xd4be832dU, 0x587421d3U, 0x49e06929U, 0x8ec9c844U, - 0x75c2896aU, 0xf48e7978U, 0x99583e6bU, 0x27b971ddU, - 0xbee14fb6U, 0xf088ad17U, 0xc920ac66U, 0x7dce3ab4U, - 0x63df4a18U, 0xe51a3182U, 0x97513360U, 0x62537f45U, - 0xb16477e0U, 0xbb6bae84U, 0xfe81a01cU, 0xf9082b94U, - 0x70486858U, 0x8f45fd19U, 0x94de6c87U, 0x527bf8b7U, - 0xab73d323U, 0x724b02e2U, 0xe31f8f57U, 0x6655ab2aU, - 0xb2eb2807U, 0x2fb5c203U, 0x86c57b9aU, 0xd33708a5U, - 0x302887f2U, 0x23bfa5b2U, 0x02036abaU, 0xed16825cU, - 0x8acf1c2bU, 0xa779b492U, 0xf307f2f0U, 0x4e69e2a1U, - 0x65daf4cdU, 0x0605bed5U, 0xd134621fU, 0xc4a6fe8aU, - 0x342e539dU, 0xa2f355a0U, 0x058ae132U, 0xa4f6eb75U, - 0x0b83ec39U, 0x4060efaaU, 0x5e719f06U, 0xbd6e1051U, - 0x3e218af9U, 0x96dd063dU, 0xdd3e05aeU, 0x4de6bd46U, - 0x91548db5U, 0x71c45d05U, 0x0406d46fU, 0x605015ffU, - 0x1998fb24U, 0xd6bde997U, 0x894043ccU, 0x67d99e77U, - 0xb0e842bdU, 0x07898b88U, 0xe7195b38U, 0x79c8eedbU, - 0xa17c0a47U, 0x7c420fe9U, 0xf8841ec9U, 0x00000000U, - 0x09808683U, 0x322bed48U, 0x1e1170acU, 0x6c5a724eU, - 0xfd0efffbU, 0x0f853856U, 0x3daed51eU, 0x362d3927U, - 0x0a0fd964U, 0x685ca621U, 0x9b5b54d1U, 0x24362e3aU, - 0x0c0a67b1U, 0x9357e70fU, 0xb4ee96d2U, 0x1b9b919eU, - 0x80c0c54fU, 0x61dc20a2U, 0x5a774b69U, 0x1c121a16U, - 0xe293ba0aU, 0xc0a02ae5U, 0x3c22e043U, 0x121b171dU, - 0x0e090d0bU, 0xf28bc7adU, 0x2db6a8b9U, 0x141ea9c8U, - 0x57f11985U, 0xaf75074cU, 0xee99ddbbU, 0xa37f60fdU, - 0xf701269fU, 0x5c72f5bcU, 0x44663bc5U, 0x5bfb7e34U, - 0x8b432976U, 0xcb23c6dcU, 0xb6edfc68U, 0xb8e4f163U, - 0xd731dccaU, 0x42638510U, 0x13972240U, 0x84c61120U, - 0x854a247dU, 0xd2bb3df8U, 0xaef93211U, 0xc729a16dU, - 0x1d9e2f4bU, 0xdcb230f3U, 0x0d8652ecU, 0x77c1e3d0U, - 0x2bb3166cU, 0xa970b999U, 0x119448faU, 0x47e96422U, - 0xa8fc8cc4U, 0xa0f03f1aU, 0x567d2cd8U, 0x223390efU, - 0x87494ec7U, 0xd938d1c1U, 0x8ccaa2feU, 0x98d40b36U, - 0xa6f581cfU, 0xa57ade28U, 0xdab78e26U, 0x3fadbfa4U, - 0x2c3a9de4U, 0x5078920dU, 0x6a5fcc9bU, 0x547e4662U, - 0xf68d13c2U, 0x90d8b8e8U, 0x2e39f75eU, 0x82c3aff5U, - 0x9f5d80beU, 0x69d0937cU, 0x6fd52da9U, 0xcf2512b3U, - 0xc8ac993bU, 0x10187da7U, 0xe89c636eU, 0xdb3bbb7bU, - 0xcd267809U, 0x6e5918f4U, 0xec9ab701U, 0x834f9aa8U, - 0xe6956e65U, 0xaaffe67eU, 0x21bccf08U, 0xef15e8e6U, - 0xbae79bd9U, 0x4a6f36ceU, 0xea9f09d4U, 0x29b07cd6U, - 0x31a4b2afU, 0x2a3f2331U, 0xc6a59430U, 0x35a266c0U, - 0x744ebc37U, 0xfc82caa6U, 0xe090d0b0U, 0x33a7d815U, - 0xf104984aU, 0x41ecdaf7U, 0x7fcd500eU, 0x1791f62fU, - 0x764dd68dU, 0x43efb04dU, 0xccaa4d54U, 0xe49604dfU, - 0x9ed1b5e3U, 0x4c6a881bU, 0xc12c1fb8U, 0x4665517fU, - 0x9d5eea04U, 0x018c355dU, 0xfa877473U, 0xfb0b412eU, - 0xb3671d5aU, 0x92dbd252U, 0xe9105633U, 0x6dd64713U, - 0x9ad7618cU, 0x37a10c7aU, 0x59f8148eU, 0xeb133c89U, - 0xcea927eeU, 0xb761c935U, 0xe11ce5edU, 0x7a47b13cU, - 0x9cd2df59U, 0x55f2733fU, 0x1814ce79U, 0x73c737bfU, - 0x53f7cdeaU, 0x5ffdaa5bU, 0xdf3d6f14U, 0x7844db86U, - 0xcaaff381U, 0xb968c43eU, 0x3824342cU, 0xc2a3405fU, - 0x161dc372U, 0xbce2250cU, 0x283c498bU, 0xff0d9541U, - 0x39a80171U, 0x080cb3deU, 0xd8b4e49cU, 0x6456c190U, - 0x7bcb8461U, 0xd532b670U, 0x486c5c74U, 0xd0b85742U, -}; -static const u32 Td1[256] = { - 0x5051f4a7U, 0x537e4165U, 0xc31a17a4U, 0x963a275eU, - 0xcb3bab6bU, 0xf11f9d45U, 0xabacfa58U, 0x934be303U, - 0x552030faU, 0xf6ad766dU, 0x9188cc76U, 0x25f5024cU, - 0xfc4fe5d7U, 0xd7c52acbU, 0x80263544U, 0x8fb562a3U, - 0x49deb15aU, 0x6725ba1bU, 0x9845ea0eU, 0xe15dfec0U, - 0x02c32f75U, 0x12814cf0U, 0xa38d4697U, 0xc66bd3f9U, - 0xe7038f5fU, 0x9515929cU, 0xebbf6d7aU, 0xda955259U, - 0x2dd4be83U, 0xd3587421U, 0x2949e069U, 0x448ec9c8U, - 0x6a75c289U, 0x78f48e79U, 0x6b99583eU, 0xdd27b971U, - 0xb6bee14fU, 0x17f088adU, 0x66c920acU, 0xb47dce3aU, - 0x1863df4aU, 0x82e51a31U, 0x60975133U, 0x4562537fU, - 0xe0b16477U, 0x84bb6baeU, 0x1cfe81a0U, 0x94f9082bU, - 0x58704868U, 0x198f45fdU, 0x8794de6cU, 0xb7527bf8U, - 0x23ab73d3U, 0xe2724b02U, 0x57e31f8fU, 0x2a6655abU, - 0x07b2eb28U, 0x032fb5c2U, 0x9a86c57bU, 0xa5d33708U, - 0xf2302887U, 0xb223bfa5U, 0xba02036aU, 0x5ced1682U, - 0x2b8acf1cU, 0x92a779b4U, 0xf0f307f2U, 0xa14e69e2U, - 0xcd65daf4U, 0xd50605beU, 0x1fd13462U, 0x8ac4a6feU, - 0x9d342e53U, 0xa0a2f355U, 0x32058ae1U, 0x75a4f6ebU, - 0x390b83ecU, 0xaa4060efU, 0x065e719fU, 0x51bd6e10U, - 0xf93e218aU, 0x3d96dd06U, 0xaedd3e05U, 0x464de6bdU, - 0xb591548dU, 0x0571c45dU, 0x6f0406d4U, 0xff605015U, - 0x241998fbU, 0x97d6bde9U, 0xcc894043U, 0x7767d99eU, - 0xbdb0e842U, 0x8807898bU, 0x38e7195bU, 0xdb79c8eeU, - 0x47a17c0aU, 0xe97c420fU, 0xc9f8841eU, 0x00000000U, - 0x83098086U, 0x48322bedU, 0xac1e1170U, 0x4e6c5a72U, - 0xfbfd0effU, 0x560f8538U, 0x1e3daed5U, 0x27362d39U, - 0x640a0fd9U, 0x21685ca6U, 0xd19b5b54U, 0x3a24362eU, - 0xb10c0a67U, 0x0f9357e7U, 0xd2b4ee96U, 0x9e1b9b91U, - 0x4f80c0c5U, 0xa261dc20U, 0x695a774bU, 0x161c121aU, - 0x0ae293baU, 0xe5c0a02aU, 0x433c22e0U, 0x1d121b17U, - 0x0b0e090dU, 0xadf28bc7U, 0xb92db6a8U, 0xc8141ea9U, - 0x8557f119U, 0x4caf7507U, 0xbbee99ddU, 0xfda37f60U, - 0x9ff70126U, 0xbc5c72f5U, 0xc544663bU, 0x345bfb7eU, - 0x768b4329U, 0xdccb23c6U, 0x68b6edfcU, 0x63b8e4f1U, - 0xcad731dcU, 0x10426385U, 0x40139722U, 0x2084c611U, - 0x7d854a24U, 0xf8d2bb3dU, 0x11aef932U, 0x6dc729a1U, - 0x4b1d9e2fU, 0xf3dcb230U, 0xec0d8652U, 0xd077c1e3U, - 0x6c2bb316U, 0x99a970b9U, 0xfa119448U, 0x2247e964U, - 0xc4a8fc8cU, 0x1aa0f03fU, 0xd8567d2cU, 0xef223390U, - 0xc787494eU, 0xc1d938d1U, 0xfe8ccaa2U, 0x3698d40bU, - 0xcfa6f581U, 0x28a57adeU, 0x26dab78eU, 0xa43fadbfU, - 0xe42c3a9dU, 0x0d507892U, 0x9b6a5fccU, 0x62547e46U, - 0xc2f68d13U, 0xe890d8b8U, 0x5e2e39f7U, 0xf582c3afU, - 0xbe9f5d80U, 0x7c69d093U, 0xa96fd52dU, 0xb3cf2512U, - 0x3bc8ac99U, 0xa710187dU, 0x6ee89c63U, 0x7bdb3bbbU, - 0x09cd2678U, 0xf46e5918U, 0x01ec9ab7U, 0xa8834f9aU, - 0x65e6956eU, 0x7eaaffe6U, 0x0821bccfU, 0xe6ef15e8U, - 0xd9bae79bU, 0xce4a6f36U, 0xd4ea9f09U, 0xd629b07cU, - 0xaf31a4b2U, 0x312a3f23U, 0x30c6a594U, 0xc035a266U, - 0x37744ebcU, 0xa6fc82caU, 0xb0e090d0U, 0x1533a7d8U, - 0x4af10498U, 0xf741ecdaU, 0x0e7fcd50U, 0x2f1791f6U, - 0x8d764dd6U, 0x4d43efb0U, 0x54ccaa4dU, 0xdfe49604U, - 0xe39ed1b5U, 0x1b4c6a88U, 0xb8c12c1fU, 0x7f466551U, - 0x049d5eeaU, 0x5d018c35U, 0x73fa8774U, 0x2efb0b41U, - 0x5ab3671dU, 0x5292dbd2U, 0x33e91056U, 0x136dd647U, - 0x8c9ad761U, 0x7a37a10cU, 0x8e59f814U, 0x89eb133cU, - 0xeecea927U, 0x35b761c9U, 0xede11ce5U, 0x3c7a47b1U, - 0x599cd2dfU, 0x3f55f273U, 0x791814ceU, 0xbf73c737U, - 0xea53f7cdU, 0x5b5ffdaaU, 0x14df3d6fU, 0x867844dbU, - 0x81caaff3U, 0x3eb968c4U, 0x2c382434U, 0x5fc2a340U, - 0x72161dc3U, 0x0cbce225U, 0x8b283c49U, 0x41ff0d95U, - 0x7139a801U, 0xde080cb3U, 0x9cd8b4e4U, 0x906456c1U, - 0x617bcb84U, 0x70d532b6U, 0x74486c5cU, 0x42d0b857U, -}; -static const u32 Td2[256] = { - 0xa75051f4U, 0x65537e41U, 0xa4c31a17U, 0x5e963a27U, - 0x6bcb3babU, 0x45f11f9dU, 0x58abacfaU, 0x03934be3U, - 0xfa552030U, 0x6df6ad76U, 0x769188ccU, 0x4c25f502U, - 0xd7fc4fe5U, 0xcbd7c52aU, 0x44802635U, 0xa38fb562U, - 0x5a49deb1U, 0x1b6725baU, 0x0e9845eaU, 0xc0e15dfeU, - 0x7502c32fU, 0xf012814cU, 0x97a38d46U, 0xf9c66bd3U, - 0x5fe7038fU, 0x9c951592U, 0x7aebbf6dU, 0x59da9552U, - 0x832dd4beU, 0x21d35874U, 0x692949e0U, 0xc8448ec9U, - 0x896a75c2U, 0x7978f48eU, 0x3e6b9958U, 0x71dd27b9U, - 0x4fb6bee1U, 0xad17f088U, 0xac66c920U, 0x3ab47dceU, - 0x4a1863dfU, 0x3182e51aU, 0x33609751U, 0x7f456253U, - 0x77e0b164U, 0xae84bb6bU, 0xa01cfe81U, 0x2b94f908U, - 0x68587048U, 0xfd198f45U, 0x6c8794deU, 0xf8b7527bU, - 0xd323ab73U, 0x02e2724bU, 0x8f57e31fU, 0xab2a6655U, - 0x2807b2ebU, 0xc2032fb5U, 0x7b9a86c5U, 0x08a5d337U, - 0x87f23028U, 0xa5b223bfU, 0x6aba0203U, 0x825ced16U, - 0x1c2b8acfU, 0xb492a779U, 0xf2f0f307U, 0xe2a14e69U, - 0xf4cd65daU, 0xbed50605U, 0x621fd134U, 0xfe8ac4a6U, - 0x539d342eU, 0x55a0a2f3U, 0xe132058aU, 0xeb75a4f6U, - 0xec390b83U, 0xefaa4060U, 0x9f065e71U, 0x1051bd6eU, - 0x8af93e21U, 0x063d96ddU, 0x05aedd3eU, 0xbd464de6U, - 0x8db59154U, 0x5d0571c4U, 0xd46f0406U, 0x15ff6050U, - 0xfb241998U, 0xe997d6bdU, 0x43cc8940U, 0x9e7767d9U, - 0x42bdb0e8U, 0x8b880789U, 0x5b38e719U, 0xeedb79c8U, - 0x0a47a17cU, 0x0fe97c42U, 0x1ec9f884U, 0x00000000U, - 0x86830980U, 0xed48322bU, 0x70ac1e11U, 0x724e6c5aU, - 0xfffbfd0eU, 0x38560f85U, 0xd51e3daeU, 0x3927362dU, - 0xd9640a0fU, 0xa621685cU, 0x54d19b5bU, 0x2e3a2436U, - 0x67b10c0aU, 0xe70f9357U, 0x96d2b4eeU, 0x919e1b9bU, - 0xc54f80c0U, 0x20a261dcU, 0x4b695a77U, 0x1a161c12U, - 0xba0ae293U, 0x2ae5c0a0U, 0xe0433c22U, 0x171d121bU, - 0x0d0b0e09U, 0xc7adf28bU, 0xa8b92db6U, 0xa9c8141eU, - 0x198557f1U, 0x074caf75U, 0xddbbee99U, 0x60fda37fU, - 0x269ff701U, 0xf5bc5c72U, 0x3bc54466U, 0x7e345bfbU, - 0x29768b43U, 0xc6dccb23U, 0xfc68b6edU, 0xf163b8e4U, - 0xdccad731U, 0x85104263U, 0x22401397U, 0x112084c6U, - 0x247d854aU, 0x3df8d2bbU, 0x3211aef9U, 0xa16dc729U, - 0x2f4b1d9eU, 0x30f3dcb2U, 0x52ec0d86U, 0xe3d077c1U, - 0x166c2bb3U, 0xb999a970U, 0x48fa1194U, 0x642247e9U, - 0x8cc4a8fcU, 0x3f1aa0f0U, 0x2cd8567dU, 0x90ef2233U, - 0x4ec78749U, 0xd1c1d938U, 0xa2fe8ccaU, 0x0b3698d4U, - 0x81cfa6f5U, 0xde28a57aU, 0x8e26dab7U, 0xbfa43fadU, - 0x9de42c3aU, 0x920d5078U, 0xcc9b6a5fU, 0x4662547eU, - 0x13c2f68dU, 0xb8e890d8U, 0xf75e2e39U, 0xaff582c3U, - 0x80be9f5dU, 0x937c69d0U, 0x2da96fd5U, 0x12b3cf25U, - 0x993bc8acU, 0x7da71018U, 0x636ee89cU, 0xbb7bdb3bU, - 0x7809cd26U, 0x18f46e59U, 0xb701ec9aU, 0x9aa8834fU, - 0x6e65e695U, 0xe67eaaffU, 0xcf0821bcU, 0xe8e6ef15U, - 0x9bd9bae7U, 0x36ce4a6fU, 0x09d4ea9fU, 0x7cd629b0U, - 0xb2af31a4U, 0x23312a3fU, 0x9430c6a5U, 0x66c035a2U, - 0xbc37744eU, 0xcaa6fc82U, 0xd0b0e090U, 0xd81533a7U, - 0x984af104U, 0xdaf741ecU, 0x500e7fcdU, 0xf62f1791U, - 0xd68d764dU, 0xb04d43efU, 0x4d54ccaaU, 0x04dfe496U, - 0xb5e39ed1U, 0x881b4c6aU, 0x1fb8c12cU, 0x517f4665U, - 0xea049d5eU, 0x355d018cU, 0x7473fa87U, 0x412efb0bU, - 0x1d5ab367U, 0xd25292dbU, 0x5633e910U, 0x47136dd6U, - 0x618c9ad7U, 0x0c7a37a1U, 0x148e59f8U, 0x3c89eb13U, - 0x27eecea9U, 0xc935b761U, 0xe5ede11cU, 0xb13c7a47U, - 0xdf599cd2U, 0x733f55f2U, 0xce791814U, 0x37bf73c7U, - 0xcdea53f7U, 0xaa5b5ffdU, 0x6f14df3dU, 0xdb867844U, - 0xf381caafU, 0xc43eb968U, 0x342c3824U, 0x405fc2a3U, - 0xc372161dU, 0x250cbce2U, 0x498b283cU, 0x9541ff0dU, - 0x017139a8U, 0xb3de080cU, 0xe49cd8b4U, 0xc1906456U, - 0x84617bcbU, 0xb670d532U, 0x5c74486cU, 0x5742d0b8U, -}; -static const u32 Td3[256] = { - 0xf4a75051U, 0x4165537eU, 0x17a4c31aU, 0x275e963aU, - 0xab6bcb3bU, 0x9d45f11fU, 0xfa58abacU, 0xe303934bU, - 0x30fa5520U, 0x766df6adU, 0xcc769188U, 0x024c25f5U, - 0xe5d7fc4fU, 0x2acbd7c5U, 0x35448026U, 0x62a38fb5U, - 0xb15a49deU, 0xba1b6725U, 0xea0e9845U, 0xfec0e15dU, - 0x2f7502c3U, 0x4cf01281U, 0x4697a38dU, 0xd3f9c66bU, - 0x8f5fe703U, 0x929c9515U, 0x6d7aebbfU, 0x5259da95U, - 0xbe832dd4U, 0x7421d358U, 0xe0692949U, 0xc9c8448eU, - 0xc2896a75U, 0x8e7978f4U, 0x583e6b99U, 0xb971dd27U, - 0xe14fb6beU, 0x88ad17f0U, 0x20ac66c9U, 0xce3ab47dU, - 0xdf4a1863U, 0x1a3182e5U, 0x51336097U, 0x537f4562U, - 0x6477e0b1U, 0x6bae84bbU, 0x81a01cfeU, 0x082b94f9U, - 0x48685870U, 0x45fd198fU, 0xde6c8794U, 0x7bf8b752U, - 0x73d323abU, 0x4b02e272U, 0x1f8f57e3U, 0x55ab2a66U, - 0xeb2807b2U, 0xb5c2032fU, 0xc57b9a86U, 0x3708a5d3U, - 0x2887f230U, 0xbfa5b223U, 0x036aba02U, 0x16825cedU, - 0xcf1c2b8aU, 0x79b492a7U, 0x07f2f0f3U, 0x69e2a14eU, - 0xdaf4cd65U, 0x05bed506U, 0x34621fd1U, 0xa6fe8ac4U, - 0x2e539d34U, 0xf355a0a2U, 0x8ae13205U, 0xf6eb75a4U, - 0x83ec390bU, 0x60efaa40U, 0x719f065eU, 0x6e1051bdU, - 0x218af93eU, 0xdd063d96U, 0x3e05aeddU, 0xe6bd464dU, - 0x548db591U, 0xc45d0571U, 0x06d46f04U, 0x5015ff60U, - 0x98fb2419U, 0xbde997d6U, 0x4043cc89U, 0xd99e7767U, - 0xe842bdb0U, 0x898b8807U, 0x195b38e7U, 0xc8eedb79U, - 0x7c0a47a1U, 0x420fe97cU, 0x841ec9f8U, 0x00000000U, - 0x80868309U, 0x2bed4832U, 0x1170ac1eU, 0x5a724e6cU, - 0x0efffbfdU, 0x8538560fU, 0xaed51e3dU, 0x2d392736U, - 0x0fd9640aU, 0x5ca62168U, 0x5b54d19bU, 0x362e3a24U, - 0x0a67b10cU, 0x57e70f93U, 0xee96d2b4U, 0x9b919e1bU, - 0xc0c54f80U, 0xdc20a261U, 0x774b695aU, 0x121a161cU, - 0x93ba0ae2U, 0xa02ae5c0U, 0x22e0433cU, 0x1b171d12U, - 0x090d0b0eU, 0x8bc7adf2U, 0xb6a8b92dU, 0x1ea9c814U, - 0xf1198557U, 0x75074cafU, 0x99ddbbeeU, 0x7f60fda3U, - 0x01269ff7U, 0x72f5bc5cU, 0x663bc544U, 0xfb7e345bU, - 0x4329768bU, 0x23c6dccbU, 0xedfc68b6U, 0xe4f163b8U, - 0x31dccad7U, 0x63851042U, 0x97224013U, 0xc6112084U, - 0x4a247d85U, 0xbb3df8d2U, 0xf93211aeU, 0x29a16dc7U, - 0x9e2f4b1dU, 0xb230f3dcU, 0x8652ec0dU, 0xc1e3d077U, - 0xb3166c2bU, 0x70b999a9U, 0x9448fa11U, 0xe9642247U, - 0xfc8cc4a8U, 0xf03f1aa0U, 0x7d2cd856U, 0x3390ef22U, - 0x494ec787U, 0x38d1c1d9U, 0xcaa2fe8cU, 0xd40b3698U, - 0xf581cfa6U, 0x7ade28a5U, 0xb78e26daU, 0xadbfa43fU, - 0x3a9de42cU, 0x78920d50U, 0x5fcc9b6aU, 0x7e466254U, - 0x8d13c2f6U, 0xd8b8e890U, 0x39f75e2eU, 0xc3aff582U, - 0x5d80be9fU, 0xd0937c69U, 0xd52da96fU, 0x2512b3cfU, - 0xac993bc8U, 0x187da710U, 0x9c636ee8U, 0x3bbb7bdbU, - 0x267809cdU, 0x5918f46eU, 0x9ab701ecU, 0x4f9aa883U, - 0x956e65e6U, 0xffe67eaaU, 0xbccf0821U, 0x15e8e6efU, - 0xe79bd9baU, 0x6f36ce4aU, 0x9f09d4eaU, 0xb07cd629U, - 0xa4b2af31U, 0x3f23312aU, 0xa59430c6U, 0xa266c035U, - 0x4ebc3774U, 0x82caa6fcU, 0x90d0b0e0U, 0xa7d81533U, - 0x04984af1U, 0xecdaf741U, 0xcd500e7fU, 0x91f62f17U, - 0x4dd68d76U, 0xefb04d43U, 0xaa4d54ccU, 0x9604dfe4U, - 0xd1b5e39eU, 0x6a881b4cU, 0x2c1fb8c1U, 0x65517f46U, - 0x5eea049dU, 0x8c355d01U, 0x877473faU, 0x0b412efbU, - 0x671d5ab3U, 0xdbd25292U, 0x105633e9U, 0xd647136dU, - 0xd7618c9aU, 0xa10c7a37U, 0xf8148e59U, 0x133c89ebU, - 0xa927eeceU, 0x61c935b7U, 0x1ce5ede1U, 0x47b13c7aU, - 0xd2df599cU, 0xf2733f55U, 0x14ce7918U, 0xc737bf73U, - 0xf7cdea53U, 0xfdaa5b5fU, 0x3d6f14dfU, 0x44db8678U, - 0xaff381caU, 0x68c43eb9U, 0x24342c38U, 0xa3405fc2U, - 0x1dc37216U, 0xe2250cbcU, 0x3c498b28U, 0x0d9541ffU, - 0xa8017139U, 0x0cb3de08U, 0xb4e49cd8U, 0x56c19064U, - 0xcb84617bU, 0x32b670d5U, 0x6c5c7448U, 0xb85742d0U, -}; -static const u8 Td4[256] = { - 0x52U, 0x09U, 0x6aU, 0xd5U, 0x30U, 0x36U, 0xa5U, 0x38U, - 0xbfU, 0x40U, 0xa3U, 0x9eU, 0x81U, 0xf3U, 0xd7U, 0xfbU, - 0x7cU, 0xe3U, 0x39U, 0x82U, 0x9bU, 0x2fU, 0xffU, 0x87U, - 0x34U, 0x8eU, 0x43U, 0x44U, 0xc4U, 0xdeU, 0xe9U, 0xcbU, - 0x54U, 0x7bU, 0x94U, 0x32U, 0xa6U, 0xc2U, 0x23U, 0x3dU, - 0xeeU, 0x4cU, 0x95U, 0x0bU, 0x42U, 0xfaU, 0xc3U, 0x4eU, - 0x08U, 0x2eU, 0xa1U, 0x66U, 0x28U, 0xd9U, 0x24U, 0xb2U, - 0x76U, 0x5bU, 0xa2U, 0x49U, 0x6dU, 0x8bU, 0xd1U, 0x25U, - 0x72U, 0xf8U, 0xf6U, 0x64U, 0x86U, 0x68U, 0x98U, 0x16U, - 0xd4U, 0xa4U, 0x5cU, 0xccU, 0x5dU, 0x65U, 0xb6U, 0x92U, - 0x6cU, 0x70U, 0x48U, 0x50U, 0xfdU, 0xedU, 0xb9U, 0xdaU, - 0x5eU, 0x15U, 0x46U, 0x57U, 0xa7U, 0x8dU, 0x9dU, 0x84U, - 0x90U, 0xd8U, 0xabU, 0x00U, 0x8cU, 0xbcU, 0xd3U, 0x0aU, - 0xf7U, 0xe4U, 0x58U, 0x05U, 0xb8U, 0xb3U, 0x45U, 0x06U, - 0xd0U, 0x2cU, 0x1eU, 0x8fU, 0xcaU, 0x3fU, 0x0fU, 0x02U, - 0xc1U, 0xafU, 0xbdU, 0x03U, 0x01U, 0x13U, 0x8aU, 0x6bU, - 0x3aU, 0x91U, 0x11U, 0x41U, 0x4fU, 0x67U, 0xdcU, 0xeaU, - 0x97U, 0xf2U, 0xcfU, 0xceU, 0xf0U, 0xb4U, 0xe6U, 0x73U, - 0x96U, 0xacU, 0x74U, 0x22U, 0xe7U, 0xadU, 0x35U, 0x85U, - 0xe2U, 0xf9U, 0x37U, 0xe8U, 0x1cU, 0x75U, 0xdfU, 0x6eU, - 0x47U, 0xf1U, 0x1aU, 0x71U, 0x1dU, 0x29U, 0xc5U, 0x89U, - 0x6fU, 0xb7U, 0x62U, 0x0eU, 0xaaU, 0x18U, 0xbeU, 0x1bU, - 0xfcU, 0x56U, 0x3eU, 0x4bU, 0xc6U, 0xd2U, 0x79U, 0x20U, - 0x9aU, 0xdbU, 0xc0U, 0xfeU, 0x78U, 0xcdU, 0x5aU, 0xf4U, - 0x1fU, 0xddU, 0xa8U, 0x33U, 0x88U, 0x07U, 0xc7U, 0x31U, - 0xb1U, 0x12U, 0x10U, 0x59U, 0x27U, 0x80U, 0xecU, 0x5fU, - 0x60U, 0x51U, 0x7fU, 0xa9U, 0x19U, 0xb5U, 0x4aU, 0x0dU, - 0x2dU, 0xe5U, 0x7aU, 0x9fU, 0x93U, 0xc9U, 0x9cU, 0xefU, - 0xa0U, 0xe0U, 0x3bU, 0x4dU, 0xaeU, 0x2aU, 0xf5U, 0xb0U, - 0xc8U, 0xebU, 0xbbU, 0x3cU, 0x83U, 0x53U, 0x99U, 0x61U, - 0x17U, 0x2bU, 0x04U, 0x7eU, 0xbaU, 0x77U, 0xd6U, 0x26U, - 0xe1U, 0x69U, 0x14U, 0x63U, 0x55U, 0x21U, 0x0cU, 0x7dU, -}; -static const u32 rcon[] = { - 0x01000000, 0x02000000, 0x04000000, 0x08000000, - 0x10000000, 0x20000000, 0x40000000, 0x80000000, - 0x1B000000, 0x36000000, /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */ -}; - -/** - * Expand the cipher key into the encryption key schedule. - */ -int AES_set_encrypt_key(const unsigned char *userKey, const int bits, - AES_KEY *key) -{ - - u32 *rk; - int i = 0; - u32 temp; - - if (!userKey || !key) - return -1; - if (bits != 128 && bits != 192 && bits != 256) - return -2; - - rk = key->rd_key; - - if (bits == 128) - key->rounds = 10; - else if (bits == 192) - key->rounds = 12; - else - key->rounds = 14; - - rk[0] = GETU32(userKey ); - rk[1] = GETU32(userKey + 4); - rk[2] = GETU32(userKey + 8); - rk[3] = GETU32(userKey + 12); - if (bits == 128) { - while (1) { - temp = rk[3]; - rk[4] = rk[0] ^ - (Te2[(temp >> 16) & 0xff] & 0xff000000) ^ - (Te3[(temp >> 8) & 0xff] & 0x00ff0000) ^ - (Te0[(temp ) & 0xff] & 0x0000ff00) ^ - (Te1[(temp >> 24) ] & 0x000000ff) ^ - rcon[i]; - rk[5] = rk[1] ^ rk[4]; - rk[6] = rk[2] ^ rk[5]; - rk[7] = rk[3] ^ rk[6]; - if (++i == 10) { - return 0; - } - rk += 4; - } - } - rk[4] = GETU32(userKey + 16); - rk[5] = GETU32(userKey + 20); - if (bits == 192) { - while (1) { - temp = rk[ 5]; - rk[ 6] = rk[ 0] ^ - (Te2[(temp >> 16) & 0xff] & 0xff000000) ^ - (Te3[(temp >> 8) & 0xff] & 0x00ff0000) ^ - (Te0[(temp ) & 0xff] & 0x0000ff00) ^ - (Te1[(temp >> 24) ] & 0x000000ff) ^ - rcon[i]; - rk[ 7] = rk[ 1] ^ rk[ 6]; - rk[ 8] = rk[ 2] ^ rk[ 7]; - rk[ 9] = rk[ 3] ^ rk[ 8]; - if (++i == 8) { - return 0; - } - rk[10] = rk[ 4] ^ rk[ 9]; - rk[11] = rk[ 5] ^ rk[10]; - rk += 6; - } - } - rk[6] = GETU32(userKey + 24); - rk[7] = GETU32(userKey + 28); - if (bits == 256) { - while (1) { - temp = rk[ 7]; - rk[ 8] = rk[ 0] ^ - (Te2[(temp >> 16) & 0xff] & 0xff000000) ^ - (Te3[(temp >> 8) & 0xff] & 0x00ff0000) ^ - (Te0[(temp ) & 0xff] & 0x0000ff00) ^ - (Te1[(temp >> 24) ] & 0x000000ff) ^ - rcon[i]; - rk[ 9] = rk[ 1] ^ rk[ 8]; - rk[10] = rk[ 2] ^ rk[ 9]; - rk[11] = rk[ 3] ^ rk[10]; - if (++i == 7) { - return 0; - } - temp = rk[11]; - rk[12] = rk[ 4] ^ - (Te2[(temp >> 24) ] & 0xff000000) ^ - (Te3[(temp >> 16) & 0xff] & 0x00ff0000) ^ - (Te0[(temp >> 8) & 0xff] & 0x0000ff00) ^ - (Te1[(temp ) & 0xff] & 0x000000ff); - rk[13] = rk[ 5] ^ rk[12]; - rk[14] = rk[ 6] ^ rk[13]; - rk[15] = rk[ 7] ^ rk[14]; - - rk += 8; - } - } - return 0; -} - -/** - * Expand the cipher key into the decryption key schedule. - */ -int AES_set_decrypt_key(const unsigned char *userKey, const int bits, - AES_KEY *key) -{ - - u32 *rk; - int i, j, status; - u32 temp; - - /* first, start with an encryption schedule */ - status = AES_set_encrypt_key(userKey, bits, key); - if (status < 0) - return status; - - rk = key->rd_key; - - /* invert the order of the round keys: */ - for (i = 0, j = 4*(key->rounds); i < j; i += 4, j -= 4) { - temp = rk[i ]; rk[i ] = rk[j ]; rk[j ] = temp; - temp = rk[i + 1]; rk[i + 1] = rk[j + 1]; rk[j + 1] = temp; - temp = rk[i + 2]; rk[i + 2] = rk[j + 2]; rk[j + 2] = temp; - temp = rk[i + 3]; rk[i + 3] = rk[j + 3]; rk[j + 3] = temp; - } - /* apply the inverse MixColumn transform to all round keys but the first and the last: */ - for (i = 1; i < (key->rounds); i++) { - rk += 4; - rk[0] = - Td0[Te1[(rk[0] >> 24) ] & 0xff] ^ - Td1[Te1[(rk[0] >> 16) & 0xff] & 0xff] ^ - Td2[Te1[(rk[0] >> 8) & 0xff] & 0xff] ^ - Td3[Te1[(rk[0] ) & 0xff] & 0xff]; - rk[1] = - Td0[Te1[(rk[1] >> 24) ] & 0xff] ^ - Td1[Te1[(rk[1] >> 16) & 0xff] & 0xff] ^ - Td2[Te1[(rk[1] >> 8) & 0xff] & 0xff] ^ - Td3[Te1[(rk[1] ) & 0xff] & 0xff]; - rk[2] = - Td0[Te1[(rk[2] >> 24) ] & 0xff] ^ - Td1[Te1[(rk[2] >> 16) & 0xff] & 0xff] ^ - Td2[Te1[(rk[2] >> 8) & 0xff] & 0xff] ^ - Td3[Te1[(rk[2] ) & 0xff] & 0xff]; - rk[3] = - Td0[Te1[(rk[3] >> 24) ] & 0xff] ^ - Td1[Te1[(rk[3] >> 16) & 0xff] & 0xff] ^ - Td2[Te1[(rk[3] >> 8) & 0xff] & 0xff] ^ - Td3[Te1[(rk[3] ) & 0xff] & 0xff]; - } - return 0; -} - -/* - * Encrypt a single block - * in and out can overlap - */ -void AES_encrypt(const unsigned char *in, unsigned char *out, - const AES_KEY *key) { - - const u32 *rk; - u32 s0, s1, s2, s3, t0, t1, t2, t3; -#ifndef FULL_UNROLL - int r; -#endif /* ?FULL_UNROLL */ - - assert(in && out && key); - rk = key->rd_key; - - /* - * map byte array block to cipher state - * and add initial round key: - */ - s0 = GETU32(in ) ^ rk[0]; - s1 = GETU32(in + 4) ^ rk[1]; - s2 = GETU32(in + 8) ^ rk[2]; - s3 = GETU32(in + 12) ^ rk[3]; -#ifdef FULL_UNROLL - /* round 1: */ - t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[ 4]; - t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[ 5]; - t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[ 6]; - t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[ 7]; - /* round 2: */ - s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[ 8]; - s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[ 9]; - s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[10]; - s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[11]; - /* round 3: */ - t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[12]; - t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[13]; - t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[14]; - t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[15]; - /* round 4: */ - s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[16]; - s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[17]; - s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[18]; - s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[19]; - /* round 5: */ - t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[20]; - t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[21]; - t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[22]; - t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[23]; - /* round 6: */ - s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[24]; - s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[25]; - s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[26]; - s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[27]; - /* round 7: */ - t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[28]; - t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[29]; - t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[30]; - t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[31]; - /* round 8: */ - s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[32]; - s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[33]; - s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[34]; - s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[35]; - /* round 9: */ - t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[36]; - t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[37]; - t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[38]; - t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[39]; - if (key->rounds > 10) { - /* round 10: */ - s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[40]; - s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[41]; - s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[42]; - s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[43]; - /* round 11: */ - t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[44]; - t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[45]; - t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[46]; - t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[47]; - if (key->rounds > 12) { - /* round 12: */ - s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[48]; - s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[49]; - s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[50]; - s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[51]; - /* round 13: */ - t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[52]; - t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[53]; - t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[54]; - t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[55]; - } - } - rk += key->rounds << 2; -#else /* !FULL_UNROLL */ - /* - * Nr - 1 full rounds: - */ - r = key->rounds >> 1; - for (;;) { - t0 = - Te0[(s0 >> 24) ] ^ - Te1[(s1 >> 16) & 0xff] ^ - Te2[(s2 >> 8) & 0xff] ^ - Te3[(s3 ) & 0xff] ^ - rk[4]; - t1 = - Te0[(s1 >> 24) ] ^ - Te1[(s2 >> 16) & 0xff] ^ - Te2[(s3 >> 8) & 0xff] ^ - Te3[(s0 ) & 0xff] ^ - rk[5]; - t2 = - Te0[(s2 >> 24) ] ^ - Te1[(s3 >> 16) & 0xff] ^ - Te2[(s0 >> 8) & 0xff] ^ - Te3[(s1 ) & 0xff] ^ - rk[6]; - t3 = - Te0[(s3 >> 24) ] ^ - Te1[(s0 >> 16) & 0xff] ^ - Te2[(s1 >> 8) & 0xff] ^ - Te3[(s2 ) & 0xff] ^ - rk[7]; - - rk += 8; - if (--r == 0) { - break; - } - - s0 = - Te0[(t0 >> 24) ] ^ - Te1[(t1 >> 16) & 0xff] ^ - Te2[(t2 >> 8) & 0xff] ^ - Te3[(t3 ) & 0xff] ^ - rk[0]; - s1 = - Te0[(t1 >> 24) ] ^ - Te1[(t2 >> 16) & 0xff] ^ - Te2[(t3 >> 8) & 0xff] ^ - Te3[(t0 ) & 0xff] ^ - rk[1]; - s2 = - Te0[(t2 >> 24) ] ^ - Te1[(t3 >> 16) & 0xff] ^ - Te2[(t0 >> 8) & 0xff] ^ - Te3[(t1 ) & 0xff] ^ - rk[2]; - s3 = - Te0[(t3 >> 24) ] ^ - Te1[(t0 >> 16) & 0xff] ^ - Te2[(t1 >> 8) & 0xff] ^ - Te3[(t2 ) & 0xff] ^ - rk[3]; - } -#endif /* ?FULL_UNROLL */ - /* - * apply last round and - * map cipher state to byte array block: - */ - s0 = - (Te2[(t0 >> 24) ] & 0xff000000) ^ - (Te3[(t1 >> 16) & 0xff] & 0x00ff0000) ^ - (Te0[(t2 >> 8) & 0xff] & 0x0000ff00) ^ - (Te1[(t3 ) & 0xff] & 0x000000ff) ^ - rk[0]; - PUTU32(out , s0); - s1 = - (Te2[(t1 >> 24) ] & 0xff000000) ^ - (Te3[(t2 >> 16) & 0xff] & 0x00ff0000) ^ - (Te0[(t3 >> 8) & 0xff] & 0x0000ff00) ^ - (Te1[(t0 ) & 0xff] & 0x000000ff) ^ - rk[1]; - PUTU32(out + 4, s1); - s2 = - (Te2[(t2 >> 24) ] & 0xff000000) ^ - (Te3[(t3 >> 16) & 0xff] & 0x00ff0000) ^ - (Te0[(t0 >> 8) & 0xff] & 0x0000ff00) ^ - (Te1[(t1 ) & 0xff] & 0x000000ff) ^ - rk[2]; - PUTU32(out + 8, s2); - s3 = - (Te2[(t3 >> 24) ] & 0xff000000) ^ - (Te3[(t0 >> 16) & 0xff] & 0x00ff0000) ^ - (Te0[(t1 >> 8) & 0xff] & 0x0000ff00) ^ - (Te1[(t2 ) & 0xff] & 0x000000ff) ^ - rk[3]; - PUTU32(out + 12, s3); -} - -/* - * Decrypt a single block - * in and out can overlap - */ -void AES_decrypt(const unsigned char *in, unsigned char *out, - const AES_KEY *key) -{ - - const u32 *rk; - u32 s0, s1, s2, s3, t0, t1, t2, t3; -#ifndef FULL_UNROLL - int r; -#endif /* ?FULL_UNROLL */ - - assert(in && out && key); - rk = key->rd_key; - - /* - * map byte array block to cipher state - * and add initial round key: - */ - s0 = GETU32(in ) ^ rk[0]; - s1 = GETU32(in + 4) ^ rk[1]; - s2 = GETU32(in + 8) ^ rk[2]; - s3 = GETU32(in + 12) ^ rk[3]; -#ifdef FULL_UNROLL - /* round 1: */ - t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[ 4]; - t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[ 5]; - t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[ 6]; - t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[ 7]; - /* round 2: */ - s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[ 8]; - s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[ 9]; - s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[10]; - s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[11]; - /* round 3: */ - t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[12]; - t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[13]; - t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[14]; - t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[15]; - /* round 4: */ - s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[16]; - s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[17]; - s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[18]; - s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[19]; - /* round 5: */ - t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[20]; - t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[21]; - t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[22]; - t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[23]; - /* round 6: */ - s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[24]; - s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[25]; - s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[26]; - s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[27]; - /* round 7: */ - t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[28]; - t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[29]; - t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[30]; - t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[31]; - /* round 8: */ - s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[32]; - s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[33]; - s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[34]; - s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[35]; - /* round 9: */ - t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[36]; - t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[37]; - t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[38]; - t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[39]; - if (key->rounds > 10) { - /* round 10: */ - s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[40]; - s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[41]; - s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[42]; - s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[43]; - /* round 11: */ - t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[44]; - t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[45]; - t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[46]; - t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[47]; - if (key->rounds > 12) { - /* round 12: */ - s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[48]; - s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[49]; - s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[50]; - s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[51]; - /* round 13: */ - t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[52]; - t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[53]; - t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[54]; - t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[55]; - } - } - rk += key->rounds << 2; -#else /* !FULL_UNROLL */ - /* - * Nr - 1 full rounds: - */ - r = key->rounds >> 1; - for (;;) { - t0 = - Td0[(s0 >> 24) ] ^ - Td1[(s3 >> 16) & 0xff] ^ - Td2[(s2 >> 8) & 0xff] ^ - Td3[(s1 ) & 0xff] ^ - rk[4]; - t1 = - Td0[(s1 >> 24) ] ^ - Td1[(s0 >> 16) & 0xff] ^ - Td2[(s3 >> 8) & 0xff] ^ - Td3[(s2 ) & 0xff] ^ - rk[5]; - t2 = - Td0[(s2 >> 24) ] ^ - Td1[(s1 >> 16) & 0xff] ^ - Td2[(s0 >> 8) & 0xff] ^ - Td3[(s3 ) & 0xff] ^ - rk[6]; - t3 = - Td0[(s3 >> 24) ] ^ - Td1[(s2 >> 16) & 0xff] ^ - Td2[(s1 >> 8) & 0xff] ^ - Td3[(s0 ) & 0xff] ^ - rk[7]; - - rk += 8; - if (--r == 0) { - break; - } - - s0 = - Td0[(t0 >> 24) ] ^ - Td1[(t3 >> 16) & 0xff] ^ - Td2[(t2 >> 8) & 0xff] ^ - Td3[(t1 ) & 0xff] ^ - rk[0]; - s1 = - Td0[(t1 >> 24) ] ^ - Td1[(t0 >> 16) & 0xff] ^ - Td2[(t3 >> 8) & 0xff] ^ - Td3[(t2 ) & 0xff] ^ - rk[1]; - s2 = - Td0[(t2 >> 24) ] ^ - Td1[(t1 >> 16) & 0xff] ^ - Td2[(t0 >> 8) & 0xff] ^ - Td3[(t3 ) & 0xff] ^ - rk[2]; - s3 = - Td0[(t3 >> 24) ] ^ - Td1[(t2 >> 16) & 0xff] ^ - Td2[(t1 >> 8) & 0xff] ^ - Td3[(t0 ) & 0xff] ^ - rk[3]; - } -#endif /* ?FULL_UNROLL */ - /* - * apply last round and - * map cipher state to byte array block: - */ - s0 = - ((u32)Td4[(t0 >> 24) ] << 24) ^ - ((u32)Td4[(t3 >> 16) & 0xff] << 16) ^ - ((u32)Td4[(t2 >> 8) & 0xff] << 8) ^ - ((u32)Td4[(t1 ) & 0xff]) ^ - rk[0]; - PUTU32(out , s0); - s1 = - ((u32)Td4[(t1 >> 24) ] << 24) ^ - ((u32)Td4[(t0 >> 16) & 0xff] << 16) ^ - ((u32)Td4[(t3 >> 8) & 0xff] << 8) ^ - ((u32)Td4[(t2 ) & 0xff]) ^ - rk[1]; - PUTU32(out + 4, s1); - s2 = - ((u32)Td4[(t2 >> 24) ] << 24) ^ - ((u32)Td4[(t1 >> 16) & 0xff] << 16) ^ - ((u32)Td4[(t0 >> 8) & 0xff] << 8) ^ - ((u32)Td4[(t3 ) & 0xff]) ^ - rk[2]; - PUTU32(out + 8, s2); - s3 = - ((u32)Td4[(t3 >> 24) ] << 24) ^ - ((u32)Td4[(t2 >> 16) & 0xff] << 16) ^ - ((u32)Td4[(t1 >> 8) & 0xff] << 8) ^ - ((u32)Td4[(t0 ) & 0xff]) ^ - rk[3]; - PUTU32(out + 12, s3); -} - -#else /* AES_ASM */ - -static const u8 Te4[256] = { - 0x63U, 0x7cU, 0x77U, 0x7bU, 0xf2U, 0x6bU, 0x6fU, 0xc5U, - 0x30U, 0x01U, 0x67U, 0x2bU, 0xfeU, 0xd7U, 0xabU, 0x76U, - 0xcaU, 0x82U, 0xc9U, 0x7dU, 0xfaU, 0x59U, 0x47U, 0xf0U, - 0xadU, 0xd4U, 0xa2U, 0xafU, 0x9cU, 0xa4U, 0x72U, 0xc0U, - 0xb7U, 0xfdU, 0x93U, 0x26U, 0x36U, 0x3fU, 0xf7U, 0xccU, - 0x34U, 0xa5U, 0xe5U, 0xf1U, 0x71U, 0xd8U, 0x31U, 0x15U, - 0x04U, 0xc7U, 0x23U, 0xc3U, 0x18U, 0x96U, 0x05U, 0x9aU, - 0x07U, 0x12U, 0x80U, 0xe2U, 0xebU, 0x27U, 0xb2U, 0x75U, - 0x09U, 0x83U, 0x2cU, 0x1aU, 0x1bU, 0x6eU, 0x5aU, 0xa0U, - 0x52U, 0x3bU, 0xd6U, 0xb3U, 0x29U, 0xe3U, 0x2fU, 0x84U, - 0x53U, 0xd1U, 0x00U, 0xedU, 0x20U, 0xfcU, 0xb1U, 0x5bU, - 0x6aU, 0xcbU, 0xbeU, 0x39U, 0x4aU, 0x4cU, 0x58U, 0xcfU, - 0xd0U, 0xefU, 0xaaU, 0xfbU, 0x43U, 0x4dU, 0x33U, 0x85U, - 0x45U, 0xf9U, 0x02U, 0x7fU, 0x50U, 0x3cU, 0x9fU, 0xa8U, - 0x51U, 0xa3U, 0x40U, 0x8fU, 0x92U, 0x9dU, 0x38U, 0xf5U, - 0xbcU, 0xb6U, 0xdaU, 0x21U, 0x10U, 0xffU, 0xf3U, 0xd2U, - 0xcdU, 0x0cU, 0x13U, 0xecU, 0x5fU, 0x97U, 0x44U, 0x17U, - 0xc4U, 0xa7U, 0x7eU, 0x3dU, 0x64U, 0x5dU, 0x19U, 0x73U, - 0x60U, 0x81U, 0x4fU, 0xdcU, 0x22U, 0x2aU, 0x90U, 0x88U, - 0x46U, 0xeeU, 0xb8U, 0x14U, 0xdeU, 0x5eU, 0x0bU, 0xdbU, - 0xe0U, 0x32U, 0x3aU, 0x0aU, 0x49U, 0x06U, 0x24U, 0x5cU, - 0xc2U, 0xd3U, 0xacU, 0x62U, 0x91U, 0x95U, 0xe4U, 0x79U, - 0xe7U, 0xc8U, 0x37U, 0x6dU, 0x8dU, 0xd5U, 0x4eU, 0xa9U, - 0x6cU, 0x56U, 0xf4U, 0xeaU, 0x65U, 0x7aU, 0xaeU, 0x08U, - 0xbaU, 0x78U, 0x25U, 0x2eU, 0x1cU, 0xa6U, 0xb4U, 0xc6U, - 0xe8U, 0xddU, 0x74U, 0x1fU, 0x4bU, 0xbdU, 0x8bU, 0x8aU, - 0x70U, 0x3eU, 0xb5U, 0x66U, 0x48U, 0x03U, 0xf6U, 0x0eU, - 0x61U, 0x35U, 0x57U, 0xb9U, 0x86U, 0xc1U, 0x1dU, 0x9eU, - 0xe1U, 0xf8U, 0x98U, 0x11U, 0x69U, 0xd9U, 0x8eU, 0x94U, - 0x9bU, 0x1eU, 0x87U, 0xe9U, 0xceU, 0x55U, 0x28U, 0xdfU, - 0x8cU, 0xa1U, 0x89U, 0x0dU, 0xbfU, 0xe6U, 0x42U, 0x68U, - 0x41U, 0x99U, 0x2dU, 0x0fU, 0xb0U, 0x54U, 0xbbU, 0x16U -}; -static const u32 rcon[] = { - 0x01000000, 0x02000000, 0x04000000, 0x08000000, - 0x10000000, 0x20000000, 0x40000000, 0x80000000, - 0x1B000000, 0x36000000, /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */ -}; - -/** - * Expand the cipher key into the encryption key schedule. - */ -int AES_set_encrypt_key(const unsigned char *userKey, const int bits, - AES_KEY *key) -{ - u32 *rk; - int i = 0; - u32 temp; - - if (!userKey || !key) - return -1; - if (bits != 128 && bits != 192 && bits != 256) - return -2; - - rk = key->rd_key; - - if (bits == 128) - key->rounds = 10; - else if (bits == 192) - key->rounds = 12; - else - key->rounds = 14; - - rk[0] = GETU32(userKey ); - rk[1] = GETU32(userKey + 4); - rk[2] = GETU32(userKey + 8); - rk[3] = GETU32(userKey + 12); - if (bits == 128) { - while (1) { - temp = rk[3]; - rk[4] = rk[0] ^ - ((u32)Te4[(temp >> 16) & 0xff] << 24) ^ - ((u32)Te4[(temp >> 8) & 0xff] << 16) ^ - ((u32)Te4[(temp ) & 0xff] << 8) ^ - ((u32)Te4[(temp >> 24) ]) ^ - rcon[i]; - rk[5] = rk[1] ^ rk[4]; - rk[6] = rk[2] ^ rk[5]; - rk[7] = rk[3] ^ rk[6]; - if (++i == 10) { - return 0; - } - rk += 4; - } - } - rk[4] = GETU32(userKey + 16); - rk[5] = GETU32(userKey + 20); - if (bits == 192) { - while (1) { - temp = rk[ 5]; - rk[ 6] = rk[ 0] ^ - ((u32)Te4[(temp >> 16) & 0xff] << 24) ^ - ((u32)Te4[(temp >> 8) & 0xff] << 16) ^ - ((u32)Te4[(temp ) & 0xff] << 8) ^ - ((u32)Te4[(temp >> 24) ]) ^ - rcon[i]; - rk[ 7] = rk[ 1] ^ rk[ 6]; - rk[ 8] = rk[ 2] ^ rk[ 7]; - rk[ 9] = rk[ 3] ^ rk[ 8]; - if (++i == 8) { - return 0; - } - rk[10] = rk[ 4] ^ rk[ 9]; - rk[11] = rk[ 5] ^ rk[10]; - rk += 6; - } - } - rk[6] = GETU32(userKey + 24); - rk[7] = GETU32(userKey + 28); - if (bits == 256) { - while (1) { - temp = rk[ 7]; - rk[ 8] = rk[ 0] ^ - ((u32)Te4[(temp >> 16) & 0xff] << 24) ^ - ((u32)Te4[(temp >> 8) & 0xff] << 16) ^ - ((u32)Te4[(temp ) & 0xff] << 8) ^ - ((u32)Te4[(temp >> 24) ]) ^ - rcon[i]; - rk[ 9] = rk[ 1] ^ rk[ 8]; - rk[10] = rk[ 2] ^ rk[ 9]; - rk[11] = rk[ 3] ^ rk[10]; - if (++i == 7) { - return 0; - } - temp = rk[11]; - rk[12] = rk[ 4] ^ - ((u32)Te4[(temp >> 24) ] << 24) ^ - ((u32)Te4[(temp >> 16) & 0xff] << 16) ^ - ((u32)Te4[(temp >> 8) & 0xff] << 8) ^ - ((u32)Te4[(temp ) & 0xff]); - rk[13] = rk[ 5] ^ rk[12]; - rk[14] = rk[ 6] ^ rk[13]; - rk[15] = rk[ 7] ^ rk[14]; - - rk += 8; - } - } - return 0; -} - -/** - * Expand the cipher key into the decryption key schedule. - */ -int AES_set_decrypt_key(const unsigned char *userKey, const int bits, - AES_KEY *key) -{ - - u32 *rk; - int i, j, status; - u32 temp; - - /* first, start with an encryption schedule */ - status = AES_set_encrypt_key(userKey, bits, key); - if (status < 0) - return status; - - rk = key->rd_key; - - /* invert the order of the round keys: */ - for (i = 0, j = 4*(key->rounds); i < j; i += 4, j -= 4) { - temp = rk[i ]; rk[i ] = rk[j ]; rk[j ] = temp; - temp = rk[i + 1]; rk[i + 1] = rk[j + 1]; rk[j + 1] = temp; - temp = rk[i + 2]; rk[i + 2] = rk[j + 2]; rk[j + 2] = temp; - temp = rk[i + 3]; rk[i + 3] = rk[j + 3]; rk[j + 3] = temp; - } - /* apply the inverse MixColumn transform to all round keys but the first and the last: */ - for (i = 1; i < (key->rounds); i++) { - rk += 4; - for (j = 0; j < 4; j++) { - u32 tp1, tp2, tp4, tp8, tp9, tpb, tpd, tpe, m; - - tp1 = rk[j]; - m = tp1 & 0x80808080; - tp2 = ((tp1 & 0x7f7f7f7f) << 1) ^ - ((m - (m >> 7)) & 0x1b1b1b1b); - m = tp2 & 0x80808080; - tp4 = ((tp2 & 0x7f7f7f7f) << 1) ^ - ((m - (m >> 7)) & 0x1b1b1b1b); - m = tp4 & 0x80808080; - tp8 = ((tp4 & 0x7f7f7f7f) << 1) ^ - ((m - (m >> 7)) & 0x1b1b1b1b); - tp9 = tp8 ^ tp1; - tpb = tp9 ^ tp2; - tpd = tp9 ^ tp4; - tpe = tp8 ^ tp4 ^ tp2; -#if defined(ROTATE) - rk[j] = tpe ^ ROTATE(tpd,16) ^ - ROTATE(tp9,24) ^ ROTATE(tpb,8); -#else - rk[j] = tpe ^ (tpd >> 16) ^ (tpd << 16) ^ - (tp9 >> 8) ^ (tp9 << 24) ^ - (tpb >> 24) ^ (tpb << 8); -#endif - } - } - return 0; -} - -#endif /* AES_ASM */ diff --git a/crypto/aes/aes_ecb.c b/crypto/aes/aes_ecb.c deleted file mode 100644 index e05afb0449ccf69905d2fe96b4a8e66eabf5ea6d..0000000000000000000000000000000000000000 --- a/crypto/aes/aes_ecb.c +++ /dev/null @@ -1,32 +0,0 @@ -/* - * Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include - -/* - * AES_encrypt/AES_decrypt are deprecated - but we need to use them to implement - * AES_ecb_encrypt - */ -#include "internal/deprecated.h" - -#include -#include "aes_local.h" - -void AES_ecb_encrypt(const unsigned char *in, unsigned char *out, - const AES_KEY *key, const int enc) -{ - - assert(in && out && key); - assert((AES_ENCRYPT == enc) || (AES_DECRYPT == enc)); - - if (AES_ENCRYPT == enc) - AES_encrypt(in, out, key); - else - AES_decrypt(in, out, key); -} diff --git a/crypto/aes/aes_ige.c b/crypto/aes/aes_ige.c deleted file mode 100644 index 72fcba7a0cf15ff767837702adb34145b7094414..0000000000000000000000000000000000000000 --- a/crypto/aes/aes_ige.c +++ /dev/null @@ -1,301 +0,0 @@ -/* - * Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * AES_encrypt/AES_decrypt are deprecated - but we need to use them to implement - * these functions - */ -#include "internal/deprecated.h" - -#include "internal/cryptlib.h" - -#include -#include "aes_local.h" - -/* XXX: probably some better way to do this */ -#if defined(__i386__) || defined(__x86_64__) -# define UNALIGNED_MEMOPS_ARE_FAST 1 -#else -# define UNALIGNED_MEMOPS_ARE_FAST 0 -#endif - -#define N_WORDS (AES_BLOCK_SIZE / sizeof(unsigned long)) -typedef struct { - unsigned long data[N_WORDS]; -#if defined(__GNUC__) && UNALIGNED_MEMOPS_ARE_FAST -} aes_block_t __attribute((__aligned__(1))); -#else -} aes_block_t; -#endif - -#if UNALIGNED_MEMOPS_ARE_FAST -# define load_block(d, s) (d) = *(const aes_block_t *)(s) -# define store_block(d, s) *(aes_block_t *)(d) = (s) -#else -# define load_block(d, s) memcpy((d).data, (s), AES_BLOCK_SIZE) -# define store_block(d, s) memcpy((d), (s).data, AES_BLOCK_SIZE) -#endif - -/* N.B. The IV for this mode is _twice_ the block size */ - -/* Use of this function is deprecated. */ -void AES_ige_encrypt(const unsigned char *in, unsigned char *out, - size_t length, const AES_KEY *key, - unsigned char *ivec, const int enc) -{ - size_t n; - size_t len = length / AES_BLOCK_SIZE; - - if (length == 0) - return; - - OPENSSL_assert(in && out && key && ivec); - OPENSSL_assert((AES_ENCRYPT == enc) || (AES_DECRYPT == enc)); - OPENSSL_assert((length % AES_BLOCK_SIZE) == 0); - - if (AES_ENCRYPT == enc) { - if (in != out && - (UNALIGNED_MEMOPS_ARE_FAST - || ((size_t)in | (size_t)out | (size_t)ivec) % sizeof(long) == - 0)) { - aes_block_t *ivp = (aes_block_t *) ivec; - aes_block_t *iv2p = (aes_block_t *) (ivec + AES_BLOCK_SIZE); - - while (len) { - aes_block_t *inp = (aes_block_t *) in; - aes_block_t *outp = (aes_block_t *) out; - - for (n = 0; n < N_WORDS; ++n) - outp->data[n] = inp->data[n] ^ ivp->data[n]; - AES_encrypt((unsigned char *)outp->data, - (unsigned char *)outp->data, key); - for (n = 0; n < N_WORDS; ++n) - outp->data[n] ^= iv2p->data[n]; - ivp = outp; - iv2p = inp; - --len; - in += AES_BLOCK_SIZE; - out += AES_BLOCK_SIZE; - } - memcpy(ivec, ivp->data, AES_BLOCK_SIZE); - memcpy(ivec + AES_BLOCK_SIZE, iv2p->data, AES_BLOCK_SIZE); - } else { - aes_block_t tmp, tmp2; - aes_block_t iv; - aes_block_t iv2; - - load_block(iv, ivec); - load_block(iv2, ivec + AES_BLOCK_SIZE); - - while (len) { - load_block(tmp, in); - for (n = 0; n < N_WORDS; ++n) - tmp2.data[n] = tmp.data[n] ^ iv.data[n]; - AES_encrypt((unsigned char *)tmp2.data, - (unsigned char *)tmp2.data, key); - for (n = 0; n < N_WORDS; ++n) - tmp2.data[n] ^= iv2.data[n]; - store_block(out, tmp2); - iv = tmp2; - iv2 = tmp; - --len; - in += AES_BLOCK_SIZE; - out += AES_BLOCK_SIZE; - } - memcpy(ivec, iv.data, AES_BLOCK_SIZE); - memcpy(ivec + AES_BLOCK_SIZE, iv2.data, AES_BLOCK_SIZE); - } - } else { - if (in != out && - (UNALIGNED_MEMOPS_ARE_FAST - || ((size_t)in | (size_t)out | (size_t)ivec) % sizeof(long) == - 0)) { - aes_block_t *ivp = (aes_block_t *) ivec; - aes_block_t *iv2p = (aes_block_t *) (ivec + AES_BLOCK_SIZE); - - while (len) { - aes_block_t tmp; - aes_block_t *inp = (aes_block_t *) in; - aes_block_t *outp = (aes_block_t *) out; - - for (n = 0; n < N_WORDS; ++n) - tmp.data[n] = inp->data[n] ^ iv2p->data[n]; - AES_decrypt((unsigned char *)tmp.data, - (unsigned char *)outp->data, key); - for (n = 0; n < N_WORDS; ++n) - outp->data[n] ^= ivp->data[n]; - ivp = inp; - iv2p = outp; - --len; - in += AES_BLOCK_SIZE; - out += AES_BLOCK_SIZE; - } - memcpy(ivec, ivp->data, AES_BLOCK_SIZE); - memcpy(ivec + AES_BLOCK_SIZE, iv2p->data, AES_BLOCK_SIZE); - } else { - aes_block_t tmp, tmp2; - aes_block_t iv; - aes_block_t iv2; - - load_block(iv, ivec); - load_block(iv2, ivec + AES_BLOCK_SIZE); - - while (len) { - load_block(tmp, in); - tmp2 = tmp; - for (n = 0; n < N_WORDS; ++n) - tmp.data[n] ^= iv2.data[n]; - AES_decrypt((unsigned char *)tmp.data, - (unsigned char *)tmp.data, key); - for (n = 0; n < N_WORDS; ++n) - tmp.data[n] ^= iv.data[n]; - store_block(out, tmp); - iv = tmp2; - iv2 = tmp; - --len; - in += AES_BLOCK_SIZE; - out += AES_BLOCK_SIZE; - } - memcpy(ivec, iv.data, AES_BLOCK_SIZE); - memcpy(ivec + AES_BLOCK_SIZE, iv2.data, AES_BLOCK_SIZE); - } - } -} - -/* - * Note that its effectively impossible to do biIGE in anything other - * than a single pass, so no provision is made for chaining. - * - * NB: The implementation of AES_bi_ige_encrypt has a bug. It is supposed to use - * 2 AES keys, but in fact only one is ever used. This bug has been present - * since this code was first implemented. It is believed to have minimal - * security impact in practice and has therefore not been fixed for backwards - * compatibility reasons. - * - * Use of this function is deprecated. - */ - -/* N.B. The IV for this mode is _four times_ the block size */ - -void AES_bi_ige_encrypt(const unsigned char *in, unsigned char *out, - size_t length, const AES_KEY *key, - const AES_KEY *key2, const unsigned char *ivec, - const int enc) -{ - size_t n; - size_t len = length; - unsigned char tmp[AES_BLOCK_SIZE]; - unsigned char tmp2[AES_BLOCK_SIZE]; - unsigned char tmp3[AES_BLOCK_SIZE]; - unsigned char prev[AES_BLOCK_SIZE]; - const unsigned char *iv; - const unsigned char *iv2; - - OPENSSL_assert(in && out && key && ivec); - OPENSSL_assert((AES_ENCRYPT == enc) || (AES_DECRYPT == enc)); - OPENSSL_assert((length % AES_BLOCK_SIZE) == 0); - - if (AES_ENCRYPT == enc) { - /* - * XXX: Do a separate case for when in != out (strictly should check - * for overlap, too) - */ - - /* First the forward pass */ - iv = ivec; - iv2 = ivec + AES_BLOCK_SIZE; - while (len >= AES_BLOCK_SIZE) { - for (n = 0; n < AES_BLOCK_SIZE; ++n) - out[n] = in[n] ^ iv[n]; - AES_encrypt(out, out, key); - for (n = 0; n < AES_BLOCK_SIZE; ++n) - out[n] ^= iv2[n]; - iv = out; - memcpy(prev, in, AES_BLOCK_SIZE); - iv2 = prev; - len -= AES_BLOCK_SIZE; - in += AES_BLOCK_SIZE; - out += AES_BLOCK_SIZE; - } - - /* And now backwards */ - iv = ivec + AES_BLOCK_SIZE * 2; - iv2 = ivec + AES_BLOCK_SIZE * 3; - len = length; - while (len >= AES_BLOCK_SIZE) { - out -= AES_BLOCK_SIZE; - /* - * XXX: reduce copies by alternating between buffers - */ - memcpy(tmp, out, AES_BLOCK_SIZE); - for (n = 0; n < AES_BLOCK_SIZE; ++n) - out[n] ^= iv[n]; - /* - * hexdump(stdout, "out ^ iv", out, AES_BLOCK_SIZE); - */ - AES_encrypt(out, out, key); - /* - * hexdump(stdout,"enc", out, AES_BLOCK_SIZE); - */ - /* - * hexdump(stdout,"iv2", iv2, AES_BLOCK_SIZE); - */ - for (n = 0; n < AES_BLOCK_SIZE; ++n) - out[n] ^= iv2[n]; - /* - * hexdump(stdout,"out", out, AES_BLOCK_SIZE); - */ - iv = out; - memcpy(prev, tmp, AES_BLOCK_SIZE); - iv2 = prev; - len -= AES_BLOCK_SIZE; - } - } else { - /* First backwards */ - iv = ivec + AES_BLOCK_SIZE * 2; - iv2 = ivec + AES_BLOCK_SIZE * 3; - in += length; - out += length; - while (len >= AES_BLOCK_SIZE) { - in -= AES_BLOCK_SIZE; - out -= AES_BLOCK_SIZE; - memcpy(tmp, in, AES_BLOCK_SIZE); - memcpy(tmp2, in, AES_BLOCK_SIZE); - for (n = 0; n < AES_BLOCK_SIZE; ++n) - tmp[n] ^= iv2[n]; - AES_decrypt(tmp, out, key); - for (n = 0; n < AES_BLOCK_SIZE; ++n) - out[n] ^= iv[n]; - memcpy(tmp3, tmp2, AES_BLOCK_SIZE); - iv = tmp3; - iv2 = out; - len -= AES_BLOCK_SIZE; - } - - /* And now forwards */ - iv = ivec; - iv2 = ivec + AES_BLOCK_SIZE; - len = length; - while (len >= AES_BLOCK_SIZE) { - memcpy(tmp, out, AES_BLOCK_SIZE); - memcpy(tmp2, out, AES_BLOCK_SIZE); - for (n = 0; n < AES_BLOCK_SIZE; ++n) - tmp[n] ^= iv2[n]; - AES_decrypt(tmp, out, key); - for (n = 0; n < AES_BLOCK_SIZE; ++n) - out[n] ^= iv[n]; - memcpy(tmp3, tmp2, AES_BLOCK_SIZE); - iv = tmp3; - iv2 = out; - len -= AES_BLOCK_SIZE; - in += AES_BLOCK_SIZE; - out += AES_BLOCK_SIZE; - } - } -} diff --git a/crypto/aes/aes_local.h b/crypto/aes/aes_local.h deleted file mode 100644 index 69d17d6cde7bc60a530c88aab5335fbcab0be049..0000000000000000000000000000000000000000 --- a/crypto/aes/aes_local.h +++ /dev/null @@ -1,43 +0,0 @@ -/* - * Copyright 2002-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#ifndef OSSL_CRYPTO_AES_LOCAL_H -# define OSSL_CRYPTO_AES_LOCAL_H - -# include -# include -# include -# include - -# if defined(_MSC_VER) && (defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64)) -# define SWAP(x) (_lrotl(x, 8) & 0x00ff00ff | _lrotr(x, 8) & 0xff00ff00) -# define GETU32(p) SWAP(*((u32 *)(p))) -# define PUTU32(ct, st) { *((u32 *)(ct)) = SWAP((st)); } -# else -# define GETU32(pt) (((u32)(pt)[0] << 24) ^ ((u32)(pt)[1] << 16) ^ ((u32)(pt)[2] << 8) ^ ((u32)(pt)[3])) -# define PUTU32(ct, st) { (ct)[0] = (u8)((st) >> 24); (ct)[1] = (u8)((st) >> 16); (ct)[2] = (u8)((st) >> 8); (ct)[3] = (u8)(st); } -# endif - -typedef uint64_t u64; -# ifdef AES_LONG -typedef unsigned long u32; -# else -typedef unsigned int u32; -# endif -typedef unsigned short u16; -typedef unsigned char u8; - -# define MAXKC (256/32) -# define MAXKB (256/8) -# define MAXNR 14 - -/* This controls loop-unrolling in aes_core.c */ -# undef FULL_UNROLL - -#endif /* !OSSL_CRYPTO_AES_LOCAL_H */ diff --git a/crypto/aes/aes_misc.c b/crypto/aes/aes_misc.c deleted file mode 100644 index 7f39bcf2b35f337edff50b8b9dc07ceb385465fd..0000000000000000000000000000000000000000 --- a/crypto/aes/aes_misc.c +++ /dev/null @@ -1,23 +0,0 @@ -/* - * Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include "aes_local.h" - -#ifndef OPENSSL_NO_DEPRECATED_3_0 -const char *AES_options(void) -{ -# ifdef FULL_UNROLL - return "aes(full)"; -# else - return "aes(partial)"; -# endif -} -#endif diff --git a/crypto/aes/aes_ofb.c b/crypto/aes/aes_ofb.c deleted file mode 100644 index 58e47dc45e7372576884fb91069f0e23939ae943..0000000000000000000000000000000000000000 --- a/crypto/aes/aes_ofb.c +++ /dev/null @@ -1,25 +0,0 @@ -/* - * Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * AES_encrypt is deprecated - but we need to use it to implement - * AES_ofb128_encrypt - */ -#include "internal/deprecated.h" - -#include -#include - -void AES_ofb128_encrypt(const unsigned char *in, unsigned char *out, - size_t length, const AES_KEY *key, - unsigned char *ivec, int *num) -{ - CRYPTO_ofb128_encrypt(in, out, length, key, ivec, num, - (block128_f) AES_encrypt); -} diff --git a/crypto/aes/aes_wrap.c b/crypto/aes/aes_wrap.c deleted file mode 100644 index 2187883aff917a95517dfad4f18ccae039b3e427..0000000000000000000000000000000000000000 --- a/crypto/aes/aes_wrap.c +++ /dev/null @@ -1,33 +0,0 @@ -/* - * Copyright 2008-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * AES_encrypt/AES_decrypt are deprecated - but we need to use them to implement - * these functions - */ -#include "internal/deprecated.h" - -#include "internal/cryptlib.h" -#include -#include - -int AES_wrap_key(AES_KEY *key, const unsigned char *iv, - unsigned char *out, - const unsigned char *in, unsigned int inlen) -{ - return CRYPTO_128_wrap(key, iv, out, in, inlen, (block128_f) AES_encrypt); -} - -int AES_unwrap_key(AES_KEY *key, const unsigned char *iv, - unsigned char *out, - const unsigned char *in, unsigned int inlen) -{ - return CRYPTO_128_unwrap(key, iv, out, in, inlen, - (block128_f) AES_decrypt); -} diff --git a/crypto/aes/aes_x86core.c b/crypto/aes/aes_x86core.c deleted file mode 100644 index da525b6566c4a24792d4c36a43d31d1950106f32..0000000000000000000000000000000000000000 --- a/crypto/aes/aes_x86core.c +++ /dev/null @@ -1,1074 +0,0 @@ -/* - * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * This is experimental x86[_64] derivative. It assumes little-endian - * byte order and expects CPU to sustain unaligned memory references. - * It is used as playground for cache-time attack mitigations and - * serves as reference C implementation for x86[_64] as well as some - * other assembly modules. - */ - -/** - * rijndael-alg-fst.c - * - * @version 3.0 (December 2000) - * - * Optimised ANSI C code for the Rijndael cipher (now AES) - * - * @author Vincent Rijmen - * @author Antoon Bosselaers - * @author Paulo Barreto - * - * This code is hereby placed in the public domain. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS - * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED - * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE - * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR - * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, - * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE - * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, - * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - - -#include - -#include -#include -#include "aes_local.h" - -/* - * These two parameters control which table, 256-byte or 2KB, is - * referenced in outer and respectively inner rounds. - */ -#define AES_COMPACT_IN_OUTER_ROUNDS -#ifdef AES_COMPACT_IN_OUTER_ROUNDS -/* AES_COMPACT_IN_OUTER_ROUNDS costs ~30% in performance, while - * adding AES_COMPACT_IN_INNER_ROUNDS reduces benchmark *further* - * by factor of ~2. */ -# undef AES_COMPACT_IN_INNER_ROUNDS -#endif - -#if 1 -static void prefetch256(const void *table) -{ - volatile unsigned long *t=(void *)table,ret; - unsigned long sum; - int i; - - /* 32 is common least cache-line size */ - for (sum=0,i=0;i<256/sizeof(t[0]);i+=32/sizeof(t[0])) sum ^= t[i]; - - ret = sum; -} -#else -# define prefetch256(t) -#endif - -#undef GETU32 -#define GETU32(p) (*((u32*)(p))) - -#if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__) -typedef unsigned __int64 u64; -#define U64(C) C##UI64 -#elif defined(__arch64__) -typedef unsigned long u64; -#define U64(C) C##UL -#else -typedef unsigned long long u64; -#define U64(C) C##ULL -#endif - -#undef ROTATE -#if defined(_MSC_VER) -# define ROTATE(a,n) _lrotl(a,n) -#elif defined(__ICC) -# define ROTATE(a,n) _rotl(a,n) -#elif defined(__GNUC__) && __GNUC__>=2 -# if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__) -# define ROTATE(a,n) ({ register unsigned int ret; \ - asm ( \ - "roll %1,%0" \ - : "=r"(ret) \ - : "I"(n), "0"(a) \ - : "cc"); \ - ret; \ - }) -# endif -#endif -/*- -Te [x] = S [x].[02, 01, 01, 03, 02, 01, 01, 03]; -Te0[x] = S [x].[02, 01, 01, 03]; -Te1[x] = S [x].[03, 02, 01, 01]; -Te2[x] = S [x].[01, 03, 02, 01]; -Te3[x] = S [x].[01, 01, 03, 02]; -*/ -#define Te0 (u32)((u64*)((u8*)Te+0)) -#define Te1 (u32)((u64*)((u8*)Te+3)) -#define Te2 (u32)((u64*)((u8*)Te+2)) -#define Te3 (u32)((u64*)((u8*)Te+1)) -/*- -Td [x] = Si[x].[0e, 09, 0d, 0b, 0e, 09, 0d, 0b]; -Td0[x] = Si[x].[0e, 09, 0d, 0b]; -Td1[x] = Si[x].[0b, 0e, 09, 0d]; -Td2[x] = Si[x].[0d, 0b, 0e, 09]; -Td3[x] = Si[x].[09, 0d, 0b, 0e]; -Td4[x] = Si[x].[01]; -*/ -#define Td0 (u32)((u64*)((u8*)Td+0)) -#define Td1 (u32)((u64*)((u8*)Td+3)) -#define Td2 (u32)((u64*)((u8*)Td+2)) -#define Td3 (u32)((u64*)((u8*)Td+1)) - -static const u64 Te[256] = { - U64(0xa56363c6a56363c6), U64(0x847c7cf8847c7cf8), - U64(0x997777ee997777ee), U64(0x8d7b7bf68d7b7bf6), - U64(0x0df2f2ff0df2f2ff), U64(0xbd6b6bd6bd6b6bd6), - U64(0xb16f6fdeb16f6fde), U64(0x54c5c59154c5c591), - U64(0x5030306050303060), U64(0x0301010203010102), - U64(0xa96767cea96767ce), U64(0x7d2b2b567d2b2b56), - U64(0x19fefee719fefee7), U64(0x62d7d7b562d7d7b5), - U64(0xe6abab4de6abab4d), U64(0x9a7676ec9a7676ec), - U64(0x45caca8f45caca8f), U64(0x9d82821f9d82821f), - U64(0x40c9c98940c9c989), U64(0x877d7dfa877d7dfa), - U64(0x15fafaef15fafaef), U64(0xeb5959b2eb5959b2), - U64(0xc947478ec947478e), U64(0x0bf0f0fb0bf0f0fb), - U64(0xecadad41ecadad41), U64(0x67d4d4b367d4d4b3), - U64(0xfda2a25ffda2a25f), U64(0xeaafaf45eaafaf45), - U64(0xbf9c9c23bf9c9c23), U64(0xf7a4a453f7a4a453), - U64(0x967272e4967272e4), U64(0x5bc0c09b5bc0c09b), - U64(0xc2b7b775c2b7b775), U64(0x1cfdfde11cfdfde1), - U64(0xae93933dae93933d), U64(0x6a26264c6a26264c), - U64(0x5a36366c5a36366c), U64(0x413f3f7e413f3f7e), - U64(0x02f7f7f502f7f7f5), U64(0x4fcccc834fcccc83), - U64(0x5c3434685c343468), U64(0xf4a5a551f4a5a551), - U64(0x34e5e5d134e5e5d1), U64(0x08f1f1f908f1f1f9), - U64(0x937171e2937171e2), U64(0x73d8d8ab73d8d8ab), - U64(0x5331316253313162), U64(0x3f15152a3f15152a), - U64(0x0c0404080c040408), U64(0x52c7c79552c7c795), - U64(0x6523234665232346), U64(0x5ec3c39d5ec3c39d), - U64(0x2818183028181830), U64(0xa1969637a1969637), - U64(0x0f05050a0f05050a), U64(0xb59a9a2fb59a9a2f), - U64(0x0907070e0907070e), U64(0x3612122436121224), - U64(0x9b80801b9b80801b), U64(0x3de2e2df3de2e2df), - U64(0x26ebebcd26ebebcd), U64(0x6927274e6927274e), - U64(0xcdb2b27fcdb2b27f), U64(0x9f7575ea9f7575ea), - U64(0x1b0909121b090912), U64(0x9e83831d9e83831d), - U64(0x742c2c58742c2c58), U64(0x2e1a1a342e1a1a34), - U64(0x2d1b1b362d1b1b36), U64(0xb26e6edcb26e6edc), - U64(0xee5a5ab4ee5a5ab4), U64(0xfba0a05bfba0a05b), - U64(0xf65252a4f65252a4), U64(0x4d3b3b764d3b3b76), - U64(0x61d6d6b761d6d6b7), U64(0xceb3b37dceb3b37d), - U64(0x7b2929527b292952), U64(0x3ee3e3dd3ee3e3dd), - U64(0x712f2f5e712f2f5e), U64(0x9784841397848413), - U64(0xf55353a6f55353a6), U64(0x68d1d1b968d1d1b9), - U64(0x0000000000000000), U64(0x2cededc12cededc1), - U64(0x6020204060202040), U64(0x1ffcfce31ffcfce3), - U64(0xc8b1b179c8b1b179), U64(0xed5b5bb6ed5b5bb6), - U64(0xbe6a6ad4be6a6ad4), U64(0x46cbcb8d46cbcb8d), - U64(0xd9bebe67d9bebe67), U64(0x4b3939724b393972), - U64(0xde4a4a94de4a4a94), U64(0xd44c4c98d44c4c98), - U64(0xe85858b0e85858b0), U64(0x4acfcf854acfcf85), - U64(0x6bd0d0bb6bd0d0bb), U64(0x2aefefc52aefefc5), - U64(0xe5aaaa4fe5aaaa4f), U64(0x16fbfbed16fbfbed), - U64(0xc5434386c5434386), U64(0xd74d4d9ad74d4d9a), - U64(0x5533336655333366), U64(0x9485851194858511), - U64(0xcf45458acf45458a), U64(0x10f9f9e910f9f9e9), - U64(0x0602020406020204), U64(0x817f7ffe817f7ffe), - U64(0xf05050a0f05050a0), U64(0x443c3c78443c3c78), - U64(0xba9f9f25ba9f9f25), U64(0xe3a8a84be3a8a84b), - U64(0xf35151a2f35151a2), U64(0xfea3a35dfea3a35d), - U64(0xc0404080c0404080), U64(0x8a8f8f058a8f8f05), - U64(0xad92923fad92923f), U64(0xbc9d9d21bc9d9d21), - U64(0x4838387048383870), U64(0x04f5f5f104f5f5f1), - U64(0xdfbcbc63dfbcbc63), U64(0xc1b6b677c1b6b677), - U64(0x75dadaaf75dadaaf), U64(0x6321214263212142), - U64(0x3010102030101020), U64(0x1affffe51affffe5), - U64(0x0ef3f3fd0ef3f3fd), U64(0x6dd2d2bf6dd2d2bf), - U64(0x4ccdcd814ccdcd81), U64(0x140c0c18140c0c18), - U64(0x3513132635131326), U64(0x2fececc32fececc3), - U64(0xe15f5fbee15f5fbe), U64(0xa2979735a2979735), - U64(0xcc444488cc444488), U64(0x3917172e3917172e), - U64(0x57c4c49357c4c493), U64(0xf2a7a755f2a7a755), - U64(0x827e7efc827e7efc), U64(0x473d3d7a473d3d7a), - U64(0xac6464c8ac6464c8), U64(0xe75d5dbae75d5dba), - U64(0x2b1919322b191932), U64(0x957373e6957373e6), - U64(0xa06060c0a06060c0), U64(0x9881811998818119), - U64(0xd14f4f9ed14f4f9e), U64(0x7fdcdca37fdcdca3), - U64(0x6622224466222244), U64(0x7e2a2a547e2a2a54), - U64(0xab90903bab90903b), U64(0x8388880b8388880b), - U64(0xca46468cca46468c), U64(0x29eeeec729eeeec7), - U64(0xd3b8b86bd3b8b86b), U64(0x3c1414283c141428), - U64(0x79dedea779dedea7), U64(0xe25e5ebce25e5ebc), - U64(0x1d0b0b161d0b0b16), U64(0x76dbdbad76dbdbad), - U64(0x3be0e0db3be0e0db), U64(0x5632326456323264), - U64(0x4e3a3a744e3a3a74), U64(0x1e0a0a141e0a0a14), - U64(0xdb494992db494992), U64(0x0a06060c0a06060c), - U64(0x6c2424486c242448), U64(0xe45c5cb8e45c5cb8), - U64(0x5dc2c29f5dc2c29f), U64(0x6ed3d3bd6ed3d3bd), - U64(0xefacac43efacac43), U64(0xa66262c4a66262c4), - U64(0xa8919139a8919139), U64(0xa4959531a4959531), - U64(0x37e4e4d337e4e4d3), U64(0x8b7979f28b7979f2), - U64(0x32e7e7d532e7e7d5), U64(0x43c8c88b43c8c88b), - U64(0x5937376e5937376e), U64(0xb76d6ddab76d6dda), - U64(0x8c8d8d018c8d8d01), U64(0x64d5d5b164d5d5b1), - U64(0xd24e4e9cd24e4e9c), U64(0xe0a9a949e0a9a949), - U64(0xb46c6cd8b46c6cd8), U64(0xfa5656acfa5656ac), - U64(0x07f4f4f307f4f4f3), U64(0x25eaeacf25eaeacf), - U64(0xaf6565caaf6565ca), U64(0x8e7a7af48e7a7af4), - U64(0xe9aeae47e9aeae47), U64(0x1808081018080810), - U64(0xd5baba6fd5baba6f), U64(0x887878f0887878f0), - U64(0x6f25254a6f25254a), U64(0x722e2e5c722e2e5c), - U64(0x241c1c38241c1c38), U64(0xf1a6a657f1a6a657), - U64(0xc7b4b473c7b4b473), U64(0x51c6c69751c6c697), - U64(0x23e8e8cb23e8e8cb), U64(0x7cdddda17cdddda1), - U64(0x9c7474e89c7474e8), U64(0x211f1f3e211f1f3e), - U64(0xdd4b4b96dd4b4b96), U64(0xdcbdbd61dcbdbd61), - U64(0x868b8b0d868b8b0d), U64(0x858a8a0f858a8a0f), - U64(0x907070e0907070e0), U64(0x423e3e7c423e3e7c), - U64(0xc4b5b571c4b5b571), U64(0xaa6666ccaa6666cc), - U64(0xd8484890d8484890), U64(0x0503030605030306), - U64(0x01f6f6f701f6f6f7), U64(0x120e0e1c120e0e1c), - U64(0xa36161c2a36161c2), U64(0x5f35356a5f35356a), - U64(0xf95757aef95757ae), U64(0xd0b9b969d0b9b969), - U64(0x9186861791868617), U64(0x58c1c19958c1c199), - U64(0x271d1d3a271d1d3a), U64(0xb99e9e27b99e9e27), - U64(0x38e1e1d938e1e1d9), U64(0x13f8f8eb13f8f8eb), - U64(0xb398982bb398982b), U64(0x3311112233111122), - U64(0xbb6969d2bb6969d2), U64(0x70d9d9a970d9d9a9), - U64(0x898e8e07898e8e07), U64(0xa7949433a7949433), - U64(0xb69b9b2db69b9b2d), U64(0x221e1e3c221e1e3c), - U64(0x9287871592878715), U64(0x20e9e9c920e9e9c9), - U64(0x49cece8749cece87), U64(0xff5555aaff5555aa), - U64(0x7828285078282850), U64(0x7adfdfa57adfdfa5), - U64(0x8f8c8c038f8c8c03), U64(0xf8a1a159f8a1a159), - U64(0x8089890980898909), U64(0x170d0d1a170d0d1a), - U64(0xdabfbf65dabfbf65), U64(0x31e6e6d731e6e6d7), - U64(0xc6424284c6424284), U64(0xb86868d0b86868d0), - U64(0xc3414182c3414182), U64(0xb0999929b0999929), - U64(0x772d2d5a772d2d5a), U64(0x110f0f1e110f0f1e), - U64(0xcbb0b07bcbb0b07b), U64(0xfc5454a8fc5454a8), - U64(0xd6bbbb6dd6bbbb6d), U64(0x3a16162c3a16162c) -}; - -static const u8 Te4[256] = { - 0x63U, 0x7cU, 0x77U, 0x7bU, 0xf2U, 0x6bU, 0x6fU, 0xc5U, - 0x30U, 0x01U, 0x67U, 0x2bU, 0xfeU, 0xd7U, 0xabU, 0x76U, - 0xcaU, 0x82U, 0xc9U, 0x7dU, 0xfaU, 0x59U, 0x47U, 0xf0U, - 0xadU, 0xd4U, 0xa2U, 0xafU, 0x9cU, 0xa4U, 0x72U, 0xc0U, - 0xb7U, 0xfdU, 0x93U, 0x26U, 0x36U, 0x3fU, 0xf7U, 0xccU, - 0x34U, 0xa5U, 0xe5U, 0xf1U, 0x71U, 0xd8U, 0x31U, 0x15U, - 0x04U, 0xc7U, 0x23U, 0xc3U, 0x18U, 0x96U, 0x05U, 0x9aU, - 0x07U, 0x12U, 0x80U, 0xe2U, 0xebU, 0x27U, 0xb2U, 0x75U, - 0x09U, 0x83U, 0x2cU, 0x1aU, 0x1bU, 0x6eU, 0x5aU, 0xa0U, - 0x52U, 0x3bU, 0xd6U, 0xb3U, 0x29U, 0xe3U, 0x2fU, 0x84U, - 0x53U, 0xd1U, 0x00U, 0xedU, 0x20U, 0xfcU, 0xb1U, 0x5bU, - 0x6aU, 0xcbU, 0xbeU, 0x39U, 0x4aU, 0x4cU, 0x58U, 0xcfU, - 0xd0U, 0xefU, 0xaaU, 0xfbU, 0x43U, 0x4dU, 0x33U, 0x85U, - 0x45U, 0xf9U, 0x02U, 0x7fU, 0x50U, 0x3cU, 0x9fU, 0xa8U, - 0x51U, 0xa3U, 0x40U, 0x8fU, 0x92U, 0x9dU, 0x38U, 0xf5U, - 0xbcU, 0xb6U, 0xdaU, 0x21U, 0x10U, 0xffU, 0xf3U, 0xd2U, - 0xcdU, 0x0cU, 0x13U, 0xecU, 0x5fU, 0x97U, 0x44U, 0x17U, - 0xc4U, 0xa7U, 0x7eU, 0x3dU, 0x64U, 0x5dU, 0x19U, 0x73U, - 0x60U, 0x81U, 0x4fU, 0xdcU, 0x22U, 0x2aU, 0x90U, 0x88U, - 0x46U, 0xeeU, 0xb8U, 0x14U, 0xdeU, 0x5eU, 0x0bU, 0xdbU, - 0xe0U, 0x32U, 0x3aU, 0x0aU, 0x49U, 0x06U, 0x24U, 0x5cU, - 0xc2U, 0xd3U, 0xacU, 0x62U, 0x91U, 0x95U, 0xe4U, 0x79U, - 0xe7U, 0xc8U, 0x37U, 0x6dU, 0x8dU, 0xd5U, 0x4eU, 0xa9U, - 0x6cU, 0x56U, 0xf4U, 0xeaU, 0x65U, 0x7aU, 0xaeU, 0x08U, - 0xbaU, 0x78U, 0x25U, 0x2eU, 0x1cU, 0xa6U, 0xb4U, 0xc6U, - 0xe8U, 0xddU, 0x74U, 0x1fU, 0x4bU, 0xbdU, 0x8bU, 0x8aU, - 0x70U, 0x3eU, 0xb5U, 0x66U, 0x48U, 0x03U, 0xf6U, 0x0eU, - 0x61U, 0x35U, 0x57U, 0xb9U, 0x86U, 0xc1U, 0x1dU, 0x9eU, - 0xe1U, 0xf8U, 0x98U, 0x11U, 0x69U, 0xd9U, 0x8eU, 0x94U, - 0x9bU, 0x1eU, 0x87U, 0xe9U, 0xceU, 0x55U, 0x28U, 0xdfU, - 0x8cU, 0xa1U, 0x89U, 0x0dU, 0xbfU, 0xe6U, 0x42U, 0x68U, - 0x41U, 0x99U, 0x2dU, 0x0fU, 0xb0U, 0x54U, 0xbbU, 0x16U -}; - -static const u64 Td[256] = { - U64(0x50a7f45150a7f451), U64(0x5365417e5365417e), - U64(0xc3a4171ac3a4171a), U64(0x965e273a965e273a), - U64(0xcb6bab3bcb6bab3b), U64(0xf1459d1ff1459d1f), - U64(0xab58faacab58faac), U64(0x9303e34b9303e34b), - U64(0x55fa302055fa3020), U64(0xf66d76adf66d76ad), - U64(0x9176cc889176cc88), U64(0x254c02f5254c02f5), - U64(0xfcd7e54ffcd7e54f), U64(0xd7cb2ac5d7cb2ac5), - U64(0x8044352680443526), U64(0x8fa362b58fa362b5), - U64(0x495ab1de495ab1de), U64(0x671bba25671bba25), - U64(0x980eea45980eea45), U64(0xe1c0fe5de1c0fe5d), - U64(0x02752fc302752fc3), U64(0x12f04c8112f04c81), - U64(0xa397468da397468d), U64(0xc6f9d36bc6f9d36b), - U64(0xe75f8f03e75f8f03), U64(0x959c9215959c9215), - U64(0xeb7a6dbfeb7a6dbf), U64(0xda595295da595295), - U64(0x2d83bed42d83bed4), U64(0xd3217458d3217458), - U64(0x2969e0492969e049), U64(0x44c8c98e44c8c98e), - U64(0x6a89c2756a89c275), U64(0x78798ef478798ef4), - U64(0x6b3e58996b3e5899), U64(0xdd71b927dd71b927), - U64(0xb64fe1beb64fe1be), U64(0x17ad88f017ad88f0), - U64(0x66ac20c966ac20c9), U64(0xb43ace7db43ace7d), - U64(0x184adf63184adf63), U64(0x82311ae582311ae5), - U64(0x6033519760335197), U64(0x457f5362457f5362), - U64(0xe07764b1e07764b1), U64(0x84ae6bbb84ae6bbb), - U64(0x1ca081fe1ca081fe), U64(0x942b08f9942b08f9), - U64(0x5868487058684870), U64(0x19fd458f19fd458f), - U64(0x876cde94876cde94), U64(0xb7f87b52b7f87b52), - U64(0x23d373ab23d373ab), U64(0xe2024b72e2024b72), - U64(0x578f1fe3578f1fe3), U64(0x2aab55662aab5566), - U64(0x0728ebb20728ebb2), U64(0x03c2b52f03c2b52f), - U64(0x9a7bc5869a7bc586), U64(0xa50837d3a50837d3), - U64(0xf2872830f2872830), U64(0xb2a5bf23b2a5bf23), - U64(0xba6a0302ba6a0302), U64(0x5c8216ed5c8216ed), - U64(0x2b1ccf8a2b1ccf8a), U64(0x92b479a792b479a7), - U64(0xf0f207f3f0f207f3), U64(0xa1e2694ea1e2694e), - U64(0xcdf4da65cdf4da65), U64(0xd5be0506d5be0506), - U64(0x1f6234d11f6234d1), U64(0x8afea6c48afea6c4), - U64(0x9d532e349d532e34), U64(0xa055f3a2a055f3a2), - U64(0x32e18a0532e18a05), U64(0x75ebf6a475ebf6a4), - U64(0x39ec830b39ec830b), U64(0xaaef6040aaef6040), - U64(0x069f715e069f715e), U64(0x51106ebd51106ebd), - U64(0xf98a213ef98a213e), U64(0x3d06dd963d06dd96), - U64(0xae053eddae053edd), U64(0x46bde64d46bde64d), - U64(0xb58d5491b58d5491), U64(0x055dc471055dc471), - U64(0x6fd406046fd40604), U64(0xff155060ff155060), - U64(0x24fb981924fb9819), U64(0x97e9bdd697e9bdd6), - U64(0xcc434089cc434089), U64(0x779ed967779ed967), - U64(0xbd42e8b0bd42e8b0), U64(0x888b8907888b8907), - U64(0x385b19e7385b19e7), U64(0xdbeec879dbeec879), - U64(0x470a7ca1470a7ca1), U64(0xe90f427ce90f427c), - U64(0xc91e84f8c91e84f8), U64(0x0000000000000000), - U64(0x8386800983868009), U64(0x48ed2b3248ed2b32), - U64(0xac70111eac70111e), U64(0x4e725a6c4e725a6c), - U64(0xfbff0efdfbff0efd), U64(0x5638850f5638850f), - U64(0x1ed5ae3d1ed5ae3d), U64(0x27392d3627392d36), - U64(0x64d90f0a64d90f0a), U64(0x21a65c6821a65c68), - U64(0xd1545b9bd1545b9b), U64(0x3a2e36243a2e3624), - U64(0xb1670a0cb1670a0c), U64(0x0fe757930fe75793), - U64(0xd296eeb4d296eeb4), U64(0x9e919b1b9e919b1b), - U64(0x4fc5c0804fc5c080), U64(0xa220dc61a220dc61), - U64(0x694b775a694b775a), U64(0x161a121c161a121c), - U64(0x0aba93e20aba93e2), U64(0xe52aa0c0e52aa0c0), - U64(0x43e0223c43e0223c), U64(0x1d171b121d171b12), - U64(0x0b0d090e0b0d090e), U64(0xadc78bf2adc78bf2), - U64(0xb9a8b62db9a8b62d), U64(0xc8a91e14c8a91e14), - U64(0x8519f1578519f157), U64(0x4c0775af4c0775af), - U64(0xbbdd99eebbdd99ee), U64(0xfd607fa3fd607fa3), - U64(0x9f2601f79f2601f7), U64(0xbcf5725cbcf5725c), - U64(0xc53b6644c53b6644), U64(0x347efb5b347efb5b), - U64(0x7629438b7629438b), U64(0xdcc623cbdcc623cb), - U64(0x68fcedb668fcedb6), U64(0x63f1e4b863f1e4b8), - U64(0xcadc31d7cadc31d7), U64(0x1085634210856342), - U64(0x4022971340229713), U64(0x2011c6842011c684), - U64(0x7d244a857d244a85), U64(0xf83dbbd2f83dbbd2), - U64(0x1132f9ae1132f9ae), U64(0x6da129c76da129c7), - U64(0x4b2f9e1d4b2f9e1d), U64(0xf330b2dcf330b2dc), - U64(0xec52860dec52860d), U64(0xd0e3c177d0e3c177), - U64(0x6c16b32b6c16b32b), U64(0x99b970a999b970a9), - U64(0xfa489411fa489411), U64(0x2264e9472264e947), - U64(0xc48cfca8c48cfca8), U64(0x1a3ff0a01a3ff0a0), - U64(0xd82c7d56d82c7d56), U64(0xef903322ef903322), - U64(0xc74e4987c74e4987), U64(0xc1d138d9c1d138d9), - U64(0xfea2ca8cfea2ca8c), U64(0x360bd498360bd498), - U64(0xcf81f5a6cf81f5a6), U64(0x28de7aa528de7aa5), - U64(0x268eb7da268eb7da), U64(0xa4bfad3fa4bfad3f), - U64(0xe49d3a2ce49d3a2c), U64(0x0d9278500d927850), - U64(0x9bcc5f6a9bcc5f6a), U64(0x62467e5462467e54), - U64(0xc2138df6c2138df6), U64(0xe8b8d890e8b8d890), - U64(0x5ef7392e5ef7392e), U64(0xf5afc382f5afc382), - U64(0xbe805d9fbe805d9f), U64(0x7c93d0697c93d069), - U64(0xa92dd56fa92dd56f), U64(0xb31225cfb31225cf), - U64(0x3b99acc83b99acc8), U64(0xa77d1810a77d1810), - U64(0x6e639ce86e639ce8), U64(0x7bbb3bdb7bbb3bdb), - U64(0x097826cd097826cd), U64(0xf418596ef418596e), - U64(0x01b79aec01b79aec), U64(0xa89a4f83a89a4f83), - U64(0x656e95e6656e95e6), U64(0x7ee6ffaa7ee6ffaa), - U64(0x08cfbc2108cfbc21), U64(0xe6e815efe6e815ef), - U64(0xd99be7bad99be7ba), U64(0xce366f4ace366f4a), - U64(0xd4099fead4099fea), U64(0xd67cb029d67cb029), - U64(0xafb2a431afb2a431), U64(0x31233f2a31233f2a), - U64(0x3094a5c63094a5c6), U64(0xc066a235c066a235), - U64(0x37bc4e7437bc4e74), U64(0xa6ca82fca6ca82fc), - U64(0xb0d090e0b0d090e0), U64(0x15d8a73315d8a733), - U64(0x4a9804f14a9804f1), U64(0xf7daec41f7daec41), - U64(0x0e50cd7f0e50cd7f), U64(0x2ff691172ff69117), - U64(0x8dd64d768dd64d76), U64(0x4db0ef434db0ef43), - U64(0x544daacc544daacc), U64(0xdf0496e4df0496e4), - U64(0xe3b5d19ee3b5d19e), U64(0x1b886a4c1b886a4c), - U64(0xb81f2cc1b81f2cc1), U64(0x7f5165467f516546), - U64(0x04ea5e9d04ea5e9d), U64(0x5d358c015d358c01), - U64(0x737487fa737487fa), U64(0x2e410bfb2e410bfb), - U64(0x5a1d67b35a1d67b3), U64(0x52d2db9252d2db92), - U64(0x335610e9335610e9), U64(0x1347d66d1347d66d), - U64(0x8c61d79a8c61d79a), U64(0x7a0ca1377a0ca137), - U64(0x8e14f8598e14f859), U64(0x893c13eb893c13eb), - U64(0xee27a9ceee27a9ce), U64(0x35c961b735c961b7), - U64(0xede51ce1ede51ce1), U64(0x3cb1477a3cb1477a), - U64(0x59dfd29c59dfd29c), U64(0x3f73f2553f73f255), - U64(0x79ce141879ce1418), U64(0xbf37c773bf37c773), - U64(0xeacdf753eacdf753), U64(0x5baafd5f5baafd5f), - U64(0x146f3ddf146f3ddf), U64(0x86db447886db4478), - U64(0x81f3afca81f3afca), U64(0x3ec468b93ec468b9), - U64(0x2c3424382c342438), U64(0x5f40a3c25f40a3c2), - U64(0x72c31d1672c31d16), U64(0x0c25e2bc0c25e2bc), - U64(0x8b493c288b493c28), U64(0x41950dff41950dff), - U64(0x7101a8397101a839), U64(0xdeb30c08deb30c08), - U64(0x9ce4b4d89ce4b4d8), U64(0x90c1566490c15664), - U64(0x6184cb7b6184cb7b), U64(0x70b632d570b632d5), - U64(0x745c6c48745c6c48), U64(0x4257b8d04257b8d0) -}; -static const u8 Td4[256] = { - 0x52U, 0x09U, 0x6aU, 0xd5U, 0x30U, 0x36U, 0xa5U, 0x38U, - 0xbfU, 0x40U, 0xa3U, 0x9eU, 0x81U, 0xf3U, 0xd7U, 0xfbU, - 0x7cU, 0xe3U, 0x39U, 0x82U, 0x9bU, 0x2fU, 0xffU, 0x87U, - 0x34U, 0x8eU, 0x43U, 0x44U, 0xc4U, 0xdeU, 0xe9U, 0xcbU, - 0x54U, 0x7bU, 0x94U, 0x32U, 0xa6U, 0xc2U, 0x23U, 0x3dU, - 0xeeU, 0x4cU, 0x95U, 0x0bU, 0x42U, 0xfaU, 0xc3U, 0x4eU, - 0x08U, 0x2eU, 0xa1U, 0x66U, 0x28U, 0xd9U, 0x24U, 0xb2U, - 0x76U, 0x5bU, 0xa2U, 0x49U, 0x6dU, 0x8bU, 0xd1U, 0x25U, - 0x72U, 0xf8U, 0xf6U, 0x64U, 0x86U, 0x68U, 0x98U, 0x16U, - 0xd4U, 0xa4U, 0x5cU, 0xccU, 0x5dU, 0x65U, 0xb6U, 0x92U, - 0x6cU, 0x70U, 0x48U, 0x50U, 0xfdU, 0xedU, 0xb9U, 0xdaU, - 0x5eU, 0x15U, 0x46U, 0x57U, 0xa7U, 0x8dU, 0x9dU, 0x84U, - 0x90U, 0xd8U, 0xabU, 0x00U, 0x8cU, 0xbcU, 0xd3U, 0x0aU, - 0xf7U, 0xe4U, 0x58U, 0x05U, 0xb8U, 0xb3U, 0x45U, 0x06U, - 0xd0U, 0x2cU, 0x1eU, 0x8fU, 0xcaU, 0x3fU, 0x0fU, 0x02U, - 0xc1U, 0xafU, 0xbdU, 0x03U, 0x01U, 0x13U, 0x8aU, 0x6bU, - 0x3aU, 0x91U, 0x11U, 0x41U, 0x4fU, 0x67U, 0xdcU, 0xeaU, - 0x97U, 0xf2U, 0xcfU, 0xceU, 0xf0U, 0xb4U, 0xe6U, 0x73U, - 0x96U, 0xacU, 0x74U, 0x22U, 0xe7U, 0xadU, 0x35U, 0x85U, - 0xe2U, 0xf9U, 0x37U, 0xe8U, 0x1cU, 0x75U, 0xdfU, 0x6eU, - 0x47U, 0xf1U, 0x1aU, 0x71U, 0x1dU, 0x29U, 0xc5U, 0x89U, - 0x6fU, 0xb7U, 0x62U, 0x0eU, 0xaaU, 0x18U, 0xbeU, 0x1bU, - 0xfcU, 0x56U, 0x3eU, 0x4bU, 0xc6U, 0xd2U, 0x79U, 0x20U, - 0x9aU, 0xdbU, 0xc0U, 0xfeU, 0x78U, 0xcdU, 0x5aU, 0xf4U, - 0x1fU, 0xddU, 0xa8U, 0x33U, 0x88U, 0x07U, 0xc7U, 0x31U, - 0xb1U, 0x12U, 0x10U, 0x59U, 0x27U, 0x80U, 0xecU, 0x5fU, - 0x60U, 0x51U, 0x7fU, 0xa9U, 0x19U, 0xb5U, 0x4aU, 0x0dU, - 0x2dU, 0xe5U, 0x7aU, 0x9fU, 0x93U, 0xc9U, 0x9cU, 0xefU, - 0xa0U, 0xe0U, 0x3bU, 0x4dU, 0xaeU, 0x2aU, 0xf5U, 0xb0U, - 0xc8U, 0xebU, 0xbbU, 0x3cU, 0x83U, 0x53U, 0x99U, 0x61U, - 0x17U, 0x2bU, 0x04U, 0x7eU, 0xbaU, 0x77U, 0xd6U, 0x26U, - 0xe1U, 0x69U, 0x14U, 0x63U, 0x55U, 0x21U, 0x0cU, 0x7dU -}; - -static const u32 rcon[] = { - 0x00000001U, 0x00000002U, 0x00000004U, 0x00000008U, - 0x00000010U, 0x00000020U, 0x00000040U, 0x00000080U, - 0x0000001bU, 0x00000036U, /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */ -}; - -/** - * Expand the cipher key into the encryption key schedule. - */ -int AES_set_encrypt_key(const unsigned char *userKey, const int bits, - AES_KEY *key) -{ - - u32 *rk; - int i = 0; - u32 temp; - - if (!userKey || !key) - return -1; - if (bits != 128 && bits != 192 && bits != 256) - return -2; - - rk = key->rd_key; - - if (bits==128) - key->rounds = 10; - else if (bits==192) - key->rounds = 12; - else - key->rounds = 14; - - rk[0] = GETU32(userKey ); - rk[1] = GETU32(userKey + 4); - rk[2] = GETU32(userKey + 8); - rk[3] = GETU32(userKey + 12); - if (bits == 128) { - while (1) { - temp = rk[3]; - rk[4] = rk[0] ^ - ((u32)Te4[(temp >> 8) & 0xff] ) ^ - ((u32)Te4[(temp >> 16) & 0xff] << 8) ^ - ((u32)Te4[(temp >> 24) ] << 16) ^ - ((u32)Te4[(temp ) & 0xff] << 24) ^ - rcon[i]; - rk[5] = rk[1] ^ rk[4]; - rk[6] = rk[2] ^ rk[5]; - rk[7] = rk[3] ^ rk[6]; - if (++i == 10) { - return 0; - } - rk += 4; - } - } - rk[4] = GETU32(userKey + 16); - rk[5] = GETU32(userKey + 20); - if (bits == 192) { - while (1) { - temp = rk[ 5]; - rk[ 6] = rk[ 0] ^ - ((u32)Te4[(temp >> 8) & 0xff] ) ^ - ((u32)Te4[(temp >> 16) & 0xff] << 8) ^ - ((u32)Te4[(temp >> 24) ] << 16) ^ - ((u32)Te4[(temp ) & 0xff] << 24) ^ - rcon[i]; - rk[ 7] = rk[ 1] ^ rk[ 6]; - rk[ 8] = rk[ 2] ^ rk[ 7]; - rk[ 9] = rk[ 3] ^ rk[ 8]; - if (++i == 8) { - return 0; - } - rk[10] = rk[ 4] ^ rk[ 9]; - rk[11] = rk[ 5] ^ rk[10]; - rk += 6; - } - } - rk[6] = GETU32(userKey + 24); - rk[7] = GETU32(userKey + 28); - if (bits == 256) { - while (1) { - temp = rk[ 7]; - rk[ 8] = rk[ 0] ^ - ((u32)Te4[(temp >> 8) & 0xff] ) ^ - ((u32)Te4[(temp >> 16) & 0xff] << 8) ^ - ((u32)Te4[(temp >> 24) ] << 16) ^ - ((u32)Te4[(temp ) & 0xff] << 24) ^ - rcon[i]; - rk[ 9] = rk[ 1] ^ rk[ 8]; - rk[10] = rk[ 2] ^ rk[ 9]; - rk[11] = rk[ 3] ^ rk[10]; - if (++i == 7) { - return 0; - } - temp = rk[11]; - rk[12] = rk[ 4] ^ - ((u32)Te4[(temp ) & 0xff] ) ^ - ((u32)Te4[(temp >> 8) & 0xff] << 8) ^ - ((u32)Te4[(temp >> 16) & 0xff] << 16) ^ - ((u32)Te4[(temp >> 24) ] << 24); - rk[13] = rk[ 5] ^ rk[12]; - rk[14] = rk[ 6] ^ rk[13]; - rk[15] = rk[ 7] ^ rk[14]; - - rk += 8; - } - } - return 0; -} - -/** - * Expand the cipher key into the decryption key schedule. - */ -int AES_set_decrypt_key(const unsigned char *userKey, const int bits, - AES_KEY *key) -{ - - u32 *rk; - int i, j, status; - u32 temp; - - /* first, start with an encryption schedule */ - status = AES_set_encrypt_key(userKey, bits, key); - if (status < 0) - return status; - - rk = key->rd_key; - - /* invert the order of the round keys: */ - for (i = 0, j = 4*(key->rounds); i < j; i += 4, j -= 4) { - temp = rk[i ]; rk[i ] = rk[j ]; rk[j ] = temp; - temp = rk[i + 1]; rk[i + 1] = rk[j + 1]; rk[j + 1] = temp; - temp = rk[i + 2]; rk[i + 2] = rk[j + 2]; rk[j + 2] = temp; - temp = rk[i + 3]; rk[i + 3] = rk[j + 3]; rk[j + 3] = temp; - } - /* apply the inverse MixColumn transform to all round keys but the first and the last: */ - for (i = 1; i < (key->rounds); i++) { - rk += 4; -#if 1 - for (j = 0; j < 4; j++) { - u32 tp1, tp2, tp4, tp8, tp9, tpb, tpd, tpe, m; - - tp1 = rk[j]; - m = tp1 & 0x80808080; - tp2 = ((tp1 & 0x7f7f7f7f) << 1) ^ - ((m - (m >> 7)) & 0x1b1b1b1b); - m = tp2 & 0x80808080; - tp4 = ((tp2 & 0x7f7f7f7f) << 1) ^ - ((m - (m >> 7)) & 0x1b1b1b1b); - m = tp4 & 0x80808080; - tp8 = ((tp4 & 0x7f7f7f7f) << 1) ^ - ((m - (m >> 7)) & 0x1b1b1b1b); - tp9 = tp8 ^ tp1; - tpb = tp9 ^ tp2; - tpd = tp9 ^ tp4; - tpe = tp8 ^ tp4 ^ tp2; -#if defined(ROTATE) - rk[j] = tpe ^ ROTATE(tpd,16) ^ - ROTATE(tp9,8) ^ ROTATE(tpb,24); -#else - rk[j] = tpe ^ (tpd >> 16) ^ (tpd << 16) ^ - (tp9 >> 24) ^ (tp9 << 8) ^ - (tpb >> 8) ^ (tpb << 24); -#endif - } -#else - rk[0] = - Td0[Te2[(rk[0] ) & 0xff] & 0xff] ^ - Td1[Te2[(rk[0] >> 8) & 0xff] & 0xff] ^ - Td2[Te2[(rk[0] >> 16) & 0xff] & 0xff] ^ - Td3[Te2[(rk[0] >> 24) ] & 0xff]; - rk[1] = - Td0[Te2[(rk[1] ) & 0xff] & 0xff] ^ - Td1[Te2[(rk[1] >> 8) & 0xff] & 0xff] ^ - Td2[Te2[(rk[1] >> 16) & 0xff] & 0xff] ^ - Td3[Te2[(rk[1] >> 24) ] & 0xff]; - rk[2] = - Td0[Te2[(rk[2] ) & 0xff] & 0xff] ^ - Td1[Te2[(rk[2] >> 8) & 0xff] & 0xff] ^ - Td2[Te2[(rk[2] >> 16) & 0xff] & 0xff] ^ - Td3[Te2[(rk[2] >> 24) ] & 0xff]; - rk[3] = - Td0[Te2[(rk[3] ) & 0xff] & 0xff] ^ - Td1[Te2[(rk[3] >> 8) & 0xff] & 0xff] ^ - Td2[Te2[(rk[3] >> 16) & 0xff] & 0xff] ^ - Td3[Te2[(rk[3] >> 24) ] & 0xff]; -#endif - } - return 0; -} - -/* - * Encrypt a single block - * in and out can overlap - */ -void AES_encrypt(const unsigned char *in, unsigned char *out, - const AES_KEY *key) -{ - - const u32 *rk; - u32 s0, s1, s2, s3, t[4]; - int r; - - assert(in && out && key); - rk = key->rd_key; - - /* - * map byte array block to cipher state - * and add initial round key: - */ - s0 = GETU32(in ) ^ rk[0]; - s1 = GETU32(in + 4) ^ rk[1]; - s2 = GETU32(in + 8) ^ rk[2]; - s3 = GETU32(in + 12) ^ rk[3]; - -#if defined(AES_COMPACT_IN_OUTER_ROUNDS) - prefetch256(Te4); - - t[0] = (u32)Te4[(s0 ) & 0xff] ^ - (u32)Te4[(s1 >> 8) & 0xff] << 8 ^ - (u32)Te4[(s2 >> 16) & 0xff] << 16 ^ - (u32)Te4[(s3 >> 24) ] << 24; - t[1] = (u32)Te4[(s1 ) & 0xff] ^ - (u32)Te4[(s2 >> 8) & 0xff] << 8 ^ - (u32)Te4[(s3 >> 16) & 0xff] << 16 ^ - (u32)Te4[(s0 >> 24) ] << 24; - t[2] = (u32)Te4[(s2 ) & 0xff] ^ - (u32)Te4[(s3 >> 8) & 0xff] << 8 ^ - (u32)Te4[(s0 >> 16) & 0xff] << 16 ^ - (u32)Te4[(s1 >> 24) ] << 24; - t[3] = (u32)Te4[(s3 ) & 0xff] ^ - (u32)Te4[(s0 >> 8) & 0xff] << 8 ^ - (u32)Te4[(s1 >> 16) & 0xff] << 16 ^ - (u32)Te4[(s2 >> 24) ] << 24; - - /* now do the linear transform using words */ - { int i; - u32 r0, r1, r2; - - for (i = 0; i < 4; i++) { - r0 = t[i]; - r1 = r0 & 0x80808080; - r2 = ((r0 & 0x7f7f7f7f) << 1) ^ - ((r1 - (r1 >> 7)) & 0x1b1b1b1b); -#if defined(ROTATE) - t[i] = r2 ^ ROTATE(r2,24) ^ ROTATE(r0,24) ^ - ROTATE(r0,16) ^ ROTATE(r0,8); -#else - t[i] = r2 ^ ((r2 ^ r0) << 24) ^ ((r2 ^ r0) >> 8) ^ - (r0 << 16) ^ (r0 >> 16) ^ - (r0 << 8) ^ (r0 >> 24); -#endif - t[i] ^= rk[4+i]; - } - } -#else - t[0] = Te0[(s0 ) & 0xff] ^ - Te1[(s1 >> 8) & 0xff] ^ - Te2[(s2 >> 16) & 0xff] ^ - Te3[(s3 >> 24) ] ^ - rk[4]; - t[1] = Te0[(s1 ) & 0xff] ^ - Te1[(s2 >> 8) & 0xff] ^ - Te2[(s3 >> 16) & 0xff] ^ - Te3[(s0 >> 24) ] ^ - rk[5]; - t[2] = Te0[(s2 ) & 0xff] ^ - Te1[(s3 >> 8) & 0xff] ^ - Te2[(s0 >> 16) & 0xff] ^ - Te3[(s1 >> 24) ] ^ - rk[6]; - t[3] = Te0[(s3 ) & 0xff] ^ - Te1[(s0 >> 8) & 0xff] ^ - Te2[(s1 >> 16) & 0xff] ^ - Te3[(s2 >> 24) ] ^ - rk[7]; -#endif - s0 = t[0]; s1 = t[1]; s2 = t[2]; s3 = t[3]; - - /* - * Nr - 2 full rounds: - */ - for (rk+=8,r=key->rounds-2; r>0; rk+=4,r--) { -#if defined(AES_COMPACT_IN_INNER_ROUNDS) - t[0] = (u32)Te4[(s0 ) & 0xff] ^ - (u32)Te4[(s1 >> 8) & 0xff] << 8 ^ - (u32)Te4[(s2 >> 16) & 0xff] << 16 ^ - (u32)Te4[(s3 >> 24) ] << 24; - t[1] = (u32)Te4[(s1 ) & 0xff] ^ - (u32)Te4[(s2 >> 8) & 0xff] << 8 ^ - (u32)Te4[(s3 >> 16) & 0xff] << 16 ^ - (u32)Te4[(s0 >> 24) ] << 24; - t[2] = (u32)Te4[(s2 ) & 0xff] ^ - (u32)Te4[(s3 >> 8) & 0xff] << 8 ^ - (u32)Te4[(s0 >> 16) & 0xff] << 16 ^ - (u32)Te4[(s1 >> 24) ] << 24; - t[3] = (u32)Te4[(s3 ) & 0xff] ^ - (u32)Te4[(s0 >> 8) & 0xff] << 8 ^ - (u32)Te4[(s1 >> 16) & 0xff] << 16 ^ - (u32)Te4[(s2 >> 24) ] << 24; - - /* now do the linear transform using words */ - { - int i; - u32 r0, r1, r2; - - for (i = 0; i < 4; i++) { - r0 = t[i]; - r1 = r0 & 0x80808080; - r2 = ((r0 & 0x7f7f7f7f) << 1) ^ - ((r1 - (r1 >> 7)) & 0x1b1b1b1b); -#if defined(ROTATE) - t[i] = r2 ^ ROTATE(r2,24) ^ ROTATE(r0,24) ^ - ROTATE(r0,16) ^ ROTATE(r0,8); -#else - t[i] = r2 ^ ((r2 ^ r0) << 24) ^ ((r2 ^ r0) >> 8) ^ - (r0 << 16) ^ (r0 >> 16) ^ - (r0 << 8) ^ (r0 >> 24); -#endif - t[i] ^= rk[i]; - } - } -#else - t[0] = Te0[(s0 ) & 0xff] ^ - Te1[(s1 >> 8) & 0xff] ^ - Te2[(s2 >> 16) & 0xff] ^ - Te3[(s3 >> 24) ] ^ - rk[0]; - t[1] = Te0[(s1 ) & 0xff] ^ - Te1[(s2 >> 8) & 0xff] ^ - Te2[(s3 >> 16) & 0xff] ^ - Te3[(s0 >> 24) ] ^ - rk[1]; - t[2] = Te0[(s2 ) & 0xff] ^ - Te1[(s3 >> 8) & 0xff] ^ - Te2[(s0 >> 16) & 0xff] ^ - Te3[(s1 >> 24) ] ^ - rk[2]; - t[3] = Te0[(s3 ) & 0xff] ^ - Te1[(s0 >> 8) & 0xff] ^ - Te2[(s1 >> 16) & 0xff] ^ - Te3[(s2 >> 24) ] ^ - rk[3]; -#endif - s0 = t[0]; s1 = t[1]; s2 = t[2]; s3 = t[3]; - } - /* - * apply last round and - * map cipher state to byte array block: - */ -#if defined(AES_COMPACT_IN_OUTER_ROUNDS) - prefetch256(Te4); - - *(u32*)(out+0) = - (u32)Te4[(s0 ) & 0xff] ^ - (u32)Te4[(s1 >> 8) & 0xff] << 8 ^ - (u32)Te4[(s2 >> 16) & 0xff] << 16 ^ - (u32)Te4[(s3 >> 24) ] << 24 ^ - rk[0]; - *(u32*)(out+4) = - (u32)Te4[(s1 ) & 0xff] ^ - (u32)Te4[(s2 >> 8) & 0xff] << 8 ^ - (u32)Te4[(s3 >> 16) & 0xff] << 16 ^ - (u32)Te4[(s0 >> 24) ] << 24 ^ - rk[1]; - *(u32*)(out+8) = - (u32)Te4[(s2 ) & 0xff] ^ - (u32)Te4[(s3 >> 8) & 0xff] << 8 ^ - (u32)Te4[(s0 >> 16) & 0xff] << 16 ^ - (u32)Te4[(s1 >> 24) ] << 24 ^ - rk[2]; - *(u32*)(out+12) = - (u32)Te4[(s3 ) & 0xff] ^ - (u32)Te4[(s0 >> 8) & 0xff] << 8 ^ - (u32)Te4[(s1 >> 16) & 0xff] << 16 ^ - (u32)Te4[(s2 >> 24) ] << 24 ^ - rk[3]; -#else - *(u32*)(out+0) = - (Te2[(s0 ) & 0xff] & 0x000000ffU) ^ - (Te3[(s1 >> 8) & 0xff] & 0x0000ff00U) ^ - (Te0[(s2 >> 16) & 0xff] & 0x00ff0000U) ^ - (Te1[(s3 >> 24) ] & 0xff000000U) ^ - rk[0]; - *(u32*)(out+4) = - (Te2[(s1 ) & 0xff] & 0x000000ffU) ^ - (Te3[(s2 >> 8) & 0xff] & 0x0000ff00U) ^ - (Te0[(s3 >> 16) & 0xff] & 0x00ff0000U) ^ - (Te1[(s0 >> 24) ] & 0xff000000U) ^ - rk[1]; - *(u32*)(out+8) = - (Te2[(s2 ) & 0xff] & 0x000000ffU) ^ - (Te3[(s3 >> 8) & 0xff] & 0x0000ff00U) ^ - (Te0[(s0 >> 16) & 0xff] & 0x00ff0000U) ^ - (Te1[(s1 >> 24) ] & 0xff000000U) ^ - rk[2]; - *(u32*)(out+12) = - (Te2[(s3 ) & 0xff] & 0x000000ffU) ^ - (Te3[(s0 >> 8) & 0xff] & 0x0000ff00U) ^ - (Te0[(s1 >> 16) & 0xff] & 0x00ff0000U) ^ - (Te1[(s2 >> 24) ] & 0xff000000U) ^ - rk[3]; -#endif -} - -/* - * Decrypt a single block - * in and out can overlap - */ -void AES_decrypt(const unsigned char *in, unsigned char *out, - const AES_KEY *key) -{ - - const u32 *rk; - u32 s0, s1, s2, s3, t[4]; - int r; - - assert(in && out && key); - rk = key->rd_key; - - /* - * map byte array block to cipher state - * and add initial round key: - */ - s0 = GETU32(in ) ^ rk[0]; - s1 = GETU32(in + 4) ^ rk[1]; - s2 = GETU32(in + 8) ^ rk[2]; - s3 = GETU32(in + 12) ^ rk[3]; - -#if defined(AES_COMPACT_IN_OUTER_ROUNDS) - prefetch256(Td4); - - t[0] = (u32)Td4[(s0 ) & 0xff] ^ - (u32)Td4[(s3 >> 8) & 0xff] << 8 ^ - (u32)Td4[(s2 >> 16) & 0xff] << 16 ^ - (u32)Td4[(s1 >> 24) ] << 24; - t[1] = (u32)Td4[(s1 ) & 0xff] ^ - (u32)Td4[(s0 >> 8) & 0xff] << 8 ^ - (u32)Td4[(s3 >> 16) & 0xff] << 16 ^ - (u32)Td4[(s2 >> 24) ] << 24; - t[2] = (u32)Td4[(s2 ) & 0xff] ^ - (u32)Td4[(s1 >> 8) & 0xff] << 8 ^ - (u32)Td4[(s0 >> 16) & 0xff] << 16 ^ - (u32)Td4[(s3 >> 24) ] << 24; - t[3] = (u32)Td4[(s3 ) & 0xff] ^ - (u32)Td4[(s2 >> 8) & 0xff] << 8 ^ - (u32)Td4[(s1 >> 16) & 0xff] << 16 ^ - (u32)Td4[(s0 >> 24) ] << 24; - - /* now do the linear transform using words */ - { - int i; - u32 tp1, tp2, tp4, tp8, tp9, tpb, tpd, tpe, m; - - for (i = 0; i < 4; i++) { - tp1 = t[i]; - m = tp1 & 0x80808080; - tp2 = ((tp1 & 0x7f7f7f7f) << 1) ^ - ((m - (m >> 7)) & 0x1b1b1b1b); - m = tp2 & 0x80808080; - tp4 = ((tp2 & 0x7f7f7f7f) << 1) ^ - ((m - (m >> 7)) & 0x1b1b1b1b); - m = tp4 & 0x80808080; - tp8 = ((tp4 & 0x7f7f7f7f) << 1) ^ - ((m - (m >> 7)) & 0x1b1b1b1b); - tp9 = tp8 ^ tp1; - tpb = tp9 ^ tp2; - tpd = tp9 ^ tp4; - tpe = tp8 ^ tp4 ^ tp2; -#if defined(ROTATE) - t[i] = tpe ^ ROTATE(tpd,16) ^ - ROTATE(tp9,8) ^ ROTATE(tpb,24); -#else - t[i] = tpe ^ (tpd >> 16) ^ (tpd << 16) ^ - (tp9 >> 24) ^ (tp9 << 8) ^ - (tpb >> 8) ^ (tpb << 24); -#endif - t[i] ^= rk[4+i]; - } - } -#else - t[0] = Td0[(s0 ) & 0xff] ^ - Td1[(s3 >> 8) & 0xff] ^ - Td2[(s2 >> 16) & 0xff] ^ - Td3[(s1 >> 24) ] ^ - rk[4]; - t[1] = Td0[(s1 ) & 0xff] ^ - Td1[(s0 >> 8) & 0xff] ^ - Td2[(s3 >> 16) & 0xff] ^ - Td3[(s2 >> 24) ] ^ - rk[5]; - t[2] = Td0[(s2 ) & 0xff] ^ - Td1[(s1 >> 8) & 0xff] ^ - Td2[(s0 >> 16) & 0xff] ^ - Td3[(s3 >> 24) ] ^ - rk[6]; - t[3] = Td0[(s3 ) & 0xff] ^ - Td1[(s2 >> 8) & 0xff] ^ - Td2[(s1 >> 16) & 0xff] ^ - Td3[(s0 >> 24) ] ^ - rk[7]; -#endif - s0 = t[0]; s1 = t[1]; s2 = t[2]; s3 = t[3]; - - /* - * Nr - 2 full rounds: - */ - for (rk+=8,r=key->rounds-2; r>0; rk+=4,r--) { -#if defined(AES_COMPACT_IN_INNER_ROUNDS) - t[0] = (u32)Td4[(s0 ) & 0xff] ^ - (u32)Td4[(s3 >> 8) & 0xff] << 8 ^ - (u32)Td4[(s2 >> 16) & 0xff] << 16 ^ - (u32)Td4[(s1 >> 24) ] << 24; - t[1] = (u32)Td4[(s1 ) & 0xff] ^ - (u32)Td4[(s0 >> 8) & 0xff] << 8 ^ - (u32)Td4[(s3 >> 16) & 0xff] << 16 ^ - (u32)Td4[(s2 >> 24) ] << 24; - t[2] = (u32)Td4[(s2 ) & 0xff] ^ - (u32)Td4[(s1 >> 8) & 0xff] << 8 ^ - (u32)Td4[(s0 >> 16) & 0xff] << 16 ^ - (u32)Td4[(s3 >> 24) ] << 24; - t[3] = (u32)Td4[(s3 ) & 0xff] ^ - (u32)Td4[(s2 >> 8) & 0xff] << 8 ^ - (u32)Td4[(s1 >> 16) & 0xff] << 16 ^ - (u32)Td4[(s0 >> 24) ] << 24; - - /* now do the linear transform using words */ - { - int i; - u32 tp1, tp2, tp4, tp8, tp9, tpb, tpd, tpe, m; - - for (i = 0; i < 4; i++) { - tp1 = t[i]; - m = tp1 & 0x80808080; - tp2 = ((tp1 & 0x7f7f7f7f) << 1) ^ - ((m - (m >> 7)) & 0x1b1b1b1b); - m = tp2 & 0x80808080; - tp4 = ((tp2 & 0x7f7f7f7f) << 1) ^ - ((m - (m >> 7)) & 0x1b1b1b1b); - m = tp4 & 0x80808080; - tp8 = ((tp4 & 0x7f7f7f7f) << 1) ^ - ((m - (m >> 7)) & 0x1b1b1b1b); - tp9 = tp8 ^ tp1; - tpb = tp9 ^ tp2; - tpd = tp9 ^ tp4; - tpe = tp8 ^ tp4 ^ tp2; -#if defined(ROTATE) - t[i] = tpe ^ ROTATE(tpd,16) ^ - ROTATE(tp9,8) ^ ROTATE(tpb,24); -#else - t[i] = tpe ^ (tpd >> 16) ^ (tpd << 16) ^ - (tp9 >> 24) ^ (tp9 << 8) ^ - (tpb >> 8) ^ (tpb << 24); -#endif - t[i] ^= rk[i]; - } - } -#else - t[0] = Td0[(s0 ) & 0xff] ^ - Td1[(s3 >> 8) & 0xff] ^ - Td2[(s2 >> 16) & 0xff] ^ - Td3[(s1 >> 24) ] ^ - rk[0]; - t[1] = Td0[(s1 ) & 0xff] ^ - Td1[(s0 >> 8) & 0xff] ^ - Td2[(s3 >> 16) & 0xff] ^ - Td3[(s2 >> 24) ] ^ - rk[1]; - t[2] = Td0[(s2 ) & 0xff] ^ - Td1[(s1 >> 8) & 0xff] ^ - Td2[(s0 >> 16) & 0xff] ^ - Td3[(s3 >> 24) ] ^ - rk[2]; - t[3] = Td0[(s3 ) & 0xff] ^ - Td1[(s2 >> 8) & 0xff] ^ - Td2[(s1 >> 16) & 0xff] ^ - Td3[(s0 >> 24) ] ^ - rk[3]; -#endif - s0 = t[0]; s1 = t[1]; s2 = t[2]; s3 = t[3]; - } - /* - * apply last round and - * map cipher state to byte array block: - */ - prefetch256(Td4); - - *(u32*)(out+0) = - ((u32)Td4[(s0 ) & 0xff]) ^ - ((u32)Td4[(s3 >> 8) & 0xff] << 8) ^ - ((u32)Td4[(s2 >> 16) & 0xff] << 16) ^ - ((u32)Td4[(s1 >> 24) ] << 24) ^ - rk[0]; - *(u32*)(out+4) = - ((u32)Td4[(s1 ) & 0xff]) ^ - ((u32)Td4[(s0 >> 8) & 0xff] << 8) ^ - ((u32)Td4[(s3 >> 16) & 0xff] << 16) ^ - ((u32)Td4[(s2 >> 24) ] << 24) ^ - rk[1]; - *(u32*)(out+8) = - ((u32)Td4[(s2 ) & 0xff]) ^ - ((u32)Td4[(s1 >> 8) & 0xff] << 8) ^ - ((u32)Td4[(s0 >> 16) & 0xff] << 16) ^ - ((u32)Td4[(s3 >> 24) ] << 24) ^ - rk[2]; - *(u32*)(out+12) = - ((u32)Td4[(s3 ) & 0xff]) ^ - ((u32)Td4[(s2 >> 8) & 0xff] << 8) ^ - ((u32)Td4[(s1 >> 16) & 0xff] << 16) ^ - ((u32)Td4[(s0 >> 24) ] << 24) ^ - rk[3]; -} diff --git a/crypto/aes/asm/aes-586.pl b/crypto/aes/asm/aes-586.pl deleted file mode 100755 index 7b4f9e1672f2e650eff467a3626b836faae77d7b..0000000000000000000000000000000000000000 --- a/crypto/aes/asm/aes-586.pl +++ /dev/null @@ -1,2998 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2004-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - -# -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# ==================================================================== -# -# Version 4.3. -# -# You might fail to appreciate this module performance from the first -# try. If compared to "vanilla" linux-ia32-icc target, i.e. considered -# to be *the* best Intel C compiler without -KPIC, performance appears -# to be virtually identical... But try to re-configure with shared -# library support... Aha! Intel compiler "suddenly" lags behind by 30% -# [on P4, more on others]:-) And if compared to position-independent -# code generated by GNU C, this code performs *more* than *twice* as -# fast! Yes, all this buzz about PIC means that unlike other hand- -# coded implementations, this one was explicitly designed to be safe -# to use even in shared library context... This also means that this -# code isn't necessarily absolutely fastest "ever," because in order -# to achieve position independence an extra register has to be -# off-loaded to stack, which affects the benchmark result. -# -# Special note about instruction choice. Do you recall RC4_INT code -# performing poorly on P4? It might be the time to figure out why. -# RC4_INT code implies effective address calculations in base+offset*4 -# form. Trouble is that it seems that offset scaling turned to be -# critical path... At least eliminating scaling resulted in 2.8x RC4 -# performance improvement [as you might recall]. As AES code is hungry -# for scaling too, I [try to] avoid the latter by favoring off-by-2 -# shifts and masking the result with 0xFF<<2 instead of "boring" 0xFF. -# -# As was shown by Dean Gaudet, the above note turned out to be -# void. Performance improvement with off-by-2 shifts was observed on -# intermediate implementation, which was spilling yet another register -# to stack... Final offset*4 code below runs just a tad faster on P4, -# but exhibits up to 10% improvement on other cores. -# -# Second version is "monolithic" replacement for aes_core.c, which in -# addition to AES_[de|en]crypt implements AES_set_[de|en]cryption_key. -# This made it possible to implement little-endian variant of the -# algorithm without modifying the base C code. Motivating factor for -# the undertaken effort was that it appeared that in tight IA-32 -# register window little-endian flavor could achieve slightly higher -# Instruction Level Parallelism, and it indeed resulted in up to 15% -# better performance on most recent µ-archs... -# -# Third version adds AES_cbc_encrypt implementation, which resulted in -# up to 40% performance improvement of CBC benchmark results. 40% was -# observed on P4 core, where "overall" improvement coefficient, i.e. if -# compared to PIC generated by GCC and in CBC mode, was observed to be -# as large as 4x:-) CBC performance is virtually identical to ECB now -# and on some platforms even better, e.g. 17.6 "small" cycles/byte on -# Opteron, because certain function prologues and epilogues are -# effectively taken out of the loop... -# -# Version 3.2 implements compressed tables and prefetch of these tables -# in CBC[!] mode. Former means that 3/4 of table references are now -# misaligned, which unfortunately has negative impact on elder IA-32 -# implementations, Pentium suffered 30% penalty, PIII - 10%. -# -# Version 3.3 avoids L1 cache aliasing between stack frame and -# S-boxes, and 3.4 - L1 cache aliasing even between key schedule. The -# latter is achieved by copying the key schedule to controlled place in -# stack. This unfortunately has rather strong impact on small block CBC -# performance, ~2x deterioration on 16-byte block if compared to 3.3. -# -# Version 3.5 checks if there is L1 cache aliasing between user-supplied -# key schedule and S-boxes and abstains from copying the former if -# there is no. This allows end-user to consciously retain small block -# performance by aligning key schedule in specific manner. -# -# Version 3.6 compresses Td4 to 256 bytes and prefetches it in ECB. -# -# Current ECB performance numbers for 128-bit key in CPU cycles per -# processed byte [measure commonly used by AES benchmarkers] are: -# -# small footprint fully unrolled -# P4 24 22 -# AMD K8 20 19 -# PIII 25 23 -# Pentium 81 78 -# -# Version 3.7 reimplements outer rounds as "compact." Meaning that -# first and last rounds reference compact 256 bytes S-box. This means -# that first round consumes a lot more CPU cycles and that encrypt -# and decrypt performance becomes asymmetric. Encrypt performance -# drops by 10-12%, while decrypt - by 20-25%:-( 256 bytes S-box is -# aggressively pre-fetched. -# -# Version 4.0 effectively rolls back to 3.6 and instead implements -# additional set of functions, _[x86|sse]_AES_[en|de]crypt_compact, -# which use exclusively 256 byte S-box. These functions are to be -# called in modes not concealing plain text, such as ECB, or when -# we're asked to process smaller amount of data [or unconditionally -# on hyper-threading CPU]. Currently it's called unconditionally from -# AES_[en|de]crypt, which affects all modes, but CBC. CBC routine -# still needs to be modified to switch between slower and faster -# mode when appropriate... But in either case benchmark landscape -# changes dramatically and below numbers are CPU cycles per processed -# byte for 128-bit key. -# -# ECB encrypt ECB decrypt CBC large chunk -# P4 52[54] 83[95] 23 -# AMD K8 46[41] 66[70] 18 -# PIII 41[50] 60[77] 24 -# Core 2 31[36] 45[64] 18.5 -# Atom 76[100] 96[138] 60 -# Pentium 115 150 77 -# -# Version 4.1 switches to compact S-box even in key schedule setup. -# -# Version 4.2 prefetches compact S-box in every SSE round or in other -# words every cache-line is *guaranteed* to be accessed within ~50 -# cycles window. Why just SSE? Because it's needed on hyper-threading -# CPU! Which is also why it's prefetched with 64 byte stride. Best -# part is that it has no negative effect on performance:-) -# -# Version 4.3 implements switch between compact and non-compact block -# functions in AES_cbc_encrypt depending on how much data was asked -# to be processed in one stroke. -# -###################################################################### -# Timing attacks are classified in two classes: synchronous when -# attacker consciously initiates cryptographic operation and collects -# timing data of various character afterwards, and asynchronous when -# malicious code is executed on same CPU simultaneously with AES, -# instruments itself and performs statistical analysis of this data. -# -# As far as synchronous attacks go the root to the AES timing -# vulnerability is twofold. Firstly, of 256 S-box elements at most 160 -# are referred to in single 128-bit block operation. Well, in C -# implementation with 4 distinct tables it's actually as little as 40 -# references per 256 elements table, but anyway... Secondly, even -# though S-box elements are clustered into smaller amount of cache- -# lines, smaller than 160 and even 40, it turned out that for certain -# plain-text pattern[s] or simply put chosen plain-text and given key -# few cache-lines remain unaccessed during block operation. Now, if -# attacker can figure out this access pattern, he can deduct the key -# [or at least part of it]. The natural way to mitigate this kind of -# attacks is to minimize the amount of cache-lines in S-box and/or -# prefetch them to ensure that every one is accessed for more uniform -# timing. But note that *if* plain-text was concealed in such way that -# input to block function is distributed *uniformly*, then attack -# wouldn't apply. Now note that some encryption modes, most notably -# CBC, do mask the plain-text in this exact way [secure cipher output -# is distributed uniformly]. Yes, one still might find input that -# would reveal the information about given key, but if amount of -# candidate inputs to be tried is larger than amount of possible key -# combinations then attack becomes infeasible. This is why revised -# AES_cbc_encrypt "dares" to switch to larger S-box when larger chunk -# of data is to be processed in one stroke. The current size limit of -# 512 bytes is chosen to provide same [diminishingly low] probability -# for cache-line to remain untouched in large chunk operation with -# large S-box as for single block operation with compact S-box and -# surely needs more careful consideration... -# -# As for asynchronous attacks. There are two flavours: attacker code -# being interleaved with AES on hyper-threading CPU at *instruction* -# level, and two processes time sharing single core. As for latter. -# Two vectors. 1. Given that attacker process has higher priority, -# yield execution to process performing AES just before timer fires -# off the scheduler, immediately regain control of CPU and analyze the -# cache state. For this attack to be efficient attacker would have to -# effectively slow down the operation by several *orders* of magnitude, -# by ratio of time slice to duration of handful of AES rounds, which -# unlikely to remain unnoticed. Not to mention that this also means -# that he would spend correspondingly more time to collect enough -# statistical data to mount the attack. It's probably appropriate to -# say that if adversary reckons that this attack is beneficial and -# risks to be noticed, you probably have larger problems having him -# mere opportunity. In other words suggested code design expects you -# to preclude/mitigate this attack by overall system security design. -# 2. Attacker manages to make his code interrupt driven. In order for -# this kind of attack to be feasible, interrupt rate has to be high -# enough, again comparable to duration of handful of AES rounds. But -# is there interrupt source of such rate? Hardly, not even 1Gbps NIC -# generates interrupts at such raging rate... -# -# And now back to the former, hyper-threading CPU or more specifically -# Intel P4. Recall that asynchronous attack implies that malicious -# code instruments itself. And naturally instrumentation granularity -# has be noticeably lower than duration of codepath accessing S-box. -# Given that all cache-lines are accessed during that time that is. -# Current implementation accesses *all* cache-lines within ~50 cycles -# window, which is actually *less* than RDTSC latency on Intel P4! - -$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; -push(@INC,"${dir}","${dir}../../perlasm"); -require "x86asm.pl"; - -$output = pop and open STDOUT,">$output"; - -&asm_init($ARGV[0],$x86only = $ARGV[$#ARGV] eq "386"); -&static_label("AES_Te"); -&static_label("AES_Td"); - -$s0="eax"; -$s1="ebx"; -$s2="ecx"; -$s3="edx"; -$key="edi"; -$acc="esi"; -$tbl="ebp"; - -# stack frame layout in _[x86|sse]_AES_* routines, frame is allocated -# by caller -$__ra=&DWP(0,"esp"); # return address -$__s0=&DWP(4,"esp"); # s0 backing store -$__s1=&DWP(8,"esp"); # s1 backing store -$__s2=&DWP(12,"esp"); # s2 backing store -$__s3=&DWP(16,"esp"); # s3 backing store -$__key=&DWP(20,"esp"); # pointer to key schedule -$__end=&DWP(24,"esp"); # pointer to end of key schedule -$__tbl=&DWP(28,"esp"); # %ebp backing store - -# stack frame layout in AES_[en|crypt] routines, which differs from -# above by 4 and overlaps by %ebp backing store -$_tbl=&DWP(24,"esp"); -$_esp=&DWP(28,"esp"); - -sub _data_word() { my $i; while(defined($i=shift)) { &data_word($i,$i); } } - -$speed_limit=512; # chunks smaller than $speed_limit are - # processed with compact routine in CBC mode -$small_footprint=1; # $small_footprint=1 code is ~5% slower [on - # recent µ-archs], but ~5 times smaller! - # I favor compact code to minimize cache - # contention and in hope to "collect" 5% back - # in real-life applications... - -$vertical_spin=0; # shift "vertically" defaults to 0, because of - # its proof-of-concept status... -# Note that there is no decvert(), as well as last encryption round is -# performed with "horizontal" shifts. This is because this "vertical" -# implementation [one which groups shifts on a given $s[i] to form a -# "column," unlike "horizontal" one, which groups shifts on different -# $s[i] to form a "row"] is work in progress. It was observed to run -# few percents faster on Intel cores, but not AMD. On AMD K8 core it's -# whole 12% slower:-( So we face a trade-off... Shall it be resolved -# some day? Till then the code is considered experimental and by -# default remains dormant... - -sub encvert() -{ my ($te,@s) = @_; - my ($v0,$v1) = ($acc,$key); - - &mov ($v0,$s[3]); # copy s3 - &mov (&DWP(4,"esp"),$s[2]); # save s2 - &mov ($v1,$s[0]); # copy s0 - &mov (&DWP(8,"esp"),$s[1]); # save s1 - - &movz ($s[2],&HB($s[0])); - &and ($s[0],0xFF); - &mov ($s[0],&DWP(0,$te,$s[0],8)); # s0>>0 - &shr ($v1,16); - &mov ($s[3],&DWP(3,$te,$s[2],8)); # s0>>8 - &movz ($s[1],&HB($v1)); - &and ($v1,0xFF); - &mov ($s[2],&DWP(2,$te,$v1,8)); # s0>>16 - &mov ($v1,$v0); - &mov ($s[1],&DWP(1,$te,$s[1],8)); # s0>>24 - - &and ($v0,0xFF); - &xor ($s[3],&DWP(0,$te,$v0,8)); # s3>>0 - &movz ($v0,&HB($v1)); - &shr ($v1,16); - &xor ($s[2],&DWP(3,$te,$v0,8)); # s3>>8 - &movz ($v0,&HB($v1)); - &and ($v1,0xFF); - &xor ($s[1],&DWP(2,$te,$v1,8)); # s3>>16 - &mov ($v1,&DWP(4,"esp")); # restore s2 - &xor ($s[0],&DWP(1,$te,$v0,8)); # s3>>24 - - &mov ($v0,$v1); - &and ($v1,0xFF); - &xor ($s[2],&DWP(0,$te,$v1,8)); # s2>>0 - &movz ($v1,&HB($v0)); - &shr ($v0,16); - &xor ($s[1],&DWP(3,$te,$v1,8)); # s2>>8 - &movz ($v1,&HB($v0)); - &and ($v0,0xFF); - &xor ($s[0],&DWP(2,$te,$v0,8)); # s2>>16 - &mov ($v0,&DWP(8,"esp")); # restore s1 - &xor ($s[3],&DWP(1,$te,$v1,8)); # s2>>24 - - &mov ($v1,$v0); - &and ($v0,0xFF); - &xor ($s[1],&DWP(0,$te,$v0,8)); # s1>>0 - &movz ($v0,&HB($v1)); - &shr ($v1,16); - &xor ($s[0],&DWP(3,$te,$v0,8)); # s1>>8 - &movz ($v0,&HB($v1)); - &and ($v1,0xFF); - &xor ($s[3],&DWP(2,$te,$v1,8)); # s1>>16 - &mov ($key,$__key); # reincarnate v1 as key - &xor ($s[2],&DWP(1,$te,$v0,8)); # s1>>24 -} - -# Another experimental routine, which features "horizontal spin," but -# eliminates one reference to stack. Strangely enough runs slower... -sub enchoriz() -{ my ($v0,$v1) = ($key,$acc); - - &movz ($v0,&LB($s0)); # 3, 2, 1, 0* - &rotr ($s2,8); # 8,11,10, 9 - &mov ($v1,&DWP(0,$te,$v0,8)); # 0 - &movz ($v0,&HB($s1)); # 7, 6, 5*, 4 - &rotr ($s3,16); # 13,12,15,14 - &xor ($v1,&DWP(3,$te,$v0,8)); # 5 - &movz ($v0,&HB($s2)); # 8,11,10*, 9 - &rotr ($s0,16); # 1, 0, 3, 2 - &xor ($v1,&DWP(2,$te,$v0,8)); # 10 - &movz ($v0,&HB($s3)); # 13,12,15*,14 - &xor ($v1,&DWP(1,$te,$v0,8)); # 15, t[0] collected - &mov ($__s0,$v1); # t[0] saved - - &movz ($v0,&LB($s1)); # 7, 6, 5, 4* - &shr ($s1,16); # -, -, 7, 6 - &mov ($v1,&DWP(0,$te,$v0,8)); # 4 - &movz ($v0,&LB($s3)); # 13,12,15,14* - &xor ($v1,&DWP(2,$te,$v0,8)); # 14 - &movz ($v0,&HB($s0)); # 1, 0, 3*, 2 - &and ($s3,0xffff0000); # 13,12, -, - - &xor ($v1,&DWP(1,$te,$v0,8)); # 3 - &movz ($v0,&LB($s2)); # 8,11,10, 9* - &or ($s3,$s1); # 13,12, 7, 6 - &xor ($v1,&DWP(3,$te,$v0,8)); # 9, t[1] collected - &mov ($s1,$v1); # s[1]=t[1] - - &movz ($v0,&LB($s0)); # 1, 0, 3, 2* - &shr ($s2,16); # -, -, 8,11 - &mov ($v1,&DWP(2,$te,$v0,8)); # 2 - &movz ($v0,&HB($s3)); # 13,12, 7*, 6 - &xor ($v1,&DWP(1,$te,$v0,8)); # 7 - &movz ($v0,&HB($s2)); # -, -, 8*,11 - &xor ($v1,&DWP(0,$te,$v0,8)); # 8 - &mov ($v0,$s3); - &shr ($v0,24); # 13 - &xor ($v1,&DWP(3,$te,$v0,8)); # 13, t[2] collected - - &movz ($v0,&LB($s2)); # -, -, 8,11* - &shr ($s0,24); # 1* - &mov ($s2,&DWP(1,$te,$v0,8)); # 11 - &xor ($s2,&DWP(3,$te,$s0,8)); # 1 - &mov ($s0,$__s0); # s[0]=t[0] - &movz ($v0,&LB($s3)); # 13,12, 7, 6* - &shr ($s3,16); # , ,13,12 - &xor ($s2,&DWP(2,$te,$v0,8)); # 6 - &mov ($key,$__key); # reincarnate v0 as key - &and ($s3,0xff); # , ,13,12* - &mov ($s3,&DWP(0,$te,$s3,8)); # 12 - &xor ($s3,$s2); # s[2]=t[3] collected - &mov ($s2,$v1); # s[2]=t[2] -} - -# More experimental code... SSE one... Even though this one eliminates -# *all* references to stack, it's not faster... -sub sse_encbody() -{ - &movz ($acc,&LB("eax")); # 0 - &mov ("ecx",&DWP(0,$tbl,$acc,8)); # 0 - &pshufw ("mm2","mm0",0x0d); # 7, 6, 3, 2 - &movz ("edx",&HB("eax")); # 1 - &mov ("edx",&DWP(3,$tbl,"edx",8)); # 1 - &shr ("eax",16); # 5, 4 - - &movz ($acc,&LB("ebx")); # 10 - &xor ("ecx",&DWP(2,$tbl,$acc,8)); # 10 - &pshufw ("mm6","mm4",0x08); # 13,12, 9, 8 - &movz ($acc,&HB("ebx")); # 11 - &xor ("edx",&DWP(1,$tbl,$acc,8)); # 11 - &shr ("ebx",16); # 15,14 - - &movz ($acc,&HB("eax")); # 5 - &xor ("ecx",&DWP(3,$tbl,$acc,8)); # 5 - &movq ("mm3",QWP(16,$key)); - &movz ($acc,&HB("ebx")); # 15 - &xor ("ecx",&DWP(1,$tbl,$acc,8)); # 15 - &movd ("mm0","ecx"); # t[0] collected - - &movz ($acc,&LB("eax")); # 4 - &mov ("ecx",&DWP(0,$tbl,$acc,8)); # 4 - &movd ("eax","mm2"); # 7, 6, 3, 2 - &movz ($acc,&LB("ebx")); # 14 - &xor ("ecx",&DWP(2,$tbl,$acc,8)); # 14 - &movd ("ebx","mm6"); # 13,12, 9, 8 - - &movz ($acc,&HB("eax")); # 3 - &xor ("ecx",&DWP(1,$tbl,$acc,8)); # 3 - &movz ($acc,&HB("ebx")); # 9 - &xor ("ecx",&DWP(3,$tbl,$acc,8)); # 9 - &movd ("mm1","ecx"); # t[1] collected - - &movz ($acc,&LB("eax")); # 2 - &mov ("ecx",&DWP(2,$tbl,$acc,8)); # 2 - &shr ("eax",16); # 7, 6 - &punpckldq ("mm0","mm1"); # t[0,1] collected - &movz ($acc,&LB("ebx")); # 8 - &xor ("ecx",&DWP(0,$tbl,$acc,8)); # 8 - &shr ("ebx",16); # 13,12 - - &movz ($acc,&HB("eax")); # 7 - &xor ("ecx",&DWP(1,$tbl,$acc,8)); # 7 - &pxor ("mm0","mm3"); - &movz ("eax",&LB("eax")); # 6 - &xor ("edx",&DWP(2,$tbl,"eax",8)); # 6 - &pshufw ("mm1","mm0",0x08); # 5, 4, 1, 0 - &movz ($acc,&HB("ebx")); # 13 - &xor ("ecx",&DWP(3,$tbl,$acc,8)); # 13 - &xor ("ecx",&DWP(24,$key)); # t[2] - &movd ("mm4","ecx"); # t[2] collected - &movz ("ebx",&LB("ebx")); # 12 - &xor ("edx",&DWP(0,$tbl,"ebx",8)); # 12 - &shr ("ecx",16); - &movd ("eax","mm1"); # 5, 4, 1, 0 - &mov ("ebx",&DWP(28,$key)); # t[3] - &xor ("ebx","edx"); - &movd ("mm5","ebx"); # t[3] collected - &and ("ebx",0xffff0000); - &or ("ebx","ecx"); - - &punpckldq ("mm4","mm5"); # t[2,3] collected -} - -###################################################################### -# "Compact" block function -###################################################################### - -sub enccompact() -{ my $Fn = \&mov; - while ($#_>5) { pop(@_); $Fn=sub{}; } - my ($i,$te,@s)=@_; - my $tmp = $key; - my $out = $i==3?$s[0]:$acc; - - # $Fn is used in first compact round and its purpose is to - # void restoration of some values from stack, so that after - # 4xenccompact with extra argument $key value is left there... - if ($i==3) { &$Fn ($key,$__key); }##%edx - else { &mov ($out,$s[0]); } - &and ($out,0xFF); - if ($i==1) { &shr ($s[0],16); }#%ebx[1] - if ($i==2) { &shr ($s[0],24); }#%ecx[2] - &movz ($out,&BP(-128,$te,$out,1)); - - if ($i==3) { $tmp=$s[1]; }##%eax - &movz ($tmp,&HB($s[1])); - &movz ($tmp,&BP(-128,$te,$tmp,1)); - &shl ($tmp,8); - &xor ($out,$tmp); - - if ($i==3) { $tmp=$s[2]; &mov ($s[1],$__s0); }##%ebx - else { &mov ($tmp,$s[2]); - &shr ($tmp,16); } - if ($i==2) { &and ($s[1],0xFF); }#%edx[2] - &and ($tmp,0xFF); - &movz ($tmp,&BP(-128,$te,$tmp,1)); - &shl ($tmp,16); - &xor ($out,$tmp); - - if ($i==3) { $tmp=$s[3]; &mov ($s[2],$__s1); }##%ecx - elsif($i==2){ &movz ($tmp,&HB($s[3])); }#%ebx[2] - else { &mov ($tmp,$s[3]); - &shr ($tmp,24); } - &movz ($tmp,&BP(-128,$te,$tmp,1)); - &shl ($tmp,24); - &xor ($out,$tmp); - if ($i<2) { &mov (&DWP(4+4*$i,"esp"),$out); } - if ($i==3) { &mov ($s[3],$acc); } - &comment(); -} - -sub enctransform() -{ my @s = ($s0,$s1,$s2,$s3); - my $i = shift; - my $tmp = $tbl; - my $r2 = $key ; - - &and ($tmp,$s[$i]); - &lea ($r2,&DWP(0,$s[$i],$s[$i])); - &mov ($acc,$tmp); - &shr ($tmp,7); - &and ($r2,0xfefefefe); - &sub ($acc,$tmp); - &mov ($tmp,$s[$i]); - &and ($acc,0x1b1b1b1b); - &rotr ($tmp,16); - &xor ($acc,$r2); # r2 - &mov ($r2,$s[$i]); - - &xor ($s[$i],$acc); # r0 ^ r2 - &rotr ($r2,16+8); - &xor ($acc,$tmp); - &rotl ($s[$i],24); - &xor ($acc,$r2); - &mov ($tmp,0x80808080) if ($i!=1); - &xor ($s[$i],$acc); # ROTATE(r2^r0,24) ^ r2 -} - -&function_begin_B("_x86_AES_encrypt_compact"); - # note that caller is expected to allocate stack frame for me! - &mov ($__key,$key); # save key - - &xor ($s0,&DWP(0,$key)); # xor with key - &xor ($s1,&DWP(4,$key)); - &xor ($s2,&DWP(8,$key)); - &xor ($s3,&DWP(12,$key)); - - &mov ($acc,&DWP(240,$key)); # load key->rounds - &lea ($acc,&DWP(-2,$acc,$acc)); - &lea ($acc,&DWP(0,$key,$acc,8)); - &mov ($__end,$acc); # end of key schedule - - # prefetch Te4 - &mov ($key,&DWP(0-128,$tbl)); - &mov ($acc,&DWP(32-128,$tbl)); - &mov ($key,&DWP(64-128,$tbl)); - &mov ($acc,&DWP(96-128,$tbl)); - &mov ($key,&DWP(128-128,$tbl)); - &mov ($acc,&DWP(160-128,$tbl)); - &mov ($key,&DWP(192-128,$tbl)); - &mov ($acc,&DWP(224-128,$tbl)); - - &set_label("loop",16); - - &enccompact(0,$tbl,$s0,$s1,$s2,$s3,1); - &enccompact(1,$tbl,$s1,$s2,$s3,$s0,1); - &enccompact(2,$tbl,$s2,$s3,$s0,$s1,1); - &enccompact(3,$tbl,$s3,$s0,$s1,$s2,1); - &mov ($tbl,0x80808080); - &enctransform(2); - &enctransform(3); - &enctransform(0); - &enctransform(1); - &mov ($key,$__key); - &mov ($tbl,$__tbl); - &add ($key,16); # advance rd_key - &xor ($s0,&DWP(0,$key)); - &xor ($s1,&DWP(4,$key)); - &xor ($s2,&DWP(8,$key)); - &xor ($s3,&DWP(12,$key)); - - &cmp ($key,$__end); - &mov ($__key,$key); - &jb (&label("loop")); - - &enccompact(0,$tbl,$s0,$s1,$s2,$s3); - &enccompact(1,$tbl,$s1,$s2,$s3,$s0); - &enccompact(2,$tbl,$s2,$s3,$s0,$s1); - &enccompact(3,$tbl,$s3,$s0,$s1,$s2); - - &xor ($s0,&DWP(16,$key)); - &xor ($s1,&DWP(20,$key)); - &xor ($s2,&DWP(24,$key)); - &xor ($s3,&DWP(28,$key)); - - &ret (); -&function_end_B("_x86_AES_encrypt_compact"); - -###################################################################### -# "Compact" SSE block function. -###################################################################### -# -# Performance is not actually extraordinary in comparison to pure -# x86 code. In particular encrypt performance is virtually the same. -# Decrypt performance on the other hand is 15-20% better on newer -# µ-archs [but we're thankful for *any* improvement here], and ~50% -# better on PIII:-) And additionally on the pros side this code -# eliminates redundant references to stack and thus relieves/ -# minimizes the pressure on the memory bus. -# -# MMX register layout lsb -# +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ -# | mm4 | mm0 | -# +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ -# | s3 | s2 | s1 | s0 | -# +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ -# |15|14|13|12|11|10| 9| 8| 7| 6| 5| 4| 3| 2| 1| 0| -# +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ -# -# Indexes translate as s[N/4]>>(8*(N%4)), e.g. 5 means s1>>8. -# In this terms encryption and decryption "compact" permutation -# matrices can be depicted as following: -# -# encryption lsb # decryption lsb -# +----++----+----+----+----+ # +----++----+----+----+----+ -# | t0 || 15 | 10 | 5 | 0 | # | t0 || 7 | 10 | 13 | 0 | -# +----++----+----+----+----+ # +----++----+----+----+----+ -# | t1 || 3 | 14 | 9 | 4 | # | t1 || 11 | 14 | 1 | 4 | -# +----++----+----+----+----+ # +----++----+----+----+----+ -# | t2 || 7 | 2 | 13 | 8 | # | t2 || 15 | 2 | 5 | 8 | -# +----++----+----+----+----+ # +----++----+----+----+----+ -# | t3 || 11 | 6 | 1 | 12 | # | t3 || 3 | 6 | 9 | 12 | -# +----++----+----+----+----+ # +----++----+----+----+----+ -# -###################################################################### -# Why not xmm registers? Short answer. It was actually tested and -# was not any faster, but *contrary*, most notably on Intel CPUs. -# Longer answer. Main advantage of using mm registers is that movd -# latency is lower, especially on Intel P4. While arithmetic -# instructions are twice as many, they can be scheduled every cycle -# and not every second one when they are operating on xmm register, -# so that "arithmetic throughput" remains virtually the same. And -# finally the code can be executed even on elder SSE-only CPUs:-) - -sub sse_enccompact() -{ - &pshufw ("mm1","mm0",0x08); # 5, 4, 1, 0 - &pshufw ("mm5","mm4",0x0d); # 15,14,11,10 - &movd ("eax","mm1"); # 5, 4, 1, 0 - &movd ("ebx","mm5"); # 15,14,11,10 - &mov ($__key,$key); - - &movz ($acc,&LB("eax")); # 0 - &movz ("edx",&HB("eax")); # 1 - &pshufw ("mm2","mm0",0x0d); # 7, 6, 3, 2 - &movz ("ecx",&BP(-128,$tbl,$acc,1)); # 0 - &movz ($key,&LB("ebx")); # 10 - &movz ("edx",&BP(-128,$tbl,"edx",1)); # 1 - &shr ("eax",16); # 5, 4 - &shl ("edx",8); # 1 - - &movz ($acc,&BP(-128,$tbl,$key,1)); # 10 - &movz ($key,&HB("ebx")); # 11 - &shl ($acc,16); # 10 - &pshufw ("mm6","mm4",0x08); # 13,12, 9, 8 - &or ("ecx",$acc); # 10 - &movz ($acc,&BP(-128,$tbl,$key,1)); # 11 - &movz ($key,&HB("eax")); # 5 - &shl ($acc,24); # 11 - &shr ("ebx",16); # 15,14 - &or ("edx",$acc); # 11 - - &movz ($acc,&BP(-128,$tbl,$key,1)); # 5 - &movz ($key,&HB("ebx")); # 15 - &shl ($acc,8); # 5 - &or ("ecx",$acc); # 5 - &movz ($acc,&BP(-128,$tbl,$key,1)); # 15 - &movz ($key,&LB("eax")); # 4 - &shl ($acc,24); # 15 - &or ("ecx",$acc); # 15 - - &movz ($acc,&BP(-128,$tbl,$key,1)); # 4 - &movz ($key,&LB("ebx")); # 14 - &movd ("eax","mm2"); # 7, 6, 3, 2 - &movd ("mm0","ecx"); # t[0] collected - &movz ("ecx",&BP(-128,$tbl,$key,1)); # 14 - &movz ($key,&HB("eax")); # 3 - &shl ("ecx",16); # 14 - &movd ("ebx","mm6"); # 13,12, 9, 8 - &or ("ecx",$acc); # 14 - - &movz ($acc,&BP(-128,$tbl,$key,1)); # 3 - &movz ($key,&HB("ebx")); # 9 - &shl ($acc,24); # 3 - &or ("ecx",$acc); # 3 - &movz ($acc,&BP(-128,$tbl,$key,1)); # 9 - &movz ($key,&LB("ebx")); # 8 - &shl ($acc,8); # 9 - &shr ("ebx",16); # 13,12 - &or ("ecx",$acc); # 9 - - &movz ($acc,&BP(-128,$tbl,$key,1)); # 8 - &movz ($key,&LB("eax")); # 2 - &shr ("eax",16); # 7, 6 - &movd ("mm1","ecx"); # t[1] collected - &movz ("ecx",&BP(-128,$tbl,$key,1)); # 2 - &movz ($key,&HB("eax")); # 7 - &shl ("ecx",16); # 2 - &and ("eax",0xff); # 6 - &or ("ecx",$acc); # 2 - - &punpckldq ("mm0","mm1"); # t[0,1] collected - - &movz ($acc,&BP(-128,$tbl,$key,1)); # 7 - &movz ($key,&HB("ebx")); # 13 - &shl ($acc,24); # 7 - &and ("ebx",0xff); # 12 - &movz ("eax",&BP(-128,$tbl,"eax",1)); # 6 - &or ("ecx",$acc); # 7 - &shl ("eax",16); # 6 - &movz ($acc,&BP(-128,$tbl,$key,1)); # 13 - &or ("edx","eax"); # 6 - &shl ($acc,8); # 13 - &movz ("ebx",&BP(-128,$tbl,"ebx",1)); # 12 - &or ("ecx",$acc); # 13 - &or ("edx","ebx"); # 12 - &mov ($key,$__key); - &movd ("mm4","ecx"); # t[2] collected - &movd ("mm5","edx"); # t[3] collected - - &punpckldq ("mm4","mm5"); # t[2,3] collected -} - - if (!$x86only) { -&function_begin_B("_sse_AES_encrypt_compact"); - &pxor ("mm0",&QWP(0,$key)); # 7, 6, 5, 4, 3, 2, 1, 0 - &pxor ("mm4",&QWP(8,$key)); # 15,14,13,12,11,10, 9, 8 - - # note that caller is expected to allocate stack frame for me! - &mov ($acc,&DWP(240,$key)); # load key->rounds - &lea ($acc,&DWP(-2,$acc,$acc)); - &lea ($acc,&DWP(0,$key,$acc,8)); - &mov ($__end,$acc); # end of key schedule - - &mov ($s0,0x1b1b1b1b); # magic constant - &mov (&DWP(8,"esp"),$s0); - &mov (&DWP(12,"esp"),$s0); - - # prefetch Te4 - &mov ($s0,&DWP(0-128,$tbl)); - &mov ($s1,&DWP(32-128,$tbl)); - &mov ($s2,&DWP(64-128,$tbl)); - &mov ($s3,&DWP(96-128,$tbl)); - &mov ($s0,&DWP(128-128,$tbl)); - &mov ($s1,&DWP(160-128,$tbl)); - &mov ($s2,&DWP(192-128,$tbl)); - &mov ($s3,&DWP(224-128,$tbl)); - - &set_label("loop",16); - &sse_enccompact(); - &add ($key,16); - &cmp ($key,$__end); - &ja (&label("out")); - - &movq ("mm2",&QWP(8,"esp")); - &pxor ("mm3","mm3"); &pxor ("mm7","mm7"); - &movq ("mm1","mm0"); &movq ("mm5","mm4"); # r0 - &pcmpgtb("mm3","mm0"); &pcmpgtb("mm7","mm4"); - &pand ("mm3","mm2"); &pand ("mm7","mm2"); - &pshufw ("mm2","mm0",0xb1); &pshufw ("mm6","mm4",0xb1);# ROTATE(r0,16) - &paddb ("mm0","mm0"); &paddb ("mm4","mm4"); - &pxor ("mm0","mm3"); &pxor ("mm4","mm7"); # = r2 - &pshufw ("mm3","mm2",0xb1); &pshufw ("mm7","mm6",0xb1);# r0 - &pxor ("mm1","mm0"); &pxor ("mm5","mm4"); # r0^r2 - &pxor ("mm0","mm2"); &pxor ("mm4","mm6"); # ^= ROTATE(r0,16) - - &movq ("mm2","mm3"); &movq ("mm6","mm7"); - &pslld ("mm3",8); &pslld ("mm7",8); - &psrld ("mm2",24); &psrld ("mm6",24); - &pxor ("mm0","mm3"); &pxor ("mm4","mm7"); # ^= r0<<8 - &pxor ("mm0","mm2"); &pxor ("mm4","mm6"); # ^= r0>>24 - - &movq ("mm3","mm1"); &movq ("mm7","mm5"); - &movq ("mm2",&QWP(0,$key)); &movq ("mm6",&QWP(8,$key)); - &psrld ("mm1",8); &psrld ("mm5",8); - &mov ($s0,&DWP(0-128,$tbl)); - &pslld ("mm3",24); &pslld ("mm7",24); - &mov ($s1,&DWP(64-128,$tbl)); - &pxor ("mm0","mm1"); &pxor ("mm4","mm5"); # ^= (r2^r0)<<8 - &mov ($s2,&DWP(128-128,$tbl)); - &pxor ("mm0","mm3"); &pxor ("mm4","mm7"); # ^= (r2^r0)>>24 - &mov ($s3,&DWP(192-128,$tbl)); - - &pxor ("mm0","mm2"); &pxor ("mm4","mm6"); - &jmp (&label("loop")); - - &set_label("out",16); - &pxor ("mm0",&QWP(0,$key)); - &pxor ("mm4",&QWP(8,$key)); - - &ret (); -&function_end_B("_sse_AES_encrypt_compact"); - } - -###################################################################### -# Vanilla block function. -###################################################################### - -sub encstep() -{ my ($i,$te,@s) = @_; - my $tmp = $key; - my $out = $i==3?$s[0]:$acc; - - # lines marked with #%e?x[i] denote "reordered" instructions... - if ($i==3) { &mov ($key,$__key); }##%edx - else { &mov ($out,$s[0]); - &and ($out,0xFF); } - if ($i==1) { &shr ($s[0],16); }#%ebx[1] - if ($i==2) { &shr ($s[0],24); }#%ecx[2] - &mov ($out,&DWP(0,$te,$out,8)); - - if ($i==3) { $tmp=$s[1]; }##%eax - &movz ($tmp,&HB($s[1])); - &xor ($out,&DWP(3,$te,$tmp,8)); - - if ($i==3) { $tmp=$s[2]; &mov ($s[1],$__s0); }##%ebx - else { &mov ($tmp,$s[2]); - &shr ($tmp,16); } - if ($i==2) { &and ($s[1],0xFF); }#%edx[2] - &and ($tmp,0xFF); - &xor ($out,&DWP(2,$te,$tmp,8)); - - if ($i==3) { $tmp=$s[3]; &mov ($s[2],$__s1); }##%ecx - elsif($i==2){ &movz ($tmp,&HB($s[3])); }#%ebx[2] - else { &mov ($tmp,$s[3]); - &shr ($tmp,24) } - &xor ($out,&DWP(1,$te,$tmp,8)); - if ($i<2) { &mov (&DWP(4+4*$i,"esp"),$out); } - if ($i==3) { &mov ($s[3],$acc); } - &comment(); -} - -sub enclast() -{ my ($i,$te,@s)=@_; - my $tmp = $key; - my $out = $i==3?$s[0]:$acc; - - if ($i==3) { &mov ($key,$__key); }##%edx - else { &mov ($out,$s[0]); } - &and ($out,0xFF); - if ($i==1) { &shr ($s[0],16); }#%ebx[1] - if ($i==2) { &shr ($s[0],24); }#%ecx[2] - &mov ($out,&DWP(2,$te,$out,8)); - &and ($out,0x000000ff); - - if ($i==3) { $tmp=$s[1]; }##%eax - &movz ($tmp,&HB($s[1])); - &mov ($tmp,&DWP(0,$te,$tmp,8)); - &and ($tmp,0x0000ff00); - &xor ($out,$tmp); - - if ($i==3) { $tmp=$s[2]; &mov ($s[1],$__s0); }##%ebx - else { &mov ($tmp,$s[2]); - &shr ($tmp,16); } - if ($i==2) { &and ($s[1],0xFF); }#%edx[2] - &and ($tmp,0xFF); - &mov ($tmp,&DWP(0,$te,$tmp,8)); - &and ($tmp,0x00ff0000); - &xor ($out,$tmp); - - if ($i==3) { $tmp=$s[3]; &mov ($s[2],$__s1); }##%ecx - elsif($i==2){ &movz ($tmp,&HB($s[3])); }#%ebx[2] - else { &mov ($tmp,$s[3]); - &shr ($tmp,24); } - &mov ($tmp,&DWP(2,$te,$tmp,8)); - &and ($tmp,0xff000000); - &xor ($out,$tmp); - if ($i<2) { &mov (&DWP(4+4*$i,"esp"),$out); } - if ($i==3) { &mov ($s[3],$acc); } -} - -&function_begin_B("_x86_AES_encrypt"); - if ($vertical_spin) { - # I need high parts of volatile registers to be accessible... - &exch ($s1="edi",$key="ebx"); - &mov ($s2="esi",$acc="ecx"); - } - - # note that caller is expected to allocate stack frame for me! - &mov ($__key,$key); # save key - - &xor ($s0,&DWP(0,$key)); # xor with key - &xor ($s1,&DWP(4,$key)); - &xor ($s2,&DWP(8,$key)); - &xor ($s3,&DWP(12,$key)); - - &mov ($acc,&DWP(240,$key)); # load key->rounds - - if ($small_footprint) { - &lea ($acc,&DWP(-2,$acc,$acc)); - &lea ($acc,&DWP(0,$key,$acc,8)); - &mov ($__end,$acc); # end of key schedule - - &set_label("loop",16); - if ($vertical_spin) { - &encvert($tbl,$s0,$s1,$s2,$s3); - } else { - &encstep(0,$tbl,$s0,$s1,$s2,$s3); - &encstep(1,$tbl,$s1,$s2,$s3,$s0); - &encstep(2,$tbl,$s2,$s3,$s0,$s1); - &encstep(3,$tbl,$s3,$s0,$s1,$s2); - } - &add ($key,16); # advance rd_key - &xor ($s0,&DWP(0,$key)); - &xor ($s1,&DWP(4,$key)); - &xor ($s2,&DWP(8,$key)); - &xor ($s3,&DWP(12,$key)); - &cmp ($key,$__end); - &mov ($__key,$key); - &jb (&label("loop")); - } - else { - &cmp ($acc,10); - &jle (&label("10rounds")); - &cmp ($acc,12); - &jle (&label("12rounds")); - - &set_label("14rounds",4); - for ($i=1;$i<3;$i++) { - if ($vertical_spin) { - &encvert($tbl,$s0,$s1,$s2,$s3); - } else { - &encstep(0,$tbl,$s0,$s1,$s2,$s3); - &encstep(1,$tbl,$s1,$s2,$s3,$s0); - &encstep(2,$tbl,$s2,$s3,$s0,$s1); - &encstep(3,$tbl,$s3,$s0,$s1,$s2); - } - &xor ($s0,&DWP(16*$i+0,$key)); - &xor ($s1,&DWP(16*$i+4,$key)); - &xor ($s2,&DWP(16*$i+8,$key)); - &xor ($s3,&DWP(16*$i+12,$key)); - } - &add ($key,32); - &mov ($__key,$key); # advance rd_key - &set_label("12rounds",4); - for ($i=1;$i<3;$i++) { - if ($vertical_spin) { - &encvert($tbl,$s0,$s1,$s2,$s3); - } else { - &encstep(0,$tbl,$s0,$s1,$s2,$s3); - &encstep(1,$tbl,$s1,$s2,$s3,$s0); - &encstep(2,$tbl,$s2,$s3,$s0,$s1); - &encstep(3,$tbl,$s3,$s0,$s1,$s2); - } - &xor ($s0,&DWP(16*$i+0,$key)); - &xor ($s1,&DWP(16*$i+4,$key)); - &xor ($s2,&DWP(16*$i+8,$key)); - &xor ($s3,&DWP(16*$i+12,$key)); - } - &add ($key,32); - &mov ($__key,$key); # advance rd_key - &set_label("10rounds",4); - for ($i=1;$i<10;$i++) { - if ($vertical_spin) { - &encvert($tbl,$s0,$s1,$s2,$s3); - } else { - &encstep(0,$tbl,$s0,$s1,$s2,$s3); - &encstep(1,$tbl,$s1,$s2,$s3,$s0); - &encstep(2,$tbl,$s2,$s3,$s0,$s1); - &encstep(3,$tbl,$s3,$s0,$s1,$s2); - } - &xor ($s0,&DWP(16*$i+0,$key)); - &xor ($s1,&DWP(16*$i+4,$key)); - &xor ($s2,&DWP(16*$i+8,$key)); - &xor ($s3,&DWP(16*$i+12,$key)); - } - } - - if ($vertical_spin) { - # "reincarnate" some registers for "horizontal" spin... - &mov ($s1="ebx",$key="edi"); - &mov ($s2="ecx",$acc="esi"); - } - &enclast(0,$tbl,$s0,$s1,$s2,$s3); - &enclast(1,$tbl,$s1,$s2,$s3,$s0); - &enclast(2,$tbl,$s2,$s3,$s0,$s1); - &enclast(3,$tbl,$s3,$s0,$s1,$s2); - - &add ($key,$small_footprint?16:160); - &xor ($s0,&DWP(0,$key)); - &xor ($s1,&DWP(4,$key)); - &xor ($s2,&DWP(8,$key)); - &xor ($s3,&DWP(12,$key)); - - &ret (); - -&set_label("AES_Te",64); # Yes! I keep it in the code segment! - &_data_word(0xa56363c6, 0x847c7cf8, 0x997777ee, 0x8d7b7bf6); - &_data_word(0x0df2f2ff, 0xbd6b6bd6, 0xb16f6fde, 0x54c5c591); - &_data_word(0x50303060, 0x03010102, 0xa96767ce, 0x7d2b2b56); - &_data_word(0x19fefee7, 0x62d7d7b5, 0xe6abab4d, 0x9a7676ec); - &_data_word(0x45caca8f, 0x9d82821f, 0x40c9c989, 0x877d7dfa); - &_data_word(0x15fafaef, 0xeb5959b2, 0xc947478e, 0x0bf0f0fb); - &_data_word(0xecadad41, 0x67d4d4b3, 0xfda2a25f, 0xeaafaf45); - &_data_word(0xbf9c9c23, 0xf7a4a453, 0x967272e4, 0x5bc0c09b); - &_data_word(0xc2b7b775, 0x1cfdfde1, 0xae93933d, 0x6a26264c); - &_data_word(0x5a36366c, 0x413f3f7e, 0x02f7f7f5, 0x4fcccc83); - &_data_word(0x5c343468, 0xf4a5a551, 0x34e5e5d1, 0x08f1f1f9); - &_data_word(0x937171e2, 0x73d8d8ab, 0x53313162, 0x3f15152a); - &_data_word(0x0c040408, 0x52c7c795, 0x65232346, 0x5ec3c39d); - &_data_word(0x28181830, 0xa1969637, 0x0f05050a, 0xb59a9a2f); - &_data_word(0x0907070e, 0x36121224, 0x9b80801b, 0x3de2e2df); - &_data_word(0x26ebebcd, 0x6927274e, 0xcdb2b27f, 0x9f7575ea); - &_data_word(0x1b090912, 0x9e83831d, 0x742c2c58, 0x2e1a1a34); - &_data_word(0x2d1b1b36, 0xb26e6edc, 0xee5a5ab4, 0xfba0a05b); - &_data_word(0xf65252a4, 0x4d3b3b76, 0x61d6d6b7, 0xceb3b37d); - &_data_word(0x7b292952, 0x3ee3e3dd, 0x712f2f5e, 0x97848413); - &_data_word(0xf55353a6, 0x68d1d1b9, 0x00000000, 0x2cededc1); - &_data_word(0x60202040, 0x1ffcfce3, 0xc8b1b179, 0xed5b5bb6); - &_data_word(0xbe6a6ad4, 0x46cbcb8d, 0xd9bebe67, 0x4b393972); - &_data_word(0xde4a4a94, 0xd44c4c98, 0xe85858b0, 0x4acfcf85); - &_data_word(0x6bd0d0bb, 0x2aefefc5, 0xe5aaaa4f, 0x16fbfbed); - &_data_word(0xc5434386, 0xd74d4d9a, 0x55333366, 0x94858511); - &_data_word(0xcf45458a, 0x10f9f9e9, 0x06020204, 0x817f7ffe); - &_data_word(0xf05050a0, 0x443c3c78, 0xba9f9f25, 0xe3a8a84b); - &_data_word(0xf35151a2, 0xfea3a35d, 0xc0404080, 0x8a8f8f05); - &_data_word(0xad92923f, 0xbc9d9d21, 0x48383870, 0x04f5f5f1); - &_data_word(0xdfbcbc63, 0xc1b6b677, 0x75dadaaf, 0x63212142); - &_data_word(0x30101020, 0x1affffe5, 0x0ef3f3fd, 0x6dd2d2bf); - &_data_word(0x4ccdcd81, 0x140c0c18, 0x35131326, 0x2fececc3); - &_data_word(0xe15f5fbe, 0xa2979735, 0xcc444488, 0x3917172e); - &_data_word(0x57c4c493, 0xf2a7a755, 0x827e7efc, 0x473d3d7a); - &_data_word(0xac6464c8, 0xe75d5dba, 0x2b191932, 0x957373e6); - &_data_word(0xa06060c0, 0x98818119, 0xd14f4f9e, 0x7fdcdca3); - &_data_word(0x66222244, 0x7e2a2a54, 0xab90903b, 0x8388880b); - &_data_word(0xca46468c, 0x29eeeec7, 0xd3b8b86b, 0x3c141428); - &_data_word(0x79dedea7, 0xe25e5ebc, 0x1d0b0b16, 0x76dbdbad); - &_data_word(0x3be0e0db, 0x56323264, 0x4e3a3a74, 0x1e0a0a14); - &_data_word(0xdb494992, 0x0a06060c, 0x6c242448, 0xe45c5cb8); - &_data_word(0x5dc2c29f, 0x6ed3d3bd, 0xefacac43, 0xa66262c4); - &_data_word(0xa8919139, 0xa4959531, 0x37e4e4d3, 0x8b7979f2); - &_data_word(0x32e7e7d5, 0x43c8c88b, 0x5937376e, 0xb76d6dda); - &_data_word(0x8c8d8d01, 0x64d5d5b1, 0xd24e4e9c, 0xe0a9a949); - &_data_word(0xb46c6cd8, 0xfa5656ac, 0x07f4f4f3, 0x25eaeacf); - &_data_word(0xaf6565ca, 0x8e7a7af4, 0xe9aeae47, 0x18080810); - &_data_word(0xd5baba6f, 0x887878f0, 0x6f25254a, 0x722e2e5c); - &_data_word(0x241c1c38, 0xf1a6a657, 0xc7b4b473, 0x51c6c697); - &_data_word(0x23e8e8cb, 0x7cdddda1, 0x9c7474e8, 0x211f1f3e); - &_data_word(0xdd4b4b96, 0xdcbdbd61, 0x868b8b0d, 0x858a8a0f); - &_data_word(0x907070e0, 0x423e3e7c, 0xc4b5b571, 0xaa6666cc); - &_data_word(0xd8484890, 0x05030306, 0x01f6f6f7, 0x120e0e1c); - &_data_word(0xa36161c2, 0x5f35356a, 0xf95757ae, 0xd0b9b969); - &_data_word(0x91868617, 0x58c1c199, 0x271d1d3a, 0xb99e9e27); - &_data_word(0x38e1e1d9, 0x13f8f8eb, 0xb398982b, 0x33111122); - &_data_word(0xbb6969d2, 0x70d9d9a9, 0x898e8e07, 0xa7949433); - &_data_word(0xb69b9b2d, 0x221e1e3c, 0x92878715, 0x20e9e9c9); - &_data_word(0x49cece87, 0xff5555aa, 0x78282850, 0x7adfdfa5); - &_data_word(0x8f8c8c03, 0xf8a1a159, 0x80898909, 0x170d0d1a); - &_data_word(0xdabfbf65, 0x31e6e6d7, 0xc6424284, 0xb86868d0); - &_data_word(0xc3414182, 0xb0999929, 0x772d2d5a, 0x110f0f1e); - &_data_word(0xcbb0b07b, 0xfc5454a8, 0xd6bbbb6d, 0x3a16162c); - -#Te4 # four copies of Te4 to choose from to avoid L1 aliasing - &data_byte(0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5); - &data_byte(0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76); - &data_byte(0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0); - &data_byte(0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0); - &data_byte(0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc); - &data_byte(0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15); - &data_byte(0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a); - &data_byte(0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75); - &data_byte(0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0); - &data_byte(0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84); - &data_byte(0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b); - &data_byte(0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf); - &data_byte(0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85); - &data_byte(0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8); - &data_byte(0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5); - &data_byte(0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2); - &data_byte(0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17); - &data_byte(0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73); - &data_byte(0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88); - &data_byte(0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb); - &data_byte(0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c); - &data_byte(0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79); - &data_byte(0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9); - &data_byte(0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08); - &data_byte(0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6); - &data_byte(0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a); - &data_byte(0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e); - &data_byte(0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e); - &data_byte(0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94); - &data_byte(0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf); - &data_byte(0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68); - &data_byte(0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16); - - &data_byte(0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5); - &data_byte(0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76); - &data_byte(0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0); - &data_byte(0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0); - &data_byte(0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc); - &data_byte(0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15); - &data_byte(0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a); - &data_byte(0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75); - &data_byte(0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0); - &data_byte(0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84); - &data_byte(0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b); - &data_byte(0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf); - &data_byte(0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85); - &data_byte(0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8); - &data_byte(0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5); - &data_byte(0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2); - &data_byte(0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17); - &data_byte(0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73); - &data_byte(0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88); - &data_byte(0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb); - &data_byte(0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c); - &data_byte(0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79); - &data_byte(0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9); - &data_byte(0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08); - &data_byte(0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6); - &data_byte(0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a); - &data_byte(0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e); - &data_byte(0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e); - &data_byte(0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94); - &data_byte(0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf); - &data_byte(0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68); - &data_byte(0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16); - - &data_byte(0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5); - &data_byte(0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76); - &data_byte(0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0); - &data_byte(0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0); - &data_byte(0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc); - &data_byte(0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15); - &data_byte(0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a); - &data_byte(0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75); - &data_byte(0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0); - &data_byte(0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84); - &data_byte(0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b); - &data_byte(0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf); - &data_byte(0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85); - &data_byte(0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8); - &data_byte(0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5); - &data_byte(0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2); - &data_byte(0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17); - &data_byte(0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73); - &data_byte(0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88); - &data_byte(0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb); - &data_byte(0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c); - &data_byte(0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79); - &data_byte(0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9); - &data_byte(0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08); - &data_byte(0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6); - &data_byte(0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a); - &data_byte(0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e); - &data_byte(0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e); - &data_byte(0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94); - &data_byte(0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf); - &data_byte(0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68); - &data_byte(0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16); - - &data_byte(0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5); - &data_byte(0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76); - &data_byte(0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0); - &data_byte(0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0); - &data_byte(0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc); - &data_byte(0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15); - &data_byte(0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a); - &data_byte(0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75); - &data_byte(0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0); - &data_byte(0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84); - &data_byte(0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b); - &data_byte(0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf); - &data_byte(0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85); - &data_byte(0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8); - &data_byte(0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5); - &data_byte(0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2); - &data_byte(0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17); - &data_byte(0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73); - &data_byte(0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88); - &data_byte(0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb); - &data_byte(0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c); - &data_byte(0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79); - &data_byte(0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9); - &data_byte(0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08); - &data_byte(0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6); - &data_byte(0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a); - &data_byte(0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e); - &data_byte(0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e); - &data_byte(0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94); - &data_byte(0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf); - &data_byte(0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68); - &data_byte(0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16); -#rcon: - &data_word(0x00000001, 0x00000002, 0x00000004, 0x00000008); - &data_word(0x00000010, 0x00000020, 0x00000040, 0x00000080); - &data_word(0x0000001b, 0x00000036, 0x00000000, 0x00000000); - &data_word(0x00000000, 0x00000000, 0x00000000, 0x00000000); -&function_end_B("_x86_AES_encrypt"); - -# void AES_encrypt (const void *inp,void *out,const AES_KEY *key); -&function_begin("AES_encrypt"); - &mov ($acc,&wparam(0)); # load inp - &mov ($key,&wparam(2)); # load key - - &mov ($s0,"esp"); - &sub ("esp",36); - &and ("esp",-64); # align to cache-line - - # place stack frame just "above" the key schedule - &lea ($s1,&DWP(-64-63,$key)); - &sub ($s1,"esp"); - &neg ($s1); - &and ($s1,0x3C0); # modulo 1024, but aligned to cache-line - &sub ("esp",$s1); - &add ("esp",4); # 4 is reserved for caller's return address - &mov ($_esp,$s0); # save stack pointer - - &call (&label("pic_point")); # make it PIC! - &set_label("pic_point"); - &blindpop($tbl); - &picmeup($s0,"OPENSSL_ia32cap_P",$tbl,&label("pic_point")) if (!$x86only); - &lea ($tbl,&DWP(&label("AES_Te")."-".&label("pic_point"),$tbl)); - - # pick Te4 copy which can't "overlap" with stack frame or key schedule - &lea ($s1,&DWP(768-4,"esp")); - &sub ($s1,$tbl); - &and ($s1,0x300); - &lea ($tbl,&DWP(2048+128,$tbl,$s1)); - - if (!$x86only) { - &bt (&DWP(0,$s0),25); # check for SSE bit - &jnc (&label("x86")); - - &movq ("mm0",&QWP(0,$acc)); - &movq ("mm4",&QWP(8,$acc)); - &call ("_sse_AES_encrypt_compact"); - &mov ("esp",$_esp); # restore stack pointer - &mov ($acc,&wparam(1)); # load out - &movq (&QWP(0,$acc),"mm0"); # write output data - &movq (&QWP(8,$acc),"mm4"); - &emms (); - &function_end_A(); - } - &set_label("x86",16); - &mov ($_tbl,$tbl); - &mov ($s0,&DWP(0,$acc)); # load input data - &mov ($s1,&DWP(4,$acc)); - &mov ($s2,&DWP(8,$acc)); - &mov ($s3,&DWP(12,$acc)); - &call ("_x86_AES_encrypt_compact"); - &mov ("esp",$_esp); # restore stack pointer - &mov ($acc,&wparam(1)); # load out - &mov (&DWP(0,$acc),$s0); # write output data - &mov (&DWP(4,$acc),$s1); - &mov (&DWP(8,$acc),$s2); - &mov (&DWP(12,$acc),$s3); -&function_end("AES_encrypt"); - -#--------------------------------------------------------------------# - -###################################################################### -# "Compact" block function -###################################################################### - -sub deccompact() -{ my $Fn = \&mov; - while ($#_>5) { pop(@_); $Fn=sub{}; } - my ($i,$td,@s)=@_; - my $tmp = $key; - my $out = $i==3?$s[0]:$acc; - - # $Fn is used in first compact round and its purpose is to - # void restoration of some values from stack, so that after - # 4xdeccompact with extra argument $key, $s0 and $s1 values - # are left there... - if($i==3) { &$Fn ($key,$__key); } - else { &mov ($out,$s[0]); } - &and ($out,0xFF); - &movz ($out,&BP(-128,$td,$out,1)); - - if ($i==3) { $tmp=$s[1]; } - &movz ($tmp,&HB($s[1])); - &movz ($tmp,&BP(-128,$td,$tmp,1)); - &shl ($tmp,8); - &xor ($out,$tmp); - - if ($i==3) { $tmp=$s[2]; &mov ($s[1],$acc); } - else { mov ($tmp,$s[2]); } - &shr ($tmp,16); - &and ($tmp,0xFF); - &movz ($tmp,&BP(-128,$td,$tmp,1)); - &shl ($tmp,16); - &xor ($out,$tmp); - - if ($i==3) { $tmp=$s[3]; &$Fn ($s[2],$__s1); } - else { &mov ($tmp,$s[3]); } - &shr ($tmp,24); - &movz ($tmp,&BP(-128,$td,$tmp,1)); - &shl ($tmp,24); - &xor ($out,$tmp); - if ($i<2) { &mov (&DWP(4+4*$i,"esp"),$out); } - if ($i==3) { &$Fn ($s[3],$__s0); } -} - -# must be called with 2,3,0,1 as argument sequence!!! -sub dectransform() -{ my @s = ($s0,$s1,$s2,$s3); - my $i = shift; - my $tmp = $key; - my $tp2 = @s[($i+2)%4]; $tp2 = @s[2] if ($i==1); - my $tp4 = @s[($i+3)%4]; $tp4 = @s[3] if ($i==1); - my $tp8 = $tbl; - - &mov ($tmp,0x80808080); - &and ($tmp,$s[$i]); - &mov ($acc,$tmp); - &shr ($tmp,7); - &lea ($tp2,&DWP(0,$s[$i],$s[$i])); - &sub ($acc,$tmp); - &and ($tp2,0xfefefefe); - &and ($acc,0x1b1b1b1b); - &xor ($tp2,$acc); - &mov ($tmp,0x80808080); - - &and ($tmp,$tp2); - &mov ($acc,$tmp); - &shr ($tmp,7); - &lea ($tp4,&DWP(0,$tp2,$tp2)); - &sub ($acc,$tmp); - &and ($tp4,0xfefefefe); - &and ($acc,0x1b1b1b1b); - &xor ($tp2,$s[$i]); # tp2^tp1 - &xor ($tp4,$acc); - &mov ($tmp,0x80808080); - - &and ($tmp,$tp4); - &mov ($acc,$tmp); - &shr ($tmp,7); - &lea ($tp8,&DWP(0,$tp4,$tp4)); - &sub ($acc,$tmp); - &and ($tp8,0xfefefefe); - &and ($acc,0x1b1b1b1b); - &xor ($tp4,$s[$i]); # tp4^tp1 - &rotl ($s[$i],8); # = ROTATE(tp1,8) - &xor ($tp8,$acc); - - &xor ($s[$i],$tp2); - &xor ($tp2,$tp8); - &xor ($s[$i],$tp4); - &xor ($tp4,$tp8); - &rotl ($tp2,24); - &xor ($s[$i],$tp8); # ^= tp8^(tp4^tp1)^(tp2^tp1) - &rotl ($tp4,16); - &xor ($s[$i],$tp2); # ^= ROTATE(tp8^tp2^tp1,24) - &rotl ($tp8,8); - &xor ($s[$i],$tp4); # ^= ROTATE(tp8^tp4^tp1,16) - &mov ($s[0],$__s0) if($i==2); #prefetch $s0 - &mov ($s[1],$__s1) if($i==3); #prefetch $s1 - &mov ($s[2],$__s2) if($i==1); - &xor ($s[$i],$tp8); # ^= ROTATE(tp8,8) - - &mov ($s[3],$__s3) if($i==1); - &mov (&DWP(4+4*$i,"esp"),$s[$i]) if($i>=2); -} - -&function_begin_B("_x86_AES_decrypt_compact"); - # note that caller is expected to allocate stack frame for me! - &mov ($__key,$key); # save key - - &xor ($s0,&DWP(0,$key)); # xor with key - &xor ($s1,&DWP(4,$key)); - &xor ($s2,&DWP(8,$key)); - &xor ($s3,&DWP(12,$key)); - - &mov ($acc,&DWP(240,$key)); # load key->rounds - - &lea ($acc,&DWP(-2,$acc,$acc)); - &lea ($acc,&DWP(0,$key,$acc,8)); - &mov ($__end,$acc); # end of key schedule - - # prefetch Td4 - &mov ($key,&DWP(0-128,$tbl)); - &mov ($acc,&DWP(32-128,$tbl)); - &mov ($key,&DWP(64-128,$tbl)); - &mov ($acc,&DWP(96-128,$tbl)); - &mov ($key,&DWP(128-128,$tbl)); - &mov ($acc,&DWP(160-128,$tbl)); - &mov ($key,&DWP(192-128,$tbl)); - &mov ($acc,&DWP(224-128,$tbl)); - - &set_label("loop",16); - - &deccompact(0,$tbl,$s0,$s3,$s2,$s1,1); - &deccompact(1,$tbl,$s1,$s0,$s3,$s2,1); - &deccompact(2,$tbl,$s2,$s1,$s0,$s3,1); - &deccompact(3,$tbl,$s3,$s2,$s1,$s0,1); - &dectransform(2); - &dectransform(3); - &dectransform(0); - &dectransform(1); - &mov ($key,$__key); - &mov ($tbl,$__tbl); - &add ($key,16); # advance rd_key - &xor ($s0,&DWP(0,$key)); - &xor ($s1,&DWP(4,$key)); - &xor ($s2,&DWP(8,$key)); - &xor ($s3,&DWP(12,$key)); - - &cmp ($key,$__end); - &mov ($__key,$key); - &jb (&label("loop")); - - &deccompact(0,$tbl,$s0,$s3,$s2,$s1); - &deccompact(1,$tbl,$s1,$s0,$s3,$s2); - &deccompact(2,$tbl,$s2,$s1,$s0,$s3); - &deccompact(3,$tbl,$s3,$s2,$s1,$s0); - - &xor ($s0,&DWP(16,$key)); - &xor ($s1,&DWP(20,$key)); - &xor ($s2,&DWP(24,$key)); - &xor ($s3,&DWP(28,$key)); - - &ret (); -&function_end_B("_x86_AES_decrypt_compact"); - -###################################################################### -# "Compact" SSE block function. -###################################################################### - -sub sse_deccompact() -{ - &pshufw ("mm1","mm0",0x0c); # 7, 6, 1, 0 - &pshufw ("mm5","mm4",0x09); # 13,12,11,10 - &movd ("eax","mm1"); # 7, 6, 1, 0 - &movd ("ebx","mm5"); # 13,12,11,10 - &mov ($__key,$key); - - &movz ($acc,&LB("eax")); # 0 - &movz ("edx",&HB("eax")); # 1 - &pshufw ("mm2","mm0",0x06); # 3, 2, 5, 4 - &movz ("ecx",&BP(-128,$tbl,$acc,1)); # 0 - &movz ($key,&LB("ebx")); # 10 - &movz ("edx",&BP(-128,$tbl,"edx",1)); # 1 - &shr ("eax",16); # 7, 6 - &shl ("edx",8); # 1 - - &movz ($acc,&BP(-128,$tbl,$key,1)); # 10 - &movz ($key,&HB("ebx")); # 11 - &shl ($acc,16); # 10 - &pshufw ("mm6","mm4",0x03); # 9, 8,15,14 - &or ("ecx",$acc); # 10 - &movz ($acc,&BP(-128,$tbl,$key,1)); # 11 - &movz ($key,&HB("eax")); # 7 - &shl ($acc,24); # 11 - &shr ("ebx",16); # 13,12 - &or ("edx",$acc); # 11 - - &movz ($acc,&BP(-128,$tbl,$key,1)); # 7 - &movz ($key,&HB("ebx")); # 13 - &shl ($acc,24); # 7 - &or ("ecx",$acc); # 7 - &movz ($acc,&BP(-128,$tbl,$key,1)); # 13 - &movz ($key,&LB("eax")); # 6 - &shl ($acc,8); # 13 - &movd ("eax","mm2"); # 3, 2, 5, 4 - &or ("ecx",$acc); # 13 - - &movz ($acc,&BP(-128,$tbl,$key,1)); # 6 - &movz ($key,&LB("ebx")); # 12 - &shl ($acc,16); # 6 - &movd ("ebx","mm6"); # 9, 8,15,14 - &movd ("mm0","ecx"); # t[0] collected - &movz ("ecx",&BP(-128,$tbl,$key,1)); # 12 - &movz ($key,&LB("eax")); # 4 - &or ("ecx",$acc); # 12 - - &movz ($acc,&BP(-128,$tbl,$key,1)); # 4 - &movz ($key,&LB("ebx")); # 14 - &or ("edx",$acc); # 4 - &movz ($acc,&BP(-128,$tbl,$key,1)); # 14 - &movz ($key,&HB("eax")); # 5 - &shl ($acc,16); # 14 - &shr ("eax",16); # 3, 2 - &or ("edx",$acc); # 14 - - &movz ($acc,&BP(-128,$tbl,$key,1)); # 5 - &movz ($key,&HB("ebx")); # 15 - &shr ("ebx",16); # 9, 8 - &shl ($acc,8); # 5 - &movd ("mm1","edx"); # t[1] collected - &movz ("edx",&BP(-128,$tbl,$key,1)); # 15 - &movz ($key,&HB("ebx")); # 9 - &shl ("edx",24); # 15 - &and ("ebx",0xff); # 8 - &or ("edx",$acc); # 15 - - &punpckldq ("mm0","mm1"); # t[0,1] collected - - &movz ($acc,&BP(-128,$tbl,$key,1)); # 9 - &movz ($key,&LB("eax")); # 2 - &shl ($acc,8); # 9 - &movz ("eax",&HB("eax")); # 3 - &movz ("ebx",&BP(-128,$tbl,"ebx",1)); # 8 - &or ("ecx",$acc); # 9 - &movz ($acc,&BP(-128,$tbl,$key,1)); # 2 - &or ("edx","ebx"); # 8 - &shl ($acc,16); # 2 - &movz ("eax",&BP(-128,$tbl,"eax",1)); # 3 - &or ("edx",$acc); # 2 - &shl ("eax",24); # 3 - &or ("ecx","eax"); # 3 - &mov ($key,$__key); - &movd ("mm4","edx"); # t[2] collected - &movd ("mm5","ecx"); # t[3] collected - - &punpckldq ("mm4","mm5"); # t[2,3] collected -} - - if (!$x86only) { -&function_begin_B("_sse_AES_decrypt_compact"); - &pxor ("mm0",&QWP(0,$key)); # 7, 6, 5, 4, 3, 2, 1, 0 - &pxor ("mm4",&QWP(8,$key)); # 15,14,13,12,11,10, 9, 8 - - # note that caller is expected to allocate stack frame for me! - &mov ($acc,&DWP(240,$key)); # load key->rounds - &lea ($acc,&DWP(-2,$acc,$acc)); - &lea ($acc,&DWP(0,$key,$acc,8)); - &mov ($__end,$acc); # end of key schedule - - &mov ($s0,0x1b1b1b1b); # magic constant - &mov (&DWP(8,"esp"),$s0); - &mov (&DWP(12,"esp"),$s0); - - # prefetch Td4 - &mov ($s0,&DWP(0-128,$tbl)); - &mov ($s1,&DWP(32-128,$tbl)); - &mov ($s2,&DWP(64-128,$tbl)); - &mov ($s3,&DWP(96-128,$tbl)); - &mov ($s0,&DWP(128-128,$tbl)); - &mov ($s1,&DWP(160-128,$tbl)); - &mov ($s2,&DWP(192-128,$tbl)); - &mov ($s3,&DWP(224-128,$tbl)); - - &set_label("loop",16); - &sse_deccompact(); - &add ($key,16); - &cmp ($key,$__end); - &ja (&label("out")); - - # ROTATE(x^y,N) == ROTATE(x,N)^ROTATE(y,N) - &movq ("mm3","mm0"); &movq ("mm7","mm4"); - &movq ("mm2","mm0",1); &movq ("mm6","mm4",1); - &movq ("mm1","mm0"); &movq ("mm5","mm4"); - &pshufw ("mm0","mm0",0xb1); &pshufw ("mm4","mm4",0xb1);# = ROTATE(tp0,16) - &pslld ("mm2",8); &pslld ("mm6",8); - &psrld ("mm3",8); &psrld ("mm7",8); - &pxor ("mm0","mm2"); &pxor ("mm4","mm6"); # ^= tp0<<8 - &pxor ("mm0","mm3"); &pxor ("mm4","mm7"); # ^= tp0>>8 - &pslld ("mm2",16); &pslld ("mm6",16); - &psrld ("mm3",16); &psrld ("mm7",16); - &pxor ("mm0","mm2"); &pxor ("mm4","mm6"); # ^= tp0<<24 - &pxor ("mm0","mm3"); &pxor ("mm4","mm7"); # ^= tp0>>24 - - &movq ("mm3",&QWP(8,"esp")); - &pxor ("mm2","mm2"); &pxor ("mm6","mm6"); - &pcmpgtb("mm2","mm1"); &pcmpgtb("mm6","mm5"); - &pand ("mm2","mm3"); &pand ("mm6","mm3"); - &paddb ("mm1","mm1"); &paddb ("mm5","mm5"); - &pxor ("mm1","mm2"); &pxor ("mm5","mm6"); # tp2 - &movq ("mm3","mm1"); &movq ("mm7","mm5"); - &movq ("mm2","mm1"); &movq ("mm6","mm5"); - &pxor ("mm0","mm1"); &pxor ("mm4","mm5"); # ^= tp2 - &pslld ("mm3",24); &pslld ("mm7",24); - &psrld ("mm2",8); &psrld ("mm6",8); - &pxor ("mm0","mm3"); &pxor ("mm4","mm7"); # ^= tp2<<24 - &pxor ("mm0","mm2"); &pxor ("mm4","mm6"); # ^= tp2>>8 - - &movq ("mm2",&QWP(8,"esp")); - &pxor ("mm3","mm3"); &pxor ("mm7","mm7"); - &pcmpgtb("mm3","mm1"); &pcmpgtb("mm7","mm5"); - &pand ("mm3","mm2"); &pand ("mm7","mm2"); - &paddb ("mm1","mm1"); &paddb ("mm5","mm5"); - &pxor ("mm1","mm3"); &pxor ("mm5","mm7"); # tp4 - &pshufw ("mm3","mm1",0xb1); &pshufw ("mm7","mm5",0xb1); - &pxor ("mm0","mm1"); &pxor ("mm4","mm5"); # ^= tp4 - &pxor ("mm0","mm3"); &pxor ("mm4","mm7"); # ^= ROTATE(tp4,16) - - &pxor ("mm3","mm3"); &pxor ("mm7","mm7"); - &pcmpgtb("mm3","mm1"); &pcmpgtb("mm7","mm5"); - &pand ("mm3","mm2"); &pand ("mm7","mm2"); - &paddb ("mm1","mm1"); &paddb ("mm5","mm5"); - &pxor ("mm1","mm3"); &pxor ("mm5","mm7"); # tp8 - &pxor ("mm0","mm1"); &pxor ("mm4","mm5"); # ^= tp8 - &movq ("mm3","mm1"); &movq ("mm7","mm5"); - &pshufw ("mm2","mm1",0xb1); &pshufw ("mm6","mm5",0xb1); - &pxor ("mm0","mm2"); &pxor ("mm4","mm6"); # ^= ROTATE(tp8,16) - &pslld ("mm1",8); &pslld ("mm5",8); - &psrld ("mm3",8); &psrld ("mm7",8); - &movq ("mm2",&QWP(0,$key)); &movq ("mm6",&QWP(8,$key)); - &pxor ("mm0","mm1"); &pxor ("mm4","mm5"); # ^= tp8<<8 - &pxor ("mm0","mm3"); &pxor ("mm4","mm7"); # ^= tp8>>8 - &mov ($s0,&DWP(0-128,$tbl)); - &pslld ("mm1",16); &pslld ("mm5",16); - &mov ($s1,&DWP(64-128,$tbl)); - &psrld ("mm3",16); &psrld ("mm7",16); - &mov ($s2,&DWP(128-128,$tbl)); - &pxor ("mm0","mm1"); &pxor ("mm4","mm5"); # ^= tp8<<24 - &mov ($s3,&DWP(192-128,$tbl)); - &pxor ("mm0","mm3"); &pxor ("mm4","mm7"); # ^= tp8>>24 - - &pxor ("mm0","mm2"); &pxor ("mm4","mm6"); - &jmp (&label("loop")); - - &set_label("out",16); - &pxor ("mm0",&QWP(0,$key)); - &pxor ("mm4",&QWP(8,$key)); - - &ret (); -&function_end_B("_sse_AES_decrypt_compact"); - } - -###################################################################### -# Vanilla block function. -###################################################################### - -sub decstep() -{ my ($i,$td,@s) = @_; - my $tmp = $key; - my $out = $i==3?$s[0]:$acc; - - # no instructions are reordered, as performance appears - # optimal... or rather that all attempts to reorder didn't - # result in better performance [which by the way is not a - # bit lower than encryption]. - if($i==3) { &mov ($key,$__key); } - else { &mov ($out,$s[0]); } - &and ($out,0xFF); - &mov ($out,&DWP(0,$td,$out,8)); - - if ($i==3) { $tmp=$s[1]; } - &movz ($tmp,&HB($s[1])); - &xor ($out,&DWP(3,$td,$tmp,8)); - - if ($i==3) { $tmp=$s[2]; &mov ($s[1],$acc); } - else { &mov ($tmp,$s[2]); } - &shr ($tmp,16); - &and ($tmp,0xFF); - &xor ($out,&DWP(2,$td,$tmp,8)); - - if ($i==3) { $tmp=$s[3]; &mov ($s[2],$__s1); } - else { &mov ($tmp,$s[3]); } - &shr ($tmp,24); - &xor ($out,&DWP(1,$td,$tmp,8)); - if ($i<2) { &mov (&DWP(4+4*$i,"esp"),$out); } - if ($i==3) { &mov ($s[3],$__s0); } - &comment(); -} - -sub declast() -{ my ($i,$td,@s)=@_; - my $tmp = $key; - my $out = $i==3?$s[0]:$acc; - - if($i==0) { &lea ($td,&DWP(2048+128,$td)); - &mov ($tmp,&DWP(0-128,$td)); - &mov ($acc,&DWP(32-128,$td)); - &mov ($tmp,&DWP(64-128,$td)); - &mov ($acc,&DWP(96-128,$td)); - &mov ($tmp,&DWP(128-128,$td)); - &mov ($acc,&DWP(160-128,$td)); - &mov ($tmp,&DWP(192-128,$td)); - &mov ($acc,&DWP(224-128,$td)); - &lea ($td,&DWP(-128,$td)); } - if($i==3) { &mov ($key,$__key); } - else { &mov ($out,$s[0]); } - &and ($out,0xFF); - &movz ($out,&BP(0,$td,$out,1)); - - if ($i==3) { $tmp=$s[1]; } - &movz ($tmp,&HB($s[1])); - &movz ($tmp,&BP(0,$td,$tmp,1)); - &shl ($tmp,8); - &xor ($out,$tmp); - - if ($i==3) { $tmp=$s[2]; &mov ($s[1],$acc); } - else { mov ($tmp,$s[2]); } - &shr ($tmp,16); - &and ($tmp,0xFF); - &movz ($tmp,&BP(0,$td,$tmp,1)); - &shl ($tmp,16); - &xor ($out,$tmp); - - if ($i==3) { $tmp=$s[3]; &mov ($s[2],$__s1); } - else { &mov ($tmp,$s[3]); } - &shr ($tmp,24); - &movz ($tmp,&BP(0,$td,$tmp,1)); - &shl ($tmp,24); - &xor ($out,$tmp); - if ($i<2) { &mov (&DWP(4+4*$i,"esp"),$out); } - if ($i==3) { &mov ($s[3],$__s0); - &lea ($td,&DWP(-2048,$td)); } -} - -&function_begin_B("_x86_AES_decrypt"); - # note that caller is expected to allocate stack frame for me! - &mov ($__key,$key); # save key - - &xor ($s0,&DWP(0,$key)); # xor with key - &xor ($s1,&DWP(4,$key)); - &xor ($s2,&DWP(8,$key)); - &xor ($s3,&DWP(12,$key)); - - &mov ($acc,&DWP(240,$key)); # load key->rounds - - if ($small_footprint) { - &lea ($acc,&DWP(-2,$acc,$acc)); - &lea ($acc,&DWP(0,$key,$acc,8)); - &mov ($__end,$acc); # end of key schedule - &set_label("loop",16); - &decstep(0,$tbl,$s0,$s3,$s2,$s1); - &decstep(1,$tbl,$s1,$s0,$s3,$s2); - &decstep(2,$tbl,$s2,$s1,$s0,$s3); - &decstep(3,$tbl,$s3,$s2,$s1,$s0); - &add ($key,16); # advance rd_key - &xor ($s0,&DWP(0,$key)); - &xor ($s1,&DWP(4,$key)); - &xor ($s2,&DWP(8,$key)); - &xor ($s3,&DWP(12,$key)); - &cmp ($key,$__end); - &mov ($__key,$key); - &jb (&label("loop")); - } - else { - &cmp ($acc,10); - &jle (&label("10rounds")); - &cmp ($acc,12); - &jle (&label("12rounds")); - - &set_label("14rounds",4); - for ($i=1;$i<3;$i++) { - &decstep(0,$tbl,$s0,$s3,$s2,$s1); - &decstep(1,$tbl,$s1,$s0,$s3,$s2); - &decstep(2,$tbl,$s2,$s1,$s0,$s3); - &decstep(3,$tbl,$s3,$s2,$s1,$s0); - &xor ($s0,&DWP(16*$i+0,$key)); - &xor ($s1,&DWP(16*$i+4,$key)); - &xor ($s2,&DWP(16*$i+8,$key)); - &xor ($s3,&DWP(16*$i+12,$key)); - } - &add ($key,32); - &mov ($__key,$key); # advance rd_key - &set_label("12rounds",4); - for ($i=1;$i<3;$i++) { - &decstep(0,$tbl,$s0,$s3,$s2,$s1); - &decstep(1,$tbl,$s1,$s0,$s3,$s2); - &decstep(2,$tbl,$s2,$s1,$s0,$s3); - &decstep(3,$tbl,$s3,$s2,$s1,$s0); - &xor ($s0,&DWP(16*$i+0,$key)); - &xor ($s1,&DWP(16*$i+4,$key)); - &xor ($s2,&DWP(16*$i+8,$key)); - &xor ($s3,&DWP(16*$i+12,$key)); - } - &add ($key,32); - &mov ($__key,$key); # advance rd_key - &set_label("10rounds",4); - for ($i=1;$i<10;$i++) { - &decstep(0,$tbl,$s0,$s3,$s2,$s1); - &decstep(1,$tbl,$s1,$s0,$s3,$s2); - &decstep(2,$tbl,$s2,$s1,$s0,$s3); - &decstep(3,$tbl,$s3,$s2,$s1,$s0); - &xor ($s0,&DWP(16*$i+0,$key)); - &xor ($s1,&DWP(16*$i+4,$key)); - &xor ($s2,&DWP(16*$i+8,$key)); - &xor ($s3,&DWP(16*$i+12,$key)); - } - } - - &declast(0,$tbl,$s0,$s3,$s2,$s1); - &declast(1,$tbl,$s1,$s0,$s3,$s2); - &declast(2,$tbl,$s2,$s1,$s0,$s3); - &declast(3,$tbl,$s3,$s2,$s1,$s0); - - &add ($key,$small_footprint?16:160); - &xor ($s0,&DWP(0,$key)); - &xor ($s1,&DWP(4,$key)); - &xor ($s2,&DWP(8,$key)); - &xor ($s3,&DWP(12,$key)); - - &ret (); - -&set_label("AES_Td",64); # Yes! I keep it in the code segment! - &_data_word(0x50a7f451, 0x5365417e, 0xc3a4171a, 0x965e273a); - &_data_word(0xcb6bab3b, 0xf1459d1f, 0xab58faac, 0x9303e34b); - &_data_word(0x55fa3020, 0xf66d76ad, 0x9176cc88, 0x254c02f5); - &_data_word(0xfcd7e54f, 0xd7cb2ac5, 0x80443526, 0x8fa362b5); - &_data_word(0x495ab1de, 0x671bba25, 0x980eea45, 0xe1c0fe5d); - &_data_word(0x02752fc3, 0x12f04c81, 0xa397468d, 0xc6f9d36b); - &_data_word(0xe75f8f03, 0x959c9215, 0xeb7a6dbf, 0xda595295); - &_data_word(0x2d83bed4, 0xd3217458, 0x2969e049, 0x44c8c98e); - &_data_word(0x6a89c275, 0x78798ef4, 0x6b3e5899, 0xdd71b927); - &_data_word(0xb64fe1be, 0x17ad88f0, 0x66ac20c9, 0xb43ace7d); - &_data_word(0x184adf63, 0x82311ae5, 0x60335197, 0x457f5362); - &_data_word(0xe07764b1, 0x84ae6bbb, 0x1ca081fe, 0x942b08f9); - &_data_word(0x58684870, 0x19fd458f, 0x876cde94, 0xb7f87b52); - &_data_word(0x23d373ab, 0xe2024b72, 0x578f1fe3, 0x2aab5566); - &_data_word(0x0728ebb2, 0x03c2b52f, 0x9a7bc586, 0xa50837d3); - &_data_word(0xf2872830, 0xb2a5bf23, 0xba6a0302, 0x5c8216ed); - &_data_word(0x2b1ccf8a, 0x92b479a7, 0xf0f207f3, 0xa1e2694e); - &_data_word(0xcdf4da65, 0xd5be0506, 0x1f6234d1, 0x8afea6c4); - &_data_word(0x9d532e34, 0xa055f3a2, 0x32e18a05, 0x75ebf6a4); - &_data_word(0x39ec830b, 0xaaef6040, 0x069f715e, 0x51106ebd); - &_data_word(0xf98a213e, 0x3d06dd96, 0xae053edd, 0x46bde64d); - &_data_word(0xb58d5491, 0x055dc471, 0x6fd40604, 0xff155060); - &_data_word(0x24fb9819, 0x97e9bdd6, 0xcc434089, 0x779ed967); - &_data_word(0xbd42e8b0, 0x888b8907, 0x385b19e7, 0xdbeec879); - &_data_word(0x470a7ca1, 0xe90f427c, 0xc91e84f8, 0x00000000); - &_data_word(0x83868009, 0x48ed2b32, 0xac70111e, 0x4e725a6c); - &_data_word(0xfbff0efd, 0x5638850f, 0x1ed5ae3d, 0x27392d36); - &_data_word(0x64d90f0a, 0x21a65c68, 0xd1545b9b, 0x3a2e3624); - &_data_word(0xb1670a0c, 0x0fe75793, 0xd296eeb4, 0x9e919b1b); - &_data_word(0x4fc5c080, 0xa220dc61, 0x694b775a, 0x161a121c); - &_data_word(0x0aba93e2, 0xe52aa0c0, 0x43e0223c, 0x1d171b12); - &_data_word(0x0b0d090e, 0xadc78bf2, 0xb9a8b62d, 0xc8a91e14); - &_data_word(0x8519f157, 0x4c0775af, 0xbbdd99ee, 0xfd607fa3); - &_data_word(0x9f2601f7, 0xbcf5725c, 0xc53b6644, 0x347efb5b); - &_data_word(0x7629438b, 0xdcc623cb, 0x68fcedb6, 0x63f1e4b8); - &_data_word(0xcadc31d7, 0x10856342, 0x40229713, 0x2011c684); - &_data_word(0x7d244a85, 0xf83dbbd2, 0x1132f9ae, 0x6da129c7); - &_data_word(0x4b2f9e1d, 0xf330b2dc, 0xec52860d, 0xd0e3c177); - &_data_word(0x6c16b32b, 0x99b970a9, 0xfa489411, 0x2264e947); - &_data_word(0xc48cfca8, 0x1a3ff0a0, 0xd82c7d56, 0xef903322); - &_data_word(0xc74e4987, 0xc1d138d9, 0xfea2ca8c, 0x360bd498); - &_data_word(0xcf81f5a6, 0x28de7aa5, 0x268eb7da, 0xa4bfad3f); - &_data_word(0xe49d3a2c, 0x0d927850, 0x9bcc5f6a, 0x62467e54); - &_data_word(0xc2138df6, 0xe8b8d890, 0x5ef7392e, 0xf5afc382); - &_data_word(0xbe805d9f, 0x7c93d069, 0xa92dd56f, 0xb31225cf); - &_data_word(0x3b99acc8, 0xa77d1810, 0x6e639ce8, 0x7bbb3bdb); - &_data_word(0x097826cd, 0xf418596e, 0x01b79aec, 0xa89a4f83); - &_data_word(0x656e95e6, 0x7ee6ffaa, 0x08cfbc21, 0xe6e815ef); - &_data_word(0xd99be7ba, 0xce366f4a, 0xd4099fea, 0xd67cb029); - &_data_word(0xafb2a431, 0x31233f2a, 0x3094a5c6, 0xc066a235); - &_data_word(0x37bc4e74, 0xa6ca82fc, 0xb0d090e0, 0x15d8a733); - &_data_word(0x4a9804f1, 0xf7daec41, 0x0e50cd7f, 0x2ff69117); - &_data_word(0x8dd64d76, 0x4db0ef43, 0x544daacc, 0xdf0496e4); - &_data_word(0xe3b5d19e, 0x1b886a4c, 0xb81f2cc1, 0x7f516546); - &_data_word(0x04ea5e9d, 0x5d358c01, 0x737487fa, 0x2e410bfb); - &_data_word(0x5a1d67b3, 0x52d2db92, 0x335610e9, 0x1347d66d); - &_data_word(0x8c61d79a, 0x7a0ca137, 0x8e14f859, 0x893c13eb); - &_data_word(0xee27a9ce, 0x35c961b7, 0xede51ce1, 0x3cb1477a); - &_data_word(0x59dfd29c, 0x3f73f255, 0x79ce1418, 0xbf37c773); - &_data_word(0xeacdf753, 0x5baafd5f, 0x146f3ddf, 0x86db4478); - &_data_word(0x81f3afca, 0x3ec468b9, 0x2c342438, 0x5f40a3c2); - &_data_word(0x72c31d16, 0x0c25e2bc, 0x8b493c28, 0x41950dff); - &_data_word(0x7101a839, 0xdeb30c08, 0x9ce4b4d8, 0x90c15664); - &_data_word(0x6184cb7b, 0x70b632d5, 0x745c6c48, 0x4257b8d0); - -#Td4: # four copies of Td4 to choose from to avoid L1 aliasing - &data_byte(0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38); - &data_byte(0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb); - &data_byte(0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87); - &data_byte(0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb); - &data_byte(0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d); - &data_byte(0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e); - &data_byte(0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2); - &data_byte(0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25); - &data_byte(0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16); - &data_byte(0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92); - &data_byte(0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda); - &data_byte(0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84); - &data_byte(0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a); - &data_byte(0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06); - &data_byte(0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02); - &data_byte(0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b); - &data_byte(0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea); - &data_byte(0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73); - &data_byte(0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85); - &data_byte(0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e); - &data_byte(0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89); - &data_byte(0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b); - &data_byte(0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20); - &data_byte(0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4); - &data_byte(0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31); - &data_byte(0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f); - &data_byte(0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d); - &data_byte(0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef); - &data_byte(0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0); - &data_byte(0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61); - &data_byte(0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26); - &data_byte(0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d); - - &data_byte(0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38); - &data_byte(0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb); - &data_byte(0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87); - &data_byte(0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb); - &data_byte(0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d); - &data_byte(0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e); - &data_byte(0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2); - &data_byte(0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25); - &data_byte(0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16); - &data_byte(0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92); - &data_byte(0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda); - &data_byte(0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84); - &data_byte(0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a); - &data_byte(0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06); - &data_byte(0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02); - &data_byte(0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b); - &data_byte(0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea); - &data_byte(0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73); - &data_byte(0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85); - &data_byte(0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e); - &data_byte(0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89); - &data_byte(0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b); - &data_byte(0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20); - &data_byte(0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4); - &data_byte(0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31); - &data_byte(0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f); - &data_byte(0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d); - &data_byte(0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef); - &data_byte(0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0); - &data_byte(0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61); - &data_byte(0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26); - &data_byte(0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d); - - &data_byte(0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38); - &data_byte(0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb); - &data_byte(0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87); - &data_byte(0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb); - &data_byte(0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d); - &data_byte(0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e); - &data_byte(0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2); - &data_byte(0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25); - &data_byte(0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16); - &data_byte(0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92); - &data_byte(0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda); - &data_byte(0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84); - &data_byte(0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a); - &data_byte(0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06); - &data_byte(0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02); - &data_byte(0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b); - &data_byte(0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea); - &data_byte(0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73); - &data_byte(0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85); - &data_byte(0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e); - &data_byte(0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89); - &data_byte(0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b); - &data_byte(0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20); - &data_byte(0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4); - &data_byte(0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31); - &data_byte(0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f); - &data_byte(0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d); - &data_byte(0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef); - &data_byte(0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0); - &data_byte(0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61); - &data_byte(0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26); - &data_byte(0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d); - - &data_byte(0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38); - &data_byte(0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb); - &data_byte(0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87); - &data_byte(0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb); - &data_byte(0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d); - &data_byte(0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e); - &data_byte(0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2); - &data_byte(0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25); - &data_byte(0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16); - &data_byte(0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92); - &data_byte(0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda); - &data_byte(0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84); - &data_byte(0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a); - &data_byte(0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06); - &data_byte(0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02); - &data_byte(0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b); - &data_byte(0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea); - &data_byte(0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73); - &data_byte(0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85); - &data_byte(0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e); - &data_byte(0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89); - &data_byte(0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b); - &data_byte(0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20); - &data_byte(0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4); - &data_byte(0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31); - &data_byte(0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f); - &data_byte(0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d); - &data_byte(0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef); - &data_byte(0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0); - &data_byte(0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61); - &data_byte(0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26); - &data_byte(0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d); -&function_end_B("_x86_AES_decrypt"); - -# void AES_decrypt (const void *inp,void *out,const AES_KEY *key); -&function_begin("AES_decrypt"); - &mov ($acc,&wparam(0)); # load inp - &mov ($key,&wparam(2)); # load key - - &mov ($s0,"esp"); - &sub ("esp",36); - &and ("esp",-64); # align to cache-line - - # place stack frame just "above" the key schedule - &lea ($s1,&DWP(-64-63,$key)); - &sub ($s1,"esp"); - &neg ($s1); - &and ($s1,0x3C0); # modulo 1024, but aligned to cache-line - &sub ("esp",$s1); - &add ("esp",4); # 4 is reserved for caller's return address - &mov ($_esp,$s0); # save stack pointer - - &call (&label("pic_point")); # make it PIC! - &set_label("pic_point"); - &blindpop($tbl); - &picmeup($s0,"OPENSSL_ia32cap_P",$tbl,&label("pic_point")) if(!$x86only); - &lea ($tbl,&DWP(&label("AES_Td")."-".&label("pic_point"),$tbl)); - - # pick Td4 copy which can't "overlap" with stack frame or key schedule - &lea ($s1,&DWP(768-4,"esp")); - &sub ($s1,$tbl); - &and ($s1,0x300); - &lea ($tbl,&DWP(2048+128,$tbl,$s1)); - - if (!$x86only) { - &bt (&DWP(0,$s0),25); # check for SSE bit - &jnc (&label("x86")); - - &movq ("mm0",&QWP(0,$acc)); - &movq ("mm4",&QWP(8,$acc)); - &call ("_sse_AES_decrypt_compact"); - &mov ("esp",$_esp); # restore stack pointer - &mov ($acc,&wparam(1)); # load out - &movq (&QWP(0,$acc),"mm0"); # write output data - &movq (&QWP(8,$acc),"mm4"); - &emms (); - &function_end_A(); - } - &set_label("x86",16); - &mov ($_tbl,$tbl); - &mov ($s0,&DWP(0,$acc)); # load input data - &mov ($s1,&DWP(4,$acc)); - &mov ($s2,&DWP(8,$acc)); - &mov ($s3,&DWP(12,$acc)); - &call ("_x86_AES_decrypt_compact"); - &mov ("esp",$_esp); # restore stack pointer - &mov ($acc,&wparam(1)); # load out - &mov (&DWP(0,$acc),$s0); # write output data - &mov (&DWP(4,$acc),$s1); - &mov (&DWP(8,$acc),$s2); - &mov (&DWP(12,$acc),$s3); -&function_end("AES_decrypt"); - -# void AES_cbc_encrypt (const void char *inp, unsigned char *out, -# size_t length, const AES_KEY *key, -# unsigned char *ivp,const int enc); -{ -# stack frame layout -# -4(%esp) # return address 0(%esp) -# 0(%esp) # s0 backing store 4(%esp) -# 4(%esp) # s1 backing store 8(%esp) -# 8(%esp) # s2 backing store 12(%esp) -# 12(%esp) # s3 backing store 16(%esp) -# 16(%esp) # key backup 20(%esp) -# 20(%esp) # end of key schedule 24(%esp) -# 24(%esp) # %ebp backup 28(%esp) -# 28(%esp) # %esp backup -my $_inp=&DWP(32,"esp"); # copy of wparam(0) -my $_out=&DWP(36,"esp"); # copy of wparam(1) -my $_len=&DWP(40,"esp"); # copy of wparam(2) -my $_key=&DWP(44,"esp"); # copy of wparam(3) -my $_ivp=&DWP(48,"esp"); # copy of wparam(4) -my $_tmp=&DWP(52,"esp"); # volatile variable -# -my $ivec=&DWP(60,"esp"); # ivec[16] -my $aes_key=&DWP(76,"esp"); # copy of aes_key -my $mark=&DWP(76+240,"esp"); # copy of aes_key->rounds - -&function_begin("AES_cbc_encrypt"); - &mov ($s2 eq "ecx"? $s2 : "",&wparam(2)); # load len - &cmp ($s2,0); - &je (&label("drop_out")); - - &call (&label("pic_point")); # make it PIC! - &set_label("pic_point"); - &blindpop($tbl); - &picmeup($s0,"OPENSSL_ia32cap_P",$tbl,&label("pic_point")) if(!$x86only); - - &cmp (&wparam(5),0); - &lea ($tbl,&DWP(&label("AES_Te")."-".&label("pic_point"),$tbl)); - &jne (&label("picked_te")); - &lea ($tbl,&DWP(&label("AES_Td")."-".&label("AES_Te"),$tbl)); - &set_label("picked_te"); - - # one can argue if this is required - &pushf (); - &cld (); - - &cmp ($s2,$speed_limit); - &jb (&label("slow_way")); - &test ($s2,15); - &jnz (&label("slow_way")); - if (!$x86only) { - &bt (&DWP(0,$s0),28); # check for hyper-threading bit - &jc (&label("slow_way")); - } - # pre-allocate aligned stack frame... - &lea ($acc,&DWP(-80-244,"esp")); - &and ($acc,-64); - - # ... and make sure it doesn't alias with $tbl modulo 4096 - &mov ($s0,$tbl); - &lea ($s1,&DWP(2048+256,$tbl)); - &mov ($s3,$acc); - &and ($s0,0xfff); # s = %ebp&0xfff - &and ($s1,0xfff); # e = (%ebp+2048+256)&0xfff - &and ($s3,0xfff); # p = %esp&0xfff - - &cmp ($s3,$s1); # if (p>=e) %esp =- (p-e); - &jb (&label("tbl_break_out")); - &sub ($s3,$s1); - &sub ($acc,$s3); - &jmp (&label("tbl_ok")); - &set_label("tbl_break_out",4); # else %esp -= (p-s)&0xfff + framesz; - &sub ($s3,$s0); - &and ($s3,0xfff); - &add ($s3,384); - &sub ($acc,$s3); - &set_label("tbl_ok",4); - - &lea ($s3,&wparam(0)); # obtain pointer to parameter block - &exch ("esp",$acc); # allocate stack frame - &add ("esp",4); # reserve for return address! - &mov ($_tbl,$tbl); # save %ebp - &mov ($_esp,$acc); # save %esp - - &mov ($s0,&DWP(0,$s3)); # load inp - &mov ($s1,&DWP(4,$s3)); # load out - #&mov ($s2,&DWP(8,$s3)); # load len - &mov ($key,&DWP(12,$s3)); # load key - &mov ($acc,&DWP(16,$s3)); # load ivp - &mov ($s3,&DWP(20,$s3)); # load enc flag - - &mov ($_inp,$s0); # save copy of inp - &mov ($_out,$s1); # save copy of out - &mov ($_len,$s2); # save copy of len - &mov ($_key,$key); # save copy of key - &mov ($_ivp,$acc); # save copy of ivp - - &mov ($mark,0); # copy of aes_key->rounds = 0; - # do we copy key schedule to stack? - &mov ($s1 eq "ebx" ? $s1 : "",$key); - &mov ($s2 eq "ecx" ? $s2 : "",244/4); - &sub ($s1,$tbl); - &mov ("esi",$key); - &and ($s1,0xfff); - &lea ("edi",$aes_key); - &cmp ($s1,2048+256); - &jb (&label("do_copy")); - &cmp ($s1,4096-244); - &jb (&label("skip_copy")); - &set_label("do_copy",4); - &mov ($_key,"edi"); - &data_word(0xA5F3F689); # rep movsd - &set_label("skip_copy"); - - &mov ($key,16); - &set_label("prefetch_tbl",4); - &mov ($s0,&DWP(0,$tbl)); - &mov ($s1,&DWP(32,$tbl)); - &mov ($s2,&DWP(64,$tbl)); - &mov ($acc,&DWP(96,$tbl)); - &lea ($tbl,&DWP(128,$tbl)); - &sub ($key,1); - &jnz (&label("prefetch_tbl")); - &sub ($tbl,2048); - - &mov ($acc,$_inp); - &mov ($key,$_ivp); - - &cmp ($s3,0); - &je (&label("fast_decrypt")); - -#----------------------------- ENCRYPT -----------------------------# - &mov ($s0,&DWP(0,$key)); # load iv - &mov ($s1,&DWP(4,$key)); - - &set_label("fast_enc_loop",16); - &mov ($s2,&DWP(8,$key)); - &mov ($s3,&DWP(12,$key)); - - &xor ($s0,&DWP(0,$acc)); # xor input data - &xor ($s1,&DWP(4,$acc)); - &xor ($s2,&DWP(8,$acc)); - &xor ($s3,&DWP(12,$acc)); - - &mov ($key,$_key); # load key - &call ("_x86_AES_encrypt"); - - &mov ($acc,$_inp); # load inp - &mov ($key,$_out); # load out - - &mov (&DWP(0,$key),$s0); # save output data - &mov (&DWP(4,$key),$s1); - &mov (&DWP(8,$key),$s2); - &mov (&DWP(12,$key),$s3); - - &lea ($acc,&DWP(16,$acc)); # advance inp - &mov ($s2,$_len); # load len - &mov ($_inp,$acc); # save inp - &lea ($s3,&DWP(16,$key)); # advance out - &mov ($_out,$s3); # save out - &sub ($s2,16); # decrease len - &mov ($_len,$s2); # save len - &jnz (&label("fast_enc_loop")); - &mov ($acc,$_ivp); # load ivp - &mov ($s2,&DWP(8,$key)); # restore last 2 dwords - &mov ($s3,&DWP(12,$key)); - &mov (&DWP(0,$acc),$s0); # save ivec - &mov (&DWP(4,$acc),$s1); - &mov (&DWP(8,$acc),$s2); - &mov (&DWP(12,$acc),$s3); - - &cmp ($mark,0); # was the key schedule copied? - &mov ("edi",$_key); - &je (&label("skip_ezero")); - # zero copy of key schedule - &mov ("ecx",240/4); - &xor ("eax","eax"); - &align (4); - &data_word(0xABF3F689); # rep stosd - &set_label("skip_ezero"); - &mov ("esp",$_esp); - &popf (); - &set_label("drop_out"); - &function_end_A(); - &pushf (); # kludge, never executed - -#----------------------------- DECRYPT -----------------------------# -&set_label("fast_decrypt",16); - - &cmp ($acc,$_out); - &je (&label("fast_dec_in_place")); # in-place processing... - - &mov ($_tmp,$key); - - &align (4); - &set_label("fast_dec_loop",16); - &mov ($s0,&DWP(0,$acc)); # read input - &mov ($s1,&DWP(4,$acc)); - &mov ($s2,&DWP(8,$acc)); - &mov ($s3,&DWP(12,$acc)); - - &mov ($key,$_key); # load key - &call ("_x86_AES_decrypt"); - - &mov ($key,$_tmp); # load ivp - &mov ($acc,$_len); # load len - &xor ($s0,&DWP(0,$key)); # xor iv - &xor ($s1,&DWP(4,$key)); - &xor ($s2,&DWP(8,$key)); - &xor ($s3,&DWP(12,$key)); - - &mov ($key,$_out); # load out - &mov ($acc,$_inp); # load inp - - &mov (&DWP(0,$key),$s0); # write output - &mov (&DWP(4,$key),$s1); - &mov (&DWP(8,$key),$s2); - &mov (&DWP(12,$key),$s3); - - &mov ($s2,$_len); # load len - &mov ($_tmp,$acc); # save ivp - &lea ($acc,&DWP(16,$acc)); # advance inp - &mov ($_inp,$acc); # save inp - &lea ($key,&DWP(16,$key)); # advance out - &mov ($_out,$key); # save out - &sub ($s2,16); # decrease len - &mov ($_len,$s2); # save len - &jnz (&label("fast_dec_loop")); - &mov ($key,$_tmp); # load temp ivp - &mov ($acc,$_ivp); # load user ivp - &mov ($s0,&DWP(0,$key)); # load iv - &mov ($s1,&DWP(4,$key)); - &mov ($s2,&DWP(8,$key)); - &mov ($s3,&DWP(12,$key)); - &mov (&DWP(0,$acc),$s0); # copy back to user - &mov (&DWP(4,$acc),$s1); - &mov (&DWP(8,$acc),$s2); - &mov (&DWP(12,$acc),$s3); - &jmp (&label("fast_dec_out")); - - &set_label("fast_dec_in_place",16); - &set_label("fast_dec_in_place_loop"); - &mov ($s0,&DWP(0,$acc)); # read input - &mov ($s1,&DWP(4,$acc)); - &mov ($s2,&DWP(8,$acc)); - &mov ($s3,&DWP(12,$acc)); - - &lea ($key,$ivec); - &mov (&DWP(0,$key),$s0); # copy to temp - &mov (&DWP(4,$key),$s1); - &mov (&DWP(8,$key),$s2); - &mov (&DWP(12,$key),$s3); - - &mov ($key,$_key); # load key - &call ("_x86_AES_decrypt"); - - &mov ($key,$_ivp); # load ivp - &mov ($acc,$_out); # load out - &xor ($s0,&DWP(0,$key)); # xor iv - &xor ($s1,&DWP(4,$key)); - &xor ($s2,&DWP(8,$key)); - &xor ($s3,&DWP(12,$key)); - - &mov (&DWP(0,$acc),$s0); # write output - &mov (&DWP(4,$acc),$s1); - &mov (&DWP(8,$acc),$s2); - &mov (&DWP(12,$acc),$s3); - - &lea ($acc,&DWP(16,$acc)); # advance out - &mov ($_out,$acc); # save out - - &lea ($acc,$ivec); - &mov ($s0,&DWP(0,$acc)); # read temp - &mov ($s1,&DWP(4,$acc)); - &mov ($s2,&DWP(8,$acc)); - &mov ($s3,&DWP(12,$acc)); - - &mov (&DWP(0,$key),$s0); # copy iv - &mov (&DWP(4,$key),$s1); - &mov (&DWP(8,$key),$s2); - &mov (&DWP(12,$key),$s3); - - &mov ($acc,$_inp); # load inp - &mov ($s2,$_len); # load len - &lea ($acc,&DWP(16,$acc)); # advance inp - &mov ($_inp,$acc); # save inp - &sub ($s2,16); # decrease len - &mov ($_len,$s2); # save len - &jnz (&label("fast_dec_in_place_loop")); - - &set_label("fast_dec_out",4); - &cmp ($mark,0); # was the key schedule copied? - &mov ("edi",$_key); - &je (&label("skip_dzero")); - # zero copy of key schedule - &mov ("ecx",240/4); - &xor ("eax","eax"); - &align (4); - &data_word(0xABF3F689); # rep stosd - &set_label("skip_dzero"); - &mov ("esp",$_esp); - &popf (); - &function_end_A(); - &pushf (); # kludge, never executed - -#--------------------------- SLOW ROUTINE ---------------------------# -&set_label("slow_way",16); - - &mov ($s0,&DWP(0,$s0)) if (!$x86only);# load OPENSSL_ia32cap - &mov ($key,&wparam(3)); # load key - - # pre-allocate aligned stack frame... - &lea ($acc,&DWP(-80,"esp")); - &and ($acc,-64); - - # ... and make sure it doesn't alias with $key modulo 1024 - &lea ($s1,&DWP(-80-63,$key)); - &sub ($s1,$acc); - &neg ($s1); - &and ($s1,0x3C0); # modulo 1024, but aligned to cache-line - &sub ($acc,$s1); - - # pick S-box copy which can't overlap with stack frame or $key - &lea ($s1,&DWP(768,$acc)); - &sub ($s1,$tbl); - &and ($s1,0x300); - &lea ($tbl,&DWP(2048+128,$tbl,$s1)); - - &lea ($s3,&wparam(0)); # pointer to parameter block - - &exch ("esp",$acc); - &add ("esp",4); # reserve for return address! - &mov ($_tbl,$tbl); # save %ebp - &mov ($_esp,$acc); # save %esp - &mov ($_tmp,$s0); # save OPENSSL_ia32cap - - &mov ($s0,&DWP(0,$s3)); # load inp - &mov ($s1,&DWP(4,$s3)); # load out - #&mov ($s2,&DWP(8,$s3)); # load len - #&mov ($key,&DWP(12,$s3)); # load key - &mov ($acc,&DWP(16,$s3)); # load ivp - &mov ($s3,&DWP(20,$s3)); # load enc flag - - &mov ($_inp,$s0); # save copy of inp - &mov ($_out,$s1); # save copy of out - &mov ($_len,$s2); # save copy of len - &mov ($_key,$key); # save copy of key - &mov ($_ivp,$acc); # save copy of ivp - - &mov ($key,$acc); - &mov ($acc,$s0); - - &cmp ($s3,0); - &je (&label("slow_decrypt")); - -#--------------------------- SLOW ENCRYPT ---------------------------# - &cmp ($s2,16); - &mov ($s3,$s1); - &jb (&label("slow_enc_tail")); - - if (!$x86only) { - &bt ($_tmp,25); # check for SSE bit - &jnc (&label("slow_enc_x86")); - - &movq ("mm0",&QWP(0,$key)); # load iv - &movq ("mm4",&QWP(8,$key)); - - &set_label("slow_enc_loop_sse",16); - &pxor ("mm0",&QWP(0,$acc)); # xor input data - &pxor ("mm4",&QWP(8,$acc)); - - &mov ($key,$_key); - &call ("_sse_AES_encrypt_compact"); - - &mov ($acc,$_inp); # load inp - &mov ($key,$_out); # load out - &mov ($s2,$_len); # load len - - &movq (&QWP(0,$key),"mm0"); # save output data - &movq (&QWP(8,$key),"mm4"); - - &lea ($acc,&DWP(16,$acc)); # advance inp - &mov ($_inp,$acc); # save inp - &lea ($s3,&DWP(16,$key)); # advance out - &mov ($_out,$s3); # save out - &sub ($s2,16); # decrease len - &cmp ($s2,16); - &mov ($_len,$s2); # save len - &jae (&label("slow_enc_loop_sse")); - &test ($s2,15); - &jnz (&label("slow_enc_tail")); - &mov ($acc,$_ivp); # load ivp - &movq (&QWP(0,$acc),"mm0"); # save ivec - &movq (&QWP(8,$acc),"mm4"); - &emms (); - &mov ("esp",$_esp); - &popf (); - &function_end_A(); - &pushf (); # kludge, never executed - } - &set_label("slow_enc_x86",16); - &mov ($s0,&DWP(0,$key)); # load iv - &mov ($s1,&DWP(4,$key)); - - &set_label("slow_enc_loop_x86",4); - &mov ($s2,&DWP(8,$key)); - &mov ($s3,&DWP(12,$key)); - - &xor ($s0,&DWP(0,$acc)); # xor input data - &xor ($s1,&DWP(4,$acc)); - &xor ($s2,&DWP(8,$acc)); - &xor ($s3,&DWP(12,$acc)); - - &mov ($key,$_key); # load key - &call ("_x86_AES_encrypt_compact"); - - &mov ($acc,$_inp); # load inp - &mov ($key,$_out); # load out - - &mov (&DWP(0,$key),$s0); # save output data - &mov (&DWP(4,$key),$s1); - &mov (&DWP(8,$key),$s2); - &mov (&DWP(12,$key),$s3); - - &mov ($s2,$_len); # load len - &lea ($acc,&DWP(16,$acc)); # advance inp - &mov ($_inp,$acc); # save inp - &lea ($s3,&DWP(16,$key)); # advance out - &mov ($_out,$s3); # save out - &sub ($s2,16); # decrease len - &cmp ($s2,16); - &mov ($_len,$s2); # save len - &jae (&label("slow_enc_loop_x86")); - &test ($s2,15); - &jnz (&label("slow_enc_tail")); - &mov ($acc,$_ivp); # load ivp - &mov ($s2,&DWP(8,$key)); # restore last dwords - &mov ($s3,&DWP(12,$key)); - &mov (&DWP(0,$acc),$s0); # save ivec - &mov (&DWP(4,$acc),$s1); - &mov (&DWP(8,$acc),$s2); - &mov (&DWP(12,$acc),$s3); - - &mov ("esp",$_esp); - &popf (); - &function_end_A(); - &pushf (); # kludge, never executed - - &set_label("slow_enc_tail",16); - &emms () if (!$x86only); - &mov ($key eq "edi"? $key:"",$s3); # load out to edi - &mov ($s1,16); - &sub ($s1,$s2); - &cmp ($key,$acc eq "esi"? $acc:""); # compare with inp - &je (&label("enc_in_place")); - &align (4); - &data_word(0xA4F3F689); # rep movsb # copy input - &jmp (&label("enc_skip_in_place")); - &set_label("enc_in_place"); - &lea ($key,&DWP(0,$key,$s2)); - &set_label("enc_skip_in_place"); - &mov ($s2,$s1); - &xor ($s0,$s0); - &align (4); - &data_word(0xAAF3F689); # rep stosb # zero tail - - &mov ($key,$_ivp); # restore ivp - &mov ($acc,$s3); # output as input - &mov ($s0,&DWP(0,$key)); - &mov ($s1,&DWP(4,$key)); - &mov ($_len,16); # len=16 - &jmp (&label("slow_enc_loop_x86")); # one more spin... - -#--------------------------- SLOW DECRYPT ---------------------------# -&set_label("slow_decrypt",16); - if (!$x86only) { - &bt ($_tmp,25); # check for SSE bit - &jnc (&label("slow_dec_loop_x86")); - - &set_label("slow_dec_loop_sse",4); - &movq ("mm0",&QWP(0,$acc)); # read input - &movq ("mm4",&QWP(8,$acc)); - - &mov ($key,$_key); - &call ("_sse_AES_decrypt_compact"); - - &mov ($acc,$_inp); # load inp - &lea ($s0,$ivec); - &mov ($s1,$_out); # load out - &mov ($s2,$_len); # load len - &mov ($key,$_ivp); # load ivp - - &movq ("mm1",&QWP(0,$acc)); # re-read input - &movq ("mm5",&QWP(8,$acc)); - - &pxor ("mm0",&QWP(0,$key)); # xor iv - &pxor ("mm4",&QWP(8,$key)); - - &movq (&QWP(0,$key),"mm1"); # copy input to iv - &movq (&QWP(8,$key),"mm5"); - - &sub ($s2,16); # decrease len - &jc (&label("slow_dec_partial_sse")); - - &movq (&QWP(0,$s1),"mm0"); # write output - &movq (&QWP(8,$s1),"mm4"); - - &lea ($s1,&DWP(16,$s1)); # advance out - &mov ($_out,$s1); # save out - &lea ($acc,&DWP(16,$acc)); # advance inp - &mov ($_inp,$acc); # save inp - &mov ($_len,$s2); # save len - &jnz (&label("slow_dec_loop_sse")); - &emms (); - &mov ("esp",$_esp); - &popf (); - &function_end_A(); - &pushf (); # kludge, never executed - - &set_label("slow_dec_partial_sse",16); - &movq (&QWP(0,$s0),"mm0"); # save output to temp - &movq (&QWP(8,$s0),"mm4"); - &emms (); - - &add ($s2 eq "ecx" ? "ecx":"",16); - &mov ("edi",$s1); # out - &mov ("esi",$s0); # temp - &align (4); - &data_word(0xA4F3F689); # rep movsb # copy partial output - - &mov ("esp",$_esp); - &popf (); - &function_end_A(); - &pushf (); # kludge, never executed - } - &set_label("slow_dec_loop_x86",16); - &mov ($s0,&DWP(0,$acc)); # read input - &mov ($s1,&DWP(4,$acc)); - &mov ($s2,&DWP(8,$acc)); - &mov ($s3,&DWP(12,$acc)); - - &lea ($key,$ivec); - &mov (&DWP(0,$key),$s0); # copy to temp - &mov (&DWP(4,$key),$s1); - &mov (&DWP(8,$key),$s2); - &mov (&DWP(12,$key),$s3); - - &mov ($key,$_key); # load key - &call ("_x86_AES_decrypt_compact"); - - &mov ($key,$_ivp); # load ivp - &mov ($acc,$_len); # load len - &xor ($s0,&DWP(0,$key)); # xor iv - &xor ($s1,&DWP(4,$key)); - &xor ($s2,&DWP(8,$key)); - &xor ($s3,&DWP(12,$key)); - - &sub ($acc,16); - &jc (&label("slow_dec_partial_x86")); - - &mov ($_len,$acc); # save len - &mov ($acc,$_out); # load out - - &mov (&DWP(0,$acc),$s0); # write output - &mov (&DWP(4,$acc),$s1); - &mov (&DWP(8,$acc),$s2); - &mov (&DWP(12,$acc),$s3); - - &lea ($acc,&DWP(16,$acc)); # advance out - &mov ($_out,$acc); # save out - - &lea ($acc,$ivec); - &mov ($s0,&DWP(0,$acc)); # read temp - &mov ($s1,&DWP(4,$acc)); - &mov ($s2,&DWP(8,$acc)); - &mov ($s3,&DWP(12,$acc)); - - &mov (&DWP(0,$key),$s0); # copy it to iv - &mov (&DWP(4,$key),$s1); - &mov (&DWP(8,$key),$s2); - &mov (&DWP(12,$key),$s3); - - &mov ($acc,$_inp); # load inp - &lea ($acc,&DWP(16,$acc)); # advance inp - &mov ($_inp,$acc); # save inp - &jnz (&label("slow_dec_loop_x86")); - &mov ("esp",$_esp); - &popf (); - &function_end_A(); - &pushf (); # kludge, never executed - - &set_label("slow_dec_partial_x86",16); - &lea ($acc,$ivec); - &mov (&DWP(0,$acc),$s0); # save output to temp - &mov (&DWP(4,$acc),$s1); - &mov (&DWP(8,$acc),$s2); - &mov (&DWP(12,$acc),$s3); - - &mov ($acc,$_inp); - &mov ($s0,&DWP(0,$acc)); # re-read input - &mov ($s1,&DWP(4,$acc)); - &mov ($s2,&DWP(8,$acc)); - &mov ($s3,&DWP(12,$acc)); - - &mov (&DWP(0,$key),$s0); # copy it to iv - &mov (&DWP(4,$key),$s1); - &mov (&DWP(8,$key),$s2); - &mov (&DWP(12,$key),$s3); - - &mov ("ecx",$_len); - &mov ("edi",$_out); - &lea ("esi",$ivec); - &align (4); - &data_word(0xA4F3F689); # rep movsb # copy partial output - - &mov ("esp",$_esp); - &popf (); -&function_end("AES_cbc_encrypt"); -} - -#------------------------------------------------------------------# - -sub enckey() -{ - &movz ("esi",&LB("edx")); # rk[i]>>0 - &movz ("ebx",&BP(-128,$tbl,"esi",1)); - &movz ("esi",&HB("edx")); # rk[i]>>8 - &shl ("ebx",24); - &xor ("eax","ebx"); - - &movz ("ebx",&BP(-128,$tbl,"esi",1)); - &shr ("edx",16); - &movz ("esi",&LB("edx")); # rk[i]>>16 - &xor ("eax","ebx"); - - &movz ("ebx",&BP(-128,$tbl,"esi",1)); - &movz ("esi",&HB("edx")); # rk[i]>>24 - &shl ("ebx",8); - &xor ("eax","ebx"); - - &movz ("ebx",&BP(-128,$tbl,"esi",1)); - &shl ("ebx",16); - &xor ("eax","ebx"); - - &xor ("eax",&DWP(1024-128,$tbl,"ecx",4)); # rcon -} - -&function_begin("_x86_AES_set_encrypt_key"); - &mov ("esi",&wparam(1)); # user supplied key - &mov ("edi",&wparam(3)); # private key schedule - - &test ("esi",-1); - &jz (&label("badpointer")); - &test ("edi",-1); - &jz (&label("badpointer")); - - &call (&label("pic_point")); - &set_label("pic_point"); - &blindpop($tbl); - &lea ($tbl,&DWP(&label("AES_Te")."-".&label("pic_point"),$tbl)); - &lea ($tbl,&DWP(2048+128,$tbl)); - - # prefetch Te4 - &mov ("eax",&DWP(0-128,$tbl)); - &mov ("ebx",&DWP(32-128,$tbl)); - &mov ("ecx",&DWP(64-128,$tbl)); - &mov ("edx",&DWP(96-128,$tbl)); - &mov ("eax",&DWP(128-128,$tbl)); - &mov ("ebx",&DWP(160-128,$tbl)); - &mov ("ecx",&DWP(192-128,$tbl)); - &mov ("edx",&DWP(224-128,$tbl)); - - &mov ("ecx",&wparam(2)); # number of bits in key - &cmp ("ecx",128); - &je (&label("10rounds")); - &cmp ("ecx",192); - &je (&label("12rounds")); - &cmp ("ecx",256); - &je (&label("14rounds")); - &mov ("eax",-2); # invalid number of bits - &jmp (&label("exit")); - - &set_label("10rounds"); - &mov ("eax",&DWP(0,"esi")); # copy first 4 dwords - &mov ("ebx",&DWP(4,"esi")); - &mov ("ecx",&DWP(8,"esi")); - &mov ("edx",&DWP(12,"esi")); - &mov (&DWP(0,"edi"),"eax"); - &mov (&DWP(4,"edi"),"ebx"); - &mov (&DWP(8,"edi"),"ecx"); - &mov (&DWP(12,"edi"),"edx"); - - &xor ("ecx","ecx"); - &jmp (&label("10shortcut")); - - &align (4); - &set_label("10loop"); - &mov ("eax",&DWP(0,"edi")); # rk[0] - &mov ("edx",&DWP(12,"edi")); # rk[3] - &set_label("10shortcut"); - &enckey (); - - &mov (&DWP(16,"edi"),"eax"); # rk[4] - &xor ("eax",&DWP(4,"edi")); - &mov (&DWP(20,"edi"),"eax"); # rk[5] - &xor ("eax",&DWP(8,"edi")); - &mov (&DWP(24,"edi"),"eax"); # rk[6] - &xor ("eax",&DWP(12,"edi")); - &mov (&DWP(28,"edi"),"eax"); # rk[7] - &inc ("ecx"); - &add ("edi",16); - &cmp ("ecx",10); - &jl (&label("10loop")); - - &mov (&DWP(80,"edi"),10); # setup number of rounds - &xor ("eax","eax"); - &jmp (&label("exit")); - - &set_label("12rounds"); - &mov ("eax",&DWP(0,"esi")); # copy first 6 dwords - &mov ("ebx",&DWP(4,"esi")); - &mov ("ecx",&DWP(8,"esi")); - &mov ("edx",&DWP(12,"esi")); - &mov (&DWP(0,"edi"),"eax"); - &mov (&DWP(4,"edi"),"ebx"); - &mov (&DWP(8,"edi"),"ecx"); - &mov (&DWP(12,"edi"),"edx"); - &mov ("ecx",&DWP(16,"esi")); - &mov ("edx",&DWP(20,"esi")); - &mov (&DWP(16,"edi"),"ecx"); - &mov (&DWP(20,"edi"),"edx"); - - &xor ("ecx","ecx"); - &jmp (&label("12shortcut")); - - &align (4); - &set_label("12loop"); - &mov ("eax",&DWP(0,"edi")); # rk[0] - &mov ("edx",&DWP(20,"edi")); # rk[5] - &set_label("12shortcut"); - &enckey (); - - &mov (&DWP(24,"edi"),"eax"); # rk[6] - &xor ("eax",&DWP(4,"edi")); - &mov (&DWP(28,"edi"),"eax"); # rk[7] - &xor ("eax",&DWP(8,"edi")); - &mov (&DWP(32,"edi"),"eax"); # rk[8] - &xor ("eax",&DWP(12,"edi")); - &mov (&DWP(36,"edi"),"eax"); # rk[9] - - &cmp ("ecx",7); - &je (&label("12break")); - &inc ("ecx"); - - &xor ("eax",&DWP(16,"edi")); - &mov (&DWP(40,"edi"),"eax"); # rk[10] - &xor ("eax",&DWP(20,"edi")); - &mov (&DWP(44,"edi"),"eax"); # rk[11] - - &add ("edi",24); - &jmp (&label("12loop")); - - &set_label("12break"); - &mov (&DWP(72,"edi"),12); # setup number of rounds - &xor ("eax","eax"); - &jmp (&label("exit")); - - &set_label("14rounds"); - &mov ("eax",&DWP(0,"esi")); # copy first 8 dwords - &mov ("ebx",&DWP(4,"esi")); - &mov ("ecx",&DWP(8,"esi")); - &mov ("edx",&DWP(12,"esi")); - &mov (&DWP(0,"edi"),"eax"); - &mov (&DWP(4,"edi"),"ebx"); - &mov (&DWP(8,"edi"),"ecx"); - &mov (&DWP(12,"edi"),"edx"); - &mov ("eax",&DWP(16,"esi")); - &mov ("ebx",&DWP(20,"esi")); - &mov ("ecx",&DWP(24,"esi")); - &mov ("edx",&DWP(28,"esi")); - &mov (&DWP(16,"edi"),"eax"); - &mov (&DWP(20,"edi"),"ebx"); - &mov (&DWP(24,"edi"),"ecx"); - &mov (&DWP(28,"edi"),"edx"); - - &xor ("ecx","ecx"); - &jmp (&label("14shortcut")); - - &align (4); - &set_label("14loop"); - &mov ("edx",&DWP(28,"edi")); # rk[7] - &set_label("14shortcut"); - &mov ("eax",&DWP(0,"edi")); # rk[0] - - &enckey (); - - &mov (&DWP(32,"edi"),"eax"); # rk[8] - &xor ("eax",&DWP(4,"edi")); - &mov (&DWP(36,"edi"),"eax"); # rk[9] - &xor ("eax",&DWP(8,"edi")); - &mov (&DWP(40,"edi"),"eax"); # rk[10] - &xor ("eax",&DWP(12,"edi")); - &mov (&DWP(44,"edi"),"eax"); # rk[11] - - &cmp ("ecx",6); - &je (&label("14break")); - &inc ("ecx"); - - &mov ("edx","eax"); - &mov ("eax",&DWP(16,"edi")); # rk[4] - &movz ("esi",&LB("edx")); # rk[11]>>0 - &movz ("ebx",&BP(-128,$tbl,"esi",1)); - &movz ("esi",&HB("edx")); # rk[11]>>8 - &xor ("eax","ebx"); - - &movz ("ebx",&BP(-128,$tbl,"esi",1)); - &shr ("edx",16); - &shl ("ebx",8); - &movz ("esi",&LB("edx")); # rk[11]>>16 - &xor ("eax","ebx"); - - &movz ("ebx",&BP(-128,$tbl,"esi",1)); - &movz ("esi",&HB("edx")); # rk[11]>>24 - &shl ("ebx",16); - &xor ("eax","ebx"); - - &movz ("ebx",&BP(-128,$tbl,"esi",1)); - &shl ("ebx",24); - &xor ("eax","ebx"); - - &mov (&DWP(48,"edi"),"eax"); # rk[12] - &xor ("eax",&DWP(20,"edi")); - &mov (&DWP(52,"edi"),"eax"); # rk[13] - &xor ("eax",&DWP(24,"edi")); - &mov (&DWP(56,"edi"),"eax"); # rk[14] - &xor ("eax",&DWP(28,"edi")); - &mov (&DWP(60,"edi"),"eax"); # rk[15] - - &add ("edi",32); - &jmp (&label("14loop")); - - &set_label("14break"); - &mov (&DWP(48,"edi"),14); # setup number of rounds - &xor ("eax","eax"); - &jmp (&label("exit")); - - &set_label("badpointer"); - &mov ("eax",-1); - &set_label("exit"); -&function_end("_x86_AES_set_encrypt_key"); - -# int AES_set_encrypt_key(const unsigned char *userKey, const int bits, -# AES_KEY *key) -&function_begin_B("AES_set_encrypt_key"); - &call ("_x86_AES_set_encrypt_key"); - &ret (); -&function_end_B("AES_set_encrypt_key"); - -sub deckey() -{ my ($i,$key,$tp1,$tp2,$tp4,$tp8) = @_; - my $tmp = $tbl; - - &mov ($tmp,0x80808080); - &and ($tmp,$tp1); - &lea ($tp2,&DWP(0,$tp1,$tp1)); - &mov ($acc,$tmp); - &shr ($tmp,7); - &sub ($acc,$tmp); - &and ($tp2,0xfefefefe); - &and ($acc,0x1b1b1b1b); - &xor ($tp2,$acc); - &mov ($tmp,0x80808080); - - &and ($tmp,$tp2); - &lea ($tp4,&DWP(0,$tp2,$tp2)); - &mov ($acc,$tmp); - &shr ($tmp,7); - &sub ($acc,$tmp); - &and ($tp4,0xfefefefe); - &and ($acc,0x1b1b1b1b); - &xor ($tp2,$tp1); # tp2^tp1 - &xor ($tp4,$acc); - &mov ($tmp,0x80808080); - - &and ($tmp,$tp4); - &lea ($tp8,&DWP(0,$tp4,$tp4)); - &mov ($acc,$tmp); - &shr ($tmp,7); - &xor ($tp4,$tp1); # tp4^tp1 - &sub ($acc,$tmp); - &and ($tp8,0xfefefefe); - &and ($acc,0x1b1b1b1b); - &rotl ($tp1,8); # = ROTATE(tp1,8) - &xor ($tp8,$acc); - - &mov ($tmp,&DWP(4*($i+1),$key)); # modulo-scheduled load - - &xor ($tp1,$tp2); - &xor ($tp2,$tp8); - &xor ($tp1,$tp4); - &rotl ($tp2,24); - &xor ($tp4,$tp8); - &xor ($tp1,$tp8); # ^= tp8^(tp4^tp1)^(tp2^tp1) - &rotl ($tp4,16); - &xor ($tp1,$tp2); # ^= ROTATE(tp8^tp2^tp1,24) - &rotl ($tp8,8); - &xor ($tp1,$tp4); # ^= ROTATE(tp8^tp4^tp1,16) - &mov ($tp2,$tmp); - &xor ($tp1,$tp8); # ^= ROTATE(tp8,8) - - &mov (&DWP(4*$i,$key),$tp1); -} - -# int AES_set_decrypt_key(const unsigned char *userKey, const int bits, -# AES_KEY *key) -&function_begin_B("AES_set_decrypt_key"); - &call ("_x86_AES_set_encrypt_key"); - &cmp ("eax",0); - &je (&label("proceed")); - &ret (); - - &set_label("proceed"); - &push ("ebp"); - &push ("ebx"); - &push ("esi"); - &push ("edi"); - - &mov ("esi",&wparam(2)); - &mov ("ecx",&DWP(240,"esi")); # pull number of rounds - &lea ("ecx",&DWP(0,"","ecx",4)); - &lea ("edi",&DWP(0,"esi","ecx",4)); # pointer to last chunk - - &set_label("invert",4); # invert order of chunks - &mov ("eax",&DWP(0,"esi")); - &mov ("ebx",&DWP(4,"esi")); - &mov ("ecx",&DWP(0,"edi")); - &mov ("edx",&DWP(4,"edi")); - &mov (&DWP(0,"edi"),"eax"); - &mov (&DWP(4,"edi"),"ebx"); - &mov (&DWP(0,"esi"),"ecx"); - &mov (&DWP(4,"esi"),"edx"); - &mov ("eax",&DWP(8,"esi")); - &mov ("ebx",&DWP(12,"esi")); - &mov ("ecx",&DWP(8,"edi")); - &mov ("edx",&DWP(12,"edi")); - &mov (&DWP(8,"edi"),"eax"); - &mov (&DWP(12,"edi"),"ebx"); - &mov (&DWP(8,"esi"),"ecx"); - &mov (&DWP(12,"esi"),"edx"); - &add ("esi",16); - &sub ("edi",16); - &cmp ("esi","edi"); - &jne (&label("invert")); - - &mov ($key,&wparam(2)); - &mov ($acc,&DWP(240,$key)); # pull number of rounds - &lea ($acc,&DWP(-2,$acc,$acc)); - &lea ($acc,&DWP(0,$key,$acc,8)); - &mov (&wparam(2),$acc); - - &mov ($s0,&DWP(16,$key)); # modulo-scheduled load - &set_label("permute",4); # permute the key schedule - &add ($key,16); - &deckey (0,$key,$s0,$s1,$s2,$s3); - &deckey (1,$key,$s1,$s2,$s3,$s0); - &deckey (2,$key,$s2,$s3,$s0,$s1); - &deckey (3,$key,$s3,$s0,$s1,$s2); - &cmp ($key,&wparam(2)); - &jb (&label("permute")); - - &xor ("eax","eax"); # return success -&function_end("AES_set_decrypt_key"); -&asciz("AES for x86, CRYPTOGAMS by "); - -&asm_finish(); - -close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/aes/asm/aes-armv4.pl b/crypto/aes/asm/aes-armv4.pl deleted file mode 100644 index fc9ff7d3e4eeef70e9ffc984afead8072b1c50e3..0000000000000000000000000000000000000000 --- a/crypto/aes/asm/aes-armv4.pl +++ /dev/null @@ -1,1248 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - - -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# ==================================================================== - -# AES for ARMv4 - -# January 2007. -# -# Code uses single 1K S-box and is >2 times faster than code generated -# by gcc-3.4.1. This is thanks to unique feature of ARMv4 ISA, which -# allows to merge logical or arithmetic operation with shift or rotate -# in one instruction and emit combined result every cycle. The module -# is endian-neutral. The performance is ~42 cycles/byte for 128-bit -# key [on single-issue Xscale PXA250 core]. - -# May 2007. -# -# AES_set_[en|de]crypt_key is added. - -# July 2010. -# -# Rescheduling for dual-issue pipeline resulted in 12% improvement on -# Cortex A8 core and ~25 cycles per byte processed with 128-bit key. - -# February 2011. -# -# Profiler-assisted and platform-specific optimization resulted in 16% -# improvement on Cortex A8 core and ~21.5 cycles per byte. - -# $output is the last argument if it looks like a file (it has an extension) -# $flavour is the first argument if it doesn't look like a file -$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; -$flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef; - -if ($flavour && $flavour ne "void") { - $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; - ( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or - ( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or - die "can't locate arm-xlate.pl"; - - open STDOUT,"| \"$^X\" $xlate $flavour \"$output\"" - or die "can't call $xlate: $!"; -} else { - $output and open STDOUT,">$output"; -} - -$s0="r0"; -$s1="r1"; -$s2="r2"; -$s3="r3"; -$t1="r4"; -$t2="r5"; -$t3="r6"; -$i1="r7"; -$i2="r8"; -$i3="r9"; - -$tbl="r10"; -$key="r11"; -$rounds="r12"; - -$code=<<___; -#ifndef __KERNEL__ -# include "arm_arch.h" -#else -# define __ARM_ARCH__ __LINUX_ARM_ARCH__ -#endif - -#if defined(__thumb2__) && !defined(__APPLE__) -.syntax unified -.thumb -#else -.code 32 -#undef __thumb2__ -#endif - -.text - -.type AES_Te,%object -.align 5 -AES_Te: -.word 0xc66363a5, 0xf87c7c84, 0xee777799, 0xf67b7b8d -.word 0xfff2f20d, 0xd66b6bbd, 0xde6f6fb1, 0x91c5c554 -.word 0x60303050, 0x02010103, 0xce6767a9, 0x562b2b7d -.word 0xe7fefe19, 0xb5d7d762, 0x4dababe6, 0xec76769a -.word 0x8fcaca45, 0x1f82829d, 0x89c9c940, 0xfa7d7d87 -.word 0xeffafa15, 0xb25959eb, 0x8e4747c9, 0xfbf0f00b -.word 0x41adadec, 0xb3d4d467, 0x5fa2a2fd, 0x45afafea -.word 0x239c9cbf, 0x53a4a4f7, 0xe4727296, 0x9bc0c05b -.word 0x75b7b7c2, 0xe1fdfd1c, 0x3d9393ae, 0x4c26266a -.word 0x6c36365a, 0x7e3f3f41, 0xf5f7f702, 0x83cccc4f -.word 0x6834345c, 0x51a5a5f4, 0xd1e5e534, 0xf9f1f108 -.word 0xe2717193, 0xabd8d873, 0x62313153, 0x2a15153f -.word 0x0804040c, 0x95c7c752, 0x46232365, 0x9dc3c35e -.word 0x30181828, 0x379696a1, 0x0a05050f, 0x2f9a9ab5 -.word 0x0e070709, 0x24121236, 0x1b80809b, 0xdfe2e23d -.word 0xcdebeb26, 0x4e272769, 0x7fb2b2cd, 0xea75759f -.word 0x1209091b, 0x1d83839e, 0x582c2c74, 0x341a1a2e -.word 0x361b1b2d, 0xdc6e6eb2, 0xb45a5aee, 0x5ba0a0fb -.word 0xa45252f6, 0x763b3b4d, 0xb7d6d661, 0x7db3b3ce -.word 0x5229297b, 0xdde3e33e, 0x5e2f2f71, 0x13848497 -.word 0xa65353f5, 0xb9d1d168, 0x00000000, 0xc1eded2c -.word 0x40202060, 0xe3fcfc1f, 0x79b1b1c8, 0xb65b5bed -.word 0xd46a6abe, 0x8dcbcb46, 0x67bebed9, 0x7239394b -.word 0x944a4ade, 0x984c4cd4, 0xb05858e8, 0x85cfcf4a -.word 0xbbd0d06b, 0xc5efef2a, 0x4faaaae5, 0xedfbfb16 -.word 0x864343c5, 0x9a4d4dd7, 0x66333355, 0x11858594 -.word 0x8a4545cf, 0xe9f9f910, 0x04020206, 0xfe7f7f81 -.word 0xa05050f0, 0x783c3c44, 0x259f9fba, 0x4ba8a8e3 -.word 0xa25151f3, 0x5da3a3fe, 0x804040c0, 0x058f8f8a -.word 0x3f9292ad, 0x219d9dbc, 0x70383848, 0xf1f5f504 -.word 0x63bcbcdf, 0x77b6b6c1, 0xafdada75, 0x42212163 -.word 0x20101030, 0xe5ffff1a, 0xfdf3f30e, 0xbfd2d26d -.word 0x81cdcd4c, 0x180c0c14, 0x26131335, 0xc3ecec2f -.word 0xbe5f5fe1, 0x359797a2, 0x884444cc, 0x2e171739 -.word 0x93c4c457, 0x55a7a7f2, 0xfc7e7e82, 0x7a3d3d47 -.word 0xc86464ac, 0xba5d5de7, 0x3219192b, 0xe6737395 -.word 0xc06060a0, 0x19818198, 0x9e4f4fd1, 0xa3dcdc7f -.word 0x44222266, 0x542a2a7e, 0x3b9090ab, 0x0b888883 -.word 0x8c4646ca, 0xc7eeee29, 0x6bb8b8d3, 0x2814143c -.word 0xa7dede79, 0xbc5e5ee2, 0x160b0b1d, 0xaddbdb76 -.word 0xdbe0e03b, 0x64323256, 0x743a3a4e, 0x140a0a1e -.word 0x924949db, 0x0c06060a, 0x4824246c, 0xb85c5ce4 -.word 0x9fc2c25d, 0xbdd3d36e, 0x43acacef, 0xc46262a6 -.word 0x399191a8, 0x319595a4, 0xd3e4e437, 0xf279798b -.word 0xd5e7e732, 0x8bc8c843, 0x6e373759, 0xda6d6db7 -.word 0x018d8d8c, 0xb1d5d564, 0x9c4e4ed2, 0x49a9a9e0 -.word 0xd86c6cb4, 0xac5656fa, 0xf3f4f407, 0xcfeaea25 -.word 0xca6565af, 0xf47a7a8e, 0x47aeaee9, 0x10080818 -.word 0x6fbabad5, 0xf0787888, 0x4a25256f, 0x5c2e2e72 -.word 0x381c1c24, 0x57a6a6f1, 0x73b4b4c7, 0x97c6c651 -.word 0xcbe8e823, 0xa1dddd7c, 0xe874749c, 0x3e1f1f21 -.word 0x964b4bdd, 0x61bdbddc, 0x0d8b8b86, 0x0f8a8a85 -.word 0xe0707090, 0x7c3e3e42, 0x71b5b5c4, 0xcc6666aa -.word 0x904848d8, 0x06030305, 0xf7f6f601, 0x1c0e0e12 -.word 0xc26161a3, 0x6a35355f, 0xae5757f9, 0x69b9b9d0 -.word 0x17868691, 0x99c1c158, 0x3a1d1d27, 0x279e9eb9 -.word 0xd9e1e138, 0xebf8f813, 0x2b9898b3, 0x22111133 -.word 0xd26969bb, 0xa9d9d970, 0x078e8e89, 0x339494a7 -.word 0x2d9b9bb6, 0x3c1e1e22, 0x15878792, 0xc9e9e920 -.word 0x87cece49, 0xaa5555ff, 0x50282878, 0xa5dfdf7a -.word 0x038c8c8f, 0x59a1a1f8, 0x09898980, 0x1a0d0d17 -.word 0x65bfbfda, 0xd7e6e631, 0x844242c6, 0xd06868b8 -.word 0x824141c3, 0x299999b0, 0x5a2d2d77, 0x1e0f0f11 -.word 0x7bb0b0cb, 0xa85454fc, 0x6dbbbbd6, 0x2c16163a -@ Te4[256] -.byte 0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5 -.byte 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76 -.byte 0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0 -.byte 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0 -.byte 0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc -.byte 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15 -.byte 0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a -.byte 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75 -.byte 0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0 -.byte 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84 -.byte 0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b -.byte 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf -.byte 0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85 -.byte 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8 -.byte 0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5 -.byte 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2 -.byte 0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17 -.byte 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73 -.byte 0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88 -.byte 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb -.byte 0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c -.byte 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79 -.byte 0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9 -.byte 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08 -.byte 0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6 -.byte 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a -.byte 0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e -.byte 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e -.byte 0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94 -.byte 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf -.byte 0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68 -.byte 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16 -@ rcon[] -.word 0x01000000, 0x02000000, 0x04000000, 0x08000000 -.word 0x10000000, 0x20000000, 0x40000000, 0x80000000 -.word 0x1B000000, 0x36000000, 0, 0, 0, 0, 0, 0 -.size AES_Te,.-AES_Te - -@ void AES_encrypt(const unsigned char *in, unsigned char *out, -@ const AES_KEY *key) { -.global AES_encrypt -.type AES_encrypt,%function -.align 5 -AES_encrypt: -#ifndef __thumb2__ - sub r3,pc,#8 @ AES_encrypt -#else - adr r3,. -#endif - stmdb sp!,{r1,r4-r12,lr} -#if defined(__thumb2__) || defined(__APPLE__) - adr $tbl,AES_Te -#else - sub $tbl,r3,#AES_encrypt-AES_Te @ Te -#endif - mov $rounds,r0 @ inp - mov $key,r2 -#if __ARM_ARCH__<7 - ldrb $s0,[$rounds,#3] @ load input data in endian-neutral - ldrb $t1,[$rounds,#2] @ manner... - ldrb $t2,[$rounds,#1] - ldrb $t3,[$rounds,#0] - orr $s0,$s0,$t1,lsl#8 - ldrb $s1,[$rounds,#7] - orr $s0,$s0,$t2,lsl#16 - ldrb $t1,[$rounds,#6] - orr $s0,$s0,$t3,lsl#24 - ldrb $t2,[$rounds,#5] - ldrb $t3,[$rounds,#4] - orr $s1,$s1,$t1,lsl#8 - ldrb $s2,[$rounds,#11] - orr $s1,$s1,$t2,lsl#16 - ldrb $t1,[$rounds,#10] - orr $s1,$s1,$t3,lsl#24 - ldrb $t2,[$rounds,#9] - ldrb $t3,[$rounds,#8] - orr $s2,$s2,$t1,lsl#8 - ldrb $s3,[$rounds,#15] - orr $s2,$s2,$t2,lsl#16 - ldrb $t1,[$rounds,#14] - orr $s2,$s2,$t3,lsl#24 - ldrb $t2,[$rounds,#13] - ldrb $t3,[$rounds,#12] - orr $s3,$s3,$t1,lsl#8 - orr $s3,$s3,$t2,lsl#16 - orr $s3,$s3,$t3,lsl#24 -#else - ldr $s0,[$rounds,#0] - ldr $s1,[$rounds,#4] - ldr $s2,[$rounds,#8] - ldr $s3,[$rounds,#12] -#ifdef __ARMEL__ - rev $s0,$s0 - rev $s1,$s1 - rev $s2,$s2 - rev $s3,$s3 -#endif -#endif - bl _armv4_AES_encrypt - - ldr $rounds,[sp],#4 @ pop out -#if __ARM_ARCH__>=7 -#ifdef __ARMEL__ - rev $s0,$s0 - rev $s1,$s1 - rev $s2,$s2 - rev $s3,$s3 -#endif - str $s0,[$rounds,#0] - str $s1,[$rounds,#4] - str $s2,[$rounds,#8] - str $s3,[$rounds,#12] -#else - mov $t1,$s0,lsr#24 @ write output in endian-neutral - mov $t2,$s0,lsr#16 @ manner... - mov $t3,$s0,lsr#8 - strb $t1,[$rounds,#0] - strb $t2,[$rounds,#1] - mov $t1,$s1,lsr#24 - strb $t3,[$rounds,#2] - mov $t2,$s1,lsr#16 - strb $s0,[$rounds,#3] - mov $t3,$s1,lsr#8 - strb $t1,[$rounds,#4] - strb $t2,[$rounds,#5] - mov $t1,$s2,lsr#24 - strb $t3,[$rounds,#6] - mov $t2,$s2,lsr#16 - strb $s1,[$rounds,#7] - mov $t3,$s2,lsr#8 - strb $t1,[$rounds,#8] - strb $t2,[$rounds,#9] - mov $t1,$s3,lsr#24 - strb $t3,[$rounds,#10] - mov $t2,$s3,lsr#16 - strb $s2,[$rounds,#11] - mov $t3,$s3,lsr#8 - strb $t1,[$rounds,#12] - strb $t2,[$rounds,#13] - strb $t3,[$rounds,#14] - strb $s3,[$rounds,#15] -#endif -#if __ARM_ARCH__>=5 - ldmia sp!,{r4-r12,pc} -#else - ldmia sp!,{r4-r12,lr} - tst lr,#1 - moveq pc,lr @ be binary compatible with V4, yet - bx lr @ interoperable with Thumb ISA:-) -#endif -.size AES_encrypt,.-AES_encrypt - -.type _armv4_AES_encrypt,%function -.align 2 -_armv4_AES_encrypt: - str lr,[sp,#-4]! @ push lr - ldmia $key!,{$t1-$i1} - eor $s0,$s0,$t1 - ldr $rounds,[$key,#240-16] - eor $s1,$s1,$t2 - eor $s2,$s2,$t3 - eor $s3,$s3,$i1 - sub $rounds,$rounds,#1 - mov lr,#255 - - and $i1,lr,$s0 - and $i2,lr,$s0,lsr#8 - and $i3,lr,$s0,lsr#16 - mov $s0,$s0,lsr#24 -.Lenc_loop: - ldr $t1,[$tbl,$i1,lsl#2] @ Te3[s0>>0] - and $i1,lr,$s1,lsr#16 @ i0 - ldr $t2,[$tbl,$i2,lsl#2] @ Te2[s0>>8] - and $i2,lr,$s1 - ldr $t3,[$tbl,$i3,lsl#2] @ Te1[s0>>16] - and $i3,lr,$s1,lsr#8 - ldr $s0,[$tbl,$s0,lsl#2] @ Te0[s0>>24] - mov $s1,$s1,lsr#24 - - ldr $i1,[$tbl,$i1,lsl#2] @ Te1[s1>>16] - ldr $i2,[$tbl,$i2,lsl#2] @ Te3[s1>>0] - ldr $i3,[$tbl,$i3,lsl#2] @ Te2[s1>>8] - eor $s0,$s0,$i1,ror#8 - ldr $s1,[$tbl,$s1,lsl#2] @ Te0[s1>>24] - and $i1,lr,$s2,lsr#8 @ i0 - eor $t2,$t2,$i2,ror#8 - and $i2,lr,$s2,lsr#16 @ i1 - eor $t3,$t3,$i3,ror#8 - and $i3,lr,$s2 - ldr $i1,[$tbl,$i1,lsl#2] @ Te2[s2>>8] - eor $s1,$s1,$t1,ror#24 - ldr $i2,[$tbl,$i2,lsl#2] @ Te1[s2>>16] - mov $s2,$s2,lsr#24 - - ldr $i3,[$tbl,$i3,lsl#2] @ Te3[s2>>0] - eor $s0,$s0,$i1,ror#16 - ldr $s2,[$tbl,$s2,lsl#2] @ Te0[s2>>24] - and $i1,lr,$s3 @ i0 - eor $s1,$s1,$i2,ror#8 - and $i2,lr,$s3,lsr#8 @ i1 - eor $t3,$t3,$i3,ror#16 - and $i3,lr,$s3,lsr#16 @ i2 - ldr $i1,[$tbl,$i1,lsl#2] @ Te3[s3>>0] - eor $s2,$s2,$t2,ror#16 - ldr $i2,[$tbl,$i2,lsl#2] @ Te2[s3>>8] - mov $s3,$s3,lsr#24 - - ldr $i3,[$tbl,$i3,lsl#2] @ Te1[s3>>16] - eor $s0,$s0,$i1,ror#24 - ldr $i1,[$key],#16 - eor $s1,$s1,$i2,ror#16 - ldr $s3,[$tbl,$s3,lsl#2] @ Te0[s3>>24] - eor $s2,$s2,$i3,ror#8 - ldr $t1,[$key,#-12] - eor $s3,$s3,$t3,ror#8 - - ldr $t2,[$key,#-8] - eor $s0,$s0,$i1 - ldr $t3,[$key,#-4] - and $i1,lr,$s0 - eor $s1,$s1,$t1 - and $i2,lr,$s0,lsr#8 - eor $s2,$s2,$t2 - and $i3,lr,$s0,lsr#16 - eor $s3,$s3,$t3 - mov $s0,$s0,lsr#24 - - subs $rounds,$rounds,#1 - bne .Lenc_loop - - add $tbl,$tbl,#2 - - ldrb $t1,[$tbl,$i1,lsl#2] @ Te4[s0>>0] - and $i1,lr,$s1,lsr#16 @ i0 - ldrb $t2,[$tbl,$i2,lsl#2] @ Te4[s0>>8] - and $i2,lr,$s1 - ldrb $t3,[$tbl,$i3,lsl#2] @ Te4[s0>>16] - and $i3,lr,$s1,lsr#8 - ldrb $s0,[$tbl,$s0,lsl#2] @ Te4[s0>>24] - mov $s1,$s1,lsr#24 - - ldrb $i1,[$tbl,$i1,lsl#2] @ Te4[s1>>16] - ldrb $i2,[$tbl,$i2,lsl#2] @ Te4[s1>>0] - ldrb $i3,[$tbl,$i3,lsl#2] @ Te4[s1>>8] - eor $s0,$i1,$s0,lsl#8 - ldrb $s1,[$tbl,$s1,lsl#2] @ Te4[s1>>24] - and $i1,lr,$s2,lsr#8 @ i0 - eor $t2,$i2,$t2,lsl#8 - and $i2,lr,$s2,lsr#16 @ i1 - eor $t3,$i3,$t3,lsl#8 - and $i3,lr,$s2 - ldrb $i1,[$tbl,$i1,lsl#2] @ Te4[s2>>8] - eor $s1,$t1,$s1,lsl#24 - ldrb $i2,[$tbl,$i2,lsl#2] @ Te4[s2>>16] - mov $s2,$s2,lsr#24 - - ldrb $i3,[$tbl,$i3,lsl#2] @ Te4[s2>>0] - eor $s0,$i1,$s0,lsl#8 - ldrb $s2,[$tbl,$s2,lsl#2] @ Te4[s2>>24] - and $i1,lr,$s3 @ i0 - eor $s1,$s1,$i2,lsl#16 - and $i2,lr,$s3,lsr#8 @ i1 - eor $t3,$i3,$t3,lsl#8 - and $i3,lr,$s3,lsr#16 @ i2 - ldrb $i1,[$tbl,$i1,lsl#2] @ Te4[s3>>0] - eor $s2,$t2,$s2,lsl#24 - ldrb $i2,[$tbl,$i2,lsl#2] @ Te4[s3>>8] - mov $s3,$s3,lsr#24 - - ldrb $i3,[$tbl,$i3,lsl#2] @ Te4[s3>>16] - eor $s0,$i1,$s0,lsl#8 - ldr $i1,[$key,#0] - ldrb $s3,[$tbl,$s3,lsl#2] @ Te4[s3>>24] - eor $s1,$s1,$i2,lsl#8 - ldr $t1,[$key,#4] - eor $s2,$s2,$i3,lsl#16 - ldr $t2,[$key,#8] - eor $s3,$t3,$s3,lsl#24 - ldr $t3,[$key,#12] - - eor $s0,$s0,$i1 - eor $s1,$s1,$t1 - eor $s2,$s2,$t2 - eor $s3,$s3,$t3 - - sub $tbl,$tbl,#2 - ldr pc,[sp],#4 @ pop and return -.size _armv4_AES_encrypt,.-_armv4_AES_encrypt - -.global AES_set_encrypt_key -.type AES_set_encrypt_key,%function -.align 5 -AES_set_encrypt_key: -_armv4_AES_set_encrypt_key: -#ifndef __thumb2__ - sub r3,pc,#8 @ AES_set_encrypt_key -#else - adr r3,. -#endif - teq r0,#0 -#ifdef __thumb2__ - itt eq @ Thumb2 thing, sanity check in ARM -#endif - moveq r0,#-1 - beq .Labrt - teq r2,#0 -#ifdef __thumb2__ - itt eq @ Thumb2 thing, sanity check in ARM -#endif - moveq r0,#-1 - beq .Labrt - - teq r1,#128 - beq .Lok - teq r1,#192 - beq .Lok - teq r1,#256 -#ifdef __thumb2__ - itt ne @ Thumb2 thing, sanity check in ARM -#endif - movne r0,#-1 - bne .Labrt - -.Lok: stmdb sp!,{r4-r12,lr} - mov $rounds,r0 @ inp - mov lr,r1 @ bits - mov $key,r2 @ key - -#if defined(__thumb2__) || defined(__APPLE__) - adr $tbl,AES_Te+1024 @ Te4 -#else - sub $tbl,r3,#_armv4_AES_set_encrypt_key-AES_Te-1024 @ Te4 -#endif - -#if __ARM_ARCH__<7 - ldrb $s0,[$rounds,#3] @ load input data in endian-neutral - ldrb $t1,[$rounds,#2] @ manner... - ldrb $t2,[$rounds,#1] - ldrb $t3,[$rounds,#0] - orr $s0,$s0,$t1,lsl#8 - ldrb $s1,[$rounds,#7] - orr $s0,$s0,$t2,lsl#16 - ldrb $t1,[$rounds,#6] - orr $s0,$s0,$t3,lsl#24 - ldrb $t2,[$rounds,#5] - ldrb $t3,[$rounds,#4] - orr $s1,$s1,$t1,lsl#8 - ldrb $s2,[$rounds,#11] - orr $s1,$s1,$t2,lsl#16 - ldrb $t1,[$rounds,#10] - orr $s1,$s1,$t3,lsl#24 - ldrb $t2,[$rounds,#9] - ldrb $t3,[$rounds,#8] - orr $s2,$s2,$t1,lsl#8 - ldrb $s3,[$rounds,#15] - orr $s2,$s2,$t2,lsl#16 - ldrb $t1,[$rounds,#14] - orr $s2,$s2,$t3,lsl#24 - ldrb $t2,[$rounds,#13] - ldrb $t3,[$rounds,#12] - orr $s3,$s3,$t1,lsl#8 - str $s0,[$key],#16 - orr $s3,$s3,$t2,lsl#16 - str $s1,[$key,#-12] - orr $s3,$s3,$t3,lsl#24 - str $s2,[$key,#-8] - str $s3,[$key,#-4] -#else - ldr $s0,[$rounds,#0] - ldr $s1,[$rounds,#4] - ldr $s2,[$rounds,#8] - ldr $s3,[$rounds,#12] -#ifdef __ARMEL__ - rev $s0,$s0 - rev $s1,$s1 - rev $s2,$s2 - rev $s3,$s3 -#endif - str $s0,[$key],#16 - str $s1,[$key,#-12] - str $s2,[$key,#-8] - str $s3,[$key,#-4] -#endif - - teq lr,#128 - bne .Lnot128 - mov $rounds,#10 - str $rounds,[$key,#240-16] - add $t3,$tbl,#256 @ rcon - mov lr,#255 - -.L128_loop: - and $t2,lr,$s3,lsr#24 - and $i1,lr,$s3,lsr#16 - ldrb $t2,[$tbl,$t2] - and $i2,lr,$s3,lsr#8 - ldrb $i1,[$tbl,$i1] - and $i3,lr,$s3 - ldrb $i2,[$tbl,$i2] - orr $t2,$t2,$i1,lsl#24 - ldrb $i3,[$tbl,$i3] - orr $t2,$t2,$i2,lsl#16 - ldr $t1,[$t3],#4 @ rcon[i++] - orr $t2,$t2,$i3,lsl#8 - eor $t2,$t2,$t1 - eor $s0,$s0,$t2 @ rk[4]=rk[0]^... - eor $s1,$s1,$s0 @ rk[5]=rk[1]^rk[4] - str $s0,[$key],#16 - eor $s2,$s2,$s1 @ rk[6]=rk[2]^rk[5] - str $s1,[$key,#-12] - eor $s3,$s3,$s2 @ rk[7]=rk[3]^rk[6] - str $s2,[$key,#-8] - subs $rounds,$rounds,#1 - str $s3,[$key,#-4] - bne .L128_loop - sub r2,$key,#176 - b .Ldone - -.Lnot128: -#if __ARM_ARCH__<7 - ldrb $i2,[$rounds,#19] - ldrb $t1,[$rounds,#18] - ldrb $t2,[$rounds,#17] - ldrb $t3,[$rounds,#16] - orr $i2,$i2,$t1,lsl#8 - ldrb $i3,[$rounds,#23] - orr $i2,$i2,$t2,lsl#16 - ldrb $t1,[$rounds,#22] - orr $i2,$i2,$t3,lsl#24 - ldrb $t2,[$rounds,#21] - ldrb $t3,[$rounds,#20] - orr $i3,$i3,$t1,lsl#8 - orr $i3,$i3,$t2,lsl#16 - str $i2,[$key],#8 - orr $i3,$i3,$t3,lsl#24 - str $i3,[$key,#-4] -#else - ldr $i2,[$rounds,#16] - ldr $i3,[$rounds,#20] -#ifdef __ARMEL__ - rev $i2,$i2 - rev $i3,$i3 -#endif - str $i2,[$key],#8 - str $i3,[$key,#-4] -#endif - - teq lr,#192 - bne .Lnot192 - mov $rounds,#12 - str $rounds,[$key,#240-24] - add $t3,$tbl,#256 @ rcon - mov lr,#255 - mov $rounds,#8 - -.L192_loop: - and $t2,lr,$i3,lsr#24 - and $i1,lr,$i3,lsr#16 - ldrb $t2,[$tbl,$t2] - and $i2,lr,$i3,lsr#8 - ldrb $i1,[$tbl,$i1] - and $i3,lr,$i3 - ldrb $i2,[$tbl,$i2] - orr $t2,$t2,$i1,lsl#24 - ldrb $i3,[$tbl,$i3] - orr $t2,$t2,$i2,lsl#16 - ldr $t1,[$t3],#4 @ rcon[i++] - orr $t2,$t2,$i3,lsl#8 - eor $i3,$t2,$t1 - eor $s0,$s0,$i3 @ rk[6]=rk[0]^... - eor $s1,$s1,$s0 @ rk[7]=rk[1]^rk[6] - str $s0,[$key],#24 - eor $s2,$s2,$s1 @ rk[8]=rk[2]^rk[7] - str $s1,[$key,#-20] - eor $s3,$s3,$s2 @ rk[9]=rk[3]^rk[8] - str $s2,[$key,#-16] - subs $rounds,$rounds,#1 - str $s3,[$key,#-12] -#ifdef __thumb2__ - itt eq @ Thumb2 thing, sanity check in ARM -#endif - subeq r2,$key,#216 - beq .Ldone - - ldr $i1,[$key,#-32] - ldr $i2,[$key,#-28] - eor $i1,$i1,$s3 @ rk[10]=rk[4]^rk[9] - eor $i3,$i2,$i1 @ rk[11]=rk[5]^rk[10] - str $i1,[$key,#-8] - str $i3,[$key,#-4] - b .L192_loop - -.Lnot192: -#if __ARM_ARCH__<7 - ldrb $i2,[$rounds,#27] - ldrb $t1,[$rounds,#26] - ldrb $t2,[$rounds,#25] - ldrb $t3,[$rounds,#24] - orr $i2,$i2,$t1,lsl#8 - ldrb $i3,[$rounds,#31] - orr $i2,$i2,$t2,lsl#16 - ldrb $t1,[$rounds,#30] - orr $i2,$i2,$t3,lsl#24 - ldrb $t2,[$rounds,#29] - ldrb $t3,[$rounds,#28] - orr $i3,$i3,$t1,lsl#8 - orr $i3,$i3,$t2,lsl#16 - str $i2,[$key],#8 - orr $i3,$i3,$t3,lsl#24 - str $i3,[$key,#-4] -#else - ldr $i2,[$rounds,#24] - ldr $i3,[$rounds,#28] -#ifdef __ARMEL__ - rev $i2,$i2 - rev $i3,$i3 -#endif - str $i2,[$key],#8 - str $i3,[$key,#-4] -#endif - - mov $rounds,#14 - str $rounds,[$key,#240-32] - add $t3,$tbl,#256 @ rcon - mov lr,#255 - mov $rounds,#7 - -.L256_loop: - and $t2,lr,$i3,lsr#24 - and $i1,lr,$i3,lsr#16 - ldrb $t2,[$tbl,$t2] - and $i2,lr,$i3,lsr#8 - ldrb $i1,[$tbl,$i1] - and $i3,lr,$i3 - ldrb $i2,[$tbl,$i2] - orr $t2,$t2,$i1,lsl#24 - ldrb $i3,[$tbl,$i3] - orr $t2,$t2,$i2,lsl#16 - ldr $t1,[$t3],#4 @ rcon[i++] - orr $t2,$t2,$i3,lsl#8 - eor $i3,$t2,$t1 - eor $s0,$s0,$i3 @ rk[8]=rk[0]^... - eor $s1,$s1,$s0 @ rk[9]=rk[1]^rk[8] - str $s0,[$key],#32 - eor $s2,$s2,$s1 @ rk[10]=rk[2]^rk[9] - str $s1,[$key,#-28] - eor $s3,$s3,$s2 @ rk[11]=rk[3]^rk[10] - str $s2,[$key,#-24] - subs $rounds,$rounds,#1 - str $s3,[$key,#-20] -#ifdef __thumb2__ - itt eq @ Thumb2 thing, sanity check in ARM -#endif - subeq r2,$key,#256 - beq .Ldone - - and $t2,lr,$s3 - and $i1,lr,$s3,lsr#8 - ldrb $t2,[$tbl,$t2] - and $i2,lr,$s3,lsr#16 - ldrb $i1,[$tbl,$i1] - and $i3,lr,$s3,lsr#24 - ldrb $i2,[$tbl,$i2] - orr $t2,$t2,$i1,lsl#8 - ldrb $i3,[$tbl,$i3] - orr $t2,$t2,$i2,lsl#16 - ldr $t1,[$key,#-48] - orr $t2,$t2,$i3,lsl#24 - - ldr $i1,[$key,#-44] - ldr $i2,[$key,#-40] - eor $t1,$t1,$t2 @ rk[12]=rk[4]^... - ldr $i3,[$key,#-36] - eor $i1,$i1,$t1 @ rk[13]=rk[5]^rk[12] - str $t1,[$key,#-16] - eor $i2,$i2,$i1 @ rk[14]=rk[6]^rk[13] - str $i1,[$key,#-12] - eor $i3,$i3,$i2 @ rk[15]=rk[7]^rk[14] - str $i2,[$key,#-8] - str $i3,[$key,#-4] - b .L256_loop - -.align 2 -.Ldone: mov r0,#0 - ldmia sp!,{r4-r12,lr} -.Labrt: -#if __ARM_ARCH__>=5 - ret @ bx lr -#else - tst lr,#1 - moveq pc,lr @ be binary compatible with V4, yet - bx lr @ interoperable with Thumb ISA:-) -#endif -.size AES_set_encrypt_key,.-AES_set_encrypt_key - -.global AES_set_decrypt_key -.type AES_set_decrypt_key,%function -.align 5 -AES_set_decrypt_key: - str lr,[sp,#-4]! @ push lr - bl _armv4_AES_set_encrypt_key - teq r0,#0 - ldr lr,[sp],#4 @ pop lr - bne .Labrt - - mov r0,r2 @ AES_set_encrypt_key preserves r2, - mov r1,r2 @ which is AES_KEY *key - b _armv4_AES_set_enc2dec_key -.size AES_set_decrypt_key,.-AES_set_decrypt_key - -@ void AES_set_enc2dec_key(const AES_KEY *inp,AES_KEY *out) -.global AES_set_enc2dec_key -.type AES_set_enc2dec_key,%function -.align 5 -AES_set_enc2dec_key: -_armv4_AES_set_enc2dec_key: - stmdb sp!,{r4-r12,lr} - - ldr $rounds,[r0,#240] - mov $i1,r0 @ input - add $i2,r0,$rounds,lsl#4 - mov $key,r1 @ output - add $tbl,r1,$rounds,lsl#4 - str $rounds,[r1,#240] - -.Linv: ldr $s0,[$i1],#16 - ldr $s1,[$i1,#-12] - ldr $s2,[$i1,#-8] - ldr $s3,[$i1,#-4] - ldr $t1,[$i2],#-16 - ldr $t2,[$i2,#16+4] - ldr $t3,[$i2,#16+8] - ldr $i3,[$i2,#16+12] - str $s0,[$tbl],#-16 - str $s1,[$tbl,#16+4] - str $s2,[$tbl,#16+8] - str $s3,[$tbl,#16+12] - str $t1,[$key],#16 - str $t2,[$key,#-12] - str $t3,[$key,#-8] - str $i3,[$key,#-4] - teq $i1,$i2 - bne .Linv - - ldr $s0,[$i1] - ldr $s1,[$i1,#4] - ldr $s2,[$i1,#8] - ldr $s3,[$i1,#12] - str $s0,[$key] - str $s1,[$key,#4] - str $s2,[$key,#8] - str $s3,[$key,#12] - sub $key,$key,$rounds,lsl#3 -___ -$mask80=$i1; -$mask1b=$i2; -$mask7f=$i3; -$code.=<<___; - ldr $s0,[$key,#16]! @ prefetch tp1 - mov $mask80,#0x80 - mov $mask1b,#0x1b - orr $mask80,$mask80,#0x8000 - orr $mask1b,$mask1b,#0x1b00 - orr $mask80,$mask80,$mask80,lsl#16 - orr $mask1b,$mask1b,$mask1b,lsl#16 - sub $rounds,$rounds,#1 - mvn $mask7f,$mask80 - mov $rounds,$rounds,lsl#2 @ (rounds-1)*4 - -.Lmix: and $t1,$s0,$mask80 - and $s1,$s0,$mask7f - sub $t1,$t1,$t1,lsr#7 - and $t1,$t1,$mask1b - eor $s1,$t1,$s1,lsl#1 @ tp2 - - and $t1,$s1,$mask80 - and $s2,$s1,$mask7f - sub $t1,$t1,$t1,lsr#7 - and $t1,$t1,$mask1b - eor $s2,$t1,$s2,lsl#1 @ tp4 - - and $t1,$s2,$mask80 - and $s3,$s2,$mask7f - sub $t1,$t1,$t1,lsr#7 - and $t1,$t1,$mask1b - eor $s3,$t1,$s3,lsl#1 @ tp8 - - eor $t1,$s1,$s2 - eor $t2,$s0,$s3 @ tp9 - eor $t1,$t1,$s3 @ tpe - eor $t1,$t1,$s1,ror#24 - eor $t1,$t1,$t2,ror#24 @ ^= ROTATE(tpb=tp9^tp2,8) - eor $t1,$t1,$s2,ror#16 - eor $t1,$t1,$t2,ror#16 @ ^= ROTATE(tpd=tp9^tp4,16) - eor $t1,$t1,$t2,ror#8 @ ^= ROTATE(tp9,24) - - ldr $s0,[$key,#4] @ prefetch tp1 - str $t1,[$key],#4 - subs $rounds,$rounds,#1 - bne .Lmix - - mov r0,#0 -#if __ARM_ARCH__>=5 - ldmia sp!,{r4-r12,pc} -#else - ldmia sp!,{r4-r12,lr} - tst lr,#1 - moveq pc,lr @ be binary compatible with V4, yet - bx lr @ interoperable with Thumb ISA:-) -#endif -.size AES_set_enc2dec_key,.-AES_set_enc2dec_key - -.type AES_Td,%object -.align 5 -AES_Td: -.word 0x51f4a750, 0x7e416553, 0x1a17a4c3, 0x3a275e96 -.word 0x3bab6bcb, 0x1f9d45f1, 0xacfa58ab, 0x4be30393 -.word 0x2030fa55, 0xad766df6, 0x88cc7691, 0xf5024c25 -.word 0x4fe5d7fc, 0xc52acbd7, 0x26354480, 0xb562a38f -.word 0xdeb15a49, 0x25ba1b67, 0x45ea0e98, 0x5dfec0e1 -.word 0xc32f7502, 0x814cf012, 0x8d4697a3, 0x6bd3f9c6 -.word 0x038f5fe7, 0x15929c95, 0xbf6d7aeb, 0x955259da -.word 0xd4be832d, 0x587421d3, 0x49e06929, 0x8ec9c844 -.word 0x75c2896a, 0xf48e7978, 0x99583e6b, 0x27b971dd -.word 0xbee14fb6, 0xf088ad17, 0xc920ac66, 0x7dce3ab4 -.word 0x63df4a18, 0xe51a3182, 0x97513360, 0x62537f45 -.word 0xb16477e0, 0xbb6bae84, 0xfe81a01c, 0xf9082b94 -.word 0x70486858, 0x8f45fd19, 0x94de6c87, 0x527bf8b7 -.word 0xab73d323, 0x724b02e2, 0xe31f8f57, 0x6655ab2a -.word 0xb2eb2807, 0x2fb5c203, 0x86c57b9a, 0xd33708a5 -.word 0x302887f2, 0x23bfa5b2, 0x02036aba, 0xed16825c -.word 0x8acf1c2b, 0xa779b492, 0xf307f2f0, 0x4e69e2a1 -.word 0x65daf4cd, 0x0605bed5, 0xd134621f, 0xc4a6fe8a -.word 0x342e539d, 0xa2f355a0, 0x058ae132, 0xa4f6eb75 -.word 0x0b83ec39, 0x4060efaa, 0x5e719f06, 0xbd6e1051 -.word 0x3e218af9, 0x96dd063d, 0xdd3e05ae, 0x4de6bd46 -.word 0x91548db5, 0x71c45d05, 0x0406d46f, 0x605015ff -.word 0x1998fb24, 0xd6bde997, 0x894043cc, 0x67d99e77 -.word 0xb0e842bd, 0x07898b88, 0xe7195b38, 0x79c8eedb -.word 0xa17c0a47, 0x7c420fe9, 0xf8841ec9, 0x00000000 -.word 0x09808683, 0x322bed48, 0x1e1170ac, 0x6c5a724e -.word 0xfd0efffb, 0x0f853856, 0x3daed51e, 0x362d3927 -.word 0x0a0fd964, 0x685ca621, 0x9b5b54d1, 0x24362e3a -.word 0x0c0a67b1, 0x9357e70f, 0xb4ee96d2, 0x1b9b919e -.word 0x80c0c54f, 0x61dc20a2, 0x5a774b69, 0x1c121a16 -.word 0xe293ba0a, 0xc0a02ae5, 0x3c22e043, 0x121b171d -.word 0x0e090d0b, 0xf28bc7ad, 0x2db6a8b9, 0x141ea9c8 -.word 0x57f11985, 0xaf75074c, 0xee99ddbb, 0xa37f60fd -.word 0xf701269f, 0x5c72f5bc, 0x44663bc5, 0x5bfb7e34 -.word 0x8b432976, 0xcb23c6dc, 0xb6edfc68, 0xb8e4f163 -.word 0xd731dcca, 0x42638510, 0x13972240, 0x84c61120 -.word 0x854a247d, 0xd2bb3df8, 0xaef93211, 0xc729a16d -.word 0x1d9e2f4b, 0xdcb230f3, 0x0d8652ec, 0x77c1e3d0 -.word 0x2bb3166c, 0xa970b999, 0x119448fa, 0x47e96422 -.word 0xa8fc8cc4, 0xa0f03f1a, 0x567d2cd8, 0x223390ef -.word 0x87494ec7, 0xd938d1c1, 0x8ccaa2fe, 0x98d40b36 -.word 0xa6f581cf, 0xa57ade28, 0xdab78e26, 0x3fadbfa4 -.word 0x2c3a9de4, 0x5078920d, 0x6a5fcc9b, 0x547e4662 -.word 0xf68d13c2, 0x90d8b8e8, 0x2e39f75e, 0x82c3aff5 -.word 0x9f5d80be, 0x69d0937c, 0x6fd52da9, 0xcf2512b3 -.word 0xc8ac993b, 0x10187da7, 0xe89c636e, 0xdb3bbb7b -.word 0xcd267809, 0x6e5918f4, 0xec9ab701, 0x834f9aa8 -.word 0xe6956e65, 0xaaffe67e, 0x21bccf08, 0xef15e8e6 -.word 0xbae79bd9, 0x4a6f36ce, 0xea9f09d4, 0x29b07cd6 -.word 0x31a4b2af, 0x2a3f2331, 0xc6a59430, 0x35a266c0 -.word 0x744ebc37, 0xfc82caa6, 0xe090d0b0, 0x33a7d815 -.word 0xf104984a, 0x41ecdaf7, 0x7fcd500e, 0x1791f62f -.word 0x764dd68d, 0x43efb04d, 0xccaa4d54, 0xe49604df -.word 0x9ed1b5e3, 0x4c6a881b, 0xc12c1fb8, 0x4665517f -.word 0x9d5eea04, 0x018c355d, 0xfa877473, 0xfb0b412e -.word 0xb3671d5a, 0x92dbd252, 0xe9105633, 0x6dd64713 -.word 0x9ad7618c, 0x37a10c7a, 0x59f8148e, 0xeb133c89 -.word 0xcea927ee, 0xb761c935, 0xe11ce5ed, 0x7a47b13c -.word 0x9cd2df59, 0x55f2733f, 0x1814ce79, 0x73c737bf -.word 0x53f7cdea, 0x5ffdaa5b, 0xdf3d6f14, 0x7844db86 -.word 0xcaaff381, 0xb968c43e, 0x3824342c, 0xc2a3405f -.word 0x161dc372, 0xbce2250c, 0x283c498b, 0xff0d9541 -.word 0x39a80171, 0x080cb3de, 0xd8b4e49c, 0x6456c190 -.word 0x7bcb8461, 0xd532b670, 0x486c5c74, 0xd0b85742 -@ Td4[256] -.byte 0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38 -.byte 0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb -.byte 0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87 -.byte 0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb -.byte 0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d -.byte 0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e -.byte 0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2 -.byte 0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25 -.byte 0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16 -.byte 0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92 -.byte 0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda -.byte 0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84 -.byte 0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a -.byte 0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06 -.byte 0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02 -.byte 0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b -.byte 0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea -.byte 0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73 -.byte 0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85 -.byte 0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e -.byte 0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89 -.byte 0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b -.byte 0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20 -.byte 0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4 -.byte 0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31 -.byte 0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f -.byte 0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d -.byte 0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef -.byte 0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0 -.byte 0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61 -.byte 0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26 -.byte 0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d -.size AES_Td,.-AES_Td - -@ void AES_decrypt(const unsigned char *in, unsigned char *out, -@ const AES_KEY *key) { -.global AES_decrypt -.type AES_decrypt,%function -.align 5 -AES_decrypt: -#ifndef __thumb2__ - sub r3,pc,#8 @ AES_decrypt -#else - adr r3,. -#endif - stmdb sp!,{r1,r4-r12,lr} -#if defined(__thumb2__) || defined(__APPLE__) - adr $tbl,AES_Td -#else - sub $tbl,r3,#AES_decrypt-AES_Td @ Td -#endif - mov $rounds,r0 @ inp - mov $key,r2 -#if __ARM_ARCH__<7 - ldrb $s0,[$rounds,#3] @ load input data in endian-neutral - ldrb $t1,[$rounds,#2] @ manner... - ldrb $t2,[$rounds,#1] - ldrb $t3,[$rounds,#0] - orr $s0,$s0,$t1,lsl#8 - ldrb $s1,[$rounds,#7] - orr $s0,$s0,$t2,lsl#16 - ldrb $t1,[$rounds,#6] - orr $s0,$s0,$t3,lsl#24 - ldrb $t2,[$rounds,#5] - ldrb $t3,[$rounds,#4] - orr $s1,$s1,$t1,lsl#8 - ldrb $s2,[$rounds,#11] - orr $s1,$s1,$t2,lsl#16 - ldrb $t1,[$rounds,#10] - orr $s1,$s1,$t3,lsl#24 - ldrb $t2,[$rounds,#9] - ldrb $t3,[$rounds,#8] - orr $s2,$s2,$t1,lsl#8 - ldrb $s3,[$rounds,#15] - orr $s2,$s2,$t2,lsl#16 - ldrb $t1,[$rounds,#14] - orr $s2,$s2,$t3,lsl#24 - ldrb $t2,[$rounds,#13] - ldrb $t3,[$rounds,#12] - orr $s3,$s3,$t1,lsl#8 - orr $s3,$s3,$t2,lsl#16 - orr $s3,$s3,$t3,lsl#24 -#else - ldr $s0,[$rounds,#0] - ldr $s1,[$rounds,#4] - ldr $s2,[$rounds,#8] - ldr $s3,[$rounds,#12] -#ifdef __ARMEL__ - rev $s0,$s0 - rev $s1,$s1 - rev $s2,$s2 - rev $s3,$s3 -#endif -#endif - bl _armv4_AES_decrypt - - ldr $rounds,[sp],#4 @ pop out -#if __ARM_ARCH__>=7 -#ifdef __ARMEL__ - rev $s0,$s0 - rev $s1,$s1 - rev $s2,$s2 - rev $s3,$s3 -#endif - str $s0,[$rounds,#0] - str $s1,[$rounds,#4] - str $s2,[$rounds,#8] - str $s3,[$rounds,#12] -#else - mov $t1,$s0,lsr#24 @ write output in endian-neutral - mov $t2,$s0,lsr#16 @ manner... - mov $t3,$s0,lsr#8 - strb $t1,[$rounds,#0] - strb $t2,[$rounds,#1] - mov $t1,$s1,lsr#24 - strb $t3,[$rounds,#2] - mov $t2,$s1,lsr#16 - strb $s0,[$rounds,#3] - mov $t3,$s1,lsr#8 - strb $t1,[$rounds,#4] - strb $t2,[$rounds,#5] - mov $t1,$s2,lsr#24 - strb $t3,[$rounds,#6] - mov $t2,$s2,lsr#16 - strb $s1,[$rounds,#7] - mov $t3,$s2,lsr#8 - strb $t1,[$rounds,#8] - strb $t2,[$rounds,#9] - mov $t1,$s3,lsr#24 - strb $t3,[$rounds,#10] - mov $t2,$s3,lsr#16 - strb $s2,[$rounds,#11] - mov $t3,$s3,lsr#8 - strb $t1,[$rounds,#12] - strb $t2,[$rounds,#13] - strb $t3,[$rounds,#14] - strb $s3,[$rounds,#15] -#endif -#if __ARM_ARCH__>=5 - ldmia sp!,{r4-r12,pc} -#else - ldmia sp!,{r4-r12,lr} - tst lr,#1 - moveq pc,lr @ be binary compatible with V4, yet - bx lr @ interoperable with Thumb ISA:-) -#endif -.size AES_decrypt,.-AES_decrypt - -.type _armv4_AES_decrypt,%function -.align 2 -_armv4_AES_decrypt: - str lr,[sp,#-4]! @ push lr - ldmia $key!,{$t1-$i1} - eor $s0,$s0,$t1 - ldr $rounds,[$key,#240-16] - eor $s1,$s1,$t2 - eor $s2,$s2,$t3 - eor $s3,$s3,$i1 - sub $rounds,$rounds,#1 - mov lr,#255 - - and $i1,lr,$s0,lsr#16 - and $i2,lr,$s0,lsr#8 - and $i3,lr,$s0 - mov $s0,$s0,lsr#24 -.Ldec_loop: - ldr $t1,[$tbl,$i1,lsl#2] @ Td1[s0>>16] - and $i1,lr,$s1 @ i0 - ldr $t2,[$tbl,$i2,lsl#2] @ Td2[s0>>8] - and $i2,lr,$s1,lsr#16 - ldr $t3,[$tbl,$i3,lsl#2] @ Td3[s0>>0] - and $i3,lr,$s1,lsr#8 - ldr $s0,[$tbl,$s0,lsl#2] @ Td0[s0>>24] - mov $s1,$s1,lsr#24 - - ldr $i1,[$tbl,$i1,lsl#2] @ Td3[s1>>0] - ldr $i2,[$tbl,$i2,lsl#2] @ Td1[s1>>16] - ldr $i3,[$tbl,$i3,lsl#2] @ Td2[s1>>8] - eor $s0,$s0,$i1,ror#24 - ldr $s1,[$tbl,$s1,lsl#2] @ Td0[s1>>24] - and $i1,lr,$s2,lsr#8 @ i0 - eor $t2,$i2,$t2,ror#8 - and $i2,lr,$s2 @ i1 - eor $t3,$i3,$t3,ror#8 - and $i3,lr,$s2,lsr#16 - ldr $i1,[$tbl,$i1,lsl#2] @ Td2[s2>>8] - eor $s1,$s1,$t1,ror#8 - ldr $i2,[$tbl,$i2,lsl#2] @ Td3[s2>>0] - mov $s2,$s2,lsr#24 - - ldr $i3,[$tbl,$i3,lsl#2] @ Td1[s2>>16] - eor $s0,$s0,$i1,ror#16 - ldr $s2,[$tbl,$s2,lsl#2] @ Td0[s2>>24] - and $i1,lr,$s3,lsr#16 @ i0 - eor $s1,$s1,$i2,ror#24 - and $i2,lr,$s3,lsr#8 @ i1 - eor $t3,$i3,$t3,ror#8 - and $i3,lr,$s3 @ i2 - ldr $i1,[$tbl,$i1,lsl#2] @ Td1[s3>>16] - eor $s2,$s2,$t2,ror#8 - ldr $i2,[$tbl,$i2,lsl#2] @ Td2[s3>>8] - mov $s3,$s3,lsr#24 - - ldr $i3,[$tbl,$i3,lsl#2] @ Td3[s3>>0] - eor $s0,$s0,$i1,ror#8 - ldr $i1,[$key],#16 - eor $s1,$s1,$i2,ror#16 - ldr $s3,[$tbl,$s3,lsl#2] @ Td0[s3>>24] - eor $s2,$s2,$i3,ror#24 - - ldr $t1,[$key,#-12] - eor $s0,$s0,$i1 - ldr $t2,[$key,#-8] - eor $s3,$s3,$t3,ror#8 - ldr $t3,[$key,#-4] - and $i1,lr,$s0,lsr#16 - eor $s1,$s1,$t1 - and $i2,lr,$s0,lsr#8 - eor $s2,$s2,$t2 - and $i3,lr,$s0 - eor $s3,$s3,$t3 - mov $s0,$s0,lsr#24 - - subs $rounds,$rounds,#1 - bne .Ldec_loop - - add $tbl,$tbl,#1024 - - ldr $t2,[$tbl,#0] @ prefetch Td4 - ldr $t3,[$tbl,#32] - ldr $t1,[$tbl,#64] - ldr $t2,[$tbl,#96] - ldr $t3,[$tbl,#128] - ldr $t1,[$tbl,#160] - ldr $t2,[$tbl,#192] - ldr $t3,[$tbl,#224] - - ldrb $s0,[$tbl,$s0] @ Td4[s0>>24] - ldrb $t1,[$tbl,$i1] @ Td4[s0>>16] - and $i1,lr,$s1 @ i0 - ldrb $t2,[$tbl,$i2] @ Td4[s0>>8] - and $i2,lr,$s1,lsr#16 - ldrb $t3,[$tbl,$i3] @ Td4[s0>>0] - and $i3,lr,$s1,lsr#8 - - add $s1,$tbl,$s1,lsr#24 - ldrb $i1,[$tbl,$i1] @ Td4[s1>>0] - ldrb $s1,[$s1] @ Td4[s1>>24] - ldrb $i2,[$tbl,$i2] @ Td4[s1>>16] - eor $s0,$i1,$s0,lsl#24 - ldrb $i3,[$tbl,$i3] @ Td4[s1>>8] - eor $s1,$t1,$s1,lsl#8 - and $i1,lr,$s2,lsr#8 @ i0 - eor $t2,$t2,$i2,lsl#8 - and $i2,lr,$s2 @ i1 - ldrb $i1,[$tbl,$i1] @ Td4[s2>>8] - eor $t3,$t3,$i3,lsl#8 - ldrb $i2,[$tbl,$i2] @ Td4[s2>>0] - and $i3,lr,$s2,lsr#16 - - add $s2,$tbl,$s2,lsr#24 - ldrb $s2,[$s2] @ Td4[s2>>24] - eor $s0,$s0,$i1,lsl#8 - ldrb $i3,[$tbl,$i3] @ Td4[s2>>16] - eor $s1,$i2,$s1,lsl#16 - and $i1,lr,$s3,lsr#16 @ i0 - eor $s2,$t2,$s2,lsl#16 - and $i2,lr,$s3,lsr#8 @ i1 - ldrb $i1,[$tbl,$i1] @ Td4[s3>>16] - eor $t3,$t3,$i3,lsl#16 - ldrb $i2,[$tbl,$i2] @ Td4[s3>>8] - and $i3,lr,$s3 @ i2 - - add $s3,$tbl,$s3,lsr#24 - ldrb $i3,[$tbl,$i3] @ Td4[s3>>0] - ldrb $s3,[$s3] @ Td4[s3>>24] - eor $s0,$s0,$i1,lsl#16 - ldr $i1,[$key,#0] - eor $s1,$s1,$i2,lsl#8 - ldr $t1,[$key,#4] - eor $s2,$i3,$s2,lsl#8 - ldr $t2,[$key,#8] - eor $s3,$t3,$s3,lsl#24 - ldr $t3,[$key,#12] - - eor $s0,$s0,$i1 - eor $s1,$s1,$t1 - eor $s2,$s2,$t2 - eor $s3,$s3,$t3 - - sub $tbl,$tbl,#1024 - ldr pc,[sp],#4 @ pop and return -.size _armv4_AES_decrypt,.-_armv4_AES_decrypt -.asciz "AES for ARMv4, CRYPTOGAMS by " -.align 2 -___ - -$code =~ s/\bbx\s+lr\b/.word\t0xe12fff1e/gm; # make it possible to compile with -march=armv4 -$code =~ s/\bret\b/bx\tlr/gm; - -open SELF,$0; -while() { - next if (/^#!/); - last if (!s/^#/@/ and !/^$/); - print; -} -close SELF; - -print $code; -close STDOUT or die "error closing STDOUT: $!"; # enforce flush diff --git a/crypto/aes/asm/aes-c64xplus.pl b/crypto/aes/asm/aes-c64xplus.pl deleted file mode 100644 index fa9a132d90fb14846990e4485fc7518b762afc5d..0000000000000000000000000000000000000000 --- a/crypto/aes/asm/aes-c64xplus.pl +++ /dev/null @@ -1,1381 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2012-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - -# -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# ==================================================================== -# -# [Endian-neutral] AES for C64x+. -# -# Even though SPLOOPs are scheduled for 13 cycles, and thus expected -# performance is ~8.5 cycles per byte processed with 128-bit key, -# measured performance turned to be ~10 cycles per byte. Discrepancy -# must be caused by limitations of L1D memory banking(*), see SPRU871 -# TI publication for further details. If any consolation it's still -# ~20% faster than TI's linear assembly module anyway... Compared to -# aes_core.c compiled with cl6x 6.0 with -mv6400+ -o2 options this -# code is 3.75x faster and almost 3x smaller (tables included). -# -# (*) This means that there might be subtle correlation between data -# and timing and one can wonder if it can be ... attacked:-( -# On the other hand this also means that *if* one chooses to -# implement *4* T-tables variant [instead of 1 T-table as in -# this implementation, or in addition to], then one ought to -# *interleave* them. Even though it complicates addressing, -# references to interleaved tables would be guaranteed not to -# clash. I reckon that it should be possible to break 8 cycles -# per byte "barrier," i.e. improve by ~20%, naturally at the -# cost of 8x increased pressure on L1D. 8x because you'd have -# to interleave both Te and Td tables... - -$output = pop and open STDOUT,">$output"; - -($TEA,$TEB)=("A5","B5"); -($KPA,$KPB)=("A3","B1"); -@K=("A6","B6","A7","B7"); -@s=("A8","B8","A9","B9"); -@Te0=@Td0=("A16","B16","A17","B17"); -@Te1=@Td1=("A18","B18","A19","B19"); -@Te2=@Td2=("A20","B20","A21","B21"); -@Te3=@Td3=("A22","B22","A23","B23"); - -$code=<<___; - .text - - .if .ASSEMBLER_VERSION<7000000 - .asg 0,__TI_EABI__ - .endif - .if __TI_EABI__ - .nocmp - .asg AES_encrypt,_AES_encrypt - .asg AES_decrypt,_AES_decrypt - .asg AES_set_encrypt_key,_AES_set_encrypt_key - .asg AES_set_decrypt_key,_AES_set_decrypt_key - .asg AES_ctr32_encrypt,_AES_ctr32_encrypt - .endif - - .asg B3,RA - .asg A4,INP - .asg B4,OUT - .asg A6,KEY - .asg A4,RET - .asg B15,SP - - .eval 24,EXT0 - .eval 16,EXT1 - .eval 8,EXT2 - .eval 0,EXT3 - .eval 8,TBL1 - .eval 16,TBL2 - .eval 24,TBL3 - - .if .BIG_ENDIAN - .eval 24-EXT0,EXT0 - .eval 24-EXT1,EXT1 - .eval 24-EXT2,EXT2 - .eval 24-EXT3,EXT3 - .eval 32-TBL1,TBL1 - .eval 32-TBL2,TBL2 - .eval 32-TBL3,TBL3 - .endif - - .global _AES_encrypt -_AES_encrypt: - .asmfunc - MVK 1,B2 -__encrypt: - .if __TI_EABI__ - [B2] LDNDW *INP++,A9:A8 ; load input -|| MVKL \$PCR_OFFSET(AES_Te,__encrypt),$TEA -|| ADDKPC __encrypt,B0 - [B2] LDNDW *INP++,B9:B8 -|| MVKH \$PCR_OFFSET(AES_Te,__encrypt),$TEA -|| ADD 0,KEY,$KPA -|| ADD 4,KEY,$KPB - .else - [B2] LDNDW *INP++,A9:A8 ; load input -|| MVKL (AES_Te-__encrypt),$TEA -|| ADDKPC __encrypt,B0 - [B2] LDNDW *INP++,B9:B8 -|| MVKH (AES_Te-__encrypt),$TEA -|| ADD 0,KEY,$KPA -|| ADD 4,KEY,$KPB - .endif - LDW *$KPA++[2],$Te0[0] ; zero round key -|| LDW *$KPB++[2],$Te0[1] -|| MVK 60,A0 -|| ADD B0,$TEA,$TEA ; AES_Te - LDW *KEY[A0],B0 ; rounds -|| MVK 1024,A0 ; sizeof(AES_Te) - LDW *$KPA++[2],$Te0[2] -|| LDW *$KPB++[2],$Te0[3] -|| MV $TEA,$TEB - NOP - .if .BIG_ENDIAN - MV A9,$s[0] -|| MV A8,$s[1] -|| MV B9,$s[2] -|| MV B8,$s[3] - .else - MV A8,$s[0] -|| MV A9,$s[1] -|| MV B8,$s[2] -|| MV B9,$s[3] - .endif - XOR $Te0[0],$s[0],$s[0] -|| XOR $Te0[1],$s[1],$s[1] -|| LDW *$KPA++[2],$K[0] ; 1st round key -|| LDW *$KPB++[2],$K[1] - SUB B0,2,B0 - - SPLOOPD 13 -|| MVC B0,ILC -|| LDW *$KPA++[2],$K[2] -|| LDW *$KPB++[2],$K[3] -;;==================================================================== - EXTU $s[1],EXT1,24,$Te1[1] -|| EXTU $s[0],EXT3,24,$Te3[0] - LDW *${TEB}[$Te1[1]],$Te1[1] ; Te1[s1>>8], t0 -|| LDW *${TEA}[$Te3[0]],$Te3[0] ; Te3[s0>>24], t1 -|| XOR $s[2],$Te0[2],$s[2] ; modulo-scheduled -|| XOR $s[3],$Te0[3],$s[3] ; modulo-scheduled -|| EXTU $s[1],EXT3,24,$Te3[1] -|| EXTU $s[0],EXT1,24,$Te1[0] - LDW *${TEB}[$Te3[1]],$Te3[1] ; Te3[s1>>24], t2 -|| LDW *${TEA}[$Te1[0]],$Te1[0] ; Te1[s0>>8], t3 -|| EXTU $s[2],EXT2,24,$Te2[2] -|| EXTU $s[3],EXT2,24,$Te2[3] - LDW *${TEA}[$Te2[2]],$Te2[2] ; Te2[s2>>16], t0 -|| LDW *${TEB}[$Te2[3]],$Te2[3] ; Te2[s3>>16], t1 -|| EXTU $s[3],EXT3,24,$Te3[3] -|| EXTU $s[2],EXT1,24,$Te1[2] - LDW *${TEB}[$Te3[3]],$Te3[3] ; Te3[s3>>24], t0 -|| LDW *${TEA}[$Te1[2]],$Te1[2] ; Te1[s2>>8], t1 -|| EXTU $s[0],EXT2,24,$Te2[0] -|| EXTU $s[1],EXT2,24,$Te2[1] - LDW *${TEA}[$Te2[0]],$Te2[0] ; Te2[s0>>16], t2 -|| LDW *${TEB}[$Te2[1]],$Te2[1] ; Te2[s1>>16], t3 -|| EXTU $s[3],EXT1,24,$Te1[3] -|| EXTU $s[2],EXT3,24,$Te3[2] - LDW *${TEB}[$Te1[3]],$Te1[3] ; Te1[s3>>8], t2 -|| LDW *${TEA}[$Te3[2]],$Te3[2] ; Te3[s2>>24], t3 -|| ROTL $Te1[1],TBL1,$Te3[0] ; t0 -|| ROTL $Te3[0],TBL3,$Te1[1] ; t1 -|| EXTU $s[0],EXT0,24,$Te0[0] -|| EXTU $s[1],EXT0,24,$Te0[1] - LDW *${TEA}[$Te0[0]],$Te0[0] ; Te0[s0], t0 -|| LDW *${TEB}[$Te0[1]],$Te0[1] ; Te0[s1], t1 -|| ROTL $Te3[1],TBL3,$Te1[0] ; t2 -|| ROTL $Te1[0],TBL1,$Te3[1] ; t3 -|| EXTU $s[2],EXT0,24,$Te0[2] -|| EXTU $s[3],EXT0,24,$Te0[3] - LDW *${TEA}[$Te0[2]],$Te0[2] ; Te0[s2], t2 -|| LDW *${TEB}[$Te0[3]],$Te0[3] ; Te0[s3], t3 -|| ROTL $Te2[2],TBL2,$Te2[2] ; t0 -|| ROTL $Te2[3],TBL2,$Te2[3] ; t1 -|| XOR $K[0],$Te3[0],$s[0] -|| XOR $K[1],$Te1[1],$s[1] - ROTL $Te3[3],TBL3,$Te1[2] ; t0 -|| ROTL $Te1[2],TBL1,$Te3[3] ; t1 -|| XOR $K[2],$Te1[0],$s[2] -|| XOR $K[3],$Te3[1],$s[3] -|| LDW *$KPA++[2],$K[0] ; next round key -|| LDW *$KPB++[2],$K[1] - ROTL $Te2[0],TBL2,$Te2[0] ; t2 -|| ROTL $Te2[1],TBL2,$Te2[1] ; t3 -|| XOR $s[0],$Te2[2],$s[0] -|| XOR $s[1],$Te2[3],$s[1] -|| LDW *$KPA++[2],$K[2] -|| LDW *$KPB++[2],$K[3] - ROTL $Te1[3],TBL1,$Te3[2] ; t2 -|| ROTL $Te3[2],TBL3,$Te1[3] ; t3 -|| XOR $s[0],$Te1[2],$s[0] -|| XOR $s[1],$Te3[3],$s[1] - XOR $s[2],$Te2[0],$s[2] -|| XOR $s[3],$Te2[1],$s[3] -|| XOR $s[0],$Te0[0],$s[0] -|| XOR $s[1],$Te0[1],$s[1] - SPKERNEL -|| XOR.L $s[2],$Te3[2],$s[2] -|| XOR.L $s[3],$Te1[3],$s[3] -;;==================================================================== - ADD.D ${TEA},A0,${TEA} ; point to Te4 -|| ADD.D ${TEB},A0,${TEB} -|| EXTU $s[1],EXT1,24,$Te1[1] -|| EXTU $s[0],EXT3,24,$Te3[0] - LDBU *${TEB}[$Te1[1]],$Te1[1] ; Te1[s1>>8], t0 -|| LDBU *${TEA}[$Te3[0]],$Te3[0] ; Te3[s0>>24], t1 -|| XOR $s[2],$Te0[2],$s[2] ; modulo-scheduled -|| XOR $s[3],$Te0[3],$s[3] ; modulo-scheduled -|| EXTU $s[0],EXT0,24,$Te0[0] -|| EXTU $s[1],EXT0,24,$Te0[1] - LDBU *${TEA}[$Te0[0]],$Te0[0] ; Te0[s0], t0 -|| LDBU *${TEB}[$Te0[1]],$Te0[1] ; Te0[s1], t1 -|| EXTU $s[3],EXT3,24,$Te3[3] -|| EXTU $s[2],EXT1,24,$Te1[2] - LDBU *${TEB}[$Te3[3]],$Te3[3] ; Te3[s3>>24], t0 -|| LDBU *${TEA}[$Te1[2]],$Te1[2] ; Te1[s2>>8], t1 -|| EXTU $s[2],EXT2,24,$Te2[2] -|| EXTU $s[3],EXT2,24,$Te2[3] - LDBU *${TEA}[$Te2[2]],$Te2[2] ; Te2[s2>>16], t0 -|| LDBU *${TEB}[$Te2[3]],$Te2[3] ; Te2[s3>>16], t1 -|| EXTU $s[1],EXT3,24,$Te3[1] -|| EXTU $s[0],EXT1,24,$Te1[0] - LDBU *${TEB}[$Te3[1]],$Te3[1] ; Te3[s1>>24], t2 -|| LDBU *${TEA}[$Te1[0]],$Te1[0] ; Te1[s0>>8], t3 -|| EXTU $s[3],EXT1,24,$Te1[3] -|| EXTU $s[2],EXT3,24,$Te3[2] - LDBU *${TEB}[$Te1[3]],$Te1[3] ; Te1[s3>>8], t2 -|| LDBU *${TEA}[$Te3[2]],$Te3[2] ; Te3[s2>>24], t3 -|| EXTU $s[2],EXT0,24,$Te0[2] -|| EXTU $s[3],EXT0,24,$Te0[3] - LDBU *${TEA}[$Te0[2]],$Te0[2] ; Te0[s2], t2 -|| LDBU *${TEB}[$Te0[3]],$Te0[3] ; Te0[s3], t3 -|| EXTU $s[0],EXT2,24,$Te2[0] -|| EXTU $s[1],EXT2,24,$Te2[1] - LDBU *${TEA}[$Te2[0]],$Te2[0] ; Te2[s0>>16], t2 -|| LDBU *${TEB}[$Te2[1]],$Te2[1] ; Te2[s1>>16], t3 - - .if .BIG_ENDIAN - PACK2 $Te0[0],$Te1[1],$Te0[0] -|| PACK2 $Te0[1],$Te1[2],$Te0[1] - PACK2 $Te2[2],$Te3[3],$Te2[2] -|| PACK2 $Te2[3],$Te3[0],$Te2[3] - PACKL4 $Te0[0],$Te2[2],$Te0[0] -|| PACKL4 $Te0[1],$Te2[3],$Te0[1] - XOR $K[0],$Te0[0],$Te0[0] ; s[0] -|| XOR $K[1],$Te0[1],$Te0[1] ; s[1] - - PACK2 $Te0[2],$Te1[3],$Te0[2] -|| PACK2 $Te0[3],$Te1[0],$Te0[3] - PACK2 $Te2[0],$Te3[1],$Te2[0] -|| PACK2 $Te2[1],$Te3[2],$Te2[1] -|| BNOP RA - PACKL4 $Te0[2],$Te2[0],$Te0[2] -|| PACKL4 $Te0[3],$Te2[1],$Te0[3] - XOR $K[2],$Te0[2],$Te0[2] ; s[2] -|| XOR $K[3],$Te0[3],$Te0[3] ; s[3] - - MV $Te0[0],A9 -|| MV $Te0[1],A8 - MV $Te0[2],B9 -|| MV $Te0[3],B8 -|| [B2] STNDW A9:A8,*OUT++ - [B2] STNDW B9:B8,*OUT++ - .else - PACK2 $Te1[1],$Te0[0],$Te1[1] -|| PACK2 $Te1[2],$Te0[1],$Te1[2] - PACK2 $Te3[3],$Te2[2],$Te3[3] -|| PACK2 $Te3[0],$Te2[3],$Te3[0] - PACKL4 $Te3[3],$Te1[1],$Te1[1] -|| PACKL4 $Te3[0],$Te1[2],$Te1[2] - XOR $K[0],$Te1[1],$Te1[1] ; s[0] -|| XOR $K[1],$Te1[2],$Te1[2] ; s[1] - - PACK2 $Te1[3],$Te0[2],$Te1[3] -|| PACK2 $Te1[0],$Te0[3],$Te1[0] - PACK2 $Te3[1],$Te2[0],$Te3[1] -|| PACK2 $Te3[2],$Te2[1],$Te3[2] -|| BNOP RA - PACKL4 $Te3[1],$Te1[3],$Te1[3] -|| PACKL4 $Te3[2],$Te1[0],$Te1[0] - XOR $K[2],$Te1[3],$Te1[3] ; s[2] -|| XOR $K[3],$Te1[0],$Te1[0] ; s[3] - - MV $Te1[1],A8 -|| MV $Te1[2],A9 - MV $Te1[3],B8 -|| MV $Te1[0],B9 -|| [B2] STNDW A9:A8,*OUT++ - [B2] STNDW B9:B8,*OUT++ - .endif - .endasmfunc - - .global _AES_decrypt -_AES_decrypt: - .asmfunc - MVK 1,B2 -__decrypt: - .if __TI_EABI__ - [B2] LDNDW *INP++,A9:A8 ; load input -|| MVKL \$PCR_OFFSET(AES_Td,__decrypt),$TEA -|| ADDKPC __decrypt,B0 - [B2] LDNDW *INP++,B9:B8 -|| MVKH \$PCR_OFFSET(AES_Td,__decrypt),$TEA -|| ADD 0,KEY,$KPA -|| ADD 4,KEY,$KPB - .else - [B2] LDNDW *INP++,A9:A8 ; load input -|| MVKL (AES_Td-__decrypt),$TEA -|| ADDKPC __decrypt,B0 - [B2] LDNDW *INP++,B9:B8 -|| MVKH (AES_Td-__decrypt),$TEA -|| ADD 0,KEY,$KPA -|| ADD 4,KEY,$KPB - .endif - LDW *$KPA++[2],$Td0[0] ; zero round key -|| LDW *$KPB++[2],$Td0[1] -|| MVK 60,A0 -|| ADD B0,$TEA,$TEA ; AES_Td - LDW *KEY[A0],B0 ; rounds -|| MVK 1024,A0 ; sizeof(AES_Td) - LDW *$KPA++[2],$Td0[2] -|| LDW *$KPB++[2],$Td0[3] -|| MV $TEA,$TEB - NOP - .if .BIG_ENDIAN - MV A9,$s[0] -|| MV A8,$s[1] -|| MV B9,$s[2] -|| MV B8,$s[3] - .else - MV A8,$s[0] -|| MV A9,$s[1] -|| MV B8,$s[2] -|| MV B9,$s[3] - .endif - XOR $Td0[0],$s[0],$s[0] -|| XOR $Td0[1],$s[1],$s[1] -|| LDW *$KPA++[2],$K[0] ; 1st round key -|| LDW *$KPB++[2],$K[1] - SUB B0,2,B0 - - SPLOOPD 13 -|| MVC B0,ILC -|| LDW *$KPA++[2],$K[2] -|| LDW *$KPB++[2],$K[3] -;;==================================================================== - EXTU $s[1],EXT3,24,$Td3[1] -|| EXTU $s[0],EXT1,24,$Td1[0] - LDW *${TEB}[$Td3[1]],$Td3[1] ; Td3[s1>>24], t0 -|| LDW *${TEA}[$Td1[0]],$Td1[0] ; Td1[s0>>8], t1 -|| XOR $s[2],$Td0[2],$s[2] ; modulo-scheduled -|| XOR $s[3],$Td0[3],$s[3] ; modulo-scheduled -|| EXTU $s[1],EXT1,24,$Td1[1] -|| EXTU $s[0],EXT3,24,$Td3[0] - LDW *${TEB}[$Td1[1]],$Td1[1] ; Td1[s1>>8], t2 -|| LDW *${TEA}[$Td3[0]],$Td3[0] ; Td3[s0>>24], t3 -|| EXTU $s[2],EXT2,24,$Td2[2] -|| EXTU $s[3],EXT2,24,$Td2[3] - LDW *${TEA}[$Td2[2]],$Td2[2] ; Td2[s2>>16], t0 -|| LDW *${TEB}[$Td2[3]],$Td2[3] ; Td2[s3>>16], t1 -|| EXTU $s[3],EXT1,24,$Td1[3] -|| EXTU $s[2],EXT3,24,$Td3[2] - LDW *${TEB}[$Td1[3]],$Td1[3] ; Td1[s3>>8], t0 -|| LDW *${TEA}[$Td3[2]],$Td3[2] ; Td3[s2>>24], t1 -|| EXTU $s[0],EXT2,24,$Td2[0] -|| EXTU $s[1],EXT2,24,$Td2[1] - LDW *${TEA}[$Td2[0]],$Td2[0] ; Td2[s0>>16], t2 -|| LDW *${TEB}[$Td2[1]],$Td2[1] ; Td2[s1>>16], t3 -|| EXTU $s[3],EXT3,24,$Td3[3] -|| EXTU $s[2],EXT1,24,$Td1[2] - LDW *${TEB}[$Td3[3]],$Td3[3] ; Td3[s3>>24], t2 -|| LDW *${TEA}[$Td1[2]],$Td1[2] ; Td1[s2>>8], t3 -|| ROTL $Td3[1],TBL3,$Td1[0] ; t0 -|| ROTL $Td1[0],TBL1,$Td3[1] ; t1 -|| EXTU $s[0],EXT0,24,$Td0[0] -|| EXTU $s[1],EXT0,24,$Td0[1] - LDW *${TEA}[$Td0[0]],$Td0[0] ; Td0[s0], t0 -|| LDW *${TEB}[$Td0[1]],$Td0[1] ; Td0[s1], t1 -|| ROTL $Td1[1],TBL1,$Td3[0] ; t2 -|| ROTL $Td3[0],TBL3,$Td1[1] ; t3 -|| EXTU $s[2],EXT0,24,$Td0[2] -|| EXTU $s[3],EXT0,24,$Td0[3] - LDW *${TEA}[$Td0[2]],$Td0[2] ; Td0[s2], t2 -|| LDW *${TEB}[$Td0[3]],$Td0[3] ; Td0[s3], t3 -|| ROTL $Td2[2],TBL2,$Td2[2] ; t0 -|| ROTL $Td2[3],TBL2,$Td2[3] ; t1 -|| XOR $K[0],$Td1[0],$s[0] -|| XOR $K[1],$Td3[1],$s[1] - ROTL $Td1[3],TBL1,$Td3[2] ; t0 -|| ROTL $Td3[2],TBL3,$Td1[3] ; t1 -|| XOR $K[2],$Td3[0],$s[2] -|| XOR $K[3],$Td1[1],$s[3] -|| LDW *$KPA++[2],$K[0] ; next round key -|| LDW *$KPB++[2],$K[1] - ROTL $Td2[0],TBL2,$Td2[0] ; t2 -|| ROTL $Td2[1],TBL2,$Td2[1] ; t3 -|| XOR $s[0],$Td2[2],$s[0] -|| XOR $s[1],$Td2[3],$s[1] -|| LDW *$KPA++[2],$K[2] -|| LDW *$KPB++[2],$K[3] - ROTL $Td3[3],TBL3,$Td1[2] ; t2 -|| ROTL $Td1[2],TBL1,$Td3[3] ; t3 -|| XOR $s[0],$Td3[2],$s[0] -|| XOR $s[1],$Td1[3],$s[1] - XOR $s[2],$Td2[0],$s[2] -|| XOR $s[3],$Td2[1],$s[3] -|| XOR $s[0],$Td0[0],$s[0] -|| XOR $s[1],$Td0[1],$s[1] - SPKERNEL -|| XOR.L $s[2],$Td1[2],$s[2] -|| XOR.L $s[3],$Td3[3],$s[3] -;;==================================================================== - ADD.D ${TEA},A0,${TEA} ; point to Td4 -|| ADD.D ${TEB},A0,${TEB} -|| EXTU $s[1],EXT3,24,$Td3[1] -|| EXTU $s[0],EXT1,24,$Td1[0] - LDBU *${TEB}[$Td3[1]],$Td3[1] ; Td3[s1>>24], t0 -|| LDBU *${TEA}[$Td1[0]],$Td1[0] ; Td1[s0>>8], t1 -|| XOR $s[2],$Td0[2],$s[2] ; modulo-scheduled -|| XOR $s[3],$Td0[3],$s[3] ; modulo-scheduled -|| EXTU $s[0],EXT0,24,$Td0[0] -|| EXTU $s[1],EXT0,24,$Td0[1] - LDBU *${TEA}[$Td0[0]],$Td0[0] ; Td0[s0], t0 -|| LDBU *${TEB}[$Td0[1]],$Td0[1] ; Td0[s1], t1 -|| EXTU $s[2],EXT2,24,$Td2[2] -|| EXTU $s[3],EXT2,24,$Td2[3] - LDBU *${TEA}[$Td2[2]],$Td2[2] ; Td2[s2>>16], t0 -|| LDBU *${TEB}[$Td2[3]],$Td2[3] ; Td2[s3>>16], t1 -|| EXTU $s[3],EXT1,24,$Td1[3] -|| EXTU $s[2],EXT3,24,$Td3[2] - LDBU *${TEB}[$Td1[3]],$Td1[3] ; Td1[s3>>8], t0 -|| LDBU *${TEA}[$Td3[2]],$Td3[2] ; Td3[s2>>24], t1 -|| EXTU $s[1],EXT1,24,$Td1[1] -|| EXTU $s[0],EXT3,24,$Td3[0] - LDBU *${TEB}[$Td1[1]],$Td1[1] ; Td1[s1>>8], t2 -|| LDBU *${TEA}[$Td3[0]],$Td3[0] ; Td3[s0>>24], t3 -|| EXTU $s[0],EXT2,24,$Td2[0] -|| EXTU $s[1],EXT2,24,$Td2[1] - LDBU *${TEA}[$Td2[0]],$Td2[0] ; Td2[s0>>16], t2 -|| LDBU *${TEB}[$Td2[1]],$Td2[1] ; Td2[s1>>16], t3 -|| EXTU $s[3],EXT3,24,$Td3[3] -|| EXTU $s[2],EXT1,24,$Td1[2] - LDBU *${TEB}[$Td3[3]],$Td3[3] ; Td3[s3>>24], t2 -|| LDBU *${TEA}[$Td1[2]],$Td1[2] ; Td1[s2>>8], t3 -|| EXTU $s[2],EXT0,24,$Td0[2] -|| EXTU $s[3],EXT0,24,$Td0[3] - LDBU *${TEA}[$Td0[2]],$Td0[2] ; Td0[s2], t2 -|| LDBU *${TEB}[$Td0[3]],$Td0[3] ; Td0[s3], t3 - - .if .BIG_ENDIAN - PACK2 $Td0[0],$Td1[3],$Td0[0] -|| PACK2 $Td0[1],$Td1[0],$Td0[1] - PACK2 $Td2[2],$Td3[1],$Td2[2] -|| PACK2 $Td2[3],$Td3[2],$Td2[3] - PACKL4 $Td0[0],$Td2[2],$Td0[0] -|| PACKL4 $Td0[1],$Td2[3],$Td0[1] - XOR $K[0],$Td0[0],$Td0[0] ; s[0] -|| XOR $K[1],$Td0[1],$Td0[1] ; s[1] - - PACK2 $Td0[2],$Td1[1],$Td0[2] -|| PACK2 $Td0[3],$Td1[2],$Td0[3] - PACK2 $Td2[0],$Td3[3],$Td2[0] -|| PACK2 $Td2[1],$Td3[0],$Td2[1] -|| BNOP RA - PACKL4 $Td0[2],$Td2[0],$Td0[2] -|| PACKL4 $Td0[3],$Td2[1],$Td0[3] - XOR $K[2],$Td0[2],$Td0[2] ; s[2] -|| XOR $K[3],$Td0[3],$Td0[3] ; s[3] - - MV $Td0[0],A9 -|| MV $Td0[1],A8 - MV $Td0[2],B9 -|| MV $Td0[3],B8 -|| [B2] STNDW A9:A8,*OUT++ - [B2] STNDW B9:B8,*OUT++ - .else - PACK2 $Td1[3],$Td0[0],$Td1[3] -|| PACK2 $Td1[0],$Td0[1],$Td1[0] - PACK2 $Td3[1],$Td2[2],$Td3[1] -|| PACK2 $Td3[2],$Td2[3],$Td3[2] - PACKL4 $Td3[1],$Td1[3],$Td1[3] -|| PACKL4 $Td3[2],$Td1[0],$Td1[0] - XOR $K[0],$Td1[3],$Td1[3] ; s[0] -|| XOR $K[1],$Td1[0],$Td1[0] ; s[1] - - PACK2 $Td1[1],$Td0[2],$Td1[1] -|| PACK2 $Td1[2],$Td0[3],$Td1[2] - PACK2 $Td3[3],$Td2[0],$Td3[3] -|| PACK2 $Td3[0],$Td2[1],$Td3[0] -|| BNOP RA - PACKL4 $Td3[3],$Td1[1],$Td1[1] -|| PACKL4 $Td3[0],$Td1[2],$Td1[2] - XOR $K[2],$Td1[1],$Td1[1] ; s[2] -|| XOR $K[3],$Td1[2],$Td1[2] ; s[3] - - MV $Td1[3],A8 -|| MV $Td1[0],A9 - MV $Td1[1],B8 -|| MV $Td1[2],B9 -|| [B2] STNDW A9:A8,*OUT++ - [B2] STNDW B9:B8,*OUT++ - .endif - .endasmfunc -___ -{ -my @K=(@K,@s); # extended key -my @Te4=map("B$_",(16..19)); - -my @Kx9=@Te0; # used in AES_set_decrypt_key -my @KxB=@Te1; -my @KxD=@Te2; -my @KxE=@Te3; - -$code.=<<___; - .asg OUT,BITS - - .global _AES_set_encrypt_key -_AES_set_encrypt_key: -__set_encrypt_key: - .asmfunc - MV INP,A0 -|| SHRU BITS,5,BITS ; 128-192-256 -> 4-6-8 -|| MV KEY,A1 - [!A0] B RA -||[!A0] MVK -1,RET -||[!A0] MVK 1,A1 ; only one B RA - [!A1] B RA -||[!A1] MVK -1,RET -||[!A1] MVK 0,A0 -|| MVK 0,B0 -|| MVK 0,A1 - [A0] LDNDW *INP++,A9:A8 -|| [A0] CMPEQ 4,BITS,B0 -|| [A0] CMPLT 3,BITS,A1 - [B0] B key128? -|| [A1] LDNDW *INP++,B9:B8 -|| [A0] CMPEQ 6,BITS,B0 -|| [A0] CMPLT 5,BITS,A1 - [B0] B key192? -|| [A1] LDNDW *INP++,B17:B16 -|| [A0] CMPEQ 8,BITS,B0 -|| [A0] CMPLT 7,BITS,A1 - [B0] B key256? -|| [A1] LDNDW *INP++,B19:B18 - - .if __TI_EABI__ - [A0] ADD 0,KEY,$KPA -|| [A0] ADD 4,KEY,$KPB -|| [A0] MVKL \$PCR_OFFSET(AES_Te4,__set_encrypt_key),$TEA -|| [A0] ADDKPC __set_encrypt_key,B6 - [A0] MVKH \$PCR_OFFSET(AES_Te4,__set_encrypt_key),$TEA - [A0] ADD B6,$TEA,$TEA ; AES_Te4 - .else - [A0] ADD 0,KEY,$KPA -|| [A0] ADD 4,KEY,$KPB -|| [A0] MVKL (AES_Te4-__set_encrypt_key),$TEA -|| [A0] ADDKPC __set_encrypt_key,B6 - [A0] MVKH (AES_Te4-__set_encrypt_key),$TEA - [A0] ADD B6,$TEA,$TEA ; AES_Te4 - .endif - NOP - NOP - - BNOP RA,5 -|| MVK -2,RET ; unknown bit length -|| MVK 0,B0 ; redundant -;;==================================================================== -;;==================================================================== -key128?: - .if .BIG_ENDIAN - MV A9,$K[0] -|| MV A8,$K[1] -|| MV B9,$Te4[2] -|| MV B8,$K[3] - .else - MV A8,$K[0] -|| MV A9,$K[1] -|| MV B8,$Te4[2] -|| MV B9,$K[3] - .endif - - MVK 256,A0 -|| MVK 9,B0 - - SPLOOPD 14 -|| MVC B0,ILC -|| MV $TEA,$TEB -|| ADD $TEA,A0,A30 ; rcon -;;==================================================================== - LDW *A30++[1],A31 ; rcon[i] -|| MV $Te4[2],$K[2] -|| EXTU $K[3],EXT1,24,$Te4[0] - LDBU *${TEB}[$Te4[0]],$Te4[0] -|| MV $K[3],A0 -|| EXTU $K[3],EXT2,24,$Te4[1] - LDBU *${TEB}[$Te4[1]],$Te4[1] -|| EXTU A0,EXT3,24,A0 -|| EXTU $K[3],EXT0,24,$Te4[3] - .if .BIG_ENDIAN - LDBU *${TEA}[A0],$Te4[3] -|| LDBU *${TEB}[$Te4[3]],A0 - .else - LDBU *${TEA}[A0],A0 -|| LDBU *${TEB}[$Te4[3]],$Te4[3] - .endif - - STW $K[0],*$KPA++[2] -|| STW $K[1],*$KPB++[2] - STW $K[2],*$KPA++[2] -|| STW $K[3],*$KPB++[2] - - XOR A31,$K[0],$K[0] ; ^=rcon[i] - .if .BIG_ENDIAN - PACK2 $Te4[0],$Te4[1],$Te4[1] - PACK2 $Te4[3],A0,$Te4[3] - PACKL4 $Te4[1],$Te4[3],$Te4[3] - .else - PACK2 $Te4[1],$Te4[0],$Te4[1] - PACK2 $Te4[3],A0,$Te4[3] - PACKL4 $Te4[3],$Te4[1],$Te4[3] - .endif - XOR $Te4[3],$K[0],$Te4[0] ; K[0] - XOR $Te4[0],$K[1],$K[1] ; K[1] - MV $Te4[0],$K[0] -|| XOR $K[1],$K[2],$Te4[2] ; K[2] - XOR $Te4[2],$K[3],$K[3] ; K[3] - SPKERNEL -;;==================================================================== - BNOP RA - MV $Te4[2],$K[2] -|| STW $K[0],*$KPA++[2] -|| STW $K[1],*$KPB++[2] - STW $K[2],*$KPA++[2] -|| STW $K[3],*$KPB++[2] - MVK 10,B0 ; rounds - STW B0,*++${KPB}[15] - MVK 0,RET -;;==================================================================== -;;==================================================================== -key192?: - .if .BIG_ENDIAN - MV A9,$K[0] -|| MV A8,$K[1] -|| MV B9,$K[2] -|| MV B8,$K[3] - MV B17,$Te4[2] -|| MV B16,$K[5] - .else - MV A8,$K[0] -|| MV A9,$K[1] -|| MV B8,$K[2] -|| MV B9,$K[3] - MV B16,$Te4[2] -|| MV B17,$K[5] - .endif - - MVK 256,A0 -|| MVK 6,B0 - MV $TEA,$TEB -|| ADD $TEA,A0,A30 ; rcon -;;==================================================================== -loop192?: - LDW *A30++[1],A31 ; rcon[i] -|| MV $Te4[2],$K[4] -|| EXTU $K[5],EXT1,24,$Te4[0] - LDBU *${TEB}[$Te4[0]],$Te4[0] -|| MV $K[5],A0 -|| EXTU $K[5],EXT2,24,$Te4[1] - LDBU *${TEB}[$Te4[1]],$Te4[1] -|| EXTU A0,EXT3,24,A0 -|| EXTU $K[5],EXT0,24,$Te4[3] - .if .BIG_ENDIAN - LDBU *${TEA}[A0],$Te4[3] -|| LDBU *${TEB}[$Te4[3]],A0 - .else - LDBU *${TEA}[A0],A0 -|| LDBU *${TEB}[$Te4[3]],$Te4[3] - .endif - - STW $K[0],*$KPA++[2] -|| STW $K[1],*$KPB++[2] - STW $K[2],*$KPA++[2] -|| STW $K[3],*$KPB++[2] - STW $K[4],*$KPA++[2] -|| STW $K[5],*$KPB++[2] - - XOR A31,$K[0],$K[0] ; ^=rcon[i] - .if .BIG_ENDIAN - PACK2 $Te4[0],$Te4[1],$Te4[1] -|| PACK2 $Te4[3],A0,$Te4[3] - PACKL4 $Te4[1],$Te4[3],$Te4[3] - .else - PACK2 $Te4[1],$Te4[0],$Te4[1] -|| PACK2 $Te4[3],A0,$Te4[3] - PACKL4 $Te4[3],$Te4[1],$Te4[3] - .endif - BDEC loop192?,B0 -|| XOR $Te4[3],$K[0],$Te4[0] ; K[0] - XOR $Te4[0],$K[1],$K[1] ; K[1] - MV $Te4[0],$K[0] -|| XOR $K[1],$K[2],$Te4[2] ; K[2] - XOR $Te4[2],$K[3],$K[3] ; K[3] - MV $Te4[2],$K[2] -|| XOR $K[3],$K[4],$Te4[2] ; K[4] - XOR $Te4[2],$K[5],$K[5] ; K[5] -;;==================================================================== - BNOP RA - STW $K[0],*$KPA++[2] -|| STW $K[1],*$KPB++[2] - STW $K[2],*$KPA++[2] -|| STW $K[3],*$KPB++[2] - MVK 12,B0 ; rounds - STW B0,*++${KPB}[7] - MVK 0,RET -;;==================================================================== -;;==================================================================== -key256?: - .if .BIG_ENDIAN - MV A9,$K[0] -|| MV A8,$K[1] -|| MV B9,$K[2] -|| MV B8,$K[3] - MV B17,$K[4] -|| MV B16,$K[5] -|| MV B19,$Te4[2] -|| MV B18,$K[7] - .else - MV A8,$K[0] -|| MV A9,$K[1] -|| MV B8,$K[2] -|| MV B9,$K[3] - MV B16,$K[4] -|| MV B17,$K[5] -|| MV B18,$Te4[2] -|| MV B19,$K[7] - .endif - - MVK 256,A0 -|| MVK 6,B0 - MV $TEA,$TEB -|| ADD $TEA,A0,A30 ; rcon -;;==================================================================== -loop256?: - LDW *A30++[1],A31 ; rcon[i] -|| MV $Te4[2],$K[6] -|| EXTU $K[7],EXT1,24,$Te4[0] - LDBU *${TEB}[$Te4[0]],$Te4[0] -|| MV $K[7],A0 -|| EXTU $K[7],EXT2,24,$Te4[1] - LDBU *${TEB}[$Te4[1]],$Te4[1] -|| EXTU A0,EXT3,24,A0 -|| EXTU $K[7],EXT0,24,$Te4[3] - .if .BIG_ENDIAN - LDBU *${TEA}[A0],$Te4[3] -|| LDBU *${TEB}[$Te4[3]],A0 - .else - LDBU *${TEA}[A0],A0 -|| LDBU *${TEB}[$Te4[3]],$Te4[3] - .endif - - STW $K[0],*$KPA++[2] -|| STW $K[1],*$KPB++[2] - STW $K[2],*$KPA++[2] -|| STW $K[3],*$KPB++[2] - STW $K[4],*$KPA++[2] -|| STW $K[5],*$KPB++[2] - STW $K[6],*$KPA++[2] -|| STW $K[7],*$KPB++[2] -|| XOR A31,$K[0],$K[0] ; ^=rcon[i] - .if .BIG_ENDIAN - PACK2 $Te4[0],$Te4[1],$Te4[1] -|| PACK2 $Te4[3],A0,$Te4[3] - PACKL4 $Te4[1],$Te4[3],$Te4[3] -||[!B0] B done256? - .else - PACK2 $Te4[1],$Te4[0],$Te4[1] -|| PACK2 $Te4[3],A0,$Te4[3] - PACKL4 $Te4[3],$Te4[1],$Te4[3] -||[!B0] B done256? - .endif - XOR $Te4[3],$K[0],$Te4[0] ; K[0] - XOR $Te4[0],$K[1],$K[1] ; K[1] - MV $Te4[0],$K[0] -|| XOR $K[1],$K[2],$Te4[2] ; K[2] - XOR $Te4[2],$K[3],$K[3] ; K[3] - - MV $Te4[2],$K[2] -|| [B0] EXTU $K[3],EXT0,24,$Te4[0] -|| [B0] SUB B0,1,B0 - LDBU *${TEB}[$Te4[0]],$Te4[0] -|| MV $K[3],A0 -|| EXTU $K[3],EXT1,24,$Te4[1] - LDBU *${TEB}[$Te4[1]],$Te4[1] -|| EXTU A0,EXT2,24,A0 -|| EXTU $K[3],EXT3,24,$Te4[3] - - .if .BIG_ENDIAN - LDBU *${TEA}[A0],$Te4[3] -|| LDBU *${TEB}[$Te4[3]],A0 - NOP 3 - PACK2 $Te4[0],$Te4[1],$Te4[1] - PACK2 $Te4[3],A0,$Te4[3] -|| B loop256? - PACKL4 $Te4[1],$Te4[3],$Te4[3] - .else - LDBU *${TEA}[A0],A0 -|| LDBU *${TEB}[$Te4[3]],$Te4[3] - NOP 3 - PACK2 $Te4[1],$Te4[0],$Te4[1] - PACK2 $Te4[3],A0,$Te4[3] -|| B loop256? - PACKL4 $Te4[3],$Te4[1],$Te4[3] - .endif - - XOR $Te4[3],$K[4],$Te4[0] ; K[4] - XOR $Te4[0],$K[5],$K[5] ; K[5] - MV $Te4[0],$K[4] -|| XOR $K[5],$K[6],$Te4[2] ; K[6] - XOR $Te4[2],$K[7],$K[7] ; K[7] -;;==================================================================== -done256?: - BNOP RA - STW $K[0],*$KPA++[2] -|| STW $K[1],*$KPB++[2] - STW $K[2],*$KPA++[2] -|| STW $K[3],*$KPB++[2] - MVK 14,B0 ; rounds - STW B0,*--${KPB}[1] - MVK 0,RET - .endasmfunc - - .global _AES_set_decrypt_key -_AES_set_decrypt_key: - .asmfunc - B __set_encrypt_key ; guarantee local call - MV KEY,B30 ; B30 is not modified - MV RA, B31 ; B31 is not modified - ADDKPC ret?,RA,2 -ret?: ; B0 holds rounds or zero - [!B0] BNOP B31 ; return if zero - [B0] SHL B0,4,A0 ; offset to last round key - [B0] SHRU B0,1,B1 - [B0] SUB B1,1,B1 - [B0] MVK 0x0000001B,B3 ; AES polynomial - [B0] MVKH 0x07000000,B3 - - SPLOOPD 9 ; flip round keys -|| MVC B1,ILC -|| MV B30,$KPA -|| ADD B30,A0,$KPB -|| MVK 16,A0 ; sizeof(round key) -;;==================================================================== - LDW *${KPA}[0],A16 -|| LDW *${KPB}[0],B16 - LDW *${KPA}[1],A17 -|| LDW *${KPB}[1],B17 - LDW *${KPA}[2],A18 -|| LDW *${KPB}[2],B18 - LDW *${KPA}[3],A19 -|| ADD $KPA,A0,$KPA -|| LDW *${KPB}[3],B19 -|| SUB $KPB,A0,$KPB - NOP - STW B16,*${KPA}[-4] -|| STW A16,*${KPB}[4] - STW B17,*${KPA}[-3] -|| STW A17,*${KPB}[5] - STW B18,*${KPA}[-2] -|| STW A18,*${KPB}[6] - STW B19,*${KPA}[-1] -|| STW A19,*${KPB}[7] - SPKERNEL -;;==================================================================== - SUB B0,1,B0 ; skip last round -|| ADD B30,A0,$KPA ; skip first round -|| ADD B30,A0,$KPB -|| MVC GFPGFR,B30 ; save GFPGFR - LDW *${KPA}[0],$K[0] -|| LDW *${KPB}[1],$K[1] -|| MVC B3,GFPGFR - LDW *${KPA}[2],$K[2] -|| LDW *${KPB}[3],$K[3] - MVK 0x00000909,A24 -|| MVK 0x00000B0B,B24 - MVKH 0x09090000,A24 -|| MVKH 0x0B0B0000,B24 - MVC B0,ILC -|| SUB B0,1,B0 - - GMPY4 $K[0],A24,$Kx9[0] ; ·0x09 -|| GMPY4 $K[1],A24,$Kx9[1] -|| MVK 0x00000D0D,A25 -|| MVK 0x00000E0E,B25 - GMPY4 $K[2],A24,$Kx9[2] -|| GMPY4 $K[3],A24,$Kx9[3] -|| MVKH 0x0D0D0000,A25 -|| MVKH 0x0E0E0000,B25 - - GMPY4 $K[0],B24,$KxB[0] ; ·0x0B -|| GMPY4 $K[1],B24,$KxB[1] - GMPY4 $K[2],B24,$KxB[2] -|| GMPY4 $K[3],B24,$KxB[3] - - SPLOOP 11 ; InvMixColumns -;;==================================================================== - GMPY4 $K[0],A25,$KxD[0] ; ·0x0D -|| GMPY4 $K[1],A25,$KxD[1] -|| SWAP2 $Kx9[0],$Kx9[0] ; rotate by 16 -|| SWAP2 $Kx9[1],$Kx9[1] -|| MV $K[0],$s[0] ; this or DINT -|| MV $K[1],$s[1] -|| [B0] LDW *${KPA}[4],$K[0] -|| [B0] LDW *${KPB}[5],$K[1] - GMPY4 $K[2],A25,$KxD[2] -|| GMPY4 $K[3],A25,$KxD[3] -|| SWAP2 $Kx9[2],$Kx9[2] -|| SWAP2 $Kx9[3],$Kx9[3] -|| MV $K[2],$s[2] -|| MV $K[3],$s[3] -|| [B0] LDW *${KPA}[6],$K[2] -|| [B0] LDW *${KPB}[7],$K[3] - - GMPY4 $s[0],B25,$KxE[0] ; ·0x0E -|| GMPY4 $s[1],B25,$KxE[1] -|| XOR $Kx9[0],$KxB[0],$KxB[0] -|| XOR $Kx9[1],$KxB[1],$KxB[1] - GMPY4 $s[2],B25,$KxE[2] -|| GMPY4 $s[3],B25,$KxE[3] -|| XOR $Kx9[2],$KxB[2],$KxB[2] -|| XOR $Kx9[3],$KxB[3],$KxB[3] - - ROTL $KxB[0],TBL3,$KxB[0] -|| ROTL $KxB[1],TBL3,$KxB[1] -|| SWAP2 $KxD[0],$KxD[0] ; rotate by 16 -|| SWAP2 $KxD[1],$KxD[1] - ROTL $KxB[2],TBL3,$KxB[2] -|| ROTL $KxB[3],TBL3,$KxB[3] -|| SWAP2 $KxD[2],$KxD[2] -|| SWAP2 $KxD[3],$KxD[3] - - XOR $KxE[0],$KxD[0],$KxE[0] -|| XOR $KxE[1],$KxD[1],$KxE[1] -|| [B0] GMPY4 $K[0],A24,$Kx9[0] ; ·0x09 -|| [B0] GMPY4 $K[1],A24,$Kx9[1] -|| ADDAW $KPA,4,$KPA - XOR $KxE[2],$KxD[2],$KxE[2] -|| XOR $KxE[3],$KxD[3],$KxE[3] -|| [B0] GMPY4 $K[2],A24,$Kx9[2] -|| [B0] GMPY4 $K[3],A24,$Kx9[3] -|| ADDAW $KPB,4,$KPB - - XOR $KxB[0],$KxE[0],$KxE[0] -|| XOR $KxB[1],$KxE[1],$KxE[1] -|| [B0] GMPY4 $K[0],B24,$KxB[0] ; ·0x0B -|| [B0] GMPY4 $K[1],B24,$KxB[1] - XOR $KxB[2],$KxE[2],$KxE[2] -|| XOR $KxB[3],$KxE[3],$KxE[3] -|| [B0] GMPY4 $K[2],B24,$KxB[2] -|| [B0] GMPY4 $K[3],B24,$KxB[3] -|| STW $KxE[0],*${KPA}[-4] -|| STW $KxE[1],*${KPB}[-3] - STW $KxE[2],*${KPA}[-2] -|| STW $KxE[3],*${KPB}[-1] -|| [B0] SUB B0,1,B0 - SPKERNEL -;;==================================================================== - BNOP B31,3 - MVC B30,GFPGFR ; restore GFPGFR(*) - MVK 0,RET - .endasmfunc -___ -# (*) Even though ABI doesn't specify GFPGFR as non-volatile, there -# are code samples out there that *assume* its default value. -} -{ -my ($inp,$out,$blocks,$key,$ivp)=("A4","B4","A6","B6","A8"); -$code.=<<___; - .global _AES_ctr32_encrypt -_AES_ctr32_encrypt: - .asmfunc - LDNDW *${ivp}[0],A31:A30 ; load counter value -|| MV $blocks,A2 ; reassign $blocks -|| DMV RA,$key,B27:B26 ; reassign RA and $key - LDNDW *${ivp}[1],B31:B30 -|| MVK 0,B2 ; don't let __encrypt load input -|| MVK 0,A1 ; and postpone writing output - .if .BIG_ENDIAN - NOP - .else - NOP 4 - SWAP2 B31,B31 ; keep least significant 32 bits - SWAP4 B31,B31 ; in host byte order - .endif -ctr32_loop?: - [A2] BNOP __encrypt -|| [A1] XOR A29,A9,A9 ; input^Ek(counter) -|| [A1] XOR A28,A8,A8 -|| [A2] LDNDW *INP++,A29:A28 ; load input - [!A2] BNOP B27 ; return -|| [A1] XOR B29,B9,B9 -|| [A1] XOR B28,B8,B8 -|| [A2] LDNDW *INP++,B29:B28 - .if .BIG_ENDIAN - [A1] STNDW A9:A8,*OUT++ ; save output -|| [A2] DMV A31,A30,A9:A8 ; pass counter value to __encrypt - [A1] STNDW B9:B8,*OUT++ -|| [A2] DMV B31,B30,B9:B8 -|| [A2] ADD B30,1,B30 ; counter++ - .else - [A1] STNDW A9:A8,*OUT++ ; save output -|| [A2] DMV A31,A30,A9:A8 -|| [A2] SWAP2 B31,B0 -|| [A2] ADD B31,1,B31 ; counter++ - [A1] STNDW B9:B8,*OUT++ -|| [A2] MV B30,B8 -|| [A2] SWAP4 B0,B9 - .endif - [A2] ADDKPC ctr32_loop?,RA ; return to ctr32_loop? -|| [A2] MV B26,KEY ; pass $key -|| [A2] SUB A2,1,A2 ; $blocks-- -||[!A1] MVK 1,A1 - NOP - NOP - .endasmfunc -___ -} -# Tables are kept in endian-neutral manner -$code.=<<___; - .if __TI_EABI__ - .sect ".text:aes_asm.const" - .else - .sect ".const:aes_asm" - .endif - .align 128 -AES_Te: - .byte 0xc6,0x63,0x63,0xa5, 0xf8,0x7c,0x7c,0x84 - .byte 0xee,0x77,0x77,0x99, 0xf6,0x7b,0x7b,0x8d - .byte 0xff,0xf2,0xf2,0x0d, 0xd6,0x6b,0x6b,0xbd - .byte 0xde,0x6f,0x6f,0xb1, 0x91,0xc5,0xc5,0x54 - .byte 0x60,0x30,0x30,0x50, 0x02,0x01,0x01,0x03 - .byte 0xce,0x67,0x67,0xa9, 0x56,0x2b,0x2b,0x7d - .byte 0xe7,0xfe,0xfe,0x19, 0xb5,0xd7,0xd7,0x62 - .byte 0x4d,0xab,0xab,0xe6, 0xec,0x76,0x76,0x9a - .byte 0x8f,0xca,0xca,0x45, 0x1f,0x82,0x82,0x9d - .byte 0x89,0xc9,0xc9,0x40, 0xfa,0x7d,0x7d,0x87 - .byte 0xef,0xfa,0xfa,0x15, 0xb2,0x59,0x59,0xeb - .byte 0x8e,0x47,0x47,0xc9, 0xfb,0xf0,0xf0,0x0b - .byte 0x41,0xad,0xad,0xec, 0xb3,0xd4,0xd4,0x67 - .byte 0x5f,0xa2,0xa2,0xfd, 0x45,0xaf,0xaf,0xea - .byte 0x23,0x9c,0x9c,0xbf, 0x53,0xa4,0xa4,0xf7 - .byte 0xe4,0x72,0x72,0x96, 0x9b,0xc0,0xc0,0x5b - .byte 0x75,0xb7,0xb7,0xc2, 0xe1,0xfd,0xfd,0x1c - .byte 0x3d,0x93,0x93,0xae, 0x4c,0x26,0x26,0x6a - .byte 0x6c,0x36,0x36,0x5a, 0x7e,0x3f,0x3f,0x41 - .byte 0xf5,0xf7,0xf7,0x02, 0x83,0xcc,0xcc,0x4f - .byte 0x68,0x34,0x34,0x5c, 0x51,0xa5,0xa5,0xf4 - .byte 0xd1,0xe5,0xe5,0x34, 0xf9,0xf1,0xf1,0x08 - .byte 0xe2,0x71,0x71,0x93, 0xab,0xd8,0xd8,0x73 - .byte 0x62,0x31,0x31,0x53, 0x2a,0x15,0x15,0x3f - .byte 0x08,0x04,0x04,0x0c, 0x95,0xc7,0xc7,0x52 - .byte 0x46,0x23,0x23,0x65, 0x9d,0xc3,0xc3,0x5e - .byte 0x30,0x18,0x18,0x28, 0x37,0x96,0x96,0xa1 - .byte 0x0a,0x05,0x05,0x0f, 0x2f,0x9a,0x9a,0xb5 - .byte 0x0e,0x07,0x07,0x09, 0x24,0x12,0x12,0x36 - .byte 0x1b,0x80,0x80,0x9b, 0xdf,0xe2,0xe2,0x3d - .byte 0xcd,0xeb,0xeb,0x26, 0x4e,0x27,0x27,0x69 - .byte 0x7f,0xb2,0xb2,0xcd, 0xea,0x75,0x75,0x9f - .byte 0x12,0x09,0x09,0x1b, 0x1d,0x83,0x83,0x9e - .byte 0x58,0x2c,0x2c,0x74, 0x34,0x1a,0x1a,0x2e - .byte 0x36,0x1b,0x1b,0x2d, 0xdc,0x6e,0x6e,0xb2 - .byte 0xb4,0x5a,0x5a,0xee, 0x5b,0xa0,0xa0,0xfb - .byte 0xa4,0x52,0x52,0xf6, 0x76,0x3b,0x3b,0x4d - .byte 0xb7,0xd6,0xd6,0x61, 0x7d,0xb3,0xb3,0xce - .byte 0x52,0x29,0x29,0x7b, 0xdd,0xe3,0xe3,0x3e - .byte 0x5e,0x2f,0x2f,0x71, 0x13,0x84,0x84,0x97 - .byte 0xa6,0x53,0x53,0xf5, 0xb9,0xd1,0xd1,0x68 - .byte 0x00,0x00,0x00,0x00, 0xc1,0xed,0xed,0x2c - .byte 0x40,0x20,0x20,0x60, 0xe3,0xfc,0xfc,0x1f - .byte 0x79,0xb1,0xb1,0xc8, 0xb6,0x5b,0x5b,0xed - .byte 0xd4,0x6a,0x6a,0xbe, 0x8d,0xcb,0xcb,0x46 - .byte 0x67,0xbe,0xbe,0xd9, 0x72,0x39,0x39,0x4b - .byte 0x94,0x4a,0x4a,0xde, 0x98,0x4c,0x4c,0xd4 - .byte 0xb0,0x58,0x58,0xe8, 0x85,0xcf,0xcf,0x4a - .byte 0xbb,0xd0,0xd0,0x6b, 0xc5,0xef,0xef,0x2a - .byte 0x4f,0xaa,0xaa,0xe5, 0xed,0xfb,0xfb,0x16 - .byte 0x86,0x43,0x43,0xc5, 0x9a,0x4d,0x4d,0xd7 - .byte 0x66,0x33,0x33,0x55, 0x11,0x85,0x85,0x94 - .byte 0x8a,0x45,0x45,0xcf, 0xe9,0xf9,0xf9,0x10 - .byte 0x04,0x02,0x02,0x06, 0xfe,0x7f,0x7f,0x81 - .byte 0xa0,0x50,0x50,0xf0, 0x78,0x3c,0x3c,0x44 - .byte 0x25,0x9f,0x9f,0xba, 0x4b,0xa8,0xa8,0xe3 - .byte 0xa2,0x51,0x51,0xf3, 0x5d,0xa3,0xa3,0xfe - .byte 0x80,0x40,0x40,0xc0, 0x05,0x8f,0x8f,0x8a - .byte 0x3f,0x92,0x92,0xad, 0x21,0x9d,0x9d,0xbc - .byte 0x70,0x38,0x38,0x48, 0xf1,0xf5,0xf5,0x04 - .byte 0x63,0xbc,0xbc,0xdf, 0x77,0xb6,0xb6,0xc1 - .byte 0xaf,0xda,0xda,0x75, 0x42,0x21,0x21,0x63 - .byte 0x20,0x10,0x10,0x30, 0xe5,0xff,0xff,0x1a - .byte 0xfd,0xf3,0xf3,0x0e, 0xbf,0xd2,0xd2,0x6d - .byte 0x81,0xcd,0xcd,0x4c, 0x18,0x0c,0x0c,0x14 - .byte 0x26,0x13,0x13,0x35, 0xc3,0xec,0xec,0x2f - .byte 0xbe,0x5f,0x5f,0xe1, 0x35,0x97,0x97,0xa2 - .byte 0x88,0x44,0x44,0xcc, 0x2e,0x17,0x17,0x39 - .byte 0x93,0xc4,0xc4,0x57, 0x55,0xa7,0xa7,0xf2 - .byte 0xfc,0x7e,0x7e,0x82, 0x7a,0x3d,0x3d,0x47 - .byte 0xc8,0x64,0x64,0xac, 0xba,0x5d,0x5d,0xe7 - .byte 0x32,0x19,0x19,0x2b, 0xe6,0x73,0x73,0x95 - .byte 0xc0,0x60,0x60,0xa0, 0x19,0x81,0x81,0x98 - .byte 0x9e,0x4f,0x4f,0xd1, 0xa3,0xdc,0xdc,0x7f - .byte 0x44,0x22,0x22,0x66, 0x54,0x2a,0x2a,0x7e - .byte 0x3b,0x90,0x90,0xab, 0x0b,0x88,0x88,0x83 - .byte 0x8c,0x46,0x46,0xca, 0xc7,0xee,0xee,0x29 - .byte 0x6b,0xb8,0xb8,0xd3, 0x28,0x14,0x14,0x3c - .byte 0xa7,0xde,0xde,0x79, 0xbc,0x5e,0x5e,0xe2 - .byte 0x16,0x0b,0x0b,0x1d, 0xad,0xdb,0xdb,0x76 - .byte 0xdb,0xe0,0xe0,0x3b, 0x64,0x32,0x32,0x56 - .byte 0x74,0x3a,0x3a,0x4e, 0x14,0x0a,0x0a,0x1e - .byte 0x92,0x49,0x49,0xdb, 0x0c,0x06,0x06,0x0a - .byte 0x48,0x24,0x24,0x6c, 0xb8,0x5c,0x5c,0xe4 - .byte 0x9f,0xc2,0xc2,0x5d, 0xbd,0xd3,0xd3,0x6e - .byte 0x43,0xac,0xac,0xef, 0xc4,0x62,0x62,0xa6 - .byte 0x39,0x91,0x91,0xa8, 0x31,0x95,0x95,0xa4 - .byte 0xd3,0xe4,0xe4,0x37, 0xf2,0x79,0x79,0x8b - .byte 0xd5,0xe7,0xe7,0x32, 0x8b,0xc8,0xc8,0x43 - .byte 0x6e,0x37,0x37,0x59, 0xda,0x6d,0x6d,0xb7 - .byte 0x01,0x8d,0x8d,0x8c, 0xb1,0xd5,0xd5,0x64 - .byte 0x9c,0x4e,0x4e,0xd2, 0x49,0xa9,0xa9,0xe0 - .byte 0xd8,0x6c,0x6c,0xb4, 0xac,0x56,0x56,0xfa - .byte 0xf3,0xf4,0xf4,0x07, 0xcf,0xea,0xea,0x25 - .byte 0xca,0x65,0x65,0xaf, 0xf4,0x7a,0x7a,0x8e - .byte 0x47,0xae,0xae,0xe9, 0x10,0x08,0x08,0x18 - .byte 0x6f,0xba,0xba,0xd5, 0xf0,0x78,0x78,0x88 - .byte 0x4a,0x25,0x25,0x6f, 0x5c,0x2e,0x2e,0x72 - .byte 0x38,0x1c,0x1c,0x24, 0x57,0xa6,0xa6,0xf1 - .byte 0x73,0xb4,0xb4,0xc7, 0x97,0xc6,0xc6,0x51 - .byte 0xcb,0xe8,0xe8,0x23, 0xa1,0xdd,0xdd,0x7c - .byte 0xe8,0x74,0x74,0x9c, 0x3e,0x1f,0x1f,0x21 - .byte 0x96,0x4b,0x4b,0xdd, 0x61,0xbd,0xbd,0xdc - .byte 0x0d,0x8b,0x8b,0x86, 0x0f,0x8a,0x8a,0x85 - .byte 0xe0,0x70,0x70,0x90, 0x7c,0x3e,0x3e,0x42 - .byte 0x71,0xb5,0xb5,0xc4, 0xcc,0x66,0x66,0xaa - .byte 0x90,0x48,0x48,0xd8, 0x06,0x03,0x03,0x05 - .byte 0xf7,0xf6,0xf6,0x01, 0x1c,0x0e,0x0e,0x12 - .byte 0xc2,0x61,0x61,0xa3, 0x6a,0x35,0x35,0x5f - .byte 0xae,0x57,0x57,0xf9, 0x69,0xb9,0xb9,0xd0 - .byte 0x17,0x86,0x86,0x91, 0x99,0xc1,0xc1,0x58 - .byte 0x3a,0x1d,0x1d,0x27, 0x27,0x9e,0x9e,0xb9 - .byte 0xd9,0xe1,0xe1,0x38, 0xeb,0xf8,0xf8,0x13 - .byte 0x2b,0x98,0x98,0xb3, 0x22,0x11,0x11,0x33 - .byte 0xd2,0x69,0x69,0xbb, 0xa9,0xd9,0xd9,0x70 - .byte 0x07,0x8e,0x8e,0x89, 0x33,0x94,0x94,0xa7 - .byte 0x2d,0x9b,0x9b,0xb6, 0x3c,0x1e,0x1e,0x22 - .byte 0x15,0x87,0x87,0x92, 0xc9,0xe9,0xe9,0x20 - .byte 0x87,0xce,0xce,0x49, 0xaa,0x55,0x55,0xff - .byte 0x50,0x28,0x28,0x78, 0xa5,0xdf,0xdf,0x7a - .byte 0x03,0x8c,0x8c,0x8f, 0x59,0xa1,0xa1,0xf8 - .byte 0x09,0x89,0x89,0x80, 0x1a,0x0d,0x0d,0x17 - .byte 0x65,0xbf,0xbf,0xda, 0xd7,0xe6,0xe6,0x31 - .byte 0x84,0x42,0x42,0xc6, 0xd0,0x68,0x68,0xb8 - .byte 0x82,0x41,0x41,0xc3, 0x29,0x99,0x99,0xb0 - .byte 0x5a,0x2d,0x2d,0x77, 0x1e,0x0f,0x0f,0x11 - .byte 0x7b,0xb0,0xb0,0xcb, 0xa8,0x54,0x54,0xfc - .byte 0x6d,0xbb,0xbb,0xd6, 0x2c,0x16,0x16,0x3a -AES_Te4: - .byte 0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5 - .byte 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76 - .byte 0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0 - .byte 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0 - .byte 0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc - .byte 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15 - .byte 0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a - .byte 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75 - .byte 0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0 - .byte 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84 - .byte 0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b - .byte 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf - .byte 0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85 - .byte 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8 - .byte 0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5 - .byte 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2 - .byte 0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17 - .byte 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73 - .byte 0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88 - .byte 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb - .byte 0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c - .byte 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79 - .byte 0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9 - .byte 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08 - .byte 0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6 - .byte 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a - .byte 0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e - .byte 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e - .byte 0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94 - .byte 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf - .byte 0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68 - .byte 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16 -rcon: - .byte 0x01,0x00,0x00,0x00, 0x02,0x00,0x00,0x00 - .byte 0x04,0x00,0x00,0x00, 0x08,0x00,0x00,0x00 - .byte 0x10,0x00,0x00,0x00, 0x20,0x00,0x00,0x00 - .byte 0x40,0x00,0x00,0x00, 0x80,0x00,0x00,0x00 - .byte 0x1B,0x00,0x00,0x00, 0x36,0x00,0x00,0x00 - .align 128 -AES_Td: - .byte 0x51,0xf4,0xa7,0x50, 0x7e,0x41,0x65,0x53 - .byte 0x1a,0x17,0xa4,0xc3, 0x3a,0x27,0x5e,0x96 - .byte 0x3b,0xab,0x6b,0xcb, 0x1f,0x9d,0x45,0xf1 - .byte 0xac,0xfa,0x58,0xab, 0x4b,0xe3,0x03,0x93 - .byte 0x20,0x30,0xfa,0x55, 0xad,0x76,0x6d,0xf6 - .byte 0x88,0xcc,0x76,0x91, 0xf5,0x02,0x4c,0x25 - .byte 0x4f,0xe5,0xd7,0xfc, 0xc5,0x2a,0xcb,0xd7 - .byte 0x26,0x35,0x44,0x80, 0xb5,0x62,0xa3,0x8f - .byte 0xde,0xb1,0x5a,0x49, 0x25,0xba,0x1b,0x67 - .byte 0x45,0xea,0x0e,0x98, 0x5d,0xfe,0xc0,0xe1 - .byte 0xc3,0x2f,0x75,0x02, 0x81,0x4c,0xf0,0x12 - .byte 0x8d,0x46,0x97,0xa3, 0x6b,0xd3,0xf9,0xc6 - .byte 0x03,0x8f,0x5f,0xe7, 0x15,0x92,0x9c,0x95 - .byte 0xbf,0x6d,0x7a,0xeb, 0x95,0x52,0x59,0xda - .byte 0xd4,0xbe,0x83,0x2d, 0x58,0x74,0x21,0xd3 - .byte 0x49,0xe0,0x69,0x29, 0x8e,0xc9,0xc8,0x44 - .byte 0x75,0xc2,0x89,0x6a, 0xf4,0x8e,0x79,0x78 - .byte 0x99,0x58,0x3e,0x6b, 0x27,0xb9,0x71,0xdd - .byte 0xbe,0xe1,0x4f,0xb6, 0xf0,0x88,0xad,0x17 - .byte 0xc9,0x20,0xac,0x66, 0x7d,0xce,0x3a,0xb4 - .byte 0x63,0xdf,0x4a,0x18, 0xe5,0x1a,0x31,0x82 - .byte 0x97,0x51,0x33,0x60, 0x62,0x53,0x7f,0x45 - .byte 0xb1,0x64,0x77,0xe0, 0xbb,0x6b,0xae,0x84 - .byte 0xfe,0x81,0xa0,0x1c, 0xf9,0x08,0x2b,0x94 - .byte 0x70,0x48,0x68,0x58, 0x8f,0x45,0xfd,0x19 - .byte 0x94,0xde,0x6c,0x87, 0x52,0x7b,0xf8,0xb7 - .byte 0xab,0x73,0xd3,0x23, 0x72,0x4b,0x02,0xe2 - .byte 0xe3,0x1f,0x8f,0x57, 0x66,0x55,0xab,0x2a - .byte 0xb2,0xeb,0x28,0x07, 0x2f,0xb5,0xc2,0x03 - .byte 0x86,0xc5,0x7b,0x9a, 0xd3,0x37,0x08,0xa5 - .byte 0x30,0x28,0x87,0xf2, 0x23,0xbf,0xa5,0xb2 - .byte 0x02,0x03,0x6a,0xba, 0xed,0x16,0x82,0x5c - .byte 0x8a,0xcf,0x1c,0x2b, 0xa7,0x79,0xb4,0x92 - .byte 0xf3,0x07,0xf2,0xf0, 0x4e,0x69,0xe2,0xa1 - .byte 0x65,0xda,0xf4,0xcd, 0x06,0x05,0xbe,0xd5 - .byte 0xd1,0x34,0x62,0x1f, 0xc4,0xa6,0xfe,0x8a - .byte 0x34,0x2e,0x53,0x9d, 0xa2,0xf3,0x55,0xa0 - .byte 0x05,0x8a,0xe1,0x32, 0xa4,0xf6,0xeb,0x75 - .byte 0x0b,0x83,0xec,0x39, 0x40,0x60,0xef,0xaa - .byte 0x5e,0x71,0x9f,0x06, 0xbd,0x6e,0x10,0x51 - .byte 0x3e,0x21,0x8a,0xf9, 0x96,0xdd,0x06,0x3d - .byte 0xdd,0x3e,0x05,0xae, 0x4d,0xe6,0xbd,0x46 - .byte 0x91,0x54,0x8d,0xb5, 0x71,0xc4,0x5d,0x05 - .byte 0x04,0x06,0xd4,0x6f, 0x60,0x50,0x15,0xff - .byte 0x19,0x98,0xfb,0x24, 0xd6,0xbd,0xe9,0x97 - .byte 0x89,0x40,0x43,0xcc, 0x67,0xd9,0x9e,0x77 - .byte 0xb0,0xe8,0x42,0xbd, 0x07,0x89,0x8b,0x88 - .byte 0xe7,0x19,0x5b,0x38, 0x79,0xc8,0xee,0xdb - .byte 0xa1,0x7c,0x0a,0x47, 0x7c,0x42,0x0f,0xe9 - .byte 0xf8,0x84,0x1e,0xc9, 0x00,0x00,0x00,0x00 - .byte 0x09,0x80,0x86,0x83, 0x32,0x2b,0xed,0x48 - .byte 0x1e,0x11,0x70,0xac, 0x6c,0x5a,0x72,0x4e - .byte 0xfd,0x0e,0xff,0xfb, 0x0f,0x85,0x38,0x56 - .byte 0x3d,0xae,0xd5,0x1e, 0x36,0x2d,0x39,0x27 - .byte 0x0a,0x0f,0xd9,0x64, 0x68,0x5c,0xa6,0x21 - .byte 0x9b,0x5b,0x54,0xd1, 0x24,0x36,0x2e,0x3a - .byte 0x0c,0x0a,0x67,0xb1, 0x93,0x57,0xe7,0x0f - .byte 0xb4,0xee,0x96,0xd2, 0x1b,0x9b,0x91,0x9e - .byte 0x80,0xc0,0xc5,0x4f, 0x61,0xdc,0x20,0xa2 - .byte 0x5a,0x77,0x4b,0x69, 0x1c,0x12,0x1a,0x16 - .byte 0xe2,0x93,0xba,0x0a, 0xc0,0xa0,0x2a,0xe5 - .byte 0x3c,0x22,0xe0,0x43, 0x12,0x1b,0x17,0x1d - .byte 0x0e,0x09,0x0d,0x0b, 0xf2,0x8b,0xc7,0xad - .byte 0x2d,0xb6,0xa8,0xb9, 0x14,0x1e,0xa9,0xc8 - .byte 0x57,0xf1,0x19,0x85, 0xaf,0x75,0x07,0x4c - .byte 0xee,0x99,0xdd,0xbb, 0xa3,0x7f,0x60,0xfd - .byte 0xf7,0x01,0x26,0x9f, 0x5c,0x72,0xf5,0xbc - .byte 0x44,0x66,0x3b,0xc5, 0x5b,0xfb,0x7e,0x34 - .byte 0x8b,0x43,0x29,0x76, 0xcb,0x23,0xc6,0xdc - .byte 0xb6,0xed,0xfc,0x68, 0xb8,0xe4,0xf1,0x63 - .byte 0xd7,0x31,0xdc,0xca, 0x42,0x63,0x85,0x10 - .byte 0x13,0x97,0x22,0x40, 0x84,0xc6,0x11,0x20 - .byte 0x85,0x4a,0x24,0x7d, 0xd2,0xbb,0x3d,0xf8 - .byte 0xae,0xf9,0x32,0x11, 0xc7,0x29,0xa1,0x6d - .byte 0x1d,0x9e,0x2f,0x4b, 0xdc,0xb2,0x30,0xf3 - .byte 0x0d,0x86,0x52,0xec, 0x77,0xc1,0xe3,0xd0 - .byte 0x2b,0xb3,0x16,0x6c, 0xa9,0x70,0xb9,0x99 - .byte 0x11,0x94,0x48,0xfa, 0x47,0xe9,0x64,0x22 - .byte 0xa8,0xfc,0x8c,0xc4, 0xa0,0xf0,0x3f,0x1a - .byte 0x56,0x7d,0x2c,0xd8, 0x22,0x33,0x90,0xef - .byte 0x87,0x49,0x4e,0xc7, 0xd9,0x38,0xd1,0xc1 - .byte 0x8c,0xca,0xa2,0xfe, 0x98,0xd4,0x0b,0x36 - .byte 0xa6,0xf5,0x81,0xcf, 0xa5,0x7a,0xde,0x28 - .byte 0xda,0xb7,0x8e,0x26, 0x3f,0xad,0xbf,0xa4 - .byte 0x2c,0x3a,0x9d,0xe4, 0x50,0x78,0x92,0x0d - .byte 0x6a,0x5f,0xcc,0x9b, 0x54,0x7e,0x46,0x62 - .byte 0xf6,0x8d,0x13,0xc2, 0x90,0xd8,0xb8,0xe8 - .byte 0x2e,0x39,0xf7,0x5e, 0x82,0xc3,0xaf,0xf5 - .byte 0x9f,0x5d,0x80,0xbe, 0x69,0xd0,0x93,0x7c - .byte 0x6f,0xd5,0x2d,0xa9, 0xcf,0x25,0x12,0xb3 - .byte 0xc8,0xac,0x99,0x3b, 0x10,0x18,0x7d,0xa7 - .byte 0xe8,0x9c,0x63,0x6e, 0xdb,0x3b,0xbb,0x7b - .byte 0xcd,0x26,0x78,0x09, 0x6e,0x59,0x18,0xf4 - .byte 0xec,0x9a,0xb7,0x01, 0x83,0x4f,0x9a,0xa8 - .byte 0xe6,0x95,0x6e,0x65, 0xaa,0xff,0xe6,0x7e - .byte 0x21,0xbc,0xcf,0x08, 0xef,0x15,0xe8,0xe6 - .byte 0xba,0xe7,0x9b,0xd9, 0x4a,0x6f,0x36,0xce - .byte 0xea,0x9f,0x09,0xd4, 0x29,0xb0,0x7c,0xd6 - .byte 0x31,0xa4,0xb2,0xaf, 0x2a,0x3f,0x23,0x31 - .byte 0xc6,0xa5,0x94,0x30, 0x35,0xa2,0x66,0xc0 - .byte 0x74,0x4e,0xbc,0x37, 0xfc,0x82,0xca,0xa6 - .byte 0xe0,0x90,0xd0,0xb0, 0x33,0xa7,0xd8,0x15 - .byte 0xf1,0x04,0x98,0x4a, 0x41,0xec,0xda,0xf7 - .byte 0x7f,0xcd,0x50,0x0e, 0x17,0x91,0xf6,0x2f - .byte 0x76,0x4d,0xd6,0x8d, 0x43,0xef,0xb0,0x4d - .byte 0xcc,0xaa,0x4d,0x54, 0xe4,0x96,0x04,0xdf - .byte 0x9e,0xd1,0xb5,0xe3, 0x4c,0x6a,0x88,0x1b - .byte 0xc1,0x2c,0x1f,0xb8, 0x46,0x65,0x51,0x7f - .byte 0x9d,0x5e,0xea,0x04, 0x01,0x8c,0x35,0x5d - .byte 0xfa,0x87,0x74,0x73, 0xfb,0x0b,0x41,0x2e - .byte 0xb3,0x67,0x1d,0x5a, 0x92,0xdb,0xd2,0x52 - .byte 0xe9,0x10,0x56,0x33, 0x6d,0xd6,0x47,0x13 - .byte 0x9a,0xd7,0x61,0x8c, 0x37,0xa1,0x0c,0x7a - .byte 0x59,0xf8,0x14,0x8e, 0xeb,0x13,0x3c,0x89 - .byte 0xce,0xa9,0x27,0xee, 0xb7,0x61,0xc9,0x35 - .byte 0xe1,0x1c,0xe5,0xed, 0x7a,0x47,0xb1,0x3c - .byte 0x9c,0xd2,0xdf,0x59, 0x55,0xf2,0x73,0x3f - .byte 0x18,0x14,0xce,0x79, 0x73,0xc7,0x37,0xbf - .byte 0x53,0xf7,0xcd,0xea, 0x5f,0xfd,0xaa,0x5b - .byte 0xdf,0x3d,0x6f,0x14, 0x78,0x44,0xdb,0x86 - .byte 0xca,0xaf,0xf3,0x81, 0xb9,0x68,0xc4,0x3e - .byte 0x38,0x24,0x34,0x2c, 0xc2,0xa3,0x40,0x5f - .byte 0x16,0x1d,0xc3,0x72, 0xbc,0xe2,0x25,0x0c - .byte 0x28,0x3c,0x49,0x8b, 0xff,0x0d,0x95,0x41 - .byte 0x39,0xa8,0x01,0x71, 0x08,0x0c,0xb3,0xde - .byte 0xd8,0xb4,0xe4,0x9c, 0x64,0x56,0xc1,0x90 - .byte 0x7b,0xcb,0x84,0x61, 0xd5,0x32,0xb6,0x70 - .byte 0x48,0x6c,0x5c,0x74, 0xd0,0xb8,0x57,0x42 -AES_Td4: - .byte 0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38 - .byte 0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb - .byte 0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87 - .byte 0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb - .byte 0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d - .byte 0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e - .byte 0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2 - .byte 0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25 - .byte 0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16 - .byte 0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92 - .byte 0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda - .byte 0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84 - .byte 0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a - .byte 0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06 - .byte 0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02 - .byte 0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b - .byte 0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea - .byte 0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73 - .byte 0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85 - .byte 0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e - .byte 0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89 - .byte 0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b - .byte 0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20 - .byte 0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4 - .byte 0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31 - .byte 0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f - .byte 0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d - .byte 0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef - .byte 0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0 - .byte 0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61 - .byte 0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26 - .byte 0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d - .cstring "AES for C64x+, CRYPTOGAMS by " - .align 4 -___ - -print $code; -close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/aes/asm/aes-ia64.S b/crypto/aes/asm/aes-ia64.S deleted file mode 100644 index ad9e466bbc1898cbe14428781b1f1c978b0e1c0d..0000000000000000000000000000000000000000 --- a/crypto/aes/asm/aes-ia64.S +++ /dev/null @@ -1,1130 +0,0 @@ -// Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved. -// -// Licensed under the Apache License 2.0 (the "License"). You may not use -// this file except in compliance with the License. You can obtain a copy -// in the file LICENSE in the source distribution or at -// https://www.openssl.org/source/license.html -// -// ==================================================================== -// Written by Andy Polyakov for the OpenSSL -// project. Rights for redistribution and usage in source and binary -// forms are granted according to the License. -// ==================================================================== -// -// What's wrong with compiler generated code? Compiler never uses -// variable 'shr' which is pairable with 'extr'/'dep' instructions. -// Then it uses 'zxt' which is an I-type, but can be replaced with -// 'and' which in turn can be assigned to M-port [there're double as -// much M-ports as there're I-ports on Itanium 2]. By sacrificing few -// registers for small constants (255, 24 and 16) to be used with -// 'shr' and 'and' instructions I can achieve better ILP, Instruction -// Level Parallelism, and performance. This code outperforms GCC 3.3 -// generated code by over factor of 2 (two), GCC 3.4 - by 70% and -// HP C - by 40%. Measured best-case scenario, i.e. aligned -// big-endian input, ECB timing on Itanium 2 is (18 + 13*rounds) -// ticks per block, or 9.25 CPU cycles per byte for 128 bit key. - -// Version 1.2 mitigates the hazard of cache-timing attacks by -// a) compressing S-boxes from 8KB to 2KB+256B, b) scheduling -// references to S-boxes for L2 cache latency, c) prefetching T[ed]4 -// prior last round. As result performance dropped to (26 + 15*rounds) -// ticks per block or 11 cycles per byte processed with 128-bit key. -// This is ~16% deterioration. For reference Itanium 2 L1 cache has -// 64 bytes line size and L2 - 128 bytes... - -.ident "aes-ia64.S, version 1.2" -.ident "IA-64 ISA artwork by Andy Polyakov " -.explicit -.text - -rk0=r8; rk1=r9; - -pfssave=r2; -lcsave=r10; -prsave=r3; -maskff=r11; -twenty4=r14; -sixteen=r15; - -te00=r16; te11=r17; te22=r18; te33=r19; -te01=r20; te12=r21; te23=r22; te30=r23; -te02=r24; te13=r25; te20=r26; te31=r27; -te03=r28; te10=r29; te21=r30; te32=r31; - -// these are rotating... -t0=r32; s0=r33; -t1=r34; s1=r35; -t2=r36; s2=r37; -t3=r38; s3=r39; - -te0=r40; te1=r41; te2=r42; te3=r43; - -#if defined(_HPUX_SOURCE) && !defined(_LP64) -# define ADDP addp4 -#else -# define ADDP add -#endif - -// Offsets from Te0 -#define TE0 0 -#define TE2 2 -#if defined(_HPUX_SOURCE) || defined(B_ENDIAN) -#define TE1 3 -#define TE3 1 -#else -#define TE1 1 -#define TE3 3 -#endif - -// This implies that AES_KEY comprises 32-bit key schedule elements -// even on LP64 platforms. -#ifndef KSZ -# define KSZ 4 -# define LDKEY ld4 -#endif - -.proc _ia64_AES_encrypt# -// Input: rk0-rk1 -// te0 -// te3 as AES_KEY->rounds!!! -// s0-s3 -// maskff,twenty4,sixteen -// Output: r16,r20,r24,r28 as s0-s3 -// Clobber: r16-r31,rk0-rk1,r32-r43 -.align 32 -_ia64_AES_encrypt: - .prologue - .altrp b6 - .body -{ .mmi; alloc r16=ar.pfs,12,0,0,8 - LDKEY t0=[rk0],2*KSZ - mov pr.rot=1<<16 } -{ .mmi; LDKEY t1=[rk1],2*KSZ - add te1=TE1,te0 - add te3=-3,te3 };; -{ .mib; LDKEY t2=[rk0],2*KSZ - mov ar.ec=2 } -{ .mib; LDKEY t3=[rk1],2*KSZ - add te2=TE2,te0 - brp.loop.imp .Le_top,.Le_end-16 };; - -{ .mmi; xor s0=s0,t0 - xor s1=s1,t1 - mov ar.lc=te3 } -{ .mmi; xor s2=s2,t2 - xor s3=s3,t3 - add te3=TE3,te0 };; - -.align 32 -.Le_top: -{ .mmi; (p0) LDKEY t0=[rk0],2*KSZ // 0/0:rk[0] - (p0) and te33=s3,maskff // 0/0:s3&0xff - (p0) extr.u te22=s2,8,8 } // 0/0:s2>>8&0xff -{ .mmi; (p0) LDKEY t1=[rk1],2*KSZ // 0/1:rk[1] - (p0) and te30=s0,maskff // 0/1:s0&0xff - (p0) shr.u te00=s0,twenty4 };; // 0/0:s0>>24 -{ .mmi; (p0) LDKEY t2=[rk0],2*KSZ // 1/2:rk[2] - (p0) shladd te33=te33,3,te3 // 1/0:te0+s0>>24 - (p0) extr.u te23=s3,8,8 } // 1/1:s3>>8&0xff -{ .mmi; (p0) LDKEY t3=[rk1],2*KSZ // 1/3:rk[3] - (p0) shladd te30=te30,3,te3 // 1/1:te3+s0 - (p0) shr.u te01=s1,twenty4 };; // 1/1:s1>>24 -{ .mmi; (p0) ld4 te33=[te33] // 2/0:te3[s3&0xff] - (p0) shladd te22=te22,3,te2 // 2/0:te2+s2>>8&0xff - (p0) extr.u te20=s0,8,8 } // 2/2:s0>>8&0xff -{ .mmi; (p0) ld4 te30=[te30] // 2/1:te3[s0] - (p0) shladd te23=te23,3,te2 // 2/1:te2+s3>>8 - (p0) shr.u te02=s2,twenty4 };; // 2/2:s2>>24 -{ .mmi; (p0) ld4 te22=[te22] // 3/0:te2[s2>>8] - (p0) shladd te20=te20,3,te2 // 3/2:te2+s0>>8 - (p0) extr.u te21=s1,8,8 } // 3/3:s1>>8&0xff -{ .mmi; (p0) ld4 te23=[te23] // 3/1:te2[s3>>8] - (p0) shladd te00=te00,3,te0 // 3/0:te0+s0>>24 - (p0) shr.u te03=s3,twenty4 };; // 3/3:s3>>24 -{ .mmi; (p0) ld4 te20=[te20] // 4/2:te2[s0>>8] - (p0) shladd te21=te21,3,te2 // 4/3:te3+s2 - (p0) extr.u te11=s1,16,8 } // 4/0:s1>>16&0xff -{ .mmi; (p0) ld4 te00=[te00] // 4/0:te0[s0>>24] - (p0) shladd te01=te01,3,te0 // 4/1:te0+s1>>24 - (p0) shr.u te13=s3,sixteen };; // 4/2:s3>>16 -{ .mmi; (p0) ld4 te21=[te21] // 5/3:te2[s1>>8] - (p0) shladd te11=te11,3,te1 // 5/0:te1+s1>>16 - (p0) extr.u te12=s2,16,8 } // 5/1:s2>>16&0xff -{ .mmi; (p0) ld4 te01=[te01] // 5/1:te0[s1>>24] - (p0) shladd te02=te02,3,te0 // 5/2:te0+s2>>24 - (p0) and te31=s1,maskff };; // 5/2:s1&0xff -{ .mmi; (p0) ld4 te11=[te11] // 6/0:te1[s1>>16] - (p0) shladd te12=te12,3,te1 // 6/1:te1+s2>>16 - (p0) extr.u te10=s0,16,8 } // 6/3:s0>>16&0xff -{ .mmi; (p0) ld4 te02=[te02] // 6/2:te0[s2>>24] - (p0) shladd te03=te03,3,te0 // 6/3:te1+s0>>16 - (p0) and te32=s2,maskff };; // 6/3:s2&0xff - -{ .mmi; (p0) ld4 te12=[te12] // 7/1:te1[s2>>16] - (p0) shladd te31=te31,3,te3 // 7/2:te3+s1&0xff - (p0) and te13=te13,maskff} // 7/2:s3>>16&0xff -{ .mmi; (p0) ld4 te03=[te03] // 7/3:te0[s3>>24] - (p0) shladd te32=te32,3,te3 // 7/3:te3+s2 - (p0) xor t0=t0,te33 };; // 7/0: -{ .mmi; (p0) ld4 te31=[te31] // 8/2:te3[s1] - (p0) shladd te13=te13,3,te1 // 8/2:te1+s3>>16 - (p0) xor t0=t0,te22 } // 8/0: -{ .mmi; (p0) ld4 te32=[te32] // 8/3:te3[s2] - (p0) shladd te10=te10,3,te1 // 8/3:te1+s0>>16 - (p0) xor t1=t1,te30 };; // 8/1: -{ .mmi; (p0) ld4 te13=[te13] // 9/2:te1[s3>>16] - (p0) ld4 te10=[te10] // 9/3:te1[s0>>16] - (p0) xor t0=t0,te00 };; // 9/0: !L2 scheduling -{ .mmi; (p0) xor t1=t1,te23 // 10[9]/1: - (p0) xor t2=t2,te20 // 10[9]/2: - (p0) xor t3=t3,te21 };; // 10[9]/3: -{ .mmi; (p0) xor t0=t0,te11 // 11[10]/0:done! - (p0) xor t1=t1,te01 // 11[10]/1: - (p0) xor t2=t2,te02 };; // 11[10]/2: !L2 scheduling -{ .mmi; (p0) xor t3=t3,te03 // 12[10]/3: - (p16) cmp.eq p0,p17=r0,r0 };; // 12[10]/clear (p17) -{ .mmi; (p0) xor t1=t1,te12 // 13[11]/1:done! - (p0) xor t2=t2,te31 // 13[11]/2: - (p0) xor t3=t3,te32 } // 13[11]/3: -{ .mmi; (p17) add te0=2048,te0 // 13[11]/ - (p17) add te1=2048+64-TE1,te1};; // 13[11]/ -{ .mib; (p0) xor t2=t2,te13 // 14[12]/2:done! - (p17) add te2=2048+128-TE2,te2} // 14[12]/ -{ .mib; (p0) xor t3=t3,te10 // 14[12]/3:done! - (p17) add te3=2048+192-TE3,te3 // 14[12]/ - br.ctop.sptk .Le_top };; -.Le_end: - - -{ .mmi; ld8 te12=[te0] // prefetch Te4 - ld8 te31=[te1] } -{ .mmi; ld8 te10=[te2] - ld8 te32=[te3] } - -{ .mmi; LDKEY t0=[rk0],2*KSZ // 0/0:rk[0] - and te33=s3,maskff // 0/0:s3&0xff - extr.u te22=s2,8,8 } // 0/0:s2>>8&0xff -{ .mmi; LDKEY t1=[rk1],2*KSZ // 0/1:rk[1] - and te30=s0,maskff // 0/1:s0&0xff - shr.u te00=s0,twenty4 };; // 0/0:s0>>24 -{ .mmi; LDKEY t2=[rk0],2*KSZ // 1/2:rk[2] - add te33=te33,te0 // 1/0:te0+s0>>24 - extr.u te23=s3,8,8 } // 1/1:s3>>8&0xff -{ .mmi; LDKEY t3=[rk1],2*KSZ // 1/3:rk[3] - add te30=te30,te0 // 1/1:te0+s0 - shr.u te01=s1,twenty4 };; // 1/1:s1>>24 -{ .mmi; ld1 te33=[te33] // 2/0:te0[s3&0xff] - add te22=te22,te0 // 2/0:te0+s2>>8&0xff - extr.u te20=s0,8,8 } // 2/2:s0>>8&0xff -{ .mmi; ld1 te30=[te30] // 2/1:te0[s0] - add te23=te23,te0 // 2/1:te0+s3>>8 - shr.u te02=s2,twenty4 };; // 2/2:s2>>24 -{ .mmi; ld1 te22=[te22] // 3/0:te0[s2>>8] - add te20=te20,te0 // 3/2:te0+s0>>8 - extr.u te21=s1,8,8 } // 3/3:s1>>8&0xff -{ .mmi; ld1 te23=[te23] // 3/1:te0[s3>>8] - add te00=te00,te0 // 3/0:te0+s0>>24 - shr.u te03=s3,twenty4 };; // 3/3:s3>>24 -{ .mmi; ld1 te20=[te20] // 4/2:te0[s0>>8] - add te21=te21,te0 // 4/3:te0+s2 - extr.u te11=s1,16,8 } // 4/0:s1>>16&0xff -{ .mmi; ld1 te00=[te00] // 4/0:te0[s0>>24] - add te01=te01,te0 // 4/1:te0+s1>>24 - shr.u te13=s3,sixteen };; // 4/2:s3>>16 -{ .mmi; ld1 te21=[te21] // 5/3:te0[s1>>8] - add te11=te11,te0 // 5/0:te0+s1>>16 - extr.u te12=s2,16,8 } // 5/1:s2>>16&0xff -{ .mmi; ld1 te01=[te01] // 5/1:te0[s1>>24] - add te02=te02,te0 // 5/2:te0+s2>>24 - and te31=s1,maskff };; // 5/2:s1&0xff -{ .mmi; ld1 te11=[te11] // 6/0:te0[s1>>16] - add te12=te12,te0 // 6/1:te0+s2>>16 - extr.u te10=s0,16,8 } // 6/3:s0>>16&0xff -{ .mmi; ld1 te02=[te02] // 6/2:te0[s2>>24] - add te03=te03,te0 // 6/3:te0+s0>>16 - and te32=s2,maskff };; // 6/3:s2&0xff - -{ .mmi; ld1 te12=[te12] // 7/1:te0[s2>>16] - add te31=te31,te0 // 7/2:te0+s1&0xff - dep te33=te22,te33,8,8} // 7/0: -{ .mmi; ld1 te03=[te03] // 7/3:te0[s3>>24] - add te32=te32,te0 // 7/3:te0+s2 - and te13=te13,maskff};; // 7/2:s3>>16&0xff -{ .mmi; ld1 te31=[te31] // 8/2:te0[s1] - add te13=te13,te0 // 8/2:te0+s3>>16 - dep te30=te23,te30,8,8} // 8/1: -{ .mmi; ld1 te32=[te32] // 8/3:te0[s2] - add te10=te10,te0 // 8/3:te0+s0>>16 - shl te00=te00,twenty4};; // 8/0: -{ .mii; ld1 te13=[te13] // 9/2:te0[s3>>16] - dep te33=te11,te33,16,8 // 9/0: - shl te01=te01,twenty4};; // 9/1: -{ .mii; ld1 te10=[te10] // 10/3:te0[s0>>16] - dep te31=te20,te31,8,8 // 10/2: - shl te02=te02,twenty4};; // 10/2: -{ .mii; xor t0=t0,te33 // 11/0: - dep te32=te21,te32,8,8 // 11/3: - shl te12=te12,sixteen};; // 11/1: -{ .mii; xor r16=t0,te00 // 12/0:done! - dep te31=te13,te31,16,8 // 12/2: - shl te03=te03,twenty4};; // 12/3: -{ .mmi; xor t1=t1,te01 // 13/1: - xor t2=t2,te02 // 13/2: - dep te32=te10,te32,16,8};; // 13/3: -{ .mmi; xor t1=t1,te30 // 14/1: - xor r24=t2,te31 // 14/2:done! - xor t3=t3,te32 };; // 14/3: -{ .mib; xor r20=t1,te12 // 15/1:done! - xor r28=t3,te03 // 15/3:done! - br.ret.sptk b6 };; -.endp _ia64_AES_encrypt# - -// void AES_encrypt (const void *in,void *out,const AES_KEY *key); -.global AES_encrypt# -.proc AES_encrypt# -.align 32 -AES_encrypt: - .prologue - .save ar.pfs,pfssave -{ .mmi; alloc pfssave=ar.pfs,3,1,12,0 - and out0=3,in0 - mov r3=ip } -{ .mmi; ADDP in0=0,in0 - mov loc0=psr.um - ADDP out11=KSZ*60,in2 };; // &AES_KEY->rounds - -{ .mmi; ld4 out11=[out11] // AES_KEY->rounds - add out8=(AES_Te#-AES_encrypt#),r3 // Te0 - .save pr,prsave - mov prsave=pr } -{ .mmi; rum 1<<3 // clear um.ac - .save ar.lc,lcsave - mov lcsave=ar.lc };; - - .body -#if defined(_HPUX_SOURCE) // HPUX is big-endian, cut 15+15 cycles... -{ .mib; cmp.ne p6,p0=out0,r0 - add out0=4,in0 -(p6) br.dpnt.many .Le_i_unaligned };; - -{ .mmi; ld4 out1=[in0],8 // s0 - and out9=3,in1 - mov twenty4=24 } -{ .mmi; ld4 out3=[out0],8 // s1 - ADDP rk0=0,in2 - mov sixteen=16 };; -{ .mmi; ld4 out5=[in0] // s2 - cmp.ne p6,p0=out9,r0 - mov maskff=0xff } -{ .mmb; ld4 out7=[out0] // s3 - ADDP rk1=KSZ,in2 - br.call.sptk.many b6=_ia64_AES_encrypt };; - -{ .mib; ADDP in0=4,in1 - ADDP in1=0,in1 -(p6) br.spnt .Le_o_unaligned };; - -{ .mii; mov psr.um=loc0 - mov ar.pfs=pfssave - mov ar.lc=lcsave };; -{ .mmi; st4 [in1]=r16,8 // s0 - st4 [in0]=r20,8 // s1 - mov pr=prsave,0x1ffff };; -{ .mmb; st4 [in1]=r24 // s2 - st4 [in0]=r28 // s3 - br.ret.sptk.many b0 };; -#endif - -.align 32 -.Le_i_unaligned: -{ .mmi; add out0=1,in0 - add out2=2,in0 - add out4=3,in0 };; -{ .mmi; ld1 r16=[in0],4 - ld1 r17=[out0],4 }//;; -{ .mmi; ld1 r18=[out2],4 - ld1 out1=[out4],4 };; // s0 -{ .mmi; ld1 r20=[in0],4 - ld1 r21=[out0],4 }//;; -{ .mmi; ld1 r22=[out2],4 - ld1 out3=[out4],4 };; // s1 -{ .mmi; ld1 r24=[in0],4 - ld1 r25=[out0],4 }//;; -{ .mmi; ld1 r26=[out2],4 - ld1 out5=[out4],4 };; // s2 -{ .mmi; ld1 r28=[in0] - ld1 r29=[out0] }//;; -{ .mmi; ld1 r30=[out2] - ld1 out7=[out4] };; // s3 - -{ .mii; - dep out1=r16,out1,24,8 //;; - dep out3=r20,out3,24,8 }//;; -{ .mii; ADDP rk0=0,in2 - dep out5=r24,out5,24,8 //;; - dep out7=r28,out7,24,8 };; -{ .mii; ADDP rk1=KSZ,in2 - dep out1=r17,out1,16,8 //;; - dep out3=r21,out3,16,8 }//;; -{ .mii; mov twenty4=24 - dep out5=r25,out5,16,8 //;; - dep out7=r29,out7,16,8 };; -{ .mii; mov sixteen=16 - dep out1=r18,out1,8,8 //;; - dep out3=r22,out3,8,8 }//;; -{ .mii; mov maskff=0xff - dep out5=r26,out5,8,8 //;; - dep out7=r30,out7,8,8 };; - -{ .mib; br.call.sptk.many b6=_ia64_AES_encrypt };; - -.Le_o_unaligned: -{ .mii; ADDP out0=0,in1 - extr.u r17=r16,8,8 // s0 - shr.u r19=r16,twenty4 }//;; -{ .mii; ADDP out1=1,in1 - extr.u r18=r16,16,8 - shr.u r23=r20,twenty4 }//;; // s1 -{ .mii; ADDP out2=2,in1 - extr.u r21=r20,8,8 - shr.u r22=r20,sixteen }//;; -{ .mii; ADDP out3=3,in1 - extr.u r25=r24,8,8 // s2 - shr.u r27=r24,twenty4 };; -{ .mii; st1 [out3]=r16,4 - extr.u r26=r24,16,8 - shr.u r31=r28,twenty4 }//;; // s3 -{ .mii; st1 [out2]=r17,4 - extr.u r29=r28,8,8 - shr.u r30=r28,sixteen }//;; - -{ .mmi; st1 [out1]=r18,4 - st1 [out0]=r19,4 };; -{ .mmi; st1 [out3]=r20,4 - st1 [out2]=r21,4 }//;; -{ .mmi; st1 [out1]=r22,4 - st1 [out0]=r23,4 };; -{ .mmi; st1 [out3]=r24,4 - st1 [out2]=r25,4 - mov pr=prsave,0x1ffff }//;; -{ .mmi; st1 [out1]=r26,4 - st1 [out0]=r27,4 - mov ar.pfs=pfssave };; -{ .mmi; st1 [out3]=r28 - st1 [out2]=r29 - mov ar.lc=lcsave }//;; -{ .mmi; st1 [out1]=r30 - st1 [out0]=r31 } -{ .mfb; mov psr.um=loc0 // restore user mask - br.ret.sptk.many b0 };; -.endp AES_encrypt# - -// *AES_decrypt are autogenerated by the following script: -#if 0 -#!/usr/bin/env perl -print "// *AES_decrypt are autogenerated by the following script:\n#if 0\n"; -open(PROG,'<'.$0); while() { print; } close(PROG); -print "#endif\n"; -while(<>) { - $process=1 if (/\.proc\s+_ia64_AES_encrypt/); - next if (!$process); - - #s/te00=s0/td00=s0/; s/te00/td00/g; - s/te11=s1/td13=s3/; s/te11/td13/g; - #s/te22=s2/td22=s2/; s/te22/td22/g; - s/te33=s3/td31=s1/; s/te33/td31/g; - - #s/te01=s1/td01=s1/; s/te01/td01/g; - s/te12=s2/td10=s0/; s/te12/td10/g; - #s/te23=s3/td23=s3/; s/te23/td23/g; - s/te30=s0/td32=s2/; s/te30/td32/g; - - #s/te02=s2/td02=s2/; s/te02/td02/g; - s/te13=s3/td11=s1/; s/te13/td11/g; - #s/te20=s0/td20=s0/; s/te20/td20/g; - s/te31=s1/td33=s3/; s/te31/td33/g; - - #s/te03=s3/td03=s3/; s/te03/td03/g; - s/te10=s0/td12=s2/; s/te10/td12/g; - #s/te21=s1/td21=s1/; s/te21/td21/g; - s/te32=s2/td30=s0/; s/te32/td30/g; - - s/td/te/g; - - s/AES_encrypt/AES_decrypt/g; - s/\.Le_/.Ld_/g; - s/AES_Te#/AES_Td#/g; - - print; - - exit if (/\.endp\s+AES_decrypt/); -} -#endif -.proc _ia64_AES_decrypt# -// Input: rk0-rk1 -// te0 -// te3 as AES_KEY->rounds!!! -// s0-s3 -// maskff,twenty4,sixteen -// Output: r16,r20,r24,r28 as s0-s3 -// Clobber: r16-r31,rk0-rk1,r32-r43 -.align 32 -_ia64_AES_decrypt: - .prologue - .altrp b6 - .body -{ .mmi; alloc r16=ar.pfs,12,0,0,8 - LDKEY t0=[rk0],2*KSZ - mov pr.rot=1<<16 } -{ .mmi; LDKEY t1=[rk1],2*KSZ - add te1=TE1,te0 - add te3=-3,te3 };; -{ .mib; LDKEY t2=[rk0],2*KSZ - mov ar.ec=2 } -{ .mib; LDKEY t3=[rk1],2*KSZ - add te2=TE2,te0 - brp.loop.imp .Ld_top,.Ld_end-16 };; - -{ .mmi; xor s0=s0,t0 - xor s1=s1,t1 - mov ar.lc=te3 } -{ .mmi; xor s2=s2,t2 - xor s3=s3,t3 - add te3=TE3,te0 };; - -.align 32 -.Ld_top: -{ .mmi; (p0) LDKEY t0=[rk0],2*KSZ // 0/0:rk[0] - (p0) and te31=s1,maskff // 0/0:s3&0xff - (p0) extr.u te22=s2,8,8 } // 0/0:s2>>8&0xff -{ .mmi; (p0) LDKEY t1=[rk1],2*KSZ // 0/1:rk[1] - (p0) and te32=s2,maskff // 0/1:s0&0xff - (p0) shr.u te00=s0,twenty4 };; // 0/0:s0>>24 -{ .mmi; (p0) LDKEY t2=[rk0],2*KSZ // 1/2:rk[2] - (p0) shladd te31=te31,3,te3 // 1/0:te0+s0>>24 - (p0) extr.u te23=s3,8,8 } // 1/1:s3>>8&0xff -{ .mmi; (p0) LDKEY t3=[rk1],2*KSZ // 1/3:rk[3] - (p0) shladd te32=te32,3,te3 // 1/1:te3+s0 - (p0) shr.u te01=s1,twenty4 };; // 1/1:s1>>24 -{ .mmi; (p0) ld4 te31=[te31] // 2/0:te3[s3&0xff] - (p0) shladd te22=te22,3,te2 // 2/0:te2+s2>>8&0xff - (p0) extr.u te20=s0,8,8 } // 2/2:s0>>8&0xff -{ .mmi; (p0) ld4 te32=[te32] // 2/1:te3[s0] - (p0) shladd te23=te23,3,te2 // 2/1:te2+s3>>8 - (p0) shr.u te02=s2,twenty4 };; // 2/2:s2>>24 -{ .mmi; (p0) ld4 te22=[te22] // 3/0:te2[s2>>8] - (p0) shladd te20=te20,3,te2 // 3/2:te2+s0>>8 - (p0) extr.u te21=s1,8,8 } // 3/3:s1>>8&0xff -{ .mmi; (p0) ld4 te23=[te23] // 3/1:te2[s3>>8] - (p0) shladd te00=te00,3,te0 // 3/0:te0+s0>>24 - (p0) shr.u te03=s3,twenty4 };; // 3/3:s3>>24 -{ .mmi; (p0) ld4 te20=[te20] // 4/2:te2[s0>>8] - (p0) shladd te21=te21,3,te2 // 4/3:te3+s2 - (p0) extr.u te13=s3,16,8 } // 4/0:s1>>16&0xff -{ .mmi; (p0) ld4 te00=[te00] // 4/0:te0[s0>>24] - (p0) shladd te01=te01,3,te0 // 4/1:te0+s1>>24 - (p0) shr.u te11=s1,sixteen };; // 4/2:s3>>16 -{ .mmi; (p0) ld4 te21=[te21] // 5/3:te2[s1>>8] - (p0) shladd te13=te13,3,te1 // 5/0:te1+s1>>16 - (p0) extr.u te10=s0,16,8 } // 5/1:s2>>16&0xff -{ .mmi; (p0) ld4 te01=[te01] // 5/1:te0[s1>>24] - (p0) shladd te02=te02,3,te0 // 5/2:te0+s2>>24 - (p0) and te33=s3,maskff };; // 5/2:s1&0xff -{ .mmi; (p0) ld4 te13=[te13] // 6/0:te1[s1>>16] - (p0) shladd te10=te10,3,te1 // 6/1:te1+s2>>16 - (p0) extr.u te12=s2,16,8 } // 6/3:s0>>16&0xff -{ .mmi; (p0) ld4 te02=[te02] // 6/2:te0[s2>>24] - (p0) shladd te03=te03,3,te0 // 6/3:te1+s0>>16 - (p0) and te30=s0,maskff };; // 6/3:s2&0xff - -{ .mmi; (p0) ld4 te10=[te10] // 7/1:te1[s2>>16] - (p0) shladd te33=te33,3,te3 // 7/2:te3+s1&0xff - (p0) and te11=te11,maskff} // 7/2:s3>>16&0xff -{ .mmi; (p0) ld4 te03=[te03] // 7/3:te0[s3>>24] - (p0) shladd te30=te30,3,te3 // 7/3:te3+s2 - (p0) xor t0=t0,te31 };; // 7/0: -{ .mmi; (p0) ld4 te33=[te33] // 8/2:te3[s1] - (p0) shladd te11=te11,3,te1 // 8/2:te1+s3>>16 - (p0) xor t0=t0,te22 } // 8/0: -{ .mmi; (p0) ld4 te30=[te30] // 8/3:te3[s2] - (p0) shladd te12=te12,3,te1 // 8/3:te1+s0>>16 - (p0) xor t1=t1,te32 };; // 8/1: -{ .mmi; (p0) ld4 te11=[te11] // 9/2:te1[s3>>16] - (p0) ld4 te12=[te12] // 9/3:te1[s0>>16] - (p0) xor t0=t0,te00 };; // 9/0: !L2 scheduling -{ .mmi; (p0) xor t1=t1,te23 // 10[9]/1: - (p0) xor t2=t2,te20 // 10[9]/2: - (p0) xor t3=t3,te21 };; // 10[9]/3: -{ .mmi; (p0) xor t0=t0,te13 // 11[10]/0:done! - (p0) xor t1=t1,te01 // 11[10]/1: - (p0) xor t2=t2,te02 };; // 11[10]/2: !L2 scheduling -{ .mmi; (p0) xor t3=t3,te03 // 12[10]/3: - (p16) cmp.eq p0,p17=r0,r0 };; // 12[10]/clear (p17) -{ .mmi; (p0) xor t1=t1,te10 // 13[11]/1:done! - (p0) xor t2=t2,te33 // 13[11]/2: - (p0) xor t3=t3,te30 } // 13[11]/3: -{ .mmi; (p17) add te0=2048,te0 // 13[11]/ - (p17) add te1=2048+64-TE1,te1};; // 13[11]/ -{ .mib; (p0) xor t2=t2,te11 // 14[12]/2:done! - (p17) add te2=2048+128-TE2,te2} // 14[12]/ -{ .mib; (p0) xor t3=t3,te12 // 14[12]/3:done! - (p17) add te3=2048+192-TE3,te3 // 14[12]/ - br.ctop.sptk .Ld_top };; -.Ld_end: - - -{ .mmi; ld8 te10=[te0] // prefetch Td4 - ld8 te33=[te1] } -{ .mmi; ld8 te12=[te2] - ld8 te30=[te3] } - -{ .mmi; LDKEY t0=[rk0],2*KSZ // 0/0:rk[0] - and te31=s1,maskff // 0/0:s3&0xff - extr.u te22=s2,8,8 } // 0/0:s2>>8&0xff -{ .mmi; LDKEY t1=[rk1],2*KSZ // 0/1:rk[1] - and te32=s2,maskff // 0/1:s0&0xff - shr.u te00=s0,twenty4 };; // 0/0:s0>>24 -{ .mmi; LDKEY t2=[rk0],2*KSZ // 1/2:rk[2] - add te31=te31,te0 // 1/0:te0+s0>>24 - extr.u te23=s3,8,8 } // 1/1:s3>>8&0xff -{ .mmi; LDKEY t3=[rk1],2*KSZ // 1/3:rk[3] - add te32=te32,te0 // 1/1:te0+s0 - shr.u te01=s1,twenty4 };; // 1/1:s1>>24 -{ .mmi; ld1 te31=[te31] // 2/0:te0[s3&0xff] - add te22=te22,te0 // 2/0:te0+s2>>8&0xff - extr.u te20=s0,8,8 } // 2/2:s0>>8&0xff -{ .mmi; ld1 te32=[te32] // 2/1:te0[s0] - add te23=te23,te0 // 2/1:te0+s3>>8 - shr.u te02=s2,twenty4 };; // 2/2:s2>>24 -{ .mmi; ld1 te22=[te22] // 3/0:te0[s2>>8] - add te20=te20,te0 // 3/2:te0+s0>>8 - extr.u te21=s1,8,8 } // 3/3:s1>>8&0xff -{ .mmi; ld1 te23=[te23] // 3/1:te0[s3>>8] - add te00=te00,te0 // 3/0:te0+s0>>24 - shr.u te03=s3,twenty4 };; // 3/3:s3>>24 -{ .mmi; ld1 te20=[te20] // 4/2:te0[s0>>8] - add te21=te21,te0 // 4/3:te0+s2 - extr.u te13=s3,16,8 } // 4/0:s1>>16&0xff -{ .mmi; ld1 te00=[te00] // 4/0:te0[s0>>24] - add te01=te01,te0 // 4/1:te0+s1>>24 - shr.u te11=s1,sixteen };; // 4/2:s3>>16 -{ .mmi; ld1 te21=[te21] // 5/3:te0[s1>>8] - add te13=te13,te0 // 5/0:te0+s1>>16 - extr.u te10=s0,16,8 } // 5/1:s2>>16&0xff -{ .mmi; ld1 te01=[te01] // 5/1:te0[s1>>24] - add te02=te02,te0 // 5/2:te0+s2>>24 - and te33=s3,maskff };; // 5/2:s1&0xff -{ .mmi; ld1 te13=[te13] // 6/0:te0[s1>>16] - add te10=te10,te0 // 6/1:te0+s2>>16 - extr.u te12=s2,16,8 } // 6/3:s0>>16&0xff -{ .mmi; ld1 te02=[te02] // 6/2:te0[s2>>24] - add te03=te03,te0 // 6/3:te0+s0>>16 - and te30=s0,maskff };; // 6/3:s2&0xff - -{ .mmi; ld1 te10=[te10] // 7/1:te0[s2>>16] - add te33=te33,te0 // 7/2:te0+s1&0xff - dep te31=te22,te31,8,8} // 7/0: -{ .mmi; ld1 te03=[te03] // 7/3:te0[s3>>24] - add te30=te30,te0 // 7/3:te0+s2 - and te11=te11,maskff};; // 7/2:s3>>16&0xff -{ .mmi; ld1 te33=[te33] // 8/2:te0[s1] - add te11=te11,te0 // 8/2:te0+s3>>16 - dep te32=te23,te32,8,8} // 8/1: -{ .mmi; ld1 te30=[te30] // 8/3:te0[s2] - add te12=te12,te0 // 8/3:te0+s0>>16 - shl te00=te00,twenty4};; // 8/0: -{ .mii; ld1 te11=[te11] // 9/2:te0[s3>>16] - dep te31=te13,te31,16,8 // 9/0: - shl te01=te01,twenty4};; // 9/1: -{ .mii; ld1 te12=[te12] // 10/3:te0[s0>>16] - dep te33=te20,te33,8,8 // 10/2: - shl te02=te02,twenty4};; // 10/2: -{ .mii; xor t0=t0,te31 // 11/0: - dep te30=te21,te30,8,8 // 11/3: - shl te10=te10,sixteen};; // 11/1: -{ .mii; xor r16=t0,te00 // 12/0:done! - dep te33=te11,te33,16,8 // 12/2: - shl te03=te03,twenty4};; // 12/3: -{ .mmi; xor t1=t1,te01 // 13/1: - xor t2=t2,te02 // 13/2: - dep te30=te12,te30,16,8};; // 13/3: -{ .mmi; xor t1=t1,te32 // 14/1: - xor r24=t2,te33 // 14/2:done! - xor t3=t3,te30 };; // 14/3: -{ .mib; xor r20=t1,te10 // 15/1:done! - xor r28=t3,te03 // 15/3:done! - br.ret.sptk b6 };; -.endp _ia64_AES_decrypt# - -// void AES_decrypt (const void *in,void *out,const AES_KEY *key); -.global AES_decrypt# -.proc AES_decrypt# -.align 32 -AES_decrypt: - .prologue - .save ar.pfs,pfssave -{ .mmi; alloc pfssave=ar.pfs,3,1,12,0 - and out0=3,in0 - mov r3=ip } -{ .mmi; ADDP in0=0,in0 - mov loc0=psr.um - ADDP out11=KSZ*60,in2 };; // &AES_KEY->rounds - -{ .mmi; ld4 out11=[out11] // AES_KEY->rounds - add out8=(AES_Td#-AES_decrypt#),r3 // Te0 - .save pr,prsave - mov prsave=pr } -{ .mmi; rum 1<<3 // clear um.ac - .save ar.lc,lcsave - mov lcsave=ar.lc };; - - .body -#if defined(_HPUX_SOURCE) // HPUX is big-endian, cut 15+15 cycles... -{ .mib; cmp.ne p6,p0=out0,r0 - add out0=4,in0 -(p6) br.dpnt.many .Ld_i_unaligned };; - -{ .mmi; ld4 out1=[in0],8 // s0 - and out9=3,in1 - mov twenty4=24 } -{ .mmi; ld4 out3=[out0],8 // s1 - ADDP rk0=0,in2 - mov sixteen=16 };; -{ .mmi; ld4 out5=[in0] // s2 - cmp.ne p6,p0=out9,r0 - mov maskff=0xff } -{ .mmb; ld4 out7=[out0] // s3 - ADDP rk1=KSZ,in2 - br.call.sptk.many b6=_ia64_AES_decrypt };; - -{ .mib; ADDP in0=4,in1 - ADDP in1=0,in1 -(p6) br.spnt .Ld_o_unaligned };; - -{ .mii; mov psr.um=loc0 - mov ar.pfs=pfssave - mov ar.lc=lcsave };; -{ .mmi; st4 [in1]=r16,8 // s0 - st4 [in0]=r20,8 // s1 - mov pr=prsave,0x1ffff };; -{ .mmb; st4 [in1]=r24 // s2 - st4 [in0]=r28 // s3 - br.ret.sptk.many b0 };; -#endif - -.align 32 -.Ld_i_unaligned: -{ .mmi; add out0=1,in0 - add out2=2,in0 - add out4=3,in0 };; -{ .mmi; ld1 r16=[in0],4 - ld1 r17=[out0],4 }//;; -{ .mmi; ld1 r18=[out2],4 - ld1 out1=[out4],4 };; // s0 -{ .mmi; ld1 r20=[in0],4 - ld1 r21=[out0],4 }//;; -{ .mmi; ld1 r22=[out2],4 - ld1 out3=[out4],4 };; // s1 -{ .mmi; ld1 r24=[in0],4 - ld1 r25=[out0],4 }//;; -{ .mmi; ld1 r26=[out2],4 - ld1 out5=[out4],4 };; // s2 -{ .mmi; ld1 r28=[in0] - ld1 r29=[out0] }//;; -{ .mmi; ld1 r30=[out2] - ld1 out7=[out4] };; // s3 - -{ .mii; - dep out1=r16,out1,24,8 //;; - dep out3=r20,out3,24,8 }//;; -{ .mii; ADDP rk0=0,in2 - dep out5=r24,out5,24,8 //;; - dep out7=r28,out7,24,8 };; -{ .mii; ADDP rk1=KSZ,in2 - dep out1=r17,out1,16,8 //;; - dep out3=r21,out3,16,8 }//;; -{ .mii; mov twenty4=24 - dep out5=r25,out5,16,8 //;; - dep out7=r29,out7,16,8 };; -{ .mii; mov sixteen=16 - dep out1=r18,out1,8,8 //;; - dep out3=r22,out3,8,8 }//;; -{ .mii; mov maskff=0xff - dep out5=r26,out5,8,8 //;; - dep out7=r30,out7,8,8 };; - -{ .mib; br.call.sptk.many b6=_ia64_AES_decrypt };; - -.Ld_o_unaligned: -{ .mii; ADDP out0=0,in1 - extr.u r17=r16,8,8 // s0 - shr.u r19=r16,twenty4 }//;; -{ .mii; ADDP out1=1,in1 - extr.u r18=r16,16,8 - shr.u r23=r20,twenty4 }//;; // s1 -{ .mii; ADDP out2=2,in1 - extr.u r21=r20,8,8 - shr.u r22=r20,sixteen }//;; -{ .mii; ADDP out3=3,in1 - extr.u r25=r24,8,8 // s2 - shr.u r27=r24,twenty4 };; -{ .mii; st1 [out3]=r16,4 - extr.u r26=r24,16,8 - shr.u r31=r28,twenty4 }//;; // s3 -{ .mii; st1 [out2]=r17,4 - extr.u r29=r28,8,8 - shr.u r30=r28,sixteen }//;; - -{ .mmi; st1 [out1]=r18,4 - st1 [out0]=r19,4 };; -{ .mmi; st1 [out3]=r20,4 - st1 [out2]=r21,4 }//;; -{ .mmi; st1 [out1]=r22,4 - st1 [out0]=r23,4 };; -{ .mmi; st1 [out3]=r24,4 - st1 [out2]=r25,4 - mov pr=prsave,0x1ffff }//;; -{ .mmi; st1 [out1]=r26,4 - st1 [out0]=r27,4 - mov ar.pfs=pfssave };; -{ .mmi; st1 [out3]=r28 - st1 [out2]=r29 - mov ar.lc=lcsave }//;; -{ .mmi; st1 [out1]=r30 - st1 [out0]=r31 } -{ .mfb; mov psr.um=loc0 // restore user mask - br.ret.sptk.many b0 };; -.endp AES_decrypt# - -// leave it in .text segment... -.align 64 -.global AES_Te# -.type AES_Te#,@object -AES_Te: data4 0xc66363a5,0xc66363a5, 0xf87c7c84,0xf87c7c84 - data4 0xee777799,0xee777799, 0xf67b7b8d,0xf67b7b8d - data4 0xfff2f20d,0xfff2f20d, 0xd66b6bbd,0xd66b6bbd - data4 0xde6f6fb1,0xde6f6fb1, 0x91c5c554,0x91c5c554 - data4 0x60303050,0x60303050, 0x02010103,0x02010103 - data4 0xce6767a9,0xce6767a9, 0x562b2b7d,0x562b2b7d - data4 0xe7fefe19,0xe7fefe19, 0xb5d7d762,0xb5d7d762 - data4 0x4dababe6,0x4dababe6, 0xec76769a,0xec76769a - data4 0x8fcaca45,0x8fcaca45, 0x1f82829d,0x1f82829d - data4 0x89c9c940,0x89c9c940, 0xfa7d7d87,0xfa7d7d87 - data4 0xeffafa15,0xeffafa15, 0xb25959eb,0xb25959eb - data4 0x8e4747c9,0x8e4747c9, 0xfbf0f00b,0xfbf0f00b - data4 0x41adadec,0x41adadec, 0xb3d4d467,0xb3d4d467 - data4 0x5fa2a2fd,0x5fa2a2fd, 0x45afafea,0x45afafea - data4 0x239c9cbf,0x239c9cbf, 0x53a4a4f7,0x53a4a4f7 - data4 0xe4727296,0xe4727296, 0x9bc0c05b,0x9bc0c05b - data4 0x75b7b7c2,0x75b7b7c2, 0xe1fdfd1c,0xe1fdfd1c - data4 0x3d9393ae,0x3d9393ae, 0x4c26266a,0x4c26266a - data4 0x6c36365a,0x6c36365a, 0x7e3f3f41,0x7e3f3f41 - data4 0xf5f7f702,0xf5f7f702, 0x83cccc4f,0x83cccc4f - data4 0x6834345c,0x6834345c, 0x51a5a5f4,0x51a5a5f4 - data4 0xd1e5e534,0xd1e5e534, 0xf9f1f108,0xf9f1f108 - data4 0xe2717193,0xe2717193, 0xabd8d873,0xabd8d873 - data4 0x62313153,0x62313153, 0x2a15153f,0x2a15153f - data4 0x0804040c,0x0804040c, 0x95c7c752,0x95c7c752 - data4 0x46232365,0x46232365, 0x9dc3c35e,0x9dc3c35e - data4 0x30181828,0x30181828, 0x379696a1,0x379696a1 - data4 0x0a05050f,0x0a05050f, 0x2f9a9ab5,0x2f9a9ab5 - data4 0x0e070709,0x0e070709, 0x24121236,0x24121236 - data4 0x1b80809b,0x1b80809b, 0xdfe2e23d,0xdfe2e23d - data4 0xcdebeb26,0xcdebeb26, 0x4e272769,0x4e272769 - data4 0x7fb2b2cd,0x7fb2b2cd, 0xea75759f,0xea75759f - data4 0x1209091b,0x1209091b, 0x1d83839e,0x1d83839e - data4 0x582c2c74,0x582c2c74, 0x341a1a2e,0x341a1a2e - data4 0x361b1b2d,0x361b1b2d, 0xdc6e6eb2,0xdc6e6eb2 - data4 0xb45a5aee,0xb45a5aee, 0x5ba0a0fb,0x5ba0a0fb - data4 0xa45252f6,0xa45252f6, 0x763b3b4d,0x763b3b4d - data4 0xb7d6d661,0xb7d6d661, 0x7db3b3ce,0x7db3b3ce - data4 0x5229297b,0x5229297b, 0xdde3e33e,0xdde3e33e - data4 0x5e2f2f71,0x5e2f2f71, 0x13848497,0x13848497 - data4 0xa65353f5,0xa65353f5, 0xb9d1d168,0xb9d1d168 - data4 0x00000000,0x00000000, 0xc1eded2c,0xc1eded2c - data4 0x40202060,0x40202060, 0xe3fcfc1f,0xe3fcfc1f - data4 0x79b1b1c8,0x79b1b1c8, 0xb65b5bed,0xb65b5bed - data4 0xd46a6abe,0xd46a6abe, 0x8dcbcb46,0x8dcbcb46 - data4 0x67bebed9,0x67bebed9, 0x7239394b,0x7239394b - data4 0x944a4ade,0x944a4ade, 0x984c4cd4,0x984c4cd4 - data4 0xb05858e8,0xb05858e8, 0x85cfcf4a,0x85cfcf4a - data4 0xbbd0d06b,0xbbd0d06b, 0xc5efef2a,0xc5efef2a - data4 0x4faaaae5,0x4faaaae5, 0xedfbfb16,0xedfbfb16 - data4 0x864343c5,0x864343c5, 0x9a4d4dd7,0x9a4d4dd7 - data4 0x66333355,0x66333355, 0x11858594,0x11858594 - data4 0x8a4545cf,0x8a4545cf, 0xe9f9f910,0xe9f9f910 - data4 0x04020206,0x04020206, 0xfe7f7f81,0xfe7f7f81 - data4 0xa05050f0,0xa05050f0, 0x783c3c44,0x783c3c44 - data4 0x259f9fba,0x259f9fba, 0x4ba8a8e3,0x4ba8a8e3 - data4 0xa25151f3,0xa25151f3, 0x5da3a3fe,0x5da3a3fe - data4 0x804040c0,0x804040c0, 0x058f8f8a,0x058f8f8a - data4 0x3f9292ad,0x3f9292ad, 0x219d9dbc,0x219d9dbc - data4 0x70383848,0x70383848, 0xf1f5f504,0xf1f5f504 - data4 0x63bcbcdf,0x63bcbcdf, 0x77b6b6c1,0x77b6b6c1 - data4 0xafdada75,0xafdada75, 0x42212163,0x42212163 - data4 0x20101030,0x20101030, 0xe5ffff1a,0xe5ffff1a - data4 0xfdf3f30e,0xfdf3f30e, 0xbfd2d26d,0xbfd2d26d - data4 0x81cdcd4c,0x81cdcd4c, 0x180c0c14,0x180c0c14 - data4 0x26131335,0x26131335, 0xc3ecec2f,0xc3ecec2f - data4 0xbe5f5fe1,0xbe5f5fe1, 0x359797a2,0x359797a2 - data4 0x884444cc,0x884444cc, 0x2e171739,0x2e171739 - data4 0x93c4c457,0x93c4c457, 0x55a7a7f2,0x55a7a7f2 - data4 0xfc7e7e82,0xfc7e7e82, 0x7a3d3d47,0x7a3d3d47 - data4 0xc86464ac,0xc86464ac, 0xba5d5de7,0xba5d5de7 - data4 0x3219192b,0x3219192b, 0xe6737395,0xe6737395 - data4 0xc06060a0,0xc06060a0, 0x19818198,0x19818198 - data4 0x9e4f4fd1,0x9e4f4fd1, 0xa3dcdc7f,0xa3dcdc7f - data4 0x44222266,0x44222266, 0x542a2a7e,0x542a2a7e - data4 0x3b9090ab,0x3b9090ab, 0x0b888883,0x0b888883 - data4 0x8c4646ca,0x8c4646ca, 0xc7eeee29,0xc7eeee29 - data4 0x6bb8b8d3,0x6bb8b8d3, 0x2814143c,0x2814143c - data4 0xa7dede79,0xa7dede79, 0xbc5e5ee2,0xbc5e5ee2 - data4 0x160b0b1d,0x160b0b1d, 0xaddbdb76,0xaddbdb76 - data4 0xdbe0e03b,0xdbe0e03b, 0x64323256,0x64323256 - data4 0x743a3a4e,0x743a3a4e, 0x140a0a1e,0x140a0a1e - data4 0x924949db,0x924949db, 0x0c06060a,0x0c06060a - data4 0x4824246c,0x4824246c, 0xb85c5ce4,0xb85c5ce4 - data4 0x9fc2c25d,0x9fc2c25d, 0xbdd3d36e,0xbdd3d36e - data4 0x43acacef,0x43acacef, 0xc46262a6,0xc46262a6 - data4 0x399191a8,0x399191a8, 0x319595a4,0x319595a4 - data4 0xd3e4e437,0xd3e4e437, 0xf279798b,0xf279798b - data4 0xd5e7e732,0xd5e7e732, 0x8bc8c843,0x8bc8c843 - data4 0x6e373759,0x6e373759, 0xda6d6db7,0xda6d6db7 - data4 0x018d8d8c,0x018d8d8c, 0xb1d5d564,0xb1d5d564 - data4 0x9c4e4ed2,0x9c4e4ed2, 0x49a9a9e0,0x49a9a9e0 - data4 0xd86c6cb4,0xd86c6cb4, 0xac5656fa,0xac5656fa - data4 0xf3f4f407,0xf3f4f407, 0xcfeaea25,0xcfeaea25 - data4 0xca6565af,0xca6565af, 0xf47a7a8e,0xf47a7a8e - data4 0x47aeaee9,0x47aeaee9, 0x10080818,0x10080818 - data4 0x6fbabad5,0x6fbabad5, 0xf0787888,0xf0787888 - data4 0x4a25256f,0x4a25256f, 0x5c2e2e72,0x5c2e2e72 - data4 0x381c1c24,0x381c1c24, 0x57a6a6f1,0x57a6a6f1 - data4 0x73b4b4c7,0x73b4b4c7, 0x97c6c651,0x97c6c651 - data4 0xcbe8e823,0xcbe8e823, 0xa1dddd7c,0xa1dddd7c - data4 0xe874749c,0xe874749c, 0x3e1f1f21,0x3e1f1f21 - data4 0x964b4bdd,0x964b4bdd, 0x61bdbddc,0x61bdbddc - data4 0x0d8b8b86,0x0d8b8b86, 0x0f8a8a85,0x0f8a8a85 - data4 0xe0707090,0xe0707090, 0x7c3e3e42,0x7c3e3e42 - data4 0x71b5b5c4,0x71b5b5c4, 0xcc6666aa,0xcc6666aa - data4 0x904848d8,0x904848d8, 0x06030305,0x06030305 - data4 0xf7f6f601,0xf7f6f601, 0x1c0e0e12,0x1c0e0e12 - data4 0xc26161a3,0xc26161a3, 0x6a35355f,0x6a35355f - data4 0xae5757f9,0xae5757f9, 0x69b9b9d0,0x69b9b9d0 - data4 0x17868691,0x17868691, 0x99c1c158,0x99c1c158 - data4 0x3a1d1d27,0x3a1d1d27, 0x279e9eb9,0x279e9eb9 - data4 0xd9e1e138,0xd9e1e138, 0xebf8f813,0xebf8f813 - data4 0x2b9898b3,0x2b9898b3, 0x22111133,0x22111133 - data4 0xd26969bb,0xd26969bb, 0xa9d9d970,0xa9d9d970 - data4 0x078e8e89,0x078e8e89, 0x339494a7,0x339494a7 - data4 0x2d9b9bb6,0x2d9b9bb6, 0x3c1e1e22,0x3c1e1e22 - data4 0x15878792,0x15878792, 0xc9e9e920,0xc9e9e920 - data4 0x87cece49,0x87cece49, 0xaa5555ff,0xaa5555ff - data4 0x50282878,0x50282878, 0xa5dfdf7a,0xa5dfdf7a - data4 0x038c8c8f,0x038c8c8f, 0x59a1a1f8,0x59a1a1f8 - data4 0x09898980,0x09898980, 0x1a0d0d17,0x1a0d0d17 - data4 0x65bfbfda,0x65bfbfda, 0xd7e6e631,0xd7e6e631 - data4 0x844242c6,0x844242c6, 0xd06868b8,0xd06868b8 - data4 0x824141c3,0x824141c3, 0x299999b0,0x299999b0 - data4 0x5a2d2d77,0x5a2d2d77, 0x1e0f0f11,0x1e0f0f11 - data4 0x7bb0b0cb,0x7bb0b0cb, 0xa85454fc,0xa85454fc - data4 0x6dbbbbd6,0x6dbbbbd6, 0x2c16163a,0x2c16163a -// Te4: - data1 0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5 - data1 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76 - data1 0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0 - data1 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0 - data1 0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc - data1 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15 - data1 0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a - data1 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75 - data1 0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0 - data1 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84 - data1 0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b - data1 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf - data1 0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85 - data1 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8 - data1 0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5 - data1 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2 - data1 0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17 - data1 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73 - data1 0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88 - data1 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb - data1 0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c - data1 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79 - data1 0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9 - data1 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08 - data1 0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6 - data1 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a - data1 0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e - data1 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e - data1 0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94 - data1 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf - data1 0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68 - data1 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16 -.size AES_Te#,2048+256 // HP-UX assembler fails to ".-AES_Te#" - -.align 64 -.global AES_Td# -.type AES_Td#,@object -AES_Td: data4 0x51f4a750,0x51f4a750, 0x7e416553,0x7e416553 - data4 0x1a17a4c3,0x1a17a4c3, 0x3a275e96,0x3a275e96 - data4 0x3bab6bcb,0x3bab6bcb, 0x1f9d45f1,0x1f9d45f1 - data4 0xacfa58ab,0xacfa58ab, 0x4be30393,0x4be30393 - data4 0x2030fa55,0x2030fa55, 0xad766df6,0xad766df6 - data4 0x88cc7691,0x88cc7691, 0xf5024c25,0xf5024c25 - data4 0x4fe5d7fc,0x4fe5d7fc, 0xc52acbd7,0xc52acbd7 - data4 0x26354480,0x26354480, 0xb562a38f,0xb562a38f - data4 0xdeb15a49,0xdeb15a49, 0x25ba1b67,0x25ba1b67 - data4 0x45ea0e98,0x45ea0e98, 0x5dfec0e1,0x5dfec0e1 - data4 0xc32f7502,0xc32f7502, 0x814cf012,0x814cf012 - data4 0x8d4697a3,0x8d4697a3, 0x6bd3f9c6,0x6bd3f9c6 - data4 0x038f5fe7,0x038f5fe7, 0x15929c95,0x15929c95 - data4 0xbf6d7aeb,0xbf6d7aeb, 0x955259da,0x955259da - data4 0xd4be832d,0xd4be832d, 0x587421d3,0x587421d3 - data4 0x49e06929,0x49e06929, 0x8ec9c844,0x8ec9c844 - data4 0x75c2896a,0x75c2896a, 0xf48e7978,0xf48e7978 - data4 0x99583e6b,0x99583e6b, 0x27b971dd,0x27b971dd - data4 0xbee14fb6,0xbee14fb6, 0xf088ad17,0xf088ad17 - data4 0xc920ac66,0xc920ac66, 0x7dce3ab4,0x7dce3ab4 - data4 0x63df4a18,0x63df4a18, 0xe51a3182,0xe51a3182 - data4 0x97513360,0x97513360, 0x62537f45,0x62537f45 - data4 0xb16477e0,0xb16477e0, 0xbb6bae84,0xbb6bae84 - data4 0xfe81a01c,0xfe81a01c, 0xf9082b94,0xf9082b94 - data4 0x70486858,0x70486858, 0x8f45fd19,0x8f45fd19 - data4 0x94de6c87,0x94de6c87, 0x527bf8b7,0x527bf8b7 - data4 0xab73d323,0xab73d323, 0x724b02e2,0x724b02e2 - data4 0xe31f8f57,0xe31f8f57, 0x6655ab2a,0x6655ab2a - data4 0xb2eb2807,0xb2eb2807, 0x2fb5c203,0x2fb5c203 - data4 0x86c57b9a,0x86c57b9a, 0xd33708a5,0xd33708a5 - data4 0x302887f2,0x302887f2, 0x23bfa5b2,0x23bfa5b2 - data4 0x02036aba,0x02036aba, 0xed16825c,0xed16825c - data4 0x8acf1c2b,0x8acf1c2b, 0xa779b492,0xa779b492 - data4 0xf307f2f0,0xf307f2f0, 0x4e69e2a1,0x4e69e2a1 - data4 0x65daf4cd,0x65daf4cd, 0x0605bed5,0x0605bed5 - data4 0xd134621f,0xd134621f, 0xc4a6fe8a,0xc4a6fe8a - data4 0x342e539d,0x342e539d, 0xa2f355a0,0xa2f355a0 - data4 0x058ae132,0x058ae132, 0xa4f6eb75,0xa4f6eb75 - data4 0x0b83ec39,0x0b83ec39, 0x4060efaa,0x4060efaa - data4 0x5e719f06,0x5e719f06, 0xbd6e1051,0xbd6e1051 - data4 0x3e218af9,0x3e218af9, 0x96dd063d,0x96dd063d - data4 0xdd3e05ae,0xdd3e05ae, 0x4de6bd46,0x4de6bd46 - data4 0x91548db5,0x91548db5, 0x71c45d05,0x71c45d05 - data4 0x0406d46f,0x0406d46f, 0x605015ff,0x605015ff - data4 0x1998fb24,0x1998fb24, 0xd6bde997,0xd6bde997 - data4 0x894043cc,0x894043cc, 0x67d99e77,0x67d99e77 - data4 0xb0e842bd,0xb0e842bd, 0x07898b88,0x07898b88 - data4 0xe7195b38,0xe7195b38, 0x79c8eedb,0x79c8eedb - data4 0xa17c0a47,0xa17c0a47, 0x7c420fe9,0x7c420fe9 - data4 0xf8841ec9,0xf8841ec9, 0x00000000,0x00000000 - data4 0x09808683,0x09808683, 0x322bed48,0x322bed48 - data4 0x1e1170ac,0x1e1170ac, 0x6c5a724e,0x6c5a724e - data4 0xfd0efffb,0xfd0efffb, 0x0f853856,0x0f853856 - data4 0x3daed51e,0x3daed51e, 0x362d3927,0x362d3927 - data4 0x0a0fd964,0x0a0fd964, 0x685ca621,0x685ca621 - data4 0x9b5b54d1,0x9b5b54d1, 0x24362e3a,0x24362e3a - data4 0x0c0a67b1,0x0c0a67b1, 0x9357e70f,0x9357e70f - data4 0xb4ee96d2,0xb4ee96d2, 0x1b9b919e,0x1b9b919e - data4 0x80c0c54f,0x80c0c54f, 0x61dc20a2,0x61dc20a2 - data4 0x5a774b69,0x5a774b69, 0x1c121a16,0x1c121a16 - data4 0xe293ba0a,0xe293ba0a, 0xc0a02ae5,0xc0a02ae5 - data4 0x3c22e043,0x3c22e043, 0x121b171d,0x121b171d - data4 0x0e090d0b,0x0e090d0b, 0xf28bc7ad,0xf28bc7ad - data4 0x2db6a8b9,0x2db6a8b9, 0x141ea9c8,0x141ea9c8 - data4 0x57f11985,0x57f11985, 0xaf75074c,0xaf75074c - data4 0xee99ddbb,0xee99ddbb, 0xa37f60fd,0xa37f60fd - data4 0xf701269f,0xf701269f, 0x5c72f5bc,0x5c72f5bc - data4 0x44663bc5,0x44663bc5, 0x5bfb7e34,0x5bfb7e34 - data4 0x8b432976,0x8b432976, 0xcb23c6dc,0xcb23c6dc - data4 0xb6edfc68,0xb6edfc68, 0xb8e4f163,0xb8e4f163 - data4 0xd731dcca,0xd731dcca, 0x42638510,0x42638510 - data4 0x13972240,0x13972240, 0x84c61120,0x84c61120 - data4 0x854a247d,0x854a247d, 0xd2bb3df8,0xd2bb3df8 - data4 0xaef93211,0xaef93211, 0xc729a16d,0xc729a16d - data4 0x1d9e2f4b,0x1d9e2f4b, 0xdcb230f3,0xdcb230f3 - data4 0x0d8652ec,0x0d8652ec, 0x77c1e3d0,0x77c1e3d0 - data4 0x2bb3166c,0x2bb3166c, 0xa970b999,0xa970b999 - data4 0x119448fa,0x119448fa, 0x47e96422,0x47e96422 - data4 0xa8fc8cc4,0xa8fc8cc4, 0xa0f03f1a,0xa0f03f1a - data4 0x567d2cd8,0x567d2cd8, 0x223390ef,0x223390ef - data4 0x87494ec7,0x87494ec7, 0xd938d1c1,0xd938d1c1 - data4 0x8ccaa2fe,0x8ccaa2fe, 0x98d40b36,0x98d40b36 - data4 0xa6f581cf,0xa6f581cf, 0xa57ade28,0xa57ade28 - data4 0xdab78e26,0xdab78e26, 0x3fadbfa4,0x3fadbfa4 - data4 0x2c3a9de4,0x2c3a9de4, 0x5078920d,0x5078920d - data4 0x6a5fcc9b,0x6a5fcc9b, 0x547e4662,0x547e4662 - data4 0xf68d13c2,0xf68d13c2, 0x90d8b8e8,0x90d8b8e8 - data4 0x2e39f75e,0x2e39f75e, 0x82c3aff5,0x82c3aff5 - data4 0x9f5d80be,0x9f5d80be, 0x69d0937c,0x69d0937c - data4 0x6fd52da9,0x6fd52da9, 0xcf2512b3,0xcf2512b3 - data4 0xc8ac993b,0xc8ac993b, 0x10187da7,0x10187da7 - data4 0xe89c636e,0xe89c636e, 0xdb3bbb7b,0xdb3bbb7b - data4 0xcd267809,0xcd267809, 0x6e5918f4,0x6e5918f4 - data4 0xec9ab701,0xec9ab701, 0x834f9aa8,0x834f9aa8 - data4 0xe6956e65,0xe6956e65, 0xaaffe67e,0xaaffe67e - data4 0x21bccf08,0x21bccf08, 0xef15e8e6,0xef15e8e6 - data4 0xbae79bd9,0xbae79bd9, 0x4a6f36ce,0x4a6f36ce - data4 0xea9f09d4,0xea9f09d4, 0x29b07cd6,0x29b07cd6 - data4 0x31a4b2af,0x31a4b2af, 0x2a3f2331,0x2a3f2331 - data4 0xc6a59430,0xc6a59430, 0x35a266c0,0x35a266c0 - data4 0x744ebc37,0x744ebc37, 0xfc82caa6,0xfc82caa6 - data4 0xe090d0b0,0xe090d0b0, 0x33a7d815,0x33a7d815 - data4 0xf104984a,0xf104984a, 0x41ecdaf7,0x41ecdaf7 - data4 0x7fcd500e,0x7fcd500e, 0x1791f62f,0x1791f62f - data4 0x764dd68d,0x764dd68d, 0x43efb04d,0x43efb04d - data4 0xccaa4d54,0xccaa4d54, 0xe49604df,0xe49604df - data4 0x9ed1b5e3,0x9ed1b5e3, 0x4c6a881b,0x4c6a881b - data4 0xc12c1fb8,0xc12c1fb8, 0x4665517f,0x4665517f - data4 0x9d5eea04,0x9d5eea04, 0x018c355d,0x018c355d - data4 0xfa877473,0xfa877473, 0xfb0b412e,0xfb0b412e - data4 0xb3671d5a,0xb3671d5a, 0x92dbd252,0x92dbd252 - data4 0xe9105633,0xe9105633, 0x6dd64713,0x6dd64713 - data4 0x9ad7618c,0x9ad7618c, 0x37a10c7a,0x37a10c7a - data4 0x59f8148e,0x59f8148e, 0xeb133c89,0xeb133c89 - data4 0xcea927ee,0xcea927ee, 0xb761c935,0xb761c935 - data4 0xe11ce5ed,0xe11ce5ed, 0x7a47b13c,0x7a47b13c - data4 0x9cd2df59,0x9cd2df59, 0x55f2733f,0x55f2733f - data4 0x1814ce79,0x1814ce79, 0x73c737bf,0x73c737bf - data4 0x53f7cdea,0x53f7cdea, 0x5ffdaa5b,0x5ffdaa5b - data4 0xdf3d6f14,0xdf3d6f14, 0x7844db86,0x7844db86 - data4 0xcaaff381,0xcaaff381, 0xb968c43e,0xb968c43e - data4 0x3824342c,0x3824342c, 0xc2a3405f,0xc2a3405f - data4 0x161dc372,0x161dc372, 0xbce2250c,0xbce2250c - data4 0x283c498b,0x283c498b, 0xff0d9541,0xff0d9541 - data4 0x39a80171,0x39a80171, 0x080cb3de,0x080cb3de - data4 0xd8b4e49c,0xd8b4e49c, 0x6456c190,0x6456c190 - data4 0x7bcb8461,0x7bcb8461, 0xd532b670,0xd532b670 - data4 0x486c5c74,0x486c5c74, 0xd0b85742,0xd0b85742 -// Td4: - data1 0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38 - data1 0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb - data1 0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87 - data1 0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb - data1 0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d - data1 0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e - data1 0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2 - data1 0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25 - data1 0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16 - data1 0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92 - data1 0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda - data1 0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84 - data1 0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a - data1 0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06 - data1 0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02 - data1 0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b - data1 0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea - data1 0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73 - data1 0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85 - data1 0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e - data1 0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89 - data1 0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b - data1 0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20 - data1 0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4 - data1 0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31 - data1 0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f - data1 0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d - data1 0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef - data1 0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0 - data1 0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61 - data1 0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26 - data1 0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d -.size AES_Td#,2048+256 // HP-UX assembler fails to ".-AES_Td#" diff --git a/crypto/aes/asm/aes-mips.pl b/crypto/aes/asm/aes-mips.pl deleted file mode 100644 index 290621acc2cfc2996b500d63a42a15465c510590..0000000000000000000000000000000000000000 --- a/crypto/aes/asm/aes-mips.pl +++ /dev/null @@ -1,2206 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2010-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - - -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# ==================================================================== - -# AES for MIPS - -# October 2010 -# -# Code uses 1K[+256B] S-box and on single-issue core [such as R5000] -# spends ~68 cycles per byte processed with 128-bit key. This is ~16% -# faster than gcc-generated code, which is not very impressive. But -# recall that compressed S-box requires extra processing, namely -# additional rotations. Rotations are implemented with lwl/lwr pairs, -# which is normally used for loading unaligned data. Another cool -# thing about this module is its endian neutrality, which means that -# it processes data without ever changing byte order... - -# September 2012 -# -# Add MIPS32R2 (~10% less instructions) and SmartMIPS ASE (further -# ~25% less instructions) code. Note that there is no run-time switch, -# instead, code path is chosen upon pre-process time, pass -mips32r2 -# or/and -msmartmips. - -# February 2019 -# -# Normalize MIPS32R2 AES table address calculation by always using EXT -# instruction. This reduces the standard codebase by another 10%. - -###################################################################### -# There is a number of MIPS ABI in use, O32 and N32/64 are most -# widely used. Then there is a new contender: NUBI. It appears that if -# one picks the latter, it's possible to arrange code in ABI neutral -# manner. Therefore let's stick to NUBI register layout: -# -($zero,$at,$t0,$t1,$t2)=map("\$$_",(0..2,24,25)); -($a0,$a1,$a2,$a3,$a4,$a5,$a6,$a7)=map("\$$_",(4..11)); -($s0,$s1,$s2,$s3,$s4,$s5,$s6,$s7,$s8,$s9,$s10,$s11)=map("\$$_",(12..23)); -($gp,$tp,$sp,$fp,$ra)=map("\$$_",(3,28..31)); -# -# The return value is placed in $a0. Following coding rules facilitate -# interoperability: -# -# - never ever touch $tp, "thread pointer", former $gp; -# - copy return value to $t0, former $v0 [or to $a0 if you're adapting -# old code]; -# - on O32 populate $a4-$a7 with 'lw $aN,4*N($sp)' if necessary; -# -# For reference here is register layout for N32/64 MIPS ABIs: -# -# ($zero,$at,$v0,$v1)=map("\$$_",(0..3)); -# ($a0,$a1,$a2,$a3,$a4,$a5,$a6,$a7)=map("\$$_",(4..11)); -# ($t0,$t1,$t2,$t3,$t8,$t9)=map("\$$_",(12..15,24,25)); -# ($s0,$s1,$s2,$s3,$s4,$s5,$s6,$s7)=map("\$$_",(16..23)); -# ($gp,$sp,$fp,$ra)=map("\$$_",(28..31)); - -# $output is the last argument if it looks like a file (it has an extension) -# $flavour is the first argument if it doesn't look like a file -$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; -$flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef; -$flavour ||= "o32"; # supported flavours are o32,n32,64,nubi32,nubi64 - -if ($flavour =~ /64|n32/i) { - $PTR_LA="dla"; - $PTR_ADD="daddu"; # incidentally works even on n32 - $PTR_SUB="dsubu"; # incidentally works even on n32 - $PTR_INS="dins"; - $REG_S="sd"; - $REG_L="ld"; - $PTR_SLL="dsll"; # incidentally works even on n32 - $SZREG=8; -} else { - $PTR_LA="la"; - $PTR_ADD="addu"; - $PTR_SUB="subu"; - $PTR_INS="ins"; - $REG_S="sw"; - $REG_L="lw"; - $PTR_SLL="sll"; - $SZREG=4; -} -$pf = ($flavour =~ /nubi/i) ? $t0 : $t2; -# -# -# -###################################################################### - -$big_endian=(`echo MIPSEB | $ENV{CC} -E -`=~/MIPSEB/)?0:1 if ($ENV{CC}); - -if (!defined($big_endian)) -{ $big_endian=(unpack('L',pack('N',1))==1); } - -my ($MSB,$LSB)=(0,3); # automatically converted to little-endian - -$output and open STDOUT,">$output"; - -$code.=<<___; -#include "mips_arch.h" - -.text -#if !defined(__mips_eabi) && (!defined(__vxworks) || defined(__pic__)) -.option pic2 -#endif -.set noat -___ - -{{{ -my $FRAMESIZE=16*$SZREG; -my $SAVED_REGS_MASK = ($flavour =~ /nubi/i) ? "0xc0fff008" : "0xc0ff0000"; - -my ($inp,$out,$key,$Tbl,$s0,$s1,$s2,$s3)=($a0,$a1,$a2,$a3,$a4,$a5,$a6,$a7); -my ($i0,$i1,$i2,$i3)=($at,$t0,$t1,$t2); -my ($t0,$t1,$t2,$t3,$t4,$t5,$t6,$t7,$t8,$t9,$t10,$t11) = map("\$$_",(12..23)); -my ($key0,$cnt)=($gp,$fp); - -# instruction ordering is "stolen" from output from MIPSpro assembler -# invoked with -mips3 -O3 arguments... -$code.=<<___; -.align 5 -.ent _mips_AES_encrypt -_mips_AES_encrypt: - .frame $sp,0,$ra - .set reorder - lw $t0,0($key) - lw $t1,4($key) - lw $t2,8($key) - lw $t3,12($key) - lw $cnt,240($key) - $PTR_ADD $key0,$key,16 - - xor $s0,$t0 - xor $s1,$t1 - xor $s2,$t2 - xor $s3,$t3 - - subu $cnt,1 -#if defined(__mips_smartmips) - ext $i0,$s1,16,8 -.Loop_enc: - ext $i1,$s2,16,8 - ext $i2,$s3,16,8 - ext $i3,$s0,16,8 - lwxs $t0,$i0($Tbl) # Te1[s1>>16] - ext $i0,$s2,8,8 - lwxs $t1,$i1($Tbl) # Te1[s2>>16] - ext $i1,$s3,8,8 - lwxs $t2,$i2($Tbl) # Te1[s3>>16] - ext $i2,$s0,8,8 - lwxs $t3,$i3($Tbl) # Te1[s0>>16] - ext $i3,$s1,8,8 - - lwxs $t4,$i0($Tbl) # Te2[s2>>8] - ext $i0,$s3,0,8 - lwxs $t5,$i1($Tbl) # Te2[s3>>8] - ext $i1,$s0,0,8 - lwxs $t6,$i2($Tbl) # Te2[s0>>8] - ext $i2,$s1,0,8 - lwxs $t7,$i3($Tbl) # Te2[s1>>8] - ext $i3,$s2,0,8 - - lwxs $t8,$i0($Tbl) # Te3[s3] - ext $i0,$s0,24,8 - lwxs $t9,$i1($Tbl) # Te3[s0] - ext $i1,$s1,24,8 - lwxs $t10,$i2($Tbl) # Te3[s1] - ext $i2,$s2,24,8 - lwxs $t11,$i3($Tbl) # Te3[s2] - ext $i3,$s3,24,8 - - rotr $t0,$t0,8 - rotr $t1,$t1,8 - rotr $t2,$t2,8 - rotr $t3,$t3,8 - - rotr $t4,$t4,16 - rotr $t5,$t5,16 - rotr $t6,$t6,16 - rotr $t7,$t7,16 - - xor $t0,$t4 - lwxs $t4,$i0($Tbl) # Te0[s0>>24] - xor $t1,$t5 - lwxs $t5,$i1($Tbl) # Te0[s1>>24] - xor $t2,$t6 - lwxs $t6,$i2($Tbl) # Te0[s2>>24] - xor $t3,$t7 - lwxs $t7,$i3($Tbl) # Te0[s3>>24] - - rotr $t8,$t8,24 - lw $s0,0($key0) - rotr $t9,$t9,24 - lw $s1,4($key0) - rotr $t10,$t10,24 - lw $s2,8($key0) - rotr $t11,$t11,24 - lw $s3,12($key0) - - xor $t0,$t8 - xor $t1,$t9 - xor $t2,$t10 - xor $t3,$t11 - - xor $t0,$t4 - xor $t1,$t5 - xor $t2,$t6 - xor $t3,$t7 - - subu $cnt,1 - $PTR_ADD $key0,16 - xor $s0,$t0 - xor $s1,$t1 - xor $s2,$t2 - xor $s3,$t3 - .set noreorder - bnez $cnt,.Loop_enc - ext $i0,$s1,16,8 - - _xtr $i0,$s1,16-2 -#else -#if defined(_MIPS_ARCH_MIPS32R2) || defined(_MIPS_ARCH_MIPS64R2) - move $i0,$Tbl - move $i1,$Tbl - move $i2,$Tbl - move $i3,$Tbl - ext $t0,$s1,16,8 -.Loop_enc: - ext $t1,$s2,16,8 - ext $t2,$s3,16,8 - ext $t3,$s0,16,8 - $PTR_INS $i0,$t0,2,8 - $PTR_INS $i1,$t1,2,8 - $PTR_INS $i2,$t2,2,8 - $PTR_INS $i3,$t3,2,8 - lw $t0,0($i0) # Te1[s1>>16] - ext $t4,$s2,8,8 - lw $t1,0($i1) # Te1[s2>>16] - ext $t5,$s3,8,8 - lw $t2,0($i2) # Te1[s3>>16] - ext $t6,$s0,8,8 - lw $t3,0($i3) # Te1[s0>>16] - ext $t7,$s1,8,8 - $PTR_INS $i0,$t4,2,8 - $PTR_INS $i1,$t5,2,8 - $PTR_INS $i2,$t6,2,8 - $PTR_INS $i3,$t7,2,8 -#else - _xtr $i0,$s1,16-2 -.Loop_enc: - _xtr $i1,$s2,16-2 - _xtr $i2,$s3,16-2 - _xtr $i3,$s0,16-2 - and $i0,0x3fc - and $i1,0x3fc - and $i2,0x3fc - and $i3,0x3fc - $PTR_ADD $i0,$Tbl - $PTR_ADD $i1,$Tbl - $PTR_ADD $i2,$Tbl - $PTR_ADD $i3,$Tbl - lwl $t0,3($i0) # Te1[s1>>16] - lwl $t1,3($i1) # Te1[s2>>16] - lwl $t2,3($i2) # Te1[s3>>16] - lwl $t3,3($i3) # Te1[s0>>16] - lwr $t0,2($i0) # Te1[s1>>16] - _xtr $i0,$s2,8-2 - lwr $t1,2($i1) # Te1[s2>>16] - _xtr $i1,$s3,8-2 - lwr $t2,2($i2) # Te1[s3>>16] - _xtr $i2,$s0,8-2 - lwr $t3,2($i3) # Te1[s0>>16] - _xtr $i3,$s1,8-2 - and $i0,0x3fc - and $i1,0x3fc - and $i2,0x3fc - and $i3,0x3fc - $PTR_ADD $i0,$Tbl - $PTR_ADD $i1,$Tbl - $PTR_ADD $i2,$Tbl - $PTR_ADD $i3,$Tbl -#endif -#if defined(_MIPS_ARCH_MIPS32R2) || defined(_MIPS_ARCH_MIPS64R2) - rotr $t0,$t0,8 - rotr $t1,$t1,8 - rotr $t2,$t2,8 - rotr $t3,$t3,8 -# if defined(_MIPSEL) - lw $t4,0($i0) # Te2[s2>>8] - ext $t8,$s3,0,8 - lw $t5,0($i1) # Te2[s3>>8] - ext $t9,$s0,0,8 - lw $t6,0($i2) # Te2[s0>>8] - ext $t10,$s1,0,8 - lw $t7,0($i3) # Te2[s1>>8] - ext $t11,$s2,0,8 - $PTR_INS $i0,$t8,2,8 - $PTR_INS $i1,$t9,2,8 - $PTR_INS $i2,$t10,2,8 - $PTR_INS $i3,$t11,2,8 - - lw $t8,0($i0) # Te3[s3] - $PTR_INS $i0,$s0,2,8 - lw $t9,0($i1) # Te3[s0] - $PTR_INS $i1,$s1,2,8 - lw $t10,0($i2) # Te3[s1] - $PTR_INS $i2,$s2,2,8 - lw $t11,0($i3) # Te3[s2] - $PTR_INS $i3,$s3,2,8 -# else - lw $t4,0($i0) # Te2[s2>>8] - $PTR_INS $i0,$s3,2,8 - lw $t5,0($i1) # Te2[s3>>8] - $PTR_INS $i1,$s0,2,8 - lw $t6,0($i2) # Te2[s0>>8] - $PTR_INS $i2,$s1,2,8 - lw $t7,0($i3) # Te2[s1>>8] - $PTR_INS $i3,$s2,2,8 - - lw $t8,0($i0) # Te3[s3] - _xtr $i0,$s0,24-2 - lw $t9,0($i1) # Te3[s0] - _xtr $i1,$s1,24-2 - lw $t10,0($i2) # Te3[s1] - _xtr $i2,$s2,24-2 - lw $t11,0($i3) # Te3[s2] - _xtr $i3,$s3,24-2 - - and $i0,0x3fc - and $i1,0x3fc - and $i2,0x3fc - and $i3,0x3fc - $PTR_ADD $i0,$Tbl - $PTR_ADD $i1,$Tbl - $PTR_ADD $i2,$Tbl - $PTR_ADD $i3,$Tbl -# endif - rotr $t4,$t4,16 - rotr $t5,$t5,16 - rotr $t6,$t6,16 - rotr $t7,$t7,16 - - rotr $t8,$t8,24 - rotr $t9,$t9,24 - rotr $t10,$t10,24 - rotr $t11,$t11,24 -#else - lwl $t4,2($i0) # Te2[s2>>8] - lwl $t5,2($i1) # Te2[s3>>8] - lwl $t6,2($i2) # Te2[s0>>8] - lwl $t7,2($i3) # Te2[s1>>8] - lwr $t4,1($i0) # Te2[s2>>8] - _xtr $i0,$s3,0-2 - lwr $t5,1($i1) # Te2[s3>>8] - _xtr $i1,$s0,0-2 - lwr $t6,1($i2) # Te2[s0>>8] - _xtr $i2,$s1,0-2 - lwr $t7,1($i3) # Te2[s1>>8] - _xtr $i3,$s2,0-2 - - and $i0,0x3fc - and $i1,0x3fc - and $i2,0x3fc - and $i3,0x3fc - $PTR_ADD $i0,$Tbl - $PTR_ADD $i1,$Tbl - $PTR_ADD $i2,$Tbl - $PTR_ADD $i3,$Tbl - lwl $t8,1($i0) # Te3[s3] - lwl $t9,1($i1) # Te3[s0] - lwl $t10,1($i2) # Te3[s1] - lwl $t11,1($i3) # Te3[s2] - lwr $t8,0($i0) # Te3[s3] - _xtr $i0,$s0,24-2 - lwr $t9,0($i1) # Te3[s0] - _xtr $i1,$s1,24-2 - lwr $t10,0($i2) # Te3[s1] - _xtr $i2,$s2,24-2 - lwr $t11,0($i3) # Te3[s2] - _xtr $i3,$s3,24-2 - - and $i0,0x3fc - and $i1,0x3fc - and $i2,0x3fc - and $i3,0x3fc - $PTR_ADD $i0,$Tbl - $PTR_ADD $i1,$Tbl - $PTR_ADD $i2,$Tbl - $PTR_ADD $i3,$Tbl -#endif - xor $t0,$t4 - lw $t4,0($i0) # Te0[s0>>24] - xor $t1,$t5 - lw $t5,0($i1) # Te0[s1>>24] - xor $t2,$t6 - lw $t6,0($i2) # Te0[s2>>24] - xor $t3,$t7 - lw $t7,0($i3) # Te0[s3>>24] - - xor $t0,$t8 - lw $s0,0($key0) - xor $t1,$t9 - lw $s1,4($key0) - xor $t2,$t10 - lw $s2,8($key0) - xor $t3,$t11 - lw $s3,12($key0) - - xor $t0,$t4 - xor $t1,$t5 - xor $t2,$t6 - xor $t3,$t7 - - subu $cnt,1 - $PTR_ADD $key0,16 - xor $s0,$t0 - xor $s1,$t1 - xor $s2,$t2 - xor $s3,$t3 - .set noreorder - bnez $cnt,.Loop_enc -#if defined(_MIPS_ARCH_MIPS32R2) || defined(_MIPS_ARCH_MIPS64R2) - ext $t0,$s1,16,8 -#endif - _xtr $i0,$s1,16-2 -#endif - - .set reorder - _xtr $i1,$s2,16-2 - _xtr $i2,$s3,16-2 - _xtr $i3,$s0,16-2 - and $i0,0x3fc - and $i1,0x3fc - and $i2,0x3fc - and $i3,0x3fc - $PTR_ADD $i0,$Tbl - $PTR_ADD $i1,$Tbl - $PTR_ADD $i2,$Tbl - $PTR_ADD $i3,$Tbl - lbu $t0,2($i0) # Te4[s1>>16] - _xtr $i0,$s2,8-2 - lbu $t1,2($i1) # Te4[s2>>16] - _xtr $i1,$s3,8-2 - lbu $t2,2($i2) # Te4[s3>>16] - _xtr $i2,$s0,8-2 - lbu $t3,2($i3) # Te4[s0>>16] - _xtr $i3,$s1,8-2 - - and $i0,0x3fc - and $i1,0x3fc - and $i2,0x3fc - and $i3,0x3fc - $PTR_ADD $i0,$Tbl - $PTR_ADD $i1,$Tbl - $PTR_ADD $i2,$Tbl - $PTR_ADD $i3,$Tbl -#if defined(_MIPS_ARCH_MIPS32R2) || defined(_MIPS_ARCH_MIPS64R2) -# if defined(_MIPSEL) - lbu $t4,2($i0) # Te4[s2>>8] - $PTR_INS $i0,$s0,2,8 - lbu $t5,2($i1) # Te4[s3>>8] - $PTR_INS $i1,$s1,2,8 - lbu $t6,2($i2) # Te4[s0>>8] - $PTR_INS $i2,$s2,2,8 - lbu $t7,2($i3) # Te4[s1>>8] - $PTR_INS $i3,$s3,2,8 - - lbu $t8,2($i0) # Te4[s0>>24] - _xtr $i0,$s3,0-2 - lbu $t9,2($i1) # Te4[s1>>24] - _xtr $i1,$s0,0-2 - lbu $t10,2($i2) # Te4[s2>>24] - _xtr $i2,$s1,0-2 - lbu $t11,2($i3) # Te4[s3>>24] - _xtr $i3,$s2,0-2 - - and $i0,0x3fc - and $i1,0x3fc - and $i2,0x3fc - and $i3,0x3fc - $PTR_ADD $i0,$Tbl - $PTR_ADD $i1,$Tbl - $PTR_ADD $i2,$Tbl - $PTR_ADD $i3,$Tbl -# else - lbu $t4,2($i0) # Te4[s2>>8] - _xtr $i0,$s0,24-2 - lbu $t5,2($i1) # Te4[s3>>8] - _xtr $i1,$s1,24-2 - lbu $t6,2($i2) # Te4[s0>>8] - _xtr $i2,$s2,24-2 - lbu $t7,2($i3) # Te4[s1>>8] - _xtr $i3,$s3,24-2 - - and $i0,0x3fc - and $i1,0x3fc - and $i2,0x3fc - and $i3,0x3fc - $PTR_ADD $i0,$Tbl - $PTR_ADD $i1,$Tbl - $PTR_ADD $i2,$Tbl - $PTR_ADD $i3,$Tbl - lbu $t8,2($i0) # Te4[s0>>24] - $PTR_INS $i0,$s3,2,8 - lbu $t9,2($i1) # Te4[s1>>24] - $PTR_INS $i1,$s0,2,8 - lbu $t10,2($i2) # Te4[s2>>24] - $PTR_INS $i2,$s1,2,8 - lbu $t11,2($i3) # Te4[s3>>24] - $PTR_INS $i3,$s2,2,8 -# endif - _ins $t0,16 - _ins $t1,16 - _ins $t2,16 - _ins $t3,16 - - _ins2 $t0,$t4,8 - lbu $t4,2($i0) # Te4[s3] - _ins2 $t1,$t5,8 - lbu $t5,2($i1) # Te4[s0] - _ins2 $t2,$t6,8 - lbu $t6,2($i2) # Te4[s1] - _ins2 $t3,$t7,8 - lbu $t7,2($i3) # Te4[s2] - - _ins2 $t0,$t8,24 - lw $s0,0($key0) - _ins2 $t1,$t9,24 - lw $s1,4($key0) - _ins2 $t2,$t10,24 - lw $s2,8($key0) - _ins2 $t3,$t11,24 - lw $s3,12($key0) - - _ins2 $t0,$t4,0 - _ins2 $t1,$t5,0 - _ins2 $t2,$t6,0 - _ins2 $t3,$t7,0 -#else - lbu $t4,2($i0) # Te4[s2>>8] - _xtr $i0,$s0,24-2 - lbu $t5,2($i1) # Te4[s3>>8] - _xtr $i1,$s1,24-2 - lbu $t6,2($i2) # Te4[s0>>8] - _xtr $i2,$s2,24-2 - lbu $t7,2($i3) # Te4[s1>>8] - _xtr $i3,$s3,24-2 - - and $i0,0x3fc - and $i1,0x3fc - and $i2,0x3fc - and $i3,0x3fc - $PTR_ADD $i0,$Tbl - $PTR_ADD $i1,$Tbl - $PTR_ADD $i2,$Tbl - $PTR_ADD $i3,$Tbl - lbu $t8,2($i0) # Te4[s0>>24] - _xtr $i0,$s3,0-2 - lbu $t9,2($i1) # Te4[s1>>24] - _xtr $i1,$s0,0-2 - lbu $t10,2($i2) # Te4[s2>>24] - _xtr $i2,$s1,0-2 - lbu $t11,2($i3) # Te4[s3>>24] - _xtr $i3,$s2,0-2 - - and $i0,0x3fc - and $i1,0x3fc - and $i2,0x3fc - and $i3,0x3fc - $PTR_ADD $i0,$Tbl - $PTR_ADD $i1,$Tbl - $PTR_ADD $i2,$Tbl - $PTR_ADD $i3,$Tbl - - _ins $t0,16 - _ins $t1,16 - _ins $t2,16 - _ins $t3,16 - - _ins $t4,8 - _ins $t5,8 - _ins $t6,8 - _ins $t7,8 - - xor $t0,$t4 - lbu $t4,2($i0) # Te4[s3] - xor $t1,$t5 - lbu $t5,2($i1) # Te4[s0] - xor $t2,$t6 - lbu $t6,2($i2) # Te4[s1] - xor $t3,$t7 - lbu $t7,2($i3) # Te4[s2] - - _ins $t8,24 - lw $s0,0($key0) - _ins $t9,24 - lw $s1,4($key0) - _ins $t10,24 - lw $s2,8($key0) - _ins $t11,24 - lw $s3,12($key0) - - xor $t0,$t8 - xor $t1,$t9 - xor $t2,$t10 - xor $t3,$t11 - - _ins $t4,0 - _ins $t5,0 - _ins $t6,0 - _ins $t7,0 - - xor $t0,$t4 - xor $t1,$t5 - xor $t2,$t6 - xor $t3,$t7 -#endif - xor $s0,$t0 - xor $s1,$t1 - xor $s2,$t2 - xor $s3,$t3 - - jr $ra -.end _mips_AES_encrypt - -.align 5 -.globl AES_encrypt -.ent AES_encrypt -AES_encrypt: - .frame $sp,$FRAMESIZE,$ra - .mask $SAVED_REGS_MASK,-$SZREG - .set noreorder -___ -$code.=<<___ if ($flavour =~ /o32/i); # o32 PIC-ification - .cpload $pf -___ -$code.=<<___; - $PTR_SUB $sp,$FRAMESIZE - $REG_S $ra,$FRAMESIZE-1*$SZREG($sp) - $REG_S $fp,$FRAMESIZE-2*$SZREG($sp) - $REG_S $s11,$FRAMESIZE-3*$SZREG($sp) - $REG_S $s10,$FRAMESIZE-4*$SZREG($sp) - $REG_S $s9,$FRAMESIZE-5*$SZREG($sp) - $REG_S $s8,$FRAMESIZE-6*$SZREG($sp) - $REG_S $s7,$FRAMESIZE-7*$SZREG($sp) - $REG_S $s6,$FRAMESIZE-8*$SZREG($sp) - $REG_S $s5,$FRAMESIZE-9*$SZREG($sp) - $REG_S $s4,$FRAMESIZE-10*$SZREG($sp) -___ -$code.=<<___ if ($flavour =~ /nubi/i); # optimize non-nubi prologue - $REG_S \$15,$FRAMESIZE-11*$SZREG($sp) - $REG_S \$14,$FRAMESIZE-12*$SZREG($sp) - $REG_S \$13,$FRAMESIZE-13*$SZREG($sp) - $REG_S \$12,$FRAMESIZE-14*$SZREG($sp) - $REG_S $gp,$FRAMESIZE-15*$SZREG($sp) -___ -$code.=<<___ if ($flavour !~ /o32/i); # non-o32 PIC-ification - .cplocal $Tbl - .cpsetup $pf,$zero,AES_encrypt -___ -$code.=<<___; - .set reorder - $PTR_LA $Tbl,AES_Te # PIC-ified 'load address' - -#if defined(_MIPS_ARCH_MIPS32R6) || defined(_MIPS_ARCH_MIPS64R6) - lw $s0,0($inp) - lw $s1,4($inp) - lw $s2,8($inp) - lw $s3,12($inp) -#else - lwl $s0,0+$MSB($inp) - lwl $s1,4+$MSB($inp) - lwl $s2,8+$MSB($inp) - lwl $s3,12+$MSB($inp) - lwr $s0,0+$LSB($inp) - lwr $s1,4+$LSB($inp) - lwr $s2,8+$LSB($inp) - lwr $s3,12+$LSB($inp) -#endif - - bal _mips_AES_encrypt - -#if defined(_MIPS_ARCH_MIPS32R6) || defined(_MIPS_ARCH_MIPS64R6) - sw $s0,0($out) - sw $s1,4($out) - sw $s2,8($out) - sw $s3,12($out) -#else - swr $s0,0+$LSB($out) - swr $s1,4+$LSB($out) - swr $s2,8+$LSB($out) - swr $s3,12+$LSB($out) - swl $s0,0+$MSB($out) - swl $s1,4+$MSB($out) - swl $s2,8+$MSB($out) - swl $s3,12+$MSB($out) -#endif - - .set noreorder - $REG_L $ra,$FRAMESIZE-1*$SZREG($sp) - $REG_L $fp,$FRAMESIZE-2*$SZREG($sp) - $REG_L $s11,$FRAMESIZE-3*$SZREG($sp) - $REG_L $s10,$FRAMESIZE-4*$SZREG($sp) - $REG_L $s9,$FRAMESIZE-5*$SZREG($sp) - $REG_L $s8,$FRAMESIZE-6*$SZREG($sp) - $REG_L $s7,$FRAMESIZE-7*$SZREG($sp) - $REG_L $s6,$FRAMESIZE-8*$SZREG($sp) - $REG_L $s5,$FRAMESIZE-9*$SZREG($sp) - $REG_L $s4,$FRAMESIZE-10*$SZREG($sp) -___ -$code.=<<___ if ($flavour =~ /nubi/i); - $REG_L \$15,$FRAMESIZE-11*$SZREG($sp) - $REG_L \$14,$FRAMESIZE-12*$SZREG($sp) - $REG_L \$13,$FRAMESIZE-13*$SZREG($sp) - $REG_L \$12,$FRAMESIZE-14*$SZREG($sp) - $REG_L $gp,$FRAMESIZE-15*$SZREG($sp) -___ -$code.=<<___; - jr $ra - $PTR_ADD $sp,$FRAMESIZE -.end AES_encrypt -___ - -$code.=<<___; -.align 5 -.ent _mips_AES_decrypt -_mips_AES_decrypt: - .frame $sp,0,$ra - .set reorder - lw $t0,0($key) - lw $t1,4($key) - lw $t2,8($key) - lw $t3,12($key) - lw $cnt,240($key) - $PTR_ADD $key0,$key,16 - - xor $s0,$t0 - xor $s1,$t1 - xor $s2,$t2 - xor $s3,$t3 - - subu $cnt,1 -#if defined(__mips_smartmips) - ext $i0,$s3,16,8 -.Loop_dec: - ext $i1,$s0,16,8 - ext $i2,$s1,16,8 - ext $i3,$s2,16,8 - lwxs $t0,$i0($Tbl) # Td1[s3>>16] - ext $i0,$s2,8,8 - lwxs $t1,$i1($Tbl) # Td1[s0>>16] - ext $i1,$s3,8,8 - lwxs $t2,$i2($Tbl) # Td1[s1>>16] - ext $i2,$s0,8,8 - lwxs $t3,$i3($Tbl) # Td1[s2>>16] - ext $i3,$s1,8,8 - - lwxs $t4,$i0($Tbl) # Td2[s2>>8] - ext $i0,$s1,0,8 - lwxs $t5,$i1($Tbl) # Td2[s3>>8] - ext $i1,$s2,0,8 - lwxs $t6,$i2($Tbl) # Td2[s0>>8] - ext $i2,$s3,0,8 - lwxs $t7,$i3($Tbl) # Td2[s1>>8] - ext $i3,$s0,0,8 - - lwxs $t8,$i0($Tbl) # Td3[s1] - ext $i0,$s0,24,8 - lwxs $t9,$i1($Tbl) # Td3[s2] - ext $i1,$s1,24,8 - lwxs $t10,$i2($Tbl) # Td3[s3] - ext $i2,$s2,24,8 - lwxs $t11,$i3($Tbl) # Td3[s0] - ext $i3,$s3,24,8 - - rotr $t0,$t0,8 - rotr $t1,$t1,8 - rotr $t2,$t2,8 - rotr $t3,$t3,8 - - rotr $t4,$t4,16 - rotr $t5,$t5,16 - rotr $t6,$t6,16 - rotr $t7,$t7,16 - - xor $t0,$t4 - lwxs $t4,$i0($Tbl) # Td0[s0>>24] - xor $t1,$t5 - lwxs $t5,$i1($Tbl) # Td0[s1>>24] - xor $t2,$t6 - lwxs $t6,$i2($Tbl) # Td0[s2>>24] - xor $t3,$t7 - lwxs $t7,$i3($Tbl) # Td0[s3>>24] - - rotr $t8,$t8,24 - lw $s0,0($key0) - rotr $t9,$t9,24 - lw $s1,4($key0) - rotr $t10,$t10,24 - lw $s2,8($key0) - rotr $t11,$t11,24 - lw $s3,12($key0) - - xor $t0,$t8 - xor $t1,$t9 - xor $t2,$t10 - xor $t3,$t11 - - xor $t0,$t4 - xor $t1,$t5 - xor $t2,$t6 - xor $t3,$t7 - - subu $cnt,1 - $PTR_ADD $key0,16 - xor $s0,$t0 - xor $s1,$t1 - xor $s2,$t2 - xor $s3,$t3 - .set noreorder - bnez $cnt,.Loop_dec - ext $i0,$s3,16,8 - - _xtr $i0,$s3,16-2 -#else -#if defined(_MIPS_ARCH_MIPS32R2) || defined(_MIPS_ARCH_MIPS64R2) - move $i0,$Tbl - move $i1,$Tbl - move $i2,$Tbl - move $i3,$Tbl - ext $t0,$s3,16,8 -.Loop_dec: - ext $t1,$s0,16,8 - ext $t2,$s1,16,8 - ext $t3,$s2,16,8 - $PTR_INS $i0,$t0,2,8 - $PTR_INS $i1,$t1,2,8 - $PTR_INS $i2,$t2,2,8 - $PTR_INS $i3,$t3,2,8 - lw $t0,0($i0) # Td1[s3>>16] - ext $t4,$s2,8,8 - lw $t1,0($i1) # Td1[s0>>16] - ext $t5,$s3,8,8 - lw $t2,0($i2) # Td1[s1>>16] - ext $t6,$s0,8,8 - lw $t3,0($i3) # Td1[s2>>16] - ext $t7,$s1,8,8 - $PTR_INS $i0,$t4,2,8 - $PTR_INS $i1,$t5,2,8 - $PTR_INS $i2,$t6,2,8 - $PTR_INS $i3,$t7,2,8 -#else - _xtr $i0,$s3,16-2 -.Loop_dec: - _xtr $i1,$s0,16-2 - _xtr $i2,$s1,16-2 - _xtr $i3,$s2,16-2 - and $i0,0x3fc - and $i1,0x3fc - and $i2,0x3fc - and $i3,0x3fc - $PTR_ADD $i0,$Tbl - $PTR_ADD $i1,$Tbl - $PTR_ADD $i2,$Tbl - $PTR_ADD $i3,$Tbl - lwl $t0,3($i0) # Td1[s3>>16] - lwl $t1,3($i1) # Td1[s0>>16] - lwl $t2,3($i2) # Td1[s1>>16] - lwl $t3,3($i3) # Td1[s2>>16] - lwr $t0,2($i0) # Td1[s3>>16] - _xtr $i0,$s2,8-2 - lwr $t1,2($i1) # Td1[s0>>16] - _xtr $i1,$s3,8-2 - lwr $t2,2($i2) # Td1[s1>>16] - _xtr $i2,$s0,8-2 - lwr $t3,2($i3) # Td1[s2>>16] - _xtr $i3,$s1,8-2 - and $i0,0x3fc - and $i1,0x3fc - and $i2,0x3fc - and $i3,0x3fc - $PTR_ADD $i0,$Tbl - $PTR_ADD $i1,$Tbl - $PTR_ADD $i2,$Tbl - $PTR_ADD $i3,$Tbl -#endif -#if defined(_MIPS_ARCH_MIPS32R2) || defined(_MIPS_ARCH_MIPS64R2) - rotr $t0,$t0,8 - rotr $t1,$t1,8 - rotr $t2,$t2,8 - rotr $t3,$t3,8 -# if defined(_MIPSEL) - lw $t4,0($i0) # Td2[s2>>8] - ext $t8,$s1,0,8 - lw $t5,0($i1) # Td2[s3>>8] - ext $t9,$s2,0,8 - lw $t6,0($i2) # Td2[s0>>8] - ext $t10,$s3,0,8 - lw $t7,0($i3) # Td2[s1>>8] - ext $t11,$s0,0,8 - $PTR_INS $i0,$t8,2,8 - $PTR_INS $i1,$t9,2,8 - $PTR_INS $i2,$t10,2,8 - $PTR_INS $i3,$t11,2,8 - lw $t8,0($i0) # Td3[s1] - $PTR_INS $i0,$s0,2,8 - lw $t9,0($i1) # Td3[s2] - $PTR_INS $i1,$s1,2,8 - lw $t10,0($i2) # Td3[s3] - $PTR_INS $i2,$s2,2,8 - lw $t11,0($i3) # Td3[s0] - $PTR_INS $i3,$s3,2,8 -#else - lw $t4,0($i0) # Td2[s2>>8] - $PTR_INS $i0,$s1,2,8 - lw $t5,0($i1) # Td2[s3>>8] - $PTR_INS $i1,$s2,2,8 - lw $t6,0($i2) # Td2[s0>>8] - $PTR_INS $i2,$s3,2,8 - lw $t7,0($i3) # Td2[s1>>8] - $PTR_INS $i3,$s0,2,8 - - lw $t8,0($i0) # Td3[s1] - _xtr $i0,$s0,24-2 - lw $t9,0($i1) # Td3[s2] - _xtr $i1,$s1,24-2 - lw $t10,0($i2) # Td3[s3] - _xtr $i2,$s2,24-2 - lw $t11,0($i3) # Td3[s0] - _xtr $i3,$s3,24-2 - - and $i0,0x3fc - and $i1,0x3fc - and $i2,0x3fc - and $i3,0x3fc - $PTR_ADD $i0,$Tbl - $PTR_ADD $i1,$Tbl - $PTR_ADD $i2,$Tbl - $PTR_ADD $i3,$Tbl -#endif - rotr $t4,$t4,16 - rotr $t5,$t5,16 - rotr $t6,$t6,16 - rotr $t7,$t7,16 - - rotr $t8,$t8,24 - rotr $t9,$t9,24 - rotr $t10,$t10,24 - rotr $t11,$t11,24 -#else - lwl $t4,2($i0) # Td2[s2>>8] - lwl $t5,2($i1) # Td2[s3>>8] - lwl $t6,2($i2) # Td2[s0>>8] - lwl $t7,2($i3) # Td2[s1>>8] - lwr $t4,1($i0) # Td2[s2>>8] - _xtr $i0,$s1,0-2 - lwr $t5,1($i1) # Td2[s3>>8] - _xtr $i1,$s2,0-2 - lwr $t6,1($i2) # Td2[s0>>8] - _xtr $i2,$s3,0-2 - lwr $t7,1($i3) # Td2[s1>>8] - _xtr $i3,$s0,0-2 - - and $i0,0x3fc - and $i1,0x3fc - and $i2,0x3fc - and $i3,0x3fc - $PTR_ADD $i0,$Tbl - $PTR_ADD $i1,$Tbl - $PTR_ADD $i2,$Tbl - $PTR_ADD $i3,$Tbl - lwl $t8,1($i0) # Td3[s1] - lwl $t9,1($i1) # Td3[s2] - lwl $t10,1($i2) # Td3[s3] - lwl $t11,1($i3) # Td3[s0] - lwr $t8,0($i0) # Td3[s1] - _xtr $i0,$s0,24-2 - lwr $t9,0($i1) # Td3[s2] - _xtr $i1,$s1,24-2 - lwr $t10,0($i2) # Td3[s3] - _xtr $i2,$s2,24-2 - lwr $t11,0($i3) # Td3[s0] - _xtr $i3,$s3,24-2 - - and $i0,0x3fc - and $i1,0x3fc - and $i2,0x3fc - and $i3,0x3fc - $PTR_ADD $i0,$Tbl - $PTR_ADD $i1,$Tbl - $PTR_ADD $i2,$Tbl - $PTR_ADD $i3,$Tbl -#endif - - xor $t0,$t4 - lw $t4,0($i0) # Td0[s0>>24] - xor $t1,$t5 - lw $t5,0($i1) # Td0[s1>>24] - xor $t2,$t6 - lw $t6,0($i2) # Td0[s2>>24] - xor $t3,$t7 - lw $t7,0($i3) # Td0[s3>>24] - - xor $t0,$t8 - lw $s0,0($key0) - xor $t1,$t9 - lw $s1,4($key0) - xor $t2,$t10 - lw $s2,8($key0) - xor $t3,$t11 - lw $s3,12($key0) - - xor $t0,$t4 - xor $t1,$t5 - xor $t2,$t6 - xor $t3,$t7 - - subu $cnt,1 - $PTR_ADD $key0,16 - xor $s0,$t0 - xor $s1,$t1 - xor $s2,$t2 - xor $s3,$t3 - .set noreorder - bnez $cnt,.Loop_dec -#if defined(_MIPS_ARCH_MIPS32R2) || defined(_MIPS_ARCH_MIPS64R2) - ext $t0,$s3,16,8 -#endif - - _xtr $i0,$s3,16-2 -#endif - - .set reorder - lw $t4,1024($Tbl) # prefetch Td4 - _xtr $i0,$s3,16 - lw $t5,1024+32($Tbl) - _xtr $i1,$s0,16 - lw $t6,1024+64($Tbl) - _xtr $i2,$s1,16 - lw $t7,1024+96($Tbl) - _xtr $i3,$s2,16 - lw $t8,1024+128($Tbl) - and $i0,0xff - lw $t9,1024+160($Tbl) - and $i1,0xff - lw $t10,1024+192($Tbl) - and $i2,0xff - lw $t11,1024+224($Tbl) - and $i3,0xff - - $PTR_ADD $i0,$Tbl - $PTR_ADD $i1,$Tbl - $PTR_ADD $i2,$Tbl - $PTR_ADD $i3,$Tbl - lbu $t0,1024($i0) # Td4[s3>>16] - _xtr $i0,$s2,8 - lbu $t1,1024($i1) # Td4[s0>>16] - _xtr $i1,$s3,8 - lbu $t2,1024($i2) # Td4[s1>>16] - _xtr $i2,$s0,8 - lbu $t3,1024($i3) # Td4[s2>>16] - _xtr $i3,$s1,8 - - and $i0,0xff - and $i1,0xff - and $i2,0xff - and $i3,0xff - $PTR_ADD $i0,$Tbl - $PTR_ADD $i1,$Tbl - $PTR_ADD $i2,$Tbl - $PTR_ADD $i3,$Tbl -#if defined(_MIPS_ARCH_MIPS32R2) || defined(_MIPS_ARCH_MIPS64R2) -# if defined(_MIPSEL) - lbu $t4,1024($i0) # Td4[s2>>8] - $PTR_INS $i0,$s0,0,8 - lbu $t5,1024($i1) # Td4[s3>>8] - $PTR_INS $i1,$s1,0,8 - lbu $t6,1024($i2) # Td4[s0>>8] - $PTR_INS $i2,$s2,0,8 - lbu $t7,1024($i3) # Td4[s1>>8] - $PTR_INS $i3,$s3,0,8 - - lbu $t8,1024($i0) # Td4[s0>>24] - _xtr $i0,$s1,0 - lbu $t9,1024($i1) # Td4[s1>>24] - _xtr $i1,$s2,0 - lbu $t10,1024($i2) # Td4[s2>>24] - _xtr $i2,$s3,0 - lbu $t11,1024($i3) # Td4[s3>>24] - _xtr $i3,$s0,0 - - $PTR_ADD $i0,$Tbl - $PTR_ADD $i1,$Tbl - $PTR_ADD $i2,$Tbl - $PTR_ADD $i3,$Tbl -# else - lbu $t4,1024($i0) # Td4[s2>>8] - _xtr $i0,$s0,24 - lbu $t5,1024($i1) # Td4[s3>>8] - _xtr $i1,$s1,24 - lbu $t6,1024($i2) # Td4[s0>>8] - _xtr $i2,$s2,24 - lbu $t7,1024($i3) # Td4[s1>>8] - _xtr $i3,$s3,24 - - $PTR_ADD $i0,$Tbl - $PTR_ADD $i1,$Tbl - $PTR_ADD $i2,$Tbl - $PTR_ADD $i3,$Tbl - lbu $t8,1024($i0) # Td4[s0>>24] - $PTR_INS $i0,$s1,0,8 - lbu $t9,1024($i1) # Td4[s1>>24] - $PTR_INS $i1,$s2,0,8 - lbu $t10,1024($i2) # Td4[s2>>24] - $PTR_INS $i2,$s3,0,8 - lbu $t11,1024($i3) # Td4[s3>>24] - $PTR_INS $i3,$s0,0,8 -# endif - _ins $t0,16 - _ins $t1,16 - _ins $t2,16 - _ins $t3,16 - - _ins2 $t0,$t4,8 - lbu $t4,1024($i0) # Td4[s1] - _ins2 $t1,$t5,8 - lbu $t5,1024($i1) # Td4[s2] - _ins2 $t2,$t6,8 - lbu $t6,1024($i2) # Td4[s3] - _ins2 $t3,$t7,8 - lbu $t7,1024($i3) # Td4[s0] - - _ins2 $t0,$t8,24 - lw $s0,0($key0) - _ins2 $t1,$t9,24 - lw $s1,4($key0) - _ins2 $t2,$t10,24 - lw $s2,8($key0) - _ins2 $t3,$t11,24 - lw $s3,12($key0) - - _ins2 $t0,$t4,0 - _ins2 $t1,$t5,0 - _ins2 $t2,$t6,0 - _ins2 $t3,$t7,0 -#else - lbu $t4,1024($i0) # Td4[s2>>8] - _xtr $i0,$s0,24 - lbu $t5,1024($i1) # Td4[s3>>8] - _xtr $i1,$s1,24 - lbu $t6,1024($i2) # Td4[s0>>8] - _xtr $i2,$s2,24 - lbu $t7,1024($i3) # Td4[s1>>8] - _xtr $i3,$s3,24 - - $PTR_ADD $i0,$Tbl - $PTR_ADD $i1,$Tbl - $PTR_ADD $i2,$Tbl - $PTR_ADD $i3,$Tbl - lbu $t8,1024($i0) # Td4[s0>>24] - _xtr $i0,$s1,0 - lbu $t9,1024($i1) # Td4[s1>>24] - _xtr $i1,$s2,0 - lbu $t10,1024($i2) # Td4[s2>>24] - _xtr $i2,$s3,0 - lbu $t11,1024($i3) # Td4[s3>>24] - _xtr $i3,$s0,0 - - $PTR_ADD $i0,$Tbl - $PTR_ADD $i1,$Tbl - $PTR_ADD $i2,$Tbl - $PTR_ADD $i3,$Tbl - - _ins $t0,16 - _ins $t1,16 - _ins $t2,16 - _ins $t3,16 - - _ins $t4,8 - _ins $t5,8 - _ins $t6,8 - _ins $t7,8 - - xor $t0,$t4 - lbu $t4,1024($i0) # Td4[s1] - xor $t1,$t5 - lbu $t5,1024($i1) # Td4[s2] - xor $t2,$t6 - lbu $t6,1024($i2) # Td4[s3] - xor $t3,$t7 - lbu $t7,1024($i3) # Td4[s0] - - _ins $t8,24 - lw $s0,0($key0) - _ins $t9,24 - lw $s1,4($key0) - _ins $t10,24 - lw $s2,8($key0) - _ins $t11,24 - lw $s3,12($key0) - - xor $t0,$t8 - xor $t1,$t9 - xor $t2,$t10 - xor $t3,$t11 - - _ins $t4,0 - _ins $t5,0 - _ins $t6,0 - _ins $t7,0 - - xor $t0,$t4 - xor $t1,$t5 - xor $t2,$t6 - xor $t3,$t7 -#endif - - xor $s0,$t0 - xor $s1,$t1 - xor $s2,$t2 - xor $s3,$t3 - - jr $ra -.end _mips_AES_decrypt - -.align 5 -.globl AES_decrypt -.ent AES_decrypt -AES_decrypt: - .frame $sp,$FRAMESIZE,$ra - .mask $SAVED_REGS_MASK,-$SZREG - .set noreorder -___ -$code.=<<___ if ($flavour =~ /o32/i); # o32 PIC-ification - .cpload $pf -___ -$code.=<<___; - $PTR_SUB $sp,$FRAMESIZE - $REG_S $ra,$FRAMESIZE-1*$SZREG($sp) - $REG_S $fp,$FRAMESIZE-2*$SZREG($sp) - $REG_S $s11,$FRAMESIZE-3*$SZREG($sp) - $REG_S $s10,$FRAMESIZE-4*$SZREG($sp) - $REG_S $s9,$FRAMESIZE-5*$SZREG($sp) - $REG_S $s8,$FRAMESIZE-6*$SZREG($sp) - $REG_S $s7,$FRAMESIZE-7*$SZREG($sp) - $REG_S $s6,$FRAMESIZE-8*$SZREG($sp) - $REG_S $s5,$FRAMESIZE-9*$SZREG($sp) - $REG_S $s4,$FRAMESIZE-10*$SZREG($sp) -___ -$code.=<<___ if ($flavour =~ /nubi/i); # optimize non-nubi prologue - $REG_S \$15,$FRAMESIZE-11*$SZREG($sp) - $REG_S \$14,$FRAMESIZE-12*$SZREG($sp) - $REG_S \$13,$FRAMESIZE-13*$SZREG($sp) - $REG_S \$12,$FRAMESIZE-14*$SZREG($sp) - $REG_S $gp,$FRAMESIZE-15*$SZREG($sp) -___ -$code.=<<___ if ($flavour !~ /o32/i); # non-o32 PIC-ification - .cplocal $Tbl - .cpsetup $pf,$zero,AES_decrypt -___ -$code.=<<___; - .set reorder - $PTR_LA $Tbl,AES_Td # PIC-ified 'load address' - -#if defined(_MIPS_ARCH_MIPS32R6) || defined(_MIPS_ARCH_MIPS64R6) - lw $s0,0($inp) - lw $s1,4($inp) - lw $s2,8($inp) - lw $s3,12($inp) -#else - lwl $s0,0+$MSB($inp) - lwl $s1,4+$MSB($inp) - lwl $s2,8+$MSB($inp) - lwl $s3,12+$MSB($inp) - lwr $s0,0+$LSB($inp) - lwr $s1,4+$LSB($inp) - lwr $s2,8+$LSB($inp) - lwr $s3,12+$LSB($inp) -#endif - - bal _mips_AES_decrypt - -#if defined(_MIPS_ARCH_MIPS32R6) || defined(_MIPS_ARCH_MIPS64R6) - sw $s0,0($out) - sw $s1,4($out) - sw $s2,8($out) - sw $s3,12($out) -#else - swr $s0,0+$LSB($out) - swr $s1,4+$LSB($out) - swr $s2,8+$LSB($out) - swr $s3,12+$LSB($out) - swl $s0,0+$MSB($out) - swl $s1,4+$MSB($out) - swl $s2,8+$MSB($out) - swl $s3,12+$MSB($out) -#endif - - .set noreorder - $REG_L $ra,$FRAMESIZE-1*$SZREG($sp) - $REG_L $fp,$FRAMESIZE-2*$SZREG($sp) - $REG_L $s11,$FRAMESIZE-3*$SZREG($sp) - $REG_L $s10,$FRAMESIZE-4*$SZREG($sp) - $REG_L $s9,$FRAMESIZE-5*$SZREG($sp) - $REG_L $s8,$FRAMESIZE-6*$SZREG($sp) - $REG_L $s7,$FRAMESIZE-7*$SZREG($sp) - $REG_L $s6,$FRAMESIZE-8*$SZREG($sp) - $REG_L $s5,$FRAMESIZE-9*$SZREG($sp) - $REG_L $s4,$FRAMESIZE-10*$SZREG($sp) -___ -$code.=<<___ if ($flavour =~ /nubi/i); - $REG_L \$15,$FRAMESIZE-11*$SZREG($sp) - $REG_L \$14,$FRAMESIZE-12*$SZREG($sp) - $REG_L \$13,$FRAMESIZE-13*$SZREG($sp) - $REG_L \$12,$FRAMESIZE-14*$SZREG($sp) - $REG_L $gp,$FRAMESIZE-15*$SZREG($sp) -___ -$code.=<<___; - jr $ra - $PTR_ADD $sp,$FRAMESIZE -.end AES_decrypt -___ -}}} - -{{{ -my $FRAMESIZE=8*$SZREG; -my $SAVED_REGS_MASK = ($flavour =~ /nubi/i) ? "0xc000f008" : "0xc0000000"; - -my ($inp,$bits,$key,$Tbl)=($a0,$a1,$a2,$a3); -my ($rk0,$rk1,$rk2,$rk3,$rk4,$rk5,$rk6,$rk7)=($a4,$a5,$a6,$a7,$s0,$s1,$s2,$s3); -my ($i0,$i1,$i2,$i3)=($at,$t0,$t1,$t2); -my ($rcon,$cnt)=($gp,$fp); - -$code.=<<___; -.align 5 -.ent _mips_AES_set_encrypt_key -_mips_AES_set_encrypt_key: - .frame $sp,0,$ra - .set noreorder - beqz $inp,.Lekey_done - li $t0,-1 - beqz $key,.Lekey_done - $PTR_ADD $rcon,$Tbl,256 - - .set reorder -#if defined(_MIPS_ARCH_MIPS32R6) || defined(_MIPS_ARCH_MIPS64R6) - lw $rk0,0($inp) # load 128 bits - lw $rk1,4($inp) - lw $rk2,8($inp) - lw $rk3,12($inp) -#else - lwl $rk0,0+$MSB($inp) # load 128 bits - lwl $rk1,4+$MSB($inp) - lwl $rk2,8+$MSB($inp) - lwl $rk3,12+$MSB($inp) - lwr $rk0,0+$LSB($inp) - lwr $rk1,4+$LSB($inp) - lwr $rk2,8+$LSB($inp) - lwr $rk3,12+$LSB($inp) -#endif - li $at,128 - .set noreorder - beq $bits,$at,.L128bits - li $cnt,10 - - .set reorder -#if defined(_MIPS_ARCH_MIPS32R6) || defined(_MIPS_ARCH_MIPS64R6) - lw $rk4,16($inp) # load 192 bits - lw $rk5,20($inp) -#else - lwl $rk4,16+$MSB($inp) # load 192 bits - lwl $rk5,20+$MSB($inp) - lwr $rk4,16+$LSB($inp) - lwr $rk5,20+$LSB($inp) -#endif - li $at,192 - .set noreorder - beq $bits,$at,.L192bits - li $cnt,8 - - .set reorder -#if defined(_MIPS_ARCH_MIPS32R6) || defined(_MIPS_ARCH_MIPS64R6) - lw $rk6,24($inp) # load 256 bits - lw $rk7,28($inp) -#else - lwl $rk6,24+$MSB($inp) # load 256 bits - lwl $rk7,28+$MSB($inp) - lwr $rk6,24+$LSB($inp) - lwr $rk7,28+$LSB($inp) -#endif - li $at,256 - .set noreorder - beq $bits,$at,.L256bits - li $cnt,7 - - b .Lekey_done - li $t0,-2 - -.align 4 -.L128bits: - .set reorder - srl $i0,$rk3,16 - srl $i1,$rk3,8 - and $i0,0xff - and $i1,0xff - and $i2,$rk3,0xff - srl $i3,$rk3,24 - $PTR_ADD $i0,$Tbl - $PTR_ADD $i1,$Tbl - $PTR_ADD $i2,$Tbl - $PTR_ADD $i3,$Tbl - lbu $i0,0($i0) - lbu $i1,0($i1) - lbu $i2,0($i2) - lbu $i3,0($i3) - - sw $rk0,0($key) - sw $rk1,4($key) - sw $rk2,8($key) - sw $rk3,12($key) - subu $cnt,1 - $PTR_ADD $key,16 - - _bias $i0,24 - _bias $i1,16 - _bias $i2,8 - _bias $i3,0 - - xor $rk0,$i0 - lw $i0,0($rcon) - xor $rk0,$i1 - xor $rk0,$i2 - xor $rk0,$i3 - xor $rk0,$i0 - - xor $rk1,$rk0 - xor $rk2,$rk1 - xor $rk3,$rk2 - - .set noreorder - bnez $cnt,.L128bits - $PTR_ADD $rcon,4 - - sw $rk0,0($key) - sw $rk1,4($key) - sw $rk2,8($key) - li $cnt,10 - sw $rk3,12($key) - li $t0,0 - sw $cnt,80($key) - b .Lekey_done - $PTR_SUB $key,10*16 - -.align 4 -.L192bits: - .set reorder - srl $i0,$rk5,16 - srl $i1,$rk5,8 - and $i0,0xff - and $i1,0xff - and $i2,$rk5,0xff - srl $i3,$rk5,24 - $PTR_ADD $i0,$Tbl - $PTR_ADD $i1,$Tbl - $PTR_ADD $i2,$Tbl - $PTR_ADD $i3,$Tbl - lbu $i0,0($i0) - lbu $i1,0($i1) - lbu $i2,0($i2) - lbu $i3,0($i3) - - sw $rk0,0($key) - sw $rk1,4($key) - sw $rk2,8($key) - sw $rk3,12($key) - sw $rk4,16($key) - sw $rk5,20($key) - subu $cnt,1 - $PTR_ADD $key,24 - - _bias $i0,24 - _bias $i1,16 - _bias $i2,8 - _bias $i3,0 - - xor $rk0,$i0 - lw $i0,0($rcon) - xor $rk0,$i1 - xor $rk0,$i2 - xor $rk0,$i3 - xor $rk0,$i0 - - xor $rk1,$rk0 - xor $rk2,$rk1 - xor $rk3,$rk2 - xor $rk4,$rk3 - xor $rk5,$rk4 - - .set noreorder - bnez $cnt,.L192bits - $PTR_ADD $rcon,4 - - sw $rk0,0($key) - sw $rk1,4($key) - sw $rk2,8($key) - li $cnt,12 - sw $rk3,12($key) - li $t0,0 - sw $cnt,48($key) - b .Lekey_done - $PTR_SUB $key,12*16 - -.align 4 -.L256bits: - .set reorder - srl $i0,$rk7,16 - srl $i1,$rk7,8 - and $i0,0xff - and $i1,0xff - and $i2,$rk7,0xff - srl $i3,$rk7,24 - $PTR_ADD $i0,$Tbl - $PTR_ADD $i1,$Tbl - $PTR_ADD $i2,$Tbl - $PTR_ADD $i3,$Tbl - lbu $i0,0($i0) - lbu $i1,0($i1) - lbu $i2,0($i2) - lbu $i3,0($i3) - - sw $rk0,0($key) - sw $rk1,4($key) - sw $rk2,8($key) - sw $rk3,12($key) - sw $rk4,16($key) - sw $rk5,20($key) - sw $rk6,24($key) - sw $rk7,28($key) - subu $cnt,1 - - _bias $i0,24 - _bias $i1,16 - _bias $i2,8 - _bias $i3,0 - - xor $rk0,$i0 - lw $i0,0($rcon) - xor $rk0,$i1 - xor $rk0,$i2 - xor $rk0,$i3 - xor $rk0,$i0 - - xor $rk1,$rk0 - xor $rk2,$rk1 - xor $rk3,$rk2 - beqz $cnt,.L256bits_done - - srl $i0,$rk3,24 - srl $i1,$rk3,16 - srl $i2,$rk3,8 - and $i3,$rk3,0xff - and $i1,0xff - and $i2,0xff - $PTR_ADD $i0,$Tbl - $PTR_ADD $i1,$Tbl - $PTR_ADD $i2,$Tbl - $PTR_ADD $i3,$Tbl - lbu $i0,0($i0) - lbu $i1,0($i1) - lbu $i2,0($i2) - lbu $i3,0($i3) - sll $i0,24 - sll $i1,16 - sll $i2,8 - - xor $rk4,$i0 - xor $rk4,$i1 - xor $rk4,$i2 - xor $rk4,$i3 - - xor $rk5,$rk4 - xor $rk6,$rk5 - xor $rk7,$rk6 - - $PTR_ADD $key,32 - .set noreorder - b .L256bits - $PTR_ADD $rcon,4 - -.L256bits_done: - sw $rk0,32($key) - sw $rk1,36($key) - sw $rk2,40($key) - li $cnt,14 - sw $rk3,44($key) - li $t0,0 - sw $cnt,48($key) - $PTR_SUB $key,12*16 - -.Lekey_done: - jr $ra - nop -.end _mips_AES_set_encrypt_key - -.globl AES_set_encrypt_key -.ent AES_set_encrypt_key -AES_set_encrypt_key: - .frame $sp,$FRAMESIZE,$ra - .mask $SAVED_REGS_MASK,-$SZREG - .set noreorder -___ -$code.=<<___ if ($flavour =~ /o32/i); # o32 PIC-ification - .cpload $pf -___ -$code.=<<___; - $PTR_SUB $sp,$FRAMESIZE - $REG_S $ra,$FRAMESIZE-1*$SZREG($sp) - $REG_S $fp,$FRAMESIZE-2*$SZREG($sp) -___ -$code.=<<___ if ($flavour =~ /nubi/i); # optimize non-nubi prologue - $REG_S $s3,$FRAMESIZE-3*$SZREG($sp) - $REG_S $s2,$FRAMESIZE-4*$SZREG($sp) - $REG_S $s1,$FRAMESIZE-5*$SZREG($sp) - $REG_S $s0,$FRAMESIZE-6*$SZREG($sp) - $REG_S $gp,$FRAMESIZE-7*$SZREG($sp) -___ -$code.=<<___ if ($flavour !~ /o32/i); # non-o32 PIC-ification - .cplocal $Tbl - .cpsetup $pf,$zero,AES_set_encrypt_key -___ -$code.=<<___; - .set reorder - $PTR_LA $Tbl,AES_Te4 # PIC-ified 'load address' - - bal _mips_AES_set_encrypt_key - - .set noreorder - move $a0,$t0 - $REG_L $ra,$FRAMESIZE-1*$SZREG($sp) - $REG_L $fp,$FRAMESIZE-2*$SZREG($sp) -___ -$code.=<<___ if ($flavour =~ /nubi/i); - $REG_L $s3,$FRAMESIZE-11*$SZREG($sp) - $REG_L $s2,$FRAMESIZE-12*$SZREG($sp) - $REG_L $s1,$FRAMESIZE-13*$SZREG($sp) - $REG_L $s0,$FRAMESIZE-14*$SZREG($sp) - $REG_L $gp,$FRAMESIZE-15*$SZREG($sp) -___ -$code.=<<___; - jr $ra - $PTR_ADD $sp,$FRAMESIZE -.end AES_set_encrypt_key -___ - -my ($head,$tail)=($inp,$bits); -my ($tp1,$tp2,$tp4,$tp8,$tp9,$tpb,$tpd,$tpe)=($a4,$a5,$a6,$a7,$s0,$s1,$s2,$s3); -my ($m,$x80808080,$x7f7f7f7f,$x1b1b1b1b)=($at,$t0,$t1,$t2); -$code.=<<___; -.align 5 -.globl AES_set_decrypt_key -.ent AES_set_decrypt_key -AES_set_decrypt_key: - .frame $sp,$FRAMESIZE,$ra - .mask $SAVED_REGS_MASK,-$SZREG - .set noreorder -___ -$code.=<<___ if ($flavour =~ /o32/i); # o32 PIC-ification - .cpload $pf -___ -$code.=<<___; - $PTR_SUB $sp,$FRAMESIZE - $REG_S $ra,$FRAMESIZE-1*$SZREG($sp) - $REG_S $fp,$FRAMESIZE-2*$SZREG($sp) -___ -$code.=<<___ if ($flavour =~ /nubi/i); # optimize non-nubi prologue - $REG_S $s3,$FRAMESIZE-3*$SZREG($sp) - $REG_S $s2,$FRAMESIZE-4*$SZREG($sp) - $REG_S $s1,$FRAMESIZE-5*$SZREG($sp) - $REG_S $s0,$FRAMESIZE-6*$SZREG($sp) - $REG_S $gp,$FRAMESIZE-7*$SZREG($sp) -___ -$code.=<<___ if ($flavour !~ /o32/i); # non-o32 PIC-ification - .cplocal $Tbl - .cpsetup $pf,$zero,AES_set_decrypt_key -___ -$code.=<<___; - .set reorder - $PTR_LA $Tbl,AES_Te4 # PIC-ified 'load address' - - bal _mips_AES_set_encrypt_key - - bltz $t0,.Ldkey_done - - sll $at,$cnt,4 - $PTR_ADD $head,$key,0 - $PTR_ADD $tail,$key,$at -.align 4 -.Lswap: - lw $rk0,0($head) - lw $rk1,4($head) - lw $rk2,8($head) - lw $rk3,12($head) - lw $rk4,0($tail) - lw $rk5,4($tail) - lw $rk6,8($tail) - lw $rk7,12($tail) - sw $rk0,0($tail) - sw $rk1,4($tail) - sw $rk2,8($tail) - sw $rk3,12($tail) - $PTR_ADD $head,16 - $PTR_SUB $tail,16 - sw $rk4,-16($head) - sw $rk5,-12($head) - sw $rk6,-8($head) - sw $rk7,-4($head) - bne $head,$tail,.Lswap - - lw $tp1,16($key) # modulo-scheduled - lui $x80808080,0x8080 - subu $cnt,1 - or $x80808080,0x8080 - sll $cnt,2 - $PTR_ADD $key,16 - lui $x1b1b1b1b,0x1b1b - nor $x7f7f7f7f,$zero,$x80808080 - or $x1b1b1b1b,0x1b1b -.align 4 -.Lmix: - and $m,$tp1,$x80808080 - and $tp2,$tp1,$x7f7f7f7f - srl $tp4,$m,7 - addu $tp2,$tp2 # tp2<<1 - subu $m,$tp4 - and $m,$x1b1b1b1b - xor $tp2,$m - - and $m,$tp2,$x80808080 - and $tp4,$tp2,$x7f7f7f7f - srl $tp8,$m,7 - addu $tp4,$tp4 # tp4<<1 - subu $m,$tp8 - and $m,$x1b1b1b1b - xor $tp4,$m - - and $m,$tp4,$x80808080 - and $tp8,$tp4,$x7f7f7f7f - srl $tp9,$m,7 - addu $tp8,$tp8 # tp8<<1 - subu $m,$tp9 - and $m,$x1b1b1b1b - xor $tp8,$m - - xor $tp9,$tp8,$tp1 - xor $tpe,$tp8,$tp4 - xor $tpb,$tp9,$tp2 - xor $tpd,$tp9,$tp4 - -#if defined(_MIPS_ARCH_MIPS32R2) || defined(_MIPS_ARCH_MIPS64R2) - rotr $tp1,$tpd,16 - xor $tpe,$tp2 - rotr $tp2,$tp9,8 - xor $tpe,$tp1 - rotr $tp4,$tpb,24 - xor $tpe,$tp2 - lw $tp1,4($key) # modulo-scheduled - xor $tpe,$tp4 -#else - _ror $tp1,$tpd,16 - xor $tpe,$tp2 - _ror $tp2,$tpd,-16 - xor $tpe,$tp1 - _ror $tp1,$tp9,8 - xor $tpe,$tp2 - _ror $tp2,$tp9,-24 - xor $tpe,$tp1 - _ror $tp1,$tpb,24 - xor $tpe,$tp2 - _ror $tp2,$tpb,-8 - xor $tpe,$tp1 - lw $tp1,4($key) # modulo-scheduled - xor $tpe,$tp2 -#endif - subu $cnt,1 - sw $tpe,0($key) - $PTR_ADD $key,4 - bnez $cnt,.Lmix - - li $t0,0 -.Ldkey_done: - .set noreorder - move $a0,$t0 - $REG_L $ra,$FRAMESIZE-1*$SZREG($sp) - $REG_L $fp,$FRAMESIZE-2*$SZREG($sp) -___ -$code.=<<___ if ($flavour =~ /nubi/i); - $REG_L $s3,$FRAMESIZE-11*$SZREG($sp) - $REG_L $s2,$FRAMESIZE-12*$SZREG($sp) - $REG_L $s1,$FRAMESIZE-13*$SZREG($sp) - $REG_L $s0,$FRAMESIZE-14*$SZREG($sp) - $REG_L $gp,$FRAMESIZE-15*$SZREG($sp) -___ -$code.=<<___; - jr $ra - $PTR_ADD $sp,$FRAMESIZE -.end AES_set_decrypt_key -___ -}}} - -###################################################################### -# Tables are kept in endian-neutral manner -$code.=<<___; -.rdata -.align 10 -AES_Te: -.byte 0xc6,0x63,0x63,0xa5, 0xf8,0x7c,0x7c,0x84 # Te0 -.byte 0xee,0x77,0x77,0x99, 0xf6,0x7b,0x7b,0x8d -.byte 0xff,0xf2,0xf2,0x0d, 0xd6,0x6b,0x6b,0xbd -.byte 0xde,0x6f,0x6f,0xb1, 0x91,0xc5,0xc5,0x54 -.byte 0x60,0x30,0x30,0x50, 0x02,0x01,0x01,0x03 -.byte 0xce,0x67,0x67,0xa9, 0x56,0x2b,0x2b,0x7d -.byte 0xe7,0xfe,0xfe,0x19, 0xb5,0xd7,0xd7,0x62 -.byte 0x4d,0xab,0xab,0xe6, 0xec,0x76,0x76,0x9a -.byte 0x8f,0xca,0xca,0x45, 0x1f,0x82,0x82,0x9d -.byte 0x89,0xc9,0xc9,0x40, 0xfa,0x7d,0x7d,0x87 -.byte 0xef,0xfa,0xfa,0x15, 0xb2,0x59,0x59,0xeb -.byte 0x8e,0x47,0x47,0xc9, 0xfb,0xf0,0xf0,0x0b -.byte 0x41,0xad,0xad,0xec, 0xb3,0xd4,0xd4,0x67 -.byte 0x5f,0xa2,0xa2,0xfd, 0x45,0xaf,0xaf,0xea -.byte 0x23,0x9c,0x9c,0xbf, 0x53,0xa4,0xa4,0xf7 -.byte 0xe4,0x72,0x72,0x96, 0x9b,0xc0,0xc0,0x5b -.byte 0x75,0xb7,0xb7,0xc2, 0xe1,0xfd,0xfd,0x1c -.byte 0x3d,0x93,0x93,0xae, 0x4c,0x26,0x26,0x6a -.byte 0x6c,0x36,0x36,0x5a, 0x7e,0x3f,0x3f,0x41 -.byte 0xf5,0xf7,0xf7,0x02, 0x83,0xcc,0xcc,0x4f -.byte 0x68,0x34,0x34,0x5c, 0x51,0xa5,0xa5,0xf4 -.byte 0xd1,0xe5,0xe5,0x34, 0xf9,0xf1,0xf1,0x08 -.byte 0xe2,0x71,0x71,0x93, 0xab,0xd8,0xd8,0x73 -.byte 0x62,0x31,0x31,0x53, 0x2a,0x15,0x15,0x3f -.byte 0x08,0x04,0x04,0x0c, 0x95,0xc7,0xc7,0x52 -.byte 0x46,0x23,0x23,0x65, 0x9d,0xc3,0xc3,0x5e -.byte 0x30,0x18,0x18,0x28, 0x37,0x96,0x96,0xa1 -.byte 0x0a,0x05,0x05,0x0f, 0x2f,0x9a,0x9a,0xb5 -.byte 0x0e,0x07,0x07,0x09, 0x24,0x12,0x12,0x36 -.byte 0x1b,0x80,0x80,0x9b, 0xdf,0xe2,0xe2,0x3d -.byte 0xcd,0xeb,0xeb,0x26, 0x4e,0x27,0x27,0x69 -.byte 0x7f,0xb2,0xb2,0xcd, 0xea,0x75,0x75,0x9f -.byte 0x12,0x09,0x09,0x1b, 0x1d,0x83,0x83,0x9e -.byte 0x58,0x2c,0x2c,0x74, 0x34,0x1a,0x1a,0x2e -.byte 0x36,0x1b,0x1b,0x2d, 0xdc,0x6e,0x6e,0xb2 -.byte 0xb4,0x5a,0x5a,0xee, 0x5b,0xa0,0xa0,0xfb -.byte 0xa4,0x52,0x52,0xf6, 0x76,0x3b,0x3b,0x4d -.byte 0xb7,0xd6,0xd6,0x61, 0x7d,0xb3,0xb3,0xce -.byte 0x52,0x29,0x29,0x7b, 0xdd,0xe3,0xe3,0x3e -.byte 0x5e,0x2f,0x2f,0x71, 0x13,0x84,0x84,0x97 -.byte 0xa6,0x53,0x53,0xf5, 0xb9,0xd1,0xd1,0x68 -.byte 0x00,0x00,0x00,0x00, 0xc1,0xed,0xed,0x2c -.byte 0x40,0x20,0x20,0x60, 0xe3,0xfc,0xfc,0x1f -.byte 0x79,0xb1,0xb1,0xc8, 0xb6,0x5b,0x5b,0xed -.byte 0xd4,0x6a,0x6a,0xbe, 0x8d,0xcb,0xcb,0x46 -.byte 0x67,0xbe,0xbe,0xd9, 0x72,0x39,0x39,0x4b -.byte 0x94,0x4a,0x4a,0xde, 0x98,0x4c,0x4c,0xd4 -.byte 0xb0,0x58,0x58,0xe8, 0x85,0xcf,0xcf,0x4a -.byte 0xbb,0xd0,0xd0,0x6b, 0xc5,0xef,0xef,0x2a -.byte 0x4f,0xaa,0xaa,0xe5, 0xed,0xfb,0xfb,0x16 -.byte 0x86,0x43,0x43,0xc5, 0x9a,0x4d,0x4d,0xd7 -.byte 0x66,0x33,0x33,0x55, 0x11,0x85,0x85,0x94 -.byte 0x8a,0x45,0x45,0xcf, 0xe9,0xf9,0xf9,0x10 -.byte 0x04,0x02,0x02,0x06, 0xfe,0x7f,0x7f,0x81 -.byte 0xa0,0x50,0x50,0xf0, 0x78,0x3c,0x3c,0x44 -.byte 0x25,0x9f,0x9f,0xba, 0x4b,0xa8,0xa8,0xe3 -.byte 0xa2,0x51,0x51,0xf3, 0x5d,0xa3,0xa3,0xfe -.byte 0x80,0x40,0x40,0xc0, 0x05,0x8f,0x8f,0x8a -.byte 0x3f,0x92,0x92,0xad, 0x21,0x9d,0x9d,0xbc -.byte 0x70,0x38,0x38,0x48, 0xf1,0xf5,0xf5,0x04 -.byte 0x63,0xbc,0xbc,0xdf, 0x77,0xb6,0xb6,0xc1 -.byte 0xaf,0xda,0xda,0x75, 0x42,0x21,0x21,0x63 -.byte 0x20,0x10,0x10,0x30, 0xe5,0xff,0xff,0x1a -.byte 0xfd,0xf3,0xf3,0x0e, 0xbf,0xd2,0xd2,0x6d -.byte 0x81,0xcd,0xcd,0x4c, 0x18,0x0c,0x0c,0x14 -.byte 0x26,0x13,0x13,0x35, 0xc3,0xec,0xec,0x2f -.byte 0xbe,0x5f,0x5f,0xe1, 0x35,0x97,0x97,0xa2 -.byte 0x88,0x44,0x44,0xcc, 0x2e,0x17,0x17,0x39 -.byte 0x93,0xc4,0xc4,0x57, 0x55,0xa7,0xa7,0xf2 -.byte 0xfc,0x7e,0x7e,0x82, 0x7a,0x3d,0x3d,0x47 -.byte 0xc8,0x64,0x64,0xac, 0xba,0x5d,0x5d,0xe7 -.byte 0x32,0x19,0x19,0x2b, 0xe6,0x73,0x73,0x95 -.byte 0xc0,0x60,0x60,0xa0, 0x19,0x81,0x81,0x98 -.byte 0x9e,0x4f,0x4f,0xd1, 0xa3,0xdc,0xdc,0x7f -.byte 0x44,0x22,0x22,0x66, 0x54,0x2a,0x2a,0x7e -.byte 0x3b,0x90,0x90,0xab, 0x0b,0x88,0x88,0x83 -.byte 0x8c,0x46,0x46,0xca, 0xc7,0xee,0xee,0x29 -.byte 0x6b,0xb8,0xb8,0xd3, 0x28,0x14,0x14,0x3c -.byte 0xa7,0xde,0xde,0x79, 0xbc,0x5e,0x5e,0xe2 -.byte 0x16,0x0b,0x0b,0x1d, 0xad,0xdb,0xdb,0x76 -.byte 0xdb,0xe0,0xe0,0x3b, 0x64,0x32,0x32,0x56 -.byte 0x74,0x3a,0x3a,0x4e, 0x14,0x0a,0x0a,0x1e -.byte 0x92,0x49,0x49,0xdb, 0x0c,0x06,0x06,0x0a -.byte 0x48,0x24,0x24,0x6c, 0xb8,0x5c,0x5c,0xe4 -.byte 0x9f,0xc2,0xc2,0x5d, 0xbd,0xd3,0xd3,0x6e -.byte 0x43,0xac,0xac,0xef, 0xc4,0x62,0x62,0xa6 -.byte 0x39,0x91,0x91,0xa8, 0x31,0x95,0x95,0xa4 -.byte 0xd3,0xe4,0xe4,0x37, 0xf2,0x79,0x79,0x8b -.byte 0xd5,0xe7,0xe7,0x32, 0x8b,0xc8,0xc8,0x43 -.byte 0x6e,0x37,0x37,0x59, 0xda,0x6d,0x6d,0xb7 -.byte 0x01,0x8d,0x8d,0x8c, 0xb1,0xd5,0xd5,0x64 -.byte 0x9c,0x4e,0x4e,0xd2, 0x49,0xa9,0xa9,0xe0 -.byte 0xd8,0x6c,0x6c,0xb4, 0xac,0x56,0x56,0xfa -.byte 0xf3,0xf4,0xf4,0x07, 0xcf,0xea,0xea,0x25 -.byte 0xca,0x65,0x65,0xaf, 0xf4,0x7a,0x7a,0x8e -.byte 0x47,0xae,0xae,0xe9, 0x10,0x08,0x08,0x18 -.byte 0x6f,0xba,0xba,0xd5, 0xf0,0x78,0x78,0x88 -.byte 0x4a,0x25,0x25,0x6f, 0x5c,0x2e,0x2e,0x72 -.byte 0x38,0x1c,0x1c,0x24, 0x57,0xa6,0xa6,0xf1 -.byte 0x73,0xb4,0xb4,0xc7, 0x97,0xc6,0xc6,0x51 -.byte 0xcb,0xe8,0xe8,0x23, 0xa1,0xdd,0xdd,0x7c -.byte 0xe8,0x74,0x74,0x9c, 0x3e,0x1f,0x1f,0x21 -.byte 0x96,0x4b,0x4b,0xdd, 0x61,0xbd,0xbd,0xdc -.byte 0x0d,0x8b,0x8b,0x86, 0x0f,0x8a,0x8a,0x85 -.byte 0xe0,0x70,0x70,0x90, 0x7c,0x3e,0x3e,0x42 -.byte 0x71,0xb5,0xb5,0xc4, 0xcc,0x66,0x66,0xaa -.byte 0x90,0x48,0x48,0xd8, 0x06,0x03,0x03,0x05 -.byte 0xf7,0xf6,0xf6,0x01, 0x1c,0x0e,0x0e,0x12 -.byte 0xc2,0x61,0x61,0xa3, 0x6a,0x35,0x35,0x5f -.byte 0xae,0x57,0x57,0xf9, 0x69,0xb9,0xb9,0xd0 -.byte 0x17,0x86,0x86,0x91, 0x99,0xc1,0xc1,0x58 -.byte 0x3a,0x1d,0x1d,0x27, 0x27,0x9e,0x9e,0xb9 -.byte 0xd9,0xe1,0xe1,0x38, 0xeb,0xf8,0xf8,0x13 -.byte 0x2b,0x98,0x98,0xb3, 0x22,0x11,0x11,0x33 -.byte 0xd2,0x69,0x69,0xbb, 0xa9,0xd9,0xd9,0x70 -.byte 0x07,0x8e,0x8e,0x89, 0x33,0x94,0x94,0xa7 -.byte 0x2d,0x9b,0x9b,0xb6, 0x3c,0x1e,0x1e,0x22 -.byte 0x15,0x87,0x87,0x92, 0xc9,0xe9,0xe9,0x20 -.byte 0x87,0xce,0xce,0x49, 0xaa,0x55,0x55,0xff -.byte 0x50,0x28,0x28,0x78, 0xa5,0xdf,0xdf,0x7a -.byte 0x03,0x8c,0x8c,0x8f, 0x59,0xa1,0xa1,0xf8 -.byte 0x09,0x89,0x89,0x80, 0x1a,0x0d,0x0d,0x17 -.byte 0x65,0xbf,0xbf,0xda, 0xd7,0xe6,0xe6,0x31 -.byte 0x84,0x42,0x42,0xc6, 0xd0,0x68,0x68,0xb8 -.byte 0x82,0x41,0x41,0xc3, 0x29,0x99,0x99,0xb0 -.byte 0x5a,0x2d,0x2d,0x77, 0x1e,0x0f,0x0f,0x11 -.byte 0x7b,0xb0,0xb0,0xcb, 0xa8,0x54,0x54,0xfc -.byte 0x6d,0xbb,0xbb,0xd6, 0x2c,0x16,0x16,0x3a - -AES_Td: -.byte 0x51,0xf4,0xa7,0x50, 0x7e,0x41,0x65,0x53 # Td0 -.byte 0x1a,0x17,0xa4,0xc3, 0x3a,0x27,0x5e,0x96 -.byte 0x3b,0xab,0x6b,0xcb, 0x1f,0x9d,0x45,0xf1 -.byte 0xac,0xfa,0x58,0xab, 0x4b,0xe3,0x03,0x93 -.byte 0x20,0x30,0xfa,0x55, 0xad,0x76,0x6d,0xf6 -.byte 0x88,0xcc,0x76,0x91, 0xf5,0x02,0x4c,0x25 -.byte 0x4f,0xe5,0xd7,0xfc, 0xc5,0x2a,0xcb,0xd7 -.byte 0x26,0x35,0x44,0x80, 0xb5,0x62,0xa3,0x8f -.byte 0xde,0xb1,0x5a,0x49, 0x25,0xba,0x1b,0x67 -.byte 0x45,0xea,0x0e,0x98, 0x5d,0xfe,0xc0,0xe1 -.byte 0xc3,0x2f,0x75,0x02, 0x81,0x4c,0xf0,0x12 -.byte 0x8d,0x46,0x97,0xa3, 0x6b,0xd3,0xf9,0xc6 -.byte 0x03,0x8f,0x5f,0xe7, 0x15,0x92,0x9c,0x95 -.byte 0xbf,0x6d,0x7a,0xeb, 0x95,0x52,0x59,0xda -.byte 0xd4,0xbe,0x83,0x2d, 0x58,0x74,0x21,0xd3 -.byte 0x49,0xe0,0x69,0x29, 0x8e,0xc9,0xc8,0x44 -.byte 0x75,0xc2,0x89,0x6a, 0xf4,0x8e,0x79,0x78 -.byte 0x99,0x58,0x3e,0x6b, 0x27,0xb9,0x71,0xdd -.byte 0xbe,0xe1,0x4f,0xb6, 0xf0,0x88,0xad,0x17 -.byte 0xc9,0x20,0xac,0x66, 0x7d,0xce,0x3a,0xb4 -.byte 0x63,0xdf,0x4a,0x18, 0xe5,0x1a,0x31,0x82 -.byte 0x97,0x51,0x33,0x60, 0x62,0x53,0x7f,0x45 -.byte 0xb1,0x64,0x77,0xe0, 0xbb,0x6b,0xae,0x84 -.byte 0xfe,0x81,0xa0,0x1c, 0xf9,0x08,0x2b,0x94 -.byte 0x70,0x48,0x68,0x58, 0x8f,0x45,0xfd,0x19 -.byte 0x94,0xde,0x6c,0x87, 0x52,0x7b,0xf8,0xb7 -.byte 0xab,0x73,0xd3,0x23, 0x72,0x4b,0x02,0xe2 -.byte 0xe3,0x1f,0x8f,0x57, 0x66,0x55,0xab,0x2a -.byte 0xb2,0xeb,0x28,0x07, 0x2f,0xb5,0xc2,0x03 -.byte 0x86,0xc5,0x7b,0x9a, 0xd3,0x37,0x08,0xa5 -.byte 0x30,0x28,0x87,0xf2, 0x23,0xbf,0xa5,0xb2 -.byte 0x02,0x03,0x6a,0xba, 0xed,0x16,0x82,0x5c -.byte 0x8a,0xcf,0x1c,0x2b, 0xa7,0x79,0xb4,0x92 -.byte 0xf3,0x07,0xf2,0xf0, 0x4e,0x69,0xe2,0xa1 -.byte 0x65,0xda,0xf4,0xcd, 0x06,0x05,0xbe,0xd5 -.byte 0xd1,0x34,0x62,0x1f, 0xc4,0xa6,0xfe,0x8a -.byte 0x34,0x2e,0x53,0x9d, 0xa2,0xf3,0x55,0xa0 -.byte 0x05,0x8a,0xe1,0x32, 0xa4,0xf6,0xeb,0x75 -.byte 0x0b,0x83,0xec,0x39, 0x40,0x60,0xef,0xaa -.byte 0x5e,0x71,0x9f,0x06, 0xbd,0x6e,0x10,0x51 -.byte 0x3e,0x21,0x8a,0xf9, 0x96,0xdd,0x06,0x3d -.byte 0xdd,0x3e,0x05,0xae, 0x4d,0xe6,0xbd,0x46 -.byte 0x91,0x54,0x8d,0xb5, 0x71,0xc4,0x5d,0x05 -.byte 0x04,0x06,0xd4,0x6f, 0x60,0x50,0x15,0xff -.byte 0x19,0x98,0xfb,0x24, 0xd6,0xbd,0xe9,0x97 -.byte 0x89,0x40,0x43,0xcc, 0x67,0xd9,0x9e,0x77 -.byte 0xb0,0xe8,0x42,0xbd, 0x07,0x89,0x8b,0x88 -.byte 0xe7,0x19,0x5b,0x38, 0x79,0xc8,0xee,0xdb -.byte 0xa1,0x7c,0x0a,0x47, 0x7c,0x42,0x0f,0xe9 -.byte 0xf8,0x84,0x1e,0xc9, 0x00,0x00,0x00,0x00 -.byte 0x09,0x80,0x86,0x83, 0x32,0x2b,0xed,0x48 -.byte 0x1e,0x11,0x70,0xac, 0x6c,0x5a,0x72,0x4e -.byte 0xfd,0x0e,0xff,0xfb, 0x0f,0x85,0x38,0x56 -.byte 0x3d,0xae,0xd5,0x1e, 0x36,0x2d,0x39,0x27 -.byte 0x0a,0x0f,0xd9,0x64, 0x68,0x5c,0xa6,0x21 -.byte 0x9b,0x5b,0x54,0xd1, 0x24,0x36,0x2e,0x3a -.byte 0x0c,0x0a,0x67,0xb1, 0x93,0x57,0xe7,0x0f -.byte 0xb4,0xee,0x96,0xd2, 0x1b,0x9b,0x91,0x9e -.byte 0x80,0xc0,0xc5,0x4f, 0x61,0xdc,0x20,0xa2 -.byte 0x5a,0x77,0x4b,0x69, 0x1c,0x12,0x1a,0x16 -.byte 0xe2,0x93,0xba,0x0a, 0xc0,0xa0,0x2a,0xe5 -.byte 0x3c,0x22,0xe0,0x43, 0x12,0x1b,0x17,0x1d -.byte 0x0e,0x09,0x0d,0x0b, 0xf2,0x8b,0xc7,0xad -.byte 0x2d,0xb6,0xa8,0xb9, 0x14,0x1e,0xa9,0xc8 -.byte 0x57,0xf1,0x19,0x85, 0xaf,0x75,0x07,0x4c -.byte 0xee,0x99,0xdd,0xbb, 0xa3,0x7f,0x60,0xfd -.byte 0xf7,0x01,0x26,0x9f, 0x5c,0x72,0xf5,0xbc -.byte 0x44,0x66,0x3b,0xc5, 0x5b,0xfb,0x7e,0x34 -.byte 0x8b,0x43,0x29,0x76, 0xcb,0x23,0xc6,0xdc -.byte 0xb6,0xed,0xfc,0x68, 0xb8,0xe4,0xf1,0x63 -.byte 0xd7,0x31,0xdc,0xca, 0x42,0x63,0x85,0x10 -.byte 0x13,0x97,0x22,0x40, 0x84,0xc6,0x11,0x20 -.byte 0x85,0x4a,0x24,0x7d, 0xd2,0xbb,0x3d,0xf8 -.byte 0xae,0xf9,0x32,0x11, 0xc7,0x29,0xa1,0x6d -.byte 0x1d,0x9e,0x2f,0x4b, 0xdc,0xb2,0x30,0xf3 -.byte 0x0d,0x86,0x52,0xec, 0x77,0xc1,0xe3,0xd0 -.byte 0x2b,0xb3,0x16,0x6c, 0xa9,0x70,0xb9,0x99 -.byte 0x11,0x94,0x48,0xfa, 0x47,0xe9,0x64,0x22 -.byte 0xa8,0xfc,0x8c,0xc4, 0xa0,0xf0,0x3f,0x1a -.byte 0x56,0x7d,0x2c,0xd8, 0x22,0x33,0x90,0xef -.byte 0x87,0x49,0x4e,0xc7, 0xd9,0x38,0xd1,0xc1 -.byte 0x8c,0xca,0xa2,0xfe, 0x98,0xd4,0x0b,0x36 -.byte 0xa6,0xf5,0x81,0xcf, 0xa5,0x7a,0xde,0x28 -.byte 0xda,0xb7,0x8e,0x26, 0x3f,0xad,0xbf,0xa4 -.byte 0x2c,0x3a,0x9d,0xe4, 0x50,0x78,0x92,0x0d -.byte 0x6a,0x5f,0xcc,0x9b, 0x54,0x7e,0x46,0x62 -.byte 0xf6,0x8d,0x13,0xc2, 0x90,0xd8,0xb8,0xe8 -.byte 0x2e,0x39,0xf7,0x5e, 0x82,0xc3,0xaf,0xf5 -.byte 0x9f,0x5d,0x80,0xbe, 0x69,0xd0,0x93,0x7c -.byte 0x6f,0xd5,0x2d,0xa9, 0xcf,0x25,0x12,0xb3 -.byte 0xc8,0xac,0x99,0x3b, 0x10,0x18,0x7d,0xa7 -.byte 0xe8,0x9c,0x63,0x6e, 0xdb,0x3b,0xbb,0x7b -.byte 0xcd,0x26,0x78,0x09, 0x6e,0x59,0x18,0xf4 -.byte 0xec,0x9a,0xb7,0x01, 0x83,0x4f,0x9a,0xa8 -.byte 0xe6,0x95,0x6e,0x65, 0xaa,0xff,0xe6,0x7e -.byte 0x21,0xbc,0xcf,0x08, 0xef,0x15,0xe8,0xe6 -.byte 0xba,0xe7,0x9b,0xd9, 0x4a,0x6f,0x36,0xce -.byte 0xea,0x9f,0x09,0xd4, 0x29,0xb0,0x7c,0xd6 -.byte 0x31,0xa4,0xb2,0xaf, 0x2a,0x3f,0x23,0x31 -.byte 0xc6,0xa5,0x94,0x30, 0x35,0xa2,0x66,0xc0 -.byte 0x74,0x4e,0xbc,0x37, 0xfc,0x82,0xca,0xa6 -.byte 0xe0,0x90,0xd0,0xb0, 0x33,0xa7,0xd8,0x15 -.byte 0xf1,0x04,0x98,0x4a, 0x41,0xec,0xda,0xf7 -.byte 0x7f,0xcd,0x50,0x0e, 0x17,0x91,0xf6,0x2f -.byte 0x76,0x4d,0xd6,0x8d, 0x43,0xef,0xb0,0x4d -.byte 0xcc,0xaa,0x4d,0x54, 0xe4,0x96,0x04,0xdf -.byte 0x9e,0xd1,0xb5,0xe3, 0x4c,0x6a,0x88,0x1b -.byte 0xc1,0x2c,0x1f,0xb8, 0x46,0x65,0x51,0x7f -.byte 0x9d,0x5e,0xea,0x04, 0x01,0x8c,0x35,0x5d -.byte 0xfa,0x87,0x74,0x73, 0xfb,0x0b,0x41,0x2e -.byte 0xb3,0x67,0x1d,0x5a, 0x92,0xdb,0xd2,0x52 -.byte 0xe9,0x10,0x56,0x33, 0x6d,0xd6,0x47,0x13 -.byte 0x9a,0xd7,0x61,0x8c, 0x37,0xa1,0x0c,0x7a -.byte 0x59,0xf8,0x14,0x8e, 0xeb,0x13,0x3c,0x89 -.byte 0xce,0xa9,0x27,0xee, 0xb7,0x61,0xc9,0x35 -.byte 0xe1,0x1c,0xe5,0xed, 0x7a,0x47,0xb1,0x3c -.byte 0x9c,0xd2,0xdf,0x59, 0x55,0xf2,0x73,0x3f -.byte 0x18,0x14,0xce,0x79, 0x73,0xc7,0x37,0xbf -.byte 0x53,0xf7,0xcd,0xea, 0x5f,0xfd,0xaa,0x5b -.byte 0xdf,0x3d,0x6f,0x14, 0x78,0x44,0xdb,0x86 -.byte 0xca,0xaf,0xf3,0x81, 0xb9,0x68,0xc4,0x3e -.byte 0x38,0x24,0x34,0x2c, 0xc2,0xa3,0x40,0x5f -.byte 0x16,0x1d,0xc3,0x72, 0xbc,0xe2,0x25,0x0c -.byte 0x28,0x3c,0x49,0x8b, 0xff,0x0d,0x95,0x41 -.byte 0x39,0xa8,0x01,0x71, 0x08,0x0c,0xb3,0xde -.byte 0xd8,0xb4,0xe4,0x9c, 0x64,0x56,0xc1,0x90 -.byte 0x7b,0xcb,0x84,0x61, 0xd5,0x32,0xb6,0x70 -.byte 0x48,0x6c,0x5c,0x74, 0xd0,0xb8,0x57,0x42 - -.byte 0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38 # Td4 -.byte 0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb -.byte 0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87 -.byte 0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb -.byte 0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d -.byte 0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e -.byte 0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2 -.byte 0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25 -.byte 0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16 -.byte 0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92 -.byte 0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda -.byte 0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84 -.byte 0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a -.byte 0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06 -.byte 0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02 -.byte 0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b -.byte 0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea -.byte 0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73 -.byte 0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85 -.byte 0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e -.byte 0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89 -.byte 0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b -.byte 0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20 -.byte 0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4 -.byte 0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31 -.byte 0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f -.byte 0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d -.byte 0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef -.byte 0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0 -.byte 0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61 -.byte 0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26 -.byte 0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d - -AES_Te4: -.byte 0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5 # Te4 -.byte 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76 -.byte 0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0 -.byte 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0 -.byte 0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc -.byte 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15 -.byte 0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a -.byte 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75 -.byte 0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0 -.byte 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84 -.byte 0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b -.byte 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf -.byte 0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85 -.byte 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8 -.byte 0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5 -.byte 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2 -.byte 0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17 -.byte 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73 -.byte 0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88 -.byte 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb -.byte 0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c -.byte 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79 -.byte 0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9 -.byte 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08 -.byte 0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6 -.byte 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a -.byte 0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e -.byte 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e -.byte 0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94 -.byte 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf -.byte 0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68 -.byte 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16 - -.byte 0x01,0x00,0x00,0x00, 0x02,0x00,0x00,0x00 # rcon -.byte 0x04,0x00,0x00,0x00, 0x08,0x00,0x00,0x00 -.byte 0x10,0x00,0x00,0x00, 0x20,0x00,0x00,0x00 -.byte 0x40,0x00,0x00,0x00, 0x80,0x00,0x00,0x00 -.byte 0x1B,0x00,0x00,0x00, 0x36,0x00,0x00,0x00 -___ - -foreach (split("\n",$code)) { - s/\`([^\`]*)\`/eval $1/ge; - - # made-up _instructions, _xtr, _ins, _ror and _bias, cope - # with byte order dependencies... - if (/^\s+_/) { - s/(_[a-z]+\s+)(\$[0-9]+),([^,]+)(#.*)*$/$1$2,$2,$3/; - - s/_xtr\s+(\$[0-9]+),(\$[0-9]+),([0-9]+(\-2)*)/ - sprintf("srl\t$1,$2,%d",$big_endian ? eval($3) - : eval("24-$3"))/e or - s/_ins\s+(\$[0-9]+),(\$[0-9]+),([0-9]+)/ - sprintf("sll\t$1,$2,%d",$big_endian ? eval($3) - : eval("24-$3"))/e or - s/_ins2\s+(\$[0-9]+),(\$[0-9]+),([0-9]+)/ - sprintf("ins\t$1,$2,%d,8",$big_endian ? eval($3) - : eval("24-$3"))/e or - s/_ror\s+(\$[0-9]+),(\$[0-9]+),(\-?[0-9]+)/ - sprintf("srl\t$1,$2,%d",$big_endian ? eval($3) - : eval("$3*-1"))/e or - s/_bias\s+(\$[0-9]+),(\$[0-9]+),([0-9]+)/ - sprintf("sll\t$1,$2,%d",$big_endian ? eval($3) - : eval("($3-16)&31"))/e; - - s/srl\s+(\$[0-9]+),(\$[0-9]+),\-([0-9]+)/ - sprintf("sll\t$1,$2,$3")/e or - s/srl\s+(\$[0-9]+),(\$[0-9]+),0/ - sprintf("and\t$1,$2,0xff")/e or - s/(sll\s+\$[0-9]+,\$[0-9]+,0)/#$1/; - } - - # convert lwl/lwr and swr/swl to little-endian order - if (!$big_endian && /^\s+[sl]w[lr]\s+/) { - s/([sl]wl.*)([0-9]+)\((\$[0-9]+)\)/ - sprintf("$1%d($3)",eval("$2-$2%4+($2%4-1)&3"))/e or - s/([sl]wr.*)([0-9]+)\((\$[0-9]+)\)/ - sprintf("$1%d($3)",eval("$2-$2%4+($2%4+1)&3"))/e; - } - - if (!$big_endian) { - s/(rotr\s+\$[0-9]+,\$[0-9]+),([0-9]+)/sprintf("$1,%d",32-$2)/e; - s/(ext\s+\$[0-9]+,\$[0-9]+),([0-9]+),8/sprintf("$1,%d,8",24-$2)/e; - } - - print $_,"\n"; -} - -close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/aes/asm/aes-parisc.pl b/crypto/aes/asm/aes-parisc.pl deleted file mode 100644 index 3d55eec9bb37081f76938b291247811387ce1a03..0000000000000000000000000000000000000000 --- a/crypto/aes/asm/aes-parisc.pl +++ /dev/null @@ -1,1041 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2009-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - - -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# ==================================================================== - -# AES for PA-RISC. -# -# June 2009. -# -# The module is mechanical transliteration of aes-sparcv9.pl, but with -# a twist: S-boxes are compressed even further down to 1K+256B. On -# PA-7100LC performance is ~40% better than gcc 3.2 generated code and -# is about 33 cycles per byte processed with 128-bit key. Newer CPUs -# perform at 16 cycles per byte. It's not faster than code generated -# by vendor compiler, but recall that it has compressed S-boxes, which -# requires extra processing. -# -# Special thanks to polarhome.com for providing HP-UX account. - -# $output is the last argument if it looks like a file (it has an extension) -# $flavour is the first argument if it doesn't look like a file -$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; -$flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef; - -$output and open STDOUT,">$output"; - -if ($flavour =~ /64/) { - $LEVEL ="2.0W"; - $SIZE_T =8; - $FRAME_MARKER =80; - $SAVED_RP =16; - $PUSH ="std"; - $PUSHMA ="std,ma"; - $POP ="ldd"; - $POPMB ="ldd,mb"; -} else { - $LEVEL ="1.0"; - $SIZE_T =4; - $FRAME_MARKER =48; - $SAVED_RP =20; - $PUSH ="stw"; - $PUSHMA ="stwm"; - $POP ="ldw"; - $POPMB ="ldwm"; -} - -$FRAME=16*$SIZE_T+$FRAME_MARKER;# 16 saved regs + frame marker - # [+ argument transfer] -$inp="%r26"; # arg0 -$out="%r25"; # arg1 -$key="%r24"; # arg2 - -($s0,$s1,$s2,$s3) = ("%r1","%r2","%r3","%r4"); -($t0,$t1,$t2,$t3) = ("%r5","%r6","%r7","%r8"); - -($acc0, $acc1, $acc2, $acc3, $acc4, $acc5, $acc6, $acc7, - $acc8, $acc9,$acc10,$acc11,$acc12,$acc13,$acc14,$acc15) = -("%r9","%r10","%r11","%r12","%r13","%r14","%r15","%r16", -"%r17","%r18","%r19","%r20","%r21","%r22","%r23","%r26"); - -$tbl="%r28"; -$rounds="%r29"; - -$code=<<___; - .LEVEL $LEVEL - .SPACE \$TEXT\$ - .SUBSPA \$CODE\$,QUAD=0,ALIGN=8,ACCESS=0x2C,CODE_ONLY - - .EXPORT AES_encrypt,ENTRY,ARGW0=GR,ARGW1=GR,ARGW2=GR - .ALIGN 64 -AES_encrypt - .PROC - .CALLINFO FRAME=`$FRAME-16*$SIZE_T`,NO_CALLS,SAVE_RP,ENTRY_GR=18 - .ENTRY - $PUSH %r2,-$SAVED_RP(%sp) ; standard prologue - $PUSHMA %r3,$FRAME(%sp) - $PUSH %r4,`-$FRAME+1*$SIZE_T`(%sp) - $PUSH %r5,`-$FRAME+2*$SIZE_T`(%sp) - $PUSH %r6,`-$FRAME+3*$SIZE_T`(%sp) - $PUSH %r7,`-$FRAME+4*$SIZE_T`(%sp) - $PUSH %r8,`-$FRAME+5*$SIZE_T`(%sp) - $PUSH %r9,`-$FRAME+6*$SIZE_T`(%sp) - $PUSH %r10,`-$FRAME+7*$SIZE_T`(%sp) - $PUSH %r11,`-$FRAME+8*$SIZE_T`(%sp) - $PUSH %r12,`-$FRAME+9*$SIZE_T`(%sp) - $PUSH %r13,`-$FRAME+10*$SIZE_T`(%sp) - $PUSH %r14,`-$FRAME+11*$SIZE_T`(%sp) - $PUSH %r15,`-$FRAME+12*$SIZE_T`(%sp) - $PUSH %r16,`-$FRAME+13*$SIZE_T`(%sp) - $PUSH %r17,`-$FRAME+14*$SIZE_T`(%sp) - $PUSH %r18,`-$FRAME+15*$SIZE_T`(%sp) - - blr %r0,$tbl - ldi 3,$t0 -L\$enc_pic - andcm $tbl,$t0,$tbl - ldo L\$AES_Te-L\$enc_pic($tbl),$tbl - - and $inp,$t0,$t0 - sub $inp,$t0,$inp - ldw 0($inp),$s0 - ldw 4($inp),$s1 - ldw 8($inp),$s2 - comib,= 0,$t0,L\$enc_inp_aligned - ldw 12($inp),$s3 - - sh3addl $t0,%r0,$t0 - subi 32,$t0,$t0 - mtctl $t0,%cr11 - ldw 16($inp),$t1 - vshd $s0,$s1,$s0 - vshd $s1,$s2,$s1 - vshd $s2,$s3,$s2 - vshd $s3,$t1,$s3 - -L\$enc_inp_aligned - bl _parisc_AES_encrypt,%r31 - nop - - extru,<> $out,31,2,%r0 - b L\$enc_out_aligned - nop - - _srm $s0,24,$acc0 - _srm $s0,16,$acc1 - stb $acc0,0($out) - _srm $s0,8,$acc2 - stb $acc1,1($out) - _srm $s1,24,$acc4 - stb $acc2,2($out) - _srm $s1,16,$acc5 - stb $s0,3($out) - _srm $s1,8,$acc6 - stb $acc4,4($out) - _srm $s2,24,$acc0 - stb $acc5,5($out) - _srm $s2,16,$acc1 - stb $acc6,6($out) - _srm $s2,8,$acc2 - stb $s1,7($out) - _srm $s3,24,$acc4 - stb $acc0,8($out) - _srm $s3,16,$acc5 - stb $acc1,9($out) - _srm $s3,8,$acc6 - stb $acc2,10($out) - stb $s2,11($out) - stb $acc4,12($out) - stb $acc5,13($out) - stb $acc6,14($out) - b L\$enc_done - stb $s3,15($out) - -L\$enc_out_aligned - stw $s0,0($out) - stw $s1,4($out) - stw $s2,8($out) - stw $s3,12($out) - -L\$enc_done - $POP `-$FRAME-$SAVED_RP`(%sp),%r2 ; standard epilogue - $POP `-$FRAME+1*$SIZE_T`(%sp),%r4 - $POP `-$FRAME+2*$SIZE_T`(%sp),%r5 - $POP `-$FRAME+3*$SIZE_T`(%sp),%r6 - $POP `-$FRAME+4*$SIZE_T`(%sp),%r7 - $POP `-$FRAME+5*$SIZE_T`(%sp),%r8 - $POP `-$FRAME+6*$SIZE_T`(%sp),%r9 - $POP `-$FRAME+7*$SIZE_T`(%sp),%r10 - $POP `-$FRAME+8*$SIZE_T`(%sp),%r11 - $POP `-$FRAME+9*$SIZE_T`(%sp),%r12 - $POP `-$FRAME+10*$SIZE_T`(%sp),%r13 - $POP `-$FRAME+11*$SIZE_T`(%sp),%r14 - $POP `-$FRAME+12*$SIZE_T`(%sp),%r15 - $POP `-$FRAME+13*$SIZE_T`(%sp),%r16 - $POP `-$FRAME+14*$SIZE_T`(%sp),%r17 - $POP `-$FRAME+15*$SIZE_T`(%sp),%r18 - bv (%r2) - .EXIT - $POPMB -$FRAME(%sp),%r3 - .PROCEND - - .ALIGN 16 -_parisc_AES_encrypt - .PROC - .CALLINFO MILLICODE - .ENTRY - ldw 240($key),$rounds - ldw 0($key),$t0 - ldw 4($key),$t1 - ldw 8($key),$t2 - _srm $rounds,1,$rounds - xor $t0,$s0,$s0 - ldw 12($key),$t3 - _srm $s0,24,$acc0 - xor $t1,$s1,$s1 - ldw 16($key),$t0 - _srm $s1,16,$acc1 - xor $t2,$s2,$s2 - ldw 20($key),$t1 - xor $t3,$s3,$s3 - ldw 24($key),$t2 - ldw 28($key),$t3 -L\$enc_loop - _srm $s2,8,$acc2 - ldwx,s $acc0($tbl),$acc0 - _srm $s3,0,$acc3 - ldwx,s $acc1($tbl),$acc1 - _srm $s1,24,$acc4 - ldwx,s $acc2($tbl),$acc2 - _srm $s2,16,$acc5 - ldwx,s $acc3($tbl),$acc3 - _srm $s3,8,$acc6 - ldwx,s $acc4($tbl),$acc4 - _srm $s0,0,$acc7 - ldwx,s $acc5($tbl),$acc5 - _srm $s2,24,$acc8 - ldwx,s $acc6($tbl),$acc6 - _srm $s3,16,$acc9 - ldwx,s $acc7($tbl),$acc7 - _srm $s0,8,$acc10 - ldwx,s $acc8($tbl),$acc8 - _srm $s1,0,$acc11 - ldwx,s $acc9($tbl),$acc9 - _srm $s3,24,$acc12 - ldwx,s $acc10($tbl),$acc10 - _srm $s0,16,$acc13 - ldwx,s $acc11($tbl),$acc11 - _srm $s1,8,$acc14 - ldwx,s $acc12($tbl),$acc12 - _srm $s2,0,$acc15 - ldwx,s $acc13($tbl),$acc13 - ldwx,s $acc14($tbl),$acc14 - ldwx,s $acc15($tbl),$acc15 - addib,= -1,$rounds,L\$enc_last - ldo 32($key),$key - - _ror $acc1,8,$acc1 - xor $acc0,$t0,$t0 - ldw 0($key),$s0 - _ror $acc2,16,$acc2 - xor $acc1,$t0,$t0 - ldw 4($key),$s1 - _ror $acc3,24,$acc3 - xor $acc2,$t0,$t0 - ldw 8($key),$s2 - _ror $acc5,8,$acc5 - xor $acc3,$t0,$t0 - ldw 12($key),$s3 - _ror $acc6,16,$acc6 - xor $acc4,$t1,$t1 - _ror $acc7,24,$acc7 - xor $acc5,$t1,$t1 - _ror $acc9,8,$acc9 - xor $acc6,$t1,$t1 - _ror $acc10,16,$acc10 - xor $acc7,$t1,$t1 - _ror $acc11,24,$acc11 - xor $acc8,$t2,$t2 - _ror $acc13,8,$acc13 - xor $acc9,$t2,$t2 - _ror $acc14,16,$acc14 - xor $acc10,$t2,$t2 - _ror $acc15,24,$acc15 - xor $acc11,$t2,$t2 - xor $acc12,$acc14,$acc14 - xor $acc13,$t3,$t3 - _srm $t0,24,$acc0 - xor $acc14,$t3,$t3 - _srm $t1,16,$acc1 - xor $acc15,$t3,$t3 - - _srm $t2,8,$acc2 - ldwx,s $acc0($tbl),$acc0 - _srm $t3,0,$acc3 - ldwx,s $acc1($tbl),$acc1 - _srm $t1,24,$acc4 - ldwx,s $acc2($tbl),$acc2 - _srm $t2,16,$acc5 - ldwx,s $acc3($tbl),$acc3 - _srm $t3,8,$acc6 - ldwx,s $acc4($tbl),$acc4 - _srm $t0,0,$acc7 - ldwx,s $acc5($tbl),$acc5 - _srm $t2,24,$acc8 - ldwx,s $acc6($tbl),$acc6 - _srm $t3,16,$acc9 - ldwx,s $acc7($tbl),$acc7 - _srm $t0,8,$acc10 - ldwx,s $acc8($tbl),$acc8 - _srm $t1,0,$acc11 - ldwx,s $acc9($tbl),$acc9 - _srm $t3,24,$acc12 - ldwx,s $acc10($tbl),$acc10 - _srm $t0,16,$acc13 - ldwx,s $acc11($tbl),$acc11 - _srm $t1,8,$acc14 - ldwx,s $acc12($tbl),$acc12 - _srm $t2,0,$acc15 - ldwx,s $acc13($tbl),$acc13 - _ror $acc1,8,$acc1 - ldwx,s $acc14($tbl),$acc14 - - _ror $acc2,16,$acc2 - xor $acc0,$s0,$s0 - ldwx,s $acc15($tbl),$acc15 - _ror $acc3,24,$acc3 - xor $acc1,$s0,$s0 - ldw 16($key),$t0 - _ror $acc5,8,$acc5 - xor $acc2,$s0,$s0 - ldw 20($key),$t1 - _ror $acc6,16,$acc6 - xor $acc3,$s0,$s0 - ldw 24($key),$t2 - _ror $acc7,24,$acc7 - xor $acc4,$s1,$s1 - ldw 28($key),$t3 - _ror $acc9,8,$acc9 - xor $acc5,$s1,$s1 - ldw 1024+0($tbl),%r0 ; prefetch te4 - _ror $acc10,16,$acc10 - xor $acc6,$s1,$s1 - ldw 1024+32($tbl),%r0 ; prefetch te4 - _ror $acc11,24,$acc11 - xor $acc7,$s1,$s1 - ldw 1024+64($tbl),%r0 ; prefetch te4 - _ror $acc13,8,$acc13 - xor $acc8,$s2,$s2 - ldw 1024+96($tbl),%r0 ; prefetch te4 - _ror $acc14,16,$acc14 - xor $acc9,$s2,$s2 - ldw 1024+128($tbl),%r0 ; prefetch te4 - _ror $acc15,24,$acc15 - xor $acc10,$s2,$s2 - ldw 1024+160($tbl),%r0 ; prefetch te4 - _srm $s0,24,$acc0 - xor $acc11,$s2,$s2 - ldw 1024+192($tbl),%r0 ; prefetch te4 - xor $acc12,$acc14,$acc14 - xor $acc13,$s3,$s3 - ldw 1024+224($tbl),%r0 ; prefetch te4 - _srm $s1,16,$acc1 - xor $acc14,$s3,$s3 - b L\$enc_loop - xor $acc15,$s3,$s3 - - .ALIGN 16 -L\$enc_last - ldo 1024($tbl),$rounds - _ror $acc1,8,$acc1 - xor $acc0,$t0,$t0 - ldw 0($key),$s0 - _ror $acc2,16,$acc2 - xor $acc1,$t0,$t0 - ldw 4($key),$s1 - _ror $acc3,24,$acc3 - xor $acc2,$t0,$t0 - ldw 8($key),$s2 - _ror $acc5,8,$acc5 - xor $acc3,$t0,$t0 - ldw 12($key),$s3 - _ror $acc6,16,$acc6 - xor $acc4,$t1,$t1 - _ror $acc7,24,$acc7 - xor $acc5,$t1,$t1 - _ror $acc9,8,$acc9 - xor $acc6,$t1,$t1 - _ror $acc10,16,$acc10 - xor $acc7,$t1,$t1 - _ror $acc11,24,$acc11 - xor $acc8,$t2,$t2 - _ror $acc13,8,$acc13 - xor $acc9,$t2,$t2 - _ror $acc14,16,$acc14 - xor $acc10,$t2,$t2 - _ror $acc15,24,$acc15 - xor $acc11,$t2,$t2 - xor $acc12,$acc14,$acc14 - xor $acc13,$t3,$t3 - _srm $t0,24,$acc0 - xor $acc14,$t3,$t3 - _srm $t1,16,$acc1 - xor $acc15,$t3,$t3 - - _srm $t2,8,$acc2 - ldbx $acc0($rounds),$acc0 - _srm $t1,24,$acc4 - ldbx $acc1($rounds),$acc1 - _srm $t2,16,$acc5 - _srm $t3,0,$acc3 - ldbx $acc2($rounds),$acc2 - ldbx $acc3($rounds),$acc3 - _srm $t3,8,$acc6 - ldbx $acc4($rounds),$acc4 - _srm $t2,24,$acc8 - ldbx $acc5($rounds),$acc5 - _srm $t3,16,$acc9 - _srm $t0,0,$acc7 - ldbx $acc6($rounds),$acc6 - ldbx $acc7($rounds),$acc7 - _srm $t0,8,$acc10 - ldbx $acc8($rounds),$acc8 - _srm $t3,24,$acc12 - ldbx $acc9($rounds),$acc9 - _srm $t0,16,$acc13 - _srm $t1,0,$acc11 - ldbx $acc10($rounds),$acc10 - _srm $t1,8,$acc14 - ldbx $acc11($rounds),$acc11 - ldbx $acc12($rounds),$acc12 - ldbx $acc13($rounds),$acc13 - _srm $t2,0,$acc15 - ldbx $acc14($rounds),$acc14 - - dep $acc0,7,8,$acc3 - ldbx $acc15($rounds),$acc15 - dep $acc4,7,8,$acc7 - dep $acc1,15,8,$acc3 - dep $acc5,15,8,$acc7 - dep $acc2,23,8,$acc3 - dep $acc6,23,8,$acc7 - xor $acc3,$s0,$s0 - xor $acc7,$s1,$s1 - dep $acc8,7,8,$acc11 - dep $acc12,7,8,$acc15 - dep $acc9,15,8,$acc11 - dep $acc13,15,8,$acc15 - dep $acc10,23,8,$acc11 - dep $acc14,23,8,$acc15 - xor $acc11,$s2,$s2 - - bv (%r31) - .EXIT - xor $acc15,$s3,$s3 - .PROCEND - - .ALIGN 64 -L\$AES_Te - .WORD 0xc66363a5, 0xf87c7c84, 0xee777799, 0xf67b7b8d - .WORD 0xfff2f20d, 0xd66b6bbd, 0xde6f6fb1, 0x91c5c554 - .WORD 0x60303050, 0x02010103, 0xce6767a9, 0x562b2b7d - .WORD 0xe7fefe19, 0xb5d7d762, 0x4dababe6, 0xec76769a - .WORD 0x8fcaca45, 0x1f82829d, 0x89c9c940, 0xfa7d7d87 - .WORD 0xeffafa15, 0xb25959eb, 0x8e4747c9, 0xfbf0f00b - .WORD 0x41adadec, 0xb3d4d467, 0x5fa2a2fd, 0x45afafea - .WORD 0x239c9cbf, 0x53a4a4f7, 0xe4727296, 0x9bc0c05b - .WORD 0x75b7b7c2, 0xe1fdfd1c, 0x3d9393ae, 0x4c26266a - .WORD 0x6c36365a, 0x7e3f3f41, 0xf5f7f702, 0x83cccc4f - .WORD 0x6834345c, 0x51a5a5f4, 0xd1e5e534, 0xf9f1f108 - .WORD 0xe2717193, 0xabd8d873, 0x62313153, 0x2a15153f - .WORD 0x0804040c, 0x95c7c752, 0x46232365, 0x9dc3c35e - .WORD 0x30181828, 0x379696a1, 0x0a05050f, 0x2f9a9ab5 - .WORD 0x0e070709, 0x24121236, 0x1b80809b, 0xdfe2e23d - .WORD 0xcdebeb26, 0x4e272769, 0x7fb2b2cd, 0xea75759f - .WORD 0x1209091b, 0x1d83839e, 0x582c2c74, 0x341a1a2e - .WORD 0x361b1b2d, 0xdc6e6eb2, 0xb45a5aee, 0x5ba0a0fb - .WORD 0xa45252f6, 0x763b3b4d, 0xb7d6d661, 0x7db3b3ce - .WORD 0x5229297b, 0xdde3e33e, 0x5e2f2f71, 0x13848497 - .WORD 0xa65353f5, 0xb9d1d168, 0x00000000, 0xc1eded2c - .WORD 0x40202060, 0xe3fcfc1f, 0x79b1b1c8, 0xb65b5bed - .WORD 0xd46a6abe, 0x8dcbcb46, 0x67bebed9, 0x7239394b - .WORD 0x944a4ade, 0x984c4cd4, 0xb05858e8, 0x85cfcf4a - .WORD 0xbbd0d06b, 0xc5efef2a, 0x4faaaae5, 0xedfbfb16 - .WORD 0x864343c5, 0x9a4d4dd7, 0x66333355, 0x11858594 - .WORD 0x8a4545cf, 0xe9f9f910, 0x04020206, 0xfe7f7f81 - .WORD 0xa05050f0, 0x783c3c44, 0x259f9fba, 0x4ba8a8e3 - .WORD 0xa25151f3, 0x5da3a3fe, 0x804040c0, 0x058f8f8a - .WORD 0x3f9292ad, 0x219d9dbc, 0x70383848, 0xf1f5f504 - .WORD 0x63bcbcdf, 0x77b6b6c1, 0xafdada75, 0x42212163 - .WORD 0x20101030, 0xe5ffff1a, 0xfdf3f30e, 0xbfd2d26d - .WORD 0x81cdcd4c, 0x180c0c14, 0x26131335, 0xc3ecec2f - .WORD 0xbe5f5fe1, 0x359797a2, 0x884444cc, 0x2e171739 - .WORD 0x93c4c457, 0x55a7a7f2, 0xfc7e7e82, 0x7a3d3d47 - .WORD 0xc86464ac, 0xba5d5de7, 0x3219192b, 0xe6737395 - .WORD 0xc06060a0, 0x19818198, 0x9e4f4fd1, 0xa3dcdc7f - .WORD 0x44222266, 0x542a2a7e, 0x3b9090ab, 0x0b888883 - .WORD 0x8c4646ca, 0xc7eeee29, 0x6bb8b8d3, 0x2814143c - .WORD 0xa7dede79, 0xbc5e5ee2, 0x160b0b1d, 0xaddbdb76 - .WORD 0xdbe0e03b, 0x64323256, 0x743a3a4e, 0x140a0a1e - .WORD 0x924949db, 0x0c06060a, 0x4824246c, 0xb85c5ce4 - .WORD 0x9fc2c25d, 0xbdd3d36e, 0x43acacef, 0xc46262a6 - .WORD 0x399191a8, 0x319595a4, 0xd3e4e437, 0xf279798b - .WORD 0xd5e7e732, 0x8bc8c843, 0x6e373759, 0xda6d6db7 - .WORD 0x018d8d8c, 0xb1d5d564, 0x9c4e4ed2, 0x49a9a9e0 - .WORD 0xd86c6cb4, 0xac5656fa, 0xf3f4f407, 0xcfeaea25 - .WORD 0xca6565af, 0xf47a7a8e, 0x47aeaee9, 0x10080818 - .WORD 0x6fbabad5, 0xf0787888, 0x4a25256f, 0x5c2e2e72 - .WORD 0x381c1c24, 0x57a6a6f1, 0x73b4b4c7, 0x97c6c651 - .WORD 0xcbe8e823, 0xa1dddd7c, 0xe874749c, 0x3e1f1f21 - .WORD 0x964b4bdd, 0x61bdbddc, 0x0d8b8b86, 0x0f8a8a85 - .WORD 0xe0707090, 0x7c3e3e42, 0x71b5b5c4, 0xcc6666aa - .WORD 0x904848d8, 0x06030305, 0xf7f6f601, 0x1c0e0e12 - .WORD 0xc26161a3, 0x6a35355f, 0xae5757f9, 0x69b9b9d0 - .WORD 0x17868691, 0x99c1c158, 0x3a1d1d27, 0x279e9eb9 - .WORD 0xd9e1e138, 0xebf8f813, 0x2b9898b3, 0x22111133 - .WORD 0xd26969bb, 0xa9d9d970, 0x078e8e89, 0x339494a7 - .WORD 0x2d9b9bb6, 0x3c1e1e22, 0x15878792, 0xc9e9e920 - .WORD 0x87cece49, 0xaa5555ff, 0x50282878, 0xa5dfdf7a - .WORD 0x038c8c8f, 0x59a1a1f8, 0x09898980, 0x1a0d0d17 - .WORD 0x65bfbfda, 0xd7e6e631, 0x844242c6, 0xd06868b8 - .WORD 0x824141c3, 0x299999b0, 0x5a2d2d77, 0x1e0f0f11 - .WORD 0x7bb0b0cb, 0xa85454fc, 0x6dbbbbd6, 0x2c16163a - .BYTE 0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5 - .BYTE 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76 - .BYTE 0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0 - .BYTE 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0 - .BYTE 0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc - .BYTE 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15 - .BYTE 0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a - .BYTE 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75 - .BYTE 0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0 - .BYTE 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84 - .BYTE 0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b - .BYTE 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf - .BYTE 0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85 - .BYTE 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8 - .BYTE 0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5 - .BYTE 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2 - .BYTE 0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17 - .BYTE 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73 - .BYTE 0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88 - .BYTE 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb - .BYTE 0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c - .BYTE 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79 - .BYTE 0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9 - .BYTE 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08 - .BYTE 0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6 - .BYTE 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a - .BYTE 0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e - .BYTE 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e - .BYTE 0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94 - .BYTE 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf - .BYTE 0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68 - .BYTE 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16 -___ - -$code.=<<___; - .EXPORT AES_decrypt,ENTRY,ARGW0=GR,ARGW1=GR,ARGW2=GR - .ALIGN 16 -AES_decrypt - .PROC - .CALLINFO FRAME=`$FRAME-16*$SIZE_T`,NO_CALLS,SAVE_RP,ENTRY_GR=18 - .ENTRY - $PUSH %r2,-$SAVED_RP(%sp) ; standard prologue - $PUSHMA %r3,$FRAME(%sp) - $PUSH %r4,`-$FRAME+1*$SIZE_T`(%sp) - $PUSH %r5,`-$FRAME+2*$SIZE_T`(%sp) - $PUSH %r6,`-$FRAME+3*$SIZE_T`(%sp) - $PUSH %r7,`-$FRAME+4*$SIZE_T`(%sp) - $PUSH %r8,`-$FRAME+5*$SIZE_T`(%sp) - $PUSH %r9,`-$FRAME+6*$SIZE_T`(%sp) - $PUSH %r10,`-$FRAME+7*$SIZE_T`(%sp) - $PUSH %r11,`-$FRAME+8*$SIZE_T`(%sp) - $PUSH %r12,`-$FRAME+9*$SIZE_T`(%sp) - $PUSH %r13,`-$FRAME+10*$SIZE_T`(%sp) - $PUSH %r14,`-$FRAME+11*$SIZE_T`(%sp) - $PUSH %r15,`-$FRAME+12*$SIZE_T`(%sp) - $PUSH %r16,`-$FRAME+13*$SIZE_T`(%sp) - $PUSH %r17,`-$FRAME+14*$SIZE_T`(%sp) - $PUSH %r18,`-$FRAME+15*$SIZE_T`(%sp) - - blr %r0,$tbl - ldi 3,$t0 -L\$dec_pic - andcm $tbl,$t0,$tbl - ldo L\$AES_Td-L\$dec_pic($tbl),$tbl - - and $inp,$t0,$t0 - sub $inp,$t0,$inp - ldw 0($inp),$s0 - ldw 4($inp),$s1 - ldw 8($inp),$s2 - comib,= 0,$t0,L\$dec_inp_aligned - ldw 12($inp),$s3 - - sh3addl $t0,%r0,$t0 - subi 32,$t0,$t0 - mtctl $t0,%cr11 - ldw 16($inp),$t1 - vshd $s0,$s1,$s0 - vshd $s1,$s2,$s1 - vshd $s2,$s3,$s2 - vshd $s3,$t1,$s3 - -L\$dec_inp_aligned - bl _parisc_AES_decrypt,%r31 - nop - - extru,<> $out,31,2,%r0 - b L\$dec_out_aligned - nop - - _srm $s0,24,$acc0 - _srm $s0,16,$acc1 - stb $acc0,0($out) - _srm $s0,8,$acc2 - stb $acc1,1($out) - _srm $s1,24,$acc4 - stb $acc2,2($out) - _srm $s1,16,$acc5 - stb $s0,3($out) - _srm $s1,8,$acc6 - stb $acc4,4($out) - _srm $s2,24,$acc0 - stb $acc5,5($out) - _srm $s2,16,$acc1 - stb $acc6,6($out) - _srm $s2,8,$acc2 - stb $s1,7($out) - _srm $s3,24,$acc4 - stb $acc0,8($out) - _srm $s3,16,$acc5 - stb $acc1,9($out) - _srm $s3,8,$acc6 - stb $acc2,10($out) - stb $s2,11($out) - stb $acc4,12($out) - stb $acc5,13($out) - stb $acc6,14($out) - b L\$dec_done - stb $s3,15($out) - -L\$dec_out_aligned - stw $s0,0($out) - stw $s1,4($out) - stw $s2,8($out) - stw $s3,12($out) - -L\$dec_done - $POP `-$FRAME-$SAVED_RP`(%sp),%r2 ; standard epilogue - $POP `-$FRAME+1*$SIZE_T`(%sp),%r4 - $POP `-$FRAME+2*$SIZE_T`(%sp),%r5 - $POP `-$FRAME+3*$SIZE_T`(%sp),%r6 - $POP `-$FRAME+4*$SIZE_T`(%sp),%r7 - $POP `-$FRAME+5*$SIZE_T`(%sp),%r8 - $POP `-$FRAME+6*$SIZE_T`(%sp),%r9 - $POP `-$FRAME+7*$SIZE_T`(%sp),%r10 - $POP `-$FRAME+8*$SIZE_T`(%sp),%r11 - $POP `-$FRAME+9*$SIZE_T`(%sp),%r12 - $POP `-$FRAME+10*$SIZE_T`(%sp),%r13 - $POP `-$FRAME+11*$SIZE_T`(%sp),%r14 - $POP `-$FRAME+12*$SIZE_T`(%sp),%r15 - $POP `-$FRAME+13*$SIZE_T`(%sp),%r16 - $POP `-$FRAME+14*$SIZE_T`(%sp),%r17 - $POP `-$FRAME+15*$SIZE_T`(%sp),%r18 - bv (%r2) - .EXIT - $POPMB -$FRAME(%sp),%r3 - .PROCEND - - .ALIGN 16 -_parisc_AES_decrypt - .PROC - .CALLINFO MILLICODE - .ENTRY - ldw 240($key),$rounds - ldw 0($key),$t0 - ldw 4($key),$t1 - ldw 8($key),$t2 - ldw 12($key),$t3 - _srm $rounds,1,$rounds - xor $t0,$s0,$s0 - ldw 16($key),$t0 - xor $t1,$s1,$s1 - ldw 20($key),$t1 - _srm $s0,24,$acc0 - xor $t2,$s2,$s2 - ldw 24($key),$t2 - xor $t3,$s3,$s3 - ldw 28($key),$t3 - _srm $s3,16,$acc1 -L\$dec_loop - _srm $s2,8,$acc2 - ldwx,s $acc0($tbl),$acc0 - _srm $s1,0,$acc3 - ldwx,s $acc1($tbl),$acc1 - _srm $s1,24,$acc4 - ldwx,s $acc2($tbl),$acc2 - _srm $s0,16,$acc5 - ldwx,s $acc3($tbl),$acc3 - _srm $s3,8,$acc6 - ldwx,s $acc4($tbl),$acc4 - _srm $s2,0,$acc7 - ldwx,s $acc5($tbl),$acc5 - _srm $s2,24,$acc8 - ldwx,s $acc6($tbl),$acc6 - _srm $s1,16,$acc9 - ldwx,s $acc7($tbl),$acc7 - _srm $s0,8,$acc10 - ldwx,s $acc8($tbl),$acc8 - _srm $s3,0,$acc11 - ldwx,s $acc9($tbl),$acc9 - _srm $s3,24,$acc12 - ldwx,s $acc10($tbl),$acc10 - _srm $s2,16,$acc13 - ldwx,s $acc11($tbl),$acc11 - _srm $s1,8,$acc14 - ldwx,s $acc12($tbl),$acc12 - _srm $s0,0,$acc15 - ldwx,s $acc13($tbl),$acc13 - ldwx,s $acc14($tbl),$acc14 - ldwx,s $acc15($tbl),$acc15 - addib,= -1,$rounds,L\$dec_last - ldo 32($key),$key - - _ror $acc1,8,$acc1 - xor $acc0,$t0,$t0 - ldw 0($key),$s0 - _ror $acc2,16,$acc2 - xor $acc1,$t0,$t0 - ldw 4($key),$s1 - _ror $acc3,24,$acc3 - xor $acc2,$t0,$t0 - ldw 8($key),$s2 - _ror $acc5,8,$acc5 - xor $acc3,$t0,$t0 - ldw 12($key),$s3 - _ror $acc6,16,$acc6 - xor $acc4,$t1,$t1 - _ror $acc7,24,$acc7 - xor $acc5,$t1,$t1 - _ror $acc9,8,$acc9 - xor $acc6,$t1,$t1 - _ror $acc10,16,$acc10 - xor $acc7,$t1,$t1 - _ror $acc11,24,$acc11 - xor $acc8,$t2,$t2 - _ror $acc13,8,$acc13 - xor $acc9,$t2,$t2 - _ror $acc14,16,$acc14 - xor $acc10,$t2,$t2 - _ror $acc15,24,$acc15 - xor $acc11,$t2,$t2 - xor $acc12,$acc14,$acc14 - xor $acc13,$t3,$t3 - _srm $t0,24,$acc0 - xor $acc14,$t3,$t3 - xor $acc15,$t3,$t3 - _srm $t3,16,$acc1 - - _srm $t2,8,$acc2 - ldwx,s $acc0($tbl),$acc0 - _srm $t1,0,$acc3 - ldwx,s $acc1($tbl),$acc1 - _srm $t1,24,$acc4 - ldwx,s $acc2($tbl),$acc2 - _srm $t0,16,$acc5 - ldwx,s $acc3($tbl),$acc3 - _srm $t3,8,$acc6 - ldwx,s $acc4($tbl),$acc4 - _srm $t2,0,$acc7 - ldwx,s $acc5($tbl),$acc5 - _srm $t2,24,$acc8 - ldwx,s $acc6($tbl),$acc6 - _srm $t1,16,$acc9 - ldwx,s $acc7($tbl),$acc7 - _srm $t0,8,$acc10 - ldwx,s $acc8($tbl),$acc8 - _srm $t3,0,$acc11 - ldwx,s $acc9($tbl),$acc9 - _srm $t3,24,$acc12 - ldwx,s $acc10($tbl),$acc10 - _srm $t2,16,$acc13 - ldwx,s $acc11($tbl),$acc11 - _srm $t1,8,$acc14 - ldwx,s $acc12($tbl),$acc12 - _srm $t0,0,$acc15 - ldwx,s $acc13($tbl),$acc13 - _ror $acc1,8,$acc1 - ldwx,s $acc14($tbl),$acc14 - - _ror $acc2,16,$acc2 - xor $acc0,$s0,$s0 - ldwx,s $acc15($tbl),$acc15 - _ror $acc3,24,$acc3 - xor $acc1,$s0,$s0 - ldw 16($key),$t0 - _ror $acc5,8,$acc5 - xor $acc2,$s0,$s0 - ldw 20($key),$t1 - _ror $acc6,16,$acc6 - xor $acc3,$s0,$s0 - ldw 24($key),$t2 - _ror $acc7,24,$acc7 - xor $acc4,$s1,$s1 - ldw 28($key),$t3 - _ror $acc9,8,$acc9 - xor $acc5,$s1,$s1 - ldw 1024+0($tbl),%r0 ; prefetch td4 - _ror $acc10,16,$acc10 - xor $acc6,$s1,$s1 - ldw 1024+32($tbl),%r0 ; prefetch td4 - _ror $acc11,24,$acc11 - xor $acc7,$s1,$s1 - ldw 1024+64($tbl),%r0 ; prefetch td4 - _ror $acc13,8,$acc13 - xor $acc8,$s2,$s2 - ldw 1024+96($tbl),%r0 ; prefetch td4 - _ror $acc14,16,$acc14 - xor $acc9,$s2,$s2 - ldw 1024+128($tbl),%r0 ; prefetch td4 - _ror $acc15,24,$acc15 - xor $acc10,$s2,$s2 - ldw 1024+160($tbl),%r0 ; prefetch td4 - _srm $s0,24,$acc0 - xor $acc11,$s2,$s2 - ldw 1024+192($tbl),%r0 ; prefetch td4 - xor $acc12,$acc14,$acc14 - xor $acc13,$s3,$s3 - ldw 1024+224($tbl),%r0 ; prefetch td4 - xor $acc14,$s3,$s3 - xor $acc15,$s3,$s3 - b L\$dec_loop - _srm $s3,16,$acc1 - - .ALIGN 16 -L\$dec_last - ldo 1024($tbl),$rounds - _ror $acc1,8,$acc1 - xor $acc0,$t0,$t0 - ldw 0($key),$s0 - _ror $acc2,16,$acc2 - xor $acc1,$t0,$t0 - ldw 4($key),$s1 - _ror $acc3,24,$acc3 - xor $acc2,$t0,$t0 - ldw 8($key),$s2 - _ror $acc5,8,$acc5 - xor $acc3,$t0,$t0 - ldw 12($key),$s3 - _ror $acc6,16,$acc6 - xor $acc4,$t1,$t1 - _ror $acc7,24,$acc7 - xor $acc5,$t1,$t1 - _ror $acc9,8,$acc9 - xor $acc6,$t1,$t1 - _ror $acc10,16,$acc10 - xor $acc7,$t1,$t1 - _ror $acc11,24,$acc11 - xor $acc8,$t2,$t2 - _ror $acc13,8,$acc13 - xor $acc9,$t2,$t2 - _ror $acc14,16,$acc14 - xor $acc10,$t2,$t2 - _ror $acc15,24,$acc15 - xor $acc11,$t2,$t2 - xor $acc12,$acc14,$acc14 - xor $acc13,$t3,$t3 - _srm $t0,24,$acc0 - xor $acc14,$t3,$t3 - xor $acc15,$t3,$t3 - _srm $t3,16,$acc1 - - _srm $t2,8,$acc2 - ldbx $acc0($rounds),$acc0 - _srm $t1,24,$acc4 - ldbx $acc1($rounds),$acc1 - _srm $t0,16,$acc5 - _srm $t1,0,$acc3 - ldbx $acc2($rounds),$acc2 - ldbx $acc3($rounds),$acc3 - _srm $t3,8,$acc6 - ldbx $acc4($rounds),$acc4 - _srm $t2,24,$acc8 - ldbx $acc5($rounds),$acc5 - _srm $t1,16,$acc9 - _srm $t2,0,$acc7 - ldbx $acc6($rounds),$acc6 - ldbx $acc7($rounds),$acc7 - _srm $t0,8,$acc10 - ldbx $acc8($rounds),$acc8 - _srm $t3,24,$acc12 - ldbx $acc9($rounds),$acc9 - _srm $t2,16,$acc13 - _srm $t3,0,$acc11 - ldbx $acc10($rounds),$acc10 - _srm $t1,8,$acc14 - ldbx $acc11($rounds),$acc11 - ldbx $acc12($rounds),$acc12 - ldbx $acc13($rounds),$acc13 - _srm $t0,0,$acc15 - ldbx $acc14($rounds),$acc14 - - dep $acc0,7,8,$acc3 - ldbx $acc15($rounds),$acc15 - dep $acc4,7,8,$acc7 - dep $acc1,15,8,$acc3 - dep $acc5,15,8,$acc7 - dep $acc2,23,8,$acc3 - dep $acc6,23,8,$acc7 - xor $acc3,$s0,$s0 - xor $acc7,$s1,$s1 - dep $acc8,7,8,$acc11 - dep $acc12,7,8,$acc15 - dep $acc9,15,8,$acc11 - dep $acc13,15,8,$acc15 - dep $acc10,23,8,$acc11 - dep $acc14,23,8,$acc15 - xor $acc11,$s2,$s2 - - bv (%r31) - .EXIT - xor $acc15,$s3,$s3 - .PROCEND - - .ALIGN 64 -L\$AES_Td - .WORD 0x51f4a750, 0x7e416553, 0x1a17a4c3, 0x3a275e96 - .WORD 0x3bab6bcb, 0x1f9d45f1, 0xacfa58ab, 0x4be30393 - .WORD 0x2030fa55, 0xad766df6, 0x88cc7691, 0xf5024c25 - .WORD 0x4fe5d7fc, 0xc52acbd7, 0x26354480, 0xb562a38f - .WORD 0xdeb15a49, 0x25ba1b67, 0x45ea0e98, 0x5dfec0e1 - .WORD 0xc32f7502, 0x814cf012, 0x8d4697a3, 0x6bd3f9c6 - .WORD 0x038f5fe7, 0x15929c95, 0xbf6d7aeb, 0x955259da - .WORD 0xd4be832d, 0x587421d3, 0x49e06929, 0x8ec9c844 - .WORD 0x75c2896a, 0xf48e7978, 0x99583e6b, 0x27b971dd - .WORD 0xbee14fb6, 0xf088ad17, 0xc920ac66, 0x7dce3ab4 - .WORD 0x63df4a18, 0xe51a3182, 0x97513360, 0x62537f45 - .WORD 0xb16477e0, 0xbb6bae84, 0xfe81a01c, 0xf9082b94 - .WORD 0x70486858, 0x8f45fd19, 0x94de6c87, 0x527bf8b7 - .WORD 0xab73d323, 0x724b02e2, 0xe31f8f57, 0x6655ab2a - .WORD 0xb2eb2807, 0x2fb5c203, 0x86c57b9a, 0xd33708a5 - .WORD 0x302887f2, 0x23bfa5b2, 0x02036aba, 0xed16825c - .WORD 0x8acf1c2b, 0xa779b492, 0xf307f2f0, 0x4e69e2a1 - .WORD 0x65daf4cd, 0x0605bed5, 0xd134621f, 0xc4a6fe8a - .WORD 0x342e539d, 0xa2f355a0, 0x058ae132, 0xa4f6eb75 - .WORD 0x0b83ec39, 0x4060efaa, 0x5e719f06, 0xbd6e1051 - .WORD 0x3e218af9, 0x96dd063d, 0xdd3e05ae, 0x4de6bd46 - .WORD 0x91548db5, 0x71c45d05, 0x0406d46f, 0x605015ff - .WORD 0x1998fb24, 0xd6bde997, 0x894043cc, 0x67d99e77 - .WORD 0xb0e842bd, 0x07898b88, 0xe7195b38, 0x79c8eedb - .WORD 0xa17c0a47, 0x7c420fe9, 0xf8841ec9, 0x00000000 - .WORD 0x09808683, 0x322bed48, 0x1e1170ac, 0x6c5a724e - .WORD 0xfd0efffb, 0x0f853856, 0x3daed51e, 0x362d3927 - .WORD 0x0a0fd964, 0x685ca621, 0x9b5b54d1, 0x24362e3a - .WORD 0x0c0a67b1, 0x9357e70f, 0xb4ee96d2, 0x1b9b919e - .WORD 0x80c0c54f, 0x61dc20a2, 0x5a774b69, 0x1c121a16 - .WORD 0xe293ba0a, 0xc0a02ae5, 0x3c22e043, 0x121b171d - .WORD 0x0e090d0b, 0xf28bc7ad, 0x2db6a8b9, 0x141ea9c8 - .WORD 0x57f11985, 0xaf75074c, 0xee99ddbb, 0xa37f60fd - .WORD 0xf701269f, 0x5c72f5bc, 0x44663bc5, 0x5bfb7e34 - .WORD 0x8b432976, 0xcb23c6dc, 0xb6edfc68, 0xb8e4f163 - .WORD 0xd731dcca, 0x42638510, 0x13972240, 0x84c61120 - .WORD 0x854a247d, 0xd2bb3df8, 0xaef93211, 0xc729a16d - .WORD 0x1d9e2f4b, 0xdcb230f3, 0x0d8652ec, 0x77c1e3d0 - .WORD 0x2bb3166c, 0xa970b999, 0x119448fa, 0x47e96422 - .WORD 0xa8fc8cc4, 0xa0f03f1a, 0x567d2cd8, 0x223390ef - .WORD 0x87494ec7, 0xd938d1c1, 0x8ccaa2fe, 0x98d40b36 - .WORD 0xa6f581cf, 0xa57ade28, 0xdab78e26, 0x3fadbfa4 - .WORD 0x2c3a9de4, 0x5078920d, 0x6a5fcc9b, 0x547e4662 - .WORD 0xf68d13c2, 0x90d8b8e8, 0x2e39f75e, 0x82c3aff5 - .WORD 0x9f5d80be, 0x69d0937c, 0x6fd52da9, 0xcf2512b3 - .WORD 0xc8ac993b, 0x10187da7, 0xe89c636e, 0xdb3bbb7b - .WORD 0xcd267809, 0x6e5918f4, 0xec9ab701, 0x834f9aa8 - .WORD 0xe6956e65, 0xaaffe67e, 0x21bccf08, 0xef15e8e6 - .WORD 0xbae79bd9, 0x4a6f36ce, 0xea9f09d4, 0x29b07cd6 - .WORD 0x31a4b2af, 0x2a3f2331, 0xc6a59430, 0x35a266c0 - .WORD 0x744ebc37, 0xfc82caa6, 0xe090d0b0, 0x33a7d815 - .WORD 0xf104984a, 0x41ecdaf7, 0x7fcd500e, 0x1791f62f - .WORD 0x764dd68d, 0x43efb04d, 0xccaa4d54, 0xe49604df - .WORD 0x9ed1b5e3, 0x4c6a881b, 0xc12c1fb8, 0x4665517f - .WORD 0x9d5eea04, 0x018c355d, 0xfa877473, 0xfb0b412e - .WORD 0xb3671d5a, 0x92dbd252, 0xe9105633, 0x6dd64713 - .WORD 0x9ad7618c, 0x37a10c7a, 0x59f8148e, 0xeb133c89 - .WORD 0xcea927ee, 0xb761c935, 0xe11ce5ed, 0x7a47b13c - .WORD 0x9cd2df59, 0x55f2733f, 0x1814ce79, 0x73c737bf - .WORD 0x53f7cdea, 0x5ffdaa5b, 0xdf3d6f14, 0x7844db86 - .WORD 0xcaaff381, 0xb968c43e, 0x3824342c, 0xc2a3405f - .WORD 0x161dc372, 0xbce2250c, 0x283c498b, 0xff0d9541 - .WORD 0x39a80171, 0x080cb3de, 0xd8b4e49c, 0x6456c190 - .WORD 0x7bcb8461, 0xd532b670, 0x486c5c74, 0xd0b85742 - .BYTE 0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38 - .BYTE 0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb - .BYTE 0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87 - .BYTE 0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb - .BYTE 0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d - .BYTE 0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e - .BYTE 0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2 - .BYTE 0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25 - .BYTE 0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16 - .BYTE 0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92 - .BYTE 0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda - .BYTE 0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84 - .BYTE 0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a - .BYTE 0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06 - .BYTE 0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02 - .BYTE 0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b - .BYTE 0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea - .BYTE 0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73 - .BYTE 0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85 - .BYTE 0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e - .BYTE 0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89 - .BYTE 0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b - .BYTE 0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20 - .BYTE 0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4 - .BYTE 0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31 - .BYTE 0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f - .BYTE 0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d - .BYTE 0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef - .BYTE 0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0 - .BYTE 0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61 - .BYTE 0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26 - .BYTE 0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d - .STRINGZ "AES for PA-RISC, CRYPTOGAMS by " -___ - -if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1` - =~ /GNU assembler/) { - $gnuas = 1; -} - -foreach (split("\n",$code)) { - s/\`([^\`]*)\`/eval $1/ge; - - # translate made up instructions: _ror, _srm - s/_ror(\s+)(%r[0-9]+),/shd$1$2,$2,/ or - - s/_srm(\s+%r[0-9]+),([0-9]+),/ - $SIZE_T==4 ? sprintf("extru%s,%d,8,",$1,31-$2) - : sprintf("extrd,u%s,%d,8,",$1,63-$2)/e; - - s/(\.LEVEL\s+2\.0)W/$1w/ if ($gnuas && $SIZE_T==8); - s/\.SPACE\s+\$TEXT\$/.text/ if ($gnuas && $SIZE_T==8); - s/\.SUBSPA.*// if ($gnuas && $SIZE_T==8); - s/,\*/,/ if ($SIZE_T==4); - s/\bbv\b(.*\(%r2\))/bve$1/ if ($SIZE_T==8); - - print $_,"\n"; -} -close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/aes/asm/aes-ppc.pl b/crypto/aes/asm/aes-ppc.pl deleted file mode 100644 index 595182c89bf3bdce62713be107d7c2d28abe9739..0000000000000000000000000000000000000000 --- a/crypto/aes/asm/aes-ppc.pl +++ /dev/null @@ -1,1463 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - - -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# ==================================================================== - -# Needs more work: key setup, CBC routine... -# -# ppc_AES_[en|de]crypt perform at 18 cycles per byte processed with -# 128-bit key, which is ~40% better than 64-bit code generated by gcc -# 4.0. But these are not the ones currently used! Their "compact" -# counterparts are, for security reason. ppc_AES_encrypt_compact runs -# at 1/2 of ppc_AES_encrypt speed, while ppc_AES_decrypt_compact - -# at 1/3 of ppc_AES_decrypt. - -# February 2010 -# -# Rescheduling instructions to favour Power6 pipeline gave 10% -# performance improvement on the platform in question (and marginal -# improvement even on others). It should be noted that Power6 fails -# to process byte in 18 cycles, only in 23, because it fails to issue -# 4 load instructions in two cycles, only in 3. As result non-compact -# block subroutines are 25% slower than one would expect. Compact -# functions scale better, because they have pure computational part, -# which scales perfectly with clock frequency. To be specific -# ppc_AES_encrypt_compact operates at 42 cycles per byte, while -# ppc_AES_decrypt_compact - at 55 (in 64-bit build). - -# $output is the last argument if it looks like a file (it has an extension) -# $flavour is the first argument if it doesn't look like a file -$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; -$flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef; - -if ($flavour =~ /64/) { - $SIZE_T =8; - $LRSAVE =2*$SIZE_T; - $STU ="stdu"; - $POP ="ld"; - $PUSH ="std"; -} elsif ($flavour =~ /32/) { - $SIZE_T =4; - $LRSAVE =$SIZE_T; - $STU ="stwu"; - $POP ="lwz"; - $PUSH ="stw"; -} else { die "nonsense $flavour"; } - -$LITTLE_ENDIAN = ($flavour=~/le$/) ? $SIZE_T : 0; - -$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; -( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or -( $xlate="${dir}../../perlasm/ppc-xlate.pl" and -f $xlate) or -die "can't locate ppc-xlate.pl"; - -open STDOUT,"| $^X $xlate $flavour \"$output\"" - or die "can't call $xlate: $!"; - -$FRAME=32*$SIZE_T; - -sub _data_word() -{ my $i; - while(defined($i=shift)) { $code.=sprintf"\t.long\t0x%08x,0x%08x\n",$i,$i; } -} - -$sp="r1"; -$toc="r2"; -$inp="r3"; -$out="r4"; -$key="r5"; - -$Tbl0="r3"; -$Tbl1="r6"; -$Tbl2="r7"; -$Tbl3=$out; # stay away from "r2"; $out is offloaded to stack - -$s0="r8"; -$s1="r9"; -$s2="r10"; -$s3="r11"; - -$t0="r12"; -$t1="r0"; # stay away from "r13"; -$t2="r14"; -$t3="r15"; - -$acc00="r16"; -$acc01="r17"; -$acc02="r18"; -$acc03="r19"; - -$acc04="r20"; -$acc05="r21"; -$acc06="r22"; -$acc07="r23"; - -$acc08="r24"; -$acc09="r25"; -$acc10="r26"; -$acc11="r27"; - -$acc12="r28"; -$acc13="r29"; -$acc14="r30"; -$acc15="r31"; - -$mask80=$Tbl2; -$mask1b=$Tbl3; - -$code.=<<___; -.machine "any" -.text - -.align 7 -LAES_Te: - mflr r0 - bcl 20,31,\$+4 - mflr $Tbl0 ; vvvvv "distance" between . and 1st data entry - addi $Tbl0,$Tbl0,`128-8` - mtlr r0 - blr - .long 0 - .byte 0,12,0x14,0,0,0,0,0 - .space `64-9*4` -LAES_Td: - mflr r0 - bcl 20,31,\$+4 - mflr $Tbl0 ; vvvvvvvv "distance" between . and 1st data entry - addi $Tbl0,$Tbl0,`128-64-8+2048+256` - mtlr r0 - blr - .long 0 - .byte 0,12,0x14,0,0,0,0,0 - .space `128-64-9*4` -___ -&_data_word( - 0xc66363a5, 0xf87c7c84, 0xee777799, 0xf67b7b8d, - 0xfff2f20d, 0xd66b6bbd, 0xde6f6fb1, 0x91c5c554, - 0x60303050, 0x02010103, 0xce6767a9, 0x562b2b7d, - 0xe7fefe19, 0xb5d7d762, 0x4dababe6, 0xec76769a, - 0x8fcaca45, 0x1f82829d, 0x89c9c940, 0xfa7d7d87, - 0xeffafa15, 0xb25959eb, 0x8e4747c9, 0xfbf0f00b, - 0x41adadec, 0xb3d4d467, 0x5fa2a2fd, 0x45afafea, - 0x239c9cbf, 0x53a4a4f7, 0xe4727296, 0x9bc0c05b, - 0x75b7b7c2, 0xe1fdfd1c, 0x3d9393ae, 0x4c26266a, - 0x6c36365a, 0x7e3f3f41, 0xf5f7f702, 0x83cccc4f, - 0x6834345c, 0x51a5a5f4, 0xd1e5e534, 0xf9f1f108, - 0xe2717193, 0xabd8d873, 0x62313153, 0x2a15153f, - 0x0804040c, 0x95c7c752, 0x46232365, 0x9dc3c35e, - 0x30181828, 0x379696a1, 0x0a05050f, 0x2f9a9ab5, - 0x0e070709, 0x24121236, 0x1b80809b, 0xdfe2e23d, - 0xcdebeb26, 0x4e272769, 0x7fb2b2cd, 0xea75759f, - 0x1209091b, 0x1d83839e, 0x582c2c74, 0x341a1a2e, - 0x361b1b2d, 0xdc6e6eb2, 0xb45a5aee, 0x5ba0a0fb, - 0xa45252f6, 0x763b3b4d, 0xb7d6d661, 0x7db3b3ce, - 0x5229297b, 0xdde3e33e, 0x5e2f2f71, 0x13848497, - 0xa65353f5, 0xb9d1d168, 0x00000000, 0xc1eded2c, - 0x40202060, 0xe3fcfc1f, 0x79b1b1c8, 0xb65b5bed, - 0xd46a6abe, 0x8dcbcb46, 0x67bebed9, 0x7239394b, - 0x944a4ade, 0x984c4cd4, 0xb05858e8, 0x85cfcf4a, - 0xbbd0d06b, 0xc5efef2a, 0x4faaaae5, 0xedfbfb16, - 0x864343c5, 0x9a4d4dd7, 0x66333355, 0x11858594, - 0x8a4545cf, 0xe9f9f910, 0x04020206, 0xfe7f7f81, - 0xa05050f0, 0x783c3c44, 0x259f9fba, 0x4ba8a8e3, - 0xa25151f3, 0x5da3a3fe, 0x804040c0, 0x058f8f8a, - 0x3f9292ad, 0x219d9dbc, 0x70383848, 0xf1f5f504, - 0x63bcbcdf, 0x77b6b6c1, 0xafdada75, 0x42212163, - 0x20101030, 0xe5ffff1a, 0xfdf3f30e, 0xbfd2d26d, - 0x81cdcd4c, 0x180c0c14, 0x26131335, 0xc3ecec2f, - 0xbe5f5fe1, 0x359797a2, 0x884444cc, 0x2e171739, - 0x93c4c457, 0x55a7a7f2, 0xfc7e7e82, 0x7a3d3d47, - 0xc86464ac, 0xba5d5de7, 0x3219192b, 0xe6737395, - 0xc06060a0, 0x19818198, 0x9e4f4fd1, 0xa3dcdc7f, - 0x44222266, 0x542a2a7e, 0x3b9090ab, 0x0b888883, - 0x8c4646ca, 0xc7eeee29, 0x6bb8b8d3, 0x2814143c, - 0xa7dede79, 0xbc5e5ee2, 0x160b0b1d, 0xaddbdb76, - 0xdbe0e03b, 0x64323256, 0x743a3a4e, 0x140a0a1e, - 0x924949db, 0x0c06060a, 0x4824246c, 0xb85c5ce4, - 0x9fc2c25d, 0xbdd3d36e, 0x43acacef, 0xc46262a6, - 0x399191a8, 0x319595a4, 0xd3e4e437, 0xf279798b, - 0xd5e7e732, 0x8bc8c843, 0x6e373759, 0xda6d6db7, - 0x018d8d8c, 0xb1d5d564, 0x9c4e4ed2, 0x49a9a9e0, - 0xd86c6cb4, 0xac5656fa, 0xf3f4f407, 0xcfeaea25, - 0xca6565af, 0xf47a7a8e, 0x47aeaee9, 0x10080818, - 0x6fbabad5, 0xf0787888, 0x4a25256f, 0x5c2e2e72, - 0x381c1c24, 0x57a6a6f1, 0x73b4b4c7, 0x97c6c651, - 0xcbe8e823, 0xa1dddd7c, 0xe874749c, 0x3e1f1f21, - 0x964b4bdd, 0x61bdbddc, 0x0d8b8b86, 0x0f8a8a85, - 0xe0707090, 0x7c3e3e42, 0x71b5b5c4, 0xcc6666aa, - 0x904848d8, 0x06030305, 0xf7f6f601, 0x1c0e0e12, - 0xc26161a3, 0x6a35355f, 0xae5757f9, 0x69b9b9d0, - 0x17868691, 0x99c1c158, 0x3a1d1d27, 0x279e9eb9, - 0xd9e1e138, 0xebf8f813, 0x2b9898b3, 0x22111133, - 0xd26969bb, 0xa9d9d970, 0x078e8e89, 0x339494a7, - 0x2d9b9bb6, 0x3c1e1e22, 0x15878792, 0xc9e9e920, - 0x87cece49, 0xaa5555ff, 0x50282878, 0xa5dfdf7a, - 0x038c8c8f, 0x59a1a1f8, 0x09898980, 0x1a0d0d17, - 0x65bfbfda, 0xd7e6e631, 0x844242c6, 0xd06868b8, - 0x824141c3, 0x299999b0, 0x5a2d2d77, 0x1e0f0f11, - 0x7bb0b0cb, 0xa85454fc, 0x6dbbbbd6, 0x2c16163a); -$code.=<<___; -.byte 0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5 -.byte 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76 -.byte 0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0 -.byte 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0 -.byte 0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc -.byte 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15 -.byte 0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a -.byte 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75 -.byte 0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0 -.byte 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84 -.byte 0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b -.byte 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf -.byte 0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85 -.byte 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8 -.byte 0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5 -.byte 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2 -.byte 0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17 -.byte 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73 -.byte 0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88 -.byte 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb -.byte 0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c -.byte 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79 -.byte 0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9 -.byte 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08 -.byte 0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6 -.byte 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a -.byte 0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e -.byte 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e -.byte 0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94 -.byte 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf -.byte 0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68 -.byte 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16 -___ -&_data_word( - 0x51f4a750, 0x7e416553, 0x1a17a4c3, 0x3a275e96, - 0x3bab6bcb, 0x1f9d45f1, 0xacfa58ab, 0x4be30393, - 0x2030fa55, 0xad766df6, 0x88cc7691, 0xf5024c25, - 0x4fe5d7fc, 0xc52acbd7, 0x26354480, 0xb562a38f, - 0xdeb15a49, 0x25ba1b67, 0x45ea0e98, 0x5dfec0e1, - 0xc32f7502, 0x814cf012, 0x8d4697a3, 0x6bd3f9c6, - 0x038f5fe7, 0x15929c95, 0xbf6d7aeb, 0x955259da, - 0xd4be832d, 0x587421d3, 0x49e06929, 0x8ec9c844, - 0x75c2896a, 0xf48e7978, 0x99583e6b, 0x27b971dd, - 0xbee14fb6, 0xf088ad17, 0xc920ac66, 0x7dce3ab4, - 0x63df4a18, 0xe51a3182, 0x97513360, 0x62537f45, - 0xb16477e0, 0xbb6bae84, 0xfe81a01c, 0xf9082b94, - 0x70486858, 0x8f45fd19, 0x94de6c87, 0x527bf8b7, - 0xab73d323, 0x724b02e2, 0xe31f8f57, 0x6655ab2a, - 0xb2eb2807, 0x2fb5c203, 0x86c57b9a, 0xd33708a5, - 0x302887f2, 0x23bfa5b2, 0x02036aba, 0xed16825c, - 0x8acf1c2b, 0xa779b492, 0xf307f2f0, 0x4e69e2a1, - 0x65daf4cd, 0x0605bed5, 0xd134621f, 0xc4a6fe8a, - 0x342e539d, 0xa2f355a0, 0x058ae132, 0xa4f6eb75, - 0x0b83ec39, 0x4060efaa, 0x5e719f06, 0xbd6e1051, - 0x3e218af9, 0x96dd063d, 0xdd3e05ae, 0x4de6bd46, - 0x91548db5, 0x71c45d05, 0x0406d46f, 0x605015ff, - 0x1998fb24, 0xd6bde997, 0x894043cc, 0x67d99e77, - 0xb0e842bd, 0x07898b88, 0xe7195b38, 0x79c8eedb, - 0xa17c0a47, 0x7c420fe9, 0xf8841ec9, 0x00000000, - 0x09808683, 0x322bed48, 0x1e1170ac, 0x6c5a724e, - 0xfd0efffb, 0x0f853856, 0x3daed51e, 0x362d3927, - 0x0a0fd964, 0x685ca621, 0x9b5b54d1, 0x24362e3a, - 0x0c0a67b1, 0x9357e70f, 0xb4ee96d2, 0x1b9b919e, - 0x80c0c54f, 0x61dc20a2, 0x5a774b69, 0x1c121a16, - 0xe293ba0a, 0xc0a02ae5, 0x3c22e043, 0x121b171d, - 0x0e090d0b, 0xf28bc7ad, 0x2db6a8b9, 0x141ea9c8, - 0x57f11985, 0xaf75074c, 0xee99ddbb, 0xa37f60fd, - 0xf701269f, 0x5c72f5bc, 0x44663bc5, 0x5bfb7e34, - 0x8b432976, 0xcb23c6dc, 0xb6edfc68, 0xb8e4f163, - 0xd731dcca, 0x42638510, 0x13972240, 0x84c61120, - 0x854a247d, 0xd2bb3df8, 0xaef93211, 0xc729a16d, - 0x1d9e2f4b, 0xdcb230f3, 0x0d8652ec, 0x77c1e3d0, - 0x2bb3166c, 0xa970b999, 0x119448fa, 0x47e96422, - 0xa8fc8cc4, 0xa0f03f1a, 0x567d2cd8, 0x223390ef, - 0x87494ec7, 0xd938d1c1, 0x8ccaa2fe, 0x98d40b36, - 0xa6f581cf, 0xa57ade28, 0xdab78e26, 0x3fadbfa4, - 0x2c3a9de4, 0x5078920d, 0x6a5fcc9b, 0x547e4662, - 0xf68d13c2, 0x90d8b8e8, 0x2e39f75e, 0x82c3aff5, - 0x9f5d80be, 0x69d0937c, 0x6fd52da9, 0xcf2512b3, - 0xc8ac993b, 0x10187da7, 0xe89c636e, 0xdb3bbb7b, - 0xcd267809, 0x6e5918f4, 0xec9ab701, 0x834f9aa8, - 0xe6956e65, 0xaaffe67e, 0x21bccf08, 0xef15e8e6, - 0xbae79bd9, 0x4a6f36ce, 0xea9f09d4, 0x29b07cd6, - 0x31a4b2af, 0x2a3f2331, 0xc6a59430, 0x35a266c0, - 0x744ebc37, 0xfc82caa6, 0xe090d0b0, 0x33a7d815, - 0xf104984a, 0x41ecdaf7, 0x7fcd500e, 0x1791f62f, - 0x764dd68d, 0x43efb04d, 0xccaa4d54, 0xe49604df, - 0x9ed1b5e3, 0x4c6a881b, 0xc12c1fb8, 0x4665517f, - 0x9d5eea04, 0x018c355d, 0xfa877473, 0xfb0b412e, - 0xb3671d5a, 0x92dbd252, 0xe9105633, 0x6dd64713, - 0x9ad7618c, 0x37a10c7a, 0x59f8148e, 0xeb133c89, - 0xcea927ee, 0xb761c935, 0xe11ce5ed, 0x7a47b13c, - 0x9cd2df59, 0x55f2733f, 0x1814ce79, 0x73c737bf, - 0x53f7cdea, 0x5ffdaa5b, 0xdf3d6f14, 0x7844db86, - 0xcaaff381, 0xb968c43e, 0x3824342c, 0xc2a3405f, - 0x161dc372, 0xbce2250c, 0x283c498b, 0xff0d9541, - 0x39a80171, 0x080cb3de, 0xd8b4e49c, 0x6456c190, - 0x7bcb8461, 0xd532b670, 0x486c5c74, 0xd0b85742); -$code.=<<___; -.byte 0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38 -.byte 0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb -.byte 0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87 -.byte 0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb -.byte 0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d -.byte 0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e -.byte 0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2 -.byte 0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25 -.byte 0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16 -.byte 0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92 -.byte 0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda -.byte 0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84 -.byte 0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a -.byte 0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06 -.byte 0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02 -.byte 0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b -.byte 0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea -.byte 0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73 -.byte 0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85 -.byte 0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e -.byte 0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89 -.byte 0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b -.byte 0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20 -.byte 0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4 -.byte 0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31 -.byte 0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f -.byte 0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d -.byte 0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef -.byte 0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0 -.byte 0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61 -.byte 0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26 -.byte 0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d - - -.globl .AES_encrypt -.align 7 -.AES_encrypt: - $STU $sp,-$FRAME($sp) - mflr r0 - - $PUSH $out,`$FRAME-$SIZE_T*19`($sp) - $PUSH r14,`$FRAME-$SIZE_T*18`($sp) - $PUSH r15,`$FRAME-$SIZE_T*17`($sp) - $PUSH r16,`$FRAME-$SIZE_T*16`($sp) - $PUSH r17,`$FRAME-$SIZE_T*15`($sp) - $PUSH r18,`$FRAME-$SIZE_T*14`($sp) - $PUSH r19,`$FRAME-$SIZE_T*13`($sp) - $PUSH r20,`$FRAME-$SIZE_T*12`($sp) - $PUSH r21,`$FRAME-$SIZE_T*11`($sp) - $PUSH r22,`$FRAME-$SIZE_T*10`($sp) - $PUSH r23,`$FRAME-$SIZE_T*9`($sp) - $PUSH r24,`$FRAME-$SIZE_T*8`($sp) - $PUSH r25,`$FRAME-$SIZE_T*7`($sp) - $PUSH r26,`$FRAME-$SIZE_T*6`($sp) - $PUSH r27,`$FRAME-$SIZE_T*5`($sp) - $PUSH r28,`$FRAME-$SIZE_T*4`($sp) - $PUSH r29,`$FRAME-$SIZE_T*3`($sp) - $PUSH r30,`$FRAME-$SIZE_T*2`($sp) - $PUSH r31,`$FRAME-$SIZE_T*1`($sp) - $PUSH r0,`$FRAME+$LRSAVE`($sp) - - andi. $t0,$inp,3 - andi. $t1,$out,3 - or. $t0,$t0,$t1 - bne Lenc_unaligned - -Lenc_unaligned_ok: -___ -$code.=<<___ if (!$LITTLE_ENDIAN); - lwz $s0,0($inp) - lwz $s1,4($inp) - lwz $s2,8($inp) - lwz $s3,12($inp) -___ -$code.=<<___ if ($LITTLE_ENDIAN); - lwz $t0,0($inp) - lwz $t1,4($inp) - lwz $t2,8($inp) - lwz $t3,12($inp) - rotlwi $s0,$t0,8 - rotlwi $s1,$t1,8 - rotlwi $s2,$t2,8 - rotlwi $s3,$t3,8 - rlwimi $s0,$t0,24,0,7 - rlwimi $s1,$t1,24,0,7 - rlwimi $s2,$t2,24,0,7 - rlwimi $s3,$t3,24,0,7 - rlwimi $s0,$t0,24,16,23 - rlwimi $s1,$t1,24,16,23 - rlwimi $s2,$t2,24,16,23 - rlwimi $s3,$t3,24,16,23 -___ -$code.=<<___; - bl LAES_Te - bl Lppc_AES_encrypt_compact - $POP $out,`$FRAME-$SIZE_T*19`($sp) -___ -$code.=<<___ if ($LITTLE_ENDIAN); - rotlwi $t0,$s0,8 - rotlwi $t1,$s1,8 - rotlwi $t2,$s2,8 - rotlwi $t3,$s3,8 - rlwimi $t0,$s0,24,0,7 - rlwimi $t1,$s1,24,0,7 - rlwimi $t2,$s2,24,0,7 - rlwimi $t3,$s3,24,0,7 - rlwimi $t0,$s0,24,16,23 - rlwimi $t1,$s1,24,16,23 - rlwimi $t2,$s2,24,16,23 - rlwimi $t3,$s3,24,16,23 - stw $t0,0($out) - stw $t1,4($out) - stw $t2,8($out) - stw $t3,12($out) -___ -$code.=<<___ if (!$LITTLE_ENDIAN); - stw $s0,0($out) - stw $s1,4($out) - stw $s2,8($out) - stw $s3,12($out) -___ -$code.=<<___; - b Lenc_done - -Lenc_unaligned: - subfic $t0,$inp,4096 - subfic $t1,$out,4096 - andi. $t0,$t0,4096-16 - beq Lenc_xpage - andi. $t1,$t1,4096-16 - bne Lenc_unaligned_ok - -Lenc_xpage: - lbz $acc00,0($inp) - lbz $acc01,1($inp) - lbz $acc02,2($inp) - lbz $s0,3($inp) - lbz $acc04,4($inp) - lbz $acc05,5($inp) - lbz $acc06,6($inp) - lbz $s1,7($inp) - lbz $acc08,8($inp) - lbz $acc09,9($inp) - lbz $acc10,10($inp) - insrwi $s0,$acc00,8,0 - lbz $s2,11($inp) - insrwi $s1,$acc04,8,0 - lbz $acc12,12($inp) - insrwi $s0,$acc01,8,8 - lbz $acc13,13($inp) - insrwi $s1,$acc05,8,8 - lbz $acc14,14($inp) - insrwi $s0,$acc02,8,16 - lbz $s3,15($inp) - insrwi $s1,$acc06,8,16 - insrwi $s2,$acc08,8,0 - insrwi $s3,$acc12,8,0 - insrwi $s2,$acc09,8,8 - insrwi $s3,$acc13,8,8 - insrwi $s2,$acc10,8,16 - insrwi $s3,$acc14,8,16 - - bl LAES_Te - bl Lppc_AES_encrypt_compact - $POP $out,`$FRAME-$SIZE_T*19`($sp) - - extrwi $acc00,$s0,8,0 - extrwi $acc01,$s0,8,8 - stb $acc00,0($out) - extrwi $acc02,$s0,8,16 - stb $acc01,1($out) - stb $acc02,2($out) - extrwi $acc04,$s1,8,0 - stb $s0,3($out) - extrwi $acc05,$s1,8,8 - stb $acc04,4($out) - extrwi $acc06,$s1,8,16 - stb $acc05,5($out) - stb $acc06,6($out) - extrwi $acc08,$s2,8,0 - stb $s1,7($out) - extrwi $acc09,$s2,8,8 - stb $acc08,8($out) - extrwi $acc10,$s2,8,16 - stb $acc09,9($out) - stb $acc10,10($out) - extrwi $acc12,$s3,8,0 - stb $s2,11($out) - extrwi $acc13,$s3,8,8 - stb $acc12,12($out) - extrwi $acc14,$s3,8,16 - stb $acc13,13($out) - stb $acc14,14($out) - stb $s3,15($out) - -Lenc_done: - $POP r0,`$FRAME+$LRSAVE`($sp) - $POP r14,`$FRAME-$SIZE_T*18`($sp) - $POP r15,`$FRAME-$SIZE_T*17`($sp) - $POP r16,`$FRAME-$SIZE_T*16`($sp) - $POP r17,`$FRAME-$SIZE_T*15`($sp) - $POP r18,`$FRAME-$SIZE_T*14`($sp) - $POP r19,`$FRAME-$SIZE_T*13`($sp) - $POP r20,`$FRAME-$SIZE_T*12`($sp) - $POP r21,`$FRAME-$SIZE_T*11`($sp) - $POP r22,`$FRAME-$SIZE_T*10`($sp) - $POP r23,`$FRAME-$SIZE_T*9`($sp) - $POP r24,`$FRAME-$SIZE_T*8`($sp) - $POP r25,`$FRAME-$SIZE_T*7`($sp) - $POP r26,`$FRAME-$SIZE_T*6`($sp) - $POP r27,`$FRAME-$SIZE_T*5`($sp) - $POP r28,`$FRAME-$SIZE_T*4`($sp) - $POP r29,`$FRAME-$SIZE_T*3`($sp) - $POP r30,`$FRAME-$SIZE_T*2`($sp) - $POP r31,`$FRAME-$SIZE_T*1`($sp) - mtlr r0 - addi $sp,$sp,$FRAME - blr - .long 0 - .byte 0,12,4,1,0x80,18,3,0 - .long 0 - -.align 5 -Lppc_AES_encrypt: - lwz $acc00,240($key) - addi $Tbl1,$Tbl0,3 - lwz $t0,0($key) - addi $Tbl2,$Tbl0,2 - lwz $t1,4($key) - addi $Tbl3,$Tbl0,1 - lwz $t2,8($key) - addi $acc00,$acc00,-1 - lwz $t3,12($key) - addi $key,$key,16 - xor $s0,$s0,$t0 - xor $s1,$s1,$t1 - xor $s2,$s2,$t2 - xor $s3,$s3,$t3 - mtctr $acc00 -.align 4 -Lenc_loop: - rlwinm $acc00,$s0,`32-24+3`,21,28 - rlwinm $acc01,$s1,`32-24+3`,21,28 - rlwinm $acc02,$s2,`32-24+3`,21,28 - rlwinm $acc03,$s3,`32-24+3`,21,28 - lwz $t0,0($key) - rlwinm $acc04,$s1,`32-16+3`,21,28 - lwz $t1,4($key) - rlwinm $acc05,$s2,`32-16+3`,21,28 - lwz $t2,8($key) - rlwinm $acc06,$s3,`32-16+3`,21,28 - lwz $t3,12($key) - rlwinm $acc07,$s0,`32-16+3`,21,28 - lwzx $acc00,$Tbl0,$acc00 - rlwinm $acc08,$s2,`32-8+3`,21,28 - lwzx $acc01,$Tbl0,$acc01 - rlwinm $acc09,$s3,`32-8+3`,21,28 - lwzx $acc02,$Tbl0,$acc02 - rlwinm $acc10,$s0,`32-8+3`,21,28 - lwzx $acc03,$Tbl0,$acc03 - rlwinm $acc11,$s1,`32-8+3`,21,28 - lwzx $acc04,$Tbl1,$acc04 - rlwinm $acc12,$s3,`0+3`,21,28 - lwzx $acc05,$Tbl1,$acc05 - rlwinm $acc13,$s0,`0+3`,21,28 - lwzx $acc06,$Tbl1,$acc06 - rlwinm $acc14,$s1,`0+3`,21,28 - lwzx $acc07,$Tbl1,$acc07 - rlwinm $acc15,$s2,`0+3`,21,28 - lwzx $acc08,$Tbl2,$acc08 - xor $t0,$t0,$acc00 - lwzx $acc09,$Tbl2,$acc09 - xor $t1,$t1,$acc01 - lwzx $acc10,$Tbl2,$acc10 - xor $t2,$t2,$acc02 - lwzx $acc11,$Tbl2,$acc11 - xor $t3,$t3,$acc03 - lwzx $acc12,$Tbl3,$acc12 - xor $t0,$t0,$acc04 - lwzx $acc13,$Tbl3,$acc13 - xor $t1,$t1,$acc05 - lwzx $acc14,$Tbl3,$acc14 - xor $t2,$t2,$acc06 - lwzx $acc15,$Tbl3,$acc15 - xor $t3,$t3,$acc07 - xor $t0,$t0,$acc08 - xor $t1,$t1,$acc09 - xor $t2,$t2,$acc10 - xor $t3,$t3,$acc11 - xor $s0,$t0,$acc12 - xor $s1,$t1,$acc13 - xor $s2,$t2,$acc14 - xor $s3,$t3,$acc15 - addi $key,$key,16 - bdnz Lenc_loop - - addi $Tbl2,$Tbl0,2048 - nop - lwz $t0,0($key) - rlwinm $acc00,$s0,`32-24`,24,31 - lwz $t1,4($key) - rlwinm $acc01,$s1,`32-24`,24,31 - lwz $t2,8($key) - rlwinm $acc02,$s2,`32-24`,24,31 - lwz $t3,12($key) - rlwinm $acc03,$s3,`32-24`,24,31 - lwz $acc08,`2048+0`($Tbl0) ! prefetch Te4 - rlwinm $acc04,$s1,`32-16`,24,31 - lwz $acc09,`2048+32`($Tbl0) - rlwinm $acc05,$s2,`32-16`,24,31 - lwz $acc10,`2048+64`($Tbl0) - rlwinm $acc06,$s3,`32-16`,24,31 - lwz $acc11,`2048+96`($Tbl0) - rlwinm $acc07,$s0,`32-16`,24,31 - lwz $acc12,`2048+128`($Tbl0) - rlwinm $acc08,$s2,`32-8`,24,31 - lwz $acc13,`2048+160`($Tbl0) - rlwinm $acc09,$s3,`32-8`,24,31 - lwz $acc14,`2048+192`($Tbl0) - rlwinm $acc10,$s0,`32-8`,24,31 - lwz $acc15,`2048+224`($Tbl0) - rlwinm $acc11,$s1,`32-8`,24,31 - lbzx $acc00,$Tbl2,$acc00 - rlwinm $acc12,$s3,`0`,24,31 - lbzx $acc01,$Tbl2,$acc01 - rlwinm $acc13,$s0,`0`,24,31 - lbzx $acc02,$Tbl2,$acc02 - rlwinm $acc14,$s1,`0`,24,31 - lbzx $acc03,$Tbl2,$acc03 - rlwinm $acc15,$s2,`0`,24,31 - lbzx $acc04,$Tbl2,$acc04 - rlwinm $s0,$acc00,24,0,7 - lbzx $acc05,$Tbl2,$acc05 - rlwinm $s1,$acc01,24,0,7 - lbzx $acc06,$Tbl2,$acc06 - rlwinm $s2,$acc02,24,0,7 - lbzx $acc07,$Tbl2,$acc07 - rlwinm $s3,$acc03,24,0,7 - lbzx $acc08,$Tbl2,$acc08 - rlwimi $s0,$acc04,16,8,15 - lbzx $acc09,$Tbl2,$acc09 - rlwimi $s1,$acc05,16,8,15 - lbzx $acc10,$Tbl2,$acc10 - rlwimi $s2,$acc06,16,8,15 - lbzx $acc11,$Tbl2,$acc11 - rlwimi $s3,$acc07,16,8,15 - lbzx $acc12,$Tbl2,$acc12 - rlwimi $s0,$acc08,8,16,23 - lbzx $acc13,$Tbl2,$acc13 - rlwimi $s1,$acc09,8,16,23 - lbzx $acc14,$Tbl2,$acc14 - rlwimi $s2,$acc10,8,16,23 - lbzx $acc15,$Tbl2,$acc15 - rlwimi $s3,$acc11,8,16,23 - or $s0,$s0,$acc12 - or $s1,$s1,$acc13 - or $s2,$s2,$acc14 - or $s3,$s3,$acc15 - xor $s0,$s0,$t0 - xor $s1,$s1,$t1 - xor $s2,$s2,$t2 - xor $s3,$s3,$t3 - blr - .long 0 - .byte 0,12,0x14,0,0,0,0,0 - -.align 4 -Lppc_AES_encrypt_compact: - lwz $acc00,240($key) - addi $Tbl1,$Tbl0,2048 - lwz $t0,0($key) - lis $mask80,0x8080 - lwz $t1,4($key) - lis $mask1b,0x1b1b - lwz $t2,8($key) - ori $mask80,$mask80,0x8080 - lwz $t3,12($key) - ori $mask1b,$mask1b,0x1b1b - addi $key,$key,16 - mtctr $acc00 -.align 4 -Lenc_compact_loop: - xor $s0,$s0,$t0 - xor $s1,$s1,$t1 - rlwinm $acc00,$s0,`32-24`,24,31 - xor $s2,$s2,$t2 - rlwinm $acc01,$s1,`32-24`,24,31 - xor $s3,$s3,$t3 - rlwinm $acc02,$s2,`32-24`,24,31 - rlwinm $acc03,$s3,`32-24`,24,31 - rlwinm $acc04,$s1,`32-16`,24,31 - rlwinm $acc05,$s2,`32-16`,24,31 - rlwinm $acc06,$s3,`32-16`,24,31 - rlwinm $acc07,$s0,`32-16`,24,31 - lbzx $acc00,$Tbl1,$acc00 - rlwinm $acc08,$s2,`32-8`,24,31 - lbzx $acc01,$Tbl1,$acc01 - rlwinm $acc09,$s3,`32-8`,24,31 - lbzx $acc02,$Tbl1,$acc02 - rlwinm $acc10,$s0,`32-8`,24,31 - lbzx $acc03,$Tbl1,$acc03 - rlwinm $acc11,$s1,`32-8`,24,31 - lbzx $acc04,$Tbl1,$acc04 - rlwinm $acc12,$s3,`0`,24,31 - lbzx $acc05,$Tbl1,$acc05 - rlwinm $acc13,$s0,`0`,24,31 - lbzx $acc06,$Tbl1,$acc06 - rlwinm $acc14,$s1,`0`,24,31 - lbzx $acc07,$Tbl1,$acc07 - rlwinm $acc15,$s2,`0`,24,31 - lbzx $acc08,$Tbl1,$acc08 - rlwinm $s0,$acc00,24,0,7 - lbzx $acc09,$Tbl1,$acc09 - rlwinm $s1,$acc01,24,0,7 - lbzx $acc10,$Tbl1,$acc10 - rlwinm $s2,$acc02,24,0,7 - lbzx $acc11,$Tbl1,$acc11 - rlwinm $s3,$acc03,24,0,7 - lbzx $acc12,$Tbl1,$acc12 - rlwimi $s0,$acc04,16,8,15 - lbzx $acc13,$Tbl1,$acc13 - rlwimi $s1,$acc05,16,8,15 - lbzx $acc14,$Tbl1,$acc14 - rlwimi $s2,$acc06,16,8,15 - lbzx $acc15,$Tbl1,$acc15 - rlwimi $s3,$acc07,16,8,15 - rlwimi $s0,$acc08,8,16,23 - rlwimi $s1,$acc09,8,16,23 - rlwimi $s2,$acc10,8,16,23 - rlwimi $s3,$acc11,8,16,23 - lwz $t0,0($key) - or $s0,$s0,$acc12 - lwz $t1,4($key) - or $s1,$s1,$acc13 - lwz $t2,8($key) - or $s2,$s2,$acc14 - lwz $t3,12($key) - or $s3,$s3,$acc15 - - addi $key,$key,16 - bdz Lenc_compact_done - - and $acc00,$s0,$mask80 # r1=r0&0x80808080 - and $acc01,$s1,$mask80 - and $acc02,$s2,$mask80 - and $acc03,$s3,$mask80 - srwi $acc04,$acc00,7 # r1>>7 - andc $acc08,$s0,$mask80 # r0&0x7f7f7f7f - srwi $acc05,$acc01,7 - andc $acc09,$s1,$mask80 - srwi $acc06,$acc02,7 - andc $acc10,$s2,$mask80 - srwi $acc07,$acc03,7 - andc $acc11,$s3,$mask80 - sub $acc00,$acc00,$acc04 # r1-(r1>>7) - sub $acc01,$acc01,$acc05 - sub $acc02,$acc02,$acc06 - sub $acc03,$acc03,$acc07 - add $acc08,$acc08,$acc08 # (r0&0x7f7f7f7f)<<1 - add $acc09,$acc09,$acc09 - add $acc10,$acc10,$acc10 - add $acc11,$acc11,$acc11 - and $acc00,$acc00,$mask1b # (r1-(r1>>7))&0x1b1b1b1b - and $acc01,$acc01,$mask1b - and $acc02,$acc02,$mask1b - and $acc03,$acc03,$mask1b - xor $acc00,$acc00,$acc08 # r2 - xor $acc01,$acc01,$acc09 - rotlwi $acc12,$s0,16 # ROTATE(r0,16) - xor $acc02,$acc02,$acc10 - rotlwi $acc13,$s1,16 - xor $acc03,$acc03,$acc11 - rotlwi $acc14,$s2,16 - - xor $s0,$s0,$acc00 # r0^r2 - rotlwi $acc15,$s3,16 - xor $s1,$s1,$acc01 - rotrwi $s0,$s0,24 # ROTATE(r2^r0,24) - xor $s2,$s2,$acc02 - rotrwi $s1,$s1,24 - xor $s3,$s3,$acc03 - rotrwi $s2,$s2,24 - xor $s0,$s0,$acc00 # ROTATE(r2^r0,24)^r2 - rotrwi $s3,$s3,24 - xor $s1,$s1,$acc01 - xor $s2,$s2,$acc02 - xor $s3,$s3,$acc03 - rotlwi $acc08,$acc12,8 # ROTATE(r0,24) - xor $s0,$s0,$acc12 # - rotlwi $acc09,$acc13,8 - xor $s1,$s1,$acc13 - rotlwi $acc10,$acc14,8 - xor $s2,$s2,$acc14 - rotlwi $acc11,$acc15,8 - xor $s3,$s3,$acc15 - xor $s0,$s0,$acc08 # - xor $s1,$s1,$acc09 - xor $s2,$s2,$acc10 - xor $s3,$s3,$acc11 - - b Lenc_compact_loop -.align 4 -Lenc_compact_done: - xor $s0,$s0,$t0 - xor $s1,$s1,$t1 - xor $s2,$s2,$t2 - xor $s3,$s3,$t3 - blr - .long 0 - .byte 0,12,0x14,0,0,0,0,0 -.size .AES_encrypt,.-.AES_encrypt - -.globl .AES_decrypt -.align 7 -.AES_decrypt: - $STU $sp,-$FRAME($sp) - mflr r0 - - $PUSH $out,`$FRAME-$SIZE_T*19`($sp) - $PUSH r14,`$FRAME-$SIZE_T*18`($sp) - $PUSH r15,`$FRAME-$SIZE_T*17`($sp) - $PUSH r16,`$FRAME-$SIZE_T*16`($sp) - $PUSH r17,`$FRAME-$SIZE_T*15`($sp) - $PUSH r18,`$FRAME-$SIZE_T*14`($sp) - $PUSH r19,`$FRAME-$SIZE_T*13`($sp) - $PUSH r20,`$FRAME-$SIZE_T*12`($sp) - $PUSH r21,`$FRAME-$SIZE_T*11`($sp) - $PUSH r22,`$FRAME-$SIZE_T*10`($sp) - $PUSH r23,`$FRAME-$SIZE_T*9`($sp) - $PUSH r24,`$FRAME-$SIZE_T*8`($sp) - $PUSH r25,`$FRAME-$SIZE_T*7`($sp) - $PUSH r26,`$FRAME-$SIZE_T*6`($sp) - $PUSH r27,`$FRAME-$SIZE_T*5`($sp) - $PUSH r28,`$FRAME-$SIZE_T*4`($sp) - $PUSH r29,`$FRAME-$SIZE_T*3`($sp) - $PUSH r30,`$FRAME-$SIZE_T*2`($sp) - $PUSH r31,`$FRAME-$SIZE_T*1`($sp) - $PUSH r0,`$FRAME+$LRSAVE`($sp) - - andi. $t0,$inp,3 - andi. $t1,$out,3 - or. $t0,$t0,$t1 - bne Ldec_unaligned - -Ldec_unaligned_ok: -___ -$code.=<<___ if (!$LITTLE_ENDIAN); - lwz $s0,0($inp) - lwz $s1,4($inp) - lwz $s2,8($inp) - lwz $s3,12($inp) -___ -$code.=<<___ if ($LITTLE_ENDIAN); - lwz $t0,0($inp) - lwz $t1,4($inp) - lwz $t2,8($inp) - lwz $t3,12($inp) - rotlwi $s0,$t0,8 - rotlwi $s1,$t1,8 - rotlwi $s2,$t2,8 - rotlwi $s3,$t3,8 - rlwimi $s0,$t0,24,0,7 - rlwimi $s1,$t1,24,0,7 - rlwimi $s2,$t2,24,0,7 - rlwimi $s3,$t3,24,0,7 - rlwimi $s0,$t0,24,16,23 - rlwimi $s1,$t1,24,16,23 - rlwimi $s2,$t2,24,16,23 - rlwimi $s3,$t3,24,16,23 -___ -$code.=<<___; - bl LAES_Td - bl Lppc_AES_decrypt_compact - $POP $out,`$FRAME-$SIZE_T*19`($sp) -___ -$code.=<<___ if ($LITTLE_ENDIAN); - rotlwi $t0,$s0,8 - rotlwi $t1,$s1,8 - rotlwi $t2,$s2,8 - rotlwi $t3,$s3,8 - rlwimi $t0,$s0,24,0,7 - rlwimi $t1,$s1,24,0,7 - rlwimi $t2,$s2,24,0,7 - rlwimi $t3,$s3,24,0,7 - rlwimi $t0,$s0,24,16,23 - rlwimi $t1,$s1,24,16,23 - rlwimi $t2,$s2,24,16,23 - rlwimi $t3,$s3,24,16,23 - stw $t0,0($out) - stw $t1,4($out) - stw $t2,8($out) - stw $t3,12($out) -___ -$code.=<<___ if (!$LITTLE_ENDIAN); - stw $s0,0($out) - stw $s1,4($out) - stw $s2,8($out) - stw $s3,12($out) -___ -$code.=<<___; - b Ldec_done - -Ldec_unaligned: - subfic $t0,$inp,4096 - subfic $t1,$out,4096 - andi. $t0,$t0,4096-16 - beq Ldec_xpage - andi. $t1,$t1,4096-16 - bne Ldec_unaligned_ok - -Ldec_xpage: - lbz $acc00,0($inp) - lbz $acc01,1($inp) - lbz $acc02,2($inp) - lbz $s0,3($inp) - lbz $acc04,4($inp) - lbz $acc05,5($inp) - lbz $acc06,6($inp) - lbz $s1,7($inp) - lbz $acc08,8($inp) - lbz $acc09,9($inp) - lbz $acc10,10($inp) - insrwi $s0,$acc00,8,0 - lbz $s2,11($inp) - insrwi $s1,$acc04,8,0 - lbz $acc12,12($inp) - insrwi $s0,$acc01,8,8 - lbz $acc13,13($inp) - insrwi $s1,$acc05,8,8 - lbz $acc14,14($inp) - insrwi $s0,$acc02,8,16 - lbz $s3,15($inp) - insrwi $s1,$acc06,8,16 - insrwi $s2,$acc08,8,0 - insrwi $s3,$acc12,8,0 - insrwi $s2,$acc09,8,8 - insrwi $s3,$acc13,8,8 - insrwi $s2,$acc10,8,16 - insrwi $s3,$acc14,8,16 - - bl LAES_Td - bl Lppc_AES_decrypt_compact - $POP $out,`$FRAME-$SIZE_T*19`($sp) - - extrwi $acc00,$s0,8,0 - extrwi $acc01,$s0,8,8 - stb $acc00,0($out) - extrwi $acc02,$s0,8,16 - stb $acc01,1($out) - stb $acc02,2($out) - extrwi $acc04,$s1,8,0 - stb $s0,3($out) - extrwi $acc05,$s1,8,8 - stb $acc04,4($out) - extrwi $acc06,$s1,8,16 - stb $acc05,5($out) - stb $acc06,6($out) - extrwi $acc08,$s2,8,0 - stb $s1,7($out) - extrwi $acc09,$s2,8,8 - stb $acc08,8($out) - extrwi $acc10,$s2,8,16 - stb $acc09,9($out) - stb $acc10,10($out) - extrwi $acc12,$s3,8,0 - stb $s2,11($out) - extrwi $acc13,$s3,8,8 - stb $acc12,12($out) - extrwi $acc14,$s3,8,16 - stb $acc13,13($out) - stb $acc14,14($out) - stb $s3,15($out) - -Ldec_done: - $POP r0,`$FRAME+$LRSAVE`($sp) - $POP r14,`$FRAME-$SIZE_T*18`($sp) - $POP r15,`$FRAME-$SIZE_T*17`($sp) - $POP r16,`$FRAME-$SIZE_T*16`($sp) - $POP r17,`$FRAME-$SIZE_T*15`($sp) - $POP r18,`$FRAME-$SIZE_T*14`($sp) - $POP r19,`$FRAME-$SIZE_T*13`($sp) - $POP r20,`$FRAME-$SIZE_T*12`($sp) - $POP r21,`$FRAME-$SIZE_T*11`($sp) - $POP r22,`$FRAME-$SIZE_T*10`($sp) - $POP r23,`$FRAME-$SIZE_T*9`($sp) - $POP r24,`$FRAME-$SIZE_T*8`($sp) - $POP r25,`$FRAME-$SIZE_T*7`($sp) - $POP r26,`$FRAME-$SIZE_T*6`($sp) - $POP r27,`$FRAME-$SIZE_T*5`($sp) - $POP r28,`$FRAME-$SIZE_T*4`($sp) - $POP r29,`$FRAME-$SIZE_T*3`($sp) - $POP r30,`$FRAME-$SIZE_T*2`($sp) - $POP r31,`$FRAME-$SIZE_T*1`($sp) - mtlr r0 - addi $sp,$sp,$FRAME - blr - .long 0 - .byte 0,12,4,1,0x80,18,3,0 - .long 0 - -.align 5 -Lppc_AES_decrypt: - lwz $acc00,240($key) - addi $Tbl1,$Tbl0,3 - lwz $t0,0($key) - addi $Tbl2,$Tbl0,2 - lwz $t1,4($key) - addi $Tbl3,$Tbl0,1 - lwz $t2,8($key) - addi $acc00,$acc00,-1 - lwz $t3,12($key) - addi $key,$key,16 - xor $s0,$s0,$t0 - xor $s1,$s1,$t1 - xor $s2,$s2,$t2 - xor $s3,$s3,$t3 - mtctr $acc00 -.align 4 -Ldec_loop: - rlwinm $acc00,$s0,`32-24+3`,21,28 - rlwinm $acc01,$s1,`32-24+3`,21,28 - rlwinm $acc02,$s2,`32-24+3`,21,28 - rlwinm $acc03,$s3,`32-24+3`,21,28 - lwz $t0,0($key) - rlwinm $acc04,$s3,`32-16+3`,21,28 - lwz $t1,4($key) - rlwinm $acc05,$s0,`32-16+3`,21,28 - lwz $t2,8($key) - rlwinm $acc06,$s1,`32-16+3`,21,28 - lwz $t3,12($key) - rlwinm $acc07,$s2,`32-16+3`,21,28 - lwzx $acc00,$Tbl0,$acc00 - rlwinm $acc08,$s2,`32-8+3`,21,28 - lwzx $acc01,$Tbl0,$acc01 - rlwinm $acc09,$s3,`32-8+3`,21,28 - lwzx $acc02,$Tbl0,$acc02 - rlwinm $acc10,$s0,`32-8+3`,21,28 - lwzx $acc03,$Tbl0,$acc03 - rlwinm $acc11,$s1,`32-8+3`,21,28 - lwzx $acc04,$Tbl1,$acc04 - rlwinm $acc12,$s1,`0+3`,21,28 - lwzx $acc05,$Tbl1,$acc05 - rlwinm $acc13,$s2,`0+3`,21,28 - lwzx $acc06,$Tbl1,$acc06 - rlwinm $acc14,$s3,`0+3`,21,28 - lwzx $acc07,$Tbl1,$acc07 - rlwinm $acc15,$s0,`0+3`,21,28 - lwzx $acc08,$Tbl2,$acc08 - xor $t0,$t0,$acc00 - lwzx $acc09,$Tbl2,$acc09 - xor $t1,$t1,$acc01 - lwzx $acc10,$Tbl2,$acc10 - xor $t2,$t2,$acc02 - lwzx $acc11,$Tbl2,$acc11 - xor $t3,$t3,$acc03 - lwzx $acc12,$Tbl3,$acc12 - xor $t0,$t0,$acc04 - lwzx $acc13,$Tbl3,$acc13 - xor $t1,$t1,$acc05 - lwzx $acc14,$Tbl3,$acc14 - xor $t2,$t2,$acc06 - lwzx $acc15,$Tbl3,$acc15 - xor $t3,$t3,$acc07 - xor $t0,$t0,$acc08 - xor $t1,$t1,$acc09 - xor $t2,$t2,$acc10 - xor $t3,$t3,$acc11 - xor $s0,$t0,$acc12 - xor $s1,$t1,$acc13 - xor $s2,$t2,$acc14 - xor $s3,$t3,$acc15 - addi $key,$key,16 - bdnz Ldec_loop - - addi $Tbl2,$Tbl0,2048 - nop - lwz $t0,0($key) - rlwinm $acc00,$s0,`32-24`,24,31 - lwz $t1,4($key) - rlwinm $acc01,$s1,`32-24`,24,31 - lwz $t2,8($key) - rlwinm $acc02,$s2,`32-24`,24,31 - lwz $t3,12($key) - rlwinm $acc03,$s3,`32-24`,24,31 - lwz $acc08,`2048+0`($Tbl0) ! prefetch Td4 - rlwinm $acc04,$s3,`32-16`,24,31 - lwz $acc09,`2048+32`($Tbl0) - rlwinm $acc05,$s0,`32-16`,24,31 - lwz $acc10,`2048+64`($Tbl0) - lbzx $acc00,$Tbl2,$acc00 - lwz $acc11,`2048+96`($Tbl0) - lbzx $acc01,$Tbl2,$acc01 - lwz $acc12,`2048+128`($Tbl0) - rlwinm $acc06,$s1,`32-16`,24,31 - lwz $acc13,`2048+160`($Tbl0) - rlwinm $acc07,$s2,`32-16`,24,31 - lwz $acc14,`2048+192`($Tbl0) - rlwinm $acc08,$s2,`32-8`,24,31 - lwz $acc15,`2048+224`($Tbl0) - rlwinm $acc09,$s3,`32-8`,24,31 - lbzx $acc02,$Tbl2,$acc02 - rlwinm $acc10,$s0,`32-8`,24,31 - lbzx $acc03,$Tbl2,$acc03 - rlwinm $acc11,$s1,`32-8`,24,31 - lbzx $acc04,$Tbl2,$acc04 - rlwinm $acc12,$s1,`0`,24,31 - lbzx $acc05,$Tbl2,$acc05 - rlwinm $acc13,$s2,`0`,24,31 - lbzx $acc06,$Tbl2,$acc06 - rlwinm $acc14,$s3,`0`,24,31 - lbzx $acc07,$Tbl2,$acc07 - rlwinm $acc15,$s0,`0`,24,31 - lbzx $acc08,$Tbl2,$acc08 - rlwinm $s0,$acc00,24,0,7 - lbzx $acc09,$Tbl2,$acc09 - rlwinm $s1,$acc01,24,0,7 - lbzx $acc10,$Tbl2,$acc10 - rlwinm $s2,$acc02,24,0,7 - lbzx $acc11,$Tbl2,$acc11 - rlwinm $s3,$acc03,24,0,7 - lbzx $acc12,$Tbl2,$acc12 - rlwimi $s0,$acc04,16,8,15 - lbzx $acc13,$Tbl2,$acc13 - rlwimi $s1,$acc05,16,8,15 - lbzx $acc14,$Tbl2,$acc14 - rlwimi $s2,$acc06,16,8,15 - lbzx $acc15,$Tbl2,$acc15 - rlwimi $s3,$acc07,16,8,15 - rlwimi $s0,$acc08,8,16,23 - rlwimi $s1,$acc09,8,16,23 - rlwimi $s2,$acc10,8,16,23 - rlwimi $s3,$acc11,8,16,23 - or $s0,$s0,$acc12 - or $s1,$s1,$acc13 - or $s2,$s2,$acc14 - or $s3,$s3,$acc15 - xor $s0,$s0,$t0 - xor $s1,$s1,$t1 - xor $s2,$s2,$t2 - xor $s3,$s3,$t3 - blr - .long 0 - .byte 0,12,0x14,0,0,0,0,0 - -.align 4 -Lppc_AES_decrypt_compact: - lwz $acc00,240($key) - addi $Tbl1,$Tbl0,2048 - lwz $t0,0($key) - lis $mask80,0x8080 - lwz $t1,4($key) - lis $mask1b,0x1b1b - lwz $t2,8($key) - ori $mask80,$mask80,0x8080 - lwz $t3,12($key) - ori $mask1b,$mask1b,0x1b1b - addi $key,$key,16 -___ -$code.=<<___ if ($SIZE_T==8); - insrdi $mask80,$mask80,32,0 - insrdi $mask1b,$mask1b,32,0 -___ -$code.=<<___; - mtctr $acc00 -.align 4 -Ldec_compact_loop: - xor $s0,$s0,$t0 - xor $s1,$s1,$t1 - rlwinm $acc00,$s0,`32-24`,24,31 - xor $s2,$s2,$t2 - rlwinm $acc01,$s1,`32-24`,24,31 - xor $s3,$s3,$t3 - rlwinm $acc02,$s2,`32-24`,24,31 - rlwinm $acc03,$s3,`32-24`,24,31 - rlwinm $acc04,$s3,`32-16`,24,31 - rlwinm $acc05,$s0,`32-16`,24,31 - rlwinm $acc06,$s1,`32-16`,24,31 - rlwinm $acc07,$s2,`32-16`,24,31 - lbzx $acc00,$Tbl1,$acc00 - rlwinm $acc08,$s2,`32-8`,24,31 - lbzx $acc01,$Tbl1,$acc01 - rlwinm $acc09,$s3,`32-8`,24,31 - lbzx $acc02,$Tbl1,$acc02 - rlwinm $acc10,$s0,`32-8`,24,31 - lbzx $acc03,$Tbl1,$acc03 - rlwinm $acc11,$s1,`32-8`,24,31 - lbzx $acc04,$Tbl1,$acc04 - rlwinm $acc12,$s1,`0`,24,31 - lbzx $acc05,$Tbl1,$acc05 - rlwinm $acc13,$s2,`0`,24,31 - lbzx $acc06,$Tbl1,$acc06 - rlwinm $acc14,$s3,`0`,24,31 - lbzx $acc07,$Tbl1,$acc07 - rlwinm $acc15,$s0,`0`,24,31 - lbzx $acc08,$Tbl1,$acc08 - rlwinm $s0,$acc00,24,0,7 - lbzx $acc09,$Tbl1,$acc09 - rlwinm $s1,$acc01,24,0,7 - lbzx $acc10,$Tbl1,$acc10 - rlwinm $s2,$acc02,24,0,7 - lbzx $acc11,$Tbl1,$acc11 - rlwinm $s3,$acc03,24,0,7 - lbzx $acc12,$Tbl1,$acc12 - rlwimi $s0,$acc04,16,8,15 - lbzx $acc13,$Tbl1,$acc13 - rlwimi $s1,$acc05,16,8,15 - lbzx $acc14,$Tbl1,$acc14 - rlwimi $s2,$acc06,16,8,15 - lbzx $acc15,$Tbl1,$acc15 - rlwimi $s3,$acc07,16,8,15 - rlwimi $s0,$acc08,8,16,23 - rlwimi $s1,$acc09,8,16,23 - rlwimi $s2,$acc10,8,16,23 - rlwimi $s3,$acc11,8,16,23 - lwz $t0,0($key) - or $s0,$s0,$acc12 - lwz $t1,4($key) - or $s1,$s1,$acc13 - lwz $t2,8($key) - or $s2,$s2,$acc14 - lwz $t3,12($key) - or $s3,$s3,$acc15 - - addi $key,$key,16 - bdz Ldec_compact_done -___ -$code.=<<___ if ($SIZE_T==8); - # vectorized permutation improves decrypt performance by 10% - insrdi $s0,$s1,32,0 - insrdi $s2,$s3,32,0 - - and $acc00,$s0,$mask80 # r1=r0&0x80808080 - and $acc02,$s2,$mask80 - srdi $acc04,$acc00,7 # r1>>7 - srdi $acc06,$acc02,7 - andc $acc08,$s0,$mask80 # r0&0x7f7f7f7f - andc $acc10,$s2,$mask80 - sub $acc00,$acc00,$acc04 # r1-(r1>>7) - sub $acc02,$acc02,$acc06 - add $acc08,$acc08,$acc08 # (r0&0x7f7f7f7f)<<1 - add $acc10,$acc10,$acc10 - and $acc00,$acc00,$mask1b # (r1-(r1>>7))&0x1b1b1b1b - and $acc02,$acc02,$mask1b - xor $acc00,$acc00,$acc08 # r2 - xor $acc02,$acc02,$acc10 - - and $acc04,$acc00,$mask80 # r1=r2&0x80808080 - and $acc06,$acc02,$mask80 - srdi $acc08,$acc04,7 # r1>>7 - srdi $acc10,$acc06,7 - andc $acc12,$acc00,$mask80 # r2&0x7f7f7f7f - andc $acc14,$acc02,$mask80 - sub $acc04,$acc04,$acc08 # r1-(r1>>7) - sub $acc06,$acc06,$acc10 - add $acc12,$acc12,$acc12 # (r2&0x7f7f7f7f)<<1 - add $acc14,$acc14,$acc14 - and $acc04,$acc04,$mask1b # (r1-(r1>>7))&0x1b1b1b1b - and $acc06,$acc06,$mask1b - xor $acc04,$acc04,$acc12 # r4 - xor $acc06,$acc06,$acc14 - - and $acc08,$acc04,$mask80 # r1=r4&0x80808080 - and $acc10,$acc06,$mask80 - srdi $acc12,$acc08,7 # r1>>7 - srdi $acc14,$acc10,7 - sub $acc08,$acc08,$acc12 # r1-(r1>>7) - sub $acc10,$acc10,$acc14 - andc $acc12,$acc04,$mask80 # r4&0x7f7f7f7f - andc $acc14,$acc06,$mask80 - add $acc12,$acc12,$acc12 # (r4&0x7f7f7f7f)<<1 - add $acc14,$acc14,$acc14 - and $acc08,$acc08,$mask1b # (r1-(r1>>7))&0x1b1b1b1b - and $acc10,$acc10,$mask1b - xor $acc08,$acc08,$acc12 # r8 - xor $acc10,$acc10,$acc14 - - xor $acc00,$acc00,$s0 # r2^r0 - xor $acc02,$acc02,$s2 - xor $acc04,$acc04,$s0 # r4^r0 - xor $acc06,$acc06,$s2 - - extrdi $acc01,$acc00,32,0 - extrdi $acc03,$acc02,32,0 - extrdi $acc05,$acc04,32,0 - extrdi $acc07,$acc06,32,0 - extrdi $acc09,$acc08,32,0 - extrdi $acc11,$acc10,32,0 -___ -$code.=<<___ if ($SIZE_T==4); - and $acc00,$s0,$mask80 # r1=r0&0x80808080 - and $acc01,$s1,$mask80 - and $acc02,$s2,$mask80 - and $acc03,$s3,$mask80 - srwi $acc04,$acc00,7 # r1>>7 - andc $acc08,$s0,$mask80 # r0&0x7f7f7f7f - srwi $acc05,$acc01,7 - andc $acc09,$s1,$mask80 - srwi $acc06,$acc02,7 - andc $acc10,$s2,$mask80 - srwi $acc07,$acc03,7 - andc $acc11,$s3,$mask80 - sub $acc00,$acc00,$acc04 # r1-(r1>>7) - sub $acc01,$acc01,$acc05 - sub $acc02,$acc02,$acc06 - sub $acc03,$acc03,$acc07 - add $acc08,$acc08,$acc08 # (r0&0x7f7f7f7f)<<1 - add $acc09,$acc09,$acc09 - add $acc10,$acc10,$acc10 - add $acc11,$acc11,$acc11 - and $acc00,$acc00,$mask1b # (r1-(r1>>7))&0x1b1b1b1b - and $acc01,$acc01,$mask1b - and $acc02,$acc02,$mask1b - and $acc03,$acc03,$mask1b - xor $acc00,$acc00,$acc08 # r2 - xor $acc01,$acc01,$acc09 - xor $acc02,$acc02,$acc10 - xor $acc03,$acc03,$acc11 - - and $acc04,$acc00,$mask80 # r1=r2&0x80808080 - and $acc05,$acc01,$mask80 - and $acc06,$acc02,$mask80 - and $acc07,$acc03,$mask80 - srwi $acc08,$acc04,7 # r1>>7 - andc $acc12,$acc00,$mask80 # r2&0x7f7f7f7f - srwi $acc09,$acc05,7 - andc $acc13,$acc01,$mask80 - srwi $acc10,$acc06,7 - andc $acc14,$acc02,$mask80 - srwi $acc11,$acc07,7 - andc $acc15,$acc03,$mask80 - sub $acc04,$acc04,$acc08 # r1-(r1>>7) - sub $acc05,$acc05,$acc09 - sub $acc06,$acc06,$acc10 - sub $acc07,$acc07,$acc11 - add $acc12,$acc12,$acc12 # (r2&0x7f7f7f7f)<<1 - add $acc13,$acc13,$acc13 - add $acc14,$acc14,$acc14 - add $acc15,$acc15,$acc15 - and $acc04,$acc04,$mask1b # (r1-(r1>>7))&0x1b1b1b1b - and $acc05,$acc05,$mask1b - and $acc06,$acc06,$mask1b - and $acc07,$acc07,$mask1b - xor $acc04,$acc04,$acc12 # r4 - xor $acc05,$acc05,$acc13 - xor $acc06,$acc06,$acc14 - xor $acc07,$acc07,$acc15 - - and $acc08,$acc04,$mask80 # r1=r4&0x80808080 - and $acc09,$acc05,$mask80 - srwi $acc12,$acc08,7 # r1>>7 - and $acc10,$acc06,$mask80 - srwi $acc13,$acc09,7 - and $acc11,$acc07,$mask80 - srwi $acc14,$acc10,7 - sub $acc08,$acc08,$acc12 # r1-(r1>>7) - srwi $acc15,$acc11,7 - sub $acc09,$acc09,$acc13 - sub $acc10,$acc10,$acc14 - sub $acc11,$acc11,$acc15 - andc $acc12,$acc04,$mask80 # r4&0x7f7f7f7f - andc $acc13,$acc05,$mask80 - andc $acc14,$acc06,$mask80 - andc $acc15,$acc07,$mask80 - add $acc12,$acc12,$acc12 # (r4&0x7f7f7f7f)<<1 - add $acc13,$acc13,$acc13 - add $acc14,$acc14,$acc14 - add $acc15,$acc15,$acc15 - and $acc08,$acc08,$mask1b # (r1-(r1>>7))&0x1b1b1b1b - and $acc09,$acc09,$mask1b - and $acc10,$acc10,$mask1b - and $acc11,$acc11,$mask1b - xor $acc08,$acc08,$acc12 # r8 - xor $acc09,$acc09,$acc13 - xor $acc10,$acc10,$acc14 - xor $acc11,$acc11,$acc15 - - xor $acc00,$acc00,$s0 # r2^r0 - xor $acc01,$acc01,$s1 - xor $acc02,$acc02,$s2 - xor $acc03,$acc03,$s3 - xor $acc04,$acc04,$s0 # r4^r0 - xor $acc05,$acc05,$s1 - xor $acc06,$acc06,$s2 - xor $acc07,$acc07,$s3 -___ -$code.=<<___; - rotrwi $s0,$s0,8 # = ROTATE(r0,8) - rotrwi $s1,$s1,8 - xor $s0,$s0,$acc00 # ^= r2^r0 - rotrwi $s2,$s2,8 - xor $s1,$s1,$acc01 - rotrwi $s3,$s3,8 - xor $s2,$s2,$acc02 - xor $s3,$s3,$acc03 - xor $acc00,$acc00,$acc08 - xor $acc01,$acc01,$acc09 - xor $acc02,$acc02,$acc10 - xor $acc03,$acc03,$acc11 - xor $s0,$s0,$acc04 # ^= r4^r0 - rotrwi $acc00,$acc00,24 - xor $s1,$s1,$acc05 - rotrwi $acc01,$acc01,24 - xor $s2,$s2,$acc06 - rotrwi $acc02,$acc02,24 - xor $s3,$s3,$acc07 - rotrwi $acc03,$acc03,24 - xor $acc04,$acc04,$acc08 - xor $acc05,$acc05,$acc09 - xor $acc06,$acc06,$acc10 - xor $acc07,$acc07,$acc11 - xor $s0,$s0,$acc08 # ^= r8 [^((r4^r0)^(r2^r0)=r4^r2)] - rotrwi $acc04,$acc04,16 - xor $s1,$s1,$acc09 - rotrwi $acc05,$acc05,16 - xor $s2,$s2,$acc10 - rotrwi $acc06,$acc06,16 - xor $s3,$s3,$acc11 - rotrwi $acc07,$acc07,16 - xor $s0,$s0,$acc00 # ^= ROTATE(r8^r2^r0,24) - rotrwi $acc08,$acc08,8 - xor $s1,$s1,$acc01 - rotrwi $acc09,$acc09,8 - xor $s2,$s2,$acc02 - rotrwi $acc10,$acc10,8 - xor $s3,$s3,$acc03 - rotrwi $acc11,$acc11,8 - xor $s0,$s0,$acc04 # ^= ROTATE(r8^r4^r0,16) - xor $s1,$s1,$acc05 - xor $s2,$s2,$acc06 - xor $s3,$s3,$acc07 - xor $s0,$s0,$acc08 # ^= ROTATE(r8,8) - xor $s1,$s1,$acc09 - xor $s2,$s2,$acc10 - xor $s3,$s3,$acc11 - - b Ldec_compact_loop -.align 4 -Ldec_compact_done: - xor $s0,$s0,$t0 - xor $s1,$s1,$t1 - xor $s2,$s2,$t2 - xor $s3,$s3,$t3 - blr - .long 0 - .byte 0,12,0x14,0,0,0,0,0 -.size .AES_decrypt,.-.AES_decrypt - -.asciz "AES for PPC, CRYPTOGAMS by " -.align 7 -___ - -$code =~ s/\`([^\`]*)\`/eval $1/gem; -print $code; -close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/aes/asm/aes-s390x.pl b/crypto/aes/asm/aes-s390x.pl deleted file mode 100644 index 5d1283f5769029364811a507d976ad14de27e36f..0000000000000000000000000000000000000000 --- a/crypto/aes/asm/aes-s390x.pl +++ /dev/null @@ -1,2284 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - - -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# ==================================================================== - -# AES for s390x. - -# April 2007. -# -# Software performance improvement over gcc-generated code is ~70% and -# in absolute terms is ~73 cycles per byte processed with 128-bit key. -# You're likely to exclaim "why so slow?" Keep in mind that z-CPUs are -# *strictly* in-order execution and issued instruction [in this case -# load value from memory is critical] has to complete before execution -# flow proceeds. S-boxes are compressed to 2KB[+256B]. -# -# As for hardware acceleration support. It's basically a "teaser," as -# it can and should be improved in several ways. Most notably support -# for CBC is not utilized, nor multiple blocks are ever processed. -# Then software key schedule can be postponed till hardware support -# detection... Performance improvement over assembler is reportedly -# ~2.5x, but can reach >8x [naturally on larger chunks] if proper -# support is implemented. - -# May 2007. -# -# Implement AES_set_[en|de]crypt_key. Key schedule setup is avoided -# for 128-bit keys, if hardware support is detected. - -# January 2009. -# -# Add support for hardware AES192/256 and reschedule instructions to -# minimize/avoid Address Generation Interlock hazard and to favour -# dual-issue z10 pipeline. This gave ~25% improvement on z10 and -# almost 50% on z9. The gain is smaller on z10, because being dual- -# issue z10 makes it impossible to eliminate the interlock condition: -# critical path is not long enough. Yet it spends ~24 cycles per byte -# processed with 128-bit key. -# -# Unlike previous version hardware support detection takes place only -# at the moment of key schedule setup, which is denoted in key->rounds. -# This is done, because deferred key setup can't be made MT-safe, not -# for keys longer than 128 bits. -# -# Add AES_cbc_encrypt, which gives incredible performance improvement, -# it was measured to be ~6.6x. It's less than previously mentioned 8x, -# because software implementation was optimized. - -# May 2010. -# -# Add AES_ctr32_encrypt. If hardware-assisted, it provides up to 4.3x -# performance improvement over "generic" counter mode routine relying -# on single-block, also hardware-assisted, AES_encrypt. "Up to" refers -# to the fact that exact throughput value depends on current stack -# frame alignment within 4KB page. In worst case you get ~75% of the -# maximum, but *on average* it would be as much as ~98%. Meaning that -# worst case is unlike, it's like hitting ravine on plateau. - -# November 2010. -# -# Adapt for -m31 build. If kernel supports what's called "highgprs" -# feature on Linux [see /proc/cpuinfo], it's possible to use 64-bit -# instructions and achieve "64-bit" performance even in 31-bit legacy -# application context. The feature is not specific to any particular -# processor, as long as it's "z-CPU". Latter implies that the code -# remains z/Architecture specific. On z990 it was measured to perform -# 2x better than code generated by gcc 4.3. - -# December 2010. -# -# Add support for z196 "cipher message with counter" instruction. -# Note however that it's disengaged, because it was measured to -# perform ~12% worse than vanilla km-based code... - -# February 2011. -# -# Add AES_xts_[en|de]crypt. This includes support for z196 km-xts-aes -# instructions, which deliver ~70% improvement at 8KB block size over -# vanilla km-based code, 37% - at most like 512-bytes block size. - -# $output is the last argument if it looks like a file (it has an extension) -# $flavour is the first argument if it doesn't look like a file -$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; -$flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef; - -if ($flavour =~ /3[12]/) { - $SIZE_T=4; - $g=""; -} else { - $SIZE_T=8; - $g="g"; -} - -$output and open STDOUT,">$output"; - -$softonly=0; # allow hardware support - -$t0="%r0"; $mask="%r0"; -$t1="%r1"; -$t2="%r2"; $inp="%r2"; -$t3="%r3"; $out="%r3"; $bits="%r3"; -$key="%r4"; -$i1="%r5"; -$i2="%r6"; -$i3="%r7"; -$s0="%r8"; -$s1="%r9"; -$s2="%r10"; -$s3="%r11"; -$tbl="%r12"; -$rounds="%r13"; -$ra="%r14"; -$sp="%r15"; - -$stdframe=16*$SIZE_T+4*8; - -sub _data_word() -{ my $i; - while(defined($i=shift)) { $code.=sprintf".long\t0x%08x,0x%08x\n",$i,$i; } -} - -$code=<<___; -#include "s390x_arch.h" - -.text - -.type AES_Te,\@object -.align 256 -AES_Te: -___ -&_data_word( - 0xc66363a5, 0xf87c7c84, 0xee777799, 0xf67b7b8d, - 0xfff2f20d, 0xd66b6bbd, 0xde6f6fb1, 0x91c5c554, - 0x60303050, 0x02010103, 0xce6767a9, 0x562b2b7d, - 0xe7fefe19, 0xb5d7d762, 0x4dababe6, 0xec76769a, - 0x8fcaca45, 0x1f82829d, 0x89c9c940, 0xfa7d7d87, - 0xeffafa15, 0xb25959eb, 0x8e4747c9, 0xfbf0f00b, - 0x41adadec, 0xb3d4d467, 0x5fa2a2fd, 0x45afafea, - 0x239c9cbf, 0x53a4a4f7, 0xe4727296, 0x9bc0c05b, - 0x75b7b7c2, 0xe1fdfd1c, 0x3d9393ae, 0x4c26266a, - 0x6c36365a, 0x7e3f3f41, 0xf5f7f702, 0x83cccc4f, - 0x6834345c, 0x51a5a5f4, 0xd1e5e534, 0xf9f1f108, - 0xe2717193, 0xabd8d873, 0x62313153, 0x2a15153f, - 0x0804040c, 0x95c7c752, 0x46232365, 0x9dc3c35e, - 0x30181828, 0x379696a1, 0x0a05050f, 0x2f9a9ab5, - 0x0e070709, 0x24121236, 0x1b80809b, 0xdfe2e23d, - 0xcdebeb26, 0x4e272769, 0x7fb2b2cd, 0xea75759f, - 0x1209091b, 0x1d83839e, 0x582c2c74, 0x341a1a2e, - 0x361b1b2d, 0xdc6e6eb2, 0xb45a5aee, 0x5ba0a0fb, - 0xa45252f6, 0x763b3b4d, 0xb7d6d661, 0x7db3b3ce, - 0x5229297b, 0xdde3e33e, 0x5e2f2f71, 0x13848497, - 0xa65353f5, 0xb9d1d168, 0x00000000, 0xc1eded2c, - 0x40202060, 0xe3fcfc1f, 0x79b1b1c8, 0xb65b5bed, - 0xd46a6abe, 0x8dcbcb46, 0x67bebed9, 0x7239394b, - 0x944a4ade, 0x984c4cd4, 0xb05858e8, 0x85cfcf4a, - 0xbbd0d06b, 0xc5efef2a, 0x4faaaae5, 0xedfbfb16, - 0x864343c5, 0x9a4d4dd7, 0x66333355, 0x11858594, - 0x8a4545cf, 0xe9f9f910, 0x04020206, 0xfe7f7f81, - 0xa05050f0, 0x783c3c44, 0x259f9fba, 0x4ba8a8e3, - 0xa25151f3, 0x5da3a3fe, 0x804040c0, 0x058f8f8a, - 0x3f9292ad, 0x219d9dbc, 0x70383848, 0xf1f5f504, - 0x63bcbcdf, 0x77b6b6c1, 0xafdada75, 0x42212163, - 0x20101030, 0xe5ffff1a, 0xfdf3f30e, 0xbfd2d26d, - 0x81cdcd4c, 0x180c0c14, 0x26131335, 0xc3ecec2f, - 0xbe5f5fe1, 0x359797a2, 0x884444cc, 0x2e171739, - 0x93c4c457, 0x55a7a7f2, 0xfc7e7e82, 0x7a3d3d47, - 0xc86464ac, 0xba5d5de7, 0x3219192b, 0xe6737395, - 0xc06060a0, 0x19818198, 0x9e4f4fd1, 0xa3dcdc7f, - 0x44222266, 0x542a2a7e, 0x3b9090ab, 0x0b888883, - 0x8c4646ca, 0xc7eeee29, 0x6bb8b8d3, 0x2814143c, - 0xa7dede79, 0xbc5e5ee2, 0x160b0b1d, 0xaddbdb76, - 0xdbe0e03b, 0x64323256, 0x743a3a4e, 0x140a0a1e, - 0x924949db, 0x0c06060a, 0x4824246c, 0xb85c5ce4, - 0x9fc2c25d, 0xbdd3d36e, 0x43acacef, 0xc46262a6, - 0x399191a8, 0x319595a4, 0xd3e4e437, 0xf279798b, - 0xd5e7e732, 0x8bc8c843, 0x6e373759, 0xda6d6db7, - 0x018d8d8c, 0xb1d5d564, 0x9c4e4ed2, 0x49a9a9e0, - 0xd86c6cb4, 0xac5656fa, 0xf3f4f407, 0xcfeaea25, - 0xca6565af, 0xf47a7a8e, 0x47aeaee9, 0x10080818, - 0x6fbabad5, 0xf0787888, 0x4a25256f, 0x5c2e2e72, - 0x381c1c24, 0x57a6a6f1, 0x73b4b4c7, 0x97c6c651, - 0xcbe8e823, 0xa1dddd7c, 0xe874749c, 0x3e1f1f21, - 0x964b4bdd, 0x61bdbddc, 0x0d8b8b86, 0x0f8a8a85, - 0xe0707090, 0x7c3e3e42, 0x71b5b5c4, 0xcc6666aa, - 0x904848d8, 0x06030305, 0xf7f6f601, 0x1c0e0e12, - 0xc26161a3, 0x6a35355f, 0xae5757f9, 0x69b9b9d0, - 0x17868691, 0x99c1c158, 0x3a1d1d27, 0x279e9eb9, - 0xd9e1e138, 0xebf8f813, 0x2b9898b3, 0x22111133, - 0xd26969bb, 0xa9d9d970, 0x078e8e89, 0x339494a7, - 0x2d9b9bb6, 0x3c1e1e22, 0x15878792, 0xc9e9e920, - 0x87cece49, 0xaa5555ff, 0x50282878, 0xa5dfdf7a, - 0x038c8c8f, 0x59a1a1f8, 0x09898980, 0x1a0d0d17, - 0x65bfbfda, 0xd7e6e631, 0x844242c6, 0xd06868b8, - 0x824141c3, 0x299999b0, 0x5a2d2d77, 0x1e0f0f11, - 0x7bb0b0cb, 0xa85454fc, 0x6dbbbbd6, 0x2c16163a); -$code.=<<___; -# Te4[256] -.byte 0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5 -.byte 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76 -.byte 0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0 -.byte 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0 -.byte 0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc -.byte 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15 -.byte 0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a -.byte 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75 -.byte 0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0 -.byte 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84 -.byte 0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b -.byte 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf -.byte 0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85 -.byte 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8 -.byte 0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5 -.byte 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2 -.byte 0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17 -.byte 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73 -.byte 0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88 -.byte 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb -.byte 0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c -.byte 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79 -.byte 0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9 -.byte 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08 -.byte 0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6 -.byte 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a -.byte 0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e -.byte 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e -.byte 0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94 -.byte 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf -.byte 0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68 -.byte 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16 -# rcon[] -.long 0x01000000, 0x02000000, 0x04000000, 0x08000000 -.long 0x10000000, 0x20000000, 0x40000000, 0x80000000 -.long 0x1B000000, 0x36000000, 0, 0, 0, 0, 0, 0 -.align 256 -.size AES_Te,.-AES_Te - -# void AES_encrypt(const unsigned char *inp, unsigned char *out, -# const AES_KEY *key) { -.globl AES_encrypt -.type AES_encrypt,\@function -AES_encrypt: -___ -$code.=<<___ if (!$softonly); - l %r0,240($key) - lhi %r1,16 - clr %r0,%r1 - jl .Lesoft - - la %r1,0($key) - #la %r2,0($inp) - la %r4,0($out) - lghi %r3,16 # single block length - .long 0xb92e0042 # km %r4,%r2 - brc 1,.-4 # can this happen? - br %r14 -.align 64 -.Lesoft: -___ -$code.=<<___; - stm${g} %r3,$ra,3*$SIZE_T($sp) - - llgf $s0,0($inp) - llgf $s1,4($inp) - llgf $s2,8($inp) - llgf $s3,12($inp) - - larl $tbl,AES_Te - bras $ra,_s390x_AES_encrypt - - l${g} $out,3*$SIZE_T($sp) - st $s0,0($out) - st $s1,4($out) - st $s2,8($out) - st $s3,12($out) - - lm${g} %r6,$ra,6*$SIZE_T($sp) - br $ra -.size AES_encrypt,.-AES_encrypt - -.type _s390x_AES_encrypt,\@function -.align 16 -_s390x_AES_encrypt: - st${g} $ra,15*$SIZE_T($sp) - x $s0,0($key) - x $s1,4($key) - x $s2,8($key) - x $s3,12($key) - l $rounds,240($key) - llill $mask,`0xff<<3` - aghi $rounds,-1 - j .Lenc_loop -.align 16 -.Lenc_loop: - sllg $t1,$s0,`0+3` - srlg $t2,$s0,`8-3` - srlg $t3,$s0,`16-3` - srl $s0,`24-3` - nr $s0,$mask - ngr $t1,$mask - nr $t2,$mask - nr $t3,$mask - - srlg $i1,$s1,`16-3` # i0 - sllg $i2,$s1,`0+3` - srlg $i3,$s1,`8-3` - srl $s1,`24-3` - nr $i1,$mask - nr $s1,$mask - ngr $i2,$mask - nr $i3,$mask - - l $s0,0($s0,$tbl) # Te0[s0>>24] - l $t1,1($t1,$tbl) # Te3[s0>>0] - l $t2,2($t2,$tbl) # Te2[s0>>8] - l $t3,3($t3,$tbl) # Te1[s0>>16] - - x $s0,3($i1,$tbl) # Te1[s1>>16] - l $s1,0($s1,$tbl) # Te0[s1>>24] - x $t2,1($i2,$tbl) # Te3[s1>>0] - x $t3,2($i3,$tbl) # Te2[s1>>8] - - srlg $i1,$s2,`8-3` # i0 - srlg $i2,$s2,`16-3` # i1 - nr $i1,$mask - nr $i2,$mask - sllg $i3,$s2,`0+3` - srl $s2,`24-3` - nr $s2,$mask - ngr $i3,$mask - - xr $s1,$t1 - srlg $ra,$s3,`8-3` # i1 - sllg $t1,$s3,`0+3` # i0 - nr $ra,$mask - la $key,16($key) - ngr $t1,$mask - - x $s0,2($i1,$tbl) # Te2[s2>>8] - x $s1,3($i2,$tbl) # Te1[s2>>16] - l $s2,0($s2,$tbl) # Te0[s2>>24] - x $t3,1($i3,$tbl) # Te3[s2>>0] - - srlg $i3,$s3,`16-3` # i2 - xr $s2,$t2 - srl $s3,`24-3` - nr $i3,$mask - nr $s3,$mask - - x $s0,0($key) - x $s1,4($key) - x $s2,8($key) - x $t3,12($key) - - x $s0,1($t1,$tbl) # Te3[s3>>0] - x $s1,2($ra,$tbl) # Te2[s3>>8] - x $s2,3($i3,$tbl) # Te1[s3>>16] - l $s3,0($s3,$tbl) # Te0[s3>>24] - xr $s3,$t3 - - brct $rounds,.Lenc_loop - .align 16 - - sllg $t1,$s0,`0+3` - srlg $t2,$s0,`8-3` - ngr $t1,$mask - srlg $t3,$s0,`16-3` - srl $s0,`24-3` - nr $s0,$mask - nr $t2,$mask - nr $t3,$mask - - srlg $i1,$s1,`16-3` # i0 - sllg $i2,$s1,`0+3` - ngr $i2,$mask - srlg $i3,$s1,`8-3` - srl $s1,`24-3` - nr $i1,$mask - nr $s1,$mask - nr $i3,$mask - - llgc $s0,2($s0,$tbl) # Te4[s0>>24] - llgc $t1,2($t1,$tbl) # Te4[s0>>0] - sll $s0,24 - llgc $t2,2($t2,$tbl) # Te4[s0>>8] - llgc $t3,2($t3,$tbl) # Te4[s0>>16] - sll $t2,8 - sll $t3,16 - - llgc $i1,2($i1,$tbl) # Te4[s1>>16] - llgc $s1,2($s1,$tbl) # Te4[s1>>24] - llgc $i2,2($i2,$tbl) # Te4[s1>>0] - llgc $i3,2($i3,$tbl) # Te4[s1>>8] - sll $i1,16 - sll $s1,24 - sll $i3,8 - or $s0,$i1 - or $s1,$t1 - or $t2,$i2 - or $t3,$i3 - - srlg $i1,$s2,`8-3` # i0 - srlg $i2,$s2,`16-3` # i1 - nr $i1,$mask - nr $i2,$mask - sllg $i3,$s2,`0+3` - srl $s2,`24-3` - ngr $i3,$mask - nr $s2,$mask - - sllg $t1,$s3,`0+3` # i0 - srlg $ra,$s3,`8-3` # i1 - ngr $t1,$mask - - llgc $i1,2($i1,$tbl) # Te4[s2>>8] - llgc $i2,2($i2,$tbl) # Te4[s2>>16] - sll $i1,8 - llgc $s2,2($s2,$tbl) # Te4[s2>>24] - llgc $i3,2($i3,$tbl) # Te4[s2>>0] - sll $i2,16 - nr $ra,$mask - sll $s2,24 - or $s0,$i1 - or $s1,$i2 - or $s2,$t2 - or $t3,$i3 - - srlg $i3,$s3,`16-3` # i2 - srl $s3,`24-3` - nr $i3,$mask - nr $s3,$mask - - l $t0,16($key) - l $t2,20($key) - - llgc $i1,2($t1,$tbl) # Te4[s3>>0] - llgc $i2,2($ra,$tbl) # Te4[s3>>8] - llgc $i3,2($i3,$tbl) # Te4[s3>>16] - llgc $s3,2($s3,$tbl) # Te4[s3>>24] - sll $i2,8 - sll $i3,16 - sll $s3,24 - or $s0,$i1 - or $s1,$i2 - or $s2,$i3 - or $s3,$t3 - - l${g} $ra,15*$SIZE_T($sp) - xr $s0,$t0 - xr $s1,$t2 - x $s2,24($key) - x $s3,28($key) - - br $ra -.size _s390x_AES_encrypt,.-_s390x_AES_encrypt -___ - -$code.=<<___; -.type AES_Td,\@object -.align 256 -AES_Td: -___ -&_data_word( - 0x51f4a750, 0x7e416553, 0x1a17a4c3, 0x3a275e96, - 0x3bab6bcb, 0x1f9d45f1, 0xacfa58ab, 0x4be30393, - 0x2030fa55, 0xad766df6, 0x88cc7691, 0xf5024c25, - 0x4fe5d7fc, 0xc52acbd7, 0x26354480, 0xb562a38f, - 0xdeb15a49, 0x25ba1b67, 0x45ea0e98, 0x5dfec0e1, - 0xc32f7502, 0x814cf012, 0x8d4697a3, 0x6bd3f9c6, - 0x038f5fe7, 0x15929c95, 0xbf6d7aeb, 0x955259da, - 0xd4be832d, 0x587421d3, 0x49e06929, 0x8ec9c844, - 0x75c2896a, 0xf48e7978, 0x99583e6b, 0x27b971dd, - 0xbee14fb6, 0xf088ad17, 0xc920ac66, 0x7dce3ab4, - 0x63df4a18, 0xe51a3182, 0x97513360, 0x62537f45, - 0xb16477e0, 0xbb6bae84, 0xfe81a01c, 0xf9082b94, - 0x70486858, 0x8f45fd19, 0x94de6c87, 0x527bf8b7, - 0xab73d323, 0x724b02e2, 0xe31f8f57, 0x6655ab2a, - 0xb2eb2807, 0x2fb5c203, 0x86c57b9a, 0xd33708a5, - 0x302887f2, 0x23bfa5b2, 0x02036aba, 0xed16825c, - 0x8acf1c2b, 0xa779b492, 0xf307f2f0, 0x4e69e2a1, - 0x65daf4cd, 0x0605bed5, 0xd134621f, 0xc4a6fe8a, - 0x342e539d, 0xa2f355a0, 0x058ae132, 0xa4f6eb75, - 0x0b83ec39, 0x4060efaa, 0x5e719f06, 0xbd6e1051, - 0x3e218af9, 0x96dd063d, 0xdd3e05ae, 0x4de6bd46, - 0x91548db5, 0x71c45d05, 0x0406d46f, 0x605015ff, - 0x1998fb24, 0xd6bde997, 0x894043cc, 0x67d99e77, - 0xb0e842bd, 0x07898b88, 0xe7195b38, 0x79c8eedb, - 0xa17c0a47, 0x7c420fe9, 0xf8841ec9, 0x00000000, - 0x09808683, 0x322bed48, 0x1e1170ac, 0x6c5a724e, - 0xfd0efffb, 0x0f853856, 0x3daed51e, 0x362d3927, - 0x0a0fd964, 0x685ca621, 0x9b5b54d1, 0x24362e3a, - 0x0c0a67b1, 0x9357e70f, 0xb4ee96d2, 0x1b9b919e, - 0x80c0c54f, 0x61dc20a2, 0x5a774b69, 0x1c121a16, - 0xe293ba0a, 0xc0a02ae5, 0x3c22e043, 0x121b171d, - 0x0e090d0b, 0xf28bc7ad, 0x2db6a8b9, 0x141ea9c8, - 0x57f11985, 0xaf75074c, 0xee99ddbb, 0xa37f60fd, - 0xf701269f, 0x5c72f5bc, 0x44663bc5, 0x5bfb7e34, - 0x8b432976, 0xcb23c6dc, 0xb6edfc68, 0xb8e4f163, - 0xd731dcca, 0x42638510, 0x13972240, 0x84c61120, - 0x854a247d, 0xd2bb3df8, 0xaef93211, 0xc729a16d, - 0x1d9e2f4b, 0xdcb230f3, 0x0d8652ec, 0x77c1e3d0, - 0x2bb3166c, 0xa970b999, 0x119448fa, 0x47e96422, - 0xa8fc8cc4, 0xa0f03f1a, 0x567d2cd8, 0x223390ef, - 0x87494ec7, 0xd938d1c1, 0x8ccaa2fe, 0x98d40b36, - 0xa6f581cf, 0xa57ade28, 0xdab78e26, 0x3fadbfa4, - 0x2c3a9de4, 0x5078920d, 0x6a5fcc9b, 0x547e4662, - 0xf68d13c2, 0x90d8b8e8, 0x2e39f75e, 0x82c3aff5, - 0x9f5d80be, 0x69d0937c, 0x6fd52da9, 0xcf2512b3, - 0xc8ac993b, 0x10187da7, 0xe89c636e, 0xdb3bbb7b, - 0xcd267809, 0x6e5918f4, 0xec9ab701, 0x834f9aa8, - 0xe6956e65, 0xaaffe67e, 0x21bccf08, 0xef15e8e6, - 0xbae79bd9, 0x4a6f36ce, 0xea9f09d4, 0x29b07cd6, - 0x31a4b2af, 0x2a3f2331, 0xc6a59430, 0x35a266c0, - 0x744ebc37, 0xfc82caa6, 0xe090d0b0, 0x33a7d815, - 0xf104984a, 0x41ecdaf7, 0x7fcd500e, 0x1791f62f, - 0x764dd68d, 0x43efb04d, 0xccaa4d54, 0xe49604df, - 0x9ed1b5e3, 0x4c6a881b, 0xc12c1fb8, 0x4665517f, - 0x9d5eea04, 0x018c355d, 0xfa877473, 0xfb0b412e, - 0xb3671d5a, 0x92dbd252, 0xe9105633, 0x6dd64713, - 0x9ad7618c, 0x37a10c7a, 0x59f8148e, 0xeb133c89, - 0xcea927ee, 0xb761c935, 0xe11ce5ed, 0x7a47b13c, - 0x9cd2df59, 0x55f2733f, 0x1814ce79, 0x73c737bf, - 0x53f7cdea, 0x5ffdaa5b, 0xdf3d6f14, 0x7844db86, - 0xcaaff381, 0xb968c43e, 0x3824342c, 0xc2a3405f, - 0x161dc372, 0xbce2250c, 0x283c498b, 0xff0d9541, - 0x39a80171, 0x080cb3de, 0xd8b4e49c, 0x6456c190, - 0x7bcb8461, 0xd532b670, 0x486c5c74, 0xd0b85742); -$code.=<<___; -# Td4[256] -.byte 0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38 -.byte 0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb -.byte 0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87 -.byte 0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb -.byte 0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d -.byte 0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e -.byte 0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2 -.byte 0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25 -.byte 0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16 -.byte 0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92 -.byte 0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda -.byte 0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84 -.byte 0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a -.byte 0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06 -.byte 0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02 -.byte 0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b -.byte 0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea -.byte 0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73 -.byte 0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85 -.byte 0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e -.byte 0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89 -.byte 0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b -.byte 0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20 -.byte 0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4 -.byte 0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31 -.byte 0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f -.byte 0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d -.byte 0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef -.byte 0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0 -.byte 0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61 -.byte 0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26 -.byte 0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d -.size AES_Td,.-AES_Td - -# void AES_decrypt(const unsigned char *inp, unsigned char *out, -# const AES_KEY *key) { -.globl AES_decrypt -.type AES_decrypt,\@function -AES_decrypt: -___ -$code.=<<___ if (!$softonly); - l %r0,240($key) - lhi %r1,16 - clr %r0,%r1 - jl .Ldsoft - - la %r1,0($key) - #la %r2,0($inp) - la %r4,0($out) - lghi %r3,16 # single block length - .long 0xb92e0042 # km %r4,%r2 - brc 1,.-4 # can this happen? - br %r14 -.align 64 -.Ldsoft: -___ -$code.=<<___; - stm${g} %r3,$ra,3*$SIZE_T($sp) - - llgf $s0,0($inp) - llgf $s1,4($inp) - llgf $s2,8($inp) - llgf $s3,12($inp) - - larl $tbl,AES_Td - bras $ra,_s390x_AES_decrypt - - l${g} $out,3*$SIZE_T($sp) - st $s0,0($out) - st $s1,4($out) - st $s2,8($out) - st $s3,12($out) - - lm${g} %r6,$ra,6*$SIZE_T($sp) - br $ra -.size AES_decrypt,.-AES_decrypt - -.type _s390x_AES_decrypt,\@function -.align 16 -_s390x_AES_decrypt: - st${g} $ra,15*$SIZE_T($sp) - x $s0,0($key) - x $s1,4($key) - x $s2,8($key) - x $s3,12($key) - l $rounds,240($key) - llill $mask,`0xff<<3` - aghi $rounds,-1 - j .Ldec_loop -.align 16 -.Ldec_loop: - srlg $t1,$s0,`16-3` - srlg $t2,$s0,`8-3` - sllg $t3,$s0,`0+3` - srl $s0,`24-3` - nr $s0,$mask - nr $t1,$mask - nr $t2,$mask - ngr $t3,$mask - - sllg $i1,$s1,`0+3` # i0 - srlg $i2,$s1,`16-3` - srlg $i3,$s1,`8-3` - srl $s1,`24-3` - ngr $i1,$mask - nr $s1,$mask - nr $i2,$mask - nr $i3,$mask - - l $s0,0($s0,$tbl) # Td0[s0>>24] - l $t1,3($t1,$tbl) # Td1[s0>>16] - l $t2,2($t2,$tbl) # Td2[s0>>8] - l $t3,1($t3,$tbl) # Td3[s0>>0] - - x $s0,1($i1,$tbl) # Td3[s1>>0] - l $s1,0($s1,$tbl) # Td0[s1>>24] - x $t2,3($i2,$tbl) # Td1[s1>>16] - x $t3,2($i3,$tbl) # Td2[s1>>8] - - srlg $i1,$s2,`8-3` # i0 - sllg $i2,$s2,`0+3` # i1 - srlg $i3,$s2,`16-3` - srl $s2,`24-3` - nr $i1,$mask - ngr $i2,$mask - nr $s2,$mask - nr $i3,$mask - - xr $s1,$t1 - srlg $ra,$s3,`8-3` # i1 - srlg $t1,$s3,`16-3` # i0 - nr $ra,$mask - la $key,16($key) - nr $t1,$mask - - x $s0,2($i1,$tbl) # Td2[s2>>8] - x $s1,1($i2,$tbl) # Td3[s2>>0] - l $s2,0($s2,$tbl) # Td0[s2>>24] - x $t3,3($i3,$tbl) # Td1[s2>>16] - - sllg $i3,$s3,`0+3` # i2 - srl $s3,`24-3` - ngr $i3,$mask - nr $s3,$mask - - xr $s2,$t2 - x $s0,0($key) - x $s1,4($key) - x $s2,8($key) - x $t3,12($key) - - x $s0,3($t1,$tbl) # Td1[s3>>16] - x $s1,2($ra,$tbl) # Td2[s3>>8] - x $s2,1($i3,$tbl) # Td3[s3>>0] - l $s3,0($s3,$tbl) # Td0[s3>>24] - xr $s3,$t3 - - brct $rounds,.Ldec_loop - .align 16 - - l $t1,`2048+0`($tbl) # prefetch Td4 - l $t2,`2048+64`($tbl) - l $t3,`2048+128`($tbl) - l $i1,`2048+192`($tbl) - llill $mask,0xff - - srlg $i3,$s0,24 # i0 - srlg $t1,$s0,16 - srlg $t2,$s0,8 - nr $s0,$mask # i3 - nr $t1,$mask - - srlg $i1,$s1,24 - nr $t2,$mask - srlg $i2,$s1,16 - srlg $ra,$s1,8 - nr $s1,$mask # i0 - nr $i2,$mask - nr $ra,$mask - - llgc $i3,2048($i3,$tbl) # Td4[s0>>24] - llgc $t1,2048($t1,$tbl) # Td4[s0>>16] - llgc $t2,2048($t2,$tbl) # Td4[s0>>8] - sll $t1,16 - llgc $t3,2048($s0,$tbl) # Td4[s0>>0] - sllg $s0,$i3,24 - sll $t2,8 - - llgc $s1,2048($s1,$tbl) # Td4[s1>>0] - llgc $i1,2048($i1,$tbl) # Td4[s1>>24] - llgc $i2,2048($i2,$tbl) # Td4[s1>>16] - sll $i1,24 - llgc $i3,2048($ra,$tbl) # Td4[s1>>8] - sll $i2,16 - sll $i3,8 - or $s0,$s1 - or $t1,$i1 - or $t2,$i2 - or $t3,$i3 - - srlg $i1,$s2,8 # i0 - srlg $i2,$s2,24 - srlg $i3,$s2,16 - nr $s2,$mask # i1 - nr $i1,$mask - nr $i3,$mask - llgc $i1,2048($i1,$tbl) # Td4[s2>>8] - llgc $s1,2048($s2,$tbl) # Td4[s2>>0] - llgc $i2,2048($i2,$tbl) # Td4[s2>>24] - llgc $i3,2048($i3,$tbl) # Td4[s2>>16] - sll $i1,8 - sll $i2,24 - or $s0,$i1 - sll $i3,16 - or $t2,$i2 - or $t3,$i3 - - srlg $i1,$s3,16 # i0 - srlg $i2,$s3,8 # i1 - srlg $i3,$s3,24 - nr $s3,$mask # i2 - nr $i1,$mask - nr $i2,$mask - - l${g} $ra,15*$SIZE_T($sp) - or $s1,$t1 - l $t0,16($key) - l $t1,20($key) - - llgc $i1,2048($i1,$tbl) # Td4[s3>>16] - llgc $i2,2048($i2,$tbl) # Td4[s3>>8] - sll $i1,16 - llgc $s2,2048($s3,$tbl) # Td4[s3>>0] - llgc $s3,2048($i3,$tbl) # Td4[s3>>24] - sll $i2,8 - sll $s3,24 - or $s0,$i1 - or $s1,$i2 - or $s2,$t2 - or $s3,$t3 - - xr $s0,$t0 - xr $s1,$t1 - x $s2,24($key) - x $s3,28($key) - - br $ra -.size _s390x_AES_decrypt,.-_s390x_AES_decrypt -___ - -$code.=<<___; -# void AES_set_encrypt_key(const unsigned char *in, int bits, -# AES_KEY *key) { -.globl AES_set_encrypt_key -.type AES_set_encrypt_key,\@function -.align 16 -AES_set_encrypt_key: -_s390x_AES_set_encrypt_key: - lghi $t0,0 - cl${g}r $inp,$t0 - je .Lminus1 - cl${g}r $key,$t0 - je .Lminus1 - - lghi $t0,128 - clr $bits,$t0 - je .Lproceed - lghi $t0,192 - clr $bits,$t0 - je .Lproceed - lghi $t0,256 - clr $bits,$t0 - je .Lproceed - lghi %r2,-2 - br %r14 - -.align 16 -.Lproceed: -___ -$code.=<<___ if (!$softonly); - # convert bits to km(c) code, [128,192,256]->[18,19,20] - lhi %r5,-128 - lhi %r0,18 - ar %r5,$bits - srl %r5,6 - ar %r5,%r0 - - larl %r1,OPENSSL_s390xcap_P - llihh %r0,0x8000 - srlg %r0,%r0,0(%r5) - ng %r0,S390X_KM(%r1) # check availability of both km... - ng %r0,S390X_KMC(%r1) # ...and kmc support for given key length - jz .Lekey_internal - - lmg %r0,%r1,0($inp) # just copy 128 bits... - stmg %r0,%r1,0($key) - lhi %r0,192 - cr $bits,%r0 - jl 1f - lg %r1,16($inp) - stg %r1,16($key) - je 1f - lg %r1,24($inp) - stg %r1,24($key) -1: st $bits,236($key) # save bits [for debugging purposes] - lgr $t0,%r5 - st %r5,240($key) # save km(c) code - lghi %r2,0 - br %r14 -___ -$code.=<<___; -.align 16 -.Lekey_internal: - stm${g} %r4,%r13,4*$SIZE_T($sp) # all non-volatile regs and $key - - larl $tbl,AES_Te+2048 - - llgf $s0,0($inp) - llgf $s1,4($inp) - llgf $s2,8($inp) - llgf $s3,12($inp) - st $s0,0($key) - st $s1,4($key) - st $s2,8($key) - st $s3,12($key) - lghi $t0,128 - cr $bits,$t0 - jne .Lnot128 - - llill $mask,0xff - lghi $t3,0 # i=0 - lghi $rounds,10 - st $rounds,240($key) - - llgfr $t2,$s3 # temp=rk[3] - srlg $i1,$s3,8 - srlg $i2,$s3,16 - srlg $i3,$s3,24 - nr $t2,$mask - nr $i1,$mask - nr $i2,$mask - -.align 16 -.L128_loop: - la $t2,0($t2,$tbl) - la $i1,0($i1,$tbl) - la $i2,0($i2,$tbl) - la $i3,0($i3,$tbl) - icm $t2,2,0($t2) # Te4[rk[3]>>0]<<8 - icm $t2,4,0($i1) # Te4[rk[3]>>8]<<16 - icm $t2,8,0($i2) # Te4[rk[3]>>16]<<24 - icm $t2,1,0($i3) # Te4[rk[3]>>24] - x $t2,256($t3,$tbl) # rcon[i] - xr $s0,$t2 # rk[4]=rk[0]^... - xr $s1,$s0 # rk[5]=rk[1]^rk[4] - xr $s2,$s1 # rk[6]=rk[2]^rk[5] - xr $s3,$s2 # rk[7]=rk[3]^rk[6] - - llgfr $t2,$s3 # temp=rk[3] - srlg $i1,$s3,8 - srlg $i2,$s3,16 - nr $t2,$mask - nr $i1,$mask - srlg $i3,$s3,24 - nr $i2,$mask - - st $s0,16($key) - st $s1,20($key) - st $s2,24($key) - st $s3,28($key) - la $key,16($key) # key+=4 - la $t3,4($t3) # i++ - brct $rounds,.L128_loop - lghi $t0,10 - lghi %r2,0 - lm${g} %r4,%r13,4*$SIZE_T($sp) - br $ra - -.align 16 -.Lnot128: - llgf $t0,16($inp) - llgf $t1,20($inp) - st $t0,16($key) - st $t1,20($key) - lghi $t0,192 - cr $bits,$t0 - jne .Lnot192 - - llill $mask,0xff - lghi $t3,0 # i=0 - lghi $rounds,12 - st $rounds,240($key) - lghi $rounds,8 - - srlg $i1,$t1,8 - srlg $i2,$t1,16 - srlg $i3,$t1,24 - nr $t1,$mask - nr $i1,$mask - nr $i2,$mask - -.align 16 -.L192_loop: - la $t1,0($t1,$tbl) - la $i1,0($i1,$tbl) - la $i2,0($i2,$tbl) - la $i3,0($i3,$tbl) - icm $t1,2,0($t1) # Te4[rk[5]>>0]<<8 - icm $t1,4,0($i1) # Te4[rk[5]>>8]<<16 - icm $t1,8,0($i2) # Te4[rk[5]>>16]<<24 - icm $t1,1,0($i3) # Te4[rk[5]>>24] - x $t1,256($t3,$tbl) # rcon[i] - xr $s0,$t1 # rk[6]=rk[0]^... - xr $s1,$s0 # rk[7]=rk[1]^rk[6] - xr $s2,$s1 # rk[8]=rk[2]^rk[7] - xr $s3,$s2 # rk[9]=rk[3]^rk[8] - - st $s0,24($key) - st $s1,28($key) - st $s2,32($key) - st $s3,36($key) - brct $rounds,.L192_continue - lghi $t0,12 - lghi %r2,0 - lm${g} %r4,%r13,4*$SIZE_T($sp) - br $ra - -.align 16 -.L192_continue: - lgr $t1,$s3 - x $t1,16($key) # rk[10]=rk[4]^rk[9] - st $t1,40($key) - x $t1,20($key) # rk[11]=rk[5]^rk[10] - st $t1,44($key) - - srlg $i1,$t1,8 - srlg $i2,$t1,16 - srlg $i3,$t1,24 - nr $t1,$mask - nr $i1,$mask - nr $i2,$mask - - la $key,24($key) # key+=6 - la $t3,4($t3) # i++ - j .L192_loop - -.align 16 -.Lnot192: - llgf $t0,24($inp) - llgf $t1,28($inp) - st $t0,24($key) - st $t1,28($key) - llill $mask,0xff - lghi $t3,0 # i=0 - lghi $rounds,14 - st $rounds,240($key) - lghi $rounds,7 - - srlg $i1,$t1,8 - srlg $i2,$t1,16 - srlg $i3,$t1,24 - nr $t1,$mask - nr $i1,$mask - nr $i2,$mask - -.align 16 -.L256_loop: - la $t1,0($t1,$tbl) - la $i1,0($i1,$tbl) - la $i2,0($i2,$tbl) - la $i3,0($i3,$tbl) - icm $t1,2,0($t1) # Te4[rk[7]>>0]<<8 - icm $t1,4,0($i1) # Te4[rk[7]>>8]<<16 - icm $t1,8,0($i2) # Te4[rk[7]>>16]<<24 - icm $t1,1,0($i3) # Te4[rk[7]>>24] - x $t1,256($t3,$tbl) # rcon[i] - xr $s0,$t1 # rk[8]=rk[0]^... - xr $s1,$s0 # rk[9]=rk[1]^rk[8] - xr $s2,$s1 # rk[10]=rk[2]^rk[9] - xr $s3,$s2 # rk[11]=rk[3]^rk[10] - st $s0,32($key) - st $s1,36($key) - st $s2,40($key) - st $s3,44($key) - brct $rounds,.L256_continue - lghi $t0,14 - lghi %r2,0 - lm${g} %r4,%r13,4*$SIZE_T($sp) - br $ra - -.align 16 -.L256_continue: - lgr $t1,$s3 # temp=rk[11] - srlg $i1,$s3,8 - srlg $i2,$s3,16 - srlg $i3,$s3,24 - nr $t1,$mask - nr $i1,$mask - nr $i2,$mask - la $t1,0($t1,$tbl) - la $i1,0($i1,$tbl) - la $i2,0($i2,$tbl) - la $i3,0($i3,$tbl) - llgc $t1,0($t1) # Te4[rk[11]>>0] - icm $t1,2,0($i1) # Te4[rk[11]>>8]<<8 - icm $t1,4,0($i2) # Te4[rk[11]>>16]<<16 - icm $t1,8,0($i3) # Te4[rk[11]>>24]<<24 - x $t1,16($key) # rk[12]=rk[4]^... - st $t1,48($key) - x $t1,20($key) # rk[13]=rk[5]^rk[12] - st $t1,52($key) - x $t1,24($key) # rk[14]=rk[6]^rk[13] - st $t1,56($key) - x $t1,28($key) # rk[15]=rk[7]^rk[14] - st $t1,60($key) - - srlg $i1,$t1,8 - srlg $i2,$t1,16 - srlg $i3,$t1,24 - nr $t1,$mask - nr $i1,$mask - nr $i2,$mask - - la $key,32($key) # key+=8 - la $t3,4($t3) # i++ - j .L256_loop - -.Lminus1: - lghi %r2,-1 - br $ra -.size AES_set_encrypt_key,.-AES_set_encrypt_key - -# void AES_set_decrypt_key(const unsigned char *in, int bits, -# AES_KEY *key) { -.globl AES_set_decrypt_key -.type AES_set_decrypt_key,\@function -.align 16 -AES_set_decrypt_key: - #st${g} $key,4*$SIZE_T($sp) # I rely on AES_set_encrypt_key to - st${g} $ra,14*$SIZE_T($sp) # save non-volatile registers and $key! - bras $ra,_s390x_AES_set_encrypt_key - #l${g} $key,4*$SIZE_T($sp) - l${g} $ra,14*$SIZE_T($sp) - ltgr %r2,%r2 - bnzr $ra -___ -$code.=<<___ if (!$softonly); - #l $t0,240($key) - lhi $t1,16 - cr $t0,$t1 - jl .Lgo - oill $t0,S390X_DECRYPT # set "decrypt" bit - st $t0,240($key) - br $ra -___ -$code.=<<___; -.align 16 -.Lgo: lgr $rounds,$t0 #llgf $rounds,240($key) - la $i1,0($key) - sllg $i2,$rounds,4 - la $i2,0($i2,$key) - srl $rounds,1 - lghi $t1,-16 - -.align 16 -.Linv: lmg $s0,$s1,0($i1) - lmg $s2,$s3,0($i2) - stmg $s0,$s1,0($i2) - stmg $s2,$s3,0($i1) - la $i1,16($i1) - la $i2,0($t1,$i2) - brct $rounds,.Linv -___ -$mask80=$i1; -$mask1b=$i2; -$maskfe=$i3; -$code.=<<___; - llgf $rounds,240($key) - aghi $rounds,-1 - sll $rounds,2 # (rounds-1)*4 - llilh $mask80,0x8080 - llilh $mask1b,0x1b1b - llilh $maskfe,0xfefe - oill $mask80,0x8080 - oill $mask1b,0x1b1b - oill $maskfe,0xfefe - -.align 16 -.Lmix: l $s0,16($key) # tp1 - lr $s1,$s0 - ngr $s1,$mask80 - srlg $t1,$s1,7 - slr $s1,$t1 - nr $s1,$mask1b - sllg $t1,$s0,1 - nr $t1,$maskfe - xr $s1,$t1 # tp2 - - lr $s2,$s1 - ngr $s2,$mask80 - srlg $t1,$s2,7 - slr $s2,$t1 - nr $s2,$mask1b - sllg $t1,$s1,1 - nr $t1,$maskfe - xr $s2,$t1 # tp4 - - lr $s3,$s2 - ngr $s3,$mask80 - srlg $t1,$s3,7 - slr $s3,$t1 - nr $s3,$mask1b - sllg $t1,$s2,1 - nr $t1,$maskfe - xr $s3,$t1 # tp8 - - xr $s1,$s0 # tp2^tp1 - xr $s2,$s0 # tp4^tp1 - rll $s0,$s0,24 # = ROTATE(tp1,8) - xr $s2,$s3 # ^=tp8 - xr $s0,$s1 # ^=tp2^tp1 - xr $s1,$s3 # tp2^tp1^tp8 - xr $s0,$s2 # ^=tp4^tp1^tp8 - rll $s1,$s1,8 - rll $s2,$s2,16 - xr $s0,$s1 # ^= ROTATE(tp8^tp2^tp1,24) - rll $s3,$s3,24 - xr $s0,$s2 # ^= ROTATE(tp8^tp4^tp1,16) - xr $s0,$s3 # ^= ROTATE(tp8,8) - - st $s0,16($key) - la $key,4($key) - brct $rounds,.Lmix - - lm${g} %r6,%r13,6*$SIZE_T($sp)# as was saved by AES_set_encrypt_key! - lghi %r2,0 - br $ra -.size AES_set_decrypt_key,.-AES_set_decrypt_key -___ - -######################################################################## -# void AES_cbc_encrypt(const unsigned char *in, unsigned char *out, -# size_t length, const AES_KEY *key, -# unsigned char *ivec, const int enc) -{ -my $inp="%r2"; -my $out="%r4"; # length and out are swapped -my $len="%r3"; -my $key="%r5"; -my $ivp="%r6"; - -$code.=<<___; -.globl AES_cbc_encrypt -.type AES_cbc_encrypt,\@function -.align 16 -AES_cbc_encrypt: - xgr %r3,%r4 # flip %r3 and %r4, out and len - xgr %r4,%r3 - xgr %r3,%r4 -___ -$code.=<<___ if (!$softonly); - lhi %r0,16 - cl %r0,240($key) - jh .Lcbc_software - - lg %r0,0($ivp) # copy ivec - lg %r1,8($ivp) - stmg %r0,%r1,16($sp) - lmg %r0,%r1,0($key) # copy key, cover 256 bit - stmg %r0,%r1,32($sp) - lmg %r0,%r1,16($key) - stmg %r0,%r1,48($sp) - l %r0,240($key) # load kmc code - lghi $key,15 # res=len%16, len-=res; - ngr $key,$len - sl${g}r $len,$key - la %r1,16($sp) # parameter block - ivec || key - jz .Lkmc_truncated - .long 0xb92f0042 # kmc %r4,%r2 - brc 1,.-4 # pay attention to "partial completion" - ltr $key,$key - jnz .Lkmc_truncated -.Lkmc_done: - lmg %r0,%r1,16($sp) # copy ivec to caller - stg %r0,0($ivp) - stg %r1,8($ivp) - br $ra -.align 16 -.Lkmc_truncated: - ahi $key,-1 # it's the way it's encoded in mvc - tmll %r0,S390X_DECRYPT - jnz .Lkmc_truncated_dec - lghi %r1,0 - stg %r1,16*$SIZE_T($sp) - stg %r1,16*$SIZE_T+8($sp) - bras %r1,1f - mvc 16*$SIZE_T(1,$sp),0($inp) -1: ex $key,0(%r1) - la %r1,16($sp) # restore parameter block - la $inp,16*$SIZE_T($sp) - lghi $len,16 - .long 0xb92f0042 # kmc %r4,%r2 - j .Lkmc_done -.align 16 -.Lkmc_truncated_dec: - st${g} $out,4*$SIZE_T($sp) - la $out,16*$SIZE_T($sp) - lghi $len,16 - .long 0xb92f0042 # kmc %r4,%r2 - l${g} $out,4*$SIZE_T($sp) - bras %r1,2f - mvc 0(1,$out),16*$SIZE_T($sp) -2: ex $key,0(%r1) - j .Lkmc_done -.align 16 -.Lcbc_software: -___ -$code.=<<___; - stm${g} $key,$ra,5*$SIZE_T($sp) - lhi %r0,0 - cl %r0,`$stdframe+$SIZE_T-4`($sp) - je .Lcbc_decrypt - - larl $tbl,AES_Te - - llgf $s0,0($ivp) - llgf $s1,4($ivp) - llgf $s2,8($ivp) - llgf $s3,12($ivp) - - lghi $t0,16 - sl${g}r $len,$t0 - brc 4,.Lcbc_enc_tail # if borrow -.Lcbc_enc_loop: - stm${g} $inp,$out,2*$SIZE_T($sp) - x $s0,0($inp) - x $s1,4($inp) - x $s2,8($inp) - x $s3,12($inp) - lgr %r4,$key - - bras $ra,_s390x_AES_encrypt - - lm${g} $inp,$key,2*$SIZE_T($sp) - st $s0,0($out) - st $s1,4($out) - st $s2,8($out) - st $s3,12($out) - - la $inp,16($inp) - la $out,16($out) - lghi $t0,16 - lt${g}r $len,$len - jz .Lcbc_enc_done - sl${g}r $len,$t0 - brc 4,.Lcbc_enc_tail # if borrow - j .Lcbc_enc_loop -.align 16 -.Lcbc_enc_done: - l${g} $ivp,6*$SIZE_T($sp) - st $s0,0($ivp) - st $s1,4($ivp) - st $s2,8($ivp) - st $s3,12($ivp) - - lm${g} %r7,$ra,7*$SIZE_T($sp) - br $ra - -.align 16 -.Lcbc_enc_tail: - aghi $len,15 - lghi $t0,0 - stg $t0,16*$SIZE_T($sp) - stg $t0,16*$SIZE_T+8($sp) - bras $t1,3f - mvc 16*$SIZE_T(1,$sp),0($inp) -3: ex $len,0($t1) - lghi $len,0 - la $inp,16*$SIZE_T($sp) - j .Lcbc_enc_loop - -.align 16 -.Lcbc_decrypt: - larl $tbl,AES_Td - - lg $t0,0($ivp) - lg $t1,8($ivp) - stmg $t0,$t1,16*$SIZE_T($sp) - -.Lcbc_dec_loop: - stm${g} $inp,$out,2*$SIZE_T($sp) - llgf $s0,0($inp) - llgf $s1,4($inp) - llgf $s2,8($inp) - llgf $s3,12($inp) - lgr %r4,$key - - bras $ra,_s390x_AES_decrypt - - lm${g} $inp,$key,2*$SIZE_T($sp) - sllg $s0,$s0,32 - sllg $s2,$s2,32 - lr $s0,$s1 - lr $s2,$s3 - - lg $t0,0($inp) - lg $t1,8($inp) - xg $s0,16*$SIZE_T($sp) - xg $s2,16*$SIZE_T+8($sp) - lghi $s1,16 - sl${g}r $len,$s1 - brc 4,.Lcbc_dec_tail # if borrow - brc 2,.Lcbc_dec_done # if zero - stg $s0,0($out) - stg $s2,8($out) - stmg $t0,$t1,16*$SIZE_T($sp) - - la $inp,16($inp) - la $out,16($out) - j .Lcbc_dec_loop - -.Lcbc_dec_done: - stg $s0,0($out) - stg $s2,8($out) -.Lcbc_dec_exit: - lm${g} %r6,$ra,6*$SIZE_T($sp) - stmg $t0,$t1,0($ivp) - - br $ra - -.align 16 -.Lcbc_dec_tail: - aghi $len,15 - stg $s0,16*$SIZE_T($sp) - stg $s2,16*$SIZE_T+8($sp) - bras $s1,4f - mvc 0(1,$out),16*$SIZE_T($sp) -4: ex $len,0($s1) - j .Lcbc_dec_exit -.size AES_cbc_encrypt,.-AES_cbc_encrypt -___ -} -######################################################################## -# void AES_ctr32_encrypt(const unsigned char *in, unsigned char *out, -# size_t blocks, const AES_KEY *key, -# const unsigned char *ivec) -{ -my $inp="%r2"; -my $out="%r4"; # blocks and out are swapped -my $len="%r3"; -my $key="%r5"; my $iv0="%r5"; -my $ivp="%r6"; -my $fp ="%r7"; - -$code.=<<___; -.globl AES_ctr32_encrypt -.type AES_ctr32_encrypt,\@function -.align 16 -AES_ctr32_encrypt: - xgr %r3,%r4 # flip %r3 and %r4, $out and $len - xgr %r4,%r3 - xgr %r3,%r4 - llgfr $len,$len # safe in ctr32 subroutine even in 64-bit case -___ -$code.=<<___ if (!$softonly); - l %r0,240($key) - lhi %r1,16 - clr %r0,%r1 - jl .Lctr32_software - - st${g} $s2,10*$SIZE_T($sp) - st${g} $s3,11*$SIZE_T($sp) - - clr $len,%r1 # does work even in 64-bit mode - jle .Lctr32_nokma # kma is slower for <= 16 blocks - - larl %r1,OPENSSL_s390xcap_P - lr $s2,%r0 - llihh $s3,0x8000 - srlg $s3,$s3,0($s2) - ng $s3,S390X_KMA(%r1) # check kma capability vector - jz .Lctr32_nokma - - l${g}hi %r1,-$stdframe-112 - l${g}r $s3,$sp - la $sp,0(%r1,$sp) # prepare parameter block - - lhi %r1,0x0600 - sllg $len,$len,4 - or %r0,%r1 # set HS and LAAD flags - - st${g} $s3,0($sp) # backchain - la %r1,$stdframe($sp) - - lmg $s2,$s3,0($key) # copy key - stg $s2,$stdframe+80($sp) - stg $s3,$stdframe+88($sp) - lmg $s2,$s3,16($key) - stg $s2,$stdframe+96($sp) - stg $s3,$stdframe+104($sp) - - lmg $s2,$s3,0($ivp) # copy iv - stg $s2,$stdframe+64($sp) - ahi $s3,-1 # kma requires counter-1 - stg $s3,$stdframe+72($sp) - st $s3,$stdframe+12($sp) # copy counter - - lghi $s2,0 # no AAD - lghi $s3,0 - - .long 0xb929a042 # kma $out,$s2,$inp - brc 1,.-4 # pay attention to "partial completion" - - stg %r0,$stdframe+80($sp) # wipe key - stg %r0,$stdframe+88($sp) - stg %r0,$stdframe+96($sp) - stg %r0,$stdframe+104($sp) - la $sp,$stdframe+112($sp) - - lm${g} $s2,$s3,10*$SIZE_T($sp) - br $ra - -.align 16 -.Lctr32_nokma: - stm${g} %r6,$s1,6*$SIZE_T($sp) - - slgr $out,$inp - la %r1,0($key) # %r1 is permanent copy of $key - lg $iv0,0($ivp) # load ivec - lg $ivp,8($ivp) - - # prepare and allocate stack frame at the top of 4K page - # with 1K reserved for eventual signal handling - lghi $s0,-1024-256-16# guarantee at least 256-bytes buffer - lghi $s1,-4096 - algr $s0,$sp - lgr $fp,$sp - ngr $s0,$s1 # align at page boundary - slgr $fp,$s0 # total buffer size - lgr $s2,$sp - lghi $s1,1024+16 # sl[g]fi is extended-immediate facility - slgr $fp,$s1 # deduct reservation to get usable buffer size - # buffer size is at lest 256 and at most 3072+256-16 - - la $sp,1024($s0) # alloca - srlg $fp,$fp,4 # convert bytes to blocks, minimum 16 - st${g} $s2,0($sp) # back-chain - st${g} $fp,$SIZE_T($sp) - - slgr $len,$fp - brc 1,.Lctr32_hw_switch # not zero, no borrow - algr $fp,$len # input is shorter than allocated buffer - lghi $len,0 - st${g} $fp,$SIZE_T($sp) - -.Lctr32_hw_switch: -___ -$code.=<<___ if (!$softonly && 0);# kmctr code was measured to be ~12% slower - llgfr $s0,%r0 - lgr $s1,%r1 - larl %r1,OPENSSL_s390xcap_P - llihh %r0,0x8000 # check if kmctr supports the function code - srlg %r0,%r0,0($s0) - ng %r0,S390X_KMCTR(%r1) # check kmctr capability vector - lgr %r0,$s0 - lgr %r1,$s1 - jz .Lctr32_km_loop - -####### kmctr code - algr $out,$inp # restore $out - lgr $s1,$len # $s1 undertakes $len - j .Lctr32_kmctr_loop -.align 16 -.Lctr32_kmctr_loop: - la $s2,16($sp) - lgr $s3,$fp -.Lctr32_kmctr_prepare: - stg $iv0,0($s2) - stg $ivp,8($s2) - la $s2,16($s2) - ahi $ivp,1 # 32-bit increment, preserves upper half - brct $s3,.Lctr32_kmctr_prepare - - #la $inp,0($inp) # inp - sllg $len,$fp,4 # len - #la $out,0($out) # out - la $s2,16($sp) # iv - .long 0xb92da042 # kmctr $out,$s2,$inp - brc 1,.-4 # pay attention to "partial completion" - - slgr $s1,$fp - brc 1,.Lctr32_kmctr_loop # not zero, no borrow - algr $fp,$s1 - lghi $s1,0 - brc 4+1,.Lctr32_kmctr_loop # not zero - - l${g} $sp,0($sp) - lm${g} %r6,$s3,6*$SIZE_T($sp) - br $ra -.align 16 -___ -$code.=<<___ if (!$softonly); -.Lctr32_km_loop: - la $s2,16($sp) - lgr $s3,$fp -.Lctr32_km_prepare: - stg $iv0,0($s2) - stg $ivp,8($s2) - la $s2,16($s2) - ahi $ivp,1 # 32-bit increment, preserves upper half - brct $s3,.Lctr32_km_prepare - - la $s0,16($sp) # inp - sllg $s1,$fp,4 # len - la $s2,16($sp) # out - .long 0xb92e00a8 # km %r10,%r8 - brc 1,.-4 # pay attention to "partial completion" - - la $s2,16($sp) - lgr $s3,$fp - slgr $s2,$inp -.Lctr32_km_xor: - lg $s0,0($inp) - lg $s1,8($inp) - xg $s0,0($s2,$inp) - xg $s1,8($s2,$inp) - stg $s0,0($out,$inp) - stg $s1,8($out,$inp) - la $inp,16($inp) - brct $s3,.Lctr32_km_xor - - slgr $len,$fp - brc 1,.Lctr32_km_loop # not zero, no borrow - algr $fp,$len - lghi $len,0 - brc 4+1,.Lctr32_km_loop # not zero - - l${g} $s0,0($sp) - l${g} $s1,$SIZE_T($sp) - la $s2,16($sp) -.Lctr32_km_zap: - stg $s0,0($s2) - stg $s0,8($s2) - la $s2,16($s2) - brct $s1,.Lctr32_km_zap - - la $sp,0($s0) - lm${g} %r6,$s3,6*$SIZE_T($sp) - br $ra -.align 16 -.Lctr32_software: -___ -$code.=<<___; - stm${g} $key,$ra,5*$SIZE_T($sp) - sl${g}r $inp,$out - larl $tbl,AES_Te - llgf $t1,12($ivp) - -.Lctr32_loop: - stm${g} $inp,$out,2*$SIZE_T($sp) - llgf $s0,0($ivp) - llgf $s1,4($ivp) - llgf $s2,8($ivp) - lgr $s3,$t1 - st $t1,16*$SIZE_T($sp) - lgr %r4,$key - - bras $ra,_s390x_AES_encrypt - - lm${g} $inp,$ivp,2*$SIZE_T($sp) - llgf $t1,16*$SIZE_T($sp) - x $s0,0($inp,$out) - x $s1,4($inp,$out) - x $s2,8($inp,$out) - x $s3,12($inp,$out) - stm $s0,$s3,0($out) - - la $out,16($out) - ahi $t1,1 # 32-bit increment - brct $len,.Lctr32_loop - - lm${g} %r6,$ra,6*$SIZE_T($sp) - br $ra -.size AES_ctr32_encrypt,.-AES_ctr32_encrypt -___ -} - -######################################################################## -# void AES_xts_encrypt(const unsigned char *inp, unsigned char *out, -# size_t len, const AES_KEY *key1, const AES_KEY *key2, -# const unsigned char iv[16]); -# -{ -my $inp="%r2"; -my $out="%r4"; # len and out are swapped -my $len="%r3"; -my $key1="%r5"; # $i1 -my $key2="%r6"; # $i2 -my $fp="%r7"; # $i3 -my $tweak=16*$SIZE_T+16; # or $stdframe-16, bottom of the frame... - -$code.=<<___; -.type _s390x_xts_km,\@function -.align 16 -_s390x_xts_km: -___ -$code.=<<___ if(1); - llgfr $s0,%r0 # put aside the function code - lghi $s1,0x7f - nr $s1,%r0 - larl %r1,OPENSSL_s390xcap_P - llihh %r0,0x8000 - srlg %r0,%r0,32($s1) # check for 32+function code - ng %r0,S390X_KM(%r1) # check km capability vector - lgr %r0,$s0 # restore the function code - la %r1,0($key1) # restore $key1 - jz .Lxts_km_vanilla - - lmg $i2,$i3,$tweak($sp) # put aside the tweak value - algr $out,$inp - - oill %r0,32 # switch to xts function code - aghi $s1,-18 # - sllg $s1,$s1,3 # (function code - 18)*8, 0 or 16 - la %r1,$tweak-16($sp) - slgr %r1,$s1 # parameter block position - lmg $s0,$s3,0($key1) # load 256 bits of key material, - stmg $s0,$s3,0(%r1) # and copy it to parameter block. - # yes, it contains junk and overlaps - # with the tweak in 128-bit case. - # it's done to avoid conditional - # branch. - stmg $i2,$i3,$tweak($sp) # "re-seat" the tweak value - - .long 0xb92e0042 # km %r4,%r2 - brc 1,.-4 # pay attention to "partial completion" - - lrvg $s0,$tweak+0($sp) # load the last tweak - lrvg $s1,$tweak+8($sp) - stmg %r0,%r3,$tweak-32($sp) # wipe copy of the key - - nill %r0,0xffdf # switch back to original function code - la %r1,0($key1) # restore pointer to $key1 - slgr $out,$inp - - llgc $len,2*$SIZE_T-1($sp) - nill $len,0x0f # $len%=16 - br $ra - -.align 16 -.Lxts_km_vanilla: -___ -$code.=<<___; - # prepare and allocate stack frame at the top of 4K page - # with 1K reserved for eventual signal handling - lghi $s0,-1024-256-16# guarantee at least 256-bytes buffer - lghi $s1,-4096 - algr $s0,$sp - lgr $fp,$sp - ngr $s0,$s1 # align at page boundary - slgr $fp,$s0 # total buffer size - lgr $s2,$sp - lghi $s1,1024+16 # sl[g]fi is extended-immediate facility - slgr $fp,$s1 # deduct reservation to get usable buffer size - # buffer size is at lest 256 and at most 3072+256-16 - - la $sp,1024($s0) # alloca - nill $fp,0xfff0 # round to 16*n - st${g} $s2,0($sp) # back-chain - nill $len,0xfff0 # redundant - st${g} $fp,$SIZE_T($sp) - - slgr $len,$fp - brc 1,.Lxts_km_go # not zero, no borrow - algr $fp,$len # input is shorter than allocated buffer - lghi $len,0 - st${g} $fp,$SIZE_T($sp) - -.Lxts_km_go: - lrvg $s0,$tweak+0($s2) # load the tweak value in little-endian - lrvg $s1,$tweak+8($s2) - - la $s2,16($sp) # vector of ascending tweak values - slgr $s2,$inp - srlg $s3,$fp,4 - j .Lxts_km_start - -.Lxts_km_loop: - la $s2,16($sp) - slgr $s2,$inp - srlg $s3,$fp,4 -.Lxts_km_prepare: - lghi $i1,0x87 - srag $i2,$s1,63 # broadcast upper bit - ngr $i1,$i2 # rem - algr $s0,$s0 - alcgr $s1,$s1 - xgr $s0,$i1 -.Lxts_km_start: - lrvgr $i1,$s0 # flip byte order - lrvgr $i2,$s1 - stg $i1,0($s2,$inp) - stg $i2,8($s2,$inp) - xg $i1,0($inp) - xg $i2,8($inp) - stg $i1,0($out,$inp) - stg $i2,8($out,$inp) - la $inp,16($inp) - brct $s3,.Lxts_km_prepare - - slgr $inp,$fp # rewind $inp - la $s2,0($out,$inp) - lgr $s3,$fp - .long 0xb92e00aa # km $s2,$s2 - brc 1,.-4 # pay attention to "partial completion" - - la $s2,16($sp) - slgr $s2,$inp - srlg $s3,$fp,4 -.Lxts_km_xor: - lg $i1,0($out,$inp) - lg $i2,8($out,$inp) - xg $i1,0($s2,$inp) - xg $i2,8($s2,$inp) - stg $i1,0($out,$inp) - stg $i2,8($out,$inp) - la $inp,16($inp) - brct $s3,.Lxts_km_xor - - slgr $len,$fp - brc 1,.Lxts_km_loop # not zero, no borrow - algr $fp,$len - lghi $len,0 - brc 4+1,.Lxts_km_loop # not zero - - l${g} $i1,0($sp) # back-chain - llgf $fp,`2*$SIZE_T-4`($sp) # bytes used - la $i2,16($sp) - srlg $fp,$fp,4 -.Lxts_km_zap: - stg $i1,0($i2) - stg $i1,8($i2) - la $i2,16($i2) - brct $fp,.Lxts_km_zap - - la $sp,0($i1) - llgc $len,2*$SIZE_T-1($i1) - nill $len,0x0f # $len%=16 - bzr $ra - - # generate one more tweak... - lghi $i1,0x87 - srag $i2,$s1,63 # broadcast upper bit - ngr $i1,$i2 # rem - algr $s0,$s0 - alcgr $s1,$s1 - xgr $s0,$i1 - - ltr $len,$len # clear zero flag - br $ra -.size _s390x_xts_km,.-_s390x_xts_km - -.globl AES_xts_encrypt -.type AES_xts_encrypt,\@function -.align 16 -AES_xts_encrypt: - xgr %r3,%r4 # flip %r3 and %r4, $out and $len - xgr %r4,%r3 - xgr %r3,%r4 -___ -$code.=<<___ if ($SIZE_T==4); - llgfr $len,$len -___ -$code.=<<___; - st${g} $len,1*$SIZE_T($sp) # save copy of $len - srag $len,$len,4 # formally wrong, because it expands - # sign byte, but who can afford asking - # to process more than 2^63-1 bytes? - # I use it, because it sets condition - # code... - bcr 8,$ra # abort if zero (i.e. less than 16) -___ -$code.=<<___ if (!$softonly); - llgf %r0,240($key2) - lhi %r1,16 - clr %r0,%r1 - jl .Lxts_enc_software - - st${g} $ra,5*$SIZE_T($sp) - stm${g} %r6,$s3,6*$SIZE_T($sp) - - sllg $len,$len,4 # $len&=~15 - slgr $out,$inp - - # generate the tweak value - l${g} $s3,$stdframe($sp) # pointer to iv - la $s2,$tweak($sp) - lmg $s0,$s1,0($s3) - lghi $s3,16 - stmg $s0,$s1,0($s2) - la %r1,0($key2) # $key2 is not needed anymore - .long 0xb92e00aa # km $s2,$s2, generate the tweak - brc 1,.-4 # can this happen? - - l %r0,240($key1) - la %r1,0($key1) # $key1 is not needed anymore - bras $ra,_s390x_xts_km - jz .Lxts_enc_km_done - - aghi $inp,-16 # take one step back - la $i3,0($out,$inp) # put aside real $out -.Lxts_enc_km_steal: - llgc $i1,16($inp) - llgc $i2,0($out,$inp) - stc $i1,0($out,$inp) - stc $i2,16($out,$inp) - la $inp,1($inp) - brct $len,.Lxts_enc_km_steal - - la $s2,0($i3) - lghi $s3,16 - lrvgr $i1,$s0 # flip byte order - lrvgr $i2,$s1 - xg $i1,0($s2) - xg $i2,8($s2) - stg $i1,0($s2) - stg $i2,8($s2) - .long 0xb92e00aa # km $s2,$s2 - brc 1,.-4 # can this happen? - lrvgr $i1,$s0 # flip byte order - lrvgr $i2,$s1 - xg $i1,0($i3) - xg $i2,8($i3) - stg $i1,0($i3) - stg $i2,8($i3) - -.Lxts_enc_km_done: - stg $sp,$tweak+0($sp) # wipe tweak - stg $sp,$tweak+8($sp) - l${g} $ra,5*$SIZE_T($sp) - lm${g} %r6,$s3,6*$SIZE_T($sp) - br $ra -.align 16 -.Lxts_enc_software: -___ -$code.=<<___; - stm${g} %r6,$ra,6*$SIZE_T($sp) - - slgr $out,$inp - - l${g} $s3,$stdframe($sp) # ivp - llgf $s0,0($s3) # load iv - llgf $s1,4($s3) - llgf $s2,8($s3) - llgf $s3,12($s3) - stm${g} %r2,%r5,2*$SIZE_T($sp) - la $key,0($key2) - larl $tbl,AES_Te - bras $ra,_s390x_AES_encrypt # generate the tweak - lm${g} %r2,%r5,2*$SIZE_T($sp) - stm $s0,$s3,$tweak($sp) # save the tweak - j .Lxts_enc_enter - -.align 16 -.Lxts_enc_loop: - lrvg $s1,$tweak+0($sp) # load the tweak in little-endian - lrvg $s3,$tweak+8($sp) - lghi %r1,0x87 - srag %r0,$s3,63 # broadcast upper bit - ngr %r1,%r0 # rem - algr $s1,$s1 - alcgr $s3,$s3 - xgr $s1,%r1 - lrvgr $s1,$s1 # flip byte order - lrvgr $s3,$s3 - srlg $s0,$s1,32 # smash the tweak to 4x32-bits - stg $s1,$tweak+0($sp) # save the tweak - llgfr $s1,$s1 - srlg $s2,$s3,32 - stg $s3,$tweak+8($sp) - llgfr $s3,$s3 - la $inp,16($inp) # $inp+=16 -.Lxts_enc_enter: - x $s0,0($inp) # ^=*($inp) - x $s1,4($inp) - x $s2,8($inp) - x $s3,12($inp) - stm${g} %r2,%r3,2*$SIZE_T($sp) # only two registers are changing - la $key,0($key1) - bras $ra,_s390x_AES_encrypt - lm${g} %r2,%r5,2*$SIZE_T($sp) - x $s0,$tweak+0($sp) # ^=tweak - x $s1,$tweak+4($sp) - x $s2,$tweak+8($sp) - x $s3,$tweak+12($sp) - st $s0,0($out,$inp) - st $s1,4($out,$inp) - st $s2,8($out,$inp) - st $s3,12($out,$inp) - brct${g} $len,.Lxts_enc_loop - - llgc $len,`2*$SIZE_T-1`($sp) - nill $len,0x0f # $len%16 - jz .Lxts_enc_done - - la $i3,0($inp,$out) # put aside real $out -.Lxts_enc_steal: - llgc %r0,16($inp) - llgc %r1,0($out,$inp) - stc %r0,0($out,$inp) - stc %r1,16($out,$inp) - la $inp,1($inp) - brct $len,.Lxts_enc_steal - la $out,0($i3) # restore real $out - - # generate last tweak... - lrvg $s1,$tweak+0($sp) # load the tweak in little-endian - lrvg $s3,$tweak+8($sp) - lghi %r1,0x87 - srag %r0,$s3,63 # broadcast upper bit - ngr %r1,%r0 # rem - algr $s1,$s1 - alcgr $s3,$s3 - xgr $s1,%r1 - lrvgr $s1,$s1 # flip byte order - lrvgr $s3,$s3 - srlg $s0,$s1,32 # smash the tweak to 4x32-bits - stg $s1,$tweak+0($sp) # save the tweak - llgfr $s1,$s1 - srlg $s2,$s3,32 - stg $s3,$tweak+8($sp) - llgfr $s3,$s3 - - x $s0,0($out) # ^=*(inp)|stolen cipther-text - x $s1,4($out) - x $s2,8($out) - x $s3,12($out) - st${g} $out,4*$SIZE_T($sp) - la $key,0($key1) - bras $ra,_s390x_AES_encrypt - l${g} $out,4*$SIZE_T($sp) - x $s0,`$tweak+0`($sp) # ^=tweak - x $s1,`$tweak+4`($sp) - x $s2,`$tweak+8`($sp) - x $s3,`$tweak+12`($sp) - st $s0,0($out) - st $s1,4($out) - st $s2,8($out) - st $s3,12($out) - -.Lxts_enc_done: - stg $sp,$tweak+0($sp) # wipe tweak - stg $sp,$tweak+8($sp) - lm${g} %r6,$ra,6*$SIZE_T($sp) - br $ra -.size AES_xts_encrypt,.-AES_xts_encrypt -___ -# void AES_xts_decrypt(const unsigned char *inp, unsigned char *out, -# size_t len, const AES_KEY *key1, const AES_KEY *key2, -# const unsigned char iv[16]); -# -$code.=<<___; -.globl AES_xts_decrypt -.type AES_xts_decrypt,\@function -.align 16 -AES_xts_decrypt: - xgr %r3,%r4 # flip %r3 and %r4, $out and $len - xgr %r4,%r3 - xgr %r3,%r4 -___ -$code.=<<___ if ($SIZE_T==4); - llgfr $len,$len -___ -$code.=<<___; - st${g} $len,1*$SIZE_T($sp) # save copy of $len - aghi $len,-16 - bcr 4,$ra # abort if less than zero. formally - # wrong, because $len is unsigned, - # but who can afford asking to - # process more than 2^63-1 bytes? - tmll $len,0x0f - jnz .Lxts_dec_proceed - aghi $len,16 -.Lxts_dec_proceed: -___ -$code.=<<___ if (!$softonly); - llgf %r0,240($key2) - lhi %r1,16 - clr %r0,%r1 - jl .Lxts_dec_software - - st${g} $ra,5*$SIZE_T($sp) - stm${g} %r6,$s3,6*$SIZE_T($sp) - - nill $len,0xfff0 # $len&=~15 - slgr $out,$inp - - # generate the tweak value - l${g} $s3,$stdframe($sp) # pointer to iv - la $s2,$tweak($sp) - lmg $s0,$s1,0($s3) - lghi $s3,16 - stmg $s0,$s1,0($s2) - la %r1,0($key2) # $key2 is not needed past this point - .long 0xb92e00aa # km $s2,$s2, generate the tweak - brc 1,.-4 # can this happen? - - l %r0,240($key1) - la %r1,0($key1) # $key1 is not needed anymore - - ltgr $len,$len - jz .Lxts_dec_km_short - bras $ra,_s390x_xts_km - jz .Lxts_dec_km_done - - lrvgr $s2,$s0 # make copy in reverse byte order - lrvgr $s3,$s1 - j .Lxts_dec_km_2ndtweak - -.Lxts_dec_km_short: - llgc $len,`2*$SIZE_T-1`($sp) - nill $len,0x0f # $len%=16 - lrvg $s0,$tweak+0($sp) # load the tweak - lrvg $s1,$tweak+8($sp) - lrvgr $s2,$s0 # make copy in reverse byte order - lrvgr $s3,$s1 - -.Lxts_dec_km_2ndtweak: - lghi $i1,0x87 - srag $i2,$s1,63 # broadcast upper bit - ngr $i1,$i2 # rem - algr $s0,$s0 - alcgr $s1,$s1 - xgr $s0,$i1 - lrvgr $i1,$s0 # flip byte order - lrvgr $i2,$s1 - - xg $i1,0($inp) - xg $i2,8($inp) - stg $i1,0($out,$inp) - stg $i2,8($out,$inp) - la $i2,0($out,$inp) - lghi $i3,16 - .long 0xb92e0066 # km $i2,$i2 - brc 1,.-4 # can this happen? - lrvgr $i1,$s0 - lrvgr $i2,$s1 - xg $i1,0($out,$inp) - xg $i2,8($out,$inp) - stg $i1,0($out,$inp) - stg $i2,8($out,$inp) - - la $i3,0($out,$inp) # put aside real $out -.Lxts_dec_km_steal: - llgc $i1,16($inp) - llgc $i2,0($out,$inp) - stc $i1,0($out,$inp) - stc $i2,16($out,$inp) - la $inp,1($inp) - brct $len,.Lxts_dec_km_steal - - lgr $s0,$s2 - lgr $s1,$s3 - xg $s0,0($i3) - xg $s1,8($i3) - stg $s0,0($i3) - stg $s1,8($i3) - la $s0,0($i3) - lghi $s1,16 - .long 0xb92e0088 # km $s0,$s0 - brc 1,.-4 # can this happen? - xg $s2,0($i3) - xg $s3,8($i3) - stg $s2,0($i3) - stg $s3,8($i3) -.Lxts_dec_km_done: - stg $sp,$tweak+0($sp) # wipe tweak - stg $sp,$tweak+8($sp) - l${g} $ra,5*$SIZE_T($sp) - lm${g} %r6,$s3,6*$SIZE_T($sp) - br $ra -.align 16 -.Lxts_dec_software: -___ -$code.=<<___; - stm${g} %r6,$ra,6*$SIZE_T($sp) - - srlg $len,$len,4 - slgr $out,$inp - - l${g} $s3,$stdframe($sp) # ivp - llgf $s0,0($s3) # load iv - llgf $s1,4($s3) - llgf $s2,8($s3) - llgf $s3,12($s3) - stm${g} %r2,%r5,2*$SIZE_T($sp) - la $key,0($key2) - larl $tbl,AES_Te - bras $ra,_s390x_AES_encrypt # generate the tweak - lm${g} %r2,%r5,2*$SIZE_T($sp) - larl $tbl,AES_Td - lt${g}r $len,$len - stm $s0,$s3,$tweak($sp) # save the tweak - jz .Lxts_dec_short - j .Lxts_dec_enter - -.align 16 -.Lxts_dec_loop: - lrvg $s1,$tweak+0($sp) # load the tweak in little-endian - lrvg $s3,$tweak+8($sp) - lghi %r1,0x87 - srag %r0,$s3,63 # broadcast upper bit - ngr %r1,%r0 # rem - algr $s1,$s1 - alcgr $s3,$s3 - xgr $s1,%r1 - lrvgr $s1,$s1 # flip byte order - lrvgr $s3,$s3 - srlg $s0,$s1,32 # smash the tweak to 4x32-bits - stg $s1,$tweak+0($sp) # save the tweak - llgfr $s1,$s1 - srlg $s2,$s3,32 - stg $s3,$tweak+8($sp) - llgfr $s3,$s3 -.Lxts_dec_enter: - x $s0,0($inp) # tweak^=*(inp) - x $s1,4($inp) - x $s2,8($inp) - x $s3,12($inp) - stm${g} %r2,%r3,2*$SIZE_T($sp) # only two registers are changing - la $key,0($key1) - bras $ra,_s390x_AES_decrypt - lm${g} %r2,%r5,2*$SIZE_T($sp) - x $s0,$tweak+0($sp) # ^=tweak - x $s1,$tweak+4($sp) - x $s2,$tweak+8($sp) - x $s3,$tweak+12($sp) - st $s0,0($out,$inp) - st $s1,4($out,$inp) - st $s2,8($out,$inp) - st $s3,12($out,$inp) - la $inp,16($inp) - brct${g} $len,.Lxts_dec_loop - - llgc $len,`2*$SIZE_T-1`($sp) - nill $len,0x0f # $len%16 - jz .Lxts_dec_done - - # generate pair of tweaks... - lrvg $s1,$tweak+0($sp) # load the tweak in little-endian - lrvg $s3,$tweak+8($sp) - lghi %r1,0x87 - srag %r0,$s3,63 # broadcast upper bit - ngr %r1,%r0 # rem - algr $s1,$s1 - alcgr $s3,$s3 - xgr $s1,%r1 - lrvgr $i2,$s1 # flip byte order - lrvgr $i3,$s3 - stmg $i2,$i3,$tweak($sp) # save the 1st tweak - j .Lxts_dec_2ndtweak - -.align 16 -.Lxts_dec_short: - llgc $len,`2*$SIZE_T-1`($sp) - nill $len,0x0f # $len%16 - lrvg $s1,$tweak+0($sp) # load the tweak in little-endian - lrvg $s3,$tweak+8($sp) -.Lxts_dec_2ndtweak: - lghi %r1,0x87 - srag %r0,$s3,63 # broadcast upper bit - ngr %r1,%r0 # rem - algr $s1,$s1 - alcgr $s3,$s3 - xgr $s1,%r1 - lrvgr $s1,$s1 # flip byte order - lrvgr $s3,$s3 - srlg $s0,$s1,32 # smash the tweak to 4x32-bits - stg $s1,$tweak-16+0($sp) # save the 2nd tweak - llgfr $s1,$s1 - srlg $s2,$s3,32 - stg $s3,$tweak-16+8($sp) - llgfr $s3,$s3 - - x $s0,0($inp) # tweak_the_2nd^=*(inp) - x $s1,4($inp) - x $s2,8($inp) - x $s3,12($inp) - stm${g} %r2,%r3,2*$SIZE_T($sp) - la $key,0($key1) - bras $ra,_s390x_AES_decrypt - lm${g} %r2,%r5,2*$SIZE_T($sp) - x $s0,$tweak-16+0($sp) # ^=tweak_the_2nd - x $s1,$tweak-16+4($sp) - x $s2,$tweak-16+8($sp) - x $s3,$tweak-16+12($sp) - st $s0,0($out,$inp) - st $s1,4($out,$inp) - st $s2,8($out,$inp) - st $s3,12($out,$inp) - - la $i3,0($out,$inp) # put aside real $out -.Lxts_dec_steal: - llgc %r0,16($inp) - llgc %r1,0($out,$inp) - stc %r0,0($out,$inp) - stc %r1,16($out,$inp) - la $inp,1($inp) - brct $len,.Lxts_dec_steal - la $out,0($i3) # restore real $out - - lm $s0,$s3,$tweak($sp) # load the 1st tweak - x $s0,0($out) # tweak^=*(inp)|stolen cipher-text - x $s1,4($out) - x $s2,8($out) - x $s3,12($out) - st${g} $out,4*$SIZE_T($sp) - la $key,0($key1) - bras $ra,_s390x_AES_decrypt - l${g} $out,4*$SIZE_T($sp) - x $s0,$tweak+0($sp) # ^=tweak - x $s1,$tweak+4($sp) - x $s2,$tweak+8($sp) - x $s3,$tweak+12($sp) - st $s0,0($out) - st $s1,4($out) - st $s2,8($out) - st $s3,12($out) - stg $sp,$tweak-16+0($sp) # wipe 2nd tweak - stg $sp,$tweak-16+8($sp) -.Lxts_dec_done: - stg $sp,$tweak+0($sp) # wipe tweak - stg $sp,$tweak+8($sp) - lm${g} %r6,$ra,6*$SIZE_T($sp) - br $ra -.size AES_xts_decrypt,.-AES_xts_decrypt -___ -} -$code.=<<___; -.string "AES for s390x, CRYPTOGAMS by " -___ - -$code =~ s/\`([^\`]*)\`/eval $1/gem; -print $code; -close STDOUT or die "error closing STDOUT: $!"; # force flush diff --git a/crypto/aes/asm/aes-sparcv9.pl b/crypto/aes/asm/aes-sparcv9.pl deleted file mode 100755 index d15640e3d76b12a099a17837300dde4e708d171c..0000000000000000000000000000000000000000 --- a/crypto/aes/asm/aes-sparcv9.pl +++ /dev/null @@ -1,1194 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2005-2021 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - -# -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. Rights for redistribution and usage in source and binary -# forms are granted according to the License. -# ==================================================================== -# -# Version 1.1 -# -# The major reason for undertaken effort was to mitigate the hazard of -# cache-timing attack. This is [currently and initially!] addressed in -# two ways. 1. S-boxes are compressed from 5KB to 2KB+256B size each. -# 2. References to them are scheduled for L2 cache latency, meaning -# that the tables don't have to reside in L1 cache. Once again, this -# is an initial draft and one should expect more countermeasures to -# be implemented... -# -# Version 1.1 prefetches T[ed]4 in order to mitigate attack on last -# round. -# -# Even though performance was not the primary goal [on the contrary, -# extra shifts "induced" by compressed S-box and longer loop epilogue -# "induced" by scheduling for L2 have negative effect on performance], -# the code turned out to run in ~23 cycles per processed byte en-/ -# decrypted with 128-bit key. This is pretty good result for code -# with mentioned qualities and UltraSPARC core. Compared to Sun C -# generated code my encrypt procedure runs just few percents faster, -# while decrypt one - whole 50% faster [yes, Sun C failed to generate -# optimal decrypt procedure]. Compared to GNU C generated code both -# procedures are more than 60% faster:-) - -$output = pop and open STDOUT,">$output"; - -$frame="STACK_FRAME"; -$bias="STACK_BIAS"; -$locals=16; - -$acc0="%l0"; -$acc1="%o0"; -$acc2="%o1"; -$acc3="%o2"; - -$acc4="%l1"; -$acc5="%o3"; -$acc6="%o4"; -$acc7="%o5"; - -$acc8="%l2"; -$acc9="%o7"; -$acc10="%g1"; -$acc11="%g2"; - -$acc12="%l3"; -$acc13="%g3"; -$acc14="%g4"; -$acc15="%g5"; - -$t0="%l4"; -$t1="%l5"; -$t2="%l6"; -$t3="%l7"; - -$s0="%i0"; -$s1="%i1"; -$s2="%i2"; -$s3="%i3"; -$tbl="%i4"; -$key="%i5"; -$rounds="%i7"; # aliases with return address, which is off-loaded to stack - -sub _data_word() -{ my $i; - while(defined($i=shift)) { $code.=sprintf"\t.long\t0x%08x,0x%08x\n",$i,$i; } -} - -$code.=<<___; -#ifndef __ASSEMBLER__ -# define __ASSEMBLER__ 1 -#endif -#include "crypto/sparc_arch.h" - -#ifdef __arch64__ -.register %g2,#scratch -.register %g3,#scratch -#endif -.section ".text",#alloc,#execinstr - -.align 256 -AES_Te: -___ -&_data_word( - 0xc66363a5, 0xf87c7c84, 0xee777799, 0xf67b7b8d, - 0xfff2f20d, 0xd66b6bbd, 0xde6f6fb1, 0x91c5c554, - 0x60303050, 0x02010103, 0xce6767a9, 0x562b2b7d, - 0xe7fefe19, 0xb5d7d762, 0x4dababe6, 0xec76769a, - 0x8fcaca45, 0x1f82829d, 0x89c9c940, 0xfa7d7d87, - 0xeffafa15, 0xb25959eb, 0x8e4747c9, 0xfbf0f00b, - 0x41adadec, 0xb3d4d467, 0x5fa2a2fd, 0x45afafea, - 0x239c9cbf, 0x53a4a4f7, 0xe4727296, 0x9bc0c05b, - 0x75b7b7c2, 0xe1fdfd1c, 0x3d9393ae, 0x4c26266a, - 0x6c36365a, 0x7e3f3f41, 0xf5f7f702, 0x83cccc4f, - 0x6834345c, 0x51a5a5f4, 0xd1e5e534, 0xf9f1f108, - 0xe2717193, 0xabd8d873, 0x62313153, 0x2a15153f, - 0x0804040c, 0x95c7c752, 0x46232365, 0x9dc3c35e, - 0x30181828, 0x379696a1, 0x0a05050f, 0x2f9a9ab5, - 0x0e070709, 0x24121236, 0x1b80809b, 0xdfe2e23d, - 0xcdebeb26, 0x4e272769, 0x7fb2b2cd, 0xea75759f, - 0x1209091b, 0x1d83839e, 0x582c2c74, 0x341a1a2e, - 0x361b1b2d, 0xdc6e6eb2, 0xb45a5aee, 0x5ba0a0fb, - 0xa45252f6, 0x763b3b4d, 0xb7d6d661, 0x7db3b3ce, - 0x5229297b, 0xdde3e33e, 0x5e2f2f71, 0x13848497, - 0xa65353f5, 0xb9d1d168, 0x00000000, 0xc1eded2c, - 0x40202060, 0xe3fcfc1f, 0x79b1b1c8, 0xb65b5bed, - 0xd46a6abe, 0x8dcbcb46, 0x67bebed9, 0x7239394b, - 0x944a4ade, 0x984c4cd4, 0xb05858e8, 0x85cfcf4a, - 0xbbd0d06b, 0xc5efef2a, 0x4faaaae5, 0xedfbfb16, - 0x864343c5, 0x9a4d4dd7, 0x66333355, 0x11858594, - 0x8a4545cf, 0xe9f9f910, 0x04020206, 0xfe7f7f81, - 0xa05050f0, 0x783c3c44, 0x259f9fba, 0x4ba8a8e3, - 0xa25151f3, 0x5da3a3fe, 0x804040c0, 0x058f8f8a, - 0x3f9292ad, 0x219d9dbc, 0x70383848, 0xf1f5f504, - 0x63bcbcdf, 0x77b6b6c1, 0xafdada75, 0x42212163, - 0x20101030, 0xe5ffff1a, 0xfdf3f30e, 0xbfd2d26d, - 0x81cdcd4c, 0x180c0c14, 0x26131335, 0xc3ecec2f, - 0xbe5f5fe1, 0x359797a2, 0x884444cc, 0x2e171739, - 0x93c4c457, 0x55a7a7f2, 0xfc7e7e82, 0x7a3d3d47, - 0xc86464ac, 0xba5d5de7, 0x3219192b, 0xe6737395, - 0xc06060a0, 0x19818198, 0x9e4f4fd1, 0xa3dcdc7f, - 0x44222266, 0x542a2a7e, 0x3b9090ab, 0x0b888883, - 0x8c4646ca, 0xc7eeee29, 0x6bb8b8d3, 0x2814143c, - 0xa7dede79, 0xbc5e5ee2, 0x160b0b1d, 0xaddbdb76, - 0xdbe0e03b, 0x64323256, 0x743a3a4e, 0x140a0a1e, - 0x924949db, 0x0c06060a, 0x4824246c, 0xb85c5ce4, - 0x9fc2c25d, 0xbdd3d36e, 0x43acacef, 0xc46262a6, - 0x399191a8, 0x319595a4, 0xd3e4e437, 0xf279798b, - 0xd5e7e732, 0x8bc8c843, 0x6e373759, 0xda6d6db7, - 0x018d8d8c, 0xb1d5d564, 0x9c4e4ed2, 0x49a9a9e0, - 0xd86c6cb4, 0xac5656fa, 0xf3f4f407, 0xcfeaea25, - 0xca6565af, 0xf47a7a8e, 0x47aeaee9, 0x10080818, - 0x6fbabad5, 0xf0787888, 0x4a25256f, 0x5c2e2e72, - 0x381c1c24, 0x57a6a6f1, 0x73b4b4c7, 0x97c6c651, - 0xcbe8e823, 0xa1dddd7c, 0xe874749c, 0x3e1f1f21, - 0x964b4bdd, 0x61bdbddc, 0x0d8b8b86, 0x0f8a8a85, - 0xe0707090, 0x7c3e3e42, 0x71b5b5c4, 0xcc6666aa, - 0x904848d8, 0x06030305, 0xf7f6f601, 0x1c0e0e12, - 0xc26161a3, 0x6a35355f, 0xae5757f9, 0x69b9b9d0, - 0x17868691, 0x99c1c158, 0x3a1d1d27, 0x279e9eb9, - 0xd9e1e138, 0xebf8f813, 0x2b9898b3, 0x22111133, - 0xd26969bb, 0xa9d9d970, 0x078e8e89, 0x339494a7, - 0x2d9b9bb6, 0x3c1e1e22, 0x15878792, 0xc9e9e920, - 0x87cece49, 0xaa5555ff, 0x50282878, 0xa5dfdf7a, - 0x038c8c8f, 0x59a1a1f8, 0x09898980, 0x1a0d0d17, - 0x65bfbfda, 0xd7e6e631, 0x844242c6, 0xd06868b8, - 0x824141c3, 0x299999b0, 0x5a2d2d77, 0x1e0f0f11, - 0x7bb0b0cb, 0xa85454fc, 0x6dbbbbd6, 0x2c16163a); -$code.=<<___; - .byte 0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5 - .byte 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76 - .byte 0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0 - .byte 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0 - .byte 0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc - .byte 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15 - .byte 0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a - .byte 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75 - .byte 0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0 - .byte 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84 - .byte 0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b - .byte 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf - .byte 0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85 - .byte 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8 - .byte 0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5 - .byte 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2 - .byte 0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17 - .byte 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73 - .byte 0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88 - .byte 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb - .byte 0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c - .byte 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79 - .byte 0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9 - .byte 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08 - .byte 0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6 - .byte 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a - .byte 0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e - .byte 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e - .byte 0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94 - .byte 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf - .byte 0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68 - .byte 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16 -.type AES_Te,#object -.size AES_Te,(.-AES_Te) - -.align 64 -.skip 16 -_sparcv9_AES_encrypt: - save %sp,-$frame-$locals,%sp - stx %i7,[%sp+$bias+$frame+0] ! off-load return address - ld [$key+240],$rounds - ld [$key+0],$t0 - ld [$key+4],$t1 ! - ld [$key+8],$t2 - srl $rounds,1,$rounds - xor $t0,$s0,$s0 - ld [$key+12],$t3 - srl $s0,21,$acc0 - xor $t1,$s1,$s1 - ld [$key+16],$t0 - srl $s1,13,$acc1 ! - xor $t2,$s2,$s2 - ld [$key+20],$t1 - xor $t3,$s3,$s3 - ld [$key+24],$t2 - and $acc0,2040,$acc0 - ld [$key+28],$t3 - nop -.Lenc_loop: - srl $s2,5,$acc2 ! - and $acc1,2040,$acc1 - ldx [$tbl+$acc0],$acc0 - sll $s3,3,$acc3 - and $acc2,2040,$acc2 - ldx [$tbl+$acc1],$acc1 - srl $s1,21,$acc4 - and $acc3,2040,$acc3 - ldx [$tbl+$acc2],$acc2 ! - srl $s2,13,$acc5 - and $acc4,2040,$acc4 - ldx [$tbl+$acc3],$acc3 - srl $s3,5,$acc6 - and $acc5,2040,$acc5 - ldx [$tbl+$acc4],$acc4 - fmovs %f0,%f0 - sll $s0,3,$acc7 ! - and $acc6,2040,$acc6 - ldx [$tbl+$acc5],$acc5 - srl $s2,21,$acc8 - and $acc7,2040,$acc7 - ldx [$tbl+$acc6],$acc6 - srl $s3,13,$acc9 - and $acc8,2040,$acc8 - ldx [$tbl+$acc7],$acc7 ! - srl $s0,5,$acc10 - and $acc9,2040,$acc9 - ldx [$tbl+$acc8],$acc8 - sll $s1,3,$acc11 - and $acc10,2040,$acc10 - ldx [$tbl+$acc9],$acc9 - fmovs %f0,%f0 - srl $s3,21,$acc12 ! - and $acc11,2040,$acc11 - ldx [$tbl+$acc10],$acc10 - srl $s0,13,$acc13 - and $acc12,2040,$acc12 - ldx [$tbl+$acc11],$acc11 - srl $s1,5,$acc14 - and $acc13,2040,$acc13 - ldx [$tbl+$acc12],$acc12 ! - sll $s2,3,$acc15 - and $acc14,2040,$acc14 - ldx [$tbl+$acc13],$acc13 - and $acc15,2040,$acc15 - add $key,32,$key - ldx [$tbl+$acc14],$acc14 - fmovs %f0,%f0 - subcc $rounds,1,$rounds ! - ldx [$tbl+$acc15],$acc15 - bz,a,pn %icc,.Lenc_last - add $tbl,2048,$rounds - - srlx $acc1,8,$acc1 - xor $acc0,$t0,$t0 - ld [$key+0],$s0 - fmovs %f0,%f0 - srlx $acc2,16,$acc2 ! - xor $acc1,$t0,$t0 - ld [$key+4],$s1 - srlx $acc3,24,$acc3 - xor $acc2,$t0,$t0 - ld [$key+8],$s2 - srlx $acc5,8,$acc5 - xor $acc3,$t0,$t0 - ld [$key+12],$s3 ! - srlx $acc6,16,$acc6 - xor $acc4,$t1,$t1 - fmovs %f0,%f0 - srlx $acc7,24,$acc7 - xor $acc5,$t1,$t1 - srlx $acc9,8,$acc9 - xor $acc6,$t1,$t1 - srlx $acc10,16,$acc10 ! - xor $acc7,$t1,$t1 - srlx $acc11,24,$acc11 - xor $acc8,$t2,$t2 - srlx $acc13,8,$acc13 - xor $acc9,$t2,$t2 - srlx $acc14,16,$acc14 - xor $acc10,$t2,$t2 - srlx $acc15,24,$acc15 ! - xor $acc11,$t2,$t2 - xor $acc12,$acc14,$acc14 - xor $acc13,$t3,$t3 - srl $t0,21,$acc0 - xor $acc14,$t3,$t3 - srl $t1,13,$acc1 - xor $acc15,$t3,$t3 - - and $acc0,2040,$acc0 ! - srl $t2,5,$acc2 - and $acc1,2040,$acc1 - ldx [$tbl+$acc0],$acc0 - sll $t3,3,$acc3 - and $acc2,2040,$acc2 - ldx [$tbl+$acc1],$acc1 - fmovs %f0,%f0 - srl $t1,21,$acc4 ! - and $acc3,2040,$acc3 - ldx [$tbl+$acc2],$acc2 - srl $t2,13,$acc5 - and $acc4,2040,$acc4 - ldx [$tbl+$acc3],$acc3 - srl $t3,5,$acc6 - and $acc5,2040,$acc5 - ldx [$tbl+$acc4],$acc4 ! - sll $t0,3,$acc7 - and $acc6,2040,$acc6 - ldx [$tbl+$acc5],$acc5 - srl $t2,21,$acc8 - and $acc7,2040,$acc7 - ldx [$tbl+$acc6],$acc6 - fmovs %f0,%f0 - srl $t3,13,$acc9 ! - and $acc8,2040,$acc8 - ldx [$tbl+$acc7],$acc7 - srl $t0,5,$acc10 - and $acc9,2040,$acc9 - ldx [$tbl+$acc8],$acc8 - sll $t1,3,$acc11 - and $acc10,2040,$acc10 - ldx [$tbl+$acc9],$acc9 ! - srl $t3,21,$acc12 - and $acc11,2040,$acc11 - ldx [$tbl+$acc10],$acc10 - srl $t0,13,$acc13 - and $acc12,2040,$acc12 - ldx [$tbl+$acc11],$acc11 - fmovs %f0,%f0 - srl $t1,5,$acc14 ! - and $acc13,2040,$acc13 - ldx [$tbl+$acc12],$acc12 - sll $t2,3,$acc15 - and $acc14,2040,$acc14 - ldx [$tbl+$acc13],$acc13 - srlx $acc1,8,$acc1 - and $acc15,2040,$acc15 - ldx [$tbl+$acc14],$acc14 ! - - srlx $acc2,16,$acc2 - xor $acc0,$s0,$s0 - ldx [$tbl+$acc15],$acc15 - srlx $acc3,24,$acc3 - xor $acc1,$s0,$s0 - ld [$key+16],$t0 - fmovs %f0,%f0 - srlx $acc5,8,$acc5 ! - xor $acc2,$s0,$s0 - ld [$key+20],$t1 - srlx $acc6,16,$acc6 - xor $acc3,$s0,$s0 - ld [$key+24],$t2 - srlx $acc7,24,$acc7 - xor $acc4,$s1,$s1 - ld [$key+28],$t3 ! - srlx $acc9,8,$acc9 - xor $acc5,$s1,$s1 - ldx [$tbl+2048+0],%g0 ! prefetch te4 - srlx $acc10,16,$acc10 - xor $acc6,$s1,$s1 - ldx [$tbl+2048+32],%g0 ! prefetch te4 - srlx $acc11,24,$acc11 - xor $acc7,$s1,$s1 - ldx [$tbl+2048+64],%g0 ! prefetch te4 - srlx $acc13,8,$acc13 - xor $acc8,$s2,$s2 - ldx [$tbl+2048+96],%g0 ! prefetch te4 - srlx $acc14,16,$acc14 ! - xor $acc9,$s2,$s2 - ldx [$tbl+2048+128],%g0 ! prefetch te4 - srlx $acc15,24,$acc15 - xor $acc10,$s2,$s2 - ldx [$tbl+2048+160],%g0 ! prefetch te4 - srl $s0,21,$acc0 - xor $acc11,$s2,$s2 - ldx [$tbl+2048+192],%g0 ! prefetch te4 - xor $acc12,$acc14,$acc14 - xor $acc13,$s3,$s3 - ldx [$tbl+2048+224],%g0 ! prefetch te4 - srl $s1,13,$acc1 ! - xor $acc14,$s3,$s3 - xor $acc15,$s3,$s3 - ba .Lenc_loop - and $acc0,2040,$acc0 - -.align 32 -.Lenc_last: - srlx $acc1,8,$acc1 ! - xor $acc0,$t0,$t0 - ld [$key+0],$s0 - srlx $acc2,16,$acc2 - xor $acc1,$t0,$t0 - ld [$key+4],$s1 - srlx $acc3,24,$acc3 - xor $acc2,$t0,$t0 - ld [$key+8],$s2 ! - srlx $acc5,8,$acc5 - xor $acc3,$t0,$t0 - ld [$key+12],$s3 - srlx $acc6,16,$acc6 - xor $acc4,$t1,$t1 - srlx $acc7,24,$acc7 - xor $acc5,$t1,$t1 - srlx $acc9,8,$acc9 ! - xor $acc6,$t1,$t1 - srlx $acc10,16,$acc10 - xor $acc7,$t1,$t1 - srlx $acc11,24,$acc11 - xor $acc8,$t2,$t2 - srlx $acc13,8,$acc13 - xor $acc9,$t2,$t2 - srlx $acc14,16,$acc14 ! - xor $acc10,$t2,$t2 - srlx $acc15,24,$acc15 - xor $acc11,$t2,$t2 - xor $acc12,$acc14,$acc14 - xor $acc13,$t3,$t3 - srl $t0,24,$acc0 - xor $acc14,$t3,$t3 - srl $t1,16,$acc1 ! - xor $acc15,$t3,$t3 - - srl $t2,8,$acc2 - and $acc1,255,$acc1 - ldub [$rounds+$acc0],$acc0 - srl $t1,24,$acc4 - and $acc2,255,$acc2 - ldub [$rounds+$acc1],$acc1 - srl $t2,16,$acc5 ! - and $t3,255,$acc3 - ldub [$rounds+$acc2],$acc2 - ldub [$rounds+$acc3],$acc3 - srl $t3,8,$acc6 - and $acc5,255,$acc5 - ldub [$rounds+$acc4],$acc4 - fmovs %f0,%f0 - srl $t2,24,$acc8 ! - and $acc6,255,$acc6 - ldub [$rounds+$acc5],$acc5 - srl $t3,16,$acc9 - and $t0,255,$acc7 - ldub [$rounds+$acc6],$acc6 - ldub [$rounds+$acc7],$acc7 - fmovs %f0,%f0 - srl $t0,8,$acc10 ! - and $acc9,255,$acc9 - ldub [$rounds+$acc8],$acc8 - srl $t3,24,$acc12 - and $acc10,255,$acc10 - ldub [$rounds+$acc9],$acc9 - srl $t0,16,$acc13 - and $t1,255,$acc11 - ldub [$rounds+$acc10],$acc10 ! - srl $t1,8,$acc14 - and $acc13,255,$acc13 - ldub [$rounds+$acc11],$acc11 - ldub [$rounds+$acc12],$acc12 - and $acc14,255,$acc14 - ldub [$rounds+$acc13],$acc13 - and $t2,255,$acc15 - ldub [$rounds+$acc14],$acc14 ! - - sll $acc0,24,$acc0 - xor $acc3,$s0,$s0 - ldub [$rounds+$acc15],$acc15 - sll $acc1,16,$acc1 - xor $acc0,$s0,$s0 - ldx [%sp+$bias+$frame+0],%i7 ! restore return address - fmovs %f0,%f0 - sll $acc2,8,$acc2 ! - xor $acc1,$s0,$s0 - sll $acc4,24,$acc4 - xor $acc2,$s0,$s0 - sll $acc5,16,$acc5 - xor $acc7,$s1,$s1 - sll $acc6,8,$acc6 - xor $acc4,$s1,$s1 - sll $acc8,24,$acc8 ! - xor $acc5,$s1,$s1 - sll $acc9,16,$acc9 - xor $acc11,$s2,$s2 - sll $acc10,8,$acc10 - xor $acc6,$s1,$s1 - sll $acc12,24,$acc12 - xor $acc8,$s2,$s2 - sll $acc13,16,$acc13 ! - xor $acc9,$s2,$s2 - sll $acc14,8,$acc14 - xor $acc10,$s2,$s2 - xor $acc12,$acc14,$acc14 - xor $acc13,$s3,$s3 - xor $acc14,$s3,$s3 - xor $acc15,$s3,$s3 - - ret - restore -.type _sparcv9_AES_encrypt,#function -.size _sparcv9_AES_encrypt,(.-_sparcv9_AES_encrypt) - -.align 32 -.globl AES_encrypt -AES_encrypt: - or %o0,%o1,%g1 - andcc %g1,3,%g0 - bnz,pn %xcc,.Lunaligned_enc - save %sp,-$frame,%sp - - ld [%i0+0],%o0 - ld [%i0+4],%o1 - ld [%i0+8],%o2 - ld [%i0+12],%o3 - -1: call .+8 - add %o7,AES_Te-1b,%o4 - call _sparcv9_AES_encrypt - mov %i2,%o5 - - st %o0,[%i1+0] - st %o1,[%i1+4] - st %o2,[%i1+8] - st %o3,[%i1+12] - - ret - restore - -.align 32 -.Lunaligned_enc: - ldub [%i0+0],%l0 - ldub [%i0+1],%l1 - ldub [%i0+2],%l2 - - sll %l0,24,%l0 - ldub [%i0+3],%l3 - sll %l1,16,%l1 - ldub [%i0+4],%l4 - sll %l2,8,%l2 - or %l1,%l0,%l0 - ldub [%i0+5],%l5 - sll %l4,24,%l4 - or %l3,%l2,%l2 - ldub [%i0+6],%l6 - sll %l5,16,%l5 - or %l0,%l2,%o0 - ldub [%i0+7],%l7 - - sll %l6,8,%l6 - or %l5,%l4,%l4 - ldub [%i0+8],%l0 - or %l7,%l6,%l6 - ldub [%i0+9],%l1 - or %l4,%l6,%o1 - ldub [%i0+10],%l2 - - sll %l0,24,%l0 - ldub [%i0+11],%l3 - sll %l1,16,%l1 - ldub [%i0+12],%l4 - sll %l2,8,%l2 - or %l1,%l0,%l0 - ldub [%i0+13],%l5 - sll %l4,24,%l4 - or %l3,%l2,%l2 - ldub [%i0+14],%l6 - sll %l5,16,%l5 - or %l0,%l2,%o2 - ldub [%i0+15],%l7 - - sll %l6,8,%l6 - or %l5,%l4,%l4 - or %l7,%l6,%l6 - or %l4,%l6,%o3 - -1: call .+8 - add %o7,AES_Te-1b,%o4 - call _sparcv9_AES_encrypt - mov %i2,%o5 - - srl %o0,24,%l0 - srl %o0,16,%l1 - stb %l0,[%i1+0] - srl %o0,8,%l2 - stb %l1,[%i1+1] - stb %l2,[%i1+2] - srl %o1,24,%l4 - stb %o0,[%i1+3] - - srl %o1,16,%l5 - stb %l4,[%i1+4] - srl %o1,8,%l6 - stb %l5,[%i1+5] - stb %l6,[%i1+6] - srl %o2,24,%l0 - stb %o1,[%i1+7] - - srl %o2,16,%l1 - stb %l0,[%i1+8] - srl %o2,8,%l2 - stb %l1,[%i1+9] - stb %l2,[%i1+10] - srl %o3,24,%l4 - stb %o2,[%i1+11] - - srl %o3,16,%l5 - stb %l4,[%i1+12] - srl %o3,8,%l6 - stb %l5,[%i1+13] - stb %l6,[%i1+14] - stb %o3,[%i1+15] - - ret - restore -.type AES_encrypt,#function -.size AES_encrypt,(.-AES_encrypt) - -___ - -$code.=<<___; -.align 256 -AES_Td: -___ -&_data_word( - 0x51f4a750, 0x7e416553, 0x1a17a4c3, 0x3a275e96, - 0x3bab6bcb, 0x1f9d45f1, 0xacfa58ab, 0x4be30393, - 0x2030fa55, 0xad766df6, 0x88cc7691, 0xf5024c25, - 0x4fe5d7fc, 0xc52acbd7, 0x26354480, 0xb562a38f, - 0xdeb15a49, 0x25ba1b67, 0x45ea0e98, 0x5dfec0e1, - 0xc32f7502, 0x814cf012, 0x8d4697a3, 0x6bd3f9c6, - 0x038f5fe7, 0x15929c95, 0xbf6d7aeb, 0x955259da, - 0xd4be832d, 0x587421d3, 0x49e06929, 0x8ec9c844, - 0x75c2896a, 0xf48e7978, 0x99583e6b, 0x27b971dd, - 0xbee14fb6, 0xf088ad17, 0xc920ac66, 0x7dce3ab4, - 0x63df4a18, 0xe51a3182, 0x97513360, 0x62537f45, - 0xb16477e0, 0xbb6bae84, 0xfe81a01c, 0xf9082b94, - 0x70486858, 0x8f45fd19, 0x94de6c87, 0x527bf8b7, - 0xab73d323, 0x724b02e2, 0xe31f8f57, 0x6655ab2a, - 0xb2eb2807, 0x2fb5c203, 0x86c57b9a, 0xd33708a5, - 0x302887f2, 0x23bfa5b2, 0x02036aba, 0xed16825c, - 0x8acf1c2b, 0xa779b492, 0xf307f2f0, 0x4e69e2a1, - 0x65daf4cd, 0x0605bed5, 0xd134621f, 0xc4a6fe8a, - 0x342e539d, 0xa2f355a0, 0x058ae132, 0xa4f6eb75, - 0x0b83ec39, 0x4060efaa, 0x5e719f06, 0xbd6e1051, - 0x3e218af9, 0x96dd063d, 0xdd3e05ae, 0x4de6bd46, - 0x91548db5, 0x71c45d05, 0x0406d46f, 0x605015ff, - 0x1998fb24, 0xd6bde997, 0x894043cc, 0x67d99e77, - 0xb0e842bd, 0x07898b88, 0xe7195b38, 0x79c8eedb, - 0xa17c0a47, 0x7c420fe9, 0xf8841ec9, 0x00000000, - 0x09808683, 0x322bed48, 0x1e1170ac, 0x6c5a724e, - 0xfd0efffb, 0x0f853856, 0x3daed51e, 0x362d3927, - 0x0a0fd964, 0x685ca621, 0x9b5b54d1, 0x24362e3a, - 0x0c0a67b1, 0x9357e70f, 0xb4ee96d2, 0x1b9b919e, - 0x80c0c54f, 0x61dc20a2, 0x5a774b69, 0x1c121a16, - 0xe293ba0a, 0xc0a02ae5, 0x3c22e043, 0x121b171d, - 0x0e090d0b, 0xf28bc7ad, 0x2db6a8b9, 0x141ea9c8, - 0x57f11985, 0xaf75074c, 0xee99ddbb, 0xa37f60fd, - 0xf701269f, 0x5c72f5bc, 0x44663bc5, 0x5bfb7e34, - 0x8b432976, 0xcb23c6dc, 0xb6edfc68, 0xb8e4f163, - 0xd731dcca, 0x42638510, 0x13972240, 0x84c61120, - 0x854a247d, 0xd2bb3df8, 0xaef93211, 0xc729a16d, - 0x1d9e2f4b, 0xdcb230f3, 0x0d8652ec, 0x77c1e3d0, - 0x2bb3166c, 0xa970b999, 0x119448fa, 0x47e96422, - 0xa8fc8cc4, 0xa0f03f1a, 0x567d2cd8, 0x223390ef, - 0x87494ec7, 0xd938d1c1, 0x8ccaa2fe, 0x98d40b36, - 0xa6f581cf, 0xa57ade28, 0xdab78e26, 0x3fadbfa4, - 0x2c3a9de4, 0x5078920d, 0x6a5fcc9b, 0x547e4662, - 0xf68d13c2, 0x90d8b8e8, 0x2e39f75e, 0x82c3aff5, - 0x9f5d80be, 0x69d0937c, 0x6fd52da9, 0xcf2512b3, - 0xc8ac993b, 0x10187da7, 0xe89c636e, 0xdb3bbb7b, - 0xcd267809, 0x6e5918f4, 0xec9ab701, 0x834f9aa8, - 0xe6956e65, 0xaaffe67e, 0x21bccf08, 0xef15e8e6, - 0xbae79bd9, 0x4a6f36ce, 0xea9f09d4, 0x29b07cd6, - 0x31a4b2af, 0x2a3f2331, 0xc6a59430, 0x35a266c0, - 0x744ebc37, 0xfc82caa6, 0xe090d0b0, 0x33a7d815, - 0xf104984a, 0x41ecdaf7, 0x7fcd500e, 0x1791f62f, - 0x764dd68d, 0x43efb04d, 0xccaa4d54, 0xe49604df, - 0x9ed1b5e3, 0x4c6a881b, 0xc12c1fb8, 0x4665517f, - 0x9d5eea04, 0x018c355d, 0xfa877473, 0xfb0b412e, - 0xb3671d5a, 0x92dbd252, 0xe9105633, 0x6dd64713, - 0x9ad7618c, 0x37a10c7a, 0x59f8148e, 0xeb133c89, - 0xcea927ee, 0xb761c935, 0xe11ce5ed, 0x7a47b13c, - 0x9cd2df59, 0x55f2733f, 0x1814ce79, 0x73c737bf, - 0x53f7cdea, 0x5ffdaa5b, 0xdf3d6f14, 0x7844db86, - 0xcaaff381, 0xb968c43e, 0x3824342c, 0xc2a3405f, - 0x161dc372, 0xbce2250c, 0x283c498b, 0xff0d9541, - 0x39a80171, 0x080cb3de, 0xd8b4e49c, 0x6456c190, - 0x7bcb8461, 0xd532b670, 0x486c5c74, 0xd0b85742); -$code.=<<___; - .byte 0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38 - .byte 0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb - .byte 0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87 - .byte 0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb - .byte 0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d - .byte 0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e - .byte 0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2 - .byte 0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25 - .byte 0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16 - .byte 0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92 - .byte 0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda - .byte 0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84 - .byte 0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a - .byte 0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06 - .byte 0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02 - .byte 0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b - .byte 0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea - .byte 0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73 - .byte 0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85 - .byte 0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e - .byte 0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89 - .byte 0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b - .byte 0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20 - .byte 0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4 - .byte 0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31 - .byte 0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f - .byte 0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d - .byte 0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef - .byte 0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0 - .byte 0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61 - .byte 0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26 - .byte 0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d -.type AES_Td,#object -.size AES_Td,(.-AES_Td) - -.align 64 -.skip 16 -_sparcv9_AES_decrypt: - save %sp,-$frame-$locals,%sp - stx %i7,[%sp+$bias+$frame+0] ! off-load return address - ld [$key+240],$rounds - ld [$key+0],$t0 - ld [$key+4],$t1 ! - ld [$key+8],$t2 - ld [$key+12],$t3 - srl $rounds,1,$rounds - xor $t0,$s0,$s0 - ld [$key+16],$t0 - xor $t1,$s1,$s1 - ld [$key+20],$t1 - srl $s0,21,$acc0 ! - xor $t2,$s2,$s2 - ld [$key+24],$t2 - xor $t3,$s3,$s3 - and $acc0,2040,$acc0 - ld [$key+28],$t3 - srl $s3,13,$acc1 - nop -.Ldec_loop: - srl $s2,5,$acc2 ! - and $acc1,2040,$acc1 - ldx [$tbl+$acc0],$acc0 - sll $s1,3,$acc3 - and $acc2,2040,$acc2 - ldx [$tbl+$acc1],$acc1 - srl $s1,21,$acc4 - and $acc3,2040,$acc3 - ldx [$tbl+$acc2],$acc2 ! - srl $s0,13,$acc5 - and $acc4,2040,$acc4 - ldx [$tbl+$acc3],$acc3 - srl $s3,5,$acc6 - and $acc5,2040,$acc5 - ldx [$tbl+$acc4],$acc4 - fmovs %f0,%f0 - sll $s2,3,$acc7 ! - and $acc6,2040,$acc6 - ldx [$tbl+$acc5],$acc5 - srl $s2,21,$acc8 - and $acc7,2040,$acc7 - ldx [$tbl+$acc6],$acc6 - srl $s1,13,$acc9 - and $acc8,2040,$acc8 - ldx [$tbl+$acc7],$acc7 ! - srl $s0,5,$acc10 - and $acc9,2040,$acc9 - ldx [$tbl+$acc8],$acc8 - sll $s3,3,$acc11 - and $acc10,2040,$acc10 - ldx [$tbl+$acc9],$acc9 - fmovs %f0,%f0 - srl $s3,21,$acc12 ! - and $acc11,2040,$acc11 - ldx [$tbl+$acc10],$acc10 - srl $s2,13,$acc13 - and $acc12,2040,$acc12 - ldx [$tbl+$acc11],$acc11 - srl $s1,5,$acc14 - and $acc13,2040,$acc13 - ldx [$tbl+$acc12],$acc12 ! - sll $s0,3,$acc15 - and $acc14,2040,$acc14 - ldx [$tbl+$acc13],$acc13 - and $acc15,2040,$acc15 - add $key,32,$key - ldx [$tbl+$acc14],$acc14 - fmovs %f0,%f0 - subcc $rounds,1,$rounds ! - ldx [$tbl+$acc15],$acc15 - bz,a,pn %icc,.Ldec_last - add $tbl,2048,$rounds - - srlx $acc1,8,$acc1 - xor $acc0,$t0,$t0 - ld [$key+0],$s0 - fmovs %f0,%f0 - srlx $acc2,16,$acc2 ! - xor $acc1,$t0,$t0 - ld [$key+4],$s1 - srlx $acc3,24,$acc3 - xor $acc2,$t0,$t0 - ld [$key+8],$s2 - srlx $acc5,8,$acc5 - xor $acc3,$t0,$t0 - ld [$key+12],$s3 ! - srlx $acc6,16,$acc6 - xor $acc4,$t1,$t1 - fmovs %f0,%f0 - srlx $acc7,24,$acc7 - xor $acc5,$t1,$t1 - srlx $acc9,8,$acc9 - xor $acc6,$t1,$t1 - srlx $acc10,16,$acc10 ! - xor $acc7,$t1,$t1 - srlx $acc11,24,$acc11 - xor $acc8,$t2,$t2 - srlx $acc13,8,$acc13 - xor $acc9,$t2,$t2 - srlx $acc14,16,$acc14 - xor $acc10,$t2,$t2 - srlx $acc15,24,$acc15 ! - xor $acc11,$t2,$t2 - xor $acc12,$acc14,$acc14 - xor $acc13,$t3,$t3 - srl $t0,21,$acc0 - xor $acc14,$t3,$t3 - xor $acc15,$t3,$t3 - srl $t3,13,$acc1 - - and $acc0,2040,$acc0 ! - srl $t2,5,$acc2 - and $acc1,2040,$acc1 - ldx [$tbl+$acc0],$acc0 - sll $t1,3,$acc3 - and $acc2,2040,$acc2 - ldx [$tbl+$acc1],$acc1 - fmovs %f0,%f0 - srl $t1,21,$acc4 ! - and $acc3,2040,$acc3 - ldx [$tbl+$acc2],$acc2 - srl $t0,13,$acc5 - and $acc4,2040,$acc4 - ldx [$tbl+$acc3],$acc3 - srl $t3,5,$acc6 - and $acc5,2040,$acc5 - ldx [$tbl+$acc4],$acc4 ! - sll $t2,3,$acc7 - and $acc6,2040,$acc6 - ldx [$tbl+$acc5],$acc5 - srl $t2,21,$acc8 - and $acc7,2040,$acc7 - ldx [$tbl+$acc6],$acc6 - fmovs %f0,%f0 - srl $t1,13,$acc9 ! - and $acc8,2040,$acc8 - ldx [$tbl+$acc7],$acc7 - srl $t0,5,$acc10 - and $acc9,2040,$acc9 - ldx [$tbl+$acc8],$acc8 - sll $t3,3,$acc11 - and $acc10,2040,$acc10 - ldx [$tbl+$acc9],$acc9 ! - srl $t3,21,$acc12 - and $acc11,2040,$acc11 - ldx [$tbl+$acc10],$acc10 - srl $t2,13,$acc13 - and $acc12,2040,$acc12 - ldx [$tbl+$acc11],$acc11 - fmovs %f0,%f0 - srl $t1,5,$acc14 ! - and $acc13,2040,$acc13 - ldx [$tbl+$acc12],$acc12 - sll $t0,3,$acc15 - and $acc14,2040,$acc14 - ldx [$tbl+$acc13],$acc13 - srlx $acc1,8,$acc1 - and $acc15,2040,$acc15 - ldx [$tbl+$acc14],$acc14 ! - - srlx $acc2,16,$acc2 - xor $acc0,$s0,$s0 - ldx [$tbl+$acc15],$acc15 - srlx $acc3,24,$acc3 - xor $acc1,$s0,$s0 - ld [$key+16],$t0 - fmovs %f0,%f0 - srlx $acc5,8,$acc5 ! - xor $acc2,$s0,$s0 - ld [$key+20],$t1 - srlx $acc6,16,$acc6 - xor $acc3,$s0,$s0 - ld [$key+24],$t2 - srlx $acc7,24,$acc7 - xor $acc4,$s1,$s1 - ld [$key+28],$t3 ! - srlx $acc9,8,$acc9 - xor $acc5,$s1,$s1 - ldx [$tbl+2048+0],%g0 ! prefetch td4 - srlx $acc10,16,$acc10 - xor $acc6,$s1,$s1 - ldx [$tbl+2048+32],%g0 ! prefetch td4 - srlx $acc11,24,$acc11 - xor $acc7,$s1,$s1 - ldx [$tbl+2048+64],%g0 ! prefetch td4 - srlx $acc13,8,$acc13 - xor $acc8,$s2,$s2 - ldx [$tbl+2048+96],%g0 ! prefetch td4 - srlx $acc14,16,$acc14 ! - xor $acc9,$s2,$s2 - ldx [$tbl+2048+128],%g0 ! prefetch td4 - srlx $acc15,24,$acc15 - xor $acc10,$s2,$s2 - ldx [$tbl+2048+160],%g0 ! prefetch td4 - srl $s0,21,$acc0 - xor $acc11,$s2,$s2 - ldx [$tbl+2048+192],%g0 ! prefetch td4 - xor $acc12,$acc14,$acc14 - xor $acc13,$s3,$s3 - ldx [$tbl+2048+224],%g0 ! prefetch td4 - and $acc0,2040,$acc0 ! - xor $acc14,$s3,$s3 - xor $acc15,$s3,$s3 - ba .Ldec_loop - srl $s3,13,$acc1 - -.align 32 -.Ldec_last: - srlx $acc1,8,$acc1 ! - xor $acc0,$t0,$t0 - ld [$key+0],$s0 - srlx $acc2,16,$acc2 - xor $acc1,$t0,$t0 - ld [$key+4],$s1 - srlx $acc3,24,$acc3 - xor $acc2,$t0,$t0 - ld [$key+8],$s2 ! - srlx $acc5,8,$acc5 - xor $acc3,$t0,$t0 - ld [$key+12],$s3 - srlx $acc6,16,$acc6 - xor $acc4,$t1,$t1 - srlx $acc7,24,$acc7 - xor $acc5,$t1,$t1 - srlx $acc9,8,$acc9 ! - xor $acc6,$t1,$t1 - srlx $acc10,16,$acc10 - xor $acc7,$t1,$t1 - srlx $acc11,24,$acc11 - xor $acc8,$t2,$t2 - srlx $acc13,8,$acc13 - xor $acc9,$t2,$t2 - srlx $acc14,16,$acc14 ! - xor $acc10,$t2,$t2 - srlx $acc15,24,$acc15 - xor $acc11,$t2,$t2 - xor $acc12,$acc14,$acc14 - xor $acc13,$t3,$t3 - srl $t0,24,$acc0 - xor $acc14,$t3,$t3 - xor $acc15,$t3,$t3 ! - srl $t3,16,$acc1 - - srl $t2,8,$acc2 - and $acc1,255,$acc1 - ldub [$rounds+$acc0],$acc0 - srl $t1,24,$acc4 - and $acc2,255,$acc2 - ldub [$rounds+$acc1],$acc1 - srl $t0,16,$acc5 ! - and $t1,255,$acc3 - ldub [$rounds+$acc2],$acc2 - ldub [$rounds+$acc3],$acc3 - srl $t3,8,$acc6 - and $acc5,255,$acc5 - ldub [$rounds+$acc4],$acc4 - fmovs %f0,%f0 - srl $t2,24,$acc8 ! - and $acc6,255,$acc6 - ldub [$rounds+$acc5],$acc5 - srl $t1,16,$acc9 - and $t2,255,$acc7 - ldub [$rounds+$acc6],$acc6 - ldub [$rounds+$acc7],$acc7 - fmovs %f0,%f0 - srl $t0,8,$acc10 ! - and $acc9,255,$acc9 - ldub [$rounds+$acc8],$acc8 - srl $t3,24,$acc12 - and $acc10,255,$acc10 - ldub [$rounds+$acc9],$acc9 - srl $t2,16,$acc13 - and $t3,255,$acc11 - ldub [$rounds+$acc10],$acc10 ! - srl $t1,8,$acc14 - and $acc13,255,$acc13 - ldub [$rounds+$acc11],$acc11 - ldub [$rounds+$acc12],$acc12 - and $acc14,255,$acc14 - ldub [$rounds+$acc13],$acc13 - and $t0,255,$acc15 - ldub [$rounds+$acc14],$acc14 ! - - sll $acc0,24,$acc0 - xor $acc3,$s0,$s0 - ldub [$rounds+$acc15],$acc15 - sll $acc1,16,$acc1 - xor $acc0,$s0,$s0 - ldx [%sp+$bias+$frame+0],%i7 ! restore return address - fmovs %f0,%f0 - sll $acc2,8,$acc2 ! - xor $acc1,$s0,$s0 - sll $acc4,24,$acc4 - xor $acc2,$s0,$s0 - sll $acc5,16,$acc5 - xor $acc7,$s1,$s1 - sll $acc6,8,$acc6 - xor $acc4,$s1,$s1 - sll $acc8,24,$acc8 ! - xor $acc5,$s1,$s1 - sll $acc9,16,$acc9 - xor $acc11,$s2,$s2 - sll $acc10,8,$acc10 - xor $acc6,$s1,$s1 - sll $acc12,24,$acc12 - xor $acc8,$s2,$s2 - sll $acc13,16,$acc13 ! - xor $acc9,$s2,$s2 - sll $acc14,8,$acc14 - xor $acc10,$s2,$s2 - xor $acc12,$acc14,$acc14 - xor $acc13,$s3,$s3 - xor $acc14,$s3,$s3 - xor $acc15,$s3,$s3 - - ret - restore -.type _sparcv9_AES_decrypt,#function -.size _sparcv9_AES_decrypt,(.-_sparcv9_AES_decrypt) - -.align 32 -.globl AES_decrypt -AES_decrypt: - or %o0,%o1,%g1 - andcc %g1,3,%g0 - bnz,pn %xcc,.Lunaligned_dec - save %sp,-$frame,%sp - - ld [%i0+0],%o0 - ld [%i0+4],%o1 - ld [%i0+8],%o2 - ld [%i0+12],%o3 - -1: call .+8 - add %o7,AES_Td-1b,%o4 - call _sparcv9_AES_decrypt - mov %i2,%o5 - - st %o0,[%i1+0] - st %o1,[%i1+4] - st %o2,[%i1+8] - st %o3,[%i1+12] - - ret - restore - -.align 32 -.Lunaligned_dec: - ldub [%i0+0],%l0 - ldub [%i0+1],%l1 - ldub [%i0+2],%l2 - - sll %l0,24,%l0 - ldub [%i0+3],%l3 - sll %l1,16,%l1 - ldub [%i0+4],%l4 - sll %l2,8,%l2 - or %l1,%l0,%l0 - ldub [%i0+5],%l5 - sll %l4,24,%l4 - or %l3,%l2,%l2 - ldub [%i0+6],%l6 - sll %l5,16,%l5 - or %l0,%l2,%o0 - ldub [%i0+7],%l7 - - sll %l6,8,%l6 - or %l5,%l4,%l4 - ldub [%i0+8],%l0 - or %l7,%l6,%l6 - ldub [%i0+9],%l1 - or %l4,%l6,%o1 - ldub [%i0+10],%l2 - - sll %l0,24,%l0 - ldub [%i0+11],%l3 - sll %l1,16,%l1 - ldub [%i0+12],%l4 - sll %l2,8,%l2 - or %l1,%l0,%l0 - ldub [%i0+13],%l5 - sll %l4,24,%l4 - or %l3,%l2,%l2 - ldub [%i0+14],%l6 - sll %l5,16,%l5 - or %l0,%l2,%o2 - ldub [%i0+15],%l7 - - sll %l6,8,%l6 - or %l5,%l4,%l4 - or %l7,%l6,%l6 - or %l4,%l6,%o3 - -1: call .+8 - add %o7,AES_Td-1b,%o4 - call _sparcv9_AES_decrypt - mov %i2,%o5 - - srl %o0,24,%l0 - srl %o0,16,%l1 - stb %l0,[%i1+0] - srl %o0,8,%l2 - stb %l1,[%i1+1] - stb %l2,[%i1+2] - srl %o1,24,%l4 - stb %o0,[%i1+3] - - srl %o1,16,%l5 - stb %l4,[%i1+4] - srl %o1,8,%l6 - stb %l5,[%i1+5] - stb %l6,[%i1+6] - srl %o2,24,%l0 - stb %o1,[%i1+7] - - srl %o2,16,%l1 - stb %l0,[%i1+8] - srl %o2,8,%l2 - stb %l1,[%i1+9] - stb %l2,[%i1+10] - srl %o3,24,%l4 - stb %o2,[%i1+11] - - srl %o3,16,%l5 - stb %l4,[%i1+12] - srl %o3,8,%l6 - stb %l5,[%i1+13] - stb %l6,[%i1+14] - stb %o3,[%i1+15] - - ret - restore -.type AES_decrypt,#function -.size AES_decrypt,(.-AES_decrypt) -___ - -# fmovs instructions substituting for FP nops were originally added -# to meet specific instruction alignment requirements to maximize ILP. -# As UltraSPARC T1, a.k.a. Niagara, has shared FPU, FP nops can have -# undesired effect, so just omit them and sacrifice some portion of -# percent in performance... -$code =~ s/fmovs.*$//gm; - -print $code; -close STDOUT or die "error closing STDOUT: $!"; # ensure flush diff --git a/crypto/aes/asm/aes-x86_64.pl b/crypto/aes/asm/aes-x86_64.pl deleted file mode 100755 index 25f7ded947ed6ad86c2862f6a51b2e2d972bc868..0000000000000000000000000000000000000000 --- a/crypto/aes/asm/aes-x86_64.pl +++ /dev/null @@ -1,2927 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2005-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - -# -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# ==================================================================== -# -# Version 2.1. -# -# aes-*-cbc benchmarks are improved by >70% [compared to gcc 3.3.2 on -# Opteron 240 CPU] plus all the bells-n-whistles from 32-bit version -# [you'll notice a lot of resemblance], such as compressed S-boxes -# in little-endian byte order, prefetch of these tables in CBC mode, -# as well as avoiding L1 cache aliasing between stack frame and key -# schedule and already mentioned tables, compressed Td4... -# -# Performance in number of cycles per processed byte for 128-bit key: -# -# ECB encrypt ECB decrypt CBC large chunk -# AMD64 33 43 13.0 -# EM64T 38 56 18.6(*) -# Core 2 30 42 14.5(*) -# Atom 65 86 32.1(*) -# -# (*) with hyper-threading off - -# $output is the last argument if it looks like a file (it has an extension) -# $flavour is the first argument if it doesn't look like a file -$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; -$flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef; - -$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/); - -$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; -( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or -( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or -die "can't locate x86_64-xlate.pl"; - -open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"" - or die "can't call $xlate: $!"; -*STDOUT=*OUT; - -$verticalspin=1; # unlike 32-bit version $verticalspin performs - # ~15% better on both AMD and Intel cores -$speed_limit=512; # see aes-586.pl for details - -$code=".text\n"; - -$s0="%eax"; -$s1="%ebx"; -$s2="%ecx"; -$s3="%edx"; -$acc0="%esi"; $mask80="%rsi"; -$acc1="%edi"; $maskfe="%rdi"; -$acc2="%ebp"; $mask1b="%rbp"; -$inp="%r8"; -$out="%r9"; -$t0="%r10d"; -$t1="%r11d"; -$t2="%r12d"; -$rnds="%r13d"; -$sbox="%r14"; -$key="%r15"; - -sub hi() { my $r=shift; $r =~ s/%[er]([a-d])x/%\1h/; $r; } -sub lo() { my $r=shift; $r =~ s/%[er]([a-d])x/%\1l/; - $r =~ s/%[er]([sd]i)/%\1l/; - $r =~ s/%(r[0-9]+)[d]?/%\1b/; $r; } -sub LO() { my $r=shift; $r =~ s/%r([a-z]+)/%e\1/; - $r =~ s/%r([0-9]+)/%r\1d/; $r; } -sub _data_word() -{ my $i; - while(defined($i=shift)) { $code.=sprintf".long\t0x%08x,0x%08x\n",$i,$i; } -} -sub data_word() -{ my $i; - my $last=pop(@_); - $code.=".long\t"; - while(defined($i=shift)) { $code.=sprintf"0x%08x,",$i; } - $code.=sprintf"0x%08x\n",$last; -} - -sub data_byte() -{ my $i; - my $last=pop(@_); - $code.=".byte\t"; - while(defined($i=shift)) { $code.=sprintf"0x%02x,",$i&0xff; } - $code.=sprintf"0x%02x\n",$last&0xff; -} - -sub encvert() -{ my $t3="%r8d"; # zaps $inp! - -$code.=<<___; - # favor 3-way issue Opteron pipeline... - movzb `&lo("$s0")`,$acc0 - movzb `&lo("$s1")`,$acc1 - movzb `&lo("$s2")`,$acc2 - mov 0($sbox,$acc0,8),$t0 - mov 0($sbox,$acc1,8),$t1 - mov 0($sbox,$acc2,8),$t2 - - movzb `&hi("$s1")`,$acc0 - movzb `&hi("$s2")`,$acc1 - movzb `&lo("$s3")`,$acc2 - xor 3($sbox,$acc0,8),$t0 - xor 3($sbox,$acc1,8),$t1 - mov 0($sbox,$acc2,8),$t3 - - movzb `&hi("$s3")`,$acc0 - shr \$16,$s2 - movzb `&hi("$s0")`,$acc2 - xor 3($sbox,$acc0,8),$t2 - shr \$16,$s3 - xor 3($sbox,$acc2,8),$t3 - - shr \$16,$s1 - lea 16($key),$key - shr \$16,$s0 - - movzb `&lo("$s2")`,$acc0 - movzb `&lo("$s3")`,$acc1 - movzb `&lo("$s0")`,$acc2 - xor 2($sbox,$acc0,8),$t0 - xor 2($sbox,$acc1,8),$t1 - xor 2($sbox,$acc2,8),$t2 - - movzb `&hi("$s3")`,$acc0 - movzb `&hi("$s0")`,$acc1 - movzb `&lo("$s1")`,$acc2 - xor 1($sbox,$acc0,8),$t0 - xor 1($sbox,$acc1,8),$t1 - xor 2($sbox,$acc2,8),$t3 - - mov 12($key),$s3 - movzb `&hi("$s1")`,$acc1 - movzb `&hi("$s2")`,$acc2 - mov 0($key),$s0 - xor 1($sbox,$acc1,8),$t2 - xor 1($sbox,$acc2,8),$t3 - - mov 4($key),$s1 - mov 8($key),$s2 - xor $t0,$s0 - xor $t1,$s1 - xor $t2,$s2 - xor $t3,$s3 -___ -} - -sub enclastvert() -{ my $t3="%r8d"; # zaps $inp! - -$code.=<<___; - movzb `&lo("$s0")`,$acc0 - movzb `&lo("$s1")`,$acc1 - movzb `&lo("$s2")`,$acc2 - movzb 2($sbox,$acc0,8),$t0 - movzb 2($sbox,$acc1,8),$t1 - movzb 2($sbox,$acc2,8),$t2 - - movzb `&lo("$s3")`,$acc0 - movzb `&hi("$s1")`,$acc1 - movzb `&hi("$s2")`,$acc2 - movzb 2($sbox,$acc0,8),$t3 - mov 0($sbox,$acc1,8),$acc1 #$t0 - mov 0($sbox,$acc2,8),$acc2 #$t1 - - and \$0x0000ff00,$acc1 - and \$0x0000ff00,$acc2 - - xor $acc1,$t0 - xor $acc2,$t1 - shr \$16,$s2 - - movzb `&hi("$s3")`,$acc0 - movzb `&hi("$s0")`,$acc1 - shr \$16,$s3 - mov 0($sbox,$acc0,8),$acc0 #$t2 - mov 0($sbox,$acc1,8),$acc1 #$t3 - - and \$0x0000ff00,$acc0 - and \$0x0000ff00,$acc1 - shr \$16,$s1 - xor $acc0,$t2 - xor $acc1,$t3 - shr \$16,$s0 - - movzb `&lo("$s2")`,$acc0 - movzb `&lo("$s3")`,$acc1 - movzb `&lo("$s0")`,$acc2 - mov 0($sbox,$acc0,8),$acc0 #$t0 - mov 0($sbox,$acc1,8),$acc1 #$t1 - mov 0($sbox,$acc2,8),$acc2 #$t2 - - and \$0x00ff0000,$acc0 - and \$0x00ff0000,$acc1 - and \$0x00ff0000,$acc2 - - xor $acc0,$t0 - xor $acc1,$t1 - xor $acc2,$t2 - - movzb `&lo("$s1")`,$acc0 - movzb `&hi("$s3")`,$acc1 - movzb `&hi("$s0")`,$acc2 - mov 0($sbox,$acc0,8),$acc0 #$t3 - mov 2($sbox,$acc1,8),$acc1 #$t0 - mov 2($sbox,$acc2,8),$acc2 #$t1 - - and \$0x00ff0000,$acc0 - and \$0xff000000,$acc1 - and \$0xff000000,$acc2 - - xor $acc0,$t3 - xor $acc1,$t0 - xor $acc2,$t1 - - movzb `&hi("$s1")`,$acc0 - movzb `&hi("$s2")`,$acc1 - mov 16+12($key),$s3 - mov 2($sbox,$acc0,8),$acc0 #$t2 - mov 2($sbox,$acc1,8),$acc1 #$t3 - mov 16+0($key),$s0 - - and \$0xff000000,$acc0 - and \$0xff000000,$acc1 - - xor $acc0,$t2 - xor $acc1,$t3 - - mov 16+4($key),$s1 - mov 16+8($key),$s2 - xor $t0,$s0 - xor $t1,$s1 - xor $t2,$s2 - xor $t3,$s3 -___ -} - -sub encstep() -{ my ($i,@s) = @_; - my $tmp0=$acc0; - my $tmp1=$acc1; - my $tmp2=$acc2; - my $out=($t0,$t1,$t2,$s[0])[$i]; - - if ($i==3) { - $tmp0=$s[1]; - $tmp1=$s[2]; - $tmp2=$s[3]; - } - $code.=" movzb ".&lo($s[0]).",$out\n"; - $code.=" mov $s[2],$tmp1\n" if ($i!=3); - $code.=" lea 16($key),$key\n" if ($i==0); - - $code.=" movzb ".&hi($s[1]).",$tmp0\n"; - $code.=" mov 0($sbox,$out,8),$out\n"; - - $code.=" shr \$16,$tmp1\n"; - $code.=" mov $s[3],$tmp2\n" if ($i!=3); - $code.=" xor 3($sbox,$tmp0,8),$out\n"; - - $code.=" movzb ".&lo($tmp1).",$tmp1\n"; - $code.=" shr \$24,$tmp2\n"; - $code.=" xor 4*$i($key),$out\n"; - - $code.=" xor 2($sbox,$tmp1,8),$out\n"; - $code.=" xor 1($sbox,$tmp2,8),$out\n"; - - $code.=" mov $t0,$s[1]\n" if ($i==3); - $code.=" mov $t1,$s[2]\n" if ($i==3); - $code.=" mov $t2,$s[3]\n" if ($i==3); - $code.="\n"; -} - -sub enclast() -{ my ($i,@s)=@_; - my $tmp0=$acc0; - my $tmp1=$acc1; - my $tmp2=$acc2; - my $out=($t0,$t1,$t2,$s[0])[$i]; - - if ($i==3) { - $tmp0=$s[1]; - $tmp1=$s[2]; - $tmp2=$s[3]; - } - $code.=" movzb ".&lo($s[0]).",$out\n"; - $code.=" mov $s[2],$tmp1\n" if ($i!=3); - - $code.=" mov 2($sbox,$out,8),$out\n"; - $code.=" shr \$16,$tmp1\n"; - $code.=" mov $s[3],$tmp2\n" if ($i!=3); - - $code.=" and \$0x000000ff,$out\n"; - $code.=" movzb ".&hi($s[1]).",$tmp0\n"; - $code.=" movzb ".&lo($tmp1).",$tmp1\n"; - $code.=" shr \$24,$tmp2\n"; - - $code.=" mov 0($sbox,$tmp0,8),$tmp0\n"; - $code.=" mov 0($sbox,$tmp1,8),$tmp1\n"; - $code.=" mov 2($sbox,$tmp2,8),$tmp2\n"; - - $code.=" and \$0x0000ff00,$tmp0\n"; - $code.=" and \$0x00ff0000,$tmp1\n"; - $code.=" and \$0xff000000,$tmp2\n"; - - $code.=" xor $tmp0,$out\n"; - $code.=" mov $t0,$s[1]\n" if ($i==3); - $code.=" xor $tmp1,$out\n"; - $code.=" mov $t1,$s[2]\n" if ($i==3); - $code.=" xor $tmp2,$out\n"; - $code.=" mov $t2,$s[3]\n" if ($i==3); - $code.="\n"; -} - -$code.=<<___; -.type _x86_64_AES_encrypt,\@abi-omnipotent -.align 16 -_x86_64_AES_encrypt: -.cfi_startproc - xor 0($key),$s0 # xor with key - xor 4($key),$s1 - xor 8($key),$s2 - xor 12($key),$s3 - - mov 240($key),$rnds # load key->rounds - sub \$1,$rnds - jmp .Lenc_loop -.align 16 -.Lenc_loop: -___ - if ($verticalspin) { &encvert(); } - else { &encstep(0,$s0,$s1,$s2,$s3); - &encstep(1,$s1,$s2,$s3,$s0); - &encstep(2,$s2,$s3,$s0,$s1); - &encstep(3,$s3,$s0,$s1,$s2); - } -$code.=<<___; - sub \$1,$rnds - jnz .Lenc_loop -___ - if ($verticalspin) { &enclastvert(); } - else { &enclast(0,$s0,$s1,$s2,$s3); - &enclast(1,$s1,$s2,$s3,$s0); - &enclast(2,$s2,$s3,$s0,$s1); - &enclast(3,$s3,$s0,$s1,$s2); - $code.=<<___; - xor 16+0($key),$s0 # xor with key - xor 16+4($key),$s1 - xor 16+8($key),$s2 - xor 16+12($key),$s3 -___ - } -$code.=<<___; - .byte 0xf3,0xc3 # rep ret -.cfi_endproc -.size _x86_64_AES_encrypt,.-_x86_64_AES_encrypt -___ - -# it's possible to implement this by shifting tN by 8, filling least -# significant byte with byte load and finally bswap-ing at the end, -# but such partial register load kills Core 2... -sub enccompactvert() -{ my ($t3,$t4,$t5)=("%r8d","%r9d","%r13d"); - -$code.=<<___; - movzb `&lo("$s0")`,$t0 - movzb `&lo("$s1")`,$t1 - movzb `&lo("$s2")`,$t2 - movzb `&lo("$s3")`,$t3 - movzb `&hi("$s1")`,$acc0 - movzb `&hi("$s2")`,$acc1 - shr \$16,$s2 - movzb `&hi("$s3")`,$acc2 - movzb ($sbox,$t0,1),$t0 - movzb ($sbox,$t1,1),$t1 - movzb ($sbox,$t2,1),$t2 - movzb ($sbox,$t3,1),$t3 - - movzb ($sbox,$acc0,1),$t4 #$t0 - movzb `&hi("$s0")`,$acc0 - movzb ($sbox,$acc1,1),$t5 #$t1 - movzb `&lo("$s2")`,$acc1 - movzb ($sbox,$acc2,1),$acc2 #$t2 - movzb ($sbox,$acc0,1),$acc0 #$t3 - - shl \$8,$t4 - shr \$16,$s3 - shl \$8,$t5 - xor $t4,$t0 - shr \$16,$s0 - movzb `&lo("$s3")`,$t4 - shr \$16,$s1 - xor $t5,$t1 - shl \$8,$acc2 - movzb `&lo("$s0")`,$t5 - movzb ($sbox,$acc1,1),$acc1 #$t0 - xor $acc2,$t2 - - shl \$8,$acc0 - movzb `&lo("$s1")`,$acc2 - shl \$16,$acc1 - xor $acc0,$t3 - movzb ($sbox,$t4,1),$t4 #$t1 - movzb `&hi("$s3")`,$acc0 - movzb ($sbox,$t5,1),$t5 #$t2 - xor $acc1,$t0 - - shr \$8,$s2 - movzb `&hi("$s0")`,$acc1 - shl \$16,$t4 - shr \$8,$s1 - shl \$16,$t5 - xor $t4,$t1 - movzb ($sbox,$acc2,1),$acc2 #$t3 - movzb ($sbox,$acc0,1),$acc0 #$t0 - movzb ($sbox,$acc1,1),$acc1 #$t1 - movzb ($sbox,$s2,1),$s3 #$t3 - movzb ($sbox,$s1,1),$s2 #$t2 - - shl \$16,$acc2 - xor $t5,$t2 - shl \$24,$acc0 - xor $acc2,$t3 - shl \$24,$acc1 - xor $acc0,$t0 - shl \$24,$s3 - xor $acc1,$t1 - shl \$24,$s2 - mov $t0,$s0 - mov $t1,$s1 - xor $t2,$s2 - xor $t3,$s3 -___ -} - -sub enctransform_ref() -{ my $sn = shift; - my ($acc,$r2,$tmp)=("%r8d","%r9d","%r13d"); - -$code.=<<___; - mov $sn,$acc - and \$0x80808080,$acc - mov $acc,$tmp - shr \$7,$tmp - lea ($sn,$sn),$r2 - sub $tmp,$acc - and \$0xfefefefe,$r2 - and \$0x1b1b1b1b,$acc - mov $sn,$tmp - xor $acc,$r2 - - xor $r2,$sn - rol \$24,$sn - xor $r2,$sn - ror \$16,$tmp - xor $tmp,$sn - ror \$8,$tmp - xor $tmp,$sn -___ -} - -# unlike decrypt case it does not pay off to parallelize enctransform -sub enctransform() -{ my ($t3,$r20,$r21)=($acc2,"%r8d","%r9d"); - -$code.=<<___; - mov \$0x80808080,$t0 - mov \$0x80808080,$t1 - and $s0,$t0 - and $s1,$t1 - mov $t0,$acc0 - mov $t1,$acc1 - shr \$7,$t0 - lea ($s0,$s0),$r20 - shr \$7,$t1 - lea ($s1,$s1),$r21 - sub $t0,$acc0 - sub $t1,$acc1 - and \$0xfefefefe,$r20 - and \$0xfefefefe,$r21 - and \$0x1b1b1b1b,$acc0 - and \$0x1b1b1b1b,$acc1 - mov $s0,$t0 - mov $s1,$t1 - xor $acc0,$r20 - xor $acc1,$r21 - - xor $r20,$s0 - xor $r21,$s1 - mov \$0x80808080,$t2 - rol \$24,$s0 - mov \$0x80808080,$t3 - rol \$24,$s1 - and $s2,$t2 - and $s3,$t3 - xor $r20,$s0 - xor $r21,$s1 - mov $t2,$acc0 - ror \$16,$t0 - mov $t3,$acc1 - ror \$16,$t1 - lea ($s2,$s2),$r20 - shr \$7,$t2 - xor $t0,$s0 - shr \$7,$t3 - xor $t1,$s1 - ror \$8,$t0 - lea ($s3,$s3),$r21 - ror \$8,$t1 - sub $t2,$acc0 - sub $t3,$acc1 - xor $t0,$s0 - xor $t1,$s1 - - and \$0xfefefefe,$r20 - and \$0xfefefefe,$r21 - and \$0x1b1b1b1b,$acc0 - and \$0x1b1b1b1b,$acc1 - mov $s2,$t2 - mov $s3,$t3 - xor $acc0,$r20 - xor $acc1,$r21 - - ror \$16,$t2 - xor $r20,$s2 - ror \$16,$t3 - xor $r21,$s3 - rol \$24,$s2 - mov 0($sbox),$acc0 # prefetch Te4 - rol \$24,$s3 - xor $r20,$s2 - mov 64($sbox),$acc1 - xor $r21,$s3 - mov 128($sbox),$r20 - xor $t2,$s2 - ror \$8,$t2 - xor $t3,$s3 - ror \$8,$t3 - xor $t2,$s2 - mov 192($sbox),$r21 - xor $t3,$s3 -___ -} - -$code.=<<___; -.type _x86_64_AES_encrypt_compact,\@abi-omnipotent -.align 16 -_x86_64_AES_encrypt_compact: -.cfi_startproc - lea 128($sbox),$inp # size optimization - mov 0-128($inp),$acc1 # prefetch Te4 - mov 32-128($inp),$acc2 - mov 64-128($inp),$t0 - mov 96-128($inp),$t1 - mov 128-128($inp),$acc1 - mov 160-128($inp),$acc2 - mov 192-128($inp),$t0 - mov 224-128($inp),$t1 - jmp .Lenc_loop_compact -.align 16 -.Lenc_loop_compact: - xor 0($key),$s0 # xor with key - xor 4($key),$s1 - xor 8($key),$s2 - xor 12($key),$s3 - lea 16($key),$key -___ - &enccompactvert(); -$code.=<<___; - cmp 16(%rsp),$key - je .Lenc_compact_done -___ - &enctransform(); -$code.=<<___; - jmp .Lenc_loop_compact -.align 16 -.Lenc_compact_done: - xor 0($key),$s0 - xor 4($key),$s1 - xor 8($key),$s2 - xor 12($key),$s3 - .byte 0xf3,0xc3 # rep ret -.cfi_endproc -.size _x86_64_AES_encrypt_compact,.-_x86_64_AES_encrypt_compact -___ - -# void AES_encrypt (const void *inp,void *out,const AES_KEY *key); -$code.=<<___; -.globl AES_encrypt -.type AES_encrypt,\@function,3 -.align 16 -.globl asm_AES_encrypt -.hidden asm_AES_encrypt -asm_AES_encrypt: -AES_encrypt: -.cfi_startproc - endbranch - mov %rsp,%rax -.cfi_def_cfa_register %rax - push %rbx -.cfi_push %rbx - push %rbp -.cfi_push %rbp - push %r12 -.cfi_push %r12 - push %r13 -.cfi_push %r13 - push %r14 -.cfi_push %r14 - push %r15 -.cfi_push %r15 - - # allocate frame "above" key schedule - lea -63(%rdx),%rcx # %rdx is key argument - and \$-64,%rsp - sub %rsp,%rcx - neg %rcx - and \$0x3c0,%rcx - sub %rcx,%rsp - sub \$32,%rsp - - mov %rsi,16(%rsp) # save out - mov %rax,24(%rsp) # save original stack pointer -.cfi_cfa_expression %rsp+24,deref,+8 -.Lenc_prologue: - - mov %rdx,$key - mov 240($key),$rnds # load rounds - - mov 0(%rdi),$s0 # load input vector - mov 4(%rdi),$s1 - mov 8(%rdi),$s2 - mov 12(%rdi),$s3 - - shl \$4,$rnds - lea ($key,$rnds),%rbp - mov $key,(%rsp) # key schedule - mov %rbp,8(%rsp) # end of key schedule - - # pick Te4 copy which can't "overlap" with stack frame or key schedule - lea .LAES_Te+2048(%rip),$sbox - lea 768(%rsp),%rbp - sub $sbox,%rbp - and \$0x300,%rbp - lea ($sbox,%rbp),$sbox - - call _x86_64_AES_encrypt_compact - - mov 16(%rsp),$out # restore out - mov 24(%rsp),%rsi # restore saved stack pointer -.cfi_def_cfa %rsi,8 - mov $s0,0($out) # write output vector - mov $s1,4($out) - mov $s2,8($out) - mov $s3,12($out) - - mov -48(%rsi),%r15 -.cfi_restore %r15 - mov -40(%rsi),%r14 -.cfi_restore %r14 - mov -32(%rsi),%r13 -.cfi_restore %r13 - mov -24(%rsi),%r12 -.cfi_restore %r12 - mov -16(%rsi),%rbp -.cfi_restore %rbp - mov -8(%rsi),%rbx -.cfi_restore %rbx - lea (%rsi),%rsp -.cfi_def_cfa_register %rsp -.Lenc_epilogue: - ret -.cfi_endproc -.size AES_encrypt,.-AES_encrypt -___ - -#------------------------------------------------------------------# - -sub decvert() -{ my $t3="%r8d"; # zaps $inp! - -$code.=<<___; - # favor 3-way issue Opteron pipeline... - movzb `&lo("$s0")`,$acc0 - movzb `&lo("$s1")`,$acc1 - movzb `&lo("$s2")`,$acc2 - mov 0($sbox,$acc0,8),$t0 - mov 0($sbox,$acc1,8),$t1 - mov 0($sbox,$acc2,8),$t2 - - movzb `&hi("$s3")`,$acc0 - movzb `&hi("$s0")`,$acc1 - movzb `&lo("$s3")`,$acc2 - xor 3($sbox,$acc0,8),$t0 - xor 3($sbox,$acc1,8),$t1 - mov 0($sbox,$acc2,8),$t3 - - movzb `&hi("$s1")`,$acc0 - shr \$16,$s0 - movzb `&hi("$s2")`,$acc2 - xor 3($sbox,$acc0,8),$t2 - shr \$16,$s3 - xor 3($sbox,$acc2,8),$t3 - - shr \$16,$s1 - lea 16($key),$key - shr \$16,$s2 - - movzb `&lo("$s2")`,$acc0 - movzb `&lo("$s3")`,$acc1 - movzb `&lo("$s0")`,$acc2 - xor 2($sbox,$acc0,8),$t0 - xor 2($sbox,$acc1,8),$t1 - xor 2($sbox,$acc2,8),$t2 - - movzb `&hi("$s1")`,$acc0 - movzb `&hi("$s2")`,$acc1 - movzb `&lo("$s1")`,$acc2 - xor 1($sbox,$acc0,8),$t0 - xor 1($sbox,$acc1,8),$t1 - xor 2($sbox,$acc2,8),$t3 - - movzb `&hi("$s3")`,$acc0 - mov 12($key),$s3 - movzb `&hi("$s0")`,$acc2 - xor 1($sbox,$acc0,8),$t2 - mov 0($key),$s0 - xor 1($sbox,$acc2,8),$t3 - - xor $t0,$s0 - mov 4($key),$s1 - mov 8($key),$s2 - xor $t2,$s2 - xor $t1,$s1 - xor $t3,$s3 -___ -} - -sub declastvert() -{ my $t3="%r8d"; # zaps $inp! - -$code.=<<___; - lea 2048($sbox),$sbox # size optimization - movzb `&lo("$s0")`,$acc0 - movzb `&lo("$s1")`,$acc1 - movzb `&lo("$s2")`,$acc2 - movzb ($sbox,$acc0,1),$t0 - movzb ($sbox,$acc1,1),$t1 - movzb ($sbox,$acc2,1),$t2 - - movzb `&lo("$s3")`,$acc0 - movzb `&hi("$s3")`,$acc1 - movzb `&hi("$s0")`,$acc2 - movzb ($sbox,$acc0,1),$t3 - movzb ($sbox,$acc1,1),$acc1 #$t0 - movzb ($sbox,$acc2,1),$acc2 #$t1 - - shl \$8,$acc1 - shl \$8,$acc2 - - xor $acc1,$t0 - xor $acc2,$t1 - shr \$16,$s3 - - movzb `&hi("$s1")`,$acc0 - movzb `&hi("$s2")`,$acc1 - shr \$16,$s0 - movzb ($sbox,$acc0,1),$acc0 #$t2 - movzb ($sbox,$acc1,1),$acc1 #$t3 - - shl \$8,$acc0 - shl \$8,$acc1 - shr \$16,$s1 - xor $acc0,$t2 - xor $acc1,$t3 - shr \$16,$s2 - - movzb `&lo("$s2")`,$acc0 - movzb `&lo("$s3")`,$acc1 - movzb `&lo("$s0")`,$acc2 - movzb ($sbox,$acc0,1),$acc0 #$t0 - movzb ($sbox,$acc1,1),$acc1 #$t1 - movzb ($sbox,$acc2,1),$acc2 #$t2 - - shl \$16,$acc0 - shl \$16,$acc1 - shl \$16,$acc2 - - xor $acc0,$t0 - xor $acc1,$t1 - xor $acc2,$t2 - - movzb `&lo("$s1")`,$acc0 - movzb `&hi("$s1")`,$acc1 - movzb `&hi("$s2")`,$acc2 - movzb ($sbox,$acc0,1),$acc0 #$t3 - movzb ($sbox,$acc1,1),$acc1 #$t0 - movzb ($sbox,$acc2,1),$acc2 #$t1 - - shl \$16,$acc0 - shl \$24,$acc1 - shl \$24,$acc2 - - xor $acc0,$t3 - xor $acc1,$t0 - xor $acc2,$t1 - - movzb `&hi("$s3")`,$acc0 - movzb `&hi("$s0")`,$acc1 - mov 16+12($key),$s3 - movzb ($sbox,$acc0,1),$acc0 #$t2 - movzb ($sbox,$acc1,1),$acc1 #$t3 - mov 16+0($key),$s0 - - shl \$24,$acc0 - shl \$24,$acc1 - - xor $acc0,$t2 - xor $acc1,$t3 - - mov 16+4($key),$s1 - mov 16+8($key),$s2 - lea -2048($sbox),$sbox - xor $t0,$s0 - xor $t1,$s1 - xor $t2,$s2 - xor $t3,$s3 -___ -} - -sub decstep() -{ my ($i,@s) = @_; - my $tmp0=$acc0; - my $tmp1=$acc1; - my $tmp2=$acc2; - my $out=($t0,$t1,$t2,$s[0])[$i]; - - $code.=" mov $s[0],$out\n" if ($i!=3); - $tmp1=$s[2] if ($i==3); - $code.=" mov $s[2],$tmp1\n" if ($i!=3); - $code.=" and \$0xFF,$out\n"; - - $code.=" mov 0($sbox,$out,8),$out\n"; - $code.=" shr \$16,$tmp1\n"; - $tmp2=$s[3] if ($i==3); - $code.=" mov $s[3],$tmp2\n" if ($i!=3); - - $tmp0=$s[1] if ($i==3); - $code.=" movzb ".&hi($s[1]).",$tmp0\n"; - $code.=" and \$0xFF,$tmp1\n"; - $code.=" shr \$24,$tmp2\n"; - - $code.=" xor 3($sbox,$tmp0,8),$out\n"; - $code.=" xor 2($sbox,$tmp1,8),$out\n"; - $code.=" xor 1($sbox,$tmp2,8),$out\n"; - - $code.=" mov $t2,$s[1]\n" if ($i==3); - $code.=" mov $t1,$s[2]\n" if ($i==3); - $code.=" mov $t0,$s[3]\n" if ($i==3); - $code.="\n"; -} - -sub declast() -{ my ($i,@s)=@_; - my $tmp0=$acc0; - my $tmp1=$acc1; - my $tmp2=$acc2; - my $out=($t0,$t1,$t2,$s[0])[$i]; - - $code.=" mov $s[0],$out\n" if ($i!=3); - $tmp1=$s[2] if ($i==3); - $code.=" mov $s[2],$tmp1\n" if ($i!=3); - $code.=" and \$0xFF,$out\n"; - - $code.=" movzb 2048($sbox,$out,1),$out\n"; - $code.=" shr \$16,$tmp1\n"; - $tmp2=$s[3] if ($i==3); - $code.=" mov $s[3],$tmp2\n" if ($i!=3); - - $tmp0=$s[1] if ($i==3); - $code.=" movzb ".&hi($s[1]).",$tmp0\n"; - $code.=" and \$0xFF,$tmp1\n"; - $code.=" shr \$24,$tmp2\n"; - - $code.=" movzb 2048($sbox,$tmp0,1),$tmp0\n"; - $code.=" movzb 2048($sbox,$tmp1,1),$tmp1\n"; - $code.=" movzb 2048($sbox,$tmp2,1),$tmp2\n"; - - $code.=" shl \$8,$tmp0\n"; - $code.=" shl \$16,$tmp1\n"; - $code.=" shl \$24,$tmp2\n"; - - $code.=" xor $tmp0,$out\n"; - $code.=" mov $t2,$s[1]\n" if ($i==3); - $code.=" xor $tmp1,$out\n"; - $code.=" mov $t1,$s[2]\n" if ($i==3); - $code.=" xor $tmp2,$out\n"; - $code.=" mov $t0,$s[3]\n" if ($i==3); - $code.="\n"; -} - -$code.=<<___; -.type _x86_64_AES_decrypt,\@abi-omnipotent -.align 16 -_x86_64_AES_decrypt: -.cfi_startproc - xor 0($key),$s0 # xor with key - xor 4($key),$s1 - xor 8($key),$s2 - xor 12($key),$s3 - - mov 240($key),$rnds # load key->rounds - sub \$1,$rnds - jmp .Ldec_loop -.align 16 -.Ldec_loop: -___ - if ($verticalspin) { &decvert(); } - else { &decstep(0,$s0,$s3,$s2,$s1); - &decstep(1,$s1,$s0,$s3,$s2); - &decstep(2,$s2,$s1,$s0,$s3); - &decstep(3,$s3,$s2,$s1,$s0); - $code.=<<___; - lea 16($key),$key - xor 0($key),$s0 # xor with key - xor 4($key),$s1 - xor 8($key),$s2 - xor 12($key),$s3 -___ - } -$code.=<<___; - sub \$1,$rnds - jnz .Ldec_loop -___ - if ($verticalspin) { &declastvert(); } - else { &declast(0,$s0,$s3,$s2,$s1); - &declast(1,$s1,$s0,$s3,$s2); - &declast(2,$s2,$s1,$s0,$s3); - &declast(3,$s3,$s2,$s1,$s0); - $code.=<<___; - xor 16+0($key),$s0 # xor with key - xor 16+4($key),$s1 - xor 16+8($key),$s2 - xor 16+12($key),$s3 -___ - } -$code.=<<___; - .byte 0xf3,0xc3 # rep ret -.cfi_endproc -.size _x86_64_AES_decrypt,.-_x86_64_AES_decrypt -___ - -sub deccompactvert() -{ my ($t3,$t4,$t5)=("%r8d","%r9d","%r13d"); - -$code.=<<___; - movzb `&lo("$s0")`,$t0 - movzb `&lo("$s1")`,$t1 - movzb `&lo("$s2")`,$t2 - movzb `&lo("$s3")`,$t3 - movzb `&hi("$s3")`,$acc0 - movzb `&hi("$s0")`,$acc1 - shr \$16,$s3 - movzb `&hi("$s1")`,$acc2 - movzb ($sbox,$t0,1),$t0 - movzb ($sbox,$t1,1),$t1 - movzb ($sbox,$t2,1),$t2 - movzb ($sbox,$t3,1),$t3 - - movzb ($sbox,$acc0,1),$t4 #$t0 - movzb `&hi("$s2")`,$acc0 - movzb ($sbox,$acc1,1),$t5 #$t1 - movzb ($sbox,$acc2,1),$acc2 #$t2 - movzb ($sbox,$acc0,1),$acc0 #$t3 - - shr \$16,$s2 - shl \$8,$t5 - shl \$8,$t4 - movzb `&lo("$s2")`,$acc1 - shr \$16,$s0 - xor $t4,$t0 - shr \$16,$s1 - movzb `&lo("$s3")`,$t4 - - shl \$8,$acc2 - xor $t5,$t1 - shl \$8,$acc0 - movzb `&lo("$s0")`,$t5 - movzb ($sbox,$acc1,1),$acc1 #$t0 - xor $acc2,$t2 - movzb `&lo("$s1")`,$acc2 - - shl \$16,$acc1 - xor $acc0,$t3 - movzb ($sbox,$t4,1),$t4 #$t1 - movzb `&hi("$s1")`,$acc0 - movzb ($sbox,$acc2,1),$acc2 #$t3 - xor $acc1,$t0 - movzb ($sbox,$t5,1),$t5 #$t2 - movzb `&hi("$s2")`,$acc1 - - shl \$16,$acc2 - shl \$16,$t4 - shl \$16,$t5 - xor $acc2,$t3 - movzb `&hi("$s3")`,$acc2 - xor $t4,$t1 - shr \$8,$s0 - xor $t5,$t2 - - movzb ($sbox,$acc0,1),$acc0 #$t0 - movzb ($sbox,$acc1,1),$s1 #$t1 - movzb ($sbox,$acc2,1),$s2 #$t2 - movzb ($sbox,$s0,1),$s3 #$t3 - - mov $t0,$s0 - shl \$24,$acc0 - shl \$24,$s1 - shl \$24,$s2 - xor $acc0,$s0 - shl \$24,$s3 - xor $t1,$s1 - xor $t2,$s2 - xor $t3,$s3 -___ -} - -# parallelized version! input is pair of 64-bit values: %rax=s1.s0 -# and %rcx=s3.s2, output is four 32-bit values in %eax=s0, %ebx=s1, -# %ecx=s2 and %edx=s3. -sub dectransform() -{ my ($tp10,$tp20,$tp40,$tp80,$acc0)=("%rax","%r8", "%r9", "%r10","%rbx"); - my ($tp18,$tp28,$tp48,$tp88,$acc8)=("%rcx","%r11","%r12","%r13","%rdx"); - my $prefetch = shift; - -$code.=<<___; - mov $mask80,$tp40 - mov $mask80,$tp48 - and $tp10,$tp40 - and $tp18,$tp48 - mov $tp40,$acc0 - mov $tp48,$acc8 - shr \$7,$tp40 - lea ($tp10,$tp10),$tp20 - shr \$7,$tp48 - lea ($tp18,$tp18),$tp28 - sub $tp40,$acc0 - sub $tp48,$acc8 - and $maskfe,$tp20 - and $maskfe,$tp28 - and $mask1b,$acc0 - and $mask1b,$acc8 - xor $acc0,$tp20 - xor $acc8,$tp28 - mov $mask80,$tp80 - mov $mask80,$tp88 - - and $tp20,$tp80 - and $tp28,$tp88 - mov $tp80,$acc0 - mov $tp88,$acc8 - shr \$7,$tp80 - lea ($tp20,$tp20),$tp40 - shr \$7,$tp88 - lea ($tp28,$tp28),$tp48 - sub $tp80,$acc0 - sub $tp88,$acc8 - and $maskfe,$tp40 - and $maskfe,$tp48 - and $mask1b,$acc0 - and $mask1b,$acc8 - xor $acc0,$tp40 - xor $acc8,$tp48 - mov $mask80,$tp80 - mov $mask80,$tp88 - - and $tp40,$tp80 - and $tp48,$tp88 - mov $tp80,$acc0 - mov $tp88,$acc8 - shr \$7,$tp80 - xor $tp10,$tp20 # tp2^=tp1 - shr \$7,$tp88 - xor $tp18,$tp28 # tp2^=tp1 - sub $tp80,$acc0 - sub $tp88,$acc8 - lea ($tp40,$tp40),$tp80 - lea ($tp48,$tp48),$tp88 - xor $tp10,$tp40 # tp4^=tp1 - xor $tp18,$tp48 # tp4^=tp1 - and $maskfe,$tp80 - and $maskfe,$tp88 - and $mask1b,$acc0 - and $mask1b,$acc8 - xor $acc0,$tp80 - xor $acc8,$tp88 - - xor $tp80,$tp10 # tp1^=tp8 - xor $tp88,$tp18 # tp1^=tp8 - xor $tp80,$tp20 # tp2^tp1^=tp8 - xor $tp88,$tp28 # tp2^tp1^=tp8 - mov $tp10,$acc0 - mov $tp18,$acc8 - xor $tp80,$tp40 # tp4^tp1^=tp8 - shr \$32,$acc0 - xor $tp88,$tp48 # tp4^tp1^=tp8 - shr \$32,$acc8 - xor $tp20,$tp80 # tp8^=tp8^tp2^tp1=tp2^tp1 - rol \$8,`&LO("$tp10")` # ROTATE(tp1^tp8,8) - xor $tp28,$tp88 # tp8^=tp8^tp2^tp1=tp2^tp1 - rol \$8,`&LO("$tp18")` # ROTATE(tp1^tp8,8) - xor $tp40,$tp80 # tp2^tp1^=tp8^tp4^tp1=tp8^tp4^tp2 - rol \$8,`&LO("$acc0")` # ROTATE(tp1^tp8,8) - xor $tp48,$tp88 # tp2^tp1^=tp8^tp4^tp1=tp8^tp4^tp2 - - rol \$8,`&LO("$acc8")` # ROTATE(tp1^tp8,8) - xor `&LO("$tp80")`,`&LO("$tp10")` - shr \$32,$tp80 - xor `&LO("$tp88")`,`&LO("$tp18")` - shr \$32,$tp88 - xor `&LO("$tp80")`,`&LO("$acc0")` - xor `&LO("$tp88")`,`&LO("$acc8")` - - mov $tp20,$tp80 - rol \$24,`&LO("$tp20")` # ROTATE(tp2^tp1^tp8,24) - mov $tp28,$tp88 - rol \$24,`&LO("$tp28")` # ROTATE(tp2^tp1^tp8,24) - shr \$32,$tp80 - xor `&LO("$tp20")`,`&LO("$tp10")` - shr \$32,$tp88 - xor `&LO("$tp28")`,`&LO("$tp18")` - rol \$24,`&LO("$tp80")` # ROTATE(tp2^tp1^tp8,24) - mov $tp40,$tp20 - rol \$24,`&LO("$tp88")` # ROTATE(tp2^tp1^tp8,24) - mov $tp48,$tp28 - shr \$32,$tp20 - xor `&LO("$tp80")`,`&LO("$acc0")` - shr \$32,$tp28 - xor `&LO("$tp88")`,`&LO("$acc8")` - - `"mov 0($sbox),$mask80" if ($prefetch)` - rol \$16,`&LO("$tp40")` # ROTATE(tp4^tp1^tp8,16) - `"mov 64($sbox),$maskfe" if ($prefetch)` - rol \$16,`&LO("$tp48")` # ROTATE(tp4^tp1^tp8,16) - `"mov 128($sbox),$mask1b" if ($prefetch)` - rol \$16,`&LO("$tp20")` # ROTATE(tp4^tp1^tp8,16) - `"mov 192($sbox),$tp80" if ($prefetch)` - xor `&LO("$tp40")`,`&LO("$tp10")` - rol \$16,`&LO("$tp28")` # ROTATE(tp4^tp1^tp8,16) - xor `&LO("$tp48")`,`&LO("$tp18")` - `"mov 256($sbox),$tp88" if ($prefetch)` - xor `&LO("$tp20")`,`&LO("$acc0")` - xor `&LO("$tp28")`,`&LO("$acc8")` -___ -} - -$code.=<<___; -.type _x86_64_AES_decrypt_compact,\@abi-omnipotent -.align 16 -_x86_64_AES_decrypt_compact: -.cfi_startproc - lea 128($sbox),$inp # size optimization - mov 0-128($inp),$acc1 # prefetch Td4 - mov 32-128($inp),$acc2 - mov 64-128($inp),$t0 - mov 96-128($inp),$t1 - mov 128-128($inp),$acc1 - mov 160-128($inp),$acc2 - mov 192-128($inp),$t0 - mov 224-128($inp),$t1 - jmp .Ldec_loop_compact - -.align 16 -.Ldec_loop_compact: - xor 0($key),$s0 # xor with key - xor 4($key),$s1 - xor 8($key),$s2 - xor 12($key),$s3 - lea 16($key),$key -___ - &deccompactvert(); -$code.=<<___; - cmp 16(%rsp),$key - je .Ldec_compact_done - - mov 256+0($sbox),$mask80 - shl \$32,%rbx - shl \$32,%rdx - mov 256+8($sbox),$maskfe - or %rbx,%rax - or %rdx,%rcx - mov 256+16($sbox),$mask1b -___ - &dectransform(1); -$code.=<<___; - jmp .Ldec_loop_compact -.align 16 -.Ldec_compact_done: - xor 0($key),$s0 - xor 4($key),$s1 - xor 8($key),$s2 - xor 12($key),$s3 - .byte 0xf3,0xc3 # rep ret -.cfi_endproc -.size _x86_64_AES_decrypt_compact,.-_x86_64_AES_decrypt_compact -___ - -# void AES_decrypt (const void *inp,void *out,const AES_KEY *key); -$code.=<<___; -.globl AES_decrypt -.type AES_decrypt,\@function,3 -.align 16 -.globl asm_AES_decrypt -.hidden asm_AES_decrypt -asm_AES_decrypt: -AES_decrypt: -.cfi_startproc - endbranch - mov %rsp,%rax -.cfi_def_cfa_register %rax - push %rbx -.cfi_push %rbx - push %rbp -.cfi_push %rbp - push %r12 -.cfi_push %r12 - push %r13 -.cfi_push %r13 - push %r14 -.cfi_push %r14 - push %r15 -.cfi_push %r15 - - # allocate frame "above" key schedule - lea -63(%rdx),%rcx # %rdx is key argument - and \$-64,%rsp - sub %rsp,%rcx - neg %rcx - and \$0x3c0,%rcx - sub %rcx,%rsp - sub \$32,%rsp - - mov %rsi,16(%rsp) # save out - mov %rax,24(%rsp) # save original stack pointer -.cfi_cfa_expression %rsp+24,deref,+8 -.Ldec_prologue: - - mov %rdx,$key - mov 240($key),$rnds # load rounds - - mov 0(%rdi),$s0 # load input vector - mov 4(%rdi),$s1 - mov 8(%rdi),$s2 - mov 12(%rdi),$s3 - - shl \$4,$rnds - lea ($key,$rnds),%rbp - mov $key,(%rsp) # key schedule - mov %rbp,8(%rsp) # end of key schedule - - # pick Td4 copy which can't "overlap" with stack frame or key schedule - lea .LAES_Td+2048(%rip),$sbox - lea 768(%rsp),%rbp - sub $sbox,%rbp - and \$0x300,%rbp - lea ($sbox,%rbp),$sbox - shr \$3,%rbp # recall "magic" constants! - add %rbp,$sbox - - call _x86_64_AES_decrypt_compact - - mov 16(%rsp),$out # restore out - mov 24(%rsp),%rsi # restore saved stack pointer -.cfi_def_cfa %rsi,8 - mov $s0,0($out) # write output vector - mov $s1,4($out) - mov $s2,8($out) - mov $s3,12($out) - - mov -48(%rsi),%r15 -.cfi_restore %r15 - mov -40(%rsi),%r14 -.cfi_restore %r14 - mov -32(%rsi),%r13 -.cfi_restore %r13 - mov -24(%rsi),%r12 -.cfi_restore %r12 - mov -16(%rsi),%rbp -.cfi_restore %rbp - mov -8(%rsi),%rbx -.cfi_restore %rbx - lea (%rsi),%rsp -.cfi_def_cfa_register %rsp -.Ldec_epilogue: - ret -.cfi_endproc -.size AES_decrypt,.-AES_decrypt -___ -#------------------------------------------------------------------# - -sub enckey() -{ -$code.=<<___; - movz %dl,%esi # rk[i]>>0 - movzb -128(%rbp,%rsi),%ebx - movz %dh,%esi # rk[i]>>8 - shl \$24,%ebx - xor %ebx,%eax - - movzb -128(%rbp,%rsi),%ebx - shr \$16,%edx - movz %dl,%esi # rk[i]>>16 - xor %ebx,%eax - - movzb -128(%rbp,%rsi),%ebx - movz %dh,%esi # rk[i]>>24 - shl \$8,%ebx - xor %ebx,%eax - - movzb -128(%rbp,%rsi),%ebx - shl \$16,%ebx - xor %ebx,%eax - - xor 1024-128(%rbp,%rcx,4),%eax # rcon -___ -} - -# int AES_set_encrypt_key(const unsigned char *userKey, const int bits, -# AES_KEY *key) -$code.=<<___; -.globl AES_set_encrypt_key -.type AES_set_encrypt_key,\@function,3 -.align 16 -AES_set_encrypt_key: -.cfi_startproc - endbranch - push %rbx -.cfi_push %rbx - push %rbp -.cfi_push %rbp - push %r12 # redundant, but allows to share -.cfi_push %r12 - push %r13 # exception handler... -.cfi_push %r13 - push %r14 -.cfi_push %r14 - push %r15 -.cfi_push %r15 - sub \$8,%rsp -.cfi_adjust_cfa_offset 8 -.Lenc_key_prologue: - - call _x86_64_AES_set_encrypt_key - - mov 40(%rsp),%rbp -.cfi_restore %rbp - mov 48(%rsp),%rbx -.cfi_restore %rbx - add \$56,%rsp -.cfi_adjust_cfa_offset -56 -.Lenc_key_epilogue: - ret -.cfi_endproc -.size AES_set_encrypt_key,.-AES_set_encrypt_key - -.type _x86_64_AES_set_encrypt_key,\@abi-omnipotent -.align 16 -_x86_64_AES_set_encrypt_key: -.cfi_startproc - mov %esi,%ecx # %ecx=bits - mov %rdi,%rsi # %rsi=userKey - mov %rdx,%rdi # %rdi=key - - test \$-1,%rsi - jz .Lbadpointer - test \$-1,%rdi - jz .Lbadpointer - - lea .LAES_Te(%rip),%rbp - lea 2048+128(%rbp),%rbp - - # prefetch Te4 - mov 0-128(%rbp),%eax - mov 32-128(%rbp),%ebx - mov 64-128(%rbp),%r8d - mov 96-128(%rbp),%edx - mov 128-128(%rbp),%eax - mov 160-128(%rbp),%ebx - mov 192-128(%rbp),%r8d - mov 224-128(%rbp),%edx - - cmp \$128,%ecx - je .L10rounds - cmp \$192,%ecx - je .L12rounds - cmp \$256,%ecx - je .L14rounds - mov \$-2,%rax # invalid number of bits - jmp .Lexit - -.L10rounds: - mov 0(%rsi),%rax # copy first 4 dwords - mov 8(%rsi),%rdx - mov %rax,0(%rdi) - mov %rdx,8(%rdi) - - shr \$32,%rdx - xor %ecx,%ecx - jmp .L10shortcut -.align 4 -.L10loop: - mov 0(%rdi),%eax # rk[0] - mov 12(%rdi),%edx # rk[3] -.L10shortcut: -___ - &enckey (); -$code.=<<___; - mov %eax,16(%rdi) # rk[4] - xor 4(%rdi),%eax - mov %eax,20(%rdi) # rk[5] - xor 8(%rdi),%eax - mov %eax,24(%rdi) # rk[6] - xor 12(%rdi),%eax - mov %eax,28(%rdi) # rk[7] - add \$1,%ecx - lea 16(%rdi),%rdi - cmp \$10,%ecx - jl .L10loop - - movl \$10,80(%rdi) # setup number of rounds - xor %rax,%rax - jmp .Lexit - -.L12rounds: - mov 0(%rsi),%rax # copy first 6 dwords - mov 8(%rsi),%rbx - mov 16(%rsi),%rdx - mov %rax,0(%rdi) - mov %rbx,8(%rdi) - mov %rdx,16(%rdi) - - shr \$32,%rdx - xor %ecx,%ecx - jmp .L12shortcut -.align 4 -.L12loop: - mov 0(%rdi),%eax # rk[0] - mov 20(%rdi),%edx # rk[5] -.L12shortcut: -___ - &enckey (); -$code.=<<___; - mov %eax,24(%rdi) # rk[6] - xor 4(%rdi),%eax - mov %eax,28(%rdi) # rk[7] - xor 8(%rdi),%eax - mov %eax,32(%rdi) # rk[8] - xor 12(%rdi),%eax - mov %eax,36(%rdi) # rk[9] - - cmp \$7,%ecx - je .L12break - add \$1,%ecx - - xor 16(%rdi),%eax - mov %eax,40(%rdi) # rk[10] - xor 20(%rdi),%eax - mov %eax,44(%rdi) # rk[11] - - lea 24(%rdi),%rdi - jmp .L12loop -.L12break: - movl \$12,72(%rdi) # setup number of rounds - xor %rax,%rax - jmp .Lexit - -.L14rounds: - mov 0(%rsi),%rax # copy first 8 dwords - mov 8(%rsi),%rbx - mov 16(%rsi),%rcx - mov 24(%rsi),%rdx - mov %rax,0(%rdi) - mov %rbx,8(%rdi) - mov %rcx,16(%rdi) - mov %rdx,24(%rdi) - - shr \$32,%rdx - xor %ecx,%ecx - jmp .L14shortcut -.align 4 -.L14loop: - mov 0(%rdi),%eax # rk[0] - mov 28(%rdi),%edx # rk[4] -.L14shortcut: -___ - &enckey (); -$code.=<<___; - mov %eax,32(%rdi) # rk[8] - xor 4(%rdi),%eax - mov %eax,36(%rdi) # rk[9] - xor 8(%rdi),%eax - mov %eax,40(%rdi) # rk[10] - xor 12(%rdi),%eax - mov %eax,44(%rdi) # rk[11] - - cmp \$6,%ecx - je .L14break - add \$1,%ecx - - mov %eax,%edx - mov 16(%rdi),%eax # rk[4] - movz %dl,%esi # rk[11]>>0 - movzb -128(%rbp,%rsi),%ebx - movz %dh,%esi # rk[11]>>8 - xor %ebx,%eax - - movzb -128(%rbp,%rsi),%ebx - shr \$16,%edx - shl \$8,%ebx - movz %dl,%esi # rk[11]>>16 - xor %ebx,%eax - - movzb -128(%rbp,%rsi),%ebx - movz %dh,%esi # rk[11]>>24 - shl \$16,%ebx - xor %ebx,%eax - - movzb -128(%rbp,%rsi),%ebx - shl \$24,%ebx - xor %ebx,%eax - - mov %eax,48(%rdi) # rk[12] - xor 20(%rdi),%eax - mov %eax,52(%rdi) # rk[13] - xor 24(%rdi),%eax - mov %eax,56(%rdi) # rk[14] - xor 28(%rdi),%eax - mov %eax,60(%rdi) # rk[15] - - lea 32(%rdi),%rdi - jmp .L14loop -.L14break: - movl \$14,48(%rdi) # setup number of rounds - xor %rax,%rax - jmp .Lexit - -.Lbadpointer: - mov \$-1,%rax -.Lexit: - .byte 0xf3,0xc3 # rep ret -.cfi_endproc -.size _x86_64_AES_set_encrypt_key,.-_x86_64_AES_set_encrypt_key -___ - -sub deckey_ref() -{ my ($i,$ptr,$te,$td) = @_; - my ($tp1,$tp2,$tp4,$tp8,$acc)=("%eax","%ebx","%edi","%edx","%r8d"); -$code.=<<___; - mov $i($ptr),$tp1 - mov $tp1,$acc - and \$0x80808080,$acc - mov $acc,$tp4 - shr \$7,$tp4 - lea 0($tp1,$tp1),$tp2 - sub $tp4,$acc - and \$0xfefefefe,$tp2 - and \$0x1b1b1b1b,$acc - xor $tp2,$acc - mov $acc,$tp2 - - and \$0x80808080,$acc - mov $acc,$tp8 - shr \$7,$tp8 - lea 0($tp2,$tp2),$tp4 - sub $tp8,$acc - and \$0xfefefefe,$tp4 - and \$0x1b1b1b1b,$acc - xor $tp1,$tp2 # tp2^tp1 - xor $tp4,$acc - mov $acc,$tp4 - - and \$0x80808080,$acc - mov $acc,$tp8 - shr \$7,$tp8 - sub $tp8,$acc - lea 0($tp4,$tp4),$tp8 - xor $tp1,$tp4 # tp4^tp1 - and \$0xfefefefe,$tp8 - and \$0x1b1b1b1b,$acc - xor $acc,$tp8 - - xor $tp8,$tp1 # tp1^tp8 - rol \$8,$tp1 # ROTATE(tp1^tp8,8) - xor $tp8,$tp2 # tp2^tp1^tp8 - xor $tp8,$tp4 # tp4^tp1^tp8 - xor $tp2,$tp8 - xor $tp4,$tp8 # tp8^(tp8^tp4^tp1)^(tp8^tp2^tp1)=tp8^tp4^tp2 - - xor $tp8,$tp1 - rol \$24,$tp2 # ROTATE(tp2^tp1^tp8,24) - xor $tp2,$tp1 - rol \$16,$tp4 # ROTATE(tp4^tp1^tp8,16) - xor $tp4,$tp1 - - mov $tp1,$i($ptr) -___ -} - -# int AES_set_decrypt_key(const unsigned char *userKey, const int bits, -# AES_KEY *key) -$code.=<<___; -.globl AES_set_decrypt_key -.type AES_set_decrypt_key,\@function,3 -.align 16 -AES_set_decrypt_key: -.cfi_startproc - endbranch - push %rbx -.cfi_push %rbx - push %rbp -.cfi_push %rbp - push %r12 -.cfi_push %r12 - push %r13 -.cfi_push %r13 - push %r14 -.cfi_push %r14 - push %r15 -.cfi_push %r15 - push %rdx # save key schedule -.cfi_adjust_cfa_offset 8 -.Ldec_key_prologue: - - call _x86_64_AES_set_encrypt_key - mov (%rsp),%r8 # restore key schedule - cmp \$0,%eax - jne .Labort - - mov 240(%r8),%r14d # pull number of rounds - xor %rdi,%rdi - lea (%rdi,%r14d,4),%rcx - mov %r8,%rsi - lea (%r8,%rcx,4),%rdi # pointer to last chunk -.align 4 -.Linvert: - mov 0(%rsi),%rax - mov 8(%rsi),%rbx - mov 0(%rdi),%rcx - mov 8(%rdi),%rdx - mov %rax,0(%rdi) - mov %rbx,8(%rdi) - mov %rcx,0(%rsi) - mov %rdx,8(%rsi) - lea 16(%rsi),%rsi - lea -16(%rdi),%rdi - cmp %rsi,%rdi - jne .Linvert - - lea .LAES_Te+2048+1024(%rip),%rax # rcon - - mov 40(%rax),$mask80 - mov 48(%rax),$maskfe - mov 56(%rax),$mask1b - - mov %r8,$key - sub \$1,%r14d -.align 4 -.Lpermute: - lea 16($key),$key - mov 0($key),%rax - mov 8($key),%rcx -___ - &dectransform (); -$code.=<<___; - mov %eax,0($key) - mov %ebx,4($key) - mov %ecx,8($key) - mov %edx,12($key) - sub \$1,%r14d - jnz .Lpermute - - xor %rax,%rax -.Labort: - mov 8(%rsp),%r15 -.cfi_restore %r15 - mov 16(%rsp),%r14 -.cfi_restore %r14 - mov 24(%rsp),%r13 -.cfi_restore %r13 - mov 32(%rsp),%r12 -.cfi_restore %r12 - mov 40(%rsp),%rbp -.cfi_restore %rbp - mov 48(%rsp),%rbx -.cfi_restore %rbx - add \$56,%rsp -.cfi_adjust_cfa_offset -56 -.Ldec_key_epilogue: - ret -.cfi_endproc -.size AES_set_decrypt_key,.-AES_set_decrypt_key -___ - -# void AES_cbc_encrypt (const void char *inp, unsigned char *out, -# size_t length, const AES_KEY *key, -# unsigned char *ivp,const int enc); -{ -# stack frame layout -# -8(%rsp) return address -my $keyp="0(%rsp)"; # one to pass as $key -my $keyend="8(%rsp)"; # &(keyp->rd_key[4*keyp->rounds]) -my $_rsp="16(%rsp)"; # saved %rsp -my $_inp="24(%rsp)"; # copy of 1st parameter, inp -my $_out="32(%rsp)"; # copy of 2nd parameter, out -my $_len="40(%rsp)"; # copy of 3rd parameter, length -my $_key="48(%rsp)"; # copy of 4th parameter, key -my $_ivp="56(%rsp)"; # copy of 5th parameter, ivp -my $ivec="64(%rsp)"; # ivec[16] -my $aes_key="80(%rsp)"; # copy of aes_key -my $mark="80+240(%rsp)"; # copy of aes_key->rounds - -$code.=<<___; -.globl AES_cbc_encrypt -.type AES_cbc_encrypt,\@function,6 -.align 16 -.extern OPENSSL_ia32cap_P -.globl asm_AES_cbc_encrypt -.hidden asm_AES_cbc_encrypt -asm_AES_cbc_encrypt: -AES_cbc_encrypt: -.cfi_startproc - endbranch - cmp \$0,%rdx # check length - je .Lcbc_epilogue - pushfq -# This could be .cfi_push 49, but libunwind fails on registers it does not -# recognize. See https://bugzilla.redhat.com/show_bug.cgi?id=217087. -.cfi_adjust_cfa_offset 8 - push %rbx -.cfi_push %rbx - push %rbp -.cfi_push %rbp - push %r12 -.cfi_push %r12 - push %r13 -.cfi_push %r13 - push %r14 -.cfi_push %r14 - push %r15 -.cfi_push %r15 -.Lcbc_prologue: - - cld - mov %r9d,%r9d # clear upper half of enc - - lea .LAES_Te(%rip),$sbox - lea .LAES_Td(%rip),%r10 - cmp \$0,%r9 - cmoveq %r10,$sbox - -.cfi_remember_state - mov OPENSSL_ia32cap_P(%rip),%r10d - cmp \$$speed_limit,%rdx - jb .Lcbc_slow_prologue - test \$15,%rdx - jnz .Lcbc_slow_prologue - bt \$28,%r10d - jc .Lcbc_slow_prologue - - # allocate aligned stack frame... - lea -88-248(%rsp),$key - and \$-64,$key - - # ... and make sure it doesn't alias with AES_T[ed] modulo 4096 - mov $sbox,%r10 - lea 2304($sbox),%r11 - mov $key,%r12 - and \$0xFFF,%r10 # s = $sbox&0xfff - and \$0xFFF,%r11 # e = ($sbox+2048)&0xfff - and \$0xFFF,%r12 # p = %rsp&0xfff - - cmp %r11,%r12 # if (p=>e) %rsp =- (p-e); - jb .Lcbc_te_break_out - sub %r11,%r12 - sub %r12,$key - jmp .Lcbc_te_ok -.Lcbc_te_break_out: # else %rsp -= (p-s)&0xfff + framesz - sub %r10,%r12 - and \$0xFFF,%r12 - add \$320,%r12 - sub %r12,$key -.align 4 -.Lcbc_te_ok: - - xchg %rsp,$key -.cfi_def_cfa_register $key - #add \$8,%rsp # reserve for return address! - mov $key,$_rsp # save %rsp -.cfi_cfa_expression $_rsp,deref,+64 -.Lcbc_fast_body: - mov %rdi,$_inp # save copy of inp - mov %rsi,$_out # save copy of out - mov %rdx,$_len # save copy of len - mov %rcx,$_key # save copy of key - mov %r8,$_ivp # save copy of ivp - movl \$0,$mark # copy of aes_key->rounds = 0; - mov %r8,%rbp # rearrange input arguments - mov %r9,%rbx - mov %rsi,$out - mov %rdi,$inp - mov %rcx,$key - - mov 240($key),%eax # key->rounds - # do we copy key schedule to stack? - mov $key,%r10 - sub $sbox,%r10 - and \$0xfff,%r10 - cmp \$2304,%r10 - jb .Lcbc_do_ecopy - cmp \$4096-248,%r10 - jb .Lcbc_skip_ecopy -.align 4 -.Lcbc_do_ecopy: - mov $key,%rsi - lea $aes_key,%rdi - lea $aes_key,$key - mov \$240/8,%ecx - .long 0x90A548F3 # rep movsq - mov %eax,(%rdi) # copy aes_key->rounds -.Lcbc_skip_ecopy: - mov $key,$keyp # save key pointer - - mov \$18,%ecx -.align 4 -.Lcbc_prefetch_te: - mov 0($sbox),%r10 - mov 32($sbox),%r11 - mov 64($sbox),%r12 - mov 96($sbox),%r13 - lea 128($sbox),$sbox - sub \$1,%ecx - jnz .Lcbc_prefetch_te - lea -2304($sbox),$sbox - - cmp \$0,%rbx - je .LFAST_DECRYPT - -#----------------------------- ENCRYPT -----------------------------# - mov 0(%rbp),$s0 # load iv - mov 4(%rbp),$s1 - mov 8(%rbp),$s2 - mov 12(%rbp),$s3 - -.align 4 -.Lcbc_fast_enc_loop: - xor 0($inp),$s0 - xor 4($inp),$s1 - xor 8($inp),$s2 - xor 12($inp),$s3 - mov $keyp,$key # restore key - mov $inp,$_inp # if ($verticalspin) save inp - - call _x86_64_AES_encrypt - - mov $_inp,$inp # if ($verticalspin) restore inp - mov $_len,%r10 - mov $s0,0($out) - mov $s1,4($out) - mov $s2,8($out) - mov $s3,12($out) - - lea 16($inp),$inp - lea 16($out),$out - sub \$16,%r10 - test \$-16,%r10 - mov %r10,$_len - jnz .Lcbc_fast_enc_loop - mov $_ivp,%rbp # restore ivp - mov $s0,0(%rbp) # save ivec - mov $s1,4(%rbp) - mov $s2,8(%rbp) - mov $s3,12(%rbp) - - jmp .Lcbc_fast_cleanup - -#----------------------------- DECRYPT -----------------------------# -.align 16 -.LFAST_DECRYPT: - cmp $inp,$out - je .Lcbc_fast_dec_in_place - - mov %rbp,$ivec -.align 4 -.Lcbc_fast_dec_loop: - mov 0($inp),$s0 # read input - mov 4($inp),$s1 - mov 8($inp),$s2 - mov 12($inp),$s3 - mov $keyp,$key # restore key - mov $inp,$_inp # if ($verticalspin) save inp - - call _x86_64_AES_decrypt - - mov $ivec,%rbp # load ivp - mov $_inp,$inp # if ($verticalspin) restore inp - mov $_len,%r10 # load len - xor 0(%rbp),$s0 # xor iv - xor 4(%rbp),$s1 - xor 8(%rbp),$s2 - xor 12(%rbp),$s3 - mov $inp,%rbp # current input, next iv - - sub \$16,%r10 - mov %r10,$_len # update len - mov %rbp,$ivec # update ivp - - mov $s0,0($out) # write output - mov $s1,4($out) - mov $s2,8($out) - mov $s3,12($out) - - lea 16($inp),$inp - lea 16($out),$out - jnz .Lcbc_fast_dec_loop - mov $_ivp,%r12 # load user ivp - mov 0(%rbp),%r10 # load iv - mov 8(%rbp),%r11 - mov %r10,0(%r12) # copy back to user - mov %r11,8(%r12) - jmp .Lcbc_fast_cleanup - -.align 16 -.Lcbc_fast_dec_in_place: - mov 0(%rbp),%r10 # copy iv to stack - mov 8(%rbp),%r11 - mov %r10,0+$ivec - mov %r11,8+$ivec -.align 4 -.Lcbc_fast_dec_in_place_loop: - mov 0($inp),$s0 # load input - mov 4($inp),$s1 - mov 8($inp),$s2 - mov 12($inp),$s3 - mov $keyp,$key # restore key - mov $inp,$_inp # if ($verticalspin) save inp - - call _x86_64_AES_decrypt - - mov $_inp,$inp # if ($verticalspin) restore inp - mov $_len,%r10 - xor 0+$ivec,$s0 - xor 4+$ivec,$s1 - xor 8+$ivec,$s2 - xor 12+$ivec,$s3 - - mov 0($inp),%r11 # load input - mov 8($inp),%r12 - sub \$16,%r10 - jz .Lcbc_fast_dec_in_place_done - - mov %r11,0+$ivec # copy input to iv - mov %r12,8+$ivec - - mov $s0,0($out) # save output [zaps input] - mov $s1,4($out) - mov $s2,8($out) - mov $s3,12($out) - - lea 16($inp),$inp - lea 16($out),$out - mov %r10,$_len - jmp .Lcbc_fast_dec_in_place_loop -.Lcbc_fast_dec_in_place_done: - mov $_ivp,%rdi - mov %r11,0(%rdi) # copy iv back to user - mov %r12,8(%rdi) - - mov $s0,0($out) # save output [zaps input] - mov $s1,4($out) - mov $s2,8($out) - mov $s3,12($out) - -.align 4 -.Lcbc_fast_cleanup: - cmpl \$0,$mark # was the key schedule copied? - lea $aes_key,%rdi - je .Lcbc_exit - mov \$240/8,%ecx - xor %rax,%rax - .long 0x90AB48F3 # rep stosq - - jmp .Lcbc_exit - -#--------------------------- SLOW ROUTINE ---------------------------# -.align 16 -.Lcbc_slow_prologue: -.cfi_restore_state - # allocate aligned stack frame... - lea -88(%rsp),%rbp - and \$-64,%rbp - # ... just "above" key schedule - lea -88-63(%rcx),%r10 - sub %rbp,%r10 - neg %r10 - and \$0x3c0,%r10 - sub %r10,%rbp - - xchg %rsp,%rbp -.cfi_def_cfa_register %rbp - #add \$8,%rsp # reserve for return address! - mov %rbp,$_rsp # save %rsp -.cfi_cfa_expression $_rsp,deref,+64 -.Lcbc_slow_body: - #mov %rdi,$_inp # save copy of inp - #mov %rsi,$_out # save copy of out - #mov %rdx,$_len # save copy of len - #mov %rcx,$_key # save copy of key - mov %r8,$_ivp # save copy of ivp - mov %r8,%rbp # rearrange input arguments - mov %r9,%rbx - mov %rsi,$out - mov %rdi,$inp - mov %rcx,$key - mov %rdx,%r10 - - mov 240($key),%eax - mov $key,$keyp # save key pointer - shl \$4,%eax - lea ($key,%rax),%rax - mov %rax,$keyend - - # pick Te4 copy which can't "overlap" with stack frame or key schedule - lea 2048($sbox),$sbox - lea 768-8(%rsp),%rax - sub $sbox,%rax - and \$0x300,%rax - lea ($sbox,%rax),$sbox - - cmp \$0,%rbx - je .LSLOW_DECRYPT - -#--------------------------- SLOW ENCRYPT ---------------------------# - test \$-16,%r10 # check upon length - mov 0(%rbp),$s0 # load iv - mov 4(%rbp),$s1 - mov 8(%rbp),$s2 - mov 12(%rbp),$s3 - jz .Lcbc_slow_enc_tail # short input... - -.align 4 -.Lcbc_slow_enc_loop: - xor 0($inp),$s0 - xor 4($inp),$s1 - xor 8($inp),$s2 - xor 12($inp),$s3 - mov $keyp,$key # restore key - mov $inp,$_inp # save inp - mov $out,$_out # save out - mov %r10,$_len # save len - - call _x86_64_AES_encrypt_compact - - mov $_inp,$inp # restore inp - mov $_out,$out # restore out - mov $_len,%r10 # restore len - mov $s0,0($out) - mov $s1,4($out) - mov $s2,8($out) - mov $s3,12($out) - - lea 16($inp),$inp - lea 16($out),$out - sub \$16,%r10 - test \$-16,%r10 - jnz .Lcbc_slow_enc_loop - test \$15,%r10 - jnz .Lcbc_slow_enc_tail - mov $_ivp,%rbp # restore ivp - mov $s0,0(%rbp) # save ivec - mov $s1,4(%rbp) - mov $s2,8(%rbp) - mov $s3,12(%rbp) - - jmp .Lcbc_exit - -.align 4 -.Lcbc_slow_enc_tail: - mov %rax,%r11 - mov %rcx,%r12 - mov %r10,%rcx - mov $inp,%rsi - mov $out,%rdi - .long 0x9066A4F3 # rep movsb - mov \$16,%rcx # zero tail - sub %r10,%rcx - xor %rax,%rax - .long 0x9066AAF3 # rep stosb - mov $out,$inp # this is not a mistake! - mov \$16,%r10 # len=16 - mov %r11,%rax - mov %r12,%rcx - jmp .Lcbc_slow_enc_loop # one more spin... -#--------------------------- SLOW DECRYPT ---------------------------# -.align 16 -.LSLOW_DECRYPT: - shr \$3,%rax - add %rax,$sbox # recall "magic" constants! - - mov 0(%rbp),%r11 # copy iv to stack - mov 8(%rbp),%r12 - mov %r11,0+$ivec - mov %r12,8+$ivec - -.align 4 -.Lcbc_slow_dec_loop: - mov 0($inp),$s0 # load input - mov 4($inp),$s1 - mov 8($inp),$s2 - mov 12($inp),$s3 - mov $keyp,$key # restore key - mov $inp,$_inp # save inp - mov $out,$_out # save out - mov %r10,$_len # save len - - call _x86_64_AES_decrypt_compact - - mov $_inp,$inp # restore inp - mov $_out,$out # restore out - mov $_len,%r10 - xor 0+$ivec,$s0 - xor 4+$ivec,$s1 - xor 8+$ivec,$s2 - xor 12+$ivec,$s3 - - mov 0($inp),%r11 # load input - mov 8($inp),%r12 - sub \$16,%r10 - jc .Lcbc_slow_dec_partial - jz .Lcbc_slow_dec_done - - mov %r11,0+$ivec # copy input to iv - mov %r12,8+$ivec - - mov $s0,0($out) # save output [can zap input] - mov $s1,4($out) - mov $s2,8($out) - mov $s3,12($out) - - lea 16($inp),$inp - lea 16($out),$out - jmp .Lcbc_slow_dec_loop -.Lcbc_slow_dec_done: - mov $_ivp,%rdi - mov %r11,0(%rdi) # copy iv back to user - mov %r12,8(%rdi) - - mov $s0,0($out) # save output [can zap input] - mov $s1,4($out) - mov $s2,8($out) - mov $s3,12($out) - - jmp .Lcbc_exit - -.align 4 -.Lcbc_slow_dec_partial: - mov $_ivp,%rdi - mov %r11,0(%rdi) # copy iv back to user - mov %r12,8(%rdi) - - mov $s0,0+$ivec # save output to stack - mov $s1,4+$ivec - mov $s2,8+$ivec - mov $s3,12+$ivec - - mov $out,%rdi - lea $ivec,%rsi - lea 16(%r10),%rcx - .long 0x9066A4F3 # rep movsb - jmp .Lcbc_exit - -.align 16 -.Lcbc_exit: - mov $_rsp,%rsi -.cfi_def_cfa %rsi,64 - mov (%rsi),%r15 -.cfi_restore %r15 - mov 8(%rsi),%r14 -.cfi_restore %r14 - mov 16(%rsi),%r13 -.cfi_restore %r13 - mov 24(%rsi),%r12 -.cfi_restore %r12 - mov 32(%rsi),%rbp -.cfi_restore %rbp - mov 40(%rsi),%rbx -.cfi_restore %rbx - lea 48(%rsi),%rsp -.cfi_def_cfa %rsp,16 -.Lcbc_popfq: - popfq -# This could be .cfi_pop 49, but libunwind fails on registers it does not -# recognize. See https://bugzilla.redhat.com/show_bug.cgi?id=217087. -.cfi_adjust_cfa_offset -8 -.Lcbc_epilogue: - ret -.cfi_endproc -.size AES_cbc_encrypt,.-AES_cbc_encrypt -___ -} - -$code.=<<___; -.align 64 -.LAES_Te: -___ - &_data_word(0xa56363c6, 0x847c7cf8, 0x997777ee, 0x8d7b7bf6); - &_data_word(0x0df2f2ff, 0xbd6b6bd6, 0xb16f6fde, 0x54c5c591); - &_data_word(0x50303060, 0x03010102, 0xa96767ce, 0x7d2b2b56); - &_data_word(0x19fefee7, 0x62d7d7b5, 0xe6abab4d, 0x9a7676ec); - &_data_word(0x45caca8f, 0x9d82821f, 0x40c9c989, 0x877d7dfa); - &_data_word(0x15fafaef, 0xeb5959b2, 0xc947478e, 0x0bf0f0fb); - &_data_word(0xecadad41, 0x67d4d4b3, 0xfda2a25f, 0xeaafaf45); - &_data_word(0xbf9c9c23, 0xf7a4a453, 0x967272e4, 0x5bc0c09b); - &_data_word(0xc2b7b775, 0x1cfdfde1, 0xae93933d, 0x6a26264c); - &_data_word(0x5a36366c, 0x413f3f7e, 0x02f7f7f5, 0x4fcccc83); - &_data_word(0x5c343468, 0xf4a5a551, 0x34e5e5d1, 0x08f1f1f9); - &_data_word(0x937171e2, 0x73d8d8ab, 0x53313162, 0x3f15152a); - &_data_word(0x0c040408, 0x52c7c795, 0x65232346, 0x5ec3c39d); - &_data_word(0x28181830, 0xa1969637, 0x0f05050a, 0xb59a9a2f); - &_data_word(0x0907070e, 0x36121224, 0x9b80801b, 0x3de2e2df); - &_data_word(0x26ebebcd, 0x6927274e, 0xcdb2b27f, 0x9f7575ea); - &_data_word(0x1b090912, 0x9e83831d, 0x742c2c58, 0x2e1a1a34); - &_data_word(0x2d1b1b36, 0xb26e6edc, 0xee5a5ab4, 0xfba0a05b); - &_data_word(0xf65252a4, 0x4d3b3b76, 0x61d6d6b7, 0xceb3b37d); - &_data_word(0x7b292952, 0x3ee3e3dd, 0x712f2f5e, 0x97848413); - &_data_word(0xf55353a6, 0x68d1d1b9, 0x00000000, 0x2cededc1); - &_data_word(0x60202040, 0x1ffcfce3, 0xc8b1b179, 0xed5b5bb6); - &_data_word(0xbe6a6ad4, 0x46cbcb8d, 0xd9bebe67, 0x4b393972); - &_data_word(0xde4a4a94, 0xd44c4c98, 0xe85858b0, 0x4acfcf85); - &_data_word(0x6bd0d0bb, 0x2aefefc5, 0xe5aaaa4f, 0x16fbfbed); - &_data_word(0xc5434386, 0xd74d4d9a, 0x55333366, 0x94858511); - &_data_word(0xcf45458a, 0x10f9f9e9, 0x06020204, 0x817f7ffe); - &_data_word(0xf05050a0, 0x443c3c78, 0xba9f9f25, 0xe3a8a84b); - &_data_word(0xf35151a2, 0xfea3a35d, 0xc0404080, 0x8a8f8f05); - &_data_word(0xad92923f, 0xbc9d9d21, 0x48383870, 0x04f5f5f1); - &_data_word(0xdfbcbc63, 0xc1b6b677, 0x75dadaaf, 0x63212142); - &_data_word(0x30101020, 0x1affffe5, 0x0ef3f3fd, 0x6dd2d2bf); - &_data_word(0x4ccdcd81, 0x140c0c18, 0x35131326, 0x2fececc3); - &_data_word(0xe15f5fbe, 0xa2979735, 0xcc444488, 0x3917172e); - &_data_word(0x57c4c493, 0xf2a7a755, 0x827e7efc, 0x473d3d7a); - &_data_word(0xac6464c8, 0xe75d5dba, 0x2b191932, 0x957373e6); - &_data_word(0xa06060c0, 0x98818119, 0xd14f4f9e, 0x7fdcdca3); - &_data_word(0x66222244, 0x7e2a2a54, 0xab90903b, 0x8388880b); - &_data_word(0xca46468c, 0x29eeeec7, 0xd3b8b86b, 0x3c141428); - &_data_word(0x79dedea7, 0xe25e5ebc, 0x1d0b0b16, 0x76dbdbad); - &_data_word(0x3be0e0db, 0x56323264, 0x4e3a3a74, 0x1e0a0a14); - &_data_word(0xdb494992, 0x0a06060c, 0x6c242448, 0xe45c5cb8); - &_data_word(0x5dc2c29f, 0x6ed3d3bd, 0xefacac43, 0xa66262c4); - &_data_word(0xa8919139, 0xa4959531, 0x37e4e4d3, 0x8b7979f2); - &_data_word(0x32e7e7d5, 0x43c8c88b, 0x5937376e, 0xb76d6dda); - &_data_word(0x8c8d8d01, 0x64d5d5b1, 0xd24e4e9c, 0xe0a9a949); - &_data_word(0xb46c6cd8, 0xfa5656ac, 0x07f4f4f3, 0x25eaeacf); - &_data_word(0xaf6565ca, 0x8e7a7af4, 0xe9aeae47, 0x18080810); - &_data_word(0xd5baba6f, 0x887878f0, 0x6f25254a, 0x722e2e5c); - &_data_word(0x241c1c38, 0xf1a6a657, 0xc7b4b473, 0x51c6c697); - &_data_word(0x23e8e8cb, 0x7cdddda1, 0x9c7474e8, 0x211f1f3e); - &_data_word(0xdd4b4b96, 0xdcbdbd61, 0x868b8b0d, 0x858a8a0f); - &_data_word(0x907070e0, 0x423e3e7c, 0xc4b5b571, 0xaa6666cc); - &_data_word(0xd8484890, 0x05030306, 0x01f6f6f7, 0x120e0e1c); - &_data_word(0xa36161c2, 0x5f35356a, 0xf95757ae, 0xd0b9b969); - &_data_word(0x91868617, 0x58c1c199, 0x271d1d3a, 0xb99e9e27); - &_data_word(0x38e1e1d9, 0x13f8f8eb, 0xb398982b, 0x33111122); - &_data_word(0xbb6969d2, 0x70d9d9a9, 0x898e8e07, 0xa7949433); - &_data_word(0xb69b9b2d, 0x221e1e3c, 0x92878715, 0x20e9e9c9); - &_data_word(0x49cece87, 0xff5555aa, 0x78282850, 0x7adfdfa5); - &_data_word(0x8f8c8c03, 0xf8a1a159, 0x80898909, 0x170d0d1a); - &_data_word(0xdabfbf65, 0x31e6e6d7, 0xc6424284, 0xb86868d0); - &_data_word(0xc3414182, 0xb0999929, 0x772d2d5a, 0x110f0f1e); - &_data_word(0xcbb0b07b, 0xfc5454a8, 0xd6bbbb6d, 0x3a16162c); - -#Te4 # four copies of Te4 to choose from to avoid L1 aliasing - &data_byte(0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5); - &data_byte(0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76); - &data_byte(0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0); - &data_byte(0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0); - &data_byte(0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc); - &data_byte(0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15); - &data_byte(0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a); - &data_byte(0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75); - &data_byte(0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0); - &data_byte(0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84); - &data_byte(0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b); - &data_byte(0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf); - &data_byte(0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85); - &data_byte(0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8); - &data_byte(0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5); - &data_byte(0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2); - &data_byte(0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17); - &data_byte(0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73); - &data_byte(0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88); - &data_byte(0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb); - &data_byte(0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c); - &data_byte(0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79); - &data_byte(0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9); - &data_byte(0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08); - &data_byte(0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6); - &data_byte(0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a); - &data_byte(0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e); - &data_byte(0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e); - &data_byte(0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94); - &data_byte(0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf); - &data_byte(0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68); - &data_byte(0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16); - - &data_byte(0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5); - &data_byte(0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76); - &data_byte(0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0); - &data_byte(0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0); - &data_byte(0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc); - &data_byte(0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15); - &data_byte(0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a); - &data_byte(0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75); - &data_byte(0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0); - &data_byte(0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84); - &data_byte(0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b); - &data_byte(0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf); - &data_byte(0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85); - &data_byte(0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8); - &data_byte(0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5); - &data_byte(0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2); - &data_byte(0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17); - &data_byte(0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73); - &data_byte(0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88); - &data_byte(0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb); - &data_byte(0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c); - &data_byte(0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79); - &data_byte(0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9); - &data_byte(0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08); - &data_byte(0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6); - &data_byte(0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a); - &data_byte(0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e); - &data_byte(0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e); - &data_byte(0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94); - &data_byte(0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf); - &data_byte(0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68); - &data_byte(0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16); - - &data_byte(0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5); - &data_byte(0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76); - &data_byte(0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0); - &data_byte(0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0); - &data_byte(0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc); - &data_byte(0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15); - &data_byte(0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a); - &data_byte(0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75); - &data_byte(0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0); - &data_byte(0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84); - &data_byte(0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b); - &data_byte(0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf); - &data_byte(0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85); - &data_byte(0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8); - &data_byte(0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5); - &data_byte(0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2); - &data_byte(0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17); - &data_byte(0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73); - &data_byte(0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88); - &data_byte(0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb); - &data_byte(0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c); - &data_byte(0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79); - &data_byte(0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9); - &data_byte(0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08); - &data_byte(0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6); - &data_byte(0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a); - &data_byte(0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e); - &data_byte(0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e); - &data_byte(0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94); - &data_byte(0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf); - &data_byte(0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68); - &data_byte(0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16); - - &data_byte(0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5); - &data_byte(0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76); - &data_byte(0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0); - &data_byte(0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0); - &data_byte(0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc); - &data_byte(0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15); - &data_byte(0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a); - &data_byte(0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75); - &data_byte(0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0); - &data_byte(0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84); - &data_byte(0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b); - &data_byte(0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf); - &data_byte(0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85); - &data_byte(0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8); - &data_byte(0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5); - &data_byte(0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2); - &data_byte(0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17); - &data_byte(0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73); - &data_byte(0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88); - &data_byte(0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb); - &data_byte(0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c); - &data_byte(0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79); - &data_byte(0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9); - &data_byte(0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08); - &data_byte(0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6); - &data_byte(0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a); - &data_byte(0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e); - &data_byte(0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e); - &data_byte(0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94); - &data_byte(0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf); - &data_byte(0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68); - &data_byte(0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16); -#rcon: -$code.=<<___; - .long 0x00000001, 0x00000002, 0x00000004, 0x00000008 - .long 0x00000010, 0x00000020, 0x00000040, 0x00000080 - .long 0x0000001b, 0x00000036, 0x80808080, 0x80808080 - .long 0xfefefefe, 0xfefefefe, 0x1b1b1b1b, 0x1b1b1b1b -___ -$code.=<<___; -.align 64 -.LAES_Td: -___ - &_data_word(0x50a7f451, 0x5365417e, 0xc3a4171a, 0x965e273a); - &_data_word(0xcb6bab3b, 0xf1459d1f, 0xab58faac, 0x9303e34b); - &_data_word(0x55fa3020, 0xf66d76ad, 0x9176cc88, 0x254c02f5); - &_data_word(0xfcd7e54f, 0xd7cb2ac5, 0x80443526, 0x8fa362b5); - &_data_word(0x495ab1de, 0x671bba25, 0x980eea45, 0xe1c0fe5d); - &_data_word(0x02752fc3, 0x12f04c81, 0xa397468d, 0xc6f9d36b); - &_data_word(0xe75f8f03, 0x959c9215, 0xeb7a6dbf, 0xda595295); - &_data_word(0x2d83bed4, 0xd3217458, 0x2969e049, 0x44c8c98e); - &_data_word(0x6a89c275, 0x78798ef4, 0x6b3e5899, 0xdd71b927); - &_data_word(0xb64fe1be, 0x17ad88f0, 0x66ac20c9, 0xb43ace7d); - &_data_word(0x184adf63, 0x82311ae5, 0x60335197, 0x457f5362); - &_data_word(0xe07764b1, 0x84ae6bbb, 0x1ca081fe, 0x942b08f9); - &_data_word(0x58684870, 0x19fd458f, 0x876cde94, 0xb7f87b52); - &_data_word(0x23d373ab, 0xe2024b72, 0x578f1fe3, 0x2aab5566); - &_data_word(0x0728ebb2, 0x03c2b52f, 0x9a7bc586, 0xa50837d3); - &_data_word(0xf2872830, 0xb2a5bf23, 0xba6a0302, 0x5c8216ed); - &_data_word(0x2b1ccf8a, 0x92b479a7, 0xf0f207f3, 0xa1e2694e); - &_data_word(0xcdf4da65, 0xd5be0506, 0x1f6234d1, 0x8afea6c4); - &_data_word(0x9d532e34, 0xa055f3a2, 0x32e18a05, 0x75ebf6a4); - &_data_word(0x39ec830b, 0xaaef6040, 0x069f715e, 0x51106ebd); - &_data_word(0xf98a213e, 0x3d06dd96, 0xae053edd, 0x46bde64d); - &_data_word(0xb58d5491, 0x055dc471, 0x6fd40604, 0xff155060); - &_data_word(0x24fb9819, 0x97e9bdd6, 0xcc434089, 0x779ed967); - &_data_word(0xbd42e8b0, 0x888b8907, 0x385b19e7, 0xdbeec879); - &_data_word(0x470a7ca1, 0xe90f427c, 0xc91e84f8, 0x00000000); - &_data_word(0x83868009, 0x48ed2b32, 0xac70111e, 0x4e725a6c); - &_data_word(0xfbff0efd, 0x5638850f, 0x1ed5ae3d, 0x27392d36); - &_data_word(0x64d90f0a, 0x21a65c68, 0xd1545b9b, 0x3a2e3624); - &_data_word(0xb1670a0c, 0x0fe75793, 0xd296eeb4, 0x9e919b1b); - &_data_word(0x4fc5c080, 0xa220dc61, 0x694b775a, 0x161a121c); - &_data_word(0x0aba93e2, 0xe52aa0c0, 0x43e0223c, 0x1d171b12); - &_data_word(0x0b0d090e, 0xadc78bf2, 0xb9a8b62d, 0xc8a91e14); - &_data_word(0x8519f157, 0x4c0775af, 0xbbdd99ee, 0xfd607fa3); - &_data_word(0x9f2601f7, 0xbcf5725c, 0xc53b6644, 0x347efb5b); - &_data_word(0x7629438b, 0xdcc623cb, 0x68fcedb6, 0x63f1e4b8); - &_data_word(0xcadc31d7, 0x10856342, 0x40229713, 0x2011c684); - &_data_word(0x7d244a85, 0xf83dbbd2, 0x1132f9ae, 0x6da129c7); - &_data_word(0x4b2f9e1d, 0xf330b2dc, 0xec52860d, 0xd0e3c177); - &_data_word(0x6c16b32b, 0x99b970a9, 0xfa489411, 0x2264e947); - &_data_word(0xc48cfca8, 0x1a3ff0a0, 0xd82c7d56, 0xef903322); - &_data_word(0xc74e4987, 0xc1d138d9, 0xfea2ca8c, 0x360bd498); - &_data_word(0xcf81f5a6, 0x28de7aa5, 0x268eb7da, 0xa4bfad3f); - &_data_word(0xe49d3a2c, 0x0d927850, 0x9bcc5f6a, 0x62467e54); - &_data_word(0xc2138df6, 0xe8b8d890, 0x5ef7392e, 0xf5afc382); - &_data_word(0xbe805d9f, 0x7c93d069, 0xa92dd56f, 0xb31225cf); - &_data_word(0x3b99acc8, 0xa77d1810, 0x6e639ce8, 0x7bbb3bdb); - &_data_word(0x097826cd, 0xf418596e, 0x01b79aec, 0xa89a4f83); - &_data_word(0x656e95e6, 0x7ee6ffaa, 0x08cfbc21, 0xe6e815ef); - &_data_word(0xd99be7ba, 0xce366f4a, 0xd4099fea, 0xd67cb029); - &_data_word(0xafb2a431, 0x31233f2a, 0x3094a5c6, 0xc066a235); - &_data_word(0x37bc4e74, 0xa6ca82fc, 0xb0d090e0, 0x15d8a733); - &_data_word(0x4a9804f1, 0xf7daec41, 0x0e50cd7f, 0x2ff69117); - &_data_word(0x8dd64d76, 0x4db0ef43, 0x544daacc, 0xdf0496e4); - &_data_word(0xe3b5d19e, 0x1b886a4c, 0xb81f2cc1, 0x7f516546); - &_data_word(0x04ea5e9d, 0x5d358c01, 0x737487fa, 0x2e410bfb); - &_data_word(0x5a1d67b3, 0x52d2db92, 0x335610e9, 0x1347d66d); - &_data_word(0x8c61d79a, 0x7a0ca137, 0x8e14f859, 0x893c13eb); - &_data_word(0xee27a9ce, 0x35c961b7, 0xede51ce1, 0x3cb1477a); - &_data_word(0x59dfd29c, 0x3f73f255, 0x79ce1418, 0xbf37c773); - &_data_word(0xeacdf753, 0x5baafd5f, 0x146f3ddf, 0x86db4478); - &_data_word(0x81f3afca, 0x3ec468b9, 0x2c342438, 0x5f40a3c2); - &_data_word(0x72c31d16, 0x0c25e2bc, 0x8b493c28, 0x41950dff); - &_data_word(0x7101a839, 0xdeb30c08, 0x9ce4b4d8, 0x90c15664); - &_data_word(0x6184cb7b, 0x70b632d5, 0x745c6c48, 0x4257b8d0); - -#Td4: # four copies of Td4 to choose from to avoid L1 aliasing - &data_byte(0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38); - &data_byte(0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb); - &data_byte(0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87); - &data_byte(0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb); - &data_byte(0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d); - &data_byte(0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e); - &data_byte(0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2); - &data_byte(0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25); - &data_byte(0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16); - &data_byte(0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92); - &data_byte(0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda); - &data_byte(0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84); - &data_byte(0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a); - &data_byte(0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06); - &data_byte(0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02); - &data_byte(0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b); - &data_byte(0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea); - &data_byte(0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73); - &data_byte(0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85); - &data_byte(0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e); - &data_byte(0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89); - &data_byte(0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b); - &data_byte(0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20); - &data_byte(0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4); - &data_byte(0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31); - &data_byte(0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f); - &data_byte(0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d); - &data_byte(0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef); - &data_byte(0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0); - &data_byte(0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61); - &data_byte(0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26); - &data_byte(0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d); -$code.=<<___; - .long 0x80808080, 0x80808080, 0xfefefefe, 0xfefefefe - .long 0x1b1b1b1b, 0x1b1b1b1b, 0, 0 -___ - &data_byte(0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38); - &data_byte(0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb); - &data_byte(0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87); - &data_byte(0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb); - &data_byte(0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d); - &data_byte(0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e); - &data_byte(0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2); - &data_byte(0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25); - &data_byte(0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16); - &data_byte(0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92); - &data_byte(0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda); - &data_byte(0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84); - &data_byte(0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a); - &data_byte(0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06); - &data_byte(0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02); - &data_byte(0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b); - &data_byte(0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea); - &data_byte(0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73); - &data_byte(0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85); - &data_byte(0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e); - &data_byte(0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89); - &data_byte(0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b); - &data_byte(0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20); - &data_byte(0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4); - &data_byte(0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31); - &data_byte(0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f); - &data_byte(0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d); - &data_byte(0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef); - &data_byte(0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0); - &data_byte(0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61); - &data_byte(0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26); - &data_byte(0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d); -$code.=<<___; - .long 0x80808080, 0x80808080, 0xfefefefe, 0xfefefefe - .long 0x1b1b1b1b, 0x1b1b1b1b, 0, 0 -___ - &data_byte(0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38); - &data_byte(0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb); - &data_byte(0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87); - &data_byte(0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb); - &data_byte(0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d); - &data_byte(0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e); - &data_byte(0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2); - &data_byte(0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25); - &data_byte(0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16); - &data_byte(0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92); - &data_byte(0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda); - &data_byte(0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84); - &data_byte(0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a); - &data_byte(0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06); - &data_byte(0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02); - &data_byte(0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b); - &data_byte(0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea); - &data_byte(0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73); - &data_byte(0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85); - &data_byte(0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e); - &data_byte(0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89); - &data_byte(0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b); - &data_byte(0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20); - &data_byte(0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4); - &data_byte(0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31); - &data_byte(0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f); - &data_byte(0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d); - &data_byte(0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef); - &data_byte(0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0); - &data_byte(0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61); - &data_byte(0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26); - &data_byte(0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d); -$code.=<<___; - .long 0x80808080, 0x80808080, 0xfefefefe, 0xfefefefe - .long 0x1b1b1b1b, 0x1b1b1b1b, 0, 0 -___ - &data_byte(0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38); - &data_byte(0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb); - &data_byte(0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87); - &data_byte(0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb); - &data_byte(0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d); - &data_byte(0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e); - &data_byte(0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2); - &data_byte(0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25); - &data_byte(0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16); - &data_byte(0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92); - &data_byte(0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda); - &data_byte(0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84); - &data_byte(0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a); - &data_byte(0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06); - &data_byte(0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02); - &data_byte(0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b); - &data_byte(0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea); - &data_byte(0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73); - &data_byte(0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85); - &data_byte(0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e); - &data_byte(0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89); - &data_byte(0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b); - &data_byte(0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20); - &data_byte(0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4); - &data_byte(0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31); - &data_byte(0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f); - &data_byte(0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d); - &data_byte(0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef); - &data_byte(0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0); - &data_byte(0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61); - &data_byte(0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26); - &data_byte(0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d); -$code.=<<___; - .long 0x80808080, 0x80808080, 0xfefefefe, 0xfefefefe - .long 0x1b1b1b1b, 0x1b1b1b1b, 0, 0 -.asciz "AES for x86_64, CRYPTOGAMS by " -.align 64 -___ - -# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame, -# CONTEXT *context,DISPATCHER_CONTEXT *disp) -if ($win64) { -$rec="%rcx"; -$frame="%rdx"; -$context="%r8"; -$disp="%r9"; - -$code.=<<___; -.extern __imp_RtlVirtualUnwind -.type block_se_handler,\@abi-omnipotent -.align 16 -block_se_handler: - push %rsi - push %rdi - push %rbx - push %rbp - push %r12 - push %r13 - push %r14 - push %r15 - pushfq - sub \$64,%rsp - - mov 120($context),%rax # pull context->Rax - mov 248($context),%rbx # pull context->Rip - - mov 8($disp),%rsi # disp->ImageBase - mov 56($disp),%r11 # disp->HandlerData - - mov 0(%r11),%r10d # HandlerData[0] - lea (%rsi,%r10),%r10 # prologue label - cmp %r10,%rbx # context->RipRsp - - mov 4(%r11),%r10d # HandlerData[1] - lea (%rsi,%r10),%r10 # epilogue label - cmp %r10,%rbx # context->Rip>=epilogue label - jae .Lin_block_prologue - - mov 24(%rax),%rax # pull saved real stack pointer - - mov -8(%rax),%rbx - mov -16(%rax),%rbp - mov -24(%rax),%r12 - mov -32(%rax),%r13 - mov -40(%rax),%r14 - mov -48(%rax),%r15 - mov %rbx,144($context) # restore context->Rbx - mov %rbp,160($context) # restore context->Rbp - mov %r12,216($context) # restore context->R12 - mov %r13,224($context) # restore context->R13 - mov %r14,232($context) # restore context->R14 - mov %r15,240($context) # restore context->R15 - -.Lin_block_prologue: - mov 8(%rax),%rdi - mov 16(%rax),%rsi - mov %rax,152($context) # restore context->Rsp - mov %rsi,168($context) # restore context->Rsi - mov %rdi,176($context) # restore context->Rdi - - jmp .Lcommon_seh_exit -.size block_se_handler,.-block_se_handler - -.type key_se_handler,\@abi-omnipotent -.align 16 -key_se_handler: - push %rsi - push %rdi - push %rbx - push %rbp - push %r12 - push %r13 - push %r14 - push %r15 - pushfq - sub \$64,%rsp - - mov 120($context),%rax # pull context->Rax - mov 248($context),%rbx # pull context->Rip - - mov 8($disp),%rsi # disp->ImageBase - mov 56($disp),%r11 # disp->HandlerData - - mov 0(%r11),%r10d # HandlerData[0] - lea (%rsi,%r10),%r10 # prologue label - cmp %r10,%rbx # context->RipRsp - - mov 4(%r11),%r10d # HandlerData[1] - lea (%rsi,%r10),%r10 # epilogue label - cmp %r10,%rbx # context->Rip>=epilogue label - jae .Lin_key_prologue - - lea 56(%rax),%rax - - mov -8(%rax),%rbx - mov -16(%rax),%rbp - mov -24(%rax),%r12 - mov -32(%rax),%r13 - mov -40(%rax),%r14 - mov -48(%rax),%r15 - mov %rbx,144($context) # restore context->Rbx - mov %rbp,160($context) # restore context->Rbp - mov %r12,216($context) # restore context->R12 - mov %r13,224($context) # restore context->R13 - mov %r14,232($context) # restore context->R14 - mov %r15,240($context) # restore context->R15 - -.Lin_key_prologue: - mov 8(%rax),%rdi - mov 16(%rax),%rsi - mov %rax,152($context) # restore context->Rsp - mov %rsi,168($context) # restore context->Rsi - mov %rdi,176($context) # restore context->Rdi - - jmp .Lcommon_seh_exit -.size key_se_handler,.-key_se_handler - -.type cbc_se_handler,\@abi-omnipotent -.align 16 -cbc_se_handler: - push %rsi - push %rdi - push %rbx - push %rbp - push %r12 - push %r13 - push %r14 - push %r15 - pushfq - sub \$64,%rsp - - mov 120($context),%rax # pull context->Rax - mov 248($context),%rbx # pull context->Rip - - lea .Lcbc_prologue(%rip),%r10 - cmp %r10,%rbx # context->Rip<.Lcbc_prologue - jb .Lin_cbc_prologue - - lea .Lcbc_fast_body(%rip),%r10 - cmp %r10,%rbx # context->Rip<.Lcbc_fast_body - jb .Lin_cbc_frame_setup - - lea .Lcbc_slow_prologue(%rip),%r10 - cmp %r10,%rbx # context->Rip<.Lcbc_slow_prologue - jb .Lin_cbc_body - - lea .Lcbc_slow_body(%rip),%r10 - cmp %r10,%rbx # context->Rip<.Lcbc_slow_body - jb .Lin_cbc_frame_setup - -.Lin_cbc_body: - mov 152($context),%rax # pull context->Rsp - - lea .Lcbc_epilogue(%rip),%r10 - cmp %r10,%rbx # context->Rip>=.Lcbc_epilogue - jae .Lin_cbc_prologue - - lea 8(%rax),%rax - - lea .Lcbc_popfq(%rip),%r10 - cmp %r10,%rbx # context->Rip>=.Lcbc_popfq - jae .Lin_cbc_prologue - - mov `16-8`(%rax),%rax # biased $_rsp - lea 56(%rax),%rax - -.Lin_cbc_frame_setup: - mov -16(%rax),%rbx - mov -24(%rax),%rbp - mov -32(%rax),%r12 - mov -40(%rax),%r13 - mov -48(%rax),%r14 - mov -56(%rax),%r15 - mov %rbx,144($context) # restore context->Rbx - mov %rbp,160($context) # restore context->Rbp - mov %r12,216($context) # restore context->R12 - mov %r13,224($context) # restore context->R13 - mov %r14,232($context) # restore context->R14 - mov %r15,240($context) # restore context->R15 - -.Lin_cbc_prologue: - mov 8(%rax),%rdi - mov 16(%rax),%rsi - mov %rax,152($context) # restore context->Rsp - mov %rsi,168($context) # restore context->Rsi - mov %rdi,176($context) # restore context->Rdi - -.Lcommon_seh_exit: - - mov 40($disp),%rdi # disp->ContextRecord - mov $context,%rsi # context - mov \$`1232/8`,%ecx # sizeof(CONTEXT) - .long 0xa548f3fc # cld; rep movsq - - mov $disp,%rsi - xor %rcx,%rcx # arg1, UNW_FLAG_NHANDLER - mov 8(%rsi),%rdx # arg2, disp->ImageBase - mov 0(%rsi),%r8 # arg3, disp->ControlPc - mov 16(%rsi),%r9 # arg4, disp->FunctionEntry - mov 40(%rsi),%r10 # disp->ContextRecord - lea 56(%rsi),%r11 # &disp->HandlerData - lea 24(%rsi),%r12 # &disp->EstablisherFrame - mov %r10,32(%rsp) # arg5 - mov %r11,40(%rsp) # arg6 - mov %r12,48(%rsp) # arg7 - mov %rcx,56(%rsp) # arg8, (NULL) - call *__imp_RtlVirtualUnwind(%rip) - - mov \$1,%eax # ExceptionContinueSearch - add \$64,%rsp - popfq - pop %r15 - pop %r14 - pop %r13 - pop %r12 - pop %rbp - pop %rbx - pop %rdi - pop %rsi - ret -.size cbc_se_handler,.-cbc_se_handler - -.section .pdata -.align 4 - .rva .LSEH_begin_AES_encrypt - .rva .LSEH_end_AES_encrypt - .rva .LSEH_info_AES_encrypt - - .rva .LSEH_begin_AES_decrypt - .rva .LSEH_end_AES_decrypt - .rva .LSEH_info_AES_decrypt - - .rva .LSEH_begin_AES_set_encrypt_key - .rva .LSEH_end_AES_set_encrypt_key - .rva .LSEH_info_AES_set_encrypt_key - - .rva .LSEH_begin_AES_set_decrypt_key - .rva .LSEH_end_AES_set_decrypt_key - .rva .LSEH_info_AES_set_decrypt_key - - .rva .LSEH_begin_AES_cbc_encrypt - .rva .LSEH_end_AES_cbc_encrypt - .rva .LSEH_info_AES_cbc_encrypt - -.section .xdata -.align 8 -.LSEH_info_AES_encrypt: - .byte 9,0,0,0 - .rva block_se_handler - .rva .Lenc_prologue,.Lenc_epilogue # HandlerData[] -.LSEH_info_AES_decrypt: - .byte 9,0,0,0 - .rva block_se_handler - .rva .Ldec_prologue,.Ldec_epilogue # HandlerData[] -.LSEH_info_AES_set_encrypt_key: - .byte 9,0,0,0 - .rva key_se_handler - .rva .Lenc_key_prologue,.Lenc_key_epilogue # HandlerData[] -.LSEH_info_AES_set_decrypt_key: - .byte 9,0,0,0 - .rva key_se_handler - .rva .Ldec_key_prologue,.Ldec_key_epilogue # HandlerData[] -.LSEH_info_AES_cbc_encrypt: - .byte 9,0,0,0 - .rva cbc_se_handler -___ -} - -$code =~ s/\`([^\`]*)\`/eval($1)/gem; - -print $code; - -close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/aes/asm/aesfx-sparcv9.pl b/crypto/aes/asm/aesfx-sparcv9.pl deleted file mode 100644 index 27233d03af7b9395ef75c938f19d5d00e6c63d8f..0000000000000000000000000000000000000000 --- a/crypto/aes/asm/aesfx-sparcv9.pl +++ /dev/null @@ -1,1272 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - -# -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# ==================================================================== - -# March 2016 -# -# Initial support for Fujitsu SPARC64 X/X+ comprises minimally -# required key setup and single-block procedures. -# -# April 2016 -# -# Add "teaser" CBC and CTR mode-specific subroutines. "Teaser" means -# that parallelizable nature of CBC decrypt and CTR is not utilized -# yet. CBC encrypt on the other hand is as good as it can possibly -# get processing one byte in 4.1 cycles with 128-bit key on SPARC64 X. -# This is ~6x faster than pure software implementation... -# -# July 2016 -# -# Switch from faligndata to fshiftorx, which allows to omit alignaddr -# instructions and improve single-block and short-input performance -# with misaligned data. - -$output = pop and open STDOUT,">$output"; - -{ -my ($inp,$out,$key,$rounds,$tmp,$mask) = map("%o$_",(0..5)); - -$code.=<<___; -#ifndef __ASSEMBLER__ -# define __ASSEMBLER__ 1 -#endif -#include "crypto/sparc_arch.h" - -#define LOCALS (STACK_BIAS+STACK_FRAME) - -.text - -.globl aes_fx_encrypt -.align 32 -aes_fx_encrypt: - and $inp, 7, $tmp ! is input aligned? - andn $inp, 7, $inp - ldd [$key + 0], %f6 ! round[0] - ldd [$key + 8], %f8 - mov %o7, %g1 - ld [$key + 240], $rounds - -1: call .+8 - add %o7, .Linp_align-1b, %o7 - - sll $tmp, 3, $tmp - ldd [$inp + 0], %f0 ! load input - brz,pt $tmp, .Lenc_inp_aligned - ldd [$inp + 8], %f2 - - ldd [%o7 + $tmp], %f14 ! shift left params - ldd [$inp + 16], %f4 - fshiftorx %f0, %f2, %f14, %f0 - fshiftorx %f2, %f4, %f14, %f2 - -.Lenc_inp_aligned: - ldd [$key + 16], %f10 ! round[1] - ldd [$key + 24], %f12 - - fxor %f0, %f6, %f0 ! ^=round[0] - fxor %f2, %f8, %f2 - ldd [$key + 32], %f6 ! round[2] - ldd [$key + 40], %f8 - add $key, 32, $key - sub $rounds, 4, $rounds - -.Loop_enc: - fmovd %f0, %f4 - faesencx %f2, %f10, %f0 - faesencx %f4, %f12, %f2 - ldd [$key + 16], %f10 - ldd [$key + 24], %f12 - add $key, 32, $key - - fmovd %f0, %f4 - faesencx %f2, %f6, %f0 - faesencx %f4, %f8, %f2 - ldd [$key + 0], %f6 - ldd [$key + 8], %f8 - - brnz,a $rounds, .Loop_enc - sub $rounds, 2, $rounds - - andcc $out, 7, $tmp ! is output aligned? - andn $out, 7, $out - mov 0xff, $mask - srl $mask, $tmp, $mask - add %o7, 64, %o7 - sll $tmp, 3, $tmp - - fmovd %f0, %f4 - faesencx %f2, %f10, %f0 - faesencx %f4, %f12, %f2 - ldd [%o7 + $tmp], %f14 ! shift right params - - fmovd %f0, %f4 - faesenclx %f2, %f6, %f0 - faesenclx %f4, %f8, %f2 - - bnz,pn %icc, .Lenc_out_unaligned - mov %g1, %o7 - - std %f0, [$out + 0] - retl - std %f2, [$out + 8] - -.align 16 -.Lenc_out_unaligned: - add $out, 16, $inp - orn %g0, $mask, $tmp - fshiftorx %f0, %f0, %f14, %f4 - fshiftorx %f0, %f2, %f14, %f6 - fshiftorx %f2, %f2, %f14, %f8 - - stda %f4, [$out + $mask]0xc0 ! partial store - std %f6, [$out + 8] - stda %f8, [$inp + $tmp]0xc0 ! partial store - retl - nop -.type aes_fx_encrypt,#function -.size aes_fx_encrypt,.-aes_fx_encrypt - -.globl aes_fx_decrypt -.align 32 -aes_fx_decrypt: - and $inp, 7, $tmp ! is input aligned? - andn $inp, 7, $inp - ldd [$key + 0], %f6 ! round[0] - ldd [$key + 8], %f8 - mov %o7, %g1 - ld [$key + 240], $rounds - -1: call .+8 - add %o7, .Linp_align-1b, %o7 - - sll $tmp, 3, $tmp - ldd [$inp + 0], %f0 ! load input - brz,pt $tmp, .Ldec_inp_aligned - ldd [$inp + 8], %f2 - - ldd [%o7 + $tmp], %f14 ! shift left params - ldd [$inp + 16], %f4 - fshiftorx %f0, %f2, %f14, %f0 - fshiftorx %f2, %f4, %f14, %f2 - -.Ldec_inp_aligned: - ldd [$key + 16], %f10 ! round[1] - ldd [$key + 24], %f12 - - fxor %f0, %f6, %f0 ! ^=round[0] - fxor %f2, %f8, %f2 - ldd [$key + 32], %f6 ! round[2] - ldd [$key + 40], %f8 - add $key, 32, $key - sub $rounds, 4, $rounds - -.Loop_dec: - fmovd %f0, %f4 - faesdecx %f2, %f10, %f0 - faesdecx %f4, %f12, %f2 - ldd [$key + 16], %f10 - ldd [$key + 24], %f12 - add $key, 32, $key - - fmovd %f0, %f4 - faesdecx %f2, %f6, %f0 - faesdecx %f4, %f8, %f2 - ldd [$key + 0], %f6 - ldd [$key + 8], %f8 - - brnz,a $rounds, .Loop_dec - sub $rounds, 2, $rounds - - andcc $out, 7, $tmp ! is output aligned? - andn $out, 7, $out - mov 0xff, $mask - srl $mask, $tmp, $mask - add %o7, 64, %o7 - sll $tmp, 3, $tmp - - fmovd %f0, %f4 - faesdecx %f2, %f10, %f0 - faesdecx %f4, %f12, %f2 - ldd [%o7 + $tmp], %f14 ! shift right params - - fmovd %f0, %f4 - faesdeclx %f2, %f6, %f0 - faesdeclx %f4, %f8, %f2 - - bnz,pn %icc, .Ldec_out_unaligned - mov %g1, %o7 - - std %f0, [$out + 0] - retl - std %f2, [$out + 8] - -.align 16 -.Ldec_out_unaligned: - add $out, 16, $inp - orn %g0, $mask, $tmp - fshiftorx %f0, %f0, %f14, %f4 - fshiftorx %f0, %f2, %f14, %f6 - fshiftorx %f2, %f2, %f14, %f8 - - stda %f4, [$out + $mask]0xc0 ! partial store - std %f6, [$out + 8] - stda %f8, [$inp + $tmp]0xc0 ! partial store - retl - nop -.type aes_fx_decrypt,#function -.size aes_fx_decrypt,.-aes_fx_decrypt -___ -} -{ -my ($inp,$bits,$out,$tmp,$inc) = map("%o$_",(0..5)); -$code.=<<___; -.globl aes_fx_set_decrypt_key -.align 32 -aes_fx_set_decrypt_key: - b .Lset_encrypt_key - mov -1, $inc - retl - nop -.type aes_fx_set_decrypt_key,#function -.size aes_fx_set_decrypt_key,.-aes_fx_set_decrypt_key - -.globl aes_fx_set_encrypt_key -.align 32 -aes_fx_set_encrypt_key: - mov 1, $inc - nop -.Lset_encrypt_key: - and $inp, 7, $tmp - andn $inp, 7, $inp - sll $tmp, 3, $tmp - mov %o7, %g1 - -1: call .+8 - add %o7, .Linp_align-1b, %o7 - - ldd [%o7 + $tmp], %f10 ! shift left params - mov %g1, %o7 - - cmp $bits, 192 - ldd [$inp + 0], %f0 - bl,pt %icc, .L128 - ldd [$inp + 8], %f2 - - be,pt %icc, .L192 - ldd [$inp + 16], %f4 - brz,pt $tmp, .L256aligned - ldd [$inp + 24], %f6 - - ldd [$inp + 32], %f8 - fshiftorx %f0, %f2, %f10, %f0 - fshiftorx %f2, %f4, %f10, %f2 - fshiftorx %f4, %f6, %f10, %f4 - fshiftorx %f6, %f8, %f10, %f6 - -.L256aligned: - mov 14, $bits - and $inc, `14*16`, $tmp - st $bits, [$out + 240] ! store rounds - add $out, $tmp, $out ! start or end of key schedule - sllx $inc, 4, $inc ! 16 or -16 -___ -for ($i=0; $i<6; $i++) { - $code.=<<___; - std %f0, [$out + 0] - faeskeyx %f6, `0x10+$i`, %f0 - std %f2, [$out + 8] - add $out, $inc, $out - faeskeyx %f0, 0x00, %f2 - std %f4, [$out + 0] - faeskeyx %f2, 0x01, %f4 - std %f6, [$out + 8] - add $out, $inc, $out - faeskeyx %f4, 0x00, %f6 -___ -} -$code.=<<___; - std %f0, [$out + 0] - faeskeyx %f6, `0x10+$i`, %f0 - std %f2, [$out + 8] - add $out, $inc, $out - faeskeyx %f0, 0x00, %f2 - std %f4,[$out + 0] - std %f6,[$out + 8] - add $out, $inc, $out - std %f0,[$out + 0] - std %f2,[$out + 8] - retl - xor %o0, %o0, %o0 ! return 0 - -.align 16 -.L192: - brz,pt $tmp, .L192aligned - nop - - ldd [$inp + 24], %f6 - fshiftorx %f0, %f2, %f10, %f0 - fshiftorx %f2, %f4, %f10, %f2 - fshiftorx %f4, %f6, %f10, %f4 - -.L192aligned: - mov 12, $bits - and $inc, `12*16`, $tmp - st $bits, [$out + 240] ! store rounds - add $out, $tmp, $out ! start or end of key schedule - sllx $inc, 4, $inc ! 16 or -16 -___ -for ($i=0; $i<8; $i+=2) { - $code.=<<___; - std %f0, [$out + 0] - faeskeyx %f4, `0x10+$i`, %f0 - std %f2, [$out + 8] - add $out, $inc, $out - faeskeyx %f0, 0x00, %f2 - std %f4, [$out + 0] - faeskeyx %f2, 0x00, %f4 - std %f0, [$out + 8] - add $out, $inc, $out - faeskeyx %f4, `0x10+$i+1`, %f0 - std %f2, [$out + 0] - faeskeyx %f0, 0x00, %f2 - std %f4, [$out + 8] - add $out, $inc, $out -___ -$code.=<<___ if ($i<6); - faeskeyx %f2, 0x00, %f4 -___ -} -$code.=<<___; - std %f0, [$out + 0] - std %f2, [$out + 8] - retl - xor %o0, %o0, %o0 ! return 0 - -.align 16 -.L128: - brz,pt $tmp, .L128aligned - nop - - ldd [$inp + 16], %f4 - fshiftorx %f0, %f2, %f10, %f0 - fshiftorx %f2, %f4, %f10, %f2 - -.L128aligned: - mov 10, $bits - and $inc, `10*16`, $tmp - st $bits, [$out + 240] ! store rounds - add $out, $tmp, $out ! start or end of key schedule - sllx $inc, 4, $inc ! 16 or -16 -___ -for ($i=0; $i<10; $i++) { - $code.=<<___; - std %f0, [$out + 0] - faeskeyx %f2, `0x10+$i`, %f0 - std %f2, [$out + 8] - add $out, $inc, $out - faeskeyx %f0, 0x00, %f2 -___ -} -$code.=<<___; - std %f0, [$out + 0] - std %f2, [$out + 8] - retl - xor %o0, %o0, %o0 ! return 0 -.type aes_fx_set_encrypt_key,#function -.size aes_fx_set_encrypt_key,.-aes_fx_set_encrypt_key -___ -} -{ -my ($inp,$out,$len,$key,$ivp,$dir) = map("%i$_",(0..5)); -my ($rounds,$inner,$end,$inc,$ialign,$oalign,$mask) = map("%l$_",(0..7)); -my ($iv0,$iv1,$r0hi,$r0lo,$rlhi,$rllo,$in0,$in1,$intail,$outhead,$fshift) - = map("%f$_",grep { !($_ & 1) } (16 .. 62)); -my ($ileft,$iright) = ($ialign,$oalign); - -$code.=<<___; -.globl aes_fx_cbc_encrypt -.align 32 -aes_fx_cbc_encrypt: - save %sp, -STACK_FRAME-16, %sp - srln $len, 4, $len - and $inp, 7, $ialign - andn $inp, 7, $inp - brz,pn $len, .Lcbc_no_data - sll $ialign, 3, $ileft - -1: call .+8 - add %o7, .Linp_align-1b, %o7 - - ld [$key + 240], $rounds - and $out, 7, $oalign - ld [$ivp + 0], %f0 ! load ivec - andn $out, 7, $out - ld [$ivp + 4], %f1 - sll $oalign, 3, $mask - ld [$ivp + 8], %f2 - ld [$ivp + 12], %f3 - - sll $rounds, 4, $rounds - add $rounds, $key, $end - ldd [$key + 0], $r0hi ! round[0] - ldd [$key + 8], $r0lo - - add $inp, 16, $inp - sub $len, 1, $len - ldd [$end + 0], $rlhi ! round[last] - ldd [$end + 8], $rllo - - mov 16, $inc - movrz $len, 0, $inc - ldd [$key + 16], %f10 ! round[1] - ldd [$key + 24], %f12 - - ldd [%o7 + $ileft], $fshift ! shift left params - add %o7, 64, %o7 - ldd [$inp - 16], $in0 ! load input - ldd [$inp - 8], $in1 - ldda [$inp]0x82, $intail ! non-faulting load - brz $dir, .Lcbc_decrypt - add $inp, $inc, $inp ! inp+=16 - - fxor $r0hi, %f0, %f0 ! ivec^=round[0] - fxor $r0lo, %f2, %f2 - fshiftorx $in0, $in1, $fshift, $in0 - fshiftorx $in1, $intail, $fshift, $in1 - nop - -.Loop_cbc_enc: - fxor $in0, %f0, %f0 ! inp^ivec^round[0] - fxor $in1, %f2, %f2 - ldd [$key + 32], %f6 ! round[2] - ldd [$key + 40], %f8 - add $key, 32, $end - sub $rounds, 16*6, $inner - -.Lcbc_enc: - fmovd %f0, %f4 - faesencx %f2, %f10, %f0 - faesencx %f4, %f12, %f2 - ldd [$end + 16], %f10 - ldd [$end + 24], %f12 - add $end, 32, $end - - fmovd %f0, %f4 - faesencx %f2, %f6, %f0 - faesencx %f4, %f8, %f2 - ldd [$end + 0], %f6 - ldd [$end + 8], %f8 - - brnz,a $inner, .Lcbc_enc - sub $inner, 16*2, $inner - - fmovd %f0, %f4 - faesencx %f2, %f10, %f0 - faesencx %f4, %f12, %f2 - ldd [$end + 16], %f10 ! round[last-1] - ldd [$end + 24], %f12 - - movrz $len, 0, $inc - fmovd $intail, $in0 - ldd [$inp - 8], $in1 ! load next input block - ldda [$inp]0x82, $intail ! non-faulting load - add $inp, $inc, $inp ! inp+=16 - - fmovd %f0, %f4 - faesencx %f2, %f6, %f0 - faesencx %f4, %f8, %f2 - - fshiftorx $in0, $in1, $fshift, $in0 - fshiftorx $in1, $intail, $fshift, $in1 - - fmovd %f0, %f4 - faesencx %f2, %f10, %f0 - faesencx %f4, %f12, %f2 - ldd [$key + 16], %f10 ! round[1] - ldd [$key + 24], %f12 - - fxor $r0hi, $in0, $in0 ! inp^=round[0] - fxor $r0lo, $in1, $in1 - - fmovd %f0, %f4 - faesenclx %f2, $rlhi, %f0 - faesenclx %f4, $rllo, %f2 - - brnz,pn $oalign, .Lcbc_enc_unaligned_out - nop - - std %f0, [$out + 0] - std %f2, [$out + 8] - add $out, 16, $out - - brnz,a $len, .Loop_cbc_enc - sub $len, 1, $len - - st %f0, [$ivp + 0] ! output ivec - st %f1, [$ivp + 4] - st %f2, [$ivp + 8] - st %f3, [$ivp + 12] - -.Lcbc_no_data: - ret - restore - -.align 32 -.Lcbc_enc_unaligned_out: - ldd [%o7 + $mask], $fshift ! shift right params - mov 0xff, $mask - srl $mask, $oalign, $mask - sub %g0, $ileft, $iright - - fshiftorx %f0, %f0, $fshift, %f6 - fshiftorx %f0, %f2, $fshift, %f8 - - stda %f6, [$out + $mask]0xc0 ! partial store - orn %g0, $mask, $mask - std %f8, [$out + 8] - add $out, 16, $out - brz $len, .Lcbc_enc_unaligned_out_done - sub $len, 1, $len - b .Loop_cbc_enc_unaligned_out - nop - -.align 32 -.Loop_cbc_enc_unaligned_out: - fmovd %f2, $outhead - fxor $in0, %f0, %f0 ! inp^ivec^round[0] - fxor $in1, %f2, %f2 - ldd [$key + 32], %f6 ! round[2] - ldd [$key + 40], %f8 - - fmovd %f0, %f4 - faesencx %f2, %f10, %f0 - faesencx %f4, %f12, %f2 - ldd [$key + 48], %f10 ! round[3] - ldd [$key + 56], %f12 - - ldx [$inp - 16], %o0 - ldx [$inp - 8], %o1 - brz $ileft, .Lcbc_enc_aligned_inp - movrz $len, 0, $inc - - ldx [$inp], %o2 - sllx %o0, $ileft, %o0 - srlx %o1, $iright, %g1 - sllx %o1, $ileft, %o1 - or %g1, %o0, %o0 - srlx %o2, $iright, %o2 - or %o2, %o1, %o1 - -.Lcbc_enc_aligned_inp: - fmovd %f0, %f4 - faesencx %f2, %f6, %f0 - faesencx %f4, %f8, %f2 - ldd [$key + 64], %f6 ! round[4] - ldd [$key + 72], %f8 - add $key, 64, $end - sub $rounds, 16*8, $inner - - stx %o0, [%sp + LOCALS + 0] - stx %o1, [%sp + LOCALS + 8] - add $inp, $inc, $inp ! inp+=16 - nop - -.Lcbc_enc_unaligned: - fmovd %f0, %f4 - faesencx %f2, %f10, %f0 - faesencx %f4, %f12, %f2 - ldd [$end + 16], %f10 - ldd [$end + 24], %f12 - add $end, 32, $end - - fmovd %f0, %f4 - faesencx %f2, %f6, %f0 - faesencx %f4, %f8, %f2 - ldd [$end + 0], %f6 - ldd [$end + 8], %f8 - - brnz,a $inner, .Lcbc_enc_unaligned - sub $inner, 16*2, $inner - - fmovd %f0, %f4 - faesencx %f2, %f10, %f0 - faesencx %f4, %f12, %f2 - ldd [$end + 16], %f10 ! round[last-1] - ldd [$end + 24], %f12 - - fmovd %f0, %f4 - faesencx %f2, %f6, %f0 - faesencx %f4, %f8, %f2 - - ldd [%sp + LOCALS + 0], $in0 - ldd [%sp + LOCALS + 8], $in1 - - fmovd %f0, %f4 - faesencx %f2, %f10, %f0 - faesencx %f4, %f12, %f2 - ldd [$key + 16], %f10 ! round[1] - ldd [$key + 24], %f12 - - fxor $r0hi, $in0, $in0 ! inp^=round[0] - fxor $r0lo, $in1, $in1 - - fmovd %f0, %f4 - faesenclx %f2, $rlhi, %f0 - faesenclx %f4, $rllo, %f2 - - fshiftorx $outhead, %f0, $fshift, %f6 - fshiftorx %f0, %f2, $fshift, %f8 - std %f6, [$out + 0] - std %f8, [$out + 8] - add $out, 16, $out - - brnz,a $len, .Loop_cbc_enc_unaligned_out - sub $len, 1, $len - -.Lcbc_enc_unaligned_out_done: - fshiftorx %f2, %f2, $fshift, %f8 - stda %f8, [$out + $mask]0xc0 ! partial store - - st %f0, [$ivp + 0] ! output ivec - st %f1, [$ivp + 4] - st %f2, [$ivp + 8] - st %f3, [$ivp + 12] - - ret - restore - -.align 32 -.Lcbc_decrypt: - fshiftorx $in0, $in1, $fshift, $in0 - fshiftorx $in1, $intail, $fshift, $in1 - fmovd %f0, $iv0 - fmovd %f2, $iv1 - -.Loop_cbc_dec: - fxor $in0, $r0hi, %f0 ! inp^round[0] - fxor $in1, $r0lo, %f2 - ldd [$key + 32], %f6 ! round[2] - ldd [$key + 40], %f8 - add $key, 32, $end - sub $rounds, 16*6, $inner - -.Lcbc_dec: - fmovd %f0, %f4 - faesdecx %f2, %f10, %f0 - faesdecx %f4, %f12, %f2 - ldd [$end + 16], %f10 - ldd [$end + 24], %f12 - add $end, 32, $end - - fmovd %f0, %f4 - faesdecx %f2, %f6, %f0 - faesdecx %f4, %f8, %f2 - ldd [$end + 0], %f6 - ldd [$end + 8], %f8 - - brnz,a $inner, .Lcbc_dec - sub $inner, 16*2, $inner - - fmovd %f0, %f4 - faesdecx %f2, %f10, %f0 - faesdecx %f4, %f12, %f2 - ldd [$end + 16], %f10 ! round[last-1] - ldd [$end + 24], %f12 - - fmovd %f0, %f4 - faesdecx %f2, %f6, %f0 - faesdecx %f4, %f8, %f2 - fxor $iv0, $rlhi, %f6 ! ivec^round[last] - fxor $iv1, $rllo, %f8 - fmovd $in0, $iv0 - fmovd $in1, $iv1 - - movrz $len, 0, $inc - fmovd $intail, $in0 - ldd [$inp - 8], $in1 ! load next input block - ldda [$inp]0x82, $intail ! non-faulting load - add $inp, $inc, $inp ! inp+=16 - - fmovd %f0, %f4 - faesdecx %f2, %f10, %f0 - faesdecx %f4, %f12, %f2 - ldd [$key + 16], %f10 ! round[1] - ldd [$key + 24], %f12 - - fshiftorx $in0, $in1, $fshift, $in0 - fshiftorx $in1, $intail, $fshift, $in1 - - fmovd %f0, %f4 - faesdeclx %f2, %f6, %f0 - faesdeclx %f4, %f8, %f2 - - brnz,pn $oalign, .Lcbc_dec_unaligned_out - nop - - std %f0, [$out + 0] - std %f2, [$out + 8] - add $out, 16, $out - - brnz,a $len, .Loop_cbc_dec - sub $len, 1, $len - - st $iv0, [$ivp + 0] ! output ivec - st $iv0#lo, [$ivp + 4] - st $iv1, [$ivp + 8] - st $iv1#lo, [$ivp + 12] - - ret - restore - -.align 32 -.Lcbc_dec_unaligned_out: - ldd [%o7 + $mask], $fshift ! shift right params - mov 0xff, $mask - srl $mask, $oalign, $mask - sub %g0, $ileft, $iright - - fshiftorx %f0, %f0, $fshift, %f6 - fshiftorx %f0, %f2, $fshift, %f8 - - stda %f6, [$out + $mask]0xc0 ! partial store - orn %g0, $mask, $mask - std %f8, [$out + 8] - add $out, 16, $out - brz $len, .Lcbc_dec_unaligned_out_done - sub $len, 1, $len - b .Loop_cbc_dec_unaligned_out - nop - -.align 32 -.Loop_cbc_dec_unaligned_out: - fmovd %f2, $outhead - fxor $in0, $r0hi, %f0 ! inp^round[0] - fxor $in1, $r0lo, %f2 - ldd [$key + 32], %f6 ! round[2] - ldd [$key + 40], %f8 - - fmovd %f0, %f4 - faesdecx %f2, %f10, %f0 - faesdecx %f4, %f12, %f2 - ldd [$key + 48], %f10 ! round[3] - ldd [$key + 56], %f12 - - ldx [$inp - 16], %o0 - ldx [$inp - 8], %o1 - brz $ileft, .Lcbc_dec_aligned_inp - movrz $len, 0, $inc - - ldx [$inp], %o2 - sllx %o0, $ileft, %o0 - srlx %o1, $iright, %g1 - sllx %o1, $ileft, %o1 - or %g1, %o0, %o0 - srlx %o2, $iright, %o2 - or %o2, %o1, %o1 - -.Lcbc_dec_aligned_inp: - fmovd %f0, %f4 - faesdecx %f2, %f6, %f0 - faesdecx %f4, %f8, %f2 - ldd [$key + 64], %f6 ! round[4] - ldd [$key + 72], %f8 - add $key, 64, $end - sub $rounds, 16*8, $inner - - stx %o0, [%sp + LOCALS + 0] - stx %o1, [%sp + LOCALS + 8] - add $inp, $inc, $inp ! inp+=16 - nop - -.Lcbc_dec_unaligned: - fmovd %f0, %f4 - faesdecx %f2, %f10, %f0 - faesdecx %f4, %f12, %f2 - ldd [$end + 16], %f10 - ldd [$end + 24], %f12 - add $end, 32, $end - - fmovd %f0, %f4 - faesdecx %f2, %f6, %f0 - faesdecx %f4, %f8, %f2 - ldd [$end + 0], %f6 - ldd [$end + 8], %f8 - - brnz,a $inner, .Lcbc_dec_unaligned - sub $inner, 16*2, $inner - - fmovd %f0, %f4 - faesdecx %f2, %f10, %f0 - faesdecx %f4, %f12, %f2 - ldd [$end + 16], %f10 ! round[last-1] - ldd [$end + 24], %f12 - - fmovd %f0, %f4 - faesdecx %f2, %f6, %f0 - faesdecx %f4, %f8, %f2 - - fxor $iv0, $rlhi, %f6 ! ivec^round[last] - fxor $iv1, $rllo, %f8 - fmovd $in0, $iv0 - fmovd $in1, $iv1 - ldd [%sp + LOCALS + 0], $in0 - ldd [%sp + LOCALS + 8], $in1 - - fmovd %f0, %f4 - faesdecx %f2, %f10, %f0 - faesdecx %f4, %f12, %f2 - ldd [$key + 16], %f10 ! round[1] - ldd [$key + 24], %f12 - - fmovd %f0, %f4 - faesdeclx %f2, %f6, %f0 - faesdeclx %f4, %f8, %f2 - - fshiftorx $outhead, %f0, $fshift, %f6 - fshiftorx %f0, %f2, $fshift, %f8 - std %f6, [$out + 0] - std %f8, [$out + 8] - add $out, 16, $out - - brnz,a $len, .Loop_cbc_dec_unaligned_out - sub $len, 1, $len - -.Lcbc_dec_unaligned_out_done: - fshiftorx %f2, %f2, $fshift, %f8 - stda %f8, [$out + $mask]0xc0 ! partial store - - st $iv0, [$ivp + 0] ! output ivec - st $iv0#lo, [$ivp + 4] - st $iv1, [$ivp + 8] - st $iv1#lo, [$ivp + 12] - - ret - restore -.type aes_fx_cbc_encrypt,#function -.size aes_fx_cbc_encrypt,.-aes_fx_cbc_encrypt -___ -} -{ -my ($inp,$out,$len,$key,$ivp) = map("%i$_",(0..5)); -my ($rounds,$inner,$end,$inc,$ialign,$oalign,$mask) = map("%l$_",(0..7)); -my ($ctr0,$ctr1,$r0hi,$r0lo,$rlhi,$rllo,$in0,$in1,$intail,$outhead,$fshift) - = map("%f$_",grep { !($_ & 1) } (16 .. 62)); -my ($ileft,$iright) = ($ialign, $oalign); -my $one = "%f14"; - -$code.=<<___; -.globl aes_fx_ctr32_encrypt_blocks -.align 32 -aes_fx_ctr32_encrypt_blocks: - save %sp, -STACK_FRAME-16, %sp - srln $len, 0, $len - and $inp, 7, $ialign - andn $inp, 7, $inp - brz,pn $len, .Lctr32_no_data - sll $ialign, 3, $ileft - -.Lpic: call .+8 - add %o7, .Linp_align - .Lpic, %o7 - - ld [$key + 240], $rounds - and $out, 7, $oalign - ld [$ivp + 0], $ctr0 ! load counter - andn $out, 7, $out - ld [$ivp + 4], $ctr0#lo - sll $oalign, 3, $mask - ld [$ivp + 8], $ctr1 - ld [$ivp + 12], $ctr1#lo - ldd [%o7 + 128], $one - - sll $rounds, 4, $rounds - add $rounds, $key, $end - ldd [$key + 0], $r0hi ! round[0] - ldd [$key + 8], $r0lo - - add $inp, 16, $inp - sub $len, 1, $len - ldd [$key + 16], %f10 ! round[1] - ldd [$key + 24], %f12 - - mov 16, $inc - movrz $len, 0, $inc - ldd [$end + 0], $rlhi ! round[last] - ldd [$end + 8], $rllo - - ldd [%o7 + $ileft], $fshift ! shiftleft params - add %o7, 64, %o7 - ldd [$inp - 16], $in0 ! load input - ldd [$inp - 8], $in1 - ldda [$inp]0x82, $intail ! non-faulting load - add $inp, $inc, $inp ! inp+=16 - - fshiftorx $in0, $in1, $fshift, $in0 - fshiftorx $in1, $intail, $fshift, $in1 - -.Loop_ctr32: - fxor $ctr0, $r0hi, %f0 ! counter^round[0] - fxor $ctr1, $r0lo, %f2 - ldd [$key + 32], %f6 ! round[2] - ldd [$key + 40], %f8 - add $key, 32, $end - sub $rounds, 16*6, $inner - -.Lctr32_enc: - fmovd %f0, %f4 - faesencx %f2, %f10, %f0 - faesencx %f4, %f12, %f2 - ldd [$end + 16], %f10 - ldd [$end + 24], %f12 - add $end, 32, $end - - fmovd %f0, %f4 - faesencx %f2, %f6, %f0 - faesencx %f4, %f8, %f2 - ldd [$end + 0], %f6 - ldd [$end + 8], %f8 - - brnz,a $inner, .Lctr32_enc - sub $inner, 16*2, $inner - - fmovd %f0, %f4 - faesencx %f2, %f10, %f0 - faesencx %f4, %f12, %f2 - ldd [$end + 16], %f10 ! round[last-1] - ldd [$end + 24], %f12 - - fmovd %f0, %f4 - faesencx %f2, %f6, %f0 - faesencx %f4, %f8, %f2 - fxor $in0, $rlhi, %f6 ! inp^round[last] - fxor $in1, $rllo, %f8 - - movrz $len, 0, $inc - fmovd $intail, $in0 - ldd [$inp - 8], $in1 ! load next input block - ldda [$inp]0x82, $intail ! non-faulting load - add $inp, $inc, $inp ! inp+=16 - - fmovd %f0, %f4 - faesencx %f2, %f10, %f0 - faesencx %f4, %f12, %f2 - ldd [$key + 16], %f10 ! round[1] - ldd [$key + 24], %f12 - - fshiftorx $in0, $in1, $fshift, $in0 - fshiftorx $in1, $intail, $fshift, $in1 - fpadd32 $ctr1, $one, $ctr1 ! increment counter - - fmovd %f0, %f4 - faesenclx %f2, %f6, %f0 - faesenclx %f4, %f8, %f2 - - brnz,pn $oalign, .Lctr32_unaligned_out - nop - - std %f0, [$out + 0] - std %f2, [$out + 8] - add $out, 16, $out - - brnz,a $len, .Loop_ctr32 - sub $len, 1, $len - -.Lctr32_no_data: - ret - restore - -.align 32 -.Lctr32_unaligned_out: - ldd [%o7 + $mask], $fshift ! shift right params - mov 0xff, $mask - srl $mask, $oalign, $mask - sub %g0, $ileft, $iright - - fshiftorx %f0, %f0, $fshift, %f6 - fshiftorx %f0, %f2, $fshift, %f8 - - stda %f6, [$out + $mask]0xc0 ! partial store - orn %g0, $mask, $mask - std %f8, [$out + 8] - add $out, 16, $out - brz $len, .Lctr32_unaligned_out_done - sub $len, 1, $len - b .Loop_ctr32_unaligned_out - nop - -.align 32 -.Loop_ctr32_unaligned_out: - fmovd %f2, $outhead - fxor $ctr0, $r0hi, %f0 ! counter^round[0] - fxor $ctr1, $r0lo, %f2 - ldd [$key + 32], %f6 ! round[2] - ldd [$key + 40], %f8 - - fmovd %f0, %f4 - faesencx %f2, %f10, %f0 - faesencx %f4, %f12, %f2 - ldd [$key + 48], %f10 ! round[3] - ldd [$key + 56], %f12 - - ldx [$inp - 16], %o0 - ldx [$inp - 8], %o1 - brz $ileft, .Lctr32_aligned_inp - movrz $len, 0, $inc - - ldx [$inp], %o2 - sllx %o0, $ileft, %o0 - srlx %o1, $iright, %g1 - sllx %o1, $ileft, %o1 - or %g1, %o0, %o0 - srlx %o2, $iright, %o2 - or %o2, %o1, %o1 - -.Lctr32_aligned_inp: - fmovd %f0, %f4 - faesencx %f2, %f6, %f0 - faesencx %f4, %f8, %f2 - ldd [$key + 64], %f6 ! round[4] - ldd [$key + 72], %f8 - add $key, 64, $end - sub $rounds, 16*8, $inner - - stx %o0, [%sp + LOCALS + 0] - stx %o1, [%sp + LOCALS + 8] - add $inp, $inc, $inp ! inp+=16 - nop - -.Lctr32_enc_unaligned: - fmovd %f0, %f4 - faesencx %f2, %f10, %f0 - faesencx %f4, %f12, %f2 - ldd [$end + 16], %f10 - ldd [$end + 24], %f12 - add $end, 32, $end - - fmovd %f0, %f4 - faesencx %f2, %f6, %f0 - faesencx %f4, %f8, %f2 - ldd [$end + 0], %f6 - ldd [$end + 8], %f8 - - brnz,a $inner, .Lctr32_enc_unaligned - sub $inner, 16*2, $inner - - fmovd %f0, %f4 - faesencx %f2, %f10, %f0 - faesencx %f4, %f12, %f2 - ldd [$end + 16], %f10 ! round[last-1] - ldd [$end + 24], %f12 - fpadd32 $ctr1, $one, $ctr1 ! increment counter - - fmovd %f0, %f4 - faesencx %f2, %f6, %f0 - faesencx %f4, %f8, %f2 - fxor $in0, $rlhi, %f6 ! inp^round[last] - fxor $in1, $rllo, %f8 - ldd [%sp + LOCALS + 0], $in0 - ldd [%sp + LOCALS + 8], $in1 - - fmovd %f0, %f4 - faesencx %f2, %f10, %f0 - faesencx %f4, %f12, %f2 - ldd [$key + 16], %f10 ! round[1] - ldd [$key + 24], %f12 - - fmovd %f0, %f4 - faesenclx %f2, %f6, %f0 - faesenclx %f4, %f8, %f2 - - fshiftorx $outhead, %f0, $fshift, %f6 - fshiftorx %f0, %f2, $fshift, %f8 - std %f6, [$out + 0] - std %f8, [$out + 8] - add $out, 16, $out - - brnz,a $len, .Loop_ctr32_unaligned_out - sub $len, 1, $len - -.Lctr32_unaligned_out_done: - fshiftorx %f2, %f2, $fshift, %f8 - stda %f8, [$out + $mask]0xc0 ! partial store - - ret - restore -.type aes_fx_ctr32_encrypt_blocks,#function -.size aes_fx_ctr32_encrypt_blocks,.-aes_fx_ctr32_encrypt_blocks - -.align 32 -.Linp_align: ! fshiftorx parameters for left shift toward %rs1 - .byte 0, 0, 64, 0, 0, 64, 0, -64 - .byte 0, 0, 56, 8, 0, 56, 8, -56 - .byte 0, 0, 48, 16, 0, 48, 16, -48 - .byte 0, 0, 40, 24, 0, 40, 24, -40 - .byte 0, 0, 32, 32, 0, 32, 32, -32 - .byte 0, 0, 24, 40, 0, 24, 40, -24 - .byte 0, 0, 16, 48, 0, 16, 48, -16 - .byte 0, 0, 8, 56, 0, 8, 56, -8 -.Lout_align: ! fshiftorx parameters for right shift toward %rs2 - .byte 0, 0, 0, 64, 0, 0, 64, 0 - .byte 0, 0, 8, 56, 0, 8, 56, -8 - .byte 0, 0, 16, 48, 0, 16, 48, -16 - .byte 0, 0, 24, 40, 0, 24, 40, -24 - .byte 0, 0, 32, 32, 0, 32, 32, -32 - .byte 0, 0, 40, 24, 0, 40, 24, -40 - .byte 0, 0, 48, 16, 0, 48, 16, -48 - .byte 0, 0, 56, 8, 0, 56, 8, -56 -.Lone: - .word 0, 1 -.asciz "AES for Fujitsu SPARC64 X, CRYPTOGAMS by " -.align 4 -___ -} -# Purpose of these subroutines is to explicitly encode VIS instructions, -# so that one can compile the module without having to specify VIS -# extensions on compiler command line, e.g. -xarch=v9 vs. -xarch=v9a. -# Idea is to reserve for option to produce "universal" binary and let -# programmer detect if current CPU is VIS capable at run-time. -sub unvis { -my ($mnemonic,$rs1,$rs2,$rd)=@_; -my ($ref,$opf); -my %visopf = ( "faligndata" => 0x048, - "bshuffle" => 0x04c, - "fpadd32" => 0x052, - "fxor" => 0x06c, - "fsrc2" => 0x078 ); - - $ref = "$mnemonic\t$rs1,$rs2,$rd"; - - if ($opf=$visopf{$mnemonic}) { - foreach ($rs1,$rs2,$rd) { - return $ref if (!/%f([0-9]{1,2})/); - $_=$1; - if ($1>=32) { - return $ref if ($1&1); - # re-encode for upper double register addressing - $_=($1|$1>>5)&31; - } - } - - return sprintf ".word\t0x%08x !%s", - 0x81b00000|$rd<<25|$rs1<<14|$opf<<5|$rs2, - $ref; - } else { - return $ref; - } -} - -sub unvis3 { -my ($mnemonic,$rs1,$rs2,$rd)=@_; -my %bias = ( "g" => 0, "o" => 8, "l" => 16, "i" => 24 ); -my ($ref,$opf); -my %visopf = ( "alignaddr" => 0x018, - "bmask" => 0x019, - "alignaddrl" => 0x01a ); - - $ref = "$mnemonic\t$rs1,$rs2,$rd"; - - if ($opf=$visopf{$mnemonic}) { - foreach ($rs1,$rs2,$rd) { - return $ref if (!/%([goli])([0-9])/); - $_=$bias{$1}+$2; - } - - return sprintf ".word\t0x%08x !%s", - 0x81b00000|$rd<<25|$rs1<<14|$opf<<5|$rs2, - $ref; - } else { - return $ref; - } -} - -sub unfx { -my ($mnemonic,$rs1,$rs2,$rd)=@_; -my ($ref,$opf); -my %aesopf = ( "faesencx" => 0x90, - "faesdecx" => 0x91, - "faesenclx" => 0x92, - "faesdeclx" => 0x93, - "faeskeyx" => 0x94 ); - - $ref = "$mnemonic\t$rs1,$rs2,$rd"; - - if (defined($opf=$aesopf{$mnemonic})) { - $rs2 = ($rs2 =~ /%f([0-6]*[02468])/) ? (($1|$1>>5)&31) : $rs2; - $rs2 = oct($rs2) if ($rs2 =~ /^0/); - - foreach ($rs1,$rd) { - return $ref if (!/%f([0-9]{1,2})/); - $_=$1; - if ($1>=32) { - return $ref if ($1&1); - # re-encode for upper double register addressing - $_=($1|$1>>5)&31; - } - } - - return sprintf ".word\t0x%08x !%s", - 2<<30|$rd<<25|0x36<<19|$rs1<<14|$opf<<5|$rs2, - $ref; - } else { - return $ref; - } -} - -sub unfx3src { -my ($mnemonic,$rs1,$rs2,$rs3,$rd)=@_; -my ($ref,$opf); -my %aesopf = ( "fshiftorx" => 0x0b ); - - $ref = "$mnemonic\t$rs1,$rs2,$rs3,$rd"; - - if (defined($opf=$aesopf{$mnemonic})) { - foreach ($rs1,$rs2,$rs3,$rd) { - return $ref if (!/%f([0-9]{1,2})/); - $_=$1; - if ($1>=32) { - return $ref if ($1&1); - # re-encode for upper double register addressing - $_=($1|$1>>5)&31; - } - } - - return sprintf ".word\t0x%08x !%s", - 2<<30|$rd<<25|0x37<<19|$rs1<<14|$rs3<<9|$opf<<5|$rs2, - $ref; - } else { - return $ref; - } -} - -foreach (split("\n",$code)) { - s/\`([^\`]*)\`/eval $1/ge; - - s/%f([0-9]+)#lo/sprintf "%%f%d",$1+1/ge; - - s/\b(faes[^x]{3,4}x)\s+(%f[0-9]{1,2}),\s*([%fx0-9]+),\s*(%f[0-9]{1,2})/ - &unfx($1,$2,$3,$4) - /ge or - s/\b([f][^\s]*)\s+(%f[0-9]{1,2}),\s*(%f[0-9]{1,2}),\s*(%f[0-9]{1,2}),\s*(%f[0-9]{1,2})/ - &unfx3src($1,$2,$3,$4,$5) - /ge or - s/\b([fb][^\s]*)\s+(%f[0-9]{1,2}),\s*(%f[0-9]{1,2}),\s*(%f[0-9]{1,2})/ - &unvis($1,$2,$3,$4) - /ge or - s/\b(alignaddr[l]*)\s+(%[goli][0-7]),\s*(%[goli][0-7]),\s*(%[goli][0-7])/ - &unvis3($1,$2,$3,$4) - /ge; - print $_,"\n"; -} - -close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/aes/asm/aesni-mb-x86_64.pl b/crypto/aes/asm/aesni-mb-x86_64.pl deleted file mode 100644 index dde15b1ef7ee5713a7aaad741c2571e86ee5aa17..0000000000000000000000000000000000000000 --- a/crypto/aes/asm/aesni-mb-x86_64.pl +++ /dev/null @@ -1,1504 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2013-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - - -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# ==================================================================== - -# Multi-buffer AES-NI procedures process several independent buffers -# in parallel by interleaving independent instructions. -# -# Cycles per byte for interleave factor 4: -# -# asymptotic measured -# --------------------------- -# Westmere 5.00/4=1.25 5.13/4=1.28 -# Atom 15.0/4=3.75 ?15.7/4=3.93 -# Sandy Bridge 5.06/4=1.27 5.18/4=1.29 -# Ivy Bridge 5.06/4=1.27 5.14/4=1.29 -# Haswell 4.44/4=1.11 4.44/4=1.11 -# Bulldozer 5.75/4=1.44 5.76/4=1.44 -# -# Cycles per byte for interleave factor 8 (not implemented for -# pre-AVX processors, where higher interleave factor incidentally -# doesn't result in improvement): -# -# asymptotic measured -# --------------------------- -# Sandy Bridge 5.06/8=0.64 7.10/8=0.89(*) -# Ivy Bridge 5.06/8=0.64 7.14/8=0.89(*) -# Haswell 5.00/8=0.63 5.00/8=0.63 -# Bulldozer 5.75/8=0.72 5.77/8=0.72 -# -# (*) Sandy/Ivy Bridge are known to handle high interleave factors -# suboptimally; - -# $output is the last argument if it looks like a file (it has an extension) -# $flavour is the first argument if it doesn't look like a file -$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; -$flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef; - -$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/); - -$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; -( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or -( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or -die "can't locate x86_64-xlate.pl"; - -push(@INC,"${dir}","${dir}../../perlasm"); -require "x86_64-support.pl"; - -$ptr_size=&pointer_size($flavour); - -$avx=0; - -if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1` - =~ /GNU assembler version ([2-9]\.[0-9]+)/) { - $avx = ($1>=2.19) + ($1>=2.22); -} - -if (!$avx && $win64 && ($flavour =~ /nasm/ || $ENV{ASM} =~ /nasm/) && - `nasm -v 2>&1` =~ /NASM version ([2-9]\.[0-9]+)/) { - $avx = ($1>=2.09) + ($1>=2.10); -} - -if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) && - `ml64 2>&1` =~ /Version ([0-9]+)\./) { - $avx = ($1>=10) + ($1>=11); -} - -if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:clang|LLVM) version|.*based on LLVM) ([0-9]+\.[0-9]+)/) { - $avx = ($2>=3.0) + ($2>3.0); -} - -open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"" - or die "can't call $xlate: $!"; -*STDOUT=*OUT; - -# void aesni_multi_cbc_encrypt ( -# struct { void *inp,*out; int blocks; double iv[2]; } inp[8]; -# const AES_KEY *key, -# int num); /* 1 or 2 */ -# -$inp="%rdi"; # 1st arg -$key="%rsi"; # 2nd arg -$num="%edx"; - -$inp_elm_size=2*$ptr_size+8+16; - -@inptr=map("%r$_",(8..11)); -@outptr=map("%r$_",(12..15)); - -($rndkey0,$rndkey1)=("%xmm0","%xmm1"); -@out=map("%xmm$_",(2..5)); -@inp=map("%xmm$_",(6..9)); -($counters,$mask,$zero)=map("%xmm$_",(10..12)); - -($rounds,$one,$sink,$offset)=("%eax","%ecx","%rbp","%rbx"); - -$code.=<<___; -.text - -.extern OPENSSL_ia32cap_P - -.globl aesni_multi_cbc_encrypt -.type aesni_multi_cbc_encrypt,\@function,3 -.align 32 -aesni_multi_cbc_encrypt: -.cfi_startproc -___ -$code.=<<___ if ($avx); - cmp \$2,$num - jb .Lenc_non_avx - mov OPENSSL_ia32cap_P+4(%rip),%ecx - test \$`1<<28`,%ecx # AVX bit - jnz _avx_cbc_enc_shortcut - jmp .Lenc_non_avx -.align 16 -.Lenc_non_avx: -___ -$code.=<<___; - mov %rsp,%rax -.cfi_def_cfa_register %rax - push %rbx -.cfi_push %rbx - push %rbp -.cfi_push %rbp - push %r12 -.cfi_push %r12 - push %r13 -.cfi_push %r13 - push %r14 -.cfi_push %r14 - push %r15 -.cfi_push %r15 -___ -$code.=<<___ if ($win64); - lea -0xa8(%rsp),%rsp - movaps %xmm6,(%rsp) - movaps %xmm7,0x10(%rsp) - movaps %xmm8,0x20(%rsp) - movaps %xmm9,0x30(%rsp) - movaps %xmm10,0x40(%rsp) - movaps %xmm11,0x50(%rsp) - movaps %xmm12,0x60(%rsp) - movaps %xmm13,-0x68(%rax) # not used, saved to share se_handler - movaps %xmm14,-0x58(%rax) - movaps %xmm15,-0x48(%rax) -___ -$code.=<<___; - # stack layout - # - # +0 output sink - # +16 input sink [original %rsp and $num] - # +32 counters - - sub \$48,%rsp - and \$-64,%rsp - mov %rax,16(%rsp) # original %rsp -.cfi_cfa_expression %rsp+16,deref,+8 - -.Lenc4x_body: - movdqu ($key),$zero # 0-round key - lea 0x78($key),$key # size optimization - lea $inp_elm_size*2($inp),$inp - -.Lenc4x_loop_grande: - mov $num,24(%rsp) # original $num - xor $num,$num -___ -for($i=0;$i<4;$i++) { - $inptr_reg=&pointer_register($flavour,@inptr[$i]); - $outptr_reg=&pointer_register($flavour,@outptr[$i]); - $code.=<<___; - # borrow $one for number of blocks - mov `$inp_elm_size*$i+2*$ptr_size-$inp_elm_size*2`($inp),$one - mov `$inp_elm_size*$i+0-$inp_elm_size*2`($inp),$inptr_reg - cmp $num,$one - mov `$inp_elm_size*$i+$ptr_size-$inp_elm_size*2`($inp),$outptr_reg - cmovg $one,$num # find maximum - test $one,$one - # load IV - movdqu `$inp_elm_size*$i+2*$ptr_size+8-$inp_elm_size*2`($inp),@out[$i] - mov $one,`32+4*$i`(%rsp) # initialize counters - cmovle %rsp,@inptr[$i] # cancel input -___ -} -$code.=<<___; - test $num,$num - jz .Lenc4x_done - - movups 0x10-0x78($key),$rndkey1 - pxor $zero,@out[0] - movups 0x20-0x78($key),$rndkey0 - pxor $zero,@out[1] - mov 0xf0-0x78($key),$rounds - pxor $zero,@out[2] - movdqu (@inptr[0]),@inp[0] # load inputs - pxor $zero,@out[3] - movdqu (@inptr[1]),@inp[1] - pxor @inp[0],@out[0] - movdqu (@inptr[2]),@inp[2] - pxor @inp[1],@out[1] - movdqu (@inptr[3]),@inp[3] - pxor @inp[2],@out[2] - pxor @inp[3],@out[3] - movdqa 32(%rsp),$counters # load counters - xor $offset,$offset - jmp .Loop_enc4x - -.align 32 -.Loop_enc4x: - add \$16,$offset - lea 16(%rsp),$sink # sink pointer - mov \$1,$one # constant of 1 - sub $offset,$sink - - aesenc $rndkey1,@out[0] - prefetcht0 31(@inptr[0],$offset) # prefetch input - prefetcht0 31(@inptr[1],$offset) - aesenc $rndkey1,@out[1] - prefetcht0 31(@inptr[2],$offset) - prefetcht0 31(@inptr[2],$offset) - aesenc $rndkey1,@out[2] - aesenc $rndkey1,@out[3] - movups 0x30-0x78($key),$rndkey1 -___ -for($i=0;$i<4;$i++) { -my $rndkey = ($i&1) ? $rndkey1 : $rndkey0; -$code.=<<___; - cmp `32+4*$i`(%rsp),$one - aesenc $rndkey,@out[0] - aesenc $rndkey,@out[1] - aesenc $rndkey,@out[2] - cmovge $sink,@inptr[$i] # cancel input - cmovg $sink,@outptr[$i] # sink output - aesenc $rndkey,@out[3] - movups `0x40+16*$i-0x78`($key),$rndkey -___ -} -$code.=<<___; - movdqa $counters,$mask - aesenc $rndkey0,@out[0] - prefetcht0 15(@outptr[0],$offset) # prefetch output - prefetcht0 15(@outptr[1],$offset) - aesenc $rndkey0,@out[1] - prefetcht0 15(@outptr[2],$offset) - prefetcht0 15(@outptr[3],$offset) - aesenc $rndkey0,@out[2] - aesenc $rndkey0,@out[3] - movups 0x80-0x78($key),$rndkey0 - pxor $zero,$zero - - aesenc $rndkey1,@out[0] - pcmpgtd $zero,$mask - movdqu -0x78($key),$zero # reload 0-round key - aesenc $rndkey1,@out[1] - paddd $mask,$counters # decrement counters - movdqa $counters,32(%rsp) # update counters - aesenc $rndkey1,@out[2] - aesenc $rndkey1,@out[3] - movups 0x90-0x78($key),$rndkey1 - - cmp \$11,$rounds - - aesenc $rndkey0,@out[0] - aesenc $rndkey0,@out[1] - aesenc $rndkey0,@out[2] - aesenc $rndkey0,@out[3] - movups 0xa0-0x78($key),$rndkey0 - - jb .Lenc4x_tail - - aesenc $rndkey1,@out[0] - aesenc $rndkey1,@out[1] - aesenc $rndkey1,@out[2] - aesenc $rndkey1,@out[3] - movups 0xb0-0x78($key),$rndkey1 - - aesenc $rndkey0,@out[0] - aesenc $rndkey0,@out[1] - aesenc $rndkey0,@out[2] - aesenc $rndkey0,@out[3] - movups 0xc0-0x78($key),$rndkey0 - - je .Lenc4x_tail - - aesenc $rndkey1,@out[0] - aesenc $rndkey1,@out[1] - aesenc $rndkey1,@out[2] - aesenc $rndkey1,@out[3] - movups 0xd0-0x78($key),$rndkey1 - - aesenc $rndkey0,@out[0] - aesenc $rndkey0,@out[1] - aesenc $rndkey0,@out[2] - aesenc $rndkey0,@out[3] - movups 0xe0-0x78($key),$rndkey0 - jmp .Lenc4x_tail - -.align 32 -.Lenc4x_tail: - aesenc $rndkey1,@out[0] - aesenc $rndkey1,@out[1] - aesenc $rndkey1,@out[2] - aesenc $rndkey1,@out[3] - movdqu (@inptr[0],$offset),@inp[0] - movdqu 0x10-0x78($key),$rndkey1 - - aesenclast $rndkey0,@out[0] - movdqu (@inptr[1],$offset),@inp[1] - pxor $zero,@inp[0] - aesenclast $rndkey0,@out[1] - movdqu (@inptr[2],$offset),@inp[2] - pxor $zero,@inp[1] - aesenclast $rndkey0,@out[2] - movdqu (@inptr[3],$offset),@inp[3] - pxor $zero,@inp[2] - aesenclast $rndkey0,@out[3] - movdqu 0x20-0x78($key),$rndkey0 - pxor $zero,@inp[3] - - movups @out[0],-16(@outptr[0],$offset) - pxor @inp[0],@out[0] - movups @out[1],-16(@outptr[1],$offset) - pxor @inp[1],@out[1] - movups @out[2],-16(@outptr[2],$offset) - pxor @inp[2],@out[2] - movups @out[3],-16(@outptr[3],$offset) - pxor @inp[3],@out[3] - - dec $num - jnz .Loop_enc4x - - mov 16(%rsp),%rax # original %rsp -.cfi_def_cfa %rax,8 - mov 24(%rsp),$num - - #pxor @inp[0],@out[0] - #pxor @inp[1],@out[1] - # output iv FIX ME! - #movdqu @out[0],`$inp_elm_size*0+2*$ptr_size+8-$inp_elm_size*2`($inp) - #pxor @inp[2],@out[2] - #movdqu @out[1],`$inp_elm_size*1+2*$ptr_size+8-$inp_elm_size*2`($inp) - #pxor @inp[3],@out[3] - #movdqu @out[2],`$inp_elm_size*2+2*$ptr_size+8-$inp_elm_size*2`($inp) # won't fix, let caller - #movdqu @out[3],`$inp_elm_size*3+2*$ptr_size+8-$inp_elm_size*2`($inp) # figure this out... - - lea `$inp_elm_size*4`($inp),$inp - dec $num - jnz .Lenc4x_loop_grande - -.Lenc4x_done: -___ -$code.=<<___ if ($win64); - movaps -0xd8(%rax),%xmm6 - movaps -0xc8(%rax),%xmm7 - movaps -0xb8(%rax),%xmm8 - movaps -0xa8(%rax),%xmm9 - movaps -0x98(%rax),%xmm10 - movaps -0x88(%rax),%xmm11 - movaps -0x78(%rax),%xmm12 - #movaps -0x68(%rax),%xmm13 - #movaps -0x58(%rax),%xmm14 - #movaps -0x48(%rax),%xmm15 -___ -$code.=<<___; - mov -48(%rax),%r15 -.cfi_restore %r15 - mov -40(%rax),%r14 -.cfi_restore %r14 - mov -32(%rax),%r13 -.cfi_restore %r13 - mov -24(%rax),%r12 -.cfi_restore %r12 - mov -16(%rax),%rbp -.cfi_restore %rbp - mov -8(%rax),%rbx -.cfi_restore %rbx - lea (%rax),%rsp -.cfi_def_cfa_register %rsp -.Lenc4x_epilogue: - ret -.cfi_endproc -.size aesni_multi_cbc_encrypt,.-aesni_multi_cbc_encrypt - -.globl aesni_multi_cbc_decrypt -.type aesni_multi_cbc_decrypt,\@function,3 -.align 32 -aesni_multi_cbc_decrypt: -.cfi_startproc -___ -$code.=<<___ if ($avx); - cmp \$2,$num - jb .Ldec_non_avx - mov OPENSSL_ia32cap_P+4(%rip),%ecx - test \$`1<<28`,%ecx # AVX bit - jnz _avx_cbc_dec_shortcut - jmp .Ldec_non_avx -.align 16 -.Ldec_non_avx: -___ -$code.=<<___; - mov %rsp,%rax -.cfi_def_cfa_register %rax - push %rbx -.cfi_push %rbx - push %rbp -.cfi_push %rbp - push %r12 -.cfi_push %r12 - push %r13 -.cfi_push %r13 - push %r14 -.cfi_push %r14 - push %r15 -.cfi_push %r15 -___ -$code.=<<___ if ($win64); - lea -0xa8(%rsp),%rsp - movaps %xmm6,(%rsp) - movaps %xmm7,0x10(%rsp) - movaps %xmm8,0x20(%rsp) - movaps %xmm9,0x30(%rsp) - movaps %xmm10,0x40(%rsp) - movaps %xmm11,0x50(%rsp) - movaps %xmm12,0x60(%rsp) - movaps %xmm13,-0x68(%rax) # not used, saved to share se_handler - movaps %xmm14,-0x58(%rax) - movaps %xmm15,-0x48(%rax) -___ -$code.=<<___; - # stack layout - # - # +0 output sink - # +16 input sink [original %rsp and $num] - # +32 counters - - sub \$48,%rsp - and \$-64,%rsp - mov %rax,16(%rsp) # original %rsp -.cfi_cfa_expression %rsp+16,deref,+8 - -.Ldec4x_body: - movdqu ($key),$zero # 0-round key - lea 0x78($key),$key # size optimization - lea $inp_elm_size*2($inp),$inp - -.Ldec4x_loop_grande: - mov $num,24(%rsp) # original $num - xor $num,$num -___ -for($i=0;$i<4;$i++) { - $inptr_reg=&pointer_register($flavour,@inptr[$i]); - $outptr_reg=&pointer_register($flavour,@outptr[$i]); - $code.=<<___; - # borrow $one for number of blocks - mov `$inp_elm_size*$i+2*$ptr_size-$inp_elm_size*2`($inp),$one - mov `$inp_elm_size*$i+0-$inp_elm_size*2`($inp),$inptr_reg - cmp $num,$one - mov `$inp_elm_size*$i+$ptr_size-$inp_elm_size*2`($inp),$outptr_reg - cmovg $one,$num # find maximum - test $one,$one - # load IV - movdqu `$inp_elm_size*$i+2*$ptr_size+8-$inp_elm_size*2`($inp),@inp[$i] - mov $one,`32+4*$i`(%rsp) # initialize counters - cmovle %rsp,@inptr[$i] # cancel input -___ -} -$code.=<<___; - test $num,$num - jz .Ldec4x_done - - movups 0x10-0x78($key),$rndkey1 - movups 0x20-0x78($key),$rndkey0 - mov 0xf0-0x78($key),$rounds - movdqu (@inptr[0]),@out[0] # load inputs - movdqu (@inptr[1]),@out[1] - pxor $zero,@out[0] - movdqu (@inptr[2]),@out[2] - pxor $zero,@out[1] - movdqu (@inptr[3]),@out[3] - pxor $zero,@out[2] - pxor $zero,@out[3] - movdqa 32(%rsp),$counters # load counters - xor $offset,$offset - jmp .Loop_dec4x - -.align 32 -.Loop_dec4x: - add \$16,$offset - lea 16(%rsp),$sink # sink pointer - mov \$1,$one # constant of 1 - sub $offset,$sink - - aesdec $rndkey1,@out[0] - prefetcht0 31(@inptr[0],$offset) # prefetch input - prefetcht0 31(@inptr[1],$offset) - aesdec $rndkey1,@out[1] - prefetcht0 31(@inptr[2],$offset) - prefetcht0 31(@inptr[3],$offset) - aesdec $rndkey1,@out[2] - aesdec $rndkey1,@out[3] - movups 0x30-0x78($key),$rndkey1 -___ -for($i=0;$i<4;$i++) { -my $rndkey = ($i&1) ? $rndkey1 : $rndkey0; -$code.=<<___; - cmp `32+4*$i`(%rsp),$one - aesdec $rndkey,@out[0] - aesdec $rndkey,@out[1] - aesdec $rndkey,@out[2] - cmovge $sink,@inptr[$i] # cancel input - cmovg $sink,@outptr[$i] # sink output - aesdec $rndkey,@out[3] - movups `0x40+16*$i-0x78`($key),$rndkey -___ -} -$code.=<<___; - movdqa $counters,$mask - aesdec $rndkey0,@out[0] - prefetcht0 15(@outptr[0],$offset) # prefetch output - prefetcht0 15(@outptr[1],$offset) - aesdec $rndkey0,@out[1] - prefetcht0 15(@outptr[2],$offset) - prefetcht0 15(@outptr[3],$offset) - aesdec $rndkey0,@out[2] - aesdec $rndkey0,@out[3] - movups 0x80-0x78($key),$rndkey0 - pxor $zero,$zero - - aesdec $rndkey1,@out[0] - pcmpgtd $zero,$mask - movdqu -0x78($key),$zero # reload 0-round key - aesdec $rndkey1,@out[1] - paddd $mask,$counters # decrement counters - movdqa $counters,32(%rsp) # update counters - aesdec $rndkey1,@out[2] - aesdec $rndkey1,@out[3] - movups 0x90-0x78($key),$rndkey1 - - cmp \$11,$rounds - - aesdec $rndkey0,@out[0] - aesdec $rndkey0,@out[1] - aesdec $rndkey0,@out[2] - aesdec $rndkey0,@out[3] - movups 0xa0-0x78($key),$rndkey0 - - jb .Ldec4x_tail - - aesdec $rndkey1,@out[0] - aesdec $rndkey1,@out[1] - aesdec $rndkey1,@out[2] - aesdec $rndkey1,@out[3] - movups 0xb0-0x78($key),$rndkey1 - - aesdec $rndkey0,@out[0] - aesdec $rndkey0,@out[1] - aesdec $rndkey0,@out[2] - aesdec $rndkey0,@out[3] - movups 0xc0-0x78($key),$rndkey0 - - je .Ldec4x_tail - - aesdec $rndkey1,@out[0] - aesdec $rndkey1,@out[1] - aesdec $rndkey1,@out[2] - aesdec $rndkey1,@out[3] - movups 0xd0-0x78($key),$rndkey1 - - aesdec $rndkey0,@out[0] - aesdec $rndkey0,@out[1] - aesdec $rndkey0,@out[2] - aesdec $rndkey0,@out[3] - movups 0xe0-0x78($key),$rndkey0 - jmp .Ldec4x_tail - -.align 32 -.Ldec4x_tail: - aesdec $rndkey1,@out[0] - aesdec $rndkey1,@out[1] - aesdec $rndkey1,@out[2] - pxor $rndkey0,@inp[0] - pxor $rndkey0,@inp[1] - aesdec $rndkey1,@out[3] - movdqu 0x10-0x78($key),$rndkey1 - pxor $rndkey0,@inp[2] - pxor $rndkey0,@inp[3] - movdqu 0x20-0x78($key),$rndkey0 - - aesdeclast @inp[0],@out[0] - aesdeclast @inp[1],@out[1] - movdqu -16(@inptr[0],$offset),@inp[0] # load next IV - movdqu -16(@inptr[1],$offset),@inp[1] - aesdeclast @inp[2],@out[2] - aesdeclast @inp[3],@out[3] - movdqu -16(@inptr[2],$offset),@inp[2] - movdqu -16(@inptr[3],$offset),@inp[3] - - movups @out[0],-16(@outptr[0],$offset) - movdqu (@inptr[0],$offset),@out[0] - movups @out[1],-16(@outptr[1],$offset) - movdqu (@inptr[1],$offset),@out[1] - pxor $zero,@out[0] - movups @out[2],-16(@outptr[2],$offset) - movdqu (@inptr[2],$offset),@out[2] - pxor $zero,@out[1] - movups @out[3],-16(@outptr[3],$offset) - movdqu (@inptr[3],$offset),@out[3] - pxor $zero,@out[2] - pxor $zero,@out[3] - - dec $num - jnz .Loop_dec4x - - mov 16(%rsp),%rax # original %rsp -.cfi_def_cfa %rax,8 - mov 24(%rsp),$num - - lea `$inp_elm_size*4`($inp),$inp - dec $num - jnz .Ldec4x_loop_grande - -.Ldec4x_done: -___ -$code.=<<___ if ($win64); - movaps -0xd8(%rax),%xmm6 - movaps -0xc8(%rax),%xmm7 - movaps -0xb8(%rax),%xmm8 - movaps -0xa8(%rax),%xmm9 - movaps -0x98(%rax),%xmm10 - movaps -0x88(%rax),%xmm11 - movaps -0x78(%rax),%xmm12 - #movaps -0x68(%rax),%xmm13 - #movaps -0x58(%rax),%xmm14 - #movaps -0x48(%rax),%xmm15 -___ -$code.=<<___; - mov -48(%rax),%r15 -.cfi_restore %r15 - mov -40(%rax),%r14 -.cfi_restore %r14 - mov -32(%rax),%r13 -.cfi_restore %r13 - mov -24(%rax),%r12 -.cfi_restore %r12 - mov -16(%rax),%rbp -.cfi_restore %rbp - mov -8(%rax),%rbx -.cfi_restore %rbx - lea (%rax),%rsp -.cfi_def_cfa_register %rsp -.Ldec4x_epilogue: - ret -.cfi_endproc -.size aesni_multi_cbc_decrypt,.-aesni_multi_cbc_decrypt -___ - - if ($avx) {{{ -my @ptr=map("%r$_",(8..15)); -my $offload=$sink; - -my @out=map("%xmm$_",(2..9)); -my @inp=map("%xmm$_",(10..13)); -my ($counters,$zero)=("%xmm14","%xmm15"); - -$code.=<<___; -.type aesni_multi_cbc_encrypt_avx,\@function,3 -.align 32 -aesni_multi_cbc_encrypt_avx: -.cfi_startproc -_avx_cbc_enc_shortcut: - mov %rsp,%rax -.cfi_def_cfa_register %rax - push %rbx -.cfi_push %rbx - push %rbp -.cfi_push %rbp - push %r12 -.cfi_push %r12 - push %r13 -.cfi_push %r13 - push %r14 -.cfi_push %r14 - push %r15 -.cfi_push %r15 -___ -$code.=<<___ if ($win64); - lea -0xa8(%rsp),%rsp - movaps %xmm6,(%rsp) - movaps %xmm7,0x10(%rsp) - movaps %xmm8,0x20(%rsp) - movaps %xmm9,0x30(%rsp) - movaps %xmm10,0x40(%rsp) - movaps %xmm11,0x50(%rsp) - movaps %xmm12,-0x78(%rax) - movaps %xmm13,-0x68(%rax) - movaps %xmm14,-0x58(%rax) - movaps %xmm15,-0x48(%rax) -___ -$code.=<<___; - # stack layout - # - # +0 output sink - # +16 input sink [original %rsp and $num] - # +32 counters - # +64 distances between inputs and outputs - # +128 off-load area for @inp[0..3] - - sub \$192,%rsp - and \$-128,%rsp - mov %rax,16(%rsp) # original %rsp -.cfi_cfa_expression %rsp+16,deref,+8 - -.Lenc8x_body: - vzeroupper - vmovdqu ($key),$zero # 0-round key - lea 0x78($key),$key # size optimization - lea `$inp_elm_size*4`($inp),$inp - shr \$1,$num - -.Lenc8x_loop_grande: - #mov $num,24(%rsp) # original $num - xor $num,$num -___ -for($i=0;$i<8;$i++) { - my $temp = $i ? $offload : $offset; - $ptr_reg=&pointer_register($flavour,@ptr[$i]); - $temp_reg=&pointer_register($flavour,$temp); - $code.=<<___; - # borrow $one for number of blocks - mov `$inp_elm_size*$i+2*$ptr_size-$inp_elm_size*4`($inp),$one - # input pointer - mov `$inp_elm_size*$i+0-$inp_elm_size*4`($inp),$ptr_reg - cmp $num,$one - # output pointer - mov `$inp_elm_size*$i+$ptr_size-$inp_elm_size*4`($inp),$temp_reg - cmovg $one,$num # find maximum - test $one,$one - # load IV - vmovdqu `$inp_elm_size*$i+2*$ptr_size+8-$inp_elm_size*4`($inp),@out[$i] - mov $one,`32+4*$i`(%rsp) # initialize counters - cmovle %rsp,@ptr[$i] # cancel input - sub @ptr[$i],$temp # distance between input and output - mov $temp,`64+8*$i`(%rsp) # initialize distances -___ -} -$code.=<<___; - test $num,$num - jz .Lenc8x_done - - vmovups 0x10-0x78($key),$rndkey1 - vmovups 0x20-0x78($key),$rndkey0 - mov 0xf0-0x78($key),$rounds - - vpxor (@ptr[0]),$zero,@inp[0] # load inputs and xor with 0-round - lea 128(%rsp),$offload # offload area - vpxor (@ptr[1]),$zero,@inp[1] - vpxor (@ptr[2]),$zero,@inp[2] - vpxor (@ptr[3]),$zero,@inp[3] - vpxor @inp[0],@out[0],@out[0] - vpxor (@ptr[4]),$zero,@inp[0] - vpxor @inp[1],@out[1],@out[1] - vpxor (@ptr[5]),$zero,@inp[1] - vpxor @inp[2],@out[2],@out[2] - vpxor (@ptr[6]),$zero,@inp[2] - vpxor @inp[3],@out[3],@out[3] - vpxor (@ptr[7]),$zero,@inp[3] - vpxor @inp[0],@out[4],@out[4] - mov \$1,$one # constant of 1 - vpxor @inp[1],@out[5],@out[5] - vpxor @inp[2],@out[6],@out[6] - vpxor @inp[3],@out[7],@out[7] - jmp .Loop_enc8x - -.align 32 -.Loop_enc8x: -___ -for($i=0;$i<8;$i++) { -my $rndkey=($i&1)?$rndkey0:$rndkey1; -$code.=<<___; - vaesenc $rndkey,@out[0],@out[0] - cmp 32+4*$i(%rsp),$one -___ -$code.=<<___ if ($i); - mov 64+8*$i(%rsp),$offset -___ -$code.=<<___; - vaesenc $rndkey,@out[1],@out[1] - prefetcht0 31(@ptr[$i]) # prefetch input - vaesenc $rndkey,@out[2],@out[2] -___ -$code.=<<___ if ($i>1); - prefetcht0 15(@ptr[$i-2]) # prefetch output -___ -$code.=<<___; - vaesenc $rndkey,@out[3],@out[3] - lea (@ptr[$i],$offset),$offset - cmovge %rsp,@ptr[$i] # cancel input - vaesenc $rndkey,@out[4],@out[4] - cmovg %rsp,$offset # sink output - vaesenc $rndkey,@out[5],@out[5] - sub @ptr[$i],$offset - vaesenc $rndkey,@out[6],@out[6] - vpxor 16(@ptr[$i]),$zero,@inp[$i%4] # load input and xor with 0-round - mov $offset,64+8*$i(%rsp) - vaesenc $rndkey,@out[7],@out[7] - vmovups `16*(3+$i)-0x78`($key),$rndkey - lea 16(@ptr[$i],$offset),@ptr[$i] # switch to output -___ -$code.=<<___ if ($i<4) - vmovdqu @inp[$i%4],`16*$i`($offload) # off-load -___ -} -$code.=<<___; - vmovdqu 32(%rsp),$counters - prefetcht0 15(@ptr[$i-2]) # prefetch output - prefetcht0 15(@ptr[$i-1]) - cmp \$11,$rounds - jb .Lenc8x_tail - - vaesenc $rndkey1,@out[0],@out[0] - vaesenc $rndkey1,@out[1],@out[1] - vaesenc $rndkey1,@out[2],@out[2] - vaesenc $rndkey1,@out[3],@out[3] - vaesenc $rndkey1,@out[4],@out[4] - vaesenc $rndkey1,@out[5],@out[5] - vaesenc $rndkey1,@out[6],@out[6] - vaesenc $rndkey1,@out[7],@out[7] - vmovups 0xb0-0x78($key),$rndkey1 - - vaesenc $rndkey0,@out[0],@out[0] - vaesenc $rndkey0,@out[1],@out[1] - vaesenc $rndkey0,@out[2],@out[2] - vaesenc $rndkey0,@out[3],@out[3] - vaesenc $rndkey0,@out[4],@out[4] - vaesenc $rndkey0,@out[5],@out[5] - vaesenc $rndkey0,@out[6],@out[6] - vaesenc $rndkey0,@out[7],@out[7] - vmovups 0xc0-0x78($key),$rndkey0 - je .Lenc8x_tail - - vaesenc $rndkey1,@out[0],@out[0] - vaesenc $rndkey1,@out[1],@out[1] - vaesenc $rndkey1,@out[2],@out[2] - vaesenc $rndkey1,@out[3],@out[3] - vaesenc $rndkey1,@out[4],@out[4] - vaesenc $rndkey1,@out[5],@out[5] - vaesenc $rndkey1,@out[6],@out[6] - vaesenc $rndkey1,@out[7],@out[7] - vmovups 0xd0-0x78($key),$rndkey1 - - vaesenc $rndkey0,@out[0],@out[0] - vaesenc $rndkey0,@out[1],@out[1] - vaesenc $rndkey0,@out[2],@out[2] - vaesenc $rndkey0,@out[3],@out[3] - vaesenc $rndkey0,@out[4],@out[4] - vaesenc $rndkey0,@out[5],@out[5] - vaesenc $rndkey0,@out[6],@out[6] - vaesenc $rndkey0,@out[7],@out[7] - vmovups 0xe0-0x78($key),$rndkey0 - -.Lenc8x_tail: - vaesenc $rndkey1,@out[0],@out[0] - vpxor $zero,$zero,$zero - vaesenc $rndkey1,@out[1],@out[1] - vaesenc $rndkey1,@out[2],@out[2] - vpcmpgtd $zero,$counters,$zero - vaesenc $rndkey1,@out[3],@out[3] - vaesenc $rndkey1,@out[4],@out[4] - vpaddd $counters,$zero,$zero # decrement counters - vmovdqu 48(%rsp),$counters - vaesenc $rndkey1,@out[5],@out[5] - mov 64(%rsp),$offset # pre-load 1st offset - vaesenc $rndkey1,@out[6],@out[6] - vaesenc $rndkey1,@out[7],@out[7] - vmovups 0x10-0x78($key),$rndkey1 - - vaesenclast $rndkey0,@out[0],@out[0] - vmovdqa $zero,32(%rsp) # update counters - vpxor $zero,$zero,$zero - vaesenclast $rndkey0,@out[1],@out[1] - vaesenclast $rndkey0,@out[2],@out[2] - vpcmpgtd $zero,$counters,$zero - vaesenclast $rndkey0,@out[3],@out[3] - vaesenclast $rndkey0,@out[4],@out[4] - vpaddd $zero,$counters,$counters # decrement counters - vmovdqu -0x78($key),$zero # 0-round - vaesenclast $rndkey0,@out[5],@out[5] - vaesenclast $rndkey0,@out[6],@out[6] - vmovdqa $counters,48(%rsp) # update counters - vaesenclast $rndkey0,@out[7],@out[7] - vmovups 0x20-0x78($key),$rndkey0 - - vmovups @out[0],-16(@ptr[0]) # write output - sub $offset,@ptr[0] # switch to input - vpxor 0x00($offload),@out[0],@out[0] - vmovups @out[1],-16(@ptr[1]) - sub `64+1*8`(%rsp),@ptr[1] - vpxor 0x10($offload),@out[1],@out[1] - vmovups @out[2],-16(@ptr[2]) - sub `64+2*8`(%rsp),@ptr[2] - vpxor 0x20($offload),@out[2],@out[2] - vmovups @out[3],-16(@ptr[3]) - sub `64+3*8`(%rsp),@ptr[3] - vpxor 0x30($offload),@out[3],@out[3] - vmovups @out[4],-16(@ptr[4]) - sub `64+4*8`(%rsp),@ptr[4] - vpxor @inp[0],@out[4],@out[4] - vmovups @out[5],-16(@ptr[5]) - sub `64+5*8`(%rsp),@ptr[5] - vpxor @inp[1],@out[5],@out[5] - vmovups @out[6],-16(@ptr[6]) - sub `64+6*8`(%rsp),@ptr[6] - vpxor @inp[2],@out[6],@out[6] - vmovups @out[7],-16(@ptr[7]) - sub `64+7*8`(%rsp),@ptr[7] - vpxor @inp[3],@out[7],@out[7] - - dec $num - jnz .Loop_enc8x - - mov 16(%rsp),%rax # original %rsp -.cfi_def_cfa %rax,8 - #mov 24(%rsp),$num - #lea `$inp_elm_size*8`($inp),$inp - #dec $num - #jnz .Lenc8x_loop_grande - -.Lenc8x_done: - vzeroupper -___ -$code.=<<___ if ($win64); - movaps -0xd8(%rax),%xmm6 - movaps -0xc8(%rax),%xmm7 - movaps -0xb8(%rax),%xmm8 - movaps -0xa8(%rax),%xmm9 - movaps -0x98(%rax),%xmm10 - movaps -0x88(%rax),%xmm11 - movaps -0x78(%rax),%xmm12 - movaps -0x68(%rax),%xmm13 - movaps -0x58(%rax),%xmm14 - movaps -0x48(%rax),%xmm15 -___ -$code.=<<___; - mov -48(%rax),%r15 -.cfi_restore %r15 - mov -40(%rax),%r14 -.cfi_restore %r14 - mov -32(%rax),%r13 -.cfi_restore %r13 - mov -24(%rax),%r12 -.cfi_restore %r12 - mov -16(%rax),%rbp -.cfi_restore %rbp - mov -8(%rax),%rbx -.cfi_restore %rbx - lea (%rax),%rsp -.cfi_def_cfa_register %rsp -.Lenc8x_epilogue: - ret -.cfi_endproc -.size aesni_multi_cbc_encrypt_avx,.-aesni_multi_cbc_encrypt_avx - -.type aesni_multi_cbc_decrypt_avx,\@function,3 -.align 32 -aesni_multi_cbc_decrypt_avx: -.cfi_startproc -_avx_cbc_dec_shortcut: - mov %rsp,%rax -.cfi_def_cfa_register %rax - push %rbx -.cfi_push %rbx - push %rbp -.cfi_push %rbp - push %r12 -.cfi_push %r12 - push %r13 -.cfi_push %r13 - push %r14 -.cfi_push %r14 - push %r15 -.cfi_push %r15 -___ -$code.=<<___ if ($win64); - lea -0xa8(%rsp),%rsp - movaps %xmm6,(%rsp) - movaps %xmm7,0x10(%rsp) - movaps %xmm8,0x20(%rsp) - movaps %xmm9,0x30(%rsp) - movaps %xmm10,0x40(%rsp) - movaps %xmm11,0x50(%rsp) - movaps %xmm12,-0x78(%rax) - movaps %xmm13,-0x68(%rax) - movaps %xmm14,-0x58(%rax) - movaps %xmm15,-0x48(%rax) -___ -$code.=<<___; - # stack layout - # - # +0 output sink - # +16 input sink [original %rsp and $num] - # +32 counters - # +64 distances between inputs and outputs - # +128 off-load area for @inp[0..3] - # +192 IV/input offload - - sub \$256,%rsp - and \$-256,%rsp - sub \$192,%rsp - mov %rax,16(%rsp) # original %rsp -.cfi_cfa_expression %rsp+16,deref,+8 - -.Ldec8x_body: - vzeroupper - vmovdqu ($key),$zero # 0-round key - lea 0x78($key),$key # size optimization - lea `$inp_elm_size*4`($inp),$inp - shr \$1,$num - -.Ldec8x_loop_grande: - #mov $num,24(%rsp) # original $num - xor $num,$num -___ -for($i=0;$i<8;$i++) { - my $temp = $i ? $offload : $offset; - $ptr_reg=&pointer_register($flavour,@ptr[$i]); - $temp_reg=&pointer_register($flavour,$temp); - $code.=<<___; - # borrow $one for number of blocks - mov `$inp_elm_size*$i+2*$ptr_size-$inp_elm_size*4`($inp),$one - # input pointer - mov `$inp_elm_size*$i+0-$inp_elm_size*4`($inp),$ptr_reg - cmp $num,$one - # output pointer - mov `$inp_elm_size*$i+$ptr_size-$inp_elm_size*4`($inp),$temp_reg - cmovg $one,$num # find maximum - test $one,$one - # load IV - vmovdqu `$inp_elm_size*$i+2*$ptr_size+8-$inp_elm_size*4`($inp),@out[$i] - mov $one,`32+4*$i`(%rsp) # initialize counters - cmovle %rsp,@ptr[$i] # cancel input - sub @ptr[$i],$temp # distance between input and output - mov $temp,`64+8*$i`(%rsp) # initialize distances - vmovdqu @out[$i],`192+16*$i`(%rsp) # offload IV -___ -} -$code.=<<___; - test $num,$num - jz .Ldec8x_done - - vmovups 0x10-0x78($key),$rndkey1 - vmovups 0x20-0x78($key),$rndkey0 - mov 0xf0-0x78($key),$rounds - lea 192+128(%rsp),$offload # offload area - - vmovdqu (@ptr[0]),@out[0] # load inputs - vmovdqu (@ptr[1]),@out[1] - vmovdqu (@ptr[2]),@out[2] - vmovdqu (@ptr[3]),@out[3] - vmovdqu (@ptr[4]),@out[4] - vmovdqu (@ptr[5]),@out[5] - vmovdqu (@ptr[6]),@out[6] - vmovdqu (@ptr[7]),@out[7] - vmovdqu @out[0],0x00($offload) # offload inputs - vpxor $zero,@out[0],@out[0] # xor inputs with 0-round - vmovdqu @out[1],0x10($offload) - vpxor $zero,@out[1],@out[1] - vmovdqu @out[2],0x20($offload) - vpxor $zero,@out[2],@out[2] - vmovdqu @out[3],0x30($offload) - vpxor $zero,@out[3],@out[3] - vmovdqu @out[4],0x40($offload) - vpxor $zero,@out[4],@out[4] - vmovdqu @out[5],0x50($offload) - vpxor $zero,@out[5],@out[5] - vmovdqu @out[6],0x60($offload) - vpxor $zero,@out[6],@out[6] - vmovdqu @out[7],0x70($offload) - vpxor $zero,@out[7],@out[7] - xor \$0x80,$offload - mov \$1,$one # constant of 1 - jmp .Loop_dec8x - -.align 32 -.Loop_dec8x: -___ -for($i=0;$i<8;$i++) { -my $rndkey=($i&1)?$rndkey0:$rndkey1; -$code.=<<___; - vaesdec $rndkey,@out[0],@out[0] - cmp 32+4*$i(%rsp),$one -___ -$code.=<<___ if ($i); - mov 64+8*$i(%rsp),$offset -___ -$code.=<<___; - vaesdec $rndkey,@out[1],@out[1] - prefetcht0 31(@ptr[$i]) # prefetch input - vaesdec $rndkey,@out[2],@out[2] -___ -$code.=<<___ if ($i>1); - prefetcht0 15(@ptr[$i-2]) # prefetch output -___ -$code.=<<___; - vaesdec $rndkey,@out[3],@out[3] - lea (@ptr[$i],$offset),$offset - cmovge %rsp,@ptr[$i] # cancel input - vaesdec $rndkey,@out[4],@out[4] - cmovg %rsp,$offset # sink output - vaesdec $rndkey,@out[5],@out[5] - sub @ptr[$i],$offset - vaesdec $rndkey,@out[6],@out[6] - vmovdqu 16(@ptr[$i]),@inp[$i%4] # load input - mov $offset,64+8*$i(%rsp) - vaesdec $rndkey,@out[7],@out[7] - vmovups `16*(3+$i)-0x78`($key),$rndkey - lea 16(@ptr[$i],$offset),@ptr[$i] # switch to output -___ -$code.=<<___ if ($i<4); - vmovdqu @inp[$i%4],`128+16*$i`(%rsp) # off-load -___ -} -$code.=<<___; - vmovdqu 32(%rsp),$counters - prefetcht0 15(@ptr[$i-2]) # prefetch output - prefetcht0 15(@ptr[$i-1]) - cmp \$11,$rounds - jb .Ldec8x_tail - - vaesdec $rndkey1,@out[0],@out[0] - vaesdec $rndkey1,@out[1],@out[1] - vaesdec $rndkey1,@out[2],@out[2] - vaesdec $rndkey1,@out[3],@out[3] - vaesdec $rndkey1,@out[4],@out[4] - vaesdec $rndkey1,@out[5],@out[5] - vaesdec $rndkey1,@out[6],@out[6] - vaesdec $rndkey1,@out[7],@out[7] - vmovups 0xb0-0x78($key),$rndkey1 - - vaesdec $rndkey0,@out[0],@out[0] - vaesdec $rndkey0,@out[1],@out[1] - vaesdec $rndkey0,@out[2],@out[2] - vaesdec $rndkey0,@out[3],@out[3] - vaesdec $rndkey0,@out[4],@out[4] - vaesdec $rndkey0,@out[5],@out[5] - vaesdec $rndkey0,@out[6],@out[6] - vaesdec $rndkey0,@out[7],@out[7] - vmovups 0xc0-0x78($key),$rndkey0 - je .Ldec8x_tail - - vaesdec $rndkey1,@out[0],@out[0] - vaesdec $rndkey1,@out[1],@out[1] - vaesdec $rndkey1,@out[2],@out[2] - vaesdec $rndkey1,@out[3],@out[3] - vaesdec $rndkey1,@out[4],@out[4] - vaesdec $rndkey1,@out[5],@out[5] - vaesdec $rndkey1,@out[6],@out[6] - vaesdec $rndkey1,@out[7],@out[7] - vmovups 0xd0-0x78($key),$rndkey1 - - vaesdec $rndkey0,@out[0],@out[0] - vaesdec $rndkey0,@out[1],@out[1] - vaesdec $rndkey0,@out[2],@out[2] - vaesdec $rndkey0,@out[3],@out[3] - vaesdec $rndkey0,@out[4],@out[4] - vaesdec $rndkey0,@out[5],@out[5] - vaesdec $rndkey0,@out[6],@out[6] - vaesdec $rndkey0,@out[7],@out[7] - vmovups 0xe0-0x78($key),$rndkey0 - -.Ldec8x_tail: - vaesdec $rndkey1,@out[0],@out[0] - vpxor $zero,$zero,$zero - vaesdec $rndkey1,@out[1],@out[1] - vaesdec $rndkey1,@out[2],@out[2] - vpcmpgtd $zero,$counters,$zero - vaesdec $rndkey1,@out[3],@out[3] - vaesdec $rndkey1,@out[4],@out[4] - vpaddd $counters,$zero,$zero # decrement counters - vmovdqu 48(%rsp),$counters - vaesdec $rndkey1,@out[5],@out[5] - mov 64(%rsp),$offset # pre-load 1st offset - vaesdec $rndkey1,@out[6],@out[6] - vaesdec $rndkey1,@out[7],@out[7] - vmovups 0x10-0x78($key),$rndkey1 - - vaesdeclast $rndkey0,@out[0],@out[0] - vmovdqa $zero,32(%rsp) # update counters - vpxor $zero,$zero,$zero - vaesdeclast $rndkey0,@out[1],@out[1] - vpxor 0x00($offload),@out[0],@out[0] # xor with IV - vaesdeclast $rndkey0,@out[2],@out[2] - vpxor 0x10($offload),@out[1],@out[1] - vpcmpgtd $zero,$counters,$zero - vaesdeclast $rndkey0,@out[3],@out[3] - vpxor 0x20($offload),@out[2],@out[2] - vaesdeclast $rndkey0,@out[4],@out[4] - vpxor 0x30($offload),@out[3],@out[3] - vpaddd $zero,$counters,$counters # decrement counters - vmovdqu -0x78($key),$zero # 0-round - vaesdeclast $rndkey0,@out[5],@out[5] - vpxor 0x40($offload),@out[4],@out[4] - vaesdeclast $rndkey0,@out[6],@out[6] - vpxor 0x50($offload),@out[5],@out[5] - vmovdqa $counters,48(%rsp) # update counters - vaesdeclast $rndkey0,@out[7],@out[7] - vpxor 0x60($offload),@out[6],@out[6] - vmovups 0x20-0x78($key),$rndkey0 - - vmovups @out[0],-16(@ptr[0]) # write output - sub $offset,@ptr[0] # switch to input - vmovdqu 128+0(%rsp),@out[0] - vpxor 0x70($offload),@out[7],@out[7] - vmovups @out[1],-16(@ptr[1]) - sub `64+1*8`(%rsp),@ptr[1] - vmovdqu @out[0],0x00($offload) - vpxor $zero,@out[0],@out[0] - vmovdqu 128+16(%rsp),@out[1] - vmovups @out[2],-16(@ptr[2]) - sub `64+2*8`(%rsp),@ptr[2] - vmovdqu @out[1],0x10($offload) - vpxor $zero,@out[1],@out[1] - vmovdqu 128+32(%rsp),@out[2] - vmovups @out[3],-16(@ptr[3]) - sub `64+3*8`(%rsp),@ptr[3] - vmovdqu @out[2],0x20($offload) - vpxor $zero,@out[2],@out[2] - vmovdqu 128+48(%rsp),@out[3] - vmovups @out[4],-16(@ptr[4]) - sub `64+4*8`(%rsp),@ptr[4] - vmovdqu @out[3],0x30($offload) - vpxor $zero,@out[3],@out[3] - vmovdqu @inp[0],0x40($offload) - vpxor @inp[0],$zero,@out[4] - vmovups @out[5],-16(@ptr[5]) - sub `64+5*8`(%rsp),@ptr[5] - vmovdqu @inp[1],0x50($offload) - vpxor @inp[1],$zero,@out[5] - vmovups @out[6],-16(@ptr[6]) - sub `64+6*8`(%rsp),@ptr[6] - vmovdqu @inp[2],0x60($offload) - vpxor @inp[2],$zero,@out[6] - vmovups @out[7],-16(@ptr[7]) - sub `64+7*8`(%rsp),@ptr[7] - vmovdqu @inp[3],0x70($offload) - vpxor @inp[3],$zero,@out[7] - - xor \$128,$offload - dec $num - jnz .Loop_dec8x - - mov 16(%rsp),%rax # original %rsp -.cfi_def_cfa %rax,8 - #mov 24(%rsp),$num - #lea `$inp_elm_size*8`($inp),$inp - #dec $num - #jnz .Ldec8x_loop_grande - -.Ldec8x_done: - vzeroupper -___ -$code.=<<___ if ($win64); - movaps -0xd8(%rax),%xmm6 - movaps -0xc8(%rax),%xmm7 - movaps -0xb8(%rax),%xmm8 - movaps -0xa8(%rax),%xmm9 - movaps -0x98(%rax),%xmm10 - movaps -0x88(%rax),%xmm11 - movaps -0x78(%rax),%xmm12 - movaps -0x68(%rax),%xmm13 - movaps -0x58(%rax),%xmm14 - movaps -0x48(%rax),%xmm15 -___ -$code.=<<___; - mov -48(%rax),%r15 -.cfi_restore %r15 - mov -40(%rax),%r14 -.cfi_restore %r14 - mov -32(%rax),%r13 -.cfi_restore %r13 - mov -24(%rax),%r12 -.cfi_restore %r12 - mov -16(%rax),%rbp -.cfi_restore %rbp - mov -8(%rax),%rbx -.cfi_restore %rbx - lea (%rax),%rsp -.cfi_def_cfa_register %rsp -.Ldec8x_epilogue: - ret -.cfi_endproc -.size aesni_multi_cbc_decrypt_avx,.-aesni_multi_cbc_decrypt_avx -___ - }}} - -if ($win64) { -# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame, -# CONTEXT *context,DISPATCHER_CONTEXT *disp) -$rec="%rcx"; -$frame="%rdx"; -$context="%r8"; -$disp="%r9"; - -$code.=<<___; -.extern __imp_RtlVirtualUnwind -.type se_handler,\@abi-omnipotent -.align 16 -se_handler: - push %rsi - push %rdi - push %rbx - push %rbp - push %r12 - push %r13 - push %r14 - push %r15 - pushfq - sub \$64,%rsp - - mov 120($context),%rax # pull context->Rax - mov 248($context),%rbx # pull context->Rip - - mov 8($disp),%rsi # disp->ImageBase - mov 56($disp),%r11 # disp->HandlerData - - mov 0(%r11),%r10d # HandlerData[0] - lea (%rsi,%r10),%r10 # prologue label - cmp %r10,%rbx # context->Rip<.Lprologue - jb .Lin_prologue - - mov 152($context),%rax # pull context->Rsp - - mov 4(%r11),%r10d # HandlerData[1] - lea (%rsi,%r10),%r10 # epilogue label - cmp %r10,%rbx # context->Rip>=.Lepilogue - jae .Lin_prologue - - mov 16(%rax),%rax # pull saved stack pointer - - mov -8(%rax),%rbx - mov -16(%rax),%rbp - mov -24(%rax),%r12 - mov -32(%rax),%r13 - mov -40(%rax),%r14 - mov -48(%rax),%r15 - mov %rbx,144($context) # restore context->Rbx - mov %rbp,160($context) # restore context->Rbp - mov %r12,216($context) # restore context->R12 - mov %r13,224($context) # restore context->R13 - mov %r14,232($context) # restore context->R14 - mov %r15,240($context) # restore context->R15 - - lea -56-10*16(%rax),%rsi - lea 512($context),%rdi # &context.Xmm6 - mov \$20,%ecx - .long 0xa548f3fc # cld; rep movsq - -.Lin_prologue: - mov 8(%rax),%rdi - mov 16(%rax),%rsi - mov %rax,152($context) # restore context->Rsp - mov %rsi,168($context) # restore context->Rsi - mov %rdi,176($context) # restore context->Rdi - - mov 40($disp),%rdi # disp->ContextRecord - mov $context,%rsi # context - mov \$154,%ecx # sizeof(CONTEXT) - .long 0xa548f3fc # cld; rep movsq - - mov $disp,%rsi - xor %rcx,%rcx # arg1, UNW_FLAG_NHANDLER - mov 8(%rsi),%rdx # arg2, disp->ImageBase - mov 0(%rsi),%r8 # arg3, disp->ControlPc - mov 16(%rsi),%r9 # arg4, disp->FunctionEntry - mov 40(%rsi),%r10 # disp->ContextRecord - lea 56(%rsi),%r11 # &disp->HandlerData - lea 24(%rsi),%r12 # &disp->EstablisherFrame - mov %r10,32(%rsp) # arg5 - mov %r11,40(%rsp) # arg6 - mov %r12,48(%rsp) # arg7 - mov %rcx,56(%rsp) # arg8, (NULL) - call *__imp_RtlVirtualUnwind(%rip) - - mov \$1,%eax # ExceptionContinueSearch - add \$64,%rsp - popfq - pop %r15 - pop %r14 - pop %r13 - pop %r12 - pop %rbp - pop %rbx - pop %rdi - pop %rsi - ret -.size se_handler,.-se_handler - -.section .pdata -.align 4 - .rva .LSEH_begin_aesni_multi_cbc_encrypt - .rva .LSEH_end_aesni_multi_cbc_encrypt - .rva .LSEH_info_aesni_multi_cbc_encrypt - .rva .LSEH_begin_aesni_multi_cbc_decrypt - .rva .LSEH_end_aesni_multi_cbc_decrypt - .rva .LSEH_info_aesni_multi_cbc_decrypt -___ -$code.=<<___ if ($avx); - .rva .LSEH_begin_aesni_multi_cbc_encrypt_avx - .rva .LSEH_end_aesni_multi_cbc_encrypt_avx - .rva .LSEH_info_aesni_multi_cbc_encrypt_avx - .rva .LSEH_begin_aesni_multi_cbc_decrypt_avx - .rva .LSEH_end_aesni_multi_cbc_decrypt_avx - .rva .LSEH_info_aesni_multi_cbc_decrypt_avx -___ -$code.=<<___; -.section .xdata -.align 8 -.LSEH_info_aesni_multi_cbc_encrypt: - .byte 9,0,0,0 - .rva se_handler - .rva .Lenc4x_body,.Lenc4x_epilogue # HandlerData[] -.LSEH_info_aesni_multi_cbc_decrypt: - .byte 9,0,0,0 - .rva se_handler - .rva .Ldec4x_body,.Ldec4x_epilogue # HandlerData[] -___ -$code.=<<___ if ($avx); -.LSEH_info_aesni_multi_cbc_encrypt_avx: - .byte 9,0,0,0 - .rva se_handler - .rva .Lenc8x_body,.Lenc8x_epilogue # HandlerData[] -.LSEH_info_aesni_multi_cbc_decrypt_avx: - .byte 9,0,0,0 - .rva se_handler - .rva .Ldec8x_body,.Ldec8x_epilogue # HandlerData[] -___ -} -#################################################################### - -sub rex { - local *opcode=shift; - my ($dst,$src)=@_; - my $rex=0; - - $rex|=0x04 if($dst>=8); - $rex|=0x01 if($src>=8); - push @opcode,$rex|0x40 if($rex); -} - -sub aesni { - my $line=shift; - my @opcode=(0x66); - - if ($line=~/(aeskeygenassist)\s+\$([x0-9a-f]+),\s*%xmm([0-9]+),\s*%xmm([0-9]+)/) { - rex(\@opcode,$4,$3); - push @opcode,0x0f,0x3a,0xdf; - push @opcode,0xc0|($3&7)|(($4&7)<<3); # ModR/M - my $c=$2; - push @opcode,$c=~/^0/?oct($c):$c; - return ".byte\t".join(',',@opcode); - } - elsif ($line=~/(aes[a-z]+)\s+%xmm([0-9]+),\s*%xmm([0-9]+)/) { - my %opcodelet = ( - "aesimc" => 0xdb, - "aesenc" => 0xdc, "aesenclast" => 0xdd, - "aesdec" => 0xde, "aesdeclast" => 0xdf - ); - return undef if (!defined($opcodelet{$1})); - rex(\@opcode,$3,$2); - push @opcode,0x0f,0x38,$opcodelet{$1}; - push @opcode,0xc0|($2&7)|(($3&7)<<3); # ModR/M - return ".byte\t".join(',',@opcode); - } - elsif ($line=~/(aes[a-z]+)\s+([0x1-9a-fA-F]*)\(%rsp\),\s*%xmm([0-9]+)/) { - my %opcodelet = ( - "aesenc" => 0xdc, "aesenclast" => 0xdd, - "aesdec" => 0xde, "aesdeclast" => 0xdf - ); - return undef if (!defined($opcodelet{$1})); - my $off = $2; - push @opcode,0x44 if ($3>=8); - push @opcode,0x0f,0x38,$opcodelet{$1}; - push @opcode,0x44|(($3&7)<<3),0x24; # ModR/M - push @opcode,($off=~/^0/?oct($off):$off)&0xff; - return ".byte\t".join(',',@opcode); - } - return $line; -} - -$code =~ s/\`([^\`]*)\`/eval($1)/gem; -$code =~ s/\b(aes.*%xmm[0-9]+).*$/aesni($1)/gem; - -print $code; -close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/aes/asm/aesni-sha1-x86_64.pl b/crypto/aes/asm/aesni-sha1-x86_64.pl deleted file mode 100644 index dbe33a3f1a02ea3da910debdbd33b258cc9b149a..0000000000000000000000000000000000000000 --- a/crypto/aes/asm/aesni-sha1-x86_64.pl +++ /dev/null @@ -1,2148 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2011-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - -# -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# ==================================================================== -# -# June 2011 -# -# This is AESNI-CBC+SHA1 "stitch" implementation. The idea, as spelled -# in http://download.intel.com/design/intarch/papers/323686.pdf, is -# that since AESNI-CBC encrypt exhibit *very* low instruction-level -# parallelism, interleaving it with another algorithm would allow to -# utilize processor resources better and achieve better performance. -# SHA1 instruction sequences(*) are taken from sha1-x86_64.pl and -# AESNI code is weaved into it. Below are performance numbers in -# cycles per processed byte, less is better, for standalone AESNI-CBC -# encrypt, sum of the latter and standalone SHA1, and "stitched" -# subroutine: -# -# AES-128-CBC +SHA1 stitch gain -# Westmere 3.77[+5.3] 9.07 6.55 +38% -# Sandy Bridge 5.05[+5.0(6.1)] 10.06(11.15) 5.98(7.05) +68%(+58%) -# Ivy Bridge 5.05[+4.6] 9.65 5.54 +74% -# Haswell 4.43[+3.6(4.2)] 8.00(8.58) 4.55(5.21) +75%(+65%) -# Skylake 2.63[+3.5(4.1)] 6.17(6.69) 4.23(4.44) +46%(+51%) -# Bulldozer 5.77[+6.0] 11.72 6.37 +84% -# Ryzen(**) 2.71[+1.93] 4.64 2.74 +69% -# Goldmont(**) 3.82[+1.70] 5.52 4.20 +31% -# -# AES-192-CBC -# Westmere 4.51 9.81 6.80 +44% -# Sandy Bridge 6.05 11.06(12.15) 6.11(7.19) +81%(+69%) -# Ivy Bridge 6.05 10.65 6.07 +75% -# Haswell 5.29 8.86(9.44) 5.32(5.32) +67%(+77%) -# Bulldozer 6.89 12.84 6.96 +84% -# -# AES-256-CBC -# Westmere 5.25 10.55 7.21 +46% -# Sandy Bridge 7.05 12.06(13.15) 7.12(7.72) +69%(+70%) -# Ivy Bridge 7.05 11.65 7.12 +64% -# Haswell 6.19 9.76(10.34) 6.21(6.25) +57%(+65%) -# Skylake 3.62 7.16(7.68) 4.56(4.76) +57%(+61%) -# Bulldozer 8.00 13.95 8.25 +69% -# Ryzen(**) 3.71 5.64 3.72 +52% -# Goldmont(**) 5.35 7.05 5.76 +22% -# -# (*) There are two code paths: SSSE3 and AVX. See sha1-568.pl for -# background information. Above numbers in parentheses are SSSE3 -# results collected on AVX-capable CPU, i.e. apply on OSes that -# don't support AVX. -# (**) SHAEXT results. -# -# Needless to mention that it makes no sense to implement "stitched" -# *decrypt* subroutine. Because *both* AESNI-CBC decrypt and SHA1 -# fully utilize parallelism, so stitching would not give any gain -# anyway. Well, there might be some, e.g. because of better cache -# locality... For reference, here are performance results for -# standalone AESNI-CBC decrypt: -# -# AES-128-CBC AES-192-CBC AES-256-CBC -# Westmere 1.25 1.50 1.75 -# Sandy Bridge 0.74 0.91 1.09 -# Ivy Bridge 0.74 0.90 1.11 -# Haswell 0.63 0.76 0.88 -# Bulldozer 0.70 0.85 0.99 - -# And indeed: -# -# AES-256-CBC +SHA1 stitch gain -# Westmere 1.75 7.20 6.68 +7.8% -# Sandy Bridge 1.09 6.09(7.22) 5.82(6.95) +4.6%(+3.9%) -# Ivy Bridge 1.11 5.70 5.45 +4.6% -# Haswell 0.88 4.45(5.00) 4.39(4.69) +1.4%(*)(+6.6%) -# Bulldozer 0.99 6.95 5.95 +17%(**) -# -# (*) Tiny improvement coefficient on Haswell is because we compare -# AVX1 stitch to sum with AVX2 SHA1. -# (**) Execution is fully dominated by integer code sequence and -# SIMD still hardly shows [in single-process benchmark;-] - -# $output is the last argument if it looks like a file (it has an extension) -# $flavour is the first argument if it doesn't look like a file -$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; -$flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef; - -$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/); - -$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; -( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or -( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or -die "can't locate x86_64-xlate.pl"; - -$avx=1 if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1` - =~ /GNU assembler version ([2-9]\.[0-9]+)/ && - $1>=2.19); -$avx=1 if (!$avx && $win64 && ($flavour =~ /nasm/ || $ENV{ASM} =~ /nasm/) && - `nasm -v 2>&1` =~ /NASM version ([2-9]\.[0-9]+)/ && - $1>=2.09); -$avx=1 if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) && - `ml64 2>&1` =~ /Version ([0-9]+)\./ && - $1>=10); -$avx=1 if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:clang|LLVM) version|.*based on LLVM) ([0-9]+\.[0-9]+)/ && $2>=3.0); - -$shaext=1; ### set to zero if compiling for 1.0.1 - -$stitched_decrypt=0; - -open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"" - or die "can't call $xlate: $!"; -*STDOUT=*OUT; - -# void aesni_cbc_sha1_enc(const void *inp, -# void *out, -# size_t length, -# const AES_KEY *key, -# unsigned char *iv, -# SHA_CTX *ctx, -# const void *in0); - -$code.=<<___; -.text -.extern OPENSSL_ia32cap_P - -.globl aesni_cbc_sha1_enc -.type aesni_cbc_sha1_enc,\@abi-omnipotent -.align 32 -aesni_cbc_sha1_enc: -.cfi_startproc - # caller should check for SSSE3 and AES-NI bits - mov OPENSSL_ia32cap_P+0(%rip),%r10d - mov OPENSSL_ia32cap_P+4(%rip),%r11 -___ -$code.=<<___ if ($shaext); - bt \$61,%r11 # check SHA bit - jc aesni_cbc_sha1_enc_shaext -___ -$code.=<<___ if ($avx); - and \$`1<<28`,%r11d # mask AVX bit - and \$`1<<30`,%r10d # mask "Intel CPU" bit - or %r11d,%r10d - cmp \$`1<<28|1<<30`,%r10d - je aesni_cbc_sha1_enc_avx -___ -$code.=<<___; - jmp aesni_cbc_sha1_enc_ssse3 - ret -.cfi_endproc -.size aesni_cbc_sha1_enc,.-aesni_cbc_sha1_enc -___ - -my ($in0,$out,$len,$key,$ivp,$ctx,$inp)=("%rdi","%rsi","%rdx","%rcx","%r8","%r9","%r10"); - -my $Xi=4; -my @X=map("%xmm$_",(4..7,0..3)); -my @Tx=map("%xmm$_",(8..10)); -my @V=($A,$B,$C,$D,$E)=("%eax","%ebx","%ecx","%edx","%ebp"); # size optimization -my @T=("%esi","%edi"); -my $j=0; my $jj=0; my $r=0; my $sn=0; my $rx=0; -my $K_XX_XX="%r11"; -my ($rndkey0,$iv,$in)=map("%xmm$_",(11..13)); # for enc -my @rndkey=("%xmm14","%xmm15"); # for enc -my ($inout0,$inout1,$inout2,$inout3)=map("%xmm$_",(12..15)); # for dec - -if (1) { # reassign for Atom Silvermont - # The goal is to minimize amount of instructions with more than - # 3 prefix bytes. Or in more practical terms to keep AES-NI *and* - # SSSE3 instructions to upper half of the register bank. - @X=map("%xmm$_",(8..11,4..7)); - @Tx=map("%xmm$_",(12,13,3)); - ($iv,$in,$rndkey0)=map("%xmm$_",(2,14,15)); - @rndkey=("%xmm0","%xmm1"); -} - -sub AUTOLOAD() # thunk [simplified] 32-bit style perlasm -{ my $opcode = $AUTOLOAD; $opcode =~ s/.*:://; - my $arg = pop; - $arg = "\$$arg" if ($arg*1 eq $arg); - $code .= "\t$opcode\t".join(',',$arg,reverse @_)."\n"; -} - -my $_rol=sub { &rol(@_) }; -my $_ror=sub { &ror(@_) }; - -$code.=<<___; -.type aesni_cbc_sha1_enc_ssse3,\@function,6 -.align 32 -aesni_cbc_sha1_enc_ssse3: -.cfi_startproc - mov `($win64?56:8)`(%rsp),$inp # load 7th argument - #shr \$6,$len # debugging artefact - #jz .Lepilogue_ssse3 # debugging artefact - push %rbx -.cfi_push %rbx - push %rbp -.cfi_push %rbp - push %r12 -.cfi_push %r12 - push %r13 -.cfi_push %r13 - push %r14 -.cfi_push %r14 - push %r15 -.cfi_push %r15 - lea `-104-($win64?10*16:0)`(%rsp),%rsp -.cfi_adjust_cfa_offset `104+($win64?10*16:0)` - #mov $in0,$inp # debugging artefact - #lea 64(%rsp),$ctx # debugging artefact -___ -$code.=<<___ if ($win64); - movaps %xmm6,96+0(%rsp) - movaps %xmm7,96+16(%rsp) - movaps %xmm8,96+32(%rsp) - movaps %xmm9,96+48(%rsp) - movaps %xmm10,96+64(%rsp) - movaps %xmm11,96+80(%rsp) - movaps %xmm12,96+96(%rsp) - movaps %xmm13,96+112(%rsp) - movaps %xmm14,96+128(%rsp) - movaps %xmm15,96+144(%rsp) -.Lprologue_ssse3: -___ -$code.=<<___; - mov $in0,%r12 # reassign arguments - mov $out,%r13 - mov $len,%r14 - lea 112($key),%r15 # size optimization - movdqu ($ivp),$iv # load IV - mov $ivp,88(%rsp) # save $ivp -___ -($in0,$out,$len,$key)=map("%r$_",(12..15)); # reassign arguments -my $rounds="${ivp}d"; -$code.=<<___; - shl \$6,$len - sub $in0,$out - mov 240-112($key),$rounds - add $inp,$len # end of input - - lea K_XX_XX(%rip),$K_XX_XX - mov 0($ctx),$A # load context - mov 4($ctx),$B - mov 8($ctx),$C - mov 12($ctx),$D - mov $B,@T[0] # magic seed - mov 16($ctx),$E - mov $C,@T[1] - xor $D,@T[1] - and @T[1],@T[0] - - movdqa 64($K_XX_XX),@Tx[2] # pbswap mask - movdqa 0($K_XX_XX),@Tx[1] # K_00_19 - movdqu 0($inp),@X[-4&7] # load input to %xmm[0-3] - movdqu 16($inp),@X[-3&7] - movdqu 32($inp),@X[-2&7] - movdqu 48($inp),@X[-1&7] - pshufb @Tx[2],@X[-4&7] # byte swap - pshufb @Tx[2],@X[-3&7] - pshufb @Tx[2],@X[-2&7] - add \$64,$inp - paddd @Tx[1],@X[-4&7] # add K_00_19 - pshufb @Tx[2],@X[-1&7] - paddd @Tx[1],@X[-3&7] - paddd @Tx[1],@X[-2&7] - movdqa @X[-4&7],0(%rsp) # X[]+K xfer to IALU - psubd @Tx[1],@X[-4&7] # restore X[] - movdqa @X[-3&7],16(%rsp) - psubd @Tx[1],@X[-3&7] - movdqa @X[-2&7],32(%rsp) - psubd @Tx[1],@X[-2&7] - movups -112($key),$rndkey0 # $key[0] - movups 16-112($key),$rndkey[0] # forward reference - jmp .Loop_ssse3 -___ - -my $aesenc=sub { - use integer; - my ($n,$k)=($r/10,$r%10); - if ($k==0) { - $code.=<<___; - movups `16*$n`($in0),$in # load input - xorps $rndkey0,$in -___ - $code.=<<___ if ($n); - movups $iv,`16*($n-1)`($out,$in0) # write output -___ - $code.=<<___; - xorps $in,$iv - movups `32+16*$k-112`($key),$rndkey[1] - aesenc $rndkey[0],$iv -___ - } elsif ($k==9) { - $sn++; - $code.=<<___; - cmp \$11,$rounds - jb .Laesenclast$sn - movups `32+16*($k+0)-112`($key),$rndkey[1] - aesenc $rndkey[0],$iv - movups `32+16*($k+1)-112`($key),$rndkey[0] - aesenc $rndkey[1],$iv - je .Laesenclast$sn - movups `32+16*($k+2)-112`($key),$rndkey[1] - aesenc $rndkey[0],$iv - movups `32+16*($k+3)-112`($key),$rndkey[0] - aesenc $rndkey[1],$iv -.Laesenclast$sn: - aesenclast $rndkey[0],$iv - movups 16-112($key),$rndkey[1] # forward reference -___ - } else { - $code.=<<___; - movups `32+16*$k-112`($key),$rndkey[1] - aesenc $rndkey[0],$iv -___ - } - $r++; unshift(@rndkey,pop(@rndkey)); -}; - -sub Xupdate_ssse3_16_31() # recall that $Xi starts with 4 -{ use integer; - my $body = shift; - my @insns = (&$body,&$body,&$body,&$body); # 40 instructions - my ($a,$b,$c,$d,$e); - - eval(shift(@insns)); # ror - &pshufd (@X[0],@X[-4&7],0xee); # was &movdqa (@X[0],@X[-3&7]); - eval(shift(@insns)); - &movdqa (@Tx[0],@X[-1&7]); - &paddd (@Tx[1],@X[-1&7]); - eval(shift(@insns)); - eval(shift(@insns)); - - &punpcklqdq(@X[0],@X[-3&7]); # compose "X[-14]" in "X[0]", was &palignr(@X[0],@X[-4&7],8); - eval(shift(@insns)); - eval(shift(@insns)); # rol - eval(shift(@insns)); - &psrldq (@Tx[0],4); # "X[-3]", 3 dwords - eval(shift(@insns)); - eval(shift(@insns)); - - &pxor (@X[0],@X[-4&7]); # "X[0]"^="X[-16]" - eval(shift(@insns)); - eval(shift(@insns)); # ror - &pxor (@Tx[0],@X[-2&7]); # "X[-3]"^"X[-8]" - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - - &pxor (@X[0],@Tx[0]); # "X[0]"^="X[-3]"^"X[-8]" - eval(shift(@insns)); - eval(shift(@insns)); # rol - &movdqa (eval(16*(($Xi-1)&3))."(%rsp)",@Tx[1]); # X[]+K xfer to IALU - eval(shift(@insns)); - eval(shift(@insns)); - - &movdqa (@Tx[2],@X[0]); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); # ror - &movdqa (@Tx[0],@X[0]); - eval(shift(@insns)); - - &pslldq (@Tx[2],12); # "X[0]"<<96, extract one dword - &paddd (@X[0],@X[0]); - eval(shift(@insns)); - eval(shift(@insns)); - - &psrld (@Tx[0],31); - eval(shift(@insns)); - eval(shift(@insns)); # rol - eval(shift(@insns)); - &movdqa (@Tx[1],@Tx[2]); - eval(shift(@insns)); - eval(shift(@insns)); - - &psrld (@Tx[2],30); - eval(shift(@insns)); - eval(shift(@insns)); # ror - &por (@X[0],@Tx[0]); # "X[0]"<<<=1 - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - - &pslld (@Tx[1],2); - &pxor (@X[0],@Tx[2]); - eval(shift(@insns)); - &movdqa (@Tx[2],eval(16*(($Xi)/5))."($K_XX_XX)"); # K_XX_XX - eval(shift(@insns)); # rol - eval(shift(@insns)); - eval(shift(@insns)); - - &pxor (@X[0],@Tx[1]); # "X[0]"^=("X[0]">>96)<<<2 - &pshufd (@Tx[1],@X[-1&7],0xee) if ($Xi==7); # was &movdqa (@Tx[0],@X[-1&7]) in Xupdate_ssse3_32_79 - - foreach (@insns) { eval; } # remaining instructions [if any] - - $Xi++; push(@X,shift(@X)); # "rotate" X[] - push(@Tx,shift(@Tx)); -} - -sub Xupdate_ssse3_32_79() -{ use integer; - my $body = shift; - my @insns = (&$body,&$body,&$body,&$body); # 32 to 44 instructions - my ($a,$b,$c,$d,$e); - - eval(shift(@insns)) if ($Xi==8); - &pxor (@X[0],@X[-4&7]); # "X[0]"="X[-32]"^"X[-16]" - eval(shift(@insns)) if ($Xi==8); - eval(shift(@insns)); # body_20_39 - eval(shift(@insns)); - eval(shift(@insns)) if (@insns[1] =~ /_ror/); - eval(shift(@insns)) if (@insns[0] =~ /_ror/); - &punpcklqdq(@Tx[0],@X[-1&7]); # compose "X[-6]", was &palignr(@Tx[0],@X[-2&7],8); - eval(shift(@insns)); - eval(shift(@insns)); # rol - - &pxor (@X[0],@X[-7&7]); # "X[0]"^="X[-28]" - eval(shift(@insns)); - eval(shift(@insns)); - if ($Xi%5) { - &movdqa (@Tx[2],@Tx[1]);# "perpetuate" K_XX_XX... - } else { # ... or load next one - &movdqa (@Tx[2],eval(16*($Xi/5))."($K_XX_XX)"); - } - eval(shift(@insns)); # ror - &paddd (@Tx[1],@X[-1&7]); - eval(shift(@insns)); - - &pxor (@X[0],@Tx[0]); # "X[0]"^="X[-6]" - eval(shift(@insns)); # body_20_39 - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); # rol - eval(shift(@insns)) if (@insns[0] =~ /_ror/); - - &movdqa (@Tx[0],@X[0]); - eval(shift(@insns)); - eval(shift(@insns)); - &movdqa (eval(16*(($Xi-1)&3))."(%rsp)",@Tx[1]); # X[]+K xfer to IALU - eval(shift(@insns)); # ror - eval(shift(@insns)); - eval(shift(@insns)); # body_20_39 - - &pslld (@X[0],2); - eval(shift(@insns)); - eval(shift(@insns)); - &psrld (@Tx[0],30); - eval(shift(@insns)) if (@insns[0] =~ /_rol/);# rol - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); # ror - - &por (@X[0],@Tx[0]); # "X[0]"<<<=2 - eval(shift(@insns)); - eval(shift(@insns)); # body_20_39 - eval(shift(@insns)) if (@insns[1] =~ /_rol/); - eval(shift(@insns)) if (@insns[0] =~ /_rol/); - &pshufd(@Tx[1],@X[-1&7],0xee) if ($Xi<19); # was &movdqa (@Tx[1],@X[0]) - eval(shift(@insns)); - eval(shift(@insns)); # rol - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); # rol - eval(shift(@insns)); - - foreach (@insns) { eval; } # remaining instructions - - $Xi++; push(@X,shift(@X)); # "rotate" X[] - push(@Tx,shift(@Tx)); -} - -sub Xuplast_ssse3_80() -{ use integer; - my $body = shift; - my @insns = (&$body,&$body,&$body,&$body); # 32 instructions - my ($a,$b,$c,$d,$e); - - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - &paddd (@Tx[1],@X[-1&7]); - eval(shift(@insns)); - eval(shift(@insns)); - - &movdqa (eval(16*(($Xi-1)&3))."(%rsp)",@Tx[1]); # X[]+K xfer IALU - - foreach (@insns) { eval; } # remaining instructions - - &cmp ($inp,$len); - &je (shift); - - unshift(@Tx,pop(@Tx)); - - &movdqa (@Tx[2],"64($K_XX_XX)"); # pbswap mask - &movdqa (@Tx[1],"0($K_XX_XX)"); # K_00_19 - &movdqu (@X[-4&7],"0($inp)"); # load input - &movdqu (@X[-3&7],"16($inp)"); - &movdqu (@X[-2&7],"32($inp)"); - &movdqu (@X[-1&7],"48($inp)"); - &pshufb (@X[-4&7],@Tx[2]); # byte swap - &add ($inp,64); - - $Xi=0; -} - -sub Xloop_ssse3() -{ use integer; - my $body = shift; - my @insns = (&$body,&$body,&$body,&$body); # 32 instructions - my ($a,$b,$c,$d,$e); - - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - &pshufb (@X[($Xi-3)&7],@Tx[2]); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - &paddd (@X[($Xi-4)&7],@Tx[1]); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - &movdqa (eval(16*$Xi)."(%rsp)",@X[($Xi-4)&7]); # X[]+K xfer to IALU - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - &psubd (@X[($Xi-4)&7],@Tx[1]); - - foreach (@insns) { eval; } - $Xi++; -} - -sub Xtail_ssse3() -{ use integer; - my $body = shift; - my @insns = (&$body,&$body,&$body,&$body); # 32 instructions - my ($a,$b,$c,$d,$e); - - foreach (@insns) { eval; } -} - -my @body_00_19 = ( - '($a,$b,$c,$d,$e)=@V;'. - '&$_ror ($b,$j?7:2);', # $b>>>2 - '&xor (@T[0],$d);', - '&mov (@T[1],$a);', # $b for next round - - '&add ($e,eval(4*($j&15))."(%rsp)");',# X[]+K xfer - '&xor ($b,$c);', # $c^$d for next round - - '&$_rol ($a,5);', - '&add ($e,@T[0]);', - '&and (@T[1],$b);', # ($b&($c^$d)) for next round - - '&xor ($b,$c);', # restore $b - '&add ($e,$a);' .'$j++; unshift(@V,pop(@V)); unshift(@T,pop(@T));' - ); - -sub body_00_19 () { # ((c^d)&b)^d - # on start @T[0]=(c^d)&b - return &body_20_39() if ($rx==19); $rx++; - - use integer; - my ($k,$n); - my @r=@body_00_19; - - $n = scalar(@r); - $k = (($jj+1)*12/20)*20*$n/12; # 12 aesencs per these 20 rounds - @r[$k%$n].='&$aesenc();' if ($jj==$k/$n); - $jj++; - - return @r; -} - -my @body_20_39 = ( - '($a,$b,$c,$d,$e)=@V;'. - '&add ($e,eval(4*($j&15))."(%rsp)");',# X[]+K xfer - '&xor (@T[0],$d) if($j==19);'. - '&xor (@T[0],$c) if($j> 19);', # ($b^$d^$c) - '&mov (@T[1],$a);', # $b for next round - - '&$_rol ($a,5);', - '&add ($e,@T[0]);', - '&xor (@T[1],$c) if ($j< 79);', # $b^$d for next round - - '&$_ror ($b,7);', # $b>>>2 - '&add ($e,$a);' .'$j++; unshift(@V,pop(@V)); unshift(@T,pop(@T));' - ); - -sub body_20_39 () { # b^d^c - # on entry @T[0]=b^d - return &body_40_59() if ($rx==39); $rx++; - - use integer; - my ($k,$n); - my @r=@body_20_39; - - $n = scalar(@r); - $k = (($jj+1)*8/20)*20*$n/8; # 8 aesencs per these 20 rounds - @r[$k%$n].='&$aesenc();' if ($jj==$k/$n && $rx!=20); - $jj++; - - return @r; -} - -my @body_40_59 = ( - '($a,$b,$c,$d,$e)=@V;'. - '&add ($e,eval(4*($j&15))."(%rsp)");',# X[]+K xfer - '&and (@T[0],$c) if ($j>=40);', # (b^c)&(c^d) - '&xor ($c,$d) if ($j>=40);', # restore $c - - '&$_ror ($b,7);', # $b>>>2 - '&mov (@T[1],$a);', # $b for next round - '&xor (@T[0],$c);', - - '&$_rol ($a,5);', - '&add ($e,@T[0]);', - '&xor (@T[1],$c) if ($j==59);'. - '&xor (@T[1],$b) if ($j< 59);', # b^c for next round - - '&xor ($b,$c) if ($j< 59);', # c^d for next round - '&add ($e,$a);' .'$j++; unshift(@V,pop(@V)); unshift(@T,pop(@T));' - ); - -sub body_40_59 () { # ((b^c)&(c^d))^c - # on entry @T[0]=(b^c), (c^=d) - $rx++; - - use integer; - my ($k,$n); - my @r=@body_40_59; - - $n = scalar(@r); - $k=(($jj+1)*12/20)*20*$n/12; # 12 aesencs per these 20 rounds - @r[$k%$n].='&$aesenc();' if ($jj==$k/$n && $rx!=40); - $jj++; - - return @r; -} -$code.=<<___; -.align 32 -.Loop_ssse3: -___ - &Xupdate_ssse3_16_31(\&body_00_19); - &Xupdate_ssse3_16_31(\&body_00_19); - &Xupdate_ssse3_16_31(\&body_00_19); - &Xupdate_ssse3_16_31(\&body_00_19); - &Xupdate_ssse3_32_79(\&body_00_19); - &Xupdate_ssse3_32_79(\&body_20_39); - &Xupdate_ssse3_32_79(\&body_20_39); - &Xupdate_ssse3_32_79(\&body_20_39); - &Xupdate_ssse3_32_79(\&body_20_39); - &Xupdate_ssse3_32_79(\&body_20_39); - &Xupdate_ssse3_32_79(\&body_40_59); - &Xupdate_ssse3_32_79(\&body_40_59); - &Xupdate_ssse3_32_79(\&body_40_59); - &Xupdate_ssse3_32_79(\&body_40_59); - &Xupdate_ssse3_32_79(\&body_40_59); - &Xupdate_ssse3_32_79(\&body_20_39); - &Xuplast_ssse3_80(\&body_20_39,".Ldone_ssse3"); # can jump to "done" - - $saved_j=$j; @saved_V=@V; - $saved_r=$r; @saved_rndkey=@rndkey; - - &Xloop_ssse3(\&body_20_39); - &Xloop_ssse3(\&body_20_39); - &Xloop_ssse3(\&body_20_39); - -$code.=<<___; - movups $iv,48($out,$in0) # write output - lea 64($in0),$in0 - - add 0($ctx),$A # update context - add 4($ctx),@T[0] - add 8($ctx),$C - add 12($ctx),$D - mov $A,0($ctx) - add 16($ctx),$E - mov @T[0],4($ctx) - mov @T[0],$B # magic seed - mov $C,8($ctx) - mov $C,@T[1] - mov $D,12($ctx) - xor $D,@T[1] - mov $E,16($ctx) - and @T[1],@T[0] - jmp .Loop_ssse3 - -.Ldone_ssse3: -___ - $jj=$j=$saved_j; @V=@saved_V; - $r=$saved_r; @rndkey=@saved_rndkey; - - &Xtail_ssse3(\&body_20_39); - &Xtail_ssse3(\&body_20_39); - &Xtail_ssse3(\&body_20_39); - -$code.=<<___; - movups $iv,48($out,$in0) # write output - mov 88(%rsp),$ivp # restore $ivp - - add 0($ctx),$A # update context - add 4($ctx),@T[0] - add 8($ctx),$C - mov $A,0($ctx) - add 12($ctx),$D - mov @T[0],4($ctx) - add 16($ctx),$E - mov $C,8($ctx) - mov $D,12($ctx) - mov $E,16($ctx) - movups $iv,($ivp) # write IV -___ -$code.=<<___ if ($win64); - movaps 96+0(%rsp),%xmm6 - movaps 96+16(%rsp),%xmm7 - movaps 96+32(%rsp),%xmm8 - movaps 96+48(%rsp),%xmm9 - movaps 96+64(%rsp),%xmm10 - movaps 96+80(%rsp),%xmm11 - movaps 96+96(%rsp),%xmm12 - movaps 96+112(%rsp),%xmm13 - movaps 96+128(%rsp),%xmm14 - movaps 96+144(%rsp),%xmm15 -___ -$code.=<<___; - lea `104+($win64?10*16:0)`(%rsp),%rsi -.cfi_def_cfa %rsi,56 - mov 0(%rsi),%r15 -.cfi_restore %r15 - mov 8(%rsi),%r14 -.cfi_restore %r14 - mov 16(%rsi),%r13 -.cfi_restore %r13 - mov 24(%rsi),%r12 -.cfi_restore %r12 - mov 32(%rsi),%rbp -.cfi_restore %rbp - mov 40(%rsi),%rbx -.cfi_restore %rbx - lea 48(%rsi),%rsp -.cfi_def_cfa %rsp,8 -.Lepilogue_ssse3: - ret -.cfi_endproc -.size aesni_cbc_sha1_enc_ssse3,.-aesni_cbc_sha1_enc_ssse3 -___ - - if ($stitched_decrypt) {{{ -# reset -($in0,$out,$len,$key,$ivp,$ctx,$inp)=("%rdi","%rsi","%rdx","%rcx","%r8","%r9","%r10"); -$j=$jj=$r=$rx=0; -$Xi=4; - -# reassign for Atom Silvermont (see above) -($inout0,$inout1,$inout2,$inout3,$rndkey0)=map("%xmm$_",(0..4)); -@X=map("%xmm$_",(8..13,6,7)); -@Tx=map("%xmm$_",(14,15,5)); - -my @aes256_dec = ( - '&movdqu($inout0,"0x00($in0)");', - '&movdqu($inout1,"0x10($in0)"); &pxor ($inout0,$rndkey0);', - '&movdqu($inout2,"0x20($in0)"); &pxor ($inout1,$rndkey0);', - '&movdqu($inout3,"0x30($in0)"); &pxor ($inout2,$rndkey0);', - - '&pxor ($inout3,$rndkey0); &movups ($rndkey0,"16-112($key)");', - '&movaps("64(%rsp)",@X[2]);', # save IV, originally @X[3] - undef,undef - ); -for ($i=0;$i<13;$i++) { - push (@aes256_dec,( - '&aesdec ($inout0,$rndkey0);', - '&aesdec ($inout1,$rndkey0);', - '&aesdec ($inout2,$rndkey0);', - '&aesdec ($inout3,$rndkey0); &movups($rndkey0,"'.(16*($i+2)-112).'($key)");' - )); - push (@aes256_dec,(undef,undef)) if (($i>=3 && $i<=5) || $i>=11); - push (@aes256_dec,(undef,undef)) if ($i==5); -} -push(@aes256_dec,( - '&aesdeclast ($inout0,$rndkey0); &movups (@X[0],"0x00($in0)");', - '&aesdeclast ($inout1,$rndkey0); &movups (@X[1],"0x10($in0)");', - '&aesdeclast ($inout2,$rndkey0); &movups (@X[2],"0x20($in0)");', - '&aesdeclast ($inout3,$rndkey0); &movups (@X[3],"0x30($in0)");', - - '&xorps ($inout0,"64(%rsp)"); &movdqu ($rndkey0,"-112($key)");', - '&xorps ($inout1,@X[0]); &movups ("0x00($out,$in0)",$inout0);', - '&xorps ($inout2,@X[1]); &movups ("0x10($out,$in0)",$inout1);', - '&xorps ($inout3,@X[2]); &movups ("0x20($out,$in0)",$inout2);', - - '&movups ("0x30($out,$in0)",$inout3);' - )); - -sub body_00_19_dec () { # ((c^d)&b)^d - # on start @T[0]=(c^d)&b - return &body_20_39_dec() if ($rx==19); - - my @r=@body_00_19; - - unshift (@r,@aes256_dec[$rx]) if (@aes256_dec[$rx]); - $rx++; - - return @r; -} - -sub body_20_39_dec () { # b^d^c - # on entry @T[0]=b^d - return &body_40_59_dec() if ($rx==39); - - my @r=@body_20_39; - - unshift (@r,@aes256_dec[$rx]) if (@aes256_dec[$rx]); - $rx++; - - return @r; -} - -sub body_40_59_dec () { # ((b^c)&(c^d))^c - # on entry @T[0]=(b^c), (c^=d) - - my @r=@body_40_59; - - unshift (@r,@aes256_dec[$rx]) if (@aes256_dec[$rx]); - $rx++; - - return @r; -} - -$code.=<<___; -.globl aesni256_cbc_sha1_dec -.type aesni256_cbc_sha1_dec,\@abi-omnipotent -.align 32 -aesni256_cbc_sha1_dec: -.cfi_startproc - # caller should check for SSSE3 and AES-NI bits - mov OPENSSL_ia32cap_P+0(%rip),%r10d - mov OPENSSL_ia32cap_P+4(%rip),%r11d -___ -$code.=<<___ if ($avx); - and \$`1<<28`,%r11d # mask AVX bit - and \$`1<<30`,%r10d # mask "Intel CPU" bit - or %r11d,%r10d - cmp \$`1<<28|1<<30`,%r10d - je aesni256_cbc_sha1_dec_avx -___ -$code.=<<___; - jmp aesni256_cbc_sha1_dec_ssse3 - ret -.cfi_endproc -.size aesni256_cbc_sha1_dec,.-aesni256_cbc_sha1_dec - -.type aesni256_cbc_sha1_dec_ssse3,\@function,6 -.align 32 -aesni256_cbc_sha1_dec_ssse3: -.cfi_startproc - mov `($win64?56:8)`(%rsp),$inp # load 7th argument - push %rbx -.cfi_push %rbx - push %rbp -.cfi_push %rbp - push %r12 -.cfi_push %r12 - push %r13 -.cfi_push %r13 - push %r14 -.cfi_push %r14 - push %r15 -.cfi_push %r15 - lea `-104-($win64?10*16:0)`(%rsp),%rsp -.cfi_adjust_cfa_offset `104+($win64?10*16:0)` -___ -$code.=<<___ if ($win64); - movaps %xmm6,96+0(%rsp) - movaps %xmm7,96+16(%rsp) - movaps %xmm8,96+32(%rsp) - movaps %xmm9,96+48(%rsp) - movaps %xmm10,96+64(%rsp) - movaps %xmm11,96+80(%rsp) - movaps %xmm12,96+96(%rsp) - movaps %xmm13,96+112(%rsp) - movaps %xmm14,96+128(%rsp) - movaps %xmm15,96+144(%rsp) -.Lprologue_dec_ssse3: -___ -$code.=<<___; - mov $in0,%r12 # reassign arguments - mov $out,%r13 - mov $len,%r14 - lea 112($key),%r15 # size optimization - movdqu ($ivp),@X[3] # load IV - #mov $ivp,88(%rsp) # save $ivp -___ -($in0,$out,$len,$key)=map("%r$_",(12..15)); # reassign arguments -$code.=<<___; - shl \$6,$len - sub $in0,$out - add $inp,$len # end of input - - lea K_XX_XX(%rip),$K_XX_XX - mov 0($ctx),$A # load context - mov 4($ctx),$B - mov 8($ctx),$C - mov 12($ctx),$D - mov $B,@T[0] # magic seed - mov 16($ctx),$E - mov $C,@T[1] - xor $D,@T[1] - and @T[1],@T[0] - - movdqa 64($K_XX_XX),@Tx[2] # pbswap mask - movdqa 0($K_XX_XX),@Tx[1] # K_00_19 - movdqu 0($inp),@X[-4&7] # load input to %xmm[0-3] - movdqu 16($inp),@X[-3&7] - movdqu 32($inp),@X[-2&7] - movdqu 48($inp),@X[-1&7] - pshufb @Tx[2],@X[-4&7] # byte swap - add \$64,$inp - pshufb @Tx[2],@X[-3&7] - pshufb @Tx[2],@X[-2&7] - pshufb @Tx[2],@X[-1&7] - paddd @Tx[1],@X[-4&7] # add K_00_19 - paddd @Tx[1],@X[-3&7] - paddd @Tx[1],@X[-2&7] - movdqa @X[-4&7],0(%rsp) # X[]+K xfer to IALU - psubd @Tx[1],@X[-4&7] # restore X[] - movdqa @X[-3&7],16(%rsp) - psubd @Tx[1],@X[-3&7] - movdqa @X[-2&7],32(%rsp) - psubd @Tx[1],@X[-2&7] - movdqu -112($key),$rndkey0 # $key[0] - jmp .Loop_dec_ssse3 - -.align 32 -.Loop_dec_ssse3: -___ - &Xupdate_ssse3_16_31(\&body_00_19_dec); - &Xupdate_ssse3_16_31(\&body_00_19_dec); - &Xupdate_ssse3_16_31(\&body_00_19_dec); - &Xupdate_ssse3_16_31(\&body_00_19_dec); - &Xupdate_ssse3_32_79(\&body_00_19_dec); - &Xupdate_ssse3_32_79(\&body_20_39_dec); - &Xupdate_ssse3_32_79(\&body_20_39_dec); - &Xupdate_ssse3_32_79(\&body_20_39_dec); - &Xupdate_ssse3_32_79(\&body_20_39_dec); - &Xupdate_ssse3_32_79(\&body_20_39_dec); - &Xupdate_ssse3_32_79(\&body_40_59_dec); - &Xupdate_ssse3_32_79(\&body_40_59_dec); - &Xupdate_ssse3_32_79(\&body_40_59_dec); - &Xupdate_ssse3_32_79(\&body_40_59_dec); - &Xupdate_ssse3_32_79(\&body_40_59_dec); - &Xupdate_ssse3_32_79(\&body_20_39_dec); - &Xuplast_ssse3_80(\&body_20_39_dec,".Ldone_dec_ssse3"); # can jump to "done" - - $saved_j=$j; @saved_V=@V; - $saved_rx=$rx; - - &Xloop_ssse3(\&body_20_39_dec); - &Xloop_ssse3(\&body_20_39_dec); - &Xloop_ssse3(\&body_20_39_dec); - - eval(@aes256_dec[-1]); # last store -$code.=<<___; - lea 64($in0),$in0 - - add 0($ctx),$A # update context - add 4($ctx),@T[0] - add 8($ctx),$C - add 12($ctx),$D - mov $A,0($ctx) - add 16($ctx),$E - mov @T[0],4($ctx) - mov @T[0],$B # magic seed - mov $C,8($ctx) - mov $C,@T[1] - mov $D,12($ctx) - xor $D,@T[1] - mov $E,16($ctx) - and @T[1],@T[0] - jmp .Loop_dec_ssse3 - -.Ldone_dec_ssse3: -___ - $jj=$j=$saved_j; @V=@saved_V; - $rx=$saved_rx; - - &Xtail_ssse3(\&body_20_39_dec); - &Xtail_ssse3(\&body_20_39_dec); - &Xtail_ssse3(\&body_20_39_dec); - - eval(@aes256_dec[-1]); # last store -$code.=<<___; - add 0($ctx),$A # update context - add 4($ctx),@T[0] - add 8($ctx),$C - mov $A,0($ctx) - add 12($ctx),$D - mov @T[0],4($ctx) - add 16($ctx),$E - mov $C,8($ctx) - mov $D,12($ctx) - mov $E,16($ctx) - movups @X[3],($ivp) # write IV -___ -$code.=<<___ if ($win64); - movaps 96+0(%rsp),%xmm6 - movaps 96+16(%rsp),%xmm7 - movaps 96+32(%rsp),%xmm8 - movaps 96+48(%rsp),%xmm9 - movaps 96+64(%rsp),%xmm10 - movaps 96+80(%rsp),%xmm11 - movaps 96+96(%rsp),%xmm12 - movaps 96+112(%rsp),%xmm13 - movaps 96+128(%rsp),%xmm14 - movaps 96+144(%rsp),%xmm15 -___ -$code.=<<___; - lea `104+($win64?10*16:0)`(%rsp),%rsi -.cfi_cfa_def %rsi,56 - mov 0(%rsi),%r15 -.cfi_restore %r15 - mov 8(%rsi),%r14 -.cfi_restore %r14 - mov 16(%rsi),%r13 -.cfi_restore %r13 - mov 24(%rsi),%r12 -.cfi_restore %r12 - mov 32(%rsi),%rbp -.cfi_restore %rbp - mov 40(%rsi),%rbx -.cfi_restore %rbx - lea 48(%rsi),%rsp -.cfi_cfa_def %rsp,8 -.Lepilogue_dec_ssse3: - ret -.cfi_endproc -.size aesni256_cbc_sha1_dec_ssse3,.-aesni256_cbc_sha1_dec_ssse3 -___ - }}} -$j=$jj=$r=$rx=0; - -if ($avx) { -my ($in0,$out,$len,$key,$ivp,$ctx,$inp)=("%rdi","%rsi","%rdx","%rcx","%r8","%r9","%r10"); - -my $Xi=4; -my @X=map("%xmm$_",(4..7,0..3)); -my @Tx=map("%xmm$_",(8..10)); -my @V=($A,$B,$C,$D,$E)=("%eax","%ebx","%ecx","%edx","%ebp"); # size optimization -my @T=("%esi","%edi"); -my ($rndkey0,$iv,$in)=map("%xmm$_",(11..13)); -my @rndkey=("%xmm14","%xmm15"); -my ($inout0,$inout1,$inout2,$inout3)=map("%xmm$_",(12..15)); # for dec -my $Kx=@Tx[2]; - -my $_rol=sub { &shld(@_[0],@_) }; -my $_ror=sub { &shrd(@_[0],@_) }; - -$code.=<<___; -.type aesni_cbc_sha1_enc_avx,\@function,6 -.align 32 -aesni_cbc_sha1_enc_avx: -.cfi_startproc - mov `($win64?56:8)`(%rsp),$inp # load 7th argument - #shr \$6,$len # debugging artefact - #jz .Lepilogue_avx # debugging artefact - push %rbx -.cfi_push %rbx - push %rbp -.cfi_push %rbp - push %r12 -.cfi_push %r12 - push %r13 -.cfi_push %r13 - push %r14 -.cfi_push %r14 - push %r15 -.cfi_push %r15 - lea `-104-($win64?10*16:0)`(%rsp),%rsp -.cfi_adjust_cfa_offset `104+($win64?10*16:0)` - #mov $in0,$inp # debugging artefact - #lea 64(%rsp),$ctx # debugging artefact -___ -$code.=<<___ if ($win64); - movaps %xmm6,96+0(%rsp) - movaps %xmm7,96+16(%rsp) - movaps %xmm8,96+32(%rsp) - movaps %xmm9,96+48(%rsp) - movaps %xmm10,96+64(%rsp) - movaps %xmm11,96+80(%rsp) - movaps %xmm12,96+96(%rsp) - movaps %xmm13,96+112(%rsp) - movaps %xmm14,96+128(%rsp) - movaps %xmm15,96+144(%rsp) -.Lprologue_avx: -___ -$code.=<<___; - vzeroall - mov $in0,%r12 # reassign arguments - mov $out,%r13 - mov $len,%r14 - lea 112($key),%r15 # size optimization - vmovdqu ($ivp),$iv # load IV - mov $ivp,88(%rsp) # save $ivp -___ -($in0,$out,$len,$key)=map("%r$_",(12..15)); # reassign arguments -my $rounds="${ivp}d"; -$code.=<<___; - shl \$6,$len - sub $in0,$out - mov 240-112($key),$rounds - add $inp,$len # end of input - - lea K_XX_XX(%rip),$K_XX_XX - mov 0($ctx),$A # load context - mov 4($ctx),$B - mov 8($ctx),$C - mov 12($ctx),$D - mov $B,@T[0] # magic seed - mov 16($ctx),$E - mov $C,@T[1] - xor $D,@T[1] - and @T[1],@T[0] - - vmovdqa 64($K_XX_XX),@X[2] # pbswap mask - vmovdqa 0($K_XX_XX),$Kx # K_00_19 - vmovdqu 0($inp),@X[-4&7] # load input to %xmm[0-3] - vmovdqu 16($inp),@X[-3&7] - vmovdqu 32($inp),@X[-2&7] - vmovdqu 48($inp),@X[-1&7] - vpshufb @X[2],@X[-4&7],@X[-4&7] # byte swap - add \$64,$inp - vpshufb @X[2],@X[-3&7],@X[-3&7] - vpshufb @X[2],@X[-2&7],@X[-2&7] - vpshufb @X[2],@X[-1&7],@X[-1&7] - vpaddd $Kx,@X[-4&7],@X[0] # add K_00_19 - vpaddd $Kx,@X[-3&7],@X[1] - vpaddd $Kx,@X[-2&7],@X[2] - vmovdqa @X[0],0(%rsp) # X[]+K xfer to IALU - vmovdqa @X[1],16(%rsp) - vmovdqa @X[2],32(%rsp) - vmovups -112($key),$rndkey[1] # $key[0] - vmovups 16-112($key),$rndkey[0] # forward reference - jmp .Loop_avx -___ - -my $aesenc=sub { - use integer; - my ($n,$k)=($r/10,$r%10); - if ($k==0) { - $code.=<<___; - vmovdqu `16*$n`($in0),$in # load input - vpxor $rndkey[1],$in,$in -___ - $code.=<<___ if ($n); - vmovups $iv,`16*($n-1)`($out,$in0) # write output -___ - $code.=<<___; - vpxor $in,$iv,$iv - vaesenc $rndkey[0],$iv,$iv - vmovups `32+16*$k-112`($key),$rndkey[1] -___ - } elsif ($k==9) { - $sn++; - $code.=<<___; - cmp \$11,$rounds - jb .Lvaesenclast$sn - vaesenc $rndkey[0],$iv,$iv - vmovups `32+16*($k+0)-112`($key),$rndkey[1] - vaesenc $rndkey[1],$iv,$iv - vmovups `32+16*($k+1)-112`($key),$rndkey[0] - je .Lvaesenclast$sn - vaesenc $rndkey[0],$iv,$iv - vmovups `32+16*($k+2)-112`($key),$rndkey[1] - vaesenc $rndkey[1],$iv,$iv - vmovups `32+16*($k+3)-112`($key),$rndkey[0] -.Lvaesenclast$sn: - vaesenclast $rndkey[0],$iv,$iv - vmovups -112($key),$rndkey[0] - vmovups 16-112($key),$rndkey[1] # forward reference -___ - } else { - $code.=<<___; - vaesenc $rndkey[0],$iv,$iv - vmovups `32+16*$k-112`($key),$rndkey[1] -___ - } - $r++; unshift(@rndkey,pop(@rndkey)); -}; - -sub Xupdate_avx_16_31() # recall that $Xi starts with 4 -{ use integer; - my $body = shift; - my @insns = (&$body,&$body,&$body,&$body); # 40 instructions - my ($a,$b,$c,$d,$e); - - eval(shift(@insns)); - eval(shift(@insns)); - &vpalignr(@X[0],@X[-3&7],@X[-4&7],8); # compose "X[-14]" in "X[0]" - eval(shift(@insns)); - eval(shift(@insns)); - - &vpaddd (@Tx[1],$Kx,@X[-1&7]); - eval(shift(@insns)); - eval(shift(@insns)); - &vpsrldq(@Tx[0],@X[-1&7],4); # "X[-3]", 3 dwords - eval(shift(@insns)); - eval(shift(@insns)); - &vpxor (@X[0],@X[0],@X[-4&7]); # "X[0]"^="X[-16]" - eval(shift(@insns)); - eval(shift(@insns)); - - &vpxor (@Tx[0],@Tx[0],@X[-2&7]); # "X[-3]"^"X[-8]" - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - - &vpxor (@X[0],@X[0],@Tx[0]); # "X[0]"^="X[-3]"^"X[-8]" - eval(shift(@insns)); - eval(shift(@insns)); - &vmovdqa (eval(16*(($Xi-1)&3))."(%rsp)",@Tx[1]); # X[]+K xfer to IALU - eval(shift(@insns)); - eval(shift(@insns)); - - &vpsrld (@Tx[0],@X[0],31); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - - &vpslldq(@Tx[1],@X[0],12); # "X[0]"<<96, extract one dword - &vpaddd (@X[0],@X[0],@X[0]); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - - &vpor (@X[0],@X[0],@Tx[0]); # "X[0]"<<<=1 - &vpsrld (@Tx[0],@Tx[1],30); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - - &vpslld (@Tx[1],@Tx[1],2); - &vpxor (@X[0],@X[0],@Tx[0]); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - - &vpxor (@X[0],@X[0],@Tx[1]); # "X[0]"^=("X[0]">>96)<<<2 - eval(shift(@insns)); - eval(shift(@insns)); - &vmovdqa ($Kx,eval(16*(($Xi)/5))."($K_XX_XX)") if ($Xi%5==0); # K_XX_XX - eval(shift(@insns)); - eval(shift(@insns)); - - - foreach (@insns) { eval; } # remaining instructions [if any] - - $Xi++; push(@X,shift(@X)); # "rotate" X[] -} - -sub Xupdate_avx_32_79() -{ use integer; - my $body = shift; - my @insns = (&$body,&$body,&$body,&$body); # 32 to 48 instructions - my ($a,$b,$c,$d,$e); - - &vpalignr(@Tx[0],@X[-1&7],@X[-2&7],8); # compose "X[-6]" - &vpxor (@X[0],@X[0],@X[-4&7]); # "X[0]"="X[-32]"^"X[-16]" - eval(shift(@insns)); # body_20_39 - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); # rol - - &vpxor (@X[0],@X[0],@X[-7&7]); # "X[0]"^="X[-28]" - eval(shift(@insns)); - eval(shift(@insns)) if (@insns[0] !~ /&ro[rl]/); - &vpaddd (@Tx[1],$Kx,@X[-1&7]); - &vmovdqa ($Kx,eval(16*($Xi/5))."($K_XX_XX)") if ($Xi%5==0); - eval(shift(@insns)); # ror - eval(shift(@insns)); - - &vpxor (@X[0],@X[0],@Tx[0]); # "X[0]"^="X[-6]" - eval(shift(@insns)); # body_20_39 - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); # rol - - &vpsrld (@Tx[0],@X[0],30); - &vmovdqa (eval(16*(($Xi-1)&3))."(%rsp)",@Tx[1]); # X[]+K xfer to IALU - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); # ror - eval(shift(@insns)); - - &vpslld (@X[0],@X[0],2); - eval(shift(@insns)); # body_20_39 - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); # rol - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); # ror - eval(shift(@insns)); - - &vpor (@X[0],@X[0],@Tx[0]); # "X[0]"<<<=2 - eval(shift(@insns)); # body_20_39 - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); # rol - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); # rol - eval(shift(@insns)); - - foreach (@insns) { eval; } # remaining instructions - - $Xi++; push(@X,shift(@X)); # "rotate" X[] -} - -sub Xuplast_avx_80() -{ use integer; - my $body = shift; - my @insns = (&$body,&$body,&$body,&$body); # 32 instructions - my ($a,$b,$c,$d,$e); - - eval(shift(@insns)); - &vpaddd (@Tx[1],$Kx,@X[-1&7]); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - - &vmovdqa (eval(16*(($Xi-1)&3))."(%rsp)",@Tx[1]); # X[]+K xfer IALU - - foreach (@insns) { eval; } # remaining instructions - - &cmp ($inp,$len); - &je (shift); - - &vmovdqa(@Tx[1],"64($K_XX_XX)"); # pbswap mask - &vmovdqa($Kx,"0($K_XX_XX)"); # K_00_19 - &vmovdqu(@X[-4&7],"0($inp)"); # load input - &vmovdqu(@X[-3&7],"16($inp)"); - &vmovdqu(@X[-2&7],"32($inp)"); - &vmovdqu(@X[-1&7],"48($inp)"); - &vpshufb(@X[-4&7],@X[-4&7],@Tx[1]); # byte swap - &add ($inp,64); - - $Xi=0; -} - -sub Xloop_avx() -{ use integer; - my $body = shift; - my @insns = (&$body,&$body,&$body,&$body); # 32 instructions - my ($a,$b,$c,$d,$e); - - eval(shift(@insns)); - eval(shift(@insns)); - &vpshufb(@X[($Xi-3)&7],@X[($Xi-3)&7],@Tx[1]); - eval(shift(@insns)); - eval(shift(@insns)); - &vpaddd (@Tx[0],@X[($Xi-4)&7],$Kx); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - &vmovdqa(eval(16*$Xi)."(%rsp)",@Tx[0]); # X[]+K xfer to IALU - eval(shift(@insns)); - eval(shift(@insns)); - - foreach (@insns) { eval; } - $Xi++; -} - -sub Xtail_avx() -{ use integer; - my $body = shift; - my @insns = (&$body,&$body,&$body,&$body); # 32 instructions - my ($a,$b,$c,$d,$e); - - foreach (@insns) { eval; } -} - -$code.=<<___; -.align 32 -.Loop_avx: -___ - &Xupdate_avx_16_31(\&body_00_19); - &Xupdate_avx_16_31(\&body_00_19); - &Xupdate_avx_16_31(\&body_00_19); - &Xupdate_avx_16_31(\&body_00_19); - &Xupdate_avx_32_79(\&body_00_19); - &Xupdate_avx_32_79(\&body_20_39); - &Xupdate_avx_32_79(\&body_20_39); - &Xupdate_avx_32_79(\&body_20_39); - &Xupdate_avx_32_79(\&body_20_39); - &Xupdate_avx_32_79(\&body_20_39); - &Xupdate_avx_32_79(\&body_40_59); - &Xupdate_avx_32_79(\&body_40_59); - &Xupdate_avx_32_79(\&body_40_59); - &Xupdate_avx_32_79(\&body_40_59); - &Xupdate_avx_32_79(\&body_40_59); - &Xupdate_avx_32_79(\&body_20_39); - &Xuplast_avx_80(\&body_20_39,".Ldone_avx"); # can jump to "done" - - $saved_j=$j; @saved_V=@V; - $saved_r=$r; @saved_rndkey=@rndkey; - - &Xloop_avx(\&body_20_39); - &Xloop_avx(\&body_20_39); - &Xloop_avx(\&body_20_39); - -$code.=<<___; - vmovups $iv,48($out,$in0) # write output - lea 64($in0),$in0 - - add 0($ctx),$A # update context - add 4($ctx),@T[0] - add 8($ctx),$C - add 12($ctx),$D - mov $A,0($ctx) - add 16($ctx),$E - mov @T[0],4($ctx) - mov @T[0],$B # magic seed - mov $C,8($ctx) - mov $C,@T[1] - mov $D,12($ctx) - xor $D,@T[1] - mov $E,16($ctx) - and @T[1],@T[0] - jmp .Loop_avx - -.Ldone_avx: -___ - $jj=$j=$saved_j; @V=@saved_V; - $r=$saved_r; @rndkey=@saved_rndkey; - - &Xtail_avx(\&body_20_39); - &Xtail_avx(\&body_20_39); - &Xtail_avx(\&body_20_39); - -$code.=<<___; - vmovups $iv,48($out,$in0) # write output - mov 88(%rsp),$ivp # restore $ivp - - add 0($ctx),$A # update context - add 4($ctx),@T[0] - add 8($ctx),$C - mov $A,0($ctx) - add 12($ctx),$D - mov @T[0],4($ctx) - add 16($ctx),$E - mov $C,8($ctx) - mov $D,12($ctx) - mov $E,16($ctx) - vmovups $iv,($ivp) # write IV - vzeroall -___ -$code.=<<___ if ($win64); - movaps 96+0(%rsp),%xmm6 - movaps 96+16(%rsp),%xmm7 - movaps 96+32(%rsp),%xmm8 - movaps 96+48(%rsp),%xmm9 - movaps 96+64(%rsp),%xmm10 - movaps 96+80(%rsp),%xmm11 - movaps 96+96(%rsp),%xmm12 - movaps 96+112(%rsp),%xmm13 - movaps 96+128(%rsp),%xmm14 - movaps 96+144(%rsp),%xmm15 -___ -$code.=<<___; - lea `104+($win64?10*16:0)`(%rsp),%rsi -.cfi_def_cfa %rsi,56 - mov 0(%rsi),%r15 -.cfi_restore %r15 - mov 8(%rsi),%r14 -.cfi_restore %r14 - mov 16(%rsi),%r13 -.cfi_restore %r13 - mov 24(%rsi),%r12 -.cfi_restore %r12 - mov 32(%rsi),%rbp -.cfi_restore %rbp - mov 40(%rsi),%rbx -.cfi_restore %rbx - lea 48(%rsi),%rsp -.cfi_def_cfa %rsp,8 -.Lepilogue_avx: - ret -.cfi_endproc -.size aesni_cbc_sha1_enc_avx,.-aesni_cbc_sha1_enc_avx -___ - - if ($stitched_decrypt) {{{ -# reset -($in0,$out,$len,$key,$ivp,$ctx,$inp)=("%rdi","%rsi","%rdx","%rcx","%r8","%r9","%r10"); - -$j=$jj=$r=$rx=0; -$Xi=4; - -@aes256_dec = ( - '&vpxor ($inout0,$rndkey0,"0x00($in0)");', - '&vpxor ($inout1,$rndkey0,"0x10($in0)");', - '&vpxor ($inout2,$rndkey0,"0x20($in0)");', - '&vpxor ($inout3,$rndkey0,"0x30($in0)");', - - '&vmovups($rndkey0,"16-112($key)");', - '&vmovups("64(%rsp)",@X[2]);', # save IV, originally @X[3] - undef,undef - ); -for ($i=0;$i<13;$i++) { - push (@aes256_dec,( - '&vaesdec ($inout0,$inout0,$rndkey0);', - '&vaesdec ($inout1,$inout1,$rndkey0);', - '&vaesdec ($inout2,$inout2,$rndkey0);', - '&vaesdec ($inout3,$inout3,$rndkey0); &vmovups($rndkey0,"'.(16*($i+2)-112).'($key)");' - )); - push (@aes256_dec,(undef,undef)) if (($i>=3 && $i<=5) || $i>=11); - push (@aes256_dec,(undef,undef)) if ($i==5); -} -push(@aes256_dec,( - '&vaesdeclast ($inout0,$inout0,$rndkey0); &vmovups(@X[0],"0x00($in0)");', - '&vaesdeclast ($inout1,$inout1,$rndkey0); &vmovups(@X[1],"0x10($in0)");', - '&vaesdeclast ($inout2,$inout2,$rndkey0); &vmovups(@X[2],"0x20($in0)");', - '&vaesdeclast ($inout3,$inout3,$rndkey0); &vmovups(@X[3],"0x30($in0)");', - - '&vxorps ($inout0,$inout0,"64(%rsp)"); &vmovdqu($rndkey0,"-112($key)");', - '&vxorps ($inout1,$inout1,@X[0]); &vmovups("0x00($out,$in0)",$inout0);', - '&vxorps ($inout2,$inout2,@X[1]); &vmovups("0x10($out,$in0)",$inout1);', - '&vxorps ($inout3,$inout3,@X[2]); &vmovups("0x20($out,$in0)",$inout2);', - - '&vmovups ("0x30($out,$in0)",$inout3);' - )); - -$code.=<<___; -.type aesni256_cbc_sha1_dec_avx,\@function,6 -.align 32 -aesni256_cbc_sha1_dec_avx: -.cfi_startproc - mov `($win64?56:8)`(%rsp),$inp # load 7th argument - push %rbx -.cfi_push %rbx - push %rbp -.cfi_push %rbp - push %r12 -.cfi_push %r12 - push %r13 -.cfi_push %r13 - push %r14 -.cfi_push %r14 - push %r15 -.cfi_push %r15 - lea `-104-($win64?10*16:0)`(%rsp),%rsp -.cfi_adjust_cfa_offset `104+($win64?10*16:0)` -___ -$code.=<<___ if ($win64); - movaps %xmm6,96+0(%rsp) - movaps %xmm7,96+16(%rsp) - movaps %xmm8,96+32(%rsp) - movaps %xmm9,96+48(%rsp) - movaps %xmm10,96+64(%rsp) - movaps %xmm11,96+80(%rsp) - movaps %xmm12,96+96(%rsp) - movaps %xmm13,96+112(%rsp) - movaps %xmm14,96+128(%rsp) - movaps %xmm15,96+144(%rsp) -.Lprologue_dec_avx: -___ -$code.=<<___; - vzeroall - mov $in0,%r12 # reassign arguments - mov $out,%r13 - mov $len,%r14 - lea 112($key),%r15 # size optimization - vmovdqu ($ivp),@X[3] # load IV -___ -($in0,$out,$len,$key)=map("%r$_",(12..15)); # reassign arguments -$code.=<<___; - shl \$6,$len - sub $in0,$out - add $inp,$len # end of input - - lea K_XX_XX(%rip),$K_XX_XX - mov 0($ctx),$A # load context - mov 4($ctx),$B - mov 8($ctx),$C - mov 12($ctx),$D - mov $B,@T[0] # magic seed - mov 16($ctx),$E - mov $C,@T[1] - xor $D,@T[1] - and @T[1],@T[0] - - vmovdqa 64($K_XX_XX),@X[2] # pbswap mask - vmovdqa 0($K_XX_XX),$Kx # K_00_19 - vmovdqu 0($inp),@X[-4&7] # load input to %xmm[0-3] - vmovdqu 16($inp),@X[-3&7] - vmovdqu 32($inp),@X[-2&7] - vmovdqu 48($inp),@X[-1&7] - vpshufb @X[2],@X[-4&7],@X[-4&7] # byte swap - add \$64,$inp - vpshufb @X[2],@X[-3&7],@X[-3&7] - vpshufb @X[2],@X[-2&7],@X[-2&7] - vpshufb @X[2],@X[-1&7],@X[-1&7] - vpaddd $Kx,@X[-4&7],@X[0] # add K_00_19 - vpaddd $Kx,@X[-3&7],@X[1] - vpaddd $Kx,@X[-2&7],@X[2] - vmovdqa @X[0],0(%rsp) # X[]+K xfer to IALU - vmovdqa @X[1],16(%rsp) - vmovdqa @X[2],32(%rsp) - vmovups -112($key),$rndkey0 # $key[0] - jmp .Loop_dec_avx - -.align 32 -.Loop_dec_avx: -___ - &Xupdate_avx_16_31(\&body_00_19_dec); - &Xupdate_avx_16_31(\&body_00_19_dec); - &Xupdate_avx_16_31(\&body_00_19_dec); - &Xupdate_avx_16_31(\&body_00_19_dec); - &Xupdate_avx_32_79(\&body_00_19_dec); - &Xupdate_avx_32_79(\&body_20_39_dec); - &Xupdate_avx_32_79(\&body_20_39_dec); - &Xupdate_avx_32_79(\&body_20_39_dec); - &Xupdate_avx_32_79(\&body_20_39_dec); - &Xupdate_avx_32_79(\&body_20_39_dec); - &Xupdate_avx_32_79(\&body_40_59_dec); - &Xupdate_avx_32_79(\&body_40_59_dec); - &Xupdate_avx_32_79(\&body_40_59_dec); - &Xupdate_avx_32_79(\&body_40_59_dec); - &Xupdate_avx_32_79(\&body_40_59_dec); - &Xupdate_avx_32_79(\&body_20_39_dec); - &Xuplast_avx_80(\&body_20_39_dec,".Ldone_dec_avx"); # can jump to "done" - - $saved_j=$j; @saved_V=@V; - $saved_rx=$rx; - - &Xloop_avx(\&body_20_39_dec); - &Xloop_avx(\&body_20_39_dec); - &Xloop_avx(\&body_20_39_dec); - - eval(@aes256_dec[-1]); # last store -$code.=<<___; - lea 64($in0),$in0 - - add 0($ctx),$A # update context - add 4($ctx),@T[0] - add 8($ctx),$C - add 12($ctx),$D - mov $A,0($ctx) - add 16($ctx),$E - mov @T[0],4($ctx) - mov @T[0],$B # magic seed - mov $C,8($ctx) - mov $C,@T[1] - mov $D,12($ctx) - xor $D,@T[1] - mov $E,16($ctx) - and @T[1],@T[0] - jmp .Loop_dec_avx - -.Ldone_dec_avx: -___ - $jj=$j=$saved_j; @V=@saved_V; - $rx=$saved_rx; - - &Xtail_avx(\&body_20_39_dec); - &Xtail_avx(\&body_20_39_dec); - &Xtail_avx(\&body_20_39_dec); - - eval(@aes256_dec[-1]); # last store -$code.=<<___; - - add 0($ctx),$A # update context - add 4($ctx),@T[0] - add 8($ctx),$C - mov $A,0($ctx) - add 12($ctx),$D - mov @T[0],4($ctx) - add 16($ctx),$E - mov $C,8($ctx) - mov $D,12($ctx) - mov $E,16($ctx) - vmovups @X[3],($ivp) # write IV - vzeroall -___ -$code.=<<___ if ($win64); - movaps 96+0(%rsp),%xmm6 - movaps 96+16(%rsp),%xmm7 - movaps 96+32(%rsp),%xmm8 - movaps 96+48(%rsp),%xmm9 - movaps 96+64(%rsp),%xmm10 - movaps 96+80(%rsp),%xmm11 - movaps 96+96(%rsp),%xmm12 - movaps 96+112(%rsp),%xmm13 - movaps 96+128(%rsp),%xmm14 - movaps 96+144(%rsp),%xmm15 -___ -$code.=<<___; - lea `104+($win64?10*16:0)`(%rsp),%rsi -.cfi_def_cfa %rsi,56 - mov 0(%rsi),%r15 -.cfi_restore %r15 - mov 8(%rsi),%r14 -.cfi_restore %r14 - mov 16(%rsi),%r13 -.cfi_restore %r13 - mov 24(%rsi),%r12 -.cfi_restore %r12 - mov 32(%rsi),%rbp -.cfi_restore %rbp - mov 40(%rsi),%rbx -.cfi_restore %rbx - lea 48(%rsi),%rsp -.cfi_def_cfa %rsp,8 -.Lepilogue_dec_avx: - ret -.cfi_endproc -.size aesni256_cbc_sha1_dec_avx,.-aesni256_cbc_sha1_dec_avx -___ - }}} -} -$code.=<<___; -.align 64 -K_XX_XX: -.long 0x5a827999,0x5a827999,0x5a827999,0x5a827999 # K_00_19 -.long 0x6ed9eba1,0x6ed9eba1,0x6ed9eba1,0x6ed9eba1 # K_20_39 -.long 0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc # K_40_59 -.long 0xca62c1d6,0xca62c1d6,0xca62c1d6,0xca62c1d6 # K_60_79 -.long 0x00010203,0x04050607,0x08090a0b,0x0c0d0e0f # pbswap mask -.byte 0xf,0xe,0xd,0xc,0xb,0xa,0x9,0x8,0x7,0x6,0x5,0x4,0x3,0x2,0x1,0x0 - -.asciz "AESNI-CBC+SHA1 stitch for x86_64, CRYPTOGAMS by " -.align 64 -___ - if ($shaext) {{{ -($in0,$out,$len,$key,$ivp,$ctx,$inp)=("%rdi","%rsi","%rdx","%rcx","%r8","%r9","%r10"); - -$rounds="%r11d"; - -($iv,$in,$rndkey0)=map("%xmm$_",(2,14,15)); -@rndkey=("%xmm0","%xmm1"); -$r=0; - -my ($BSWAP,$ABCD,$E,$E_,$ABCD_SAVE,$E_SAVE)=map("%xmm$_",(7..12)); -my @MSG=map("%xmm$_",(3..6)); - -$code.=<<___; -.type aesni_cbc_sha1_enc_shaext,\@function,6 -.align 32 -aesni_cbc_sha1_enc_shaext: -.cfi_startproc - mov `($win64?56:8)`(%rsp),$inp # load 7th argument -___ -$code.=<<___ if ($win64); - lea `-8-10*16`(%rsp),%rsp - movaps %xmm6,-8-10*16(%rax) - movaps %xmm7,-8-9*16(%rax) - movaps %xmm8,-8-8*16(%rax) - movaps %xmm9,-8-7*16(%rax) - movaps %xmm10,-8-6*16(%rax) - movaps %xmm11,-8-5*16(%rax) - movaps %xmm12,-8-4*16(%rax) - movaps %xmm13,-8-3*16(%rax) - movaps %xmm14,-8-2*16(%rax) - movaps %xmm15,-8-1*16(%rax) -.Lprologue_shaext: -___ -$code.=<<___; - movdqu ($ctx),$ABCD - movd 16($ctx),$E - movdqa K_XX_XX+0x50(%rip),$BSWAP # byte-n-word swap - - mov 240($key),$rounds - sub $in0,$out - movups ($key),$rndkey0 # $key[0] - movups ($ivp),$iv # load IV - movups 16($key),$rndkey[0] # forward reference - lea 112($key),$key # size optimization - - pshufd \$0b00011011,$ABCD,$ABCD # flip word order - pshufd \$0b00011011,$E,$E # flip word order - jmp .Loop_shaext - -.align 16 -.Loop_shaext: -___ - &$aesenc(); -$code.=<<___; - movdqu ($inp),@MSG[0] - movdqa $E,$E_SAVE # offload $E - pshufb $BSWAP,@MSG[0] - movdqu 0x10($inp),@MSG[1] - movdqa $ABCD,$ABCD_SAVE # offload $ABCD -___ - &$aesenc(); -$code.=<<___; - pshufb $BSWAP,@MSG[1] - - paddd @MSG[0],$E - movdqu 0x20($inp),@MSG[2] - lea 0x40($inp),$inp - pxor $E_SAVE,@MSG[0] # black magic -___ - &$aesenc(); -$code.=<<___; - pxor $E_SAVE,@MSG[0] # black magic - movdqa $ABCD,$E_ - pshufb $BSWAP,@MSG[2] - sha1rnds4 \$0,$E,$ABCD # 0-3 - sha1nexte @MSG[1],$E_ -___ - &$aesenc(); -$code.=<<___; - sha1msg1 @MSG[1],@MSG[0] - movdqu -0x10($inp),@MSG[3] - movdqa $ABCD,$E - pshufb $BSWAP,@MSG[3] -___ - &$aesenc(); -$code.=<<___; - sha1rnds4 \$0,$E_,$ABCD # 4-7 - sha1nexte @MSG[2],$E - pxor @MSG[2],@MSG[0] - sha1msg1 @MSG[2],@MSG[1] -___ - &$aesenc(); - -for($i=2;$i<20-4;$i++) { -$code.=<<___; - movdqa $ABCD,$E_ - sha1rnds4 \$`int($i/5)`,$E,$ABCD # 8-11 - sha1nexte @MSG[3],$E_ -___ - &$aesenc(); -$code.=<<___; - sha1msg2 @MSG[3],@MSG[0] - pxor @MSG[3],@MSG[1] - sha1msg1 @MSG[3],@MSG[2] -___ - ($E,$E_)=($E_,$E); - push(@MSG,shift(@MSG)); - - &$aesenc(); -} -$code.=<<___; - movdqa $ABCD,$E_ - sha1rnds4 \$3,$E,$ABCD # 64-67 - sha1nexte @MSG[3],$E_ - sha1msg2 @MSG[3],@MSG[0] - pxor @MSG[3],@MSG[1] -___ - &$aesenc(); -$code.=<<___; - movdqa $ABCD,$E - sha1rnds4 \$3,$E_,$ABCD # 68-71 - sha1nexte @MSG[0],$E - sha1msg2 @MSG[0],@MSG[1] -___ - &$aesenc(); -$code.=<<___; - movdqa $E_SAVE,@MSG[0] - movdqa $ABCD,$E_ - sha1rnds4 \$3,$E,$ABCD # 72-75 - sha1nexte @MSG[1],$E_ -___ - &$aesenc(); -$code.=<<___; - movdqa $ABCD,$E - sha1rnds4 \$3,$E_,$ABCD # 76-79 - sha1nexte $MSG[0],$E -___ - while($r<40) { &$aesenc(); } # remaining aesenc's -$code.=<<___; - dec $len - - paddd $ABCD_SAVE,$ABCD - movups $iv,48($out,$in0) # write output - lea 64($in0),$in0 - jnz .Loop_shaext - - pshufd \$0b00011011,$ABCD,$ABCD - pshufd \$0b00011011,$E,$E - movups $iv,($ivp) # write IV - movdqu $ABCD,($ctx) - movd $E,16($ctx) -___ -$code.=<<___ if ($win64); - movaps -8-10*16(%rax),%xmm6 - movaps -8-9*16(%rax),%xmm7 - movaps -8-8*16(%rax),%xmm8 - movaps -8-7*16(%rax),%xmm9 - movaps -8-6*16(%rax),%xmm10 - movaps -8-5*16(%rax),%xmm11 - movaps -8-4*16(%rax),%xmm12 - movaps -8-3*16(%rax),%xmm13 - movaps -8-2*16(%rax),%xmm14 - movaps -8-1*16(%rax),%xmm15 - mov %rax,%rsp -.Lepilogue_shaext: -___ -$code.=<<___; - ret -.cfi_endproc -.size aesni_cbc_sha1_enc_shaext,.-aesni_cbc_sha1_enc_shaext -___ - }}} -# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame, -# CONTEXT *context,DISPATCHER_CONTEXT *disp) -if ($win64) { -$rec="%rcx"; -$frame="%rdx"; -$context="%r8"; -$disp="%r9"; - -$code.=<<___; -.extern __imp_RtlVirtualUnwind -.type ssse3_handler,\@abi-omnipotent -.align 16 -ssse3_handler: - push %rsi - push %rdi - push %rbx - push %rbp - push %r12 - push %r13 - push %r14 - push %r15 - pushfq - sub \$64,%rsp - - mov 120($context),%rax # pull context->Rax - mov 248($context),%rbx # pull context->Rip - - mov 8($disp),%rsi # disp->ImageBase - mov 56($disp),%r11 # disp->HandlerData - - mov 0(%r11),%r10d # HandlerData[0] - lea (%rsi,%r10),%r10 # prologue label - cmp %r10,%rbx # context->RipRsp - - mov 4(%r11),%r10d # HandlerData[1] - lea (%rsi,%r10),%r10 # epilogue label - cmp %r10,%rbx # context->Rip>=epilogue label - jae .Lcommon_seh_tail -___ -$code.=<<___ if ($shaext); - lea aesni_cbc_sha1_enc_shaext(%rip),%r10 - cmp %r10,%rbx - jb .Lseh_no_shaext - - lea (%rax),%rsi - lea 512($context),%rdi # &context.Xmm6 - mov \$20,%ecx - .long 0xa548f3fc # cld; rep movsq - lea 168(%rax),%rax # adjust stack pointer - jmp .Lcommon_seh_tail -.Lseh_no_shaext: -___ -$code.=<<___; - lea 96(%rax),%rsi - lea 512($context),%rdi # &context.Xmm6 - mov \$20,%ecx - .long 0xa548f3fc # cld; rep movsq - lea `104+10*16`(%rax),%rax # adjust stack pointer - - mov 0(%rax),%r15 - mov 8(%rax),%r14 - mov 16(%rax),%r13 - mov 24(%rax),%r12 - mov 32(%rax),%rbp - mov 40(%rax),%rbx - lea 48(%rax),%rax - mov %rbx,144($context) # restore context->Rbx - mov %rbp,160($context) # restore context->Rbp - mov %r12,216($context) # restore context->R12 - mov %r13,224($context) # restore context->R13 - mov %r14,232($context) # restore context->R14 - mov %r15,240($context) # restore context->R15 - -.Lcommon_seh_tail: - mov 8(%rax),%rdi - mov 16(%rax),%rsi - mov %rax,152($context) # restore context->Rsp - mov %rsi,168($context) # restore context->Rsi - mov %rdi,176($context) # restore context->Rdi - - mov 40($disp),%rdi # disp->ContextRecord - mov $context,%rsi # context - mov \$154,%ecx # sizeof(CONTEXT) - .long 0xa548f3fc # cld; rep movsq - - mov $disp,%rsi - xor %rcx,%rcx # arg1, UNW_FLAG_NHANDLER - mov 8(%rsi),%rdx # arg2, disp->ImageBase - mov 0(%rsi),%r8 # arg3, disp->ControlPc - mov 16(%rsi),%r9 # arg4, disp->FunctionEntry - mov 40(%rsi),%r10 # disp->ContextRecord - lea 56(%rsi),%r11 # &disp->HandlerData - lea 24(%rsi),%r12 # &disp->EstablisherFrame - mov %r10,32(%rsp) # arg5 - mov %r11,40(%rsp) # arg6 - mov %r12,48(%rsp) # arg7 - mov %rcx,56(%rsp) # arg8, (NULL) - call *__imp_RtlVirtualUnwind(%rip) - - mov \$1,%eax # ExceptionContinueSearch - add \$64,%rsp - popfq - pop %r15 - pop %r14 - pop %r13 - pop %r12 - pop %rbp - pop %rbx - pop %rdi - pop %rsi - ret -.size ssse3_handler,.-ssse3_handler - -.section .pdata -.align 4 - .rva .LSEH_begin_aesni_cbc_sha1_enc_ssse3 - .rva .LSEH_end_aesni_cbc_sha1_enc_ssse3 - .rva .LSEH_info_aesni_cbc_sha1_enc_ssse3 -___ -$code.=<<___ if ($avx); - .rva .LSEH_begin_aesni_cbc_sha1_enc_avx - .rva .LSEH_end_aesni_cbc_sha1_enc_avx - .rva .LSEH_info_aesni_cbc_sha1_enc_avx -___ -$code.=<<___ if ($shaext); - .rva .LSEH_begin_aesni_cbc_sha1_enc_shaext - .rva .LSEH_end_aesni_cbc_sha1_enc_shaext - .rva .LSEH_info_aesni_cbc_sha1_enc_shaext -___ -$code.=<<___; -.section .xdata -.align 8 -.LSEH_info_aesni_cbc_sha1_enc_ssse3: - .byte 9,0,0,0 - .rva ssse3_handler - .rva .Lprologue_ssse3,.Lepilogue_ssse3 # HandlerData[] -___ -$code.=<<___ if ($avx); -.LSEH_info_aesni_cbc_sha1_enc_avx: - .byte 9,0,0,0 - .rva ssse3_handler - .rva .Lprologue_avx,.Lepilogue_avx # HandlerData[] -___ -$code.=<<___ if ($shaext); -.LSEH_info_aesni_cbc_sha1_enc_shaext: - .byte 9,0,0,0 - .rva ssse3_handler - .rva .Lprologue_shaext,.Lepilogue_shaext # HandlerData[] -___ -} - -#################################################################### -sub rex { - local *opcode=shift; - my ($dst,$src)=@_; - my $rex=0; - - $rex|=0x04 if($dst>=8); - $rex|=0x01 if($src>=8); - unshift @opcode,$rex|0x40 if($rex); -} - -sub sha1rnds4 { - if (@_[0] =~ /\$([x0-9a-f]+),\s*%xmm([0-9]+),\s*%xmm([0-9]+)/) { - my @opcode=(0x0f,0x3a,0xcc); - rex(\@opcode,$3,$2); - push @opcode,0xc0|($2&7)|(($3&7)<<3); # ModR/M - my $c=$1; - push @opcode,$c=~/^0/?oct($c):$c; - return ".byte\t".join(',',@opcode); - } else { - return "sha1rnds4\t".@_[0]; - } -} - -sub sha1op38 { - my $instr = shift; - my %opcodelet = ( - "sha1nexte" => 0xc8, - "sha1msg1" => 0xc9, - "sha1msg2" => 0xca ); - - if (defined($opcodelet{$instr}) && @_[0] =~ /%xmm([0-9]+),\s*%xmm([0-9]+)/) { - my @opcode=(0x0f,0x38); - rex(\@opcode,$2,$1); - push @opcode,$opcodelet{$instr}; - push @opcode,0xc0|($1&7)|(($2&7)<<3); # ModR/M - return ".byte\t".join(',',@opcode); - } else { - return $instr."\t".@_[0]; - } -} - -sub aesni { - my $line=shift; - my @opcode=(0x0f,0x38); - - if ($line=~/(aes[a-z]+)\s+%xmm([0-9]+),\s*%xmm([0-9]+)/) { - my %opcodelet = ( - "aesenc" => 0xdc, "aesenclast" => 0xdd, - "aesdec" => 0xde, "aesdeclast" => 0xdf - ); - return undef if (!defined($opcodelet{$1})); - rex(\@opcode,$3,$2); - push @opcode,$opcodelet{$1},0xc0|($2&7)|(($3&7)<<3); # ModR/M - unshift @opcode,0x66; - return ".byte\t".join(',',@opcode); - } - return $line; -} - -foreach (split("\n",$code)) { - s/\`([^\`]*)\`/eval $1/geo; - - s/\b(sha1rnds4)\s+(.*)/sha1rnds4($2)/geo or - s/\b(sha1[^\s]*)\s+(.*)/sha1op38($1,$2)/geo or - s/\b(aes.*%xmm[0-9]+).*$/aesni($1)/geo; - - print $_,"\n"; -} -close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/aes/asm/aesni-sha256-x86_64.pl b/crypto/aes/asm/aesni-sha256-x86_64.pl deleted file mode 100644 index 5521766a6a7dcf3f3df589b610f4784a17c0b306..0000000000000000000000000000000000000000 --- a/crypto/aes/asm/aesni-sha256-x86_64.pl +++ /dev/null @@ -1,1804 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2013-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - -# -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# ==================================================================== -# -# January 2013 -# -# This is AESNI-CBC+SHA256 stitch implementation. The idea, as spelled -# in http://download.intel.com/design/intarch/papers/323686.pdf, is -# that since AESNI-CBC encrypt exhibit *very* low instruction-level -# parallelism, interleaving it with another algorithm would allow to -# utilize processor resources better and achieve better performance. -# SHA256 instruction sequences(*) are taken from sha512-x86_64.pl and -# AESNI code is weaved into it. As SHA256 dominates execution time, -# stitch performance does not depend on AES key length. Below are -# performance numbers in cycles per processed byte, less is better, -# for standalone AESNI-CBC encrypt, standalone SHA256, and stitched -# subroutine: -# -# AES-128/-192/-256+SHA256 this(**) gain -# Sandy Bridge 5.05/6.05/7.05+11.6 13.0 +28%/36%/43% -# Ivy Bridge 5.05/6.05/7.05+10.3 11.6 +32%/41%/50% -# Haswell 4.43/5.29/6.19+7.80 8.79 +39%/49%/59% -# Skylake 2.62/3.14/3.62+7.70 8.10 +27%/34%/40% -# Bulldozer 5.77/6.89/8.00+13.7 13.7 +42%/50%/58% -# Ryzen(***) 2.71/-/3.71+2.05 2.74/-/3.73 +74%/-/54% -# Goldmont(***) 3.82/-/5.35+4.16 4.73/-/5.94 +69%/-/60% -# -# (*) there are XOP, AVX1 and AVX2 code paths, meaning that -# Westmere is omitted from loop, this is because gain was not -# estimated high enough to justify the effort; -# (**) these are EVP-free results, results obtained with 'speed -# -evp aes-256-cbc-hmac-sha256' will vary by percent or two; -# (***) these are SHAEXT results; - -# $output is the last argument if it looks like a file (it has an extension) -# $flavour is the first argument if it doesn't look like a file -$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; -$flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef; - -$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/); - -$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; -( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or -( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or -die "can't locate x86_64-xlate.pl"; - -if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1` - =~ /GNU assembler version ([2-9]\.[0-9]+)/) { - $avx = ($1>=2.19) + ($1>=2.22); -} - -if (!$avx && $win64 && ($flavour =~ /nasm/ || $ENV{ASM} =~ /nasm/) && - `nasm -v 2>&1` =~ /NASM version ([2-9]\.[0-9]+)/) { - $avx = ($1>=2.09) + ($1>=2.10); -} - -if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) && - `ml64 2>&1` =~ /Version ([0-9]+)\./) { - $avx = ($1>=10) + ($1>=12); -} - -if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:clang|LLVM) version|.*based on LLVM) ([0-9]+\.[0-9]+)/) { - $avx = ($2>=3.0) + ($2>3.0); -} - -$shaext=$avx; ### set to zero if compiling for 1.0.1 -$avx=1 if (!$shaext && $avx); - -open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"" - or die "can't call $xlate: $!"; -*STDOUT=*OUT; - -$func="aesni_cbc_sha256_enc"; -$TABLE="K256"; -$SZ=4; -@ROT=($A,$B,$C,$D,$E,$F,$G,$H)=("%eax","%ebx","%ecx","%edx", - "%r8d","%r9d","%r10d","%r11d"); -($T1,$a0,$a1,$a2,$a3)=("%r12d","%r13d","%r14d","%r15d","%esi"); -@Sigma0=( 2,13,22); -@Sigma1=( 6,11,25); -@sigma0=( 7,18, 3); -@sigma1=(17,19,10); -$rounds=64; - -######################################################################## -# void aesni_cbc_sha256_enc(const void *inp, -# void *out, -# size_t length, -# const AES_KEY *key, -# unsigned char *iv, -# SHA256_CTX *ctx, -# const void *in0); -($inp, $out, $len, $key, $ivp, $ctx, $in0) = -("%rdi","%rsi","%rdx","%rcx","%r8","%r9","%r10"); - -$Tbl="%rbp"; - -$_inp="16*$SZ+0*8(%rsp)"; -$_out="16*$SZ+1*8(%rsp)"; -$_end="16*$SZ+2*8(%rsp)"; -$_key="16*$SZ+3*8(%rsp)"; -$_ivp="16*$SZ+4*8(%rsp)"; -$_ctx="16*$SZ+5*8(%rsp)"; -$_in0="16*$SZ+6*8(%rsp)"; -$_rsp="`16*$SZ+7*8`(%rsp)"; -$framesz=16*$SZ+8*8; - -$code=<<___; -.text - -.extern OPENSSL_ia32cap_P -.globl $func -.type $func,\@abi-omnipotent -.align 16 -$func: -.cfi_startproc -___ - if ($avx) { -$code.=<<___; - lea OPENSSL_ia32cap_P(%rip),%r11 - mov \$1,%eax - cmp \$0,`$win64?"%rcx":"%rdi"` - je .Lprobe - mov 0(%r11),%eax - mov 4(%r11),%r10 -___ -$code.=<<___ if ($shaext); - bt \$61,%r10 # check for SHA - jc ${func}_shaext -___ -$code.=<<___; - mov %r10,%r11 - shr \$32,%r11 - - test \$`1<<11`,%r10d # check for XOP - jnz ${func}_xop -___ -$code.=<<___ if ($avx>1); - and \$`1<<8|1<<5|1<<3`,%r11d # check for BMI2+AVX2+BMI1 - cmp \$`1<<8|1<<5|1<<3`,%r11d - je ${func}_avx2 -___ -$code.=<<___; - and \$`1<<28`,%r10d # check for AVX - jnz ${func}_avx - ud2 -___ - } -$code.=<<___; - xor %eax,%eax - cmp \$0,`$win64?"%rcx":"%rdi"` - je .Lprobe - ud2 -.Lprobe: - ret -.cfi_endproc -.size $func,.-$func - -.align 64 -.type $TABLE,\@object -$TABLE: - .long 0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5 - .long 0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5 - .long 0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5 - .long 0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5 - .long 0xd807aa98,0x12835b01,0x243185be,0x550c7dc3 - .long 0xd807aa98,0x12835b01,0x243185be,0x550c7dc3 - .long 0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174 - .long 0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174 - .long 0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc - .long 0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc - .long 0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da - .long 0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da - .long 0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7 - .long 0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7 - .long 0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967 - .long 0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967 - .long 0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13 - .long 0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13 - .long 0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85 - .long 0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85 - .long 0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3 - .long 0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3 - .long 0xd192e819,0xd6990624,0xf40e3585,0x106aa070 - .long 0xd192e819,0xd6990624,0xf40e3585,0x106aa070 - .long 0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5 - .long 0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5 - .long 0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3 - .long 0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3 - .long 0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208 - .long 0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208 - .long 0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2 - .long 0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2 - - .long 0x00010203,0x04050607,0x08090a0b,0x0c0d0e0f - .long 0x00010203,0x04050607,0x08090a0b,0x0c0d0e0f - .long 0,0,0,0, 0,0,0,0, -1,-1,-1,-1 - .long 0,0,0,0, 0,0,0,0 - .asciz "AESNI-CBC+SHA256 stitch for x86_64, CRYPTOGAMS by " -.align 64 -___ - -###################################################################### -# SIMD code paths -# -{{{ -($iv,$inout,$roundkey,$temp, - $mask10,$mask12,$mask14,$offload)=map("%xmm$_",(8..15)); - -$aesni_cbc_idx=0; -@aesni_cbc_block = ( -## &vmovdqu ($roundkey,"0x00-0x80($inp)");' -## &vmovdqu ($inout,($inp)); -## &mov ($_inp,$inp); - - '&vpxor ($inout,$inout,$roundkey);'. - ' &vmovdqu ($roundkey,"0x10-0x80($inp)");', - - '&vpxor ($inout,$inout,$iv);', - - '&vaesenc ($inout,$inout,$roundkey);'. - ' &vmovdqu ($roundkey,"0x20-0x80($inp)");', - - '&vaesenc ($inout,$inout,$roundkey);'. - ' &vmovdqu ($roundkey,"0x30-0x80($inp)");', - - '&vaesenc ($inout,$inout,$roundkey);'. - ' &vmovdqu ($roundkey,"0x40-0x80($inp)");', - - '&vaesenc ($inout,$inout,$roundkey);'. - ' &vmovdqu ($roundkey,"0x50-0x80($inp)");', - - '&vaesenc ($inout,$inout,$roundkey);'. - ' &vmovdqu ($roundkey,"0x60-0x80($inp)");', - - '&vaesenc ($inout,$inout,$roundkey);'. - ' &vmovdqu ($roundkey,"0x70-0x80($inp)");', - - '&vaesenc ($inout,$inout,$roundkey);'. - ' &vmovdqu ($roundkey,"0x80-0x80($inp)");', - - '&vaesenc ($inout,$inout,$roundkey);'. - ' &vmovdqu ($roundkey,"0x90-0x80($inp)");', - - '&vaesenc ($inout,$inout,$roundkey);'. - ' &vmovdqu ($roundkey,"0xa0-0x80($inp)");', - - '&vaesenclast ($temp,$inout,$roundkey);'. - ' &vaesenc ($inout,$inout,$roundkey);'. - ' &vmovdqu ($roundkey,"0xb0-0x80($inp)");', - - '&vpand ($iv,$temp,$mask10);'. - ' &vaesenc ($inout,$inout,$roundkey);'. - ' &vmovdqu ($roundkey,"0xc0-0x80($inp)");', - - '&vaesenclast ($temp,$inout,$roundkey);'. - ' &vaesenc ($inout,$inout,$roundkey);'. - ' &vmovdqu ($roundkey,"0xd0-0x80($inp)");', - - '&vpand ($temp,$temp,$mask12);'. - ' &vaesenc ($inout,$inout,$roundkey);'. - '&vmovdqu ($roundkey,"0xe0-0x80($inp)");', - - '&vpor ($iv,$iv,$temp);'. - ' &vaesenclast ($temp,$inout,$roundkey);'. - ' &vmovdqu ($roundkey,"0x00-0x80($inp)");' - -## &mov ($inp,$_inp); -## &mov ($out,$_out); -## &vpand ($temp,$temp,$mask14); -## &vpor ($iv,$iv,$temp); -## &vmovdqu ($iv,($out,$inp); -## &lea (inp,16($inp)); -); - -my $a4=$T1; -my ($a,$b,$c,$d,$e,$f,$g,$h); - -sub AUTOLOAD() # thunk [simplified] 32-bit style perlasm -{ my $opcode = $AUTOLOAD; $opcode =~ s/.*:://; - my $arg = pop; - $arg = "\$$arg" if ($arg*1 eq $arg); - $code .= "\t$opcode\t".join(',',$arg,reverse @_)."\n"; -} - -sub body_00_15 () { - ( - '($a,$b,$c,$d,$e,$f,$g,$h)=@ROT;'. - - '&ror ($a0,$Sigma1[2]-$Sigma1[1])', - '&mov ($a,$a1)', - '&mov ($a4,$f)', - - '&xor ($a0,$e)', - '&ror ($a1,$Sigma0[2]-$Sigma0[1])', - '&xor ($a4,$g)', # f^g - - '&ror ($a0,$Sigma1[1]-$Sigma1[0])', - '&xor ($a1,$a)', - '&and ($a4,$e)', # (f^g)&e - - @aesni_cbc_block[$aesni_cbc_idx++]. - '&xor ($a0,$e)', - '&add ($h,$SZ*($i&15)."(%rsp)")', # h+=X[i]+K[i] - '&mov ($a2,$a)', - - '&ror ($a1,$Sigma0[1]-$Sigma0[0])', - '&xor ($a4,$g)', # Ch(e,f,g)=((f^g)&e)^g - '&xor ($a2,$b)', # a^b, b^c in next round - - '&ror ($a0,$Sigma1[0])', # Sigma1(e) - '&add ($h,$a4)', # h+=Ch(e,f,g) - '&and ($a3,$a2)', # (b^c)&(a^b) - - '&xor ($a1,$a)', - '&add ($h,$a0)', # h+=Sigma1(e) - '&xor ($a3,$b)', # Maj(a,b,c)=Ch(a^b,c,b) - - '&add ($d,$h)', # d+=h - '&ror ($a1,$Sigma0[0])', # Sigma0(a) - '&add ($h,$a3)', # h+=Maj(a,b,c) - - '&mov ($a0,$d)', - '&add ($a1,$h);'. # h+=Sigma0(a) - '($a2,$a3) = ($a3,$a2); unshift(@ROT,pop(@ROT)); $i++;' - ); -} - -if ($avx) {{ -###################################################################### -# XOP code path -# -$code.=<<___; -.type ${func}_xop,\@function,6 -.align 64 -${func}_xop: -.cfi_startproc -.Lxop_shortcut: - mov `($win64?56:8)`(%rsp),$in0 # load 7th parameter - mov %rsp,%rax # copy %rsp -.cfi_def_cfa_register %rax - push %rbx -.cfi_push %rbx - push %rbp -.cfi_push %rbp - push %r12 -.cfi_push %r12 - push %r13 -.cfi_push %r13 - push %r14 -.cfi_push %r14 - push %r15 -.cfi_push %r15 - sub \$`$framesz+$win64*16*10`,%rsp - and \$-64,%rsp # align stack frame - - shl \$6,$len - sub $inp,$out # re-bias - sub $inp,$in0 - add $inp,$len # end of input - - #mov $inp,$_inp # saved later - mov $out,$_out - mov $len,$_end - #mov $key,$_key # remains resident in $inp register - mov $ivp,$_ivp - mov $ctx,$_ctx - mov $in0,$_in0 - mov %rax,$_rsp -.cfi_cfa_expression $_rsp,deref,+8 -___ -$code.=<<___ if ($win64); - movaps %xmm6,`$framesz+16*0`(%rsp) - movaps %xmm7,`$framesz+16*1`(%rsp) - movaps %xmm8,`$framesz+16*2`(%rsp) - movaps %xmm9,`$framesz+16*3`(%rsp) - movaps %xmm10,`$framesz+16*4`(%rsp) - movaps %xmm11,`$framesz+16*5`(%rsp) - movaps %xmm12,`$framesz+16*6`(%rsp) - movaps %xmm13,`$framesz+16*7`(%rsp) - movaps %xmm14,`$framesz+16*8`(%rsp) - movaps %xmm15,`$framesz+16*9`(%rsp) -___ -$code.=<<___; -.Lprologue_xop: - vzeroall - - mov $inp,%r12 # borrow $a4 - lea 0x80($key),$inp # size optimization, reassign - lea $TABLE+`$SZ*2*$rounds+32`(%rip),%r13 # borrow $a0 - mov 0xf0-0x80($inp),%r14d # rounds, borrow $a1 - mov $ctx,%r15 # borrow $a2 - mov $in0,%rsi # borrow $a3 - vmovdqu ($ivp),$iv # load IV - sub \$9,%r14 - - mov $SZ*0(%r15),$A - mov $SZ*1(%r15),$B - mov $SZ*2(%r15),$C - mov $SZ*3(%r15),$D - mov $SZ*4(%r15),$E - mov $SZ*5(%r15),$F - mov $SZ*6(%r15),$G - mov $SZ*7(%r15),$H - - vmovdqa 0x00(%r13,%r14,8),$mask14 - vmovdqa 0x10(%r13,%r14,8),$mask12 - vmovdqa 0x20(%r13,%r14,8),$mask10 - vmovdqu 0x00-0x80($inp),$roundkey - jmp .Lloop_xop -___ - if ($SZ==4) { # SHA256 - my @X = map("%xmm$_",(0..3)); - my ($t0,$t1,$t2,$t3) = map("%xmm$_",(4..7)); - -$code.=<<___; -.align 16 -.Lloop_xop: - vmovdqa $TABLE+`$SZ*2*$rounds`(%rip),$t3 - vmovdqu 0x00(%rsi,%r12),@X[0] - vmovdqu 0x10(%rsi,%r12),@X[1] - vmovdqu 0x20(%rsi,%r12),@X[2] - vmovdqu 0x30(%rsi,%r12),@X[3] - vpshufb $t3,@X[0],@X[0] - lea $TABLE(%rip),$Tbl - vpshufb $t3,@X[1],@X[1] - vpshufb $t3,@X[2],@X[2] - vpaddd 0x00($Tbl),@X[0],$t0 - vpshufb $t3,@X[3],@X[3] - vpaddd 0x20($Tbl),@X[1],$t1 - vpaddd 0x40($Tbl),@X[2],$t2 - vpaddd 0x60($Tbl),@X[3],$t3 - vmovdqa $t0,0x00(%rsp) - mov $A,$a1 - vmovdqa $t1,0x10(%rsp) - mov $B,$a3 - vmovdqa $t2,0x20(%rsp) - xor $C,$a3 # magic - vmovdqa $t3,0x30(%rsp) - mov $E,$a0 - jmp .Lxop_00_47 - -.align 16 -.Lxop_00_47: - sub \$-16*2*$SZ,$Tbl # size optimization - vmovdqu (%r12),$inout # $a4 - mov %r12,$_inp # $a4 -___ -sub XOP_256_00_47 () { -my $j = shift; -my $body = shift; -my @X = @_; -my @insns = (&$body,&$body,&$body,&$body); # 104 instructions - - &vpalignr ($t0,@X[1],@X[0],$SZ); # X[1..4] - eval(shift(@insns)); - eval(shift(@insns)); - &vpalignr ($t3,@X[3],@X[2],$SZ); # X[9..12] - eval(shift(@insns)); - eval(shift(@insns)); - &vprotd ($t1,$t0,8*$SZ-$sigma0[1]); - eval(shift(@insns)); - eval(shift(@insns)); - &vpsrld ($t0,$t0,$sigma0[2]); - eval(shift(@insns)); - eval(shift(@insns)); - &vpaddd (@X[0],@X[0],$t3); # X[0..3] += X[9..12] - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - &vprotd ($t2,$t1,$sigma0[1]-$sigma0[0]); - eval(shift(@insns)); - eval(shift(@insns)); - &vpxor ($t0,$t0,$t1); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - &vprotd ($t3,@X[3],8*$SZ-$sigma1[1]); - eval(shift(@insns)); - eval(shift(@insns)); - &vpxor ($t0,$t0,$t2); # sigma0(X[1..4]) - eval(shift(@insns)); - eval(shift(@insns)); - &vpsrld ($t2,@X[3],$sigma1[2]); - eval(shift(@insns)); - eval(shift(@insns)); - &vpaddd (@X[0],@X[0],$t0); # X[0..3] += sigma0(X[1..4]) - eval(shift(@insns)); - eval(shift(@insns)); - &vprotd ($t1,$t3,$sigma1[1]-$sigma1[0]); - eval(shift(@insns)); - eval(shift(@insns)); - &vpxor ($t3,$t3,$t2); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - &vpxor ($t3,$t3,$t1); # sigma1(X[14..15]) - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - &vpsrldq ($t3,$t3,8); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - &vpaddd (@X[0],@X[0],$t3); # X[0..1] += sigma1(X[14..15]) - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - &vprotd ($t3,@X[0],8*$SZ-$sigma1[1]); - eval(shift(@insns)); - eval(shift(@insns)); - &vpsrld ($t2,@X[0],$sigma1[2]); - eval(shift(@insns)); - eval(shift(@insns)); - &vprotd ($t1,$t3,$sigma1[1]-$sigma1[0]); - eval(shift(@insns)); - eval(shift(@insns)); - &vpxor ($t3,$t3,$t2); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - &vpxor ($t3,$t3,$t1); # sigma1(X[16..17]) - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - &vpslldq ($t3,$t3,8); # 22 instructions - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - &vpaddd (@X[0],@X[0],$t3); # X[2..3] += sigma1(X[16..17]) - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - &vpaddd ($t2,@X[0],16*2*$j."($Tbl)"); - foreach (@insns) { eval; } # remaining instructions - &vmovdqa (16*$j."(%rsp)",$t2); -} - - $aesni_cbc_idx=0; - for ($i=0,$j=0; $j<4; $j++) { - &XOP_256_00_47($j,\&body_00_15,@X); - push(@X,shift(@X)); # rotate(@X) - } - &mov ("%r12",$_inp); # borrow $a4 - &vpand ($temp,$temp,$mask14); - &mov ("%r15",$_out); # borrow $a2 - &vpor ($iv,$iv,$temp); - &vmovdqu ("(%r15,%r12)",$iv); # write output - &lea ("%r12","16(%r12)"); # inp++ - - &cmpb ($SZ-1+16*2*$SZ."($Tbl)",0); - &jne (".Lxop_00_47"); - - &vmovdqu ($inout,"(%r12)"); - &mov ($_inp,"%r12"); - - $aesni_cbc_idx=0; - for ($i=0; $i<16; ) { - foreach(body_00_15()) { eval; } - } - } -$code.=<<___; - mov $_inp,%r12 # borrow $a4 - mov $_out,%r13 # borrow $a0 - mov $_ctx,%r15 # borrow $a2 - mov $_in0,%rsi # borrow $a3 - - vpand $mask14,$temp,$temp - mov $a1,$A - vpor $temp,$iv,$iv - vmovdqu $iv,(%r13,%r12) # write output - lea 16(%r12),%r12 # inp++ - - add $SZ*0(%r15),$A - add $SZ*1(%r15),$B - add $SZ*2(%r15),$C - add $SZ*3(%r15),$D - add $SZ*4(%r15),$E - add $SZ*5(%r15),$F - add $SZ*6(%r15),$G - add $SZ*7(%r15),$H - - cmp $_end,%r12 - - mov $A,$SZ*0(%r15) - mov $B,$SZ*1(%r15) - mov $C,$SZ*2(%r15) - mov $D,$SZ*3(%r15) - mov $E,$SZ*4(%r15) - mov $F,$SZ*5(%r15) - mov $G,$SZ*6(%r15) - mov $H,$SZ*7(%r15) - - jb .Lloop_xop - - mov $_ivp,$ivp - mov $_rsp,%rsi -.cfi_def_cfa %rsi,8 - vmovdqu $iv,($ivp) # output IV - vzeroall -___ -$code.=<<___ if ($win64); - movaps `$framesz+16*0`(%rsp),%xmm6 - movaps `$framesz+16*1`(%rsp),%xmm7 - movaps `$framesz+16*2`(%rsp),%xmm8 - movaps `$framesz+16*3`(%rsp),%xmm9 - movaps `$framesz+16*4`(%rsp),%xmm10 - movaps `$framesz+16*5`(%rsp),%xmm11 - movaps `$framesz+16*6`(%rsp),%xmm12 - movaps `$framesz+16*7`(%rsp),%xmm13 - movaps `$framesz+16*8`(%rsp),%xmm14 - movaps `$framesz+16*9`(%rsp),%xmm15 -___ -$code.=<<___; - mov -48(%rsi),%r15 -.cfi_restore %r15 - mov -40(%rsi),%r14 -.cfi_restore %r14 - mov -32(%rsi),%r13 -.cfi_restore %r13 - mov -24(%rsi),%r12 -.cfi_restore %r12 - mov -16(%rsi),%rbp -.cfi_restore %rbp - mov -8(%rsi),%rbx -.cfi_restore %rbx - lea (%rsi),%rsp -.cfi_def_cfa_register %rsp -.Lepilogue_xop: - ret -.cfi_endproc -.size ${func}_xop,.-${func}_xop -___ -###################################################################### -# AVX+shrd code path -# -local *ror = sub { &shrd(@_[0],@_) }; - -$code.=<<___; -.type ${func}_avx,\@function,6 -.align 64 -${func}_avx: -.cfi_startproc -.Lavx_shortcut: - mov `($win64?56:8)`(%rsp),$in0 # load 7th parameter - mov %rsp,%rax # copy %rsp -.cfi_def_cfa_register %rax - push %rbx -.cfi_push %rbx - push %rbp -.cfi_push %rbp - push %r12 -.cfi_push %r12 - push %r13 -.cfi_push %r13 - push %r14 -.cfi_push %r14 - push %r15 -.cfi_push %r15 - sub \$`$framesz+$win64*16*10`,%rsp - and \$-64,%rsp # align stack frame - - shl \$6,$len - sub $inp,$out # re-bias - sub $inp,$in0 - add $inp,$len # end of input - - #mov $inp,$_inp # saved later - mov $out,$_out - mov $len,$_end - #mov $key,$_key # remains resident in $inp register - mov $ivp,$_ivp - mov $ctx,$_ctx - mov $in0,$_in0 - mov %rax,$_rsp -.cfi_cfa_expression $_rsp,deref,+8 -___ -$code.=<<___ if ($win64); - movaps %xmm6,`$framesz+16*0`(%rsp) - movaps %xmm7,`$framesz+16*1`(%rsp) - movaps %xmm8,`$framesz+16*2`(%rsp) - movaps %xmm9,`$framesz+16*3`(%rsp) - movaps %xmm10,`$framesz+16*4`(%rsp) - movaps %xmm11,`$framesz+16*5`(%rsp) - movaps %xmm12,`$framesz+16*6`(%rsp) - movaps %xmm13,`$framesz+16*7`(%rsp) - movaps %xmm14,`$framesz+16*8`(%rsp) - movaps %xmm15,`$framesz+16*9`(%rsp) -___ -$code.=<<___; -.Lprologue_avx: - vzeroall - - mov $inp,%r12 # borrow $a4 - lea 0x80($key),$inp # size optimization, reassign - lea $TABLE+`$SZ*2*$rounds+32`(%rip),%r13 # borrow $a0 - mov 0xf0-0x80($inp),%r14d # rounds, borrow $a1 - mov $ctx,%r15 # borrow $a2 - mov $in0,%rsi # borrow $a3 - vmovdqu ($ivp),$iv # load IV - sub \$9,%r14 - - mov $SZ*0(%r15),$A - mov $SZ*1(%r15),$B - mov $SZ*2(%r15),$C - mov $SZ*3(%r15),$D - mov $SZ*4(%r15),$E - mov $SZ*5(%r15),$F - mov $SZ*6(%r15),$G - mov $SZ*7(%r15),$H - - vmovdqa 0x00(%r13,%r14,8),$mask14 - vmovdqa 0x10(%r13,%r14,8),$mask12 - vmovdqa 0x20(%r13,%r14,8),$mask10 - vmovdqu 0x00-0x80($inp),$roundkey -___ - if ($SZ==4) { # SHA256 - my @X = map("%xmm$_",(0..3)); - my ($t0,$t1,$t2,$t3) = map("%xmm$_",(4..7)); - -$code.=<<___; - jmp .Lloop_avx -.align 16 -.Lloop_avx: - vmovdqa $TABLE+`$SZ*2*$rounds`(%rip),$t3 - vmovdqu 0x00(%rsi,%r12),@X[0] - vmovdqu 0x10(%rsi,%r12),@X[1] - vmovdqu 0x20(%rsi,%r12),@X[2] - vmovdqu 0x30(%rsi,%r12),@X[3] - vpshufb $t3,@X[0],@X[0] - lea $TABLE(%rip),$Tbl - vpshufb $t3,@X[1],@X[1] - vpshufb $t3,@X[2],@X[2] - vpaddd 0x00($Tbl),@X[0],$t0 - vpshufb $t3,@X[3],@X[3] - vpaddd 0x20($Tbl),@X[1],$t1 - vpaddd 0x40($Tbl),@X[2],$t2 - vpaddd 0x60($Tbl),@X[3],$t3 - vmovdqa $t0,0x00(%rsp) - mov $A,$a1 - vmovdqa $t1,0x10(%rsp) - mov $B,$a3 - vmovdqa $t2,0x20(%rsp) - xor $C,$a3 # magic - vmovdqa $t3,0x30(%rsp) - mov $E,$a0 - jmp .Lavx_00_47 - -.align 16 -.Lavx_00_47: - sub \$-16*2*$SZ,$Tbl # size optimization - vmovdqu (%r12),$inout # $a4 - mov %r12,$_inp # $a4 -___ -sub Xupdate_256_AVX () { - ( - '&vpalignr ($t0,@X[1],@X[0],$SZ)', # X[1..4] - '&vpalignr ($t3,@X[3],@X[2],$SZ)', # X[9..12] - '&vpsrld ($t2,$t0,$sigma0[0]);', - '&vpaddd (@X[0],@X[0],$t3)', # X[0..3] += X[9..12] - '&vpsrld ($t3,$t0,$sigma0[2])', - '&vpslld ($t1,$t0,8*$SZ-$sigma0[1]);', - '&vpxor ($t0,$t3,$t2)', - '&vpshufd ($t3,@X[3],0b11111010)',# X[14..15] - '&vpsrld ($t2,$t2,$sigma0[1]-$sigma0[0]);', - '&vpxor ($t0,$t0,$t1)', - '&vpslld ($t1,$t1,$sigma0[1]-$sigma0[0]);', - '&vpxor ($t0,$t0,$t2)', - '&vpsrld ($t2,$t3,$sigma1[2]);', - '&vpxor ($t0,$t0,$t1)', # sigma0(X[1..4]) - '&vpsrlq ($t3,$t3,$sigma1[0]);', - '&vpaddd (@X[0],@X[0],$t0)', # X[0..3] += sigma0(X[1..4]) - '&vpxor ($t2,$t2,$t3);', - '&vpsrlq ($t3,$t3,$sigma1[1]-$sigma1[0])', - '&vpxor ($t2,$t2,$t3)', # sigma1(X[14..15]) - '&vpshufd ($t2,$t2,0b10000100)', - '&vpsrldq ($t2,$t2,8)', - '&vpaddd (@X[0],@X[0],$t2)', # X[0..1] += sigma1(X[14..15]) - '&vpshufd ($t3,@X[0],0b01010000)',# X[16..17] - '&vpsrld ($t2,$t3,$sigma1[2])', - '&vpsrlq ($t3,$t3,$sigma1[0])', - '&vpxor ($t2,$t2,$t3);', - '&vpsrlq ($t3,$t3,$sigma1[1]-$sigma1[0])', - '&vpxor ($t2,$t2,$t3)', - '&vpshufd ($t2,$t2,0b11101000)', - '&vpslldq ($t2,$t2,8)', - '&vpaddd (@X[0],@X[0],$t2)' # X[2..3] += sigma1(X[16..17]) - ); -} - -sub AVX_256_00_47 () { -my $j = shift; -my $body = shift; -my @X = @_; -my @insns = (&$body,&$body,&$body,&$body); # 104 instructions - - foreach (Xupdate_256_AVX()) { # 29 instructions - eval; - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - } - &vpaddd ($t2,@X[0],16*2*$j."($Tbl)"); - foreach (@insns) { eval; } # remaining instructions - &vmovdqa (16*$j."(%rsp)",$t2); -} - - $aesni_cbc_idx=0; - for ($i=0,$j=0; $j<4; $j++) { - &AVX_256_00_47($j,\&body_00_15,@X); - push(@X,shift(@X)); # rotate(@X) - } - &mov ("%r12",$_inp); # borrow $a4 - &vpand ($temp,$temp,$mask14); - &mov ("%r15",$_out); # borrow $a2 - &vpor ($iv,$iv,$temp); - &vmovdqu ("(%r15,%r12)",$iv); # write output - &lea ("%r12","16(%r12)"); # inp++ - - &cmpb ($SZ-1+16*2*$SZ."($Tbl)",0); - &jne (".Lavx_00_47"); - - &vmovdqu ($inout,"(%r12)"); - &mov ($_inp,"%r12"); - - $aesni_cbc_idx=0; - for ($i=0; $i<16; ) { - foreach(body_00_15()) { eval; } - } - - } -$code.=<<___; - mov $_inp,%r12 # borrow $a4 - mov $_out,%r13 # borrow $a0 - mov $_ctx,%r15 # borrow $a2 - mov $_in0,%rsi # borrow $a3 - - vpand $mask14,$temp,$temp - mov $a1,$A - vpor $temp,$iv,$iv - vmovdqu $iv,(%r13,%r12) # write output - lea 16(%r12),%r12 # inp++ - - add $SZ*0(%r15),$A - add $SZ*1(%r15),$B - add $SZ*2(%r15),$C - add $SZ*3(%r15),$D - add $SZ*4(%r15),$E - add $SZ*5(%r15),$F - add $SZ*6(%r15),$G - add $SZ*7(%r15),$H - - cmp $_end,%r12 - - mov $A,$SZ*0(%r15) - mov $B,$SZ*1(%r15) - mov $C,$SZ*2(%r15) - mov $D,$SZ*3(%r15) - mov $E,$SZ*4(%r15) - mov $F,$SZ*5(%r15) - mov $G,$SZ*6(%r15) - mov $H,$SZ*7(%r15) - jb .Lloop_avx - - mov $_ivp,$ivp - mov $_rsp,%rsi -.cfi_def_cfa %rsi,8 - vmovdqu $iv,($ivp) # output IV - vzeroall -___ -$code.=<<___ if ($win64); - movaps `$framesz+16*0`(%rsp),%xmm6 - movaps `$framesz+16*1`(%rsp),%xmm7 - movaps `$framesz+16*2`(%rsp),%xmm8 - movaps `$framesz+16*3`(%rsp),%xmm9 - movaps `$framesz+16*4`(%rsp),%xmm10 - movaps `$framesz+16*5`(%rsp),%xmm11 - movaps `$framesz+16*6`(%rsp),%xmm12 - movaps `$framesz+16*7`(%rsp),%xmm13 - movaps `$framesz+16*8`(%rsp),%xmm14 - movaps `$framesz+16*9`(%rsp),%xmm15 -___ -$code.=<<___; - mov -48(%rsi),%r15 -.cfi_restore %r15 - mov -40(%rsi),%r14 -.cfi_restore %r14 - mov -32(%rsi),%r13 -.cfi_restore %r13 - mov -24(%rsi),%r12 -.cfi_restore %r12 - mov -16(%rsi),%rbp -.cfi_restore %rbp - mov -8(%rsi),%rbx -.cfi_restore %rbx - lea (%rsi),%rsp -.cfi_def_cfa_register %rsp -.Lepilogue_avx: - ret -.cfi_endproc -.size ${func}_avx,.-${func}_avx -___ - -if ($avx>1) {{ -###################################################################### -# AVX2+BMI code path -# -my $a5=$SZ==4?"%esi":"%rsi"; # zap $inp -my $PUSH8=8*2*$SZ; -use integer; - -sub bodyx_00_15 () { - # at start $a1 should be zero, $a3 - $b^$c and $a4 copy of $f - ( - '($a,$b,$c,$d,$e,$f,$g,$h)=@ROT;'. - - '&add ($h,(32*($i/(16/$SZ))+$SZ*($i%(16/$SZ)))%$PUSH8.$base)', # h+=X[i]+K[i] - '&and ($a4,$e)', # f&e - '&rorx ($a0,$e,$Sigma1[2])', - '&rorx ($a2,$e,$Sigma1[1])', - - '&lea ($a,"($a,$a1)")', # h+=Sigma0(a) from the past - '&lea ($h,"($h,$a4)")', - '&andn ($a4,$e,$g)', # ~e&g - '&xor ($a0,$a2)', - - '&rorx ($a1,$e,$Sigma1[0])', - '&lea ($h,"($h,$a4)")', # h+=Ch(e,f,g)=(e&f)+(~e&g) - '&xor ($a0,$a1)', # Sigma1(e) - '&mov ($a2,$a)', - - '&rorx ($a4,$a,$Sigma0[2])', - '&lea ($h,"($h,$a0)")', # h+=Sigma1(e) - '&xor ($a2,$b)', # a^b, b^c in next round - '&rorx ($a1,$a,$Sigma0[1])', - - '&rorx ($a0,$a,$Sigma0[0])', - '&lea ($d,"($d,$h)")', # d+=h - '&and ($a3,$a2)', # (b^c)&(a^b) - @aesni_cbc_block[$aesni_cbc_idx++]. - '&xor ($a1,$a4)', - - '&xor ($a3,$b)', # Maj(a,b,c)=Ch(a^b,c,b) - '&xor ($a1,$a0)', # Sigma0(a) - '&lea ($h,"($h,$a3)");'. # h+=Maj(a,b,c) - '&mov ($a4,$e)', # copy of f in future - - '($a2,$a3) = ($a3,$a2); unshift(@ROT,pop(@ROT)); $i++;' - ); - # and at the finish one has to $a+=$a1 -} - -$code.=<<___; -.type ${func}_avx2,\@function,6 -.align 64 -${func}_avx2: -.cfi_startproc -.Lavx2_shortcut: - mov `($win64?56:8)`(%rsp),$in0 # load 7th parameter - mov %rsp,%rax # copy %rsp -.cfi_def_cfa_register %rax - push %rbx -.cfi_push %rbx - push %rbp -.cfi_push %rbp - push %r12 -.cfi_push %r12 - push %r13 -.cfi_push %r13 - push %r14 -.cfi_push %r14 - push %r15 -.cfi_push %r15 - sub \$`2*$SZ*$rounds+8*8+$win64*16*10`,%rsp - and \$-256*$SZ,%rsp # align stack frame - add \$`2*$SZ*($rounds-8)`,%rsp - - shl \$6,$len - sub $inp,$out # re-bias - sub $inp,$in0 - add $inp,$len # end of input - - #mov $inp,$_inp # saved later - #mov $out,$_out # kept in $offload - mov $len,$_end - #mov $key,$_key # remains resident in $inp register - mov $ivp,$_ivp - mov $ctx,$_ctx - mov $in0,$_in0 - mov %rax,$_rsp -.cfi_cfa_expression $_rsp,deref,+8 -___ -$code.=<<___ if ($win64); - movaps %xmm6,`$framesz+16*0`(%rsp) - movaps %xmm7,`$framesz+16*1`(%rsp) - movaps %xmm8,`$framesz+16*2`(%rsp) - movaps %xmm9,`$framesz+16*3`(%rsp) - movaps %xmm10,`$framesz+16*4`(%rsp) - movaps %xmm11,`$framesz+16*5`(%rsp) - movaps %xmm12,`$framesz+16*6`(%rsp) - movaps %xmm13,`$framesz+16*7`(%rsp) - movaps %xmm14,`$framesz+16*8`(%rsp) - movaps %xmm15,`$framesz+16*9`(%rsp) -___ -$code.=<<___; -.Lprologue_avx2: - vzeroall - - mov $inp,%r13 # borrow $a0 - vpinsrq \$1,$out,$offload,$offload - lea 0x80($key),$inp # size optimization, reassign - lea $TABLE+`$SZ*2*$rounds+32`(%rip),%r12 # borrow $a4 - mov 0xf0-0x80($inp),%r14d # rounds, borrow $a1 - mov $ctx,%r15 # borrow $a2 - mov $in0,%rsi # borrow $a3 - vmovdqu ($ivp),$iv # load IV - lea -9(%r14),%r14 - - vmovdqa 0x00(%r12,%r14,8),$mask14 - vmovdqa 0x10(%r12,%r14,8),$mask12 - vmovdqa 0x20(%r12,%r14,8),$mask10 - - sub \$-16*$SZ,%r13 # inp++, size optimization - mov $SZ*0(%r15),$A - lea (%rsi,%r13),%r12 # borrow $a0 - mov $SZ*1(%r15),$B - cmp $len,%r13 # $_end - mov $SZ*2(%r15),$C - cmove %rsp,%r12 # next block or random data - mov $SZ*3(%r15),$D - mov $SZ*4(%r15),$E - mov $SZ*5(%r15),$F - mov $SZ*6(%r15),$G - mov $SZ*7(%r15),$H - vmovdqu 0x00-0x80($inp),$roundkey -___ - if ($SZ==4) { # SHA256 - my @X = map("%ymm$_",(0..3)); - my ($t0,$t1,$t2,$t3) = map("%ymm$_",(4..7)); - -$code.=<<___; - jmp .Loop_avx2 -.align 16 -.Loop_avx2: - vmovdqa $TABLE+`$SZ*2*$rounds`(%rip),$t3 - vmovdqu -16*$SZ+0(%rsi,%r13),%xmm0 - vmovdqu -16*$SZ+16(%rsi,%r13),%xmm1 - vmovdqu -16*$SZ+32(%rsi,%r13),%xmm2 - vmovdqu -16*$SZ+48(%rsi,%r13),%xmm3 - - vinserti128 \$1,(%r12),@X[0],@X[0] - vinserti128 \$1,16(%r12),@X[1],@X[1] - vpshufb $t3,@X[0],@X[0] - vinserti128 \$1,32(%r12),@X[2],@X[2] - vpshufb $t3,@X[1],@X[1] - vinserti128 \$1,48(%r12),@X[3],@X[3] - - lea $TABLE(%rip),$Tbl - vpshufb $t3,@X[2],@X[2] - lea -16*$SZ(%r13),%r13 - vpaddd 0x00($Tbl),@X[0],$t0 - vpshufb $t3,@X[3],@X[3] - vpaddd 0x20($Tbl),@X[1],$t1 - vpaddd 0x40($Tbl),@X[2],$t2 - vpaddd 0x60($Tbl),@X[3],$t3 - vmovdqa $t0,0x00(%rsp) - xor $a1,$a1 - vmovdqa $t1,0x20(%rsp) -___ -$code.=<<___ if (!$win64); -# temporarily use %rsi as frame pointer - mov $_rsp,%rsi -.cfi_def_cfa %rsi,8 -___ -$code.=<<___; - lea -$PUSH8(%rsp),%rsp -___ -$code.=<<___ if (!$win64); -# the frame info is at $_rsp, but the stack is moving... -# so a second frame pointer is saved at -8(%rsp) -# that is in the red zone - mov %rsi,-8(%rsp) -.cfi_cfa_expression %rsp-8,deref,+8 -___ -$code.=<<___; - mov $B,$a3 - vmovdqa $t2,0x00(%rsp) - xor $C,$a3 # magic - vmovdqa $t3,0x20(%rsp) - mov $F,$a4 - sub \$-16*2*$SZ,$Tbl # size optimization - jmp .Lavx2_00_47 - -.align 16 -.Lavx2_00_47: - vmovdqu (%r13),$inout - vpinsrq \$0,%r13,$offload,$offload -___ - -sub AVX2_256_00_47 () { -my $j = shift; -my $body = shift; -my @X = @_; -my @insns = (&$body,&$body,&$body,&$body); # 96 instructions -my $base = "+2*$PUSH8(%rsp)"; - - if (($j%2)==0) { - &lea ("%rsp","-$PUSH8(%rsp)"); -$code.=<<___ if (!$win64); -.cfi_cfa_expression %rsp+`$PUSH8-8`,deref,+8 -# copy secondary frame pointer to new location again at -8(%rsp) - pushq $PUSH8-8(%rsp) -.cfi_cfa_expression %rsp,deref,+8 - lea 8(%rsp),%rsp -.cfi_cfa_expression %rsp-8,deref,+8 -___ - } - foreach (Xupdate_256_AVX()) { # 29 instructions - eval; - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - } - &vpaddd ($t2,@X[0],16*2*$j."($Tbl)"); - foreach (@insns) { eval; } # remaining instructions - &vmovdqa ((32*$j)%$PUSH8."(%rsp)",$t2); -} - $aesni_cbc_idx=0; - for ($i=0,$j=0; $j<4; $j++) { - &AVX2_256_00_47($j,\&bodyx_00_15,@X); - push(@X,shift(@X)); # rotate(@X) - } - &vmovq ("%r13",$offload); # borrow $a0 - &vpextrq ("%r15",$offload,1); # borrow $a2 - &vpand ($temp,$temp,$mask14); - &vpor ($iv,$iv,$temp); - &vmovdqu ("(%r15,%r13)",$iv); # write output - &lea ("%r13","16(%r13)"); # inp++ - - &lea ($Tbl,16*2*$SZ."($Tbl)"); - &cmpb (($SZ-1)."($Tbl)",0); - &jne (".Lavx2_00_47"); - - &vmovdqu ($inout,"(%r13)"); - &vpinsrq ($offload,$offload,"%r13",0); - - $aesni_cbc_idx=0; - for ($i=0; $i<16; ) { - my $base=$i<8?"+$PUSH8(%rsp)":"(%rsp)"; - foreach(bodyx_00_15()) { eval; } - } - } -$code.=<<___; - vpextrq \$1,$offload,%r12 # $_out, borrow $a4 - vmovq $offload,%r13 # $_inp, borrow $a0 - mov `2*$SZ*$rounds+5*8`(%rsp),%r15 # $_ctx, borrow $a2 - add $a1,$A - lea `2*$SZ*($rounds-8)`(%rsp),$Tbl - - vpand $mask14,$temp,$temp - vpor $temp,$iv,$iv - vmovdqu $iv,(%r12,%r13) # write output - lea 16(%r13),%r13 - - add $SZ*0(%r15),$A - add $SZ*1(%r15),$B - add $SZ*2(%r15),$C - add $SZ*3(%r15),$D - add $SZ*4(%r15),$E - add $SZ*5(%r15),$F - add $SZ*6(%r15),$G - add $SZ*7(%r15),$H - - mov $A,$SZ*0(%r15) - mov $B,$SZ*1(%r15) - mov $C,$SZ*2(%r15) - mov $D,$SZ*3(%r15) - mov $E,$SZ*4(%r15) - mov $F,$SZ*5(%r15) - mov $G,$SZ*6(%r15) - mov $H,$SZ*7(%r15) - - cmp `$PUSH8+2*8`($Tbl),%r13 # $_end - je .Ldone_avx2 - - xor $a1,$a1 - mov $B,$a3 - mov $F,$a4 - xor $C,$a3 # magic - jmp .Lower_avx2 -.align 16 -.Lower_avx2: - vmovdqu (%r13),$inout - vpinsrq \$0,%r13,$offload,$offload -___ - $aesni_cbc_idx=0; - for ($i=0; $i<16; ) { - my $base="+16($Tbl)"; - foreach(bodyx_00_15()) { eval; } - &lea ($Tbl,"-$PUSH8($Tbl)") if ($i==8); - } -$code.=<<___; - vmovq $offload,%r13 # borrow $a0 - vpextrq \$1,$offload,%r15 # borrow $a2 - vpand $mask14,$temp,$temp - vpor $temp,$iv,$iv - lea -$PUSH8($Tbl),$Tbl - vmovdqu $iv,(%r15,%r13) # write output - lea 16(%r13),%r13 # inp++ - cmp %rsp,$Tbl - jae .Lower_avx2 - - mov `2*$SZ*$rounds+5*8`(%rsp),%r15 # $_ctx, borrow $a2 - lea 16*$SZ(%r13),%r13 - mov `2*$SZ*$rounds+6*8`(%rsp),%rsi # $_in0, borrow $a3 - add $a1,$A - lea `2*$SZ*($rounds-8)`(%rsp),%rsp - - add $SZ*0(%r15),$A - add $SZ*1(%r15),$B - add $SZ*2(%r15),$C - add $SZ*3(%r15),$D - add $SZ*4(%r15),$E - add $SZ*5(%r15),$F - add $SZ*6(%r15),$G - lea (%rsi,%r13),%r12 - add $SZ*7(%r15),$H - - cmp $_end,%r13 - - mov $A,$SZ*0(%r15) - cmove %rsp,%r12 # next block or stale data - mov $B,$SZ*1(%r15) - mov $C,$SZ*2(%r15) - mov $D,$SZ*3(%r15) - mov $E,$SZ*4(%r15) - mov $F,$SZ*5(%r15) - mov $G,$SZ*6(%r15) - mov $H,$SZ*7(%r15) - - jbe .Loop_avx2 - lea (%rsp),$Tbl -# temporarily use $Tbl as index to $_rsp -# this avoids the need to save a secondary frame pointer at -8(%rsp) -.cfi_cfa_expression $Tbl+`16*$SZ+7*8`,deref,+8 - -.Ldone_avx2: - mov 16*$SZ+4*8($Tbl),$ivp - mov 16*$SZ+7*8($Tbl),%rsi -.cfi_def_cfa %rsi,8 - vmovdqu $iv,($ivp) # output IV - vzeroall -___ -$code.=<<___ if ($win64); - movaps `$framesz+16*0`($Tbl),%xmm6 - movaps `$framesz+16*1`($Tbl),%xmm7 - movaps `$framesz+16*2`($Tbl),%xmm8 - movaps `$framesz+16*3`($Tbl),%xmm9 - movaps `$framesz+16*4`($Tbl),%xmm10 - movaps `$framesz+16*5`($Tbl),%xmm11 - movaps `$framesz+16*6`($Tbl),%xmm12 - movaps `$framesz+16*7`($Tbl),%xmm13 - movaps `$framesz+16*8`($Tbl),%xmm14 - movaps `$framesz+16*9`($Tbl),%xmm15 -___ -$code.=<<___; - mov -48(%rsi),%r15 -.cfi_restore %r15 - mov -40(%rsi),%r14 -.cfi_restore %r14 - mov -32(%rsi),%r13 -.cfi_restore %r13 - mov -24(%rsi),%r12 -.cfi_restore %r12 - mov -16(%rsi),%rbp -.cfi_restore %rbp - mov -8(%rsi),%rbx -.cfi_restore %rbx - lea (%rsi),%rsp -.cfi_def_cfa_register %rsp -.Lepilogue_avx2: - ret -.cfi_endproc -.size ${func}_avx2,.-${func}_avx2 -___ -}} -}} -{{ -my ($in0,$out,$len,$key,$ivp,$ctx,$inp)=("%rdi","%rsi","%rdx","%rcx","%r8","%r9","%r10"); - -my ($rounds,$Tbl)=("%r11d","%rbx"); - -my ($iv,$in,$rndkey0)=map("%xmm$_",(6,14,15)); -my @rndkey=("%xmm4","%xmm5"); -my $r=0; -my $sn=0; - -my ($Wi,$ABEF,$CDGH,$TMP,$BSWAP,$ABEF_SAVE,$CDGH_SAVE)=map("%xmm$_",(0..3,7..9)); -my @MSG=map("%xmm$_",(10..13)); - -my $aesenc=sub { - use integer; - my ($n,$k)=($r/10,$r%10); - if ($k==0) { - $code.=<<___; - movups `16*$n`($in0),$in # load input - xorps $rndkey0,$in -___ - $code.=<<___ if ($n); - movups $iv,`16*($n-1)`($out,$in0) # write output -___ - $code.=<<___; - xorps $in,$iv - movups `32+16*$k-112`($key),$rndkey[1] - aesenc $rndkey[0],$iv -___ - } elsif ($k==9) { - $sn++; - $code.=<<___; - cmp \$11,$rounds - jb .Laesenclast$sn - movups `32+16*($k+0)-112`($key),$rndkey[1] - aesenc $rndkey[0],$iv - movups `32+16*($k+1)-112`($key),$rndkey[0] - aesenc $rndkey[1],$iv - je .Laesenclast$sn - movups `32+16*($k+2)-112`($key),$rndkey[1] - aesenc $rndkey[0],$iv - movups `32+16*($k+3)-112`($key),$rndkey[0] - aesenc $rndkey[1],$iv -.Laesenclast$sn: - aesenclast $rndkey[0],$iv - movups 16-112($key),$rndkey[1] # forward reference - nop -___ - } else { - $code.=<<___; - movups `32+16*$k-112`($key),$rndkey[1] - aesenc $rndkey[0],$iv -___ - } - $r++; unshift(@rndkey,pop(@rndkey)); -}; - -if ($shaext) { -my $Tbl="%rax"; - -$code.=<<___; -.type ${func}_shaext,\@function,6 -.align 32 -${func}_shaext: -.cfi_startproc - mov `($win64?56:8)`(%rsp),$inp # load 7th argument -___ -$code.=<<___ if ($win64); - lea `-8-10*16`(%rsp),%rsp - movaps %xmm6,-8-10*16(%rax) - movaps %xmm7,-8-9*16(%rax) - movaps %xmm8,-8-8*16(%rax) - movaps %xmm9,-8-7*16(%rax) - movaps %xmm10,-8-6*16(%rax) - movaps %xmm11,-8-5*16(%rax) - movaps %xmm12,-8-4*16(%rax) - movaps %xmm13,-8-3*16(%rax) - movaps %xmm14,-8-2*16(%rax) - movaps %xmm15,-8-1*16(%rax) -.Lprologue_shaext: -___ -$code.=<<___; - lea K256+0x80(%rip),$Tbl - movdqu ($ctx),$ABEF # DCBA - movdqu 16($ctx),$CDGH # HGFE - movdqa 0x200-0x80($Tbl),$TMP # byte swap mask - - mov 240($key),$rounds - sub $in0,$out - movups ($key),$rndkey0 # $key[0] - movups ($ivp),$iv # load IV - movups 16($key),$rndkey[0] # forward reference - lea 112($key),$key # size optimization - - pshufd \$0x1b,$ABEF,$Wi # ABCD - pshufd \$0xb1,$ABEF,$ABEF # CDAB - pshufd \$0x1b,$CDGH,$CDGH # EFGH - movdqa $TMP,$BSWAP # offload - palignr \$8,$CDGH,$ABEF # ABEF - punpcklqdq $Wi,$CDGH # CDGH - - jmp .Loop_shaext - -.align 16 -.Loop_shaext: - movdqu ($inp),@MSG[0] - movdqu 0x10($inp),@MSG[1] - movdqu 0x20($inp),@MSG[2] - pshufb $TMP,@MSG[0] - movdqu 0x30($inp),@MSG[3] - - movdqa 0*32-0x80($Tbl),$Wi - paddd @MSG[0],$Wi - pshufb $TMP,@MSG[1] - movdqa $CDGH,$CDGH_SAVE # offload - movdqa $ABEF,$ABEF_SAVE # offload -___ - &$aesenc(); -$code.=<<___; - sha256rnds2 $ABEF,$CDGH # 0-3 - pshufd \$0x0e,$Wi,$Wi -___ - &$aesenc(); -$code.=<<___; - sha256rnds2 $CDGH,$ABEF - - movdqa 1*32-0x80($Tbl),$Wi - paddd @MSG[1],$Wi - pshufb $TMP,@MSG[2] - lea 0x40($inp),$inp -___ - &$aesenc(); -$code.=<<___; - sha256rnds2 $ABEF,$CDGH # 4-7 - pshufd \$0x0e,$Wi,$Wi -___ - &$aesenc(); -$code.=<<___; - sha256rnds2 $CDGH,$ABEF - - movdqa 2*32-0x80($Tbl),$Wi - paddd @MSG[2],$Wi - pshufb $TMP,@MSG[3] - sha256msg1 @MSG[1],@MSG[0] -___ - &$aesenc(); -$code.=<<___; - sha256rnds2 $ABEF,$CDGH # 8-11 - pshufd \$0x0e,$Wi,$Wi - movdqa @MSG[3],$TMP - palignr \$4,@MSG[2],$TMP - paddd $TMP,@MSG[0] -___ - &$aesenc(); -$code.=<<___; - sha256rnds2 $CDGH,$ABEF - - movdqa 3*32-0x80($Tbl),$Wi - paddd @MSG[3],$Wi - sha256msg2 @MSG[3],@MSG[0] - sha256msg1 @MSG[2],@MSG[1] -___ - &$aesenc(); -$code.=<<___; - sha256rnds2 $ABEF,$CDGH # 12-15 - pshufd \$0x0e,$Wi,$Wi -___ - &$aesenc(); -$code.=<<___; - movdqa @MSG[0],$TMP - palignr \$4,@MSG[3],$TMP - paddd $TMP,@MSG[1] - sha256rnds2 $CDGH,$ABEF -___ -for($i=4;$i<16-3;$i++) { - &$aesenc() if (($r%10)==0); -$code.=<<___; - movdqa $i*32-0x80($Tbl),$Wi - paddd @MSG[0],$Wi - sha256msg2 @MSG[0],@MSG[1] - sha256msg1 @MSG[3],@MSG[2] -___ - &$aesenc(); -$code.=<<___; - sha256rnds2 $ABEF,$CDGH # 16-19... - pshufd \$0x0e,$Wi,$Wi - movdqa @MSG[1],$TMP - palignr \$4,@MSG[0],$TMP - paddd $TMP,@MSG[2] -___ - &$aesenc(); - &$aesenc() if ($r==19); -$code.=<<___; - sha256rnds2 $CDGH,$ABEF -___ - push(@MSG,shift(@MSG)); -} -$code.=<<___; - movdqa 13*32-0x80($Tbl),$Wi - paddd @MSG[0],$Wi - sha256msg2 @MSG[0],@MSG[1] - sha256msg1 @MSG[3],@MSG[2] -___ - &$aesenc(); -$code.=<<___; - sha256rnds2 $ABEF,$CDGH # 52-55 - pshufd \$0x0e,$Wi,$Wi - movdqa @MSG[1],$TMP - palignr \$4,@MSG[0],$TMP - paddd $TMP,@MSG[2] -___ - &$aesenc(); - &$aesenc(); -$code.=<<___; - sha256rnds2 $CDGH,$ABEF - - movdqa 14*32-0x80($Tbl),$Wi - paddd @MSG[1],$Wi - sha256msg2 @MSG[1],@MSG[2] - movdqa $BSWAP,$TMP -___ - &$aesenc(); -$code.=<<___; - sha256rnds2 $ABEF,$CDGH # 56-59 - pshufd \$0x0e,$Wi,$Wi -___ - &$aesenc(); -$code.=<<___; - sha256rnds2 $CDGH,$ABEF - - movdqa 15*32-0x80($Tbl),$Wi - paddd @MSG[2],$Wi -___ - &$aesenc(); - &$aesenc(); -$code.=<<___; - sha256rnds2 $ABEF,$CDGH # 60-63 - pshufd \$0x0e,$Wi,$Wi -___ - &$aesenc(); -$code.=<<___; - sha256rnds2 $CDGH,$ABEF - #pxor $CDGH,$rndkey0 # black magic -___ - while ($r<40) { &$aesenc(); } # remaining aesenc's -$code.=<<___; - #xorps $CDGH,$rndkey0 # black magic - paddd $CDGH_SAVE,$CDGH - paddd $ABEF_SAVE,$ABEF - - dec $len - movups $iv,48($out,$in0) # write output - lea 64($in0),$in0 - jnz .Loop_shaext - - pshufd \$0xb1,$CDGH,$CDGH # DCHG - pshufd \$0x1b,$ABEF,$TMP # FEBA - pshufd \$0xb1,$ABEF,$ABEF # BAFE - punpckhqdq $CDGH,$ABEF # DCBA - palignr \$8,$TMP,$CDGH # HGFE - - movups $iv,($ivp) # write IV - movdqu $ABEF,($ctx) - movdqu $CDGH,16($ctx) -___ -$code.=<<___ if ($win64); - movaps 0*16(%rsp),%xmm6 - movaps 1*16(%rsp),%xmm7 - movaps 2*16(%rsp),%xmm8 - movaps 3*16(%rsp),%xmm9 - movaps 4*16(%rsp),%xmm10 - movaps 5*16(%rsp),%xmm11 - movaps 6*16(%rsp),%xmm12 - movaps 7*16(%rsp),%xmm13 - movaps 8*16(%rsp),%xmm14 - movaps 9*16(%rsp),%xmm15 - lea 8+10*16(%rsp),%rsp -.Lepilogue_shaext: -___ -$code.=<<___; - ret -.cfi_endproc -.size ${func}_shaext,.-${func}_shaext -___ -} -}}}}} - -# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame, -# CONTEXT *context,DISPATCHER_CONTEXT *disp) -if ($win64 && $avx) { -$rec="%rcx"; -$frame="%rdx"; -$context="%r8"; -$disp="%r9"; - -$code.=<<___; -.extern __imp_RtlVirtualUnwind -.type se_handler,\@abi-omnipotent -.align 16 -se_handler: - push %rsi - push %rdi - push %rbx - push %rbp - push %r12 - push %r13 - push %r14 - push %r15 - pushfq - sub \$64,%rsp - - mov 120($context),%rax # pull context->Rax - mov 248($context),%rbx # pull context->Rip - - mov 8($disp),%rsi # disp->ImageBase - mov 56($disp),%r11 # disp->HanderlData - - mov 0(%r11),%r10d # HandlerData[0] - lea (%rsi,%r10),%r10 # prologue label - cmp %r10,%rbx # context->RipRsp - - mov 4(%r11),%r10d # HandlerData[1] - lea (%rsi,%r10),%r10 # epilogue label - cmp %r10,%rbx # context->Rip>=epilogue label - jae .Lin_prologue -___ -$code.=<<___ if ($shaext); - lea aesni_cbc_sha256_enc_shaext(%rip),%r10 - cmp %r10,%rbx - jb .Lnot_in_shaext - - lea (%rax),%rsi - lea 512($context),%rdi # &context.Xmm6 - mov \$20,%ecx - .long 0xa548f3fc # cld; rep movsq - lea 168(%rax),%rax # adjust stack pointer - jmp .Lin_prologue -.Lnot_in_shaext: -___ -$code.=<<___ if ($avx>1); - lea .Lavx2_shortcut(%rip),%r10 - cmp %r10,%rbx # context->RipRbx - mov %rbp,160($context) # restore context->Rbp - mov %r12,216($context) # restore context->R12 - mov %r13,224($context) # restore context->R13 - mov %r14,232($context) # restore context->R14 - mov %r15,240($context) # restore context->R15 - - lea 16*$SZ+8*8(%rsi),%rsi # Xmm6- save area - lea 512($context),%rdi # &context.Xmm6 - mov \$20,%ecx - .long 0xa548f3fc # cld; rep movsq - -.Lin_prologue: - mov 8(%rax),%rdi - mov 16(%rax),%rsi - mov %rax,152($context) # restore context->Rsp - mov %rsi,168($context) # restore context->Rsi - mov %rdi,176($context) # restore context->Rdi - - mov 40($disp),%rdi # disp->ContextRecord - mov $context,%rsi # context - mov \$154,%ecx # sizeof(CONTEXT) - .long 0xa548f3fc # cld; rep movsq - - mov $disp,%rsi - xor %rcx,%rcx # arg1, UNW_FLAG_NHANDLER - mov 8(%rsi),%rdx # arg2, disp->ImageBase - mov 0(%rsi),%r8 # arg3, disp->ControlPc - mov 16(%rsi),%r9 # arg4, disp->FunctionEntry - mov 40(%rsi),%r10 # disp->ContextRecord - lea 56(%rsi),%r11 # &disp->HandlerData - lea 24(%rsi),%r12 # &disp->EstablisherFrame - mov %r10,32(%rsp) # arg5 - mov %r11,40(%rsp) # arg6 - mov %r12,48(%rsp) # arg7 - mov %rcx,56(%rsp) # arg8, (NULL) - call *__imp_RtlVirtualUnwind(%rip) - - mov \$1,%eax # ExceptionContinueSearch - add \$64,%rsp - popfq - pop %r15 - pop %r14 - pop %r13 - pop %r12 - pop %rbp - pop %rbx - pop %rdi - pop %rsi - ret -.size se_handler,.-se_handler - -.section .pdata - .rva .LSEH_begin_${func}_xop - .rva .LSEH_end_${func}_xop - .rva .LSEH_info_${func}_xop - - .rva .LSEH_begin_${func}_avx - .rva .LSEH_end_${func}_avx - .rva .LSEH_info_${func}_avx -___ -$code.=<<___ if ($avx>1); - .rva .LSEH_begin_${func}_avx2 - .rva .LSEH_end_${func}_avx2 - .rva .LSEH_info_${func}_avx2 -___ -$code.=<<___ if ($shaext); - .rva .LSEH_begin_${func}_shaext - .rva .LSEH_end_${func}_shaext - .rva .LSEH_info_${func}_shaext -___ -$code.=<<___; -.section .xdata -.align 8 -.LSEH_info_${func}_xop: - .byte 9,0,0,0 - .rva se_handler - .rva .Lprologue_xop,.Lepilogue_xop # HandlerData[] - -.LSEH_info_${func}_avx: - .byte 9,0,0,0 - .rva se_handler - .rva .Lprologue_avx,.Lepilogue_avx # HandlerData[] -___ -$code.=<<___ if ($avx>1); -.LSEH_info_${func}_avx2: - .byte 9,0,0,0 - .rva se_handler - .rva .Lprologue_avx2,.Lepilogue_avx2 # HandlerData[] -___ -$code.=<<___ if ($shaext); -.LSEH_info_${func}_shaext: - .byte 9,0,0,0 - .rva se_handler - .rva .Lprologue_shaext,.Lepilogue_shaext # HandlerData[] -___ -} - -#################################################################### -sub rex { - local *opcode=shift; - my ($dst,$src)=@_; - my $rex=0; - - $rex|=0x04 if($dst>=8); - $rex|=0x01 if($src>=8); - unshift @opcode,$rex|0x40 if($rex); -} - -{ - my %opcodelet = ( - "sha256rnds2" => 0xcb, - "sha256msg1" => 0xcc, - "sha256msg2" => 0xcd ); - - sub sha256op38 { - my $instr = shift; - - if (defined($opcodelet{$instr}) && @_[0] =~ /%xmm([0-9]+),\s*%xmm([0-9]+)/) { - my @opcode=(0x0f,0x38); - rex(\@opcode,$2,$1); - push @opcode,$opcodelet{$instr}; - push @opcode,0xc0|($1&7)|(($2&7)<<3); # ModR/M - return ".byte\t".join(',',@opcode); - } else { - return $instr."\t".@_[0]; - } - } -} - -$code =~ s/\`([^\`]*)\`/eval $1/gem; -$code =~ s/\b(sha256[^\s]*)\s+(.*)/sha256op38($1,$2)/gem; -print $code; -close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/aes/asm/aesni-x86.pl b/crypto/aes/asm/aesni-x86.pl deleted file mode 100644 index d8cc378b5f9b99d9f00f7d8fa2eb6f58d3d3e339..0000000000000000000000000000000000000000 --- a/crypto/aes/asm/aesni-x86.pl +++ /dev/null @@ -1,3413 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2009-2022 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - - -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# ==================================================================== -# -# This module implements support for Intel AES-NI extension. In -# OpenSSL context it's used with Intel engine, but can also be used as -# drop-in replacement for crypto/aes/asm/aes-586.pl [see below for -# details]. -# -# Performance. -# -# To start with see corresponding paragraph in aesni-x86_64.pl... -# Instead of filling table similar to one found there I've chosen to -# summarize *comparison* results for raw ECB, CTR and CBC benchmarks. -# The simplified table below represents 32-bit performance relative -# to 64-bit one in every given point. Ratios vary for different -# encryption modes, therefore interval values. -# -# 16-byte 64-byte 256-byte 1-KB 8-KB -# 53-67% 67-84% 91-94% 95-98% 97-99.5% -# -# Lower ratios for smaller block sizes are perfectly understandable, -# because function call overhead is higher in 32-bit mode. Largest -# 8-KB block performance is virtually same: 32-bit code is less than -# 1% slower for ECB, CBC and CCM, and ~3% slower otherwise. - -# January 2011 -# -# See aesni-x86_64.pl for details. Unlike x86_64 version this module -# interleaves at most 6 aes[enc|dec] instructions, because there are -# not enough registers for 8x interleave [which should be optimal for -# Sandy Bridge]. Actually, performance results for 6x interleave -# factor presented in aesni-x86_64.pl (except for CTR) are for this -# module. - -# April 2011 -# -# Add aesni_xts_[en|de]crypt. Westmere spends 1.50 cycles processing -# one byte out of 8KB with 128-bit key, Sandy Bridge - 1.09. - -# November 2015 -# -# Add aesni_ocb_[en|de]crypt. - -###################################################################### -# Current large-block performance in cycles per byte processed with -# 128-bit key (less is better). -# -# CBC en-/decrypt CTR XTS ECB OCB -# Westmere 3.77/1.37 1.37 1.52 1.27 -# * Bridge 5.07/0.98 0.99 1.09 0.91 1.10 -# Haswell 4.44/0.80 0.97 1.03 0.72 0.76 -# Skylake 2.68/0.65 0.65 0.66 0.64 0.66 -# Silvermont 5.77/3.56 3.67 4.03 3.46 4.03 -# Goldmont 3.84/1.39 1.39 1.63 1.31 1.70 -# Bulldozer 5.80/0.98 1.05 1.24 0.93 1.23 - -$PREFIX="aesni"; # if $PREFIX is set to "AES", the script - # generates drop-in replacement for - # crypto/aes/asm/aes-586.pl:-) -$inline=1; # inline _aesni_[en|de]crypt - -$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; -push(@INC,"${dir}","${dir}../../perlasm"); -require "x86asm.pl"; - -$output = pop and open STDOUT,">$output"; - -&asm_init($ARGV[0]); - -&external_label("OPENSSL_ia32cap_P"); -&static_label("key_const"); - -if ($PREFIX eq "aesni") { $movekey=\&movups; } -else { $movekey=\&movups; } - -$len="eax"; -$rounds="ecx"; -$key="edx"; -$inp="esi"; -$out="edi"; -$rounds_="ebx"; # backup copy for $rounds -$key_="ebp"; # backup copy for $key - -$rndkey0="xmm0"; -$rndkey1="xmm1"; -$inout0="xmm2"; -$inout1="xmm3"; -$inout2="xmm4"; -$inout3="xmm5"; $in1="xmm5"; -$inout4="xmm6"; $in0="xmm6"; -$inout5="xmm7"; $ivec="xmm7"; - -# AESNI extension -sub aeskeygenassist -{ my($dst,$src,$imm)=@_; - if ("$dst:$src" =~ /xmm([0-7]):xmm([0-7])/) - { &data_byte(0x66,0x0f,0x3a,0xdf,0xc0|($1<<3)|$2,$imm); } -} -sub aescommon -{ my($opcodelet,$dst,$src)=@_; - if ("$dst:$src" =~ /xmm([0-7]):xmm([0-7])/) - { &data_byte(0x66,0x0f,0x38,$opcodelet,0xc0|($1<<3)|$2);} -} -sub aesimc { aescommon(0xdb,@_); } -sub aesenc { aescommon(0xdc,@_); } -sub aesenclast { aescommon(0xdd,@_); } -sub aesdec { aescommon(0xde,@_); } -sub aesdeclast { aescommon(0xdf,@_); } - -# Inline version of internal aesni_[en|de]crypt1 -{ my $sn; -sub aesni_inline_generate1 -{ my ($p,$inout,$ivec)=@_; $inout=$inout0 if (!defined($inout)); - $sn++; - - &$movekey ($rndkey0,&QWP(0,$key)); - &$movekey ($rndkey1,&QWP(16,$key)); - &xorps ($ivec,$rndkey0) if (defined($ivec)); - &lea ($key,&DWP(32,$key)); - &xorps ($inout,$ivec) if (defined($ivec)); - &xorps ($inout,$rndkey0) if (!defined($ivec)); - &set_label("${p}1_loop_$sn"); - eval"&aes${p} ($inout,$rndkey1)"; - &dec ($rounds); - &$movekey ($rndkey1,&QWP(0,$key)); - &lea ($key,&DWP(16,$key)); - &jnz (&label("${p}1_loop_$sn")); - eval"&aes${p}last ($inout,$rndkey1)"; -}} - -sub aesni_generate1 # fully unrolled loop -{ my ($p,$inout)=@_; $inout=$inout0 if (!defined($inout)); - - &function_begin_B("_aesni_${p}rypt1"); - &movups ($rndkey0,&QWP(0,$key)); - &$movekey ($rndkey1,&QWP(0x10,$key)); - &xorps ($inout,$rndkey0); - &$movekey ($rndkey0,&QWP(0x20,$key)); - &lea ($key,&DWP(0x30,$key)); - &cmp ($rounds,11); - &jb (&label("${p}128")); - &lea ($key,&DWP(0x20,$key)); - &je (&label("${p}192")); - &lea ($key,&DWP(0x20,$key)); - eval"&aes${p} ($inout,$rndkey1)"; - &$movekey ($rndkey1,&QWP(-0x40,$key)); - eval"&aes${p} ($inout,$rndkey0)"; - &$movekey ($rndkey0,&QWP(-0x30,$key)); - &set_label("${p}192"); - eval"&aes${p} ($inout,$rndkey1)"; - &$movekey ($rndkey1,&QWP(-0x20,$key)); - eval"&aes${p} ($inout,$rndkey0)"; - &$movekey ($rndkey0,&QWP(-0x10,$key)); - &set_label("${p}128"); - eval"&aes${p} ($inout,$rndkey1)"; - &$movekey ($rndkey1,&QWP(0,$key)); - eval"&aes${p} ($inout,$rndkey0)"; - &$movekey ($rndkey0,&QWP(0x10,$key)); - eval"&aes${p} ($inout,$rndkey1)"; - &$movekey ($rndkey1,&QWP(0x20,$key)); - eval"&aes${p} ($inout,$rndkey0)"; - &$movekey ($rndkey0,&QWP(0x30,$key)); - eval"&aes${p} ($inout,$rndkey1)"; - &$movekey ($rndkey1,&QWP(0x40,$key)); - eval"&aes${p} ($inout,$rndkey0)"; - &$movekey ($rndkey0,&QWP(0x50,$key)); - eval"&aes${p} ($inout,$rndkey1)"; - &$movekey ($rndkey1,&QWP(0x60,$key)); - eval"&aes${p} ($inout,$rndkey0)"; - &$movekey ($rndkey0,&QWP(0x70,$key)); - eval"&aes${p} ($inout,$rndkey1)"; - eval"&aes${p}last ($inout,$rndkey0)"; - &ret(); - &function_end_B("_aesni_${p}rypt1"); -} - -# void $PREFIX_encrypt (const void *inp,void *out,const AES_KEY *key); -&aesni_generate1("enc") if (!$inline); -&function_begin_B("${PREFIX}_encrypt"); - &mov ("eax",&wparam(0)); - &mov ($key,&wparam(2)); - &movups ($inout0,&QWP(0,"eax")); - &mov ($rounds,&DWP(240,$key)); - &mov ("eax",&wparam(1)); - if ($inline) - { &aesni_inline_generate1("enc"); } - else - { &call ("_aesni_encrypt1"); } - &pxor ($rndkey0,$rndkey0); # clear register bank - &pxor ($rndkey1,$rndkey1); - &movups (&QWP(0,"eax"),$inout0); - &pxor ($inout0,$inout0); - &ret (); -&function_end_B("${PREFIX}_encrypt"); - -# void $PREFIX_decrypt (const void *inp,void *out,const AES_KEY *key); -&aesni_generate1("dec") if(!$inline); -&function_begin_B("${PREFIX}_decrypt"); - &mov ("eax",&wparam(0)); - &mov ($key,&wparam(2)); - &movups ($inout0,&QWP(0,"eax")); - &mov ($rounds,&DWP(240,$key)); - &mov ("eax",&wparam(1)); - if ($inline) - { &aesni_inline_generate1("dec"); } - else - { &call ("_aesni_decrypt1"); } - &pxor ($rndkey0,$rndkey0); # clear register bank - &pxor ($rndkey1,$rndkey1); - &movups (&QWP(0,"eax"),$inout0); - &pxor ($inout0,$inout0); - &ret (); -&function_end_B("${PREFIX}_decrypt"); - -# _aesni_[en|de]cryptN are private interfaces, N denotes interleave -# factor. Why 3x subroutine were originally used in loops? Even though -# aes[enc|dec] latency was originally 6, it could be scheduled only -# every *2nd* cycle. Thus 3x interleave was the one providing optimal -# utilization, i.e. when subroutine's throughput is virtually same as -# of non-interleaved subroutine [for number of input blocks up to 3]. -# This is why it originally made no sense to implement 2x subroutine. -# But times change and it became appropriate to spend extra 192 bytes -# on 2x subroutine on Atom Silvermont account. For processors that -# can schedule aes[enc|dec] every cycle optimal interleave factor -# equals to corresponding instructions latency. 8x is optimal for -# * Bridge, but it's unfeasible to accommodate such implementation -# in XMM registers addressable in 32-bit mode and therefore maximum -# of 6x is used instead... - -sub aesni_generate2 -{ my $p=shift; - - &function_begin_B("_aesni_${p}rypt2"); - &$movekey ($rndkey0,&QWP(0,$key)); - &shl ($rounds,4); - &$movekey ($rndkey1,&QWP(16,$key)); - &xorps ($inout0,$rndkey0); - &pxor ($inout1,$rndkey0); - &$movekey ($rndkey0,&QWP(32,$key)); - &lea ($key,&DWP(32,$key,$rounds)); - &neg ($rounds); - &add ($rounds,16); - - &set_label("${p}2_loop"); - eval"&aes${p} ($inout0,$rndkey1)"; - eval"&aes${p} ($inout1,$rndkey1)"; - &$movekey ($rndkey1,&QWP(0,$key,$rounds)); - &add ($rounds,32); - eval"&aes${p} ($inout0,$rndkey0)"; - eval"&aes${p} ($inout1,$rndkey0)"; - &$movekey ($rndkey0,&QWP(-16,$key,$rounds)); - &jnz (&label("${p}2_loop")); - eval"&aes${p} ($inout0,$rndkey1)"; - eval"&aes${p} ($inout1,$rndkey1)"; - eval"&aes${p}last ($inout0,$rndkey0)"; - eval"&aes${p}last ($inout1,$rndkey0)"; - &ret(); - &function_end_B("_aesni_${p}rypt2"); -} - -sub aesni_generate3 -{ my $p=shift; - - &function_begin_B("_aesni_${p}rypt3"); - &$movekey ($rndkey0,&QWP(0,$key)); - &shl ($rounds,4); - &$movekey ($rndkey1,&QWP(16,$key)); - &xorps ($inout0,$rndkey0); - &pxor ($inout1,$rndkey0); - &pxor ($inout2,$rndkey0); - &$movekey ($rndkey0,&QWP(32,$key)); - &lea ($key,&DWP(32,$key,$rounds)); - &neg ($rounds); - &add ($rounds,16); - - &set_label("${p}3_loop"); - eval"&aes${p} ($inout0,$rndkey1)"; - eval"&aes${p} ($inout1,$rndkey1)"; - eval"&aes${p} ($inout2,$rndkey1)"; - &$movekey ($rndkey1,&QWP(0,$key,$rounds)); - &add ($rounds,32); - eval"&aes${p} ($inout0,$rndkey0)"; - eval"&aes${p} ($inout1,$rndkey0)"; - eval"&aes${p} ($inout2,$rndkey0)"; - &$movekey ($rndkey0,&QWP(-16,$key,$rounds)); - &jnz (&label("${p}3_loop")); - eval"&aes${p} ($inout0,$rndkey1)"; - eval"&aes${p} ($inout1,$rndkey1)"; - eval"&aes${p} ($inout2,$rndkey1)"; - eval"&aes${p}last ($inout0,$rndkey0)"; - eval"&aes${p}last ($inout1,$rndkey0)"; - eval"&aes${p}last ($inout2,$rndkey0)"; - &ret(); - &function_end_B("_aesni_${p}rypt3"); -} - -# 4x interleave is implemented to improve small block performance, -# most notably [and naturally] 4 block by ~30%. One can argue that one -# should have implemented 5x as well, but improvement would be <20%, -# so it's not worth it... -sub aesni_generate4 -{ my $p=shift; - - &function_begin_B("_aesni_${p}rypt4"); - &$movekey ($rndkey0,&QWP(0,$key)); - &$movekey ($rndkey1,&QWP(16,$key)); - &shl ($rounds,4); - &xorps ($inout0,$rndkey0); - &pxor ($inout1,$rndkey0); - &pxor ($inout2,$rndkey0); - &pxor ($inout3,$rndkey0); - &$movekey ($rndkey0,&QWP(32,$key)); - &lea ($key,&DWP(32,$key,$rounds)); - &neg ($rounds); - &data_byte (0x0f,0x1f,0x40,0x00); - &add ($rounds,16); - - &set_label("${p}4_loop"); - eval"&aes${p} ($inout0,$rndkey1)"; - eval"&aes${p} ($inout1,$rndkey1)"; - eval"&aes${p} ($inout2,$rndkey1)"; - eval"&aes${p} ($inout3,$rndkey1)"; - &$movekey ($rndkey1,&QWP(0,$key,$rounds)); - &add ($rounds,32); - eval"&aes${p} ($inout0,$rndkey0)"; - eval"&aes${p} ($inout1,$rndkey0)"; - eval"&aes${p} ($inout2,$rndkey0)"; - eval"&aes${p} ($inout3,$rndkey0)"; - &$movekey ($rndkey0,&QWP(-16,$key,$rounds)); - &jnz (&label("${p}4_loop")); - - eval"&aes${p} ($inout0,$rndkey1)"; - eval"&aes${p} ($inout1,$rndkey1)"; - eval"&aes${p} ($inout2,$rndkey1)"; - eval"&aes${p} ($inout3,$rndkey1)"; - eval"&aes${p}last ($inout0,$rndkey0)"; - eval"&aes${p}last ($inout1,$rndkey0)"; - eval"&aes${p}last ($inout2,$rndkey0)"; - eval"&aes${p}last ($inout3,$rndkey0)"; - &ret(); - &function_end_B("_aesni_${p}rypt4"); -} - -sub aesni_generate6 -{ my $p=shift; - - &function_begin_B("_aesni_${p}rypt6"); - &static_label("_aesni_${p}rypt6_enter"); - &$movekey ($rndkey0,&QWP(0,$key)); - &shl ($rounds,4); - &$movekey ($rndkey1,&QWP(16,$key)); - &xorps ($inout0,$rndkey0); - &pxor ($inout1,$rndkey0); # pxor does better here - &pxor ($inout2,$rndkey0); - eval"&aes${p} ($inout0,$rndkey1)"; - &pxor ($inout3,$rndkey0); - &pxor ($inout4,$rndkey0); - eval"&aes${p} ($inout1,$rndkey1)"; - &lea ($key,&DWP(32,$key,$rounds)); - &neg ($rounds); - eval"&aes${p} ($inout2,$rndkey1)"; - &pxor ($inout5,$rndkey0); - &$movekey ($rndkey0,&QWP(0,$key,$rounds)); - &add ($rounds,16); - &jmp (&label("_aesni_${p}rypt6_inner")); - - &set_label("${p}6_loop",16); - eval"&aes${p} ($inout0,$rndkey1)"; - eval"&aes${p} ($inout1,$rndkey1)"; - eval"&aes${p} ($inout2,$rndkey1)"; - &set_label("_aesni_${p}rypt6_inner"); - eval"&aes${p} ($inout3,$rndkey1)"; - eval"&aes${p} ($inout4,$rndkey1)"; - eval"&aes${p} ($inout5,$rndkey1)"; - &set_label("_aesni_${p}rypt6_enter"); - &$movekey ($rndkey1,&QWP(0,$key,$rounds)); - &add ($rounds,32); - eval"&aes${p} ($inout0,$rndkey0)"; - eval"&aes${p} ($inout1,$rndkey0)"; - eval"&aes${p} ($inout2,$rndkey0)"; - eval"&aes${p} ($inout3,$rndkey0)"; - eval"&aes${p} ($inout4,$rndkey0)"; - eval"&aes${p} ($inout5,$rndkey0)"; - &$movekey ($rndkey0,&QWP(-16,$key,$rounds)); - &jnz (&label("${p}6_loop")); - - eval"&aes${p} ($inout0,$rndkey1)"; - eval"&aes${p} ($inout1,$rndkey1)"; - eval"&aes${p} ($inout2,$rndkey1)"; - eval"&aes${p} ($inout3,$rndkey1)"; - eval"&aes${p} ($inout4,$rndkey1)"; - eval"&aes${p} ($inout5,$rndkey1)"; - eval"&aes${p}last ($inout0,$rndkey0)"; - eval"&aes${p}last ($inout1,$rndkey0)"; - eval"&aes${p}last ($inout2,$rndkey0)"; - eval"&aes${p}last ($inout3,$rndkey0)"; - eval"&aes${p}last ($inout4,$rndkey0)"; - eval"&aes${p}last ($inout5,$rndkey0)"; - &ret(); - &function_end_B("_aesni_${p}rypt6"); -} -&aesni_generate2("enc") if ($PREFIX eq "aesni"); -&aesni_generate2("dec"); -&aesni_generate3("enc") if ($PREFIX eq "aesni"); -&aesni_generate3("dec"); -&aesni_generate4("enc") if ($PREFIX eq "aesni"); -&aesni_generate4("dec"); -&aesni_generate6("enc") if ($PREFIX eq "aesni"); -&aesni_generate6("dec"); - -if ($PREFIX eq "aesni") { -###################################################################### -# void aesni_ecb_encrypt (const void *in, void *out, -# size_t length, const AES_KEY *key, -# int enc); -&function_begin("aesni_ecb_encrypt"); - &mov ($inp,&wparam(0)); - &mov ($out,&wparam(1)); - &mov ($len,&wparam(2)); - &mov ($key,&wparam(3)); - &mov ($rounds_,&wparam(4)); - &and ($len,-16); - &jz (&label("ecb_ret")); - &mov ($rounds,&DWP(240,$key)); - &test ($rounds_,$rounds_); - &jz (&label("ecb_decrypt")); - - &mov ($key_,$key); # backup $key - &mov ($rounds_,$rounds); # backup $rounds - &cmp ($len,0x60); - &jb (&label("ecb_enc_tail")); - - &movdqu ($inout0,&QWP(0,$inp)); - &movdqu ($inout1,&QWP(0x10,$inp)); - &movdqu ($inout2,&QWP(0x20,$inp)); - &movdqu ($inout3,&QWP(0x30,$inp)); - &movdqu ($inout4,&QWP(0x40,$inp)); - &movdqu ($inout5,&QWP(0x50,$inp)); - &lea ($inp,&DWP(0x60,$inp)); - &sub ($len,0x60); - &jmp (&label("ecb_enc_loop6_enter")); - -&set_label("ecb_enc_loop6",16); - &movups (&QWP(0,$out),$inout0); - &movdqu ($inout0,&QWP(0,$inp)); - &movups (&QWP(0x10,$out),$inout1); - &movdqu ($inout1,&QWP(0x10,$inp)); - &movups (&QWP(0x20,$out),$inout2); - &movdqu ($inout2,&QWP(0x20,$inp)); - &movups (&QWP(0x30,$out),$inout3); - &movdqu ($inout3,&QWP(0x30,$inp)); - &movups (&QWP(0x40,$out),$inout4); - &movdqu ($inout4,&QWP(0x40,$inp)); - &movups (&QWP(0x50,$out),$inout5); - &lea ($out,&DWP(0x60,$out)); - &movdqu ($inout5,&QWP(0x50,$inp)); - &lea ($inp,&DWP(0x60,$inp)); -&set_label("ecb_enc_loop6_enter"); - - &call ("_aesni_encrypt6"); - - &mov ($key,$key_); # restore $key - &mov ($rounds,$rounds_); # restore $rounds - &sub ($len,0x60); - &jnc (&label("ecb_enc_loop6")); - - &movups (&QWP(0,$out),$inout0); - &movups (&QWP(0x10,$out),$inout1); - &movups (&QWP(0x20,$out),$inout2); - &movups (&QWP(0x30,$out),$inout3); - &movups (&QWP(0x40,$out),$inout4); - &movups (&QWP(0x50,$out),$inout5); - &lea ($out,&DWP(0x60,$out)); - &add ($len,0x60); - &jz (&label("ecb_ret")); - -&set_label("ecb_enc_tail"); - &movups ($inout0,&QWP(0,$inp)); - &cmp ($len,0x20); - &jb (&label("ecb_enc_one")); - &movups ($inout1,&QWP(0x10,$inp)); - &je (&label("ecb_enc_two")); - &movups ($inout2,&QWP(0x20,$inp)); - &cmp ($len,0x40); - &jb (&label("ecb_enc_three")); - &movups ($inout3,&QWP(0x30,$inp)); - &je (&label("ecb_enc_four")); - &movups ($inout4,&QWP(0x40,$inp)); - &xorps ($inout5,$inout5); - &call ("_aesni_encrypt6"); - &movups (&QWP(0,$out),$inout0); - &movups (&QWP(0x10,$out),$inout1); - &movups (&QWP(0x20,$out),$inout2); - &movups (&QWP(0x30,$out),$inout3); - &movups (&QWP(0x40,$out),$inout4); - jmp (&label("ecb_ret")); - -&set_label("ecb_enc_one",16); - if ($inline) - { &aesni_inline_generate1("enc"); } - else - { &call ("_aesni_encrypt1"); } - &movups (&QWP(0,$out),$inout0); - &jmp (&label("ecb_ret")); - -&set_label("ecb_enc_two",16); - &call ("_aesni_encrypt2"); - &movups (&QWP(0,$out),$inout0); - &movups (&QWP(0x10,$out),$inout1); - &jmp (&label("ecb_ret")); - -&set_label("ecb_enc_three",16); - &call ("_aesni_encrypt3"); - &movups (&QWP(0,$out),$inout0); - &movups (&QWP(0x10,$out),$inout1); - &movups (&QWP(0x20,$out),$inout2); - &jmp (&label("ecb_ret")); - -&set_label("ecb_enc_four",16); - &call ("_aesni_encrypt4"); - &movups (&QWP(0,$out),$inout0); - &movups (&QWP(0x10,$out),$inout1); - &movups (&QWP(0x20,$out),$inout2); - &movups (&QWP(0x30,$out),$inout3); - &jmp (&label("ecb_ret")); -###################################################################### -&set_label("ecb_decrypt",16); - &mov ($key_,$key); # backup $key - &mov ($rounds_,$rounds); # backup $rounds - &cmp ($len,0x60); - &jb (&label("ecb_dec_tail")); - - &movdqu ($inout0,&QWP(0,$inp)); - &movdqu ($inout1,&QWP(0x10,$inp)); - &movdqu ($inout2,&QWP(0x20,$inp)); - &movdqu ($inout3,&QWP(0x30,$inp)); - &movdqu ($inout4,&QWP(0x40,$inp)); - &movdqu ($inout5,&QWP(0x50,$inp)); - &lea ($inp,&DWP(0x60,$inp)); - &sub ($len,0x60); - &jmp (&label("ecb_dec_loop6_enter")); - -&set_label("ecb_dec_loop6",16); - &movups (&QWP(0,$out),$inout0); - &movdqu ($inout0,&QWP(0,$inp)); - &movups (&QWP(0x10,$out),$inout1); - &movdqu ($inout1,&QWP(0x10,$inp)); - &movups (&QWP(0x20,$out),$inout2); - &movdqu ($inout2,&QWP(0x20,$inp)); - &movups (&QWP(0x30,$out),$inout3); - &movdqu ($inout3,&QWP(0x30,$inp)); - &movups (&QWP(0x40,$out),$inout4); - &movdqu ($inout4,&QWP(0x40,$inp)); - &movups (&QWP(0x50,$out),$inout5); - &lea ($out,&DWP(0x60,$out)); - &movdqu ($inout5,&QWP(0x50,$inp)); - &lea ($inp,&DWP(0x60,$inp)); -&set_label("ecb_dec_loop6_enter"); - - &call ("_aesni_decrypt6"); - - &mov ($key,$key_); # restore $key - &mov ($rounds,$rounds_); # restore $rounds - &sub ($len,0x60); - &jnc (&label("ecb_dec_loop6")); - - &movups (&QWP(0,$out),$inout0); - &movups (&QWP(0x10,$out),$inout1); - &movups (&QWP(0x20,$out),$inout2); - &movups (&QWP(0x30,$out),$inout3); - &movups (&QWP(0x40,$out),$inout4); - &movups (&QWP(0x50,$out),$inout5); - &lea ($out,&DWP(0x60,$out)); - &add ($len,0x60); - &jz (&label("ecb_ret")); - -&set_label("ecb_dec_tail"); - &movups ($inout0,&QWP(0,$inp)); - &cmp ($len,0x20); - &jb (&label("ecb_dec_one")); - &movups ($inout1,&QWP(0x10,$inp)); - &je (&label("ecb_dec_two")); - &movups ($inout2,&QWP(0x20,$inp)); - &cmp ($len,0x40); - &jb (&label("ecb_dec_three")); - &movups ($inout3,&QWP(0x30,$inp)); - &je (&label("ecb_dec_four")); - &movups ($inout4,&QWP(0x40,$inp)); - &xorps ($inout5,$inout5); - &call ("_aesni_decrypt6"); - &movups (&QWP(0,$out),$inout0); - &movups (&QWP(0x10,$out),$inout1); - &movups (&QWP(0x20,$out),$inout2); - &movups (&QWP(0x30,$out),$inout3); - &movups (&QWP(0x40,$out),$inout4); - &jmp (&label("ecb_ret")); - -&set_label("ecb_dec_one",16); - if ($inline) - { &aesni_inline_generate1("dec"); } - else - { &call ("_aesni_decrypt1"); } - &movups (&QWP(0,$out),$inout0); - &jmp (&label("ecb_ret")); - -&set_label("ecb_dec_two",16); - &call ("_aesni_decrypt2"); - &movups (&QWP(0,$out),$inout0); - &movups (&QWP(0x10,$out),$inout1); - &jmp (&label("ecb_ret")); - -&set_label("ecb_dec_three",16); - &call ("_aesni_decrypt3"); - &movups (&QWP(0,$out),$inout0); - &movups (&QWP(0x10,$out),$inout1); - &movups (&QWP(0x20,$out),$inout2); - &jmp (&label("ecb_ret")); - -&set_label("ecb_dec_four",16); - &call ("_aesni_decrypt4"); - &movups (&QWP(0,$out),$inout0); - &movups (&QWP(0x10,$out),$inout1); - &movups (&QWP(0x20,$out),$inout2); - &movups (&QWP(0x30,$out),$inout3); - -&set_label("ecb_ret"); - &pxor ("xmm0","xmm0"); # clear register bank - &pxor ("xmm1","xmm1"); - &pxor ("xmm2","xmm2"); - &pxor ("xmm3","xmm3"); - &pxor ("xmm4","xmm4"); - &pxor ("xmm5","xmm5"); - &pxor ("xmm6","xmm6"); - &pxor ("xmm7","xmm7"); -&function_end("aesni_ecb_encrypt"); - -###################################################################### -# void aesni_ccm64_[en|de]crypt_blocks (const void *in, void *out, -# size_t blocks, const AES_KEY *key, -# const char *ivec,char *cmac); -# -# Handles only complete blocks, operates on 64-bit counter and -# does not update *ivec! Nor does it finalize CMAC value -# (see engine/eng_aesni.c for details) -# -{ my $cmac=$inout1; -&function_begin("aesni_ccm64_encrypt_blocks"); - &mov ($inp,&wparam(0)); - &mov ($out,&wparam(1)); - &mov ($len,&wparam(2)); - &mov ($key,&wparam(3)); - &mov ($rounds_,&wparam(4)); - &mov ($rounds,&wparam(5)); - &mov ($key_,"esp"); - &sub ("esp",60); - &and ("esp",-16); # align stack - &mov (&DWP(48,"esp"),$key_); - - &movdqu ($ivec,&QWP(0,$rounds_)); # load ivec - &movdqu ($cmac,&QWP(0,$rounds)); # load cmac - &mov ($rounds,&DWP(240,$key)); - - # compose byte-swap control mask for pshufb on stack - &mov (&DWP(0,"esp"),0x0c0d0e0f); - &mov (&DWP(4,"esp"),0x08090a0b); - &mov (&DWP(8,"esp"),0x04050607); - &mov (&DWP(12,"esp"),0x00010203); - - # compose counter increment vector on stack - &mov ($rounds_,1); - &xor ($key_,$key_); - &mov (&DWP(16,"esp"),$rounds_); - &mov (&DWP(20,"esp"),$key_); - &mov (&DWP(24,"esp"),$key_); - &mov (&DWP(28,"esp"),$key_); - - &shl ($rounds,4); - &mov ($rounds_,16); - &lea ($key_,&DWP(0,$key)); - &movdqa ($inout3,&QWP(0,"esp")); - &movdqa ($inout0,$ivec); - &lea ($key,&DWP(32,$key,$rounds)); - &sub ($rounds_,$rounds); - &pshufb ($ivec,$inout3); - -&set_label("ccm64_enc_outer"); - &$movekey ($rndkey0,&QWP(0,$key_)); - &mov ($rounds,$rounds_); - &movups ($in0,&QWP(0,$inp)); - - &xorps ($inout0,$rndkey0); - &$movekey ($rndkey1,&QWP(16,$key_)); - &xorps ($rndkey0,$in0); - &xorps ($cmac,$rndkey0); # cmac^=inp - &$movekey ($rndkey0,&QWP(32,$key_)); - -&set_label("ccm64_enc2_loop"); - &aesenc ($inout0,$rndkey1); - &aesenc ($cmac,$rndkey1); - &$movekey ($rndkey1,&QWP(0,$key,$rounds)); - &add ($rounds,32); - &aesenc ($inout0,$rndkey0); - &aesenc ($cmac,$rndkey0); - &$movekey ($rndkey0,&QWP(-16,$key,$rounds)); - &jnz (&label("ccm64_enc2_loop")); - &aesenc ($inout0,$rndkey1); - &aesenc ($cmac,$rndkey1); - &paddq ($ivec,&QWP(16,"esp")); - &dec ($len); - &aesenclast ($inout0,$rndkey0); - &aesenclast ($cmac,$rndkey0); - - &lea ($inp,&DWP(16,$inp)); - &xorps ($in0,$inout0); # inp^=E(ivec) - &movdqa ($inout0,$ivec); - &movups (&QWP(0,$out),$in0); # save output - &pshufb ($inout0,$inout3); - &lea ($out,&DWP(16,$out)); - &jnz (&label("ccm64_enc_outer")); - - &mov ("esp",&DWP(48,"esp")); - &mov ($out,&wparam(5)); - &movups (&QWP(0,$out),$cmac); - - &pxor ("xmm0","xmm0"); # clear register bank - &pxor ("xmm1","xmm1"); - &pxor ("xmm2","xmm2"); - &pxor ("xmm3","xmm3"); - &pxor ("xmm4","xmm4"); - &pxor ("xmm5","xmm5"); - &pxor ("xmm6","xmm6"); - &pxor ("xmm7","xmm7"); -&function_end("aesni_ccm64_encrypt_blocks"); - -&function_begin("aesni_ccm64_decrypt_blocks"); - &mov ($inp,&wparam(0)); - &mov ($out,&wparam(1)); - &mov ($len,&wparam(2)); - &mov ($key,&wparam(3)); - &mov ($rounds_,&wparam(4)); - &mov ($rounds,&wparam(5)); - &mov ($key_,"esp"); - &sub ("esp",60); - &and ("esp",-16); # align stack - &mov (&DWP(48,"esp"),$key_); - - &movdqu ($ivec,&QWP(0,$rounds_)); # load ivec - &movdqu ($cmac,&QWP(0,$rounds)); # load cmac - &mov ($rounds,&DWP(240,$key)); - - # compose byte-swap control mask for pshufb on stack - &mov (&DWP(0,"esp"),0x0c0d0e0f); - &mov (&DWP(4,"esp"),0x08090a0b); - &mov (&DWP(8,"esp"),0x04050607); - &mov (&DWP(12,"esp"),0x00010203); - - # compose counter increment vector on stack - &mov ($rounds_,1); - &xor ($key_,$key_); - &mov (&DWP(16,"esp"),$rounds_); - &mov (&DWP(20,"esp"),$key_); - &mov (&DWP(24,"esp"),$key_); - &mov (&DWP(28,"esp"),$key_); - - &movdqa ($inout3,&QWP(0,"esp")); # bswap mask - &movdqa ($inout0,$ivec); - - &mov ($key_,$key); - &mov ($rounds_,$rounds); - - &pshufb ($ivec,$inout3); - if ($inline) - { &aesni_inline_generate1("enc"); } - else - { &call ("_aesni_encrypt1"); } - &shl ($rounds_,4); - &mov ($rounds,16); - &movups ($in0,&QWP(0,$inp)); # load inp - &paddq ($ivec,&QWP(16,"esp")); - &lea ($inp,&QWP(16,$inp)); - &sub ($rounds,$rounds_); - &lea ($key,&DWP(32,$key_,$rounds_)); - &mov ($rounds_,$rounds); - &jmp (&label("ccm64_dec_outer")); - -&set_label("ccm64_dec_outer",16); - &xorps ($in0,$inout0); # inp ^= E(ivec) - &movdqa ($inout0,$ivec); - &movups (&QWP(0,$out),$in0); # save output - &lea ($out,&DWP(16,$out)); - &pshufb ($inout0,$inout3); - - &sub ($len,1); - &jz (&label("ccm64_dec_break")); - - &$movekey ($rndkey0,&QWP(0,$key_)); - &mov ($rounds,$rounds_); - &$movekey ($rndkey1,&QWP(16,$key_)); - &xorps ($in0,$rndkey0); - &xorps ($inout0,$rndkey0); - &xorps ($cmac,$in0); # cmac^=out - &$movekey ($rndkey0,&QWP(32,$key_)); - -&set_label("ccm64_dec2_loop"); - &aesenc ($inout0,$rndkey1); - &aesenc ($cmac,$rndkey1); - &$movekey ($rndkey1,&QWP(0,$key,$rounds)); - &add ($rounds,32); - &aesenc ($inout0,$rndkey0); - &aesenc ($cmac,$rndkey0); - &$movekey ($rndkey0,&QWP(-16,$key,$rounds)); - &jnz (&label("ccm64_dec2_loop")); - &movups ($in0,&QWP(0,$inp)); # load inp - &paddq ($ivec,&QWP(16,"esp")); - &aesenc ($inout0,$rndkey1); - &aesenc ($cmac,$rndkey1); - &aesenclast ($inout0,$rndkey0); - &aesenclast ($cmac,$rndkey0); - &lea ($inp,&QWP(16,$inp)); - &jmp (&label("ccm64_dec_outer")); - -&set_label("ccm64_dec_break",16); - &mov ($rounds,&DWP(240,$key_)); - &mov ($key,$key_); - if ($inline) - { &aesni_inline_generate1("enc",$cmac,$in0); } - else - { &call ("_aesni_encrypt1",$cmac); } - - &mov ("esp",&DWP(48,"esp")); - &mov ($out,&wparam(5)); - &movups (&QWP(0,$out),$cmac); - - &pxor ("xmm0","xmm0"); # clear register bank - &pxor ("xmm1","xmm1"); - &pxor ("xmm2","xmm2"); - &pxor ("xmm3","xmm3"); - &pxor ("xmm4","xmm4"); - &pxor ("xmm5","xmm5"); - &pxor ("xmm6","xmm6"); - &pxor ("xmm7","xmm7"); -&function_end("aesni_ccm64_decrypt_blocks"); -} - -###################################################################### -# void aesni_ctr32_encrypt_blocks (const void *in, void *out, -# size_t blocks, const AES_KEY *key, -# const char *ivec); -# -# Handles only complete blocks, operates on 32-bit counter and -# does not update *ivec! (see crypto/modes/ctr128.c for details) -# -# stack layout: -# 0 pshufb mask -# 16 vector addend: 0,6,6,6 -# 32 counter-less ivec -# 48 1st triplet of counter vector -# 64 2nd triplet of counter vector -# 80 saved %esp - -&function_begin("aesni_ctr32_encrypt_blocks"); - &mov ($inp,&wparam(0)); - &mov ($out,&wparam(1)); - &mov ($len,&wparam(2)); - &mov ($key,&wparam(3)); - &mov ($rounds_,&wparam(4)); - &mov ($key_,"esp"); - &sub ("esp",88); - &and ("esp",-16); # align stack - &mov (&DWP(80,"esp"),$key_); - - &cmp ($len,1); - &je (&label("ctr32_one_shortcut")); - - &movdqu ($inout5,&QWP(0,$rounds_)); # load ivec - - # compose byte-swap control mask for pshufb on stack - &mov (&DWP(0,"esp"),0x0c0d0e0f); - &mov (&DWP(4,"esp"),0x08090a0b); - &mov (&DWP(8,"esp"),0x04050607); - &mov (&DWP(12,"esp"),0x00010203); - - # compose counter increment vector on stack - &mov ($rounds,6); - &xor ($key_,$key_); - &mov (&DWP(16,"esp"),$rounds); - &mov (&DWP(20,"esp"),$rounds); - &mov (&DWP(24,"esp"),$rounds); - &mov (&DWP(28,"esp"),$key_); - - &pextrd ($rounds_,$inout5,3); # pull 32-bit counter - &pinsrd ($inout5,$key_,3); # wipe 32-bit counter - - &mov ($rounds,&DWP(240,$key)); # key->rounds - - # compose 2 vectors of 3x32-bit counters - &bswap ($rounds_); - &pxor ($rndkey0,$rndkey0); - &pxor ($rndkey1,$rndkey1); - &movdqa ($inout0,&QWP(0,"esp")); # load byte-swap mask - &pinsrd ($rndkey0,$rounds_,0); - &lea ($key_,&DWP(3,$rounds_)); - &pinsrd ($rndkey1,$key_,0); - &inc ($rounds_); - &pinsrd ($rndkey0,$rounds_,1); - &inc ($key_); - &pinsrd ($rndkey1,$key_,1); - &inc ($rounds_); - &pinsrd ($rndkey0,$rounds_,2); - &inc ($key_); - &pinsrd ($rndkey1,$key_,2); - &movdqa (&QWP(48,"esp"),$rndkey0); # save 1st triplet - &pshufb ($rndkey0,$inout0); # byte swap - &movdqu ($inout4,&QWP(0,$key)); # key[0] - &movdqa (&QWP(64,"esp"),$rndkey1); # save 2nd triplet - &pshufb ($rndkey1,$inout0); # byte swap - - &pshufd ($inout0,$rndkey0,3<<6); # place counter to upper dword - &pshufd ($inout1,$rndkey0,2<<6); - &cmp ($len,6); - &jb (&label("ctr32_tail")); - &pxor ($inout5,$inout4); # counter-less ivec^key[0] - &shl ($rounds,4); - &mov ($rounds_,16); - &movdqa (&QWP(32,"esp"),$inout5); # save counter-less ivec^key[0] - &mov ($key_,$key); # backup $key - &sub ($rounds_,$rounds); # backup twisted $rounds - &lea ($key,&DWP(32,$key,$rounds)); - &sub ($len,6); - &jmp (&label("ctr32_loop6")); - -&set_label("ctr32_loop6",16); - # inlining _aesni_encrypt6's prologue gives ~6% improvement... - &pshufd ($inout2,$rndkey0,1<<6); - &movdqa ($rndkey0,&QWP(32,"esp")); # pull counter-less ivec - &pshufd ($inout3,$rndkey1,3<<6); - &pxor ($inout0,$rndkey0); # merge counter-less ivec - &pshufd ($inout4,$rndkey1,2<<6); - &pxor ($inout1,$rndkey0); - &pshufd ($inout5,$rndkey1,1<<6); - &$movekey ($rndkey1,&QWP(16,$key_)); - &pxor ($inout2,$rndkey0); - &pxor ($inout3,$rndkey0); - &aesenc ($inout0,$rndkey1); - &pxor ($inout4,$rndkey0); - &pxor ($inout5,$rndkey0); - &aesenc ($inout1,$rndkey1); - &$movekey ($rndkey0,&QWP(32,$key_)); - &mov ($rounds,$rounds_); - &aesenc ($inout2,$rndkey1); - &aesenc ($inout3,$rndkey1); - &aesenc ($inout4,$rndkey1); - &aesenc ($inout5,$rndkey1); - - &call (&label("_aesni_encrypt6_enter")); - - &movups ($rndkey1,&QWP(0,$inp)); - &movups ($rndkey0,&QWP(0x10,$inp)); - &xorps ($inout0,$rndkey1); - &movups ($rndkey1,&QWP(0x20,$inp)); - &xorps ($inout1,$rndkey0); - &movups (&QWP(0,$out),$inout0); - &movdqa ($rndkey0,&QWP(16,"esp")); # load increment - &xorps ($inout2,$rndkey1); - &movdqa ($rndkey1,&QWP(64,"esp")); # load 2nd triplet - &movups (&QWP(0x10,$out),$inout1); - &movups (&QWP(0x20,$out),$inout2); - - &paddd ($rndkey1,$rndkey0); # 2nd triplet increment - &paddd ($rndkey0,&QWP(48,"esp")); # 1st triplet increment - &movdqa ($inout0,&QWP(0,"esp")); # load byte swap mask - - &movups ($inout1,&QWP(0x30,$inp)); - &movups ($inout2,&QWP(0x40,$inp)); - &xorps ($inout3,$inout1); - &movups ($inout1,&QWP(0x50,$inp)); - &lea ($inp,&DWP(0x60,$inp)); - &movdqa (&QWP(48,"esp"),$rndkey0); # save 1st triplet - &pshufb ($rndkey0,$inout0); # byte swap - &xorps ($inout4,$inout2); - &movups (&QWP(0x30,$out),$inout3); - &xorps ($inout5,$inout1); - &movdqa (&QWP(64,"esp"),$rndkey1); # save 2nd triplet - &pshufb ($rndkey1,$inout0); # byte swap - &movups (&QWP(0x40,$out),$inout4); - &pshufd ($inout0,$rndkey0,3<<6); - &movups (&QWP(0x50,$out),$inout5); - &lea ($out,&DWP(0x60,$out)); - - &pshufd ($inout1,$rndkey0,2<<6); - &sub ($len,6); - &jnc (&label("ctr32_loop6")); - - &add ($len,6); - &jz (&label("ctr32_ret")); - &movdqu ($inout5,&QWP(0,$key_)); - &mov ($key,$key_); - &pxor ($inout5,&QWP(32,"esp")); # restore count-less ivec - &mov ($rounds,&DWP(240,$key_)); # restore $rounds - -&set_label("ctr32_tail"); - &por ($inout0,$inout5); - &cmp ($len,2); - &jb (&label("ctr32_one")); - - &pshufd ($inout2,$rndkey0,1<<6); - &por ($inout1,$inout5); - &je (&label("ctr32_two")); - - &pshufd ($inout3,$rndkey1,3<<6); - &por ($inout2,$inout5); - &cmp ($len,4); - &jb (&label("ctr32_three")); - - &pshufd ($inout4,$rndkey1,2<<6); - &por ($inout3,$inout5); - &je (&label("ctr32_four")); - - &por ($inout4,$inout5); - &call ("_aesni_encrypt6"); - &movups ($rndkey1,&QWP(0,$inp)); - &movups ($rndkey0,&QWP(0x10,$inp)); - &xorps ($inout0,$rndkey1); - &movups ($rndkey1,&QWP(0x20,$inp)); - &xorps ($inout1,$rndkey0); - &movups ($rndkey0,&QWP(0x30,$inp)); - &xorps ($inout2,$rndkey1); - &movups ($rndkey1,&QWP(0x40,$inp)); - &xorps ($inout3,$rndkey0); - &movups (&QWP(0,$out),$inout0); - &xorps ($inout4,$rndkey1); - &movups (&QWP(0x10,$out),$inout1); - &movups (&QWP(0x20,$out),$inout2); - &movups (&QWP(0x30,$out),$inout3); - &movups (&QWP(0x40,$out),$inout4); - &jmp (&label("ctr32_ret")); - -&set_label("ctr32_one_shortcut",16); - &movups ($inout0,&QWP(0,$rounds_)); # load ivec - &mov ($rounds,&DWP(240,$key)); - -&set_label("ctr32_one"); - if ($inline) - { &aesni_inline_generate1("enc"); } - else - { &call ("_aesni_encrypt1"); } - &movups ($in0,&QWP(0,$inp)); - &xorps ($in0,$inout0); - &movups (&QWP(0,$out),$in0); - &jmp (&label("ctr32_ret")); - -&set_label("ctr32_two",16); - &call ("_aesni_encrypt2"); - &movups ($inout3,&QWP(0,$inp)); - &movups ($inout4,&QWP(0x10,$inp)); - &xorps ($inout0,$inout3); - &xorps ($inout1,$inout4); - &movups (&QWP(0,$out),$inout0); - &movups (&QWP(0x10,$out),$inout1); - &jmp (&label("ctr32_ret")); - -&set_label("ctr32_three",16); - &call ("_aesni_encrypt3"); - &movups ($inout3,&QWP(0,$inp)); - &movups ($inout4,&QWP(0x10,$inp)); - &xorps ($inout0,$inout3); - &movups ($inout5,&QWP(0x20,$inp)); - &xorps ($inout1,$inout4); - &movups (&QWP(0,$out),$inout0); - &xorps ($inout2,$inout5); - &movups (&QWP(0x10,$out),$inout1); - &movups (&QWP(0x20,$out),$inout2); - &jmp (&label("ctr32_ret")); - -&set_label("ctr32_four",16); - &call ("_aesni_encrypt4"); - &movups ($inout4,&QWP(0,$inp)); - &movups ($inout5,&QWP(0x10,$inp)); - &movups ($rndkey1,&QWP(0x20,$inp)); - &xorps ($inout0,$inout4); - &movups ($rndkey0,&QWP(0x30,$inp)); - &xorps ($inout1,$inout5); - &movups (&QWP(0,$out),$inout0); - &xorps ($inout2,$rndkey1); - &movups (&QWP(0x10,$out),$inout1); - &xorps ($inout3,$rndkey0); - &movups (&QWP(0x20,$out),$inout2); - &movups (&QWP(0x30,$out),$inout3); - -&set_label("ctr32_ret"); - &pxor ("xmm0","xmm0"); # clear register bank - &pxor ("xmm1","xmm1"); - &pxor ("xmm2","xmm2"); - &pxor ("xmm3","xmm3"); - &pxor ("xmm4","xmm4"); - &movdqa (&QWP(32,"esp"),"xmm0"); # clear stack - &pxor ("xmm5","xmm5"); - &movdqa (&QWP(48,"esp"),"xmm0"); - &pxor ("xmm6","xmm6"); - &movdqa (&QWP(64,"esp"),"xmm0"); - &pxor ("xmm7","xmm7"); - &mov ("esp",&DWP(80,"esp")); -&function_end("aesni_ctr32_encrypt_blocks"); - -###################################################################### -# void aesni_xts_[en|de]crypt(const char *inp,char *out,size_t len, -# const AES_KEY *key1, const AES_KEY *key2 -# const unsigned char iv[16]); -# -{ my ($tweak,$twtmp,$twres,$twmask)=($rndkey1,$rndkey0,$inout0,$inout1); - -&function_begin("aesni_xts_encrypt"); - &mov ($key,&wparam(4)); # key2 - &mov ($inp,&wparam(5)); # clear-text tweak - - &mov ($rounds,&DWP(240,$key)); # key2->rounds - &movups ($inout0,&QWP(0,$inp)); - if ($inline) - { &aesni_inline_generate1("enc"); } - else - { &call ("_aesni_encrypt1"); } - - &mov ($inp,&wparam(0)); - &mov ($out,&wparam(1)); - &mov ($len,&wparam(2)); - &mov ($key,&wparam(3)); # key1 - - &mov ($key_,"esp"); - &sub ("esp",16*7+8); - &mov ($rounds,&DWP(240,$key)); # key1->rounds - &and ("esp",-16); # align stack - - &mov (&DWP(16*6+0,"esp"),0x87); # compose the magic constant - &mov (&DWP(16*6+4,"esp"),0); - &mov (&DWP(16*6+8,"esp"),1); - &mov (&DWP(16*6+12,"esp"),0); - &mov (&DWP(16*7+0,"esp"),$len); # save original $len - &mov (&DWP(16*7+4,"esp"),$key_); # save original %esp - - &movdqa ($tweak,$inout0); - &pxor ($twtmp,$twtmp); - &movdqa ($twmask,&QWP(6*16,"esp")); # 0x0...010...87 - &pcmpgtd($twtmp,$tweak); # broadcast upper bits - - &and ($len,-16); - &mov ($key_,$key); # backup $key - &mov ($rounds_,$rounds); # backup $rounds - &sub ($len,16*6); - &jc (&label("xts_enc_short")); - - &shl ($rounds,4); - &mov ($rounds_,16); - &sub ($rounds_,$rounds); - &lea ($key,&DWP(32,$key,$rounds)); - &jmp (&label("xts_enc_loop6")); - -&set_label("xts_enc_loop6",16); - for ($i=0;$i<4;$i++) { - &pshufd ($twres,$twtmp,0x13); - &pxor ($twtmp,$twtmp); - &movdqa (&QWP(16*$i,"esp"),$tweak); - &paddq ($tweak,$tweak); # &psllq($tweak,1); - &pand ($twres,$twmask); # isolate carry and residue - &pcmpgtd ($twtmp,$tweak); # broadcast upper bits - &pxor ($tweak,$twres); - } - &pshufd ($inout5,$twtmp,0x13); - &movdqa (&QWP(16*$i++,"esp"),$tweak); - &paddq ($tweak,$tweak); # &psllq($tweak,1); - &$movekey ($rndkey0,&QWP(0,$key_)); - &pand ($inout5,$twmask); # isolate carry and residue - &movups ($inout0,&QWP(0,$inp)); # load input - &pxor ($inout5,$tweak); - - # inline _aesni_encrypt6 prologue and flip xor with tweak and key[0] - &mov ($rounds,$rounds_); # restore $rounds - &movdqu ($inout1,&QWP(16*1,$inp)); - &xorps ($inout0,$rndkey0); # input^=rndkey[0] - &movdqu ($inout2,&QWP(16*2,$inp)); - &pxor ($inout1,$rndkey0); - &movdqu ($inout3,&QWP(16*3,$inp)); - &pxor ($inout2,$rndkey0); - &movdqu ($inout4,&QWP(16*4,$inp)); - &pxor ($inout3,$rndkey0); - &movdqu ($rndkey1,&QWP(16*5,$inp)); - &pxor ($inout4,$rndkey0); - &lea ($inp,&DWP(16*6,$inp)); - &pxor ($inout0,&QWP(16*0,"esp")); # input^=tweak - &movdqa (&QWP(16*$i,"esp"),$inout5); # save last tweak - &pxor ($inout5,$rndkey1); - - &$movekey ($rndkey1,&QWP(16,$key_)); - &pxor ($inout1,&QWP(16*1,"esp")); - &pxor ($inout2,&QWP(16*2,"esp")); - &aesenc ($inout0,$rndkey1); - &pxor ($inout3,&QWP(16*3,"esp")); - &pxor ($inout4,&QWP(16*4,"esp")); - &aesenc ($inout1,$rndkey1); - &pxor ($inout5,$rndkey0); - &$movekey ($rndkey0,&QWP(32,$key_)); - &aesenc ($inout2,$rndkey1); - &aesenc ($inout3,$rndkey1); - &aesenc ($inout4,$rndkey1); - &aesenc ($inout5,$rndkey1); - &call (&label("_aesni_encrypt6_enter")); - - &movdqa ($tweak,&QWP(16*5,"esp")); # last tweak - &pxor ($twtmp,$twtmp); - &xorps ($inout0,&QWP(16*0,"esp")); # output^=tweak - &pcmpgtd ($twtmp,$tweak); # broadcast upper bits - &xorps ($inout1,&QWP(16*1,"esp")); - &movups (&QWP(16*0,$out),$inout0); # write output - &xorps ($inout2,&QWP(16*2,"esp")); - &movups (&QWP(16*1,$out),$inout1); - &xorps ($inout3,&QWP(16*3,"esp")); - &movups (&QWP(16*2,$out),$inout2); - &xorps ($inout4,&QWP(16*4,"esp")); - &movups (&QWP(16*3,$out),$inout3); - &xorps ($inout5,$tweak); - &movups (&QWP(16*4,$out),$inout4); - &pshufd ($twres,$twtmp,0x13); - &movups (&QWP(16*5,$out),$inout5); - &lea ($out,&DWP(16*6,$out)); - &movdqa ($twmask,&QWP(16*6,"esp")); # 0x0...010...87 - - &pxor ($twtmp,$twtmp); - &paddq ($tweak,$tweak); # &psllq($tweak,1); - &pand ($twres,$twmask); # isolate carry and residue - &pcmpgtd($twtmp,$tweak); # broadcast upper bits - &pxor ($tweak,$twres); - - &sub ($len,16*6); - &jnc (&label("xts_enc_loop6")); - - &mov ($rounds,&DWP(240,$key_)); # restore $rounds - &mov ($key,$key_); # restore $key - &mov ($rounds_,$rounds); - -&set_label("xts_enc_short"); - &add ($len,16*6); - &jz (&label("xts_enc_done6x")); - - &movdqa ($inout3,$tweak); # put aside previous tweak - &cmp ($len,0x20); - &jb (&label("xts_enc_one")); - - &pshufd ($twres,$twtmp,0x13); - &pxor ($twtmp,$twtmp); - &paddq ($tweak,$tweak); # &psllq($tweak,1); - &pand ($twres,$twmask); # isolate carry and residue - &pcmpgtd($twtmp,$tweak); # broadcast upper bits - &pxor ($tweak,$twres); - &je (&label("xts_enc_two")); - - &pshufd ($twres,$twtmp,0x13); - &pxor ($twtmp,$twtmp); - &movdqa ($inout4,$tweak); # put aside previous tweak - &paddq ($tweak,$tweak); # &psllq($tweak,1); - &pand ($twres,$twmask); # isolate carry and residue - &pcmpgtd($twtmp,$tweak); # broadcast upper bits - &pxor ($tweak,$twres); - &cmp ($len,0x40); - &jb (&label("xts_enc_three")); - - &pshufd ($twres,$twtmp,0x13); - &pxor ($twtmp,$twtmp); - &movdqa ($inout5,$tweak); # put aside previous tweak - &paddq ($tweak,$tweak); # &psllq($tweak,1); - &pand ($twres,$twmask); # isolate carry and residue - &pcmpgtd($twtmp,$tweak); # broadcast upper bits - &pxor ($tweak,$twres); - &movdqa (&QWP(16*0,"esp"),$inout3); - &movdqa (&QWP(16*1,"esp"),$inout4); - &je (&label("xts_enc_four")); - - &movdqa (&QWP(16*2,"esp"),$inout5); - &pshufd ($inout5,$twtmp,0x13); - &movdqa (&QWP(16*3,"esp"),$tweak); - &paddq ($tweak,$tweak); # &psllq($inout0,1); - &pand ($inout5,$twmask); # isolate carry and residue - &pxor ($inout5,$tweak); - - &movdqu ($inout0,&QWP(16*0,$inp)); # load input - &movdqu ($inout1,&QWP(16*1,$inp)); - &movdqu ($inout2,&QWP(16*2,$inp)); - &pxor ($inout0,&QWP(16*0,"esp")); # input^=tweak - &movdqu ($inout3,&QWP(16*3,$inp)); - &pxor ($inout1,&QWP(16*1,"esp")); - &movdqu ($inout4,&QWP(16*4,$inp)); - &pxor ($inout2,&QWP(16*2,"esp")); - &lea ($inp,&DWP(16*5,$inp)); - &pxor ($inout3,&QWP(16*3,"esp")); - &movdqa (&QWP(16*4,"esp"),$inout5); # save last tweak - &pxor ($inout4,$inout5); - - &call ("_aesni_encrypt6"); - - &movaps ($tweak,&QWP(16*4,"esp")); # last tweak - &xorps ($inout0,&QWP(16*0,"esp")); # output^=tweak - &xorps ($inout1,&QWP(16*1,"esp")); - &xorps ($inout2,&QWP(16*2,"esp")); - &movups (&QWP(16*0,$out),$inout0); # write output - &xorps ($inout3,&QWP(16*3,"esp")); - &movups (&QWP(16*1,$out),$inout1); - &xorps ($inout4,$tweak); - &movups (&QWP(16*2,$out),$inout2); - &movups (&QWP(16*3,$out),$inout3); - &movups (&QWP(16*4,$out),$inout4); - &lea ($out,&DWP(16*5,$out)); - &jmp (&label("xts_enc_done")); - -&set_label("xts_enc_one",16); - &movups ($inout0,&QWP(16*0,$inp)); # load input - &lea ($inp,&DWP(16*1,$inp)); - &xorps ($inout0,$inout3); # input^=tweak - if ($inline) - { &aesni_inline_generate1("enc"); } - else - { &call ("_aesni_encrypt1"); } - &xorps ($inout0,$inout3); # output^=tweak - &movups (&QWP(16*0,$out),$inout0); # write output - &lea ($out,&DWP(16*1,$out)); - - &movdqa ($tweak,$inout3); # last tweak - &jmp (&label("xts_enc_done")); - -&set_label("xts_enc_two",16); - &movaps ($inout4,$tweak); # put aside last tweak - - &movups ($inout0,&QWP(16*0,$inp)); # load input - &movups ($inout1,&QWP(16*1,$inp)); - &lea ($inp,&DWP(16*2,$inp)); - &xorps ($inout0,$inout3); # input^=tweak - &xorps ($inout1,$inout4); - - &call ("_aesni_encrypt2"); - - &xorps ($inout0,$inout3); # output^=tweak - &xorps ($inout1,$inout4); - &movups (&QWP(16*0,$out),$inout0); # write output - &movups (&QWP(16*1,$out),$inout1); - &lea ($out,&DWP(16*2,$out)); - - &movdqa ($tweak,$inout4); # last tweak - &jmp (&label("xts_enc_done")); - -&set_label("xts_enc_three",16); - &movaps ($inout5,$tweak); # put aside last tweak - &movups ($inout0,&QWP(16*0,$inp)); # load input - &movups ($inout1,&QWP(16*1,$inp)); - &movups ($inout2,&QWP(16*2,$inp)); - &lea ($inp,&DWP(16*3,$inp)); - &xorps ($inout0,$inout3); # input^=tweak - &xorps ($inout1,$inout4); - &xorps ($inout2,$inout5); - - &call ("_aesni_encrypt3"); - - &xorps ($inout0,$inout3); # output^=tweak - &xorps ($inout1,$inout4); - &xorps ($inout2,$inout5); - &movups (&QWP(16*0,$out),$inout0); # write output - &movups (&QWP(16*1,$out),$inout1); - &movups (&QWP(16*2,$out),$inout2); - &lea ($out,&DWP(16*3,$out)); - - &movdqa ($tweak,$inout5); # last tweak - &jmp (&label("xts_enc_done")); - -&set_label("xts_enc_four",16); - &movaps ($inout4,$tweak); # put aside last tweak - - &movups ($inout0,&QWP(16*0,$inp)); # load input - &movups ($inout1,&QWP(16*1,$inp)); - &movups ($inout2,&QWP(16*2,$inp)); - &xorps ($inout0,&QWP(16*0,"esp")); # input^=tweak - &movups ($inout3,&QWP(16*3,$inp)); - &lea ($inp,&DWP(16*4,$inp)); - &xorps ($inout1,&QWP(16*1,"esp")); - &xorps ($inout2,$inout5); - &xorps ($inout3,$inout4); - - &call ("_aesni_encrypt4"); - - &xorps ($inout0,&QWP(16*0,"esp")); # output^=tweak - &xorps ($inout1,&QWP(16*1,"esp")); - &xorps ($inout2,$inout5); - &movups (&QWP(16*0,$out),$inout0); # write output - &xorps ($inout3,$inout4); - &movups (&QWP(16*1,$out),$inout1); - &movups (&QWP(16*2,$out),$inout2); - &movups (&QWP(16*3,$out),$inout3); - &lea ($out,&DWP(16*4,$out)); - - &movdqa ($tweak,$inout4); # last tweak - &jmp (&label("xts_enc_done")); - -&set_label("xts_enc_done6x",16); # $tweak is pre-calculated - &mov ($len,&DWP(16*7+0,"esp")); # restore original $len - &and ($len,15); - &jz (&label("xts_enc_ret")); - &movdqa ($inout3,$tweak); - &mov (&DWP(16*7+0,"esp"),$len); # save $len%16 - &jmp (&label("xts_enc_steal")); - -&set_label("xts_enc_done",16); - &mov ($len,&DWP(16*7+0,"esp")); # restore original $len - &pxor ($twtmp,$twtmp); - &and ($len,15); - &jz (&label("xts_enc_ret")); - - &pcmpgtd($twtmp,$tweak); # broadcast upper bits - &mov (&DWP(16*7+0,"esp"),$len); # save $len%16 - &pshufd ($inout3,$twtmp,0x13); - &paddq ($tweak,$tweak); # &psllq($tweak,1); - &pand ($inout3,&QWP(16*6,"esp")); # isolate carry and residue - &pxor ($inout3,$tweak); - -&set_label("xts_enc_steal"); - &movz ($rounds,&BP(0,$inp)); - &movz ($key,&BP(-16,$out)); - &lea ($inp,&DWP(1,$inp)); - &mov (&BP(-16,$out),&LB($rounds)); - &mov (&BP(0,$out),&LB($key)); - &lea ($out,&DWP(1,$out)); - &sub ($len,1); - &jnz (&label("xts_enc_steal")); - - &sub ($out,&DWP(16*7+0,"esp")); # rewind $out - &mov ($key,$key_); # restore $key - &mov ($rounds,$rounds_); # restore $rounds - - &movups ($inout0,&QWP(-16,$out)); # load input - &xorps ($inout0,$inout3); # input^=tweak - if ($inline) - { &aesni_inline_generate1("enc"); } - else - { &call ("_aesni_encrypt1"); } - &xorps ($inout0,$inout3); # output^=tweak - &movups (&QWP(-16,$out),$inout0); # write output - -&set_label("xts_enc_ret"); - &pxor ("xmm0","xmm0"); # clear register bank - &pxor ("xmm1","xmm1"); - &pxor ("xmm2","xmm2"); - &movdqa (&QWP(16*0,"esp"),"xmm0"); # clear stack - &pxor ("xmm3","xmm3"); - &movdqa (&QWP(16*1,"esp"),"xmm0"); - &pxor ("xmm4","xmm4"); - &movdqa (&QWP(16*2,"esp"),"xmm0"); - &pxor ("xmm5","xmm5"); - &movdqa (&QWP(16*3,"esp"),"xmm0"); - &pxor ("xmm6","xmm6"); - &movdqa (&QWP(16*4,"esp"),"xmm0"); - &pxor ("xmm7","xmm7"); - &movdqa (&QWP(16*5,"esp"),"xmm0"); - &mov ("esp",&DWP(16*7+4,"esp")); # restore %esp -&function_end("aesni_xts_encrypt"); - -&function_begin("aesni_xts_decrypt"); - &mov ($key,&wparam(4)); # key2 - &mov ($inp,&wparam(5)); # clear-text tweak - - &mov ($rounds,&DWP(240,$key)); # key2->rounds - &movups ($inout0,&QWP(0,$inp)); - if ($inline) - { &aesni_inline_generate1("enc"); } - else - { &call ("_aesni_encrypt1"); } - - &mov ($inp,&wparam(0)); - &mov ($out,&wparam(1)); - &mov ($len,&wparam(2)); - &mov ($key,&wparam(3)); # key1 - - &mov ($key_,"esp"); - &sub ("esp",16*7+8); - &and ("esp",-16); # align stack - - &xor ($rounds_,$rounds_); # if(len%16) len-=16; - &test ($len,15); - &setnz (&LB($rounds_)); - &shl ($rounds_,4); - &sub ($len,$rounds_); - - &mov (&DWP(16*6+0,"esp"),0x87); # compose the magic constant - &mov (&DWP(16*6+4,"esp"),0); - &mov (&DWP(16*6+8,"esp"),1); - &mov (&DWP(16*6+12,"esp"),0); - &mov (&DWP(16*7+0,"esp"),$len); # save original $len - &mov (&DWP(16*7+4,"esp"),$key_); # save original %esp - - &mov ($rounds,&DWP(240,$key)); # key1->rounds - &mov ($key_,$key); # backup $key - &mov ($rounds_,$rounds); # backup $rounds - - &movdqa ($tweak,$inout0); - &pxor ($twtmp,$twtmp); - &movdqa ($twmask,&QWP(6*16,"esp")); # 0x0...010...87 - &pcmpgtd($twtmp,$tweak); # broadcast upper bits - - &and ($len,-16); - &sub ($len,16*6); - &jc (&label("xts_dec_short")); - - &shl ($rounds,4); - &mov ($rounds_,16); - &sub ($rounds_,$rounds); - &lea ($key,&DWP(32,$key,$rounds)); - &jmp (&label("xts_dec_loop6")); - -&set_label("xts_dec_loop6",16); - for ($i=0;$i<4;$i++) { - &pshufd ($twres,$twtmp,0x13); - &pxor ($twtmp,$twtmp); - &movdqa (&QWP(16*$i,"esp"),$tweak); - &paddq ($tweak,$tweak); # &psllq($tweak,1); - &pand ($twres,$twmask); # isolate carry and residue - &pcmpgtd ($twtmp,$tweak); # broadcast upper bits - &pxor ($tweak,$twres); - } - &pshufd ($inout5,$twtmp,0x13); - &movdqa (&QWP(16*$i++,"esp"),$tweak); - &paddq ($tweak,$tweak); # &psllq($tweak,1); - &$movekey ($rndkey0,&QWP(0,$key_)); - &pand ($inout5,$twmask); # isolate carry and residue - &movups ($inout0,&QWP(0,$inp)); # load input - &pxor ($inout5,$tweak); - - # inline _aesni_encrypt6 prologue and flip xor with tweak and key[0] - &mov ($rounds,$rounds_); - &movdqu ($inout1,&QWP(16*1,$inp)); - &xorps ($inout0,$rndkey0); # input^=rndkey[0] - &movdqu ($inout2,&QWP(16*2,$inp)); - &pxor ($inout1,$rndkey0); - &movdqu ($inout3,&QWP(16*3,$inp)); - &pxor ($inout2,$rndkey0); - &movdqu ($inout4,&QWP(16*4,$inp)); - &pxor ($inout3,$rndkey0); - &movdqu ($rndkey1,&QWP(16*5,$inp)); - &pxor ($inout4,$rndkey0); - &lea ($inp,&DWP(16*6,$inp)); - &pxor ($inout0,&QWP(16*0,"esp")); # input^=tweak - &movdqa (&QWP(16*$i,"esp"),$inout5); # save last tweak - &pxor ($inout5,$rndkey1); - - &$movekey ($rndkey1,&QWP(16,$key_)); - &pxor ($inout1,&QWP(16*1,"esp")); - &pxor ($inout2,&QWP(16*2,"esp")); - &aesdec ($inout0,$rndkey1); - &pxor ($inout3,&QWP(16*3,"esp")); - &pxor ($inout4,&QWP(16*4,"esp")); - &aesdec ($inout1,$rndkey1); - &pxor ($inout5,$rndkey0); - &$movekey ($rndkey0,&QWP(32,$key_)); - &aesdec ($inout2,$rndkey1); - &aesdec ($inout3,$rndkey1); - &aesdec ($inout4,$rndkey1); - &aesdec ($inout5,$rndkey1); - &call (&label("_aesni_decrypt6_enter")); - - &movdqa ($tweak,&QWP(16*5,"esp")); # last tweak - &pxor ($twtmp,$twtmp); - &xorps ($inout0,&QWP(16*0,"esp")); # output^=tweak - &pcmpgtd ($twtmp,$tweak); # broadcast upper bits - &xorps ($inout1,&QWP(16*1,"esp")); - &movups (&QWP(16*0,$out),$inout0); # write output - &xorps ($inout2,&QWP(16*2,"esp")); - &movups (&QWP(16*1,$out),$inout1); - &xorps ($inout3,&QWP(16*3,"esp")); - &movups (&QWP(16*2,$out),$inout2); - &xorps ($inout4,&QWP(16*4,"esp")); - &movups (&QWP(16*3,$out),$inout3); - &xorps ($inout5,$tweak); - &movups (&QWP(16*4,$out),$inout4); - &pshufd ($twres,$twtmp,0x13); - &movups (&QWP(16*5,$out),$inout5); - &lea ($out,&DWP(16*6,$out)); - &movdqa ($twmask,&QWP(16*6,"esp")); # 0x0...010...87 - - &pxor ($twtmp,$twtmp); - &paddq ($tweak,$tweak); # &psllq($tweak,1); - &pand ($twres,$twmask); # isolate carry and residue - &pcmpgtd($twtmp,$tweak); # broadcast upper bits - &pxor ($tweak,$twres); - - &sub ($len,16*6); - &jnc (&label("xts_dec_loop6")); - - &mov ($rounds,&DWP(240,$key_)); # restore $rounds - &mov ($key,$key_); # restore $key - &mov ($rounds_,$rounds); - -&set_label("xts_dec_short"); - &add ($len,16*6); - &jz (&label("xts_dec_done6x")); - - &movdqa ($inout3,$tweak); # put aside previous tweak - &cmp ($len,0x20); - &jb (&label("xts_dec_one")); - - &pshufd ($twres,$twtmp,0x13); - &pxor ($twtmp,$twtmp); - &paddq ($tweak,$tweak); # &psllq($tweak,1); - &pand ($twres,$twmask); # isolate carry and residue - &pcmpgtd($twtmp,$tweak); # broadcast upper bits - &pxor ($tweak,$twres); - &je (&label("xts_dec_two")); - - &pshufd ($twres,$twtmp,0x13); - &pxor ($twtmp,$twtmp); - &movdqa ($inout4,$tweak); # put aside previous tweak - &paddq ($tweak,$tweak); # &psllq($tweak,1); - &pand ($twres,$twmask); # isolate carry and residue - &pcmpgtd($twtmp,$tweak); # broadcast upper bits - &pxor ($tweak,$twres); - &cmp ($len,0x40); - &jb (&label("xts_dec_three")); - - &pshufd ($twres,$twtmp,0x13); - &pxor ($twtmp,$twtmp); - &movdqa ($inout5,$tweak); # put aside previous tweak - &paddq ($tweak,$tweak); # &psllq($tweak,1); - &pand ($twres,$twmask); # isolate carry and residue - &pcmpgtd($twtmp,$tweak); # broadcast upper bits - &pxor ($tweak,$twres); - &movdqa (&QWP(16*0,"esp"),$inout3); - &movdqa (&QWP(16*1,"esp"),$inout4); - &je (&label("xts_dec_four")); - - &movdqa (&QWP(16*2,"esp"),$inout5); - &pshufd ($inout5,$twtmp,0x13); - &movdqa (&QWP(16*3,"esp"),$tweak); - &paddq ($tweak,$tweak); # &psllq($inout0,1); - &pand ($inout5,$twmask); # isolate carry and residue - &pxor ($inout5,$tweak); - - &movdqu ($inout0,&QWP(16*0,$inp)); # load input - &movdqu ($inout1,&QWP(16*1,$inp)); - &movdqu ($inout2,&QWP(16*2,$inp)); - &pxor ($inout0,&QWP(16*0,"esp")); # input^=tweak - &movdqu ($inout3,&QWP(16*3,$inp)); - &pxor ($inout1,&QWP(16*1,"esp")); - &movdqu ($inout4,&QWP(16*4,$inp)); - &pxor ($inout2,&QWP(16*2,"esp")); - &lea ($inp,&DWP(16*5,$inp)); - &pxor ($inout3,&QWP(16*3,"esp")); - &movdqa (&QWP(16*4,"esp"),$inout5); # save last tweak - &pxor ($inout4,$inout5); - - &call ("_aesni_decrypt6"); - - &movaps ($tweak,&QWP(16*4,"esp")); # last tweak - &xorps ($inout0,&QWP(16*0,"esp")); # output^=tweak - &xorps ($inout1,&QWP(16*1,"esp")); - &xorps ($inout2,&QWP(16*2,"esp")); - &movups (&QWP(16*0,$out),$inout0); # write output - &xorps ($inout3,&QWP(16*3,"esp")); - &movups (&QWP(16*1,$out),$inout1); - &xorps ($inout4,$tweak); - &movups (&QWP(16*2,$out),$inout2); - &movups (&QWP(16*3,$out),$inout3); - &movups (&QWP(16*4,$out),$inout4); - &lea ($out,&DWP(16*5,$out)); - &jmp (&label("xts_dec_done")); - -&set_label("xts_dec_one",16); - &movups ($inout0,&QWP(16*0,$inp)); # load input - &lea ($inp,&DWP(16*1,$inp)); - &xorps ($inout0,$inout3); # input^=tweak - if ($inline) - { &aesni_inline_generate1("dec"); } - else - { &call ("_aesni_decrypt1"); } - &xorps ($inout0,$inout3); # output^=tweak - &movups (&QWP(16*0,$out),$inout0); # write output - &lea ($out,&DWP(16*1,$out)); - - &movdqa ($tweak,$inout3); # last tweak - &jmp (&label("xts_dec_done")); - -&set_label("xts_dec_two",16); - &movaps ($inout4,$tweak); # put aside last tweak - - &movups ($inout0,&QWP(16*0,$inp)); # load input - &movups ($inout1,&QWP(16*1,$inp)); - &lea ($inp,&DWP(16*2,$inp)); - &xorps ($inout0,$inout3); # input^=tweak - &xorps ($inout1,$inout4); - - &call ("_aesni_decrypt2"); - - &xorps ($inout0,$inout3); # output^=tweak - &xorps ($inout1,$inout4); - &movups (&QWP(16*0,$out),$inout0); # write output - &movups (&QWP(16*1,$out),$inout1); - &lea ($out,&DWP(16*2,$out)); - - &movdqa ($tweak,$inout4); # last tweak - &jmp (&label("xts_dec_done")); - -&set_label("xts_dec_three",16); - &movaps ($inout5,$tweak); # put aside last tweak - &movups ($inout0,&QWP(16*0,$inp)); # load input - &movups ($inout1,&QWP(16*1,$inp)); - &movups ($inout2,&QWP(16*2,$inp)); - &lea ($inp,&DWP(16*3,$inp)); - &xorps ($inout0,$inout3); # input^=tweak - &xorps ($inout1,$inout4); - &xorps ($inout2,$inout5); - - &call ("_aesni_decrypt3"); - - &xorps ($inout0,$inout3); # output^=tweak - &xorps ($inout1,$inout4); - &xorps ($inout2,$inout5); - &movups (&QWP(16*0,$out),$inout0); # write output - &movups (&QWP(16*1,$out),$inout1); - &movups (&QWP(16*2,$out),$inout2); - &lea ($out,&DWP(16*3,$out)); - - &movdqa ($tweak,$inout5); # last tweak - &jmp (&label("xts_dec_done")); - -&set_label("xts_dec_four",16); - &movaps ($inout4,$tweak); # put aside last tweak - - &movups ($inout0,&QWP(16*0,$inp)); # load input - &movups ($inout1,&QWP(16*1,$inp)); - &movups ($inout2,&QWP(16*2,$inp)); - &xorps ($inout0,&QWP(16*0,"esp")); # input^=tweak - &movups ($inout3,&QWP(16*3,$inp)); - &lea ($inp,&DWP(16*4,$inp)); - &xorps ($inout1,&QWP(16*1,"esp")); - &xorps ($inout2,$inout5); - &xorps ($inout3,$inout4); - - &call ("_aesni_decrypt4"); - - &xorps ($inout0,&QWP(16*0,"esp")); # output^=tweak - &xorps ($inout1,&QWP(16*1,"esp")); - &xorps ($inout2,$inout5); - &movups (&QWP(16*0,$out),$inout0); # write output - &xorps ($inout3,$inout4); - &movups (&QWP(16*1,$out),$inout1); - &movups (&QWP(16*2,$out),$inout2); - &movups (&QWP(16*3,$out),$inout3); - &lea ($out,&DWP(16*4,$out)); - - &movdqa ($tweak,$inout4); # last tweak - &jmp (&label("xts_dec_done")); - -&set_label("xts_dec_done6x",16); # $tweak is pre-calculated - &mov ($len,&DWP(16*7+0,"esp")); # restore original $len - &and ($len,15); - &jz (&label("xts_dec_ret")); - &mov (&DWP(16*7+0,"esp"),$len); # save $len%16 - &jmp (&label("xts_dec_only_one_more")); - -&set_label("xts_dec_done",16); - &mov ($len,&DWP(16*7+0,"esp")); # restore original $len - &pxor ($twtmp,$twtmp); - &and ($len,15); - &jz (&label("xts_dec_ret")); - - &pcmpgtd($twtmp,$tweak); # broadcast upper bits - &mov (&DWP(16*7+0,"esp"),$len); # save $len%16 - &pshufd ($twres,$twtmp,0x13); - &pxor ($twtmp,$twtmp); - &movdqa ($twmask,&QWP(16*6,"esp")); - &paddq ($tweak,$tweak); # &psllq($tweak,1); - &pand ($twres,$twmask); # isolate carry and residue - &pcmpgtd($twtmp,$tweak); # broadcast upper bits - &pxor ($tweak,$twres); - -&set_label("xts_dec_only_one_more"); - &pshufd ($inout3,$twtmp,0x13); - &movdqa ($inout4,$tweak); # put aside previous tweak - &paddq ($tweak,$tweak); # &psllq($tweak,1); - &pand ($inout3,$twmask); # isolate carry and residue - &pxor ($inout3,$tweak); - - &mov ($key,$key_); # restore $key - &mov ($rounds,$rounds_); # restore $rounds - - &movups ($inout0,&QWP(0,$inp)); # load input - &xorps ($inout0,$inout3); # input^=tweak - if ($inline) - { &aesni_inline_generate1("dec"); } - else - { &call ("_aesni_decrypt1"); } - &xorps ($inout0,$inout3); # output^=tweak - &movups (&QWP(0,$out),$inout0); # write output - -&set_label("xts_dec_steal"); - &movz ($rounds,&BP(16,$inp)); - &movz ($key,&BP(0,$out)); - &lea ($inp,&DWP(1,$inp)); - &mov (&BP(0,$out),&LB($rounds)); - &mov (&BP(16,$out),&LB($key)); - &lea ($out,&DWP(1,$out)); - &sub ($len,1); - &jnz (&label("xts_dec_steal")); - - &sub ($out,&DWP(16*7+0,"esp")); # rewind $out - &mov ($key,$key_); # restore $key - &mov ($rounds,$rounds_); # restore $rounds - - &movups ($inout0,&QWP(0,$out)); # load input - &xorps ($inout0,$inout4); # input^=tweak - if ($inline) - { &aesni_inline_generate1("dec"); } - else - { &call ("_aesni_decrypt1"); } - &xorps ($inout0,$inout4); # output^=tweak - &movups (&QWP(0,$out),$inout0); # write output - -&set_label("xts_dec_ret"); - &pxor ("xmm0","xmm0"); # clear register bank - &pxor ("xmm1","xmm1"); - &pxor ("xmm2","xmm2"); - &movdqa (&QWP(16*0,"esp"),"xmm0"); # clear stack - &pxor ("xmm3","xmm3"); - &movdqa (&QWP(16*1,"esp"),"xmm0"); - &pxor ("xmm4","xmm4"); - &movdqa (&QWP(16*2,"esp"),"xmm0"); - &pxor ("xmm5","xmm5"); - &movdqa (&QWP(16*3,"esp"),"xmm0"); - &pxor ("xmm6","xmm6"); - &movdqa (&QWP(16*4,"esp"),"xmm0"); - &pxor ("xmm7","xmm7"); - &movdqa (&QWP(16*5,"esp"),"xmm0"); - &mov ("esp",&DWP(16*7+4,"esp")); # restore %esp -&function_end("aesni_xts_decrypt"); -} - -###################################################################### -# void aesni_ocb_[en|de]crypt(const char *inp, char *out, size_t blocks, -# const AES_KEY *key, unsigned int start_block_num, -# unsigned char offset_i[16], const unsigned char L_[][16], -# unsigned char checksum[16]); -# -{ -# offsets within stack frame -my $checksum = 16*6; -my ($key_off,$rounds_off,$out_off,$end_off,$esp_off)=map(16*7+4*$_,(0..4)); - -# reassigned registers -my ($l_,$block,$i1,$i3,$i5) = ($rounds_,$key_,$rounds,$len,$out); -# $l_, $blocks, $inp, $key are permanently allocated in registers; -# remaining non-volatile ones are offloaded to stack, which even -# stay invariant after written to stack. - -&function_begin("aesni_ocb_encrypt"); - &mov ($rounds,&wparam(5)); # &offset_i - &mov ($rounds_,&wparam(7)); # &checksum - - &mov ($inp,&wparam(0)); - &mov ($out,&wparam(1)); - &mov ($len,&wparam(2)); - &mov ($key,&wparam(3)); - &movdqu ($rndkey0,&QWP(0,$rounds)); # load offset_i - &mov ($block,&wparam(4)); # start_block_num - &movdqu ($rndkey1,&QWP(0,$rounds_)); # load checksum - &mov ($l_,&wparam(6)); # L_ - - &mov ($rounds,"esp"); - &sub ("esp",$esp_off+4); # alloca - &and ("esp",-16); # align stack - - &sub ($out,$inp); - &shl ($len,4); - &lea ($len,&DWP(-16*6,$inp,$len)); # end of input - 16*6 - &mov (&DWP($out_off,"esp"),$out); - &mov (&DWP($end_off,"esp"),$len); - &mov (&DWP($esp_off,"esp"),$rounds); - - &mov ($rounds,&DWP(240,$key)); - - &test ($block,1); - &jnz (&label("odd")); - - &bsf ($i3,$block); - &add ($block,1); - &shl ($i3,4); - &movdqu ($inout5,&QWP(0,$l_,$i3)); - &mov ($i3,$key); # put aside key - - &movdqu ($inout0,&QWP(16*0,$inp)); # load input - &lea ($inp,&DWP(16,$inp)); - - &pxor ($inout5,$rndkey0); # ^ last offset_i - &pxor ($rndkey1,$inout0); # checksum - &pxor ($inout0,$inout5); # ^ offset_i - - &movdqa ($inout4,$rndkey1); - if ($inline) - { &aesni_inline_generate1("enc"); } - else - { &call ("_aesni_encrypt1"); } - - &xorps ($inout0,$inout5); # ^ offset_i - &movdqa ($rndkey0,$inout5); # pass last offset_i - &movdqa ($rndkey1,$inout4); # pass the checksum - - &movups (&QWP(-16,$out,$inp),$inout0); # store output - - &mov ($rounds,&DWP(240,$i3)); - &mov ($key,$i3); # restore key - &mov ($len,&DWP($end_off,"esp")); - -&set_label("odd"); - &shl ($rounds,4); - &mov ($out,16); - &sub ($out,$rounds); # twisted rounds - &mov (&DWP($key_off,"esp"),$key); - &lea ($key,&DWP(32,$key,$rounds)); # end of key schedule - &mov (&DWP($rounds_off,"esp"),$out); - - &cmp ($inp,$len); - &ja (&label("short")); - &jmp (&label("grandloop")); - -&set_label("grandloop",32); - &lea ($i1,&DWP(1,$block)); - &lea ($i3,&DWP(3,$block)); - &lea ($i5,&DWP(5,$block)); - &add ($block,6); - &bsf ($i1,$i1); - &bsf ($i3,$i3); - &bsf ($i5,$i5); - &shl ($i1,4); - &shl ($i3,4); - &shl ($i5,4); - &movdqu ($inout0,&QWP(0,$l_)); - &movdqu ($inout1,&QWP(0,$l_,$i1)); - &mov ($rounds,&DWP($rounds_off,"esp")); - &movdqa ($inout2,$inout0); - &movdqu ($inout3,&QWP(0,$l_,$i3)); - &movdqa ($inout4,$inout0); - &movdqu ($inout5,&QWP(0,$l_,$i5)); - - &pxor ($inout0,$rndkey0); # ^ last offset_i - &pxor ($inout1,$inout0); - &movdqa (&QWP(16*0,"esp"),$inout0); - &pxor ($inout2,$inout1); - &movdqa (&QWP(16*1,"esp"),$inout1); - &pxor ($inout3,$inout2); - &movdqa (&QWP(16*2,"esp"),$inout2); - &pxor ($inout4,$inout3); - &movdqa (&QWP(16*3,"esp"),$inout3); - &pxor ($inout5,$inout4); - &movdqa (&QWP(16*4,"esp"),$inout4); - &movdqa (&QWP(16*5,"esp"),$inout5); - - &$movekey ($rndkey0,&QWP(-48,$key,$rounds)); - &movdqu ($inout0,&QWP(16*0,$inp)); # load input - &movdqu ($inout1,&QWP(16*1,$inp)); - &movdqu ($inout2,&QWP(16*2,$inp)); - &movdqu ($inout3,&QWP(16*3,$inp)); - &movdqu ($inout4,&QWP(16*4,$inp)); - &movdqu ($inout5,&QWP(16*5,$inp)); - &lea ($inp,&DWP(16*6,$inp)); - - &pxor ($rndkey1,$inout0); # checksum - &pxor ($inout0,$rndkey0); # ^ roundkey[0] - &pxor ($rndkey1,$inout1); - &pxor ($inout1,$rndkey0); - &pxor ($rndkey1,$inout2); - &pxor ($inout2,$rndkey0); - &pxor ($rndkey1,$inout3); - &pxor ($inout3,$rndkey0); - &pxor ($rndkey1,$inout4); - &pxor ($inout4,$rndkey0); - &pxor ($rndkey1,$inout5); - &pxor ($inout5,$rndkey0); - &movdqa (&QWP($checksum,"esp"),$rndkey1); - - &$movekey ($rndkey1,&QWP(-32,$key,$rounds)); - &pxor ($inout0,&QWP(16*0,"esp")); # ^ offset_i - &pxor ($inout1,&QWP(16*1,"esp")); - &pxor ($inout2,&QWP(16*2,"esp")); - &pxor ($inout3,&QWP(16*3,"esp")); - &pxor ($inout4,&QWP(16*4,"esp")); - &pxor ($inout5,&QWP(16*5,"esp")); - - &$movekey ($rndkey0,&QWP(-16,$key,$rounds)); - &aesenc ($inout0,$rndkey1); - &aesenc ($inout1,$rndkey1); - &aesenc ($inout2,$rndkey1); - &aesenc ($inout3,$rndkey1); - &aesenc ($inout4,$rndkey1); - &aesenc ($inout5,$rndkey1); - - &mov ($out,&DWP($out_off,"esp")); - &mov ($len,&DWP($end_off,"esp")); - &call ("_aesni_encrypt6_enter"); - - &movdqa ($rndkey0,&QWP(16*5,"esp")); # pass last offset_i - &pxor ($inout0,&QWP(16*0,"esp")); # ^ offset_i - &pxor ($inout1,&QWP(16*1,"esp")); - &pxor ($inout2,&QWP(16*2,"esp")); - &pxor ($inout3,&QWP(16*3,"esp")); - &pxor ($inout4,&QWP(16*4,"esp")); - &pxor ($inout5,$rndkey0); - &movdqa ($rndkey1,&QWP($checksum,"esp"));# pass the checksum - - &movdqu (&QWP(-16*6,$out,$inp),$inout0);# store output - &movdqu (&QWP(-16*5,$out,$inp),$inout1); - &movdqu (&QWP(-16*4,$out,$inp),$inout2); - &movdqu (&QWP(-16*3,$out,$inp),$inout3); - &movdqu (&QWP(-16*2,$out,$inp),$inout4); - &movdqu (&QWP(-16*1,$out,$inp),$inout5); - &cmp ($inp,$len); # done yet? - &jbe (&label("grandloop")); - -&set_label("short"); - &add ($len,16*6); - &sub ($len,$inp); - &jz (&label("done")); - - &cmp ($len,16*2); - &jb (&label("one")); - &je (&label("two")); - - &cmp ($len,16*4); - &jb (&label("three")); - &je (&label("four")); - - &lea ($i1,&DWP(1,$block)); - &lea ($i3,&DWP(3,$block)); - &bsf ($i1,$i1); - &bsf ($i3,$i3); - &shl ($i1,4); - &shl ($i3,4); - &movdqu ($inout0,&QWP(0,$l_)); - &movdqu ($inout1,&QWP(0,$l_,$i1)); - &mov ($rounds,&DWP($rounds_off,"esp")); - &movdqa ($inout2,$inout0); - &movdqu ($inout3,&QWP(0,$l_,$i3)); - &movdqa ($inout4,$inout0); - - &pxor ($inout0,$rndkey0); # ^ last offset_i - &pxor ($inout1,$inout0); - &movdqa (&QWP(16*0,"esp"),$inout0); - &pxor ($inout2,$inout1); - &movdqa (&QWP(16*1,"esp"),$inout1); - &pxor ($inout3,$inout2); - &movdqa (&QWP(16*2,"esp"),$inout2); - &pxor ($inout4,$inout3); - &movdqa (&QWP(16*3,"esp"),$inout3); - &pxor ($inout5,$inout4); - &movdqa (&QWP(16*4,"esp"),$inout4); - - &$movekey ($rndkey0,&QWP(-48,$key,$rounds)); - &movdqu ($inout0,&QWP(16*0,$inp)); # load input - &movdqu ($inout1,&QWP(16*1,$inp)); - &movdqu ($inout2,&QWP(16*2,$inp)); - &movdqu ($inout3,&QWP(16*3,$inp)); - &movdqu ($inout4,&QWP(16*4,$inp)); - &pxor ($inout5,$inout5); - - &pxor ($rndkey1,$inout0); # checksum - &pxor ($inout0,$rndkey0); # ^ roundkey[0] - &pxor ($rndkey1,$inout1); - &pxor ($inout1,$rndkey0); - &pxor ($rndkey1,$inout2); - &pxor ($inout2,$rndkey0); - &pxor ($rndkey1,$inout3); - &pxor ($inout3,$rndkey0); - &pxor ($rndkey1,$inout4); - &pxor ($inout4,$rndkey0); - &movdqa (&QWP($checksum,"esp"),$rndkey1); - - &$movekey ($rndkey1,&QWP(-32,$key,$rounds)); - &pxor ($inout0,&QWP(16*0,"esp")); # ^ offset_i - &pxor ($inout1,&QWP(16*1,"esp")); - &pxor ($inout2,&QWP(16*2,"esp")); - &pxor ($inout3,&QWP(16*3,"esp")); - &pxor ($inout4,&QWP(16*4,"esp")); - - &$movekey ($rndkey0,&QWP(-16,$key,$rounds)); - &aesenc ($inout0,$rndkey1); - &aesenc ($inout1,$rndkey1); - &aesenc ($inout2,$rndkey1); - &aesenc ($inout3,$rndkey1); - &aesenc ($inout4,$rndkey1); - &aesenc ($inout5,$rndkey1); - - &mov ($out,&DWP($out_off,"esp")); - &call ("_aesni_encrypt6_enter"); - - &movdqa ($rndkey0,&QWP(16*4,"esp")); # pass last offset_i - &pxor ($inout0,&QWP(16*0,"esp")); # ^ offset_i - &pxor ($inout1,&QWP(16*1,"esp")); - &pxor ($inout2,&QWP(16*2,"esp")); - &pxor ($inout3,&QWP(16*3,"esp")); - &pxor ($inout4,$rndkey0); - &movdqa ($rndkey1,&QWP($checksum,"esp"));# pass the checksum - - &movdqu (&QWP(16*0,$out,$inp),$inout0); # store output - &movdqu (&QWP(16*1,$out,$inp),$inout1); - &movdqu (&QWP(16*2,$out,$inp),$inout2); - &movdqu (&QWP(16*3,$out,$inp),$inout3); - &movdqu (&QWP(16*4,$out,$inp),$inout4); - - &jmp (&label("done")); - -&set_label("one",16); - &movdqu ($inout5,&QWP(0,$l_)); - &mov ($key,&DWP($key_off,"esp")); # restore key - - &movdqu ($inout0,&QWP(16*0,$inp)); # load input - &mov ($rounds,&DWP(240,$key)); - - &pxor ($inout5,$rndkey0); # ^ last offset_i - &pxor ($rndkey1,$inout0); # checksum - &pxor ($inout0,$inout5); # ^ offset_i - - &movdqa ($inout4,$rndkey1); - &mov ($out,&DWP($out_off,"esp")); - if ($inline) - { &aesni_inline_generate1("enc"); } - else - { &call ("_aesni_encrypt1"); } - - &xorps ($inout0,$inout5); # ^ offset_i - &movdqa ($rndkey0,$inout5); # pass last offset_i - &movdqa ($rndkey1,$inout4); # pass the checksum - &movups (&QWP(0,$out,$inp),$inout0); - - &jmp (&label("done")); - -&set_label("two",16); - &lea ($i1,&DWP(1,$block)); - &mov ($key,&DWP($key_off,"esp")); # restore key - &bsf ($i1,$i1); - &shl ($i1,4); - &movdqu ($inout4,&QWP(0,$l_)); - &movdqu ($inout5,&QWP(0,$l_,$i1)); - - &movdqu ($inout0,&QWP(16*0,$inp)); # load input - &movdqu ($inout1,&QWP(16*1,$inp)); - &mov ($rounds,&DWP(240,$key)); - - &pxor ($inout4,$rndkey0); # ^ last offset_i - &pxor ($inout5,$inout4); - - &pxor ($rndkey1,$inout0); # checksum - &pxor ($inout0,$inout4); # ^ offset_i - &pxor ($rndkey1,$inout1); - &pxor ($inout1,$inout5); - - &movdqa ($inout3,$rndkey1) - &mov ($out,&DWP($out_off,"esp")); - &call ("_aesni_encrypt2"); - - &xorps ($inout0,$inout4); # ^ offset_i - &xorps ($inout1,$inout5); - &movdqa ($rndkey0,$inout5); # pass last offset_i - &movdqa ($rndkey1,$inout3); # pass the checksum - &movups (&QWP(16*0,$out,$inp),$inout0); # store output - &movups (&QWP(16*1,$out,$inp),$inout1); - - &jmp (&label("done")); - -&set_label("three",16); - &lea ($i1,&DWP(1,$block)); - &mov ($key,&DWP($key_off,"esp")); # restore key - &bsf ($i1,$i1); - &shl ($i1,4); - &movdqu ($inout3,&QWP(0,$l_)); - &movdqu ($inout4,&QWP(0,$l_,$i1)); - &movdqa ($inout5,$inout3); - - &movdqu ($inout0,&QWP(16*0,$inp)); # load input - &movdqu ($inout1,&QWP(16*1,$inp)); - &movdqu ($inout2,&QWP(16*2,$inp)); - &mov ($rounds,&DWP(240,$key)); - - &pxor ($inout3,$rndkey0); # ^ last offset_i - &pxor ($inout4,$inout3); - &pxor ($inout5,$inout4); - - &pxor ($rndkey1,$inout0); # checksum - &pxor ($inout0,$inout3); # ^ offset_i - &pxor ($rndkey1,$inout1); - &pxor ($inout1,$inout4); - &pxor ($rndkey1,$inout2); - &pxor ($inout2,$inout5); - - &movdqa (&QWP($checksum,"esp"),$rndkey1); - &mov ($out,&DWP($out_off,"esp")); - &call ("_aesni_encrypt3"); - - &xorps ($inout0,$inout3); # ^ offset_i - &xorps ($inout1,$inout4); - &xorps ($inout2,$inout5); - &movdqa ($rndkey0,$inout5); # pass last offset_i - &movdqa ($rndkey1,&QWP($checksum,"esp"));# pass the checksum - &movups (&QWP(16*0,$out,$inp),$inout0); # store output - &movups (&QWP(16*1,$out,$inp),$inout1); - &movups (&QWP(16*2,$out,$inp),$inout2); - - &jmp (&label("done")); - -&set_label("four",16); - &lea ($i1,&DWP(1,$block)); - &lea ($i3,&DWP(3,$block)); - &bsf ($i1,$i1); - &bsf ($i3,$i3); - &mov ($key,&DWP($key_off,"esp")); # restore key - &shl ($i1,4); - &shl ($i3,4); - &movdqu ($inout2,&QWP(0,$l_)); - &movdqu ($inout3,&QWP(0,$l_,$i1)); - &movdqa ($inout4,$inout2); - &movdqu ($inout5,&QWP(0,$l_,$i3)); - - &pxor ($inout2,$rndkey0); # ^ last offset_i - &movdqu ($inout0,&QWP(16*0,$inp)); # load input - &pxor ($inout3,$inout2); - &movdqu ($inout1,&QWP(16*1,$inp)); - &pxor ($inout4,$inout3); - &movdqa (&QWP(16*0,"esp"),$inout2); - &pxor ($inout5,$inout4); - &movdqa (&QWP(16*1,"esp"),$inout3); - &movdqu ($inout2,&QWP(16*2,$inp)); - &movdqu ($inout3,&QWP(16*3,$inp)); - &mov ($rounds,&DWP(240,$key)); - - &pxor ($rndkey1,$inout0); # checksum - &pxor ($inout0,&QWP(16*0,"esp")); # ^ offset_i - &pxor ($rndkey1,$inout1); - &pxor ($inout1,&QWP(16*1,"esp")); - &pxor ($rndkey1,$inout2); - &pxor ($inout2,$inout4); - &pxor ($rndkey1,$inout3); - &pxor ($inout3,$inout5); - - &movdqa (&QWP($checksum,"esp"),$rndkey1) - &mov ($out,&DWP($out_off,"esp")); - &call ("_aesni_encrypt4"); - - &xorps ($inout0,&QWP(16*0,"esp")); # ^ offset_i - &xorps ($inout1,&QWP(16*1,"esp")); - &xorps ($inout2,$inout4); - &movups (&QWP(16*0,$out,$inp),$inout0); # store output - &xorps ($inout3,$inout5); - &movups (&QWP(16*1,$out,$inp),$inout1); - &movdqa ($rndkey0,$inout5); # pass last offset_i - &movups (&QWP(16*2,$out,$inp),$inout2); - &movdqa ($rndkey1,&QWP($checksum,"esp"));# pass the checksum - &movups (&QWP(16*3,$out,$inp),$inout3); - -&set_label("done"); - &mov ($key,&DWP($esp_off,"esp")); - &pxor ($inout0,$inout0); # clear register bank - &pxor ($inout1,$inout1); - &movdqa (&QWP(16*0,"esp"),$inout0); # clear stack - &pxor ($inout2,$inout2); - &movdqa (&QWP(16*1,"esp"),$inout0); - &pxor ($inout3,$inout3); - &movdqa (&QWP(16*2,"esp"),$inout0); - &pxor ($inout4,$inout4); - &movdqa (&QWP(16*3,"esp"),$inout0); - &pxor ($inout5,$inout5); - &movdqa (&QWP(16*4,"esp"),$inout0); - &movdqa (&QWP(16*5,"esp"),$inout0); - &movdqa (&QWP(16*6,"esp"),$inout0); - - &lea ("esp",&DWP(0,$key)); - &mov ($rounds,&wparam(5)); # &offset_i - &mov ($rounds_,&wparam(7)); # &checksum - &movdqu (&QWP(0,$rounds),$rndkey0); - &pxor ($rndkey0,$rndkey0); - &movdqu (&QWP(0,$rounds_),$rndkey1); - &pxor ($rndkey1,$rndkey1); -&function_end("aesni_ocb_encrypt"); - -&function_begin("aesni_ocb_decrypt"); - &mov ($rounds,&wparam(5)); # &offset_i - &mov ($rounds_,&wparam(7)); # &checksum - - &mov ($inp,&wparam(0)); - &mov ($out,&wparam(1)); - &mov ($len,&wparam(2)); - &mov ($key,&wparam(3)); - &movdqu ($rndkey0,&QWP(0,$rounds)); # load offset_i - &mov ($block,&wparam(4)); # start_block_num - &movdqu ($rndkey1,&QWP(0,$rounds_)); # load checksum - &mov ($l_,&wparam(6)); # L_ - - &mov ($rounds,"esp"); - &sub ("esp",$esp_off+4); # alloca - &and ("esp",-16); # align stack - - &sub ($out,$inp); - &shl ($len,4); - &lea ($len,&DWP(-16*6,$inp,$len)); # end of input - 16*6 - &mov (&DWP($out_off,"esp"),$out); - &mov (&DWP($end_off,"esp"),$len); - &mov (&DWP($esp_off,"esp"),$rounds); - - &mov ($rounds,&DWP(240,$key)); - - &test ($block,1); - &jnz (&label("odd")); - - &bsf ($i3,$block); - &add ($block,1); - &shl ($i3,4); - &movdqu ($inout5,&QWP(0,$l_,$i3)); - &mov ($i3,$key); # put aside key - - &movdqu ($inout0,&QWP(16*0,$inp)); # load input - &lea ($inp,&DWP(16,$inp)); - - &pxor ($inout5,$rndkey0); # ^ last offset_i - &pxor ($inout0,$inout5); # ^ offset_i - - &movdqa ($inout4,$rndkey1); - if ($inline) - { &aesni_inline_generate1("dec"); } - else - { &call ("_aesni_decrypt1"); } - - &xorps ($inout0,$inout5); # ^ offset_i - &movaps ($rndkey1,$inout4); # pass the checksum - &movdqa ($rndkey0,$inout5); # pass last offset_i - &xorps ($rndkey1,$inout0); # checksum - &movups (&QWP(-16,$out,$inp),$inout0); # store output - - &mov ($rounds,&DWP(240,$i3)); - &mov ($key,$i3); # restore key - &mov ($len,&DWP($end_off,"esp")); - -&set_label("odd"); - &shl ($rounds,4); - &mov ($out,16); - &sub ($out,$rounds); # twisted rounds - &mov (&DWP($key_off,"esp"),$key); - &lea ($key,&DWP(32,$key,$rounds)); # end of key schedule - &mov (&DWP($rounds_off,"esp"),$out); - - &cmp ($inp,$len); - &ja (&label("short")); - &jmp (&label("grandloop")); - -&set_label("grandloop",32); - &lea ($i1,&DWP(1,$block)); - &lea ($i3,&DWP(3,$block)); - &lea ($i5,&DWP(5,$block)); - &add ($block,6); - &bsf ($i1,$i1); - &bsf ($i3,$i3); - &bsf ($i5,$i5); - &shl ($i1,4); - &shl ($i3,4); - &shl ($i5,4); - &movdqu ($inout0,&QWP(0,$l_)); - &movdqu ($inout1,&QWP(0,$l_,$i1)); - &mov ($rounds,&DWP($rounds_off,"esp")); - &movdqa ($inout2,$inout0); - &movdqu ($inout3,&QWP(0,$l_,$i3)); - &movdqa ($inout4,$inout0); - &movdqu ($inout5,&QWP(0,$l_,$i5)); - - &pxor ($inout0,$rndkey0); # ^ last offset_i - &pxor ($inout1,$inout0); - &movdqa (&QWP(16*0,"esp"),$inout0); - &pxor ($inout2,$inout1); - &movdqa (&QWP(16*1,"esp"),$inout1); - &pxor ($inout3,$inout2); - &movdqa (&QWP(16*2,"esp"),$inout2); - &pxor ($inout4,$inout3); - &movdqa (&QWP(16*3,"esp"),$inout3); - &pxor ($inout5,$inout4); - &movdqa (&QWP(16*4,"esp"),$inout4); - &movdqa (&QWP(16*5,"esp"),$inout5); - - &$movekey ($rndkey0,&QWP(-48,$key,$rounds)); - &movdqu ($inout0,&QWP(16*0,$inp)); # load input - &movdqu ($inout1,&QWP(16*1,$inp)); - &movdqu ($inout2,&QWP(16*2,$inp)); - &movdqu ($inout3,&QWP(16*3,$inp)); - &movdqu ($inout4,&QWP(16*4,$inp)); - &movdqu ($inout5,&QWP(16*5,$inp)); - &lea ($inp,&DWP(16*6,$inp)); - - &movdqa (&QWP($checksum,"esp"),$rndkey1); - &pxor ($inout0,$rndkey0); # ^ roundkey[0] - &pxor ($inout1,$rndkey0); - &pxor ($inout2,$rndkey0); - &pxor ($inout3,$rndkey0); - &pxor ($inout4,$rndkey0); - &pxor ($inout5,$rndkey0); - - &$movekey ($rndkey1,&QWP(-32,$key,$rounds)); - &pxor ($inout0,&QWP(16*0,"esp")); # ^ offset_i - &pxor ($inout1,&QWP(16*1,"esp")); - &pxor ($inout2,&QWP(16*2,"esp")); - &pxor ($inout3,&QWP(16*3,"esp")); - &pxor ($inout4,&QWP(16*4,"esp")); - &pxor ($inout5,&QWP(16*5,"esp")); - - &$movekey ($rndkey0,&QWP(-16,$key,$rounds)); - &aesdec ($inout0,$rndkey1); - &aesdec ($inout1,$rndkey1); - &aesdec ($inout2,$rndkey1); - &aesdec ($inout3,$rndkey1); - &aesdec ($inout4,$rndkey1); - &aesdec ($inout5,$rndkey1); - - &mov ($out,&DWP($out_off,"esp")); - &mov ($len,&DWP($end_off,"esp")); - &call ("_aesni_decrypt6_enter"); - - &movdqa ($rndkey0,&QWP(16*5,"esp")); # pass last offset_i - &pxor ($inout0,&QWP(16*0,"esp")); # ^ offset_i - &movdqa ($rndkey1,&QWP($checksum,"esp")); - &pxor ($inout1,&QWP(16*1,"esp")); - &pxor ($inout2,&QWP(16*2,"esp")); - &pxor ($inout3,&QWP(16*3,"esp")); - &pxor ($inout4,&QWP(16*4,"esp")); - &pxor ($inout5,$rndkey0); - - &pxor ($rndkey1,$inout0); # checksum - &movdqu (&QWP(-16*6,$out,$inp),$inout0);# store output - &pxor ($rndkey1,$inout1); - &movdqu (&QWP(-16*5,$out,$inp),$inout1); - &pxor ($rndkey1,$inout2); - &movdqu (&QWP(-16*4,$out,$inp),$inout2); - &pxor ($rndkey1,$inout3); - &movdqu (&QWP(-16*3,$out,$inp),$inout3); - &pxor ($rndkey1,$inout4); - &movdqu (&QWP(-16*2,$out,$inp),$inout4); - &pxor ($rndkey1,$inout5); - &movdqu (&QWP(-16*1,$out,$inp),$inout5); - &cmp ($inp,$len); # done yet? - &jbe (&label("grandloop")); - -&set_label("short"); - &add ($len,16*6); - &sub ($len,$inp); - &jz (&label("done")); - - &cmp ($len,16*2); - &jb (&label("one")); - &je (&label("two")); - - &cmp ($len,16*4); - &jb (&label("three")); - &je (&label("four")); - - &lea ($i1,&DWP(1,$block)); - &lea ($i3,&DWP(3,$block)); - &bsf ($i1,$i1); - &bsf ($i3,$i3); - &shl ($i1,4); - &shl ($i3,4); - &movdqu ($inout0,&QWP(0,$l_)); - &movdqu ($inout1,&QWP(0,$l_,$i1)); - &mov ($rounds,&DWP($rounds_off,"esp")); - &movdqa ($inout2,$inout0); - &movdqu ($inout3,&QWP(0,$l_,$i3)); - &movdqa ($inout4,$inout0); - - &pxor ($inout0,$rndkey0); # ^ last offset_i - &pxor ($inout1,$inout0); - &movdqa (&QWP(16*0,"esp"),$inout0); - &pxor ($inout2,$inout1); - &movdqa (&QWP(16*1,"esp"),$inout1); - &pxor ($inout3,$inout2); - &movdqa (&QWP(16*2,"esp"),$inout2); - &pxor ($inout4,$inout3); - &movdqa (&QWP(16*3,"esp"),$inout3); - &pxor ($inout5,$inout4); - &movdqa (&QWP(16*4,"esp"),$inout4); - - &$movekey ($rndkey0,&QWP(-48,$key,$rounds)); - &movdqu ($inout0,&QWP(16*0,$inp)); # load input - &movdqu ($inout1,&QWP(16*1,$inp)); - &movdqu ($inout2,&QWP(16*2,$inp)); - &movdqu ($inout3,&QWP(16*3,$inp)); - &movdqu ($inout4,&QWP(16*4,$inp)); - &pxor ($inout5,$inout5); - - &movdqa (&QWP($checksum,"esp"),$rndkey1); - &pxor ($inout0,$rndkey0); # ^ roundkey[0] - &pxor ($inout1,$rndkey0); - &pxor ($inout2,$rndkey0); - &pxor ($inout3,$rndkey0); - &pxor ($inout4,$rndkey0); - - &$movekey ($rndkey1,&QWP(-32,$key,$rounds)); - &pxor ($inout0,&QWP(16*0,"esp")); # ^ offset_i - &pxor ($inout1,&QWP(16*1,"esp")); - &pxor ($inout2,&QWP(16*2,"esp")); - &pxor ($inout3,&QWP(16*3,"esp")); - &pxor ($inout4,&QWP(16*4,"esp")); - - &$movekey ($rndkey0,&QWP(-16,$key,$rounds)); - &aesdec ($inout0,$rndkey1); - &aesdec ($inout1,$rndkey1); - &aesdec ($inout2,$rndkey1); - &aesdec ($inout3,$rndkey1); - &aesdec ($inout4,$rndkey1); - &aesdec ($inout5,$rndkey1); - - &mov ($out,&DWP($out_off,"esp")); - &call ("_aesni_decrypt6_enter"); - - &movdqa ($rndkey0,&QWP(16*4,"esp")); # pass last offset_i - &pxor ($inout0,&QWP(16*0,"esp")); # ^ offset_i - &movdqa ($rndkey1,&QWP($checksum,"esp")); - &pxor ($inout1,&QWP(16*1,"esp")); - &pxor ($inout2,&QWP(16*2,"esp")); - &pxor ($inout3,&QWP(16*3,"esp")); - &pxor ($inout4,$rndkey0); - - &pxor ($rndkey1,$inout0); # checksum - &movdqu (&QWP(16*0,$out,$inp),$inout0); # store output - &pxor ($rndkey1,$inout1); - &movdqu (&QWP(16*1,$out,$inp),$inout1); - &pxor ($rndkey1,$inout2); - &movdqu (&QWP(16*2,$out,$inp),$inout2); - &pxor ($rndkey1,$inout3); - &movdqu (&QWP(16*3,$out,$inp),$inout3); - &pxor ($rndkey1,$inout4); - &movdqu (&QWP(16*4,$out,$inp),$inout4); - - &jmp (&label("done")); - -&set_label("one",16); - &movdqu ($inout5,&QWP(0,$l_)); - &mov ($key,&DWP($key_off,"esp")); # restore key - - &movdqu ($inout0,&QWP(16*0,$inp)); # load input - &mov ($rounds,&DWP(240,$key)); - - &pxor ($inout5,$rndkey0); # ^ last offset_i - &pxor ($inout0,$inout5); # ^ offset_i - - &movdqa ($inout4,$rndkey1); - &mov ($out,&DWP($out_off,"esp")); - if ($inline) - { &aesni_inline_generate1("dec"); } - else - { &call ("_aesni_decrypt1"); } - - &xorps ($inout0,$inout5); # ^ offset_i - &movaps ($rndkey1,$inout4); # pass the checksum - &movdqa ($rndkey0,$inout5); # pass last offset_i - &xorps ($rndkey1,$inout0); # checksum - &movups (&QWP(0,$out,$inp),$inout0); - - &jmp (&label("done")); - -&set_label("two",16); - &lea ($i1,&DWP(1,$block)); - &mov ($key,&DWP($key_off,"esp")); # restore key - &bsf ($i1,$i1); - &shl ($i1,4); - &movdqu ($inout4,&QWP(0,$l_)); - &movdqu ($inout5,&QWP(0,$l_,$i1)); - - &movdqu ($inout0,&QWP(16*0,$inp)); # load input - &movdqu ($inout1,&QWP(16*1,$inp)); - &mov ($rounds,&DWP(240,$key)); - - &movdqa ($inout3,$rndkey1); - &pxor ($inout4,$rndkey0); # ^ last offset_i - &pxor ($inout5,$inout4); - - &pxor ($inout0,$inout4); # ^ offset_i - &pxor ($inout1,$inout5); - - &mov ($out,&DWP($out_off,"esp")); - &call ("_aesni_decrypt2"); - - &xorps ($inout0,$inout4); # ^ offset_i - &xorps ($inout1,$inout5); - &movdqa ($rndkey0,$inout5); # pass last offset_i - &xorps ($inout3,$inout0); # checksum - &movups (&QWP(16*0,$out,$inp),$inout0); # store output - &xorps ($inout3,$inout1); - &movups (&QWP(16*1,$out,$inp),$inout1); - &movaps ($rndkey1,$inout3); # pass the checksum - - &jmp (&label("done")); - -&set_label("three",16); - &lea ($i1,&DWP(1,$block)); - &mov ($key,&DWP($key_off,"esp")); # restore key - &bsf ($i1,$i1); - &shl ($i1,4); - &movdqu ($inout3,&QWP(0,$l_)); - &movdqu ($inout4,&QWP(0,$l_,$i1)); - &movdqa ($inout5,$inout3); - - &movdqu ($inout0,&QWP(16*0,$inp)); # load input - &movdqu ($inout1,&QWP(16*1,$inp)); - &movdqu ($inout2,&QWP(16*2,$inp)); - &mov ($rounds,&DWP(240,$key)); - - &movdqa (&QWP($checksum,"esp"),$rndkey1); - &pxor ($inout3,$rndkey0); # ^ last offset_i - &pxor ($inout4,$inout3); - &pxor ($inout5,$inout4); - - &pxor ($inout0,$inout3); # ^ offset_i - &pxor ($inout1,$inout4); - &pxor ($inout2,$inout5); - - &mov ($out,&DWP($out_off,"esp")); - &call ("_aesni_decrypt3"); - - &movdqa ($rndkey1,&QWP($checksum,"esp"));# pass the checksum - &xorps ($inout0,$inout3); # ^ offset_i - &xorps ($inout1,$inout4); - &xorps ($inout2,$inout5); - &movups (&QWP(16*0,$out,$inp),$inout0); # store output - &pxor ($rndkey1,$inout0); # checksum - &movdqa ($rndkey0,$inout5); # pass last offset_i - &movups (&QWP(16*1,$out,$inp),$inout1); - &pxor ($rndkey1,$inout1); - &movups (&QWP(16*2,$out,$inp),$inout2); - &pxor ($rndkey1,$inout2); - - &jmp (&label("done")); - -&set_label("four",16); - &lea ($i1,&DWP(1,$block)); - &lea ($i3,&DWP(3,$block)); - &bsf ($i1,$i1); - &bsf ($i3,$i3); - &mov ($key,&DWP($key_off,"esp")); # restore key - &shl ($i1,4); - &shl ($i3,4); - &movdqu ($inout2,&QWP(0,$l_)); - &movdqu ($inout3,&QWP(0,$l_,$i1)); - &movdqa ($inout4,$inout2); - &movdqu ($inout5,&QWP(0,$l_,$i3)); - - &pxor ($inout2,$rndkey0); # ^ last offset_i - &movdqu ($inout0,&QWP(16*0,$inp)); # load input - &pxor ($inout3,$inout2); - &movdqu ($inout1,&QWP(16*1,$inp)); - &pxor ($inout4,$inout3); - &movdqa (&QWP(16*0,"esp"),$inout2); - &pxor ($inout5,$inout4); - &movdqa (&QWP(16*1,"esp"),$inout3); - &movdqu ($inout2,&QWP(16*2,$inp)); - &movdqu ($inout3,&QWP(16*3,$inp)); - &mov ($rounds,&DWP(240,$key)); - - &movdqa (&QWP($checksum,"esp"),$rndkey1); - &pxor ($inout0,&QWP(16*0,"esp")); # ^ offset_i - &pxor ($inout1,&QWP(16*1,"esp")); - &pxor ($inout2,$inout4); - &pxor ($inout3,$inout5); - - &mov ($out,&DWP($out_off,"esp")); - &call ("_aesni_decrypt4"); - - &movdqa ($rndkey1,&QWP($checksum,"esp"));# pass the checksum - &xorps ($inout0,&QWP(16*0,"esp")); # ^ offset_i - &xorps ($inout1,&QWP(16*1,"esp")); - &xorps ($inout2,$inout4); - &movups (&QWP(16*0,$out,$inp),$inout0); # store output - &pxor ($rndkey1,$inout0); # checksum - &xorps ($inout3,$inout5); - &movups (&QWP(16*1,$out,$inp),$inout1); - &pxor ($rndkey1,$inout1); - &movdqa ($rndkey0,$inout5); # pass last offset_i - &movups (&QWP(16*2,$out,$inp),$inout2); - &pxor ($rndkey1,$inout2); - &movups (&QWP(16*3,$out,$inp),$inout3); - &pxor ($rndkey1,$inout3); - -&set_label("done"); - &mov ($key,&DWP($esp_off,"esp")); - &pxor ($inout0,$inout0); # clear register bank - &pxor ($inout1,$inout1); - &movdqa (&QWP(16*0,"esp"),$inout0); # clear stack - &pxor ($inout2,$inout2); - &movdqa (&QWP(16*1,"esp"),$inout0); - &pxor ($inout3,$inout3); - &movdqa (&QWP(16*2,"esp"),$inout0); - &pxor ($inout4,$inout4); - &movdqa (&QWP(16*3,"esp"),$inout0); - &pxor ($inout5,$inout5); - &movdqa (&QWP(16*4,"esp"),$inout0); - &movdqa (&QWP(16*5,"esp"),$inout0); - &movdqa (&QWP(16*6,"esp"),$inout0); - - &lea ("esp",&DWP(0,$key)); - &mov ($rounds,&wparam(5)); # &offset_i - &mov ($rounds_,&wparam(7)); # &checksum - &movdqu (&QWP(0,$rounds),$rndkey0); - &pxor ($rndkey0,$rndkey0); - &movdqu (&QWP(0,$rounds_),$rndkey1); - &pxor ($rndkey1,$rndkey1); -&function_end("aesni_ocb_decrypt"); -} -} - -###################################################################### -# void $PREFIX_cbc_encrypt (const void *inp, void *out, -# size_t length, const AES_KEY *key, -# unsigned char *ivp,const int enc); -&function_begin("${PREFIX}_cbc_encrypt"); - &mov ($inp,&wparam(0)); - &mov ($rounds_,"esp"); - &mov ($out,&wparam(1)); - &sub ($rounds_,24); - &mov ($len,&wparam(2)); - &and ($rounds_,-16); - &mov ($key,&wparam(3)); - &mov ($key_,&wparam(4)); - &test ($len,$len); - &jz (&label("cbc_abort")); - - &cmp (&wparam(5),0); - &xchg ($rounds_,"esp"); # alloca - &movups ($ivec,&QWP(0,$key_)); # load IV - &mov ($rounds,&DWP(240,$key)); - &mov ($key_,$key); # backup $key - &mov (&DWP(16,"esp"),$rounds_); # save original %esp - &mov ($rounds_,$rounds); # backup $rounds - &je (&label("cbc_decrypt")); - - &movaps ($inout0,$ivec); - &cmp ($len,16); - &jb (&label("cbc_enc_tail")); - &sub ($len,16); - &jmp (&label("cbc_enc_loop")); - -&set_label("cbc_enc_loop",16); - &movups ($ivec,&QWP(0,$inp)); # input actually - &lea ($inp,&DWP(16,$inp)); - if ($inline) - { &aesni_inline_generate1("enc",$inout0,$ivec); } - else - { &xorps($inout0,$ivec); &call("_aesni_encrypt1"); } - &mov ($rounds,$rounds_); # restore $rounds - &mov ($key,$key_); # restore $key - &movups (&QWP(0,$out),$inout0); # store output - &lea ($out,&DWP(16,$out)); - &sub ($len,16); - &jnc (&label("cbc_enc_loop")); - &add ($len,16); - &jnz (&label("cbc_enc_tail")); - &movaps ($ivec,$inout0); - &pxor ($inout0,$inout0); - &jmp (&label("cbc_ret")); - -&set_label("cbc_enc_tail"); - &mov ("ecx",$len); # zaps $rounds - &data_word(0xA4F3F689); # rep movsb - &mov ("ecx",16); # zero tail - &sub ("ecx",$len); - &xor ("eax","eax"); # zaps $len - &data_word(0xAAF3F689); # rep stosb - &lea ($out,&DWP(-16,$out)); # rewind $out by 1 block - &mov ($rounds,$rounds_); # restore $rounds - &mov ($inp,$out); # $inp and $out are the same - &mov ($key,$key_); # restore $key - &jmp (&label("cbc_enc_loop")); -###################################################################### -&set_label("cbc_decrypt",16); - &cmp ($len,0x50); - &jbe (&label("cbc_dec_tail")); - &movaps (&QWP(0,"esp"),$ivec); # save IV - &sub ($len,0x50); - &jmp (&label("cbc_dec_loop6_enter")); - -&set_label("cbc_dec_loop6",16); - &movaps (&QWP(0,"esp"),$rndkey0); # save IV - &movups (&QWP(0,$out),$inout5); - &lea ($out,&DWP(0x10,$out)); -&set_label("cbc_dec_loop6_enter"); - &movdqu ($inout0,&QWP(0,$inp)); - &movdqu ($inout1,&QWP(0x10,$inp)); - &movdqu ($inout2,&QWP(0x20,$inp)); - &movdqu ($inout3,&QWP(0x30,$inp)); - &movdqu ($inout4,&QWP(0x40,$inp)); - &movdqu ($inout5,&QWP(0x50,$inp)); - - &call ("_aesni_decrypt6"); - - &movups ($rndkey1,&QWP(0,$inp)); - &movups ($rndkey0,&QWP(0x10,$inp)); - &xorps ($inout0,&QWP(0,"esp")); # ^=IV - &xorps ($inout1,$rndkey1); - &movups ($rndkey1,&QWP(0x20,$inp)); - &xorps ($inout2,$rndkey0); - &movups ($rndkey0,&QWP(0x30,$inp)); - &xorps ($inout3,$rndkey1); - &movups ($rndkey1,&QWP(0x40,$inp)); - &xorps ($inout4,$rndkey0); - &movups ($rndkey0,&QWP(0x50,$inp)); # IV - &xorps ($inout5,$rndkey1); - &movups (&QWP(0,$out),$inout0); - &movups (&QWP(0x10,$out),$inout1); - &lea ($inp,&DWP(0x60,$inp)); - &movups (&QWP(0x20,$out),$inout2); - &mov ($rounds,$rounds_); # restore $rounds - &movups (&QWP(0x30,$out),$inout3); - &mov ($key,$key_); # restore $key - &movups (&QWP(0x40,$out),$inout4); - &lea ($out,&DWP(0x50,$out)); - &sub ($len,0x60); - &ja (&label("cbc_dec_loop6")); - - &movaps ($inout0,$inout5); - &movaps ($ivec,$rndkey0); - &add ($len,0x50); - &jle (&label("cbc_dec_clear_tail_collected")); - &movups (&QWP(0,$out),$inout0); - &lea ($out,&DWP(0x10,$out)); -&set_label("cbc_dec_tail"); - &movups ($inout0,&QWP(0,$inp)); - &movaps ($in0,$inout0); - &cmp ($len,0x10); - &jbe (&label("cbc_dec_one")); - - &movups ($inout1,&QWP(0x10,$inp)); - &movaps ($in1,$inout1); - &cmp ($len,0x20); - &jbe (&label("cbc_dec_two")); - - &movups ($inout2,&QWP(0x20,$inp)); - &cmp ($len,0x30); - &jbe (&label("cbc_dec_three")); - - &movups ($inout3,&QWP(0x30,$inp)); - &cmp ($len,0x40); - &jbe (&label("cbc_dec_four")); - - &movups ($inout4,&QWP(0x40,$inp)); - &movaps (&QWP(0,"esp"),$ivec); # save IV - &movups ($inout0,&QWP(0,$inp)); - &xorps ($inout5,$inout5); - &call ("_aesni_decrypt6"); - &movups ($rndkey1,&QWP(0,$inp)); - &movups ($rndkey0,&QWP(0x10,$inp)); - &xorps ($inout0,&QWP(0,"esp")); # ^= IV - &xorps ($inout1,$rndkey1); - &movups ($rndkey1,&QWP(0x20,$inp)); - &xorps ($inout2,$rndkey0); - &movups ($rndkey0,&QWP(0x30,$inp)); - &xorps ($inout3,$rndkey1); - &movups ($ivec,&QWP(0x40,$inp)); # IV - &xorps ($inout4,$rndkey0); - &movups (&QWP(0,$out),$inout0); - &movups (&QWP(0x10,$out),$inout1); - &pxor ($inout1,$inout1); - &movups (&QWP(0x20,$out),$inout2); - &pxor ($inout2,$inout2); - &movups (&QWP(0x30,$out),$inout3); - &pxor ($inout3,$inout3); - &lea ($out,&DWP(0x40,$out)); - &movaps ($inout0,$inout4); - &pxor ($inout4,$inout4); - &sub ($len,0x50); - &jmp (&label("cbc_dec_tail_collected")); - -&set_label("cbc_dec_one",16); - if ($inline) - { &aesni_inline_generate1("dec"); } - else - { &call ("_aesni_decrypt1"); } - &xorps ($inout0,$ivec); - &movaps ($ivec,$in0); - &sub ($len,0x10); - &jmp (&label("cbc_dec_tail_collected")); - -&set_label("cbc_dec_two",16); - &call ("_aesni_decrypt2"); - &xorps ($inout0,$ivec); - &xorps ($inout1,$in0); - &movups (&QWP(0,$out),$inout0); - &movaps ($inout0,$inout1); - &pxor ($inout1,$inout1); - &lea ($out,&DWP(0x10,$out)); - &movaps ($ivec,$in1); - &sub ($len,0x20); - &jmp (&label("cbc_dec_tail_collected")); - -&set_label("cbc_dec_three",16); - &call ("_aesni_decrypt3"); - &xorps ($inout0,$ivec); - &xorps ($inout1,$in0); - &xorps ($inout2,$in1); - &movups (&QWP(0,$out),$inout0); - &movaps ($inout0,$inout2); - &pxor ($inout2,$inout2); - &movups (&QWP(0x10,$out),$inout1); - &pxor ($inout1,$inout1); - &lea ($out,&DWP(0x20,$out)); - &movups ($ivec,&QWP(0x20,$inp)); - &sub ($len,0x30); - &jmp (&label("cbc_dec_tail_collected")); - -&set_label("cbc_dec_four",16); - &call ("_aesni_decrypt4"); - &movups ($rndkey1,&QWP(0x10,$inp)); - &movups ($rndkey0,&QWP(0x20,$inp)); - &xorps ($inout0,$ivec); - &movups ($ivec,&QWP(0x30,$inp)); - &xorps ($inout1,$in0); - &movups (&QWP(0,$out),$inout0); - &xorps ($inout2,$rndkey1); - &movups (&QWP(0x10,$out),$inout1); - &pxor ($inout1,$inout1); - &xorps ($inout3,$rndkey0); - &movups (&QWP(0x20,$out),$inout2); - &pxor ($inout2,$inout2); - &lea ($out,&DWP(0x30,$out)); - &movaps ($inout0,$inout3); - &pxor ($inout3,$inout3); - &sub ($len,0x40); - &jmp (&label("cbc_dec_tail_collected")); - -&set_label("cbc_dec_clear_tail_collected",16); - &pxor ($inout1,$inout1); - &pxor ($inout2,$inout2); - &pxor ($inout3,$inout3); - &pxor ($inout4,$inout4); -&set_label("cbc_dec_tail_collected"); - &and ($len,15); - &jnz (&label("cbc_dec_tail_partial")); - &movups (&QWP(0,$out),$inout0); - &pxor ($rndkey0,$rndkey0); - &jmp (&label("cbc_ret")); - -&set_label("cbc_dec_tail_partial",16); - &movaps (&QWP(0,"esp"),$inout0); - &pxor ($rndkey0,$rndkey0); - &mov ("ecx",16); - &mov ($inp,"esp"); - &sub ("ecx",$len); - &data_word(0xA4F3F689); # rep movsb - &movdqa (&QWP(0,"esp"),$inout0); - -&set_label("cbc_ret"); - &mov ("esp",&DWP(16,"esp")); # pull original %esp - &mov ($key_,&wparam(4)); - &pxor ($inout0,$inout0); - &pxor ($rndkey1,$rndkey1); - &movups (&QWP(0,$key_),$ivec); # output IV - &pxor ($ivec,$ivec); -&set_label("cbc_abort"); -&function_end("${PREFIX}_cbc_encrypt"); - -###################################################################### -# Mechanical port from aesni-x86_64.pl. -# -# _aesni_set_encrypt_key is private interface, -# input: -# "eax" const unsigned char *userKey -# $rounds int bits -# $key AES_KEY *key -# output: -# "eax" return code -# $round rounds - -&function_begin_B("_aesni_set_encrypt_key"); - &push ("ebp"); - &push ("ebx"); - &test ("eax","eax"); - &jz (&label("bad_pointer")); - &test ($key,$key); - &jz (&label("bad_pointer")); - - &call (&label("pic")); -&set_label("pic"); - &blindpop("ebx"); - &lea ("ebx",&DWP(&label("key_const")."-".&label("pic"),"ebx")); - - &picmeup("ebp","OPENSSL_ia32cap_P","ebx",&label("key_const")); - &movups ("xmm0",&QWP(0,"eax")); # pull first 128 bits of *userKey - &xorps ("xmm4","xmm4"); # low dword of xmm4 is assumed 0 - &mov ("ebp",&DWP(4,"ebp")); - &lea ($key,&DWP(16,$key)); - &and ("ebp",1<<28|1<<11); # AVX and XOP bits - &cmp ($rounds,256); - &je (&label("14rounds")); - &cmp ($rounds,192); - &je (&label("12rounds")); - &cmp ($rounds,128); - &jne (&label("bad_keybits")); - -&set_label("10rounds",16); - &cmp ("ebp",1<<28); - &je (&label("10rounds_alt")); - - &mov ($rounds,9); - &$movekey (&QWP(-16,$key),"xmm0"); # round 0 - &aeskeygenassist("xmm1","xmm0",0x01); # round 1 - &call (&label("key_128_cold")); - &aeskeygenassist("xmm1","xmm0",0x2); # round 2 - &call (&label("key_128")); - &aeskeygenassist("xmm1","xmm0",0x04); # round 3 - &call (&label("key_128")); - &aeskeygenassist("xmm1","xmm0",0x08); # round 4 - &call (&label("key_128")); - &aeskeygenassist("xmm1","xmm0",0x10); # round 5 - &call (&label("key_128")); - &aeskeygenassist("xmm1","xmm0",0x20); # round 6 - &call (&label("key_128")); - &aeskeygenassist("xmm1","xmm0",0x40); # round 7 - &call (&label("key_128")); - &aeskeygenassist("xmm1","xmm0",0x80); # round 8 - &call (&label("key_128")); - &aeskeygenassist("xmm1","xmm0",0x1b); # round 9 - &call (&label("key_128")); - &aeskeygenassist("xmm1","xmm0",0x36); # round 10 - &call (&label("key_128")); - &$movekey (&QWP(0,$key),"xmm0"); - &mov (&DWP(80,$key),$rounds); - - &jmp (&label("good_key")); - -&set_label("key_128",16); - &$movekey (&QWP(0,$key),"xmm0"); - &lea ($key,&DWP(16,$key)); -&set_label("key_128_cold"); - &shufps ("xmm4","xmm0",0b00010000); - &xorps ("xmm0","xmm4"); - &shufps ("xmm4","xmm0",0b10001100); - &xorps ("xmm0","xmm4"); - &shufps ("xmm1","xmm1",0b11111111); # critical path - &xorps ("xmm0","xmm1"); - &ret(); - -&set_label("10rounds_alt",16); - &movdqa ("xmm5",&QWP(0x00,"ebx")); - &mov ($rounds,8); - &movdqa ("xmm4",&QWP(0x20,"ebx")); - &movdqa ("xmm2","xmm0"); - &movdqu (&QWP(-16,$key),"xmm0"); - -&set_label("loop_key128"); - &pshufb ("xmm0","xmm5"); - &aesenclast ("xmm0","xmm4"); - &pslld ("xmm4",1); - &lea ($key,&DWP(16,$key)); - - &movdqa ("xmm3","xmm2"); - &pslldq ("xmm2",4); - &pxor ("xmm3","xmm2"); - &pslldq ("xmm2",4); - &pxor ("xmm3","xmm2"); - &pslldq ("xmm2",4); - &pxor ("xmm2","xmm3"); - - &pxor ("xmm0","xmm2"); - &movdqu (&QWP(-16,$key),"xmm0"); - &movdqa ("xmm2","xmm0"); - - &dec ($rounds); - &jnz (&label("loop_key128")); - - &movdqa ("xmm4",&QWP(0x30,"ebx")); - - &pshufb ("xmm0","xmm5"); - &aesenclast ("xmm0","xmm4"); - &pslld ("xmm4",1); - - &movdqa ("xmm3","xmm2"); - &pslldq ("xmm2",4); - &pxor ("xmm3","xmm2"); - &pslldq ("xmm2",4); - &pxor ("xmm3","xmm2"); - &pslldq ("xmm2",4); - &pxor ("xmm2","xmm3"); - - &pxor ("xmm0","xmm2"); - &movdqu (&QWP(0,$key),"xmm0"); - - &movdqa ("xmm2","xmm0"); - &pshufb ("xmm0","xmm5"); - &aesenclast ("xmm0","xmm4"); - - &movdqa ("xmm3","xmm2"); - &pslldq ("xmm2",4); - &pxor ("xmm3","xmm2"); - &pslldq ("xmm2",4); - &pxor ("xmm3","xmm2"); - &pslldq ("xmm2",4); - &pxor ("xmm2","xmm3"); - - &pxor ("xmm0","xmm2"); - &movdqu (&QWP(16,$key),"xmm0"); - - &mov ($rounds,9); - &mov (&DWP(96,$key),$rounds); - - &jmp (&label("good_key")); - -&set_label("12rounds",16); - &movq ("xmm2",&QWP(16,"eax")); # remaining 1/3 of *userKey - &cmp ("ebp",1<<28); - &je (&label("12rounds_alt")); - - &mov ($rounds,11); - &$movekey (&QWP(-16,$key),"xmm0"); # round 0 - &aeskeygenassist("xmm1","xmm2",0x01); # round 1,2 - &call (&label("key_192a_cold")); - &aeskeygenassist("xmm1","xmm2",0x02); # round 2,3 - &call (&label("key_192b")); - &aeskeygenassist("xmm1","xmm2",0x04); # round 4,5 - &call (&label("key_192a")); - &aeskeygenassist("xmm1","xmm2",0x08); # round 5,6 - &call (&label("key_192b")); - &aeskeygenassist("xmm1","xmm2",0x10); # round 7,8 - &call (&label("key_192a")); - &aeskeygenassist("xmm1","xmm2",0x20); # round 8,9 - &call (&label("key_192b")); - &aeskeygenassist("xmm1","xmm2",0x40); # round 10,11 - &call (&label("key_192a")); - &aeskeygenassist("xmm1","xmm2",0x80); # round 11,12 - &call (&label("key_192b")); - &$movekey (&QWP(0,$key),"xmm0"); - &mov (&DWP(48,$key),$rounds); - - &jmp (&label("good_key")); - -&set_label("key_192a",16); - &$movekey (&QWP(0,$key),"xmm0"); - &lea ($key,&DWP(16,$key)); -&set_label("key_192a_cold",16); - &movaps ("xmm5","xmm2"); -&set_label("key_192b_warm"); - &shufps ("xmm4","xmm0",0b00010000); - &movdqa ("xmm3","xmm2"); - &xorps ("xmm0","xmm4"); - &shufps ("xmm4","xmm0",0b10001100); - &pslldq ("xmm3",4); - &xorps ("xmm0","xmm4"); - &pshufd ("xmm1","xmm1",0b01010101); # critical path - &pxor ("xmm2","xmm3"); - &pxor ("xmm0","xmm1"); - &pshufd ("xmm3","xmm0",0b11111111); - &pxor ("xmm2","xmm3"); - &ret(); - -&set_label("key_192b",16); - &movaps ("xmm3","xmm0"); - &shufps ("xmm5","xmm0",0b01000100); - &$movekey (&QWP(0,$key),"xmm5"); - &shufps ("xmm3","xmm2",0b01001110); - &$movekey (&QWP(16,$key),"xmm3"); - &lea ($key,&DWP(32,$key)); - &jmp (&label("key_192b_warm")); - -&set_label("12rounds_alt",16); - &movdqa ("xmm5",&QWP(0x10,"ebx")); - &movdqa ("xmm4",&QWP(0x20,"ebx")); - &mov ($rounds,8); - &movdqu (&QWP(-16,$key),"xmm0"); - -&set_label("loop_key192"); - &movq (&QWP(0,$key),"xmm2"); - &movdqa ("xmm1","xmm2"); - &pshufb ("xmm2","xmm5"); - &aesenclast ("xmm2","xmm4"); - &pslld ("xmm4",1); - &lea ($key,&DWP(24,$key)); - - &movdqa ("xmm3","xmm0"); - &pslldq ("xmm0",4); - &pxor ("xmm3","xmm0"); - &pslldq ("xmm0",4); - &pxor ("xmm3","xmm0"); - &pslldq ("xmm0",4); - &pxor ("xmm0","xmm3"); - - &pshufd ("xmm3","xmm0",0xff); - &pxor ("xmm3","xmm1"); - &pslldq ("xmm1",4); - &pxor ("xmm3","xmm1"); - - &pxor ("xmm0","xmm2"); - &pxor ("xmm2","xmm3"); - &movdqu (&QWP(-16,$key),"xmm0"); - - &dec ($rounds); - &jnz (&label("loop_key192")); - - &mov ($rounds,11); - &mov (&DWP(32,$key),$rounds); - - &jmp (&label("good_key")); - -&set_label("14rounds",16); - &movups ("xmm2",&QWP(16,"eax")); # remaining half of *userKey - &lea ($key,&DWP(16,$key)); - &cmp ("ebp",1<<28); - &je (&label("14rounds_alt")); - - &mov ($rounds,13); - &$movekey (&QWP(-32,$key),"xmm0"); # round 0 - &$movekey (&QWP(-16,$key),"xmm2"); # round 1 - &aeskeygenassist("xmm1","xmm2",0x01); # round 2 - &call (&label("key_256a_cold")); - &aeskeygenassist("xmm1","xmm0",0x01); # round 3 - &call (&label("key_256b")); - &aeskeygenassist("xmm1","xmm2",0x02); # round 4 - &call (&label("key_256a")); - &aeskeygenassist("xmm1","xmm0",0x02); # round 5 - &call (&label("key_256b")); - &aeskeygenassist("xmm1","xmm2",0x04); # round 6 - &call (&label("key_256a")); - &aeskeygenassist("xmm1","xmm0",0x04); # round 7 - &call (&label("key_256b")); - &aeskeygenassist("xmm1","xmm2",0x08); # round 8 - &call (&label("key_256a")); - &aeskeygenassist("xmm1","xmm0",0x08); # round 9 - &call (&label("key_256b")); - &aeskeygenassist("xmm1","xmm2",0x10); # round 10 - &call (&label("key_256a")); - &aeskeygenassist("xmm1","xmm0",0x10); # round 11 - &call (&label("key_256b")); - &aeskeygenassist("xmm1","xmm2",0x20); # round 12 - &call (&label("key_256a")); - &aeskeygenassist("xmm1","xmm0",0x20); # round 13 - &call (&label("key_256b")); - &aeskeygenassist("xmm1","xmm2",0x40); # round 14 - &call (&label("key_256a")); - &$movekey (&QWP(0,$key),"xmm0"); - &mov (&DWP(16,$key),$rounds); - &xor ("eax","eax"); - - &jmp (&label("good_key")); - -&set_label("key_256a",16); - &$movekey (&QWP(0,$key),"xmm2"); - &lea ($key,&DWP(16,$key)); -&set_label("key_256a_cold"); - &shufps ("xmm4","xmm0",0b00010000); - &xorps ("xmm0","xmm4"); - &shufps ("xmm4","xmm0",0b10001100); - &xorps ("xmm0","xmm4"); - &shufps ("xmm1","xmm1",0b11111111); # critical path - &xorps ("xmm0","xmm1"); - &ret(); - -&set_label("key_256b",16); - &$movekey (&QWP(0,$key),"xmm0"); - &lea ($key,&DWP(16,$key)); - - &shufps ("xmm4","xmm2",0b00010000); - &xorps ("xmm2","xmm4"); - &shufps ("xmm4","xmm2",0b10001100); - &xorps ("xmm2","xmm4"); - &shufps ("xmm1","xmm1",0b10101010); # critical path - &xorps ("xmm2","xmm1"); - &ret(); - -&set_label("14rounds_alt",16); - &movdqa ("xmm5",&QWP(0x00,"ebx")); - &movdqa ("xmm4",&QWP(0x20,"ebx")); - &mov ($rounds,7); - &movdqu (&QWP(-32,$key),"xmm0"); - &movdqa ("xmm1","xmm2"); - &movdqu (&QWP(-16,$key),"xmm2"); - -&set_label("loop_key256"); - &pshufb ("xmm2","xmm5"); - &aesenclast ("xmm2","xmm4"); - - &movdqa ("xmm3","xmm0"); - &pslldq ("xmm0",4); - &pxor ("xmm3","xmm0"); - &pslldq ("xmm0",4); - &pxor ("xmm3","xmm0"); - &pslldq ("xmm0",4); - &pxor ("xmm0","xmm3"); - &pslld ("xmm4",1); - - &pxor ("xmm0","xmm2"); - &movdqu (&QWP(0,$key),"xmm0"); - - &dec ($rounds); - &jz (&label("done_key256")); - - &pshufd ("xmm2","xmm0",0xff); - &pxor ("xmm3","xmm3"); - &aesenclast ("xmm2","xmm3"); - - &movdqa ("xmm3","xmm1"); - &pslldq ("xmm1",4); - &pxor ("xmm3","xmm1"); - &pslldq ("xmm1",4); - &pxor ("xmm3","xmm1"); - &pslldq ("xmm1",4); - &pxor ("xmm1","xmm3"); - - &pxor ("xmm2","xmm1"); - &movdqu (&QWP(16,$key),"xmm2"); - &lea ($key,&DWP(32,$key)); - &movdqa ("xmm1","xmm2"); - &jmp (&label("loop_key256")); - -&set_label("done_key256"); - &mov ($rounds,13); - &mov (&DWP(16,$key),$rounds); - -&set_label("good_key"); - &pxor ("xmm0","xmm0"); - &pxor ("xmm1","xmm1"); - &pxor ("xmm2","xmm2"); - &pxor ("xmm3","xmm3"); - &pxor ("xmm4","xmm4"); - &pxor ("xmm5","xmm5"); - &xor ("eax","eax"); - &pop ("ebx"); - &pop ("ebp"); - &ret (); - -&set_label("bad_pointer",4); - &mov ("eax",-1); - &pop ("ebx"); - &pop ("ebp"); - &ret (); -&set_label("bad_keybits",4); - &pxor ("xmm0","xmm0"); - &mov ("eax",-2); - &pop ("ebx"); - &pop ("ebp"); - &ret (); -&function_end_B("_aesni_set_encrypt_key"); - -# int $PREFIX_set_encrypt_key (const unsigned char *userKey, int bits, -# AES_KEY *key) -&function_begin_B("${PREFIX}_set_encrypt_key"); - &mov ("eax",&wparam(0)); - &mov ($rounds,&wparam(1)); - &mov ($key,&wparam(2)); - &call ("_aesni_set_encrypt_key"); - &ret (); -&function_end_B("${PREFIX}_set_encrypt_key"); - -# int $PREFIX_set_decrypt_key (const unsigned char *userKey, int bits, -# AES_KEY *key) -&function_begin_B("${PREFIX}_set_decrypt_key"); - &mov ("eax",&wparam(0)); - &mov ($rounds,&wparam(1)); - &mov ($key,&wparam(2)); - &call ("_aesni_set_encrypt_key"); - &mov ($key,&wparam(2)); - &shl ($rounds,4); # rounds-1 after _aesni_set_encrypt_key - &test ("eax","eax"); - &jnz (&label("dec_key_ret")); - &lea ("eax",&DWP(16,$key,$rounds)); # end of key schedule - - &$movekey ("xmm0",&QWP(0,$key)); # just swap - &$movekey ("xmm1",&QWP(0,"eax")); - &$movekey (&QWP(0,"eax"),"xmm0"); - &$movekey (&QWP(0,$key),"xmm1"); - &lea ($key,&DWP(16,$key)); - &lea ("eax",&DWP(-16,"eax")); - -&set_label("dec_key_inverse"); - &$movekey ("xmm0",&QWP(0,$key)); # swap and inverse - &$movekey ("xmm1",&QWP(0,"eax")); - &aesimc ("xmm0","xmm0"); - &aesimc ("xmm1","xmm1"); - &lea ($key,&DWP(16,$key)); - &lea ("eax",&DWP(-16,"eax")); - &$movekey (&QWP(16,"eax"),"xmm0"); - &$movekey (&QWP(-16,$key),"xmm1"); - &cmp ("eax",$key); - &ja (&label("dec_key_inverse")); - - &$movekey ("xmm0",&QWP(0,$key)); # inverse middle - &aesimc ("xmm0","xmm0"); - &$movekey (&QWP(0,$key),"xmm0"); - - &pxor ("xmm0","xmm0"); - &pxor ("xmm1","xmm1"); - &xor ("eax","eax"); # return success -&set_label("dec_key_ret"); - &ret (); -&function_end_B("${PREFIX}_set_decrypt_key"); - -&set_label("key_const",64); -&data_word(0x0c0f0e0d,0x0c0f0e0d,0x0c0f0e0d,0x0c0f0e0d); -&data_word(0x04070605,0x04070605,0x04070605,0x04070605); -&data_word(1,1,1,1); -&data_word(0x1b,0x1b,0x1b,0x1b); -&asciz("AES for Intel AES-NI, CRYPTOGAMS by "); - -&asm_finish(); - -close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/aes/asm/aesni-x86_64.pl b/crypto/aes/asm/aesni-x86_64.pl deleted file mode 100644 index 09c8f78890ed2af7e54939b28fed132a85753d2b..0000000000000000000000000000000000000000 --- a/crypto/aes/asm/aesni-x86_64.pl +++ /dev/null @@ -1,5170 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2009-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - -# -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# ==================================================================== -# -# This module implements support for Intel AES-NI extension. In -# OpenSSL context it's used with Intel engine, but can also be used as -# drop-in replacement for crypto/aes/asm/aes-x86_64.pl [see below for -# details]. -# -# Performance. -# -# Given aes(enc|dec) instructions' latency asymptotic performance for -# non-parallelizable modes such as CBC encrypt is 3.75 cycles per byte -# processed with 128-bit key. And given their throughput asymptotic -# performance for parallelizable modes is 1.25 cycles per byte. Being -# asymptotic limit it's not something you commonly achieve in reality, -# but how close does one get? Below are results collected for -# different modes and block sized. Pairs of numbers are for en-/ -# decryption. -# -# 16-byte 64-byte 256-byte 1-KB 8-KB -# ECB 4.25/4.25 1.38/1.38 1.28/1.28 1.26/1.26 1.26/1.26 -# CTR 5.42/5.42 1.92/1.92 1.44/1.44 1.28/1.28 1.26/1.26 -# CBC 4.38/4.43 4.15/1.43 4.07/1.32 4.07/1.29 4.06/1.28 -# CCM 5.66/9.42 4.42/5.41 4.16/4.40 4.09/4.15 4.06/4.07 -# OFB 5.42/5.42 4.64/4.64 4.44/4.44 4.39/4.39 4.38/4.38 -# CFB 5.73/5.85 5.56/5.62 5.48/5.56 5.47/5.55 5.47/5.55 -# -# ECB, CTR, CBC and CCM results are free from EVP overhead. This means -# that otherwise used 'openssl speed -evp aes-128-??? -engine aesni -# [-decrypt]' will exhibit 10-15% worse results for smaller blocks. -# The results were collected with specially crafted speed.c benchmark -# in order to compare them with results reported in "Intel Advanced -# Encryption Standard (AES) New Instruction Set" White Paper Revision -# 3.0 dated May 2010. All above results are consistently better. This -# module also provides better performance for block sizes smaller than -# 128 bytes in points *not* represented in the above table. -# -# Looking at the results for 8-KB buffer. -# -# CFB and OFB results are far from the limit, because implementation -# uses "generic" CRYPTO_[c|o]fb128_encrypt interfaces relying on -# single-block aesni_encrypt, which is not the most optimal way to go. -# CBC encrypt result is unexpectedly high and there is no documented -# explanation for it. Seemingly there is a small penalty for feeding -# the result back to AES unit the way it's done in CBC mode. There is -# nothing one can do and the result appears optimal. CCM result is -# identical to CBC, because CBC-MAC is essentially CBC encrypt without -# saving output. CCM CTR "stays invisible," because it's neatly -# interleaved with CBC-MAC. This provides ~30% improvement over -# "straightforward" CCM implementation with CTR and CBC-MAC performed -# disjointly. Parallelizable modes practically achieve the theoretical -# limit. -# -# Looking at how results vary with buffer size. -# -# Curves are practically saturated at 1-KB buffer size. In most cases -# "256-byte" performance is >95%, and "64-byte" is ~90% of "8-KB" one. -# CTR curve doesn't follow this pattern and is "slowest" changing one -# with "256-byte" result being 87% of "8-KB." This is because overhead -# in CTR mode is most computationally intensive. Small-block CCM -# decrypt is slower than encrypt, because first CTR and last CBC-MAC -# iterations can't be interleaved. -# -# Results for 192- and 256-bit keys. -# -# EVP-free results were observed to scale perfectly with number of -# rounds for larger block sizes, i.e. 192-bit result being 10/12 times -# lower and 256-bit one - 10/14. Well, in CBC encrypt case differences -# are a tad smaller, because the above mentioned penalty biases all -# results by same constant value. In similar way function call -# overhead affects small-block performance, as well as OFB and CFB -# results. Differences are not large, most common coefficients are -# 10/11.7 and 10/13.4 (as opposite to 10/12.0 and 10/14.0), but one -# observe even 10/11.2 and 10/12.4 (CTR, OFB, CFB)... - -# January 2011 -# -# While Westmere processor features 6 cycles latency for aes[enc|dec] -# instructions, which can be scheduled every second cycle, Sandy -# Bridge spends 8 cycles per instruction, but it can schedule them -# every cycle. This means that code targeting Westmere would perform -# suboptimally on Sandy Bridge. Therefore this update. -# -# In addition, non-parallelizable CBC encrypt (as well as CCM) is -# optimized. Relative improvement might appear modest, 8% on Westmere, -# but in absolute terms it's 3.77 cycles per byte encrypted with -# 128-bit key on Westmere, and 5.07 - on Sandy Bridge. These numbers -# should be compared to asymptotic limits of 3.75 for Westmere and -# 5.00 for Sandy Bridge. Actually, the fact that they get this close -# to asymptotic limits is quite amazing. Indeed, the limit is -# calculated as latency times number of rounds, 10 for 128-bit key, -# and divided by 16, the number of bytes in block, or in other words -# it accounts *solely* for aesenc instructions. But there are extra -# instructions, and numbers so close to the asymptotic limits mean -# that it's as if it takes as little as *one* additional cycle to -# execute all of them. How is it possible? It is possible thanks to -# out-of-order execution logic, which manages to overlap post- -# processing of previous block, things like saving the output, with -# actual encryption of current block, as well as pre-processing of -# current block, things like fetching input and xor-ing it with -# 0-round element of the key schedule, with actual encryption of -# previous block. Keep this in mind... -# -# For parallelizable modes, such as ECB, CBC decrypt, CTR, higher -# performance is achieved by interleaving instructions working on -# independent blocks. In which case asymptotic limit for such modes -# can be obtained by dividing above mentioned numbers by AES -# instructions' interleave factor. Westmere can execute at most 3 -# instructions at a time, meaning that optimal interleave factor is 3, -# and that's where the "magic" number of 1.25 come from. "Optimal -# interleave factor" means that increase of interleave factor does -# not improve performance. The formula has proven to reflect reality -# pretty well on Westmere... Sandy Bridge on the other hand can -# execute up to 8 AES instructions at a time, so how does varying -# interleave factor affect the performance? Here is table for ECB -# (numbers are cycles per byte processed with 128-bit key): -# -# instruction interleave factor 3x 6x 8x -# theoretical asymptotic limit 1.67 0.83 0.625 -# measured performance for 8KB block 1.05 0.86 0.84 -# -# "as if" interleave factor 4.7x 5.8x 6.0x -# -# Further data for other parallelizable modes: -# -# CBC decrypt 1.16 0.93 0.74 -# CTR 1.14 0.91 0.74 -# -# Well, given 3x column it's probably inappropriate to call the limit -# asymptotic, if it can be surpassed, isn't it? What happens there? -# Rewind to CBC paragraph for the answer. Yes, out-of-order execution -# magic is responsible for this. Processor overlaps not only the -# additional instructions with AES ones, but even AES instructions -# processing adjacent triplets of independent blocks. In the 6x case -# additional instructions still claim disproportionally small amount -# of additional cycles, but in 8x case number of instructions must be -# a tad too high for out-of-order logic to cope with, and AES unit -# remains underutilized... As you can see 8x interleave is hardly -# justifiable, so there no need to feel bad that 32-bit aesni-x86.pl -# utilizes 6x interleave because of limited register bank capacity. -# -# Higher interleave factors do have negative impact on Westmere -# performance. While for ECB mode it's negligible ~1.5%, other -# parallelizables perform ~5% worse, which is outweighed by ~25% -# improvement on Sandy Bridge. To balance regression on Westmere -# CTR mode was implemented with 6x aesenc interleave factor. - -# April 2011 -# -# Add aesni_xts_[en|de]crypt. Westmere spends 1.25 cycles processing -# one byte out of 8KB with 128-bit key, Sandy Bridge - 0.90. Just like -# in CTR mode AES instruction interleave factor was chosen to be 6x. - -# November 2015 -# -# Add aesni_ocb_[en|de]crypt. AES instruction interleave factor was -# chosen to be 6x. - -###################################################################### -# Current large-block performance in cycles per byte processed with -# 128-bit key (less is better). -# -# CBC en-/decrypt CTR XTS ECB OCB -# Westmere 3.77/1.25 1.25 1.25 1.26 -# * Bridge 5.07/0.74 0.75 0.90 0.85 0.98 -# Haswell 4.44/0.63 0.63 0.73 0.63 0.70 -# Skylake 2.62/0.63 0.63 0.63 0.63 -# Silvermont 5.75/3.54 3.56 4.12 3.87(*) 4.11 -# Knights L 2.54/0.77 0.78 0.85 - 1.50 -# Goldmont 3.82/1.26 1.26 1.29 1.29 1.50 -# Bulldozer 5.77/0.70 0.72 0.90 0.70 0.95 -# Ryzen 2.71/0.35 0.35 0.44 0.38 0.49 -# -# (*) Atom Silvermont ECB result is suboptimal because of penalties -# incurred by operations on %xmm8-15. As ECB is not considered -# critical, nothing was done to mitigate the problem. - -$PREFIX="aesni"; # if $PREFIX is set to "AES", the script - # generates drop-in replacement for - # crypto/aes/asm/aes-x86_64.pl:-) - -# $output is the last argument if it looks like a file (it has an extension) -# $flavour is the first argument if it doesn't look like a file -$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; -$flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef; - -$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/); - -$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; -( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or -( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or -die "can't locate x86_64-xlate.pl"; - -open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"" - or die "can't call $xlate: $!"; -*STDOUT=*OUT; - -$movkey = $PREFIX eq "aesni" ? "movups" : "movups"; -@_4args=$win64? ("%rcx","%rdx","%r8", "%r9") : # Win64 order - ("%rdi","%rsi","%rdx","%rcx"); # Unix order - -$code=".text\n"; -$code.=".extern OPENSSL_ia32cap_P\n"; - -$rounds="%eax"; # input to and changed by aesni_[en|de]cryptN !!! -# this is natural Unix argument order for public $PREFIX_[ecb|cbc]_encrypt ... -$inp="%rdi"; -$out="%rsi"; -$len="%rdx"; -$key="%rcx"; # input to and changed by aesni_[en|de]cryptN !!! -$ivp="%r8"; # cbc, ctr, ... - -$rnds_="%r10d"; # backup copy for $rounds -$key_="%r11"; # backup copy for $key - -# %xmm register layout -$rndkey0="%xmm0"; $rndkey1="%xmm1"; -$inout0="%xmm2"; $inout1="%xmm3"; -$inout2="%xmm4"; $inout3="%xmm5"; -$inout4="%xmm6"; $inout5="%xmm7"; -$inout6="%xmm8"; $inout7="%xmm9"; - -$in2="%xmm6"; $in1="%xmm7"; # used in CBC decrypt, CTR, ... -$in0="%xmm8"; $iv="%xmm9"; - -# Inline version of internal aesni_[en|de]crypt1. -# -# Why folded loop? Because aes[enc|dec] is slow enough to accommodate -# cycles which take care of loop variables... -{ my $sn; -sub aesni_generate1 { -my ($p,$key,$rounds,$inout,$ivec)=@_; $inout=$inout0 if (!defined($inout)); -++$sn; -$code.=<<___; - $movkey ($key),$rndkey0 - $movkey 16($key),$rndkey1 -___ -$code.=<<___ if (defined($ivec)); - xorps $rndkey0,$ivec - lea 32($key),$key - xorps $ivec,$inout -___ -$code.=<<___ if (!defined($ivec)); - lea 32($key),$key - xorps $rndkey0,$inout -___ -$code.=<<___; -.Loop_${p}1_$sn: - aes${p} $rndkey1,$inout - dec $rounds - $movkey ($key),$rndkey1 - lea 16($key),$key - jnz .Loop_${p}1_$sn # loop body is 16 bytes - aes${p}last $rndkey1,$inout -___ -}} -# void $PREFIX_[en|de]crypt (const void *inp,void *out,const AES_KEY *key); -# -{ my ($inp,$out,$key) = @_4args; - -$code.=<<___; -.globl ${PREFIX}_encrypt -.type ${PREFIX}_encrypt,\@abi-omnipotent -.align 16 -${PREFIX}_encrypt: -.cfi_startproc - endbranch - movups ($inp),$inout0 # load input - mov 240($key),$rounds # key->rounds -___ - &aesni_generate1("enc",$key,$rounds); -$code.=<<___; - pxor $rndkey0,$rndkey0 # clear register bank - pxor $rndkey1,$rndkey1 - movups $inout0,($out) # output - pxor $inout0,$inout0 - ret -.cfi_endproc -.size ${PREFIX}_encrypt,.-${PREFIX}_encrypt - -.globl ${PREFIX}_decrypt -.type ${PREFIX}_decrypt,\@abi-omnipotent -.align 16 -${PREFIX}_decrypt: -.cfi_startproc - endbranch - movups ($inp),$inout0 # load input - mov 240($key),$rounds # key->rounds -___ - &aesni_generate1("dec",$key,$rounds); -$code.=<<___; - pxor $rndkey0,$rndkey0 # clear register bank - pxor $rndkey1,$rndkey1 - movups $inout0,($out) # output - pxor $inout0,$inout0 - ret -.cfi_endproc -.size ${PREFIX}_decrypt, .-${PREFIX}_decrypt -___ -} - -# _aesni_[en|de]cryptN are private interfaces, N denotes interleave -# factor. Why 3x subroutine were originally used in loops? Even though -# aes[enc|dec] latency was originally 6, it could be scheduled only -# every *2nd* cycle. Thus 3x interleave was the one providing optimal -# utilization, i.e. when subroutine's throughput is virtually same as -# of non-interleaved subroutine [for number of input blocks up to 3]. -# This is why it originally made no sense to implement 2x subroutine. -# But times change and it became appropriate to spend extra 192 bytes -# on 2x subroutine on Atom Silvermont account. For processors that -# can schedule aes[enc|dec] every cycle optimal interleave factor -# equals to corresponding instructions latency. 8x is optimal for -# * Bridge and "super-optimal" for other Intel CPUs... - -sub aesni_generate2 { -my $dir=shift; -# As already mentioned it takes in $key and $rounds, which are *not* -# preserved. $inout[0-1] is cipher/clear text... -$code.=<<___; -.type _aesni_${dir}rypt2,\@abi-omnipotent -.align 16 -_aesni_${dir}rypt2: -.cfi_startproc - $movkey ($key),$rndkey0 - shl \$4,$rounds - $movkey 16($key),$rndkey1 - xorps $rndkey0,$inout0 - xorps $rndkey0,$inout1 - $movkey 32($key),$rndkey0 - lea 32($key,$rounds),$key - neg %rax # $rounds - add \$16,%rax - -.L${dir}_loop2: - aes${dir} $rndkey1,$inout0 - aes${dir} $rndkey1,$inout1 - $movkey ($key,%rax),$rndkey1 - add \$32,%rax - aes${dir} $rndkey0,$inout0 - aes${dir} $rndkey0,$inout1 - $movkey -16($key,%rax),$rndkey0 - jnz .L${dir}_loop2 - - aes${dir} $rndkey1,$inout0 - aes${dir} $rndkey1,$inout1 - aes${dir}last $rndkey0,$inout0 - aes${dir}last $rndkey0,$inout1 - ret -.cfi_endproc -.size _aesni_${dir}rypt2,.-_aesni_${dir}rypt2 -___ -} -sub aesni_generate3 { -my $dir=shift; -# As already mentioned it takes in $key and $rounds, which are *not* -# preserved. $inout[0-2] is cipher/clear text... -$code.=<<___; -.type _aesni_${dir}rypt3,\@abi-omnipotent -.align 16 -_aesni_${dir}rypt3: -.cfi_startproc - $movkey ($key),$rndkey0 - shl \$4,$rounds - $movkey 16($key),$rndkey1 - xorps $rndkey0,$inout0 - xorps $rndkey0,$inout1 - xorps $rndkey0,$inout2 - $movkey 32($key),$rndkey0 - lea 32($key,$rounds),$key - neg %rax # $rounds - add \$16,%rax - -.L${dir}_loop3: - aes${dir} $rndkey1,$inout0 - aes${dir} $rndkey1,$inout1 - aes${dir} $rndkey1,$inout2 - $movkey ($key,%rax),$rndkey1 - add \$32,%rax - aes${dir} $rndkey0,$inout0 - aes${dir} $rndkey0,$inout1 - aes${dir} $rndkey0,$inout2 - $movkey -16($key,%rax),$rndkey0 - jnz .L${dir}_loop3 - - aes${dir} $rndkey1,$inout0 - aes${dir} $rndkey1,$inout1 - aes${dir} $rndkey1,$inout2 - aes${dir}last $rndkey0,$inout0 - aes${dir}last $rndkey0,$inout1 - aes${dir}last $rndkey0,$inout2 - ret -.cfi_endproc -.size _aesni_${dir}rypt3,.-_aesni_${dir}rypt3 -___ -} -# 4x interleave is implemented to improve small block performance, -# most notably [and naturally] 4 block by ~30%. One can argue that one -# should have implemented 5x as well, but improvement would be <20%, -# so it's not worth it... -sub aesni_generate4 { -my $dir=shift; -# As already mentioned it takes in $key and $rounds, which are *not* -# preserved. $inout[0-3] is cipher/clear text... -$code.=<<___; -.type _aesni_${dir}rypt4,\@abi-omnipotent -.align 16 -_aesni_${dir}rypt4: -.cfi_startproc - $movkey ($key),$rndkey0 - shl \$4,$rounds - $movkey 16($key),$rndkey1 - xorps $rndkey0,$inout0 - xorps $rndkey0,$inout1 - xorps $rndkey0,$inout2 - xorps $rndkey0,$inout3 - $movkey 32($key),$rndkey0 - lea 32($key,$rounds),$key - neg %rax # $rounds - .byte 0x0f,0x1f,0x00 - add \$16,%rax - -.L${dir}_loop4: - aes${dir} $rndkey1,$inout0 - aes${dir} $rndkey1,$inout1 - aes${dir} $rndkey1,$inout2 - aes${dir} $rndkey1,$inout3 - $movkey ($key,%rax),$rndkey1 - add \$32,%rax - aes${dir} $rndkey0,$inout0 - aes${dir} $rndkey0,$inout1 - aes${dir} $rndkey0,$inout2 - aes${dir} $rndkey0,$inout3 - $movkey -16($key,%rax),$rndkey0 - jnz .L${dir}_loop4 - - aes${dir} $rndkey1,$inout0 - aes${dir} $rndkey1,$inout1 - aes${dir} $rndkey1,$inout2 - aes${dir} $rndkey1,$inout3 - aes${dir}last $rndkey0,$inout0 - aes${dir}last $rndkey0,$inout1 - aes${dir}last $rndkey0,$inout2 - aes${dir}last $rndkey0,$inout3 - ret -.cfi_endproc -.size _aesni_${dir}rypt4,.-_aesni_${dir}rypt4 -___ -} -sub aesni_generate6 { -my $dir=shift; -# As already mentioned it takes in $key and $rounds, which are *not* -# preserved. $inout[0-5] is cipher/clear text... -$code.=<<___; -.type _aesni_${dir}rypt6,\@abi-omnipotent -.align 16 -_aesni_${dir}rypt6: -.cfi_startproc - $movkey ($key),$rndkey0 - shl \$4,$rounds - $movkey 16($key),$rndkey1 - xorps $rndkey0,$inout0 - pxor $rndkey0,$inout1 - pxor $rndkey0,$inout2 - aes${dir} $rndkey1,$inout0 - lea 32($key,$rounds),$key - neg %rax # $rounds - aes${dir} $rndkey1,$inout1 - pxor $rndkey0,$inout3 - pxor $rndkey0,$inout4 - aes${dir} $rndkey1,$inout2 - pxor $rndkey0,$inout5 - $movkey ($key,%rax),$rndkey0 - add \$16,%rax - jmp .L${dir}_loop6_enter -.align 16 -.L${dir}_loop6: - aes${dir} $rndkey1,$inout0 - aes${dir} $rndkey1,$inout1 - aes${dir} $rndkey1,$inout2 -.L${dir}_loop6_enter: - aes${dir} $rndkey1,$inout3 - aes${dir} $rndkey1,$inout4 - aes${dir} $rndkey1,$inout5 - $movkey ($key,%rax),$rndkey1 - add \$32,%rax - aes${dir} $rndkey0,$inout0 - aes${dir} $rndkey0,$inout1 - aes${dir} $rndkey0,$inout2 - aes${dir} $rndkey0,$inout3 - aes${dir} $rndkey0,$inout4 - aes${dir} $rndkey0,$inout5 - $movkey -16($key,%rax),$rndkey0 - jnz .L${dir}_loop6 - - aes${dir} $rndkey1,$inout0 - aes${dir} $rndkey1,$inout1 - aes${dir} $rndkey1,$inout2 - aes${dir} $rndkey1,$inout3 - aes${dir} $rndkey1,$inout4 - aes${dir} $rndkey1,$inout5 - aes${dir}last $rndkey0,$inout0 - aes${dir}last $rndkey0,$inout1 - aes${dir}last $rndkey0,$inout2 - aes${dir}last $rndkey0,$inout3 - aes${dir}last $rndkey0,$inout4 - aes${dir}last $rndkey0,$inout5 - ret -.cfi_endproc -.size _aesni_${dir}rypt6,.-_aesni_${dir}rypt6 -___ -} -sub aesni_generate8 { -my $dir=shift; -# As already mentioned it takes in $key and $rounds, which are *not* -# preserved. $inout[0-7] is cipher/clear text... -$code.=<<___; -.type _aesni_${dir}rypt8,\@abi-omnipotent -.align 16 -_aesni_${dir}rypt8: -.cfi_startproc - $movkey ($key),$rndkey0 - shl \$4,$rounds - $movkey 16($key),$rndkey1 - xorps $rndkey0,$inout0 - xorps $rndkey0,$inout1 - pxor $rndkey0,$inout2 - pxor $rndkey0,$inout3 - pxor $rndkey0,$inout4 - lea 32($key,$rounds),$key - neg %rax # $rounds - aes${dir} $rndkey1,$inout0 - pxor $rndkey0,$inout5 - pxor $rndkey0,$inout6 - aes${dir} $rndkey1,$inout1 - pxor $rndkey0,$inout7 - $movkey ($key,%rax),$rndkey0 - add \$16,%rax - jmp .L${dir}_loop8_inner -.align 16 -.L${dir}_loop8: - aes${dir} $rndkey1,$inout0 - aes${dir} $rndkey1,$inout1 -.L${dir}_loop8_inner: - aes${dir} $rndkey1,$inout2 - aes${dir} $rndkey1,$inout3 - aes${dir} $rndkey1,$inout4 - aes${dir} $rndkey1,$inout5 - aes${dir} $rndkey1,$inout6 - aes${dir} $rndkey1,$inout7 -.L${dir}_loop8_enter: - $movkey ($key,%rax),$rndkey1 - add \$32,%rax - aes${dir} $rndkey0,$inout0 - aes${dir} $rndkey0,$inout1 - aes${dir} $rndkey0,$inout2 - aes${dir} $rndkey0,$inout3 - aes${dir} $rndkey0,$inout4 - aes${dir} $rndkey0,$inout5 - aes${dir} $rndkey0,$inout6 - aes${dir} $rndkey0,$inout7 - $movkey -16($key,%rax),$rndkey0 - jnz .L${dir}_loop8 - - aes${dir} $rndkey1,$inout0 - aes${dir} $rndkey1,$inout1 - aes${dir} $rndkey1,$inout2 - aes${dir} $rndkey1,$inout3 - aes${dir} $rndkey1,$inout4 - aes${dir} $rndkey1,$inout5 - aes${dir} $rndkey1,$inout6 - aes${dir} $rndkey1,$inout7 - aes${dir}last $rndkey0,$inout0 - aes${dir}last $rndkey0,$inout1 - aes${dir}last $rndkey0,$inout2 - aes${dir}last $rndkey0,$inout3 - aes${dir}last $rndkey0,$inout4 - aes${dir}last $rndkey0,$inout5 - aes${dir}last $rndkey0,$inout6 - aes${dir}last $rndkey0,$inout7 - ret -.cfi_endproc -.size _aesni_${dir}rypt8,.-_aesni_${dir}rypt8 -___ -} -&aesni_generate2("enc") if ($PREFIX eq "aesni"); -&aesni_generate2("dec"); -&aesni_generate3("enc") if ($PREFIX eq "aesni"); -&aesni_generate3("dec"); -&aesni_generate4("enc") if ($PREFIX eq "aesni"); -&aesni_generate4("dec"); -&aesni_generate6("enc") if ($PREFIX eq "aesni"); -&aesni_generate6("dec"); -&aesni_generate8("enc") if ($PREFIX eq "aesni"); -&aesni_generate8("dec"); - -if ($PREFIX eq "aesni") { -######################################################################## -# void aesni_ecb_encrypt (const void *in, void *out, -# size_t length, const AES_KEY *key, -# int enc); -$code.=<<___; -.globl aesni_ecb_encrypt -.type aesni_ecb_encrypt,\@function,5 -.align 16 -aesni_ecb_encrypt: -.cfi_startproc - endbranch -___ -$code.=<<___ if ($win64); - lea -0x58(%rsp),%rsp - movaps %xmm6,(%rsp) # offload $inout4..7 - movaps %xmm7,0x10(%rsp) - movaps %xmm8,0x20(%rsp) - movaps %xmm9,0x30(%rsp) -.Lecb_enc_body: -___ -$code.=<<___; - and \$-16,$len # if ($len<16) - jz .Lecb_ret # return - - mov 240($key),$rounds # key->rounds - $movkey ($key),$rndkey0 - mov $key,$key_ # backup $key - mov $rounds,$rnds_ # backup $rounds - test %r8d,%r8d # 5th argument - jz .Lecb_decrypt -#--------------------------- ECB ENCRYPT ------------------------------# - cmp \$0x80,$len # if ($len<8*16) - jb .Lecb_enc_tail # short input - - movdqu ($inp),$inout0 # load 8 input blocks - movdqu 0x10($inp),$inout1 - movdqu 0x20($inp),$inout2 - movdqu 0x30($inp),$inout3 - movdqu 0x40($inp),$inout4 - movdqu 0x50($inp),$inout5 - movdqu 0x60($inp),$inout6 - movdqu 0x70($inp),$inout7 - lea 0x80($inp),$inp # $inp+=8*16 - sub \$0x80,$len # $len-=8*16 (can be zero) - jmp .Lecb_enc_loop8_enter -.align 16 -.Lecb_enc_loop8: - movups $inout0,($out) # store 8 output blocks - mov $key_,$key # restore $key - movdqu ($inp),$inout0 # load 8 input blocks - mov $rnds_,$rounds # restore $rounds - movups $inout1,0x10($out) - movdqu 0x10($inp),$inout1 - movups $inout2,0x20($out) - movdqu 0x20($inp),$inout2 - movups $inout3,0x30($out) - movdqu 0x30($inp),$inout3 - movups $inout4,0x40($out) - movdqu 0x40($inp),$inout4 - movups $inout5,0x50($out) - movdqu 0x50($inp),$inout5 - movups $inout6,0x60($out) - movdqu 0x60($inp),$inout6 - movups $inout7,0x70($out) - lea 0x80($out),$out # $out+=8*16 - movdqu 0x70($inp),$inout7 - lea 0x80($inp),$inp # $inp+=8*16 -.Lecb_enc_loop8_enter: - - call _aesni_encrypt8 - - sub \$0x80,$len - jnc .Lecb_enc_loop8 # loop if $len-=8*16 didn't borrow - - movups $inout0,($out) # store 8 output blocks - mov $key_,$key # restore $key - movups $inout1,0x10($out) - mov $rnds_,$rounds # restore $rounds - movups $inout2,0x20($out) - movups $inout3,0x30($out) - movups $inout4,0x40($out) - movups $inout5,0x50($out) - movups $inout6,0x60($out) - movups $inout7,0x70($out) - lea 0x80($out),$out # $out+=8*16 - add \$0x80,$len # restore real remaining $len - jz .Lecb_ret # done if ($len==0) - -.Lecb_enc_tail: # $len is less than 8*16 - movups ($inp),$inout0 - cmp \$0x20,$len - jb .Lecb_enc_one - movups 0x10($inp),$inout1 - je .Lecb_enc_two - movups 0x20($inp),$inout2 - cmp \$0x40,$len - jb .Lecb_enc_three - movups 0x30($inp),$inout3 - je .Lecb_enc_four - movups 0x40($inp),$inout4 - cmp \$0x60,$len - jb .Lecb_enc_five - movups 0x50($inp),$inout5 - je .Lecb_enc_six - movdqu 0x60($inp),$inout6 - xorps $inout7,$inout7 - call _aesni_encrypt8 - movups $inout0,($out) # store 7 output blocks - movups $inout1,0x10($out) - movups $inout2,0x20($out) - movups $inout3,0x30($out) - movups $inout4,0x40($out) - movups $inout5,0x50($out) - movups $inout6,0x60($out) - jmp .Lecb_ret -.align 16 -.Lecb_enc_one: -___ - &aesni_generate1("enc",$key,$rounds); -$code.=<<___; - movups $inout0,($out) # store one output block - jmp .Lecb_ret -.align 16 -.Lecb_enc_two: - call _aesni_encrypt2 - movups $inout0,($out) # store 2 output blocks - movups $inout1,0x10($out) - jmp .Lecb_ret -.align 16 -.Lecb_enc_three: - call _aesni_encrypt3 - movups $inout0,($out) # store 3 output blocks - movups $inout1,0x10($out) - movups $inout2,0x20($out) - jmp .Lecb_ret -.align 16 -.Lecb_enc_four: - call _aesni_encrypt4 - movups $inout0,($out) # store 4 output blocks - movups $inout1,0x10($out) - movups $inout2,0x20($out) - movups $inout3,0x30($out) - jmp .Lecb_ret -.align 16 -.Lecb_enc_five: - xorps $inout5,$inout5 - call _aesni_encrypt6 - movups $inout0,($out) # store 5 output blocks - movups $inout1,0x10($out) - movups $inout2,0x20($out) - movups $inout3,0x30($out) - movups $inout4,0x40($out) - jmp .Lecb_ret -.align 16 -.Lecb_enc_six: - call _aesni_encrypt6 - movups $inout0,($out) # store 6 output blocks - movups $inout1,0x10($out) - movups $inout2,0x20($out) - movups $inout3,0x30($out) - movups $inout4,0x40($out) - movups $inout5,0x50($out) - jmp .Lecb_ret - #--------------------------- ECB DECRYPT ------------------------------# -.align 16 -.Lecb_decrypt: - cmp \$0x80,$len # if ($len<8*16) - jb .Lecb_dec_tail # short input - - movdqu ($inp),$inout0 # load 8 input blocks - movdqu 0x10($inp),$inout1 - movdqu 0x20($inp),$inout2 - movdqu 0x30($inp),$inout3 - movdqu 0x40($inp),$inout4 - movdqu 0x50($inp),$inout5 - movdqu 0x60($inp),$inout6 - movdqu 0x70($inp),$inout7 - lea 0x80($inp),$inp # $inp+=8*16 - sub \$0x80,$len # $len-=8*16 (can be zero) - jmp .Lecb_dec_loop8_enter -.align 16 -.Lecb_dec_loop8: - movups $inout0,($out) # store 8 output blocks - mov $key_,$key # restore $key - movdqu ($inp),$inout0 # load 8 input blocks - mov $rnds_,$rounds # restore $rounds - movups $inout1,0x10($out) - movdqu 0x10($inp),$inout1 - movups $inout2,0x20($out) - movdqu 0x20($inp),$inout2 - movups $inout3,0x30($out) - movdqu 0x30($inp),$inout3 - movups $inout4,0x40($out) - movdqu 0x40($inp),$inout4 - movups $inout5,0x50($out) - movdqu 0x50($inp),$inout5 - movups $inout6,0x60($out) - movdqu 0x60($inp),$inout6 - movups $inout7,0x70($out) - lea 0x80($out),$out # $out+=8*16 - movdqu 0x70($inp),$inout7 - lea 0x80($inp),$inp # $inp+=8*16 -.Lecb_dec_loop8_enter: - - call _aesni_decrypt8 - - $movkey ($key_),$rndkey0 - sub \$0x80,$len - jnc .Lecb_dec_loop8 # loop if $len-=8*16 didn't borrow - - movups $inout0,($out) # store 8 output blocks - pxor $inout0,$inout0 # clear register bank - mov $key_,$key # restore $key - movups $inout1,0x10($out) - pxor $inout1,$inout1 - mov $rnds_,$rounds # restore $rounds - movups $inout2,0x20($out) - pxor $inout2,$inout2 - movups $inout3,0x30($out) - pxor $inout3,$inout3 - movups $inout4,0x40($out) - pxor $inout4,$inout4 - movups $inout5,0x50($out) - pxor $inout5,$inout5 - movups $inout6,0x60($out) - pxor $inout6,$inout6 - movups $inout7,0x70($out) - pxor $inout7,$inout7 - lea 0x80($out),$out # $out+=8*16 - add \$0x80,$len # restore real remaining $len - jz .Lecb_ret # done if ($len==0) - -.Lecb_dec_tail: - movups ($inp),$inout0 - cmp \$0x20,$len - jb .Lecb_dec_one - movups 0x10($inp),$inout1 - je .Lecb_dec_two - movups 0x20($inp),$inout2 - cmp \$0x40,$len - jb .Lecb_dec_three - movups 0x30($inp),$inout3 - je .Lecb_dec_four - movups 0x40($inp),$inout4 - cmp \$0x60,$len - jb .Lecb_dec_five - movups 0x50($inp),$inout5 - je .Lecb_dec_six - movups 0x60($inp),$inout6 - $movkey ($key),$rndkey0 - xorps $inout7,$inout7 - call _aesni_decrypt8 - movups $inout0,($out) # store 7 output blocks - pxor $inout0,$inout0 # clear register bank - movups $inout1,0x10($out) - pxor $inout1,$inout1 - movups $inout2,0x20($out) - pxor $inout2,$inout2 - movups $inout3,0x30($out) - pxor $inout3,$inout3 - movups $inout4,0x40($out) - pxor $inout4,$inout4 - movups $inout5,0x50($out) - pxor $inout5,$inout5 - movups $inout6,0x60($out) - pxor $inout6,$inout6 - pxor $inout7,$inout7 - jmp .Lecb_ret -.align 16 -.Lecb_dec_one: -___ - &aesni_generate1("dec",$key,$rounds); -$code.=<<___; - movups $inout0,($out) # store one output block - pxor $inout0,$inout0 # clear register bank - jmp .Lecb_ret -.align 16 -.Lecb_dec_two: - call _aesni_decrypt2 - movups $inout0,($out) # store 2 output blocks - pxor $inout0,$inout0 # clear register bank - movups $inout1,0x10($out) - pxor $inout1,$inout1 - jmp .Lecb_ret -.align 16 -.Lecb_dec_three: - call _aesni_decrypt3 - movups $inout0,($out) # store 3 output blocks - pxor $inout0,$inout0 # clear register bank - movups $inout1,0x10($out) - pxor $inout1,$inout1 - movups $inout2,0x20($out) - pxor $inout2,$inout2 - jmp .Lecb_ret -.align 16 -.Lecb_dec_four: - call _aesni_decrypt4 - movups $inout0,($out) # store 4 output blocks - pxor $inout0,$inout0 # clear register bank - movups $inout1,0x10($out) - pxor $inout1,$inout1 - movups $inout2,0x20($out) - pxor $inout2,$inout2 - movups $inout3,0x30($out) - pxor $inout3,$inout3 - jmp .Lecb_ret -.align 16 -.Lecb_dec_five: - xorps $inout5,$inout5 - call _aesni_decrypt6 - movups $inout0,($out) # store 5 output blocks - pxor $inout0,$inout0 # clear register bank - movups $inout1,0x10($out) - pxor $inout1,$inout1 - movups $inout2,0x20($out) - pxor $inout2,$inout2 - movups $inout3,0x30($out) - pxor $inout3,$inout3 - movups $inout4,0x40($out) - pxor $inout4,$inout4 - pxor $inout5,$inout5 - jmp .Lecb_ret -.align 16 -.Lecb_dec_six: - call _aesni_decrypt6 - movups $inout0,($out) # store 6 output blocks - pxor $inout0,$inout0 # clear register bank - movups $inout1,0x10($out) - pxor $inout1,$inout1 - movups $inout2,0x20($out) - pxor $inout2,$inout2 - movups $inout3,0x30($out) - pxor $inout3,$inout3 - movups $inout4,0x40($out) - pxor $inout4,$inout4 - movups $inout5,0x50($out) - pxor $inout5,$inout5 - -.Lecb_ret: - xorps $rndkey0,$rndkey0 # %xmm0 - pxor $rndkey1,$rndkey1 -___ -$code.=<<___ if ($win64); - movaps (%rsp),%xmm6 - movaps %xmm0,(%rsp) # clear stack - movaps 0x10(%rsp),%xmm7 - movaps %xmm0,0x10(%rsp) - movaps 0x20(%rsp),%xmm8 - movaps %xmm0,0x20(%rsp) - movaps 0x30(%rsp),%xmm9 - movaps %xmm0,0x30(%rsp) - lea 0x58(%rsp),%rsp -.Lecb_enc_ret: -___ -$code.=<<___; - ret -.cfi_endproc -.size aesni_ecb_encrypt,.-aesni_ecb_encrypt -___ - -{ -###################################################################### -# void aesni_ccm64_[en|de]crypt_blocks (const void *in, void *out, -# size_t blocks, const AES_KEY *key, -# const char *ivec,char *cmac); -# -# Handles only complete blocks, operates on 64-bit counter and -# does not update *ivec! Nor does it finalize CMAC value -# (see engine/eng_aesni.c for details) -# -{ -my $cmac="%r9"; # 6th argument - -my $increment="%xmm9"; -my $iv="%xmm6"; -my $bswap_mask="%xmm7"; - -$code.=<<___; -.globl aesni_ccm64_encrypt_blocks -.type aesni_ccm64_encrypt_blocks,\@function,6 -.align 16 -aesni_ccm64_encrypt_blocks: -.cfi_startproc - endbranch -___ -$code.=<<___ if ($win64); - lea -0x58(%rsp),%rsp - movaps %xmm6,(%rsp) # $iv - movaps %xmm7,0x10(%rsp) # $bswap_mask - movaps %xmm8,0x20(%rsp) # $in0 - movaps %xmm9,0x30(%rsp) # $increment -.Lccm64_enc_body: -___ -$code.=<<___; - mov 240($key),$rounds # key->rounds - movdqu ($ivp),$iv - movdqa .Lincrement64(%rip),$increment - movdqa .Lbswap_mask(%rip),$bswap_mask - - shl \$4,$rounds - mov \$16,$rnds_ - lea 0($key),$key_ - movdqu ($cmac),$inout1 - movdqa $iv,$inout0 - lea 32($key,$rounds),$key # end of key schedule - pshufb $bswap_mask,$iv - sub %rax,%r10 # twisted $rounds - jmp .Lccm64_enc_outer -.align 16 -.Lccm64_enc_outer: - $movkey ($key_),$rndkey0 - mov %r10,%rax - movups ($inp),$in0 # load inp - - xorps $rndkey0,$inout0 # counter - $movkey 16($key_),$rndkey1 - xorps $in0,$rndkey0 - xorps $rndkey0,$inout1 # cmac^=inp - $movkey 32($key_),$rndkey0 - -.Lccm64_enc2_loop: - aesenc $rndkey1,$inout0 - aesenc $rndkey1,$inout1 - $movkey ($key,%rax),$rndkey1 - add \$32,%rax - aesenc $rndkey0,$inout0 - aesenc $rndkey0,$inout1 - $movkey -16($key,%rax),$rndkey0 - jnz .Lccm64_enc2_loop - aesenc $rndkey1,$inout0 - aesenc $rndkey1,$inout1 - paddq $increment,$iv - dec $len # $len-- ($len is in blocks) - aesenclast $rndkey0,$inout0 - aesenclast $rndkey0,$inout1 - - lea 16($inp),$inp - xorps $inout0,$in0 # inp ^= E(iv) - movdqa $iv,$inout0 - movups $in0,($out) # save output - pshufb $bswap_mask,$inout0 - lea 16($out),$out # $out+=16 - jnz .Lccm64_enc_outer # loop if ($len!=0) - - pxor $rndkey0,$rndkey0 # clear register bank - pxor $rndkey1,$rndkey1 - pxor $inout0,$inout0 - movups $inout1,($cmac) # store resulting mac - pxor $inout1,$inout1 - pxor $in0,$in0 - pxor $iv,$iv -___ -$code.=<<___ if ($win64); - movaps (%rsp),%xmm6 - movaps %xmm0,(%rsp) # clear stack - movaps 0x10(%rsp),%xmm7 - movaps %xmm0,0x10(%rsp) - movaps 0x20(%rsp),%xmm8 - movaps %xmm0,0x20(%rsp) - movaps 0x30(%rsp),%xmm9 - movaps %xmm0,0x30(%rsp) - lea 0x58(%rsp),%rsp -.Lccm64_enc_ret: -___ -$code.=<<___; - ret -.cfi_endproc -.size aesni_ccm64_encrypt_blocks,.-aesni_ccm64_encrypt_blocks -___ -###################################################################### -$code.=<<___; -.globl aesni_ccm64_decrypt_blocks -.type aesni_ccm64_decrypt_blocks,\@function,6 -.align 16 -aesni_ccm64_decrypt_blocks: -.cfi_startproc - endbranch -___ -$code.=<<___ if ($win64); - lea -0x58(%rsp),%rsp - movaps %xmm6,(%rsp) # $iv - movaps %xmm7,0x10(%rsp) # $bswap_mask - movaps %xmm8,0x20(%rsp) # $in8 - movaps %xmm9,0x30(%rsp) # $increment -.Lccm64_dec_body: -___ -$code.=<<___; - mov 240($key),$rounds # key->rounds - movups ($ivp),$iv - movdqu ($cmac),$inout1 - movdqa .Lincrement64(%rip),$increment - movdqa .Lbswap_mask(%rip),$bswap_mask - - movaps $iv,$inout0 - mov $rounds,$rnds_ - mov $key,$key_ - pshufb $bswap_mask,$iv -___ - &aesni_generate1("enc",$key,$rounds); -$code.=<<___; - shl \$4,$rnds_ - mov \$16,$rounds - movups ($inp),$in0 # load inp - paddq $increment,$iv - lea 16($inp),$inp # $inp+=16 - sub %r10,%rax # twisted $rounds - lea 32($key_,$rnds_),$key # end of key schedule - mov %rax,%r10 - jmp .Lccm64_dec_outer -.align 16 -.Lccm64_dec_outer: - xorps $inout0,$in0 # inp ^= E(iv) - movdqa $iv,$inout0 - movups $in0,($out) # save output - lea 16($out),$out # $out+=16 - pshufb $bswap_mask,$inout0 - - sub \$1,$len # $len-- ($len is in blocks) - jz .Lccm64_dec_break # if ($len==0) break - - $movkey ($key_),$rndkey0 - mov %r10,%rax - $movkey 16($key_),$rndkey1 - xorps $rndkey0,$in0 - xorps $rndkey0,$inout0 - xorps $in0,$inout1 # cmac^=out - $movkey 32($key_),$rndkey0 - jmp .Lccm64_dec2_loop -.align 16 -.Lccm64_dec2_loop: - aesenc $rndkey1,$inout0 - aesenc $rndkey1,$inout1 - $movkey ($key,%rax),$rndkey1 - add \$32,%rax - aesenc $rndkey0,$inout0 - aesenc $rndkey0,$inout1 - $movkey -16($key,%rax),$rndkey0 - jnz .Lccm64_dec2_loop - movups ($inp),$in0 # load input - paddq $increment,$iv - aesenc $rndkey1,$inout0 - aesenc $rndkey1,$inout1 - aesenclast $rndkey0,$inout0 - aesenclast $rndkey0,$inout1 - lea 16($inp),$inp # $inp+=16 - jmp .Lccm64_dec_outer - -.align 16 -.Lccm64_dec_break: - #xorps $in0,$inout1 # cmac^=out - mov 240($key_),$rounds -___ - &aesni_generate1("enc",$key_,$rounds,$inout1,$in0); -$code.=<<___; - pxor $rndkey0,$rndkey0 # clear register bank - pxor $rndkey1,$rndkey1 - pxor $inout0,$inout0 - movups $inout1,($cmac) # store resulting mac - pxor $inout1,$inout1 - pxor $in0,$in0 - pxor $iv,$iv -___ -$code.=<<___ if ($win64); - movaps (%rsp),%xmm6 - movaps %xmm0,(%rsp) # clear stack - movaps 0x10(%rsp),%xmm7 - movaps %xmm0,0x10(%rsp) - movaps 0x20(%rsp),%xmm8 - movaps %xmm0,0x20(%rsp) - movaps 0x30(%rsp),%xmm9 - movaps %xmm0,0x30(%rsp) - lea 0x58(%rsp),%rsp -.Lccm64_dec_ret: -___ -$code.=<<___; - ret -.cfi_endproc -.size aesni_ccm64_decrypt_blocks,.-aesni_ccm64_decrypt_blocks -___ -} -###################################################################### -# void aesni_ctr32_encrypt_blocks (const void *in, void *out, -# size_t blocks, const AES_KEY *key, -# const char *ivec); -# -# Handles only complete blocks, operates on 32-bit counter and -# does not update *ivec! (see crypto/modes/ctr128.c for details) -# -# Overhaul based on suggestions from Shay Gueron and Vlad Krasnov, -# http://rt.openssl.org/Ticket/Display.html?id=3021&user=guest&pass=guest. -# Keywords are full unroll and modulo-schedule counter calculations -# with zero-round key xor. -{ -my ($in0,$in1,$in2,$in3,$in4,$in5)=map("%xmm$_",(10..15)); -my ($key0,$ctr)=("%ebp","${ivp}d"); -my $frame_size = 0x80 + ($win64?160:0); - -$code.=<<___; -.globl aesni_ctr32_encrypt_blocks -.type aesni_ctr32_encrypt_blocks,\@function,5 -.align 16 -aesni_ctr32_encrypt_blocks: -.cfi_startproc - endbranch - cmp \$1,$len - jne .Lctr32_bulk - - # handle single block without allocating stack frame, - # useful when handling edges - movups ($ivp),$inout0 - movups ($inp),$inout1 - mov 240($key),%edx # key->rounds -___ - &aesni_generate1("enc",$key,"%edx"); -$code.=<<___; - pxor $rndkey0,$rndkey0 # clear register bank - pxor $rndkey1,$rndkey1 - xorps $inout1,$inout0 - pxor $inout1,$inout1 - movups $inout0,($out) - xorps $inout0,$inout0 - jmp .Lctr32_epilogue - -.align 16 -.Lctr32_bulk: - lea (%rsp),$key_ # use $key_ as frame pointer -.cfi_def_cfa_register $key_ - push %rbp -.cfi_push %rbp - sub \$$frame_size,%rsp - and \$-16,%rsp # Linux kernel stack can be incorrectly seeded -___ -$code.=<<___ if ($win64); - movaps %xmm6,-0xa8($key_) # offload everything - movaps %xmm7,-0x98($key_) - movaps %xmm8,-0x88($key_) - movaps %xmm9,-0x78($key_) - movaps %xmm10,-0x68($key_) - movaps %xmm11,-0x58($key_) - movaps %xmm12,-0x48($key_) - movaps %xmm13,-0x38($key_) - movaps %xmm14,-0x28($key_) - movaps %xmm15,-0x18($key_) -.Lctr32_body: -___ -$code.=<<___; - - # 8 16-byte words on top of stack are counter values - # xor-ed with zero-round key - - movdqu ($ivp),$inout0 - movdqu ($key),$rndkey0 - mov 12($ivp),$ctr # counter LSB - pxor $rndkey0,$inout0 - mov 12($key),$key0 # 0-round key LSB - movdqa $inout0,0x00(%rsp) # populate counter block - bswap $ctr - movdqa $inout0,$inout1 - movdqa $inout0,$inout2 - movdqa $inout0,$inout3 - movdqa $inout0,0x40(%rsp) - movdqa $inout0,0x50(%rsp) - movdqa $inout0,0x60(%rsp) - mov %rdx,%r10 # about to borrow %rdx - movdqa $inout0,0x70(%rsp) - - lea 1($ctr),%rax - lea 2($ctr),%rdx - bswap %eax - bswap %edx - xor $key0,%eax - xor $key0,%edx - pinsrd \$3,%eax,$inout1 - lea 3($ctr),%rax - movdqa $inout1,0x10(%rsp) - pinsrd \$3,%edx,$inout2 - bswap %eax - mov %r10,%rdx # restore %rdx - lea 4($ctr),%r10 - movdqa $inout2,0x20(%rsp) - xor $key0,%eax - bswap %r10d - pinsrd \$3,%eax,$inout3 - xor $key0,%r10d - movdqa $inout3,0x30(%rsp) - lea 5($ctr),%r9 - mov %r10d,0x40+12(%rsp) - bswap %r9d - lea 6($ctr),%r10 - mov 240($key),$rounds # key->rounds - xor $key0,%r9d - bswap %r10d - mov %r9d,0x50+12(%rsp) - xor $key0,%r10d - lea 7($ctr),%r9 - mov %r10d,0x60+12(%rsp) - bswap %r9d - mov OPENSSL_ia32cap_P+4(%rip),%r10d - xor $key0,%r9d - and \$`1<<26|1<<22`,%r10d # isolate XSAVE+MOVBE - mov %r9d,0x70+12(%rsp) - - $movkey 0x10($key),$rndkey1 - - movdqa 0x40(%rsp),$inout4 - movdqa 0x50(%rsp),$inout5 - - cmp \$8,$len # $len is in blocks - jb .Lctr32_tail # short input if ($len<8) - - sub \$6,$len # $len is biased by -6 - cmp \$`1<<22`,%r10d # check for MOVBE without XSAVE - je .Lctr32_6x # [which denotes Atom Silvermont] - - lea 0x80($key),$key # size optimization - sub \$2,$len # $len is biased by -8 - jmp .Lctr32_loop8 - -.align 16 -.Lctr32_6x: - shl \$4,$rounds - mov \$48,$rnds_ - bswap $key0 - lea 32($key,$rounds),$key # end of key schedule - sub %rax,%r10 # twisted $rounds - jmp .Lctr32_loop6 - -.align 16 -.Lctr32_loop6: - add \$6,$ctr # next counter value - $movkey -48($key,$rnds_),$rndkey0 - aesenc $rndkey1,$inout0 - mov $ctr,%eax - xor $key0,%eax - aesenc $rndkey1,$inout1 - movbe %eax,`0x00+12`(%rsp) # store next counter value - lea 1($ctr),%eax - aesenc $rndkey1,$inout2 - xor $key0,%eax - movbe %eax,`0x10+12`(%rsp) - aesenc $rndkey1,$inout3 - lea 2($ctr),%eax - xor $key0,%eax - aesenc $rndkey1,$inout4 - movbe %eax,`0x20+12`(%rsp) - lea 3($ctr),%eax - aesenc $rndkey1,$inout5 - $movkey -32($key,$rnds_),$rndkey1 - xor $key0,%eax - - aesenc $rndkey0,$inout0 - movbe %eax,`0x30+12`(%rsp) - lea 4($ctr),%eax - aesenc $rndkey0,$inout1 - xor $key0,%eax - movbe %eax,`0x40+12`(%rsp) - aesenc $rndkey0,$inout2 - lea 5($ctr),%eax - xor $key0,%eax - aesenc $rndkey0,$inout3 - movbe %eax,`0x50+12`(%rsp) - mov %r10,%rax # mov $rnds_,$rounds - aesenc $rndkey0,$inout4 - aesenc $rndkey0,$inout5 - $movkey -16($key,$rnds_),$rndkey0 - - call .Lenc_loop6 - - movdqu ($inp),$inout6 # load 6 input blocks - movdqu 0x10($inp),$inout7 - movdqu 0x20($inp),$in0 - movdqu 0x30($inp),$in1 - movdqu 0x40($inp),$in2 - movdqu 0x50($inp),$in3 - lea 0x60($inp),$inp # $inp+=6*16 - $movkey -64($key,$rnds_),$rndkey1 - pxor $inout0,$inout6 # inp^=E(ctr) - movaps 0x00(%rsp),$inout0 # load next counter [xor-ed with 0 round] - pxor $inout1,$inout7 - movaps 0x10(%rsp),$inout1 - pxor $inout2,$in0 - movaps 0x20(%rsp),$inout2 - pxor $inout3,$in1 - movaps 0x30(%rsp),$inout3 - pxor $inout4,$in2 - movaps 0x40(%rsp),$inout4 - pxor $inout5,$in3 - movaps 0x50(%rsp),$inout5 - movdqu $inout6,($out) # store 6 output blocks - movdqu $inout7,0x10($out) - movdqu $in0,0x20($out) - movdqu $in1,0x30($out) - movdqu $in2,0x40($out) - movdqu $in3,0x50($out) - lea 0x60($out),$out # $out+=6*16 - - sub \$6,$len - jnc .Lctr32_loop6 # loop if $len-=6 didn't borrow - - add \$6,$len # restore real remaining $len - jz .Lctr32_done # done if ($len==0) - - lea -48($rnds_),$rounds - lea -80($key,$rnds_),$key # restore $key - neg $rounds - shr \$4,$rounds # restore $rounds - jmp .Lctr32_tail - -.align 32 -.Lctr32_loop8: - add \$8,$ctr # next counter value - movdqa 0x60(%rsp),$inout6 - aesenc $rndkey1,$inout0 - mov $ctr,%r9d - movdqa 0x70(%rsp),$inout7 - aesenc $rndkey1,$inout1 - bswap %r9d - $movkey 0x20-0x80($key),$rndkey0 - aesenc $rndkey1,$inout2 - xor $key0,%r9d - nop - aesenc $rndkey1,$inout3 - mov %r9d,0x00+12(%rsp) # store next counter value - lea 1($ctr),%r9 - aesenc $rndkey1,$inout4 - aesenc $rndkey1,$inout5 - aesenc $rndkey1,$inout6 - aesenc $rndkey1,$inout7 - $movkey 0x30-0x80($key),$rndkey1 -___ -for($i=2;$i<8;$i++) { -my $rndkeyx = ($i&1)?$rndkey1:$rndkey0; -$code.=<<___; - bswap %r9d - aesenc $rndkeyx,$inout0 - aesenc $rndkeyx,$inout1 - xor $key0,%r9d - .byte 0x66,0x90 - aesenc $rndkeyx,$inout2 - aesenc $rndkeyx,$inout3 - mov %r9d,`0x10*($i-1)`+12(%rsp) - lea $i($ctr),%r9 - aesenc $rndkeyx,$inout4 - aesenc $rndkeyx,$inout5 - aesenc $rndkeyx,$inout6 - aesenc $rndkeyx,$inout7 - $movkey `0x20+0x10*$i`-0x80($key),$rndkeyx -___ -} -$code.=<<___; - bswap %r9d - aesenc $rndkey0,$inout0 - aesenc $rndkey0,$inout1 - aesenc $rndkey0,$inout2 - xor $key0,%r9d - movdqu 0x00($inp),$in0 # start loading input - aesenc $rndkey0,$inout3 - mov %r9d,0x70+12(%rsp) - cmp \$11,$rounds - aesenc $rndkey0,$inout4 - aesenc $rndkey0,$inout5 - aesenc $rndkey0,$inout6 - aesenc $rndkey0,$inout7 - $movkey 0xa0-0x80($key),$rndkey0 - - jb .Lctr32_enc_done - - aesenc $rndkey1,$inout0 - aesenc $rndkey1,$inout1 - aesenc $rndkey1,$inout2 - aesenc $rndkey1,$inout3 - aesenc $rndkey1,$inout4 - aesenc $rndkey1,$inout5 - aesenc $rndkey1,$inout6 - aesenc $rndkey1,$inout7 - $movkey 0xb0-0x80($key),$rndkey1 - - aesenc $rndkey0,$inout0 - aesenc $rndkey0,$inout1 - aesenc $rndkey0,$inout2 - aesenc $rndkey0,$inout3 - aesenc $rndkey0,$inout4 - aesenc $rndkey0,$inout5 - aesenc $rndkey0,$inout6 - aesenc $rndkey0,$inout7 - $movkey 0xc0-0x80($key),$rndkey0 - je .Lctr32_enc_done - - aesenc $rndkey1,$inout0 - aesenc $rndkey1,$inout1 - aesenc $rndkey1,$inout2 - aesenc $rndkey1,$inout3 - aesenc $rndkey1,$inout4 - aesenc $rndkey1,$inout5 - aesenc $rndkey1,$inout6 - aesenc $rndkey1,$inout7 - $movkey 0xd0-0x80($key),$rndkey1 - - aesenc $rndkey0,$inout0 - aesenc $rndkey0,$inout1 - aesenc $rndkey0,$inout2 - aesenc $rndkey0,$inout3 - aesenc $rndkey0,$inout4 - aesenc $rndkey0,$inout5 - aesenc $rndkey0,$inout6 - aesenc $rndkey0,$inout7 - $movkey 0xe0-0x80($key),$rndkey0 - jmp .Lctr32_enc_done - -.align 16 -.Lctr32_enc_done: - movdqu 0x10($inp),$in1 - pxor $rndkey0,$in0 # input^=round[last] - movdqu 0x20($inp),$in2 - pxor $rndkey0,$in1 - movdqu 0x30($inp),$in3 - pxor $rndkey0,$in2 - movdqu 0x40($inp),$in4 - pxor $rndkey0,$in3 - movdqu 0x50($inp),$in5 - pxor $rndkey0,$in4 - pxor $rndkey0,$in5 - aesenc $rndkey1,$inout0 - aesenc $rndkey1,$inout1 - aesenc $rndkey1,$inout2 - aesenc $rndkey1,$inout3 - aesenc $rndkey1,$inout4 - aesenc $rndkey1,$inout5 - aesenc $rndkey1,$inout6 - aesenc $rndkey1,$inout7 - movdqu 0x60($inp),$rndkey1 # borrow $rndkey1 for inp[6] - lea 0x80($inp),$inp # $inp+=8*16 - - aesenclast $in0,$inout0 # $inN is inp[N]^round[last] - pxor $rndkey0,$rndkey1 # borrowed $rndkey - movdqu 0x70-0x80($inp),$in0 - aesenclast $in1,$inout1 - pxor $rndkey0,$in0 - movdqa 0x00(%rsp),$in1 # load next counter block - aesenclast $in2,$inout2 - aesenclast $in3,$inout3 - movdqa 0x10(%rsp),$in2 - movdqa 0x20(%rsp),$in3 - aesenclast $in4,$inout4 - aesenclast $in5,$inout5 - movdqa 0x30(%rsp),$in4 - movdqa 0x40(%rsp),$in5 - aesenclast $rndkey1,$inout6 - movdqa 0x50(%rsp),$rndkey0 - $movkey 0x10-0x80($key),$rndkey1#real 1st-round key - aesenclast $in0,$inout7 - - movups $inout0,($out) # store 8 output blocks - movdqa $in1,$inout0 - movups $inout1,0x10($out) - movdqa $in2,$inout1 - movups $inout2,0x20($out) - movdqa $in3,$inout2 - movups $inout3,0x30($out) - movdqa $in4,$inout3 - movups $inout4,0x40($out) - movdqa $in5,$inout4 - movups $inout5,0x50($out) - movdqa $rndkey0,$inout5 - movups $inout6,0x60($out) - movups $inout7,0x70($out) - lea 0x80($out),$out # $out+=8*16 - - sub \$8,$len - jnc .Lctr32_loop8 # loop if $len-=8 didn't borrow - - add \$8,$len # restore real remaining $len - jz .Lctr32_done # done if ($len==0) - lea -0x80($key),$key - -.Lctr32_tail: - # note that at this point $inout0..5 are populated with - # counter values xor-ed with 0-round key - lea 16($key),$key - cmp \$4,$len - jb .Lctr32_loop3 - je .Lctr32_loop4 - - # if ($len>4) compute 7 E(counter) - shl \$4,$rounds - movdqa 0x60(%rsp),$inout6 - pxor $inout7,$inout7 - - $movkey 16($key),$rndkey0 - aesenc $rndkey1,$inout0 - aesenc $rndkey1,$inout1 - lea 32-16($key,$rounds),$key# prepare for .Lenc_loop8_enter - neg %rax - aesenc $rndkey1,$inout2 - add \$16,%rax # prepare for .Lenc_loop8_enter - movups ($inp),$in0 - aesenc $rndkey1,$inout3 - aesenc $rndkey1,$inout4 - movups 0x10($inp),$in1 # pre-load input - movups 0x20($inp),$in2 - aesenc $rndkey1,$inout5 - aesenc $rndkey1,$inout6 - - call .Lenc_loop8_enter - - movdqu 0x30($inp),$in3 - pxor $in0,$inout0 - movdqu 0x40($inp),$in0 - pxor $in1,$inout1 - movdqu $inout0,($out) # store output - pxor $in2,$inout2 - movdqu $inout1,0x10($out) - pxor $in3,$inout3 - movdqu $inout2,0x20($out) - pxor $in0,$inout4 - movdqu $inout3,0x30($out) - movdqu $inout4,0x40($out) - cmp \$6,$len - jb .Lctr32_done # $len was 5, stop store - - movups 0x50($inp),$in1 - xorps $in1,$inout5 - movups $inout5,0x50($out) - je .Lctr32_done # $len was 6, stop store - - movups 0x60($inp),$in2 - xorps $in2,$inout6 - movups $inout6,0x60($out) - jmp .Lctr32_done # $len was 7, stop store - -.align 32 -.Lctr32_loop4: - aesenc $rndkey1,$inout0 - lea 16($key),$key - dec $rounds - aesenc $rndkey1,$inout1 - aesenc $rndkey1,$inout2 - aesenc $rndkey1,$inout3 - $movkey ($key),$rndkey1 - jnz .Lctr32_loop4 - aesenclast $rndkey1,$inout0 - aesenclast $rndkey1,$inout1 - movups ($inp),$in0 # load input - movups 0x10($inp),$in1 - aesenclast $rndkey1,$inout2 - aesenclast $rndkey1,$inout3 - movups 0x20($inp),$in2 - movups 0x30($inp),$in3 - - xorps $in0,$inout0 - movups $inout0,($out) # store output - xorps $in1,$inout1 - movups $inout1,0x10($out) - pxor $in2,$inout2 - movdqu $inout2,0x20($out) - pxor $in3,$inout3 - movdqu $inout3,0x30($out) - jmp .Lctr32_done # $len was 4, stop store - -.align 32 -.Lctr32_loop3: - aesenc $rndkey1,$inout0 - lea 16($key),$key - dec $rounds - aesenc $rndkey1,$inout1 - aesenc $rndkey1,$inout2 - $movkey ($key),$rndkey1 - jnz .Lctr32_loop3 - aesenclast $rndkey1,$inout0 - aesenclast $rndkey1,$inout1 - aesenclast $rndkey1,$inout2 - - movups ($inp),$in0 # load input - xorps $in0,$inout0 - movups $inout0,($out) # store output - cmp \$2,$len - jb .Lctr32_done # $len was 1, stop store - - movups 0x10($inp),$in1 - xorps $in1,$inout1 - movups $inout1,0x10($out) - je .Lctr32_done # $len was 2, stop store - - movups 0x20($inp),$in2 - xorps $in2,$inout2 - movups $inout2,0x20($out) # $len was 3, stop store - -.Lctr32_done: - xorps %xmm0,%xmm0 # clear register bank - xor $key0,$key0 - pxor %xmm1,%xmm1 - pxor %xmm2,%xmm2 - pxor %xmm3,%xmm3 - pxor %xmm4,%xmm4 - pxor %xmm5,%xmm5 -___ -$code.=<<___ if (!$win64); - pxor %xmm6,%xmm6 - pxor %xmm7,%xmm7 - movaps %xmm0,0x00(%rsp) # clear stack - pxor %xmm8,%xmm8 - movaps %xmm0,0x10(%rsp) - pxor %xmm9,%xmm9 - movaps %xmm0,0x20(%rsp) - pxor %xmm10,%xmm10 - movaps %xmm0,0x30(%rsp) - pxor %xmm11,%xmm11 - movaps %xmm0,0x40(%rsp) - pxor %xmm12,%xmm12 - movaps %xmm0,0x50(%rsp) - pxor %xmm13,%xmm13 - movaps %xmm0,0x60(%rsp) - pxor %xmm14,%xmm14 - movaps %xmm0,0x70(%rsp) - pxor %xmm15,%xmm15 -___ -$code.=<<___ if ($win64); - movaps -0xa8($key_),%xmm6 - movaps %xmm0,-0xa8($key_) # clear stack - movaps -0x98($key_),%xmm7 - movaps %xmm0,-0x98($key_) - movaps -0x88($key_),%xmm8 - movaps %xmm0,-0x88($key_) - movaps -0x78($key_),%xmm9 - movaps %xmm0,-0x78($key_) - movaps -0x68($key_),%xmm10 - movaps %xmm0,-0x68($key_) - movaps -0x58($key_),%xmm11 - movaps %xmm0,-0x58($key_) - movaps -0x48($key_),%xmm12 - movaps %xmm0,-0x48($key_) - movaps -0x38($key_),%xmm13 - movaps %xmm0,-0x38($key_) - movaps -0x28($key_),%xmm14 - movaps %xmm0,-0x28($key_) - movaps -0x18($key_),%xmm15 - movaps %xmm0,-0x18($key_) - movaps %xmm0,0x00(%rsp) - movaps %xmm0,0x10(%rsp) - movaps %xmm0,0x20(%rsp) - movaps %xmm0,0x30(%rsp) - movaps %xmm0,0x40(%rsp) - movaps %xmm0,0x50(%rsp) - movaps %xmm0,0x60(%rsp) - movaps %xmm0,0x70(%rsp) -___ -$code.=<<___; - mov -8($key_),%rbp -.cfi_restore %rbp - lea ($key_),%rsp -.cfi_def_cfa_register %rsp -.Lctr32_epilogue: - ret -.cfi_endproc -.size aesni_ctr32_encrypt_blocks,.-aesni_ctr32_encrypt_blocks -___ -} - -###################################################################### -# void aesni_xts_[en|de]crypt(const char *inp,char *out,size_t len, -# const AES_KEY *key1, const AES_KEY *key2 -# const unsigned char iv[16]); -# -{ -my @tweak=map("%xmm$_",(10..15)); -my ($twmask,$twres,$twtmp)=("%xmm8","%xmm9",@tweak[4]); -my ($key2,$ivp,$len_)=("%r8","%r9","%r9"); -my $frame_size = 0x70 + ($win64?160:0); -my $key_ = "%rbp"; # override so that we can use %r11 as FP - -$code.=<<___; -.globl aesni_xts_encrypt -.type aesni_xts_encrypt,\@function,6 -.align 16 -aesni_xts_encrypt: -.cfi_startproc - endbranch - lea (%rsp),%r11 # frame pointer -.cfi_def_cfa_register %r11 - push %rbp -.cfi_push %rbp - sub \$$frame_size,%rsp - and \$-16,%rsp # Linux kernel stack can be incorrectly seeded -___ -$code.=<<___ if ($win64); - movaps %xmm6,-0xa8(%r11) # offload everything - movaps %xmm7,-0x98(%r11) - movaps %xmm8,-0x88(%r11) - movaps %xmm9,-0x78(%r11) - movaps %xmm10,-0x68(%r11) - movaps %xmm11,-0x58(%r11) - movaps %xmm12,-0x48(%r11) - movaps %xmm13,-0x38(%r11) - movaps %xmm14,-0x28(%r11) - movaps %xmm15,-0x18(%r11) -.Lxts_enc_body: -___ -$code.=<<___; - movups ($ivp),$inout0 # load clear-text tweak - mov 240(%r8),$rounds # key2->rounds - mov 240($key),$rnds_ # key1->rounds -___ - # generate the tweak - &aesni_generate1("enc",$key2,$rounds,$inout0); -$code.=<<___; - $movkey ($key),$rndkey0 # zero round key - mov $key,$key_ # backup $key - mov $rnds_,$rounds # backup $rounds - shl \$4,$rnds_ - mov $len,$len_ # backup $len - and \$-16,$len - - $movkey 16($key,$rnds_),$rndkey1 # last round key - - movdqa .Lxts_magic(%rip),$twmask - movdqa $inout0,@tweak[5] - pshufd \$0x5f,$inout0,$twres - pxor $rndkey0,$rndkey1 -___ - # alternative tweak calculation algorithm is based on suggestions - # by Shay Gueron. psrad doesn't conflict with AES-NI instructions - # and should help in the future... - for ($i=0;$i<4;$i++) { - $code.=<<___; - movdqa $twres,$twtmp - paddd $twres,$twres - movdqa @tweak[5],@tweak[$i] - psrad \$31,$twtmp # broadcast upper bits - paddq @tweak[5],@tweak[5] - pand $twmask,$twtmp - pxor $rndkey0,@tweak[$i] - pxor $twtmp,@tweak[5] -___ - } -$code.=<<___; - movdqa @tweak[5],@tweak[4] - psrad \$31,$twres - paddq @tweak[5],@tweak[5] - pand $twmask,$twres - pxor $rndkey0,@tweak[4] - pxor $twres,@tweak[5] - movaps $rndkey1,0x60(%rsp) # save round[0]^round[last] - - sub \$16*6,$len - jc .Lxts_enc_short # if $len-=6*16 borrowed - - mov \$16+96,$rounds - lea 32($key_,$rnds_),$key # end of key schedule - sub %r10,%rax # twisted $rounds - $movkey 16($key_),$rndkey1 - mov %rax,%r10 # backup twisted $rounds - lea .Lxts_magic(%rip),%r8 - jmp .Lxts_enc_grandloop - -.align 32 -.Lxts_enc_grandloop: - movdqu `16*0`($inp),$inout0 # load input - movdqa $rndkey0,$twmask - movdqu `16*1`($inp),$inout1 - pxor @tweak[0],$inout0 # input^=tweak^round[0] - movdqu `16*2`($inp),$inout2 - pxor @tweak[1],$inout1 - aesenc $rndkey1,$inout0 - movdqu `16*3`($inp),$inout3 - pxor @tweak[2],$inout2 - aesenc $rndkey1,$inout1 - movdqu `16*4`($inp),$inout4 - pxor @tweak[3],$inout3 - aesenc $rndkey1,$inout2 - movdqu `16*5`($inp),$inout5 - pxor @tweak[5],$twmask # round[0]^=tweak[5] - movdqa 0x60(%rsp),$twres # load round[0]^round[last] - pxor @tweak[4],$inout4 - aesenc $rndkey1,$inout3 - $movkey 32($key_),$rndkey0 - lea `16*6`($inp),$inp - pxor $twmask,$inout5 - - pxor $twres,@tweak[0] # calculate tweaks^round[last] - aesenc $rndkey1,$inout4 - pxor $twres,@tweak[1] - movdqa @tweak[0],`16*0`(%rsp) # put aside tweaks^round[last] - aesenc $rndkey1,$inout5 - $movkey 48($key_),$rndkey1 - pxor $twres,@tweak[2] - - aesenc $rndkey0,$inout0 - pxor $twres,@tweak[3] - movdqa @tweak[1],`16*1`(%rsp) - aesenc $rndkey0,$inout1 - pxor $twres,@tweak[4] - movdqa @tweak[2],`16*2`(%rsp) - aesenc $rndkey0,$inout2 - aesenc $rndkey0,$inout3 - pxor $twres,$twmask - movdqa @tweak[4],`16*4`(%rsp) - aesenc $rndkey0,$inout4 - aesenc $rndkey0,$inout5 - $movkey 64($key_),$rndkey0 - movdqa $twmask,`16*5`(%rsp) - pshufd \$0x5f,@tweak[5],$twres - jmp .Lxts_enc_loop6 -.align 32 -.Lxts_enc_loop6: - aesenc $rndkey1,$inout0 - aesenc $rndkey1,$inout1 - aesenc $rndkey1,$inout2 - aesenc $rndkey1,$inout3 - aesenc $rndkey1,$inout4 - aesenc $rndkey1,$inout5 - $movkey -64($key,%rax),$rndkey1 - add \$32,%rax - - aesenc $rndkey0,$inout0 - aesenc $rndkey0,$inout1 - aesenc $rndkey0,$inout2 - aesenc $rndkey0,$inout3 - aesenc $rndkey0,$inout4 - aesenc $rndkey0,$inout5 - $movkey -80($key,%rax),$rndkey0 - jnz .Lxts_enc_loop6 - - movdqa (%r8),$twmask # start calculating next tweak - movdqa $twres,$twtmp - paddd $twres,$twres - aesenc $rndkey1,$inout0 - paddq @tweak[5],@tweak[5] - psrad \$31,$twtmp - aesenc $rndkey1,$inout1 - pand $twmask,$twtmp - $movkey ($key_),@tweak[0] # load round[0] - aesenc $rndkey1,$inout2 - aesenc $rndkey1,$inout3 - aesenc $rndkey1,$inout4 - pxor $twtmp,@tweak[5] - movaps @tweak[0],@tweak[1] # copy round[0] - aesenc $rndkey1,$inout5 - $movkey -64($key),$rndkey1 - - movdqa $twres,$twtmp - aesenc $rndkey0,$inout0 - paddd $twres,$twres - pxor @tweak[5],@tweak[0] - aesenc $rndkey0,$inout1 - psrad \$31,$twtmp - paddq @tweak[5],@tweak[5] - aesenc $rndkey0,$inout2 - aesenc $rndkey0,$inout3 - pand $twmask,$twtmp - movaps @tweak[1],@tweak[2] - aesenc $rndkey0,$inout4 - pxor $twtmp,@tweak[5] - movdqa $twres,$twtmp - aesenc $rndkey0,$inout5 - $movkey -48($key),$rndkey0 - - paddd $twres,$twres - aesenc $rndkey1,$inout0 - pxor @tweak[5],@tweak[1] - psrad \$31,$twtmp - aesenc $rndkey1,$inout1 - paddq @tweak[5],@tweak[5] - pand $twmask,$twtmp - aesenc $rndkey1,$inout2 - aesenc $rndkey1,$inout3 - movdqa @tweak[3],`16*3`(%rsp) - pxor $twtmp,@tweak[5] - aesenc $rndkey1,$inout4 - movaps @tweak[2],@tweak[3] - movdqa $twres,$twtmp - aesenc $rndkey1,$inout5 - $movkey -32($key),$rndkey1 - - paddd $twres,$twres - aesenc $rndkey0,$inout0 - pxor @tweak[5],@tweak[2] - psrad \$31,$twtmp - aesenc $rndkey0,$inout1 - paddq @tweak[5],@tweak[5] - pand $twmask,$twtmp - aesenc $rndkey0,$inout2 - aesenc $rndkey0,$inout3 - aesenc $rndkey0,$inout4 - pxor $twtmp,@tweak[5] - movaps @tweak[3],@tweak[4] - aesenc $rndkey0,$inout5 - - movdqa $twres,$rndkey0 - paddd $twres,$twres - aesenc $rndkey1,$inout0 - pxor @tweak[5],@tweak[3] - psrad \$31,$rndkey0 - aesenc $rndkey1,$inout1 - paddq @tweak[5],@tweak[5] - pand $twmask,$rndkey0 - aesenc $rndkey1,$inout2 - aesenc $rndkey1,$inout3 - pxor $rndkey0,@tweak[5] - $movkey ($key_),$rndkey0 - aesenc $rndkey1,$inout4 - aesenc $rndkey1,$inout5 - $movkey 16($key_),$rndkey1 - - pxor @tweak[5],@tweak[4] - aesenclast `16*0`(%rsp),$inout0 - psrad \$31,$twres - paddq @tweak[5],@tweak[5] - aesenclast `16*1`(%rsp),$inout1 - aesenclast `16*2`(%rsp),$inout2 - pand $twmask,$twres - mov %r10,%rax # restore $rounds - aesenclast `16*3`(%rsp),$inout3 - aesenclast `16*4`(%rsp),$inout4 - aesenclast `16*5`(%rsp),$inout5 - pxor $twres,@tweak[5] - - lea `16*6`($out),$out # $out+=6*16 - movups $inout0,`-16*6`($out) # store 6 output blocks - movups $inout1,`-16*5`($out) - movups $inout2,`-16*4`($out) - movups $inout3,`-16*3`($out) - movups $inout4,`-16*2`($out) - movups $inout5,`-16*1`($out) - sub \$16*6,$len - jnc .Lxts_enc_grandloop # loop if $len-=6*16 didn't borrow - - mov \$16+96,$rounds - sub $rnds_,$rounds - mov $key_,$key # restore $key - shr \$4,$rounds # restore original value - -.Lxts_enc_short: - # at the point @tweak[0..5] are populated with tweak values - mov $rounds,$rnds_ # backup $rounds - pxor $rndkey0,@tweak[0] - add \$16*6,$len # restore real remaining $len - jz .Lxts_enc_done # done if ($len==0) - - pxor $rndkey0,@tweak[1] - cmp \$0x20,$len - jb .Lxts_enc_one # $len is 1*16 - pxor $rndkey0,@tweak[2] - je .Lxts_enc_two # $len is 2*16 - - pxor $rndkey0,@tweak[3] - cmp \$0x40,$len - jb .Lxts_enc_three # $len is 3*16 - pxor $rndkey0,@tweak[4] - je .Lxts_enc_four # $len is 4*16 - - movdqu ($inp),$inout0 # $len is 5*16 - movdqu 16*1($inp),$inout1 - movdqu 16*2($inp),$inout2 - pxor @tweak[0],$inout0 - movdqu 16*3($inp),$inout3 - pxor @tweak[1],$inout1 - movdqu 16*4($inp),$inout4 - lea 16*5($inp),$inp # $inp+=5*16 - pxor @tweak[2],$inout2 - pxor @tweak[3],$inout3 - pxor @tweak[4],$inout4 - pxor $inout5,$inout5 - - call _aesni_encrypt6 - - xorps @tweak[0],$inout0 - movdqa @tweak[5],@tweak[0] - xorps @tweak[1],$inout1 - xorps @tweak[2],$inout2 - movdqu $inout0,($out) # store 5 output blocks - xorps @tweak[3],$inout3 - movdqu $inout1,16*1($out) - xorps @tweak[4],$inout4 - movdqu $inout2,16*2($out) - movdqu $inout3,16*3($out) - movdqu $inout4,16*4($out) - lea 16*5($out),$out # $out+=5*16 - jmp .Lxts_enc_done - -.align 16 -.Lxts_enc_one: - movups ($inp),$inout0 - lea 16*1($inp),$inp # inp+=1*16 - xorps @tweak[0],$inout0 -___ - &aesni_generate1("enc",$key,$rounds); -$code.=<<___; - xorps @tweak[0],$inout0 - movdqa @tweak[1],@tweak[0] - movups $inout0,($out) # store one output block - lea 16*1($out),$out # $out+=1*16 - jmp .Lxts_enc_done - -.align 16 -.Lxts_enc_two: - movups ($inp),$inout0 - movups 16($inp),$inout1 - lea 32($inp),$inp # $inp+=2*16 - xorps @tweak[0],$inout0 - xorps @tweak[1],$inout1 - - call _aesni_encrypt2 - - xorps @tweak[0],$inout0 - movdqa @tweak[2],@tweak[0] - xorps @tweak[1],$inout1 - movups $inout0,($out) # store 2 output blocks - movups $inout1,16*1($out) - lea 16*2($out),$out # $out+=2*16 - jmp .Lxts_enc_done - -.align 16 -.Lxts_enc_three: - movups ($inp),$inout0 - movups 16*1($inp),$inout1 - movups 16*2($inp),$inout2 - lea 16*3($inp),$inp # $inp+=3*16 - xorps @tweak[0],$inout0 - xorps @tweak[1],$inout1 - xorps @tweak[2],$inout2 - - call _aesni_encrypt3 - - xorps @tweak[0],$inout0 - movdqa @tweak[3],@tweak[0] - xorps @tweak[1],$inout1 - xorps @tweak[2],$inout2 - movups $inout0,($out) # store 3 output blocks - movups $inout1,16*1($out) - movups $inout2,16*2($out) - lea 16*3($out),$out # $out+=3*16 - jmp .Lxts_enc_done - -.align 16 -.Lxts_enc_four: - movups ($inp),$inout0 - movups 16*1($inp),$inout1 - movups 16*2($inp),$inout2 - xorps @tweak[0],$inout0 - movups 16*3($inp),$inout3 - lea 16*4($inp),$inp # $inp+=4*16 - xorps @tweak[1],$inout1 - xorps @tweak[2],$inout2 - xorps @tweak[3],$inout3 - - call _aesni_encrypt4 - - pxor @tweak[0],$inout0 - movdqa @tweak[4],@tweak[0] - pxor @tweak[1],$inout1 - pxor @tweak[2],$inout2 - movdqu $inout0,($out) # store 4 output blocks - pxor @tweak[3],$inout3 - movdqu $inout1,16*1($out) - movdqu $inout2,16*2($out) - movdqu $inout3,16*3($out) - lea 16*4($out),$out # $out+=4*16 - jmp .Lxts_enc_done - -.align 16 -.Lxts_enc_done: - and \$15,$len_ # see if $len%16 is 0 - jz .Lxts_enc_ret - mov $len_,$len - -.Lxts_enc_steal: - movzb ($inp),%eax # borrow $rounds ... - movzb -16($out),%ecx # ... and $key - lea 1($inp),$inp - mov %al,-16($out) - mov %cl,0($out) - lea 1($out),$out - sub \$1,$len - jnz .Lxts_enc_steal - - sub $len_,$out # rewind $out - mov $key_,$key # restore $key - mov $rnds_,$rounds # restore $rounds - - movups -16($out),$inout0 - xorps @tweak[0],$inout0 -___ - &aesni_generate1("enc",$key,$rounds); -$code.=<<___; - xorps @tweak[0],$inout0 - movups $inout0,-16($out) - -.Lxts_enc_ret: - xorps %xmm0,%xmm0 # clear register bank - pxor %xmm1,%xmm1 - pxor %xmm2,%xmm2 - pxor %xmm3,%xmm3 - pxor %xmm4,%xmm4 - pxor %xmm5,%xmm5 -___ -$code.=<<___ if (!$win64); - pxor %xmm6,%xmm6 - pxor %xmm7,%xmm7 - movaps %xmm0,0x00(%rsp) # clear stack - pxor %xmm8,%xmm8 - movaps %xmm0,0x10(%rsp) - pxor %xmm9,%xmm9 - movaps %xmm0,0x20(%rsp) - pxor %xmm10,%xmm10 - movaps %xmm0,0x30(%rsp) - pxor %xmm11,%xmm11 - movaps %xmm0,0x40(%rsp) - pxor %xmm12,%xmm12 - movaps %xmm0,0x50(%rsp) - pxor %xmm13,%xmm13 - movaps %xmm0,0x60(%rsp) - pxor %xmm14,%xmm14 - pxor %xmm15,%xmm15 -___ -$code.=<<___ if ($win64); - movaps -0xa8(%r11),%xmm6 - movaps %xmm0,-0xa8(%r11) # clear stack - movaps -0x98(%r11),%xmm7 - movaps %xmm0,-0x98(%r11) - movaps -0x88(%r11),%xmm8 - movaps %xmm0,-0x88(%r11) - movaps -0x78(%r11),%xmm9 - movaps %xmm0,-0x78(%r11) - movaps -0x68(%r11),%xmm10 - movaps %xmm0,-0x68(%r11) - movaps -0x58(%r11),%xmm11 - movaps %xmm0,-0x58(%r11) - movaps -0x48(%r11),%xmm12 - movaps %xmm0,-0x48(%r11) - movaps -0x38(%r11),%xmm13 - movaps %xmm0,-0x38(%r11) - movaps -0x28(%r11),%xmm14 - movaps %xmm0,-0x28(%r11) - movaps -0x18(%r11),%xmm15 - movaps %xmm0,-0x18(%r11) - movaps %xmm0,0x00(%rsp) - movaps %xmm0,0x10(%rsp) - movaps %xmm0,0x20(%rsp) - movaps %xmm0,0x30(%rsp) - movaps %xmm0,0x40(%rsp) - movaps %xmm0,0x50(%rsp) - movaps %xmm0,0x60(%rsp) -___ -$code.=<<___; - mov -8(%r11),%rbp -.cfi_restore %rbp - lea (%r11),%rsp -.cfi_def_cfa_register %rsp -.Lxts_enc_epilogue: - ret -.cfi_endproc -.size aesni_xts_encrypt,.-aesni_xts_encrypt -___ - -$code.=<<___; -.globl aesni_xts_decrypt -.type aesni_xts_decrypt,\@function,6 -.align 16 -aesni_xts_decrypt: -.cfi_startproc - endbranch - lea (%rsp),%r11 # frame pointer -.cfi_def_cfa_register %r11 - push %rbp -.cfi_push %rbp - sub \$$frame_size,%rsp - and \$-16,%rsp # Linux kernel stack can be incorrectly seeded -___ -$code.=<<___ if ($win64); - movaps %xmm6,-0xa8(%r11) # offload everything - movaps %xmm7,-0x98(%r11) - movaps %xmm8,-0x88(%r11) - movaps %xmm9,-0x78(%r11) - movaps %xmm10,-0x68(%r11) - movaps %xmm11,-0x58(%r11) - movaps %xmm12,-0x48(%r11) - movaps %xmm13,-0x38(%r11) - movaps %xmm14,-0x28(%r11) - movaps %xmm15,-0x18(%r11) -.Lxts_dec_body: -___ -$code.=<<___; - movups ($ivp),$inout0 # load clear-text tweak - mov 240($key2),$rounds # key2->rounds - mov 240($key),$rnds_ # key1->rounds -___ - # generate the tweak - &aesni_generate1("enc",$key2,$rounds,$inout0); -$code.=<<___; - xor %eax,%eax # if ($len%16) len-=16; - test \$15,$len - setnz %al - shl \$4,%rax - sub %rax,$len - - $movkey ($key),$rndkey0 # zero round key - mov $key,$key_ # backup $key - mov $rnds_,$rounds # backup $rounds - shl \$4,$rnds_ - mov $len,$len_ # backup $len - and \$-16,$len - - $movkey 16($key,$rnds_),$rndkey1 # last round key - - movdqa .Lxts_magic(%rip),$twmask - movdqa $inout0,@tweak[5] - pshufd \$0x5f,$inout0,$twres - pxor $rndkey0,$rndkey1 -___ - for ($i=0;$i<4;$i++) { - $code.=<<___; - movdqa $twres,$twtmp - paddd $twres,$twres - movdqa @tweak[5],@tweak[$i] - psrad \$31,$twtmp # broadcast upper bits - paddq @tweak[5],@tweak[5] - pand $twmask,$twtmp - pxor $rndkey0,@tweak[$i] - pxor $twtmp,@tweak[5] -___ - } -$code.=<<___; - movdqa @tweak[5],@tweak[4] - psrad \$31,$twres - paddq @tweak[5],@tweak[5] - pand $twmask,$twres - pxor $rndkey0,@tweak[4] - pxor $twres,@tweak[5] - movaps $rndkey1,0x60(%rsp) # save round[0]^round[last] - - sub \$16*6,$len - jc .Lxts_dec_short # if $len-=6*16 borrowed - - mov \$16+96,$rounds - lea 32($key_,$rnds_),$key # end of key schedule - sub %r10,%rax # twisted $rounds - $movkey 16($key_),$rndkey1 - mov %rax,%r10 # backup twisted $rounds - lea .Lxts_magic(%rip),%r8 - jmp .Lxts_dec_grandloop - -.align 32 -.Lxts_dec_grandloop: - movdqu `16*0`($inp),$inout0 # load input - movdqa $rndkey0,$twmask - movdqu `16*1`($inp),$inout1 - pxor @tweak[0],$inout0 # input^=tweak^round[0] - movdqu `16*2`($inp),$inout2 - pxor @tweak[1],$inout1 - aesdec $rndkey1,$inout0 - movdqu `16*3`($inp),$inout3 - pxor @tweak[2],$inout2 - aesdec $rndkey1,$inout1 - movdqu `16*4`($inp),$inout4 - pxor @tweak[3],$inout3 - aesdec $rndkey1,$inout2 - movdqu `16*5`($inp),$inout5 - pxor @tweak[5],$twmask # round[0]^=tweak[5] - movdqa 0x60(%rsp),$twres # load round[0]^round[last] - pxor @tweak[4],$inout4 - aesdec $rndkey1,$inout3 - $movkey 32($key_),$rndkey0 - lea `16*6`($inp),$inp - pxor $twmask,$inout5 - - pxor $twres,@tweak[0] # calculate tweaks^round[last] - aesdec $rndkey1,$inout4 - pxor $twres,@tweak[1] - movdqa @tweak[0],`16*0`(%rsp) # put aside tweaks^last round key - aesdec $rndkey1,$inout5 - $movkey 48($key_),$rndkey1 - pxor $twres,@tweak[2] - - aesdec $rndkey0,$inout0 - pxor $twres,@tweak[3] - movdqa @tweak[1],`16*1`(%rsp) - aesdec $rndkey0,$inout1 - pxor $twres,@tweak[4] - movdqa @tweak[2],`16*2`(%rsp) - aesdec $rndkey0,$inout2 - aesdec $rndkey0,$inout3 - pxor $twres,$twmask - movdqa @tweak[4],`16*4`(%rsp) - aesdec $rndkey0,$inout4 - aesdec $rndkey0,$inout5 - $movkey 64($key_),$rndkey0 - movdqa $twmask,`16*5`(%rsp) - pshufd \$0x5f,@tweak[5],$twres - jmp .Lxts_dec_loop6 -.align 32 -.Lxts_dec_loop6: - aesdec $rndkey1,$inout0 - aesdec $rndkey1,$inout1 - aesdec $rndkey1,$inout2 - aesdec $rndkey1,$inout3 - aesdec $rndkey1,$inout4 - aesdec $rndkey1,$inout5 - $movkey -64($key,%rax),$rndkey1 - add \$32,%rax - - aesdec $rndkey0,$inout0 - aesdec $rndkey0,$inout1 - aesdec $rndkey0,$inout2 - aesdec $rndkey0,$inout3 - aesdec $rndkey0,$inout4 - aesdec $rndkey0,$inout5 - $movkey -80($key,%rax),$rndkey0 - jnz .Lxts_dec_loop6 - - movdqa (%r8),$twmask # start calculating next tweak - movdqa $twres,$twtmp - paddd $twres,$twres - aesdec $rndkey1,$inout0 - paddq @tweak[5],@tweak[5] - psrad \$31,$twtmp - aesdec $rndkey1,$inout1 - pand $twmask,$twtmp - $movkey ($key_),@tweak[0] # load round[0] - aesdec $rndkey1,$inout2 - aesdec $rndkey1,$inout3 - aesdec $rndkey1,$inout4 - pxor $twtmp,@tweak[5] - movaps @tweak[0],@tweak[1] # copy round[0] - aesdec $rndkey1,$inout5 - $movkey -64($key),$rndkey1 - - movdqa $twres,$twtmp - aesdec $rndkey0,$inout0 - paddd $twres,$twres - pxor @tweak[5],@tweak[0] - aesdec $rndkey0,$inout1 - psrad \$31,$twtmp - paddq @tweak[5],@tweak[5] - aesdec $rndkey0,$inout2 - aesdec $rndkey0,$inout3 - pand $twmask,$twtmp - movaps @tweak[1],@tweak[2] - aesdec $rndkey0,$inout4 - pxor $twtmp,@tweak[5] - movdqa $twres,$twtmp - aesdec $rndkey0,$inout5 - $movkey -48($key),$rndkey0 - - paddd $twres,$twres - aesdec $rndkey1,$inout0 - pxor @tweak[5],@tweak[1] - psrad \$31,$twtmp - aesdec $rndkey1,$inout1 - paddq @tweak[5],@tweak[5] - pand $twmask,$twtmp - aesdec $rndkey1,$inout2 - aesdec $rndkey1,$inout3 - movdqa @tweak[3],`16*3`(%rsp) - pxor $twtmp,@tweak[5] - aesdec $rndkey1,$inout4 - movaps @tweak[2],@tweak[3] - movdqa $twres,$twtmp - aesdec $rndkey1,$inout5 - $movkey -32($key),$rndkey1 - - paddd $twres,$twres - aesdec $rndkey0,$inout0 - pxor @tweak[5],@tweak[2] - psrad \$31,$twtmp - aesdec $rndkey0,$inout1 - paddq @tweak[5],@tweak[5] - pand $twmask,$twtmp - aesdec $rndkey0,$inout2 - aesdec $rndkey0,$inout3 - aesdec $rndkey0,$inout4 - pxor $twtmp,@tweak[5] - movaps @tweak[3],@tweak[4] - aesdec $rndkey0,$inout5 - - movdqa $twres,$rndkey0 - paddd $twres,$twres - aesdec $rndkey1,$inout0 - pxor @tweak[5],@tweak[3] - psrad \$31,$rndkey0 - aesdec $rndkey1,$inout1 - paddq @tweak[5],@tweak[5] - pand $twmask,$rndkey0 - aesdec $rndkey1,$inout2 - aesdec $rndkey1,$inout3 - pxor $rndkey0,@tweak[5] - $movkey ($key_),$rndkey0 - aesdec $rndkey1,$inout4 - aesdec $rndkey1,$inout5 - $movkey 16($key_),$rndkey1 - - pxor @tweak[5],@tweak[4] - aesdeclast `16*0`(%rsp),$inout0 - psrad \$31,$twres - paddq @tweak[5],@tweak[5] - aesdeclast `16*1`(%rsp),$inout1 - aesdeclast `16*2`(%rsp),$inout2 - pand $twmask,$twres - mov %r10,%rax # restore $rounds - aesdeclast `16*3`(%rsp),$inout3 - aesdeclast `16*4`(%rsp),$inout4 - aesdeclast `16*5`(%rsp),$inout5 - pxor $twres,@tweak[5] - - lea `16*6`($out),$out # $out+=6*16 - movups $inout0,`-16*6`($out) # store 6 output blocks - movups $inout1,`-16*5`($out) - movups $inout2,`-16*4`($out) - movups $inout3,`-16*3`($out) - movups $inout4,`-16*2`($out) - movups $inout5,`-16*1`($out) - sub \$16*6,$len - jnc .Lxts_dec_grandloop # loop if $len-=6*16 didn't borrow - - mov \$16+96,$rounds - sub $rnds_,$rounds - mov $key_,$key # restore $key - shr \$4,$rounds # restore original value - -.Lxts_dec_short: - # at the point @tweak[0..5] are populated with tweak values - mov $rounds,$rnds_ # backup $rounds - pxor $rndkey0,@tweak[0] - pxor $rndkey0,@tweak[1] - add \$16*6,$len # restore real remaining $len - jz .Lxts_dec_done # done if ($len==0) - - pxor $rndkey0,@tweak[2] - cmp \$0x20,$len - jb .Lxts_dec_one # $len is 1*16 - pxor $rndkey0,@tweak[3] - je .Lxts_dec_two # $len is 2*16 - - pxor $rndkey0,@tweak[4] - cmp \$0x40,$len - jb .Lxts_dec_three # $len is 3*16 - je .Lxts_dec_four # $len is 4*16 - - movdqu ($inp),$inout0 # $len is 5*16 - movdqu 16*1($inp),$inout1 - movdqu 16*2($inp),$inout2 - pxor @tweak[0],$inout0 - movdqu 16*3($inp),$inout3 - pxor @tweak[1],$inout1 - movdqu 16*4($inp),$inout4 - lea 16*5($inp),$inp # $inp+=5*16 - pxor @tweak[2],$inout2 - pxor @tweak[3],$inout3 - pxor @tweak[4],$inout4 - - call _aesni_decrypt6 - - xorps @tweak[0],$inout0 - xorps @tweak[1],$inout1 - xorps @tweak[2],$inout2 - movdqu $inout0,($out) # store 5 output blocks - xorps @tweak[3],$inout3 - movdqu $inout1,16*1($out) - xorps @tweak[4],$inout4 - movdqu $inout2,16*2($out) - pxor $twtmp,$twtmp - movdqu $inout3,16*3($out) - pcmpgtd @tweak[5],$twtmp - movdqu $inout4,16*4($out) - lea 16*5($out),$out # $out+=5*16 - pshufd \$0x13,$twtmp,@tweak[1] # $twres - and \$15,$len_ - jz .Lxts_dec_ret - - movdqa @tweak[5],@tweak[0] - paddq @tweak[5],@tweak[5] # psllq 1,$tweak - pand $twmask,@tweak[1] # isolate carry and residue - pxor @tweak[5],@tweak[1] - jmp .Lxts_dec_done2 - -.align 16 -.Lxts_dec_one: - movups ($inp),$inout0 - lea 16*1($inp),$inp # $inp+=1*16 - xorps @tweak[0],$inout0 -___ - &aesni_generate1("dec",$key,$rounds); -$code.=<<___; - xorps @tweak[0],$inout0 - movdqa @tweak[1],@tweak[0] - movups $inout0,($out) # store one output block - movdqa @tweak[2],@tweak[1] - lea 16*1($out),$out # $out+=1*16 - jmp .Lxts_dec_done - -.align 16 -.Lxts_dec_two: - movups ($inp),$inout0 - movups 16($inp),$inout1 - lea 32($inp),$inp # $inp+=2*16 - xorps @tweak[0],$inout0 - xorps @tweak[1],$inout1 - - call _aesni_decrypt2 - - xorps @tweak[0],$inout0 - movdqa @tweak[2],@tweak[0] - xorps @tweak[1],$inout1 - movdqa @tweak[3],@tweak[1] - movups $inout0,($out) # store 2 output blocks - movups $inout1,16*1($out) - lea 16*2($out),$out # $out+=2*16 - jmp .Lxts_dec_done - -.align 16 -.Lxts_dec_three: - movups ($inp),$inout0 - movups 16*1($inp),$inout1 - movups 16*2($inp),$inout2 - lea 16*3($inp),$inp # $inp+=3*16 - xorps @tweak[0],$inout0 - xorps @tweak[1],$inout1 - xorps @tweak[2],$inout2 - - call _aesni_decrypt3 - - xorps @tweak[0],$inout0 - movdqa @tweak[3],@tweak[0] - xorps @tweak[1],$inout1 - movdqa @tweak[4],@tweak[1] - xorps @tweak[2],$inout2 - movups $inout0,($out) # store 3 output blocks - movups $inout1,16*1($out) - movups $inout2,16*2($out) - lea 16*3($out),$out # $out+=3*16 - jmp .Lxts_dec_done - -.align 16 -.Lxts_dec_four: - movups ($inp),$inout0 - movups 16*1($inp),$inout1 - movups 16*2($inp),$inout2 - xorps @tweak[0],$inout0 - movups 16*3($inp),$inout3 - lea 16*4($inp),$inp # $inp+=4*16 - xorps @tweak[1],$inout1 - xorps @tweak[2],$inout2 - xorps @tweak[3],$inout3 - - call _aesni_decrypt4 - - pxor @tweak[0],$inout0 - movdqa @tweak[4],@tweak[0] - pxor @tweak[1],$inout1 - movdqa @tweak[5],@tweak[1] - pxor @tweak[2],$inout2 - movdqu $inout0,($out) # store 4 output blocks - pxor @tweak[3],$inout3 - movdqu $inout1,16*1($out) - movdqu $inout2,16*2($out) - movdqu $inout3,16*3($out) - lea 16*4($out),$out # $out+=4*16 - jmp .Lxts_dec_done - -.align 16 -.Lxts_dec_done: - and \$15,$len_ # see if $len%16 is 0 - jz .Lxts_dec_ret -.Lxts_dec_done2: - mov $len_,$len - mov $key_,$key # restore $key - mov $rnds_,$rounds # restore $rounds - - movups ($inp),$inout0 - xorps @tweak[1],$inout0 -___ - &aesni_generate1("dec",$key,$rounds); -$code.=<<___; - xorps @tweak[1],$inout0 - movups $inout0,($out) - -.Lxts_dec_steal: - movzb 16($inp),%eax # borrow $rounds ... - movzb ($out),%ecx # ... and $key - lea 1($inp),$inp - mov %al,($out) - mov %cl,16($out) - lea 1($out),$out - sub \$1,$len - jnz .Lxts_dec_steal - - sub $len_,$out # rewind $out - mov $key_,$key # restore $key - mov $rnds_,$rounds # restore $rounds - - movups ($out),$inout0 - xorps @tweak[0],$inout0 -___ - &aesni_generate1("dec",$key,$rounds); -$code.=<<___; - xorps @tweak[0],$inout0 - movups $inout0,($out) - -.Lxts_dec_ret: - xorps %xmm0,%xmm0 # clear register bank - pxor %xmm1,%xmm1 - pxor %xmm2,%xmm2 - pxor %xmm3,%xmm3 - pxor %xmm4,%xmm4 - pxor %xmm5,%xmm5 -___ -$code.=<<___ if (!$win64); - pxor %xmm6,%xmm6 - pxor %xmm7,%xmm7 - movaps %xmm0,0x00(%rsp) # clear stack - pxor %xmm8,%xmm8 - movaps %xmm0,0x10(%rsp) - pxor %xmm9,%xmm9 - movaps %xmm0,0x20(%rsp) - pxor %xmm10,%xmm10 - movaps %xmm0,0x30(%rsp) - pxor %xmm11,%xmm11 - movaps %xmm0,0x40(%rsp) - pxor %xmm12,%xmm12 - movaps %xmm0,0x50(%rsp) - pxor %xmm13,%xmm13 - movaps %xmm0,0x60(%rsp) - pxor %xmm14,%xmm14 - pxor %xmm15,%xmm15 -___ -$code.=<<___ if ($win64); - movaps -0xa8(%r11),%xmm6 - movaps %xmm0,-0xa8(%r11) # clear stack - movaps -0x98(%r11),%xmm7 - movaps %xmm0,-0x98(%r11) - movaps -0x88(%r11),%xmm8 - movaps %xmm0,-0x88(%r11) - movaps -0x78(%r11),%xmm9 - movaps %xmm0,-0x78(%r11) - movaps -0x68(%r11),%xmm10 - movaps %xmm0,-0x68(%r11) - movaps -0x58(%r11),%xmm11 - movaps %xmm0,-0x58(%r11) - movaps -0x48(%r11),%xmm12 - movaps %xmm0,-0x48(%r11) - movaps -0x38(%r11),%xmm13 - movaps %xmm0,-0x38(%r11) - movaps -0x28(%r11),%xmm14 - movaps %xmm0,-0x28(%r11) - movaps -0x18(%r11),%xmm15 - movaps %xmm0,-0x18(%r11) - movaps %xmm0,0x00(%rsp) - movaps %xmm0,0x10(%rsp) - movaps %xmm0,0x20(%rsp) - movaps %xmm0,0x30(%rsp) - movaps %xmm0,0x40(%rsp) - movaps %xmm0,0x50(%rsp) - movaps %xmm0,0x60(%rsp) -___ -$code.=<<___; - mov -8(%r11),%rbp -.cfi_restore %rbp - lea (%r11),%rsp -.cfi_def_cfa_register %rsp -.Lxts_dec_epilogue: - ret -.cfi_endproc -.size aesni_xts_decrypt,.-aesni_xts_decrypt -___ -} - -###################################################################### -# void aesni_ocb_[en|de]crypt(const char *inp, char *out, size_t blocks, -# const AES_KEY *key, unsigned int start_block_num, -# unsigned char offset_i[16], const unsigned char L_[][16], -# unsigned char checksum[16]); -# -{ -my @offset=map("%xmm$_",(10..15)); -my ($checksum,$rndkey0l)=("%xmm8","%xmm9"); -my ($block_num,$offset_p)=("%r8","%r9"); # 5th and 6th arguments -my ($L_p,$checksum_p) = ("%rbx","%rbp"); -my ($i1,$i3,$i5) = ("%r12","%r13","%r14"); -my $seventh_arg = $win64 ? 56 : 8; -my $blocks = $len; - -$code.=<<___; -.globl aesni_ocb_encrypt -.type aesni_ocb_encrypt,\@function,6 -.align 32 -aesni_ocb_encrypt: -.cfi_startproc - endbranch - lea (%rsp),%rax - push %rbx -.cfi_push %rbx - push %rbp -.cfi_push %rbp - push %r12 -.cfi_push %r12 - push %r13 -.cfi_push %r13 - push %r14 -.cfi_push %r14 -___ -$code.=<<___ if ($win64); - lea -0xa0(%rsp),%rsp - movaps %xmm6,0x00(%rsp) # offload everything - movaps %xmm7,0x10(%rsp) - movaps %xmm8,0x20(%rsp) - movaps %xmm9,0x30(%rsp) - movaps %xmm10,0x40(%rsp) - movaps %xmm11,0x50(%rsp) - movaps %xmm12,0x60(%rsp) - movaps %xmm13,0x70(%rsp) - movaps %xmm14,0x80(%rsp) - movaps %xmm15,0x90(%rsp) -.Locb_enc_body: -___ -$code.=<<___; - mov $seventh_arg(%rax),$L_p # 7th argument - mov $seventh_arg+8(%rax),$checksum_p# 8th argument - - mov 240($key),$rnds_ - mov $key,$key_ - shl \$4,$rnds_ - $movkey ($key),$rndkey0l # round[0] - $movkey 16($key,$rnds_),$rndkey1 # round[last] - - movdqu ($offset_p),@offset[5] # load last offset_i - pxor $rndkey1,$rndkey0l # round[0] ^ round[last] - pxor $rndkey1,@offset[5] # offset_i ^ round[last] - - mov \$16+32,$rounds - lea 32($key_,$rnds_),$key - $movkey 16($key_),$rndkey1 # round[1] - sub %r10,%rax # twisted $rounds - mov %rax,%r10 # backup twisted $rounds - - movdqu ($L_p),@offset[0] # L_0 for all odd-numbered blocks - movdqu ($checksum_p),$checksum # load checksum - - test \$1,$block_num # is first block number odd? - jnz .Locb_enc_odd - - bsf $block_num,$i1 - add \$1,$block_num - shl \$4,$i1 - movdqu ($L_p,$i1),$inout5 # borrow - movdqu ($inp),$inout0 - lea 16($inp),$inp - - call __ocb_encrypt1 - - movdqa $inout5,@offset[5] - movups $inout0,($out) - lea 16($out),$out - sub \$1,$blocks - jz .Locb_enc_done - -.Locb_enc_odd: - lea 1($block_num),$i1 # even-numbered blocks - lea 3($block_num),$i3 - lea 5($block_num),$i5 - lea 6($block_num),$block_num - bsf $i1,$i1 # ntz(block) - bsf $i3,$i3 - bsf $i5,$i5 - shl \$4,$i1 # ntz(block) -> table offset - shl \$4,$i3 - shl \$4,$i5 - - sub \$6,$blocks - jc .Locb_enc_short - jmp .Locb_enc_grandloop - -.align 32 -.Locb_enc_grandloop: - movdqu `16*0`($inp),$inout0 # load input - movdqu `16*1`($inp),$inout1 - movdqu `16*2`($inp),$inout2 - movdqu `16*3`($inp),$inout3 - movdqu `16*4`($inp),$inout4 - movdqu `16*5`($inp),$inout5 - lea `16*6`($inp),$inp - - call __ocb_encrypt6 - - movups $inout0,`16*0`($out) # store output - movups $inout1,`16*1`($out) - movups $inout2,`16*2`($out) - movups $inout3,`16*3`($out) - movups $inout4,`16*4`($out) - movups $inout5,`16*5`($out) - lea `16*6`($out),$out - sub \$6,$blocks - jnc .Locb_enc_grandloop - -.Locb_enc_short: - add \$6,$blocks - jz .Locb_enc_done - - movdqu `16*0`($inp),$inout0 - cmp \$2,$blocks - jb .Locb_enc_one - movdqu `16*1`($inp),$inout1 - je .Locb_enc_two - - movdqu `16*2`($inp),$inout2 - cmp \$4,$blocks - jb .Locb_enc_three - movdqu `16*3`($inp),$inout3 - je .Locb_enc_four - - movdqu `16*4`($inp),$inout4 - pxor $inout5,$inout5 - - call __ocb_encrypt6 - - movdqa @offset[4],@offset[5] - movups $inout0,`16*0`($out) - movups $inout1,`16*1`($out) - movups $inout2,`16*2`($out) - movups $inout3,`16*3`($out) - movups $inout4,`16*4`($out) - - jmp .Locb_enc_done - -.align 16 -.Locb_enc_one: - movdqa @offset[0],$inout5 # borrow - - call __ocb_encrypt1 - - movdqa $inout5,@offset[5] - movups $inout0,`16*0`($out) - jmp .Locb_enc_done - -.align 16 -.Locb_enc_two: - pxor $inout2,$inout2 - pxor $inout3,$inout3 - - call __ocb_encrypt4 - - movdqa @offset[1],@offset[5] - movups $inout0,`16*0`($out) - movups $inout1,`16*1`($out) - - jmp .Locb_enc_done - -.align 16 -.Locb_enc_three: - pxor $inout3,$inout3 - - call __ocb_encrypt4 - - movdqa @offset[2],@offset[5] - movups $inout0,`16*0`($out) - movups $inout1,`16*1`($out) - movups $inout2,`16*2`($out) - - jmp .Locb_enc_done - -.align 16 -.Locb_enc_four: - call __ocb_encrypt4 - - movdqa @offset[3],@offset[5] - movups $inout0,`16*0`($out) - movups $inout1,`16*1`($out) - movups $inout2,`16*2`($out) - movups $inout3,`16*3`($out) - -.Locb_enc_done: - pxor $rndkey0,@offset[5] # "remove" round[last] - movdqu $checksum,($checksum_p) # store checksum - movdqu @offset[5],($offset_p) # store last offset_i - - xorps %xmm0,%xmm0 # clear register bank - pxor %xmm1,%xmm1 - pxor %xmm2,%xmm2 - pxor %xmm3,%xmm3 - pxor %xmm4,%xmm4 - pxor %xmm5,%xmm5 -___ -$code.=<<___ if (!$win64); - pxor %xmm6,%xmm6 - pxor %xmm7,%xmm7 - pxor %xmm8,%xmm8 - pxor %xmm9,%xmm9 - pxor %xmm10,%xmm10 - pxor %xmm11,%xmm11 - pxor %xmm12,%xmm12 - pxor %xmm13,%xmm13 - pxor %xmm14,%xmm14 - pxor %xmm15,%xmm15 - lea 0x28(%rsp),%rax -.cfi_def_cfa %rax,8 -___ -$code.=<<___ if ($win64); - movaps 0x00(%rsp),%xmm6 - movaps %xmm0,0x00(%rsp) # clear stack - movaps 0x10(%rsp),%xmm7 - movaps %xmm0,0x10(%rsp) - movaps 0x20(%rsp),%xmm8 - movaps %xmm0,0x20(%rsp) - movaps 0x30(%rsp),%xmm9 - movaps %xmm0,0x30(%rsp) - movaps 0x40(%rsp),%xmm10 - movaps %xmm0,0x40(%rsp) - movaps 0x50(%rsp),%xmm11 - movaps %xmm0,0x50(%rsp) - movaps 0x60(%rsp),%xmm12 - movaps %xmm0,0x60(%rsp) - movaps 0x70(%rsp),%xmm13 - movaps %xmm0,0x70(%rsp) - movaps 0x80(%rsp),%xmm14 - movaps %xmm0,0x80(%rsp) - movaps 0x90(%rsp),%xmm15 - movaps %xmm0,0x90(%rsp) - lea 0xa0+0x28(%rsp),%rax -.Locb_enc_pop: -___ -$code.=<<___; - mov -40(%rax),%r14 -.cfi_restore %r14 - mov -32(%rax),%r13 -.cfi_restore %r13 - mov -24(%rax),%r12 -.cfi_restore %r12 - mov -16(%rax),%rbp -.cfi_restore %rbp - mov -8(%rax),%rbx -.cfi_restore %rbx - lea (%rax),%rsp -.cfi_def_cfa_register %rsp -.Locb_enc_epilogue: - ret -.cfi_endproc -.size aesni_ocb_encrypt,.-aesni_ocb_encrypt - -.type __ocb_encrypt6,\@abi-omnipotent -.align 32 -__ocb_encrypt6: -.cfi_startproc - pxor $rndkey0l,@offset[5] # offset_i ^ round[0] - movdqu ($L_p,$i1),@offset[1] - movdqa @offset[0],@offset[2] - movdqu ($L_p,$i3),@offset[3] - movdqa @offset[0],@offset[4] - pxor @offset[5],@offset[0] - movdqu ($L_p,$i5),@offset[5] - pxor @offset[0],@offset[1] - pxor $inout0,$checksum # accumulate checksum - pxor @offset[0],$inout0 # input ^ round[0] ^ offset_i - pxor @offset[1],@offset[2] - pxor $inout1,$checksum - pxor @offset[1],$inout1 - pxor @offset[2],@offset[3] - pxor $inout2,$checksum - pxor @offset[2],$inout2 - pxor @offset[3],@offset[4] - pxor $inout3,$checksum - pxor @offset[3],$inout3 - pxor @offset[4],@offset[5] - pxor $inout4,$checksum - pxor @offset[4],$inout4 - pxor $inout5,$checksum - pxor @offset[5],$inout5 - $movkey 32($key_),$rndkey0 - - lea 1($block_num),$i1 # even-numbered blocks - lea 3($block_num),$i3 - lea 5($block_num),$i5 - add \$6,$block_num - pxor $rndkey0l,@offset[0] # offset_i ^ round[last] - bsf $i1,$i1 # ntz(block) - bsf $i3,$i3 - bsf $i5,$i5 - - aesenc $rndkey1,$inout0 - aesenc $rndkey1,$inout1 - aesenc $rndkey1,$inout2 - aesenc $rndkey1,$inout3 - pxor $rndkey0l,@offset[1] - pxor $rndkey0l,@offset[2] - aesenc $rndkey1,$inout4 - pxor $rndkey0l,@offset[3] - pxor $rndkey0l,@offset[4] - aesenc $rndkey1,$inout5 - $movkey 48($key_),$rndkey1 - pxor $rndkey0l,@offset[5] - - aesenc $rndkey0,$inout0 - aesenc $rndkey0,$inout1 - aesenc $rndkey0,$inout2 - aesenc $rndkey0,$inout3 - aesenc $rndkey0,$inout4 - aesenc $rndkey0,$inout5 - $movkey 64($key_),$rndkey0 - shl \$4,$i1 # ntz(block) -> table offset - shl \$4,$i3 - jmp .Locb_enc_loop6 - -.align 32 -.Locb_enc_loop6: - aesenc $rndkey1,$inout0 - aesenc $rndkey1,$inout1 - aesenc $rndkey1,$inout2 - aesenc $rndkey1,$inout3 - aesenc $rndkey1,$inout4 - aesenc $rndkey1,$inout5 - $movkey ($key,%rax),$rndkey1 - add \$32,%rax - - aesenc $rndkey0,$inout0 - aesenc $rndkey0,$inout1 - aesenc $rndkey0,$inout2 - aesenc $rndkey0,$inout3 - aesenc $rndkey0,$inout4 - aesenc $rndkey0,$inout5 - $movkey -16($key,%rax),$rndkey0 - jnz .Locb_enc_loop6 - - aesenc $rndkey1,$inout0 - aesenc $rndkey1,$inout1 - aesenc $rndkey1,$inout2 - aesenc $rndkey1,$inout3 - aesenc $rndkey1,$inout4 - aesenc $rndkey1,$inout5 - $movkey 16($key_),$rndkey1 - shl \$4,$i5 - - aesenclast @offset[0],$inout0 - movdqu ($L_p),@offset[0] # L_0 for all odd-numbered blocks - mov %r10,%rax # restore twisted rounds - aesenclast @offset[1],$inout1 - aesenclast @offset[2],$inout2 - aesenclast @offset[3],$inout3 - aesenclast @offset[4],$inout4 - aesenclast @offset[5],$inout5 - ret -.cfi_endproc -.size __ocb_encrypt6,.-__ocb_encrypt6 - -.type __ocb_encrypt4,\@abi-omnipotent -.align 32 -__ocb_encrypt4: -.cfi_startproc - pxor $rndkey0l,@offset[5] # offset_i ^ round[0] - movdqu ($L_p,$i1),@offset[1] - movdqa @offset[0],@offset[2] - movdqu ($L_p,$i3),@offset[3] - pxor @offset[5],@offset[0] - pxor @offset[0],@offset[1] - pxor $inout0,$checksum # accumulate checksum - pxor @offset[0],$inout0 # input ^ round[0] ^ offset_i - pxor @offset[1],@offset[2] - pxor $inout1,$checksum - pxor @offset[1],$inout1 - pxor @offset[2],@offset[3] - pxor $inout2,$checksum - pxor @offset[2],$inout2 - pxor $inout3,$checksum - pxor @offset[3],$inout3 - $movkey 32($key_),$rndkey0 - - pxor $rndkey0l,@offset[0] # offset_i ^ round[last] - pxor $rndkey0l,@offset[1] - pxor $rndkey0l,@offset[2] - pxor $rndkey0l,@offset[3] - - aesenc $rndkey1,$inout0 - aesenc $rndkey1,$inout1 - aesenc $rndkey1,$inout2 - aesenc $rndkey1,$inout3 - $movkey 48($key_),$rndkey1 - - aesenc $rndkey0,$inout0 - aesenc $rndkey0,$inout1 - aesenc $rndkey0,$inout2 - aesenc $rndkey0,$inout3 - $movkey 64($key_),$rndkey0 - jmp .Locb_enc_loop4 - -.align 32 -.Locb_enc_loop4: - aesenc $rndkey1,$inout0 - aesenc $rndkey1,$inout1 - aesenc $rndkey1,$inout2 - aesenc $rndkey1,$inout3 - $movkey ($key,%rax),$rndkey1 - add \$32,%rax - - aesenc $rndkey0,$inout0 - aesenc $rndkey0,$inout1 - aesenc $rndkey0,$inout2 - aesenc $rndkey0,$inout3 - $movkey -16($key,%rax),$rndkey0 - jnz .Locb_enc_loop4 - - aesenc $rndkey1,$inout0 - aesenc $rndkey1,$inout1 - aesenc $rndkey1,$inout2 - aesenc $rndkey1,$inout3 - $movkey 16($key_),$rndkey1 - mov %r10,%rax # restore twisted rounds - - aesenclast @offset[0],$inout0 - aesenclast @offset[1],$inout1 - aesenclast @offset[2],$inout2 - aesenclast @offset[3],$inout3 - ret -.cfi_endproc -.size __ocb_encrypt4,.-__ocb_encrypt4 - -.type __ocb_encrypt1,\@abi-omnipotent -.align 32 -__ocb_encrypt1: -.cfi_startproc - pxor @offset[5],$inout5 # offset_i - pxor $rndkey0l,$inout5 # offset_i ^ round[0] - pxor $inout0,$checksum # accumulate checksum - pxor $inout5,$inout0 # input ^ round[0] ^ offset_i - $movkey 32($key_),$rndkey0 - - aesenc $rndkey1,$inout0 - $movkey 48($key_),$rndkey1 - pxor $rndkey0l,$inout5 # offset_i ^ round[last] - - aesenc $rndkey0,$inout0 - $movkey 64($key_),$rndkey0 - jmp .Locb_enc_loop1 - -.align 32 -.Locb_enc_loop1: - aesenc $rndkey1,$inout0 - $movkey ($key,%rax),$rndkey1 - add \$32,%rax - - aesenc $rndkey0,$inout0 - $movkey -16($key,%rax),$rndkey0 - jnz .Locb_enc_loop1 - - aesenc $rndkey1,$inout0 - $movkey 16($key_),$rndkey1 # redundant in tail - mov %r10,%rax # restore twisted rounds - - aesenclast $inout5,$inout0 - ret -.cfi_endproc -.size __ocb_encrypt1,.-__ocb_encrypt1 - -.globl aesni_ocb_decrypt -.type aesni_ocb_decrypt,\@function,6 -.align 32 -aesni_ocb_decrypt: -.cfi_startproc - endbranch - lea (%rsp),%rax - push %rbx -.cfi_push %rbx - push %rbp -.cfi_push %rbp - push %r12 -.cfi_push %r12 - push %r13 -.cfi_push %r13 - push %r14 -.cfi_push %r14 -___ -$code.=<<___ if ($win64); - lea -0xa0(%rsp),%rsp - movaps %xmm6,0x00(%rsp) # offload everything - movaps %xmm7,0x10(%rsp) - movaps %xmm8,0x20(%rsp) - movaps %xmm9,0x30(%rsp) - movaps %xmm10,0x40(%rsp) - movaps %xmm11,0x50(%rsp) - movaps %xmm12,0x60(%rsp) - movaps %xmm13,0x70(%rsp) - movaps %xmm14,0x80(%rsp) - movaps %xmm15,0x90(%rsp) -.Locb_dec_body: -___ -$code.=<<___; - mov $seventh_arg(%rax),$L_p # 7th argument - mov $seventh_arg+8(%rax),$checksum_p# 8th argument - - mov 240($key),$rnds_ - mov $key,$key_ - shl \$4,$rnds_ - $movkey ($key),$rndkey0l # round[0] - $movkey 16($key,$rnds_),$rndkey1 # round[last] - - movdqu ($offset_p),@offset[5] # load last offset_i - pxor $rndkey1,$rndkey0l # round[0] ^ round[last] - pxor $rndkey1,@offset[5] # offset_i ^ round[last] - - mov \$16+32,$rounds - lea 32($key_,$rnds_),$key - $movkey 16($key_),$rndkey1 # round[1] - sub %r10,%rax # twisted $rounds - mov %rax,%r10 # backup twisted $rounds - - movdqu ($L_p),@offset[0] # L_0 for all odd-numbered blocks - movdqu ($checksum_p),$checksum # load checksum - - test \$1,$block_num # is first block number odd? - jnz .Locb_dec_odd - - bsf $block_num,$i1 - add \$1,$block_num - shl \$4,$i1 - movdqu ($L_p,$i1),$inout5 # borrow - movdqu ($inp),$inout0 - lea 16($inp),$inp - - call __ocb_decrypt1 - - movdqa $inout5,@offset[5] - movups $inout0,($out) - xorps $inout0,$checksum # accumulate checksum - lea 16($out),$out - sub \$1,$blocks - jz .Locb_dec_done - -.Locb_dec_odd: - lea 1($block_num),$i1 # even-numbered blocks - lea 3($block_num),$i3 - lea 5($block_num),$i5 - lea 6($block_num),$block_num - bsf $i1,$i1 # ntz(block) - bsf $i3,$i3 - bsf $i5,$i5 - shl \$4,$i1 # ntz(block) -> table offset - shl \$4,$i3 - shl \$4,$i5 - - sub \$6,$blocks - jc .Locb_dec_short - jmp .Locb_dec_grandloop - -.align 32 -.Locb_dec_grandloop: - movdqu `16*0`($inp),$inout0 # load input - movdqu `16*1`($inp),$inout1 - movdqu `16*2`($inp),$inout2 - movdqu `16*3`($inp),$inout3 - movdqu `16*4`($inp),$inout4 - movdqu `16*5`($inp),$inout5 - lea `16*6`($inp),$inp - - call __ocb_decrypt6 - - movups $inout0,`16*0`($out) # store output - pxor $inout0,$checksum # accumulate checksum - movups $inout1,`16*1`($out) - pxor $inout1,$checksum - movups $inout2,`16*2`($out) - pxor $inout2,$checksum - movups $inout3,`16*3`($out) - pxor $inout3,$checksum - movups $inout4,`16*4`($out) - pxor $inout4,$checksum - movups $inout5,`16*5`($out) - pxor $inout5,$checksum - lea `16*6`($out),$out - sub \$6,$blocks - jnc .Locb_dec_grandloop - -.Locb_dec_short: - add \$6,$blocks - jz .Locb_dec_done - - movdqu `16*0`($inp),$inout0 - cmp \$2,$blocks - jb .Locb_dec_one - movdqu `16*1`($inp),$inout1 - je .Locb_dec_two - - movdqu `16*2`($inp),$inout2 - cmp \$4,$blocks - jb .Locb_dec_three - movdqu `16*3`($inp),$inout3 - je .Locb_dec_four - - movdqu `16*4`($inp),$inout4 - pxor $inout5,$inout5 - - call __ocb_decrypt6 - - movdqa @offset[4],@offset[5] - movups $inout0,`16*0`($out) # store output - pxor $inout0,$checksum # accumulate checksum - movups $inout1,`16*1`($out) - pxor $inout1,$checksum - movups $inout2,`16*2`($out) - pxor $inout2,$checksum - movups $inout3,`16*3`($out) - pxor $inout3,$checksum - movups $inout4,`16*4`($out) - pxor $inout4,$checksum - - jmp .Locb_dec_done - -.align 16 -.Locb_dec_one: - movdqa @offset[0],$inout5 # borrow - - call __ocb_decrypt1 - - movdqa $inout5,@offset[5] - movups $inout0,`16*0`($out) # store output - xorps $inout0,$checksum # accumulate checksum - jmp .Locb_dec_done - -.align 16 -.Locb_dec_two: - pxor $inout2,$inout2 - pxor $inout3,$inout3 - - call __ocb_decrypt4 - - movdqa @offset[1],@offset[5] - movups $inout0,`16*0`($out) # store output - xorps $inout0,$checksum # accumulate checksum - movups $inout1,`16*1`($out) - xorps $inout1,$checksum - - jmp .Locb_dec_done - -.align 16 -.Locb_dec_three: - pxor $inout3,$inout3 - - call __ocb_decrypt4 - - movdqa @offset[2],@offset[5] - movups $inout0,`16*0`($out) # store output - xorps $inout0,$checksum # accumulate checksum - movups $inout1,`16*1`($out) - xorps $inout1,$checksum - movups $inout2,`16*2`($out) - xorps $inout2,$checksum - - jmp .Locb_dec_done - -.align 16 -.Locb_dec_four: - call __ocb_decrypt4 - - movdqa @offset[3],@offset[5] - movups $inout0,`16*0`($out) # store output - pxor $inout0,$checksum # accumulate checksum - movups $inout1,`16*1`($out) - pxor $inout1,$checksum - movups $inout2,`16*2`($out) - pxor $inout2,$checksum - movups $inout3,`16*3`($out) - pxor $inout3,$checksum - -.Locb_dec_done: - pxor $rndkey0,@offset[5] # "remove" round[last] - movdqu $checksum,($checksum_p) # store checksum - movdqu @offset[5],($offset_p) # store last offset_i - - xorps %xmm0,%xmm0 # clear register bank - pxor %xmm1,%xmm1 - pxor %xmm2,%xmm2 - pxor %xmm3,%xmm3 - pxor %xmm4,%xmm4 - pxor %xmm5,%xmm5 -___ -$code.=<<___ if (!$win64); - pxor %xmm6,%xmm6 - pxor %xmm7,%xmm7 - pxor %xmm8,%xmm8 - pxor %xmm9,%xmm9 - pxor %xmm10,%xmm10 - pxor %xmm11,%xmm11 - pxor %xmm12,%xmm12 - pxor %xmm13,%xmm13 - pxor %xmm14,%xmm14 - pxor %xmm15,%xmm15 - lea 0x28(%rsp),%rax -.cfi_def_cfa %rax,8 -___ -$code.=<<___ if ($win64); - movaps 0x00(%rsp),%xmm6 - movaps %xmm0,0x00(%rsp) # clear stack - movaps 0x10(%rsp),%xmm7 - movaps %xmm0,0x10(%rsp) - movaps 0x20(%rsp),%xmm8 - movaps %xmm0,0x20(%rsp) - movaps 0x30(%rsp),%xmm9 - movaps %xmm0,0x30(%rsp) - movaps 0x40(%rsp),%xmm10 - movaps %xmm0,0x40(%rsp) - movaps 0x50(%rsp),%xmm11 - movaps %xmm0,0x50(%rsp) - movaps 0x60(%rsp),%xmm12 - movaps %xmm0,0x60(%rsp) - movaps 0x70(%rsp),%xmm13 - movaps %xmm0,0x70(%rsp) - movaps 0x80(%rsp),%xmm14 - movaps %xmm0,0x80(%rsp) - movaps 0x90(%rsp),%xmm15 - movaps %xmm0,0x90(%rsp) - lea 0xa0+0x28(%rsp),%rax -.Locb_dec_pop: -___ -$code.=<<___; - mov -40(%rax),%r14 -.cfi_restore %r14 - mov -32(%rax),%r13 -.cfi_restore %r13 - mov -24(%rax),%r12 -.cfi_restore %r12 - mov -16(%rax),%rbp -.cfi_restore %rbp - mov -8(%rax),%rbx -.cfi_restore %rbx - lea (%rax),%rsp -.cfi_def_cfa_register %rsp -.Locb_dec_epilogue: - ret -.cfi_endproc -.size aesni_ocb_decrypt,.-aesni_ocb_decrypt - -.type __ocb_decrypt6,\@abi-omnipotent -.align 32 -__ocb_decrypt6: -.cfi_startproc - pxor $rndkey0l,@offset[5] # offset_i ^ round[0] - movdqu ($L_p,$i1),@offset[1] - movdqa @offset[0],@offset[2] - movdqu ($L_p,$i3),@offset[3] - movdqa @offset[0],@offset[4] - pxor @offset[5],@offset[0] - movdqu ($L_p,$i5),@offset[5] - pxor @offset[0],@offset[1] - pxor @offset[0],$inout0 # input ^ round[0] ^ offset_i - pxor @offset[1],@offset[2] - pxor @offset[1],$inout1 - pxor @offset[2],@offset[3] - pxor @offset[2],$inout2 - pxor @offset[3],@offset[4] - pxor @offset[3],$inout3 - pxor @offset[4],@offset[5] - pxor @offset[4],$inout4 - pxor @offset[5],$inout5 - $movkey 32($key_),$rndkey0 - - lea 1($block_num),$i1 # even-numbered blocks - lea 3($block_num),$i3 - lea 5($block_num),$i5 - add \$6,$block_num - pxor $rndkey0l,@offset[0] # offset_i ^ round[last] - bsf $i1,$i1 # ntz(block) - bsf $i3,$i3 - bsf $i5,$i5 - - aesdec $rndkey1,$inout0 - aesdec $rndkey1,$inout1 - aesdec $rndkey1,$inout2 - aesdec $rndkey1,$inout3 - pxor $rndkey0l,@offset[1] - pxor $rndkey0l,@offset[2] - aesdec $rndkey1,$inout4 - pxor $rndkey0l,@offset[3] - pxor $rndkey0l,@offset[4] - aesdec $rndkey1,$inout5 - $movkey 48($key_),$rndkey1 - pxor $rndkey0l,@offset[5] - - aesdec $rndkey0,$inout0 - aesdec $rndkey0,$inout1 - aesdec $rndkey0,$inout2 - aesdec $rndkey0,$inout3 - aesdec $rndkey0,$inout4 - aesdec $rndkey0,$inout5 - $movkey 64($key_),$rndkey0 - shl \$4,$i1 # ntz(block) -> table offset - shl \$4,$i3 - jmp .Locb_dec_loop6 - -.align 32 -.Locb_dec_loop6: - aesdec $rndkey1,$inout0 - aesdec $rndkey1,$inout1 - aesdec $rndkey1,$inout2 - aesdec $rndkey1,$inout3 - aesdec $rndkey1,$inout4 - aesdec $rndkey1,$inout5 - $movkey ($key,%rax),$rndkey1 - add \$32,%rax - - aesdec $rndkey0,$inout0 - aesdec $rndkey0,$inout1 - aesdec $rndkey0,$inout2 - aesdec $rndkey0,$inout3 - aesdec $rndkey0,$inout4 - aesdec $rndkey0,$inout5 - $movkey -16($key,%rax),$rndkey0 - jnz .Locb_dec_loop6 - - aesdec $rndkey1,$inout0 - aesdec $rndkey1,$inout1 - aesdec $rndkey1,$inout2 - aesdec $rndkey1,$inout3 - aesdec $rndkey1,$inout4 - aesdec $rndkey1,$inout5 - $movkey 16($key_),$rndkey1 - shl \$4,$i5 - - aesdeclast @offset[0],$inout0 - movdqu ($L_p),@offset[0] # L_0 for all odd-numbered blocks - mov %r10,%rax # restore twisted rounds - aesdeclast @offset[1],$inout1 - aesdeclast @offset[2],$inout2 - aesdeclast @offset[3],$inout3 - aesdeclast @offset[4],$inout4 - aesdeclast @offset[5],$inout5 - ret -.cfi_endproc -.size __ocb_decrypt6,.-__ocb_decrypt6 - -.type __ocb_decrypt4,\@abi-omnipotent -.align 32 -__ocb_decrypt4: -.cfi_startproc - pxor $rndkey0l,@offset[5] # offset_i ^ round[0] - movdqu ($L_p,$i1),@offset[1] - movdqa @offset[0],@offset[2] - movdqu ($L_p,$i3),@offset[3] - pxor @offset[5],@offset[0] - pxor @offset[0],@offset[1] - pxor @offset[0],$inout0 # input ^ round[0] ^ offset_i - pxor @offset[1],@offset[2] - pxor @offset[1],$inout1 - pxor @offset[2],@offset[3] - pxor @offset[2],$inout2 - pxor @offset[3],$inout3 - $movkey 32($key_),$rndkey0 - - pxor $rndkey0l,@offset[0] # offset_i ^ round[last] - pxor $rndkey0l,@offset[1] - pxor $rndkey0l,@offset[2] - pxor $rndkey0l,@offset[3] - - aesdec $rndkey1,$inout0 - aesdec $rndkey1,$inout1 - aesdec $rndkey1,$inout2 - aesdec $rndkey1,$inout3 - $movkey 48($key_),$rndkey1 - - aesdec $rndkey0,$inout0 - aesdec $rndkey0,$inout1 - aesdec $rndkey0,$inout2 - aesdec $rndkey0,$inout3 - $movkey 64($key_),$rndkey0 - jmp .Locb_dec_loop4 - -.align 32 -.Locb_dec_loop4: - aesdec $rndkey1,$inout0 - aesdec $rndkey1,$inout1 - aesdec $rndkey1,$inout2 - aesdec $rndkey1,$inout3 - $movkey ($key,%rax),$rndkey1 - add \$32,%rax - - aesdec $rndkey0,$inout0 - aesdec $rndkey0,$inout1 - aesdec $rndkey0,$inout2 - aesdec $rndkey0,$inout3 - $movkey -16($key,%rax),$rndkey0 - jnz .Locb_dec_loop4 - - aesdec $rndkey1,$inout0 - aesdec $rndkey1,$inout1 - aesdec $rndkey1,$inout2 - aesdec $rndkey1,$inout3 - $movkey 16($key_),$rndkey1 - mov %r10,%rax # restore twisted rounds - - aesdeclast @offset[0],$inout0 - aesdeclast @offset[1],$inout1 - aesdeclast @offset[2],$inout2 - aesdeclast @offset[3],$inout3 - ret -.cfi_endproc -.size __ocb_decrypt4,.-__ocb_decrypt4 - -.type __ocb_decrypt1,\@abi-omnipotent -.align 32 -__ocb_decrypt1: -.cfi_startproc - pxor @offset[5],$inout5 # offset_i - pxor $rndkey0l,$inout5 # offset_i ^ round[0] - pxor $inout5,$inout0 # input ^ round[0] ^ offset_i - $movkey 32($key_),$rndkey0 - - aesdec $rndkey1,$inout0 - $movkey 48($key_),$rndkey1 - pxor $rndkey0l,$inout5 # offset_i ^ round[last] - - aesdec $rndkey0,$inout0 - $movkey 64($key_),$rndkey0 - jmp .Locb_dec_loop1 - -.align 32 -.Locb_dec_loop1: - aesdec $rndkey1,$inout0 - $movkey ($key,%rax),$rndkey1 - add \$32,%rax - - aesdec $rndkey0,$inout0 - $movkey -16($key,%rax),$rndkey0 - jnz .Locb_dec_loop1 - - aesdec $rndkey1,$inout0 - $movkey 16($key_),$rndkey1 # redundant in tail - mov %r10,%rax # restore twisted rounds - - aesdeclast $inout5,$inout0 - ret -.cfi_endproc -.size __ocb_decrypt1,.-__ocb_decrypt1 -___ -} }} - -######################################################################## -# void $PREFIX_cbc_encrypt (const void *inp, void *out, -# size_t length, const AES_KEY *key, -# unsigned char *ivp,const int enc); -{ -my $frame_size = 0x10 + ($win64?0xa0:0); # used in decrypt -my ($iv,$in0,$in1,$in2,$in3,$in4)=map("%xmm$_",(10..15)); - -$code.=<<___; -.globl ${PREFIX}_cbc_encrypt -.type ${PREFIX}_cbc_encrypt,\@function,6 -.align 16 -${PREFIX}_cbc_encrypt: -.cfi_startproc - endbranch - test $len,$len # check length - jz .Lcbc_ret - - mov 240($key),$rnds_ # key->rounds - mov $key,$key_ # backup $key - test %r9d,%r9d # 6th argument - jz .Lcbc_decrypt -#--------------------------- CBC ENCRYPT ------------------------------# - movups ($ivp),$inout0 # load iv as initial state - mov $rnds_,$rounds - cmp \$16,$len - jb .Lcbc_enc_tail - sub \$16,$len - jmp .Lcbc_enc_loop -.align 16 -.Lcbc_enc_loop: - movups ($inp),$inout1 # load input - lea 16($inp),$inp - #xorps $inout1,$inout0 -___ - &aesni_generate1("enc",$key,$rounds,$inout0,$inout1); -$code.=<<___; - mov $rnds_,$rounds # restore $rounds - mov $key_,$key # restore $key - movups $inout0,0($out) # store output - lea 16($out),$out - sub \$16,$len - jnc .Lcbc_enc_loop - add \$16,$len - jnz .Lcbc_enc_tail - pxor $rndkey0,$rndkey0 # clear register bank - pxor $rndkey1,$rndkey1 - movups $inout0,($ivp) - pxor $inout0,$inout0 - pxor $inout1,$inout1 - jmp .Lcbc_ret - -.Lcbc_enc_tail: - mov $len,%rcx # zaps $key - xchg $inp,$out # $inp is %rsi and $out is %rdi now - .long 0x9066A4F3 # rep movsb - mov \$16,%ecx # zero tail - sub $len,%rcx - xor %eax,%eax - .long 0x9066AAF3 # rep stosb - lea -16(%rdi),%rdi # rewind $out by 1 block - mov $rnds_,$rounds # restore $rounds - mov %rdi,%rsi # $inp and $out are the same - mov $key_,$key # restore $key - xor $len,$len # len=16 - jmp .Lcbc_enc_loop # one more spin - #--------------------------- CBC DECRYPT ------------------------------# -.align 16 -.Lcbc_decrypt: - cmp \$16,$len - jne .Lcbc_decrypt_bulk - - # handle single block without allocating stack frame, - # useful in ciphertext stealing mode - movdqu ($inp),$inout0 # load input - movdqu ($ivp),$inout1 # load iv - movdqa $inout0,$inout2 # future iv -___ - &aesni_generate1("dec",$key,$rnds_); -$code.=<<___; - pxor $rndkey0,$rndkey0 # clear register bank - pxor $rndkey1,$rndkey1 - movdqu $inout2,($ivp) # store iv - xorps $inout1,$inout0 # ^=iv - pxor $inout1,$inout1 - movups $inout0,($out) # store output - pxor $inout0,$inout0 - jmp .Lcbc_ret -.align 16 -.Lcbc_decrypt_bulk: - lea (%rsp),%r11 # frame pointer -.cfi_def_cfa_register %r11 - push %rbp -.cfi_push %rbp - sub \$$frame_size,%rsp - and \$-16,%rsp # Linux kernel stack can be incorrectly seeded -___ -$code.=<<___ if ($win64); - movaps %xmm6,0x10(%rsp) - movaps %xmm7,0x20(%rsp) - movaps %xmm8,0x30(%rsp) - movaps %xmm9,0x40(%rsp) - movaps %xmm10,0x50(%rsp) - movaps %xmm11,0x60(%rsp) - movaps %xmm12,0x70(%rsp) - movaps %xmm13,0x80(%rsp) - movaps %xmm14,0x90(%rsp) - movaps %xmm15,0xa0(%rsp) -.Lcbc_decrypt_body: -___ - -my $inp_=$key_="%rbp"; # reassign $key_ - -$code.=<<___; - mov $key,$key_ # [re-]backup $key [after reassignment] - movups ($ivp),$iv - mov $rnds_,$rounds - cmp \$0x50,$len - jbe .Lcbc_dec_tail - - $movkey ($key),$rndkey0 - movdqu 0x00($inp),$inout0 # load input - movdqu 0x10($inp),$inout1 - movdqa $inout0,$in0 - movdqu 0x20($inp),$inout2 - movdqa $inout1,$in1 - movdqu 0x30($inp),$inout3 - movdqa $inout2,$in2 - movdqu 0x40($inp),$inout4 - movdqa $inout3,$in3 - movdqu 0x50($inp),$inout5 - movdqa $inout4,$in4 - mov OPENSSL_ia32cap_P+4(%rip),%r9d - cmp \$0x70,$len - jbe .Lcbc_dec_six_or_seven - - and \$`1<<26|1<<22`,%r9d # isolate XSAVE+MOVBE - sub \$0x50,$len # $len is biased by -5*16 - cmp \$`1<<22`,%r9d # check for MOVBE without XSAVE - je .Lcbc_dec_loop6_enter # [which denotes Atom Silvermont] - sub \$0x20,$len # $len is biased by -7*16 - lea 0x70($key),$key # size optimization - jmp .Lcbc_dec_loop8_enter -.align 16 -.Lcbc_dec_loop8: - movups $inout7,($out) - lea 0x10($out),$out -.Lcbc_dec_loop8_enter: - movdqu 0x60($inp),$inout6 - pxor $rndkey0,$inout0 - movdqu 0x70($inp),$inout7 - pxor $rndkey0,$inout1 - $movkey 0x10-0x70($key),$rndkey1 - pxor $rndkey0,$inout2 - mov \$-1,$inp_ - cmp \$0x70,$len # is there at least 0x60 bytes ahead? - pxor $rndkey0,$inout3 - pxor $rndkey0,$inout4 - pxor $rndkey0,$inout5 - pxor $rndkey0,$inout6 - - aesdec $rndkey1,$inout0 - pxor $rndkey0,$inout7 - $movkey 0x20-0x70($key),$rndkey0 - aesdec $rndkey1,$inout1 - aesdec $rndkey1,$inout2 - aesdec $rndkey1,$inout3 - aesdec $rndkey1,$inout4 - aesdec $rndkey1,$inout5 - aesdec $rndkey1,$inout6 - adc \$0,$inp_ - and \$128,$inp_ - aesdec $rndkey1,$inout7 - add $inp,$inp_ - $movkey 0x30-0x70($key),$rndkey1 -___ -for($i=1;$i<12;$i++) { -my $rndkeyx = ($i&1)?$rndkey0:$rndkey1; -$code.=<<___ if ($i==7); - cmp \$11,$rounds -___ -$code.=<<___; - aesdec $rndkeyx,$inout0 - aesdec $rndkeyx,$inout1 - aesdec $rndkeyx,$inout2 - aesdec $rndkeyx,$inout3 - aesdec $rndkeyx,$inout4 - aesdec $rndkeyx,$inout5 - aesdec $rndkeyx,$inout6 - aesdec $rndkeyx,$inout7 - $movkey `0x30+0x10*$i`-0x70($key),$rndkeyx -___ -$code.=<<___ if ($i<6 || (!($i&1) && $i>7)); - nop -___ -$code.=<<___ if ($i==7); - jb .Lcbc_dec_done -___ -$code.=<<___ if ($i==9); - je .Lcbc_dec_done -___ -$code.=<<___ if ($i==11); - jmp .Lcbc_dec_done -___ -} -$code.=<<___; -.align 16 -.Lcbc_dec_done: - aesdec $rndkey1,$inout0 - aesdec $rndkey1,$inout1 - pxor $rndkey0,$iv - pxor $rndkey0,$in0 - aesdec $rndkey1,$inout2 - aesdec $rndkey1,$inout3 - pxor $rndkey0,$in1 - pxor $rndkey0,$in2 - aesdec $rndkey1,$inout4 - aesdec $rndkey1,$inout5 - pxor $rndkey0,$in3 - pxor $rndkey0,$in4 - aesdec $rndkey1,$inout6 - aesdec $rndkey1,$inout7 - movdqu 0x50($inp),$rndkey1 - - aesdeclast $iv,$inout0 - movdqu 0x60($inp),$iv # borrow $iv - pxor $rndkey0,$rndkey1 - aesdeclast $in0,$inout1 - pxor $rndkey0,$iv - movdqu 0x70($inp),$rndkey0 # next IV - aesdeclast $in1,$inout2 - lea 0x80($inp),$inp - movdqu 0x00($inp_),$in0 - aesdeclast $in2,$inout3 - aesdeclast $in3,$inout4 - movdqu 0x10($inp_),$in1 - movdqu 0x20($inp_),$in2 - aesdeclast $in4,$inout5 - aesdeclast $rndkey1,$inout6 - movdqu 0x30($inp_),$in3 - movdqu 0x40($inp_),$in4 - aesdeclast $iv,$inout7 - movdqa $rndkey0,$iv # return $iv - movdqu 0x50($inp_),$rndkey1 - $movkey -0x70($key),$rndkey0 - - movups $inout0,($out) # store output - movdqa $in0,$inout0 - movups $inout1,0x10($out) - movdqa $in1,$inout1 - movups $inout2,0x20($out) - movdqa $in2,$inout2 - movups $inout3,0x30($out) - movdqa $in3,$inout3 - movups $inout4,0x40($out) - movdqa $in4,$inout4 - movups $inout5,0x50($out) - movdqa $rndkey1,$inout5 - movups $inout6,0x60($out) - lea 0x70($out),$out - - sub \$0x80,$len - ja .Lcbc_dec_loop8 - - movaps $inout7,$inout0 - lea -0x70($key),$key - add \$0x70,$len - jle .Lcbc_dec_clear_tail_collected - movups $inout7,($out) - lea 0x10($out),$out - cmp \$0x50,$len - jbe .Lcbc_dec_tail - - movaps $in0,$inout0 -.Lcbc_dec_six_or_seven: - cmp \$0x60,$len - ja .Lcbc_dec_seven - - movaps $inout5,$inout6 - call _aesni_decrypt6 - pxor $iv,$inout0 # ^= IV - movaps $inout6,$iv - pxor $in0,$inout1 - movdqu $inout0,($out) - pxor $in1,$inout2 - movdqu $inout1,0x10($out) - pxor $inout1,$inout1 # clear register bank - pxor $in2,$inout3 - movdqu $inout2,0x20($out) - pxor $inout2,$inout2 - pxor $in3,$inout4 - movdqu $inout3,0x30($out) - pxor $inout3,$inout3 - pxor $in4,$inout5 - movdqu $inout4,0x40($out) - pxor $inout4,$inout4 - lea 0x50($out),$out - movdqa $inout5,$inout0 - pxor $inout5,$inout5 - jmp .Lcbc_dec_tail_collected - -.align 16 -.Lcbc_dec_seven: - movups 0x60($inp),$inout6 - xorps $inout7,$inout7 - call _aesni_decrypt8 - movups 0x50($inp),$inout7 - pxor $iv,$inout0 # ^= IV - movups 0x60($inp),$iv - pxor $in0,$inout1 - movdqu $inout0,($out) - pxor $in1,$inout2 - movdqu $inout1,0x10($out) - pxor $inout1,$inout1 # clear register bank - pxor $in2,$inout3 - movdqu $inout2,0x20($out) - pxor $inout2,$inout2 - pxor $in3,$inout4 - movdqu $inout3,0x30($out) - pxor $inout3,$inout3 - pxor $in4,$inout5 - movdqu $inout4,0x40($out) - pxor $inout4,$inout4 - pxor $inout7,$inout6 - movdqu $inout5,0x50($out) - pxor $inout5,$inout5 - lea 0x60($out),$out - movdqa $inout6,$inout0 - pxor $inout6,$inout6 - pxor $inout7,$inout7 - jmp .Lcbc_dec_tail_collected - -.align 16 -.Lcbc_dec_loop6: - movups $inout5,($out) - lea 0x10($out),$out - movdqu 0x00($inp),$inout0 # load input - movdqu 0x10($inp),$inout1 - movdqa $inout0,$in0 - movdqu 0x20($inp),$inout2 - movdqa $inout1,$in1 - movdqu 0x30($inp),$inout3 - movdqa $inout2,$in2 - movdqu 0x40($inp),$inout4 - movdqa $inout3,$in3 - movdqu 0x50($inp),$inout5 - movdqa $inout4,$in4 -.Lcbc_dec_loop6_enter: - lea 0x60($inp),$inp - movdqa $inout5,$inout6 - - call _aesni_decrypt6 - - pxor $iv,$inout0 # ^= IV - movdqa $inout6,$iv - pxor $in0,$inout1 - movdqu $inout0,($out) - pxor $in1,$inout2 - movdqu $inout1,0x10($out) - pxor $in2,$inout3 - movdqu $inout2,0x20($out) - pxor $in3,$inout4 - mov $key_,$key - movdqu $inout3,0x30($out) - pxor $in4,$inout5 - mov $rnds_,$rounds - movdqu $inout4,0x40($out) - lea 0x50($out),$out - sub \$0x60,$len - ja .Lcbc_dec_loop6 - - movdqa $inout5,$inout0 - add \$0x50,$len - jle .Lcbc_dec_clear_tail_collected - movups $inout5,($out) - lea 0x10($out),$out - -.Lcbc_dec_tail: - movups ($inp),$inout0 - sub \$0x10,$len - jbe .Lcbc_dec_one # $len is 1*16 or less - - movups 0x10($inp),$inout1 - movaps $inout0,$in0 - sub \$0x10,$len - jbe .Lcbc_dec_two # $len is 2*16 or less - - movups 0x20($inp),$inout2 - movaps $inout1,$in1 - sub \$0x10,$len - jbe .Lcbc_dec_three # $len is 3*16 or less - - movups 0x30($inp),$inout3 - movaps $inout2,$in2 - sub \$0x10,$len - jbe .Lcbc_dec_four # $len is 4*16 or less - - movups 0x40($inp),$inout4 # $len is 5*16 or less - movaps $inout3,$in3 - movaps $inout4,$in4 - xorps $inout5,$inout5 - call _aesni_decrypt6 - pxor $iv,$inout0 - movaps $in4,$iv - pxor $in0,$inout1 - movdqu $inout0,($out) - pxor $in1,$inout2 - movdqu $inout1,0x10($out) - pxor $inout1,$inout1 # clear register bank - pxor $in2,$inout3 - movdqu $inout2,0x20($out) - pxor $inout2,$inout2 - pxor $in3,$inout4 - movdqu $inout3,0x30($out) - pxor $inout3,$inout3 - lea 0x40($out),$out - movdqa $inout4,$inout0 - pxor $inout4,$inout4 - pxor $inout5,$inout5 - sub \$0x10,$len - jmp .Lcbc_dec_tail_collected - -.align 16 -.Lcbc_dec_one: - movaps $inout0,$in0 -___ - &aesni_generate1("dec",$key,$rounds); -$code.=<<___; - xorps $iv,$inout0 - movaps $in0,$iv - jmp .Lcbc_dec_tail_collected -.align 16 -.Lcbc_dec_two: - movaps $inout1,$in1 - call _aesni_decrypt2 - pxor $iv,$inout0 - movaps $in1,$iv - pxor $in0,$inout1 - movdqu $inout0,($out) - movdqa $inout1,$inout0 - pxor $inout1,$inout1 # clear register bank - lea 0x10($out),$out - jmp .Lcbc_dec_tail_collected -.align 16 -.Lcbc_dec_three: - movaps $inout2,$in2 - call _aesni_decrypt3 - pxor $iv,$inout0 - movaps $in2,$iv - pxor $in0,$inout1 - movdqu $inout0,($out) - pxor $in1,$inout2 - movdqu $inout1,0x10($out) - pxor $inout1,$inout1 # clear register bank - movdqa $inout2,$inout0 - pxor $inout2,$inout2 - lea 0x20($out),$out - jmp .Lcbc_dec_tail_collected -.align 16 -.Lcbc_dec_four: - movaps $inout3,$in3 - call _aesni_decrypt4 - pxor $iv,$inout0 - movaps $in3,$iv - pxor $in0,$inout1 - movdqu $inout0,($out) - pxor $in1,$inout2 - movdqu $inout1,0x10($out) - pxor $inout1,$inout1 # clear register bank - pxor $in2,$inout3 - movdqu $inout2,0x20($out) - pxor $inout2,$inout2 - movdqa $inout3,$inout0 - pxor $inout3,$inout3 - lea 0x30($out),$out - jmp .Lcbc_dec_tail_collected - -.align 16 -.Lcbc_dec_clear_tail_collected: - pxor $inout1,$inout1 # clear register bank - pxor $inout2,$inout2 - pxor $inout3,$inout3 -___ -$code.=<<___ if (!$win64); - pxor $inout4,$inout4 # %xmm6..9 - pxor $inout5,$inout5 - pxor $inout6,$inout6 - pxor $inout7,$inout7 -___ -$code.=<<___; -.Lcbc_dec_tail_collected: - movups $iv,($ivp) - and \$15,$len - jnz .Lcbc_dec_tail_partial - movups $inout0,($out) - pxor $inout0,$inout0 - jmp .Lcbc_dec_ret -.align 16 -.Lcbc_dec_tail_partial: - movaps $inout0,(%rsp) - pxor $inout0,$inout0 - mov \$16,%rcx - mov $out,%rdi - sub $len,%rcx - lea (%rsp),%rsi - .long 0x9066A4F3 # rep movsb - movdqa $inout0,(%rsp) - -.Lcbc_dec_ret: - xorps $rndkey0,$rndkey0 # %xmm0 - pxor $rndkey1,$rndkey1 -___ -$code.=<<___ if ($win64); - movaps 0x10(%rsp),%xmm6 - movaps %xmm0,0x10(%rsp) # clear stack - movaps 0x20(%rsp),%xmm7 - movaps %xmm0,0x20(%rsp) - movaps 0x30(%rsp),%xmm8 - movaps %xmm0,0x30(%rsp) - movaps 0x40(%rsp),%xmm9 - movaps %xmm0,0x40(%rsp) - movaps 0x50(%rsp),%xmm10 - movaps %xmm0,0x50(%rsp) - movaps 0x60(%rsp),%xmm11 - movaps %xmm0,0x60(%rsp) - movaps 0x70(%rsp),%xmm12 - movaps %xmm0,0x70(%rsp) - movaps 0x80(%rsp),%xmm13 - movaps %xmm0,0x80(%rsp) - movaps 0x90(%rsp),%xmm14 - movaps %xmm0,0x90(%rsp) - movaps 0xa0(%rsp),%xmm15 - movaps %xmm0,0xa0(%rsp) -___ -$code.=<<___; - mov -8(%r11),%rbp -.cfi_restore %rbp - lea (%r11),%rsp -.cfi_def_cfa_register %rsp -.Lcbc_ret: - ret -.cfi_endproc -.size ${PREFIX}_cbc_encrypt,.-${PREFIX}_cbc_encrypt -___ -} -# int ${PREFIX}_set_decrypt_key(const unsigned char *inp, -# int bits, AES_KEY *key) -# -# input: $inp user-supplied key -# $bits $inp length in bits -# $key pointer to key schedule -# output: %eax 0 denoting success, -1 or -2 - failure (see C) -# *$key key schedule -# -{ my ($inp,$bits,$key) = @_4args; - $bits =~ s/%r/%e/; - -$code.=<<___; -.globl ${PREFIX}_set_decrypt_key -.type ${PREFIX}_set_decrypt_key,\@abi-omnipotent -.align 16 -${PREFIX}_set_decrypt_key: -.cfi_startproc - .byte 0x48,0x83,0xEC,0x08 # sub rsp,8 -.cfi_adjust_cfa_offset 8 - call __aesni_set_encrypt_key - shl \$4,$bits # rounds-1 after _aesni_set_encrypt_key - test %eax,%eax - jnz .Ldec_key_ret - lea 16($key,$bits),$inp # points at the end of key schedule - - $movkey ($key),%xmm0 # just swap - $movkey ($inp),%xmm1 - $movkey %xmm0,($inp) - $movkey %xmm1,($key) - lea 16($key),$key - lea -16($inp),$inp - -.Ldec_key_inverse: - $movkey ($key),%xmm0 # swap and inverse - $movkey ($inp),%xmm1 - aesimc %xmm0,%xmm0 - aesimc %xmm1,%xmm1 - lea 16($key),$key - lea -16($inp),$inp - $movkey %xmm0,16($inp) - $movkey %xmm1,-16($key) - cmp $key,$inp - ja .Ldec_key_inverse - - $movkey ($key),%xmm0 # inverse middle - aesimc %xmm0,%xmm0 - pxor %xmm1,%xmm1 - $movkey %xmm0,($inp) - pxor %xmm0,%xmm0 -.Ldec_key_ret: - add \$8,%rsp -.cfi_adjust_cfa_offset -8 - ret -.cfi_endproc -.LSEH_end_set_decrypt_key: -.size ${PREFIX}_set_decrypt_key,.-${PREFIX}_set_decrypt_key -___ - -# This is based on submission from Intel by -# Huang Ying -# Vinodh Gopal -# Kahraman Akdemir -# -# Aggressively optimized in respect to aeskeygenassist's critical path -# and is contained in %xmm0-5 to meet Win64 ABI requirement. -# -# int ${PREFIX}_set_encrypt_key(const unsigned char *inp, -# int bits, AES_KEY * const key); -# -# input: $inp user-supplied key -# $bits $inp length in bits -# $key pointer to key schedule -# output: %eax 0 denoting success, -1 or -2 - failure (see C) -# $bits rounds-1 (used in aesni_set_decrypt_key) -# *$key key schedule -# $key pointer to key schedule (used in -# aesni_set_decrypt_key) -# -# Subroutine is frame-less, which means that only volatile registers -# are used. Note that it's declared "abi-omnipotent", which means that -# amount of volatile registers is smaller on Windows. -# -$code.=<<___; -.globl ${PREFIX}_set_encrypt_key -.type ${PREFIX}_set_encrypt_key,\@abi-omnipotent -.align 16 -${PREFIX}_set_encrypt_key: -__aesni_set_encrypt_key: -.cfi_startproc - .byte 0x48,0x83,0xEC,0x08 # sub rsp,8 -.cfi_adjust_cfa_offset 8 - mov \$-1,%rax - test $inp,$inp - jz .Lenc_key_ret - test $key,$key - jz .Lenc_key_ret - - mov \$`1<<28|1<<11`,%r10d # AVX and XOP bits - movups ($inp),%xmm0 # pull first 128 bits of *userKey - xorps %xmm4,%xmm4 # low dword of xmm4 is assumed 0 - and OPENSSL_ia32cap_P+4(%rip),%r10d - lea 16($key),%rax # %rax is used as modifiable copy of $key - cmp \$256,$bits - je .L14rounds - cmp \$192,$bits - je .L12rounds - cmp \$128,$bits - jne .Lbad_keybits - -.L10rounds: - mov \$9,$bits # 10 rounds for 128-bit key - cmp \$`1<<28`,%r10d # AVX, bit no XOP - je .L10rounds_alt - - $movkey %xmm0,($key) # round 0 - aeskeygenassist \$0x1,%xmm0,%xmm1 # round 1 - call .Lkey_expansion_128_cold - aeskeygenassist \$0x2,%xmm0,%xmm1 # round 2 - call .Lkey_expansion_128 - aeskeygenassist \$0x4,%xmm0,%xmm1 # round 3 - call .Lkey_expansion_128 - aeskeygenassist \$0x8,%xmm0,%xmm1 # round 4 - call .Lkey_expansion_128 - aeskeygenassist \$0x10,%xmm0,%xmm1 # round 5 - call .Lkey_expansion_128 - aeskeygenassist \$0x20,%xmm0,%xmm1 # round 6 - call .Lkey_expansion_128 - aeskeygenassist \$0x40,%xmm0,%xmm1 # round 7 - call .Lkey_expansion_128 - aeskeygenassist \$0x80,%xmm0,%xmm1 # round 8 - call .Lkey_expansion_128 - aeskeygenassist \$0x1b,%xmm0,%xmm1 # round 9 - call .Lkey_expansion_128 - aeskeygenassist \$0x36,%xmm0,%xmm1 # round 10 - call .Lkey_expansion_128 - $movkey %xmm0,(%rax) - mov $bits,80(%rax) # 240(%rdx) - xor %eax,%eax - jmp .Lenc_key_ret - -.align 16 -.L10rounds_alt: - movdqa .Lkey_rotate(%rip),%xmm5 - mov \$8,%r10d - movdqa .Lkey_rcon1(%rip),%xmm4 - movdqa %xmm0,%xmm2 - movdqu %xmm0,($key) - jmp .Loop_key128 - -.align 16 -.Loop_key128: - pshufb %xmm5,%xmm0 - aesenclast %xmm4,%xmm0 - pslld \$1,%xmm4 - lea 16(%rax),%rax - - movdqa %xmm2,%xmm3 - pslldq \$4,%xmm2 - pxor %xmm2,%xmm3 - pslldq \$4,%xmm2 - pxor %xmm2,%xmm3 - pslldq \$4,%xmm2 - pxor %xmm3,%xmm2 - - pxor %xmm2,%xmm0 - movdqu %xmm0,-16(%rax) - movdqa %xmm0,%xmm2 - - dec %r10d - jnz .Loop_key128 - - movdqa .Lkey_rcon1b(%rip),%xmm4 - - pshufb %xmm5,%xmm0 - aesenclast %xmm4,%xmm0 - pslld \$1,%xmm4 - - movdqa %xmm2,%xmm3 - pslldq \$4,%xmm2 - pxor %xmm2,%xmm3 - pslldq \$4,%xmm2 - pxor %xmm2,%xmm3 - pslldq \$4,%xmm2 - pxor %xmm3,%xmm2 - - pxor %xmm2,%xmm0 - movdqu %xmm0,(%rax) - - movdqa %xmm0,%xmm2 - pshufb %xmm5,%xmm0 - aesenclast %xmm4,%xmm0 - - movdqa %xmm2,%xmm3 - pslldq \$4,%xmm2 - pxor %xmm2,%xmm3 - pslldq \$4,%xmm2 - pxor %xmm2,%xmm3 - pslldq \$4,%xmm2 - pxor %xmm3,%xmm2 - - pxor %xmm2,%xmm0 - movdqu %xmm0,16(%rax) - - mov $bits,96(%rax) # 240($key) - xor %eax,%eax - jmp .Lenc_key_ret - -.align 16 -.L12rounds: - movq 16($inp),%xmm2 # remaining 1/3 of *userKey - mov \$11,$bits # 12 rounds for 192 - cmp \$`1<<28`,%r10d # AVX, but no XOP - je .L12rounds_alt - - $movkey %xmm0,($key) # round 0 - aeskeygenassist \$0x1,%xmm2,%xmm1 # round 1,2 - call .Lkey_expansion_192a_cold - aeskeygenassist \$0x2,%xmm2,%xmm1 # round 2,3 - call .Lkey_expansion_192b - aeskeygenassist \$0x4,%xmm2,%xmm1 # round 4,5 - call .Lkey_expansion_192a - aeskeygenassist \$0x8,%xmm2,%xmm1 # round 5,6 - call .Lkey_expansion_192b - aeskeygenassist \$0x10,%xmm2,%xmm1 # round 7,8 - call .Lkey_expansion_192a - aeskeygenassist \$0x20,%xmm2,%xmm1 # round 8,9 - call .Lkey_expansion_192b - aeskeygenassist \$0x40,%xmm2,%xmm1 # round 10,11 - call .Lkey_expansion_192a - aeskeygenassist \$0x80,%xmm2,%xmm1 # round 11,12 - call .Lkey_expansion_192b - $movkey %xmm0,(%rax) - mov $bits,48(%rax) # 240(%rdx) - xor %rax, %rax - jmp .Lenc_key_ret - -.align 16 -.L12rounds_alt: - movdqa .Lkey_rotate192(%rip),%xmm5 - movdqa .Lkey_rcon1(%rip),%xmm4 - mov \$8,%r10d - movdqu %xmm0,($key) - jmp .Loop_key192 - -.align 16 -.Loop_key192: - movq %xmm2,0(%rax) - movdqa %xmm2,%xmm1 - pshufb %xmm5,%xmm2 - aesenclast %xmm4,%xmm2 - pslld \$1, %xmm4 - lea 24(%rax),%rax - - movdqa %xmm0,%xmm3 - pslldq \$4,%xmm0 - pxor %xmm0,%xmm3 - pslldq \$4,%xmm0 - pxor %xmm0,%xmm3 - pslldq \$4,%xmm0 - pxor %xmm3,%xmm0 - - pshufd \$0xff,%xmm0,%xmm3 - pxor %xmm1,%xmm3 - pslldq \$4,%xmm1 - pxor %xmm1,%xmm3 - - pxor %xmm2,%xmm0 - pxor %xmm3,%xmm2 - movdqu %xmm0,-16(%rax) - - dec %r10d - jnz .Loop_key192 - - mov $bits,32(%rax) # 240($key) - xor %eax,%eax - jmp .Lenc_key_ret - -.align 16 -.L14rounds: - movups 16($inp),%xmm2 # remaining half of *userKey - mov \$13,$bits # 14 rounds for 256 - lea 16(%rax),%rax - cmp \$`1<<28`,%r10d # AVX, but no XOP - je .L14rounds_alt - - $movkey %xmm0,($key) # round 0 - $movkey %xmm2,16($key) # round 1 - aeskeygenassist \$0x1,%xmm2,%xmm1 # round 2 - call .Lkey_expansion_256a_cold - aeskeygenassist \$0x1,%xmm0,%xmm1 # round 3 - call .Lkey_expansion_256b - aeskeygenassist \$0x2,%xmm2,%xmm1 # round 4 - call .Lkey_expansion_256a - aeskeygenassist \$0x2,%xmm0,%xmm1 # round 5 - call .Lkey_expansion_256b - aeskeygenassist \$0x4,%xmm2,%xmm1 # round 6 - call .Lkey_expansion_256a - aeskeygenassist \$0x4,%xmm0,%xmm1 # round 7 - call .Lkey_expansion_256b - aeskeygenassist \$0x8,%xmm2,%xmm1 # round 8 - call .Lkey_expansion_256a - aeskeygenassist \$0x8,%xmm0,%xmm1 # round 9 - call .Lkey_expansion_256b - aeskeygenassist \$0x10,%xmm2,%xmm1 # round 10 - call .Lkey_expansion_256a - aeskeygenassist \$0x10,%xmm0,%xmm1 # round 11 - call .Lkey_expansion_256b - aeskeygenassist \$0x20,%xmm2,%xmm1 # round 12 - call .Lkey_expansion_256a - aeskeygenassist \$0x20,%xmm0,%xmm1 # round 13 - call .Lkey_expansion_256b - aeskeygenassist \$0x40,%xmm2,%xmm1 # round 14 - call .Lkey_expansion_256a - $movkey %xmm0,(%rax) - mov $bits,16(%rax) # 240(%rdx) - xor %rax,%rax - jmp .Lenc_key_ret - -.align 16 -.L14rounds_alt: - movdqa .Lkey_rotate(%rip),%xmm5 - movdqa .Lkey_rcon1(%rip),%xmm4 - mov \$7,%r10d - movdqu %xmm0,0($key) - movdqa %xmm2,%xmm1 - movdqu %xmm2,16($key) - jmp .Loop_key256 - -.align 16 -.Loop_key256: - pshufb %xmm5,%xmm2 - aesenclast %xmm4,%xmm2 - - movdqa %xmm0,%xmm3 - pslldq \$4,%xmm0 - pxor %xmm0,%xmm3 - pslldq \$4,%xmm0 - pxor %xmm0,%xmm3 - pslldq \$4,%xmm0 - pxor %xmm3,%xmm0 - pslld \$1,%xmm4 - - pxor %xmm2,%xmm0 - movdqu %xmm0,(%rax) - - dec %r10d - jz .Ldone_key256 - - pshufd \$0xff,%xmm0,%xmm2 - pxor %xmm3,%xmm3 - aesenclast %xmm3,%xmm2 - - movdqa %xmm1,%xmm3 - pslldq \$4,%xmm1 - pxor %xmm1,%xmm3 - pslldq \$4,%xmm1 - pxor %xmm1,%xmm3 - pslldq \$4,%xmm1 - pxor %xmm3,%xmm1 - - pxor %xmm1,%xmm2 - movdqu %xmm2,16(%rax) - lea 32(%rax),%rax - movdqa %xmm2,%xmm1 - - jmp .Loop_key256 - -.Ldone_key256: - mov $bits,16(%rax) # 240($key) - xor %eax,%eax - jmp .Lenc_key_ret - -.align 16 -.Lbad_keybits: - mov \$-2,%rax -.Lenc_key_ret: - pxor %xmm0,%xmm0 - pxor %xmm1,%xmm1 - pxor %xmm2,%xmm2 - pxor %xmm3,%xmm3 - pxor %xmm4,%xmm4 - pxor %xmm5,%xmm5 - add \$8,%rsp -.cfi_adjust_cfa_offset -8 - ret -.LSEH_end_set_encrypt_key: - -.align 16 -.Lkey_expansion_128: - $movkey %xmm0,(%rax) - lea 16(%rax),%rax -.Lkey_expansion_128_cold: - shufps \$0b00010000,%xmm0,%xmm4 - xorps %xmm4, %xmm0 - shufps \$0b10001100,%xmm0,%xmm4 - xorps %xmm4, %xmm0 - shufps \$0b11111111,%xmm1,%xmm1 # critical path - xorps %xmm1,%xmm0 - ret - -.align 16 -.Lkey_expansion_192a: - $movkey %xmm0,(%rax) - lea 16(%rax),%rax -.Lkey_expansion_192a_cold: - movaps %xmm2, %xmm5 -.Lkey_expansion_192b_warm: - shufps \$0b00010000,%xmm0,%xmm4 - movdqa %xmm2,%xmm3 - xorps %xmm4,%xmm0 - shufps \$0b10001100,%xmm0,%xmm4 - pslldq \$4,%xmm3 - xorps %xmm4,%xmm0 - pshufd \$0b01010101,%xmm1,%xmm1 # critical path - pxor %xmm3,%xmm2 - pxor %xmm1,%xmm0 - pshufd \$0b11111111,%xmm0,%xmm3 - pxor %xmm3,%xmm2 - ret - -.align 16 -.Lkey_expansion_192b: - movaps %xmm0,%xmm3 - shufps \$0b01000100,%xmm0,%xmm5 - $movkey %xmm5,(%rax) - shufps \$0b01001110,%xmm2,%xmm3 - $movkey %xmm3,16(%rax) - lea 32(%rax),%rax - jmp .Lkey_expansion_192b_warm - -.align 16 -.Lkey_expansion_256a: - $movkey %xmm2,(%rax) - lea 16(%rax),%rax -.Lkey_expansion_256a_cold: - shufps \$0b00010000,%xmm0,%xmm4 - xorps %xmm4,%xmm0 - shufps \$0b10001100,%xmm0,%xmm4 - xorps %xmm4,%xmm0 - shufps \$0b11111111,%xmm1,%xmm1 # critical path - xorps %xmm1,%xmm0 - ret - -.align 16 -.Lkey_expansion_256b: - $movkey %xmm0,(%rax) - lea 16(%rax),%rax - - shufps \$0b00010000,%xmm2,%xmm4 - xorps %xmm4,%xmm2 - shufps \$0b10001100,%xmm2,%xmm4 - xorps %xmm4,%xmm2 - shufps \$0b10101010,%xmm1,%xmm1 # critical path - xorps %xmm1,%xmm2 - ret -.cfi_endproc -.size ${PREFIX}_set_encrypt_key,.-${PREFIX}_set_encrypt_key -.size __aesni_set_encrypt_key,.-__aesni_set_encrypt_key -___ -} - -$code.=<<___; -.align 64 -.Lbswap_mask: - .byte 15,14,13,12,11,10,9,8,7,6,5,4,3,2,1,0 -.Lincrement32: - .long 6,6,6,0 -.Lincrement64: - .long 1,0,0,0 -.Lxts_magic: - .long 0x87,0,1,0 -.Lincrement1: - .byte 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1 -.Lkey_rotate: - .long 0x0c0f0e0d,0x0c0f0e0d,0x0c0f0e0d,0x0c0f0e0d -.Lkey_rotate192: - .long 0x04070605,0x04070605,0x04070605,0x04070605 -.Lkey_rcon1: - .long 1,1,1,1 -.Lkey_rcon1b: - .long 0x1b,0x1b,0x1b,0x1b - -.asciz "AES for Intel AES-NI, CRYPTOGAMS by " -.align 64 -___ - -# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame, -# CONTEXT *context,DISPATCHER_CONTEXT *disp) -if ($win64) { -$rec="%rcx"; -$frame="%rdx"; -$context="%r8"; -$disp="%r9"; - -$code.=<<___; -.extern __imp_RtlVirtualUnwind -___ -$code.=<<___ if ($PREFIX eq "aesni"); -.type ecb_ccm64_se_handler,\@abi-omnipotent -.align 16 -ecb_ccm64_se_handler: - push %rsi - push %rdi - push %rbx - push %rbp - push %r12 - push %r13 - push %r14 - push %r15 - pushfq - sub \$64,%rsp - - mov 120($context),%rax # pull context->Rax - mov 248($context),%rbx # pull context->Rip - - mov 8($disp),%rsi # disp->ImageBase - mov 56($disp),%r11 # disp->HandlerData - - mov 0(%r11),%r10d # HandlerData[0] - lea (%rsi,%r10),%r10 # prologue label - cmp %r10,%rbx # context->RipRsp - - mov 4(%r11),%r10d # HandlerData[1] - lea (%rsi,%r10),%r10 # epilogue label - cmp %r10,%rbx # context->Rip>=epilogue label - jae .Lcommon_seh_tail - - lea 0(%rax),%rsi # %xmm save area - lea 512($context),%rdi # &context.Xmm6 - mov \$8,%ecx # 4*sizeof(%xmm0)/sizeof(%rax) - .long 0xa548f3fc # cld; rep movsq - lea 0x58(%rax),%rax # adjust stack pointer - - jmp .Lcommon_seh_tail -.size ecb_ccm64_se_handler,.-ecb_ccm64_se_handler - -.type ctr_xts_se_handler,\@abi-omnipotent -.align 16 -ctr_xts_se_handler: - push %rsi - push %rdi - push %rbx - push %rbp - push %r12 - push %r13 - push %r14 - push %r15 - pushfq - sub \$64,%rsp - - mov 120($context),%rax # pull context->Rax - mov 248($context),%rbx # pull context->Rip - - mov 8($disp),%rsi # disp->ImageBase - mov 56($disp),%r11 # disp->HandlerData - - mov 0(%r11),%r10d # HandlerData[0] - lea (%rsi,%r10),%r10 # prologue label - cmp %r10,%rbx # context->RipRsp - - mov 4(%r11),%r10d # HandlerData[1] - lea (%rsi,%r10),%r10 # epilogue label - cmp %r10,%rbx # context->Rip>=epilogue label - jae .Lcommon_seh_tail - - mov 208($context),%rax # pull context->R11 - - lea -0xa8(%rax),%rsi # %xmm save area - lea 512($context),%rdi # & context.Xmm6 - mov \$20,%ecx # 10*sizeof(%xmm0)/sizeof(%rax) - .long 0xa548f3fc # cld; rep movsq - - mov -8(%rax),%rbp # restore saved %rbp - mov %rbp,160($context) # restore context->Rbp - jmp .Lcommon_seh_tail -.size ctr_xts_se_handler,.-ctr_xts_se_handler - -.type ocb_se_handler,\@abi-omnipotent -.align 16 -ocb_se_handler: - push %rsi - push %rdi - push %rbx - push %rbp - push %r12 - push %r13 - push %r14 - push %r15 - pushfq - sub \$64,%rsp - - mov 120($context),%rax # pull context->Rax - mov 248($context),%rbx # pull context->Rip - - mov 8($disp),%rsi # disp->ImageBase - mov 56($disp),%r11 # disp->HandlerData - - mov 0(%r11),%r10d # HandlerData[0] - lea (%rsi,%r10),%r10 # prologue label - cmp %r10,%rbx # context->RipRip>=epilogue label - jae .Lcommon_seh_tail - - mov 8(%r11),%r10d # HandlerData[2] - lea (%rsi,%r10),%r10 - cmp %r10,%rbx # context->Rip>=pop label - jae .Locb_no_xmm - - mov 152($context),%rax # pull context->Rsp - - lea (%rax),%rsi # %xmm save area - lea 512($context),%rdi # & context.Xmm6 - mov \$20,%ecx # 10*sizeof(%xmm0)/sizeof(%rax) - .long 0xa548f3fc # cld; rep movsq - lea 0xa0+0x28(%rax),%rax - -.Locb_no_xmm: - mov -8(%rax),%rbx - mov -16(%rax),%rbp - mov -24(%rax),%r12 - mov -32(%rax),%r13 - mov -40(%rax),%r14 - - mov %rbx,144($context) # restore context->Rbx - mov %rbp,160($context) # restore context->Rbp - mov %r12,216($context) # restore context->R12 - mov %r13,224($context) # restore context->R13 - mov %r14,232($context) # restore context->R14 - - jmp .Lcommon_seh_tail -.size ocb_se_handler,.-ocb_se_handler -___ -$code.=<<___; -.type cbc_se_handler,\@abi-omnipotent -.align 16 -cbc_se_handler: - push %rsi - push %rdi - push %rbx - push %rbp - push %r12 - push %r13 - push %r14 - push %r15 - pushfq - sub \$64,%rsp - - mov 152($context),%rax # pull context->Rsp - mov 248($context),%rbx # pull context->Rip - - lea .Lcbc_decrypt_bulk(%rip),%r10 - cmp %r10,%rbx # context->Rip<"prologue" label - jb .Lcommon_seh_tail - - mov 120($context),%rax # pull context->Rax - - lea .Lcbc_decrypt_body(%rip),%r10 - cmp %r10,%rbx # context->RipRsp - - lea .Lcbc_ret(%rip),%r10 - cmp %r10,%rbx # context->Rip>="epilogue" label - jae .Lcommon_seh_tail - - lea 16(%rax),%rsi # %xmm save area - lea 512($context),%rdi # &context.Xmm6 - mov \$20,%ecx # 10*sizeof(%xmm0)/sizeof(%rax) - .long 0xa548f3fc # cld; rep movsq - - mov 208($context),%rax # pull context->R11 - - mov -8(%rax),%rbp # restore saved %rbp - mov %rbp,160($context) # restore context->Rbp - -.Lcommon_seh_tail: - mov 8(%rax),%rdi - mov 16(%rax),%rsi - mov %rax,152($context) # restore context->Rsp - mov %rsi,168($context) # restore context->Rsi - mov %rdi,176($context) # restore context->Rdi - - mov 40($disp),%rdi # disp->ContextRecord - mov $context,%rsi # context - mov \$154,%ecx # sizeof(CONTEXT) - .long 0xa548f3fc # cld; rep movsq - - mov $disp,%rsi - xor %rcx,%rcx # arg1, UNW_FLAG_NHANDLER - mov 8(%rsi),%rdx # arg2, disp->ImageBase - mov 0(%rsi),%r8 # arg3, disp->ControlPc - mov 16(%rsi),%r9 # arg4, disp->FunctionEntry - mov 40(%rsi),%r10 # disp->ContextRecord - lea 56(%rsi),%r11 # &disp->HandlerData - lea 24(%rsi),%r12 # &disp->EstablisherFrame - mov %r10,32(%rsp) # arg5 - mov %r11,40(%rsp) # arg6 - mov %r12,48(%rsp) # arg7 - mov %rcx,56(%rsp) # arg8, (NULL) - call *__imp_RtlVirtualUnwind(%rip) - - mov \$1,%eax # ExceptionContinueSearch - add \$64,%rsp - popfq - pop %r15 - pop %r14 - pop %r13 - pop %r12 - pop %rbp - pop %rbx - pop %rdi - pop %rsi - ret -.size cbc_se_handler,.-cbc_se_handler - -.section .pdata -.align 4 -___ -$code.=<<___ if ($PREFIX eq "aesni"); - .rva .LSEH_begin_aesni_ecb_encrypt - .rva .LSEH_end_aesni_ecb_encrypt - .rva .LSEH_info_ecb - - .rva .LSEH_begin_aesni_ccm64_encrypt_blocks - .rva .LSEH_end_aesni_ccm64_encrypt_blocks - .rva .LSEH_info_ccm64_enc - - .rva .LSEH_begin_aesni_ccm64_decrypt_blocks - .rva .LSEH_end_aesni_ccm64_decrypt_blocks - .rva .LSEH_info_ccm64_dec - - .rva .LSEH_begin_aesni_ctr32_encrypt_blocks - .rva .LSEH_end_aesni_ctr32_encrypt_blocks - .rva .LSEH_info_ctr32 - - .rva .LSEH_begin_aesni_xts_encrypt - .rva .LSEH_end_aesni_xts_encrypt - .rva .LSEH_info_xts_enc - - .rva .LSEH_begin_aesni_xts_decrypt - .rva .LSEH_end_aesni_xts_decrypt - .rva .LSEH_info_xts_dec - - .rva .LSEH_begin_aesni_ocb_encrypt - .rva .LSEH_end_aesni_ocb_encrypt - .rva .LSEH_info_ocb_enc - - .rva .LSEH_begin_aesni_ocb_decrypt - .rva .LSEH_end_aesni_ocb_decrypt - .rva .LSEH_info_ocb_dec -___ -$code.=<<___; - .rva .LSEH_begin_${PREFIX}_cbc_encrypt - .rva .LSEH_end_${PREFIX}_cbc_encrypt - .rva .LSEH_info_cbc - - .rva ${PREFIX}_set_decrypt_key - .rva .LSEH_end_set_decrypt_key - .rva .LSEH_info_key - - .rva ${PREFIX}_set_encrypt_key - .rva .LSEH_end_set_encrypt_key - .rva .LSEH_info_key -.section .xdata -.align 8 -___ -$code.=<<___ if ($PREFIX eq "aesni"); -.LSEH_info_ecb: - .byte 9,0,0,0 - .rva ecb_ccm64_se_handler - .rva .Lecb_enc_body,.Lecb_enc_ret # HandlerData[] -.LSEH_info_ccm64_enc: - .byte 9,0,0,0 - .rva ecb_ccm64_se_handler - .rva .Lccm64_enc_body,.Lccm64_enc_ret # HandlerData[] -.LSEH_info_ccm64_dec: - .byte 9,0,0,0 - .rva ecb_ccm64_se_handler - .rva .Lccm64_dec_body,.Lccm64_dec_ret # HandlerData[] -.LSEH_info_ctr32: - .byte 9,0,0,0 - .rva ctr_xts_se_handler - .rva .Lctr32_body,.Lctr32_epilogue # HandlerData[] -.LSEH_info_xts_enc: - .byte 9,0,0,0 - .rva ctr_xts_se_handler - .rva .Lxts_enc_body,.Lxts_enc_epilogue # HandlerData[] -.LSEH_info_xts_dec: - .byte 9,0,0,0 - .rva ctr_xts_se_handler - .rva .Lxts_dec_body,.Lxts_dec_epilogue # HandlerData[] -.LSEH_info_ocb_enc: - .byte 9,0,0,0 - .rva ocb_se_handler - .rva .Locb_enc_body,.Locb_enc_epilogue # HandlerData[] - .rva .Locb_enc_pop - .long 0 -.LSEH_info_ocb_dec: - .byte 9,0,0,0 - .rva ocb_se_handler - .rva .Locb_dec_body,.Locb_dec_epilogue # HandlerData[] - .rva .Locb_dec_pop - .long 0 -___ -$code.=<<___; -.LSEH_info_cbc: - .byte 9,0,0,0 - .rva cbc_se_handler -.LSEH_info_key: - .byte 0x01,0x04,0x01,0x00 - .byte 0x04,0x02,0x00,0x00 # sub rsp,8 -___ -} - -sub rex { - local *opcode=shift; - my ($dst,$src)=@_; - my $rex=0; - - $rex|=0x04 if($dst>=8); - $rex|=0x01 if($src>=8); - push @opcode,$rex|0x40 if($rex); -} - -sub aesni { - my $line=shift; - my @opcode=(0x66); - - if ($line=~/(aeskeygenassist)\s+\$([x0-9a-f]+),\s*%xmm([0-9]+),\s*%xmm([0-9]+)/) { - rex(\@opcode,$4,$3); - push @opcode,0x0f,0x3a,0xdf; - push @opcode,0xc0|($3&7)|(($4&7)<<3); # ModR/M - my $c=$2; - push @opcode,$c=~/^0/?oct($c):$c; - return ".byte\t".join(',',@opcode); - } - elsif ($line=~/(aes[a-z]+)\s+%xmm([0-9]+),\s*%xmm([0-9]+)/) { - my %opcodelet = ( - "aesimc" => 0xdb, - "aesenc" => 0xdc, "aesenclast" => 0xdd, - "aesdec" => 0xde, "aesdeclast" => 0xdf - ); - return undef if (!defined($opcodelet{$1})); - rex(\@opcode,$3,$2); - push @opcode,0x0f,0x38,$opcodelet{$1}; - push @opcode,0xc0|($2&7)|(($3&7)<<3); # ModR/M - return ".byte\t".join(',',@opcode); - } - elsif ($line=~/(aes[a-z]+)\s+([0x1-9a-fA-F]*)\(%rsp\),\s*%xmm([0-9]+)/) { - my %opcodelet = ( - "aesenc" => 0xdc, "aesenclast" => 0xdd, - "aesdec" => 0xde, "aesdeclast" => 0xdf - ); - return undef if (!defined($opcodelet{$1})); - my $off = $2; - push @opcode,0x44 if ($3>=8); - push @opcode,0x0f,0x38,$opcodelet{$1}; - push @opcode,0x44|(($3&7)<<3),0x24; # ModR/M - push @opcode,($off=~/^0/?oct($off):$off)&0xff; - return ".byte\t".join(',',@opcode); - } - return $line; -} - -sub movbe { - ".byte 0x0f,0x38,0xf1,0x44,0x24,".shift; -} - -$code =~ s/\`([^\`]*)\`/eval($1)/gem; -$code =~ s/\b(aes.*%xmm[0-9]+).*$/aesni($1)/gem; -#$code =~ s/\bmovbe\s+%eax/bswap %eax; mov %eax/gm; # debugging artefact -$code =~ s/\bmovbe\s+%eax,\s*([0-9]+)\(%rsp\)/movbe($1)/gem; - -print $code; - -close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/aes/asm/aesp8-ppc.pl b/crypto/aes/asm/aesp8-ppc.pl deleted file mode 100755 index 60cf86f52aed20b33101ee69123ca5031d6e92c3..0000000000000000000000000000000000000000 --- a/crypto/aes/asm/aesp8-ppc.pl +++ /dev/null @@ -1,3811 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2014-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - -# -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# ==================================================================== -# -# This module implements support for AES instructions as per PowerISA -# specification version 2.07, first implemented by POWER8 processor. -# The module is endian-agnostic in sense that it supports both big- -# and little-endian cases. Data alignment in parallelizable modes is -# handled with VSX loads and stores, which implies MSR.VSX flag being -# set. It should also be noted that ISA specification doesn't prohibit -# alignment exceptions for these instructions on page boundaries. -# Initially alignment was handled in pure AltiVec/VMX way [when data -# is aligned programmatically, which in turn guarantees exception- -# free execution], but it turned to hamper performance when vcipher -# instructions are interleaved. It's reckoned that eventual -# misalignment penalties at page boundaries are in average lower -# than additional overhead in pure AltiVec approach. -# -# May 2016 -# -# Add XTS subroutine, 9x on little- and 12x improvement on big-endian -# systems were measured. -# -###################################################################### -# Current large-block performance in cycles per byte processed with -# 128-bit key (less is better). -# -# CBC en-/decrypt CTR XTS -# POWER8[le] 3.96/0.72 0.74 1.1 -# POWER8[be] 3.75/0.65 0.66 1.0 -# POWER9[le] 4.02/0.86 0.84 1.05 -# POWER9[be] 3.99/0.78 0.79 0.97 - -# $output is the last argument if it looks like a file (it has an extension) -# $flavour is the first argument if it doesn't look like a file -$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; -$flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef; - -if ($flavour =~ /64/) { - $SIZE_T =8; - $LRSAVE =2*$SIZE_T; - $STU ="stdu"; - $POP ="ld"; - $PUSH ="std"; - $UCMP ="cmpld"; - $SHL ="sldi"; -} elsif ($flavour =~ /32/) { - $SIZE_T =4; - $LRSAVE =$SIZE_T; - $STU ="stwu"; - $POP ="lwz"; - $PUSH ="stw"; - $UCMP ="cmplw"; - $SHL ="slwi"; -} else { die "nonsense $flavour"; } - -$LITTLE_ENDIAN = ($flavour=~/le$/) ? $SIZE_T : 0; - -$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; -( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or -( $xlate="${dir}../../perlasm/ppc-xlate.pl" and -f $xlate) or -die "can't locate ppc-xlate.pl"; - -open STDOUT,"| $^X $xlate $flavour \"$output\"" - or die "can't call $xlate: $!"; - -$FRAME=8*$SIZE_T; -$prefix="aes_p8"; - -$sp="r1"; -$vrsave="r12"; - -######################################################################### -{{{ # Key setup procedures # -my ($inp,$bits,$out,$ptr,$cnt,$rounds)=map("r$_",(3..8)); -my ($zero,$in0,$in1,$key,$rcon,$mask,$tmp)=map("v$_",(0..6)); -my ($stage,$outperm,$outmask,$outhead,$outtail)=map("v$_",(7..11)); - -$code.=<<___; -.machine "any" - -.text - -.align 7 -rcon: -.long 0x01000000, 0x01000000, 0x01000000, 0x01000000 ?rev -.long 0x1b000000, 0x1b000000, 0x1b000000, 0x1b000000 ?rev -.long 0x0d0e0f0c, 0x0d0e0f0c, 0x0d0e0f0c, 0x0d0e0f0c ?rev -.long 0,0,0,0 ?asis -Lconsts: - mflr r0 - bcl 20,31,\$+4 - mflr $ptr #vvvvv "distance between . and rcon - addi $ptr,$ptr,-0x48 - mtlr r0 - blr - .long 0 - .byte 0,12,0x14,0,0,0,0,0 -.asciz "AES for PowerISA 2.07, CRYPTOGAMS by " - -.globl .${prefix}_set_encrypt_key -.align 5 -.${prefix}_set_encrypt_key: -Lset_encrypt_key: - mflr r11 - $PUSH r11,$LRSAVE($sp) - - li $ptr,-1 - ${UCMP}i $inp,0 - beq- Lenc_key_abort # if ($inp==0) return -1; - ${UCMP}i $out,0 - beq- Lenc_key_abort # if ($out==0) return -1; - li $ptr,-2 - cmpwi $bits,128 - blt- Lenc_key_abort - cmpwi $bits,256 - bgt- Lenc_key_abort - andi. r0,$bits,0x3f - bne- Lenc_key_abort - - lis r0,0xfff0 - mfspr $vrsave,256 - mtspr 256,r0 - - bl Lconsts - mtlr r11 - - neg r9,$inp - lvx $in0,0,$inp - addi $inp,$inp,15 # 15 is not typo - lvsr $key,0,r9 # borrow $key - li r8,0x20 - cmpwi $bits,192 - lvx $in1,0,$inp - le?vspltisb $mask,0x0f # borrow $mask - lvx $rcon,0,$ptr - le?vxor $key,$key,$mask # adjust for byte swap - lvx $mask,r8,$ptr - addi $ptr,$ptr,0x10 - vperm $in0,$in0,$in1,$key # align [and byte swap in LE] - li $cnt,8 - vxor $zero,$zero,$zero - mtctr $cnt - - ?lvsr $outperm,0,$out - vspltisb $outmask,-1 - lvx $outhead,0,$out - ?vperm $outmask,$zero,$outmask,$outperm - - blt Loop128 - addi $inp,$inp,8 - beq L192 - addi $inp,$inp,8 - b L256 - -.align 4 -Loop128: - vperm $key,$in0,$in0,$mask # rotate-n-splat - vsldoi $tmp,$zero,$in0,12 # >>32 - vperm $outtail,$in0,$in0,$outperm # rotate - vsel $stage,$outhead,$outtail,$outmask - vmr $outhead,$outtail - vcipherlast $key,$key,$rcon - stvx $stage,0,$out - addi $out,$out,16 - - vxor $in0,$in0,$tmp - vsldoi $tmp,$zero,$tmp,12 # >>32 - vxor $in0,$in0,$tmp - vsldoi $tmp,$zero,$tmp,12 # >>32 - vxor $in0,$in0,$tmp - vadduwm $rcon,$rcon,$rcon - vxor $in0,$in0,$key - bdnz Loop128 - - lvx $rcon,0,$ptr # last two round keys - - vperm $key,$in0,$in0,$mask # rotate-n-splat - vsldoi $tmp,$zero,$in0,12 # >>32 - vperm $outtail,$in0,$in0,$outperm # rotate - vsel $stage,$outhead,$outtail,$outmask - vmr $outhead,$outtail - vcipherlast $key,$key,$rcon - stvx $stage,0,$out - addi $out,$out,16 - - vxor $in0,$in0,$tmp - vsldoi $tmp,$zero,$tmp,12 # >>32 - vxor $in0,$in0,$tmp - vsldoi $tmp,$zero,$tmp,12 # >>32 - vxor $in0,$in0,$tmp - vadduwm $rcon,$rcon,$rcon - vxor $in0,$in0,$key - - vperm $key,$in0,$in0,$mask # rotate-n-splat - vsldoi $tmp,$zero,$in0,12 # >>32 - vperm $outtail,$in0,$in0,$outperm # rotate - vsel $stage,$outhead,$outtail,$outmask - vmr $outhead,$outtail - vcipherlast $key,$key,$rcon - stvx $stage,0,$out - addi $out,$out,16 - - vxor $in0,$in0,$tmp - vsldoi $tmp,$zero,$tmp,12 # >>32 - vxor $in0,$in0,$tmp - vsldoi $tmp,$zero,$tmp,12 # >>32 - vxor $in0,$in0,$tmp - vxor $in0,$in0,$key - vperm $outtail,$in0,$in0,$outperm # rotate - vsel $stage,$outhead,$outtail,$outmask - vmr $outhead,$outtail - stvx $stage,0,$out - - addi $inp,$out,15 # 15 is not typo - addi $out,$out,0x50 - - li $rounds,10 - b Ldone - -.align 4 -L192: - lvx $tmp,0,$inp - li $cnt,4 - vperm $outtail,$in0,$in0,$outperm # rotate - vsel $stage,$outhead,$outtail,$outmask - vmr $outhead,$outtail - stvx $stage,0,$out - addi $out,$out,16 - vperm $in1,$in1,$tmp,$key # align [and byte swap in LE] - vspltisb $key,8 # borrow $key - mtctr $cnt - vsububm $mask,$mask,$key # adjust the mask - -Loop192: - vperm $key,$in1,$in1,$mask # roate-n-splat - vsldoi $tmp,$zero,$in0,12 # >>32 - vcipherlast $key,$key,$rcon - - vxor $in0,$in0,$tmp - vsldoi $tmp,$zero,$tmp,12 # >>32 - vxor $in0,$in0,$tmp - vsldoi $tmp,$zero,$tmp,12 # >>32 - vxor $in0,$in0,$tmp - - vsldoi $stage,$zero,$in1,8 - vspltw $tmp,$in0,3 - vxor $tmp,$tmp,$in1 - vsldoi $in1,$zero,$in1,12 # >>32 - vadduwm $rcon,$rcon,$rcon - vxor $in1,$in1,$tmp - vxor $in0,$in0,$key - vxor $in1,$in1,$key - vsldoi $stage,$stage,$in0,8 - - vperm $key,$in1,$in1,$mask # rotate-n-splat - vsldoi $tmp,$zero,$in0,12 # >>32 - vperm $outtail,$stage,$stage,$outperm # rotate - vsel $stage,$outhead,$outtail,$outmask - vmr $outhead,$outtail - vcipherlast $key,$key,$rcon - stvx $stage,0,$out - addi $out,$out,16 - - vsldoi $stage,$in0,$in1,8 - vxor $in0,$in0,$tmp - vsldoi $tmp,$zero,$tmp,12 # >>32 - vperm $outtail,$stage,$stage,$outperm # rotate - vsel $stage,$outhead,$outtail,$outmask - vmr $outhead,$outtail - vxor $in0,$in0,$tmp - vsldoi $tmp,$zero,$tmp,12 # >>32 - vxor $in0,$in0,$tmp - stvx $stage,0,$out - addi $out,$out,16 - - vspltw $tmp,$in0,3 - vxor $tmp,$tmp,$in1 - vsldoi $in1,$zero,$in1,12 # >>32 - vadduwm $rcon,$rcon,$rcon - vxor $in1,$in1,$tmp - vxor $in0,$in0,$key - vxor $in1,$in1,$key - vperm $outtail,$in0,$in0,$outperm # rotate - vsel $stage,$outhead,$outtail,$outmask - vmr $outhead,$outtail - stvx $stage,0,$out - addi $inp,$out,15 # 15 is not typo - addi $out,$out,16 - bdnz Loop192 - - li $rounds,12 - addi $out,$out,0x20 - b Ldone - -.align 4 -L256: - lvx $tmp,0,$inp - li $cnt,7 - li $rounds,14 - vperm $outtail,$in0,$in0,$outperm # rotate - vsel $stage,$outhead,$outtail,$outmask - vmr $outhead,$outtail - stvx $stage,0,$out - addi $out,$out,16 - vperm $in1,$in1,$tmp,$key # align [and byte swap in LE] - mtctr $cnt - -Loop256: - vperm $key,$in1,$in1,$mask # rotate-n-splat - vsldoi $tmp,$zero,$in0,12 # >>32 - vperm $outtail,$in1,$in1,$outperm # rotate - vsel $stage,$outhead,$outtail,$outmask - vmr $outhead,$outtail - vcipherlast $key,$key,$rcon - stvx $stage,0,$out - addi $out,$out,16 - - vxor $in0,$in0,$tmp - vsldoi $tmp,$zero,$tmp,12 # >>32 - vxor $in0,$in0,$tmp - vsldoi $tmp,$zero,$tmp,12 # >>32 - vxor $in0,$in0,$tmp - vadduwm $rcon,$rcon,$rcon - vxor $in0,$in0,$key - vperm $outtail,$in0,$in0,$outperm # rotate - vsel $stage,$outhead,$outtail,$outmask - vmr $outhead,$outtail - stvx $stage,0,$out - addi $inp,$out,15 # 15 is not typo - addi $out,$out,16 - bdz Ldone - - vspltw $key,$in0,3 # just splat - vsldoi $tmp,$zero,$in1,12 # >>32 - vsbox $key,$key - - vxor $in1,$in1,$tmp - vsldoi $tmp,$zero,$tmp,12 # >>32 - vxor $in1,$in1,$tmp - vsldoi $tmp,$zero,$tmp,12 # >>32 - vxor $in1,$in1,$tmp - - vxor $in1,$in1,$key - b Loop256 - -.align 4 -Ldone: - lvx $in1,0,$inp # redundant in aligned case - vsel $in1,$outhead,$in1,$outmask - stvx $in1,0,$inp - li $ptr,0 - mtspr 256,$vrsave - stw $rounds,0($out) - -Lenc_key_abort: - mr r3,$ptr - blr - .long 0 - .byte 0,12,0x14,1,0,0,3,0 - .long 0 -.size .${prefix}_set_encrypt_key,.-.${prefix}_set_encrypt_key - -.globl .${prefix}_set_decrypt_key -.align 5 -.${prefix}_set_decrypt_key: - $STU $sp,-$FRAME($sp) - mflr r10 - $PUSH r10,$FRAME+$LRSAVE($sp) - bl Lset_encrypt_key - mtlr r10 - - cmpwi r3,0 - bne- Ldec_key_abort - - slwi $cnt,$rounds,4 - subi $inp,$out,240 # first round key - srwi $rounds,$rounds,1 - add $out,$inp,$cnt # last round key - mtctr $rounds - -Ldeckey: - lwz r0, 0($inp) - lwz r6, 4($inp) - lwz r7, 8($inp) - lwz r8, 12($inp) - addi $inp,$inp,16 - lwz r9, 0($out) - lwz r10,4($out) - lwz r11,8($out) - lwz r12,12($out) - stw r0, 0($out) - stw r6, 4($out) - stw r7, 8($out) - stw r8, 12($out) - subi $out,$out,16 - stw r9, -16($inp) - stw r10,-12($inp) - stw r11,-8($inp) - stw r12,-4($inp) - bdnz Ldeckey - - xor r3,r3,r3 # return value -Ldec_key_abort: - addi $sp,$sp,$FRAME - blr - .long 0 - .byte 0,12,4,1,0x80,0,3,0 - .long 0 -.size .${prefix}_set_decrypt_key,.-.${prefix}_set_decrypt_key -___ -}}} -######################################################################### -{{{ # Single block en- and decrypt procedures # -sub gen_block () { -my $dir = shift; -my $n = $dir eq "de" ? "n" : ""; -my ($inp,$out,$key,$rounds,$idx)=map("r$_",(3..7)); - -$code.=<<___; -.globl .${prefix}_${dir}crypt -.align 5 -.${prefix}_${dir}crypt: - lwz $rounds,240($key) - lis r0,0xfc00 - mfspr $vrsave,256 - li $idx,15 # 15 is not typo - mtspr 256,r0 - - lvx v0,0,$inp - neg r11,$out - lvx v1,$idx,$inp - lvsl v2,0,$inp # inpperm - le?vspltisb v4,0x0f - ?lvsl v3,0,r11 # outperm - le?vxor v2,v2,v4 - li $idx,16 - vperm v0,v0,v1,v2 # align [and byte swap in LE] - lvx v1,0,$key - ?lvsl v5,0,$key # keyperm - srwi $rounds,$rounds,1 - lvx v2,$idx,$key - addi $idx,$idx,16 - subi $rounds,$rounds,1 - ?vperm v1,v1,v2,v5 # align round key - - vxor v0,v0,v1 - lvx v1,$idx,$key - addi $idx,$idx,16 - mtctr $rounds - -Loop_${dir}c: - ?vperm v2,v2,v1,v5 - v${n}cipher v0,v0,v2 - lvx v2,$idx,$key - addi $idx,$idx,16 - ?vperm v1,v1,v2,v5 - v${n}cipher v0,v0,v1 - lvx v1,$idx,$key - addi $idx,$idx,16 - bdnz Loop_${dir}c - - ?vperm v2,v2,v1,v5 - v${n}cipher v0,v0,v2 - lvx v2,$idx,$key - ?vperm v1,v1,v2,v5 - v${n}cipherlast v0,v0,v1 - - vspltisb v2,-1 - vxor v1,v1,v1 - li $idx,15 # 15 is not typo - ?vperm v2,v1,v2,v3 # outmask - le?vxor v3,v3,v4 - lvx v1,0,$out # outhead - vperm v0,v0,v0,v3 # rotate [and byte swap in LE] - vsel v1,v1,v0,v2 - lvx v4,$idx,$out - stvx v1,0,$out - vsel v0,v0,v4,v2 - stvx v0,$idx,$out - - mtspr 256,$vrsave - blr - .long 0 - .byte 0,12,0x14,0,0,0,3,0 - .long 0 -.size .${prefix}_${dir}crypt,.-.${prefix}_${dir}crypt -___ -} -&gen_block("en"); -&gen_block("de"); -}}} -######################################################################### -{{{ # CBC en- and decrypt procedures # -my ($inp,$out,$len,$key,$ivp,$enc,$rounds,$idx)=map("r$_",(3..10)); -my ($rndkey0,$rndkey1,$inout,$tmp)= map("v$_",(0..3)); -my ($ivec,$inptail,$inpperm,$outhead,$outperm,$outmask,$keyperm)= - map("v$_",(4..10)); -$code.=<<___; -.globl .${prefix}_cbc_encrypt -.align 5 -.${prefix}_cbc_encrypt: - ${UCMP}i $len,16 - bltlr- - - cmpwi $enc,0 # test direction - lis r0,0xffe0 - mfspr $vrsave,256 - mtspr 256,r0 - - li $idx,15 - vxor $rndkey0,$rndkey0,$rndkey0 - le?vspltisb $tmp,0x0f - - lvx $ivec,0,$ivp # load [unaligned] iv - lvsl $inpperm,0,$ivp - lvx $inptail,$idx,$ivp - le?vxor $inpperm,$inpperm,$tmp - vperm $ivec,$ivec,$inptail,$inpperm - - neg r11,$inp - ?lvsl $keyperm,0,$key # prepare for unaligned key - lwz $rounds,240($key) - - lvsr $inpperm,0,r11 # prepare for unaligned load - lvx $inptail,0,$inp - addi $inp,$inp,15 # 15 is not typo - le?vxor $inpperm,$inpperm,$tmp - - ?lvsr $outperm,0,$out # prepare for unaligned store - vspltisb $outmask,-1 - lvx $outhead,0,$out - ?vperm $outmask,$rndkey0,$outmask,$outperm - le?vxor $outperm,$outperm,$tmp - - srwi $rounds,$rounds,1 - li $idx,16 - subi $rounds,$rounds,1 - beq Lcbc_dec - -Lcbc_enc: - vmr $inout,$inptail - lvx $inptail,0,$inp - addi $inp,$inp,16 - mtctr $rounds - subi $len,$len,16 # len-=16 - - lvx $rndkey0,0,$key - vperm $inout,$inout,$inptail,$inpperm - lvx $rndkey1,$idx,$key - addi $idx,$idx,16 - ?vperm $rndkey0,$rndkey0,$rndkey1,$keyperm - vxor $inout,$inout,$rndkey0 - lvx $rndkey0,$idx,$key - addi $idx,$idx,16 - vxor $inout,$inout,$ivec - -Loop_cbc_enc: - ?vperm $rndkey1,$rndkey1,$rndkey0,$keyperm - vcipher $inout,$inout,$rndkey1 - lvx $rndkey1,$idx,$key - addi $idx,$idx,16 - ?vperm $rndkey0,$rndkey0,$rndkey1,$keyperm - vcipher $inout,$inout,$rndkey0 - lvx $rndkey0,$idx,$key - addi $idx,$idx,16 - bdnz Loop_cbc_enc - - ?vperm $rndkey1,$rndkey1,$rndkey0,$keyperm - vcipher $inout,$inout,$rndkey1 - lvx $rndkey1,$idx,$key - li $idx,16 - ?vperm $rndkey0,$rndkey0,$rndkey1,$keyperm - vcipherlast $ivec,$inout,$rndkey0 - ${UCMP}i $len,16 - - vperm $tmp,$ivec,$ivec,$outperm - vsel $inout,$outhead,$tmp,$outmask - vmr $outhead,$tmp - stvx $inout,0,$out - addi $out,$out,16 - bge Lcbc_enc - - b Lcbc_done - -.align 4 -Lcbc_dec: - ${UCMP}i $len,128 - bge _aesp8_cbc_decrypt8x - vmr $tmp,$inptail - lvx $inptail,0,$inp - addi $inp,$inp,16 - mtctr $rounds - subi $len,$len,16 # len-=16 - - lvx $rndkey0,0,$key - vperm $tmp,$tmp,$inptail,$inpperm - lvx $rndkey1,$idx,$key - addi $idx,$idx,16 - ?vperm $rndkey0,$rndkey0,$rndkey1,$keyperm - vxor $inout,$tmp,$rndkey0 - lvx $rndkey0,$idx,$key - addi $idx,$idx,16 - -Loop_cbc_dec: - ?vperm $rndkey1,$rndkey1,$rndkey0,$keyperm - vncipher $inout,$inout,$rndkey1 - lvx $rndkey1,$idx,$key - addi $idx,$idx,16 - ?vperm $rndkey0,$rndkey0,$rndkey1,$keyperm - vncipher $inout,$inout,$rndkey0 - lvx $rndkey0,$idx,$key - addi $idx,$idx,16 - bdnz Loop_cbc_dec - - ?vperm $rndkey1,$rndkey1,$rndkey0,$keyperm - vncipher $inout,$inout,$rndkey1 - lvx $rndkey1,$idx,$key - li $idx,16 - ?vperm $rndkey0,$rndkey0,$rndkey1,$keyperm - vncipherlast $inout,$inout,$rndkey0 - ${UCMP}i $len,16 - - vxor $inout,$inout,$ivec - vmr $ivec,$tmp - vperm $tmp,$inout,$inout,$outperm - vsel $inout,$outhead,$tmp,$outmask - vmr $outhead,$tmp - stvx $inout,0,$out - addi $out,$out,16 - bge Lcbc_dec - -Lcbc_done: - addi $out,$out,-1 - lvx $inout,0,$out # redundant in aligned case - vsel $inout,$outhead,$inout,$outmask - stvx $inout,0,$out - - neg $enc,$ivp # write [unaligned] iv - li $idx,15 # 15 is not typo - vxor $rndkey0,$rndkey0,$rndkey0 - vspltisb $outmask,-1 - le?vspltisb $tmp,0x0f - ?lvsl $outperm,0,$enc - ?vperm $outmask,$rndkey0,$outmask,$outperm - le?vxor $outperm,$outperm,$tmp - lvx $outhead,0,$ivp - vperm $ivec,$ivec,$ivec,$outperm - vsel $inout,$outhead,$ivec,$outmask - lvx $inptail,$idx,$ivp - stvx $inout,0,$ivp - vsel $inout,$ivec,$inptail,$outmask - stvx $inout,$idx,$ivp - - mtspr 256,$vrsave - blr - .long 0 - .byte 0,12,0x14,0,0,0,6,0 - .long 0 -___ -######################################################################### -{{ # Optimized CBC decrypt procedure # -my $key_="r11"; -my ($x00,$x10,$x20,$x30,$x40,$x50,$x60,$x70)=map("r$_",(0,8,26..31)); - $x00=0 if ($flavour =~ /osx/); -my ($in0, $in1, $in2, $in3, $in4, $in5, $in6, $in7 )=map("v$_",(0..3,10..13)); -my ($out0,$out1,$out2,$out3,$out4,$out5,$out6,$out7)=map("v$_",(14..21)); -my $rndkey0="v23"; # v24-v25 rotating buffer for first found keys - # v26-v31 last 6 round keys -my ($tmp,$keyperm)=($in3,$in4); # aliases with "caller", redundant assignment - -$code.=<<___; -.align 5 -_aesp8_cbc_decrypt8x: - $STU $sp,-`($FRAME+21*16+6*$SIZE_T)`($sp) - li r10,`$FRAME+8*16+15` - li r11,`$FRAME+8*16+31` - stvx v20,r10,$sp # ABI says so - addi r10,r10,32 - stvx v21,r11,$sp - addi r11,r11,32 - stvx v22,r10,$sp - addi r10,r10,32 - stvx v23,r11,$sp - addi r11,r11,32 - stvx v24,r10,$sp - addi r10,r10,32 - stvx v25,r11,$sp - addi r11,r11,32 - stvx v26,r10,$sp - addi r10,r10,32 - stvx v27,r11,$sp - addi r11,r11,32 - stvx v28,r10,$sp - addi r10,r10,32 - stvx v29,r11,$sp - addi r11,r11,32 - stvx v30,r10,$sp - stvx v31,r11,$sp - li r0,-1 - stw $vrsave,`$FRAME+21*16-4`($sp) # save vrsave - li $x10,0x10 - $PUSH r26,`$FRAME+21*16+0*$SIZE_T`($sp) - li $x20,0x20 - $PUSH r27,`$FRAME+21*16+1*$SIZE_T`($sp) - li $x30,0x30 - $PUSH r28,`$FRAME+21*16+2*$SIZE_T`($sp) - li $x40,0x40 - $PUSH r29,`$FRAME+21*16+3*$SIZE_T`($sp) - li $x50,0x50 - $PUSH r30,`$FRAME+21*16+4*$SIZE_T`($sp) - li $x60,0x60 - $PUSH r31,`$FRAME+21*16+5*$SIZE_T`($sp) - li $x70,0x70 - mtspr 256,r0 - - subi $rounds,$rounds,3 # -4 in total - subi $len,$len,128 # bias - - lvx $rndkey0,$x00,$key # load key schedule - lvx v30,$x10,$key - addi $key,$key,0x20 - lvx v31,$x00,$key - ?vperm $rndkey0,$rndkey0,v30,$keyperm - addi $key_,$sp,$FRAME+15 - mtctr $rounds - -Load_cbc_dec_key: - ?vperm v24,v30,v31,$keyperm - lvx v30,$x10,$key - addi $key,$key,0x20 - stvx v24,$x00,$key_ # off-load round[1] - ?vperm v25,v31,v30,$keyperm - lvx v31,$x00,$key - stvx v25,$x10,$key_ # off-load round[2] - addi $key_,$key_,0x20 - bdnz Load_cbc_dec_key - - lvx v26,$x10,$key - ?vperm v24,v30,v31,$keyperm - lvx v27,$x20,$key - stvx v24,$x00,$key_ # off-load round[3] - ?vperm v25,v31,v26,$keyperm - lvx v28,$x30,$key - stvx v25,$x10,$key_ # off-load round[4] - addi $key_,$sp,$FRAME+15 # rewind $key_ - ?vperm v26,v26,v27,$keyperm - lvx v29,$x40,$key - ?vperm v27,v27,v28,$keyperm - lvx v30,$x50,$key - ?vperm v28,v28,v29,$keyperm - lvx v31,$x60,$key - ?vperm v29,v29,v30,$keyperm - lvx $out0,$x70,$key # borrow $out0 - ?vperm v30,v30,v31,$keyperm - lvx v24,$x00,$key_ # pre-load round[1] - ?vperm v31,v31,$out0,$keyperm - lvx v25,$x10,$key_ # pre-load round[2] - - #lvx $inptail,0,$inp # "caller" already did this - #addi $inp,$inp,15 # 15 is not typo - subi $inp,$inp,15 # undo "caller" - - le?li $idx,8 - lvx_u $in0,$x00,$inp # load first 8 "words" - le?lvsl $inpperm,0,$idx - le?vspltisb $tmp,0x0f - lvx_u $in1,$x10,$inp - le?vxor $inpperm,$inpperm,$tmp # transform for lvx_u/stvx_u - lvx_u $in2,$x20,$inp - le?vperm $in0,$in0,$in0,$inpperm - lvx_u $in3,$x30,$inp - le?vperm $in1,$in1,$in1,$inpperm - lvx_u $in4,$x40,$inp - le?vperm $in2,$in2,$in2,$inpperm - vxor $out0,$in0,$rndkey0 - lvx_u $in5,$x50,$inp - le?vperm $in3,$in3,$in3,$inpperm - vxor $out1,$in1,$rndkey0 - lvx_u $in6,$x60,$inp - le?vperm $in4,$in4,$in4,$inpperm - vxor $out2,$in2,$rndkey0 - lvx_u $in7,$x70,$inp - addi $inp,$inp,0x80 - le?vperm $in5,$in5,$in5,$inpperm - vxor $out3,$in3,$rndkey0 - le?vperm $in6,$in6,$in6,$inpperm - vxor $out4,$in4,$rndkey0 - le?vperm $in7,$in7,$in7,$inpperm - vxor $out5,$in5,$rndkey0 - vxor $out6,$in6,$rndkey0 - vxor $out7,$in7,$rndkey0 - - mtctr $rounds - b Loop_cbc_dec8x -.align 5 -Loop_cbc_dec8x: - vncipher $out0,$out0,v24 - vncipher $out1,$out1,v24 - vncipher $out2,$out2,v24 - vncipher $out3,$out3,v24 - vncipher $out4,$out4,v24 - vncipher $out5,$out5,v24 - vncipher $out6,$out6,v24 - vncipher $out7,$out7,v24 - lvx v24,$x20,$key_ # round[3] - addi $key_,$key_,0x20 - - vncipher $out0,$out0,v25 - vncipher $out1,$out1,v25 - vncipher $out2,$out2,v25 - vncipher $out3,$out3,v25 - vncipher $out4,$out4,v25 - vncipher $out5,$out5,v25 - vncipher $out6,$out6,v25 - vncipher $out7,$out7,v25 - lvx v25,$x10,$key_ # round[4] - bdnz Loop_cbc_dec8x - - subic $len,$len,128 # $len-=128 - vncipher $out0,$out0,v24 - vncipher $out1,$out1,v24 - vncipher $out2,$out2,v24 - vncipher $out3,$out3,v24 - vncipher $out4,$out4,v24 - vncipher $out5,$out5,v24 - vncipher $out6,$out6,v24 - vncipher $out7,$out7,v24 - - subfe. r0,r0,r0 # borrow?-1:0 - vncipher $out0,$out0,v25 - vncipher $out1,$out1,v25 - vncipher $out2,$out2,v25 - vncipher $out3,$out3,v25 - vncipher $out4,$out4,v25 - vncipher $out5,$out5,v25 - vncipher $out6,$out6,v25 - vncipher $out7,$out7,v25 - - and r0,r0,$len - vncipher $out0,$out0,v26 - vncipher $out1,$out1,v26 - vncipher $out2,$out2,v26 - vncipher $out3,$out3,v26 - vncipher $out4,$out4,v26 - vncipher $out5,$out5,v26 - vncipher $out6,$out6,v26 - vncipher $out7,$out7,v26 - - add $inp,$inp,r0 # $inp is adjusted in such - # way that at exit from the - # loop inX-in7 are loaded - # with last "words" - vncipher $out0,$out0,v27 - vncipher $out1,$out1,v27 - vncipher $out2,$out2,v27 - vncipher $out3,$out3,v27 - vncipher $out4,$out4,v27 - vncipher $out5,$out5,v27 - vncipher $out6,$out6,v27 - vncipher $out7,$out7,v27 - - addi $key_,$sp,$FRAME+15 # rewind $key_ - vncipher $out0,$out0,v28 - vncipher $out1,$out1,v28 - vncipher $out2,$out2,v28 - vncipher $out3,$out3,v28 - vncipher $out4,$out4,v28 - vncipher $out5,$out5,v28 - vncipher $out6,$out6,v28 - vncipher $out7,$out7,v28 - lvx v24,$x00,$key_ # re-pre-load round[1] - - vncipher $out0,$out0,v29 - vncipher $out1,$out1,v29 - vncipher $out2,$out2,v29 - vncipher $out3,$out3,v29 - vncipher $out4,$out4,v29 - vncipher $out5,$out5,v29 - vncipher $out6,$out6,v29 - vncipher $out7,$out7,v29 - lvx v25,$x10,$key_ # re-pre-load round[2] - - vncipher $out0,$out0,v30 - vxor $ivec,$ivec,v31 # xor with last round key - vncipher $out1,$out1,v30 - vxor $in0,$in0,v31 - vncipher $out2,$out2,v30 - vxor $in1,$in1,v31 - vncipher $out3,$out3,v30 - vxor $in2,$in2,v31 - vncipher $out4,$out4,v30 - vxor $in3,$in3,v31 - vncipher $out5,$out5,v30 - vxor $in4,$in4,v31 - vncipher $out6,$out6,v30 - vxor $in5,$in5,v31 - vncipher $out7,$out7,v30 - vxor $in6,$in6,v31 - - vncipherlast $out0,$out0,$ivec - vncipherlast $out1,$out1,$in0 - lvx_u $in0,$x00,$inp # load next input block - vncipherlast $out2,$out2,$in1 - lvx_u $in1,$x10,$inp - vncipherlast $out3,$out3,$in2 - le?vperm $in0,$in0,$in0,$inpperm - lvx_u $in2,$x20,$inp - vncipherlast $out4,$out4,$in3 - le?vperm $in1,$in1,$in1,$inpperm - lvx_u $in3,$x30,$inp - vncipherlast $out5,$out5,$in4 - le?vperm $in2,$in2,$in2,$inpperm - lvx_u $in4,$x40,$inp - vncipherlast $out6,$out6,$in5 - le?vperm $in3,$in3,$in3,$inpperm - lvx_u $in5,$x50,$inp - vncipherlast $out7,$out7,$in6 - le?vperm $in4,$in4,$in4,$inpperm - lvx_u $in6,$x60,$inp - vmr $ivec,$in7 - le?vperm $in5,$in5,$in5,$inpperm - lvx_u $in7,$x70,$inp - addi $inp,$inp,0x80 - - le?vperm $out0,$out0,$out0,$inpperm - le?vperm $out1,$out1,$out1,$inpperm - stvx_u $out0,$x00,$out - le?vperm $in6,$in6,$in6,$inpperm - vxor $out0,$in0,$rndkey0 - le?vperm $out2,$out2,$out2,$inpperm - stvx_u $out1,$x10,$out - le?vperm $in7,$in7,$in7,$inpperm - vxor $out1,$in1,$rndkey0 - le?vperm $out3,$out3,$out3,$inpperm - stvx_u $out2,$x20,$out - vxor $out2,$in2,$rndkey0 - le?vperm $out4,$out4,$out4,$inpperm - stvx_u $out3,$x30,$out - vxor $out3,$in3,$rndkey0 - le?vperm $out5,$out5,$out5,$inpperm - stvx_u $out4,$x40,$out - vxor $out4,$in4,$rndkey0 - le?vperm $out6,$out6,$out6,$inpperm - stvx_u $out5,$x50,$out - vxor $out5,$in5,$rndkey0 - le?vperm $out7,$out7,$out7,$inpperm - stvx_u $out6,$x60,$out - vxor $out6,$in6,$rndkey0 - stvx_u $out7,$x70,$out - addi $out,$out,0x80 - vxor $out7,$in7,$rndkey0 - - mtctr $rounds - beq Loop_cbc_dec8x # did $len-=128 borrow? - - addic. $len,$len,128 - beq Lcbc_dec8x_done - nop - nop - -Loop_cbc_dec8x_tail: # up to 7 "words" tail... - vncipher $out1,$out1,v24 - vncipher $out2,$out2,v24 - vncipher $out3,$out3,v24 - vncipher $out4,$out4,v24 - vncipher $out5,$out5,v24 - vncipher $out6,$out6,v24 - vncipher $out7,$out7,v24 - lvx v24,$x20,$key_ # round[3] - addi $key_,$key_,0x20 - - vncipher $out1,$out1,v25 - vncipher $out2,$out2,v25 - vncipher $out3,$out3,v25 - vncipher $out4,$out4,v25 - vncipher $out5,$out5,v25 - vncipher $out6,$out6,v25 - vncipher $out7,$out7,v25 - lvx v25,$x10,$key_ # round[4] - bdnz Loop_cbc_dec8x_tail - - vncipher $out1,$out1,v24 - vncipher $out2,$out2,v24 - vncipher $out3,$out3,v24 - vncipher $out4,$out4,v24 - vncipher $out5,$out5,v24 - vncipher $out6,$out6,v24 - vncipher $out7,$out7,v24 - - vncipher $out1,$out1,v25 - vncipher $out2,$out2,v25 - vncipher $out3,$out3,v25 - vncipher $out4,$out4,v25 - vncipher $out5,$out5,v25 - vncipher $out6,$out6,v25 - vncipher $out7,$out7,v25 - - vncipher $out1,$out1,v26 - vncipher $out2,$out2,v26 - vncipher $out3,$out3,v26 - vncipher $out4,$out4,v26 - vncipher $out5,$out5,v26 - vncipher $out6,$out6,v26 - vncipher $out7,$out7,v26 - - vncipher $out1,$out1,v27 - vncipher $out2,$out2,v27 - vncipher $out3,$out3,v27 - vncipher $out4,$out4,v27 - vncipher $out5,$out5,v27 - vncipher $out6,$out6,v27 - vncipher $out7,$out7,v27 - - vncipher $out1,$out1,v28 - vncipher $out2,$out2,v28 - vncipher $out3,$out3,v28 - vncipher $out4,$out4,v28 - vncipher $out5,$out5,v28 - vncipher $out6,$out6,v28 - vncipher $out7,$out7,v28 - - vncipher $out1,$out1,v29 - vncipher $out2,$out2,v29 - vncipher $out3,$out3,v29 - vncipher $out4,$out4,v29 - vncipher $out5,$out5,v29 - vncipher $out6,$out6,v29 - vncipher $out7,$out7,v29 - - vncipher $out1,$out1,v30 - vxor $ivec,$ivec,v31 # last round key - vncipher $out2,$out2,v30 - vxor $in1,$in1,v31 - vncipher $out3,$out3,v30 - vxor $in2,$in2,v31 - vncipher $out4,$out4,v30 - vxor $in3,$in3,v31 - vncipher $out5,$out5,v30 - vxor $in4,$in4,v31 - vncipher $out6,$out6,v30 - vxor $in5,$in5,v31 - vncipher $out7,$out7,v30 - vxor $in6,$in6,v31 - - cmplwi $len,32 # switch($len) - blt Lcbc_dec8x_one - nop - beq Lcbc_dec8x_two - cmplwi $len,64 - blt Lcbc_dec8x_three - nop - beq Lcbc_dec8x_four - cmplwi $len,96 - blt Lcbc_dec8x_five - nop - beq Lcbc_dec8x_six - -Lcbc_dec8x_seven: - vncipherlast $out1,$out1,$ivec - vncipherlast $out2,$out2,$in1 - vncipherlast $out3,$out3,$in2 - vncipherlast $out4,$out4,$in3 - vncipherlast $out5,$out5,$in4 - vncipherlast $out6,$out6,$in5 - vncipherlast $out7,$out7,$in6 - vmr $ivec,$in7 - - le?vperm $out1,$out1,$out1,$inpperm - le?vperm $out2,$out2,$out2,$inpperm - stvx_u $out1,$x00,$out - le?vperm $out3,$out3,$out3,$inpperm - stvx_u $out2,$x10,$out - le?vperm $out4,$out4,$out4,$inpperm - stvx_u $out3,$x20,$out - le?vperm $out5,$out5,$out5,$inpperm - stvx_u $out4,$x30,$out - le?vperm $out6,$out6,$out6,$inpperm - stvx_u $out5,$x40,$out - le?vperm $out7,$out7,$out7,$inpperm - stvx_u $out6,$x50,$out - stvx_u $out7,$x60,$out - addi $out,$out,0x70 - b Lcbc_dec8x_done - -.align 5 -Lcbc_dec8x_six: - vncipherlast $out2,$out2,$ivec - vncipherlast $out3,$out3,$in2 - vncipherlast $out4,$out4,$in3 - vncipherlast $out5,$out5,$in4 - vncipherlast $out6,$out6,$in5 - vncipherlast $out7,$out7,$in6 - vmr $ivec,$in7 - - le?vperm $out2,$out2,$out2,$inpperm - le?vperm $out3,$out3,$out3,$inpperm - stvx_u $out2,$x00,$out - le?vperm $out4,$out4,$out4,$inpperm - stvx_u $out3,$x10,$out - le?vperm $out5,$out5,$out5,$inpperm - stvx_u $out4,$x20,$out - le?vperm $out6,$out6,$out6,$inpperm - stvx_u $out5,$x30,$out - le?vperm $out7,$out7,$out7,$inpperm - stvx_u $out6,$x40,$out - stvx_u $out7,$x50,$out - addi $out,$out,0x60 - b Lcbc_dec8x_done - -.align 5 -Lcbc_dec8x_five: - vncipherlast $out3,$out3,$ivec - vncipherlast $out4,$out4,$in3 - vncipherlast $out5,$out5,$in4 - vncipherlast $out6,$out6,$in5 - vncipherlast $out7,$out7,$in6 - vmr $ivec,$in7 - - le?vperm $out3,$out3,$out3,$inpperm - le?vperm $out4,$out4,$out4,$inpperm - stvx_u $out3,$x00,$out - le?vperm $out5,$out5,$out5,$inpperm - stvx_u $out4,$x10,$out - le?vperm $out6,$out6,$out6,$inpperm - stvx_u $out5,$x20,$out - le?vperm $out7,$out7,$out7,$inpperm - stvx_u $out6,$x30,$out - stvx_u $out7,$x40,$out - addi $out,$out,0x50 - b Lcbc_dec8x_done - -.align 5 -Lcbc_dec8x_four: - vncipherlast $out4,$out4,$ivec - vncipherlast $out5,$out5,$in4 - vncipherlast $out6,$out6,$in5 - vncipherlast $out7,$out7,$in6 - vmr $ivec,$in7 - - le?vperm $out4,$out4,$out4,$inpperm - le?vperm $out5,$out5,$out5,$inpperm - stvx_u $out4,$x00,$out - le?vperm $out6,$out6,$out6,$inpperm - stvx_u $out5,$x10,$out - le?vperm $out7,$out7,$out7,$inpperm - stvx_u $out6,$x20,$out - stvx_u $out7,$x30,$out - addi $out,$out,0x40 - b Lcbc_dec8x_done - -.align 5 -Lcbc_dec8x_three: - vncipherlast $out5,$out5,$ivec - vncipherlast $out6,$out6,$in5 - vncipherlast $out7,$out7,$in6 - vmr $ivec,$in7 - - le?vperm $out5,$out5,$out5,$inpperm - le?vperm $out6,$out6,$out6,$inpperm - stvx_u $out5,$x00,$out - le?vperm $out7,$out7,$out7,$inpperm - stvx_u $out6,$x10,$out - stvx_u $out7,$x20,$out - addi $out,$out,0x30 - b Lcbc_dec8x_done - -.align 5 -Lcbc_dec8x_two: - vncipherlast $out6,$out6,$ivec - vncipherlast $out7,$out7,$in6 - vmr $ivec,$in7 - - le?vperm $out6,$out6,$out6,$inpperm - le?vperm $out7,$out7,$out7,$inpperm - stvx_u $out6,$x00,$out - stvx_u $out7,$x10,$out - addi $out,$out,0x20 - b Lcbc_dec8x_done - -.align 5 -Lcbc_dec8x_one: - vncipherlast $out7,$out7,$ivec - vmr $ivec,$in7 - - le?vperm $out7,$out7,$out7,$inpperm - stvx_u $out7,0,$out - addi $out,$out,0x10 - -Lcbc_dec8x_done: - le?vperm $ivec,$ivec,$ivec,$inpperm - stvx_u $ivec,0,$ivp # write [unaligned] iv - - li r10,`$FRAME+15` - li r11,`$FRAME+31` - stvx $inpperm,r10,$sp # wipe copies of round keys - addi r10,r10,32 - stvx $inpperm,r11,$sp - addi r11,r11,32 - stvx $inpperm,r10,$sp - addi r10,r10,32 - stvx $inpperm,r11,$sp - addi r11,r11,32 - stvx $inpperm,r10,$sp - addi r10,r10,32 - stvx $inpperm,r11,$sp - addi r11,r11,32 - stvx $inpperm,r10,$sp - addi r10,r10,32 - stvx $inpperm,r11,$sp - addi r11,r11,32 - - mtspr 256,$vrsave - lvx v20,r10,$sp # ABI says so - addi r10,r10,32 - lvx v21,r11,$sp - addi r11,r11,32 - lvx v22,r10,$sp - addi r10,r10,32 - lvx v23,r11,$sp - addi r11,r11,32 - lvx v24,r10,$sp - addi r10,r10,32 - lvx v25,r11,$sp - addi r11,r11,32 - lvx v26,r10,$sp - addi r10,r10,32 - lvx v27,r11,$sp - addi r11,r11,32 - lvx v28,r10,$sp - addi r10,r10,32 - lvx v29,r11,$sp - addi r11,r11,32 - lvx v30,r10,$sp - lvx v31,r11,$sp - $POP r26,`$FRAME+21*16+0*$SIZE_T`($sp) - $POP r27,`$FRAME+21*16+1*$SIZE_T`($sp) - $POP r28,`$FRAME+21*16+2*$SIZE_T`($sp) - $POP r29,`$FRAME+21*16+3*$SIZE_T`($sp) - $POP r30,`$FRAME+21*16+4*$SIZE_T`($sp) - $POP r31,`$FRAME+21*16+5*$SIZE_T`($sp) - addi $sp,$sp,`$FRAME+21*16+6*$SIZE_T` - blr - .long 0 - .byte 0,12,0x04,0,0x80,6,6,0 - .long 0 -.size .${prefix}_cbc_encrypt,.-.${prefix}_cbc_encrypt -___ -}} }}} - -######################################################################### -{{{ # CTR procedure[s] # -my ($inp,$out,$len,$key,$ivp,$x10,$rounds,$idx)=map("r$_",(3..10)); -my ($rndkey0,$rndkey1,$inout,$tmp)= map("v$_",(0..3)); -my ($ivec,$inptail,$inpperm,$outhead,$outperm,$outmask,$keyperm,$one)= - map("v$_",(4..11)); -my $dat=$tmp; - -$code.=<<___; -.globl .${prefix}_ctr32_encrypt_blocks -.align 5 -.${prefix}_ctr32_encrypt_blocks: - ${UCMP}i $len,1 - bltlr- - - lis r0,0xfff0 - mfspr $vrsave,256 - mtspr 256,r0 - - li $idx,15 - vxor $rndkey0,$rndkey0,$rndkey0 - le?vspltisb $tmp,0x0f - - lvx $ivec,0,$ivp # load [unaligned] iv - lvsl $inpperm,0,$ivp - lvx $inptail,$idx,$ivp - vspltisb $one,1 - le?vxor $inpperm,$inpperm,$tmp - vperm $ivec,$ivec,$inptail,$inpperm - vsldoi $one,$rndkey0,$one,1 - - neg r11,$inp - ?lvsl $keyperm,0,$key # prepare for unaligned key - lwz $rounds,240($key) - - lvsr $inpperm,0,r11 # prepare for unaligned load - lvx $inptail,0,$inp - addi $inp,$inp,15 # 15 is not typo - le?vxor $inpperm,$inpperm,$tmp - - srwi $rounds,$rounds,1 - li $idx,16 - subi $rounds,$rounds,1 - - ${UCMP}i $len,8 - bge _aesp8_ctr32_encrypt8x - - ?lvsr $outperm,0,$out # prepare for unaligned store - vspltisb $outmask,-1 - lvx $outhead,0,$out - ?vperm $outmask,$rndkey0,$outmask,$outperm - le?vxor $outperm,$outperm,$tmp - - lvx $rndkey0,0,$key - mtctr $rounds - lvx $rndkey1,$idx,$key - addi $idx,$idx,16 - ?vperm $rndkey0,$rndkey0,$rndkey1,$keyperm - vxor $inout,$ivec,$rndkey0 - lvx $rndkey0,$idx,$key - addi $idx,$idx,16 - b Loop_ctr32_enc - -.align 5 -Loop_ctr32_enc: - ?vperm $rndkey1,$rndkey1,$rndkey0,$keyperm - vcipher $inout,$inout,$rndkey1 - lvx $rndkey1,$idx,$key - addi $idx,$idx,16 - ?vperm $rndkey0,$rndkey0,$rndkey1,$keyperm - vcipher $inout,$inout,$rndkey0 - lvx $rndkey0,$idx,$key - addi $idx,$idx,16 - bdnz Loop_ctr32_enc - - vadduwm $ivec,$ivec,$one - vmr $dat,$inptail - lvx $inptail,0,$inp - addi $inp,$inp,16 - subic. $len,$len,1 # blocks-- - - ?vperm $rndkey1,$rndkey1,$rndkey0,$keyperm - vcipher $inout,$inout,$rndkey1 - lvx $rndkey1,$idx,$key - vperm $dat,$dat,$inptail,$inpperm - li $idx,16 - ?vperm $rndkey1,$rndkey0,$rndkey1,$keyperm - lvx $rndkey0,0,$key - vxor $dat,$dat,$rndkey1 # last round key - vcipherlast $inout,$inout,$dat - - lvx $rndkey1,$idx,$key - addi $idx,$idx,16 - vperm $inout,$inout,$inout,$outperm - vsel $dat,$outhead,$inout,$outmask - mtctr $rounds - ?vperm $rndkey0,$rndkey0,$rndkey1,$keyperm - vmr $outhead,$inout - vxor $inout,$ivec,$rndkey0 - lvx $rndkey0,$idx,$key - addi $idx,$idx,16 - stvx $dat,0,$out - addi $out,$out,16 - bne Loop_ctr32_enc - - addi $out,$out,-1 - lvx $inout,0,$out # redundant in aligned case - vsel $inout,$outhead,$inout,$outmask - stvx $inout,0,$out - - mtspr 256,$vrsave - blr - .long 0 - .byte 0,12,0x14,0,0,0,6,0 - .long 0 -___ -######################################################################### -{{ # Optimized CTR procedure # -my $key_="r11"; -my ($x00,$x10,$x20,$x30,$x40,$x50,$x60,$x70)=map("r$_",(0,8,26..31)); - $x00=0 if ($flavour =~ /osx/); -my ($in0, $in1, $in2, $in3, $in4, $in5, $in6, $in7 )=map("v$_",(0..3,10,12..14)); -my ($out0,$out1,$out2,$out3,$out4,$out5,$out6,$out7)=map("v$_",(15..22)); -my $rndkey0="v23"; # v24-v25 rotating buffer for first found keys - # v26-v31 last 6 round keys -my ($tmp,$keyperm)=($in3,$in4); # aliases with "caller", redundant assignment -my ($two,$three,$four)=($outhead,$outperm,$outmask); - -$code.=<<___; -.align 5 -_aesp8_ctr32_encrypt8x: - $STU $sp,-`($FRAME+21*16+6*$SIZE_T)`($sp) - li r10,`$FRAME+8*16+15` - li r11,`$FRAME+8*16+31` - stvx v20,r10,$sp # ABI says so - addi r10,r10,32 - stvx v21,r11,$sp - addi r11,r11,32 - stvx v22,r10,$sp - addi r10,r10,32 - stvx v23,r11,$sp - addi r11,r11,32 - stvx v24,r10,$sp - addi r10,r10,32 - stvx v25,r11,$sp - addi r11,r11,32 - stvx v26,r10,$sp - addi r10,r10,32 - stvx v27,r11,$sp - addi r11,r11,32 - stvx v28,r10,$sp - addi r10,r10,32 - stvx v29,r11,$sp - addi r11,r11,32 - stvx v30,r10,$sp - stvx v31,r11,$sp - li r0,-1 - stw $vrsave,`$FRAME+21*16-4`($sp) # save vrsave - li $x10,0x10 - $PUSH r26,`$FRAME+21*16+0*$SIZE_T`($sp) - li $x20,0x20 - $PUSH r27,`$FRAME+21*16+1*$SIZE_T`($sp) - li $x30,0x30 - $PUSH r28,`$FRAME+21*16+2*$SIZE_T`($sp) - li $x40,0x40 - $PUSH r29,`$FRAME+21*16+3*$SIZE_T`($sp) - li $x50,0x50 - $PUSH r30,`$FRAME+21*16+4*$SIZE_T`($sp) - li $x60,0x60 - $PUSH r31,`$FRAME+21*16+5*$SIZE_T`($sp) - li $x70,0x70 - mtspr 256,r0 - - subi $rounds,$rounds,3 # -4 in total - - lvx $rndkey0,$x00,$key # load key schedule - lvx v30,$x10,$key - addi $key,$key,0x20 - lvx v31,$x00,$key - ?vperm $rndkey0,$rndkey0,v30,$keyperm - addi $key_,$sp,$FRAME+15 - mtctr $rounds - -Load_ctr32_enc_key: - ?vperm v24,v30,v31,$keyperm - lvx v30,$x10,$key - addi $key,$key,0x20 - stvx v24,$x00,$key_ # off-load round[1] - ?vperm v25,v31,v30,$keyperm - lvx v31,$x00,$key - stvx v25,$x10,$key_ # off-load round[2] - addi $key_,$key_,0x20 - bdnz Load_ctr32_enc_key - - lvx v26,$x10,$key - ?vperm v24,v30,v31,$keyperm - lvx v27,$x20,$key - stvx v24,$x00,$key_ # off-load round[3] - ?vperm v25,v31,v26,$keyperm - lvx v28,$x30,$key - stvx v25,$x10,$key_ # off-load round[4] - addi $key_,$sp,$FRAME+15 # rewind $key_ - ?vperm v26,v26,v27,$keyperm - lvx v29,$x40,$key - ?vperm v27,v27,v28,$keyperm - lvx v30,$x50,$key - ?vperm v28,v28,v29,$keyperm - lvx v31,$x60,$key - ?vperm v29,v29,v30,$keyperm - lvx $out0,$x70,$key # borrow $out0 - ?vperm v30,v30,v31,$keyperm - lvx v24,$x00,$key_ # pre-load round[1] - ?vperm v31,v31,$out0,$keyperm - lvx v25,$x10,$key_ # pre-load round[2] - - vadduwm $two,$one,$one - subi $inp,$inp,15 # undo "caller" - $SHL $len,$len,4 - - vadduwm $out1,$ivec,$one # counter values ... - vadduwm $out2,$ivec,$two - vxor $out0,$ivec,$rndkey0 # ... xored with rndkey[0] - le?li $idx,8 - vadduwm $out3,$out1,$two - vxor $out1,$out1,$rndkey0 - le?lvsl $inpperm,0,$idx - vadduwm $out4,$out2,$two - vxor $out2,$out2,$rndkey0 - le?vspltisb $tmp,0x0f - vadduwm $out5,$out3,$two - vxor $out3,$out3,$rndkey0 - le?vxor $inpperm,$inpperm,$tmp # transform for lvx_u/stvx_u - vadduwm $out6,$out4,$two - vxor $out4,$out4,$rndkey0 - vadduwm $out7,$out5,$two - vxor $out5,$out5,$rndkey0 - vadduwm $ivec,$out6,$two # next counter value - vxor $out6,$out6,$rndkey0 - vxor $out7,$out7,$rndkey0 - - mtctr $rounds - b Loop_ctr32_enc8x -.align 5 -Loop_ctr32_enc8x: - vcipher $out0,$out0,v24 - vcipher $out1,$out1,v24 - vcipher $out2,$out2,v24 - vcipher $out3,$out3,v24 - vcipher $out4,$out4,v24 - vcipher $out5,$out5,v24 - vcipher $out6,$out6,v24 - vcipher $out7,$out7,v24 -Loop_ctr32_enc8x_middle: - lvx v24,$x20,$key_ # round[3] - addi $key_,$key_,0x20 - - vcipher $out0,$out0,v25 - vcipher $out1,$out1,v25 - vcipher $out2,$out2,v25 - vcipher $out3,$out3,v25 - vcipher $out4,$out4,v25 - vcipher $out5,$out5,v25 - vcipher $out6,$out6,v25 - vcipher $out7,$out7,v25 - lvx v25,$x10,$key_ # round[4] - bdnz Loop_ctr32_enc8x - - subic r11,$len,256 # $len-256, borrow $key_ - vcipher $out0,$out0,v24 - vcipher $out1,$out1,v24 - vcipher $out2,$out2,v24 - vcipher $out3,$out3,v24 - vcipher $out4,$out4,v24 - vcipher $out5,$out5,v24 - vcipher $out6,$out6,v24 - vcipher $out7,$out7,v24 - - subfe r0,r0,r0 # borrow?-1:0 - vcipher $out0,$out0,v25 - vcipher $out1,$out1,v25 - vcipher $out2,$out2,v25 - vcipher $out3,$out3,v25 - vcipher $out4,$out4,v25 - vcipher $out5,$out5,v25 - vcipher $out6,$out6,v25 - vcipher $out7,$out7,v25 - - and r0,r0,r11 - addi $key_,$sp,$FRAME+15 # rewind $key_ - vcipher $out0,$out0,v26 - vcipher $out1,$out1,v26 - vcipher $out2,$out2,v26 - vcipher $out3,$out3,v26 - vcipher $out4,$out4,v26 - vcipher $out5,$out5,v26 - vcipher $out6,$out6,v26 - vcipher $out7,$out7,v26 - lvx v24,$x00,$key_ # re-pre-load round[1] - - subic $len,$len,129 # $len-=129 - vcipher $out0,$out0,v27 - addi $len,$len,1 # $len-=128 really - vcipher $out1,$out1,v27 - vcipher $out2,$out2,v27 - vcipher $out3,$out3,v27 - vcipher $out4,$out4,v27 - vcipher $out5,$out5,v27 - vcipher $out6,$out6,v27 - vcipher $out7,$out7,v27 - lvx v25,$x10,$key_ # re-pre-load round[2] - - vcipher $out0,$out0,v28 - lvx_u $in0,$x00,$inp # load input - vcipher $out1,$out1,v28 - lvx_u $in1,$x10,$inp - vcipher $out2,$out2,v28 - lvx_u $in2,$x20,$inp - vcipher $out3,$out3,v28 - lvx_u $in3,$x30,$inp - vcipher $out4,$out4,v28 - lvx_u $in4,$x40,$inp - vcipher $out5,$out5,v28 - lvx_u $in5,$x50,$inp - vcipher $out6,$out6,v28 - lvx_u $in6,$x60,$inp - vcipher $out7,$out7,v28 - lvx_u $in7,$x70,$inp - addi $inp,$inp,0x80 - - vcipher $out0,$out0,v29 - le?vperm $in0,$in0,$in0,$inpperm - vcipher $out1,$out1,v29 - le?vperm $in1,$in1,$in1,$inpperm - vcipher $out2,$out2,v29 - le?vperm $in2,$in2,$in2,$inpperm - vcipher $out3,$out3,v29 - le?vperm $in3,$in3,$in3,$inpperm - vcipher $out4,$out4,v29 - le?vperm $in4,$in4,$in4,$inpperm - vcipher $out5,$out5,v29 - le?vperm $in5,$in5,$in5,$inpperm - vcipher $out6,$out6,v29 - le?vperm $in6,$in6,$in6,$inpperm - vcipher $out7,$out7,v29 - le?vperm $in7,$in7,$in7,$inpperm - - add $inp,$inp,r0 # $inp is adjusted in such - # way that at exit from the - # loop inX-in7 are loaded - # with last "words" - subfe. r0,r0,r0 # borrow?-1:0 - vcipher $out0,$out0,v30 - vxor $in0,$in0,v31 # xor with last round key - vcipher $out1,$out1,v30 - vxor $in1,$in1,v31 - vcipher $out2,$out2,v30 - vxor $in2,$in2,v31 - vcipher $out3,$out3,v30 - vxor $in3,$in3,v31 - vcipher $out4,$out4,v30 - vxor $in4,$in4,v31 - vcipher $out5,$out5,v30 - vxor $in5,$in5,v31 - vcipher $out6,$out6,v30 - vxor $in6,$in6,v31 - vcipher $out7,$out7,v30 - vxor $in7,$in7,v31 - - bne Lctr32_enc8x_break # did $len-129 borrow? - - vcipherlast $in0,$out0,$in0 - vcipherlast $in1,$out1,$in1 - vadduwm $out1,$ivec,$one # counter values ... - vcipherlast $in2,$out2,$in2 - vadduwm $out2,$ivec,$two - vxor $out0,$ivec,$rndkey0 # ... xored with rndkey[0] - vcipherlast $in3,$out3,$in3 - vadduwm $out3,$out1,$two - vxor $out1,$out1,$rndkey0 - vcipherlast $in4,$out4,$in4 - vadduwm $out4,$out2,$two - vxor $out2,$out2,$rndkey0 - vcipherlast $in5,$out5,$in5 - vadduwm $out5,$out3,$two - vxor $out3,$out3,$rndkey0 - vcipherlast $in6,$out6,$in6 - vadduwm $out6,$out4,$two - vxor $out4,$out4,$rndkey0 - vcipherlast $in7,$out7,$in7 - vadduwm $out7,$out5,$two - vxor $out5,$out5,$rndkey0 - le?vperm $in0,$in0,$in0,$inpperm - vadduwm $ivec,$out6,$two # next counter value - vxor $out6,$out6,$rndkey0 - le?vperm $in1,$in1,$in1,$inpperm - vxor $out7,$out7,$rndkey0 - mtctr $rounds - - vcipher $out0,$out0,v24 - stvx_u $in0,$x00,$out - le?vperm $in2,$in2,$in2,$inpperm - vcipher $out1,$out1,v24 - stvx_u $in1,$x10,$out - le?vperm $in3,$in3,$in3,$inpperm - vcipher $out2,$out2,v24 - stvx_u $in2,$x20,$out - le?vperm $in4,$in4,$in4,$inpperm - vcipher $out3,$out3,v24 - stvx_u $in3,$x30,$out - le?vperm $in5,$in5,$in5,$inpperm - vcipher $out4,$out4,v24 - stvx_u $in4,$x40,$out - le?vperm $in6,$in6,$in6,$inpperm - vcipher $out5,$out5,v24 - stvx_u $in5,$x50,$out - le?vperm $in7,$in7,$in7,$inpperm - vcipher $out6,$out6,v24 - stvx_u $in6,$x60,$out - vcipher $out7,$out7,v24 - stvx_u $in7,$x70,$out - addi $out,$out,0x80 - - b Loop_ctr32_enc8x_middle - -.align 5 -Lctr32_enc8x_break: - cmpwi $len,-0x60 - blt Lctr32_enc8x_one - nop - beq Lctr32_enc8x_two - cmpwi $len,-0x40 - blt Lctr32_enc8x_three - nop - beq Lctr32_enc8x_four - cmpwi $len,-0x20 - blt Lctr32_enc8x_five - nop - beq Lctr32_enc8x_six - cmpwi $len,0x00 - blt Lctr32_enc8x_seven - -Lctr32_enc8x_eight: - vcipherlast $out0,$out0,$in0 - vcipherlast $out1,$out1,$in1 - vcipherlast $out2,$out2,$in2 - vcipherlast $out3,$out3,$in3 - vcipherlast $out4,$out4,$in4 - vcipherlast $out5,$out5,$in5 - vcipherlast $out6,$out6,$in6 - vcipherlast $out7,$out7,$in7 - - le?vperm $out0,$out0,$out0,$inpperm - le?vperm $out1,$out1,$out1,$inpperm - stvx_u $out0,$x00,$out - le?vperm $out2,$out2,$out2,$inpperm - stvx_u $out1,$x10,$out - le?vperm $out3,$out3,$out3,$inpperm - stvx_u $out2,$x20,$out - le?vperm $out4,$out4,$out4,$inpperm - stvx_u $out3,$x30,$out - le?vperm $out5,$out5,$out5,$inpperm - stvx_u $out4,$x40,$out - le?vperm $out6,$out6,$out6,$inpperm - stvx_u $out5,$x50,$out - le?vperm $out7,$out7,$out7,$inpperm - stvx_u $out6,$x60,$out - stvx_u $out7,$x70,$out - addi $out,$out,0x80 - b Lctr32_enc8x_done - -.align 5 -Lctr32_enc8x_seven: - vcipherlast $out0,$out0,$in1 - vcipherlast $out1,$out1,$in2 - vcipherlast $out2,$out2,$in3 - vcipherlast $out3,$out3,$in4 - vcipherlast $out4,$out4,$in5 - vcipherlast $out5,$out5,$in6 - vcipherlast $out6,$out6,$in7 - - le?vperm $out0,$out0,$out0,$inpperm - le?vperm $out1,$out1,$out1,$inpperm - stvx_u $out0,$x00,$out - le?vperm $out2,$out2,$out2,$inpperm - stvx_u $out1,$x10,$out - le?vperm $out3,$out3,$out3,$inpperm - stvx_u $out2,$x20,$out - le?vperm $out4,$out4,$out4,$inpperm - stvx_u $out3,$x30,$out - le?vperm $out5,$out5,$out5,$inpperm - stvx_u $out4,$x40,$out - le?vperm $out6,$out6,$out6,$inpperm - stvx_u $out5,$x50,$out - stvx_u $out6,$x60,$out - addi $out,$out,0x70 - b Lctr32_enc8x_done - -.align 5 -Lctr32_enc8x_six: - vcipherlast $out0,$out0,$in2 - vcipherlast $out1,$out1,$in3 - vcipherlast $out2,$out2,$in4 - vcipherlast $out3,$out3,$in5 - vcipherlast $out4,$out4,$in6 - vcipherlast $out5,$out5,$in7 - - le?vperm $out0,$out0,$out0,$inpperm - le?vperm $out1,$out1,$out1,$inpperm - stvx_u $out0,$x00,$out - le?vperm $out2,$out2,$out2,$inpperm - stvx_u $out1,$x10,$out - le?vperm $out3,$out3,$out3,$inpperm - stvx_u $out2,$x20,$out - le?vperm $out4,$out4,$out4,$inpperm - stvx_u $out3,$x30,$out - le?vperm $out5,$out5,$out5,$inpperm - stvx_u $out4,$x40,$out - stvx_u $out5,$x50,$out - addi $out,$out,0x60 - b Lctr32_enc8x_done - -.align 5 -Lctr32_enc8x_five: - vcipherlast $out0,$out0,$in3 - vcipherlast $out1,$out1,$in4 - vcipherlast $out2,$out2,$in5 - vcipherlast $out3,$out3,$in6 - vcipherlast $out4,$out4,$in7 - - le?vperm $out0,$out0,$out0,$inpperm - le?vperm $out1,$out1,$out1,$inpperm - stvx_u $out0,$x00,$out - le?vperm $out2,$out2,$out2,$inpperm - stvx_u $out1,$x10,$out - le?vperm $out3,$out3,$out3,$inpperm - stvx_u $out2,$x20,$out - le?vperm $out4,$out4,$out4,$inpperm - stvx_u $out3,$x30,$out - stvx_u $out4,$x40,$out - addi $out,$out,0x50 - b Lctr32_enc8x_done - -.align 5 -Lctr32_enc8x_four: - vcipherlast $out0,$out0,$in4 - vcipherlast $out1,$out1,$in5 - vcipherlast $out2,$out2,$in6 - vcipherlast $out3,$out3,$in7 - - le?vperm $out0,$out0,$out0,$inpperm - le?vperm $out1,$out1,$out1,$inpperm - stvx_u $out0,$x00,$out - le?vperm $out2,$out2,$out2,$inpperm - stvx_u $out1,$x10,$out - le?vperm $out3,$out3,$out3,$inpperm - stvx_u $out2,$x20,$out - stvx_u $out3,$x30,$out - addi $out,$out,0x40 - b Lctr32_enc8x_done - -.align 5 -Lctr32_enc8x_three: - vcipherlast $out0,$out0,$in5 - vcipherlast $out1,$out1,$in6 - vcipherlast $out2,$out2,$in7 - - le?vperm $out0,$out0,$out0,$inpperm - le?vperm $out1,$out1,$out1,$inpperm - stvx_u $out0,$x00,$out - le?vperm $out2,$out2,$out2,$inpperm - stvx_u $out1,$x10,$out - stvx_u $out2,$x20,$out - addi $out,$out,0x30 - b Lctr32_enc8x_done - -.align 5 -Lctr32_enc8x_two: - vcipherlast $out0,$out0,$in6 - vcipherlast $out1,$out1,$in7 - - le?vperm $out0,$out0,$out0,$inpperm - le?vperm $out1,$out1,$out1,$inpperm - stvx_u $out0,$x00,$out - stvx_u $out1,$x10,$out - addi $out,$out,0x20 - b Lctr32_enc8x_done - -.align 5 -Lctr32_enc8x_one: - vcipherlast $out0,$out0,$in7 - - le?vperm $out0,$out0,$out0,$inpperm - stvx_u $out0,0,$out - addi $out,$out,0x10 - -Lctr32_enc8x_done: - li r10,`$FRAME+15` - li r11,`$FRAME+31` - stvx $inpperm,r10,$sp # wipe copies of round keys - addi r10,r10,32 - stvx $inpperm,r11,$sp - addi r11,r11,32 - stvx $inpperm,r10,$sp - addi r10,r10,32 - stvx $inpperm,r11,$sp - addi r11,r11,32 - stvx $inpperm,r10,$sp - addi r10,r10,32 - stvx $inpperm,r11,$sp - addi r11,r11,32 - stvx $inpperm,r10,$sp - addi r10,r10,32 - stvx $inpperm,r11,$sp - addi r11,r11,32 - - mtspr 256,$vrsave - lvx v20,r10,$sp # ABI says so - addi r10,r10,32 - lvx v21,r11,$sp - addi r11,r11,32 - lvx v22,r10,$sp - addi r10,r10,32 - lvx v23,r11,$sp - addi r11,r11,32 - lvx v24,r10,$sp - addi r10,r10,32 - lvx v25,r11,$sp - addi r11,r11,32 - lvx v26,r10,$sp - addi r10,r10,32 - lvx v27,r11,$sp - addi r11,r11,32 - lvx v28,r10,$sp - addi r10,r10,32 - lvx v29,r11,$sp - addi r11,r11,32 - lvx v30,r10,$sp - lvx v31,r11,$sp - $POP r26,`$FRAME+21*16+0*$SIZE_T`($sp) - $POP r27,`$FRAME+21*16+1*$SIZE_T`($sp) - $POP r28,`$FRAME+21*16+2*$SIZE_T`($sp) - $POP r29,`$FRAME+21*16+3*$SIZE_T`($sp) - $POP r30,`$FRAME+21*16+4*$SIZE_T`($sp) - $POP r31,`$FRAME+21*16+5*$SIZE_T`($sp) - addi $sp,$sp,`$FRAME+21*16+6*$SIZE_T` - blr - .long 0 - .byte 0,12,0x04,0,0x80,6,6,0 - .long 0 -.size .${prefix}_ctr32_encrypt_blocks,.-.${prefix}_ctr32_encrypt_blocks -___ -}} }}} - -######################################################################### -{{{ # XTS procedures # -# int aes_p8_xts_[en|de]crypt(const char *inp, char *out, size_t len, # -# const AES_KEY *key1, const AES_KEY *key2, # -# [const] unsigned char iv[16]); # -# If $key2 is NULL, then a "tweak chaining" mode is engaged, in which # -# input tweak value is assumed to be encrypted already, and last tweak # -# value, one suitable for consecutive call on same chunk of data, is # -# written back to original buffer. In addition, in "tweak chaining" # -# mode only complete input blocks are processed. # - -my ($inp,$out,$len,$key1,$key2,$ivp,$rounds,$idx) = map("r$_",(3..10)); -my ($rndkey0,$rndkey1,$inout) = map("v$_",(0..2)); -my ($output,$inptail,$inpperm,$leperm,$keyperm) = map("v$_",(3..7)); -my ($tweak,$seven,$eighty7,$tmp,$tweak1) = map("v$_",(8..12)); -my $taillen = $key2; - - ($inp,$idx) = ($idx,$inp); # reassign - -$code.=<<___; -.globl .${prefix}_xts_encrypt -.align 5 -.${prefix}_xts_encrypt: - mr $inp,r3 # reassign - li r3,-1 - ${UCMP}i $len,16 - bltlr- - - lis r0,0xfff0 - mfspr r12,256 # save vrsave - li r11,0 - mtspr 256,r0 - - vspltisb $seven,0x07 # 0x070707..07 - le?lvsl $leperm,r11,r11 - le?vspltisb $tmp,0x0f - le?vxor $leperm,$leperm,$seven - - li $idx,15 - lvx $tweak,0,$ivp # load [unaligned] iv - lvsl $inpperm,0,$ivp - lvx $inptail,$idx,$ivp - le?vxor $inpperm,$inpperm,$tmp - vperm $tweak,$tweak,$inptail,$inpperm - - neg r11,$inp - lvsr $inpperm,0,r11 # prepare for unaligned load - lvx $inout,0,$inp - addi $inp,$inp,15 # 15 is not typo - le?vxor $inpperm,$inpperm,$tmp - - ${UCMP}i $key2,0 # key2==NULL? - beq Lxts_enc_no_key2 - - ?lvsl $keyperm,0,$key2 # prepare for unaligned key - lwz $rounds,240($key2) - srwi $rounds,$rounds,1 - subi $rounds,$rounds,1 - li $idx,16 - - lvx $rndkey0,0,$key2 - lvx $rndkey1,$idx,$key2 - addi $idx,$idx,16 - ?vperm $rndkey0,$rndkey0,$rndkey1,$keyperm - vxor $tweak,$tweak,$rndkey0 - lvx $rndkey0,$idx,$key2 - addi $idx,$idx,16 - mtctr $rounds - -Ltweak_xts_enc: - ?vperm $rndkey1,$rndkey1,$rndkey0,$keyperm - vcipher $tweak,$tweak,$rndkey1 - lvx $rndkey1,$idx,$key2 - addi $idx,$idx,16 - ?vperm $rndkey0,$rndkey0,$rndkey1,$keyperm - vcipher $tweak,$tweak,$rndkey0 - lvx $rndkey0,$idx,$key2 - addi $idx,$idx,16 - bdnz Ltweak_xts_enc - - ?vperm $rndkey1,$rndkey1,$rndkey0,$keyperm - vcipher $tweak,$tweak,$rndkey1 - lvx $rndkey1,$idx,$key2 - ?vperm $rndkey0,$rndkey0,$rndkey1,$keyperm - vcipherlast $tweak,$tweak,$rndkey0 - - li $ivp,0 # don't chain the tweak - b Lxts_enc - -Lxts_enc_no_key2: - li $idx,-16 - and $len,$len,$idx # in "tweak chaining" - # mode only complete - # blocks are processed -Lxts_enc: - lvx $inptail,0,$inp - addi $inp,$inp,16 - - ?lvsl $keyperm,0,$key1 # prepare for unaligned key - lwz $rounds,240($key1) - srwi $rounds,$rounds,1 - subi $rounds,$rounds,1 - li $idx,16 - - vslb $eighty7,$seven,$seven # 0x808080..80 - vor $eighty7,$eighty7,$seven # 0x878787..87 - vspltisb $tmp,1 # 0x010101..01 - vsldoi $eighty7,$eighty7,$tmp,15 # 0x870101..01 - - ${UCMP}i $len,96 - bge _aesp8_xts_encrypt6x - - andi. $taillen,$len,15 - subic r0,$len,32 - subi $taillen,$taillen,16 - subfe r0,r0,r0 - and r0,r0,$taillen - add $inp,$inp,r0 - - lvx $rndkey0,0,$key1 - lvx $rndkey1,$idx,$key1 - addi $idx,$idx,16 - vperm $inout,$inout,$inptail,$inpperm - ?vperm $rndkey0,$rndkey0,$rndkey1,$keyperm - vxor $inout,$inout,$tweak - vxor $inout,$inout,$rndkey0 - lvx $rndkey0,$idx,$key1 - addi $idx,$idx,16 - mtctr $rounds - b Loop_xts_enc - -.align 5 -Loop_xts_enc: - ?vperm $rndkey1,$rndkey1,$rndkey0,$keyperm - vcipher $inout,$inout,$rndkey1 - lvx $rndkey1,$idx,$key1 - addi $idx,$idx,16 - ?vperm $rndkey0,$rndkey0,$rndkey1,$keyperm - vcipher $inout,$inout,$rndkey0 - lvx $rndkey0,$idx,$key1 - addi $idx,$idx,16 - bdnz Loop_xts_enc - - ?vperm $rndkey1,$rndkey1,$rndkey0,$keyperm - vcipher $inout,$inout,$rndkey1 - lvx $rndkey1,$idx,$key1 - li $idx,16 - ?vperm $rndkey0,$rndkey0,$rndkey1,$keyperm - vxor $rndkey0,$rndkey0,$tweak - vcipherlast $output,$inout,$rndkey0 - - le?vperm $tmp,$output,$output,$leperm - be?nop - le?stvx_u $tmp,0,$out - be?stvx_u $output,0,$out - addi $out,$out,16 - - subic. $len,$len,16 - beq Lxts_enc_done - - vmr $inout,$inptail - lvx $inptail,0,$inp - addi $inp,$inp,16 - lvx $rndkey0,0,$key1 - lvx $rndkey1,$idx,$key1 - addi $idx,$idx,16 - - subic r0,$len,32 - subfe r0,r0,r0 - and r0,r0,$taillen - add $inp,$inp,r0 - - vsrab $tmp,$tweak,$seven # next tweak value - vaddubm $tweak,$tweak,$tweak - vsldoi $tmp,$tmp,$tmp,15 - vand $tmp,$tmp,$eighty7 - vxor $tweak,$tweak,$tmp - - vperm $inout,$inout,$inptail,$inpperm - ?vperm $rndkey0,$rndkey0,$rndkey1,$keyperm - vxor $inout,$inout,$tweak - vxor $output,$output,$rndkey0 # just in case $len<16 - vxor $inout,$inout,$rndkey0 - lvx $rndkey0,$idx,$key1 - addi $idx,$idx,16 - - mtctr $rounds - ${UCMP}i $len,16 - bge Loop_xts_enc - - vxor $output,$output,$tweak - lvsr $inpperm,0,$len # $inpperm is no longer needed - vxor $inptail,$inptail,$inptail # $inptail is no longer needed - vspltisb $tmp,-1 - vperm $inptail,$inptail,$tmp,$inpperm - vsel $inout,$inout,$output,$inptail - - subi r11,$out,17 - subi $out,$out,16 - mtctr $len - li $len,16 -Loop_xts_enc_steal: - lbzu r0,1(r11) - stb r0,16(r11) - bdnz Loop_xts_enc_steal - - mtctr $rounds - b Loop_xts_enc # one more time... - -Lxts_enc_done: - ${UCMP}i $ivp,0 - beq Lxts_enc_ret - - vsrab $tmp,$tweak,$seven # next tweak value - vaddubm $tweak,$tweak,$tweak - vsldoi $tmp,$tmp,$tmp,15 - vand $tmp,$tmp,$eighty7 - vxor $tweak,$tweak,$tmp - - le?vperm $tweak,$tweak,$tweak,$leperm - stvx_u $tweak,0,$ivp - -Lxts_enc_ret: - mtspr 256,r12 # restore vrsave - li r3,0 - blr - .long 0 - .byte 0,12,0x04,0,0x80,6,6,0 - .long 0 -.size .${prefix}_xts_encrypt,.-.${prefix}_xts_encrypt - -.globl .${prefix}_xts_decrypt -.align 5 -.${prefix}_xts_decrypt: - mr $inp,r3 # reassign - li r3,-1 - ${UCMP}i $len,16 - bltlr- - - lis r0,0xfff8 - mfspr r12,256 # save vrsave - li r11,0 - mtspr 256,r0 - - andi. r0,$len,15 - neg r0,r0 - andi. r0,r0,16 - sub $len,$len,r0 - - vspltisb $seven,0x07 # 0x070707..07 - le?lvsl $leperm,r11,r11 - le?vspltisb $tmp,0x0f - le?vxor $leperm,$leperm,$seven - - li $idx,15 - lvx $tweak,0,$ivp # load [unaligned] iv - lvsl $inpperm,0,$ivp - lvx $inptail,$idx,$ivp - le?vxor $inpperm,$inpperm,$tmp - vperm $tweak,$tweak,$inptail,$inpperm - - neg r11,$inp - lvsr $inpperm,0,r11 # prepare for unaligned load - lvx $inout,0,$inp - addi $inp,$inp,15 # 15 is not typo - le?vxor $inpperm,$inpperm,$tmp - - ${UCMP}i $key2,0 # key2==NULL? - beq Lxts_dec_no_key2 - - ?lvsl $keyperm,0,$key2 # prepare for unaligned key - lwz $rounds,240($key2) - srwi $rounds,$rounds,1 - subi $rounds,$rounds,1 - li $idx,16 - - lvx $rndkey0,0,$key2 - lvx $rndkey1,$idx,$key2 - addi $idx,$idx,16 - ?vperm $rndkey0,$rndkey0,$rndkey1,$keyperm - vxor $tweak,$tweak,$rndkey0 - lvx $rndkey0,$idx,$key2 - addi $idx,$idx,16 - mtctr $rounds - -Ltweak_xts_dec: - ?vperm $rndkey1,$rndkey1,$rndkey0,$keyperm - vcipher $tweak,$tweak,$rndkey1 - lvx $rndkey1,$idx,$key2 - addi $idx,$idx,16 - ?vperm $rndkey0,$rndkey0,$rndkey1,$keyperm - vcipher $tweak,$tweak,$rndkey0 - lvx $rndkey0,$idx,$key2 - addi $idx,$idx,16 - bdnz Ltweak_xts_dec - - ?vperm $rndkey1,$rndkey1,$rndkey0,$keyperm - vcipher $tweak,$tweak,$rndkey1 - lvx $rndkey1,$idx,$key2 - ?vperm $rndkey0,$rndkey0,$rndkey1,$keyperm - vcipherlast $tweak,$tweak,$rndkey0 - - li $ivp,0 # don't chain the tweak - b Lxts_dec - -Lxts_dec_no_key2: - neg $idx,$len - andi. $idx,$idx,15 - add $len,$len,$idx # in "tweak chaining" - # mode only complete - # blocks are processed -Lxts_dec: - lvx $inptail,0,$inp - addi $inp,$inp,16 - - ?lvsl $keyperm,0,$key1 # prepare for unaligned key - lwz $rounds,240($key1) - srwi $rounds,$rounds,1 - subi $rounds,$rounds,1 - li $idx,16 - - vslb $eighty7,$seven,$seven # 0x808080..80 - vor $eighty7,$eighty7,$seven # 0x878787..87 - vspltisb $tmp,1 # 0x010101..01 - vsldoi $eighty7,$eighty7,$tmp,15 # 0x870101..01 - - ${UCMP}i $len,96 - bge _aesp8_xts_decrypt6x - - lvx $rndkey0,0,$key1 - lvx $rndkey1,$idx,$key1 - addi $idx,$idx,16 - vperm $inout,$inout,$inptail,$inpperm - ?vperm $rndkey0,$rndkey0,$rndkey1,$keyperm - vxor $inout,$inout,$tweak - vxor $inout,$inout,$rndkey0 - lvx $rndkey0,$idx,$key1 - addi $idx,$idx,16 - mtctr $rounds - - ${UCMP}i $len,16 - blt Ltail_xts_dec - be?b Loop_xts_dec - -.align 5 -Loop_xts_dec: - ?vperm $rndkey1,$rndkey1,$rndkey0,$keyperm - vncipher $inout,$inout,$rndkey1 - lvx $rndkey1,$idx,$key1 - addi $idx,$idx,16 - ?vperm $rndkey0,$rndkey0,$rndkey1,$keyperm - vncipher $inout,$inout,$rndkey0 - lvx $rndkey0,$idx,$key1 - addi $idx,$idx,16 - bdnz Loop_xts_dec - - ?vperm $rndkey1,$rndkey1,$rndkey0,$keyperm - vncipher $inout,$inout,$rndkey1 - lvx $rndkey1,$idx,$key1 - li $idx,16 - ?vperm $rndkey0,$rndkey0,$rndkey1,$keyperm - vxor $rndkey0,$rndkey0,$tweak - vncipherlast $output,$inout,$rndkey0 - - le?vperm $tmp,$output,$output,$leperm - be?nop - le?stvx_u $tmp,0,$out - be?stvx_u $output,0,$out - addi $out,$out,16 - - subic. $len,$len,16 - beq Lxts_dec_done - - vmr $inout,$inptail - lvx $inptail,0,$inp - addi $inp,$inp,16 - lvx $rndkey0,0,$key1 - lvx $rndkey1,$idx,$key1 - addi $idx,$idx,16 - - vsrab $tmp,$tweak,$seven # next tweak value - vaddubm $tweak,$tweak,$tweak - vsldoi $tmp,$tmp,$tmp,15 - vand $tmp,$tmp,$eighty7 - vxor $tweak,$tweak,$tmp - - vperm $inout,$inout,$inptail,$inpperm - ?vperm $rndkey0,$rndkey0,$rndkey1,$keyperm - vxor $inout,$inout,$tweak - vxor $inout,$inout,$rndkey0 - lvx $rndkey0,$idx,$key1 - addi $idx,$idx,16 - - mtctr $rounds - ${UCMP}i $len,16 - bge Loop_xts_dec - -Ltail_xts_dec: - vsrab $tmp,$tweak,$seven # next tweak value - vaddubm $tweak1,$tweak,$tweak - vsldoi $tmp,$tmp,$tmp,15 - vand $tmp,$tmp,$eighty7 - vxor $tweak1,$tweak1,$tmp - - subi $inp,$inp,16 - add $inp,$inp,$len - - vxor $inout,$inout,$tweak # :-( - vxor $inout,$inout,$tweak1 # :-) - -Loop_xts_dec_short: - ?vperm $rndkey1,$rndkey1,$rndkey0,$keyperm - vncipher $inout,$inout,$rndkey1 - lvx $rndkey1,$idx,$key1 - addi $idx,$idx,16 - ?vperm $rndkey0,$rndkey0,$rndkey1,$keyperm - vncipher $inout,$inout,$rndkey0 - lvx $rndkey0,$idx,$key1 - addi $idx,$idx,16 - bdnz Loop_xts_dec_short - - ?vperm $rndkey1,$rndkey1,$rndkey0,$keyperm - vncipher $inout,$inout,$rndkey1 - lvx $rndkey1,$idx,$key1 - li $idx,16 - ?vperm $rndkey0,$rndkey0,$rndkey1,$keyperm - vxor $rndkey0,$rndkey0,$tweak1 - vncipherlast $output,$inout,$rndkey0 - - le?vperm $tmp,$output,$output,$leperm - be?nop - le?stvx_u $tmp,0,$out - be?stvx_u $output,0,$out - - vmr $inout,$inptail - lvx $inptail,0,$inp - #addi $inp,$inp,16 - lvx $rndkey0,0,$key1 - lvx $rndkey1,$idx,$key1 - addi $idx,$idx,16 - vperm $inout,$inout,$inptail,$inpperm - ?vperm $rndkey0,$rndkey0,$rndkey1,$keyperm - - lvsr $inpperm,0,$len # $inpperm is no longer needed - vxor $inptail,$inptail,$inptail # $inptail is no longer needed - vspltisb $tmp,-1 - vperm $inptail,$inptail,$tmp,$inpperm - vsel $inout,$inout,$output,$inptail - - vxor $rndkey0,$rndkey0,$tweak - vxor $inout,$inout,$rndkey0 - lvx $rndkey0,$idx,$key1 - addi $idx,$idx,16 - - subi r11,$out,1 - mtctr $len - li $len,16 -Loop_xts_dec_steal: - lbzu r0,1(r11) - stb r0,16(r11) - bdnz Loop_xts_dec_steal - - mtctr $rounds - b Loop_xts_dec # one more time... - -Lxts_dec_done: - ${UCMP}i $ivp,0 - beq Lxts_dec_ret - - vsrab $tmp,$tweak,$seven # next tweak value - vaddubm $tweak,$tweak,$tweak - vsldoi $tmp,$tmp,$tmp,15 - vand $tmp,$tmp,$eighty7 - vxor $tweak,$tweak,$tmp - - le?vperm $tweak,$tweak,$tweak,$leperm - stvx_u $tweak,0,$ivp - -Lxts_dec_ret: - mtspr 256,r12 # restore vrsave - li r3,0 - blr - .long 0 - .byte 0,12,0x04,0,0x80,6,6,0 - .long 0 -.size .${prefix}_xts_decrypt,.-.${prefix}_xts_decrypt -___ -######################################################################### -{{ # Optimized XTS procedures # -my $key_=$key2; -my ($x00,$x10,$x20,$x30,$x40,$x50,$x60,$x70)=map("r$_",(0,3,26..31)); - $x00=0 if ($flavour =~ /osx/); -my ($in0, $in1, $in2, $in3, $in4, $in5 )=map("v$_",(0..5)); -my ($out0, $out1, $out2, $out3, $out4, $out5)=map("v$_",(7,12..16)); -my ($twk0, $twk1, $twk2, $twk3, $twk4, $twk5)=map("v$_",(17..22)); -my $rndkey0="v23"; # v24-v25 rotating buffer for first found keys - # v26-v31 last 6 round keys -my ($keyperm)=($out0); # aliases with "caller", redundant assignment -my $taillen=$x70; - -$code.=<<___; -.align 5 -_aesp8_xts_encrypt6x: - $STU $sp,-`($FRAME+21*16+6*$SIZE_T)`($sp) - mflr r11 - li r7,`$FRAME+8*16+15` - li r3,`$FRAME+8*16+31` - $PUSH r11,`$FRAME+21*16+6*$SIZE_T+$LRSAVE`($sp) - stvx v20,r7,$sp # ABI says so - addi r7,r7,32 - stvx v21,r3,$sp - addi r3,r3,32 - stvx v22,r7,$sp - addi r7,r7,32 - stvx v23,r3,$sp - addi r3,r3,32 - stvx v24,r7,$sp - addi r7,r7,32 - stvx v25,r3,$sp - addi r3,r3,32 - stvx v26,r7,$sp - addi r7,r7,32 - stvx v27,r3,$sp - addi r3,r3,32 - stvx v28,r7,$sp - addi r7,r7,32 - stvx v29,r3,$sp - addi r3,r3,32 - stvx v30,r7,$sp - stvx v31,r3,$sp - li r0,-1 - stw $vrsave,`$FRAME+21*16-4`($sp) # save vrsave - li $x10,0x10 - $PUSH r26,`$FRAME+21*16+0*$SIZE_T`($sp) - li $x20,0x20 - $PUSH r27,`$FRAME+21*16+1*$SIZE_T`($sp) - li $x30,0x30 - $PUSH r28,`$FRAME+21*16+2*$SIZE_T`($sp) - li $x40,0x40 - $PUSH r29,`$FRAME+21*16+3*$SIZE_T`($sp) - li $x50,0x50 - $PUSH r30,`$FRAME+21*16+4*$SIZE_T`($sp) - li $x60,0x60 - $PUSH r31,`$FRAME+21*16+5*$SIZE_T`($sp) - li $x70,0x70 - mtspr 256,r0 - - subi $rounds,$rounds,3 # -4 in total - - lvx $rndkey0,$x00,$key1 # load key schedule - lvx v30,$x10,$key1 - addi $key1,$key1,0x20 - lvx v31,$x00,$key1 - ?vperm $rndkey0,$rndkey0,v30,$keyperm - addi $key_,$sp,$FRAME+15 - mtctr $rounds - -Load_xts_enc_key: - ?vperm v24,v30,v31,$keyperm - lvx v30,$x10,$key1 - addi $key1,$key1,0x20 - stvx v24,$x00,$key_ # off-load round[1] - ?vperm v25,v31,v30,$keyperm - lvx v31,$x00,$key1 - stvx v25,$x10,$key_ # off-load round[2] - addi $key_,$key_,0x20 - bdnz Load_xts_enc_key - - lvx v26,$x10,$key1 - ?vperm v24,v30,v31,$keyperm - lvx v27,$x20,$key1 - stvx v24,$x00,$key_ # off-load round[3] - ?vperm v25,v31,v26,$keyperm - lvx v28,$x30,$key1 - stvx v25,$x10,$key_ # off-load round[4] - addi $key_,$sp,$FRAME+15 # rewind $key_ - ?vperm v26,v26,v27,$keyperm - lvx v29,$x40,$key1 - ?vperm v27,v27,v28,$keyperm - lvx v30,$x50,$key1 - ?vperm v28,v28,v29,$keyperm - lvx v31,$x60,$key1 - ?vperm v29,v29,v30,$keyperm - lvx $twk5,$x70,$key1 # borrow $twk5 - ?vperm v30,v30,v31,$keyperm - lvx v24,$x00,$key_ # pre-load round[1] - ?vperm v31,v31,$twk5,$keyperm - lvx v25,$x10,$key_ # pre-load round[2] - - vperm $in0,$inout,$inptail,$inpperm - subi $inp,$inp,31 # undo "caller" - vxor $twk0,$tweak,$rndkey0 - vsrab $tmp,$tweak,$seven # next tweak value - vaddubm $tweak,$tweak,$tweak - vsldoi $tmp,$tmp,$tmp,15 - vand $tmp,$tmp,$eighty7 - vxor $out0,$in0,$twk0 - vxor $tweak,$tweak,$tmp - - lvx_u $in1,$x10,$inp - vxor $twk1,$tweak,$rndkey0 - vsrab $tmp,$tweak,$seven # next tweak value - vaddubm $tweak,$tweak,$tweak - vsldoi $tmp,$tmp,$tmp,15 - le?vperm $in1,$in1,$in1,$leperm - vand $tmp,$tmp,$eighty7 - vxor $out1,$in1,$twk1 - vxor $tweak,$tweak,$tmp - - lvx_u $in2,$x20,$inp - andi. $taillen,$len,15 - vxor $twk2,$tweak,$rndkey0 - vsrab $tmp,$tweak,$seven # next tweak value - vaddubm $tweak,$tweak,$tweak - vsldoi $tmp,$tmp,$tmp,15 - le?vperm $in2,$in2,$in2,$leperm - vand $tmp,$tmp,$eighty7 - vxor $out2,$in2,$twk2 - vxor $tweak,$tweak,$tmp - - lvx_u $in3,$x30,$inp - sub $len,$len,$taillen - vxor $twk3,$tweak,$rndkey0 - vsrab $tmp,$tweak,$seven # next tweak value - vaddubm $tweak,$tweak,$tweak - vsldoi $tmp,$tmp,$tmp,15 - le?vperm $in3,$in3,$in3,$leperm - vand $tmp,$tmp,$eighty7 - vxor $out3,$in3,$twk3 - vxor $tweak,$tweak,$tmp - - lvx_u $in4,$x40,$inp - subi $len,$len,0x60 - vxor $twk4,$tweak,$rndkey0 - vsrab $tmp,$tweak,$seven # next tweak value - vaddubm $tweak,$tweak,$tweak - vsldoi $tmp,$tmp,$tmp,15 - le?vperm $in4,$in4,$in4,$leperm - vand $tmp,$tmp,$eighty7 - vxor $out4,$in4,$twk4 - vxor $tweak,$tweak,$tmp - - lvx_u $in5,$x50,$inp - addi $inp,$inp,0x60 - vxor $twk5,$tweak,$rndkey0 - vsrab $tmp,$tweak,$seven # next tweak value - vaddubm $tweak,$tweak,$tweak - vsldoi $tmp,$tmp,$tmp,15 - le?vperm $in5,$in5,$in5,$leperm - vand $tmp,$tmp,$eighty7 - vxor $out5,$in5,$twk5 - vxor $tweak,$tweak,$tmp - - vxor v31,v31,$rndkey0 - mtctr $rounds - b Loop_xts_enc6x - -.align 5 -Loop_xts_enc6x: - vcipher $out0,$out0,v24 - vcipher $out1,$out1,v24 - vcipher $out2,$out2,v24 - vcipher $out3,$out3,v24 - vcipher $out4,$out4,v24 - vcipher $out5,$out5,v24 - lvx v24,$x20,$key_ # round[3] - addi $key_,$key_,0x20 - - vcipher $out0,$out0,v25 - vcipher $out1,$out1,v25 - vcipher $out2,$out2,v25 - vcipher $out3,$out3,v25 - vcipher $out4,$out4,v25 - vcipher $out5,$out5,v25 - lvx v25,$x10,$key_ # round[4] - bdnz Loop_xts_enc6x - - subic $len,$len,96 # $len-=96 - vxor $in0,$twk0,v31 # xor with last round key - vcipher $out0,$out0,v24 - vcipher $out1,$out1,v24 - vsrab $tmp,$tweak,$seven # next tweak value - vxor $twk0,$tweak,$rndkey0 - vaddubm $tweak,$tweak,$tweak - vcipher $out2,$out2,v24 - vcipher $out3,$out3,v24 - vsldoi $tmp,$tmp,$tmp,15 - vcipher $out4,$out4,v24 - vcipher $out5,$out5,v24 - - subfe. r0,r0,r0 # borrow?-1:0 - vand $tmp,$tmp,$eighty7 - vcipher $out0,$out0,v25 - vcipher $out1,$out1,v25 - vxor $tweak,$tweak,$tmp - vcipher $out2,$out2,v25 - vcipher $out3,$out3,v25 - vxor $in1,$twk1,v31 - vsrab $tmp,$tweak,$seven # next tweak value - vxor $twk1,$tweak,$rndkey0 - vcipher $out4,$out4,v25 - vcipher $out5,$out5,v25 - - and r0,r0,$len - vaddubm $tweak,$tweak,$tweak - vsldoi $tmp,$tmp,$tmp,15 - vcipher $out0,$out0,v26 - vcipher $out1,$out1,v26 - vand $tmp,$tmp,$eighty7 - vcipher $out2,$out2,v26 - vcipher $out3,$out3,v26 - vxor $tweak,$tweak,$tmp - vcipher $out4,$out4,v26 - vcipher $out5,$out5,v26 - - add $inp,$inp,r0 # $inp is adjusted in such - # way that at exit from the - # loop inX-in5 are loaded - # with last "words" - vxor $in2,$twk2,v31 - vsrab $tmp,$tweak,$seven # next tweak value - vxor $twk2,$tweak,$rndkey0 - vaddubm $tweak,$tweak,$tweak - vcipher $out0,$out0,v27 - vcipher $out1,$out1,v27 - vsldoi $tmp,$tmp,$tmp,15 - vcipher $out2,$out2,v27 - vcipher $out3,$out3,v27 - vand $tmp,$tmp,$eighty7 - vcipher $out4,$out4,v27 - vcipher $out5,$out5,v27 - - addi $key_,$sp,$FRAME+15 # rewind $key_ - vxor $tweak,$tweak,$tmp - vcipher $out0,$out0,v28 - vcipher $out1,$out1,v28 - vxor $in3,$twk3,v31 - vsrab $tmp,$tweak,$seven # next tweak value - vxor $twk3,$tweak,$rndkey0 - vcipher $out2,$out2,v28 - vcipher $out3,$out3,v28 - vaddubm $tweak,$tweak,$tweak - vsldoi $tmp,$tmp,$tmp,15 - vcipher $out4,$out4,v28 - vcipher $out5,$out5,v28 - lvx v24,$x00,$key_ # re-pre-load round[1] - vand $tmp,$tmp,$eighty7 - - vcipher $out0,$out0,v29 - vcipher $out1,$out1,v29 - vxor $tweak,$tweak,$tmp - vcipher $out2,$out2,v29 - vcipher $out3,$out3,v29 - vxor $in4,$twk4,v31 - vsrab $tmp,$tweak,$seven # next tweak value - vxor $twk4,$tweak,$rndkey0 - vcipher $out4,$out4,v29 - vcipher $out5,$out5,v29 - lvx v25,$x10,$key_ # re-pre-load round[2] - vaddubm $tweak,$tweak,$tweak - vsldoi $tmp,$tmp,$tmp,15 - - vcipher $out0,$out0,v30 - vcipher $out1,$out1,v30 - vand $tmp,$tmp,$eighty7 - vcipher $out2,$out2,v30 - vcipher $out3,$out3,v30 - vxor $tweak,$tweak,$tmp - vcipher $out4,$out4,v30 - vcipher $out5,$out5,v30 - vxor $in5,$twk5,v31 - vsrab $tmp,$tweak,$seven # next tweak value - vxor $twk5,$tweak,$rndkey0 - - vcipherlast $out0,$out0,$in0 - lvx_u $in0,$x00,$inp # load next input block - vaddubm $tweak,$tweak,$tweak - vsldoi $tmp,$tmp,$tmp,15 - vcipherlast $out1,$out1,$in1 - lvx_u $in1,$x10,$inp - vcipherlast $out2,$out2,$in2 - le?vperm $in0,$in0,$in0,$leperm - lvx_u $in2,$x20,$inp - vand $tmp,$tmp,$eighty7 - vcipherlast $out3,$out3,$in3 - le?vperm $in1,$in1,$in1,$leperm - lvx_u $in3,$x30,$inp - vcipherlast $out4,$out4,$in4 - le?vperm $in2,$in2,$in2,$leperm - lvx_u $in4,$x40,$inp - vxor $tweak,$tweak,$tmp - vcipherlast $tmp,$out5,$in5 # last block might be needed - # in stealing mode - le?vperm $in3,$in3,$in3,$leperm - lvx_u $in5,$x50,$inp - addi $inp,$inp,0x60 - le?vperm $in4,$in4,$in4,$leperm - le?vperm $in5,$in5,$in5,$leperm - - le?vperm $out0,$out0,$out0,$leperm - le?vperm $out1,$out1,$out1,$leperm - stvx_u $out0,$x00,$out # store output - vxor $out0,$in0,$twk0 - le?vperm $out2,$out2,$out2,$leperm - stvx_u $out1,$x10,$out - vxor $out1,$in1,$twk1 - le?vperm $out3,$out3,$out3,$leperm - stvx_u $out2,$x20,$out - vxor $out2,$in2,$twk2 - le?vperm $out4,$out4,$out4,$leperm - stvx_u $out3,$x30,$out - vxor $out3,$in3,$twk3 - le?vperm $out5,$tmp,$tmp,$leperm - stvx_u $out4,$x40,$out - vxor $out4,$in4,$twk4 - le?stvx_u $out5,$x50,$out - be?stvx_u $tmp, $x50,$out - vxor $out5,$in5,$twk5 - addi $out,$out,0x60 - - mtctr $rounds - beq Loop_xts_enc6x # did $len-=96 borrow? - - addic. $len,$len,0x60 - beq Lxts_enc6x_zero - cmpwi $len,0x20 - blt Lxts_enc6x_one - nop - beq Lxts_enc6x_two - cmpwi $len,0x40 - blt Lxts_enc6x_three - nop - beq Lxts_enc6x_four - -Lxts_enc6x_five: - vxor $out0,$in1,$twk0 - vxor $out1,$in2,$twk1 - vxor $out2,$in3,$twk2 - vxor $out3,$in4,$twk3 - vxor $out4,$in5,$twk4 - - bl _aesp8_xts_enc5x - - le?vperm $out0,$out0,$out0,$leperm - vmr $twk0,$twk5 # unused tweak - le?vperm $out1,$out1,$out1,$leperm - stvx_u $out0,$x00,$out # store output - le?vperm $out2,$out2,$out2,$leperm - stvx_u $out1,$x10,$out - le?vperm $out3,$out3,$out3,$leperm - stvx_u $out2,$x20,$out - vxor $tmp,$out4,$twk5 # last block prep for stealing - le?vperm $out4,$out4,$out4,$leperm - stvx_u $out3,$x30,$out - stvx_u $out4,$x40,$out - addi $out,$out,0x50 - bne Lxts_enc6x_steal - b Lxts_enc6x_done - -.align 4 -Lxts_enc6x_four: - vxor $out0,$in2,$twk0 - vxor $out1,$in3,$twk1 - vxor $out2,$in4,$twk2 - vxor $out3,$in5,$twk3 - vxor $out4,$out4,$out4 - - bl _aesp8_xts_enc5x - - le?vperm $out0,$out0,$out0,$leperm - vmr $twk0,$twk4 # unused tweak - le?vperm $out1,$out1,$out1,$leperm - stvx_u $out0,$x00,$out # store output - le?vperm $out2,$out2,$out2,$leperm - stvx_u $out1,$x10,$out - vxor $tmp,$out3,$twk4 # last block prep for stealing - le?vperm $out3,$out3,$out3,$leperm - stvx_u $out2,$x20,$out - stvx_u $out3,$x30,$out - addi $out,$out,0x40 - bne Lxts_enc6x_steal - b Lxts_enc6x_done - -.align 4 -Lxts_enc6x_three: - vxor $out0,$in3,$twk0 - vxor $out1,$in4,$twk1 - vxor $out2,$in5,$twk2 - vxor $out3,$out3,$out3 - vxor $out4,$out4,$out4 - - bl _aesp8_xts_enc5x - - le?vperm $out0,$out0,$out0,$leperm - vmr $twk0,$twk3 # unused tweak - le?vperm $out1,$out1,$out1,$leperm - stvx_u $out0,$x00,$out # store output - vxor $tmp,$out2,$twk3 # last block prep for stealing - le?vperm $out2,$out2,$out2,$leperm - stvx_u $out1,$x10,$out - stvx_u $out2,$x20,$out - addi $out,$out,0x30 - bne Lxts_enc6x_steal - b Lxts_enc6x_done - -.align 4 -Lxts_enc6x_two: - vxor $out0,$in4,$twk0 - vxor $out1,$in5,$twk1 - vxor $out2,$out2,$out2 - vxor $out3,$out3,$out3 - vxor $out4,$out4,$out4 - - bl _aesp8_xts_enc5x - - le?vperm $out0,$out0,$out0,$leperm - vmr $twk0,$twk2 # unused tweak - vxor $tmp,$out1,$twk2 # last block prep for stealing - le?vperm $out1,$out1,$out1,$leperm - stvx_u $out0,$x00,$out # store output - stvx_u $out1,$x10,$out - addi $out,$out,0x20 - bne Lxts_enc6x_steal - b Lxts_enc6x_done - -.align 4 -Lxts_enc6x_one: - vxor $out0,$in5,$twk0 - nop -Loop_xts_enc1x: - vcipher $out0,$out0,v24 - lvx v24,$x20,$key_ # round[3] - addi $key_,$key_,0x20 - - vcipher $out0,$out0,v25 - lvx v25,$x10,$key_ # round[4] - bdnz Loop_xts_enc1x - - add $inp,$inp,$taillen - cmpwi $taillen,0 - vcipher $out0,$out0,v24 - - subi $inp,$inp,16 - vcipher $out0,$out0,v25 - - lvsr $inpperm,0,$taillen - vcipher $out0,$out0,v26 - - lvx_u $in0,0,$inp - vcipher $out0,$out0,v27 - - addi $key_,$sp,$FRAME+15 # rewind $key_ - vcipher $out0,$out0,v28 - lvx v24,$x00,$key_ # re-pre-load round[1] - - vcipher $out0,$out0,v29 - lvx v25,$x10,$key_ # re-pre-load round[2] - vxor $twk0,$twk0,v31 - - le?vperm $in0,$in0,$in0,$leperm - vcipher $out0,$out0,v30 - - vperm $in0,$in0,$in0,$inpperm - vcipherlast $out0,$out0,$twk0 - - vmr $twk0,$twk1 # unused tweak - vxor $tmp,$out0,$twk1 # last block prep for stealing - le?vperm $out0,$out0,$out0,$leperm - stvx_u $out0,$x00,$out # store output - addi $out,$out,0x10 - bne Lxts_enc6x_steal - b Lxts_enc6x_done - -.align 4 -Lxts_enc6x_zero: - cmpwi $taillen,0 - beq Lxts_enc6x_done - - add $inp,$inp,$taillen - subi $inp,$inp,16 - lvx_u $in0,0,$inp - lvsr $inpperm,0,$taillen # $in5 is no more - le?vperm $in0,$in0,$in0,$leperm - vperm $in0,$in0,$in0,$inpperm - vxor $tmp,$tmp,$twk0 -Lxts_enc6x_steal: - vxor $in0,$in0,$twk0 - vxor $out0,$out0,$out0 - vspltisb $out1,-1 - vperm $out0,$out0,$out1,$inpperm - vsel $out0,$in0,$tmp,$out0 # $tmp is last block, remember? - - subi r30,$out,17 - subi $out,$out,16 - mtctr $taillen -Loop_xts_enc6x_steal: - lbzu r0,1(r30) - stb r0,16(r30) - bdnz Loop_xts_enc6x_steal - - li $taillen,0 - mtctr $rounds - b Loop_xts_enc1x # one more time... - -.align 4 -Lxts_enc6x_done: - ${UCMP}i $ivp,0 - beq Lxts_enc6x_ret - - vxor $tweak,$twk0,$rndkey0 - le?vperm $tweak,$tweak,$tweak,$leperm - stvx_u $tweak,0,$ivp - -Lxts_enc6x_ret: - mtlr r11 - li r10,`$FRAME+15` - li r11,`$FRAME+31` - stvx $seven,r10,$sp # wipe copies of round keys - addi r10,r10,32 - stvx $seven,r11,$sp - addi r11,r11,32 - stvx $seven,r10,$sp - addi r10,r10,32 - stvx $seven,r11,$sp - addi r11,r11,32 - stvx $seven,r10,$sp - addi r10,r10,32 - stvx $seven,r11,$sp - addi r11,r11,32 - stvx $seven,r10,$sp - addi r10,r10,32 - stvx $seven,r11,$sp - addi r11,r11,32 - - mtspr 256,$vrsave - lvx v20,r10,$sp # ABI says so - addi r10,r10,32 - lvx v21,r11,$sp - addi r11,r11,32 - lvx v22,r10,$sp - addi r10,r10,32 - lvx v23,r11,$sp - addi r11,r11,32 - lvx v24,r10,$sp - addi r10,r10,32 - lvx v25,r11,$sp - addi r11,r11,32 - lvx v26,r10,$sp - addi r10,r10,32 - lvx v27,r11,$sp - addi r11,r11,32 - lvx v28,r10,$sp - addi r10,r10,32 - lvx v29,r11,$sp - addi r11,r11,32 - lvx v30,r10,$sp - lvx v31,r11,$sp - $POP r26,`$FRAME+21*16+0*$SIZE_T`($sp) - $POP r27,`$FRAME+21*16+1*$SIZE_T`($sp) - $POP r28,`$FRAME+21*16+2*$SIZE_T`($sp) - $POP r29,`$FRAME+21*16+3*$SIZE_T`($sp) - $POP r30,`$FRAME+21*16+4*$SIZE_T`($sp) - $POP r31,`$FRAME+21*16+5*$SIZE_T`($sp) - addi $sp,$sp,`$FRAME+21*16+6*$SIZE_T` - blr - .long 0 - .byte 0,12,0x04,1,0x80,6,6,0 - .long 0 - -.align 5 -_aesp8_xts_enc5x: - vcipher $out0,$out0,v24 - vcipher $out1,$out1,v24 - vcipher $out2,$out2,v24 - vcipher $out3,$out3,v24 - vcipher $out4,$out4,v24 - lvx v24,$x20,$key_ # round[3] - addi $key_,$key_,0x20 - - vcipher $out0,$out0,v25 - vcipher $out1,$out1,v25 - vcipher $out2,$out2,v25 - vcipher $out3,$out3,v25 - vcipher $out4,$out4,v25 - lvx v25,$x10,$key_ # round[4] - bdnz _aesp8_xts_enc5x - - add $inp,$inp,$taillen - cmpwi $taillen,0 - vcipher $out0,$out0,v24 - vcipher $out1,$out1,v24 - vcipher $out2,$out2,v24 - vcipher $out3,$out3,v24 - vcipher $out4,$out4,v24 - - subi $inp,$inp,16 - vcipher $out0,$out0,v25 - vcipher $out1,$out1,v25 - vcipher $out2,$out2,v25 - vcipher $out3,$out3,v25 - vcipher $out4,$out4,v25 - vxor $twk0,$twk0,v31 - - vcipher $out0,$out0,v26 - lvsr $inpperm,0,$taillen # $in5 is no more - vcipher $out1,$out1,v26 - vcipher $out2,$out2,v26 - vcipher $out3,$out3,v26 - vcipher $out4,$out4,v26 - vxor $in1,$twk1,v31 - - vcipher $out0,$out0,v27 - lvx_u $in0,0,$inp - vcipher $out1,$out1,v27 - vcipher $out2,$out2,v27 - vcipher $out3,$out3,v27 - vcipher $out4,$out4,v27 - vxor $in2,$twk2,v31 - - addi $key_,$sp,$FRAME+15 # rewind $key_ - vcipher $out0,$out0,v28 - vcipher $out1,$out1,v28 - vcipher $out2,$out2,v28 - vcipher $out3,$out3,v28 - vcipher $out4,$out4,v28 - lvx v24,$x00,$key_ # re-pre-load round[1] - vxor $in3,$twk3,v31 - - vcipher $out0,$out0,v29 - le?vperm $in0,$in0,$in0,$leperm - vcipher $out1,$out1,v29 - vcipher $out2,$out2,v29 - vcipher $out3,$out3,v29 - vcipher $out4,$out4,v29 - lvx v25,$x10,$key_ # re-pre-load round[2] - vxor $in4,$twk4,v31 - - vcipher $out0,$out0,v30 - vperm $in0,$in0,$in0,$inpperm - vcipher $out1,$out1,v30 - vcipher $out2,$out2,v30 - vcipher $out3,$out3,v30 - vcipher $out4,$out4,v30 - - vcipherlast $out0,$out0,$twk0 - vcipherlast $out1,$out1,$in1 - vcipherlast $out2,$out2,$in2 - vcipherlast $out3,$out3,$in3 - vcipherlast $out4,$out4,$in4 - blr - .long 0 - .byte 0,12,0x14,0,0,0,0,0 - -.align 5 -_aesp8_xts_decrypt6x: - $STU $sp,-`($FRAME+21*16+6*$SIZE_T)`($sp) - mflr r11 - li r7,`$FRAME+8*16+15` - li r3,`$FRAME+8*16+31` - $PUSH r11,`$FRAME+21*16+6*$SIZE_T+$LRSAVE`($sp) - stvx v20,r7,$sp # ABI says so - addi r7,r7,32 - stvx v21,r3,$sp - addi r3,r3,32 - stvx v22,r7,$sp - addi r7,r7,32 - stvx v23,r3,$sp - addi r3,r3,32 - stvx v24,r7,$sp - addi r7,r7,32 - stvx v25,r3,$sp - addi r3,r3,32 - stvx v26,r7,$sp - addi r7,r7,32 - stvx v27,r3,$sp - addi r3,r3,32 - stvx v28,r7,$sp - addi r7,r7,32 - stvx v29,r3,$sp - addi r3,r3,32 - stvx v30,r7,$sp - stvx v31,r3,$sp - li r0,-1 - stw $vrsave,`$FRAME+21*16-4`($sp) # save vrsave - li $x10,0x10 - $PUSH r26,`$FRAME+21*16+0*$SIZE_T`($sp) - li $x20,0x20 - $PUSH r27,`$FRAME+21*16+1*$SIZE_T`($sp) - li $x30,0x30 - $PUSH r28,`$FRAME+21*16+2*$SIZE_T`($sp) - li $x40,0x40 - $PUSH r29,`$FRAME+21*16+3*$SIZE_T`($sp) - li $x50,0x50 - $PUSH r30,`$FRAME+21*16+4*$SIZE_T`($sp) - li $x60,0x60 - $PUSH r31,`$FRAME+21*16+5*$SIZE_T`($sp) - li $x70,0x70 - mtspr 256,r0 - - subi $rounds,$rounds,3 # -4 in total - - lvx $rndkey0,$x00,$key1 # load key schedule - lvx v30,$x10,$key1 - addi $key1,$key1,0x20 - lvx v31,$x00,$key1 - ?vperm $rndkey0,$rndkey0,v30,$keyperm - addi $key_,$sp,$FRAME+15 - mtctr $rounds - -Load_xts_dec_key: - ?vperm v24,v30,v31,$keyperm - lvx v30,$x10,$key1 - addi $key1,$key1,0x20 - stvx v24,$x00,$key_ # off-load round[1] - ?vperm v25,v31,v30,$keyperm - lvx v31,$x00,$key1 - stvx v25,$x10,$key_ # off-load round[2] - addi $key_,$key_,0x20 - bdnz Load_xts_dec_key - - lvx v26,$x10,$key1 - ?vperm v24,v30,v31,$keyperm - lvx v27,$x20,$key1 - stvx v24,$x00,$key_ # off-load round[3] - ?vperm v25,v31,v26,$keyperm - lvx v28,$x30,$key1 - stvx v25,$x10,$key_ # off-load round[4] - addi $key_,$sp,$FRAME+15 # rewind $key_ - ?vperm v26,v26,v27,$keyperm - lvx v29,$x40,$key1 - ?vperm v27,v27,v28,$keyperm - lvx v30,$x50,$key1 - ?vperm v28,v28,v29,$keyperm - lvx v31,$x60,$key1 - ?vperm v29,v29,v30,$keyperm - lvx $twk5,$x70,$key1 # borrow $twk5 - ?vperm v30,v30,v31,$keyperm - lvx v24,$x00,$key_ # pre-load round[1] - ?vperm v31,v31,$twk5,$keyperm - lvx v25,$x10,$key_ # pre-load round[2] - - vperm $in0,$inout,$inptail,$inpperm - subi $inp,$inp,31 # undo "caller" - vxor $twk0,$tweak,$rndkey0 - vsrab $tmp,$tweak,$seven # next tweak value - vaddubm $tweak,$tweak,$tweak - vsldoi $tmp,$tmp,$tmp,15 - vand $tmp,$tmp,$eighty7 - vxor $out0,$in0,$twk0 - vxor $tweak,$tweak,$tmp - - lvx_u $in1,$x10,$inp - vxor $twk1,$tweak,$rndkey0 - vsrab $tmp,$tweak,$seven # next tweak value - vaddubm $tweak,$tweak,$tweak - vsldoi $tmp,$tmp,$tmp,15 - le?vperm $in1,$in1,$in1,$leperm - vand $tmp,$tmp,$eighty7 - vxor $out1,$in1,$twk1 - vxor $tweak,$tweak,$tmp - - lvx_u $in2,$x20,$inp - andi. $taillen,$len,15 - vxor $twk2,$tweak,$rndkey0 - vsrab $tmp,$tweak,$seven # next tweak value - vaddubm $tweak,$tweak,$tweak - vsldoi $tmp,$tmp,$tmp,15 - le?vperm $in2,$in2,$in2,$leperm - vand $tmp,$tmp,$eighty7 - vxor $out2,$in2,$twk2 - vxor $tweak,$tweak,$tmp - - lvx_u $in3,$x30,$inp - sub $len,$len,$taillen - vxor $twk3,$tweak,$rndkey0 - vsrab $tmp,$tweak,$seven # next tweak value - vaddubm $tweak,$tweak,$tweak - vsldoi $tmp,$tmp,$tmp,15 - le?vperm $in3,$in3,$in3,$leperm - vand $tmp,$tmp,$eighty7 - vxor $out3,$in3,$twk3 - vxor $tweak,$tweak,$tmp - - lvx_u $in4,$x40,$inp - subi $len,$len,0x60 - vxor $twk4,$tweak,$rndkey0 - vsrab $tmp,$tweak,$seven # next tweak value - vaddubm $tweak,$tweak,$tweak - vsldoi $tmp,$tmp,$tmp,15 - le?vperm $in4,$in4,$in4,$leperm - vand $tmp,$tmp,$eighty7 - vxor $out4,$in4,$twk4 - vxor $tweak,$tweak,$tmp - - lvx_u $in5,$x50,$inp - addi $inp,$inp,0x60 - vxor $twk5,$tweak,$rndkey0 - vsrab $tmp,$tweak,$seven # next tweak value - vaddubm $tweak,$tweak,$tweak - vsldoi $tmp,$tmp,$tmp,15 - le?vperm $in5,$in5,$in5,$leperm - vand $tmp,$tmp,$eighty7 - vxor $out5,$in5,$twk5 - vxor $tweak,$tweak,$tmp - - vxor v31,v31,$rndkey0 - mtctr $rounds - b Loop_xts_dec6x - -.align 5 -Loop_xts_dec6x: - vncipher $out0,$out0,v24 - vncipher $out1,$out1,v24 - vncipher $out2,$out2,v24 - vncipher $out3,$out3,v24 - vncipher $out4,$out4,v24 - vncipher $out5,$out5,v24 - lvx v24,$x20,$key_ # round[3] - addi $key_,$key_,0x20 - - vncipher $out0,$out0,v25 - vncipher $out1,$out1,v25 - vncipher $out2,$out2,v25 - vncipher $out3,$out3,v25 - vncipher $out4,$out4,v25 - vncipher $out5,$out5,v25 - lvx v25,$x10,$key_ # round[4] - bdnz Loop_xts_dec6x - - subic $len,$len,96 # $len-=96 - vxor $in0,$twk0,v31 # xor with last round key - vncipher $out0,$out0,v24 - vncipher $out1,$out1,v24 - vsrab $tmp,$tweak,$seven # next tweak value - vxor $twk0,$tweak,$rndkey0 - vaddubm $tweak,$tweak,$tweak - vncipher $out2,$out2,v24 - vncipher $out3,$out3,v24 - vsldoi $tmp,$tmp,$tmp,15 - vncipher $out4,$out4,v24 - vncipher $out5,$out5,v24 - - subfe. r0,r0,r0 # borrow?-1:0 - vand $tmp,$tmp,$eighty7 - vncipher $out0,$out0,v25 - vncipher $out1,$out1,v25 - vxor $tweak,$tweak,$tmp - vncipher $out2,$out2,v25 - vncipher $out3,$out3,v25 - vxor $in1,$twk1,v31 - vsrab $tmp,$tweak,$seven # next tweak value - vxor $twk1,$tweak,$rndkey0 - vncipher $out4,$out4,v25 - vncipher $out5,$out5,v25 - - and r0,r0,$len - vaddubm $tweak,$tweak,$tweak - vsldoi $tmp,$tmp,$tmp,15 - vncipher $out0,$out0,v26 - vncipher $out1,$out1,v26 - vand $tmp,$tmp,$eighty7 - vncipher $out2,$out2,v26 - vncipher $out3,$out3,v26 - vxor $tweak,$tweak,$tmp - vncipher $out4,$out4,v26 - vncipher $out5,$out5,v26 - - add $inp,$inp,r0 # $inp is adjusted in such - # way that at exit from the - # loop inX-in5 are loaded - # with last "words" - vxor $in2,$twk2,v31 - vsrab $tmp,$tweak,$seven # next tweak value - vxor $twk2,$tweak,$rndkey0 - vaddubm $tweak,$tweak,$tweak - vncipher $out0,$out0,v27 - vncipher $out1,$out1,v27 - vsldoi $tmp,$tmp,$tmp,15 - vncipher $out2,$out2,v27 - vncipher $out3,$out3,v27 - vand $tmp,$tmp,$eighty7 - vncipher $out4,$out4,v27 - vncipher $out5,$out5,v27 - - addi $key_,$sp,$FRAME+15 # rewind $key_ - vxor $tweak,$tweak,$tmp - vncipher $out0,$out0,v28 - vncipher $out1,$out1,v28 - vxor $in3,$twk3,v31 - vsrab $tmp,$tweak,$seven # next tweak value - vxor $twk3,$tweak,$rndkey0 - vncipher $out2,$out2,v28 - vncipher $out3,$out3,v28 - vaddubm $tweak,$tweak,$tweak - vsldoi $tmp,$tmp,$tmp,15 - vncipher $out4,$out4,v28 - vncipher $out5,$out5,v28 - lvx v24,$x00,$key_ # re-pre-load round[1] - vand $tmp,$tmp,$eighty7 - - vncipher $out0,$out0,v29 - vncipher $out1,$out1,v29 - vxor $tweak,$tweak,$tmp - vncipher $out2,$out2,v29 - vncipher $out3,$out3,v29 - vxor $in4,$twk4,v31 - vsrab $tmp,$tweak,$seven # next tweak value - vxor $twk4,$tweak,$rndkey0 - vncipher $out4,$out4,v29 - vncipher $out5,$out5,v29 - lvx v25,$x10,$key_ # re-pre-load round[2] - vaddubm $tweak,$tweak,$tweak - vsldoi $tmp,$tmp,$tmp,15 - - vncipher $out0,$out0,v30 - vncipher $out1,$out1,v30 - vand $tmp,$tmp,$eighty7 - vncipher $out2,$out2,v30 - vncipher $out3,$out3,v30 - vxor $tweak,$tweak,$tmp - vncipher $out4,$out4,v30 - vncipher $out5,$out5,v30 - vxor $in5,$twk5,v31 - vsrab $tmp,$tweak,$seven # next tweak value - vxor $twk5,$tweak,$rndkey0 - - vncipherlast $out0,$out0,$in0 - lvx_u $in0,$x00,$inp # load next input block - vaddubm $tweak,$tweak,$tweak - vsldoi $tmp,$tmp,$tmp,15 - vncipherlast $out1,$out1,$in1 - lvx_u $in1,$x10,$inp - vncipherlast $out2,$out2,$in2 - le?vperm $in0,$in0,$in0,$leperm - lvx_u $in2,$x20,$inp - vand $tmp,$tmp,$eighty7 - vncipherlast $out3,$out3,$in3 - le?vperm $in1,$in1,$in1,$leperm - lvx_u $in3,$x30,$inp - vncipherlast $out4,$out4,$in4 - le?vperm $in2,$in2,$in2,$leperm - lvx_u $in4,$x40,$inp - vxor $tweak,$tweak,$tmp - vncipherlast $out5,$out5,$in5 - le?vperm $in3,$in3,$in3,$leperm - lvx_u $in5,$x50,$inp - addi $inp,$inp,0x60 - le?vperm $in4,$in4,$in4,$leperm - le?vperm $in5,$in5,$in5,$leperm - - le?vperm $out0,$out0,$out0,$leperm - le?vperm $out1,$out1,$out1,$leperm - stvx_u $out0,$x00,$out # store output - vxor $out0,$in0,$twk0 - le?vperm $out2,$out2,$out2,$leperm - stvx_u $out1,$x10,$out - vxor $out1,$in1,$twk1 - le?vperm $out3,$out3,$out3,$leperm - stvx_u $out2,$x20,$out - vxor $out2,$in2,$twk2 - le?vperm $out4,$out4,$out4,$leperm - stvx_u $out3,$x30,$out - vxor $out3,$in3,$twk3 - le?vperm $out5,$out5,$out5,$leperm - stvx_u $out4,$x40,$out - vxor $out4,$in4,$twk4 - stvx_u $out5,$x50,$out - vxor $out5,$in5,$twk5 - addi $out,$out,0x60 - - mtctr $rounds - beq Loop_xts_dec6x # did $len-=96 borrow? - - addic. $len,$len,0x60 - beq Lxts_dec6x_zero - cmpwi $len,0x20 - blt Lxts_dec6x_one - nop - beq Lxts_dec6x_two - cmpwi $len,0x40 - blt Lxts_dec6x_three - nop - beq Lxts_dec6x_four - -Lxts_dec6x_five: - vxor $out0,$in1,$twk0 - vxor $out1,$in2,$twk1 - vxor $out2,$in3,$twk2 - vxor $out3,$in4,$twk3 - vxor $out4,$in5,$twk4 - - bl _aesp8_xts_dec5x - - le?vperm $out0,$out0,$out0,$leperm - vmr $twk0,$twk5 # unused tweak - vxor $twk1,$tweak,$rndkey0 - le?vperm $out1,$out1,$out1,$leperm - stvx_u $out0,$x00,$out # store output - vxor $out0,$in0,$twk1 - le?vperm $out2,$out2,$out2,$leperm - stvx_u $out1,$x10,$out - le?vperm $out3,$out3,$out3,$leperm - stvx_u $out2,$x20,$out - le?vperm $out4,$out4,$out4,$leperm - stvx_u $out3,$x30,$out - stvx_u $out4,$x40,$out - addi $out,$out,0x50 - bne Lxts_dec6x_steal - b Lxts_dec6x_done - -.align 4 -Lxts_dec6x_four: - vxor $out0,$in2,$twk0 - vxor $out1,$in3,$twk1 - vxor $out2,$in4,$twk2 - vxor $out3,$in5,$twk3 - vxor $out4,$out4,$out4 - - bl _aesp8_xts_dec5x - - le?vperm $out0,$out0,$out0,$leperm - vmr $twk0,$twk4 # unused tweak - vmr $twk1,$twk5 - le?vperm $out1,$out1,$out1,$leperm - stvx_u $out0,$x00,$out # store output - vxor $out0,$in0,$twk5 - le?vperm $out2,$out2,$out2,$leperm - stvx_u $out1,$x10,$out - le?vperm $out3,$out3,$out3,$leperm - stvx_u $out2,$x20,$out - stvx_u $out3,$x30,$out - addi $out,$out,0x40 - bne Lxts_dec6x_steal - b Lxts_dec6x_done - -.align 4 -Lxts_dec6x_three: - vxor $out0,$in3,$twk0 - vxor $out1,$in4,$twk1 - vxor $out2,$in5,$twk2 - vxor $out3,$out3,$out3 - vxor $out4,$out4,$out4 - - bl _aesp8_xts_dec5x - - le?vperm $out0,$out0,$out0,$leperm - vmr $twk0,$twk3 # unused tweak - vmr $twk1,$twk4 - le?vperm $out1,$out1,$out1,$leperm - stvx_u $out0,$x00,$out # store output - vxor $out0,$in0,$twk4 - le?vperm $out2,$out2,$out2,$leperm - stvx_u $out1,$x10,$out - stvx_u $out2,$x20,$out - addi $out,$out,0x30 - bne Lxts_dec6x_steal - b Lxts_dec6x_done - -.align 4 -Lxts_dec6x_two: - vxor $out0,$in4,$twk0 - vxor $out1,$in5,$twk1 - vxor $out2,$out2,$out2 - vxor $out3,$out3,$out3 - vxor $out4,$out4,$out4 - - bl _aesp8_xts_dec5x - - le?vperm $out0,$out0,$out0,$leperm - vmr $twk0,$twk2 # unused tweak - vmr $twk1,$twk3 - le?vperm $out1,$out1,$out1,$leperm - stvx_u $out0,$x00,$out # store output - vxor $out0,$in0,$twk3 - stvx_u $out1,$x10,$out - addi $out,$out,0x20 - bne Lxts_dec6x_steal - b Lxts_dec6x_done - -.align 4 -Lxts_dec6x_one: - vxor $out0,$in5,$twk0 - nop -Loop_xts_dec1x: - vncipher $out0,$out0,v24 - lvx v24,$x20,$key_ # round[3] - addi $key_,$key_,0x20 - - vncipher $out0,$out0,v25 - lvx v25,$x10,$key_ # round[4] - bdnz Loop_xts_dec1x - - subi r0,$taillen,1 - vncipher $out0,$out0,v24 - - andi. r0,r0,16 - cmpwi $taillen,0 - vncipher $out0,$out0,v25 - - sub $inp,$inp,r0 - vncipher $out0,$out0,v26 - - lvx_u $in0,0,$inp - vncipher $out0,$out0,v27 - - addi $key_,$sp,$FRAME+15 # rewind $key_ - vncipher $out0,$out0,v28 - lvx v24,$x00,$key_ # re-pre-load round[1] - - vncipher $out0,$out0,v29 - lvx v25,$x10,$key_ # re-pre-load round[2] - vxor $twk0,$twk0,v31 - - le?vperm $in0,$in0,$in0,$leperm - vncipher $out0,$out0,v30 - - mtctr $rounds - vncipherlast $out0,$out0,$twk0 - - vmr $twk0,$twk1 # unused tweak - vmr $twk1,$twk2 - le?vperm $out0,$out0,$out0,$leperm - stvx_u $out0,$x00,$out # store output - addi $out,$out,0x10 - vxor $out0,$in0,$twk2 - bne Lxts_dec6x_steal - b Lxts_dec6x_done - -.align 4 -Lxts_dec6x_zero: - cmpwi $taillen,0 - beq Lxts_dec6x_done - - lvx_u $in0,0,$inp - le?vperm $in0,$in0,$in0,$leperm - vxor $out0,$in0,$twk1 -Lxts_dec6x_steal: - vncipher $out0,$out0,v24 - lvx v24,$x20,$key_ # round[3] - addi $key_,$key_,0x20 - - vncipher $out0,$out0,v25 - lvx v25,$x10,$key_ # round[4] - bdnz Lxts_dec6x_steal - - add $inp,$inp,$taillen - vncipher $out0,$out0,v24 - - cmpwi $taillen,0 - vncipher $out0,$out0,v25 - - lvx_u $in0,0,$inp - vncipher $out0,$out0,v26 - - lvsr $inpperm,0,$taillen # $in5 is no more - vncipher $out0,$out0,v27 - - addi $key_,$sp,$FRAME+15 # rewind $key_ - vncipher $out0,$out0,v28 - lvx v24,$x00,$key_ # re-pre-load round[1] - - vncipher $out0,$out0,v29 - lvx v25,$x10,$key_ # re-pre-load round[2] - vxor $twk1,$twk1,v31 - - le?vperm $in0,$in0,$in0,$leperm - vncipher $out0,$out0,v30 - - vperm $in0,$in0,$in0,$inpperm - vncipherlast $tmp,$out0,$twk1 - - le?vperm $out0,$tmp,$tmp,$leperm - le?stvx_u $out0,0,$out - be?stvx_u $tmp,0,$out - - vxor $out0,$out0,$out0 - vspltisb $out1,-1 - vperm $out0,$out0,$out1,$inpperm - vsel $out0,$in0,$tmp,$out0 - vxor $out0,$out0,$twk0 - - subi r30,$out,1 - mtctr $taillen -Loop_xts_dec6x_steal: - lbzu r0,1(r30) - stb r0,16(r30) - bdnz Loop_xts_dec6x_steal - - li $taillen,0 - mtctr $rounds - b Loop_xts_dec1x # one more time... - -.align 4 -Lxts_dec6x_done: - ${UCMP}i $ivp,0 - beq Lxts_dec6x_ret - - vxor $tweak,$twk0,$rndkey0 - le?vperm $tweak,$tweak,$tweak,$leperm - stvx_u $tweak,0,$ivp - -Lxts_dec6x_ret: - mtlr r11 - li r10,`$FRAME+15` - li r11,`$FRAME+31` - stvx $seven,r10,$sp # wipe copies of round keys - addi r10,r10,32 - stvx $seven,r11,$sp - addi r11,r11,32 - stvx $seven,r10,$sp - addi r10,r10,32 - stvx $seven,r11,$sp - addi r11,r11,32 - stvx $seven,r10,$sp - addi r10,r10,32 - stvx $seven,r11,$sp - addi r11,r11,32 - stvx $seven,r10,$sp - addi r10,r10,32 - stvx $seven,r11,$sp - addi r11,r11,32 - - mtspr 256,$vrsave - lvx v20,r10,$sp # ABI says so - addi r10,r10,32 - lvx v21,r11,$sp - addi r11,r11,32 - lvx v22,r10,$sp - addi r10,r10,32 - lvx v23,r11,$sp - addi r11,r11,32 - lvx v24,r10,$sp - addi r10,r10,32 - lvx v25,r11,$sp - addi r11,r11,32 - lvx v26,r10,$sp - addi r10,r10,32 - lvx v27,r11,$sp - addi r11,r11,32 - lvx v28,r10,$sp - addi r10,r10,32 - lvx v29,r11,$sp - addi r11,r11,32 - lvx v30,r10,$sp - lvx v31,r11,$sp - $POP r26,`$FRAME+21*16+0*$SIZE_T`($sp) - $POP r27,`$FRAME+21*16+1*$SIZE_T`($sp) - $POP r28,`$FRAME+21*16+2*$SIZE_T`($sp) - $POP r29,`$FRAME+21*16+3*$SIZE_T`($sp) - $POP r30,`$FRAME+21*16+4*$SIZE_T`($sp) - $POP r31,`$FRAME+21*16+5*$SIZE_T`($sp) - addi $sp,$sp,`$FRAME+21*16+6*$SIZE_T` - blr - .long 0 - .byte 0,12,0x04,1,0x80,6,6,0 - .long 0 - -.align 5 -_aesp8_xts_dec5x: - vncipher $out0,$out0,v24 - vncipher $out1,$out1,v24 - vncipher $out2,$out2,v24 - vncipher $out3,$out3,v24 - vncipher $out4,$out4,v24 - lvx v24,$x20,$key_ # round[3] - addi $key_,$key_,0x20 - - vncipher $out0,$out0,v25 - vncipher $out1,$out1,v25 - vncipher $out2,$out2,v25 - vncipher $out3,$out3,v25 - vncipher $out4,$out4,v25 - lvx v25,$x10,$key_ # round[4] - bdnz _aesp8_xts_dec5x - - subi r0,$taillen,1 - vncipher $out0,$out0,v24 - vncipher $out1,$out1,v24 - vncipher $out2,$out2,v24 - vncipher $out3,$out3,v24 - vncipher $out4,$out4,v24 - - andi. r0,r0,16 - cmpwi $taillen,0 - vncipher $out0,$out0,v25 - vncipher $out1,$out1,v25 - vncipher $out2,$out2,v25 - vncipher $out3,$out3,v25 - vncipher $out4,$out4,v25 - vxor $twk0,$twk0,v31 - - sub $inp,$inp,r0 - vncipher $out0,$out0,v26 - vncipher $out1,$out1,v26 - vncipher $out2,$out2,v26 - vncipher $out3,$out3,v26 - vncipher $out4,$out4,v26 - vxor $in1,$twk1,v31 - - vncipher $out0,$out0,v27 - lvx_u $in0,0,$inp - vncipher $out1,$out1,v27 - vncipher $out2,$out2,v27 - vncipher $out3,$out3,v27 - vncipher $out4,$out4,v27 - vxor $in2,$twk2,v31 - - addi $key_,$sp,$FRAME+15 # rewind $key_ - vncipher $out0,$out0,v28 - vncipher $out1,$out1,v28 - vncipher $out2,$out2,v28 - vncipher $out3,$out3,v28 - vncipher $out4,$out4,v28 - lvx v24,$x00,$key_ # re-pre-load round[1] - vxor $in3,$twk3,v31 - - vncipher $out0,$out0,v29 - le?vperm $in0,$in0,$in0,$leperm - vncipher $out1,$out1,v29 - vncipher $out2,$out2,v29 - vncipher $out3,$out3,v29 - vncipher $out4,$out4,v29 - lvx v25,$x10,$key_ # re-pre-load round[2] - vxor $in4,$twk4,v31 - - vncipher $out0,$out0,v30 - vncipher $out1,$out1,v30 - vncipher $out2,$out2,v30 - vncipher $out3,$out3,v30 - vncipher $out4,$out4,v30 - - vncipherlast $out0,$out0,$twk0 - vncipherlast $out1,$out1,$in1 - vncipherlast $out2,$out2,$in2 - vncipherlast $out3,$out3,$in3 - vncipherlast $out4,$out4,$in4 - mtctr $rounds - blr - .long 0 - .byte 0,12,0x14,0,0,0,0,0 -___ -}} }}} - -my $consts=1; -foreach(split("\n",$code)) { - s/\`([^\`]*)\`/eval($1)/geo; - - # constants table endian-specific conversion - if ($consts && m/\.(long|byte)\s+(.+)\s+(\?[a-z]*)$/o) { - my $conv=$3; - my @bytes=(); - - # convert to endian-agnostic format - if ($1 eq "long") { - foreach (split(/,\s*/,$2)) { - my $l = /^0/?oct:int; - push @bytes,($l>>24)&0xff,($l>>16)&0xff,($l>>8)&0xff,$l&0xff; - } - } else { - @bytes = map(/^0/?oct:int,split(/,\s*/,$2)); - } - - # little-endian conversion - if ($flavour =~ /le$/o) { - SWITCH: for($conv) { - /\?inv/ && do { @bytes=map($_^0xf,@bytes); last; }; - /\?rev/ && do { @bytes=reverse(@bytes); last; }; - } - } - - #emit - print ".byte\t",join(',',map (sprintf("0x%02x",$_),@bytes)),"\n"; - next; - } - $consts=0 if (m/Lconsts:/o); # end of table - - # instructions prefixed with '?' are endian-specific and need - # to be adjusted accordingly... - if ($flavour =~ /le$/o) { # little-endian - s/le\?//o or - s/be\?/#be#/o or - s/\?lvsr/lvsl/o or - s/\?lvsl/lvsr/o or - s/\?(vperm\s+v[0-9]+,\s*)(v[0-9]+,\s*)(v[0-9]+,\s*)(v[0-9]+)/$1$3$2$4/o or - s/\?(vsldoi\s+v[0-9]+,\s*)(v[0-9]+,)\s*(v[0-9]+,\s*)([0-9]+)/$1$3$2 16-$4/o or - s/\?(vspltw\s+v[0-9]+,\s*)(v[0-9]+,)\s*([0-9])/$1$2 3-$3/o; - } else { # big-endian - s/le\?/#le#/o or - s/be\?//o or - s/\?([a-z]+)/$1/o; - } - - print $_,"\n"; -} - -close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/aes/asm/aest4-sparcv9.pl b/crypto/aes/asm/aest4-sparcv9.pl deleted file mode 100644 index c04b5f3cdaf87233c4f9efc16e6f7e9d7e7a48b0..0000000000000000000000000000000000000000 --- a/crypto/aes/asm/aest4-sparcv9.pl +++ /dev/null @@ -1,931 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2012-2021 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - - -# ==================================================================== -# Written by David S. Miller and Andy Polyakov. -# The module is licensed under 2-clause BSD license. October 2012. -# All rights reserved. -# ==================================================================== - -###################################################################### -# AES for SPARC T4. -# -# AES round instructions complete in 3 cycles and can be issued every -# cycle. It means that round calculations should take 4*rounds cycles, -# because any given round instruction depends on result of *both* -# previous instructions: -# -# |0 |1 |2 |3 |4 -# |01|01|01| -# |23|23|23| -# |01|01|... -# |23|... -# -# Provided that fxor [with IV] takes 3 cycles to complete, critical -# path length for CBC encrypt would be 3+4*rounds, or in other words -# it should process one byte in at least (3+4*rounds)/16 cycles. This -# estimate doesn't account for "collateral" instructions, such as -# fetching input from memory, xor-ing it with zero-round key and -# storing the result. Yet, *measured* performance [for data aligned -# at 64-bit boundary!] deviates from this equation by less than 0.5%: -# -# 128-bit key 192- 256- -# CBC encrypt 2.70/2.90(*) 3.20/3.40 3.70/3.90 -# (*) numbers after slash are for -# misaligned data. -# -# Out-of-order execution logic managed to fully overlap "collateral" -# instructions with those on critical path. Amazing! -# -# As with Intel AES-NI, question is if it's possible to improve -# performance of parallelizable modes by interleaving round -# instructions. Provided round instruction latency and throughput -# optimal interleave factor is 2. But can we expect 2x performance -# improvement? Well, as round instructions can be issued one per -# cycle, they don't saturate the 2-way issue pipeline and therefore -# there is room for "collateral" calculations... Yet, 2x speed-up -# over CBC encrypt remains unattaintable: -# -# 128-bit key 192- 256- -# CBC decrypt 1.64/2.11 1.89/2.37 2.23/2.61 -# CTR 1.64/2.08(*) 1.89/2.33 2.23/2.61 -# (*) numbers after slash are for -# misaligned data. -# -# Estimates based on amount of instructions under assumption that -# round instructions are not pairable with any other instruction -# suggest that latter is the actual case and pipeline runs -# underutilized. It should be noted that T4 out-of-order execution -# logic is so capable that performance gain from 2x interleave is -# not even impressive, ~7-13% over non-interleaved code, largest -# for 256-bit keys. - -# To anchor to something else, software implementation processes -# one byte in 29 cycles with 128-bit key on same processor. Intel -# Sandy Bridge encrypts byte in 5.07 cycles in CBC mode and decrypts -# in 0.93, naturally with AES-NI. - -$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; -push(@INC,"${dir}","${dir}../../perlasm"); -require "sparcv9_modes.pl"; - -$output = pop and open STDOUT,">$output"; - -$::evp=1; # if $evp is set to 0, script generates module with -# AES_[en|de]crypt, AES_set_[en|de]crypt_key and AES_cbc_encrypt entry -# points. These however are not fully compatible with openssl/aes.h, -# because they expect AES_KEY to be aligned at 64-bit boundary. When -# used through EVP, alignment is arranged at EVP layer. Second thing -# that is arranged by EVP is at least 32-bit alignment of IV. - -###################################################################### -# single-round subroutines -# -{ -my ($inp,$out,$key,$rounds,$tmp,$mask)=map("%o$_",(0..5)); - -$code.=<<___; -#ifndef __ASSEMBLER__ -# define __ASSEMBLER__ 1 -#endif -#include "crypto/sparc_arch.h" - -#ifdef __arch64__ -.register %g2,#scratch -.register %g3,#scratch -#endif - -.text - -.globl aes_t4_encrypt -.align 32 -aes_t4_encrypt: - andcc $inp, 7, %g1 ! is input aligned? - andn $inp, 7, $inp - - ldx [$key + 0], %g4 - ldx [$key + 8], %g5 - - ldx [$inp + 0], %o4 - bz,pt %icc, 1f - ldx [$inp + 8], %o5 - ldx [$inp + 16], $inp - sll %g1, 3, %g1 - sub %g0, %g1, %o3 - sllx %o4, %g1, %o4 - sllx %o5, %g1, %g1 - srlx %o5, %o3, %o5 - srlx $inp, %o3, %o3 - or %o5, %o4, %o4 - or %o3, %g1, %o5 -1: - ld [$key + 240], $rounds - ldd [$key + 16], %f12 - ldd [$key + 24], %f14 - xor %g4, %o4, %o4 - xor %g5, %o5, %o5 - movxtod %o4, %f0 - movxtod %o5, %f2 - srl $rounds, 1, $rounds - ldd [$key + 32], %f16 - sub $rounds, 1, $rounds - ldd [$key + 40], %f18 - add $key, 48, $key - -.Lenc: - aes_eround01 %f12, %f0, %f2, %f4 - aes_eround23 %f14, %f0, %f2, %f2 - ldd [$key + 0], %f12 - ldd [$key + 8], %f14 - sub $rounds,1,$rounds - aes_eround01 %f16, %f4, %f2, %f0 - aes_eround23 %f18, %f4, %f2, %f2 - ldd [$key + 16], %f16 - ldd [$key + 24], %f18 - brnz,pt $rounds, .Lenc - add $key, 32, $key - - andcc $out, 7, $tmp ! is output aligned? - aes_eround01 %f12, %f0, %f2, %f4 - aes_eround23 %f14, %f0, %f2, %f2 - aes_eround01_l %f16, %f4, %f2, %f0 - aes_eround23_l %f18, %f4, %f2, %f2 - - bnz,pn %icc, 2f - nop - - std %f0, [$out + 0] - retl - std %f2, [$out + 8] - -2: alignaddrl $out, %g0, $out - mov 0xff, $mask - srl $mask, $tmp, $mask - - faligndata %f0, %f0, %f4 - faligndata %f0, %f2, %f6 - faligndata %f2, %f2, %f8 - - stda %f4, [$out + $mask]0xc0 ! partial store - std %f6, [$out + 8] - add $out, 16, $out - orn %g0, $mask, $mask - retl - stda %f8, [$out + $mask]0xc0 ! partial store -.type aes_t4_encrypt,#function -.size aes_t4_encrypt,.-aes_t4_encrypt - -.globl aes_t4_decrypt -.align 32 -aes_t4_decrypt: - andcc $inp, 7, %g1 ! is input aligned? - andn $inp, 7, $inp - - ldx [$key + 0], %g4 - ldx [$key + 8], %g5 - - ldx [$inp + 0], %o4 - bz,pt %icc, 1f - ldx [$inp + 8], %o5 - ldx [$inp + 16], $inp - sll %g1, 3, %g1 - sub %g0, %g1, %o3 - sllx %o4, %g1, %o4 - sllx %o5, %g1, %g1 - srlx %o5, %o3, %o5 - srlx $inp, %o3, %o3 - or %o5, %o4, %o4 - or %o3, %g1, %o5 -1: - ld [$key + 240], $rounds - ldd [$key + 16], %f12 - ldd [$key + 24], %f14 - xor %g4, %o4, %o4 - xor %g5, %o5, %o5 - movxtod %o4, %f0 - movxtod %o5, %f2 - srl $rounds, 1, $rounds - ldd [$key + 32], %f16 - sub $rounds, 1, $rounds - ldd [$key + 40], %f18 - add $key, 48, $key - -.Ldec: - aes_dround01 %f12, %f0, %f2, %f4 - aes_dround23 %f14, %f0, %f2, %f2 - ldd [$key + 0], %f12 - ldd [$key + 8], %f14 - sub $rounds,1,$rounds - aes_dround01 %f16, %f4, %f2, %f0 - aes_dround23 %f18, %f4, %f2, %f2 - ldd [$key + 16], %f16 - ldd [$key + 24], %f18 - brnz,pt $rounds, .Ldec - add $key, 32, $key - - andcc $out, 7, $tmp ! is output aligned? - aes_dround01 %f12, %f0, %f2, %f4 - aes_dround23 %f14, %f0, %f2, %f2 - aes_dround01_l %f16, %f4, %f2, %f0 - aes_dround23_l %f18, %f4, %f2, %f2 - - bnz,pn %icc, 2f - nop - - std %f0, [$out + 0] - retl - std %f2, [$out + 8] - -2: alignaddrl $out, %g0, $out - mov 0xff, $mask - srl $mask, $tmp, $mask - - faligndata %f0, %f0, %f4 - faligndata %f0, %f2, %f6 - faligndata %f2, %f2, %f8 - - stda %f4, [$out + $mask]0xc0 ! partial store - std %f6, [$out + 8] - add $out, 16, $out - orn %g0, $mask, $mask - retl - stda %f8, [$out + $mask]0xc0 ! partial store -.type aes_t4_decrypt,#function -.size aes_t4_decrypt,.-aes_t4_decrypt -___ -} - -###################################################################### -# key setup subroutines -# -{ -my ($inp,$bits,$out,$tmp)=map("%o$_",(0..5)); -$code.=<<___; -.globl aes_t4_set_encrypt_key -.align 32 -aes_t4_set_encrypt_key: -.Lset_encrypt_key: - and $inp, 7, $tmp - alignaddr $inp, %g0, $inp - cmp $bits, 192 - ldd [$inp + 0], %f0 - bl,pt %icc,.L128 - ldd [$inp + 8], %f2 - - be,pt %icc,.L192 - ldd [$inp + 16], %f4 - brz,pt $tmp, .L256aligned - ldd [$inp + 24], %f6 - - ldd [$inp + 32], %f8 - faligndata %f0, %f2, %f0 - faligndata %f2, %f4, %f2 - faligndata %f4, %f6, %f4 - faligndata %f6, %f8, %f6 -.L256aligned: -___ -for ($i=0; $i<6; $i++) { - $code.=<<___; - std %f0, [$out + `32*$i+0`] - aes_kexpand1 %f0, %f6, $i, %f0 - std %f2, [$out + `32*$i+8`] - aes_kexpand2 %f2, %f0, %f2 - std %f4, [$out + `32*$i+16`] - aes_kexpand0 %f4, %f2, %f4 - std %f6, [$out + `32*$i+24`] - aes_kexpand2 %f6, %f4, %f6 -___ -} -$code.=<<___; - std %f0, [$out + `32*$i+0`] - aes_kexpand1 %f0, %f6, $i, %f0 - std %f2, [$out + `32*$i+8`] - aes_kexpand2 %f2, %f0, %f2 - std %f4, [$out + `32*$i+16`] - std %f6, [$out + `32*$i+24`] - std %f0, [$out + `32*$i+32`] - std %f2, [$out + `32*$i+40`] - - mov 14, $tmp - st $tmp, [$out + 240] - retl - xor %o0, %o0, %o0 - -.align 16 -.L192: - brz,pt $tmp, .L192aligned - nop - - ldd [$inp + 24], %f6 - faligndata %f0, %f2, %f0 - faligndata %f2, %f4, %f2 - faligndata %f4, %f6, %f4 -.L192aligned: -___ -for ($i=0; $i<7; $i++) { - $code.=<<___; - std %f0, [$out + `24*$i+0`] - aes_kexpand1 %f0, %f4, $i, %f0 - std %f2, [$out + `24*$i+8`] - aes_kexpand2 %f2, %f0, %f2 - std %f4, [$out + `24*$i+16`] - aes_kexpand2 %f4, %f2, %f4 -___ -} -$code.=<<___; - std %f0, [$out + `24*$i+0`] - aes_kexpand1 %f0, %f4, $i, %f0 - std %f2, [$out + `24*$i+8`] - aes_kexpand2 %f2, %f0, %f2 - std %f4, [$out + `24*$i+16`] - std %f0, [$out + `24*$i+24`] - std %f2, [$out + `24*$i+32`] - - mov 12, $tmp - st $tmp, [$out + 240] - retl - xor %o0, %o0, %o0 - -.align 16 -.L128: - brz,pt $tmp, .L128aligned - nop - - ldd [$inp + 16], %f4 - faligndata %f0, %f2, %f0 - faligndata %f2, %f4, %f2 -.L128aligned: -___ -for ($i=0; $i<10; $i++) { - $code.=<<___; - std %f0, [$out + `16*$i+0`] - aes_kexpand1 %f0, %f2, $i, %f0 - std %f2, [$out + `16*$i+8`] - aes_kexpand2 %f2, %f0, %f2 -___ -} -$code.=<<___; - std %f0, [$out + `16*$i+0`] - std %f2, [$out + `16*$i+8`] - - mov 10, $tmp - st $tmp, [$out + 240] - retl - xor %o0, %o0, %o0 -.type aes_t4_set_encrypt_key,#function -.size aes_t4_set_encrypt_key,.-aes_t4_set_encrypt_key - -.globl aes_t4_set_decrypt_key -.align 32 -aes_t4_set_decrypt_key: - mov %o7, %o5 - call .Lset_encrypt_key - nop - - mov %o5, %o7 - sll $tmp, 4, $inp ! $tmp is number of rounds - add $tmp, 2, $tmp - add $out, $inp, $inp ! $inp=$out+16*rounds - srl $tmp, 2, $tmp ! $tmp=(rounds+2)/4 - -.Lkey_flip: - ldd [$out + 0], %f0 - ldd [$out + 8], %f2 - ldd [$out + 16], %f4 - ldd [$out + 24], %f6 - ldd [$inp + 0], %f8 - ldd [$inp + 8], %f10 - ldd [$inp - 16], %f12 - ldd [$inp - 8], %f14 - sub $tmp, 1, $tmp - std %f0, [$inp + 0] - std %f2, [$inp + 8] - std %f4, [$inp - 16] - std %f6, [$inp - 8] - std %f8, [$out + 0] - std %f10, [$out + 8] - std %f12, [$out + 16] - std %f14, [$out + 24] - add $out, 32, $out - brnz $tmp, .Lkey_flip - sub $inp, 32, $inp - - retl - xor %o0, %o0, %o0 -.type aes_t4_set_decrypt_key,#function -.size aes_t4_set_decrypt_key,.-aes_t4_set_decrypt_key -___ -} - -{{{ -my ($inp,$out,$len,$key,$ivec,$enc)=map("%i$_",(0..5)); -my ($ileft,$iright,$ooff,$omask,$ivoff)=map("%l$_",(1..7)); - -$code.=<<___; -.align 32 -_aes128_encrypt_1x: -___ -for ($i=0; $i<4; $i++) { - $code.=<<___; - aes_eround01 %f`16+8*$i+0`, %f0, %f2, %f4 - aes_eround23 %f`16+8*$i+2`, %f0, %f2, %f2 - aes_eround01 %f`16+8*$i+4`, %f4, %f2, %f0 - aes_eround23 %f`16+8*$i+6`, %f4, %f2, %f2 -___ -} -$code.=<<___; - aes_eround01 %f48, %f0, %f2, %f4 - aes_eround23 %f50, %f0, %f2, %f2 - aes_eround01_l %f52, %f4, %f2, %f0 - retl - aes_eround23_l %f54, %f4, %f2, %f2 -.type _aes128_encrypt_1x,#function -.size _aes128_encrypt_1x,.-_aes128_encrypt_1x - -.align 32 -_aes128_encrypt_2x: -___ -for ($i=0; $i<4; $i++) { - $code.=<<___; - aes_eround01 %f`16+8*$i+0`, %f0, %f2, %f8 - aes_eround23 %f`16+8*$i+2`, %f0, %f2, %f2 - aes_eround01 %f`16+8*$i+0`, %f4, %f6, %f10 - aes_eround23 %f`16+8*$i+2`, %f4, %f6, %f6 - aes_eround01 %f`16+8*$i+4`, %f8, %f2, %f0 - aes_eround23 %f`16+8*$i+6`, %f8, %f2, %f2 - aes_eround01 %f`16+8*$i+4`, %f10, %f6, %f4 - aes_eround23 %f`16+8*$i+6`, %f10, %f6, %f6 -___ -} -$code.=<<___; - aes_eround01 %f48, %f0, %f2, %f8 - aes_eround23 %f50, %f0, %f2, %f2 - aes_eround01 %f48, %f4, %f6, %f10 - aes_eround23 %f50, %f4, %f6, %f6 - aes_eround01_l %f52, %f8, %f2, %f0 - aes_eround23_l %f54, %f8, %f2, %f2 - aes_eround01_l %f52, %f10, %f6, %f4 - retl - aes_eround23_l %f54, %f10, %f6, %f6 -.type _aes128_encrypt_2x,#function -.size _aes128_encrypt_2x,.-_aes128_encrypt_2x - -.align 32 -_aes128_loadkey: - ldx [$key + 0], %g4 - ldx [$key + 8], %g5 -___ -for ($i=2; $i<22;$i++) { # load key schedule - $code.=<<___; - ldd [$key + `8*$i`], %f`12+2*$i` -___ -} -$code.=<<___; - retl - nop -.type _aes128_loadkey,#function -.size _aes128_loadkey,.-_aes128_loadkey -_aes128_load_enckey=_aes128_loadkey -_aes128_load_deckey=_aes128_loadkey - -___ - -&alg_cbc_encrypt_implement("aes",128); -if ($::evp) { - &alg_ctr32_implement("aes",128); - &alg_xts_implement("aes",128,"en"); - &alg_xts_implement("aes",128,"de"); -} -&alg_cbc_decrypt_implement("aes",128); - -$code.=<<___; -.align 32 -_aes128_decrypt_1x: -___ -for ($i=0; $i<4; $i++) { - $code.=<<___; - aes_dround01 %f`16+8*$i+0`, %f0, %f2, %f4 - aes_dround23 %f`16+8*$i+2`, %f0, %f2, %f2 - aes_dround01 %f`16+8*$i+4`, %f4, %f2, %f0 - aes_dround23 %f`16+8*$i+6`, %f4, %f2, %f2 -___ -} -$code.=<<___; - aes_dround01 %f48, %f0, %f2, %f4 - aes_dround23 %f50, %f0, %f2, %f2 - aes_dround01_l %f52, %f4, %f2, %f0 - retl - aes_dround23_l %f54, %f4, %f2, %f2 -.type _aes128_decrypt_1x,#function -.size _aes128_decrypt_1x,.-_aes128_decrypt_1x - -.align 32 -_aes128_decrypt_2x: -___ -for ($i=0; $i<4; $i++) { - $code.=<<___; - aes_dround01 %f`16+8*$i+0`, %f0, %f2, %f8 - aes_dround23 %f`16+8*$i+2`, %f0, %f2, %f2 - aes_dround01 %f`16+8*$i+0`, %f4, %f6, %f10 - aes_dround23 %f`16+8*$i+2`, %f4, %f6, %f6 - aes_dround01 %f`16+8*$i+4`, %f8, %f2, %f0 - aes_dround23 %f`16+8*$i+6`, %f8, %f2, %f2 - aes_dround01 %f`16+8*$i+4`, %f10, %f6, %f4 - aes_dround23 %f`16+8*$i+6`, %f10, %f6, %f6 -___ -} -$code.=<<___; - aes_dround01 %f48, %f0, %f2, %f8 - aes_dround23 %f50, %f0, %f2, %f2 - aes_dround01 %f48, %f4, %f6, %f10 - aes_dround23 %f50, %f4, %f6, %f6 - aes_dround01_l %f52, %f8, %f2, %f0 - aes_dround23_l %f54, %f8, %f2, %f2 - aes_dround01_l %f52, %f10, %f6, %f4 - retl - aes_dround23_l %f54, %f10, %f6, %f6 -.type _aes128_decrypt_2x,#function -.size _aes128_decrypt_2x,.-_aes128_decrypt_2x -___ - -$code.=<<___; -.align 32 -_aes192_encrypt_1x: -___ -for ($i=0; $i<5; $i++) { - $code.=<<___; - aes_eround01 %f`16+8*$i+0`, %f0, %f2, %f4 - aes_eround23 %f`16+8*$i+2`, %f0, %f2, %f2 - aes_eround01 %f`16+8*$i+4`, %f4, %f2, %f0 - aes_eround23 %f`16+8*$i+6`, %f4, %f2, %f2 -___ -} -$code.=<<___; - aes_eround01 %f56, %f0, %f2, %f4 - aes_eround23 %f58, %f0, %f2, %f2 - aes_eround01_l %f60, %f4, %f2, %f0 - retl - aes_eround23_l %f62, %f4, %f2, %f2 -.type _aes192_encrypt_1x,#function -.size _aes192_encrypt_1x,.-_aes192_encrypt_1x - -.align 32 -_aes192_encrypt_2x: -___ -for ($i=0; $i<5; $i++) { - $code.=<<___; - aes_eround01 %f`16+8*$i+0`, %f0, %f2, %f8 - aes_eround23 %f`16+8*$i+2`, %f0, %f2, %f2 - aes_eround01 %f`16+8*$i+0`, %f4, %f6, %f10 - aes_eround23 %f`16+8*$i+2`, %f4, %f6, %f6 - aes_eround01 %f`16+8*$i+4`, %f8, %f2, %f0 - aes_eround23 %f`16+8*$i+6`, %f8, %f2, %f2 - aes_eround01 %f`16+8*$i+4`, %f10, %f6, %f4 - aes_eround23 %f`16+8*$i+6`, %f10, %f6, %f6 -___ -} -$code.=<<___; - aes_eround01 %f56, %f0, %f2, %f8 - aes_eround23 %f58, %f0, %f2, %f2 - aes_eround01 %f56, %f4, %f6, %f10 - aes_eround23 %f58, %f4, %f6, %f6 - aes_eround01_l %f60, %f8, %f2, %f0 - aes_eround23_l %f62, %f8, %f2, %f2 - aes_eround01_l %f60, %f10, %f6, %f4 - retl - aes_eround23_l %f62, %f10, %f6, %f6 -.type _aes192_encrypt_2x,#function -.size _aes192_encrypt_2x,.-_aes192_encrypt_2x - -.align 32 -_aes256_encrypt_1x: - aes_eround01 %f16, %f0, %f2, %f4 - aes_eround23 %f18, %f0, %f2, %f2 - ldd [$key + 208], %f16 - ldd [$key + 216], %f18 - aes_eround01 %f20, %f4, %f2, %f0 - aes_eround23 %f22, %f4, %f2, %f2 - ldd [$key + 224], %f20 - ldd [$key + 232], %f22 -___ -for ($i=1; $i<6; $i++) { - $code.=<<___; - aes_eround01 %f`16+8*$i+0`, %f0, %f2, %f4 - aes_eround23 %f`16+8*$i+2`, %f0, %f2, %f2 - aes_eround01 %f`16+8*$i+4`, %f4, %f2, %f0 - aes_eround23 %f`16+8*$i+6`, %f4, %f2, %f2 -___ -} -$code.=<<___; - aes_eround01 %f16, %f0, %f2, %f4 - aes_eround23 %f18, %f0, %f2, %f2 - ldd [$key + 16], %f16 - ldd [$key + 24], %f18 - aes_eround01_l %f20, %f4, %f2, %f0 - aes_eround23_l %f22, %f4, %f2, %f2 - ldd [$key + 32], %f20 - retl - ldd [$key + 40], %f22 -.type _aes256_encrypt_1x,#function -.size _aes256_encrypt_1x,.-_aes256_encrypt_1x - -.align 32 -_aes256_encrypt_2x: - aes_eround01 %f16, %f0, %f2, %f8 - aes_eround23 %f18, %f0, %f2, %f2 - aes_eround01 %f16, %f4, %f6, %f10 - aes_eround23 %f18, %f4, %f6, %f6 - ldd [$key + 208], %f16 - ldd [$key + 216], %f18 - aes_eround01 %f20, %f8, %f2, %f0 - aes_eround23 %f22, %f8, %f2, %f2 - aes_eround01 %f20, %f10, %f6, %f4 - aes_eround23 %f22, %f10, %f6, %f6 - ldd [$key + 224], %f20 - ldd [$key + 232], %f22 -___ -for ($i=1; $i<6; $i++) { - $code.=<<___; - aes_eround01 %f`16+8*$i+0`, %f0, %f2, %f8 - aes_eround23 %f`16+8*$i+2`, %f0, %f2, %f2 - aes_eround01 %f`16+8*$i+0`, %f4, %f6, %f10 - aes_eround23 %f`16+8*$i+2`, %f4, %f6, %f6 - aes_eround01 %f`16+8*$i+4`, %f8, %f2, %f0 - aes_eround23 %f`16+8*$i+6`, %f8, %f2, %f2 - aes_eround01 %f`16+8*$i+4`, %f10, %f6, %f4 - aes_eround23 %f`16+8*$i+6`, %f10, %f6, %f6 -___ -} -$code.=<<___; - aes_eround01 %f16, %f0, %f2, %f8 - aes_eround23 %f18, %f0, %f2, %f2 - aes_eround01 %f16, %f4, %f6, %f10 - aes_eround23 %f18, %f4, %f6, %f6 - ldd [$key + 16], %f16 - ldd [$key + 24], %f18 - aes_eround01_l %f20, %f8, %f2, %f0 - aes_eround23_l %f22, %f8, %f2, %f2 - aes_eround01_l %f20, %f10, %f6, %f4 - aes_eround23_l %f22, %f10, %f6, %f6 - ldd [$key + 32], %f20 - retl - ldd [$key + 40], %f22 -.type _aes256_encrypt_2x,#function -.size _aes256_encrypt_2x,.-_aes256_encrypt_2x - -.align 32 -_aes192_loadkey: - ldx [$key + 0], %g4 - ldx [$key + 8], %g5 -___ -for ($i=2; $i<26;$i++) { # load key schedule - $code.=<<___; - ldd [$key + `8*$i`], %f`12+2*$i` -___ -} -$code.=<<___; - retl - nop -.type _aes192_loadkey,#function -.size _aes192_loadkey,.-_aes192_loadkey -_aes256_loadkey=_aes192_loadkey -_aes192_load_enckey=_aes192_loadkey -_aes192_load_deckey=_aes192_loadkey -_aes256_load_enckey=_aes192_loadkey -_aes256_load_deckey=_aes192_loadkey -___ - -&alg_cbc_encrypt_implement("aes",256); -&alg_cbc_encrypt_implement("aes",192); -if ($::evp) { - &alg_ctr32_implement("aes",256); - &alg_xts_implement("aes",256,"en"); - &alg_xts_implement("aes",256,"de"); - &alg_ctr32_implement("aes",192); -} -&alg_cbc_decrypt_implement("aes",192); -&alg_cbc_decrypt_implement("aes",256); - -$code.=<<___; -.align 32 -_aes256_decrypt_1x: - aes_dround01 %f16, %f0, %f2, %f4 - aes_dround23 %f18, %f0, %f2, %f2 - ldd [$key + 208], %f16 - ldd [$key + 216], %f18 - aes_dround01 %f20, %f4, %f2, %f0 - aes_dround23 %f22, %f4, %f2, %f2 - ldd [$key + 224], %f20 - ldd [$key + 232], %f22 -___ -for ($i=1; $i<6; $i++) { - $code.=<<___; - aes_dround01 %f`16+8*$i+0`, %f0, %f2, %f4 - aes_dround23 %f`16+8*$i+2`, %f0, %f2, %f2 - aes_dround01 %f`16+8*$i+4`, %f4, %f2, %f0 - aes_dround23 %f`16+8*$i+6`, %f4, %f2, %f2 -___ -} -$code.=<<___; - aes_dround01 %f16, %f0, %f2, %f4 - aes_dround23 %f18, %f0, %f2, %f2 - ldd [$key + 16], %f16 - ldd [$key + 24], %f18 - aes_dround01_l %f20, %f4, %f2, %f0 - aes_dround23_l %f22, %f4, %f2, %f2 - ldd [$key + 32], %f20 - retl - ldd [$key + 40], %f22 -.type _aes256_decrypt_1x,#function -.size _aes256_decrypt_1x,.-_aes256_decrypt_1x - -.align 32 -_aes256_decrypt_2x: - aes_dround01 %f16, %f0, %f2, %f8 - aes_dround23 %f18, %f0, %f2, %f2 - aes_dround01 %f16, %f4, %f6, %f10 - aes_dround23 %f18, %f4, %f6, %f6 - ldd [$key + 208], %f16 - ldd [$key + 216], %f18 - aes_dround01 %f20, %f8, %f2, %f0 - aes_dround23 %f22, %f8, %f2, %f2 - aes_dround01 %f20, %f10, %f6, %f4 - aes_dround23 %f22, %f10, %f6, %f6 - ldd [$key + 224], %f20 - ldd [$key + 232], %f22 -___ -for ($i=1; $i<6; $i++) { - $code.=<<___; - aes_dround01 %f`16+8*$i+0`, %f0, %f2, %f8 - aes_dround23 %f`16+8*$i+2`, %f0, %f2, %f2 - aes_dround01 %f`16+8*$i+0`, %f4, %f6, %f10 - aes_dround23 %f`16+8*$i+2`, %f4, %f6, %f6 - aes_dround01 %f`16+8*$i+4`, %f8, %f2, %f0 - aes_dround23 %f`16+8*$i+6`, %f8, %f2, %f2 - aes_dround01 %f`16+8*$i+4`, %f10, %f6, %f4 - aes_dround23 %f`16+8*$i+6`, %f10, %f6, %f6 -___ -} -$code.=<<___; - aes_dround01 %f16, %f0, %f2, %f8 - aes_dround23 %f18, %f0, %f2, %f2 - aes_dround01 %f16, %f4, %f6, %f10 - aes_dround23 %f18, %f4, %f6, %f6 - ldd [$key + 16], %f16 - ldd [$key + 24], %f18 - aes_dround01_l %f20, %f8, %f2, %f0 - aes_dround23_l %f22, %f8, %f2, %f2 - aes_dround01_l %f20, %f10, %f6, %f4 - aes_dround23_l %f22, %f10, %f6, %f6 - ldd [$key + 32], %f20 - retl - ldd [$key + 40], %f22 -.type _aes256_decrypt_2x,#function -.size _aes256_decrypt_2x,.-_aes256_decrypt_2x - -.align 32 -_aes192_decrypt_1x: -___ -for ($i=0; $i<5; $i++) { - $code.=<<___; - aes_dround01 %f`16+8*$i+0`, %f0, %f2, %f4 - aes_dround23 %f`16+8*$i+2`, %f0, %f2, %f2 - aes_dround01 %f`16+8*$i+4`, %f4, %f2, %f0 - aes_dround23 %f`16+8*$i+6`, %f4, %f2, %f2 -___ -} -$code.=<<___; - aes_dround01 %f56, %f0, %f2, %f4 - aes_dround23 %f58, %f0, %f2, %f2 - aes_dround01_l %f60, %f4, %f2, %f0 - retl - aes_dround23_l %f62, %f4, %f2, %f2 -.type _aes192_decrypt_1x,#function -.size _aes192_decrypt_1x,.-_aes192_decrypt_1x - -.align 32 -_aes192_decrypt_2x: -___ -for ($i=0; $i<5; $i++) { - $code.=<<___; - aes_dround01 %f`16+8*$i+0`, %f0, %f2, %f8 - aes_dround23 %f`16+8*$i+2`, %f0, %f2, %f2 - aes_dround01 %f`16+8*$i+0`, %f4, %f6, %f10 - aes_dround23 %f`16+8*$i+2`, %f4, %f6, %f6 - aes_dround01 %f`16+8*$i+4`, %f8, %f2, %f0 - aes_dround23 %f`16+8*$i+6`, %f8, %f2, %f2 - aes_dround01 %f`16+8*$i+4`, %f10, %f6, %f4 - aes_dround23 %f`16+8*$i+6`, %f10, %f6, %f6 -___ -} -$code.=<<___; - aes_dround01 %f56, %f0, %f2, %f8 - aes_dround23 %f58, %f0, %f2, %f2 - aes_dround01 %f56, %f4, %f6, %f10 - aes_dround23 %f58, %f4, %f6, %f6 - aes_dround01_l %f60, %f8, %f2, %f0 - aes_dround23_l %f62, %f8, %f2, %f2 - aes_dround01_l %f60, %f10, %f6, %f4 - retl - aes_dround23_l %f62, %f10, %f6, %f6 -.type _aes192_decrypt_2x,#function -.size _aes192_decrypt_2x,.-_aes192_decrypt_2x -___ -}}} - -if (!$::evp) { -$code.=<<___; -.global AES_encrypt -AES_encrypt=aes_t4_encrypt -.global AES_decrypt -AES_decrypt=aes_t4_decrypt -.global AES_set_encrypt_key -.align 32 -AES_set_encrypt_key: - andcc %o2, 7, %g0 ! check alignment - bnz,a,pn %icc, 1f - mov -1, %o0 - brz,a,pn %o0, 1f - mov -1, %o0 - brz,a,pn %o2, 1f - mov -1, %o0 - andncc %o1, 0x1c0, %g0 - bnz,a,pn %icc, 1f - mov -2, %o0 - cmp %o1, 128 - bl,a,pn %icc, 1f - mov -2, %o0 - b aes_t4_set_encrypt_key - nop -1: retl - nop -.type AES_set_encrypt_key,#function -.size AES_set_encrypt_key,.-AES_set_encrypt_key - -.global AES_set_decrypt_key -.align 32 -AES_set_decrypt_key: - andcc %o2, 7, %g0 ! check alignment - bnz,a,pn %icc, 1f - mov -1, %o0 - brz,a,pn %o0, 1f - mov -1, %o0 - brz,a,pn %o2, 1f - mov -1, %o0 - andncc %o1, 0x1c0, %g0 - bnz,a,pn %icc, 1f - mov -2, %o0 - cmp %o1, 128 - bl,a,pn %icc, 1f - mov -2, %o0 - b aes_t4_set_decrypt_key - nop -1: retl - nop -.type AES_set_decrypt_key,#function -.size AES_set_decrypt_key,.-AES_set_decrypt_key -___ - -my ($inp,$out,$len,$key,$ivec,$enc)=map("%o$_",(0..5)); - -$code.=<<___; -.globl AES_cbc_encrypt -.align 32 -AES_cbc_encrypt: - ld [$key + 240], %g1 - nop - brz $enc, .Lcbc_decrypt - cmp %g1, 12 - - bl,pt %icc, aes128_t4_cbc_encrypt - nop - be,pn %icc, aes192_t4_cbc_encrypt - nop - ba aes256_t4_cbc_encrypt - nop - -.Lcbc_decrypt: - bl,pt %icc, aes128_t4_cbc_decrypt - nop - be,pn %icc, aes192_t4_cbc_decrypt - nop - ba aes256_t4_cbc_decrypt - nop -.type AES_cbc_encrypt,#function -.size AES_cbc_encrypt,.-AES_cbc_encrypt -___ -} -$code.=<<___; -.asciz "AES for SPARC T4, David S. Miller, Andy Polyakov" -.align 4 -___ - -&emit_assembler(); - -close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/aes/asm/bsaes-armv7.pl b/crypto/aes/asm/bsaes-armv7.pl deleted file mode 100644 index 9c5dd5839acba124d4841efe128724081a1308e5..0000000000000000000000000000000000000000 --- a/crypto/aes/asm/bsaes-armv7.pl +++ /dev/null @@ -1,2494 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2012-2021 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - - -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# -# Specific modes and adaptation for Linux kernel by Ard Biesheuvel -# of Linaro. Permission to use under GPL terms is granted. -# ==================================================================== - -# Bit-sliced AES for ARM NEON -# -# February 2012. -# -# This implementation is direct adaptation of bsaes-x86_64 module for -# ARM NEON. Except that this module is endian-neutral [in sense that -# it can be compiled for either endianness] by courtesy of vld1.8's -# neutrality. Initial version doesn't implement interface to OpenSSL, -# only low-level primitives and unsupported entry points, just enough -# to collect performance results, which for Cortex-A8 core are: -# -# encrypt 19.5 cycles per byte processed with 128-bit key -# decrypt 22.1 cycles per byte processed with 128-bit key -# key conv. 440 cycles per 128-bit key/0.18 of 8x block -# -# Snapdragon S4 encrypts byte in 17.6 cycles and decrypts in 19.7, -# which is [much] worse than anticipated (for further details see -# http://www.openssl.org/~appro/Snapdragon-S4.html). -# -# Cortex-A15 manages in 14.2/16.1 cycles [when integer-only code -# manages in 20.0 cycles]. -# -# When comparing to x86_64 results keep in mind that NEON unit is -# [mostly] single-issue and thus can't [fully] benefit from -# instruction-level parallelism. And when comparing to aes-armv4 -# results keep in mind key schedule conversion overhead (see -# bsaes-x86_64.pl for further details)... -# -# - -# April-August 2013 -# Add CBC, CTR and XTS subroutines and adapt for kernel use; courtesy of Ard. - -# $output is the last argument if it looks like a file (it has an extension) -# $flavour is the first argument if it doesn't look like a file -$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; -$flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef; - -if ($flavour && $flavour ne "void") { - $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; - ( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or - ( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or - die "can't locate arm-xlate.pl"; - - open STDOUT,"| \"$^X\" $xlate $flavour \"$output\"" - or die "can't call $xlate: $!"; -} else { - $output and open STDOUT,">$output"; -} - -my ($inp,$out,$len,$key)=("r0","r1","r2","r3"); -my @XMM=map("q$_",(0..15)); - -{ -my ($key,$rounds,$const)=("r4","r5","r6"); - -sub Dlo() { shift=~m|q([1]?[0-9])|?"d".($1*2):""; } -sub Dhi() { shift=~m|q([1]?[0-9])|?"d".($1*2+1):""; } - -sub Sbox { -# input in lsb > [b0, b1, b2, b3, b4, b5, b6, b7] < msb -# output in lsb > [b0, b1, b4, b6, b3, b7, b2, b5] < msb -my @b=@_[0..7]; -my @t=@_[8..11]; -my @s=@_[12..15]; - &InBasisChange (@b); - &Inv_GF256 (@b[6,5,0,3,7,1,4,2],@t,@s); - &OutBasisChange (@b[7,1,4,2,6,5,0,3]); -} - -sub InBasisChange { -# input in lsb > [b0, b1, b2, b3, b4, b5, b6, b7] < msb -# output in lsb > [b6, b5, b0, b3, b7, b1, b4, b2] < msb -my @b=@_[0..7]; -$code.=<<___; - veor @b[2], @b[2], @b[1] - veor @b[5], @b[5], @b[6] - veor @b[3], @b[3], @b[0] - veor @b[6], @b[6], @b[2] - veor @b[5], @b[5], @b[0] - - veor @b[6], @b[6], @b[3] - veor @b[3], @b[3], @b[7] - veor @b[7], @b[7], @b[5] - veor @b[3], @b[3], @b[4] - veor @b[4], @b[4], @b[5] - - veor @b[2], @b[2], @b[7] - veor @b[3], @b[3], @b[1] - veor @b[1], @b[1], @b[5] -___ -} - -sub OutBasisChange { -# input in lsb > [b0, b1, b2, b3, b4, b5, b6, b7] < msb -# output in lsb > [b6, b1, b2, b4, b7, b0, b3, b5] < msb -my @b=@_[0..7]; -$code.=<<___; - veor @b[0], @b[0], @b[6] - veor @b[1], @b[1], @b[4] - veor @b[4], @b[4], @b[6] - veor @b[2], @b[2], @b[0] - veor @b[6], @b[6], @b[1] - - veor @b[1], @b[1], @b[5] - veor @b[5], @b[5], @b[3] - veor @b[3], @b[3], @b[7] - veor @b[7], @b[7], @b[5] - veor @b[2], @b[2], @b[5] - - veor @b[4], @b[4], @b[7] -___ -} - -sub InvSbox { -# input in lsb > [b0, b1, b2, b3, b4, b5, b6, b7] < msb -# output in lsb > [b0, b1, b6, b4, b2, b7, b3, b5] < msb -my @b=@_[0..7]; -my @t=@_[8..11]; -my @s=@_[12..15]; - &InvInBasisChange (@b); - &Inv_GF256 (@b[5,1,2,6,3,7,0,4],@t,@s); - &InvOutBasisChange (@b[3,7,0,4,5,1,2,6]); -} - -sub InvInBasisChange { # OutBasisChange in reverse (with twist) -my @b=@_[5,1,2,6,3,7,0,4]; -$code.=<<___ - veor @b[1], @b[1], @b[7] - veor @b[4], @b[4], @b[7] - - veor @b[7], @b[7], @b[5] - veor @b[1], @b[1], @b[3] - veor @b[2], @b[2], @b[5] - veor @b[3], @b[3], @b[7] - - veor @b[6], @b[6], @b[1] - veor @b[2], @b[2], @b[0] - veor @b[5], @b[5], @b[3] - veor @b[4], @b[4], @b[6] - veor @b[0], @b[0], @b[6] - veor @b[1], @b[1], @b[4] -___ -} - -sub InvOutBasisChange { # InBasisChange in reverse -my @b=@_[2,5,7,3,6,1,0,4]; -$code.=<<___; - veor @b[1], @b[1], @b[5] - veor @b[2], @b[2], @b[7] - - veor @b[3], @b[3], @b[1] - veor @b[4], @b[4], @b[5] - veor @b[7], @b[7], @b[5] - veor @b[3], @b[3], @b[4] - veor @b[5], @b[5], @b[0] - veor @b[3], @b[3], @b[7] - veor @b[6], @b[6], @b[2] - veor @b[2], @b[2], @b[1] - veor @b[6], @b[6], @b[3] - - veor @b[3], @b[3], @b[0] - veor @b[5], @b[5], @b[6] -___ -} - -sub Mul_GF4 { -#;************************************************************* -#;* Mul_GF4: Input x0-x1,y0-y1 Output x0-x1 Temp t0 (8) * -#;************************************************************* -my ($x0,$x1,$y0,$y1,$t0,$t1)=@_; -$code.=<<___; - veor $t0, $y0, $y1 - vand $t0, $t0, $x0 - veor $x0, $x0, $x1 - vand $t1, $x1, $y0 - vand $x0, $x0, $y1 - veor $x1, $t1, $t0 - veor $x0, $x0, $t1 -___ -} - -sub Mul_GF4_N { # not used, see next subroutine -# multiply and scale by N -my ($x0,$x1,$y0,$y1,$t0)=@_; -$code.=<<___; - veor $t0, $y0, $y1 - vand $t0, $t0, $x0 - veor $x0, $x0, $x1 - vand $x1, $x1, $y0 - vand $x0, $x0, $y1 - veor $x1, $x1, $x0 - veor $x0, $x0, $t0 -___ -} - -sub Mul_GF4_N_GF4 { -# interleaved Mul_GF4_N and Mul_GF4 -my ($x0,$x1,$y0,$y1,$t0, - $x2,$x3,$y2,$y3,$t1)=@_; -$code.=<<___; - veor $t0, $y0, $y1 - veor $t1, $y2, $y3 - vand $t0, $t0, $x0 - vand $t1, $t1, $x2 - veor $x0, $x0, $x1 - veor $x2, $x2, $x3 - vand $x1, $x1, $y0 - vand $x3, $x3, $y2 - vand $x0, $x0, $y1 - vand $x2, $x2, $y3 - veor $x1, $x1, $x0 - veor $x2, $x2, $x3 - veor $x0, $x0, $t0 - veor $x3, $x3, $t1 -___ -} -sub Mul_GF16_2 { -my @x=@_[0..7]; -my @y=@_[8..11]; -my @t=@_[12..15]; -$code.=<<___; - veor @t[0], @x[0], @x[2] - veor @t[1], @x[1], @x[3] -___ - &Mul_GF4 (@x[0], @x[1], @y[0], @y[1], @t[2..3]); -$code.=<<___; - veor @y[0], @y[0], @y[2] - veor @y[1], @y[1], @y[3] -___ - Mul_GF4_N_GF4 (@t[0], @t[1], @y[0], @y[1], @t[3], - @x[2], @x[3], @y[2], @y[3], @t[2]); -$code.=<<___; - veor @x[0], @x[0], @t[0] - veor @x[2], @x[2], @t[0] - veor @x[1], @x[1], @t[1] - veor @x[3], @x[3], @t[1] - - veor @t[0], @x[4], @x[6] - veor @t[1], @x[5], @x[7] -___ - &Mul_GF4_N_GF4 (@t[0], @t[1], @y[0], @y[1], @t[3], - @x[6], @x[7], @y[2], @y[3], @t[2]); -$code.=<<___; - veor @y[0], @y[0], @y[2] - veor @y[1], @y[1], @y[3] -___ - &Mul_GF4 (@x[4], @x[5], @y[0], @y[1], @t[2..3]); -$code.=<<___; - veor @x[4], @x[4], @t[0] - veor @x[6], @x[6], @t[0] - veor @x[5], @x[5], @t[1] - veor @x[7], @x[7], @t[1] -___ -} -sub Inv_GF256 { -#;******************************************************************** -#;* Inv_GF256: Input x0-x7 Output x0-x7 Temp t0-t3,s0-s3 (144) * -#;******************************************************************** -my @x=@_[0..7]; -my @t=@_[8..11]; -my @s=@_[12..15]; -# direct optimizations from hardware -$code.=<<___; - veor @t[3], @x[4], @x[6] - veor @t[2], @x[5], @x[7] - veor @t[1], @x[1], @x[3] - veor @s[1], @x[7], @x[6] - vmov @t[0], @t[2] - veor @s[0], @x[0], @x[2] - - vorr @t[2], @t[2], @t[1] - veor @s[3], @t[3], @t[0] - vand @s[2], @t[3], @s[0] - vorr @t[3], @t[3], @s[0] - veor @s[0], @s[0], @t[1] - vand @t[0], @t[0], @t[1] - veor @t[1], @x[3], @x[2] - vand @s[3], @s[3], @s[0] - vand @s[1], @s[1], @t[1] - veor @t[1], @x[4], @x[5] - veor @s[0], @x[1], @x[0] - veor @t[3], @t[3], @s[1] - veor @t[2], @t[2], @s[1] - vand @s[1], @t[1], @s[0] - vorr @t[1], @t[1], @s[0] - veor @t[3], @t[3], @s[3] - veor @t[0], @t[0], @s[1] - veor @t[2], @t[2], @s[2] - veor @t[1], @t[1], @s[3] - veor @t[0], @t[0], @s[2] - vand @s[0], @x[7], @x[3] - veor @t[1], @t[1], @s[2] - vand @s[1], @x[6], @x[2] - vand @s[2], @x[5], @x[1] - vorr @s[3], @x[4], @x[0] - veor @t[3], @t[3], @s[0] - veor @t[1], @t[1], @s[2] - veor @t[0], @t[0], @s[3] - veor @t[2], @t[2], @s[1] - - @ Inv_GF16 \t0, \t1, \t2, \t3, \s0, \s1, \s2, \s3 - - @ new smaller inversion - - vand @s[2], @t[3], @t[1] - vmov @s[0], @t[0] - - veor @s[1], @t[2], @s[2] - veor @s[3], @t[0], @s[2] - veor @s[2], @t[0], @s[2] @ @s[2]=@s[3] - - vbsl @s[1], @t[1], @t[0] - vbsl @s[3], @t[3], @t[2] - veor @t[3], @t[3], @t[2] - - vbsl @s[0], @s[1], @s[2] - vbsl @t[0], @s[2], @s[1] - - vand @s[2], @s[0], @s[3] - veor @t[1], @t[1], @t[0] - - veor @s[2], @s[2], @t[3] -___ -# output in s3, s2, s1, t1 - -# Mul_GF16_2 \x0, \x1, \x2, \x3, \x4, \x5, \x6, \x7, \t2, \t3, \t0, \t1, \s0, \s1, \s2, \s3 - -# Mul_GF16_2 \x0, \x1, \x2, \x3, \x4, \x5, \x6, \x7, \s3, \s2, \s1, \t1, \s0, \t0, \t2, \t3 - &Mul_GF16_2(@x,@s[3,2,1],@t[1],@s[0],@t[0,2,3]); - -### output msb > [x3,x2,x1,x0,x7,x6,x5,x4] < lsb -} - -# AES linear components - -sub ShiftRows { -my @x=@_[0..7]; -my @t=@_[8..11]; -my $mask=pop; -$code.=<<___; - vldmia $key!, {@t[0]-@t[3]} - veor @t[0], @t[0], @x[0] - veor @t[1], @t[1], @x[1] - vtbl.8 `&Dlo(@x[0])`, {@t[0]}, `&Dlo($mask)` - vtbl.8 `&Dhi(@x[0])`, {@t[0]}, `&Dhi($mask)` - vldmia $key!, {@t[0]} - veor @t[2], @t[2], @x[2] - vtbl.8 `&Dlo(@x[1])`, {@t[1]}, `&Dlo($mask)` - vtbl.8 `&Dhi(@x[1])`, {@t[1]}, `&Dhi($mask)` - vldmia $key!, {@t[1]} - veor @t[3], @t[3], @x[3] - vtbl.8 `&Dlo(@x[2])`, {@t[2]}, `&Dlo($mask)` - vtbl.8 `&Dhi(@x[2])`, {@t[2]}, `&Dhi($mask)` - vldmia $key!, {@t[2]} - vtbl.8 `&Dlo(@x[3])`, {@t[3]}, `&Dlo($mask)` - vtbl.8 `&Dhi(@x[3])`, {@t[3]}, `&Dhi($mask)` - vldmia $key!, {@t[3]} - veor @t[0], @t[0], @x[4] - veor @t[1], @t[1], @x[5] - vtbl.8 `&Dlo(@x[4])`, {@t[0]}, `&Dlo($mask)` - vtbl.8 `&Dhi(@x[4])`, {@t[0]}, `&Dhi($mask)` - veor @t[2], @t[2], @x[6] - vtbl.8 `&Dlo(@x[5])`, {@t[1]}, `&Dlo($mask)` - vtbl.8 `&Dhi(@x[5])`, {@t[1]}, `&Dhi($mask)` - veor @t[3], @t[3], @x[7] - vtbl.8 `&Dlo(@x[6])`, {@t[2]}, `&Dlo($mask)` - vtbl.8 `&Dhi(@x[6])`, {@t[2]}, `&Dhi($mask)` - vtbl.8 `&Dlo(@x[7])`, {@t[3]}, `&Dlo($mask)` - vtbl.8 `&Dhi(@x[7])`, {@t[3]}, `&Dhi($mask)` -___ -} - -sub MixColumns { -# modified to emit output in order suitable for feeding back to aesenc[last] -my @x=@_[0..7]; -my @t=@_[8..15]; -my $inv=@_[16]; # optional -$code.=<<___; - vext.8 @t[0], @x[0], @x[0], #12 @ x0 <<< 32 - vext.8 @t[1], @x[1], @x[1], #12 - veor @x[0], @x[0], @t[0] @ x0 ^ (x0 <<< 32) - vext.8 @t[2], @x[2], @x[2], #12 - veor @x[1], @x[1], @t[1] - vext.8 @t[3], @x[3], @x[3], #12 - veor @x[2], @x[2], @t[2] - vext.8 @t[4], @x[4], @x[4], #12 - veor @x[3], @x[3], @t[3] - vext.8 @t[5], @x[5], @x[5], #12 - veor @x[4], @x[4], @t[4] - vext.8 @t[6], @x[6], @x[6], #12 - veor @x[5], @x[5], @t[5] - vext.8 @t[7], @x[7], @x[7], #12 - veor @x[6], @x[6], @t[6] - - veor @t[1], @t[1], @x[0] - veor @x[7], @x[7], @t[7] - vext.8 @x[0], @x[0], @x[0], #8 @ (x0 ^ (x0 <<< 32)) <<< 64) - veor @t[2], @t[2], @x[1] - veor @t[0], @t[0], @x[7] - veor @t[1], @t[1], @x[7] - vext.8 @x[1], @x[1], @x[1], #8 - veor @t[5], @t[5], @x[4] - veor @x[0], @x[0], @t[0] - veor @t[6], @t[6], @x[5] - veor @x[1], @x[1], @t[1] - vext.8 @t[0], @x[4], @x[4], #8 - veor @t[4], @t[4], @x[3] - vext.8 @t[1], @x[5], @x[5], #8 - veor @t[7], @t[7], @x[6] - vext.8 @x[4], @x[3], @x[3], #8 - veor @t[3], @t[3], @x[2] - vext.8 @x[5], @x[7], @x[7], #8 - veor @t[4], @t[4], @x[7] - vext.8 @x[3], @x[6], @x[6], #8 - veor @t[3], @t[3], @x[7] - vext.8 @x[6], @x[2], @x[2], #8 - veor @x[7], @t[1], @t[5] -___ -$code.=<<___ if (!$inv); - veor @x[2], @t[0], @t[4] - veor @x[4], @x[4], @t[3] - veor @x[5], @x[5], @t[7] - veor @x[3], @x[3], @t[6] - @ vmov @x[2], @t[0] - veor @x[6], @x[6], @t[2] - @ vmov @x[7], @t[1] -___ -$code.=<<___ if ($inv); - veor @t[3], @t[3], @x[4] - veor @x[5], @x[5], @t[7] - veor @x[2], @x[3], @t[6] - veor @x[3], @t[0], @t[4] - veor @x[4], @x[6], @t[2] - vmov @x[6], @t[3] - @ vmov @x[7], @t[1] -___ -} - -sub InvMixColumns_orig { -my @x=@_[0..7]; -my @t=@_[8..15]; - -$code.=<<___; - @ multiplication by 0x0e - vext.8 @t[7], @x[7], @x[7], #12 - vmov @t[2], @x[2] - veor @x[2], @x[2], @x[5] @ 2 5 - veor @x[7], @x[7], @x[5] @ 7 5 - vext.8 @t[0], @x[0], @x[0], #12 - vmov @t[5], @x[5] - veor @x[5], @x[5], @x[0] @ 5 0 [1] - veor @x[0], @x[0], @x[1] @ 0 1 - vext.8 @t[1], @x[1], @x[1], #12 - veor @x[1], @x[1], @x[2] @ 1 25 - veor @x[0], @x[0], @x[6] @ 01 6 [2] - vext.8 @t[3], @x[3], @x[3], #12 - veor @x[1], @x[1], @x[3] @ 125 3 [4] - veor @x[2], @x[2], @x[0] @ 25 016 [3] - veor @x[3], @x[3], @x[7] @ 3 75 - veor @x[7], @x[7], @x[6] @ 75 6 [0] - vext.8 @t[6], @x[6], @x[6], #12 - vmov @t[4], @x[4] - veor @x[6], @x[6], @x[4] @ 6 4 - veor @x[4], @x[4], @x[3] @ 4 375 [6] - veor @x[3], @x[3], @x[7] @ 375 756=36 - veor @x[6], @x[6], @t[5] @ 64 5 [7] - veor @x[3], @x[3], @t[2] @ 36 2 - vext.8 @t[5], @t[5], @t[5], #12 - veor @x[3], @x[3], @t[4] @ 362 4 [5] -___ - my @y = @x[7,5,0,2,1,3,4,6]; -$code.=<<___; - @ multiplication by 0x0b - veor @y[1], @y[1], @y[0] - veor @y[0], @y[0], @t[0] - vext.8 @t[2], @t[2], @t[2], #12 - veor @y[1], @y[1], @t[1] - veor @y[0], @y[0], @t[5] - vext.8 @t[4], @t[4], @t[4], #12 - veor @y[1], @y[1], @t[6] - veor @y[0], @y[0], @t[7] - veor @t[7], @t[7], @t[6] @ clobber t[7] - - veor @y[3], @y[3], @t[0] - veor @y[1], @y[1], @y[0] - vext.8 @t[0], @t[0], @t[0], #12 - veor @y[2], @y[2], @t[1] - veor @y[4], @y[4], @t[1] - vext.8 @t[1], @t[1], @t[1], #12 - veor @y[2], @y[2], @t[2] - veor @y[3], @y[3], @t[2] - veor @y[5], @y[5], @t[2] - veor @y[2], @y[2], @t[7] - vext.8 @t[2], @t[2], @t[2], #12 - veor @y[3], @y[3], @t[3] - veor @y[6], @y[6], @t[3] - veor @y[4], @y[4], @t[3] - veor @y[7], @y[7], @t[4] - vext.8 @t[3], @t[3], @t[3], #12 - veor @y[5], @y[5], @t[4] - veor @y[7], @y[7], @t[7] - veor @t[7], @t[7], @t[5] @ clobber t[7] even more - veor @y[3], @y[3], @t[5] - veor @y[4], @y[4], @t[4] - - veor @y[5], @y[5], @t[7] - vext.8 @t[4], @t[4], @t[4], #12 - veor @y[6], @y[6], @t[7] - veor @y[4], @y[4], @t[7] - - veor @t[7], @t[7], @t[5] - vext.8 @t[5], @t[5], @t[5], #12 - - @ multiplication by 0x0d - veor @y[4], @y[4], @y[7] - veor @t[7], @t[7], @t[6] @ restore t[7] - veor @y[7], @y[7], @t[4] - vext.8 @t[6], @t[6], @t[6], #12 - veor @y[2], @y[2], @t[0] - veor @y[7], @y[7], @t[5] - vext.8 @t[7], @t[7], @t[7], #12 - veor @y[2], @y[2], @t[2] - - veor @y[3], @y[3], @y[1] - veor @y[1], @y[1], @t[1] - veor @y[0], @y[0], @t[0] - veor @y[3], @y[3], @t[0] - veor @y[1], @y[1], @t[5] - veor @y[0], @y[0], @t[5] - vext.8 @t[0], @t[0], @t[0], #12 - veor @y[1], @y[1], @t[7] - veor @y[0], @y[0], @t[6] - veor @y[3], @y[3], @y[1] - veor @y[4], @y[4], @t[1] - vext.8 @t[1], @t[1], @t[1], #12 - - veor @y[7], @y[7], @t[7] - veor @y[4], @y[4], @t[2] - veor @y[5], @y[5], @t[2] - veor @y[2], @y[2], @t[6] - veor @t[6], @t[6], @t[3] @ clobber t[6] - vext.8 @t[2], @t[2], @t[2], #12 - veor @y[4], @y[4], @y[7] - veor @y[3], @y[3], @t[6] - - veor @y[6], @y[6], @t[6] - veor @y[5], @y[5], @t[5] - vext.8 @t[5], @t[5], @t[5], #12 - veor @y[6], @y[6], @t[4] - vext.8 @t[4], @t[4], @t[4], #12 - veor @y[5], @y[5], @t[6] - veor @y[6], @y[6], @t[7] - vext.8 @t[7], @t[7], @t[7], #12 - veor @t[6], @t[6], @t[3] @ restore t[6] - vext.8 @t[3], @t[3], @t[3], #12 - - @ multiplication by 0x09 - veor @y[4], @y[4], @y[1] - veor @t[1], @t[1], @y[1] @ t[1]=y[1] - veor @t[0], @t[0], @t[5] @ clobber t[0] - vext.8 @t[6], @t[6], @t[6], #12 - veor @t[1], @t[1], @t[5] - veor @y[3], @y[3], @t[0] - veor @t[0], @t[0], @y[0] @ t[0]=y[0] - veor @t[1], @t[1], @t[6] - veor @t[6], @t[6], @t[7] @ clobber t[6] - veor @y[4], @y[4], @t[1] - veor @y[7], @y[7], @t[4] - veor @y[6], @y[6], @t[3] - veor @y[5], @y[5], @t[2] - veor @t[4], @t[4], @y[4] @ t[4]=y[4] - veor @t[3], @t[3], @y[3] @ t[3]=y[3] - veor @t[5], @t[5], @y[5] @ t[5]=y[5] - veor @t[2], @t[2], @y[2] @ t[2]=y[2] - veor @t[3], @t[3], @t[7] - veor @XMM[5], @t[5], @t[6] - veor @XMM[6], @t[6], @y[6] @ t[6]=y[6] - veor @XMM[2], @t[2], @t[6] - veor @XMM[7], @t[7], @y[7] @ t[7]=y[7] - - vmov @XMM[0], @t[0] - vmov @XMM[1], @t[1] - @ vmov @XMM[2], @t[2] - vmov @XMM[3], @t[3] - vmov @XMM[4], @t[4] - @ vmov @XMM[5], @t[5] - @ vmov @XMM[6], @t[6] - @ vmov @XMM[7], @t[7] -___ -} - -sub InvMixColumns { -my @x=@_[0..7]; -my @t=@_[8..15]; - -# Thanks to Jussi Kivilinna for providing pointer to -# -# | 0e 0b 0d 09 | | 02 03 01 01 | | 05 00 04 00 | -# | 09 0e 0b 0d | = | 01 02 03 01 | x | 00 05 00 04 | -# | 0d 09 0e 0b | | 01 01 02 03 | | 04 00 05 00 | -# | 0b 0d 09 0e | | 03 01 01 02 | | 00 04 00 05 | - -$code.=<<___; - @ multiplication by 0x05-0x00-0x04-0x00 - vext.8 @t[0], @x[0], @x[0], #8 - vext.8 @t[6], @x[6], @x[6], #8 - vext.8 @t[7], @x[7], @x[7], #8 - veor @t[0], @t[0], @x[0] - vext.8 @t[1], @x[1], @x[1], #8 - veor @t[6], @t[6], @x[6] - vext.8 @t[2], @x[2], @x[2], #8 - veor @t[7], @t[7], @x[7] - vext.8 @t[3], @x[3], @x[3], #8 - veor @t[1], @t[1], @x[1] - vext.8 @t[4], @x[4], @x[4], #8 - veor @t[2], @t[2], @x[2] - vext.8 @t[5], @x[5], @x[5], #8 - veor @t[3], @t[3], @x[3] - veor @t[4], @t[4], @x[4] - veor @t[5], @t[5], @x[5] - - veor @x[0], @x[0], @t[6] - veor @x[1], @x[1], @t[6] - veor @x[2], @x[2], @t[0] - veor @x[4], @x[4], @t[2] - veor @x[3], @x[3], @t[1] - veor @x[1], @x[1], @t[7] - veor @x[2], @x[2], @t[7] - veor @x[4], @x[4], @t[6] - veor @x[5], @x[5], @t[3] - veor @x[3], @x[3], @t[6] - veor @x[6], @x[6], @t[4] - veor @x[4], @x[4], @t[7] - veor @x[5], @x[5], @t[7] - veor @x[7], @x[7], @t[5] -___ - &MixColumns (@x,@t,1); # flipped 2<->3 and 4<->6 -} - -sub swapmove { -my ($a,$b,$n,$mask,$t)=@_; -$code.=<<___; - vshr.u64 $t, $b, #$n - veor $t, $t, $a - vand $t, $t, $mask - veor $a, $a, $t - vshl.u64 $t, $t, #$n - veor $b, $b, $t -___ -} -sub swapmove2x { -my ($a0,$b0,$a1,$b1,$n,$mask,$t0,$t1)=@_; -$code.=<<___; - vshr.u64 $t0, $b0, #$n - vshr.u64 $t1, $b1, #$n - veor $t0, $t0, $a0 - veor $t1, $t1, $a1 - vand $t0, $t0, $mask - vand $t1, $t1, $mask - veor $a0, $a0, $t0 - vshl.u64 $t0, $t0, #$n - veor $a1, $a1, $t1 - vshl.u64 $t1, $t1, #$n - veor $b0, $b0, $t0 - veor $b1, $b1, $t1 -___ -} - -sub bitslice { -my @x=reverse(@_[0..7]); -my ($t0,$t1,$t2,$t3)=@_[8..11]; -$code.=<<___; - vmov.i8 $t0,#0x55 @ compose .LBS0 - vmov.i8 $t1,#0x33 @ compose .LBS1 -___ - &swapmove2x(@x[0,1,2,3],1,$t0,$t2,$t3); - &swapmove2x(@x[4,5,6,7],1,$t0,$t2,$t3); -$code.=<<___; - vmov.i8 $t0,#0x0f @ compose .LBS2 -___ - &swapmove2x(@x[0,2,1,3],2,$t1,$t2,$t3); - &swapmove2x(@x[4,6,5,7],2,$t1,$t2,$t3); - - &swapmove2x(@x[0,4,1,5],4,$t0,$t2,$t3); - &swapmove2x(@x[2,6,3,7],4,$t0,$t2,$t3); -} - -$code.=<<___; -#ifndef __KERNEL__ -# include "arm_arch.h" - -# define VFP_ABI_PUSH vstmdb sp!,{d8-d15} -# define VFP_ABI_POP vldmia sp!,{d8-d15} -# define VFP_ABI_FRAME 0x40 -#else -# define VFP_ABI_PUSH -# define VFP_ABI_POP -# define VFP_ABI_FRAME 0 -# define BSAES_ASM_EXTENDED_KEY -# define XTS_CHAIN_TWEAK -# define __ARM_ARCH__ __LINUX_ARM_ARCH__ -# define __ARM_MAX_ARCH__ 7 -#endif - -#ifdef __thumb__ -# define adrl adr -#endif - -#if __ARM_MAX_ARCH__>=7 -.arch armv7-a -.fpu neon - -.syntax unified @ ARMv7-capable assembler is expected to handle this -#if defined(__thumb2__) && !defined(__APPLE__) -.thumb -#else -.code 32 -# undef __thumb2__ -#endif - -.text - -.type _bsaes_decrypt8,%function -.align 4 -_bsaes_decrypt8: - adr $const,. - vldmia $key!, {@XMM[9]} @ round 0 key -#if defined(__thumb2__) || defined(__APPLE__) - adr $const,.LM0ISR -#else - add $const,$const,#.LM0ISR-_bsaes_decrypt8 -#endif - - vldmia $const!, {@XMM[8]} @ .LM0ISR - veor @XMM[10], @XMM[0], @XMM[9] @ xor with round0 key - veor @XMM[11], @XMM[1], @XMM[9] - vtbl.8 `&Dlo(@XMM[0])`, {@XMM[10]}, `&Dlo(@XMM[8])` - vtbl.8 `&Dhi(@XMM[0])`, {@XMM[10]}, `&Dhi(@XMM[8])` - veor @XMM[12], @XMM[2], @XMM[9] - vtbl.8 `&Dlo(@XMM[1])`, {@XMM[11]}, `&Dlo(@XMM[8])` - vtbl.8 `&Dhi(@XMM[1])`, {@XMM[11]}, `&Dhi(@XMM[8])` - veor @XMM[13], @XMM[3], @XMM[9] - vtbl.8 `&Dlo(@XMM[2])`, {@XMM[12]}, `&Dlo(@XMM[8])` - vtbl.8 `&Dhi(@XMM[2])`, {@XMM[12]}, `&Dhi(@XMM[8])` - veor @XMM[14], @XMM[4], @XMM[9] - vtbl.8 `&Dlo(@XMM[3])`, {@XMM[13]}, `&Dlo(@XMM[8])` - vtbl.8 `&Dhi(@XMM[3])`, {@XMM[13]}, `&Dhi(@XMM[8])` - veor @XMM[15], @XMM[5], @XMM[9] - vtbl.8 `&Dlo(@XMM[4])`, {@XMM[14]}, `&Dlo(@XMM[8])` - vtbl.8 `&Dhi(@XMM[4])`, {@XMM[14]}, `&Dhi(@XMM[8])` - veor @XMM[10], @XMM[6], @XMM[9] - vtbl.8 `&Dlo(@XMM[5])`, {@XMM[15]}, `&Dlo(@XMM[8])` - vtbl.8 `&Dhi(@XMM[5])`, {@XMM[15]}, `&Dhi(@XMM[8])` - veor @XMM[11], @XMM[7], @XMM[9] - vtbl.8 `&Dlo(@XMM[6])`, {@XMM[10]}, `&Dlo(@XMM[8])` - vtbl.8 `&Dhi(@XMM[6])`, {@XMM[10]}, `&Dhi(@XMM[8])` - vtbl.8 `&Dlo(@XMM[7])`, {@XMM[11]}, `&Dlo(@XMM[8])` - vtbl.8 `&Dhi(@XMM[7])`, {@XMM[11]}, `&Dhi(@XMM[8])` -___ - &bitslice (@XMM[0..7, 8..11]); -$code.=<<___; - sub $rounds,$rounds,#1 - b .Ldec_sbox -.align 4 -.Ldec_loop: -___ - &ShiftRows (@XMM[0..7, 8..12]); -$code.=".Ldec_sbox:\n"; - &InvSbox (@XMM[0..7, 8..15]); -$code.=<<___; - subs $rounds,$rounds,#1 - bcc .Ldec_done -___ - &InvMixColumns (@XMM[0,1,6,4,2,7,3,5, 8..15]); -$code.=<<___; - vldmia $const, {@XMM[12]} @ .LISR - ite eq @ Thumb2 thing, sanity check in ARM - addeq $const,$const,#0x10 - bne .Ldec_loop - vldmia $const, {@XMM[12]} @ .LISRM0 - b .Ldec_loop -.align 4 -.Ldec_done: -___ - &bitslice (@XMM[0,1,6,4,2,7,3,5, 8..11]); -$code.=<<___; - vldmia $key, {@XMM[8]} @ last round key - veor @XMM[6], @XMM[6], @XMM[8] - veor @XMM[4], @XMM[4], @XMM[8] - veor @XMM[2], @XMM[2], @XMM[8] - veor @XMM[7], @XMM[7], @XMM[8] - veor @XMM[3], @XMM[3], @XMM[8] - veor @XMM[5], @XMM[5], @XMM[8] - veor @XMM[0], @XMM[0], @XMM[8] - veor @XMM[1], @XMM[1], @XMM[8] - bx lr -.size _bsaes_decrypt8,.-_bsaes_decrypt8 - -.type _bsaes_const,%object -.align 6 -_bsaes_const: -.LM0ISR: @ InvShiftRows constants - .quad 0x0a0e0206070b0f03, 0x0004080c0d010509 -.LISR: - .quad 0x0504070602010003, 0x0f0e0d0c080b0a09 -.LISRM0: - .quad 0x01040b0e0205080f, 0x0306090c00070a0d -.LM0SR: @ ShiftRows constants - .quad 0x0a0e02060f03070b, 0x0004080c05090d01 -.LSR: - .quad 0x0504070600030201, 0x0f0e0d0c0a09080b -.LSRM0: - .quad 0x0304090e00050a0f, 0x01060b0c0207080d -.LM0: - .quad 0x02060a0e03070b0f, 0x0004080c0105090d -.LREVM0SR: - .quad 0x090d01050c000408, 0x03070b0f060a0e02 -.asciz "Bit-sliced AES for NEON, CRYPTOGAMS by " -.align 6 -.size _bsaes_const,.-_bsaes_const - -.type _bsaes_encrypt8,%function -.align 4 -_bsaes_encrypt8: - adr $const,. - vldmia $key!, {@XMM[9]} @ round 0 key -#if defined(__thumb2__) || defined(__APPLE__) - adr $const,.LM0SR -#else - sub $const,$const,#_bsaes_encrypt8-.LM0SR -#endif - - vldmia $const!, {@XMM[8]} @ .LM0SR -_bsaes_encrypt8_alt: - veor @XMM[10], @XMM[0], @XMM[9] @ xor with round0 key - veor @XMM[11], @XMM[1], @XMM[9] - vtbl.8 `&Dlo(@XMM[0])`, {@XMM[10]}, `&Dlo(@XMM[8])` - vtbl.8 `&Dhi(@XMM[0])`, {@XMM[10]}, `&Dhi(@XMM[8])` - veor @XMM[12], @XMM[2], @XMM[9] - vtbl.8 `&Dlo(@XMM[1])`, {@XMM[11]}, `&Dlo(@XMM[8])` - vtbl.8 `&Dhi(@XMM[1])`, {@XMM[11]}, `&Dhi(@XMM[8])` - veor @XMM[13], @XMM[3], @XMM[9] - vtbl.8 `&Dlo(@XMM[2])`, {@XMM[12]}, `&Dlo(@XMM[8])` - vtbl.8 `&Dhi(@XMM[2])`, {@XMM[12]}, `&Dhi(@XMM[8])` - veor @XMM[14], @XMM[4], @XMM[9] - vtbl.8 `&Dlo(@XMM[3])`, {@XMM[13]}, `&Dlo(@XMM[8])` - vtbl.8 `&Dhi(@XMM[3])`, {@XMM[13]}, `&Dhi(@XMM[8])` - veor @XMM[15], @XMM[5], @XMM[9] - vtbl.8 `&Dlo(@XMM[4])`, {@XMM[14]}, `&Dlo(@XMM[8])` - vtbl.8 `&Dhi(@XMM[4])`, {@XMM[14]}, `&Dhi(@XMM[8])` - veor @XMM[10], @XMM[6], @XMM[9] - vtbl.8 `&Dlo(@XMM[5])`, {@XMM[15]}, `&Dlo(@XMM[8])` - vtbl.8 `&Dhi(@XMM[5])`, {@XMM[15]}, `&Dhi(@XMM[8])` - veor @XMM[11], @XMM[7], @XMM[9] - vtbl.8 `&Dlo(@XMM[6])`, {@XMM[10]}, `&Dlo(@XMM[8])` - vtbl.8 `&Dhi(@XMM[6])`, {@XMM[10]}, `&Dhi(@XMM[8])` - vtbl.8 `&Dlo(@XMM[7])`, {@XMM[11]}, `&Dlo(@XMM[8])` - vtbl.8 `&Dhi(@XMM[7])`, {@XMM[11]}, `&Dhi(@XMM[8])` -_bsaes_encrypt8_bitslice: -___ - &bitslice (@XMM[0..7, 8..11]); -$code.=<<___; - sub $rounds,$rounds,#1 - b .Lenc_sbox -.align 4 -.Lenc_loop: -___ - &ShiftRows (@XMM[0..7, 8..12]); -$code.=".Lenc_sbox:\n"; - &Sbox (@XMM[0..7, 8..15]); -$code.=<<___; - subs $rounds,$rounds,#1 - bcc .Lenc_done -___ - &MixColumns (@XMM[0,1,4,6,3,7,2,5, 8..15]); -$code.=<<___; - vldmia $const, {@XMM[12]} @ .LSR - ite eq @ Thumb2 thing, samity check in ARM - addeq $const,$const,#0x10 - bne .Lenc_loop - vldmia $const, {@XMM[12]} @ .LSRM0 - b .Lenc_loop -.align 4 -.Lenc_done: -___ - # output in lsb > [t0, t1, t4, t6, t3, t7, t2, t5] < msb - &bitslice (@XMM[0,1,4,6,3,7,2,5, 8..11]); -$code.=<<___; - vldmia $key, {@XMM[8]} @ last round key - veor @XMM[4], @XMM[4], @XMM[8] - veor @XMM[6], @XMM[6], @XMM[8] - veor @XMM[3], @XMM[3], @XMM[8] - veor @XMM[7], @XMM[7], @XMM[8] - veor @XMM[2], @XMM[2], @XMM[8] - veor @XMM[5], @XMM[5], @XMM[8] - veor @XMM[0], @XMM[0], @XMM[8] - veor @XMM[1], @XMM[1], @XMM[8] - bx lr -.size _bsaes_encrypt8,.-_bsaes_encrypt8 -___ -} -{ -my ($out,$inp,$rounds,$const)=("r12","r4","r5","r6"); - -sub bitslice_key { -my @x=reverse(@_[0..7]); -my ($bs0,$bs1,$bs2,$t2,$t3)=@_[8..12]; - - &swapmove (@x[0,1],1,$bs0,$t2,$t3); -$code.=<<___; - @ &swapmove(@x[2,3],1,$t0,$t2,$t3); - vmov @x[2], @x[0] - vmov @x[3], @x[1] -___ - #&swapmove2x(@x[4,5,6,7],1,$t0,$t2,$t3); - - &swapmove2x (@x[0,2,1,3],2,$bs1,$t2,$t3); -$code.=<<___; - @ &swapmove2x(@x[4,6,5,7],2,$t1,$t2,$t3); - vmov @x[4], @x[0] - vmov @x[6], @x[2] - vmov @x[5], @x[1] - vmov @x[7], @x[3] -___ - &swapmove2x (@x[0,4,1,5],4,$bs2,$t2,$t3); - &swapmove2x (@x[2,6,3,7],4,$bs2,$t2,$t3); -} - -$code.=<<___; -.type _bsaes_key_convert,%function -.align 4 -_bsaes_key_convert: - adr $const,. - vld1.8 {@XMM[7]}, [$inp]! @ load round 0 key -#if defined(__thumb2__) || defined(__APPLE__) - adr $const,.LM0 -#else - sub $const,$const,#_bsaes_key_convert-.LM0 -#endif - vld1.8 {@XMM[15]}, [$inp]! @ load round 1 key - - vmov.i8 @XMM[8], #0x01 @ bit masks - vmov.i8 @XMM[9], #0x02 - vmov.i8 @XMM[10], #0x04 - vmov.i8 @XMM[11], #0x08 - vmov.i8 @XMM[12], #0x10 - vmov.i8 @XMM[13], #0x20 - vldmia $const, {@XMM[14]} @ .LM0 - -#ifdef __ARMEL__ - vrev32.8 @XMM[7], @XMM[7] - vrev32.8 @XMM[15], @XMM[15] -#endif - sub $rounds,$rounds,#1 - vstmia $out!, {@XMM[7]} @ save round 0 key - b .Lkey_loop - -.align 4 -.Lkey_loop: - vtbl.8 `&Dlo(@XMM[7])`,{@XMM[15]},`&Dlo(@XMM[14])` - vtbl.8 `&Dhi(@XMM[7])`,{@XMM[15]},`&Dhi(@XMM[14])` - vmov.i8 @XMM[6], #0x40 - vmov.i8 @XMM[15], #0x80 - - vtst.8 @XMM[0], @XMM[7], @XMM[8] - vtst.8 @XMM[1], @XMM[7], @XMM[9] - vtst.8 @XMM[2], @XMM[7], @XMM[10] - vtst.8 @XMM[3], @XMM[7], @XMM[11] - vtst.8 @XMM[4], @XMM[7], @XMM[12] - vtst.8 @XMM[5], @XMM[7], @XMM[13] - vtst.8 @XMM[6], @XMM[7], @XMM[6] - vtst.8 @XMM[7], @XMM[7], @XMM[15] - vld1.8 {@XMM[15]}, [$inp]! @ load next round key - vmvn @XMM[0], @XMM[0] @ "pnot" - vmvn @XMM[1], @XMM[1] - vmvn @XMM[5], @XMM[5] - vmvn @XMM[6], @XMM[6] -#ifdef __ARMEL__ - vrev32.8 @XMM[15], @XMM[15] -#endif - subs $rounds,$rounds,#1 - vstmia $out!,{@XMM[0]-@XMM[7]} @ write bit-sliced round key - bne .Lkey_loop - - vmov.i8 @XMM[7],#0x63 @ compose .L63 - @ don't save last round key - bx lr -.size _bsaes_key_convert,.-_bsaes_key_convert -___ -} - -if (0) { # following four functions are unsupported interface - # used for benchmarking... -$code.=<<___; -.globl bsaes_enc_key_convert -.type bsaes_enc_key_convert,%function -.align 4 -bsaes_enc_key_convert: - stmdb sp!,{r4-r6,lr} - vstmdb sp!,{d8-d15} @ ABI specification says so - - ldr r5,[$inp,#240] @ pass rounds - mov r4,$inp @ pass key - mov r12,$out @ pass key schedule - bl _bsaes_key_convert - veor @XMM[7],@XMM[7],@XMM[15] @ fix up last round key - vstmia r12, {@XMM[7]} @ save last round key - - vldmia sp!,{d8-d15} - ldmia sp!,{r4-r6,pc} -.size bsaes_enc_key_convert,.-bsaes_enc_key_convert - -.globl bsaes_encrypt_128 -.type bsaes_encrypt_128,%function -.align 4 -bsaes_encrypt_128: - stmdb sp!,{r4-r6,lr} - vstmdb sp!,{d8-d15} @ ABI specification says so -.Lenc128_loop: - vld1.8 {@XMM[0]-@XMM[1]}, [$inp]! @ load input - vld1.8 {@XMM[2]-@XMM[3]}, [$inp]! - mov r4,$key @ pass the key - vld1.8 {@XMM[4]-@XMM[5]}, [$inp]! - mov r5,#10 @ pass rounds - vld1.8 {@XMM[6]-@XMM[7]}, [$inp]! - - bl _bsaes_encrypt8 - - vst1.8 {@XMM[0]-@XMM[1]}, [$out]! @ write output - vst1.8 {@XMM[4]}, [$out]! - vst1.8 {@XMM[6]}, [$out]! - vst1.8 {@XMM[3]}, [$out]! - vst1.8 {@XMM[7]}, [$out]! - vst1.8 {@XMM[2]}, [$out]! - subs $len,$len,#0x80 - vst1.8 {@XMM[5]}, [$out]! - bhi .Lenc128_loop - - vldmia sp!,{d8-d15} - ldmia sp!,{r4-r6,pc} -.size bsaes_encrypt_128,.-bsaes_encrypt_128 - -.globl bsaes_dec_key_convert -.type bsaes_dec_key_convert,%function -.align 4 -bsaes_dec_key_convert: - stmdb sp!,{r4-r6,lr} - vstmdb sp!,{d8-d15} @ ABI specification says so - - ldr r5,[$inp,#240] @ pass rounds - mov r4,$inp @ pass key - mov r12,$out @ pass key schedule - bl _bsaes_key_convert - vldmia $out, {@XMM[6]} - vstmia r12, {@XMM[15]} @ save last round key - veor @XMM[7], @XMM[7], @XMM[6] @ fix up round 0 key - vstmia $out, {@XMM[7]} - - vldmia sp!,{d8-d15} - ldmia sp!,{r4-r6,pc} -.size bsaes_dec_key_convert,.-bsaes_dec_key_convert - -.globl bsaes_decrypt_128 -.type bsaes_decrypt_128,%function -.align 4 -bsaes_decrypt_128: - stmdb sp!,{r4-r6,lr} - vstmdb sp!,{d8-d15} @ ABI specification says so -.Ldec128_loop: - vld1.8 {@XMM[0]-@XMM[1]}, [$inp]! @ load input - vld1.8 {@XMM[2]-@XMM[3]}, [$inp]! - mov r4,$key @ pass the key - vld1.8 {@XMM[4]-@XMM[5]}, [$inp]! - mov r5,#10 @ pass rounds - vld1.8 {@XMM[6]-@XMM[7]}, [$inp]! - - bl _bsaes_decrypt8 - - vst1.8 {@XMM[0]-@XMM[1]}, [$out]! @ write output - vst1.8 {@XMM[6]}, [$out]! - vst1.8 {@XMM[4]}, [$out]! - vst1.8 {@XMM[2]}, [$out]! - vst1.8 {@XMM[7]}, [$out]! - vst1.8 {@XMM[3]}, [$out]! - subs $len,$len,#0x80 - vst1.8 {@XMM[5]}, [$out]! - bhi .Ldec128_loop - - vldmia sp!,{d8-d15} - ldmia sp!,{r4-r6,pc} -.size bsaes_decrypt_128,.-bsaes_decrypt_128 -___ -} -{ -my ($inp,$out,$len,$key, $ivp,$fp,$rounds)=map("r$_",(0..3,8..10)); -my ($keysched)=("sp"); - -$code.=<<___; -.extern AES_cbc_encrypt -.extern AES_decrypt - -.global ossl_bsaes_cbc_encrypt -.type ossl_bsaes_cbc_encrypt,%function -.align 5 -ossl_bsaes_cbc_encrypt: -#ifndef __KERNEL__ - cmp $len, #128 -#ifndef __thumb__ - blo AES_cbc_encrypt -#else - bhs .Lcbc_do_bsaes - b AES_cbc_encrypt -.Lcbc_do_bsaes: -#endif -#endif - - @ it is up to the caller to make sure we are called with enc == 0 - - mov ip, sp - stmdb sp!, {r4-r10, lr} - VFP_ABI_PUSH - ldr $ivp, [ip] @ IV is 1st arg on the stack - mov $len, $len, lsr#4 @ len in 16 byte blocks - sub sp, #0x10 @ scratch space to carry over the IV - mov $fp, sp @ save sp - - ldr $rounds, [$key, #240] @ get # of rounds -#ifndef BSAES_ASM_EXTENDED_KEY - @ allocate the key schedule on the stack - sub r12, sp, $rounds, lsl#7 @ 128 bytes per inner round key - add r12, #`128-32` @ sifze of bit-slices key schedule - - @ populate the key schedule - mov r4, $key @ pass key - mov r5, $rounds @ pass # of rounds - mov sp, r12 @ sp is $keysched - bl _bsaes_key_convert - vldmia $keysched, {@XMM[6]} - vstmia r12, {@XMM[15]} @ save last round key - veor @XMM[7], @XMM[7], @XMM[6] @ fix up round 0 key - vstmia $keysched, {@XMM[7]} -#else - ldr r12, [$key, #244] - eors r12, #1 - beq 0f - - @ populate the key schedule - str r12, [$key, #244] - mov r4, $key @ pass key - mov r5, $rounds @ pass # of rounds - add r12, $key, #248 @ pass key schedule - bl _bsaes_key_convert - add r4, $key, #248 - vldmia r4, {@XMM[6]} - vstmia r12, {@XMM[15]} @ save last round key - veor @XMM[7], @XMM[7], @XMM[6] @ fix up round 0 key - vstmia r4, {@XMM[7]} - -.align 2 -0: -#endif - - vld1.8 {@XMM[15]}, [$ivp] @ load IV - b .Lcbc_dec_loop - -.align 4 -.Lcbc_dec_loop: - subs $len, $len, #0x8 - bmi .Lcbc_dec_loop_finish - - vld1.8 {@XMM[0]-@XMM[1]}, [$inp]! @ load input - vld1.8 {@XMM[2]-@XMM[3]}, [$inp]! -#ifndef BSAES_ASM_EXTENDED_KEY - mov r4, $keysched @ pass the key -#else - add r4, $key, #248 -#endif - vld1.8 {@XMM[4]-@XMM[5]}, [$inp]! - mov r5, $rounds - vld1.8 {@XMM[6]-@XMM[7]}, [$inp] - sub $inp, $inp, #0x60 - vstmia $fp, {@XMM[15]} @ put aside IV - - bl _bsaes_decrypt8 - - vldmia $fp, {@XMM[14]} @ reload IV - vld1.8 {@XMM[8]-@XMM[9]}, [$inp]! @ reload input - veor @XMM[0], @XMM[0], @XMM[14] @ ^= IV - vld1.8 {@XMM[10]-@XMM[11]}, [$inp]! - veor @XMM[1], @XMM[1], @XMM[8] - veor @XMM[6], @XMM[6], @XMM[9] - vld1.8 {@XMM[12]-@XMM[13]}, [$inp]! - veor @XMM[4], @XMM[4], @XMM[10] - veor @XMM[2], @XMM[2], @XMM[11] - vld1.8 {@XMM[14]-@XMM[15]}, [$inp]! - veor @XMM[7], @XMM[7], @XMM[12] - vst1.8 {@XMM[0]-@XMM[1]}, [$out]! @ write output - veor @XMM[3], @XMM[3], @XMM[13] - vst1.8 {@XMM[6]}, [$out]! - veor @XMM[5], @XMM[5], @XMM[14] - vst1.8 {@XMM[4]}, [$out]! - vst1.8 {@XMM[2]}, [$out]! - vst1.8 {@XMM[7]}, [$out]! - vst1.8 {@XMM[3]}, [$out]! - vst1.8 {@XMM[5]}, [$out]! - - b .Lcbc_dec_loop - -.Lcbc_dec_loop_finish: - adds $len, $len, #8 - beq .Lcbc_dec_done - - vld1.8 {@XMM[0]}, [$inp]! @ load input - cmp $len, #2 - blo .Lcbc_dec_one - vld1.8 {@XMM[1]}, [$inp]! -#ifndef BSAES_ASM_EXTENDED_KEY - mov r4, $keysched @ pass the key -#else - add r4, $key, #248 -#endif - mov r5, $rounds - vstmia $fp, {@XMM[15]} @ put aside IV - beq .Lcbc_dec_two - vld1.8 {@XMM[2]}, [$inp]! - cmp $len, #4 - blo .Lcbc_dec_three - vld1.8 {@XMM[3]}, [$inp]! - beq .Lcbc_dec_four - vld1.8 {@XMM[4]}, [$inp]! - cmp $len, #6 - blo .Lcbc_dec_five - vld1.8 {@XMM[5]}, [$inp]! - beq .Lcbc_dec_six - vld1.8 {@XMM[6]}, [$inp]! - sub $inp, $inp, #0x70 - - bl _bsaes_decrypt8 - - vldmia $fp, {@XMM[14]} @ reload IV - vld1.8 {@XMM[8]-@XMM[9]}, [$inp]! @ reload input - veor @XMM[0], @XMM[0], @XMM[14] @ ^= IV - vld1.8 {@XMM[10]-@XMM[11]}, [$inp]! - veor @XMM[1], @XMM[1], @XMM[8] - veor @XMM[6], @XMM[6], @XMM[9] - vld1.8 {@XMM[12]-@XMM[13]}, [$inp]! - veor @XMM[4], @XMM[4], @XMM[10] - veor @XMM[2], @XMM[2], @XMM[11] - vld1.8 {@XMM[15]}, [$inp]! - veor @XMM[7], @XMM[7], @XMM[12] - vst1.8 {@XMM[0]-@XMM[1]}, [$out]! @ write output - veor @XMM[3], @XMM[3], @XMM[13] - vst1.8 {@XMM[6]}, [$out]! - vst1.8 {@XMM[4]}, [$out]! - vst1.8 {@XMM[2]}, [$out]! - vst1.8 {@XMM[7]}, [$out]! - vst1.8 {@XMM[3]}, [$out]! - b .Lcbc_dec_done -.align 4 -.Lcbc_dec_six: - sub $inp, $inp, #0x60 - bl _bsaes_decrypt8 - vldmia $fp,{@XMM[14]} @ reload IV - vld1.8 {@XMM[8]-@XMM[9]}, [$inp]! @ reload input - veor @XMM[0], @XMM[0], @XMM[14] @ ^= IV - vld1.8 {@XMM[10]-@XMM[11]}, [$inp]! - veor @XMM[1], @XMM[1], @XMM[8] - veor @XMM[6], @XMM[6], @XMM[9] - vld1.8 {@XMM[12]}, [$inp]! - veor @XMM[4], @XMM[4], @XMM[10] - veor @XMM[2], @XMM[2], @XMM[11] - vld1.8 {@XMM[15]}, [$inp]! - veor @XMM[7], @XMM[7], @XMM[12] - vst1.8 {@XMM[0]-@XMM[1]}, [$out]! @ write output - vst1.8 {@XMM[6]}, [$out]! - vst1.8 {@XMM[4]}, [$out]! - vst1.8 {@XMM[2]}, [$out]! - vst1.8 {@XMM[7]}, [$out]! - b .Lcbc_dec_done -.align 4 -.Lcbc_dec_five: - sub $inp, $inp, #0x50 - bl _bsaes_decrypt8 - vldmia $fp, {@XMM[14]} @ reload IV - vld1.8 {@XMM[8]-@XMM[9]}, [$inp]! @ reload input - veor @XMM[0], @XMM[0], @XMM[14] @ ^= IV - vld1.8 {@XMM[10]-@XMM[11]}, [$inp]! - veor @XMM[1], @XMM[1], @XMM[8] - veor @XMM[6], @XMM[6], @XMM[9] - vld1.8 {@XMM[15]}, [$inp]! - veor @XMM[4], @XMM[4], @XMM[10] - vst1.8 {@XMM[0]-@XMM[1]}, [$out]! @ write output - veor @XMM[2], @XMM[2], @XMM[11] - vst1.8 {@XMM[6]}, [$out]! - vst1.8 {@XMM[4]}, [$out]! - vst1.8 {@XMM[2]}, [$out]! - b .Lcbc_dec_done -.align 4 -.Lcbc_dec_four: - sub $inp, $inp, #0x40 - bl _bsaes_decrypt8 - vldmia $fp, {@XMM[14]} @ reload IV - vld1.8 {@XMM[8]-@XMM[9]}, [$inp]! @ reload input - veor @XMM[0], @XMM[0], @XMM[14] @ ^= IV - vld1.8 {@XMM[10]}, [$inp]! - veor @XMM[1], @XMM[1], @XMM[8] - veor @XMM[6], @XMM[6], @XMM[9] - vld1.8 {@XMM[15]}, [$inp]! - veor @XMM[4], @XMM[4], @XMM[10] - vst1.8 {@XMM[0]-@XMM[1]}, [$out]! @ write output - vst1.8 {@XMM[6]}, [$out]! - vst1.8 {@XMM[4]}, [$out]! - b .Lcbc_dec_done -.align 4 -.Lcbc_dec_three: - sub $inp, $inp, #0x30 - bl _bsaes_decrypt8 - vldmia $fp, {@XMM[14]} @ reload IV - vld1.8 {@XMM[8]-@XMM[9]}, [$inp]! @ reload input - veor @XMM[0], @XMM[0], @XMM[14] @ ^= IV - vld1.8 {@XMM[15]}, [$inp]! - veor @XMM[1], @XMM[1], @XMM[8] - veor @XMM[6], @XMM[6], @XMM[9] - vst1.8 {@XMM[0]-@XMM[1]}, [$out]! @ write output - vst1.8 {@XMM[6]}, [$out]! - b .Lcbc_dec_done -.align 4 -.Lcbc_dec_two: - sub $inp, $inp, #0x20 - bl _bsaes_decrypt8 - vldmia $fp, {@XMM[14]} @ reload IV - vld1.8 {@XMM[8]}, [$inp]! @ reload input - veor @XMM[0], @XMM[0], @XMM[14] @ ^= IV - vld1.8 {@XMM[15]}, [$inp]! @ reload input - veor @XMM[1], @XMM[1], @XMM[8] - vst1.8 {@XMM[0]-@XMM[1]}, [$out]! @ write output - b .Lcbc_dec_done -.align 4 -.Lcbc_dec_one: - sub $inp, $inp, #0x10 - mov $rounds, $out @ save original out pointer - mov $out, $fp @ use the iv scratch space as out buffer - mov r2, $key - vmov @XMM[4],@XMM[15] @ just in case ensure that IV - vmov @XMM[5],@XMM[0] @ and input are preserved - bl AES_decrypt - vld1.8 {@XMM[0]}, [$fp] @ load result - veor @XMM[0], @XMM[0], @XMM[4] @ ^= IV - vmov @XMM[15], @XMM[5] @ @XMM[5] holds input - vst1.8 {@XMM[0]}, [$rounds] @ write output - -.Lcbc_dec_done: -#ifndef BSAES_ASM_EXTENDED_KEY - vmov.i32 q0, #0 - vmov.i32 q1, #0 -.Lcbc_dec_bzero: @ wipe key schedule [if any] - vstmia $keysched!, {q0-q1} - cmp $keysched, $fp - bne .Lcbc_dec_bzero -#endif - - mov sp, $fp - add sp, #0x10 @ add sp,$fp,#0x10 is no good for thumb - vst1.8 {@XMM[15]}, [$ivp] @ return IV - VFP_ABI_POP - ldmia sp!, {r4-r10, pc} -.size ossl_bsaes_cbc_encrypt,.-ossl_bsaes_cbc_encrypt -___ -} -{ -my ($inp,$out,$len,$key, $ctr,$fp,$rounds)=(map("r$_",(0..3,8..10))); -my $const = "r6"; # shared with _bsaes_encrypt8_alt -my $keysched = "sp"; - -$code.=<<___; -.extern AES_encrypt -.global ossl_bsaes_ctr32_encrypt_blocks -.type ossl_bsaes_ctr32_encrypt_blocks,%function -.align 5 -ossl_bsaes_ctr32_encrypt_blocks: - cmp $len, #8 @ use plain AES for - blo .Lctr_enc_short @ small sizes - - mov ip, sp - stmdb sp!, {r4-r10, lr} - VFP_ABI_PUSH - ldr $ctr, [ip] @ ctr is 1st arg on the stack - sub sp, sp, #0x10 @ scratch space to carry over the ctr - mov $fp, sp @ save sp - - ldr $rounds, [$key, #240] @ get # of rounds -#ifndef BSAES_ASM_EXTENDED_KEY - @ allocate the key schedule on the stack - sub r12, sp, $rounds, lsl#7 @ 128 bytes per inner round key - add r12, #`128-32` @ size of bit-sliced key schedule - - @ populate the key schedule - mov r4, $key @ pass key - mov r5, $rounds @ pass # of rounds - mov sp, r12 @ sp is $keysched - bl _bsaes_key_convert - veor @XMM[7],@XMM[7],@XMM[15] @ fix up last round key - vstmia r12, {@XMM[7]} @ save last round key - - vld1.8 {@XMM[0]}, [$ctr] @ load counter -#ifdef __APPLE__ - mov $ctr, #:lower16:(.LREVM0SR-.LM0) - add $ctr, $const, $ctr -#else - add $ctr, $const, #.LREVM0SR-.LM0 @ borrow $ctr -#endif - vldmia $keysched, {@XMM[4]} @ load round0 key -#else - ldr r12, [$key, #244] - eors r12, #1 - beq 0f - - @ populate the key schedule - str r12, [$key, #244] - mov r4, $key @ pass key - mov r5, $rounds @ pass # of rounds - add r12, $key, #248 @ pass key schedule - bl _bsaes_key_convert - veor @XMM[7],@XMM[7],@XMM[15] @ fix up last round key - vstmia r12, {@XMM[7]} @ save last round key - -.align 2 -0: add r12, $key, #248 - vld1.8 {@XMM[0]}, [$ctr] @ load counter - adrl $ctr, .LREVM0SR @ borrow $ctr - vldmia r12, {@XMM[4]} @ load round0 key - sub sp, #0x10 @ place for adjusted round0 key -#endif - - vmov.i32 @XMM[8],#1 @ compose 1<<96 - veor @XMM[9],@XMM[9],@XMM[9] - vrev32.8 @XMM[0],@XMM[0] - vext.8 @XMM[8],@XMM[9],@XMM[8],#4 - vrev32.8 @XMM[4],@XMM[4] - vadd.u32 @XMM[9],@XMM[8],@XMM[8] @ compose 2<<96 - vstmia $keysched, {@XMM[4]} @ save adjusted round0 key - b .Lctr_enc_loop - -.align 4 -.Lctr_enc_loop: - vadd.u32 @XMM[10], @XMM[8], @XMM[9] @ compose 3<<96 - vadd.u32 @XMM[1], @XMM[0], @XMM[8] @ +1 - vadd.u32 @XMM[2], @XMM[0], @XMM[9] @ +2 - vadd.u32 @XMM[3], @XMM[0], @XMM[10] @ +3 - vadd.u32 @XMM[4], @XMM[1], @XMM[10] - vadd.u32 @XMM[5], @XMM[2], @XMM[10] - vadd.u32 @XMM[6], @XMM[3], @XMM[10] - vadd.u32 @XMM[7], @XMM[4], @XMM[10] - vadd.u32 @XMM[10], @XMM[5], @XMM[10] @ next counter - - @ Borrow prologue from _bsaes_encrypt8 to use the opportunity - @ to flip byte order in 32-bit counter - - vldmia $keysched, {@XMM[9]} @ load round0 key -#ifndef BSAES_ASM_EXTENDED_KEY - add r4, $keysched, #0x10 @ pass next round key -#else - add r4, $key, #`248+16` -#endif - vldmia $ctr, {@XMM[8]} @ .LREVM0SR - mov r5, $rounds @ pass rounds - vstmia $fp, {@XMM[10]} @ save next counter -#ifdef __APPLE__ - mov $const, #:lower16:(.LREVM0SR-.LSR) - sub $const, $ctr, $const -#else - sub $const, $ctr, #.LREVM0SR-.LSR @ pass constants -#endif - - bl _bsaes_encrypt8_alt - - subs $len, $len, #8 - blo .Lctr_enc_loop_done - - vld1.8 {@XMM[8]-@XMM[9]}, [$inp]! @ load input - vld1.8 {@XMM[10]-@XMM[11]}, [$inp]! - veor @XMM[0], @XMM[8] - veor @XMM[1], @XMM[9] - vld1.8 {@XMM[12]-@XMM[13]}, [$inp]! - veor @XMM[4], @XMM[10] - veor @XMM[6], @XMM[11] - vld1.8 {@XMM[14]-@XMM[15]}, [$inp]! - veor @XMM[3], @XMM[12] - vst1.8 {@XMM[0]-@XMM[1]}, [$out]! @ write output - veor @XMM[7], @XMM[13] - veor @XMM[2], @XMM[14] - vst1.8 {@XMM[4]}, [$out]! - veor @XMM[5], @XMM[15] - vst1.8 {@XMM[6]}, [$out]! - vmov.i32 @XMM[8], #1 @ compose 1<<96 - vst1.8 {@XMM[3]}, [$out]! - veor @XMM[9], @XMM[9], @XMM[9] - vst1.8 {@XMM[7]}, [$out]! - vext.8 @XMM[8], @XMM[9], @XMM[8], #4 - vst1.8 {@XMM[2]}, [$out]! - vadd.u32 @XMM[9],@XMM[8],@XMM[8] @ compose 2<<96 - vst1.8 {@XMM[5]}, [$out]! - vldmia $fp, {@XMM[0]} @ load counter - - bne .Lctr_enc_loop - b .Lctr_enc_done - -.align 4 -.Lctr_enc_loop_done: - add $len, $len, #8 - vld1.8 {@XMM[8]}, [$inp]! @ load input - veor @XMM[0], @XMM[8] - vst1.8 {@XMM[0]}, [$out]! @ write output - cmp $len, #2 - blo .Lctr_enc_done - vld1.8 {@XMM[9]}, [$inp]! - veor @XMM[1], @XMM[9] - vst1.8 {@XMM[1]}, [$out]! - beq .Lctr_enc_done - vld1.8 {@XMM[10]}, [$inp]! - veor @XMM[4], @XMM[10] - vst1.8 {@XMM[4]}, [$out]! - cmp $len, #4 - blo .Lctr_enc_done - vld1.8 {@XMM[11]}, [$inp]! - veor @XMM[6], @XMM[11] - vst1.8 {@XMM[6]}, [$out]! - beq .Lctr_enc_done - vld1.8 {@XMM[12]}, [$inp]! - veor @XMM[3], @XMM[12] - vst1.8 {@XMM[3]}, [$out]! - cmp $len, #6 - blo .Lctr_enc_done - vld1.8 {@XMM[13]}, [$inp]! - veor @XMM[7], @XMM[13] - vst1.8 {@XMM[7]}, [$out]! - beq .Lctr_enc_done - vld1.8 {@XMM[14]}, [$inp] - veor @XMM[2], @XMM[14] - vst1.8 {@XMM[2]}, [$out]! - -.Lctr_enc_done: - vmov.i32 q0, #0 - vmov.i32 q1, #0 -#ifndef BSAES_ASM_EXTENDED_KEY -.Lctr_enc_bzero: @ wipe key schedule [if any] - vstmia $keysched!, {q0-q1} - cmp $keysched, $fp - bne .Lctr_enc_bzero -#else - vstmia $keysched, {q0-q1} -#endif - - mov sp, $fp - add sp, #0x10 @ add sp,$fp,#0x10 is no good for thumb - VFP_ABI_POP - ldmia sp!, {r4-r10, pc} @ return - -.align 4 -.Lctr_enc_short: - ldr ip, [sp] @ ctr pointer is passed on stack - stmdb sp!, {r4-r8, lr} - - mov r4, $inp @ copy arguments - mov r5, $out - mov r6, $len - mov r7, $key - ldr r8, [ip, #12] @ load counter LSW - vld1.8 {@XMM[1]}, [ip] @ load whole counter value -#ifdef __ARMEL__ - rev r8, r8 -#endif - sub sp, sp, #0x10 - vst1.8 {@XMM[1]}, [sp] @ copy counter value - sub sp, sp, #0x10 - -.Lctr_enc_short_loop: - add r0, sp, #0x10 @ input counter value - mov r1, sp @ output on the stack - mov r2, r7 @ key - - bl AES_encrypt - - vld1.8 {@XMM[0]}, [r4]! @ load input - vld1.8 {@XMM[1]}, [sp] @ load encrypted counter - add r8, r8, #1 -#ifdef __ARMEL__ - rev r0, r8 - str r0, [sp, #0x1c] @ next counter value -#else - str r8, [sp, #0x1c] @ next counter value -#endif - veor @XMM[0],@XMM[0],@XMM[1] - vst1.8 {@XMM[0]}, [r5]! @ store output - subs r6, r6, #1 - bne .Lctr_enc_short_loop - - vmov.i32 q0, #0 - vmov.i32 q1, #0 - vstmia sp!, {q0-q1} - - ldmia sp!, {r4-r8, pc} -.size ossl_bsaes_ctr32_encrypt_blocks,.-ossl_bsaes_ctr32_encrypt_blocks -___ -} -{ -###################################################################### -# void bsaes_xts_[en|de]crypt(const char *inp,char *out,size_t len, -# const AES_KEY *key1, const AES_KEY *key2, -# const unsigned char iv[16]); -# -my ($inp,$out,$len,$key,$rounds,$magic,$fp)=(map("r$_",(7..10,1..3))); -my $const="r6"; # returned by _bsaes_key_convert -my $twmask=@XMM[5]; -my @T=@XMM[6..7]; - -$code.=<<___; -.globl ossl_bsaes_xts_encrypt -.type ossl_bsaes_xts_encrypt,%function -.align 4 -ossl_bsaes_xts_encrypt: - mov ip, sp - stmdb sp!, {r4-r10, lr} @ 0x20 - VFP_ABI_PUSH - mov r6, sp @ future $fp - - mov $inp, r0 - mov $out, r1 - mov $len, r2 - mov $key, r3 - - sub r0, sp, #0x10 @ 0x10 - bic r0, #0xf @ align at 16 bytes - mov sp, r0 - -#ifdef XTS_CHAIN_TWEAK - ldr r0, [ip] @ pointer to input tweak -#else - @ generate initial tweak - ldr r0, [ip, #4] @ iv[] - mov r1, sp - ldr r2, [ip, #0] @ key2 - bl AES_encrypt - mov r0,sp @ pointer to initial tweak -#endif - - ldr $rounds, [$key, #240] @ get # of rounds - mov $fp, r6 -#ifndef BSAES_ASM_EXTENDED_KEY - @ allocate the key schedule on the stack - sub r12, sp, $rounds, lsl#7 @ 128 bytes per inner round key - @ add r12, #`128-32` @ size of bit-sliced key schedule - sub r12, #`32+16` @ place for tweak[9] - - @ populate the key schedule - mov r4, $key @ pass key - mov r5, $rounds @ pass # of rounds - mov sp, r12 - add r12, #0x90 @ pass key schedule - bl _bsaes_key_convert - veor @XMM[7], @XMM[7], @XMM[15] @ fix up last round key - vstmia r12, {@XMM[7]} @ save last round key -#else - ldr r12, [$key, #244] - eors r12, #1 - beq 0f - - str r12, [$key, #244] - mov r4, $key @ pass key - mov r5, $rounds @ pass # of rounds - add r12, $key, #248 @ pass key schedule - bl _bsaes_key_convert - veor @XMM[7], @XMM[7], @XMM[15] @ fix up last round key - vstmia r12, {@XMM[7]} - -.align 2 -0: sub sp, #0x90 @ place for tweak[9] -#endif - - vld1.8 {@XMM[8]}, [r0] @ initial tweak - adr $magic, .Lxts_magic - - subs $len, #0x80 - blo .Lxts_enc_short - b .Lxts_enc_loop - -.align 4 -.Lxts_enc_loop: - vldmia $magic, {$twmask} @ load XTS magic - vshr.s64 @T[0], @XMM[8], #63 - mov r0, sp - vand @T[0], @T[0], $twmask -___ -for($i=9;$i<16;$i++) { -$code.=<<___; - vadd.u64 @XMM[$i], @XMM[$i-1], @XMM[$i-1] - vst1.64 {@XMM[$i-1]}, [r0,:128]! - vswp `&Dhi("@T[0]")`,`&Dlo("@T[0]")` - vshr.s64 @T[1], @XMM[$i], #63 - veor @XMM[$i], @XMM[$i], @T[0] - vand @T[1], @T[1], $twmask -___ - @T=reverse(@T); - -$code.=<<___ if ($i>=10); - vld1.8 {@XMM[$i-10]}, [$inp]! -___ -$code.=<<___ if ($i>=11); - veor @XMM[$i-11], @XMM[$i-11], @XMM[$i-3] -___ -} -$code.=<<___; - vadd.u64 @XMM[8], @XMM[15], @XMM[15] - vst1.64 {@XMM[15]}, [r0,:128]! - vswp `&Dhi("@T[0]")`,`&Dlo("@T[0]")` - veor @XMM[8], @XMM[8], @T[0] - vst1.64 {@XMM[8]}, [r0,:128] @ next round tweak - - vld1.8 {@XMM[6]-@XMM[7]}, [$inp]! - veor @XMM[5], @XMM[5], @XMM[13] -#ifndef BSAES_ASM_EXTENDED_KEY - add r4, sp, #0x90 @ pass key schedule -#else - add r4, $key, #248 @ pass key schedule -#endif - veor @XMM[6], @XMM[6], @XMM[14] - mov r5, $rounds @ pass rounds - veor @XMM[7], @XMM[7], @XMM[15] - mov r0, sp - - bl _bsaes_encrypt8 - - vld1.64 {@XMM[ 8]-@XMM[ 9]}, [r0,:128]! - vld1.64 {@XMM[10]-@XMM[11]}, [r0,:128]! - veor @XMM[0], @XMM[0], @XMM[ 8] - vld1.64 {@XMM[12]-@XMM[13]}, [r0,:128]! - veor @XMM[1], @XMM[1], @XMM[ 9] - veor @XMM[8], @XMM[4], @XMM[10] - vst1.8 {@XMM[0]-@XMM[1]}, [$out]! - veor @XMM[9], @XMM[6], @XMM[11] - vld1.64 {@XMM[14]-@XMM[15]}, [r0,:128]! - veor @XMM[10], @XMM[3], @XMM[12] - vst1.8 {@XMM[8]-@XMM[9]}, [$out]! - veor @XMM[11], @XMM[7], @XMM[13] - veor @XMM[12], @XMM[2], @XMM[14] - vst1.8 {@XMM[10]-@XMM[11]}, [$out]! - veor @XMM[13], @XMM[5], @XMM[15] - vst1.8 {@XMM[12]-@XMM[13]}, [$out]! - - vld1.64 {@XMM[8]}, [r0,:128] @ next round tweak - - subs $len, #0x80 - bpl .Lxts_enc_loop - -.Lxts_enc_short: - adds $len, #0x70 - bmi .Lxts_enc_done - - vldmia $magic, {$twmask} @ load XTS magic - vshr.s64 @T[0], @XMM[8], #63 - mov r0, sp - vand @T[0], @T[0], $twmask -___ -for($i=9;$i<16;$i++) { -$code.=<<___; - vadd.u64 @XMM[$i], @XMM[$i-1], @XMM[$i-1] - vst1.64 {@XMM[$i-1]}, [r0,:128]! - vswp `&Dhi("@T[0]")`,`&Dlo("@T[0]")` - vshr.s64 @T[1], @XMM[$i], #63 - veor @XMM[$i], @XMM[$i], @T[0] - vand @T[1], @T[1], $twmask -___ - @T=reverse(@T); - -$code.=<<___ if ($i>=10); - vld1.8 {@XMM[$i-10]}, [$inp]! - subs $len, #0x10 - bmi .Lxts_enc_`$i-9` -___ -$code.=<<___ if ($i>=11); - veor @XMM[$i-11], @XMM[$i-11], @XMM[$i-3] -___ -} -$code.=<<___; - sub $len, #0x10 - vst1.64 {@XMM[15]}, [r0,:128] @ next round tweak - - vld1.8 {@XMM[6]}, [$inp]! - veor @XMM[5], @XMM[5], @XMM[13] -#ifndef BSAES_ASM_EXTENDED_KEY - add r4, sp, #0x90 @ pass key schedule -#else - add r4, $key, #248 @ pass key schedule -#endif - veor @XMM[6], @XMM[6], @XMM[14] - mov r5, $rounds @ pass rounds - mov r0, sp - - bl _bsaes_encrypt8 - - vld1.64 {@XMM[ 8]-@XMM[ 9]}, [r0,:128]! - vld1.64 {@XMM[10]-@XMM[11]}, [r0,:128]! - veor @XMM[0], @XMM[0], @XMM[ 8] - vld1.64 {@XMM[12]-@XMM[13]}, [r0,:128]! - veor @XMM[1], @XMM[1], @XMM[ 9] - veor @XMM[8], @XMM[4], @XMM[10] - vst1.8 {@XMM[0]-@XMM[1]}, [$out]! - veor @XMM[9], @XMM[6], @XMM[11] - vld1.64 {@XMM[14]}, [r0,:128]! - veor @XMM[10], @XMM[3], @XMM[12] - vst1.8 {@XMM[8]-@XMM[9]}, [$out]! - veor @XMM[11], @XMM[7], @XMM[13] - veor @XMM[12], @XMM[2], @XMM[14] - vst1.8 {@XMM[10]-@XMM[11]}, [$out]! - vst1.8 {@XMM[12]}, [$out]! - - vld1.64 {@XMM[8]}, [r0,:128] @ next round tweak - b .Lxts_enc_done -.align 4 -.Lxts_enc_6: - veor @XMM[4], @XMM[4], @XMM[12] -#ifndef BSAES_ASM_EXTENDED_KEY - add r4, sp, #0x90 @ pass key schedule -#else - add r4, $key, #248 @ pass key schedule -#endif - veor @XMM[5], @XMM[5], @XMM[13] - mov r5, $rounds @ pass rounds - mov r0, sp - - bl _bsaes_encrypt8 - - vld1.64 {@XMM[ 8]-@XMM[ 9]}, [r0,:128]! - vld1.64 {@XMM[10]-@XMM[11]}, [r0,:128]! - veor @XMM[0], @XMM[0], @XMM[ 8] - vld1.64 {@XMM[12]-@XMM[13]}, [r0,:128]! - veor @XMM[1], @XMM[1], @XMM[ 9] - veor @XMM[8], @XMM[4], @XMM[10] - vst1.8 {@XMM[0]-@XMM[1]}, [$out]! - veor @XMM[9], @XMM[6], @XMM[11] - veor @XMM[10], @XMM[3], @XMM[12] - vst1.8 {@XMM[8]-@XMM[9]}, [$out]! - veor @XMM[11], @XMM[7], @XMM[13] - vst1.8 {@XMM[10]-@XMM[11]}, [$out]! - - vld1.64 {@XMM[8]}, [r0,:128] @ next round tweak - b .Lxts_enc_done - -@ put this in range for both ARM and Thumb mode adr instructions -.align 5 -.Lxts_magic: - .quad 1, 0x87 - -.align 5 -.Lxts_enc_5: - veor @XMM[3], @XMM[3], @XMM[11] -#ifndef BSAES_ASM_EXTENDED_KEY - add r4, sp, #0x90 @ pass key schedule -#else - add r4, $key, #248 @ pass key schedule -#endif - veor @XMM[4], @XMM[4], @XMM[12] - mov r5, $rounds @ pass rounds - mov r0, sp - - bl _bsaes_encrypt8 - - vld1.64 {@XMM[ 8]-@XMM[ 9]}, [r0,:128]! - vld1.64 {@XMM[10]-@XMM[11]}, [r0,:128]! - veor @XMM[0], @XMM[0], @XMM[ 8] - vld1.64 {@XMM[12]}, [r0,:128]! - veor @XMM[1], @XMM[1], @XMM[ 9] - veor @XMM[8], @XMM[4], @XMM[10] - vst1.8 {@XMM[0]-@XMM[1]}, [$out]! - veor @XMM[9], @XMM[6], @XMM[11] - veor @XMM[10], @XMM[3], @XMM[12] - vst1.8 {@XMM[8]-@XMM[9]}, [$out]! - vst1.8 {@XMM[10]}, [$out]! - - vld1.64 {@XMM[8]}, [r0,:128] @ next round tweak - b .Lxts_enc_done -.align 4 -.Lxts_enc_4: - veor @XMM[2], @XMM[2], @XMM[10] -#ifndef BSAES_ASM_EXTENDED_KEY - add r4, sp, #0x90 @ pass key schedule -#else - add r4, $key, #248 @ pass key schedule -#endif - veor @XMM[3], @XMM[3], @XMM[11] - mov r5, $rounds @ pass rounds - mov r0, sp - - bl _bsaes_encrypt8 - - vld1.64 {@XMM[ 8]-@XMM[ 9]}, [r0,:128]! - vld1.64 {@XMM[10]-@XMM[11]}, [r0,:128]! - veor @XMM[0], @XMM[0], @XMM[ 8] - veor @XMM[1], @XMM[1], @XMM[ 9] - veor @XMM[8], @XMM[4], @XMM[10] - vst1.8 {@XMM[0]-@XMM[1]}, [$out]! - veor @XMM[9], @XMM[6], @XMM[11] - vst1.8 {@XMM[8]-@XMM[9]}, [$out]! - - vld1.64 {@XMM[8]}, [r0,:128] @ next round tweak - b .Lxts_enc_done -.align 4 -.Lxts_enc_3: - veor @XMM[1], @XMM[1], @XMM[9] -#ifndef BSAES_ASM_EXTENDED_KEY - add r4, sp, #0x90 @ pass key schedule -#else - add r4, $key, #248 @ pass key schedule -#endif - veor @XMM[2], @XMM[2], @XMM[10] - mov r5, $rounds @ pass rounds - mov r0, sp - - bl _bsaes_encrypt8 - - vld1.64 {@XMM[8]-@XMM[9]}, [r0,:128]! - vld1.64 {@XMM[10]}, [r0,:128]! - veor @XMM[0], @XMM[0], @XMM[ 8] - veor @XMM[1], @XMM[1], @XMM[ 9] - veor @XMM[8], @XMM[4], @XMM[10] - vst1.8 {@XMM[0]-@XMM[1]}, [$out]! - vst1.8 {@XMM[8]}, [$out]! - - vld1.64 {@XMM[8]}, [r0,:128] @ next round tweak - b .Lxts_enc_done -.align 4 -.Lxts_enc_2: - veor @XMM[0], @XMM[0], @XMM[8] -#ifndef BSAES_ASM_EXTENDED_KEY - add r4, sp, #0x90 @ pass key schedule -#else - add r4, $key, #248 @ pass key schedule -#endif - veor @XMM[1], @XMM[1], @XMM[9] - mov r5, $rounds @ pass rounds - mov r0, sp - - bl _bsaes_encrypt8 - - vld1.64 {@XMM[8]-@XMM[9]}, [r0,:128]! - veor @XMM[0], @XMM[0], @XMM[ 8] - veor @XMM[1], @XMM[1], @XMM[ 9] - vst1.8 {@XMM[0]-@XMM[1]}, [$out]! - - vld1.64 {@XMM[8]}, [r0,:128] @ next round tweak - b .Lxts_enc_done -.align 4 -.Lxts_enc_1: - mov r0, sp - veor @XMM[0], @XMM[0], @XMM[8] - mov r1, sp - vst1.8 {@XMM[0]}, [sp,:128] - mov r2, $key - mov r4, $fp @ preserve fp - - bl AES_encrypt - - vld1.8 {@XMM[0]}, [sp,:128] - veor @XMM[0], @XMM[0], @XMM[8] - vst1.8 {@XMM[0]}, [$out]! - mov $fp, r4 - - vmov @XMM[8], @XMM[9] @ next round tweak - -.Lxts_enc_done: -#ifndef XTS_CHAIN_TWEAK - adds $len, #0x10 - beq .Lxts_enc_ret - sub r6, $out, #0x10 - -.Lxts_enc_steal: - ldrb r0, [$inp], #1 - ldrb r1, [$out, #-0x10] - strb r0, [$out, #-0x10] - strb r1, [$out], #1 - - subs $len, #1 - bhi .Lxts_enc_steal - - vld1.8 {@XMM[0]}, [r6] - mov r0, sp - veor @XMM[0], @XMM[0], @XMM[8] - mov r1, sp - vst1.8 {@XMM[0]}, [sp,:128] - mov r2, $key - mov r4, $fp @ preserve fp - - bl AES_encrypt - - vld1.8 {@XMM[0]}, [sp,:128] - veor @XMM[0], @XMM[0], @XMM[8] - vst1.8 {@XMM[0]}, [r6] - mov $fp, r4 -#endif - -.Lxts_enc_ret: - bic r0, $fp, #0xf - vmov.i32 q0, #0 - vmov.i32 q1, #0 -#ifdef XTS_CHAIN_TWEAK - ldr r1, [$fp, #0x20+VFP_ABI_FRAME] @ chain tweak -#endif -.Lxts_enc_bzero: @ wipe key schedule [if any] - vstmia sp!, {q0-q1} - cmp sp, r0 - bne .Lxts_enc_bzero - - mov sp, $fp -#ifdef XTS_CHAIN_TWEAK - vst1.8 {@XMM[8]}, [r1] -#endif - VFP_ABI_POP - ldmia sp!, {r4-r10, pc} @ return - -.size ossl_bsaes_xts_encrypt,.-ossl_bsaes_xts_encrypt - -.globl ossl_bsaes_xts_decrypt -.type ossl_bsaes_xts_decrypt,%function -.align 4 -ossl_bsaes_xts_decrypt: - mov ip, sp - stmdb sp!, {r4-r10, lr} @ 0x20 - VFP_ABI_PUSH - mov r6, sp @ future $fp - - mov $inp, r0 - mov $out, r1 - mov $len, r2 - mov $key, r3 - - sub r0, sp, #0x10 @ 0x10 - bic r0, #0xf @ align at 16 bytes - mov sp, r0 - -#ifdef XTS_CHAIN_TWEAK - ldr r0, [ip] @ pointer to input tweak -#else - @ generate initial tweak - ldr r0, [ip, #4] @ iv[] - mov r1, sp - ldr r2, [ip, #0] @ key2 - bl AES_encrypt - mov r0, sp @ pointer to initial tweak -#endif - - ldr $rounds, [$key, #240] @ get # of rounds - mov $fp, r6 -#ifndef BSAES_ASM_EXTENDED_KEY - @ allocate the key schedule on the stack - sub r12, sp, $rounds, lsl#7 @ 128 bytes per inner round key - @ add r12, #`128-32` @ size of bit-sliced key schedule - sub r12, #`32+16` @ place for tweak[9] - - @ populate the key schedule - mov r4, $key @ pass key - mov r5, $rounds @ pass # of rounds - mov sp, r12 - add r12, #0x90 @ pass key schedule - bl _bsaes_key_convert - add r4, sp, #0x90 - vldmia r4, {@XMM[6]} - vstmia r12, {@XMM[15]} @ save last round key - veor @XMM[7], @XMM[7], @XMM[6] @ fix up round 0 key - vstmia r4, {@XMM[7]} -#else - ldr r12, [$key, #244] - eors r12, #1 - beq 0f - - str r12, [$key, #244] - mov r4, $key @ pass key - mov r5, $rounds @ pass # of rounds - add r12, $key, #248 @ pass key schedule - bl _bsaes_key_convert - add r4, $key, #248 - vldmia r4, {@XMM[6]} - vstmia r12, {@XMM[15]} @ save last round key - veor @XMM[7], @XMM[7], @XMM[6] @ fix up round 0 key - vstmia r4, {@XMM[7]} - -.align 2 -0: sub sp, #0x90 @ place for tweak[9] -#endif - vld1.8 {@XMM[8]}, [r0] @ initial tweak - adr $magic, .Lxts_magic - -#ifndef XTS_CHAIN_TWEAK - tst $len, #0xf @ if not multiple of 16 - it ne @ Thumb2 thing, sanity check in ARM - subne $len, #0x10 @ subtract another 16 bytes -#endif - subs $len, #0x80 - - blo .Lxts_dec_short - b .Lxts_dec_loop - -.align 4 -.Lxts_dec_loop: - vldmia $magic, {$twmask} @ load XTS magic - vshr.s64 @T[0], @XMM[8], #63 - mov r0, sp - vand @T[0], @T[0], $twmask -___ -for($i=9;$i<16;$i++) { -$code.=<<___; - vadd.u64 @XMM[$i], @XMM[$i-1], @XMM[$i-1] - vst1.64 {@XMM[$i-1]}, [r0,:128]! - vswp `&Dhi("@T[0]")`,`&Dlo("@T[0]")` - vshr.s64 @T[1], @XMM[$i], #63 - veor @XMM[$i], @XMM[$i], @T[0] - vand @T[1], @T[1], $twmask -___ - @T=reverse(@T); - -$code.=<<___ if ($i>=10); - vld1.8 {@XMM[$i-10]}, [$inp]! -___ -$code.=<<___ if ($i>=11); - veor @XMM[$i-11], @XMM[$i-11], @XMM[$i-3] -___ -} -$code.=<<___; - vadd.u64 @XMM[8], @XMM[15], @XMM[15] - vst1.64 {@XMM[15]}, [r0,:128]! - vswp `&Dhi("@T[0]")`,`&Dlo("@T[0]")` - veor @XMM[8], @XMM[8], @T[0] - vst1.64 {@XMM[8]}, [r0,:128] @ next round tweak - - vld1.8 {@XMM[6]-@XMM[7]}, [$inp]! - veor @XMM[5], @XMM[5], @XMM[13] -#ifndef BSAES_ASM_EXTENDED_KEY - add r4, sp, #0x90 @ pass key schedule -#else - add r4, $key, #248 @ pass key schedule -#endif - veor @XMM[6], @XMM[6], @XMM[14] - mov r5, $rounds @ pass rounds - veor @XMM[7], @XMM[7], @XMM[15] - mov r0, sp - - bl _bsaes_decrypt8 - - vld1.64 {@XMM[ 8]-@XMM[ 9]}, [r0,:128]! - vld1.64 {@XMM[10]-@XMM[11]}, [r0,:128]! - veor @XMM[0], @XMM[0], @XMM[ 8] - vld1.64 {@XMM[12]-@XMM[13]}, [r0,:128]! - veor @XMM[1], @XMM[1], @XMM[ 9] - veor @XMM[8], @XMM[6], @XMM[10] - vst1.8 {@XMM[0]-@XMM[1]}, [$out]! - veor @XMM[9], @XMM[4], @XMM[11] - vld1.64 {@XMM[14]-@XMM[15]}, [r0,:128]! - veor @XMM[10], @XMM[2], @XMM[12] - vst1.8 {@XMM[8]-@XMM[9]}, [$out]! - veor @XMM[11], @XMM[7], @XMM[13] - veor @XMM[12], @XMM[3], @XMM[14] - vst1.8 {@XMM[10]-@XMM[11]}, [$out]! - veor @XMM[13], @XMM[5], @XMM[15] - vst1.8 {@XMM[12]-@XMM[13]}, [$out]! - - vld1.64 {@XMM[8]}, [r0,:128] @ next round tweak - - subs $len, #0x80 - bpl .Lxts_dec_loop - -.Lxts_dec_short: - adds $len, #0x70 - bmi .Lxts_dec_done - - vldmia $magic, {$twmask} @ load XTS magic - vshr.s64 @T[0], @XMM[8], #63 - mov r0, sp - vand @T[0], @T[0], $twmask -___ -for($i=9;$i<16;$i++) { -$code.=<<___; - vadd.u64 @XMM[$i], @XMM[$i-1], @XMM[$i-1] - vst1.64 {@XMM[$i-1]}, [r0,:128]! - vswp `&Dhi("@T[0]")`,`&Dlo("@T[0]")` - vshr.s64 @T[1], @XMM[$i], #63 - veor @XMM[$i], @XMM[$i], @T[0] - vand @T[1], @T[1], $twmask -___ - @T=reverse(@T); - -$code.=<<___ if ($i>=10); - vld1.8 {@XMM[$i-10]}, [$inp]! - subs $len, #0x10 - bmi .Lxts_dec_`$i-9` -___ -$code.=<<___ if ($i>=11); - veor @XMM[$i-11], @XMM[$i-11], @XMM[$i-3] -___ -} -$code.=<<___; - sub $len, #0x10 - vst1.64 {@XMM[15]}, [r0,:128] @ next round tweak - - vld1.8 {@XMM[6]}, [$inp]! - veor @XMM[5], @XMM[5], @XMM[13] -#ifndef BSAES_ASM_EXTENDED_KEY - add r4, sp, #0x90 @ pass key schedule -#else - add r4, $key, #248 @ pass key schedule -#endif - veor @XMM[6], @XMM[6], @XMM[14] - mov r5, $rounds @ pass rounds - mov r0, sp - - bl _bsaes_decrypt8 - - vld1.64 {@XMM[ 8]-@XMM[ 9]}, [r0,:128]! - vld1.64 {@XMM[10]-@XMM[11]}, [r0,:128]! - veor @XMM[0], @XMM[0], @XMM[ 8] - vld1.64 {@XMM[12]-@XMM[13]}, [r0,:128]! - veor @XMM[1], @XMM[1], @XMM[ 9] - veor @XMM[8], @XMM[6], @XMM[10] - vst1.8 {@XMM[0]-@XMM[1]}, [$out]! - veor @XMM[9], @XMM[4], @XMM[11] - vld1.64 {@XMM[14]}, [r0,:128]! - veor @XMM[10], @XMM[2], @XMM[12] - vst1.8 {@XMM[8]-@XMM[9]}, [$out]! - veor @XMM[11], @XMM[7], @XMM[13] - veor @XMM[12], @XMM[3], @XMM[14] - vst1.8 {@XMM[10]-@XMM[11]}, [$out]! - vst1.8 {@XMM[12]}, [$out]! - - vld1.64 {@XMM[8]}, [r0,:128] @ next round tweak - b .Lxts_dec_done -.align 4 -.Lxts_dec_6: - vst1.64 {@XMM[14]}, [r0,:128] @ next round tweak - - veor @XMM[4], @XMM[4], @XMM[12] -#ifndef BSAES_ASM_EXTENDED_KEY - add r4, sp, #0x90 @ pass key schedule -#else - add r4, $key, #248 @ pass key schedule -#endif - veor @XMM[5], @XMM[5], @XMM[13] - mov r5, $rounds @ pass rounds - mov r0, sp - - bl _bsaes_decrypt8 - - vld1.64 {@XMM[ 8]-@XMM[ 9]}, [r0,:128]! - vld1.64 {@XMM[10]-@XMM[11]}, [r0,:128]! - veor @XMM[0], @XMM[0], @XMM[ 8] - vld1.64 {@XMM[12]-@XMM[13]}, [r0,:128]! - veor @XMM[1], @XMM[1], @XMM[ 9] - veor @XMM[8], @XMM[6], @XMM[10] - vst1.8 {@XMM[0]-@XMM[1]}, [$out]! - veor @XMM[9], @XMM[4], @XMM[11] - veor @XMM[10], @XMM[2], @XMM[12] - vst1.8 {@XMM[8]-@XMM[9]}, [$out]! - veor @XMM[11], @XMM[7], @XMM[13] - vst1.8 {@XMM[10]-@XMM[11]}, [$out]! - - vld1.64 {@XMM[8]}, [r0,:128] @ next round tweak - b .Lxts_dec_done -.align 4 -.Lxts_dec_5: - veor @XMM[3], @XMM[3], @XMM[11] -#ifndef BSAES_ASM_EXTENDED_KEY - add r4, sp, #0x90 @ pass key schedule -#else - add r4, $key, #248 @ pass key schedule -#endif - veor @XMM[4], @XMM[4], @XMM[12] - mov r5, $rounds @ pass rounds - mov r0, sp - - bl _bsaes_decrypt8 - - vld1.64 {@XMM[ 8]-@XMM[ 9]}, [r0,:128]! - vld1.64 {@XMM[10]-@XMM[11]}, [r0,:128]! - veor @XMM[0], @XMM[0], @XMM[ 8] - vld1.64 {@XMM[12]}, [r0,:128]! - veor @XMM[1], @XMM[1], @XMM[ 9] - veor @XMM[8], @XMM[6], @XMM[10] - vst1.8 {@XMM[0]-@XMM[1]}, [$out]! - veor @XMM[9], @XMM[4], @XMM[11] - veor @XMM[10], @XMM[2], @XMM[12] - vst1.8 {@XMM[8]-@XMM[9]}, [$out]! - vst1.8 {@XMM[10]}, [$out]! - - vld1.64 {@XMM[8]}, [r0,:128] @ next round tweak - b .Lxts_dec_done -.align 4 -.Lxts_dec_4: - veor @XMM[2], @XMM[2], @XMM[10] -#ifndef BSAES_ASM_EXTENDED_KEY - add r4, sp, #0x90 @ pass key schedule -#else - add r4, $key, #248 @ pass key schedule -#endif - veor @XMM[3], @XMM[3], @XMM[11] - mov r5, $rounds @ pass rounds - mov r0, sp - - bl _bsaes_decrypt8 - - vld1.64 {@XMM[ 8]-@XMM[ 9]}, [r0,:128]! - vld1.64 {@XMM[10]-@XMM[11]}, [r0,:128]! - veor @XMM[0], @XMM[0], @XMM[ 8] - veor @XMM[1], @XMM[1], @XMM[ 9] - veor @XMM[8], @XMM[6], @XMM[10] - vst1.8 {@XMM[0]-@XMM[1]}, [$out]! - veor @XMM[9], @XMM[4], @XMM[11] - vst1.8 {@XMM[8]-@XMM[9]}, [$out]! - - vld1.64 {@XMM[8]}, [r0,:128] @ next round tweak - b .Lxts_dec_done -.align 4 -.Lxts_dec_3: - veor @XMM[1], @XMM[1], @XMM[9] -#ifndef BSAES_ASM_EXTENDED_KEY - add r4, sp, #0x90 @ pass key schedule -#else - add r4, $key, #248 @ pass key schedule -#endif - veor @XMM[2], @XMM[2], @XMM[10] - mov r5, $rounds @ pass rounds - mov r0, sp - - bl _bsaes_decrypt8 - - vld1.64 {@XMM[8]-@XMM[9]}, [r0,:128]! - vld1.64 {@XMM[10]}, [r0,:128]! - veor @XMM[0], @XMM[0], @XMM[ 8] - veor @XMM[1], @XMM[1], @XMM[ 9] - veor @XMM[8], @XMM[6], @XMM[10] - vst1.8 {@XMM[0]-@XMM[1]}, [$out]! - vst1.8 {@XMM[8]}, [$out]! - - vld1.64 {@XMM[8]}, [r0,:128] @ next round tweak - b .Lxts_dec_done -.align 4 -.Lxts_dec_2: - veor @XMM[0], @XMM[0], @XMM[8] -#ifndef BSAES_ASM_EXTENDED_KEY - add r4, sp, #0x90 @ pass key schedule -#else - add r4, $key, #248 @ pass key schedule -#endif - veor @XMM[1], @XMM[1], @XMM[9] - mov r5, $rounds @ pass rounds - mov r0, sp - - bl _bsaes_decrypt8 - - vld1.64 {@XMM[8]-@XMM[9]}, [r0,:128]! - veor @XMM[0], @XMM[0], @XMM[ 8] - veor @XMM[1], @XMM[1], @XMM[ 9] - vst1.8 {@XMM[0]-@XMM[1]}, [$out]! - - vld1.64 {@XMM[8]}, [r0,:128] @ next round tweak - b .Lxts_dec_done -.align 4 -.Lxts_dec_1: - mov r0, sp - veor @XMM[0], @XMM[0], @XMM[8] - mov r1, sp - vst1.8 {@XMM[0]}, [sp,:128] - mov r5, $magic @ preserve magic - mov r2, $key - mov r4, $fp @ preserve fp - - bl AES_decrypt - - vld1.8 {@XMM[0]}, [sp,:128] - veor @XMM[0], @XMM[0], @XMM[8] - vst1.8 {@XMM[0]}, [$out]! - mov $fp, r4 - mov $magic, r5 - - vmov @XMM[8], @XMM[9] @ next round tweak - -.Lxts_dec_done: -#ifndef XTS_CHAIN_TWEAK - adds $len, #0x10 - beq .Lxts_dec_ret - - @ calculate one round of extra tweak for the stolen ciphertext - vldmia $magic, {$twmask} - vshr.s64 @XMM[6], @XMM[8], #63 - vand @XMM[6], @XMM[6], $twmask - vadd.u64 @XMM[9], @XMM[8], @XMM[8] - vswp `&Dhi("@XMM[6]")`,`&Dlo("@XMM[6]")` - veor @XMM[9], @XMM[9], @XMM[6] - - @ perform the final decryption with the last tweak value - vld1.8 {@XMM[0]}, [$inp]! - mov r0, sp - veor @XMM[0], @XMM[0], @XMM[9] - mov r1, sp - vst1.8 {@XMM[0]}, [sp,:128] - mov r2, $key - mov r4, $fp @ preserve fp - - bl AES_decrypt - - vld1.8 {@XMM[0]}, [sp,:128] - veor @XMM[0], @XMM[0], @XMM[9] - vst1.8 {@XMM[0]}, [$out] - - mov r6, $out -.Lxts_dec_steal: - ldrb r1, [$out] - ldrb r0, [$inp], #1 - strb r1, [$out, #0x10] - strb r0, [$out], #1 - - subs $len, #1 - bhi .Lxts_dec_steal - - vld1.8 {@XMM[0]}, [r6] - mov r0, sp - veor @XMM[0], @XMM[8] - mov r1, sp - vst1.8 {@XMM[0]}, [sp,:128] - mov r2, $key - - bl AES_decrypt - - vld1.8 {@XMM[0]}, [sp,:128] - veor @XMM[0], @XMM[0], @XMM[8] - vst1.8 {@XMM[0]}, [r6] - mov $fp, r4 -#endif - -.Lxts_dec_ret: - bic r0, $fp, #0xf - vmov.i32 q0, #0 - vmov.i32 q1, #0 -#ifdef XTS_CHAIN_TWEAK - ldr r1, [$fp, #0x20+VFP_ABI_FRAME] @ chain tweak -#endif -.Lxts_dec_bzero: @ wipe key schedule [if any] - vstmia sp!, {q0-q1} - cmp sp, r0 - bne .Lxts_dec_bzero - - mov sp, $fp -#ifdef XTS_CHAIN_TWEAK - vst1.8 {@XMM[8]}, [r1] -#endif - VFP_ABI_POP - ldmia sp!, {r4-r10, pc} @ return - -.size ossl_bsaes_xts_decrypt,.-ossl_bsaes_xts_decrypt -___ -} -$code.=<<___; -#endif -___ - -$code =~ s/\`([^\`]*)\`/eval($1)/gem; - -open SELF,$0; -while() { - next if (/^#!/); - last if (!s/^#/@/ and !/^$/); - print; -} -close SELF; - -print $code; - -close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/aes/asm/bsaes-x86_64.pl b/crypto/aes/asm/bsaes-x86_64.pl deleted file mode 100644 index 6498cfe908c87a762f43c9f083ced9fef6368a2e..0000000000000000000000000000000000000000 --- a/crypto/aes/asm/bsaes-x86_64.pl +++ /dev/null @@ -1,3243 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2011-2021 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - - -################################################################### -### AES-128 [originally in CTR mode] ### -### bitsliced implementation for Intel Core 2 processors ### -### requires support of SSE extensions up to SSSE3 ### -### Author: Emilia Käsper and Peter Schwabe ### -### Date: 2009-03-19 ### -### Public domain ### -### ### -### See http://homes.esat.kuleuven.be/~ekasper/#software for ### -### further information. ### -################################################################### -# -# September 2011. -# -# Started as transliteration to "perlasm" the original code has -# undergone following changes: -# -# - code was made position-independent; -# - rounds were folded into a loop resulting in >5x size reduction -# from 12.5KB to 2.2KB; -# - above was possible thanks to mixcolumns() modification that -# allowed to feed its output back to aesenc[last], this was -# achieved at cost of two additional inter-registers moves; -# - some instruction reordering and interleaving; -# - this module doesn't implement key setup subroutine, instead it -# relies on conversion of "conventional" key schedule as returned -# by AES_set_encrypt_key (see discussion below); -# - first and last round keys are treated differently, which allowed -# to skip one shiftrows(), reduce bit-sliced key schedule and -# speed-up conversion by 22%; -# - support for 192- and 256-bit keys was added; -# -# Resulting performance in CPU cycles spent to encrypt one byte out -# of 4096-byte buffer with 128-bit key is: -# -# Emilia's this(*) difference -# -# Core 2 9.30 8.69 +7% -# Nehalem(**) 7.63 6.88 +11% -# Atom 17.1 16.4 +4% -# Silvermont - 12.9 -# Goldmont - 8.85 -# -# (*) Comparison is not completely fair, because "this" is ECB, -# i.e. no extra processing such as counter values calculation -# and xor-ing input as in Emilia's CTR implementation is -# performed. However, the CTR calculations stand for not more -# than 1% of total time, so comparison is *rather* fair. -# -# (**) Results were collected on Westmere, which is considered to -# be equivalent to Nehalem for this code. -# -# As for key schedule conversion subroutine. Interface to OpenSSL -# relies on per-invocation on-the-fly conversion. This naturally -# has impact on performance, especially for short inputs. Conversion -# time in CPU cycles and its ratio to CPU cycles spent in 8x block -# function is: -# -# conversion conversion/8x block -# Core 2 240 0.22 -# Nehalem 180 0.20 -# Atom 430 0.20 -# -# The ratio values mean that 128-byte blocks will be processed -# 16-18% slower, 256-byte blocks - 9-10%, 384-byte blocks - 6-7%, -# etc. Then keep in mind that input sizes not divisible by 128 are -# *effectively* slower, especially shortest ones, e.g. consecutive -# 144-byte blocks are processed 44% slower than one would expect, -# 272 - 29%, 400 - 22%, etc. Yet, despite all these "shortcomings" -# it's still faster than ["hyper-threading-safe" code path in] -# aes-x86_64.pl on all lengths above 64 bytes... -# -# October 2011. -# -# Add decryption procedure. Performance in CPU cycles spent to decrypt -# one byte out of 4096-byte buffer with 128-bit key is: -# -# Core 2 9.98 -# Nehalem 7.80 -# Atom 17.9 -# Silvermont 14.0 -# Goldmont 10.2 -# -# November 2011. -# -# Add bsaes_xts_[en|de]crypt. Less-than-80-bytes-block performance is -# suboptimal, but XTS is meant to be used with larger blocks... -# -# - -# $output is the last argument if it looks like a file (it has an extension) -# $flavour is the first argument if it doesn't look like a file -$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; -$flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef; - -$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/); - -$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; -( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or -( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or -die "can't locate x86_64-xlate.pl"; - -open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"" - or die "can't call $xlate: $!"; -*STDOUT=*OUT; - -my ($inp,$out,$len,$key,$ivp)=("%rdi","%rsi","%rdx","%rcx"); -my @XMM=map("%xmm$_",(15,0..14)); # best on Atom, +10% over (0..15) -my $ecb=0; # suppress unreferenced ECB subroutines, spare some space... - -{ -my ($key,$rounds,$const)=("%rax","%r10d","%r11"); - -sub Sbox { -# input in lsb > [b0, b1, b2, b3, b4, b5, b6, b7] < msb -# output in lsb > [b0, b1, b4, b6, b3, b7, b2, b5] < msb -my @b=@_[0..7]; -my @t=@_[8..11]; -my @s=@_[12..15]; - &InBasisChange (@b); - &Inv_GF256 (@b[6,5,0,3,7,1,4,2],@t,@s); - &OutBasisChange (@b[7,1,4,2,6,5,0,3]); -} - -sub InBasisChange { -# input in lsb > [b0, b1, b2, b3, b4, b5, b6, b7] < msb -# output in lsb > [b6, b5, b0, b3, b7, b1, b4, b2] < msb -my @b=@_[0..7]; -$code.=<<___; - pxor @b[6], @b[5] - pxor @b[1], @b[2] - pxor @b[0], @b[3] - pxor @b[2], @b[6] - pxor @b[0], @b[5] - - pxor @b[3], @b[6] - pxor @b[7], @b[3] - pxor @b[5], @b[7] - pxor @b[4], @b[3] - pxor @b[5], @b[4] - pxor @b[1], @b[3] - - pxor @b[7], @b[2] - pxor @b[5], @b[1] -___ -} - -sub OutBasisChange { -# input in lsb > [b0, b1, b2, b3, b4, b5, b6, b7] < msb -# output in lsb > [b6, b1, b2, b4, b7, b0, b3, b5] < msb -my @b=@_[0..7]; -$code.=<<___; - pxor @b[6], @b[0] - pxor @b[4], @b[1] - pxor @b[0], @b[2] - pxor @b[6], @b[4] - pxor @b[1], @b[6] - - pxor @b[5], @b[1] - pxor @b[3], @b[5] - pxor @b[7], @b[3] - pxor @b[5], @b[7] - pxor @b[5], @b[2] - - pxor @b[7], @b[4] -___ -} - -sub InvSbox { -# input in lsb > [b0, b1, b2, b3, b4, b5, b6, b7] < msb -# output in lsb > [b0, b1, b6, b4, b2, b7, b3, b5] < msb -my @b=@_[0..7]; -my @t=@_[8..11]; -my @s=@_[12..15]; - &InvInBasisChange (@b); - &Inv_GF256 (@b[5,1,2,6,3,7,0,4],@t,@s); - &InvOutBasisChange (@b[3,7,0,4,5,1,2,6]); -} - -sub InvInBasisChange { # OutBasisChange in reverse -my @b=@_[5,1,2,6,3,7,0,4]; -$code.=<<___ - pxor @b[7], @b[4] - - pxor @b[5], @b[7] - pxor @b[5], @b[2] - pxor @b[7], @b[3] - pxor @b[3], @b[5] - pxor @b[5], @b[1] - - pxor @b[1], @b[6] - pxor @b[0], @b[2] - pxor @b[6], @b[4] - pxor @b[6], @b[0] - pxor @b[4], @b[1] -___ -} - -sub InvOutBasisChange { # InBasisChange in reverse -my @b=@_[2,5,7,3,6,1,0,4]; -$code.=<<___; - pxor @b[5], @b[1] - pxor @b[7], @b[2] - - pxor @b[1], @b[3] - pxor @b[5], @b[4] - pxor @b[5], @b[7] - pxor @b[4], @b[3] - pxor @b[0], @b[5] - pxor @b[7], @b[3] - pxor @b[2], @b[6] - pxor @b[1], @b[2] - pxor @b[3], @b[6] - - pxor @b[0], @b[3] - pxor @b[6], @b[5] -___ -} - -sub Mul_GF4 { -#;************************************************************* -#;* Mul_GF4: Input x0-x1,y0-y1 Output x0-x1 Temp t0 (8) * -#;************************************************************* -my ($x0,$x1,$y0,$y1,$t0)=@_; -$code.=<<___; - movdqa $y0, $t0 - pxor $y1, $t0 - pand $x0, $t0 - pxor $x1, $x0 - pand $y0, $x1 - pand $y1, $x0 - pxor $x1, $x0 - pxor $t0, $x1 -___ -} - -sub Mul_GF4_N { # not used, see next subroutine -# multiply and scale by N -my ($x0,$x1,$y0,$y1,$t0)=@_; -$code.=<<___; - movdqa $y0, $t0 - pxor $y1, $t0 - pand $x0, $t0 - pxor $x1, $x0 - pand $y0, $x1 - pand $y1, $x0 - pxor $x0, $x1 - pxor $t0, $x0 -___ -} - -sub Mul_GF4_N_GF4 { -# interleaved Mul_GF4_N and Mul_GF4 -my ($x0,$x1,$y0,$y1,$t0, - $x2,$x3,$y2,$y3,$t1)=@_; -$code.=<<___; - movdqa $y0, $t0 - movdqa $y2, $t1 - pxor $y1, $t0 - pxor $y3, $t1 - pand $x0, $t0 - pand $x2, $t1 - pxor $x1, $x0 - pxor $x3, $x2 - pand $y0, $x1 - pand $y2, $x3 - pand $y1, $x0 - pand $y3, $x2 - pxor $x0, $x1 - pxor $x3, $x2 - pxor $t0, $x0 - pxor $t1, $x3 -___ -} -sub Mul_GF16_2 { -my @x=@_[0..7]; -my @y=@_[8..11]; -my @t=@_[12..15]; -$code.=<<___; - movdqa @x[0], @t[0] - movdqa @x[1], @t[1] -___ - &Mul_GF4 (@x[0], @x[1], @y[0], @y[1], @t[2]); -$code.=<<___; - pxor @x[2], @t[0] - pxor @x[3], @t[1] - pxor @y[2], @y[0] - pxor @y[3], @y[1] -___ - Mul_GF4_N_GF4 (@t[0], @t[1], @y[0], @y[1], @t[3], - @x[2], @x[3], @y[2], @y[3], @t[2]); -$code.=<<___; - pxor @t[0], @x[0] - pxor @t[0], @x[2] - pxor @t[1], @x[1] - pxor @t[1], @x[3] - - movdqa @x[4], @t[0] - movdqa @x[5], @t[1] - pxor @x[6], @t[0] - pxor @x[7], @t[1] -___ - &Mul_GF4_N_GF4 (@t[0], @t[1], @y[0], @y[1], @t[3], - @x[6], @x[7], @y[2], @y[3], @t[2]); -$code.=<<___; - pxor @y[2], @y[0] - pxor @y[3], @y[1] -___ - &Mul_GF4 (@x[4], @x[5], @y[0], @y[1], @t[3]); -$code.=<<___; - pxor @t[0], @x[4] - pxor @t[0], @x[6] - pxor @t[1], @x[5] - pxor @t[1], @x[7] -___ -} -sub Inv_GF256 { -#;******************************************************************** -#;* Inv_GF256: Input x0-x7 Output x0-x7 Temp t0-t3,s0-s3 (144) * -#;******************************************************************** -my @x=@_[0..7]; -my @t=@_[8..11]; -my @s=@_[12..15]; -# direct optimizations from hardware -$code.=<<___; - movdqa @x[4], @t[3] - movdqa @x[5], @t[2] - movdqa @x[1], @t[1] - movdqa @x[7], @s[1] - movdqa @x[0], @s[0] - - pxor @x[6], @t[3] - pxor @x[7], @t[2] - pxor @x[3], @t[1] - movdqa @t[3], @s[2] - pxor @x[6], @s[1] - movdqa @t[2], @t[0] - pxor @x[2], @s[0] - movdqa @t[3], @s[3] - - por @t[1], @t[2] - por @s[0], @t[3] - pxor @t[0], @s[3] - pand @s[0], @s[2] - pxor @t[1], @s[0] - pand @t[1], @t[0] - pand @s[0], @s[3] - movdqa @x[3], @s[0] - pxor @x[2], @s[0] - pand @s[0], @s[1] - pxor @s[1], @t[3] - pxor @s[1], @t[2] - movdqa @x[4], @s[1] - movdqa @x[1], @s[0] - pxor @x[5], @s[1] - pxor @x[0], @s[0] - movdqa @s[1], @t[1] - pand @s[0], @s[1] - por @s[0], @t[1] - pxor @s[1], @t[0] - pxor @s[3], @t[3] - pxor @s[2], @t[2] - pxor @s[3], @t[1] - movdqa @x[7], @s[0] - pxor @s[2], @t[0] - movdqa @x[6], @s[1] - pxor @s[2], @t[1] - movdqa @x[5], @s[2] - pand @x[3], @s[0] - movdqa @x[4], @s[3] - pand @x[2], @s[1] - pand @x[1], @s[2] - por @x[0], @s[3] - pxor @s[0], @t[3] - pxor @s[1], @t[2] - pxor @s[2], @t[1] - pxor @s[3], @t[0] - - #Inv_GF16 \t0, \t1, \t2, \t3, \s0, \s1, \s2, \s3 - - # new smaller inversion - - movdqa @t[3], @s[0] - pand @t[1], @t[3] - pxor @t[2], @s[0] - - movdqa @t[0], @s[2] - movdqa @s[0], @s[3] - pxor @t[3], @s[2] - pand @s[2], @s[3] - - movdqa @t[1], @s[1] - pxor @t[2], @s[3] - pxor @t[0], @s[1] - - pxor @t[2], @t[3] - - pand @t[3], @s[1] - - movdqa @s[2], @t[2] - pxor @t[0], @s[1] - - pxor @s[1], @t[2] - pxor @s[1], @t[1] - - pand @t[0], @t[2] - - pxor @t[2], @s[2] - pxor @t[2], @t[1] - - pand @s[3], @s[2] - - pxor @s[0], @s[2] -___ -# output in s3, s2, s1, t1 - -# Mul_GF16_2 \x0, \x1, \x2, \x3, \x4, \x5, \x6, \x7, \t2, \t3, \t0, \t1, \s0, \s1, \s2, \s3 - -# Mul_GF16_2 \x0, \x1, \x2, \x3, \x4, \x5, \x6, \x7, \s3, \s2, \s1, \t1, \s0, \t0, \t2, \t3 - &Mul_GF16_2(@x,@s[3,2,1],@t[1],@s[0],@t[0,2,3]); - -### output msb > [x3,x2,x1,x0,x7,x6,x5,x4] < lsb -} - -# AES linear components - -sub ShiftRows { -my @x=@_[0..7]; -my $mask=pop; -$code.=<<___; - pxor 0x00($key),@x[0] - pxor 0x10($key),@x[1] - pxor 0x20($key),@x[2] - pxor 0x30($key),@x[3] - pshufb $mask,@x[0] - pshufb $mask,@x[1] - pxor 0x40($key),@x[4] - pxor 0x50($key),@x[5] - pshufb $mask,@x[2] - pshufb $mask,@x[3] - pxor 0x60($key),@x[6] - pxor 0x70($key),@x[7] - pshufb $mask,@x[4] - pshufb $mask,@x[5] - pshufb $mask,@x[6] - pshufb $mask,@x[7] - lea 0x80($key),$key -___ -} - -sub MixColumns { -# modified to emit output in order suitable for feeding back to aesenc[last] -my @x=@_[0..7]; -my @t=@_[8..15]; -my $inv=@_[16]; # optional -$code.=<<___; - pshufd \$0x93, @x[0], @t[0] # x0 <<< 32 - pshufd \$0x93, @x[1], @t[1] - pxor @t[0], @x[0] # x0 ^ (x0 <<< 32) - pshufd \$0x93, @x[2], @t[2] - pxor @t[1], @x[1] - pshufd \$0x93, @x[3], @t[3] - pxor @t[2], @x[2] - pshufd \$0x93, @x[4], @t[4] - pxor @t[3], @x[3] - pshufd \$0x93, @x[5], @t[5] - pxor @t[4], @x[4] - pshufd \$0x93, @x[6], @t[6] - pxor @t[5], @x[5] - pshufd \$0x93, @x[7], @t[7] - pxor @t[6], @x[6] - pxor @t[7], @x[7] - - pxor @x[0], @t[1] - pxor @x[7], @t[0] - pxor @x[7], @t[1] - pshufd \$0x4E, @x[0], @x[0] # (x0 ^ (x0 <<< 32)) <<< 64) - pxor @x[1], @t[2] - pshufd \$0x4E, @x[1], @x[1] - pxor @x[4], @t[5] - pxor @t[0], @x[0] - pxor @x[5], @t[6] - pxor @t[1], @x[1] - pxor @x[3], @t[4] - pshufd \$0x4E, @x[4], @t[0] - pxor @x[6], @t[7] - pshufd \$0x4E, @x[5], @t[1] - pxor @x[2], @t[3] - pshufd \$0x4E, @x[3], @x[4] - pxor @x[7], @t[3] - pshufd \$0x4E, @x[7], @x[5] - pxor @x[7], @t[4] - pshufd \$0x4E, @x[6], @x[3] - pxor @t[4], @t[0] - pshufd \$0x4E, @x[2], @x[6] - pxor @t[5], @t[1] -___ -$code.=<<___ if (!$inv); - pxor @t[3], @x[4] - pxor @t[7], @x[5] - pxor @t[6], @x[3] - movdqa @t[0], @x[2] - pxor @t[2], @x[6] - movdqa @t[1], @x[7] -___ -$code.=<<___ if ($inv); - pxor @x[4], @t[3] - pxor @t[7], @x[5] - pxor @x[3], @t[6] - movdqa @t[0], @x[3] - pxor @t[2], @x[6] - movdqa @t[6], @x[2] - movdqa @t[1], @x[7] - movdqa @x[6], @x[4] - movdqa @t[3], @x[6] -___ -} - -sub InvMixColumns_orig { -my @x=@_[0..7]; -my @t=@_[8..15]; - -$code.=<<___; - # multiplication by 0x0e - pshufd \$0x93, @x[7], @t[7] - movdqa @x[2], @t[2] - pxor @x[5], @x[7] # 7 5 - pxor @x[5], @x[2] # 2 5 - pshufd \$0x93, @x[0], @t[0] - movdqa @x[5], @t[5] - pxor @x[0], @x[5] # 5 0 [1] - pxor @x[1], @x[0] # 0 1 - pshufd \$0x93, @x[1], @t[1] - pxor @x[2], @x[1] # 1 25 - pxor @x[6], @x[0] # 01 6 [2] - pxor @x[3], @x[1] # 125 3 [4] - pshufd \$0x93, @x[3], @t[3] - pxor @x[0], @x[2] # 25 016 [3] - pxor @x[7], @x[3] # 3 75 - pxor @x[6], @x[7] # 75 6 [0] - pshufd \$0x93, @x[6], @t[6] - movdqa @x[4], @t[4] - pxor @x[4], @x[6] # 6 4 - pxor @x[3], @x[4] # 4 375 [6] - pxor @x[7], @x[3] # 375 756=36 - pxor @t[5], @x[6] # 64 5 [7] - pxor @t[2], @x[3] # 36 2 - pxor @t[4], @x[3] # 362 4 [5] - pshufd \$0x93, @t[5], @t[5] -___ - my @y = @x[7,5,0,2,1,3,4,6]; -$code.=<<___; - # multiplication by 0x0b - pxor @y[0], @y[1] - pxor @t[0], @y[0] - pxor @t[1], @y[1] - pshufd \$0x93, @t[2], @t[2] - pxor @t[5], @y[0] - pxor @t[6], @y[1] - pxor @t[7], @y[0] - pshufd \$0x93, @t[4], @t[4] - pxor @t[6], @t[7] # clobber t[7] - pxor @y[0], @y[1] - - pxor @t[0], @y[3] - pshufd \$0x93, @t[0], @t[0] - pxor @t[1], @y[2] - pxor @t[1], @y[4] - pxor @t[2], @y[2] - pshufd \$0x93, @t[1], @t[1] - pxor @t[2], @y[3] - pxor @t[2], @y[5] - pxor @t[7], @y[2] - pshufd \$0x93, @t[2], @t[2] - pxor @t[3], @y[3] - pxor @t[3], @y[6] - pxor @t[3], @y[4] - pshufd \$0x93, @t[3], @t[3] - pxor @t[4], @y[7] - pxor @t[4], @y[5] - pxor @t[7], @y[7] - pxor @t[5], @y[3] - pxor @t[4], @y[4] - pxor @t[5], @t[7] # clobber t[7] even more - - pxor @t[7], @y[5] - pshufd \$0x93, @t[4], @t[4] - pxor @t[7], @y[6] - pxor @t[7], @y[4] - - pxor @t[5], @t[7] - pshufd \$0x93, @t[5], @t[5] - pxor @t[6], @t[7] # restore t[7] - - # multiplication by 0x0d - pxor @y[7], @y[4] - pxor @t[4], @y[7] - pshufd \$0x93, @t[6], @t[6] - pxor @t[0], @y[2] - pxor @t[5], @y[7] - pxor @t[2], @y[2] - pshufd \$0x93, @t[7], @t[7] - - pxor @y[1], @y[3] - pxor @t[1], @y[1] - pxor @t[0], @y[0] - pxor @t[0], @y[3] - pxor @t[5], @y[1] - pxor @t[5], @y[0] - pxor @t[7], @y[1] - pshufd \$0x93, @t[0], @t[0] - pxor @t[6], @y[0] - pxor @y[1], @y[3] - pxor @t[1], @y[4] - pshufd \$0x93, @t[1], @t[1] - - pxor @t[7], @y[7] - pxor @t[2], @y[4] - pxor @t[2], @y[5] - pshufd \$0x93, @t[2], @t[2] - pxor @t[6], @y[2] - pxor @t[3], @t[6] # clobber t[6] - pxor @y[7], @y[4] - pxor @t[6], @y[3] - - pxor @t[6], @y[6] - pxor @t[5], @y[5] - pxor @t[4], @y[6] - pshufd \$0x93, @t[4], @t[4] - pxor @t[6], @y[5] - pxor @t[7], @y[6] - pxor @t[3], @t[6] # restore t[6] - - pshufd \$0x93, @t[5], @t[5] - pshufd \$0x93, @t[6], @t[6] - pshufd \$0x93, @t[7], @t[7] - pshufd \$0x93, @t[3], @t[3] - - # multiplication by 0x09 - pxor @y[1], @y[4] - pxor @y[1], @t[1] # t[1]=y[1] - pxor @t[5], @t[0] # clobber t[0] - pxor @t[5], @t[1] - pxor @t[0], @y[3] - pxor @y[0], @t[0] # t[0]=y[0] - pxor @t[6], @t[1] - pxor @t[7], @t[6] # clobber t[6] - pxor @t[1], @y[4] - pxor @t[4], @y[7] - pxor @y[4], @t[4] # t[4]=y[4] - pxor @t[3], @y[6] - pxor @y[3], @t[3] # t[3]=y[3] - pxor @t[2], @y[5] - pxor @y[2], @t[2] # t[2]=y[2] - pxor @t[7], @t[3] - pxor @y[5], @t[5] # t[5]=y[5] - pxor @t[6], @t[2] - pxor @t[6], @t[5] - pxor @y[6], @t[6] # t[6]=y[6] - pxor @y[7], @t[7] # t[7]=y[7] - - movdqa @t[0],@XMM[0] - movdqa @t[1],@XMM[1] - movdqa @t[2],@XMM[2] - movdqa @t[3],@XMM[3] - movdqa @t[4],@XMM[4] - movdqa @t[5],@XMM[5] - movdqa @t[6],@XMM[6] - movdqa @t[7],@XMM[7] -___ -} - -sub InvMixColumns { -my @x=@_[0..7]; -my @t=@_[8..15]; - -# Thanks to Jussi Kivilinna for providing pointer to -# -# | 0e 0b 0d 09 | | 02 03 01 01 | | 05 00 04 00 | -# | 09 0e 0b 0d | = | 01 02 03 01 | x | 00 05 00 04 | -# | 0d 09 0e 0b | | 01 01 02 03 | | 04 00 05 00 | -# | 0b 0d 09 0e | | 03 01 01 02 | | 00 04 00 05 | - -$code.=<<___; - # multiplication by 0x05-0x00-0x04-0x00 - pshufd \$0x4E, @x[0], @t[0] - pshufd \$0x4E, @x[6], @t[6] - pxor @x[0], @t[0] - pshufd \$0x4E, @x[7], @t[7] - pxor @x[6], @t[6] - pshufd \$0x4E, @x[1], @t[1] - pxor @x[7], @t[7] - pshufd \$0x4E, @x[2], @t[2] - pxor @x[1], @t[1] - pshufd \$0x4E, @x[3], @t[3] - pxor @x[2], @t[2] - pxor @t[6], @x[0] - pxor @t[6], @x[1] - pshufd \$0x4E, @x[4], @t[4] - pxor @x[3], @t[3] - pxor @t[0], @x[2] - pxor @t[1], @x[3] - pshufd \$0x4E, @x[5], @t[5] - pxor @x[4], @t[4] - pxor @t[7], @x[1] - pxor @t[2], @x[4] - pxor @x[5], @t[5] - - pxor @t[7], @x[2] - pxor @t[6], @x[3] - pxor @t[6], @x[4] - pxor @t[3], @x[5] - pxor @t[4], @x[6] - pxor @t[7], @x[4] - pxor @t[7], @x[5] - pxor @t[5], @x[7] -___ - &MixColumns (@x,@t,1); # flipped 2<->3 and 4<->6 -} - -sub aesenc { # not used -my @b=@_[0..7]; -my @t=@_[8..15]; -$code.=<<___; - movdqa 0x30($const),@t[0] # .LSR -___ - &ShiftRows (@b,@t[0]); - &Sbox (@b,@t); - &MixColumns (@b[0,1,4,6,3,7,2,5],@t); -} - -sub aesenclast { # not used -my @b=@_[0..7]; -my @t=@_[8..15]; -$code.=<<___; - movdqa 0x40($const),@t[0] # .LSRM0 -___ - &ShiftRows (@b,@t[0]); - &Sbox (@b,@t); -$code.=<<___ - pxor 0x00($key),@b[0] - pxor 0x10($key),@b[1] - pxor 0x20($key),@b[4] - pxor 0x30($key),@b[6] - pxor 0x40($key),@b[3] - pxor 0x50($key),@b[7] - pxor 0x60($key),@b[2] - pxor 0x70($key),@b[5] -___ -} - -sub swapmove { -my ($a,$b,$n,$mask,$t)=@_; -$code.=<<___; - movdqa $b,$t - psrlq \$$n,$b - pxor $a,$b - pand $mask,$b - pxor $b,$a - psllq \$$n,$b - pxor $t,$b -___ -} -sub swapmove2x { -my ($a0,$b0,$a1,$b1,$n,$mask,$t0,$t1)=@_; -$code.=<<___; - movdqa $b0,$t0 - psrlq \$$n,$b0 - movdqa $b1,$t1 - psrlq \$$n,$b1 - pxor $a0,$b0 - pxor $a1,$b1 - pand $mask,$b0 - pand $mask,$b1 - pxor $b0,$a0 - psllq \$$n,$b0 - pxor $b1,$a1 - psllq \$$n,$b1 - pxor $t0,$b0 - pxor $t1,$b1 -___ -} - -sub bitslice { -my @x=reverse(@_[0..7]); -my ($t0,$t1,$t2,$t3)=@_[8..11]; -$code.=<<___; - movdqa 0x00($const),$t0 # .LBS0 - movdqa 0x10($const),$t1 # .LBS1 -___ - &swapmove2x(@x[0,1,2,3],1,$t0,$t2,$t3); - &swapmove2x(@x[4,5,6,7],1,$t0,$t2,$t3); -$code.=<<___; - movdqa 0x20($const),$t0 # .LBS2 -___ - &swapmove2x(@x[0,2,1,3],2,$t1,$t2,$t3); - &swapmove2x(@x[4,6,5,7],2,$t1,$t2,$t3); - - &swapmove2x(@x[0,4,1,5],4,$t0,$t2,$t3); - &swapmove2x(@x[2,6,3,7],4,$t0,$t2,$t3); -} - -$code.=<<___; -.text - -.extern asm_AES_encrypt -.extern asm_AES_decrypt - -.type _bsaes_encrypt8,\@abi-omnipotent -.align 64 -_bsaes_encrypt8: -.cfi_startproc - lea .LBS0(%rip), $const # constants table - - movdqa ($key), @XMM[9] # round 0 key - lea 0x10($key), $key - movdqa 0x50($const), @XMM[8] # .LM0SR - pxor @XMM[9], @XMM[0] # xor with round0 key - pxor @XMM[9], @XMM[1] - pxor @XMM[9], @XMM[2] - pxor @XMM[9], @XMM[3] - pshufb @XMM[8], @XMM[0] - pshufb @XMM[8], @XMM[1] - pxor @XMM[9], @XMM[4] - pxor @XMM[9], @XMM[5] - pshufb @XMM[8], @XMM[2] - pshufb @XMM[8], @XMM[3] - pxor @XMM[9], @XMM[6] - pxor @XMM[9], @XMM[7] - pshufb @XMM[8], @XMM[4] - pshufb @XMM[8], @XMM[5] - pshufb @XMM[8], @XMM[6] - pshufb @XMM[8], @XMM[7] -_bsaes_encrypt8_bitslice: -___ - &bitslice (@XMM[0..7, 8..11]); -$code.=<<___; - dec $rounds - jmp .Lenc_sbox -.align 16 -.Lenc_loop: -___ - &ShiftRows (@XMM[0..7, 8]); -$code.=".Lenc_sbox:\n"; - &Sbox (@XMM[0..7, 8..15]); -$code.=<<___; - dec $rounds - jl .Lenc_done -___ - &MixColumns (@XMM[0,1,4,6,3,7,2,5, 8..15]); -$code.=<<___; - movdqa 0x30($const), @XMM[8] # .LSR - jnz .Lenc_loop - movdqa 0x40($const), @XMM[8] # .LSRM0 - jmp .Lenc_loop -.align 16 -.Lenc_done: -___ - # output in lsb > [t0, t1, t4, t6, t3, t7, t2, t5] < msb - &bitslice (@XMM[0,1,4,6,3,7,2,5, 8..11]); -$code.=<<___; - movdqa ($key), @XMM[8] # last round key - pxor @XMM[8], @XMM[4] - pxor @XMM[8], @XMM[6] - pxor @XMM[8], @XMM[3] - pxor @XMM[8], @XMM[7] - pxor @XMM[8], @XMM[2] - pxor @XMM[8], @XMM[5] - pxor @XMM[8], @XMM[0] - pxor @XMM[8], @XMM[1] - ret -.cfi_endproc -.size _bsaes_encrypt8,.-_bsaes_encrypt8 - -.type _bsaes_decrypt8,\@abi-omnipotent -.align 64 -_bsaes_decrypt8: -.cfi_startproc - lea .LBS0(%rip), $const # constants table - - movdqa ($key), @XMM[9] # round 0 key - lea 0x10($key), $key - movdqa -0x30($const), @XMM[8] # .LM0ISR - pxor @XMM[9], @XMM[0] # xor with round0 key - pxor @XMM[9], @XMM[1] - pxor @XMM[9], @XMM[2] - pxor @XMM[9], @XMM[3] - pshufb @XMM[8], @XMM[0] - pshufb @XMM[8], @XMM[1] - pxor @XMM[9], @XMM[4] - pxor @XMM[9], @XMM[5] - pshufb @XMM[8], @XMM[2] - pshufb @XMM[8], @XMM[3] - pxor @XMM[9], @XMM[6] - pxor @XMM[9], @XMM[7] - pshufb @XMM[8], @XMM[4] - pshufb @XMM[8], @XMM[5] - pshufb @XMM[8], @XMM[6] - pshufb @XMM[8], @XMM[7] -___ - &bitslice (@XMM[0..7, 8..11]); -$code.=<<___; - dec $rounds - jmp .Ldec_sbox -.align 16 -.Ldec_loop: -___ - &ShiftRows (@XMM[0..7, 8]); -$code.=".Ldec_sbox:\n"; - &InvSbox (@XMM[0..7, 8..15]); -$code.=<<___; - dec $rounds - jl .Ldec_done -___ - &InvMixColumns (@XMM[0,1,6,4,2,7,3,5, 8..15]); -$code.=<<___; - movdqa -0x10($const), @XMM[8] # .LISR - jnz .Ldec_loop - movdqa -0x20($const), @XMM[8] # .LISRM0 - jmp .Ldec_loop -.align 16 -.Ldec_done: -___ - &bitslice (@XMM[0,1,6,4,2,7,3,5, 8..11]); -$code.=<<___; - movdqa ($key), @XMM[8] # last round key - pxor @XMM[8], @XMM[6] - pxor @XMM[8], @XMM[4] - pxor @XMM[8], @XMM[2] - pxor @XMM[8], @XMM[7] - pxor @XMM[8], @XMM[3] - pxor @XMM[8], @XMM[5] - pxor @XMM[8], @XMM[0] - pxor @XMM[8], @XMM[1] - ret -.cfi_endproc -.size _bsaes_decrypt8,.-_bsaes_decrypt8 -___ -} -{ -my ($out,$inp,$rounds,$const)=("%rax","%rcx","%r10d","%r11"); - -sub bitslice_key { -my @x=reverse(@_[0..7]); -my ($bs0,$bs1,$bs2,$t2,$t3)=@_[8..12]; - - &swapmove (@x[0,1],1,$bs0,$t2,$t3); -$code.=<<___; - #&swapmove(@x[2,3],1,$t0,$t2,$t3); - movdqa @x[0], @x[2] - movdqa @x[1], @x[3] -___ - #&swapmove2x(@x[4,5,6,7],1,$t0,$t2,$t3); - - &swapmove2x (@x[0,2,1,3],2,$bs1,$t2,$t3); -$code.=<<___; - #&swapmove2x(@x[4,6,5,7],2,$t1,$t2,$t3); - movdqa @x[0], @x[4] - movdqa @x[2], @x[6] - movdqa @x[1], @x[5] - movdqa @x[3], @x[7] -___ - &swapmove2x (@x[0,4,1,5],4,$bs2,$t2,$t3); - &swapmove2x (@x[2,6,3,7],4,$bs2,$t2,$t3); -} - -$code.=<<___; -.type _bsaes_key_convert,\@abi-omnipotent -.align 16 -_bsaes_key_convert: -.cfi_startproc - lea .Lmasks(%rip), $const - movdqu ($inp), %xmm7 # load round 0 key - lea 0x10($inp), $inp - movdqa 0x00($const), %xmm0 # 0x01... - movdqa 0x10($const), %xmm1 # 0x02... - movdqa 0x20($const), %xmm2 # 0x04... - movdqa 0x30($const), %xmm3 # 0x08... - movdqa 0x40($const), %xmm4 # .LM0 - pcmpeqd %xmm5, %xmm5 # .LNOT - - movdqu ($inp), %xmm6 # load round 1 key - movdqa %xmm7, ($out) # save round 0 key - lea 0x10($out), $out - dec $rounds - jmp .Lkey_loop -.align 16 -.Lkey_loop: - pshufb %xmm4, %xmm6 # .LM0 - - movdqa %xmm0, %xmm8 - movdqa %xmm1, %xmm9 - - pand %xmm6, %xmm8 - pand %xmm6, %xmm9 - movdqa %xmm2, %xmm10 - pcmpeqb %xmm0, %xmm8 - psllq \$4, %xmm0 # 0x10... - movdqa %xmm3, %xmm11 - pcmpeqb %xmm1, %xmm9 - psllq \$4, %xmm1 # 0x20... - - pand %xmm6, %xmm10 - pand %xmm6, %xmm11 - movdqa %xmm0, %xmm12 - pcmpeqb %xmm2, %xmm10 - psllq \$4, %xmm2 # 0x40... - movdqa %xmm1, %xmm13 - pcmpeqb %xmm3, %xmm11 - psllq \$4, %xmm3 # 0x80... - - movdqa %xmm2, %xmm14 - movdqa %xmm3, %xmm15 - pxor %xmm5, %xmm8 # "pnot" - pxor %xmm5, %xmm9 - - pand %xmm6, %xmm12 - pand %xmm6, %xmm13 - movdqa %xmm8, 0x00($out) # write bit-sliced round key - pcmpeqb %xmm0, %xmm12 - psrlq \$4, %xmm0 # 0x01... - movdqa %xmm9, 0x10($out) - pcmpeqb %xmm1, %xmm13 - psrlq \$4, %xmm1 # 0x02... - lea 0x10($inp), $inp - - pand %xmm6, %xmm14 - pand %xmm6, %xmm15 - movdqa %xmm10, 0x20($out) - pcmpeqb %xmm2, %xmm14 - psrlq \$4, %xmm2 # 0x04... - movdqa %xmm11, 0x30($out) - pcmpeqb %xmm3, %xmm15 - psrlq \$4, %xmm3 # 0x08... - movdqu ($inp), %xmm6 # load next round key - - pxor %xmm5, %xmm13 # "pnot" - pxor %xmm5, %xmm14 - movdqa %xmm12, 0x40($out) - movdqa %xmm13, 0x50($out) - movdqa %xmm14, 0x60($out) - movdqa %xmm15, 0x70($out) - lea 0x80($out),$out - dec $rounds - jnz .Lkey_loop - - movdqa 0x50($const), %xmm7 # .L63 - #movdqa %xmm6, ($out) # don't save last round key - ret -.cfi_endproc -.size _bsaes_key_convert,.-_bsaes_key_convert -___ -} - -if (0 && !$win64) { # following four functions are unsupported interface - # used for benchmarking... -$code.=<<___; -.globl bsaes_enc_key_convert -.type bsaes_enc_key_convert,\@function,2 -.align 16 -bsaes_enc_key_convert: - mov 240($inp),%r10d # pass rounds - mov $inp,%rcx # pass key - mov $out,%rax # pass key schedule - call _bsaes_key_convert - pxor %xmm6,%xmm7 # fix up last round key - movdqa %xmm7,(%rax) # save last round key - ret -.size bsaes_enc_key_convert,.-bsaes_enc_key_convert - -.globl bsaes_encrypt_128 -.type bsaes_encrypt_128,\@function,4 -.align 16 -bsaes_encrypt_128: -.Lenc128_loop: - movdqu 0x00($inp), @XMM[0] # load input - movdqu 0x10($inp), @XMM[1] - movdqu 0x20($inp), @XMM[2] - movdqu 0x30($inp), @XMM[3] - movdqu 0x40($inp), @XMM[4] - movdqu 0x50($inp), @XMM[5] - movdqu 0x60($inp), @XMM[6] - movdqu 0x70($inp), @XMM[7] - mov $key, %rax # pass the $key - lea 0x80($inp), $inp - mov \$10,%r10d - - call _bsaes_encrypt8 - - movdqu @XMM[0], 0x00($out) # write output - movdqu @XMM[1], 0x10($out) - movdqu @XMM[4], 0x20($out) - movdqu @XMM[6], 0x30($out) - movdqu @XMM[3], 0x40($out) - movdqu @XMM[7], 0x50($out) - movdqu @XMM[2], 0x60($out) - movdqu @XMM[5], 0x70($out) - lea 0x80($out), $out - sub \$0x80,$len - ja .Lenc128_loop - ret -.size bsaes_encrypt_128,.-bsaes_encrypt_128 - -.globl bsaes_dec_key_convert -.type bsaes_dec_key_convert,\@function,2 -.align 16 -bsaes_dec_key_convert: - mov 240($inp),%r10d # pass rounds - mov $inp,%rcx # pass key - mov $out,%rax # pass key schedule - call _bsaes_key_convert - pxor ($out),%xmm7 # fix up round 0 key - movdqa %xmm6,(%rax) # save last round key - movdqa %xmm7,($out) - ret -.size bsaes_dec_key_convert,.-bsaes_dec_key_convert - -.globl bsaes_decrypt_128 -.type bsaes_decrypt_128,\@function,4 -.align 16 -bsaes_decrypt_128: -.Ldec128_loop: - movdqu 0x00($inp), @XMM[0] # load input - movdqu 0x10($inp), @XMM[1] - movdqu 0x20($inp), @XMM[2] - movdqu 0x30($inp), @XMM[3] - movdqu 0x40($inp), @XMM[4] - movdqu 0x50($inp), @XMM[5] - movdqu 0x60($inp), @XMM[6] - movdqu 0x70($inp), @XMM[7] - mov $key, %rax # pass the $key - lea 0x80($inp), $inp - mov \$10,%r10d - - call _bsaes_decrypt8 - - movdqu @XMM[0], 0x00($out) # write output - movdqu @XMM[1], 0x10($out) - movdqu @XMM[6], 0x20($out) - movdqu @XMM[4], 0x30($out) - movdqu @XMM[2], 0x40($out) - movdqu @XMM[7], 0x50($out) - movdqu @XMM[3], 0x60($out) - movdqu @XMM[5], 0x70($out) - lea 0x80($out), $out - sub \$0x80,$len - ja .Ldec128_loop - ret -.size bsaes_decrypt_128,.-bsaes_decrypt_128 -___ -} -{ -###################################################################### -# -# OpenSSL interface -# -my ($arg1,$arg2,$arg3,$arg4,$arg5,$arg6)=$win64 ? ("%rcx","%rdx","%r8","%r9","%r10","%r11d") - : ("%rdi","%rsi","%rdx","%rcx","%r8","%r9d"); -my ($inp,$out,$len,$key)=("%r12","%r13","%r14","%r15"); - -if ($ecb) { -$code.=<<___; -.globl bsaes_ecb_encrypt_blocks -.type bsaes_ecb_encrypt_blocks,\@abi-omnipotent -.align 16 -bsaes_ecb_encrypt_blocks: -.cfi_startproc - mov %rsp, %rax -.Lecb_enc_prologue: - push %rbp -.cfi_push %rbp - push %rbx -.cfi_push %rbx - push %r12 -.cfi_push %r12 - push %r13 -.cfi_push %r13 - push %r14 -.cfi_push %r14 - push %r15 -.cfi_push %r15 - lea -0x48(%rsp),%rsp -.cfi_adjust_cfa_offset 0x48 -___ -$code.=<<___ if ($win64); - lea -0xa0(%rsp), %rsp - movaps %xmm6, 0x40(%rsp) - movaps %xmm7, 0x50(%rsp) - movaps %xmm8, 0x60(%rsp) - movaps %xmm9, 0x70(%rsp) - movaps %xmm10, 0x80(%rsp) - movaps %xmm11, 0x90(%rsp) - movaps %xmm12, 0xa0(%rsp) - movaps %xmm13, 0xb0(%rsp) - movaps %xmm14, 0xc0(%rsp) - movaps %xmm15, 0xd0(%rsp) -.Lecb_enc_body: -___ -$code.=<<___; - mov %rsp,%rbp # backup %rsp -.cfi_def_cfa_register %rbp - mov 240($arg4),%eax # rounds - mov $arg1,$inp # backup arguments - mov $arg2,$out - mov $arg3,$len - mov $arg4,$key - cmp \$8,$arg3 - jb .Lecb_enc_short - - mov %eax,%ebx # backup rounds - shl \$7,%rax # 128 bytes per inner round key - sub \$`128-32`,%rax # size of bit-sliced key schedule - sub %rax,%rsp - mov %rsp,%rax # pass key schedule - mov $key,%rcx # pass key - mov %ebx,%r10d # pass rounds - call _bsaes_key_convert - pxor %xmm6,%xmm7 # fix up last round key - movdqa %xmm7,(%rax) # save last round key - - sub \$8,$len -.Lecb_enc_loop: - movdqu 0x00($inp), @XMM[0] # load input - movdqu 0x10($inp), @XMM[1] - movdqu 0x20($inp), @XMM[2] - movdqu 0x30($inp), @XMM[3] - movdqu 0x40($inp), @XMM[4] - movdqu 0x50($inp), @XMM[5] - mov %rsp, %rax # pass key schedule - movdqu 0x60($inp), @XMM[6] - mov %ebx,%r10d # pass rounds - movdqu 0x70($inp), @XMM[7] - lea 0x80($inp), $inp - - call _bsaes_encrypt8 - - movdqu @XMM[0], 0x00($out) # write output - movdqu @XMM[1], 0x10($out) - movdqu @XMM[4], 0x20($out) - movdqu @XMM[6], 0x30($out) - movdqu @XMM[3], 0x40($out) - movdqu @XMM[7], 0x50($out) - movdqu @XMM[2], 0x60($out) - movdqu @XMM[5], 0x70($out) - lea 0x80($out), $out - sub \$8,$len - jnc .Lecb_enc_loop - - add \$8,$len - jz .Lecb_enc_done - - movdqu 0x00($inp), @XMM[0] # load input - mov %rsp, %rax # pass key schedule - mov %ebx,%r10d # pass rounds - cmp \$2,$len - jb .Lecb_enc_one - movdqu 0x10($inp), @XMM[1] - je .Lecb_enc_two - movdqu 0x20($inp), @XMM[2] - cmp \$4,$len - jb .Lecb_enc_three - movdqu 0x30($inp), @XMM[3] - je .Lecb_enc_four - movdqu 0x40($inp), @XMM[4] - cmp \$6,$len - jb .Lecb_enc_five - movdqu 0x50($inp), @XMM[5] - je .Lecb_enc_six - movdqu 0x60($inp), @XMM[6] - call _bsaes_encrypt8 - movdqu @XMM[0], 0x00($out) # write output - movdqu @XMM[1], 0x10($out) - movdqu @XMM[4], 0x20($out) - movdqu @XMM[6], 0x30($out) - movdqu @XMM[3], 0x40($out) - movdqu @XMM[7], 0x50($out) - movdqu @XMM[2], 0x60($out) - jmp .Lecb_enc_done -.align 16 -.Lecb_enc_six: - call _bsaes_encrypt8 - movdqu @XMM[0], 0x00($out) # write output - movdqu @XMM[1], 0x10($out) - movdqu @XMM[4], 0x20($out) - movdqu @XMM[6], 0x30($out) - movdqu @XMM[3], 0x40($out) - movdqu @XMM[7], 0x50($out) - jmp .Lecb_enc_done -.align 16 -.Lecb_enc_five: - call _bsaes_encrypt8 - movdqu @XMM[0], 0x00($out) # write output - movdqu @XMM[1], 0x10($out) - movdqu @XMM[4], 0x20($out) - movdqu @XMM[6], 0x30($out) - movdqu @XMM[3], 0x40($out) - jmp .Lecb_enc_done -.align 16 -.Lecb_enc_four: - call _bsaes_encrypt8 - movdqu @XMM[0], 0x00($out) # write output - movdqu @XMM[1], 0x10($out) - movdqu @XMM[4], 0x20($out) - movdqu @XMM[6], 0x30($out) - jmp .Lecb_enc_done -.align 16 -.Lecb_enc_three: - call _bsaes_encrypt8 - movdqu @XMM[0], 0x00($out) # write output - movdqu @XMM[1], 0x10($out) - movdqu @XMM[4], 0x20($out) - jmp .Lecb_enc_done -.align 16 -.Lecb_enc_two: - call _bsaes_encrypt8 - movdqu @XMM[0], 0x00($out) # write output - movdqu @XMM[1], 0x10($out) - jmp .Lecb_enc_done -.align 16 -.Lecb_enc_one: - call _bsaes_encrypt8 - movdqu @XMM[0], 0x00($out) # write output - jmp .Lecb_enc_done -.align 16 -.Lecb_enc_short: - lea ($inp), $arg1 - lea ($out), $arg2 - lea ($key), $arg3 - call asm_AES_encrypt - lea 16($inp), $inp - lea 16($out), $out - dec $len - jnz .Lecb_enc_short - -.Lecb_enc_done: - lea (%rsp),%rax - pxor %xmm0, %xmm0 -.Lecb_enc_bzero: # wipe key schedule [if any] - movdqa %xmm0, 0x00(%rax) - movdqa %xmm0, 0x10(%rax) - lea 0x20(%rax), %rax - cmp %rax, %rbp - jb .Lecb_enc_bzero - - lea 0x78(%rbp),%rax -.cfi_def_cfa %rax,8 -___ -$code.=<<___ if ($win64); - movaps 0x40(%rbp), %xmm6 - movaps 0x50(%rbp), %xmm7 - movaps 0x60(%rbp), %xmm8 - movaps 0x70(%rbp), %xmm9 - movaps 0x80(%rbp), %xmm10 - movaps 0x90(%rbp), %xmm11 - movaps 0xa0(%rbp), %xmm12 - movaps 0xb0(%rbp), %xmm13 - movaps 0xc0(%rbp), %xmm14 - movaps 0xd0(%rbp), %xmm15 - lea 0xa0(%rax), %rax -.Lecb_enc_tail: -___ -$code.=<<___; - mov -48(%rax), %r15 -.cfi_restore %r15 - mov -40(%rax), %r14 -.cfi_restore %r14 - mov -32(%rax), %r13 -.cfi_restore %r13 - mov -24(%rax), %r12 -.cfi_restore %r12 - mov -16(%rax), %rbx -.cfi_restore %rbx - mov -8(%rax), %rbp -.cfi_restore %rbp - lea (%rax), %rsp # restore %rsp -.cfi_def_cfa_register %rsp -.Lecb_enc_epilogue: - ret -.cfi_endproc -.size bsaes_ecb_encrypt_blocks,.-bsaes_ecb_encrypt_blocks - -.globl bsaes_ecb_decrypt_blocks -.type bsaes_ecb_decrypt_blocks,\@abi-omnipotent -.align 16 -bsaes_ecb_decrypt_blocks: -.cfi_startproc - mov %rsp, %rax -.Lecb_dec_prologue: - push %rbp -.cfi_push %rbp - push %rbx -.cfi_push %rbx - push %r12 -.cfi_push %r12 - push %r13 -.cfi_push %r13 - push %r14 -.cfi_push %r14 - push %r15 -.cfi_push %r15 - lea -0x48(%rsp),%rsp -.cfi_adjust_cfa_offset 0x48 -___ -$code.=<<___ if ($win64); - lea -0xa0(%rsp), %rsp - movaps %xmm6, 0x40(%rsp) - movaps %xmm7, 0x50(%rsp) - movaps %xmm8, 0x60(%rsp) - movaps %xmm9, 0x70(%rsp) - movaps %xmm10, 0x80(%rsp) - movaps %xmm11, 0x90(%rsp) - movaps %xmm12, 0xa0(%rsp) - movaps %xmm13, 0xb0(%rsp) - movaps %xmm14, 0xc0(%rsp) - movaps %xmm15, 0xd0(%rsp) -.Lecb_dec_body: -___ -$code.=<<___; - mov %rsp,%rbp # backup %rsp -.cfi_def_cfa_register %rbp - mov 240($arg4),%eax # rounds - mov $arg1,$inp # backup arguments - mov $arg2,$out - mov $arg3,$len - mov $arg4,$key - cmp \$8,$arg3 - jb .Lecb_dec_short - - mov %eax,%ebx # backup rounds - shl \$7,%rax # 128 bytes per inner round key - sub \$`128-32`,%rax # size of bit-sliced key schedule - sub %rax,%rsp - mov %rsp,%rax # pass key schedule - mov $key,%rcx # pass key - mov %ebx,%r10d # pass rounds - call _bsaes_key_convert - pxor (%rsp),%xmm7 # fix up 0 round key - movdqa %xmm6,(%rax) # save last round key - movdqa %xmm7,(%rsp) - - sub \$8,$len -.Lecb_dec_loop: - movdqu 0x00($inp), @XMM[0] # load input - movdqu 0x10($inp), @XMM[1] - movdqu 0x20($inp), @XMM[2] - movdqu 0x30($inp), @XMM[3] - movdqu 0x40($inp), @XMM[4] - movdqu 0x50($inp), @XMM[5] - mov %rsp, %rax # pass key schedule - movdqu 0x60($inp), @XMM[6] - mov %ebx,%r10d # pass rounds - movdqu 0x70($inp), @XMM[7] - lea 0x80($inp), $inp - - call _bsaes_decrypt8 - - movdqu @XMM[0], 0x00($out) # write output - movdqu @XMM[1], 0x10($out) - movdqu @XMM[6], 0x20($out) - movdqu @XMM[4], 0x30($out) - movdqu @XMM[2], 0x40($out) - movdqu @XMM[7], 0x50($out) - movdqu @XMM[3], 0x60($out) - movdqu @XMM[5], 0x70($out) - lea 0x80($out), $out - sub \$8,$len - jnc .Lecb_dec_loop - - add \$8,$len - jz .Lecb_dec_done - - movdqu 0x00($inp), @XMM[0] # load input - mov %rsp, %rax # pass key schedule - mov %ebx,%r10d # pass rounds - cmp \$2,$len - jb .Lecb_dec_one - movdqu 0x10($inp), @XMM[1] - je .Lecb_dec_two - movdqu 0x20($inp), @XMM[2] - cmp \$4,$len - jb .Lecb_dec_three - movdqu 0x30($inp), @XMM[3] - je .Lecb_dec_four - movdqu 0x40($inp), @XMM[4] - cmp \$6,$len - jb .Lecb_dec_five - movdqu 0x50($inp), @XMM[5] - je .Lecb_dec_six - movdqu 0x60($inp), @XMM[6] - call _bsaes_decrypt8 - movdqu @XMM[0], 0x00($out) # write output - movdqu @XMM[1], 0x10($out) - movdqu @XMM[6], 0x20($out) - movdqu @XMM[4], 0x30($out) - movdqu @XMM[2], 0x40($out) - movdqu @XMM[7], 0x50($out) - movdqu @XMM[3], 0x60($out) - jmp .Lecb_dec_done -.align 16 -.Lecb_dec_six: - call _bsaes_decrypt8 - movdqu @XMM[0], 0x00($out) # write output - movdqu @XMM[1], 0x10($out) - movdqu @XMM[6], 0x20($out) - movdqu @XMM[4], 0x30($out) - movdqu @XMM[2], 0x40($out) - movdqu @XMM[7], 0x50($out) - jmp .Lecb_dec_done -.align 16 -.Lecb_dec_five: - call _bsaes_decrypt8 - movdqu @XMM[0], 0x00($out) # write output - movdqu @XMM[1], 0x10($out) - movdqu @XMM[6], 0x20($out) - movdqu @XMM[4], 0x30($out) - movdqu @XMM[2], 0x40($out) - jmp .Lecb_dec_done -.align 16 -.Lecb_dec_four: - call _bsaes_decrypt8 - movdqu @XMM[0], 0x00($out) # write output - movdqu @XMM[1], 0x10($out) - movdqu @XMM[6], 0x20($out) - movdqu @XMM[4], 0x30($out) - jmp .Lecb_dec_done -.align 16 -.Lecb_dec_three: - call _bsaes_decrypt8 - movdqu @XMM[0], 0x00($out) # write output - movdqu @XMM[1], 0x10($out) - movdqu @XMM[6], 0x20($out) - jmp .Lecb_dec_done -.align 16 -.Lecb_dec_two: - call _bsaes_decrypt8 - movdqu @XMM[0], 0x00($out) # write output - movdqu @XMM[1], 0x10($out) - jmp .Lecb_dec_done -.align 16 -.Lecb_dec_one: - call _bsaes_decrypt8 - movdqu @XMM[0], 0x00($out) # write output - jmp .Lecb_dec_done -.align 16 -.Lecb_dec_short: - lea ($inp), $arg1 - lea ($out), $arg2 - lea ($key), $arg3 - call asm_AES_decrypt - lea 16($inp), $inp - lea 16($out), $out - dec $len - jnz .Lecb_dec_short - -.Lecb_dec_done: - lea (%rsp),%rax - pxor %xmm0, %xmm0 -.Lecb_dec_bzero: # wipe key schedule [if any] - movdqa %xmm0, 0x00(%rax) - movdqa %xmm0, 0x10(%rax) - lea 0x20(%rax), %rax - cmp %rax, %rbp - jb .Lecb_dec_bzero - - lea 0x78(%rbp),%rax -.cfi_def_cfa %rax,8 -___ -$code.=<<___ if ($win64); - movaps 0x40(%rbp), %xmm6 - movaps 0x50(%rbp), %xmm7 - movaps 0x60(%rbp), %xmm8 - movaps 0x70(%rbp), %xmm9 - movaps 0x80(%rbp), %xmm10 - movaps 0x90(%rbp), %xmm11 - movaps 0xa0(%rbp), %xmm12 - movaps 0xb0(%rbp), %xmm13 - movaps 0xc0(%rbp), %xmm14 - movaps 0xd0(%rbp), %xmm15 - lea 0xa0(%rax), %rax -.Lecb_dec_tail: -___ -$code.=<<___; - mov -48(%rax), %r15 -.cfi_restore %r15 - mov -40(%rax), %r14 -.cfi_restore %r14 - mov -32(%rax), %r13 -.cfi_restore %r13 - mov -24(%rax), %r12 -.cfi_restore %r12 - mov -16(%rax), %rbx -.cfi_restore %rbx - mov -8(%rax), %rbp -.cfi_restore %rbp - lea (%rax), %rsp # restore %rsp -.cfi_def_cfa_register %rsp -.Lecb_dec_epilogue: - ret -.cfi_endproc -.size bsaes_ecb_decrypt_blocks,.-bsaes_ecb_decrypt_blocks -___ -} -$code.=<<___; -.extern asm_AES_cbc_encrypt -.globl ossl_bsaes_cbc_encrypt -.type ossl_bsaes_cbc_encrypt,\@abi-omnipotent -.align 16 -ossl_bsaes_cbc_encrypt: -.cfi_startproc - endbranch -___ -$code.=<<___ if ($win64); - mov 48(%rsp),$arg6 # pull direction flag -___ -$code.=<<___; - cmp \$0,$arg6 - jne asm_AES_cbc_encrypt - cmp \$128,$arg3 - jb asm_AES_cbc_encrypt - - mov %rsp, %rax -.Lcbc_dec_prologue: - push %rbp -.cfi_push %rbp - push %rbx -.cfi_push %rbx - push %r12 -.cfi_push %r12 - push %r13 -.cfi_push %r13 - push %r14 -.cfi_push %r14 - push %r15 -.cfi_push %r15 - lea -0x48(%rsp), %rsp -.cfi_adjust_cfa_offset 0x48 -___ -$code.=<<___ if ($win64); - mov 0xa0(%rsp),$arg5 # pull ivp - lea -0xa0(%rsp), %rsp - movaps %xmm6, 0x40(%rsp) - movaps %xmm7, 0x50(%rsp) - movaps %xmm8, 0x60(%rsp) - movaps %xmm9, 0x70(%rsp) - movaps %xmm10, 0x80(%rsp) - movaps %xmm11, 0x90(%rsp) - movaps %xmm12, 0xa0(%rsp) - movaps %xmm13, 0xb0(%rsp) - movaps %xmm14, 0xc0(%rsp) - movaps %xmm15, 0xd0(%rsp) -.Lcbc_dec_body: -___ -$code.=<<___; - mov %rsp, %rbp # backup %rsp -.cfi_def_cfa_register %rbp - mov 240($arg4), %eax # rounds - mov $arg1, $inp # backup arguments - mov $arg2, $out - mov $arg3, $len - mov $arg4, $key - mov $arg5, %rbx - shr \$4, $len # bytes to blocks - - mov %eax, %edx # rounds - shl \$7, %rax # 128 bytes per inner round key - sub \$`128-32`, %rax # size of bit-sliced key schedule - sub %rax, %rsp - - mov %rsp, %rax # pass key schedule - mov $key, %rcx # pass key - mov %edx, %r10d # pass rounds - call _bsaes_key_convert - pxor (%rsp),%xmm7 # fix up 0 round key - movdqa %xmm6,(%rax) # save last round key - movdqa %xmm7,(%rsp) - - movdqu (%rbx), @XMM[15] # load IV - sub \$8,$len -.Lcbc_dec_loop: - movdqu 0x00($inp), @XMM[0] # load input - movdqu 0x10($inp), @XMM[1] - movdqu 0x20($inp), @XMM[2] - movdqu 0x30($inp), @XMM[3] - movdqu 0x40($inp), @XMM[4] - movdqu 0x50($inp), @XMM[5] - mov %rsp, %rax # pass key schedule - movdqu 0x60($inp), @XMM[6] - mov %edx,%r10d # pass rounds - movdqu 0x70($inp), @XMM[7] - movdqa @XMM[15], 0x20(%rbp) # put aside IV - - call _bsaes_decrypt8 - - pxor 0x20(%rbp), @XMM[0] # ^= IV - movdqu 0x00($inp), @XMM[8] # re-load input - movdqu 0x10($inp), @XMM[9] - pxor @XMM[8], @XMM[1] - movdqu 0x20($inp), @XMM[10] - pxor @XMM[9], @XMM[6] - movdqu 0x30($inp), @XMM[11] - pxor @XMM[10], @XMM[4] - movdqu 0x40($inp), @XMM[12] - pxor @XMM[11], @XMM[2] - movdqu 0x50($inp), @XMM[13] - pxor @XMM[12], @XMM[7] - movdqu 0x60($inp), @XMM[14] - pxor @XMM[13], @XMM[3] - movdqu 0x70($inp), @XMM[15] # IV - pxor @XMM[14], @XMM[5] - movdqu @XMM[0], 0x00($out) # write output - lea 0x80($inp), $inp - movdqu @XMM[1], 0x10($out) - movdqu @XMM[6], 0x20($out) - movdqu @XMM[4], 0x30($out) - movdqu @XMM[2], 0x40($out) - movdqu @XMM[7], 0x50($out) - movdqu @XMM[3], 0x60($out) - movdqu @XMM[5], 0x70($out) - lea 0x80($out), $out - sub \$8,$len - jnc .Lcbc_dec_loop - - add \$8,$len - jz .Lcbc_dec_done - - movdqu 0x00($inp), @XMM[0] # load input - mov %rsp, %rax # pass key schedule - mov %edx, %r10d # pass rounds - cmp \$2,$len - jb .Lcbc_dec_one - movdqu 0x10($inp), @XMM[1] - je .Lcbc_dec_two - movdqu 0x20($inp), @XMM[2] - cmp \$4,$len - jb .Lcbc_dec_three - movdqu 0x30($inp), @XMM[3] - je .Lcbc_dec_four - movdqu 0x40($inp), @XMM[4] - cmp \$6,$len - jb .Lcbc_dec_five - movdqu 0x50($inp), @XMM[5] - je .Lcbc_dec_six - movdqu 0x60($inp), @XMM[6] - movdqa @XMM[15], 0x20(%rbp) # put aside IV - call _bsaes_decrypt8 - pxor 0x20(%rbp), @XMM[0] # ^= IV - movdqu 0x00($inp), @XMM[8] # re-load input - movdqu 0x10($inp), @XMM[9] - pxor @XMM[8], @XMM[1] - movdqu 0x20($inp), @XMM[10] - pxor @XMM[9], @XMM[6] - movdqu 0x30($inp), @XMM[11] - pxor @XMM[10], @XMM[4] - movdqu 0x40($inp), @XMM[12] - pxor @XMM[11], @XMM[2] - movdqu 0x50($inp), @XMM[13] - pxor @XMM[12], @XMM[7] - movdqu 0x60($inp), @XMM[15] # IV - pxor @XMM[13], @XMM[3] - movdqu @XMM[0], 0x00($out) # write output - movdqu @XMM[1], 0x10($out) - movdqu @XMM[6], 0x20($out) - movdqu @XMM[4], 0x30($out) - movdqu @XMM[2], 0x40($out) - movdqu @XMM[7], 0x50($out) - movdqu @XMM[3], 0x60($out) - jmp .Lcbc_dec_done -.align 16 -.Lcbc_dec_six: - movdqa @XMM[15], 0x20(%rbp) # put aside IV - call _bsaes_decrypt8 - pxor 0x20(%rbp), @XMM[0] # ^= IV - movdqu 0x00($inp), @XMM[8] # re-load input - movdqu 0x10($inp), @XMM[9] - pxor @XMM[8], @XMM[1] - movdqu 0x20($inp), @XMM[10] - pxor @XMM[9], @XMM[6] - movdqu 0x30($inp), @XMM[11] - pxor @XMM[10], @XMM[4] - movdqu 0x40($inp), @XMM[12] - pxor @XMM[11], @XMM[2] - movdqu 0x50($inp), @XMM[15] # IV - pxor @XMM[12], @XMM[7] - movdqu @XMM[0], 0x00($out) # write output - movdqu @XMM[1], 0x10($out) - movdqu @XMM[6], 0x20($out) - movdqu @XMM[4], 0x30($out) - movdqu @XMM[2], 0x40($out) - movdqu @XMM[7], 0x50($out) - jmp .Lcbc_dec_done -.align 16 -.Lcbc_dec_five: - movdqa @XMM[15], 0x20(%rbp) # put aside IV - call _bsaes_decrypt8 - pxor 0x20(%rbp), @XMM[0] # ^= IV - movdqu 0x00($inp), @XMM[8] # re-load input - movdqu 0x10($inp), @XMM[9] - pxor @XMM[8], @XMM[1] - movdqu 0x20($inp), @XMM[10] - pxor @XMM[9], @XMM[6] - movdqu 0x30($inp), @XMM[11] - pxor @XMM[10], @XMM[4] - movdqu 0x40($inp), @XMM[15] # IV - pxor @XMM[11], @XMM[2] - movdqu @XMM[0], 0x00($out) # write output - movdqu @XMM[1], 0x10($out) - movdqu @XMM[6], 0x20($out) - movdqu @XMM[4], 0x30($out) - movdqu @XMM[2], 0x40($out) - jmp .Lcbc_dec_done -.align 16 -.Lcbc_dec_four: - movdqa @XMM[15], 0x20(%rbp) # put aside IV - call _bsaes_decrypt8 - pxor 0x20(%rbp), @XMM[0] # ^= IV - movdqu 0x00($inp), @XMM[8] # re-load input - movdqu 0x10($inp), @XMM[9] - pxor @XMM[8], @XMM[1] - movdqu 0x20($inp), @XMM[10] - pxor @XMM[9], @XMM[6] - movdqu 0x30($inp), @XMM[15] # IV - pxor @XMM[10], @XMM[4] - movdqu @XMM[0], 0x00($out) # write output - movdqu @XMM[1], 0x10($out) - movdqu @XMM[6], 0x20($out) - movdqu @XMM[4], 0x30($out) - jmp .Lcbc_dec_done -.align 16 -.Lcbc_dec_three: - movdqa @XMM[15], 0x20(%rbp) # put aside IV - call _bsaes_decrypt8 - pxor 0x20(%rbp), @XMM[0] # ^= IV - movdqu 0x00($inp), @XMM[8] # re-load input - movdqu 0x10($inp), @XMM[9] - pxor @XMM[8], @XMM[1] - movdqu 0x20($inp), @XMM[15] # IV - pxor @XMM[9], @XMM[6] - movdqu @XMM[0], 0x00($out) # write output - movdqu @XMM[1], 0x10($out) - movdqu @XMM[6], 0x20($out) - jmp .Lcbc_dec_done -.align 16 -.Lcbc_dec_two: - movdqa @XMM[15], 0x20(%rbp) # put aside IV - call _bsaes_decrypt8 - pxor 0x20(%rbp), @XMM[0] # ^= IV - movdqu 0x00($inp), @XMM[8] # re-load input - movdqu 0x10($inp), @XMM[15] # IV - pxor @XMM[8], @XMM[1] - movdqu @XMM[0], 0x00($out) # write output - movdqu @XMM[1], 0x10($out) - jmp .Lcbc_dec_done -.align 16 -.Lcbc_dec_one: - lea ($inp), $arg1 - lea 0x20(%rbp), $arg2 # buffer output - lea ($key), $arg3 - call asm_AES_decrypt # doesn't touch %xmm - pxor 0x20(%rbp), @XMM[15] # ^= IV - movdqu @XMM[15], ($out) # write output - movdqa @XMM[0], @XMM[15] # IV - -.Lcbc_dec_done: - movdqu @XMM[15], (%rbx) # return IV - lea (%rsp), %rax - pxor %xmm0, %xmm0 -.Lcbc_dec_bzero: # wipe key schedule [if any] - movdqa %xmm0, 0x00(%rax) - movdqa %xmm0, 0x10(%rax) - lea 0x20(%rax), %rax - cmp %rax, %rbp - ja .Lcbc_dec_bzero - - lea 0x78(%rbp),%rax -.cfi_def_cfa %rax,8 -___ -$code.=<<___ if ($win64); - movaps 0x40(%rbp), %xmm6 - movaps 0x50(%rbp), %xmm7 - movaps 0x60(%rbp), %xmm8 - movaps 0x70(%rbp), %xmm9 - movaps 0x80(%rbp), %xmm10 - movaps 0x90(%rbp), %xmm11 - movaps 0xa0(%rbp), %xmm12 - movaps 0xb0(%rbp), %xmm13 - movaps 0xc0(%rbp), %xmm14 - movaps 0xd0(%rbp), %xmm15 - lea 0xa0(%rax), %rax -.Lcbc_dec_tail: -___ -$code.=<<___; - mov -48(%rax), %r15 -.cfi_restore %r15 - mov -40(%rax), %r14 -.cfi_restore %r14 - mov -32(%rax), %r13 -.cfi_restore %r13 - mov -24(%rax), %r12 -.cfi_restore %r12 - mov -16(%rax), %rbx -.cfi_restore %rbx - mov -8(%rax), %rbp -.cfi_restore %rbp - lea (%rax), %rsp # restore %rsp -.cfi_def_cfa_register %rsp -.Lcbc_dec_epilogue: - ret -.cfi_endproc -.size ossl_bsaes_cbc_encrypt,.-ossl_bsaes_cbc_encrypt - -.globl ossl_bsaes_ctr32_encrypt_blocks -.type ossl_bsaes_ctr32_encrypt_blocks,\@abi-omnipotent -.align 16 -ossl_bsaes_ctr32_encrypt_blocks: -.cfi_startproc - endbranch - mov %rsp, %rax -.Lctr_enc_prologue: - push %rbp -.cfi_push %rbp - push %rbx -.cfi_push %rbx - push %r12 -.cfi_push %r12 - push %r13 -.cfi_push %r13 - push %r14 -.cfi_push %r14 - push %r15 -.cfi_push %r15 - lea -0x48(%rsp), %rsp -.cfi_adjust_cfa_offset 0x48 -___ -$code.=<<___ if ($win64); - mov 0xa0(%rsp),$arg5 # pull ivp - lea -0xa0(%rsp), %rsp - movaps %xmm6, 0x40(%rsp) - movaps %xmm7, 0x50(%rsp) - movaps %xmm8, 0x60(%rsp) - movaps %xmm9, 0x70(%rsp) - movaps %xmm10, 0x80(%rsp) - movaps %xmm11, 0x90(%rsp) - movaps %xmm12, 0xa0(%rsp) - movaps %xmm13, 0xb0(%rsp) - movaps %xmm14, 0xc0(%rsp) - movaps %xmm15, 0xd0(%rsp) -.Lctr_enc_body: -___ -$code.=<<___; - mov %rsp, %rbp # backup %rsp -.cfi_def_cfa_register %rbp - movdqu ($arg5), %xmm0 # load counter - mov 240($arg4), %eax # rounds - mov $arg1, $inp # backup arguments - mov $arg2, $out - mov $arg3, $len - mov $arg4, $key - movdqa %xmm0, 0x20(%rbp) # copy counter - cmp \$8, $arg3 - jb .Lctr_enc_short - - mov %eax, %ebx # rounds - shl \$7, %rax # 128 bytes per inner round key - sub \$`128-32`, %rax # size of bit-sliced key schedule - sub %rax, %rsp - - mov %rsp, %rax # pass key schedule - mov $key, %rcx # pass key - mov %ebx, %r10d # pass rounds - call _bsaes_key_convert - pxor %xmm6,%xmm7 # fix up last round key - movdqa %xmm7,(%rax) # save last round key - - movdqa (%rsp), @XMM[9] # load round0 key - lea .LADD1(%rip), %r11 - movdqa 0x20(%rbp), @XMM[0] # counter copy - movdqa -0x20(%r11), @XMM[8] # .LSWPUP - pshufb @XMM[8], @XMM[9] # byte swap upper part - pshufb @XMM[8], @XMM[0] - movdqa @XMM[9], (%rsp) # save adjusted round0 key - jmp .Lctr_enc_loop -.align 16 -.Lctr_enc_loop: - movdqa @XMM[0], 0x20(%rbp) # save counter - movdqa @XMM[0], @XMM[1] # prepare 8 counter values - movdqa @XMM[0], @XMM[2] - paddd 0x00(%r11), @XMM[1] # .LADD1 - movdqa @XMM[0], @XMM[3] - paddd 0x10(%r11), @XMM[2] # .LADD2 - movdqa @XMM[0], @XMM[4] - paddd 0x20(%r11), @XMM[3] # .LADD3 - movdqa @XMM[0], @XMM[5] - paddd 0x30(%r11), @XMM[4] # .LADD4 - movdqa @XMM[0], @XMM[6] - paddd 0x40(%r11), @XMM[5] # .LADD5 - movdqa @XMM[0], @XMM[7] - paddd 0x50(%r11), @XMM[6] # .LADD6 - paddd 0x60(%r11), @XMM[7] # .LADD7 - - # Borrow prologue from _bsaes_encrypt8 to use the opportunity - # to flip byte order in 32-bit counter - movdqa (%rsp), @XMM[9] # round 0 key - lea 0x10(%rsp), %rax # pass key schedule - movdqa -0x10(%r11), @XMM[8] # .LSWPUPM0SR - pxor @XMM[9], @XMM[0] # xor with round0 key - pxor @XMM[9], @XMM[1] - pxor @XMM[9], @XMM[2] - pxor @XMM[9], @XMM[3] - pshufb @XMM[8], @XMM[0] - pshufb @XMM[8], @XMM[1] - pxor @XMM[9], @XMM[4] - pxor @XMM[9], @XMM[5] - pshufb @XMM[8], @XMM[2] - pshufb @XMM[8], @XMM[3] - pxor @XMM[9], @XMM[6] - pxor @XMM[9], @XMM[7] - pshufb @XMM[8], @XMM[4] - pshufb @XMM[8], @XMM[5] - pshufb @XMM[8], @XMM[6] - pshufb @XMM[8], @XMM[7] - lea .LBS0(%rip), %r11 # constants table - mov %ebx,%r10d # pass rounds - - call _bsaes_encrypt8_bitslice - - sub \$8,$len - jc .Lctr_enc_loop_done - - movdqu 0x00($inp), @XMM[8] # load input - movdqu 0x10($inp), @XMM[9] - movdqu 0x20($inp), @XMM[10] - movdqu 0x30($inp), @XMM[11] - movdqu 0x40($inp), @XMM[12] - movdqu 0x50($inp), @XMM[13] - movdqu 0x60($inp), @XMM[14] - movdqu 0x70($inp), @XMM[15] - lea 0x80($inp),$inp - pxor @XMM[0], @XMM[8] - movdqa 0x20(%rbp), @XMM[0] # load counter - pxor @XMM[9], @XMM[1] - movdqu @XMM[8], 0x00($out) # write output - pxor @XMM[10], @XMM[4] - movdqu @XMM[1], 0x10($out) - pxor @XMM[11], @XMM[6] - movdqu @XMM[4], 0x20($out) - pxor @XMM[12], @XMM[3] - movdqu @XMM[6], 0x30($out) - pxor @XMM[13], @XMM[7] - movdqu @XMM[3], 0x40($out) - pxor @XMM[14], @XMM[2] - movdqu @XMM[7], 0x50($out) - pxor @XMM[15], @XMM[5] - movdqu @XMM[2], 0x60($out) - lea .LADD1(%rip), %r11 - movdqu @XMM[5], 0x70($out) - lea 0x80($out), $out - paddd 0x70(%r11), @XMM[0] # .LADD8 - jnz .Lctr_enc_loop - - jmp .Lctr_enc_done -.align 16 -.Lctr_enc_loop_done: - add \$8, $len - movdqu 0x00($inp), @XMM[8] # load input - pxor @XMM[8], @XMM[0] - movdqu @XMM[0], 0x00($out) # write output - cmp \$2,$len - jb .Lctr_enc_done - movdqu 0x10($inp), @XMM[9] - pxor @XMM[9], @XMM[1] - movdqu @XMM[1], 0x10($out) - je .Lctr_enc_done - movdqu 0x20($inp), @XMM[10] - pxor @XMM[10], @XMM[4] - movdqu @XMM[4], 0x20($out) - cmp \$4,$len - jb .Lctr_enc_done - movdqu 0x30($inp), @XMM[11] - pxor @XMM[11], @XMM[6] - movdqu @XMM[6], 0x30($out) - je .Lctr_enc_done - movdqu 0x40($inp), @XMM[12] - pxor @XMM[12], @XMM[3] - movdqu @XMM[3], 0x40($out) - cmp \$6,$len - jb .Lctr_enc_done - movdqu 0x50($inp), @XMM[13] - pxor @XMM[13], @XMM[7] - movdqu @XMM[7], 0x50($out) - je .Lctr_enc_done - movdqu 0x60($inp), @XMM[14] - pxor @XMM[14], @XMM[2] - movdqu @XMM[2], 0x60($out) - jmp .Lctr_enc_done - -.align 16 -.Lctr_enc_short: - lea 0x20(%rbp), $arg1 - lea 0x30(%rbp), $arg2 - lea ($key), $arg3 - call asm_AES_encrypt - movdqu ($inp), @XMM[1] - lea 16($inp), $inp - mov 0x2c(%rbp), %eax # load 32-bit counter - bswap %eax - pxor 0x30(%rbp), @XMM[1] - inc %eax # increment - movdqu @XMM[1], ($out) - bswap %eax - lea 16($out), $out - mov %eax, 0x2c(%rsp) # save 32-bit counter - dec $len - jnz .Lctr_enc_short - -.Lctr_enc_done: - lea (%rsp), %rax - pxor %xmm0, %xmm0 -.Lctr_enc_bzero: # wipe key schedule [if any] - movdqa %xmm0, 0x00(%rax) - movdqa %xmm0, 0x10(%rax) - lea 0x20(%rax), %rax - cmp %rax, %rbp - ja .Lctr_enc_bzero - - lea 0x78(%rbp),%rax -.cfi_def_cfa %rax,8 -___ -$code.=<<___ if ($win64); - movaps 0x40(%rbp), %xmm6 - movaps 0x50(%rbp), %xmm7 - movaps 0x60(%rbp), %xmm8 - movaps 0x70(%rbp), %xmm9 - movaps 0x80(%rbp), %xmm10 - movaps 0x90(%rbp), %xmm11 - movaps 0xa0(%rbp), %xmm12 - movaps 0xb0(%rbp), %xmm13 - movaps 0xc0(%rbp), %xmm14 - movaps 0xd0(%rbp), %xmm15 - lea 0xa0(%rax), %rax -.Lctr_enc_tail: -___ -$code.=<<___; - mov -48(%rax), %r15 -.cfi_restore %r15 - mov -40(%rax), %r14 -.cfi_restore %r14 - mov -32(%rax), %r13 -.cfi_restore %r13 - mov -24(%rax), %r12 -.cfi_restore %r12 - mov -16(%rax), %rbx -.cfi_restore %rbx - mov -8(%rax), %rbp -.cfi_restore %rbp - lea (%rax), %rsp # restore %rsp -.cfi_def_cfa_register %rsp -.Lctr_enc_epilogue: - ret -.cfi_endproc -.size ossl_bsaes_ctr32_encrypt_blocks,.-ossl_bsaes_ctr32_encrypt_blocks -___ -###################################################################### -# void bsaes_xts_[en|de]crypt(const char *inp,char *out,size_t len, -# const AES_KEY *key1, const AES_KEY *key2, -# const unsigned char iv[16]); -# -my ($twmask,$twres,$twtmp)=@XMM[13..15]; -$arg6=~s/d$//; - -$code.=<<___; -.globl ossl_bsaes_xts_encrypt -.type ossl_bsaes_xts_encrypt,\@abi-omnipotent -.align 16 -ossl_bsaes_xts_encrypt: -.cfi_startproc - mov %rsp, %rax -.Lxts_enc_prologue: - push %rbp -.cfi_push %rbp - push %rbx -.cfi_push %rbx - push %r12 -.cfi_push %r12 - push %r13 -.cfi_push %r13 - push %r14 -.cfi_push %r14 - push %r15 -.cfi_push %r15 - lea -0x48(%rsp), %rsp -.cfi_adjust_cfa_offset 0x48 -___ -$code.=<<___ if ($win64); - mov 0xa0(%rsp),$arg5 # pull key2 - mov 0xa8(%rsp),$arg6 # pull ivp - lea -0xa0(%rsp), %rsp - movaps %xmm6, 0x40(%rsp) - movaps %xmm7, 0x50(%rsp) - movaps %xmm8, 0x60(%rsp) - movaps %xmm9, 0x70(%rsp) - movaps %xmm10, 0x80(%rsp) - movaps %xmm11, 0x90(%rsp) - movaps %xmm12, 0xa0(%rsp) - movaps %xmm13, 0xb0(%rsp) - movaps %xmm14, 0xc0(%rsp) - movaps %xmm15, 0xd0(%rsp) -.Lxts_enc_body: -___ -$code.=<<___; - mov %rsp, %rbp # backup %rsp -.cfi_def_cfa_register %rbp - mov $arg1, $inp # backup arguments - mov $arg2, $out - mov $arg3, $len - mov $arg4, $key - - lea ($arg6), $arg1 - lea 0x20(%rbp), $arg2 - lea ($arg5), $arg3 - call asm_AES_encrypt # generate initial tweak - - mov 240($key), %eax # rounds - mov $len, %rbx # backup $len - - mov %eax, %edx # rounds - shl \$7, %rax # 128 bytes per inner round key - sub \$`128-32`, %rax # size of bit-sliced key schedule - sub %rax, %rsp - - mov %rsp, %rax # pass key schedule - mov $key, %rcx # pass key - mov %edx, %r10d # pass rounds - call _bsaes_key_convert - pxor %xmm6, %xmm7 # fix up last round key - movdqa %xmm7, (%rax) # save last round key - - and \$-16, $len - sub \$0x80, %rsp # place for tweak[8] - movdqa 0x20(%rbp), @XMM[7] # initial tweak - - pxor $twtmp, $twtmp - movdqa .Lxts_magic(%rip), $twmask - pcmpgtd @XMM[7], $twtmp # broadcast upper bits - - sub \$0x80, $len - jc .Lxts_enc_short - jmp .Lxts_enc_loop - -.align 16 -.Lxts_enc_loop: -___ - for ($i=0;$i<7;$i++) { - $code.=<<___; - pshufd \$0x13, $twtmp, $twres - pxor $twtmp, $twtmp - movdqa @XMM[7], @XMM[$i] - movdqa @XMM[7], `0x10*$i`(%rsp)# save tweak[$i] - paddq @XMM[7], @XMM[7] # psllq 1,$tweak - pand $twmask, $twres # isolate carry and residue - pcmpgtd @XMM[7], $twtmp # broadcast upper bits - pxor $twres, @XMM[7] -___ - $code.=<<___ if ($i>=1); - movdqu `0x10*($i-1)`($inp), @XMM[8+$i-1] -___ - $code.=<<___ if ($i>=2); - pxor @XMM[8+$i-2], @XMM[$i-2]# input[] ^ tweak[] -___ - } -$code.=<<___; - movdqu 0x60($inp), @XMM[8+6] - pxor @XMM[8+5], @XMM[5] - movdqu 0x70($inp), @XMM[8+7] - lea 0x80($inp), $inp - movdqa @XMM[7], 0x70(%rsp) - pxor @XMM[8+6], @XMM[6] - lea 0x80(%rsp), %rax # pass key schedule - pxor @XMM[8+7], @XMM[7] - mov %edx, %r10d # pass rounds - - call _bsaes_encrypt8 - - pxor 0x00(%rsp), @XMM[0] # ^= tweak[] - pxor 0x10(%rsp), @XMM[1] - movdqu @XMM[0], 0x00($out) # write output - pxor 0x20(%rsp), @XMM[4] - movdqu @XMM[1], 0x10($out) - pxor 0x30(%rsp), @XMM[6] - movdqu @XMM[4], 0x20($out) - pxor 0x40(%rsp), @XMM[3] - movdqu @XMM[6], 0x30($out) - pxor 0x50(%rsp), @XMM[7] - movdqu @XMM[3], 0x40($out) - pxor 0x60(%rsp), @XMM[2] - movdqu @XMM[7], 0x50($out) - pxor 0x70(%rsp), @XMM[5] - movdqu @XMM[2], 0x60($out) - movdqu @XMM[5], 0x70($out) - lea 0x80($out), $out - - movdqa 0x70(%rsp), @XMM[7] # prepare next iteration tweak - pxor $twtmp, $twtmp - movdqa .Lxts_magic(%rip), $twmask - pcmpgtd @XMM[7], $twtmp - pshufd \$0x13, $twtmp, $twres - pxor $twtmp, $twtmp - paddq @XMM[7], @XMM[7] # psllq 1,$tweak - pand $twmask, $twres # isolate carry and residue - pcmpgtd @XMM[7], $twtmp # broadcast upper bits - pxor $twres, @XMM[7] - - sub \$0x80,$len - jnc .Lxts_enc_loop - -.Lxts_enc_short: - add \$0x80, $len - jz .Lxts_enc_done -___ - for ($i=0;$i<7;$i++) { - $code.=<<___; - pshufd \$0x13, $twtmp, $twres - pxor $twtmp, $twtmp - movdqa @XMM[7], @XMM[$i] - movdqa @XMM[7], `0x10*$i`(%rsp)# save tweak[$i] - paddq @XMM[7], @XMM[7] # psllq 1,$tweak - pand $twmask, $twres # isolate carry and residue - pcmpgtd @XMM[7], $twtmp # broadcast upper bits - pxor $twres, @XMM[7] -___ - $code.=<<___ if ($i>=1); - movdqu `0x10*($i-1)`($inp), @XMM[8+$i-1] - cmp \$`0x10*$i`,$len - je .Lxts_enc_$i -___ - $code.=<<___ if ($i>=2); - pxor @XMM[8+$i-2], @XMM[$i-2]# input[] ^ tweak[] -___ - } -$code.=<<___; - movdqu 0x60($inp), @XMM[8+6] - pxor @XMM[8+5], @XMM[5] - movdqa @XMM[7], 0x70(%rsp) - lea 0x70($inp), $inp - pxor @XMM[8+6], @XMM[6] - lea 0x80(%rsp), %rax # pass key schedule - mov %edx, %r10d # pass rounds - - call _bsaes_encrypt8 - - pxor 0x00(%rsp), @XMM[0] # ^= tweak[] - pxor 0x10(%rsp), @XMM[1] - movdqu @XMM[0], 0x00($out) # write output - pxor 0x20(%rsp), @XMM[4] - movdqu @XMM[1], 0x10($out) - pxor 0x30(%rsp), @XMM[6] - movdqu @XMM[4], 0x20($out) - pxor 0x40(%rsp), @XMM[3] - movdqu @XMM[6], 0x30($out) - pxor 0x50(%rsp), @XMM[7] - movdqu @XMM[3], 0x40($out) - pxor 0x60(%rsp), @XMM[2] - movdqu @XMM[7], 0x50($out) - movdqu @XMM[2], 0x60($out) - lea 0x70($out), $out - - movdqa 0x70(%rsp), @XMM[7] # next iteration tweak - jmp .Lxts_enc_done -.align 16 -.Lxts_enc_6: - pxor @XMM[8+4], @XMM[4] - lea 0x60($inp), $inp - pxor @XMM[8+5], @XMM[5] - lea 0x80(%rsp), %rax # pass key schedule - mov %edx, %r10d # pass rounds - - call _bsaes_encrypt8 - - pxor 0x00(%rsp), @XMM[0] # ^= tweak[] - pxor 0x10(%rsp), @XMM[1] - movdqu @XMM[0], 0x00($out) # write output - pxor 0x20(%rsp), @XMM[4] - movdqu @XMM[1], 0x10($out) - pxor 0x30(%rsp), @XMM[6] - movdqu @XMM[4], 0x20($out) - pxor 0x40(%rsp), @XMM[3] - movdqu @XMM[6], 0x30($out) - pxor 0x50(%rsp), @XMM[7] - movdqu @XMM[3], 0x40($out) - movdqu @XMM[7], 0x50($out) - lea 0x60($out), $out - - movdqa 0x60(%rsp), @XMM[7] # next iteration tweak - jmp .Lxts_enc_done -.align 16 -.Lxts_enc_5: - pxor @XMM[8+3], @XMM[3] - lea 0x50($inp), $inp - pxor @XMM[8+4], @XMM[4] - lea 0x80(%rsp), %rax # pass key schedule - mov %edx, %r10d # pass rounds - - call _bsaes_encrypt8 - - pxor 0x00(%rsp), @XMM[0] # ^= tweak[] - pxor 0x10(%rsp), @XMM[1] - movdqu @XMM[0], 0x00($out) # write output - pxor 0x20(%rsp), @XMM[4] - movdqu @XMM[1], 0x10($out) - pxor 0x30(%rsp), @XMM[6] - movdqu @XMM[4], 0x20($out) - pxor 0x40(%rsp), @XMM[3] - movdqu @XMM[6], 0x30($out) - movdqu @XMM[3], 0x40($out) - lea 0x50($out), $out - - movdqa 0x50(%rsp), @XMM[7] # next iteration tweak - jmp .Lxts_enc_done -.align 16 -.Lxts_enc_4: - pxor @XMM[8+2], @XMM[2] - lea 0x40($inp), $inp - pxor @XMM[8+3], @XMM[3] - lea 0x80(%rsp), %rax # pass key schedule - mov %edx, %r10d # pass rounds - - call _bsaes_encrypt8 - - pxor 0x00(%rsp), @XMM[0] # ^= tweak[] - pxor 0x10(%rsp), @XMM[1] - movdqu @XMM[0], 0x00($out) # write output - pxor 0x20(%rsp), @XMM[4] - movdqu @XMM[1], 0x10($out) - pxor 0x30(%rsp), @XMM[6] - movdqu @XMM[4], 0x20($out) - movdqu @XMM[6], 0x30($out) - lea 0x40($out), $out - - movdqa 0x40(%rsp), @XMM[7] # next iteration tweak - jmp .Lxts_enc_done -.align 16 -.Lxts_enc_3: - pxor @XMM[8+1], @XMM[1] - lea 0x30($inp), $inp - pxor @XMM[8+2], @XMM[2] - lea 0x80(%rsp), %rax # pass key schedule - mov %edx, %r10d # pass rounds - - call _bsaes_encrypt8 - - pxor 0x00(%rsp), @XMM[0] # ^= tweak[] - pxor 0x10(%rsp), @XMM[1] - movdqu @XMM[0], 0x00($out) # write output - pxor 0x20(%rsp), @XMM[4] - movdqu @XMM[1], 0x10($out) - movdqu @XMM[4], 0x20($out) - lea 0x30($out), $out - - movdqa 0x30(%rsp), @XMM[7] # next iteration tweak - jmp .Lxts_enc_done -.align 16 -.Lxts_enc_2: - pxor @XMM[8+0], @XMM[0] - lea 0x20($inp), $inp - pxor @XMM[8+1], @XMM[1] - lea 0x80(%rsp), %rax # pass key schedule - mov %edx, %r10d # pass rounds - - call _bsaes_encrypt8 - - pxor 0x00(%rsp), @XMM[0] # ^= tweak[] - pxor 0x10(%rsp), @XMM[1] - movdqu @XMM[0], 0x00($out) # write output - movdqu @XMM[1], 0x10($out) - lea 0x20($out), $out - - movdqa 0x20(%rsp), @XMM[7] # next iteration tweak - jmp .Lxts_enc_done -.align 16 -.Lxts_enc_1: - pxor @XMM[0], @XMM[8] - lea 0x10($inp), $inp - movdqa @XMM[8], 0x20(%rbp) - lea 0x20(%rbp), $arg1 - lea 0x20(%rbp), $arg2 - lea ($key), $arg3 - call asm_AES_encrypt # doesn't touch %xmm - pxor 0x20(%rbp), @XMM[0] # ^= tweak[] - #pxor @XMM[8], @XMM[0] - #lea 0x80(%rsp), %rax # pass key schedule - #mov %edx, %r10d # pass rounds - #call _bsaes_encrypt8 - #pxor 0x00(%rsp), @XMM[0] # ^= tweak[] - movdqu @XMM[0], 0x00($out) # write output - lea 0x10($out), $out - - movdqa 0x10(%rsp), @XMM[7] # next iteration tweak - -.Lxts_enc_done: - and \$15, %ebx - jz .Lxts_enc_ret - mov $out, %rdx - -.Lxts_enc_steal: - movzb ($inp), %eax - movzb -16(%rdx), %ecx - lea 1($inp), $inp - mov %al, -16(%rdx) - mov %cl, 0(%rdx) - lea 1(%rdx), %rdx - sub \$1,%ebx - jnz .Lxts_enc_steal - - movdqu -16($out), @XMM[0] - lea 0x20(%rbp), $arg1 - pxor @XMM[7], @XMM[0] - lea 0x20(%rbp), $arg2 - movdqa @XMM[0], 0x20(%rbp) - lea ($key), $arg3 - call asm_AES_encrypt # doesn't touch %xmm - pxor 0x20(%rbp), @XMM[7] - movdqu @XMM[7], -16($out) - -.Lxts_enc_ret: - lea (%rsp), %rax - pxor %xmm0, %xmm0 -.Lxts_enc_bzero: # wipe key schedule [if any] - movdqa %xmm0, 0x00(%rax) - movdqa %xmm0, 0x10(%rax) - lea 0x20(%rax), %rax - cmp %rax, %rbp - ja .Lxts_enc_bzero - - lea 0x78(%rbp),%rax -.cfi_def_cfa %rax,8 -___ -$code.=<<___ if ($win64); - movaps 0x40(%rbp), %xmm6 - movaps 0x50(%rbp), %xmm7 - movaps 0x60(%rbp), %xmm8 - movaps 0x70(%rbp), %xmm9 - movaps 0x80(%rbp), %xmm10 - movaps 0x90(%rbp), %xmm11 - movaps 0xa0(%rbp), %xmm12 - movaps 0xb0(%rbp), %xmm13 - movaps 0xc0(%rbp), %xmm14 - movaps 0xd0(%rbp), %xmm15 - lea 0xa0(%rax), %rax -.Lxts_enc_tail: -___ -$code.=<<___; - mov -48(%rax), %r15 -.cfi_restore %r15 - mov -40(%rax), %r14 -.cfi_restore %r14 - mov -32(%rax), %r13 -.cfi_restore %r13 - mov -24(%rax), %r12 -.cfi_restore %r12 - mov -16(%rax), %rbx -.cfi_restore %rbx - mov -8(%rax), %rbp -.cfi_restore %rbp - lea (%rax), %rsp # restore %rsp -.cfi_def_cfa_register %rsp -.Lxts_enc_epilogue: - ret -.cfi_endproc -.size ossl_bsaes_xts_encrypt,.-ossl_bsaes_xts_encrypt - -.globl ossl_bsaes_xts_decrypt -.type ossl_bsaes_xts_decrypt,\@abi-omnipotent -.align 16 -ossl_bsaes_xts_decrypt: -.cfi_startproc - mov %rsp, %rax -.Lxts_dec_prologue: - push %rbp -.cfi_push %rbp - push %rbx -.cfi_push %rbx - push %r12 -.cfi_push %r12 - push %r13 -.cfi_push %r13 - push %r14 -.cfi_push %r14 - push %r15 -.cfi_push %r15 - lea -0x48(%rsp), %rsp -.cfi_adjust_cfa_offset 0x48 -___ -$code.=<<___ if ($win64); - mov 0xa0(%rsp),$arg5 # pull key2 - mov 0xa8(%rsp),$arg6 # pull ivp - lea -0xa0(%rsp), %rsp - movaps %xmm6, 0x40(%rsp) - movaps %xmm7, 0x50(%rsp) - movaps %xmm8, 0x60(%rsp) - movaps %xmm9, 0x70(%rsp) - movaps %xmm10, 0x80(%rsp) - movaps %xmm11, 0x90(%rsp) - movaps %xmm12, 0xa0(%rsp) - movaps %xmm13, 0xb0(%rsp) - movaps %xmm14, 0xc0(%rsp) - movaps %xmm15, 0xd0(%rsp) -.Lxts_dec_body: -___ -$code.=<<___; - mov %rsp, %rbp # backup %rsp - mov $arg1, $inp # backup arguments - mov $arg2, $out - mov $arg3, $len - mov $arg4, $key - - lea ($arg6), $arg1 - lea 0x20(%rbp), $arg2 - lea ($arg5), $arg3 - call asm_AES_encrypt # generate initial tweak - - mov 240($key), %eax # rounds - mov $len, %rbx # backup $len - - mov %eax, %edx # rounds - shl \$7, %rax # 128 bytes per inner round key - sub \$`128-32`, %rax # size of bit-sliced key schedule - sub %rax, %rsp - - mov %rsp, %rax # pass key schedule - mov $key, %rcx # pass key - mov %edx, %r10d # pass rounds - call _bsaes_key_convert - pxor (%rsp), %xmm7 # fix up round 0 key - movdqa %xmm6, (%rax) # save last round key - movdqa %xmm7, (%rsp) - - xor %eax, %eax # if ($len%16) len-=16; - and \$-16, $len - test \$15, %ebx - setnz %al - shl \$4, %rax - sub %rax, $len - - sub \$0x80, %rsp # place for tweak[8] - movdqa 0x20(%rbp), @XMM[7] # initial tweak - - pxor $twtmp, $twtmp - movdqa .Lxts_magic(%rip), $twmask - pcmpgtd @XMM[7], $twtmp # broadcast upper bits - - sub \$0x80, $len - jc .Lxts_dec_short - jmp .Lxts_dec_loop - -.align 16 -.Lxts_dec_loop: -___ - for ($i=0;$i<7;$i++) { - $code.=<<___; - pshufd \$0x13, $twtmp, $twres - pxor $twtmp, $twtmp - movdqa @XMM[7], @XMM[$i] - movdqa @XMM[7], `0x10*$i`(%rsp)# save tweak[$i] - paddq @XMM[7], @XMM[7] # psllq 1,$tweak - pand $twmask, $twres # isolate carry and residue - pcmpgtd @XMM[7], $twtmp # broadcast upper bits - pxor $twres, @XMM[7] -___ - $code.=<<___ if ($i>=1); - movdqu `0x10*($i-1)`($inp), @XMM[8+$i-1] -___ - $code.=<<___ if ($i>=2); - pxor @XMM[8+$i-2], @XMM[$i-2]# input[] ^ tweak[] -___ - } -$code.=<<___; - movdqu 0x60($inp), @XMM[8+6] - pxor @XMM[8+5], @XMM[5] - movdqu 0x70($inp), @XMM[8+7] - lea 0x80($inp), $inp - movdqa @XMM[7], 0x70(%rsp) - pxor @XMM[8+6], @XMM[6] - lea 0x80(%rsp), %rax # pass key schedule - pxor @XMM[8+7], @XMM[7] - mov %edx, %r10d # pass rounds - - call _bsaes_decrypt8 - - pxor 0x00(%rsp), @XMM[0] # ^= tweak[] - pxor 0x10(%rsp), @XMM[1] - movdqu @XMM[0], 0x00($out) # write output - pxor 0x20(%rsp), @XMM[6] - movdqu @XMM[1], 0x10($out) - pxor 0x30(%rsp), @XMM[4] - movdqu @XMM[6], 0x20($out) - pxor 0x40(%rsp), @XMM[2] - movdqu @XMM[4], 0x30($out) - pxor 0x50(%rsp), @XMM[7] - movdqu @XMM[2], 0x40($out) - pxor 0x60(%rsp), @XMM[3] - movdqu @XMM[7], 0x50($out) - pxor 0x70(%rsp), @XMM[5] - movdqu @XMM[3], 0x60($out) - movdqu @XMM[5], 0x70($out) - lea 0x80($out), $out - - movdqa 0x70(%rsp), @XMM[7] # prepare next iteration tweak - pxor $twtmp, $twtmp - movdqa .Lxts_magic(%rip), $twmask - pcmpgtd @XMM[7], $twtmp - pshufd \$0x13, $twtmp, $twres - pxor $twtmp, $twtmp - paddq @XMM[7], @XMM[7] # psllq 1,$tweak - pand $twmask, $twres # isolate carry and residue - pcmpgtd @XMM[7], $twtmp # broadcast upper bits - pxor $twres, @XMM[7] - - sub \$0x80,$len - jnc .Lxts_dec_loop - -.Lxts_dec_short: - add \$0x80, $len - jz .Lxts_dec_done -___ - for ($i=0;$i<7;$i++) { - $code.=<<___; - pshufd \$0x13, $twtmp, $twres - pxor $twtmp, $twtmp - movdqa @XMM[7], @XMM[$i] - movdqa @XMM[7], `0x10*$i`(%rsp)# save tweak[$i] - paddq @XMM[7], @XMM[7] # psllq 1,$tweak - pand $twmask, $twres # isolate carry and residue - pcmpgtd @XMM[7], $twtmp # broadcast upper bits - pxor $twres, @XMM[7] -___ - $code.=<<___ if ($i>=1); - movdqu `0x10*($i-1)`($inp), @XMM[8+$i-1] - cmp \$`0x10*$i`,$len - je .Lxts_dec_$i -___ - $code.=<<___ if ($i>=2); - pxor @XMM[8+$i-2], @XMM[$i-2]# input[] ^ tweak[] -___ - } -$code.=<<___; - movdqu 0x60($inp), @XMM[8+6] - pxor @XMM[8+5], @XMM[5] - movdqa @XMM[7], 0x70(%rsp) - lea 0x70($inp), $inp - pxor @XMM[8+6], @XMM[6] - lea 0x80(%rsp), %rax # pass key schedule - mov %edx, %r10d # pass rounds - - call _bsaes_decrypt8 - - pxor 0x00(%rsp), @XMM[0] # ^= tweak[] - pxor 0x10(%rsp), @XMM[1] - movdqu @XMM[0], 0x00($out) # write output - pxor 0x20(%rsp), @XMM[6] - movdqu @XMM[1], 0x10($out) - pxor 0x30(%rsp), @XMM[4] - movdqu @XMM[6], 0x20($out) - pxor 0x40(%rsp), @XMM[2] - movdqu @XMM[4], 0x30($out) - pxor 0x50(%rsp), @XMM[7] - movdqu @XMM[2], 0x40($out) - pxor 0x60(%rsp), @XMM[3] - movdqu @XMM[7], 0x50($out) - movdqu @XMM[3], 0x60($out) - lea 0x70($out), $out - - movdqa 0x70(%rsp), @XMM[7] # next iteration tweak - jmp .Lxts_dec_done -.align 16 -.Lxts_dec_6: - pxor @XMM[8+4], @XMM[4] - lea 0x60($inp), $inp - pxor @XMM[8+5], @XMM[5] - lea 0x80(%rsp), %rax # pass key schedule - mov %edx, %r10d # pass rounds - - call _bsaes_decrypt8 - - pxor 0x00(%rsp), @XMM[0] # ^= tweak[] - pxor 0x10(%rsp), @XMM[1] - movdqu @XMM[0], 0x00($out) # write output - pxor 0x20(%rsp), @XMM[6] - movdqu @XMM[1], 0x10($out) - pxor 0x30(%rsp), @XMM[4] - movdqu @XMM[6], 0x20($out) - pxor 0x40(%rsp), @XMM[2] - movdqu @XMM[4], 0x30($out) - pxor 0x50(%rsp), @XMM[7] - movdqu @XMM[2], 0x40($out) - movdqu @XMM[7], 0x50($out) - lea 0x60($out), $out - - movdqa 0x60(%rsp), @XMM[7] # next iteration tweak - jmp .Lxts_dec_done -.align 16 -.Lxts_dec_5: - pxor @XMM[8+3], @XMM[3] - lea 0x50($inp), $inp - pxor @XMM[8+4], @XMM[4] - lea 0x80(%rsp), %rax # pass key schedule - mov %edx, %r10d # pass rounds - - call _bsaes_decrypt8 - - pxor 0x00(%rsp), @XMM[0] # ^= tweak[] - pxor 0x10(%rsp), @XMM[1] - movdqu @XMM[0], 0x00($out) # write output - pxor 0x20(%rsp), @XMM[6] - movdqu @XMM[1], 0x10($out) - pxor 0x30(%rsp), @XMM[4] - movdqu @XMM[6], 0x20($out) - pxor 0x40(%rsp), @XMM[2] - movdqu @XMM[4], 0x30($out) - movdqu @XMM[2], 0x40($out) - lea 0x50($out), $out - - movdqa 0x50(%rsp), @XMM[7] # next iteration tweak - jmp .Lxts_dec_done -.align 16 -.Lxts_dec_4: - pxor @XMM[8+2], @XMM[2] - lea 0x40($inp), $inp - pxor @XMM[8+3], @XMM[3] - lea 0x80(%rsp), %rax # pass key schedule - mov %edx, %r10d # pass rounds - - call _bsaes_decrypt8 - - pxor 0x00(%rsp), @XMM[0] # ^= tweak[] - pxor 0x10(%rsp), @XMM[1] - movdqu @XMM[0], 0x00($out) # write output - pxor 0x20(%rsp), @XMM[6] - movdqu @XMM[1], 0x10($out) - pxor 0x30(%rsp), @XMM[4] - movdqu @XMM[6], 0x20($out) - movdqu @XMM[4], 0x30($out) - lea 0x40($out), $out - - movdqa 0x40(%rsp), @XMM[7] # next iteration tweak - jmp .Lxts_dec_done -.align 16 -.Lxts_dec_3: - pxor @XMM[8+1], @XMM[1] - lea 0x30($inp), $inp - pxor @XMM[8+2], @XMM[2] - lea 0x80(%rsp), %rax # pass key schedule - mov %edx, %r10d # pass rounds - - call _bsaes_decrypt8 - - pxor 0x00(%rsp), @XMM[0] # ^= tweak[] - pxor 0x10(%rsp), @XMM[1] - movdqu @XMM[0], 0x00($out) # write output - pxor 0x20(%rsp), @XMM[6] - movdqu @XMM[1], 0x10($out) - movdqu @XMM[6], 0x20($out) - lea 0x30($out), $out - - movdqa 0x30(%rsp), @XMM[7] # next iteration tweak - jmp .Lxts_dec_done -.align 16 -.Lxts_dec_2: - pxor @XMM[8+0], @XMM[0] - lea 0x20($inp), $inp - pxor @XMM[8+1], @XMM[1] - lea 0x80(%rsp), %rax # pass key schedule - mov %edx, %r10d # pass rounds - - call _bsaes_decrypt8 - - pxor 0x00(%rsp), @XMM[0] # ^= tweak[] - pxor 0x10(%rsp), @XMM[1] - movdqu @XMM[0], 0x00($out) # write output - movdqu @XMM[1], 0x10($out) - lea 0x20($out), $out - - movdqa 0x20(%rsp), @XMM[7] # next iteration tweak - jmp .Lxts_dec_done -.align 16 -.Lxts_dec_1: - pxor @XMM[0], @XMM[8] - lea 0x10($inp), $inp - movdqa @XMM[8], 0x20(%rbp) - lea 0x20(%rbp), $arg1 - lea 0x20(%rbp), $arg2 - lea ($key), $arg3 - call asm_AES_decrypt # doesn't touch %xmm - pxor 0x20(%rbp), @XMM[0] # ^= tweak[] - #pxor @XMM[8], @XMM[0] - #lea 0x80(%rsp), %rax # pass key schedule - #mov %edx, %r10d # pass rounds - #call _bsaes_decrypt8 - #pxor 0x00(%rsp), @XMM[0] # ^= tweak[] - movdqu @XMM[0], 0x00($out) # write output - lea 0x10($out), $out - - movdqa 0x10(%rsp), @XMM[7] # next iteration tweak - -.Lxts_dec_done: - and \$15, %ebx - jz .Lxts_dec_ret - - pxor $twtmp, $twtmp - movdqa .Lxts_magic(%rip), $twmask - pcmpgtd @XMM[7], $twtmp - pshufd \$0x13, $twtmp, $twres - movdqa @XMM[7], @XMM[6] - paddq @XMM[7], @XMM[7] # psllq 1,$tweak - pand $twmask, $twres # isolate carry and residue - movdqu ($inp), @XMM[0] - pxor $twres, @XMM[7] - - lea 0x20(%rbp), $arg1 - pxor @XMM[7], @XMM[0] - lea 0x20(%rbp), $arg2 - movdqa @XMM[0], 0x20(%rbp) - lea ($key), $arg3 - call asm_AES_decrypt # doesn't touch %xmm - pxor 0x20(%rbp), @XMM[7] - mov $out, %rdx - movdqu @XMM[7], ($out) - -.Lxts_dec_steal: - movzb 16($inp), %eax - movzb (%rdx), %ecx - lea 1($inp), $inp - mov %al, (%rdx) - mov %cl, 16(%rdx) - lea 1(%rdx), %rdx - sub \$1,%ebx - jnz .Lxts_dec_steal - - movdqu ($out), @XMM[0] - lea 0x20(%rbp), $arg1 - pxor @XMM[6], @XMM[0] - lea 0x20(%rbp), $arg2 - movdqa @XMM[0], 0x20(%rbp) - lea ($key), $arg3 - call asm_AES_decrypt # doesn't touch %xmm - pxor 0x20(%rbp), @XMM[6] - movdqu @XMM[6], ($out) - -.Lxts_dec_ret: - lea (%rsp), %rax - pxor %xmm0, %xmm0 -.Lxts_dec_bzero: # wipe key schedule [if any] - movdqa %xmm0, 0x00(%rax) - movdqa %xmm0, 0x10(%rax) - lea 0x20(%rax), %rax - cmp %rax, %rbp - ja .Lxts_dec_bzero - - lea 0x78(%rbp),%rax -.cfi_def_cfa %rax,8 -___ -$code.=<<___ if ($win64); - movaps 0x40(%rbp), %xmm6 - movaps 0x50(%rbp), %xmm7 - movaps 0x60(%rbp), %xmm8 - movaps 0x70(%rbp), %xmm9 - movaps 0x80(%rbp), %xmm10 - movaps 0x90(%rbp), %xmm11 - movaps 0xa0(%rbp), %xmm12 - movaps 0xb0(%rbp), %xmm13 - movaps 0xc0(%rbp), %xmm14 - movaps 0xd0(%rbp), %xmm15 - lea 0xa0(%rax), %rax -.Lxts_dec_tail: -___ -$code.=<<___; - mov -48(%rax), %r15 -.cfi_restore %r15 - mov -40(%rax), %r14 -.cfi_restore %r14 - mov -32(%rax), %r13 -.cfi_restore %r13 - mov -24(%rax), %r12 -.cfi_restore %r12 - mov -16(%rax), %rbx -.cfi_restore %rbx - mov -8(%rax), %rbp -.cfi_restore %rbp - lea (%rax), %rsp # restore %rsp -.cfi_def_cfa_register %rsp -.Lxts_dec_epilogue: - ret -.cfi_endproc -.size ossl_bsaes_xts_decrypt,.-ossl_bsaes_xts_decrypt -___ -} -$code.=<<___; -.type _bsaes_const,\@object -.align 64 -_bsaes_const: -.LM0ISR: # InvShiftRows constants - .quad 0x0a0e0206070b0f03, 0x0004080c0d010509 -.LISRM0: - .quad 0x01040b0e0205080f, 0x0306090c00070a0d -.LISR: - .quad 0x0504070602010003, 0x0f0e0d0c080b0a09 -.LBS0: # bit-slice constants - .quad 0x5555555555555555, 0x5555555555555555 -.LBS1: - .quad 0x3333333333333333, 0x3333333333333333 -.LBS2: - .quad 0x0f0f0f0f0f0f0f0f, 0x0f0f0f0f0f0f0f0f -.LSR: # shiftrows constants - .quad 0x0504070600030201, 0x0f0e0d0c0a09080b -.LSRM0: - .quad 0x0304090e00050a0f, 0x01060b0c0207080d -.LM0SR: - .quad 0x0a0e02060f03070b, 0x0004080c05090d01 -.LSWPUP: # byte-swap upper dword - .quad 0x0706050403020100, 0x0c0d0e0f0b0a0908 -.LSWPUPM0SR: - .quad 0x0a0d02060c03070b, 0x0004080f05090e01 -.LADD1: # counter increment constants - .quad 0x0000000000000000, 0x0000000100000000 -.LADD2: - .quad 0x0000000000000000, 0x0000000200000000 -.LADD3: - .quad 0x0000000000000000, 0x0000000300000000 -.LADD4: - .quad 0x0000000000000000, 0x0000000400000000 -.LADD5: - .quad 0x0000000000000000, 0x0000000500000000 -.LADD6: - .quad 0x0000000000000000, 0x0000000600000000 -.LADD7: - .quad 0x0000000000000000, 0x0000000700000000 -.LADD8: - .quad 0x0000000000000000, 0x0000000800000000 -.Lxts_magic: - .long 0x87,0,1,0 -.Lmasks: - .quad 0x0101010101010101, 0x0101010101010101 - .quad 0x0202020202020202, 0x0202020202020202 - .quad 0x0404040404040404, 0x0404040404040404 - .quad 0x0808080808080808, 0x0808080808080808 -.LM0: - .quad 0x02060a0e03070b0f, 0x0004080c0105090d -.L63: - .quad 0x6363636363636363, 0x6363636363636363 -.asciz "Bit-sliced AES for x86_64/SSSE3, Emilia Käsper, Peter Schwabe, Andy Polyakov" -.align 64 -.size _bsaes_const,.-_bsaes_const -___ - -# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame, -# CONTEXT *context,DISPATCHER_CONTEXT *disp) -if ($win64) { -$rec="%rcx"; -$frame="%rdx"; -$context="%r8"; -$disp="%r9"; - -$code.=<<___; -.extern __imp_RtlVirtualUnwind -.type se_handler,\@abi-omnipotent -.align 16 -se_handler: - push %rsi - push %rdi - push %rbx - push %rbp - push %r12 - push %r13 - push %r14 - push %r15 - pushfq - sub \$64,%rsp - - mov 120($context),%rax # pull context->Rax - mov 248($context),%rbx # pull context->Rip - - mov 8($disp),%rsi # disp->ImageBase - mov 56($disp),%r11 # disp->HandlerData - - mov 0(%r11),%r10d # HandlerData[0] - lea (%rsi,%r10),%r10 # prologue label - cmp %r10,%rbx # context->Rip<=prologue label - jbe .Lin_prologue - - mov 4(%r11),%r10d # HandlerData[1] - lea (%rsi,%r10),%r10 # epilogue label - cmp %r10,%rbx # context->Rip>=epilogue label - jae .Lin_prologue - - mov 8(%r11),%r10d # HandlerData[2] - lea (%rsi,%r10),%r10 # epilogue label - cmp %r10,%rbx # context->Rip>=tail label - jae .Lin_tail - - mov 160($context),%rax # pull context->Rbp - - lea 0x40(%rax),%rsi # %xmm save area - lea 512($context),%rdi # &context.Xmm6 - mov \$20,%ecx # 10*sizeof(%xmm0)/sizeof(%rax) - .long 0xa548f3fc # cld; rep movsq - lea 0xa0+0x78(%rax),%rax # adjust stack pointer - -.Lin_tail: - mov -48(%rax),%rbp - mov -40(%rax),%rbx - mov -32(%rax),%r12 - mov -24(%rax),%r13 - mov -16(%rax),%r14 - mov -8(%rax),%r15 - mov %rbx,144($context) # restore context->Rbx - mov %rbp,160($context) # restore context->Rbp - mov %r12,216($context) # restore context->R12 - mov %r13,224($context) # restore context->R13 - mov %r14,232($context) # restore context->R14 - mov %r15,240($context) # restore context->R15 - -.Lin_prologue: - mov %rax,152($context) # restore context->Rsp - - mov 40($disp),%rdi # disp->ContextRecord - mov $context,%rsi # context - mov \$`1232/8`,%ecx # sizeof(CONTEXT) - .long 0xa548f3fc # cld; rep movsq - - mov $disp,%rsi - xor %rcx,%rcx # arg1, UNW_FLAG_NHANDLER - mov 8(%rsi),%rdx # arg2, disp->ImageBase - mov 0(%rsi),%r8 # arg3, disp->ControlPc - mov 16(%rsi),%r9 # arg4, disp->FunctionEntry - mov 40(%rsi),%r10 # disp->ContextRecord - lea 56(%rsi),%r11 # &disp->HandlerData - lea 24(%rsi),%r12 # &disp->EstablisherFrame - mov %r10,32(%rsp) # arg5 - mov %r11,40(%rsp) # arg6 - mov %r12,48(%rsp) # arg7 - mov %rcx,56(%rsp) # arg8, (NULL) - call *__imp_RtlVirtualUnwind(%rip) - - mov \$1,%eax # ExceptionContinueSearch - add \$64,%rsp - popfq - pop %r15 - pop %r14 - pop %r13 - pop %r12 - pop %rbp - pop %rbx - pop %rdi - pop %rsi - ret -.size se_handler,.-se_handler - -.section .pdata -.align 4 -___ -$code.=<<___ if ($ecb); - .rva .Lecb_enc_prologue - .rva .Lecb_enc_epilogue - .rva .Lecb_enc_info - - .rva .Lecb_dec_prologue - .rva .Lecb_dec_epilogue - .rva .Lecb_dec_info -___ -$code.=<<___; - .rva .Lcbc_dec_prologue - .rva .Lcbc_dec_epilogue - .rva .Lcbc_dec_info - - .rva .Lctr_enc_prologue - .rva .Lctr_enc_epilogue - .rva .Lctr_enc_info - - .rva .Lxts_enc_prologue - .rva .Lxts_enc_epilogue - .rva .Lxts_enc_info - - .rva .Lxts_dec_prologue - .rva .Lxts_dec_epilogue - .rva .Lxts_dec_info - -.section .xdata -.align 8 -___ -$code.=<<___ if ($ecb); -.Lecb_enc_info: - .byte 9,0,0,0 - .rva se_handler - .rva .Lecb_enc_body,.Lecb_enc_epilogue # HandlerData[] - .rva .Lecb_enc_tail - .long 0 -.Lecb_dec_info: - .byte 9,0,0,0 - .rva se_handler - .rva .Lecb_dec_body,.Lecb_dec_epilogue # HandlerData[] - .rva .Lecb_dec_tail - .long 0 -___ -$code.=<<___; -.Lcbc_dec_info: - .byte 9,0,0,0 - .rva se_handler - .rva .Lcbc_dec_body,.Lcbc_dec_epilogue # HandlerData[] - .rva .Lcbc_dec_tail - .long 0 -.Lctr_enc_info: - .byte 9,0,0,0 - .rva se_handler - .rva .Lctr_enc_body,.Lctr_enc_epilogue # HandlerData[] - .rva .Lctr_enc_tail - .long 0 -.Lxts_enc_info: - .byte 9,0,0,0 - .rva se_handler - .rva .Lxts_enc_body,.Lxts_enc_epilogue # HandlerData[] - .rva .Lxts_enc_tail - .long 0 -.Lxts_dec_info: - .byte 9,0,0,0 - .rva se_handler - .rva .Lxts_dec_body,.Lxts_dec_epilogue # HandlerData[] - .rva .Lxts_dec_tail - .long 0 -___ -} - -$code =~ s/\`([^\`]*)\`/eval($1)/gem; - -print $code; - -close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/aes/asm/vpaes-armv8.pl b/crypto/aes/asm/vpaes-armv8.pl deleted file mode 100755 index dcd5065e68c073fc1a065313a5cc695c2ed5d1a1..0000000000000000000000000000000000000000 --- a/crypto/aes/asm/vpaes-armv8.pl +++ /dev/null @@ -1,1281 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - - -###################################################################### -## Constant-time SSSE3 AES core implementation. -## version 0.1 -## -## By Mike Hamburg (Stanford University), 2009 -## Public domain. -## -## For details see http://shiftleft.org/papers/vector_aes/ and -## http://crypto.stanford.edu/vpaes/. -## -###################################################################### -# ARMv8 NEON adaptation by -# -# Reason for undertaken effort is that there is at least one popular -# SoC based on Cortex-A53 that doesn't have crypto extensions. -# -# CBC enc ECB enc/dec(*) [bit-sliced enc/dec] -# Cortex-A53 21.5 18.1/20.6 [17.5/19.8 ] -# Cortex-A57 36.0(**) 20.4/24.9(**) [14.4/16.6 ] -# X-Gene 45.9(**) 45.8/57.7(**) [33.1/37.6(**) ] -# Denver(***) 16.6(**) 15.1/17.8(**) [8.80/9.93 ] -# Apple A7(***) 22.7(**) 10.9/14.3 [8.45/10.0 ] -# Mongoose(***) 26.3(**) 21.0/25.0(**) [13.3/16.8 ] -# ThunderX2(***) 39.4(**) 33.8/48.6(**) -# -# (*) ECB denotes approximate result for parallelizable modes -# such as CBC decrypt, CTR, etc.; -# (**) these results are worse than scalar compiler-generated -# code, but it's constant-time and therefore preferred; -# (***) presented for reference/comparison purposes; - -# $output is the last argument if it looks like a file (it has an extension) -# $flavour is the first argument if it doesn't look like a file -$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; -$flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef; - -$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; -( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or -( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or -die "can't locate arm-xlate.pl"; - -open OUT,"| \"$^X\" $xlate $flavour \"$output\"" - or die "can't call $xlate: $!"; -*STDOUT=*OUT; - -$code.=<<___; -.text - -.type _vpaes_consts,%object -.align 7 // totally strategic alignment -_vpaes_consts: -.Lk_mc_forward: // mc_forward - .quad 0x0407060500030201, 0x0C0F0E0D080B0A09 - .quad 0x080B0A0904070605, 0x000302010C0F0E0D - .quad 0x0C0F0E0D080B0A09, 0x0407060500030201 - .quad 0x000302010C0F0E0D, 0x080B0A0904070605 -.Lk_mc_backward:// mc_backward - .quad 0x0605040702010003, 0x0E0D0C0F0A09080B - .quad 0x020100030E0D0C0F, 0x0A09080B06050407 - .quad 0x0E0D0C0F0A09080B, 0x0605040702010003 - .quad 0x0A09080B06050407, 0x020100030E0D0C0F -.Lk_sr: // sr - .quad 0x0706050403020100, 0x0F0E0D0C0B0A0908 - .quad 0x030E09040F0A0500, 0x0B06010C07020D08 - .quad 0x0F060D040B020900, 0x070E050C030A0108 - .quad 0x0B0E0104070A0D00, 0x0306090C0F020508 - -// -// "Hot" constants -// -.Lk_inv: // inv, inva - .quad 0x0E05060F0D080180, 0x040703090A0B0C02 - .quad 0x01040A060F0B0780, 0x030D0E0C02050809 -.Lk_ipt: // input transform (lo, hi) - .quad 0xC2B2E8985A2A7000, 0xCABAE09052227808 - .quad 0x4C01307D317C4D00, 0xCD80B1FCB0FDCC81 -.Lk_sbo: // sbou, sbot - .quad 0xD0D26D176FBDC700, 0x15AABF7AC502A878 - .quad 0xCFE474A55FBB6A00, 0x8E1E90D1412B35FA -.Lk_sb1: // sb1u, sb1t - .quad 0x3618D415FAE22300, 0x3BF7CCC10D2ED9EF - .quad 0xB19BE18FCB503E00, 0xA5DF7A6E142AF544 -.Lk_sb2: // sb2u, sb2t - .quad 0x69EB88400AE12900, 0xC2A163C8AB82234A - .quad 0xE27A93C60B712400, 0x5EB7E955BC982FCD - -// -// Decryption stuff -// -.Lk_dipt: // decryption input transform - .quad 0x0F505B040B545F00, 0x154A411E114E451A - .quad 0x86E383E660056500, 0x12771772F491F194 -.Lk_dsbo: // decryption sbox final output - .quad 0x1387EA537EF94000, 0xC7AA6DB9D4943E2D - .quad 0x12D7560F93441D00, 0xCA4B8159D8C58E9C -.Lk_dsb9: // decryption sbox output *9*u, *9*t - .quad 0x851C03539A86D600, 0xCAD51F504F994CC9 - .quad 0xC03B1789ECD74900, 0x725E2C9EB2FBA565 -.Lk_dsbd: // decryption sbox output *D*u, *D*t - .quad 0x7D57CCDFE6B1A200, 0xF56E9B13882A4439 - .quad 0x3CE2FAF724C6CB00, 0x2931180D15DEEFD3 -.Lk_dsbb: // decryption sbox output *B*u, *B*t - .quad 0xD022649296B44200, 0x602646F6B0F2D404 - .quad 0xC19498A6CD596700, 0xF3FF0C3E3255AA6B -.Lk_dsbe: // decryption sbox output *E*u, *E*t - .quad 0x46F2929626D4D000, 0x2242600464B4F6B0 - .quad 0x0C55A6CDFFAAC100, 0x9467F36B98593E32 - -// -// Key schedule constants -// -.Lk_dksd: // decryption key schedule: invskew x*D - .quad 0xFEB91A5DA3E44700, 0x0740E3A45A1DBEF9 - .quad 0x41C277F4B5368300, 0x5FDC69EAAB289D1E -.Lk_dksb: // decryption key schedule: invskew x*B - .quad 0x9A4FCA1F8550D500, 0x03D653861CC94C99 - .quad 0x115BEDA7B6FC4A00, 0xD993256F7E3482C8 -.Lk_dkse: // decryption key schedule: invskew x*E + 0x63 - .quad 0xD5031CCA1FC9D600, 0x53859A4C994F5086 - .quad 0xA23196054FDC7BE8, 0xCD5EF96A20B31487 -.Lk_dks9: // decryption key schedule: invskew x*9 - .quad 0xB6116FC87ED9A700, 0x4AED933482255BFC - .quad 0x4576516227143300, 0x8BB89FACE9DAFDCE - -.Lk_rcon: // rcon - .quad 0x1F8391B9AF9DEEB6, 0x702A98084D7C7D81 - -.Lk_opt: // output transform - .quad 0xFF9F4929D6B66000, 0xF7974121DEBE6808 - .quad 0x01EDBD5150BCEC00, 0xE10D5DB1B05C0CE0 -.Lk_deskew: // deskew tables: inverts the sbox's "skew" - .quad 0x07E4A34047A4E300, 0x1DFEB95A5DBEF91A - .quad 0x5F36B5DC83EA6900, 0x2841C2ABF49D1E77 - -.asciz "Vector Permutation AES for ARMv8, Mike Hamburg (Stanford University)" -.size _vpaes_consts,.-_vpaes_consts -.align 6 -___ - -{ -my ($inp,$out,$key) = map("x$_",(0..2)); - -my ($invlo,$invhi,$iptlo,$ipthi,$sbou,$sbot) = map("v$_.16b",(18..23)); -my ($sb1u,$sb1t,$sb2u,$sb2t) = map("v$_.16b",(24..27)); -my ($sb9u,$sb9t,$sbdu,$sbdt,$sbbu,$sbbt,$sbeu,$sbet)=map("v$_.16b",(24..31)); - -$code.=<<___; -// -// _aes_preheat -// -// Fills register %r10 -> .aes_consts (so you can -fPIC) -// and %xmm9-%xmm15 as specified below. -// -.type _vpaes_encrypt_preheat,%function -.align 4 -_vpaes_encrypt_preheat: - adr x10, .Lk_inv - movi v17.16b, #0x0f - ld1 {v18.2d-v19.2d}, [x10],#32 // .Lk_inv - ld1 {v20.2d-v23.2d}, [x10],#64 // .Lk_ipt, .Lk_sbo - ld1 {v24.2d-v27.2d}, [x10] // .Lk_sb1, .Lk_sb2 - ret -.size _vpaes_encrypt_preheat,.-_vpaes_encrypt_preheat - -// -// _aes_encrypt_core -// -// AES-encrypt %xmm0. -// -// Inputs: -// %xmm0 = input -// %xmm9-%xmm15 as in _vpaes_preheat -// (%rdx) = scheduled keys -// -// Output in %xmm0 -// Clobbers %xmm1-%xmm5, %r9, %r10, %r11, %rax -// Preserves %xmm6 - %xmm8 so you get some local vectors -// -// -.type _vpaes_encrypt_core,%function -.align 4 -_vpaes_encrypt_core: - mov x9, $key - ldr w8, [$key,#240] // pull rounds - adr x11, .Lk_mc_forward+16 - // vmovdqa .Lk_ipt(%rip), %xmm2 # iptlo - ld1 {v16.2d}, [x9], #16 // vmovdqu (%r9), %xmm5 # round0 key - and v1.16b, v7.16b, v17.16b // vpand %xmm9, %xmm0, %xmm1 - ushr v0.16b, v7.16b, #4 // vpsrlb \$4, %xmm0, %xmm0 - tbl v1.16b, {$iptlo}, v1.16b // vpshufb %xmm1, %xmm2, %xmm1 - // vmovdqa .Lk_ipt+16(%rip), %xmm3 # ipthi - tbl v2.16b, {$ipthi}, v0.16b // vpshufb %xmm0, %xmm3, %xmm2 - eor v0.16b, v1.16b, v16.16b // vpxor %xmm5, %xmm1, %xmm0 - eor v0.16b, v0.16b, v2.16b // vpxor %xmm2, %xmm0, %xmm0 - b .Lenc_entry - -.align 4 -.Lenc_loop: - // middle of middle round - add x10, x11, #0x40 - tbl v4.16b, {$sb1t}, v2.16b // vpshufb %xmm2, %xmm13, %xmm4 # 4 = sb1u - ld1 {v1.2d}, [x11], #16 // vmovdqa -0x40(%r11,%r10), %xmm1 # .Lk_mc_forward[] - tbl v0.16b, {$sb1u}, v3.16b // vpshufb %xmm3, %xmm12, %xmm0 # 0 = sb1t - eor v4.16b, v4.16b, v16.16b // vpxor %xmm5, %xmm4, %xmm4 # 4 = sb1u + k - tbl v5.16b, {$sb2t}, v2.16b // vpshufb %xmm2, %xmm15, %xmm5 # 4 = sb2u - eor v0.16b, v0.16b, v4.16b // vpxor %xmm4, %xmm0, %xmm0 # 0 = A - tbl v2.16b, {$sb2u}, v3.16b // vpshufb %xmm3, %xmm14, %xmm2 # 2 = sb2t - ld1 {v4.2d}, [x10] // vmovdqa (%r11,%r10), %xmm4 # .Lk_mc_backward[] - tbl v3.16b, {v0.16b}, v1.16b // vpshufb %xmm1, %xmm0, %xmm3 # 0 = B - eor v2.16b, v2.16b, v5.16b // vpxor %xmm5, %xmm2, %xmm2 # 2 = 2A - tbl v0.16b, {v0.16b}, v4.16b // vpshufb %xmm4, %xmm0, %xmm0 # 3 = D - eor v3.16b, v3.16b, v2.16b // vpxor %xmm2, %xmm3, %xmm3 # 0 = 2A+B - tbl v4.16b, {v3.16b}, v1.16b // vpshufb %xmm1, %xmm3, %xmm4 # 0 = 2B+C - eor v0.16b, v0.16b, v3.16b // vpxor %xmm3, %xmm0, %xmm0 # 3 = 2A+B+D - and x11, x11, #~(1<<6) // and \$0x30, %r11 # ... mod 4 - eor v0.16b, v0.16b, v4.16b // vpxor %xmm4, %xmm0, %xmm0 # 0 = 2A+3B+C+D - sub w8, w8, #1 // nr-- - -.Lenc_entry: - // top of round - and v1.16b, v0.16b, v17.16b // vpand %xmm0, %xmm9, %xmm1 # 0 = k - ushr v0.16b, v0.16b, #4 // vpsrlb \$4, %xmm0, %xmm0 # 1 = i - tbl v5.16b, {$invhi}, v1.16b // vpshufb %xmm1, %xmm11, %xmm5 # 2 = a/k - eor v1.16b, v1.16b, v0.16b // vpxor %xmm0, %xmm1, %xmm1 # 0 = j - tbl v3.16b, {$invlo}, v0.16b // vpshufb %xmm0, %xmm10, %xmm3 # 3 = 1/i - tbl v4.16b, {$invlo}, v1.16b // vpshufb %xmm1, %xmm10, %xmm4 # 4 = 1/j - eor v3.16b, v3.16b, v5.16b // vpxor %xmm5, %xmm3, %xmm3 # 3 = iak = 1/i + a/k - eor v4.16b, v4.16b, v5.16b // vpxor %xmm5, %xmm4, %xmm4 # 4 = jak = 1/j + a/k - tbl v2.16b, {$invlo}, v3.16b // vpshufb %xmm3, %xmm10, %xmm2 # 2 = 1/iak - tbl v3.16b, {$invlo}, v4.16b // vpshufb %xmm4, %xmm10, %xmm3 # 3 = 1/jak - eor v2.16b, v2.16b, v1.16b // vpxor %xmm1, %xmm2, %xmm2 # 2 = io - eor v3.16b, v3.16b, v0.16b // vpxor %xmm0, %xmm3, %xmm3 # 3 = jo - ld1 {v16.2d}, [x9],#16 // vmovdqu (%r9), %xmm5 - cbnz w8, .Lenc_loop - - // middle of last round - add x10, x11, #0x80 - // vmovdqa -0x60(%r10), %xmm4 # 3 : sbou .Lk_sbo - // vmovdqa -0x50(%r10), %xmm0 # 0 : sbot .Lk_sbo+16 - tbl v4.16b, {$sbou}, v2.16b // vpshufb %xmm2, %xmm4, %xmm4 # 4 = sbou - ld1 {v1.2d}, [x10] // vmovdqa 0x40(%r11,%r10), %xmm1 # .Lk_sr[] - tbl v0.16b, {$sbot}, v3.16b // vpshufb %xmm3, %xmm0, %xmm0 # 0 = sb1t - eor v4.16b, v4.16b, v16.16b // vpxor %xmm5, %xmm4, %xmm4 # 4 = sb1u + k - eor v0.16b, v0.16b, v4.16b // vpxor %xmm4, %xmm0, %xmm0 # 0 = A - tbl v0.16b, {v0.16b}, v1.16b // vpshufb %xmm1, %xmm0, %xmm0 - ret -.size _vpaes_encrypt_core,.-_vpaes_encrypt_core - -.globl vpaes_encrypt -.type vpaes_encrypt,%function -.align 4 -vpaes_encrypt: - .inst 0xd503233f // paciasp - stp x29,x30,[sp,#-16]! - add x29,sp,#0 - - ld1 {v7.16b}, [$inp] - bl _vpaes_encrypt_preheat - bl _vpaes_encrypt_core - st1 {v0.16b}, [$out] - - ldp x29,x30,[sp],#16 - .inst 0xd50323bf // autiasp - ret -.size vpaes_encrypt,.-vpaes_encrypt - -.type _vpaes_encrypt_2x,%function -.align 4 -_vpaes_encrypt_2x: - mov x9, $key - ldr w8, [$key,#240] // pull rounds - adr x11, .Lk_mc_forward+16 - // vmovdqa .Lk_ipt(%rip), %xmm2 # iptlo - ld1 {v16.2d}, [x9], #16 // vmovdqu (%r9), %xmm5 # round0 key - and v1.16b, v14.16b, v17.16b // vpand %xmm9, %xmm0, %xmm1 - ushr v0.16b, v14.16b, #4 // vpsrlb \$4, %xmm0, %xmm0 - and v9.16b, v15.16b, v17.16b - ushr v8.16b, v15.16b, #4 - tbl v1.16b, {$iptlo}, v1.16b // vpshufb %xmm1, %xmm2, %xmm1 - tbl v9.16b, {$iptlo}, v9.16b - // vmovdqa .Lk_ipt+16(%rip), %xmm3 # ipthi - tbl v2.16b, {$ipthi}, v0.16b // vpshufb %xmm0, %xmm3, %xmm2 - tbl v10.16b, {$ipthi}, v8.16b - eor v0.16b, v1.16b, v16.16b // vpxor %xmm5, %xmm1, %xmm0 - eor v8.16b, v9.16b, v16.16b - eor v0.16b, v0.16b, v2.16b // vpxor %xmm2, %xmm0, %xmm0 - eor v8.16b, v8.16b, v10.16b - b .Lenc_2x_entry - -.align 4 -.Lenc_2x_loop: - // middle of middle round - add x10, x11, #0x40 - tbl v4.16b, {$sb1t}, v2.16b // vpshufb %xmm2, %xmm13, %xmm4 # 4 = sb1u - tbl v12.16b, {$sb1t}, v10.16b - ld1 {v1.2d}, [x11], #16 // vmovdqa -0x40(%r11,%r10), %xmm1 # .Lk_mc_forward[] - tbl v0.16b, {$sb1u}, v3.16b // vpshufb %xmm3, %xmm12, %xmm0 # 0 = sb1t - tbl v8.16b, {$sb1u}, v11.16b - eor v4.16b, v4.16b, v16.16b // vpxor %xmm5, %xmm4, %xmm4 # 4 = sb1u + k - eor v12.16b, v12.16b, v16.16b - tbl v5.16b, {$sb2t}, v2.16b // vpshufb %xmm2, %xmm15, %xmm5 # 4 = sb2u - tbl v13.16b, {$sb2t}, v10.16b - eor v0.16b, v0.16b, v4.16b // vpxor %xmm4, %xmm0, %xmm0 # 0 = A - eor v8.16b, v8.16b, v12.16b - tbl v2.16b, {$sb2u}, v3.16b // vpshufb %xmm3, %xmm14, %xmm2 # 2 = sb2t - tbl v10.16b, {$sb2u}, v11.16b - ld1 {v4.2d}, [x10] // vmovdqa (%r11,%r10), %xmm4 # .Lk_mc_backward[] - tbl v3.16b, {v0.16b}, v1.16b // vpshufb %xmm1, %xmm0, %xmm3 # 0 = B - tbl v11.16b, {v8.16b}, v1.16b - eor v2.16b, v2.16b, v5.16b // vpxor %xmm5, %xmm2, %xmm2 # 2 = 2A - eor v10.16b, v10.16b, v13.16b - tbl v0.16b, {v0.16b}, v4.16b // vpshufb %xmm4, %xmm0, %xmm0 # 3 = D - tbl v8.16b, {v8.16b}, v4.16b - eor v3.16b, v3.16b, v2.16b // vpxor %xmm2, %xmm3, %xmm3 # 0 = 2A+B - eor v11.16b, v11.16b, v10.16b - tbl v4.16b, {v3.16b}, v1.16b // vpshufb %xmm1, %xmm3, %xmm4 # 0 = 2B+C - tbl v12.16b, {v11.16b},v1.16b - eor v0.16b, v0.16b, v3.16b // vpxor %xmm3, %xmm0, %xmm0 # 3 = 2A+B+D - eor v8.16b, v8.16b, v11.16b - and x11, x11, #~(1<<6) // and \$0x30, %r11 # ... mod 4 - eor v0.16b, v0.16b, v4.16b // vpxor %xmm4, %xmm0, %xmm0 # 0 = 2A+3B+C+D - eor v8.16b, v8.16b, v12.16b - sub w8, w8, #1 // nr-- - -.Lenc_2x_entry: - // top of round - and v1.16b, v0.16b, v17.16b // vpand %xmm0, %xmm9, %xmm1 # 0 = k - ushr v0.16b, v0.16b, #4 // vpsrlb \$4, %xmm0, %xmm0 # 1 = i - and v9.16b, v8.16b, v17.16b - ushr v8.16b, v8.16b, #4 - tbl v5.16b, {$invhi},v1.16b // vpshufb %xmm1, %xmm11, %xmm5 # 2 = a/k - tbl v13.16b, {$invhi},v9.16b - eor v1.16b, v1.16b, v0.16b // vpxor %xmm0, %xmm1, %xmm1 # 0 = j - eor v9.16b, v9.16b, v8.16b - tbl v3.16b, {$invlo},v0.16b // vpshufb %xmm0, %xmm10, %xmm3 # 3 = 1/i - tbl v11.16b, {$invlo},v8.16b - tbl v4.16b, {$invlo},v1.16b // vpshufb %xmm1, %xmm10, %xmm4 # 4 = 1/j - tbl v12.16b, {$invlo},v9.16b - eor v3.16b, v3.16b, v5.16b // vpxor %xmm5, %xmm3, %xmm3 # 3 = iak = 1/i + a/k - eor v11.16b, v11.16b, v13.16b - eor v4.16b, v4.16b, v5.16b // vpxor %xmm5, %xmm4, %xmm4 # 4 = jak = 1/j + a/k - eor v12.16b, v12.16b, v13.16b - tbl v2.16b, {$invlo},v3.16b // vpshufb %xmm3, %xmm10, %xmm2 # 2 = 1/iak - tbl v10.16b, {$invlo},v11.16b - tbl v3.16b, {$invlo},v4.16b // vpshufb %xmm4, %xmm10, %xmm3 # 3 = 1/jak - tbl v11.16b, {$invlo},v12.16b - eor v2.16b, v2.16b, v1.16b // vpxor %xmm1, %xmm2, %xmm2 # 2 = io - eor v10.16b, v10.16b, v9.16b - eor v3.16b, v3.16b, v0.16b // vpxor %xmm0, %xmm3, %xmm3 # 3 = jo - eor v11.16b, v11.16b, v8.16b - ld1 {v16.2d}, [x9],#16 // vmovdqu (%r9), %xmm5 - cbnz w8, .Lenc_2x_loop - - // middle of last round - add x10, x11, #0x80 - // vmovdqa -0x60(%r10), %xmm4 # 3 : sbou .Lk_sbo - // vmovdqa -0x50(%r10), %xmm0 # 0 : sbot .Lk_sbo+16 - tbl v4.16b, {$sbou}, v2.16b // vpshufb %xmm2, %xmm4, %xmm4 # 4 = sbou - tbl v12.16b, {$sbou}, v10.16b - ld1 {v1.2d}, [x10] // vmovdqa 0x40(%r11,%r10), %xmm1 # .Lk_sr[] - tbl v0.16b, {$sbot}, v3.16b // vpshufb %xmm3, %xmm0, %xmm0 # 0 = sb1t - tbl v8.16b, {$sbot}, v11.16b - eor v4.16b, v4.16b, v16.16b // vpxor %xmm5, %xmm4, %xmm4 # 4 = sb1u + k - eor v12.16b, v12.16b, v16.16b - eor v0.16b, v0.16b, v4.16b // vpxor %xmm4, %xmm0, %xmm0 # 0 = A - eor v8.16b, v8.16b, v12.16b - tbl v0.16b, {v0.16b},v1.16b // vpshufb %xmm1, %xmm0, %xmm0 - tbl v1.16b, {v8.16b},v1.16b - ret -.size _vpaes_encrypt_2x,.-_vpaes_encrypt_2x - -.type _vpaes_decrypt_preheat,%function -.align 4 -_vpaes_decrypt_preheat: - adr x10, .Lk_inv - movi v17.16b, #0x0f - adr x11, .Lk_dipt - ld1 {v18.2d-v19.2d}, [x10],#32 // .Lk_inv - ld1 {v20.2d-v23.2d}, [x11],#64 // .Lk_dipt, .Lk_dsbo - ld1 {v24.2d-v27.2d}, [x11],#64 // .Lk_dsb9, .Lk_dsbd - ld1 {v28.2d-v31.2d}, [x11] // .Lk_dsbb, .Lk_dsbe - ret -.size _vpaes_decrypt_preheat,.-_vpaes_decrypt_preheat - -// -// Decryption core -// -// Same API as encryption core. -// -.type _vpaes_decrypt_core,%function -.align 4 -_vpaes_decrypt_core: - mov x9, $key - ldr w8, [$key,#240] // pull rounds - - // vmovdqa .Lk_dipt(%rip), %xmm2 # iptlo - lsl x11, x8, #4 // mov %rax, %r11; shl \$4, %r11 - eor x11, x11, #0x30 // xor \$0x30, %r11 - adr x10, .Lk_sr - and x11, x11, #0x30 // and \$0x30, %r11 - add x11, x11, x10 - adr x10, .Lk_mc_forward+48 - - ld1 {v16.2d}, [x9],#16 // vmovdqu (%r9), %xmm4 # round0 key - and v1.16b, v7.16b, v17.16b // vpand %xmm9, %xmm0, %xmm1 - ushr v0.16b, v7.16b, #4 // vpsrlb \$4, %xmm0, %xmm0 - tbl v2.16b, {$iptlo}, v1.16b // vpshufb %xmm1, %xmm2, %xmm2 - ld1 {v5.2d}, [x10] // vmovdqa .Lk_mc_forward+48(%rip), %xmm5 - // vmovdqa .Lk_dipt+16(%rip), %xmm1 # ipthi - tbl v0.16b, {$ipthi}, v0.16b // vpshufb %xmm0, %xmm1, %xmm0 - eor v2.16b, v2.16b, v16.16b // vpxor %xmm4, %xmm2, %xmm2 - eor v0.16b, v0.16b, v2.16b // vpxor %xmm2, %xmm0, %xmm0 - b .Ldec_entry - -.align 4 -.Ldec_loop: -// -// Inverse mix columns -// - // vmovdqa -0x20(%r10),%xmm4 # 4 : sb9u - // vmovdqa -0x10(%r10),%xmm1 # 0 : sb9t - tbl v4.16b, {$sb9u}, v2.16b // vpshufb %xmm2, %xmm4, %xmm4 # 4 = sb9u - tbl v1.16b, {$sb9t}, v3.16b // vpshufb %xmm3, %xmm1, %xmm1 # 0 = sb9t - eor v0.16b, v4.16b, v16.16b // vpxor %xmm4, %xmm0, %xmm0 - // vmovdqa 0x00(%r10),%xmm4 # 4 : sbdu - eor v0.16b, v0.16b, v1.16b // vpxor %xmm1, %xmm0, %xmm0 # 0 = ch - // vmovdqa 0x10(%r10),%xmm1 # 0 : sbdt - - tbl v4.16b, {$sbdu}, v2.16b // vpshufb %xmm2, %xmm4, %xmm4 # 4 = sbdu - tbl v0.16b, {v0.16b}, v5.16b // vpshufb %xmm5, %xmm0, %xmm0 # MC ch - tbl v1.16b, {$sbdt}, v3.16b // vpshufb %xmm3, %xmm1, %xmm1 # 0 = sbdt - eor v0.16b, v0.16b, v4.16b // vpxor %xmm4, %xmm0, %xmm0 # 4 = ch - // vmovdqa 0x20(%r10), %xmm4 # 4 : sbbu - eor v0.16b, v0.16b, v1.16b // vpxor %xmm1, %xmm0, %xmm0 # 0 = ch - // vmovdqa 0x30(%r10), %xmm1 # 0 : sbbt - - tbl v4.16b, {$sbbu}, v2.16b // vpshufb %xmm2, %xmm4, %xmm4 # 4 = sbbu - tbl v0.16b, {v0.16b}, v5.16b // vpshufb %xmm5, %xmm0, %xmm0 # MC ch - tbl v1.16b, {$sbbt}, v3.16b // vpshufb %xmm3, %xmm1, %xmm1 # 0 = sbbt - eor v0.16b, v0.16b, v4.16b // vpxor %xmm4, %xmm0, %xmm0 # 4 = ch - // vmovdqa 0x40(%r10), %xmm4 # 4 : sbeu - eor v0.16b, v0.16b, v1.16b // vpxor %xmm1, %xmm0, %xmm0 # 0 = ch - // vmovdqa 0x50(%r10), %xmm1 # 0 : sbet - - tbl v4.16b, {$sbeu}, v2.16b // vpshufb %xmm2, %xmm4, %xmm4 # 4 = sbeu - tbl v0.16b, {v0.16b}, v5.16b // vpshufb %xmm5, %xmm0, %xmm0 # MC ch - tbl v1.16b, {$sbet}, v3.16b // vpshufb %xmm3, %xmm1, %xmm1 # 0 = sbet - eor v0.16b, v0.16b, v4.16b // vpxor %xmm4, %xmm0, %xmm0 # 4 = ch - ext v5.16b, v5.16b, v5.16b, #12 // vpalignr \$12, %xmm5, %xmm5, %xmm5 - eor v0.16b, v0.16b, v1.16b // vpxor %xmm1, %xmm0, %xmm0 # 0 = ch - sub w8, w8, #1 // sub \$1,%rax # nr-- - -.Ldec_entry: - // top of round - and v1.16b, v0.16b, v17.16b // vpand %xmm9, %xmm0, %xmm1 # 0 = k - ushr v0.16b, v0.16b, #4 // vpsrlb \$4, %xmm0, %xmm0 # 1 = i - tbl v2.16b, {$invhi}, v1.16b // vpshufb %xmm1, %xmm11, %xmm2 # 2 = a/k - eor v1.16b, v1.16b, v0.16b // vpxor %xmm0, %xmm1, %xmm1 # 0 = j - tbl v3.16b, {$invlo}, v0.16b // vpshufb %xmm0, %xmm10, %xmm3 # 3 = 1/i - tbl v4.16b, {$invlo}, v1.16b // vpshufb %xmm1, %xmm10, %xmm4 # 4 = 1/j - eor v3.16b, v3.16b, v2.16b // vpxor %xmm2, %xmm3, %xmm3 # 3 = iak = 1/i + a/k - eor v4.16b, v4.16b, v2.16b // vpxor %xmm2, %xmm4, %xmm4 # 4 = jak = 1/j + a/k - tbl v2.16b, {$invlo}, v3.16b // vpshufb %xmm3, %xmm10, %xmm2 # 2 = 1/iak - tbl v3.16b, {$invlo}, v4.16b // vpshufb %xmm4, %xmm10, %xmm3 # 3 = 1/jak - eor v2.16b, v2.16b, v1.16b // vpxor %xmm1, %xmm2, %xmm2 # 2 = io - eor v3.16b, v3.16b, v0.16b // vpxor %xmm0, %xmm3, %xmm3 # 3 = jo - ld1 {v16.2d}, [x9],#16 // vmovdqu (%r9), %xmm0 - cbnz w8, .Ldec_loop - - // middle of last round - // vmovdqa 0x60(%r10), %xmm4 # 3 : sbou - tbl v4.16b, {$sbou}, v2.16b // vpshufb %xmm2, %xmm4, %xmm4 # 4 = sbou - // vmovdqa 0x70(%r10), %xmm1 # 0 : sbot - ld1 {v2.2d}, [x11] // vmovdqa -0x160(%r11), %xmm2 # .Lk_sr-.Lk_dsbd=-0x160 - tbl v1.16b, {$sbot}, v3.16b // vpshufb %xmm3, %xmm1, %xmm1 # 0 = sb1t - eor v4.16b, v4.16b, v16.16b // vpxor %xmm0, %xmm4, %xmm4 # 4 = sb1u + k - eor v0.16b, v1.16b, v4.16b // vpxor %xmm4, %xmm1, %xmm0 # 0 = A - tbl v0.16b, {v0.16b}, v2.16b // vpshufb %xmm2, %xmm0, %xmm0 - ret -.size _vpaes_decrypt_core,.-_vpaes_decrypt_core - -.globl vpaes_decrypt -.type vpaes_decrypt,%function -.align 4 -vpaes_decrypt: - .inst 0xd503233f // paciasp - stp x29,x30,[sp,#-16]! - add x29,sp,#0 - - ld1 {v7.16b}, [$inp] - bl _vpaes_decrypt_preheat - bl _vpaes_decrypt_core - st1 {v0.16b}, [$out] - - ldp x29,x30,[sp],#16 - .inst 0xd50323bf // autiasp - ret -.size vpaes_decrypt,.-vpaes_decrypt - -// v14-v15 input, v0-v1 output -.type _vpaes_decrypt_2x,%function -.align 4 -_vpaes_decrypt_2x: - mov x9, $key - ldr w8, [$key,#240] // pull rounds - - // vmovdqa .Lk_dipt(%rip), %xmm2 # iptlo - lsl x11, x8, #4 // mov %rax, %r11; shl \$4, %r11 - eor x11, x11, #0x30 // xor \$0x30, %r11 - adr x10, .Lk_sr - and x11, x11, #0x30 // and \$0x30, %r11 - add x11, x11, x10 - adr x10, .Lk_mc_forward+48 - - ld1 {v16.2d}, [x9],#16 // vmovdqu (%r9), %xmm4 # round0 key - and v1.16b, v14.16b, v17.16b // vpand %xmm9, %xmm0, %xmm1 - ushr v0.16b, v14.16b, #4 // vpsrlb \$4, %xmm0, %xmm0 - and v9.16b, v15.16b, v17.16b - ushr v8.16b, v15.16b, #4 - tbl v2.16b, {$iptlo},v1.16b // vpshufb %xmm1, %xmm2, %xmm2 - tbl v10.16b, {$iptlo},v9.16b - ld1 {v5.2d}, [x10] // vmovdqa .Lk_mc_forward+48(%rip), %xmm5 - // vmovdqa .Lk_dipt+16(%rip), %xmm1 # ipthi - tbl v0.16b, {$ipthi},v0.16b // vpshufb %xmm0, %xmm1, %xmm0 - tbl v8.16b, {$ipthi},v8.16b - eor v2.16b, v2.16b, v16.16b // vpxor %xmm4, %xmm2, %xmm2 - eor v10.16b, v10.16b, v16.16b - eor v0.16b, v0.16b, v2.16b // vpxor %xmm2, %xmm0, %xmm0 - eor v8.16b, v8.16b, v10.16b - b .Ldec_2x_entry - -.align 4 -.Ldec_2x_loop: -// -// Inverse mix columns -// - // vmovdqa -0x20(%r10),%xmm4 # 4 : sb9u - // vmovdqa -0x10(%r10),%xmm1 # 0 : sb9t - tbl v4.16b, {$sb9u}, v2.16b // vpshufb %xmm2, %xmm4, %xmm4 # 4 = sb9u - tbl v12.16b, {$sb9u}, v10.16b - tbl v1.16b, {$sb9t}, v3.16b // vpshufb %xmm3, %xmm1, %xmm1 # 0 = sb9t - tbl v9.16b, {$sb9t}, v11.16b - eor v0.16b, v4.16b, v16.16b // vpxor %xmm4, %xmm0, %xmm0 - eor v8.16b, v12.16b, v16.16b - // vmovdqa 0x00(%r10),%xmm4 # 4 : sbdu - eor v0.16b, v0.16b, v1.16b // vpxor %xmm1, %xmm0, %xmm0 # 0 = ch - eor v8.16b, v8.16b, v9.16b // vpxor %xmm1, %xmm0, %xmm0 # 0 = ch - // vmovdqa 0x10(%r10),%xmm1 # 0 : sbdt - - tbl v4.16b, {$sbdu}, v2.16b // vpshufb %xmm2, %xmm4, %xmm4 # 4 = sbdu - tbl v12.16b, {$sbdu}, v10.16b - tbl v0.16b, {v0.16b},v5.16b // vpshufb %xmm5, %xmm0, %xmm0 # MC ch - tbl v8.16b, {v8.16b},v5.16b - tbl v1.16b, {$sbdt}, v3.16b // vpshufb %xmm3, %xmm1, %xmm1 # 0 = sbdt - tbl v9.16b, {$sbdt}, v11.16b - eor v0.16b, v0.16b, v4.16b // vpxor %xmm4, %xmm0, %xmm0 # 4 = ch - eor v8.16b, v8.16b, v12.16b - // vmovdqa 0x20(%r10), %xmm4 # 4 : sbbu - eor v0.16b, v0.16b, v1.16b // vpxor %xmm1, %xmm0, %xmm0 # 0 = ch - eor v8.16b, v8.16b, v9.16b - // vmovdqa 0x30(%r10), %xmm1 # 0 : sbbt - - tbl v4.16b, {$sbbu}, v2.16b // vpshufb %xmm2, %xmm4, %xmm4 # 4 = sbbu - tbl v12.16b, {$sbbu}, v10.16b - tbl v0.16b, {v0.16b},v5.16b // vpshufb %xmm5, %xmm0, %xmm0 # MC ch - tbl v8.16b, {v8.16b},v5.16b - tbl v1.16b, {$sbbt}, v3.16b // vpshufb %xmm3, %xmm1, %xmm1 # 0 = sbbt - tbl v9.16b, {$sbbt}, v11.16b - eor v0.16b, v0.16b, v4.16b // vpxor %xmm4, %xmm0, %xmm0 # 4 = ch - eor v8.16b, v8.16b, v12.16b - // vmovdqa 0x40(%r10), %xmm4 # 4 : sbeu - eor v0.16b, v0.16b, v1.16b // vpxor %xmm1, %xmm0, %xmm0 # 0 = ch - eor v8.16b, v8.16b, v9.16b - // vmovdqa 0x50(%r10), %xmm1 # 0 : sbet - - tbl v4.16b, {$sbeu}, v2.16b // vpshufb %xmm2, %xmm4, %xmm4 # 4 = sbeu - tbl v12.16b, {$sbeu}, v10.16b - tbl v0.16b, {v0.16b},v5.16b // vpshufb %xmm5, %xmm0, %xmm0 # MC ch - tbl v8.16b, {v8.16b},v5.16b - tbl v1.16b, {$sbet}, v3.16b // vpshufb %xmm3, %xmm1, %xmm1 # 0 = sbet - tbl v9.16b, {$sbet}, v11.16b - eor v0.16b, v0.16b, v4.16b // vpxor %xmm4, %xmm0, %xmm0 # 4 = ch - eor v8.16b, v8.16b, v12.16b - ext v5.16b, v5.16b, v5.16b, #12 // vpalignr \$12, %xmm5, %xmm5, %xmm5 - eor v0.16b, v0.16b, v1.16b // vpxor %xmm1, %xmm0, %xmm0 # 0 = ch - eor v8.16b, v8.16b, v9.16b - sub w8, w8, #1 // sub \$1,%rax # nr-- - -.Ldec_2x_entry: - // top of round - and v1.16b, v0.16b, v17.16b // vpand %xmm9, %xmm0, %xmm1 # 0 = k - ushr v0.16b, v0.16b, #4 // vpsrlb \$4, %xmm0, %xmm0 # 1 = i - and v9.16b, v8.16b, v17.16b - ushr v8.16b, v8.16b, #4 - tbl v2.16b, {$invhi},v1.16b // vpshufb %xmm1, %xmm11, %xmm2 # 2 = a/k - tbl v10.16b, {$invhi},v9.16b - eor v1.16b, v1.16b, v0.16b // vpxor %xmm0, %xmm1, %xmm1 # 0 = j - eor v9.16b, v9.16b, v8.16b - tbl v3.16b, {$invlo},v0.16b // vpshufb %xmm0, %xmm10, %xmm3 # 3 = 1/i - tbl v11.16b, {$invlo},v8.16b - tbl v4.16b, {$invlo},v1.16b // vpshufb %xmm1, %xmm10, %xmm4 # 4 = 1/j - tbl v12.16b, {$invlo},v9.16b - eor v3.16b, v3.16b, v2.16b // vpxor %xmm2, %xmm3, %xmm3 # 3 = iak = 1/i + a/k - eor v11.16b, v11.16b, v10.16b - eor v4.16b, v4.16b, v2.16b // vpxor %xmm2, %xmm4, %xmm4 # 4 = jak = 1/j + a/k - eor v12.16b, v12.16b, v10.16b - tbl v2.16b, {$invlo},v3.16b // vpshufb %xmm3, %xmm10, %xmm2 # 2 = 1/iak - tbl v10.16b, {$invlo},v11.16b - tbl v3.16b, {$invlo},v4.16b // vpshufb %xmm4, %xmm10, %xmm3 # 3 = 1/jak - tbl v11.16b, {$invlo},v12.16b - eor v2.16b, v2.16b, v1.16b // vpxor %xmm1, %xmm2, %xmm2 # 2 = io - eor v10.16b, v10.16b, v9.16b - eor v3.16b, v3.16b, v0.16b // vpxor %xmm0, %xmm3, %xmm3 # 3 = jo - eor v11.16b, v11.16b, v8.16b - ld1 {v16.2d}, [x9],#16 // vmovdqu (%r9), %xmm0 - cbnz w8, .Ldec_2x_loop - - // middle of last round - // vmovdqa 0x60(%r10), %xmm4 # 3 : sbou - tbl v4.16b, {$sbou}, v2.16b // vpshufb %xmm2, %xmm4, %xmm4 # 4 = sbou - tbl v12.16b, {$sbou}, v10.16b - // vmovdqa 0x70(%r10), %xmm1 # 0 : sbot - tbl v1.16b, {$sbot}, v3.16b // vpshufb %xmm3, %xmm1, %xmm1 # 0 = sb1t - tbl v9.16b, {$sbot}, v11.16b - ld1 {v2.2d}, [x11] // vmovdqa -0x160(%r11), %xmm2 # .Lk_sr-.Lk_dsbd=-0x160 - eor v4.16b, v4.16b, v16.16b // vpxor %xmm0, %xmm4, %xmm4 # 4 = sb1u + k - eor v12.16b, v12.16b, v16.16b - eor v0.16b, v1.16b, v4.16b // vpxor %xmm4, %xmm1, %xmm0 # 0 = A - eor v8.16b, v9.16b, v12.16b - tbl v0.16b, {v0.16b},v2.16b // vpshufb %xmm2, %xmm0, %xmm0 - tbl v1.16b, {v8.16b},v2.16b - ret -.size _vpaes_decrypt_2x,.-_vpaes_decrypt_2x -___ -} -{ -my ($inp,$bits,$out,$dir)=("x0","w1","x2","w3"); -my ($invlo,$invhi,$iptlo,$ipthi,$rcon) = map("v$_.16b",(18..21,8)); - -$code.=<<___; -//////////////////////////////////////////////////////// -// // -// AES key schedule // -// // -//////////////////////////////////////////////////////// -.type _vpaes_key_preheat,%function -.align 4 -_vpaes_key_preheat: - adr x10, .Lk_inv - movi v16.16b, #0x5b // .Lk_s63 - adr x11, .Lk_sb1 - movi v17.16b, #0x0f // .Lk_s0F - ld1 {v18.2d-v21.2d}, [x10] // .Lk_inv, .Lk_ipt - adr x10, .Lk_dksd - ld1 {v22.2d-v23.2d}, [x11] // .Lk_sb1 - adr x11, .Lk_mc_forward - ld1 {v24.2d-v27.2d}, [x10],#64 // .Lk_dksd, .Lk_dksb - ld1 {v28.2d-v31.2d}, [x10],#64 // .Lk_dkse, .Lk_dks9 - ld1 {v8.2d}, [x10] // .Lk_rcon - ld1 {v9.2d}, [x11] // .Lk_mc_forward[0] - ret -.size _vpaes_key_preheat,.-_vpaes_key_preheat - -.type _vpaes_schedule_core,%function -.align 4 -_vpaes_schedule_core: - .inst 0xd503233f // paciasp - stp x29, x30, [sp,#-16]! - add x29,sp,#0 - - bl _vpaes_key_preheat // load the tables - - ld1 {v0.16b}, [$inp],#16 // vmovdqu (%rdi), %xmm0 # load key (unaligned) - - // input transform - mov v3.16b, v0.16b // vmovdqa %xmm0, %xmm3 - bl _vpaes_schedule_transform - mov v7.16b, v0.16b // vmovdqa %xmm0, %xmm7 - - adr x10, .Lk_sr // lea .Lk_sr(%rip),%r10 - add x8, x8, x10 - cbnz $dir, .Lschedule_am_decrypting - - // encrypting, output zeroth round key after transform - st1 {v0.2d}, [$out] // vmovdqu %xmm0, (%rdx) - b .Lschedule_go - -.Lschedule_am_decrypting: - // decrypting, output zeroth round key after shiftrows - ld1 {v1.2d}, [x8] // vmovdqa (%r8,%r10), %xmm1 - tbl v3.16b, {v3.16b}, v1.16b // vpshufb %xmm1, %xmm3, %xmm3 - st1 {v3.2d}, [$out] // vmovdqu %xmm3, (%rdx) - eor x8, x8, #0x30 // xor \$0x30, %r8 - -.Lschedule_go: - cmp $bits, #192 // cmp \$192, %esi - b.hi .Lschedule_256 - b.eq .Lschedule_192 - // 128: fall though - -// -// .schedule_128 -// -// 128-bit specific part of key schedule. -// -// This schedule is really simple, because all its parts -// are accomplished by the subroutines. -// -.Lschedule_128: - mov $inp, #10 // mov \$10, %esi - -.Loop_schedule_128: - sub $inp, $inp, #1 // dec %esi - bl _vpaes_schedule_round - cbz $inp, .Lschedule_mangle_last - bl _vpaes_schedule_mangle // write output - b .Loop_schedule_128 - -// -// .aes_schedule_192 -// -// 192-bit specific part of key schedule. -// -// The main body of this schedule is the same as the 128-bit -// schedule, but with more smearing. The long, high side is -// stored in %xmm7 as before, and the short, low side is in -// the high bits of %xmm6. -// -// This schedule is somewhat nastier, however, because each -// round produces 192 bits of key material, or 1.5 round keys. -// Therefore, on each cycle we do 2 rounds and produce 3 round -// keys. -// -.align 4 -.Lschedule_192: - sub $inp, $inp, #8 - ld1 {v0.16b}, [$inp] // vmovdqu 8(%rdi),%xmm0 # load key part 2 (very unaligned) - bl _vpaes_schedule_transform // input transform - mov v6.16b, v0.16b // vmovdqa %xmm0, %xmm6 # save short part - eor v4.16b, v4.16b, v4.16b // vpxor %xmm4, %xmm4, %xmm4 # clear 4 - ins v6.d[0], v4.d[0] // vmovhlps %xmm4, %xmm6, %xmm6 # clobber low side with zeros - mov $inp, #4 // mov \$4, %esi - -.Loop_schedule_192: - sub $inp, $inp, #1 // dec %esi - bl _vpaes_schedule_round - ext v0.16b, v6.16b, v0.16b, #8 // vpalignr \$8,%xmm6,%xmm0,%xmm0 - bl _vpaes_schedule_mangle // save key n - bl _vpaes_schedule_192_smear - bl _vpaes_schedule_mangle // save key n+1 - bl _vpaes_schedule_round - cbz $inp, .Lschedule_mangle_last - bl _vpaes_schedule_mangle // save key n+2 - bl _vpaes_schedule_192_smear - b .Loop_schedule_192 - -// -// .aes_schedule_256 -// -// 256-bit specific part of key schedule. -// -// The structure here is very similar to the 128-bit -// schedule, but with an additional "low side" in -// %xmm6. The low side's rounds are the same as the -// high side's, except no rcon and no rotation. -// -.align 4 -.Lschedule_256: - ld1 {v0.16b}, [$inp] // vmovdqu 16(%rdi),%xmm0 # load key part 2 (unaligned) - bl _vpaes_schedule_transform // input transform - mov $inp, #7 // mov \$7, %esi - -.Loop_schedule_256: - sub $inp, $inp, #1 // dec %esi - bl _vpaes_schedule_mangle // output low result - mov v6.16b, v0.16b // vmovdqa %xmm0, %xmm6 # save cur_lo in xmm6 - - // high round - bl _vpaes_schedule_round - cbz $inp, .Lschedule_mangle_last - bl _vpaes_schedule_mangle - - // low round. swap xmm7 and xmm6 - dup v0.4s, v0.s[3] // vpshufd \$0xFF, %xmm0, %xmm0 - movi v4.16b, #0 - mov v5.16b, v7.16b // vmovdqa %xmm7, %xmm5 - mov v7.16b, v6.16b // vmovdqa %xmm6, %xmm7 - bl _vpaes_schedule_low_round - mov v7.16b, v5.16b // vmovdqa %xmm5, %xmm7 - - b .Loop_schedule_256 - -// -// .aes_schedule_mangle_last -// -// Mangler for last round of key schedule -// Mangles %xmm0 -// when encrypting, outputs out(%xmm0) ^ 63 -// when decrypting, outputs unskew(%xmm0) -// -// Always called right before return... jumps to cleanup and exits -// -.align 4 -.Lschedule_mangle_last: - // schedule last round key from xmm0 - adr x11, .Lk_deskew // lea .Lk_deskew(%rip),%r11 # prepare to deskew - cbnz $dir, .Lschedule_mangle_last_dec - - // encrypting - ld1 {v1.2d}, [x8] // vmovdqa (%r8,%r10),%xmm1 - adr x11, .Lk_opt // lea .Lk_opt(%rip), %r11 # prepare to output transform - add $out, $out, #32 // add \$32, %rdx - tbl v0.16b, {v0.16b}, v1.16b // vpshufb %xmm1, %xmm0, %xmm0 # output permute - -.Lschedule_mangle_last_dec: - ld1 {v20.2d-v21.2d}, [x11] // reload constants - sub $out, $out, #16 // add \$-16, %rdx - eor v0.16b, v0.16b, v16.16b // vpxor .Lk_s63(%rip), %xmm0, %xmm0 - bl _vpaes_schedule_transform // output transform - st1 {v0.2d}, [$out] // vmovdqu %xmm0, (%rdx) # save last key - - // cleanup - eor v0.16b, v0.16b, v0.16b // vpxor %xmm0, %xmm0, %xmm0 - eor v1.16b, v1.16b, v1.16b // vpxor %xmm1, %xmm1, %xmm1 - eor v2.16b, v2.16b, v2.16b // vpxor %xmm2, %xmm2, %xmm2 - eor v3.16b, v3.16b, v3.16b // vpxor %xmm3, %xmm3, %xmm3 - eor v4.16b, v4.16b, v4.16b // vpxor %xmm4, %xmm4, %xmm4 - eor v5.16b, v5.16b, v5.16b // vpxor %xmm5, %xmm5, %xmm5 - eor v6.16b, v6.16b, v6.16b // vpxor %xmm6, %xmm6, %xmm6 - eor v7.16b, v7.16b, v7.16b // vpxor %xmm7, %xmm7, %xmm7 - ldp x29, x30, [sp],#16 - .inst 0xd50323bf // autiasp - ret -.size _vpaes_schedule_core,.-_vpaes_schedule_core - -// -// .aes_schedule_192_smear -// -// Smear the short, low side in the 192-bit key schedule. -// -// Inputs: -// %xmm7: high side, b a x y -// %xmm6: low side, d c 0 0 -// %xmm13: 0 -// -// Outputs: -// %xmm6: b+c+d b+c 0 0 -// %xmm0: b+c+d b+c b a -// -.type _vpaes_schedule_192_smear,%function -.align 4 -_vpaes_schedule_192_smear: - movi v1.16b, #0 - dup v0.4s, v7.s[3] - ins v1.s[3], v6.s[2] // vpshufd \$0x80, %xmm6, %xmm1 # d c 0 0 -> c 0 0 0 - ins v0.s[0], v7.s[2] // vpshufd \$0xFE, %xmm7, %xmm0 # b a _ _ -> b b b a - eor v6.16b, v6.16b, v1.16b // vpxor %xmm1, %xmm6, %xmm6 # -> c+d c 0 0 - eor v1.16b, v1.16b, v1.16b // vpxor %xmm1, %xmm1, %xmm1 - eor v6.16b, v6.16b, v0.16b // vpxor %xmm0, %xmm6, %xmm6 # -> b+c+d b+c b a - mov v0.16b, v6.16b // vmovdqa %xmm6, %xmm0 - ins v6.d[0], v1.d[0] // vmovhlps %xmm1, %xmm6, %xmm6 # clobber low side with zeros - ret -.size _vpaes_schedule_192_smear,.-_vpaes_schedule_192_smear - -// -// .aes_schedule_round -// -// Runs one main round of the key schedule on %xmm0, %xmm7 -// -// Specifically, runs subbytes on the high dword of %xmm0 -// then rotates it by one byte and xors into the low dword of -// %xmm7. -// -// Adds rcon from low byte of %xmm8, then rotates %xmm8 for -// next rcon. -// -// Smears the dwords of %xmm7 by xoring the low into the -// second low, result into third, result into highest. -// -// Returns results in %xmm7 = %xmm0. -// Clobbers %xmm1-%xmm4, %r11. -// -.type _vpaes_schedule_round,%function -.align 4 -_vpaes_schedule_round: - // extract rcon from xmm8 - movi v4.16b, #0 // vpxor %xmm4, %xmm4, %xmm4 - ext v1.16b, $rcon, v4.16b, #15 // vpalignr \$15, %xmm8, %xmm4, %xmm1 - ext $rcon, $rcon, $rcon, #15 // vpalignr \$15, %xmm8, %xmm8, %xmm8 - eor v7.16b, v7.16b, v1.16b // vpxor %xmm1, %xmm7, %xmm7 - - // rotate - dup v0.4s, v0.s[3] // vpshufd \$0xFF, %xmm0, %xmm0 - ext v0.16b, v0.16b, v0.16b, #1 // vpalignr \$1, %xmm0, %xmm0, %xmm0 - - // fall through... - - // low round: same as high round, but no rotation and no rcon. -_vpaes_schedule_low_round: - // smear xmm7 - ext v1.16b, v4.16b, v7.16b, #12 // vpslldq \$4, %xmm7, %xmm1 - eor v7.16b, v7.16b, v1.16b // vpxor %xmm1, %xmm7, %xmm7 - ext v4.16b, v4.16b, v7.16b, #8 // vpslldq \$8, %xmm7, %xmm4 - - // subbytes - and v1.16b, v0.16b, v17.16b // vpand %xmm9, %xmm0, %xmm1 # 0 = k - ushr v0.16b, v0.16b, #4 // vpsrlb \$4, %xmm0, %xmm0 # 1 = i - eor v7.16b, v7.16b, v4.16b // vpxor %xmm4, %xmm7, %xmm7 - tbl v2.16b, {$invhi}, v1.16b // vpshufb %xmm1, %xmm11, %xmm2 # 2 = a/k - eor v1.16b, v1.16b, v0.16b // vpxor %xmm0, %xmm1, %xmm1 # 0 = j - tbl v3.16b, {$invlo}, v0.16b // vpshufb %xmm0, %xmm10, %xmm3 # 3 = 1/i - eor v3.16b, v3.16b, v2.16b // vpxor %xmm2, %xmm3, %xmm3 # 3 = iak = 1/i + a/k - tbl v4.16b, {$invlo}, v1.16b // vpshufb %xmm1, %xmm10, %xmm4 # 4 = 1/j - eor v7.16b, v7.16b, v16.16b // vpxor .Lk_s63(%rip), %xmm7, %xmm7 - tbl v3.16b, {$invlo}, v3.16b // vpshufb %xmm3, %xmm10, %xmm3 # 2 = 1/iak - eor v4.16b, v4.16b, v2.16b // vpxor %xmm2, %xmm4, %xmm4 # 4 = jak = 1/j + a/k - tbl v2.16b, {$invlo}, v4.16b // vpshufb %xmm4, %xmm10, %xmm2 # 3 = 1/jak - eor v3.16b, v3.16b, v1.16b // vpxor %xmm1, %xmm3, %xmm3 # 2 = io - eor v2.16b, v2.16b, v0.16b // vpxor %xmm0, %xmm2, %xmm2 # 3 = jo - tbl v4.16b, {v23.16b}, v3.16b // vpshufb %xmm3, %xmm13, %xmm4 # 4 = sbou - tbl v1.16b, {v22.16b}, v2.16b // vpshufb %xmm2, %xmm12, %xmm1 # 0 = sb1t - eor v1.16b, v1.16b, v4.16b // vpxor %xmm4, %xmm1, %xmm1 # 0 = sbox output - - // add in smeared stuff - eor v0.16b, v1.16b, v7.16b // vpxor %xmm7, %xmm1, %xmm0 - eor v7.16b, v1.16b, v7.16b // vmovdqa %xmm0, %xmm7 - ret -.size _vpaes_schedule_round,.-_vpaes_schedule_round - -// -// .aes_schedule_transform -// -// Linear-transform %xmm0 according to tables at (%r11) -// -// Requires that %xmm9 = 0x0F0F... as in preheat -// Output in %xmm0 -// Clobbers %xmm1, %xmm2 -// -.type _vpaes_schedule_transform,%function -.align 4 -_vpaes_schedule_transform: - and v1.16b, v0.16b, v17.16b // vpand %xmm9, %xmm0, %xmm1 - ushr v0.16b, v0.16b, #4 // vpsrlb \$4, %xmm0, %xmm0 - // vmovdqa (%r11), %xmm2 # lo - tbl v2.16b, {$iptlo}, v1.16b // vpshufb %xmm1, %xmm2, %xmm2 - // vmovdqa 16(%r11), %xmm1 # hi - tbl v0.16b, {$ipthi}, v0.16b // vpshufb %xmm0, %xmm1, %xmm0 - eor v0.16b, v0.16b, v2.16b // vpxor %xmm2, %xmm0, %xmm0 - ret -.size _vpaes_schedule_transform,.-_vpaes_schedule_transform - -// -// .aes_schedule_mangle -// -// Mangle xmm0 from (basis-transformed) standard version -// to our version. -// -// On encrypt, -// xor with 0x63 -// multiply by circulant 0,1,1,1 -// apply shiftrows transform -// -// On decrypt, -// xor with 0x63 -// multiply by "inverse mixcolumns" circulant E,B,D,9 -// deskew -// apply shiftrows transform -// -// -// Writes out to (%rdx), and increments or decrements it -// Keeps track of round number mod 4 in %r8 -// Preserves xmm0 -// Clobbers xmm1-xmm5 -// -.type _vpaes_schedule_mangle,%function -.align 4 -_vpaes_schedule_mangle: - mov v4.16b, v0.16b // vmovdqa %xmm0, %xmm4 # save xmm0 for later - // vmovdqa .Lk_mc_forward(%rip),%xmm5 - cbnz $dir, .Lschedule_mangle_dec - - // encrypting - eor v4.16b, v0.16b, v16.16b // vpxor .Lk_s63(%rip), %xmm0, %xmm4 - add $out, $out, #16 // add \$16, %rdx - tbl v4.16b, {v4.16b}, v9.16b // vpshufb %xmm5, %xmm4, %xmm4 - tbl v1.16b, {v4.16b}, v9.16b // vpshufb %xmm5, %xmm4, %xmm1 - tbl v3.16b, {v1.16b}, v9.16b // vpshufb %xmm5, %xmm1, %xmm3 - eor v4.16b, v4.16b, v1.16b // vpxor %xmm1, %xmm4, %xmm4 - ld1 {v1.2d}, [x8] // vmovdqa (%r8,%r10), %xmm1 - eor v3.16b, v3.16b, v4.16b // vpxor %xmm4, %xmm3, %xmm3 - - b .Lschedule_mangle_both -.align 4 -.Lschedule_mangle_dec: - // inverse mix columns - // lea .Lk_dksd(%rip),%r11 - ushr v1.16b, v4.16b, #4 // vpsrlb \$4, %xmm4, %xmm1 # 1 = hi - and v4.16b, v4.16b, v17.16b // vpand %xmm9, %xmm4, %xmm4 # 4 = lo - - // vmovdqa 0x00(%r11), %xmm2 - tbl v2.16b, {v24.16b}, v4.16b // vpshufb %xmm4, %xmm2, %xmm2 - // vmovdqa 0x10(%r11), %xmm3 - tbl v3.16b, {v25.16b}, v1.16b // vpshufb %xmm1, %xmm3, %xmm3 - eor v3.16b, v3.16b, v2.16b // vpxor %xmm2, %xmm3, %xmm3 - tbl v3.16b, {v3.16b}, v9.16b // vpshufb %xmm5, %xmm3, %xmm3 - - // vmovdqa 0x20(%r11), %xmm2 - tbl v2.16b, {v26.16b}, v4.16b // vpshufb %xmm4, %xmm2, %xmm2 - eor v2.16b, v2.16b, v3.16b // vpxor %xmm3, %xmm2, %xmm2 - // vmovdqa 0x30(%r11), %xmm3 - tbl v3.16b, {v27.16b}, v1.16b // vpshufb %xmm1, %xmm3, %xmm3 - eor v3.16b, v3.16b, v2.16b // vpxor %xmm2, %xmm3, %xmm3 - tbl v3.16b, {v3.16b}, v9.16b // vpshufb %xmm5, %xmm3, %xmm3 - - // vmovdqa 0x40(%r11), %xmm2 - tbl v2.16b, {v28.16b}, v4.16b // vpshufb %xmm4, %xmm2, %xmm2 - eor v2.16b, v2.16b, v3.16b // vpxor %xmm3, %xmm2, %xmm2 - // vmovdqa 0x50(%r11), %xmm3 - tbl v3.16b, {v29.16b}, v1.16b // vpshufb %xmm1, %xmm3, %xmm3 - eor v3.16b, v3.16b, v2.16b // vpxor %xmm2, %xmm3, %xmm3 - - // vmovdqa 0x60(%r11), %xmm2 - tbl v2.16b, {v30.16b}, v4.16b // vpshufb %xmm4, %xmm2, %xmm2 - tbl v3.16b, {v3.16b}, v9.16b // vpshufb %xmm5, %xmm3, %xmm3 - // vmovdqa 0x70(%r11), %xmm4 - tbl v4.16b, {v31.16b}, v1.16b // vpshufb %xmm1, %xmm4, %xmm4 - ld1 {v1.2d}, [x8] // vmovdqa (%r8,%r10), %xmm1 - eor v2.16b, v2.16b, v3.16b // vpxor %xmm3, %xmm2, %xmm2 - eor v3.16b, v4.16b, v2.16b // vpxor %xmm2, %xmm4, %xmm3 - - sub $out, $out, #16 // add \$-16, %rdx - -.Lschedule_mangle_both: - tbl v3.16b, {v3.16b}, v1.16b // vpshufb %xmm1, %xmm3, %xmm3 - add x8, x8, #64-16 // add \$-16, %r8 - and x8, x8, #~(1<<6) // and \$0x30, %r8 - st1 {v3.2d}, [$out] // vmovdqu %xmm3, (%rdx) - ret -.size _vpaes_schedule_mangle,.-_vpaes_schedule_mangle - -.globl vpaes_set_encrypt_key -.type vpaes_set_encrypt_key,%function -.align 4 -vpaes_set_encrypt_key: - .inst 0xd503233f // paciasp - stp x29,x30,[sp,#-16]! - add x29,sp,#0 - stp d8,d9,[sp,#-16]! // ABI spec says so - - lsr w9, $bits, #5 // shr \$5,%eax - add w9, w9, #5 // \$5,%eax - str w9, [$out,#240] // mov %eax,240(%rdx) # AES_KEY->rounds = nbits/32+5; - - mov $dir, #0 // mov \$0,%ecx - mov x8, #0x30 // mov \$0x30,%r8d - bl _vpaes_schedule_core - eor x0, x0, x0 - - ldp d8,d9,[sp],#16 - ldp x29,x30,[sp],#16 - .inst 0xd50323bf // autiasp - ret -.size vpaes_set_encrypt_key,.-vpaes_set_encrypt_key - -.globl vpaes_set_decrypt_key -.type vpaes_set_decrypt_key,%function -.align 4 -vpaes_set_decrypt_key: - .inst 0xd503233f // paciasp - stp x29,x30,[sp,#-16]! - add x29,sp,#0 - stp d8,d9,[sp,#-16]! // ABI spec says so - - lsr w9, $bits, #5 // shr \$5,%eax - add w9, w9, #5 // \$5,%eax - str w9, [$out,#240] // mov %eax,240(%rdx) # AES_KEY->rounds = nbits/32+5; - lsl w9, w9, #4 // shl \$4,%eax - add $out, $out, #16 // lea 16(%rdx,%rax),%rdx - add $out, $out, x9 - - mov $dir, #1 // mov \$1,%ecx - lsr w8, $bits, #1 // shr \$1,%r8d - and x8, x8, #32 // and \$32,%r8d - eor x8, x8, #32 // xor \$32,%r8d # nbits==192?0:32 - bl _vpaes_schedule_core - - ldp d8,d9,[sp],#16 - ldp x29,x30,[sp],#16 - .inst 0xd50323bf // autiasp - ret -.size vpaes_set_decrypt_key,.-vpaes_set_decrypt_key -___ -} -{ -my ($inp,$out,$len,$key,$ivec,$dir) = map("x$_",(0..5)); - -$code.=<<___; -.globl vpaes_cbc_encrypt -.type vpaes_cbc_encrypt,%function -.align 4 -vpaes_cbc_encrypt: - cbz $len, .Lcbc_abort - cmp w5, #0 // check direction - b.eq vpaes_cbc_decrypt - - .inst 0xd503233f // paciasp - stp x29,x30,[sp,#-16]! - add x29,sp,#0 - - mov x17, $len // reassign - mov x2, $key // reassign - - ld1 {v0.16b}, [$ivec] // load ivec - bl _vpaes_encrypt_preheat - b .Lcbc_enc_loop - -.align 4 -.Lcbc_enc_loop: - ld1 {v7.16b}, [$inp],#16 // load input - eor v7.16b, v7.16b, v0.16b // xor with ivec - bl _vpaes_encrypt_core - st1 {v0.16b}, [$out],#16 // save output - subs x17, x17, #16 - b.hi .Lcbc_enc_loop - - st1 {v0.16b}, [$ivec] // write ivec - - ldp x29,x30,[sp],#16 - .inst 0xd50323bf // autiasp -.Lcbc_abort: - ret -.size vpaes_cbc_encrypt,.-vpaes_cbc_encrypt - -.type vpaes_cbc_decrypt,%function -.align 4 -vpaes_cbc_decrypt: - .inst 0xd503233f // paciasp - stp x29,x30,[sp,#-16]! - add x29,sp,#0 - stp d8,d9,[sp,#-16]! // ABI spec says so - stp d10,d11,[sp,#-16]! - stp d12,d13,[sp,#-16]! - stp d14,d15,[sp,#-16]! - - mov x17, $len // reassign - mov x2, $key // reassign - ld1 {v6.16b}, [$ivec] // load ivec - bl _vpaes_decrypt_preheat - tst x17, #16 - b.eq .Lcbc_dec_loop2x - - ld1 {v7.16b}, [$inp], #16 // load input - bl _vpaes_decrypt_core - eor v0.16b, v0.16b, v6.16b // xor with ivec - orr v6.16b, v7.16b, v7.16b // next ivec value - st1 {v0.16b}, [$out], #16 - subs x17, x17, #16 - b.ls .Lcbc_dec_done - -.align 4 -.Lcbc_dec_loop2x: - ld1 {v14.16b,v15.16b}, [$inp], #32 - bl _vpaes_decrypt_2x - eor v0.16b, v0.16b, v6.16b // xor with ivec - eor v1.16b, v1.16b, v14.16b - orr v6.16b, v15.16b, v15.16b - st1 {v0.16b,v1.16b}, [$out], #32 - subs x17, x17, #32 - b.hi .Lcbc_dec_loop2x - -.Lcbc_dec_done: - st1 {v6.16b}, [$ivec] - - ldp d14,d15,[sp],#16 - ldp d12,d13,[sp],#16 - ldp d10,d11,[sp],#16 - ldp d8,d9,[sp],#16 - ldp x29,x30,[sp],#16 - .inst 0xd50323bf // autiasp - ret -.size vpaes_cbc_decrypt,.-vpaes_cbc_decrypt -___ -if (1) { -$code.=<<___; -.globl vpaes_ecb_encrypt -.type vpaes_ecb_encrypt,%function -.align 4 -vpaes_ecb_encrypt: - .inst 0xd503233f // paciasp - stp x29,x30,[sp,#-16]! - add x29,sp,#0 - stp d8,d9,[sp,#-16]! // ABI spec says so - stp d10,d11,[sp,#-16]! - stp d12,d13,[sp,#-16]! - stp d14,d15,[sp,#-16]! - - mov x17, $len - mov x2, $key - bl _vpaes_encrypt_preheat - tst x17, #16 - b.eq .Lecb_enc_loop - - ld1 {v7.16b}, [$inp],#16 - bl _vpaes_encrypt_core - st1 {v0.16b}, [$out],#16 - subs x17, x17, #16 - b.ls .Lecb_enc_done - -.align 4 -.Lecb_enc_loop: - ld1 {v14.16b,v15.16b}, [$inp], #32 - bl _vpaes_encrypt_2x - st1 {v0.16b,v1.16b}, [$out], #32 - subs x17, x17, #32 - b.hi .Lecb_enc_loop - -.Lecb_enc_done: - ldp d14,d15,[sp],#16 - ldp d12,d13,[sp],#16 - ldp d10,d11,[sp],#16 - ldp d8,d9,[sp],#16 - ldp x29,x30,[sp],#16 - .inst 0xd50323bf // autiasp - ret -.size vpaes_ecb_encrypt,.-vpaes_ecb_encrypt - -.globl vpaes_ecb_decrypt -.type vpaes_ecb_decrypt,%function -.align 4 -vpaes_ecb_decrypt: - .inst 0xd503233f // paciasp - stp x29,x30,[sp,#-16]! - add x29,sp,#0 - stp d8,d9,[sp,#-16]! // ABI spec says so - stp d10,d11,[sp,#-16]! - stp d12,d13,[sp,#-16]! - stp d14,d15,[sp,#-16]! - - mov x17, $len - mov x2, $key - bl _vpaes_decrypt_preheat - tst x17, #16 - b.eq .Lecb_dec_loop - - ld1 {v7.16b}, [$inp],#16 - bl _vpaes_encrypt_core - st1 {v0.16b}, [$out],#16 - subs x17, x17, #16 - b.ls .Lecb_dec_done - -.align 4 -.Lecb_dec_loop: - ld1 {v14.16b,v15.16b}, [$inp], #32 - bl _vpaes_decrypt_2x - st1 {v0.16b,v1.16b}, [$out], #32 - subs x17, x17, #32 - b.hi .Lecb_dec_loop - -.Lecb_dec_done: - ldp d14,d15,[sp],#16 - ldp d12,d13,[sp],#16 - ldp d10,d11,[sp],#16 - ldp d8,d9,[sp],#16 - ldp x29,x30,[sp],#16 - .inst 0xd50323bf // autiasp - ret -.size vpaes_ecb_decrypt,.-vpaes_ecb_decrypt -___ -} } -print $code; - -close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/aes/asm/vpaes-ppc.pl b/crypto/aes/asm/vpaes-ppc.pl deleted file mode 100644 index 7af47c630e71a6f825b05d8fe17c737a0ef6aecf..0000000000000000000000000000000000000000 --- a/crypto/aes/asm/vpaes-ppc.pl +++ /dev/null @@ -1,1598 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2013-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - - -###################################################################### -## Constant-time SSSE3 AES core implementation. -## version 0.1 -## -## By Mike Hamburg (Stanford University), 2009 -## Public domain. -## -## For details see http://shiftleft.org/papers/vector_aes/ and -## http://crypto.stanford.edu/vpaes/. - -# CBC encrypt/decrypt performance in cycles per byte processed with -# 128-bit key. -# -# aes-ppc.pl this -# PPC74x0/G4e 35.5/52.1/(23.8) 11.9(*)/15.4 -# PPC970/G5 37.9/55.0/(28.5) 22.2/28.5 -# POWER6 42.7/54.3/(28.2) 63.0/92.8(**) -# POWER7 32.3/42.9/(18.4) 18.5/23.3 -# -# (*) This is ~10% worse than reported in paper. The reason is -# twofold. This module doesn't make any assumption about -# key schedule (or data for that matter) alignment and handles -# it in-line. Secondly it, being transliterated from -# vpaes-x86_64.pl, relies on "nested inversion" better suited -# for Intel CPUs. -# (**) Inadequate POWER6 performance is due to astronomic AltiVec -# latency, 9 cycles per simple logical operation. - -# $output is the last argument if it looks like a file (it has an extension) -# $flavour is the first argument if it doesn't look like a file -$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; -$flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef; - -if ($flavour =~ /64/) { - $SIZE_T =8; - $LRSAVE =2*$SIZE_T; - $STU ="stdu"; - $POP ="ld"; - $PUSH ="std"; - $UCMP ="cmpld"; -} elsif ($flavour =~ /32/) { - $SIZE_T =4; - $LRSAVE =$SIZE_T; - $STU ="stwu"; - $POP ="lwz"; - $PUSH ="stw"; - $UCMP ="cmplw"; -} else { die "nonsense $flavour"; } - -$sp="r1"; -$FRAME=6*$SIZE_T+13*16; # 13*16 is for v20-v31 offload - -$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; -( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or -( $xlate="${dir}../../perlasm/ppc-xlate.pl" and -f $xlate) or -die "can't locate ppc-xlate.pl"; - -open STDOUT,"| $^X $xlate $flavour \"$output\"" - || die "can't call $xlate: $!"; - -$code.=<<___; -.machine "any" - -.text - -.align 7 # totally strategic alignment -_vpaes_consts: -Lk_mc_forward: # mc_forward - .long 0x01020300, 0x05060704, 0x090a0b08, 0x0d0e0f0c ?inv - .long 0x05060704, 0x090a0b08, 0x0d0e0f0c, 0x01020300 ?inv - .long 0x090a0b08, 0x0d0e0f0c, 0x01020300, 0x05060704 ?inv - .long 0x0d0e0f0c, 0x01020300, 0x05060704, 0x090a0b08 ?inv -Lk_mc_backward: # mc_backward - .long 0x03000102, 0x07040506, 0x0b08090a, 0x0f0c0d0e ?inv - .long 0x0f0c0d0e, 0x03000102, 0x07040506, 0x0b08090a ?inv - .long 0x0b08090a, 0x0f0c0d0e, 0x03000102, 0x07040506 ?inv - .long 0x07040506, 0x0b08090a, 0x0f0c0d0e, 0x03000102 ?inv -Lk_sr: # sr - .long 0x00010203, 0x04050607, 0x08090a0b, 0x0c0d0e0f ?inv - .long 0x00050a0f, 0x04090e03, 0x080d0207, 0x0c01060b ?inv - .long 0x0009020b, 0x040d060f, 0x08010a03, 0x0c050e07 ?inv - .long 0x000d0a07, 0x04010e0b, 0x0805020f, 0x0c090603 ?inv - -## -## "Hot" constants -## -Lk_inv: # inv, inva - .long 0xf001080d, 0x0f06050e, 0x020c0b0a, 0x09030704 ?rev - .long 0xf0070b0f, 0x060a0401, 0x09080502, 0x0c0e0d03 ?rev -Lk_ipt: # input transform (lo, hi) - .long 0x00702a5a, 0x98e8b2c2, 0x08782252, 0x90e0baca ?rev - .long 0x004d7c31, 0x7d30014c, 0x81ccfdb0, 0xfcb180cd ?rev -Lk_sbo: # sbou, sbot - .long 0x00c7bd6f, 0x176dd2d0, 0x78a802c5, 0x7abfaa15 ?rev - .long 0x006abb5f, 0xa574e4cf, 0xfa352b41, 0xd1901e8e ?rev -Lk_sb1: # sb1u, sb1t - .long 0x0023e2fa, 0x15d41836, 0xefd92e0d, 0xc1ccf73b ?rev - .long 0x003e50cb, 0x8fe19bb1, 0x44f52a14, 0x6e7adfa5 ?rev -Lk_sb2: # sb2u, sb2t - .long 0x0029e10a, 0x4088eb69, 0x4a2382ab, 0xc863a1c2 ?rev - .long 0x0024710b, 0xc6937ae2, 0xcd2f98bc, 0x55e9b75e ?rev - -## -## Decryption stuff -## -Lk_dipt: # decryption input transform - .long 0x005f540b, 0x045b500f, 0x1a454e11, 0x1e414a15 ?rev - .long 0x00650560, 0xe683e386, 0x94f191f4, 0x72177712 ?rev -Lk_dsbo: # decryption sbox final output - .long 0x0040f97e, 0x53ea8713, 0x2d3e94d4, 0xb96daac7 ?rev - .long 0x001d4493, 0x0f56d712, 0x9c8ec5d8, 0x59814bca ?rev -Lk_dsb9: # decryption sbox output *9*u, *9*t - .long 0x00d6869a, 0x53031c85, 0xc94c994f, 0x501fd5ca ?rev - .long 0x0049d7ec, 0x89173bc0, 0x65a5fbb2, 0x9e2c5e72 ?rev -Lk_dsbd: # decryption sbox output *D*u, *D*t - .long 0x00a2b1e6, 0xdfcc577d, 0x39442a88, 0x139b6ef5 ?rev - .long 0x00cbc624, 0xf7fae23c, 0xd3efde15, 0x0d183129 ?rev -Lk_dsbb: # decryption sbox output *B*u, *B*t - .long 0x0042b496, 0x926422d0, 0x04d4f2b0, 0xf6462660 ?rev - .long 0x006759cd, 0xa69894c1, 0x6baa5532, 0x3e0cfff3 ?rev -Lk_dsbe: # decryption sbox output *E*u, *E*t - .long 0x00d0d426, 0x9692f246, 0xb0f6b464, 0x04604222 ?rev - .long 0x00c1aaff, 0xcda6550c, 0x323e5998, 0x6bf36794 ?rev - -## -## Key schedule constants -## -Lk_dksd: # decryption key schedule: invskew x*D - .long 0x0047e4a3, 0x5d1ab9fe, 0xf9be1d5a, 0xa4e34007 ?rev - .long 0x008336b5, 0xf477c241, 0x1e9d28ab, 0xea69dc5f ?rev -Lk_dksb: # decryption key schedule: invskew x*B - .long 0x00d55085, 0x1fca4f9a, 0x994cc91c, 0x8653d603 ?rev - .long 0x004afcb6, 0xa7ed5b11, 0xc882347e, 0x6f2593d9 ?rev -Lk_dkse: # decryption key schedule: invskew x*E + 0x63 - .long 0x00d6c91f, 0xca1c03d5, 0x86504f99, 0x4c9a8553 ?rev - .long 0xe87bdc4f, 0x059631a2, 0x8714b320, 0x6af95ecd ?rev -Lk_dks9: # decryption key schedule: invskew x*9 - .long 0x00a7d97e, 0xc86f11b6, 0xfc5b2582, 0x3493ed4a ?rev - .long 0x00331427, 0x62517645, 0xcefddae9, 0xac9fb88b ?rev - -Lk_rcon: # rcon - .long 0xb6ee9daf, 0xb991831f, 0x817d7c4d, 0x08982a70 ?asis -Lk_s63: - .long 0x5b5b5b5b, 0x5b5b5b5b, 0x5b5b5b5b, 0x5b5b5b5b ?asis - -Lk_opt: # output transform - .long 0x0060b6d6, 0x29499fff, 0x0868bede, 0x214197f7 ?rev - .long 0x00ecbc50, 0x51bded01, 0xe00c5cb0, 0xb15d0de1 ?rev -Lk_deskew: # deskew tables: inverts the sbox's "skew" - .long 0x00e3a447, 0x40a3e407, 0x1af9be5d, 0x5ab9fe1d ?rev - .long 0x0069ea83, 0xdcb5365f, 0x771e9df4, 0xabc24128 ?rev -.align 5 -Lconsts: - mflr r0 - bcl 20,31,\$+4 - mflr r12 #vvvvv "distance between . and _vpaes_consts - addi r12,r12,-0x308 - mtlr r0 - blr - .long 0 - .byte 0,12,0x14,0,0,0,0,0 -.asciz "Vector Permutation AES for AltiVec, Mike Hamburg (Stanford University)" -.align 6 -___ - -my ($inptail,$inpperm,$outhead,$outperm,$outmask,$keyperm) = map("v$_",(26..31)); -{ -my ($inp,$out,$key) = map("r$_",(3..5)); - -my ($invlo,$invhi,$iptlo,$ipthi,$sbou,$sbot) = map("v$_",(10..15)); -my ($sb1u,$sb1t,$sb2u,$sb2t) = map("v$_",(16..19)); -my ($sb9u,$sb9t,$sbdu,$sbdt,$sbbu,$sbbt,$sbeu,$sbet)=map("v$_",(16..23)); - -$code.=<<___; -## -## _aes_preheat -## -## Fills register %r10 -> .aes_consts (so you can -fPIC) -## and %xmm9-%xmm15 as specified below. -## -.align 4 -_vpaes_encrypt_preheat: - mflr r8 - bl Lconsts - mtlr r8 - li r11, 0xc0 # Lk_inv - li r10, 0xd0 - li r9, 0xe0 # Lk_ipt - li r8, 0xf0 - vxor v7, v7, v7 # 0x00..00 - vspltisb v8,4 # 0x04..04 - vspltisb v9,0x0f # 0x0f..0f - lvx $invlo, r12, r11 - li r11, 0x100 - lvx $invhi, r12, r10 - li r10, 0x110 - lvx $iptlo, r12, r9 - li r9, 0x120 - lvx $ipthi, r12, r8 - li r8, 0x130 - lvx $sbou, r12, r11 - li r11, 0x140 - lvx $sbot, r12, r10 - li r10, 0x150 - lvx $sb1u, r12, r9 - lvx $sb1t, r12, r8 - lvx $sb2u, r12, r11 - lvx $sb2t, r12, r10 - blr - .long 0 - .byte 0,12,0x14,0,0,0,0,0 - -## -## _aes_encrypt_core -## -## AES-encrypt %xmm0. -## -## Inputs: -## %xmm0 = input -## %xmm9-%xmm15 as in _vpaes_preheat -## (%rdx) = scheduled keys -## -## Output in %xmm0 -## Clobbers %xmm1-%xmm6, %r9, %r10, %r11, %rax -## -## -.align 5 -_vpaes_encrypt_core: - lwz r8, 240($key) # pull rounds - li r9, 16 - lvx v5, 0, $key # vmovdqu (%r9), %xmm5 # round0 key - li r11, 0x10 - lvx v6, r9, $key - addi r9, r9, 16 - ?vperm v5, v5, v6, $keyperm # align round key - addi r10, r11, 0x40 - vsrb v1, v0, v8 # vpsrlb \$4, %xmm0, %xmm0 - vperm v0, $iptlo, $iptlo, v0 # vpshufb %xmm1, %xmm2, %xmm1 - vperm v1, $ipthi, $ipthi, v1 # vpshufb %xmm0, %xmm3, %xmm2 - vxor v0, v0, v5 # vpxor %xmm5, %xmm1, %xmm0 - vxor v0, v0, v1 # vpxor %xmm2, %xmm0, %xmm0 - mtctr r8 - b Lenc_entry - -.align 4 -Lenc_loop: - # middle of middle round - vperm v4, $sb1t, v7, v2 # vpshufb %xmm2, %xmm13, %xmm4 # 4 = sb1u - lvx v1, r12, r11 # vmovdqa -0x40(%r11,%r10), %xmm1 # .Lk_mc_forward[] - addi r11, r11, 16 - vperm v0, $sb1u, v7, v3 # vpshufb %xmm3, %xmm12, %xmm0 # 0 = sb1t - vxor v4, v4, v5 # vpxor %xmm5, %xmm4, %xmm4 # 4 = sb1u + k - andi. r11, r11, 0x30 # and \$0x30, %r11 # ... mod 4 - vperm v5, $sb2t, v7, v2 # vpshufb %xmm2, %xmm15, %xmm5 # 4 = sb2u - vxor v0, v0, v4 # vpxor %xmm4, %xmm0, %xmm0 # 0 = A - vperm v2, $sb2u, v7, v3 # vpshufb %xmm3, %xmm14, %xmm2 # 2 = sb2t - lvx v4, r12, r10 # vmovdqa (%r11,%r10), %xmm4 # .Lk_mc_backward[] - addi r10, r11, 0x40 - vperm v3, v0, v7, v1 # vpshufb %xmm1, %xmm0, %xmm3 # 0 = B - vxor v2, v2, v5 # vpxor %xmm5, %xmm2, %xmm2 # 2 = 2A - vperm v0, v0, v7, v4 # vpshufb %xmm4, %xmm0, %xmm0 # 3 = D - vxor v3, v3, v2 # vpxor %xmm2, %xmm3, %xmm3 # 0 = 2A+B - vperm v4, v3, v7, v1 # vpshufb %xmm1, %xmm3, %xmm4 # 0 = 2B+C - vxor v0, v0, v3 # vpxor %xmm3, %xmm0, %xmm0 # 3 = 2A+B+D - vxor v0, v0, v4 # vpxor %xmm4, %xmm0, %xmm0 # 0 = 2A+3B+C+D - -Lenc_entry: - # top of round - vsrb v1, v0, v8 # vpsrlb \$4, %xmm0, %xmm0 # 1 = i - vperm v5, $invhi, $invhi, v0 # vpshufb %xmm1, %xmm11, %xmm5 # 2 = a/k - vxor v0, v0, v1 # vpxor %xmm0, %xmm1, %xmm1 # 0 = j - vperm v3, $invlo, $invlo, v1 # vpshufb %xmm0, %xmm10, %xmm3 # 3 = 1/i - vperm v4, $invlo, $invlo, v0 # vpshufb %xmm1, %xmm10, %xmm4 # 4 = 1/j - vand v0, v0, v9 - vxor v3, v3, v5 # vpxor %xmm5, %xmm3, %xmm3 # 3 = iak = 1/i + a/k - vxor v4, v4, v5 # vpxor %xmm5, %xmm4, %xmm4 # 4 = jak = 1/j + a/k - vperm v2, $invlo, v7, v3 # vpshufb %xmm3, %xmm10, %xmm2 # 2 = 1/iak - vmr v5, v6 - lvx v6, r9, $key # vmovdqu (%r9), %xmm5 - vperm v3, $invlo, v7, v4 # vpshufb %xmm4, %xmm10, %xmm3 # 3 = 1/jak - addi r9, r9, 16 - vxor v2, v2, v0 # vpxor %xmm1, %xmm2, %xmm2 # 2 = io - ?vperm v5, v5, v6, $keyperm # align round key - vxor v3, v3, v1 # vpxor %xmm0, %xmm3, %xmm3 # 3 = jo - bdnz Lenc_loop - - # middle of last round - addi r10, r11, 0x80 - # vmovdqa -0x60(%r10), %xmm4 # 3 : sbou .Lk_sbo - # vmovdqa -0x50(%r10), %xmm0 # 0 : sbot .Lk_sbo+16 - vperm v4, $sbou, v7, v2 # vpshufb %xmm2, %xmm4, %xmm4 # 4 = sbou - lvx v1, r12, r10 # vmovdqa 0x40(%r11,%r10), %xmm1 # .Lk_sr[] - vperm v0, $sbot, v7, v3 # vpshufb %xmm3, %xmm0, %xmm0 # 0 = sb1t - vxor v4, v4, v5 # vpxor %xmm5, %xmm4, %xmm4 # 4 = sb1u + k - vxor v0, v0, v4 # vpxor %xmm4, %xmm0, %xmm0 # 0 = A - vperm v0, v0, v7, v1 # vpshufb %xmm1, %xmm0, %xmm0 - blr - .long 0 - .byte 0,12,0x14,0,0,0,0,0 - -.globl .vpaes_encrypt -.align 5 -.vpaes_encrypt: - $STU $sp,-$FRAME($sp) - li r10,`15+6*$SIZE_T` - li r11,`31+6*$SIZE_T` - mflr r6 - mfspr r7, 256 # save vrsave - stvx v20,r10,$sp - addi r10,r10,32 - stvx v21,r11,$sp - addi r11,r11,32 - stvx v22,r10,$sp - addi r10,r10,32 - stvx v23,r11,$sp - addi r11,r11,32 - stvx v24,r10,$sp - addi r10,r10,32 - stvx v25,r11,$sp - addi r11,r11,32 - stvx v26,r10,$sp - addi r10,r10,32 - stvx v27,r11,$sp - addi r11,r11,32 - stvx v28,r10,$sp - addi r10,r10,32 - stvx v29,r11,$sp - addi r11,r11,32 - stvx v30,r10,$sp - stvx v31,r11,$sp - stw r7,`$FRAME-4`($sp) # save vrsave - li r0, -1 - $PUSH r6,`$FRAME+$LRSAVE`($sp) - mtspr 256, r0 # preserve all AltiVec registers - - bl _vpaes_encrypt_preheat - - ?lvsl $inpperm, 0, $inp # prepare for unaligned access - lvx v0, 0, $inp - addi $inp, $inp, 15 # 15 is not a typo - ?lvsr $outperm, 0, $out - ?lvsl $keyperm, 0, $key # prepare for unaligned access - lvx $inptail, 0, $inp # redundant in aligned case - ?vperm v0, v0, $inptail, $inpperm - - bl _vpaes_encrypt_core - - andi. r8, $out, 15 - li r9, 16 - beq Lenc_out_aligned - - vperm v0, v0, v0, $outperm # rotate right/left - mtctr r9 -Lenc_out_unaligned: - stvebx v0, 0, $out - addi $out, $out, 1 - bdnz Lenc_out_unaligned - b Lenc_done - -.align 4 -Lenc_out_aligned: - stvx v0, 0, $out -Lenc_done: - - li r10,`15+6*$SIZE_T` - li r11,`31+6*$SIZE_T` - mtlr r6 - mtspr 256, r7 # restore vrsave - lvx v20,r10,$sp - addi r10,r10,32 - lvx v21,r11,$sp - addi r11,r11,32 - lvx v22,r10,$sp - addi r10,r10,32 - lvx v23,r11,$sp - addi r11,r11,32 - lvx v24,r10,$sp - addi r10,r10,32 - lvx v25,r11,$sp - addi r11,r11,32 - lvx v26,r10,$sp - addi r10,r10,32 - lvx v27,r11,$sp - addi r11,r11,32 - lvx v28,r10,$sp - addi r10,r10,32 - lvx v29,r11,$sp - addi r11,r11,32 - lvx v30,r10,$sp - lvx v31,r11,$sp - addi $sp,$sp,$FRAME - blr - .long 0 - .byte 0,12,0x04,1,0x80,0,3,0 - .long 0 -.size .vpaes_encrypt,.-.vpaes_encrypt - -.align 4 -_vpaes_decrypt_preheat: - mflr r8 - bl Lconsts - mtlr r8 - li r11, 0xc0 # Lk_inv - li r10, 0xd0 - li r9, 0x160 # Ldipt - li r8, 0x170 - vxor v7, v7, v7 # 0x00..00 - vspltisb v8,4 # 0x04..04 - vspltisb v9,0x0f # 0x0f..0f - lvx $invlo, r12, r11 - li r11, 0x180 - lvx $invhi, r12, r10 - li r10, 0x190 - lvx $iptlo, r12, r9 - li r9, 0x1a0 - lvx $ipthi, r12, r8 - li r8, 0x1b0 - lvx $sbou, r12, r11 - li r11, 0x1c0 - lvx $sbot, r12, r10 - li r10, 0x1d0 - lvx $sb9u, r12, r9 - li r9, 0x1e0 - lvx $sb9t, r12, r8 - li r8, 0x1f0 - lvx $sbdu, r12, r11 - li r11, 0x200 - lvx $sbdt, r12, r10 - li r10, 0x210 - lvx $sbbu, r12, r9 - lvx $sbbt, r12, r8 - lvx $sbeu, r12, r11 - lvx $sbet, r12, r10 - blr - .long 0 - .byte 0,12,0x14,0,0,0,0,0 - -## -## Decryption core -## -## Same API as encryption core. -## -.align 4 -_vpaes_decrypt_core: - lwz r8, 240($key) # pull rounds - li r9, 16 - lvx v5, 0, $key # vmovdqu (%r9), %xmm4 # round0 key - li r11, 0x30 - lvx v6, r9, $key - addi r9, r9, 16 - ?vperm v5, v5, v6, $keyperm # align round key - vsrb v1, v0, v8 # vpsrlb \$4, %xmm0, %xmm0 - vperm v0, $iptlo, $iptlo, v0 # vpshufb %xmm1, %xmm2, %xmm2 - vperm v1, $ipthi, $ipthi, v1 # vpshufb %xmm0, %xmm1, %xmm0 - vxor v0, v0, v5 # vpxor %xmm4, %xmm2, %xmm2 - vxor v0, v0, v1 # vpxor %xmm2, %xmm0, %xmm0 - mtctr r8 - b Ldec_entry - -.align 4 -Ldec_loop: -# -# Inverse mix columns -# - lvx v0, r12, r11 # v5 and v0 are flipped - # vmovdqa -0x20(%r10),%xmm4 # 4 : sb9u - # vmovdqa -0x10(%r10),%xmm1 # 0 : sb9t - vperm v4, $sb9u, v7, v2 # vpshufb %xmm2, %xmm4, %xmm4 # 4 = sb9u - subi r11, r11, 16 - vperm v1, $sb9t, v7, v3 # vpshufb %xmm3, %xmm1, %xmm1 # 0 = sb9t - andi. r11, r11, 0x30 - vxor v5, v5, v4 # vpxor %xmm4, %xmm0, %xmm0 - # vmovdqa 0x00(%r10),%xmm4 # 4 : sbdu - vxor v5, v5, v1 # vpxor %xmm1, %xmm0, %xmm0 # 0 = ch - # vmovdqa 0x10(%r10),%xmm1 # 0 : sbdt - - vperm v4, $sbdu, v7, v2 # vpshufb %xmm2, %xmm4, %xmm4 # 4 = sbdu - vperm v5, v5, v7, v0 # vpshufb %xmm5, %xmm0, %xmm0 # MC ch - vperm v1, $sbdt, v7, v3 # vpshufb %xmm3, %xmm1, %xmm1 # 0 = sbdt - vxor v5, v5, v4 # vpxor %xmm4, %xmm0, %xmm0 # 4 = ch - # vmovdqa 0x20(%r10), %xmm4 # 4 : sbbu - vxor v5, v5, v1 # vpxor %xmm1, %xmm0, %xmm0 # 0 = ch - # vmovdqa 0x30(%r10), %xmm1 # 0 : sbbt - - vperm v4, $sbbu, v7, v2 # vpshufb %xmm2, %xmm4, %xmm4 # 4 = sbbu - vperm v5, v5, v7, v0 # vpshufb %xmm5, %xmm0, %xmm0 # MC ch - vperm v1, $sbbt, v7, v3 # vpshufb %xmm3, %xmm1, %xmm1 # 0 = sbbt - vxor v5, v5, v4 # vpxor %xmm4, %xmm0, %xmm0 # 4 = ch - # vmovdqa 0x40(%r10), %xmm4 # 4 : sbeu - vxor v5, v5, v1 # vpxor %xmm1, %xmm0, %xmm0 # 0 = ch - # vmovdqa 0x50(%r10), %xmm1 # 0 : sbet - - vperm v4, $sbeu, v7, v2 # vpshufb %xmm2, %xmm4, %xmm4 # 4 = sbeu - vperm v5, v5, v7, v0 # vpshufb %xmm5, %xmm0, %xmm0 # MC ch - vperm v1, $sbet, v7, v3 # vpshufb %xmm3, %xmm1, %xmm1 # 0 = sbet - vxor v0, v5, v4 # vpxor %xmm4, %xmm0, %xmm0 # 4 = ch - vxor v0, v0, v1 # vpxor %xmm1, %xmm0, %xmm0 # 0 = ch - -Ldec_entry: - # top of round - vsrb v1, v0, v8 # vpsrlb \$4, %xmm0, %xmm0 # 1 = i - vperm v2, $invhi, $invhi, v0 # vpshufb %xmm1, %xmm11, %xmm2 # 2 = a/k - vxor v0, v0, v1 # vpxor %xmm0, %xmm1, %xmm1 # 0 = j - vperm v3, $invlo, $invlo, v1 # vpshufb %xmm0, %xmm10, %xmm3 # 3 = 1/i - vperm v4, $invlo, $invlo, v0 # vpshufb %xmm1, %xmm10, %xmm4 # 4 = 1/j - vand v0, v0, v9 - vxor v3, v3, v2 # vpxor %xmm2, %xmm3, %xmm3 # 3 = iak = 1/i + a/k - vxor v4, v4, v2 # vpxor %xmm2, %xmm4, %xmm4 # 4 = jak = 1/j + a/k - vperm v2, $invlo, v7, v3 # vpshufb %xmm3, %xmm10, %xmm2 # 2 = 1/iak - vmr v5, v6 - lvx v6, r9, $key # vmovdqu (%r9), %xmm0 - vperm v3, $invlo, v7, v4 # vpshufb %xmm4, %xmm10, %xmm3 # 3 = 1/jak - addi r9, r9, 16 - vxor v2, v2, v0 # vpxor %xmm1, %xmm2, %xmm2 # 2 = io - ?vperm v5, v5, v6, $keyperm # align round key - vxor v3, v3, v1 # vpxor %xmm0, %xmm3, %xmm3 # 3 = jo - bdnz Ldec_loop - - # middle of last round - addi r10, r11, 0x80 - # vmovdqa 0x60(%r10), %xmm4 # 3 : sbou - vperm v4, $sbou, v7, v2 # vpshufb %xmm2, %xmm4, %xmm4 # 4 = sbou - # vmovdqa 0x70(%r10), %xmm1 # 0 : sbot - lvx v2, r12, r10 # vmovdqa -0x160(%r11), %xmm2 # .Lk_sr-.Lk_dsbd=-0x160 - vperm v1, $sbot, v7, v3 # vpshufb %xmm3, %xmm1, %xmm1 # 0 = sb1t - vxor v4, v4, v5 # vpxor %xmm0, %xmm4, %xmm4 # 4 = sb1u + k - vxor v0, v1, v4 # vpxor %xmm4, %xmm1, %xmm0 # 0 = A - vperm v0, v0, v7, v2 # vpshufb %xmm2, %xmm0, %xmm0 - blr - .long 0 - .byte 0,12,0x14,0,0,0,0,0 - -.globl .vpaes_decrypt -.align 5 -.vpaes_decrypt: - $STU $sp,-$FRAME($sp) - li r10,`15+6*$SIZE_T` - li r11,`31+6*$SIZE_T` - mflr r6 - mfspr r7, 256 # save vrsave - stvx v20,r10,$sp - addi r10,r10,32 - stvx v21,r11,$sp - addi r11,r11,32 - stvx v22,r10,$sp - addi r10,r10,32 - stvx v23,r11,$sp - addi r11,r11,32 - stvx v24,r10,$sp - addi r10,r10,32 - stvx v25,r11,$sp - addi r11,r11,32 - stvx v26,r10,$sp - addi r10,r10,32 - stvx v27,r11,$sp - addi r11,r11,32 - stvx v28,r10,$sp - addi r10,r10,32 - stvx v29,r11,$sp - addi r11,r11,32 - stvx v30,r10,$sp - stvx v31,r11,$sp - stw r7,`$FRAME-4`($sp) # save vrsave - li r0, -1 - $PUSH r6,`$FRAME+$LRSAVE`($sp) - mtspr 256, r0 # preserve all AltiVec registers - - bl _vpaes_decrypt_preheat - - ?lvsl $inpperm, 0, $inp # prepare for unaligned access - lvx v0, 0, $inp - addi $inp, $inp, 15 # 15 is not a typo - ?lvsr $outperm, 0, $out - ?lvsl $keyperm, 0, $key - lvx $inptail, 0, $inp # redundant in aligned case - ?vperm v0, v0, $inptail, $inpperm - - bl _vpaes_decrypt_core - - andi. r8, $out, 15 - li r9, 16 - beq Ldec_out_aligned - - vperm v0, v0, v0, $outperm # rotate right/left - mtctr r9 -Ldec_out_unaligned: - stvebx v0, 0, $out - addi $out, $out, 1 - bdnz Ldec_out_unaligned - b Ldec_done - -.align 4 -Ldec_out_aligned: - stvx v0, 0, $out -Ldec_done: - - li r10,`15+6*$SIZE_T` - li r11,`31+6*$SIZE_T` - mtlr r6 - mtspr 256, r7 # restore vrsave - lvx v20,r10,$sp - addi r10,r10,32 - lvx v21,r11,$sp - addi r11,r11,32 - lvx v22,r10,$sp - addi r10,r10,32 - lvx v23,r11,$sp - addi r11,r11,32 - lvx v24,r10,$sp - addi r10,r10,32 - lvx v25,r11,$sp - addi r11,r11,32 - lvx v26,r10,$sp - addi r10,r10,32 - lvx v27,r11,$sp - addi r11,r11,32 - lvx v28,r10,$sp - addi r10,r10,32 - lvx v29,r11,$sp - addi r11,r11,32 - lvx v30,r10,$sp - lvx v31,r11,$sp - addi $sp,$sp,$FRAME - blr - .long 0 - .byte 0,12,0x04,1,0x80,0,3,0 - .long 0 -.size .vpaes_decrypt,.-.vpaes_decrypt - -.globl .vpaes_cbc_encrypt -.align 5 -.vpaes_cbc_encrypt: - ${UCMP}i r5,16 - bltlr- - - $STU $sp,-`($FRAME+2*$SIZE_T)`($sp) - mflr r0 - li r10,`15+6*$SIZE_T` - li r11,`31+6*$SIZE_T` - mfspr r12, 256 - stvx v20,r10,$sp - addi r10,r10,32 - stvx v21,r11,$sp - addi r11,r11,32 - stvx v22,r10,$sp - addi r10,r10,32 - stvx v23,r11,$sp - addi r11,r11,32 - stvx v24,r10,$sp - addi r10,r10,32 - stvx v25,r11,$sp - addi r11,r11,32 - stvx v26,r10,$sp - addi r10,r10,32 - stvx v27,r11,$sp - addi r11,r11,32 - stvx v28,r10,$sp - addi r10,r10,32 - stvx v29,r11,$sp - addi r11,r11,32 - stvx v30,r10,$sp - stvx v31,r11,$sp - stw r12,`$FRAME-4`($sp) # save vrsave - $PUSH r30,`$FRAME+$SIZE_T*0`($sp) - $PUSH r31,`$FRAME+$SIZE_T*1`($sp) - li r9, -16 - $PUSH r0, `$FRAME+$SIZE_T*2+$LRSAVE`($sp) - - and r30, r5, r9 # copy length&-16 - andi. r9, $out, 15 # is $out aligned? - mr r5, r6 # copy pointer to key - mr r31, r7 # copy pointer to iv - li r6, -1 - mcrf cr1, cr0 # put aside $out alignment flag - mr r7, r12 # copy vrsave - mtspr 256, r6 # preserve all AltiVec registers - - lvx v24, 0, r31 # load [potentially unaligned] iv - li r9, 15 - ?lvsl $inpperm, 0, r31 - lvx v25, r9, r31 - ?vperm v24, v24, v25, $inpperm - - cmpwi r8, 0 # test direction - neg r8, $inp # prepare for unaligned access - vxor v7, v7, v7 - ?lvsl $keyperm, 0, $key - ?lvsr $outperm, 0, $out - ?lvsr $inpperm, 0, r8 # -$inp - vnor $outmask, v7, v7 # 0xff..ff - lvx $inptail, 0, $inp - ?vperm $outmask, v7, $outmask, $outperm - addi $inp, $inp, 15 # 15 is not a typo - - beq Lcbc_decrypt - - bl _vpaes_encrypt_preheat - li r0, 16 - - beq cr1, Lcbc_enc_loop # $out is aligned - - vmr v0, $inptail - lvx $inptail, 0, $inp - addi $inp, $inp, 16 - ?vperm v0, v0, $inptail, $inpperm - vxor v0, v0, v24 # ^= iv - - bl _vpaes_encrypt_core - - andi. r8, $out, 15 - vmr v24, v0 # put aside iv - sub r9, $out, r8 - vperm $outhead, v0, v0, $outperm # rotate right/left - -Lcbc_enc_head: - stvebx $outhead, r8, r9 - cmpwi r8, 15 - addi r8, r8, 1 - bne Lcbc_enc_head - - sub. r30, r30, r0 # len -= 16 - addi $out, $out, 16 - beq Lcbc_unaligned_done - -Lcbc_enc_loop: - vmr v0, $inptail - lvx $inptail, 0, $inp - addi $inp, $inp, 16 - ?vperm v0, v0, $inptail, $inpperm - vxor v0, v0, v24 # ^= iv - - bl _vpaes_encrypt_core - - vmr v24, v0 # put aside iv - sub. r30, r30, r0 # len -= 16 - vperm v0, v0, v0, $outperm # rotate right/left - vsel v1, $outhead, v0, $outmask - vmr $outhead, v0 - stvx v1, 0, $out - addi $out, $out, 16 - bne Lcbc_enc_loop - - b Lcbc_done - -.align 5 -Lcbc_decrypt: - bl _vpaes_decrypt_preheat - li r0, 16 - - beq cr1, Lcbc_dec_loop # $out is aligned - - vmr v0, $inptail - lvx $inptail, 0, $inp - addi $inp, $inp, 16 - ?vperm v0, v0, $inptail, $inpperm - vmr v25, v0 # put aside input - - bl _vpaes_decrypt_core - - andi. r8, $out, 15 - vxor v0, v0, v24 # ^= iv - vmr v24, v25 - sub r9, $out, r8 - vperm $outhead, v0, v0, $outperm # rotate right/left - -Lcbc_dec_head: - stvebx $outhead, r8, r9 - cmpwi r8, 15 - addi r8, r8, 1 - bne Lcbc_dec_head - - sub. r30, r30, r0 # len -= 16 - addi $out, $out, 16 - beq Lcbc_unaligned_done - -Lcbc_dec_loop: - vmr v0, $inptail - lvx $inptail, 0, $inp - addi $inp, $inp, 16 - ?vperm v0, v0, $inptail, $inpperm - vmr v25, v0 # put aside input - - bl _vpaes_decrypt_core - - vxor v0, v0, v24 # ^= iv - vmr v24, v25 - sub. r30, r30, r0 # len -= 16 - vperm v0, v0, v0, $outperm # rotate right/left - vsel v1, $outhead, v0, $outmask - vmr $outhead, v0 - stvx v1, 0, $out - addi $out, $out, 16 - bne Lcbc_dec_loop - -Lcbc_done: - beq cr1, Lcbc_write_iv # $out is aligned - -Lcbc_unaligned_done: - andi. r8, $out, 15 - sub $out, $out, r8 - li r9, 0 -Lcbc_tail: - stvebx $outhead, r9, $out - addi r9, r9, 1 - cmpw r9, r8 - bne Lcbc_tail - -Lcbc_write_iv: - neg r8, r31 # write [potentially unaligned] iv - li r10, 4 - ?lvsl $outperm, 0, r8 - li r11, 8 - li r12, 12 - vperm v24, v24, v24, $outperm # rotate right/left - stvewx v24, 0, r31 # ivp is at least 32-bit aligned - stvewx v24, r10, r31 - stvewx v24, r11, r31 - stvewx v24, r12, r31 - - mtspr 256, r7 # restore vrsave - li r10,`15+6*$SIZE_T` - li r11,`31+6*$SIZE_T` - lvx v20,r10,$sp - addi r10,r10,32 - lvx v21,r11,$sp - addi r11,r11,32 - lvx v22,r10,$sp - addi r10,r10,32 - lvx v23,r11,$sp - addi r11,r11,32 - lvx v24,r10,$sp - addi r10,r10,32 - lvx v25,r11,$sp - addi r11,r11,32 - lvx v26,r10,$sp - addi r10,r10,32 - lvx v27,r11,$sp - addi r11,r11,32 - lvx v28,r10,$sp - addi r10,r10,32 - lvx v29,r11,$sp - addi r11,r11,32 - lvx v30,r10,$sp - lvx v31,r11,$sp -Lcbc_abort: - $POP r0, `$FRAME+$SIZE_T*2+$LRSAVE`($sp) - $POP r30,`$FRAME+$SIZE_T*0`($sp) - $POP r31,`$FRAME+$SIZE_T*1`($sp) - mtlr r0 - addi $sp,$sp,`$FRAME+$SIZE_T*2` - blr - .long 0 - .byte 0,12,0x04,1,0x80,2,6,0 - .long 0 -.size .vpaes_cbc_encrypt,.-.vpaes_cbc_encrypt -___ -} -{ -my ($inp,$bits,$out)=map("r$_",(3..5)); -my $dir="cr1"; -my ($invlo,$invhi,$iptlo,$ipthi,$rcon) = map("v$_",(10..13,24)); - -$code.=<<___; -######################################################## -## ## -## AES key schedule ## -## ## -######################################################## -.align 4 -_vpaes_key_preheat: - mflr r8 - bl Lconsts - mtlr r8 - li r11, 0xc0 # Lk_inv - li r10, 0xd0 - li r9, 0xe0 # L_ipt - li r8, 0xf0 - - vspltisb v8,4 # 0x04..04 - vxor v9,v9,v9 # 0x00..00 - lvx $invlo, r12, r11 # Lk_inv - li r11, 0x120 - lvx $invhi, r12, r10 - li r10, 0x130 - lvx $iptlo, r12, r9 # Lk_ipt - li r9, 0x220 - lvx $ipthi, r12, r8 - li r8, 0x230 - - lvx v14, r12, r11 # Lk_sb1 - li r11, 0x240 - lvx v15, r12, r10 - li r10, 0x250 - - lvx v16, r12, r9 # Lk_dksd - li r9, 0x260 - lvx v17, r12, r8 - li r8, 0x270 - lvx v18, r12, r11 # Lk_dksb - li r11, 0x280 - lvx v19, r12, r10 - li r10, 0x290 - lvx v20, r12, r9 # Lk_dkse - li r9, 0x2a0 - lvx v21, r12, r8 - li r8, 0x2b0 - lvx v22, r12, r11 # Lk_dks9 - lvx v23, r12, r10 - - lvx v24, r12, r9 # Lk_rcon - lvx v25, 0, r12 # Lk_mc_forward[0] - lvx v26, r12, r8 # Lks63 - blr - .long 0 - .byte 0,12,0x14,0,0,0,0,0 - -.align 4 -_vpaes_schedule_core: - mflr r7 - - bl _vpaes_key_preheat # load the tables - - #lvx v0, 0, $inp # vmovdqu (%rdi), %xmm0 # load key (unaligned) - neg r8, $inp # prepare for unaligned access - lvx v0, 0, $inp - addi $inp, $inp, 15 # 15 is not typo - ?lvsr $inpperm, 0, r8 # -$inp - lvx v6, 0, $inp # v6 serves as inptail - addi $inp, $inp, 8 - ?vperm v0, v0, v6, $inpperm - - # input transform - vmr v3, v0 # vmovdqa %xmm0, %xmm3 - bl _vpaes_schedule_transform - vmr v7, v0 # vmovdqa %xmm0, %xmm7 - - bne $dir, Lschedule_am_decrypting - - # encrypting, output zeroth round key after transform - li r8, 0x30 # mov \$0x30,%r8d - li r9, 4 - li r10, 8 - li r11, 12 - - ?lvsr $outperm, 0, $out # prepare for unaligned access - vnor $outmask, v9, v9 # 0xff..ff - ?vperm $outmask, v9, $outmask, $outperm - - #stvx v0, 0, $out # vmovdqu %xmm0, (%rdx) - vperm $outhead, v0, v0, $outperm # rotate right/left - stvewx $outhead, 0, $out # some are superfluous - stvewx $outhead, r9, $out - stvewx $outhead, r10, $out - addi r10, r12, 0x80 # lea .Lk_sr(%rip),%r10 - stvewx $outhead, r11, $out - b Lschedule_go - -Lschedule_am_decrypting: - srwi r8, $bits, 1 # shr \$1,%r8d - andi. r8, r8, 32 # and \$32,%r8d - xori r8, r8, 32 # xor \$32,%r8d # nbits==192?0:32 - addi r10, r12, 0x80 # lea .Lk_sr(%rip),%r10 - # decrypting, output zeroth round key after shiftrows - lvx v1, r8, r10 # vmovdqa (%r8,%r10), %xmm1 - li r9, 4 - li r10, 8 - li r11, 12 - vperm v4, v3, v3, v1 # vpshufb %xmm1, %xmm3, %xmm3 - - neg r0, $out # prepare for unaligned access - ?lvsl $outperm, 0, r0 - vnor $outmask, v9, v9 # 0xff..ff - ?vperm $outmask, $outmask, v9, $outperm - - #stvx v4, 0, $out # vmovdqu %xmm3, (%rdx) - vperm $outhead, v4, v4, $outperm # rotate right/left - stvewx $outhead, 0, $out # some are superfluous - stvewx $outhead, r9, $out - stvewx $outhead, r10, $out - addi r10, r12, 0x80 # lea .Lk_sr(%rip),%r10 - stvewx $outhead, r11, $out - addi $out, $out, 15 # 15 is not typo - xori r8, r8, 0x30 # xor \$0x30, %r8 - -Lschedule_go: - cmplwi $bits, 192 # cmp \$192, %esi - bgt Lschedule_256 - beq Lschedule_192 - # 128: fall though - -## -## .schedule_128 -## -## 128-bit specific part of key schedule. -## -## This schedule is really simple, because all its parts -## are accomplished by the subroutines. -## -Lschedule_128: - li r0, 10 # mov \$10, %esi - mtctr r0 - -Loop_schedule_128: - bl _vpaes_schedule_round - bdz Lschedule_mangle_last # dec %esi - bl _vpaes_schedule_mangle # write output - b Loop_schedule_128 - -## -## .aes_schedule_192 -## -## 192-bit specific part of key schedule. -## -## The main body of this schedule is the same as the 128-bit -## schedule, but with more smearing. The long, high side is -## stored in %xmm7 as before, and the short, low side is in -## the high bits of %xmm6. -## -## This schedule is somewhat nastier, however, because each -## round produces 192 bits of key material, or 1.5 round keys. -## Therefore, on each cycle we do 2 rounds and produce 3 round -## keys. -## -.align 4 -Lschedule_192: - li r0, 4 # mov \$4, %esi - lvx v0, 0, $inp - ?vperm v0, v6, v0, $inpperm - ?vsldoi v0, v3, v0, 8 # vmovdqu 8(%rdi),%xmm0 # load key part 2 (very unaligned) - bl _vpaes_schedule_transform # input transform - ?vsldoi v6, v0, v9, 8 - ?vsldoi v6, v9, v6, 8 # clobber "low" side with zeros - mtctr r0 - -Loop_schedule_192: - bl _vpaes_schedule_round - ?vsldoi v0, v6, v0, 8 # vpalignr \$8,%xmm6,%xmm0,%xmm0 - bl _vpaes_schedule_mangle # save key n - bl _vpaes_schedule_192_smear - bl _vpaes_schedule_mangle # save key n+1 - bl _vpaes_schedule_round - bdz Lschedule_mangle_last # dec %esi - bl _vpaes_schedule_mangle # save key n+2 - bl _vpaes_schedule_192_smear - b Loop_schedule_192 - -## -## .aes_schedule_256 -## -## 256-bit specific part of key schedule. -## -## The structure here is very similar to the 128-bit -## schedule, but with an additional "low side" in -## %xmm6. The low side's rounds are the same as the -## high side's, except no rcon and no rotation. -## -.align 4 -Lschedule_256: - li r0, 7 # mov \$7, %esi - addi $inp, $inp, 8 - lvx v0, 0, $inp # vmovdqu 16(%rdi),%xmm0 # load key part 2 (unaligned) - ?vperm v0, v6, v0, $inpperm - bl _vpaes_schedule_transform # input transform - mtctr r0 - -Loop_schedule_256: - bl _vpaes_schedule_mangle # output low result - vmr v6, v0 # vmovdqa %xmm0, %xmm6 # save cur_lo in xmm6 - - # high round - bl _vpaes_schedule_round - bdz Lschedule_mangle_last # dec %esi - bl _vpaes_schedule_mangle - - # low round. swap xmm7 and xmm6 - ?vspltw v0, v0, 3 # vpshufd \$0xFF, %xmm0, %xmm0 - vmr v5, v7 # vmovdqa %xmm7, %xmm5 - vmr v7, v6 # vmovdqa %xmm6, %xmm7 - bl _vpaes_schedule_low_round - vmr v7, v5 # vmovdqa %xmm5, %xmm7 - - b Loop_schedule_256 -## -## .aes_schedule_mangle_last -## -## Mangler for last round of key schedule -## Mangles %xmm0 -## when encrypting, outputs out(%xmm0) ^ 63 -## when decrypting, outputs unskew(%xmm0) -## -## Always called right before return... jumps to cleanup and exits -## -.align 4 -Lschedule_mangle_last: - # schedule last round key from xmm0 - li r11, 0x2e0 # lea .Lk_deskew(%rip),%r11 - li r9, 0x2f0 - bne $dir, Lschedule_mangle_last_dec - - # encrypting - lvx v1, r8, r10 # vmovdqa (%r8,%r10),%xmm1 - li r11, 0x2c0 # lea .Lk_opt(%rip), %r11 # prepare to output transform - li r9, 0x2d0 # prepare to output transform - vperm v0, v0, v0, v1 # vpshufb %xmm1, %xmm0, %xmm0 # output permute - - lvx $iptlo, r11, r12 # reload $ipt - lvx $ipthi, r9, r12 - addi $out, $out, 16 # add \$16, %rdx - vxor v0, v0, v26 # vpxor .Lk_s63(%rip), %xmm0, %xmm0 - bl _vpaes_schedule_transform # output transform - - #stvx v0, r0, $out # vmovdqu %xmm0, (%rdx) # save last key - vperm v0, v0, v0, $outperm # rotate right/left - li r10, 4 - vsel v2, $outhead, v0, $outmask - li r11, 8 - stvx v2, 0, $out - li r12, 12 - stvewx v0, 0, $out # some (or all) are redundant - stvewx v0, r10, $out - stvewx v0, r11, $out - stvewx v0, r12, $out - b Lschedule_mangle_done - -.align 4 -Lschedule_mangle_last_dec: - lvx $iptlo, r11, r12 # reload $ipt - lvx $ipthi, r9, r12 - addi $out, $out, -16 # add \$-16, %rdx - vxor v0, v0, v26 # vpxor .Lk_s63(%rip), %xmm0, %xmm0 - bl _vpaes_schedule_transform # output transform - - #stvx v0, r0, $out # vmovdqu %xmm0, (%rdx) # save last key - addi r9, $out, -15 # -15 is not typo - vperm v0, v0, v0, $outperm # rotate right/left - li r10, 4 - vsel v2, $outhead, v0, $outmask - li r11, 8 - stvx v2, 0, $out - li r12, 12 - stvewx v0, 0, r9 # some (or all) are redundant - stvewx v0, r10, r9 - stvewx v0, r11, r9 - stvewx v0, r12, r9 - - -Lschedule_mangle_done: - mtlr r7 - # cleanup - vxor v0, v0, v0 # vpxor %xmm0, %xmm0, %xmm0 - vxor v1, v1, v1 # vpxor %xmm1, %xmm1, %xmm1 - vxor v2, v2, v2 # vpxor %xmm2, %xmm2, %xmm2 - vxor v3, v3, v3 # vpxor %xmm3, %xmm3, %xmm3 - vxor v4, v4, v4 # vpxor %xmm4, %xmm4, %xmm4 - vxor v5, v5, v5 # vpxor %xmm5, %xmm5, %xmm5 - vxor v6, v6, v6 # vpxor %xmm6, %xmm6, %xmm6 - vxor v7, v7, v7 # vpxor %xmm7, %xmm7, %xmm7 - - blr - .long 0 - .byte 0,12,0x14,0,0,0,0,0 - -## -## .aes_schedule_192_smear -## -## Smear the short, low side in the 192-bit key schedule. -## -## Inputs: -## %xmm7: high side, b a x y -## %xmm6: low side, d c 0 0 -## %xmm13: 0 -## -## Outputs: -## %xmm6: b+c+d b+c 0 0 -## %xmm0: b+c+d b+c b a -## -.align 4 -_vpaes_schedule_192_smear: - ?vspltw v0, v7, 3 - ?vsldoi v1, v9, v6, 12 # vpshufd \$0x80, %xmm6, %xmm1 # d c 0 0 -> c 0 0 0 - ?vsldoi v0, v7, v0, 8 # vpshufd \$0xFE, %xmm7, %xmm0 # b a _ _ -> b b b a - vxor v6, v6, v1 # vpxor %xmm1, %xmm6, %xmm6 # -> c+d c 0 0 - vxor v6, v6, v0 # vpxor %xmm0, %xmm6, %xmm6 # -> b+c+d b+c b a - vmr v0, v6 - ?vsldoi v6, v6, v9, 8 - ?vsldoi v6, v9, v6, 8 # clobber low side with zeros - blr - .long 0 - .byte 0,12,0x14,0,0,0,0,0 - -## -## .aes_schedule_round -## -## Runs one main round of the key schedule on %xmm0, %xmm7 -## -## Specifically, runs subbytes on the high dword of %xmm0 -## then rotates it by one byte and xors into the low dword of -## %xmm7. -## -## Adds rcon from low byte of %xmm8, then rotates %xmm8 for -## next rcon. -## -## Smears the dwords of %xmm7 by xoring the low into the -## second low, result into third, result into highest. -## -## Returns results in %xmm7 = %xmm0. -## Clobbers %xmm1-%xmm4, %r11. -## -.align 4 -_vpaes_schedule_round: - # extract rcon from xmm8 - #vxor v4, v4, v4 # vpxor %xmm4, %xmm4, %xmm4 - ?vsldoi v1, $rcon, v9, 15 # vpalignr \$15, %xmm8, %xmm4, %xmm1 - ?vsldoi $rcon, $rcon, $rcon, 15 # vpalignr \$15, %xmm8, %xmm8, %xmm8 - vxor v7, v7, v1 # vpxor %xmm1, %xmm7, %xmm7 - - # rotate - ?vspltw v0, v0, 3 # vpshufd \$0xFF, %xmm0, %xmm0 - ?vsldoi v0, v0, v0, 1 # vpalignr \$1, %xmm0, %xmm0, %xmm0 - - # fall through... - - # low round: same as high round, but no rotation and no rcon. -_vpaes_schedule_low_round: - # smear xmm7 - ?vsldoi v1, v9, v7, 12 # vpslldq \$4, %xmm7, %xmm1 - vxor v7, v7, v1 # vpxor %xmm1, %xmm7, %xmm7 - vspltisb v1, 0x0f # 0x0f..0f - ?vsldoi v4, v9, v7, 8 # vpslldq \$8, %xmm7, %xmm4 - - # subbytes - vand v1, v1, v0 # vpand %xmm9, %xmm0, %xmm1 # 0 = k - vsrb v0, v0, v8 # vpsrlb \$4, %xmm0, %xmm0 # 1 = i - vxor v7, v7, v4 # vpxor %xmm4, %xmm7, %xmm7 - vperm v2, $invhi, v9, v1 # vpshufb %xmm1, %xmm11, %xmm2 # 2 = a/k - vxor v1, v1, v0 # vpxor %xmm0, %xmm1, %xmm1 # 0 = j - vperm v3, $invlo, v9, v0 # vpshufb %xmm0, %xmm10, %xmm3 # 3 = 1/i - vxor v3, v3, v2 # vpxor %xmm2, %xmm3, %xmm3 # 3 = iak = 1/i + a/k - vperm v4, $invlo, v9, v1 # vpshufb %xmm1, %xmm10, %xmm4 # 4 = 1/j - vxor v7, v7, v26 # vpxor .Lk_s63(%rip), %xmm7, %xmm7 - vperm v3, $invlo, v9, v3 # vpshufb %xmm3, %xmm10, %xmm3 # 2 = 1/iak - vxor v4, v4, v2 # vpxor %xmm2, %xmm4, %xmm4 # 4 = jak = 1/j + a/k - vperm v2, $invlo, v9, v4 # vpshufb %xmm4, %xmm10, %xmm2 # 3 = 1/jak - vxor v3, v3, v1 # vpxor %xmm1, %xmm3, %xmm3 # 2 = io - vxor v2, v2, v0 # vpxor %xmm0, %xmm2, %xmm2 # 3 = jo - vperm v4, v15, v9, v3 # vpshufb %xmm3, %xmm13, %xmm4 # 4 = sbou - vperm v1, v14, v9, v2 # vpshufb %xmm2, %xmm12, %xmm1 # 0 = sb1t - vxor v1, v1, v4 # vpxor %xmm4, %xmm1, %xmm1 # 0 = sbox output - - # add in smeared stuff - vxor v0, v1, v7 # vpxor %xmm7, %xmm1, %xmm0 - vxor v7, v1, v7 # vmovdqa %xmm0, %xmm7 - blr - .long 0 - .byte 0,12,0x14,0,0,0,0,0 - -## -## .aes_schedule_transform -## -## Linear-transform %xmm0 according to tables at (%r11) -## -## Requires that %xmm9 = 0x0F0F... as in preheat -## Output in %xmm0 -## Clobbers %xmm2 -## -.align 4 -_vpaes_schedule_transform: - #vand v1, v0, v9 # vpand %xmm9, %xmm0, %xmm1 - vsrb v2, v0, v8 # vpsrlb \$4, %xmm0, %xmm0 - # vmovdqa (%r11), %xmm2 # lo - vperm v0, $iptlo, $iptlo, v0 # vpshufb %xmm1, %xmm2, %xmm2 - # vmovdqa 16(%r11), %xmm1 # hi - vperm v2, $ipthi, $ipthi, v2 # vpshufb %xmm0, %xmm1, %xmm0 - vxor v0, v0, v2 # vpxor %xmm2, %xmm0, %xmm0 - blr - .long 0 - .byte 0,12,0x14,0,0,0,0,0 - -## -## .aes_schedule_mangle -## -## Mangle xmm0 from (basis-transformed) standard version -## to our version. -## -## On encrypt, -## xor with 0x63 -## multiply by circulant 0,1,1,1 -## apply shiftrows transform -## -## On decrypt, -## xor with 0x63 -## multiply by "inverse mixcolumns" circulant E,B,D,9 -## deskew -## apply shiftrows transform -## -## -## Writes out to (%rdx), and increments or decrements it -## Keeps track of round number mod 4 in %r8 -## Preserves xmm0 -## Clobbers xmm1-xmm5 -## -.align 4 -_vpaes_schedule_mangle: - #vmr v4, v0 # vmovdqa %xmm0, %xmm4 # save xmm0 for later - # vmovdqa .Lk_mc_forward(%rip),%xmm5 - bne $dir, Lschedule_mangle_dec - - # encrypting - vxor v4, v0, v26 # vpxor .Lk_s63(%rip), %xmm0, %xmm4 - addi $out, $out, 16 # add \$16, %rdx - vperm v4, v4, v4, v25 # vpshufb %xmm5, %xmm4, %xmm4 - vperm v1, v4, v4, v25 # vpshufb %xmm5, %xmm4, %xmm1 - vperm v3, v1, v1, v25 # vpshufb %xmm5, %xmm1, %xmm3 - vxor v4, v4, v1 # vpxor %xmm1, %xmm4, %xmm4 - lvx v1, r8, r10 # vmovdqa (%r8,%r10), %xmm1 - vxor v3, v3, v4 # vpxor %xmm4, %xmm3, %xmm3 - - vperm v3, v3, v3, v1 # vpshufb %xmm1, %xmm3, %xmm3 - addi r8, r8, -16 # add \$-16, %r8 - andi. r8, r8, 0x30 # and \$0x30, %r8 - - #stvx v3, 0, $out # vmovdqu %xmm3, (%rdx) - vperm v1, v3, v3, $outperm # rotate right/left - vsel v2, $outhead, v1, $outmask - vmr $outhead, v1 - stvx v2, 0, $out - blr - -.align 4 -Lschedule_mangle_dec: - # inverse mix columns - # lea .Lk_dksd(%rip),%r11 - vsrb v1, v0, v8 # vpsrlb \$4, %xmm4, %xmm1 # 1 = hi - #and v4, v0, v9 # vpand %xmm9, %xmm4, %xmm4 # 4 = lo - - # vmovdqa 0x00(%r11), %xmm2 - vperm v2, v16, v16, v0 # vpshufb %xmm4, %xmm2, %xmm2 - # vmovdqa 0x10(%r11), %xmm3 - vperm v3, v17, v17, v1 # vpshufb %xmm1, %xmm3, %xmm3 - vxor v3, v3, v2 # vpxor %xmm2, %xmm3, %xmm3 - vperm v3, v3, v9, v25 # vpshufb %xmm5, %xmm3, %xmm3 - - # vmovdqa 0x20(%r11), %xmm2 - vperm v2, v18, v18, v0 # vpshufb %xmm4, %xmm2, %xmm2 - vxor v2, v2, v3 # vpxor %xmm3, %xmm2, %xmm2 - # vmovdqa 0x30(%r11), %xmm3 - vperm v3, v19, v19, v1 # vpshufb %xmm1, %xmm3, %xmm3 - vxor v3, v3, v2 # vpxor %xmm2, %xmm3, %xmm3 - vperm v3, v3, v9, v25 # vpshufb %xmm5, %xmm3, %xmm3 - - # vmovdqa 0x40(%r11), %xmm2 - vperm v2, v20, v20, v0 # vpshufb %xmm4, %xmm2, %xmm2 - vxor v2, v2, v3 # vpxor %xmm3, %xmm2, %xmm2 - # vmovdqa 0x50(%r11), %xmm3 - vperm v3, v21, v21, v1 # vpshufb %xmm1, %xmm3, %xmm3 - vxor v3, v3, v2 # vpxor %xmm2, %xmm3, %xmm3 - - # vmovdqa 0x60(%r11), %xmm2 - vperm v2, v22, v22, v0 # vpshufb %xmm4, %xmm2, %xmm2 - vperm v3, v3, v9, v25 # vpshufb %xmm5, %xmm3, %xmm3 - # vmovdqa 0x70(%r11), %xmm4 - vperm v4, v23, v23, v1 # vpshufb %xmm1, %xmm4, %xmm4 - lvx v1, r8, r10 # vmovdqa (%r8,%r10), %xmm1 - vxor v2, v2, v3 # vpxor %xmm3, %xmm2, %xmm2 - vxor v3, v4, v2 # vpxor %xmm2, %xmm4, %xmm3 - - addi $out, $out, -16 # add \$-16, %rdx - - vperm v3, v3, v3, v1 # vpshufb %xmm1, %xmm3, %xmm3 - addi r8, r8, -16 # add \$-16, %r8 - andi. r8, r8, 0x30 # and \$0x30, %r8 - - #stvx v3, 0, $out # vmovdqu %xmm3, (%rdx) - vperm v1, v3, v3, $outperm # rotate right/left - vsel v2, $outhead, v1, $outmask - vmr $outhead, v1 - stvx v2, 0, $out - blr - .long 0 - .byte 0,12,0x14,0,0,0,0,0 - -.globl .vpaes_set_encrypt_key -.align 5 -.vpaes_set_encrypt_key: - $STU $sp,-$FRAME($sp) - li r10,`15+6*$SIZE_T` - li r11,`31+6*$SIZE_T` - mflr r0 - mfspr r6, 256 # save vrsave - stvx v20,r10,$sp - addi r10,r10,32 - stvx v21,r11,$sp - addi r11,r11,32 - stvx v22,r10,$sp - addi r10,r10,32 - stvx v23,r11,$sp - addi r11,r11,32 - stvx v24,r10,$sp - addi r10,r10,32 - stvx v25,r11,$sp - addi r11,r11,32 - stvx v26,r10,$sp - addi r10,r10,32 - stvx v27,r11,$sp - addi r11,r11,32 - stvx v28,r10,$sp - addi r10,r10,32 - stvx v29,r11,$sp - addi r11,r11,32 - stvx v30,r10,$sp - stvx v31,r11,$sp - stw r6,`$FRAME-4`($sp) # save vrsave - li r7, -1 - $PUSH r0, `$FRAME+$LRSAVE`($sp) - mtspr 256, r7 # preserve all AltiVec registers - - srwi r9, $bits, 5 # shr \$5,%eax - addi r9, r9, 6 # add \$5,%eax - stw r9, 240($out) # mov %eax,240(%rdx) # AES_KEY->rounds = nbits/32+5; - - cmplw $dir, $bits, $bits # set encrypt direction - li r8, 0x30 # mov \$0x30,%r8d - bl _vpaes_schedule_core - - $POP r0, `$FRAME+$LRSAVE`($sp) - li r10,`15+6*$SIZE_T` - li r11,`31+6*$SIZE_T` - mtspr 256, r6 # restore vrsave - mtlr r0 - xor r3, r3, r3 - lvx v20,r10,$sp - addi r10,r10,32 - lvx v21,r11,$sp - addi r11,r11,32 - lvx v22,r10,$sp - addi r10,r10,32 - lvx v23,r11,$sp - addi r11,r11,32 - lvx v24,r10,$sp - addi r10,r10,32 - lvx v25,r11,$sp - addi r11,r11,32 - lvx v26,r10,$sp - addi r10,r10,32 - lvx v27,r11,$sp - addi r11,r11,32 - lvx v28,r10,$sp - addi r10,r10,32 - lvx v29,r11,$sp - addi r11,r11,32 - lvx v30,r10,$sp - lvx v31,r11,$sp - addi $sp,$sp,$FRAME - blr - .long 0 - .byte 0,12,0x04,1,0x80,0,3,0 - .long 0 -.size .vpaes_set_encrypt_key,.-.vpaes_set_encrypt_key - -.globl .vpaes_set_decrypt_key -.align 4 -.vpaes_set_decrypt_key: - $STU $sp,-$FRAME($sp) - li r10,`15+6*$SIZE_T` - li r11,`31+6*$SIZE_T` - mflr r0 - mfspr r6, 256 # save vrsave - stvx v20,r10,$sp - addi r10,r10,32 - stvx v21,r11,$sp - addi r11,r11,32 - stvx v22,r10,$sp - addi r10,r10,32 - stvx v23,r11,$sp - addi r11,r11,32 - stvx v24,r10,$sp - addi r10,r10,32 - stvx v25,r11,$sp - addi r11,r11,32 - stvx v26,r10,$sp - addi r10,r10,32 - stvx v27,r11,$sp - addi r11,r11,32 - stvx v28,r10,$sp - addi r10,r10,32 - stvx v29,r11,$sp - addi r11,r11,32 - stvx v30,r10,$sp - stvx v31,r11,$sp - stw r6,`$FRAME-4`($sp) # save vrsave - li r7, -1 - $PUSH r0, `$FRAME+$LRSAVE`($sp) - mtspr 256, r7 # preserve all AltiVec registers - - srwi r9, $bits, 5 # shr \$5,%eax - addi r9, r9, 6 # add \$5,%eax - stw r9, 240($out) # mov %eax,240(%rdx) # AES_KEY->rounds = nbits/32+5; - - slwi r9, r9, 4 # shl \$4,%eax - add $out, $out, r9 # lea (%rdx,%rax),%rdx - - cmplwi $dir, $bits, 0 # set decrypt direction - srwi r8, $bits, 1 # shr \$1,%r8d - andi. r8, r8, 32 # and \$32,%r8d - xori r8, r8, 32 # xor \$32,%r8d # nbits==192?0:32 - bl _vpaes_schedule_core - - $POP r0, `$FRAME+$LRSAVE`($sp) - li r10,`15+6*$SIZE_T` - li r11,`31+6*$SIZE_T` - mtspr 256, r6 # restore vrsave - mtlr r0 - xor r3, r3, r3 - lvx v20,r10,$sp - addi r10,r10,32 - lvx v21,r11,$sp - addi r11,r11,32 - lvx v22,r10,$sp - addi r10,r10,32 - lvx v23,r11,$sp - addi r11,r11,32 - lvx v24,r10,$sp - addi r10,r10,32 - lvx v25,r11,$sp - addi r11,r11,32 - lvx v26,r10,$sp - addi r10,r10,32 - lvx v27,r11,$sp - addi r11,r11,32 - lvx v28,r10,$sp - addi r10,r10,32 - lvx v29,r11,$sp - addi r11,r11,32 - lvx v30,r10,$sp - lvx v31,r11,$sp - addi $sp,$sp,$FRAME - blr - .long 0 - .byte 0,12,0x04,1,0x80,0,3,0 - .long 0 -.size .vpaes_set_decrypt_key,.-.vpaes_set_decrypt_key -___ -} - -my $consts=1; -foreach (split("\n",$code)) { - s/\`([^\`]*)\`/eval $1/geo; - - # constants table endian-specific conversion - if ($consts && m/\.long\s+(.+)\s+(\?[a-z]*)$/o) { - my $conv=$2; - my @bytes=(); - - # convert to endian-agnostic format - foreach (split(/,\s+/,$1)) { - my $l = /^0/?oct:int; - push @bytes,($l>>24)&0xff,($l>>16)&0xff,($l>>8)&0xff,$l&0xff; - } - - # little-endian conversion - if ($flavour =~ /le$/o) { - SWITCH: for($conv) { - /\?inv/ && do { @bytes=map($_^0xf,@bytes); last; }; - /\?rev/ && do { @bytes=reverse(@bytes); last; }; - } - } - - #emit - print ".byte\t",join(',',map (sprintf("0x%02x",$_),@bytes)),"\n"; - next; - } - $consts=0 if (m/Lconsts:/o); # end of table - - # instructions prefixed with '?' are endian-specific and need - # to be adjusted accordingly... - if ($flavour =~ /le$/o) { # little-endian - s/\?lvsr/lvsl/o or - s/\?lvsl/lvsr/o or - s/\?(vperm\s+v[0-9]+,\s*)(v[0-9]+,\s*)(v[0-9]+,\s*)(v[0-9]+)/$1$3$2$4/o or - s/\?(vsldoi\s+v[0-9]+,\s*)(v[0-9]+,)\s*(v[0-9]+,\s*)([0-9]+)/$1$3$2 16-$4/o or - s/\?(vspltw\s+v[0-9]+,\s*)(v[0-9]+,)\s*([0-9])/$1$2 3-$3/o; - } else { # big-endian - s/\?([a-z]+)/$1/o; - } - - print $_,"\n"; -} - -close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/aes/asm/vpaes-x86.pl b/crypto/aes/asm/vpaes-x86.pl deleted file mode 100644 index b206e934b48b2aed36ee3763dbe734c0eb3dc93b..0000000000000000000000000000000000000000 --- a/crypto/aes/asm/vpaes-x86.pl +++ /dev/null @@ -1,914 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2011-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - - -###################################################################### -## Constant-time SSSE3 AES core implementation. -## version 0.1 -## -## By Mike Hamburg (Stanford University), 2009 -## Public domain. -## -## For details see http://shiftleft.org/papers/vector_aes/ and -## http://crypto.stanford.edu/vpaes/. - -###################################################################### -# September 2011. -# -# Port vpaes-x86_64.pl as 32-bit "almost" drop-in replacement for -# aes-586.pl. "Almost" refers to the fact that AES_cbc_encrypt -# doesn't handle partial vectors (doesn't have to if called from -# EVP only). "Drop-in" implies that this module doesn't share key -# schedule structure with the original nor does it make assumption -# about its alignment... -# -# Performance summary. aes-586.pl column lists large-block CBC -# encrypt/decrypt/with-hyper-threading-off(*) results in cycles per -# byte processed with 128-bit key, and vpaes-x86.pl column - [also -# large-block CBC] encrypt/decrypt. -# -# aes-586.pl vpaes-x86.pl -# -# Core 2(**) 28.1/41.4/18.3 21.9/25.2(***) -# Nehalem 27.9/40.4/18.1 10.2/11.9 -# Atom 70.7/92.1/60.1 61.1/75.4(***) -# Silvermont 45.4/62.9/24.1 49.2/61.1(***) -# -# (*) "Hyper-threading" in the context refers rather to cache shared -# among multiple cores, than to specifically Intel HTT. As vast -# majority of contemporary cores share cache, slower code path -# is common place. In other words "with-hyper-threading-off" -# results are presented mostly for reference purposes. -# -# (**) "Core 2" refers to initial 65nm design, a.k.a. Conroe. -# -# (***) Less impressive improvement on Core 2 and Atom is due to slow -# pshufb, yet it's respectable +28%/64% improvement on Core 2 -# and +15% on Atom (as implied, over "hyper-threading-safe" -# code path). -# -# - -$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; -push(@INC,"${dir}","${dir}../../perlasm"); -require "x86asm.pl"; - -$output = pop and open STDOUT,">$output"; - -&asm_init($ARGV[0],$x86only = $ARGV[$#ARGV] eq "386"); - -$PREFIX="vpaes"; - -my ($round, $base, $magic, $key, $const, $inp, $out)= - ("eax", "ebx", "ecx", "edx","ebp", "esi","edi"); - -&static_label("_vpaes_consts"); -&static_label("_vpaes_schedule_low_round"); - -&set_label("_vpaes_consts",64); -$k_inv=-0x30; # inv, inva - &data_word(0x0D080180,0x0E05060F,0x0A0B0C02,0x04070309); - &data_word(0x0F0B0780,0x01040A06,0x02050809,0x030D0E0C); - -$k_s0F=-0x10; # s0F - &data_word(0x0F0F0F0F,0x0F0F0F0F,0x0F0F0F0F,0x0F0F0F0F); - -$k_ipt=0x00; # input transform (lo, hi) - &data_word(0x5A2A7000,0xC2B2E898,0x52227808,0xCABAE090); - &data_word(0x317C4D00,0x4C01307D,0xB0FDCC81,0xCD80B1FC); - -$k_sb1=0x20; # sb1u, sb1t - &data_word(0xCB503E00,0xB19BE18F,0x142AF544,0xA5DF7A6E); - &data_word(0xFAE22300,0x3618D415,0x0D2ED9EF,0x3BF7CCC1); -$k_sb2=0x40; # sb2u, sb2t - &data_word(0x0B712400,0xE27A93C6,0xBC982FCD,0x5EB7E955); - &data_word(0x0AE12900,0x69EB8840,0xAB82234A,0xC2A163C8); -$k_sbo=0x60; # sbou, sbot - &data_word(0x6FBDC700,0xD0D26D17,0xC502A878,0x15AABF7A); - &data_word(0x5FBB6A00,0xCFE474A5,0x412B35FA,0x8E1E90D1); - -$k_mc_forward=0x80; # mc_forward - &data_word(0x00030201,0x04070605,0x080B0A09,0x0C0F0E0D); - &data_word(0x04070605,0x080B0A09,0x0C0F0E0D,0x00030201); - &data_word(0x080B0A09,0x0C0F0E0D,0x00030201,0x04070605); - &data_word(0x0C0F0E0D,0x00030201,0x04070605,0x080B0A09); - -$k_mc_backward=0xc0; # mc_backward - &data_word(0x02010003,0x06050407,0x0A09080B,0x0E0D0C0F); - &data_word(0x0E0D0C0F,0x02010003,0x06050407,0x0A09080B); - &data_word(0x0A09080B,0x0E0D0C0F,0x02010003,0x06050407); - &data_word(0x06050407,0x0A09080B,0x0E0D0C0F,0x02010003); - -$k_sr=0x100; # sr - &data_word(0x03020100,0x07060504,0x0B0A0908,0x0F0E0D0C); - &data_word(0x0F0A0500,0x030E0904,0x07020D08,0x0B06010C); - &data_word(0x0B020900,0x0F060D04,0x030A0108,0x070E050C); - &data_word(0x070A0D00,0x0B0E0104,0x0F020508,0x0306090C); - -$k_rcon=0x140; # rcon - &data_word(0xAF9DEEB6,0x1F8391B9,0x4D7C7D81,0x702A9808); - -$k_s63=0x150; # s63: all equal to 0x63 transformed - &data_word(0x5B5B5B5B,0x5B5B5B5B,0x5B5B5B5B,0x5B5B5B5B); - -$k_opt=0x160; # output transform - &data_word(0xD6B66000,0xFF9F4929,0xDEBE6808,0xF7974121); - &data_word(0x50BCEC00,0x01EDBD51,0xB05C0CE0,0xE10D5DB1); - -$k_deskew=0x180; # deskew tables: inverts the sbox's "skew" - &data_word(0x47A4E300,0x07E4A340,0x5DBEF91A,0x1DFEB95A); - &data_word(0x83EA6900,0x5F36B5DC,0xF49D1E77,0x2841C2AB); -## -## Decryption stuff -## Key schedule constants -## -$k_dksd=0x1a0; # decryption key schedule: invskew x*D - &data_word(0xA3E44700,0xFEB91A5D,0x5A1DBEF9,0x0740E3A4); - &data_word(0xB5368300,0x41C277F4,0xAB289D1E,0x5FDC69EA); -$k_dksb=0x1c0; # decryption key schedule: invskew x*B - &data_word(0x8550D500,0x9A4FCA1F,0x1CC94C99,0x03D65386); - &data_word(0xB6FC4A00,0x115BEDA7,0x7E3482C8,0xD993256F); -$k_dkse=0x1e0; # decryption key schedule: invskew x*E + 0x63 - &data_word(0x1FC9D600,0xD5031CCA,0x994F5086,0x53859A4C); - &data_word(0x4FDC7BE8,0xA2319605,0x20B31487,0xCD5EF96A); -$k_dks9=0x200; # decryption key schedule: invskew x*9 - &data_word(0x7ED9A700,0xB6116FC8,0x82255BFC,0x4AED9334); - &data_word(0x27143300,0x45765162,0xE9DAFDCE,0x8BB89FAC); - -## -## Decryption stuff -## Round function constants -## -$k_dipt=0x220; # decryption input transform - &data_word(0x0B545F00,0x0F505B04,0x114E451A,0x154A411E); - &data_word(0x60056500,0x86E383E6,0xF491F194,0x12771772); - -$k_dsb9=0x240; # decryption sbox output *9*u, *9*t - &data_word(0x9A86D600,0x851C0353,0x4F994CC9,0xCAD51F50); - &data_word(0xECD74900,0xC03B1789,0xB2FBA565,0x725E2C9E); -$k_dsbd=0x260; # decryption sbox output *D*u, *D*t - &data_word(0xE6B1A200,0x7D57CCDF,0x882A4439,0xF56E9B13); - &data_word(0x24C6CB00,0x3CE2FAF7,0x15DEEFD3,0x2931180D); -$k_dsbb=0x280; # decryption sbox output *B*u, *B*t - &data_word(0x96B44200,0xD0226492,0xB0F2D404,0x602646F6); - &data_word(0xCD596700,0xC19498A6,0x3255AA6B,0xF3FF0C3E); -$k_dsbe=0x2a0; # decryption sbox output *E*u, *E*t - &data_word(0x26D4D000,0x46F29296,0x64B4F6B0,0x22426004); - &data_word(0xFFAAC100,0x0C55A6CD,0x98593E32,0x9467F36B); -$k_dsbo=0x2c0; # decryption sbox final output - &data_word(0x7EF94000,0x1387EA53,0xD4943E2D,0xC7AA6DB9); - &data_word(0x93441D00,0x12D7560F,0xD8C58E9C,0xCA4B8159); -&asciz ("Vector Permutation AES for x86/SSSE3, Mike Hamburg (Stanford University)"); -&align (64); - -&function_begin_B("_vpaes_preheat"); - &add ($const,&DWP(0,"esp")); - &movdqa ("xmm7",&QWP($k_inv,$const)); - &movdqa ("xmm6",&QWP($k_s0F,$const)); - &ret (); -&function_end_B("_vpaes_preheat"); - -## -## _aes_encrypt_core -## -## AES-encrypt %xmm0. -## -## Inputs: -## %xmm0 = input -## %xmm6-%xmm7 as in _vpaes_preheat -## (%edx) = scheduled keys -## -## Output in %xmm0 -## Clobbers %xmm1-%xmm5, %eax, %ebx, %ecx, %edx -## -## -&function_begin_B("_vpaes_encrypt_core"); - &mov ($magic,16); - &mov ($round,&DWP(240,$key)); - &movdqa ("xmm1","xmm6") - &movdqa ("xmm2",&QWP($k_ipt,$const)); - &pandn ("xmm1","xmm0"); - &pand ("xmm0","xmm6"); - &movdqu ("xmm5",&QWP(0,$key)); - &pshufb ("xmm2","xmm0"); - &movdqa ("xmm0",&QWP($k_ipt+16,$const)); - &pxor ("xmm2","xmm5"); - &psrld ("xmm1",4); - &add ($key,16); - &pshufb ("xmm0","xmm1"); - &lea ($base,&DWP($k_mc_backward,$const)); - &pxor ("xmm0","xmm2"); - &jmp (&label("enc_entry")); - - -&set_label("enc_loop",16); - # middle of middle round - &movdqa ("xmm4",&QWP($k_sb1,$const)); # 4 : sb1u - &movdqa ("xmm0",&QWP($k_sb1+16,$const));# 0 : sb1t - &pshufb ("xmm4","xmm2"); # 4 = sb1u - &pshufb ("xmm0","xmm3"); # 0 = sb1t - &pxor ("xmm4","xmm5"); # 4 = sb1u + k - &movdqa ("xmm5",&QWP($k_sb2,$const)); # 4 : sb2u - &pxor ("xmm0","xmm4"); # 0 = A - &movdqa ("xmm1",&QWP(-0x40,$base,$magic));# .Lk_mc_forward[] - &pshufb ("xmm5","xmm2"); # 4 = sb2u - &movdqa ("xmm2",&QWP($k_sb2+16,$const));# 2 : sb2t - &movdqa ("xmm4",&QWP(0,$base,$magic)); # .Lk_mc_backward[] - &pshufb ("xmm2","xmm3"); # 2 = sb2t - &movdqa ("xmm3","xmm0"); # 3 = A - &pxor ("xmm2","xmm5"); # 2 = 2A - &pshufb ("xmm0","xmm1"); # 0 = B - &add ($key,16); # next key - &pxor ("xmm0","xmm2"); # 0 = 2A+B - &pshufb ("xmm3","xmm4"); # 3 = D - &add ($magic,16); # next mc - &pxor ("xmm3","xmm0"); # 3 = 2A+B+D - &pshufb ("xmm0","xmm1"); # 0 = 2B+C - &and ($magic,0x30); # ... mod 4 - &sub ($round,1); # nr-- - &pxor ("xmm0","xmm3"); # 0 = 2A+3B+C+D - -&set_label("enc_entry"); - # top of round - &movdqa ("xmm1","xmm6"); # 1 : i - &movdqa ("xmm5",&QWP($k_inv+16,$const));# 2 : a/k - &pandn ("xmm1","xmm0"); # 1 = i<<4 - &psrld ("xmm1",4); # 1 = i - &pand ("xmm0","xmm6"); # 0 = k - &pshufb ("xmm5","xmm0"); # 2 = a/k - &movdqa ("xmm3","xmm7"); # 3 : 1/i - &pxor ("xmm0","xmm1"); # 0 = j - &pshufb ("xmm3","xmm1"); # 3 = 1/i - &movdqa ("xmm4","xmm7"); # 4 : 1/j - &pxor ("xmm3","xmm5"); # 3 = iak = 1/i + a/k - &pshufb ("xmm4","xmm0"); # 4 = 1/j - &movdqa ("xmm2","xmm7"); # 2 : 1/iak - &pxor ("xmm4","xmm5"); # 4 = jak = 1/j + a/k - &pshufb ("xmm2","xmm3"); # 2 = 1/iak - &movdqa ("xmm3","xmm7"); # 3 : 1/jak - &pxor ("xmm2","xmm0"); # 2 = io - &pshufb ("xmm3","xmm4"); # 3 = 1/jak - &movdqu ("xmm5",&QWP(0,$key)); - &pxor ("xmm3","xmm1"); # 3 = jo - &jnz (&label("enc_loop")); - - # middle of last round - &movdqa ("xmm4",&QWP($k_sbo,$const)); # 3 : sbou .Lk_sbo - &movdqa ("xmm0",&QWP($k_sbo+16,$const));# 3 : sbot .Lk_sbo+16 - &pshufb ("xmm4","xmm2"); # 4 = sbou - &pxor ("xmm4","xmm5"); # 4 = sb1u + k - &pshufb ("xmm0","xmm3"); # 0 = sb1t - &movdqa ("xmm1",&QWP(0x40,$base,$magic));# .Lk_sr[] - &pxor ("xmm0","xmm4"); # 0 = A - &pshufb ("xmm0","xmm1"); - &ret (); -&function_end_B("_vpaes_encrypt_core"); - -## -## Decryption core -## -## Same API as encryption core. -## -&function_begin_B("_vpaes_decrypt_core"); - &lea ($base,&DWP($k_dsbd,$const)); - &mov ($round,&DWP(240,$key)); - &movdqa ("xmm1","xmm6"); - &movdqa ("xmm2",&QWP($k_dipt-$k_dsbd,$base)); - &pandn ("xmm1","xmm0"); - &mov ($magic,$round); - &psrld ("xmm1",4) - &movdqu ("xmm5",&QWP(0,$key)); - &shl ($magic,4); - &pand ("xmm0","xmm6"); - &pshufb ("xmm2","xmm0"); - &movdqa ("xmm0",&QWP($k_dipt-$k_dsbd+16,$base)); - &xor ($magic,0x30); - &pshufb ("xmm0","xmm1"); - &and ($magic,0x30); - &pxor ("xmm2","xmm5"); - &movdqa ("xmm5",&QWP($k_mc_forward+48,$const)); - &pxor ("xmm0","xmm2"); - &add ($key,16); - &lea ($magic,&DWP($k_sr-$k_dsbd,$base,$magic)); - &jmp (&label("dec_entry")); - -&set_label("dec_loop",16); -## -## Inverse mix columns -## - &movdqa ("xmm4",&QWP(-0x20,$base)); # 4 : sb9u - &movdqa ("xmm1",&QWP(-0x10,$base)); # 0 : sb9t - &pshufb ("xmm4","xmm2"); # 4 = sb9u - &pshufb ("xmm1","xmm3"); # 0 = sb9t - &pxor ("xmm0","xmm4"); - &movdqa ("xmm4",&QWP(0,$base)); # 4 : sbdu - &pxor ("xmm0","xmm1"); # 0 = ch - &movdqa ("xmm1",&QWP(0x10,$base)); # 0 : sbdt - - &pshufb ("xmm4","xmm2"); # 4 = sbdu - &pshufb ("xmm0","xmm5"); # MC ch - &pshufb ("xmm1","xmm3"); # 0 = sbdt - &pxor ("xmm0","xmm4"); # 4 = ch - &movdqa ("xmm4",&QWP(0x20,$base)); # 4 : sbbu - &pxor ("xmm0","xmm1"); # 0 = ch - &movdqa ("xmm1",&QWP(0x30,$base)); # 0 : sbbt - - &pshufb ("xmm4","xmm2"); # 4 = sbbu - &pshufb ("xmm0","xmm5"); # MC ch - &pshufb ("xmm1","xmm3"); # 0 = sbbt - &pxor ("xmm0","xmm4"); # 4 = ch - &movdqa ("xmm4",&QWP(0x40,$base)); # 4 : sbeu - &pxor ("xmm0","xmm1"); # 0 = ch - &movdqa ("xmm1",&QWP(0x50,$base)); # 0 : sbet - - &pshufb ("xmm4","xmm2"); # 4 = sbeu - &pshufb ("xmm0","xmm5"); # MC ch - &pshufb ("xmm1","xmm3"); # 0 = sbet - &pxor ("xmm0","xmm4"); # 4 = ch - &add ($key,16); # next round key - &palignr("xmm5","xmm5",12); - &pxor ("xmm0","xmm1"); # 0 = ch - &sub ($round,1); # nr-- - -&set_label("dec_entry"); - # top of round - &movdqa ("xmm1","xmm6"); # 1 : i - &movdqa ("xmm2",&QWP($k_inv+16,$const));# 2 : a/k - &pandn ("xmm1","xmm0"); # 1 = i<<4 - &pand ("xmm0","xmm6"); # 0 = k - &psrld ("xmm1",4); # 1 = i - &pshufb ("xmm2","xmm0"); # 2 = a/k - &movdqa ("xmm3","xmm7"); # 3 : 1/i - &pxor ("xmm0","xmm1"); # 0 = j - &pshufb ("xmm3","xmm1"); # 3 = 1/i - &movdqa ("xmm4","xmm7"); # 4 : 1/j - &pxor ("xmm3","xmm2"); # 3 = iak = 1/i + a/k - &pshufb ("xmm4","xmm0"); # 4 = 1/j - &pxor ("xmm4","xmm2"); # 4 = jak = 1/j + a/k - &movdqa ("xmm2","xmm7"); # 2 : 1/iak - &pshufb ("xmm2","xmm3"); # 2 = 1/iak - &movdqa ("xmm3","xmm7"); # 3 : 1/jak - &pxor ("xmm2","xmm0"); # 2 = io - &pshufb ("xmm3","xmm4"); # 3 = 1/jak - &movdqu ("xmm0",&QWP(0,$key)); - &pxor ("xmm3","xmm1"); # 3 = jo - &jnz (&label("dec_loop")); - - # middle of last round - &movdqa ("xmm4",&QWP(0x60,$base)); # 3 : sbou - &pshufb ("xmm4","xmm2"); # 4 = sbou - &pxor ("xmm4","xmm0"); # 4 = sb1u + k - &movdqa ("xmm0",&QWP(0x70,$base)); # 0 : sbot - &movdqa ("xmm2",&QWP(0,$magic)); - &pshufb ("xmm0","xmm3"); # 0 = sb1t - &pxor ("xmm0","xmm4"); # 0 = A - &pshufb ("xmm0","xmm2"); - &ret (); -&function_end_B("_vpaes_decrypt_core"); - -######################################################## -## ## -## AES key schedule ## -## ## -######################################################## -&function_begin_B("_vpaes_schedule_core"); - &add ($const,&DWP(0,"esp")); - &movdqu ("xmm0",&QWP(0,$inp)); # load key (unaligned) - &movdqa ("xmm2",&QWP($k_rcon,$const)); # load rcon - - # input transform - &movdqa ("xmm3","xmm0"); - &lea ($base,&DWP($k_ipt,$const)); - &movdqa (&QWP(4,"esp"),"xmm2"); # xmm8 - &call ("_vpaes_schedule_transform"); - &movdqa ("xmm7","xmm0"); - - &test ($out,$out); - &jnz (&label("schedule_am_decrypting")); - - # encrypting, output zeroth round key after transform - &movdqu (&QWP(0,$key),"xmm0"); - &jmp (&label("schedule_go")); - -&set_label("schedule_am_decrypting"); - # decrypting, output zeroth round key after shiftrows - &movdqa ("xmm1",&QWP($k_sr,$const,$magic)); - &pshufb ("xmm3","xmm1"); - &movdqu (&QWP(0,$key),"xmm3"); - &xor ($magic,0x30); - -&set_label("schedule_go"); - &cmp ($round,192); - &ja (&label("schedule_256")); - &je (&label("schedule_192")); - # 128: fall though - -## -## .schedule_128 -## -## 128-bit specific part of key schedule. -## -## This schedule is really simple, because all its parts -## are accomplished by the subroutines. -## -&set_label("schedule_128"); - &mov ($round,10); - -&set_label("loop_schedule_128"); - &call ("_vpaes_schedule_round"); - &dec ($round); - &jz (&label("schedule_mangle_last")); - &call ("_vpaes_schedule_mangle"); # write output - &jmp (&label("loop_schedule_128")); - -## -## .aes_schedule_192 -## -## 192-bit specific part of key schedule. -## -## The main body of this schedule is the same as the 128-bit -## schedule, but with more smearing. The long, high side is -## stored in %xmm7 as before, and the short, low side is in -## the high bits of %xmm6. -## -## This schedule is somewhat nastier, however, because each -## round produces 192 bits of key material, or 1.5 round keys. -## Therefore, on each cycle we do 2 rounds and produce 3 round -## keys. -## -&set_label("schedule_192",16); - &movdqu ("xmm0",&QWP(8,$inp)); # load key part 2 (very unaligned) - &call ("_vpaes_schedule_transform"); # input transform - &movdqa ("xmm6","xmm0"); # save short part - &pxor ("xmm4","xmm4"); # clear 4 - &movhlps("xmm6","xmm4"); # clobber low side with zeros - &mov ($round,4); - -&set_label("loop_schedule_192"); - &call ("_vpaes_schedule_round"); - &palignr("xmm0","xmm6",8); - &call ("_vpaes_schedule_mangle"); # save key n - &call ("_vpaes_schedule_192_smear"); - &call ("_vpaes_schedule_mangle"); # save key n+1 - &call ("_vpaes_schedule_round"); - &dec ($round); - &jz (&label("schedule_mangle_last")); - &call ("_vpaes_schedule_mangle"); # save key n+2 - &call ("_vpaes_schedule_192_smear"); - &jmp (&label("loop_schedule_192")); - -## -## .aes_schedule_256 -## -## 256-bit specific part of key schedule. -## -## The structure here is very similar to the 128-bit -## schedule, but with an additional "low side" in -## %xmm6. The low side's rounds are the same as the -## high side's, except no rcon and no rotation. -## -&set_label("schedule_256",16); - &movdqu ("xmm0",&QWP(16,$inp)); # load key part 2 (unaligned) - &call ("_vpaes_schedule_transform"); # input transform - &mov ($round,7); - -&set_label("loop_schedule_256"); - &call ("_vpaes_schedule_mangle"); # output low result - &movdqa ("xmm6","xmm0"); # save cur_lo in xmm6 - - # high round - &call ("_vpaes_schedule_round"); - &dec ($round); - &jz (&label("schedule_mangle_last")); - &call ("_vpaes_schedule_mangle"); - - # low round. swap xmm7 and xmm6 - &pshufd ("xmm0","xmm0",0xFF); - &movdqa (&QWP(20,"esp"),"xmm7"); - &movdqa ("xmm7","xmm6"); - &call ("_vpaes_schedule_low_round"); - &movdqa ("xmm7",&QWP(20,"esp")); - - &jmp (&label("loop_schedule_256")); - -## -## .aes_schedule_mangle_last -## -## Mangler for last round of key schedule -## Mangles %xmm0 -## when encrypting, outputs out(%xmm0) ^ 63 -## when decrypting, outputs unskew(%xmm0) -## -## Always called right before return... jumps to cleanup and exits -## -&set_label("schedule_mangle_last",16); - # schedule last round key from xmm0 - &lea ($base,&DWP($k_deskew,$const)); - &test ($out,$out); - &jnz (&label("schedule_mangle_last_dec")); - - # encrypting - &movdqa ("xmm1",&QWP($k_sr,$const,$magic)); - &pshufb ("xmm0","xmm1"); # output permute - &lea ($base,&DWP($k_opt,$const)); # prepare to output transform - &add ($key,32); - -&set_label("schedule_mangle_last_dec"); - &add ($key,-16); - &pxor ("xmm0",&QWP($k_s63,$const)); - &call ("_vpaes_schedule_transform"); # output transform - &movdqu (&QWP(0,$key),"xmm0"); # save last key - - # cleanup - &pxor ("xmm0","xmm0"); - &pxor ("xmm1","xmm1"); - &pxor ("xmm2","xmm2"); - &pxor ("xmm3","xmm3"); - &pxor ("xmm4","xmm4"); - &pxor ("xmm5","xmm5"); - &pxor ("xmm6","xmm6"); - &pxor ("xmm7","xmm7"); - &ret (); -&function_end_B("_vpaes_schedule_core"); - -## -## .aes_schedule_192_smear -## -## Smear the short, low side in the 192-bit key schedule. -## -## Inputs: -## %xmm7: high side, b a x y -## %xmm6: low side, d c 0 0 -## %xmm13: 0 -## -## Outputs: -## %xmm6: b+c+d b+c 0 0 -## %xmm0: b+c+d b+c b a -## -&function_begin_B("_vpaes_schedule_192_smear"); - &pshufd ("xmm1","xmm6",0x80); # d c 0 0 -> c 0 0 0 - &pshufd ("xmm0","xmm7",0xFE); # b a _ _ -> b b b a - &pxor ("xmm6","xmm1"); # -> c+d c 0 0 - &pxor ("xmm1","xmm1"); - &pxor ("xmm6","xmm0"); # -> b+c+d b+c b a - &movdqa ("xmm0","xmm6"); - &movhlps("xmm6","xmm1"); # clobber low side with zeros - &ret (); -&function_end_B("_vpaes_schedule_192_smear"); - -## -## .aes_schedule_round -## -## Runs one main round of the key schedule on %xmm0, %xmm7 -## -## Specifically, runs subbytes on the high dword of %xmm0 -## then rotates it by one byte and xors into the low dword of -## %xmm7. -## -## Adds rcon from low byte of %xmm8, then rotates %xmm8 for -## next rcon. -## -## Smears the dwords of %xmm7 by xoring the low into the -## second low, result into third, result into highest. -## -## Returns results in %xmm7 = %xmm0. -## Clobbers %xmm1-%xmm5. -## -&function_begin_B("_vpaes_schedule_round"); - # extract rcon from xmm8 - &movdqa ("xmm2",&QWP(8,"esp")); # xmm8 - &pxor ("xmm1","xmm1"); - &palignr("xmm1","xmm2",15); - &palignr("xmm2","xmm2",15); - &pxor ("xmm7","xmm1"); - - # rotate - &pshufd ("xmm0","xmm0",0xFF); - &palignr("xmm0","xmm0",1); - - # fall through... - &movdqa (&QWP(8,"esp"),"xmm2"); # xmm8 - - # low round: same as high round, but no rotation and no rcon. -&set_label("_vpaes_schedule_low_round"); - # smear xmm7 - &movdqa ("xmm1","xmm7"); - &pslldq ("xmm7",4); - &pxor ("xmm7","xmm1"); - &movdqa ("xmm1","xmm7"); - &pslldq ("xmm7",8); - &pxor ("xmm7","xmm1"); - &pxor ("xmm7",&QWP($k_s63,$const)); - - # subbyte - &movdqa ("xmm4",&QWP($k_s0F,$const)); - &movdqa ("xmm5",&QWP($k_inv,$const)); # 4 : 1/j - &movdqa ("xmm1","xmm4"); - &pandn ("xmm1","xmm0"); - &psrld ("xmm1",4); # 1 = i - &pand ("xmm0","xmm4"); # 0 = k - &movdqa ("xmm2",&QWP($k_inv+16,$const));# 2 : a/k - &pshufb ("xmm2","xmm0"); # 2 = a/k - &pxor ("xmm0","xmm1"); # 0 = j - &movdqa ("xmm3","xmm5"); # 3 : 1/i - &pshufb ("xmm3","xmm1"); # 3 = 1/i - &pxor ("xmm3","xmm2"); # 3 = iak = 1/i + a/k - &movdqa ("xmm4","xmm5"); # 4 : 1/j - &pshufb ("xmm4","xmm0"); # 4 = 1/j - &pxor ("xmm4","xmm2"); # 4 = jak = 1/j + a/k - &movdqa ("xmm2","xmm5"); # 2 : 1/iak - &pshufb ("xmm2","xmm3"); # 2 = 1/iak - &pxor ("xmm2","xmm0"); # 2 = io - &movdqa ("xmm3","xmm5"); # 3 : 1/jak - &pshufb ("xmm3","xmm4"); # 3 = 1/jak - &pxor ("xmm3","xmm1"); # 3 = jo - &movdqa ("xmm4",&QWP($k_sb1,$const)); # 4 : sbou - &pshufb ("xmm4","xmm2"); # 4 = sbou - &movdqa ("xmm0",&QWP($k_sb1+16,$const));# 0 : sbot - &pshufb ("xmm0","xmm3"); # 0 = sb1t - &pxor ("xmm0","xmm4"); # 0 = sbox output - - # add in smeared stuff - &pxor ("xmm0","xmm7"); - &movdqa ("xmm7","xmm0"); - &ret (); -&function_end_B("_vpaes_schedule_round"); - -## -## .aes_schedule_transform -## -## Linear-transform %xmm0 according to tables at (%ebx) -## -## Output in %xmm0 -## Clobbers %xmm1, %xmm2 -## -&function_begin_B("_vpaes_schedule_transform"); - &movdqa ("xmm2",&QWP($k_s0F,$const)); - &movdqa ("xmm1","xmm2"); - &pandn ("xmm1","xmm0"); - &psrld ("xmm1",4); - &pand ("xmm0","xmm2"); - &movdqa ("xmm2",&QWP(0,$base)); - &pshufb ("xmm2","xmm0"); - &movdqa ("xmm0",&QWP(16,$base)); - &pshufb ("xmm0","xmm1"); - &pxor ("xmm0","xmm2"); - &ret (); -&function_end_B("_vpaes_schedule_transform"); - -## -## .aes_schedule_mangle -## -## Mangle xmm0 from (basis-transformed) standard version -## to our version. -## -## On encrypt, -## xor with 0x63 -## multiply by circulant 0,1,1,1 -## apply shiftrows transform -## -## On decrypt, -## xor with 0x63 -## multiply by "inverse mixcolumns" circulant E,B,D,9 -## deskew -## apply shiftrows transform -## -## -## Writes out to (%edx), and increments or decrements it -## Keeps track of round number mod 4 in %ecx -## Preserves xmm0 -## Clobbers xmm1-xmm5 -## -&function_begin_B("_vpaes_schedule_mangle"); - &movdqa ("xmm4","xmm0"); # save xmm0 for later - &movdqa ("xmm5",&QWP($k_mc_forward,$const)); - &test ($out,$out); - &jnz (&label("schedule_mangle_dec")); - - # encrypting - &add ($key,16); - &pxor ("xmm4",&QWP($k_s63,$const)); - &pshufb ("xmm4","xmm5"); - &movdqa ("xmm3","xmm4"); - &pshufb ("xmm4","xmm5"); - &pxor ("xmm3","xmm4"); - &pshufb ("xmm4","xmm5"); - &pxor ("xmm3","xmm4"); - - &jmp (&label("schedule_mangle_both")); - -&set_label("schedule_mangle_dec",16); - # inverse mix columns - &movdqa ("xmm2",&QWP($k_s0F,$const)); - &lea ($inp,&DWP($k_dksd,$const)); - &movdqa ("xmm1","xmm2"); - &pandn ("xmm1","xmm4"); - &psrld ("xmm1",4); # 1 = hi - &pand ("xmm4","xmm2"); # 4 = lo - - &movdqa ("xmm2",&QWP(0,$inp)); - &pshufb ("xmm2","xmm4"); - &movdqa ("xmm3",&QWP(0x10,$inp)); - &pshufb ("xmm3","xmm1"); - &pxor ("xmm3","xmm2"); - &pshufb ("xmm3","xmm5"); - - &movdqa ("xmm2",&QWP(0x20,$inp)); - &pshufb ("xmm2","xmm4"); - &pxor ("xmm2","xmm3"); - &movdqa ("xmm3",&QWP(0x30,$inp)); - &pshufb ("xmm3","xmm1"); - &pxor ("xmm3","xmm2"); - &pshufb ("xmm3","xmm5"); - - &movdqa ("xmm2",&QWP(0x40,$inp)); - &pshufb ("xmm2","xmm4"); - &pxor ("xmm2","xmm3"); - &movdqa ("xmm3",&QWP(0x50,$inp)); - &pshufb ("xmm3","xmm1"); - &pxor ("xmm3","xmm2"); - &pshufb ("xmm3","xmm5"); - - &movdqa ("xmm2",&QWP(0x60,$inp)); - &pshufb ("xmm2","xmm4"); - &pxor ("xmm2","xmm3"); - &movdqa ("xmm3",&QWP(0x70,$inp)); - &pshufb ("xmm3","xmm1"); - &pxor ("xmm3","xmm2"); - - &add ($key,-16); - -&set_label("schedule_mangle_both"); - &movdqa ("xmm1",&QWP($k_sr,$const,$magic)); - &pshufb ("xmm3","xmm1"); - &add ($magic,-16); - &and ($magic,0x30); - &movdqu (&QWP(0,$key),"xmm3"); - &ret (); -&function_end_B("_vpaes_schedule_mangle"); - -# -# Interface to OpenSSL -# -&function_begin("${PREFIX}_set_encrypt_key"); - &mov ($inp,&wparam(0)); # inp - &lea ($base,&DWP(-56,"esp")); - &mov ($round,&wparam(1)); # bits - &and ($base,-16); - &mov ($key,&wparam(2)); # key - &xchg ($base,"esp"); # alloca - &mov (&DWP(48,"esp"),$base); - - &mov ($base,$round); - &shr ($base,5); - &add ($base,5); - &mov (&DWP(240,$key),$base); # AES_KEY->rounds = nbits/32+5; - &mov ($magic,0x30); - &mov ($out,0); - - &lea ($const,&DWP(&label("_vpaes_consts")."+0x30-".&label("pic_point"))); - &call ("_vpaes_schedule_core"); -&set_label("pic_point"); - - &mov ("esp",&DWP(48,"esp")); - &xor ("eax","eax"); -&function_end("${PREFIX}_set_encrypt_key"); - -&function_begin("${PREFIX}_set_decrypt_key"); - &mov ($inp,&wparam(0)); # inp - &lea ($base,&DWP(-56,"esp")); - &mov ($round,&wparam(1)); # bits - &and ($base,-16); - &mov ($key,&wparam(2)); # key - &xchg ($base,"esp"); # alloca - &mov (&DWP(48,"esp"),$base); - - &mov ($base,$round); - &shr ($base,5); - &add ($base,5); - &mov (&DWP(240,$key),$base); # AES_KEY->rounds = nbits/32+5; - &shl ($base,4); - &lea ($key,&DWP(16,$key,$base)); - - &mov ($out,1); - &mov ($magic,$round); - &shr ($magic,1); - &and ($magic,32); - &xor ($magic,32); # nbist==192?0:32; - - &lea ($const,&DWP(&label("_vpaes_consts")."+0x30-".&label("pic_point"))); - &call ("_vpaes_schedule_core"); -&set_label("pic_point"); - - &mov ("esp",&DWP(48,"esp")); - &xor ("eax","eax"); -&function_end("${PREFIX}_set_decrypt_key"); - -&function_begin("${PREFIX}_encrypt"); - &lea ($const,&DWP(&label("_vpaes_consts")."+0x30-".&label("pic_point"))); - &call ("_vpaes_preheat"); -&set_label("pic_point"); - &mov ($inp,&wparam(0)); # inp - &lea ($base,&DWP(-56,"esp")); - &mov ($out,&wparam(1)); # out - &and ($base,-16); - &mov ($key,&wparam(2)); # key - &xchg ($base,"esp"); # alloca - &mov (&DWP(48,"esp"),$base); - - &movdqu ("xmm0",&QWP(0,$inp)); - &call ("_vpaes_encrypt_core"); - &movdqu (&QWP(0,$out),"xmm0"); - - &mov ("esp",&DWP(48,"esp")); -&function_end("${PREFIX}_encrypt"); - -&function_begin("${PREFIX}_decrypt"); - &lea ($const,&DWP(&label("_vpaes_consts")."+0x30-".&label("pic_point"))); - &call ("_vpaes_preheat"); -&set_label("pic_point"); - &mov ($inp,&wparam(0)); # inp - &lea ($base,&DWP(-56,"esp")); - &mov ($out,&wparam(1)); # out - &and ($base,-16); - &mov ($key,&wparam(2)); # key - &xchg ($base,"esp"); # alloca - &mov (&DWP(48,"esp"),$base); - - &movdqu ("xmm0",&QWP(0,$inp)); - &call ("_vpaes_decrypt_core"); - &movdqu (&QWP(0,$out),"xmm0"); - - &mov ("esp",&DWP(48,"esp")); -&function_end("${PREFIX}_decrypt"); - -&function_begin("${PREFIX}_cbc_encrypt"); - &mov ($inp,&wparam(0)); # inp - &mov ($out,&wparam(1)); # out - &mov ($round,&wparam(2)); # len - &mov ($key,&wparam(3)); # key - &sub ($round,16); - &jc (&label("cbc_abort")); - &lea ($base,&DWP(-56,"esp")); - &mov ($const,&wparam(4)); # ivp - &and ($base,-16); - &mov ($magic,&wparam(5)); # enc - &xchg ($base,"esp"); # alloca - &movdqu ("xmm1",&QWP(0,$const)); # load IV - &sub ($out,$inp); - &mov (&DWP(48,"esp"),$base); - - &mov (&DWP(0,"esp"),$out); # save out - &mov (&DWP(4,"esp"),$key) # save key - &mov (&DWP(8,"esp"),$const); # save ivp - &mov ($out,$round); # $out works as $len - - &lea ($const,&DWP(&label("_vpaes_consts")."+0x30-".&label("pic_point"))); - &call ("_vpaes_preheat"); -&set_label("pic_point"); - &cmp ($magic,0); - &je (&label("cbc_dec_loop")); - &jmp (&label("cbc_enc_loop")); - -&set_label("cbc_enc_loop",16); - &movdqu ("xmm0",&QWP(0,$inp)); # load input - &pxor ("xmm0","xmm1"); # inp^=iv - &call ("_vpaes_encrypt_core"); - &mov ($base,&DWP(0,"esp")); # restore out - &mov ($key,&DWP(4,"esp")); # restore key - &movdqa ("xmm1","xmm0"); - &movdqu (&QWP(0,$base,$inp),"xmm0"); # write output - &lea ($inp,&DWP(16,$inp)); - &sub ($out,16); - &jnc (&label("cbc_enc_loop")); - &jmp (&label("cbc_done")); - -&set_label("cbc_dec_loop",16); - &movdqu ("xmm0",&QWP(0,$inp)); # load input - &movdqa (&QWP(16,"esp"),"xmm1"); # save IV - &movdqa (&QWP(32,"esp"),"xmm0"); # save future IV - &call ("_vpaes_decrypt_core"); - &mov ($base,&DWP(0,"esp")); # restore out - &mov ($key,&DWP(4,"esp")); # restore key - &pxor ("xmm0",&QWP(16,"esp")); # out^=iv - &movdqa ("xmm1",&QWP(32,"esp")); # load next IV - &movdqu (&QWP(0,$base,$inp),"xmm0"); # write output - &lea ($inp,&DWP(16,$inp)); - &sub ($out,16); - &jnc (&label("cbc_dec_loop")); - -&set_label("cbc_done"); - &mov ($base,&DWP(8,"esp")); # restore ivp - &mov ("esp",&DWP(48,"esp")); - &movdqu (&QWP(0,$base),"xmm1"); # write IV -&set_label("cbc_abort"); -&function_end("${PREFIX}_cbc_encrypt"); - -&asm_finish(); - -close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/aes/asm/vpaes-x86_64.pl b/crypto/aes/asm/vpaes-x86_64.pl deleted file mode 100644 index 845528f41ac2a37d8a2bedad05a0227710643a02..0000000000000000000000000000000000000000 --- a/crypto/aes/asm/vpaes-x86_64.pl +++ /dev/null @@ -1,1248 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2011-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - - -###################################################################### -## Constant-time SSSE3 AES core implementation. -## version 0.1 -## -## By Mike Hamburg (Stanford University), 2009 -## Public domain. -## -## For details see http://shiftleft.org/papers/vector_aes/ and -## http://crypto.stanford.edu/vpaes/. - -###################################################################### -# September 2011. -# -# Interface to OpenSSL as "almost" drop-in replacement for -# aes-x86_64.pl. "Almost" refers to the fact that AES_cbc_encrypt -# doesn't handle partial vectors (doesn't have to if called from -# EVP only). "Drop-in" implies that this module doesn't share key -# schedule structure with the original nor does it make assumption -# about its alignment... -# -# Performance summary. aes-x86_64.pl column lists large-block CBC -# encrypt/decrypt/with-hyper-threading-off(*) results in cycles per -# byte processed with 128-bit key, and vpaes-x86_64.pl column - -# [also large-block CBC] encrypt/decrypt. -# -# aes-x86_64.pl vpaes-x86_64.pl -# -# Core 2(**) 29.6/41.1/14.3 21.9/25.2(***) -# Nehalem 29.6/40.3/14.6 10.0/11.8 -# Atom 57.3/74.2/32.1 60.9/77.2(***) -# Silvermont 52.7/64.0/19.5 48.8/60.8(***) -# Goldmont 38.9/49.0/17.8 10.6/12.6 -# -# (*) "Hyper-threading" in the context refers rather to cache shared -# among multiple cores, than to specifically Intel HTT. As vast -# majority of contemporary cores share cache, slower code path -# is common place. In other words "with-hyper-threading-off" -# results are presented mostly for reference purposes. -# -# (**) "Core 2" refers to initial 65nm design, a.k.a. Conroe. -# -# (***) Less impressive improvement on Core 2 and Atom is due to slow -# pshufb, yet it's respectable +36%/62% improvement on Core 2 -# (as implied, over "hyper-threading-safe" code path). -# -# - -# $output is the last argument if it looks like a file (it has an extension) -# $flavour is the first argument if it doesn't look like a file -$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; -$flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef; - -$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/); - -$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; -( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or -( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or -die "can't locate x86_64-xlate.pl"; - -open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"" - or die "can't call $xlate: $!"; -*STDOUT=*OUT; - -$PREFIX="vpaes"; - -$code.=<<___; -.text - -## -## _aes_encrypt_core -## -## AES-encrypt %xmm0. -## -## Inputs: -## %xmm0 = input -## %xmm9-%xmm15 as in _vpaes_preheat -## (%rdx) = scheduled keys -## -## Output in %xmm0 -## Clobbers %xmm1-%xmm5, %r9, %r10, %r11, %rax -## Preserves %xmm6 - %xmm8 so you get some local vectors -## -## -.type _vpaes_encrypt_core,\@abi-omnipotent -.align 16 -_vpaes_encrypt_core: -.cfi_startproc - mov %rdx, %r9 - mov \$16, %r11 - mov 240(%rdx),%eax - movdqa %xmm9, %xmm1 - movdqa .Lk_ipt(%rip), %xmm2 # iptlo - pandn %xmm0, %xmm1 - movdqu (%r9), %xmm5 # round0 key - psrld \$4, %xmm1 - pand %xmm9, %xmm0 - pshufb %xmm0, %xmm2 - movdqa .Lk_ipt+16(%rip), %xmm0 # ipthi - pshufb %xmm1, %xmm0 - pxor %xmm5, %xmm2 - add \$16, %r9 - pxor %xmm2, %xmm0 - lea .Lk_mc_backward(%rip),%r10 - jmp .Lenc_entry - -.align 16 -.Lenc_loop: - # middle of middle round - movdqa %xmm13, %xmm4 # 4 : sb1u - movdqa %xmm12, %xmm0 # 0 : sb1t - pshufb %xmm2, %xmm4 # 4 = sb1u - pshufb %xmm3, %xmm0 # 0 = sb1t - pxor %xmm5, %xmm4 # 4 = sb1u + k - movdqa %xmm15, %xmm5 # 4 : sb2u - pxor %xmm4, %xmm0 # 0 = A - movdqa -0x40(%r11,%r10), %xmm1 # .Lk_mc_forward[] - pshufb %xmm2, %xmm5 # 4 = sb2u - movdqa (%r11,%r10), %xmm4 # .Lk_mc_backward[] - movdqa %xmm14, %xmm2 # 2 : sb2t - pshufb %xmm3, %xmm2 # 2 = sb2t - movdqa %xmm0, %xmm3 # 3 = A - pxor %xmm5, %xmm2 # 2 = 2A - pshufb %xmm1, %xmm0 # 0 = B - add \$16, %r9 # next key - pxor %xmm2, %xmm0 # 0 = 2A+B - pshufb %xmm4, %xmm3 # 3 = D - add \$16, %r11 # next mc - pxor %xmm0, %xmm3 # 3 = 2A+B+D - pshufb %xmm1, %xmm0 # 0 = 2B+C - and \$0x30, %r11 # ... mod 4 - sub \$1,%rax # nr-- - pxor %xmm3, %xmm0 # 0 = 2A+3B+C+D - -.Lenc_entry: - # top of round - movdqa %xmm9, %xmm1 # 1 : i - movdqa %xmm11, %xmm5 # 2 : a/k - pandn %xmm0, %xmm1 # 1 = i<<4 - psrld \$4, %xmm1 # 1 = i - pand %xmm9, %xmm0 # 0 = k - pshufb %xmm0, %xmm5 # 2 = a/k - movdqa %xmm10, %xmm3 # 3 : 1/i - pxor %xmm1, %xmm0 # 0 = j - pshufb %xmm1, %xmm3 # 3 = 1/i - movdqa %xmm10, %xmm4 # 4 : 1/j - pxor %xmm5, %xmm3 # 3 = iak = 1/i + a/k - pshufb %xmm0, %xmm4 # 4 = 1/j - movdqa %xmm10, %xmm2 # 2 : 1/iak - pxor %xmm5, %xmm4 # 4 = jak = 1/j + a/k - pshufb %xmm3, %xmm2 # 2 = 1/iak - movdqa %xmm10, %xmm3 # 3 : 1/jak - pxor %xmm0, %xmm2 # 2 = io - pshufb %xmm4, %xmm3 # 3 = 1/jak - movdqu (%r9), %xmm5 - pxor %xmm1, %xmm3 # 3 = jo - jnz .Lenc_loop - - # middle of last round - movdqa -0x60(%r10), %xmm4 # 3 : sbou .Lk_sbo - movdqa -0x50(%r10), %xmm0 # 0 : sbot .Lk_sbo+16 - pshufb %xmm2, %xmm4 # 4 = sbou - pxor %xmm5, %xmm4 # 4 = sb1u + k - pshufb %xmm3, %xmm0 # 0 = sb1t - movdqa 0x40(%r11,%r10), %xmm1 # .Lk_sr[] - pxor %xmm4, %xmm0 # 0 = A - pshufb %xmm1, %xmm0 - ret -.cfi_endproc -.size _vpaes_encrypt_core,.-_vpaes_encrypt_core - -## -## Decryption core -## -## Same API as encryption core. -## -.type _vpaes_decrypt_core,\@abi-omnipotent -.align 16 -_vpaes_decrypt_core: -.cfi_startproc - mov %rdx, %r9 # load key - mov 240(%rdx),%eax - movdqa %xmm9, %xmm1 - movdqa .Lk_dipt(%rip), %xmm2 # iptlo - pandn %xmm0, %xmm1 - mov %rax, %r11 - psrld \$4, %xmm1 - movdqu (%r9), %xmm5 # round0 key - shl \$4, %r11 - pand %xmm9, %xmm0 - pshufb %xmm0, %xmm2 - movdqa .Lk_dipt+16(%rip), %xmm0 # ipthi - xor \$0x30, %r11 - lea .Lk_dsbd(%rip),%r10 - pshufb %xmm1, %xmm0 - and \$0x30, %r11 - pxor %xmm5, %xmm2 - movdqa .Lk_mc_forward+48(%rip), %xmm5 - pxor %xmm2, %xmm0 - add \$16, %r9 - add %r10, %r11 - jmp .Ldec_entry - -.align 16 -.Ldec_loop: -## -## Inverse mix columns -## - movdqa -0x20(%r10),%xmm4 # 4 : sb9u - movdqa -0x10(%r10),%xmm1 # 0 : sb9t - pshufb %xmm2, %xmm4 # 4 = sb9u - pshufb %xmm3, %xmm1 # 0 = sb9t - pxor %xmm4, %xmm0 - movdqa 0x00(%r10),%xmm4 # 4 : sbdu - pxor %xmm1, %xmm0 # 0 = ch - movdqa 0x10(%r10),%xmm1 # 0 : sbdt - - pshufb %xmm2, %xmm4 # 4 = sbdu - pshufb %xmm5, %xmm0 # MC ch - pshufb %xmm3, %xmm1 # 0 = sbdt - pxor %xmm4, %xmm0 # 4 = ch - movdqa 0x20(%r10),%xmm4 # 4 : sbbu - pxor %xmm1, %xmm0 # 0 = ch - movdqa 0x30(%r10),%xmm1 # 0 : sbbt - - pshufb %xmm2, %xmm4 # 4 = sbbu - pshufb %xmm5, %xmm0 # MC ch - pshufb %xmm3, %xmm1 # 0 = sbbt - pxor %xmm4, %xmm0 # 4 = ch - movdqa 0x40(%r10),%xmm4 # 4 : sbeu - pxor %xmm1, %xmm0 # 0 = ch - movdqa 0x50(%r10),%xmm1 # 0 : sbet - - pshufb %xmm2, %xmm4 # 4 = sbeu - pshufb %xmm5, %xmm0 # MC ch - pshufb %xmm3, %xmm1 # 0 = sbet - pxor %xmm4, %xmm0 # 4 = ch - add \$16, %r9 # next round key - palignr \$12, %xmm5, %xmm5 - pxor %xmm1, %xmm0 # 0 = ch - sub \$1,%rax # nr-- - -.Ldec_entry: - # top of round - movdqa %xmm9, %xmm1 # 1 : i - pandn %xmm0, %xmm1 # 1 = i<<4 - movdqa %xmm11, %xmm2 # 2 : a/k - psrld \$4, %xmm1 # 1 = i - pand %xmm9, %xmm0 # 0 = k - pshufb %xmm0, %xmm2 # 2 = a/k - movdqa %xmm10, %xmm3 # 3 : 1/i - pxor %xmm1, %xmm0 # 0 = j - pshufb %xmm1, %xmm3 # 3 = 1/i - movdqa %xmm10, %xmm4 # 4 : 1/j - pxor %xmm2, %xmm3 # 3 = iak = 1/i + a/k - pshufb %xmm0, %xmm4 # 4 = 1/j - pxor %xmm2, %xmm4 # 4 = jak = 1/j + a/k - movdqa %xmm10, %xmm2 # 2 : 1/iak - pshufb %xmm3, %xmm2 # 2 = 1/iak - movdqa %xmm10, %xmm3 # 3 : 1/jak - pxor %xmm0, %xmm2 # 2 = io - pshufb %xmm4, %xmm3 # 3 = 1/jak - movdqu (%r9), %xmm0 - pxor %xmm1, %xmm3 # 3 = jo - jnz .Ldec_loop - - # middle of last round - movdqa 0x60(%r10), %xmm4 # 3 : sbou - pshufb %xmm2, %xmm4 # 4 = sbou - pxor %xmm0, %xmm4 # 4 = sb1u + k - movdqa 0x70(%r10), %xmm0 # 0 : sbot - movdqa -0x160(%r11), %xmm2 # .Lk_sr-.Lk_dsbd=-0x160 - pshufb %xmm3, %xmm0 # 0 = sb1t - pxor %xmm4, %xmm0 # 0 = A - pshufb %xmm2, %xmm0 - ret -.cfi_endproc -.size _vpaes_decrypt_core,.-_vpaes_decrypt_core - -######################################################## -## ## -## AES key schedule ## -## ## -######################################################## -.type _vpaes_schedule_core,\@abi-omnipotent -.align 16 -_vpaes_schedule_core: -.cfi_startproc - # rdi = key - # rsi = size in bits - # rdx = buffer - # rcx = direction. 0=encrypt, 1=decrypt - - call _vpaes_preheat # load the tables - movdqa .Lk_rcon(%rip), %xmm8 # load rcon - movdqu (%rdi), %xmm0 # load key (unaligned) - - # input transform - movdqa %xmm0, %xmm3 - lea .Lk_ipt(%rip), %r11 - call _vpaes_schedule_transform - movdqa %xmm0, %xmm7 - - lea .Lk_sr(%rip),%r10 - test %rcx, %rcx - jnz .Lschedule_am_decrypting - - # encrypting, output zeroth round key after transform - movdqu %xmm0, (%rdx) - jmp .Lschedule_go - -.Lschedule_am_decrypting: - # decrypting, output zeroth round key after shiftrows - movdqa (%r8,%r10),%xmm1 - pshufb %xmm1, %xmm3 - movdqu %xmm3, (%rdx) - xor \$0x30, %r8 - -.Lschedule_go: - cmp \$192, %esi - ja .Lschedule_256 - je .Lschedule_192 - # 128: fall though - -## -## .schedule_128 -## -## 128-bit specific part of key schedule. -## -## This schedule is really simple, because all its parts -## are accomplished by the subroutines. -## -.Lschedule_128: - mov \$10, %esi - -.Loop_schedule_128: - call _vpaes_schedule_round - dec %rsi - jz .Lschedule_mangle_last - call _vpaes_schedule_mangle # write output - jmp .Loop_schedule_128 - -## -## .aes_schedule_192 -## -## 192-bit specific part of key schedule. -## -## The main body of this schedule is the same as the 128-bit -## schedule, but with more smearing. The long, high side is -## stored in %xmm7 as before, and the short, low side is in -## the high bits of %xmm6. -## -## This schedule is somewhat nastier, however, because each -## round produces 192 bits of key material, or 1.5 round keys. -## Therefore, on each cycle we do 2 rounds and produce 3 round -## keys. -## -.align 16 -.Lschedule_192: - movdqu 8(%rdi),%xmm0 # load key part 2 (very unaligned) - call _vpaes_schedule_transform # input transform - movdqa %xmm0, %xmm6 # save short part - pxor %xmm4, %xmm4 # clear 4 - movhlps %xmm4, %xmm6 # clobber low side with zeros - mov \$4, %esi - -.Loop_schedule_192: - call _vpaes_schedule_round - palignr \$8,%xmm6,%xmm0 - call _vpaes_schedule_mangle # save key n - call _vpaes_schedule_192_smear - call _vpaes_schedule_mangle # save key n+1 - call _vpaes_schedule_round - dec %rsi - jz .Lschedule_mangle_last - call _vpaes_schedule_mangle # save key n+2 - call _vpaes_schedule_192_smear - jmp .Loop_schedule_192 - -## -## .aes_schedule_256 -## -## 256-bit specific part of key schedule. -## -## The structure here is very similar to the 128-bit -## schedule, but with an additional "low side" in -## %xmm6. The low side's rounds are the same as the -## high side's, except no rcon and no rotation. -## -.align 16 -.Lschedule_256: - movdqu 16(%rdi),%xmm0 # load key part 2 (unaligned) - call _vpaes_schedule_transform # input transform - mov \$7, %esi - -.Loop_schedule_256: - call _vpaes_schedule_mangle # output low result - movdqa %xmm0, %xmm6 # save cur_lo in xmm6 - - # high round - call _vpaes_schedule_round - dec %rsi - jz .Lschedule_mangle_last - call _vpaes_schedule_mangle - - # low round. swap xmm7 and xmm6 - pshufd \$0xFF, %xmm0, %xmm0 - movdqa %xmm7, %xmm5 - movdqa %xmm6, %xmm7 - call _vpaes_schedule_low_round - movdqa %xmm5, %xmm7 - - jmp .Loop_schedule_256 - - -## -## .aes_schedule_mangle_last -## -## Mangler for last round of key schedule -## Mangles %xmm0 -## when encrypting, outputs out(%xmm0) ^ 63 -## when decrypting, outputs unskew(%xmm0) -## -## Always called right before return... jumps to cleanup and exits -## -.align 16 -.Lschedule_mangle_last: - # schedule last round key from xmm0 - lea .Lk_deskew(%rip),%r11 # prepare to deskew - test %rcx, %rcx - jnz .Lschedule_mangle_last_dec - - # encrypting - movdqa (%r8,%r10),%xmm1 - pshufb %xmm1, %xmm0 # output permute - lea .Lk_opt(%rip), %r11 # prepare to output transform - add \$32, %rdx - -.Lschedule_mangle_last_dec: - add \$-16, %rdx - pxor .Lk_s63(%rip), %xmm0 - call _vpaes_schedule_transform # output transform - movdqu %xmm0, (%rdx) # save last key - - # cleanup - pxor %xmm0, %xmm0 - pxor %xmm1, %xmm1 - pxor %xmm2, %xmm2 - pxor %xmm3, %xmm3 - pxor %xmm4, %xmm4 - pxor %xmm5, %xmm5 - pxor %xmm6, %xmm6 - pxor %xmm7, %xmm7 - ret -.cfi_endproc -.size _vpaes_schedule_core,.-_vpaes_schedule_core - -## -## .aes_schedule_192_smear -## -## Smear the short, low side in the 192-bit key schedule. -## -## Inputs: -## %xmm7: high side, b a x y -## %xmm6: low side, d c 0 0 -## %xmm13: 0 -## -## Outputs: -## %xmm6: b+c+d b+c 0 0 -## %xmm0: b+c+d b+c b a -## -.type _vpaes_schedule_192_smear,\@abi-omnipotent -.align 16 -_vpaes_schedule_192_smear: -.cfi_startproc - pshufd \$0x80, %xmm6, %xmm1 # d c 0 0 -> c 0 0 0 - pshufd \$0xFE, %xmm7, %xmm0 # b a _ _ -> b b b a - pxor %xmm1, %xmm6 # -> c+d c 0 0 - pxor %xmm1, %xmm1 - pxor %xmm0, %xmm6 # -> b+c+d b+c b a - movdqa %xmm6, %xmm0 - movhlps %xmm1, %xmm6 # clobber low side with zeros - ret -.cfi_endproc -.size _vpaes_schedule_192_smear,.-_vpaes_schedule_192_smear - -## -## .aes_schedule_round -## -## Runs one main round of the key schedule on %xmm0, %xmm7 -## -## Specifically, runs subbytes on the high dword of %xmm0 -## then rotates it by one byte and xors into the low dword of -## %xmm7. -## -## Adds rcon from low byte of %xmm8, then rotates %xmm8 for -## next rcon. -## -## Smears the dwords of %xmm7 by xoring the low into the -## second low, result into third, result into highest. -## -## Returns results in %xmm7 = %xmm0. -## Clobbers %xmm1-%xmm4, %r11. -## -.type _vpaes_schedule_round,\@abi-omnipotent -.align 16 -_vpaes_schedule_round: -.cfi_startproc - # extract rcon from xmm8 - pxor %xmm1, %xmm1 - palignr \$15, %xmm8, %xmm1 - palignr \$15, %xmm8, %xmm8 - pxor %xmm1, %xmm7 - - # rotate - pshufd \$0xFF, %xmm0, %xmm0 - palignr \$1, %xmm0, %xmm0 - - # fall through... - - # low round: same as high round, but no rotation and no rcon. -_vpaes_schedule_low_round: - # smear xmm7 - movdqa %xmm7, %xmm1 - pslldq \$4, %xmm7 - pxor %xmm1, %xmm7 - movdqa %xmm7, %xmm1 - pslldq \$8, %xmm7 - pxor %xmm1, %xmm7 - pxor .Lk_s63(%rip), %xmm7 - - # subbytes - movdqa %xmm9, %xmm1 - pandn %xmm0, %xmm1 - psrld \$4, %xmm1 # 1 = i - pand %xmm9, %xmm0 # 0 = k - movdqa %xmm11, %xmm2 # 2 : a/k - pshufb %xmm0, %xmm2 # 2 = a/k - pxor %xmm1, %xmm0 # 0 = j - movdqa %xmm10, %xmm3 # 3 : 1/i - pshufb %xmm1, %xmm3 # 3 = 1/i - pxor %xmm2, %xmm3 # 3 = iak = 1/i + a/k - movdqa %xmm10, %xmm4 # 4 : 1/j - pshufb %xmm0, %xmm4 # 4 = 1/j - pxor %xmm2, %xmm4 # 4 = jak = 1/j + a/k - movdqa %xmm10, %xmm2 # 2 : 1/iak - pshufb %xmm3, %xmm2 # 2 = 1/iak - pxor %xmm0, %xmm2 # 2 = io - movdqa %xmm10, %xmm3 # 3 : 1/jak - pshufb %xmm4, %xmm3 # 3 = 1/jak - pxor %xmm1, %xmm3 # 3 = jo - movdqa %xmm13, %xmm4 # 4 : sbou - pshufb %xmm2, %xmm4 # 4 = sbou - movdqa %xmm12, %xmm0 # 0 : sbot - pshufb %xmm3, %xmm0 # 0 = sb1t - pxor %xmm4, %xmm0 # 0 = sbox output - - # add in smeared stuff - pxor %xmm7, %xmm0 - movdqa %xmm0, %xmm7 - ret -.cfi_endproc -.size _vpaes_schedule_round,.-_vpaes_schedule_round - -## -## .aes_schedule_transform -## -## Linear-transform %xmm0 according to tables at (%r11) -## -## Requires that %xmm9 = 0x0F0F... as in preheat -## Output in %xmm0 -## Clobbers %xmm1, %xmm2 -## -.type _vpaes_schedule_transform,\@abi-omnipotent -.align 16 -_vpaes_schedule_transform: -.cfi_startproc - movdqa %xmm9, %xmm1 - pandn %xmm0, %xmm1 - psrld \$4, %xmm1 - pand %xmm9, %xmm0 - movdqa (%r11), %xmm2 # lo - pshufb %xmm0, %xmm2 - movdqa 16(%r11), %xmm0 # hi - pshufb %xmm1, %xmm0 - pxor %xmm2, %xmm0 - ret -.cfi_endproc -.size _vpaes_schedule_transform,.-_vpaes_schedule_transform - -## -## .aes_schedule_mangle -## -## Mangle xmm0 from (basis-transformed) standard version -## to our version. -## -## On encrypt, -## xor with 0x63 -## multiply by circulant 0,1,1,1 -## apply shiftrows transform -## -## On decrypt, -## xor with 0x63 -## multiply by "inverse mixcolumns" circulant E,B,D,9 -## deskew -## apply shiftrows transform -## -## -## Writes out to (%rdx), and increments or decrements it -## Keeps track of round number mod 4 in %r8 -## Preserves xmm0 -## Clobbers xmm1-xmm5 -## -.type _vpaes_schedule_mangle,\@abi-omnipotent -.align 16 -_vpaes_schedule_mangle: -.cfi_startproc - movdqa %xmm0, %xmm4 # save xmm0 for later - movdqa .Lk_mc_forward(%rip),%xmm5 - test %rcx, %rcx - jnz .Lschedule_mangle_dec - - # encrypting - add \$16, %rdx - pxor .Lk_s63(%rip),%xmm4 - pshufb %xmm5, %xmm4 - movdqa %xmm4, %xmm3 - pshufb %xmm5, %xmm4 - pxor %xmm4, %xmm3 - pshufb %xmm5, %xmm4 - pxor %xmm4, %xmm3 - - jmp .Lschedule_mangle_both -.align 16 -.Lschedule_mangle_dec: - # inverse mix columns - lea .Lk_dksd(%rip),%r11 - movdqa %xmm9, %xmm1 - pandn %xmm4, %xmm1 - psrld \$4, %xmm1 # 1 = hi - pand %xmm9, %xmm4 # 4 = lo - - movdqa 0x00(%r11), %xmm2 - pshufb %xmm4, %xmm2 - movdqa 0x10(%r11), %xmm3 - pshufb %xmm1, %xmm3 - pxor %xmm2, %xmm3 - pshufb %xmm5, %xmm3 - - movdqa 0x20(%r11), %xmm2 - pshufb %xmm4, %xmm2 - pxor %xmm3, %xmm2 - movdqa 0x30(%r11), %xmm3 - pshufb %xmm1, %xmm3 - pxor %xmm2, %xmm3 - pshufb %xmm5, %xmm3 - - movdqa 0x40(%r11), %xmm2 - pshufb %xmm4, %xmm2 - pxor %xmm3, %xmm2 - movdqa 0x50(%r11), %xmm3 - pshufb %xmm1, %xmm3 - pxor %xmm2, %xmm3 - pshufb %xmm5, %xmm3 - - movdqa 0x60(%r11), %xmm2 - pshufb %xmm4, %xmm2 - pxor %xmm3, %xmm2 - movdqa 0x70(%r11), %xmm3 - pshufb %xmm1, %xmm3 - pxor %xmm2, %xmm3 - - add \$-16, %rdx - -.Lschedule_mangle_both: - movdqa (%r8,%r10),%xmm1 - pshufb %xmm1,%xmm3 - add \$-16, %r8 - and \$0x30, %r8 - movdqu %xmm3, (%rdx) - ret -.cfi_endproc -.size _vpaes_schedule_mangle,.-_vpaes_schedule_mangle - -# -# Interface to OpenSSL -# -.globl ${PREFIX}_set_encrypt_key -.type ${PREFIX}_set_encrypt_key,\@function,3 -.align 16 -${PREFIX}_set_encrypt_key: -.cfi_startproc - endbranch -___ -$code.=<<___ if ($win64); - lea -0xb8(%rsp),%rsp - movaps %xmm6,0x10(%rsp) - movaps %xmm7,0x20(%rsp) - movaps %xmm8,0x30(%rsp) - movaps %xmm9,0x40(%rsp) - movaps %xmm10,0x50(%rsp) - movaps %xmm11,0x60(%rsp) - movaps %xmm12,0x70(%rsp) - movaps %xmm13,0x80(%rsp) - movaps %xmm14,0x90(%rsp) - movaps %xmm15,0xa0(%rsp) -.Lenc_key_body: -___ -$code.=<<___; - mov %esi,%eax - shr \$5,%eax - add \$5,%eax - mov %eax,240(%rdx) # AES_KEY->rounds = nbits/32+5; - - mov \$0,%ecx - mov \$0x30,%r8d - call _vpaes_schedule_core -___ -$code.=<<___ if ($win64); - movaps 0x10(%rsp),%xmm6 - movaps 0x20(%rsp),%xmm7 - movaps 0x30(%rsp),%xmm8 - movaps 0x40(%rsp),%xmm9 - movaps 0x50(%rsp),%xmm10 - movaps 0x60(%rsp),%xmm11 - movaps 0x70(%rsp),%xmm12 - movaps 0x80(%rsp),%xmm13 - movaps 0x90(%rsp),%xmm14 - movaps 0xa0(%rsp),%xmm15 - lea 0xb8(%rsp),%rsp -.Lenc_key_epilogue: -___ -$code.=<<___; - xor %eax,%eax - ret -.cfi_endproc -.size ${PREFIX}_set_encrypt_key,.-${PREFIX}_set_encrypt_key - -.globl ${PREFIX}_set_decrypt_key -.type ${PREFIX}_set_decrypt_key,\@function,3 -.align 16 -${PREFIX}_set_decrypt_key: -.cfi_startproc - endbranch -___ -$code.=<<___ if ($win64); - lea -0xb8(%rsp),%rsp - movaps %xmm6,0x10(%rsp) - movaps %xmm7,0x20(%rsp) - movaps %xmm8,0x30(%rsp) - movaps %xmm9,0x40(%rsp) - movaps %xmm10,0x50(%rsp) - movaps %xmm11,0x60(%rsp) - movaps %xmm12,0x70(%rsp) - movaps %xmm13,0x80(%rsp) - movaps %xmm14,0x90(%rsp) - movaps %xmm15,0xa0(%rsp) -.Ldec_key_body: -___ -$code.=<<___; - mov %esi,%eax - shr \$5,%eax - add \$5,%eax - mov %eax,240(%rdx) # AES_KEY->rounds = nbits/32+5; - shl \$4,%eax - lea 16(%rdx,%rax),%rdx - - mov \$1,%ecx - mov %esi,%r8d - shr \$1,%r8d - and \$32,%r8d - xor \$32,%r8d # nbits==192?0:32 - call _vpaes_schedule_core -___ -$code.=<<___ if ($win64); - movaps 0x10(%rsp),%xmm6 - movaps 0x20(%rsp),%xmm7 - movaps 0x30(%rsp),%xmm8 - movaps 0x40(%rsp),%xmm9 - movaps 0x50(%rsp),%xmm10 - movaps 0x60(%rsp),%xmm11 - movaps 0x70(%rsp),%xmm12 - movaps 0x80(%rsp),%xmm13 - movaps 0x90(%rsp),%xmm14 - movaps 0xa0(%rsp),%xmm15 - lea 0xb8(%rsp),%rsp -.Ldec_key_epilogue: -___ -$code.=<<___; - xor %eax,%eax - ret -.cfi_endproc -.size ${PREFIX}_set_decrypt_key,.-${PREFIX}_set_decrypt_key - -.globl ${PREFIX}_encrypt -.type ${PREFIX}_encrypt,\@function,3 -.align 16 -${PREFIX}_encrypt: -.cfi_startproc - endbranch -___ -$code.=<<___ if ($win64); - lea -0xb8(%rsp),%rsp - movaps %xmm6,0x10(%rsp) - movaps %xmm7,0x20(%rsp) - movaps %xmm8,0x30(%rsp) - movaps %xmm9,0x40(%rsp) - movaps %xmm10,0x50(%rsp) - movaps %xmm11,0x60(%rsp) - movaps %xmm12,0x70(%rsp) - movaps %xmm13,0x80(%rsp) - movaps %xmm14,0x90(%rsp) - movaps %xmm15,0xa0(%rsp) -.Lenc_body: -___ -$code.=<<___; - movdqu (%rdi),%xmm0 - call _vpaes_preheat - call _vpaes_encrypt_core - movdqu %xmm0,(%rsi) -___ -$code.=<<___ if ($win64); - movaps 0x10(%rsp),%xmm6 - movaps 0x20(%rsp),%xmm7 - movaps 0x30(%rsp),%xmm8 - movaps 0x40(%rsp),%xmm9 - movaps 0x50(%rsp),%xmm10 - movaps 0x60(%rsp),%xmm11 - movaps 0x70(%rsp),%xmm12 - movaps 0x80(%rsp),%xmm13 - movaps 0x90(%rsp),%xmm14 - movaps 0xa0(%rsp),%xmm15 - lea 0xb8(%rsp),%rsp -.Lenc_epilogue: -___ -$code.=<<___; - ret -.cfi_endproc -.size ${PREFIX}_encrypt,.-${PREFIX}_encrypt - -.globl ${PREFIX}_decrypt -.type ${PREFIX}_decrypt,\@function,3 -.align 16 -${PREFIX}_decrypt: -.cfi_startproc - endbranch -___ -$code.=<<___ if ($win64); - lea -0xb8(%rsp),%rsp - movaps %xmm6,0x10(%rsp) - movaps %xmm7,0x20(%rsp) - movaps %xmm8,0x30(%rsp) - movaps %xmm9,0x40(%rsp) - movaps %xmm10,0x50(%rsp) - movaps %xmm11,0x60(%rsp) - movaps %xmm12,0x70(%rsp) - movaps %xmm13,0x80(%rsp) - movaps %xmm14,0x90(%rsp) - movaps %xmm15,0xa0(%rsp) -.Ldec_body: -___ -$code.=<<___; - movdqu (%rdi),%xmm0 - call _vpaes_preheat - call _vpaes_decrypt_core - movdqu %xmm0,(%rsi) -___ -$code.=<<___ if ($win64); - movaps 0x10(%rsp),%xmm6 - movaps 0x20(%rsp),%xmm7 - movaps 0x30(%rsp),%xmm8 - movaps 0x40(%rsp),%xmm9 - movaps 0x50(%rsp),%xmm10 - movaps 0x60(%rsp),%xmm11 - movaps 0x70(%rsp),%xmm12 - movaps 0x80(%rsp),%xmm13 - movaps 0x90(%rsp),%xmm14 - movaps 0xa0(%rsp),%xmm15 - lea 0xb8(%rsp),%rsp -.Ldec_epilogue: -___ -$code.=<<___; - ret -.cfi_endproc -.size ${PREFIX}_decrypt,.-${PREFIX}_decrypt -___ -{ -my ($inp,$out,$len,$key,$ivp,$enc)=("%rdi","%rsi","%rdx","%rcx","%r8","%r9"); -# void AES_cbc_encrypt (const void char *inp, unsigned char *out, -# size_t length, const AES_KEY *key, -# unsigned char *ivp,const int enc); -$code.=<<___; -.globl ${PREFIX}_cbc_encrypt -.type ${PREFIX}_cbc_encrypt,\@function,6 -.align 16 -${PREFIX}_cbc_encrypt: -.cfi_startproc - endbranch - xchg $key,$len -___ -($len,$key)=($key,$len); -$code.=<<___; - sub \$16,$len - jc .Lcbc_abort -___ -$code.=<<___ if ($win64); - lea -0xb8(%rsp),%rsp - movaps %xmm6,0x10(%rsp) - movaps %xmm7,0x20(%rsp) - movaps %xmm8,0x30(%rsp) - movaps %xmm9,0x40(%rsp) - movaps %xmm10,0x50(%rsp) - movaps %xmm11,0x60(%rsp) - movaps %xmm12,0x70(%rsp) - movaps %xmm13,0x80(%rsp) - movaps %xmm14,0x90(%rsp) - movaps %xmm15,0xa0(%rsp) -.Lcbc_body: -___ -$code.=<<___; - movdqu ($ivp),%xmm6 # load IV - sub $inp,$out - call _vpaes_preheat - cmp \$0,${enc}d - je .Lcbc_dec_loop - jmp .Lcbc_enc_loop -.align 16 -.Lcbc_enc_loop: - movdqu ($inp),%xmm0 - pxor %xmm6,%xmm0 - call _vpaes_encrypt_core - movdqa %xmm0,%xmm6 - movdqu %xmm0,($out,$inp) - lea 16($inp),$inp - sub \$16,$len - jnc .Lcbc_enc_loop - jmp .Lcbc_done -.align 16 -.Lcbc_dec_loop: - movdqu ($inp),%xmm0 - movdqa %xmm0,%xmm7 - call _vpaes_decrypt_core - pxor %xmm6,%xmm0 - movdqa %xmm7,%xmm6 - movdqu %xmm0,($out,$inp) - lea 16($inp),$inp - sub \$16,$len - jnc .Lcbc_dec_loop -.Lcbc_done: - movdqu %xmm6,($ivp) # save IV -___ -$code.=<<___ if ($win64); - movaps 0x10(%rsp),%xmm6 - movaps 0x20(%rsp),%xmm7 - movaps 0x30(%rsp),%xmm8 - movaps 0x40(%rsp),%xmm9 - movaps 0x50(%rsp),%xmm10 - movaps 0x60(%rsp),%xmm11 - movaps 0x70(%rsp),%xmm12 - movaps 0x80(%rsp),%xmm13 - movaps 0x90(%rsp),%xmm14 - movaps 0xa0(%rsp),%xmm15 - lea 0xb8(%rsp),%rsp -.Lcbc_epilogue: -___ -$code.=<<___; -.Lcbc_abort: - ret -.cfi_endproc -.size ${PREFIX}_cbc_encrypt,.-${PREFIX}_cbc_encrypt -___ -} -$code.=<<___; -## -## _aes_preheat -## -## Fills register %r10 -> .aes_consts (so you can -fPIC) -## and %xmm9-%xmm15 as specified below. -## -.type _vpaes_preheat,\@abi-omnipotent -.align 16 -_vpaes_preheat: -.cfi_startproc - lea .Lk_s0F(%rip), %r10 - movdqa -0x20(%r10), %xmm10 # .Lk_inv - movdqa -0x10(%r10), %xmm11 # .Lk_inv+16 - movdqa 0x00(%r10), %xmm9 # .Lk_s0F - movdqa 0x30(%r10), %xmm13 # .Lk_sb1 - movdqa 0x40(%r10), %xmm12 # .Lk_sb1+16 - movdqa 0x50(%r10), %xmm15 # .Lk_sb2 - movdqa 0x60(%r10), %xmm14 # .Lk_sb2+16 - ret -.cfi_endproc -.size _vpaes_preheat,.-_vpaes_preheat -######################################################## -## ## -## Constants ## -## ## -######################################################## -.type _vpaes_consts,\@object -.align 64 -_vpaes_consts: -.Lk_inv: # inv, inva - .quad 0x0E05060F0D080180, 0x040703090A0B0C02 - .quad 0x01040A060F0B0780, 0x030D0E0C02050809 - -.Lk_s0F: # s0F - .quad 0x0F0F0F0F0F0F0F0F, 0x0F0F0F0F0F0F0F0F - -.Lk_ipt: # input transform (lo, hi) - .quad 0xC2B2E8985A2A7000, 0xCABAE09052227808 - .quad 0x4C01307D317C4D00, 0xCD80B1FCB0FDCC81 - -.Lk_sb1: # sb1u, sb1t - .quad 0xB19BE18FCB503E00, 0xA5DF7A6E142AF544 - .quad 0x3618D415FAE22300, 0x3BF7CCC10D2ED9EF -.Lk_sb2: # sb2u, sb2t - .quad 0xE27A93C60B712400, 0x5EB7E955BC982FCD - .quad 0x69EB88400AE12900, 0xC2A163C8AB82234A -.Lk_sbo: # sbou, sbot - .quad 0xD0D26D176FBDC700, 0x15AABF7AC502A878 - .quad 0xCFE474A55FBB6A00, 0x8E1E90D1412B35FA - -.Lk_mc_forward: # mc_forward - .quad 0x0407060500030201, 0x0C0F0E0D080B0A09 - .quad 0x080B0A0904070605, 0x000302010C0F0E0D - .quad 0x0C0F0E0D080B0A09, 0x0407060500030201 - .quad 0x000302010C0F0E0D, 0x080B0A0904070605 - -.Lk_mc_backward:# mc_backward - .quad 0x0605040702010003, 0x0E0D0C0F0A09080B - .quad 0x020100030E0D0C0F, 0x0A09080B06050407 - .quad 0x0E0D0C0F0A09080B, 0x0605040702010003 - .quad 0x0A09080B06050407, 0x020100030E0D0C0F - -.Lk_sr: # sr - .quad 0x0706050403020100, 0x0F0E0D0C0B0A0908 - .quad 0x030E09040F0A0500, 0x0B06010C07020D08 - .quad 0x0F060D040B020900, 0x070E050C030A0108 - .quad 0x0B0E0104070A0D00, 0x0306090C0F020508 - -.Lk_rcon: # rcon - .quad 0x1F8391B9AF9DEEB6, 0x702A98084D7C7D81 - -.Lk_s63: # s63: all equal to 0x63 transformed - .quad 0x5B5B5B5B5B5B5B5B, 0x5B5B5B5B5B5B5B5B - -.Lk_opt: # output transform - .quad 0xFF9F4929D6B66000, 0xF7974121DEBE6808 - .quad 0x01EDBD5150BCEC00, 0xE10D5DB1B05C0CE0 - -.Lk_deskew: # deskew tables: inverts the sbox's "skew" - .quad 0x07E4A34047A4E300, 0x1DFEB95A5DBEF91A - .quad 0x5F36B5DC83EA6900, 0x2841C2ABF49D1E77 - -## -## Decryption stuff -## Key schedule constants -## -.Lk_dksd: # decryption key schedule: invskew x*D - .quad 0xFEB91A5DA3E44700, 0x0740E3A45A1DBEF9 - .quad 0x41C277F4B5368300, 0x5FDC69EAAB289D1E -.Lk_dksb: # decryption key schedule: invskew x*B - .quad 0x9A4FCA1F8550D500, 0x03D653861CC94C99 - .quad 0x115BEDA7B6FC4A00, 0xD993256F7E3482C8 -.Lk_dkse: # decryption key schedule: invskew x*E + 0x63 - .quad 0xD5031CCA1FC9D600, 0x53859A4C994F5086 - .quad 0xA23196054FDC7BE8, 0xCD5EF96A20B31487 -.Lk_dks9: # decryption key schedule: invskew x*9 - .quad 0xB6116FC87ED9A700, 0x4AED933482255BFC - .quad 0x4576516227143300, 0x8BB89FACE9DAFDCE - -## -## Decryption stuff -## Round function constants -## -.Lk_dipt: # decryption input transform - .quad 0x0F505B040B545F00, 0x154A411E114E451A - .quad 0x86E383E660056500, 0x12771772F491F194 - -.Lk_dsb9: # decryption sbox output *9*u, *9*t - .quad 0x851C03539A86D600, 0xCAD51F504F994CC9 - .quad 0xC03B1789ECD74900, 0x725E2C9EB2FBA565 -.Lk_dsbd: # decryption sbox output *D*u, *D*t - .quad 0x7D57CCDFE6B1A200, 0xF56E9B13882A4439 - .quad 0x3CE2FAF724C6CB00, 0x2931180D15DEEFD3 -.Lk_dsbb: # decryption sbox output *B*u, *B*t - .quad 0xD022649296B44200, 0x602646F6B0F2D404 - .quad 0xC19498A6CD596700, 0xF3FF0C3E3255AA6B -.Lk_dsbe: # decryption sbox output *E*u, *E*t - .quad 0x46F2929626D4D000, 0x2242600464B4F6B0 - .quad 0x0C55A6CDFFAAC100, 0x9467F36B98593E32 -.Lk_dsbo: # decryption sbox final output - .quad 0x1387EA537EF94000, 0xC7AA6DB9D4943E2D - .quad 0x12D7560F93441D00, 0xCA4B8159D8C58E9C -.asciz "Vector Permutation AES for x86_64/SSSE3, Mike Hamburg (Stanford University)" -.align 64 -.size _vpaes_consts,.-_vpaes_consts -___ - -if ($win64) { -# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame, -# CONTEXT *context,DISPATCHER_CONTEXT *disp) -$rec="%rcx"; -$frame="%rdx"; -$context="%r8"; -$disp="%r9"; - -$code.=<<___; -.extern __imp_RtlVirtualUnwind -.type se_handler,\@abi-omnipotent -.align 16 -se_handler: - push %rsi - push %rdi - push %rbx - push %rbp - push %r12 - push %r13 - push %r14 - push %r15 - pushfq - sub \$64,%rsp - - mov 120($context),%rax # pull context->Rax - mov 248($context),%rbx # pull context->Rip - - mov 8($disp),%rsi # disp->ImageBase - mov 56($disp),%r11 # disp->HandlerData - - mov 0(%r11),%r10d # HandlerData[0] - lea (%rsi,%r10),%r10 # prologue label - cmp %r10,%rbx # context->RipRsp - - mov 4(%r11),%r10d # HandlerData[1] - lea (%rsi,%r10),%r10 # epilogue label - cmp %r10,%rbx # context->Rip>=epilogue label - jae .Lin_prologue - - lea 16(%rax),%rsi # %xmm save area - lea 512($context),%rdi # &context.Xmm6 - mov \$20,%ecx # 10*sizeof(%xmm0)/sizeof(%rax) - .long 0xa548f3fc # cld; rep movsq - lea 0xb8(%rax),%rax # adjust stack pointer - -.Lin_prologue: - mov 8(%rax),%rdi - mov 16(%rax),%rsi - mov %rax,152($context) # restore context->Rsp - mov %rsi,168($context) # restore context->Rsi - mov %rdi,176($context) # restore context->Rdi - - mov 40($disp),%rdi # disp->ContextRecord - mov $context,%rsi # context - mov \$`1232/8`,%ecx # sizeof(CONTEXT) - .long 0xa548f3fc # cld; rep movsq - - mov $disp,%rsi - xor %rcx,%rcx # arg1, UNW_FLAG_NHANDLER - mov 8(%rsi),%rdx # arg2, disp->ImageBase - mov 0(%rsi),%r8 # arg3, disp->ControlPc - mov 16(%rsi),%r9 # arg4, disp->FunctionEntry - mov 40(%rsi),%r10 # disp->ContextRecord - lea 56(%rsi),%r11 # &disp->HandlerData - lea 24(%rsi),%r12 # &disp->EstablisherFrame - mov %r10,32(%rsp) # arg5 - mov %r11,40(%rsp) # arg6 - mov %r12,48(%rsp) # arg7 - mov %rcx,56(%rsp) # arg8, (NULL) - call *__imp_RtlVirtualUnwind(%rip) - - mov \$1,%eax # ExceptionContinueSearch - add \$64,%rsp - popfq - pop %r15 - pop %r14 - pop %r13 - pop %r12 - pop %rbp - pop %rbx - pop %rdi - pop %rsi - ret -.size se_handler,.-se_handler - -.section .pdata -.align 4 - .rva .LSEH_begin_${PREFIX}_set_encrypt_key - .rva .LSEH_end_${PREFIX}_set_encrypt_key - .rva .LSEH_info_${PREFIX}_set_encrypt_key - - .rva .LSEH_begin_${PREFIX}_set_decrypt_key - .rva .LSEH_end_${PREFIX}_set_decrypt_key - .rva .LSEH_info_${PREFIX}_set_decrypt_key - - .rva .LSEH_begin_${PREFIX}_encrypt - .rva .LSEH_end_${PREFIX}_encrypt - .rva .LSEH_info_${PREFIX}_encrypt - - .rva .LSEH_begin_${PREFIX}_decrypt - .rva .LSEH_end_${PREFIX}_decrypt - .rva .LSEH_info_${PREFIX}_decrypt - - .rva .LSEH_begin_${PREFIX}_cbc_encrypt - .rva .LSEH_end_${PREFIX}_cbc_encrypt - .rva .LSEH_info_${PREFIX}_cbc_encrypt - -.section .xdata -.align 8 -.LSEH_info_${PREFIX}_set_encrypt_key: - .byte 9,0,0,0 - .rva se_handler - .rva .Lenc_key_body,.Lenc_key_epilogue # HandlerData[] -.LSEH_info_${PREFIX}_set_decrypt_key: - .byte 9,0,0,0 - .rva se_handler - .rva .Ldec_key_body,.Ldec_key_epilogue # HandlerData[] -.LSEH_info_${PREFIX}_encrypt: - .byte 9,0,0,0 - .rva se_handler - .rva .Lenc_body,.Lenc_epilogue # HandlerData[] -.LSEH_info_${PREFIX}_decrypt: - .byte 9,0,0,0 - .rva se_handler - .rva .Ldec_body,.Ldec_epilogue # HandlerData[] -.LSEH_info_${PREFIX}_cbc_encrypt: - .byte 9,0,0,0 - .rva se_handler - .rva .Lcbc_body,.Lcbc_epilogue # HandlerData[] -___ -} - -$code =~ s/\`([^\`]*)\`/eval($1)/gem; - -print $code; - -close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/aes/build.info b/crypto/aes/build.info deleted file mode 100644 index b250903fa6e26c29052d4eac40f8f1074d115a51..0000000000000000000000000000000000000000 --- a/crypto/aes/build.info +++ /dev/null @@ -1,128 +0,0 @@ -LIBS=../../libcrypto - -$AESASM=aes_core.c aes_cbc.c -IF[{- !$disabled{asm} -}] - $AESASM_x86=aes-586.S - $AESDEF_x86=AES_ASM - $AESASM_x86_sse2=vpaes-x86.S aesni-x86.S - $AESDEF_x86_sse2=VPAES_ASM OPENSSL_IA32_SSE2 - - $AESASM_x86_64=\ - aes-x86_64.s vpaes-x86_64.s bsaes-x86_64.s aesni-x86_64.s \ - aesni-sha1-x86_64.s aesni-sha256-x86_64.s aesni-mb-x86_64.s - $AESDEF_x86_64=AES_ASM VPAES_ASM BSAES_ASM - - $AESASM_ia64=aes_core.c aes_cbc.c aes-ia64.s - $AESDEF_ia64=AES_ASM - - $AESASM_sparcv9=\ - aes_core.c aes_cbc.c aes-sparcv9.S aest4-sparcv9.S aesfx-sparcv9.S - $AESDEF_sparcv9=AES_ASM - - $AESASM_mips32=aes_cbc.c aes-mips.S - $AESDEF_mips32=AES_ASM - $AESASM_mips64=$AESASM_mips32 - $AESDEF_mips64=$AESDEF_mips32 - - $AESASM_s390x=aes-s390x.S - # aes-390x.S implements AES_ctr32_encrypt and AES_xts_[en|de]crypt - $AESDEF_s390x=AES_ASM AES_CTR_ASM AES_XTS_ASM - - $AESASM_armv4=aes_cbc.c aes-armv4.S bsaes-armv7.S aesv8-armx.S - $AESDEF_armv4=AES_ASM BSAES_ASM - $AESASM_aarch64=aes_core.c aes_cbc.c aesv8-armx.S vpaes-armv8.S - $AESDEF_aarch64=VPAES_ASM - - $AESASM_parisc11=aes_core.c aes_cbc.c aes-parisc.s - $AESDEF_parisc11=AES_ASM - $AESASM_parisc20_64=$AESASM_parisc11 - $AESDEF_parisc20_64=$AESDEF_parisc11 - - $AESASM_ppc32=aes_core.c aes_cbc.c aes-ppc.s vpaes-ppc.s aesp8-ppc.s - $AESDEF_ppc32=AES_ASM VPAES_ASM - $AESASM_ppc64=$AESASM_ppc32 - $AESDEF_ppc64=$AESDEF_ppc32 - - $AESASM_c64xplus=aes-c64xplus.s aes_cbc.c - # aes-c64xplus.s implements AES_ctr32_encrypt - $AESDEF_c64xplus=AES_ASM AES_CTR_ASM - - # Now that we have defined all the arch specific variables, use the - # appropriate one, and define the appropriate macros - IF[$AESASM_{- $target{asm_arch} -}] - $AESASM=$AESASM_{- $target{asm_arch} -} - $AESDEF=$AESDEF_{- $target{asm_arch} -} - IF[{- !$disabled{sse2} -}] - $AESASM=$AESASM $AESASM_{- $target{asm_arch} -}_sse2 - $AESDEF=$AESDEF $AESDEF_{- $target{asm_arch} -}_sse2 - ENDIF - ENDIF -ENDIF - -$COMMON=aes_misc.c aes_ecb.c $AESASM -SOURCE[../../libcrypto]=$COMMON aes_cfb.c aes_ofb.c aes_wrap.c -IF[{- !$disabled{'deprecated-3.0'} -}] - SOURCE[../../libcrypto]=aes_ige.c -ENDIF -SOURCE[../../providers/libfips.a]=$COMMON - -# Implementations are now spread across several libraries, so the defines -# need to be applied to all affected libraries and modules. -DEFINE[../../libcrypto]=$AESDEF -DEFINE[../../providers/libfips.a]=$AESDEF -DEFINE[../../providers/libdefault.a]=$AESDEF -# We only need to include the AESDEF stuff in the legacy provider when it's a -# separate module and it's dynamically linked with libcrypto. Otherwise, it -# already gets everything that the static libcrypto.a has, and doesn't need it -# added again. -IF[{- !$disabled{module} && !$disabled{shared} -}] - DEFINE[../providers/liblegacy.a]=$AESDEF -ENDIF - -GENERATE[aes-ia64.s]=asm/aes-ia64.S - -GENERATE[aes-586.S]=asm/aes-586.pl -DEPEND[aes-586.S]=../perlasm/x86asm.pl -GENERATE[vpaes-x86.S]=asm/vpaes-x86.pl -DEPEND[vpaes-586.S]=../perlasm/x86asm.pl -GENERATE[aesni-x86.S]=asm/aesni-x86.pl -DEPEND[aesni-586.S]=../perlasm/x86asm.pl - -GENERATE[aes-x86_64.s]=asm/aes-x86_64.pl -GENERATE[vpaes-x86_64.s]=asm/vpaes-x86_64.pl -GENERATE[bsaes-x86_64.s]=asm/bsaes-x86_64.pl -GENERATE[aesni-x86_64.s]=asm/aesni-x86_64.pl -GENERATE[aesni-sha1-x86_64.s]=asm/aesni-sha1-x86_64.pl -GENERATE[aesni-sha256-x86_64.s]=asm/aesni-sha256-x86_64.pl -GENERATE[aesni-mb-x86_64.s]=asm/aesni-mb-x86_64.pl - -GENERATE[aes-sparcv9.S]=asm/aes-sparcv9.pl -INCLUDE[aes-sparcv9.o]=.. -GENERATE[aest4-sparcv9.S]=asm/aest4-sparcv9.pl -INCLUDE[aest4-sparcv9.o]=.. -DEPEND[aest4-sparcv9.S]=../perlasm/sparcv9_modes.pl -GENERATE[aesfx-sparcv9.S]=asm/aesfx-sparcv9.pl -INCLUDE[aesfx-sparcv9.o]=.. - -GENERATE[aes-ppc.s]=asm/aes-ppc.pl -GENERATE[vpaes-ppc.s]=asm/vpaes-ppc.pl -GENERATE[aesp8-ppc.s]=asm/aesp8-ppc.pl - -GENERATE[aes-parisc.s]=asm/aes-parisc.pl - -GENERATE[aes-mips.S]=asm/aes-mips.pl -INCLUDE[aes-mips.o]=.. - -GENERATE[aesv8-armx.S]=asm/aesv8-armx.pl -INCLUDE[aesv8-armx.o]=.. -GENERATE[vpaes-armv8.S]=asm/vpaes-armv8.pl - -GENERATE[aes-armv4.S]=asm/aes-armv4.pl -INCLUDE[aes-armv4.o]=.. -GENERATE[bsaes-armv7.S]=asm/bsaes-armv7.pl -INCLUDE[bsaes-armv7.o]=.. - -GENERATE[aes-s390x.S]=asm/aes-s390x.pl -INCLUDE[aes-s390x.o]=.. - -GENERATE[aes-c64xplus.S]=asm/aes-c64xplus.pl diff --git a/crypto/alphacpuid.pl b/crypto/alphacpuid.pl deleted file mode 100644 index b96975038060f31956427159abe06caf519dec8c..0000000000000000000000000000000000000000 --- a/crypto/alphacpuid.pl +++ /dev/null @@ -1,256 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2010-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - - -$output = pop and open STDOUT,">$output"; - -print <<'___'; -.text - -.set noat - -.globl OPENSSL_cpuid_setup -.ent OPENSSL_cpuid_setup -OPENSSL_cpuid_setup: - .frame $30,0,$26 - .prologue 0 - ret ($26) -.end OPENSSL_cpuid_setup - -.globl OPENSSL_wipe_cpu -.ent OPENSSL_wipe_cpu -OPENSSL_wipe_cpu: - .frame $30,0,$26 - .prologue 0 - clr $1 - clr $2 - clr $3 - clr $4 - clr $5 - clr $6 - clr $7 - clr $8 - clr $16 - clr $17 - clr $18 - clr $19 - clr $20 - clr $21 - clr $22 - clr $23 - clr $24 - clr $25 - clr $27 - clr $at - clr $29 - fclr $f0 - fclr $f1 - fclr $f10 - fclr $f11 - fclr $f12 - fclr $f13 - fclr $f14 - fclr $f15 - fclr $f16 - fclr $f17 - fclr $f18 - fclr $f19 - fclr $f20 - fclr $f21 - fclr $f22 - fclr $f23 - fclr $f24 - fclr $f25 - fclr $f26 - fclr $f27 - fclr $f28 - fclr $f29 - fclr $f30 - mov $sp,$0 - ret ($26) -.end OPENSSL_wipe_cpu - -.globl OPENSSL_atomic_add -.ent OPENSSL_atomic_add -OPENSSL_atomic_add: - .frame $30,0,$26 - .prologue 0 -1: ldl_l $0,0($16) - addl $0,$17,$1 - stl_c $1,0($16) - beq $1,1b - addl $0,$17,$0 - ret ($26) -.end OPENSSL_atomic_add - -.globl OPENSSL_rdtsc -.ent OPENSSL_rdtsc -OPENSSL_rdtsc: - .frame $30,0,$26 - .prologue 0 - rpcc $0 - ret ($26) -.end OPENSSL_rdtsc - -.globl OPENSSL_cleanse -.ent OPENSSL_cleanse -OPENSSL_cleanse: - .frame $30,0,$26 - .prologue 0 - beq $17,.Ldone - and $16,7,$0 - bic $17,7,$at - beq $at,.Little - beq $0,.Laligned - -.Little: - subq $0,8,$0 - ldq_u $1,0($16) - mov $16,$2 -.Lalign: - mskbl $1,$16,$1 - lda $16,1($16) - subq $17,1,$17 - addq $0,1,$0 - beq $17,.Lout - bne $0,.Lalign -.Lout: stq_u $1,0($2) - beq $17,.Ldone - bic $17,7,$at - beq $at,.Little - -.Laligned: - stq $31,0($16) - subq $17,8,$17 - lda $16,8($16) - bic $17,7,$at - bne $at,.Laligned - bne $17,.Little -.Ldone: ret ($26) -.end OPENSSL_cleanse - -.globl CRYPTO_memcmp -.ent CRYPTO_memcmp -CRYPTO_memcmp: - .frame $30,0,$26 - .prologue 0 - xor $0,$0,$0 - beq $18,.Lno_data - - xor $1,$1,$1 - nop -.Loop_cmp: - ldq_u $2,0($16) - subq $18,1,$18 - ldq_u $3,0($17) - extbl $2,$16,$2 - lda $16,1($16) - extbl $3,$17,$3 - lda $17,1($17) - xor $3,$2,$2 - or $2,$0,$0 - bne $18,.Loop_cmp - - subq $31,$0,$0 - srl $0,63,$0 -.Lno_data: - ret ($26) -.end CRYPTO_memcmp -___ -{ -my ($out,$cnt,$max)=("\$16","\$17","\$18"); -my ($tick,$lasttick)=("\$19","\$20"); -my ($diff,$lastdiff)=("\$21","\$22"); -my ($v0,$ra,$sp,$zero)=("\$0","\$26","\$30","\$31"); - -print <<___; -.globl OPENSSL_instrument_bus -.ent OPENSSL_instrument_bus -OPENSSL_instrument_bus: - .frame $sp,0,$ra - .prologue 0 - mov $cnt,$v0 - - rpcc $lasttick - mov 0,$diff - - ecb ($out) - ldl_l $tick,0($out) - addl $diff,$tick,$tick - mov $tick,$diff - stl_c $tick,0($out) - stl $diff,0($out) - -.Loop: rpcc $tick - subq $tick,$lasttick,$diff - mov $tick,$lasttick - - ecb ($out) - ldl_l $tick,0($out) - addl $diff,$tick,$tick - mov $tick,$diff - stl_c $tick,0($out) - stl $diff,0($out) - - subl $cnt,1,$cnt - lda $out,4($out) - bne $cnt,.Loop - - ret ($ra) -.end OPENSSL_instrument_bus - -.globl OPENSSL_instrument_bus2 -.ent OPENSSL_instrument_bus2 -OPENSSL_instrument_bus2: - .frame $sp,0,$ra - .prologue 0 - mov $cnt,$v0 - - rpcc $lasttick - mov 0,$diff - - ecb ($out) - ldl_l $tick,0($out) - addl $diff,$tick,$tick - mov $tick,$diff - stl_c $tick,0($out) - stl $diff,0($out) - - rpcc $tick - subq $tick,$lasttick,$diff - mov $tick,$lasttick - mov $diff,$lastdiff -.Loop2: - ecb ($out) - ldl_l $tick,0($out) - addl $diff,$tick,$tick - mov $tick,$diff - stl_c $tick,0($out) - stl $diff,0($out) - - subl $max,1,$max - beq $max,.Ldone2 - - rpcc $tick - subq $tick,$lasttick,$diff - mov $tick,$lasttick - subq $lastdiff,$diff,$tick - mov $diff,$lastdiff - cmovne $tick,1,$tick - subl $cnt,$tick,$cnt - s4addq $tick,$out,$out - bne $cnt,.Loop2 - -.Ldone2: - subl $v0,$cnt,$v0 - ret ($ra) -.end OPENSSL_instrument_bus2 -___ -} - -close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/aria/aria.c b/crypto/aria/aria.c deleted file mode 100644 index 5e60bc52102335869968ade85295f8175b3ff400..0000000000000000000000000000000000000000 --- a/crypto/aria/aria.c +++ /dev/null @@ -1,1212 +0,0 @@ -/* - * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. - * Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * Copyright (C) 2017 National Security Research Institute. All Rights Reserved. - * - * Information for ARIA - * http://210.104.33.10/ARIA/index-e.html (English) - * http://seed.kisa.or.kr/ (Korean) - * - * Public domain version is distributed above. - */ - -#include -#include "crypto/aria.h" - -#include -#include - -#ifndef OPENSSL_SMALL_FOOTPRINT - -/* Begin macro */ - -/* rotation */ -#define rotl32(v, r) (((uint32_t)(v) << (r)) | ((uint32_t)(v) >> (32 - r))) -#define rotr32(v, r) (((uint32_t)(v) >> (r)) | ((uint32_t)(v) << (32 - r))) - -#define bswap32(v) \ - (((v) << 24) ^ ((v) >> 24) ^ \ - (((v) & 0x0000ff00) << 8) ^ (((v) & 0x00ff0000) >> 8)) - -#define GET_U8_BE(X, Y) ((uint8_t)((X) >> ((3 - Y) * 8))) -#define GET_U32_BE(X, Y) ( \ - ((uint32_t)((const uint8_t *)(X))[Y * 4 ] << 24) ^ \ - ((uint32_t)((const uint8_t *)(X))[Y * 4 + 1] << 16) ^ \ - ((uint32_t)((const uint8_t *)(X))[Y * 4 + 2] << 8) ^ \ - ((uint32_t)((const uint8_t *)(X))[Y * 4 + 3] ) ) - -#define PUT_U32_BE(DEST, IDX, VAL) \ - do { \ - ((uint8_t *)(DEST))[IDX * 4 ] = GET_U8_BE(VAL, 0); \ - ((uint8_t *)(DEST))[IDX * 4 + 1] = GET_U8_BE(VAL, 1); \ - ((uint8_t *)(DEST))[IDX * 4 + 2] = GET_U8_BE(VAL, 2); \ - ((uint8_t *)(DEST))[IDX * 4 + 3] = GET_U8_BE(VAL, 3); \ - } while(0) - -#define MAKE_U32(V0, V1, V2, V3) ( \ - ((uint32_t)((uint8_t)(V0)) << 24) | \ - ((uint32_t)((uint8_t)(V1)) << 16) | \ - ((uint32_t)((uint8_t)(V2)) << 8) | \ - ((uint32_t)((uint8_t)(V3)) ) ) - -/* End Macro*/ - -/* Key Constant - * 128bit : 0, 1, 2 - * 192bit : 1, 2, 3(0) - * 256bit : 2, 3(0), 4(1) - */ -static const uint32_t Key_RC[5][4] = { - { 0x517cc1b7, 0x27220a94, 0xfe13abe8, 0xfa9a6ee0 }, - { 0x6db14acc, 0x9e21c820, 0xff28b1d5, 0xef5de2b0 }, - { 0xdb92371d, 0x2126e970, 0x03249775, 0x04e8c90e }, - { 0x517cc1b7, 0x27220a94, 0xfe13abe8, 0xfa9a6ee0 }, - { 0x6db14acc, 0x9e21c820, 0xff28b1d5, 0xef5de2b0 } -}; - -/* 32bit expanded s-box */ -static const uint32_t S1[256] = { - 0x00636363, 0x007c7c7c, 0x00777777, 0x007b7b7b, - 0x00f2f2f2, 0x006b6b6b, 0x006f6f6f, 0x00c5c5c5, - 0x00303030, 0x00010101, 0x00676767, 0x002b2b2b, - 0x00fefefe, 0x00d7d7d7, 0x00ababab, 0x00767676, - 0x00cacaca, 0x00828282, 0x00c9c9c9, 0x007d7d7d, - 0x00fafafa, 0x00595959, 0x00474747, 0x00f0f0f0, - 0x00adadad, 0x00d4d4d4, 0x00a2a2a2, 0x00afafaf, - 0x009c9c9c, 0x00a4a4a4, 0x00727272, 0x00c0c0c0, - 0x00b7b7b7, 0x00fdfdfd, 0x00939393, 0x00262626, - 0x00363636, 0x003f3f3f, 0x00f7f7f7, 0x00cccccc, - 0x00343434, 0x00a5a5a5, 0x00e5e5e5, 0x00f1f1f1, - 0x00717171, 0x00d8d8d8, 0x00313131, 0x00151515, - 0x00040404, 0x00c7c7c7, 0x00232323, 0x00c3c3c3, - 0x00181818, 0x00969696, 0x00050505, 0x009a9a9a, - 0x00070707, 0x00121212, 0x00808080, 0x00e2e2e2, - 0x00ebebeb, 0x00272727, 0x00b2b2b2, 0x00757575, - 0x00090909, 0x00838383, 0x002c2c2c, 0x001a1a1a, - 0x001b1b1b, 0x006e6e6e, 0x005a5a5a, 0x00a0a0a0, - 0x00525252, 0x003b3b3b, 0x00d6d6d6, 0x00b3b3b3, - 0x00292929, 0x00e3e3e3, 0x002f2f2f, 0x00848484, - 0x00535353, 0x00d1d1d1, 0x00000000, 0x00ededed, - 0x00202020, 0x00fcfcfc, 0x00b1b1b1, 0x005b5b5b, - 0x006a6a6a, 0x00cbcbcb, 0x00bebebe, 0x00393939, - 0x004a4a4a, 0x004c4c4c, 0x00585858, 0x00cfcfcf, - 0x00d0d0d0, 0x00efefef, 0x00aaaaaa, 0x00fbfbfb, - 0x00434343, 0x004d4d4d, 0x00333333, 0x00858585, - 0x00454545, 0x00f9f9f9, 0x00020202, 0x007f7f7f, - 0x00505050, 0x003c3c3c, 0x009f9f9f, 0x00a8a8a8, - 0x00515151, 0x00a3a3a3, 0x00404040, 0x008f8f8f, - 0x00929292, 0x009d9d9d, 0x00383838, 0x00f5f5f5, - 0x00bcbcbc, 0x00b6b6b6, 0x00dadada, 0x00212121, - 0x00101010, 0x00ffffff, 0x00f3f3f3, 0x00d2d2d2, - 0x00cdcdcd, 0x000c0c0c, 0x00131313, 0x00ececec, - 0x005f5f5f, 0x00979797, 0x00444444, 0x00171717, - 0x00c4c4c4, 0x00a7a7a7, 0x007e7e7e, 0x003d3d3d, - 0x00646464, 0x005d5d5d, 0x00191919, 0x00737373, - 0x00606060, 0x00818181, 0x004f4f4f, 0x00dcdcdc, - 0x00222222, 0x002a2a2a, 0x00909090, 0x00888888, - 0x00464646, 0x00eeeeee, 0x00b8b8b8, 0x00141414, - 0x00dedede, 0x005e5e5e, 0x000b0b0b, 0x00dbdbdb, - 0x00e0e0e0, 0x00323232, 0x003a3a3a, 0x000a0a0a, - 0x00494949, 0x00060606, 0x00242424, 0x005c5c5c, - 0x00c2c2c2, 0x00d3d3d3, 0x00acacac, 0x00626262, - 0x00919191, 0x00959595, 0x00e4e4e4, 0x00797979, - 0x00e7e7e7, 0x00c8c8c8, 0x00373737, 0x006d6d6d, - 0x008d8d8d, 0x00d5d5d5, 0x004e4e4e, 0x00a9a9a9, - 0x006c6c6c, 0x00565656, 0x00f4f4f4, 0x00eaeaea, - 0x00656565, 0x007a7a7a, 0x00aeaeae, 0x00080808, - 0x00bababa, 0x00787878, 0x00252525, 0x002e2e2e, - 0x001c1c1c, 0x00a6a6a6, 0x00b4b4b4, 0x00c6c6c6, - 0x00e8e8e8, 0x00dddddd, 0x00747474, 0x001f1f1f, - 0x004b4b4b, 0x00bdbdbd, 0x008b8b8b, 0x008a8a8a, - 0x00707070, 0x003e3e3e, 0x00b5b5b5, 0x00666666, - 0x00484848, 0x00030303, 0x00f6f6f6, 0x000e0e0e, - 0x00616161, 0x00353535, 0x00575757, 0x00b9b9b9, - 0x00868686, 0x00c1c1c1, 0x001d1d1d, 0x009e9e9e, - 0x00e1e1e1, 0x00f8f8f8, 0x00989898, 0x00111111, - 0x00696969, 0x00d9d9d9, 0x008e8e8e, 0x00949494, - 0x009b9b9b, 0x001e1e1e, 0x00878787, 0x00e9e9e9, - 0x00cecece, 0x00555555, 0x00282828, 0x00dfdfdf, - 0x008c8c8c, 0x00a1a1a1, 0x00898989, 0x000d0d0d, - 0x00bfbfbf, 0x00e6e6e6, 0x00424242, 0x00686868, - 0x00414141, 0x00999999, 0x002d2d2d, 0x000f0f0f, - 0x00b0b0b0, 0x00545454, 0x00bbbbbb, 0x00161616 -}; - -static const uint32_t S2[256] = { - 0xe200e2e2, 0x4e004e4e, 0x54005454, 0xfc00fcfc, - 0x94009494, 0xc200c2c2, 0x4a004a4a, 0xcc00cccc, - 0x62006262, 0x0d000d0d, 0x6a006a6a, 0x46004646, - 0x3c003c3c, 0x4d004d4d, 0x8b008b8b, 0xd100d1d1, - 0x5e005e5e, 0xfa00fafa, 0x64006464, 0xcb00cbcb, - 0xb400b4b4, 0x97009797, 0xbe00bebe, 0x2b002b2b, - 0xbc00bcbc, 0x77007777, 0x2e002e2e, 0x03000303, - 0xd300d3d3, 0x19001919, 0x59005959, 0xc100c1c1, - 0x1d001d1d, 0x06000606, 0x41004141, 0x6b006b6b, - 0x55005555, 0xf000f0f0, 0x99009999, 0x69006969, - 0xea00eaea, 0x9c009c9c, 0x18001818, 0xae00aeae, - 0x63006363, 0xdf00dfdf, 0xe700e7e7, 0xbb00bbbb, - 0x00000000, 0x73007373, 0x66006666, 0xfb00fbfb, - 0x96009696, 0x4c004c4c, 0x85008585, 0xe400e4e4, - 0x3a003a3a, 0x09000909, 0x45004545, 0xaa00aaaa, - 0x0f000f0f, 0xee00eeee, 0x10001010, 0xeb00ebeb, - 0x2d002d2d, 0x7f007f7f, 0xf400f4f4, 0x29002929, - 0xac00acac, 0xcf00cfcf, 0xad00adad, 0x91009191, - 0x8d008d8d, 0x78007878, 0xc800c8c8, 0x95009595, - 0xf900f9f9, 0x2f002f2f, 0xce00cece, 0xcd00cdcd, - 0x08000808, 0x7a007a7a, 0x88008888, 0x38003838, - 0x5c005c5c, 0x83008383, 0x2a002a2a, 0x28002828, - 0x47004747, 0xdb00dbdb, 0xb800b8b8, 0xc700c7c7, - 0x93009393, 0xa400a4a4, 0x12001212, 0x53005353, - 0xff00ffff, 0x87008787, 0x0e000e0e, 0x31003131, - 0x36003636, 0x21002121, 0x58005858, 0x48004848, - 0x01000101, 0x8e008e8e, 0x37003737, 0x74007474, - 0x32003232, 0xca00caca, 0xe900e9e9, 0xb100b1b1, - 0xb700b7b7, 0xab00abab, 0x0c000c0c, 0xd700d7d7, - 0xc400c4c4, 0x56005656, 0x42004242, 0x26002626, - 0x07000707, 0x98009898, 0x60006060, 0xd900d9d9, - 0xb600b6b6, 0xb900b9b9, 0x11001111, 0x40004040, - 0xec00ecec, 0x20002020, 0x8c008c8c, 0xbd00bdbd, - 0xa000a0a0, 0xc900c9c9, 0x84008484, 0x04000404, - 0x49004949, 0x23002323, 0xf100f1f1, 0x4f004f4f, - 0x50005050, 0x1f001f1f, 0x13001313, 0xdc00dcdc, - 0xd800d8d8, 0xc000c0c0, 0x9e009e9e, 0x57005757, - 0xe300e3e3, 0xc300c3c3, 0x7b007b7b, 0x65006565, - 0x3b003b3b, 0x02000202, 0x8f008f8f, 0x3e003e3e, - 0xe800e8e8, 0x25002525, 0x92009292, 0xe500e5e5, - 0x15001515, 0xdd00dddd, 0xfd00fdfd, 0x17001717, - 0xa900a9a9, 0xbf00bfbf, 0xd400d4d4, 0x9a009a9a, - 0x7e007e7e, 0xc500c5c5, 0x39003939, 0x67006767, - 0xfe00fefe, 0x76007676, 0x9d009d9d, 0x43004343, - 0xa700a7a7, 0xe100e1e1, 0xd000d0d0, 0xf500f5f5, - 0x68006868, 0xf200f2f2, 0x1b001b1b, 0x34003434, - 0x70007070, 0x05000505, 0xa300a3a3, 0x8a008a8a, - 0xd500d5d5, 0x79007979, 0x86008686, 0xa800a8a8, - 0x30003030, 0xc600c6c6, 0x51005151, 0x4b004b4b, - 0x1e001e1e, 0xa600a6a6, 0x27002727, 0xf600f6f6, - 0x35003535, 0xd200d2d2, 0x6e006e6e, 0x24002424, - 0x16001616, 0x82008282, 0x5f005f5f, 0xda00dada, - 0xe600e6e6, 0x75007575, 0xa200a2a2, 0xef00efef, - 0x2c002c2c, 0xb200b2b2, 0x1c001c1c, 0x9f009f9f, - 0x5d005d5d, 0x6f006f6f, 0x80008080, 0x0a000a0a, - 0x72007272, 0x44004444, 0x9b009b9b, 0x6c006c6c, - 0x90009090, 0x0b000b0b, 0x5b005b5b, 0x33003333, - 0x7d007d7d, 0x5a005a5a, 0x52005252, 0xf300f3f3, - 0x61006161, 0xa100a1a1, 0xf700f7f7, 0xb000b0b0, - 0xd600d6d6, 0x3f003f3f, 0x7c007c7c, 0x6d006d6d, - 0xed00eded, 0x14001414, 0xe000e0e0, 0xa500a5a5, - 0x3d003d3d, 0x22002222, 0xb300b3b3, 0xf800f8f8, - 0x89008989, 0xde00dede, 0x71007171, 0x1a001a1a, - 0xaf00afaf, 0xba00baba, 0xb500b5b5, 0x81008181 -}; - -static const uint32_t X1[256] = { - 0x52520052, 0x09090009, 0x6a6a006a, 0xd5d500d5, - 0x30300030, 0x36360036, 0xa5a500a5, 0x38380038, - 0xbfbf00bf, 0x40400040, 0xa3a300a3, 0x9e9e009e, - 0x81810081, 0xf3f300f3, 0xd7d700d7, 0xfbfb00fb, - 0x7c7c007c, 0xe3e300e3, 0x39390039, 0x82820082, - 0x9b9b009b, 0x2f2f002f, 0xffff00ff, 0x87870087, - 0x34340034, 0x8e8e008e, 0x43430043, 0x44440044, - 0xc4c400c4, 0xdede00de, 0xe9e900e9, 0xcbcb00cb, - 0x54540054, 0x7b7b007b, 0x94940094, 0x32320032, - 0xa6a600a6, 0xc2c200c2, 0x23230023, 0x3d3d003d, - 0xeeee00ee, 0x4c4c004c, 0x95950095, 0x0b0b000b, - 0x42420042, 0xfafa00fa, 0xc3c300c3, 0x4e4e004e, - 0x08080008, 0x2e2e002e, 0xa1a100a1, 0x66660066, - 0x28280028, 0xd9d900d9, 0x24240024, 0xb2b200b2, - 0x76760076, 0x5b5b005b, 0xa2a200a2, 0x49490049, - 0x6d6d006d, 0x8b8b008b, 0xd1d100d1, 0x25250025, - 0x72720072, 0xf8f800f8, 0xf6f600f6, 0x64640064, - 0x86860086, 0x68680068, 0x98980098, 0x16160016, - 0xd4d400d4, 0xa4a400a4, 0x5c5c005c, 0xcccc00cc, - 0x5d5d005d, 0x65650065, 0xb6b600b6, 0x92920092, - 0x6c6c006c, 0x70700070, 0x48480048, 0x50500050, - 0xfdfd00fd, 0xeded00ed, 0xb9b900b9, 0xdada00da, - 0x5e5e005e, 0x15150015, 0x46460046, 0x57570057, - 0xa7a700a7, 0x8d8d008d, 0x9d9d009d, 0x84840084, - 0x90900090, 0xd8d800d8, 0xabab00ab, 0x00000000, - 0x8c8c008c, 0xbcbc00bc, 0xd3d300d3, 0x0a0a000a, - 0xf7f700f7, 0xe4e400e4, 0x58580058, 0x05050005, - 0xb8b800b8, 0xb3b300b3, 0x45450045, 0x06060006, - 0xd0d000d0, 0x2c2c002c, 0x1e1e001e, 0x8f8f008f, - 0xcaca00ca, 0x3f3f003f, 0x0f0f000f, 0x02020002, - 0xc1c100c1, 0xafaf00af, 0xbdbd00bd, 0x03030003, - 0x01010001, 0x13130013, 0x8a8a008a, 0x6b6b006b, - 0x3a3a003a, 0x91910091, 0x11110011, 0x41410041, - 0x4f4f004f, 0x67670067, 0xdcdc00dc, 0xeaea00ea, - 0x97970097, 0xf2f200f2, 0xcfcf00cf, 0xcece00ce, - 0xf0f000f0, 0xb4b400b4, 0xe6e600e6, 0x73730073, - 0x96960096, 0xacac00ac, 0x74740074, 0x22220022, - 0xe7e700e7, 0xadad00ad, 0x35350035, 0x85850085, - 0xe2e200e2, 0xf9f900f9, 0x37370037, 0xe8e800e8, - 0x1c1c001c, 0x75750075, 0xdfdf00df, 0x6e6e006e, - 0x47470047, 0xf1f100f1, 0x1a1a001a, 0x71710071, - 0x1d1d001d, 0x29290029, 0xc5c500c5, 0x89890089, - 0x6f6f006f, 0xb7b700b7, 0x62620062, 0x0e0e000e, - 0xaaaa00aa, 0x18180018, 0xbebe00be, 0x1b1b001b, - 0xfcfc00fc, 0x56560056, 0x3e3e003e, 0x4b4b004b, - 0xc6c600c6, 0xd2d200d2, 0x79790079, 0x20200020, - 0x9a9a009a, 0xdbdb00db, 0xc0c000c0, 0xfefe00fe, - 0x78780078, 0xcdcd00cd, 0x5a5a005a, 0xf4f400f4, - 0x1f1f001f, 0xdddd00dd, 0xa8a800a8, 0x33330033, - 0x88880088, 0x07070007, 0xc7c700c7, 0x31310031, - 0xb1b100b1, 0x12120012, 0x10100010, 0x59590059, - 0x27270027, 0x80800080, 0xecec00ec, 0x5f5f005f, - 0x60600060, 0x51510051, 0x7f7f007f, 0xa9a900a9, - 0x19190019, 0xb5b500b5, 0x4a4a004a, 0x0d0d000d, - 0x2d2d002d, 0xe5e500e5, 0x7a7a007a, 0x9f9f009f, - 0x93930093, 0xc9c900c9, 0x9c9c009c, 0xefef00ef, - 0xa0a000a0, 0xe0e000e0, 0x3b3b003b, 0x4d4d004d, - 0xaeae00ae, 0x2a2a002a, 0xf5f500f5, 0xb0b000b0, - 0xc8c800c8, 0xebeb00eb, 0xbbbb00bb, 0x3c3c003c, - 0x83830083, 0x53530053, 0x99990099, 0x61610061, - 0x17170017, 0x2b2b002b, 0x04040004, 0x7e7e007e, - 0xbaba00ba, 0x77770077, 0xd6d600d6, 0x26260026, - 0xe1e100e1, 0x69690069, 0x14140014, 0x63630063, - 0x55550055, 0x21210021, 0x0c0c000c, 0x7d7d007d -}; - -static const uint32_t X2[256] = { - 0x30303000, 0x68686800, 0x99999900, 0x1b1b1b00, - 0x87878700, 0xb9b9b900, 0x21212100, 0x78787800, - 0x50505000, 0x39393900, 0xdbdbdb00, 0xe1e1e100, - 0x72727200, 0x09090900, 0x62626200, 0x3c3c3c00, - 0x3e3e3e00, 0x7e7e7e00, 0x5e5e5e00, 0x8e8e8e00, - 0xf1f1f100, 0xa0a0a000, 0xcccccc00, 0xa3a3a300, - 0x2a2a2a00, 0x1d1d1d00, 0xfbfbfb00, 0xb6b6b600, - 0xd6d6d600, 0x20202000, 0xc4c4c400, 0x8d8d8d00, - 0x81818100, 0x65656500, 0xf5f5f500, 0x89898900, - 0xcbcbcb00, 0x9d9d9d00, 0x77777700, 0xc6c6c600, - 0x57575700, 0x43434300, 0x56565600, 0x17171700, - 0xd4d4d400, 0x40404000, 0x1a1a1a00, 0x4d4d4d00, - 0xc0c0c000, 0x63636300, 0x6c6c6c00, 0xe3e3e300, - 0xb7b7b700, 0xc8c8c800, 0x64646400, 0x6a6a6a00, - 0x53535300, 0xaaaaaa00, 0x38383800, 0x98989800, - 0x0c0c0c00, 0xf4f4f400, 0x9b9b9b00, 0xededed00, - 0x7f7f7f00, 0x22222200, 0x76767600, 0xafafaf00, - 0xdddddd00, 0x3a3a3a00, 0x0b0b0b00, 0x58585800, - 0x67676700, 0x88888800, 0x06060600, 0xc3c3c300, - 0x35353500, 0x0d0d0d00, 0x01010100, 0x8b8b8b00, - 0x8c8c8c00, 0xc2c2c200, 0xe6e6e600, 0x5f5f5f00, - 0x02020200, 0x24242400, 0x75757500, 0x93939300, - 0x66666600, 0x1e1e1e00, 0xe5e5e500, 0xe2e2e200, - 0x54545400, 0xd8d8d800, 0x10101000, 0xcecece00, - 0x7a7a7a00, 0xe8e8e800, 0x08080800, 0x2c2c2c00, - 0x12121200, 0x97979700, 0x32323200, 0xababab00, - 0xb4b4b400, 0x27272700, 0x0a0a0a00, 0x23232300, - 0xdfdfdf00, 0xefefef00, 0xcacaca00, 0xd9d9d900, - 0xb8b8b800, 0xfafafa00, 0xdcdcdc00, 0x31313100, - 0x6b6b6b00, 0xd1d1d100, 0xadadad00, 0x19191900, - 0x49494900, 0xbdbdbd00, 0x51515100, 0x96969600, - 0xeeeeee00, 0xe4e4e400, 0xa8a8a800, 0x41414100, - 0xdadada00, 0xffffff00, 0xcdcdcd00, 0x55555500, - 0x86868600, 0x36363600, 0xbebebe00, 0x61616100, - 0x52525200, 0xf8f8f800, 0xbbbbbb00, 0x0e0e0e00, - 0x82828200, 0x48484800, 0x69696900, 0x9a9a9a00, - 0xe0e0e000, 0x47474700, 0x9e9e9e00, 0x5c5c5c00, - 0x04040400, 0x4b4b4b00, 0x34343400, 0x15151500, - 0x79797900, 0x26262600, 0xa7a7a700, 0xdedede00, - 0x29292900, 0xaeaeae00, 0x92929200, 0xd7d7d700, - 0x84848400, 0xe9e9e900, 0xd2d2d200, 0xbababa00, - 0x5d5d5d00, 0xf3f3f300, 0xc5c5c500, 0xb0b0b000, - 0xbfbfbf00, 0xa4a4a400, 0x3b3b3b00, 0x71717100, - 0x44444400, 0x46464600, 0x2b2b2b00, 0xfcfcfc00, - 0xebebeb00, 0x6f6f6f00, 0xd5d5d500, 0xf6f6f600, - 0x14141400, 0xfefefe00, 0x7c7c7c00, 0x70707000, - 0x5a5a5a00, 0x7d7d7d00, 0xfdfdfd00, 0x2f2f2f00, - 0x18181800, 0x83838300, 0x16161600, 0xa5a5a500, - 0x91919100, 0x1f1f1f00, 0x05050500, 0x95959500, - 0x74747400, 0xa9a9a900, 0xc1c1c100, 0x5b5b5b00, - 0x4a4a4a00, 0x85858500, 0x6d6d6d00, 0x13131300, - 0x07070700, 0x4f4f4f00, 0x4e4e4e00, 0x45454500, - 0xb2b2b200, 0x0f0f0f00, 0xc9c9c900, 0x1c1c1c00, - 0xa6a6a600, 0xbcbcbc00, 0xececec00, 0x73737300, - 0x90909000, 0x7b7b7b00, 0xcfcfcf00, 0x59595900, - 0x8f8f8f00, 0xa1a1a100, 0xf9f9f900, 0x2d2d2d00, - 0xf2f2f200, 0xb1b1b100, 0x00000000, 0x94949400, - 0x37373700, 0x9f9f9f00, 0xd0d0d000, 0x2e2e2e00, - 0x9c9c9c00, 0x6e6e6e00, 0x28282800, 0x3f3f3f00, - 0x80808000, 0xf0f0f000, 0x3d3d3d00, 0xd3d3d300, - 0x25252500, 0x8a8a8a00, 0xb5b5b500, 0xe7e7e700, - 0x42424200, 0xb3b3b300, 0xc7c7c700, 0xeaeaea00, - 0xf7f7f700, 0x4c4c4c00, 0x11111100, 0x33333300, - 0x03030300, 0xa2a2a200, 0xacacac00, 0x60606000 -}; - -/* Key XOR Layer */ -#define ARIA_ADD_ROUND_KEY(RK, T0, T1, T2, T3) \ - do { \ - (T0) ^= (RK)->u[0]; \ - (T1) ^= (RK)->u[1]; \ - (T2) ^= (RK)->u[2]; \ - (T3) ^= (RK)->u[3]; \ - } while(0) - -/* S-Box Layer 1 + M */ -#define ARIA_SBOX_LAYER1_WITH_PRE_DIFF(T0, T1, T2, T3) \ - do { \ - (T0) = \ - S1[GET_U8_BE(T0, 0)] ^ \ - S2[GET_U8_BE(T0, 1)] ^ \ - X1[GET_U8_BE(T0, 2)] ^ \ - X2[GET_U8_BE(T0, 3)]; \ - (T1) = \ - S1[GET_U8_BE(T1, 0)] ^ \ - S2[GET_U8_BE(T1, 1)] ^ \ - X1[GET_U8_BE(T1, 2)] ^ \ - X2[GET_U8_BE(T1, 3)]; \ - (T2) = \ - S1[GET_U8_BE(T2, 0)] ^ \ - S2[GET_U8_BE(T2, 1)] ^ \ - X1[GET_U8_BE(T2, 2)] ^ \ - X2[GET_U8_BE(T2, 3)]; \ - (T3) = \ - S1[GET_U8_BE(T3, 0)] ^ \ - S2[GET_U8_BE(T3, 1)] ^ \ - X1[GET_U8_BE(T3, 2)] ^ \ - X2[GET_U8_BE(T3, 3)]; \ - } while(0) - -/* S-Box Layer 2 + M */ -#define ARIA_SBOX_LAYER2_WITH_PRE_DIFF(T0, T1, T2, T3) \ - do { \ - (T0) = \ - X1[GET_U8_BE(T0, 0)] ^ \ - X2[GET_U8_BE(T0, 1)] ^ \ - S1[GET_U8_BE(T0, 2)] ^ \ - S2[GET_U8_BE(T0, 3)]; \ - (T1) = \ - X1[GET_U8_BE(T1, 0)] ^ \ - X2[GET_U8_BE(T1, 1)] ^ \ - S1[GET_U8_BE(T1, 2)] ^ \ - S2[GET_U8_BE(T1, 3)]; \ - (T2) = \ - X1[GET_U8_BE(T2, 0)] ^ \ - X2[GET_U8_BE(T2, 1)] ^ \ - S1[GET_U8_BE(T2, 2)] ^ \ - S2[GET_U8_BE(T2, 3)]; \ - (T3) = \ - X1[GET_U8_BE(T3, 0)] ^ \ - X2[GET_U8_BE(T3, 1)] ^ \ - S1[GET_U8_BE(T3, 2)] ^ \ - S2[GET_U8_BE(T3, 3)]; \ - } while(0) - -/* Word-level diffusion */ -#define ARIA_DIFF_WORD(T0,T1,T2,T3) \ - do { \ - (T1) ^= (T2); \ - (T2) ^= (T3); \ - (T0) ^= (T1); \ - \ - (T3) ^= (T1); \ - (T2) ^= (T0); \ - (T1) ^= (T2); \ - } while(0) - -/* Byte-level diffusion */ -#define ARIA_DIFF_BYTE(T0, T1, T2, T3) \ - do { \ - (T1) = (((T1) << 8) & 0xff00ff00) ^ (((T1) >> 8) & 0x00ff00ff); \ - (T2) = rotr32(T2, 16); \ - (T3) = bswap32(T3); \ - } while(0) - -/* Odd round Substitution & Diffusion */ -#define ARIA_SUBST_DIFF_ODD(T0, T1, T2, T3) \ - do { \ - ARIA_SBOX_LAYER1_WITH_PRE_DIFF(T0, T1, T2, T3); \ - ARIA_DIFF_WORD(T0, T1, T2, T3); \ - ARIA_DIFF_BYTE(T0, T1, T2, T3); \ - ARIA_DIFF_WORD(T0, T1, T2, T3); \ - } while(0) - -/* Even round Substitution & Diffusion */ -#define ARIA_SUBST_DIFF_EVEN(T0, T1, T2, T3) \ - do { \ - ARIA_SBOX_LAYER2_WITH_PRE_DIFF(T0, T1, T2, T3); \ - ARIA_DIFF_WORD(T0, T1, T2, T3); \ - ARIA_DIFF_BYTE(T2, T3, T0, T1); \ - ARIA_DIFF_WORD(T0, T1, T2, T3); \ - } while(0) - -/* Q, R Macro expanded ARIA GSRK */ -#define _ARIA_GSRK(RK, X, Y, Q, R) \ - do { \ - (RK)->u[0] = \ - ((X)[0]) ^ \ - (((Y)[((Q) ) % 4]) >> (R)) ^ \ - (((Y)[((Q) + 3) % 4]) << (32 - (R))); \ - (RK)->u[1] = \ - ((X)[1]) ^ \ - (((Y)[((Q) + 1) % 4]) >> (R)) ^ \ - (((Y)[((Q) ) % 4]) << (32 - (R))); \ - (RK)->u[2] = \ - ((X)[2]) ^ \ - (((Y)[((Q) + 2) % 4]) >> (R)) ^ \ - (((Y)[((Q) + 1) % 4]) << (32 - (R))); \ - (RK)->u[3] = \ - ((X)[3]) ^ \ - (((Y)[((Q) + 3) % 4]) >> (R)) ^ \ - (((Y)[((Q) + 2) % 4]) << (32 - (R))); \ - } while(0) - -#define ARIA_GSRK(RK, X, Y, N) _ARIA_GSRK(RK, X, Y, 4 - ((N) / 32), (N) % 32) - -#define ARIA_DEC_DIFF_BYTE(X, Y, TMP, TMP2) \ - do { \ - (TMP) = (X); \ - (TMP2) = rotr32((TMP), 8); \ - (Y) = (TMP2) ^ rotr32((TMP) ^ (TMP2), 16); \ - } while(0) - -void ossl_aria_encrypt(const unsigned char *in, unsigned char *out, - const ARIA_KEY *key) -{ - register uint32_t reg0, reg1, reg2, reg3; - int Nr; - const ARIA_u128 *rk; - - if (in == NULL || out == NULL || key == NULL) { - return; - } - - rk = key->rd_key; - Nr = key->rounds; - - if (Nr != 12 && Nr != 14 && Nr != 16) { - return; - } - - reg0 = GET_U32_BE(in, 0); - reg1 = GET_U32_BE(in, 1); - reg2 = GET_U32_BE(in, 2); - reg3 = GET_U32_BE(in, 3); - - ARIA_ADD_ROUND_KEY(rk, reg0, reg1, reg2, reg3); - rk++; - - ARIA_SUBST_DIFF_ODD(reg0, reg1, reg2, reg3); - ARIA_ADD_ROUND_KEY(rk, reg0, reg1, reg2, reg3); - rk++; - - while(Nr -= 2){ - ARIA_SUBST_DIFF_EVEN(reg0, reg1, reg2, reg3); - ARIA_ADD_ROUND_KEY(rk, reg0, reg1, reg2, reg3); - rk++; - - ARIA_SUBST_DIFF_ODD(reg0, reg1, reg2, reg3); - ARIA_ADD_ROUND_KEY(rk, reg0, reg1, reg2, reg3); - rk++; - } - - reg0 = rk->u[0] ^ MAKE_U32( - (uint8_t)(X1[GET_U8_BE(reg0, 0)] ), - (uint8_t)(X2[GET_U8_BE(reg0, 1)] >> 8), - (uint8_t)(S1[GET_U8_BE(reg0, 2)] ), - (uint8_t)(S2[GET_U8_BE(reg0, 3)] )); - reg1 = rk->u[1] ^ MAKE_U32( - (uint8_t)(X1[GET_U8_BE(reg1, 0)] ), - (uint8_t)(X2[GET_U8_BE(reg1, 1)] >> 8), - (uint8_t)(S1[GET_U8_BE(reg1, 2)] ), - (uint8_t)(S2[GET_U8_BE(reg1, 3)] )); - reg2 = rk->u[2] ^ MAKE_U32( - (uint8_t)(X1[GET_U8_BE(reg2, 0)] ), - (uint8_t)(X2[GET_U8_BE(reg2, 1)] >> 8), - (uint8_t)(S1[GET_U8_BE(reg2, 2)] ), - (uint8_t)(S2[GET_U8_BE(reg2, 3)] )); - reg3 = rk->u[3] ^ MAKE_U32( - (uint8_t)(X1[GET_U8_BE(reg3, 0)] ), - (uint8_t)(X2[GET_U8_BE(reg3, 1)] >> 8), - (uint8_t)(S1[GET_U8_BE(reg3, 2)] ), - (uint8_t)(S2[GET_U8_BE(reg3, 3)] )); - - PUT_U32_BE(out, 0, reg0); - PUT_U32_BE(out, 1, reg1); - PUT_U32_BE(out, 2, reg2); - PUT_U32_BE(out, 3, reg3); -} - -int ossl_aria_set_encrypt_key(const unsigned char *userKey, const int bits, - ARIA_KEY *key) -{ - register uint32_t reg0, reg1, reg2, reg3; - uint32_t w0[4], w1[4], w2[4], w3[4]; - const uint32_t *ck; - - ARIA_u128 *rk; - int Nr = (bits + 256) / 32; - - if (userKey == NULL || key == NULL) { - return -1; - } - if (bits != 128 && bits != 192 && bits != 256) { - return -2; - } - - rk = key->rd_key; - key->rounds = Nr; - ck = &Key_RC[(bits - 128) / 64][0]; - - w0[0] = GET_U32_BE(userKey, 0); - w0[1] = GET_U32_BE(userKey, 1); - w0[2] = GET_U32_BE(userKey, 2); - w0[3] = GET_U32_BE(userKey, 3); - - reg0 = w0[0] ^ ck[0]; - reg1 = w0[1] ^ ck[1]; - reg2 = w0[2] ^ ck[2]; - reg3 = w0[3] ^ ck[3]; - - ARIA_SUBST_DIFF_ODD(reg0, reg1, reg2, reg3); - - if (bits > 128) { - w1[0] = GET_U32_BE(userKey, 4); - w1[1] = GET_U32_BE(userKey, 5); - if (bits > 192) { - w1[2] = GET_U32_BE(userKey, 6); - w1[3] = GET_U32_BE(userKey, 7); - } - else { - w1[2] = w1[3] = 0; - } - } - else { - w1[0] = w1[1] = w1[2] = w1[3] = 0; - } - - w1[0] ^= reg0; - w1[1] ^= reg1; - w1[2] ^= reg2; - w1[3] ^= reg3; - - reg0 = w1[0]; - reg1 = w1[1]; - reg2 = w1[2]; - reg3 = w1[3]; - - reg0 ^= ck[4]; - reg1 ^= ck[5]; - reg2 ^= ck[6]; - reg3 ^= ck[7]; - - ARIA_SUBST_DIFF_EVEN(reg0, reg1, reg2, reg3); - - reg0 ^= w0[0]; - reg1 ^= w0[1]; - reg2 ^= w0[2]; - reg3 ^= w0[3]; - - w2[0] = reg0; - w2[1] = reg1; - w2[2] = reg2; - w2[3] = reg3; - - reg0 ^= ck[8]; - reg1 ^= ck[9]; - reg2 ^= ck[10]; - reg3 ^= ck[11]; - - ARIA_SUBST_DIFF_ODD(reg0, reg1, reg2, reg3); - - w3[0] = reg0 ^ w1[0]; - w3[1] = reg1 ^ w1[1]; - w3[2] = reg2 ^ w1[2]; - w3[3] = reg3 ^ w1[3]; - - ARIA_GSRK(rk, w0, w1, 19); - rk++; - ARIA_GSRK(rk, w1, w2, 19); - rk++; - ARIA_GSRK(rk, w2, w3, 19); - rk++; - ARIA_GSRK(rk, w3, w0, 19); - - rk++; - ARIA_GSRK(rk, w0, w1, 31); - rk++; - ARIA_GSRK(rk, w1, w2, 31); - rk++; - ARIA_GSRK(rk, w2, w3, 31); - rk++; - ARIA_GSRK(rk, w3, w0, 31); - - rk++; - ARIA_GSRK(rk, w0, w1, 67); - rk++; - ARIA_GSRK(rk, w1, w2, 67); - rk++; - ARIA_GSRK(rk, w2, w3, 67); - rk++; - ARIA_GSRK(rk, w3, w0, 67); - - rk++; - ARIA_GSRK(rk, w0, w1, 97); - if (bits > 128) { - rk++; - ARIA_GSRK(rk, w1, w2, 97); - rk++; - ARIA_GSRK(rk, w2, w3, 97); - } - if (bits > 192) { - rk++; - ARIA_GSRK(rk, w3, w0, 97); - - rk++; - ARIA_GSRK(rk, w0, w1, 109); - } - - return 0; -} - -int ossl_aria_set_decrypt_key(const unsigned char *userKey, const int bits, - ARIA_KEY *key) -{ - ARIA_u128 *rk_head; - ARIA_u128 *rk_tail; - register uint32_t w1, w2; - register uint32_t reg0, reg1, reg2, reg3; - uint32_t s0, s1, s2, s3; - - const int r = ossl_aria_set_encrypt_key(userKey, bits, key); - - if (r != 0) { - return r; - } - - rk_head = key->rd_key; - rk_tail = rk_head + key->rounds; - - reg0 = rk_head->u[0]; - reg1 = rk_head->u[1]; - reg2 = rk_head->u[2]; - reg3 = rk_head->u[3]; - - memcpy(rk_head, rk_tail, ARIA_BLOCK_SIZE); - - rk_tail->u[0] = reg0; - rk_tail->u[1] = reg1; - rk_tail->u[2] = reg2; - rk_tail->u[3] = reg3; - - rk_head++; - rk_tail--; - - for (; rk_head < rk_tail; rk_head++, rk_tail--) { - ARIA_DEC_DIFF_BYTE(rk_head->u[0], reg0, w1, w2); - ARIA_DEC_DIFF_BYTE(rk_head->u[1], reg1, w1, w2); - ARIA_DEC_DIFF_BYTE(rk_head->u[2], reg2, w1, w2); - ARIA_DEC_DIFF_BYTE(rk_head->u[3], reg3, w1, w2); - - ARIA_DIFF_WORD(reg0, reg1, reg2, reg3); - ARIA_DIFF_BYTE(reg0, reg1, reg2, reg3); - ARIA_DIFF_WORD(reg0, reg1, reg2, reg3); - - s0 = reg0; - s1 = reg1; - s2 = reg2; - s3 = reg3; - - ARIA_DEC_DIFF_BYTE(rk_tail->u[0], reg0, w1, w2); - ARIA_DEC_DIFF_BYTE(rk_tail->u[1], reg1, w1, w2); - ARIA_DEC_DIFF_BYTE(rk_tail->u[2], reg2, w1, w2); - ARIA_DEC_DIFF_BYTE(rk_tail->u[3], reg3, w1, w2); - - ARIA_DIFF_WORD(reg0, reg1, reg2, reg3); - ARIA_DIFF_BYTE(reg0, reg1, reg2, reg3); - ARIA_DIFF_WORD(reg0, reg1, reg2, reg3); - - rk_head->u[0] = reg0; - rk_head->u[1] = reg1; - rk_head->u[2] = reg2; - rk_head->u[3] = reg3; - - rk_tail->u[0] = s0; - rk_tail->u[1] = s1; - rk_tail->u[2] = s2; - rk_tail->u[3] = s3; - } - ARIA_DEC_DIFF_BYTE(rk_head->u[0], reg0, w1, w2); - ARIA_DEC_DIFF_BYTE(rk_head->u[1], reg1, w1, w2); - ARIA_DEC_DIFF_BYTE(rk_head->u[2], reg2, w1, w2); - ARIA_DEC_DIFF_BYTE(rk_head->u[3], reg3, w1, w2); - - ARIA_DIFF_WORD(reg0, reg1, reg2, reg3); - ARIA_DIFF_BYTE(reg0, reg1, reg2, reg3); - ARIA_DIFF_WORD(reg0, reg1, reg2, reg3); - - rk_tail->u[0] = reg0; - rk_tail->u[1] = reg1; - rk_tail->u[2] = reg2; - rk_tail->u[3] = reg3; - - return 0; -} - -#else - -static const unsigned char sb1[256] = { - 0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5, - 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76, - 0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0, - 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0, - 0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc, - 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15, - 0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a, - 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75, - 0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0, - 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84, - 0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b, - 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf, - 0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85, - 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8, - 0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5, - 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2, - 0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17, - 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73, - 0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88, - 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb, - 0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c, - 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79, - 0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9, - 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08, - 0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6, - 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a, - 0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e, - 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e, - 0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94, - 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf, - 0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68, - 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16 -}; - -static const unsigned char sb2[256] = { - 0xe2, 0x4e, 0x54, 0xfc, 0x94, 0xc2, 0x4a, 0xcc, - 0x62, 0x0d, 0x6a, 0x46, 0x3c, 0x4d, 0x8b, 0xd1, - 0x5e, 0xfa, 0x64, 0xcb, 0xb4, 0x97, 0xbe, 0x2b, - 0xbc, 0x77, 0x2e, 0x03, 0xd3, 0x19, 0x59, 0xc1, - 0x1d, 0x06, 0x41, 0x6b, 0x55, 0xf0, 0x99, 0x69, - 0xea, 0x9c, 0x18, 0xae, 0x63, 0xdf, 0xe7, 0xbb, - 0x00, 0x73, 0x66, 0xfb, 0x96, 0x4c, 0x85, 0xe4, - 0x3a, 0x09, 0x45, 0xaa, 0x0f, 0xee, 0x10, 0xeb, - 0x2d, 0x7f, 0xf4, 0x29, 0xac, 0xcf, 0xad, 0x91, - 0x8d, 0x78, 0xc8, 0x95, 0xf9, 0x2f, 0xce, 0xcd, - 0x08, 0x7a, 0x88, 0x38, 0x5c, 0x83, 0x2a, 0x28, - 0x47, 0xdb, 0xb8, 0xc7, 0x93, 0xa4, 0x12, 0x53, - 0xff, 0x87, 0x0e, 0x31, 0x36, 0x21, 0x58, 0x48, - 0x01, 0x8e, 0x37, 0x74, 0x32, 0xca, 0xe9, 0xb1, - 0xb7, 0xab, 0x0c, 0xd7, 0xc4, 0x56, 0x42, 0x26, - 0x07, 0x98, 0x60, 0xd9, 0xb6, 0xb9, 0x11, 0x40, - 0xec, 0x20, 0x8c, 0xbd, 0xa0, 0xc9, 0x84, 0x04, - 0x49, 0x23, 0xf1, 0x4f, 0x50, 0x1f, 0x13, 0xdc, - 0xd8, 0xc0, 0x9e, 0x57, 0xe3, 0xc3, 0x7b, 0x65, - 0x3b, 0x02, 0x8f, 0x3e, 0xe8, 0x25, 0x92, 0xe5, - 0x15, 0xdd, 0xfd, 0x17, 0xa9, 0xbf, 0xd4, 0x9a, - 0x7e, 0xc5, 0x39, 0x67, 0xfe, 0x76, 0x9d, 0x43, - 0xa7, 0xe1, 0xd0, 0xf5, 0x68, 0xf2, 0x1b, 0x34, - 0x70, 0x05, 0xa3, 0x8a, 0xd5, 0x79, 0x86, 0xa8, - 0x30, 0xc6, 0x51, 0x4b, 0x1e, 0xa6, 0x27, 0xf6, - 0x35, 0xd2, 0x6e, 0x24, 0x16, 0x82, 0x5f, 0xda, - 0xe6, 0x75, 0xa2, 0xef, 0x2c, 0xb2, 0x1c, 0x9f, - 0x5d, 0x6f, 0x80, 0x0a, 0x72, 0x44, 0x9b, 0x6c, - 0x90, 0x0b, 0x5b, 0x33, 0x7d, 0x5a, 0x52, 0xf3, - 0x61, 0xa1, 0xf7, 0xb0, 0xd6, 0x3f, 0x7c, 0x6d, - 0xed, 0x14, 0xe0, 0xa5, 0x3d, 0x22, 0xb3, 0xf8, - 0x89, 0xde, 0x71, 0x1a, 0xaf, 0xba, 0xb5, 0x81 -}; - -static const unsigned char sb3[256] = { - 0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38, - 0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb, - 0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87, - 0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb, - 0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d, - 0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e, - 0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2, - 0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25, - 0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16, - 0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92, - 0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda, - 0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84, - 0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a, - 0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06, - 0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02, - 0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b, - 0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea, - 0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73, - 0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85, - 0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e, - 0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89, - 0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b, - 0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20, - 0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4, - 0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31, - 0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f, - 0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d, - 0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef, - 0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0, - 0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61, - 0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26, - 0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d -}; - -static const unsigned char sb4[256] = { - 0x30, 0x68, 0x99, 0x1b, 0x87, 0xb9, 0x21, 0x78, - 0x50, 0x39, 0xdb, 0xe1, 0x72, 0x09, 0x62, 0x3c, - 0x3e, 0x7e, 0x5e, 0x8e, 0xf1, 0xa0, 0xcc, 0xa3, - 0x2a, 0x1d, 0xfb, 0xb6, 0xd6, 0x20, 0xc4, 0x8d, - 0x81, 0x65, 0xf5, 0x89, 0xcb, 0x9d, 0x77, 0xc6, - 0x57, 0x43, 0x56, 0x17, 0xd4, 0x40, 0x1a, 0x4d, - 0xc0, 0x63, 0x6c, 0xe3, 0xb7, 0xc8, 0x64, 0x6a, - 0x53, 0xaa, 0x38, 0x98, 0x0c, 0xf4, 0x9b, 0xed, - 0x7f, 0x22, 0x76, 0xaf, 0xdd, 0x3a, 0x0b, 0x58, - 0x67, 0x88, 0x06, 0xc3, 0x35, 0x0d, 0x01, 0x8b, - 0x8c, 0xc2, 0xe6, 0x5f, 0x02, 0x24, 0x75, 0x93, - 0x66, 0x1e, 0xe5, 0xe2, 0x54, 0xd8, 0x10, 0xce, - 0x7a, 0xe8, 0x08, 0x2c, 0x12, 0x97, 0x32, 0xab, - 0xb4, 0x27, 0x0a, 0x23, 0xdf, 0xef, 0xca, 0xd9, - 0xb8, 0xfa, 0xdc, 0x31, 0x6b, 0xd1, 0xad, 0x19, - 0x49, 0xbd, 0x51, 0x96, 0xee, 0xe4, 0xa8, 0x41, - 0xda, 0xff, 0xcd, 0x55, 0x86, 0x36, 0xbe, 0x61, - 0x52, 0xf8, 0xbb, 0x0e, 0x82, 0x48, 0x69, 0x9a, - 0xe0, 0x47, 0x9e, 0x5c, 0x04, 0x4b, 0x34, 0x15, - 0x79, 0x26, 0xa7, 0xde, 0x29, 0xae, 0x92, 0xd7, - 0x84, 0xe9, 0xd2, 0xba, 0x5d, 0xf3, 0xc5, 0xb0, - 0xbf, 0xa4, 0x3b, 0x71, 0x44, 0x46, 0x2b, 0xfc, - 0xeb, 0x6f, 0xd5, 0xf6, 0x14, 0xfe, 0x7c, 0x70, - 0x5a, 0x7d, 0xfd, 0x2f, 0x18, 0x83, 0x16, 0xa5, - 0x91, 0x1f, 0x05, 0x95, 0x74, 0xa9, 0xc1, 0x5b, - 0x4a, 0x85, 0x6d, 0x13, 0x07, 0x4f, 0x4e, 0x45, - 0xb2, 0x0f, 0xc9, 0x1c, 0xa6, 0xbc, 0xec, 0x73, - 0x90, 0x7b, 0xcf, 0x59, 0x8f, 0xa1, 0xf9, 0x2d, - 0xf2, 0xb1, 0x00, 0x94, 0x37, 0x9f, 0xd0, 0x2e, - 0x9c, 0x6e, 0x28, 0x3f, 0x80, 0xf0, 0x3d, 0xd3, - 0x25, 0x8a, 0xb5, 0xe7, 0x42, 0xb3, 0xc7, 0xea, - 0xf7, 0x4c, 0x11, 0x33, 0x03, 0xa2, 0xac, 0x60 -}; - -static const ARIA_u128 c1 = {{ - 0x51, 0x7c, 0xc1, 0xb7, 0x27, 0x22, 0x0a, 0x94, - 0xfe, 0x13, 0xab, 0xe8, 0xfa, 0x9a, 0x6e, 0xe0 -}}; - -static const ARIA_u128 c2 = {{ - 0x6d, 0xb1, 0x4a, 0xcc, 0x9e, 0x21, 0xc8, 0x20, - 0xff, 0x28, 0xb1, 0xd5, 0xef, 0x5d, 0xe2, 0xb0 -}}; - -static const ARIA_u128 c3 = {{ - 0xdb, 0x92, 0x37, 0x1d, 0x21, 0x26, 0xe9, 0x70, - 0x03, 0x24, 0x97, 0x75, 0x04, 0xe8, 0xc9, 0x0e -}}; - -/* - * Exclusive or two 128 bit values into the result. - * It is safe for the result to be the same as the either input. - */ -static void xor128(ARIA_c128 o, const ARIA_c128 x, const ARIA_u128 *y) -{ - int i; - - for (i = 0; i < ARIA_BLOCK_SIZE; i++) - o[i] = x[i] ^ y->c[i]; -} - -/* - * Generalised circular rotate right and exclusive or function. - * It is safe for the output to overlap either input. - */ -static ossl_inline void rotnr(unsigned int n, ARIA_u128 *o, - const ARIA_u128 *xor, const ARIA_u128 *z) -{ - const unsigned int bytes = n / 8, bits = n % 8; - unsigned int i; - ARIA_u128 t; - - for (i = 0; i < ARIA_BLOCK_SIZE; i++) - t.c[(i + bytes) % ARIA_BLOCK_SIZE] = z->c[i]; - for (i = 0; i < ARIA_BLOCK_SIZE; i++) - o->c[i] = ((t.c[i] >> bits) | - (t.c[i ? i - 1 : ARIA_BLOCK_SIZE - 1] << (8 - bits))) ^ - xor->c[i]; -} - -/* - * Circular rotate 19 bits right and xor. - * It is safe for the output to overlap either input. - */ -static void rot19r(ARIA_u128 *o, const ARIA_u128 *xor, const ARIA_u128 *z) -{ - rotnr(19, o, xor, z); -} - -/* - * Circular rotate 31 bits right and xor. - * It is safe for the output to overlap either input. - */ -static void rot31r(ARIA_u128 *o, const ARIA_u128 *xor, const ARIA_u128 *z) -{ - rotnr(31, o, xor, z); -} - -/* - * Circular rotate 61 bits left and xor. - * It is safe for the output to overlap either input. - */ -static void rot61l(ARIA_u128 *o, const ARIA_u128 *xor, const ARIA_u128 *z) -{ - rotnr(8 * ARIA_BLOCK_SIZE - 61, o, xor, z); -} - -/* - * Circular rotate 31 bits left and xor. - * It is safe for the output to overlap either input. - */ -static void rot31l(ARIA_u128 *o, const ARIA_u128 *xor, const ARIA_u128 *z) -{ - rotnr(8 * ARIA_BLOCK_SIZE - 31, o, xor, z); -} - -/* - * Circular rotate 19 bits left and xor. - * It is safe for the output to overlap either input. - */ -static void rot19l(ARIA_u128 *o, const ARIA_u128 *xor, const ARIA_u128 *z) -{ - rotnr(8 * ARIA_BLOCK_SIZE - 19, o, xor, z); -} - -/* - * First substitution and xor layer, used for odd steps. - * It is safe for the input and output to be the same. - */ -static void sl1(ARIA_u128 *o, const ARIA_u128 *x, const ARIA_u128 *y) -{ - unsigned int i; - for (i = 0; i < ARIA_BLOCK_SIZE; i += 4) { - o->c[i ] = sb1[x->c[i ] ^ y->c[i ]]; - o->c[i + 1] = sb2[x->c[i + 1] ^ y->c[i + 1]]; - o->c[i + 2] = sb3[x->c[i + 2] ^ y->c[i + 2]]; - o->c[i + 3] = sb4[x->c[i + 3] ^ y->c[i + 3]]; - } -} - -/* - * Second substitution and xor layer, used for even steps. - * It is safe for the input and output to be the same. - */ -static void sl2(ARIA_c128 o, const ARIA_u128 *x, const ARIA_u128 *y) -{ - unsigned int i; - for (i = 0; i < ARIA_BLOCK_SIZE; i += 4) { - o[i ] = sb3[x->c[i ] ^ y->c[i ]]; - o[i + 1] = sb4[x->c[i + 1] ^ y->c[i + 1]]; - o[i + 2] = sb1[x->c[i + 2] ^ y->c[i + 2]]; - o[i + 3] = sb2[x->c[i + 3] ^ y->c[i + 3]]; - } -} - -/* - * Diffusion layer step - * It is NOT safe for the input and output to overlap. - */ -static void a(ARIA_u128 *y, const ARIA_u128 *x) -{ - y->c[ 0] = x->c[ 3] ^ x->c[ 4] ^ x->c[ 6] ^ x->c[ 8] ^ - x->c[ 9] ^ x->c[13] ^ x->c[14]; - y->c[ 1] = x->c[ 2] ^ x->c[ 5] ^ x->c[ 7] ^ x->c[ 8] ^ - x->c[ 9] ^ x->c[12] ^ x->c[15]; - y->c[ 2] = x->c[ 1] ^ x->c[ 4] ^ x->c[ 6] ^ x->c[10] ^ - x->c[11] ^ x->c[12] ^ x->c[15]; - y->c[ 3] = x->c[ 0] ^ x->c[ 5] ^ x->c[ 7] ^ x->c[10] ^ - x->c[11] ^ x->c[13] ^ x->c[14]; - y->c[ 4] = x->c[ 0] ^ x->c[ 2] ^ x->c[ 5] ^ x->c[ 8] ^ - x->c[11] ^ x->c[14] ^ x->c[15]; - y->c[ 5] = x->c[ 1] ^ x->c[ 3] ^ x->c[ 4] ^ x->c[ 9] ^ - x->c[10] ^ x->c[14] ^ x->c[15]; - y->c[ 6] = x->c[ 0] ^ x->c[ 2] ^ x->c[ 7] ^ x->c[ 9] ^ - x->c[10] ^ x->c[12] ^ x->c[13]; - y->c[ 7] = x->c[ 1] ^ x->c[ 3] ^ x->c[ 6] ^ x->c[ 8] ^ - x->c[11] ^ x->c[12] ^ x->c[13]; - y->c[ 8] = x->c[ 0] ^ x->c[ 1] ^ x->c[ 4] ^ x->c[ 7] ^ - x->c[10] ^ x->c[13] ^ x->c[15]; - y->c[ 9] = x->c[ 0] ^ x->c[ 1] ^ x->c[ 5] ^ x->c[ 6] ^ - x->c[11] ^ x->c[12] ^ x->c[14]; - y->c[10] = x->c[ 2] ^ x->c[ 3] ^ x->c[ 5] ^ x->c[ 6] ^ - x->c[ 8] ^ x->c[13] ^ x->c[15]; - y->c[11] = x->c[ 2] ^ x->c[ 3] ^ x->c[ 4] ^ x->c[ 7] ^ - x->c[ 9] ^ x->c[12] ^ x->c[14]; - y->c[12] = x->c[ 1] ^ x->c[ 2] ^ x->c[ 6] ^ x->c[ 7] ^ - x->c[ 9] ^ x->c[11] ^ x->c[12]; - y->c[13] = x->c[ 0] ^ x->c[ 3] ^ x->c[ 6] ^ x->c[ 7] ^ - x->c[ 8] ^ x->c[10] ^ x->c[13]; - y->c[14] = x->c[ 0] ^ x->c[ 3] ^ x->c[ 4] ^ x->c[ 5] ^ - x->c[ 9] ^ x->c[11] ^ x->c[14]; - y->c[15] = x->c[ 1] ^ x->c[ 2] ^ x->c[ 4] ^ x->c[ 5] ^ - x->c[ 8] ^ x->c[10] ^ x->c[15]; -} - -/* - * Odd round function - * Apply the first substitution layer and then a diffusion step. - * It is safe for the input and output to overlap. - */ -static ossl_inline void FO(ARIA_u128 *o, const ARIA_u128 *d, - const ARIA_u128 *rk) -{ - ARIA_u128 y; - - sl1(&y, d, rk); - a(o, &y); -} - -/* - * Even round function - * Apply the second substitution layer and then a diffusion step. - * It is safe for the input and output to overlap. - */ -static ossl_inline void FE(ARIA_u128 *o, const ARIA_u128 *d, - const ARIA_u128 *rk) -{ - ARIA_u128 y; - - sl2(y.c, d, rk); - a(o, &y); -} - -/* - * Encrypt or decrypt a single block - * in and out can overlap - */ -static void do_encrypt(unsigned char *o, const unsigned char *pin, - unsigned int rounds, const ARIA_u128 *keys) -{ - ARIA_u128 p; - unsigned int i; - - memcpy(&p, pin, sizeof(p)); - for (i = 0; i < rounds - 2; i += 2) { - FO(&p, &p, &keys[i]); - FE(&p, &p, &keys[i + 1]); - } - FO(&p, &p, &keys[rounds - 2]); - sl2(o, &p, &keys[rounds - 1]); - xor128(o, o, &keys[rounds]); -} - -/* - * Encrypt a single block - * in and out can overlap - */ -void ossl_aria_encrypt(const unsigned char *in, unsigned char *out, - const ARIA_KEY *key) -{ - assert(in != NULL && out != NULL && key != NULL); - do_encrypt(out, in, key->rounds, key->rd_key); -} - - -/* - * Expand the cipher key into the encryption key schedule. - * We short circuit execution of the last two - * or four rotations based on the key size. - */ -int ossl_aria_set_encrypt_key(const unsigned char *userKey, const int bits, - ARIA_KEY *key) -{ - const ARIA_u128 *ck1, *ck2, *ck3; - ARIA_u128 kr, w0, w1, w2, w3; - - if (!userKey || !key) - return -1; - memcpy(w0.c, userKey, sizeof(w0)); - switch (bits) { - default: - return -2; - case 128: - key->rounds = 12; - ck1 = &c1; - ck2 = &c2; - ck3 = &c3; - memset(kr.c, 0, sizeof(kr)); - break; - - case 192: - key->rounds = 14; - ck1 = &c2; - ck2 = &c3; - ck3 = &c1; - memcpy(kr.c, userKey + ARIA_BLOCK_SIZE, sizeof(kr) / 2); - memset(kr.c + ARIA_BLOCK_SIZE / 2, 0, sizeof(kr) / 2); - break; - - case 256: - key->rounds = 16; - ck1 = &c3; - ck2 = &c1; - ck3 = &c2; - memcpy(kr.c, userKey + ARIA_BLOCK_SIZE, sizeof(kr)); - break; - } - - FO(&w3, &w0, ck1); xor128(w1.c, w3.c, &kr); - FE(&w3, &w1, ck2); xor128(w2.c, w3.c, &w0); - FO(&kr, &w2, ck3); xor128(w3.c, kr.c, &w1); - - rot19r(&key->rd_key[ 0], &w0, &w1); - rot19r(&key->rd_key[ 1], &w1, &w2); - rot19r(&key->rd_key[ 2], &w2, &w3); - rot19r(&key->rd_key[ 3], &w3, &w0); - - rot31r(&key->rd_key[ 4], &w0, &w1); - rot31r(&key->rd_key[ 5], &w1, &w2); - rot31r(&key->rd_key[ 6], &w2, &w3); - rot31r(&key->rd_key[ 7], &w3, &w0); - - rot61l(&key->rd_key[ 8], &w0, &w1); - rot61l(&key->rd_key[ 9], &w1, &w2); - rot61l(&key->rd_key[10], &w2, &w3); - rot61l(&key->rd_key[11], &w3, &w0); - - rot31l(&key->rd_key[12], &w0, &w1); - if (key->rounds > 12) { - rot31l(&key->rd_key[13], &w1, &w2); - rot31l(&key->rd_key[14], &w2, &w3); - - if (key->rounds > 14) { - rot31l(&key->rd_key[15], &w3, &w0); - rot19l(&key->rd_key[16], &w0, &w1); - } - } - return 0; -} - -/* - * Expand the cipher key into the decryption key schedule. - */ -int ossl_aria_set_decrypt_key(const unsigned char *userKey, const int bits, - ARIA_KEY *key) -{ - ARIA_KEY ek; - const int r = ossl_aria_set_encrypt_key(userKey, bits, &ek); - unsigned int i, rounds = ek.rounds; - - if (r == 0) { - key->rounds = rounds; - memcpy(&key->rd_key[0], &ek.rd_key[rounds], sizeof(key->rd_key[0])); - for (i = 1; i < rounds; i++) - a(&key->rd_key[i], &ek.rd_key[rounds - i]); - memcpy(&key->rd_key[rounds], &ek.rd_key[0], sizeof(key->rd_key[rounds])); - } - return r; -} - -#endif diff --git a/crypto/arm64cpuid.pl b/crypto/arm64cpuid.pl deleted file mode 100755 index ac76dd449f379bdb027be745666297506169b3b5..0000000000000000000000000000000000000000 --- a/crypto/arm64cpuid.pl +++ /dev/null @@ -1,157 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - - -# $output is the last argument if it looks like a file (it has an extension) -# $flavour is the first argument if it doesn't look like a file -$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; -$flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef; - -$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; -( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or -( $xlate="${dir}perlasm/arm-xlate.pl" and -f $xlate) or -die "can't locate arm-xlate.pl"; - -open OUT,"| \"$^X\" $xlate $flavour \"$output\"" - or die "can't call $xlate: $!"; -*STDOUT=*OUT; - -$code.=<<___; -#include "arm_arch.h" - -.text -.arch armv8-a+crypto - -.align 5 -.globl _armv7_neon_probe -.type _armv7_neon_probe,%function -_armv7_neon_probe: - orr v15.16b, v15.16b, v15.16b - ret -.size _armv7_neon_probe,.-_armv7_neon_probe - -.globl _armv7_tick -.type _armv7_tick,%function -_armv7_tick: -#ifdef __APPLE__ - mrs x0, CNTPCT_EL0 -#else - mrs x0, CNTVCT_EL0 -#endif - ret -.size _armv7_tick,.-_armv7_tick - -.globl _armv8_aes_probe -.type _armv8_aes_probe,%function -_armv8_aes_probe: - aese v0.16b, v0.16b - ret -.size _armv8_aes_probe,.-_armv8_aes_probe - -.globl _armv8_sha1_probe -.type _armv8_sha1_probe,%function -_armv8_sha1_probe: - sha1h s0, s0 - ret -.size _armv8_sha1_probe,.-_armv8_sha1_probe - -.globl _armv8_sha256_probe -.type _armv8_sha256_probe,%function -_armv8_sha256_probe: - sha256su0 v0.4s, v0.4s - ret -.size _armv8_sha256_probe,.-_armv8_sha256_probe - -.globl _armv8_pmull_probe -.type _armv8_pmull_probe,%function -_armv8_pmull_probe: - pmull v0.1q, v0.1d, v0.1d - ret -.size _armv8_pmull_probe,.-_armv8_pmull_probe - -.globl _armv8_sha512_probe -.type _armv8_sha512_probe,%function -_armv8_sha512_probe: - .long 0xcec08000 // sha512su0 v0.2d,v0.2d - ret -.size _armv8_sha512_probe,.-_armv8_sha512_probe - -.globl _armv8_cpuid_probe -.type _armv8_cpuid_probe,%function -_armv8_cpuid_probe: - mrs x0, midr_el1 - ret -.size _armv8_cpuid_probe,.-_armv8_cpuid_probe - -.globl OPENSSL_cleanse -.type OPENSSL_cleanse,%function -.align 5 -OPENSSL_cleanse: - cbz x1,.Lret // len==0? - cmp x1,#15 - b.hi .Lot // len>15 - nop -.Little: - strb wzr,[x0],#1 // store byte-by-byte - subs x1,x1,#1 - b.ne .Little -.Lret: ret - -.align 4 -.Lot: tst x0,#7 - b.eq .Laligned // inp is aligned - strb wzr,[x0],#1 // store byte-by-byte - sub x1,x1,#1 - b .Lot - -.align 4 -.Laligned: - str xzr,[x0],#8 // store word-by-word - sub x1,x1,#8 - tst x1,#-8 - b.ne .Laligned // len>=8 - cbnz x1,.Little // len!=0? - ret -.size OPENSSL_cleanse,.-OPENSSL_cleanse - -.globl CRYPTO_memcmp -.type CRYPTO_memcmp,%function -.align 4 -CRYPTO_memcmp: - eor w3,w3,w3 - cbz x2,.Lno_data // len==0? - cmp x2,#16 - b.ne .Loop_cmp - ldp x8,x9,[x0] - ldp x10,x11,[x1] - eor x8,x8,x10 - eor x9,x9,x11 - orr x8,x8,x9 - mov x0,#1 - cmp x8,#0 - csel x0,xzr,x0,eq - ret - -.align 4 -.Loop_cmp: - ldrb w4,[x0],#1 - ldrb w5,[x1],#1 - eor w4,w4,w5 - orr w3,w3,w4 - subs x2,x2,#1 - b.ne .Loop_cmp - -.Lno_data: - neg w0,w3 - lsr w0,w0,#31 - ret -.size CRYPTO_memcmp,.-CRYPTO_memcmp -___ - -print $code; -close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/arm_arch.h b/crypto/arm_arch.h deleted file mode 100644 index 45d7e1556475404aecf56601747cf84ab10082c9..0000000000000000000000000000000000000000 --- a/crypto/arm_arch.h +++ /dev/null @@ -1,129 +0,0 @@ -/* - * Copyright 2011-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#ifndef OSSL_CRYPTO_ARM_ARCH_H -# define OSSL_CRYPTO_ARM_ARCH_H - -# if !defined(__ARM_ARCH__) -# if defined(__CC_ARM) -# define __ARM_ARCH__ __TARGET_ARCH_ARM -# if defined(__BIG_ENDIAN) -# define __ARMEB__ -# else -# define __ARMEL__ -# endif -# elif defined(__GNUC__) -# if defined(__aarch64__) -# define __ARM_ARCH__ 8 -# if __BYTE_ORDER__==__ORDER_BIG_ENDIAN__ -# define __ARMEB__ -# else -# define __ARMEL__ -# endif - /* - * Why doesn't gcc define __ARM_ARCH__? Instead it defines - * bunch of below macros. See all_architectures[] table in - * gcc/config/arm/arm.c. On a side note it defines - * __ARMEL__/__ARMEB__ for little-/big-endian. - */ -# elif defined(__ARM_ARCH) -# define __ARM_ARCH__ __ARM_ARCH -# elif defined(__ARM_ARCH_8A__) -# define __ARM_ARCH__ 8 -# elif defined(__ARM_ARCH_7__) || defined(__ARM_ARCH_7A__) || \ - defined(__ARM_ARCH_7R__)|| defined(__ARM_ARCH_7M__) || \ - defined(__ARM_ARCH_7EM__) -# define __ARM_ARCH__ 7 -# elif defined(__ARM_ARCH_6__) || defined(__ARM_ARCH_6J__) || \ - defined(__ARM_ARCH_6K__)|| defined(__ARM_ARCH_6M__) || \ - defined(__ARM_ARCH_6Z__)|| defined(__ARM_ARCH_6ZK__) || \ - defined(__ARM_ARCH_6T2__) -# define __ARM_ARCH__ 6 -# elif defined(__ARM_ARCH_5__) || defined(__ARM_ARCH_5T__) || \ - defined(__ARM_ARCH_5E__)|| defined(__ARM_ARCH_5TE__) || \ - defined(__ARM_ARCH_5TEJ__) -# define __ARM_ARCH__ 5 -# elif defined(__ARM_ARCH_4__) || defined(__ARM_ARCH_4T__) -# define __ARM_ARCH__ 4 -# else -# error "unsupported ARM architecture" -# endif -# endif -# endif - -# if !defined(__ARM_MAX_ARCH__) -# define __ARM_MAX_ARCH__ __ARM_ARCH__ -# endif - -# if __ARM_MAX_ARCH__<__ARM_ARCH__ -# error "__ARM_MAX_ARCH__ can't be less than __ARM_ARCH__" -# elif __ARM_MAX_ARCH__!=__ARM_ARCH__ -# if __ARM_ARCH__<7 && __ARM_MAX_ARCH__>=7 && defined(__ARMEB__) -# error "can't build universal big-endian binary" -# endif -# endif - -# ifndef __ASSEMBLER__ -extern unsigned int OPENSSL_armcap_P; -extern unsigned int OPENSSL_arm_midr; -extern unsigned int OPENSSL_armv8_rsa_neonized; -# endif - -# define ARMV7_NEON (1<<0) -# define ARMV7_TICK (1<<1) -# define ARMV8_AES (1<<2) -# define ARMV8_SHA1 (1<<3) -# define ARMV8_SHA256 (1<<4) -# define ARMV8_PMULL (1<<5) -# define ARMV8_SHA512 (1<<6) -# define ARMV8_CPUID (1<<7) - -/* - * MIDR_EL1 system register - * - * 63___ _ ___32_31___ _ ___24_23_____20_19_____16_15__ _ __4_3_______0 - * | | | | | | | - * |RES0 | Implementer | Variant | Arch | PartNum |Revision| - * |____ _ _____|_____ _ _____|_________|_______ _|____ _ ___|________| - * - */ - -# define ARM_CPU_IMP_ARM 0x41 - -# define ARM_CPU_PART_CORTEX_A72 0xD08 -# define ARM_CPU_PART_N1 0xD0C - -# define MIDR_PARTNUM_SHIFT 4 -# define MIDR_PARTNUM_MASK (0xfffU << MIDR_PARTNUM_SHIFT) -# define MIDR_PARTNUM(midr) \ - (((midr) & MIDR_PARTNUM_MASK) >> MIDR_PARTNUM_SHIFT) - -# define MIDR_IMPLEMENTER_SHIFT 24 -# define MIDR_IMPLEMENTER_MASK (0xffU << MIDR_IMPLEMENTER_SHIFT) -# define MIDR_IMPLEMENTER(midr) \ - (((midr) & MIDR_IMPLEMENTER_MASK) >> MIDR_IMPLEMENTER_SHIFT) - -# define MIDR_ARCHITECTURE_SHIFT 16 -# define MIDR_ARCHITECTURE_MASK (0xfU << MIDR_ARCHITECTURE_SHIFT) -# define MIDR_ARCHITECTURE(midr) \ - (((midr) & MIDR_ARCHITECTURE_MASK) >> MIDR_ARCHITECTURE_SHIFT) - -# define MIDR_CPU_MODEL_MASK \ - (MIDR_IMPLEMENTER_MASK | \ - MIDR_PARTNUM_MASK | \ - MIDR_ARCHITECTURE_MASK) - -# define MIDR_CPU_MODEL(imp, partnum) \ - (((imp) << MIDR_IMPLEMENTER_SHIFT) | \ - (0xfU << MIDR_ARCHITECTURE_SHIFT) | \ - ((partnum) << MIDR_PARTNUM_SHIFT)) - -# define MIDR_IS_CPU_MODEL(midr, imp, partnum) \ - (((midr) & MIDR_CPU_MODEL_MASK) == MIDR_CPU_MODEL(imp, partnum)) -#endif diff --git a/crypto/armcap.c b/crypto/armcap.c deleted file mode 100644 index c021330e32fd3c7faf448b49659f5ce3d0b0ec28..0000000000000000000000000000000000000000 --- a/crypto/armcap.c +++ /dev/null @@ -1,280 +0,0 @@ -/* - * Copyright 2011-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include -#include -#include -#ifdef __APPLE__ -#include -#endif -#include "internal/cryptlib.h" - -#include "arm_arch.h" - -unsigned int OPENSSL_armcap_P = 0; -unsigned int OPENSSL_arm_midr = 0; -unsigned int OPENSSL_armv8_rsa_neonized = 0; - -#if __ARM_MAX_ARCH__<7 -void OPENSSL_cpuid_setup(void) -{ -} - -uint32_t OPENSSL_rdtsc(void) -{ - return 0; -} -#else -static sigset_t all_masked; - -static sigjmp_buf ill_jmp; -static void ill_handler(int sig) -{ - siglongjmp(ill_jmp, sig); -} - -/* - * Following subroutines could have been inlined, but it's not all - * ARM compilers support inline assembler... - */ -void _armv7_neon_probe(void); -void _armv8_aes_probe(void); -void _armv8_sha1_probe(void); -void _armv8_sha256_probe(void); -void _armv8_pmull_probe(void); -# ifdef __aarch64__ -void _armv8_sha512_probe(void); -unsigned int _armv8_cpuid_probe(void); -# endif -uint32_t _armv7_tick(void); - -uint32_t OPENSSL_rdtsc(void) -{ - if (OPENSSL_armcap_P & ARMV7_TICK) - return _armv7_tick(); - else - return 0; -} - -# if defined(__GNUC__) && __GNUC__>=2 -void OPENSSL_cpuid_setup(void) __attribute__ ((constructor)); -# endif - -# if defined(__GLIBC__) && defined(__GLIBC_PREREQ) -# if __GLIBC_PREREQ(2, 16) -# include -# define OSSL_IMPLEMENT_GETAUXVAL -# endif -# elif defined(__ANDROID_API__) -/* see https://developer.android.google.cn/ndk/guides/cpu-features */ -# if __ANDROID_API__ >= 18 -# include -# define OSSL_IMPLEMENT_GETAUXVAL -# endif -# endif -# if defined(__FreeBSD__) -# include -# if __FreeBSD_version >= 1200000 -# include -# define OSSL_IMPLEMENT_GETAUXVAL - -static unsigned long getauxval(unsigned long key) -{ - unsigned long val = 0ul; - - if (elf_aux_info((int)key, &val, sizeof(val)) != 0) - return 0ul; - - return val; -} -# endif -# endif - -/* - * Android: according to https://developer.android.com/ndk/guides/cpu-features, - * getauxval is supported starting with API level 18 - */ -# if defined(__ANDROID__) && defined(__ANDROID_API__) && __ANDROID_API__ >= 18 -# include -# define OSSL_IMPLEMENT_GETAUXVAL -# endif - -/* - * ARM puts the feature bits for Crypto Extensions in AT_HWCAP2, whereas - * AArch64 used AT_HWCAP. - */ -# ifndef AT_HWCAP -# define AT_HWCAP 16 -# endif -# ifndef AT_HWCAP2 -# define AT_HWCAP2 26 -# endif -# if defined(__arm__) || defined (__arm) -# define HWCAP AT_HWCAP -# define HWCAP_NEON (1 << 12) - -# define HWCAP_CE AT_HWCAP2 -# define HWCAP_CE_AES (1 << 0) -# define HWCAP_CE_PMULL (1 << 1) -# define HWCAP_CE_SHA1 (1 << 2) -# define HWCAP_CE_SHA256 (1 << 3) -# elif defined(__aarch64__) -# define HWCAP AT_HWCAP -# define HWCAP_NEON (1 << 1) - -# define HWCAP_CE HWCAP -# define HWCAP_CE_AES (1 << 3) -# define HWCAP_CE_PMULL (1 << 4) -# define HWCAP_CE_SHA1 (1 << 5) -# define HWCAP_CE_SHA256 (1 << 6) -# define HWCAP_CPUID (1 << 11) -# define HWCAP_CE_SHA512 (1 << 21) -# endif - -void OPENSSL_cpuid_setup(void) -{ - const char *e; - struct sigaction ill_oact, ill_act; - sigset_t oset; - static int trigger = 0; - - if (trigger) - return; - trigger = 1; - - OPENSSL_armcap_P = 0; - - if ((e = getenv("OPENSSL_armcap"))) { - OPENSSL_armcap_P = (unsigned int)strtoul(e, NULL, 0); - return; - } - -# if defined(__APPLE__) -# if !defined(__aarch64__) - /* - * Capability probing by catching SIGILL appears to be problematic - * on iOS. But since Apple universe is "monocultural", it's actually - * possible to simply set pre-defined processor capability mask. - */ - if (1) { - OPENSSL_armcap_P = ARMV7_NEON; - return; - } - /* - * One could do same even for __aarch64__ iOS builds. It's not done - * exclusively for reasons of keeping code unified across platforms. - * Unified code works because it never triggers SIGILL on Apple - * devices... - */ -# else - { - unsigned int sha512; - size_t len = sizeof(sha512); - - if (sysctlbyname("hw.optional.armv8_2_sha512", &sha512, &len, NULL, 0) == 0 && sha512 == 1) - OPENSSL_armcap_P |= ARMV8_SHA512; - } -# endif -# endif - -# ifdef OSSL_IMPLEMENT_GETAUXVAL - if (getauxval(HWCAP) & HWCAP_NEON) { - unsigned long hwcap = getauxval(HWCAP_CE); - - OPENSSL_armcap_P |= ARMV7_NEON; - - if (hwcap & HWCAP_CE_AES) - OPENSSL_armcap_P |= ARMV8_AES; - - if (hwcap & HWCAP_CE_PMULL) - OPENSSL_armcap_P |= ARMV8_PMULL; - - if (hwcap & HWCAP_CE_SHA1) - OPENSSL_armcap_P |= ARMV8_SHA1; - - if (hwcap & HWCAP_CE_SHA256) - OPENSSL_armcap_P |= ARMV8_SHA256; - -# ifdef __aarch64__ - if (hwcap & HWCAP_CE_SHA512) - OPENSSL_armcap_P |= ARMV8_SHA512; - - if (hwcap & HWCAP_CPUID) - OPENSSL_armcap_P |= ARMV8_CPUID; -# endif - } -# endif - - sigfillset(&all_masked); - sigdelset(&all_masked, SIGILL); - sigdelset(&all_masked, SIGTRAP); - sigdelset(&all_masked, SIGFPE); - sigdelset(&all_masked, SIGBUS); - sigdelset(&all_masked, SIGSEGV); - - memset(&ill_act, 0, sizeof(ill_act)); - ill_act.sa_handler = ill_handler; - ill_act.sa_mask = all_masked; - - sigprocmask(SIG_SETMASK, &ill_act.sa_mask, &oset); - sigaction(SIGILL, &ill_act, &ill_oact); - - /* If we used getauxval, we already have all the values */ -# ifndef OSSL_IMPLEMENT_GETAUXVAL - if (sigsetjmp(ill_jmp, 1) == 0) { - _armv7_neon_probe(); - OPENSSL_armcap_P |= ARMV7_NEON; - if (sigsetjmp(ill_jmp, 1) == 0) { - _armv8_pmull_probe(); - OPENSSL_armcap_P |= ARMV8_PMULL | ARMV8_AES; - } else if (sigsetjmp(ill_jmp, 1) == 0) { - _armv8_aes_probe(); - OPENSSL_armcap_P |= ARMV8_AES; - } - if (sigsetjmp(ill_jmp, 1) == 0) { - _armv8_sha1_probe(); - OPENSSL_armcap_P |= ARMV8_SHA1; - } - if (sigsetjmp(ill_jmp, 1) == 0) { - _armv8_sha256_probe(); - OPENSSL_armcap_P |= ARMV8_SHA256; - } -# if defined(__aarch64__) && !defined(__APPLE__) - if (sigsetjmp(ill_jmp, 1) == 0) { - _armv8_sha512_probe(); - OPENSSL_armcap_P |= ARMV8_SHA512; - } -# endif - } -# endif - - /* - * Probing for ARMV7_TICK is known to produce unreliable results, - * so we will only use the feature when the user explicitly enables - * it with OPENSSL_armcap. - */ - - sigaction(SIGILL, &ill_oact, NULL); - sigprocmask(SIG_SETMASK, &oset, NULL); - -# ifdef __aarch64__ - if (OPENSSL_armcap_P & ARMV8_CPUID) - OPENSSL_arm_midr = _armv8_cpuid_probe(); - - if ((MIDR_IS_CPU_MODEL(OPENSSL_arm_midr, ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A72) || - MIDR_IS_CPU_MODEL(OPENSSL_arm_midr, ARM_CPU_IMP_ARM, ARM_CPU_PART_N1)) && - (OPENSSL_armcap_P & ARMV7_NEON)) { - OPENSSL_armv8_rsa_neonized = 1; - } -# endif -} -#endif diff --git a/crypto/armv4cpuid.pl b/crypto/armv4cpuid.pl deleted file mode 100644 index 8991fd4afe8e69c067c9ce049f6171fd83189dde..0000000000000000000000000000000000000000 --- a/crypto/armv4cpuid.pl +++ /dev/null @@ -1,300 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - - -# $output is the last argument if it looks like a file (it has an extension) -# $flavour is the first argument if it doesn't look like a file -$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; -$flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef; - -$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; -( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or -( $xlate="${dir}perlasm/arm-xlate.pl" and -f $xlate) or -die "can't locate arm-xlate.pl"; - -open OUT,"| \"$^X\" $xlate $flavour \"$output\"" - or die "can't call $xlate: $!"; -*STDOUT=*OUT; - -$code.=<<___; -#include "arm_arch.h" - -#if defined(__thumb2__) && !defined(__APPLE__) -.syntax unified -.thumb -#else -.code 32 -#undef __thumb2__ -#endif - -.text - -.align 5 -.global OPENSSL_atomic_add -.type OPENSSL_atomic_add,%function -OPENSSL_atomic_add: -#if __ARM_ARCH__>=6 -.Ladd: ldrex r2,[r0] - add r3,r2,r1 - strex r2,r3,[r0] - cmp r2,#0 - bne .Ladd - mov r0,r3 - bx lr -#else - stmdb sp!,{r4-r6,lr} - ldr r2,.Lspinlock - adr r3,.Lspinlock - mov r4,r0 - mov r5,r1 - add r6,r3,r2 @ &spinlock - b .+8 -.Lspin: bl sched_yield - mov r0,#-1 - swp r0,r0,[r6] - cmp r0,#0 - bne .Lspin - - ldr r2,[r4] - add r2,r2,r5 - str r2,[r4] - str r0,[r6] @ release spinlock - ldmia sp!,{r4-r6,lr} - tst lr,#1 - moveq pc,lr - .word 0xe12fff1e @ bx lr -#endif -.size OPENSSL_atomic_add,.-OPENSSL_atomic_add - -.global OPENSSL_cleanse -.type OPENSSL_cleanse,%function -OPENSSL_cleanse: - eor ip,ip,ip - cmp r1,#7 -#ifdef __thumb2__ - itt hs -#endif - subhs r1,r1,#4 - bhs .Lot - cmp r1,#0 - beq .Lcleanse_done -.Little: - strb ip,[r0],#1 - subs r1,r1,#1 - bhi .Little - b .Lcleanse_done - -.Lot: tst r0,#3 - beq .Laligned - strb ip,[r0],#1 - sub r1,r1,#1 - b .Lot -.Laligned: - str ip,[r0],#4 - subs r1,r1,#4 - bhs .Laligned - adds r1,r1,#4 - bne .Little -.Lcleanse_done: -#if __ARM_ARCH__>=5 - bx lr -#else - tst lr,#1 - moveq pc,lr - .word 0xe12fff1e @ bx lr -#endif -.size OPENSSL_cleanse,.-OPENSSL_cleanse - -.global CRYPTO_memcmp -.type CRYPTO_memcmp,%function -.align 4 -CRYPTO_memcmp: - eor ip,ip,ip - cmp r2,#0 - beq .Lno_data - stmdb sp!,{r4,r5} - -.Loop_cmp: - ldrb r4,[r0],#1 - ldrb r5,[r1],#1 - eor r4,r4,r5 - orr ip,ip,r4 - subs r2,r2,#1 - bne .Loop_cmp - - ldmia sp!,{r4,r5} -.Lno_data: - rsb r0,ip,#0 - mov r0,r0,lsr#31 -#if __ARM_ARCH__>=5 - bx lr -#else - tst lr,#1 - moveq pc,lr - .word 0xe12fff1e @ bx lr -#endif -.size CRYPTO_memcmp,.-CRYPTO_memcmp - -#if __ARM_MAX_ARCH__>=7 -.arch armv7-a -.fpu neon - -.align 5 -.global _armv7_neon_probe -.type _armv7_neon_probe,%function -_armv7_neon_probe: - vorr q0,q0,q0 - bx lr -.size _armv7_neon_probe,.-_armv7_neon_probe - -.global _armv7_tick -.type _armv7_tick,%function -_armv7_tick: -#ifdef __APPLE__ - mrrc p15,0,r0,r1,c14 @ CNTPCT -#else - mrrc p15,1,r0,r1,c14 @ CNTVCT -#endif - bx lr -.size _armv7_tick,.-_armv7_tick - -.global _armv8_aes_probe -.type _armv8_aes_probe,%function -_armv8_aes_probe: -#if defined(__thumb2__) && !defined(__APPLE__) - .byte 0xb0,0xff,0x00,0x03 @ aese.8 q0,q0 -#else - .byte 0x00,0x03,0xb0,0xf3 @ aese.8 q0,q0 -#endif - bx lr -.size _armv8_aes_probe,.-_armv8_aes_probe - -.global _armv8_sha1_probe -.type _armv8_sha1_probe,%function -_armv8_sha1_probe: -#if defined(__thumb2__) && !defined(__APPLE__) - .byte 0x00,0xef,0x40,0x0c @ sha1c.32 q0,q0,q0 -#else - .byte 0x40,0x0c,0x00,0xf2 @ sha1c.32 q0,q0,q0 -#endif - bx lr -.size _armv8_sha1_probe,.-_armv8_sha1_probe - -.global _armv8_sha256_probe -.type _armv8_sha256_probe,%function -_armv8_sha256_probe: -#if defined(__thumb2__) && !defined(__APPLE__) - .byte 0x00,0xff,0x40,0x0c @ sha256h.32 q0,q0,q0 -#else - .byte 0x40,0x0c,0x00,0xf3 @ sha256h.32 q0,q0,q0 -#endif - bx lr -.size _armv8_sha256_probe,.-_armv8_sha256_probe -.global _armv8_pmull_probe -.type _armv8_pmull_probe,%function -_armv8_pmull_probe: -#if defined(__thumb2__) && !defined(__APPLE__) - .byte 0xa0,0xef,0x00,0x0e @ vmull.p64 q0,d0,d0 -#else - .byte 0x00,0x0e,0xa0,0xf2 @ vmull.p64 q0,d0,d0 -#endif - bx lr -.size _armv8_pmull_probe,.-_armv8_pmull_probe -#endif - -.global OPENSSL_wipe_cpu -.type OPENSSL_wipe_cpu,%function -OPENSSL_wipe_cpu: -#if __ARM_MAX_ARCH__>=7 - ldr r0,.LOPENSSL_armcap - adr r1,.LOPENSSL_armcap - ldr r0,[r1,r0] -#ifdef __APPLE__ - ldr r0,[r0] -#endif -#endif - eor r2,r2,r2 - eor r3,r3,r3 - eor ip,ip,ip -#if __ARM_MAX_ARCH__>=7 - tst r0,#1 - beq .Lwipe_done - veor q0, q0, q0 - veor q1, q1, q1 - veor q2, q2, q2 - veor q3, q3, q3 - veor q8, q8, q8 - veor q9, q9, q9 - veor q10, q10, q10 - veor q11, q11, q11 - veor q12, q12, q12 - veor q13, q13, q13 - veor q14, q14, q14 - veor q15, q15, q15 -.Lwipe_done: -#endif - mov r0,sp -#if __ARM_ARCH__>=5 - bx lr -#else - tst lr,#1 - moveq pc,lr - .word 0xe12fff1e @ bx lr -#endif -.size OPENSSL_wipe_cpu,.-OPENSSL_wipe_cpu - -.global OPENSSL_instrument_bus -.type OPENSSL_instrument_bus,%function -OPENSSL_instrument_bus: - eor r0,r0,r0 -#if __ARM_ARCH__>=5 - bx lr -#else - tst lr,#1 - moveq pc,lr - .word 0xe12fff1e @ bx lr -#endif -.size OPENSSL_instrument_bus,.-OPENSSL_instrument_bus - -.global OPENSSL_instrument_bus2 -.type OPENSSL_instrument_bus2,%function -OPENSSL_instrument_bus2: - eor r0,r0,r0 -#if __ARM_ARCH__>=5 - bx lr -#else - tst lr,#1 - moveq pc,lr - .word 0xe12fff1e @ bx lr -#endif -.size OPENSSL_instrument_bus2,.-OPENSSL_instrument_bus2 - -.align 5 -#if __ARM_MAX_ARCH__>=7 -.LOPENSSL_armcap: -.word OPENSSL_armcap_P-. -#endif -#if __ARM_ARCH__>=6 -.align 5 -#else -.Lspinlock: -.word atomic_add_spinlock-.Lspinlock -.align 5 - -.data -.align 2 -atomic_add_spinlock: -.word 0 -#endif - -.comm OPENSSL_armcap_P,4,4 -.hidden OPENSSL_armcap_P -___ - -print $code; -close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/asn1/a_bitstr.c b/crypto/asn1/a_bitstr.c deleted file mode 100644 index 7c256493571e6005c07c5efd72769a7ee1f86992..0000000000000000000000000000000000000000 --- a/crypto/asn1/a_bitstr.c +++ /dev/null @@ -1,216 +0,0 @@ -/* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include "internal/cryptlib.h" -#include -#include "asn1_local.h" - -int ASN1_BIT_STRING_set(ASN1_BIT_STRING *x, unsigned char *d, int len) -{ - return ASN1_STRING_set(x, d, len); -} - -int ossl_i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp) -{ - int ret, j, bits, len; - unsigned char *p, *d; - - if (a == NULL) - return 0; - - len = a->length; - - if (len > 0) { - if (a->flags & ASN1_STRING_FLAG_BITS_LEFT) { - bits = (int)a->flags & 0x07; - } else { - for (; len > 0; len--) { - if (a->data[len - 1]) - break; - } - j = a->data[len - 1]; - if (j & 0x01) - bits = 0; - else if (j & 0x02) - bits = 1; - else if (j & 0x04) - bits = 2; - else if (j & 0x08) - bits = 3; - else if (j & 0x10) - bits = 4; - else if (j & 0x20) - bits = 5; - else if (j & 0x40) - bits = 6; - else if (j & 0x80) - bits = 7; - else - bits = 0; /* should not happen */ - } - } else - bits = 0; - - ret = 1 + len; - if (pp == NULL) - return ret; - - p = *pp; - - *(p++) = (unsigned char)bits; - d = a->data; - if (len > 0) { - memcpy(p, d, len); - p += len; - p[-1] &= (0xff << bits); - } - *pp = p; - return ret; -} - -ASN1_BIT_STRING *ossl_c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, - const unsigned char **pp, long len) -{ - ASN1_BIT_STRING *ret = NULL; - const unsigned char *p; - unsigned char *s; - int i; - - if (len < 1) { - i = ASN1_R_STRING_TOO_SHORT; - goto err; - } - - if (len > INT_MAX) { - i = ASN1_R_STRING_TOO_LONG; - goto err; - } - - if ((a == NULL) || ((*a) == NULL)) { - if ((ret = ASN1_BIT_STRING_new()) == NULL) - return NULL; - } else - ret = (*a); - - p = *pp; - i = *(p++); - if (i > 7) { - i = ASN1_R_INVALID_BIT_STRING_BITS_LEFT; - goto err; - } - /* - * We do this to preserve the settings. If we modify the settings, via - * the _set_bit function, we will recalculate on output - */ - ret->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); /* clear */ - ret->flags |= (ASN1_STRING_FLAG_BITS_LEFT | i); /* set */ - - if (len-- > 1) { /* using one because of the bits left byte */ - s = OPENSSL_malloc((int)len); - if (s == NULL) { - i = ERR_R_MALLOC_FAILURE; - goto err; - } - memcpy(s, p, (int)len); - s[len - 1] &= (0xff << i); - p += len; - } else - s = NULL; - - ret->length = (int)len; - OPENSSL_free(ret->data); - ret->data = s; - ret->type = V_ASN1_BIT_STRING; - if (a != NULL) - (*a) = ret; - *pp = p; - return ret; - err: - ERR_raise(ERR_LIB_ASN1, i); - if ((a == NULL) || (*a != ret)) - ASN1_BIT_STRING_free(ret); - return NULL; -} - -/* - * These next 2 functions from Goetz Babin-Ebell. - */ -int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value) -{ - int w, v, iv; - unsigned char *c; - - w = n / 8; - v = 1 << (7 - (n & 0x07)); - iv = ~v; - if (!value) - v = 0; - - if (a == NULL) - return 0; - - a->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); /* clear, set on write */ - - if ((a->length < (w + 1)) || (a->data == NULL)) { - if (!value) - return 1; /* Don't need to set */ - c = OPENSSL_clear_realloc(a->data, a->length, w + 1); - if (c == NULL) { - ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); - return 0; - } - if (w + 1 - a->length > 0) - memset(c + a->length, 0, w + 1 - a->length); - a->data = c; - a->length = w + 1; - } - a->data[w] = ((a->data[w]) & iv) | v; - while ((a->length > 0) && (a->data[a->length - 1] == 0)) - a->length--; - return 1; -} - -int ASN1_BIT_STRING_get_bit(const ASN1_BIT_STRING *a, int n) -{ - int w, v; - - w = n / 8; - v = 1 << (7 - (n & 0x07)); - if ((a == NULL) || (a->length < (w + 1)) || (a->data == NULL)) - return 0; - return ((a->data[w] & v) != 0); -} - -/* - * Checks if the given bit string contains only bits specified by - * the flags vector. Returns 0 if there is at least one bit set in 'a' - * which is not specified in 'flags', 1 otherwise. - * 'len' is the length of 'flags'. - */ -int ASN1_BIT_STRING_check(const ASN1_BIT_STRING *a, - const unsigned char *flags, int flags_len) -{ - int i, ok; - /* Check if there is one bit set at all. */ - if (!a || !a->data) - return 1; - - /* - * Check each byte of the internal representation of the bit string. - */ - ok = 1; - for (i = 0; i < a->length && ok; ++i) { - unsigned char mask = i < flags_len ? ~flags[i] : 0xff; - /* We are done if there is an unneeded bit set. */ - ok = (a->data[i] & mask) == 0; - } - return ok; -} diff --git a/crypto/asn1/a_d2i_fp.c b/crypto/asn1/a_d2i_fp.c deleted file mode 100644 index e8602053f974f9013535522c3858b239e161f3f0..0000000000000000000000000000000000000000 --- a/crypto/asn1/a_d2i_fp.c +++ /dev/null @@ -1,253 +0,0 @@ -/* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include "internal/cryptlib.h" -#include "internal/numbers.h" -#include -#include -#include "internal/asn1.h" -#include "crypto/asn1.h" - -#ifndef NO_OLD_ASN1 -# ifndef OPENSSL_NO_STDIO - -void *ASN1_d2i_fp(void *(*xnew) (void), d2i_of_void *d2i, FILE *in, void **x) -{ - BIO *b; - void *ret; - - if ((b = BIO_new(BIO_s_file())) == NULL) { - ERR_raise(ERR_LIB_ASN1, ERR_R_BUF_LIB); - return NULL; - } - BIO_set_fp(b, in, BIO_NOCLOSE); - ret = ASN1_d2i_bio(xnew, d2i, b, x); - BIO_free(b); - return ret; -} -# endif - -void *ASN1_d2i_bio(void *(*xnew) (void), d2i_of_void *d2i, BIO *in, void **x) -{ - BUF_MEM *b = NULL; - const unsigned char *p; - void *ret = NULL; - int len; - - len = asn1_d2i_read_bio(in, &b); - if (len < 0) - goto err; - - p = (unsigned char *)b->data; - ret = d2i(x, &p, len); - err: - BUF_MEM_free(b); - return ret; -} - -#endif - -void *ASN1_item_d2i_bio_ex(const ASN1_ITEM *it, BIO *in, void *x, - OSSL_LIB_CTX *libctx, const char *propq) -{ - BUF_MEM *b = NULL; - const unsigned char *p; - void *ret = NULL; - int len; - - if (in == NULL) - return NULL; - len = asn1_d2i_read_bio(in, &b); - if (len < 0) - goto err; - - p = (const unsigned char *)b->data; - ret = ASN1_item_d2i_ex(x, &p, len, it, libctx, propq); - err: - BUF_MEM_free(b); - return ret; -} - -void *ASN1_item_d2i_bio(const ASN1_ITEM *it, BIO *in, void *x) -{ - return ASN1_item_d2i_bio_ex(it, in, x, NULL, NULL); -} - -#ifndef OPENSSL_NO_STDIO -void *ASN1_item_d2i_fp_ex(const ASN1_ITEM *it, FILE *in, void *x, - OSSL_LIB_CTX *libctx, const char *propq) -{ - BIO *b; - char *ret; - - if ((b = BIO_new(BIO_s_file())) == NULL) { - ERR_raise(ERR_LIB_ASN1, ERR_R_BUF_LIB); - return NULL; - } - BIO_set_fp(b, in, BIO_NOCLOSE); - ret = ASN1_item_d2i_bio_ex(it, b, x, libctx, propq); - BIO_free(b); - return ret; -} - -void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x) -{ - return ASN1_item_d2i_fp_ex(it, in, x, NULL, NULL); -} -#endif - -#define HEADER_SIZE 8 -#define ASN1_CHUNK_INITIAL_SIZE (16 * 1024) -int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb) -{ - BUF_MEM *b; - unsigned char *p; - int i; - size_t want = HEADER_SIZE; - uint32_t eos = 0; - size_t off = 0; - size_t len = 0; - size_t diff; - - const unsigned char *q; - long slen; - int inf, tag, xclass; - - b = BUF_MEM_new(); - if (b == NULL) { - ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); - return -1; - } - - ERR_set_mark(); - for (;;) { - diff = len - off; - if (want >= diff) { - want -= diff; - - if (len + want < len || !BUF_MEM_grow_clean(b, len + want)) { - ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); - goto err; - } - i = BIO_read(in, &(b->data[len]), want); - if (i < 0 && diff == 0) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_NOT_ENOUGH_DATA); - goto err; - } - if (i > 0) { - if (len + i < len) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_TOO_LONG); - goto err; - } - len += i; - } - } - /* else data already loaded */ - - p = (unsigned char *)&(b->data[off]); - q = p; - diff = len - off; - if (diff == 0) - goto err; - inf = ASN1_get_object(&q, &slen, &tag, &xclass, diff); - if (inf & 0x80) { - unsigned long e; - - e = ERR_GET_REASON(ERR_peek_last_error()); - if (e != ASN1_R_TOO_LONG) - goto err; - ERR_pop_to_mark(); - } - i = q - p; /* header length */ - off += i; /* end of data */ - - if (inf & 1) { - /* no data body so go round again */ - if (eos == UINT32_MAX) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_HEADER_TOO_LONG); - goto err; - } - eos++; - want = HEADER_SIZE; - } else if (eos && (slen == 0) && (tag == V_ASN1_EOC)) { - /* eos value, so go back and read another header */ - eos--; - if (eos == 0) - break; - else - want = HEADER_SIZE; - } else { - /* suck in slen bytes of data */ - want = slen; - if (want > (len - off)) { - size_t chunk_max = ASN1_CHUNK_INITIAL_SIZE; - - want -= (len - off); - if (want > INT_MAX /* BIO_read takes an int length */ || - len + want < len) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_TOO_LONG); - goto err; - } - while (want > 0) { - /* - * Read content in chunks of increasing size - * so we can return an error for EOF without - * having to allocate the entire content length - * in one go. - */ - size_t chunk = want > chunk_max ? chunk_max : want; - - if (!BUF_MEM_grow_clean(b, len + chunk)) { - ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); - goto err; - } - want -= chunk; - while (chunk > 0) { - i = BIO_read(in, &(b->data[len]), chunk); - if (i <= 0) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_NOT_ENOUGH_DATA); - goto err; - } - /* - * This can't overflow because |len+want| didn't - * overflow. - */ - len += i; - chunk -= i; - } - if (chunk_max < INT_MAX/2) - chunk_max *= 2; - } - } - if (off + slen < off) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_TOO_LONG); - goto err; - } - off += slen; - if (eos == 0) { - break; - } else - want = HEADER_SIZE; - } - } - - if (off > INT_MAX) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_TOO_LONG); - goto err; - } - - *pb = b; - return off; - err: - ERR_clear_last_mark(); - BUF_MEM_free(b); - return -1; -} diff --git a/crypto/asn1/a_digest.c b/crypto/asn1/a_digest.c deleted file mode 100644 index 72cc8807799ddc1775595d31302aab46e9a234ef..0000000000000000000000000000000000000000 --- a/crypto/asn1/a_digest.c +++ /dev/null @@ -1,94 +0,0 @@ -/* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* We need to use some engine deprecated APIs */ -#define OPENSSL_SUPPRESS_DEPRECATED - -#include -#include -#include - -#include "internal/cryptlib.h" - -#include -#include -#include -#include -#include -#include "crypto/x509.h" - -#ifndef OPENSSL_NO_DEPRECATED_3_0 - -int ASN1_digest(i2d_of_void *i2d, const EVP_MD *type, char *data, - unsigned char *md, unsigned int *len) -{ - int inl; - unsigned char *str, *p; - - inl = i2d(data, NULL); - if (inl <= 0) { - ERR_raise(ERR_LIB_ASN1, ERR_R_INTERNAL_ERROR); - return 0; - } - if ((str = OPENSSL_malloc(inl)) == NULL) { - ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); - return 0; - } - p = str; - i2d(data, &p); - - if (!EVP_Digest(str, inl, md, len, type, NULL)) { - OPENSSL_free(str); - return 0; - } - OPENSSL_free(str); - return 1; -} - -#endif - -int ossl_asn1_item_digest_ex(const ASN1_ITEM *it, const EVP_MD *md, void *asn, - unsigned char *data, unsigned int *len, - OSSL_LIB_CTX *libctx, const char *propq) -{ - int i, ret = 0; - unsigned char *str = NULL; - EVP_MD *fetched_md = (EVP_MD *)md; - - i = ASN1_item_i2d(asn, &str, it); - if (i < 0 || str == NULL) - return 0; - - if (EVP_MD_get0_provider(md) == NULL) { -#if !defined(OPENSSL_NO_ENGINE) - ENGINE *tmpeng = ENGINE_get_digest_engine(EVP_MD_get_type(md)); - - if (tmpeng != NULL) - ENGINE_finish(tmpeng); - else -#endif - fetched_md = EVP_MD_fetch(libctx, EVP_MD_get0_name(md), propq); - } - if (fetched_md == NULL) - goto err; - - ret = EVP_Digest(str, i, data, len, fetched_md, NULL); -err: - OPENSSL_free(str); - if (fetched_md != md) - EVP_MD_free(fetched_md); - return ret; -} - -int ASN1_item_digest(const ASN1_ITEM *it, const EVP_MD *md, void *asn, - unsigned char *data, unsigned int *len) -{ - return ossl_asn1_item_digest_ex(it, md, asn, data, len, NULL, NULL); -} - diff --git a/crypto/asn1/a_dup.c b/crypto/asn1/a_dup.c deleted file mode 100644 index 93e8b2aa8dab8a9a2ecd76ca5495385719be20d6..0000000000000000000000000000000000000000 --- a/crypto/asn1/a_dup.c +++ /dev/null @@ -1,97 +0,0 @@ -/* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/cryptlib.h" -#include - -#ifndef NO_OLD_ASN1 - -void *ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, const void *x) -{ - unsigned char *b, *p; - const unsigned char *p2; - int i; - char *ret; - - if (x == NULL) - return NULL; - - i = i2d(x, NULL); - if (i <= 0) - return NULL; - - b = OPENSSL_malloc(i + 10); - if (b == NULL) { - ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); - return NULL; - } - p = b; - i = i2d(x, &p); - p2 = b; - ret = d2i(NULL, &p2, i); - OPENSSL_free(b); - return ret; -} - -#endif - -/* - * ASN1_ITEM version of dup: this follows the model above except we don't - * need to allocate the buffer. At some point this could be rewritten to - * directly dup the underlying structure instead of doing and encode and - * decode. - */ - -void *ASN1_item_dup(const ASN1_ITEM *it, const void *x) -{ - ASN1_aux_cb *asn1_cb = NULL; - unsigned char *b = NULL; - const unsigned char *p; - long i; - ASN1_VALUE *ret; - OSSL_LIB_CTX *libctx = NULL; - const char *propq = NULL; - - if (x == NULL) - return NULL; - - if (it->itype == ASN1_ITYPE_SEQUENCE || it->itype == ASN1_ITYPE_CHOICE - || it->itype == ASN1_ITYPE_NDEF_SEQUENCE) { - const ASN1_AUX *aux = it->funcs; - - asn1_cb = aux != NULL ? aux->asn1_cb : NULL; - } - - if (asn1_cb != NULL) { - if (!asn1_cb(ASN1_OP_DUP_PRE, (ASN1_VALUE **)&x, it, NULL) - || !asn1_cb(ASN1_OP_GET0_LIBCTX, (ASN1_VALUE **)&x, it, &libctx) - || !asn1_cb(ASN1_OP_GET0_PROPQ, (ASN1_VALUE **)&x, it, &propq)) - goto auxerr; - } - - i = ASN1_item_i2d(x, &b, it); - if (b == NULL) { - ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); - return NULL; - } - p = b; - ret = ASN1_item_d2i_ex(NULL, &p, i, it, libctx, propq); - OPENSSL_free(b); - - if (asn1_cb != NULL - && !asn1_cb(ASN1_OP_DUP_POST, &ret, it, (void *)x)) - goto auxerr; - - return ret; - - auxerr: - ERR_raise_data(ERR_LIB_ASN1, ASN1_R_AUX_ERROR, "Type=%s", it->sname); - return NULL; -} diff --git a/crypto/asn1/a_gentm.c b/crypto/asn1/a_gentm.c deleted file mode 100644 index 0c06ac3c4163c22278c248b622aece61e9369fca..0000000000000000000000000000000000000000 --- a/crypto/asn1/a_gentm.c +++ /dev/null @@ -1,86 +0,0 @@ -/* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * GENERALIZEDTIME implementation. Based on UTCTIME - */ - -#include -#include -#include "internal/cryptlib.h" -#include -#include "asn1_local.h" -#include - -IMPLEMENT_ASN1_DUP_FUNCTION(ASN1_GENERALIZEDTIME) - -/* This is the primary function used to parse ASN1_GENERALIZEDTIME */ -static int asn1_generalizedtime_to_tm(struct tm *tm, - const ASN1_GENERALIZEDTIME *d) -{ - /* wrapper around ossl_asn1_time_to_tm */ - if (d->type != V_ASN1_GENERALIZEDTIME) - return 0; - return ossl_asn1_time_to_tm(tm, d); -} - -int ASN1_GENERALIZEDTIME_check(const ASN1_GENERALIZEDTIME *d) -{ - return asn1_generalizedtime_to_tm(NULL, d); -} - -int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, const char *str) -{ - ASN1_GENERALIZEDTIME t; - - t.type = V_ASN1_GENERALIZEDTIME; - t.length = strlen(str); - t.data = (unsigned char *)str; - t.flags = 0; - - if (!ASN1_GENERALIZEDTIME_check(&t)) - return 0; - - if (s != NULL && !ASN1_STRING_copy(s, &t)) - return 0; - - return 1; -} - -ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s, - time_t t) -{ - return ASN1_GENERALIZEDTIME_adj(s, t, 0, 0); -} - -ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_adj(ASN1_GENERALIZEDTIME *s, - time_t t, int offset_day, - long offset_sec) -{ - struct tm *ts; - struct tm data; - - ts = OPENSSL_gmtime(&t, &data); - if (ts == NULL) - return NULL; - - if (offset_day || offset_sec) { - if (!OPENSSL_gmtime_adj(ts, offset_day, offset_sec)) - return NULL; - } - - return ossl_asn1_time_from_tm(s, ts, V_ASN1_GENERALIZEDTIME); -} - -int ASN1_GENERALIZEDTIME_print(BIO *bp, const ASN1_GENERALIZEDTIME *tm) -{ - if (tm->type != V_ASN1_GENERALIZEDTIME) - return 0; - return ASN1_TIME_print(bp, tm); -} diff --git a/crypto/asn1/a_i2d_fp.c b/crypto/asn1/a_i2d_fp.c deleted file mode 100644 index 4cc4773666c4e65dbbc72662414a9849706cea14..0000000000000000000000000000000000000000 --- a/crypto/asn1/a_i2d_fp.c +++ /dev/null @@ -1,129 +0,0 @@ -/* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/cryptlib.h" -#include -#include - -#ifndef NO_OLD_ASN1 - -# ifndef OPENSSL_NO_STDIO -int ASN1_i2d_fp(i2d_of_void *i2d, FILE *out, const void *x) -{ - BIO *b; - int ret; - - if ((b = BIO_new(BIO_s_file())) == NULL) { - ERR_raise(ERR_LIB_ASN1, ERR_R_BUF_LIB); - return 0; - } - BIO_set_fp(b, out, BIO_NOCLOSE); - ret = ASN1_i2d_bio(i2d, b, x); - BIO_free(b); - return ret; -} -# endif - -int ASN1_i2d_bio(i2d_of_void *i2d, BIO *out, const void *x) -{ - char *b; - unsigned char *p; - int i, j = 0, n, ret = 1; - - n = i2d(x, NULL); - if (n <= 0) - return 0; - - b = OPENSSL_malloc(n); - if (b == NULL) { - ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); - return 0; - } - - p = (unsigned char *)b; - i2d(x, &p); - - for (;;) { - i = BIO_write(out, &(b[j]), n); - if (i == n) - break; - if (i <= 0) { - ret = 0; - break; - } - j += i; - n -= i; - } - OPENSSL_free(b); - return ret; -} - -#endif - -#ifndef OPENSSL_NO_STDIO -int ASN1_item_i2d_fp(const ASN1_ITEM *it, FILE *out, const void *x) -{ - BIO *b; - int ret; - - if ((b = BIO_new(BIO_s_file())) == NULL) { - ERR_raise(ERR_LIB_ASN1, ERR_R_BUF_LIB); - return 0; - } - BIO_set_fp(b, out, BIO_NOCLOSE); - ret = ASN1_item_i2d_bio(it, b, x); - BIO_free(b); - return ret; -} -#endif - -int ASN1_item_i2d_bio(const ASN1_ITEM *it, BIO *out, const void *x) -{ - unsigned char *b = NULL; - int i, j = 0, n, ret = 1; - - n = ASN1_item_i2d(x, &b, it); - if (b == NULL) { - ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); - return 0; - } - - for (;;) { - i = BIO_write(out, &(b[j]), n); - if (i == n) - break; - if (i <= 0) { - ret = 0; - break; - } - j += i; - n -= i; - } - OPENSSL_free(b); - return ret; -} - -BIO *ASN1_item_i2d_mem_bio(const ASN1_ITEM *it, const ASN1_VALUE *val) -{ - BIO *res; - - if (it == NULL || val == NULL) { - ERR_raise(ERR_LIB_ASN1, ERR_R_PASSED_NULL_PARAMETER); - return NULL; - } - - if ((res = BIO_new(BIO_s_mem())) == NULL) - return NULL; - if (ASN1_item_i2d_bio(it, res, val) <= 0) { - BIO_free(res); - res = NULL; - } - return res; -} diff --git a/crypto/asn1/a_int.c b/crypto/asn1/a_int.c deleted file mode 100644 index 19e41ec73e3571dee06bd8e4447bd0f0ca1f7a6d..0000000000000000000000000000000000000000 --- a/crypto/asn1/a_int.c +++ /dev/null @@ -1,643 +0,0 @@ -/* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/cryptlib.h" -#include "internal/numbers.h" -#include -#include -#include -#include "asn1_local.h" - -ASN1_INTEGER *ASN1_INTEGER_dup(const ASN1_INTEGER *x) -{ - return ASN1_STRING_dup(x); -} - -int ASN1_INTEGER_cmp(const ASN1_INTEGER *x, const ASN1_INTEGER *y) -{ - int neg, ret; - /* Compare signs */ - neg = x->type & V_ASN1_NEG; - if (neg != (y->type & V_ASN1_NEG)) { - if (neg) - return -1; - else - return 1; - } - - ret = ASN1_STRING_cmp(x, y); - - if (neg) - return -ret; - else - return ret; -} - -/*- - * This converts a big endian buffer and sign into its content encoding. - * This is used for INTEGER and ENUMERATED types. - * The internal representation is an ASN1_STRING whose data is a big endian - * representation of the value, ignoring the sign. The sign is determined by - * the type: if type & V_ASN1_NEG is true it is negative, otherwise positive. - * - * Positive integers are no problem: they are almost the same as the DER - * encoding, except if the first byte is >= 0x80 we need to add a zero pad. - * - * Negative integers are a bit trickier... - * The DER representation of negative integers is in 2s complement form. - * The internal form is converted by complementing each octet and finally - * adding one to the result. This can be done less messily with a little trick. - * If the internal form has trailing zeroes then they will become FF by the - * complement and 0 by the add one (due to carry) so just copy as many trailing - * zeros to the destination as there are in the source. The carry will add one - * to the last none zero octet: so complement this octet and add one and finally - * complement any left over until you get to the start of the string. - * - * Padding is a little trickier too. If the first bytes is > 0x80 then we pad - * with 0xff. However if the first byte is 0x80 and one of the following bytes - * is non-zero we pad with 0xff. The reason for this distinction is that 0x80 - * followed by optional zeros isn't padded. - */ - -/* - * If |pad| is zero, the operation is effectively reduced to memcpy, - * and if |pad| is 0xff, then it performs two's complement, ~dst + 1. - * Note that in latter case sequence of zeros yields itself, and so - * does 0x80 followed by any number of zeros. These properties are - * used elsewhere below... - */ -static void twos_complement(unsigned char *dst, const unsigned char *src, - size_t len, unsigned char pad) -{ - unsigned int carry = pad & 1; - - /* Begin at the end of the encoding */ - if (len != 0) { - /* - * if len == 0 then src/dst could be NULL, and this would be undefined - * behaviour. - */ - dst += len; - src += len; - } - /* two's complement value: ~value + 1 */ - while (len-- != 0) { - *(--dst) = (unsigned char)(carry += *(--src) ^ pad); - carry >>= 8; - } -} - -static size_t i2c_ibuf(const unsigned char *b, size_t blen, int neg, - unsigned char **pp) -{ - unsigned int pad = 0; - size_t ret, i; - unsigned char *p, pb = 0; - - if (b != NULL && blen) { - ret = blen; - i = b[0]; - if (!neg && (i > 127)) { - pad = 1; - pb = 0; - } else if (neg) { - pb = 0xFF; - if (i > 128) { - pad = 1; - } else if (i == 128) { - /* - * Special case [of minimal negative for given length]: - * if any other bytes non zero we pad, otherwise we don't. - */ - for (pad = 0, i = 1; i < blen; i++) - pad |= b[i]; - pb = pad != 0 ? 0xffU : 0; - pad = pb & 1; - } - } - ret += pad; - } else { - ret = 1; - blen = 0; /* reduce '(b == NULL || blen == 0)' to '(blen == 0)' */ - } - - if (pp == NULL || (p = *pp) == NULL) - return ret; - - /* - * This magically handles all corner cases, such as '(b == NULL || - * blen == 0)', non-negative value, "negative" zero, 0x80 followed - * by any number of zeros... - */ - *p = pb; - p += pad; /* yes, p[0] can be written twice, but it's little - * price to pay for eliminated branches */ - twos_complement(p, b, blen, pb); - - *pp += ret; - return ret; -} - -/* - * convert content octets into a big endian buffer. Returns the length - * of buffer or 0 on error: for malformed INTEGER. If output buffer is - * NULL just return length. - */ - -static size_t c2i_ibuf(unsigned char *b, int *pneg, - const unsigned char *p, size_t plen) -{ - int neg, pad; - /* Zero content length is illegal */ - if (plen == 0) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_ILLEGAL_ZERO_CONTENT); - return 0; - } - neg = p[0] & 0x80; - if (pneg) - *pneg = neg; - /* Handle common case where length is 1 octet separately */ - if (plen == 1) { - if (b != NULL) { - if (neg) - b[0] = (p[0] ^ 0xFF) + 1; - else - b[0] = p[0]; - } - return 1; - } - - pad = 0; - if (p[0] == 0) { - pad = 1; - } else if (p[0] == 0xFF) { - size_t i; - - /* - * Special case [of "one less minimal negative" for given length]: - * if any other bytes non zero it was padded, otherwise not. - */ - for (pad = 0, i = 1; i < plen; i++) - pad |= p[i]; - pad = pad != 0 ? 1 : 0; - } - /* reject illegal padding: first two octets MSB can't match */ - if (pad && (neg == (p[1] & 0x80))) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_ILLEGAL_PADDING); - return 0; - } - - /* skip over pad */ - p += pad; - plen -= pad; - - if (b != NULL) - twos_complement(b, p, plen, neg ? 0xffU : 0); - - return plen; -} - -int ossl_i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp) -{ - return i2c_ibuf(a->data, a->length, a->type & V_ASN1_NEG, pp); -} - -/* Convert big endian buffer into uint64_t, return 0 on error */ -static int asn1_get_uint64(uint64_t *pr, const unsigned char *b, size_t blen) -{ - size_t i; - uint64_t r; - - if (blen > sizeof(*pr)) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_TOO_LARGE); - return 0; - } - if (b == NULL) - return 0; - for (r = 0, i = 0; i < blen; i++) { - r <<= 8; - r |= b[i]; - } - *pr = r; - return 1; -} - -/* - * Write uint64_t to big endian buffer and return offset to first - * written octet. In other words it returns offset in range from 0 - * to 7, with 0 denoting 8 written octets and 7 - one. - */ -static size_t asn1_put_uint64(unsigned char b[sizeof(uint64_t)], uint64_t r) -{ - size_t off = sizeof(uint64_t); - - do { - b[--off] = (unsigned char)r; - } while (r >>= 8); - - return off; -} - -/* - * Absolute value of INT64_MIN: we can't just use -INT64_MIN as gcc produces - * overflow warnings. - */ -#define ABS_INT64_MIN ((uint64_t)INT64_MAX + (-(INT64_MIN + INT64_MAX))) - -/* signed version of asn1_get_uint64 */ -static int asn1_get_int64(int64_t *pr, const unsigned char *b, size_t blen, - int neg) -{ - uint64_t r; - if (asn1_get_uint64(&r, b, blen) == 0) - return 0; - if (neg) { - if (r <= INT64_MAX) { - /* Most significant bit is guaranteed to be clear, negation - * is guaranteed to be meaningful in platform-neutral sense. */ - *pr = -(int64_t)r; - } else if (r == ABS_INT64_MIN) { - /* This never happens if INT64_MAX == ABS_INT64_MIN, e.g. - * on ones'-complement system. */ - *pr = (int64_t)(0 - r); - } else { - ERR_raise(ERR_LIB_ASN1, ASN1_R_TOO_SMALL); - return 0; - } - } else { - if (r <= INT64_MAX) { - *pr = (int64_t)r; - } else { - ERR_raise(ERR_LIB_ASN1, ASN1_R_TOO_LARGE); - return 0; - } - } - return 1; -} - -/* Convert ASN1 INTEGER content octets to ASN1_INTEGER structure */ -ASN1_INTEGER *ossl_c2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **pp, - long len) -{ - ASN1_INTEGER *ret = NULL; - size_t r; - int neg; - - r = c2i_ibuf(NULL, NULL, *pp, len); - - if (r == 0) - return NULL; - - if ((a == NULL) || ((*a) == NULL)) { - ret = ASN1_INTEGER_new(); - if (ret == NULL) - return NULL; - ret->type = V_ASN1_INTEGER; - } else - ret = *a; - - if (ASN1_STRING_set(ret, NULL, r) == 0) - goto err; - - c2i_ibuf(ret->data, &neg, *pp, len); - - if (neg != 0) - ret->type |= V_ASN1_NEG; - else - ret->type &= ~V_ASN1_NEG; - - *pp += len; - if (a != NULL) - (*a) = ret; - return ret; - err: - ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); - if (a == NULL || *a != ret) - ASN1_INTEGER_free(ret); - return NULL; -} - -static int asn1_string_get_int64(int64_t *pr, const ASN1_STRING *a, int itype) -{ - if (a == NULL) { - ERR_raise(ERR_LIB_ASN1, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - if ((a->type & ~V_ASN1_NEG) != itype) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_WRONG_INTEGER_TYPE); - return 0; - } - return asn1_get_int64(pr, a->data, a->length, a->type & V_ASN1_NEG); -} - -static int asn1_string_set_int64(ASN1_STRING *a, int64_t r, int itype) -{ - unsigned char tbuf[sizeof(r)]; - size_t off; - - a->type = itype; - if (r < 0) { - /* Most obvious '-r' triggers undefined behaviour for most - * common INT64_MIN. Even though below '0 - (uint64_t)r' can - * appear two's-complement centric, it does produce correct/ - * expected result even on one's-complement. This is because - * cast to unsigned has to change bit pattern... */ - off = asn1_put_uint64(tbuf, 0 - (uint64_t)r); - a->type |= V_ASN1_NEG; - } else { - off = asn1_put_uint64(tbuf, r); - a->type &= ~V_ASN1_NEG; - } - return ASN1_STRING_set(a, tbuf + off, sizeof(tbuf) - off); -} - -static int asn1_string_get_uint64(uint64_t *pr, const ASN1_STRING *a, - int itype) -{ - if (a == NULL) { - ERR_raise(ERR_LIB_ASN1, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - if ((a->type & ~V_ASN1_NEG) != itype) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_WRONG_INTEGER_TYPE); - return 0; - } - if (a->type & V_ASN1_NEG) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_ILLEGAL_NEGATIVE_VALUE); - return 0; - } - return asn1_get_uint64(pr, a->data, a->length); -} - -static int asn1_string_set_uint64(ASN1_STRING *a, uint64_t r, int itype) -{ - unsigned char tbuf[sizeof(r)]; - size_t off; - - a->type = itype; - off = asn1_put_uint64(tbuf, r); - return ASN1_STRING_set(a, tbuf + off, sizeof(tbuf) - off); -} - -/* - * This is a version of d2i_ASN1_INTEGER that ignores the sign bit of ASN1 - * integers: some broken software can encode a positive INTEGER with its MSB - * set as negative (it doesn't add a padding zero). - */ - -ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp, - long length) -{ - ASN1_INTEGER *ret = NULL; - const unsigned char *p; - unsigned char *s; - long len = 0; - int inf, tag, xclass; - int i; - - if ((a == NULL) || ((*a) == NULL)) { - if ((ret = ASN1_INTEGER_new()) == NULL) - return NULL; - ret->type = V_ASN1_INTEGER; - } else - ret = (*a); - - p = *pp; - inf = ASN1_get_object(&p, &len, &tag, &xclass, length); - if (inf & 0x80) { - i = ASN1_R_BAD_OBJECT_HEADER; - goto err; - } - - if (tag != V_ASN1_INTEGER) { - i = ASN1_R_EXPECTING_AN_INTEGER; - goto err; - } - - if (len < 0) { - i = ASN1_R_ILLEGAL_NEGATIVE_VALUE; - goto err; - } - /* - * We must OPENSSL_malloc stuff, even for 0 bytes otherwise it signifies - * a missing NULL parameter. - */ - s = OPENSSL_malloc((int)len + 1); - if (s == NULL) { - i = ERR_R_MALLOC_FAILURE; - goto err; - } - ret->type = V_ASN1_INTEGER; - if (len) { - if ((*p == 0) && (len != 1)) { - p++; - len--; - } - memcpy(s, p, (int)len); - p += len; - } - - OPENSSL_free(ret->data); - ret->data = s; - ret->length = (int)len; - if (a != NULL) - (*a) = ret; - *pp = p; - return ret; - err: - ERR_raise(ERR_LIB_ASN1, i); - if ((a == NULL) || (*a != ret)) - ASN1_INTEGER_free(ret); - return NULL; -} - -static ASN1_STRING *bn_to_asn1_string(const BIGNUM *bn, ASN1_STRING *ai, - int atype) -{ - ASN1_INTEGER *ret; - int len; - - if (ai == NULL) { - ret = ASN1_STRING_type_new(atype); - } else { - ret = ai; - ret->type = atype; - } - - if (ret == NULL) { - ERR_raise(ERR_LIB_ASN1, ERR_R_NESTED_ASN1_ERROR); - goto err; - } - - if (BN_is_negative(bn) && !BN_is_zero(bn)) - ret->type |= V_ASN1_NEG_INTEGER; - - len = BN_num_bytes(bn); - - if (len == 0) - len = 1; - - if (ASN1_STRING_set(ret, NULL, len) == 0) { - ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); - goto err; - } - - /* Correct zero case */ - if (BN_is_zero(bn)) - ret->data[0] = 0; - else - len = BN_bn2bin(bn, ret->data); - ret->length = len; - return ret; - err: - if (ret != ai) - ASN1_INTEGER_free(ret); - return NULL; -} - -static BIGNUM *asn1_string_to_bn(const ASN1_INTEGER *ai, BIGNUM *bn, - int itype) -{ - BIGNUM *ret; - - if ((ai->type & ~V_ASN1_NEG) != itype) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_WRONG_INTEGER_TYPE); - return NULL; - } - - ret = BN_bin2bn(ai->data, ai->length, bn); - if (ret == NULL) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_BN_LIB); - return NULL; - } - if (ai->type & V_ASN1_NEG) - BN_set_negative(ret, 1); - return ret; -} - -int ASN1_INTEGER_get_int64(int64_t *pr, const ASN1_INTEGER *a) -{ - return asn1_string_get_int64(pr, a, V_ASN1_INTEGER); -} - -int ASN1_INTEGER_set_int64(ASN1_INTEGER *a, int64_t r) -{ - return asn1_string_set_int64(a, r, V_ASN1_INTEGER); -} - -int ASN1_INTEGER_get_uint64(uint64_t *pr, const ASN1_INTEGER *a) -{ - return asn1_string_get_uint64(pr, a, V_ASN1_INTEGER); -} - -int ASN1_INTEGER_set_uint64(ASN1_INTEGER *a, uint64_t r) -{ - return asn1_string_set_uint64(a, r, V_ASN1_INTEGER); -} - -int ASN1_INTEGER_set(ASN1_INTEGER *a, long v) -{ - return ASN1_INTEGER_set_int64(a, v); -} - -long ASN1_INTEGER_get(const ASN1_INTEGER *a) -{ - int i; - int64_t r; - if (a == NULL) - return 0; - i = ASN1_INTEGER_get_int64(&r, a); - if (i == 0) - return -1; - if (r > LONG_MAX || r < LONG_MIN) - return -1; - return (long)r; -} - -ASN1_INTEGER *BN_to_ASN1_INTEGER(const BIGNUM *bn, ASN1_INTEGER *ai) -{ - return bn_to_asn1_string(bn, ai, V_ASN1_INTEGER); -} - -BIGNUM *ASN1_INTEGER_to_BN(const ASN1_INTEGER *ai, BIGNUM *bn) -{ - return asn1_string_to_bn(ai, bn, V_ASN1_INTEGER); -} - -int ASN1_ENUMERATED_get_int64(int64_t *pr, const ASN1_ENUMERATED *a) -{ - return asn1_string_get_int64(pr, a, V_ASN1_ENUMERATED); -} - -int ASN1_ENUMERATED_set_int64(ASN1_ENUMERATED *a, int64_t r) -{ - return asn1_string_set_int64(a, r, V_ASN1_ENUMERATED); -} - -int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v) -{ - return ASN1_ENUMERATED_set_int64(a, v); -} - -long ASN1_ENUMERATED_get(const ASN1_ENUMERATED *a) -{ - int i; - int64_t r; - if (a == NULL) - return 0; - if ((a->type & ~V_ASN1_NEG) != V_ASN1_ENUMERATED) - return -1; - if (a->length > (int)sizeof(long)) - return 0xffffffffL; - i = ASN1_ENUMERATED_get_int64(&r, a); - if (i == 0) - return -1; - if (r > LONG_MAX || r < LONG_MIN) - return -1; - return (long)r; -} - -ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(const BIGNUM *bn, ASN1_ENUMERATED *ai) -{ - return bn_to_asn1_string(bn, ai, V_ASN1_ENUMERATED); -} - -BIGNUM *ASN1_ENUMERATED_to_BN(const ASN1_ENUMERATED *ai, BIGNUM *bn) -{ - return asn1_string_to_bn(ai, bn, V_ASN1_ENUMERATED); -} - -/* Internal functions used by x_int64.c */ -int ossl_c2i_uint64_int(uint64_t *ret, int *neg, - const unsigned char **pp, long len) -{ - unsigned char buf[sizeof(uint64_t)]; - size_t buflen; - - buflen = c2i_ibuf(NULL, NULL, *pp, len); - if (buflen == 0) - return 0; - if (buflen > sizeof(uint64_t)) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_TOO_LARGE); - return 0; - } - (void)c2i_ibuf(buf, neg, *pp, len); - return asn1_get_uint64(ret, buf, buflen); -} - -int ossl_i2c_uint64_int(unsigned char *p, uint64_t r, int neg) -{ - unsigned char buf[sizeof(uint64_t)]; - size_t off; - - off = asn1_put_uint64(buf, r); - return i2c_ibuf(buf + off, sizeof(buf) - off, neg, &p); -} - diff --git a/crypto/asn1/a_mbstr.c b/crypto/asn1/a_mbstr.c deleted file mode 100644 index 22dea873eeba566e398829f5d7602ef4ba9f2724..0000000000000000000000000000000000000000 --- a/crypto/asn1/a_mbstr.c +++ /dev/null @@ -1,350 +0,0 @@ -/* - * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "crypto/ctype.h" -#include "internal/cryptlib.h" -#include "internal/unicode.h" -#include - -static int traverse_string(const unsigned char *p, int len, int inform, - int (*rfunc) (unsigned long value, void *in), - void *arg); -static int in_utf8(unsigned long value, void *arg); -static int out_utf8(unsigned long value, void *arg); -static int type_str(unsigned long value, void *arg); -static int cpy_asc(unsigned long value, void *arg); -static int cpy_bmp(unsigned long value, void *arg); -static int cpy_univ(unsigned long value, void *arg); -static int cpy_utf8(unsigned long value, void *arg); - -/* - * These functions take a string in UTF8, ASCII or multibyte form and a mask - * of permissible ASN1 string types. It then works out the minimal type - * (using the order Numeric < Printable < IA5 < T61 < BMP < Universal < UTF8) - * and creates a string of the correct type with the supplied data. Yes this is - * horrible: it has to be :-( The 'ncopy' form checks minimum and maximum - * size limits too. - */ - -int ASN1_mbstring_copy(ASN1_STRING **out, const unsigned char *in, int len, - int inform, unsigned long mask) -{ - return ASN1_mbstring_ncopy(out, in, len, inform, mask, 0, 0); -} - -int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len, - int inform, unsigned long mask, - long minsize, long maxsize) -{ - int str_type; - int ret; - char free_out; - int outform, outlen = 0; - ASN1_STRING *dest; - unsigned char *p; - int nchar; - int (*cpyfunc) (unsigned long, void *) = NULL; - if (len == -1) - len = strlen((const char *)in); - if (!mask) - mask = DIRSTRING_TYPE; - if (len < 0) - return -1; - - /* First do a string check and work out the number of characters */ - switch (inform) { - - case MBSTRING_BMP: - if (len & 1) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_INVALID_BMPSTRING_LENGTH); - return -1; - } - nchar = len >> 1; - break; - - case MBSTRING_UNIV: - if (len & 3) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_INVALID_UNIVERSALSTRING_LENGTH); - return -1; - } - nchar = len >> 2; - break; - - case MBSTRING_UTF8: - nchar = 0; - /* This counts the characters and does utf8 syntax checking */ - ret = traverse_string(in, len, MBSTRING_UTF8, in_utf8, &nchar); - if (ret < 0) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_INVALID_UTF8STRING); - return -1; - } - break; - - case MBSTRING_ASC: - nchar = len; - break; - - default: - ERR_raise(ERR_LIB_ASN1, ASN1_R_UNKNOWN_FORMAT); - return -1; - } - - if ((minsize > 0) && (nchar < minsize)) { - ERR_raise_data(ERR_LIB_ASN1, ASN1_R_STRING_TOO_SHORT, - "minsize=%ld", minsize); - return -1; - } - - if ((maxsize > 0) && (nchar > maxsize)) { - ERR_raise_data(ERR_LIB_ASN1, ASN1_R_STRING_TOO_LONG, - "maxsize=%ld", maxsize); - return -1; - } - - /* Now work out minimal type (if any) */ - if (traverse_string(in, len, inform, type_str, &mask) < 0) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_ILLEGAL_CHARACTERS); - return -1; - } - - /* Now work out output format and string type */ - outform = MBSTRING_ASC; - if (mask & B_ASN1_NUMERICSTRING) - str_type = V_ASN1_NUMERICSTRING; - else if (mask & B_ASN1_PRINTABLESTRING) - str_type = V_ASN1_PRINTABLESTRING; - else if (mask & B_ASN1_IA5STRING) - str_type = V_ASN1_IA5STRING; - else if (mask & B_ASN1_T61STRING) - str_type = V_ASN1_T61STRING; - else if (mask & B_ASN1_BMPSTRING) { - str_type = V_ASN1_BMPSTRING; - outform = MBSTRING_BMP; - } else if (mask & B_ASN1_UNIVERSALSTRING) { - str_type = V_ASN1_UNIVERSALSTRING; - outform = MBSTRING_UNIV; - } else { - str_type = V_ASN1_UTF8STRING; - outform = MBSTRING_UTF8; - } - if (!out) - return str_type; - if (*out) { - free_out = 0; - dest = *out; - OPENSSL_free(dest->data); - dest->data = NULL; - dest->length = 0; - dest->type = str_type; - } else { - free_out = 1; - dest = ASN1_STRING_type_new(str_type); - if (dest == NULL) { - ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); - return -1; - } - *out = dest; - } - /* If both the same type just copy across */ - if (inform == outform) { - if (!ASN1_STRING_set(dest, in, len)) { - ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); - return -1; - } - return str_type; - } - - /* Work out how much space the destination will need */ - switch (outform) { - case MBSTRING_ASC: - outlen = nchar; - cpyfunc = cpy_asc; - break; - - case MBSTRING_BMP: - outlen = nchar << 1; - cpyfunc = cpy_bmp; - break; - - case MBSTRING_UNIV: - outlen = nchar << 2; - cpyfunc = cpy_univ; - break; - - case MBSTRING_UTF8: - outlen = 0; - traverse_string(in, len, inform, out_utf8, &outlen); - cpyfunc = cpy_utf8; - break; - } - if ((p = OPENSSL_malloc(outlen + 1)) == NULL) { - if (free_out) - ASN1_STRING_free(dest); - ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); - return -1; - } - dest->length = outlen; - dest->data = p; - p[outlen] = 0; - traverse_string(in, len, inform, cpyfunc, &p); - return str_type; -} - -/* - * This function traverses a string and passes the value of each character to - * an optional function along with a void * argument. - */ - -static int traverse_string(const unsigned char *p, int len, int inform, - int (*rfunc) (unsigned long value, void *in), - void *arg) -{ - unsigned long value; - int ret; - while (len) { - if (inform == MBSTRING_ASC) { - value = *p++; - len--; - } else if (inform == MBSTRING_BMP) { - value = *p++ << 8; - value |= *p++; - len -= 2; - } else if (inform == MBSTRING_UNIV) { - value = ((unsigned long)*p++) << 24; - value |= ((unsigned long)*p++) << 16; - value |= *p++ << 8; - value |= *p++; - len -= 4; - } else { - ret = UTF8_getc(p, len, &value); - if (ret < 0) - return -1; - len -= ret; - p += ret; - } - if (rfunc) { - ret = rfunc(value, arg); - if (ret <= 0) - return ret; - } - } - return 1; -} - -/* Various utility functions for traverse_string */ - -/* Just count number of characters */ - -static int in_utf8(unsigned long value, void *arg) -{ - int *nchar; - - if (!is_unicode_valid(value)) - return -2; - nchar = arg; - (*nchar)++; - return 1; -} - -/* Determine size of output as a UTF8 String */ - -static int out_utf8(unsigned long value, void *arg) -{ - int *outlen, len; - - len = UTF8_putc(NULL, -1, value); - if (len <= 0) - return len; - outlen = arg; - *outlen += len; - return 1; -} - -/* - * Determine the "type" of a string: check each character against a supplied - * "mask". - */ - -static int type_str(unsigned long value, void *arg) -{ - unsigned long types = *((unsigned long *)arg); - const int native = value > INT_MAX ? INT_MAX : ossl_fromascii(value); - - if ((types & B_ASN1_NUMERICSTRING) && !(ossl_isdigit(native) - || native == ' ')) - types &= ~B_ASN1_NUMERICSTRING; - if ((types & B_ASN1_PRINTABLESTRING) && !ossl_isasn1print(native)) - types &= ~B_ASN1_PRINTABLESTRING; - if ((types & B_ASN1_IA5STRING) && !ossl_isascii(native)) - types &= ~B_ASN1_IA5STRING; - if ((types & B_ASN1_T61STRING) && (value > 0xff)) - types &= ~B_ASN1_T61STRING; - if ((types & B_ASN1_BMPSTRING) && (value > 0xffff)) - types &= ~B_ASN1_BMPSTRING; - if ((types & B_ASN1_UTF8STRING) && !is_unicode_valid(value)) - types &= ~B_ASN1_UTF8STRING; - if (!types) - return -1; - *((unsigned long *)arg) = types; - return 1; -} - -/* Copy one byte per character ASCII like strings */ - -static int cpy_asc(unsigned long value, void *arg) -{ - unsigned char **p, *q; - p = arg; - q = *p; - *q = (unsigned char)value; - (*p)++; - return 1; -} - -/* Copy two byte per character BMPStrings */ - -static int cpy_bmp(unsigned long value, void *arg) -{ - unsigned char **p, *q; - p = arg; - q = *p; - *q++ = (unsigned char)((value >> 8) & 0xff); - *q = (unsigned char)(value & 0xff); - *p += 2; - return 1; -} - -/* Copy four byte per character UniversalStrings */ - -static int cpy_univ(unsigned long value, void *arg) -{ - unsigned char **p, *q; - p = arg; - q = *p; - *q++ = (unsigned char)((value >> 24) & 0xff); - *q++ = (unsigned char)((value >> 16) & 0xff); - *q++ = (unsigned char)((value >> 8) & 0xff); - *q = (unsigned char)(value & 0xff); - *p += 4; - return 1; -} - -/* Copy to a UTF8String */ - -static int cpy_utf8(unsigned long value, void *arg) -{ - unsigned char **p; - int ret; - p = arg; - /* We already know there is enough room so pass 0xff as the length */ - ret = UTF8_putc(*p, 0xff, value); - *p += ret; - return 1; -} diff --git a/crypto/asn1/a_object.c b/crypto/asn1/a_object.c deleted file mode 100644 index c96c36e73029d0db7e7a2dd94c188c5b3beba412..0000000000000000000000000000000000000000 --- a/crypto/asn1/a_object.c +++ /dev/null @@ -1,393 +0,0 @@ -/* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include "crypto/ctype.h" -#include "internal/cryptlib.h" -#include -#include -#include -#include -#include "crypto/asn1.h" -#include "asn1_local.h" - -int i2d_ASN1_OBJECT(const ASN1_OBJECT *a, unsigned char **pp) -{ - unsigned char *p, *allocated = NULL; - int objsize; - - if ((a == NULL) || (a->data == NULL)) - return 0; - - objsize = ASN1_object_size(0, a->length, V_ASN1_OBJECT); - if (pp == NULL || objsize == -1) - return objsize; - - if (*pp == NULL) { - if ((p = allocated = OPENSSL_malloc(objsize)) == NULL) { - ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); - return 0; - } - } else { - p = *pp; - } - - ASN1_put_object(&p, 0, a->length, V_ASN1_OBJECT, V_ASN1_UNIVERSAL); - memcpy(p, a->data, a->length); - - /* - * If a new buffer was allocated, just return it back. - * If not, return the incremented buffer pointer. - */ - *pp = allocated != NULL ? allocated : p + a->length; - return objsize; -} - -int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num) -{ - int i, first, len = 0, c, use_bn; - char ftmp[24], *tmp = ftmp; - int tmpsize = sizeof(ftmp); - const char *p; - unsigned long l; - BIGNUM *bl = NULL; - - if (num == 0) - return 0; - else if (num == -1) - num = strlen(buf); - - p = buf; - c = *(p++); - num--; - if ((c >= '0') && (c <= '2')) { - first = c - '0'; - } else { - ERR_raise(ERR_LIB_ASN1, ASN1_R_FIRST_NUM_TOO_LARGE); - goto err; - } - - if (num <= 0) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_MISSING_SECOND_NUMBER); - goto err; - } - c = *(p++); - num--; - for (;;) { - if (num <= 0) - break; - if ((c != '.') && (c != ' ')) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_INVALID_SEPARATOR); - goto err; - } - l = 0; - use_bn = 0; - for (;;) { - if (num <= 0) - break; - num--; - c = *(p++); - if ((c == ' ') || (c == '.')) - break; - if (!ossl_isdigit(c)) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_INVALID_DIGIT); - goto err; - } - if (!use_bn && l >= ((ULONG_MAX - 80) / 10L)) { - use_bn = 1; - if (bl == NULL) - bl = BN_new(); - if (bl == NULL || !BN_set_word(bl, l)) - goto err; - } - if (use_bn) { - if (!BN_mul_word(bl, 10L) - || !BN_add_word(bl, c - '0')) - goto err; - } else - l = l * 10L + (long)(c - '0'); - } - if (len == 0) { - if ((first < 2) && (l >= 40)) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_SECOND_NUMBER_TOO_LARGE); - goto err; - } - if (use_bn) { - if (!BN_add_word(bl, first * 40)) - goto err; - } else - l += (long)first *40; - } - i = 0; - if (use_bn) { - int blsize; - blsize = BN_num_bits(bl); - blsize = (blsize + 6) / 7; - if (blsize > tmpsize) { - if (tmp != ftmp) - OPENSSL_free(tmp); - tmpsize = blsize + 32; - tmp = OPENSSL_malloc(tmpsize); - if (tmp == NULL) { - ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); - goto err; - } - } - while (blsize--) { - BN_ULONG t = BN_div_word(bl, 0x80L); - if (t == (BN_ULONG)-1) - goto err; - tmp[i++] = (unsigned char)t; - } - } else { - - for (;;) { - tmp[i++] = (unsigned char)l & 0x7f; - l >>= 7L; - if (l == 0L) - break; - } - - } - if (out != NULL) { - if (len + i > olen) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_BUFFER_TOO_SMALL); - goto err; - } - while (--i > 0) - out[len++] = tmp[i] | 0x80; - out[len++] = tmp[0]; - } else - len += i; - } - if (tmp != ftmp) - OPENSSL_free(tmp); - BN_free(bl); - return len; - err: - if (tmp != ftmp) - OPENSSL_free(tmp); - BN_free(bl); - return 0; -} - -int i2t_ASN1_OBJECT(char *buf, int buf_len, const ASN1_OBJECT *a) -{ - return OBJ_obj2txt(buf, buf_len, a, 0); -} - -int i2a_ASN1_OBJECT(BIO *bp, const ASN1_OBJECT *a) -{ - char buf[80], *p = buf; - int i; - - if ((a == NULL) || (a->data == NULL)) - return BIO_write(bp, "NULL", 4); - i = i2t_ASN1_OBJECT(buf, sizeof(buf), a); - if (i > (int)(sizeof(buf) - 1)) { - if (i > INT_MAX - 1) { /* catch an integer overflow */ - ERR_raise(ERR_LIB_ASN1, ASN1_R_LENGTH_TOO_LONG); - return -1; - } - if ((p = OPENSSL_malloc(i + 1)) == NULL) { - ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); - return -1; - } - i2t_ASN1_OBJECT(p, i + 1, a); - } - if (i <= 0) { - i = BIO_write(bp, "", 9); - i += BIO_dump(bp, (const char *)a->data, a->length); - return i; - } - BIO_write(bp, p, i); - if (p != buf) - OPENSSL_free(p); - return i; -} - -ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, - long length) -{ - const unsigned char *p; - long len; - int tag, xclass; - int inf, i; - ASN1_OBJECT *ret = NULL; - p = *pp; - inf = ASN1_get_object(&p, &len, &tag, &xclass, length); - if (inf & 0x80) { - i = ASN1_R_BAD_OBJECT_HEADER; - goto err; - } - - if (tag != V_ASN1_OBJECT) { - i = ASN1_R_EXPECTING_AN_OBJECT; - goto err; - } - ret = ossl_c2i_ASN1_OBJECT(a, &p, len); - if (ret) - *pp = p; - return ret; - err: - ERR_raise(ERR_LIB_ASN1, i); - return NULL; -} - -ASN1_OBJECT *ossl_c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, - long len) -{ - ASN1_OBJECT *ret = NULL, tobj; - const unsigned char *p; - unsigned char *data; - int i, length; - - /* - * Sanity check OID encoding. Need at least one content octet. MSB must - * be clear in the last octet. can't have leading 0x80 in subidentifiers, - * see: X.690 8.19.2 - */ - if (len <= 0 || len > INT_MAX || pp == NULL || (p = *pp) == NULL || - p[len - 1] & 0x80) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_INVALID_OBJECT_ENCODING); - return NULL; - } - /* Now 0 < len <= INT_MAX, so the cast is safe. */ - length = (int)len; - /* - * Try to lookup OID in table: these are all valid encodings so if we get - * a match we know the OID is valid. - */ - tobj.nid = NID_undef; - tobj.data = p; - tobj.length = length; - tobj.flags = 0; - i = OBJ_obj2nid(&tobj); - if (i != NID_undef) { - /* - * Return shared registered OID object: this improves efficiency - * because we don't have to return a dynamically allocated OID - * and NID lookups can use the cached value. - */ - ret = OBJ_nid2obj(i); - if (a) { - ASN1_OBJECT_free(*a); - *a = ret; - } - *pp += len; - return ret; - } - for (i = 0; i < length; i++, p++) { - if (*p == 0x80 && (!i || !(p[-1] & 0x80))) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_INVALID_OBJECT_ENCODING); - return NULL; - } - } - - if ((a == NULL) || ((*a) == NULL) || - !((*a)->flags & ASN1_OBJECT_FLAG_DYNAMIC)) { - if ((ret = ASN1_OBJECT_new()) == NULL) - return NULL; - } else { - ret = (*a); - } - - p = *pp; - /* detach data from object */ - data = (unsigned char *)ret->data; - ret->data = NULL; - /* once detached we can change it */ - if ((data == NULL) || (ret->length < length)) { - ret->length = 0; - OPENSSL_free(data); - data = OPENSSL_malloc(length); - if (data == NULL) { - i = ERR_R_MALLOC_FAILURE; - goto err; - } - ret->flags |= ASN1_OBJECT_FLAG_DYNAMIC_DATA; - } - memcpy(data, p, length); - /* If there are dynamic strings, free them here, and clear the flag */ - if ((ret->flags & ASN1_OBJECT_FLAG_DYNAMIC_STRINGS) != 0) { - OPENSSL_free((char *)ret->sn); - OPENSSL_free((char *)ret->ln); - ret->flags &= ~ASN1_OBJECT_FLAG_DYNAMIC_STRINGS; - } - /* reattach data to object, after which it remains const */ - ret->data = data; - ret->length = length; - ret->sn = NULL; - ret->ln = NULL; - /* ret->flags=ASN1_OBJECT_FLAG_DYNAMIC; we know it is dynamic */ - p += length; - - if (a != NULL) - (*a) = ret; - *pp = p; - return ret; - err: - ERR_raise(ERR_LIB_ASN1, i); - if ((a == NULL) || (*a != ret)) - ASN1_OBJECT_free(ret); - return NULL; -} - -ASN1_OBJECT *ASN1_OBJECT_new(void) -{ - ASN1_OBJECT *ret; - - ret = OPENSSL_zalloc(sizeof(*ret)); - if (ret == NULL) { - ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); - return NULL; - } - ret->flags = ASN1_OBJECT_FLAG_DYNAMIC; - return ret; -} - -void ASN1_OBJECT_free(ASN1_OBJECT *a) -{ - if (a == NULL) - return; - if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC_STRINGS) { -#ifndef CONST_STRICT - /* - * Disable purely for compile-time strict const checking. Doing this - * on a "real" compile will cause memory leaks - */ - OPENSSL_free((void*)a->sn); - OPENSSL_free((void*)a->ln); -#endif - a->sn = a->ln = NULL; - } - if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC_DATA) { - OPENSSL_free((void*)a->data); - a->data = NULL; - a->length = 0; - } - if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC) - OPENSSL_free(a); -} - -ASN1_OBJECT *ASN1_OBJECT_create(int nid, unsigned char *data, int len, - const char *sn, const char *ln) -{ - ASN1_OBJECT o; - - o.sn = sn; - o.ln = ln; - o.data = data; - o.nid = nid; - o.length = len; - o.flags = ASN1_OBJECT_FLAG_DYNAMIC | ASN1_OBJECT_FLAG_DYNAMIC_STRINGS | - ASN1_OBJECT_FLAG_DYNAMIC_DATA; - return OBJ_dup(&o); -} diff --git a/crypto/asn1/a_octet.c b/crypto/asn1/a_octet.c deleted file mode 100644 index fcb2ef0a7d08329666093560678b91bc4a5fc1b3..0000000000000000000000000000000000000000 --- a/crypto/asn1/a_octet.c +++ /dev/null @@ -1,29 +0,0 @@ -/* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/cryptlib.h" -#include - -ASN1_OCTET_STRING *ASN1_OCTET_STRING_dup(const ASN1_OCTET_STRING *x) -{ - return ASN1_STRING_dup(x); -} - -int ASN1_OCTET_STRING_cmp(const ASN1_OCTET_STRING *a, - const ASN1_OCTET_STRING *b) -{ - return ASN1_STRING_cmp(a, b); -} - -int ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *x, const unsigned char *d, - int len) -{ - return ASN1_STRING_set(x, d, len); -} diff --git a/crypto/asn1/a_print.c b/crypto/asn1/a_print.c deleted file mode 100644 index d2768f74bdcd2616130b92287b19982ca18f3b1e..0000000000000000000000000000000000000000 --- a/crypto/asn1/a_print.c +++ /dev/null @@ -1,96 +0,0 @@ -/* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "crypto/ctype.h" -#include "internal/cryptlib.h" -#include - -int ASN1_PRINTABLE_type(const unsigned char *s, int len) -{ - int c; - int ia5 = 0; - int t61 = 0; - - if (s == NULL) - return V_ASN1_PRINTABLESTRING; - - if (len < 0) - len = strlen((const char *)s); - - while (len-- > 0) { - c = *(s++); - if (!ossl_isasn1print(c)) - ia5 = 1; - if (!ossl_isascii(c)) - t61 = 1; - } - if (t61) - return V_ASN1_T61STRING; - if (ia5) - return V_ASN1_IA5STRING; - return V_ASN1_PRINTABLESTRING; -} - -int ASN1_UNIVERSALSTRING_to_string(ASN1_UNIVERSALSTRING *s) -{ - int i; - unsigned char *p; - - if (s->type != V_ASN1_UNIVERSALSTRING) - return 0; - if ((s->length % 4) != 0) - return 0; - p = s->data; - for (i = 0; i < s->length; i += 4) { - if ((p[0] != '\0') || (p[1] != '\0') || (p[2] != '\0')) - break; - else - p += 4; - } - if (i < s->length) - return 0; - p = s->data; - for (i = 3; i < s->length; i += 4) { - *(p++) = s->data[i]; - } - *(p) = '\0'; - s->length /= 4; - s->type = ASN1_PRINTABLE_type(s->data, s->length); - return 1; -} - -int ASN1_STRING_print(BIO *bp, const ASN1_STRING *v) -{ - int i, n; - char buf[80]; - const char *p; - - if (v == NULL) - return 0; - n = 0; - p = (const char *)v->data; - for (i = 0; i < v->length; i++) { - if ((p[i] > '~') || ((p[i] < ' ') && - (p[i] != '\n') && (p[i] != '\r'))) - buf[n] = '.'; - else - buf[n] = p[i]; - n++; - if (n >= 80) { - if (BIO_write(bp, buf, n) <= 0) - return 0; - n = 0; - } - } - if (n > 0) - if (BIO_write(bp, buf, n) <= 0) - return 0; - return 1; -} diff --git a/crypto/asn1/a_sign.c b/crypto/asn1/a_sign.c deleted file mode 100644 index 302045cfcdfabed4edc3b38449ae20d0531b19dd..0000000000000000000000000000000000000000 --- a/crypto/asn1/a_sign.c +++ /dev/null @@ -1,301 +0,0 @@ -/* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include - -#include "internal/cryptlib.h" - -#include -#include -#include -#include -#include -#include -#include "crypto/asn1.h" -#include "crypto/evp.h" - -#ifndef OPENSSL_NO_DEPRECATED_3_0 - -int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1, X509_ALGOR *algor2, - ASN1_BIT_STRING *signature, char *data, EVP_PKEY *pkey, - const EVP_MD *type) -{ - EVP_MD_CTX *ctx = EVP_MD_CTX_new(); - unsigned char *p, *buf_in = NULL, *buf_out = NULL; - int i, inl = 0, outl = 0; - size_t inll = 0, outll = 0; - X509_ALGOR *a; - - if (ctx == NULL) { - ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); - goto err; - } - for (i = 0; i < 2; i++) { - if (i == 0) - a = algor1; - else - a = algor2; - if (a == NULL) - continue; - if (type->pkey_type == NID_dsaWithSHA1) { - /* - * special case: RFC 2459 tells us to omit 'parameters' with - * id-dsa-with-sha1 - */ - ASN1_TYPE_free(a->parameter); - a->parameter = NULL; - } else if ((a->parameter == NULL) || - (a->parameter->type != V_ASN1_NULL)) { - ASN1_TYPE_free(a->parameter); - if ((a->parameter = ASN1_TYPE_new()) == NULL) - goto err; - a->parameter->type = V_ASN1_NULL; - } - ASN1_OBJECT_free(a->algorithm); - a->algorithm = OBJ_nid2obj(type->pkey_type); - if (a->algorithm == NULL) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_UNKNOWN_OBJECT_TYPE); - goto err; - } - if (a->algorithm->length == 0) { - ERR_raise(ERR_LIB_ASN1, - ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD); - goto err; - } - } - inl = i2d(data, NULL); - if (inl <= 0) { - ERR_raise(ERR_LIB_ASN1, ERR_R_INTERNAL_ERROR); - goto err; - } - inll = (size_t)inl; - buf_in = OPENSSL_malloc(inll); - outll = outl = EVP_PKEY_get_size(pkey); - buf_out = OPENSSL_malloc(outll); - if (buf_in == NULL || buf_out == NULL) { - outl = 0; - ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); - goto err; - } - p = buf_in; - - i2d(data, &p); - if (!EVP_SignInit_ex(ctx, type, NULL) - || !EVP_SignUpdate(ctx, (unsigned char *)buf_in, inl) - || !EVP_SignFinal(ctx, (unsigned char *)buf_out, - (unsigned int *)&outl, pkey)) { - outl = 0; - ERR_raise(ERR_LIB_ASN1, ERR_R_EVP_LIB); - goto err; - } - OPENSSL_free(signature->data); - signature->data = buf_out; - buf_out = NULL; - signature->length = outl; - /* - * In the interests of compatibility, I'll make sure that the bit string - * has a 'not-used bits' value of 0 - */ - signature->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); - signature->flags |= ASN1_STRING_FLAG_BITS_LEFT; - err: - EVP_MD_CTX_free(ctx); - OPENSSL_clear_free((char *)buf_in, inll); - OPENSSL_clear_free((char *)buf_out, outll); - return outl; -} - -#endif - -int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2, - ASN1_BIT_STRING *signature, const void *data, - EVP_PKEY *pkey, const EVP_MD *md) -{ - return ASN1_item_sign_ex(it, algor1, algor2, signature, data, NULL, pkey, - md, NULL, NULL); -} - -int ASN1_item_sign_ex(const ASN1_ITEM *it, X509_ALGOR *algor1, - X509_ALGOR *algor2, ASN1_BIT_STRING *signature, - const void *data, const ASN1_OCTET_STRING *id, - EVP_PKEY *pkey, const EVP_MD *md, OSSL_LIB_CTX *libctx, - const char *propq) -{ - int rv = 0; - EVP_MD_CTX *ctx = evp_md_ctx_new_ex(pkey, id, libctx, propq); - - if (ctx == NULL) { - ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); - return 0; - } - /* We can use the non _ex variant here since the pkey is already setup */ - if (!EVP_DigestSignInit(ctx, NULL, md, NULL, pkey)) - goto err; - - rv = ASN1_item_sign_ctx(it, algor1, algor2, signature, data, ctx); - - err: - EVP_PKEY_CTX_free(EVP_MD_CTX_get_pkey_ctx(ctx)); - EVP_MD_CTX_free(ctx); - return rv; -} - -int ASN1_item_sign_ctx(const ASN1_ITEM *it, X509_ALGOR *algor1, - X509_ALGOR *algor2, ASN1_BIT_STRING *signature, - const void *data, EVP_MD_CTX *ctx) -{ - const EVP_MD *md; - EVP_PKEY *pkey; - unsigned char *buf_in = NULL, *buf_out = NULL; - size_t inl = 0, outl = 0, outll = 0; - int signid, paramtype, buf_len = 0; - int rv, pkey_id; - - md = EVP_MD_CTX_get0_md(ctx); - pkey = EVP_PKEY_CTX_get0_pkey(EVP_MD_CTX_get_pkey_ctx(ctx)); - - if (pkey == NULL) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_CONTEXT_NOT_INITIALISED); - goto err; - } - - if (pkey->ameth == NULL) { - EVP_PKEY_CTX *pctx = EVP_MD_CTX_get_pkey_ctx(ctx); - OSSL_PARAM params[2]; - unsigned char aid[128]; - size_t aid_len = 0; - - if (pctx == NULL - || !EVP_PKEY_CTX_IS_SIGNATURE_OP(pctx)) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_CONTEXT_NOT_INITIALISED); - goto err; - } - - params[0] = - OSSL_PARAM_construct_octet_string(OSSL_SIGNATURE_PARAM_ALGORITHM_ID, - aid, sizeof(aid)); - params[1] = OSSL_PARAM_construct_end(); - - if (EVP_PKEY_CTX_get_params(pctx, params) <= 0) - goto err; - - if ((aid_len = params[0].return_size) == 0) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED); - goto err; - } - - if (algor1 != NULL) { - const unsigned char *pp = aid; - - if (d2i_X509_ALGOR(&algor1, &pp, aid_len) == NULL) { - ERR_raise(ERR_LIB_ASN1, ERR_R_INTERNAL_ERROR); - goto err; - } - } - - if (algor2 != NULL) { - const unsigned char *pp = aid; - - if (d2i_X509_ALGOR(&algor2, &pp, aid_len) == NULL) { - ERR_raise(ERR_LIB_ASN1, ERR_R_INTERNAL_ERROR); - goto err; - } - } - - rv = 3; - } else if (pkey->ameth->item_sign) { - rv = pkey->ameth->item_sign(ctx, it, data, algor1, algor2, signature); - if (rv == 1) - outl = signature->length; - /*- - * Return value meanings: - * <=0: error. - * 1: method does everything. - * 2: carry on as normal. - * 3: ASN1 method sets algorithm identifiers: just sign. - */ - if (rv <= 0) - ERR_raise(ERR_LIB_ASN1, ERR_R_EVP_LIB); - if (rv <= 1) - goto err; - } else { - rv = 2; - } - - if (rv == 2) { - if (md == NULL) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_CONTEXT_NOT_INITIALISED); - goto err; - } - - pkey_id = -#ifndef OPENSSL_NO_SM2 - EVP_PKEY_get_id(pkey) == NID_sm2 ? NID_sm2 : -#endif - pkey->ameth->pkey_id; - - if (!OBJ_find_sigid_by_algs(&signid, EVP_MD_nid(md), pkey_id)) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED); - goto err; - } - - if (pkey->ameth->pkey_flags & ASN1_PKEY_SIGPARAM_NULL) - paramtype = V_ASN1_NULL; - else - paramtype = V_ASN1_UNDEF; - - if (algor1) - X509_ALGOR_set0(algor1, OBJ_nid2obj(signid), paramtype, NULL); - if (algor2) - X509_ALGOR_set0(algor2, OBJ_nid2obj(signid), paramtype, NULL); - - } - - buf_len = ASN1_item_i2d(data, &buf_in, it); - if (buf_len <= 0) { - outl = 0; - ERR_raise(ERR_LIB_ASN1, ERR_R_INTERNAL_ERROR); - goto err; - } - inl = buf_len; - if (!EVP_DigestSign(ctx, NULL, &outll, buf_in, inl)) { - outl = 0; - ERR_raise(ERR_LIB_ASN1, ERR_R_EVP_LIB); - goto err; - } - outl = outll; - buf_out = OPENSSL_malloc(outll); - if (buf_in == NULL || buf_out == NULL) { - outl = 0; - ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); - goto err; - } - - if (!EVP_DigestSign(ctx, buf_out, &outl, buf_in, inl)) { - outl = 0; - ERR_raise(ERR_LIB_ASN1, ERR_R_EVP_LIB); - goto err; - } - OPENSSL_free(signature->data); - signature->data = buf_out; - buf_out = NULL; - signature->length = outl; - /* - * In the interests of compatibility, I'll make sure that the bit string - * has a 'not-used bits' value of 0 - */ - signature->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); - signature->flags |= ASN1_STRING_FLAG_BITS_LEFT; - err: - OPENSSL_clear_free((char *)buf_in, inl); - OPENSSL_clear_free((char *)buf_out, outll); - return outl; -} diff --git a/crypto/asn1/a_strex.c b/crypto/asn1/a_strex.c deleted file mode 100644 index b31761aae6f52c1f9e75acea646b24a0f71942bd..0000000000000000000000000000000000000000 --- a/crypto/asn1/a_strex.c +++ /dev/null @@ -1,628 +0,0 @@ -/* - * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include "internal/cryptlib.h" -#include "crypto/asn1.h" -#include -#include -#include - -#include "charmap.h" - -/* - * ASN1_STRING_print_ex() and X509_NAME_print_ex(). Enhanced string and name - * printing routines handling multibyte characters, RFC2253 and a host of - * other options. - */ - -#define CHARTYPE_BS_ESC (ASN1_STRFLGS_ESC_2253 | CHARTYPE_FIRST_ESC_2253 | CHARTYPE_LAST_ESC_2253) - -#define ESC_FLAGS (ASN1_STRFLGS_ESC_2253 | \ - ASN1_STRFLGS_ESC_2254 | \ - ASN1_STRFLGS_ESC_QUOTE | \ - ASN1_STRFLGS_ESC_CTRL | \ - ASN1_STRFLGS_ESC_MSB) - -/* - * Three IO functions for sending data to memory, a BIO and a FILE - * pointer. - */ -static int send_bio_chars(void *arg, const void *buf, int len) -{ - if (!arg) - return 1; - if (BIO_write(arg, buf, len) != len) - return 0; - return 1; -} - -#ifndef OPENSSL_NO_STDIO -static int send_fp_chars(void *arg, const void *buf, int len) -{ - if (!arg) - return 1; - if (fwrite(buf, 1, len, arg) != (unsigned int)len) - return 0; - return 1; -} -#endif - -typedef int char_io (void *arg, const void *buf, int len); - -/* - * This function handles display of strings, one character at a time. It is - * passed an unsigned long for each character because it could come from 2 or - * even 4 byte forms. - */ - -static int do_esc_char(unsigned long c, unsigned short flags, char *do_quotes, - char_io *io_ch, void *arg) -{ - unsigned short chflgs; - unsigned char chtmp; - char tmphex[HEX_SIZE(long) + 3]; - - if (c > 0xffffffffL) - return -1; - if (c > 0xffff) { - BIO_snprintf(tmphex, sizeof(tmphex), "\\W%08lX", c); - if (!io_ch(arg, tmphex, 10)) - return -1; - return 10; - } - if (c > 0xff) { - BIO_snprintf(tmphex, sizeof(tmphex), "\\U%04lX", c); - if (!io_ch(arg, tmphex, 6)) - return -1; - return 6; - } - chtmp = (unsigned char)c; - if (chtmp > 0x7f) - chflgs = flags & ASN1_STRFLGS_ESC_MSB; - else - chflgs = char_type[chtmp] & flags; - if (chflgs & CHARTYPE_BS_ESC) { - /* If we don't escape with quotes, signal we need quotes */ - if (chflgs & ASN1_STRFLGS_ESC_QUOTE) { - if (do_quotes) - *do_quotes = 1; - if (!io_ch(arg, &chtmp, 1)) - return -1; - return 1; - } - if (!io_ch(arg, "\\", 1)) - return -1; - if (!io_ch(arg, &chtmp, 1)) - return -1; - return 2; - } - if (chflgs & (ASN1_STRFLGS_ESC_CTRL - | ASN1_STRFLGS_ESC_MSB - | ASN1_STRFLGS_ESC_2254)) { - BIO_snprintf(tmphex, 11, "\\%02X", chtmp); - if (!io_ch(arg, tmphex, 3)) - return -1; - return 3; - } - /* - * If we get this far and do any escaping at all must escape the escape - * character itself: backslash. - */ - if (chtmp == '\\' && (flags & ESC_FLAGS)) { - if (!io_ch(arg, "\\\\", 2)) - return -1; - return 2; - } - if (!io_ch(arg, &chtmp, 1)) - return -1; - return 1; -} - -#define BUF_TYPE_WIDTH_MASK 0x7 -#define BUF_TYPE_CONVUTF8 0x8 - -/* - * This function sends each character in a buffer to do_esc_char(). It - * interprets the content formats and converts to or from UTF8 as - * appropriate. - */ - -static int do_buf(unsigned char *buf, int buflen, - int type, unsigned short flags, char *quotes, char_io *io_ch, - void *arg) -{ - int i, outlen, len, charwidth; - unsigned short orflags; - unsigned char *p, *q; - unsigned long c; - - p = buf; - q = buf + buflen; - outlen = 0; - charwidth = type & BUF_TYPE_WIDTH_MASK; - - switch (charwidth) { - case 4: - if (buflen & 3) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_INVALID_UNIVERSALSTRING_LENGTH); - return -1; - } - break; - case 2: - if (buflen & 1) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_INVALID_BMPSTRING_LENGTH); - return -1; - } - break; - default: - break; - } - - while (p != q) { - if (p == buf && flags & ASN1_STRFLGS_ESC_2253) - orflags = CHARTYPE_FIRST_ESC_2253; - else - orflags = 0; - - switch (charwidth) { - case 4: - c = ((unsigned long)*p++) << 24; - c |= ((unsigned long)*p++) << 16; - c |= ((unsigned long)*p++) << 8; - c |= *p++; - break; - - case 2: - c = ((unsigned long)*p++) << 8; - c |= *p++; - break; - - case 1: - c = *p++; - break; - - case 0: - i = UTF8_getc(p, buflen, &c); - if (i < 0) - return -1; /* Invalid UTF8String */ - buflen -= i; - p += i; - break; - default: - return -1; /* invalid width */ - } - if (p == q && flags & ASN1_STRFLGS_ESC_2253) - orflags = CHARTYPE_LAST_ESC_2253; - if (type & BUF_TYPE_CONVUTF8) { - unsigned char utfbuf[6]; - int utflen; - utflen = UTF8_putc(utfbuf, sizeof(utfbuf), c); - for (i = 0; i < utflen; i++) { - /* - * We don't need to worry about setting orflags correctly - * because if utflen==1 its value will be correct anyway - * otherwise each character will be > 0x7f and so the - * character will never be escaped on first and last. - */ - len = do_esc_char(utfbuf[i], flags | orflags, quotes, - io_ch, arg); - if (len < 0) - return -1; - outlen += len; - } - } else { - len = do_esc_char(c, flags | orflags, quotes, - io_ch, arg); - if (len < 0) - return -1; - outlen += len; - } - } - return outlen; -} - -/* This function hex dumps a buffer of characters */ - -static int do_hex_dump(char_io *io_ch, void *arg, unsigned char *buf, - int buflen) -{ - static const char hexdig[] = "0123456789ABCDEF"; - unsigned char *p, *q; - char hextmp[2]; - if (arg) { - p = buf; - q = buf + buflen; - while (p != q) { - hextmp[0] = hexdig[*p >> 4]; - hextmp[1] = hexdig[*p & 0xf]; - if (!io_ch(arg, hextmp, 2)) - return -1; - p++; - } - } - return buflen << 1; -} - -/* - * "dump" a string. This is done when the type is unknown, or the flags - * request it. We can either dump the content octets or the entire DER - * encoding. This uses the RFC2253 #01234 format. - */ - -static int do_dump(unsigned long lflags, char_io *io_ch, void *arg, - const ASN1_STRING *str) -{ - /* - * Placing the ASN1_STRING in a temp ASN1_TYPE allows the DER encoding to - * readily obtained - */ - ASN1_TYPE t; - unsigned char *der_buf, *p; - int outlen, der_len; - - if (!io_ch(arg, "#", 1)) - return -1; - /* If we don't dump DER encoding just dump content octets */ - if (!(lflags & ASN1_STRFLGS_DUMP_DER)) { - outlen = do_hex_dump(io_ch, arg, str->data, str->length); - if (outlen < 0) - return -1; - return outlen + 1; - } - t.type = str->type; - t.value.ptr = (char *)str; - der_len = i2d_ASN1_TYPE(&t, NULL); - if (der_len <= 0) - return -1; - if ((der_buf = OPENSSL_malloc(der_len)) == NULL) { - ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); - return -1; - } - p = der_buf; - i2d_ASN1_TYPE(&t, &p); - outlen = do_hex_dump(io_ch, arg, der_buf, der_len); - OPENSSL_free(der_buf); - if (outlen < 0) - return -1; - return outlen + 1; -} - -/* - * Lookup table to convert tags to character widths, 0 = UTF8 encoded, -1 is - * used for non string types otherwise it is the number of bytes per - * character - */ - -static const signed char tag2nbyte[] = { - -1, -1, -1, -1, -1, /* 0-4 */ - -1, -1, -1, -1, -1, /* 5-9 */ - -1, -1, /* 10-11 */ - 0, /* 12 V_ASN1_UTF8STRING */ - -1, -1, -1, -1, -1, /* 13-17 */ - 1, /* 18 V_ASN1_NUMERICSTRING */ - 1, /* 19 V_ASN1_PRINTABLESTRING */ - 1, /* 20 V_ASN1_T61STRING */ - -1, /* 21 */ - 1, /* 22 V_ASN1_IA5STRING */ - 1, /* 23 V_ASN1_UTCTIME */ - 1, /* 24 V_ASN1_GENERALIZEDTIME */ - -1, /* 25 */ - 1, /* 26 V_ASN1_ISO64STRING */ - -1, /* 27 */ - 4, /* 28 V_ASN1_UNIVERSALSTRING */ - -1, /* 29 */ - 2 /* 30 V_ASN1_BMPSTRING */ -}; - -/* - * This is the main function, print out an ASN1_STRING taking note of various - * escape and display options. Returns number of characters written or -1 if - * an error occurred. - */ - -static int do_print_ex(char_io *io_ch, void *arg, unsigned long lflags, - const ASN1_STRING *str) -{ - int outlen, len; - int type; - char quotes; - unsigned short flags; - quotes = 0; - /* Keep a copy of escape flags */ - flags = (unsigned short)(lflags & ESC_FLAGS); - - type = str->type; - - outlen = 0; - - if (lflags & ASN1_STRFLGS_SHOW_TYPE) { - const char *tagname; - tagname = ASN1_tag2str(type); - outlen += strlen(tagname); - if (!io_ch(arg, tagname, outlen) || !io_ch(arg, ":", 1)) - return -1; - outlen++; - } - - /* Decide what to do with type, either dump content or display it */ - - /* Dump everything */ - if (lflags & ASN1_STRFLGS_DUMP_ALL) - type = -1; - /* Ignore the string type */ - else if (lflags & ASN1_STRFLGS_IGNORE_TYPE) - type = 1; - else { - /* Else determine width based on type */ - if ((type > 0) && (type < 31)) - type = tag2nbyte[type]; - else - type = -1; - if ((type == -1) && !(lflags & ASN1_STRFLGS_DUMP_UNKNOWN)) - type = 1; - } - - if (type == -1) { - len = do_dump(lflags, io_ch, arg, str); - if (len < 0) - return -1; - outlen += len; - return outlen; - } - - if (lflags & ASN1_STRFLGS_UTF8_CONVERT) { - /* - * Note: if string is UTF8 and we want to convert to UTF8 then we - * just interpret it as 1 byte per character to avoid converting - * twice. - */ - if (!type) - type = 1; - else - type |= BUF_TYPE_CONVUTF8; - } - - len = do_buf(str->data, str->length, type, flags, "es, io_ch, NULL); - if (len < 0) - return -1; - outlen += len; - if (quotes) - outlen += 2; - if (!arg) - return outlen; - if (quotes && !io_ch(arg, "\"", 1)) - return -1; - if (do_buf(str->data, str->length, type, flags, NULL, io_ch, arg) < 0) - return -1; - if (quotes && !io_ch(arg, "\"", 1)) - return -1; - return outlen; -} - -/* Used for line indenting: print 'indent' spaces */ - -static int do_indent(char_io *io_ch, void *arg, int indent) -{ - int i; - for (i = 0; i < indent; i++) - if (!io_ch(arg, " ", 1)) - return 0; - return 1; -} - -#define FN_WIDTH_LN 25 -#define FN_WIDTH_SN 10 - -static int do_name_ex(char_io *io_ch, void *arg, const X509_NAME *n, - int indent, unsigned long flags) -{ - int i, prev = -1, orflags, cnt; - int fn_opt, fn_nid; - ASN1_OBJECT *fn; - const ASN1_STRING *val; - const X509_NAME_ENTRY *ent; - char objtmp[80]; - const char *objbuf; - int outlen, len; - char *sep_dn, *sep_mv, *sep_eq; - int sep_dn_len, sep_mv_len, sep_eq_len; - if (indent < 0) - indent = 0; - outlen = indent; - if (!do_indent(io_ch, arg, indent)) - return -1; - switch (flags & XN_FLAG_SEP_MASK) { - case XN_FLAG_SEP_MULTILINE: - sep_dn = "\n"; - sep_dn_len = 1; - sep_mv = " + "; - sep_mv_len = 3; - break; - - case XN_FLAG_SEP_COMMA_PLUS: - sep_dn = ","; - sep_dn_len = 1; - sep_mv = "+"; - sep_mv_len = 1; - indent = 0; - break; - - case XN_FLAG_SEP_CPLUS_SPC: - sep_dn = ", "; - sep_dn_len = 2; - sep_mv = " + "; - sep_mv_len = 3; - indent = 0; - break; - - case XN_FLAG_SEP_SPLUS_SPC: - sep_dn = "; "; - sep_dn_len = 2; - sep_mv = " + "; - sep_mv_len = 3; - indent = 0; - break; - - default: - return -1; - } - - if (flags & XN_FLAG_SPC_EQ) { - sep_eq = " = "; - sep_eq_len = 3; - } else { - sep_eq = "="; - sep_eq_len = 1; - } - - fn_opt = flags & XN_FLAG_FN_MASK; - - cnt = X509_NAME_entry_count(n); - for (i = 0; i < cnt; i++) { - if (flags & XN_FLAG_DN_REV) - ent = X509_NAME_get_entry(n, cnt - i - 1); - else - ent = X509_NAME_get_entry(n, i); - if (prev != -1) { - if (prev == X509_NAME_ENTRY_set(ent)) { - if (!io_ch(arg, sep_mv, sep_mv_len)) - return -1; - outlen += sep_mv_len; - } else { - if (!io_ch(arg, sep_dn, sep_dn_len)) - return -1; - outlen += sep_dn_len; - if (!do_indent(io_ch, arg, indent)) - return -1; - outlen += indent; - } - } - prev = X509_NAME_ENTRY_set(ent); - fn = X509_NAME_ENTRY_get_object(ent); - val = X509_NAME_ENTRY_get_data(ent); - fn_nid = OBJ_obj2nid(fn); - if (fn_opt != XN_FLAG_FN_NONE) { - int objlen, fld_len; - if ((fn_opt == XN_FLAG_FN_OID) || (fn_nid == NID_undef)) { - OBJ_obj2txt(objtmp, sizeof(objtmp), fn, 1); - fld_len = 0; /* XXX: what should this be? */ - objbuf = objtmp; - } else { - if (fn_opt == XN_FLAG_FN_SN) { - fld_len = FN_WIDTH_SN; - objbuf = OBJ_nid2sn(fn_nid); - } else if (fn_opt == XN_FLAG_FN_LN) { - fld_len = FN_WIDTH_LN; - objbuf = OBJ_nid2ln(fn_nid); - } else { - fld_len = 0; /* XXX: what should this be? */ - objbuf = ""; - } - } - objlen = strlen(objbuf); - if (!io_ch(arg, objbuf, objlen)) - return -1; - if ((objlen < fld_len) && (flags & XN_FLAG_FN_ALIGN)) { - if (!do_indent(io_ch, arg, fld_len - objlen)) - return -1; - outlen += fld_len - objlen; - } - if (!io_ch(arg, sep_eq, sep_eq_len)) - return -1; - outlen += objlen + sep_eq_len; - } - /* - * If the field name is unknown then fix up the DER dump flag. We - * might want to limit this further so it will DER dump on anything - * other than a few 'standard' fields. - */ - if ((fn_nid == NID_undef) && (flags & XN_FLAG_DUMP_UNKNOWN_FIELDS)) - orflags = ASN1_STRFLGS_DUMP_ALL; - else - orflags = 0; - - len = do_print_ex(io_ch, arg, flags | orflags, val); - if (len < 0) - return -1; - outlen += len; - } - return outlen; -} - -/* Wrappers round the main functions */ - -int X509_NAME_print_ex(BIO *out, const X509_NAME *nm, int indent, - unsigned long flags) -{ - if (flags == XN_FLAG_COMPAT) - return X509_NAME_print(out, nm, indent); - return do_name_ex(send_bio_chars, out, nm, indent, flags); -} - -#ifndef OPENSSL_NO_STDIO -int X509_NAME_print_ex_fp(FILE *fp, const X509_NAME *nm, int indent, - unsigned long flags) -{ - if (flags == XN_FLAG_COMPAT) { - BIO *btmp; - int ret; - btmp = BIO_new_fp(fp, BIO_NOCLOSE); - if (!btmp) - return -1; - ret = X509_NAME_print(btmp, nm, indent); - BIO_free(btmp); - return ret; - } - return do_name_ex(send_fp_chars, fp, nm, indent, flags); -} -#endif - -int ASN1_STRING_print_ex(BIO *out, const ASN1_STRING *str, unsigned long flags) -{ - return do_print_ex(send_bio_chars, out, flags, str); -} - -#ifndef OPENSSL_NO_STDIO -int ASN1_STRING_print_ex_fp(FILE *fp, const ASN1_STRING *str, unsigned long flags) -{ - return do_print_ex(send_fp_chars, fp, flags, str); -} -#endif - -/* - * Utility function: convert any string type to UTF8, returns number of bytes - * in output string or a negative error code - */ - -int ASN1_STRING_to_UTF8(unsigned char **out, const ASN1_STRING *in) -{ - ASN1_STRING stmp, *str = &stmp; - int mbflag, type, ret; - if (!in) - return -1; - type = in->type; - if ((type < 0) || (type > 30)) - return -1; - mbflag = tag2nbyte[type]; - if (mbflag == -1) - return -1; - mbflag |= MBSTRING_FLAG; - stmp.data = NULL; - stmp.length = 0; - stmp.flags = 0; - ret = - ASN1_mbstring_copy(&str, in->data, in->length, mbflag, - B_ASN1_UTF8STRING); - if (ret < 0) - return ret; - *out = stmp.data; - return stmp.length; -} diff --git a/crypto/asn1/a_strnid.c b/crypto/asn1/a_strnid.c deleted file mode 100644 index 9e54db929282c5578cdaa4c8ad9aeb3021f00923..0000000000000000000000000000000000000000 --- a/crypto/asn1/a_strnid.c +++ /dev/null @@ -1,222 +0,0 @@ -/* - * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/cryptlib.h" -#include -#include - -static STACK_OF(ASN1_STRING_TABLE) *stable = NULL; -static void st_free(ASN1_STRING_TABLE *tbl); -static int sk_table_cmp(const ASN1_STRING_TABLE *const *a, - const ASN1_STRING_TABLE *const *b); - -/* - * This is the global mask for the mbstring functions: this is use to mask - * out certain types (such as BMPString and UTF8String) because certain - * software (e.g. Netscape) has problems with them. - */ - -static unsigned long global_mask = B_ASN1_UTF8STRING; - -void ASN1_STRING_set_default_mask(unsigned long mask) -{ - global_mask = mask; -} - -unsigned long ASN1_STRING_get_default_mask(void) -{ - return global_mask; -} - -/*- - * This function sets the default to various "flavours" of configuration. - * based on an ASCII string. Currently this is: - * MASK:XXXX : a numerical mask value. - * nobmp : Don't use BMPStrings (just Printable, T61). - * pkix : PKIX recommendation in RFC2459. - * utf8only : only use UTF8Strings (RFC2459 recommendation for 2004). - * default: the default value, Printable, T61, BMP. - */ - -int ASN1_STRING_set_default_mask_asc(const char *p) -{ - unsigned long mask; - char *end; - - if (strncmp(p, "MASK:", 5) == 0) { - if (p[5] == '\0') - return 0; - mask = strtoul(p + 5, &end, 0); - if (*end) - return 0; - } else if (strcmp(p, "nombstr") == 0) - mask = ~((unsigned long)(B_ASN1_BMPSTRING | B_ASN1_UTF8STRING)); - else if (strcmp(p, "pkix") == 0) - mask = ~((unsigned long)B_ASN1_T61STRING); - else if (strcmp(p, "utf8only") == 0) - mask = B_ASN1_UTF8STRING; - else if (strcmp(p, "default") == 0) - mask = 0xFFFFFFFFL; - else - return 0; - ASN1_STRING_set_default_mask(mask); - return 1; -} - -/* - * The following function generates an ASN1_STRING based on limits in a - * table. Frequently the types and length of an ASN1_STRING are restricted by - * a corresponding OID. For example certificates and certificate requests. - */ - -ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out, - const unsigned char *in, int inlen, - int inform, int nid) -{ - ASN1_STRING_TABLE *tbl; - ASN1_STRING *str = NULL; - unsigned long mask; - int ret; - - if (out == NULL) - out = &str; - tbl = ASN1_STRING_TABLE_get(nid); - if (tbl != NULL) { - mask = tbl->mask; - if (!(tbl->flags & STABLE_NO_MASK)) - mask &= global_mask; - ret = ASN1_mbstring_ncopy(out, in, inlen, inform, mask, - tbl->minsize, tbl->maxsize); - } else { - ret = ASN1_mbstring_copy(out, in, inlen, inform, - DIRSTRING_TYPE & global_mask); - } - if (ret <= 0) - return NULL; - return *out; -} - -/* - * Now the tables and helper functions for the string table: - */ - -#include "tbl_standard.h" - -static int sk_table_cmp(const ASN1_STRING_TABLE *const *a, - const ASN1_STRING_TABLE *const *b) -{ - return (*a)->nid - (*b)->nid; -} - -DECLARE_OBJ_BSEARCH_CMP_FN(ASN1_STRING_TABLE, ASN1_STRING_TABLE, table); - -static int table_cmp(const ASN1_STRING_TABLE *a, const ASN1_STRING_TABLE *b) -{ - return a->nid - b->nid; -} - -IMPLEMENT_OBJ_BSEARCH_CMP_FN(ASN1_STRING_TABLE, ASN1_STRING_TABLE, table); - -ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid) -{ - int idx; - ASN1_STRING_TABLE fnd; - - /* "stable" can be impacted by config, so load the config file first */ - OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL); - - fnd.nid = nid; - if (stable) { - idx = sk_ASN1_STRING_TABLE_find(stable, &fnd); - if (idx >= 0) - return sk_ASN1_STRING_TABLE_value(stable, idx); - } - return OBJ_bsearch_table(&fnd, tbl_standard, OSSL_NELEM(tbl_standard)); -} - -/* - * Return a string table pointer which can be modified: either directly from - * table or a copy of an internal value added to the table. - */ - -static ASN1_STRING_TABLE *stable_get(int nid) -{ - ASN1_STRING_TABLE *tmp, *rv; - - /* Always need a string table so allocate one if NULL */ - if (stable == NULL) { - stable = sk_ASN1_STRING_TABLE_new(sk_table_cmp); - if (stable == NULL) - return NULL; - } - tmp = ASN1_STRING_TABLE_get(nid); - if (tmp != NULL && tmp->flags & STABLE_FLAGS_MALLOC) - return tmp; - if ((rv = OPENSSL_zalloc(sizeof(*rv))) == NULL) { - ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); - return NULL; - } - if (!sk_ASN1_STRING_TABLE_push(stable, rv)) { - OPENSSL_free(rv); - return NULL; - } - if (tmp != NULL) { - rv->nid = tmp->nid; - rv->minsize = tmp->minsize; - rv->maxsize = tmp->maxsize; - rv->mask = tmp->mask; - rv->flags = tmp->flags | STABLE_FLAGS_MALLOC; - } else { - rv->nid = nid; - rv->minsize = -1; - rv->maxsize = -1; - rv->flags = STABLE_FLAGS_MALLOC; - } - return rv; -} - -int ASN1_STRING_TABLE_add(int nid, - long minsize, long maxsize, unsigned long mask, - unsigned long flags) -{ - ASN1_STRING_TABLE *tmp; - - tmp = stable_get(nid); - if (tmp == NULL) { - ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); - return 0; - } - if (minsize >= 0) - tmp->minsize = minsize; - if (maxsize >= 0) - tmp->maxsize = maxsize; - if (mask) - tmp->mask = mask; - if (flags) - tmp->flags = STABLE_FLAGS_MALLOC | flags; - return 1; -} - -void ASN1_STRING_TABLE_cleanup(void) -{ - STACK_OF(ASN1_STRING_TABLE) *tmp; - - tmp = stable; - if (tmp == NULL) - return; - stable = NULL; - sk_ASN1_STRING_TABLE_pop_free(tmp, st_free); -} - -static void st_free(ASN1_STRING_TABLE *tbl) -{ - if (tbl->flags & STABLE_FLAGS_MALLOC) - OPENSSL_free(tbl); -} diff --git a/crypto/asn1/a_time.c b/crypto/asn1/a_time.c deleted file mode 100644 index 9b3074e47e84a590829843bf10ca640407ea2590..0000000000000000000000000000000000000000 --- a/crypto/asn1/a_time.c +++ /dev/null @@ -1,591 +0,0 @@ -/* - * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/*- - * This is an implementation of the ASN1 Time structure which is: - * Time ::= CHOICE { - * utcTime UTCTime, - * generalTime GeneralizedTime } - */ - -#include -#include -#include "crypto/asn1.h" -#include "crypto/ctype.h" -#include "internal/cryptlib.h" -#include -#include "asn1_local.h" - -IMPLEMENT_ASN1_MSTRING(ASN1_TIME, B_ASN1_TIME) - -IMPLEMENT_ASN1_FUNCTIONS(ASN1_TIME) -IMPLEMENT_ASN1_DUP_FUNCTION(ASN1_TIME) - -static int is_utc(const int year) -{ - if (50 <= year && year <= 149) - return 1; - return 0; -} - -static int leap_year(const int year) -{ - if (year % 400 == 0 || (year % 100 != 0 && year % 4 == 0)) - return 1; - return 0; -} - -/* - * Compute the day of the week and the day of the year from the year, month - * and day. The day of the year is straightforward, the day of the week uses - * a form of Zeller's congruence. For this months start with March and are - * numbered 4 through 15. - */ -static void determine_days(struct tm *tm) -{ - static const int ydays[12] = { - 0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334 - }; - int y = tm->tm_year + 1900; - int m = tm->tm_mon; - int d = tm->tm_mday; - int c; - - tm->tm_yday = ydays[m] + d - 1; - if (m >= 2) { - /* March and onwards can be one day further into the year */ - tm->tm_yday += leap_year(y); - m += 2; - } else { - /* Treat January and February as part of the previous year */ - m += 14; - y--; - } - c = y / 100; - y %= 100; - /* Zeller's congruence */ - tm->tm_wday = (d + (13 * m) / 5 + y + y / 4 + c / 4 + 5 * c + 6) % 7; -} - -int ossl_asn1_time_to_tm(struct tm *tm, const ASN1_TIME *d) -{ - static const int min[9] = { 0, 0, 1, 1, 0, 0, 0, 0, 0 }; - static const int max[9] = { 99, 99, 12, 31, 23, 59, 59, 12, 59 }; - static const int mdays[12] = { 31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31 }; - char *a; - int n, i, i2, l, o, min_l = 11, strict = 0, end = 6, btz = 5, md; - struct tm tmp; -#if defined(CHARSET_EBCDIC) - const char upper_z = 0x5A, num_zero = 0x30, period = 0x2E, minus = 0x2D, plus = 0x2B; -#else - const char upper_z = 'Z', num_zero = '0', period = '.', minus = '-', plus = '+'; -#endif - /* - * ASN1_STRING_FLAG_X509_TIME is used to enforce RFC 5280 - * time string format, in which: - * - * 1. "seconds" is a 'MUST' - * 2. "Zulu" timezone is a 'MUST' - * 3. "+|-" is not allowed to indicate a time zone - */ - if (d->type == V_ASN1_UTCTIME) { - if (d->flags & ASN1_STRING_FLAG_X509_TIME) { - min_l = 13; - strict = 1; - } - } else if (d->type == V_ASN1_GENERALIZEDTIME) { - end = 7; - btz = 6; - if (d->flags & ASN1_STRING_FLAG_X509_TIME) { - min_l = 15; - strict = 1; - } else { - min_l = 13; - } - } else { - return 0; - } - - l = d->length; - a = (char *)d->data; - o = 0; - memset(&tmp, 0, sizeof(tmp)); - - /* - * GENERALIZEDTIME is similar to UTCTIME except the year is represented - * as YYYY. This stuff treats everything as a two digit field so make - * first two fields 00 to 99 - */ - - if (l < min_l) - goto err; - for (i = 0; i < end; i++) { - if (!strict && (i == btz) && ((a[o] == upper_z) || (a[o] == plus) || (a[o] == minus))) { - i++; - break; - } - if (!ossl_ascii_isdigit(a[o])) - goto err; - n = a[o] - num_zero; - /* incomplete 2-digital number */ - if (++o == l) - goto err; - - if (!ossl_ascii_isdigit(a[o])) - goto err; - n = (n * 10) + a[o] - num_zero; - /* no more bytes to read, but we haven't seen time-zone yet */ - if (++o == l) - goto err; - - i2 = (d->type == V_ASN1_UTCTIME) ? i + 1 : i; - - if ((n < min[i2]) || (n > max[i2])) - goto err; - switch (i2) { - case 0: - /* UTC will never be here */ - tmp.tm_year = n * 100 - 1900; - break; - case 1: - if (d->type == V_ASN1_UTCTIME) - tmp.tm_year = n < 50 ? n + 100 : n; - else - tmp.tm_year += n; - break; - case 2: - tmp.tm_mon = n - 1; - break; - case 3: - /* check if tm_mday is valid in tm_mon */ - if (tmp.tm_mon == 1) { - /* it's February */ - md = mdays[1] + leap_year(tmp.tm_year + 1900); - } else { - md = mdays[tmp.tm_mon]; - } - if (n > md) - goto err; - tmp.tm_mday = n; - determine_days(&tmp); - break; - case 4: - tmp.tm_hour = n; - break; - case 5: - tmp.tm_min = n; - break; - case 6: - tmp.tm_sec = n; - break; - } - } - - /* - * Optional fractional seconds: decimal point followed by one or more - * digits. - */ - if (d->type == V_ASN1_GENERALIZEDTIME && a[o] == period) { - if (strict) - /* RFC 5280 forbids fractional seconds */ - goto err; - if (++o == l) - goto err; - i = o; - while ((o < l) && ossl_ascii_isdigit(a[o])) - o++; - /* Must have at least one digit after decimal point */ - if (i == o) - goto err; - /* no more bytes to read, but we haven't seen time-zone yet */ - if (o == l) - goto err; - } - - /* - * 'o' will never point to '\0' at this point, the only chance - * 'o' can point to '\0' is either the subsequent if or the first - * else if is true. - */ - if (a[o] == upper_z) { - o++; - } else if (!strict && ((a[o] == plus) || (a[o] == minus))) { - int offsign = a[o] == minus ? 1 : -1; - int offset = 0; - - o++; - /* - * if not equal, no need to do subsequent checks - * since the following for-loop will add 'o' by 4 - * and the final return statement will check if 'l' - * and 'o' are equal. - */ - if (o + 4 != l) - goto err; - for (i = end; i < end + 2; i++) { - if (!ossl_ascii_isdigit(a[o])) - goto err; - n = a[o] - num_zero; - o++; - if (!ossl_ascii_isdigit(a[o])) - goto err; - n = (n * 10) + a[o] - num_zero; - i2 = (d->type == V_ASN1_UTCTIME) ? i + 1 : i; - if ((n < min[i2]) || (n > max[i2])) - goto err; - /* if tm is NULL, no need to adjust */ - if (tm != NULL) { - if (i == end) - offset = n * 3600; - else if (i == end + 1) - offset += n * 60; - } - o++; - } - if (offset && !OPENSSL_gmtime_adj(&tmp, 0, offset * offsign)) - goto err; - } else { - /* not Z, or not +/- in non-strict mode */ - goto err; - } - if (o == l) { - /* success, check if tm should be filled */ - if (tm != NULL) - *tm = tmp; - return 1; - } - err: - return 0; -} - -ASN1_TIME *ossl_asn1_time_from_tm(ASN1_TIME *s, struct tm *ts, int type) -{ - char* p; - ASN1_TIME *tmps = NULL; - const size_t len = 20; - - if (type == V_ASN1_UNDEF) { - if (is_utc(ts->tm_year)) - type = V_ASN1_UTCTIME; - else - type = V_ASN1_GENERALIZEDTIME; - } else if (type == V_ASN1_UTCTIME) { - if (!is_utc(ts->tm_year)) - goto err; - } else if (type != V_ASN1_GENERALIZEDTIME) { - goto err; - } - - if (s == NULL) - tmps = ASN1_STRING_new(); - else - tmps = s; - if (tmps == NULL) - return NULL; - - if (!ASN1_STRING_set(tmps, NULL, len)) - goto err; - - tmps->type = type; - p = (char*)tmps->data; - - if (type == V_ASN1_GENERALIZEDTIME) - tmps->length = BIO_snprintf(p, len, "%04d%02d%02d%02d%02d%02dZ", - ts->tm_year + 1900, ts->tm_mon + 1, - ts->tm_mday, ts->tm_hour, ts->tm_min, - ts->tm_sec); - else - tmps->length = BIO_snprintf(p, len, "%02d%02d%02d%02d%02d%02dZ", - ts->tm_year % 100, ts->tm_mon + 1, - ts->tm_mday, ts->tm_hour, ts->tm_min, - ts->tm_sec); - -#ifdef CHARSET_EBCDIC - ebcdic2ascii(tmps->data, tmps->data, tmps->length); -#endif - return tmps; - err: - if (tmps != s) - ASN1_STRING_free(tmps); - return NULL; -} - -ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t) -{ - return ASN1_TIME_adj(s, t, 0, 0); -} - -ASN1_TIME *ASN1_TIME_adj(ASN1_TIME *s, time_t t, - int offset_day, long offset_sec) -{ - struct tm *ts; - struct tm data; - - ts = OPENSSL_gmtime(&t, &data); - if (ts == NULL) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_ERROR_GETTING_TIME); - return NULL; - } - if (offset_day || offset_sec) { - if (!OPENSSL_gmtime_adj(ts, offset_day, offset_sec)) - return NULL; - } - return ossl_asn1_time_from_tm(s, ts, V_ASN1_UNDEF); -} - -int ASN1_TIME_check(const ASN1_TIME *t) -{ - if (t->type == V_ASN1_GENERALIZEDTIME) - return ASN1_GENERALIZEDTIME_check(t); - else if (t->type == V_ASN1_UTCTIME) - return ASN1_UTCTIME_check(t); - return 0; -} - -/* Convert an ASN1_TIME structure to GeneralizedTime */ -ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(const ASN1_TIME *t, - ASN1_GENERALIZEDTIME **out) -{ - ASN1_GENERALIZEDTIME *ret = NULL; - struct tm tm; - - if (!ASN1_TIME_to_tm(t, &tm)) - return NULL; - - if (out != NULL) - ret = *out; - - ret = ossl_asn1_time_from_tm(ret, &tm, V_ASN1_GENERALIZEDTIME); - - if (out != NULL && ret != NULL) - *out = ret; - - return ret; -} - -int ASN1_TIME_set_string(ASN1_TIME *s, const char *str) -{ - /* Try UTC, if that fails, try GENERALIZED */ - if (ASN1_UTCTIME_set_string(s, str)) - return 1; - return ASN1_GENERALIZEDTIME_set_string(s, str); -} - -int ASN1_TIME_set_string_X509(ASN1_TIME *s, const char *str) -{ - ASN1_TIME t; - struct tm tm; - int rv = 0; - - t.length = strlen(str); - t.data = (unsigned char *)str; - t.flags = ASN1_STRING_FLAG_X509_TIME; - - t.type = V_ASN1_UTCTIME; - - if (!ASN1_TIME_check(&t)) { - t.type = V_ASN1_GENERALIZEDTIME; - if (!ASN1_TIME_check(&t)) - goto out; - } - - /* - * Per RFC 5280 (section 4.1.2.5.), the valid input time - * strings should be encoded with the following rules: - * - * 1. UTC: YYMMDDHHMMSSZ, if YY < 50 (20YY) --> UTC: YYMMDDHHMMSSZ - * 2. UTC: YYMMDDHHMMSSZ, if YY >= 50 (19YY) --> UTC: YYMMDDHHMMSSZ - * 3. G'd: YYYYMMDDHHMMSSZ, if YYYY >= 2050 --> G'd: YYYYMMDDHHMMSSZ - * 4. G'd: YYYYMMDDHHMMSSZ, if YYYY < 2050 --> UTC: YYMMDDHHMMSSZ - * - * Only strings of the 4th rule should be reformatted, but since a - * UTC can only present [1950, 2050), so if the given time string - * is less than 1950 (e.g. 19230419000000Z), we do nothing... - */ - - if (s != NULL && t.type == V_ASN1_GENERALIZEDTIME) { - if (!ossl_asn1_time_to_tm(&tm, &t)) - goto out; - if (is_utc(tm.tm_year)) { - t.length -= 2; - /* - * it's OK to let original t.data go since that's assigned - * to a piece of memory allocated outside of this function. - * new t.data would be freed after ASN1_STRING_copy is done. - */ - t.data = OPENSSL_zalloc(t.length + 1); - if (t.data == NULL) { - ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); - goto out; - } - memcpy(t.data, str + 2, t.length); - t.type = V_ASN1_UTCTIME; - } - } - - if (s == NULL || ASN1_STRING_copy((ASN1_STRING *)s, (ASN1_STRING *)&t)) - rv = 1; - - if (t.data != (unsigned char *)str) - OPENSSL_free(t.data); -out: - return rv; -} - -int ASN1_TIME_to_tm(const ASN1_TIME *s, struct tm *tm) -{ - if (s == NULL) { - time_t now_t; - - time(&now_t); - memset(tm, 0, sizeof(*tm)); - if (OPENSSL_gmtime(&now_t, tm) != NULL) - return 1; - return 0; - } - - return ossl_asn1_time_to_tm(tm, s); -} - -int ASN1_TIME_diff(int *pday, int *psec, - const ASN1_TIME *from, const ASN1_TIME *to) -{ - struct tm tm_from, tm_to; - - if (!ASN1_TIME_to_tm(from, &tm_from)) - return 0; - if (!ASN1_TIME_to_tm(to, &tm_to)) - return 0; - return OPENSSL_gmtime_diff(pday, psec, &tm_from, &tm_to); -} - -static const char _asn1_mon[12][4] = { - "Jan", "Feb", "Mar", "Apr", "May", "Jun", - "Jul", "Aug", "Sep", "Oct", "Nov", "Dec" -}; - -/* prints the time with the default date format (RFC 822) */ -int ASN1_TIME_print(BIO *bp, const ASN1_TIME *tm) -{ - return ASN1_TIME_print_ex(bp, tm, ASN1_DTFLGS_RFC822); -} - -/* returns 1 on success, 0 on BIO write error or parse failure */ -int ASN1_TIME_print_ex(BIO *bp, const ASN1_TIME *tm, unsigned long flags) -{ - return ossl_asn1_time_print_ex(bp, tm, flags) > 0; -} - - -/* prints the time with the date format of ISO 8601 */ -/* returns 0 on BIO write error, else -1 in case of parse failure, else 1 */ -int ossl_asn1_time_print_ex(BIO *bp, const ASN1_TIME *tm, unsigned long flags) -{ - char *v; - int gmt = 0, l; - struct tm stm; - const char upper_z = 0x5A, period = 0x2E; - - /* ossl_asn1_time_to_tm will check the time type */ - if (!ossl_asn1_time_to_tm(&stm, tm)) - return BIO_write(bp, "Bad time value", 14) ? -1 : 0; - - l = tm->length; - v = (char *)tm->data; - if (v[l - 1] == upper_z) - gmt = 1; - - if (tm->type == V_ASN1_GENERALIZEDTIME) { - char *f = NULL; - int f_len = 0; - - /* - * Try to parse fractional seconds. '14' is the place of - * 'fraction point' in a GeneralizedTime string. - */ - if (tm->length > 15 && v[14] == period) { - f = &v[14]; - f_len = 1; - while (14 + f_len < l && ossl_ascii_isdigit(f[f_len])) - ++f_len; - } - - if ((flags & ASN1_DTFLGS_TYPE_MASK) == ASN1_DTFLGS_ISO8601) { - return BIO_printf(bp, "%4d-%02d-%02d %02d:%02d:%02d%.*s%s", - stm.tm_year + 1900, stm.tm_mon + 1, - stm.tm_mday, stm.tm_hour, - stm.tm_min, stm.tm_sec, f_len, f, - (gmt ? "Z" : "")) > 0; - } - else { - return BIO_printf(bp, "%s %2d %02d:%02d:%02d%.*s %d%s", - _asn1_mon[stm.tm_mon], stm.tm_mday, stm.tm_hour, - stm.tm_min, stm.tm_sec, f_len, f, stm.tm_year + 1900, - (gmt ? " GMT" : "")) > 0; - } - } else { - if ((flags & ASN1_DTFLGS_TYPE_MASK) == ASN1_DTFLGS_ISO8601) { - return BIO_printf(bp, "%4d-%02d-%02d %02d:%02d:%02d%s", - stm.tm_year + 1900, stm.tm_mon + 1, - stm.tm_mday, stm.tm_hour, - stm.tm_min, stm.tm_sec, - (gmt ? "Z" : "")) > 0; - } - else { - return BIO_printf(bp, "%s %2d %02d:%02d:%02d %d%s", - _asn1_mon[stm.tm_mon], stm.tm_mday, stm.tm_hour, - stm.tm_min, stm.tm_sec, stm.tm_year + 1900, - (gmt ? " GMT" : "")) > 0; - } - } -} - -int ASN1_TIME_cmp_time_t(const ASN1_TIME *s, time_t t) -{ - struct tm stm, ttm; - int day, sec; - - if (!ASN1_TIME_to_tm(s, &stm)) - return -2; - - if (!OPENSSL_gmtime(&t, &ttm)) - return -2; - - if (!OPENSSL_gmtime_diff(&day, &sec, &ttm, &stm)) - return -2; - - if (day > 0 || sec > 0) - return 1; - if (day < 0 || sec < 0) - return -1; - return 0; -} - -int ASN1_TIME_normalize(ASN1_TIME *t) -{ - struct tm tm; - - if (!ASN1_TIME_to_tm(t, &tm)) - return 0; - - return ossl_asn1_time_from_tm(t, &tm, V_ASN1_UNDEF) != NULL; -} - -int ASN1_TIME_compare(const ASN1_TIME *a, const ASN1_TIME *b) -{ - int day, sec; - - if (!ASN1_TIME_diff(&day, &sec, b, a)) - return -2; - if (day > 0 || sec > 0) - return 1; - if (day < 0 || sec < 0) - return -1; - return 0; -} diff --git a/crypto/asn1/a_type.c b/crypto/asn1/a_type.c deleted file mode 100644 index 6b638bd80c18e38193062f68dba32d675c3d80ed..0000000000000000000000000000000000000000 --- a/crypto/asn1/a_type.c +++ /dev/null @@ -1,138 +0,0 @@ -/* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/cryptlib.h" -#include -#include -#include "asn1_local.h" - -int ASN1_TYPE_get(const ASN1_TYPE *a) -{ - if (a->type == V_ASN1_BOOLEAN - || a->type == V_ASN1_NULL - || a->value.ptr != NULL) - return a->type; - else - return 0; -} - -void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value) -{ - if (a->type != V_ASN1_BOOLEAN - && a->type != V_ASN1_NULL - && a->value.ptr != NULL) { - ASN1_TYPE **tmp_a = &a; - ossl_asn1_primitive_free((ASN1_VALUE **)tmp_a, NULL, 0); - } - a->type = type; - if (type == V_ASN1_BOOLEAN) - a->value.boolean = value ? 0xff : 0; - else - a->value.ptr = value; -} - -int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value) -{ - if (!value || (type == V_ASN1_BOOLEAN)) { - void *p = (void *)value; - ASN1_TYPE_set(a, type, p); - } else if (type == V_ASN1_OBJECT) { - ASN1_OBJECT *odup; - odup = OBJ_dup(value); - if (!odup) - return 0; - ASN1_TYPE_set(a, type, odup); - } else { - ASN1_STRING *sdup; - sdup = ASN1_STRING_dup(value); - if (!sdup) - return 0; - ASN1_TYPE_set(a, type, sdup); - } - return 1; -} - -/* Returns 0 if they are equal, != 0 otherwise. */ -int ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b) -{ - int result = -1; - - if (!a || !b || a->type != b->type) - return -1; - - switch (a->type) { - case V_ASN1_OBJECT: - result = OBJ_cmp(a->value.object, b->value.object); - break; - case V_ASN1_BOOLEAN: - result = a->value.boolean - b->value.boolean; - break; - case V_ASN1_NULL: - result = 0; /* They do not have content. */ - break; - case V_ASN1_INTEGER: - case V_ASN1_ENUMERATED: - case V_ASN1_BIT_STRING: - case V_ASN1_OCTET_STRING: - case V_ASN1_SEQUENCE: - case V_ASN1_SET: - case V_ASN1_NUMERICSTRING: - case V_ASN1_PRINTABLESTRING: - case V_ASN1_T61STRING: - case V_ASN1_VIDEOTEXSTRING: - case V_ASN1_IA5STRING: - case V_ASN1_UTCTIME: - case V_ASN1_GENERALIZEDTIME: - case V_ASN1_GRAPHICSTRING: - case V_ASN1_VISIBLESTRING: - case V_ASN1_GENERALSTRING: - case V_ASN1_UNIVERSALSTRING: - case V_ASN1_BMPSTRING: - case V_ASN1_UTF8STRING: - case V_ASN1_OTHER: - default: - result = ASN1_STRING_cmp((ASN1_STRING *)a->value.ptr, - (ASN1_STRING *)b->value.ptr); - break; - } - - return result; -} - -ASN1_TYPE *ASN1_TYPE_pack_sequence(const ASN1_ITEM *it, void *s, ASN1_TYPE **t) -{ - ASN1_OCTET_STRING *oct; - ASN1_TYPE *rt; - - oct = ASN1_item_pack(s, it, NULL); - if (oct == NULL) - return NULL; - - if (t && *t) { - rt = *t; - } else { - rt = ASN1_TYPE_new(); - if (rt == NULL) { - ASN1_OCTET_STRING_free(oct); - return NULL; - } - if (t) - *t = rt; - } - ASN1_TYPE_set(rt, V_ASN1_SEQUENCE, oct); - return rt; -} - -void *ASN1_TYPE_unpack_sequence(const ASN1_ITEM *it, const ASN1_TYPE *t) -{ - if (t == NULL || t->type != V_ASN1_SEQUENCE || t->value.sequence == NULL) - return NULL; - return ASN1_item_unpack(t->value.sequence, it); -} diff --git a/crypto/asn1/a_utctm.c b/crypto/asn1/a_utctm.c deleted file mode 100644 index 323941ba97e2db9f9ee674ab7c5bf1c85e52d657..0000000000000000000000000000000000000000 --- a/crypto/asn1/a_utctm.c +++ /dev/null @@ -1,101 +0,0 @@ -/* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include "internal/cryptlib.h" -#include -#include "asn1_local.h" -#include - -IMPLEMENT_ASN1_DUP_FUNCTION(ASN1_UTCTIME) - -/* This is the primary function used to parse ASN1_UTCTIME */ -int ossl_asn1_utctime_to_tm(struct tm *tm, const ASN1_UTCTIME *d) -{ - /* wrapper around ossl_asn1_time_to_tm */ - if (d->type != V_ASN1_UTCTIME) - return 0; - return ossl_asn1_time_to_tm(tm, d); -} - -int ASN1_UTCTIME_check(const ASN1_UTCTIME *d) -{ - return ossl_asn1_utctime_to_tm(NULL, d); -} - -/* Sets the string via simple copy without cleaning it up */ -int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, const char *str) -{ - ASN1_UTCTIME t; - - t.type = V_ASN1_UTCTIME; - t.length = strlen(str); - t.data = (unsigned char *)str; - t.flags = 0; - - if (!ASN1_UTCTIME_check(&t)) - return 0; - - if (s != NULL && !ASN1_STRING_copy(s, &t)) - return 0; - - return 1; -} - -ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t) -{ - return ASN1_UTCTIME_adj(s, t, 0, 0); -} - -ASN1_UTCTIME *ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t, - int offset_day, long offset_sec) -{ - struct tm *ts; - struct tm data; - - ts = OPENSSL_gmtime(&t, &data); - if (ts == NULL) - return NULL; - - if (offset_day || offset_sec) { - if (!OPENSSL_gmtime_adj(ts, offset_day, offset_sec)) - return NULL; - } - - return ossl_asn1_time_from_tm(s, ts, V_ASN1_UTCTIME); -} - -int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t) -{ - struct tm stm, ttm; - int day, sec; - - if (!ossl_asn1_utctime_to_tm(&stm, s)) - return -2; - - if (OPENSSL_gmtime(&t, &ttm) == NULL) - return -2; - - if (!OPENSSL_gmtime_diff(&day, &sec, &ttm, &stm)) - return -2; - - if (day > 0 || sec > 0) - return 1; - if (day < 0 || sec < 0) - return -1; - return 0; -} - -int ASN1_UTCTIME_print(BIO *bp, const ASN1_UTCTIME *tm) -{ - if (tm->type != V_ASN1_UTCTIME) - return 0; - return ASN1_TIME_print(bp, tm); -} diff --git a/crypto/asn1/a_utf8.c b/crypto/asn1/a_utf8.c deleted file mode 100644 index 6572726cf1e5a89c09ab238d775e21c40272fe46..0000000000000000000000000000000000000000 --- a/crypto/asn1/a_utf8.c +++ /dev/null @@ -1,137 +0,0 @@ -/* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/cryptlib.h" -#include "internal/unicode.h" -#include - -/* UTF8 utilities */ - -/*- - * This parses a UTF8 string one character at a time. It is passed a pointer - * to the string and the length of the string. It sets 'value' to the value of - * the current character. It returns the number of characters read or a - * negative error code: - * -1 = string too short - * -2 = illegal character - * -3 = subsequent characters not of the form 10xxxxxx - * -4 = character encoded incorrectly (not minimal length). - */ - -int UTF8_getc(const unsigned char *str, int len, unsigned long *val) -{ - const unsigned char *p; - unsigned long value; - int ret; - if (len <= 0) - return 0; - p = str; - - /* Check syntax and work out the encoded value (if correct) */ - if ((*p & 0x80) == 0) { - value = *p++ & 0x7f; - ret = 1; - } else if ((*p & 0xe0) == 0xc0) { - if (len < 2) - return -1; - if ((p[1] & 0xc0) != 0x80) - return -3; - value = (*p++ & 0x1f) << 6; - value |= *p++ & 0x3f; - if (value < 0x80) - return -4; - ret = 2; - } else if ((*p & 0xf0) == 0xe0) { - if (len < 3) - return -1; - if (((p[1] & 0xc0) != 0x80) - || ((p[2] & 0xc0) != 0x80)) - return -3; - value = (*p++ & 0xf) << 12; - value |= (*p++ & 0x3f) << 6; - value |= *p++ & 0x3f; - if (value < 0x800) - return -4; - if (is_unicode_surrogate(value)) - return -2; - ret = 3; - } else if ((*p & 0xf8) == 0xf0) { - if (len < 4) - return -1; - if (((p[1] & 0xc0) != 0x80) - || ((p[2] & 0xc0) != 0x80) - || ((p[3] & 0xc0) != 0x80)) - return -3; - value = ((unsigned long)(*p++ & 0x7)) << 18; - value |= (*p++ & 0x3f) << 12; - value |= (*p++ & 0x3f) << 6; - value |= *p++ & 0x3f; - if (value < 0x10000) - return -4; - ret = 4; - } else - return -2; - *val = value; - return ret; -} - -/* - * This takes a character 'value' and writes the UTF8 encoded value in 'str' - * where 'str' is a buffer containing 'len' characters. Returns the number of - * characters written, -1 if 'len' is too small or -2 if 'value' is out of - * range. 'str' can be set to NULL in which case it just returns the number of - * characters. It will need at most 4 characters. - */ - -int UTF8_putc(unsigned char *str, int len, unsigned long value) -{ - if (!str) - len = 4; /* Maximum we will need */ - else if (len <= 0) - return -1; - if (value < 0x80) { - if (str) - *str = (unsigned char)value; - return 1; - } - if (value < 0x800) { - if (len < 2) - return -1; - if (str) { - *str++ = (unsigned char)(((value >> 6) & 0x1f) | 0xc0); - *str = (unsigned char)((value & 0x3f) | 0x80); - } - return 2; - } - if (value < 0x10000) { - if (is_unicode_surrogate(value)) - return -2; - if (len < 3) - return -1; - if (str) { - *str++ = (unsigned char)(((value >> 12) & 0xf) | 0xe0); - *str++ = (unsigned char)(((value >> 6) & 0x3f) | 0x80); - *str = (unsigned char)((value & 0x3f) | 0x80); - } - return 3; - } - if (value < UNICODE_LIMIT) { - if (len < 4) - return -1; - if (str) { - *str++ = (unsigned char)(((value >> 18) & 0x7) | 0xf0); - *str++ = (unsigned char)(((value >> 12) & 0x3f) | 0x80); - *str++ = (unsigned char)(((value >> 6) & 0x3f) | 0x80); - *str = (unsigned char)((value & 0x3f) | 0x80); - } - return 4; - } - return -2; -} diff --git a/crypto/asn1/a_verify.c b/crypto/asn1/a_verify.c deleted file mode 100644 index 9bf9bdd14ecc56964efde47ca1227d08c2a13aa5..0000000000000000000000000000000000000000 --- a/crypto/asn1/a_verify.c +++ /dev/null @@ -1,224 +0,0 @@ -/* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include - -#include "internal/cryptlib.h" - -#include -#include -#include -#include -#include -#include "crypto/asn1.h" -#include "crypto/evp.h" -#include "crypto/rsa.h" - -#ifndef OPENSSL_NO_DEPRECATED_3_0 - -int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature, - char *data, EVP_PKEY *pkey) -{ - EVP_MD_CTX *ctx = EVP_MD_CTX_new(); - const EVP_MD *type; - unsigned char *p, *buf_in = NULL; - int ret = -1, i, inl; - - if (ctx == NULL) { - ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); - goto err; - } - i = OBJ_obj2nid(a->algorithm); - type = EVP_get_digestbyname(OBJ_nid2sn(i)); - if (type == NULL) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM); - goto err; - } - - if (signature->type == V_ASN1_BIT_STRING && signature->flags & 0x7) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_INVALID_BIT_STRING_BITS_LEFT); - goto err; - } - - inl = i2d(data, NULL); - if (inl <= 0) { - ERR_raise(ERR_LIB_ASN1, ERR_R_INTERNAL_ERROR); - goto err; - } - buf_in = OPENSSL_malloc((unsigned int)inl); - if (buf_in == NULL) { - ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); - goto err; - } - p = buf_in; - - i2d(data, &p); - ret = EVP_VerifyInit_ex(ctx, type, NULL) - && EVP_VerifyUpdate(ctx, (unsigned char *)buf_in, inl); - - OPENSSL_clear_free(buf_in, (unsigned int)inl); - - if (!ret) { - ERR_raise(ERR_LIB_ASN1, ERR_R_EVP_LIB); - goto err; - } - ret = -1; - - if (EVP_VerifyFinal(ctx, (unsigned char *)signature->data, - (unsigned int)signature->length, pkey) <= 0) { - ERR_raise(ERR_LIB_ASN1, ERR_R_EVP_LIB); - ret = 0; - goto err; - } - ret = 1; - err: - EVP_MD_CTX_free(ctx); - return ret; -} - -#endif - -int ASN1_item_verify(const ASN1_ITEM *it, const X509_ALGOR *alg, - const ASN1_BIT_STRING *signature, const void *data, - EVP_PKEY *pkey) -{ - return ASN1_item_verify_ex(it, alg, signature, data, NULL, pkey, NULL, NULL); -} - -int ASN1_item_verify_ex(const ASN1_ITEM *it, const X509_ALGOR *alg, - const ASN1_BIT_STRING *signature, const void *data, - const ASN1_OCTET_STRING *id, EVP_PKEY *pkey, - OSSL_LIB_CTX *libctx, const char *propq) -{ - EVP_MD_CTX *ctx; - int rv = -1; - - if ((ctx = evp_md_ctx_new_ex(pkey, id, libctx, propq)) != NULL) { - rv = ASN1_item_verify_ctx(it, alg, signature, data, ctx); - EVP_PKEY_CTX_free(EVP_MD_CTX_get_pkey_ctx(ctx)); - EVP_MD_CTX_free(ctx); - } - return rv; -} - -int ASN1_item_verify_ctx(const ASN1_ITEM *it, const X509_ALGOR *alg, - const ASN1_BIT_STRING *signature, const void *data, - EVP_MD_CTX *ctx) -{ - EVP_PKEY *pkey; - unsigned char *buf_in = NULL; - int ret = -1, inl = 0; - int mdnid, pknid; - size_t inll = 0; - - pkey = EVP_PKEY_CTX_get0_pkey(EVP_MD_CTX_get_pkey_ctx(ctx)); - - if (pkey == NULL) { - ERR_raise(ERR_LIB_ASN1, ERR_R_PASSED_NULL_PARAMETER); - return -1; - } - - if (signature->type == V_ASN1_BIT_STRING && signature->flags & 0x7) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_INVALID_BIT_STRING_BITS_LEFT); - return -1; - } - - /* Convert signature OID into digest and public key OIDs */ - if (!OBJ_find_sigid_algs(OBJ_obj2nid(alg->algorithm), &mdnid, &pknid)) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM); - goto err; - } - - if (mdnid == NID_undef && evp_pkey_is_legacy(pkey)) { - if (pkey->ameth == NULL || pkey->ameth->item_verify == NULL) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM); - goto err; - } - ret = pkey->ameth->item_verify(ctx, it, data, alg, signature, pkey); - /* - * Return values meaning: - * <=0: error. - * 1: method does everything. - * 2: carry on as normal, method has called EVP_DigestVerifyInit() - */ - if (ret <= 0) - ERR_raise(ERR_LIB_ASN1, ERR_R_EVP_LIB); - if (ret <= 1) - goto err; - } else { - const EVP_MD *type = NULL; - - /* - * We don't yet have the ability for providers to be able to handle - * X509_ALGOR style parameters. Fortunately the only one that needs this - * so far is RSA-PSS, so we just special case this for now. In some - * future version of OpenSSL we should push this to the provider. - */ - if (mdnid == NID_undef && pknid == EVP_PKEY_RSA_PSS) { - if (!EVP_PKEY_is_a(pkey, "RSA") && !EVP_PKEY_is_a(pkey, "RSA-PSS")) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_WRONG_PUBLIC_KEY_TYPE); - goto err; - } - /* This function also calls EVP_DigestVerifyInit */ - if (ossl_rsa_pss_to_ctx(ctx, NULL, alg, pkey) <= 0) { - ERR_raise(ERR_LIB_ASN1, ERR_R_INTERNAL_ERROR); - goto err; - } - } else { - /* Check public key OID matches public key type */ - if (!EVP_PKEY_is_a(pkey, OBJ_nid2sn(pknid))) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_WRONG_PUBLIC_KEY_TYPE); - goto err; - } - - if (mdnid != NID_undef) { - type = EVP_get_digestbynid(mdnid); - if (type == NULL) { - ERR_raise(ERR_LIB_ASN1, - ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM); - goto err; - } - } - - /* - * Note that some algorithms (notably Ed25519 and Ed448) may allow - * a NULL digest value. - */ - if (!EVP_DigestVerifyInit(ctx, NULL, type, NULL, pkey)) { - ERR_raise(ERR_LIB_ASN1, ERR_R_EVP_LIB); - ret = 0; - goto err; - } - } - } - - inl = ASN1_item_i2d(data, &buf_in, it); - if (inl <= 0) { - ERR_raise(ERR_LIB_ASN1, ERR_R_INTERNAL_ERROR); - goto err; - } - if (buf_in == NULL) { - ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); - goto err; - } - inll = inl; - - ret = EVP_DigestVerify(ctx, signature->data, (size_t)signature->length, - buf_in, inl); - if (ret <= 0) { - ERR_raise(ERR_LIB_ASN1, ERR_R_EVP_LIB); - goto err; - } - ret = 1; - err: - OPENSSL_clear_free(buf_in, inll); - return ret; -} diff --git a/crypto/asn1/ameth_lib.c b/crypto/asn1/ameth_lib.c deleted file mode 100644 index 8b15da3beed64b7b97a1baa4fe0d5610c127c011..0000000000000000000000000000000000000000 --- a/crypto/asn1/ameth_lib.c +++ /dev/null @@ -1,437 +0,0 @@ -/* - * Copyright 2006-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* We need to use some engine deprecated APIs */ -#define OPENSSL_SUPPRESS_DEPRECATED - -#include "internal/cryptlib.h" -#include -#include -#include -#include -#include "crypto/asn1.h" -#include "crypto/evp.h" - -#include "standard_methods.h" - -typedef int sk_cmp_fn_type(const char *const *a, const char *const *b); -static STACK_OF(EVP_PKEY_ASN1_METHOD) *app_methods = NULL; - -DECLARE_OBJ_BSEARCH_CMP_FN(const EVP_PKEY_ASN1_METHOD *, - const EVP_PKEY_ASN1_METHOD *, ameth); - -static int ameth_cmp(const EVP_PKEY_ASN1_METHOD *const *a, - const EVP_PKEY_ASN1_METHOD *const *b) -{ - return ((*a)->pkey_id - (*b)->pkey_id); -} - -IMPLEMENT_OBJ_BSEARCH_CMP_FN(const EVP_PKEY_ASN1_METHOD *, - const EVP_PKEY_ASN1_METHOD *, ameth); - -int EVP_PKEY_asn1_get_count(void) -{ - int num = OSSL_NELEM(standard_methods); - if (app_methods) - num += sk_EVP_PKEY_ASN1_METHOD_num(app_methods); - return num; -} - -const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_get0(int idx) -{ - int num = OSSL_NELEM(standard_methods); - if (idx < 0) - return NULL; - if (idx < num) - return standard_methods[idx]; - idx -= num; - return sk_EVP_PKEY_ASN1_METHOD_value(app_methods, idx); -} - -static const EVP_PKEY_ASN1_METHOD *pkey_asn1_find(int type) -{ - EVP_PKEY_ASN1_METHOD tmp; - const EVP_PKEY_ASN1_METHOD *t = &tmp, **ret; - - tmp.pkey_id = type; - if (app_methods) { - int idx; - idx = sk_EVP_PKEY_ASN1_METHOD_find(app_methods, &tmp); - if (idx >= 0) - return sk_EVP_PKEY_ASN1_METHOD_value(app_methods, idx); - } - ret = OBJ_bsearch_ameth(&t, standard_methods, OSSL_NELEM(standard_methods)); - if (ret == NULL || *ret == NULL) - return NULL; - return *ret; -} - -/* - * Find an implementation of an ASN1 algorithm. If 'pe' is not NULL also - * search through engines and set *pe to a functional reference to the engine - * implementing 'type' or NULL if no engine implements it. - */ - -const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find(ENGINE **pe, int type) -{ - const EVP_PKEY_ASN1_METHOD *t; - - for (;;) { - t = pkey_asn1_find(type); - if (!t || !(t->pkey_flags & ASN1_PKEY_ALIAS)) - break; - type = t->pkey_base_id; - } - if (pe) { -#ifndef OPENSSL_NO_ENGINE - ENGINE *e; - /* type will contain the final unaliased type */ - e = ENGINE_get_pkey_asn1_meth_engine(type); - if (e) { - *pe = e; - return ENGINE_get_pkey_asn1_meth(e, type); - } -#endif - *pe = NULL; - } - return t; -} - -const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find_str(ENGINE **pe, - const char *str, int len) -{ - int i; - const EVP_PKEY_ASN1_METHOD *ameth = NULL; - - if (len == -1) - len = strlen(str); - if (pe) { -#ifndef OPENSSL_NO_ENGINE - ENGINE *e; - ameth = ENGINE_pkey_asn1_find_str(&e, str, len); - if (ameth) { - /* - * Convert structural into functional reference - */ - if (!ENGINE_init(e)) - ameth = NULL; - ENGINE_free(e); - *pe = e; - return ameth; - } -#endif - *pe = NULL; - } - for (i = EVP_PKEY_asn1_get_count(); i-- > 0; ) { - ameth = EVP_PKEY_asn1_get0(i); - if (ameth->pkey_flags & ASN1_PKEY_ALIAS) - continue; - if ((int)strlen(ameth->pem_str) == len - && OPENSSL_strncasecmp(ameth->pem_str, str, len) == 0) - return ameth; - } - return NULL; -} - -int EVP_PKEY_asn1_add0(const EVP_PKEY_ASN1_METHOD *ameth) -{ - EVP_PKEY_ASN1_METHOD tmp = { 0, }; - - /* - * One of the following must be true: - * - * pem_str == NULL AND ASN1_PKEY_ALIAS is set - * pem_str != NULL AND ASN1_PKEY_ALIAS is clear - * - * Anything else is an error and may lead to a corrupt ASN1 method table - */ - if (!((ameth->pem_str == NULL - && (ameth->pkey_flags & ASN1_PKEY_ALIAS) != 0) - || (ameth->pem_str != NULL - && (ameth->pkey_flags & ASN1_PKEY_ALIAS) == 0))) { - ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_INVALID_ARGUMENT); - return 0; - } - - if (app_methods == NULL) { - app_methods = sk_EVP_PKEY_ASN1_METHOD_new(ameth_cmp); - if (app_methods == NULL) - return 0; - } - - tmp.pkey_id = ameth->pkey_id; - if (sk_EVP_PKEY_ASN1_METHOD_find(app_methods, &tmp) >= 0) { - ERR_raise(ERR_LIB_EVP, - EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED); - return 0; - } - - if (!sk_EVP_PKEY_ASN1_METHOD_push(app_methods, ameth)) - return 0; - sk_EVP_PKEY_ASN1_METHOD_sort(app_methods); - return 1; -} - -int EVP_PKEY_asn1_add_alias(int to, int from) -{ - EVP_PKEY_ASN1_METHOD *ameth; - ameth = EVP_PKEY_asn1_new(from, ASN1_PKEY_ALIAS, NULL, NULL); - if (ameth == NULL) - return 0; - ameth->pkey_base_id = to; - if (!EVP_PKEY_asn1_add0(ameth)) { - EVP_PKEY_asn1_free(ameth); - return 0; - } - return 1; -} - -int EVP_PKEY_asn1_get0_info(int *ppkey_id, int *ppkey_base_id, - int *ppkey_flags, const char **pinfo, - const char **ppem_str, - const EVP_PKEY_ASN1_METHOD *ameth) -{ - if (!ameth) - return 0; - if (ppkey_id) - *ppkey_id = ameth->pkey_id; - if (ppkey_base_id) - *ppkey_base_id = ameth->pkey_base_id; - if (ppkey_flags) - *ppkey_flags = ameth->pkey_flags; - if (pinfo) - *pinfo = ameth->info; - if (ppem_str) - *ppem_str = ameth->pem_str; - return 1; -} - -const EVP_PKEY_ASN1_METHOD *EVP_PKEY_get0_asn1(const EVP_PKEY *pkey) -{ - return pkey->ameth; -} - -EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_new(int id, int flags, - const char *pem_str, const char *info) -{ - EVP_PKEY_ASN1_METHOD *ameth = OPENSSL_zalloc(sizeof(*ameth)); - - if (ameth == NULL) { - ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); - return NULL; - } - - ameth->pkey_id = id; - ameth->pkey_base_id = id; - ameth->pkey_flags = flags | ASN1_PKEY_DYNAMIC; - - if (info) { - ameth->info = OPENSSL_strdup(info); - if (ameth->info == NULL) - goto err; - } - - if (pem_str) { - ameth->pem_str = OPENSSL_strdup(pem_str); - if (ameth->pem_str == NULL) - goto err; - } - - return ameth; - - err: - EVP_PKEY_asn1_free(ameth); - ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); - return NULL; -} - -void EVP_PKEY_asn1_copy(EVP_PKEY_ASN1_METHOD *dst, - const EVP_PKEY_ASN1_METHOD *src) -{ - int pkey_id = dst->pkey_id; - int pkey_base_id = dst->pkey_base_id; - unsigned long pkey_flags = dst->pkey_flags; - char *pem_str = dst->pem_str; - char *info = dst->info; - - *dst = *src; - - /* We only copy the function pointers so restore the other values */ - dst->pkey_id = pkey_id; - dst->pkey_base_id = pkey_base_id; - dst->pkey_flags = pkey_flags; - dst->pem_str = pem_str; - dst->info = info; -} - -void EVP_PKEY_asn1_free(EVP_PKEY_ASN1_METHOD *ameth) -{ - if (ameth && (ameth->pkey_flags & ASN1_PKEY_DYNAMIC)) { - OPENSSL_free(ameth->pem_str); - OPENSSL_free(ameth->info); - OPENSSL_free(ameth); - } -} - -void EVP_PKEY_asn1_set_public(EVP_PKEY_ASN1_METHOD *ameth, - int (*pub_decode) (EVP_PKEY *pk, - const X509_PUBKEY *pub), - int (*pub_encode) (X509_PUBKEY *pub, - const EVP_PKEY *pk), - int (*pub_cmp) (const EVP_PKEY *a, - const EVP_PKEY *b), - int (*pub_print) (BIO *out, - const EVP_PKEY *pkey, - int indent, ASN1_PCTX *pctx), - int (*pkey_size) (const EVP_PKEY *pk), - int (*pkey_bits) (const EVP_PKEY *pk)) -{ - ameth->pub_decode = pub_decode; - ameth->pub_encode = pub_encode; - ameth->pub_cmp = pub_cmp; - ameth->pub_print = pub_print; - ameth->pkey_size = pkey_size; - ameth->pkey_bits = pkey_bits; -} - -void EVP_PKEY_asn1_set_private(EVP_PKEY_ASN1_METHOD *ameth, - int (*priv_decode) (EVP_PKEY *pk, - const PKCS8_PRIV_KEY_INFO - *p8inf), - int (*priv_encode) (PKCS8_PRIV_KEY_INFO *p8, - const EVP_PKEY *pk), - int (*priv_print) (BIO *out, - const EVP_PKEY *pkey, - int indent, - ASN1_PCTX *pctx)) -{ - ameth->priv_decode = priv_decode; - ameth->priv_encode = priv_encode; - ameth->priv_print = priv_print; -} - -void EVP_PKEY_asn1_set_param(EVP_PKEY_ASN1_METHOD *ameth, - int (*param_decode) (EVP_PKEY *pkey, - const unsigned char **pder, - int derlen), - int (*param_encode) (const EVP_PKEY *pkey, - unsigned char **pder), - int (*param_missing) (const EVP_PKEY *pk), - int (*param_copy) (EVP_PKEY *to, - const EVP_PKEY *from), - int (*param_cmp) (const EVP_PKEY *a, - const EVP_PKEY *b), - int (*param_print) (BIO *out, - const EVP_PKEY *pkey, - int indent, ASN1_PCTX *pctx)) -{ - ameth->param_decode = param_decode; - ameth->param_encode = param_encode; - ameth->param_missing = param_missing; - ameth->param_copy = param_copy; - ameth->param_cmp = param_cmp; - ameth->param_print = param_print; -} - -void EVP_PKEY_asn1_set_free(EVP_PKEY_ASN1_METHOD *ameth, - void (*pkey_free) (EVP_PKEY *pkey)) -{ - ameth->pkey_free = pkey_free; -} - -void EVP_PKEY_asn1_set_ctrl(EVP_PKEY_ASN1_METHOD *ameth, - int (*pkey_ctrl) (EVP_PKEY *pkey, int op, - long arg1, void *arg2)) -{ - ameth->pkey_ctrl = pkey_ctrl; -} - -void EVP_PKEY_asn1_set_security_bits(EVP_PKEY_ASN1_METHOD *ameth, - int (*pkey_security_bits) (const EVP_PKEY - *pk)) -{ - ameth->pkey_security_bits = pkey_security_bits; -} - -void EVP_PKEY_asn1_set_item(EVP_PKEY_ASN1_METHOD *ameth, - int (*item_verify) (EVP_MD_CTX *ctx, - const ASN1_ITEM *it, - const void *data, - const X509_ALGOR *a, - const ASN1_BIT_STRING *sig, - EVP_PKEY *pkey), - int (*item_sign) (EVP_MD_CTX *ctx, - const ASN1_ITEM *it, - const void *data, - X509_ALGOR *alg1, - X509_ALGOR *alg2, - ASN1_BIT_STRING *sig)) -{ - ameth->item_sign = item_sign; - ameth->item_verify = item_verify; -} - -void EVP_PKEY_asn1_set_siginf(EVP_PKEY_ASN1_METHOD *ameth, - int (*siginf_set) (X509_SIG_INFO *siginf, - const X509_ALGOR *alg, - const ASN1_STRING *sig)) -{ - ameth->siginf_set = siginf_set; -} - -void EVP_PKEY_asn1_set_check(EVP_PKEY_ASN1_METHOD *ameth, - int (*pkey_check) (const EVP_PKEY *pk)) -{ - ameth->pkey_check = pkey_check; -} - -void EVP_PKEY_asn1_set_public_check(EVP_PKEY_ASN1_METHOD *ameth, - int (*pkey_pub_check) (const EVP_PKEY *pk)) -{ - ameth->pkey_public_check = pkey_pub_check; -} - -void EVP_PKEY_asn1_set_param_check(EVP_PKEY_ASN1_METHOD *ameth, - int (*pkey_param_check) (const EVP_PKEY *pk)) -{ - ameth->pkey_param_check = pkey_param_check; -} - -void EVP_PKEY_asn1_set_set_priv_key(EVP_PKEY_ASN1_METHOD *ameth, - int (*set_priv_key) (EVP_PKEY *pk, - const unsigned char - *priv, - size_t len)) -{ - ameth->set_priv_key = set_priv_key; -} - -void EVP_PKEY_asn1_set_set_pub_key(EVP_PKEY_ASN1_METHOD *ameth, - int (*set_pub_key) (EVP_PKEY *pk, - const unsigned char *pub, - size_t len)) -{ - ameth->set_pub_key = set_pub_key; -} - -void EVP_PKEY_asn1_set_get_priv_key(EVP_PKEY_ASN1_METHOD *ameth, - int (*get_priv_key) (const EVP_PKEY *pk, - unsigned char *priv, - size_t *len)) -{ - ameth->get_priv_key = get_priv_key; -} - -void EVP_PKEY_asn1_set_get_pub_key(EVP_PKEY_ASN1_METHOD *ameth, - int (*get_pub_key) (const EVP_PKEY *pk, - unsigned char *pub, - size_t *len)) -{ - ameth->get_pub_key = get_pub_key; -} diff --git a/crypto/asn1/asn1_err.c b/crypto/asn1/asn1_err.c deleted file mode 100644 index a7b32e3a6e1a8af48bf0c535823b2f9b8eb68225..0000000000000000000000000000000000000000 --- a/crypto/asn1/asn1_err.c +++ /dev/null @@ -1,212 +0,0 @@ -/* - * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include "crypto/asn1err.h" - -#ifndef OPENSSL_NO_ERR - -static const ERR_STRING_DATA ASN1_str_reasons[] = { - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ADDING_OBJECT), "adding object"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ASN1_PARSE_ERROR), "asn1 parse error"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ASN1_SIG_PARSE_ERROR), - "asn1 sig parse error"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_AUX_ERROR), "aux error"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_BAD_OBJECT_HEADER), "bad object header"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_BAD_TEMPLATE), "bad template"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_BMPSTRING_IS_WRONG_LENGTH), - "bmpstring is wrong length"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_BN_LIB), "bn lib"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_BOOLEAN_IS_WRONG_LENGTH), - "boolean is wrong length"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_BUFFER_TOO_SMALL), "buffer too small"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER), - "cipher has no object identifier"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_CONTEXT_NOT_INITIALISED), - "context not initialised"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_DATA_IS_WRONG), "data is wrong"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_DECODE_ERROR), "decode error"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_DEPTH_EXCEEDED), "depth exceeded"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED), - "digest and key type not supported"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ENCODE_ERROR), "encode error"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ERROR_GETTING_TIME), - "error getting time"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ERROR_LOADING_SECTION), - "error loading section"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ERROR_SETTING_CIPHER_PARAMS), - "error setting cipher params"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_EXPECTING_AN_INTEGER), - "expecting an integer"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_EXPECTING_AN_OBJECT), - "expecting an object"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_EXPLICIT_LENGTH_MISMATCH), - "explicit length mismatch"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED), - "explicit tag not constructed"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_FIELD_MISSING), "field missing"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_FIRST_NUM_TOO_LARGE), - "first num too large"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_HEADER_TOO_LONG), "header too long"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_BITSTRING_FORMAT), - "illegal bitstring format"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_BOOLEAN), "illegal boolean"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_CHARACTERS), - "illegal characters"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_FORMAT), "illegal format"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_HEX), "illegal hex"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_IMPLICIT_TAG), - "illegal implicit tag"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_INTEGER), "illegal integer"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_NEGATIVE_VALUE), - "illegal negative value"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_NESTED_TAGGING), - "illegal nested tagging"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_NULL), "illegal null"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_NULL_VALUE), - "illegal null value"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_OBJECT), "illegal object"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_OPTIONAL_ANY), - "illegal optional any"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE), - "illegal options on item template"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_PADDING), "illegal padding"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_TAGGED_ANY), - "illegal tagged any"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_TIME_VALUE), - "illegal time value"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_ZERO_CONTENT), - "illegal zero content"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INTEGER_NOT_ASCII_FORMAT), - "integer not ascii format"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG), - "integer too large for long"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INVALID_BIT_STRING_BITS_LEFT), - "invalid bit string bits left"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INVALID_BMPSTRING_LENGTH), - "invalid bmpstring length"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INVALID_DIGIT), "invalid digit"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INVALID_MIME_TYPE), "invalid mime type"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INVALID_MODIFIER), "invalid modifier"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INVALID_NUMBER), "invalid number"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INVALID_OBJECT_ENCODING), - "invalid object encoding"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INVALID_SCRYPT_PARAMETERS), - "invalid scrypt parameters"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INVALID_SEPARATOR), "invalid separator"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INVALID_STRING_TABLE_VALUE), - "invalid string table value"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INVALID_UNIVERSALSTRING_LENGTH), - "invalid universalstring length"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INVALID_UTF8STRING), - "invalid utf8string"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INVALID_VALUE), "invalid value"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_LENGTH_TOO_LONG), "length too long"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_LIST_ERROR), "list error"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_MIME_NO_CONTENT_TYPE), - "mime no content type"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_MIME_PARSE_ERROR), "mime parse error"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_MIME_SIG_PARSE_ERROR), - "mime sig parse error"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_MISSING_EOC), "missing eoc"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_MISSING_SECOND_NUMBER), - "missing second number"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_MISSING_VALUE), "missing value"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_MSTRING_NOT_UNIVERSAL), - "mstring not universal"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_MSTRING_WRONG_TAG), "mstring wrong tag"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_NESTED_ASN1_STRING), - "nested asn1 string"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_NESTED_TOO_DEEP), "nested too deep"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_NON_HEX_CHARACTERS), - "non hex characters"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_NOT_ASCII_FORMAT), "not ascii format"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_NOT_ENOUGH_DATA), "not enough data"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_NO_CONTENT_TYPE), "no content type"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_NO_MATCHING_CHOICE_TYPE), - "no matching choice type"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_NO_MULTIPART_BODY_FAILURE), - "no multipart body failure"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_NO_MULTIPART_BOUNDARY), - "no multipart boundary"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_NO_SIG_CONTENT_TYPE), - "no sig content type"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_NULL_IS_WRONG_LENGTH), - "null is wrong length"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_OBJECT_NOT_ASCII_FORMAT), - "object not ascii format"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ODD_NUMBER_OF_CHARS), - "odd number of chars"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_SECOND_NUMBER_TOO_LARGE), - "second number too large"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_SEQUENCE_LENGTH_MISMATCH), - "sequence length mismatch"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_SEQUENCE_NOT_CONSTRUCTED), - "sequence not constructed"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG), - "sequence or set needs config"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_SHORT_LINE), "short line"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_SIG_INVALID_MIME_TYPE), - "sig invalid mime type"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_STREAMING_NOT_SUPPORTED), - "streaming not supported"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_STRING_TOO_LONG), "string too long"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_STRING_TOO_SHORT), "string too short"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD), - "the asn1 object identifier is not known for this md"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_TIME_NOT_ASCII_FORMAT), - "time not ascii format"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_TOO_LARGE), "too large"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_TOO_LONG), "too long"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_TOO_SMALL), "too small"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_TYPE_NOT_CONSTRUCTED), - "type not constructed"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_TYPE_NOT_PRIMITIVE), - "type not primitive"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNEXPECTED_EOC), "unexpected eoc"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH), - "universalstring is wrong length"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNKNOWN_DIGEST), "unknown digest"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNKNOWN_FORMAT), "unknown format"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM), - "unknown message digest algorithm"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNKNOWN_OBJECT_TYPE), - "unknown object type"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE), - "unknown public key type"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM), - "unknown signature algorithm"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNKNOWN_TAG), "unknown tag"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE), - "unsupported any defined by type"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNSUPPORTED_CIPHER), - "unsupported cipher"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE), - "unsupported public key type"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNSUPPORTED_TYPE), "unsupported type"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_WRONG_INTEGER_TYPE), - "wrong integer type"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_WRONG_PUBLIC_KEY_TYPE), - "wrong public key type"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_WRONG_TAG), "wrong tag"}, - {0, NULL} -}; - -#endif - -int ossl_err_load_ASN1_strings(void) -{ -#ifndef OPENSSL_NO_ERR - if (ERR_reason_error_string(ASN1_str_reasons[0].error) == NULL) - ERR_load_strings_const(ASN1_str_reasons); -#endif - return 1; -} diff --git a/crypto/asn1/asn1_gen.c b/crypto/asn1/asn1_gen.c deleted file mode 100644 index 64620a4f28a7f6c9762c8cefa6a530f5feeb1eec..0000000000000000000000000000000000000000 --- a/crypto/asn1/asn1_gen.c +++ /dev/null @@ -1,786 +0,0 @@ -/* - * Copyright 2002-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include "internal/cryptlib.h" -#include -#include - -#define ASN1_GEN_FLAG 0x10000 -#define ASN1_GEN_FLAG_IMP (ASN1_GEN_FLAG|1) -#define ASN1_GEN_FLAG_EXP (ASN1_GEN_FLAG|2) -#define ASN1_GEN_FLAG_TAG (ASN1_GEN_FLAG|3) -#define ASN1_GEN_FLAG_BITWRAP (ASN1_GEN_FLAG|4) -#define ASN1_GEN_FLAG_OCTWRAP (ASN1_GEN_FLAG|5) -#define ASN1_GEN_FLAG_SEQWRAP (ASN1_GEN_FLAG|6) -#define ASN1_GEN_FLAG_SETWRAP (ASN1_GEN_FLAG|7) -#define ASN1_GEN_FLAG_FORMAT (ASN1_GEN_FLAG|8) - -#define ASN1_GEN_STR(str,val) {str, sizeof(str) - 1, val} - -#define ASN1_FLAG_EXP_MAX 20 -/* Maximum number of nested sequences */ -#define ASN1_GEN_SEQ_MAX_DEPTH 50 - -/* Input formats */ - -/* ASCII: default */ -#define ASN1_GEN_FORMAT_ASCII 1 -/* UTF8 */ -#define ASN1_GEN_FORMAT_UTF8 2 -/* Hex */ -#define ASN1_GEN_FORMAT_HEX 3 -/* List of bits */ -#define ASN1_GEN_FORMAT_BITLIST 4 - -struct tag_name_st { - const char *strnam; - int len; - int tag; -}; - -typedef struct { - int exp_tag; - int exp_class; - int exp_constructed; - int exp_pad; - long exp_len; -} tag_exp_type; - -typedef struct { - int imp_tag; - int imp_class; - int utype; - int format; - const char *str; - tag_exp_type exp_list[ASN1_FLAG_EXP_MAX]; - int exp_count; -} tag_exp_arg; - -static ASN1_TYPE *generate_v3(const char *str, X509V3_CTX *cnf, int depth, - int *perr); -static int bitstr_cb(const char *elem, int len, void *bitstr); -static int asn1_cb(const char *elem, int len, void *bitstr); -static int append_exp(tag_exp_arg *arg, int exp_tag, int exp_class, - int exp_constructed, int exp_pad, int imp_ok); -static int parse_tagging(const char *vstart, int vlen, int *ptag, - int *pclass); -static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf, - int depth, int *perr); -static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype); -static int asn1_str2tag(const char *tagstr, int len); - -ASN1_TYPE *ASN1_generate_nconf(const char *str, CONF *nconf) -{ - X509V3_CTX cnf; - - if (!nconf) - return ASN1_generate_v3(str, NULL); - - X509V3_set_nconf(&cnf, nconf); - return ASN1_generate_v3(str, &cnf); -} - -ASN1_TYPE *ASN1_generate_v3(const char *str, X509V3_CTX *cnf) -{ - int err = 0; - ASN1_TYPE *ret = generate_v3(str, cnf, 0, &err); - if (err) - ERR_raise(ERR_LIB_ASN1, err); - return ret; -} - -static ASN1_TYPE *generate_v3(const char *str, X509V3_CTX *cnf, int depth, - int *perr) -{ - ASN1_TYPE *ret; - tag_exp_arg asn1_tags; - tag_exp_type *etmp; - - int i, len; - - unsigned char *orig_der = NULL, *new_der = NULL; - const unsigned char *cpy_start; - unsigned char *p; - const unsigned char *cp; - int cpy_len; - long hdr_len = 0; - int hdr_constructed = 0, hdr_tag, hdr_class; - int r; - - asn1_tags.imp_tag = -1; - asn1_tags.imp_class = -1; - asn1_tags.format = ASN1_GEN_FORMAT_ASCII; - asn1_tags.exp_count = 0; - if (CONF_parse_list(str, ',', 1, asn1_cb, &asn1_tags) != 0) { - *perr = ASN1_R_UNKNOWN_TAG; - return NULL; - } - - if ((asn1_tags.utype == V_ASN1_SEQUENCE) - || (asn1_tags.utype == V_ASN1_SET)) { - if (!cnf) { - *perr = ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG; - return NULL; - } - if (depth >= ASN1_GEN_SEQ_MAX_DEPTH) { - *perr = ASN1_R_ILLEGAL_NESTED_TAGGING; - return NULL; - } - ret = asn1_multi(asn1_tags.utype, asn1_tags.str, cnf, depth, perr); - } else - ret = asn1_str2type(asn1_tags.str, asn1_tags.format, asn1_tags.utype); - - if (!ret) - return NULL; - - /* If no tagging return base type */ - if ((asn1_tags.imp_tag == -1) && (asn1_tags.exp_count == 0)) - return ret; - - /* Generate the encoding */ - cpy_len = i2d_ASN1_TYPE(ret, &orig_der); - ASN1_TYPE_free(ret); - ret = NULL; - /* Set point to start copying for modified encoding */ - cpy_start = orig_der; - - /* Do we need IMPLICIT tagging? */ - if (asn1_tags.imp_tag != -1) { - /* If IMPLICIT we will replace the underlying tag */ - /* Skip existing tag+len */ - r = ASN1_get_object(&cpy_start, &hdr_len, &hdr_tag, &hdr_class, - cpy_len); - if (r & 0x80) - goto err; - /* Update copy length */ - cpy_len -= cpy_start - orig_der; - /* - * For IMPLICIT tagging the length should match the original length - * and constructed flag should be consistent. - */ - if (r & 0x1) { - /* Indefinite length constructed */ - hdr_constructed = 2; - hdr_len = 0; - } else - /* Just retain constructed flag */ - hdr_constructed = r & V_ASN1_CONSTRUCTED; - /* - * Work out new length with IMPLICIT tag: ignore constructed because - * it will mess up if indefinite length - */ - len = ASN1_object_size(0, hdr_len, asn1_tags.imp_tag); - } else - len = cpy_len; - - /* Work out length in any EXPLICIT, starting from end */ - - for (i = 0, etmp = asn1_tags.exp_list + asn1_tags.exp_count - 1; - i < asn1_tags.exp_count; i++, etmp--) { - /* Content length: number of content octets + any padding */ - len += etmp->exp_pad; - etmp->exp_len = len; - /* Total object length: length including new header */ - len = ASN1_object_size(0, len, etmp->exp_tag); - } - - /* Allocate buffer for new encoding */ - - new_der = OPENSSL_malloc(len); - if (new_der == NULL) - goto err; - - /* Generate tagged encoding */ - - p = new_der; - - /* Output explicit tags first */ - - for (i = 0, etmp = asn1_tags.exp_list; i < asn1_tags.exp_count; - i++, etmp++) { - ASN1_put_object(&p, etmp->exp_constructed, etmp->exp_len, - etmp->exp_tag, etmp->exp_class); - if (etmp->exp_pad) - *p++ = 0; - } - - /* If IMPLICIT, output tag */ - - if (asn1_tags.imp_tag != -1) { - if (asn1_tags.imp_class == V_ASN1_UNIVERSAL - && (asn1_tags.imp_tag == V_ASN1_SEQUENCE - || asn1_tags.imp_tag == V_ASN1_SET)) - hdr_constructed = V_ASN1_CONSTRUCTED; - ASN1_put_object(&p, hdr_constructed, hdr_len, - asn1_tags.imp_tag, asn1_tags.imp_class); - } - - /* Copy across original encoding */ - memcpy(p, cpy_start, cpy_len); - - cp = new_der; - - /* Obtain new ASN1_TYPE structure */ - ret = d2i_ASN1_TYPE(NULL, &cp, len); - - err: - OPENSSL_free(orig_der); - OPENSSL_free(new_der); - - return ret; - -} - -static int asn1_cb(const char *elem, int len, void *bitstr) -{ - tag_exp_arg *arg = bitstr; - int i; - int utype; - int vlen = 0; - const char *p, *vstart = NULL; - - int tmp_tag, tmp_class; - - if (elem == NULL) - return -1; - - for (i = 0, p = elem; i < len; p++, i++) { - /* Look for the ':' in name value pairs */ - if (*p == ':') { - vstart = p + 1; - vlen = len - (vstart - elem); - len = p - elem; - break; - } - } - - utype = asn1_str2tag(elem, len); - - if (utype == -1) { - ERR_raise_data(ERR_LIB_ASN1, ASN1_R_UNKNOWN_TAG, "tag=%s", elem); - return -1; - } - - /* If this is not a modifier mark end of string and exit */ - if (!(utype & ASN1_GEN_FLAG)) { - arg->utype = utype; - arg->str = vstart; - /* If no value and not end of string, error */ - if (!vstart && elem[len]) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_MISSING_VALUE); - return -1; - } - return 0; - } - - switch (utype) { - - case ASN1_GEN_FLAG_IMP: - /* Check for illegal multiple IMPLICIT tagging */ - if (arg->imp_tag != -1) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_ILLEGAL_NESTED_TAGGING); - return -1; - } - if (!parse_tagging(vstart, vlen, &arg->imp_tag, &arg->imp_class)) - return -1; - break; - - case ASN1_GEN_FLAG_EXP: - - if (!parse_tagging(vstart, vlen, &tmp_tag, &tmp_class)) - return -1; - if (!append_exp(arg, tmp_tag, tmp_class, 1, 0, 0)) - return -1; - break; - - case ASN1_GEN_FLAG_SEQWRAP: - if (!append_exp(arg, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, 1, 0, 1)) - return -1; - break; - - case ASN1_GEN_FLAG_SETWRAP: - if (!append_exp(arg, V_ASN1_SET, V_ASN1_UNIVERSAL, 1, 0, 1)) - return -1; - break; - - case ASN1_GEN_FLAG_BITWRAP: - if (!append_exp(arg, V_ASN1_BIT_STRING, V_ASN1_UNIVERSAL, 0, 1, 1)) - return -1; - break; - - case ASN1_GEN_FLAG_OCTWRAP: - if (!append_exp(arg, V_ASN1_OCTET_STRING, V_ASN1_UNIVERSAL, 0, 0, 1)) - return -1; - break; - - case ASN1_GEN_FLAG_FORMAT: - if (!vstart) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_UNKNOWN_FORMAT); - return -1; - } - if (strncmp(vstart, "ASCII", 5) == 0) - arg->format = ASN1_GEN_FORMAT_ASCII; - else if (strncmp(vstart, "UTF8", 4) == 0) - arg->format = ASN1_GEN_FORMAT_UTF8; - else if (strncmp(vstart, "HEX", 3) == 0) - arg->format = ASN1_GEN_FORMAT_HEX; - else if (strncmp(vstart, "BITLIST", 7) == 0) - arg->format = ASN1_GEN_FORMAT_BITLIST; - else { - ERR_raise(ERR_LIB_ASN1, ASN1_R_UNKNOWN_FORMAT); - return -1; - } - break; - - } - - return 1; - -} - -static int parse_tagging(const char *vstart, int vlen, int *ptag, int *pclass) -{ - long tag_num; - char *eptr; - if (!vstart) - return 0; - tag_num = strtoul(vstart, &eptr, 10); - /* Check we haven't gone past max length: should be impossible */ - if (eptr && *eptr && (eptr > vstart + vlen)) - return 0; - if (tag_num < 0) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_INVALID_NUMBER); - return 0; - } - *ptag = tag_num; - /* If we have non numeric characters, parse them */ - if (eptr) - vlen -= eptr - vstart; - else - vlen = 0; - if (vlen) { - switch (*eptr) { - - case 'U': - *pclass = V_ASN1_UNIVERSAL; - break; - - case 'A': - *pclass = V_ASN1_APPLICATION; - break; - - case 'P': - *pclass = V_ASN1_PRIVATE; - break; - - case 'C': - *pclass = V_ASN1_CONTEXT_SPECIFIC; - break; - - default: - ERR_raise_data(ERR_LIB_ASN1, ASN1_R_INVALID_MODIFIER, - "Char=%c", *eptr); - return 0; - - } - } else - *pclass = V_ASN1_CONTEXT_SPECIFIC; - - return 1; - -} - -/* Handle multiple types: SET and SEQUENCE */ - -static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf, - int depth, int *perr) -{ - ASN1_TYPE *ret = NULL; - STACK_OF(ASN1_TYPE) *sk = NULL; - STACK_OF(CONF_VALUE) *sect = NULL; - unsigned char *der = NULL; - int derlen; - int i; - sk = sk_ASN1_TYPE_new_null(); - if (!sk) - goto bad; - if (section) { - if (!cnf) - goto bad; - sect = X509V3_get_section(cnf, (char *)section); - if (!sect) - goto bad; - for (i = 0; i < sk_CONF_VALUE_num(sect); i++) { - ASN1_TYPE *typ = - generate_v3(sk_CONF_VALUE_value(sect, i)->value, cnf, - depth + 1, perr); - if (!typ) - goto bad; - if (!sk_ASN1_TYPE_push(sk, typ)) - goto bad; - } - } - - /* - * Now we has a STACK of the components, convert to the correct form - */ - - if (utype == V_ASN1_SET) - derlen = i2d_ASN1_SET_ANY(sk, &der); - else - derlen = i2d_ASN1_SEQUENCE_ANY(sk, &der); - - if (derlen < 0) - goto bad; - if ((ret = ASN1_TYPE_new()) == NULL) - goto bad; - if ((ret->value.asn1_string = ASN1_STRING_type_new(utype)) == NULL) - goto bad; - - ret->type = utype; - ret->value.asn1_string->data = der; - ret->value.asn1_string->length = derlen; - - der = NULL; - - bad: - - OPENSSL_free(der); - - sk_ASN1_TYPE_pop_free(sk, ASN1_TYPE_free); - X509V3_section_free(cnf, sect); - - return ret; -} - -static int append_exp(tag_exp_arg *arg, int exp_tag, int exp_class, - int exp_constructed, int exp_pad, int imp_ok) -{ - tag_exp_type *exp_tmp; - /* Can only have IMPLICIT if permitted */ - if ((arg->imp_tag != -1) && !imp_ok) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_ILLEGAL_IMPLICIT_TAG); - return 0; - } - - if (arg->exp_count == ASN1_FLAG_EXP_MAX) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_DEPTH_EXCEEDED); - return 0; - } - - exp_tmp = &arg->exp_list[arg->exp_count++]; - - /* - * If IMPLICIT set tag to implicit value then reset implicit tag since it - * has been used. - */ - if (arg->imp_tag != -1) { - exp_tmp->exp_tag = arg->imp_tag; - exp_tmp->exp_class = arg->imp_class; - arg->imp_tag = -1; - arg->imp_class = -1; - } else { - exp_tmp->exp_tag = exp_tag; - exp_tmp->exp_class = exp_class; - } - exp_tmp->exp_constructed = exp_constructed; - exp_tmp->exp_pad = exp_pad; - - return 1; -} - -static int asn1_str2tag(const char *tagstr, int len) -{ - unsigned int i; - static const struct tag_name_st *tntmp, tnst[] = { - ASN1_GEN_STR("BOOL", V_ASN1_BOOLEAN), - ASN1_GEN_STR("BOOLEAN", V_ASN1_BOOLEAN), - ASN1_GEN_STR("NULL", V_ASN1_NULL), - ASN1_GEN_STR("INT", V_ASN1_INTEGER), - ASN1_GEN_STR("INTEGER", V_ASN1_INTEGER), - ASN1_GEN_STR("ENUM", V_ASN1_ENUMERATED), - ASN1_GEN_STR("ENUMERATED", V_ASN1_ENUMERATED), - ASN1_GEN_STR("OID", V_ASN1_OBJECT), - ASN1_GEN_STR("OBJECT", V_ASN1_OBJECT), - ASN1_GEN_STR("UTCTIME", V_ASN1_UTCTIME), - ASN1_GEN_STR("UTC", V_ASN1_UTCTIME), - ASN1_GEN_STR("GENERALIZEDTIME", V_ASN1_GENERALIZEDTIME), - ASN1_GEN_STR("GENTIME", V_ASN1_GENERALIZEDTIME), - ASN1_GEN_STR("OCT", V_ASN1_OCTET_STRING), - ASN1_GEN_STR("OCTETSTRING", V_ASN1_OCTET_STRING), - ASN1_GEN_STR("BITSTR", V_ASN1_BIT_STRING), - ASN1_GEN_STR("BITSTRING", V_ASN1_BIT_STRING), - ASN1_GEN_STR("UNIVERSALSTRING", V_ASN1_UNIVERSALSTRING), - ASN1_GEN_STR("UNIV", V_ASN1_UNIVERSALSTRING), - ASN1_GEN_STR("IA5", V_ASN1_IA5STRING), - ASN1_GEN_STR("IA5STRING", V_ASN1_IA5STRING), - ASN1_GEN_STR("UTF8", V_ASN1_UTF8STRING), - ASN1_GEN_STR("UTF8String", V_ASN1_UTF8STRING), - ASN1_GEN_STR("BMP", V_ASN1_BMPSTRING), - ASN1_GEN_STR("BMPSTRING", V_ASN1_BMPSTRING), - ASN1_GEN_STR("VISIBLESTRING", V_ASN1_VISIBLESTRING), - ASN1_GEN_STR("VISIBLE", V_ASN1_VISIBLESTRING), - ASN1_GEN_STR("PRINTABLESTRING", V_ASN1_PRINTABLESTRING), - ASN1_GEN_STR("PRINTABLE", V_ASN1_PRINTABLESTRING), - ASN1_GEN_STR("T61", V_ASN1_T61STRING), - ASN1_GEN_STR("T61STRING", V_ASN1_T61STRING), - ASN1_GEN_STR("TELETEXSTRING", V_ASN1_T61STRING), - ASN1_GEN_STR("GeneralString", V_ASN1_GENERALSTRING), - ASN1_GEN_STR("GENSTR", V_ASN1_GENERALSTRING), - ASN1_GEN_STR("NUMERIC", V_ASN1_NUMERICSTRING), - ASN1_GEN_STR("NUMERICSTRING", V_ASN1_NUMERICSTRING), - - /* Special cases */ - ASN1_GEN_STR("SEQUENCE", V_ASN1_SEQUENCE), - ASN1_GEN_STR("SEQ", V_ASN1_SEQUENCE), - ASN1_GEN_STR("SET", V_ASN1_SET), - /* type modifiers */ - /* Explicit tag */ - ASN1_GEN_STR("EXP", ASN1_GEN_FLAG_EXP), - ASN1_GEN_STR("EXPLICIT", ASN1_GEN_FLAG_EXP), - /* Implicit tag */ - ASN1_GEN_STR("IMP", ASN1_GEN_FLAG_IMP), - ASN1_GEN_STR("IMPLICIT", ASN1_GEN_FLAG_IMP), - /* OCTET STRING wrapper */ - ASN1_GEN_STR("OCTWRAP", ASN1_GEN_FLAG_OCTWRAP), - /* SEQUENCE wrapper */ - ASN1_GEN_STR("SEQWRAP", ASN1_GEN_FLAG_SEQWRAP), - /* SET wrapper */ - ASN1_GEN_STR("SETWRAP", ASN1_GEN_FLAG_SETWRAP), - /* BIT STRING wrapper */ - ASN1_GEN_STR("BITWRAP", ASN1_GEN_FLAG_BITWRAP), - ASN1_GEN_STR("FORM", ASN1_GEN_FLAG_FORMAT), - ASN1_GEN_STR("FORMAT", ASN1_GEN_FLAG_FORMAT), - }; - - if (len == -1) - len = strlen(tagstr); - - tntmp = tnst; - for (i = 0; i < OSSL_NELEM(tnst); i++, tntmp++) { - if ((len == tntmp->len) - && (OPENSSL_strncasecmp(tntmp->strnam, tagstr, len) == 0)) - return tntmp->tag; - } - - return -1; -} - -static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype) -{ - ASN1_TYPE *atmp = NULL; - CONF_VALUE vtmp; - unsigned char *rdata; - long rdlen; - int no_unused = 1; - - if ((atmp = ASN1_TYPE_new()) == NULL) { - ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); - return NULL; - } - - if (!str) - str = ""; - - switch (utype) { - - case V_ASN1_NULL: - if (str && *str) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_ILLEGAL_NULL_VALUE); - goto bad_form; - } - break; - - case V_ASN1_BOOLEAN: - if (format != ASN1_GEN_FORMAT_ASCII) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_NOT_ASCII_FORMAT); - goto bad_form; - } - vtmp.name = NULL; - vtmp.section = NULL; - vtmp.value = (char *)str; - if (!X509V3_get_value_bool(&vtmp, &atmp->value.boolean)) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_ILLEGAL_BOOLEAN); - goto bad_str; - } - break; - - case V_ASN1_INTEGER: - case V_ASN1_ENUMERATED: - if (format != ASN1_GEN_FORMAT_ASCII) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_INTEGER_NOT_ASCII_FORMAT); - goto bad_form; - } - if ((atmp->value.integer - = s2i_ASN1_INTEGER(NULL, str)) == NULL) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_ILLEGAL_INTEGER); - goto bad_str; - } - break; - - case V_ASN1_OBJECT: - if (format != ASN1_GEN_FORMAT_ASCII) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_OBJECT_NOT_ASCII_FORMAT); - goto bad_form; - } - if ((atmp->value.object = OBJ_txt2obj(str, 0)) == NULL) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_ILLEGAL_OBJECT); - goto bad_str; - } - break; - - case V_ASN1_UTCTIME: - case V_ASN1_GENERALIZEDTIME: - if (format != ASN1_GEN_FORMAT_ASCII) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_TIME_NOT_ASCII_FORMAT); - goto bad_form; - } - if ((atmp->value.asn1_string = ASN1_STRING_new()) == NULL) { - ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); - goto bad_str; - } - if (!ASN1_STRING_set(atmp->value.asn1_string, str, -1)) { - ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); - goto bad_str; - } - atmp->value.asn1_string->type = utype; - if (!ASN1_TIME_check(atmp->value.asn1_string)) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_ILLEGAL_TIME_VALUE); - goto bad_str; - } - - break; - - case V_ASN1_BMPSTRING: - case V_ASN1_PRINTABLESTRING: - case V_ASN1_IA5STRING: - case V_ASN1_T61STRING: - case V_ASN1_UTF8STRING: - case V_ASN1_VISIBLESTRING: - case V_ASN1_UNIVERSALSTRING: - case V_ASN1_GENERALSTRING: - case V_ASN1_NUMERICSTRING: - if (format == ASN1_GEN_FORMAT_ASCII) - format = MBSTRING_ASC; - else if (format == ASN1_GEN_FORMAT_UTF8) - format = MBSTRING_UTF8; - else { - ERR_raise(ERR_LIB_ASN1, ASN1_R_ILLEGAL_FORMAT); - goto bad_form; - } - - if (ASN1_mbstring_copy(&atmp->value.asn1_string, (unsigned char *)str, - -1, format, ASN1_tag2bit(utype)) <= 0) { - ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); - goto bad_str; - } - - break; - - case V_ASN1_BIT_STRING: - case V_ASN1_OCTET_STRING: - if ((atmp->value.asn1_string = ASN1_STRING_new()) == NULL) { - ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); - goto bad_form; - } - - if (format == ASN1_GEN_FORMAT_HEX) { - if ((rdata = OPENSSL_hexstr2buf(str, &rdlen)) == NULL) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_ILLEGAL_HEX); - goto bad_str; - } - atmp->value.asn1_string->data = rdata; - atmp->value.asn1_string->length = rdlen; - atmp->value.asn1_string->type = utype; - } else if (format == ASN1_GEN_FORMAT_ASCII) - ASN1_STRING_set(atmp->value.asn1_string, str, -1); - else if ((format == ASN1_GEN_FORMAT_BITLIST) - && (utype == V_ASN1_BIT_STRING)) { - if (!CONF_parse_list - (str, ',', 1, bitstr_cb, atmp->value.bit_string)) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_LIST_ERROR); - goto bad_str; - } - no_unused = 0; - - } else { - ERR_raise(ERR_LIB_ASN1, ASN1_R_ILLEGAL_BITSTRING_FORMAT); - goto bad_form; - } - - if ((utype == V_ASN1_BIT_STRING) && no_unused) { - atmp->value.asn1_string->flags - &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); - atmp->value.asn1_string->flags |= ASN1_STRING_FLAG_BITS_LEFT; - } - - break; - - default: - ERR_raise(ERR_LIB_ASN1, ASN1_R_UNSUPPORTED_TYPE); - goto bad_str; - } - - atmp->type = utype; - return atmp; - - bad_str: - ERR_add_error_data(2, "string=", str); - bad_form: - - ASN1_TYPE_free(atmp); - return NULL; - -} - -static int bitstr_cb(const char *elem, int len, void *bitstr) -{ - long bitnum; - char *eptr; - if (!elem) - return 0; - bitnum = strtoul(elem, &eptr, 10); - if (eptr && *eptr && (eptr != elem + len)) - return 0; - if (bitnum < 0) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_INVALID_NUMBER); - return 0; - } - if (!ASN1_BIT_STRING_set_bit(bitstr, bitnum, 1)) { - ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); - return 0; - } - return 1; -} - -static int mask_cb(const char *elem, int len, void *arg) -{ - unsigned long *pmask = arg, tmpmask; - int tag; - if (elem == NULL) - return 0; - if ((len == 3) && (strncmp(elem, "DIR", 3) == 0)) { - *pmask |= B_ASN1_DIRECTORYSTRING; - return 1; - } - tag = asn1_str2tag(elem, len); - if (!tag || (tag & ASN1_GEN_FLAG)) - return 0; - tmpmask = ASN1_tag2bit(tag); - if (!tmpmask) - return 0; - *pmask |= tmpmask; - return 1; -} - -int ASN1_str2mask(const char *str, unsigned long *pmask) -{ - *pmask = 0; - return CONF_parse_list(str, '|', 1, mask_cb, pmask); -} diff --git a/crypto/asn1/asn1_item_list.c b/crypto/asn1/asn1_item_list.c deleted file mode 100644 index b5a83ba8914b96a7eb6f0d0d32a77c339ec8e782..0000000000000000000000000000000000000000 --- a/crypto/asn1/asn1_item_list.c +++ /dev/null @@ -1,45 +0,0 @@ -/* - * Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* We need to use the low level ASN1 items until they are removed */ -#define OPENSSL_SUPPRESS_DEPRECATED - -#include -#include "internal/cryptlib.h" -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include "asn1_item_list.h" - -const ASN1_ITEM *ASN1_ITEM_lookup(const char *name) -{ - size_t i; - - for (i = 0; i < OSSL_NELEM(asn1_item_list); i++) { - const ASN1_ITEM *it = ASN1_ITEM_ptr(asn1_item_list[i]); - - if (strcmp(it->sname, name) == 0) - return it; - } - return NULL; -} - -const ASN1_ITEM *ASN1_ITEM_get(size_t i) -{ - if (i >= OSSL_NELEM(asn1_item_list)) - return NULL; - return ASN1_ITEM_ptr(asn1_item_list[i]); -} diff --git a/crypto/asn1/asn1_item_list.h b/crypto/asn1/asn1_item_list.h deleted file mode 100644 index 1432012b7c7c3d7baf15747b031226a2fdc6e106..0000000000000000000000000000000000000000 --- a/crypto/asn1/asn1_item_list.h +++ /dev/null @@ -1,181 +0,0 @@ -/* - * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -static ASN1_ITEM_EXP *asn1_item_list[] = { - - ASN1_ITEM_ref(ACCESS_DESCRIPTION), -#ifndef OPENSSL_NO_RFC3779 - ASN1_ITEM_ref(ASIdOrRange), - ASN1_ITEM_ref(ASIdentifierChoice), - ASN1_ITEM_ref(ASIdentifiers), -#endif - ASN1_ITEM_ref(ASN1_ANY), - ASN1_ITEM_ref(ASN1_BIT_STRING), - ASN1_ITEM_ref(ASN1_BMPSTRING), - ASN1_ITEM_ref(ASN1_BOOLEAN), - ASN1_ITEM_ref(ASN1_ENUMERATED), - ASN1_ITEM_ref(ASN1_FBOOLEAN), - ASN1_ITEM_ref(ASN1_GENERALIZEDTIME), - ASN1_ITEM_ref(ASN1_GENERALSTRING), - ASN1_ITEM_ref(ASN1_IA5STRING), - ASN1_ITEM_ref(ASN1_INTEGER), - ASN1_ITEM_ref(ASN1_NULL), - ASN1_ITEM_ref(ASN1_OBJECT), - ASN1_ITEM_ref(ASN1_OCTET_STRING_NDEF), - ASN1_ITEM_ref(ASN1_OCTET_STRING), - ASN1_ITEM_ref(ASN1_PRINTABLESTRING), - ASN1_ITEM_ref(ASN1_PRINTABLE), - ASN1_ITEM_ref(ASN1_SEQUENCE_ANY), - ASN1_ITEM_ref(ASN1_SEQUENCE), - ASN1_ITEM_ref(ASN1_SET_ANY), - ASN1_ITEM_ref(ASN1_T61STRING), - ASN1_ITEM_ref(ASN1_TBOOLEAN), - ASN1_ITEM_ref(ASN1_TIME), - ASN1_ITEM_ref(ASN1_UNIVERSALSTRING), - ASN1_ITEM_ref(ASN1_UTCTIME), - ASN1_ITEM_ref(ASN1_UTF8STRING), - ASN1_ITEM_ref(ASN1_VISIBLESTRING), -#ifndef OPENSSL_NO_RFC3779 - ASN1_ITEM_ref(ASRange), -#endif - ASN1_ITEM_ref(AUTHORITY_INFO_ACCESS), - ASN1_ITEM_ref(AUTHORITY_KEYID), - ASN1_ITEM_ref(BASIC_CONSTRAINTS), - ASN1_ITEM_ref(BIGNUM), - ASN1_ITEM_ref(CBIGNUM), - ASN1_ITEM_ref(CERTIFICATEPOLICIES), -#ifndef OPENSSL_NO_CMS - ASN1_ITEM_ref(CMS_ContentInfo), - ASN1_ITEM_ref(CMS_ReceiptRequest), -#endif - ASN1_ITEM_ref(CRL_DIST_POINTS), -#ifndef OPENSSL_NO_DH - ASN1_ITEM_ref(DHparams), -#endif - ASN1_ITEM_ref(DIRECTORYSTRING), - ASN1_ITEM_ref(DISPLAYTEXT), - ASN1_ITEM_ref(DIST_POINT_NAME), - ASN1_ITEM_ref(DIST_POINT), -#ifndef OPENSSL_NO_EC -# ifndef OPENSSL_NO_DEPRECATED_3_0 - ASN1_ITEM_ref(ECPARAMETERS), - ASN1_ITEM_ref(ECPKPARAMETERS), -# endif -#endif - ASN1_ITEM_ref(EDIPARTYNAME), - ASN1_ITEM_ref(EXTENDED_KEY_USAGE), - ASN1_ITEM_ref(GENERAL_NAMES), - ASN1_ITEM_ref(GENERAL_NAME), - ASN1_ITEM_ref(GENERAL_SUBTREE), -#ifndef OPENSSL_NO_RFC3779 - ASN1_ITEM_ref(IPAddressChoice), - ASN1_ITEM_ref(IPAddressFamily), - ASN1_ITEM_ref(IPAddressOrRange), - ASN1_ITEM_ref(IPAddressRange), -#endif - ASN1_ITEM_ref(ISSUING_DIST_POINT), -#ifndef OPENSSL_NO_DEPRECATED_3_0 - ASN1_ITEM_ref(LONG), -#endif - ASN1_ITEM_ref(NAME_CONSTRAINTS), - ASN1_ITEM_ref(NETSCAPE_CERT_SEQUENCE), - ASN1_ITEM_ref(NETSCAPE_SPKAC), - ASN1_ITEM_ref(NETSCAPE_SPKI), - ASN1_ITEM_ref(NOTICEREF), -#ifndef OPENSSL_NO_OCSP - ASN1_ITEM_ref(OCSP_BASICRESP), - ASN1_ITEM_ref(OCSP_CERTID), - ASN1_ITEM_ref(OCSP_CERTSTATUS), - ASN1_ITEM_ref(OCSP_CRLID), - ASN1_ITEM_ref(OCSP_ONEREQ), - ASN1_ITEM_ref(OCSP_REQINFO), - ASN1_ITEM_ref(OCSP_REQUEST), - ASN1_ITEM_ref(OCSP_RESPBYTES), - ASN1_ITEM_ref(OCSP_RESPDATA), - ASN1_ITEM_ref(OCSP_RESPID), - ASN1_ITEM_ref(OCSP_RESPONSE), - ASN1_ITEM_ref(OCSP_REVOKEDINFO), - ASN1_ITEM_ref(OCSP_SERVICELOC), - ASN1_ITEM_ref(OCSP_SIGNATURE), - ASN1_ITEM_ref(OCSP_SINGLERESP), -#endif - ASN1_ITEM_ref(OTHERNAME), - ASN1_ITEM_ref(PBE2PARAM), - ASN1_ITEM_ref(PBEPARAM), - ASN1_ITEM_ref(PBKDF2PARAM), - ASN1_ITEM_ref(PKCS12_AUTHSAFES), - ASN1_ITEM_ref(PKCS12_BAGS), - ASN1_ITEM_ref(PKCS12_MAC_DATA), - ASN1_ITEM_ref(PKCS12_SAFEBAGS), - ASN1_ITEM_ref(PKCS12_SAFEBAG), - ASN1_ITEM_ref(PKCS12), - ASN1_ITEM_ref(PKCS7_ATTR_SIGN), - ASN1_ITEM_ref(PKCS7_ATTR_VERIFY), - ASN1_ITEM_ref(PKCS7_DIGEST), - ASN1_ITEM_ref(PKCS7_ENCRYPT), - ASN1_ITEM_ref(PKCS7_ENC_CONTENT), - ASN1_ITEM_ref(PKCS7_ENVELOPE), - ASN1_ITEM_ref(PKCS7_ISSUER_AND_SERIAL), - ASN1_ITEM_ref(PKCS7_RECIP_INFO), - ASN1_ITEM_ref(PKCS7_SIGNED), - ASN1_ITEM_ref(PKCS7_SIGNER_INFO), - ASN1_ITEM_ref(PKCS7_SIGN_ENVELOPE), - ASN1_ITEM_ref(PKCS7), - ASN1_ITEM_ref(PKCS8_PRIV_KEY_INFO), - ASN1_ITEM_ref(PKEY_USAGE_PERIOD), - ASN1_ITEM_ref(POLICYINFO), - ASN1_ITEM_ref(POLICYQUALINFO), - ASN1_ITEM_ref(POLICY_CONSTRAINTS), - ASN1_ITEM_ref(POLICY_MAPPINGS), - ASN1_ITEM_ref(POLICY_MAPPING), - ASN1_ITEM_ref(PROXY_CERT_INFO_EXTENSION), - ASN1_ITEM_ref(PROXY_POLICY), -#ifndef OPENSSL_NO_DEPRECATED_3_0 - ASN1_ITEM_ref(RSAPrivateKey), - ASN1_ITEM_ref(RSAPublicKey), - ASN1_ITEM_ref(RSA_OAEP_PARAMS), - ASN1_ITEM_ref(RSA_PSS_PARAMS), -#endif -#ifndef OPENSSL_NO_SCRYPT - ASN1_ITEM_ref(SCRYPT_PARAMS), -#endif - ASN1_ITEM_ref(SXNETID), - ASN1_ITEM_ref(SXNET), - ASN1_ITEM_ref(ISSUER_SIGN_TOOL), - ASN1_ITEM_ref(USERNOTICE), - ASN1_ITEM_ref(X509_ALGORS), - ASN1_ITEM_ref(X509_ALGOR), - ASN1_ITEM_ref(X509_ATTRIBUTE), - ASN1_ITEM_ref(X509_CERT_AUX), - ASN1_ITEM_ref(X509_CINF), - ASN1_ITEM_ref(X509_CRL_INFO), - ASN1_ITEM_ref(X509_CRL), - ASN1_ITEM_ref(X509_EXTENSIONS), - ASN1_ITEM_ref(X509_EXTENSION), - ASN1_ITEM_ref(X509_NAME_ENTRY), - ASN1_ITEM_ref(X509_NAME), - ASN1_ITEM_ref(X509_PUBKEY), - ASN1_ITEM_ref(X509_REQ_INFO), - ASN1_ITEM_ref(X509_REQ), - ASN1_ITEM_ref(X509_REVOKED), - ASN1_ITEM_ref(X509_SIG), - ASN1_ITEM_ref(X509_VAL), - ASN1_ITEM_ref(X509), -#ifndef OPENSSL_NO_DEPRECATED_3_0 - ASN1_ITEM_ref(ZLONG), -#endif - ASN1_ITEM_ref(INT32), - ASN1_ITEM_ref(UINT32), - ASN1_ITEM_ref(ZINT32), - ASN1_ITEM_ref(ZUINT32), - ASN1_ITEM_ref(INT64), - ASN1_ITEM_ref(UINT64), - ASN1_ITEM_ref(ZINT64), - ASN1_ITEM_ref(ZUINT64), -}; diff --git a/crypto/asn1/asn1_lib.c b/crypto/asn1/asn1_lib.c deleted file mode 100644 index 5359cbc11720403ece0d1176f0b53d20b070afc2..0000000000000000000000000000000000000000 --- a/crypto/asn1/asn1_lib.c +++ /dev/null @@ -1,470 +0,0 @@ -/* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include "internal/cryptlib.h" -#include -#include "asn1_local.h" - -static int asn1_get_length(const unsigned char **pp, int *inf, long *rl, - long max); -static void asn1_put_length(unsigned char **pp, int length); - -static int _asn1_check_infinite_end(const unsigned char **p, long len) -{ - /* - * If there is 0 or 1 byte left, the length check should pick things up - */ - if (len <= 0) { - return 1; - } else { - if ((len >= 2) && ((*p)[0] == 0) && ((*p)[1] == 0)) { - (*p) += 2; - return 1; - } - } - return 0; -} - -int ASN1_check_infinite_end(unsigned char **p, long len) -{ - return _asn1_check_infinite_end((const unsigned char **)p, len); -} - -int ASN1_const_check_infinite_end(const unsigned char **p, long len) -{ - return _asn1_check_infinite_end(p, len); -} - -int ASN1_get_object(const unsigned char **pp, long *plength, int *ptag, - int *pclass, long omax) -{ - int i, ret; - long len; - const unsigned char *p = *pp; - int tag, xclass, inf; - long max = omax; - - if (omax <= 0) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_TOO_SMALL); - return 0x80; - } - ret = (*p & V_ASN1_CONSTRUCTED); - xclass = (*p & V_ASN1_PRIVATE); - i = *p & V_ASN1_PRIMITIVE_TAG; - if (i == V_ASN1_PRIMITIVE_TAG) { /* high-tag */ - p++; - if (--max == 0) - goto err; - len = 0; - while (*p & 0x80) { - len <<= 7L; - len |= *(p++) & 0x7f; - if (--max == 0) - goto err; - if (len > (INT_MAX >> 7L)) - goto err; - } - len <<= 7L; - len |= *(p++) & 0x7f; - tag = (int)len; - if (--max == 0) - goto err; - } else { - tag = i; - p++; - if (--max == 0) - goto err; - } - *ptag = tag; - *pclass = xclass; - if (!asn1_get_length(&p, &inf, plength, max)) - goto err; - - if (inf && !(ret & V_ASN1_CONSTRUCTED)) - goto err; - - if (*plength > (omax - (p - *pp))) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_TOO_LONG); - /* - * Set this so that even if things are not long enough the values are - * set correctly - */ - ret |= 0x80; - } - *pp = p; - return ret | inf; - err: - ERR_raise(ERR_LIB_ASN1, ASN1_R_HEADER_TOO_LONG); - return 0x80; -} - -/* - * Decode a length field. - * The short form is a single byte defining a length 0 - 127. - * The long form is a byte 0 - 127 with the top bit set and this indicates - * the number of following octets that contain the length. These octets - * are stored most significant digit first. - */ -static int asn1_get_length(const unsigned char **pp, int *inf, long *rl, - long max) -{ - const unsigned char *p = *pp; - unsigned long ret = 0; - int i; - - if (max-- < 1) - return 0; - if (*p == 0x80) { - *inf = 1; - p++; - } else { - *inf = 0; - i = *p & 0x7f; - if (*p++ & 0x80) { - if (max < i + 1) - return 0; - /* Skip leading zeroes */ - while (i > 0 && *p == 0) { - p++; - i--; - } - if (i > (int)sizeof(long)) - return 0; - while (i > 0) { - ret <<= 8; - ret |= *p++; - i--; - } - if (ret > LONG_MAX) - return 0; - } else { - ret = i; - } - } - *pp = p; - *rl = (long)ret; - return 1; -} - -/* - * constructed == 2 for indefinite length constructed - */ -void ASN1_put_object(unsigned char **pp, int constructed, int length, int tag, - int xclass) -{ - unsigned char *p = *pp; - int i, ttag; - - i = (constructed) ? V_ASN1_CONSTRUCTED : 0; - i |= (xclass & V_ASN1_PRIVATE); - if (tag < 31) { - *(p++) = i | (tag & V_ASN1_PRIMITIVE_TAG); - } else { - *(p++) = i | V_ASN1_PRIMITIVE_TAG; - for (i = 0, ttag = tag; ttag > 0; i++) - ttag >>= 7; - ttag = i; - while (i-- > 0) { - p[i] = tag & 0x7f; - if (i != (ttag - 1)) - p[i] |= 0x80; - tag >>= 7; - } - p += ttag; - } - if (constructed == 2) - *(p++) = 0x80; - else - asn1_put_length(&p, length); - *pp = p; -} - -int ASN1_put_eoc(unsigned char **pp) -{ - unsigned char *p = *pp; - - *p++ = 0; - *p++ = 0; - *pp = p; - return 2; -} - -static void asn1_put_length(unsigned char **pp, int length) -{ - unsigned char *p = *pp; - int i, len; - - if (length <= 127) { - *(p++) = (unsigned char)length; - } else { - len = length; - for (i = 0; len > 0; i++) - len >>= 8; - *(p++) = i | 0x80; - len = i; - while (i-- > 0) { - p[i] = length & 0xff; - length >>= 8; - } - p += len; - } - *pp = p; -} - -int ASN1_object_size(int constructed, int length, int tag) -{ - int ret = 1; - - if (length < 0) - return -1; - if (tag >= 31) { - while (tag > 0) { - tag >>= 7; - ret++; - } - } - if (constructed == 2) { - ret += 3; - } else { - ret++; - if (length > 127) { - int tmplen = length; - while (tmplen > 0) { - tmplen >>= 8; - ret++; - } - } - } - if (ret >= INT_MAX - length) - return -1; - return ret + length; -} - -int ASN1_STRING_copy(ASN1_STRING *dst, const ASN1_STRING *str) -{ - if (str == NULL) - return 0; - dst->type = str->type; - if (!ASN1_STRING_set(dst, str->data, str->length)) - return 0; - /* Copy flags but preserve embed value */ - dst->flags &= ASN1_STRING_FLAG_EMBED; - dst->flags |= str->flags & ~ASN1_STRING_FLAG_EMBED; - return 1; -} - -ASN1_STRING *ASN1_STRING_dup(const ASN1_STRING *str) -{ - ASN1_STRING *ret; - - if (!str) - return NULL; - ret = ASN1_STRING_new(); - if (ret == NULL) - return NULL; - if (!ASN1_STRING_copy(ret, str)) { - ASN1_STRING_free(ret); - return NULL; - } - return ret; -} - -int ASN1_STRING_set(ASN1_STRING *str, const void *_data, int len_in) -{ - unsigned char *c; - const char *data = _data; - size_t len; - - if (len_in < 0) { - if (data == NULL) - return 0; - len = strlen(data); - } else { - len = (size_t)len_in; - } - /* - * Verify that the length fits within an integer for assignment to - * str->length below. The additional 1 is subtracted to allow for the - * '\0' terminator even though this isn't strictly necessary. - */ - if (len > INT_MAX - 1) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_TOO_LARGE); - return 0; - } - if ((size_t)str->length <= len || str->data == NULL) { - c = str->data; -#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION - /* No NUL terminator in fuzzing builds */ - str->data = OPENSSL_realloc(c, len != 0 ? len : 1); -#else - str->data = OPENSSL_realloc(c, len + 1); -#endif - if (str->data == NULL) { - ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); - str->data = c; - return 0; - } - } - str->length = len; - if (data != NULL) { - memcpy(str->data, data, len); -#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION - /* Set the unused byte to something non NUL and printable. */ - if (len == 0) - str->data[len] = '~'; -#else - /* - * Add a NUL terminator. This should not be necessary - but we add it as - * a safety precaution - */ - str->data[len] = '\0'; -#endif - } - return 1; -} - -void ASN1_STRING_set0(ASN1_STRING *str, void *data, int len) -{ - OPENSSL_free(str->data); - str->data = data; - str->length = len; -} - -ASN1_STRING *ASN1_STRING_new(void) -{ - return ASN1_STRING_type_new(V_ASN1_OCTET_STRING); -} - -ASN1_STRING *ASN1_STRING_type_new(int type) -{ - ASN1_STRING *ret; - - ret = OPENSSL_zalloc(sizeof(*ret)); - if (ret == NULL) { - ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); - return NULL; - } - ret->type = type; - return ret; -} - -void ossl_asn1_string_embed_free(ASN1_STRING *a, int embed) -{ - if (a == NULL) - return; - if (!(a->flags & ASN1_STRING_FLAG_NDEF)) - OPENSSL_free(a->data); - if (embed == 0) - OPENSSL_free(a); -} - -void ASN1_STRING_free(ASN1_STRING *a) -{ - if (a == NULL) - return; - ossl_asn1_string_embed_free(a, a->flags & ASN1_STRING_FLAG_EMBED); -} - -void ASN1_STRING_clear_free(ASN1_STRING *a) -{ - if (a == NULL) - return; - if (a->data && !(a->flags & ASN1_STRING_FLAG_NDEF)) - OPENSSL_cleanse(a->data, a->length); - ASN1_STRING_free(a); -} - -int ASN1_STRING_cmp(const ASN1_STRING *a, const ASN1_STRING *b) -{ - int i; - - i = (a->length - b->length); - if (i == 0) { - if (a->length != 0) - i = memcmp(a->data, b->data, a->length); - if (i == 0) - return a->type - b->type; - else - return i; - } else { - return i; - } -} - -int ASN1_STRING_length(const ASN1_STRING *x) -{ - return x->length; -} - -#ifndef OPENSSL_NO_DEPRECATED_3_0 -void ASN1_STRING_length_set(ASN1_STRING *x, int len) -{ - x->length = len; -} -#endif - -int ASN1_STRING_type(const ASN1_STRING *x) -{ - return x->type; -} - -const unsigned char *ASN1_STRING_get0_data(const ASN1_STRING *x) -{ - return x->data; -} - -#ifndef OPENSSL_NO_DEPRECATED_1_1_0 -unsigned char *ASN1_STRING_data(ASN1_STRING *x) -{ - return x->data; -} -#endif - -/* |max_len| excludes NUL terminator and may be 0 to indicate no restriction */ -char *ossl_sk_ASN1_UTF8STRING2text(STACK_OF(ASN1_UTF8STRING) *text, - const char *sep, size_t max_len) -{ - int i; - ASN1_UTF8STRING *current; - size_t length = 0, sep_len; - char *result = NULL; - char *p; - - if (sep == NULL) - sep = ""; - sep_len = strlen(sep); - - for (i = 0; i < sk_ASN1_UTF8STRING_num(text); i++) { - current = sk_ASN1_UTF8STRING_value(text, i); - if (i > 0) - length += sep_len; - length += ASN1_STRING_length(current); - if (max_len != 0 && length > max_len) - return NULL; - } - if ((result = OPENSSL_malloc(length + 1)) == NULL) - return NULL; - - p = result; - for (i = 0; i < sk_ASN1_UTF8STRING_num(text); i++) { - current = sk_ASN1_UTF8STRING_value(text, i); - length = ASN1_STRING_length(current); - if (i > 0 && sep_len > 0) { - strncpy(p, sep, sep_len + 1); /* using + 1 to silence gcc warning */ - p += sep_len; - } - strncpy(p, (const char *)ASN1_STRING_get0_data(current), length); - p += length; - } - *p = '\0'; - - return result; -} diff --git a/crypto/asn1/asn1_local.h b/crypto/asn1/asn1_local.h deleted file mode 100644 index f73bd8fc6a30c56c390259510c65c4dc0b534713..0000000000000000000000000000000000000000 --- a/crypto/asn1/asn1_local.h +++ /dev/null @@ -1,94 +0,0 @@ -/* - * Copyright 2005-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* Internal ASN1 structures and functions: not for application use */ - -typedef const ASN1_VALUE const_ASN1_VALUE; -SKM_DEFINE_STACK_OF(const_ASN1_VALUE, const ASN1_VALUE, ASN1_VALUE) - -int ossl_asn1_time_to_tm(struct tm *tm, const ASN1_TIME *d); -int ossl_asn1_utctime_to_tm(struct tm *tm, const ASN1_UTCTIME *d); - -/* ASN1 scan context structure */ - -struct asn1_sctx_st { - /* The ASN1_ITEM associated with this field */ - const ASN1_ITEM *it; - /* If ASN1_TEMPLATE associated with this field */ - const ASN1_TEMPLATE *tt; - /* Various flags associated with field and context */ - unsigned long flags; - /* If SEQUENCE OF or SET OF, field index */ - int skidx; - /* ASN1 depth of field */ - int depth; - /* Structure and field name */ - const char *sname, *fname; - /* If a primitive type the type of underlying field */ - int prim_type; - /* The field value itself */ - ASN1_VALUE **field; - /* Callback to pass information to */ - int (*scan_cb) (ASN1_SCTX *ctx); - /* Context specific application data */ - void *app_data; -} /* ASN1_SCTX */ ; - -typedef struct mime_param_st MIME_PARAM; -DEFINE_STACK_OF(MIME_PARAM) -typedef struct mime_header_st MIME_HEADER; -DEFINE_STACK_OF(MIME_HEADER) - -void ossl_asn1_string_embed_free(ASN1_STRING *a, int embed); - -int ossl_asn1_get_choice_selector(ASN1_VALUE **pval, const ASN1_ITEM *it); -int ossl_asn1_get_choice_selector_const(const ASN1_VALUE **pval, - const ASN1_ITEM *it); -int ossl_asn1_set_choice_selector(ASN1_VALUE **pval, int value, - const ASN1_ITEM *it); - -ASN1_VALUE **ossl_asn1_get_field_ptr(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt); -const ASN1_VALUE **ossl_asn1_get_const_field_ptr(const ASN1_VALUE **pval, - const ASN1_TEMPLATE *tt); - -const ASN1_TEMPLATE *ossl_asn1_do_adb(const ASN1_VALUE *val, - const ASN1_TEMPLATE *tt, - int nullerr); - -int ossl_asn1_do_lock(ASN1_VALUE **pval, int op, const ASN1_ITEM *it); - -void ossl_asn1_enc_init(ASN1_VALUE **pval, const ASN1_ITEM *it); -void ossl_asn1_enc_free(ASN1_VALUE **pval, const ASN1_ITEM *it); -int ossl_asn1_enc_restore(int *len, unsigned char **out, const ASN1_VALUE **pval, - const ASN1_ITEM *it); -int ossl_asn1_enc_save(ASN1_VALUE **pval, const unsigned char *in, int inlen, - const ASN1_ITEM *it); - -void ossl_asn1_item_embed_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed); -void ossl_asn1_primitive_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed); -void ossl_asn1_template_free(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt); - -ASN1_OBJECT *ossl_c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, - long length); -int ossl_i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp); -ASN1_BIT_STRING *ossl_c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, - const unsigned char **pp, long length); -int ossl_i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp); -ASN1_INTEGER *ossl_c2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **pp, - long length); - -/* Internal functions used by x_int64.c */ -int ossl_c2i_uint64_int(uint64_t *ret, int *neg, const unsigned char **pp, - long len); -int ossl_i2c_uint64_int(unsigned char *p, uint64_t r, int neg); - -ASN1_TIME *ossl_asn1_time_from_tm(ASN1_TIME *s, struct tm *ts, int type); - -int ossl_asn1_item_ex_new_intern(ASN1_VALUE **pval, const ASN1_ITEM *it, - OSSL_LIB_CTX *libctx, const char *propq); diff --git a/crypto/asn1/asn1_parse.c b/crypto/asn1/asn1_parse.c deleted file mode 100644 index 04d7ef66cfc917536022e882f5469a8afb1af6ab..0000000000000000000000000000000000000000 --- a/crypto/asn1/asn1_parse.c +++ /dev/null @@ -1,387 +0,0 @@ -/* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/cryptlib.h" -#include -#include -#include - -#ifndef ASN1_PARSE_MAXDEPTH -#define ASN1_PARSE_MAXDEPTH 128 -#endif - -static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, - int offset, int depth, int indent, int dump); -static int asn1_print_info(BIO *bp, long offset, int depth, int hl, long len, - int tag, int xclass, int constructed, int indent) -{ - char str[128]; - const char *p; - int pop_f_prefix = 0; - long saved_indent = -1; - int i = 0; - BIO *bio = NULL; - - if (constructed & V_ASN1_CONSTRUCTED) - p = "cons: "; - else - p = "prim: "; - if (constructed != (V_ASN1_CONSTRUCTED | 1)) { - if (BIO_snprintf(str, sizeof(str), "%5ld:d=%-2d hl=%ld l=%4ld %s", - offset, depth, (long)hl, len, p) <= 0) - goto err; - } else { - if (BIO_snprintf(str, sizeof(str), "%5ld:d=%-2d hl=%ld l=inf %s", - offset, depth, (long)hl, p) <= 0) - goto err; - } - if (bp != NULL) { - if (BIO_set_prefix(bp, str) <= 0) { - if ((bio = BIO_new(BIO_f_prefix())) == NULL - || (bp = BIO_push(bio, bp)) == NULL) - goto err; - pop_f_prefix = 1; - } - saved_indent = BIO_get_indent(bp); - if (BIO_set_prefix(bp, str) <= 0 || BIO_set_indent(bp, indent) < 0) - goto err; - } - - /* - * BIO_set_prefix made a copy of |str|, so we can safely use it for - * something else, ASN.1 tag printout. - */ - p = str; - if ((xclass & V_ASN1_PRIVATE) == V_ASN1_PRIVATE) - BIO_snprintf(str, sizeof(str), "priv [ %d ] ", tag); - else if ((xclass & V_ASN1_CONTEXT_SPECIFIC) == V_ASN1_CONTEXT_SPECIFIC) - BIO_snprintf(str, sizeof(str), "cont [ %d ]", tag); - else if ((xclass & V_ASN1_APPLICATION) == V_ASN1_APPLICATION) - BIO_snprintf(str, sizeof(str), "appl [ %d ]", tag); - else if (tag > 30) - BIO_snprintf(str, sizeof(str), "", tag); - else - p = ASN1_tag2str(tag); - - i = (BIO_printf(bp, "%-18s", p) > 0); - err: - if (saved_indent >= 0) - BIO_set_indent(bp, saved_indent); - if (pop_f_prefix) - BIO_pop(bp); - BIO_free(bio); - return i; -} - -int ASN1_parse(BIO *bp, const unsigned char *pp, long len, int indent) -{ - return asn1_parse2(bp, &pp, len, 0, 0, indent, 0); -} - -int ASN1_parse_dump(BIO *bp, const unsigned char *pp, long len, int indent, - int dump) -{ - return asn1_parse2(bp, &pp, len, 0, 0, indent, dump); -} - -static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, - int offset, int depth, int indent, int dump) -{ - const unsigned char *p, *ep, *tot, *op, *opp; - long len; - int tag, xclass, ret = 0; - int nl, hl, j, r; - ASN1_OBJECT *o = NULL; - ASN1_OCTET_STRING *os = NULL; - ASN1_INTEGER *ai = NULL; - ASN1_ENUMERATED *ae = NULL; - /* ASN1_BMPSTRING *bmp=NULL; */ - int dump_indent, dump_cont = 0; - - if (depth > ASN1_PARSE_MAXDEPTH) { - BIO_puts(bp, "BAD RECURSION DEPTH\n"); - return 0; - } - - dump_indent = 6; /* Because we know BIO_dump_indent() */ - p = *pp; - tot = p + length; - while (length > 0) { - op = p; - j = ASN1_get_object(&p, &len, &tag, &xclass, length); - if (j & 0x80) { - BIO_puts(bp, "Error in encoding\n"); - goto end; - } - hl = (p - op); - length -= hl; - /* - * if j == 0x21 it is a constructed indefinite length object - */ - if (!asn1_print_info(bp, (long)offset + (long)(op - *pp), depth, - hl, len, tag, xclass, j, (indent) ? depth : 0)) - goto end; - if (j & V_ASN1_CONSTRUCTED) { - const unsigned char *sp = p; - - ep = p + len; - if (BIO_write(bp, "\n", 1) <= 0) - goto end; - if (len > length) { - BIO_printf(bp, "length is greater than %ld\n", length); - goto end; - } - if ((j == 0x21) && (len == 0)) { - for (;;) { - r = asn1_parse2(bp, &p, (long)(tot - p), - offset + (p - *pp), depth + 1, - indent, dump); - if (r == 0) - goto end; - if ((r == 2) || (p >= tot)) { - len = p - sp; - break; - } - } - } else { - long tmp = len; - - while (p < ep) { - sp = p; - r = asn1_parse2(bp, &p, tmp, - offset + (p - *pp), depth + 1, - indent, dump); - if (r == 0) - goto end; - tmp -= p - sp; - } - } - } else if (xclass != 0) { - p += len; - if (BIO_write(bp, "\n", 1) <= 0) - goto end; - } else { - nl = 0; - if ((tag == V_ASN1_PRINTABLESTRING) || - (tag == V_ASN1_T61STRING) || - (tag == V_ASN1_IA5STRING) || - (tag == V_ASN1_VISIBLESTRING) || - (tag == V_ASN1_NUMERICSTRING) || - (tag == V_ASN1_UTF8STRING) || - (tag == V_ASN1_UTCTIME) || (tag == V_ASN1_GENERALIZEDTIME)) { - if (BIO_write(bp, ":", 1) <= 0) - goto end; - if ((len > 0) && BIO_write(bp, (const char *)p, (int)len) - != (int)len) - goto end; - } else if (tag == V_ASN1_OBJECT) { - opp = op; - if (d2i_ASN1_OBJECT(&o, &opp, len + hl) != NULL) { - if (BIO_write(bp, ":", 1) <= 0) - goto end; - i2a_ASN1_OBJECT(bp, o); - } else { - if (BIO_puts(bp, ":BAD OBJECT") <= 0) - goto end; - dump_cont = 1; - } - } else if (tag == V_ASN1_BOOLEAN) { - if (len != 1) { - if (BIO_puts(bp, ":BAD BOOLEAN") <= 0) - goto end; - dump_cont = 1; - } - if (len > 0) - BIO_printf(bp, ":%u", p[0]); - } else if (tag == V_ASN1_BMPSTRING) { - /* do the BMP thang */ - } else if (tag == V_ASN1_OCTET_STRING) { - int i, printable = 1; - - opp = op; - os = d2i_ASN1_OCTET_STRING(NULL, &opp, len + hl); - if (os != NULL && os->length > 0) { - opp = os->data; - /* - * testing whether the octet string is printable - */ - for (i = 0; i < os->length; i++) { - if (((opp[i] < ' ') && - (opp[i] != '\n') && - (opp[i] != '\r') && - (opp[i] != '\t')) || (opp[i] > '~')) { - printable = 0; - break; - } - } - if (printable) - /* printable string */ - { - if (BIO_write(bp, ":", 1) <= 0) - goto end; - if (BIO_write(bp, (const char *)opp, os->length) <= 0) - goto end; - } else if (!dump) - /* - * not printable => print octet string as hex dump - */ - { - if (BIO_write(bp, "[HEX DUMP]:", 11) <= 0) - goto end; - for (i = 0; i < os->length; i++) { - if (BIO_printf(bp, "%02X", opp[i]) <= 0) - goto end; - } - } else - /* print the normal dump */ - { - if (!nl) { - if (BIO_write(bp, "\n", 1) <= 0) - goto end; - } - if (BIO_dump_indent(bp, - (const char *)opp, - ((dump == -1 || dump > - os-> - length) ? os->length : dump), - dump_indent) <= 0) - goto end; - nl = 1; - } - } - ASN1_OCTET_STRING_free(os); - os = NULL; - } else if (tag == V_ASN1_INTEGER) { - int i; - - opp = op; - ai = d2i_ASN1_INTEGER(NULL, &opp, len + hl); - if (ai != NULL) { - if (BIO_write(bp, ":", 1) <= 0) - goto end; - if (ai->type == V_ASN1_NEG_INTEGER) - if (BIO_write(bp, "-", 1) <= 0) - goto end; - for (i = 0; i < ai->length; i++) { - if (BIO_printf(bp, "%02X", ai->data[i]) <= 0) - goto end; - } - if (ai->length == 0) { - if (BIO_write(bp, "00", 2) <= 0) - goto end; - } - } else { - if (BIO_puts(bp, ":BAD INTEGER") <= 0) - goto end; - dump_cont = 1; - } - ASN1_INTEGER_free(ai); - ai = NULL; - } else if (tag == V_ASN1_ENUMERATED) { - int i; - - opp = op; - ae = d2i_ASN1_ENUMERATED(NULL, &opp, len + hl); - if (ae != NULL) { - if (BIO_write(bp, ":", 1) <= 0) - goto end; - if (ae->type == V_ASN1_NEG_ENUMERATED) - if (BIO_write(bp, "-", 1) <= 0) - goto end; - for (i = 0; i < ae->length; i++) { - if (BIO_printf(bp, "%02X", ae->data[i]) <= 0) - goto end; - } - if (ae->length == 0) { - if (BIO_write(bp, "00", 2) <= 0) - goto end; - } - } else { - if (BIO_puts(bp, ":BAD ENUMERATED") <= 0) - goto end; - dump_cont = 1; - } - ASN1_ENUMERATED_free(ae); - ae = NULL; - } else if (len > 0 && dump) { - if (!nl) { - if (BIO_write(bp, "\n", 1) <= 0) - goto end; - } - if (BIO_dump_indent(bp, (const char *)p, - ((dump == -1 || dump > len) ? len : dump), - dump_indent) <= 0) - goto end; - nl = 1; - } - if (dump_cont) { - int i; - const unsigned char *tmp = op + hl; - if (BIO_puts(bp, ":[") <= 0) - goto end; - for (i = 0; i < len; i++) { - if (BIO_printf(bp, "%02X", tmp[i]) <= 0) - goto end; - } - if (BIO_puts(bp, "]") <= 0) - goto end; - dump_cont = 0; - } - - if (!nl) { - if (BIO_write(bp, "\n", 1) <= 0) - goto end; - } - p += len; - if ((tag == V_ASN1_EOC) && (xclass == 0)) { - ret = 2; /* End of sequence */ - goto end; - } - } - length -= len; - } - ret = 1; - end: - ASN1_OBJECT_free(o); - ASN1_OCTET_STRING_free(os); - ASN1_INTEGER_free(ai); - ASN1_ENUMERATED_free(ae); - *pp = p; - return ret; -} - -const char *ASN1_tag2str(int tag) -{ - static const char *const tag2str[] = { - /* 0-4 */ - "EOC", "BOOLEAN", "INTEGER", "BIT STRING", "OCTET STRING", - /* 5-9 */ - "NULL", "OBJECT", "OBJECT DESCRIPTOR", "EXTERNAL", "REAL", - /* 10-13 */ - "ENUMERATED", "", "UTF8STRING", "", - /* 15-17 */ - "", "", "SEQUENCE", "SET", - /* 18-20 */ - "NUMERICSTRING", "PRINTABLESTRING", "T61STRING", - /* 21-24 */ - "VIDEOTEXSTRING", "IA5STRING", "UTCTIME", "GENERALIZEDTIME", - /* 25-27 */ - "GRAPHICSTRING", "VISIBLESTRING", "GENERALSTRING", - /* 28-30 */ - "UNIVERSALSTRING", "", "BMPSTRING" - }; - - if ((tag == V_ASN1_NEG_INTEGER) || (tag == V_ASN1_NEG_ENUMERATED)) - tag &= ~0x100; - - if (tag < 0 || tag > 30) - return "(unknown)"; - return tag2str[tag]; -} diff --git a/crypto/asn1/asn_mime.c b/crypto/asn1/asn_mime.c deleted file mode 100644 index b1474888aafe497b4ea209ebe09b2b38432011aa..0000000000000000000000000000000000000000 --- a/crypto/asn1/asn_mime.c +++ /dev/null @@ -1,1026 +0,0 @@ -/* - * Copyright 2008-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "crypto/ctype.h" -#include "internal/cryptlib.h" -#include -#include -#include -#include -#include -#include "crypto/evp.h" -#include "internal/bio.h" -#include "asn1_local.h" - -/* - * Generalised MIME like utilities for streaming ASN1. Although many have a - * PKCS7/CMS like flavour others are more general purpose. - */ - -/* - * MIME format structures Note that all are translated to lower case apart - * from parameter values. Quotes are stripped off - */ - -struct mime_param_st { - char *param_name; /* Param name e.g. "micalg" */ - char *param_value; /* Param value e.g. "sha1" */ -}; - -struct mime_header_st { - char *name; /* Name of line e.g. "content-type" */ - char *value; /* Value of line e.g. "text/plain" */ - STACK_OF(MIME_PARAM) *params; /* Zero or more parameters */ -}; - -static int asn1_output_data(BIO *out, BIO *data, ASN1_VALUE *val, int flags, - const ASN1_ITEM *it); -static char *strip_ends(char *name); -static char *strip_start(char *name); -static char *strip_end(char *name); -static MIME_HEADER *mime_hdr_new(const char *name, const char *value); -static int mime_hdr_addparam(MIME_HEADER *mhdr, const char *name, const char *value); -static STACK_OF(MIME_HEADER) *mime_parse_hdr(BIO *bio); -static int mime_hdr_cmp(const MIME_HEADER *const *a, - const MIME_HEADER *const *b); -static int mime_param_cmp(const MIME_PARAM *const *a, - const MIME_PARAM *const *b); -static void mime_param_free(MIME_PARAM *param); -static int mime_bound_check(char *line, int linelen, const char *bound, int blen); -static int multi_split(BIO *bio, int flags, const char *bound, STACK_OF(BIO) **ret); -static int strip_eol(char *linebuf, int *plen, int flags); -static MIME_HEADER *mime_hdr_find(STACK_OF(MIME_HEADER) *hdrs, const char *name); -static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, const char *name); -static void mime_hdr_free(MIME_HEADER *hdr); - -#define MAX_SMLEN 1024 -#define mime_debug(x) /* x */ - -/* Output an ASN1 structure in BER format streaming if necessary */ - -/* unfortunately cannot constify this due to CMS_stream() and PKCS7_stream() */ -int i2d_ASN1_bio_stream(BIO *out, ASN1_VALUE *val, BIO *in, int flags, - const ASN1_ITEM *it) -{ - int rv = 1; - - /* If streaming create stream BIO and copy all content through it */ - if (flags & SMIME_STREAM) { - BIO *bio, *tbio; - bio = BIO_new_NDEF(out, val, it); - if (!bio) { - ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); - return 0; - } - if (!SMIME_crlf_copy(in, bio, flags)) { - rv = 0; - } - - (void)BIO_flush(bio); - /* Free up successive BIOs until we hit the old output BIO */ - do { - tbio = BIO_pop(bio); - BIO_free(bio); - bio = tbio; - } while (bio != out); - } - /* - * else just write out ASN1 structure which will have all content stored - * internally - */ - else - ASN1_item_i2d_bio(it, out, val); - return rv; -} - -/* Base 64 read and write of ASN1 structure */ - -static int B64_write_ASN1(BIO *out, ASN1_VALUE *val, BIO *in, int flags, - const ASN1_ITEM *it) -{ - BIO *b64; - int r; - b64 = BIO_new(BIO_f_base64()); - if (b64 == NULL) { - ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); - return 0; - } - /* - * prepend the b64 BIO so all data is base64 encoded. - */ - out = BIO_push(b64, out); - r = i2d_ASN1_bio_stream(out, val, in, flags, it); - (void)BIO_flush(out); - BIO_pop(out); - BIO_free(b64); - return r; -} - -/* Streaming ASN1 PEM write */ - -int PEM_write_bio_ASN1_stream(BIO *out, ASN1_VALUE *val, BIO *in, int flags, - const char *hdr, const ASN1_ITEM *it) -{ - int r; - BIO_printf(out, "-----BEGIN %s-----\n", hdr); - r = B64_write_ASN1(out, val, in, flags, it); - BIO_printf(out, "-----END %s-----\n", hdr); - return r; -} - -static ASN1_VALUE *b64_read_asn1(BIO *bio, const ASN1_ITEM *it, ASN1_VALUE **x, - OSSL_LIB_CTX *libctx, const char *propq) -{ - BIO *b64; - ASN1_VALUE *val; - - if ((b64 = BIO_new(BIO_f_base64())) == NULL) { - ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); - return 0; - } - bio = BIO_push(b64, bio); - val = ASN1_item_d2i_bio_ex(it, bio, x, libctx, propq); - if (!val) - ERR_raise(ERR_LIB_ASN1, ASN1_R_DECODE_ERROR); - (void)BIO_flush(bio); - BIO_pop(bio); - BIO_free(b64); - return val; -} - -/* Generate the MIME "micalg" parameter from RFC3851, RFC4490 */ - -static int asn1_write_micalg(BIO *out, STACK_OF(X509_ALGOR) *mdalgs) -{ - const EVP_MD *md; - int i, have_unknown = 0, write_comma, ret = 0, md_nid; - have_unknown = 0; - write_comma = 0; - for (i = 0; i < sk_X509_ALGOR_num(mdalgs); i++) { - if (write_comma) - BIO_write(out, ",", 1); - write_comma = 1; - md_nid = OBJ_obj2nid(sk_X509_ALGOR_value(mdalgs, i)->algorithm); - md = EVP_get_digestbynid(md_nid); - if (md && md->md_ctrl) { - int rv; - char *micstr; - rv = md->md_ctrl(NULL, EVP_MD_CTRL_MICALG, 0, &micstr); - if (rv > 0) { - BIO_puts(out, micstr); - OPENSSL_free(micstr); - continue; - } - if (rv != -2) - goto err; - } - switch (md_nid) { - case NID_sha1: - BIO_puts(out, "sha1"); - break; - - case NID_md5: - BIO_puts(out, "md5"); - break; - - case NID_sha256: - BIO_puts(out, "sha-256"); - break; - - case NID_sha384: - BIO_puts(out, "sha-384"); - break; - - case NID_sha512: - BIO_puts(out, "sha-512"); - break; - - case NID_id_GostR3411_94: - BIO_puts(out, "gostr3411-94"); - goto err; - - case NID_id_GostR3411_2012_256: - BIO_puts(out, "gostr3411-2012-256"); - goto err; - - case NID_id_GostR3411_2012_512: - BIO_puts(out, "gostr3411-2012-512"); - goto err; - - default: - if (have_unknown) { - write_comma = 0; - } else { - BIO_puts(out, "unknown"); - have_unknown = 1; - } - break; - - } - } - - ret = 1; - err: - - return ret; - -} - -/* SMIME sender */ - -int SMIME_write_ASN1_ex(BIO *bio, ASN1_VALUE *val, BIO *data, int flags, - int ctype_nid, int econt_nid, - STACK_OF(X509_ALGOR) *mdalgs, const ASN1_ITEM *it, - OSSL_LIB_CTX *libctx, const char *propq) -{ - char bound[33], c; - int i; - const char *mime_prefix, *mime_eol, *cname = "smime.p7m"; - const char *msg_type = NULL; - - if (flags & SMIME_OLDMIME) - mime_prefix = "application/x-pkcs7-"; - else - mime_prefix = "application/pkcs7-"; - - if (flags & SMIME_CRLFEOL) - mime_eol = "\r\n"; - else - mime_eol = "\n"; - if ((flags & SMIME_DETACHED) && data) { - /* We want multipart/signed */ - /* Generate a random boundary */ - if (RAND_bytes_ex(libctx, (unsigned char *)bound, 32, 0) <= 0) - return 0; - for (i = 0; i < 32; i++) { - c = bound[i] & 0xf; - if (c < 10) - c += '0'; - else - c += 'A' - 10; - bound[i] = c; - } - bound[32] = 0; - BIO_printf(bio, "MIME-Version: 1.0%s", mime_eol); - BIO_printf(bio, "Content-Type: multipart/signed;"); - BIO_printf(bio, " protocol=\"%ssignature\";", mime_prefix); - BIO_puts(bio, " micalg=\""); - asn1_write_micalg(bio, mdalgs); - BIO_printf(bio, "\"; boundary=\"----%s\"%s%s", - bound, mime_eol, mime_eol); - BIO_printf(bio, "This is an S/MIME signed message%s%s", - mime_eol, mime_eol); - /* Now write out the first part */ - BIO_printf(bio, "------%s%s", bound, mime_eol); - if (!asn1_output_data(bio, data, val, flags, it)) - return 0; - BIO_printf(bio, "%s------%s%s", mime_eol, bound, mime_eol); - - /* Headers for signature */ - - BIO_printf(bio, "Content-Type: %ssignature;", mime_prefix); - BIO_printf(bio, " name=\"smime.p7s\"%s", mime_eol); - BIO_printf(bio, "Content-Transfer-Encoding: base64%s", mime_eol); - BIO_printf(bio, "Content-Disposition: attachment;"); - BIO_printf(bio, " filename=\"smime.p7s\"%s%s", mime_eol, mime_eol); - B64_write_ASN1(bio, val, NULL, 0, it); - BIO_printf(bio, "%s------%s--%s%s", mime_eol, bound, - mime_eol, mime_eol); - return 1; - } - - /* Determine smime-type header */ - - if (ctype_nid == NID_pkcs7_enveloped) { - msg_type = "enveloped-data"; - } else if (ctype_nid == NID_pkcs7_signed) { - if (econt_nid == NID_id_smime_ct_receipt) - msg_type = "signed-receipt"; - else if (sk_X509_ALGOR_num(mdalgs) >= 0) - msg_type = "signed-data"; - else - msg_type = "certs-only"; - } else if (ctype_nid == NID_id_smime_ct_compressedData) { - msg_type = "compressed-data"; - cname = "smime.p7z"; - } - /* MIME headers */ - BIO_printf(bio, "MIME-Version: 1.0%s", mime_eol); - BIO_printf(bio, "Content-Disposition: attachment;"); - BIO_printf(bio, " filename=\"%s\"%s", cname, mime_eol); - BIO_printf(bio, "Content-Type: %smime;", mime_prefix); - if (msg_type) - BIO_printf(bio, " smime-type=%s;", msg_type); - BIO_printf(bio, " name=\"%s\"%s", cname, mime_eol); - BIO_printf(bio, "Content-Transfer-Encoding: base64%s%s", - mime_eol, mime_eol); - if (!B64_write_ASN1(bio, val, data, flags, it)) - return 0; - BIO_printf(bio, "%s", mime_eol); - return 1; -} - -int SMIME_write_ASN1(BIO *bio, ASN1_VALUE *val, BIO *data, int flags, - int ctype_nid, int econt_nid, - STACK_OF(X509_ALGOR) *mdalgs, const ASN1_ITEM *it) -{ - return SMIME_write_ASN1_ex(bio, val, data, flags, ctype_nid, econt_nid, - mdalgs, it, NULL, NULL); -} - -/* Handle output of ASN1 data */ - -/* cannot constify val because of CMS_dataFinal() */ -static int asn1_output_data(BIO *out, BIO *data, ASN1_VALUE *val, int flags, - const ASN1_ITEM *it) -{ - BIO *tmpbio; - const ASN1_AUX *aux = it->funcs; - ASN1_STREAM_ARG sarg; - int rv = 1; - - /* - * If data is not detached or resigning then the output BIO is already - * set up to finalise when it is written through. - */ - if (!(flags & SMIME_DETACHED) || (flags & PKCS7_REUSE_DIGEST)) { - return SMIME_crlf_copy(data, out, flags); - } - - if (!aux || !aux->asn1_cb) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_STREAMING_NOT_SUPPORTED); - return 0; - } - - sarg.out = out; - sarg.ndef_bio = NULL; - sarg.boundary = NULL; - - /* Let ASN1 code prepend any needed BIOs */ - - if (aux->asn1_cb(ASN1_OP_DETACHED_PRE, &val, it, &sarg) <= 0) - return 0; - - /* Copy data across, passing through filter BIOs for processing */ - if (!SMIME_crlf_copy(data, sarg.ndef_bio, flags)) - rv = 0; - - /* Finalize structure */ - if (aux->asn1_cb(ASN1_OP_DETACHED_POST, &val, it, &sarg) <= 0) - rv = 0; - - /* Now remove any digests prepended to the BIO */ - - while (sarg.ndef_bio != out) { - tmpbio = BIO_pop(sarg.ndef_bio); - BIO_free(sarg.ndef_bio); - sarg.ndef_bio = tmpbio; - } - - return rv; - -} - -/* - * SMIME reader: handle multipart/signed and opaque signing. in multipart - * case the content is placed in a memory BIO pointed to by "bcont". In - * opaque this is set to NULL - */ - -ASN1_VALUE *SMIME_read_ASN1_ex(BIO *bio, int flags, BIO **bcont, - const ASN1_ITEM *it, ASN1_VALUE **x, - OSSL_LIB_CTX *libctx, const char *propq) -{ - BIO *asnin; - STACK_OF(MIME_HEADER) *headers = NULL; - STACK_OF(BIO) *parts = NULL; - MIME_HEADER *hdr; - MIME_PARAM *prm; - ASN1_VALUE *val; - int ret; - - if (bcont) - *bcont = NULL; - - if ((headers = mime_parse_hdr(bio)) == NULL) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_MIME_PARSE_ERROR); - return NULL; - } - - if ((hdr = mime_hdr_find(headers, "content-type")) == NULL - || hdr->value == NULL) { - sk_MIME_HEADER_pop_free(headers, mime_hdr_free); - ERR_raise(ERR_LIB_ASN1, ASN1_R_NO_CONTENT_TYPE); - return NULL; - } - - /* Handle multipart/signed */ - - if (strcmp(hdr->value, "multipart/signed") == 0) { - /* Split into two parts */ - prm = mime_param_find(hdr, "boundary"); - if (prm == NULL || prm->param_value == NULL) { - sk_MIME_HEADER_pop_free(headers, mime_hdr_free); - ERR_raise(ERR_LIB_ASN1, ASN1_R_NO_MULTIPART_BOUNDARY); - return NULL; - } - ret = multi_split(bio, flags, prm->param_value, &parts); - sk_MIME_HEADER_pop_free(headers, mime_hdr_free); - if (!ret || (sk_BIO_num(parts) != 2)) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_NO_MULTIPART_BODY_FAILURE); - sk_BIO_pop_free(parts, BIO_vfree); - return NULL; - } - - /* Parse the signature piece */ - asnin = sk_BIO_value(parts, 1); - - if ((headers = mime_parse_hdr(asnin)) == NULL) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_MIME_SIG_PARSE_ERROR); - sk_BIO_pop_free(parts, BIO_vfree); - return NULL; - } - - /* Get content type */ - - if ((hdr = mime_hdr_find(headers, "content-type")) == NULL - || hdr->value == NULL) { - sk_MIME_HEADER_pop_free(headers, mime_hdr_free); - ERR_raise(ERR_LIB_ASN1, ASN1_R_NO_SIG_CONTENT_TYPE); - sk_BIO_pop_free(parts, BIO_vfree); - return NULL; - } - - if (strcmp(hdr->value, "application/x-pkcs7-signature") && - strcmp(hdr->value, "application/pkcs7-signature")) { - ERR_raise_data(ERR_LIB_ASN1, ASN1_R_SIG_INVALID_MIME_TYPE, - "type: %s", hdr->value); - sk_MIME_HEADER_pop_free(headers, mime_hdr_free); - sk_BIO_pop_free(parts, BIO_vfree); - return NULL; - } - sk_MIME_HEADER_pop_free(headers, mime_hdr_free); - /* Read in ASN1 */ - if ((val = b64_read_asn1(asnin, it, x, libctx, propq)) == NULL) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_ASN1_SIG_PARSE_ERROR); - sk_BIO_pop_free(parts, BIO_vfree); - return NULL; - } - - if (bcont) { - *bcont = sk_BIO_value(parts, 0); - BIO_free(asnin); - sk_BIO_free(parts); - } else { - sk_BIO_pop_free(parts, BIO_vfree); - } - return val; - } - - /* OK, if not multipart/signed try opaque signature */ - - if (strcmp(hdr->value, "application/x-pkcs7-mime") && - strcmp(hdr->value, "application/pkcs7-mime")) { - ERR_raise_data(ERR_LIB_ASN1, ASN1_R_INVALID_MIME_TYPE, - "type: %s", hdr->value); - sk_MIME_HEADER_pop_free(headers, mime_hdr_free); - return NULL; - } - - sk_MIME_HEADER_pop_free(headers, mime_hdr_free); - - if ((val = b64_read_asn1(bio, it, x, libctx, propq)) == NULL) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_ASN1_PARSE_ERROR); - return NULL; - } - return val; -} - -ASN1_VALUE *SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it) -{ - return SMIME_read_ASN1_ex(bio, 0, bcont, it, NULL, NULL, NULL); -} - -/* Copy text from one BIO to another making the output CRLF at EOL */ -int SMIME_crlf_copy(BIO *in, BIO *out, int flags) -{ - BIO *bf; - char eol; - int len; - char linebuf[MAX_SMLEN]; - /* - * Buffer output so we don't write one line at a time. This is useful - * when streaming as we don't end up with one OCTET STRING per line. - */ - bf = BIO_new(BIO_f_buffer()); - if (bf == NULL) { - ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); - return 0; - } - out = BIO_push(bf, out); - if (flags & SMIME_BINARY) { - while ((len = BIO_read(in, linebuf, MAX_SMLEN)) > 0) - BIO_write(out, linebuf, len); - } else { - int eolcnt = 0; - if (flags & SMIME_TEXT) - BIO_printf(out, "Content-Type: text/plain\r\n\r\n"); - while ((len = BIO_gets(in, linebuf, MAX_SMLEN)) > 0) { - eol = strip_eol(linebuf, &len, flags); - if (len > 0) { - /* Not EOF: write out all CRLF */ - if (flags & SMIME_ASCIICRLF) { - int i; - for (i = 0; i < eolcnt; i++) - BIO_write(out, "\r\n", 2); - eolcnt = 0; - } - BIO_write(out, linebuf, len); - if (eol) - BIO_write(out, "\r\n", 2); - } else if (flags & SMIME_ASCIICRLF) { - eolcnt++; - } else if (eol) { - BIO_write(out, "\r\n", 2); - } - } - } - (void)BIO_flush(out); - BIO_pop(out); - BIO_free(bf); - return 1; -} - -/* Strip off headers if they are text/plain */ -int SMIME_text(BIO *in, BIO *out) -{ - char iobuf[4096]; - int len; - STACK_OF(MIME_HEADER) *headers; - MIME_HEADER *hdr; - - if ((headers = mime_parse_hdr(in)) == NULL) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_MIME_PARSE_ERROR); - return 0; - } - if ((hdr = mime_hdr_find(headers, "content-type")) == NULL - || hdr->value == NULL) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_MIME_NO_CONTENT_TYPE); - sk_MIME_HEADER_pop_free(headers, mime_hdr_free); - return 0; - } - if (strcmp(hdr->value, "text/plain")) { - ERR_raise_data(ERR_LIB_ASN1, ASN1_R_INVALID_MIME_TYPE, - "type: %s", hdr->value); - sk_MIME_HEADER_pop_free(headers, mime_hdr_free); - return 0; - } - sk_MIME_HEADER_pop_free(headers, mime_hdr_free); - while ((len = BIO_read(in, iobuf, sizeof(iobuf))) > 0) - BIO_write(out, iobuf, len); - if (len < 0) - return 0; - return 1; -} - -/* - * Split a multipart/XXX message body into component parts: result is - * canonical parts in a STACK of bios - */ - -static int multi_split(BIO *bio, int flags, const char *bound, STACK_OF(BIO) **ret) -{ - char linebuf[MAX_SMLEN]; - int len, blen; - int eol = 0, next_eol = 0; - BIO *bpart = NULL; - STACK_OF(BIO) *parts; - char state, part, first; - - blen = strlen(bound); - part = 0; - state = 0; - first = 1; - parts = sk_BIO_new_null(); - *ret = parts; - if (*ret == NULL) - return 0; - while ((len = BIO_get_line(bio, linebuf, MAX_SMLEN)) > 0) { - state = mime_bound_check(linebuf, len, bound, blen); - if (state == 1) { - first = 1; - part++; - } else if (state == 2) { - if (!sk_BIO_push(parts, bpart)) { - BIO_free(bpart); - return 0; - } - return 1; - } else if (part != 0) { - /* Strip (possibly CR +) LF from linebuf */ - next_eol = strip_eol(linebuf, &len, flags); - if (first) { - first = 0; - if (bpart) - if (!sk_BIO_push(parts, bpart)) { - BIO_free(bpart); - return 0; - } - bpart = BIO_new(BIO_s_mem()); - if (bpart == NULL) - return 0; - BIO_set_mem_eof_return(bpart, 0); - } else if (eol) { - if ( -#ifndef OPENSSL_NO_CMS - (flags & CMS_BINARY) == 0 -#else - 1 -#endif - || (flags & SMIME_CRLFEOL) != 0) - BIO_write(bpart, "\r\n", 2); - else - BIO_write(bpart, "\n", 1); - } - eol = next_eol; - if (len > 0) - BIO_write(bpart, linebuf, len); - } - } - BIO_free(bpart); - return 0; -} - -/* This is the big one: parse MIME header lines up to message body */ - -#define MIME_INVALID 0 -#define MIME_START 1 -#define MIME_TYPE 2 -#define MIME_NAME 3 -#define MIME_VALUE 4 -#define MIME_QUOTE 5 -#define MIME_COMMENT 6 - -static STACK_OF(MIME_HEADER) *mime_parse_hdr(BIO *bio) -{ - char *p, *q, c; - char *ntmp; - char linebuf[MAX_SMLEN]; - MIME_HEADER *mhdr = NULL, *new_hdr = NULL; - STACK_OF(MIME_HEADER) *headers; - int len, state, save_state = 0; - - headers = sk_MIME_HEADER_new(mime_hdr_cmp); - if (headers == NULL) - return NULL; - while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) { - /* If whitespace at line start then continuation line */ - if (mhdr && ossl_isspace(linebuf[0])) - state = MIME_NAME; - else - state = MIME_START; - ntmp = NULL; - /* Go through all characters */ - for (p = linebuf, q = linebuf; (c = *p) && (c != '\r') && (c != '\n'); - p++) { - - /* - * State machine to handle MIME headers if this looks horrible - * that's because it *is* - */ - - switch (state) { - case MIME_START: - if (c == ':') { - state = MIME_TYPE; - *p = 0; - ntmp = strip_ends(q); - q = p + 1; - } - break; - - case MIME_TYPE: - if (c == ';') { - mime_debug("Found End Value\n"); - *p = 0; - new_hdr = mime_hdr_new(ntmp, strip_ends(q)); - if (new_hdr == NULL) - goto err; - if (!sk_MIME_HEADER_push(headers, new_hdr)) - goto err; - mhdr = new_hdr; - new_hdr = NULL; - ntmp = NULL; - q = p + 1; - state = MIME_NAME; - } else if (c == '(') { - save_state = state; - state = MIME_COMMENT; - } - break; - - case MIME_COMMENT: - if (c == ')') { - state = save_state; - } - break; - - case MIME_NAME: - if (c == '=') { - state = MIME_VALUE; - *p = 0; - ntmp = strip_ends(q); - q = p + 1; - } - break; - - case MIME_VALUE: - if (c == ';') { - state = MIME_NAME; - *p = 0; - mime_hdr_addparam(mhdr, ntmp, strip_ends(q)); - ntmp = NULL; - q = p + 1; - } else if (c == '"') { - mime_debug("Found Quote\n"); - state = MIME_QUOTE; - } else if (c == '(') { - save_state = state; - state = MIME_COMMENT; - } - break; - - case MIME_QUOTE: - if (c == '"') { - mime_debug("Found Match Quote\n"); - state = MIME_VALUE; - } - break; - } - } - - if (state == MIME_TYPE) { - new_hdr = mime_hdr_new(ntmp, strip_ends(q)); - if (new_hdr == NULL) - goto err; - if (!sk_MIME_HEADER_push(headers, new_hdr)) - goto err; - mhdr = new_hdr; - new_hdr = NULL; - } else if (state == MIME_VALUE) { - mime_hdr_addparam(mhdr, ntmp, strip_ends(q)); - } - if (p == linebuf) - break; /* Blank line means end of headers */ - } - - return headers; - - err: - mime_hdr_free(new_hdr); - sk_MIME_HEADER_pop_free(headers, mime_hdr_free); - return NULL; -} - -static char *strip_ends(char *name) -{ - return strip_end(strip_start(name)); -} - -/* Strip a parameter of whitespace from start of param */ -static char *strip_start(char *name) -{ - char *p, c; - /* Look for first non whitespace or quote */ - for (p = name; (c = *p); p++) { - if (c == '"') { - /* Next char is start of string if non null */ - if (p[1]) - return p + 1; - /* Else null string */ - return NULL; - } - if (!ossl_isspace(c)) - return p; - } - return NULL; -} - -/* As above but strip from end of string : maybe should handle brackets? */ -static char *strip_end(char *name) -{ - char *p, c; - if (!name) - return NULL; - /* Look for first non whitespace or quote */ - for (p = name + strlen(name) - 1; p >= name; p--) { - c = *p; - if (c == '"') { - if (p - 1 == name) - return NULL; - *p = 0; - return name; - } - if (ossl_isspace(c)) - *p = 0; - else - return name; - } - return NULL; -} - -static MIME_HEADER *mime_hdr_new(const char *name, const char *value) -{ - MIME_HEADER *mhdr = NULL; - char *tmpname = NULL, *tmpval = NULL, *p; - - if (name) { - if ((tmpname = OPENSSL_strdup(name)) == NULL) - return NULL; - for (p = tmpname; *p; p++) - *p = ossl_tolower(*p); - } - if (value) { - if ((tmpval = OPENSSL_strdup(value)) == NULL) - goto err; - for (p = tmpval; *p; p++) - *p = ossl_tolower(*p); - } - mhdr = OPENSSL_malloc(sizeof(*mhdr)); - if (mhdr == NULL) - goto err; - mhdr->name = tmpname; - mhdr->value = tmpval; - if ((mhdr->params = sk_MIME_PARAM_new(mime_param_cmp)) == NULL) - goto err; - return mhdr; - - err: - OPENSSL_free(tmpname); - OPENSSL_free(tmpval); - OPENSSL_free(mhdr); - return NULL; -} - -static int mime_hdr_addparam(MIME_HEADER *mhdr, const char *name, const char *value) -{ - char *tmpname = NULL, *tmpval = NULL, *p; - MIME_PARAM *mparam = NULL; - - if (name) { - tmpname = OPENSSL_strdup(name); - if (!tmpname) - goto err; - for (p = tmpname; *p; p++) - *p = ossl_tolower(*p); - } - if (value) { - tmpval = OPENSSL_strdup(value); - if (!tmpval) - goto err; - } - /* Parameter values are case sensitive so leave as is */ - mparam = OPENSSL_malloc(sizeof(*mparam)); - if (mparam == NULL) - goto err; - mparam->param_name = tmpname; - mparam->param_value = tmpval; - if (!sk_MIME_PARAM_push(mhdr->params, mparam)) - goto err; - return 1; - err: - OPENSSL_free(tmpname); - OPENSSL_free(tmpval); - OPENSSL_free(mparam); - return 0; -} - -static int mime_hdr_cmp(const MIME_HEADER *const *a, - const MIME_HEADER *const *b) -{ - if ((*a)->name == NULL || (*b)->name == NULL) - return ((*a)->name != NULL) - ((*b)->name != NULL); - - return strcmp((*a)->name, (*b)->name); -} - -static int mime_param_cmp(const MIME_PARAM *const *a, - const MIME_PARAM *const *b) -{ - if ((*a)->param_name == NULL || (*b)->param_name == NULL) - return ((*a)->param_name != NULL) - ((*b)->param_name != NULL); - return strcmp((*a)->param_name, (*b)->param_name); -} - -/* Find a header with a given name (if possible) */ - -static MIME_HEADER *mime_hdr_find(STACK_OF(MIME_HEADER) *hdrs, const char *name) -{ - MIME_HEADER htmp; - int idx; - - htmp.name = (char *)name; - htmp.value = NULL; - htmp.params = NULL; - - idx = sk_MIME_HEADER_find(hdrs, &htmp); - return sk_MIME_HEADER_value(hdrs, idx); -} - -static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, const char *name) -{ - MIME_PARAM param; - int idx; - - param.param_name = (char *)name; - param.param_value = NULL; - idx = sk_MIME_PARAM_find(hdr->params, ¶m); - return sk_MIME_PARAM_value(hdr->params, idx); -} - -static void mime_hdr_free(MIME_HEADER *hdr) -{ - if (hdr == NULL) - return; - OPENSSL_free(hdr->name); - OPENSSL_free(hdr->value); - if (hdr->params) - sk_MIME_PARAM_pop_free(hdr->params, mime_param_free); - OPENSSL_free(hdr); -} - -static void mime_param_free(MIME_PARAM *param) -{ - OPENSSL_free(param->param_name); - OPENSSL_free(param->param_value); - OPENSSL_free(param); -} - -/*- - * Check for a multipart boundary. Returns: - * 0 : no boundary - * 1 : part boundary - * 2 : final boundary - */ -static int mime_bound_check(char *line, int linelen, const char *bound, int blen) -{ - if (linelen == -1) - linelen = strlen(line); - if (blen == -1) - blen = strlen(bound); - /* Quickly eliminate if line length too short */ - if (blen + 2 > linelen) - return 0; - /* Check for part boundary */ - if ((strncmp(line, "--", 2) == 0) - && strncmp(line + 2, bound, blen) == 0) { - if (strncmp(line + blen + 2, "--", 2) == 0) - return 2; - else - return 1; - } - return 0; -} - -static int strip_eol(char *linebuf, int *plen, int flags) -{ - int len = *plen; - char *p, c; - int is_eol = 0; - -#ifndef OPENSSL_NO_CMS - if ((flags & CMS_BINARY) != 0) { - if (len <= 0 || linebuf[len - 1] != '\n') - return 0; - if ((flags & SMIME_CRLFEOL) != 0) { - if (len <= 1 || linebuf[len - 2] != '\r') - return 0; - len--; - } - len--; - *plen = len; - return 1; - } -#endif - - for (p = linebuf + len - 1; len > 0; len--, p--) { - c = *p; - if (c == '\n') { - is_eol = 1; - } else if (is_eol && (flags & SMIME_ASCIICRLF) != 0 && c == 32) { - /* Strip trailing space on a line; 32 == ASCII for ' ' */ - continue; - } else if (c != '\r') { - break; - } - } - *plen = len; - return is_eol; -} diff --git a/crypto/asn1/asn_moid.c b/crypto/asn1/asn_moid.c deleted file mode 100644 index 526219c1a723c98e66c48430000d80b3b76289a6..0000000000000000000000000000000000000000 --- a/crypto/asn1/asn_moid.c +++ /dev/null @@ -1,100 +0,0 @@ -/* - * Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "crypto/ctype.h" -#include -#include "internal/cryptlib.h" -#include -#include -#include "crypto/asn1.h" -#include "crypto/objects.h" - -/* Simple ASN1 OID module: add all objects in a given section */ - -static int do_create(const char *value, const char *name); - -static int oid_module_init(CONF_IMODULE *md, const CONF *cnf) -{ - int i; - const char *oid_section; - STACK_OF(CONF_VALUE) *sktmp; - CONF_VALUE *oval; - - oid_section = CONF_imodule_get_value(md); - if ((sktmp = NCONF_get_section(cnf, oid_section)) == NULL) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_ERROR_LOADING_SECTION); - return 0; - } - for (i = 0; i < sk_CONF_VALUE_num(sktmp); i++) { - oval = sk_CONF_VALUE_value(sktmp, i); - if (!do_create(oval->value, oval->name)) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_ADDING_OBJECT); - return 0; - } - } - return 1; -} - -static void oid_module_finish(CONF_IMODULE *md) -{ -} - -void ASN1_add_oid_module(void) -{ - CONF_module_add("oid_section", oid_module_init, oid_module_finish); -} - -/*- - * Create an OID based on a name value pair. Accept two formats. - * shortname = 1.2.3.4 - * shortname = some long name, 1.2.3.4 - */ - -static int do_create(const char *value, const char *name) -{ - int nid; - const char *ln, *ostr, *p; - char *lntmp = NULL; - - p = strrchr(value, ','); - if (p == NULL) { - ln = name; - ostr = value; - } else { - ln = value; - ostr = p + 1; - if (*ostr == '\0') - return 0; - while (ossl_isspace(*ostr)) - ostr++; - while (ossl_isspace(*ln)) - ln++; - p--; - while (ossl_isspace(*p)) { - if (p == ln) - return 0; - p--; - } - p++; - if ((lntmp = OPENSSL_malloc((p - ln) + 1)) == NULL) { - ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); - return 0; - } - memcpy(lntmp, ln, p - ln); - lntmp[p - ln] = '\0'; - ln = lntmp; - } - - nid = OBJ_create(ostr, name, ln); - - OPENSSL_free(lntmp); - - return nid != NID_undef; -} diff --git a/crypto/asn1/asn_mstbl.c b/crypto/asn1/asn_mstbl.c deleted file mode 100644 index 3543cd22568fd0ea5b0a603854edf6487fc64100..0000000000000000000000000000000000000000 --- a/crypto/asn1/asn_mstbl.c +++ /dev/null @@ -1,113 +0,0 @@ -/* - * Copyright 2012-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include "internal/cryptlib.h" -#include -#include - -/* Multi string module: add table entries from a given section */ - -static int do_tcreate(const char *value, const char *name); - -static int stbl_module_init(CONF_IMODULE *md, const CONF *cnf) -{ - int i; - const char *stbl_section; - STACK_OF(CONF_VALUE) *sktmp; - CONF_VALUE *mval; - - stbl_section = CONF_imodule_get_value(md); - if ((sktmp = NCONF_get_section(cnf, stbl_section)) == NULL) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_ERROR_LOADING_SECTION); - return 0; - } - for (i = 0; i < sk_CONF_VALUE_num(sktmp); i++) { - mval = sk_CONF_VALUE_value(sktmp, i); - if (!do_tcreate(mval->value, mval->name)) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_INVALID_VALUE); - return 0; - } - } - return 1; -} - -static void stbl_module_finish(CONF_IMODULE *md) -{ - ASN1_STRING_TABLE_cleanup(); -} - -void ASN1_add_stable_module(void) -{ - CONF_module_add("stbl_section", stbl_module_init, stbl_module_finish); -} - -/* - * Create an table entry based on a name value pair. format is oid_name = - * n1:v1, n2:v2,... where name is "min", "max", "mask" or "flags". - */ - -static int do_tcreate(const char *value, const char *name) -{ - char *eptr; - int nid, i, rv = 0; - long tbl_min = -1, tbl_max = -1; - unsigned long tbl_mask = 0, tbl_flags = 0; - STACK_OF(CONF_VALUE) *lst = NULL; - CONF_VALUE *cnf = NULL; - nid = OBJ_sn2nid(name); - if (nid == NID_undef) - nid = OBJ_ln2nid(name); - if (nid == NID_undef) - goto err; - lst = X509V3_parse_list(value); - if (!lst) - goto err; - for (i = 0; i < sk_CONF_VALUE_num(lst); i++) { - cnf = sk_CONF_VALUE_value(lst, i); - if (strcmp(cnf->name, "min") == 0) { - tbl_min = strtoul(cnf->value, &eptr, 0); - if (*eptr) - goto err; - } else if (strcmp(cnf->name, "max") == 0) { - tbl_max = strtoul(cnf->value, &eptr, 0); - if (*eptr) - goto err; - } else if (strcmp(cnf->name, "mask") == 0) { - if (!ASN1_str2mask(cnf->value, &tbl_mask) || !tbl_mask) - goto err; - } else if (strcmp(cnf->name, "flags") == 0) { - if (strcmp(cnf->value, "nomask") == 0) - tbl_flags = STABLE_NO_MASK; - else if (strcmp(cnf->value, "none") == 0) - tbl_flags = STABLE_FLAGS_CLEAR; - else - goto err; - } else - goto err; - } - rv = 1; - err: - if (rv == 0) { - if (cnf) - ERR_raise_data(ERR_LIB_ASN1, ASN1_R_INVALID_STRING_TABLE_VALUE, - "field=%s, value=%s", cnf->name, cnf->value); - else - ERR_raise_data(ERR_LIB_ASN1, ASN1_R_INVALID_STRING_TABLE_VALUE, - "name=%s, value=%s", name, value); - } else { - rv = ASN1_STRING_TABLE_add(nid, tbl_min, tbl_max, - tbl_mask, tbl_flags); - if (!rv) - ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); - } - sk_CONF_VALUE_pop_free(lst, X509V3_conf_free); - return rv; -} diff --git a/crypto/asn1/asn_pack.c b/crypto/asn1/asn_pack.c deleted file mode 100644 index 292e6d817697366ae4ae95919c11ad5178475961..0000000000000000000000000000000000000000 --- a/crypto/asn1/asn_pack.c +++ /dev/null @@ -1,62 +0,0 @@ -/* - * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/cryptlib.h" -#include - -/* ASN1 packing and unpacking functions */ - -ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, ASN1_STRING **oct) -{ - ASN1_STRING *octmp; - - if (oct == NULL || *oct == NULL) { - if ((octmp = ASN1_STRING_new()) == NULL) { - ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); - return NULL; - } - } else { - octmp = *oct; - } - - OPENSSL_free(octmp->data); - octmp->data = NULL; - - if ((octmp->length = ASN1_item_i2d(obj, &octmp->data, it)) == 0) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_ENCODE_ERROR); - goto err; - } - if (octmp->data == NULL) { - ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); - goto err; - } - - if (oct != NULL && *oct == NULL) - *oct = octmp; - - return octmp; - err: - if (oct == NULL || *oct == NULL) - ASN1_STRING_free(octmp); - return NULL; -} - -/* Extract an ASN1 object from an ASN1_STRING */ - -void *ASN1_item_unpack(const ASN1_STRING *oct, const ASN1_ITEM *it) -{ - const unsigned char *p; - void *ret; - - p = oct->data; - if ((ret = ASN1_item_d2i(NULL, &p, oct->length, it)) == NULL) - ERR_raise(ERR_LIB_ASN1, ASN1_R_DECODE_ERROR); - return ret; -} diff --git a/crypto/asn1/bio_asn1.c b/crypto/asn1/bio_asn1.c deleted file mode 100644 index f792c08806624e2288675472276447ccbf2b2527..0000000000000000000000000000000000000000 --- a/crypto/asn1/bio_asn1.c +++ /dev/null @@ -1,449 +0,0 @@ -/* - * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * Experimental ASN1 BIO. When written through the data is converted to an - * ASN1 string type: default is OCTET STRING. Additional functions can be - * provided to add prefix and suffix data. - */ - -#include -#include "internal/bio.h" -#include -#include "internal/cryptlib.h" - -/* Must be large enough for biggest tag+length */ -#define DEFAULT_ASN1_BUF_SIZE 20 - -typedef enum { - ASN1_STATE_START, - ASN1_STATE_PRE_COPY, - ASN1_STATE_HEADER, - ASN1_STATE_HEADER_COPY, - ASN1_STATE_DATA_COPY, - ASN1_STATE_POST_COPY, - ASN1_STATE_DONE -} asn1_bio_state_t; - -typedef struct BIO_ASN1_EX_FUNCS_st { - asn1_ps_func *ex_func; - asn1_ps_func *ex_free_func; -} BIO_ASN1_EX_FUNCS; - -typedef struct BIO_ASN1_BUF_CTX_t { - /* Internal state */ - asn1_bio_state_t state; - /* Internal buffer */ - unsigned char *buf; - /* Size of buffer */ - int bufsize; - /* Current position in buffer */ - int bufpos; - /* Current buffer length */ - int buflen; - /* Amount of data to copy */ - int copylen; - /* Class and tag to use */ - int asn1_class, asn1_tag; - asn1_ps_func *prefix, *prefix_free, *suffix, *suffix_free; - /* Extra buffer for prefix and suffix data */ - unsigned char *ex_buf; - int ex_len; - int ex_pos; - void *ex_arg; -} BIO_ASN1_BUF_CTX; - -static int asn1_bio_write(BIO *h, const char *buf, int num); -static int asn1_bio_read(BIO *h, char *buf, int size); -static int asn1_bio_puts(BIO *h, const char *str); -static int asn1_bio_gets(BIO *h, char *str, int size); -static long asn1_bio_ctrl(BIO *h, int cmd, long arg1, void *arg2); -static int asn1_bio_new(BIO *h); -static int asn1_bio_free(BIO *data); -static long asn1_bio_callback_ctrl(BIO *h, int cmd, BIO_info_cb *fp); - -static int asn1_bio_init(BIO_ASN1_BUF_CTX *ctx, int size); -static int asn1_bio_flush_ex(BIO *b, BIO_ASN1_BUF_CTX *ctx, - asn1_ps_func *cleanup, asn1_bio_state_t next); -static int asn1_bio_setup_ex(BIO *b, BIO_ASN1_BUF_CTX *ctx, - asn1_ps_func *setup, - asn1_bio_state_t ex_state, - asn1_bio_state_t other_state); - -static const BIO_METHOD methods_asn1 = { - BIO_TYPE_ASN1, - "asn1", - bwrite_conv, - asn1_bio_write, - bread_conv, - asn1_bio_read, - asn1_bio_puts, - asn1_bio_gets, - asn1_bio_ctrl, - asn1_bio_new, - asn1_bio_free, - asn1_bio_callback_ctrl, -}; - -const BIO_METHOD *BIO_f_asn1(void) -{ - return &methods_asn1; -} - -static int asn1_bio_new(BIO *b) -{ - BIO_ASN1_BUF_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx)); - - if (ctx == NULL) { - ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); - return 0; - } - if (!asn1_bio_init(ctx, DEFAULT_ASN1_BUF_SIZE)) { - OPENSSL_free(ctx); - return 0; - } - BIO_set_data(b, ctx); - BIO_set_init(b, 1); - - return 1; -} - -static int asn1_bio_init(BIO_ASN1_BUF_CTX *ctx, int size) -{ - if (size <= 0 || (ctx->buf = OPENSSL_malloc(size)) == NULL) { - ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); - return 0; - } - ctx->bufsize = size; - ctx->asn1_class = V_ASN1_UNIVERSAL; - ctx->asn1_tag = V_ASN1_OCTET_STRING; - ctx->state = ASN1_STATE_START; - return 1; -} - -static int asn1_bio_free(BIO *b) -{ - BIO_ASN1_BUF_CTX *ctx; - - if (b == NULL) - return 0; - - ctx = BIO_get_data(b); - if (ctx == NULL) - return 0; - - if (ctx->prefix_free != NULL) - ctx->prefix_free(b, &ctx->ex_buf, &ctx->ex_len, &ctx->ex_arg); - if (ctx->suffix_free != NULL) - ctx->suffix_free(b, &ctx->ex_buf, &ctx->ex_len, &ctx->ex_arg); - - OPENSSL_free(ctx->buf); - OPENSSL_free(ctx); - BIO_set_data(b, NULL); - BIO_set_init(b, 0); - - return 1; -} - -static int asn1_bio_write(BIO *b, const char *in, int inl) -{ - BIO_ASN1_BUF_CTX *ctx; - int wrmax, wrlen, ret; - unsigned char *p; - BIO *next; - - ctx = BIO_get_data(b); - next = BIO_next(b); - if (in == NULL || inl < 0 || ctx == NULL || next == NULL) - return 0; - - wrlen = 0; - ret = -1; - - for (;;) { - switch (ctx->state) { - /* Setup prefix data, call it */ - case ASN1_STATE_START: - if (!asn1_bio_setup_ex(b, ctx, ctx->prefix, - ASN1_STATE_PRE_COPY, ASN1_STATE_HEADER)) - return 0; - break; - - /* Copy any pre data first */ - case ASN1_STATE_PRE_COPY: - - ret = asn1_bio_flush_ex(b, ctx, ctx->prefix_free, - ASN1_STATE_HEADER); - - if (ret <= 0) - goto done; - - break; - - case ASN1_STATE_HEADER: - ctx->buflen = ASN1_object_size(0, inl, ctx->asn1_tag) - inl; - if (!ossl_assert(ctx->buflen <= ctx->bufsize)) - return 0; - p = ctx->buf; - ASN1_put_object(&p, 0, inl, ctx->asn1_tag, ctx->asn1_class); - ctx->copylen = inl; - ctx->state = ASN1_STATE_HEADER_COPY; - - break; - - case ASN1_STATE_HEADER_COPY: - ret = BIO_write(next, ctx->buf + ctx->bufpos, ctx->buflen); - if (ret <= 0) - goto done; - - ctx->buflen -= ret; - if (ctx->buflen) - ctx->bufpos += ret; - else { - ctx->bufpos = 0; - ctx->state = ASN1_STATE_DATA_COPY; - } - - break; - - case ASN1_STATE_DATA_COPY: - - if (inl > ctx->copylen) - wrmax = ctx->copylen; - else - wrmax = inl; - ret = BIO_write(next, in, wrmax); - if (ret <= 0) - goto done; - wrlen += ret; - ctx->copylen -= ret; - in += ret; - inl -= ret; - - if (ctx->copylen == 0) - ctx->state = ASN1_STATE_HEADER; - - if (inl == 0) - goto done; - - break; - - case ASN1_STATE_POST_COPY: - case ASN1_STATE_DONE: - BIO_clear_retry_flags(b); - return 0; - - } - - } - - done: - BIO_clear_retry_flags(b); - BIO_copy_next_retry(b); - - return (wrlen > 0) ? wrlen : ret; - -} - -static int asn1_bio_flush_ex(BIO *b, BIO_ASN1_BUF_CTX *ctx, - asn1_ps_func *cleanup, asn1_bio_state_t next) -{ - int ret; - - if (ctx->ex_len <= 0) - return 1; - for (;;) { - ret = BIO_write(BIO_next(b), ctx->ex_buf + ctx->ex_pos, ctx->ex_len); - if (ret <= 0) - break; - ctx->ex_len -= ret; - if (ctx->ex_len > 0) - ctx->ex_pos += ret; - else { - if (cleanup) - cleanup(b, &ctx->ex_buf, &ctx->ex_len, &ctx->ex_arg); - ctx->state = next; - ctx->ex_pos = 0; - break; - } - } - return ret; -} - -static int asn1_bio_setup_ex(BIO *b, BIO_ASN1_BUF_CTX *ctx, - asn1_ps_func *setup, - asn1_bio_state_t ex_state, - asn1_bio_state_t other_state) -{ - if (setup && !setup(b, &ctx->ex_buf, &ctx->ex_len, &ctx->ex_arg)) { - BIO_clear_retry_flags(b); - return 0; - } - if (ctx->ex_len > 0) - ctx->state = ex_state; - else - ctx->state = other_state; - return 1; -} - -static int asn1_bio_read(BIO *b, char *in, int inl) -{ - BIO *next = BIO_next(b); - if (next == NULL) - return 0; - return BIO_read(next, in, inl); -} - -static int asn1_bio_puts(BIO *b, const char *str) -{ - return asn1_bio_write(b, str, strlen(str)); -} - -static int asn1_bio_gets(BIO *b, char *str, int size) -{ - BIO *next = BIO_next(b); - if (next == NULL) - return 0; - return BIO_gets(next, str, size); -} - -static long asn1_bio_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp) -{ - BIO *next = BIO_next(b); - if (next == NULL) - return 0; - return BIO_callback_ctrl(next, cmd, fp); -} - -static long asn1_bio_ctrl(BIO *b, int cmd, long arg1, void *arg2) -{ - BIO_ASN1_BUF_CTX *ctx; - BIO_ASN1_EX_FUNCS *ex_func; - long ret = 1; - BIO *next; - - ctx = BIO_get_data(b); - if (ctx == NULL) - return 0; - next = BIO_next(b); - switch (cmd) { - - case BIO_C_SET_PREFIX: - ex_func = arg2; - ctx->prefix = ex_func->ex_func; - ctx->prefix_free = ex_func->ex_free_func; - break; - - case BIO_C_GET_PREFIX: - ex_func = arg2; - ex_func->ex_func = ctx->prefix; - ex_func->ex_free_func = ctx->prefix_free; - break; - - case BIO_C_SET_SUFFIX: - ex_func = arg2; - ctx->suffix = ex_func->ex_func; - ctx->suffix_free = ex_func->ex_free_func; - break; - - case BIO_C_GET_SUFFIX: - ex_func = arg2; - ex_func->ex_func = ctx->suffix; - ex_func->ex_free_func = ctx->suffix_free; - break; - - case BIO_C_SET_EX_ARG: - ctx->ex_arg = arg2; - break; - - case BIO_C_GET_EX_ARG: - *(void **)arg2 = ctx->ex_arg; - break; - - case BIO_CTRL_FLUSH: - if (next == NULL) - return 0; - - /* Call post function if possible */ - if (ctx->state == ASN1_STATE_HEADER) { - if (!asn1_bio_setup_ex(b, ctx, ctx->suffix, - ASN1_STATE_POST_COPY, ASN1_STATE_DONE)) - return 0; - } - - if (ctx->state == ASN1_STATE_POST_COPY) { - ret = asn1_bio_flush_ex(b, ctx, ctx->suffix_free, - ASN1_STATE_DONE); - if (ret <= 0) - return ret; - } - - if (ctx->state == ASN1_STATE_DONE) - return BIO_ctrl(next, cmd, arg1, arg2); - else { - BIO_clear_retry_flags(b); - return 0; - } - - default: - if (next == NULL) - return 0; - return BIO_ctrl(next, cmd, arg1, arg2); - - } - - return ret; -} - -static int asn1_bio_set_ex(BIO *b, int cmd, - asn1_ps_func *ex_func, asn1_ps_func *ex_free_func) -{ - BIO_ASN1_EX_FUNCS extmp; - extmp.ex_func = ex_func; - extmp.ex_free_func = ex_free_func; - return BIO_ctrl(b, cmd, 0, &extmp); -} - -static int asn1_bio_get_ex(BIO *b, int cmd, - asn1_ps_func **ex_func, - asn1_ps_func **ex_free_func) -{ - BIO_ASN1_EX_FUNCS extmp; - int ret; - ret = BIO_ctrl(b, cmd, 0, &extmp); - if (ret > 0) { - *ex_func = extmp.ex_func; - *ex_free_func = extmp.ex_free_func; - } - return ret; -} - -int BIO_asn1_set_prefix(BIO *b, asn1_ps_func *prefix, - asn1_ps_func *prefix_free) -{ - return asn1_bio_set_ex(b, BIO_C_SET_PREFIX, prefix, prefix_free); -} - -int BIO_asn1_get_prefix(BIO *b, asn1_ps_func **pprefix, - asn1_ps_func **pprefix_free) -{ - return asn1_bio_get_ex(b, BIO_C_GET_PREFIX, pprefix, pprefix_free); -} - -int BIO_asn1_set_suffix(BIO *b, asn1_ps_func *suffix, - asn1_ps_func *suffix_free) -{ - return asn1_bio_set_ex(b, BIO_C_SET_SUFFIX, suffix, suffix_free); -} - -int BIO_asn1_get_suffix(BIO *b, asn1_ps_func **psuffix, - asn1_ps_func **psuffix_free) -{ - return asn1_bio_get_ex(b, BIO_C_GET_SUFFIX, psuffix, psuffix_free); -} diff --git a/crypto/asn1/build.info b/crypto/asn1/build.info deleted file mode 100644 index 33b86fdd31f521dc898fbf099b585c9237322025..0000000000000000000000000000000000000000 --- a/crypto/asn1/build.info +++ /dev/null @@ -1,23 +0,0 @@ -LIBS=../../libcrypto -SOURCE[../../libcrypto]=\ - a_object.c a_bitstr.c a_utctm.c a_gentm.c a_time.c a_int.c a_octet.c \ - a_print.c a_type.c a_dup.c a_d2i_fp.c a_i2d_fp.c \ - a_utf8.c a_sign.c a_digest.c a_verify.c a_mbstr.c a_strex.c \ - x_algor.c x_val.c x_sig.c x_bignum.c \ - x_int64.c x_info.c x_spki.c nsseq.c \ - d2i_pu.c d2i_pr.c i2d_evp.c \ - t_pkey.c t_spki.c t_bitst.c \ - tasn_new.c tasn_fre.c tasn_enc.c tasn_dec.c tasn_utl.c tasn_typ.c \ - tasn_prn.c tasn_scn.c ameth_lib.c \ - f_int.c f_string.c \ - x_pkey.c bio_asn1.c bio_ndef.c asn_mime.c \ - asn1_gen.c asn1_parse.c asn1_lib.c asn1_err.c a_strnid.c \ - evp_asn1.c asn_pack.c p5_pbe.c p5_pbev2.c p5_scrypt.c p8_pkey.c \ - asn_moid.c asn_mstbl.c asn1_item_list.c \ - d2i_param.c -IF[{- !$disabled{'rsa'} and !$disabled{'rc4'} -}] - SOURCE[../../libcrypto]=n_pkey.c -ENDIF -IF[{- !$disabled{'deprecated-3.0'} -}] - SOURCE[../../libcrypto]=x_long.c -ENDIF diff --git a/crypto/asn1/charmap.h b/crypto/asn1/charmap.h deleted file mode 100644 index ac1eb076cc2603c490cff9c90a3460e0f091d71b..0000000000000000000000000000000000000000 --- a/crypto/asn1/charmap.h +++ /dev/null @@ -1,34 +0,0 @@ -/* - * WARNING: do not edit! - * Generated by crypto/asn1/charmap.pl - * - * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#define CHARTYPE_HOST_ANY 4096 -#define CHARTYPE_HOST_DOT 8192 -#define CHARTYPE_HOST_HYPHEN 16384 -#define CHARTYPE_HOST_WILD 32768 - -/* - * Mask of various character properties - */ - -static const unsigned short char_type[] = { - 1026, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 120, 0, 1, 40, - 0, 0, 0, 16, 1040, 1040, 33792, 25, 25, 16400, 8208, 16, - 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112, 16, 9, - 9, 16, 9, 16, 0, 4112, 4112, 4112, 4112, 4112, 4112, 4112, - 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112, - 4112, 4112, 4112, 4112, 4112, 4112, 4112, 0, 1025, 0, 0, 0, - 0, 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112, - 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112, - 4112, 4112, 4112, 0, 0, 0, 0, 2 -}; diff --git a/crypto/asn1/charmap.pl b/crypto/asn1/charmap.pl deleted file mode 100644 index 78053dee15fb2437286b72f6797d298d157505e7..0000000000000000000000000000000000000000 --- a/crypto/asn1/charmap.pl +++ /dev/null @@ -1,123 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - -use strict; -use FindBin; -use lib "$FindBin::Bin/../../util/perl"; -use OpenSSL::copyright; - -my ($i, @arr); - -# Set up an array with the type of ASCII characters -# Each set bit represents a character property. - -# RFC2253 character properties -my $RFC2253_ESC = 1; # Character escaped with \ -my $ESC_CTRL = 2; # Escaped control character -# These are used with RFC1779 quoting using " -my $NOESC_QUOTE = 8; # Not escaped if quoted -my $PSTRING_CHAR = 0x10; # Valid PrintableString character -my $RFC2253_FIRST_ESC = 0x20; # Escaped with \ if first character -my $RFC2253_LAST_ESC = 0x40; # Escaped with \ if last character -my $RFC2254_ESC = 0x400; # Character escaped \XX -my $HOST_ANY = 0x1000; # Valid hostname character anywhere in label -my $HOST_DOT = 0x2000; # Dot: hostname label separator -my $HOST_HYPHEN = 0x4000; # Hyphen: not valid at start or end. -my $HOST_WILD = 0x8000; # Wildcard character - -for($i = 0; $i < 128; $i++) { - # Set the RFC2253 escape characters (control) - $arr[$i] = 0; - if(($i < 32) || ($i > 126)) { - $arr[$i] |= $ESC_CTRL; - } - - # Some PrintableString characters - if( ( ( $i >= ord("a")) && ( $i <= ord("z")) ) - || ( ( $i >= ord("A")) && ( $i <= ord("Z")) ) - || ( ( $i >= ord("0")) && ( $i <= ord("9")) ) ) { - $arr[$i] |= $PSTRING_CHAR | $HOST_ANY; - } -} - -# Now setup the rest - -# Remaining RFC2253 escaped characters - -$arr[ord(" ")] |= $NOESC_QUOTE | $RFC2253_FIRST_ESC | $RFC2253_LAST_ESC; -$arr[ord("#")] |= $NOESC_QUOTE | $RFC2253_FIRST_ESC; - -$arr[ord(",")] |= $NOESC_QUOTE | $RFC2253_ESC; -$arr[ord("+")] |= $NOESC_QUOTE | $RFC2253_ESC; -$arr[ord("\"")] |= $RFC2253_ESC; -$arr[ord("\\")] |= $RFC2253_ESC; -$arr[ord("<")] |= $NOESC_QUOTE | $RFC2253_ESC; -$arr[ord(">")] |= $NOESC_QUOTE | $RFC2253_ESC; -$arr[ord(";")] |= $NOESC_QUOTE | $RFC2253_ESC; - -# Remaining RFC2254 characters - -$arr[0] |= $RFC2254_ESC; -$arr[ord("(")] |= $RFC2254_ESC; -$arr[ord(")")] |= $RFC2254_ESC; -$arr[ord("*")] |= $RFC2254_ESC | $HOST_WILD; -$arr[ord("\\")] |= $RFC2254_ESC; - -# Remaining PrintableString characters - -$arr[ord(" ")] |= $PSTRING_CHAR; -$arr[ord("'")] |= $PSTRING_CHAR; -$arr[ord("(")] |= $PSTRING_CHAR; -$arr[ord(")")] |= $PSTRING_CHAR; -$arr[ord("+")] |= $PSTRING_CHAR; -$arr[ord(",")] |= $PSTRING_CHAR; -$arr[ord("-")] |= $PSTRING_CHAR | $HOST_HYPHEN; -$arr[ord(".")] |= $PSTRING_CHAR | $HOST_DOT; -$arr[ord("/")] |= $PSTRING_CHAR; -$arr[ord(":")] |= $PSTRING_CHAR; -$arr[ord("=")] |= $PSTRING_CHAR; -$arr[ord("?")] |= $PSTRING_CHAR; - -# Now generate the C code - -# Year the file was generated. -my $YEAR = OpenSSL::copyright::year_of($0); - -print < -#include "internal/cryptlib.h" -#include -#include -#include "internal/asn1.h" -#include "crypto/asn1.h" -#include "crypto/evp.h" - -EVP_PKEY *d2i_KeyParams(int type, EVP_PKEY **a, const unsigned char **pp, - long length) -{ - EVP_PKEY *ret = NULL; - - if ((a == NULL) || (*a == NULL)) { - if ((ret = EVP_PKEY_new()) == NULL) - return NULL; - } else - ret = *a; - - if (type != EVP_PKEY_get_id(ret) && !EVP_PKEY_set_type(ret, type)) - goto err; - - if (ret->ameth == NULL || ret->ameth->param_decode == NULL) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_UNSUPPORTED_TYPE); - goto err; - } - - if (!ret->ameth->param_decode(ret, pp, length)) - goto err; - - if (a != NULL) - (*a) = ret; - return ret; -err: - if (a == NULL || *a != ret) - EVP_PKEY_free(ret); - return NULL; -} - -EVP_PKEY *d2i_KeyParams_bio(int type, EVP_PKEY **a, BIO *in) -{ - BUF_MEM *b = NULL; - const unsigned char *p; - void *ret = NULL; - int len; - - len = asn1_d2i_read_bio(in, &b); - if (len < 0) - goto err; - - p = (unsigned char *)b->data; - ret = d2i_KeyParams(type, a, &p, len); -err: - BUF_MEM_free(b); - return ret; -} diff --git a/crypto/asn1/d2i_pr.c b/crypto/asn1/d2i_pr.c deleted file mode 100644 index 720b7fd6c0508cc95b01130c49bbef4e62b6ceda..0000000000000000000000000000000000000000 --- a/crypto/asn1/d2i_pr.c +++ /dev/null @@ -1,235 +0,0 @@ -/* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* We need to use some engine deprecated APIs */ -#define OPENSSL_SUPPRESS_DEPRECATED - -#include -#include "internal/cryptlib.h" -#include -#include -#include -#include -#include -#include -#include -#include "crypto/asn1.h" -#include "crypto/evp.h" -#include "internal/asn1.h" - -static EVP_PKEY * -d2i_PrivateKey_decoder(int keytype, EVP_PKEY **a, const unsigned char **pp, - long length, OSSL_LIB_CTX *libctx, const char *propq) -{ - OSSL_DECODER_CTX *dctx = NULL; - size_t len = length; - EVP_PKEY *pkey = NULL, *bak_a = NULL; - EVP_PKEY **ppkey = &pkey; - const char *key_name = NULL; - const char *input_structures[] = { "type-specific", "PrivateKeyInfo", NULL }; - int i, ret; - - if (keytype != EVP_PKEY_NONE) { - key_name = evp_pkey_type2name(keytype); - if (key_name == NULL) - return NULL; - } - - for (i = 0; i < (int)OSSL_NELEM(input_structures); ++i) { - const unsigned char *p = *pp; - - if (a != NULL && (bak_a = *a) != NULL) - ppkey = a; - dctx = OSSL_DECODER_CTX_new_for_pkey(ppkey, "DER", - input_structures[i], key_name, - EVP_PKEY_KEYPAIR, libctx, propq); - if (a != NULL) - *a = bak_a; - if (dctx == NULL) - continue; - - ret = OSSL_DECODER_from_data(dctx, pp, &len); - OSSL_DECODER_CTX_free(dctx); - if (ret) { - if (*ppkey != NULL - && evp_keymgmt_util_has(*ppkey, OSSL_KEYMGMT_SELECT_PRIVATE_KEY)) { - if (a != NULL) - *a = *ppkey; - return *ppkey; - } - *pp = p; - goto err; - } - } - /* Fall through to error if all decodes failed */ -err: - if (ppkey != a) - EVP_PKEY_free(*ppkey); - return NULL; -} - -EVP_PKEY * -ossl_d2i_PrivateKey_legacy(int keytype, EVP_PKEY **a, const unsigned char **pp, - long length, OSSL_LIB_CTX *libctx, const char *propq) -{ - EVP_PKEY *ret; - const unsigned char *p = *pp; - - if (a == NULL || *a == NULL) { - if ((ret = EVP_PKEY_new()) == NULL) { - ERR_raise(ERR_LIB_ASN1, ERR_R_EVP_LIB); - return NULL; - } - } else { - ret = *a; -#ifndef OPENSSL_NO_ENGINE - ENGINE_finish(ret->engine); - ret->engine = NULL; -#endif - } - - if (!EVP_PKEY_set_type(ret, keytype)) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE); - goto err; - } - - ERR_set_mark(); - if (!ret->ameth->old_priv_decode || - !ret->ameth->old_priv_decode(ret, &p, length)) { - if (ret->ameth->priv_decode != NULL - || ret->ameth->priv_decode_ex != NULL) { - EVP_PKEY *tmp; - PKCS8_PRIV_KEY_INFO *p8 = NULL; - p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, length); - if (p8 == NULL) { - ERR_clear_last_mark(); - goto err; - } - tmp = evp_pkcs82pkey_legacy(p8, libctx, propq); - PKCS8_PRIV_KEY_INFO_free(p8); - if (tmp == NULL) { - ERR_clear_last_mark(); - goto err; - } - EVP_PKEY_free(ret); - ret = tmp; - ERR_pop_to_mark(); - if (EVP_PKEY_type(keytype) != EVP_PKEY_get_base_id(ret)) - goto err; - } else { - ERR_clear_last_mark(); - ERR_raise(ERR_LIB_ASN1, ERR_R_ASN1_LIB); - goto err; - } - } else { - ERR_clear_last_mark(); - } - *pp = p; - if (a != NULL) - *a = ret; - return ret; - err: - if (a == NULL || *a != ret) - EVP_PKEY_free(ret); - return NULL; -} - -EVP_PKEY *d2i_PrivateKey_ex(int keytype, EVP_PKEY **a, const unsigned char **pp, - long length, OSSL_LIB_CTX *libctx, - const char *propq) -{ - EVP_PKEY *ret; - - ret = d2i_PrivateKey_decoder(keytype, a, pp, length, libctx, propq); - /* try the legacy path if the decoder failed */ - if (ret == NULL) - ret = ossl_d2i_PrivateKey_legacy(keytype, a, pp, length, libctx, propq); - return ret; -} - -EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp, - long length) -{ - return d2i_PrivateKey_ex(type, a, pp, length, NULL, NULL); -} - -static EVP_PKEY *d2i_AutoPrivateKey_legacy(EVP_PKEY **a, - const unsigned char **pp, - long length, - OSSL_LIB_CTX *libctx, - const char *propq) -{ - STACK_OF(ASN1_TYPE) *inkey; - const unsigned char *p; - int keytype; - - p = *pp; - /* - * Dirty trick: read in the ASN1 data into a STACK_OF(ASN1_TYPE): by - * analyzing it we can determine the passed structure: this assumes the - * input is surrounded by an ASN1 SEQUENCE. - */ - inkey = d2i_ASN1_SEQUENCE_ANY(NULL, &p, length); - p = *pp; - /* - * Since we only need to discern "traditional format" RSA and DSA keys we - * can just count the elements. - */ - if (sk_ASN1_TYPE_num(inkey) == 6) { - keytype = EVP_PKEY_DSA; - } else if (sk_ASN1_TYPE_num(inkey) == 4) { - keytype = EVP_PKEY_EC; - } else if (sk_ASN1_TYPE_num(inkey) == 3) { /* This seems to be PKCS8, not - * traditional format */ - PKCS8_PRIV_KEY_INFO *p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, length); - EVP_PKEY *ret; - - sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free); - if (p8 == NULL) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE); - return NULL; - } - ret = evp_pkcs82pkey_legacy(p8, libctx, propq); - PKCS8_PRIV_KEY_INFO_free(p8); - if (ret == NULL) - return NULL; - *pp = p; - if (a != NULL) { - *a = ret; - } - return ret; - } else { - keytype = EVP_PKEY_RSA; - } - sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free); - return ossl_d2i_PrivateKey_legacy(keytype, a, pp, length, libctx, propq); -} - -/* - * This works like d2i_PrivateKey() except it passes the keytype as - * EVP_PKEY_NONE, which then figures out the type during decoding. - */ -EVP_PKEY *d2i_AutoPrivateKey_ex(EVP_PKEY **a, const unsigned char **pp, - long length, OSSL_LIB_CTX *libctx, - const char *propq) -{ - EVP_PKEY *ret; - - ret = d2i_PrivateKey_decoder(EVP_PKEY_NONE, a, pp, length, libctx, propq); - /* try the legacy path if the decoder failed */ - if (ret == NULL) - ret = d2i_AutoPrivateKey_legacy(a, pp, length, libctx, propq); - return ret; -} - -EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp, - long length) -{ - return d2i_AutoPrivateKey_ex(a, pp, length, NULL, NULL); -} diff --git a/crypto/asn1/d2i_pu.c b/crypto/asn1/d2i_pu.c deleted file mode 100644 index cf7825c439034fa2290f49c33ee4b44f137d5d75..0000000000000000000000000000000000000000 --- a/crypto/asn1/d2i_pu.c +++ /dev/null @@ -1,98 +0,0 @@ -/* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * DSA low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include -#include "internal/cryptlib.h" -#include -#include -#include -#include -#include -#include -#include - -#include "crypto/evp.h" - -EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, const unsigned char **pp, - long length) -{ - EVP_PKEY *ret; - EVP_PKEY *copy = NULL; - - if ((a == NULL) || (*a == NULL)) { - if ((ret = EVP_PKEY_new()) == NULL) { - ERR_raise(ERR_LIB_ASN1, ERR_R_EVP_LIB); - return NULL; - } - } else { - ret = *a; - -#ifndef OPENSSL_NO_EC - if (evp_pkey_is_provided(ret) - && EVP_PKEY_get_base_id(ret) == EVP_PKEY_EC) { - if (!evp_pkey_copy_downgraded(©, ret)) - goto err; - } -#endif - } - - if ((type != EVP_PKEY_get_id(ret) || copy != NULL) - && !EVP_PKEY_set_type(ret, type)) { - ERR_raise(ERR_LIB_ASN1, ERR_R_EVP_LIB); - goto err; - } - - switch (EVP_PKEY_get_base_id(ret)) { - case EVP_PKEY_RSA: - if ((ret->pkey.rsa = d2i_RSAPublicKey(NULL, pp, length)) == NULL) { - ERR_raise(ERR_LIB_ASN1, ERR_R_ASN1_LIB); - goto err; - } - break; -#ifndef OPENSSL_NO_DSA - case EVP_PKEY_DSA: - if (!d2i_DSAPublicKey(&ret->pkey.dsa, pp, length)) { - ERR_raise(ERR_LIB_ASN1, ERR_R_ASN1_LIB); - goto err; - } - break; -#endif -#ifndef OPENSSL_NO_EC - case EVP_PKEY_EC: - if (copy != NULL) { - /* use downgraded parameters from copy */ - ret->pkey.ec = copy->pkey.ec; - copy->pkey.ec = NULL; - } - if (!o2i_ECPublicKey(&ret->pkey.ec, pp, length)) { - ERR_raise(ERR_LIB_ASN1, ERR_R_ASN1_LIB); - goto err; - } - break; -#endif - default: - ERR_raise(ERR_LIB_ASN1, ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE); - goto err; - } - if (a != NULL) - (*a) = ret; - EVP_PKEY_free(copy); - return ret; - err: - if (a == NULL || *a != ret) - EVP_PKEY_free(ret); - EVP_PKEY_free(copy); - return NULL; -} diff --git a/crypto/asn1/evp_asn1.c b/crypto/asn1/evp_asn1.c deleted file mode 100644 index 13d8ed3893ab8cebad4a040aacf6dacea085aab7..0000000000000000000000000000000000000000 --- a/crypto/asn1/evp_asn1.c +++ /dev/null @@ -1,187 +0,0 @@ -/* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/cryptlib.h" -#include -#include -#include "crypto/asn1.h" - -int ASN1_TYPE_set_octetstring(ASN1_TYPE *a, unsigned char *data, int len) -{ - ASN1_STRING *os; - - if ((os = ASN1_OCTET_STRING_new()) == NULL) - return 0; - if (!ASN1_OCTET_STRING_set(os, data, len)) { - ASN1_OCTET_STRING_free(os); - return 0; - } - ASN1_TYPE_set(a, V_ASN1_OCTET_STRING, os); - return 1; -} - -/* int max_len: for returned value - * if passing NULL in data, nothing is copied but the necessary length - * for it is returned. - */ -int ASN1_TYPE_get_octetstring(const ASN1_TYPE *a, unsigned char *data, int max_len) -{ - int ret, num; - const unsigned char *p; - - if ((a->type != V_ASN1_OCTET_STRING) || (a->value.octet_string == NULL)) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_DATA_IS_WRONG); - return -1; - } - p = ASN1_STRING_get0_data(a->value.octet_string); - ret = ASN1_STRING_length(a->value.octet_string); - if (ret < max_len) - num = ret; - else - num = max_len; - if (num > 0 && data != NULL) - memcpy(data, p, num); - return ret; -} - -static ossl_inline void asn1_type_init_oct(ASN1_OCTET_STRING *oct, - unsigned char *data, int len) -{ - oct->data = data; - oct->type = V_ASN1_OCTET_STRING; - oct->length = len; - oct->flags = 0; -} - -static int asn1_type_get_int_oct(ASN1_OCTET_STRING *oct, int32_t anum, - long *num, unsigned char *data, int max_len) -{ - int ret = ASN1_STRING_length(oct), n; - - if (num != NULL) - *num = anum; - - if (max_len > ret) - n = ret; - else - n = max_len; - - if (data != NULL) - memcpy(data, ASN1_STRING_get0_data(oct), n); - - return ret; -} - -typedef struct { - int32_t num; - ASN1_OCTET_STRING *oct; -} asn1_int_oct; - -ASN1_SEQUENCE(asn1_int_oct) = { - ASN1_EMBED(asn1_int_oct, num, INT32), - ASN1_SIMPLE(asn1_int_oct, oct, ASN1_OCTET_STRING) -} static_ASN1_SEQUENCE_END(asn1_int_oct) - -DECLARE_ASN1_ITEM(asn1_int_oct) - -int ASN1_TYPE_set_int_octetstring(ASN1_TYPE *a, long num, unsigned char *data, - int len) -{ - asn1_int_oct atmp; - ASN1_OCTET_STRING oct; - - atmp.num = num; - atmp.oct = &oct; - asn1_type_init_oct(&oct, data, len); - - if (ASN1_TYPE_pack_sequence(ASN1_ITEM_rptr(asn1_int_oct), &atmp, &a)) - return 1; - return 0; -} - -int ASN1_TYPE_get_int_octetstring(const ASN1_TYPE *a, long *num, - unsigned char *data, int max_len) -{ - asn1_int_oct *atmp = NULL; - int ret = -1; - - if ((a->type != V_ASN1_SEQUENCE) || (a->value.sequence == NULL)) { - goto err; - } - - atmp = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(asn1_int_oct), a); - - if (atmp == NULL) - goto err; - - ret = asn1_type_get_int_oct(atmp->oct, atmp->num, num, data, max_len); - - if (ret == -1) { - err: - ERR_raise(ERR_LIB_ASN1, ASN1_R_DATA_IS_WRONG); - } - M_ASN1_free_of(atmp, asn1_int_oct); - return ret; -} - -typedef struct { - ASN1_OCTET_STRING *oct; - int32_t num; -} asn1_oct_int; - -/* - * Defined in RFC 5084 - - * Section 2. "Content-Authenticated Encryption Algorithms" - */ -ASN1_SEQUENCE(asn1_oct_int) = { - ASN1_SIMPLE(asn1_oct_int, oct, ASN1_OCTET_STRING), - ASN1_EMBED(asn1_oct_int, num, INT32) -} static_ASN1_SEQUENCE_END(asn1_oct_int) - -DECLARE_ASN1_ITEM(asn1_oct_int) - -int ossl_asn1_type_set_octetstring_int(ASN1_TYPE *a, long num, - unsigned char *data, int len) -{ - asn1_oct_int atmp; - ASN1_OCTET_STRING oct; - - atmp.num = num; - atmp.oct = &oct; - asn1_type_init_oct(&oct, data, len); - - if (ASN1_TYPE_pack_sequence(ASN1_ITEM_rptr(asn1_oct_int), &atmp, &a)) - return 1; - return 0; -} - -int ossl_asn1_type_get_octetstring_int(const ASN1_TYPE *a, long *num, - unsigned char *data, int max_len) -{ - asn1_oct_int *atmp = NULL; - int ret = -1; - - if ((a->type != V_ASN1_SEQUENCE) || (a->value.sequence == NULL)) - goto err; - - atmp = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(asn1_oct_int), a); - - if (atmp == NULL) - goto err; - - ret = asn1_type_get_int_oct(atmp->oct, atmp->num, num, data, max_len); - - if (ret == -1) { - err: - ERR_raise(ERR_LIB_ASN1, ASN1_R_DATA_IS_WRONG); - } - M_ASN1_free_of(atmp, asn1_oct_int); - return ret; -} diff --git a/crypto/asn1/f_int.c b/crypto/asn1/f_int.c deleted file mode 100644 index d41e0069af6377f9afc24dd740ecc9ce6a56cf0d..0000000000000000000000000000000000000000 --- a/crypto/asn1/f_int.c +++ /dev/null @@ -1,155 +0,0 @@ -/* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "crypto/ctype.h" -#include "internal/cryptlib.h" -#include -#include - -int i2a_ASN1_INTEGER(BIO *bp, const ASN1_INTEGER *a) -{ - int i, n = 0; - static const char *h = "0123456789ABCDEF"; - char buf[2]; - - if (a == NULL) - return 0; - - if (a->type & V_ASN1_NEG) { - if (BIO_write(bp, "-", 1) != 1) - goto err; - n = 1; - } - - if (a->length == 0) { - if (BIO_write(bp, "00", 2) != 2) - goto err; - n += 2; - } else { - for (i = 0; i < a->length; i++) { - if ((i != 0) && (i % 35 == 0)) { - if (BIO_write(bp, "\\\n", 2) != 2) - goto err; - n += 2; - } - buf[0] = h[((unsigned char)a->data[i] >> 4) & 0x0f]; - buf[1] = h[((unsigned char)a->data[i]) & 0x0f]; - if (BIO_write(bp, buf, 2) != 2) - goto err; - n += 2; - } - } - return n; - err: - return -1; -} - -int a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *bs, char *buf, int size) -{ - int i, j, k, m, n, again, bufsize; - unsigned char *s = NULL, *sp; - unsigned char *bufp; - int num = 0, slen = 0, first = 1; - - bs->type = V_ASN1_INTEGER; - - bufsize = BIO_gets(bp, buf, size); - for (;;) { - if (bufsize < 1) - goto err; - i = bufsize; - if (buf[i - 1] == '\n') - buf[--i] = '\0'; - if (i == 0) - goto err; - if (buf[i - 1] == '\r') - buf[--i] = '\0'; - if (i == 0) - goto err; - again = (buf[i - 1] == '\\'); - - for (j = 0; j < i; j++) { - if (!ossl_isxdigit(buf[j])) - { - i = j; - break; - } - } - buf[i] = '\0'; - /* - * We have now cleared all the crap off the end of the line - */ - if (i < 2) - goto err; - - bufp = (unsigned char *)buf; - if (first) { - first = 0; - if ((bufp[0] == '0') && (bufp[1] == '0')) { - bufp += 2; - i -= 2; - } - } - k = 0; - i -= again; - if (i % 2 != 0) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_ODD_NUMBER_OF_CHARS); - OPENSSL_free(s); - return 0; - } - i /= 2; - if (num + i > slen) { - sp = OPENSSL_clear_realloc(s, slen, num + i * 2); - if (sp == NULL) { - ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); - OPENSSL_free(s); - return 0; - } - s = sp; - slen = num + i * 2; - } - for (j = 0; j < i; j++, k += 2) { - for (n = 0; n < 2; n++) { - m = OPENSSL_hexchar2int(bufp[k + n]); - if (m < 0) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_NON_HEX_CHARACTERS); - goto err; - } - s[num + j] <<= 4; - s[num + j] |= m; - } - } - num += i; - if (again) - bufsize = BIO_gets(bp, buf, size); - else - break; - } - bs->length = num; - bs->data = s; - return 1; - err: - ERR_raise(ERR_LIB_ASN1, ASN1_R_SHORT_LINE); - OPENSSL_free(s); - return 0; -} - -int i2a_ASN1_ENUMERATED(BIO *bp, const ASN1_ENUMERATED *a) -{ - return i2a_ASN1_INTEGER(bp, a); -} - -int a2i_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *bs, char *buf, int size) -{ - int rv = a2i_ASN1_INTEGER(bp, bs, buf, size); - if (rv == 1) - bs->type = V_ASN1_INTEGER | (bs->type & V_ASN1_NEG); - return rv; -} diff --git a/crypto/asn1/f_string.c b/crypto/asn1/f_string.c deleted file mode 100644 index 4b65110d9866387a097d8f7a91359394b6cf3de5..0000000000000000000000000000000000000000 --- a/crypto/asn1/f_string.c +++ /dev/null @@ -1,135 +0,0 @@ -/* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "crypto/ctype.h" -#include "internal/cryptlib.h" -#include -#include - -int i2a_ASN1_STRING(BIO *bp, const ASN1_STRING *a, int type) -{ - int i, n = 0; - static const char *h = "0123456789ABCDEF"; - char buf[2]; - - if (a == NULL) - return 0; - - if (a->length == 0) { - if (BIO_write(bp, "0", 1) != 1) - goto err; - n = 1; - } else { - for (i = 0; i < a->length; i++) { - if ((i != 0) && (i % 35 == 0)) { - if (BIO_write(bp, "\\\n", 2) != 2) - goto err; - n += 2; - } - buf[0] = h[((unsigned char)a->data[i] >> 4) & 0x0f]; - buf[1] = h[((unsigned char)a->data[i]) & 0x0f]; - if (BIO_write(bp, buf, 2) != 2) - goto err; - n += 2; - } - } - return n; - err: - return -1; -} - -int a2i_ASN1_STRING(BIO *bp, ASN1_STRING *bs, char *buf, int size) -{ - int i, j, k, m, n, again, bufsize; - unsigned char *s = NULL, *sp; - unsigned char *bufp; - int num = 0, slen = 0, first = 1; - - bufsize = BIO_gets(bp, buf, size); - for (;;) { - if (bufsize < 1) { - if (first) - break; - else - goto err; - } - first = 0; - - i = bufsize; - if (buf[i - 1] == '\n') - buf[--i] = '\0'; - if (i == 0) - goto err; - if (buf[i - 1] == '\r') - buf[--i] = '\0'; - if (i == 0) - goto err; - again = (buf[i - 1] == '\\'); - - for (j = i - 1; j > 0; j--) { - if (!ossl_isxdigit(buf[j])) { - i = j; - break; - } - } - buf[i] = '\0'; - /* - * We have now cleared all the crap off the end of the line - */ - if (i < 2) - goto err; - - bufp = (unsigned char *)buf; - - k = 0; - i -= again; - if (i % 2 != 0) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_ODD_NUMBER_OF_CHARS); - OPENSSL_free(s); - return 0; - } - i /= 2; - if (num + i > slen) { - sp = OPENSSL_realloc(s, (unsigned int)num + i * 2); - if (sp == NULL) { - ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); - OPENSSL_free(s); - return 0; - } - s = sp; - slen = num + i * 2; - } - for (j = 0; j < i; j++, k += 2) { - for (n = 0; n < 2; n++) { - m = OPENSSL_hexchar2int(bufp[k + n]); - if (m < 0) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_NON_HEX_CHARACTERS); - OPENSSL_free(s); - return 0; - } - s[num + j] <<= 4; - s[num + j] |= m; - } - } - num += i; - if (again) - bufsize = BIO_gets(bp, buf, size); - else - break; - } - bs->length = num; - bs->data = s; - return 1; - - err: - ERR_raise(ERR_LIB_ASN1, ASN1_R_SHORT_LINE); - OPENSSL_free(s); - return 0; -} diff --git a/crypto/asn1/i2d_evp.c b/crypto/asn1/i2d_evp.c deleted file mode 100644 index 0d66411be8fd00ba702d13dacf7a47aa76fb8ee4..0000000000000000000000000000000000000000 --- a/crypto/asn1/i2d_evp.c +++ /dev/null @@ -1,149 +0,0 @@ -/* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * Low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include -#include "internal/cryptlib.h" -#include -#include -#include -#include -#include /* For i2d_RSAPublicKey */ -#include /* For i2d_DSAPublicKey */ -#include /* For i2o_ECPublicKey */ -#include "crypto/asn1.h" -#include "crypto/evp.h" - -struct type_and_structure_st { - const char *output_type; - const char *output_structure; -}; - -static int i2d_provided(const EVP_PKEY *a, int selection, - const struct type_and_structure_st *output_info, - unsigned char **pp) -{ - OSSL_ENCODER_CTX *ctx = NULL; - int ret; - - for (ret = -1; - ret == -1 && output_info->output_type != NULL; - output_info++) { - /* - * The i2d_ calls don't take a boundary length for *pp. However, - * OSSL_ENCODER_to_data() needs one, so we make one up. Because - * OSSL_ENCODER_to_data() decrements this number by the amount of - * bytes written, we need to calculate the length written further - * down, when pp != NULL. - */ - size_t len = INT_MAX; - int pp_was_NULL = (pp == NULL || *pp == NULL); - - ctx = OSSL_ENCODER_CTX_new_for_pkey(a, selection, - output_info->output_type, - output_info->output_structure, - NULL); - if (ctx == NULL) - return -1; - if (OSSL_ENCODER_to_data(ctx, pp, &len)) { - if (pp_was_NULL) - ret = (int)len; - else - ret = INT_MAX - (int)len; - } - OSSL_ENCODER_CTX_free(ctx); - ctx = NULL; - } - - if (ret == -1) - ERR_raise(ERR_LIB_ASN1, ASN1_R_UNSUPPORTED_TYPE); - return ret; -} - -int i2d_KeyParams(const EVP_PKEY *a, unsigned char **pp) -{ - if (evp_pkey_is_provided(a)) { - static const struct type_and_structure_st output_info[] = { - { "DER", "type-specific" }, - { NULL, } - }; - - return i2d_provided(a, EVP_PKEY_KEY_PARAMETERS, output_info, pp); - } - if (a->ameth != NULL && a->ameth->param_encode != NULL) - return a->ameth->param_encode(a, pp); - ERR_raise(ERR_LIB_ASN1, ASN1_R_UNSUPPORTED_TYPE); - return -1; -} - -int i2d_KeyParams_bio(BIO *bp, const EVP_PKEY *pkey) -{ - return ASN1_i2d_bio_of(EVP_PKEY, i2d_KeyParams, bp, pkey); -} - -int i2d_PrivateKey(const EVP_PKEY *a, unsigned char **pp) -{ - if (evp_pkey_is_provided(a)) { - static const struct type_and_structure_st output_info[] = { - { "DER", "type-specific" }, - { "DER", "PrivateKeyInfo" }, - { NULL, } - }; - - return i2d_provided(a, EVP_PKEY_KEYPAIR, output_info, pp); - } - if (a->ameth != NULL && a->ameth->old_priv_encode != NULL) { - return a->ameth->old_priv_encode(a, pp); - } - if (a->ameth != NULL && a->ameth->priv_encode != NULL) { - PKCS8_PRIV_KEY_INFO *p8 = EVP_PKEY2PKCS8(a); - int ret = 0; - - if (p8 != NULL) { - ret = i2d_PKCS8_PRIV_KEY_INFO(p8, pp); - PKCS8_PRIV_KEY_INFO_free(p8); - } - return ret; - } - ERR_raise(ERR_LIB_ASN1, ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE); - return -1; -} - -int i2d_PublicKey(const EVP_PKEY *a, unsigned char **pp) -{ - if (evp_pkey_is_provided(a)) { - static const struct type_and_structure_st output_info[] = { - { "DER", "type-specific" }, - { "blob", NULL }, /* for EC */ - { NULL, } - }; - - return i2d_provided(a, EVP_PKEY_PUBLIC_KEY, output_info, pp); - } - switch (EVP_PKEY_get_base_id(a)) { - case EVP_PKEY_RSA: - return i2d_RSAPublicKey(EVP_PKEY_get0_RSA(a), pp); -#ifndef OPENSSL_NO_DSA - case EVP_PKEY_DSA: - return i2d_DSAPublicKey(EVP_PKEY_get0_DSA(a), pp); -#endif -#ifndef OPENSSL_NO_EC - case EVP_PKEY_EC: - return i2o_ECPublicKey(EVP_PKEY_get0_EC_KEY(a), pp); -#endif - default: - ERR_raise(ERR_LIB_ASN1, ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE); - return -1; - } -} diff --git a/crypto/asn1/n_pkey.c b/crypto/asn1/n_pkey.c deleted file mode 100644 index eb0918f79f9725d0e129b5e64920174d5f6ab362..0000000000000000000000000000000000000000 --- a/crypto/asn1/n_pkey.c +++ /dev/null @@ -1,58 +0,0 @@ -/* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/cryptlib.h" -#include -#include -#include -#include -#include -#include - -#define ASN1_BROKEN_SEQUENCE(tname) \ - static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_BROKEN, 0, 0, 0, 0}; \ - ASN1_SEQUENCE(tname) -#define static_ASN1_BROKEN_SEQUENCE_END(stname) \ - static_ASN1_SEQUENCE_END_ref(stname, stname) - -typedef struct netscape_pkey_st { - int32_t version; - X509_ALGOR *algor; - ASN1_OCTET_STRING *private_key; -} NETSCAPE_PKEY; - -typedef struct netscape_encrypted_pkey_st { - ASN1_OCTET_STRING *os; - /* - * This is the same structure as DigestInfo so use it: although this - * isn't really anything to do with digests. - */ - X509_SIG *enckey; -} NETSCAPE_ENCRYPTED_PKEY; - - -ASN1_BROKEN_SEQUENCE(NETSCAPE_ENCRYPTED_PKEY) = { - ASN1_SIMPLE(NETSCAPE_ENCRYPTED_PKEY, os, ASN1_OCTET_STRING), - ASN1_SIMPLE(NETSCAPE_ENCRYPTED_PKEY, enckey, X509_SIG) -} static_ASN1_BROKEN_SEQUENCE_END(NETSCAPE_ENCRYPTED_PKEY) - -DECLARE_ASN1_FUNCTIONS(NETSCAPE_ENCRYPTED_PKEY) -DECLARE_ASN1_ENCODE_FUNCTIONS_name(NETSCAPE_ENCRYPTED_PKEY, NETSCAPE_ENCRYPTED_PKEY) -IMPLEMENT_ASN1_FUNCTIONS(NETSCAPE_ENCRYPTED_PKEY) - -ASN1_SEQUENCE(NETSCAPE_PKEY) = { - ASN1_EMBED(NETSCAPE_PKEY, version, INT32), - ASN1_SIMPLE(NETSCAPE_PKEY, algor, X509_ALGOR), - ASN1_SIMPLE(NETSCAPE_PKEY, private_key, ASN1_OCTET_STRING) -} static_ASN1_SEQUENCE_END(NETSCAPE_PKEY) - -DECLARE_ASN1_FUNCTIONS(NETSCAPE_PKEY) -DECLARE_ASN1_ENCODE_FUNCTIONS_name(NETSCAPE_PKEY, NETSCAPE_PKEY) -IMPLEMENT_ASN1_FUNCTIONS(NETSCAPE_PKEY) diff --git a/crypto/asn1/nsseq.c b/crypto/asn1/nsseq.c deleted file mode 100644 index 09dc24f25f8da186154faf82bccd1e06bea9b31f..0000000000000000000000000000000000000000 --- a/crypto/asn1/nsseq.c +++ /dev/null @@ -1,34 +0,0 @@ -/* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include -#include - -static int nsseq_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, - void *exarg) -{ - if (operation == ASN1_OP_NEW_POST) { - NETSCAPE_CERT_SEQUENCE *nsseq; - nsseq = (NETSCAPE_CERT_SEQUENCE *)*pval; - nsseq->type = OBJ_nid2obj(NID_netscape_cert_sequence); - } - return 1; -} - -/* Netscape certificate sequence structure */ - -ASN1_SEQUENCE_cb(NETSCAPE_CERT_SEQUENCE, nsseq_cb) = { - ASN1_SIMPLE(NETSCAPE_CERT_SEQUENCE, type, ASN1_OBJECT), - ASN1_EXP_SEQUENCE_OF_OPT(NETSCAPE_CERT_SEQUENCE, certs, X509, 0) -} ASN1_SEQUENCE_END_cb(NETSCAPE_CERT_SEQUENCE, NETSCAPE_CERT_SEQUENCE) - -IMPLEMENT_ASN1_FUNCTIONS(NETSCAPE_CERT_SEQUENCE) diff --git a/crypto/asn1/p5_pbe.c b/crypto/asn1/p5_pbe.c deleted file mode 100644 index 9bc8aaa7a31eccd7b51ec7700ccec93147622329..0000000000000000000000000000000000000000 --- a/crypto/asn1/p5_pbe.c +++ /dev/null @@ -1,113 +0,0 @@ -/* - * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/cryptlib.h" -#include -#include -#include - -/* PKCS#5 password based encryption structure */ - -ASN1_SEQUENCE(PBEPARAM) = { - ASN1_SIMPLE(PBEPARAM, salt, ASN1_OCTET_STRING), - ASN1_SIMPLE(PBEPARAM, iter, ASN1_INTEGER) -} ASN1_SEQUENCE_END(PBEPARAM) - -IMPLEMENT_ASN1_FUNCTIONS(PBEPARAM) - -/* Set an algorithm identifier for a PKCS#5 PBE algorithm */ - -int PKCS5_pbe_set0_algor_ex(X509_ALGOR *algor, int alg, int iter, - const unsigned char *salt, int saltlen, - OSSL_LIB_CTX *ctx) -{ - PBEPARAM *pbe = NULL; - ASN1_STRING *pbe_str = NULL; - unsigned char *sstr = NULL; - - pbe = PBEPARAM_new(); - if (pbe == NULL) { - ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); - goto err; - } - if (iter <= 0) - iter = PKCS5_DEFAULT_ITER; - if (!ASN1_INTEGER_set(pbe->iter, iter)) { - ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); - goto err; - } - if (!saltlen) - saltlen = PKCS5_SALT_LEN; - if (saltlen < 0) - goto err; - - sstr = OPENSSL_malloc(saltlen); - if (sstr == NULL) { - ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); - goto err; - } - if (salt) - memcpy(sstr, salt, saltlen); - else if (RAND_bytes_ex(ctx, sstr, saltlen, 0) <= 0) - goto err; - - ASN1_STRING_set0(pbe->salt, sstr, saltlen); - sstr = NULL; - - if (!ASN1_item_pack(pbe, ASN1_ITEM_rptr(PBEPARAM), &pbe_str)) { - ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); - goto err; - } - - PBEPARAM_free(pbe); - pbe = NULL; - - if (X509_ALGOR_set0(algor, OBJ_nid2obj(alg), V_ASN1_SEQUENCE, pbe_str)) - return 1; - - err: - OPENSSL_free(sstr); - PBEPARAM_free(pbe); - ASN1_STRING_free(pbe_str); - return 0; -} - -int PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter, - const unsigned char *salt, int saltlen) -{ - return PKCS5_pbe_set0_algor_ex(algor, alg, iter, salt, saltlen, NULL); -} - -/* Return an algorithm identifier for a PKCS#5 PBE algorithm */ - -X509_ALGOR *PKCS5_pbe_set_ex(int alg, int iter, - const unsigned char *salt, int saltlen, - OSSL_LIB_CTX *ctx) -{ - X509_ALGOR *ret; - ret = X509_ALGOR_new(); - if (ret == NULL) { - ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); - return NULL; - } - - if (PKCS5_pbe_set0_algor_ex(ret, alg, iter, salt, saltlen, ctx)) - return ret; - - X509_ALGOR_free(ret); - return NULL; -} - -X509_ALGOR *PKCS5_pbe_set(int alg, int iter, - const unsigned char *salt, int saltlen) -{ - return PKCS5_pbe_set_ex(alg, iter, salt, saltlen, NULL); -} - diff --git a/crypto/asn1/p5_pbev2.c b/crypto/asn1/p5_pbev2.c deleted file mode 100644 index 711743a77b59d9ac1437542c4e42f15f9699df16..0000000000000000000000000000000000000000 --- a/crypto/asn1/p5_pbev2.c +++ /dev/null @@ -1,246 +0,0 @@ -/* - * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/cryptlib.h" -#include -#include -#include -#include -#include - -/* PKCS#5 v2.0 password based encryption structures */ - -ASN1_SEQUENCE(PBE2PARAM) = { - ASN1_SIMPLE(PBE2PARAM, keyfunc, X509_ALGOR), - ASN1_SIMPLE(PBE2PARAM, encryption, X509_ALGOR) -} ASN1_SEQUENCE_END(PBE2PARAM) - -IMPLEMENT_ASN1_FUNCTIONS(PBE2PARAM) - -ASN1_SEQUENCE(PBKDF2PARAM) = { - ASN1_SIMPLE(PBKDF2PARAM, salt, ASN1_ANY), - ASN1_SIMPLE(PBKDF2PARAM, iter, ASN1_INTEGER), - ASN1_OPT(PBKDF2PARAM, keylength, ASN1_INTEGER), - ASN1_OPT(PBKDF2PARAM, prf, X509_ALGOR) -} ASN1_SEQUENCE_END(PBKDF2PARAM) - -IMPLEMENT_ASN1_FUNCTIONS(PBKDF2PARAM) - -/* - * Return an algorithm identifier for a PKCS#5 v2.0 PBE algorithm: yes I know - * this is horrible! Extended version to allow application supplied PRF NID - * and IV. - */ - -X509_ALGOR *PKCS5_pbe2_set_iv_ex(const EVP_CIPHER *cipher, int iter, - unsigned char *salt, int saltlen, - unsigned char *aiv, int prf_nid, - OSSL_LIB_CTX *libctx) -{ - X509_ALGOR *scheme = NULL, *ret = NULL; - int alg_nid, keylen, ivlen; - EVP_CIPHER_CTX *ctx = NULL; - unsigned char iv[EVP_MAX_IV_LENGTH]; - PBE2PARAM *pbe2 = NULL; - - alg_nid = EVP_CIPHER_get_type(cipher); - if (alg_nid == NID_undef) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER); - goto err; - } - - if ((pbe2 = PBE2PARAM_new()) == NULL) - goto merr; - - /* Setup the AlgorithmIdentifier for the encryption scheme */ - scheme = pbe2->encryption; - scheme->algorithm = OBJ_nid2obj(alg_nid); - if ((scheme->parameter = ASN1_TYPE_new()) == NULL) - goto merr; - - /* Create random IV */ - ivlen = EVP_CIPHER_get_iv_length(cipher); - if (ivlen > 0) { - if (aiv) - memcpy(iv, aiv, ivlen); - else if (RAND_bytes_ex(libctx, iv, ivlen, 0) <= 0) - goto err; - } - - ctx = EVP_CIPHER_CTX_new(); - if (ctx == NULL) - goto merr; - - /* Dummy cipherinit to just setup the IV, and PRF */ - if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, iv, 0)) - goto err; - if (EVP_CIPHER_param_to_asn1(ctx, scheme->parameter) <= 0) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_ERROR_SETTING_CIPHER_PARAMS); - goto err; - } - /* - * If prf NID unspecified see if cipher has a preference. An error is OK - * here: just means use default PRF. - */ - ERR_set_mark(); - if ((prf_nid == -1) && - EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_PBE_PRF_NID, 0, &prf_nid) <= 0) { - prf_nid = NID_hmacWithSHA256; - } - ERR_pop_to_mark(); - EVP_CIPHER_CTX_free(ctx); - ctx = NULL; - - /* If its RC2 then we'd better setup the key length */ - - if (alg_nid == NID_rc2_cbc) - keylen = EVP_CIPHER_get_key_length(cipher); - else - keylen = -1; - - /* Setup keyfunc */ - - X509_ALGOR_free(pbe2->keyfunc); - - pbe2->keyfunc = PKCS5_pbkdf2_set_ex(iter, salt, saltlen, prf_nid, keylen, - libctx); - - if (pbe2->keyfunc == NULL) - goto merr; - - /* Now set up top level AlgorithmIdentifier */ - - if ((ret = X509_ALGOR_new()) == NULL) - goto merr; - - ret->algorithm = OBJ_nid2obj(NID_pbes2); - - /* Encode PBE2PARAM into parameter */ - - if (!ASN1_TYPE_pack_sequence(ASN1_ITEM_rptr(PBE2PARAM), pbe2, - &ret->parameter)) - goto merr; - - PBE2PARAM_free(pbe2); - pbe2 = NULL; - - return ret; - - merr: - ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); - - err: - EVP_CIPHER_CTX_free(ctx); - PBE2PARAM_free(pbe2); - /* Note 'scheme' is freed as part of pbe2 */ - X509_ALGOR_free(ret); - - return NULL; -} - -X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter, - unsigned char *salt, int saltlen, - unsigned char *aiv, int prf_nid) -{ - return PKCS5_pbe2_set_iv_ex(cipher, iter, salt, saltlen, aiv, prf_nid, - NULL); -} - -X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter, - unsigned char *salt, int saltlen) -{ - return PKCS5_pbe2_set_iv_ex(cipher, iter, salt, saltlen, NULL, -1, - NULL); -} - - -X509_ALGOR *PKCS5_pbkdf2_set_ex(int iter, unsigned char *salt, int saltlen, - int prf_nid, int keylen, - OSSL_LIB_CTX *libctx) -{ - X509_ALGOR *keyfunc = NULL; - PBKDF2PARAM *kdf = NULL; - ASN1_OCTET_STRING *osalt = NULL; - - if ((kdf = PBKDF2PARAM_new()) == NULL) - goto merr; - if ((osalt = ASN1_OCTET_STRING_new()) == NULL) - goto merr; - - kdf->salt->value.octet_string = osalt; - kdf->salt->type = V_ASN1_OCTET_STRING; - - if (saltlen < 0) - goto merr; - if (saltlen == 0) - saltlen = PKCS5_SALT_LEN; - if ((osalt->data = OPENSSL_malloc(saltlen)) == NULL) - goto merr; - - osalt->length = saltlen; - - if (salt) - memcpy(osalt->data, salt, saltlen); - else if (RAND_bytes_ex(libctx, osalt->data, saltlen, 0) <= 0) - goto merr; - - if (iter <= 0) - iter = PKCS5_DEFAULT_ITER; - - if (!ASN1_INTEGER_set(kdf->iter, iter)) - goto merr; - - /* If have a key len set it up */ - - if (keylen > 0) { - if ((kdf->keylength = ASN1_INTEGER_new()) == NULL) - goto merr; - if (!ASN1_INTEGER_set(kdf->keylength, keylen)) - goto merr; - } - - /* prf can stay NULL if we are using hmacWithSHA1 */ - if (prf_nid > 0 && prf_nid != NID_hmacWithSHA1) { - kdf->prf = X509_ALGOR_new(); - if (kdf->prf == NULL) - goto merr; - X509_ALGOR_set0(kdf->prf, OBJ_nid2obj(prf_nid), V_ASN1_NULL, NULL); - } - - /* Finally setup the keyfunc structure */ - - keyfunc = X509_ALGOR_new(); - if (keyfunc == NULL) - goto merr; - - keyfunc->algorithm = OBJ_nid2obj(NID_id_pbkdf2); - - /* Encode PBKDF2PARAM into parameter of pbe2 */ - - if (!ASN1_TYPE_pack_sequence(ASN1_ITEM_rptr(PBKDF2PARAM), kdf, - &keyfunc->parameter)) - goto merr; - - PBKDF2PARAM_free(kdf); - return keyfunc; - - merr: - ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); - PBKDF2PARAM_free(kdf); - X509_ALGOR_free(keyfunc); - return NULL; -} - -X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen, - int prf_nid, int keylen) -{ - return PKCS5_pbkdf2_set_ex(iter, salt, saltlen, prf_nid, keylen, NULL); -} - diff --git a/crypto/asn1/p5_scrypt.c b/crypto/asn1/p5_scrypt.c deleted file mode 100644 index a02190d0dc1197632ccab997bf7ce92febdd4b7d..0000000000000000000000000000000000000000 --- a/crypto/asn1/p5_scrypt.c +++ /dev/null @@ -1,286 +0,0 @@ -/* - * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/cryptlib.h" -#include -#include -#include -#include -#include -#include -#include "crypto/evp.h" - -#ifndef OPENSSL_NO_SCRYPT -/* PKCS#5 scrypt password based encryption structures */ - -ASN1_SEQUENCE(SCRYPT_PARAMS) = { - ASN1_SIMPLE(SCRYPT_PARAMS, salt, ASN1_OCTET_STRING), - ASN1_SIMPLE(SCRYPT_PARAMS, costParameter, ASN1_INTEGER), - ASN1_SIMPLE(SCRYPT_PARAMS, blockSize, ASN1_INTEGER), - ASN1_SIMPLE(SCRYPT_PARAMS, parallelizationParameter, ASN1_INTEGER), - ASN1_OPT(SCRYPT_PARAMS, keyLength, ASN1_INTEGER), -} ASN1_SEQUENCE_END(SCRYPT_PARAMS) - -IMPLEMENT_ASN1_FUNCTIONS(SCRYPT_PARAMS) - -static X509_ALGOR *pkcs5_scrypt_set(const unsigned char *salt, size_t saltlen, - size_t keylen, uint64_t N, uint64_t r, - uint64_t p); - -/* - * Return an algorithm identifier for a PKCS#5 v2.0 PBE algorithm using scrypt - */ - -X509_ALGOR *PKCS5_pbe2_set_scrypt(const EVP_CIPHER *cipher, - const unsigned char *salt, int saltlen, - unsigned char *aiv, uint64_t N, uint64_t r, - uint64_t p) -{ - X509_ALGOR *scheme = NULL, *ret = NULL; - int alg_nid; - size_t keylen = 0; - EVP_CIPHER_CTX *ctx = NULL; - unsigned char iv[EVP_MAX_IV_LENGTH]; - PBE2PARAM *pbe2 = NULL; - - if (!cipher) { - ERR_raise(ERR_LIB_ASN1, ERR_R_PASSED_NULL_PARAMETER); - goto err; - } - - if (EVP_PBE_scrypt(NULL, 0, NULL, 0, N, r, p, 0, NULL, 0) == 0) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_INVALID_SCRYPT_PARAMETERS); - goto err; - } - - alg_nid = EVP_CIPHER_get_type(cipher); - if (alg_nid == NID_undef) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER); - goto err; - } - - pbe2 = PBE2PARAM_new(); - if (pbe2 == NULL) - goto merr; - - /* Setup the AlgorithmIdentifier for the encryption scheme */ - scheme = pbe2->encryption; - - scheme->algorithm = OBJ_nid2obj(alg_nid); - scheme->parameter = ASN1_TYPE_new(); - if (scheme->parameter == NULL) - goto merr; - - /* Create random IV */ - if (EVP_CIPHER_get_iv_length(cipher)) { - if (aiv) - memcpy(iv, aiv, EVP_CIPHER_get_iv_length(cipher)); - else if (RAND_bytes(iv, EVP_CIPHER_get_iv_length(cipher)) <= 0) - goto err; - } - - ctx = EVP_CIPHER_CTX_new(); - if (ctx == NULL) - goto merr; - - /* Dummy cipherinit to just setup the IV */ - if (EVP_CipherInit_ex(ctx, cipher, NULL, NULL, iv, 0) == 0) - goto err; - if (EVP_CIPHER_param_to_asn1(ctx, scheme->parameter) <= 0) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_ERROR_SETTING_CIPHER_PARAMS); - goto err; - } - EVP_CIPHER_CTX_free(ctx); - ctx = NULL; - - /* If its RC2 then we'd better setup the key length */ - - if (alg_nid == NID_rc2_cbc) - keylen = EVP_CIPHER_get_key_length(cipher); - - /* Setup keyfunc */ - - X509_ALGOR_free(pbe2->keyfunc); - - pbe2->keyfunc = pkcs5_scrypt_set(salt, saltlen, keylen, N, r, p); - - if (pbe2->keyfunc == NULL) - goto merr; - - /* Now set up top level AlgorithmIdentifier */ - - ret = X509_ALGOR_new(); - if (ret == NULL) - goto merr; - - ret->algorithm = OBJ_nid2obj(NID_pbes2); - - /* Encode PBE2PARAM into parameter */ - - if (ASN1_TYPE_pack_sequence(ASN1_ITEM_rptr(PBE2PARAM), pbe2, - &ret->parameter) == NULL) - goto merr; - - PBE2PARAM_free(pbe2); - pbe2 = NULL; - - return ret; - - merr: - ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); - - err: - PBE2PARAM_free(pbe2); - X509_ALGOR_free(ret); - EVP_CIPHER_CTX_free(ctx); - - return NULL; -} - -static X509_ALGOR *pkcs5_scrypt_set(const unsigned char *salt, size_t saltlen, - size_t keylen, uint64_t N, uint64_t r, - uint64_t p) -{ - X509_ALGOR *keyfunc = NULL; - SCRYPT_PARAMS *sparam = SCRYPT_PARAMS_new(); - - if (sparam == NULL) - goto merr; - - if (!saltlen) - saltlen = PKCS5_SALT_LEN; - - /* This will either copy salt or grow the buffer */ - if (ASN1_STRING_set(sparam->salt, salt, saltlen) == 0) - goto merr; - - if (salt == NULL && RAND_bytes(sparam->salt->data, saltlen) <= 0) - goto err; - - if (ASN1_INTEGER_set_uint64(sparam->costParameter, N) == 0) - goto merr; - - if (ASN1_INTEGER_set_uint64(sparam->blockSize, r) == 0) - goto merr; - - if (ASN1_INTEGER_set_uint64(sparam->parallelizationParameter, p) == 0) - goto merr; - - /* If have a key len set it up */ - - if (keylen > 0) { - sparam->keyLength = ASN1_INTEGER_new(); - if (sparam->keyLength == NULL) - goto merr; - if (ASN1_INTEGER_set_int64(sparam->keyLength, keylen) == 0) - goto merr; - } - - /* Finally setup the keyfunc structure */ - - keyfunc = X509_ALGOR_new(); - if (keyfunc == NULL) - goto merr; - - keyfunc->algorithm = OBJ_nid2obj(NID_id_scrypt); - - /* Encode SCRYPT_PARAMS into parameter of pbe2 */ - - if (ASN1_TYPE_pack_sequence(ASN1_ITEM_rptr(SCRYPT_PARAMS), sparam, - &keyfunc->parameter) == NULL) - goto merr; - - SCRYPT_PARAMS_free(sparam); - return keyfunc; - - merr: - ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); - err: - SCRYPT_PARAMS_free(sparam); - X509_ALGOR_free(keyfunc); - return NULL; -} - -int PKCS5_v2_scrypt_keyivgen_ex(EVP_CIPHER_CTX *ctx, const char *pass, - int passlen, ASN1_TYPE *param, - const EVP_CIPHER *c, const EVP_MD *md, int en_de, - OSSL_LIB_CTX *libctx, const char *propq) -{ - unsigned char *salt, key[EVP_MAX_KEY_LENGTH]; - uint64_t p, r, N; - size_t saltlen; - size_t keylen = 0; - int t, rv = 0; - SCRYPT_PARAMS *sparam = NULL; - - if (EVP_CIPHER_CTX_get0_cipher(ctx) == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_NO_CIPHER_SET); - goto err; - } - - /* Decode parameter */ - - sparam = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(SCRYPT_PARAMS), param); - - if (sparam == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_DECODE_ERROR); - goto err; - } - - t = EVP_CIPHER_CTX_get_key_length(ctx); - if (t < 0) { - ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_KEY_LENGTH); - goto err; - } - keylen = t; - - /* Now check the parameters of sparam */ - - if (sparam->keyLength) { - uint64_t spkeylen; - if ((ASN1_INTEGER_get_uint64(&spkeylen, sparam->keyLength) == 0) - || (spkeylen != keylen)) { - ERR_raise(ERR_LIB_EVP, EVP_R_UNSUPPORTED_KEYLENGTH); - goto err; - } - } - /* Check all parameters fit in uint64_t and are acceptable to scrypt */ - if (ASN1_INTEGER_get_uint64(&N, sparam->costParameter) == 0 - || ASN1_INTEGER_get_uint64(&r, sparam->blockSize) == 0 - || ASN1_INTEGER_get_uint64(&p, sparam->parallelizationParameter) == 0 - || EVP_PBE_scrypt_ex(NULL, 0, NULL, 0, N, r, p, 0, NULL, 0, - libctx, propq) == 0) { - ERR_raise(ERR_LIB_EVP, EVP_R_ILLEGAL_SCRYPT_PARAMETERS); - goto err; - } - - /* it seems that its all OK */ - - salt = sparam->salt->data; - saltlen = sparam->salt->length; - if (EVP_PBE_scrypt_ex(pass, passlen, salt, saltlen, N, r, p, 0, key, - keylen, libctx, propq) == 0) - goto err; - rv = EVP_CipherInit_ex(ctx, NULL, NULL, key, NULL, en_de); - err: - if (keylen) - OPENSSL_cleanse(key, keylen); - SCRYPT_PARAMS_free(sparam); - return rv; -} - -int PKCS5_v2_scrypt_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, - int passlen, ASN1_TYPE *param, - const EVP_CIPHER *c, const EVP_MD *md, int en_de) -{ - return PKCS5_v2_scrypt_keyivgen_ex(ctx, pass, passlen, param, c, md, en_de, NULL, NULL); -} - -#endif /* OPENSSL_NO_SCRYPT */ diff --git a/crypto/asn1/p8_pkey.c b/crypto/asn1/p8_pkey.c deleted file mode 100644 index dee188519c22c3027990009254560a586118a9f7..0000000000000000000000000000000000000000 --- a/crypto/asn1/p8_pkey.c +++ /dev/null @@ -1,91 +0,0 @@ -/* - * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/cryptlib.h" -#include -#include -#include "crypto/x509.h" - -/* Minor tweak to operation: zero private key data */ -static int pkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, - void *exarg) -{ - /* Since the structure must still be valid use ASN1_OP_FREE_PRE */ - if (operation == ASN1_OP_FREE_PRE) { - PKCS8_PRIV_KEY_INFO *key = (PKCS8_PRIV_KEY_INFO *)*pval; - if (key->pkey) - OPENSSL_cleanse(key->pkey->data, key->pkey->length); - } - return 1; -} - -ASN1_SEQUENCE_cb(PKCS8_PRIV_KEY_INFO, pkey_cb) = { - ASN1_SIMPLE(PKCS8_PRIV_KEY_INFO, version, ASN1_INTEGER), - ASN1_SIMPLE(PKCS8_PRIV_KEY_INFO, pkeyalg, X509_ALGOR), - ASN1_SIMPLE(PKCS8_PRIV_KEY_INFO, pkey, ASN1_OCTET_STRING), - ASN1_IMP_SET_OF_OPT(PKCS8_PRIV_KEY_INFO, attributes, X509_ATTRIBUTE, 0) -} ASN1_SEQUENCE_END_cb(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO) - -IMPLEMENT_ASN1_FUNCTIONS(PKCS8_PRIV_KEY_INFO) - -int PKCS8_pkey_set0(PKCS8_PRIV_KEY_INFO *priv, ASN1_OBJECT *aobj, - int version, - int ptype, void *pval, unsigned char *penc, int penclen) -{ - if (version >= 0) { - if (!ASN1_INTEGER_set(priv->version, version)) - return 0; - } - if (!X509_ALGOR_set0(priv->pkeyalg, aobj, ptype, pval)) - return 0; - if (penc) - ASN1_STRING_set0(priv->pkey, penc, penclen); - return 1; -} - -int PKCS8_pkey_get0(const ASN1_OBJECT **ppkalg, - const unsigned char **pk, int *ppklen, - const X509_ALGOR **pa, const PKCS8_PRIV_KEY_INFO *p8) -{ - if (ppkalg) - *ppkalg = p8->pkeyalg->algorithm; - if (pk) { - *pk = ASN1_STRING_get0_data(p8->pkey); - *ppklen = ASN1_STRING_length(p8->pkey); - } - if (pa) - *pa = p8->pkeyalg; - return 1; -} - -const STACK_OF(X509_ATTRIBUTE) * -PKCS8_pkey_get0_attrs(const PKCS8_PRIV_KEY_INFO *p8) -{ - return p8->attributes; -} - -int PKCS8_pkey_add1_attr_by_NID(PKCS8_PRIV_KEY_INFO *p8, int nid, int type, - const unsigned char *bytes, int len) -{ - if (X509at_add1_attr_by_NID(&p8->attributes, nid, type, bytes, len) != NULL) - return 1; - return 0; -} - -int PKCS8_pkey_add1_attr_by_OBJ(PKCS8_PRIV_KEY_INFO *p8, const ASN1_OBJECT *obj, int type, - const unsigned char *bytes, int len) -{ - return (X509at_add1_attr_by_OBJ(&p8->attributes, obj, type, bytes, len) != NULL); -} - -int PKCS8_pkey_add1_attr(PKCS8_PRIV_KEY_INFO *p8, X509_ATTRIBUTE *attr) -{ - return (X509at_add1_attr(&p8->attributes, attr) != NULL); -} diff --git a/crypto/asn1/standard_methods.h b/crypto/asn1/standard_methods.h deleted file mode 100644 index 0b0c7ef6864f5745e6241816908402a97f5c74f6..0000000000000000000000000000000000000000 --- a/crypto/asn1/standard_methods.h +++ /dev/null @@ -1,47 +0,0 @@ -/* - * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * This table MUST be kept in ascending order of the NID each method - * represents (corresponding to the pkey_id field) as OBJ_bsearch - * is used to search it. - */ -static const EVP_PKEY_ASN1_METHOD *standard_methods[] = { - &ossl_rsa_asn1_meths[0], - &ossl_rsa_asn1_meths[1], -#ifndef OPENSSL_NO_DH - &ossl_dh_asn1_meth, -#endif -#ifndef OPENSSL_NO_DSA - &ossl_dsa_asn1_meths[0], - &ossl_dsa_asn1_meths[1], - &ossl_dsa_asn1_meths[2], - &ossl_dsa_asn1_meths[3], - &ossl_dsa_asn1_meths[4], -#endif -#ifndef OPENSSL_NO_EC - &ossl_eckey_asn1_meth, -#endif - &ossl_rsa_pss_asn1_meth, -#ifndef OPENSSL_NO_DH - &ossl_dhx_asn1_meth, -#endif -#ifndef OPENSSL_NO_EC - &ossl_ecx25519_asn1_meth, - &ossl_ecx448_asn1_meth, -#endif -#ifndef OPENSSL_NO_EC - &ossl_ed25519_asn1_meth, - &ossl_ed448_asn1_meth, -#endif -#ifndef OPENSSL_NO_SM2 - &ossl_sm2_asn1_meth, -#endif -}; - diff --git a/crypto/asn1/t_bitst.c b/crypto/asn1/t_bitst.c deleted file mode 100644 index e7b817f78e15dbf4b6f2940f6dc9911fc7faa635..0000000000000000000000000000000000000000 --- a/crypto/asn1/t_bitst.c +++ /dev/null @@ -1,56 +0,0 @@ -/* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/cryptlib.h" -#include -#include - -int ASN1_BIT_STRING_name_print(BIO *out, ASN1_BIT_STRING *bs, - BIT_STRING_BITNAME *tbl, int indent) -{ - BIT_STRING_BITNAME *bnam; - char first = 1; - BIO_printf(out, "%*s", indent, ""); - for (bnam = tbl; bnam->lname; bnam++) { - if (ASN1_BIT_STRING_get_bit(bs, bnam->bitnum)) { - if (!first) - BIO_puts(out, ", "); - BIO_puts(out, bnam->lname); - first = 0; - } - } - BIO_puts(out, "\n"); - return 1; -} - -int ASN1_BIT_STRING_set_asc(ASN1_BIT_STRING *bs, const char *name, int value, - BIT_STRING_BITNAME *tbl) -{ - int bitnum; - bitnum = ASN1_BIT_STRING_num_asc(name, tbl); - if (bitnum < 0) - return 0; - if (bs) { - if (!ASN1_BIT_STRING_set_bit(bs, bitnum, value)) - return 0; - } - return 1; -} - -int ASN1_BIT_STRING_num_asc(const char *name, BIT_STRING_BITNAME *tbl) -{ - BIT_STRING_BITNAME *bnam; - for (bnam = tbl; bnam->lname; bnam++) { - if ((strcmp(bnam->sname, name) == 0) - || (strcmp(bnam->lname, name) == 0)) - return bnam->bitnum; - } - return -1; -} diff --git a/crypto/asn1/t_pkey.c b/crypto/asn1/t_pkey.c deleted file mode 100644 index 03579c877cfc001d54f8ed39e5b6c225cf124d06..0000000000000000000000000000000000000000 --- a/crypto/asn1/t_pkey.c +++ /dev/null @@ -1,93 +0,0 @@ -/* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/cryptlib.h" -#include -#include -#include "crypto/bn.h" - -/* Number of octets per line */ -#define ASN1_BUF_PRINT_WIDTH 15 -/* Maximum indent */ -#define ASN1_PRINT_MAX_INDENT 128 - -int ASN1_buf_print(BIO *bp, const unsigned char *buf, size_t buflen, int indent) -{ - size_t i; - - for (i = 0; i < buflen; i++) { - if ((i % ASN1_BUF_PRINT_WIDTH) == 0) { - if (i > 0 && BIO_puts(bp, "\n") <= 0) - return 0; - if (!BIO_indent(bp, indent, ASN1_PRINT_MAX_INDENT)) - return 0; - } - /* - * Use colon separators for each octet for compatibility as - * this function is used to print out key components. - */ - if (BIO_printf(bp, "%02x%s", buf[i], - (i == buflen - 1) ? "" : ":") <= 0) - return 0; - } - if (BIO_write(bp, "\n", 1) <= 0) - return 0; - return 1; -} - -int ASN1_bn_print(BIO *bp, const char *number, const BIGNUM *num, - unsigned char *ign, int indent) -{ - int n, rv = 0; - const char *neg; - unsigned char *buf = NULL, *tmp = NULL; - int buflen; - - if (num == NULL) - return 1; - neg = BN_is_negative(num) ? "-" : ""; - if (!BIO_indent(bp, indent, ASN1_PRINT_MAX_INDENT)) - return 0; - if (BN_is_zero(num)) { - if (BIO_printf(bp, "%s 0\n", number) <= 0) - return 0; - return 1; - } - - if (BN_num_bytes(num) <= BN_BYTES) { - if (BIO_printf(bp, "%s %s%lu (%s0x%lx)\n", number, neg, - (unsigned long)bn_get_words(num)[0], neg, - (unsigned long)bn_get_words(num)[0]) <= 0) - return 0; - return 1; - } - - buflen = BN_num_bytes(num) + 1; - buf = tmp = OPENSSL_malloc(buflen); - if (buf == NULL) - goto err; - buf[0] = 0; - if (BIO_printf(bp, "%s%s\n", number, - (neg[0] == '-') ? " (Negative)" : "") <= 0) - goto err; - n = BN_bn2bin(num, buf + 1); - - if (buf[1] & 0x80) - n++; - else - tmp++; - - if (ASN1_buf_print(bp, tmp, n, indent + 4) == 0) - goto err; - rv = 1; - err: - OPENSSL_clear_free(buf, buflen); - return rv; -} diff --git a/crypto/asn1/t_spki.c b/crypto/asn1/t_spki.c deleted file mode 100644 index 0397f1f9ee508c37ca270b72cd244e0c851bdb46..0000000000000000000000000000000000000000 --- a/crypto/asn1/t_spki.c +++ /dev/null @@ -1,56 +0,0 @@ -/* - * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/cryptlib.h" -#include -#include -#include -#include -#include - -/* Print out an SPKI */ - -int NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki) -{ - EVP_PKEY *pkey; - ASN1_IA5STRING *chal; - ASN1_OBJECT *spkioid; - int i, n; - char *s; - BIO_printf(out, "Netscape SPKI:\n"); - X509_PUBKEY_get0_param(&spkioid, NULL, NULL, NULL, spki->spkac->pubkey); - i = OBJ_obj2nid(spkioid); - BIO_printf(out, " Public Key Algorithm: %s\n", - (i == NID_undef) ? "UNKNOWN" : OBJ_nid2ln(i)); - pkey = X509_PUBKEY_get(spki->spkac->pubkey); - if (pkey == NULL) - BIO_printf(out, " Unable to load public key\n"); - else { - EVP_PKEY_print_public(out, pkey, 4, NULL); - EVP_PKEY_free(pkey); - } - chal = spki->spkac->challenge; - if (chal->length) - BIO_printf(out, " Challenge String: %.*s\n", chal->length, chal->data); - i = OBJ_obj2nid(spki->sig_algor.algorithm); - BIO_printf(out, " Signature Algorithm: %s", - (i == NID_undef) ? "UNKNOWN" : OBJ_nid2ln(i)); - - n = spki->signature->length; - s = (char *)spki->signature->data; - for (i = 0; i < n; i++) { - if ((i % 18) == 0) - BIO_write(out, "\n ", 7); - BIO_printf(out, "%02x%s", (unsigned char)s[i], - ((i + 1) == n) ? "" : ":"); - } - BIO_write(out, "\n", 1); - return 1; -} diff --git a/crypto/asn1/tasn_dec.c b/crypto/asn1/tasn_dec.c deleted file mode 100644 index 11198087a57b37989cdd2f6253738079db16962c..0000000000000000000000000000000000000000 --- a/crypto/asn1/tasn_dec.c +++ /dev/null @@ -1,1222 +0,0 @@ -/* - * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include -#include -#include -#include -#include "internal/numbers.h" -#include "asn1_local.h" - -/* - * Constructed types with a recursive definition (such as can be found in PKCS7) - * could eventually exceed the stack given malicious input with excessive - * recursion. Therefore we limit the stack depth. This is the maximum number of - * recursive invocations of asn1_item_embed_d2i(). - */ -#define ASN1_MAX_CONSTRUCTED_NEST 30 - -static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in, - long len, const ASN1_ITEM *it, - int tag, int aclass, char opt, ASN1_TLC *ctx, - int depth, OSSL_LIB_CTX *libctx, - const char *propq); - -static int asn1_check_eoc(const unsigned char **in, long len); -static int asn1_find_end(const unsigned char **in, long len, char inf); - -static int asn1_collect(BUF_MEM *buf, const unsigned char **in, long len, - char inf, int tag, int aclass, int depth); - -static int collect_data(BUF_MEM *buf, const unsigned char **p, long plen); - -static int asn1_check_tlen(long *olen, int *otag, unsigned char *oclass, - char *inf, char *cst, - const unsigned char **in, long len, - int exptag, int expclass, char opt, ASN1_TLC *ctx); - -static int asn1_template_ex_d2i(ASN1_VALUE **pval, - const unsigned char **in, long len, - const ASN1_TEMPLATE *tt, char opt, - ASN1_TLC *ctx, int depth, OSSL_LIB_CTX *libctx, - const char *propq); -static int asn1_template_noexp_d2i(ASN1_VALUE **val, - const unsigned char **in, long len, - const ASN1_TEMPLATE *tt, char opt, - ASN1_TLC *ctx, int depth, - OSSL_LIB_CTX *libctx, const char *propq); -static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, - const unsigned char **in, long len, - const ASN1_ITEM *it, - int tag, int aclass, char opt, - ASN1_TLC *ctx); -static int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, - int utype, char *free_cont, const ASN1_ITEM *it); - -/* Table to convert tags to bit values, used for MSTRING type */ -static const unsigned long tag2bit[32] = { - /* tags 0 - 3 */ - 0, 0, 0, B_ASN1_BIT_STRING, - /* tags 4- 7 */ - B_ASN1_OCTET_STRING, 0, 0, B_ASN1_UNKNOWN, - /* tags 8-11 */ - B_ASN1_UNKNOWN, B_ASN1_UNKNOWN, 0, B_ASN1_UNKNOWN, - /* tags 12-15 */ - B_ASN1_UTF8STRING, B_ASN1_UNKNOWN, B_ASN1_UNKNOWN, B_ASN1_UNKNOWN, - /* tags 16-19 */ - B_ASN1_SEQUENCE, 0, B_ASN1_NUMERICSTRING, B_ASN1_PRINTABLESTRING, - /* tags 20-22 */ - B_ASN1_T61STRING, B_ASN1_VIDEOTEXSTRING, B_ASN1_IA5STRING, - /* tags 23-24 */ - B_ASN1_UTCTIME, B_ASN1_GENERALIZEDTIME, - /* tags 25-27 */ - B_ASN1_GRAPHICSTRING, B_ASN1_ISO64STRING, B_ASN1_GENERALSTRING, - /* tags 28-31 */ - B_ASN1_UNIVERSALSTRING, B_ASN1_UNKNOWN, B_ASN1_BMPSTRING, B_ASN1_UNKNOWN, -}; - -unsigned long ASN1_tag2bit(int tag) -{ - if ((tag < 0) || (tag > 30)) - return 0; - return tag2bit[tag]; -} - -/* Macro to initialize and invalidate the cache */ - -#define asn1_tlc_clear(c) do { if ((c) != NULL) (c)->valid = 0; } while (0) -/* Version to avoid compiler warning about 'c' always non-NULL */ -#define asn1_tlc_clear_nc(c) do {(c)->valid = 0; } while (0) - -/* - * Decode an ASN1 item, this currently behaves just like a standard 'd2i' - * function. 'in' points to a buffer to read the data from, in future we - * will have more advanced versions that can input data a piece at a time and - * this will simply be a special case. - */ - -static int asn1_item_ex_d2i_intern(ASN1_VALUE **pval, const unsigned char **in, - long len, const ASN1_ITEM *it, int tag, - int aclass, char opt, ASN1_TLC *ctx, - OSSL_LIB_CTX *libctx, const char *propq) -{ - int rv; - - if (pval == NULL || it == NULL) { - ERR_raise(ERR_LIB_ASN1, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - rv = asn1_item_embed_d2i(pval, in, len, it, tag, aclass, opt, ctx, 0, - libctx, propq); - if (rv <= 0) - ASN1_item_ex_free(pval, it); - return rv; -} - -int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, - const ASN1_ITEM *it, - int tag, int aclass, char opt, ASN1_TLC *ctx) -{ - return asn1_item_ex_d2i_intern(pval, in, len, it, tag, aclass, opt, ctx, - NULL, NULL); -} - -ASN1_VALUE *ASN1_item_d2i_ex(ASN1_VALUE **pval, - const unsigned char **in, long len, - const ASN1_ITEM *it, OSSL_LIB_CTX *libctx, - const char *propq) -{ - ASN1_TLC c; - ASN1_VALUE *ptmpval = NULL; - - if (pval == NULL) - pval = &ptmpval; - asn1_tlc_clear_nc(&c); - if (asn1_item_ex_d2i_intern(pval, in, len, it, -1, 0, 0, &c, libctx, - propq) > 0) - return *pval; - return NULL; -} - -ASN1_VALUE *ASN1_item_d2i(ASN1_VALUE **pval, - const unsigned char **in, long len, - const ASN1_ITEM *it) -{ - return ASN1_item_d2i_ex(pval, in, len, it, NULL, NULL); -} - -/* - * Decode an item, taking care of IMPLICIT tagging, if any. If 'opt' set and - * tag mismatch return -1 to handle OPTIONAL - */ - -static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in, - long len, const ASN1_ITEM *it, - int tag, int aclass, char opt, ASN1_TLC *ctx, - int depth, OSSL_LIB_CTX *libctx, - const char *propq) -{ - const ASN1_TEMPLATE *tt, *errtt = NULL; - const ASN1_EXTERN_FUNCS *ef; - const ASN1_AUX *aux; - ASN1_aux_cb *asn1_cb; - const unsigned char *p = NULL, *q; - unsigned char oclass; - char seq_eoc, seq_nolen, cst, isopt; - long tmplen; - int i; - int otag; - int ret = 0; - ASN1_VALUE **pchptr; - - if (pval == NULL || it == NULL) { - ERR_raise(ERR_LIB_ASN1, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - if (len <= 0) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_TOO_SMALL); - return 0; - } - aux = it->funcs; - if (aux && aux->asn1_cb) - asn1_cb = aux->asn1_cb; - else - asn1_cb = 0; - - if (++depth > ASN1_MAX_CONSTRUCTED_NEST) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_NESTED_TOO_DEEP); - goto err; - } - - switch (it->itype) { - case ASN1_ITYPE_PRIMITIVE: - if (it->templates) { - /* - * tagging or OPTIONAL is currently illegal on an item template - * because the flags can't get passed down. In practice this - * isn't a problem: we include the relevant flags from the item - * template in the template itself. - */ - if ((tag != -1) || opt) { - ERR_raise(ERR_LIB_ASN1, - ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE); - goto err; - } - return asn1_template_ex_d2i(pval, in, len, it->templates, opt, ctx, - depth, libctx, propq); - } - return asn1_d2i_ex_primitive(pval, in, len, it, - tag, aclass, opt, ctx); - - case ASN1_ITYPE_MSTRING: - /* - * It never makes sense for multi-strings to have implicit tagging, so - * if tag != -1, then this looks like an error in the template. - */ - if (tag != -1) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_BAD_TEMPLATE); - goto err; - } - - p = *in; - /* Just read in tag and class */ - ret = asn1_check_tlen(NULL, &otag, &oclass, NULL, NULL, - &p, len, -1, 0, 1, ctx); - if (!ret) { - ERR_raise(ERR_LIB_ASN1, ERR_R_NESTED_ASN1_ERROR); - goto err; - } - - /* Must be UNIVERSAL class */ - if (oclass != V_ASN1_UNIVERSAL) { - /* If OPTIONAL, assume this is OK */ - if (opt) - return -1; - ERR_raise(ERR_LIB_ASN1, ASN1_R_MSTRING_NOT_UNIVERSAL); - goto err; - } - - /* Check tag matches bit map */ - if (!(ASN1_tag2bit(otag) & it->utype)) { - /* If OPTIONAL, assume this is OK */ - if (opt) - return -1; - ERR_raise(ERR_LIB_ASN1, ASN1_R_MSTRING_WRONG_TAG); - goto err; - } - return asn1_d2i_ex_primitive(pval, in, len, it, otag, 0, 0, ctx); - - case ASN1_ITYPE_EXTERN: - /* Use new style d2i */ - ef = it->funcs; - if (ef->asn1_ex_d2i_ex != NULL) - return ef->asn1_ex_d2i_ex(pval, in, len, it, tag, aclass, opt, ctx, - libctx, propq); - return ef->asn1_ex_d2i(pval, in, len, it, tag, aclass, opt, ctx); - - case ASN1_ITYPE_CHOICE: - /* - * It never makes sense for CHOICE types to have implicit tagging, so - * if tag != -1, then this looks like an error in the template. - */ - if (tag != -1) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_BAD_TEMPLATE); - goto err; - } - - if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL)) - goto auxerr; - if (*pval) { - /* Free up and zero CHOICE value if initialised */ - i = ossl_asn1_get_choice_selector(pval, it); - if ((i >= 0) && (i < it->tcount)) { - tt = it->templates + i; - pchptr = ossl_asn1_get_field_ptr(pval, tt); - ossl_asn1_template_free(pchptr, tt); - ossl_asn1_set_choice_selector(pval, -1, it); - } - } else if (!ossl_asn1_item_ex_new_intern(pval, it, libctx, propq)) { - ERR_raise(ERR_LIB_ASN1, ERR_R_NESTED_ASN1_ERROR); - goto err; - } - /* CHOICE type, try each possibility in turn */ - p = *in; - for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) { - pchptr = ossl_asn1_get_field_ptr(pval, tt); - /* - * We mark field as OPTIONAL so its absence can be recognised. - */ - ret = asn1_template_ex_d2i(pchptr, &p, len, tt, 1, ctx, depth, - libctx, propq); - /* If field not present, try the next one */ - if (ret == -1) - continue; - /* If positive return, read OK, break loop */ - if (ret > 0) - break; - /* - * Must be an ASN1 parsing error. - * Free up any partial choice value - */ - ossl_asn1_template_free(pchptr, tt); - errtt = tt; - ERR_raise(ERR_LIB_ASN1, ERR_R_NESTED_ASN1_ERROR); - goto err; - } - - /* Did we fall off the end without reading anything? */ - if (i == it->tcount) { - /* If OPTIONAL, this is OK */ - if (opt) { - /* Free and zero it */ - ASN1_item_ex_free(pval, it); - return -1; - } - ERR_raise(ERR_LIB_ASN1, ASN1_R_NO_MATCHING_CHOICE_TYPE); - goto err; - } - - ossl_asn1_set_choice_selector(pval, i, it); - - if (asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it, NULL)) - goto auxerr; - *in = p; - return 1; - - case ASN1_ITYPE_NDEF_SEQUENCE: - case ASN1_ITYPE_SEQUENCE: - p = *in; - tmplen = len; - - /* If no IMPLICIT tagging set to SEQUENCE, UNIVERSAL */ - if (tag == -1) { - tag = V_ASN1_SEQUENCE; - aclass = V_ASN1_UNIVERSAL; - } - /* Get SEQUENCE length and update len, p */ - ret = asn1_check_tlen(&len, NULL, NULL, &seq_eoc, &cst, - &p, len, tag, aclass, opt, ctx); - if (!ret) { - ERR_raise(ERR_LIB_ASN1, ERR_R_NESTED_ASN1_ERROR); - goto err; - } else if (ret == -1) - return -1; - if (aux && (aux->flags & ASN1_AFLG_BROKEN)) { - len = tmplen - (p - *in); - seq_nolen = 1; - } - /* If indefinite we don't do a length check */ - else - seq_nolen = seq_eoc; - if (!cst) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_SEQUENCE_NOT_CONSTRUCTED); - goto err; - } - - if (*pval == NULL - && !ossl_asn1_item_ex_new_intern(pval, it, libctx, propq)) { - ERR_raise(ERR_LIB_ASN1, ERR_R_NESTED_ASN1_ERROR); - goto err; - } - - if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL)) - goto auxerr; - - /* Free up and zero any ADB found */ - for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) { - if (tt->flags & ASN1_TFLG_ADB_MASK) { - const ASN1_TEMPLATE *seqtt; - ASN1_VALUE **pseqval; - seqtt = ossl_asn1_do_adb(*pval, tt, 0); - if (seqtt == NULL) - continue; - pseqval = ossl_asn1_get_field_ptr(pval, seqtt); - ossl_asn1_template_free(pseqval, seqtt); - } - } - - /* Get each field entry */ - for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) { - const ASN1_TEMPLATE *seqtt; - ASN1_VALUE **pseqval; - seqtt = ossl_asn1_do_adb(*pval, tt, 1); - if (seqtt == NULL) - goto err; - pseqval = ossl_asn1_get_field_ptr(pval, seqtt); - /* Have we ran out of data? */ - if (!len) - break; - q = p; - if (asn1_check_eoc(&p, len)) { - if (!seq_eoc) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_UNEXPECTED_EOC); - goto err; - } - len -= p - q; - seq_eoc = 0; - break; - } - /* - * This determines the OPTIONAL flag value. The field cannot be - * omitted if it is the last of a SEQUENCE and there is still - * data to be read. This isn't strictly necessary but it - * increases efficiency in some cases. - */ - if (i == (it->tcount - 1)) - isopt = 0; - else - isopt = (char)(seqtt->flags & ASN1_TFLG_OPTIONAL); - /* - * attempt to read in field, allowing each to be OPTIONAL - */ - - ret = asn1_template_ex_d2i(pseqval, &p, len, seqtt, isopt, ctx, - depth, libctx, propq); - if (!ret) { - errtt = seqtt; - goto err; - } else if (ret == -1) { - /* - * OPTIONAL component absent. Free and zero the field. - */ - ossl_asn1_template_free(pseqval, seqtt); - continue; - } - /* Update length */ - len -= p - q; - } - - /* Check for EOC if expecting one */ - if (seq_eoc && !asn1_check_eoc(&p, len)) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_MISSING_EOC); - goto err; - } - /* Check all data read */ - if (!seq_nolen && len) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_SEQUENCE_LENGTH_MISMATCH); - goto err; - } - - /* - * If we get here we've got no more data in the SEQUENCE, however we - * may not have read all fields so check all remaining are OPTIONAL - * and clear any that are. - */ - for (; i < it->tcount; tt++, i++) { - const ASN1_TEMPLATE *seqtt; - seqtt = ossl_asn1_do_adb(*pval, tt, 1); - if (seqtt == NULL) - goto err; - if (seqtt->flags & ASN1_TFLG_OPTIONAL) { - ASN1_VALUE **pseqval; - pseqval = ossl_asn1_get_field_ptr(pval, seqtt); - ossl_asn1_template_free(pseqval, seqtt); - } else { - errtt = seqtt; - ERR_raise(ERR_LIB_ASN1, ASN1_R_FIELD_MISSING); - goto err; - } - } - /* Save encoding */ - if (!ossl_asn1_enc_save(pval, *in, p - *in, it)) - goto auxerr; - if (asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it, NULL)) - goto auxerr; - *in = p; - return 1; - - default: - return 0; - } - auxerr: - ERR_raise(ERR_LIB_ASN1, ASN1_R_AUX_ERROR); - err: - if (errtt) - ERR_add_error_data(4, "Field=", errtt->field_name, - ", Type=", it->sname); - else - ERR_add_error_data(2, "Type=", it->sname); - return 0; -} - -/* - * Templates are handled with two separate functions. One handles any - * EXPLICIT tag and the other handles the rest. - */ - -static int asn1_template_ex_d2i(ASN1_VALUE **val, - const unsigned char **in, long inlen, - const ASN1_TEMPLATE *tt, char opt, - ASN1_TLC *ctx, int depth, - OSSL_LIB_CTX *libctx, const char *propq) -{ - int flags, aclass; - int ret; - long len; - const unsigned char *p, *q; - char exp_eoc; - if (!val) - return 0; - flags = tt->flags; - aclass = flags & ASN1_TFLG_TAG_CLASS; - - p = *in; - - /* Check if EXPLICIT tag expected */ - if (flags & ASN1_TFLG_EXPTAG) { - char cst; - /* - * Need to work out amount of data available to the inner content and - * where it starts: so read in EXPLICIT header to get the info. - */ - ret = asn1_check_tlen(&len, NULL, NULL, &exp_eoc, &cst, - &p, inlen, tt->tag, aclass, opt, ctx); - q = p; - if (!ret) { - ERR_raise(ERR_LIB_ASN1, ERR_R_NESTED_ASN1_ERROR); - return 0; - } else if (ret == -1) - return -1; - if (!cst) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED); - return 0; - } - /* We've found the field so it can't be OPTIONAL now */ - ret = asn1_template_noexp_d2i(val, &p, len, tt, 0, ctx, depth, libctx, - propq); - if (!ret) { - ERR_raise(ERR_LIB_ASN1, ERR_R_NESTED_ASN1_ERROR); - return 0; - } - /* We read the field in OK so update length */ - len -= p - q; - if (exp_eoc) { - /* If NDEF we must have an EOC here */ - if (!asn1_check_eoc(&p, len)) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_MISSING_EOC); - goto err; - } - } else { - /* - * Otherwise we must hit the EXPLICIT tag end or its an error - */ - if (len) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_EXPLICIT_LENGTH_MISMATCH); - goto err; - } - } - } else - return asn1_template_noexp_d2i(val, in, inlen, tt, opt, ctx, depth, - libctx, propq); - - *in = p; - return 1; - - err: - return 0; -} - -static int asn1_template_noexp_d2i(ASN1_VALUE **val, - const unsigned char **in, long len, - const ASN1_TEMPLATE *tt, char opt, - ASN1_TLC *ctx, int depth, - OSSL_LIB_CTX *libctx, const char *propq) -{ - int flags, aclass; - int ret; - ASN1_VALUE *tval; - const unsigned char *p, *q; - if (!val) - return 0; - flags = tt->flags; - aclass = flags & ASN1_TFLG_TAG_CLASS; - - p = *in; - - /* - * If field is embedded then val needs fixing so it is a pointer to - * a pointer to a field. - */ - if (tt->flags & ASN1_TFLG_EMBED) { - tval = (ASN1_VALUE *)val; - val = &tval; - } - - if (flags & ASN1_TFLG_SK_MASK) { - /* SET OF, SEQUENCE OF */ - int sktag, skaclass; - char sk_eoc; - /* First work out expected inner tag value */ - if (flags & ASN1_TFLG_IMPTAG) { - sktag = tt->tag; - skaclass = aclass; - } else { - skaclass = V_ASN1_UNIVERSAL; - if (flags & ASN1_TFLG_SET_OF) - sktag = V_ASN1_SET; - else - sktag = V_ASN1_SEQUENCE; - } - /* Get the tag */ - ret = asn1_check_tlen(&len, NULL, NULL, &sk_eoc, NULL, - &p, len, sktag, skaclass, opt, ctx); - if (!ret) { - ERR_raise(ERR_LIB_ASN1, ERR_R_NESTED_ASN1_ERROR); - return 0; - } else if (ret == -1) - return -1; - if (*val == NULL) - *val = (ASN1_VALUE *)sk_ASN1_VALUE_new_null(); - else { - /* - * We've got a valid STACK: free up any items present - */ - STACK_OF(ASN1_VALUE) *sktmp = (STACK_OF(ASN1_VALUE) *)*val; - ASN1_VALUE *vtmp; - while (sk_ASN1_VALUE_num(sktmp) > 0) { - vtmp = sk_ASN1_VALUE_pop(sktmp); - ASN1_item_ex_free(&vtmp, ASN1_ITEM_ptr(tt->item)); - } - } - - if (*val == NULL) { - ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); - goto err; - } - - /* Read as many items as we can */ - while (len > 0) { - ASN1_VALUE *skfield; - q = p; - /* See if EOC found */ - if (asn1_check_eoc(&p, len)) { - if (!sk_eoc) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_UNEXPECTED_EOC); - goto err; - } - len -= p - q; - sk_eoc = 0; - break; - } - skfield = NULL; - if (asn1_item_embed_d2i(&skfield, &p, len, - ASN1_ITEM_ptr(tt->item), -1, 0, 0, ctx, - depth, libctx, propq) <= 0) { - ERR_raise(ERR_LIB_ASN1, ERR_R_NESTED_ASN1_ERROR); - /* |skfield| may be partially allocated despite failure. */ - ASN1_item_free(skfield, ASN1_ITEM_ptr(tt->item)); - goto err; - } - len -= p - q; - if (!sk_ASN1_VALUE_push((STACK_OF(ASN1_VALUE) *)*val, skfield)) { - ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); - ASN1_item_free(skfield, ASN1_ITEM_ptr(tt->item)); - goto err; - } - } - if (sk_eoc) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_MISSING_EOC); - goto err; - } - } else if (flags & ASN1_TFLG_IMPTAG) { - /* IMPLICIT tagging */ - ret = asn1_item_embed_d2i(val, &p, len, - ASN1_ITEM_ptr(tt->item), tt->tag, aclass, opt, - ctx, depth, libctx, propq); - if (!ret) { - ERR_raise(ERR_LIB_ASN1, ERR_R_NESTED_ASN1_ERROR); - goto err; - } else if (ret == -1) - return -1; - } else { - /* Nothing special */ - ret = asn1_item_embed_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item), - -1, 0, opt, ctx, depth, libctx, propq); - if (!ret) { - ERR_raise(ERR_LIB_ASN1, ERR_R_NESTED_ASN1_ERROR); - goto err; - } else if (ret == -1) - return -1; - } - - *in = p; - return 1; - - err: - return 0; -} - -static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, - const unsigned char **in, long inlen, - const ASN1_ITEM *it, - int tag, int aclass, char opt, ASN1_TLC *ctx) -{ - int ret = 0, utype; - long plen; - char cst, inf, free_cont = 0; - const unsigned char *p; - BUF_MEM buf = { 0, NULL, 0, 0 }; - const unsigned char *cont = NULL; - long len; - - if (pval == NULL) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_ILLEGAL_NULL); - return 0; /* Should never happen */ - } - - if (it->itype == ASN1_ITYPE_MSTRING) { - utype = tag; - tag = -1; - } else - utype = it->utype; - - if (utype == V_ASN1_ANY) { - /* If type is ANY need to figure out type from tag */ - unsigned char oclass; - if (tag >= 0) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_ILLEGAL_TAGGED_ANY); - return 0; - } - if (opt) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_ILLEGAL_OPTIONAL_ANY); - return 0; - } - p = *in; - ret = asn1_check_tlen(NULL, &utype, &oclass, NULL, NULL, - &p, inlen, -1, 0, 0, ctx); - if (!ret) { - ERR_raise(ERR_LIB_ASN1, ERR_R_NESTED_ASN1_ERROR); - return 0; - } - if (oclass != V_ASN1_UNIVERSAL) - utype = V_ASN1_OTHER; - } - if (tag == -1) { - tag = utype; - aclass = V_ASN1_UNIVERSAL; - } - p = *in; - /* Check header */ - ret = asn1_check_tlen(&plen, NULL, NULL, &inf, &cst, - &p, inlen, tag, aclass, opt, ctx); - if (!ret) { - ERR_raise(ERR_LIB_ASN1, ERR_R_NESTED_ASN1_ERROR); - return 0; - } else if (ret == -1) - return -1; - ret = 0; - /* SEQUENCE, SET and "OTHER" are left in encoded form */ - if ((utype == V_ASN1_SEQUENCE) - || (utype == V_ASN1_SET) || (utype == V_ASN1_OTHER)) { - /* - * Clear context cache for type OTHER because the auto clear when we - * have a exact match won't work - */ - if (utype == V_ASN1_OTHER) { - asn1_tlc_clear(ctx); - } - /* SEQUENCE and SET must be constructed */ - else if (!cst) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_TYPE_NOT_CONSTRUCTED); - return 0; - } - - cont = *in; - /* If indefinite length constructed find the real end */ - if (inf) { - if (!asn1_find_end(&p, plen, inf)) - goto err; - len = p - cont; - } else { - len = p - cont + plen; - p += plen; - } - } else if (cst) { - if (utype == V_ASN1_NULL || utype == V_ASN1_BOOLEAN - || utype == V_ASN1_OBJECT || utype == V_ASN1_INTEGER - || utype == V_ASN1_ENUMERATED) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_TYPE_NOT_PRIMITIVE); - return 0; - } - - /* Free any returned 'buf' content */ - free_cont = 1; - /* - * Should really check the internal tags are correct but some things - * may get this wrong. The relevant specs say that constructed string - * types should be OCTET STRINGs internally irrespective of the type. - * So instead just check for UNIVERSAL class and ignore the tag. - */ - if (!asn1_collect(&buf, &p, plen, inf, -1, V_ASN1_UNIVERSAL, 0)) { - goto err; - } - len = buf.length; - /* Append a final null to string */ - if (!BUF_MEM_grow_clean(&buf, len + 1)) { - ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); - goto err; - } - buf.data[len] = 0; - cont = (const unsigned char *)buf.data; - } else { - cont = p; - len = plen; - p += plen; - } - - /* We now have content length and type: translate into a structure */ - /* asn1_ex_c2i may reuse allocated buffer, and so sets free_cont to 0 */ - if (!asn1_ex_c2i(pval, cont, len, utype, &free_cont, it)) - goto err; - - *in = p; - ret = 1; - err: - if (free_cont) - OPENSSL_free(buf.data); - return ret; -} - -/* Translate ASN1 content octets into a structure */ - -static int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, - int utype, char *free_cont, const ASN1_ITEM *it) -{ - ASN1_VALUE **opval = NULL; - ASN1_STRING *stmp; - ASN1_TYPE *typ = NULL; - int ret = 0; - const ASN1_PRIMITIVE_FUNCS *pf; - ASN1_INTEGER **tint; - pf = it->funcs; - - if (pf && pf->prim_c2i) - return pf->prim_c2i(pval, cont, len, utype, free_cont, it); - /* If ANY type clear type and set pointer to internal value */ - if (it->utype == V_ASN1_ANY) { - if (*pval == NULL) { - typ = ASN1_TYPE_new(); - if (typ == NULL) - goto err; - *pval = (ASN1_VALUE *)typ; - } else - typ = (ASN1_TYPE *)*pval; - - if (utype != typ->type) - ASN1_TYPE_set(typ, utype, NULL); - opval = pval; - pval = &typ->value.asn1_value; - } - switch (utype) { - case V_ASN1_OBJECT: - if (!ossl_c2i_ASN1_OBJECT((ASN1_OBJECT **)pval, &cont, len)) - goto err; - break; - - case V_ASN1_NULL: - if (len) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_NULL_IS_WRONG_LENGTH); - goto err; - } - *pval = (ASN1_VALUE *)1; - break; - - case V_ASN1_BOOLEAN: - if (len != 1) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_BOOLEAN_IS_WRONG_LENGTH); - goto err; - } else { - ASN1_BOOLEAN *tbool; - tbool = (ASN1_BOOLEAN *)pval; - *tbool = *cont; - } - break; - - case V_ASN1_BIT_STRING: - if (!ossl_c2i_ASN1_BIT_STRING((ASN1_BIT_STRING **)pval, &cont, len)) - goto err; - break; - - case V_ASN1_INTEGER: - case V_ASN1_ENUMERATED: - tint = (ASN1_INTEGER **)pval; - if (!ossl_c2i_ASN1_INTEGER(tint, &cont, len)) - goto err; - /* Fixup type to match the expected form */ - (*tint)->type = utype | ((*tint)->type & V_ASN1_NEG); - break; - - case V_ASN1_OCTET_STRING: - case V_ASN1_NUMERICSTRING: - case V_ASN1_PRINTABLESTRING: - case V_ASN1_T61STRING: - case V_ASN1_VIDEOTEXSTRING: - case V_ASN1_IA5STRING: - case V_ASN1_UTCTIME: - case V_ASN1_GENERALIZEDTIME: - case V_ASN1_GRAPHICSTRING: - case V_ASN1_VISIBLESTRING: - case V_ASN1_GENERALSTRING: - case V_ASN1_UNIVERSALSTRING: - case V_ASN1_BMPSTRING: - case V_ASN1_UTF8STRING: - case V_ASN1_OTHER: - case V_ASN1_SET: - case V_ASN1_SEQUENCE: - default: - if (utype == V_ASN1_BMPSTRING && (len & 1)) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_BMPSTRING_IS_WRONG_LENGTH); - goto err; - } - if (utype == V_ASN1_UNIVERSALSTRING && (len & 3)) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH); - goto err; - } - /* All based on ASN1_STRING and handled the same */ - if (*pval == NULL) { - stmp = ASN1_STRING_type_new(utype); - if (stmp == NULL) { - ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); - goto err; - } - *pval = (ASN1_VALUE *)stmp; - } else { - stmp = (ASN1_STRING *)*pval; - stmp->type = utype; - } - /* If we've already allocated a buffer use it */ - if (*free_cont) { - OPENSSL_free(stmp->data); - stmp->data = (unsigned char *)cont; /* UGLY CAST! RL */ - stmp->length = len; - *free_cont = 0; - } else { - if (!ASN1_STRING_set(stmp, cont, len)) { - ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); - ASN1_STRING_free(stmp); - *pval = NULL; - goto err; - } - } - break; - } - /* If ASN1_ANY and NULL type fix up value */ - if (typ && (utype == V_ASN1_NULL)) - typ->value.ptr = NULL; - - ret = 1; - err: - if (!ret) { - ASN1_TYPE_free(typ); - if (opval) - *opval = NULL; - } - return ret; -} - -/* - * This function finds the end of an ASN1 structure when passed its maximum - * length, whether it is indefinite length and a pointer to the content. This - * is more efficient than calling asn1_collect because it does not recurse on - * each indefinite length header. - */ - -static int asn1_find_end(const unsigned char **in, long len, char inf) -{ - uint32_t expected_eoc; - long plen; - const unsigned char *p = *in, *q; - /* If not indefinite length constructed just add length */ - if (inf == 0) { - *in += len; - return 1; - } - expected_eoc = 1; - /* - * Indefinite length constructed form. Find the end when enough EOCs are - * found. If more indefinite length constructed headers are encountered - * increment the expected eoc count otherwise just skip to the end of the - * data. - */ - while (len > 0) { - if (asn1_check_eoc(&p, len)) { - expected_eoc--; - if (expected_eoc == 0) - break; - len -= 2; - continue; - } - q = p; - /* Just read in a header: only care about the length */ - if (!asn1_check_tlen(&plen, NULL, NULL, &inf, NULL, &p, len, - -1, 0, 0, NULL)) { - ERR_raise(ERR_LIB_ASN1, ERR_R_NESTED_ASN1_ERROR); - return 0; - } - if (inf) { - if (expected_eoc == UINT32_MAX) { - ERR_raise(ERR_LIB_ASN1, ERR_R_NESTED_ASN1_ERROR); - return 0; - } - expected_eoc++; - } else { - p += plen; - } - len -= p - q; - } - if (expected_eoc) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_MISSING_EOC); - return 0; - } - *in = p; - return 1; -} - -/* - * This function collects the asn1 data from a constructed string type into - * a buffer. The values of 'in' and 'len' should refer to the contents of the - * constructed type and 'inf' should be set if it is indefinite length. - */ - -#ifndef ASN1_MAX_STRING_NEST -/* - * This determines how many levels of recursion are permitted in ASN1 string - * types. If it is not limited stack overflows can occur. If set to zero no - * recursion is allowed at all. Although zero should be adequate examples - * exist that require a value of 1. So 5 should be more than enough. - */ -# define ASN1_MAX_STRING_NEST 5 -#endif - -static int asn1_collect(BUF_MEM *buf, const unsigned char **in, long len, - char inf, int tag, int aclass, int depth) -{ - const unsigned char *p, *q; - long plen; - char cst, ininf; - p = *in; - inf &= 1; - /* - * If no buffer and not indefinite length constructed just pass over the - * encoded data - */ - if (!buf && !inf) { - *in += len; - return 1; - } - while (len > 0) { - q = p; - /* Check for EOC */ - if (asn1_check_eoc(&p, len)) { - /* - * EOC is illegal outside indefinite length constructed form - */ - if (!inf) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_UNEXPECTED_EOC); - return 0; - } - inf = 0; - break; - } - - if (!asn1_check_tlen(&plen, NULL, NULL, &ininf, &cst, &p, - len, tag, aclass, 0, NULL)) { - ERR_raise(ERR_LIB_ASN1, ERR_R_NESTED_ASN1_ERROR); - return 0; - } - - /* If indefinite length constructed update max length */ - if (cst) { - if (depth >= ASN1_MAX_STRING_NEST) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_NESTED_ASN1_STRING); - return 0; - } - if (!asn1_collect(buf, &p, plen, ininf, tag, aclass, depth + 1)) - return 0; - } else if (plen && !collect_data(buf, &p, plen)) - return 0; - len -= p - q; - } - if (inf) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_MISSING_EOC); - return 0; - } - *in = p; - return 1; -} - -static int collect_data(BUF_MEM *buf, const unsigned char **p, long plen) -{ - int len; - if (buf) { - len = buf->length; - if (!BUF_MEM_grow_clean(buf, len + plen)) { - ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); - return 0; - } - memcpy(buf->data + len, *p, plen); - } - *p += plen; - return 1; -} - -/* Check for ASN1 EOC and swallow it if found */ - -static int asn1_check_eoc(const unsigned char **in, long len) -{ - const unsigned char *p; - - if (len < 2) - return 0; - p = *in; - if (p[0] == '\0' && p[1] == '\0') { - *in += 2; - return 1; - } - return 0; -} - -/* - * Check an ASN1 tag and length: a bit like ASN1_get_object but it sets the - * length for indefinite length constructed form, we don't know the exact - * length but we can set an upper bound to the amount of data available minus - * the header length just read. - */ - -static int asn1_check_tlen(long *olen, int *otag, unsigned char *oclass, - char *inf, char *cst, - const unsigned char **in, long len, - int exptag, int expclass, char opt, ASN1_TLC *ctx) -{ - int i; - int ptag, pclass; - long plen; - const unsigned char *p, *q; - p = *in; - q = p; - - if (len <= 0) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_TOO_SMALL); - goto err; - } - if (ctx != NULL && ctx->valid) { - i = ctx->ret; - plen = ctx->plen; - pclass = ctx->pclass; - ptag = ctx->ptag; - p += ctx->hdrlen; - } else { - i = ASN1_get_object(&p, &plen, &ptag, &pclass, len); - if (ctx != NULL) { - ctx->ret = i; - ctx->plen = plen; - ctx->pclass = pclass; - ctx->ptag = ptag; - ctx->hdrlen = p - q; - ctx->valid = 1; - /* - * If definite length, and no error, length + header can't exceed - * total amount of data available. - */ - if ((i & 0x81) == 0 && (plen + ctx->hdrlen) > len) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_TOO_LONG); - goto err; - } - } - } - - if ((i & 0x80) != 0) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_BAD_OBJECT_HEADER); - goto err; - } - if (exptag >= 0) { - if (exptag != ptag || expclass != pclass) { - /* - * If type is OPTIONAL, not an error: indicate missing type. - */ - if (opt != 0) - return -1; - ERR_raise(ERR_LIB_ASN1, ASN1_R_WRONG_TAG); - goto err; - } - /* - * We have a tag and class match: assume we are going to do something - * with it - */ - asn1_tlc_clear(ctx); - } - - if ((i & 1) != 0) - plen = len - (p - q); - - if (inf != NULL) - *inf = i & 1; - - if (cst != NULL) - *cst = i & V_ASN1_CONSTRUCTED; - - if (olen != NULL) - *olen = plen; - - if (oclass != NULL) - *oclass = pclass; - - if (otag != NULL) - *otag = ptag; - - *in = p; - return 1; - - err: - asn1_tlc_clear(ctx); - return 0; -} diff --git a/crypto/asn1/tasn_enc.c b/crypto/asn1/tasn_enc.c deleted file mode 100644 index 3ea18b0280ddc5b692f1b807dc61f1b3d1eab4e9..0000000000000000000000000000000000000000 --- a/crypto/asn1/tasn_enc.c +++ /dev/null @@ -1,646 +0,0 @@ -/* - * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include "internal/cryptlib.h" -#include -#include -#include -#include "crypto/asn1.h" -#include "asn1_local.h" - -static int asn1_i2d_ex_primitive(const ASN1_VALUE **pval, unsigned char **out, - const ASN1_ITEM *it, int tag, int aclass); -static int asn1_set_seq_out(STACK_OF(const_ASN1_VALUE) *sk, - unsigned char **out, - int skcontlen, const ASN1_ITEM *item, - int do_sort, int iclass); -static int asn1_template_ex_i2d(const ASN1_VALUE **pval, unsigned char **out, - const ASN1_TEMPLATE *tt, int tag, int aclass); -static int asn1_item_flags_i2d(const ASN1_VALUE *val, unsigned char **out, - const ASN1_ITEM *it, int flags); -static int asn1_ex_i2c(const ASN1_VALUE **pval, unsigned char *cout, int *putype, - const ASN1_ITEM *it); - -/* - * Top level i2d equivalents: the 'ndef' variant instructs the encoder to use - * indefinite length constructed encoding, where appropriate - */ - -int ASN1_item_ndef_i2d(const ASN1_VALUE *val, unsigned char **out, - const ASN1_ITEM *it) -{ - return asn1_item_flags_i2d(val, out, it, ASN1_TFLG_NDEF); -} - -int ASN1_item_i2d(const ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it) -{ - return asn1_item_flags_i2d(val, out, it, 0); -} - -/* - * Encode an ASN1 item, this is use by the standard 'i2d' function. 'out' - * points to a buffer to output the data to. The new i2d has one additional - * feature. If the output buffer is NULL (i.e. *out == NULL) then a buffer is - * allocated and populated with the encoding. - */ - -static int asn1_item_flags_i2d(const ASN1_VALUE *val, unsigned char **out, - const ASN1_ITEM *it, int flags) -{ - if (out != NULL && *out == NULL) { - unsigned char *p, *buf; - int len; - - len = ASN1_item_ex_i2d(&val, NULL, it, -1, flags); - if (len <= 0) - return len; - if ((buf = OPENSSL_malloc(len)) == NULL) { - ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); - return -1; - } - p = buf; - ASN1_item_ex_i2d(&val, &p, it, -1, flags); - *out = buf; - return len; - } - - return ASN1_item_ex_i2d(&val, out, it, -1, flags); -} - -/* - * Encode an item, taking care of IMPLICIT tagging (if any). This function - * performs the normal item handling: it can be used in external types. - */ - -int ASN1_item_ex_i2d(const ASN1_VALUE **pval, unsigned char **out, - const ASN1_ITEM *it, int tag, int aclass) -{ - const ASN1_TEMPLATE *tt = NULL; - int i, seqcontlen, seqlen, ndef = 1; - const ASN1_EXTERN_FUNCS *ef; - const ASN1_AUX *aux = it->funcs; - ASN1_aux_const_cb *asn1_cb = NULL; - - if ((it->itype != ASN1_ITYPE_PRIMITIVE) && *pval == NULL) - return 0; - - if (aux != NULL) { - asn1_cb = ((aux->flags & ASN1_AFLG_CONST_CB) != 0) ? aux->asn1_const_cb - : (ASN1_aux_const_cb *)aux->asn1_cb; /* backward compatibility */ - } - - switch (it->itype) { - - case ASN1_ITYPE_PRIMITIVE: - if (it->templates) - return asn1_template_ex_i2d(pval, out, it->templates, - tag, aclass); - return asn1_i2d_ex_primitive(pval, out, it, tag, aclass); - - case ASN1_ITYPE_MSTRING: - /* - * It never makes sense for multi-strings to have implicit tagging, so - * if tag != -1, then this looks like an error in the template. - */ - if (tag != -1) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_BAD_TEMPLATE); - return -1; - } - return asn1_i2d_ex_primitive(pval, out, it, -1, aclass); - - case ASN1_ITYPE_CHOICE: - /* - * It never makes sense for CHOICE types to have implicit tagging, so - * if tag != -1, then this looks like an error in the template. - */ - if (tag != -1) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_BAD_TEMPLATE); - return -1; - } - if (asn1_cb && !asn1_cb(ASN1_OP_I2D_PRE, pval, it, NULL)) - return 0; - i = ossl_asn1_get_choice_selector_const(pval, it); - if ((i >= 0) && (i < it->tcount)) { - const ASN1_VALUE **pchval; - const ASN1_TEMPLATE *chtt; - chtt = it->templates + i; - pchval = ossl_asn1_get_const_field_ptr(pval, chtt); - return asn1_template_ex_i2d(pchval, out, chtt, -1, aclass); - } - /* Fixme: error condition if selector out of range */ - if (asn1_cb && !asn1_cb(ASN1_OP_I2D_POST, pval, it, NULL)) - return 0; - break; - - case ASN1_ITYPE_EXTERN: - /* If new style i2d it does all the work */ - ef = it->funcs; - return ef->asn1_ex_i2d(pval, out, it, tag, aclass); - - case ASN1_ITYPE_NDEF_SEQUENCE: - /* Use indefinite length constructed if requested */ - if (aclass & ASN1_TFLG_NDEF) - ndef = 2; - /* fall through */ - - case ASN1_ITYPE_SEQUENCE: - i = ossl_asn1_enc_restore(&seqcontlen, out, pval, it); - /* An error occurred */ - if (i < 0) - return 0; - /* We have a valid cached encoding... */ - if (i > 0) - return seqcontlen; - /* Otherwise carry on */ - seqcontlen = 0; - /* If no IMPLICIT tagging set to SEQUENCE, UNIVERSAL */ - if (tag == -1) { - tag = V_ASN1_SEQUENCE; - /* Retain any other flags in aclass */ - aclass = (aclass & ~ASN1_TFLG_TAG_CLASS) - | V_ASN1_UNIVERSAL; - } - if (asn1_cb && !asn1_cb(ASN1_OP_I2D_PRE, pval, it, NULL)) - return 0; - /* First work out sequence content length */ - for (i = 0, tt = it->templates; i < it->tcount; tt++, i++) { - const ASN1_TEMPLATE *seqtt; - const ASN1_VALUE **pseqval; - int tmplen; - seqtt = ossl_asn1_do_adb(*pval, tt, 1); - if (!seqtt) - return 0; - pseqval = ossl_asn1_get_const_field_ptr(pval, seqtt); - tmplen = asn1_template_ex_i2d(pseqval, NULL, seqtt, -1, aclass); - if (tmplen == -1 || (tmplen > INT_MAX - seqcontlen)) - return -1; - seqcontlen += tmplen; - } - - seqlen = ASN1_object_size(ndef, seqcontlen, tag); - if (!out || seqlen == -1) - return seqlen; - /* Output SEQUENCE header */ - ASN1_put_object(out, ndef, seqcontlen, tag, aclass); - for (i = 0, tt = it->templates; i < it->tcount; tt++, i++) { - const ASN1_TEMPLATE *seqtt; - const ASN1_VALUE **pseqval; - seqtt = ossl_asn1_do_adb(*pval, tt, 1); - if (!seqtt) - return 0; - pseqval = ossl_asn1_get_const_field_ptr(pval, seqtt); - /* FIXME: check for errors in enhanced version */ - asn1_template_ex_i2d(pseqval, out, seqtt, -1, aclass); - } - if (ndef == 2) - ASN1_put_eoc(out); - if (asn1_cb && !asn1_cb(ASN1_OP_I2D_POST, pval, it, NULL)) - return 0; - return seqlen; - - default: - return 0; - - } - return 0; -} - -static int asn1_template_ex_i2d(const ASN1_VALUE **pval, unsigned char **out, - const ASN1_TEMPLATE *tt, int tag, int iclass) -{ - const int flags = tt->flags; - int i, ret, ttag, tclass, ndef, len; - const ASN1_VALUE *tval; - - /* - * If field is embedded then val needs fixing so it is a pointer to - * a pointer to a field. - */ - if (flags & ASN1_TFLG_EMBED) { - tval = (ASN1_VALUE *)pval; - pval = &tval; - } - /* - * Work out tag and class to use: tagging may come either from the - * template or the arguments, not both because this would create - * ambiguity. Additionally the iclass argument may contain some - * additional flags which should be noted and passed down to other - * levels. - */ - if (flags & ASN1_TFLG_TAG_MASK) { - /* Error if argument and template tagging */ - if (tag != -1) - /* FIXME: error code here */ - return -1; - /* Get tagging from template */ - ttag = tt->tag; - tclass = flags & ASN1_TFLG_TAG_CLASS; - } else if (tag != -1) { - /* No template tagging, get from arguments */ - ttag = tag; - tclass = iclass & ASN1_TFLG_TAG_CLASS; - } else { - ttag = -1; - tclass = 0; - } - /* - * Remove any class mask from iflag. - */ - iclass &= ~ASN1_TFLG_TAG_CLASS; - - /* - * At this point 'ttag' contains the outer tag to use, 'tclass' is the - * class and iclass is any flags passed to this function. - */ - - /* if template and arguments require ndef, use it */ - if ((flags & ASN1_TFLG_NDEF) && (iclass & ASN1_TFLG_NDEF)) - ndef = 2; - else - ndef = 1; - - if (flags & ASN1_TFLG_SK_MASK) { - /* SET OF, SEQUENCE OF */ - STACK_OF(const_ASN1_VALUE) *sk = (STACK_OF(const_ASN1_VALUE) *)*pval; - int isset, sktag, skaclass; - int skcontlen, sklen; - const ASN1_VALUE *skitem; - - if (*pval == NULL) - return 0; - - if (flags & ASN1_TFLG_SET_OF) { - isset = 1; - /* 2 means we reorder */ - if (flags & ASN1_TFLG_SEQUENCE_OF) - isset = 2; - } else - isset = 0; - - /* - * Work out inner tag value: if EXPLICIT or no tagging use underlying - * type. - */ - if ((ttag != -1) && !(flags & ASN1_TFLG_EXPTAG)) { - sktag = ttag; - skaclass = tclass; - } else { - skaclass = V_ASN1_UNIVERSAL; - if (isset) - sktag = V_ASN1_SET; - else - sktag = V_ASN1_SEQUENCE; - } - - /* Determine total length of items */ - skcontlen = 0; - for (i = 0; i < sk_const_ASN1_VALUE_num(sk); i++) { - skitem = sk_const_ASN1_VALUE_value(sk, i); - len = ASN1_item_ex_i2d(&skitem, NULL, ASN1_ITEM_ptr(tt->item), - -1, iclass); - if (len == -1 || (skcontlen > INT_MAX - len)) - return -1; - if (len == 0 && (tt->flags & ASN1_TFLG_OPTIONAL) == 0) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_ILLEGAL_ZERO_CONTENT); - return -1; - } - skcontlen += len; - } - sklen = ASN1_object_size(ndef, skcontlen, sktag); - if (sklen == -1) - return -1; - /* If EXPLICIT need length of surrounding tag */ - if (flags & ASN1_TFLG_EXPTAG) - ret = ASN1_object_size(ndef, sklen, ttag); - else - ret = sklen; - - if (!out || ret == -1) - return ret; - - /* Now encode this lot... */ - /* EXPLICIT tag */ - if (flags & ASN1_TFLG_EXPTAG) - ASN1_put_object(out, ndef, sklen, ttag, tclass); - /* SET or SEQUENCE and IMPLICIT tag */ - ASN1_put_object(out, ndef, skcontlen, sktag, skaclass); - /* And the stuff itself */ - asn1_set_seq_out(sk, out, skcontlen, ASN1_ITEM_ptr(tt->item), - isset, iclass); - if (ndef == 2) { - ASN1_put_eoc(out); - if (flags & ASN1_TFLG_EXPTAG) - ASN1_put_eoc(out); - } - - return ret; - } - - if (flags & ASN1_TFLG_EXPTAG) { - /* EXPLICIT tagging */ - /* Find length of tagged item */ - i = ASN1_item_ex_i2d(pval, NULL, ASN1_ITEM_ptr(tt->item), -1, iclass); - if (i == 0) { - if ((tt->flags & ASN1_TFLG_OPTIONAL) == 0) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_ILLEGAL_ZERO_CONTENT); - return -1; - } - return 0; - } - /* Find length of EXPLICIT tag */ - ret = ASN1_object_size(ndef, i, ttag); - if (out && ret != -1) { - /* Output tag and item */ - ASN1_put_object(out, ndef, i, ttag, tclass); - ASN1_item_ex_i2d(pval, out, ASN1_ITEM_ptr(tt->item), -1, iclass); - if (ndef == 2) - ASN1_put_eoc(out); - } - return ret; - } - - /* Either normal or IMPLICIT tagging: combine class and flags */ - len = ASN1_item_ex_i2d(pval, out, ASN1_ITEM_ptr(tt->item), - ttag, tclass | iclass); - if (len == 0 && (tt->flags & ASN1_TFLG_OPTIONAL) == 0) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_ILLEGAL_ZERO_CONTENT); - return -1; - } - return len; -} - -/* Temporary structure used to hold DER encoding of items for SET OF */ - -typedef struct { - unsigned char *data; - int length; - const ASN1_VALUE *field; -} DER_ENC; - -static int der_cmp(const void *a, const void *b) -{ - const DER_ENC *d1 = a, *d2 = b; - int cmplen, i; - cmplen = (d1->length < d2->length) ? d1->length : d2->length; - i = memcmp(d1->data, d2->data, cmplen); - if (i) - return i; - return d1->length - d2->length; -} - -/* Output the content octets of SET OF or SEQUENCE OF */ - -static int asn1_set_seq_out(STACK_OF(const_ASN1_VALUE) *sk, - unsigned char **out, - int skcontlen, const ASN1_ITEM *item, - int do_sort, int iclass) -{ - int i, ret = 0; - const ASN1_VALUE *skitem; - unsigned char *tmpdat = NULL, *p = NULL; - DER_ENC *derlst = NULL, *tder; - - if (do_sort) { - /* Don't need to sort less than 2 items */ - if (sk_const_ASN1_VALUE_num(sk) < 2) - do_sort = 0; - else { - derlst = OPENSSL_malloc(sk_const_ASN1_VALUE_num(sk) - * sizeof(*derlst)); - if (derlst == NULL) { - ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); - return 0; - } - tmpdat = OPENSSL_malloc(skcontlen); - if (tmpdat == NULL) { - ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); - goto err; - } - } - } - /* If not sorting just output each item */ - if (!do_sort) { - for (i = 0; i < sk_const_ASN1_VALUE_num(sk); i++) { - skitem = sk_const_ASN1_VALUE_value(sk, i); - ASN1_item_ex_i2d(&skitem, out, item, -1, iclass); - } - return 1; - } - p = tmpdat; - - /* Doing sort: build up a list of each member's DER encoding */ - for (i = 0, tder = derlst; i < sk_const_ASN1_VALUE_num(sk); i++, tder++) { - skitem = sk_const_ASN1_VALUE_value(sk, i); - tder->data = p; - tder->length = ASN1_item_ex_i2d(&skitem, &p, item, -1, iclass); - tder->field = skitem; - } - - /* Now sort them */ - qsort(derlst, sk_const_ASN1_VALUE_num(sk), sizeof(*derlst), der_cmp); - /* Output sorted DER encoding */ - p = *out; - for (i = 0, tder = derlst; i < sk_const_ASN1_VALUE_num(sk); i++, tder++) { - memcpy(p, tder->data, tder->length); - p += tder->length; - } - *out = p; - /* If do_sort is 2 then reorder the STACK */ - if (do_sort == 2) { - for (i = 0, tder = derlst; i < sk_const_ASN1_VALUE_num(sk); i++, tder++) - (void)sk_const_ASN1_VALUE_set(sk, i, tder->field); - } - ret = 1; -err: - OPENSSL_free(derlst); - OPENSSL_free(tmpdat); - return ret; -} - -static int asn1_i2d_ex_primitive(const ASN1_VALUE **pval, unsigned char **out, - const ASN1_ITEM *it, int tag, int aclass) -{ - int len; - int utype; - int usetag; - int ndef = 0; - - utype = it->utype; - - /* - * Get length of content octets and maybe find out the underlying type. - */ - - len = asn1_ex_i2c(pval, NULL, &utype, it); - - /* - * If SEQUENCE, SET or OTHER then header is included in pseudo content - * octets so don't include tag+length. We need to check here because the - * call to asn1_ex_i2c() could change utype. - */ - if ((utype == V_ASN1_SEQUENCE) || (utype == V_ASN1_SET) || - (utype == V_ASN1_OTHER)) - usetag = 0; - else - usetag = 1; - - /* -1 means omit type */ - - if (len == -1) - return 0; - - /* -2 return is special meaning use ndef */ - if (len == -2) { - ndef = 2; - len = 0; - } - - /* If not implicitly tagged get tag from underlying type */ - if (tag == -1) - tag = utype; - - /* Output tag+length followed by content octets */ - if (out) { - if (usetag) - ASN1_put_object(out, ndef, len, tag, aclass); - asn1_ex_i2c(pval, *out, &utype, it); - if (ndef) - ASN1_put_eoc(out); - else - *out += len; - } - - if (usetag) - return ASN1_object_size(ndef, len, tag); - return len; -} - -/* Produce content octets from a structure */ - -static int asn1_ex_i2c(const ASN1_VALUE **pval, unsigned char *cout, int *putype, - const ASN1_ITEM *it) -{ - ASN1_BOOLEAN *tbool = NULL; - ASN1_STRING *strtmp; - ASN1_OBJECT *otmp; - int utype; - const unsigned char *cont; - unsigned char c; - int len; - const ASN1_PRIMITIVE_FUNCS *pf; - pf = it->funcs; - if (pf && pf->prim_i2c) - return pf->prim_i2c(pval, cout, putype, it); - - /* Should type be omitted? */ - if ((it->itype != ASN1_ITYPE_PRIMITIVE) - || (it->utype != V_ASN1_BOOLEAN)) { - if (*pval == NULL) - return -1; - } - - if (it->itype == ASN1_ITYPE_MSTRING) { - /* If MSTRING type set the underlying type */ - strtmp = (ASN1_STRING *)*pval; - utype = strtmp->type; - *putype = utype; - } else if (it->utype == V_ASN1_ANY) { - /* If ANY set type and pointer to value */ - ASN1_TYPE *typ; - typ = (ASN1_TYPE *)*pval; - utype = typ->type; - *putype = utype; - pval = (const ASN1_VALUE **)&typ->value.asn1_value; /* actually is const */ - } else - utype = *putype; - - switch (utype) { - case V_ASN1_OBJECT: - otmp = (ASN1_OBJECT *)*pval; - cont = otmp->data; - len = otmp->length; - if (cont == NULL || len == 0) - return -1; - break; - - case V_ASN1_NULL: - cont = NULL; - len = 0; - break; - - case V_ASN1_BOOLEAN: - tbool = (ASN1_BOOLEAN *)pval; - if (*tbool == -1) - return -1; - if (it->utype != V_ASN1_ANY) { - /* - * Default handling if value == size field then omit - */ - if (*tbool && (it->size > 0)) - return -1; - if (!*tbool && !it->size) - return -1; - } - c = (unsigned char)*tbool; - cont = &c; - len = 1; - break; - - case V_ASN1_BIT_STRING: - return ossl_i2c_ASN1_BIT_STRING((ASN1_BIT_STRING *)*pval, - cout ? &cout : NULL); - - case V_ASN1_INTEGER: - case V_ASN1_ENUMERATED: - /* - * These are all have the same content format as ASN1_INTEGER - */ - return ossl_i2c_ASN1_INTEGER((ASN1_INTEGER *)*pval, cout ? &cout : NULL); - - case V_ASN1_OCTET_STRING: - case V_ASN1_NUMERICSTRING: - case V_ASN1_PRINTABLESTRING: - case V_ASN1_T61STRING: - case V_ASN1_VIDEOTEXSTRING: - case V_ASN1_IA5STRING: - case V_ASN1_UTCTIME: - case V_ASN1_GENERALIZEDTIME: - case V_ASN1_GRAPHICSTRING: - case V_ASN1_VISIBLESTRING: - case V_ASN1_GENERALSTRING: - case V_ASN1_UNIVERSALSTRING: - case V_ASN1_BMPSTRING: - case V_ASN1_UTF8STRING: - case V_ASN1_SEQUENCE: - case V_ASN1_SET: - default: - /* All based on ASN1_STRING and handled the same */ - strtmp = (ASN1_STRING *)*pval; - /* Special handling for NDEF */ - if ((it->size == ASN1_TFLG_NDEF) - && (strtmp->flags & ASN1_STRING_FLAG_NDEF)) { - if (cout) { - strtmp->data = cout; - strtmp->length = 0; - } - /* Special return code */ - return -2; - } - cont = strtmp->data; - len = strtmp->length; - - break; - - } - if (cout && len) - memcpy(cout, cont, len); - return len; -} diff --git a/crypto/asn1/tasn_fre.c b/crypto/asn1/tasn_fre.c deleted file mode 100644 index 13aa6a728e2cce88ca3418afd07a395fb8758004..0000000000000000000000000000000000000000 --- a/crypto/asn1/tasn_fre.c +++ /dev/null @@ -1,208 +0,0 @@ -/* - * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include -#include "asn1_local.h" - -/* Free up an ASN1 structure */ - -void ASN1_item_free(ASN1_VALUE *val, const ASN1_ITEM *it) -{ - ossl_asn1_item_embed_free(&val, it, 0); -} - -void ASN1_item_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it) -{ - ossl_asn1_item_embed_free(pval, it, 0); -} - -void ossl_asn1_item_embed_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed) -{ - const ASN1_TEMPLATE *tt = NULL, *seqtt; - const ASN1_EXTERN_FUNCS *ef; - const ASN1_AUX *aux = it->funcs; - ASN1_aux_cb *asn1_cb; - int i; - - if (pval == NULL) - return; - if ((it->itype != ASN1_ITYPE_PRIMITIVE) && *pval == NULL) - return; - if (aux && aux->asn1_cb) - asn1_cb = aux->asn1_cb; - else - asn1_cb = 0; - - switch (it->itype) { - - case ASN1_ITYPE_PRIMITIVE: - if (it->templates) - ossl_asn1_template_free(pval, it->templates); - else - ossl_asn1_primitive_free(pval, it, embed); - break; - - case ASN1_ITYPE_MSTRING: - ossl_asn1_primitive_free(pval, it, embed); - break; - - case ASN1_ITYPE_CHOICE: - if (asn1_cb) { - i = asn1_cb(ASN1_OP_FREE_PRE, pval, it, NULL); - if (i == 2) - return; - } - i = ossl_asn1_get_choice_selector(pval, it); - if ((i >= 0) && (i < it->tcount)) { - ASN1_VALUE **pchval; - - tt = it->templates + i; - pchval = ossl_asn1_get_field_ptr(pval, tt); - ossl_asn1_template_free(pchval, tt); - } - if (asn1_cb) - asn1_cb(ASN1_OP_FREE_POST, pval, it, NULL); - if (embed == 0) { - OPENSSL_free(*pval); - *pval = NULL; - } - break; - - case ASN1_ITYPE_EXTERN: - ef = it->funcs; - if (ef && ef->asn1_ex_free) - ef->asn1_ex_free(pval, it); - break; - - case ASN1_ITYPE_NDEF_SEQUENCE: - case ASN1_ITYPE_SEQUENCE: - if (ossl_asn1_do_lock(pval, -1, it) != 0) /* if error or ref-counter > 0 */ - return; - if (asn1_cb) { - i = asn1_cb(ASN1_OP_FREE_PRE, pval, it, NULL); - if (i == 2) - return; - } - ossl_asn1_enc_free(pval, it); - /* - * If we free up as normal we will invalidate any ANY DEFINED BY - * field and we won't be able to determine the type of the field it - * defines. So free up in reverse order. - */ - tt = it->templates + it->tcount; - for (i = 0; i < it->tcount; i++) { - ASN1_VALUE **pseqval; - - tt--; - seqtt = ossl_asn1_do_adb(*pval, tt, 0); - if (!seqtt) - continue; - pseqval = ossl_asn1_get_field_ptr(pval, seqtt); - ossl_asn1_template_free(pseqval, seqtt); - } - if (asn1_cb) - asn1_cb(ASN1_OP_FREE_POST, pval, it, NULL); - if (embed == 0) { - OPENSSL_free(*pval); - *pval = NULL; - } - break; - } -} - -void ossl_asn1_template_free(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt) -{ - int embed = tt->flags & ASN1_TFLG_EMBED; - ASN1_VALUE *tval; - if (embed) { - tval = (ASN1_VALUE *)pval; - pval = &tval; - } - if (tt->flags & ASN1_TFLG_SK_MASK) { - STACK_OF(ASN1_VALUE) *sk = (STACK_OF(ASN1_VALUE) *)*pval; - int i; - - for (i = 0; i < sk_ASN1_VALUE_num(sk); i++) { - ASN1_VALUE *vtmp = sk_ASN1_VALUE_value(sk, i); - - ossl_asn1_item_embed_free(&vtmp, ASN1_ITEM_ptr(tt->item), embed); - } - sk_ASN1_VALUE_free(sk); - *pval = NULL; - } else { - ossl_asn1_item_embed_free(pval, ASN1_ITEM_ptr(tt->item), embed); - } -} - -void ossl_asn1_primitive_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed) -{ - int utype; - - /* Special case: if 'it' is a primitive with a free_func, use that. */ - if (it) { - const ASN1_PRIMITIVE_FUNCS *pf = it->funcs; - - if (embed) { - if (pf && pf->prim_clear) { - pf->prim_clear(pval, it); - return; - } - } else if (pf && pf->prim_free) { - pf->prim_free(pval, it); - return; - } - } - - /* Special case: if 'it' is NULL, free contents of ASN1_TYPE */ - if (!it) { - ASN1_TYPE *typ = (ASN1_TYPE *)*pval; - - utype = typ->type; - pval = &typ->value.asn1_value; - if (*pval == NULL) - return; - } else if (it->itype == ASN1_ITYPE_MSTRING) { - utype = -1; - if (*pval == NULL) - return; - } else { - utype = it->utype; - if ((utype != V_ASN1_BOOLEAN) && *pval == NULL) - return; - } - - switch (utype) { - case V_ASN1_OBJECT: - ASN1_OBJECT_free((ASN1_OBJECT *)*pval); - break; - - case V_ASN1_BOOLEAN: - if (it) - *(ASN1_BOOLEAN *)pval = it->size; - else - *(ASN1_BOOLEAN *)pval = -1; - return; - - case V_ASN1_NULL: - break; - - case V_ASN1_ANY: - ossl_asn1_primitive_free(pval, NULL, 0); - OPENSSL_free(*pval); - break; - - default: - ossl_asn1_string_embed_free((ASN1_STRING *)*pval, embed); - break; - } - *pval = NULL; -} diff --git a/crypto/asn1/tasn_new.c b/crypto/asn1/tasn_new.c deleted file mode 100644 index 4b624bbdd4e59005b8b9c32d37dd564f173b354b..0000000000000000000000000000000000000000 --- a/crypto/asn1/tasn_new.c +++ /dev/null @@ -1,348 +0,0 @@ -/* - * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include -#include -#include -#include "asn1_local.h" - -static int asn1_item_embed_new(ASN1_VALUE **pval, const ASN1_ITEM *it, - int embed, OSSL_LIB_CTX *libctx, - const char *propq); -static int asn1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it, - int embed); -static void asn1_item_clear(ASN1_VALUE **pval, const ASN1_ITEM *it); -static int asn1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt, - OSSL_LIB_CTX *libctx, const char *propq); -static void asn1_template_clear(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt); -static void asn1_primitive_clear(ASN1_VALUE **pval, const ASN1_ITEM *it); - -ASN1_VALUE *ASN1_item_new(const ASN1_ITEM *it) -{ - ASN1_VALUE *ret = NULL; - if (ASN1_item_ex_new(&ret, it) > 0) - return ret; - return NULL; -} - -ASN1_VALUE *ASN1_item_new_ex(const ASN1_ITEM *it, OSSL_LIB_CTX *libctx, - const char *propq) -{ - ASN1_VALUE *ret = NULL; - if (asn1_item_embed_new(&ret, it, 0, libctx, propq) > 0) - return ret; - return NULL; -} - -/* Allocate an ASN1 structure */ - - -int ossl_asn1_item_ex_new_intern(ASN1_VALUE **pval, const ASN1_ITEM *it, - OSSL_LIB_CTX *libctx, const char *propq) -{ - return asn1_item_embed_new(pval, it, 0, libctx, propq); -} - -int ASN1_item_ex_new(ASN1_VALUE **pval, const ASN1_ITEM *it) -{ - return asn1_item_embed_new(pval, it, 0, NULL, NULL); -} - -int asn1_item_embed_new(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed, - OSSL_LIB_CTX *libctx, const char *propq) -{ - const ASN1_TEMPLATE *tt = NULL; - const ASN1_EXTERN_FUNCS *ef; - const ASN1_AUX *aux = it->funcs; - ASN1_aux_cb *asn1_cb; - ASN1_VALUE **pseqval; - int i; - if (aux && aux->asn1_cb) - asn1_cb = aux->asn1_cb; - else - asn1_cb = 0; - - switch (it->itype) { - - case ASN1_ITYPE_EXTERN: - ef = it->funcs; - if (ef != NULL) { - if (ef->asn1_ex_new_ex != NULL) { - if (!ef->asn1_ex_new_ex(pval, it, libctx, propq)) - goto memerr; - } else if (ef->asn1_ex_new != NULL) { - if (!ef->asn1_ex_new(pval, it)) - goto memerr; - } - } - break; - - case ASN1_ITYPE_PRIMITIVE: - if (it->templates) { - if (!asn1_template_new(pval, it->templates, libctx, propq)) - goto memerr; - } else if (!asn1_primitive_new(pval, it, embed)) - goto memerr; - break; - - case ASN1_ITYPE_MSTRING: - if (!asn1_primitive_new(pval, it, embed)) - goto memerr; - break; - - case ASN1_ITYPE_CHOICE: - if (asn1_cb) { - i = asn1_cb(ASN1_OP_NEW_PRE, pval, it, NULL); - if (!i) - goto auxerr; - if (i == 2) { - return 1; - } - } - if (embed) { - memset(*pval, 0, it->size); - } else { - *pval = OPENSSL_zalloc(it->size); - if (*pval == NULL) - goto memerr; - } - ossl_asn1_set_choice_selector(pval, -1, it); - if (asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it, NULL)) - goto auxerr2; - break; - - case ASN1_ITYPE_NDEF_SEQUENCE: - case ASN1_ITYPE_SEQUENCE: - if (asn1_cb) { - i = asn1_cb(ASN1_OP_NEW_PRE, pval, it, NULL); - if (!i) - goto auxerr; - if (i == 2) { - return 1; - } - } - if (embed) { - memset(*pval, 0, it->size); - } else { - *pval = OPENSSL_zalloc(it->size); - if (*pval == NULL) - goto memerr; - } - /* 0 : init. lock */ - if (ossl_asn1_do_lock(pval, 0, it) < 0) { - if (!embed) { - OPENSSL_free(*pval); - *pval = NULL; - } - goto memerr; - } - ossl_asn1_enc_init(pval, it); - for (i = 0, tt = it->templates; i < it->tcount; tt++, i++) { - pseqval = ossl_asn1_get_field_ptr(pval, tt); - if (!asn1_template_new(pseqval, tt, libctx, propq)) - goto memerr2; - } - if (asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it, NULL)) - goto auxerr2; - break; - } - return 1; - - memerr2: - ossl_asn1_item_embed_free(pval, it, embed); - memerr: - ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); - return 0; - - auxerr2: - ossl_asn1_item_embed_free(pval, it, embed); - auxerr: - ERR_raise(ERR_LIB_ASN1, ASN1_R_AUX_ERROR); - return 0; - -} - -static void asn1_item_clear(ASN1_VALUE **pval, const ASN1_ITEM *it) -{ - const ASN1_EXTERN_FUNCS *ef; - - switch (it->itype) { - - case ASN1_ITYPE_EXTERN: - ef = it->funcs; - if (ef && ef->asn1_ex_clear) - ef->asn1_ex_clear(pval, it); - else - *pval = NULL; - break; - - case ASN1_ITYPE_PRIMITIVE: - if (it->templates) - asn1_template_clear(pval, it->templates); - else - asn1_primitive_clear(pval, it); - break; - - case ASN1_ITYPE_MSTRING: - asn1_primitive_clear(pval, it); - break; - - case ASN1_ITYPE_CHOICE: - case ASN1_ITYPE_SEQUENCE: - case ASN1_ITYPE_NDEF_SEQUENCE: - *pval = NULL; - break; - } -} - -static int asn1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt, - OSSL_LIB_CTX *libctx, const char *propq) -{ - const ASN1_ITEM *it = ASN1_ITEM_ptr(tt->item); - int embed = tt->flags & ASN1_TFLG_EMBED; - ASN1_VALUE *tval; - int ret; - if (embed) { - tval = (ASN1_VALUE *)pval; - pval = &tval; - } - if (tt->flags & ASN1_TFLG_OPTIONAL) { - asn1_template_clear(pval, tt); - return 1; - } - /* If ANY DEFINED BY nothing to do */ - - if (tt->flags & ASN1_TFLG_ADB_MASK) { - *pval = NULL; - return 1; - } - /* If SET OF or SEQUENCE OF, its a STACK */ - if (tt->flags & ASN1_TFLG_SK_MASK) { - STACK_OF(ASN1_VALUE) *skval; - skval = sk_ASN1_VALUE_new_null(); - if (!skval) { - ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); - ret = 0; - goto done; - } - *pval = (ASN1_VALUE *)skval; - ret = 1; - goto done; - } - /* Otherwise pass it back to the item routine */ - ret = asn1_item_embed_new(pval, it, embed, libctx, propq); - done: - return ret; -} - -static void asn1_template_clear(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt) -{ - /* If ADB or STACK just NULL the field */ - if (tt->flags & (ASN1_TFLG_ADB_MASK | ASN1_TFLG_SK_MASK)) - *pval = NULL; - else - asn1_item_clear(pval, ASN1_ITEM_ptr(tt->item)); -} - -/* - * NB: could probably combine most of the real XXX_new() behaviour and junk - * all the old functions. - */ - -static int asn1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it, - int embed) -{ - ASN1_TYPE *typ; - ASN1_STRING *str; - int utype; - - if (!it) - return 0; - - if (it->funcs) { - const ASN1_PRIMITIVE_FUNCS *pf = it->funcs; - if (embed) { - if (pf->prim_clear) { - pf->prim_clear(pval, it); - return 1; - } - } else if (pf->prim_new) { - return pf->prim_new(pval, it); - } - } - - if (it->itype == ASN1_ITYPE_MSTRING) - utype = -1; - else - utype = it->utype; - switch (utype) { - case V_ASN1_OBJECT: - *pval = (ASN1_VALUE *)OBJ_nid2obj(NID_undef); - return 1; - - case V_ASN1_BOOLEAN: - *(ASN1_BOOLEAN *)pval = it->size; - return 1; - - case V_ASN1_NULL: - *pval = (ASN1_VALUE *)1; - return 1; - - case V_ASN1_ANY: - if ((typ = OPENSSL_malloc(sizeof(*typ))) == NULL) { - ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); - return 0; - } - typ->value.ptr = NULL; - typ->type = -1; - *pval = (ASN1_VALUE *)typ; - break; - - default: - if (embed) { - str = *(ASN1_STRING **)pval; - memset(str, 0, sizeof(*str)); - str->type = utype; - str->flags = ASN1_STRING_FLAG_EMBED; - } else { - str = ASN1_STRING_type_new(utype); - *pval = (ASN1_VALUE *)str; - } - if (it->itype == ASN1_ITYPE_MSTRING && str) - str->flags |= ASN1_STRING_FLAG_MSTRING; - break; - } - if (*pval) - return 1; - return 0; -} - -static void asn1_primitive_clear(ASN1_VALUE **pval, const ASN1_ITEM *it) -{ - int utype; - if (it && it->funcs) { - const ASN1_PRIMITIVE_FUNCS *pf = it->funcs; - if (pf->prim_clear) - pf->prim_clear(pval, it); - else - *pval = NULL; - return; - } - if (!it || (it->itype == ASN1_ITYPE_MSTRING)) - utype = -1; - else - utype = it->utype; - if (utype == V_ASN1_BOOLEAN) - *(ASN1_BOOLEAN *)pval = it->size; - else - *pval = NULL; -} diff --git a/crypto/asn1/tasn_prn.c b/crypto/asn1/tasn_prn.c deleted file mode 100644 index 7d8618e26c221ac8525ef0517f73e448a1d6a488..0000000000000000000000000000000000000000 --- a/crypto/asn1/tasn_prn.c +++ /dev/null @@ -1,539 +0,0 @@ -/* - * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/cryptlib.h" -#include -#include -#include -#include -#include -#include -#include "crypto/asn1.h" -#include "asn1_local.h" - -/* - * Print routines. - */ - -/* ASN1_PCTX routines */ - -static ASN1_PCTX default_pctx = { - ASN1_PCTX_FLAGS_SHOW_ABSENT, /* flags */ - 0, /* nm_flags */ - 0, /* cert_flags */ - 0, /* oid_flags */ - 0 /* str_flags */ -}; - -ASN1_PCTX *ASN1_PCTX_new(void) -{ - ASN1_PCTX *ret; - - ret = OPENSSL_zalloc(sizeof(*ret)); - if (ret == NULL) { - ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); - return NULL; - } - return ret; -} - -void ASN1_PCTX_free(ASN1_PCTX *p) -{ - OPENSSL_free(p); -} - -unsigned long ASN1_PCTX_get_flags(const ASN1_PCTX *p) -{ - return p->flags; -} - -void ASN1_PCTX_set_flags(ASN1_PCTX *p, unsigned long flags) -{ - p->flags = flags; -} - -unsigned long ASN1_PCTX_get_nm_flags(const ASN1_PCTX *p) -{ - return p->nm_flags; -} - -void ASN1_PCTX_set_nm_flags(ASN1_PCTX *p, unsigned long flags) -{ - p->nm_flags = flags; -} - -unsigned long ASN1_PCTX_get_cert_flags(const ASN1_PCTX *p) -{ - return p->cert_flags; -} - -void ASN1_PCTX_set_cert_flags(ASN1_PCTX *p, unsigned long flags) -{ - p->cert_flags = flags; -} - -unsigned long ASN1_PCTX_get_oid_flags(const ASN1_PCTX *p) -{ - return p->oid_flags; -} - -void ASN1_PCTX_set_oid_flags(ASN1_PCTX *p, unsigned long flags) -{ - p->oid_flags = flags; -} - -unsigned long ASN1_PCTX_get_str_flags(const ASN1_PCTX *p) -{ - return p->str_flags; -} - -void ASN1_PCTX_set_str_flags(ASN1_PCTX *p, unsigned long flags) -{ - p->str_flags = flags; -} - -/* Main print routines */ - -static int asn1_item_print_ctx(BIO *out, const ASN1_VALUE **fld, int indent, - const ASN1_ITEM *it, - const char *fname, const char *sname, - int nohdr, const ASN1_PCTX *pctx); - -static int asn1_template_print_ctx(BIO *out, const ASN1_VALUE **fld, int indent, - const ASN1_TEMPLATE *tt, const ASN1_PCTX *pctx); - -static int asn1_primitive_print(BIO *out, const ASN1_VALUE **fld, - const ASN1_ITEM *it, int indent, - const char *fname, const char *sname, - const ASN1_PCTX *pctx); - -static int asn1_print_fsname(BIO *out, int indent, - const char *fname, const char *sname, - const ASN1_PCTX *pctx); - -int ASN1_item_print(BIO *out, const ASN1_VALUE *ifld, int indent, - const ASN1_ITEM *it, const ASN1_PCTX *pctx) -{ - const char *sname; - if (pctx == NULL) - pctx = &default_pctx; - if (pctx->flags & ASN1_PCTX_FLAGS_NO_STRUCT_NAME) - sname = NULL; - else - sname = it->sname; - return asn1_item_print_ctx(out, &ifld, indent, it, NULL, sname, 0, pctx); -} - -static int asn1_item_print_ctx(BIO *out, const ASN1_VALUE **fld, int indent, - const ASN1_ITEM *it, - const char *fname, const char *sname, - int nohdr, const ASN1_PCTX *pctx) -{ - const ASN1_TEMPLATE *tt; - const ASN1_EXTERN_FUNCS *ef; - const ASN1_VALUE **tmpfld; - const ASN1_AUX *aux = it->funcs; - ASN1_aux_const_cb *asn1_cb = NULL; - ASN1_PRINT_ARG parg; - int i; - if (aux != NULL) { - parg.out = out; - parg.indent = indent; - parg.pctx = pctx; - asn1_cb = ((aux->flags & ASN1_AFLG_CONST_CB) != 0) ? aux->asn1_const_cb - : (ASN1_aux_const_cb *)aux->asn1_cb; /* backward compatibility */ - } - - if (((it->itype != ASN1_ITYPE_PRIMITIVE) - || (it->utype != V_ASN1_BOOLEAN)) && *fld == NULL) { - if (pctx->flags & ASN1_PCTX_FLAGS_SHOW_ABSENT) { - if (!nohdr && !asn1_print_fsname(out, indent, fname, sname, pctx)) - return 0; - if (BIO_puts(out, "\n") <= 0) - return 0; - } - return 1; - } - - switch (it->itype) { - case ASN1_ITYPE_PRIMITIVE: - if (it->templates) { - if (!asn1_template_print_ctx(out, fld, indent, - it->templates, pctx)) - return 0; - break; - } - /* fall through */ - case ASN1_ITYPE_MSTRING: - if (!asn1_primitive_print(out, fld, it, indent, fname, sname, pctx)) - return 0; - break; - - case ASN1_ITYPE_EXTERN: - if (!nohdr && !asn1_print_fsname(out, indent, fname, sname, pctx)) - return 0; - /* Use new style print routine if possible */ - ef = it->funcs; - if (ef && ef->asn1_ex_print) { - i = ef->asn1_ex_print(out, fld, indent, "", pctx); - if (!i) - return 0; - if ((i == 2) && (BIO_puts(out, "\n") <= 0)) - return 0; - return 1; - } else if (sname && - BIO_printf(out, ":EXTERNAL TYPE %s\n", sname) <= 0) - return 0; - break; - - case ASN1_ITYPE_CHOICE: - /* CHOICE type, get selector */ - i = ossl_asn1_get_choice_selector_const(fld, it); - /* This should never happen... */ - if ((i < 0) || (i >= it->tcount)) { - if (BIO_printf(out, "ERROR: selector [%d] invalid\n", i) <= 0) - return 0; - return 1; - } - tt = it->templates + i; - tmpfld = ossl_asn1_get_const_field_ptr(fld, tt); - if (!asn1_template_print_ctx(out, tmpfld, indent, tt, pctx)) - return 0; - break; - - case ASN1_ITYPE_SEQUENCE: - case ASN1_ITYPE_NDEF_SEQUENCE: - if (!nohdr && !asn1_print_fsname(out, indent, fname, sname, pctx)) - return 0; - if (fname || sname) { - if (pctx->flags & ASN1_PCTX_FLAGS_SHOW_SEQUENCE) { - if (BIO_puts(out, " {\n") <= 0) - return 0; - } else { - if (BIO_puts(out, "\n") <= 0) - return 0; - } - } - - if (asn1_cb) { - i = asn1_cb(ASN1_OP_PRINT_PRE, fld, it, &parg); - if (i == 0) - return 0; - if (i == 2) - return 1; - } - - /* Print each field entry */ - for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) { - const ASN1_TEMPLATE *seqtt; - seqtt = ossl_asn1_do_adb(*fld, tt, 1); - if (!seqtt) - return 0; - tmpfld = ossl_asn1_get_const_field_ptr(fld, seqtt); - if (!asn1_template_print_ctx(out, tmpfld, - indent + 2, seqtt, pctx)) - return 0; - } - if (pctx->flags & ASN1_PCTX_FLAGS_SHOW_SEQUENCE) { - if (BIO_printf(out, "%*s}\n", indent, "") < 0) - return 0; - } - - if (asn1_cb) { - i = asn1_cb(ASN1_OP_PRINT_POST, fld, it, &parg); - if (i == 0) - return 0; - } - break; - - default: - BIO_printf(out, "Unprocessed type %d\n", it->itype); - return 0; - } - - return 1; -} - -static int asn1_template_print_ctx(BIO *out, const ASN1_VALUE **fld, int indent, - const ASN1_TEMPLATE *tt, const ASN1_PCTX *pctx) -{ - int i, flags; - const char *sname, *fname; - const ASN1_VALUE *tfld; - flags = tt->flags; - if (pctx->flags & ASN1_PCTX_FLAGS_SHOW_FIELD_STRUCT_NAME) - sname = ASN1_ITEM_ptr(tt->item)->sname; - else - sname = NULL; - if (pctx->flags & ASN1_PCTX_FLAGS_NO_FIELD_NAME) - fname = NULL; - else - fname = tt->field_name; - - /* - * If field is embedded then fld needs fixing so it is a pointer to - * a pointer to a field. - */ - if (flags & ASN1_TFLG_EMBED) { - tfld = (const ASN1_VALUE *)fld; - fld = &tfld; - } - - if (flags & ASN1_TFLG_SK_MASK) { - char *tname; - const ASN1_VALUE *skitem; - STACK_OF(const_ASN1_VALUE) *stack; - - /* SET OF, SEQUENCE OF */ - if (fname) { - if (pctx->flags & ASN1_PCTX_FLAGS_SHOW_SSOF) { - if (flags & ASN1_TFLG_SET_OF) - tname = "SET"; - else - tname = "SEQUENCE"; - if (BIO_printf(out, "%*s%s OF %s {\n", - indent, "", tname, tt->field_name) <= 0) - return 0; - } else if (BIO_printf(out, "%*s%s:\n", indent, "", fname) <= 0) - return 0; - } - stack = (STACK_OF(const_ASN1_VALUE) *)*fld; - for (i = 0; i < sk_const_ASN1_VALUE_num(stack); i++) { - if ((i > 0) && (BIO_puts(out, "\n") <= 0)) - return 0; - - skitem = sk_const_ASN1_VALUE_value(stack, i); - if (!asn1_item_print_ctx(out, &skitem, indent + 2, - ASN1_ITEM_ptr(tt->item), NULL, NULL, 1, - pctx)) - return 0; - } - if (i == 0 && BIO_printf(out, "%*s<%s>\n", indent + 2, "", - stack == NULL ? "ABSENT" : "EMPTY") <= 0) - return 0; - if (pctx->flags & ASN1_PCTX_FLAGS_SHOW_SEQUENCE) { - if (BIO_printf(out, "%*s}\n", indent, "") <= 0) - return 0; - } - return 1; - } - return asn1_item_print_ctx(out, fld, indent, ASN1_ITEM_ptr(tt->item), - fname, sname, 0, pctx); -} - -static int asn1_print_fsname(BIO *out, int indent, - const char *fname, const char *sname, - const ASN1_PCTX *pctx) -{ - static const char spaces[] = " "; - static const int nspaces = sizeof(spaces) - 1; - - while (indent > nspaces) { - if (BIO_write(out, spaces, nspaces) != nspaces) - return 0; - indent -= nspaces; - } - if (BIO_write(out, spaces, indent) != indent) - return 0; - if (pctx->flags & ASN1_PCTX_FLAGS_NO_STRUCT_NAME) - sname = NULL; - if (pctx->flags & ASN1_PCTX_FLAGS_NO_FIELD_NAME) - fname = NULL; - if (!sname && !fname) - return 1; - if (fname) { - if (BIO_puts(out, fname) <= 0) - return 0; - } - if (sname) { - if (fname) { - if (BIO_printf(out, " (%s)", sname) <= 0) - return 0; - } else { - if (BIO_puts(out, sname) <= 0) - return 0; - } - } - if (BIO_write(out, ": ", 2) != 2) - return 0; - return 1; -} - -static int asn1_print_boolean(BIO *out, int boolval) -{ - const char *str; - switch (boolval) { - case -1: - str = "BOOL ABSENT"; - break; - - case 0: - str = "FALSE"; - break; - - default: - str = "TRUE"; - break; - - } - - if (BIO_puts(out, str) <= 0) - return 0; - return 1; - -} - -static int asn1_print_integer(BIO *out, const ASN1_INTEGER *str) -{ - char *s; - int ret = 1; - s = i2s_ASN1_INTEGER(NULL, str); - if (s == NULL) - return 0; - if (BIO_puts(out, s) <= 0) - ret = 0; - OPENSSL_free(s); - return ret; -} - -static int asn1_print_oid(BIO *out, const ASN1_OBJECT *oid) -{ - char objbuf[80]; - const char *ln; - ln = OBJ_nid2ln(OBJ_obj2nid(oid)); - if (!ln) - ln = ""; - OBJ_obj2txt(objbuf, sizeof(objbuf), oid, 1); - if (BIO_printf(out, "%s (%s)", ln, objbuf) <= 0) - return 0; - return 1; -} - -static int asn1_print_obstring(BIO *out, const ASN1_STRING *str, int indent) -{ - if (str->type == V_ASN1_BIT_STRING) { - if (BIO_printf(out, " (%ld unused bits)\n", str->flags & 0x7) <= 0) - return 0; - } else if (BIO_puts(out, "\n") <= 0) - return 0; - if ((str->length > 0) - && BIO_dump_indent(out, (const char *)str->data, str->length, - indent + 2) <= 0) - return 0; - return 1; -} - -static int asn1_primitive_print(BIO *out, const ASN1_VALUE **fld, - const ASN1_ITEM *it, int indent, - const char *fname, const char *sname, - const ASN1_PCTX *pctx) -{ - long utype; - ASN1_STRING *str; - int ret = 1, needlf = 1; - const char *pname; - const ASN1_PRIMITIVE_FUNCS *pf; - pf = it->funcs; - if (!asn1_print_fsname(out, indent, fname, sname, pctx)) - return 0; - if (pf && pf->prim_print) - return pf->prim_print(out, fld, it, indent, pctx); - if (it->itype == ASN1_ITYPE_MSTRING) { - str = (ASN1_STRING *)*fld; - utype = str->type & ~V_ASN1_NEG; - } else { - utype = it->utype; - if (utype == V_ASN1_BOOLEAN) - str = NULL; - else - str = (ASN1_STRING *)*fld; - } - if (utype == V_ASN1_ANY) { - const ASN1_TYPE *atype = (const ASN1_TYPE *)*fld; - utype = atype->type; - fld = (const ASN1_VALUE **)&atype->value.asn1_value; /* actually is const */ - str = (ASN1_STRING *)*fld; - if (pctx->flags & ASN1_PCTX_FLAGS_NO_ANY_TYPE) - pname = NULL; - else - pname = ASN1_tag2str(utype); - } else { - if (pctx->flags & ASN1_PCTX_FLAGS_SHOW_TYPE) - pname = ASN1_tag2str(utype); - else - pname = NULL; - } - - if (utype == V_ASN1_NULL) { - if (BIO_puts(out, "NULL\n") <= 0) - return 0; - return 1; - } - - if (pname) { - if (BIO_puts(out, pname) <= 0) - return 0; - if (BIO_puts(out, ":") <= 0) - return 0; - } - - switch (utype) { - case V_ASN1_BOOLEAN: - { - int boolval = *(int *)fld; - if (boolval == -1) - boolval = it->size; - ret = asn1_print_boolean(out, boolval); - } - break; - - case V_ASN1_INTEGER: - case V_ASN1_ENUMERATED: - ret = asn1_print_integer(out, str); - break; - - case V_ASN1_UTCTIME: - ret = ASN1_UTCTIME_print(out, str); - break; - - case V_ASN1_GENERALIZEDTIME: - ret = ASN1_GENERALIZEDTIME_print(out, str); - break; - - case V_ASN1_OBJECT: - ret = asn1_print_oid(out, (const ASN1_OBJECT *)*fld); - break; - - case V_ASN1_OCTET_STRING: - case V_ASN1_BIT_STRING: - ret = asn1_print_obstring(out, str, indent); - needlf = 0; - break; - - case V_ASN1_SEQUENCE: - case V_ASN1_SET: - case V_ASN1_OTHER: - if (BIO_puts(out, "\n") <= 0) - return 0; - if (ASN1_parse_dump(out, str->data, str->length, indent, 0) <= 0) - ret = 0; - needlf = 0; - break; - - default: - ret = ASN1_STRING_print_ex(out, str, pctx->str_flags); - - } - if (!ret) - return 0; - if (needlf && BIO_puts(out, "\n") <= 0) - return 0; - return 1; -} diff --git a/crypto/asn1/tasn_scn.c b/crypto/asn1/tasn_scn.c deleted file mode 100644 index bde697ee9925c70ca6ca9ca63bd1d2f2bddb783a..0000000000000000000000000000000000000000 --- a/crypto/asn1/tasn_scn.c +++ /dev/null @@ -1,65 +0,0 @@ -/* - * Copyright 2010-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/cryptlib.h" -#include -#include -#include -#include -#include -#include -#include "asn1_local.h" - -/* - * General ASN1 structure recursive scanner: iterate through all fields - * passing details to a callback. - */ - -ASN1_SCTX *ASN1_SCTX_new(int (*scan_cb) (ASN1_SCTX *ctx)) -{ - ASN1_SCTX *ret = OPENSSL_zalloc(sizeof(*ret)); - - if (ret == NULL) { - ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); - return NULL; - } - ret->scan_cb = scan_cb; - return ret; -} - -void ASN1_SCTX_free(ASN1_SCTX *p) -{ - OPENSSL_free(p); -} - -const ASN1_ITEM *ASN1_SCTX_get_item(ASN1_SCTX *p) -{ - return p->it; -} - -const ASN1_TEMPLATE *ASN1_SCTX_get_template(ASN1_SCTX *p) -{ - return p->tt; -} - -unsigned long ASN1_SCTX_get_flags(ASN1_SCTX *p) -{ - return p->flags; -} - -void ASN1_SCTX_set_app_data(ASN1_SCTX *p, void *data) -{ - p->app_data = data; -} - -void *ASN1_SCTX_get_app_data(ASN1_SCTX *p) -{ - return p->app_data; -} diff --git a/crypto/asn1/tasn_typ.c b/crypto/asn1/tasn_typ.c deleted file mode 100644 index 8095e32370fc580ff84878bf99b08adcb41f6ce6..0000000000000000000000000000000000000000 --- a/crypto/asn1/tasn_typ.c +++ /dev/null @@ -1,84 +0,0 @@ -/* - * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include - -/* Declarations for string types */ - -#define IMPLEMENT_ASN1_STRING_FUNCTIONS(sname) \ - IMPLEMENT_ASN1_TYPE(sname) \ - IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(sname, sname, sname) \ -sname *sname##_new(void) \ -{ \ - return ASN1_STRING_type_new(V_##sname); \ -} \ -void sname##_free(sname *x) \ -{ \ - ASN1_STRING_free(x); \ -} - -IMPLEMENT_ASN1_STRING_FUNCTIONS(ASN1_OCTET_STRING) -IMPLEMENT_ASN1_STRING_FUNCTIONS(ASN1_INTEGER) -IMPLEMENT_ASN1_STRING_FUNCTIONS(ASN1_ENUMERATED) -IMPLEMENT_ASN1_STRING_FUNCTIONS(ASN1_BIT_STRING) -IMPLEMENT_ASN1_STRING_FUNCTIONS(ASN1_UTF8STRING) -IMPLEMENT_ASN1_STRING_FUNCTIONS(ASN1_PRINTABLESTRING) -IMPLEMENT_ASN1_STRING_FUNCTIONS(ASN1_T61STRING) -IMPLEMENT_ASN1_STRING_FUNCTIONS(ASN1_IA5STRING) -IMPLEMENT_ASN1_STRING_FUNCTIONS(ASN1_GENERALSTRING) -IMPLEMENT_ASN1_STRING_FUNCTIONS(ASN1_UTCTIME) -IMPLEMENT_ASN1_STRING_FUNCTIONS(ASN1_GENERALIZEDTIME) -IMPLEMENT_ASN1_STRING_FUNCTIONS(ASN1_VISIBLESTRING) -IMPLEMENT_ASN1_STRING_FUNCTIONS(ASN1_UNIVERSALSTRING) -IMPLEMENT_ASN1_STRING_FUNCTIONS(ASN1_BMPSTRING) - -IMPLEMENT_ASN1_TYPE(ASN1_NULL) -IMPLEMENT_ASN1_FUNCTIONS(ASN1_NULL) - -IMPLEMENT_ASN1_TYPE(ASN1_OBJECT) - -IMPLEMENT_ASN1_TYPE(ASN1_ANY) - -/* Just swallow an ASN1_SEQUENCE in an ASN1_STRING */ -IMPLEMENT_ASN1_TYPE(ASN1_SEQUENCE) - -IMPLEMENT_ASN1_FUNCTIONS_fname(ASN1_TYPE, ASN1_ANY, ASN1_TYPE) - -/* Multistring types */ - -IMPLEMENT_ASN1_MSTRING(ASN1_PRINTABLE, B_ASN1_PRINTABLE) -IMPLEMENT_ASN1_FUNCTIONS_name(ASN1_STRING, ASN1_PRINTABLE) - -IMPLEMENT_ASN1_MSTRING(DISPLAYTEXT, B_ASN1_DISPLAYTEXT) -IMPLEMENT_ASN1_FUNCTIONS_name(ASN1_STRING, DISPLAYTEXT) - -IMPLEMENT_ASN1_MSTRING(DIRECTORYSTRING, B_ASN1_DIRECTORYSTRING) -IMPLEMENT_ASN1_FUNCTIONS_name(ASN1_STRING, DIRECTORYSTRING) - -/* Three separate BOOLEAN type: normal, DEFAULT TRUE and DEFAULT FALSE */ -IMPLEMENT_ASN1_TYPE_ex(ASN1_BOOLEAN, ASN1_BOOLEAN, -1) -IMPLEMENT_ASN1_TYPE_ex(ASN1_TBOOLEAN, ASN1_BOOLEAN, 1) -IMPLEMENT_ASN1_TYPE_ex(ASN1_FBOOLEAN, ASN1_BOOLEAN, 0) - -/* Special, OCTET STRING with indefinite length constructed support */ - -IMPLEMENT_ASN1_TYPE_ex(ASN1_OCTET_STRING_NDEF, ASN1_OCTET_STRING, ASN1_TFLG_NDEF) - -ASN1_ITEM_TEMPLATE(ASN1_SEQUENCE_ANY) = - ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, ASN1_SEQUENCE_ANY, ASN1_ANY) -ASN1_ITEM_TEMPLATE_END(ASN1_SEQUENCE_ANY) - -ASN1_ITEM_TEMPLATE(ASN1_SET_ANY) = - ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SET_OF, 0, ASN1_SET_ANY, ASN1_ANY) -ASN1_ITEM_TEMPLATE_END(ASN1_SET_ANY) - -IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(ASN1_SEQUENCE_ANY, ASN1_SEQUENCE_ANY, ASN1_SEQUENCE_ANY) -IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(ASN1_SEQUENCE_ANY, ASN1_SET_ANY, ASN1_SET_ANY) diff --git a/crypto/asn1/tasn_utl.c b/crypto/asn1/tasn_utl.c deleted file mode 100644 index e5f25d88df69f96e0c5a23385b017ebd07b4c284..0000000000000000000000000000000000000000 --- a/crypto/asn1/tasn_utl.c +++ /dev/null @@ -1,286 +0,0 @@ -/* - * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include "internal/cryptlib.h" -#include "internal/refcount.h" -#include -#include -#include -#include -#include "asn1_local.h" - -/* Utility functions for manipulating fields and offsets */ - -/* Add 'offset' to 'addr' */ -#define offset2ptr(addr, offset) (void *)(((char *) addr) + offset) - -/* - * Given an ASN1_ITEM CHOICE type return the selector value - */ - -int ossl_asn1_get_choice_selector(ASN1_VALUE **pval, const ASN1_ITEM *it) -{ - int *sel = offset2ptr(*pval, it->utype); - - return *sel; -} - -int ossl_asn1_get_choice_selector_const(const ASN1_VALUE **pval, - const ASN1_ITEM *it) -{ - int *sel = offset2ptr(*pval, it->utype); - - return *sel; -} - -/* - * Given an ASN1_ITEM CHOICE type set the selector value, return old value. - */ - -int ossl_asn1_set_choice_selector(ASN1_VALUE **pval, int value, - const ASN1_ITEM *it) -{ - int *sel, ret; - - sel = offset2ptr(*pval, it->utype); - ret = *sel; - *sel = value; - return ret; -} - -/* - * Do atomic reference counting. The value 'op' decides what to do. - * If it is +1 then the count is incremented. - * If |op| is 0, lock is initialised and count is set to 1. - * If |op| is -1, count is decremented and the return value is the current - * reference count or 0 if no reference count is active. - * It returns -1 on initialisation error. - * Used by ASN1_SEQUENCE construct of X509, X509_REQ, X509_CRL objects - */ -int ossl_asn1_do_lock(ASN1_VALUE **pval, int op, const ASN1_ITEM *it) -{ - const ASN1_AUX *aux; - CRYPTO_REF_COUNT *lck; - CRYPTO_RWLOCK **lock; - int ret = -1; - - if ((it->itype != ASN1_ITYPE_SEQUENCE) - && (it->itype != ASN1_ITYPE_NDEF_SEQUENCE)) - return 0; - aux = it->funcs; - if (aux == NULL || (aux->flags & ASN1_AFLG_REFCOUNT) == 0) - return 0; - lck = offset2ptr(*pval, aux->ref_offset); - lock = offset2ptr(*pval, aux->ref_lock); - - switch (op) { - case 0: - *lck = ret = 1; - *lock = CRYPTO_THREAD_lock_new(); - if (*lock == NULL) { - ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); - return -1; - } - break; - case 1: - if (!CRYPTO_UP_REF(lck, &ret, *lock)) - return -1; - break; - case -1: - if (!CRYPTO_DOWN_REF(lck, &ret, *lock)) - return -1; /* failed */ - REF_PRINT_EX(it->sname, ret, (void *)it); - REF_ASSERT_ISNT(ret < 0); - if (ret == 0) { - CRYPTO_THREAD_lock_free(*lock); - *lock = NULL; - } - break; - } - - return ret; -} - -static ASN1_ENCODING *asn1_get_enc_ptr(ASN1_VALUE **pval, const ASN1_ITEM *it) -{ - const ASN1_AUX *aux; - - if (pval == NULL || *pval == NULL) - return NULL; - aux = it->funcs; - if (aux == NULL || (aux->flags & ASN1_AFLG_ENCODING) == 0) - return NULL; - return offset2ptr(*pval, aux->enc_offset); -} - -static const ASN1_ENCODING *asn1_get_const_enc_ptr(const ASN1_VALUE **pval, - const ASN1_ITEM *it) -{ - const ASN1_AUX *aux; - - if (pval == NULL || *pval == NULL) - return NULL; - aux = it->funcs; - if (aux == NULL || (aux->flags & ASN1_AFLG_ENCODING) == 0) - return NULL; - return offset2ptr(*pval, aux->enc_offset); -} - -void ossl_asn1_enc_init(ASN1_VALUE **pval, const ASN1_ITEM *it) -{ - ASN1_ENCODING *enc = asn1_get_enc_ptr(pval, it); - - if (enc != NULL) { - enc->enc = NULL; - enc->len = 0; - enc->modified = 1; - } -} - -void ossl_asn1_enc_free(ASN1_VALUE **pval, const ASN1_ITEM *it) -{ - ASN1_ENCODING *enc = asn1_get_enc_ptr(pval, it); - - if (enc != NULL) { - OPENSSL_free(enc->enc); - enc->enc = NULL; - enc->len = 0; - enc->modified = 1; - } -} - -int ossl_asn1_enc_save(ASN1_VALUE **pval, const unsigned char *in, int inlen, - const ASN1_ITEM *it) -{ - ASN1_ENCODING *enc = asn1_get_enc_ptr(pval, it); - - if (enc == NULL) - return 1; - - OPENSSL_free(enc->enc); - if (inlen <= 0) - return 0; - if ((enc->enc = OPENSSL_malloc(inlen)) == NULL) { - ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); - return 0; - } - memcpy(enc->enc, in, inlen); - enc->len = inlen; - enc->modified = 0; - - return 1; -} - -int ossl_asn1_enc_restore(int *len, unsigned char **out, const ASN1_VALUE **pval, - const ASN1_ITEM *it) -{ - const ASN1_ENCODING *enc = asn1_get_const_enc_ptr(pval, it); - - if (enc == NULL || enc->modified) - return 0; - if (out) { - memcpy(*out, enc->enc, enc->len); - *out += enc->len; - } - if (len != NULL) - *len = enc->len; - return 1; -} - -/* Given an ASN1_TEMPLATE get a pointer to a field */ -ASN1_VALUE **ossl_asn1_get_field_ptr(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt) -{ - ASN1_VALUE **pvaltmp = offset2ptr(*pval, tt->offset); - - /* - * NOTE for BOOLEAN types the field is just a plain int so we can't - * return int **, so settle for (int *). - */ - return pvaltmp; -} - -/* Given an ASN1_TEMPLATE get a const pointer to a field */ -const ASN1_VALUE **ossl_asn1_get_const_field_ptr(const ASN1_VALUE **pval, - const ASN1_TEMPLATE *tt) -{ - return offset2ptr(*pval, tt->offset); -} - -/* - * Handle ANY DEFINED BY template, find the selector, look up the relevant - * ASN1_TEMPLATE in the table and return it. - */ - -const ASN1_TEMPLATE *ossl_asn1_do_adb(const ASN1_VALUE *val, - const ASN1_TEMPLATE *tt, - int nullerr) -{ - const ASN1_ADB *adb; - const ASN1_ADB_TABLE *atbl; - long selector; - const ASN1_VALUE **sfld; - int i; - - if ((tt->flags & ASN1_TFLG_ADB_MASK) == 0) - return tt; - - /* Else ANY DEFINED BY ... get the table */ - adb = ASN1_ADB_ptr(tt->item); - - /* Get the selector field */ - sfld = offset2ptr(val, adb->offset); - - /* Check if NULL */ - if (*sfld == NULL) { - if (adb->null_tt == NULL) - goto err; - return adb->null_tt; - } - - /* - * Convert type to a long: NB: don't check for NID_undef here because it - * might be a legitimate value in the table - */ - if ((tt->flags & ASN1_TFLG_ADB_OID) != 0) - selector = OBJ_obj2nid((ASN1_OBJECT *)*sfld); - else - selector = ASN1_INTEGER_get((ASN1_INTEGER *)*sfld); - - /* Let application callback translate value */ - if (adb->adb_cb != NULL && adb->adb_cb(&selector) == 0) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE); - return NULL; - } - - /* - * Try to find matching entry in table Maybe should check application - * types first to allow application override? Might also be useful to - * have a flag which indicates table is sorted and we can do a binary - * search. For now stick to a linear search. - */ - - for (atbl = adb->tbl, i = 0; i < adb->tblcount; i++, atbl++) - if (atbl->value == selector) - return &atbl->tt; - - /* FIXME: need to search application table too */ - - /* No match, return default type */ - if (!adb->default_tt) - goto err; - return adb->default_tt; - - err: - /* FIXME: should log the value or OID of unsupported type */ - if (nullerr) - ERR_raise(ERR_LIB_ASN1, ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE); - return NULL; -} diff --git a/crypto/asn1/tbl_standard.h b/crypto/asn1/tbl_standard.h deleted file mode 100644 index 3e8fe81eebdd4270f673183c608ec3487008a6c7..0000000000000000000000000000000000000000 --- a/crypto/asn1/tbl_standard.h +++ /dev/null @@ -1,62 +0,0 @@ -/* - * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* size limits: this stuff is taken straight from RFC3280 */ - -#define ub_name 32768 -#define ub_common_name 64 -#define ub_locality_name 128 -#define ub_state_name 128 -#define ub_organization_name 64 -#define ub_organization_unit_name 64 -#define ub_title 64 -#define ub_email_address 128 -#define ub_serial_number 64 - -/* From RFC4524 */ - -#define ub_rfc822_mailbox 256 - -/* This table must be kept in NID order */ - -static const ASN1_STRING_TABLE tbl_standard[] = { - {NID_commonName, 1, ub_common_name, DIRSTRING_TYPE, 0}, - {NID_countryName, 2, 2, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK}, - {NID_localityName, 1, ub_locality_name, DIRSTRING_TYPE, 0}, - {NID_stateOrProvinceName, 1, ub_state_name, DIRSTRING_TYPE, 0}, - {NID_organizationName, 1, ub_organization_name, DIRSTRING_TYPE, 0}, - {NID_organizationalUnitName, 1, ub_organization_unit_name, DIRSTRING_TYPE, - 0}, - {NID_pkcs9_emailAddress, 1, ub_email_address, B_ASN1_IA5STRING, - STABLE_NO_MASK}, - {NID_pkcs9_unstructuredName, 1, -1, PKCS9STRING_TYPE, 0}, - {NID_pkcs9_challengePassword, 1, -1, PKCS9STRING_TYPE, 0}, - {NID_pkcs9_unstructuredAddress, 1, -1, DIRSTRING_TYPE, 0}, - {NID_givenName, 1, ub_name, DIRSTRING_TYPE, 0}, - {NID_surname, 1, ub_name, DIRSTRING_TYPE, 0}, - {NID_initials, 1, ub_name, DIRSTRING_TYPE, 0}, - {NID_serialNumber, 1, ub_serial_number, B_ASN1_PRINTABLESTRING, - STABLE_NO_MASK}, - {NID_friendlyName, -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK}, - {NID_name, 1, ub_name, DIRSTRING_TYPE, 0}, - {NID_dnQualifier, -1, -1, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK}, - {NID_domainComponent, 1, -1, B_ASN1_IA5STRING, STABLE_NO_MASK}, - {NID_ms_csp_name, -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK}, - {NID_rfc822Mailbox, 1, ub_rfc822_mailbox, B_ASN1_IA5STRING, - STABLE_NO_MASK}, - {NID_jurisdictionCountryName, 2, 2, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK}, - {NID_INN, 1, 12, B_ASN1_NUMERICSTRING, STABLE_NO_MASK}, - {NID_OGRN, 1, 13, B_ASN1_NUMERICSTRING, STABLE_NO_MASK}, - {NID_SNILS, 1, 11, B_ASN1_NUMERICSTRING, STABLE_NO_MASK}, - {NID_countryCode3c, 3, 3, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK}, - {NID_countryCode3n, 3, 3, B_ASN1_NUMERICSTRING, STABLE_NO_MASK}, - {NID_dnsName, 0, -1, B_ASN1_UTF8STRING, STABLE_NO_MASK}, - {NID_id_on_SmtpUTF8Mailbox, 1, ub_email_address, B_ASN1_UTF8STRING, STABLE_NO_MASK} -}; - diff --git a/crypto/asn1/x_algor.c b/crypto/asn1/x_algor.c deleted file mode 100644 index c0a5f76803ee599209d9c28c17e2340cd49faa00..0000000000000000000000000000000000000000 --- a/crypto/asn1/x_algor.c +++ /dev/null @@ -1,190 +0,0 @@ -/* - * Copyright 1998-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include -#include -#include "crypto/asn1.h" -#include "crypto/evp.h" - -ASN1_SEQUENCE(X509_ALGOR) = { - ASN1_SIMPLE(X509_ALGOR, algorithm, ASN1_OBJECT), - ASN1_OPT(X509_ALGOR, parameter, ASN1_ANY) -} ASN1_SEQUENCE_END(X509_ALGOR) - -ASN1_ITEM_TEMPLATE(X509_ALGORS) = - ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, algorithms, X509_ALGOR) -ASN1_ITEM_TEMPLATE_END(X509_ALGORS) - -IMPLEMENT_ASN1_FUNCTIONS(X509_ALGOR) -IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(X509_ALGORS, X509_ALGORS, X509_ALGORS) -IMPLEMENT_ASN1_DUP_FUNCTION(X509_ALGOR) - -int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, void *pval) -{ - if (alg == NULL) - return 0; - - if (ptype != V_ASN1_UNDEF) { - if (alg->parameter == NULL) - alg->parameter = ASN1_TYPE_new(); - if (alg->parameter == NULL) - return 0; - } - - ASN1_OBJECT_free(alg->algorithm); - alg->algorithm = aobj; - - if (ptype == 0) - return 1; - if (ptype == V_ASN1_UNDEF) { - ASN1_TYPE_free(alg->parameter); - alg->parameter = NULL; - } else - ASN1_TYPE_set(alg->parameter, ptype, pval); - return 1; -} - -void X509_ALGOR_get0(const ASN1_OBJECT **paobj, int *pptype, - const void **ppval, const X509_ALGOR *algor) -{ - if (paobj) - *paobj = algor->algorithm; - if (pptype) { - if (algor->parameter == NULL) { - *pptype = V_ASN1_UNDEF; - return; - } else - *pptype = algor->parameter->type; - if (ppval) - *ppval = algor->parameter->value.ptr; - } -} - -/* Set up an X509_ALGOR DigestAlgorithmIdentifier from an EVP_MD */ - -void X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md) -{ - int param_type; - - if (md->flags & EVP_MD_FLAG_DIGALGID_ABSENT) - param_type = V_ASN1_UNDEF; - else - param_type = V_ASN1_NULL; - - X509_ALGOR_set0(alg, OBJ_nid2obj(EVP_MD_get_type(md)), param_type, NULL); - -} - -int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b) -{ - int rv; - rv = OBJ_cmp(a->algorithm, b->algorithm); - if (rv) - return rv; - if (!a->parameter && !b->parameter) - return 0; - return ASN1_TYPE_cmp(a->parameter, b->parameter); -} - -int X509_ALGOR_copy(X509_ALGOR *dest, const X509_ALGOR *src) -{ - if (src == NULL || dest == NULL) - return 0; - - if (dest->algorithm) - ASN1_OBJECT_free(dest->algorithm); - dest->algorithm = NULL; - - if (dest->parameter) - ASN1_TYPE_free(dest->parameter); - dest->parameter = NULL; - - if (src->algorithm) - if ((dest->algorithm = OBJ_dup(src->algorithm)) == NULL) - return 0; - - if (src->parameter != NULL) { - dest->parameter = ASN1_TYPE_new(); - if (dest->parameter == NULL) - return 0; - - /* Assuming this is also correct for a BOOL. - * set does copy as a side effect. - */ - if (ASN1_TYPE_set1(dest->parameter, src->parameter->type, - src->parameter->value.ptr) == 0) - return 0; - } - - return 1; -} - -/* allocate and set algorithm ID from EVP_MD, default SHA1 */ -int ossl_x509_algor_new_from_md(X509_ALGOR **palg, const EVP_MD *md) -{ - /* Default is SHA1 so no need to create it - still success */ - if (md == NULL || EVP_MD_is_a(md, "SHA1")) - return 1; - *palg = X509_ALGOR_new(); - if (*palg == NULL) - return 0; - X509_ALGOR_set_md(*palg, md); - return 1; -} - -/* convert algorithm ID to EVP_MD, default SHA1 */ -const EVP_MD *ossl_x509_algor_get_md(X509_ALGOR *alg) -{ - const EVP_MD *md; - - if (alg == NULL) - return EVP_sha1(); - md = EVP_get_digestbyobj(alg->algorithm); - if (md == NULL) - ERR_raise(ERR_LIB_ASN1, ASN1_R_UNKNOWN_DIGEST); - return md; -} - -X509_ALGOR *ossl_x509_algor_mgf1_decode(X509_ALGOR *alg) -{ - if (OBJ_obj2nid(alg->algorithm) != NID_mgf1) - return NULL; - return ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(X509_ALGOR), - alg->parameter); -} - -/* Allocate and set MGF1 algorithm ID from EVP_MD */ -int ossl_x509_algor_md_to_mgf1(X509_ALGOR **palg, const EVP_MD *mgf1md) -{ - X509_ALGOR *algtmp = NULL; - ASN1_STRING *stmp = NULL; - - *palg = NULL; - if (mgf1md == NULL || EVP_MD_is_a(mgf1md, "SHA1")) - return 1; - /* need to embed algorithm ID inside another */ - if (!ossl_x509_algor_new_from_md(&algtmp, mgf1md)) - goto err; - if (ASN1_item_pack(algtmp, ASN1_ITEM_rptr(X509_ALGOR), &stmp) == NULL) - goto err; - *palg = X509_ALGOR_new(); - if (*palg == NULL) - goto err; - X509_ALGOR_set0(*palg, OBJ_nid2obj(NID_mgf1), V_ASN1_SEQUENCE, stmp); - stmp = NULL; - err: - ASN1_STRING_free(stmp); - X509_ALGOR_free(algtmp); - if (*palg != NULL) - return 1; - return 0; -} diff --git a/crypto/asn1/x_bignum.c b/crypto/asn1/x_bignum.c deleted file mode 100644 index 3ae58a49f0b25f76644a8dfb4383c3775b08b1e5..0000000000000000000000000000000000000000 --- a/crypto/asn1/x_bignum.c +++ /dev/null @@ -1,157 +0,0 @@ -/* - * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/cryptlib.h" -#include -#include - -/* - * Custom primitive type for BIGNUM handling. This reads in an ASN1_INTEGER - * as a BIGNUM directly. Currently it ignores the sign which isn't a problem - * since all BIGNUMs used are non negative and anything that looks negative - * is normally due to an encoding error. - */ - -#define BN_SENSITIVE 1 - -static int bn_new(ASN1_VALUE **pval, const ASN1_ITEM *it); -static int bn_secure_new(ASN1_VALUE **pval, const ASN1_ITEM *it); -static void bn_free(ASN1_VALUE **pval, const ASN1_ITEM *it); - -static int bn_i2c(const ASN1_VALUE **pval, unsigned char *cont, int *putype, - const ASN1_ITEM *it); -static int bn_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, - int utype, char *free_cont, const ASN1_ITEM *it); -static int bn_secure_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, - int utype, char *free_cont, const ASN1_ITEM *it); -static int bn_print(BIO *out, const ASN1_VALUE **pval, const ASN1_ITEM *it, - int indent, const ASN1_PCTX *pctx); - -static ASN1_PRIMITIVE_FUNCS bignum_pf = { - NULL, 0, - bn_new, - bn_free, - 0, - bn_c2i, - bn_i2c, - bn_print -}; - -static ASN1_PRIMITIVE_FUNCS cbignum_pf = { - NULL, 0, - bn_secure_new, - bn_free, - 0, - bn_secure_c2i, - bn_i2c, - bn_print -}; - -ASN1_ITEM_start(BIGNUM) - ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &bignum_pf, 0, "BIGNUM" -ASN1_ITEM_end(BIGNUM) - -ASN1_ITEM_start(CBIGNUM) - ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &cbignum_pf, BN_SENSITIVE, "CBIGNUM" -ASN1_ITEM_end(CBIGNUM) - -static int bn_new(ASN1_VALUE **pval, const ASN1_ITEM *it) -{ - *pval = (ASN1_VALUE *)BN_new(); - if (*pval != NULL) - return 1; - else - return 0; -} - -static int bn_secure_new(ASN1_VALUE **pval, const ASN1_ITEM *it) -{ - *pval = (ASN1_VALUE *)BN_secure_new(); - if (*pval != NULL) - return 1; - else - return 0; -} - -static void bn_free(ASN1_VALUE **pval, const ASN1_ITEM *it) -{ - if (*pval == NULL) - return; - if (it->size & BN_SENSITIVE) - BN_clear_free((BIGNUM *)*pval); - else - BN_free((BIGNUM *)*pval); - *pval = NULL; -} - -static int bn_i2c(const ASN1_VALUE **pval, unsigned char *cont, int *putype, - const ASN1_ITEM *it) -{ - BIGNUM *bn; - int pad; - if (*pval == NULL) - return -1; - bn = (BIGNUM *)*pval; - /* If MSB set in an octet we need a padding byte */ - if (BN_num_bits(bn) & 0x7) - pad = 0; - else - pad = 1; - if (cont) { - if (pad) - *cont++ = 0; - BN_bn2bin(bn, cont); - } - return pad + BN_num_bytes(bn); -} - -static int bn_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, - int utype, char *free_cont, const ASN1_ITEM *it) -{ - BIGNUM *bn; - - if (*pval == NULL && !bn_new(pval, it)) - return 0; - bn = (BIGNUM *)*pval; - if (!BN_bin2bn(cont, len, bn)) { - bn_free(pval, it); - return 0; - } - return 1; -} - -static int bn_secure_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, - int utype, char *free_cont, const ASN1_ITEM *it) -{ - int ret; - BIGNUM *bn; - - if (*pval == NULL && !bn_secure_new(pval, it)) - return 0; - - ret = bn_c2i(pval, cont, len, utype, free_cont, it); - if (!ret) - return 0; - - /* Set constant-time flag for all secure BIGNUMS */ - bn = (BIGNUM *)*pval; - BN_set_flags(bn, BN_FLG_CONSTTIME); - return ret; -} - -static int bn_print(BIO *out, const ASN1_VALUE **pval, const ASN1_ITEM *it, - int indent, const ASN1_PCTX *pctx) -{ - if (!BN_print(out, *(BIGNUM **)pval)) - return 0; - if (BIO_puts(out, "\n") <= 0) - return 0; - return 1; -} diff --git a/crypto/asn1/x_info.c b/crypto/asn1/x_info.c deleted file mode 100644 index f8bc4789884edc666a92f8f63b8975841aa80e08..0000000000000000000000000000000000000000 --- a/crypto/asn1/x_info.c +++ /dev/null @@ -1,39 +0,0 @@ -/* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/cryptlib.h" -#include -#include -#include - -X509_INFO *X509_INFO_new(void) -{ - X509_INFO *ret; - - ret = OPENSSL_zalloc(sizeof(*ret)); - if (ret == NULL) { - ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); - return NULL; - } - - return ret; -} - -void X509_INFO_free(X509_INFO *x) -{ - if (x == NULL) - return; - - X509_free(x->x509); - X509_CRL_free(x->crl); - X509_PKEY_free(x->x_pkey); - OPENSSL_free(x->enc_data); - OPENSSL_free(x); -} diff --git a/crypto/asn1/x_int64.c b/crypto/asn1/x_int64.c deleted file mode 100644 index eb78c7e36723d2b3a81dd94cbd8739bd96dd3416..0000000000000000000000000000000000000000 --- a/crypto/asn1/x_int64.c +++ /dev/null @@ -1,291 +0,0 @@ -/* - * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/cryptlib.h" -#include "internal/numbers.h" -#include -#include -#include "asn1_local.h" - -/* - * Custom primitive types for handling int32_t, int64_t, uint32_t, uint64_t. - * This converts between an ASN1_INTEGER and those types directly. - * This is preferred to using the LONG / ZLONG primitives. - */ - -/* - * We abuse the ASN1_ITEM fields |size| as a flags field - */ -#define INTxx_FLAG_ZERO_DEFAULT (1<<0) -#define INTxx_FLAG_SIGNED (1<<1) - -static int uint64_new(ASN1_VALUE **pval, const ASN1_ITEM *it) -{ - if ((*pval = (ASN1_VALUE *)OPENSSL_zalloc(sizeof(uint64_t))) == NULL) { - ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); - return 0; - } - return 1; -} - -static void uint64_free(ASN1_VALUE **pval, const ASN1_ITEM *it) -{ - OPENSSL_free(*pval); - *pval = NULL; -} - -static void uint64_clear(ASN1_VALUE **pval, const ASN1_ITEM *it) -{ - **(uint64_t **)pval = 0; -} - -static int uint64_i2c(const ASN1_VALUE **pval, unsigned char *cont, int *putype, - const ASN1_ITEM *it) -{ - uint64_t utmp; - int neg = 0; - /* this exists to bypass broken gcc optimization */ - char *cp = (char *)*pval; - - /* use memcpy, because we may not be uint64_t aligned */ - memcpy(&utmp, cp, sizeof(utmp)); - - if ((it->size & INTxx_FLAG_ZERO_DEFAULT) == INTxx_FLAG_ZERO_DEFAULT - && utmp == 0) - return -1; - if ((it->size & INTxx_FLAG_SIGNED) == INTxx_FLAG_SIGNED - && (int64_t)utmp < 0) { - /* ossl_i2c_uint64_int() assumes positive values */ - utmp = 0 - utmp; - neg = 1; - } - - return ossl_i2c_uint64_int(cont, utmp, neg); -} - -static int uint64_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, - int utype, char *free_cont, const ASN1_ITEM *it) -{ - uint64_t utmp = 0; - char *cp; - int neg = 0; - - if (*pval == NULL && !uint64_new(pval, it)) - return 0; - - cp = (char *)*pval; - - /* - * Strictly speaking, zero length is malformed. However, long_c2i - * (x_long.c) encodes 0 as a zero length INTEGER (wrongly, of course), - * so for the sake of backward compatibility, we still decode zero - * length INTEGERs as the number zero. - */ - if (len == 0) - goto long_compat; - - if (!ossl_c2i_uint64_int(&utmp, &neg, &cont, len)) - return 0; - if ((it->size & INTxx_FLAG_SIGNED) == 0 && neg) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_ILLEGAL_NEGATIVE_VALUE); - return 0; - } - if ((it->size & INTxx_FLAG_SIGNED) == INTxx_FLAG_SIGNED - && !neg && utmp > INT64_MAX) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_TOO_LARGE); - return 0; - } - if (neg) - /* ossl_c2i_uint64_int() returns positive values */ - utmp = 0 - utmp; - - long_compat: - memcpy(cp, &utmp, sizeof(utmp)); - return 1; -} - -static int uint64_print(BIO *out, const ASN1_VALUE **pval, const ASN1_ITEM *it, - int indent, const ASN1_PCTX *pctx) -{ - if ((it->size & INTxx_FLAG_SIGNED) == INTxx_FLAG_SIGNED) - return BIO_printf(out, "%jd\n", **(int64_t **)pval); - return BIO_printf(out, "%ju\n", **(uint64_t **)pval); -} - -/* 32-bit variants */ - -static int uint32_new(ASN1_VALUE **pval, const ASN1_ITEM *it) -{ - if ((*pval = (ASN1_VALUE *)OPENSSL_zalloc(sizeof(uint32_t))) == NULL) { - ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); - return 0; - } - return 1; -} - -static void uint32_free(ASN1_VALUE **pval, const ASN1_ITEM *it) -{ - OPENSSL_free(*pval); - *pval = NULL; -} - -static void uint32_clear(ASN1_VALUE **pval, const ASN1_ITEM *it) -{ - **(uint32_t **)pval = 0; -} - -static int uint32_i2c(const ASN1_VALUE **pval, unsigned char *cont, int *putype, - const ASN1_ITEM *it) -{ - uint32_t utmp; - int neg = 0; - /* this exists to bypass broken gcc optimization */ - char *cp = (char *)*pval; - - /* use memcpy, because we may not be uint32_t aligned */ - memcpy(&utmp, cp, sizeof(utmp)); - - if ((it->size & INTxx_FLAG_ZERO_DEFAULT) == INTxx_FLAG_ZERO_DEFAULT - && utmp == 0) - return -1; - if ((it->size & INTxx_FLAG_SIGNED) == INTxx_FLAG_SIGNED - && (int32_t)utmp < 0) { - /* ossl_i2c_uint64_int() assumes positive values */ - utmp = 0 - utmp; - neg = 1; - } - - return ossl_i2c_uint64_int(cont, (uint64_t)utmp, neg); -} - -/* - * Absolute value of INT32_MIN: we can't just use -INT32_MIN as it produces - * overflow warnings. - */ - -#define ABS_INT32_MIN ((uint32_t)INT32_MAX + 1) - -static int uint32_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, - int utype, char *free_cont, const ASN1_ITEM *it) -{ - uint64_t utmp = 0; - uint32_t utmp2 = 0; - char *cp; - int neg = 0; - - if (*pval == NULL && !uint64_new(pval, it)) - return 0; - - cp = (char *)*pval; - - /* - * Strictly speaking, zero length is malformed. However, long_c2i - * (x_long.c) encodes 0 as a zero length INTEGER (wrongly, of course), - * so for the sake of backward compatibility, we still decode zero - * length INTEGERs as the number zero. - */ - if (len == 0) - goto long_compat; - - if (!ossl_c2i_uint64_int(&utmp, &neg, &cont, len)) - return 0; - if ((it->size & INTxx_FLAG_SIGNED) == 0 && neg) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_ILLEGAL_NEGATIVE_VALUE); - return 0; - } - if (neg) { - if (utmp > ABS_INT32_MIN) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_TOO_SMALL); - return 0; - } - utmp = 0 - utmp; - } else { - if (((it->size & INTxx_FLAG_SIGNED) != 0 && utmp > INT32_MAX) - || ((it->size & INTxx_FLAG_SIGNED) == 0 && utmp > UINT32_MAX)) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_TOO_LARGE); - return 0; - } - } - - long_compat: - utmp2 = (uint32_t)utmp; - memcpy(cp, &utmp2, sizeof(utmp2)); - return 1; -} - -static int uint32_print(BIO *out, const ASN1_VALUE **pval, const ASN1_ITEM *it, - int indent, const ASN1_PCTX *pctx) -{ - if ((it->size & INTxx_FLAG_SIGNED) == INTxx_FLAG_SIGNED) - return BIO_printf(out, "%d\n", **(int32_t **)pval); - return BIO_printf(out, "%u\n", **(uint32_t **)pval); -} - - -/* Define the primitives themselves */ - -static ASN1_PRIMITIVE_FUNCS uint32_pf = { - NULL, 0, - uint32_new, - uint32_free, - uint32_clear, - uint32_c2i, - uint32_i2c, - uint32_print -}; - -static ASN1_PRIMITIVE_FUNCS uint64_pf = { - NULL, 0, - uint64_new, - uint64_free, - uint64_clear, - uint64_c2i, - uint64_i2c, - uint64_print -}; - -ASN1_ITEM_start(INT32) - ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &uint32_pf, - INTxx_FLAG_SIGNED, "INT32" -ASN1_ITEM_end(INT32) - -ASN1_ITEM_start(UINT32) - ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &uint32_pf, 0, "UINT32" -ASN1_ITEM_end(UINT32) - -ASN1_ITEM_start(INT64) - ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &uint64_pf, - INTxx_FLAG_SIGNED, "INT64" -ASN1_ITEM_end(INT64) - -ASN1_ITEM_start(UINT64) - ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &uint64_pf, 0, "UINT64" -ASN1_ITEM_end(UINT64) - -ASN1_ITEM_start(ZINT32) - ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &uint32_pf, - INTxx_FLAG_ZERO_DEFAULT|INTxx_FLAG_SIGNED, "ZINT32" -ASN1_ITEM_end(ZINT32) - -ASN1_ITEM_start(ZUINT32) - ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &uint32_pf, - INTxx_FLAG_ZERO_DEFAULT, "ZUINT32" -ASN1_ITEM_end(ZUINT32) - -ASN1_ITEM_start(ZINT64) - ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &uint64_pf, - INTxx_FLAG_ZERO_DEFAULT|INTxx_FLAG_SIGNED, "ZINT64" -ASN1_ITEM_end(ZINT64) - -ASN1_ITEM_start(ZUINT64) - ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &uint64_pf, - INTxx_FLAG_ZERO_DEFAULT, "ZUINT64" -ASN1_ITEM_end(ZUINT64) - diff --git a/crypto/asn1/x_long.c b/crypto/asn1/x_long.c deleted file mode 100644 index 0685780f08a00b1db405e0092c37fe8db307527e..0000000000000000000000000000000000000000 --- a/crypto/asn1/x_long.c +++ /dev/null @@ -1,196 +0,0 @@ -/* - * Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/cryptlib.h" -#include - -#define COPY_SIZE(a, b) (sizeof(a) < sizeof(b) ? sizeof(a) : sizeof(b)) - -/* - * Custom primitive type for long handling. This converts between an - * ASN1_INTEGER and a long directly. - */ - -static int long_new(ASN1_VALUE **pval, const ASN1_ITEM *it); -static void long_free(ASN1_VALUE **pval, const ASN1_ITEM *it); - -static int long_i2c(const ASN1_VALUE **pval, unsigned char *cont, int *putype, - const ASN1_ITEM *it); -static int long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, - int utype, char *free_cont, const ASN1_ITEM *it); -static int long_print(BIO *out, const ASN1_VALUE **pval, const ASN1_ITEM *it, - int indent, const ASN1_PCTX *pctx); - -static ASN1_PRIMITIVE_FUNCS long_pf = { - NULL, 0, - long_new, - long_free, - long_free, /* Clear should set to initial value */ - long_c2i, - long_i2c, - long_print -}; - -ASN1_ITEM_start(LONG) - ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &long_pf, ASN1_LONG_UNDEF, "LONG" -ASN1_ITEM_end(LONG) - -ASN1_ITEM_start(ZLONG) - ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &long_pf, 0, "ZLONG" -ASN1_ITEM_end(ZLONG) - -static int long_new(ASN1_VALUE **pval, const ASN1_ITEM *it) -{ - memcpy(pval, &it->size, COPY_SIZE(*pval, it->size)); - return 1; -} - -static void long_free(ASN1_VALUE **pval, const ASN1_ITEM *it) -{ - memcpy(pval, &it->size, COPY_SIZE(*pval, it->size)); -} - -/* - * Originally BN_num_bits_word was called to perform this operation, but - * trouble is that there is no guarantee that sizeof(long) equals to - * sizeof(BN_ULONG). BN_ULONG is a configurable type that can be as wide - * as long, but also double or half... - */ -static int num_bits_ulong(unsigned long value) -{ - size_t i; - unsigned long ret = 0; - - /* - * It is argued that *on average* constant counter loop performs - * not worse [if not better] than one with conditional break or - * mask-n-table-lookup-style, because of branch misprediction - * penalties. - */ - for (i = 0; i < sizeof(value) * 8; i++) { - ret += (value != 0); - value >>= 1; - } - - return (int)ret; -} - -static int long_i2c(const ASN1_VALUE **pval, unsigned char *cont, int *putype, - const ASN1_ITEM *it) -{ - long ltmp; - unsigned long utmp, sign; - int clen, pad, i; - - memcpy(<mp, pval, COPY_SIZE(*pval, ltmp)); - if (ltmp == it->size) - return -1; - /* - * Convert the long to positive: we subtract one if negative so we can - * cleanly handle the padding if only the MSB of the leading octet is - * set. - */ - if (ltmp < 0) { - sign = 0xff; - utmp = 0 - (unsigned long)ltmp - 1; - } else { - sign = 0; - utmp = ltmp; - } - clen = num_bits_ulong(utmp); - /* If MSB of leading octet set we need to pad */ - if (!(clen & 0x7)) - pad = 1; - else - pad = 0; - - /* Convert number of bits to number of octets */ - clen = (clen + 7) >> 3; - - if (cont != NULL) { - if (pad) - *cont++ = (unsigned char)sign; - for (i = clen - 1; i >= 0; i--) { - cont[i] = (unsigned char)(utmp ^ sign); - utmp >>= 8; - } - } - return clen + pad; -} - -static int long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, - int utype, char *free_cont, const ASN1_ITEM *it) -{ - int i; - long ltmp; - unsigned long utmp = 0, sign = 0x100; - - if (len > 1) { - /* - * Check possible pad byte. Worst case, we're skipping past actual - * content, but since that's only with 0x00 and 0xff and we set neg - * accordingly, the result will be correct in the end anyway. - */ - switch (cont[0]) { - case 0xff: - cont++; - len--; - sign = 0xff; - break; - case 0: - cont++; - len--; - sign = 0; - break; - } - } - if (len > (int)sizeof(long)) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG); - return 0; - } - - if (sign == 0x100) { - /* Is it negative? */ - if (len && (cont[0] & 0x80)) - sign = 0xff; - else - sign = 0; - } else if (((sign ^ cont[0]) & 0x80) == 0) { /* same sign bit? */ - ERR_raise(ERR_LIB_ASN1, ASN1_R_ILLEGAL_PADDING); - return 0; - } - utmp = 0; - for (i = 0; i < len; i++) { - utmp <<= 8; - utmp |= cont[i] ^ sign; - } - ltmp = (long)utmp; - if (ltmp < 0) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG); - return 0; - } - if (sign) - ltmp = -ltmp - 1; - if (ltmp == it->size) { - ERR_raise(ERR_LIB_ASN1, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG); - return 0; - } - memcpy(pval, <mp, COPY_SIZE(*pval, ltmp)); - return 1; -} - -static int long_print(BIO *out, const ASN1_VALUE **pval, const ASN1_ITEM *it, - int indent, const ASN1_PCTX *pctx) -{ - long l; - - memcpy(&l, pval, COPY_SIZE(*pval, l)); - return BIO_printf(out, "%ld\n", l); -} diff --git a/crypto/asn1/x_pkey.c b/crypto/asn1/x_pkey.c deleted file mode 100644 index b63c7c6489f4ef083bd85d4f079eff564d8c64f6..0000000000000000000000000000000000000000 --- a/crypto/asn1/x_pkey.c +++ /dev/null @@ -1,47 +0,0 @@ -/* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/cryptlib.h" -#include -#include -#include - -X509_PKEY *X509_PKEY_new(void) -{ - X509_PKEY *ret = NULL; - - ret = OPENSSL_zalloc(sizeof(*ret)); - if (ret == NULL) - goto err; - - ret->enc_algor = X509_ALGOR_new(); - ret->enc_pkey = ASN1_OCTET_STRING_new(); - if (ret->enc_algor == NULL || ret->enc_pkey == NULL) - goto err; - - return ret; -err: - X509_PKEY_free(ret); - ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); - return NULL; -} - -void X509_PKEY_free(X509_PKEY *x) -{ - if (x == NULL) - return; - - X509_ALGOR_free(x->enc_algor); - ASN1_OCTET_STRING_free(x->enc_pkey); - EVP_PKEY_free(x->dec_pkey); - if (x->key_free) - OPENSSL_free(x->key_data); - OPENSSL_free(x); -} diff --git a/crypto/asn1/x_sig.c b/crypto/asn1/x_sig.c deleted file mode 100644 index 759a9566531e9d1ea0b73fe7ddda0314f9e1fd1f..0000000000000000000000000000000000000000 --- a/crypto/asn1/x_sig.c +++ /dev/null @@ -1,39 +0,0 @@ -/* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/cryptlib.h" -#include -#include -#include "crypto/x509.h" - -ASN1_SEQUENCE(X509_SIG) = { - ASN1_SIMPLE(X509_SIG, algor, X509_ALGOR), - ASN1_SIMPLE(X509_SIG, digest, ASN1_OCTET_STRING) -} ASN1_SEQUENCE_END(X509_SIG) - -IMPLEMENT_ASN1_FUNCTIONS(X509_SIG) - -void X509_SIG_get0(const X509_SIG *sig, const X509_ALGOR **palg, - const ASN1_OCTET_STRING **pdigest) -{ - if (palg) - *palg = sig->algor; - if (pdigest) - *pdigest = sig->digest; -} - -void X509_SIG_getm(X509_SIG *sig, X509_ALGOR **palg, - ASN1_OCTET_STRING **pdigest) -{ - if (palg) - *palg = sig->algor; - if (pdigest) - *pdigest = sig->digest; -} diff --git a/crypto/asn1/x_spki.c b/crypto/asn1/x_spki.c deleted file mode 100644 index 2d7de66eb79cb9363933bd411705e2d1f05a2753..0000000000000000000000000000000000000000 --- a/crypto/asn1/x_spki.c +++ /dev/null @@ -1,28 +0,0 @@ -/* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/cryptlib.h" -#include -#include - -ASN1_SEQUENCE(NETSCAPE_SPKAC) = { - ASN1_SIMPLE(NETSCAPE_SPKAC, pubkey, X509_PUBKEY), - ASN1_SIMPLE(NETSCAPE_SPKAC, challenge, ASN1_IA5STRING) -} ASN1_SEQUENCE_END(NETSCAPE_SPKAC) - -IMPLEMENT_ASN1_FUNCTIONS(NETSCAPE_SPKAC) - -ASN1_SEQUENCE(NETSCAPE_SPKI) = { - ASN1_SIMPLE(NETSCAPE_SPKI, spkac, NETSCAPE_SPKAC), - ASN1_EMBED(NETSCAPE_SPKI, sig_algor, X509_ALGOR), - ASN1_SIMPLE(NETSCAPE_SPKI, signature, ASN1_BIT_STRING) -} ASN1_SEQUENCE_END(NETSCAPE_SPKI) - -IMPLEMENT_ASN1_FUNCTIONS(NETSCAPE_SPKI) diff --git a/crypto/asn1/x_val.c b/crypto/asn1/x_val.c deleted file mode 100644 index a4e57cbcc714f39f1d5b6a15a520bcfaea375620..0000000000000000000000000000000000000000 --- a/crypto/asn1/x_val.c +++ /dev/null @@ -1,20 +0,0 @@ -/* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/cryptlib.h" -#include -#include - -ASN1_SEQUENCE(X509_VAL) = { - ASN1_SIMPLE(X509_VAL, notBefore, ASN1_TIME), - ASN1_SIMPLE(X509_VAL, notAfter, ASN1_TIME) -} ASN1_SEQUENCE_END(X509_VAL) - -IMPLEMENT_ASN1_FUNCTIONS(X509_VAL) diff --git a/crypto/asn1_dsa.c b/crypto/asn1_dsa.c deleted file mode 100644 index 0782fe7c2a54e7e23fcc73c776837414591c30f8..0000000000000000000000000000000000000000 --- a/crypto/asn1_dsa.c +++ /dev/null @@ -1,252 +0,0 @@ -/* - * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * A simple ASN.1 DER encoder/decoder for DSA-Sig-Value and ECDSA-Sig-Value. - * - * DSA-Sig-Value ::= SEQUENCE { - * r INTEGER, - * s INTEGER - * } - * - * ECDSA-Sig-Value ::= SEQUENCE { - * r INTEGER, - * s INTEGER - * } - */ - -#include -#include -#include "crypto/asn1_dsa.h" -#include "internal/packet.h" - -#define ID_SEQUENCE 0x30 -#define ID_INTEGER 0x02 - -/* - * Outputs the encoding of the length octets for a DER value with a content - * length of cont_len bytes to pkt. The maximum supported content length is - * 65535 (0xffff) bytes. - * - * Returns 1 on success or 0 on error. - */ -int ossl_encode_der_length(WPACKET *pkt, size_t cont_len) -{ - if (cont_len > 0xffff) - return 0; /* Too large for supported length encodings */ - - if (cont_len > 0xff) { - if (!WPACKET_put_bytes_u8(pkt, 0x82) - || !WPACKET_put_bytes_u16(pkt, cont_len)) - return 0; - } else { - if (cont_len > 0x7f - && !WPACKET_put_bytes_u8(pkt, 0x81)) - return 0; - if (!WPACKET_put_bytes_u8(pkt, cont_len)) - return 0; - } - - return 1; -} - -/* - * Outputs the DER encoding of a positive ASN.1 INTEGER to pkt. - * - * Results in an error if n is negative or too large. - * - * Returns 1 on success or 0 on error. - */ -int ossl_encode_der_integer(WPACKET *pkt, const BIGNUM *n) -{ - unsigned char *bnbytes; - size_t cont_len; - - if (BN_is_negative(n)) - return 0; - - /* - * Calculate the ASN.1 INTEGER DER content length for n. - * This is the number of whole bytes required to represent n (i.e. rounded - * down), plus one. - * If n is zero then the content is a single zero byte (length = 1). - * If the number of bits of n is a multiple of 8 then an extra zero padding - * byte is included to ensure that the value is still treated as positive - * in the INTEGER two's complement representation. - */ - cont_len = BN_num_bits(n) / 8 + 1; - - if (!WPACKET_start_sub_packet(pkt) - || !WPACKET_put_bytes_u8(pkt, ID_INTEGER) - || !ossl_encode_der_length(pkt, cont_len) - || !WPACKET_allocate_bytes(pkt, cont_len, &bnbytes) - || !WPACKET_close(pkt)) - return 0; - - if (bnbytes != NULL - && BN_bn2binpad(n, bnbytes, (int)cont_len) != (int)cont_len) - return 0; - - return 1; -} - -/* - * Outputs the DER encoding of a DSA-Sig-Value or ECDSA-Sig-Value to pkt. pkt - * may be initialised with a NULL buffer which enables pkt to be used to - * calculate how many bytes would be needed. - * - * Returns 1 on success or 0 on error. - */ -int ossl_encode_der_dsa_sig(WPACKET *pkt, const BIGNUM *r, const BIGNUM *s) -{ - WPACKET tmppkt, *dummypkt; - size_t cont_len; - int isnull = WPACKET_is_null_buf(pkt); - - if (!WPACKET_start_sub_packet(pkt)) - return 0; - - if (!isnull) { - if (!WPACKET_init_null(&tmppkt, 0)) - return 0; - dummypkt = &tmppkt; - } else { - /* If the input packet has a NULL buffer, we don't need a dummy packet */ - dummypkt = pkt; - } - - /* Calculate the content length */ - if (!ossl_encode_der_integer(dummypkt, r) - || !ossl_encode_der_integer(dummypkt, s) - || !WPACKET_get_length(dummypkt, &cont_len) - || (!isnull && !WPACKET_finish(dummypkt))) { - if (!isnull) - WPACKET_cleanup(dummypkt); - return 0; - } - - /* Add the tag and length bytes */ - if (!WPACKET_put_bytes_u8(pkt, ID_SEQUENCE) - || !ossl_encode_der_length(pkt, cont_len) - /* - * Really encode the integers. We already wrote to the main pkt - * if it had a NULL buffer, so don't do it again - */ - || (!isnull && !ossl_encode_der_integer(pkt, r)) - || (!isnull && !ossl_encode_der_integer(pkt, s)) - || !WPACKET_close(pkt)) - return 0; - - return 1; -} - -/* - * Decodes the DER length octets in pkt and initialises subpkt with the - * following bytes of that length. - * - * Returns 1 on success or 0 on failure. - */ -int ossl_decode_der_length(PACKET *pkt, PACKET *subpkt) -{ - unsigned int byte; - - if (!PACKET_get_1(pkt, &byte)) - return 0; - - if (byte < 0x80) - return PACKET_get_sub_packet(pkt, subpkt, (size_t)byte); - if (byte == 0x81) - return PACKET_get_length_prefixed_1(pkt, subpkt); - if (byte == 0x82) - return PACKET_get_length_prefixed_2(pkt, subpkt); - - /* Too large, invalid, or not DER. */ - return 0; -} - -/* - * Decodes a single ASN.1 INTEGER value from pkt, which must be DER encoded, - * and updates n with the decoded value. - * - * The BIGNUM, n, must have already been allocated by calling BN_new(). - * pkt must not be NULL. - * - * An attempt to consume more than len bytes results in an error. - * Returns 1 on success or 0 on error. - * - * If the PACKET is supposed to only contain a single INTEGER value with no - * trailing garbage then it is up to the caller to verify that all bytes - * were consumed. - */ -int ossl_decode_der_integer(PACKET *pkt, BIGNUM *n) -{ - PACKET contpkt, tmppkt; - unsigned int tag, tmp; - - /* Check we have an integer and get the content bytes */ - if (!PACKET_get_1(pkt, &tag) - || tag != ID_INTEGER - || !ossl_decode_der_length(pkt, &contpkt)) - return 0; - - /* Peek ahead at the first bytes to check for proper encoding */ - tmppkt = contpkt; - /* The INTEGER must be positive */ - if (!PACKET_get_1(&tmppkt, &tmp) - || (tmp & 0x80) != 0) - return 0; - /* If there a zero padding byte the next byte must have the msb set */ - if (PACKET_remaining(&tmppkt) > 0 && tmp == 0) { - if (!PACKET_get_1(&tmppkt, &tmp) - || (tmp & 0x80) == 0) - return 0; - } - - if (BN_bin2bn(PACKET_data(&contpkt), - (int)PACKET_remaining(&contpkt), n) == NULL) - return 0; - - return 1; -} - -/* - * Decodes a single DSA-Sig-Value or ECDSA-Sig-Value from *ppin, which must be - * DER encoded, updates r and s with the decoded values, and increments *ppin - * past the data that was consumed. - * - * The BIGNUMs, r and s, must have already been allocated by calls to BN_new(). - * ppin and *ppin must not be NULL. - * - * An attempt to consume more than len bytes results in an error. - * Returns the number of bytes of input consumed or 0 if an error occurs. - * - * If the buffer is supposed to only contain a single [EC]DSA-Sig-Value with no - * trailing garbage then it is up to the caller to verify that all bytes - * were consumed. - */ -size_t ossl_decode_der_dsa_sig(BIGNUM *r, BIGNUM *s, - const unsigned char **ppin, size_t len) -{ - size_t consumed; - PACKET pkt, contpkt; - unsigned int tag; - - if (!PACKET_buf_init(&pkt, *ppin, len) - || !PACKET_get_1(&pkt, &tag) - || tag != ID_SEQUENCE - || !ossl_decode_der_length(&pkt, &contpkt) - || !ossl_decode_der_integer(&contpkt, r) - || !ossl_decode_der_integer(&contpkt, s) - || PACKET_remaining(&contpkt) != 0) - return 0; - - consumed = PACKET_data(&pkt) - *ppin; - *ppin += consumed; - return consumed; -} diff --git a/crypto/async/arch/async_null.c b/crypto/async/arch/async_null.c deleted file mode 100644 index 675c1d35bf0cc2c43c3627f50f20511a1cb036e7..0000000000000000000000000000000000000000 --- a/crypto/async/arch/async_null.c +++ /dev/null @@ -1,23 +0,0 @@ -/* - * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* This must be the first #include file */ -#include "../async_local.h" - -#ifdef ASYNC_NULL -int ASYNC_is_capable(void) -{ - return 0; -} - -void async_local_cleanup(void) -{ -} -#endif - diff --git a/crypto/async/arch/async_null.h b/crypto/async/arch/async_null.h deleted file mode 100644 index c62aba69a874267fb7306192a62f830d69528e77..0000000000000000000000000000000000000000 --- a/crypto/async/arch/async_null.h +++ /dev/null @@ -1,30 +0,0 @@ -/* - * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include - -/* - * If we haven't managed to detect any other async architecture then we default - * to NULL. - */ -#ifndef ASYNC_ARCH -# define ASYNC_NULL -# define ASYNC_ARCH - -typedef struct async_fibre_st { - int dummy; -} async_fibre; - - -# define async_fibre_swapcontext(o,n,r) 0 -# define async_fibre_makecontext(c) 0 -# define async_fibre_free(f) -# define async_fibre_init_dispatcher(f) - -#endif diff --git a/crypto/async/arch/async_posix.c b/crypto/async/arch/async_posix.c deleted file mode 100644 index e107e09a352f552d0dff20a5e4811dcad84bd612..0000000000000000000000000000000000000000 --- a/crypto/async/arch/async_posix.c +++ /dev/null @@ -1,60 +0,0 @@ -/* - * Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* This must be the first #include file */ -#include "../async_local.h" - -#ifdef ASYNC_POSIX - -# include -# include - -#define STACKSIZE 32768 - -int ASYNC_is_capable(void) -{ - ucontext_t ctx; - - /* - * Some platforms provide getcontext() but it does not work (notably - * MacOSX PPC64). Check for a working getcontext(); - */ - return getcontext(&ctx) == 0; -} - -void async_local_cleanup(void) -{ -} - -int async_fibre_makecontext(async_fibre *fibre) -{ -#ifndef USE_SWAPCONTEXT - fibre->env_init = 0; -#endif - if (getcontext(&fibre->fibre) == 0) { - fibre->fibre.uc_stack.ss_sp = OPENSSL_malloc(STACKSIZE); - if (fibre->fibre.uc_stack.ss_sp != NULL) { - fibre->fibre.uc_stack.ss_size = STACKSIZE; - fibre->fibre.uc_link = NULL; - makecontext(&fibre->fibre, async_start_func, 0); - return 1; - } - } else { - fibre->fibre.uc_stack.ss_sp = NULL; - } - return 0; -} - -void async_fibre_free(async_fibre *fibre) -{ - OPENSSL_free(fibre->fibre.uc_stack.ss_sp); - fibre->fibre.uc_stack.ss_sp = NULL; -} - -#endif diff --git a/crypto/async/arch/async_posix.h b/crypto/async/arch/async_posix.h deleted file mode 100644 index a17c6b8e68af2dd067f5e4671baf281a412eb35e..0000000000000000000000000000000000000000 --- a/crypto/async/arch/async_posix.h +++ /dev/null @@ -1,89 +0,0 @@ -/* - * Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#ifndef OSSL_CRYPTO_ASYNC_POSIX_H -#define OSSL_CRYPTO_ASYNC_POSIX_H -#include - -#if defined(OPENSSL_SYS_UNIX) \ - && defined(OPENSSL_THREADS) && !defined(OPENSSL_NO_ASYNC) \ - && !defined(__ANDROID__) && !defined(__OpenBSD__) - -# include - -# if _POSIX_VERSION >= 200112L \ - && (_POSIX_VERSION < 200809L || defined(__GLIBC__)) - -# include - -# define ASYNC_POSIX -# define ASYNC_ARCH - -# if defined(__CET__) || defined(__ia64__) -/* - * When Intel CET is enabled, makecontext will create a different - * shadow stack for each context. async_fibre_swapcontext cannot - * use _longjmp. It must call swapcontext to swap shadow stack as - * well as normal stack. - * On IA64 the register stack engine is not saved across setjmp/longjmp. Here - * swapcontext() performs correctly. - */ -# define USE_SWAPCONTEXT -# endif -# if defined(__aarch64__) && defined(__clang__) \ - && defined(__ARM_FEATURE_BTI_DEFAULT) && __ARM_FEATURE_BTI_DEFAULT == 1 -/* - * setjmp/longjmp don't currently work with BTI on all libc implementations - * when compiled by clang. This is because clang doesn't put a BTI after the - * call to setjmp where it returns the second time. This then fails on libc - * implementations - notably glibc - which use an indirect jump to there. - * So use the swapcontext implementation, which does work. - * See https://github.com/llvm/llvm-project/issues/48888. - */ -# define USE_SWAPCONTEXT -# endif -# include -# ifndef USE_SWAPCONTEXT -# include -# endif - -typedef struct async_fibre_st { - ucontext_t fibre; -# ifndef USE_SWAPCONTEXT - jmp_buf env; - int env_init; -# endif -} async_fibre; - -static ossl_inline int async_fibre_swapcontext(async_fibre *o, async_fibre *n, int r) -{ -# ifdef USE_SWAPCONTEXT - swapcontext(&o->fibre, &n->fibre); -# else - o->env_init = 1; - - if (!r || !_setjmp(o->env)) { - if (n->env_init) - _longjmp(n->env, 1); - else - setcontext(&n->fibre); - } -# endif - - return 1; -} - -# define async_fibre_init_dispatcher(d) - -int async_fibre_makecontext(async_fibre *fibre); -void async_fibre_free(async_fibre *fibre); - -# endif -#endif -#endif /* OSSL_CRYPTO_ASYNC_POSIX_H */ diff --git a/crypto/async/arch/async_win.c b/crypto/async/arch/async_win.c deleted file mode 100644 index 0b276fd504d8ce6320a7443ad22dc7005ba8daba..0000000000000000000000000000000000000000 --- a/crypto/async/arch/async_win.c +++ /dev/null @@ -1,59 +0,0 @@ -/* - * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* This must be the first #include file */ -#include "../async_local.h" - -#ifdef ASYNC_WIN - -# include -# include "internal/cryptlib.h" - -int ASYNC_is_capable(void) -{ - return 1; -} - -void async_local_cleanup(void) -{ - async_ctx *ctx = async_get_ctx(); - if (ctx != NULL) { - async_fibre *fibre = &ctx->dispatcher; - if (fibre != NULL && fibre->fibre != NULL && fibre->converted) { - ConvertFiberToThread(); - fibre->fibre = NULL; - } - } -} - -int async_fibre_init_dispatcher(async_fibre *fibre) -{ -# if defined(_WIN32_WINNT) && _WIN32_WINNT >= 0x600 - fibre->fibre = ConvertThreadToFiberEx(NULL, FIBER_FLAG_FLOAT_SWITCH); -# else - fibre->fibre = ConvertThreadToFiber(NULL); -# endif - if (fibre->fibre == NULL) { - fibre->converted = 0; - fibre->fibre = GetCurrentFiber(); - if (fibre->fibre == NULL) - return 0; - } else { - fibre->converted = 1; - } - - return 1; -} - -VOID CALLBACK async_start_func_win(PVOID unused) -{ - async_start_func(); -} - -#endif diff --git a/crypto/async/arch/async_win.h b/crypto/async/arch/async_win.h deleted file mode 100644 index 0fab95996e275b54b1bd4520564d058bfcd48172..0000000000000000000000000000000000000000 --- a/crypto/async/arch/async_win.h +++ /dev/null @@ -1,44 +0,0 @@ -/* - * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * This is the same detection used in cryptlib to set up the thread local - * storage that we depend on, so just copy that - */ -#if defined(_WIN32) && !defined(OPENSSL_NO_ASYNC) -#include -# define ASYNC_WIN -# define ASYNC_ARCH - -# include -# include "internal/cryptlib.h" - -typedef struct async_fibre_st { - LPVOID fibre; - int converted; -} async_fibre; - -# define async_fibre_swapcontext(o,n,r) \ - (SwitchToFiber((n)->fibre), 1) - -# if defined(_WIN32_WINNT) && _WIN32_WINNT >= 0x600 -# define async_fibre_makecontext(c) \ - ((c)->fibre = CreateFiberEx(0, 0, FIBER_FLAG_FLOAT_SWITCH, \ - async_start_func_win, 0)) -# else -# define async_fibre_makecontext(c) \ - ((c)->fibre = CreateFiber(0, async_start_func_win, 0)) -# endif - -# define async_fibre_free(f) (DeleteFiber((f)->fibre)) - -int async_fibre_init_dispatcher(async_fibre *fibre); -VOID CALLBACK async_start_func_win(PVOID unused); - -#endif diff --git a/crypto/async/async.c b/crypto/async/async.c deleted file mode 100644 index a320d455b7bb7a61bc8a116305c4c49d0fdf1553..0000000000000000000000000000000000000000 --- a/crypto/async/async.c +++ /dev/null @@ -1,487 +0,0 @@ -/* - * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * Without this we start getting longjmp crashes because it thinks we're jumping - * up the stack when in fact we are jumping to an entirely different stack. The - * cost of this is not having certain buffer overrun/underrun checks etc for - * this source file :-( - */ -#undef _FORTIFY_SOURCE - -/* This must be the first #include file */ -#include "async_local.h" - -#include -#include "crypto/cryptlib.h" -#include - -#define ASYNC_JOB_RUNNING 0 -#define ASYNC_JOB_PAUSING 1 -#define ASYNC_JOB_PAUSED 2 -#define ASYNC_JOB_STOPPING 3 - -static CRYPTO_THREAD_LOCAL ctxkey; -static CRYPTO_THREAD_LOCAL poolkey; - -static void async_delete_thread_state(void *arg); - -static async_ctx *async_ctx_new(void) -{ - async_ctx *nctx; - - if (!ossl_init_thread_start(NULL, NULL, async_delete_thread_state)) - return NULL; - - nctx = OPENSSL_malloc(sizeof(*nctx)); - if (nctx == NULL) { - ERR_raise(ERR_LIB_ASYNC, ERR_R_MALLOC_FAILURE); - goto err; - } - - async_fibre_init_dispatcher(&nctx->dispatcher); - nctx->currjob = NULL; - nctx->blocked = 0; - if (!CRYPTO_THREAD_set_local(&ctxkey, nctx)) - goto err; - - return nctx; -err: - OPENSSL_free(nctx); - - return NULL; -} - -async_ctx *async_get_ctx(void) -{ - return (async_ctx *)CRYPTO_THREAD_get_local(&ctxkey); -} - -static int async_ctx_free(void) -{ - async_ctx *ctx; - - ctx = async_get_ctx(); - - if (!CRYPTO_THREAD_set_local(&ctxkey, NULL)) - return 0; - - OPENSSL_free(ctx); - - return 1; -} - -static ASYNC_JOB *async_job_new(void) -{ - ASYNC_JOB *job = NULL; - - job = OPENSSL_zalloc(sizeof(*job)); - if (job == NULL) { - ERR_raise(ERR_LIB_ASYNC, ERR_R_MALLOC_FAILURE); - return NULL; - } - - job->status = ASYNC_JOB_RUNNING; - - return job; -} - -static void async_job_free(ASYNC_JOB *job) -{ - if (job != NULL) { - OPENSSL_free(job->funcargs); - async_fibre_free(&job->fibrectx); - OPENSSL_free(job); - } -} - -static ASYNC_JOB *async_get_pool_job(void) { - ASYNC_JOB *job; - async_pool *pool; - - pool = (async_pool *)CRYPTO_THREAD_get_local(&poolkey); - if (pool == NULL) { - /* - * Pool has not been initialised, so init with the defaults, i.e. - * no max size and no pre-created jobs - */ - if (ASYNC_init_thread(0, 0) == 0) - return NULL; - pool = (async_pool *)CRYPTO_THREAD_get_local(&poolkey); - } - - job = sk_ASYNC_JOB_pop(pool->jobs); - if (job == NULL) { - /* Pool is empty */ - if ((pool->max_size != 0) && (pool->curr_size >= pool->max_size)) - return NULL; - - job = async_job_new(); - if (job != NULL) { - if (! async_fibre_makecontext(&job->fibrectx)) { - async_job_free(job); - return NULL; - } - pool->curr_size++; - } - } - return job; -} - -static void async_release_job(ASYNC_JOB *job) { - async_pool *pool; - - pool = (async_pool *)CRYPTO_THREAD_get_local(&poolkey); - if (pool == NULL) { - ERR_raise(ERR_LIB_ASYNC, ERR_R_INTERNAL_ERROR); - return; - } - OPENSSL_free(job->funcargs); - job->funcargs = NULL; - sk_ASYNC_JOB_push(pool->jobs, job); -} - -void async_start_func(void) -{ - ASYNC_JOB *job; - async_ctx *ctx = async_get_ctx(); - - if (ctx == NULL) { - ERR_raise(ERR_LIB_ASYNC, ERR_R_INTERNAL_ERROR); - return; - } - while (1) { - /* Run the job */ - job = ctx->currjob; - job->ret = job->func(job->funcargs); - - /* Stop the job */ - job->status = ASYNC_JOB_STOPPING; - if (!async_fibre_swapcontext(&job->fibrectx, - &ctx->dispatcher, 1)) { - /* - * Should not happen. Getting here will close the thread...can't do - * much about it - */ - ERR_raise(ERR_LIB_ASYNC, ASYNC_R_FAILED_TO_SWAP_CONTEXT); - } - } -} - -int ASYNC_start_job(ASYNC_JOB **job, ASYNC_WAIT_CTX *wctx, int *ret, - int (*func)(void *), void *args, size_t size) -{ - async_ctx *ctx; - OSSL_LIB_CTX *libctx; - - if (!OPENSSL_init_crypto(OPENSSL_INIT_ASYNC, NULL)) - return ASYNC_ERR; - - ctx = async_get_ctx(); - if (ctx == NULL) - ctx = async_ctx_new(); - if (ctx == NULL) - return ASYNC_ERR; - - if (*job != NULL) - ctx->currjob = *job; - - for (;;) { - if (ctx->currjob != NULL) { - if (ctx->currjob->status == ASYNC_JOB_STOPPING) { - *ret = ctx->currjob->ret; - ctx->currjob->waitctx = NULL; - async_release_job(ctx->currjob); - ctx->currjob = NULL; - *job = NULL; - return ASYNC_FINISH; - } - - if (ctx->currjob->status == ASYNC_JOB_PAUSING) { - *job = ctx->currjob; - ctx->currjob->status = ASYNC_JOB_PAUSED; - ctx->currjob = NULL; - return ASYNC_PAUSE; - } - - if (ctx->currjob->status == ASYNC_JOB_PAUSED) { - if (*job == NULL) - return ASYNC_ERR; - ctx->currjob = *job; - - /* - * Restore the default libctx to what it was the last time the - * fibre ran - */ - libctx = OSSL_LIB_CTX_set0_default(ctx->currjob->libctx); - if (libctx == NULL) { - /* Failed to set the default context */ - ERR_raise(ERR_LIB_ASYNC, ERR_R_INTERNAL_ERROR); - goto err; - } - /* Resume previous job */ - if (!async_fibre_swapcontext(&ctx->dispatcher, - &ctx->currjob->fibrectx, 1)) { - ctx->currjob->libctx = OSSL_LIB_CTX_set0_default(libctx); - ERR_raise(ERR_LIB_ASYNC, ASYNC_R_FAILED_TO_SWAP_CONTEXT); - goto err; - } - /* - * In case the fibre changed the default libctx we set it back - * again to what it was originally, and remember what it had - * been changed to. - */ - ctx->currjob->libctx = OSSL_LIB_CTX_set0_default(libctx); - continue; - } - - /* Should not happen */ - ERR_raise(ERR_LIB_ASYNC, ERR_R_INTERNAL_ERROR); - async_release_job(ctx->currjob); - ctx->currjob = NULL; - *job = NULL; - return ASYNC_ERR; - } - - /* Start a new job */ - if ((ctx->currjob = async_get_pool_job()) == NULL) - return ASYNC_NO_JOBS; - - if (args != NULL) { - ctx->currjob->funcargs = OPENSSL_malloc(size); - if (ctx->currjob->funcargs == NULL) { - ERR_raise(ERR_LIB_ASYNC, ERR_R_MALLOC_FAILURE); - async_release_job(ctx->currjob); - ctx->currjob = NULL; - return ASYNC_ERR; - } - memcpy(ctx->currjob->funcargs, args, size); - } else { - ctx->currjob->funcargs = NULL; - } - - ctx->currjob->func = func; - ctx->currjob->waitctx = wctx; - libctx = ossl_lib_ctx_get_concrete(NULL); - if (!async_fibre_swapcontext(&ctx->dispatcher, - &ctx->currjob->fibrectx, 1)) { - ERR_raise(ERR_LIB_ASYNC, ASYNC_R_FAILED_TO_SWAP_CONTEXT); - goto err; - } - /* - * In case the fibre changed the default libctx we set it back again - * to what it was, and remember what it had been changed to. - */ - ctx->currjob->libctx = OSSL_LIB_CTX_set0_default(libctx); - } - -err: - async_release_job(ctx->currjob); - ctx->currjob = NULL; - *job = NULL; - return ASYNC_ERR; -} - -int ASYNC_pause_job(void) -{ - ASYNC_JOB *job; - async_ctx *ctx = async_get_ctx(); - - if (ctx == NULL - || ctx->currjob == NULL - || ctx->blocked) { - /* - * Could be we've deliberately not been started within a job so this is - * counted as success. - */ - return 1; - } - - job = ctx->currjob; - job->status = ASYNC_JOB_PAUSING; - - if (!async_fibre_swapcontext(&job->fibrectx, - &ctx->dispatcher, 1)) { - ERR_raise(ERR_LIB_ASYNC, ASYNC_R_FAILED_TO_SWAP_CONTEXT); - return 0; - } - /* Reset counts of added and deleted fds */ - async_wait_ctx_reset_counts(job->waitctx); - - return 1; -} - -static void async_empty_pool(async_pool *pool) -{ - ASYNC_JOB *job; - - if (pool == NULL || pool->jobs == NULL) - return; - - do { - job = sk_ASYNC_JOB_pop(pool->jobs); - async_job_free(job); - } while (job); -} - -int async_init(void) -{ - if (!CRYPTO_THREAD_init_local(&ctxkey, NULL)) - return 0; - - if (!CRYPTO_THREAD_init_local(&poolkey, NULL)) { - CRYPTO_THREAD_cleanup_local(&ctxkey); - return 0; - } - - return 1; -} - -void async_deinit(void) -{ - CRYPTO_THREAD_cleanup_local(&ctxkey); - CRYPTO_THREAD_cleanup_local(&poolkey); -} - -int ASYNC_init_thread(size_t max_size, size_t init_size) -{ - async_pool *pool; - size_t curr_size = 0; - - if (init_size > max_size) { - ERR_raise(ERR_LIB_ASYNC, ASYNC_R_INVALID_POOL_SIZE); - return 0; - } - - if (!OPENSSL_init_crypto(OPENSSL_INIT_ASYNC, NULL)) - return 0; - - if (!ossl_init_thread_start(NULL, NULL, async_delete_thread_state)) - return 0; - - pool = OPENSSL_zalloc(sizeof(*pool)); - if (pool == NULL) { - ERR_raise(ERR_LIB_ASYNC, ERR_R_MALLOC_FAILURE); - return 0; - } - - pool->jobs = sk_ASYNC_JOB_new_reserve(NULL, init_size); - if (pool->jobs == NULL) { - ERR_raise(ERR_LIB_ASYNC, ERR_R_MALLOC_FAILURE); - OPENSSL_free(pool); - return 0; - } - - pool->max_size = max_size; - - /* Pre-create jobs as required */ - while (init_size--) { - ASYNC_JOB *job; - job = async_job_new(); - if (job == NULL || !async_fibre_makecontext(&job->fibrectx)) { - /* - * Not actually fatal because we already created the pool, just - * skip creation of any more jobs - */ - async_job_free(job); - break; - } - job->funcargs = NULL; - sk_ASYNC_JOB_push(pool->jobs, job); /* Cannot fail due to reserve */ - curr_size++; - } - pool->curr_size = curr_size; - if (!CRYPTO_THREAD_set_local(&poolkey, pool)) { - ERR_raise(ERR_LIB_ASYNC, ASYNC_R_FAILED_TO_SET_POOL); - goto err; - } - - return 1; -err: - async_empty_pool(pool); - sk_ASYNC_JOB_free(pool->jobs); - OPENSSL_free(pool); - return 0; -} - -static void async_delete_thread_state(void *arg) -{ - async_pool *pool = (async_pool *)CRYPTO_THREAD_get_local(&poolkey); - - if (pool != NULL) { - async_empty_pool(pool); - sk_ASYNC_JOB_free(pool->jobs); - OPENSSL_free(pool); - CRYPTO_THREAD_set_local(&poolkey, NULL); - } - async_local_cleanup(); - async_ctx_free(); -} - -void ASYNC_cleanup_thread(void) -{ - if (!OPENSSL_init_crypto(OPENSSL_INIT_ASYNC, NULL)) - return; - - async_delete_thread_state(NULL); -} - -ASYNC_JOB *ASYNC_get_current_job(void) -{ - async_ctx *ctx; - - if (!OPENSSL_init_crypto(OPENSSL_INIT_ASYNC, NULL)) - return NULL; - - ctx = async_get_ctx(); - if (ctx == NULL) - return NULL; - - return ctx->currjob; -} - -ASYNC_WAIT_CTX *ASYNC_get_wait_ctx(ASYNC_JOB *job) -{ - return job->waitctx; -} - -void ASYNC_block_pause(void) -{ - async_ctx *ctx; - - if (!OPENSSL_init_crypto(OPENSSL_INIT_ASYNC, NULL)) - return; - - ctx = async_get_ctx(); - if (ctx == NULL || ctx->currjob == NULL) { - /* - * We're not in a job anyway so ignore this - */ - return; - } - ctx->blocked++; -} - -void ASYNC_unblock_pause(void) -{ - async_ctx *ctx; - - if (!OPENSSL_init_crypto(OPENSSL_INIT_ASYNC, NULL)) - return; - - ctx = async_get_ctx(); - if (ctx == NULL || ctx->currjob == NULL) { - /* - * We're not in a job anyway so ignore this - */ - return; - } - if (ctx->blocked > 0) - ctx->blocked--; -} diff --git a/crypto/async/async_err.c b/crypto/async/async_err.c deleted file mode 100644 index 34db12fb969c00b373abc29d385c1287bc45b8be..0000000000000000000000000000000000000000 --- a/crypto/async/async_err.c +++ /dev/null @@ -1,37 +0,0 @@ -/* - * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include "crypto/asyncerr.h" - -#ifndef OPENSSL_NO_ERR - -static const ERR_STRING_DATA ASYNC_str_reasons[] = { - {ERR_PACK(ERR_LIB_ASYNC, 0, ASYNC_R_FAILED_TO_SET_POOL), - "failed to set pool"}, - {ERR_PACK(ERR_LIB_ASYNC, 0, ASYNC_R_FAILED_TO_SWAP_CONTEXT), - "failed to swap context"}, - {ERR_PACK(ERR_LIB_ASYNC, 0, ASYNC_R_INIT_FAILED), "init failed"}, - {ERR_PACK(ERR_LIB_ASYNC, 0, ASYNC_R_INVALID_POOL_SIZE), - "invalid pool size"}, - {0, NULL} -}; - -#endif - -int ossl_err_load_ASYNC_strings(void) -{ -#ifndef OPENSSL_NO_ERR - if (ERR_reason_error_string(ASYNC_str_reasons[0].error) == NULL) - ERR_load_strings_const(ASYNC_str_reasons); -#endif - return 1; -} diff --git a/crypto/async/async_local.h b/crypto/async/async_local.h deleted file mode 100644 index c06f413cf604e772e1a51c930d6dbe0216e6c370..0000000000000000000000000000000000000000 --- a/crypto/async/async_local.h +++ /dev/null @@ -1,81 +0,0 @@ -/* - * Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * Must do this before including any header files, because on MacOS/X - * includes which includes - */ -#if defined(__APPLE__) && defined(__MACH__) && !defined(_XOPEN_SOURCE) -# define _XOPEN_SOURCE /* Otherwise incomplete ucontext_t structure */ -# pragma GCC diagnostic ignored "-Wdeprecated-declarations" -#endif - -#if defined(_WIN32) -# include -#endif - -#include "crypto/async.h" -#include - -typedef struct async_ctx_st async_ctx; -typedef struct async_pool_st async_pool; - -#include "arch/async_win.h" -#include "arch/async_posix.h" -#include "arch/async_null.h" - -struct async_ctx_st { - async_fibre dispatcher; - ASYNC_JOB *currjob; - unsigned int blocked; -}; - -struct async_job_st { - async_fibre fibrectx; - int (*func) (void *); - void *funcargs; - int ret; - int status; - ASYNC_WAIT_CTX *waitctx; - OSSL_LIB_CTX *libctx; -}; - -struct fd_lookup_st { - const void *key; - OSSL_ASYNC_FD fd; - void *custom_data; - void (*cleanup)(ASYNC_WAIT_CTX *, const void *, OSSL_ASYNC_FD, void *); - int add; - int del; - struct fd_lookup_st *next; -}; - -struct async_wait_ctx_st { - struct fd_lookup_st *fds; - size_t numadd; - size_t numdel; - ASYNC_callback_fn callback; - void *callback_arg; - int status; -}; - -DEFINE_STACK_OF(ASYNC_JOB) - -struct async_pool_st { - STACK_OF(ASYNC_JOB) *jobs; - size_t curr_size; - size_t max_size; -}; - -void async_local_cleanup(void); -void async_start_func(void); -async_ctx *async_get_ctx(void); - -void async_wait_ctx_reset_counts(ASYNC_WAIT_CTX *ctx); - diff --git a/crypto/async/async_wait.c b/crypto/async/async_wait.c deleted file mode 100644 index df7d29302182280fb27ba37ca3366fda51e28de3..0000000000000000000000000000000000000000 --- a/crypto/async/async_wait.c +++ /dev/null @@ -1,248 +0,0 @@ -/* - * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* This must be the first #include file */ -#include "async_local.h" - -#include - -ASYNC_WAIT_CTX *ASYNC_WAIT_CTX_new(void) -{ - return OPENSSL_zalloc(sizeof(ASYNC_WAIT_CTX)); -} - -void ASYNC_WAIT_CTX_free(ASYNC_WAIT_CTX *ctx) -{ - struct fd_lookup_st *curr; - struct fd_lookup_st *next; - - if (ctx == NULL) - return; - - curr = ctx->fds; - while (curr != NULL) { - if (!curr->del) { - /* Only try and cleanup if it hasn't been marked deleted */ - if (curr->cleanup != NULL) - curr->cleanup(ctx, curr->key, curr->fd, curr->custom_data); - } - /* Always free the fd_lookup_st */ - next = curr->next; - OPENSSL_free(curr); - curr = next; - } - - OPENSSL_free(ctx); -} -int ASYNC_WAIT_CTX_set_wait_fd(ASYNC_WAIT_CTX *ctx, const void *key, - OSSL_ASYNC_FD fd, void *custom_data, - void (*cleanup)(ASYNC_WAIT_CTX *, const void *, - OSSL_ASYNC_FD, void *)) -{ - struct fd_lookup_st *fdlookup; - - if ((fdlookup = OPENSSL_zalloc(sizeof(*fdlookup))) == NULL) { - ERR_raise(ERR_LIB_ASYNC, ERR_R_MALLOC_FAILURE); - return 0; - } - - fdlookup->key = key; - fdlookup->fd = fd; - fdlookup->custom_data = custom_data; - fdlookup->cleanup = cleanup; - fdlookup->add = 1; - fdlookup->next = ctx->fds; - ctx->fds = fdlookup; - ctx->numadd++; - return 1; -} - -int ASYNC_WAIT_CTX_get_fd(ASYNC_WAIT_CTX *ctx, const void *key, - OSSL_ASYNC_FD *fd, void **custom_data) -{ - struct fd_lookup_st *curr; - - curr = ctx->fds; - while (curr != NULL) { - if (curr->del) { - /* This one has been marked deleted so do nothing */ - curr = curr->next; - continue; - } - if (curr->key == key) { - *fd = curr->fd; - *custom_data = curr->custom_data; - return 1; - } - curr = curr->next; - } - return 0; -} - -int ASYNC_WAIT_CTX_get_all_fds(ASYNC_WAIT_CTX *ctx, OSSL_ASYNC_FD *fd, - size_t *numfds) -{ - struct fd_lookup_st *curr; - - curr = ctx->fds; - *numfds = 0; - while (curr != NULL) { - if (curr->del) { - /* This one has been marked deleted so do nothing */ - curr = curr->next; - continue; - } - if (fd != NULL) { - *fd = curr->fd; - fd++; - } - (*numfds)++; - curr = curr->next; - } - return 1; -} - -int ASYNC_WAIT_CTX_get_changed_fds(ASYNC_WAIT_CTX *ctx, OSSL_ASYNC_FD *addfd, - size_t *numaddfds, OSSL_ASYNC_FD *delfd, - size_t *numdelfds) -{ - struct fd_lookup_st *curr; - - *numaddfds = ctx->numadd; - *numdelfds = ctx->numdel; - if (addfd == NULL && delfd == NULL) - return 1; - - curr = ctx->fds; - - while (curr != NULL) { - /* We ignore fds that have been marked as both added and deleted */ - if (curr->del && !curr->add && (delfd != NULL)) { - *delfd = curr->fd; - delfd++; - } - if (curr->add && !curr->del && (addfd != NULL)) { - *addfd = curr->fd; - addfd++; - } - curr = curr->next; - } - - return 1; -} - -int ASYNC_WAIT_CTX_clear_fd(ASYNC_WAIT_CTX *ctx, const void *key) -{ - struct fd_lookup_st *curr, *prev; - - curr = ctx->fds; - prev = NULL; - while (curr != NULL) { - if (curr->del == 1) { - /* This one has been marked deleted already so do nothing */ - prev = curr; - curr = curr->next; - continue; - } - if (curr->key == key) { - /* If fd has just been added, remove it from the list */ - if (curr->add == 1) { - if (ctx->fds == curr) { - ctx->fds = curr->next; - } else { - prev->next = curr->next; - } - - /* It is responsibility of the caller to cleanup before calling - * ASYNC_WAIT_CTX_clear_fd - */ - OPENSSL_free(curr); - ctx->numadd--; - return 1; - } - - /* - * Mark it as deleted. We don't call cleanup if explicitly asked - * to clear an fd. We assume the caller is going to do that (if - * appropriate). - */ - curr->del = 1; - ctx->numdel++; - return 1; - } - prev = curr; - curr = curr->next; - } - return 0; -} - -int ASYNC_WAIT_CTX_set_callback(ASYNC_WAIT_CTX *ctx, - ASYNC_callback_fn callback, - void *callback_arg) -{ - if (ctx == NULL) - return 0; - - ctx->callback = callback; - ctx->callback_arg = callback_arg; - return 1; -} - -int ASYNC_WAIT_CTX_get_callback(ASYNC_WAIT_CTX *ctx, - ASYNC_callback_fn *callback, - void **callback_arg) -{ - if (ctx->callback == NULL) - return 0; - - *callback = ctx->callback; - *callback_arg = ctx->callback_arg; - return 1; -} - -int ASYNC_WAIT_CTX_set_status(ASYNC_WAIT_CTX *ctx, int status) -{ - ctx->status = status; - return 1; -} - -int ASYNC_WAIT_CTX_get_status(ASYNC_WAIT_CTX *ctx) -{ - return ctx->status; -} - -void async_wait_ctx_reset_counts(ASYNC_WAIT_CTX *ctx) -{ - struct fd_lookup_st *curr, *prev = NULL; - - ctx->numadd = 0; - ctx->numdel = 0; - - curr = ctx->fds; - - while (curr != NULL) { - if (curr->del) { - if (prev == NULL) - ctx->fds = curr->next; - else - prev->next = curr->next; - OPENSSL_free(curr); - if (prev == NULL) - curr = ctx->fds; - else - curr = prev->next; - continue; - } - if (curr->add) { - curr->add = 0; - } - prev = curr; - curr = curr->next; - } -} diff --git a/crypto/bf/asm/bf-586.pl b/crypto/bf/asm/bf-586.pl deleted file mode 100644 index 336448635ab3d6bad08e559279b194ecb14b07cb..0000000000000000000000000000000000000000 --- a/crypto/bf/asm/bf-586.pl +++ /dev/null @@ -1,148 +0,0 @@ -#! /usr/bin/env perl -# Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - - -$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; -push(@INC,"${dir}","${dir}../../perlasm"); -require "x86asm.pl"; -require "cbc.pl"; - -$output = pop and open STDOUT,">$output"; - -&asm_init($ARGV[0],$ARGV[$#ARGV] eq "386"); - -$BF_ROUNDS=16; -$BF_OFF=($BF_ROUNDS+2)*4; -$L="edi"; -$R="esi"; -$P="ebp"; -$tmp1="eax"; -$tmp2="ebx"; -$tmp3="ecx"; -$tmp4="edx"; - -&BF_encrypt("BF_encrypt",1); -&BF_encrypt("BF_decrypt",0); -&cbc("BF_cbc_encrypt","BF_encrypt","BF_decrypt",1,4,5,3,-1,-1); -&asm_finish(); - -close STDOUT or die "error closing STDOUT: $!"; - -sub BF_encrypt - { - local($name,$enc)=@_; - - &function_begin_B($name,""); - - &comment(""); - - &push("ebp"); - &push("ebx"); - &mov($tmp2,&wparam(0)); - &mov($P,&wparam(1)); - &push("esi"); - &push("edi"); - - &comment("Load the 2 words"); - &mov($L,&DWP(0,$tmp2,"",0)); - &mov($R,&DWP(4,$tmp2,"",0)); - - &xor( $tmp1, $tmp1); - - # encrypting part - - if ($enc) - { - &mov($tmp2,&DWP(0,$P,"",0)); - &xor( $tmp3, $tmp3); - - &xor($L,$tmp2); - for ($i=0; $i<$BF_ROUNDS; $i+=2) - { - &comment(""); - &comment("Round $i"); - &BF_ENCRYPT($i+1,$R,$L,$P,$tmp1,$tmp2,$tmp3,$tmp4,1); - - &comment(""); - &comment("Round ".sprintf("%d",$i+1)); - &BF_ENCRYPT($i+2,$L,$R,$P,$tmp1,$tmp2,$tmp3,$tmp4,1); - } - # &mov($tmp1,&wparam(0)); In last loop - &mov($tmp4,&DWP(($BF_ROUNDS+1)*4,$P,"",0)); - } - else - { - &mov($tmp2,&DWP(($BF_ROUNDS+1)*4,$P,"",0)); - &xor( $tmp3, $tmp3); - - &xor($L,$tmp2); - for ($i=$BF_ROUNDS; $i>0; $i-=2) - { - &comment(""); - &comment("Round $i"); - &BF_ENCRYPT($i,$R,$L,$P,$tmp1,$tmp2,$tmp3,$tmp4,0); - &comment(""); - &comment("Round ".sprintf("%d",$i-1)); - &BF_ENCRYPT($i-1,$L,$R,$P,$tmp1,$tmp2,$tmp3,$tmp4,0); - } - # &mov($tmp1,&wparam(0)); In last loop - &mov($tmp4,&DWP(0,$P,"",0)); - } - - &xor($R,$tmp4); - &mov(&DWP(4,$tmp1,"",0),$L); - - &mov(&DWP(0,$tmp1,"",0),$R); - &function_end($name); - } - -sub BF_ENCRYPT - { - local($i,$L,$R,$P,$tmp1,$tmp2,$tmp3,$tmp4,$enc)=@_; - - &mov( $tmp4, &DWP(&n2a($i*4),$P,"",0)); # for next round - - &mov( $tmp2, $R); - &xor( $L, $tmp4); - - &shr( $tmp2, 16); - &mov( $tmp4, $R); - - &movb( &LB($tmp1), &HB($tmp2)); # A - &and( $tmp2, 0xff); # B - - &movb( &LB($tmp3), &HB($tmp4)); # C - &and( $tmp4, 0xff); # D - - &mov( $tmp1, &DWP(&n2a($BF_OFF+0x0000),$P,$tmp1,4)); - &mov( $tmp2, &DWP(&n2a($BF_OFF+0x0400),$P,$tmp2,4)); - - &add( $tmp2, $tmp1); - &mov( $tmp1, &DWP(&n2a($BF_OFF+0x0800),$P,$tmp3,4)); - - &xor( $tmp2, $tmp1); - &mov( $tmp4, &DWP(&n2a($BF_OFF+0x0C00),$P,$tmp4,4)); - - &add( $tmp2, $tmp4); - if (($enc && ($i != 16)) || ((!$enc) && ($i != 1))) - { &xor( $tmp1, $tmp1); } - else - { - &comment("Load parameter 0 ($i) enc=$enc"); - &mov($tmp1,&wparam(0)); - } # In last loop - - &xor( $L, $tmp2); - # delay - } - -sub n2a - { - sprintf("%d",$_[0]); - } - diff --git a/crypto/bf/bf_cfb64.c b/crypto/bf/bf_cfb64.c deleted file mode 100644 index d7a92662042b97543b2343d68cc80064d4cec273..0000000000000000000000000000000000000000 --- a/crypto/bf/bf_cfb64.c +++ /dev/null @@ -1,80 +0,0 @@ -/* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * BF low level APIs are deprecated for public use, but still ok for internal - * use. - */ -#include "internal/deprecated.h" - -#include -#include "bf_local.h" - -/* - * The input and output encrypted as though 64bit cfb mode is being used. - * The extra state information to record how much of the 64bit block we have - * used is contained in *num; - */ - -void BF_cfb64_encrypt(const unsigned char *in, unsigned char *out, - long length, const BF_KEY *schedule, - unsigned char *ivec, int *num, int encrypt) -{ - register BF_LONG v0, v1, t; - register int n = *num; - register long l = length; - BF_LONG ti[2]; - unsigned char *iv, c, cc; - - iv = (unsigned char *)ivec; - if (encrypt) { - while (l--) { - if (n == 0) { - n2l(iv, v0); - ti[0] = v0; - n2l(iv, v1); - ti[1] = v1; - BF_encrypt((BF_LONG *)ti, schedule); - iv = (unsigned char *)ivec; - t = ti[0]; - l2n(t, iv); - t = ti[1]; - l2n(t, iv); - iv = (unsigned char *)ivec; - } - c = *(in++) ^ iv[n]; - *(out++) = c; - iv[n] = c; - n = (n + 1) & 0x07; - } - } else { - while (l--) { - if (n == 0) { - n2l(iv, v0); - ti[0] = v0; - n2l(iv, v1); - ti[1] = v1; - BF_encrypt((BF_LONG *)ti, schedule); - iv = (unsigned char *)ivec; - t = ti[0]; - l2n(t, iv); - t = ti[1]; - l2n(t, iv); - iv = (unsigned char *)ivec; - } - cc = *(in++); - c = iv[n]; - iv[n] = cc; - *(out++) = c ^ cc; - n = (n + 1) & 0x07; - } - } - v0 = v1 = ti[0] = ti[1] = t = c = cc = 0; - *num = n; -} diff --git a/crypto/bf/bf_ecb.c b/crypto/bf/bf_ecb.c deleted file mode 100644 index b02768261d8b90cd81bd6e0363696c760598efcd..0000000000000000000000000000000000000000 --- a/crypto/bf/bf_ecb.c +++ /dev/null @@ -1,49 +0,0 @@ -/* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * BF low level APIs are deprecated for public use, but still ok for internal - * use. - */ -#include "internal/deprecated.h" - -#include -#include "bf_local.h" -#include - -/* - * Blowfish as implemented from 'Blowfish: Springer-Verlag paper' (From - * LECTURE NOTES IN COMPUTER SCIENCE 809, FAST SOFTWARE ENCRYPTION, CAMBRIDGE - * SECURITY WORKSHOP, CAMBRIDGE, U.K., DECEMBER 9-11, 1993) - */ - -const char *BF_options(void) -{ - return "blowfish(ptr)"; -} - -void BF_ecb_encrypt(const unsigned char *in, unsigned char *out, - const BF_KEY *key, int encrypt) -{ - BF_LONG l, d[2]; - - n2l(in, l); - d[0] = l; - n2l(in, l); - d[1] = l; - if (encrypt) - BF_encrypt(d, key); - else - BF_decrypt(d, key); - l = d[0]; - l2n(l, out); - l = d[1]; - l2n(l, out); - l = d[0] = d[1] = 0; -} diff --git a/crypto/bf/bf_enc.c b/crypto/bf/bf_enc.c deleted file mode 100644 index 40ddaf4af61ba56ef4e8f40d49fcf756b692d5b7..0000000000000000000000000000000000000000 --- a/crypto/bf/bf_enc.c +++ /dev/null @@ -1,181 +0,0 @@ -/* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * BF low level APIs are deprecated for public use, but still ok for internal - * use. - */ -#include "internal/deprecated.h" - -#include -#include "bf_local.h" - -/* - * Blowfish as implemented from 'Blowfish: Springer-Verlag paper' (From - * LECTURE NOTES IN COMPUTER SCIENCE 809, FAST SOFTWARE ENCRYPTION, CAMBRIDGE - * SECURITY WORKSHOP, CAMBRIDGE, U.K., DECEMBER 9-11, 1993) - */ - -#if (BF_ROUNDS != 16) && (BF_ROUNDS != 20) -# error If you set BF_ROUNDS to some value other than 16 or 20, you will have \ -to modify the code. -#endif - -void BF_encrypt(BF_LONG *data, const BF_KEY *key) -{ - register BF_LONG l, r; - register const BF_LONG *p, *s; - - p = key->P; - s = &(key->S[0]); - l = data[0]; - r = data[1]; - - l ^= p[0]; - BF_ENC(r, l, s, p[1]); - BF_ENC(l, r, s, p[2]); - BF_ENC(r, l, s, p[3]); - BF_ENC(l, r, s, p[4]); - BF_ENC(r, l, s, p[5]); - BF_ENC(l, r, s, p[6]); - BF_ENC(r, l, s, p[7]); - BF_ENC(l, r, s, p[8]); - BF_ENC(r, l, s, p[9]); - BF_ENC(l, r, s, p[10]); - BF_ENC(r, l, s, p[11]); - BF_ENC(l, r, s, p[12]); - BF_ENC(r, l, s, p[13]); - BF_ENC(l, r, s, p[14]); - BF_ENC(r, l, s, p[15]); - BF_ENC(l, r, s, p[16]); -# if BF_ROUNDS == 20 - BF_ENC(r, l, s, p[17]); - BF_ENC(l, r, s, p[18]); - BF_ENC(r, l, s, p[19]); - BF_ENC(l, r, s, p[20]); -# endif - r ^= p[BF_ROUNDS + 1]; - - data[1] = l & 0xffffffffU; - data[0] = r & 0xffffffffU; -} - -void BF_decrypt(BF_LONG *data, const BF_KEY *key) -{ - register BF_LONG l, r; - register const BF_LONG *p, *s; - - p = key->P; - s = &(key->S[0]); - l = data[0]; - r = data[1]; - - l ^= p[BF_ROUNDS + 1]; -# if BF_ROUNDS == 20 - BF_ENC(r, l, s, p[20]); - BF_ENC(l, r, s, p[19]); - BF_ENC(r, l, s, p[18]); - BF_ENC(l, r, s, p[17]); -# endif - BF_ENC(r, l, s, p[16]); - BF_ENC(l, r, s, p[15]); - BF_ENC(r, l, s, p[14]); - BF_ENC(l, r, s, p[13]); - BF_ENC(r, l, s, p[12]); - BF_ENC(l, r, s, p[11]); - BF_ENC(r, l, s, p[10]); - BF_ENC(l, r, s, p[9]); - BF_ENC(r, l, s, p[8]); - BF_ENC(l, r, s, p[7]); - BF_ENC(r, l, s, p[6]); - BF_ENC(l, r, s, p[5]); - BF_ENC(r, l, s, p[4]); - BF_ENC(l, r, s, p[3]); - BF_ENC(r, l, s, p[2]); - BF_ENC(l, r, s, p[1]); - r ^= p[0]; - - data[1] = l & 0xffffffffU; - data[0] = r & 0xffffffffU; -} - -void BF_cbc_encrypt(const unsigned char *in, unsigned char *out, long length, - const BF_KEY *schedule, unsigned char *ivec, int encrypt) -{ - register BF_LONG tin0, tin1; - register BF_LONG tout0, tout1, xor0, xor1; - register long l = length; - BF_LONG tin[2]; - - if (encrypt) { - n2l(ivec, tout0); - n2l(ivec, tout1); - ivec -= 8; - for (l -= 8; l >= 0; l -= 8) { - n2l(in, tin0); - n2l(in, tin1); - tin0 ^= tout0; - tin1 ^= tout1; - tin[0] = tin0; - tin[1] = tin1; - BF_encrypt(tin, schedule); - tout0 = tin[0]; - tout1 = tin[1]; - l2n(tout0, out); - l2n(tout1, out); - } - if (l != -8) { - n2ln(in, tin0, tin1, l + 8); - tin0 ^= tout0; - tin1 ^= tout1; - tin[0] = tin0; - tin[1] = tin1; - BF_encrypt(tin, schedule); - tout0 = tin[0]; - tout1 = tin[1]; - l2n(tout0, out); - l2n(tout1, out); - } - l2n(tout0, ivec); - l2n(tout1, ivec); - } else { - n2l(ivec, xor0); - n2l(ivec, xor1); - ivec -= 8; - for (l -= 8; l >= 0; l -= 8) { - n2l(in, tin0); - n2l(in, tin1); - tin[0] = tin0; - tin[1] = tin1; - BF_decrypt(tin, schedule); - tout0 = tin[0] ^ xor0; - tout1 = tin[1] ^ xor1; - l2n(tout0, out); - l2n(tout1, out); - xor0 = tin0; - xor1 = tin1; - } - if (l != -8) { - n2l(in, tin0); - n2l(in, tin1); - tin[0] = tin0; - tin[1] = tin1; - BF_decrypt(tin, schedule); - tout0 = tin[0] ^ xor0; - tout1 = tin[1] ^ xor1; - l2nn(tout0, tout1, out, l + 8); - xor0 = tin0; - xor1 = tin1; - } - l2n(xor0, ivec); - l2n(xor1, ivec); - } - tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0; - tin[0] = tin[1] = 0; -} diff --git a/crypto/bf/bf_local.h b/crypto/bf/bf_local.h deleted file mode 100644 index 080f37a5f94cb5821c80f0ba60ac602689140046..0000000000000000000000000000000000000000 --- a/crypto/bf/bf_local.h +++ /dev/null @@ -1,84 +0,0 @@ -/* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#ifndef OSSL_CRYPTO_BF_LOCAL_H -# define OSSL_CRYPTO_BF_LOCAL_H -# include - -/* NOTE - c is not incremented as per n2l */ -# define n2ln(c,l1,l2,n) { \ - c+=n; \ - l1=l2=0; \ - switch (n) { \ - case 8: l2 =((unsigned long)(*(--(c)))) ; \ - /* fall thru */ \ - case 7: l2|=((unsigned long)(*(--(c))))<< 8; \ - /* fall thru */ \ - case 6: l2|=((unsigned long)(*(--(c))))<<16; \ - /* fall thru */ \ - case 5: l2|=((unsigned long)(*(--(c))))<<24; \ - /* fall thru */ \ - case 4: l1 =((unsigned long)(*(--(c)))) ; \ - /* fall thru */ \ - case 3: l1|=((unsigned long)(*(--(c))))<< 8; \ - /* fall thru */ \ - case 2: l1|=((unsigned long)(*(--(c))))<<16; \ - /* fall thru */ \ - case 1: l1|=((unsigned long)(*(--(c))))<<24; \ - } \ - } - -/* NOTE - c is not incremented as per l2n */ -# define l2nn(l1,l2,c,n) { \ - c+=n; \ - switch (n) { \ - case 8: *(--(c))=(unsigned char)(((l2) )&0xff); \ - /* fall thru */ \ - case 7: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \ - /* fall thru */ \ - case 6: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \ - /* fall thru */ \ - case 5: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \ - /* fall thru */ \ - case 4: *(--(c))=(unsigned char)(((l1) )&0xff); \ - /* fall thru */ \ - case 3: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \ - /* fall thru */ \ - case 2: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \ - /* fall thru */ \ - case 1: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \ - } \ - } - -# undef n2l -# define n2l(c,l) (l =((unsigned long)(*((c)++)))<<24L, \ - l|=((unsigned long)(*((c)++)))<<16L, \ - l|=((unsigned long)(*((c)++)))<< 8L, \ - l|=((unsigned long)(*((c)++)))) - -# undef l2n -# define l2n(l,c) (*((c)++)=(unsigned char)(((l)>>24L)&0xff), \ - *((c)++)=(unsigned char)(((l)>>16L)&0xff), \ - *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \ - *((c)++)=(unsigned char)(((l) )&0xff)) - -/* - * This is actually a big endian algorithm, the most significant byte is used - * to lookup array 0 - */ - -# define BF_ENC(LL,R,S,P) ( \ - LL^=P, \ - LL^=((( S[ ((R>>24)&0xff)] + \ - S[0x0100+((R>>16)&0xff)])^ \ - S[0x0200+((R>> 8)&0xff)])+ \ - S[0x0300+((R )&0xff)])&0xffffffffU \ - ) - -#endif diff --git a/crypto/bf/bf_ofb64.c b/crypto/bf/bf_ofb64.c deleted file mode 100644 index 086c3f07f0bc6298b5c86b490321fdfe86bf9309..0000000000000000000000000000000000000000 --- a/crypto/bf/bf_ofb64.c +++ /dev/null @@ -1,67 +0,0 @@ -/* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * BF low level APIs are deprecated for public use, but still ok for internal - * use. - */ -#include "internal/deprecated.h" - -#include -#include "bf_local.h" - -/* - * The input and output encrypted as though 64bit ofb mode is being used. - * The extra state information to record how much of the 64bit block we have - * used is contained in *num; - */ -void BF_ofb64_encrypt(const unsigned char *in, unsigned char *out, - long length, const BF_KEY *schedule, - unsigned char *ivec, int *num) -{ - register BF_LONG v0, v1, t; - register int n = *num; - register long l = length; - unsigned char d[8]; - register char *dp; - BF_LONG ti[2]; - unsigned char *iv; - int save = 0; - - iv = (unsigned char *)ivec; - n2l(iv, v0); - n2l(iv, v1); - ti[0] = v0; - ti[1] = v1; - dp = (char *)d; - l2n(v0, dp); - l2n(v1, dp); - while (l--) { - if (n == 0) { - BF_encrypt((BF_LONG *)ti, schedule); - dp = (char *)d; - t = ti[0]; - l2n(t, dp); - t = ti[1]; - l2n(t, dp); - save++; - } - *(out++) = *(in++) ^ d[n]; - n = (n + 1) & 0x07; - } - if (save) { - v0 = ti[0]; - v1 = ti[1]; - iv = (unsigned char *)ivec; - l2n(v0, iv); - l2n(v1, iv); - } - t = v0 = v1 = ti[0] = ti[1] = 0; - *num = n; -} diff --git a/crypto/bf/bf_pi.h b/crypto/bf/bf_pi.h deleted file mode 100644 index 8b9896e7f3e03f7cade191d9d7e749a510806529..0000000000000000000000000000000000000000 --- a/crypto/bf/bf_pi.h +++ /dev/null @@ -1,530 +0,0 @@ -/* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -static const BF_KEY bf_init = { - { - 0x243f6a88L, 0x85a308d3L, 0x13198a2eL, 0x03707344L, - 0xa4093822L, 0x299f31d0L, 0x082efa98L, 0xec4e6c89L, - 0x452821e6L, 0x38d01377L, 0xbe5466cfL, 0x34e90c6cL, - 0xc0ac29b7L, 0xc97c50ddL, 0x3f84d5b5L, 0xb5470917L, - 0x9216d5d9L, 0x8979fb1b}, { - 0xd1310ba6L, 0x98dfb5acL, 0x2ffd72dbL, - 0xd01adfb7L, - 0xb8e1afedL, 0x6a267e96L, 0xba7c9045L, - 0xf12c7f99L, - 0x24a19947L, 0xb3916cf7L, 0x0801f2e2L, - 0x858efc16L, - 0x636920d8L, 0x71574e69L, 0xa458fea3L, - 0xf4933d7eL, - 0x0d95748fL, 0x728eb658L, 0x718bcd58L, - 0x82154aeeL, - 0x7b54a41dL, 0xc25a59b5L, 0x9c30d539L, - 0x2af26013L, - 0xc5d1b023L, 0x286085f0L, 0xca417918L, - 0xb8db38efL, - 0x8e79dcb0L, 0x603a180eL, 0x6c9e0e8bL, - 0xb01e8a3eL, - 0xd71577c1L, 0xbd314b27L, 0x78af2fdaL, - 0x55605c60L, - 0xe65525f3L, 0xaa55ab94L, 0x57489862L, - 0x63e81440L, - 0x55ca396aL, 0x2aab10b6L, 0xb4cc5c34L, - 0x1141e8ceL, - 0xa15486afL, 0x7c72e993L, 0xb3ee1411L, - 0x636fbc2aL, - 0x2ba9c55dL, 0x741831f6L, 0xce5c3e16L, - 0x9b87931eL, - 0xafd6ba33L, 0x6c24cf5cL, 0x7a325381L, - 0x28958677L, - 0x3b8f4898L, 0x6b4bb9afL, 0xc4bfe81bL, - 0x66282193L, - 0x61d809ccL, 0xfb21a991L, 0x487cac60L, - 0x5dec8032L, - 0xef845d5dL, 0xe98575b1L, 0xdc262302L, - 0xeb651b88L, - 0x23893e81L, 0xd396acc5L, 0x0f6d6ff3L, - 0x83f44239L, - 0x2e0b4482L, 0xa4842004L, 0x69c8f04aL, - 0x9e1f9b5eL, - 0x21c66842L, 0xf6e96c9aL, 0x670c9c61L, - 0xabd388f0L, - 0x6a51a0d2L, 0xd8542f68L, 0x960fa728L, - 0xab5133a3L, - 0x6eef0b6cL, 0x137a3be4L, 0xba3bf050L, - 0x7efb2a98L, - 0xa1f1651dL, 0x39af0176L, 0x66ca593eL, - 0x82430e88L, - 0x8cee8619L, 0x456f9fb4L, 0x7d84a5c3L, - 0x3b8b5ebeL, - 0xe06f75d8L, 0x85c12073L, 0x401a449fL, - 0x56c16aa6L, - 0x4ed3aa62L, 0x363f7706L, 0x1bfedf72L, - 0x429b023dL, - 0x37d0d724L, 0xd00a1248L, 0xdb0fead3L, - 0x49f1c09bL, - 0x075372c9L, 0x80991b7bL, 0x25d479d8L, - 0xf6e8def7L, - 0xe3fe501aL, 0xb6794c3bL, 0x976ce0bdL, - 0x04c006baL, - 0xc1a94fb6L, 0x409f60c4L, 0x5e5c9ec2L, - 0x196a2463L, - 0x68fb6fafL, 0x3e6c53b5L, 0x1339b2ebL, - 0x3b52ec6fL, - 0x6dfc511fL, 0x9b30952cL, 0xcc814544L, - 0xaf5ebd09L, - 0xbee3d004L, 0xde334afdL, 0x660f2807L, - 0x192e4bb3L, - 0xc0cba857L, 0x45c8740fL, 0xd20b5f39L, - 0xb9d3fbdbL, - 0x5579c0bdL, 0x1a60320aL, 0xd6a100c6L, - 0x402c7279L, - 0x679f25feL, 0xfb1fa3ccL, 0x8ea5e9f8L, - 0xdb3222f8L, - 0x3c7516dfL, 0xfd616b15L, 0x2f501ec8L, - 0xad0552abL, - 0x323db5faL, 0xfd238760L, 0x53317b48L, - 0x3e00df82L, - 0x9e5c57bbL, 0xca6f8ca0L, 0x1a87562eL, - 0xdf1769dbL, - 0xd542a8f6L, 0x287effc3L, 0xac6732c6L, - 0x8c4f5573L, - 0x695b27b0L, 0xbbca58c8L, 0xe1ffa35dL, - 0xb8f011a0L, - 0x10fa3d98L, 0xfd2183b8L, 0x4afcb56cL, - 0x2dd1d35bL, - 0x9a53e479L, 0xb6f84565L, 0xd28e49bcL, - 0x4bfb9790L, - 0xe1ddf2daL, 0xa4cb7e33L, 0x62fb1341L, - 0xcee4c6e8L, - 0xef20cadaL, 0x36774c01L, 0xd07e9efeL, - 0x2bf11fb4L, - 0x95dbda4dL, 0xae909198L, 0xeaad8e71L, - 0x6b93d5a0L, - 0xd08ed1d0L, 0xafc725e0L, 0x8e3c5b2fL, - 0x8e7594b7L, - 0x8ff6e2fbL, 0xf2122b64L, 0x8888b812L, - 0x900df01cL, - 0x4fad5ea0L, 0x688fc31cL, 0xd1cff191L, - 0xb3a8c1adL, - 0x2f2f2218L, 0xbe0e1777L, 0xea752dfeL, - 0x8b021fa1L, - 0xe5a0cc0fL, 0xb56f74e8L, 0x18acf3d6L, - 0xce89e299L, - 0xb4a84fe0L, 0xfd13e0b7L, 0x7cc43b81L, - 0xd2ada8d9L, - 0x165fa266L, 0x80957705L, 0x93cc7314L, - 0x211a1477L, - 0xe6ad2065L, 0x77b5fa86L, 0xc75442f5L, - 0xfb9d35cfL, - 0xebcdaf0cL, 0x7b3e89a0L, 0xd6411bd3L, - 0xae1e7e49L, - 0x00250e2dL, 0x2071b35eL, 0x226800bbL, - 0x57b8e0afL, - 0x2464369bL, 0xf009b91eL, 0x5563911dL, - 0x59dfa6aaL, - 0x78c14389L, 0xd95a537fL, 0x207d5ba2L, - 0x02e5b9c5L, - 0x83260376L, 0x6295cfa9L, 0x11c81968L, - 0x4e734a41L, - 0xb3472dcaL, 0x7b14a94aL, 0x1b510052L, - 0x9a532915L, - 0xd60f573fL, 0xbc9bc6e4L, 0x2b60a476L, - 0x81e67400L, - 0x08ba6fb5L, 0x571be91fL, 0xf296ec6bL, - 0x2a0dd915L, - 0xb6636521L, 0xe7b9f9b6L, 0xff34052eL, - 0xc5855664L, - 0x53b02d5dL, 0xa99f8fa1L, 0x08ba4799L, - 0x6e85076aL, - 0x4b7a70e9L, 0xb5b32944L, 0xdb75092eL, - 0xc4192623L, - 0xad6ea6b0L, 0x49a7df7dL, 0x9cee60b8L, - 0x8fedb266L, - 0xecaa8c71L, 0x699a17ffL, 0x5664526cL, - 0xc2b19ee1L, - 0x193602a5L, 0x75094c29L, 0xa0591340L, - 0xe4183a3eL, - 0x3f54989aL, 0x5b429d65L, 0x6b8fe4d6L, - 0x99f73fd6L, - 0xa1d29c07L, 0xefe830f5L, 0x4d2d38e6L, - 0xf0255dc1L, - 0x4cdd2086L, 0x8470eb26L, 0x6382e9c6L, - 0x021ecc5eL, - 0x09686b3fL, 0x3ebaefc9L, 0x3c971814L, - 0x6b6a70a1L, - 0x687f3584L, 0x52a0e286L, 0xb79c5305L, - 0xaa500737L, - 0x3e07841cL, 0x7fdeae5cL, 0x8e7d44ecL, - 0x5716f2b8L, - 0xb03ada37L, 0xf0500c0dL, 0xf01c1f04L, - 0x0200b3ffL, - 0xae0cf51aL, 0x3cb574b2L, 0x25837a58L, - 0xdc0921bdL, - 0xd19113f9L, 0x7ca92ff6L, 0x94324773L, - 0x22f54701L, - 0x3ae5e581L, 0x37c2dadcL, 0xc8b57634L, - 0x9af3dda7L, - 0xa9446146L, 0x0fd0030eL, 0xecc8c73eL, - 0xa4751e41L, - 0xe238cd99L, 0x3bea0e2fL, 0x3280bba1L, - 0x183eb331L, - 0x4e548b38L, 0x4f6db908L, 0x6f420d03L, - 0xf60a04bfL, - 0x2cb81290L, 0x24977c79L, 0x5679b072L, - 0xbcaf89afL, - 0xde9a771fL, 0xd9930810L, 0xb38bae12L, - 0xdccf3f2eL, - 0x5512721fL, 0x2e6b7124L, 0x501adde6L, - 0x9f84cd87L, - 0x7a584718L, 0x7408da17L, 0xbc9f9abcL, - 0xe94b7d8cL, - 0xec7aec3aL, 0xdb851dfaL, 0x63094366L, - 0xc464c3d2L, - 0xef1c1847L, 0x3215d908L, 0xdd433b37L, - 0x24c2ba16L, - 0x12a14d43L, 0x2a65c451L, 0x50940002L, - 0x133ae4ddL, - 0x71dff89eL, 0x10314e55L, 0x81ac77d6L, - 0x5f11199bL, - 0x043556f1L, 0xd7a3c76bL, 0x3c11183bL, - 0x5924a509L, - 0xf28fe6edL, 0x97f1fbfaL, 0x9ebabf2cL, - 0x1e153c6eL, - 0x86e34570L, 0xeae96fb1L, 0x860e5e0aL, - 0x5a3e2ab3L, - 0x771fe71cL, 0x4e3d06faL, 0x2965dcb9L, - 0x99e71d0fL, - 0x803e89d6L, 0x5266c825L, 0x2e4cc978L, - 0x9c10b36aL, - 0xc6150ebaL, 0x94e2ea78L, 0xa5fc3c53L, - 0x1e0a2df4L, - 0xf2f74ea7L, 0x361d2b3dL, 0x1939260fL, - 0x19c27960L, - 0x5223a708L, 0xf71312b6L, 0xebadfe6eL, - 0xeac31f66L, - 0xe3bc4595L, 0xa67bc883L, 0xb17f37d1L, - 0x018cff28L, - 0xc332ddefL, 0xbe6c5aa5L, 0x65582185L, - 0x68ab9802L, - 0xeecea50fL, 0xdb2f953bL, 0x2aef7dadL, - 0x5b6e2f84L, - 0x1521b628L, 0x29076170L, 0xecdd4775L, - 0x619f1510L, - 0x13cca830L, 0xeb61bd96L, 0x0334fe1eL, - 0xaa0363cfL, - 0xb5735c90L, 0x4c70a239L, 0xd59e9e0bL, - 0xcbaade14L, - 0xeecc86bcL, 0x60622ca7L, 0x9cab5cabL, - 0xb2f3846eL, - 0x648b1eafL, 0x19bdf0caL, 0xa02369b9L, - 0x655abb50L, - 0x40685a32L, 0x3c2ab4b3L, 0x319ee9d5L, - 0xc021b8f7L, - 0x9b540b19L, 0x875fa099L, 0x95f7997eL, - 0x623d7da8L, - 0xf837889aL, 0x97e32d77L, 0x11ed935fL, - 0x16681281L, - 0x0e358829L, 0xc7e61fd6L, 0x96dedfa1L, - 0x7858ba99L, - 0x57f584a5L, 0x1b227263L, 0x9b83c3ffL, - 0x1ac24696L, - 0xcdb30aebL, 0x532e3054L, 0x8fd948e4L, - 0x6dbc3128L, - 0x58ebf2efL, 0x34c6ffeaL, 0xfe28ed61L, - 0xee7c3c73L, - 0x5d4a14d9L, 0xe864b7e3L, 0x42105d14L, - 0x203e13e0L, - 0x45eee2b6L, 0xa3aaabeaL, 0xdb6c4f15L, - 0xfacb4fd0L, - 0xc742f442L, 0xef6abbb5L, 0x654f3b1dL, - 0x41cd2105L, - 0xd81e799eL, 0x86854dc7L, 0xe44b476aL, - 0x3d816250L, - 0xcf62a1f2L, 0x5b8d2646L, 0xfc8883a0L, - 0xc1c7b6a3L, - 0x7f1524c3L, 0x69cb7492L, 0x47848a0bL, - 0x5692b285L, - 0x095bbf00L, 0xad19489dL, 0x1462b174L, - 0x23820e00L, - 0x58428d2aL, 0x0c55f5eaL, 0x1dadf43eL, - 0x233f7061L, - 0x3372f092L, 0x8d937e41L, 0xd65fecf1L, - 0x6c223bdbL, - 0x7cde3759L, 0xcbee7460L, 0x4085f2a7L, - 0xce77326eL, - 0xa6078084L, 0x19f8509eL, 0xe8efd855L, - 0x61d99735L, - 0xa969a7aaL, 0xc50c06c2L, 0x5a04abfcL, - 0x800bcadcL, - 0x9e447a2eL, 0xc3453484L, 0xfdd56705L, - 0x0e1e9ec9L, - 0xdb73dbd3L, 0x105588cdL, 0x675fda79L, - 0xe3674340L, - 0xc5c43465L, 0x713e38d8L, 0x3d28f89eL, - 0xf16dff20L, - 0x153e21e7L, 0x8fb03d4aL, 0xe6e39f2bL, - 0xdb83adf7L, - 0xe93d5a68L, 0x948140f7L, 0xf64c261cL, - 0x94692934L, - 0x411520f7L, 0x7602d4f7L, 0xbcf46b2eL, - 0xd4a20068L, - 0xd4082471L, 0x3320f46aL, 0x43b7d4b7L, - 0x500061afL, - 0x1e39f62eL, 0x97244546L, 0x14214f74L, - 0xbf8b8840L, - 0x4d95fc1dL, 0x96b591afL, 0x70f4ddd3L, - 0x66a02f45L, - 0xbfbc09ecL, 0x03bd9785L, 0x7fac6dd0L, - 0x31cb8504L, - 0x96eb27b3L, 0x55fd3941L, 0xda2547e6L, - 0xabca0a9aL, - 0x28507825L, 0x530429f4L, 0x0a2c86daL, - 0xe9b66dfbL, - 0x68dc1462L, 0xd7486900L, 0x680ec0a4L, - 0x27a18deeL, - 0x4f3ffea2L, 0xe887ad8cL, 0xb58ce006L, - 0x7af4d6b6L, - 0xaace1e7cL, 0xd3375fecL, 0xce78a399L, - 0x406b2a42L, - 0x20fe9e35L, 0xd9f385b9L, 0xee39d7abL, - 0x3b124e8bL, - 0x1dc9faf7L, 0x4b6d1856L, 0x26a36631L, - 0xeae397b2L, - 0x3a6efa74L, 0xdd5b4332L, 0x6841e7f7L, - 0xca7820fbL, - 0xfb0af54eL, 0xd8feb397L, 0x454056acL, - 0xba489527L, - 0x55533a3aL, 0x20838d87L, 0xfe6ba9b7L, - 0xd096954bL, - 0x55a867bcL, 0xa1159a58L, 0xcca92963L, - 0x99e1db33L, - 0xa62a4a56L, 0x3f3125f9L, 0x5ef47e1cL, - 0x9029317cL, - 0xfdf8e802L, 0x04272f70L, 0x80bb155cL, - 0x05282ce3L, - 0x95c11548L, 0xe4c66d22L, 0x48c1133fL, - 0xc70f86dcL, - 0x07f9c9eeL, 0x41041f0fL, 0x404779a4L, - 0x5d886e17L, - 0x325f51ebL, 0xd59bc0d1L, 0xf2bcc18fL, - 0x41113564L, - 0x257b7834L, 0x602a9c60L, 0xdff8e8a3L, - 0x1f636c1bL, - 0x0e12b4c2L, 0x02e1329eL, 0xaf664fd1L, - 0xcad18115L, - 0x6b2395e0L, 0x333e92e1L, 0x3b240b62L, - 0xeebeb922L, - 0x85b2a20eL, 0xe6ba0d99L, 0xde720c8cL, - 0x2da2f728L, - 0xd0127845L, 0x95b794fdL, 0x647d0862L, - 0xe7ccf5f0L, - 0x5449a36fL, 0x877d48faL, 0xc39dfd27L, - 0xf33e8d1eL, - 0x0a476341L, 0x992eff74L, 0x3a6f6eabL, - 0xf4f8fd37L, - 0xa812dc60L, 0xa1ebddf8L, 0x991be14cL, - 0xdb6e6b0dL, - 0xc67b5510L, 0x6d672c37L, 0x2765d43bL, - 0xdcd0e804L, - 0xf1290dc7L, 0xcc00ffa3L, 0xb5390f92L, - 0x690fed0bL, - 0x667b9ffbL, 0xcedb7d9cL, 0xa091cf0bL, - 0xd9155ea3L, - 0xbb132f88L, 0x515bad24L, 0x7b9479bfL, - 0x763bd6ebL, - 0x37392eb3L, 0xcc115979L, 0x8026e297L, - 0xf42e312dL, - 0x6842ada7L, 0xc66a2b3bL, 0x12754cccL, - 0x782ef11cL, - 0x6a124237L, 0xb79251e7L, 0x06a1bbe6L, - 0x4bfb6350L, - 0x1a6b1018L, 0x11caedfaL, 0x3d25bdd8L, - 0xe2e1c3c9L, - 0x44421659L, 0x0a121386L, 0xd90cec6eL, - 0xd5abea2aL, - 0x64af674eL, 0xda86a85fL, 0xbebfe988L, - 0x64e4c3feL, - 0x9dbc8057L, 0xf0f7c086L, 0x60787bf8L, - 0x6003604dL, - 0xd1fd8346L, 0xf6381fb0L, 0x7745ae04L, - 0xd736fcccL, - 0x83426b33L, 0xf01eab71L, 0xb0804187L, - 0x3c005e5fL, - 0x77a057beL, 0xbde8ae24L, 0x55464299L, - 0xbf582e61L, - 0x4e58f48fL, 0xf2ddfda2L, 0xf474ef38L, - 0x8789bdc2L, - 0x5366f9c3L, 0xc8b38e74L, 0xb475f255L, - 0x46fcd9b9L, - 0x7aeb2661L, 0x8b1ddf84L, 0x846a0e79L, - 0x915f95e2L, - 0x466e598eL, 0x20b45770L, 0x8cd55591L, - 0xc902de4cL, - 0xb90bace1L, 0xbb8205d0L, 0x11a86248L, - 0x7574a99eL, - 0xb77f19b6L, 0xe0a9dc09L, 0x662d09a1L, - 0xc4324633L, - 0xe85a1f02L, 0x09f0be8cL, 0x4a99a025L, - 0x1d6efe10L, - 0x1ab93d1dL, 0x0ba5a4dfL, 0xa186f20fL, - 0x2868f169L, - 0xdcb7da83L, 0x573906feL, 0xa1e2ce9bL, - 0x4fcd7f52L, - 0x50115e01L, 0xa70683faL, 0xa002b5c4L, - 0x0de6d027L, - 0x9af88c27L, 0x773f8641L, 0xc3604c06L, - 0x61a806b5L, - 0xf0177a28L, 0xc0f586e0L, 0x006058aaL, - 0x30dc7d62L, - 0x11e69ed7L, 0x2338ea63L, 0x53c2dd94L, - 0xc2c21634L, - 0xbbcbee56L, 0x90bcb6deL, 0xebfc7da1L, - 0xce591d76L, - 0x6f05e409L, 0x4b7c0188L, 0x39720a3dL, - 0x7c927c24L, - 0x86e3725fL, 0x724d9db9L, 0x1ac15bb4L, - 0xd39eb8fcL, - 0xed545578L, 0x08fca5b5L, 0xd83d7cd3L, - 0x4dad0fc4L, - 0x1e50ef5eL, 0xb161e6f8L, 0xa28514d9L, - 0x6c51133cL, - 0x6fd5c7e7L, 0x56e14ec4L, 0x362abfceL, - 0xddc6c837L, - 0xd79a3234L, 0x92638212L, 0x670efa8eL, - 0x406000e0L, - 0x3a39ce37L, 0xd3faf5cfL, 0xabc27737L, - 0x5ac52d1bL, - 0x5cb0679eL, 0x4fa33742L, 0xd3822740L, - 0x99bc9bbeL, - 0xd5118e9dL, 0xbf0f7315L, 0xd62d1c7eL, - 0xc700c47bL, - 0xb78c1b6bL, 0x21a19045L, 0xb26eb1beL, - 0x6a366eb4L, - 0x5748ab2fL, 0xbc946e79L, 0xc6a376d2L, - 0x6549c2c8L, - 0x530ff8eeL, 0x468dde7dL, 0xd5730a1dL, - 0x4cd04dc6L, - 0x2939bbdbL, 0xa9ba4650L, 0xac9526e8L, - 0xbe5ee304L, - 0xa1fad5f0L, 0x6a2d519aL, 0x63ef8ce2L, - 0x9a86ee22L, - 0xc089c2b8L, 0x43242ef6L, 0xa51e03aaL, - 0x9cf2d0a4L, - 0x83c061baL, 0x9be96a4dL, 0x8fe51550L, - 0xba645bd6L, - 0x2826a2f9L, 0xa73a3ae1L, 0x4ba99586L, - 0xef5562e9L, - 0xc72fefd3L, 0xf752f7daL, 0x3f046f69L, - 0x77fa0a59L, - 0x80e4a915L, 0x87b08601L, 0x9b09e6adL, - 0x3b3ee593L, - 0xe990fd5aL, 0x9e34d797L, 0x2cf0b7d9L, - 0x022b8b51L, - 0x96d5ac3aL, 0x017da67dL, 0xd1cf3ed6L, - 0x7c7d2d28L, - 0x1f9f25cfL, 0xadf2b89bL, 0x5ad6b472L, - 0x5a88f54cL, - 0xe029ac71L, 0xe019a5e6L, 0x47b0acfdL, - 0xed93fa9bL, - 0xe8d3c48dL, 0x283b57ccL, 0xf8d56629L, - 0x79132e28L, - 0x785f0191L, 0xed756055L, 0xf7960e44L, - 0xe3d35e8cL, - 0x15056dd4L, 0x88f46dbaL, 0x03a16125L, - 0x0564f0bdL, - 0xc3eb9e15L, 0x3c9057a2L, 0x97271aecL, - 0xa93a072aL, - 0x1b3f6d9bL, 0x1e6321f5L, 0xf59c66fbL, - 0x26dcf319L, - 0x7533d928L, 0xb155fdf5L, 0x03563482L, - 0x8aba3cbbL, - 0x28517711L, 0xc20ad9f8L, 0xabcc5167L, - 0xccad925fL, - 0x4de81751L, 0x3830dc8eL, 0x379d5862L, - 0x9320f991L, - 0xea7a90c2L, 0xfb3e7bceL, 0x5121ce64L, - 0x774fbe32L, - 0xa8b6e37eL, 0xc3293d46L, 0x48de5369L, - 0x6413e680L, - 0xa2ae0810L, 0xdd6db224L, 0x69852dfdL, - 0x09072166L, - 0xb39a460aL, 0x6445c0ddL, 0x586cdecfL, - 0x1c20c8aeL, - 0x5bbef7ddL, 0x1b588d40L, 0xccd2017fL, - 0x6bb4e3bbL, - 0xdda26a7eL, 0x3a59ff45L, 0x3e350a44L, - 0xbcb4cdd5L, - 0x72eacea8L, 0xfa6484bbL, 0x8d6612aeL, - 0xbf3c6f47L, - 0xd29be463L, 0x542f5d9eL, 0xaec2771bL, - 0xf64e6370L, - 0x740e0d8dL, 0xe75b1357L, 0xf8721671L, - 0xaf537d5dL, - 0x4040cb08L, 0x4eb4e2ccL, 0x34d2466aL, - 0x0115af84L, - 0xe1b00428L, 0x95983a1dL, 0x06b89fb4L, - 0xce6ea048L, - 0x6f3f3b82L, 0x3520ab82L, 0x011a1d4bL, - 0x277227f8L, - 0x611560b1L, 0xe7933fdcL, 0xbb3a792bL, - 0x344525bdL, - 0xa08839e1L, 0x51ce794bL, 0x2f32c9b7L, - 0xa01fbac9L, - 0xe01cc87eL, 0xbcc7d1f6L, 0xcf0111c3L, - 0xa1e8aac7L, - 0x1a908749L, 0xd44fbd9aL, 0xd0dadecbL, - 0xd50ada38L, - 0x0339c32aL, 0xc6913667L, 0x8df9317cL, - 0xe0b12b4fL, - 0xf79e59b7L, 0x43f5bb3aL, 0xf2d519ffL, - 0x27d9459cL, - 0xbf97222cL, 0x15e6fc2aL, 0x0f91fc71L, - 0x9b941525L, - 0xfae59361L, 0xceb69cebL, 0xc2a86459L, - 0x12baa8d1L, - 0xb6c1075eL, 0xe3056a0cL, 0x10d25065L, - 0xcb03a442L, - 0xe0ec6e0eL, 0x1698db3bL, 0x4c98a0beL, - 0x3278e964L, - 0x9f1f9532L, 0xe0d392dfL, 0xd3a0342bL, - 0x8971f21eL, - 0x1b0a7441L, 0x4ba3348cL, 0xc5be7120L, - 0xc37632d8L, - 0xdf359f8dL, 0x9b992f2eL, 0xe60b6f47L, - 0x0fe3f11dL, - 0xe54cda54L, 0x1edad891L, 0xce6279cfL, - 0xcd3e7e6fL, - 0x1618b166L, 0xfd2c1d05L, 0x848fd2c5L, - 0xf6fb2299L, - 0xf523f357L, 0xa6327623L, 0x93a83531L, - 0x56cccd02L, - 0xacf08162L, 0x5a75ebb5L, 0x6e163697L, - 0x88d273ccL, - 0xde966292L, 0x81b949d0L, 0x4c50901bL, - 0x71c65614L, - 0xe6c6c7bdL, 0x327a140aL, 0x45e1d006L, - 0xc3f27b9aL, - 0xc9aa53fdL, 0x62a80f00L, 0xbb25bfe2L, - 0x35bdd2f6L, - 0x71126905L, 0xb2040222L, 0xb6cbcf7cL, - 0xcd769c2bL, - 0x53113ec0L, 0x1640e3d3L, 0x38abbd60L, - 0x2547adf0L, - 0xba38209cL, 0xf746ce76L, 0x77afa1c5L, - 0x20756060L, - 0x85cbfe4eL, 0x8ae88dd8L, 0x7aaaf9b0L, - 0x4cf9aa7eL, - 0x1948c25cL, 0x02fb8a8cL, 0x01c36ae4L, - 0xd6ebe1f9L, - 0x90d4f869L, 0xa65cdea0L, 0x3f09252dL, - 0xc208e69fL, - 0xb74e6132L, 0xce77e25bL, 0x578fdfe3L, - 0x3ac372e6L, - } -}; diff --git a/crypto/bf/bf_skey.c b/crypto/bf/bf_skey.c deleted file mode 100644 index 9728be297c17bcf81fec5ff13a1b772c6bc095ca..0000000000000000000000000000000000000000 --- a/crypto/bf/bf_skey.c +++ /dev/null @@ -1,73 +0,0 @@ -/* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * BF low level APIs are deprecated for public use, but still ok for internal - * use. - */ -#include "internal/deprecated.h" - -#include -#include -#include -#include "bf_local.h" -#include "bf_pi.h" - -void BF_set_key(BF_KEY *key, int len, const unsigned char *data) -{ - int i; - BF_LONG *p, ri, in[2]; - const unsigned char *d, *end; - - memcpy(key, &bf_init, sizeof(BF_KEY)); - p = key->P; - - if (len > ((BF_ROUNDS + 2) * 4)) - len = (BF_ROUNDS + 2) * 4; - - d = data; - end = &(data[len]); - for (i = 0; i < (BF_ROUNDS + 2); i++) { - ri = *(d++); - if (d >= end) - d = data; - - ri <<= 8; - ri |= *(d++); - if (d >= end) - d = data; - - ri <<= 8; - ri |= *(d++); - if (d >= end) - d = data; - - ri <<= 8; - ri |= *(d++); - if (d >= end) - d = data; - - p[i] ^= ri; - } - - in[0] = 0L; - in[1] = 0L; - for (i = 0; i < (BF_ROUNDS + 2); i += 2) { - BF_encrypt(in, key); - p[i] = in[0]; - p[i + 1] = in[1]; - } - - p = key->S; - for (i = 0; i < 4 * 256; i += 2) { - BF_encrypt(in, key); - p[i] = in[0]; - p[i + 1] = in[1]; - } -} diff --git a/crypto/bf/build.info b/crypto/bf/build.info deleted file mode 100644 index 0c32fedef8ef7db2a70d977c41e5eac237d8e78b..0000000000000000000000000000000000000000 --- a/crypto/bf/build.info +++ /dev/null @@ -1,25 +0,0 @@ -LIBS=../../libcrypto - -$BFASM=bf_enc.c -IF[{- !$disabled{asm} -}] - $BFASM_x86=bf-586.S - - # Now that we have defined all the arch specific variables, use the - # appropriate one - IF[$BFASM_{- $target{asm_arch} -}] - $BFASM=$BFASM_{- $target{asm_arch} -} - ENDIF -ENDIF - -$ALL=bf_skey.c bf_ecb.c bf_cfb64.c bf_ofb64.c $BFASM - -SOURCE[../../libcrypto]=$ALL - -# When all deprecated symbols are removed, libcrypto doesn't export the -# blowfish functions, so we must include them directly in liblegacy.a -IF[{- $disabled{'deprecated-3.0'} -}] - SOURCE[../../providers/liblegacy.a]=$ALL -ENDIF - -GENERATE[bf-586.S]=asm/bf-586.pl -DEPEND[bf-586.S]=../perlasm/x86asm.pl ../perlasm/cbc.pl diff --git a/crypto/bio/bf_buff.c b/crypto/bio/bf_buff.c deleted file mode 100644 index cfed63bd72ec84154237ac529188072ec62fecaf..0000000000000000000000000000000000000000 --- a/crypto/bio/bf_buff.c +++ /dev/null @@ -1,470 +0,0 @@ -/* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include "bio_local.h" -#include "internal/cryptlib.h" - -static int buffer_write(BIO *h, const char *buf, int num); -static int buffer_read(BIO *h, char *buf, int size); -static int buffer_puts(BIO *h, const char *str); -static int buffer_gets(BIO *h, char *str, int size); -static long buffer_ctrl(BIO *h, int cmd, long arg1, void *arg2); -static int buffer_new(BIO *h); -static int buffer_free(BIO *data); -static long buffer_callback_ctrl(BIO *h, int cmd, BIO_info_cb *fp); -#define DEFAULT_BUFFER_SIZE 4096 - -static const BIO_METHOD methods_buffer = { - BIO_TYPE_BUFFER, - "buffer", - bwrite_conv, - buffer_write, - bread_conv, - buffer_read, - buffer_puts, - buffer_gets, - buffer_ctrl, - buffer_new, - buffer_free, - buffer_callback_ctrl, -}; - -const BIO_METHOD *BIO_f_buffer(void) -{ - return &methods_buffer; -} - -static int buffer_new(BIO *bi) -{ - BIO_F_BUFFER_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx)); - - if (ctx == NULL) - return 0; - ctx->ibuf_size = DEFAULT_BUFFER_SIZE; - ctx->ibuf = OPENSSL_malloc(DEFAULT_BUFFER_SIZE); - if (ctx->ibuf == NULL) { - OPENSSL_free(ctx); - return 0; - } - ctx->obuf_size = DEFAULT_BUFFER_SIZE; - ctx->obuf = OPENSSL_malloc(DEFAULT_BUFFER_SIZE); - if (ctx->obuf == NULL) { - OPENSSL_free(ctx->ibuf); - OPENSSL_free(ctx); - return 0; - } - - bi->init = 1; - bi->ptr = (char *)ctx; - bi->flags = 0; - return 1; -} - -static int buffer_free(BIO *a) -{ - BIO_F_BUFFER_CTX *b; - - if (a == NULL) - return 0; - b = (BIO_F_BUFFER_CTX *)a->ptr; - OPENSSL_free(b->ibuf); - OPENSSL_free(b->obuf); - OPENSSL_free(a->ptr); - a->ptr = NULL; - a->init = 0; - a->flags = 0; - return 1; -} - -static int buffer_read(BIO *b, char *out, int outl) -{ - int i, num = 0; - BIO_F_BUFFER_CTX *ctx; - - if (out == NULL) - return 0; - ctx = (BIO_F_BUFFER_CTX *)b->ptr; - - if ((ctx == NULL) || (b->next_bio == NULL)) - return 0; - num = 0; - BIO_clear_retry_flags(b); - - start: - i = ctx->ibuf_len; - /* If there is stuff left over, grab it */ - if (i != 0) { - if (i > outl) - i = outl; - memcpy(out, &(ctx->ibuf[ctx->ibuf_off]), i); - ctx->ibuf_off += i; - ctx->ibuf_len -= i; - num += i; - if (outl == i) - return num; - outl -= i; - out += i; - } - - /* - * We may have done a partial read. try to do more. We have nothing in - * the buffer. If we get an error and have read some data, just return it - * and let them retry to get the error again. copy direct to parent - * address space - */ - if (outl > ctx->ibuf_size) { - for (;;) { - i = BIO_read(b->next_bio, out, outl); - if (i <= 0) { - BIO_copy_next_retry(b); - if (i < 0) - return ((num > 0) ? num : i); - if (i == 0) - return num; - } - num += i; - if (outl == i) - return num; - out += i; - outl -= i; - } - } - /* else */ - - /* we are going to be doing some buffering */ - i = BIO_read(b->next_bio, ctx->ibuf, ctx->ibuf_size); - if (i <= 0) { - BIO_copy_next_retry(b); - if (i < 0) - return ((num > 0) ? num : i); - if (i == 0) - return num; - } - ctx->ibuf_off = 0; - ctx->ibuf_len = i; - - /* Lets re-read using ourselves :-) */ - goto start; -} - -static int buffer_write(BIO *b, const char *in, int inl) -{ - int i, num = 0; - BIO_F_BUFFER_CTX *ctx; - - if ((in == NULL) || (inl <= 0)) - return 0; - ctx = (BIO_F_BUFFER_CTX *)b->ptr; - if ((ctx == NULL) || (b->next_bio == NULL)) - return 0; - - BIO_clear_retry_flags(b); - start: - i = ctx->obuf_size - (ctx->obuf_len + ctx->obuf_off); - /* add to buffer and return */ - if (i >= inl) { - memcpy(&(ctx->obuf[ctx->obuf_off + ctx->obuf_len]), in, inl); - ctx->obuf_len += inl; - return (num + inl); - } - /* else */ - /* stuff already in buffer, so add to it first, then flush */ - if (ctx->obuf_len != 0) { - if (i > 0) { /* lets fill it up if we can */ - memcpy(&(ctx->obuf[ctx->obuf_off + ctx->obuf_len]), in, i); - in += i; - inl -= i; - num += i; - ctx->obuf_len += i; - } - /* we now have a full buffer needing flushing */ - for (;;) { - i = BIO_write(b->next_bio, &(ctx->obuf[ctx->obuf_off]), - ctx->obuf_len); - if (i <= 0) { - BIO_copy_next_retry(b); - - if (i < 0) - return ((num > 0) ? num : i); - if (i == 0) - return num; - } - ctx->obuf_off += i; - ctx->obuf_len -= i; - if (ctx->obuf_len == 0) - break; - } - } - /* - * we only get here if the buffer has been flushed and we still have - * stuff to write - */ - ctx->obuf_off = 0; - - /* we now have inl bytes to write */ - while (inl >= ctx->obuf_size) { - i = BIO_write(b->next_bio, in, inl); - if (i <= 0) { - BIO_copy_next_retry(b); - if (i < 0) - return ((num > 0) ? num : i); - if (i == 0) - return num; - } - num += i; - in += i; - inl -= i; - if (inl == 0) - return num; - } - - /* - * copy the rest into the buffer since we have only a small amount left - */ - goto start; -} - -static long buffer_ctrl(BIO *b, int cmd, long num, void *ptr) -{ - BIO *dbio; - BIO_F_BUFFER_CTX *ctx; - long ret = 1; - char *p1, *p2; - int r, i, *ip; - int ibs, obs; - - ctx = (BIO_F_BUFFER_CTX *)b->ptr; - - switch (cmd) { - case BIO_CTRL_RESET: - ctx->ibuf_off = 0; - ctx->ibuf_len = 0; - ctx->obuf_off = 0; - ctx->obuf_len = 0; - if (b->next_bio == NULL) - return 0; - ret = BIO_ctrl(b->next_bio, cmd, num, ptr); - break; - case BIO_CTRL_EOF: - if (ctx->ibuf_len > 0) - return 0; - ret = BIO_ctrl(b->next_bio, cmd, num, ptr); - break; - case BIO_CTRL_INFO: - ret = (long)ctx->obuf_len; - break; - case BIO_C_GET_BUFF_NUM_LINES: - ret = 0; - p1 = ctx->ibuf; - for (i = 0; i < ctx->ibuf_len; i++) { - if (p1[ctx->ibuf_off + i] == '\n') - ret++; - } - break; - case BIO_CTRL_WPENDING: - ret = (long)ctx->obuf_len; - if (ret == 0) { - if (b->next_bio == NULL) - return 0; - ret = BIO_ctrl(b->next_bio, cmd, num, ptr); - } - break; - case BIO_CTRL_PENDING: - ret = (long)ctx->ibuf_len; - if (ret == 0) { - if (b->next_bio == NULL) - return 0; - ret = BIO_ctrl(b->next_bio, cmd, num, ptr); - } - break; - case BIO_C_SET_BUFF_READ_DATA: - if (num > ctx->ibuf_size) { - if (num <= 0) - return 0; - p1 = OPENSSL_malloc((size_t)num); - if (p1 == NULL) - goto malloc_error; - OPENSSL_free(ctx->ibuf); - ctx->ibuf = p1; - } - ctx->ibuf_off = 0; - ctx->ibuf_len = (int)num; - memcpy(ctx->ibuf, ptr, (int)num); - ret = 1; - break; - case BIO_C_SET_BUFF_SIZE: - if (ptr != NULL) { - ip = (int *)ptr; - if (*ip == 0) { - ibs = (int)num; - obs = ctx->obuf_size; - } else { /* if (*ip == 1) */ - - ibs = ctx->ibuf_size; - obs = (int)num; - } - } else { - ibs = (int)num; - obs = (int)num; - } - p1 = ctx->ibuf; - p2 = ctx->obuf; - if ((ibs > DEFAULT_BUFFER_SIZE) && (ibs != ctx->ibuf_size)) { - if (num <= 0) - return 0; - p1 = OPENSSL_malloc((size_t)num); - if (p1 == NULL) - goto malloc_error; - } - if ((obs > DEFAULT_BUFFER_SIZE) && (obs != ctx->obuf_size)) { - p2 = OPENSSL_malloc((size_t)num); - if (p2 == NULL) { - if (p1 != ctx->ibuf) - OPENSSL_free(p1); - goto malloc_error; - } - } - if (ctx->ibuf != p1) { - OPENSSL_free(ctx->ibuf); - ctx->ibuf = p1; - ctx->ibuf_off = 0; - ctx->ibuf_len = 0; - ctx->ibuf_size = ibs; - } - if (ctx->obuf != p2) { - OPENSSL_free(ctx->obuf); - ctx->obuf = p2; - ctx->obuf_off = 0; - ctx->obuf_len = 0; - ctx->obuf_size = obs; - } - break; - case BIO_C_DO_STATE_MACHINE: - if (b->next_bio == NULL) - return 0; - BIO_clear_retry_flags(b); - ret = BIO_ctrl(b->next_bio, cmd, num, ptr); - BIO_copy_next_retry(b); - break; - - case BIO_CTRL_FLUSH: - if (b->next_bio == NULL) - return 0; - if (ctx->obuf_len <= 0) { - ret = BIO_ctrl(b->next_bio, cmd, num, ptr); - break; - } - - for (;;) { - BIO_clear_retry_flags(b); - if (ctx->obuf_len > 0) { - r = BIO_write(b->next_bio, - &(ctx->obuf[ctx->obuf_off]), ctx->obuf_len); - BIO_copy_next_retry(b); - if (r <= 0) - return (long)r; - ctx->obuf_off += r; - ctx->obuf_len -= r; - } else { - ctx->obuf_len = 0; - ctx->obuf_off = 0; - break; - } - } - ret = BIO_ctrl(b->next_bio, cmd, num, ptr); - break; - case BIO_CTRL_DUP: - dbio = (BIO *)ptr; - if (!BIO_set_read_buffer_size(dbio, ctx->ibuf_size) || - !BIO_set_write_buffer_size(dbio, ctx->obuf_size)) - ret = 0; - break; - case BIO_CTRL_PEEK: - /* Ensure there's stuff in the input buffer */ - { - char fake_buf[1]; - (void)buffer_read(b, fake_buf, 0); - } - if (num > ctx->ibuf_len) - num = ctx->ibuf_len; - memcpy(ptr, &(ctx->ibuf[ctx->ibuf_off]), num); - ret = num; - break; - default: - if (b->next_bio == NULL) - return 0; - ret = BIO_ctrl(b->next_bio, cmd, num, ptr); - break; - } - return ret; - malloc_error: - ERR_raise(ERR_LIB_BIO, ERR_R_MALLOC_FAILURE); - return 0; -} - -static long buffer_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp) -{ - if (b->next_bio == NULL) - return 0; - return BIO_callback_ctrl(b->next_bio, cmd, fp); -} - -static int buffer_gets(BIO *b, char *buf, int size) -{ - BIO_F_BUFFER_CTX *ctx; - int num = 0, i, flag; - char *p; - - ctx = (BIO_F_BUFFER_CTX *)b->ptr; - size--; /* reserve space for a '\0' */ - BIO_clear_retry_flags(b); - - for (;;) { - if (ctx->ibuf_len > 0) { - p = &(ctx->ibuf[ctx->ibuf_off]); - flag = 0; - for (i = 0; (i < ctx->ibuf_len) && (i < size); i++) { - *(buf++) = p[i]; - if (p[i] == '\n') { - flag = 1; - i++; - break; - } - } - num += i; - size -= i; - ctx->ibuf_len -= i; - ctx->ibuf_off += i; - if (flag || size == 0) { - *buf = '\0'; - return num; - } - } else { /* read another chunk */ - - i = BIO_read(b->next_bio, ctx->ibuf, ctx->ibuf_size); - if (i <= 0) { - BIO_copy_next_retry(b); - *buf = '\0'; - if (i < 0) - return ((num > 0) ? num : i); - if (i == 0) - return num; - } - ctx->ibuf_len = i; - ctx->ibuf_off = 0; - } - } -} - -static int buffer_puts(BIO *b, const char *str) -{ - return buffer_write(b, str, strlen(str)); -} diff --git a/crypto/bio/bf_lbuf.c b/crypto/bio/bf_lbuf.c deleted file mode 100644 index 73f121698768750c86f5af3457fbcc81f6104a33..0000000000000000000000000000000000000000 --- a/crypto/bio/bf_lbuf.c +++ /dev/null @@ -1,319 +0,0 @@ -/* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include "bio_local.h" -#include "internal/cryptlib.h" -#include - -static int linebuffer_write(BIO *h, const char *buf, int num); -static int linebuffer_read(BIO *h, char *buf, int size); -static int linebuffer_puts(BIO *h, const char *str); -static int linebuffer_gets(BIO *h, char *str, int size); -static long linebuffer_ctrl(BIO *h, int cmd, long arg1, void *arg2); -static int linebuffer_new(BIO *h); -static int linebuffer_free(BIO *data); -static long linebuffer_callback_ctrl(BIO *h, int cmd, BIO_info_cb *fp); - -/* A 10k maximum should be enough for most purposes */ -#define DEFAULT_LINEBUFFER_SIZE 1024*10 - -/* #define DEBUG */ - -static const BIO_METHOD methods_linebuffer = { - BIO_TYPE_LINEBUFFER, - "linebuffer", - bwrite_conv, - linebuffer_write, - bread_conv, - linebuffer_read, - linebuffer_puts, - linebuffer_gets, - linebuffer_ctrl, - linebuffer_new, - linebuffer_free, - linebuffer_callback_ctrl, -}; - -const BIO_METHOD *BIO_f_linebuffer(void) -{ - return &methods_linebuffer; -} - -typedef struct bio_linebuffer_ctx_struct { - char *obuf; /* the output char array */ - int obuf_size; /* how big is the output buffer */ - int obuf_len; /* how many bytes are in it */ -} BIO_LINEBUFFER_CTX; - -static int linebuffer_new(BIO *bi) -{ - BIO_LINEBUFFER_CTX *ctx; - - if ((ctx = OPENSSL_malloc(sizeof(*ctx))) == NULL) { - ERR_raise(ERR_LIB_BIO, ERR_R_MALLOC_FAILURE); - return 0; - } - ctx->obuf = OPENSSL_malloc(DEFAULT_LINEBUFFER_SIZE); - if (ctx->obuf == NULL) { - ERR_raise(ERR_LIB_BIO, ERR_R_MALLOC_FAILURE); - OPENSSL_free(ctx); - return 0; - } - ctx->obuf_size = DEFAULT_LINEBUFFER_SIZE; - ctx->obuf_len = 0; - - bi->init = 1; - bi->ptr = (char *)ctx; - bi->flags = 0; - return 1; -} - -static int linebuffer_free(BIO *a) -{ - BIO_LINEBUFFER_CTX *b; - - if (a == NULL) - return 0; - b = (BIO_LINEBUFFER_CTX *)a->ptr; - OPENSSL_free(b->obuf); - OPENSSL_free(a->ptr); - a->ptr = NULL; - a->init = 0; - a->flags = 0; - return 1; -} - -static int linebuffer_read(BIO *b, char *out, int outl) -{ - int ret = 0; - - if (out == NULL) - return 0; - if (b->next_bio == NULL) - return 0; - ret = BIO_read(b->next_bio, out, outl); - BIO_clear_retry_flags(b); - BIO_copy_next_retry(b); - return ret; -} - -static int linebuffer_write(BIO *b, const char *in, int inl) -{ - int i, num = 0, foundnl; - BIO_LINEBUFFER_CTX *ctx; - - if ((in == NULL) || (inl <= 0)) - return 0; - ctx = (BIO_LINEBUFFER_CTX *)b->ptr; - if ((ctx == NULL) || (b->next_bio == NULL)) - return 0; - - BIO_clear_retry_flags(b); - - do { - const char *p; - char c; - - for (p = in, c = '\0'; p < in + inl && (c = *p) != '\n'; p++) ; - if (c == '\n') { - p++; - foundnl = 1; - } else - foundnl = 0; - - /* - * If a NL was found and we already have text in the save buffer, - * concatenate them and write - */ - while ((foundnl || p - in > ctx->obuf_size - ctx->obuf_len) - && ctx->obuf_len > 0) { - int orig_olen = ctx->obuf_len; - - i = ctx->obuf_size - ctx->obuf_len; - if (p - in > 0) { - if (i >= p - in) { - memcpy(&(ctx->obuf[ctx->obuf_len]), in, p - in); - ctx->obuf_len += p - in; - inl -= p - in; - num += p - in; - in = p; - } else { - memcpy(&(ctx->obuf[ctx->obuf_len]), in, i); - ctx->obuf_len += i; - inl -= i; - in += i; - num += i; - } - } - i = BIO_write(b->next_bio, ctx->obuf, ctx->obuf_len); - if (i <= 0) { - ctx->obuf_len = orig_olen; - BIO_copy_next_retry(b); - - if (i < 0) - return ((num > 0) ? num : i); - if (i == 0) - return num; - } - if (i < ctx->obuf_len) - memmove(ctx->obuf, ctx->obuf + i, ctx->obuf_len - i); - ctx->obuf_len -= i; - } - - /* - * Now that the save buffer is emptied, let's write the input buffer - * if a NL was found and there is anything to write. - */ - if ((foundnl || p - in > ctx->obuf_size) && p - in > 0) { - i = BIO_write(b->next_bio, in, p - in); - if (i <= 0) { - BIO_copy_next_retry(b); - if (i < 0) - return ((num > 0) ? num : i); - if (i == 0) - return num; - } - num += i; - in += i; - inl -= i; - } - } - while (foundnl && inl > 0); - /* - * We've written as much as we can. The rest of the input buffer, if - * any, is text that doesn't and with a NL and therefore needs to be - * saved for the next trip. - */ - if (inl > 0) { - memcpy(&(ctx->obuf[ctx->obuf_len]), in, inl); - ctx->obuf_len += inl; - num += inl; - } - return num; -} - -static long linebuffer_ctrl(BIO *b, int cmd, long num, void *ptr) -{ - BIO *dbio; - BIO_LINEBUFFER_CTX *ctx; - long ret = 1; - char *p; - int r; - int obs; - - ctx = (BIO_LINEBUFFER_CTX *)b->ptr; - - switch (cmd) { - case BIO_CTRL_RESET: - ctx->obuf_len = 0; - if (b->next_bio == NULL) - return 0; - ret = BIO_ctrl(b->next_bio, cmd, num, ptr); - break; - case BIO_CTRL_INFO: - ret = (long)ctx->obuf_len; - break; - case BIO_CTRL_WPENDING: - ret = (long)ctx->obuf_len; - if (ret == 0) { - if (b->next_bio == NULL) - return 0; - ret = BIO_ctrl(b->next_bio, cmd, num, ptr); - } - break; - case BIO_C_SET_BUFF_SIZE: - if (num > INT_MAX) - return 0; - obs = (int)num; - p = ctx->obuf; - if ((obs > DEFAULT_LINEBUFFER_SIZE) && (obs != ctx->obuf_size)) { - p = OPENSSL_malloc((size_t)obs); - if (p == NULL) - goto malloc_error; - } - if (ctx->obuf != p) { - if (ctx->obuf_len > obs) { - ctx->obuf_len = obs; - } - memcpy(p, ctx->obuf, ctx->obuf_len); - OPENSSL_free(ctx->obuf); - ctx->obuf = p; - ctx->obuf_size = obs; - } - break; - case BIO_C_DO_STATE_MACHINE: - if (b->next_bio == NULL) - return 0; - BIO_clear_retry_flags(b); - ret = BIO_ctrl(b->next_bio, cmd, num, ptr); - BIO_copy_next_retry(b); - break; - - case BIO_CTRL_FLUSH: - if (b->next_bio == NULL) - return 0; - if (ctx->obuf_len <= 0) { - ret = BIO_ctrl(b->next_bio, cmd, num, ptr); - break; - } - - for (;;) { - BIO_clear_retry_flags(b); - if (ctx->obuf_len > 0) { - r = BIO_write(b->next_bio, ctx->obuf, ctx->obuf_len); - BIO_copy_next_retry(b); - if (r <= 0) - return (long)r; - if (r < ctx->obuf_len) - memmove(ctx->obuf, ctx->obuf + r, ctx->obuf_len - r); - ctx->obuf_len -= r; - } else { - ctx->obuf_len = 0; - break; - } - } - ret = BIO_ctrl(b->next_bio, cmd, num, ptr); - break; - case BIO_CTRL_DUP: - dbio = (BIO *)ptr; - if (!BIO_set_write_buffer_size(dbio, ctx->obuf_size)) - ret = 0; - break; - default: - if (b->next_bio == NULL) - return 0; - ret = BIO_ctrl(b->next_bio, cmd, num, ptr); - break; - } - return ret; - malloc_error: - ERR_raise(ERR_LIB_BIO, ERR_R_MALLOC_FAILURE); - return 0; -} - -static long linebuffer_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp) -{ - if (b->next_bio == NULL) - return 0; - return BIO_callback_ctrl(b->next_bio, cmd, fp); -} - -static int linebuffer_gets(BIO *b, char *buf, int size) -{ - if (b->next_bio == NULL) - return 0; - return BIO_gets(b->next_bio, buf, size); -} - -static int linebuffer_puts(BIO *b, const char *str) -{ - return linebuffer_write(b, str, strlen(str)); -} diff --git a/crypto/bio/bf_nbio.c b/crypto/bio/bf_nbio.c deleted file mode 100644 index f9ea1730ba31433e164119d6175db728187ded54..0000000000000000000000000000000000000000 --- a/crypto/bio/bf_nbio.c +++ /dev/null @@ -1,191 +0,0 @@ -/* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include "bio_local.h" -#include "internal/cryptlib.h" -#include - -/* - * BIO_put and BIO_get both add to the digest, BIO_gets returns the digest - */ - -static int nbiof_write(BIO *h, const char *buf, int num); -static int nbiof_read(BIO *h, char *buf, int size); -static int nbiof_puts(BIO *h, const char *str); -static int nbiof_gets(BIO *h, char *str, int size); -static long nbiof_ctrl(BIO *h, int cmd, long arg1, void *arg2); -static int nbiof_new(BIO *h); -static int nbiof_free(BIO *data); -static long nbiof_callback_ctrl(BIO *h, int cmd, BIO_info_cb *fp); -typedef struct nbio_test_st { - /* only set if we sent a 'should retry' error */ - int lrn; - int lwn; -} NBIO_TEST; - -static const BIO_METHOD methods_nbiof = { - BIO_TYPE_NBIO_TEST, - "non-blocking IO test filter", - bwrite_conv, - nbiof_write, - bread_conv, - nbiof_read, - nbiof_puts, - nbiof_gets, - nbiof_ctrl, - nbiof_new, - nbiof_free, - nbiof_callback_ctrl, -}; - -const BIO_METHOD *BIO_f_nbio_test(void) -{ - return &methods_nbiof; -} - -static int nbiof_new(BIO *bi) -{ - NBIO_TEST *nt; - - if ((nt = OPENSSL_zalloc(sizeof(*nt))) == NULL) { - ERR_raise(ERR_LIB_BIO, ERR_R_MALLOC_FAILURE); - return 0; - } - nt->lrn = -1; - nt->lwn = -1; - bi->ptr = (char *)nt; - bi->init = 1; - return 1; -} - -static int nbiof_free(BIO *a) -{ - if (a == NULL) - return 0; - OPENSSL_free(a->ptr); - a->ptr = NULL; - a->init = 0; - a->flags = 0; - return 1; -} - -static int nbiof_read(BIO *b, char *out, int outl) -{ - int ret = 0; - int num; - unsigned char n; - - if (out == NULL) - return 0; - if (b->next_bio == NULL) - return 0; - - BIO_clear_retry_flags(b); - if (RAND_priv_bytes(&n, 1) <= 0) - return -1; - num = (n & 0x07); - - if (outl > num) - outl = num; - - if (num == 0) { - ret = -1; - BIO_set_retry_read(b); - } else { - ret = BIO_read(b->next_bio, out, outl); - if (ret < 0) - BIO_copy_next_retry(b); - } - return ret; -} - -static int nbiof_write(BIO *b, const char *in, int inl) -{ - NBIO_TEST *nt; - int ret = 0; - int num; - unsigned char n; - - if ((in == NULL) || (inl <= 0)) - return 0; - if (b->next_bio == NULL) - return 0; - nt = (NBIO_TEST *)b->ptr; - - BIO_clear_retry_flags(b); - - if (nt->lwn > 0) { - num = nt->lwn; - nt->lwn = 0; - } else { - if (RAND_priv_bytes(&n, 1) <= 0) - return -1; - num = (n & 7); - } - - if (inl > num) - inl = num; - - if (num == 0) { - ret = -1; - BIO_set_retry_write(b); - } else { - ret = BIO_write(b->next_bio, in, inl); - if (ret < 0) { - BIO_copy_next_retry(b); - nt->lwn = inl; - } - } - return ret; -} - -static long nbiof_ctrl(BIO *b, int cmd, long num, void *ptr) -{ - long ret; - - if (b->next_bio == NULL) - return 0; - switch (cmd) { - case BIO_C_DO_STATE_MACHINE: - BIO_clear_retry_flags(b); - ret = BIO_ctrl(b->next_bio, cmd, num, ptr); - BIO_copy_next_retry(b); - break; - case BIO_CTRL_DUP: - ret = 0L; - break; - default: - ret = BIO_ctrl(b->next_bio, cmd, num, ptr); - break; - } - return ret; -} - -static long nbiof_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp) -{ - if (b->next_bio == NULL) - return 0; - return BIO_callback_ctrl(b->next_bio, cmd, fp); -} - -static int nbiof_gets(BIO *bp, char *buf, int size) -{ - if (bp->next_bio == NULL) - return 0; - return BIO_gets(bp->next_bio, buf, size); -} - -static int nbiof_puts(BIO *bp, const char *str) -{ - if (bp->next_bio == NULL) - return 0; - return BIO_puts(bp->next_bio, str); -} diff --git a/crypto/bio/bf_null.c b/crypto/bio/bf_null.c deleted file mode 100644 index 7add76a4ca5c9c289c0eabd29a28f356e06f68e3..0000000000000000000000000000000000000000 --- a/crypto/bio/bf_null.c +++ /dev/null @@ -1,113 +0,0 @@ -/* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include "bio_local.h" -#include "internal/cryptlib.h" - -/* - * BIO_put and BIO_get both add to the digest, BIO_gets returns the digest - */ - -static int nullf_write(BIO *h, const char *buf, int num); -static int nullf_read(BIO *h, char *buf, int size); -static int nullf_puts(BIO *h, const char *str); -static int nullf_gets(BIO *h, char *str, int size); -static long nullf_ctrl(BIO *h, int cmd, long arg1, void *arg2); -static long nullf_callback_ctrl(BIO *h, int cmd, BIO_info_cb *fp); -static const BIO_METHOD methods_nullf = { - BIO_TYPE_NULL_FILTER, - "NULL filter", - bwrite_conv, - nullf_write, - bread_conv, - nullf_read, - nullf_puts, - nullf_gets, - nullf_ctrl, - NULL, - NULL, - nullf_callback_ctrl, -}; - -const BIO_METHOD *BIO_f_null(void) -{ - return &methods_nullf; -} - -static int nullf_read(BIO *b, char *out, int outl) -{ - int ret = 0; - - if (out == NULL) - return 0; - if (b->next_bio == NULL) - return 0; - ret = BIO_read(b->next_bio, out, outl); - BIO_clear_retry_flags(b); - BIO_copy_next_retry(b); - return ret; -} - -static int nullf_write(BIO *b, const char *in, int inl) -{ - int ret = 0; - - if ((in == NULL) || (inl <= 0)) - return 0; - if (b->next_bio == NULL) - return 0; - ret = BIO_write(b->next_bio, in, inl); - BIO_clear_retry_flags(b); - BIO_copy_next_retry(b); - return ret; -} - -static long nullf_ctrl(BIO *b, int cmd, long num, void *ptr) -{ - long ret; - - if (b->next_bio == NULL) - return 0; - switch (cmd) { - case BIO_C_DO_STATE_MACHINE: - BIO_clear_retry_flags(b); - ret = BIO_ctrl(b->next_bio, cmd, num, ptr); - BIO_copy_next_retry(b); - break; - case BIO_CTRL_DUP: - ret = 0L; - break; - default: - ret = BIO_ctrl(b->next_bio, cmd, num, ptr); - } - return ret; -} - -static long nullf_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp) -{ - if (b->next_bio == NULL) - return 0; - return BIO_callback_ctrl(b->next_bio, cmd, fp); -} - -static int nullf_gets(BIO *bp, char *buf, int size) -{ - if (bp->next_bio == NULL) - return 0; - return BIO_gets(bp->next_bio, buf, size); -} - -static int nullf_puts(BIO *bp, const char *str) -{ - if (bp->next_bio == NULL) - return 0; - return BIO_puts(bp->next_bio, str); -} diff --git a/crypto/bio/bf_prefix.c b/crypto/bio/bf_prefix.c deleted file mode 100644 index 872efa13b5593daa72962f7c61facf7a8e101000..0000000000000000000000000000000000000000 --- a/crypto/bio/bf_prefix.c +++ /dev/null @@ -1,207 +0,0 @@ -/* - * Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include "bio_local.h" - -static int prefix_write(BIO *b, const char *out, size_t outl, - size_t *numwritten); -static int prefix_read(BIO *b, char *buf, size_t size, size_t *numread); -static int prefix_puts(BIO *b, const char *str); -static int prefix_gets(BIO *b, char *str, int size); -static long prefix_ctrl(BIO *b, int cmd, long arg1, void *arg2); -static int prefix_create(BIO *b); -static int prefix_destroy(BIO *b); -static long prefix_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp); - -static const BIO_METHOD prefix_meth = { - BIO_TYPE_BUFFER, - "prefix", - prefix_write, - NULL, - prefix_read, - NULL, - prefix_puts, - prefix_gets, - prefix_ctrl, - prefix_create, - prefix_destroy, - prefix_callback_ctrl, -}; - -const BIO_METHOD *BIO_f_prefix(void) -{ - return &prefix_meth; -} - -typedef struct prefix_ctx_st { - char *prefix; /* Text prefix, given by user */ - unsigned int indent; /* Indentation amount, given by user */ - - int linestart; /* flag to indicate we're at the line start */ -} PREFIX_CTX; - -static int prefix_create(BIO *b) -{ - PREFIX_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx)); - - if (ctx == NULL) - return 0; - - ctx->prefix = NULL; - ctx->indent = 0; - ctx->linestart = 1; - BIO_set_data(b, ctx); - BIO_set_init(b, 1); - return 1; -} - -static int prefix_destroy(BIO *b) -{ - PREFIX_CTX *ctx = BIO_get_data(b); - - OPENSSL_free(ctx->prefix); - OPENSSL_free(ctx); - return 1; -} - -static int prefix_read(BIO *b, char *in, size_t size, size_t *numread) -{ - return BIO_read_ex(BIO_next(b), in, size, numread); -} - -static int prefix_write(BIO *b, const char *out, size_t outl, - size_t *numwritten) -{ - PREFIX_CTX *ctx = BIO_get_data(b); - - if (ctx == NULL) - return 0; - - /* - * If no prefix is set or if it's empty, and no indentation amount is set, - * we've got nothing to do here - */ - if ((ctx->prefix == NULL || *ctx->prefix == '\0') - && ctx->indent == 0) { - /* - * We do note if what comes next will be a new line, though, so we're - * prepared to handle prefix and indentation the next time around. - */ - if (outl > 0) - ctx->linestart = (out[outl-1] == '\n'); - return BIO_write_ex(BIO_next(b), out, outl, numwritten); - } - - *numwritten = 0; - - while (outl > 0) { - size_t i; - char c; - - /* - * If we know that we're at the start of the line, output prefix and - * indentation. - */ - if (ctx->linestart) { - size_t dontcare; - - if (ctx->prefix != NULL - && !BIO_write_ex(BIO_next(b), ctx->prefix, strlen(ctx->prefix), - &dontcare)) - return 0; - BIO_printf(BIO_next(b), "%*s", ctx->indent, ""); - ctx->linestart = 0; - } - - /* Now, go look for the next LF, or the end of the string */ - for (i = 0, c = '\0'; i < outl && (c = out[i]) != '\n'; i++) - continue; - if (c == '\n') - i++; - - /* Output what we found so far */ - while (i > 0) { - size_t num = 0; - - if (!BIO_write_ex(BIO_next(b), out, i, &num)) - return 0; - out += num; - outl -= num; - *numwritten += num; - i -= num; - } - - /* If we found a LF, what follows is a new line, so take note */ - if (c == '\n') - ctx->linestart = 1; - } - - return 1; -} - -static long prefix_ctrl(BIO *b, int cmd, long num, void *ptr) -{ - long ret = 0; - PREFIX_CTX *ctx; - - if (b == NULL || (ctx = BIO_get_data(b)) == NULL) - return -1; - - switch (cmd) { - case BIO_CTRL_SET_PREFIX: - OPENSSL_free(ctx->prefix); - if (ptr == NULL) { - ctx->prefix = NULL; - ret = 1; - } else { - ctx->prefix = OPENSSL_strdup((const char *)ptr); - ret = ctx->prefix != NULL; - } - break; - case BIO_CTRL_SET_INDENT: - if (num >= 0) { - ctx->indent = (unsigned int)num; - ret = 1; - } - break; - case BIO_CTRL_GET_INDENT: - ret = (long)ctx->indent; - break; - default: - /* Commands that we intercept before passing them along */ - switch (cmd) { - case BIO_C_FILE_SEEK: - case BIO_CTRL_RESET: - ctx->linestart = 1; - break; - } - if (BIO_next(b) != NULL) - ret = BIO_ctrl(BIO_next(b), cmd, num, ptr); - break; - } - return ret; -} - -static long prefix_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp) -{ - return BIO_callback_ctrl(BIO_next(b), cmd, fp); -} - -static int prefix_gets(BIO *b, char *buf, int size) -{ - return BIO_gets(BIO_next(b), buf, size); -} - -static int prefix_puts(BIO *b, const char *str) -{ - return BIO_write(b, str, strlen(str)); -} diff --git a/crypto/bio/bf_readbuff.c b/crypto/bio/bf_readbuff.c deleted file mode 100644 index 135ccef83bf3c425729c7c2503ecd8128e69d5b7..0000000000000000000000000000000000000000 --- a/crypto/bio/bf_readbuff.c +++ /dev/null @@ -1,288 +0,0 @@ -/* - * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * This is a read only BIO filter that can be used to add BIO_tell() and - * BIO_seek() support to source/sink BIO's (such as a file BIO that uses stdin). - * It does this by caching ALL data read from the BIO source/sink into a - * resizable memory buffer. - */ - -#include -#include -#include "bio_local.h" -#include "internal/cryptlib.h" - -#define DEFAULT_BUFFER_SIZE 4096 - -static int readbuffer_write(BIO *h, const char *buf, int num); -static int readbuffer_read(BIO *h, char *buf, int size); -static int readbuffer_puts(BIO *h, const char *str); -static int readbuffer_gets(BIO *h, char *str, int size); -static long readbuffer_ctrl(BIO *h, int cmd, long arg1, void *arg2); -static int readbuffer_new(BIO *h); -static int readbuffer_free(BIO *data); -static long readbuffer_callback_ctrl(BIO *h, int cmd, BIO_info_cb *fp); - -static const BIO_METHOD methods_readbuffer = { - BIO_TYPE_BUFFER, - "readbuffer", - bwrite_conv, - readbuffer_write, - bread_conv, - readbuffer_read, - readbuffer_puts, - readbuffer_gets, - readbuffer_ctrl, - readbuffer_new, - readbuffer_free, - readbuffer_callback_ctrl, -}; - -const BIO_METHOD *BIO_f_readbuffer(void) -{ - return &methods_readbuffer; -} - -static int readbuffer_new(BIO *bi) -{ - BIO_F_BUFFER_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx)); - - if (ctx == NULL) - return 0; - ctx->ibuf_size = DEFAULT_BUFFER_SIZE; - ctx->ibuf = OPENSSL_zalloc(DEFAULT_BUFFER_SIZE); - if (ctx->ibuf == NULL) { - OPENSSL_free(ctx); - return 0; - } - - bi->init = 1; - bi->ptr = (char *)ctx; - bi->flags = 0; - return 1; -} - -static int readbuffer_free(BIO *a) -{ - BIO_F_BUFFER_CTX *b; - - if (a == NULL) - return 0; - b = (BIO_F_BUFFER_CTX *)a->ptr; - OPENSSL_free(b->ibuf); - OPENSSL_free(a->ptr); - a->ptr = NULL; - a->init = 0; - a->flags = 0; - return 1; -} - -static int readbuffer_resize(BIO_F_BUFFER_CTX *ctx, int sz) -{ - char *tmp; - - /* Figure out how many blocks are required */ - sz += (ctx->ibuf_off + DEFAULT_BUFFER_SIZE - 1); - sz = DEFAULT_BUFFER_SIZE * (sz / DEFAULT_BUFFER_SIZE); - - /* Resize if the buffer is not big enough */ - if (sz > ctx->ibuf_size) { - tmp = OPENSSL_realloc(ctx->ibuf, sz); - if (tmp == NULL) - return 0; - ctx->ibuf = tmp; - ctx->ibuf_size = sz; - } - return 1; -} - -static int readbuffer_read(BIO *b, char *out, int outl) -{ - int i, num = 0; - BIO_F_BUFFER_CTX *ctx; - - if (out == NULL || outl == 0) - return 0; - ctx = (BIO_F_BUFFER_CTX *)b->ptr; - - if ((ctx == NULL) || (b->next_bio == NULL)) - return 0; - BIO_clear_retry_flags(b); - - for (;;) { - i = ctx->ibuf_len; - /* If there is something in the buffer just read it. */ - if (i != 0) { - if (i > outl) - i = outl; - memcpy(out, &(ctx->ibuf[ctx->ibuf_off]), i); - ctx->ibuf_off += i; - ctx->ibuf_len -= i; - num += i; - /* Exit if we have read the bytes required out of the buffer */ - if (outl == i) - return num; - outl -= i; - out += i; - } - - /* Only gets here if the buffer has been consumed */ - if (!readbuffer_resize(ctx, outl)) - return 0; - - /* Do some buffering by reading from the next bio */ - i = BIO_read(b->next_bio, ctx->ibuf + ctx->ibuf_off, outl); - if (i <= 0) { - BIO_copy_next_retry(b); - if (i < 0) - return ((num > 0) ? num : i); - else - return num; /* i == 0 */ - } - ctx->ibuf_len = i; - } -} - -static int readbuffer_write(BIO *b, const char *in, int inl) -{ - return 0; -} -static int readbuffer_puts(BIO *b, const char *str) -{ - return 0; -} - -static long readbuffer_ctrl(BIO *b, int cmd, long num, void *ptr) -{ - BIO_F_BUFFER_CTX *ctx; - long ret = 1, sz; - - ctx = (BIO_F_BUFFER_CTX *)b->ptr; - - switch (cmd) { - case BIO_CTRL_EOF: - if (ctx->ibuf_len > 0) - return 0; - if (b->next_bio == NULL) - return 1; - ret = BIO_ctrl(b->next_bio, cmd, num, ptr); - break; - - case BIO_C_FILE_SEEK: - case BIO_CTRL_RESET: - sz = ctx->ibuf_off + ctx->ibuf_len; - /* Assume it can only seek backwards */ - if (num < 0 || num > sz) - return 0; - ctx->ibuf_off = num; - ctx->ibuf_len = sz - num; - break; - - case BIO_C_FILE_TELL: - case BIO_CTRL_INFO: - ret = (long)ctx->ibuf_off; - break; - case BIO_CTRL_PENDING: - ret = (long)ctx->ibuf_len; - if (ret == 0) { - if (b->next_bio == NULL) - return 0; - ret = BIO_ctrl(b->next_bio, cmd, num, ptr); - } - break; - case BIO_CTRL_DUP: - case BIO_CTRL_FLUSH: - ret = 1; - break; - default: - ret = 0; - break; - } - return ret; -} - -static long readbuffer_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp) -{ - if (b->next_bio == NULL) - return 0; - return BIO_callback_ctrl(b->next_bio, cmd, fp); -} - -static int readbuffer_gets(BIO *b, char *buf, int size) -{ - BIO_F_BUFFER_CTX *ctx; - int num = 0, num_chars, found_newline; - char *p; - int i, j; - - if (size == 0) - return 0; - --size; /* the passed in size includes the terminator - so remove it here */ - ctx = (BIO_F_BUFFER_CTX *)b->ptr; - BIO_clear_retry_flags(b); - - /* If data is already buffered then use this first */ - if (ctx->ibuf_len > 0) { - p = ctx->ibuf + ctx->ibuf_off; - found_newline = 0; - for (num_chars = 0; - (num_chars < ctx->ibuf_len) && (num_chars < size); - num_chars++) { - *buf++ = p[num_chars]; - if (p[num_chars] == '\n') { - found_newline = 1; - num_chars++; - break; - } - } - num += num_chars; - size -= num_chars; - ctx->ibuf_len -= num_chars; - ctx->ibuf_off += num_chars; - if (found_newline || size == 0) { - *buf = '\0'; - return num; - } - } - /* - * If there is no buffered data left then read any remaining data from the - * next bio. - */ - - /* Resize if we have to */ - if (!readbuffer_resize(ctx, 1 + size)) - return 0; - /* - * Read more data from the next bio using BIO_read_ex: - * Note we cannot use BIO_gets() here as it does not work on a - * binary stream that contains 0x00. (Since strlen() will stop at - * any 0x00 not at the last read '\n' in a FILE bio). - * Also note that some applications open and close the file bio - * multiple times and need to read the next available block when using - * stdin - so we need to READ one byte at a time! - */ - p = ctx->ibuf + ctx->ibuf_off; - for (i = 0; i < size; ++i) { - j = BIO_read(b->next_bio, p, 1); - if (j <= 0) { - BIO_copy_next_retry(b); - *buf = '\0'; - return num > 0 ? num : j; - } - *buf++ = *p; - num++; - ctx->ibuf_off++; - if (*p == '\n') - break; - ++p; - } - *buf = '\0'; - return num; -} diff --git a/crypto/bio/bio_addr.c b/crypto/bio/bio_addr.c deleted file mode 100644 index a80774bbd7cac9a7df672063d1b72401a4fc9236..0000000000000000000000000000000000000000 --- a/crypto/bio/bio_addr.c +++ /dev/null @@ -1,939 +0,0 @@ -/* - * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#ifndef _GNU_SOURCE -# define _GNU_SOURCE -#endif - -/* - * VC configurations may define UNICODE, to indicate to the C RTL that - * WCHAR functions are preferred. - * This affects functions like gai_strerror(), which is implemented as - * an alias macro for gai_strerrorA() (which returns a const char *) or - * gai_strerrorW() (which returns a const WCHAR *). This source file - * assumes POSIX declarations, so prefer the non-UNICODE definitions. - */ -#undef UNICODE - -#include -#include - -#include "bio_local.h" -#include - -#ifndef OPENSSL_NO_SOCK -#include -#include -#include "internal/thread_once.h" - -CRYPTO_RWLOCK *bio_lookup_lock; -static CRYPTO_ONCE bio_lookup_init = CRYPTO_ONCE_STATIC_INIT; - -/* - * Throughout this file and bio_local.h, the existence of the macro - * AI_PASSIVE is used to detect the availability of struct addrinfo, - * getnameinfo() and getaddrinfo(). If that macro doesn't exist, - * we use our own implementation instead, using gethostbyname, - * getservbyname and a few other. - */ - -/********************************************************************** - * - * Address structure - * - */ - -BIO_ADDR *BIO_ADDR_new(void) -{ - BIO_ADDR *ret = OPENSSL_zalloc(sizeof(*ret)); - - if (ret == NULL) { - ERR_raise(ERR_LIB_BIO, ERR_R_MALLOC_FAILURE); - return NULL; - } - - ret->sa.sa_family = AF_UNSPEC; - return ret; -} - -void BIO_ADDR_free(BIO_ADDR *ap) -{ - OPENSSL_free(ap); -} - -void BIO_ADDR_clear(BIO_ADDR *ap) -{ - memset(ap, 0, sizeof(*ap)); - ap->sa.sa_family = AF_UNSPEC; -} - -/* - * BIO_ADDR_make - non-public routine to fill a BIO_ADDR with the contents - * of a struct sockaddr. - */ -int BIO_ADDR_make(BIO_ADDR *ap, const struct sockaddr *sa) -{ - if (sa->sa_family == AF_INET) { - memcpy(&(ap->s_in), sa, sizeof(struct sockaddr_in)); - return 1; - } -#ifdef AF_INET6 - if (sa->sa_family == AF_INET6) { - memcpy(&(ap->s_in6), sa, sizeof(struct sockaddr_in6)); - return 1; - } -#endif -#ifdef AF_UNIX - if (sa->sa_family == AF_UNIX) { - memcpy(&(ap->s_un), sa, sizeof(struct sockaddr_un)); - return 1; - } -#endif - - return 0; -} - -int BIO_ADDR_rawmake(BIO_ADDR *ap, int family, - const void *where, size_t wherelen, - unsigned short port) -{ -#ifdef AF_UNIX - if (family == AF_UNIX) { - if (wherelen + 1 > sizeof(ap->s_un.sun_path)) - return 0; - memset(&ap->s_un, 0, sizeof(ap->s_un)); - ap->s_un.sun_family = family; - strncpy(ap->s_un.sun_path, where, sizeof(ap->s_un.sun_path) - 1); - return 1; - } -#endif - if (family == AF_INET) { - if (wherelen != sizeof(struct in_addr)) - return 0; - memset(&ap->s_in, 0, sizeof(ap->s_in)); - ap->s_in.sin_family = family; - ap->s_in.sin_port = port; - ap->s_in.sin_addr = *(struct in_addr *)where; - return 1; - } -#ifdef AF_INET6 - if (family == AF_INET6) { - if (wherelen != sizeof(struct in6_addr)) - return 0; - memset(&ap->s_in6, 0, sizeof(ap->s_in6)); - ap->s_in6.sin6_family = family; - ap->s_in6.sin6_port = port; - ap->s_in6.sin6_addr = *(struct in6_addr *)where; - return 1; - } -#endif - - return 0; -} - -int BIO_ADDR_family(const BIO_ADDR *ap) -{ - return ap->sa.sa_family; -} - -int BIO_ADDR_rawaddress(const BIO_ADDR *ap, void *p, size_t *l) -{ - size_t len = 0; - const void *addrptr = NULL; - - if (ap->sa.sa_family == AF_INET) { - len = sizeof(ap->s_in.sin_addr); - addrptr = &ap->s_in.sin_addr; - } -#ifdef AF_INET6 - else if (ap->sa.sa_family == AF_INET6) { - len = sizeof(ap->s_in6.sin6_addr); - addrptr = &ap->s_in6.sin6_addr; - } -#endif -#ifdef AF_UNIX - else if (ap->sa.sa_family == AF_UNIX) { - len = strlen(ap->s_un.sun_path); - addrptr = &ap->s_un.sun_path; - } -#endif - - if (addrptr == NULL) - return 0; - - if (p != NULL) { - memcpy(p, addrptr, len); - } - if (l != NULL) - *l = len; - - return 1; -} - -unsigned short BIO_ADDR_rawport(const BIO_ADDR *ap) -{ - if (ap->sa.sa_family == AF_INET) - return ap->s_in.sin_port; -#ifdef AF_INET6 - if (ap->sa.sa_family == AF_INET6) - return ap->s_in6.sin6_port; -#endif - return 0; -} - -/*- - * addr_strings - helper function to get host and service names - * @ap: the BIO_ADDR that has the input info - * @numeric: 0 if actual names should be returned, 1 if the numeric - * representation should be returned. - * @hostname: a pointer to a pointer to a memory area to store the - * host name or numeric representation. Unused if NULL. - * @service: a pointer to a pointer to a memory area to store the - * service name or numeric representation. Unused if NULL. - * - * The return value is 0 on failure, with the error code in the error - * stack, and 1 on success. - */ -static int addr_strings(const BIO_ADDR *ap, int numeric, - char **hostname, char **service) -{ - if (BIO_sock_init() != 1) - return 0; - - if (1) { -#ifdef AI_PASSIVE - int ret = 0; - char host[NI_MAXHOST] = "", serv[NI_MAXSERV] = ""; - int flags = 0; - - if (numeric) - flags |= NI_NUMERICHOST | NI_NUMERICSERV; - - if ((ret = getnameinfo(BIO_ADDR_sockaddr(ap), - BIO_ADDR_sockaddr_size(ap), - host, sizeof(host), serv, sizeof(serv), - flags)) != 0) { -# ifdef EAI_SYSTEM - if (ret == EAI_SYSTEM) { - ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(), - "calling getnameinfo()"); - } else -# endif - { - ERR_raise_data(ERR_LIB_BIO, ERR_R_SYS_LIB, gai_strerror(ret)); - } - return 0; - } - - /* VMS getnameinfo() has a bug, it doesn't fill in serv, which - * leaves it with whatever garbage that happens to be there. - * However, we initialise serv with the empty string (serv[0] - * is therefore NUL), so it gets real easy to detect when things - * didn't go the way one might expect. - */ - if (serv[0] == '\0') { - BIO_snprintf(serv, sizeof(serv), "%d", - ntohs(BIO_ADDR_rawport(ap))); - } - - if (hostname != NULL) - *hostname = OPENSSL_strdup(host); - if (service != NULL) - *service = OPENSSL_strdup(serv); - } else { -#endif - if (hostname != NULL) - *hostname = OPENSSL_strdup(inet_ntoa(ap->s_in.sin_addr)); - if (service != NULL) { - char serv[6]; /* port is 16 bits => max 5 decimal digits */ - BIO_snprintf(serv, sizeof(serv), "%d", ntohs(ap->s_in.sin_port)); - *service = OPENSSL_strdup(serv); - } - } - - if ((hostname != NULL && *hostname == NULL) - || (service != NULL && *service == NULL)) { - if (hostname != NULL) { - OPENSSL_free(*hostname); - *hostname = NULL; - } - if (service != NULL) { - OPENSSL_free(*service); - *service = NULL; - } - ERR_raise(ERR_LIB_BIO, ERR_R_MALLOC_FAILURE); - return 0; - } - - return 1; -} - -char *BIO_ADDR_hostname_string(const BIO_ADDR *ap, int numeric) -{ - char *hostname = NULL; - - if (addr_strings(ap, numeric, &hostname, NULL)) - return hostname; - - return NULL; -} - -char *BIO_ADDR_service_string(const BIO_ADDR *ap, int numeric) -{ - char *service = NULL; - - if (addr_strings(ap, numeric, NULL, &service)) - return service; - - return NULL; -} - -char *BIO_ADDR_path_string(const BIO_ADDR *ap) -{ -#ifdef AF_UNIX - if (ap->sa.sa_family == AF_UNIX) - return OPENSSL_strdup(ap->s_un.sun_path); -#endif - return NULL; -} - -/* - * BIO_ADDR_sockaddr - non-public routine to return the struct sockaddr - * for a given BIO_ADDR. In reality, this is simply a type safe cast. - * The returned struct sockaddr is const, so it can't be tampered with. - */ -const struct sockaddr *BIO_ADDR_sockaddr(const BIO_ADDR *ap) -{ - return &(ap->sa); -} - -/* - * BIO_ADDR_sockaddr_noconst - non-public function that does the same - * as BIO_ADDR_sockaddr, but returns a non-const. USE WITH CARE, as - * it allows you to tamper with the data (and thereby the contents - * of the input BIO_ADDR). - */ -struct sockaddr *BIO_ADDR_sockaddr_noconst(BIO_ADDR *ap) -{ - return &(ap->sa); -} - -/* - * BIO_ADDR_sockaddr_size - non-public function that returns the size - * of the struct sockaddr the BIO_ADDR is using. If the protocol family - * isn't set or is something other than AF_INET, AF_INET6 or AF_UNIX, - * the size of the BIO_ADDR type is returned. - */ -socklen_t BIO_ADDR_sockaddr_size(const BIO_ADDR *ap) -{ - if (ap->sa.sa_family == AF_INET) - return sizeof(ap->s_in); -#ifdef AF_INET6 - if (ap->sa.sa_family == AF_INET6) - return sizeof(ap->s_in6); -#endif -#ifdef AF_UNIX - if (ap->sa.sa_family == AF_UNIX) - return sizeof(ap->s_un); -#endif - return sizeof(*ap); -} - -/********************************************************************** - * - * Address info database - * - */ - -const BIO_ADDRINFO *BIO_ADDRINFO_next(const BIO_ADDRINFO *bai) -{ - if (bai != NULL) - return bai->bai_next; - return NULL; -} - -int BIO_ADDRINFO_family(const BIO_ADDRINFO *bai) -{ - if (bai != NULL) - return bai->bai_family; - return 0; -} - -int BIO_ADDRINFO_socktype(const BIO_ADDRINFO *bai) -{ - if (bai != NULL) - return bai->bai_socktype; - return 0; -} - -int BIO_ADDRINFO_protocol(const BIO_ADDRINFO *bai) -{ - if (bai != NULL) { - if (bai->bai_protocol != 0) - return bai->bai_protocol; - -#ifdef AF_UNIX - if (bai->bai_family == AF_UNIX) - return 0; -#endif - - switch (bai->bai_socktype) { - case SOCK_STREAM: - return IPPROTO_TCP; - case SOCK_DGRAM: - return IPPROTO_UDP; - default: - break; - } - } - return 0; -} - -/* - * BIO_ADDRINFO_sockaddr_size - non-public function that returns the size - * of the struct sockaddr inside the BIO_ADDRINFO. - */ -socklen_t BIO_ADDRINFO_sockaddr_size(const BIO_ADDRINFO *bai) -{ - if (bai != NULL) - return bai->bai_addrlen; - return 0; -} - -/* - * BIO_ADDRINFO_sockaddr - non-public function that returns bai_addr - * as the struct sockaddr it is. - */ -const struct sockaddr *BIO_ADDRINFO_sockaddr(const BIO_ADDRINFO *bai) -{ - if (bai != NULL) - return bai->bai_addr; - return NULL; -} - -const BIO_ADDR *BIO_ADDRINFO_address(const BIO_ADDRINFO *bai) -{ - if (bai != NULL) - return (BIO_ADDR *)bai->bai_addr; - return NULL; -} - -void BIO_ADDRINFO_free(BIO_ADDRINFO *bai) -{ - if (bai == NULL) - return; - -#ifdef AI_PASSIVE -# ifdef AF_UNIX -# define _cond bai->bai_family != AF_UNIX -# else -# define _cond 1 -# endif - if (_cond) { - freeaddrinfo(bai); - return; - } -#endif - - /* Free manually when we know that addrinfo_wrap() was used. - * See further comment above addrinfo_wrap() - */ - while (bai != NULL) { - BIO_ADDRINFO *next = bai->bai_next; - OPENSSL_free(bai->bai_addr); - OPENSSL_free(bai); - bai = next; - } -} - -/********************************************************************** - * - * Service functions - * - */ - -/*- - * The specs in hostserv can take these forms: - * - * host:service => *host = "host", *service = "service" - * host:* => *host = "host", *service = NULL - * host: => *host = "host", *service = NULL - * :service => *host = NULL, *service = "service" - * *:service => *host = NULL, *service = "service" - * - * in case no : is present in the string, the result depends on - * hostserv_prio, as follows: - * - * when hostserv_prio == BIO_PARSE_PRIO_HOST - * host => *host = "host", *service untouched - * - * when hostserv_prio == BIO_PARSE_PRIO_SERV - * service => *host untouched, *service = "service" - * - */ -int BIO_parse_hostserv(const char *hostserv, char **host, char **service, - enum BIO_hostserv_priorities hostserv_prio) -{ - const char *h = NULL; size_t hl = 0; - const char *p = NULL; size_t pl = 0; - - if (*hostserv == '[') { - if ((p = strchr(hostserv, ']')) == NULL) - goto spec_err; - h = hostserv + 1; - hl = p - h; - p++; - if (*p == '\0') - p = NULL; - else if (*p != ':') - goto spec_err; - else { - p++; - pl = strlen(p); - } - } else { - const char *p2 = strrchr(hostserv, ':'); - p = strchr(hostserv, ':'); - - /*- - * Check for more than one colon. There are three possible - * interpretations: - * 1. IPv6 address with port number, last colon being separator. - * 2. IPv6 address only. - * 3. IPv6 address only if hostserv_prio == BIO_PARSE_PRIO_HOST, - * IPv6 address and port number if hostserv_prio == BIO_PARSE_PRIO_SERV - * Because of this ambiguity, we currently choose to make it an - * error. - */ - if (p != p2) - goto amb_err; - - if (p != NULL) { - h = hostserv; - hl = p - h; - p++; - pl = strlen(p); - } else if (hostserv_prio == BIO_PARSE_PRIO_HOST) { - h = hostserv; - hl = strlen(h); - } else { - p = hostserv; - pl = strlen(p); - } - } - - if (p != NULL && strchr(p, ':')) - goto spec_err; - - if (h != NULL && host != NULL) { - if (hl == 0 - || (hl == 1 && h[0] == '*')) { - *host = NULL; - } else { - *host = OPENSSL_strndup(h, hl); - if (*host == NULL) - goto memerr; - } - } - if (p != NULL && service != NULL) { - if (pl == 0 - || (pl == 1 && p[0] == '*')) { - *service = NULL; - } else { - *service = OPENSSL_strndup(p, pl); - if (*service == NULL) - goto memerr; - } - } - - return 1; - amb_err: - ERR_raise(ERR_LIB_BIO, BIO_R_AMBIGUOUS_HOST_OR_SERVICE); - return 0; - spec_err: - ERR_raise(ERR_LIB_BIO, BIO_R_MALFORMED_HOST_OR_SERVICE); - return 0; - memerr: - ERR_raise(ERR_LIB_BIO, ERR_R_MALLOC_FAILURE); - return 0; -} - -/* addrinfo_wrap is used to build our own addrinfo "chain". - * (it has only one entry, so calling it a chain may be a stretch) - * It should ONLY be called when getaddrinfo() and friends - * aren't available, OR when dealing with a non IP protocol - * family, such as AF_UNIX - * - * the return value is 1 on success, or 0 on failure, which - * only happens if a memory allocation error occurred. - */ -static int addrinfo_wrap(int family, int socktype, - const void *where, size_t wherelen, - unsigned short port, - BIO_ADDRINFO **bai) -{ - if ((*bai = OPENSSL_zalloc(sizeof(**bai))) == NULL) { - ERR_raise(ERR_LIB_BIO, ERR_R_MALLOC_FAILURE); - return 0; - } - - (*bai)->bai_family = family; - (*bai)->bai_socktype = socktype; - if (socktype == SOCK_STREAM) - (*bai)->bai_protocol = IPPROTO_TCP; - if (socktype == SOCK_DGRAM) - (*bai)->bai_protocol = IPPROTO_UDP; -#ifdef AF_UNIX - if (family == AF_UNIX) - (*bai)->bai_protocol = 0; -#endif - { - /* Magic: We know that BIO_ADDR_sockaddr_noconst is really - just an advanced cast of BIO_ADDR* to struct sockaddr * - by the power of union, so while it may seem that we're - creating a memory leak here, we are not. It will be - all right. */ - BIO_ADDR *addr = BIO_ADDR_new(); - if (addr != NULL) { - BIO_ADDR_rawmake(addr, family, where, wherelen, port); - (*bai)->bai_addr = BIO_ADDR_sockaddr_noconst(addr); - } - } - (*bai)->bai_next = NULL; - if ((*bai)->bai_addr == NULL) { - BIO_ADDRINFO_free(*bai); - *bai = NULL; - return 0; - } - return 1; -} - -DEFINE_RUN_ONCE_STATIC(do_bio_lookup_init) -{ - bio_lookup_lock = CRYPTO_THREAD_lock_new(); - return bio_lookup_lock != NULL; -} - -int BIO_lookup(const char *host, const char *service, - enum BIO_lookup_type lookup_type, - int family, int socktype, BIO_ADDRINFO **res) -{ - return BIO_lookup_ex(host, service, lookup_type, family, socktype, 0, res); -} - -/*- - * BIO_lookup_ex - look up the host and service you want to connect to. - * @host: the host (or node, in case family == AF_UNIX) you want to connect to. - * @service: the service you want to connect to. - * @lookup_type: declare intent with the result, client or server. - * @family: the address family you want to use. Use AF_UNSPEC for any, or - * AF_INET, AF_INET6 or AF_UNIX. - * @socktype: The socket type you want to use. Can be SOCK_STREAM, SOCK_DGRAM - * or 0 for all. - * @protocol: The protocol to use, e.g. IPPROTO_TCP or IPPROTO_UDP or 0 for all. - * Note that some platforms may not return IPPROTO_SCTP without - * explicitly requesting it (i.e. IPPROTO_SCTP may not be returned - * with 0 for the protocol) - * @res: Storage place for the resulting list of returned addresses - * - * This will do a lookup of the host and service that you want to connect to. - * It returns a linked list of different addresses you can try to connect to. - * - * When no longer needed you should call BIO_ADDRINFO_free() to free the result. - * - * The return value is 1 on success or 0 in case of error. - */ -int BIO_lookup_ex(const char *host, const char *service, int lookup_type, - int family, int socktype, int protocol, BIO_ADDRINFO **res) -{ - int ret = 0; /* Assume failure */ - - switch(family) { - case AF_INET: -#ifdef AF_INET6 - case AF_INET6: -#endif -#ifdef AF_UNIX - case AF_UNIX: -#endif -#ifdef AF_UNSPEC - case AF_UNSPEC: -#endif - break; - default: - ERR_raise(ERR_LIB_BIO, BIO_R_UNSUPPORTED_PROTOCOL_FAMILY); - return 0; - } - -#ifdef AF_UNIX - if (family == AF_UNIX) { - if (addrinfo_wrap(family, socktype, host, strlen(host), 0, res)) - return 1; - else - ERR_raise(ERR_LIB_BIO, ERR_R_MALLOC_FAILURE); - return 0; - } -#endif - - if (BIO_sock_init() != 1) - return 0; - - if (1) { -#ifdef AI_PASSIVE - int gai_ret = 0, old_ret = 0; - struct addrinfo hints; - - memset(&hints, 0, sizeof(hints)); - - hints.ai_family = family; - hints.ai_socktype = socktype; - hints.ai_protocol = protocol; -# ifdef AI_ADDRCONFIG -# ifdef AF_UNSPEC - if (host != NULL && family == AF_UNSPEC) -# endif - hints.ai_flags |= AI_ADDRCONFIG; -# endif - - if (lookup_type == BIO_LOOKUP_SERVER) - hints.ai_flags |= AI_PASSIVE; - - /* Note that |res| SHOULD be a 'struct addrinfo **' thanks to - * macro magic in bio_local.h - */ -# if defined(AI_ADDRCONFIG) && defined(AI_NUMERICHOST) - retry: -# endif - switch ((gai_ret = getaddrinfo(host, service, &hints, res))) { -# ifdef EAI_SYSTEM - case EAI_SYSTEM: - ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(), - "calling getaddrinfo()"); - ERR_raise(ERR_LIB_BIO, ERR_R_SYS_LIB); - break; -# endif -# ifdef EAI_MEMORY - case EAI_MEMORY: - ERR_raise(ERR_LIB_BIO, ERR_R_MALLOC_FAILURE); - break; -# endif - case 0: - ret = 1; /* Success */ - break; - default: -# if defined(AI_ADDRCONFIG) && defined(AI_NUMERICHOST) - if (hints.ai_flags & AI_ADDRCONFIG) { - hints.ai_flags &= ~AI_ADDRCONFIG; - hints.ai_flags |= AI_NUMERICHOST; - old_ret = gai_ret; - goto retry; - } -# endif - ERR_raise_data(ERR_LIB_BIO, ERR_R_SYS_LIB, - gai_strerror(old_ret ? old_ret : gai_ret)); - break; - } - } else { -#endif - const struct hostent *he; -/* - * Because struct hostent is defined for 32-bit pointers only with - * VMS C, we need to make sure that '&he_fallback_address' and - * '&he_fallback_addresses' are 32-bit pointers - */ -#if defined(OPENSSL_SYS_VMS) && defined(__DECC) -# pragma pointer_size save -# pragma pointer_size 32 -#endif - /* Windows doesn't seem to have in_addr_t */ -#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) - static uint32_t he_fallback_address; - static const char *he_fallback_addresses[] = - { (char *)&he_fallback_address, NULL }; -#else - static in_addr_t he_fallback_address; - static const char *he_fallback_addresses[] = - { (char *)&he_fallback_address, NULL }; -#endif - static const struct hostent he_fallback = - { NULL, NULL, AF_INET, sizeof(he_fallback_address), - (char **)&he_fallback_addresses }; -#if defined(OPENSSL_SYS_VMS) && defined(__DECC) -# pragma pointer_size restore -#endif - - struct servent *se; - /* Apparently, on WIN64, s_proto and s_port have traded places... */ -#ifdef _WIN64 - struct servent se_fallback = { NULL, NULL, NULL, 0 }; -#else - struct servent se_fallback = { NULL, NULL, 0, NULL }; -#endif - - if (!RUN_ONCE(&bio_lookup_init, do_bio_lookup_init)) { - ERR_raise(ERR_LIB_BIO, ERR_R_MALLOC_FAILURE); - ret = 0; - goto err; - } - - if (!CRYPTO_THREAD_write_lock(bio_lookup_lock)) { - ret = 0; - goto err; - } - he_fallback_address = INADDR_ANY; - if (host == NULL) { - he = &he_fallback; - switch(lookup_type) { - case BIO_LOOKUP_CLIENT: - he_fallback_address = INADDR_LOOPBACK; - break; - case BIO_LOOKUP_SERVER: - he_fallback_address = INADDR_ANY; - break; - default: - /* We forgot to handle a lookup type! */ - assert("We forgot to handle a lookup type!" == NULL); - ERR_raise(ERR_LIB_BIO, ERR_R_INTERNAL_ERROR); - ret = 0; - goto err; - } - } else { - he = gethostbyname(host); - - if (he == NULL) { -#ifndef OPENSSL_SYS_WINDOWS - /* - * This might be misleading, because h_errno is used as if - * it was errno. To minimize mixup add 1000. Underlying - * reason for this is that hstrerror is declared obsolete, - * not to mention that a) h_errno is not always guaranteed - * to be meaningless; b) hstrerror can reside in yet another - * library, linking for sake of hstrerror is an overkill; - * c) this path is not executed on contemporary systems - * anyway [above getaddrinfo/gai_strerror is]. We just let - * system administrator figure this out... - */ -# if defined(OPENSSL_SYS_VXWORKS) - /* h_errno doesn't exist on VxWorks */ - ERR_raise_data(ERR_LIB_SYS, 1000, - "calling gethostbyname()"); -# else - ERR_raise_data(ERR_LIB_SYS, 1000 + h_errno, - "calling gethostbyname()"); -# endif -#else - ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(), - "calling gethostbyname()"); -#endif - ret = 0; - goto err; - } - } - - if (service == NULL) { - se_fallback.s_port = 0; - se_fallback.s_proto = NULL; - se = &se_fallback; - } else { - char *endp = NULL; - long portnum = strtol(service, &endp, 10); - -/* - * Because struct servent is defined for 32-bit pointers only with - * VMS C, we need to make sure that 'proto' is a 32-bit pointer. - */ -#if defined(OPENSSL_SYS_VMS) && defined(__DECC) -# pragma pointer_size save -# pragma pointer_size 32 -#endif - char *proto = NULL; -#if defined(OPENSSL_SYS_VMS) && defined(__DECC) -# pragma pointer_size restore -#endif - - switch (socktype) { - case SOCK_STREAM: - proto = "tcp"; - break; - case SOCK_DGRAM: - proto = "udp"; - break; - } - - if (endp != service && *endp == '\0' - && portnum > 0 && portnum < 65536) { - se_fallback.s_port = htons((unsigned short)portnum); - se_fallback.s_proto = proto; - se = &se_fallback; - } else if (endp == service) { - se = getservbyname(service, proto); - - if (se == NULL) { - ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(), - "calling getservbyname()"); - goto err; - } - } else { - ERR_raise(ERR_LIB_BIO, BIO_R_MALFORMED_HOST_OR_SERVICE); - goto err; - } - } - - *res = NULL; - - { -/* - * Because hostent::h_addr_list is an array of 32-bit pointers with VMS C, - * we must make sure our iterator designates the same element type, hence - * the pointer size dance. - */ -#if defined(OPENSSL_SYS_VMS) && defined(__DECC) -# pragma pointer_size save -# pragma pointer_size 32 -#endif - char **addrlistp; -#if defined(OPENSSL_SYS_VMS) && defined(__DECC) -# pragma pointer_size restore -#endif - size_t addresses; - BIO_ADDRINFO *tmp_bai = NULL; - - /* The easiest way to create a linked list from an - array is to start from the back */ - for(addrlistp = he->h_addr_list; *addrlistp != NULL; - addrlistp++) - ; - - for(addresses = addrlistp - he->h_addr_list; - addrlistp--, addresses-- > 0; ) { - if (!addrinfo_wrap(he->h_addrtype, socktype, - *addrlistp, he->h_length, - se->s_port, &tmp_bai)) - goto addrinfo_malloc_err; - tmp_bai->bai_next = *res; - *res = tmp_bai; - continue; - addrinfo_malloc_err: - BIO_ADDRINFO_free(*res); - *res = NULL; - ERR_raise(ERR_LIB_BIO, ERR_R_MALLOC_FAILURE); - ret = 0; - goto err; - } - - ret = 1; - } - err: - CRYPTO_THREAD_unlock(bio_lookup_lock); - } - - return ret; -} - -#endif /* OPENSSL_NO_SOCK */ diff --git a/crypto/bio/bio_cb.c b/crypto/bio/bio_cb.c deleted file mode 100644 index 522a05369dc768717dbfbbf78e7e6dfade4f3e14..0000000000000000000000000000000000000000 --- a/crypto/bio/bio_cb.c +++ /dev/null @@ -1,114 +0,0 @@ -/* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#define OPENSSL_SUPPRESS_DEPRECATED - -#include -#include -#include -#include "bio_local.h" -#include "internal/cryptlib.h" -#include - -long BIO_debug_callback_ex(BIO *bio, int cmd, const char *argp, size_t len, - int argi, long argl, int ret, size_t *processed) -{ - BIO *b; - char buf[256]; - char *p; - int left; - size_t l = 0; - - if (processed != NULL) - l = *processed; - - left = BIO_snprintf(buf, sizeof(buf), "BIO[%p]: ", (void *)bio); - - /* Ignore errors and continue printing the other information. */ - if (left < 0) - left = 0; - p = buf + left; - left = sizeof(buf) - left; - - switch (cmd) { - case BIO_CB_FREE: - BIO_snprintf(p, left, "Free - %s\n", bio->method->name); - break; - case BIO_CB_READ: - if (bio->method->type & BIO_TYPE_DESCRIPTOR) - BIO_snprintf(p, left, "read(%d,%zu) - %s fd=%d\n", - bio->num, len, - bio->method->name, bio->num); - else - BIO_snprintf(p, left, "read(%d,%zu) - %s\n", - bio->num, len, bio->method->name); - break; - case BIO_CB_WRITE: - if (bio->method->type & BIO_TYPE_DESCRIPTOR) - BIO_snprintf(p, left, "write(%d,%zu) - %s fd=%d\n", - bio->num, len, - bio->method->name, bio->num); - else - BIO_snprintf(p, left, "write(%d,%zu) - %s\n", - bio->num, len, bio->method->name); - break; - case BIO_CB_PUTS: - BIO_snprintf(p, left, "puts() - %s\n", bio->method->name); - break; - case BIO_CB_GETS: - BIO_snprintf(p, left, "gets(%zu) - %s\n", len, - bio->method->name); - break; - case BIO_CB_CTRL: - BIO_snprintf(p, left, "ctrl(%d) - %s\n", argi, - bio->method->name); - break; - case BIO_CB_RETURN | BIO_CB_READ: - BIO_snprintf(p, left, "read return %d processed: %zu\n", ret, l); - break; - case BIO_CB_RETURN | BIO_CB_WRITE: - BIO_snprintf(p, left, "write return %d processed: %zu\n", ret, l); - break; - case BIO_CB_RETURN | BIO_CB_GETS: - BIO_snprintf(p, left, "gets return %d processed: %zu\n", ret, l); - break; - case BIO_CB_RETURN | BIO_CB_PUTS: - BIO_snprintf(p, left, "puts return %d processed: %zu\n", ret, l); - break; - case BIO_CB_RETURN | BIO_CB_CTRL: - BIO_snprintf(p, left, "ctrl return %d\n", ret); - break; - default: - BIO_snprintf(p, left, "bio callback - unknown type (%d)\n", cmd); - break; - } - - b = (BIO *)bio->cb_arg; - if (b != NULL) - BIO_write(b, buf, strlen(buf)); -#if !defined(OPENSSL_NO_STDIO) - else - fputs(buf, stderr); -#endif - return ret; -} - -#ifndef OPENSSL_NO_DEPRECATED_3_0 -long BIO_debug_callback(BIO *bio, int cmd, const char *argp, - int argi, long argl, long ret) -{ - size_t processed = 0; - - if (ret > 0) - processed = (size_t)ret; - BIO_debug_callback_ex(bio, cmd, argp, (size_t)argi, - argi, argl, ret > 0 ? 1 : (int)ret, &processed); - return ret; -} -#endif diff --git a/crypto/bio/bio_dump.c b/crypto/bio/bio_dump.c deleted file mode 100644 index c453da62688c6cf7efab531df38436d8194c7c7b..0000000000000000000000000000000000000000 --- a/crypto/bio/bio_dump.c +++ /dev/null @@ -1,153 +0,0 @@ -/* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * Stolen from tjh's ssl/ssl_trc.c stuff. - */ - -#include -#include "bio_local.h" - -#define DUMP_WIDTH 16 -#define DUMP_WIDTH_LESS_INDENT(i) (DUMP_WIDTH - ((i - (i > 6 ? 6 : i) + 3) / 4)) - -#define SPACE(buf, pos, n) (sizeof(buf) - (pos) > (n)) - -int BIO_dump_cb(int (*cb) (const void *data, size_t len, void *u), - void *u, const void *s, int len) -{ - return BIO_dump_indent_cb(cb, u, s, len, 0); -} - -int BIO_dump_indent_cb(int (*cb) (const void *data, size_t len, void *u), - void *u, const void *v, int len, int indent) -{ - const unsigned char *s = v; - int res, ret = 0; - char buf[288 + 1]; - int i, j, rows, n; - unsigned char ch; - int dump_width; - - if (indent < 0) - indent = 0; - else if (indent > 64) - indent = 64; - - dump_width = DUMP_WIDTH_LESS_INDENT(indent); - rows = len / dump_width; - if ((rows * dump_width) < len) - rows++; - for (i = 0; i < rows; i++) { - n = BIO_snprintf(buf, sizeof(buf), "%*s%04x - ", indent, "", - i * dump_width); - for (j = 0; j < dump_width; j++) { - if (SPACE(buf, n, 3)) { - if (((i * dump_width) + j) >= len) { - strcpy(buf + n, " "); - } else { - ch = *(s + i * dump_width + j) & 0xff; - BIO_snprintf(buf + n, 4, "%02x%c", ch, - j == 7 ? '-' : ' '); - } - n += 3; - } - } - if (SPACE(buf, n, 2)) { - strcpy(buf + n, " "); - n += 2; - } - for (j = 0; j < dump_width; j++) { - if (((i * dump_width) + j) >= len) - break; - if (SPACE(buf, n, 1)) { - ch = *(s + i * dump_width + j) & 0xff; -#ifndef CHARSET_EBCDIC - buf[n++] = ((ch >= ' ') && (ch <= '~')) ? ch : '.'; -#else - buf[n++] = ((ch >= os_toascii[' ']) && (ch <= os_toascii['~'])) - ? os_toebcdic[ch] - : '.'; -#endif - buf[n] = '\0'; - } - } - if (SPACE(buf, n, 1)) { - buf[n++] = '\n'; - buf[n] = '\0'; - } - /* - * if this is the last call then update the ddt_dump thing so that we - * will move the selection point in the debug window - */ - res = cb((void *)buf, n, u); - if (res < 0) - return res; - ret += res; - } - return ret; -} - -#ifndef OPENSSL_NO_STDIO -static int write_fp(const void *data, size_t len, void *fp) -{ - return UP_fwrite(data, len, 1, fp); -} - -int BIO_dump_fp(FILE *fp, const void *s, int len) -{ - return BIO_dump_cb(write_fp, fp, s, len); -} - -int BIO_dump_indent_fp(FILE *fp, const void *s, int len, int indent) -{ - return BIO_dump_indent_cb(write_fp, fp, s, len, indent); -} -#endif - -static int write_bio(const void *data, size_t len, void *bp) -{ - return BIO_write((BIO *)bp, (const char *)data, len); -} - -int BIO_dump(BIO *bp, const void *s, int len) -{ - return BIO_dump_cb(write_bio, bp, s, len); -} - -int BIO_dump_indent(BIO *bp, const void *s, int len, int indent) -{ - return BIO_dump_indent_cb(write_bio, bp, s, len, indent); -} - -int BIO_hex_string(BIO *out, int indent, int width, const void *data, - int datalen) -{ - const unsigned char *d = data; - int i, j = 0; - - if (datalen < 1) - return 1; - - for (i = 0; i < datalen - 1; i++) { - if (i && !j) - BIO_printf(out, "%*s", indent, ""); - - BIO_printf(out, "%02X:", d[i]); - - j = (j + 1) % width; - if (!j) - BIO_printf(out, "\n"); - } - - if (i && !j) - BIO_printf(out, "%*s", indent, ""); - BIO_printf(out, "%02X", d[datalen - 1]); - return 1; -} diff --git a/crypto/bio/bio_err.c b/crypto/bio/bio_err.c deleted file mode 100644 index 7a36c61148a7fc12f891f8f751ca0c2c2811040e..0000000000000000000000000000000000000000 --- a/crypto/bio/bio_err.c +++ /dev/null @@ -1,86 +0,0 @@ -/* - * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include "crypto/bioerr.h" - -#ifndef OPENSSL_NO_ERR - -static const ERR_STRING_DATA BIO_str_reasons[] = { - {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_ACCEPT_ERROR), "accept error"}, - {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_ADDRINFO_ADDR_IS_NOT_AF_INET), - "addrinfo addr is not af inet"}, - {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_AMBIGUOUS_HOST_OR_SERVICE), - "ambiguous host or service"}, - {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_BAD_FOPEN_MODE), "bad fopen mode"}, - {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_BROKEN_PIPE), "broken pipe"}, - {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_CONNECT_ERROR), "connect error"}, - {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_CONNECT_TIMEOUT), "connect timeout"}, - {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET), - "gethostbyname addr is not af inet"}, - {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_GETSOCKNAME_ERROR), "getsockname error"}, - {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_GETSOCKNAME_TRUNCATED_ADDRESS), - "getsockname truncated address"}, - {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_GETTING_SOCKTYPE), "getting socktype"}, - {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_INVALID_ARGUMENT), "invalid argument"}, - {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_INVALID_SOCKET), "invalid socket"}, - {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_IN_USE), "in use"}, - {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_LENGTH_TOO_LONG), "length too long"}, - {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_LISTEN_V6_ONLY), "listen v6 only"}, - {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_LOOKUP_RETURNED_NOTHING), - "lookup returned nothing"}, - {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_MALFORMED_HOST_OR_SERVICE), - "malformed host or service"}, - {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_NBIO_CONNECT_ERROR), "nbio connect error"}, - {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_NO_ACCEPT_ADDR_OR_SERVICE_SPECIFIED), - "no accept addr or service specified"}, - {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_NO_HOSTNAME_OR_SERVICE_SPECIFIED), - "no hostname or service specified"}, - {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_NO_PORT_DEFINED), "no port defined"}, - {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_NO_SUCH_FILE), "no such file"}, - {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_TRANSFER_ERROR), "transfer error"}, - {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_TRANSFER_TIMEOUT), "transfer timeout"}, - {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_UNABLE_TO_BIND_SOCKET), - "unable to bind socket"}, - {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_UNABLE_TO_CREATE_SOCKET), - "unable to create socket"}, - {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_UNABLE_TO_KEEPALIVE), - "unable to keepalive"}, - {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_UNABLE_TO_LISTEN_SOCKET), - "unable to listen socket"}, - {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_UNABLE_TO_NODELAY), "unable to nodelay"}, - {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_UNABLE_TO_REUSEADDR), - "unable to reuseaddr"}, - {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_UNAVAILABLE_IP_FAMILY), - "unavailable ip family"}, - {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_UNINITIALIZED), "uninitialized"}, - {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_UNKNOWN_INFO_TYPE), "unknown info type"}, - {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_UNSUPPORTED_IP_FAMILY), - "unsupported ip family"}, - {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_UNSUPPORTED_METHOD), "unsupported method"}, - {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_UNSUPPORTED_PROTOCOL_FAMILY), - "unsupported protocol family"}, - {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_WRITE_TO_READ_ONLY_BIO), - "write to read only BIO"}, - {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_WSASTARTUP), "WSAStartup"}, - {0, NULL} -}; - -#endif - -int ossl_err_load_BIO_strings(void) -{ -#ifndef OPENSSL_NO_ERR - if (ERR_reason_error_string(BIO_str_reasons[0].error) == NULL) - ERR_load_strings_const(BIO_str_reasons); -#endif - return 1; -} diff --git a/crypto/bio/bio_lib.c b/crypto/bio/bio_lib.c deleted file mode 100644 index ecc16a5ee36aabe5f2faec5504e43a87677166c8..0000000000000000000000000000000000000000 --- a/crypto/bio/bio_lib.c +++ /dev/null @@ -1,982 +0,0 @@ -/* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#define OPENSSL_SUPPRESS_DEPRECATED - -#include -#include -#include -#include "internal/numbers.h" -#include "bio_local.h" - -/* - * Helper macro for the callback to determine whether an operator expects a - * len parameter or not - */ -#define HAS_LEN_OPER(o) ((o) == BIO_CB_READ || (o) == BIO_CB_WRITE \ - || (o) == BIO_CB_GETS) - -#ifndef OPENSSL_NO_DEPRECATED_3_0 -# define HAS_CALLBACK(b) ((b)->callback != NULL || (b)->callback_ex != NULL) -#else -# define HAS_CALLBACK(b) ((b)->callback_ex != NULL) -#endif -/* - * Helper function to work out whether to call the new style callback or the old - * one, and translate between the two. - * - * This has a long return type for consistency with the old callback. Similarly - * for the "long" used for "inret" - */ -static long bio_call_callback(BIO *b, int oper, const char *argp, size_t len, - int argi, long argl, long inret, - size_t *processed) -{ - long ret = inret; -#ifndef OPENSSL_NO_DEPRECATED_3_0 - int bareoper; - - if (b->callback_ex != NULL) -#endif - return b->callback_ex(b, oper, argp, len, argi, argl, inret, processed); - -#ifndef OPENSSL_NO_DEPRECATED_3_0 - /* Strip off any BIO_CB_RETURN flag */ - bareoper = oper & ~BIO_CB_RETURN; - - /* - * We have an old style callback, so we will have to do nasty casts and - * check for overflows. - */ - if (HAS_LEN_OPER(bareoper)) { - /* In this case |len| is set, and should be used instead of |argi| */ - if (len > INT_MAX) - return -1; - - argi = (int)len; - } - - if (inret > 0 && (oper & BIO_CB_RETURN) && bareoper != BIO_CB_CTRL) { - if (*processed > INT_MAX) - return -1; - inret = *processed; - } - - ret = b->callback(b, oper, argp, argi, argl, inret); - - if (ret > 0 && (oper & BIO_CB_RETURN) && bareoper != BIO_CB_CTRL) { - *processed = (size_t)ret; - ret = 1; - } -#endif - return ret; -} - -BIO *BIO_new_ex(OSSL_LIB_CTX *libctx, const BIO_METHOD *method) -{ - BIO *bio = OPENSSL_zalloc(sizeof(*bio)); - - if (bio == NULL) { - ERR_raise(ERR_LIB_BIO, ERR_R_MALLOC_FAILURE); - return NULL; - } - - bio->libctx = libctx; - bio->method = method; - bio->shutdown = 1; - bio->references = 1; - - if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_BIO, bio, &bio->ex_data)) - goto err; - - bio->lock = CRYPTO_THREAD_lock_new(); - if (bio->lock == NULL) { - ERR_raise(ERR_LIB_BIO, ERR_R_MALLOC_FAILURE); - CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, bio, &bio->ex_data); - goto err; - } - - if (method->create != NULL && !method->create(bio)) { - ERR_raise(ERR_LIB_BIO, ERR_R_INIT_FAIL); - CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, bio, &bio->ex_data); - CRYPTO_THREAD_lock_free(bio->lock); - goto err; - } - if (method->create == NULL) - bio->init = 1; - - return bio; - -err: - OPENSSL_free(bio); - return NULL; -} - -BIO *BIO_new(const BIO_METHOD *method) -{ - return BIO_new_ex(NULL, method); -} - -int BIO_free(BIO *a) -{ - int ret; - - if (a == NULL) - return 0; - - if (CRYPTO_DOWN_REF(&a->references, &ret, a->lock) <= 0) - return 0; - - REF_PRINT_COUNT("BIO", a); - if (ret > 0) - return 1; - REF_ASSERT_ISNT(ret < 0); - - if (HAS_CALLBACK(a)) { - ret = (int)bio_call_callback(a, BIO_CB_FREE, NULL, 0, 0, 0L, 1L, NULL); - if (ret <= 0) - return 0; - } - - if ((a->method != NULL) && (a->method->destroy != NULL)) - a->method->destroy(a); - - CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, a, &a->ex_data); - - CRYPTO_THREAD_lock_free(a->lock); - - OPENSSL_free(a); - - return 1; -} - -void BIO_set_data(BIO *a, void *ptr) -{ - a->ptr = ptr; -} - -void *BIO_get_data(BIO *a) -{ - return a->ptr; -} - -void BIO_set_init(BIO *a, int init) -{ - a->init = init; -} - -int BIO_get_init(BIO *a) -{ - return a->init; -} - -void BIO_set_shutdown(BIO *a, int shut) -{ - a->shutdown = shut; -} - -int BIO_get_shutdown(BIO *a) -{ - return a->shutdown; -} - -void BIO_vfree(BIO *a) -{ - BIO_free(a); -} - -int BIO_up_ref(BIO *a) -{ - int i; - - if (CRYPTO_UP_REF(&a->references, &i, a->lock) <= 0) - return 0; - - REF_PRINT_COUNT("BIO", a); - REF_ASSERT_ISNT(i < 2); - return i > 1; -} - -void BIO_clear_flags(BIO *b, int flags) -{ - b->flags &= ~flags; -} - -int BIO_test_flags(const BIO *b, int flags) -{ - return (b->flags & flags); -} - -void BIO_set_flags(BIO *b, int flags) -{ - b->flags |= flags; -} - -#ifndef OPENSSL_NO_DEPRECATED_3_0 -BIO_callback_fn BIO_get_callback(const BIO *b) -{ - return b->callback; -} - -void BIO_set_callback(BIO *b, BIO_callback_fn cb) -{ - b->callback = cb; -} -#endif - -BIO_callback_fn_ex BIO_get_callback_ex(const BIO *b) -{ - return b->callback_ex; -} - -void BIO_set_callback_ex(BIO *b, BIO_callback_fn_ex cb) -{ - b->callback_ex = cb; -} - -void BIO_set_callback_arg(BIO *b, char *arg) -{ - b->cb_arg = arg; -} - -char *BIO_get_callback_arg(const BIO *b) -{ - return b->cb_arg; -} - -const char *BIO_method_name(const BIO *b) -{ - return b->method->name; -} - -int BIO_method_type(const BIO *b) -{ - return b->method->type; -} - -/* - * This is essentially the same as BIO_read_ex() except that it allows - * 0 or a negative value to indicate failure (retryable or not) in the return. - * This is for compatibility with the old style BIO_read(), where existing code - * may make assumptions about the return value that it might get. - */ -static int bio_read_intern(BIO *b, void *data, size_t dlen, size_t *readbytes) -{ - int ret; - - if (b == NULL) { - ERR_raise(ERR_LIB_BIO, ERR_R_PASSED_NULL_PARAMETER); - return -1; - } - if (b->method == NULL || b->method->bread == NULL) { - ERR_raise(ERR_LIB_BIO, BIO_R_UNSUPPORTED_METHOD); - return -2; - } - - if (HAS_CALLBACK(b) && - ((ret = (int)bio_call_callback(b, BIO_CB_READ, data, dlen, 0, 0L, 1L, - NULL)) <= 0)) - return ret; - - if (!b->init) { - ERR_raise(ERR_LIB_BIO, BIO_R_UNINITIALIZED); - return -1; - } - - ret = b->method->bread(b, data, dlen, readbytes); - - if (ret > 0) - b->num_read += (uint64_t)*readbytes; - - if (HAS_CALLBACK(b)) - ret = (int)bio_call_callback(b, BIO_CB_READ | BIO_CB_RETURN, data, - dlen, 0, 0L, ret, readbytes); - - /* Shouldn't happen */ - if (ret > 0 && *readbytes > dlen) { - ERR_raise(ERR_LIB_BIO, ERR_R_INTERNAL_ERROR); - return -1; - } - - return ret; -} - -int BIO_read(BIO *b, void *data, int dlen) -{ - size_t readbytes; - int ret; - - if (dlen < 0) - return 0; - - ret = bio_read_intern(b, data, (size_t)dlen, &readbytes); - - if (ret > 0) { - /* *readbytes should always be <= dlen */ - ret = (int)readbytes; - } - - return ret; -} - -int BIO_read_ex(BIO *b, void *data, size_t dlen, size_t *readbytes) -{ - return bio_read_intern(b, data, dlen, readbytes) > 0; -} - -static int bio_write_intern(BIO *b, const void *data, size_t dlen, - size_t *written) -{ - size_t local_written; - int ret; - - if (written != NULL) - *written = 0; - /* - * b == NULL is not an error but just means that zero bytes are written. - * Do not raise an error here. - */ - if (b == NULL) - return 0; - - if (b->method == NULL || b->method->bwrite == NULL) { - ERR_raise(ERR_LIB_BIO, BIO_R_UNSUPPORTED_METHOD); - return -2; - } - - if (HAS_CALLBACK(b) && - ((ret = (int)bio_call_callback(b, BIO_CB_WRITE, data, dlen, 0, 0L, 1L, - NULL)) <= 0)) - return ret; - - if (!b->init) { - ERR_raise(ERR_LIB_BIO, BIO_R_UNINITIALIZED); - return -1; - } - - ret = b->method->bwrite(b, data, dlen, &local_written); - - if (ret > 0) - b->num_write += (uint64_t)local_written; - - if (HAS_CALLBACK(b)) - ret = (int)bio_call_callback(b, BIO_CB_WRITE | BIO_CB_RETURN, data, - dlen, 0, 0L, ret, &local_written); - - if (written != NULL) - *written = local_written; - return ret; -} - -int BIO_write(BIO *b, const void *data, int dlen) -{ - size_t written; - int ret; - - if (dlen <= 0) - return 0; - - ret = bio_write_intern(b, data, (size_t)dlen, &written); - - if (ret > 0) { - /* written should always be <= dlen */ - ret = (int)written; - } - - return ret; -} - -int BIO_write_ex(BIO *b, const void *data, size_t dlen, size_t *written) -{ - return bio_write_intern(b, data, dlen, written) > 0 - || (b != NULL && dlen == 0); /* order is important for *written */ -} - -int BIO_puts(BIO *b, const char *buf) -{ - int ret; - size_t written = 0; - - if (b == NULL) { - ERR_raise(ERR_LIB_BIO, ERR_R_PASSED_NULL_PARAMETER); - return -1; - } - if (b->method == NULL || b->method->bputs == NULL) { - ERR_raise(ERR_LIB_BIO, BIO_R_UNSUPPORTED_METHOD); - return -2; - } - - if (HAS_CALLBACK(b)) { - ret = (int)bio_call_callback(b, BIO_CB_PUTS, buf, 0, 0, 0L, 1L, NULL); - if (ret <= 0) - return ret; - } - - if (!b->init) { - ERR_raise(ERR_LIB_BIO, BIO_R_UNINITIALIZED); - return -1; - } - - ret = b->method->bputs(b, buf); - - if (ret > 0) { - b->num_write += (uint64_t)ret; - written = ret; - ret = 1; - } - - if (HAS_CALLBACK(b)) - ret = (int)bio_call_callback(b, BIO_CB_PUTS | BIO_CB_RETURN, buf, 0, 0, - 0L, ret, &written); - - if (ret > 0) { - if (written > INT_MAX) { - ERR_raise(ERR_LIB_BIO, BIO_R_LENGTH_TOO_LONG); - ret = -1; - } else { - ret = (int)written; - } - } - - return ret; -} - -int BIO_gets(BIO *b, char *buf, int size) -{ - int ret; - size_t readbytes = 0; - - if (b == NULL) { - ERR_raise(ERR_LIB_BIO, ERR_R_PASSED_NULL_PARAMETER); - return -1; - } - if (b->method == NULL || b->method->bgets == NULL) { - ERR_raise(ERR_LIB_BIO, BIO_R_UNSUPPORTED_METHOD); - return -2; - } - - if (size < 0) { - ERR_raise(ERR_LIB_BIO, BIO_R_INVALID_ARGUMENT); - return -1; - } - - if (HAS_CALLBACK(b)) { - ret = (int)bio_call_callback(b, BIO_CB_GETS, buf, size, 0, 0L, 1, NULL); - if (ret <= 0) - return ret; - } - - if (!b->init) { - ERR_raise(ERR_LIB_BIO, BIO_R_UNINITIALIZED); - return -1; - } - - ret = b->method->bgets(b, buf, size); - - if (ret > 0) { - readbytes = ret; - ret = 1; - } - - if (HAS_CALLBACK(b)) - ret = (int)bio_call_callback(b, BIO_CB_GETS | BIO_CB_RETURN, buf, size, - 0, 0L, ret, &readbytes); - - if (ret > 0) { - /* Shouldn't happen */ - if (readbytes > (size_t)size) - ret = -1; - else - ret = (int)readbytes; - } - - return ret; -} - -int BIO_get_line(BIO *bio, char *buf, int size) -{ - int ret = 0; - char *ptr = buf; - - if (buf == NULL) { - ERR_raise(ERR_LIB_BIO, ERR_R_PASSED_NULL_PARAMETER); - return -1; - } - if (size <= 0) { - ERR_raise(ERR_LIB_BIO, BIO_R_INVALID_ARGUMENT); - return -1; - } - *buf = '\0'; - - if (bio == NULL) { - ERR_raise(ERR_LIB_BIO, ERR_R_PASSED_NULL_PARAMETER); - return -1; - } - if (!bio->init) { - ERR_raise(ERR_LIB_BIO, BIO_R_UNINITIALIZED); - return -1; - } - - while (size-- > 1 && (ret = BIO_read(bio, ptr, 1)) > 0) - if (*ptr++ == '\n') - break; - *ptr = '\0'; - return ret > 0 || BIO_eof(bio) ? ptr - buf : ret; -} - -int BIO_indent(BIO *b, int indent, int max) -{ - if (indent < 0) - indent = 0; - if (indent > max) - indent = max; - while (indent--) - if (BIO_puts(b, " ") != 1) - return 0; - return 1; -} - -long BIO_int_ctrl(BIO *b, int cmd, long larg, int iarg) -{ - int i; - - i = iarg; - return BIO_ctrl(b, cmd, larg, (char *)&i); -} - -void *BIO_ptr_ctrl(BIO *b, int cmd, long larg) -{ - void *p = NULL; - - if (BIO_ctrl(b, cmd, larg, (char *)&p) <= 0) - return NULL; - else - return p; -} - -long BIO_ctrl(BIO *b, int cmd, long larg, void *parg) -{ - long ret; - - if (b == NULL) - return -1; - if (b->method == NULL || b->method->ctrl == NULL) { - ERR_raise(ERR_LIB_BIO, BIO_R_UNSUPPORTED_METHOD); - return -2; - } - - if (HAS_CALLBACK(b)) { - ret = bio_call_callback(b, BIO_CB_CTRL, parg, 0, cmd, larg, 1L, NULL); - if (ret <= 0) - return ret; - } - - ret = b->method->ctrl(b, cmd, larg, parg); - - if (HAS_CALLBACK(b)) - ret = bio_call_callback(b, BIO_CB_CTRL | BIO_CB_RETURN, parg, 0, cmd, - larg, ret, NULL); - - return ret; -} - -long BIO_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp) -{ - long ret; - - if (b == NULL) - return -2; - if (b->method == NULL || b->method->callback_ctrl == NULL - || cmd != BIO_CTRL_SET_CALLBACK) { - ERR_raise(ERR_LIB_BIO, BIO_R_UNSUPPORTED_METHOD); - return -2; - } - - if (HAS_CALLBACK(b)) { - ret = bio_call_callback(b, BIO_CB_CTRL, (void *)&fp, 0, cmd, 0, 1L, - NULL); - if (ret <= 0) - return ret; - } - - ret = b->method->callback_ctrl(b, cmd, fp); - - if (HAS_CALLBACK(b)) - ret = bio_call_callback(b, BIO_CB_CTRL | BIO_CB_RETURN, (void *)&fp, 0, - cmd, 0, ret, NULL); - - return ret; -} - -/* - * It is unfortunate to duplicate in functions what the BIO_(w)pending macros - * do; but those macros have inappropriate return type, and for interfacing - * from other programming languages, C macros aren't much of a help anyway. - */ -size_t BIO_ctrl_pending(BIO *bio) -{ - long ret = BIO_ctrl(bio, BIO_CTRL_PENDING, 0, NULL); - - if (ret < 0) - ret = 0; -#if LONG_MAX > SIZE_MAX - if (ret > SIZE_MAX) - ret = SIZE_MAX; -#endif - return (size_t)ret; -} - -size_t BIO_ctrl_wpending(BIO *bio) -{ - long ret = BIO_ctrl(bio, BIO_CTRL_WPENDING, 0, NULL); - - if (ret < 0) - ret = 0; -#if LONG_MAX > SIZE_MAX - if (ret > SIZE_MAX) - ret = SIZE_MAX; -#endif - return (size_t)ret; -} - -/* put the 'bio' on the end of b's list of operators */ -BIO *BIO_push(BIO *b, BIO *bio) -{ - BIO *lb; - - if (b == NULL) - return bio; - lb = b; - while (lb->next_bio != NULL) - lb = lb->next_bio; - lb->next_bio = bio; - if (bio != NULL) - bio->prev_bio = lb; - /* called to do internal processing */ - BIO_ctrl(b, BIO_CTRL_PUSH, 0, lb); - return b; -} - -/* Remove the first and return the rest */ -BIO *BIO_pop(BIO *b) -{ - BIO *ret; - - if (b == NULL) - return NULL; - ret = b->next_bio; - - BIO_ctrl(b, BIO_CTRL_POP, 0, b); - - if (b->prev_bio != NULL) - b->prev_bio->next_bio = b->next_bio; - if (b->next_bio != NULL) - b->next_bio->prev_bio = b->prev_bio; - - b->next_bio = NULL; - b->prev_bio = NULL; - return ret; -} - -BIO *BIO_get_retry_BIO(BIO *bio, int *reason) -{ - BIO *b, *last; - - b = last = bio; - for (;;) { - if (!BIO_should_retry(b)) - break; - last = b; - b = b->next_bio; - if (b == NULL) - break; - } - if (reason != NULL) - *reason = last->retry_reason; - return last; -} - -int BIO_get_retry_reason(BIO *bio) -{ - return bio->retry_reason; -} - -void BIO_set_retry_reason(BIO *bio, int reason) -{ - bio->retry_reason = reason; -} - -BIO *BIO_find_type(BIO *bio, int type) -{ - int mt, mask; - - if (bio == NULL) { - ERR_raise(ERR_LIB_BIO, ERR_R_PASSED_NULL_PARAMETER); - return NULL; - } - mask = type & 0xff; - do { - if (bio->method != NULL) { - mt = bio->method->type; - - if (!mask) { - if (mt & type) - return bio; - } else if (mt == type) { - return bio; - } - } - bio = bio->next_bio; - } while (bio != NULL); - return NULL; -} - -BIO *BIO_next(BIO *b) -{ - if (b == NULL) - return NULL; - return b->next_bio; -} - -void BIO_set_next(BIO *b, BIO *next) -{ - b->next_bio = next; -} - -void BIO_free_all(BIO *bio) -{ - BIO *b; - int ref; - - while (bio != NULL) { - b = bio; - ref = b->references; - bio = bio->next_bio; - BIO_free(b); - /* Since ref count > 1, don't free anyone else. */ - if (ref > 1) - break; - } -} - -BIO *BIO_dup_chain(BIO *in) -{ - BIO *ret = NULL, *eoc = NULL, *bio, *new_bio; - - for (bio = in; bio != NULL; bio = bio->next_bio) { - if ((new_bio = BIO_new(bio->method)) == NULL) - goto err; -#ifndef OPENSSL_NO_DEPRECATED_3_0 - new_bio->callback = bio->callback; -#endif - new_bio->callback_ex = bio->callback_ex; - new_bio->cb_arg = bio->cb_arg; - new_bio->init = bio->init; - new_bio->shutdown = bio->shutdown; - new_bio->flags = bio->flags; - - /* This will let SSL_s_sock() work with stdin/stdout */ - new_bio->num = bio->num; - - if (!BIO_dup_state(bio, (char *)new_bio)) { - BIO_free(new_bio); - goto err; - } - - /* copy app data */ - if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_BIO, &new_bio->ex_data, - &bio->ex_data)) { - BIO_free(new_bio); - goto err; - } - - if (ret == NULL) { - eoc = new_bio; - ret = eoc; - } else { - BIO_push(eoc, new_bio); - eoc = new_bio; - } - } - return ret; - err: - BIO_free_all(ret); - - return NULL; -} - -void BIO_copy_next_retry(BIO *b) -{ - BIO_set_flags(b, BIO_get_retry_flags(b->next_bio)); - b->retry_reason = b->next_bio->retry_reason; -} - -int BIO_set_ex_data(BIO *bio, int idx, void *data) -{ - return CRYPTO_set_ex_data(&(bio->ex_data), idx, data); -} - -void *BIO_get_ex_data(const BIO *bio, int idx) -{ - return CRYPTO_get_ex_data(&(bio->ex_data), idx); -} - -uint64_t BIO_number_read(BIO *bio) -{ - if (bio) - return bio->num_read; - return 0; -} - -uint64_t BIO_number_written(BIO *bio) -{ - if (bio) - return bio->num_write; - return 0; -} - -void bio_free_ex_data(BIO *bio) -{ - CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, bio, &bio->ex_data); -} - -void bio_cleanup(void) -{ -#ifndef OPENSSL_NO_SOCK - bio_sock_cleanup_int(); - CRYPTO_THREAD_lock_free(bio_lookup_lock); - bio_lookup_lock = NULL; -#endif - CRYPTO_THREAD_lock_free(bio_type_lock); - bio_type_lock = NULL; -} - -/* Internal variant of the below BIO_wait() not calling BIOerr() */ -static int bio_wait(BIO *bio, time_t max_time, unsigned int nap_milliseconds) -{ -#ifndef OPENSSL_NO_SOCK - int fd; -#endif - long sec_diff; - - if (max_time == 0) /* no timeout */ - return 1; - -#ifndef OPENSSL_NO_SOCK - if (BIO_get_fd(bio, &fd) > 0 && fd < FD_SETSIZE) - return BIO_socket_wait(fd, BIO_should_read(bio), max_time); -#endif - /* fall back to polling since no sockets are available */ - - sec_diff = (long)(max_time - time(NULL)); /* might overflow */ - if (sec_diff < 0) - return 0; /* clearly timeout */ - - /* now take a nap at most the given number of milliseconds */ - if (sec_diff == 0) { /* we are below the 1 seconds resolution of max_time */ - if (nap_milliseconds > 1000) - nap_milliseconds = 1000; - } else { /* for sec_diff > 0, take min(sec_diff * 1000, nap_milliseconds) */ - if ((unsigned long)sec_diff * 1000 < nap_milliseconds) - nap_milliseconds = (unsigned int)sec_diff * 1000; - } - ossl_sleep(nap_milliseconds); - return 1; -} - -/*- - * Wait on (typically socket-based) BIO at most until max_time. - * Succeed immediately if max_time == 0. - * If sockets are not available support polling: succeed after waiting at most - * the number of nap_milliseconds in order to avoid a tight busy loop. - * Call BIOerr(...) on timeout or error. - * Returns -1 on error, 0 on timeout, and 1 on success. - */ -int BIO_wait(BIO *bio, time_t max_time, unsigned int nap_milliseconds) -{ - int rv = bio_wait(bio, max_time, nap_milliseconds); - - if (rv <= 0) - ERR_raise(ERR_LIB_BIO, - rv == 0 ? BIO_R_TRANSFER_TIMEOUT : BIO_R_TRANSFER_ERROR); - return rv; -} - -/* - * Connect via given BIO using BIO_do_connect() until success/timeout/error. - * Parameter timeout == 0 means no timeout, < 0 means exactly one try. - * For non-blocking and potentially even non-socket BIOs perform polling with - * the given density: between polls sleep nap_milliseconds using BIO_wait() - * in order to avoid a tight busy loop. - * Returns -1 on error, 0 on timeout, and 1 on success. - */ -int BIO_do_connect_retry(BIO *bio, int timeout, int nap_milliseconds) -{ - int blocking = timeout <= 0; - time_t max_time = timeout > 0 ? time(NULL) + timeout : 0; - int rv; - - if (bio == NULL) { - ERR_raise(ERR_LIB_BIO, ERR_R_PASSED_NULL_PARAMETER); - return -1; - } - - if (nap_milliseconds < 0) - nap_milliseconds = 100; - BIO_set_nbio(bio, !blocking); - - retry: - ERR_set_mark(); - rv = BIO_do_connect(bio); - - if (rv <= 0) { /* could be timeout or retryable error or fatal error */ - int err = ERR_peek_last_error(); - int reason = ERR_GET_REASON(err); - int do_retry = BIO_should_retry(bio); /* may be 1 only if !blocking */ - - if (ERR_GET_LIB(err) == ERR_LIB_BIO) { - switch (reason) { - case ERR_R_SYS_LIB: - /* - * likely retryable system error occurred, which may be - * EAGAIN (resource temporarily unavailable) some 40 secs after - * calling getaddrinfo(): Temporary failure in name resolution - * or a premature ETIMEDOUT, some 30 seconds after connect() - */ - case BIO_R_CONNECT_ERROR: - case BIO_R_NBIO_CONNECT_ERROR: - /* some likely retryable connection error occurred */ - (void)BIO_reset(bio); /* often needed to avoid retry failure */ - do_retry = 1; - break; - default: - break; - } - } - if (timeout >= 0 && do_retry) { - ERR_pop_to_mark(); - /* will not actually wait if timeout == 0 (i.e., blocking BIO): */ - rv = bio_wait(bio, max_time, nap_milliseconds); - if (rv > 0) - goto retry; - ERR_raise(ERR_LIB_BIO, - rv == 0 ? BIO_R_CONNECT_TIMEOUT : BIO_R_CONNECT_ERROR); - } else { - ERR_clear_last_mark(); - rv = -1; - if (err == 0) /* missing error queue entry */ - /* workaround: general error */ - ERR_raise(ERR_LIB_BIO, BIO_R_CONNECT_ERROR); - } - } else { - ERR_clear_last_mark(); - } - - return rv; -} diff --git a/crypto/bio/bio_local.h b/crypto/bio/bio_local.h deleted file mode 100644 index 749e8f810c3027a75aca70a6a5a7de51277b4bb7..0000000000000000000000000000000000000000 --- a/crypto/bio/bio_local.h +++ /dev/null @@ -1,193 +0,0 @@ -/* - * Copyright 2005-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include "e_os.h" -#include "internal/sockets.h" - -/* BEGIN BIO_ADDRINFO/BIO_ADDR stuff. */ - -#ifndef OPENSSL_NO_SOCK -/* - * Throughout this file and b_addr.c, the existence of the macro - * AI_PASSIVE is used to detect the availability of struct addrinfo, - * getnameinfo() and getaddrinfo(). If that macro doesn't exist, - * we use our own implementation instead. - */ - -/* - * It's imperative that these macros get defined before openssl/bio.h gets - * included. Otherwise, the AI_PASSIVE hack will not work properly. - * For clarity, we check for internal/cryptlib.h since it's a common header - * that also includes bio.h. - */ -# ifdef OSSL_INTERNAL_CRYPTLIB_H -# error internal/cryptlib.h included before bio_local.h -# endif -# ifdef OPENSSL_BIO_H -# error openssl/bio.h included before bio_local.h -# endif - -/* - * Undefine AF_UNIX on systems that define it but don't support it. - */ -# if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_VMS) -# undef AF_UNIX -# endif - -# ifdef AI_PASSIVE - -/* - * There's a bug in VMS C header file netdb.h, where struct addrinfo - * always is the P32 variant, but the functions that handle that structure, - * such as getaddrinfo() and freeaddrinfo() adapt to the initial pointer - * size. The easiest workaround is to force struct addrinfo to be the - * 64-bit variant when compiling in P64 mode. - */ -# if defined(OPENSSL_SYS_VMS) && __INITIAL_POINTER_SIZE == 64 -# define addrinfo __addrinfo64 -# endif - -# define bio_addrinfo_st addrinfo -# define bai_family ai_family -# define bai_socktype ai_socktype -# define bai_protocol ai_protocol -# define bai_addrlen ai_addrlen -# define bai_addr ai_addr -# define bai_next ai_next -# else -struct bio_addrinfo_st { - int bai_family; - int bai_socktype; - int bai_protocol; - size_t bai_addrlen; - struct sockaddr *bai_addr; - struct bio_addrinfo_st *bai_next; -}; -# endif - -union bio_addr_st { - struct sockaddr sa; -# ifdef AF_INET6 - struct sockaddr_in6 s_in6; -# endif - struct sockaddr_in s_in; -# ifdef AF_UNIX - struct sockaddr_un s_un; -# endif -}; -#endif - -/* END BIO_ADDRINFO/BIO_ADDR stuff. */ - -#include "internal/cryptlib.h" -#include "internal/bio.h" -#include "internal/refcount.h" - -typedef struct bio_f_buffer_ctx_struct { - /*- - * Buffers are setup like this: - * - * <---------------------- size -----------------------> - * +---------------------------------------------------+ - * | consumed | remaining | free space | - * +---------------------------------------------------+ - * <-- off --><------- len -------> - */ - /*- BIO *bio; *//* - * this is now in the BIO struct - */ - int ibuf_size; /* how big is the input buffer */ - int obuf_size; /* how big is the output buffer */ - char *ibuf; /* the char array */ - int ibuf_len; /* how many bytes are in it */ - int ibuf_off; /* write/read offset */ - char *obuf; /* the char array */ - int obuf_len; /* how many bytes are in it */ - int obuf_off; /* write/read offset */ -} BIO_F_BUFFER_CTX; - -struct bio_st { - OSSL_LIB_CTX *libctx; - const BIO_METHOD *method; - /* bio, mode, argp, argi, argl, ret */ -#ifndef OPENSSL_NO_DEPRECATED_3_0 - BIO_callback_fn callback; -#endif - BIO_callback_fn_ex callback_ex; - char *cb_arg; /* first argument for the callback */ - int init; - int shutdown; - int flags; /* extra storage */ - int retry_reason; - int num; - void *ptr; - struct bio_st *next_bio; /* used by filter BIOs */ - struct bio_st *prev_bio; /* used by filter BIOs */ - CRYPTO_REF_COUNT references; - uint64_t num_read; - uint64_t num_write; - CRYPTO_EX_DATA ex_data; - CRYPTO_RWLOCK *lock; -}; - -#ifndef OPENSSL_NO_SOCK -# ifdef OPENSSL_SYS_VMS -typedef unsigned int socklen_t; -# endif - -extern CRYPTO_RWLOCK *bio_lookup_lock; - -int BIO_ADDR_make(BIO_ADDR *ap, const struct sockaddr *sa); -const struct sockaddr *BIO_ADDR_sockaddr(const BIO_ADDR *ap); -struct sockaddr *BIO_ADDR_sockaddr_noconst(BIO_ADDR *ap); -socklen_t BIO_ADDR_sockaddr_size(const BIO_ADDR *ap); -socklen_t BIO_ADDRINFO_sockaddr_size(const BIO_ADDRINFO *bai); -const struct sockaddr *BIO_ADDRINFO_sockaddr(const BIO_ADDRINFO *bai); -#endif - -extern CRYPTO_RWLOCK *bio_type_lock; - -void bio_sock_cleanup_int(void); - -#if BIO_FLAGS_UPLINK_INTERNAL==0 -/* Shortcut UPLINK calls on most platforms... */ -# define UP_stdin stdin -# define UP_stdout stdout -# define UP_stderr stderr -# define UP_fprintf fprintf -# define UP_fgets fgets -# define UP_fread fread -# define UP_fwrite fwrite -# undef UP_fsetmod -# define UP_feof feof -# define UP_fclose fclose - -# define UP_fopen fopen -# define UP_fseek fseek -# define UP_ftell ftell -# define UP_fflush fflush -# define UP_ferror ferror -# ifdef _WIN32 -# define UP_fileno _fileno -# define UP_open _open -# define UP_read _read -# define UP_write _write -# define UP_lseek _lseek -# define UP_close _close -# else -# define UP_fileno fileno -# define UP_open open -# define UP_read read -# define UP_write write -# define UP_lseek lseek -# define UP_close close -# endif - -#endif - diff --git a/crypto/bio/bio_meth.c b/crypto/bio/bio_meth.c deleted file mode 100644 index 469715ba09eb2df543d02d87ab9e1ffe74c64d21..0000000000000000000000000000000000000000 --- a/crypto/bio/bio_meth.c +++ /dev/null @@ -1,220 +0,0 @@ -/* - * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include "bio_local.h" -#include "internal/thread_once.h" - -CRYPTO_RWLOCK *bio_type_lock = NULL; -static CRYPTO_ONCE bio_type_init = CRYPTO_ONCE_STATIC_INIT; - -DEFINE_RUN_ONCE_STATIC(do_bio_type_init) -{ - bio_type_lock = CRYPTO_THREAD_lock_new(); - return bio_type_lock != NULL; -} - -int BIO_get_new_index(void) -{ - static CRYPTO_REF_COUNT bio_count = BIO_TYPE_START; - int newval; - - if (!RUN_ONCE(&bio_type_init, do_bio_type_init)) { - ERR_raise(ERR_LIB_BIO, ERR_R_MALLOC_FAILURE); - return -1; - } - if (!CRYPTO_UP_REF(&bio_count, &newval, bio_type_lock)) - return -1; - return newval; -} - -BIO_METHOD *BIO_meth_new(int type, const char *name) -{ - BIO_METHOD *biom = OPENSSL_zalloc(sizeof(BIO_METHOD)); - - if (biom == NULL - || (biom->name = OPENSSL_strdup(name)) == NULL) { - OPENSSL_free(biom); - ERR_raise(ERR_LIB_BIO, ERR_R_MALLOC_FAILURE); - return NULL; - } - biom->type = type; - return biom; -} - -void BIO_meth_free(BIO_METHOD *biom) -{ - if (biom != NULL) { - OPENSSL_free(biom->name); - OPENSSL_free(biom); - } -} - -int (*BIO_meth_get_write(const BIO_METHOD *biom)) (BIO *, const char *, int) -{ - return biom->bwrite_old; -} - -int (*BIO_meth_get_write_ex(const BIO_METHOD *biom)) (BIO *, const char *, size_t, - size_t *) -{ - return biom->bwrite; -} - -/* Conversion for old style bwrite to new style */ -int bwrite_conv(BIO *bio, const char *data, size_t datal, size_t *written) -{ - int ret; - - if (datal > INT_MAX) - datal = INT_MAX; - - ret = bio->method->bwrite_old(bio, data, (int)datal); - - if (ret <= 0) { - *written = 0; - return ret; - } - - *written = (size_t)ret; - - return 1; -} - -int BIO_meth_set_write(BIO_METHOD *biom, - int (*bwrite) (BIO *, const char *, int)) -{ - biom->bwrite_old = bwrite; - biom->bwrite = bwrite_conv; - return 1; -} - -int BIO_meth_set_write_ex(BIO_METHOD *biom, - int (*bwrite) (BIO *, const char *, size_t, size_t *)) -{ - biom->bwrite_old = NULL; - biom->bwrite = bwrite; - return 1; -} - -int (*BIO_meth_get_read(const BIO_METHOD *biom)) (BIO *, char *, int) -{ - return biom->bread_old; -} - -int (*BIO_meth_get_read_ex(const BIO_METHOD *biom)) (BIO *, char *, size_t, size_t *) -{ - return biom->bread; -} - -/* Conversion for old style bread to new style */ -int bread_conv(BIO *bio, char *data, size_t datal, size_t *readbytes) -{ - int ret; - - if (datal > INT_MAX) - datal = INT_MAX; - - ret = bio->method->bread_old(bio, data, (int)datal); - - if (ret <= 0) { - *readbytes = 0; - return ret; - } - - *readbytes = (size_t)ret; - - return 1; -} - -int BIO_meth_set_read(BIO_METHOD *biom, - int (*bread) (BIO *, char *, int)) -{ - biom->bread_old = bread; - biom->bread = bread_conv; - return 1; -} - -int BIO_meth_set_read_ex(BIO_METHOD *biom, - int (*bread) (BIO *, char *, size_t, size_t *)) -{ - biom->bread_old = NULL; - biom->bread = bread; - return 1; -} - -int (*BIO_meth_get_puts(const BIO_METHOD *biom)) (BIO *, const char *) -{ - return biom->bputs; -} - -int BIO_meth_set_puts(BIO_METHOD *biom, - int (*bputs) (BIO *, const char *)) -{ - biom->bputs = bputs; - return 1; -} - -int (*BIO_meth_get_gets(const BIO_METHOD *biom)) (BIO *, char *, int) -{ - return biom->bgets; -} - -int BIO_meth_set_gets(BIO_METHOD *biom, - int (*bgets) (BIO *, char *, int)) -{ - biom->bgets = bgets; - return 1; -} - -long (*BIO_meth_get_ctrl(const BIO_METHOD *biom)) (BIO *, int, long, void *) -{ - return biom->ctrl; -} - -int BIO_meth_set_ctrl(BIO_METHOD *biom, - long (*ctrl) (BIO *, int, long, void *)) -{ - biom->ctrl = ctrl; - return 1; -} - -int (*BIO_meth_get_create(const BIO_METHOD *biom)) (BIO *) -{ - return biom->create; -} - -int BIO_meth_set_create(BIO_METHOD *biom, int (*create) (BIO *)) -{ - biom->create = create; - return 1; -} - -int (*BIO_meth_get_destroy(const BIO_METHOD *biom)) (BIO *) -{ - return biom->destroy; -} - -int BIO_meth_set_destroy(BIO_METHOD *biom, int (*destroy) (BIO *)) -{ - biom->destroy = destroy; - return 1; -} - -long (*BIO_meth_get_callback_ctrl(const BIO_METHOD *biom)) (BIO *, int, BIO_info_cb *) -{ - return biom->callback_ctrl; -} - -int BIO_meth_set_callback_ctrl(BIO_METHOD *biom, - long (*callback_ctrl) (BIO *, int, - BIO_info_cb *)) -{ - biom->callback_ctrl = callback_ctrl; - return 1; -} diff --git a/crypto/bio/bio_print.c b/crypto/bio/bio_print.c deleted file mode 100644 index 4c9c3af7cfd6063ad767f4b2be551d92c52a4296..0000000000000000000000000000000000000000 --- a/crypto/bio/bio_print.c +++ /dev/null @@ -1,960 +0,0 @@ -/* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include "internal/cryptlib.h" -#include "crypto/ctype.h" -#include "internal/numbers.h" -#include -#include - -/* - * Copyright Patrick Powell 1995 - * This code is based on code written by Patrick Powell - * It may be used for any purpose as long as this notice remains intact - * on all source code distributions. - */ - -#ifdef HAVE_LONG_DOUBLE -# define LDOUBLE long double -#else -# define LDOUBLE double -#endif - -static int fmtstr(char **, char **, size_t *, size_t *, - const char *, int, int, int); -static int fmtint(char **, char **, size_t *, size_t *, - int64_t, int, int, int, int); -#ifndef OPENSSL_SYS_UEFI -static int fmtfp(char **, char **, size_t *, size_t *, - LDOUBLE, int, int, int, int); -#endif -static int doapr_outch(char **, char **, size_t *, size_t *, int); -static int _dopr(char **sbuffer, char **buffer, - size_t *maxlen, size_t *retlen, int *truncated, - const char *format, va_list args); - -/* format read states */ -#define DP_S_DEFAULT 0 -#define DP_S_FLAGS 1 -#define DP_S_MIN 2 -#define DP_S_DOT 3 -#define DP_S_MAX 4 -#define DP_S_MOD 5 -#define DP_S_CONV 6 -#define DP_S_DONE 7 - -/* format flags - Bits */ -/* left-aligned padding */ -#define DP_F_MINUS (1 << 0) -/* print an explicit '+' for a value with positive sign */ -#define DP_F_PLUS (1 << 1) -/* print an explicit ' ' for a value with positive sign */ -#define DP_F_SPACE (1 << 2) -/* print 0/0x prefix for octal/hex and decimal point for floating point */ -#define DP_F_NUM (1 << 3) -/* print leading zeroes */ -#define DP_F_ZERO (1 << 4) -/* print HEX in UPPPERcase */ -#define DP_F_UP (1 << 5) -/* treat value as unsigned */ -#define DP_F_UNSIGNED (1 << 6) - -/* conversion flags */ -#define DP_C_SHORT 1 -#define DP_C_LONG 2 -#define DP_C_LDOUBLE 3 -#define DP_C_LLONG 4 -#define DP_C_SIZE 5 - -/* Floating point formats */ -#define F_FORMAT 0 -#define E_FORMAT 1 -#define G_FORMAT 2 - -/* some handy macros */ -#define char_to_int(p) (p - '0') -#define OSSL_MAX(p,q) ((p >= q) ? p : q) - -static int -_dopr(char **sbuffer, - char **buffer, - size_t *maxlen, - size_t *retlen, int *truncated, const char *format, va_list args) -{ - char ch; - int64_t value; -#ifndef OPENSSL_SYS_UEFI - LDOUBLE fvalue; -#endif - char *strvalue; - int min; - int max; - int state; - int flags; - int cflags; - size_t currlen; - - state = DP_S_DEFAULT; - flags = currlen = cflags = min = 0; - max = -1; - ch = *format++; - - while (state != DP_S_DONE) { - if (ch == '\0' || (buffer == NULL && currlen >= *maxlen)) - state = DP_S_DONE; - - switch (state) { - case DP_S_DEFAULT: - if (ch == '%') - state = DP_S_FLAGS; - else - if (!doapr_outch(sbuffer, buffer, &currlen, maxlen, ch)) - return 0; - ch = *format++; - break; - case DP_S_FLAGS: - switch (ch) { - case '-': - flags |= DP_F_MINUS; - ch = *format++; - break; - case '+': - flags |= DP_F_PLUS; - ch = *format++; - break; - case ' ': - flags |= DP_F_SPACE; - ch = *format++; - break; - case '#': - flags |= DP_F_NUM; - ch = *format++; - break; - case '0': - flags |= DP_F_ZERO; - ch = *format++; - break; - default: - state = DP_S_MIN; - break; - } - break; - case DP_S_MIN: - if (ossl_isdigit(ch)) { - min = 10 * min + char_to_int(ch); - ch = *format++; - } else if (ch == '*') { - min = va_arg(args, int); - ch = *format++; - state = DP_S_DOT; - } else - state = DP_S_DOT; - break; - case DP_S_DOT: - if (ch == '.') { - state = DP_S_MAX; - ch = *format++; - } else - state = DP_S_MOD; - break; - case DP_S_MAX: - if (ossl_isdigit(ch)) { - if (max < 0) - max = 0; - max = 10 * max + char_to_int(ch); - ch = *format++; - } else if (ch == '*') { - max = va_arg(args, int); - ch = *format++; - state = DP_S_MOD; - } else - state = DP_S_MOD; - break; - case DP_S_MOD: - switch (ch) { - case 'h': - cflags = DP_C_SHORT; - ch = *format++; - break; - case 'l': - if (*format == 'l') { - cflags = DP_C_LLONG; - format++; - } else - cflags = DP_C_LONG; - ch = *format++; - break; - case 'q': - case 'j': - cflags = DP_C_LLONG; - ch = *format++; - break; - case 'L': - cflags = DP_C_LDOUBLE; - ch = *format++; - break; - case 'z': - cflags = DP_C_SIZE; - ch = *format++; - break; - default: - break; - } - state = DP_S_CONV; - break; - case DP_S_CONV: - switch (ch) { - case 'd': - case 'i': - switch (cflags) { - case DP_C_SHORT: - value = (short int)va_arg(args, int); - break; - case DP_C_LONG: - value = va_arg(args, long int); - break; - case DP_C_LLONG: - value = va_arg(args, int64_t); - break; - case DP_C_SIZE: - value = va_arg(args, ossl_ssize_t); - break; - default: - value = va_arg(args, int); - break; - } - if (!fmtint(sbuffer, buffer, &currlen, maxlen, value, 10, min, - max, flags)) - return 0; - break; - case 'X': - flags |= DP_F_UP; - /* FALLTHROUGH */ - case 'x': - case 'o': - case 'u': - flags |= DP_F_UNSIGNED; - switch (cflags) { - case DP_C_SHORT: - value = (unsigned short int)va_arg(args, unsigned int); - break; - case DP_C_LONG: - value = va_arg(args, unsigned long int); - break; - case DP_C_LLONG: - value = va_arg(args, uint64_t); - break; - case DP_C_SIZE: - value = va_arg(args, size_t); - break; - default: - value = va_arg(args, unsigned int); - break; - } - if (!fmtint(sbuffer, buffer, &currlen, maxlen, value, - ch == 'o' ? 8 : (ch == 'u' ? 10 : 16), - min, max, flags)) - return 0; - break; -#ifndef OPENSSL_SYS_UEFI - case 'f': - if (cflags == DP_C_LDOUBLE) - fvalue = va_arg(args, LDOUBLE); - else - fvalue = va_arg(args, double); - if (!fmtfp(sbuffer, buffer, &currlen, maxlen, fvalue, min, max, - flags, F_FORMAT)) - return 0; - break; - case 'E': - flags |= DP_F_UP; - /* fall thru */ - case 'e': - if (cflags == DP_C_LDOUBLE) - fvalue = va_arg(args, LDOUBLE); - else - fvalue = va_arg(args, double); - if (!fmtfp(sbuffer, buffer, &currlen, maxlen, fvalue, min, max, - flags, E_FORMAT)) - return 0; - break; - case 'G': - flags |= DP_F_UP; - /* fall thru */ - case 'g': - if (cflags == DP_C_LDOUBLE) - fvalue = va_arg(args, LDOUBLE); - else - fvalue = va_arg(args, double); - if (!fmtfp(sbuffer, buffer, &currlen, maxlen, fvalue, min, max, - flags, G_FORMAT)) - return 0; - break; -#else - case 'f': - case 'E': - case 'e': - case 'G': - case 'g': - /* not implemented for UEFI */ - ERR_raise(ERR_LIB_BIO, ERR_R_UNSUPPORTED); - return 0; -#endif - case 'c': - if (!doapr_outch(sbuffer, buffer, &currlen, maxlen, - va_arg(args, int))) - return 0; - break; - case 's': - strvalue = va_arg(args, char *); - if (max < 0) { - if (buffer) - max = INT_MAX; - else - max = *maxlen; - } - if (!fmtstr(sbuffer, buffer, &currlen, maxlen, strvalue, - flags, min, max)) - return 0; - break; - case 'p': - value = (size_t)va_arg(args, void *); - if (!fmtint(sbuffer, buffer, &currlen, maxlen, - value, 16, min, max, flags | DP_F_NUM)) - return 0; - break; - case 'n': - { - int *num; - num = va_arg(args, int *); - *num = currlen; - } - break; - case '%': - if (!doapr_outch(sbuffer, buffer, &currlen, maxlen, ch)) - return 0; - break; - case 'w': - /* not supported yet, treat as next char */ - format++; - break; - default: - /* unknown, skip */ - break; - } - ch = *format++; - state = DP_S_DEFAULT; - flags = cflags = min = 0; - max = -1; - break; - case DP_S_DONE: - break; - default: - break; - } - } - /* - * We have to truncate if there is no dynamic buffer and we have filled the - * static buffer. - */ - if (buffer == NULL) { - *truncated = (currlen > *maxlen - 1); - if (*truncated) - currlen = *maxlen - 1; - } - if (!doapr_outch(sbuffer, buffer, &currlen, maxlen, '\0')) - return 0; - *retlen = currlen - 1; - return 1; -} - -static int -fmtstr(char **sbuffer, - char **buffer, - size_t *currlen, - size_t *maxlen, const char *value, int flags, int min, int max) -{ - int padlen; - size_t strln; - int cnt = 0; - - if (value == 0) - value = ""; - - strln = OPENSSL_strnlen(value, max < 0 ? SIZE_MAX : (size_t)max); - - padlen = min - strln; - if (min < 0 || padlen < 0) - padlen = 0; - if (max >= 0) { - /* - * Calculate the maximum output including padding. - * Make sure max doesn't overflow into negativity - */ - if (max < INT_MAX - padlen) - max += padlen; - else - max = INT_MAX; - } - if (flags & DP_F_MINUS) - padlen = -padlen; - - while ((padlen > 0) && (max < 0 || cnt < max)) { - if (!doapr_outch(sbuffer, buffer, currlen, maxlen, ' ')) - return 0; - --padlen; - ++cnt; - } - while (strln > 0 && (max < 0 || cnt < max)) { - if (!doapr_outch(sbuffer, buffer, currlen, maxlen, *value++)) - return 0; - --strln; - ++cnt; - } - while ((padlen < 0) && (max < 0 || cnt < max)) { - if (!doapr_outch(sbuffer, buffer, currlen, maxlen, ' ')) - return 0; - ++padlen; - ++cnt; - } - return 1; -} - -static int -fmtint(char **sbuffer, - char **buffer, - size_t *currlen, - size_t *maxlen, int64_t value, int base, int min, int max, int flags) -{ - int signvalue = 0; - const char *prefix = ""; - uint64_t uvalue; - char convert[DECIMAL_SIZE(value) + 3]; - int place = 0; - int spadlen = 0; - int zpadlen = 0; - int caps = 0; - - if (max < 0) - max = 0; - uvalue = value; - if (!(flags & DP_F_UNSIGNED)) { - if (value < 0) { - signvalue = '-'; - uvalue = 0 - (uint64_t)value; - } else if (flags & DP_F_PLUS) - signvalue = '+'; - else if (flags & DP_F_SPACE) - signvalue = ' '; - } - if (flags & DP_F_NUM) { - if (base == 8) - prefix = "0"; - if (base == 16) - prefix = "0x"; - } - if (flags & DP_F_UP) - caps = 1; - do { - convert[place++] = (caps ? "0123456789ABCDEF" : "0123456789abcdef") - [uvalue % (unsigned)base]; - uvalue = (uvalue / (unsigned)base); - } while (uvalue && (place < (int)sizeof(convert))); - if (place == sizeof(convert)) - place--; - convert[place] = 0; - - zpadlen = max - place; - spadlen = - min - OSSL_MAX(max, place) - (signvalue ? 1 : 0) - strlen(prefix); - if (zpadlen < 0) - zpadlen = 0; - if (spadlen < 0) - spadlen = 0; - if (flags & DP_F_ZERO) { - zpadlen = OSSL_MAX(zpadlen, spadlen); - spadlen = 0; - } - if (flags & DP_F_MINUS) - spadlen = -spadlen; - - /* spaces */ - while (spadlen > 0) { - if (!doapr_outch(sbuffer, buffer, currlen, maxlen, ' ')) - return 0; - --spadlen; - } - - /* sign */ - if (signvalue) - if (!doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue)) - return 0; - - /* prefix */ - while (*prefix) { - if (!doapr_outch(sbuffer, buffer, currlen, maxlen, *prefix)) - return 0; - prefix++; - } - - /* zeros */ - if (zpadlen > 0) { - while (zpadlen > 0) { - if (!doapr_outch(sbuffer, buffer, currlen, maxlen, '0')) - return 0; - --zpadlen; - } - } - /* digits */ - while (place > 0) { - if (!doapr_outch(sbuffer, buffer, currlen, maxlen, convert[--place])) - return 0; - } - - /* left justified spaces */ - while (spadlen < 0) { - if (!doapr_outch(sbuffer, buffer, currlen, maxlen, ' ')) - return 0; - ++spadlen; - } - return 1; -} - -#ifndef OPENSSL_SYS_UEFI - -static LDOUBLE abs_val(LDOUBLE value) -{ - LDOUBLE result = value; - if (value < 0) - result = -value; - return result; -} - -static LDOUBLE pow_10(int in_exp) -{ - LDOUBLE result = 1; - while (in_exp) { - result *= 10; - in_exp--; - } - return result; -} - -static long roundv(LDOUBLE value) -{ - long intpart; - intpart = (long)value; - value = value - intpart; - if (value >= 0.5) - intpart++; - return intpart; -} - -static int -fmtfp(char **sbuffer, - char **buffer, - size_t *currlen, - size_t *maxlen, LDOUBLE fvalue, int min, int max, int flags, int style) -{ - int signvalue = 0; - LDOUBLE ufvalue; - LDOUBLE tmpvalue; - char iconvert[20]; - char fconvert[20]; - char econvert[20]; - int iplace = 0; - int fplace = 0; - int eplace = 0; - int padlen = 0; - int zpadlen = 0; - long exp = 0; - unsigned long intpart; - unsigned long fracpart; - unsigned long max10; - int realstyle; - - if (max < 0) - max = 6; - - if (fvalue < 0) - signvalue = '-'; - else if (flags & DP_F_PLUS) - signvalue = '+'; - else if (flags & DP_F_SPACE) - signvalue = ' '; - - /* - * G_FORMAT sometimes prints like E_FORMAT and sometimes like F_FORMAT - * depending on the number to be printed. Work out which one it is and use - * that from here on. - */ - if (style == G_FORMAT) { - if (fvalue == 0.0) { - realstyle = F_FORMAT; - } else if (fvalue < 0.0001) { - realstyle = E_FORMAT; - } else if ((max == 0 && fvalue >= 10) - || (max > 0 && fvalue >= pow_10(max))) { - realstyle = E_FORMAT; - } else { - realstyle = F_FORMAT; - } - } else { - realstyle = style; - } - - if (style != F_FORMAT) { - tmpvalue = fvalue; - /* Calculate the exponent */ - if (fvalue != 0.0) { - while (tmpvalue < 1) { - tmpvalue *= 10; - exp--; - } - while (tmpvalue > 10) { - tmpvalue /= 10; - exp++; - } - } - if (style == G_FORMAT) { - /* - * In G_FORMAT the "precision" represents significant digits. We - * always have at least 1 significant digit. - */ - if (max == 0) - max = 1; - /* Now convert significant digits to decimal places */ - if (realstyle == F_FORMAT) { - max -= (exp + 1); - if (max < 0) { - /* - * Should not happen. If we're in F_FORMAT then exp < max? - */ - (void)doapr_outch(sbuffer, buffer, currlen, maxlen, '\0'); - return 0; - } - } else { - /* - * In E_FORMAT there is always one significant digit in front - * of the decimal point, so: - * significant digits == 1 + decimal places - */ - max--; - } - } - if (realstyle == E_FORMAT) - fvalue = tmpvalue; - } - ufvalue = abs_val(fvalue); - /* - * By subtracting 65535 (2^16-1) we cancel the low order 15 bits - * of ULONG_MAX to avoid using imprecise floating point values. - */ - if (ufvalue >= (double)(ULONG_MAX - 65535) + 65536.0) { - /* Number too big */ - (void)doapr_outch(sbuffer, buffer, currlen, maxlen, '\0'); - return 0; - } - intpart = (unsigned long)ufvalue; - - /* - * sorry, we only support 9 digits past the decimal because of our - * conversion method - */ - if (max > 9) - max = 9; - - /* - * we "cheat" by converting the fractional part to integer by multiplying - * by a factor of 10 - */ - max10 = roundv(pow_10(max)); - fracpart = roundv(pow_10(max) * (ufvalue - intpart)); - - if (fracpart >= max10) { - intpart++; - fracpart -= max10; - } - - /* convert integer part */ - do { - iconvert[iplace++] = "0123456789"[intpart % 10]; - intpart = (intpart / 10); - } while (intpart && (iplace < (int)sizeof(iconvert))); - if (iplace == sizeof(iconvert)) - iplace--; - iconvert[iplace] = 0; - - /* convert fractional part */ - while (fplace < max) { - if (style == G_FORMAT && fplace == 0 && (fracpart % 10) == 0) { - /* We strip trailing zeros in G_FORMAT */ - max--; - fracpart = fracpart / 10; - if (fplace < max) - continue; - break; - } - fconvert[fplace++] = "0123456789"[fracpart % 10]; - fracpart = (fracpart / 10); - } - - if (fplace == sizeof(fconvert)) - fplace--; - fconvert[fplace] = 0; - - /* convert exponent part */ - if (realstyle == E_FORMAT) { - int tmpexp; - if (exp < 0) - tmpexp = -exp; - else - tmpexp = exp; - - do { - econvert[eplace++] = "0123456789"[tmpexp % 10]; - tmpexp = (tmpexp / 10); - } while (tmpexp > 0 && eplace < (int)sizeof(econvert)); - /* Exponent is huge!! Too big to print */ - if (tmpexp > 0) { - (void)doapr_outch(sbuffer, buffer, currlen, maxlen, '\0'); - return 0; - } - /* Add a leading 0 for single digit exponents */ - if (eplace == 1) - econvert[eplace++] = '0'; - } - - /* - * -1 for decimal point (if we have one, i.e. max > 0), - * another -1 if we are printing a sign - */ - padlen = min - iplace - max - (max > 0 ? 1 : 0) - ((signvalue) ? 1 : 0); - /* Take some off for exponent prefix "+e" and exponent */ - if (realstyle == E_FORMAT) - padlen -= 2 + eplace; - zpadlen = max - fplace; - if (zpadlen < 0) - zpadlen = 0; - if (padlen < 0) - padlen = 0; - if (flags & DP_F_MINUS) - padlen = -padlen; - - if ((flags & DP_F_ZERO) && (padlen > 0)) { - if (signvalue) { - if (!doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue)) - return 0; - --padlen; - signvalue = 0; - } - while (padlen > 0) { - if (!doapr_outch(sbuffer, buffer, currlen, maxlen, '0')) - return 0; - --padlen; - } - } - while (padlen > 0) { - if (!doapr_outch(sbuffer, buffer, currlen, maxlen, ' ')) - return 0; - --padlen; - } - if (signvalue && !doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue)) - return 0; - - while (iplace > 0) { - if (!doapr_outch(sbuffer, buffer, currlen, maxlen, iconvert[--iplace])) - return 0; - } - - /* - * Decimal point. This should probably use locale to find the correct - * char to print out. - */ - if (max > 0 || (flags & DP_F_NUM)) { - if (!doapr_outch(sbuffer, buffer, currlen, maxlen, '.')) - return 0; - - while (fplace > 0) { - if (!doapr_outch(sbuffer, buffer, currlen, maxlen, - fconvert[--fplace])) - return 0; - } - } - while (zpadlen > 0) { - if (!doapr_outch(sbuffer, buffer, currlen, maxlen, '0')) - return 0; - --zpadlen; - } - if (realstyle == E_FORMAT) { - char ech; - - if ((flags & DP_F_UP) == 0) - ech = 'e'; - else - ech = 'E'; - if (!doapr_outch(sbuffer, buffer, currlen, maxlen, ech)) - return 0; - if (exp < 0) { - if (!doapr_outch(sbuffer, buffer, currlen, maxlen, '-')) - return 0; - } else { - if (!doapr_outch(sbuffer, buffer, currlen, maxlen, '+')) - return 0; - } - while (eplace > 0) { - if (!doapr_outch(sbuffer, buffer, currlen, maxlen, - econvert[--eplace])) - return 0; - } - } - - while (padlen < 0) { - if (!doapr_outch(sbuffer, buffer, currlen, maxlen, ' ')) - return 0; - ++padlen; - } - return 1; -} - -#endif /* OPENSSL_SYS_UEFI */ - -#define BUFFER_INC 1024 - -static int -doapr_outch(char **sbuffer, - char **buffer, size_t *currlen, size_t *maxlen, int c) -{ - /* If we haven't at least one buffer, someone has done a big booboo */ - if (!ossl_assert(*sbuffer != NULL || buffer != NULL)) - return 0; - - /* |currlen| must always be <= |*maxlen| */ - if (!ossl_assert(*currlen <= *maxlen)) - return 0; - - if (buffer && *currlen == *maxlen) { - if (*maxlen > INT_MAX - BUFFER_INC) - return 0; - - *maxlen += BUFFER_INC; - if (*buffer == NULL) { - if ((*buffer = OPENSSL_malloc(*maxlen)) == NULL) { - ERR_raise(ERR_LIB_BIO, ERR_R_MALLOC_FAILURE); - return 0; - } - if (*currlen > 0) { - if (!ossl_assert(*sbuffer != NULL)) - return 0; - memcpy(*buffer, *sbuffer, *currlen); - } - *sbuffer = NULL; - } else { - char *tmpbuf; - - tmpbuf = OPENSSL_realloc(*buffer, *maxlen); - if (tmpbuf == NULL) { - ERR_raise(ERR_LIB_BIO, ERR_R_MALLOC_FAILURE); - return 0; - } - *buffer = tmpbuf; - } - } - - if (*currlen < *maxlen) { - if (*sbuffer) - (*sbuffer)[(*currlen)++] = (char)c; - else - (*buffer)[(*currlen)++] = (char)c; - } - - return 1; -} - -/***************************************************************************/ - -int BIO_printf(BIO *bio, const char *format, ...) -{ - va_list args; - int ret; - - va_start(args, format); - - ret = BIO_vprintf(bio, format, args); - - va_end(args); - return ret; -} - -int BIO_vprintf(BIO *bio, const char *format, va_list args) -{ - int ret; - size_t retlen; - char hugebuf[1024 * 2]; /* Was previously 10k, which is unreasonable - * in small-stack environments, like threads - * or DOS programs. */ - char *hugebufp = hugebuf; - size_t hugebufsize = sizeof(hugebuf); - char *dynbuf = NULL; - int ignored; - - dynbuf = NULL; - if (!_dopr(&hugebufp, &dynbuf, &hugebufsize, &retlen, &ignored, format, - args)) { - OPENSSL_free(dynbuf); - return -1; - } - if (dynbuf) { - ret = BIO_write(bio, dynbuf, (int)retlen); - OPENSSL_free(dynbuf); - } else { - ret = BIO_write(bio, hugebuf, (int)retlen); - } - return ret; -} - -/* - * As snprintf is not available everywhere, we provide our own - * implementation. This function has nothing to do with BIOs, but it's - * closely related to BIO_printf, and we need *some* name prefix ... (XXX the - * function should be renamed, but to what?) - */ -int BIO_snprintf(char *buf, size_t n, const char *format, ...) -{ - va_list args; - int ret; - - va_start(args, format); - - ret = BIO_vsnprintf(buf, n, format, args); - - va_end(args); - return ret; -} - -int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args) -{ - size_t retlen; - int truncated; - - if (!_dopr(&buf, NULL, &n, &retlen, &truncated, format, args)) - return -1; - - if (truncated) - /* - * In case of truncation, return -1 like traditional snprintf. - * (Current drafts for ISO/IEC 9899 say snprintf should return the - * number of characters that would have been written, had the buffer - * been large enough.) - */ - return -1; - return (retlen <= INT_MAX) ? (int)retlen : -1; -} diff --git a/crypto/bio/bio_sock.c b/crypto/bio/bio_sock.c deleted file mode 100644 index 476cbcc5cef16103ebc4cbbc2a1056259b794869..0000000000000000000000000000000000000000 --- a/crypto/bio/bio_sock.c +++ /dev/null @@ -1,415 +0,0 @@ -/* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include "bio_local.h" -#ifndef OPENSSL_NO_SOCK -# define SOCKET_PROTOCOL IPPROTO_TCP -# ifdef SO_MAXCONN -# define MAX_LISTEN SO_MAXCONN -# elif defined(SOMAXCONN) -# define MAX_LISTEN SOMAXCONN -# else -# define MAX_LISTEN 32 -# endif -# if defined(OPENSSL_SYS_WINDOWS) -static int wsa_init_done = 0; -# endif - -# if defined __TANDEM -# include -# include /* select */ -# if defined(OPENSSL_TANDEM_FLOSS) -# include -# endif -# elif defined _WIN32 -# include /* for type fd_set */ -# else -# include -# if defined __VMS -# include -# elif defined _HPUX_SOURCE -# include -# else -# include -# endif -# endif - -# ifndef OPENSSL_NO_DEPRECATED_1_1_0 -int BIO_get_host_ip(const char *str, unsigned char *ip) -{ - BIO_ADDRINFO *res = NULL; - int ret = 0; - - if (BIO_sock_init() != 1) - return 0; /* don't generate another error code here */ - - if (BIO_lookup(str, NULL, BIO_LOOKUP_CLIENT, AF_INET, SOCK_STREAM, &res)) { - size_t l; - - if (BIO_ADDRINFO_family(res) != AF_INET) { - ERR_raise(ERR_LIB_BIO, BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET); - } else if (BIO_ADDR_rawaddress(BIO_ADDRINFO_address(res), NULL, &l)) { - /* - * Because only AF_INET addresses will reach this far, we can assert - * that l should be 4 - */ - if (ossl_assert(l == 4)) - ret = BIO_ADDR_rawaddress(BIO_ADDRINFO_address(res), ip, &l); - } - BIO_ADDRINFO_free(res); - } else { - ERR_add_error_data(2, "host=", str); - } - - return ret; -} - -int BIO_get_port(const char *str, unsigned short *port_ptr) -{ - BIO_ADDRINFO *res = NULL; - int ret = 0; - - if (str == NULL) { - ERR_raise(ERR_LIB_BIO, BIO_R_NO_PORT_DEFINED); - return 0; - } - - if (BIO_sock_init() != 1) - return 0; /* don't generate another error code here */ - - if (BIO_lookup(NULL, str, BIO_LOOKUP_CLIENT, AF_INET, SOCK_STREAM, &res)) { - if (BIO_ADDRINFO_family(res) != AF_INET) { - ERR_raise(ERR_LIB_BIO, BIO_R_ADDRINFO_ADDR_IS_NOT_AF_INET); - } else { - *port_ptr = ntohs(BIO_ADDR_rawport(BIO_ADDRINFO_address(res))); - ret = 1; - } - BIO_ADDRINFO_free(res); - } else { - ERR_add_error_data(2, "host=", str); - } - - return ret; -} -# endif - -int BIO_sock_error(int sock) -{ - int j = 0, i; - socklen_t size = sizeof(j); - - /* - * Note: under Windows the third parameter is of type (char *) whereas - * under other systems it is (void *) if you don't have a cast it will - * choke the compiler: if you do have a cast then you can either go for - * (char *) or (void *). - */ - i = getsockopt(sock, SOL_SOCKET, SO_ERROR, (void *)&j, &size); - if (i < 0) - return get_last_socket_error(); - else - return j; -} - -# ifndef OPENSSL_NO_DEPRECATED_1_1_0 -struct hostent *BIO_gethostbyname(const char *name) -{ - /* - * Caching gethostbyname() results forever is wrong, so we have to let - * the true gethostbyname() worry about this - */ - return gethostbyname(name); -} -# endif - -int BIO_sock_init(void) -{ -# ifdef OPENSSL_SYS_WINDOWS - static struct WSAData wsa_state; - - if (!wsa_init_done) { - wsa_init_done = 1; - memset(&wsa_state, 0, sizeof(wsa_state)); - /* - * Not making wsa_state available to the rest of the code is formally - * wrong. But the structures we use are [believed to be] invariable - * among Winsock DLLs, while API availability is [expected to be] - * probed at run-time with DSO_global_lookup. - */ - if (WSAStartup(0x0202, &wsa_state) != 0) { - ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(), - "calling wsastartup()"); - ERR_raise(ERR_LIB_BIO, BIO_R_WSASTARTUP); - return -1; - } - } -# endif /* OPENSSL_SYS_WINDOWS */ -# ifdef WATT32 - extern int _watt_do_exit; - _watt_do_exit = 0; /* don't make sock_init() call exit() */ - if (sock_init()) - return -1; -# endif - - return 1; -} - -void bio_sock_cleanup_int(void) -{ -# ifdef OPENSSL_SYS_WINDOWS - if (wsa_init_done) { - wsa_init_done = 0; - WSACleanup(); - } -# endif -} - -int BIO_socket_ioctl(int fd, long type, void *arg) -{ - int i; - -# ifdef __DJGPP__ - i = ioctlsocket(fd, type, (char *)arg); -# else -# if defined(OPENSSL_SYS_VMS) - /*- - * 2011-02-18 SMS. - * VMS ioctl() can't tolerate a 64-bit "void *arg", but we - * observe that all the consumers pass in an "unsigned long *", - * so we arrange a local copy with a short pointer, and use - * that, instead. - */ -# if __INITIAL_POINTER_SIZE == 64 -# define ARG arg_32p -# pragma pointer_size save -# pragma pointer_size 32 - unsigned long arg_32; - unsigned long *arg_32p; -# pragma pointer_size restore - arg_32p = &arg_32; - arg_32 = *((unsigned long *)arg); -# else /* __INITIAL_POINTER_SIZE == 64 */ -# define ARG arg -# endif /* __INITIAL_POINTER_SIZE == 64 [else] */ -# else /* defined(OPENSSL_SYS_VMS) */ -# define ARG arg -# endif /* defined(OPENSSL_SYS_VMS) [else] */ - - i = ioctlsocket(fd, type, ARG); -# endif /* __DJGPP__ */ - if (i < 0) - ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(), - "calling ioctlsocket()"); - return i; -} - -# ifndef OPENSSL_NO_DEPRECATED_1_1_0 -int BIO_get_accept_socket(char *host, int bind_mode) -{ - int s = INVALID_SOCKET; - char *h = NULL, *p = NULL; - BIO_ADDRINFO *res = NULL; - - if (!BIO_parse_hostserv(host, &h, &p, BIO_PARSE_PRIO_SERV)) - return INVALID_SOCKET; - - if (BIO_sock_init() != 1) - return INVALID_SOCKET; - - if (BIO_lookup(h, p, BIO_LOOKUP_SERVER, AF_UNSPEC, SOCK_STREAM, &res) != 0) - goto err; - - if ((s = BIO_socket(BIO_ADDRINFO_family(res), BIO_ADDRINFO_socktype(res), - BIO_ADDRINFO_protocol(res), 0)) == INVALID_SOCKET) { - s = INVALID_SOCKET; - goto err; - } - - if (!BIO_listen(s, BIO_ADDRINFO_address(res), - bind_mode ? BIO_SOCK_REUSEADDR : 0)) { - BIO_closesocket(s); - s = INVALID_SOCKET; - } - - err: - BIO_ADDRINFO_free(res); - OPENSSL_free(h); - OPENSSL_free(p); - - return s; -} - -int BIO_accept(int sock, char **ip_port) -{ - BIO_ADDR res; - int ret = -1; - - ret = BIO_accept_ex(sock, &res, 0); - if (ret == (int)INVALID_SOCKET) { - if (BIO_sock_should_retry(ret)) { - ret = -2; - goto end; - } - ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(), - "calling accept()"); - ERR_raise(ERR_LIB_BIO, BIO_R_ACCEPT_ERROR); - goto end; - } - - if (ip_port != NULL) { - char *host = BIO_ADDR_hostname_string(&res, 1); - char *port = BIO_ADDR_service_string(&res, 1); - if (host != NULL && port != NULL) - *ip_port = OPENSSL_zalloc(strlen(host) + strlen(port) + 2); - else - *ip_port = NULL; - - if (*ip_port == NULL) { - ERR_raise(ERR_LIB_BIO, ERR_R_MALLOC_FAILURE); - BIO_closesocket(ret); - ret = (int)INVALID_SOCKET; - } else { - strcpy(*ip_port, host); - strcat(*ip_port, ":"); - strcat(*ip_port, port); - } - OPENSSL_free(host); - OPENSSL_free(port); - } - - end: - return ret; -} -# endif - -int BIO_set_tcp_ndelay(int s, int on) -{ - int ret = 0; -# if defined(TCP_NODELAY) && (defined(IPPROTO_TCP) || defined(SOL_TCP)) - int opt; - -# ifdef SOL_TCP - opt = SOL_TCP; -# else -# ifdef IPPROTO_TCP - opt = IPPROTO_TCP; -# endif -# endif - - ret = setsockopt(s, opt, TCP_NODELAY, (char *)&on, sizeof(on)); -# endif - return (ret == 0); -} - -int BIO_socket_nbio(int s, int mode) -{ - int ret = -1; - int l; - - l = mode; -# ifdef FIONBIO - l = mode; - - ret = BIO_socket_ioctl(s, FIONBIO, &l); -# elif defined(F_GETFL) && defined(F_SETFL) && (defined(O_NONBLOCK) || defined(FNDELAY)) - /* make sure this call always pushes an error level; BIO_socket_ioctl() does so, so we do too. */ - - l = fcntl(s, F_GETFL, 0); - if (l == -1) { - ERR_raise_data(ERR_LIB_SYS, get_last_sys_error(), - "calling fcntl()"); - ret = -1; - } else { -# if defined(O_NONBLOCK) - l &= ~O_NONBLOCK; -# else - l &= ~FNDELAY; /* BSD4.x */ -# endif - if (mode) { -# if defined(O_NONBLOCK) - l |= O_NONBLOCK; -# else - l |= FNDELAY; /* BSD4.x */ -# endif - } - ret = fcntl(s, F_SETFL, l); - - if (ret < 0) { - ERR_raise_data(ERR_LIB_SYS, get_last_sys_error(), - "calling fcntl()"); - } - } -# else - /* make sure this call always pushes an error level; BIO_socket_ioctl() does so, so we do too. */ - ERR_raise(ERR_LIB_BIO, ERR_R_PASSED_INVALID_ARGUMENT); -# endif - - return (ret == 0); -} - -int BIO_sock_info(int sock, - enum BIO_sock_info_type type, union BIO_sock_info_u *info) -{ - switch (type) { - case BIO_SOCK_INFO_ADDRESS: - { - socklen_t addr_len; - int ret = 0; - addr_len = sizeof(*info->addr); - ret = getsockname(sock, BIO_ADDR_sockaddr_noconst(info->addr), - &addr_len); - if (ret == -1) { - ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(), - "calling getsockname()"); - ERR_raise(ERR_LIB_BIO, BIO_R_GETSOCKNAME_ERROR); - return 0; - } - if ((size_t)addr_len > sizeof(*info->addr)) { - ERR_raise(ERR_LIB_BIO, BIO_R_GETSOCKNAME_TRUNCATED_ADDRESS); - return 0; - } - } - break; - default: - ERR_raise(ERR_LIB_BIO, BIO_R_UNKNOWN_INFO_TYPE); - return 0; - } - return 1; -} - -/* - * Wait on fd at most until max_time; succeed immediately if max_time == 0. - * If for_read == 0 then assume to wait for writing, else wait for reading. - * Returns -1 on error, 0 on timeout, and 1 on success. - */ -int BIO_socket_wait(int fd, int for_read, time_t max_time) -{ - fd_set confds; - struct timeval tv; - time_t now; - - if (fd < 0 || fd >= FD_SETSIZE) - return -1; - if (max_time == 0) - return 1; - - now = time(NULL); - if (max_time < now) - return 0; - - FD_ZERO(&confds); - openssl_fdset(fd, &confds); - tv.tv_usec = 0; - tv.tv_sec = (long)(max_time - now); /* might overflow */ - return select(fd + 1, for_read ? &confds : NULL, - for_read ? NULL : &confds, NULL, &tv); -} -#endif /* !defined(OPENSSL_NO_SOCK) */ diff --git a/crypto/bio/bio_sock2.c b/crypto/bio/bio_sock2.c deleted file mode 100644 index 8bdad0c0b6aeec206fb197fca3b5717ce6ce60a6..0000000000000000000000000000000000000000 --- a/crypto/bio/bio_sock2.c +++ /dev/null @@ -1,340 +0,0 @@ -/* - * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include - -#include "bio_local.h" -#include "internal/ktls.h" - -#include - -#ifndef OPENSSL_NO_SOCK -# ifdef SO_MAXCONN -# define MAX_LISTEN SO_MAXCONN -# elif defined(SOMAXCONN) -# define MAX_LISTEN SOMAXCONN -# else -# define MAX_LISTEN 32 -# endif - -/*- - * BIO_socket - create a socket - * @domain: the socket domain (AF_INET, AF_INET6, AF_UNIX, ...) - * @socktype: the socket type (SOCK_STEAM, SOCK_DGRAM) - * @protocol: the protocol to use (IPPROTO_TCP, IPPROTO_UDP) - * @options: BIO socket options (currently unused) - * - * Creates a socket. This should be called before calling any - * of BIO_connect and BIO_listen. - * - * Returns the file descriptor on success or INVALID_SOCKET on failure. On - * failure errno is set, and a status is added to the OpenSSL error stack. - */ -int BIO_socket(int domain, int socktype, int protocol, int options) -{ - int sock = -1; - - if (BIO_sock_init() != 1) - return INVALID_SOCKET; - - sock = socket(domain, socktype, protocol); - if (sock == -1) { - ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(), - "calling socket()"); - ERR_raise(ERR_LIB_BIO, BIO_R_UNABLE_TO_CREATE_SOCKET); - return INVALID_SOCKET; - } - - return sock; -} - -/*- - * BIO_connect - connect to an address - * @sock: the socket to connect with - * @addr: the address to connect to - * @options: BIO socket options - * - * Connects to the address using the given socket and options. - * - * Options can be a combination of the following: - * - BIO_SOCK_KEEPALIVE: enable regularly sending keep-alive messages. - * - BIO_SOCK_NONBLOCK: Make the socket non-blocking. - * - BIO_SOCK_NODELAY: don't delay small messages. - * - * options holds BIO socket options that can be used - * You should call this for every address returned by BIO_lookup - * until the connection is successful. - * - * Returns 1 on success or 0 on failure. On failure errno is set - * and an error status is added to the OpenSSL error stack. - */ -int BIO_connect(int sock, const BIO_ADDR *addr, int options) -{ - const int on = 1; - - if (sock == -1) { - ERR_raise(ERR_LIB_BIO, BIO_R_INVALID_SOCKET); - return 0; - } - - if (!BIO_socket_nbio(sock, (options & BIO_SOCK_NONBLOCK) != 0)) - return 0; - - if (options & BIO_SOCK_KEEPALIVE) { - if (setsockopt(sock, SOL_SOCKET, SO_KEEPALIVE, - (const void *)&on, sizeof(on)) != 0) { - ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(), - "calling setsockopt()"); - ERR_raise(ERR_LIB_BIO, BIO_R_UNABLE_TO_KEEPALIVE); - return 0; - } - } - - if (options & BIO_SOCK_NODELAY) { - if (setsockopt(sock, IPPROTO_TCP, TCP_NODELAY, - (const void *)&on, sizeof(on)) != 0) { - ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(), - "calling setsockopt()"); - ERR_raise(ERR_LIB_BIO, BIO_R_UNABLE_TO_NODELAY); - return 0; - } - } - - if (connect(sock, BIO_ADDR_sockaddr(addr), - BIO_ADDR_sockaddr_size(addr)) == -1) { - if (!BIO_sock_should_retry(-1)) { - ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(), - "calling connect()"); - ERR_raise(ERR_LIB_BIO, BIO_R_CONNECT_ERROR); - } - return 0; - } -# ifndef OPENSSL_NO_KTLS - /* - * The new socket is created successfully regardless of ktls_enable. - * ktls_enable doesn't change any functionality of the socket, except - * changing the setsockopt to enable the processing of ktls_start. - * Thus, it is not a problem to call it for non-TLS sockets. - */ - ktls_enable(sock); -# endif - return 1; -} - -/*- - * BIO_bind - bind socket to address - * @sock: the socket to set - * @addr: local address to bind to - * @options: BIO socket options - * - * Binds to the address using the given socket and options. - * - * Options can be a combination of the following: - * - BIO_SOCK_REUSEADDR: Try to reuse the address and port combination - * for a recently closed port. - * - * When restarting the program it could be that the port is still in use. If - * you set to BIO_SOCK_REUSEADDR option it will try to reuse the port anyway. - * It's recommended that you use this. - */ -int BIO_bind(int sock, const BIO_ADDR *addr, int options) -{ -# ifndef OPENSSL_SYS_WINDOWS - int on = 1; -# endif - - if (sock == -1) { - ERR_raise(ERR_LIB_BIO, BIO_R_INVALID_SOCKET); - return 0; - } - -# ifndef OPENSSL_SYS_WINDOWS - /* - * SO_REUSEADDR has different behavior on Windows than on - * other operating systems, don't set it there. - */ - if (options & BIO_SOCK_REUSEADDR) { - if (setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, - (const void *)&on, sizeof(on)) != 0) { - ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(), - "calling setsockopt()"); - ERR_raise(ERR_LIB_BIO, BIO_R_UNABLE_TO_REUSEADDR); - return 0; - } - } -# endif - - if (bind(sock, BIO_ADDR_sockaddr(addr), BIO_ADDR_sockaddr_size(addr)) != 0) { - ERR_raise_data(ERR_LIB_SYS, get_last_socket_error() /* may be 0 */, - "calling bind()"); - ERR_raise(ERR_LIB_BIO, BIO_R_UNABLE_TO_BIND_SOCKET); - return 0; - } - - return 1; -} - -/*- - * BIO_listen - Creates a listen socket - * @sock: the socket to listen with - * @addr: local address to bind to - * @options: BIO socket options - * - * Binds to the address using the given socket and options, then - * starts listening for incoming connections. - * - * Options can be a combination of the following: - * - BIO_SOCK_KEEPALIVE: enable regularly sending keep-alive messages. - * - BIO_SOCK_NONBLOCK: Make the socket non-blocking. - * - BIO_SOCK_NODELAY: don't delay small messages. - * - BIO_SOCK_REUSEADDR: Try to reuse the address and port combination - * for a recently closed port. - * - BIO_SOCK_V6_ONLY: When creating an IPv6 socket, make it listen only - * for IPv6 addresses and not IPv4 addresses mapped to IPv6. - * - * It's recommended that you set up both an IPv6 and IPv4 listen socket, and - * then check both for new clients that connect to it. You want to set up - * the socket as non-blocking in that case since else it could hang. - * - * Not all operating systems support IPv4 addresses on an IPv6 socket, and for - * others it's an option. If you pass the BIO_LISTEN_V6_ONLY it will try to - * create the IPv6 sockets to only listen for IPv6 connection. - * - * It could be that the first BIO_listen() call will listen to all the IPv6 - * and IPv4 addresses and that then trying to bind to the IPv4 address will - * fail. We can't tell the difference between already listening ourself to - * it and someone else listening to it when failing and errno is EADDRINUSE, so - * it's recommended to not give an error in that case if the first call was - * successful. - * - * When restarting the program it could be that the port is still in use. If - * you set to BIO_SOCK_REUSEADDR option it will try to reuse the port anyway. - * It's recommended that you use this. - */ -int BIO_listen(int sock, const BIO_ADDR *addr, int options) -{ - int on = 1; - int socktype; - socklen_t socktype_len = sizeof(socktype); - - if (sock == -1) { - ERR_raise(ERR_LIB_BIO, BIO_R_INVALID_SOCKET); - return 0; - } - - if (getsockopt(sock, SOL_SOCKET, SO_TYPE, - (void *)&socktype, &socktype_len) != 0 - || socktype_len != sizeof(socktype)) { - ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(), - "calling getsockopt()"); - ERR_raise(ERR_LIB_BIO, BIO_R_GETTING_SOCKTYPE); - return 0; - } - - if (!BIO_socket_nbio(sock, (options & BIO_SOCK_NONBLOCK) != 0)) - return 0; - - if (options & BIO_SOCK_KEEPALIVE) { - if (setsockopt(sock, SOL_SOCKET, SO_KEEPALIVE, - (const void *)&on, sizeof(on)) != 0) { - ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(), - "calling setsockopt()"); - ERR_raise(ERR_LIB_BIO, BIO_R_UNABLE_TO_KEEPALIVE); - return 0; - } - } - - if (options & BIO_SOCK_NODELAY) { - if (setsockopt(sock, IPPROTO_TCP, TCP_NODELAY, - (const void *)&on, sizeof(on)) != 0) { - ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(), - "calling setsockopt()"); - ERR_raise(ERR_LIB_BIO, BIO_R_UNABLE_TO_NODELAY); - return 0; - } - } - - /* On OpenBSD it is always ipv6 only with ipv6 sockets thus read-only */ -# if defined(IPV6_V6ONLY) && !defined(__OpenBSD__) - if (BIO_ADDR_family(addr) == AF_INET6) { - /* - * Note: Windows default of IPV6_V6ONLY is ON, and Linux is OFF. - * Therefore we always have to use setsockopt here. - */ - on = options & BIO_SOCK_V6_ONLY ? 1 : 0; - if (setsockopt(sock, IPPROTO_IPV6, IPV6_V6ONLY, - (const void *)&on, sizeof(on)) != 0) { - ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(), - "calling setsockopt()"); - ERR_raise(ERR_LIB_BIO, BIO_R_LISTEN_V6_ONLY); - return 0; - } - } -# endif - - if (!BIO_bind(sock, addr, options)) - return 0; - - if (socktype != SOCK_DGRAM && listen(sock, MAX_LISTEN) == -1) { - ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(), - "calling listen()"); - ERR_raise(ERR_LIB_BIO, BIO_R_UNABLE_TO_LISTEN_SOCKET); - return 0; - } - - return 1; -} - -/*- - * BIO_accept_ex - Accept new incoming connections - * @sock: the listening socket - * @addr: the BIO_ADDR to store the peer address in - * @options: BIO socket options, applied on the accepted socket. - * - */ -int BIO_accept_ex(int accept_sock, BIO_ADDR *addr_, int options) -{ - socklen_t len; - int accepted_sock; - BIO_ADDR locaddr; - BIO_ADDR *addr = addr_ == NULL ? &locaddr : addr_; - - len = sizeof(*addr); - accepted_sock = accept(accept_sock, - BIO_ADDR_sockaddr_noconst(addr), &len); - if (accepted_sock == -1) { - if (!BIO_sock_should_retry(accepted_sock)) { - ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(), - "calling accept()"); - ERR_raise(ERR_LIB_BIO, BIO_R_ACCEPT_ERROR); - } - return INVALID_SOCKET; - } - - if (!BIO_socket_nbio(accepted_sock, (options & BIO_SOCK_NONBLOCK) != 0)) { - closesocket(accepted_sock); - return INVALID_SOCKET; - } - - return accepted_sock; -} - -/*- - * BIO_closesocket - Close a socket - * @sock: the socket to close - */ -int BIO_closesocket(int sock) -{ - if (sock < 0 || closesocket(sock) < 0) - return 0; - return 1; -} -#endif diff --git a/crypto/bio/bss_acpt.c b/crypto/bio/bss_acpt.c deleted file mode 100644 index 1cda967335484f535fd2532aecb6cf0fe273b836..0000000000000000000000000000000000000000 --- a/crypto/bio/bss_acpt.c +++ /dev/null @@ -1,575 +0,0 @@ -/* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#define OPENSSL_SUPPRESS_DEPRECATED - -#include -#include -#include "bio_local.h" - -#ifndef OPENSSL_NO_SOCK - -typedef struct bio_accept_st { - int state; - int accept_family; - int bind_mode; /* Socket mode for BIO_listen */ - int accepted_mode; /* Socket mode for BIO_accept (set on accepted sock) */ - char *param_addr; - char *param_serv; - - int accept_sock; - - BIO_ADDRINFO *addr_first; - const BIO_ADDRINFO *addr_iter; - BIO_ADDR cache_accepting_addr; /* Useful if we asked for port 0 */ - char *cache_accepting_name, *cache_accepting_serv; - BIO_ADDR cache_peer_addr; - char *cache_peer_name, *cache_peer_serv; - - BIO *bio_chain; -} BIO_ACCEPT; - -static int acpt_write(BIO *h, const char *buf, int num); -static int acpt_read(BIO *h, char *buf, int size); -static int acpt_puts(BIO *h, const char *str); -static long acpt_ctrl(BIO *h, int cmd, long arg1, void *arg2); -static int acpt_new(BIO *h); -static int acpt_free(BIO *data); -static int acpt_state(BIO *b, BIO_ACCEPT *c); -static void acpt_close_socket(BIO *data); -static BIO_ACCEPT *BIO_ACCEPT_new(void); -static void BIO_ACCEPT_free(BIO_ACCEPT *a); - -# define ACPT_S_BEFORE 1 -# define ACPT_S_GET_ADDR 2 -# define ACPT_S_CREATE_SOCKET 3 -# define ACPT_S_LISTEN 4 -# define ACPT_S_ACCEPT 5 -# define ACPT_S_OK 6 - -static const BIO_METHOD methods_acceptp = { - BIO_TYPE_ACCEPT, - "socket accept", - bwrite_conv, - acpt_write, - bread_conv, - acpt_read, - acpt_puts, - NULL, /* connect_gets, */ - acpt_ctrl, - acpt_new, - acpt_free, - NULL, /* connect_callback_ctrl */ -}; - -const BIO_METHOD *BIO_s_accept(void) -{ - return &methods_acceptp; -} - -static int acpt_new(BIO *bi) -{ - BIO_ACCEPT *ba; - - bi->init = 0; - bi->num = (int)INVALID_SOCKET; - bi->flags = 0; - if ((ba = BIO_ACCEPT_new()) == NULL) - return 0; - bi->ptr = (char *)ba; - ba->state = ACPT_S_BEFORE; - bi->shutdown = 1; - return 1; -} - -static BIO_ACCEPT *BIO_ACCEPT_new(void) -{ - BIO_ACCEPT *ret; - - if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL) { - ERR_raise(ERR_LIB_BIO, ERR_R_MALLOC_FAILURE); - return NULL; - } - ret->accept_family = BIO_FAMILY_IPANY; - ret->accept_sock = (int)INVALID_SOCKET; - return ret; -} - -static void BIO_ACCEPT_free(BIO_ACCEPT *a) -{ - if (a == NULL) - return; - OPENSSL_free(a->param_addr); - OPENSSL_free(a->param_serv); - BIO_ADDRINFO_free(a->addr_first); - OPENSSL_free(a->cache_accepting_name); - OPENSSL_free(a->cache_accepting_serv); - OPENSSL_free(a->cache_peer_name); - OPENSSL_free(a->cache_peer_serv); - BIO_free(a->bio_chain); - OPENSSL_free(a); -} - -static void acpt_close_socket(BIO *bio) -{ - BIO_ACCEPT *c; - - c = (BIO_ACCEPT *)bio->ptr; - if (c->accept_sock != (int)INVALID_SOCKET) { - shutdown(c->accept_sock, 2); - closesocket(c->accept_sock); - c->accept_sock = (int)INVALID_SOCKET; - bio->num = (int)INVALID_SOCKET; - } -} - -static int acpt_free(BIO *a) -{ - BIO_ACCEPT *data; - - if (a == NULL) - return 0; - data = (BIO_ACCEPT *)a->ptr; - - if (a->shutdown) { - acpt_close_socket(a); - BIO_ACCEPT_free(data); - a->ptr = NULL; - a->flags = 0; - a->init = 0; - } - return 1; -} - -static int acpt_state(BIO *b, BIO_ACCEPT *c) -{ - BIO *bio = NULL, *dbio; - int s = -1, ret = -1; - - for (;;) { - switch (c->state) { - case ACPT_S_BEFORE: - if (c->param_addr == NULL && c->param_serv == NULL) { - ERR_raise_data(ERR_LIB_BIO, - BIO_R_NO_ACCEPT_ADDR_OR_SERVICE_SPECIFIED, - "hostname=%s, service=%s", - c->param_addr, c->param_serv); - goto exit_loop; - } - - /* Because we're starting a new bind, any cached name and serv - * are now obsolete and need to be cleaned out. - * QUESTION: should this be done in acpt_close_socket() instead? - */ - OPENSSL_free(c->cache_accepting_name); - c->cache_accepting_name = NULL; - OPENSSL_free(c->cache_accepting_serv); - c->cache_accepting_serv = NULL; - OPENSSL_free(c->cache_peer_name); - c->cache_peer_name = NULL; - OPENSSL_free(c->cache_peer_serv); - c->cache_peer_serv = NULL; - - c->state = ACPT_S_GET_ADDR; - break; - - case ACPT_S_GET_ADDR: - { - int family = AF_UNSPEC; - switch (c->accept_family) { - case BIO_FAMILY_IPV6: - if (1) { /* This is a trick we use to avoid bit rot. - * at least the "else" part will always be - * compiled. - */ -#ifdef AF_INET6 - family = AF_INET6; - } else { -#endif - ERR_raise(ERR_LIB_BIO, BIO_R_UNAVAILABLE_IP_FAMILY); - goto exit_loop; - } - break; - case BIO_FAMILY_IPV4: - family = AF_INET; - break; - case BIO_FAMILY_IPANY: - family = AF_UNSPEC; - break; - default: - ERR_raise(ERR_LIB_BIO, BIO_R_UNSUPPORTED_IP_FAMILY); - goto exit_loop; - } - if (BIO_lookup(c->param_addr, c->param_serv, BIO_LOOKUP_SERVER, - family, SOCK_STREAM, &c->addr_first) == 0) - goto exit_loop; - } - if (c->addr_first == NULL) { - ERR_raise(ERR_LIB_BIO, BIO_R_LOOKUP_RETURNED_NOTHING); - goto exit_loop; - } - c->addr_iter = c->addr_first; - c->state = ACPT_S_CREATE_SOCKET; - break; - - case ACPT_S_CREATE_SOCKET: - ERR_set_mark(); - s = BIO_socket(BIO_ADDRINFO_family(c->addr_iter), - BIO_ADDRINFO_socktype(c->addr_iter), - BIO_ADDRINFO_protocol(c->addr_iter), 0); - if (s == (int)INVALID_SOCKET) { - if ((c->addr_iter = BIO_ADDRINFO_next(c->addr_iter)) != NULL) { - /* - * if there are more addresses to try, do that first - */ - ERR_pop_to_mark(); - break; - } - ERR_clear_last_mark(); - ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(), - "calling socket(%s, %s)", - c->param_addr, c->param_serv); - ERR_raise(ERR_LIB_BIO, BIO_R_UNABLE_TO_CREATE_SOCKET); - goto exit_loop; - } - c->accept_sock = s; - b->num = s; - c->state = ACPT_S_LISTEN; - s = -1; - break; - - case ACPT_S_LISTEN: - { - if (!BIO_listen(c->accept_sock, - BIO_ADDRINFO_address(c->addr_iter), - c->bind_mode)) { - BIO_closesocket(c->accept_sock); - goto exit_loop; - } - } - - { - union BIO_sock_info_u info; - - info.addr = &c->cache_accepting_addr; - if (!BIO_sock_info(c->accept_sock, BIO_SOCK_INFO_ADDRESS, - &info)) { - BIO_closesocket(c->accept_sock); - goto exit_loop; - } - } - - c->cache_accepting_name = - BIO_ADDR_hostname_string(&c->cache_accepting_addr, 1); - c->cache_accepting_serv = - BIO_ADDR_service_string(&c->cache_accepting_addr, 1); - c->state = ACPT_S_ACCEPT; - s = -1; - ret = 1; - goto end; - - case ACPT_S_ACCEPT: - if (b->next_bio != NULL) { - c->state = ACPT_S_OK; - break; - } - BIO_clear_retry_flags(b); - b->retry_reason = 0; - - OPENSSL_free(c->cache_peer_name); - c->cache_peer_name = NULL; - OPENSSL_free(c->cache_peer_serv); - c->cache_peer_serv = NULL; - - s = BIO_accept_ex(c->accept_sock, &c->cache_peer_addr, - c->accepted_mode); - - /* If the returned socket is invalid, this might still be - * retryable - */ - if (s < 0) { - if (BIO_sock_should_retry(s)) { - BIO_set_retry_special(b); - b->retry_reason = BIO_RR_ACCEPT; - goto end; - } - } - - /* If it wasn't retryable, we fail */ - if (s < 0) { - ret = s; - goto exit_loop; - } - - bio = BIO_new_socket(s, BIO_CLOSE); - if (bio == NULL) - goto exit_loop; - - BIO_set_callback_ex(bio, BIO_get_callback_ex(b)); -#ifndef OPENSSL_NO_DEPRECATED_3_0 - BIO_set_callback(bio, BIO_get_callback(b)); -#endif - BIO_set_callback_arg(bio, BIO_get_callback_arg(b)); - /* - * If the accept BIO has an bio_chain, we dup it and put the new - * socket at the end. - */ - if (c->bio_chain != NULL) { - if ((dbio = BIO_dup_chain(c->bio_chain)) == NULL) - goto exit_loop; - if (!BIO_push(dbio, bio)) - goto exit_loop; - bio = dbio; - } - if (BIO_push(b, bio) == NULL) - goto exit_loop; - - c->cache_peer_name = - BIO_ADDR_hostname_string(&c->cache_peer_addr, 1); - c->cache_peer_serv = - BIO_ADDR_service_string(&c->cache_peer_addr, 1); - c->state = ACPT_S_OK; - bio = NULL; - ret = 1; - goto end; - - case ACPT_S_OK: - if (b->next_bio == NULL) { - c->state = ACPT_S_ACCEPT; - break; - } - ret = 1; - goto end; - - default: - ret = 0; - goto end; - } - } - - exit_loop: - if (bio != NULL) - BIO_free(bio); - else if (s >= 0) - BIO_closesocket(s); - end: - return ret; -} - -static int acpt_read(BIO *b, char *out, int outl) -{ - int ret = 0; - BIO_ACCEPT *data; - - BIO_clear_retry_flags(b); - data = (BIO_ACCEPT *)b->ptr; - - while (b->next_bio == NULL) { - ret = acpt_state(b, data); - if (ret <= 0) - return ret; - } - - ret = BIO_read(b->next_bio, out, outl); - BIO_copy_next_retry(b); - return ret; -} - -static int acpt_write(BIO *b, const char *in, int inl) -{ - int ret; - BIO_ACCEPT *data; - - BIO_clear_retry_flags(b); - data = (BIO_ACCEPT *)b->ptr; - - while (b->next_bio == NULL) { - ret = acpt_state(b, data); - if (ret <= 0) - return ret; - } - - ret = BIO_write(b->next_bio, in, inl); - BIO_copy_next_retry(b); - return ret; -} - -static long acpt_ctrl(BIO *b, int cmd, long num, void *ptr) -{ - int *ip; - long ret = 1; - BIO_ACCEPT *data; - char **pp; - - data = (BIO_ACCEPT *)b->ptr; - - switch (cmd) { - case BIO_CTRL_RESET: - ret = 0; - data->state = ACPT_S_BEFORE; - acpt_close_socket(b); - BIO_ADDRINFO_free(data->addr_first); - data->addr_first = NULL; - b->flags = 0; - break; - case BIO_C_DO_STATE_MACHINE: - /* use this one to start the connection */ - ret = (long)acpt_state(b, data); - break; - case BIO_C_SET_ACCEPT: - if (ptr != NULL) { - if (num == 0) { - char *hold_serv = data->param_serv; - /* We affect the hostname regardless. However, the input - * string might contain a host:service spec, so we must - * parse it, which might or might not affect the service - */ - OPENSSL_free(data->param_addr); - data->param_addr = NULL; - ret = BIO_parse_hostserv(ptr, - &data->param_addr, - &data->param_serv, - BIO_PARSE_PRIO_SERV); - if (hold_serv != data->param_serv) - OPENSSL_free(hold_serv); - b->init = 1; - } else if (num == 1) { - OPENSSL_free(data->param_serv); - if ((data->param_serv = OPENSSL_strdup(ptr)) == NULL) - ret = 0; - else - b->init = 1; - } else if (num == 2) { - data->bind_mode |= BIO_SOCK_NONBLOCK; - } else if (num == 3) { - BIO_free(data->bio_chain); - data->bio_chain = (BIO *)ptr; - } else if (num == 4) { - data->accept_family = *(int *)ptr; - } - } else { - if (num == 2) { - data->bind_mode &= ~BIO_SOCK_NONBLOCK; - } - } - break; - case BIO_C_SET_NBIO: - if (num != 0) - data->accepted_mode |= BIO_SOCK_NONBLOCK; - else - data->accepted_mode &= ~BIO_SOCK_NONBLOCK; - break; - case BIO_C_SET_FD: - b->num = *((int *)ptr); - data->accept_sock = b->num; - data->state = ACPT_S_ACCEPT; - b->shutdown = (int)num; - b->init = 1; - break; - case BIO_C_GET_FD: - if (b->init) { - ip = (int *)ptr; - if (ip != NULL) - *ip = data->accept_sock; - ret = data->accept_sock; - } else - ret = -1; - break; - case BIO_C_GET_ACCEPT: - if (b->init) { - if (num == 0 && ptr != NULL) { - pp = (char **)ptr; - *pp = data->cache_accepting_name; - } else if (num == 1 && ptr != NULL) { - pp = (char **)ptr; - *pp = data->cache_accepting_serv; - } else if (num == 2 && ptr != NULL) { - pp = (char **)ptr; - *pp = data->cache_peer_name; - } else if (num == 3 && ptr != NULL) { - pp = (char **)ptr; - *pp = data->cache_peer_serv; - } else if (num == 4) { - switch (BIO_ADDRINFO_family(data->addr_iter)) { -#ifdef AF_INET6 - case AF_INET6: - ret = BIO_FAMILY_IPV6; - break; -#endif - case AF_INET: - ret = BIO_FAMILY_IPV4; - break; - case 0: - ret = data->accept_family; - break; - default: - ret = -1; - break; - } - } else - ret = -1; - } else - ret = -1; - break; - case BIO_CTRL_GET_CLOSE: - ret = b->shutdown; - break; - case BIO_CTRL_SET_CLOSE: - b->shutdown = (int)num; - break; - case BIO_CTRL_PENDING: - case BIO_CTRL_WPENDING: - ret = 0; - break; - case BIO_CTRL_FLUSH: - break; - case BIO_C_SET_BIND_MODE: - data->bind_mode = (int)num; - break; - case BIO_C_GET_BIND_MODE: - ret = (long)data->bind_mode; - break; - case BIO_CTRL_DUP: - break; - case BIO_CTRL_EOF: - if (b->next_bio == NULL) - ret = 0; - else - ret = BIO_ctrl(b->next_bio, cmd, num, ptr); - break; - default: - ret = 0; - break; - } - return ret; -} - -static int acpt_puts(BIO *bp, const char *str) -{ - int n, ret; - - n = strlen(str); - ret = acpt_write(bp, str, n); - return ret; -} - -BIO *BIO_new_accept(const char *str) -{ - BIO *ret; - - ret = BIO_new(BIO_s_accept()); - if (ret == NULL) - return NULL; - if (BIO_set_accept_name(ret, str)) - return ret; - BIO_free(ret); - return NULL; -} - -#endif diff --git a/crypto/bio/bss_bio.c b/crypto/bio/bss_bio.c deleted file mode 100644 index 7fa8778cae10d476270d6f952118455d438f9859..0000000000000000000000000000000000000000 --- a/crypto/bio/bss_bio.c +++ /dev/null @@ -1,806 +0,0 @@ -/* - * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * Special method for a BIO where the other endpoint is also a BIO of this - * kind, handled by the same thread (i.e. the "peer" is actually ourselves, - * wearing a different hat). Such "BIO pairs" are mainly for using the SSL - * library with I/O interfaces for which no specific BIO method is available. - * See ssl/ssltest.c for some hints on how this can be used. - */ - -#include "e_os.h" -#include -#include -#include -#include - -#include "bio_local.h" -#include -#include - -static int bio_new(BIO *bio); -static int bio_free(BIO *bio); -static int bio_read(BIO *bio, char *buf, int size); -static int bio_write(BIO *bio, const char *buf, int num); -static long bio_ctrl(BIO *bio, int cmd, long num, void *ptr); -static int bio_puts(BIO *bio, const char *str); - -static int bio_make_pair(BIO *bio1, BIO *bio2); -static void bio_destroy_pair(BIO *bio); - -static const BIO_METHOD methods_biop = { - BIO_TYPE_BIO, - "BIO pair", - bwrite_conv, - bio_write, - bread_conv, - bio_read, - bio_puts, - NULL /* no bio_gets */ , - bio_ctrl, - bio_new, - bio_free, - NULL /* no bio_callback_ctrl */ -}; - -const BIO_METHOD *BIO_s_bio(void) -{ - return &methods_biop; -} - -struct bio_bio_st { - BIO *peer; /* NULL if buf == NULL. If peer != NULL, then - * peer->ptr is also a bio_bio_st, and its - * "peer" member points back to us. peer != - * NULL iff init != 0 in the BIO. */ - /* This is for what we write (i.e. reading uses peer's struct): */ - int closed; /* valid iff peer != NULL */ - size_t len; /* valid iff buf != NULL; 0 if peer == NULL */ - size_t offset; /* valid iff buf != NULL; 0 if len == 0 */ - size_t size; - char *buf; /* "size" elements (if != NULL) */ - size_t request; /* valid iff peer != NULL; 0 if len != 0, - * otherwise set by peer to number of bytes - * it (unsuccessfully) tried to read, never - * more than buffer space (size-len) - * warrants. */ -}; - -static int bio_new(BIO *bio) -{ - struct bio_bio_st *b = OPENSSL_zalloc(sizeof(*b)); - - if (b == NULL) - return 0; - - /* enough for one TLS record (just a default) */ - b->size = 17 * 1024; - - bio->ptr = b; - return 1; -} - -static int bio_free(BIO *bio) -{ - struct bio_bio_st *b; - - if (bio == NULL) - return 0; - b = bio->ptr; - - assert(b != NULL); - - if (b->peer) - bio_destroy_pair(bio); - - OPENSSL_free(b->buf); - OPENSSL_free(b); - - return 1; -} - -static int bio_read(BIO *bio, char *buf, int size_) -{ - size_t size = size_; - size_t rest; - struct bio_bio_st *b, *peer_b; - - BIO_clear_retry_flags(bio); - - if (!bio->init) - return 0; - - b = bio->ptr; - assert(b != NULL); - assert(b->peer != NULL); - peer_b = b->peer->ptr; - assert(peer_b != NULL); - assert(peer_b->buf != NULL); - - peer_b->request = 0; /* will be set in "retry_read" situation */ - - if (buf == NULL || size == 0) - return 0; - - if (peer_b->len == 0) { - if (peer_b->closed) - return 0; /* writer has closed, and no data is left */ - else { - BIO_set_retry_read(bio); /* buffer is empty */ - if (size <= peer_b->size) - peer_b->request = size; - else - /* - * don't ask for more than the peer can deliver in one write - */ - peer_b->request = peer_b->size; - return -1; - } - } - - /* we can read */ - if (peer_b->len < size) - size = peer_b->len; - - /* now read "size" bytes */ - - rest = size; - - assert(rest > 0); - do { /* one or two iterations */ - size_t chunk; - - assert(rest <= peer_b->len); - if (peer_b->offset + rest <= peer_b->size) - chunk = rest; - else - /* wrap around ring buffer */ - chunk = peer_b->size - peer_b->offset; - assert(peer_b->offset + chunk <= peer_b->size); - - memcpy(buf, peer_b->buf + peer_b->offset, chunk); - - peer_b->len -= chunk; - if (peer_b->len) { - peer_b->offset += chunk; - assert(peer_b->offset <= peer_b->size); - if (peer_b->offset == peer_b->size) - peer_b->offset = 0; - buf += chunk; - } else { - /* buffer now empty, no need to advance "buf" */ - assert(chunk == rest); - peer_b->offset = 0; - } - rest -= chunk; - } - while (rest); - - return size; -} - -/*- - * non-copying interface: provide pointer to available data in buffer - * bio_nread0: return number of available bytes - * bio_nread: also advance index - * (example usage: bio_nread0(), read from buffer, bio_nread() - * or just bio_nread(), read from buffer) - */ -/* - * WARNING: The non-copying interface is largely untested as of yet and may - * contain bugs. - */ -static ossl_ssize_t bio_nread0(BIO *bio, char **buf) -{ - struct bio_bio_st *b, *peer_b; - ossl_ssize_t num; - - BIO_clear_retry_flags(bio); - - if (!bio->init) - return 0; - - b = bio->ptr; - assert(b != NULL); - assert(b->peer != NULL); - peer_b = b->peer->ptr; - assert(peer_b != NULL); - assert(peer_b->buf != NULL); - - peer_b->request = 0; - - if (peer_b->len == 0) { - char dummy; - - /* avoid code duplication -- nothing available for reading */ - return bio_read(bio, &dummy, 1); /* returns 0 or -1 */ - } - - num = peer_b->len; - if (peer_b->size < peer_b->offset + num) - /* no ring buffer wrap-around for non-copying interface */ - num = peer_b->size - peer_b->offset; - assert(num > 0); - - if (buf != NULL) - *buf = peer_b->buf + peer_b->offset; - return num; -} - -static ossl_ssize_t bio_nread(BIO *bio, char **buf, size_t num_) -{ - struct bio_bio_st *b, *peer_b; - ossl_ssize_t num, available; - - if (num_ > OSSL_SSIZE_MAX) - num = OSSL_SSIZE_MAX; - else - num = (ossl_ssize_t) num_; - - available = bio_nread0(bio, buf); - if (num > available) - num = available; - if (num <= 0) - return num; - - b = bio->ptr; - peer_b = b->peer->ptr; - - peer_b->len -= num; - if (peer_b->len) { - peer_b->offset += num; - assert(peer_b->offset <= peer_b->size); - if (peer_b->offset == peer_b->size) - peer_b->offset = 0; - } else - peer_b->offset = 0; - - return num; -} - -static int bio_write(BIO *bio, const char *buf, int num_) -{ - size_t num = num_; - size_t rest; - struct bio_bio_st *b; - - BIO_clear_retry_flags(bio); - - if (!bio->init || buf == NULL || num == 0) - return 0; - - b = bio->ptr; - assert(b != NULL); - assert(b->peer != NULL); - assert(b->buf != NULL); - - b->request = 0; - if (b->closed) { - /* we already closed */ - ERR_raise(ERR_LIB_BIO, BIO_R_BROKEN_PIPE); - return -1; - } - - assert(b->len <= b->size); - - if (b->len == b->size) { - BIO_set_retry_write(bio); /* buffer is full */ - return -1; - } - - /* we can write */ - if (num > b->size - b->len) - num = b->size - b->len; - - /* now write "num" bytes */ - - rest = num; - - assert(rest > 0); - do { /* one or two iterations */ - size_t write_offset; - size_t chunk; - - assert(b->len + rest <= b->size); - - write_offset = b->offset + b->len; - if (write_offset >= b->size) - write_offset -= b->size; - /* b->buf[write_offset] is the first byte we can write to. */ - - if (write_offset + rest <= b->size) - chunk = rest; - else - /* wrap around ring buffer */ - chunk = b->size - write_offset; - - memcpy(b->buf + write_offset, buf, chunk); - - b->len += chunk; - - assert(b->len <= b->size); - - rest -= chunk; - buf += chunk; - } - while (rest); - - return num; -} - -/*- - * non-copying interface: provide pointer to region to write to - * bio_nwrite0: check how much space is available - * bio_nwrite: also increase length - * (example usage: bio_nwrite0(), write to buffer, bio_nwrite() - * or just bio_nwrite(), write to buffer) - */ -static ossl_ssize_t bio_nwrite0(BIO *bio, char **buf) -{ - struct bio_bio_st *b; - size_t num; - size_t write_offset; - - BIO_clear_retry_flags(bio); - - if (!bio->init) - return 0; - - b = bio->ptr; - assert(b != NULL); - assert(b->peer != NULL); - assert(b->buf != NULL); - - b->request = 0; - if (b->closed) { - ERR_raise(ERR_LIB_BIO, BIO_R_BROKEN_PIPE); - return -1; - } - - assert(b->len <= b->size); - - if (b->len == b->size) { - BIO_set_retry_write(bio); - return -1; - } - - num = b->size - b->len; - write_offset = b->offset + b->len; - if (write_offset >= b->size) - write_offset -= b->size; - if (write_offset + num > b->size) - /* - * no ring buffer wrap-around for non-copying interface (to fulfil - * the promise by BIO_ctrl_get_write_guarantee, BIO_nwrite may have - * to be called twice) - */ - num = b->size - write_offset; - - if (buf != NULL) - *buf = b->buf + write_offset; - assert(write_offset + num <= b->size); - - return num; -} - -static ossl_ssize_t bio_nwrite(BIO *bio, char **buf, size_t num_) -{ - struct bio_bio_st *b; - ossl_ssize_t num, space; - - if (num_ > OSSL_SSIZE_MAX) - num = OSSL_SSIZE_MAX; - else - num = (ossl_ssize_t) num_; - - space = bio_nwrite0(bio, buf); - if (num > space) - num = space; - if (num <= 0) - return num; - b = bio->ptr; - assert(b != NULL); - b->len += num; - assert(b->len <= b->size); - - return num; -} - -static long bio_ctrl(BIO *bio, int cmd, long num, void *ptr) -{ - long ret; - struct bio_bio_st *b = bio->ptr; - - assert(b != NULL); - - switch (cmd) { - /* specific CTRL codes */ - - case BIO_C_SET_WRITE_BUF_SIZE: - if (b->peer) { - ERR_raise(ERR_LIB_BIO, BIO_R_IN_USE); - ret = 0; - } else if (num == 0) { - ERR_raise(ERR_LIB_BIO, BIO_R_INVALID_ARGUMENT); - ret = 0; - } else { - size_t new_size = num; - - if (b->size != new_size) { - OPENSSL_free(b->buf); - b->buf = NULL; - b->size = new_size; - } - ret = 1; - } - break; - - case BIO_C_GET_WRITE_BUF_SIZE: - ret = (long)b->size; - break; - - case BIO_C_MAKE_BIO_PAIR: - { - BIO *other_bio = ptr; - - if (bio_make_pair(bio, other_bio)) - ret = 1; - else - ret = 0; - } - break; - - case BIO_C_DESTROY_BIO_PAIR: - /* - * Affects both BIOs in the pair -- call just once! Or let - * BIO_free(bio1); BIO_free(bio2); do the job. - */ - bio_destroy_pair(bio); - ret = 1; - break; - - case BIO_C_GET_WRITE_GUARANTEE: - /* - * How many bytes can the caller feed to the next write without - * having to keep any? - */ - if (b->peer == NULL || b->closed) - ret = 0; - else - ret = (long)b->size - b->len; - break; - - case BIO_C_GET_READ_REQUEST: - /* - * If the peer unsuccessfully tried to read, how many bytes were - * requested? (As with BIO_CTRL_PENDING, that number can usually be - * treated as boolean.) - */ - ret = (long)b->request; - break; - - case BIO_C_RESET_READ_REQUEST: - /* - * Reset request. (Can be useful after read attempts at the other - * side that are meant to be non-blocking, e.g. when probing SSL_read - * to see if any data is available.) - */ - b->request = 0; - ret = 1; - break; - - case BIO_C_SHUTDOWN_WR: - /* similar to shutdown(..., SHUT_WR) */ - b->closed = 1; - ret = 1; - break; - - case BIO_C_NREAD0: - /* prepare for non-copying read */ - ret = (long)bio_nread0(bio, ptr); - break; - - case BIO_C_NREAD: - /* non-copying read */ - ret = (long)bio_nread(bio, ptr, (size_t)num); - break; - - case BIO_C_NWRITE0: - /* prepare for non-copying write */ - ret = (long)bio_nwrite0(bio, ptr); - break; - - case BIO_C_NWRITE: - /* non-copying write */ - ret = (long)bio_nwrite(bio, ptr, (size_t)num); - break; - - /* standard CTRL codes follow */ - - case BIO_CTRL_RESET: - if (b->buf != NULL) { - b->len = 0; - b->offset = 0; - } - ret = 0; - break; - - case BIO_CTRL_GET_CLOSE: - ret = bio->shutdown; - break; - - case BIO_CTRL_SET_CLOSE: - bio->shutdown = (int)num; - ret = 1; - break; - - case BIO_CTRL_PENDING: - if (b->peer != NULL) { - struct bio_bio_st *peer_b = b->peer->ptr; - - ret = (long)peer_b->len; - } else - ret = 0; - break; - - case BIO_CTRL_WPENDING: - if (b->buf != NULL) - ret = (long)b->len; - else - ret = 0; - break; - - case BIO_CTRL_DUP: - /* See BIO_dup_chain for circumstances we have to expect. */ - { - BIO *other_bio = ptr; - struct bio_bio_st *other_b; - - assert(other_bio != NULL); - other_b = other_bio->ptr; - assert(other_b != NULL); - - assert(other_b->buf == NULL); /* other_bio is always fresh */ - - other_b->size = b->size; - } - - ret = 1; - break; - - case BIO_CTRL_FLUSH: - ret = 1; - break; - - case BIO_CTRL_EOF: - if (b->peer != NULL) { - struct bio_bio_st *peer_b = b->peer->ptr; - - if (peer_b->len == 0 && peer_b->closed) - ret = 1; - else - ret = 0; - } else { - ret = 1; - } - break; - - default: - ret = 0; - } - return ret; -} - -static int bio_puts(BIO *bio, const char *str) -{ - return bio_write(bio, str, strlen(str)); -} - -static int bio_make_pair(BIO *bio1, BIO *bio2) -{ - struct bio_bio_st *b1, *b2; - - assert(bio1 != NULL); - assert(bio2 != NULL); - - b1 = bio1->ptr; - b2 = bio2->ptr; - - if (b1->peer != NULL || b2->peer != NULL) { - ERR_raise(ERR_LIB_BIO, BIO_R_IN_USE); - return 0; - } - - if (b1->buf == NULL) { - b1->buf = OPENSSL_malloc(b1->size); - if (b1->buf == NULL) { - ERR_raise(ERR_LIB_BIO, ERR_R_MALLOC_FAILURE); - return 0; - } - b1->len = 0; - b1->offset = 0; - } - - if (b2->buf == NULL) { - b2->buf = OPENSSL_malloc(b2->size); - if (b2->buf == NULL) { - ERR_raise(ERR_LIB_BIO, ERR_R_MALLOC_FAILURE); - return 0; - } - b2->len = 0; - b2->offset = 0; - } - - b1->peer = bio2; - b1->closed = 0; - b1->request = 0; - b2->peer = bio1; - b2->closed = 0; - b2->request = 0; - - bio1->init = 1; - bio2->init = 1; - - return 1; -} - -static void bio_destroy_pair(BIO *bio) -{ - struct bio_bio_st *b = bio->ptr; - - if (b != NULL) { - BIO *peer_bio = b->peer; - - if (peer_bio != NULL) { - struct bio_bio_st *peer_b = peer_bio->ptr; - - assert(peer_b != NULL); - assert(peer_b->peer == bio); - - peer_b->peer = NULL; - peer_bio->init = 0; - assert(peer_b->buf != NULL); - peer_b->len = 0; - peer_b->offset = 0; - - b->peer = NULL; - bio->init = 0; - assert(b->buf != NULL); - b->len = 0; - b->offset = 0; - } - } -} - -/* Exported convenience functions */ -int BIO_new_bio_pair(BIO **bio1_p, size_t writebuf1, - BIO **bio2_p, size_t writebuf2) -{ - BIO *bio1 = NULL, *bio2 = NULL; - long r; - int ret = 0; - - bio1 = BIO_new(BIO_s_bio()); - if (bio1 == NULL) - goto err; - bio2 = BIO_new(BIO_s_bio()); - if (bio2 == NULL) - goto err; - - if (writebuf1) { - r = BIO_set_write_buf_size(bio1, writebuf1); - if (!r) - goto err; - } - if (writebuf2) { - r = BIO_set_write_buf_size(bio2, writebuf2); - if (!r) - goto err; - } - - r = BIO_make_bio_pair(bio1, bio2); - if (!r) - goto err; - ret = 1; - - err: - if (ret == 0) { - BIO_free(bio1); - bio1 = NULL; - BIO_free(bio2); - bio2 = NULL; - } - - *bio1_p = bio1; - *bio2_p = bio2; - return ret; -} - -size_t BIO_ctrl_get_write_guarantee(BIO *bio) -{ - return BIO_ctrl(bio, BIO_C_GET_WRITE_GUARANTEE, 0, NULL); -} - -size_t BIO_ctrl_get_read_request(BIO *bio) -{ - return BIO_ctrl(bio, BIO_C_GET_READ_REQUEST, 0, NULL); -} - -int BIO_ctrl_reset_read_request(BIO *bio) -{ - return (BIO_ctrl(bio, BIO_C_RESET_READ_REQUEST, 0, NULL) != 0); -} - -/* - * BIO_nread0/nread/nwrite0/nwrite are available only for BIO pairs for now - * (conceivably some other BIOs could allow non-copying reads and writes - * too.) - */ -int BIO_nread0(BIO *bio, char **buf) -{ - long ret; - - if (!bio->init) { - ERR_raise(ERR_LIB_BIO, BIO_R_UNINITIALIZED); - return -2; - } - - ret = BIO_ctrl(bio, BIO_C_NREAD0, 0, buf); - if (ret > INT_MAX) - return INT_MAX; - else - return (int)ret; -} - -int BIO_nread(BIO *bio, char **buf, int num) -{ - int ret; - - if (!bio->init) { - ERR_raise(ERR_LIB_BIO, BIO_R_UNINITIALIZED); - return -2; - } - - ret = (int)BIO_ctrl(bio, BIO_C_NREAD, num, buf); - if (ret > 0) - bio->num_read += ret; - return ret; -} - -int BIO_nwrite0(BIO *bio, char **buf) -{ - long ret; - - if (!bio->init) { - ERR_raise(ERR_LIB_BIO, BIO_R_UNINITIALIZED); - return -2; - } - - ret = BIO_ctrl(bio, BIO_C_NWRITE0, 0, buf); - if (ret > INT_MAX) - return INT_MAX; - else - return (int)ret; -} - -int BIO_nwrite(BIO *bio, char **buf, int num) -{ - int ret; - - if (!bio->init) { - ERR_raise(ERR_LIB_BIO, BIO_R_UNINITIALIZED); - return -2; - } - - ret = BIO_ctrl(bio, BIO_C_NWRITE, num, buf); - if (ret > 0) - bio->num_write += ret; - return ret; -} diff --git a/crypto/bio/bss_conn.c b/crypto/bio/bss_conn.c deleted file mode 100644 index 0d91f25fe70e71b9d8f21f72760bf1d159f7da15..0000000000000000000000000000000000000000 --- a/crypto/bio/bss_conn.c +++ /dev/null @@ -1,624 +0,0 @@ -/* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include - -#include "bio_local.h" -#include "internal/ktls.h" - -#ifndef OPENSSL_NO_SOCK - -typedef struct bio_connect_st { - int state; - int connect_family; - char *param_hostname; - char *param_service; - int connect_mode; -# ifndef OPENSSL_NO_KTLS - unsigned char record_type; -# endif - - BIO_ADDRINFO *addr_first; - const BIO_ADDRINFO *addr_iter; - /* - * int socket; this will be kept in bio->num so that it is compatible - * with the bss_sock bio - */ - /* - * called when the connection is initially made callback(BIO,state,ret); - * The callback should return 'ret'. state is for compatibility with the - * ssl info_callback - */ - BIO_info_cb *info_callback; -} BIO_CONNECT; - -static int conn_write(BIO *h, const char *buf, int num); -static int conn_read(BIO *h, char *buf, int size); -static int conn_puts(BIO *h, const char *str); -static long conn_ctrl(BIO *h, int cmd, long arg1, void *arg2); -static int conn_new(BIO *h); -static int conn_free(BIO *data); -static long conn_callback_ctrl(BIO *h, int cmd, BIO_info_cb *); - -static int conn_state(BIO *b, BIO_CONNECT *c); -static void conn_close_socket(BIO *data); -BIO_CONNECT *BIO_CONNECT_new(void); -void BIO_CONNECT_free(BIO_CONNECT *a); - -#define BIO_CONN_S_BEFORE 1 -#define BIO_CONN_S_GET_ADDR 2 -#define BIO_CONN_S_CREATE_SOCKET 3 -#define BIO_CONN_S_CONNECT 4 -#define BIO_CONN_S_OK 5 -#define BIO_CONN_S_BLOCKED_CONNECT 6 -#define BIO_CONN_S_CONNECT_ERROR 7 - -static const BIO_METHOD methods_connectp = { - BIO_TYPE_CONNECT, - "socket connect", - bwrite_conv, - conn_write, - bread_conv, - conn_read, - conn_puts, - NULL, /* conn_gets, */ - conn_ctrl, - conn_new, - conn_free, - conn_callback_ctrl, -}; - -static int conn_state(BIO *b, BIO_CONNECT *c) -{ - int ret = -1, i; - BIO_info_cb *cb = NULL; - - if (c->info_callback != NULL) - cb = c->info_callback; - - for (;;) { - switch (c->state) { - case BIO_CONN_S_BEFORE: - if (c->param_hostname == NULL && c->param_service == NULL) { - ERR_raise_data(ERR_LIB_BIO, - BIO_R_NO_HOSTNAME_OR_SERVICE_SPECIFIED, - "hostname=%s service=%s", - c->param_hostname, c->param_service); - goto exit_loop; - } - c->state = BIO_CONN_S_GET_ADDR; - break; - - case BIO_CONN_S_GET_ADDR: - { - int family = AF_UNSPEC; - switch (c->connect_family) { - case BIO_FAMILY_IPV6: - if (1) { /* This is a trick we use to avoid bit rot. - * at least the "else" part will always be - * compiled. - */ -#ifdef AF_INET6 - family = AF_INET6; - } else { -#endif - ERR_raise(ERR_LIB_BIO, BIO_R_UNAVAILABLE_IP_FAMILY); - goto exit_loop; - } - break; - case BIO_FAMILY_IPV4: - family = AF_INET; - break; - case BIO_FAMILY_IPANY: - family = AF_UNSPEC; - break; - default: - ERR_raise(ERR_LIB_BIO, BIO_R_UNSUPPORTED_IP_FAMILY); - goto exit_loop; - } - if (BIO_lookup(c->param_hostname, c->param_service, - BIO_LOOKUP_CLIENT, - family, SOCK_STREAM, &c->addr_first) == 0) - goto exit_loop; - } - if (c->addr_first == NULL) { - ERR_raise(ERR_LIB_BIO, BIO_R_LOOKUP_RETURNED_NOTHING); - goto exit_loop; - } - c->addr_iter = c->addr_first; - c->state = BIO_CONN_S_CREATE_SOCKET; - break; - - case BIO_CONN_S_CREATE_SOCKET: - ret = BIO_socket(BIO_ADDRINFO_family(c->addr_iter), - BIO_ADDRINFO_socktype(c->addr_iter), - BIO_ADDRINFO_protocol(c->addr_iter), 0); - if (ret == (int)INVALID_SOCKET) { - ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(), - "calling socket(%s, %s)", - c->param_hostname, c->param_service); - ERR_raise(ERR_LIB_BIO, BIO_R_UNABLE_TO_CREATE_SOCKET); - goto exit_loop; - } - b->num = ret; - c->state = BIO_CONN_S_CONNECT; - break; - - case BIO_CONN_S_CONNECT: - BIO_clear_retry_flags(b); - ERR_set_mark(); - ret = BIO_connect(b->num, BIO_ADDRINFO_address(c->addr_iter), - BIO_SOCK_KEEPALIVE | c->connect_mode); - b->retry_reason = 0; - if (ret == 0) { - if (BIO_sock_should_retry(ret)) { - BIO_set_retry_special(b); - c->state = BIO_CONN_S_BLOCKED_CONNECT; - b->retry_reason = BIO_RR_CONNECT; - ERR_pop_to_mark(); - } else if ((c->addr_iter = BIO_ADDRINFO_next(c->addr_iter)) - != NULL) { - /* - * if there are more addresses to try, do that first - */ - BIO_closesocket(b->num); - c->state = BIO_CONN_S_CREATE_SOCKET; - ERR_pop_to_mark(); - break; - } else { - ERR_clear_last_mark(); - ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(), - "calling connect(%s, %s)", - c->param_hostname, c->param_service); - c->state = BIO_CONN_S_CONNECT_ERROR; - break; - } - goto exit_loop; - } else { - ERR_clear_last_mark(); - c->state = BIO_CONN_S_OK; - } - break; - - case BIO_CONN_S_BLOCKED_CONNECT: - /* wait for socket being writable, before querying BIO_sock_error */ - if (BIO_socket_wait(b->num, 0, time(NULL)) == 0) - break; - i = BIO_sock_error(b->num); - if (i != 0) { - BIO_clear_retry_flags(b); - if ((c->addr_iter = BIO_ADDRINFO_next(c->addr_iter)) != NULL) { - /* - * if there are more addresses to try, do that first - */ - BIO_closesocket(b->num); - c->state = BIO_CONN_S_CREATE_SOCKET; - break; - } - ERR_raise_data(ERR_LIB_SYS, i, - "calling connect(%s, %s)", - c->param_hostname, c->param_service); - ERR_raise(ERR_LIB_BIO, BIO_R_NBIO_CONNECT_ERROR); - ret = 0; - goto exit_loop; - } else { - c->state = BIO_CONN_S_OK; -# ifndef OPENSSL_NO_KTLS - /* - * The new socket is created successfully regardless of ktls_enable. - * ktls_enable doesn't change any functionality of the socket, except - * changing the setsockopt to enable the processing of ktls_start. - * Thus, it is not a problem to call it for non-TLS sockets. - */ - ktls_enable(b->num); -# endif - } - break; - - case BIO_CONN_S_CONNECT_ERROR: - ERR_raise(ERR_LIB_BIO, BIO_R_CONNECT_ERROR); - ret = 0; - goto exit_loop; - - case BIO_CONN_S_OK: - ret = 1; - goto exit_loop; - default: - /* abort(); */ - goto exit_loop; - } - - if (cb != NULL) { - if ((ret = cb((BIO *)b, c->state, ret)) == 0) - goto end; - } - } - - /* Loop does not exit */ - exit_loop: - if (cb != NULL) - ret = cb((BIO *)b, c->state, ret); - end: - return ret; -} - -BIO_CONNECT *BIO_CONNECT_new(void) -{ - BIO_CONNECT *ret; - - if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL) { - ERR_raise(ERR_LIB_BIO, ERR_R_MALLOC_FAILURE); - return NULL; - } - ret->state = BIO_CONN_S_BEFORE; - ret->connect_family = BIO_FAMILY_IPANY; - return ret; -} - -void BIO_CONNECT_free(BIO_CONNECT *a) -{ - if (a == NULL) - return; - OPENSSL_free(a->param_hostname); - OPENSSL_free(a->param_service); - BIO_ADDRINFO_free(a->addr_first); - OPENSSL_free(a); -} - -const BIO_METHOD *BIO_s_connect(void) -{ - return &methods_connectp; -} - -static int conn_new(BIO *bi) -{ - bi->init = 0; - bi->num = (int)INVALID_SOCKET; - bi->flags = 0; - if ((bi->ptr = (char *)BIO_CONNECT_new()) == NULL) - return 0; - else - return 1; -} - -static void conn_close_socket(BIO *bio) -{ - BIO_CONNECT *c; - - c = (BIO_CONNECT *)bio->ptr; - if (bio->num != (int)INVALID_SOCKET) { - /* Only do a shutdown if things were established */ - if (c->state == BIO_CONN_S_OK) - shutdown(bio->num, 2); - BIO_closesocket(bio->num); - bio->num = (int)INVALID_SOCKET; - } -} - -static int conn_free(BIO *a) -{ - BIO_CONNECT *data; - - if (a == NULL) - return 0; - data = (BIO_CONNECT *)a->ptr; - - if (a->shutdown) { - conn_close_socket(a); - BIO_CONNECT_free(data); - a->ptr = NULL; - a->flags = 0; - a->init = 0; - } - return 1; -} - -static int conn_read(BIO *b, char *out, int outl) -{ - int ret = 0; - BIO_CONNECT *data; - - data = (BIO_CONNECT *)b->ptr; - if (data->state != BIO_CONN_S_OK) { - ret = conn_state(b, data); - if (ret <= 0) - return ret; - } - - if (out != NULL) { - clear_socket_error(); -# ifndef OPENSSL_NO_KTLS - if (BIO_get_ktls_recv(b)) - ret = ktls_read_record(b->num, out, outl); - else -# endif - ret = readsocket(b->num, out, outl); - BIO_clear_retry_flags(b); - if (ret <= 0) { - if (BIO_sock_should_retry(ret)) - BIO_set_retry_read(b); - else if (ret == 0) - b->flags |= BIO_FLAGS_IN_EOF; - } - } - return ret; -} - -static int conn_write(BIO *b, const char *in, int inl) -{ - int ret; - BIO_CONNECT *data; - - data = (BIO_CONNECT *)b->ptr; - if (data->state != BIO_CONN_S_OK) { - ret = conn_state(b, data); - if (ret <= 0) - return ret; - } - - clear_socket_error(); -# ifndef OPENSSL_NO_KTLS - if (BIO_should_ktls_ctrl_msg_flag(b)) { - ret = ktls_send_ctrl_message(b->num, data->record_type, in, inl); - if (ret >= 0) { - ret = inl; - BIO_clear_ktls_ctrl_msg_flag(b); - } - } else -# endif - ret = writesocket(b->num, in, inl); - BIO_clear_retry_flags(b); - if (ret <= 0) { - if (BIO_sock_should_retry(ret)) - BIO_set_retry_write(b); - } - return ret; -} - -static long conn_ctrl(BIO *b, int cmd, long num, void *ptr) -{ - BIO *dbio; - int *ip; - const char **pptr = NULL; - long ret = 1; - BIO_CONNECT *data; -# ifndef OPENSSL_NO_KTLS - ktls_crypto_info_t *crypto_info; -# endif - - data = (BIO_CONNECT *)b->ptr; - - switch (cmd) { - case BIO_CTRL_RESET: - ret = 0; - data->state = BIO_CONN_S_BEFORE; - conn_close_socket(b); - BIO_ADDRINFO_free(data->addr_first); - data->addr_first = NULL; - b->flags = 0; - break; - case BIO_C_DO_STATE_MACHINE: - /* use this one to start the connection */ - if (data->state != BIO_CONN_S_OK) - ret = (long)conn_state(b, data); - else - ret = 1; - break; - case BIO_C_GET_CONNECT: - if (ptr != NULL) { - pptr = (const char **)ptr; - if (num == 0) { - *pptr = data->param_hostname; - } else if (num == 1) { - *pptr = data->param_service; - } else if (num == 2) { - *pptr = (const char *)BIO_ADDRINFO_address(data->addr_iter); - } else if (num == 3) { - switch (BIO_ADDRINFO_family(data->addr_iter)) { -# ifdef AF_INET6 - case AF_INET6: - ret = BIO_FAMILY_IPV6; - break; -# endif - case AF_INET: - ret = BIO_FAMILY_IPV4; - break; - case 0: - ret = data->connect_family; - break; - default: - ret = -1; - break; - } - } else { - ret = 0; - } - } else { - ret = 0; - } - break; - case BIO_C_SET_CONNECT: - if (ptr != NULL) { - b->init = 1; - if (num == 0) { /* BIO_set_conn_hostname */ - char *hold_service = data->param_service; - /* We affect the hostname regardless. However, the input - * string might contain a host:service spec, so we must - * parse it, which might or might not affect the service - */ - - OPENSSL_free(data->param_hostname); - data->param_hostname = NULL; - ret = BIO_parse_hostserv(ptr, - &data->param_hostname, - &data->param_service, - BIO_PARSE_PRIO_HOST); - if (hold_service != data->param_service) - OPENSSL_free(hold_service); - } else if (num == 1) { /* BIO_set_conn_port */ - OPENSSL_free(data->param_service); - if ((data->param_service = OPENSSL_strdup(ptr)) == NULL) - ret = 0; - } else if (num == 2) { /* BIO_set_conn_address */ - const BIO_ADDR *addr = (const BIO_ADDR *)ptr; - char *host = BIO_ADDR_hostname_string(addr, 1); - char *service = BIO_ADDR_service_string(addr, 1); - - ret = host != NULL && service != NULL; - if (ret) { - OPENSSL_free(data->param_hostname); - data->param_hostname = host; - OPENSSL_free(data->param_service); - data->param_service = service; - BIO_ADDRINFO_free(data->addr_first); - data->addr_first = NULL; - data->addr_iter = NULL; - } else { - OPENSSL_free(host); - OPENSSL_free(service); - } - } else if (num == 3) { /* BIO_set_conn_ip_family */ - data->connect_family = *(int *)ptr; - } else { - ret = 0; - } - } - break; - case BIO_C_SET_NBIO: - if (num != 0) - data->connect_mode |= BIO_SOCK_NONBLOCK; - else - data->connect_mode &= ~BIO_SOCK_NONBLOCK; - break; - case BIO_C_SET_CONNECT_MODE: - data->connect_mode = (int)num; - break; - case BIO_C_GET_FD: - if (b->init) { - ip = (int *)ptr; - if (ip != NULL) - *ip = b->num; - ret = b->num; - } else - ret = -1; - break; - case BIO_CTRL_GET_CLOSE: - ret = b->shutdown; - break; - case BIO_CTRL_SET_CLOSE: - b->shutdown = (int)num; - break; - case BIO_CTRL_PENDING: - case BIO_CTRL_WPENDING: - ret = 0; - break; - case BIO_CTRL_FLUSH: - break; - case BIO_CTRL_DUP: - { - dbio = (BIO *)ptr; - if (data->param_hostname) - BIO_set_conn_hostname(dbio, data->param_hostname); - if (data->param_service) - BIO_set_conn_port(dbio, data->param_service); - BIO_set_conn_ip_family(dbio, data->connect_family); - BIO_set_conn_mode(dbio, data->connect_mode); - /* - * FIXME: the cast of the function seems unlikely to be a good - * idea - */ - (void)BIO_set_info_callback(dbio, data->info_callback); - } - break; - case BIO_CTRL_SET_CALLBACK: - ret = 0; /* use callback ctrl */ - break; - case BIO_CTRL_GET_CALLBACK: - { - BIO_info_cb **fptr; - - fptr = (BIO_info_cb **)ptr; - *fptr = data->info_callback; - } - break; - case BIO_CTRL_EOF: - ret = (b->flags & BIO_FLAGS_IN_EOF) != 0; - break; -# ifndef OPENSSL_NO_KTLS - case BIO_CTRL_SET_KTLS: - crypto_info = (ktls_crypto_info_t *)ptr; - ret = ktls_start(b->num, crypto_info, num); - if (ret) - BIO_set_ktls_flag(b, num); - break; - case BIO_CTRL_GET_KTLS_SEND: - return BIO_should_ktls_flag(b, 1) != 0; - case BIO_CTRL_GET_KTLS_RECV: - return BIO_should_ktls_flag(b, 0) != 0; - case BIO_CTRL_SET_KTLS_TX_SEND_CTRL_MSG: - BIO_set_ktls_ctrl_msg_flag(b); - data->record_type = num; - ret = 0; - break; - case BIO_CTRL_CLEAR_KTLS_TX_CTRL_MSG: - BIO_clear_ktls_ctrl_msg_flag(b); - ret = 0; - break; -# endif - default: - ret = 0; - break; - } - return ret; -} - -static long conn_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp) -{ - long ret = 1; - BIO_CONNECT *data; - - data = (BIO_CONNECT *)b->ptr; - - switch (cmd) { - case BIO_CTRL_SET_CALLBACK: - { - data->info_callback = fp; - } - break; - default: - ret = 0; - break; - } - return ret; -} - -static int conn_puts(BIO *bp, const char *str) -{ - int n, ret; - - n = strlen(str); - ret = conn_write(bp, str, n); - return ret; -} - -BIO *BIO_new_connect(const char *str) -{ - BIO *ret; - - ret = BIO_new(BIO_s_connect()); - if (ret == NULL) - return NULL; - if (BIO_set_conn_hostname(ret, str)) - return ret; - BIO_free(ret); - return NULL; -} - -#endif diff --git a/crypto/bio/bss_core.c b/crypto/bio/bss_core.c deleted file mode 100644 index 7a84b20460c8e10ceff65b68f57934561262f709..0000000000000000000000000000000000000000 --- a/crypto/bio/bss_core.c +++ /dev/null @@ -1,194 +0,0 @@ -/* - * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "bio_local.h" -#include "internal/cryptlib.h" - -typedef struct { - OSSL_FUNC_BIO_read_ex_fn *c_bio_read_ex; - OSSL_FUNC_BIO_write_ex_fn *c_bio_write_ex; - OSSL_FUNC_BIO_gets_fn *c_bio_gets; - OSSL_FUNC_BIO_puts_fn *c_bio_puts; - OSSL_FUNC_BIO_ctrl_fn *c_bio_ctrl; - OSSL_FUNC_BIO_up_ref_fn *c_bio_up_ref; - OSSL_FUNC_BIO_free_fn *c_bio_free; -} BIO_CORE_GLOBALS; - -static void bio_core_globals_free(void *vbcg) -{ - OPENSSL_free(vbcg); -} - -static void *bio_core_globals_new(OSSL_LIB_CTX *ctx) -{ - return OPENSSL_zalloc(sizeof(BIO_CORE_GLOBALS)); -} - -static const OSSL_LIB_CTX_METHOD bio_core_globals_method = { - OSSL_LIB_CTX_METHOD_DEFAULT_PRIORITY, - bio_core_globals_new, - bio_core_globals_free, -}; - -static ossl_inline BIO_CORE_GLOBALS *get_globals(OSSL_LIB_CTX *libctx) -{ - return ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_BIO_CORE_INDEX, - &bio_core_globals_method); -} - -static int bio_core_read_ex(BIO *bio, char *data, size_t data_len, - size_t *bytes_read) -{ - BIO_CORE_GLOBALS *bcgbl = get_globals(bio->libctx); - - if (bcgbl == NULL || bcgbl->c_bio_read_ex == NULL) - return 0; - return bcgbl->c_bio_read_ex(BIO_get_data(bio), data, data_len, bytes_read); -} - -static int bio_core_write_ex(BIO *bio, const char *data, size_t data_len, - size_t *written) -{ - BIO_CORE_GLOBALS *bcgbl = get_globals(bio->libctx); - - if (bcgbl == NULL || bcgbl->c_bio_write_ex == NULL) - return 0; - return bcgbl->c_bio_write_ex(BIO_get_data(bio), data, data_len, written); -} - -static long bio_core_ctrl(BIO *bio, int cmd, long num, void *ptr) -{ - BIO_CORE_GLOBALS *bcgbl = get_globals(bio->libctx); - - if (bcgbl == NULL || bcgbl->c_bio_ctrl == NULL) - return -1; - return bcgbl->c_bio_ctrl(BIO_get_data(bio), cmd, num, ptr); -} - -static int bio_core_gets(BIO *bio, char *buf, int size) -{ - BIO_CORE_GLOBALS *bcgbl = get_globals(bio->libctx); - - if (bcgbl == NULL || bcgbl->c_bio_gets == NULL) - return -1; - return bcgbl->c_bio_gets(BIO_get_data(bio), buf, size); -} - -static int bio_core_puts(BIO *bio, const char *str) -{ - BIO_CORE_GLOBALS *bcgbl = get_globals(bio->libctx); - - if (bcgbl == NULL || bcgbl->c_bio_puts == NULL) - return -1; - return bcgbl->c_bio_puts(BIO_get_data(bio), str); -} - -static int bio_core_new(BIO *bio) -{ - BIO_set_init(bio, 1); - - return 1; -} - -static int bio_core_free(BIO *bio) -{ - BIO_CORE_GLOBALS *bcgbl = get_globals(bio->libctx); - - if (bcgbl == NULL) - return 0; - - BIO_set_init(bio, 0); - bcgbl->c_bio_free(BIO_get_data(bio)); - - return 1; -} - -static const BIO_METHOD corebiometh = { - BIO_TYPE_CORE_TO_PROV, - "BIO to Core filter", - bio_core_write_ex, - NULL, - bio_core_read_ex, - NULL, - bio_core_puts, - bio_core_gets, - bio_core_ctrl, - bio_core_new, - bio_core_free, - NULL, -}; - -const BIO_METHOD *BIO_s_core(void) -{ - return &corebiometh; -} - -BIO *BIO_new_from_core_bio(OSSL_LIB_CTX *libctx, OSSL_CORE_BIO *corebio) -{ - BIO *outbio; - BIO_CORE_GLOBALS *bcgbl = get_globals(libctx); - - /* Check the library context has been initialised with the callbacks */ - if (bcgbl == NULL || (bcgbl->c_bio_write_ex == NULL && bcgbl->c_bio_read_ex == NULL)) - return NULL; - - if ((outbio = BIO_new_ex(libctx, BIO_s_core())) == NULL) - return NULL; - - if (!bcgbl->c_bio_up_ref(corebio)) { - BIO_free(outbio); - return NULL; - } - BIO_set_data(outbio, corebio); - return outbio; -} - -int ossl_bio_init_core(OSSL_LIB_CTX *libctx, const OSSL_DISPATCH *fns) -{ - BIO_CORE_GLOBALS *bcgbl = get_globals(libctx); - - if (bcgbl == NULL) - return 0; - - for (; fns->function_id != 0; fns++) { - switch (fns->function_id) { - case OSSL_FUNC_BIO_READ_EX: - if (bcgbl->c_bio_read_ex == NULL) - bcgbl->c_bio_read_ex = OSSL_FUNC_BIO_read_ex(fns); - break; - case OSSL_FUNC_BIO_WRITE_EX: - if (bcgbl->c_bio_write_ex == NULL) - bcgbl->c_bio_write_ex = OSSL_FUNC_BIO_write_ex(fns); - break; - case OSSL_FUNC_BIO_GETS: - if (bcgbl->c_bio_gets == NULL) - bcgbl->c_bio_gets = OSSL_FUNC_BIO_gets(fns); - break; - case OSSL_FUNC_BIO_PUTS: - if (bcgbl->c_bio_puts == NULL) - bcgbl->c_bio_puts = OSSL_FUNC_BIO_puts(fns); - break; - case OSSL_FUNC_BIO_CTRL: - if (bcgbl->c_bio_ctrl == NULL) - bcgbl->c_bio_ctrl = OSSL_FUNC_BIO_ctrl(fns); - break; - case OSSL_FUNC_BIO_UP_REF: - if (bcgbl->c_bio_up_ref == NULL) - bcgbl->c_bio_up_ref = OSSL_FUNC_BIO_up_ref(fns); - break; - case OSSL_FUNC_BIO_FREE: - if (bcgbl->c_bio_free == NULL) - bcgbl->c_bio_free = OSSL_FUNC_BIO_free(fns); - break; - } - } - - return 1; -} diff --git a/crypto/bio/bss_dgram.c b/crypto/bio/bss_dgram.c deleted file mode 100644 index 8ca1cf64ed47455b928a7b8a4f9865846f7060ff..0000000000000000000000000000000000000000 --- a/crypto/bio/bss_dgram.c +++ /dev/null @@ -1,1922 +0,0 @@ -/* - * Copyright 2005-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#ifndef _GNU_SOURCE -# define _GNU_SOURCE -#endif - -#include -#include - -#include "bio_local.h" -#ifndef OPENSSL_NO_DGRAM - -# ifndef OPENSSL_NO_SCTP -# include -# include -# define OPENSSL_SCTP_DATA_CHUNK_TYPE 0x00 -# define OPENSSL_SCTP_FORWARD_CUM_TSN_CHUNK_TYPE 0xc0 -# endif - -# if defined(OPENSSL_SYS_LINUX) && !defined(IP_MTU) -# define IP_MTU 14 /* linux is lame */ -# endif - -# if OPENSSL_USE_IPV6 && !defined(IPPROTO_IPV6) -# define IPPROTO_IPV6 41 /* windows is lame */ -# endif - -# if defined(__FreeBSD__) && defined(IN6_IS_ADDR_V4MAPPED) -/* Standard definition causes type-punning problems. */ -# undef IN6_IS_ADDR_V4MAPPED -# define s6_addr32 __u6_addr.__u6_addr32 -# define IN6_IS_ADDR_V4MAPPED(a) \ - (((a)->s6_addr32[0] == 0) && \ - ((a)->s6_addr32[1] == 0) && \ - ((a)->s6_addr32[2] == htonl(0x0000ffff))) -# endif - -static int dgram_write(BIO *h, const char *buf, int num); -static int dgram_read(BIO *h, char *buf, int size); -static int dgram_puts(BIO *h, const char *str); -static long dgram_ctrl(BIO *h, int cmd, long arg1, void *arg2); -static int dgram_new(BIO *h); -static int dgram_free(BIO *data); -static int dgram_clear(BIO *bio); - -# ifndef OPENSSL_NO_SCTP -static int dgram_sctp_write(BIO *h, const char *buf, int num); -static int dgram_sctp_read(BIO *h, char *buf, int size); -static int dgram_sctp_puts(BIO *h, const char *str); -static long dgram_sctp_ctrl(BIO *h, int cmd, long arg1, void *arg2); -static int dgram_sctp_new(BIO *h); -static int dgram_sctp_free(BIO *data); -static int dgram_sctp_wait_for_dry(BIO *b); -static int dgram_sctp_msg_waiting(BIO *b); -# ifdef SCTP_AUTHENTICATION_EVENT -static void dgram_sctp_handle_auth_free_key_event(BIO *b, union sctp_notification - *snp); -# endif -# endif - -static int BIO_dgram_should_retry(int s); - -static void get_current_time(struct timeval *t); - -static const BIO_METHOD methods_dgramp = { - BIO_TYPE_DGRAM, - "datagram socket", - bwrite_conv, - dgram_write, - bread_conv, - dgram_read, - dgram_puts, - NULL, /* dgram_gets, */ - dgram_ctrl, - dgram_new, - dgram_free, - NULL, /* dgram_callback_ctrl */ -}; - -# ifndef OPENSSL_NO_SCTP -static const BIO_METHOD methods_dgramp_sctp = { - BIO_TYPE_DGRAM_SCTP, - "datagram sctp socket", - bwrite_conv, - dgram_sctp_write, - bread_conv, - dgram_sctp_read, - dgram_sctp_puts, - NULL, /* dgram_gets, */ - dgram_sctp_ctrl, - dgram_sctp_new, - dgram_sctp_free, - NULL, /* dgram_callback_ctrl */ -}; -# endif - -typedef struct bio_dgram_data_st { - BIO_ADDR peer; - unsigned int connected; - unsigned int _errno; - unsigned int mtu; - struct timeval next_timeout; - struct timeval socket_timeout; - unsigned int peekmode; -} bio_dgram_data; - -# ifndef OPENSSL_NO_SCTP -typedef struct bio_dgram_sctp_save_message_st { - BIO *bio; - char *data; - int length; -} bio_dgram_sctp_save_message; - -typedef struct bio_dgram_sctp_data_st { - BIO_ADDR peer; - unsigned int connected; - unsigned int _errno; - unsigned int mtu; - struct bio_dgram_sctp_sndinfo sndinfo; - struct bio_dgram_sctp_rcvinfo rcvinfo; - struct bio_dgram_sctp_prinfo prinfo; - BIO_dgram_sctp_notification_handler_fn handle_notifications; - void *notification_context; - int in_handshake; - int ccs_rcvd; - int ccs_sent; - int save_shutdown; - int peer_auth_tested; -} bio_dgram_sctp_data; -# endif - -const BIO_METHOD *BIO_s_datagram(void) -{ - return &methods_dgramp; -} - -BIO *BIO_new_dgram(int fd, int close_flag) -{ - BIO *ret; - - ret = BIO_new(BIO_s_datagram()); - if (ret == NULL) - return NULL; - BIO_set_fd(ret, fd, close_flag); - return ret; -} - -static int dgram_new(BIO *bi) -{ - bio_dgram_data *data = OPENSSL_zalloc(sizeof(*data)); - - if (data == NULL) - return 0; - bi->ptr = data; - return 1; -} - -static int dgram_free(BIO *a) -{ - bio_dgram_data *data; - - if (a == NULL) - return 0; - if (!dgram_clear(a)) - return 0; - - data = (bio_dgram_data *)a->ptr; - OPENSSL_free(data); - - return 1; -} - -static int dgram_clear(BIO *a) -{ - if (a == NULL) - return 0; - if (a->shutdown) { - if (a->init) { - BIO_closesocket(a->num); - } - a->init = 0; - a->flags = 0; - } - return 1; -} - -static void dgram_adjust_rcv_timeout(BIO *b) -{ -# if defined(SO_RCVTIMEO) - bio_dgram_data *data = (bio_dgram_data *)b->ptr; - - /* Is a timer active? */ - if (data->next_timeout.tv_sec > 0 || data->next_timeout.tv_usec > 0) { - struct timeval timenow, timeleft; - - /* Read current socket timeout */ -# ifdef OPENSSL_SYS_WINDOWS - int timeout; - - int sz = sizeof(timeout); - if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, - (void *)&timeout, &sz) < 0) { - perror("getsockopt"); - } else { - data->socket_timeout.tv_sec = timeout / 1000; - data->socket_timeout.tv_usec = (timeout % 1000) * 1000; - } -# else - socklen_t sz = sizeof(data->socket_timeout); - if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, - &(data->socket_timeout), &sz) < 0) { - perror("getsockopt"); - } else - OPENSSL_assert(sz <= sizeof(data->socket_timeout)); -# endif - - /* Get current time */ - get_current_time(&timenow); - - /* Calculate time left until timer expires */ - memcpy(&timeleft, &(data->next_timeout), sizeof(struct timeval)); - if (timeleft.tv_usec < timenow.tv_usec) { - timeleft.tv_usec = 1000000 - timenow.tv_usec + timeleft.tv_usec; - timeleft.tv_sec--; - } else { - timeleft.tv_usec -= timenow.tv_usec; - } - if (timeleft.tv_sec < timenow.tv_sec) { - timeleft.tv_sec = 0; - timeleft.tv_usec = 1; - } else { - timeleft.tv_sec -= timenow.tv_sec; - } - - /* - * Adjust socket timeout if next handshake message timer will expire - * earlier. - */ - if ((data->socket_timeout.tv_sec == 0 - && data->socket_timeout.tv_usec == 0) - || (data->socket_timeout.tv_sec > timeleft.tv_sec) - || (data->socket_timeout.tv_sec == timeleft.tv_sec - && data->socket_timeout.tv_usec >= timeleft.tv_usec)) { -# ifdef OPENSSL_SYS_WINDOWS - timeout = timeleft.tv_sec * 1000 + timeleft.tv_usec / 1000; - if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, - (void *)&timeout, sizeof(timeout)) < 0) { - perror("setsockopt"); - } -# else - if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, &timeleft, - sizeof(struct timeval)) < 0) { - perror("setsockopt"); - } -# endif - } - } -# endif -} - -static void dgram_reset_rcv_timeout(BIO *b) -{ -# if defined(SO_RCVTIMEO) - bio_dgram_data *data = (bio_dgram_data *)b->ptr; - - /* Is a timer active? */ - if (data->next_timeout.tv_sec > 0 || data->next_timeout.tv_usec > 0) { -# ifdef OPENSSL_SYS_WINDOWS - int timeout = data->socket_timeout.tv_sec * 1000 + - data->socket_timeout.tv_usec / 1000; - if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, - (void *)&timeout, sizeof(timeout)) < 0) { - perror("setsockopt"); - } -# else - if (setsockopt - (b->num, SOL_SOCKET, SO_RCVTIMEO, &(data->socket_timeout), - sizeof(struct timeval)) < 0) { - perror("setsockopt"); - } -# endif - } -# endif -} - -static int dgram_read(BIO *b, char *out, int outl) -{ - int ret = 0; - bio_dgram_data *data = (bio_dgram_data *)b->ptr; - int flags = 0; - - BIO_ADDR peer; - socklen_t len = sizeof(peer); - - if (out != NULL) { - clear_socket_error(); - memset(&peer, 0, sizeof(peer)); - dgram_adjust_rcv_timeout(b); - if (data->peekmode) - flags = MSG_PEEK; - ret = recvfrom(b->num, out, outl, flags, - BIO_ADDR_sockaddr_noconst(&peer), &len); - - if (!data->connected && ret >= 0) - BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, &peer); - - BIO_clear_retry_flags(b); - if (ret < 0) { - if (BIO_dgram_should_retry(ret)) { - BIO_set_retry_read(b); - data->_errno = get_last_socket_error(); - } - } - - dgram_reset_rcv_timeout(b); - } - return ret; -} - -static int dgram_write(BIO *b, const char *in, int inl) -{ - int ret; - bio_dgram_data *data = (bio_dgram_data *)b->ptr; - clear_socket_error(); - - if (data->connected) - ret = writesocket(b->num, in, inl); - else { - int peerlen = BIO_ADDR_sockaddr_size(&data->peer); - - ret = sendto(b->num, in, inl, 0, - BIO_ADDR_sockaddr(&data->peer), peerlen); - } - - BIO_clear_retry_flags(b); - if (ret <= 0) { - if (BIO_dgram_should_retry(ret)) { - BIO_set_retry_write(b); - data->_errno = get_last_socket_error(); - } - } - return ret; -} - -static long dgram_get_mtu_overhead(bio_dgram_data *data) -{ - long ret; - - switch (BIO_ADDR_family(&data->peer)) { - case AF_INET: - /* - * Assume this is UDP - 20 bytes for IP, 8 bytes for UDP - */ - ret = 28; - break; -# if OPENSSL_USE_IPV6 - case AF_INET6: - { -# ifdef IN6_IS_ADDR_V4MAPPED - struct in6_addr tmp_addr; - if (BIO_ADDR_rawaddress(&data->peer, &tmp_addr, NULL) - && IN6_IS_ADDR_V4MAPPED(&tmp_addr)) - /* - * Assume this is UDP - 20 bytes for IP, 8 bytes for UDP - */ - ret = 28; - else -# endif - /* - * Assume this is UDP - 40 bytes for IP, 8 bytes for UDP - */ - ret = 48; - } - break; -# endif - default: - /* We don't know. Go with the historical default */ - ret = 28; - break; - } - return ret; -} - -static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr) -{ - long ret = 1; - int *ip; - bio_dgram_data *data = NULL; - int sockopt_val = 0; - int d_errno; -# if defined(OPENSSL_SYS_LINUX) && (defined(IP_MTU_DISCOVER) || defined(IP_MTU)) - socklen_t sockopt_len; /* assume that system supporting IP_MTU is - * modern enough to define socklen_t */ - socklen_t addr_len; - BIO_ADDR addr; -# endif - - data = (bio_dgram_data *)b->ptr; - - switch (cmd) { - case BIO_CTRL_RESET: - num = 0; - ret = 0; - break; - case BIO_CTRL_INFO: - ret = 0; - break; - case BIO_C_SET_FD: - dgram_clear(b); - b->num = *((int *)ptr); - b->shutdown = (int)num; - b->init = 1; - break; - case BIO_C_GET_FD: - if (b->init) { - ip = (int *)ptr; - if (ip != NULL) - *ip = b->num; - ret = b->num; - } else - ret = -1; - break; - case BIO_CTRL_GET_CLOSE: - ret = b->shutdown; - break; - case BIO_CTRL_SET_CLOSE: - b->shutdown = (int)num; - break; - case BIO_CTRL_PENDING: - case BIO_CTRL_WPENDING: - ret = 0; - break; - case BIO_CTRL_DUP: - case BIO_CTRL_FLUSH: - ret = 1; - break; - case BIO_CTRL_DGRAM_CONNECT: - BIO_ADDR_make(&data->peer, BIO_ADDR_sockaddr((BIO_ADDR *)ptr)); - break; - /* (Linux)kernel sets DF bit on outgoing IP packets */ - case BIO_CTRL_DGRAM_MTU_DISCOVER: -# if defined(OPENSSL_SYS_LINUX) && defined(IP_MTU_DISCOVER) && defined(IP_PMTUDISC_DO) - addr_len = (socklen_t) sizeof(addr); - memset(&addr, 0, sizeof(addr)); - if (getsockname(b->num, &addr.sa, &addr_len) < 0) { - ret = 0; - break; - } - switch (addr.sa.sa_family) { - case AF_INET: - sockopt_val = IP_PMTUDISC_DO; - if ((ret = setsockopt(b->num, IPPROTO_IP, IP_MTU_DISCOVER, - &sockopt_val, sizeof(sockopt_val))) < 0) - perror("setsockopt"); - break; -# if OPENSSL_USE_IPV6 && defined(IPV6_MTU_DISCOVER) && defined(IPV6_PMTUDISC_DO) - case AF_INET6: - sockopt_val = IPV6_PMTUDISC_DO; - if ((ret = setsockopt(b->num, IPPROTO_IPV6, IPV6_MTU_DISCOVER, - &sockopt_val, sizeof(sockopt_val))) < 0) - perror("setsockopt"); - break; -# endif - default: - ret = -1; - break; - } -# else - ret = -1; -# endif - break; - case BIO_CTRL_DGRAM_QUERY_MTU: -# if defined(OPENSSL_SYS_LINUX) && defined(IP_MTU) - addr_len = (socklen_t) sizeof(addr); - memset(&addr, 0, sizeof(addr)); - if (getsockname(b->num, &addr.sa, &addr_len) < 0) { - ret = 0; - break; - } - sockopt_len = sizeof(sockopt_val); - switch (addr.sa.sa_family) { - case AF_INET: - if ((ret = - getsockopt(b->num, IPPROTO_IP, IP_MTU, (void *)&sockopt_val, - &sockopt_len)) < 0 || sockopt_val < 0) { - ret = 0; - } else { - /* - * we assume that the transport protocol is UDP and no IP - * options are used. - */ - data->mtu = sockopt_val - 8 - 20; - ret = data->mtu; - } - break; -# if OPENSSL_USE_IPV6 && defined(IPV6_MTU) - case AF_INET6: - if ((ret = - getsockopt(b->num, IPPROTO_IPV6, IPV6_MTU, - (void *)&sockopt_val, &sockopt_len)) < 0 - || sockopt_val < 0) { - ret = 0; - } else { - /* - * we assume that the transport protocol is UDP and no IPV6 - * options are used. - */ - data->mtu = sockopt_val - 8 - 40; - ret = data->mtu; - } - break; -# endif - default: - ret = 0; - break; - } -# else - ret = 0; -# endif - break; - case BIO_CTRL_DGRAM_GET_FALLBACK_MTU: - ret = -dgram_get_mtu_overhead(data); - switch (BIO_ADDR_family(&data->peer)) { - case AF_INET: - ret += 576; - break; -# if OPENSSL_USE_IPV6 - case AF_INET6: - { -# ifdef IN6_IS_ADDR_V4MAPPED - struct in6_addr tmp_addr; - if (BIO_ADDR_rawaddress(&data->peer, &tmp_addr, NULL) - && IN6_IS_ADDR_V4MAPPED(&tmp_addr)) - ret += 576; - else -# endif - ret += 1280; - } - break; -# endif - default: - ret += 576; - break; - } - break; - case BIO_CTRL_DGRAM_GET_MTU: - return data->mtu; - case BIO_CTRL_DGRAM_SET_MTU: - data->mtu = num; - ret = num; - break; - case BIO_CTRL_DGRAM_SET_CONNECTED: - if (ptr != NULL) { - data->connected = 1; - BIO_ADDR_make(&data->peer, BIO_ADDR_sockaddr((BIO_ADDR *)ptr)); - } else { - data->connected = 0; - memset(&data->peer, 0, sizeof(data->peer)); - } - break; - case BIO_CTRL_DGRAM_GET_PEER: - ret = BIO_ADDR_sockaddr_size(&data->peer); - /* FIXME: if num < ret, we will only return part of an address. - That should bee an error, no? */ - if (num == 0 || num > ret) - num = ret; - memcpy(ptr, &data->peer, (ret = num)); - break; - case BIO_CTRL_DGRAM_SET_PEER: - BIO_ADDR_make(&data->peer, BIO_ADDR_sockaddr((BIO_ADDR *)ptr)); - break; - case BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT: - memcpy(&(data->next_timeout), ptr, sizeof(struct timeval)); - break; -# if defined(SO_RCVTIMEO) - case BIO_CTRL_DGRAM_SET_RECV_TIMEOUT: -# ifdef OPENSSL_SYS_WINDOWS - { - struct timeval *tv = (struct timeval *)ptr; - int timeout = tv->tv_sec * 1000 + tv->tv_usec / 1000; - if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, - (void *)&timeout, sizeof(timeout)) < 0) { - perror("setsockopt"); - ret = -1; - } - } -# else - if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, ptr, - sizeof(struct timeval)) < 0) { - perror("setsockopt"); - ret = -1; - } -# endif - break; - case BIO_CTRL_DGRAM_GET_RECV_TIMEOUT: - { -# ifdef OPENSSL_SYS_WINDOWS - int sz = 0; - int timeout; - struct timeval *tv = (struct timeval *)ptr; - - sz = sizeof(timeout); - if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, - (void *)&timeout, &sz) < 0) { - perror("getsockopt"); - ret = -1; - } else { - tv->tv_sec = timeout / 1000; - tv->tv_usec = (timeout % 1000) * 1000; - ret = sizeof(*tv); - } -# else - socklen_t sz = sizeof(struct timeval); - if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, - ptr, &sz) < 0) { - perror("getsockopt"); - ret = -1; - } else { - OPENSSL_assert(sz <= sizeof(struct timeval)); - ret = (int)sz; - } -# endif - } - break; -# endif -# if defined(SO_SNDTIMEO) - case BIO_CTRL_DGRAM_SET_SEND_TIMEOUT: -# ifdef OPENSSL_SYS_WINDOWS - { - struct timeval *tv = (struct timeval *)ptr; - int timeout = tv->tv_sec * 1000 + tv->tv_usec / 1000; - if (setsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO, - (void *)&timeout, sizeof(timeout)) < 0) { - perror("setsockopt"); - ret = -1; - } - } -# else - if (setsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO, ptr, - sizeof(struct timeval)) < 0) { - perror("setsockopt"); - ret = -1; - } -# endif - break; - case BIO_CTRL_DGRAM_GET_SEND_TIMEOUT: - { -# ifdef OPENSSL_SYS_WINDOWS - int sz = 0; - int timeout; - struct timeval *tv = (struct timeval *)ptr; - - sz = sizeof(timeout); - if (getsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO, - (void *)&timeout, &sz) < 0) { - perror("getsockopt"); - ret = -1; - } else { - tv->tv_sec = timeout / 1000; - tv->tv_usec = (timeout % 1000) * 1000; - ret = sizeof(*tv); - } -# else - socklen_t sz = sizeof(struct timeval); - if (getsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO, - ptr, &sz) < 0) { - perror("getsockopt"); - ret = -1; - } else { - OPENSSL_assert(sz <= sizeof(struct timeval)); - ret = (int)sz; - } -# endif - } - break; -# endif - case BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP: - /* fall-through */ - case BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP: -# ifdef OPENSSL_SYS_WINDOWS - d_errno = (data->_errno == WSAETIMEDOUT); -# else - d_errno = (data->_errno == EAGAIN); -# endif - if (d_errno) { - ret = 1; - data->_errno = 0; - } else - ret = 0; - break; -# ifdef EMSGSIZE - case BIO_CTRL_DGRAM_MTU_EXCEEDED: - if (data->_errno == EMSGSIZE) { - ret = 1; - data->_errno = 0; - } else - ret = 0; - break; -# endif - case BIO_CTRL_DGRAM_SET_DONT_FRAG: - sockopt_val = num ? 1 : 0; - - switch (data->peer.sa.sa_family) { - case AF_INET: -# if defined(IP_DONTFRAG) - if ((ret = setsockopt(b->num, IPPROTO_IP, IP_DONTFRAG, - &sockopt_val, sizeof(sockopt_val))) < 0) { - perror("setsockopt"); - ret = -1; - } -# elif defined(OPENSSL_SYS_LINUX) && defined(IP_MTU_DISCOVER) && defined (IP_PMTUDISC_PROBE) - if ((sockopt_val = num ? IP_PMTUDISC_PROBE : IP_PMTUDISC_DONT), - (ret = setsockopt(b->num, IPPROTO_IP, IP_MTU_DISCOVER, - &sockopt_val, sizeof(sockopt_val))) < 0) { - perror("setsockopt"); - ret = -1; - } -# elif defined(OPENSSL_SYS_WINDOWS) && defined(IP_DONTFRAGMENT) - if ((ret = setsockopt(b->num, IPPROTO_IP, IP_DONTFRAGMENT, - (const char *)&sockopt_val, - sizeof(sockopt_val))) < 0) { - perror("setsockopt"); - ret = -1; - } -# else - ret = -1; -# endif - break; -# if OPENSSL_USE_IPV6 - case AF_INET6: -# if defined(IPV6_DONTFRAG) - if ((ret = setsockopt(b->num, IPPROTO_IPV6, IPV6_DONTFRAG, - (const void *)&sockopt_val, - sizeof(sockopt_val))) < 0) { - perror("setsockopt"); - ret = -1; - } -# elif defined(OPENSSL_SYS_LINUX) && defined(IPV6_MTUDISCOVER) - if ((sockopt_val = num ? IP_PMTUDISC_PROBE : IP_PMTUDISC_DONT), - (ret = setsockopt(b->num, IPPROTO_IPV6, IPV6_MTU_DISCOVER, - &sockopt_val, sizeof(sockopt_val))) < 0) { - perror("setsockopt"); - ret = -1; - } -# else - ret = -1; -# endif - break; -# endif - default: - ret = -1; - break; - } - break; - case BIO_CTRL_DGRAM_GET_MTU_OVERHEAD: - ret = dgram_get_mtu_overhead(data); - break; - - /* - * BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE is used here for compatibility - * reasons. When BIO_CTRL_DGRAM_SET_PEEK_MODE was first defined its value - * was incorrectly clashing with BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE. The - * value has been updated to a non-clashing value. However to preserve - * binary compatibility we now respond to both the old value and the new one - */ - case BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE: - case BIO_CTRL_DGRAM_SET_PEEK_MODE: - data->peekmode = (unsigned int)num; - break; - default: - ret = 0; - break; - } - return ret; -} - -static int dgram_puts(BIO *bp, const char *str) -{ - int n, ret; - - n = strlen(str); - ret = dgram_write(bp, str, n); - return ret; -} - -# ifndef OPENSSL_NO_SCTP -const BIO_METHOD *BIO_s_datagram_sctp(void) -{ - return &methods_dgramp_sctp; -} - -BIO *BIO_new_dgram_sctp(int fd, int close_flag) -{ - BIO *bio; - int ret, optval = 20000; - int auth_data = 0, auth_forward = 0; - unsigned char *p; - struct sctp_authchunk auth; - struct sctp_authchunks *authchunks; - socklen_t sockopt_len; -# ifdef SCTP_AUTHENTICATION_EVENT -# ifdef SCTP_EVENT - struct sctp_event event; -# else - struct sctp_event_subscribe event; -# endif -# endif - - bio = BIO_new(BIO_s_datagram_sctp()); - if (bio == NULL) - return NULL; - BIO_set_fd(bio, fd, close_flag); - - /* Activate SCTP-AUTH for DATA and FORWARD-TSN chunks */ - auth.sauth_chunk = OPENSSL_SCTP_DATA_CHUNK_TYPE; - ret = - setsockopt(fd, IPPROTO_SCTP, SCTP_AUTH_CHUNK, &auth, - sizeof(struct sctp_authchunk)); - if (ret < 0) { - BIO_vfree(bio); - ERR_raise_data(ERR_LIB_BIO, ERR_R_SYS_LIB, - "Ensure SCTP AUTH chunks are enabled in kernel"); - return NULL; - } - auth.sauth_chunk = OPENSSL_SCTP_FORWARD_CUM_TSN_CHUNK_TYPE; - ret = - setsockopt(fd, IPPROTO_SCTP, SCTP_AUTH_CHUNK, &auth, - sizeof(struct sctp_authchunk)); - if (ret < 0) { - BIO_vfree(bio); - ERR_raise_data(ERR_LIB_BIO, ERR_R_SYS_LIB, - "Ensure SCTP AUTH chunks are enabled in kernel"); - return NULL; - } - - /* - * Test if activation was successful. When using accept(), SCTP-AUTH has - * to be activated for the listening socket already, otherwise the - * connected socket won't use it. Similarly with connect(): the socket - * prior to connection must be activated for SCTP-AUTH - */ - sockopt_len = (socklen_t) (sizeof(sctp_assoc_t) + 256 * sizeof(uint8_t)); - authchunks = OPENSSL_zalloc(sockopt_len); - if (authchunks == NULL) { - BIO_vfree(bio); - return NULL; - } - ret = getsockopt(fd, IPPROTO_SCTP, SCTP_LOCAL_AUTH_CHUNKS, authchunks, - &sockopt_len); - if (ret < 0) { - OPENSSL_free(authchunks); - BIO_vfree(bio); - return NULL; - } - - for (p = (unsigned char *)authchunks->gauth_chunks; - p < (unsigned char *)authchunks + sockopt_len; - p += sizeof(uint8_t)) { - if (*p == OPENSSL_SCTP_DATA_CHUNK_TYPE) - auth_data = 1; - if (*p == OPENSSL_SCTP_FORWARD_CUM_TSN_CHUNK_TYPE) - auth_forward = 1; - } - - OPENSSL_free(authchunks); - - if (!auth_data || !auth_forward) { - BIO_vfree(bio); - ERR_raise_data(ERR_LIB_BIO, ERR_R_SYS_LIB, - "Ensure SCTP AUTH chunks are enabled on the " - "underlying socket"); - return NULL; - } - -# ifdef SCTP_AUTHENTICATION_EVENT -# ifdef SCTP_EVENT - memset(&event, 0, sizeof(event)); - event.se_assoc_id = 0; - event.se_type = SCTP_AUTHENTICATION_EVENT; - event.se_on = 1; - ret = - setsockopt(fd, IPPROTO_SCTP, SCTP_EVENT, &event, - sizeof(struct sctp_event)); - if (ret < 0) { - BIO_vfree(bio); - return NULL; - } -# else - sockopt_len = (socklen_t) sizeof(struct sctp_event_subscribe); - ret = getsockopt(fd, IPPROTO_SCTP, SCTP_EVENTS, &event, &sockopt_len); - if (ret < 0) { - BIO_vfree(bio); - return NULL; - } - - event.sctp_authentication_event = 1; - - ret = - setsockopt(fd, IPPROTO_SCTP, SCTP_EVENTS, &event, - sizeof(struct sctp_event_subscribe)); - if (ret < 0) { - BIO_vfree(bio); - return NULL; - } -# endif -# endif - - /* - * Disable partial delivery by setting the min size larger than the max - * record size of 2^14 + 2048 + 13 - */ - ret = - setsockopt(fd, IPPROTO_SCTP, SCTP_PARTIAL_DELIVERY_POINT, &optval, - sizeof(optval)); - if (ret < 0) { - BIO_vfree(bio); - return NULL; - } - - return bio; -} - -int BIO_dgram_is_sctp(BIO *bio) -{ - return (BIO_method_type(bio) == BIO_TYPE_DGRAM_SCTP); -} - -static int dgram_sctp_new(BIO *bi) -{ - bio_dgram_sctp_data *data = NULL; - - bi->init = 0; - bi->num = 0; - if ((data = OPENSSL_zalloc(sizeof(*data))) == NULL) { - ERR_raise(ERR_LIB_BIO, ERR_R_MALLOC_FAILURE); - return 0; - } -# ifdef SCTP_PR_SCTP_NONE - data->prinfo.pr_policy = SCTP_PR_SCTP_NONE; -# endif - bi->ptr = data; - - bi->flags = 0; - return 1; -} - -static int dgram_sctp_free(BIO *a) -{ - bio_dgram_sctp_data *data; - - if (a == NULL) - return 0; - if (!dgram_clear(a)) - return 0; - - data = (bio_dgram_sctp_data *) a->ptr; - if (data != NULL) - OPENSSL_free(data); - - return 1; -} - -# ifdef SCTP_AUTHENTICATION_EVENT -void dgram_sctp_handle_auth_free_key_event(BIO *b, - union sctp_notification *snp) -{ - int ret; - struct sctp_authkey_event *authkeyevent = &snp->sn_auth_event; - - if (authkeyevent->auth_indication == SCTP_AUTH_FREE_KEY) { - struct sctp_authkeyid authkeyid; - - /* delete key */ - authkeyid.scact_keynumber = authkeyevent->auth_keynumber; - ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_DELETE_KEY, - &authkeyid, sizeof(struct sctp_authkeyid)); - } -} -# endif - -static int dgram_sctp_read(BIO *b, char *out, int outl) -{ - int ret = 0, n = 0, i, optval; - socklen_t optlen; - bio_dgram_sctp_data *data = (bio_dgram_sctp_data *) b->ptr; - struct msghdr msg; - struct iovec iov; - struct cmsghdr *cmsg; - char cmsgbuf[512]; - - if (out != NULL) { - clear_socket_error(); - - do { - memset(&data->rcvinfo, 0, sizeof(data->rcvinfo)); - iov.iov_base = out; - iov.iov_len = outl; - msg.msg_name = NULL; - msg.msg_namelen = 0; - msg.msg_iov = &iov; - msg.msg_iovlen = 1; - msg.msg_control = cmsgbuf; - msg.msg_controllen = 512; - msg.msg_flags = 0; - n = recvmsg(b->num, &msg, 0); - - if (n <= 0) { - if (n < 0) - ret = n; - break; - } - - if (msg.msg_controllen > 0) { - for (cmsg = CMSG_FIRSTHDR(&msg); cmsg; - cmsg = CMSG_NXTHDR(&msg, cmsg)) { - if (cmsg->cmsg_level != IPPROTO_SCTP) - continue; -# ifdef SCTP_RCVINFO - if (cmsg->cmsg_type == SCTP_RCVINFO) { - struct sctp_rcvinfo *rcvinfo; - - rcvinfo = (struct sctp_rcvinfo *)CMSG_DATA(cmsg); - data->rcvinfo.rcv_sid = rcvinfo->rcv_sid; - data->rcvinfo.rcv_ssn = rcvinfo->rcv_ssn; - data->rcvinfo.rcv_flags = rcvinfo->rcv_flags; - data->rcvinfo.rcv_ppid = rcvinfo->rcv_ppid; - data->rcvinfo.rcv_tsn = rcvinfo->rcv_tsn; - data->rcvinfo.rcv_cumtsn = rcvinfo->rcv_cumtsn; - data->rcvinfo.rcv_context = rcvinfo->rcv_context; - } -# endif -# ifdef SCTP_SNDRCV - if (cmsg->cmsg_type == SCTP_SNDRCV) { - struct sctp_sndrcvinfo *sndrcvinfo; - - sndrcvinfo = - (struct sctp_sndrcvinfo *)CMSG_DATA(cmsg); - data->rcvinfo.rcv_sid = sndrcvinfo->sinfo_stream; - data->rcvinfo.rcv_ssn = sndrcvinfo->sinfo_ssn; - data->rcvinfo.rcv_flags = sndrcvinfo->sinfo_flags; - data->rcvinfo.rcv_ppid = sndrcvinfo->sinfo_ppid; - data->rcvinfo.rcv_tsn = sndrcvinfo->sinfo_tsn; - data->rcvinfo.rcv_cumtsn = sndrcvinfo->sinfo_cumtsn; - data->rcvinfo.rcv_context = sndrcvinfo->sinfo_context; - } -# endif - } - } - - if (msg.msg_flags & MSG_NOTIFICATION) { - union sctp_notification snp; - - memcpy(&snp, out, sizeof(snp)); - if (snp.sn_header.sn_type == SCTP_SENDER_DRY_EVENT) { -# ifdef SCTP_EVENT - struct sctp_event event; -# else - struct sctp_event_subscribe event; - socklen_t eventsize; -# endif - - /* disable sender dry event */ -# ifdef SCTP_EVENT - memset(&event, 0, sizeof(event)); - event.se_assoc_id = 0; - event.se_type = SCTP_SENDER_DRY_EVENT; - event.se_on = 0; - i = setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENT, &event, - sizeof(struct sctp_event)); - if (i < 0) { - ret = i; - break; - } -# else - eventsize = sizeof(struct sctp_event_subscribe); - i = getsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event, - &eventsize); - if (i < 0) { - ret = i; - break; - } - - event.sctp_sender_dry_event = 0; - - i = setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event, - sizeof(struct sctp_event_subscribe)); - if (i < 0) { - ret = i; - break; - } -# endif - } -# ifdef SCTP_AUTHENTICATION_EVENT - if (snp.sn_header.sn_type == SCTP_AUTHENTICATION_EVENT) - dgram_sctp_handle_auth_free_key_event(b, &snp); -# endif - - if (data->handle_notifications != NULL) - data->handle_notifications(b, data->notification_context, - (void *)out); - - memset(&snp, 0, sizeof(snp)); - memset(out, 0, outl); - } else { - ret += n; - } - } - while ((msg.msg_flags & MSG_NOTIFICATION) && (msg.msg_flags & MSG_EOR) - && (ret < outl)); - - if (ret > 0 && !(msg.msg_flags & MSG_EOR)) { - /* Partial message read, this should never happen! */ - - /* - * The buffer was too small, this means the peer sent a message - * that was larger than allowed. - */ - if (ret == outl) - return -1; - - /* - * Test if socket buffer can handle max record size (2^14 + 2048 - * + 13) - */ - optlen = (socklen_t) sizeof(int); - ret = getsockopt(b->num, SOL_SOCKET, SO_RCVBUF, &optval, &optlen); - if (ret >= 0) - OPENSSL_assert(optval >= 18445); - - /* - * Test if SCTP doesn't partially deliver below max record size - * (2^14 + 2048 + 13) - */ - optlen = (socklen_t) sizeof(int); - ret = - getsockopt(b->num, IPPROTO_SCTP, SCTP_PARTIAL_DELIVERY_POINT, - &optval, &optlen); - if (ret >= 0) - OPENSSL_assert(optval >= 18445); - - /* - * Partially delivered notification??? Probably a bug.... - */ - OPENSSL_assert(!(msg.msg_flags & MSG_NOTIFICATION)); - - /* - * Everything seems ok till now, so it's most likely a message - * dropped by PR-SCTP. - */ - memset(out, 0, outl); - BIO_set_retry_read(b); - return -1; - } - - BIO_clear_retry_flags(b); - if (ret < 0) { - if (BIO_dgram_should_retry(ret)) { - BIO_set_retry_read(b); - data->_errno = get_last_socket_error(); - } - } - - /* Test if peer uses SCTP-AUTH before continuing */ - if (!data->peer_auth_tested) { - int ii, auth_data = 0, auth_forward = 0; - unsigned char *p; - struct sctp_authchunks *authchunks; - - optlen = - (socklen_t) (sizeof(sctp_assoc_t) + 256 * sizeof(uint8_t)); - authchunks = OPENSSL_malloc(optlen); - if (authchunks == NULL) { - ERR_raise(ERR_LIB_BIO, ERR_R_MALLOC_FAILURE); - return -1; - } - memset(authchunks, 0, optlen); - ii = getsockopt(b->num, IPPROTO_SCTP, SCTP_PEER_AUTH_CHUNKS, - authchunks, &optlen); - - if (ii >= 0) - for (p = (unsigned char *)authchunks->gauth_chunks; - p < (unsigned char *)authchunks + optlen; - p += sizeof(uint8_t)) { - if (*p == OPENSSL_SCTP_DATA_CHUNK_TYPE) - auth_data = 1; - if (*p == OPENSSL_SCTP_FORWARD_CUM_TSN_CHUNK_TYPE) - auth_forward = 1; - } - - OPENSSL_free(authchunks); - - if (!auth_data || !auth_forward) { - ERR_raise(ERR_LIB_BIO, BIO_R_CONNECT_ERROR); - return -1; - } - - data->peer_auth_tested = 1; - } - } - return ret; -} - -/* - * dgram_sctp_write - send message on SCTP socket - * @b: BIO to write to - * @in: data to send - * @inl: amount of bytes in @in to send - * - * Returns -1 on error or the sent amount of bytes on success - */ -static int dgram_sctp_write(BIO *b, const char *in, int inl) -{ - int ret; - bio_dgram_sctp_data *data = (bio_dgram_sctp_data *) b->ptr; - struct bio_dgram_sctp_sndinfo *sinfo = &(data->sndinfo); - struct bio_dgram_sctp_prinfo *pinfo = &(data->prinfo); - struct bio_dgram_sctp_sndinfo handshake_sinfo; - struct iovec iov[1]; - struct msghdr msg; - struct cmsghdr *cmsg; -# if defined(SCTP_SNDINFO) && defined(SCTP_PRINFO) - char cmsgbuf[CMSG_SPACE(sizeof(struct sctp_sndinfo)) + - CMSG_SPACE(sizeof(struct sctp_prinfo))]; - struct sctp_sndinfo *sndinfo; - struct sctp_prinfo *prinfo; -# else - char cmsgbuf[CMSG_SPACE(sizeof(struct sctp_sndrcvinfo))]; - struct sctp_sndrcvinfo *sndrcvinfo; -# endif - - clear_socket_error(); - - /* - * If we're send anything else than application data, disable all user - * parameters and flags. - */ - if (in[0] != 23) { - memset(&handshake_sinfo, 0, sizeof(handshake_sinfo)); -# ifdef SCTP_SACK_IMMEDIATELY - handshake_sinfo.snd_flags = SCTP_SACK_IMMEDIATELY; -# endif - sinfo = &handshake_sinfo; - } - - /* We can only send a shutdown alert if the socket is dry */ - if (data->save_shutdown) { - ret = BIO_dgram_sctp_wait_for_dry(b); - if (ret < 0) - return -1; - if (ret == 0) { - BIO_clear_retry_flags(b); - BIO_set_retry_write(b); - return -1; - } - } - - iov[0].iov_base = (char *)in; - iov[0].iov_len = inl; - msg.msg_name = NULL; - msg.msg_namelen = 0; - msg.msg_iov = iov; - msg.msg_iovlen = 1; - msg.msg_control = (caddr_t) cmsgbuf; - msg.msg_controllen = 0; - msg.msg_flags = 0; -# if defined(SCTP_SNDINFO) && defined(SCTP_PRINFO) - cmsg = (struct cmsghdr *)cmsgbuf; - cmsg->cmsg_level = IPPROTO_SCTP; - cmsg->cmsg_type = SCTP_SNDINFO; - cmsg->cmsg_len = CMSG_LEN(sizeof(struct sctp_sndinfo)); - sndinfo = (struct sctp_sndinfo *)CMSG_DATA(cmsg); - memset(sndinfo, 0, sizeof(*sndinfo)); - sndinfo->snd_sid = sinfo->snd_sid; - sndinfo->snd_flags = sinfo->snd_flags; - sndinfo->snd_ppid = sinfo->snd_ppid; - sndinfo->snd_context = sinfo->snd_context; - msg.msg_controllen += CMSG_SPACE(sizeof(struct sctp_sndinfo)); - - cmsg = - (struct cmsghdr *)&cmsgbuf[CMSG_SPACE(sizeof(struct sctp_sndinfo))]; - cmsg->cmsg_level = IPPROTO_SCTP; - cmsg->cmsg_type = SCTP_PRINFO; - cmsg->cmsg_len = CMSG_LEN(sizeof(struct sctp_prinfo)); - prinfo = (struct sctp_prinfo *)CMSG_DATA(cmsg); - memset(prinfo, 0, sizeof(*prinfo)); - prinfo->pr_policy = pinfo->pr_policy; - prinfo->pr_value = pinfo->pr_value; - msg.msg_controllen += CMSG_SPACE(sizeof(struct sctp_prinfo)); -# else - cmsg = (struct cmsghdr *)cmsgbuf; - cmsg->cmsg_level = IPPROTO_SCTP; - cmsg->cmsg_type = SCTP_SNDRCV; - cmsg->cmsg_len = CMSG_LEN(sizeof(struct sctp_sndrcvinfo)); - sndrcvinfo = (struct sctp_sndrcvinfo *)CMSG_DATA(cmsg); - memset(sndrcvinfo, 0, sizeof(*sndrcvinfo)); - sndrcvinfo->sinfo_stream = sinfo->snd_sid; - sndrcvinfo->sinfo_flags = sinfo->snd_flags; -# ifdef __FreeBSD__ - sndrcvinfo->sinfo_flags |= pinfo->pr_policy; -# endif - sndrcvinfo->sinfo_ppid = sinfo->snd_ppid; - sndrcvinfo->sinfo_context = sinfo->snd_context; - sndrcvinfo->sinfo_timetolive = pinfo->pr_value; - msg.msg_controllen += CMSG_SPACE(sizeof(struct sctp_sndrcvinfo)); -# endif - - ret = sendmsg(b->num, &msg, 0); - - BIO_clear_retry_flags(b); - if (ret <= 0) { - if (BIO_dgram_should_retry(ret)) { - BIO_set_retry_write(b); - data->_errno = get_last_socket_error(); - } - } - return ret; -} - -static long dgram_sctp_ctrl(BIO *b, int cmd, long num, void *ptr) -{ - long ret = 1; - bio_dgram_sctp_data *data = NULL; - socklen_t sockopt_len = 0; - struct sctp_authkeyid authkeyid; - struct sctp_authkey *authkey = NULL; - - data = (bio_dgram_sctp_data *) b->ptr; - - switch (cmd) { - case BIO_CTRL_DGRAM_QUERY_MTU: - /* - * Set to maximum (2^14) and ignore user input to enable transport - * protocol fragmentation. Returns always 2^14. - */ - data->mtu = 16384; - ret = data->mtu; - break; - case BIO_CTRL_DGRAM_SET_MTU: - /* - * Set to maximum (2^14) and ignore input to enable transport - * protocol fragmentation. Returns always 2^14. - */ - data->mtu = 16384; - ret = data->mtu; - break; - case BIO_CTRL_DGRAM_SET_CONNECTED: - case BIO_CTRL_DGRAM_CONNECT: - /* Returns always -1. */ - ret = -1; - break; - case BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT: - /* - * SCTP doesn't need the DTLS timer Returns always 1. - */ - break; - case BIO_CTRL_DGRAM_GET_MTU_OVERHEAD: - /* - * We allow transport protocol fragmentation so this is irrelevant - */ - ret = 0; - break; - case BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE: - if (num > 0) - data->in_handshake = 1; - else - data->in_handshake = 0; - - ret = - setsockopt(b->num, IPPROTO_SCTP, SCTP_NODELAY, - &data->in_handshake, sizeof(int)); - break; - case BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY: - /* - * New shared key for SCTP AUTH. Returns 0 on success, -1 otherwise. - */ - - /* Get active key */ - sockopt_len = sizeof(struct sctp_authkeyid); - ret = - getsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY, &authkeyid, - &sockopt_len); - if (ret < 0) - break; - - /* Add new key */ - sockopt_len = sizeof(struct sctp_authkey) + 64 * sizeof(uint8_t); - authkey = OPENSSL_malloc(sockopt_len); - if (authkey == NULL) { - ret = -1; - break; - } - memset(authkey, 0, sockopt_len); - authkey->sca_keynumber = authkeyid.scact_keynumber + 1; -# ifndef __FreeBSD__ - /* - * This field is missing in FreeBSD 8.2 and earlier, and FreeBSD 8.3 - * and higher work without it. - */ - authkey->sca_keylength = 64; -# endif - memcpy(&authkey->sca_key[0], ptr, 64 * sizeof(uint8_t)); - - ret = - setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_KEY, authkey, - sockopt_len); - OPENSSL_free(authkey); - authkey = NULL; - if (ret < 0) - break; - - /* Reset active key */ - ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY, - &authkeyid, sizeof(struct sctp_authkeyid)); - if (ret < 0) - break; - - break; - case BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY: - /* Returns 0 on success, -1 otherwise. */ - - /* Get active key */ - sockopt_len = sizeof(struct sctp_authkeyid); - ret = - getsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY, &authkeyid, - &sockopt_len); - if (ret < 0) - break; - - /* Set active key */ - authkeyid.scact_keynumber = authkeyid.scact_keynumber + 1; - ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY, - &authkeyid, sizeof(struct sctp_authkeyid)); - if (ret < 0) - break; - - /* - * CCS has been sent, so remember that and fall through to check if - * we need to deactivate an old key - */ - data->ccs_sent = 1; - /* fall-through */ - - case BIO_CTRL_DGRAM_SCTP_AUTH_CCS_RCVD: - /* Returns 0 on success, -1 otherwise. */ - - /* - * Has this command really been called or is this just a - * fall-through? - */ - if (cmd == BIO_CTRL_DGRAM_SCTP_AUTH_CCS_RCVD) - data->ccs_rcvd = 1; - - /* - * CSS has been both, received and sent, so deactivate an old key - */ - if (data->ccs_rcvd == 1 && data->ccs_sent == 1) { - /* Get active key */ - sockopt_len = sizeof(struct sctp_authkeyid); - ret = - getsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY, - &authkeyid, &sockopt_len); - if (ret < 0) - break; - - /* - * Deactivate key or delete second last key if - * SCTP_AUTHENTICATION_EVENT is not available. - */ - authkeyid.scact_keynumber = authkeyid.scact_keynumber - 1; -# ifdef SCTP_AUTH_DEACTIVATE_KEY - sockopt_len = sizeof(struct sctp_authkeyid); - ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_DEACTIVATE_KEY, - &authkeyid, sockopt_len); - if (ret < 0) - break; -# endif -# ifndef SCTP_AUTHENTICATION_EVENT - if (authkeyid.scact_keynumber > 0) { - authkeyid.scact_keynumber = authkeyid.scact_keynumber - 1; - ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_DELETE_KEY, - &authkeyid, sizeof(struct sctp_authkeyid)); - if (ret < 0) - break; - } -# endif - - data->ccs_rcvd = 0; - data->ccs_sent = 0; - } - break; - case BIO_CTRL_DGRAM_SCTP_GET_SNDINFO: - /* Returns the size of the copied struct. */ - if (num > (long)sizeof(struct bio_dgram_sctp_sndinfo)) - num = sizeof(struct bio_dgram_sctp_sndinfo); - - memcpy(ptr, &(data->sndinfo), num); - ret = num; - break; - case BIO_CTRL_DGRAM_SCTP_SET_SNDINFO: - /* Returns the size of the copied struct. */ - if (num > (long)sizeof(struct bio_dgram_sctp_sndinfo)) - num = sizeof(struct bio_dgram_sctp_sndinfo); - - memcpy(&(data->sndinfo), ptr, num); - break; - case BIO_CTRL_DGRAM_SCTP_GET_RCVINFO: - /* Returns the size of the copied struct. */ - if (num > (long)sizeof(struct bio_dgram_sctp_rcvinfo)) - num = sizeof(struct bio_dgram_sctp_rcvinfo); - - memcpy(ptr, &data->rcvinfo, num); - - ret = num; - break; - case BIO_CTRL_DGRAM_SCTP_SET_RCVINFO: - /* Returns the size of the copied struct. */ - if (num > (long)sizeof(struct bio_dgram_sctp_rcvinfo)) - num = sizeof(struct bio_dgram_sctp_rcvinfo); - - memcpy(&(data->rcvinfo), ptr, num); - break; - case BIO_CTRL_DGRAM_SCTP_GET_PRINFO: - /* Returns the size of the copied struct. */ - if (num > (long)sizeof(struct bio_dgram_sctp_prinfo)) - num = sizeof(struct bio_dgram_sctp_prinfo); - - memcpy(ptr, &(data->prinfo), num); - ret = num; - break; - case BIO_CTRL_DGRAM_SCTP_SET_PRINFO: - /* Returns the size of the copied struct. */ - if (num > (long)sizeof(struct bio_dgram_sctp_prinfo)) - num = sizeof(struct bio_dgram_sctp_prinfo); - - memcpy(&(data->prinfo), ptr, num); - break; - case BIO_CTRL_DGRAM_SCTP_SAVE_SHUTDOWN: - /* Returns always 1. */ - if (num > 0) - data->save_shutdown = 1; - else - data->save_shutdown = 0; - break; - case BIO_CTRL_DGRAM_SCTP_WAIT_FOR_DRY: - return dgram_sctp_wait_for_dry(b); - case BIO_CTRL_DGRAM_SCTP_MSG_WAITING: - return dgram_sctp_msg_waiting(b); - - default: - /* - * Pass to default ctrl function to process SCTP unspecific commands - */ - ret = dgram_ctrl(b, cmd, num, ptr); - break; - } - return ret; -} - -int BIO_dgram_sctp_notification_cb(BIO *b, - BIO_dgram_sctp_notification_handler_fn handle_notifications, - void *context) -{ - bio_dgram_sctp_data *data = (bio_dgram_sctp_data *) b->ptr; - - if (handle_notifications != NULL) { - data->handle_notifications = handle_notifications; - data->notification_context = context; - } else - return -1; - - return 0; -} - -/* - * BIO_dgram_sctp_wait_for_dry - Wait for SCTP SENDER_DRY event - * @b: The BIO to check for the dry event - * - * Wait until the peer confirms all packets have been received, and so that - * our kernel doesn't have anything to send anymore. This is only received by - * the peer's kernel, not the application. - * - * Returns: - * -1 on error - * 0 when not dry yet - * 1 when dry - */ -int BIO_dgram_sctp_wait_for_dry(BIO *b) -{ - return (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SCTP_WAIT_FOR_DRY, 0, NULL); -} - -static int dgram_sctp_wait_for_dry(BIO *b) -{ - int is_dry = 0; - int sockflags = 0; - int n, ret; - union sctp_notification snp; - struct msghdr msg; - struct iovec iov; -# ifdef SCTP_EVENT - struct sctp_event event; -# else - struct sctp_event_subscribe event; - socklen_t eventsize; -# endif - bio_dgram_sctp_data *data = (bio_dgram_sctp_data *) b->ptr; - - /* set sender dry event */ -# ifdef SCTP_EVENT - memset(&event, 0, sizeof(event)); - event.se_assoc_id = 0; - event.se_type = SCTP_SENDER_DRY_EVENT; - event.se_on = 1; - ret = - setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENT, &event, - sizeof(struct sctp_event)); -# else - eventsize = sizeof(struct sctp_event_subscribe); - ret = getsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event, &eventsize); - if (ret < 0) - return -1; - - event.sctp_sender_dry_event = 1; - - ret = - setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event, - sizeof(struct sctp_event_subscribe)); -# endif - if (ret < 0) - return -1; - - /* peek for notification */ - memset(&snp, 0, sizeof(snp)); - iov.iov_base = (char *)&snp; - iov.iov_len = sizeof(union sctp_notification); - msg.msg_name = NULL; - msg.msg_namelen = 0; - msg.msg_iov = &iov; - msg.msg_iovlen = 1; - msg.msg_control = NULL; - msg.msg_controllen = 0; - msg.msg_flags = 0; - - n = recvmsg(b->num, &msg, MSG_PEEK); - if (n <= 0) { - if ((n < 0) && (get_last_socket_error() != EAGAIN) - && (get_last_socket_error() != EWOULDBLOCK)) - return -1; - else - return 0; - } - - /* if we find a notification, process it and try again if necessary */ - while (msg.msg_flags & MSG_NOTIFICATION) { - memset(&snp, 0, sizeof(snp)); - iov.iov_base = (char *)&snp; - iov.iov_len = sizeof(union sctp_notification); - msg.msg_name = NULL; - msg.msg_namelen = 0; - msg.msg_iov = &iov; - msg.msg_iovlen = 1; - msg.msg_control = NULL; - msg.msg_controllen = 0; - msg.msg_flags = 0; - - n = recvmsg(b->num, &msg, 0); - if (n <= 0) { - if ((n < 0) && (get_last_socket_error() != EAGAIN) - && (get_last_socket_error() != EWOULDBLOCK)) - return -1; - else - return is_dry; - } - - if (snp.sn_header.sn_type == SCTP_SENDER_DRY_EVENT) { - is_dry = 1; - - /* disable sender dry event */ -# ifdef SCTP_EVENT - memset(&event, 0, sizeof(event)); - event.se_assoc_id = 0; - event.se_type = SCTP_SENDER_DRY_EVENT; - event.se_on = 0; - ret = - setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENT, &event, - sizeof(struct sctp_event)); -# else - eventsize = (socklen_t) sizeof(struct sctp_event_subscribe); - ret = - getsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event, - &eventsize); - if (ret < 0) - return -1; - - event.sctp_sender_dry_event = 0; - - ret = - setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event, - sizeof(struct sctp_event_subscribe)); -# endif - if (ret < 0) - return -1; - } -# ifdef SCTP_AUTHENTICATION_EVENT - if (snp.sn_header.sn_type == SCTP_AUTHENTICATION_EVENT) - dgram_sctp_handle_auth_free_key_event(b, &snp); -# endif - - if (data->handle_notifications != NULL) - data->handle_notifications(b, data->notification_context, - (void *)&snp); - - /* found notification, peek again */ - memset(&snp, 0, sizeof(snp)); - iov.iov_base = (char *)&snp; - iov.iov_len = sizeof(union sctp_notification); - msg.msg_name = NULL; - msg.msg_namelen = 0; - msg.msg_iov = &iov; - msg.msg_iovlen = 1; - msg.msg_control = NULL; - msg.msg_controllen = 0; - msg.msg_flags = 0; - - /* if we have seen the dry already, don't wait */ - if (is_dry) { - sockflags = fcntl(b->num, F_GETFL, 0); - fcntl(b->num, F_SETFL, O_NONBLOCK); - } - - n = recvmsg(b->num, &msg, MSG_PEEK); - - if (is_dry) { - fcntl(b->num, F_SETFL, sockflags); - } - - if (n <= 0) { - if ((n < 0) && (get_last_socket_error() != EAGAIN) - && (get_last_socket_error() != EWOULDBLOCK)) - return -1; - else - return is_dry; - } - } - - /* read anything else */ - return is_dry; -} - -int BIO_dgram_sctp_msg_waiting(BIO *b) -{ - return (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SCTP_MSG_WAITING, 0, NULL); -} - -static int dgram_sctp_msg_waiting(BIO *b) -{ - int n, sockflags; - union sctp_notification snp; - struct msghdr msg; - struct iovec iov; - bio_dgram_sctp_data *data = (bio_dgram_sctp_data *) b->ptr; - - /* Check if there are any messages waiting to be read */ - do { - memset(&snp, 0, sizeof(snp)); - iov.iov_base = (char *)&snp; - iov.iov_len = sizeof(union sctp_notification); - msg.msg_name = NULL; - msg.msg_namelen = 0; - msg.msg_iov = &iov; - msg.msg_iovlen = 1; - msg.msg_control = NULL; - msg.msg_controllen = 0; - msg.msg_flags = 0; - - sockflags = fcntl(b->num, F_GETFL, 0); - fcntl(b->num, F_SETFL, O_NONBLOCK); - n = recvmsg(b->num, &msg, MSG_PEEK); - fcntl(b->num, F_SETFL, sockflags); - - /* if notification, process and try again */ - if (n > 0 && (msg.msg_flags & MSG_NOTIFICATION)) { -# ifdef SCTP_AUTHENTICATION_EVENT - if (snp.sn_header.sn_type == SCTP_AUTHENTICATION_EVENT) - dgram_sctp_handle_auth_free_key_event(b, &snp); -# endif - - memset(&snp, 0, sizeof(snp)); - iov.iov_base = (char *)&snp; - iov.iov_len = sizeof(union sctp_notification); - msg.msg_name = NULL; - msg.msg_namelen = 0; - msg.msg_iov = &iov; - msg.msg_iovlen = 1; - msg.msg_control = NULL; - msg.msg_controllen = 0; - msg.msg_flags = 0; - n = recvmsg(b->num, &msg, 0); - - if (data->handle_notifications != NULL) - data->handle_notifications(b, data->notification_context, - (void *)&snp); - } - - } while (n > 0 && (msg.msg_flags & MSG_NOTIFICATION)); - - /* Return 1 if there is a message to be read, return 0 otherwise. */ - if (n > 0) - return 1; - else - return 0; -} - -static int dgram_sctp_puts(BIO *bp, const char *str) -{ - int n, ret; - - n = strlen(str); - ret = dgram_sctp_write(bp, str, n); - return ret; -} -# endif - -static int BIO_dgram_should_retry(int i) -{ - int err; - - if ((i == 0) || (i == -1)) { - err = get_last_socket_error(); - -# if defined(OPENSSL_SYS_WINDOWS) - /* - * If the socket return value (i) is -1 and err is unexpectedly 0 at - * this point, the error code was overwritten by another system call - * before this error handling is called. - */ -# endif - - return BIO_dgram_non_fatal_error(err); - } - return 0; -} - -int BIO_dgram_non_fatal_error(int err) -{ - switch (err) { -# if defined(OPENSSL_SYS_WINDOWS) -# if defined(WSAEWOULDBLOCK) - case WSAEWOULDBLOCK: -# endif -# endif - -# ifdef EWOULDBLOCK -# ifdef WSAEWOULDBLOCK -# if WSAEWOULDBLOCK != EWOULDBLOCK - case EWOULDBLOCK: -# endif -# else - case EWOULDBLOCK: -# endif -# endif - -# ifdef EINTR - case EINTR: -# endif - -# ifdef EAGAIN -# if EWOULDBLOCK != EAGAIN - case EAGAIN: -# endif -# endif - -# ifdef EPROTO - case EPROTO: -# endif - -# ifdef EINPROGRESS - case EINPROGRESS: -# endif - -# ifdef EALREADY - case EALREADY: -# endif - - return 1; - default: - break; - } - return 0; -} - -static void get_current_time(struct timeval *t) -{ -# if defined(_WIN32) - SYSTEMTIME st; - unsigned __int64 now_ul; - FILETIME now_ft; - - GetSystemTime(&st); - SystemTimeToFileTime(&st, &now_ft); - now_ul = ((unsigned __int64)now_ft.dwHighDateTime << 32) | now_ft.dwLowDateTime; -# ifdef __MINGW32__ - now_ul -= 116444736000000000ULL; -# else - now_ul -= 116444736000000000UI64; /* re-bias to 1/1/1970 */ -# endif - t->tv_sec = (long)(now_ul / 10000000); - t->tv_usec = ((int)(now_ul % 10000000)) / 10; -# else - if (gettimeofday(t, NULL) < 0) - perror("gettimeofday"); -# endif -} - -#endif diff --git a/crypto/bio/bss_fd.c b/crypto/bio/bss_fd.c deleted file mode 100644 index f756225edb21c62c8c582e0cb183bb7f09547c26..0000000000000000000000000000000000000000 --- a/crypto/bio/bss_fd.c +++ /dev/null @@ -1,283 +0,0 @@ -/* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include - -#include "bio_local.h" - -#if defined(OPENSSL_NO_POSIX_IO) -/* - * Dummy placeholder for BIO_s_fd... - */ -BIO *BIO_new_fd(int fd, int close_flag) -{ - return NULL; -} - -int BIO_fd_non_fatal_error(int err) -{ - return 0; -} - -int BIO_fd_should_retry(int i) -{ - return 0; -} - -const BIO_METHOD *BIO_s_fd(void) -{ - return NULL; -} -#else -/* - * As for unconditional usage of "UPLINK" interface in this module. - * Trouble is that unlike Unix file descriptors [which are indexes - * in kernel-side per-process table], corresponding descriptors on - * platforms which require "UPLINK" interface seem to be indexes - * in a user-land, non-global table. Well, in fact they are indexes - * in stdio _iob[], and recall that _iob[] was the very reason why - * "UPLINK" interface was introduced in first place. But one way on - * another. Neither libcrypto or libssl use this BIO meaning that - * file descriptors can only be provided by application. Therefore - * "UPLINK" calls are due... - */ -static int fd_write(BIO *h, const char *buf, int num); -static int fd_read(BIO *h, char *buf, int size); -static int fd_puts(BIO *h, const char *str); -static int fd_gets(BIO *h, char *buf, int size); -static long fd_ctrl(BIO *h, int cmd, long arg1, void *arg2); -static int fd_new(BIO *h); -static int fd_free(BIO *data); -int BIO_fd_should_retry(int s); - -static const BIO_METHOD methods_fdp = { - BIO_TYPE_FD, - "file descriptor", - bwrite_conv, - fd_write, - bread_conv, - fd_read, - fd_puts, - fd_gets, - fd_ctrl, - fd_new, - fd_free, - NULL, /* fd_callback_ctrl */ -}; - -const BIO_METHOD *BIO_s_fd(void) -{ - return &methods_fdp; -} - -BIO *BIO_new_fd(int fd, int close_flag) -{ - BIO *ret; - ret = BIO_new(BIO_s_fd()); - if (ret == NULL) - return NULL; - BIO_set_fd(ret, fd, close_flag); - return ret; -} - -static int fd_new(BIO *bi) -{ - bi->init = 0; - bi->num = -1; - bi->ptr = NULL; - bi->flags = BIO_FLAGS_UPLINK_INTERNAL; /* essentially redundant */ - return 1; -} - -static int fd_free(BIO *a) -{ - if (a == NULL) - return 0; - if (a->shutdown) { - if (a->init) { - UP_close(a->num); - } - a->init = 0; - a->flags = BIO_FLAGS_UPLINK_INTERNAL; - } - return 1; -} - -static int fd_read(BIO *b, char *out, int outl) -{ - int ret = 0; - - if (out != NULL) { - clear_sys_error(); - ret = UP_read(b->num, out, outl); - BIO_clear_retry_flags(b); - if (ret <= 0) { - if (BIO_fd_should_retry(ret)) - BIO_set_retry_read(b); - else if (ret == 0) - b->flags |= BIO_FLAGS_IN_EOF; - } - } - return ret; -} - -static int fd_write(BIO *b, const char *in, int inl) -{ - int ret; - clear_sys_error(); - ret = UP_write(b->num, in, inl); - BIO_clear_retry_flags(b); - if (ret <= 0) { - if (BIO_fd_should_retry(ret)) - BIO_set_retry_write(b); - } - return ret; -} - -static long fd_ctrl(BIO *b, int cmd, long num, void *ptr) -{ - long ret = 1; - int *ip; - - switch (cmd) { - case BIO_CTRL_RESET: - num = 0; - /* fall thru */ - case BIO_C_FILE_SEEK: - ret = (long)UP_lseek(b->num, num, 0); - break; - case BIO_C_FILE_TELL: - case BIO_CTRL_INFO: - ret = (long)UP_lseek(b->num, 0, 1); - break; - case BIO_C_SET_FD: - fd_free(b); - b->num = *((int *)ptr); - b->shutdown = (int)num; - b->init = 1; - break; - case BIO_C_GET_FD: - if (b->init) { - ip = (int *)ptr; - if (ip != NULL) - *ip = b->num; - ret = b->num; - } else - ret = -1; - break; - case BIO_CTRL_GET_CLOSE: - ret = b->shutdown; - break; - case BIO_CTRL_SET_CLOSE: - b->shutdown = (int)num; - break; - case BIO_CTRL_PENDING: - case BIO_CTRL_WPENDING: - ret = 0; - break; - case BIO_CTRL_DUP: - case BIO_CTRL_FLUSH: - ret = 1; - break; - case BIO_CTRL_EOF: - ret = (b->flags & BIO_FLAGS_IN_EOF) != 0; - break; - default: - ret = 0; - break; - } - return ret; -} - -static int fd_puts(BIO *bp, const char *str) -{ - int n, ret; - - n = strlen(str); - ret = fd_write(bp, str, n); - return ret; -} - -static int fd_gets(BIO *bp, char *buf, int size) -{ - int ret = 0; - char *ptr = buf; - char *end = buf + size - 1; - - while (ptr < end && fd_read(bp, ptr, 1) > 0) { - if (*ptr++ == '\n') - break; - } - - ptr[0] = '\0'; - - if (buf[0] != '\0') - ret = strlen(buf); - return ret; -} - -int BIO_fd_should_retry(int i) -{ - int err; - - if ((i == 0) || (i == -1)) { - err = get_last_sys_error(); - - return BIO_fd_non_fatal_error(err); - } - return 0; -} - -int BIO_fd_non_fatal_error(int err) -{ - switch (err) { - -# ifdef EWOULDBLOCK -# ifdef WSAEWOULDBLOCK -# if WSAEWOULDBLOCK != EWOULDBLOCK - case EWOULDBLOCK: -# endif -# else - case EWOULDBLOCK: -# endif -# endif - -# if defined(ENOTCONN) - case ENOTCONN: -# endif - -# ifdef EINTR - case EINTR: -# endif - -# ifdef EAGAIN -# if EWOULDBLOCK != EAGAIN - case EAGAIN: -# endif -# endif - -# ifdef EPROTO - case EPROTO: -# endif - -# ifdef EINPROGRESS - case EINPROGRESS: -# endif - -# ifdef EALREADY - case EALREADY: -# endif - return 1; - default: - break; - } - return 0; -} -#endif diff --git a/crypto/bio/bss_file.c b/crypto/bio/bss_file.c deleted file mode 100644 index a6143b6abcf6648b326299ae09274764e9901617..0000000000000000000000000000000000000000 --- a/crypto/bio/bss_file.c +++ /dev/null @@ -1,430 +0,0 @@ -/* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#if defined(__linux) || defined(__sun) || defined(__hpux) -/* - * Following definition aliases fopen to fopen64 on above mentioned - * platforms. This makes it possible to open and sequentially access files - * larger than 2GB from 32-bit application. It does not allow to traverse - * them beyond 2GB with fseek/ftell, but on the other hand *no* 32-bit - * platform permits that, not with fseek/ftell. Not to mention that breaking - * 2GB limit for seeking would require surgery to *our* API. But sequential - * access suffices for practical cases when you can run into large files, - * such as fingerprinting, so we can let API alone. For reference, the list - * of 32-bit platforms which allow for sequential access of large files - * without extra "magic" comprise *BSD, Darwin, IRIX... - */ -# ifndef _FILE_OFFSET_BITS -# define _FILE_OFFSET_BITS 64 -# endif -#endif - -#include -#include -#include "bio_local.h" -#include - -#if !defined(OPENSSL_NO_STDIO) - -static int file_write(BIO *h, const char *buf, int num); -static int file_read(BIO *h, char *buf, int size); -static int file_puts(BIO *h, const char *str); -static int file_gets(BIO *h, char *str, int size); -static long file_ctrl(BIO *h, int cmd, long arg1, void *arg2); -static int file_new(BIO *h); -static int file_free(BIO *data); -static const BIO_METHOD methods_filep = { - BIO_TYPE_FILE, - "FILE pointer", - bwrite_conv, - file_write, - bread_conv, - file_read, - file_puts, - file_gets, - file_ctrl, - file_new, - file_free, - NULL, /* file_callback_ctrl */ -}; - -BIO *BIO_new_file(const char *filename, const char *mode) -{ - BIO *ret; - FILE *file = openssl_fopen(filename, mode); - int fp_flags = BIO_CLOSE; - - if (strchr(mode, 'b') == NULL) - fp_flags |= BIO_FP_TEXT; - - if (file == NULL) { - ERR_raise_data(ERR_LIB_SYS, get_last_sys_error(), - "calling fopen(%s, %s)", - filename, mode); - if (errno == ENOENT -#ifdef ENXIO - || errno == ENXIO -#endif - ) - ERR_raise(ERR_LIB_BIO, BIO_R_NO_SUCH_FILE); - else - ERR_raise(ERR_LIB_BIO, ERR_R_SYS_LIB); - return NULL; - } - if ((ret = BIO_new(BIO_s_file())) == NULL) { - fclose(file); - return NULL; - } - - /* we did fopen -> we disengage UPLINK */ - BIO_clear_flags(ret, BIO_FLAGS_UPLINK_INTERNAL); - BIO_set_fp(ret, file, fp_flags); - return ret; -} - -BIO *BIO_new_fp(FILE *stream, int close_flag) -{ - BIO *ret; - - if ((ret = BIO_new(BIO_s_file())) == NULL) - return NULL; - - /* redundant flag, left for documentation purposes */ - BIO_set_flags(ret, BIO_FLAGS_UPLINK_INTERNAL); - BIO_set_fp(ret, stream, close_flag); - return ret; -} - -const BIO_METHOD *BIO_s_file(void) -{ - return &methods_filep; -} - -static int file_new(BIO *bi) -{ - bi->init = 0; - bi->num = 0; - bi->ptr = NULL; - bi->flags = BIO_FLAGS_UPLINK_INTERNAL; /* default to UPLINK */ - return 1; -} - -static int file_free(BIO *a) -{ - if (a == NULL) - return 0; - if (a->shutdown) { - if ((a->init) && (a->ptr != NULL)) { - if (a->flags & BIO_FLAGS_UPLINK_INTERNAL) - UP_fclose(a->ptr); - else - fclose(a->ptr); - a->ptr = NULL; - a->flags = BIO_FLAGS_UPLINK_INTERNAL; - } - a->init = 0; - } - return 1; -} - -static int file_read(BIO *b, char *out, int outl) -{ - int ret = 0; - - if (b->init && (out != NULL)) { - if (b->flags & BIO_FLAGS_UPLINK_INTERNAL) - ret = UP_fread(out, 1, (int)outl, b->ptr); - else - ret = fread(out, 1, (int)outl, (FILE *)b->ptr); - if (ret == 0 - && (b->flags & BIO_FLAGS_UPLINK_INTERNAL - ? UP_ferror((FILE *)b->ptr) : ferror((FILE *)b->ptr))) { - ERR_raise_data(ERR_LIB_SYS, get_last_sys_error(), - "calling fread()"); - ERR_raise(ERR_LIB_BIO, ERR_R_SYS_LIB); - ret = -1; - } - } - return ret; -} - -static int file_write(BIO *b, const char *in, int inl) -{ - int ret = 0; - - if (b->init && (in != NULL)) { - if (b->flags & BIO_FLAGS_UPLINK_INTERNAL) - ret = UP_fwrite(in, (int)inl, 1, b->ptr); - else - ret = fwrite(in, (int)inl, 1, (FILE *)b->ptr); - if (ret) - ret = inl; - /* ret=fwrite(in,1,(int)inl,(FILE *)b->ptr); */ - /* - * according to Tim Hudson , the commented out - * version above can cause 'inl' write calls under some stupid stdio - * implementations (VMS) - */ - } - return ret; -} - -static long file_ctrl(BIO *b, int cmd, long num, void *ptr) -{ - long ret = 1; - FILE *fp = (FILE *)b->ptr; - FILE **fpp; - char p[4]; - int st; - - switch (cmd) { - case BIO_C_FILE_SEEK: - case BIO_CTRL_RESET: - if (b->flags & BIO_FLAGS_UPLINK_INTERNAL) - ret = (long)UP_fseek(b->ptr, num, 0); - else - ret = (long)fseek(fp, num, 0); - break; - case BIO_CTRL_EOF: - if (b->flags & BIO_FLAGS_UPLINK_INTERNAL) - ret = (long)UP_feof(fp); - else - ret = (long)feof(fp); - break; - case BIO_C_FILE_TELL: - case BIO_CTRL_INFO: - if (b->flags & BIO_FLAGS_UPLINK_INTERNAL) - ret = UP_ftell(b->ptr); - else - ret = ftell(fp); - break; - case BIO_C_SET_FILE_PTR: - file_free(b); - b->shutdown = (int)num & BIO_CLOSE; - b->ptr = ptr; - b->init = 1; -# if BIO_FLAGS_UPLINK_INTERNAL!=0 -# if defined(__MINGW32__) && defined(__MSVCRT__) && !defined(_IOB_ENTRIES) -# define _IOB_ENTRIES 20 -# endif - /* Safety net to catch purely internal BIO_set_fp calls */ -# if (defined(_MSC_VER) && _MSC_VER>=1900) || defined(__BORLANDC__) - if (ptr == stdin || ptr == stdout || ptr == stderr) - BIO_clear_flags(b, BIO_FLAGS_UPLINK_INTERNAL); -# elif defined(_IOB_ENTRIES) - if ((size_t)ptr >= (size_t)stdin && - (size_t)ptr < (size_t)(stdin + _IOB_ENTRIES)) - BIO_clear_flags(b, BIO_FLAGS_UPLINK_INTERNAL); -# endif -# endif -# ifdef UP_fsetmod - if (b->flags & BIO_FLAGS_UPLINK_INTERNAL) - UP_fsetmod(b->ptr, (char)((num & BIO_FP_TEXT) ? 't' : 'b')); - else -# endif - { -# if defined(OPENSSL_SYS_WINDOWS) - int fd = _fileno((FILE *)ptr); - if (num & BIO_FP_TEXT) - _setmode(fd, _O_TEXT); - else - _setmode(fd, _O_BINARY); - /* - * Reports show that ftell() isn't trustable in text mode. - * This has been confirmed as a bug in the Universal C RTL, see - * https://developercommunity.visualstudio.com/content/problem/425878/fseek-ftell-fail-in-text-mode-for-unix-style-text.html - * The suggested work-around from Microsoft engineering is to - * turn off buffering until the bug is resolved. - */ - if ((num & BIO_FP_TEXT) != 0) - setvbuf((FILE *)ptr, NULL, _IONBF, 0); -# elif defined(OPENSSL_SYS_MSDOS) - int fd = fileno((FILE *)ptr); - /* Set correct text/binary mode */ - if (num & BIO_FP_TEXT) - _setmode(fd, _O_TEXT); - /* Dangerous to set stdin/stdout to raw (unless redirected) */ - else { - if (fd == STDIN_FILENO || fd == STDOUT_FILENO) { - if (isatty(fd) <= 0) - _setmode(fd, _O_BINARY); - } else - _setmode(fd, _O_BINARY); - } -# elif defined(OPENSSL_SYS_WIN32_CYGWIN) - int fd = fileno((FILE *)ptr); - if (!(num & BIO_FP_TEXT)) - setmode(fd, O_BINARY); -# endif - } - break; - case BIO_C_SET_FILENAME: - file_free(b); - b->shutdown = (int)num & BIO_CLOSE; - if (num & BIO_FP_APPEND) { - if (num & BIO_FP_READ) - OPENSSL_strlcpy(p, "a+", sizeof(p)); - else - OPENSSL_strlcpy(p, "a", sizeof(p)); - } else if ((num & BIO_FP_READ) && (num & BIO_FP_WRITE)) - OPENSSL_strlcpy(p, "r+", sizeof(p)); - else if (num & BIO_FP_WRITE) - OPENSSL_strlcpy(p, "w", sizeof(p)); - else if (num & BIO_FP_READ) - OPENSSL_strlcpy(p, "r", sizeof(p)); - else { - ERR_raise(ERR_LIB_BIO, BIO_R_BAD_FOPEN_MODE); - ret = 0; - break; - } -# if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WINDOWS) - if (!(num & BIO_FP_TEXT)) - OPENSSL_strlcat(p, "b", sizeof(p)); - else - OPENSSL_strlcat(p, "t", sizeof(p)); -# elif defined(OPENSSL_SYS_WIN32_CYGWIN) - if (!(num & BIO_FP_TEXT)) - OPENSSL_strlcat(p, "b", sizeof(p)); -# endif - fp = openssl_fopen(ptr, p); - if (fp == NULL) { - ERR_raise_data(ERR_LIB_SYS, get_last_sys_error(), - "calling fopen(%s, %s)", - ptr, p); - ERR_raise(ERR_LIB_BIO, ERR_R_SYS_LIB); - ret = 0; - break; - } - b->ptr = fp; - b->init = 1; - /* we did fopen -> we disengage UPLINK */ - BIO_clear_flags(b, BIO_FLAGS_UPLINK_INTERNAL); - break; - case BIO_C_GET_FILE_PTR: - /* the ptr parameter is actually a FILE ** in this case. */ - if (ptr != NULL) { - fpp = (FILE **)ptr; - *fpp = (FILE *)b->ptr; - } - break; - case BIO_CTRL_GET_CLOSE: - ret = (long)b->shutdown; - break; - case BIO_CTRL_SET_CLOSE: - b->shutdown = (int)num; - break; - case BIO_CTRL_FLUSH: - st = b->flags & BIO_FLAGS_UPLINK_INTERNAL - ? UP_fflush(b->ptr) : fflush((FILE *)b->ptr); - if (st == EOF) { - ERR_raise_data(ERR_LIB_SYS, get_last_sys_error(), - "calling fflush()"); - ERR_raise(ERR_LIB_BIO, ERR_R_SYS_LIB); - ret = 0; - } - break; - case BIO_CTRL_DUP: - ret = 1; - break; - - case BIO_CTRL_WPENDING: - case BIO_CTRL_PENDING: - case BIO_CTRL_PUSH: - case BIO_CTRL_POP: - default: - ret = 0; - break; - } - return ret; -} - -static int file_gets(BIO *bp, char *buf, int size) -{ - int ret = 0; - - buf[0] = '\0'; - if (bp->flags & BIO_FLAGS_UPLINK_INTERNAL) { - if (!UP_fgets(buf, size, bp->ptr)) - goto err; - } else { - if (!fgets(buf, size, (FILE *)bp->ptr)) - goto err; - } - if (buf[0] != '\0') - ret = strlen(buf); - err: - return ret; -} - -static int file_puts(BIO *bp, const char *str) -{ - int n, ret; - - n = strlen(str); - ret = file_write(bp, str, n); - return ret; -} - -#else - -static int file_write(BIO *b, const char *in, int inl) -{ - return -1; -} -static int file_read(BIO *b, char *out, int outl) -{ - return -1; -} -static int file_puts(BIO *bp, const char *str) -{ - return -1; -} -static int file_gets(BIO *bp, char *buf, int size) -{ - return 0; -} -static long file_ctrl(BIO *b, int cmd, long num, void *ptr) -{ - return 0; -} -static int file_new(BIO *bi) -{ - return 0; -} -static int file_free(BIO *a) -{ - return 0; -} - -static const BIO_METHOD methods_filep = { - BIO_TYPE_FILE, - "FILE pointer", - bwrite_conv, - file_write, - bread_conv, - file_read, - file_puts, - file_gets, - file_ctrl, - file_new, - file_free, - NULL, /* file_callback_ctrl */ -}; - -const BIO_METHOD *BIO_s_file(void) -{ - return &methods_filep; -} - -BIO *BIO_new_file(const char *filename, const char *mode) -{ - return NULL; -} - -#endif /* OPENSSL_NO_STDIO */ diff --git a/crypto/bio/bss_log.c b/crypto/bio/bss_log.c deleted file mode 100644 index 82abfd5cec6305c661cdb14fd50d602ba7802925..0000000000000000000000000000000000000000 --- a/crypto/bio/bss_log.c +++ /dev/null @@ -1,417 +0,0 @@ -/* - * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * Why BIO_s_log? - * - * BIO_s_log is useful for system daemons (or services under NT). It is - * one-way BIO, it sends all stuff to syslogd (on system that commonly use - * that), or event log (on NT), or OPCOM (on OpenVMS). - * - */ - -#include -#include - -#include "bio_local.h" -#include "internal/cryptlib.h" - -#if defined(OPENSSL_SYS_WINCE) -#elif defined(OPENSSL_SYS_WIN32) -#elif defined(OPENSSL_SYS_VMS) -# include -# include -# include -# include -/* Some compiler options may mask the declaration of "_malloc32". */ -# if __INITIAL_POINTER_SIZE && defined _ANSI_C_SOURCE -# if __INITIAL_POINTER_SIZE == 64 -# pragma pointer_size save -# pragma pointer_size 32 -void *_malloc32(__size_t); -# pragma pointer_size restore -# endif /* __INITIAL_POINTER_SIZE == 64 */ -# endif /* __INITIAL_POINTER_SIZE && defined - * _ANSI_C_SOURCE */ -#elif defined(__DJGPP__) && defined(OPENSSL_NO_SOCK) -# define NO_SYSLOG -#elif (!defined(MSDOS) || defined(WATT32)) && !defined(OPENSSL_SYS_VXWORKS) && !defined(NO_SYSLOG) -# include -#endif - -#include -#include - -#ifndef NO_SYSLOG - -# if defined(OPENSSL_SYS_WIN32) -# define LOG_EMERG 0 -# define LOG_ALERT 1 -# define LOG_CRIT 2 -# define LOG_ERR 3 -# define LOG_WARNING 4 -# define LOG_NOTICE 5 -# define LOG_INFO 6 -# define LOG_DEBUG 7 - -# define LOG_DAEMON (3<<3) -# elif defined(OPENSSL_SYS_VMS) -/* On VMS, we don't really care about these, but we need them to compile */ -# define LOG_EMERG 0 -# define LOG_ALERT 1 -# define LOG_CRIT 2 -# define LOG_ERR 3 -# define LOG_WARNING 4 -# define LOG_NOTICE 5 -# define LOG_INFO 6 -# define LOG_DEBUG 7 - -# define LOG_DAEMON OPC$M_NM_NTWORK -# endif - -static int slg_write(BIO *h, const char *buf, int num); -static int slg_puts(BIO *h, const char *str); -static long slg_ctrl(BIO *h, int cmd, long arg1, void *arg2); -static int slg_new(BIO *h); -static int slg_free(BIO *data); -static void xopenlog(BIO *bp, char *name, int level); -static void xsyslog(BIO *bp, int priority, const char *string); -static void xcloselog(BIO *bp); - -static const BIO_METHOD methods_slg = { - BIO_TYPE_MEM, - "syslog", - bwrite_conv, - slg_write, - NULL, /* slg_write_old, */ - NULL, /* slg_read, */ - slg_puts, - NULL, - slg_ctrl, - slg_new, - slg_free, - NULL, /* slg_callback_ctrl */ -}; - -const BIO_METHOD *BIO_s_log(void) -{ - return &methods_slg; -} - -static int slg_new(BIO *bi) -{ - bi->init = 1; - bi->num = 0; - bi->ptr = NULL; - xopenlog(bi, "application", LOG_DAEMON); - return 1; -} - -static int slg_free(BIO *a) -{ - if (a == NULL) - return 0; - xcloselog(a); - return 1; -} - -static int slg_write(BIO *b, const char *in, int inl) -{ - int ret = inl; - char *buf; - char *pp; - int priority, i; - static const struct { - int strl; - char str[10]; - int log_level; - } mapping[] = { - { - 6, "PANIC ", LOG_EMERG - }, - { - 6, "EMERG ", LOG_EMERG - }, - { - 4, "EMR ", LOG_EMERG - }, - { - 6, "ALERT ", LOG_ALERT - }, - { - 4, "ALR ", LOG_ALERT - }, - { - 5, "CRIT ", LOG_CRIT - }, - { - 4, "CRI ", LOG_CRIT - }, - { - 6, "ERROR ", LOG_ERR - }, - { - 4, "ERR ", LOG_ERR - }, - { - 8, "WARNING ", LOG_WARNING - }, - { - 5, "WARN ", LOG_WARNING - }, - { - 4, "WAR ", LOG_WARNING - }, - { - 7, "NOTICE ", LOG_NOTICE - }, - { - 5, "NOTE ", LOG_NOTICE - }, - { - 4, "NOT ", LOG_NOTICE - }, - { - 5, "INFO ", LOG_INFO - }, - { - 4, "INF ", LOG_INFO - }, - { - 6, "DEBUG ", LOG_DEBUG - }, - { - 4, "DBG ", LOG_DEBUG - }, - { - 0, "", LOG_ERR - } - /* The default */ - }; - - if (inl < 0) - return 0; - if ((buf = OPENSSL_malloc(inl + 1)) == NULL) { - ERR_raise(ERR_LIB_BIO, ERR_R_MALLOC_FAILURE); - return 0; - } - memcpy(buf, in, inl); - buf[inl] = '\0'; - - i = 0; - while (strncmp(buf, mapping[i].str, mapping[i].strl) != 0) - i++; - priority = mapping[i].log_level; - pp = buf + mapping[i].strl; - - xsyslog(b, priority, pp); - - OPENSSL_free(buf); - return ret; -} - -static long slg_ctrl(BIO *b, int cmd, long num, void *ptr) -{ - switch (cmd) { - case BIO_CTRL_SET: - xcloselog(b); - xopenlog(b, ptr, num); - break; - default: - break; - } - return 0; -} - -static int slg_puts(BIO *bp, const char *str) -{ - int n, ret; - - n = strlen(str); - ret = slg_write(bp, str, n); - return ret; -} - -# if defined(OPENSSL_SYS_WIN32) - -static void xopenlog(BIO *bp, char *name, int level) -{ - if (check_winnt()) - bp->ptr = RegisterEventSourceA(NULL, name); - else - bp->ptr = NULL; -} - -static void xsyslog(BIO *bp, int priority, const char *string) -{ - LPCSTR lpszStrings[2]; - WORD evtype = EVENTLOG_ERROR_TYPE; - char pidbuf[DECIMAL_SIZE(DWORD) + 4]; - - if (bp->ptr == NULL) - return; - - switch (priority) { - case LOG_EMERG: - case LOG_ALERT: - case LOG_CRIT: - case LOG_ERR: - evtype = EVENTLOG_ERROR_TYPE; - break; - case LOG_WARNING: - evtype = EVENTLOG_WARNING_TYPE; - break; - case LOG_NOTICE: - case LOG_INFO: - case LOG_DEBUG: - evtype = EVENTLOG_INFORMATION_TYPE; - break; - default: - /* - * Should never happen, but set it - * as error anyway. - */ - evtype = EVENTLOG_ERROR_TYPE; - break; - } - - sprintf(pidbuf, "[%lu] ", GetCurrentProcessId()); - lpszStrings[0] = pidbuf; - lpszStrings[1] = string; - - ReportEventA(bp->ptr, evtype, 0, 1024, NULL, 2, 0, lpszStrings, NULL); -} - -static void xcloselog(BIO *bp) -{ - if (bp->ptr) - DeregisterEventSource((HANDLE) (bp->ptr)); - bp->ptr = NULL; -} - -# elif defined(OPENSSL_SYS_VMS) - -static int VMS_OPC_target = LOG_DAEMON; - -static void xopenlog(BIO *bp, char *name, int level) -{ - VMS_OPC_target = level; -} - -static void xsyslog(BIO *bp, int priority, const char *string) -{ - struct dsc$descriptor_s opc_dsc; - -/* Arrange 32-bit pointer to opcdef buffer and malloc(), if needed. */ -# if __INITIAL_POINTER_SIZE == 64 -# pragma pointer_size save -# pragma pointer_size 32 -# define OPCDEF_TYPE __char_ptr32 -# define OPCDEF_MALLOC _malloc32 -# else /* __INITIAL_POINTER_SIZE == 64 */ -# define OPCDEF_TYPE char * -# define OPCDEF_MALLOC OPENSSL_malloc -# endif /* __INITIAL_POINTER_SIZE == 64 [else] */ - - struct opcdef *opcdef_p; - -# if __INITIAL_POINTER_SIZE == 64 -# pragma pointer_size restore -# endif /* __INITIAL_POINTER_SIZE == 64 */ - - char buf[10240]; - unsigned int len; - struct dsc$descriptor_s buf_dsc; - $DESCRIPTOR(fao_cmd, "!AZ: !AZ"); - char *priority_tag; - - switch (priority) { - case LOG_EMERG: - priority_tag = "Emergency"; - break; - case LOG_ALERT: - priority_tag = "Alert"; - break; - case LOG_CRIT: - priority_tag = "Critical"; - break; - case LOG_ERR: - priority_tag = "Error"; - break; - case LOG_WARNING: - priority_tag = "Warning"; - break; - case LOG_NOTICE: - priority_tag = "Notice"; - break; - case LOG_INFO: - priority_tag = "Info"; - break; - case LOG_DEBUG: - priority_tag = "DEBUG"; - break; - } - - buf_dsc.dsc$b_dtype = DSC$K_DTYPE_T; - buf_dsc.dsc$b_class = DSC$K_CLASS_S; - buf_dsc.dsc$a_pointer = buf; - buf_dsc.dsc$w_length = sizeof(buf) - 1; - - lib$sys_fao(&fao_cmd, &len, &buf_dsc, priority_tag, string); - - /* We know there's an 8-byte header. That's documented. */ - opcdef_p = OPCDEF_MALLOC(8 + len); - opcdef_p->opc$b_ms_type = OPC$_RQ_RQST; - memcpy(opcdef_p->opc$z_ms_target_classes, &VMS_OPC_target, 3); - opcdef_p->opc$l_ms_rqstid = 0; - memcpy(&opcdef_p->opc$l_ms_text, buf, len); - - opc_dsc.dsc$b_dtype = DSC$K_DTYPE_T; - opc_dsc.dsc$b_class = DSC$K_CLASS_S; - opc_dsc.dsc$a_pointer = (OPCDEF_TYPE) opcdef_p; - opc_dsc.dsc$w_length = len + 8; - - sys$sndopr(opc_dsc, 0); - - OPENSSL_free(opcdef_p); -} - -static void xcloselog(BIO *bp) -{ -} - -# else /* Unix/Watt32 */ - -static void xopenlog(BIO *bp, char *name, int level) -{ -# ifdef WATT32 /* djgpp/DOS */ - openlog(name, LOG_PID | LOG_CONS | LOG_NDELAY, level); -# else - openlog(name, LOG_PID | LOG_CONS, level); -# endif -} - -static void xsyslog(BIO *bp, int priority, const char *string) -{ - syslog(priority, "%s", string); -} - -static void xcloselog(BIO *bp) -{ - closelog(); -} - -# endif /* Unix */ - -#else /* NO_SYSLOG */ -const BIO_METHOD *BIO_s_log(void) -{ - return NULL; -} -#endif /* NO_SYSLOG */ diff --git a/crypto/bio/bss_mem.c b/crypto/bio/bss_mem.c deleted file mode 100644 index 9153c1f1cd8163e0c48036a21260ef660b467cd3..0000000000000000000000000000000000000000 --- a/crypto/bio/bss_mem.c +++ /dev/null @@ -1,387 +0,0 @@ -/* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include "bio_local.h" -#include "internal/cryptlib.h" - -static int mem_write(BIO *h, const char *buf, int num); -static int mem_read(BIO *h, char *buf, int size); -static int mem_puts(BIO *h, const char *str); -static int mem_gets(BIO *h, char *str, int size); -static long mem_ctrl(BIO *h, int cmd, long arg1, void *arg2); -static int mem_new(BIO *h); -static int secmem_new(BIO *h); -static int mem_free(BIO *data); -static int mem_buf_free(BIO *data); -static int mem_buf_sync(BIO *h); - -static const BIO_METHOD mem_method = { - BIO_TYPE_MEM, - "memory buffer", - bwrite_conv, - mem_write, - bread_conv, - mem_read, - mem_puts, - mem_gets, - mem_ctrl, - mem_new, - mem_free, - NULL, /* mem_callback_ctrl */ -}; - -static const BIO_METHOD secmem_method = { - BIO_TYPE_MEM, - "secure memory buffer", - bwrite_conv, - mem_write, - bread_conv, - mem_read, - mem_puts, - mem_gets, - mem_ctrl, - secmem_new, - mem_free, - NULL, /* mem_callback_ctrl */ -}; - -/* - * BIO memory stores buffer and read pointer - * however the roles are different for read only BIOs. - * In that case the readp just stores the original state - * to be used for reset. - */ -typedef struct bio_buf_mem_st { - struct buf_mem_st *buf; /* allocated buffer */ - struct buf_mem_st *readp; /* read pointer */ -} BIO_BUF_MEM; - -/* - * bio->num is used to hold the value to return on 'empty', if it is 0, - * should_retry is not set - */ - -const BIO_METHOD *BIO_s_mem(void) -{ - return &mem_method; -} - -const BIO_METHOD *BIO_s_secmem(void) -{ - return(&secmem_method); -} - -BIO *BIO_new_mem_buf(const void *buf, int len) -{ - BIO *ret; - BUF_MEM *b; - BIO_BUF_MEM *bb; - size_t sz; - - if (buf == NULL) { - ERR_raise(ERR_LIB_BIO, ERR_R_PASSED_NULL_PARAMETER); - return NULL; - } - sz = (len < 0) ? strlen(buf) : (size_t)len; - if ((ret = BIO_new(BIO_s_mem())) == NULL) - return NULL; - bb = (BIO_BUF_MEM *)ret->ptr; - b = bb->buf; - /* Cast away const and trust in the MEM_RDONLY flag. */ - b->data = (void *)buf; - b->length = sz; - b->max = sz; - *bb->readp = *bb->buf; - ret->flags |= BIO_FLAGS_MEM_RDONLY; - /* Since this is static data retrying won't help */ - ret->num = 0; - return ret; -} - -static int mem_init(BIO *bi, unsigned long flags) -{ - BIO_BUF_MEM *bb = OPENSSL_zalloc(sizeof(*bb)); - - if (bb == NULL) - return 0; - if ((bb->buf = BUF_MEM_new_ex(flags)) == NULL) { - OPENSSL_free(bb); - return 0; - } - if ((bb->readp = OPENSSL_zalloc(sizeof(*bb->readp))) == NULL) { - BUF_MEM_free(bb->buf); - OPENSSL_free(bb); - return 0; - } - *bb->readp = *bb->buf; - bi->shutdown = 1; - bi->init = 1; - bi->num = -1; - bi->ptr = (char *)bb; - return 1; -} - -static int mem_new(BIO *bi) -{ - return mem_init(bi, 0L); -} - -static int secmem_new(BIO *bi) -{ - return mem_init(bi, BUF_MEM_FLAG_SECURE); -} - -static int mem_free(BIO *a) -{ - BIO_BUF_MEM *bb; - - if (a == NULL) - return 0; - - bb = (BIO_BUF_MEM *)a->ptr; - if (!mem_buf_free(a)) - return 0; - OPENSSL_free(bb->readp); - OPENSSL_free(bb); - return 1; -} - -static int mem_buf_free(BIO *a) -{ - if (a == NULL) - return 0; - - if (a->shutdown && a->init && a->ptr != NULL) { - BIO_BUF_MEM *bb = (BIO_BUF_MEM *)a->ptr; - BUF_MEM *b = bb->buf; - - if (a->flags & BIO_FLAGS_MEM_RDONLY) - b->data = NULL; - BUF_MEM_free(b); - } - return 1; -} - -/* - * Reallocate memory buffer if read pointer differs - * NOT FOR RDONLY - */ -static int mem_buf_sync(BIO *b) -{ - if (b != NULL && b->init != 0 && b->ptr != NULL) { - BIO_BUF_MEM *bbm = (BIO_BUF_MEM *)b->ptr; - - if (bbm->readp->data != bbm->buf->data) { - memmove(bbm->buf->data, bbm->readp->data, bbm->readp->length); - bbm->buf->length = bbm->readp->length; - bbm->readp->data = bbm->buf->data; - } - } - return 0; -} - -static int mem_read(BIO *b, char *out, int outl) -{ - int ret = -1; - BIO_BUF_MEM *bbm = (BIO_BUF_MEM *)b->ptr; - BUF_MEM *bm = bbm->readp; - - if (b->flags & BIO_FLAGS_MEM_RDONLY) - bm = bbm->buf; - BIO_clear_retry_flags(b); - ret = (outl >= 0 && (size_t)outl > bm->length) ? (int)bm->length : outl; - if ((out != NULL) && (ret > 0)) { - memcpy(out, bm->data, ret); - bm->length -= ret; - bm->max -= ret; - bm->data += ret; - } else if (bm->length == 0) { - ret = b->num; - if (ret != 0) - BIO_set_retry_read(b); - } - return ret; -} - -static int mem_write(BIO *b, const char *in, int inl) -{ - int ret = -1; - int blen; - BIO_BUF_MEM *bbm = (BIO_BUF_MEM *)b->ptr; - - if (b->flags & BIO_FLAGS_MEM_RDONLY) { - ERR_raise(ERR_LIB_BIO, BIO_R_WRITE_TO_READ_ONLY_BIO); - goto end; - } - BIO_clear_retry_flags(b); - if (inl == 0) - return 0; - if (in == NULL) { - ERR_raise(ERR_LIB_BIO, ERR_R_PASSED_NULL_PARAMETER); - goto end; - } - blen = bbm->readp->length; - mem_buf_sync(b); - if (BUF_MEM_grow_clean(bbm->buf, blen + inl) == 0) - goto end; - memcpy(bbm->buf->data + blen, in, inl); - *bbm->readp = *bbm->buf; - ret = inl; - end: - return ret; -} - -static long mem_ctrl(BIO *b, int cmd, long num, void *ptr) -{ - long ret = 1; - char **pptr; - BIO_BUF_MEM *bbm = (BIO_BUF_MEM *)b->ptr; - BUF_MEM *bm, *bo; /* bio_mem, bio_other */ - long off, remain; - - if (b->flags & BIO_FLAGS_MEM_RDONLY) { - bm = bbm->buf; - bo = bbm->readp; - } else { - bm = bbm->readp; - bo = bbm->buf; - } - off = (bm->data == bo->data) ? 0 : bm->data - bo->data; - remain = bm->length; - - switch (cmd) { - case BIO_CTRL_RESET: - bm = bbm->buf; - if (bm->data != NULL) { - if (!(b->flags & BIO_FLAGS_MEM_RDONLY)) { - if (!(b->flags & BIO_FLAGS_NONCLEAR_RST)) { - memset(bm->data, 0, bm->max); - bm->length = 0; - } - *bbm->readp = *bbm->buf; - } else { - /* For read only case just reset to the start again */ - *bbm->buf = *bbm->readp; - } - } - break; - case BIO_C_FILE_SEEK: - if (num < 0 || num > off + remain) - return -1; /* Can't see outside of the current buffer */ - - bm->data = (num != 0) ? bo->data + num : bo->data; - bm->length = bo->length - num; - bm->max = bo->max - num; - off = num; - /* FALLTHRU */ - case BIO_C_FILE_TELL: - ret = off; - break; - case BIO_CTRL_EOF: - ret = (long)(bm->length == 0); - break; - case BIO_C_SET_BUF_MEM_EOF_RETURN: - b->num = (int)num; - break; - case BIO_CTRL_INFO: - ret = (long)bm->length; - if (ptr != NULL) { - pptr = (char **)ptr; - *pptr = (char *)(bm->data); - } - break; - case BIO_C_SET_BUF_MEM: - mem_buf_free(b); - b->shutdown = (int)num; - bbm->buf = ptr; - *bbm->readp = *bbm->buf; - break; - case BIO_C_GET_BUF_MEM_PTR: - if (ptr != NULL) { - if (!(b->flags & BIO_FLAGS_MEM_RDONLY)) - mem_buf_sync(b); - bm = bbm->buf; - pptr = (char **)ptr; - *pptr = (char *)bm; - } - break; - case BIO_CTRL_GET_CLOSE: - ret = (long)b->shutdown; - break; - case BIO_CTRL_SET_CLOSE: - b->shutdown = (int)num; - break; - case BIO_CTRL_WPENDING: - ret = 0L; - break; - case BIO_CTRL_PENDING: - ret = (long)bm->length; - break; - case BIO_CTRL_DUP: - case BIO_CTRL_FLUSH: - ret = 1; - break; - case BIO_CTRL_PUSH: - case BIO_CTRL_POP: - default: - ret = 0; - break; - } - return ret; -} - -static int mem_gets(BIO *bp, char *buf, int size) -{ - int i, j; - int ret = -1; - char *p; - BIO_BUF_MEM *bbm = (BIO_BUF_MEM *)bp->ptr; - BUF_MEM *bm = bbm->readp; - - if (bp->flags & BIO_FLAGS_MEM_RDONLY) - bm = bbm->buf; - BIO_clear_retry_flags(bp); - j = bm->length; - if ((size - 1) < j) - j = size - 1; - if (j <= 0) { - *buf = '\0'; - return 0; - } - p = bm->data; - for (i = 0; i < j; i++) { - if (p[i] == '\n') { - i++; - break; - } - } - - /* - * i is now the max num of bytes to copy, either j or up to - * and including the first newline - */ - - i = mem_read(bp, buf, i); - if (i > 0) - buf[i] = '\0'; - ret = i; - return ret; -} - -static int mem_puts(BIO *bp, const char *str) -{ - int n, ret; - - n = strlen(str); - ret = mem_write(bp, str, n); - /* memory semantics is that it will always work */ - return ret; -} diff --git a/crypto/bio/bss_null.c b/crypto/bio/bss_null.c deleted file mode 100644 index ba266f186c2180824e6ea49bcaaa5bd2b707d58b..0000000000000000000000000000000000000000 --- a/crypto/bio/bss_null.c +++ /dev/null @@ -1,85 +0,0 @@ -/* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include "bio_local.h" -#include "internal/cryptlib.h" - -static int null_write(BIO *h, const char *buf, int num); -static int null_read(BIO *h, char *buf, int size); -static int null_puts(BIO *h, const char *str); -static int null_gets(BIO *h, char *str, int size); -static long null_ctrl(BIO *h, int cmd, long arg1, void *arg2); -static const BIO_METHOD null_method = { - BIO_TYPE_NULL, - "NULL", - bwrite_conv, - null_write, - bread_conv, - null_read, - null_puts, - null_gets, - null_ctrl, - NULL, - NULL, - NULL, /* null_callback_ctrl */ -}; - -const BIO_METHOD *BIO_s_null(void) -{ - return &null_method; -} - -static int null_read(BIO *b, char *out, int outl) -{ - return 0; -} - -static int null_write(BIO *b, const char *in, int inl) -{ - return inl; -} - -static long null_ctrl(BIO *b, int cmd, long num, void *ptr) -{ - long ret = 1; - - switch (cmd) { - case BIO_CTRL_RESET: - case BIO_CTRL_EOF: - case BIO_CTRL_SET: - case BIO_CTRL_SET_CLOSE: - case BIO_CTRL_FLUSH: - case BIO_CTRL_DUP: - ret = 1; - break; - case BIO_CTRL_GET_CLOSE: - case BIO_CTRL_INFO: - case BIO_CTRL_GET: - case BIO_CTRL_PENDING: - case BIO_CTRL_WPENDING: - default: - ret = 0; - break; - } - return ret; -} - -static int null_gets(BIO *bp, char *buf, int size) -{ - return 0; -} - -static int null_puts(BIO *bp, const char *str) -{ - if (str == NULL) - return 0; - return strlen(str); -} diff --git a/crypto/bio/bss_sock.c b/crypto/bio/bss_sock.c deleted file mode 100644 index f5d88102303a27603930cc182ebe487869b7df53..0000000000000000000000000000000000000000 --- a/crypto/bio/bss_sock.c +++ /dev/null @@ -1,287 +0,0 @@ -/* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include "bio_local.h" -#include "internal/cryptlib.h" -#include "internal/ktls.h" - -#ifndef OPENSSL_NO_SOCK - -# include - -# ifdef WATT32 -/* Watt-32 uses same names */ -# undef sock_write -# undef sock_read -# undef sock_puts -# define sock_write SockWrite -# define sock_read SockRead -# define sock_puts SockPuts -# endif - -static int sock_write(BIO *h, const char *buf, int num); -static int sock_read(BIO *h, char *buf, int size); -static int sock_puts(BIO *h, const char *str); -static long sock_ctrl(BIO *h, int cmd, long arg1, void *arg2); -static int sock_new(BIO *h); -static int sock_free(BIO *data); -int BIO_sock_should_retry(int s); - -static const BIO_METHOD methods_sockp = { - BIO_TYPE_SOCKET, - "socket", - bwrite_conv, - sock_write, - bread_conv, - sock_read, - sock_puts, - NULL, /* sock_gets, */ - sock_ctrl, - sock_new, - sock_free, - NULL, /* sock_callback_ctrl */ -}; - -const BIO_METHOD *BIO_s_socket(void) -{ - return &methods_sockp; -} - -BIO *BIO_new_socket(int fd, int close_flag) -{ - BIO *ret; - - ret = BIO_new(BIO_s_socket()); - if (ret == NULL) - return NULL; - BIO_set_fd(ret, fd, close_flag); -# ifndef OPENSSL_NO_KTLS - { - /* - * The new socket is created successfully regardless of ktls_enable. - * ktls_enable doesn't change any functionality of the socket, except - * changing the setsockopt to enable the processing of ktls_start. - * Thus, it is not a problem to call it for non-TLS sockets. - */ - ktls_enable(fd); - } -# endif - return ret; -} - -static int sock_new(BIO *bi) -{ - bi->init = 0; - bi->num = 0; - bi->ptr = NULL; - bi->flags = 0; - return 1; -} - -static int sock_free(BIO *a) -{ - if (a == NULL) - return 0; - if (a->shutdown) { - if (a->init) { - BIO_closesocket(a->num); - } - a->init = 0; - a->flags = 0; - } - return 1; -} - -static int sock_read(BIO *b, char *out, int outl) -{ - int ret = 0; - - if (out != NULL) { - clear_socket_error(); -# ifndef OPENSSL_NO_KTLS - if (BIO_get_ktls_recv(b)) - ret = ktls_read_record(b->num, out, outl); - else -# endif - ret = readsocket(b->num, out, outl); - BIO_clear_retry_flags(b); - if (ret <= 0) { - if (BIO_sock_should_retry(ret)) - BIO_set_retry_read(b); - else if (ret == 0) - b->flags |= BIO_FLAGS_IN_EOF; - } - } - return ret; -} - -static int sock_write(BIO *b, const char *in, int inl) -{ - int ret = 0; - - clear_socket_error(); -# ifndef OPENSSL_NO_KTLS - if (BIO_should_ktls_ctrl_msg_flag(b)) { - unsigned char record_type = (intptr_t)b->ptr; - ret = ktls_send_ctrl_message(b->num, record_type, in, inl); - if (ret >= 0) { - ret = inl; - BIO_clear_ktls_ctrl_msg_flag(b); - } - } else -# endif - ret = writesocket(b->num, in, inl); - BIO_clear_retry_flags(b); - if (ret <= 0) { - if (BIO_sock_should_retry(ret)) - BIO_set_retry_write(b); - } - return ret; -} - -static long sock_ctrl(BIO *b, int cmd, long num, void *ptr) -{ - long ret = 1; - int *ip; -# ifndef OPENSSL_NO_KTLS - ktls_crypto_info_t *crypto_info; -# endif - - switch (cmd) { - case BIO_C_SET_FD: - sock_free(b); - b->num = *((int *)ptr); - b->shutdown = (int)num; - b->init = 1; - break; - case BIO_C_GET_FD: - if (b->init) { - ip = (int *)ptr; - if (ip != NULL) - *ip = b->num; - ret = b->num; - } else - ret = -1; - break; - case BIO_CTRL_GET_CLOSE: - ret = b->shutdown; - break; - case BIO_CTRL_SET_CLOSE: - b->shutdown = (int)num; - break; - case BIO_CTRL_DUP: - case BIO_CTRL_FLUSH: - ret = 1; - break; -# ifndef OPENSSL_NO_KTLS - case BIO_CTRL_SET_KTLS: - crypto_info = (ktls_crypto_info_t *)ptr; - ret = ktls_start(b->num, crypto_info, num); - if (ret) - BIO_set_ktls_flag(b, num); - break; - case BIO_CTRL_GET_KTLS_SEND: - return BIO_should_ktls_flag(b, 1) != 0; - case BIO_CTRL_GET_KTLS_RECV: - return BIO_should_ktls_flag(b, 0) != 0; - case BIO_CTRL_SET_KTLS_TX_SEND_CTRL_MSG: - BIO_set_ktls_ctrl_msg_flag(b); - b->ptr = (void *)num; - ret = 0; - break; - case BIO_CTRL_CLEAR_KTLS_TX_CTRL_MSG: - BIO_clear_ktls_ctrl_msg_flag(b); - ret = 0; - break; -# endif - case BIO_CTRL_EOF: - ret = (b->flags & BIO_FLAGS_IN_EOF) != 0; - break; - default: - ret = 0; - break; - } - return ret; -} - -static int sock_puts(BIO *bp, const char *str) -{ - int n, ret; - - n = strlen(str); - ret = sock_write(bp, str, n); - return ret; -} - -int BIO_sock_should_retry(int i) -{ - int err; - - if ((i == 0) || (i == -1)) { - err = get_last_socket_error(); - - return BIO_sock_non_fatal_error(err); - } - return 0; -} - -int BIO_sock_non_fatal_error(int err) -{ - switch (err) { -# if defined(OPENSSL_SYS_WINDOWS) -# if defined(WSAEWOULDBLOCK) - case WSAEWOULDBLOCK: -# endif -# endif - -# ifdef EWOULDBLOCK -# ifdef WSAEWOULDBLOCK -# if WSAEWOULDBLOCK != EWOULDBLOCK - case EWOULDBLOCK: -# endif -# else - case EWOULDBLOCK: -# endif -# endif - -# if defined(ENOTCONN) - case ENOTCONN: -# endif - -# ifdef EINTR - case EINTR: -# endif - -# ifdef EAGAIN -# if EWOULDBLOCK != EAGAIN - case EAGAIN: -# endif -# endif - -# ifdef EPROTO - case EPROTO: -# endif - -# ifdef EINPROGRESS - case EINPROGRESS: -# endif - -# ifdef EALREADY - case EALREADY: -# endif - return 1; - default: - break; - } - return 0; -} - -#endif /* #ifndef OPENSSL_NO_SOCK */ diff --git a/crypto/bio/build.info b/crypto/bio/build.info deleted file mode 100644 index b203ed5e63fe3325632cd3397eb49246b5d5ea6e..0000000000000000000000000000000000000000 --- a/crypto/bio/build.info +++ /dev/null @@ -1,18 +0,0 @@ -LIBS=../../libcrypto - -# Base library -SOURCE[../../libcrypto]=\ - bio_lib.c bio_cb.c bio_err.c \ - bio_print.c bio_dump.c bio_addr.c \ - bio_sock.c bio_sock2.c \ - bio_meth.c ossl_core_bio.c - -# Source / sink implementations -SOURCE[../../libcrypto]=\ - bss_null.c bss_mem.c bss_bio.c bss_fd.c bss_file.c \ - bss_sock.c bss_conn.c bss_acpt.c bss_dgram.c \ - bss_log.c bss_core.c - -# Filters -SOURCE[../../libcrypto]=\ - bf_null.c bf_buff.c bf_lbuf.c bf_nbio.c bf_prefix.c bf_readbuff.c diff --git a/crypto/bio/ossl_core_bio.c b/crypto/bio/ossl_core_bio.c deleted file mode 100644 index 328302ea34e61d614e416da7f45eff1f58f7c9f9..0000000000000000000000000000000000000000 --- a/crypto/bio/ossl_core_bio.c +++ /dev/null @@ -1,124 +0,0 @@ -/* - * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "bio_local.h" - -/*- - * Core BIO structure - * This is distinct from a BIO to prevent casting between the two which could - * lead to versioning problems. - */ -struct ossl_core_bio_st { - CRYPTO_REF_COUNT ref_cnt; - CRYPTO_RWLOCK *ref_lock; - BIO *bio; -}; - -static OSSL_CORE_BIO *core_bio_new(void) -{ - OSSL_CORE_BIO *cb = OPENSSL_malloc(sizeof(*cb)); - - if (cb == NULL || (cb->ref_lock = CRYPTO_THREAD_lock_new()) == NULL) { - OPENSSL_free(cb); - return NULL; - } - cb->ref_cnt = 1; - return cb; -} - -int ossl_core_bio_up_ref(OSSL_CORE_BIO *cb) -{ - int ref = 0; - - return CRYPTO_UP_REF(&cb->ref_cnt, &ref, cb->ref_lock); -} - -int ossl_core_bio_free(OSSL_CORE_BIO *cb) -{ - int ref = 0, res = 1; - - if (cb != NULL) { - CRYPTO_DOWN_REF(&cb->ref_cnt, &ref, cb->ref_lock); - if (ref <= 0) { - res = BIO_free(cb->bio); - CRYPTO_THREAD_lock_free(cb->ref_lock); - OPENSSL_free(cb); - } - } - return res; -} - -OSSL_CORE_BIO *ossl_core_bio_new_from_bio(BIO *bio) -{ - OSSL_CORE_BIO *cb = core_bio_new(); - - if (cb == NULL || !BIO_up_ref(bio)) { - ossl_core_bio_free(cb); - return NULL; - } - cb->bio = bio; - return cb; -} - -static OSSL_CORE_BIO *core_bio_new_from_new_bio(BIO *bio) -{ - OSSL_CORE_BIO *cb = NULL; - - if (bio == NULL) - return NULL; - if ((cb = core_bio_new()) == NULL) { - BIO_free(bio); - return NULL; - } - cb->bio = bio; - return cb; -} - -OSSL_CORE_BIO *ossl_core_bio_new_file(const char *filename, const char *mode) -{ - return core_bio_new_from_new_bio(BIO_new_file(filename, mode)); -} - -OSSL_CORE_BIO *ossl_core_bio_new_mem_buf(const void *buf, int len) -{ - return core_bio_new_from_new_bio(BIO_new_mem_buf(buf, len)); -} - -int ossl_core_bio_read_ex(OSSL_CORE_BIO *cb, void *data, size_t dlen, - size_t *readbytes) -{ - return BIO_read_ex(cb->bio, data, dlen, readbytes); -} - -int ossl_core_bio_write_ex(OSSL_CORE_BIO *cb, const void *data, size_t dlen, - size_t *written) -{ - return BIO_write_ex(cb->bio, data, dlen, written); -} - -int ossl_core_bio_gets(OSSL_CORE_BIO *cb, char *buf, int size) -{ - return BIO_gets(cb->bio, buf, size); -} - -int ossl_core_bio_puts(OSSL_CORE_BIO *cb, const char *buf) -{ - return BIO_puts(cb->bio, buf); -} - -long ossl_core_bio_ctrl(OSSL_CORE_BIO *cb, int cmd, long larg, void *parg) -{ - return BIO_ctrl(cb->bio, cmd, larg, parg); -} - -int ossl_core_bio_vprintf(OSSL_CORE_BIO *cb, const char *format, va_list args) -{ - return BIO_vprintf(cb->bio, format, args); -} diff --git a/crypto/bn/README.pod b/crypto/bn/README.pod deleted file mode 100644 index 1286fc0d4132538576128f25b7cf76b9546288ad..0000000000000000000000000000000000000000 --- a/crypto/bn/README.pod +++ /dev/null @@ -1,241 +0,0 @@ -=pod - -=head1 NAME - -bn_mul_words, bn_mul_add_words, bn_sqr_words, bn_div_words, -bn_add_words, bn_sub_words, bn_mul_comba4, bn_mul_comba8, -bn_sqr_comba4, bn_sqr_comba8, bn_cmp_words, bn_mul_normal, -bn_mul_low_normal, bn_mul_recursive, bn_mul_part_recursive, -bn_mul_low_recursive, bn_sqr_normal, bn_sqr_recursive, -bn_expand, bn_wexpand, bn_expand2, bn_fix_top, bn_check_top, -bn_print, bn_dump, bn_set_max, bn_set_high, bn_set_low - BIGNUM -library internal functions - -=head1 SYNOPSIS - - #include - - BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w); - BN_ULONG bn_mul_add_words(BN_ULONG *rp, BN_ULONG *ap, int num, - BN_ULONG w); - void bn_sqr_words(BN_ULONG *rp, BN_ULONG *ap, int num); - BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d); - BN_ULONG bn_add_words(BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp, - int num); - BN_ULONG bn_sub_words(BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp, - int num); - - void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b); - void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b); - void bn_sqr_comba4(BN_ULONG *r, BN_ULONG *a); - void bn_sqr_comba8(BN_ULONG *r, BN_ULONG *a); - - int bn_cmp_words(BN_ULONG *a, BN_ULONG *b, int n); - - void bn_mul_normal(BN_ULONG *r, BN_ULONG *a, int na, BN_ULONG *b, - int nb); - void bn_mul_low_normal(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n); - void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2, - int dna, int dnb, BN_ULONG *tmp); - void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, - int n, int tna, int tnb, BN_ULONG *tmp); - void bn_mul_low_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, - int n2, BN_ULONG *tmp); - - void bn_sqr_normal(BN_ULONG *r, BN_ULONG *a, int n, BN_ULONG *tmp); - void bn_sqr_recursive(BN_ULONG *r, BN_ULONG *a, int n2, BN_ULONG *tmp); - - void mul(BN_ULONG r, BN_ULONG a, BN_ULONG w, BN_ULONG c); - void mul_add(BN_ULONG r, BN_ULONG a, BN_ULONG w, BN_ULONG c); - void sqr(BN_ULONG r0, BN_ULONG r1, BN_ULONG a); - - BIGNUM *bn_expand(BIGNUM *a, int bits); - BIGNUM *bn_wexpand(BIGNUM *a, int n); - BIGNUM *bn_expand2(BIGNUM *a, int n); - void bn_fix_top(BIGNUM *a); - - void bn_check_top(BIGNUM *a); - void bn_print(BIGNUM *a); - void bn_dump(BN_ULONG *d, int n); - void bn_set_max(BIGNUM *a); - void bn_set_high(BIGNUM *r, BIGNUM *a, int n); - void bn_set_low(BIGNUM *r, BIGNUM *a, int n); - -=head1 DESCRIPTION - -This page documents the internal functions used by the OpenSSL -B implementation. They are described here to facilitate -debugging and extending the library. They are I to be used by -applications. - -=head2 The BIGNUM structure - - typedef struct bignum_st BIGNUM; - - struct bignum_st - { - BN_ULONG *d; /* Pointer to an array of 'BN_BITS2' bit chunks. */ - int top; /* Index of last used d +1. */ - /* The next are internal book keeping for bn_expand. */ - int dmax; /* Size of the d array. */ - int neg; /* one if the number is negative */ - int flags; - }; - - -The integer value is stored in B, a malloc()ed array of words (B), -least significant word first. A B can be either 16, 32 or 64 bits -in size, depending on the 'number of bits' (B) specified in -C. - -B is the size of the B array that has been allocated. B -is the number of words being used, so for a value of 4, bn.d[0]=4 and -bn.top=1. B is 1 if the number is negative. When a B is -B<0>, the B field can be B and B == B<0>. - -B is a bit field of flags which are defined in C. The -flags begin with B. The macros BN_set_flags(b, n) and -BN_get_flags(b, n) exist to enable or fetch flag(s) B from B -structure B. - -Various routines in this library require the use of temporary -B variables during their execution. Since dynamic memory -allocation to create Bs is rather expensive when used in -conjunction with repeated subroutine calls, the B structure is -used. This structure contains B Bs, see -L. - -=head2 Low-level arithmetic operations - -These functions are implemented in C and for several platforms in -assembly language: - -bn_mul_words(B, B, B, B) operates on the B word -arrays B and B. It computes B * B, places the result -in B, and returns the high word (carry). - -bn_mul_add_words(B, B, B, B) operates on the B -word arrays B and B. It computes B * B + B, places -the result in B, and returns the high word (carry). - -bn_sqr_words(B, B, B) operates on the B word array -B and the 2*B word array B. It computes B * B -word-wise, and places the low and high bytes of the result in B. - -bn_div_words(B, B, B) divides the two word number (B, B) -by B and returns the result. - -bn_add_words(B, B, B, B) operates on the B word -arrays B, B and B. It computes B + B, places the -result in B, and returns the high word (carry). - -bn_sub_words(B, B, B, B) operates on the B word -arrays B, B and B. It computes B - B, places the -result in B, and returns the carry (1 if B E B, 0 -otherwise). - -bn_mul_comba4(B, B, B) operates on the 4 word arrays B and -B and the 8 word array B. It computes B*B and places the -result in B. - -bn_mul_comba8(B, B, B) operates on the 8 word arrays B and -B and the 16 word array B. It computes B*B and places the -result in B. - -bn_sqr_comba4(B, B, B) operates on the 4 word arrays B and -B and the 8 word array B. - -bn_sqr_comba8(B, B, B) operates on the 8 word arrays B and -B and the 16 word array B. - -The following functions are implemented in C: - -bn_cmp_words(B, B, B) operates on the B word arrays B -and B. It returns 1, 0 and -1 if B is greater than, equal and -less than B. - -bn_mul_normal(B, B, B, B, B) operates on the B -word array B, the B word array B and the B+B word -array B. It computes B*B and places the result in B. - -bn_mul_low_normal(B, B, B, B) operates on the B word -arrays B, B and B. It computes the B low words of -B*B and places the result in B. - -bn_mul_recursive(B, B, B, B, B, B, B) operates -on the word arrays B and B of length B+B and B+B -(B and B are currently allowed to be 0 or negative) and the 2*B -word arrays B and B. B must be a power of 2. It computes -B*B and places the result in B. - -bn_mul_part_recursive(B, B, B, B, B, B, B) -operates on the word arrays B and B of length B+B and -B+B and the 4*B word arrays B and B. - -bn_mul_low_recursive(B, B, B, B, B) operates on the -B word arrays B and B and the B/2 word arrays B -and B. - -BN_mul() calls bn_mul_normal(), or an optimized implementation if the -factors have the same size: bn_mul_comba8() is used if they are 8 -words long, bn_mul_recursive() if they are larger than -B and the size is an exact multiple of the word -size, and bn_mul_part_recursive() for others that are larger than -B. - -bn_sqr_normal(B, B, B, B) operates on the B word array -B and the 2*B word arrays B and B. - -The implementations use the following macros which, depending on the -architecture, may use "long long" C operations or inline assembler. -They are defined in C. - -mul(B, B, B, B) computes B*B+B and places the -low word of the result in B and the high word in B. - -mul_add(B, B, B, B) computes B*B+B+B and -places the low word of the result in B and the high word in B. - -sqr(B, B, B) computes B*B and places the low word -of the result in B and the high word in B. - -=head2 Size changes - -bn_expand() ensures that B has enough space for a B bit -number. bn_wexpand() ensures that B has enough space for an -B word number. If the number has to be expanded, both macros -call bn_expand2(), which allocates a new B array and copies the -data. They return B on error, B otherwise. - -The bn_fix_top() macro reduces Btop> to point to the most -significant non-zero word plus one when B has shrunk. - -=head2 Debugging - -bn_check_top() verifies that C<((a)-Etop E= 0 && (a)-Etop -E= (a)-Edmax)>. A violation will cause the program to abort. - -bn_print() prints B to stderr. bn_dump() prints B words at B -(in reverse order, i.e. most significant word first) to stderr. - -bn_set_max() makes B a static number with a B of its current size. -This is used by bn_set_low() and bn_set_high() to make B a read-only -B that contains the B low or high words of B. - -If B is not defined, bn_check_top(), bn_print(), bn_dump() -and bn_set_max() are defined as empty macros. - -=head1 SEE ALSO - -L - -=head1 COPYRIGHT - -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. - -Licensed under the Apache License 2.0 (the "License"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file LICENSE in the source distribution or at -L. - -=cut diff --git a/crypto/bn/asm/alpha-mont.pl b/crypto/bn/asm/alpha-mont.pl deleted file mode 100644 index 9d362a6f65ed7388a48e34869e7ba5be4080cb93..0000000000000000000000000000000000000000 --- a/crypto/bn/asm/alpha-mont.pl +++ /dev/null @@ -1,327 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - -# -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# ==================================================================== -# -# On 21264 RSA sign performance improves by 70/35/20/15 percent for -# 512/1024/2048/4096 bit key lengths. This is against vendor compiler -# instructed to '-tune host' code with in-line assembler. Other -# benchmarks improve by 15-20%. To anchor it to something else, the -# code provides approximately the same performance per GHz as AMD64. -# I.e. if you compare 1GHz 21264 and 2GHz Opteron, you'll observe ~2x -# difference. - -$output=pop and open STDOUT,">$output"; - -# int bn_mul_mont( -$rp="a0"; # BN_ULONG *rp, -$ap="a1"; # const BN_ULONG *ap, -$bp="a2"; # const BN_ULONG *bp, -$np="a3"; # const BN_ULONG *np, -$n0="a4"; # const BN_ULONG *n0, -$num="a5"; # int num); - -$lo0="t0"; -$hi0="t1"; -$lo1="t2"; -$hi1="t3"; -$aj="t4"; -$bi="t5"; -$nj="t6"; -$tp="t7"; -$alo="t8"; -$ahi="t9"; -$nlo="t10"; -$nhi="t11"; -$tj="t12"; -$i="s3"; -$j="s4"; -$m1="s5"; - -$code=<<___; -#ifdef __linux__ -#include -#else -#include -#include -#endif - -.text - -.set noat -.set noreorder - -.globl bn_mul_mont -.align 5 -.ent bn_mul_mont -bn_mul_mont: - lda sp,-48(sp) - stq ra,0(sp) - stq s3,8(sp) - stq s4,16(sp) - stq s5,24(sp) - stq fp,32(sp) - mov sp,fp - .mask 0x0400f000,-48 - .frame fp,48,ra - .prologue 0 - - .align 4 - .set reorder - sextl $num,$num - mov 0,v0 - cmplt $num,4,AT - bne AT,.Lexit - - ldq $hi0,0($ap) # ap[0] - s8addq $num,16,AT - ldq $aj,8($ap) - subq sp,AT,sp - ldq $bi,0($bp) # bp[0] - lda AT,-4096(zero) # mov -4096,AT - ldq $n0,0($n0) - and sp,AT,sp - - mulq $hi0,$bi,$lo0 - ldq $hi1,0($np) # np[0] - umulh $hi0,$bi,$hi0 - ldq $nj,8($np) - - mulq $lo0,$n0,$m1 - - mulq $hi1,$m1,$lo1 - umulh $hi1,$m1,$hi1 - - addq $lo1,$lo0,$lo1 - cmpult $lo1,$lo0,AT - addq $hi1,AT,$hi1 - - mulq $aj,$bi,$alo - mov 2,$j - umulh $aj,$bi,$ahi - mov sp,$tp - - mulq $nj,$m1,$nlo - s8addq $j,$ap,$aj - umulh $nj,$m1,$nhi - s8addq $j,$np,$nj -.align 4 -.L1st: - .set noreorder - ldq $aj,0($aj) - addl $j,1,$j - ldq $nj,0($nj) - lda $tp,8($tp) - - addq $alo,$hi0,$lo0 - mulq $aj,$bi,$alo - cmpult $lo0,$hi0,AT - addq $nlo,$hi1,$lo1 - - mulq $nj,$m1,$nlo - addq $ahi,AT,$hi0 - cmpult $lo1,$hi1,v0 - cmplt $j,$num,$tj - - umulh $aj,$bi,$ahi - addq $nhi,v0,$hi1 - addq $lo1,$lo0,$lo1 - s8addq $j,$ap,$aj - - umulh $nj,$m1,$nhi - cmpult $lo1,$lo0,v0 - addq $hi1,v0,$hi1 - s8addq $j,$np,$nj - - stq $lo1,-8($tp) - nop - unop - bne $tj,.L1st - .set reorder - - addq $alo,$hi0,$lo0 - addq $nlo,$hi1,$lo1 - cmpult $lo0,$hi0,AT - cmpult $lo1,$hi1,v0 - addq $ahi,AT,$hi0 - addq $nhi,v0,$hi1 - - addq $lo1,$lo0,$lo1 - cmpult $lo1,$lo0,v0 - addq $hi1,v0,$hi1 - - stq $lo1,0($tp) - - addq $hi1,$hi0,$hi1 - cmpult $hi1,$hi0,AT - stq $hi1,8($tp) - stq AT,16($tp) - - mov 1,$i -.align 4 -.Louter: - s8addq $i,$bp,$bi - ldq $hi0,0($ap) - ldq $aj,8($ap) - ldq $bi,0($bi) - ldq $hi1,0($np) - ldq $nj,8($np) - ldq $tj,0(sp) - - mulq $hi0,$bi,$lo0 - umulh $hi0,$bi,$hi0 - - addq $lo0,$tj,$lo0 - cmpult $lo0,$tj,AT - addq $hi0,AT,$hi0 - - mulq $lo0,$n0,$m1 - - mulq $hi1,$m1,$lo1 - umulh $hi1,$m1,$hi1 - - addq $lo1,$lo0,$lo1 - cmpult $lo1,$lo0,AT - mov 2,$j - addq $hi1,AT,$hi1 - - mulq $aj,$bi,$alo - mov sp,$tp - umulh $aj,$bi,$ahi - - mulq $nj,$m1,$nlo - s8addq $j,$ap,$aj - umulh $nj,$m1,$nhi -.align 4 -.Linner: - .set noreorder - ldq $tj,8($tp) #L0 - nop #U1 - ldq $aj,0($aj) #L1 - s8addq $j,$np,$nj #U0 - - ldq $nj,0($nj) #L0 - nop #U1 - addq $alo,$hi0,$lo0 #L1 - lda $tp,8($tp) - - mulq $aj,$bi,$alo #U1 - cmpult $lo0,$hi0,AT #L0 - addq $nlo,$hi1,$lo1 #L1 - addl $j,1,$j - - mulq $nj,$m1,$nlo #U1 - addq $ahi,AT,$hi0 #L0 - addq $lo0,$tj,$lo0 #L1 - cmpult $lo1,$hi1,v0 #U0 - - umulh $aj,$bi,$ahi #U1 - cmpult $lo0,$tj,AT #L0 - addq $lo1,$lo0,$lo1 #L1 - addq $nhi,v0,$hi1 #U0 - - umulh $nj,$m1,$nhi #U1 - s8addq $j,$ap,$aj #L0 - cmpult $lo1,$lo0,v0 #L1 - cmplt $j,$num,$tj #U0 # borrow $tj - - addq $hi0,AT,$hi0 #L0 - addq $hi1,v0,$hi1 #U1 - stq $lo1,-8($tp) #L1 - bne $tj,.Linner #U0 - .set reorder - - ldq $tj,8($tp) - addq $alo,$hi0,$lo0 - addq $nlo,$hi1,$lo1 - cmpult $lo0,$hi0,AT - cmpult $lo1,$hi1,v0 - addq $ahi,AT,$hi0 - addq $nhi,v0,$hi1 - - addq $lo0,$tj,$lo0 - cmpult $lo0,$tj,AT - addq $hi0,AT,$hi0 - - ldq $tj,16($tp) - addq $lo1,$lo0,$j - cmpult $j,$lo0,v0 - addq $hi1,v0,$hi1 - - addq $hi1,$hi0,$lo1 - stq $j,0($tp) - cmpult $lo1,$hi0,$hi1 - addq $lo1,$tj,$lo1 - cmpult $lo1,$tj,AT - addl $i,1,$i - addq $hi1,AT,$hi1 - stq $lo1,8($tp) - cmplt $i,$num,$tj # borrow $tj - stq $hi1,16($tp) - bne $tj,.Louter - - s8addq $num,sp,$tj # &tp[num] - mov $rp,$bp # put rp aside - mov sp,$tp - mov sp,$ap - mov 0,$hi0 # clear borrow bit - -.align 4 -.Lsub: ldq $lo0,0($tp) - ldq $lo1,0($np) - lda $tp,8($tp) - lda $np,8($np) - subq $lo0,$lo1,$lo1 # tp[i]-np[i] - cmpult $lo0,$lo1,AT - subq $lo1,$hi0,$lo0 - cmpult $lo1,$lo0,$hi0 - or $hi0,AT,$hi0 - stq $lo0,0($rp) - cmpult $tp,$tj,v0 - lda $rp,8($rp) - bne v0,.Lsub - - subq $hi1,$hi0,$hi0 # handle upmost overflow bit - mov sp,$tp - mov $bp,$rp # restore rp - -.align 4 -.Lcopy: ldq $aj,0($tp) # conditional copy - ldq $nj,0($rp) - lda $tp,8($tp) - lda $rp,8($rp) - cmoveq $hi0,$nj,$aj - stq zero,-8($tp) # zap tp - cmpult $tp,$tj,AT - stq $aj,-8($rp) - bne AT,.Lcopy - mov 1,v0 - -.Lexit: - .set noreorder - mov fp,sp - /*ldq ra,0(sp)*/ - ldq s3,8(sp) - ldq s4,16(sp) - ldq s5,24(sp) - ldq fp,32(sp) - lda sp,48(sp) - ret (ra) -.end bn_mul_mont -.ascii "Montgomery Multiplication for Alpha, CRYPTOGAMS by " -.align 2 -___ - -print $code; -close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/bn/asm/armv4-gf2m.pl b/crypto/bn/asm/armv4-gf2m.pl deleted file mode 100644 index d380c89f1f2b68508226b85631e0668f44642e2e..0000000000000000000000000000000000000000 --- a/crypto/bn/asm/armv4-gf2m.pl +++ /dev/null @@ -1,341 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2011-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - -# -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# ==================================================================== -# -# May 2011 -# -# The module implements bn_GF2m_mul_2x2 polynomial multiplication -# used in bn_gf2m.c. It's kind of low-hanging mechanical port from -# C for the time being... Except that it has two code paths: pure -# integer code suitable for any ARMv4 and later CPU and NEON code -# suitable for ARMv7. Pure integer 1x1 multiplication subroutine runs -# in ~45 cycles on dual-issue core such as Cortex A8, which is ~50% -# faster than compiler-generated code. For ECDH and ECDSA verify (but -# not for ECDSA sign) it means 25%-45% improvement depending on key -# length, more for longer keys. Even though NEON 1x1 multiplication -# runs in even less cycles, ~30, improvement is measurable only on -# longer keys. One has to optimize code elsewhere to get NEON glow... -# -# April 2014 -# -# Double bn_GF2m_mul_2x2 performance by using algorithm from paper -# referred below, which improves ECDH and ECDSA verify benchmarks -# by 18-40%. -# -# Câmara, D.; Gouvêa, C. P. L.; López, J. & Dahab, R.: Fast Software -# Polynomial Multiplication on ARM Processors using the NEON Engine. -# -# http://conradoplg.cryptoland.net/files/2010/12/mocrysen13.pdf - -# $output is the last argument if it looks like a file (it has an extension) -# $flavour is the first argument if it doesn't look like a file -$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; -$flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef; - -if ($flavour && $flavour ne "void") { - $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; - ( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or - ( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or - die "can't locate arm-xlate.pl"; - - open STDOUT,"| \"$^X\" $xlate $flavour \"$output\"" - or die "can't call $xlate: $1"; -} else { - $output and open STDOUT,">$output"; -} - -$code=<<___; -#include "arm_arch.h" - -#if defined(__thumb2__) -.syntax unified -.thumb -#else -.code 32 -#endif - -.text -___ -################ -# private interface to mul_1x1_ialu -# -$a="r1"; -$b="r0"; - -($a0,$a1,$a2,$a12,$a4,$a14)= -($hi,$lo,$t0,$t1, $i0,$i1 )=map("r$_",(4..9),12); - -$mask="r12"; - -$code.=<<___; -.type mul_1x1_ialu,%function -.align 5 -mul_1x1_ialu: - mov $a0,#0 - bic $a1,$a,#3<<30 @ a1=a&0x3fffffff - str $a0,[sp,#0] @ tab[0]=0 - add $a2,$a1,$a1 @ a2=a1<<1 - str $a1,[sp,#4] @ tab[1]=a1 - eor $a12,$a1,$a2 @ a1^a2 - str $a2,[sp,#8] @ tab[2]=a2 - mov $a4,$a1,lsl#2 @ a4=a1<<2 - str $a12,[sp,#12] @ tab[3]=a1^a2 - eor $a14,$a1,$a4 @ a1^a4 - str $a4,[sp,#16] @ tab[4]=a4 - eor $a0,$a2,$a4 @ a2^a4 - str $a14,[sp,#20] @ tab[5]=a1^a4 - eor $a12,$a12,$a4 @ a1^a2^a4 - str $a0,[sp,#24] @ tab[6]=a2^a4 - and $i0,$mask,$b,lsl#2 - str $a12,[sp,#28] @ tab[7]=a1^a2^a4 - - and $i1,$mask,$b,lsr#1 - ldr $lo,[sp,$i0] @ tab[b & 0x7] - and $i0,$mask,$b,lsr#4 - ldr $t1,[sp,$i1] @ tab[b >> 3 & 0x7] - and $i1,$mask,$b,lsr#7 - ldr $t0,[sp,$i0] @ tab[b >> 6 & 0x7] - eor $lo,$lo,$t1,lsl#3 @ stall - mov $hi,$t1,lsr#29 - ldr $t1,[sp,$i1] @ tab[b >> 9 & 0x7] - - and $i0,$mask,$b,lsr#10 - eor $lo,$lo,$t0,lsl#6 - eor $hi,$hi,$t0,lsr#26 - ldr $t0,[sp,$i0] @ tab[b >> 12 & 0x7] - - and $i1,$mask,$b,lsr#13 - eor $lo,$lo,$t1,lsl#9 - eor $hi,$hi,$t1,lsr#23 - ldr $t1,[sp,$i1] @ tab[b >> 15 & 0x7] - - and $i0,$mask,$b,lsr#16 - eor $lo,$lo,$t0,lsl#12 - eor $hi,$hi,$t0,lsr#20 - ldr $t0,[sp,$i0] @ tab[b >> 18 & 0x7] - - and $i1,$mask,$b,lsr#19 - eor $lo,$lo,$t1,lsl#15 - eor $hi,$hi,$t1,lsr#17 - ldr $t1,[sp,$i1] @ tab[b >> 21 & 0x7] - - and $i0,$mask,$b,lsr#22 - eor $lo,$lo,$t0,lsl#18 - eor $hi,$hi,$t0,lsr#14 - ldr $t0,[sp,$i0] @ tab[b >> 24 & 0x7] - - and $i1,$mask,$b,lsr#25 - eor $lo,$lo,$t1,lsl#21 - eor $hi,$hi,$t1,lsr#11 - ldr $t1,[sp,$i1] @ tab[b >> 27 & 0x7] - - tst $a,#1<<30 - and $i0,$mask,$b,lsr#28 - eor $lo,$lo,$t0,lsl#24 - eor $hi,$hi,$t0,lsr#8 - ldr $t0,[sp,$i0] @ tab[b >> 30 ] - -#ifdef __thumb2__ - itt ne -#endif - eorne $lo,$lo,$b,lsl#30 - eorne $hi,$hi,$b,lsr#2 - tst $a,#1<<31 - eor $lo,$lo,$t1,lsl#27 - eor $hi,$hi,$t1,lsr#5 -#ifdef __thumb2__ - itt ne -#endif - eorne $lo,$lo,$b,lsl#31 - eorne $hi,$hi,$b,lsr#1 - eor $lo,$lo,$t0,lsl#30 - eor $hi,$hi,$t0,lsr#2 - - mov pc,lr -.size mul_1x1_ialu,.-mul_1x1_ialu -___ -################ -# void bn_GF2m_mul_2x2(BN_ULONG *r, -# BN_ULONG a1,BN_ULONG a0, -# BN_ULONG b1,BN_ULONG b0); # r[3..0]=a1a0·b1b0 -{ -$code.=<<___; -.global bn_GF2m_mul_2x2 -.type bn_GF2m_mul_2x2,%function -.align 5 -bn_GF2m_mul_2x2: -#if __ARM_MAX_ARCH__>=7 - stmdb sp!,{r10,lr} - ldr r12,.LOPENSSL_armcap -# if !defined(_WIN32) - adr r10,.LOPENSSL_armcap - ldr r12,[r12,r10] -# endif -# if defined(__APPLE__) || defined(_WIN32) - ldr r12,[r12] -# endif - tst r12,#ARMV7_NEON - itt ne - ldrne r10,[sp],#8 - bne .LNEON - stmdb sp!,{r4-r9} -#else - stmdb sp!,{r4-r10,lr} -#endif -___ -$ret="r10"; # reassigned 1st argument -$code.=<<___; - mov $ret,r0 @ reassign 1st argument - mov $b,r3 @ $b=b1 - sub r7,sp,#36 - mov r8,sp - and r7,r7,#-32 - ldr r3,[sp,#32] @ load b0 - mov $mask,#7<<2 - mov sp,r7 @ allocate tab[8] - str r8,[r7,#32] - - bl mul_1x1_ialu @ a1·b1 - str $lo,[$ret,#8] - str $hi,[$ret,#12] - - eor $b,$b,r3 @ flip b0 and b1 - eor $a,$a,r2 @ flip a0 and a1 - eor r3,r3,$b - eor r2,r2,$a - eor $b,$b,r3 - eor $a,$a,r2 - bl mul_1x1_ialu @ a0·b0 - str $lo,[$ret] - str $hi,[$ret,#4] - - eor $a,$a,r2 - eor $b,$b,r3 - bl mul_1x1_ialu @ (a1+a0)·(b1+b0) -___ -@r=map("r$_",(6..9)); -$code.=<<___; - ldmia $ret,{@r[0]-@r[3]} - eor $lo,$lo,$hi - ldr sp,[sp,#32] @ destroy tab[8] - eor $hi,$hi,@r[1] - eor $lo,$lo,@r[0] - eor $hi,$hi,@r[2] - eor $lo,$lo,@r[3] - eor $hi,$hi,@r[3] - str $hi,[$ret,#8] - eor $lo,$lo,$hi - str $lo,[$ret,#4] - -#if __ARM_ARCH__>=5 - ldmia sp!,{r4-r10,pc} -#else - ldmia sp!,{r4-r10,lr} - tst lr,#1 - moveq pc,lr @ be binary compatible with V4, yet - bx lr @ interoperable with Thumb ISA:-) -#endif -___ -} -{ -my ($r,$t0,$t1,$t2,$t3)=map("q$_",(0..3,8..12)); -my ($a,$b,$k48,$k32,$k16)=map("d$_",(26..31)); - -$code.=<<___; -#if __ARM_MAX_ARCH__>=7 -.arch armv7-a -.fpu neon - -.align 5 -.LNEON: - ldr r12, [sp] @ 5th argument - vmov $a, r2, r1 - vmov $b, r12, r3 - vmov.i64 $k48, #0x0000ffffffffffff - vmov.i64 $k32, #0x00000000ffffffff - vmov.i64 $k16, #0x000000000000ffff - - vext.8 $t0#lo, $a, $a, #1 @ A1 - vmull.p8 $t0, $t0#lo, $b @ F = A1*B - vext.8 $r#lo, $b, $b, #1 @ B1 - vmull.p8 $r, $a, $r#lo @ E = A*B1 - vext.8 $t1#lo, $a, $a, #2 @ A2 - vmull.p8 $t1, $t1#lo, $b @ H = A2*B - vext.8 $t3#lo, $b, $b, #2 @ B2 - vmull.p8 $t3, $a, $t3#lo @ G = A*B2 - vext.8 $t2#lo, $a, $a, #3 @ A3 - veor $t0, $t0, $r @ L = E + F - vmull.p8 $t2, $t2#lo, $b @ J = A3*B - vext.8 $r#lo, $b, $b, #3 @ B3 - veor $t1, $t1, $t3 @ M = G + H - vmull.p8 $r, $a, $r#lo @ I = A*B3 - veor $t0#lo, $t0#lo, $t0#hi @ t0 = (L) (P0 + P1) << 8 - vand $t0#hi, $t0#hi, $k48 - vext.8 $t3#lo, $b, $b, #4 @ B4 - veor $t1#lo, $t1#lo, $t1#hi @ t1 = (M) (P2 + P3) << 16 - vand $t1#hi, $t1#hi, $k32 - vmull.p8 $t3, $a, $t3#lo @ K = A*B4 - veor $t2, $t2, $r @ N = I + J - veor $t0#lo, $t0#lo, $t0#hi - veor $t1#lo, $t1#lo, $t1#hi - veor $t2#lo, $t2#lo, $t2#hi @ t2 = (N) (P4 + P5) << 24 - vand $t2#hi, $t2#hi, $k16 - vext.8 $t0, $t0, $t0, #15 - veor $t3#lo, $t3#lo, $t3#hi @ t3 = (K) (P6 + P7) << 32 - vmov.i64 $t3#hi, #0 - vext.8 $t1, $t1, $t1, #14 - veor $t2#lo, $t2#lo, $t2#hi - vmull.p8 $r, $a, $b @ D = A*B - vext.8 $t3, $t3, $t3, #12 - vext.8 $t2, $t2, $t2, #13 - veor $t0, $t0, $t1 - veor $t2, $t2, $t3 - veor $r, $r, $t0 - veor $r, $r, $t2 - - vst1.32 {$r}, [r0] - ret @ bx lr -#endif -___ -} -$code.=<<___; -.size bn_GF2m_mul_2x2,.-bn_GF2m_mul_2x2 -#if __ARM_MAX_ARCH__>=7 -.align 5 -.LOPENSSL_armcap: -# ifdef _WIN32 -.word OPENSSL_armcap_P -# else -.word OPENSSL_armcap_P-. -# endif -#endif -.asciz "GF(2^m) Multiplication for ARMv4/NEON, CRYPTOGAMS by " -.align 5 - -#if __ARM_MAX_ARCH__>=7 -.comm OPENSSL_armcap_P,4,4 -#endif -___ - -foreach (split("\n",$code)) { - s/\`([^\`]*)\`/eval $1/geo; - - s/\bq([0-9]+)#(lo|hi)/sprintf "d%d",2*$1+($2 eq "hi")/geo or - s/\bret\b/bx lr/go or - s/\bbx\s+lr\b/.word\t0xe12fff1e/go; # make it possible to compile with -march=armv4 - - print $_,"\n"; -} -close STDOUT or die "error closing STDOUT: $!"; # enforce flush diff --git a/crypto/bn/asm/armv4-mont.pl b/crypto/bn/asm/armv4-mont.pl deleted file mode 100644 index c26df751a5eb2c9b07a10594d452fa564077b3f7..0000000000000000000000000000000000000000 --- a/crypto/bn/asm/armv4-mont.pl +++ /dev/null @@ -1,766 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - - -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# ==================================================================== - -# January 2007. - -# Montgomery multiplication for ARMv4. -# -# Performance improvement naturally varies among CPU implementations -# and compilers. The code was observed to provide +65-35% improvement -# [depending on key length, less for longer keys] on ARM920T, and -# +115-80% on Intel IXP425. This is compared to pre-bn_mul_mont code -# base and compiler generated code with in-lined umull and even umlal -# instructions. The latter means that this code didn't really have an -# "advantage" of utilizing some "secret" instruction. -# -# The code is interoperable with Thumb ISA and is rather compact, less -# than 1/2KB. Windows CE port would be trivial, as it's exclusively -# about decorations, ABI and instruction syntax are identical. - -# November 2013 -# -# Add NEON code path, which handles lengths divisible by 8. RSA/DSA -# performance improvement on Cortex-A8 is ~45-100% depending on key -# length, more for longer keys. On Cortex-A15 the span is ~10-105%. -# On Snapdragon S4 improvement was measured to vary from ~70% to -# incredible ~380%, yes, 4.8x faster, for RSA4096 sign. But this is -# rather because original integer-only code seems to perform -# suboptimally on S4. Situation on Cortex-A9 is unfortunately -# different. It's being looked into, but the trouble is that -# performance for vectors longer than 256 bits is actually couple -# of percent worse than for integer-only code. The code is chosen -# for execution on all NEON-capable processors, because gain on -# others outweighs the marginal loss on Cortex-A9. - -# September 2015 -# -# Align Cortex-A9 performance with November 2013 improvements, i.e. -# NEON code is now ~20-105% faster than integer-only one on this -# processor. But this optimization further improved performance even -# on other processors: NEON code path is ~45-180% faster than original -# integer-only on Cortex-A8, ~10-210% on Cortex-A15, ~70-450% on -# Snapdragon S4. - -# $output is the last argument if it looks like a file (it has an extension) -# $flavour is the first argument if it doesn't look like a file -my $output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; -my $flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef; - -if ($flavour && $flavour ne "void") { - $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; - ( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or - ( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or - die "can't locate arm-xlate.pl"; - - open STDOUT,"| \"$^X\" $xlate $flavour \"$output\"" - or die "can't call $xlate: $1"; -} else { - $output and open STDOUT,">$output"; -} - -$num="r0"; # starts as num argument, but holds &tp[num-1] -$ap="r1"; -$bp="r2"; $bi="r2"; $rp="r2"; -$np="r3"; -$tp="r4"; -$aj="r5"; -$nj="r6"; -$tj="r7"; -$n0="r8"; -########### # r9 is reserved by ELF as platform specific, e.g. TLS pointer -$alo="r10"; # sl, gcc uses it to keep @GOT -$ahi="r11"; # fp -$nlo="r12"; # ip -########### # r13 is stack pointer -$nhi="r14"; # lr -########### # r15 is program counter - -#### argument block layout relative to &tp[num-1], a.k.a. $num -$_rp="$num,#12*4"; -# ap permanently resides in r1 -$_bp="$num,#13*4"; -# np permanently resides in r3 -$_n0="$num,#14*4"; -$_num="$num,#15*4"; $_bpend=$_num; - -$code=<<___; -#include "arm_arch.h" - -#if defined(__thumb2__) -.syntax unified -.thumb -#else -.code 32 -#endif - -.text - -#if __ARM_MAX_ARCH__>=7 -.align 5 -.LOPENSSL_armcap: -# ifdef _WIN32 -.word OPENSSL_armcap_P -# else -.word OPENSSL_armcap_P-.Lbn_mul_mont -# endif -#endif - -.global bn_mul_mont -.type bn_mul_mont,%function - -.align 5 -bn_mul_mont: -.Lbn_mul_mont: - ldr ip,[sp,#4] @ load num - stmdb sp!,{r0,r2} @ sp points at argument block -#if __ARM_MAX_ARCH__>=7 - tst ip,#7 - bne .Lialu - ldr r0,.LOPENSSL_armcap -#if !defined(_WIN32) - adr r2,.Lbn_mul_mont - ldr r0,[r0,r2] -# endif -# if defined(__APPLE__) || defined(_WIN32) - ldr r0,[r0] -# endif - tst r0,#ARMV7_NEON @ NEON available? - ldmia sp, {r0,r2} - beq .Lialu - add sp,sp,#8 - b bn_mul8x_mont_neon -.align 4 -.Lialu: -#endif - cmp ip,#2 - mov $num,ip @ load num -#ifdef __thumb2__ - ittt lt -#endif - movlt r0,#0 - addlt sp,sp,#2*4 - blt .Labrt - - stmdb sp!,{r4-r12,lr} @ save 10 registers - - mov $num,$num,lsl#2 @ rescale $num for byte count - sub sp,sp,$num @ alloca(4*num) - sub sp,sp,#4 @ +extra dword - sub $num,$num,#4 @ "num=num-1" - add $tp,$bp,$num @ &bp[num-1] - - add $num,sp,$num @ $num to point at &tp[num-1] - ldr $n0,[$_n0] @ &n0 - ldr $bi,[$bp] @ bp[0] - ldr $aj,[$ap],#4 @ ap[0],ap++ - ldr $nj,[$np],#4 @ np[0],np++ - ldr $n0,[$n0] @ *n0 - str $tp,[$_bpend] @ save &bp[num] - - umull $alo,$ahi,$aj,$bi @ ap[0]*bp[0] - str $n0,[$_n0] @ save n0 value - mul $n0,$alo,$n0 @ "tp[0]"*n0 - mov $nlo,#0 - umlal $alo,$nlo,$nj,$n0 @ np[0]*n0+"t[0]" - mov $tp,sp - -.L1st: - ldr $aj,[$ap],#4 @ ap[j],ap++ - mov $alo,$ahi - ldr $nj,[$np],#4 @ np[j],np++ - mov $ahi,#0 - umlal $alo,$ahi,$aj,$bi @ ap[j]*bp[0] - mov $nhi,#0 - umlal $nlo,$nhi,$nj,$n0 @ np[j]*n0 - adds $nlo,$nlo,$alo - str $nlo,[$tp],#4 @ tp[j-1]=,tp++ - adc $nlo,$nhi,#0 - cmp $tp,$num - bne .L1st - - adds $nlo,$nlo,$ahi - ldr $tp,[$_bp] @ restore bp - mov $nhi,#0 - ldr $n0,[$_n0] @ restore n0 - adc $nhi,$nhi,#0 - str $nlo,[$num] @ tp[num-1]= - mov $tj,sp - str $nhi,[$num,#4] @ tp[num]= - -.Louter: - sub $tj,$num,$tj @ "original" $num-1 value - sub $ap,$ap,$tj @ "rewind" ap to &ap[1] - ldr $bi,[$tp,#4]! @ *(++bp) - sub $np,$np,$tj @ "rewind" np to &np[1] - ldr $aj,[$ap,#-4] @ ap[0] - ldr $alo,[sp] @ tp[0] - ldr $nj,[$np,#-4] @ np[0] - ldr $tj,[sp,#4] @ tp[1] - - mov $ahi,#0 - umlal $alo,$ahi,$aj,$bi @ ap[0]*bp[i]+tp[0] - str $tp,[$_bp] @ save bp - mul $n0,$alo,$n0 - mov $nlo,#0 - umlal $alo,$nlo,$nj,$n0 @ np[0]*n0+"tp[0]" - mov $tp,sp - -.Linner: - ldr $aj,[$ap],#4 @ ap[j],ap++ - adds $alo,$ahi,$tj @ +=tp[j] - ldr $nj,[$np],#4 @ np[j],np++ - mov $ahi,#0 - umlal $alo,$ahi,$aj,$bi @ ap[j]*bp[i] - mov $nhi,#0 - umlal $nlo,$nhi,$nj,$n0 @ np[j]*n0 - adc $ahi,$ahi,#0 - ldr $tj,[$tp,#8] @ tp[j+1] - adds $nlo,$nlo,$alo - str $nlo,[$tp],#4 @ tp[j-1]=,tp++ - adc $nlo,$nhi,#0 - cmp $tp,$num - bne .Linner - - adds $nlo,$nlo,$ahi - mov $nhi,#0 - ldr $tp,[$_bp] @ restore bp - adc $nhi,$nhi,#0 - ldr $n0,[$_n0] @ restore n0 - adds $nlo,$nlo,$tj - ldr $tj,[$_bpend] @ restore &bp[num] - adc $nhi,$nhi,#0 - str $nlo,[$num] @ tp[num-1]= - str $nhi,[$num,#4] @ tp[num]= - - cmp $tp,$tj -#ifdef __thumb2__ - itt ne -#endif - movne $tj,sp - bne .Louter - - ldr $rp,[$_rp] @ pull rp - mov $aj,sp - add $num,$num,#4 @ $num to point at &tp[num] - sub $aj,$num,$aj @ "original" num value - mov $tp,sp @ "rewind" $tp - mov $ap,$tp @ "borrow" $ap - sub $np,$np,$aj @ "rewind" $np to &np[0] - - subs $tj,$tj,$tj @ "clear" carry flag -.Lsub: ldr $tj,[$tp],#4 - ldr $nj,[$np],#4 - sbcs $tj,$tj,$nj @ tp[j]-np[j] - str $tj,[$rp],#4 @ rp[j]= - teq $tp,$num @ preserve carry - bne .Lsub - sbcs $nhi,$nhi,#0 @ upmost carry - mov $tp,sp @ "rewind" $tp - sub $rp,$rp,$aj @ "rewind" $rp - -.Lcopy: ldr $tj,[$tp] @ conditional copy - ldr $aj,[$rp] - str sp,[$tp],#4 @ zap tp -#ifdef __thumb2__ - it cc -#endif - movcc $aj,$tj - str $aj,[$rp],#4 - teq $tp,$num @ preserve carry - bne .Lcopy - - mov sp,$num - add sp,sp,#4 @ skip over tp[num+1] - ldmia sp!,{r4-r12,lr} @ restore registers - add sp,sp,#2*4 @ skip over {r0,r2} - mov r0,#1 -.Labrt: -#if __ARM_ARCH__>=5 - ret @ bx lr -#else - tst lr,#1 - moveq pc,lr @ be binary compatible with V4, yet - bx lr @ interoperable with Thumb ISA:-) -#endif -.size bn_mul_mont,.-bn_mul_mont -___ -{ -my ($A0,$A1,$A2,$A3)=map("d$_",(0..3)); -my ($N0,$N1,$N2,$N3)=map("d$_",(4..7)); -my ($Z,$Temp)=("q4","q5"); -my @ACC=map("q$_",(6..13)); -my ($Bi,$Ni,$M0)=map("d$_",(28..31)); -my $zero="$Z#lo"; -my $temp="$Temp#lo"; - -my ($rptr,$aptr,$bptr,$nptr,$n0,$num)=map("r$_",(0..5)); -my ($tinptr,$toutptr,$inner,$outer,$bnptr)=map("r$_",(6..11)); - -$code.=<<___; -#if __ARM_MAX_ARCH__>=7 -.arch armv7-a -.fpu neon - -.type bn_mul8x_mont_neon,%function -.align 5 -bn_mul8x_mont_neon: - mov ip,sp - stmdb sp!,{r4-r11} - vstmdb sp!,{d8-d15} @ ABI specification says so - ldmia ip,{r4-r5} @ load rest of parameter block - mov ip,sp - - cmp $num,#8 - bhi .LNEON_8n - - @ special case for $num==8, everything is in register bank... - - vld1.32 {${Bi}[0]}, [$bptr,:32]! - veor $zero,$zero,$zero - sub $toutptr,sp,$num,lsl#4 - vld1.32 {$A0-$A3}, [$aptr]! @ can't specify :32 :-( - and $toutptr,$toutptr,#-64 - vld1.32 {${M0}[0]}, [$n0,:32] - mov sp,$toutptr @ alloca - vzip.16 $Bi,$zero - - vmull.u32 @ACC[0],$Bi,${A0}[0] - vmull.u32 @ACC[1],$Bi,${A0}[1] - vmull.u32 @ACC[2],$Bi,${A1}[0] - vshl.i64 $Ni,@ACC[0]#hi,#16 - vmull.u32 @ACC[3],$Bi,${A1}[1] - - vadd.u64 $Ni,$Ni,@ACC[0]#lo - veor $zero,$zero,$zero - vmul.u32 $Ni,$Ni,$M0 - - vmull.u32 @ACC[4],$Bi,${A2}[0] - vld1.32 {$N0-$N3}, [$nptr]! - vmull.u32 @ACC[5],$Bi,${A2}[1] - vmull.u32 @ACC[6],$Bi,${A3}[0] - vzip.16 $Ni,$zero - vmull.u32 @ACC[7],$Bi,${A3}[1] - - vmlal.u32 @ACC[0],$Ni,${N0}[0] - sub $outer,$num,#1 - vmlal.u32 @ACC[1],$Ni,${N0}[1] - vmlal.u32 @ACC[2],$Ni,${N1}[0] - vmlal.u32 @ACC[3],$Ni,${N1}[1] - - vmlal.u32 @ACC[4],$Ni,${N2}[0] - vmov $Temp,@ACC[0] - vmlal.u32 @ACC[5],$Ni,${N2}[1] - vmov @ACC[0],@ACC[1] - vmlal.u32 @ACC[6],$Ni,${N3}[0] - vmov @ACC[1],@ACC[2] - vmlal.u32 @ACC[7],$Ni,${N3}[1] - vmov @ACC[2],@ACC[3] - vmov @ACC[3],@ACC[4] - vshr.u64 $temp,$temp,#16 - vmov @ACC[4],@ACC[5] - vmov @ACC[5],@ACC[6] - vadd.u64 $temp,$temp,$Temp#hi - vmov @ACC[6],@ACC[7] - veor @ACC[7],@ACC[7] - vshr.u64 $temp,$temp,#16 - - b .LNEON_outer8 - -.align 4 -.LNEON_outer8: - vld1.32 {${Bi}[0]}, [$bptr,:32]! - veor $zero,$zero,$zero - vzip.16 $Bi,$zero - vadd.u64 @ACC[0]#lo,@ACC[0]#lo,$temp - - vmlal.u32 @ACC[0],$Bi,${A0}[0] - vmlal.u32 @ACC[1],$Bi,${A0}[1] - vmlal.u32 @ACC[2],$Bi,${A1}[0] - vshl.i64 $Ni,@ACC[0]#hi,#16 - vmlal.u32 @ACC[3],$Bi,${A1}[1] - - vadd.u64 $Ni,$Ni,@ACC[0]#lo - veor $zero,$zero,$zero - subs $outer,$outer,#1 - vmul.u32 $Ni,$Ni,$M0 - - vmlal.u32 @ACC[4],$Bi,${A2}[0] - vmlal.u32 @ACC[5],$Bi,${A2}[1] - vmlal.u32 @ACC[6],$Bi,${A3}[0] - vzip.16 $Ni,$zero - vmlal.u32 @ACC[7],$Bi,${A3}[1] - - vmlal.u32 @ACC[0],$Ni,${N0}[0] - vmlal.u32 @ACC[1],$Ni,${N0}[1] - vmlal.u32 @ACC[2],$Ni,${N1}[0] - vmlal.u32 @ACC[3],$Ni,${N1}[1] - - vmlal.u32 @ACC[4],$Ni,${N2}[0] - vmov $Temp,@ACC[0] - vmlal.u32 @ACC[5],$Ni,${N2}[1] - vmov @ACC[0],@ACC[1] - vmlal.u32 @ACC[6],$Ni,${N3}[0] - vmov @ACC[1],@ACC[2] - vmlal.u32 @ACC[7],$Ni,${N3}[1] - vmov @ACC[2],@ACC[3] - vmov @ACC[3],@ACC[4] - vshr.u64 $temp,$temp,#16 - vmov @ACC[4],@ACC[5] - vmov @ACC[5],@ACC[6] - vadd.u64 $temp,$temp,$Temp#hi - vmov @ACC[6],@ACC[7] - veor @ACC[7],@ACC[7] - vshr.u64 $temp,$temp,#16 - - bne .LNEON_outer8 - - vadd.u64 @ACC[0]#lo,@ACC[0]#lo,$temp - mov $toutptr,sp - vshr.u64 $temp,@ACC[0]#lo,#16 - mov $inner,$num - vadd.u64 @ACC[0]#hi,@ACC[0]#hi,$temp - add $tinptr,sp,#96 - vshr.u64 $temp,@ACC[0]#hi,#16 - vzip.16 @ACC[0]#lo,@ACC[0]#hi - - b .LNEON_tail_entry - -.align 4 -.LNEON_8n: - veor @ACC[0],@ACC[0],@ACC[0] - sub $toutptr,sp,#128 - veor @ACC[1],@ACC[1],@ACC[1] - sub $toutptr,$toutptr,$num,lsl#4 - veor @ACC[2],@ACC[2],@ACC[2] - and $toutptr,$toutptr,#-64 - veor @ACC[3],@ACC[3],@ACC[3] - mov sp,$toutptr @ alloca - veor @ACC[4],@ACC[4],@ACC[4] - add $toutptr,$toutptr,#256 - veor @ACC[5],@ACC[5],@ACC[5] - sub $inner,$num,#8 - veor @ACC[6],@ACC[6],@ACC[6] - veor @ACC[7],@ACC[7],@ACC[7] - -.LNEON_8n_init: - vst1.64 {@ACC[0]-@ACC[1]},[$toutptr,:256]! - subs $inner,$inner,#8 - vst1.64 {@ACC[2]-@ACC[3]},[$toutptr,:256]! - vst1.64 {@ACC[4]-@ACC[5]},[$toutptr,:256]! - vst1.64 {@ACC[6]-@ACC[7]},[$toutptr,:256]! - bne .LNEON_8n_init - - add $tinptr,sp,#256 - vld1.32 {$A0-$A3},[$aptr]! - add $bnptr,sp,#8 - vld1.32 {${M0}[0]},[$n0,:32] - mov $outer,$num - b .LNEON_8n_outer - -.align 4 -.LNEON_8n_outer: - vld1.32 {${Bi}[0]},[$bptr,:32]! @ *b++ - veor $zero,$zero,$zero - vzip.16 $Bi,$zero - add $toutptr,sp,#128 - vld1.32 {$N0-$N3},[$nptr]! - - vmlal.u32 @ACC[0],$Bi,${A0}[0] - vmlal.u32 @ACC[1],$Bi,${A0}[1] - veor $zero,$zero,$zero - vmlal.u32 @ACC[2],$Bi,${A1}[0] - vshl.i64 $Ni,@ACC[0]#hi,#16 - vmlal.u32 @ACC[3],$Bi,${A1}[1] - vadd.u64 $Ni,$Ni,@ACC[0]#lo - vmlal.u32 @ACC[4],$Bi,${A2}[0] - vmul.u32 $Ni,$Ni,$M0 - vmlal.u32 @ACC[5],$Bi,${A2}[1] - vst1.32 {$Bi},[sp,:64] @ put aside smashed b[8*i+0] - vmlal.u32 @ACC[6],$Bi,${A3}[0] - vzip.16 $Ni,$zero - vmlal.u32 @ACC[7],$Bi,${A3}[1] -___ -for ($i=0; $i<7;) { -$code.=<<___; - vld1.32 {${Bi}[0]},[$bptr,:32]! @ *b++ - vmlal.u32 @ACC[0],$Ni,${N0}[0] - veor $temp,$temp,$temp - vmlal.u32 @ACC[1],$Ni,${N0}[1] - vzip.16 $Bi,$temp - vmlal.u32 @ACC[2],$Ni,${N1}[0] - vshr.u64 @ACC[0]#lo,@ACC[0]#lo,#16 - vmlal.u32 @ACC[3],$Ni,${N1}[1] - vmlal.u32 @ACC[4],$Ni,${N2}[0] - vadd.u64 @ACC[0]#lo,@ACC[0]#lo,@ACC[0]#hi - vmlal.u32 @ACC[5],$Ni,${N2}[1] - vshr.u64 @ACC[0]#lo,@ACC[0]#lo,#16 - vmlal.u32 @ACC[6],$Ni,${N3}[0] - vmlal.u32 @ACC[7],$Ni,${N3}[1] - vadd.u64 @ACC[1]#lo,@ACC[1]#lo,@ACC[0]#lo - vst1.32 {$Ni},[$bnptr,:64]! @ put aside smashed m[8*i+$i] -___ - push(@ACC,shift(@ACC)); $i++; -$code.=<<___; - vmlal.u32 @ACC[0],$Bi,${A0}[0] - vld1.64 {@ACC[7]},[$tinptr,:128]! - vmlal.u32 @ACC[1],$Bi,${A0}[1] - veor $zero,$zero,$zero - vmlal.u32 @ACC[2],$Bi,${A1}[0] - vshl.i64 $Ni,@ACC[0]#hi,#16 - vmlal.u32 @ACC[3],$Bi,${A1}[1] - vadd.u64 $Ni,$Ni,@ACC[0]#lo - vmlal.u32 @ACC[4],$Bi,${A2}[0] - vmul.u32 $Ni,$Ni,$M0 - vmlal.u32 @ACC[5],$Bi,${A2}[1] - vst1.32 {$Bi},[$bnptr,:64]! @ put aside smashed b[8*i+$i] - vmlal.u32 @ACC[6],$Bi,${A3}[0] - vzip.16 $Ni,$zero - vmlal.u32 @ACC[7],$Bi,${A3}[1] -___ -} -$code.=<<___; - vld1.32 {$Bi},[sp,:64] @ pull smashed b[8*i+0] - vmlal.u32 @ACC[0],$Ni,${N0}[0] - vld1.32 {$A0-$A3},[$aptr]! - vmlal.u32 @ACC[1],$Ni,${N0}[1] - vmlal.u32 @ACC[2],$Ni,${N1}[0] - vshr.u64 @ACC[0]#lo,@ACC[0]#lo,#16 - vmlal.u32 @ACC[3],$Ni,${N1}[1] - vmlal.u32 @ACC[4],$Ni,${N2}[0] - vadd.u64 @ACC[0]#lo,@ACC[0]#lo,@ACC[0]#hi - vmlal.u32 @ACC[5],$Ni,${N2}[1] - vshr.u64 @ACC[0]#lo,@ACC[0]#lo,#16 - vmlal.u32 @ACC[6],$Ni,${N3}[0] - vmlal.u32 @ACC[7],$Ni,${N3}[1] - vadd.u64 @ACC[1]#lo,@ACC[1]#lo,@ACC[0]#lo - vst1.32 {$Ni},[$bnptr,:64] @ put aside smashed m[8*i+$i] - add $bnptr,sp,#8 @ rewind -___ - push(@ACC,shift(@ACC)); -$code.=<<___; - sub $inner,$num,#8 - b .LNEON_8n_inner - -.align 4 -.LNEON_8n_inner: - subs $inner,$inner,#8 - vmlal.u32 @ACC[0],$Bi,${A0}[0] - vld1.64 {@ACC[7]},[$tinptr,:128] - vmlal.u32 @ACC[1],$Bi,${A0}[1] - vld1.32 {$Ni},[$bnptr,:64]! @ pull smashed m[8*i+0] - vmlal.u32 @ACC[2],$Bi,${A1}[0] - vld1.32 {$N0-$N3},[$nptr]! - vmlal.u32 @ACC[3],$Bi,${A1}[1] - it ne - addne $tinptr,$tinptr,#16 @ don't advance in last iteration - vmlal.u32 @ACC[4],$Bi,${A2}[0] - vmlal.u32 @ACC[5],$Bi,${A2}[1] - vmlal.u32 @ACC[6],$Bi,${A3}[0] - vmlal.u32 @ACC[7],$Bi,${A3}[1] -___ -for ($i=1; $i<8; $i++) { -$code.=<<___; - vld1.32 {$Bi},[$bnptr,:64]! @ pull smashed b[8*i+$i] - vmlal.u32 @ACC[0],$Ni,${N0}[0] - vmlal.u32 @ACC[1],$Ni,${N0}[1] - vmlal.u32 @ACC[2],$Ni,${N1}[0] - vmlal.u32 @ACC[3],$Ni,${N1}[1] - vmlal.u32 @ACC[4],$Ni,${N2}[0] - vmlal.u32 @ACC[5],$Ni,${N2}[1] - vmlal.u32 @ACC[6],$Ni,${N3}[0] - vmlal.u32 @ACC[7],$Ni,${N3}[1] - vst1.64 {@ACC[0]},[$toutptr,:128]! -___ - push(@ACC,shift(@ACC)); -$code.=<<___; - vmlal.u32 @ACC[0],$Bi,${A0}[0] - vld1.64 {@ACC[7]},[$tinptr,:128] - vmlal.u32 @ACC[1],$Bi,${A0}[1] - vld1.32 {$Ni},[$bnptr,:64]! @ pull smashed m[8*i+$i] - vmlal.u32 @ACC[2],$Bi,${A1}[0] - it ne - addne $tinptr,$tinptr,#16 @ don't advance in last iteration - vmlal.u32 @ACC[3],$Bi,${A1}[1] - vmlal.u32 @ACC[4],$Bi,${A2}[0] - vmlal.u32 @ACC[5],$Bi,${A2}[1] - vmlal.u32 @ACC[6],$Bi,${A3}[0] - vmlal.u32 @ACC[7],$Bi,${A3}[1] -___ -} -$code.=<<___; - it eq - subeq $aptr,$aptr,$num,lsl#2 @ rewind - vmlal.u32 @ACC[0],$Ni,${N0}[0] - vld1.32 {$Bi},[sp,:64] @ pull smashed b[8*i+0] - vmlal.u32 @ACC[1],$Ni,${N0}[1] - vld1.32 {$A0-$A3},[$aptr]! - vmlal.u32 @ACC[2],$Ni,${N1}[0] - add $bnptr,sp,#8 @ rewind - vmlal.u32 @ACC[3],$Ni,${N1}[1] - vmlal.u32 @ACC[4],$Ni,${N2}[0] - vmlal.u32 @ACC[5],$Ni,${N2}[1] - vmlal.u32 @ACC[6],$Ni,${N3}[0] - vst1.64 {@ACC[0]},[$toutptr,:128]! - vmlal.u32 @ACC[7],$Ni,${N3}[1] - - bne .LNEON_8n_inner -___ - push(@ACC,shift(@ACC)); -$code.=<<___; - add $tinptr,sp,#128 - vst1.64 {@ACC[0]-@ACC[1]},[$toutptr,:256]! - veor q2,q2,q2 @ $N0-$N1 - vst1.64 {@ACC[2]-@ACC[3]},[$toutptr,:256]! - veor q3,q3,q3 @ $N2-$N3 - vst1.64 {@ACC[4]-@ACC[5]},[$toutptr,:256]! - vst1.64 {@ACC[6]},[$toutptr,:128] - - subs $outer,$outer,#8 - vld1.64 {@ACC[0]-@ACC[1]},[$tinptr,:256]! - vld1.64 {@ACC[2]-@ACC[3]},[$tinptr,:256]! - vld1.64 {@ACC[4]-@ACC[5]},[$tinptr,:256]! - vld1.64 {@ACC[6]-@ACC[7]},[$tinptr,:256]! - - itt ne - subne $nptr,$nptr,$num,lsl#2 @ rewind - bne .LNEON_8n_outer - - add $toutptr,sp,#128 - vst1.64 {q2-q3}, [sp,:256]! @ start wiping stack frame - vshr.u64 $temp,@ACC[0]#lo,#16 - vst1.64 {q2-q3},[sp,:256]! - vadd.u64 @ACC[0]#hi,@ACC[0]#hi,$temp - vst1.64 {q2-q3}, [sp,:256]! - vshr.u64 $temp,@ACC[0]#hi,#16 - vst1.64 {q2-q3}, [sp,:256]! - vzip.16 @ACC[0]#lo,@ACC[0]#hi - - mov $inner,$num - b .LNEON_tail_entry - -.align 4 -.LNEON_tail: - vadd.u64 @ACC[0]#lo,@ACC[0]#lo,$temp - vshr.u64 $temp,@ACC[0]#lo,#16 - vld1.64 {@ACC[2]-@ACC[3]}, [$tinptr, :256]! - vadd.u64 @ACC[0]#hi,@ACC[0]#hi,$temp - vld1.64 {@ACC[4]-@ACC[5]}, [$tinptr, :256]! - vshr.u64 $temp,@ACC[0]#hi,#16 - vld1.64 {@ACC[6]-@ACC[7]}, [$tinptr, :256]! - vzip.16 @ACC[0]#lo,@ACC[0]#hi - -.LNEON_tail_entry: -___ -for ($i=1; $i<8; $i++) { -$code.=<<___; - vadd.u64 @ACC[1]#lo,@ACC[1]#lo,$temp - vst1.32 {@ACC[0]#lo[0]}, [$toutptr, :32]! - vshr.u64 $temp,@ACC[1]#lo,#16 - vadd.u64 @ACC[1]#hi,@ACC[1]#hi,$temp - vshr.u64 $temp,@ACC[1]#hi,#16 - vzip.16 @ACC[1]#lo,@ACC[1]#hi -___ - push(@ACC,shift(@ACC)); -} - push(@ACC,shift(@ACC)); -$code.=<<___; - vld1.64 {@ACC[0]-@ACC[1]}, [$tinptr, :256]! - subs $inner,$inner,#8 - vst1.32 {@ACC[7]#lo[0]}, [$toutptr, :32]! - bne .LNEON_tail - - vst1.32 {${temp}[0]}, [$toutptr, :32] @ top-most bit - sub $nptr,$nptr,$num,lsl#2 @ rewind $nptr - subs $aptr,sp,#0 @ clear carry flag - add $bptr,sp,$num,lsl#2 - -.LNEON_sub: - ldmia $aptr!, {r4-r7} - ldmia $nptr!, {r8-r11} - sbcs r8, r4,r8 - sbcs r9, r5,r9 - sbcs r10,r6,r10 - sbcs r11,r7,r11 - teq $aptr,$bptr @ preserves carry - stmia $rptr!, {r8-r11} - bne .LNEON_sub - - ldr r10, [$aptr] @ load top-most bit - mov r11,sp - veor q0,q0,q0 - sub r11,$bptr,r11 @ this is num*4 - veor q1,q1,q1 - mov $aptr,sp - sub $rptr,$rptr,r11 @ rewind $rptr - mov $nptr,$bptr @ second 3/4th of frame - sbcs r10,r10,#0 @ result is carry flag - -.LNEON_copy_n_zap: - ldmia $aptr!, {r4-r7} - ldmia $rptr, {r8-r11} - it cc - movcc r8, r4 - vst1.64 {q0-q1}, [$nptr,:256]! @ wipe - itt cc - movcc r9, r5 - movcc r10,r6 - vst1.64 {q0-q1}, [$nptr,:256]! @ wipe - it cc - movcc r11,r7 - ldmia $aptr, {r4-r7} - stmia $rptr!, {r8-r11} - sub $aptr,$aptr,#16 - ldmia $rptr, {r8-r11} - it cc - movcc r8, r4 - vst1.64 {q0-q1}, [$aptr,:256]! @ wipe - itt cc - movcc r9, r5 - movcc r10,r6 - vst1.64 {q0-q1}, [$nptr,:256]! @ wipe - it cc - movcc r11,r7 - teq $aptr,$bptr @ preserves carry - stmia $rptr!, {r8-r11} - bne .LNEON_copy_n_zap - - mov sp,ip - vldmia sp!,{d8-d15} - ldmia sp!,{r4-r11} - ret @ bx lr -.size bn_mul8x_mont_neon,.-bn_mul8x_mont_neon -#endif -___ -} -$code.=<<___; -.asciz "Montgomery multiplication for ARMv4/NEON, CRYPTOGAMS by " -.align 2 -#if __ARM_MAX_ARCH__>=7 -.comm OPENSSL_armcap_P,4,4 -#endif -___ - -foreach (split("\n",$code)) { - s/\`([^\`]*)\`/eval $1/ge; - - s/\bq([0-9]+)#(lo|hi)/sprintf "d%d",2*$1+($2 eq "hi")/ge or - s/\bret\b/bx lr/g or - s/\bbx\s+lr\b/.word\t0xe12fff1e/g; # make it possible to compile with -march=armv4 - - print $_,"\n"; -} - -close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/bn/asm/armv8-mont.pl b/crypto/bn/asm/armv8-mont.pl deleted file mode 100755 index 54d2e8245f15a803d2b2f634f03d16a2e9ef50ff..0000000000000000000000000000000000000000 --- a/crypto/bn/asm/armv8-mont.pl +++ /dev/null @@ -1,1898 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - - -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# ==================================================================== - -# March 2015 -# -# "Teaser" Montgomery multiplication module for ARMv8. Needs more -# work. While it does improve RSA sign performance by 20-30% (less for -# longer keys) on most processors, for some reason RSA2048 is not -# faster and RSA4096 goes 15-20% slower on Cortex-A57. Multiplication -# instruction issue rate is limited on processor in question, meaning -# that dedicated squaring procedure is a must. Well, actually all -# contemporary AArch64 processors seem to have limited multiplication -# issue rate, i.e. they can't issue multiplication every cycle, which -# explains moderate improvement coefficients in comparison to -# compiler-generated code. Recall that compiler is instructed to use -# umulh and therefore uses same amount of multiplication instructions -# to do the job. Assembly's edge is to minimize number of "collateral" -# instructions and of course instruction scheduling. -# -# April 2015 -# -# Squaring procedure that handles lengths divisible by 8 improves -# RSA/DSA performance by 25-40-60% depending on processor and key -# length. Overall improvement coefficients are always positive in -# comparison to compiler-generated code. On Cortex-A57 improvement -# is still modest on longest key lengths, while others exhibit e.g. -# 50-70% improvement for RSA4096 sign. RSA2048 sign is ~25% faster -# on Cortex-A57 and ~60-100% faster on others. - -# $output is the last argument if it looks like a file (it has an extension) -# $flavour is the first argument if it doesn't look like a file -my $output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; -my $flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef; - -$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; -( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or -( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or -die "can't locate arm-xlate.pl"; - -open OUT,"| \"$^X\" $xlate $flavour \"$output\"" - or die "can't call $xlate: $1"; -*STDOUT=*OUT; - -($lo0,$hi0,$aj,$m0,$alo,$ahi, - $lo1,$hi1,$nj,$m1,$nlo,$nhi, - $ovf, $i,$j,$tp,$tj) = map("x$_",6..17,19..24); - -# int bn_mul_mont( -$rp="x0"; # BN_ULONG *rp, -$ap="x1"; # const BN_ULONG *ap, -$bp="x2"; # const BN_ULONG *bp, -$np="x3"; # const BN_ULONG *np, -$n0="x4"; # const BN_ULONG *n0, -$num="x5"; # int num); - -$code.=<<___; -#ifndef __KERNEL__ -# include "arm_arch.h" -.extern OPENSSL_armv8_rsa_neonized -.hidden OPENSSL_armv8_rsa_neonized -#endif -.text - -.globl bn_mul_mont -.type bn_mul_mont,%function -.align 5 -bn_mul_mont: -.Lbn_mul_mont: - tst $num,#3 - b.ne .Lmul_mont - cmp $num,#32 - b.le .Lscalar_impl -#ifndef __KERNEL__ - adrp x17,OPENSSL_armv8_rsa_neonized - ldr w17,[x17,#:lo12:OPENSSL_armv8_rsa_neonized] - cbnz w17, bn_mul8x_mont_neon -#endif - -.Lscalar_impl: - tst $num,#7 - b.eq __bn_sqr8x_mont - tst $num,#3 - b.eq __bn_mul4x_mont - -.Lmul_mont: - stp x29,x30,[sp,#-64]! - add x29,sp,#0 - stp x19,x20,[sp,#16] - stp x21,x22,[sp,#32] - stp x23,x24,[sp,#48] - - ldr $m0,[$bp],#8 // bp[0] - sub $tp,sp,$num,lsl#3 - ldp $hi0,$aj,[$ap],#16 // ap[0..1] - lsl $num,$num,#3 - ldr $n0,[$n0] // *n0 - and $tp,$tp,#-16 // ABI says so - ldp $hi1,$nj,[$np],#16 // np[0..1] - - mul $lo0,$hi0,$m0 // ap[0]*bp[0] - sub $j,$num,#16 // j=num-2 - umulh $hi0,$hi0,$m0 - mul $alo,$aj,$m0 // ap[1]*bp[0] - umulh $ahi,$aj,$m0 - - mul $m1,$lo0,$n0 // "tp[0]"*n0 - mov sp,$tp // alloca - - // (*) mul $lo1,$hi1,$m1 // np[0]*m1 - umulh $hi1,$hi1,$m1 - mul $nlo,$nj,$m1 // np[1]*m1 - // (*) adds $lo1,$lo1,$lo0 // discarded - // (*) As for removal of first multiplication and addition - // instructions. The outcome of first addition is - // guaranteed to be zero, which leaves two computationally - // significant outcomes: it either carries or not. Then - // question is when does it carry? Is there alternative - // way to deduce it? If you follow operations, you can - // observe that condition for carry is quite simple: - // $lo0 being non-zero. So that carry can be calculated - // by adding -1 to $lo0. That's what next instruction does. - subs xzr,$lo0,#1 // (*) - umulh $nhi,$nj,$m1 - adc $hi1,$hi1,xzr - cbz $j,.L1st_skip - -.L1st: - ldr $aj,[$ap],#8 - adds $lo0,$alo,$hi0 - sub $j,$j,#8 // j-- - adc $hi0,$ahi,xzr - - ldr $nj,[$np],#8 - adds $lo1,$nlo,$hi1 - mul $alo,$aj,$m0 // ap[j]*bp[0] - adc $hi1,$nhi,xzr - umulh $ahi,$aj,$m0 - - adds $lo1,$lo1,$lo0 - mul $nlo,$nj,$m1 // np[j]*m1 - adc $hi1,$hi1,xzr - umulh $nhi,$nj,$m1 - str $lo1,[$tp],#8 // tp[j-1] - cbnz $j,.L1st - -.L1st_skip: - adds $lo0,$alo,$hi0 - sub $ap,$ap,$num // rewind $ap - adc $hi0,$ahi,xzr - - adds $lo1,$nlo,$hi1 - sub $np,$np,$num // rewind $np - adc $hi1,$nhi,xzr - - adds $lo1,$lo1,$lo0 - sub $i,$num,#8 // i=num-1 - adcs $hi1,$hi1,$hi0 - - adc $ovf,xzr,xzr // upmost overflow bit - stp $lo1,$hi1,[$tp] - -.Louter: - ldr $m0,[$bp],#8 // bp[i] - ldp $hi0,$aj,[$ap],#16 - ldr $tj,[sp] // tp[0] - add $tp,sp,#8 - - mul $lo0,$hi0,$m0 // ap[0]*bp[i] - sub $j,$num,#16 // j=num-2 - umulh $hi0,$hi0,$m0 - ldp $hi1,$nj,[$np],#16 - mul $alo,$aj,$m0 // ap[1]*bp[i] - adds $lo0,$lo0,$tj - umulh $ahi,$aj,$m0 - adc $hi0,$hi0,xzr - - mul $m1,$lo0,$n0 - sub $i,$i,#8 // i-- - - // (*) mul $lo1,$hi1,$m1 // np[0]*m1 - umulh $hi1,$hi1,$m1 - mul $nlo,$nj,$m1 // np[1]*m1 - // (*) adds $lo1,$lo1,$lo0 - subs xzr,$lo0,#1 // (*) - umulh $nhi,$nj,$m1 - cbz $j,.Linner_skip - -.Linner: - ldr $aj,[$ap],#8 - adc $hi1,$hi1,xzr - ldr $tj,[$tp],#8 // tp[j] - adds $lo0,$alo,$hi0 - sub $j,$j,#8 // j-- - adc $hi0,$ahi,xzr - - adds $lo1,$nlo,$hi1 - ldr $nj,[$np],#8 - adc $hi1,$nhi,xzr - - mul $alo,$aj,$m0 // ap[j]*bp[i] - adds $lo0,$lo0,$tj - umulh $ahi,$aj,$m0 - adc $hi0,$hi0,xzr - - mul $nlo,$nj,$m1 // np[j]*m1 - adds $lo1,$lo1,$lo0 - umulh $nhi,$nj,$m1 - stur $lo1,[$tp,#-16] // tp[j-1] - cbnz $j,.Linner - -.Linner_skip: - ldr $tj,[$tp],#8 // tp[j] - adc $hi1,$hi1,xzr - adds $lo0,$alo,$hi0 - sub $ap,$ap,$num // rewind $ap - adc $hi0,$ahi,xzr - - adds $lo1,$nlo,$hi1 - sub $np,$np,$num // rewind $np - adcs $hi1,$nhi,$ovf - adc $ovf,xzr,xzr - - adds $lo0,$lo0,$tj - adc $hi0,$hi0,xzr - - adds $lo1,$lo1,$lo0 - adcs $hi1,$hi1,$hi0 - adc $ovf,$ovf,xzr // upmost overflow bit - stp $lo1,$hi1,[$tp,#-16] - - cbnz $i,.Louter - - // Final step. We see if result is larger than modulus, and - // if it is, subtract the modulus. But comparison implies - // subtraction. So we subtract modulus, see if it borrowed, - // and conditionally copy original value. - ldr $tj,[sp] // tp[0] - add $tp,sp,#8 - ldr $nj,[$np],#8 // np[0] - subs $j,$num,#8 // j=num-1 and clear borrow - mov $ap,$rp -.Lsub: - sbcs $aj,$tj,$nj // tp[j]-np[j] - ldr $tj,[$tp],#8 - sub $j,$j,#8 // j-- - ldr $nj,[$np],#8 - str $aj,[$ap],#8 // rp[j]=tp[j]-np[j] - cbnz $j,.Lsub - - sbcs $aj,$tj,$nj - sbcs $ovf,$ovf,xzr // did it borrow? - str $aj,[$ap],#8 // rp[num-1] - - ldr $tj,[sp] // tp[0] - add $tp,sp,#8 - ldr $aj,[$rp],#8 // rp[0] - sub $num,$num,#8 // num-- - nop -.Lcond_copy: - sub $num,$num,#8 // num-- - csel $nj,$tj,$aj,lo // did it borrow? - ldr $tj,[$tp],#8 - ldr $aj,[$rp],#8 - stur xzr,[$tp,#-16] // wipe tp - stur $nj,[$rp,#-16] - cbnz $num,.Lcond_copy - - csel $nj,$tj,$aj,lo - stur xzr,[$tp,#-8] // wipe tp - stur $nj,[$rp,#-8] - - ldp x19,x20,[x29,#16] - mov sp,x29 - ldp x21,x22,[x29,#32] - mov x0,#1 - ldp x23,x24,[x29,#48] - ldr x29,[sp],#64 - ret -.size bn_mul_mont,.-bn_mul_mont -___ -{ -my ($A0,$A1,$N0,$N1)=map("v$_",(0..3)); -my ($Z,$Temp)=("v4.16b","v5"); -my @ACC=map("v$_",(6..13)); -my ($Bi,$Ni,$M0)=map("v$_",(28..30)); -my $sBi="s28"; -my $sM0="s30"; -my $zero="v14"; -my $temp="v15"; -my $ACCTemp="v16"; - -my ($rptr,$aptr,$bptr,$nptr,$n0,$num)=map("x$_",(0..5)); -my ($tinptr,$toutptr,$inner,$outer,$bnptr)=map("x$_",(6..11)); - -$code.=<<___; -.type bn_mul8x_mont_neon,%function -.align 5 -bn_mul8x_mont_neon: - stp x29,x30,[sp,#-80]! - mov x16,sp - stp d8,d9,[sp,#16] - stp d10,d11,[sp,#32] - stp d12,d13,[sp,#48] - stp d14,d15,[sp,#64] - lsl $num,$num,#1 - eor $zero.16b,$zero.16b,$zero.16b - -.align 4 -.LNEON_8n: - eor @ACC[0].16b,@ACC[0].16b,@ACC[0].16b - sub $toutptr,sp,#128 - eor @ACC[1].16b,@ACC[1].16b,@ACC[1].16b - sub $toutptr,$toutptr,$num,lsl#4 - eor @ACC[2].16b,@ACC[2].16b,@ACC[2].16b - and $toutptr,$toutptr,#-64 - eor @ACC[3].16b,@ACC[3].16b,@ACC[3].16b - mov sp,$toutptr // alloca - eor @ACC[4].16b,@ACC[4].16b,@ACC[4].16b - add $toutptr,$toutptr,#256 - eor @ACC[5].16b,@ACC[5].16b,@ACC[5].16b - sub $inner,$num,#8 - eor @ACC[6].16b,@ACC[6].16b,@ACC[6].16b - eor @ACC[7].16b,@ACC[7].16b,@ACC[7].16b - -.LNEON_8n_init: - st1 {@ACC[0].2d,@ACC[1].2d},[$toutptr],#32 - subs $inner,$inner,#8 - st1 {@ACC[2].2d,@ACC[3].2d},[$toutptr],#32 - st1 {@ACC[4].2d,@ACC[5].2d},[$toutptr],#32 - st1 {@ACC[6].2d,@ACC[7].2d},[$toutptr],#32 - bne .LNEON_8n_init - - add $tinptr,sp,#256 - ld1 {$A0.4s,$A1.4s},[$aptr],#32 - add $bnptr,sp,#8 - ldr $sM0,[$n0],#4 - mov $outer,$num - b .LNEON_8n_outer - -.align 4 -.LNEON_8n_outer: - ldr $sBi,[$bptr],#4 // *b++ - uxtl $Bi.4s,$Bi.4h - add $toutptr,sp,#128 - ld1 {$N0.4s,$N1.4s},[$nptr],#32 - - umlal @ACC[0].2d,$Bi.2s,$A0.s[0] - umlal @ACC[1].2d,$Bi.2s,$A0.s[1] - umlal @ACC[2].2d,$Bi.2s,$A0.s[2] - shl $Ni.2d,@ACC[0].2d,#16 - ext $Ni.16b,$Ni.16b,$Ni.16b,#8 - umlal @ACC[3].2d,$Bi.2s,$A0.s[3] - add $Ni.2d,$Ni.2d,@ACC[0].2d - umlal @ACC[4].2d,$Bi.2s,$A1.s[0] - mul $Ni.2s,$Ni.2s,$M0.2s - umlal @ACC[5].2d,$Bi.2s,$A1.s[1] - st1 {$Bi.2s},[sp] // put aside smashed b[8*i+0] - umlal @ACC[6].2d,$Bi.2s,$A1.s[2] - uxtl $Ni.4s,$Ni.4h - umlal @ACC[7].2d,$Bi.2s,$A1.s[3] -___ -for ($i=0; $i<7;) { -$code.=<<___; - ldr $sBi,[$bptr],#4 // *b++ - umlal @ACC[0].2d,$Ni.2s,$N0.s[0] - umlal @ACC[1].2d,$Ni.2s,$N0.s[1] - uxtl $Bi.4s,$Bi.4h - umlal @ACC[2].2d,$Ni.2s,$N0.s[2] - ushr $temp.2d,@ACC[0].2d,#16 - umlal @ACC[3].2d,$Ni.2s,$N0.s[3] - umlal @ACC[4].2d,$Ni.2s,$N1.s[0] - ext @ACC[0].16b,@ACC[0].16b,@ACC[0].16b,#8 - add @ACC[0].2d,@ACC[0].2d,$temp.2d - umlal @ACC[5].2d,$Ni.2s,$N1.s[1] - ushr @ACC[0].2d,@ACC[0].2d,#16 - umlal @ACC[6].2d,$Ni.2s,$N1.s[2] - umlal @ACC[7].2d,$Ni.2s,$N1.s[3] - add $ACCTemp.2d,@ACC[1].2d,@ACC[0].2d - ins @ACC[1].d[0],$ACCTemp.d[0] - st1 {$Ni.2s},[$bnptr],#8 // put aside smashed m[8*i+$i] -___ - push(@ACC,shift(@ACC)); $i++; -$code.=<<___; - umlal @ACC[0].2d,$Bi.2s,$A0.s[0] - ld1 {@ACC[7].2d},[$tinptr],#16 - umlal @ACC[1].2d,$Bi.2s,$A0.s[1] - umlal @ACC[2].2d,$Bi.2s,$A0.s[2] - shl $Ni.2d,@ACC[0].2d,#16 - ext $Ni.16b,$Ni.16b,$Ni.16b,#8 - umlal @ACC[3].2d,$Bi.2s,$A0.s[3] - add $Ni.2d,$Ni.2d,@ACC[0].2d - umlal @ACC[4].2d,$Bi.2s,$A1.s[0] - mul $Ni.2s,$Ni.2s,$M0.2s - umlal @ACC[5].2d,$Bi.2s,$A1.s[1] - st1 {$Bi.2s},[$bnptr],#8 // put aside smashed b[8*i+$i] - umlal @ACC[6].2d,$Bi.2s,$A1.s[2] - uxtl $Ni.4s,$Ni.4h - umlal @ACC[7].2d,$Bi.2s,$A1.s[3] -___ -} -$code.=<<___; - ld1 {$Bi.2s},[sp] // pull smashed b[8*i+0] - umlal @ACC[0].2d,$Ni.2s,$N0.s[0] - ld1 {$A0.4s,$A1.4s},[$aptr],#32 - umlal @ACC[1].2d,$Ni.2s,$N0.s[1] - umlal @ACC[2].2d,$Ni.2s,$N0.s[2] - mov $Temp.16b,@ACC[0].16b - ushr $Temp.2d,$Temp.2d,#16 - ext @ACC[0].16b,@ACC[0].16b,@ACC[0].16b,#8 - umlal @ACC[3].2d,$Ni.2s,$N0.s[3] - umlal @ACC[4].2d,$Ni.2s,$N1.s[0] - add @ACC[0].2d,@ACC[0].2d,$Temp.2d - umlal @ACC[5].2d,$Ni.2s,$N1.s[1] - ushr @ACC[0].2d,@ACC[0].2d,#16 - eor $temp.16b,$temp.16b,$temp.16b - ins @ACC[0].d[1],$temp.d[0] - umlal @ACC[6].2d,$Ni.2s,$N1.s[2] - umlal @ACC[7].2d,$Ni.2s,$N1.s[3] - add @ACC[1].2d,@ACC[1].2d,@ACC[0].2d - st1 {$Ni.2s},[$bnptr],#8 // put aside smashed m[8*i+$i] - add $bnptr,sp,#8 // rewind -___ - push(@ACC,shift(@ACC)); -$code.=<<___; - sub $inner,$num,#8 - b .LNEON_8n_inner - -.align 4 -.LNEON_8n_inner: - subs $inner,$inner,#8 - umlal @ACC[0].2d,$Bi.2s,$A0.s[0] - ld1 {@ACC[7].2d},[$tinptr] - umlal @ACC[1].2d,$Bi.2s,$A0.s[1] - ld1 {$Ni.2s},[$bnptr],#8 // pull smashed m[8*i+0] - umlal @ACC[2].2d,$Bi.2s,$A0.s[2] - ld1 {$N0.4s,$N1.4s},[$nptr],#32 - umlal @ACC[3].2d,$Bi.2s,$A0.s[3] - b.eq .LInner_jump - add $tinptr,$tinptr,#16 // don't advance in last iteration -.LInner_jump: - umlal @ACC[4].2d,$Bi.2s,$A1.s[0] - umlal @ACC[5].2d,$Bi.2s,$A1.s[1] - umlal @ACC[6].2d,$Bi.2s,$A1.s[2] - umlal @ACC[7].2d,$Bi.2s,$A1.s[3] -___ -for ($i=1; $i<8; $i++) { -$code.=<<___; - ld1 {$Bi.2s},[$bnptr],#8 // pull smashed b[8*i+$i] - umlal @ACC[0].2d,$Ni.2s,$N0.s[0] - umlal @ACC[1].2d,$Ni.2s,$N0.s[1] - umlal @ACC[2].2d,$Ni.2s,$N0.s[2] - umlal @ACC[3].2d,$Ni.2s,$N0.s[3] - umlal @ACC[4].2d,$Ni.2s,$N1.s[0] - umlal @ACC[5].2d,$Ni.2s,$N1.s[1] - umlal @ACC[6].2d,$Ni.2s,$N1.s[2] - umlal @ACC[7].2d,$Ni.2s,$N1.s[3] - st1 {@ACC[0].2d},[$toutptr],#16 -___ - push(@ACC,shift(@ACC)); -$code.=<<___; - umlal @ACC[0].2d,$Bi.2s,$A0.s[0] - ld1 {@ACC[7].2d},[$tinptr] - umlal @ACC[1].2d,$Bi.2s,$A0.s[1] - ld1 {$Ni.2s},[$bnptr],#8 // pull smashed m[8*i+$i] - umlal @ACC[2].2d,$Bi.2s,$A0.s[2] - b.eq .LInner_jump$i - add $tinptr,$tinptr,#16 // don't advance in last iteration -.LInner_jump$i: - umlal @ACC[3].2d,$Bi.2s,$A0.s[3] - umlal @ACC[4].2d,$Bi.2s,$A1.s[0] - umlal @ACC[5].2d,$Bi.2s,$A1.s[1] - umlal @ACC[6].2d,$Bi.2s,$A1.s[2] - umlal @ACC[7].2d,$Bi.2s,$A1.s[3] -___ -} -$code.=<<___; - b.ne .LInner_after_rewind$i - sub $aptr,$aptr,$num,lsl#2 // rewind -.LInner_after_rewind$i: - umlal @ACC[0].2d,$Ni.2s,$N0.s[0] - ld1 {$Bi.2s},[sp] // pull smashed b[8*i+0] - umlal @ACC[1].2d,$Ni.2s,$N0.s[1] - ld1 {$A0.4s,$A1.4s},[$aptr],#32 - umlal @ACC[2].2d,$Ni.2s,$N0.s[2] - add $bnptr,sp,#8 // rewind - umlal @ACC[3].2d,$Ni.2s,$N0.s[3] - umlal @ACC[4].2d,$Ni.2s,$N1.s[0] - umlal @ACC[5].2d,$Ni.2s,$N1.s[1] - umlal @ACC[6].2d,$Ni.2s,$N1.s[2] - st1 {@ACC[0].2d},[$toutptr],#16 - umlal @ACC[7].2d,$Ni.2s,$N1.s[3] - - bne .LNEON_8n_inner -___ - push(@ACC,shift(@ACC)); -$code.=<<___; - add $tinptr,sp,#128 - st1 {@ACC[0].2d,@ACC[1].2d},[$toutptr],#32 - eor $N0.16b,$N0.16b,$N0.16b // $N0 - st1 {@ACC[2].2d,@ACC[3].2d},[$toutptr],#32 - eor $N1.16b,$N1.16b,$N1.16b // $N1 - st1 {@ACC[4].2d,@ACC[5].2d},[$toutptr],#32 - st1 {@ACC[6].2d},[$toutptr] - - subs $outer,$outer,#8 - ld1 {@ACC[0].2d,@ACC[1].2d},[$tinptr],#32 - ld1 {@ACC[2].2d,@ACC[3].2d},[$tinptr],#32 - ld1 {@ACC[4].2d,@ACC[5].2d},[$tinptr],#32 - ld1 {@ACC[6].2d,@ACC[7].2d},[$tinptr],#32 - - b.eq .LInner_8n_jump_2steps - sub $nptr,$nptr,$num,lsl#2 // rewind - b .LNEON_8n_outer - -.LInner_8n_jump_2steps: - add $toutptr,sp,#128 - st1 {$N0.2d,$N1.2d}, [sp],#32 // start wiping stack frame - mov $Temp.16b,@ACC[0].16b - ushr $temp.2d,@ACC[0].2d,#16 - ext @ACC[0].16b,@ACC[0].16b,@ACC[0].16b,#8 - st1 {$N0.2d,$N1.2d}, [sp],#32 - add @ACC[0].2d,@ACC[0].2d,$temp.2d - st1 {$N0.2d,$N1.2d}, [sp],#32 - ushr $temp.2d,@ACC[0].2d,#16 - st1 {$N0.2d,$N1.2d}, [sp],#32 - zip1 @ACC[0].4h,$Temp.4h,@ACC[0].4h - ins $temp.d[1],$zero.d[0] - - mov $inner,$num - b .LNEON_tail_entry - -.align 4 -.LNEON_tail: - add @ACC[0].2d,@ACC[0].2d,$temp.2d - mov $Temp.16b,@ACC[0].16b - ushr $temp.2d,@ACC[0].2d,#16 - ext @ACC[0].16b,@ACC[0].16b,@ACC[0].16b,#8 - ld1 {@ACC[2].2d,@ACC[3].2d}, [$tinptr],#32 - add @ACC[0].2d,@ACC[0].2d,$temp.2d - ld1 {@ACC[4].2d,@ACC[5].2d}, [$tinptr],#32 - ushr $temp.2d,@ACC[0].2d,#16 - ld1 {@ACC[6].2d,@ACC[7].2d}, [$tinptr],#32 - zip1 @ACC[0].4h,$Temp.4h,@ACC[0].4h - ins $temp.d[1],$zero.d[0] - -.LNEON_tail_entry: -___ -for ($i=1; $i<8; $i++) { -$code.=<<___; - add @ACC[1].2d,@ACC[1].2d,$temp.2d - st1 {@ACC[0].s}[0], [$toutptr],#4 - ushr $temp.2d,@ACC[1].2d,#16 - mov $Temp.16b,@ACC[1].16b - ext @ACC[1].16b,@ACC[1].16b,@ACC[1].16b,#8 - add @ACC[1].2d,@ACC[1].2d,$temp.2d - ushr $temp.2d,@ACC[1].2d,#16 - zip1 @ACC[1].4h,$Temp.4h,@ACC[1].4h - ins $temp.d[1],$zero.d[0] -___ - push(@ACC,shift(@ACC)); -} - push(@ACC,shift(@ACC)); -$code.=<<___; - ld1 {@ACC[0].2d,@ACC[1].2d}, [$tinptr],#32 - subs $inner,$inner,#8 - st1 {@ACC[7].s}[0], [$toutptr],#4 - bne .LNEON_tail - - st1 {$temp.s}[0], [$toutptr],#4 // top-most bit - sub $nptr,$nptr,$num,lsl#2 // rewind $nptr - subs $aptr,sp,#0 // clear carry flag - add $bptr,sp,$num,lsl#2 - -.LNEON_sub: - ldp w4,w5,[$aptr],#8 - ldp w6,w7,[$aptr],#8 - ldp w8,w9,[$nptr],#8 - ldp w10,w11,[$nptr],#8 - sbcs w8,w4,w8 - sbcs w9,w5,w9 - sbcs w10,w6,w10 - sbcs w11,w7,w11 - sub x17,$bptr,$aptr - stp w8,w9,[$rptr],#8 - stp w10,w11,[$rptr],#8 - cbnz x17,.LNEON_sub - - ldr w10, [$aptr] // load top-most bit - mov x11,sp - eor v0.16b,v0.16b,v0.16b - sub x11,$bptr,x11 // this is num*4 - eor v1.16b,v1.16b,v1.16b - mov $aptr,sp - sub $rptr,$rptr,x11 // rewind $rptr - mov $nptr,$bptr // second 3/4th of frame - sbcs w10,w10,wzr // result is carry flag - -.LNEON_copy_n_zap: - ldp w4,w5,[$aptr],#8 - ldp w6,w7,[$aptr],#8 - ldp w8,w9,[$rptr],#8 - ldp w10,w11,[$rptr] - sub $rptr,$rptr,#8 - b.cs .LCopy_1 - mov w8,w4 - mov w9,w5 - mov w10,w6 - mov w11,w7 -.LCopy_1: - st1 {v0.2d,v1.2d}, [$nptr],#32 // wipe - st1 {v0.2d,v1.2d}, [$nptr],#32 // wipe - ldp w4,w5,[$aptr],#8 - ldp w6,w7,[$aptr],#8 - stp w8,w9,[$rptr],#8 - stp w10,w11,[$rptr],#8 - sub $aptr,$aptr,#32 - ldp w8,w9,[$rptr],#8 - ldp w10,w11,[$rptr] - sub $rptr,$rptr,#8 - b.cs .LCopy_2 - mov w8, w4 - mov w9, w5 - mov w10, w6 - mov w11, w7 -.LCopy_2: - st1 {v0.2d,v1.2d}, [$aptr],#32 // wipe - st1 {v0.2d,v1.2d}, [$nptr],#32 // wipe - sub x17,$bptr,$aptr // preserves carry - stp w8,w9,[$rptr],#8 - stp w10,w11,[$rptr],#8 - cbnz x17,.LNEON_copy_n_zap - - mov sp,x16 - ldp d14,d15,[sp,#64] - ldp d12,d13,[sp,#48] - ldp d10,d11,[sp,#32] - ldp d8,d9,[sp,#16] - ldr x29,[sp],#80 - ret // bx lr - -.size bn_mul8x_mont_neon,.-bn_mul8x_mont_neon -___ -} -{ -######################################################################## -# Following is ARMv8 adaptation of sqrx8x_mont from x86_64-mont5 module. - -my ($a0,$a1,$a2,$a3,$a4,$a5,$a6,$a7)=map("x$_",(6..13)); -my ($t0,$t1,$t2,$t3)=map("x$_",(14..17)); -my ($acc0,$acc1,$acc2,$acc3,$acc4,$acc5,$acc6,$acc7)=map("x$_",(19..26)); -my ($cnt,$carry,$topmost)=("x27","x28","x30"); -my ($tp,$ap_end,$na0)=($bp,$np,$carry); - -$code.=<<___; -.type __bn_sqr8x_mont,%function -.align 5 -__bn_sqr8x_mont: - cmp $ap,$bp - b.ne __bn_mul4x_mont -.Lsqr8x_mont: - .inst 0xd503233f // paciasp - stp x29,x30,[sp,#-128]! - add x29,sp,#0 - stp x19,x20,[sp,#16] - stp x21,x22,[sp,#32] - stp x23,x24,[sp,#48] - stp x25,x26,[sp,#64] - stp x27,x28,[sp,#80] - stp $rp,$np,[sp,#96] // offload rp and np - - ldp $a0,$a1,[$ap,#8*0] - ldp $a2,$a3,[$ap,#8*2] - ldp $a4,$a5,[$ap,#8*4] - ldp $a6,$a7,[$ap,#8*6] - - sub $tp,sp,$num,lsl#4 - lsl $num,$num,#3 - ldr $n0,[$n0] // *n0 - mov sp,$tp // alloca - sub $cnt,$num,#8*8 - b .Lsqr8x_zero_start - -.Lsqr8x_zero: - sub $cnt,$cnt,#8*8 - stp xzr,xzr,[$tp,#8*0] - stp xzr,xzr,[$tp,#8*2] - stp xzr,xzr,[$tp,#8*4] - stp xzr,xzr,[$tp,#8*6] -.Lsqr8x_zero_start: - stp xzr,xzr,[$tp,#8*8] - stp xzr,xzr,[$tp,#8*10] - stp xzr,xzr,[$tp,#8*12] - stp xzr,xzr,[$tp,#8*14] - add $tp,$tp,#8*16 - cbnz $cnt,.Lsqr8x_zero - - add $ap_end,$ap,$num - add $ap,$ap,#8*8 - mov $acc0,xzr - mov $acc1,xzr - mov $acc2,xzr - mov $acc3,xzr - mov $acc4,xzr - mov $acc5,xzr - mov $acc6,xzr - mov $acc7,xzr - mov $tp,sp - str $n0,[x29,#112] // offload n0 - - // Multiply everything but a[i]*a[i] -.align 4 -.Lsqr8x_outer_loop: - // a[1]a[0] (i) - // a[2]a[0] - // a[3]a[0] - // a[4]a[0] - // a[5]a[0] - // a[6]a[0] - // a[7]a[0] - // a[2]a[1] (ii) - // a[3]a[1] - // a[4]a[1] - // a[5]a[1] - // a[6]a[1] - // a[7]a[1] - // a[3]a[2] (iii) - // a[4]a[2] - // a[5]a[2] - // a[6]a[2] - // a[7]a[2] - // a[4]a[3] (iv) - // a[5]a[3] - // a[6]a[3] - // a[7]a[3] - // a[5]a[4] (v) - // a[6]a[4] - // a[7]a[4] - // a[6]a[5] (vi) - // a[7]a[5] - // a[7]a[6] (vii) - - mul $t0,$a1,$a0 // lo(a[1..7]*a[0]) (i) - mul $t1,$a2,$a0 - mul $t2,$a3,$a0 - mul $t3,$a4,$a0 - adds $acc1,$acc1,$t0 // t[1]+lo(a[1]*a[0]) - mul $t0,$a5,$a0 - adcs $acc2,$acc2,$t1 - mul $t1,$a6,$a0 - adcs $acc3,$acc3,$t2 - mul $t2,$a7,$a0 - adcs $acc4,$acc4,$t3 - umulh $t3,$a1,$a0 // hi(a[1..7]*a[0]) - adcs $acc5,$acc5,$t0 - umulh $t0,$a2,$a0 - adcs $acc6,$acc6,$t1 - umulh $t1,$a3,$a0 - adcs $acc7,$acc7,$t2 - umulh $t2,$a4,$a0 - stp $acc0,$acc1,[$tp],#8*2 // t[0..1] - adc $acc0,xzr,xzr // t[8] - adds $acc2,$acc2,$t3 // t[2]+lo(a[1]*a[0]) - umulh $t3,$a5,$a0 - adcs $acc3,$acc3,$t0 - umulh $t0,$a6,$a0 - adcs $acc4,$acc4,$t1 - umulh $t1,$a7,$a0 - adcs $acc5,$acc5,$t2 - mul $t2,$a2,$a1 // lo(a[2..7]*a[1]) (ii) - adcs $acc6,$acc6,$t3 - mul $t3,$a3,$a1 - adcs $acc7,$acc7,$t0 - mul $t0,$a4,$a1 - adc $acc0,$acc0,$t1 - - mul $t1,$a5,$a1 - adds $acc3,$acc3,$t2 - mul $t2,$a6,$a1 - adcs $acc4,$acc4,$t3 - mul $t3,$a7,$a1 - adcs $acc5,$acc5,$t0 - umulh $t0,$a2,$a1 // hi(a[2..7]*a[1]) - adcs $acc6,$acc6,$t1 - umulh $t1,$a3,$a1 - adcs $acc7,$acc7,$t2 - umulh $t2,$a4,$a1 - adcs $acc0,$acc0,$t3 - umulh $t3,$a5,$a1 - stp $acc2,$acc3,[$tp],#8*2 // t[2..3] - adc $acc1,xzr,xzr // t[9] - adds $acc4,$acc4,$t0 - umulh $t0,$a6,$a1 - adcs $acc5,$acc5,$t1 - umulh $t1,$a7,$a1 - adcs $acc6,$acc6,$t2 - mul $t2,$a3,$a2 // lo(a[3..7]*a[2]) (iii) - adcs $acc7,$acc7,$t3 - mul $t3,$a4,$a2 - adcs $acc0,$acc0,$t0 - mul $t0,$a5,$a2 - adc $acc1,$acc1,$t1 - - mul $t1,$a6,$a2 - adds $acc5,$acc5,$t2 - mul $t2,$a7,$a2 - adcs $acc6,$acc6,$t3 - umulh $t3,$a3,$a2 // hi(a[3..7]*a[2]) - adcs $acc7,$acc7,$t0 - umulh $t0,$a4,$a2 - adcs $acc0,$acc0,$t1 - umulh $t1,$a5,$a2 - adcs $acc1,$acc1,$t2 - umulh $t2,$a6,$a2 - stp $acc4,$acc5,[$tp],#8*2 // t[4..5] - adc $acc2,xzr,xzr // t[10] - adds $acc6,$acc6,$t3 - umulh $t3,$a7,$a2 - adcs $acc7,$acc7,$t0 - mul $t0,$a4,$a3 // lo(a[4..7]*a[3]) (iv) - adcs $acc0,$acc0,$t1 - mul $t1,$a5,$a3 - adcs $acc1,$acc1,$t2 - mul $t2,$a6,$a3 - adc $acc2,$acc2,$t3 - - mul $t3,$a7,$a3 - adds $acc7,$acc7,$t0 - umulh $t0,$a4,$a3 // hi(a[4..7]*a[3]) - adcs $acc0,$acc0,$t1 - umulh $t1,$a5,$a3 - adcs $acc1,$acc1,$t2 - umulh $t2,$a6,$a3 - adcs $acc2,$acc2,$t3 - umulh $t3,$a7,$a3 - stp $acc6,$acc7,[$tp],#8*2 // t[6..7] - adc $acc3,xzr,xzr // t[11] - adds $acc0,$acc0,$t0 - mul $t0,$a5,$a4 // lo(a[5..7]*a[4]) (v) - adcs $acc1,$acc1,$t1 - mul $t1,$a6,$a4 - adcs $acc2,$acc2,$t2 - mul $t2,$a7,$a4 - adc $acc3,$acc3,$t3 - - umulh $t3,$a5,$a4 // hi(a[5..7]*a[4]) - adds $acc1,$acc1,$t0 - umulh $t0,$a6,$a4 - adcs $acc2,$acc2,$t1 - umulh $t1,$a7,$a4 - adcs $acc3,$acc3,$t2 - mul $t2,$a6,$a5 // lo(a[6..7]*a[5]) (vi) - adc $acc4,xzr,xzr // t[12] - adds $acc2,$acc2,$t3 - mul $t3,$a7,$a5 - adcs $acc3,$acc3,$t0 - umulh $t0,$a6,$a5 // hi(a[6..7]*a[5]) - adc $acc4,$acc4,$t1 - - umulh $t1,$a7,$a5 - adds $acc3,$acc3,$t2 - mul $t2,$a7,$a6 // lo(a[7]*a[6]) (vii) - adcs $acc4,$acc4,$t3 - umulh $t3,$a7,$a6 // hi(a[7]*a[6]) - adc $acc5,xzr,xzr // t[13] - adds $acc4,$acc4,$t0 - sub $cnt,$ap_end,$ap // done yet? - adc $acc5,$acc5,$t1 - - adds $acc5,$acc5,$t2 - sub $t0,$ap_end,$num // rewinded ap - adc $acc6,xzr,xzr // t[14] - add $acc6,$acc6,$t3 - - cbz $cnt,.Lsqr8x_outer_break - - mov $n0,$a0 - ldp $a0,$a1,[$tp,#8*0] - ldp $a2,$a3,[$tp,#8*2] - ldp $a4,$a5,[$tp,#8*4] - ldp $a6,$a7,[$tp,#8*6] - adds $acc0,$acc0,$a0 - adcs $acc1,$acc1,$a1 - ldp $a0,$a1,[$ap,#8*0] - adcs $acc2,$acc2,$a2 - adcs $acc3,$acc3,$a3 - ldp $a2,$a3,[$ap,#8*2] - adcs $acc4,$acc4,$a4 - adcs $acc5,$acc5,$a5 - ldp $a4,$a5,[$ap,#8*4] - adcs $acc6,$acc6,$a6 - mov $rp,$ap - adcs $acc7,xzr,$a7 - ldp $a6,$a7,[$ap,#8*6] - add $ap,$ap,#8*8 - //adc $carry,xzr,xzr // moved below - mov $cnt,#-8*8 - - // a[8]a[0] - // a[9]a[0] - // a[a]a[0] - // a[b]a[0] - // a[c]a[0] - // a[d]a[0] - // a[e]a[0] - // a[f]a[0] - // a[8]a[1] - // a[f]a[1]........................ - // a[8]a[2] - // a[f]a[2]........................ - // a[8]a[3] - // a[f]a[3]........................ - // a[8]a[4] - // a[f]a[4]........................ - // a[8]a[5] - // a[f]a[5]........................ - // a[8]a[6] - // a[f]a[6]........................ - // a[8]a[7] - // a[f]a[7]........................ -.Lsqr8x_mul: - mul $t0,$a0,$n0 - adc $carry,xzr,xzr // carry bit, modulo-scheduled - mul $t1,$a1,$n0 - add $cnt,$cnt,#8 - mul $t2,$a2,$n0 - mul $t3,$a3,$n0 - adds $acc0,$acc0,$t0 - mul $t0,$a4,$n0 - adcs $acc1,$acc1,$t1 - mul $t1,$a5,$n0 - adcs $acc2,$acc2,$t2 - mul $t2,$a6,$n0 - adcs $acc3,$acc3,$t3 - mul $t3,$a7,$n0 - adcs $acc4,$acc4,$t0 - umulh $t0,$a0,$n0 - adcs $acc5,$acc5,$t1 - umulh $t1,$a1,$n0 - adcs $acc6,$acc6,$t2 - umulh $t2,$a2,$n0 - adcs $acc7,$acc7,$t3 - umulh $t3,$a3,$n0 - adc $carry,$carry,xzr - str $acc0,[$tp],#8 - adds $acc0,$acc1,$t0 - umulh $t0,$a4,$n0 - adcs $acc1,$acc2,$t1 - umulh $t1,$a5,$n0 - adcs $acc2,$acc3,$t2 - umulh $t2,$a6,$n0 - adcs $acc3,$acc4,$t3 - umulh $t3,$a7,$n0 - ldr $n0,[$rp,$cnt] - adcs $acc4,$acc5,$t0 - adcs $acc5,$acc6,$t1 - adcs $acc6,$acc7,$t2 - adcs $acc7,$carry,$t3 - //adc $carry,xzr,xzr // moved above - cbnz $cnt,.Lsqr8x_mul - // note that carry flag is guaranteed - // to be zero at this point - cmp $ap,$ap_end // done yet? - b.eq .Lsqr8x_break - - ldp $a0,$a1,[$tp,#8*0] - ldp $a2,$a3,[$tp,#8*2] - ldp $a4,$a5,[$tp,#8*4] - ldp $a6,$a7,[$tp,#8*6] - adds $acc0,$acc0,$a0 - ldur $n0,[$rp,#-8*8] - adcs $acc1,$acc1,$a1 - ldp $a0,$a1,[$ap,#8*0] - adcs $acc2,$acc2,$a2 - adcs $acc3,$acc3,$a3 - ldp $a2,$a3,[$ap,#8*2] - adcs $acc4,$acc4,$a4 - adcs $acc5,$acc5,$a5 - ldp $a4,$a5,[$ap,#8*4] - adcs $acc6,$acc6,$a6 - mov $cnt,#-8*8 - adcs $acc7,$acc7,$a7 - ldp $a6,$a7,[$ap,#8*6] - add $ap,$ap,#8*8 - //adc $carry,xzr,xzr // moved above - b .Lsqr8x_mul - -.align 4 -.Lsqr8x_break: - ldp $a0,$a1,[$rp,#8*0] - add $ap,$rp,#8*8 - ldp $a2,$a3,[$rp,#8*2] - sub $t0,$ap_end,$ap // is it last iteration? - ldp $a4,$a5,[$rp,#8*4] - sub $t1,$tp,$t0 - ldp $a6,$a7,[$rp,#8*6] - cbz $t0,.Lsqr8x_outer_loop - - stp $acc0,$acc1,[$tp,#8*0] - ldp $acc0,$acc1,[$t1,#8*0] - stp $acc2,$acc3,[$tp,#8*2] - ldp $acc2,$acc3,[$t1,#8*2] - stp $acc4,$acc5,[$tp,#8*4] - ldp $acc4,$acc5,[$t1,#8*4] - stp $acc6,$acc7,[$tp,#8*6] - mov $tp,$t1 - ldp $acc6,$acc7,[$t1,#8*6] - b .Lsqr8x_outer_loop - -.align 4 -.Lsqr8x_outer_break: - // Now multiply above result by 2 and add a[n-1]*a[n-1]|...|a[0]*a[0] - ldp $a1,$a3,[$t0,#8*0] // recall that $t0 is &a[0] - ldp $t1,$t2,[sp,#8*1] - ldp $a5,$a7,[$t0,#8*2] - add $ap,$t0,#8*4 - ldp $t3,$t0,[sp,#8*3] - - stp $acc0,$acc1,[$tp,#8*0] - mul $acc0,$a1,$a1 - stp $acc2,$acc3,[$tp,#8*2] - umulh $a1,$a1,$a1 - stp $acc4,$acc5,[$tp,#8*4] - mul $a2,$a3,$a3 - stp $acc6,$acc7,[$tp,#8*6] - mov $tp,sp - umulh $a3,$a3,$a3 - adds $acc1,$a1,$t1,lsl#1 - extr $t1,$t2,$t1,#63 - sub $cnt,$num,#8*4 - -.Lsqr4x_shift_n_add: - adcs $acc2,$a2,$t1 - extr $t2,$t3,$t2,#63 - sub $cnt,$cnt,#8*4 - adcs $acc3,$a3,$t2 - ldp $t1,$t2,[$tp,#8*5] - mul $a4,$a5,$a5 - ldp $a1,$a3,[$ap],#8*2 - umulh $a5,$a5,$a5 - mul $a6,$a7,$a7 - umulh $a7,$a7,$a7 - extr $t3,$t0,$t3,#63 - stp $acc0,$acc1,[$tp,#8*0] - adcs $acc4,$a4,$t3 - extr $t0,$t1,$t0,#63 - stp $acc2,$acc3,[$tp,#8*2] - adcs $acc5,$a5,$t0 - ldp $t3,$t0,[$tp,#8*7] - extr $t1,$t2,$t1,#63 - adcs $acc6,$a6,$t1 - extr $t2,$t3,$t2,#63 - adcs $acc7,$a7,$t2 - ldp $t1,$t2,[$tp,#8*9] - mul $a0,$a1,$a1 - ldp $a5,$a7,[$ap],#8*2 - umulh $a1,$a1,$a1 - mul $a2,$a3,$a3 - umulh $a3,$a3,$a3 - stp $acc4,$acc5,[$tp,#8*4] - extr $t3,$t0,$t3,#63 - stp $acc6,$acc7,[$tp,#8*6] - add $tp,$tp,#8*8 - adcs $acc0,$a0,$t3 - extr $t0,$t1,$t0,#63 - adcs $acc1,$a1,$t0 - ldp $t3,$t0,[$tp,#8*3] - extr $t1,$t2,$t1,#63 - cbnz $cnt,.Lsqr4x_shift_n_add -___ -my ($np,$np_end)=($ap,$ap_end); -$code.=<<___; - ldp $np,$n0,[x29,#104] // pull np and n0 - - adcs $acc2,$a2,$t1 - extr $t2,$t3,$t2,#63 - adcs $acc3,$a3,$t2 - ldp $t1,$t2,[$tp,#8*5] - mul $a4,$a5,$a5 - umulh $a5,$a5,$a5 - stp $acc0,$acc1,[$tp,#8*0] - mul $a6,$a7,$a7 - umulh $a7,$a7,$a7 - stp $acc2,$acc3,[$tp,#8*2] - extr $t3,$t0,$t3,#63 - adcs $acc4,$a4,$t3 - extr $t0,$t1,$t0,#63 - ldp $acc0,$acc1,[sp,#8*0] - adcs $acc5,$a5,$t0 - extr $t1,$t2,$t1,#63 - ldp $a0,$a1,[$np,#8*0] - adcs $acc6,$a6,$t1 - extr $t2,xzr,$t2,#63 - ldp $a2,$a3,[$np,#8*2] - adc $acc7,$a7,$t2 - ldp $a4,$a5,[$np,#8*4] - - // Reduce by 512 bits per iteration - mul $na0,$n0,$acc0 // t[0]*n0 - ldp $a6,$a7,[$np,#8*6] - add $np_end,$np,$num - ldp $acc2,$acc3,[sp,#8*2] - stp $acc4,$acc5,[$tp,#8*4] - ldp $acc4,$acc5,[sp,#8*4] - stp $acc6,$acc7,[$tp,#8*6] - ldp $acc6,$acc7,[sp,#8*6] - add $np,$np,#8*8 - mov $topmost,xzr // initial top-most carry - mov $tp,sp - mov $cnt,#8 - -.Lsqr8x_reduction: - // (*) mul $t0,$a0,$na0 // lo(n[0-7])*lo(t[0]*n0) - mul $t1,$a1,$na0 - sub $cnt,$cnt,#1 - mul $t2,$a2,$na0 - str $na0,[$tp],#8 // put aside t[0]*n0 for tail processing - mul $t3,$a3,$na0 - // (*) adds xzr,$acc0,$t0 - subs xzr,$acc0,#1 // (*) - mul $t0,$a4,$na0 - adcs $acc0,$acc1,$t1 - mul $t1,$a5,$na0 - adcs $acc1,$acc2,$t2 - mul $t2,$a6,$na0 - adcs $acc2,$acc3,$t3 - mul $t3,$a7,$na0 - adcs $acc3,$acc4,$t0 - umulh $t0,$a0,$na0 // hi(n[0-7])*lo(t[0]*n0) - adcs $acc4,$acc5,$t1 - umulh $t1,$a1,$na0 - adcs $acc5,$acc6,$t2 - umulh $t2,$a2,$na0 - adcs $acc6,$acc7,$t3 - umulh $t3,$a3,$na0 - adc $acc7,xzr,xzr - adds $acc0,$acc0,$t0 - umulh $t0,$a4,$na0 - adcs $acc1,$acc1,$t1 - umulh $t1,$a5,$na0 - adcs $acc2,$acc2,$t2 - umulh $t2,$a6,$na0 - adcs $acc3,$acc3,$t3 - umulh $t3,$a7,$na0 - mul $na0,$n0,$acc0 // next t[0]*n0 - adcs $acc4,$acc4,$t0 - adcs $acc5,$acc5,$t1 - adcs $acc6,$acc6,$t2 - adc $acc7,$acc7,$t3 - cbnz $cnt,.Lsqr8x_reduction - - ldp $t0,$t1,[$tp,#8*0] - ldp $t2,$t3,[$tp,#8*2] - mov $rp,$tp - sub $cnt,$np_end,$np // done yet? - adds $acc0,$acc0,$t0 - adcs $acc1,$acc1,$t1 - ldp $t0,$t1,[$tp,#8*4] - adcs $acc2,$acc2,$t2 - adcs $acc3,$acc3,$t3 - ldp $t2,$t3,[$tp,#8*6] - adcs $acc4,$acc4,$t0 - adcs $acc5,$acc5,$t1 - adcs $acc6,$acc6,$t2 - adcs $acc7,$acc7,$t3 - //adc $carry,xzr,xzr // moved below - cbz $cnt,.Lsqr8x8_post_condition - - ldur $n0,[$tp,#-8*8] - ldp $a0,$a1,[$np,#8*0] - ldp $a2,$a3,[$np,#8*2] - ldp $a4,$a5,[$np,#8*4] - mov $cnt,#-8*8 - ldp $a6,$a7,[$np,#8*6] - add $np,$np,#8*8 - -.Lsqr8x_tail: - mul $t0,$a0,$n0 - adc $carry,xzr,xzr // carry bit, modulo-scheduled - mul $t1,$a1,$n0 - add $cnt,$cnt,#8 - mul $t2,$a2,$n0 - mul $t3,$a3,$n0 - adds $acc0,$acc0,$t0 - mul $t0,$a4,$n0 - adcs $acc1,$acc1,$t1 - mul $t1,$a5,$n0 - adcs $acc2,$acc2,$t2 - mul $t2,$a6,$n0 - adcs $acc3,$acc3,$t3 - mul $t3,$a7,$n0 - adcs $acc4,$acc4,$t0 - umulh $t0,$a0,$n0 - adcs $acc5,$acc5,$t1 - umulh $t1,$a1,$n0 - adcs $acc6,$acc6,$t2 - umulh $t2,$a2,$n0 - adcs $acc7,$acc7,$t3 - umulh $t3,$a3,$n0 - adc $carry,$carry,xzr - str $acc0,[$tp],#8 - adds $acc0,$acc1,$t0 - umulh $t0,$a4,$n0 - adcs $acc1,$acc2,$t1 - umulh $t1,$a5,$n0 - adcs $acc2,$acc3,$t2 - umulh $t2,$a6,$n0 - adcs $acc3,$acc4,$t3 - umulh $t3,$a7,$n0 - ldr $n0,[$rp,$cnt] - adcs $acc4,$acc5,$t0 - adcs $acc5,$acc6,$t1 - adcs $acc6,$acc7,$t2 - adcs $acc7,$carry,$t3 - //adc $carry,xzr,xzr // moved above - cbnz $cnt,.Lsqr8x_tail - // note that carry flag is guaranteed - // to be zero at this point - ldp $a0,$a1,[$tp,#8*0] - sub $cnt,$np_end,$np // done yet? - sub $t2,$np_end,$num // rewinded np - ldp $a2,$a3,[$tp,#8*2] - ldp $a4,$a5,[$tp,#8*4] - ldp $a6,$a7,[$tp,#8*6] - cbz $cnt,.Lsqr8x_tail_break - - ldur $n0,[$rp,#-8*8] - adds $acc0,$acc0,$a0 - adcs $acc1,$acc1,$a1 - ldp $a0,$a1,[$np,#8*0] - adcs $acc2,$acc2,$a2 - adcs $acc3,$acc3,$a3 - ldp $a2,$a3,[$np,#8*2] - adcs $acc4,$acc4,$a4 - adcs $acc5,$acc5,$a5 - ldp $a4,$a5,[$np,#8*4] - adcs $acc6,$acc6,$a6 - mov $cnt,#-8*8 - adcs $acc7,$acc7,$a7 - ldp $a6,$a7,[$np,#8*6] - add $np,$np,#8*8 - //adc $carry,xzr,xzr // moved above - b .Lsqr8x_tail - -.align 4 -.Lsqr8x_tail_break: - ldr $n0,[x29,#112] // pull n0 - add $cnt,$tp,#8*8 // end of current t[num] window - - subs xzr,$topmost,#1 // "move" top-most carry to carry bit - adcs $t0,$acc0,$a0 - adcs $t1,$acc1,$a1 - ldp $acc0,$acc1,[$rp,#8*0] - adcs $acc2,$acc2,$a2 - ldp $a0,$a1,[$t2,#8*0] // recall that $t2 is &n[0] - adcs $acc3,$acc3,$a3 - ldp $a2,$a3,[$t2,#8*2] - adcs $acc4,$acc4,$a4 - adcs $acc5,$acc5,$a5 - ldp $a4,$a5,[$t2,#8*4] - adcs $acc6,$acc6,$a6 - adcs $acc7,$acc7,$a7 - ldp $a6,$a7,[$t2,#8*6] - add $np,$t2,#8*8 - adc $topmost,xzr,xzr // top-most carry - mul $na0,$n0,$acc0 - stp $t0,$t1,[$tp,#8*0] - stp $acc2,$acc3,[$tp,#8*2] - ldp $acc2,$acc3,[$rp,#8*2] - stp $acc4,$acc5,[$tp,#8*4] - ldp $acc4,$acc5,[$rp,#8*4] - cmp $cnt,x29 // did we hit the bottom? - stp $acc6,$acc7,[$tp,#8*6] - mov $tp,$rp // slide the window - ldp $acc6,$acc7,[$rp,#8*6] - mov $cnt,#8 - b.ne .Lsqr8x_reduction - - // Final step. We see if result is larger than modulus, and - // if it is, subtract the modulus. But comparison implies - // subtraction. So we subtract modulus, see if it borrowed, - // and conditionally copy original value. - ldr $rp,[x29,#96] // pull rp - add $tp,$tp,#8*8 - subs $t0,$acc0,$a0 - sbcs $t1,$acc1,$a1 - sub $cnt,$num,#8*8 - mov $ap_end,$rp // $rp copy - -.Lsqr8x_sub: - sbcs $t2,$acc2,$a2 - ldp $a0,$a1,[$np,#8*0] - sbcs $t3,$acc3,$a3 - stp $t0,$t1,[$rp,#8*0] - sbcs $t0,$acc4,$a4 - ldp $a2,$a3,[$np,#8*2] - sbcs $t1,$acc5,$a5 - stp $t2,$t3,[$rp,#8*2] - sbcs $t2,$acc6,$a6 - ldp $a4,$a5,[$np,#8*4] - sbcs $t3,$acc7,$a7 - ldp $a6,$a7,[$np,#8*6] - add $np,$np,#8*8 - ldp $acc0,$acc1,[$tp,#8*0] - sub $cnt,$cnt,#8*8 - ldp $acc2,$acc3,[$tp,#8*2] - ldp $acc4,$acc5,[$tp,#8*4] - ldp $acc6,$acc7,[$tp,#8*6] - add $tp,$tp,#8*8 - stp $t0,$t1,[$rp,#8*4] - sbcs $t0,$acc0,$a0 - stp $t2,$t3,[$rp,#8*6] - add $rp,$rp,#8*8 - sbcs $t1,$acc1,$a1 - cbnz $cnt,.Lsqr8x_sub - - sbcs $t2,$acc2,$a2 - mov $tp,sp - add $ap,sp,$num - ldp $a0,$a1,[$ap_end,#8*0] - sbcs $t3,$acc3,$a3 - stp $t0,$t1,[$rp,#8*0] - sbcs $t0,$acc4,$a4 - ldp $a2,$a3,[$ap_end,#8*2] - sbcs $t1,$acc5,$a5 - stp $t2,$t3,[$rp,#8*2] - sbcs $t2,$acc6,$a6 - ldp $acc0,$acc1,[$ap,#8*0] - sbcs $t3,$acc7,$a7 - ldp $acc2,$acc3,[$ap,#8*2] - sbcs xzr,$topmost,xzr // did it borrow? - ldr x30,[x29,#8] // pull return address - stp $t0,$t1,[$rp,#8*4] - stp $t2,$t3,[$rp,#8*6] - - sub $cnt,$num,#8*4 -.Lsqr4x_cond_copy: - sub $cnt,$cnt,#8*4 - csel $t0,$acc0,$a0,lo - stp xzr,xzr,[$tp,#8*0] - csel $t1,$acc1,$a1,lo - ldp $a0,$a1,[$ap_end,#8*4] - ldp $acc0,$acc1,[$ap,#8*4] - csel $t2,$acc2,$a2,lo - stp xzr,xzr,[$tp,#8*2] - add $tp,$tp,#8*4 - csel $t3,$acc3,$a3,lo - ldp $a2,$a3,[$ap_end,#8*6] - ldp $acc2,$acc3,[$ap,#8*6] - add $ap,$ap,#8*4 - stp $t0,$t1,[$ap_end,#8*0] - stp $t2,$t3,[$ap_end,#8*2] - add $ap_end,$ap_end,#8*4 - stp xzr,xzr,[$ap,#8*0] - stp xzr,xzr,[$ap,#8*2] - cbnz $cnt,.Lsqr4x_cond_copy - - csel $t0,$acc0,$a0,lo - stp xzr,xzr,[$tp,#8*0] - csel $t1,$acc1,$a1,lo - stp xzr,xzr,[$tp,#8*2] - csel $t2,$acc2,$a2,lo - csel $t3,$acc3,$a3,lo - stp $t0,$t1,[$ap_end,#8*0] - stp $t2,$t3,[$ap_end,#8*2] - - b .Lsqr8x_done - -.align 4 -.Lsqr8x8_post_condition: - adc $carry,xzr,xzr - ldr x30,[x29,#8] // pull return address - // $acc0-7,$carry hold result, $a0-7 hold modulus - subs $a0,$acc0,$a0 - ldr $ap,[x29,#96] // pull rp - sbcs $a1,$acc1,$a1 - stp xzr,xzr,[sp,#8*0] - sbcs $a2,$acc2,$a2 - stp xzr,xzr,[sp,#8*2] - sbcs $a3,$acc3,$a3 - stp xzr,xzr,[sp,#8*4] - sbcs $a4,$acc4,$a4 - stp xzr,xzr,[sp,#8*6] - sbcs $a5,$acc5,$a5 - stp xzr,xzr,[sp,#8*8] - sbcs $a6,$acc6,$a6 - stp xzr,xzr,[sp,#8*10] - sbcs $a7,$acc7,$a7 - stp xzr,xzr,[sp,#8*12] - sbcs $carry,$carry,xzr // did it borrow? - stp xzr,xzr,[sp,#8*14] - - // $a0-7 hold result-modulus - csel $a0,$acc0,$a0,lo - csel $a1,$acc1,$a1,lo - csel $a2,$acc2,$a2,lo - csel $a3,$acc3,$a3,lo - stp $a0,$a1,[$ap,#8*0] - csel $a4,$acc4,$a4,lo - csel $a5,$acc5,$a5,lo - stp $a2,$a3,[$ap,#8*2] - csel $a6,$acc6,$a6,lo - csel $a7,$acc7,$a7,lo - stp $a4,$a5,[$ap,#8*4] - stp $a6,$a7,[$ap,#8*6] - -.Lsqr8x_done: - ldp x19,x20,[x29,#16] - mov sp,x29 - ldp x21,x22,[x29,#32] - mov x0,#1 - ldp x23,x24,[x29,#48] - ldp x25,x26,[x29,#64] - ldp x27,x28,[x29,#80] - ldr x29,[sp],#128 - .inst 0xd50323bf // autiasp - ret -.size __bn_sqr8x_mont,.-__bn_sqr8x_mont -___ -} - -{ -######################################################################## -# Even though this might look as ARMv8 adaptation of mulx4x_mont from -# x86_64-mont5 module, it's different in sense that it performs -# reduction 256 bits at a time. - -my ($a0,$a1,$a2,$a3, - $t0,$t1,$t2,$t3, - $m0,$m1,$m2,$m3, - $acc0,$acc1,$acc2,$acc3,$acc4, - $bi,$mi,$tp,$ap_end,$cnt) = map("x$_",(6..17,19..28)); -my $bp_end=$rp; -my ($carry,$topmost) = ($rp,"x30"); - -$code.=<<___; -.type __bn_mul4x_mont,%function -.align 5 -__bn_mul4x_mont: - .inst 0xd503233f // paciasp - stp x29,x30,[sp,#-128]! - add x29,sp,#0 - stp x19,x20,[sp,#16] - stp x21,x22,[sp,#32] - stp x23,x24,[sp,#48] - stp x25,x26,[sp,#64] - stp x27,x28,[sp,#80] - - sub $tp,sp,$num,lsl#3 - lsl $num,$num,#3 - ldr $n0,[$n0] // *n0 - sub sp,$tp,#8*4 // alloca - - add $t0,$bp,$num - add $ap_end,$ap,$num - stp $rp,$t0,[x29,#96] // offload rp and &b[num] - - ldr $bi,[$bp,#8*0] // b[0] - ldp $a0,$a1,[$ap,#8*0] // a[0..3] - ldp $a2,$a3,[$ap,#8*2] - add $ap,$ap,#8*4 - mov $acc0,xzr - mov $acc1,xzr - mov $acc2,xzr - mov $acc3,xzr - ldp $m0,$m1,[$np,#8*0] // n[0..3] - ldp $m2,$m3,[$np,#8*2] - adds $np,$np,#8*4 // clear carry bit - mov $carry,xzr - mov $cnt,#0 - mov $tp,sp - -.Loop_mul4x_1st_reduction: - mul $t0,$a0,$bi // lo(a[0..3]*b[0]) - adc $carry,$carry,xzr // modulo-scheduled - mul $t1,$a1,$bi - add $cnt,$cnt,#8 - mul $t2,$a2,$bi - and $cnt,$cnt,#31 - mul $t3,$a3,$bi - adds $acc0,$acc0,$t0 - umulh $t0,$a0,$bi // hi(a[0..3]*b[0]) - adcs $acc1,$acc1,$t1 - mul $mi,$acc0,$n0 // t[0]*n0 - adcs $acc2,$acc2,$t2 - umulh $t1,$a1,$bi - adcs $acc3,$acc3,$t3 - umulh $t2,$a2,$bi - adc $acc4,xzr,xzr - umulh $t3,$a3,$bi - ldr $bi,[$bp,$cnt] // next b[i] (or b[0]) - adds $acc1,$acc1,$t0 - // (*) mul $t0,$m0,$mi // lo(n[0..3]*t[0]*n0) - str $mi,[$tp],#8 // put aside t[0]*n0 for tail processing - adcs $acc2,$acc2,$t1 - mul $t1,$m1,$mi - adcs $acc3,$acc3,$t2 - mul $t2,$m2,$mi - adc $acc4,$acc4,$t3 // can't overflow - mul $t3,$m3,$mi - // (*) adds xzr,$acc0,$t0 - subs xzr,$acc0,#1 // (*) - umulh $t0,$m0,$mi // hi(n[0..3]*t[0]*n0) - adcs $acc0,$acc1,$t1 - umulh $t1,$m1,$mi - adcs $acc1,$acc2,$t2 - umulh $t2,$m2,$mi - adcs $acc2,$acc3,$t3 - umulh $t3,$m3,$mi - adcs $acc3,$acc4,$carry - adc $carry,xzr,xzr - adds $acc0,$acc0,$t0 - sub $t0,$ap_end,$ap - adcs $acc1,$acc1,$t1 - adcs $acc2,$acc2,$t2 - adcs $acc3,$acc3,$t3 - //adc $carry,$carry,xzr - cbnz $cnt,.Loop_mul4x_1st_reduction - - cbz $t0,.Lmul4x4_post_condition - - ldp $a0,$a1,[$ap,#8*0] // a[4..7] - ldp $a2,$a3,[$ap,#8*2] - add $ap,$ap,#8*4 - ldr $mi,[sp] // a[0]*n0 - ldp $m0,$m1,[$np,#8*0] // n[4..7] - ldp $m2,$m3,[$np,#8*2] - add $np,$np,#8*4 - -.Loop_mul4x_1st_tail: - mul $t0,$a0,$bi // lo(a[4..7]*b[i]) - adc $carry,$carry,xzr // modulo-scheduled - mul $t1,$a1,$bi - add $cnt,$cnt,#8 - mul $t2,$a2,$bi - and $cnt,$cnt,#31 - mul $t3,$a3,$bi - adds $acc0,$acc0,$t0 - umulh $t0,$a0,$bi // hi(a[4..7]*b[i]) - adcs $acc1,$acc1,$t1 - umulh $t1,$a1,$bi - adcs $acc2,$acc2,$t2 - umulh $t2,$a2,$bi - adcs $acc3,$acc3,$t3 - umulh $t3,$a3,$bi - adc $acc4,xzr,xzr - ldr $bi,[$bp,$cnt] // next b[i] (or b[0]) - adds $acc1,$acc1,$t0 - mul $t0,$m0,$mi // lo(n[4..7]*a[0]*n0) - adcs $acc2,$acc2,$t1 - mul $t1,$m1,$mi - adcs $acc3,$acc3,$t2 - mul $t2,$m2,$mi - adc $acc4,$acc4,$t3 // can't overflow - mul $t3,$m3,$mi - adds $acc0,$acc0,$t0 - umulh $t0,$m0,$mi // hi(n[4..7]*a[0]*n0) - adcs $acc1,$acc1,$t1 - umulh $t1,$m1,$mi - adcs $acc2,$acc2,$t2 - umulh $t2,$m2,$mi - adcs $acc3,$acc3,$t3 - adcs $acc4,$acc4,$carry - umulh $t3,$m3,$mi - adc $carry,xzr,xzr - ldr $mi,[sp,$cnt] // next t[0]*n0 - str $acc0,[$tp],#8 // result!!! - adds $acc0,$acc1,$t0 - sub $t0,$ap_end,$ap // done yet? - adcs $acc1,$acc2,$t1 - adcs $acc2,$acc3,$t2 - adcs $acc3,$acc4,$t3 - //adc $carry,$carry,xzr - cbnz $cnt,.Loop_mul4x_1st_tail - - sub $t1,$ap_end,$num // rewinded $ap - cbz $t0,.Lmul4x_proceed - - ldp $a0,$a1,[$ap,#8*0] - ldp $a2,$a3,[$ap,#8*2] - add $ap,$ap,#8*4 - ldp $m0,$m1,[$np,#8*0] - ldp $m2,$m3,[$np,#8*2] - add $np,$np,#8*4 - b .Loop_mul4x_1st_tail - -.align 5 -.Lmul4x_proceed: - ldr $bi,[$bp,#8*4]! // *++b - adc $topmost,$carry,xzr - ldp $a0,$a1,[$t1,#8*0] // a[0..3] - sub $np,$np,$num // rewind np - ldp $a2,$a3,[$t1,#8*2] - add $ap,$t1,#8*4 - - stp $acc0,$acc1,[$tp,#8*0] // result!!! - ldp $acc0,$acc1,[sp,#8*4] // t[0..3] - stp $acc2,$acc3,[$tp,#8*2] // result!!! - ldp $acc2,$acc3,[sp,#8*6] - - ldp $m0,$m1,[$np,#8*0] // n[0..3] - mov $tp,sp - ldp $m2,$m3,[$np,#8*2] - adds $np,$np,#8*4 // clear carry bit - mov $carry,xzr - -.align 4 -.Loop_mul4x_reduction: - mul $t0,$a0,$bi // lo(a[0..3]*b[4]) - adc $carry,$carry,xzr // modulo-scheduled - mul $t1,$a1,$bi - add $cnt,$cnt,#8 - mul $t2,$a2,$bi - and $cnt,$cnt,#31 - mul $t3,$a3,$bi - adds $acc0,$acc0,$t0 - umulh $t0,$a0,$bi // hi(a[0..3]*b[4]) - adcs $acc1,$acc1,$t1 - mul $mi,$acc0,$n0 // t[0]*n0 - adcs $acc2,$acc2,$t2 - umulh $t1,$a1,$bi - adcs $acc3,$acc3,$t3 - umulh $t2,$a2,$bi - adc $acc4,xzr,xzr - umulh $t3,$a3,$bi - ldr $bi,[$bp,$cnt] // next b[i] - adds $acc1,$acc1,$t0 - // (*) mul $t0,$m0,$mi - str $mi,[$tp],#8 // put aside t[0]*n0 for tail processing - adcs $acc2,$acc2,$t1 - mul $t1,$m1,$mi // lo(n[0..3]*t[0]*n0 - adcs $acc3,$acc3,$t2 - mul $t2,$m2,$mi - adc $acc4,$acc4,$t3 // can't overflow - mul $t3,$m3,$mi - // (*) adds xzr,$acc0,$t0 - subs xzr,$acc0,#1 // (*) - umulh $t0,$m0,$mi // hi(n[0..3]*t[0]*n0 - adcs $acc0,$acc1,$t1 - umulh $t1,$m1,$mi - adcs $acc1,$acc2,$t2 - umulh $t2,$m2,$mi - adcs $acc2,$acc3,$t3 - umulh $t3,$m3,$mi - adcs $acc3,$acc4,$carry - adc $carry,xzr,xzr - adds $acc0,$acc0,$t0 - adcs $acc1,$acc1,$t1 - adcs $acc2,$acc2,$t2 - adcs $acc3,$acc3,$t3 - //adc $carry,$carry,xzr - cbnz $cnt,.Loop_mul4x_reduction - - adc $carry,$carry,xzr - ldp $t0,$t1,[$tp,#8*4] // t[4..7] - ldp $t2,$t3,[$tp,#8*6] - ldp $a0,$a1,[$ap,#8*0] // a[4..7] - ldp $a2,$a3,[$ap,#8*2] - add $ap,$ap,#8*4 - adds $acc0,$acc0,$t0 - adcs $acc1,$acc1,$t1 - adcs $acc2,$acc2,$t2 - adcs $acc3,$acc3,$t3 - //adc $carry,$carry,xzr - - ldr $mi,[sp] // t[0]*n0 - ldp $m0,$m1,[$np,#8*0] // n[4..7] - ldp $m2,$m3,[$np,#8*2] - add $np,$np,#8*4 - -.align 4 -.Loop_mul4x_tail: - mul $t0,$a0,$bi // lo(a[4..7]*b[4]) - adc $carry,$carry,xzr // modulo-scheduled - mul $t1,$a1,$bi - add $cnt,$cnt,#8 - mul $t2,$a2,$bi - and $cnt,$cnt,#31 - mul $t3,$a3,$bi - adds $acc0,$acc0,$t0 - umulh $t0,$a0,$bi // hi(a[4..7]*b[4]) - adcs $acc1,$acc1,$t1 - umulh $t1,$a1,$bi - adcs $acc2,$acc2,$t2 - umulh $t2,$a2,$bi - adcs $acc3,$acc3,$t3 - umulh $t3,$a3,$bi - adc $acc4,xzr,xzr - ldr $bi,[$bp,$cnt] // next b[i] - adds $acc1,$acc1,$t0 - mul $t0,$m0,$mi // lo(n[4..7]*t[0]*n0) - adcs $acc2,$acc2,$t1 - mul $t1,$m1,$mi - adcs $acc3,$acc3,$t2 - mul $t2,$m2,$mi - adc $acc4,$acc4,$t3 // can't overflow - mul $t3,$m3,$mi - adds $acc0,$acc0,$t0 - umulh $t0,$m0,$mi // hi(n[4..7]*t[0]*n0) - adcs $acc1,$acc1,$t1 - umulh $t1,$m1,$mi - adcs $acc2,$acc2,$t2 - umulh $t2,$m2,$mi - adcs $acc3,$acc3,$t3 - umulh $t3,$m3,$mi - adcs $acc4,$acc4,$carry - ldr $mi,[sp,$cnt] // next a[0]*n0 - adc $carry,xzr,xzr - str $acc0,[$tp],#8 // result!!! - adds $acc0,$acc1,$t0 - sub $t0,$ap_end,$ap // done yet? - adcs $acc1,$acc2,$t1 - adcs $acc2,$acc3,$t2 - adcs $acc3,$acc4,$t3 - //adc $carry,$carry,xzr - cbnz $cnt,.Loop_mul4x_tail - - sub $t1,$np,$num // rewinded np? - adc $carry,$carry,xzr - cbz $t0,.Loop_mul4x_break - - ldp $t0,$t1,[$tp,#8*4] - ldp $t2,$t3,[$tp,#8*6] - ldp $a0,$a1,[$ap,#8*0] - ldp $a2,$a3,[$ap,#8*2] - add $ap,$ap,#8*4 - adds $acc0,$acc0,$t0 - adcs $acc1,$acc1,$t1 - adcs $acc2,$acc2,$t2 - adcs $acc3,$acc3,$t3 - //adc $carry,$carry,xzr - ldp $m0,$m1,[$np,#8*0] - ldp $m2,$m3,[$np,#8*2] - add $np,$np,#8*4 - b .Loop_mul4x_tail - -.align 4 -.Loop_mul4x_break: - ldp $t2,$t3,[x29,#96] // pull rp and &b[num] - adds $acc0,$acc0,$topmost - add $bp,$bp,#8*4 // bp++ - adcs $acc1,$acc1,xzr - sub $ap,$ap,$num // rewind ap - adcs $acc2,$acc2,xzr - stp $acc0,$acc1,[$tp,#8*0] // result!!! - adcs $acc3,$acc3,xzr - ldp $acc0,$acc1,[sp,#8*4] // t[0..3] - adc $topmost,$carry,xzr - stp $acc2,$acc3,[$tp,#8*2] // result!!! - cmp $bp,$t3 // done yet? - ldp $acc2,$acc3,[sp,#8*6] - ldp $m0,$m1,[$t1,#8*0] // n[0..3] - ldp $m2,$m3,[$t1,#8*2] - add $np,$t1,#8*4 - b.eq .Lmul4x_post - - ldr $bi,[$bp] - ldp $a0,$a1,[$ap,#8*0] // a[0..3] - ldp $a2,$a3,[$ap,#8*2] - adds $ap,$ap,#8*4 // clear carry bit - mov $carry,xzr - mov $tp,sp - b .Loop_mul4x_reduction - -.align 4 -.Lmul4x_post: - // Final step. We see if result is larger than modulus, and - // if it is, subtract the modulus. But comparison implies - // subtraction. So we subtract modulus, see if it borrowed, - // and conditionally copy original value. - mov $rp,$t2 - mov $ap_end,$t2 // $rp copy - subs $t0,$acc0,$m0 - add $tp,sp,#8*8 - sbcs $t1,$acc1,$m1 - sub $cnt,$num,#8*4 - -.Lmul4x_sub: - sbcs $t2,$acc2,$m2 - ldp $m0,$m1,[$np,#8*0] - sub $cnt,$cnt,#8*4 - ldp $acc0,$acc1,[$tp,#8*0] - sbcs $t3,$acc3,$m3 - ldp $m2,$m3,[$np,#8*2] - add $np,$np,#8*4 - ldp $acc2,$acc3,[$tp,#8*2] - add $tp,$tp,#8*4 - stp $t0,$t1,[$rp,#8*0] - sbcs $t0,$acc0,$m0 - stp $t2,$t3,[$rp,#8*2] - add $rp,$rp,#8*4 - sbcs $t1,$acc1,$m1 - cbnz $cnt,.Lmul4x_sub - - sbcs $t2,$acc2,$m2 - mov $tp,sp - add $ap,sp,#8*4 - ldp $a0,$a1,[$ap_end,#8*0] - sbcs $t3,$acc3,$m3 - stp $t0,$t1,[$rp,#8*0] - ldp $a2,$a3,[$ap_end,#8*2] - stp $t2,$t3,[$rp,#8*2] - ldp $acc0,$acc1,[$ap,#8*0] - ldp $acc2,$acc3,[$ap,#8*2] - sbcs xzr,$topmost,xzr // did it borrow? - ldr x30,[x29,#8] // pull return address - - sub $cnt,$num,#8*4 -.Lmul4x_cond_copy: - sub $cnt,$cnt,#8*4 - csel $t0,$acc0,$a0,lo - stp xzr,xzr,[$tp,#8*0] - csel $t1,$acc1,$a1,lo - ldp $a0,$a1,[$ap_end,#8*4] - ldp $acc0,$acc1,[$ap,#8*4] - csel $t2,$acc2,$a2,lo - stp xzr,xzr,[$tp,#8*2] - add $tp,$tp,#8*4 - csel $t3,$acc3,$a3,lo - ldp $a2,$a3,[$ap_end,#8*6] - ldp $acc2,$acc3,[$ap,#8*6] - add $ap,$ap,#8*4 - stp $t0,$t1,[$ap_end,#8*0] - stp $t2,$t3,[$ap_end,#8*2] - add $ap_end,$ap_end,#8*4 - cbnz $cnt,.Lmul4x_cond_copy - - csel $t0,$acc0,$a0,lo - stp xzr,xzr,[$tp,#8*0] - csel $t1,$acc1,$a1,lo - stp xzr,xzr,[$tp,#8*2] - csel $t2,$acc2,$a2,lo - stp xzr,xzr,[$tp,#8*3] - csel $t3,$acc3,$a3,lo - stp xzr,xzr,[$tp,#8*4] - stp $t0,$t1,[$ap_end,#8*0] - stp $t2,$t3,[$ap_end,#8*2] - - b .Lmul4x_done - -.align 4 -.Lmul4x4_post_condition: - adc $carry,$carry,xzr - ldr $ap,[x29,#96] // pull rp - // $acc0-3,$carry hold result, $m0-7 hold modulus - subs $a0,$acc0,$m0 - ldr x30,[x29,#8] // pull return address - sbcs $a1,$acc1,$m1 - stp xzr,xzr,[sp,#8*0] - sbcs $a2,$acc2,$m2 - stp xzr,xzr,[sp,#8*2] - sbcs $a3,$acc3,$m3 - stp xzr,xzr,[sp,#8*4] - sbcs xzr,$carry,xzr // did it borrow? - stp xzr,xzr,[sp,#8*6] - - // $a0-3 hold result-modulus - csel $a0,$acc0,$a0,lo - csel $a1,$acc1,$a1,lo - csel $a2,$acc2,$a2,lo - csel $a3,$acc3,$a3,lo - stp $a0,$a1,[$ap,#8*0] - stp $a2,$a3,[$ap,#8*2] - -.Lmul4x_done: - ldp x19,x20,[x29,#16] - mov sp,x29 - ldp x21,x22,[x29,#32] - mov x0,#1 - ldp x23,x24,[x29,#48] - ldp x25,x26,[x29,#64] - ldp x27,x28,[x29,#80] - ldr x29,[sp],#128 - .inst 0xd50323bf // autiasp - ret -.size __bn_mul4x_mont,.-__bn_mul4x_mont -___ -} -$code.=<<___; -.asciz "Montgomery Multiplication for ARMv8, CRYPTOGAMS by " -.align 4 -___ - -print $code; - -close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/bn/asm/bn-586.pl b/crypto/bn/asm/bn-586.pl deleted file mode 100644 index 56a9229add9dc2ad4f08794501e0e8a0cad0bfdf..0000000000000000000000000000000000000000 --- a/crypto/bn/asm/bn-586.pl +++ /dev/null @@ -1,784 +0,0 @@ -#! /usr/bin/env perl -# Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - - -$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; -push(@INC,"${dir}","${dir}../../perlasm"); -require "x86asm.pl"; - -$output = pop and open STDOUT,">$output"; - -&asm_init($ARGV[0]); - -$sse2=0; -for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); } - -&external_label("OPENSSL_ia32cap_P") if ($sse2); - -&bn_mul_add_words("bn_mul_add_words"); -&bn_mul_words("bn_mul_words"); -&bn_sqr_words("bn_sqr_words"); -&bn_div_words("bn_div_words"); -&bn_add_words("bn_add_words"); -&bn_sub_words("bn_sub_words"); -&bn_sub_part_words("bn_sub_part_words"); - -&asm_finish(); - -close STDOUT or die "error closing STDOUT: $!"; - -sub bn_mul_add_words - { - local($name)=@_; - - &function_begin_B($name,$sse2?"EXTRN\t_OPENSSL_ia32cap_P:DWORD":""); - - $r="eax"; - $a="edx"; - $c="ecx"; - - if ($sse2) { - &picmeup("eax","OPENSSL_ia32cap_P"); - &bt(&DWP(0,"eax"),26); - &jnc(&label("maw_non_sse2")); - - &mov($r,&wparam(0)); - &mov($a,&wparam(1)); - &mov($c,&wparam(2)); - &movd("mm0",&wparam(3)); # mm0 = w - &pxor("mm1","mm1"); # mm1 = carry_in - &jmp(&label("maw_sse2_entry")); - - &set_label("maw_sse2_unrolled",16); - &movd("mm3",&DWP(0,$r,"",0)); # mm3 = r[0] - &paddq("mm1","mm3"); # mm1 = carry_in + r[0] - &movd("mm2",&DWP(0,$a,"",0)); # mm2 = a[0] - &pmuludq("mm2","mm0"); # mm2 = w*a[0] - &movd("mm4",&DWP(4,$a,"",0)); # mm4 = a[1] - &pmuludq("mm4","mm0"); # mm4 = w*a[1] - &movd("mm6",&DWP(8,$a,"",0)); # mm6 = a[2] - &pmuludq("mm6","mm0"); # mm6 = w*a[2] - &movd("mm7",&DWP(12,$a,"",0)); # mm7 = a[3] - &pmuludq("mm7","mm0"); # mm7 = w*a[3] - &paddq("mm1","mm2"); # mm1 = carry_in + r[0] + w*a[0] - &movd("mm3",&DWP(4,$r,"",0)); # mm3 = r[1] - &paddq("mm3","mm4"); # mm3 = r[1] + w*a[1] - &movd("mm5",&DWP(8,$r,"",0)); # mm5 = r[2] - &paddq("mm5","mm6"); # mm5 = r[2] + w*a[2] - &movd("mm4",&DWP(12,$r,"",0)); # mm4 = r[3] - &paddq("mm7","mm4"); # mm7 = r[3] + w*a[3] - &movd(&DWP(0,$r,"",0),"mm1"); - &movd("mm2",&DWP(16,$a,"",0)); # mm2 = a[4] - &pmuludq("mm2","mm0"); # mm2 = w*a[4] - &psrlq("mm1",32); # mm1 = carry0 - &movd("mm4",&DWP(20,$a,"",0)); # mm4 = a[5] - &pmuludq("mm4","mm0"); # mm4 = w*a[5] - &paddq("mm1","mm3"); # mm1 = carry0 + r[1] + w*a[1] - &movd("mm6",&DWP(24,$a,"",0)); # mm6 = a[6] - &pmuludq("mm6","mm0"); # mm6 = w*a[6] - &movd(&DWP(4,$r,"",0),"mm1"); - &psrlq("mm1",32); # mm1 = carry1 - &movd("mm3",&DWP(28,$a,"",0)); # mm3 = a[7] - &add($a,32); - &pmuludq("mm3","mm0"); # mm3 = w*a[7] - &paddq("mm1","mm5"); # mm1 = carry1 + r[2] + w*a[2] - &movd("mm5",&DWP(16,$r,"",0)); # mm5 = r[4] - &paddq("mm2","mm5"); # mm2 = r[4] + w*a[4] - &movd(&DWP(8,$r,"",0),"mm1"); - &psrlq("mm1",32); # mm1 = carry2 - &paddq("mm1","mm7"); # mm1 = carry2 + r[3] + w*a[3] - &movd("mm5",&DWP(20,$r,"",0)); # mm5 = r[5] - &paddq("mm4","mm5"); # mm4 = r[5] + w*a[5] - &movd(&DWP(12,$r,"",0),"mm1"); - &psrlq("mm1",32); # mm1 = carry3 - &paddq("mm1","mm2"); # mm1 = carry3 + r[4] + w*a[4] - &movd("mm5",&DWP(24,$r,"",0)); # mm5 = r[6] - &paddq("mm6","mm5"); # mm6 = r[6] + w*a[6] - &movd(&DWP(16,$r,"",0),"mm1"); - &psrlq("mm1",32); # mm1 = carry4 - &paddq("mm1","mm4"); # mm1 = carry4 + r[5] + w*a[5] - &movd("mm5",&DWP(28,$r,"",0)); # mm5 = r[7] - &paddq("mm3","mm5"); # mm3 = r[7] + w*a[7] - &movd(&DWP(20,$r,"",0),"mm1"); - &psrlq("mm1",32); # mm1 = carry5 - &paddq("mm1","mm6"); # mm1 = carry5 + r[6] + w*a[6] - &movd(&DWP(24,$r,"",0),"mm1"); - &psrlq("mm1",32); # mm1 = carry6 - &paddq("mm1","mm3"); # mm1 = carry6 + r[7] + w*a[7] - &movd(&DWP(28,$r,"",0),"mm1"); - &lea($r,&DWP(32,$r)); - &psrlq("mm1",32); # mm1 = carry_out - - &sub($c,8); - &jz(&label("maw_sse2_exit")); - &set_label("maw_sse2_entry"); - &test($c,0xfffffff8); - &jnz(&label("maw_sse2_unrolled")); - - &set_label("maw_sse2_loop",4); - &movd("mm2",&DWP(0,$a)); # mm2 = a[i] - &movd("mm3",&DWP(0,$r)); # mm3 = r[i] - &pmuludq("mm2","mm0"); # a[i] *= w - &lea($a,&DWP(4,$a)); - &paddq("mm1","mm3"); # carry += r[i] - &paddq("mm1","mm2"); # carry += a[i]*w - &movd(&DWP(0,$r),"mm1"); # r[i] = carry_low - &sub($c,1); - &psrlq("mm1",32); # carry = carry_high - &lea($r,&DWP(4,$r)); - &jnz(&label("maw_sse2_loop")); - &set_label("maw_sse2_exit"); - &movd("eax","mm1"); # c = carry_out - &emms(); - &ret(); - - &set_label("maw_non_sse2",16); - } - - # function_begin prologue - &push("ebp"); - &push("ebx"); - &push("esi"); - &push("edi"); - - &comment(""); - $Low="eax"; - $High="edx"; - $a="ebx"; - $w="ebp"; - $r="edi"; - $c="esi"; - - &xor($c,$c); # clear carry - &mov($r,&wparam(0)); # - - &mov("ecx",&wparam(2)); # - &mov($a,&wparam(1)); # - - &and("ecx",0xfffffff8); # num / 8 - &mov($w,&wparam(3)); # - - &push("ecx"); # Up the stack for a tmp variable - - &jz(&label("maw_finish")); - - &set_label("maw_loop",16); - - for ($i=0; $i<32; $i+=4) - { - &comment("Round $i"); - - &mov("eax",&DWP($i,$a)); # *a - &mul($w); # *a * w - &add("eax",$c); # L(t)+= c - &adc("edx",0); # H(t)+=carry - &add("eax",&DWP($i,$r)); # L(t)+= *r - &adc("edx",0); # H(t)+=carry - &mov(&DWP($i,$r),"eax"); # *r= L(t); - &mov($c,"edx"); # c= H(t); - } - - &comment(""); - &sub("ecx",8); - &lea($a,&DWP(32,$a)); - &lea($r,&DWP(32,$r)); - &jnz(&label("maw_loop")); - - &set_label("maw_finish",0); - &mov("ecx",&wparam(2)); # get num - &and("ecx",7); - &jnz(&label("maw_finish2")); # helps branch prediction - &jmp(&label("maw_end")); - - &set_label("maw_finish2",1); - for ($i=0; $i<7; $i++) - { - &comment("Tail Round $i"); - &mov("eax",&DWP($i*4,$a)); # *a - &mul($w); # *a * w - &add("eax",$c); # L(t)+=c - &adc("edx",0); # H(t)+=carry - &add("eax",&DWP($i*4,$r)); # L(t)+= *r - &adc("edx",0); # H(t)+=carry - &dec("ecx") if ($i != 7-1); - &mov(&DWP($i*4,$r),"eax"); # *r= L(t); - &mov($c,"edx"); # c= H(t); - &jz(&label("maw_end")) if ($i != 7-1); - } - &set_label("maw_end",0); - &mov("eax",$c); - - &pop("ecx"); # clear variable from - - &function_end($name); - } - -sub bn_mul_words - { - local($name)=@_; - - &function_begin_B($name,$sse2?"EXTRN\t_OPENSSL_ia32cap_P:DWORD":""); - - $r="eax"; - $a="edx"; - $c="ecx"; - - if ($sse2) { - &picmeup("eax","OPENSSL_ia32cap_P"); - &bt(&DWP(0,"eax"),26); - &jnc(&label("mw_non_sse2")); - - &mov($r,&wparam(0)); - &mov($a,&wparam(1)); - &mov($c,&wparam(2)); - &movd("mm0",&wparam(3)); # mm0 = w - &pxor("mm1","mm1"); # mm1 = carry = 0 - - &set_label("mw_sse2_loop",16); - &movd("mm2",&DWP(0,$a)); # mm2 = a[i] - &pmuludq("mm2","mm0"); # a[i] *= w - &lea($a,&DWP(4,$a)); - &paddq("mm1","mm2"); # carry += a[i]*w - &movd(&DWP(0,$r),"mm1"); # r[i] = carry_low - &sub($c,1); - &psrlq("mm1",32); # carry = carry_high - &lea($r,&DWP(4,$r)); - &jnz(&label("mw_sse2_loop")); - - &movd("eax","mm1"); # return carry - &emms(); - &ret(); - &set_label("mw_non_sse2",16); - } - - # function_begin prologue - &push("ebp"); - &push("ebx"); - &push("esi"); - &push("edi"); - - &comment(""); - $Low="eax"; - $High="edx"; - $a="ebx"; - $w="ecx"; - $r="edi"; - $c="esi"; - $num="ebp"; - - &xor($c,$c); # clear carry - &mov($r,&wparam(0)); # - &mov($a,&wparam(1)); # - &mov($num,&wparam(2)); # - &mov($w,&wparam(3)); # - - &and($num,0xfffffff8); # num / 8 - &jz(&label("mw_finish")); - - &set_label("mw_loop",0); - for ($i=0; $i<32; $i+=4) - { - &comment("Round $i"); - - &mov("eax",&DWP($i,$a,"",0)); # *a - &mul($w); # *a * w - &add("eax",$c); # L(t)+=c - # XXX - - &adc("edx",0); # H(t)+=carry - &mov(&DWP($i,$r,"",0),"eax"); # *r= L(t); - - &mov($c,"edx"); # c= H(t); - } - - &comment(""); - &add($a,32); - &add($r,32); - &sub($num,8); - &jz(&label("mw_finish")); - &jmp(&label("mw_loop")); - - &set_label("mw_finish",0); - &mov($num,&wparam(2)); # get num - &and($num,7); - &jnz(&label("mw_finish2")); - &jmp(&label("mw_end")); - - &set_label("mw_finish2",1); - for ($i=0; $i<7; $i++) - { - &comment("Tail Round $i"); - &mov("eax",&DWP($i*4,$a,"",0));# *a - &mul($w); # *a * w - &add("eax",$c); # L(t)+=c - # XXX - &adc("edx",0); # H(t)+=carry - &mov(&DWP($i*4,$r,"",0),"eax");# *r= L(t); - &mov($c,"edx"); # c= H(t); - &dec($num) if ($i != 7-1); - &jz(&label("mw_end")) if ($i != 7-1); - } - &set_label("mw_end",0); - &mov("eax",$c); - - &function_end($name); - } - -sub bn_sqr_words - { - local($name)=@_; - - &function_begin_B($name,$sse2?"EXTRN\t_OPENSSL_ia32cap_P:DWORD":""); - - $r="eax"; - $a="edx"; - $c="ecx"; - - if ($sse2) { - &picmeup("eax","OPENSSL_ia32cap_P"); - &bt(&DWP(0,"eax"),26); - &jnc(&label("sqr_non_sse2")); - - &mov($r,&wparam(0)); - &mov($a,&wparam(1)); - &mov($c,&wparam(2)); - - &set_label("sqr_sse2_loop",16); - &movd("mm0",&DWP(0,$a)); # mm0 = a[i] - &pmuludq("mm0","mm0"); # a[i] *= a[i] - &lea($a,&DWP(4,$a)); # a++ - &movq(&QWP(0,$r),"mm0"); # r[i] = a[i]*a[i] - &sub($c,1); - &lea($r,&DWP(8,$r)); # r += 2 - &jnz(&label("sqr_sse2_loop")); - - &emms(); - &ret(); - &set_label("sqr_non_sse2",16); - } - - # function_begin prologue - &push("ebp"); - &push("ebx"); - &push("esi"); - &push("edi"); - - &comment(""); - $r="esi"; - $a="edi"; - $num="ebx"; - - &mov($r,&wparam(0)); # - &mov($a,&wparam(1)); # - &mov($num,&wparam(2)); # - - &and($num,0xfffffff8); # num / 8 - &jz(&label("sw_finish")); - - &set_label("sw_loop",0); - for ($i=0; $i<32; $i+=4) - { - &comment("Round $i"); - &mov("eax",&DWP($i,$a,"",0)); # *a - # XXX - &mul("eax"); # *a * *a - &mov(&DWP($i*2,$r,"",0),"eax"); # - &mov(&DWP($i*2+4,$r,"",0),"edx");# - } - - &comment(""); - &add($a,32); - &add($r,64); - &sub($num,8); - &jnz(&label("sw_loop")); - - &set_label("sw_finish",0); - &mov($num,&wparam(2)); # get num - &and($num,7); - &jz(&label("sw_end")); - - for ($i=0; $i<7; $i++) - { - &comment("Tail Round $i"); - &mov("eax",&DWP($i*4,$a,"",0)); # *a - # XXX - &mul("eax"); # *a * *a - &mov(&DWP($i*8,$r,"",0),"eax"); # - &dec($num) if ($i != 7-1); - &mov(&DWP($i*8+4,$r,"",0),"edx"); - &jz(&label("sw_end")) if ($i != 7-1); - } - &set_label("sw_end",0); - - &function_end($name); - } - -sub bn_div_words - { - local($name)=@_; - - &function_begin_B($name,""); - &mov("edx",&wparam(0)); # - &mov("eax",&wparam(1)); # - &mov("ecx",&wparam(2)); # - &div("ecx"); - &ret(); - &function_end_B($name); - } - -sub bn_add_words - { - local($name)=@_; - - &function_begin($name,""); - - &comment(""); - $a="esi"; - $b="edi"; - $c="eax"; - $r="ebx"; - $tmp1="ecx"; - $tmp2="edx"; - $num="ebp"; - - &mov($r,&wparam(0)); # get r - &mov($a,&wparam(1)); # get a - &mov($b,&wparam(2)); # get b - &mov($num,&wparam(3)); # get num - &xor($c,$c); # clear carry - &and($num,0xfffffff8); # num / 8 - - &jz(&label("aw_finish")); - - &set_label("aw_loop",0); - for ($i=0; $i<8; $i++) - { - &comment("Round $i"); - - &mov($tmp1,&DWP($i*4,$a,"",0)); # *a - &mov($tmp2,&DWP($i*4,$b,"",0)); # *b - &add($tmp1,$c); - &mov($c,0); - &adc($c,$c); - &add($tmp1,$tmp2); - &adc($c,0); - &mov(&DWP($i*4,$r,"",0),$tmp1); # *r - } - - &comment(""); - &add($a,32); - &add($b,32); - &add($r,32); - &sub($num,8); - &jnz(&label("aw_loop")); - - &set_label("aw_finish",0); - &mov($num,&wparam(3)); # get num - &and($num,7); - &jz(&label("aw_end")); - - for ($i=0; $i<7; $i++) - { - &comment("Tail Round $i"); - &mov($tmp1,&DWP($i*4,$a,"",0)); # *a - &mov($tmp2,&DWP($i*4,$b,"",0));# *b - &add($tmp1,$c); - &mov($c,0); - &adc($c,$c); - &add($tmp1,$tmp2); - &adc($c,0); - &dec($num) if ($i != 6); - &mov(&DWP($i*4,$r,"",0),$tmp1); # *r - &jz(&label("aw_end")) if ($i != 6); - } - &set_label("aw_end",0); - -# &mov("eax",$c); # $c is "eax" - - &function_end($name); - } - -sub bn_sub_words - { - local($name)=@_; - - &function_begin($name,""); - - &comment(""); - $a="esi"; - $b="edi"; - $c="eax"; - $r="ebx"; - $tmp1="ecx"; - $tmp2="edx"; - $num="ebp"; - - &mov($r,&wparam(0)); # get r - &mov($a,&wparam(1)); # get a - &mov($b,&wparam(2)); # get b - &mov($num,&wparam(3)); # get num - &xor($c,$c); # clear carry - &and($num,0xfffffff8); # num / 8 - - &jz(&label("aw_finish")); - - &set_label("aw_loop",0); - for ($i=0; $i<8; $i++) - { - &comment("Round $i"); - - &mov($tmp1,&DWP($i*4,$a,"",0)); # *a - &mov($tmp2,&DWP($i*4,$b,"",0)); # *b - &sub($tmp1,$c); - &mov($c,0); - &adc($c,$c); - &sub($tmp1,$tmp2); - &adc($c,0); - &mov(&DWP($i*4,$r,"",0),$tmp1); # *r - } - - &comment(""); - &add($a,32); - &add($b,32); - &add($r,32); - &sub($num,8); - &jnz(&label("aw_loop")); - - &set_label("aw_finish",0); - &mov($num,&wparam(3)); # get num - &and($num,7); - &jz(&label("aw_end")); - - for ($i=0; $i<7; $i++) - { - &comment("Tail Round $i"); - &mov($tmp1,&DWP($i*4,$a,"",0)); # *a - &mov($tmp2,&DWP($i*4,$b,"",0));# *b - &sub($tmp1,$c); - &mov($c,0); - &adc($c,$c); - &sub($tmp1,$tmp2); - &adc($c,0); - &dec($num) if ($i != 6); - &mov(&DWP($i*4,$r,"",0),$tmp1); # *r - &jz(&label("aw_end")) if ($i != 6); - } - &set_label("aw_end",0); - -# &mov("eax",$c); # $c is "eax" - - &function_end($name); - } - -sub bn_sub_part_words - { - local($name)=@_; - - &function_begin($name,""); - - &comment(""); - $a="esi"; - $b="edi"; - $c="eax"; - $r="ebx"; - $tmp1="ecx"; - $tmp2="edx"; - $num="ebp"; - - &mov($r,&wparam(0)); # get r - &mov($a,&wparam(1)); # get a - &mov($b,&wparam(2)); # get b - &mov($num,&wparam(3)); # get num - &xor($c,$c); # clear carry - &and($num,0xfffffff8); # num / 8 - - &jz(&label("aw_finish")); - - &set_label("aw_loop",0); - for ($i=0; $i<8; $i++) - { - &comment("Round $i"); - - &mov($tmp1,&DWP($i*4,$a,"",0)); # *a - &mov($tmp2,&DWP($i*4,$b,"",0)); # *b - &sub($tmp1,$c); - &mov($c,0); - &adc($c,$c); - &sub($tmp1,$tmp2); - &adc($c,0); - &mov(&DWP($i*4,$r,"",0),$tmp1); # *r - } - - &comment(""); - &add($a,32); - &add($b,32); - &add($r,32); - &sub($num,8); - &jnz(&label("aw_loop")); - - &set_label("aw_finish",0); - &mov($num,&wparam(3)); # get num - &and($num,7); - &jz(&label("aw_end")); - - for ($i=0; $i<7; $i++) - { - &comment("Tail Round $i"); - &mov($tmp1,&DWP(0,$a,"",0)); # *a - &mov($tmp2,&DWP(0,$b,"",0));# *b - &sub($tmp1,$c); - &mov($c,0); - &adc($c,$c); - &sub($tmp1,$tmp2); - &adc($c,0); - &mov(&DWP(0,$r,"",0),$tmp1); # *r - &add($a, 4); - &add($b, 4); - &add($r, 4); - &dec($num) if ($i != 6); - &jz(&label("aw_end")) if ($i != 6); - } - &set_label("aw_end",0); - - &cmp(&wparam(4),0); - &je(&label("pw_end")); - - &mov($num,&wparam(4)); # get dl - &cmp($num,0); - &je(&label("pw_end")); - &jge(&label("pw_pos")); - - &comment("pw_neg"); - &mov($tmp2,0); - &sub($tmp2,$num); - &mov($num,$tmp2); - &and($num,0xfffffff8); # num / 8 - &jz(&label("pw_neg_finish")); - - &set_label("pw_neg_loop",0); - for ($i=0; $i<8; $i++) - { - &comment("dl<0 Round $i"); - - &mov($tmp1,0); - &mov($tmp2,&DWP($i*4,$b,"",0)); # *b - &sub($tmp1,$c); - &mov($c,0); - &adc($c,$c); - &sub($tmp1,$tmp2); - &adc($c,0); - &mov(&DWP($i*4,$r,"",0),$tmp1); # *r - } - - &comment(""); - &add($b,32); - &add($r,32); - &sub($num,8); - &jnz(&label("pw_neg_loop")); - - &set_label("pw_neg_finish",0); - &mov($tmp2,&wparam(4)); # get dl - &mov($num,0); - &sub($num,$tmp2); - &and($num,7); - &jz(&label("pw_end")); - - for ($i=0; $i<7; $i++) - { - &comment("dl<0 Tail Round $i"); - &mov($tmp1,0); - &mov($tmp2,&DWP($i*4,$b,"",0));# *b - &sub($tmp1,$c); - &mov($c,0); - &adc($c,$c); - &sub($tmp1,$tmp2); - &adc($c,0); - &dec($num) if ($i != 6); - &mov(&DWP($i*4,$r,"",0),$tmp1); # *r - &jz(&label("pw_end")) if ($i != 6); - } - - &jmp(&label("pw_end")); - - &set_label("pw_pos",0); - - &and($num,0xfffffff8); # num / 8 - &jz(&label("pw_pos_finish")); - - &set_label("pw_pos_loop",0); - - for ($i=0; $i<8; $i++) - { - &comment("dl>0 Round $i"); - - &mov($tmp1,&DWP($i*4,$a,"",0)); # *a - &sub($tmp1,$c); - &mov(&DWP($i*4,$r,"",0),$tmp1); # *r - &jnc(&label("pw_nc".$i)); - } - - &comment(""); - &add($a,32); - &add($r,32); - &sub($num,8); - &jnz(&label("pw_pos_loop")); - - &set_label("pw_pos_finish",0); - &mov($num,&wparam(4)); # get dl - &and($num,7); - &jz(&label("pw_end")); - - for ($i=0; $i<7; $i++) - { - &comment("dl>0 Tail Round $i"); - &mov($tmp1,&DWP($i*4,$a,"",0)); # *a - &sub($tmp1,$c); - &mov(&DWP($i*4,$r,"",0),$tmp1); # *r - &jnc(&label("pw_tail_nc".$i)); - &dec($num) if ($i != 6); - &jz(&label("pw_end")) if ($i != 6); - } - &mov($c,1); - &jmp(&label("pw_end")); - - &set_label("pw_nc_loop",0); - for ($i=0; $i<8; $i++) - { - &mov($tmp1,&DWP($i*4,$a,"",0)); # *a - &mov(&DWP($i*4,$r,"",0),$tmp1); # *r - &set_label("pw_nc".$i,0); - } - - &comment(""); - &add($a,32); - &add($r,32); - &sub($num,8); - &jnz(&label("pw_nc_loop")); - - &mov($num,&wparam(4)); # get dl - &and($num,7); - &jz(&label("pw_nc_end")); - - for ($i=0; $i<7; $i++) - { - &mov($tmp1,&DWP($i*4,$a,"",0)); # *a - &mov(&DWP($i*4,$r,"",0),$tmp1); # *r - &set_label("pw_tail_nc".$i,0); - &dec($num) if ($i != 6); - &jz(&label("pw_nc_end")) if ($i != 6); - } - - &set_label("pw_nc_end",0); - &mov($c,0); - - &set_label("pw_end",0); - -# &mov("eax",$c); # $c is "eax" - - &function_end($name); - } diff --git a/crypto/bn/asm/bn-c64xplus.asm b/crypto/bn/asm/bn-c64xplus.asm deleted file mode 100644 index e273d37c1fc3858b04fed3197f30c346ba26e314..0000000000000000000000000000000000000000 --- a/crypto/bn/asm/bn-c64xplus.asm +++ /dev/null @@ -1,381 +0,0 @@ -;; Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved. -;; -;; Licensed under the Apache License 2.0 (the "License"). You may not use -;; this file except in compliance with the License. You can obtain a copy -;; in the file LICENSE in the source distribution or at -;; https://www.openssl.org/source/license.html -;; -;;==================================================================== -;; Written by Andy Polyakov for the OpenSSL -;; project. -;; -;; Rights for redistribution and usage in source and binary forms are -;; granted according to the License. Warranty of any kind is disclaimed. -;;==================================================================== -;; Compiler-generated multiply-n-add SPLOOP runs at 12*n cycles, n -;; being the number of 32-bit words, addition - 8*n. Corresponding 4x -;; unrolled SPLOOP-free loops - at ~8*n and ~5*n. Below assembler -;; SPLOOPs spin at ... 2*n cycles [plus epilogue]. -;;==================================================================== - .text - - .if .ASSEMBLER_VERSION<7000000 - .asg 0,__TI_EABI__ - .endif - .if __TI_EABI__ - .asg bn_mul_add_words,_bn_mul_add_words - .asg bn_mul_words,_bn_mul_words - .asg bn_sqr_words,_bn_sqr_words - .asg bn_add_words,_bn_add_words - .asg bn_sub_words,_bn_sub_words - .asg bn_div_words,_bn_div_words - .asg bn_sqr_comba8,_bn_sqr_comba8 - .asg bn_mul_comba8,_bn_mul_comba8 - .asg bn_sqr_comba4,_bn_sqr_comba4 - .asg bn_mul_comba4,_bn_mul_comba4 - .endif - - .asg B3,RA - .asg A4,ARG0 - .asg B4,ARG1 - .asg A6,ARG2 - .asg B6,ARG3 - .asg A8,ARG4 - .asg B8,ARG5 - .asg A4,RET - .asg A15,FP - .asg B14,DP - .asg B15,SP - - .global _bn_mul_add_words -_bn_mul_add_words: - .asmfunc - MV ARG2,B0 - [!B0] BNOP RA -||[!B0] MVK 0,RET - [B0] MVC B0,ILC - [B0] ZERO A19 ; high part of accumulator -|| [B0] MV ARG0,A2 -|| [B0] MV ARG3,A3 - NOP 3 - - SPLOOP 2 ; 2*n+10 -;;==================================================================== - LDW *ARG1++,B7 ; ap[i] - NOP 3 - LDW *ARG0++,A7 ; rp[i] - MPY32U B7,A3,A17:A16 - NOP 3 ; [2,0] in epilogue - ADDU A16,A7,A21:A20 - ADDU A19,A21:A20,A19:A18 -|| MV.S A17,A23 - SPKERNEL 2,1 ; leave slot for "return value" -|| STW A18,*A2++ ; rp[i] -|| ADD A19,A23,A19 -;;==================================================================== - BNOP RA,4 - MV A19,RET ; return value - .endasmfunc - - .global _bn_mul_words -_bn_mul_words: - .asmfunc - MV ARG2,B0 - [!B0] BNOP RA -||[!B0] MVK 0,RET - [B0] MVC B0,ILC - [B0] ZERO A19 ; high part of accumulator - NOP 3 - - SPLOOP 2 ; 2*n+10 -;;==================================================================== - LDW *ARG1++,A7 ; ap[i] - NOP 4 - MPY32U A7,ARG3,A17:A16 - NOP 4 ; [2,0] in epiloque - ADDU A19,A16,A19:A18 -|| MV.S A17,A21 - SPKERNEL 2,1 ; leave slot for "return value" -|| STW A18,*ARG0++ ; rp[i] -|| ADD.L A19,A21,A19 -;;==================================================================== - BNOP RA,4 - MV A19,RET ; return value - .endasmfunc - - .global _bn_sqr_words -_bn_sqr_words: - .asmfunc - MV ARG2,B0 - [!B0] BNOP RA -||[!B0] MVK 0,RET - [B0] MVC B0,ILC - [B0] MV ARG0,B2 -|| [B0] ADD 4,ARG0,ARG0 - NOP 3 - - SPLOOP 2 ; 2*n+10 -;;==================================================================== - LDW *ARG1++,B7 ; ap[i] - NOP 4 - MPY32U B7,B7,B1:B0 - NOP 3 ; [2,0] in epilogue - STW B0,*B2++(8) ; rp[2*i] - MV B1,A1 - SPKERNEL 2,0 ; fully overlap BNOP RA,5 -|| STW A1,*ARG0++(8) ; rp[2*i+1] -;;==================================================================== - BNOP RA,5 - .endasmfunc - - .global _bn_add_words -_bn_add_words: - .asmfunc - MV ARG3,B0 - [!B0] BNOP RA -||[!B0] MVK 0,RET - [B0] MVC B0,ILC - [B0] ZERO A1 ; carry flag -|| [B0] MV ARG0,A3 - NOP 3 - - SPLOOP 2 ; 2*n+6 -;;==================================================================== - LDW *ARG2++,A7 ; bp[i] -|| LDW *ARG1++,B7 ; ap[i] - NOP 4 - ADDU A7,B7,A9:A8 - ADDU A1,A9:A8,A1:A0 - SPKERNEL 0,0 ; fully overlap BNOP RA,5 -|| STW A0,*A3++ ; write result -|| MV A1,RET ; keep carry flag in RET -;;==================================================================== - BNOP RA,5 - .endasmfunc - - .global _bn_sub_words -_bn_sub_words: - .asmfunc - MV ARG3,B0 - [!B0] BNOP RA -||[!B0] MVK 0,RET - [B0] MVC B0,ILC - [B0] ZERO A2 ; borrow flag -|| [B0] MV ARG0,A3 - NOP 3 - - SPLOOP 2 ; 2*n+6 -;;==================================================================== - LDW *ARG2++,A7 ; bp[i] -|| LDW *ARG1++,B7 ; ap[i] - NOP 4 - SUBU B7,A7,A1:A0 - [A2] SUB A1:A0,1,A1:A0 - SPKERNEL 0,1 ; leave slot for "return borrow flag" -|| STW A0,*A3++ ; write result -|| AND 1,A1,A2 ; pass on borrow flag -;;==================================================================== - BNOP RA,4 - AND 1,A1,RET ; return borrow flag - .endasmfunc - - .global _bn_div_words -_bn_div_words: - .asmfunc - LMBD 1,A6,A0 ; leading zero bits in dv - LMBD 1,A4,A1 ; leading zero bits in hi -|| MVK 32,B0 - CMPLTU A1,A0,A2 -|| ADD A0,B0,B0 - [ A2] BNOP RA -||[ A2] MVK -1,A4 ; return overflow -||[!A2] MV A4,A3 ; reassign hi - [!A2] MV B4,A4 ; reassign lo, will be quotient -||[!A2] MVC B0,ILC - [!A2] SHL A6,A0,A6 ; normalize dv -|| MVK 1,A1 - - [!A2] CMPLTU A3,A6,A1 ; hi>31 - - SPLOOP 3 - [!A1] CMPLTU A3,A6,A1 ; hi>31 - SPKERNEL - - BNOP RA,5 - .endasmfunc - -;;==================================================================== -;; Not really Comba algorithm, just straightforward NxM... Dedicated -;; fully unrolled real Comba implementations are asymptotically 2x -;; faster, but naturally larger undertaking. Purpose of this exercise -;; was rather to learn to master nested SPLOOPs... -;;==================================================================== - .global _bn_sqr_comba8 - .global _bn_mul_comba8 -_bn_sqr_comba8: - MV ARG1,ARG2 -_bn_mul_comba8: - .asmfunc - MVK 8,B0 ; N, RILC -|| MVK 8,A0 ; M, outer loop counter -|| MV ARG1,A5 ; copy ap -|| MV ARG0,B4 ; copy rp -|| ZERO B19 ; high part of accumulator - MVC B0,RILC -|| SUB B0,2,B1 ; N-2, initial ILC -|| SUB B0,1,B2 ; const B2=N-1 -|| LDW *A5++,B6 ; ap[0] -|| MV A0,A3 ; const A3=M -sploopNxM?: ; for best performance arrange M<=N - [A0] SPLOOPD 2 ; 2*n+10 -|| MVC B1,ILC -|| ADDAW B4,B0,B5 -|| ZERO B7 -|| LDW *A5++,A9 ; pre-fetch ap[1] -|| ZERO A1 -|| SUB A0,1,A0 -;;==================================================================== -;; SPLOOP from bn_mul_add_words, but with flipped A<>B register files. -;; This is because of Advisory 15 from TI publication SPRZ247I. - LDW *ARG2++,A7 ; bp[i] - NOP 3 - [A1] LDW *B5++,B7 ; rp[i] - MPY32U A7,B6,B17:B16 - NOP 3 - ADDU B16,B7,B21:B20 - ADDU B19,B21:B20,B19:B18 -|| MV.S B17,B23 - SPKERNEL -|| STW B18,*B4++ ; rp[i] -|| ADD.S B19,B23,B19 -;;==================================================================== -outer?: ; m*2*(n+1)+10 - SUBAW ARG2,A3,ARG2 ; rewind bp to bp[0] - SPMASKR -|| CMPGT A0,1,A2 ; done pre-fetching ap[i+1]? - MVD A9,B6 ; move through .M unit(*) - [A2] LDW *A5++,A9 ; pre-fetch ap[i+1] - SUBAW B5,B2,B5 ; rewind rp to rp[1] - MVK 1,A1 - [A0] BNOP.S1 outer?,4 -|| [A0] SUB.L A0,1,A0 - STW B19,*B4--[B2] ; rewind rp tp rp[1] -|| ZERO.S B19 ; high part of accumulator -;; end of outer? - BNOP RA,5 ; return - .endasmfunc -;; (*) It should be noted that B6 is used as input to MPY32U in -;; chronologically next cycle in *preceding* SPLOOP iteration. -;; Normally such arrangement would require DINT, but at this -;; point SPLOOP is draining and interrupts are disabled -;; implicitly. - - .global _bn_sqr_comba4 - .global _bn_mul_comba4 -_bn_sqr_comba4: - MV ARG1,ARG2 -_bn_mul_comba4: - .asmfunc - .if 0 - BNOP sploopNxM?,3 - ;; Above mentioned m*2*(n+1)+10 does not apply in n=m=4 case, - ;; because of low-counter effect, when prologue phase finishes - ;; before SPKERNEL instruction is reached. As result it's 25% - ;; slower than expected... - MVK 4,B0 ; N, RILC -|| MVK 4,A0 ; M, outer loop counter -|| MV ARG1,A5 ; copy ap -|| MV ARG0,B4 ; copy rp -|| ZERO B19 ; high part of accumulator - MVC B0,RILC -|| SUB B0,2,B1 ; first ILC -|| SUB B0,1,B2 ; const B2=N-1 -|| LDW *A5++,B6 ; ap[0] -|| MV A0,A3 ; const A3=M - .else - ;; This alternative is an exercise in fully unrolled Comba - ;; algorithm implementation that operates at n*(n+1)+12, or - ;; as little as 32 cycles... - LDW *ARG1[0],B16 ; a[0] -|| LDW *ARG2[0],A16 ; b[0] - LDW *ARG1[1],B17 ; a[1] -|| LDW *ARG2[1],A17 ; b[1] - LDW *ARG1[2],B18 ; a[2] -|| LDW *ARG2[2],A18 ; b[2] - LDW *ARG1[3],B19 ; a[3] -|| LDW *ARG2[3],A19 ; b[3] - NOP - MPY32U A16,B16,A1:A0 ; a[0]*b[0] - MPY32U A17,B16,A23:A22 ; a[0]*b[1] - MPY32U A16,B17,A25:A24 ; a[1]*b[0] - MPY32U A16,B18,A27:A26 ; a[2]*b[0] - STW A0,*ARG0[0] -|| MPY32U A17,B17,A29:A28 ; a[1]*b[1] - MPY32U A18,B16,A31:A30 ; a[0]*b[2] -|| ADDU A22,A1,A1:A0 - MV A23,B0 -|| MPY32U A19,B16,A21:A20 ; a[3]*b[0] -|| ADDU A24,A1:A0,A1:A0 - ADDU A25,B0,B1:B0 -|| STW A0,*ARG0[1] -|| MPY32U A18,B17,A23:A22 ; a[2]*b[1] -|| ADDU A26,A1,A9:A8 - ADDU A27,B1,B9:B8 -|| MPY32U A17,B18,A25:A24 ; a[1]*b[2] -|| ADDU A28,A9:A8,A9:A8 - ADDU A29,B9:B8,B9:B8 -|| MPY32U A16,B19,A27:A26 ; a[0]*b[3] -|| ADDU A30,A9:A8,A9:A8 - ADDU A31,B9:B8,B9:B8 -|| ADDU B0,A9:A8,A9:A8 - STW A8,*ARG0[2] -|| ADDU A20,A9,A1:A0 - ADDU A21,B9,B1:B0 -|| MPY32U A19,B17,A21:A20 ; a[3]*b[1] -|| ADDU A22,A1:A0,A1:A0 - ADDU A23,B1:B0,B1:B0 -|| MPY32U A18,B18,A23:A22 ; a[2]*b[2] -|| ADDU A24,A1:A0,A1:A0 - ADDU A25,B1:B0,B1:B0 -|| MPY32U A17,B19,A25:A24 ; a[1]*b[3] -|| ADDU A26,A1:A0,A1:A0 - ADDU A27,B1:B0,B1:B0 -|| ADDU B8,A1:A0,A1:A0 - STW A0,*ARG0[3] -|| MPY32U A19,B18,A27:A26 ; a[3]*b[2] -|| ADDU A20,A1,A9:A8 - ADDU A21,B1,B9:B8 -|| MPY32U A18,B19,A29:A28 ; a[2]*b[3] -|| ADDU A22,A9:A8,A9:A8 - ADDU A23,B9:B8,B9:B8 -|| MPY32U A19,B19,A31:A30 ; a[3]*b[3] -|| ADDU A24,A9:A8,A9:A8 - ADDU A25,B9:B8,B9:B8 -|| ADDU B0,A9:A8,A9:A8 - STW A8,*ARG0[4] -|| ADDU A26,A9,A1:A0 - ADDU A27,B9,B1:B0 -|| ADDU A28,A1:A0,A1:A0 - ADDU A29,B1:B0,B1:B0 -|| BNOP RA -|| ADDU B8,A1:A0,A1:A0 - STW A0,*ARG0[5] -|| ADDU A30,A1,A9:A8 - ADD A31,B1,B8 - ADDU B0,A9:A8,A9:A8 ; removed || to avoid cross-path stall below - ADD B8,A9,A9 -|| STW A8,*ARG0[6] - STW A9,*ARG0[7] - .endif - .endasmfunc diff --git a/crypto/bn/asm/c64xplus-gf2m.pl b/crypto/bn/asm/c64xplus-gf2m.pl deleted file mode 100644 index 5b58f3ac547835aa187369abb116c21c06526f03..0000000000000000000000000000000000000000 --- a/crypto/bn/asm/c64xplus-gf2m.pl +++ /dev/null @@ -1,159 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2012-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - -# -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# ==================================================================== -# -# February 2012 -# -# The module implements bn_GF2m_mul_2x2 polynomial multiplication -# used in bn_gf2m.c. It's kind of low-hanging mechanical port from -# C for the time being... The subroutine runs in 37 cycles, which is -# 4.5x faster than compiler-generated code. Though comparison is -# totally unfair, because this module utilizes Galois Field Multiply -# instruction. - -$output = pop and open STDOUT,">$output"; - -($rp,$a1,$a0,$b1,$b0)=("A4","B4","A6","B6","A8"); # argument vector - -($Alo,$Alox0,$Alox1,$Alox2,$Alox3)=map("A$_",(16..20)); -($Ahi,$Ahix0,$Ahix1,$Ahix2,$Ahix3)=map("B$_",(16..20)); -($B_0,$B_1,$B_2,$B_3)=("B5","A5","A7","B7"); -($A,$B)=($Alo,$B_1); -$xFF="B1"; - -sub mul_1x1_upper { -my ($A,$B)=@_; -$code.=<<___; - EXTU $B,8,24,$B_2 ; smash $B to 4 bytes -|| AND $B,$xFF,$B_0 -|| SHRU $B,24,$B_3 - SHRU $A,16, $Ahi ; smash $A to two halfwords -|| EXTU $A,16,16,$Alo - - XORMPY $Alo,$B_2,$Alox2 ; 16x8 bits multiplication -|| XORMPY $Ahi,$B_2,$Ahix2 -|| EXTU $B,16,24,$B_1 - XORMPY $Alo,$B_0,$Alox0 -|| XORMPY $Ahi,$B_0,$Ahix0 - XORMPY $Alo,$B_3,$Alox3 -|| XORMPY $Ahi,$B_3,$Ahix3 - XORMPY $Alo,$B_1,$Alox1 -|| XORMPY $Ahi,$B_1,$Ahix1 -___ -} -sub mul_1x1_merged { -my ($OUTlo,$OUThi,$A,$B)=@_; -$code.=<<___; - EXTU $B,8,24,$B_2 ; smash $B to 4 bytes -|| AND $B,$xFF,$B_0 -|| SHRU $B,24,$B_3 - SHRU $A,16, $Ahi ; smash $A to two halfwords -|| EXTU $A,16,16,$Alo - - XOR $Ahix0,$Alox2,$Ahix0 -|| MV $Ahix2,$OUThi -|| XORMPY $Alo,$B_2,$Alox2 - XORMPY $Ahi,$B_2,$Ahix2 -|| EXTU $B,16,24,$B_1 -|| XORMPY $Alo,$B_0,A1 ; $Alox0 - XOR $Ahix1,$Alox3,$Ahix1 -|| SHL $Ahix0,16,$OUTlo -|| SHRU $Ahix0,16,$Ahix0 - XOR $Alox0,$OUTlo,$OUTlo -|| XOR $Ahix0,$OUThi,$OUThi -|| XORMPY $Ahi,$B_0,$Ahix0 -|| XORMPY $Alo,$B_3,$Alox3 -|| SHL $Alox1,8,$Alox1 -|| SHL $Ahix3,8,$Ahix3 - XOR $Alox1,$OUTlo,$OUTlo -|| XOR $Ahix3,$OUThi,$OUThi -|| XORMPY $Ahi,$B_3,$Ahix3 -|| SHL $Ahix1,24,$Alox1 -|| SHRU $Ahix1,8, $Ahix1 - XOR $Alox1,$OUTlo,$OUTlo -|| XOR $Ahix1,$OUThi,$OUThi -|| XORMPY $Alo,$B_1,$Alox1 -|| XORMPY $Ahi,$B_1,$Ahix1 -|| MV A1,$Alox0 -___ -} -sub mul_1x1_lower { -my ($OUTlo,$OUThi)=@_; -$code.=<<___; - ;NOP - XOR $Ahix0,$Alox2,$Ahix0 -|| MV $Ahix2,$OUThi - NOP - XOR $Ahix1,$Alox3,$Ahix1 -|| SHL $Ahix0,16,$OUTlo -|| SHRU $Ahix0,16,$Ahix0 - XOR $Alox0,$OUTlo,$OUTlo -|| XOR $Ahix0,$OUThi,$OUThi -|| SHL $Alox1,8,$Alox1 -|| SHL $Ahix3,8,$Ahix3 - XOR $Alox1,$OUTlo,$OUTlo -|| XOR $Ahix3,$OUThi,$OUThi -|| SHL $Ahix1,24,$Alox1 -|| SHRU $Ahix1,8, $Ahix1 - XOR $Alox1,$OUTlo,$OUTlo -|| XOR $Ahix1,$OUThi,$OUThi -___ -} -$code.=<<___; - .text - - .if .ASSEMBLER_VERSION<7000000 - .asg 0,__TI_EABI__ - .endif - .if __TI_EABI__ - .asg bn_GF2m_mul_2x2,_bn_GF2m_mul_2x2 - .endif - - .global _bn_GF2m_mul_2x2 -_bn_GF2m_mul_2x2: - .asmfunc - MVK 0xFF,$xFF -___ - &mul_1x1_upper($a0,$b0); # a0·b0 -$code.=<<___; -|| MV $b1,$B - MV $a1,$A -___ - &mul_1x1_merged("A28","B28",$A,$B); # a0·b0/a1·b1 -$code.=<<___; -|| XOR $b0,$b1,$B - XOR $a0,$a1,$A -___ - &mul_1x1_merged("A31","B31",$A,$B); # a1·b1/(a0+a1)·(b0+b1) -$code.=<<___; - XOR A28,A31,A29 -|| XOR B28,B31,B29 ; a0·b0+a1·b1 -___ - &mul_1x1_lower("A30","B30"); # (a0+a1)·(b0+b1) -$code.=<<___; -|| BNOP B3 - XOR A29,A30,A30 -|| XOR B29,B30,B30 ; (a0+a1)·(b0+b1)-a0·b0-a1·b1 - XOR B28,A30,A30 -|| STW A28,*${rp}[0] - XOR B30,A31,A31 -|| STW A30,*${rp}[1] - STW A31,*${rp}[2] - STW B31,*${rp}[3] - .endasmfunc -___ - -print $code; -close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/bn/asm/co-586.pl b/crypto/bn/asm/co-586.pl deleted file mode 100644 index 139d95dae843f7716b5401ec265a9abaaa9813dd..0000000000000000000000000000000000000000 --- a/crypto/bn/asm/co-586.pl +++ /dev/null @@ -1,297 +0,0 @@ -#! /usr/bin/env perl -# Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - -$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; -push(@INC,"${dir}","${dir}../../perlasm"); -require "x86asm.pl"; - -$output = pop and open STDOUT,">$output"; - -&asm_init($ARGV[0]); - -&bn_mul_comba("bn_mul_comba8",8); -&bn_mul_comba("bn_mul_comba4",4); -&bn_sqr_comba("bn_sqr_comba8",8); -&bn_sqr_comba("bn_sqr_comba4",4); - -&asm_finish(); - -close STDOUT or die "error closing STDOUT: $!"; - -sub mul_add_c - { - local($a,$ai,$b,$bi,$c0,$c1,$c2,$pos,$i,$na,$nb)=@_; - - # pos == -1 if eax and edx are pre-loaded, 0 to load from next - # words, and 1 if load return value - - &comment("mul a[$ai]*b[$bi]"); - - # "eax" and "edx" will always be pre-loaded. - # &mov("eax",&DWP($ai*4,$a,"",0)) ; - # &mov("edx",&DWP($bi*4,$b,"",0)); - - &mul("edx"); - &add($c0,"eax"); - &mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 0; # load next a - &mov("eax",&wparam(0)) if $pos > 0; # load r[] - ### - &adc($c1,"edx"); - &mov("edx",&DWP(($nb)*4,$b,"",0)) if $pos == 0; # load next b - &mov("edx",&DWP(($nb)*4,$b,"",0)) if $pos == 1; # load next b - ### - &adc($c2,0); - # is pos > 1, it means it is the last loop - &mov(&DWP($i*4,"eax","",0),$c0) if $pos > 0; # save r[]; - &mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 1; # load next a - } - -sub sqr_add_c - { - local($r,$a,$ai,$bi,$c0,$c1,$c2,$pos,$i,$na,$nb)=@_; - - # pos == -1 if eax and edx are pre-loaded, 0 to load from next - # words, and 1 if load return value - - &comment("sqr a[$ai]*a[$bi]"); - - # "eax" and "edx" will always be pre-loaded. - # &mov("eax",&DWP($ai*4,$a,"",0)) ; - # &mov("edx",&DWP($bi*4,$b,"",0)); - - if ($ai == $bi) - { &mul("eax");} - else - { &mul("edx");} - &add($c0,"eax"); - &mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 0; # load next a - ### - &adc($c1,"edx"); - &mov("edx",&DWP(($nb)*4,$a,"",0)) if ($pos == 1) && ($na != $nb); - ### - &adc($c2,0); - # is pos > 1, it means it is the last loop - &mov(&DWP($i*4,$r,"",0),$c0) if $pos > 0; # save r[]; - &mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 1; # load next b - } - -sub sqr_add_c2 - { - local($r,$a,$ai,$bi,$c0,$c1,$c2,$pos,$i,$na,$nb)=@_; - - # pos == -1 if eax and edx are pre-loaded, 0 to load from next - # words, and 1 if load return value - - &comment("sqr a[$ai]*a[$bi]"); - - # "eax" and "edx" will always be pre-loaded. - # &mov("eax",&DWP($ai*4,$a,"",0)) ; - # &mov("edx",&DWP($bi*4,$a,"",0)); - - if ($ai == $bi) - { &mul("eax");} - else - { &mul("edx");} - &add("eax","eax"); - ### - &adc("edx","edx"); - ### - &adc($c2,0); - &add($c0,"eax"); - &adc($c1,"edx"); - &mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 0; # load next a - &mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 1; # load next b - &adc($c2,0); - &mov(&DWP($i*4,$r,"",0),$c0) if $pos > 0; # save r[]; - &mov("edx",&DWP(($nb)*4,$a,"",0)) if ($pos <= 1) && ($na != $nb); - ### - } - -sub bn_mul_comba - { - local($name,$num)=@_; - local($a,$b,$c0,$c1,$c2); - local($i,$as,$ae,$bs,$be,$ai,$bi); - local($tot,$end); - - &function_begin_B($name,""); - - $c0="ebx"; - $c1="ecx"; - $c2="ebp"; - $a="esi"; - $b="edi"; - - $as=0; - $ae=0; - $bs=0; - $be=0; - $tot=$num+$num-1; - - &push("esi"); - &mov($a,&wparam(1)); - &push("edi"); - &mov($b,&wparam(2)); - &push("ebp"); - &push("ebx"); - - &xor($c0,$c0); - &mov("eax",&DWP(0,$a,"",0)); # load the first word - &xor($c1,$c1); - &mov("edx",&DWP(0,$b,"",0)); # load the first second - - for ($i=0; $i<$tot; $i++) - { - $ai=$as; - $bi=$bs; - $end=$be+1; - - &comment("################## Calculate word $i"); - - for ($j=$bs; $j<$end; $j++) - { - &xor($c2,$c2) if ($j == $bs); - if (($j+1) == $end) - { - $v=1; - $v=2 if (($i+1) == $tot); - } - else - { $v=0; } - if (($j+1) != $end) - { - $na=($ai-1); - $nb=($bi+1); - } - else - { - $na=$as+($i < ($num-1)); - $nb=$bs+($i >= ($num-1)); - } -#printf STDERR "[$ai,$bi] -> [$na,$nb]\n"; - &mul_add_c($a,$ai,$b,$bi,$c0,$c1,$c2,$v,$i,$na,$nb); - if ($v) - { - &comment("saved r[$i]"); - # &mov("eax",&wparam(0)); - # &mov(&DWP($i*4,"eax","",0),$c0); - ($c0,$c1,$c2)=($c1,$c2,$c0); - } - $ai--; - $bi++; - } - $as++ if ($i < ($num-1)); - $ae++ if ($i >= ($num-1)); - - $bs++ if ($i >= ($num-1)); - $be++ if ($i < ($num-1)); - } - &comment("save r[$i]"); - # &mov("eax",&wparam(0)); - &mov(&DWP($i*4,"eax","",0),$c0); - - &pop("ebx"); - &pop("ebp"); - &pop("edi"); - &pop("esi"); - &ret(); - &function_end_B($name); - } - -sub bn_sqr_comba - { - local($name,$num)=@_; - local($r,$a,$c0,$c1,$c2)=@_; - local($i,$as,$ae,$bs,$be,$ai,$bi); - local($b,$tot,$end,$half); - - &function_begin_B($name,""); - - $c0="ebx"; - $c1="ecx"; - $c2="ebp"; - $a="esi"; - $r="edi"; - - &push("esi"); - &push("edi"); - &push("ebp"); - &push("ebx"); - &mov($r,&wparam(0)); - &mov($a,&wparam(1)); - &xor($c0,$c0); - &xor($c1,$c1); - &mov("eax",&DWP(0,$a,"",0)); # load the first word - - $as=0; - $ae=0; - $bs=0; - $be=0; - $tot=$num+$num-1; - - for ($i=0; $i<$tot; $i++) - { - $ai=$as; - $bi=$bs; - $end=$be+1; - - &comment("############### Calculate word $i"); - for ($j=$bs; $j<$end; $j++) - { - &xor($c2,$c2) if ($j == $bs); - if (($ai-1) < ($bi+1)) - { - $v=1; - $v=2 if ($i+1) == $tot; - } - else - { $v=0; } - if (!$v) - { - $na=$ai-1; - $nb=$bi+1; - } - else - { - $na=$as+($i < ($num-1)); - $nb=$bs+($i >= ($num-1)); - } - if ($ai == $bi) - { - &sqr_add_c($r,$a,$ai,$bi, - $c0,$c1,$c2,$v,$i,$na,$nb); - } - else - { - &sqr_add_c2($r,$a,$ai,$bi, - $c0,$c1,$c2,$v,$i,$na,$nb); - } - if ($v) - { - &comment("saved r[$i]"); - #&mov(&DWP($i*4,$r,"",0),$c0); - ($c0,$c1,$c2)=($c1,$c2,$c0); - last; - } - $ai--; - $bi++; - } - $as++ if ($i < ($num-1)); - $ae++ if ($i >= ($num-1)); - - $bs++ if ($i >= ($num-1)); - $be++ if ($i < ($num-1)); - } - &mov(&DWP($i*4,$r,"",0),$c0); - &pop("ebx"); - &pop("ebp"); - &pop("edi"); - &pop("esi"); - &ret(); - &function_end_B($name); - } diff --git a/crypto/bn/asm/ia64-mont.pl b/crypto/bn/asm/ia64-mont.pl deleted file mode 100644 index ab0ad9d1b395fa23e1ddac60850d4c483615af8b..0000000000000000000000000000000000000000 --- a/crypto/bn/asm/ia64-mont.pl +++ /dev/null @@ -1,861 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2010-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - -# -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# ==================================================================== - -# January 2010 -# -# "Teaser" Montgomery multiplication module for IA-64. There are -# several possibilities for improvement: -# -# - modulo-scheduling outer loop would eliminate quite a number of -# stalls after ldf8, xma and getf.sig outside inner loop and -# improve shorter key performance; -# - shorter vector support [with input vectors being fetched only -# once] should be added; -# - 2x unroll with help of n0[1] would make the code scalable on -# "wider" IA-64, "wider" than Itanium 2 that is, which is not of -# acute interest, because upcoming Tukwila's individual cores are -# reportedly based on Itanium 2 design; -# - dedicated squaring procedure(?); -# -# January 2010 -# -# Shorter vector support is implemented by zero-padding ap and np -# vectors up to 8 elements, or 512 bits. This means that 256-bit -# inputs will be processed only 2 times faster than 512-bit inputs, -# not 4 [as one would expect, because algorithm complexity is n^2]. -# The reason for padding is that inputs shorter than 512 bits won't -# be processed faster anyway, because minimal critical path of the -# core loop happens to match 512-bit timing. Either way, it resulted -# in >100% improvement of 512-bit RSA sign benchmark and 50% - of -# 1024-bit one [in comparison to original version of *this* module]. -# -# So far 'openssl speed rsa dsa' output on 900MHz Itanium 2 *with* -# this module is: -# sign verify sign/s verify/s -# rsa 512 bits 0.000290s 0.000024s 3452.8 42031.4 -# rsa 1024 bits 0.000793s 0.000058s 1261.7 17172.0 -# rsa 2048 bits 0.005908s 0.000148s 169.3 6754.0 -# rsa 4096 bits 0.033456s 0.000469s 29.9 2133.6 -# dsa 512 bits 0.000253s 0.000198s 3949.9 5057.0 -# dsa 1024 bits 0.000585s 0.000607s 1708.4 1647.4 -# dsa 2048 bits 0.001453s 0.001703s 688.1 587.4 -# -# ... and *without* (but still with ia64.S): -# -# rsa 512 bits 0.000670s 0.000041s 1491.8 24145.5 -# rsa 1024 bits 0.001988s 0.000080s 502.9 12499.3 -# rsa 2048 bits 0.008702s 0.000189s 114.9 5293.9 -# rsa 4096 bits 0.043860s 0.000533s 22.8 1875.9 -# dsa 512 bits 0.000441s 0.000427s 2265.3 2340.6 -# dsa 1024 bits 0.000823s 0.000867s 1215.6 1153.2 -# dsa 2048 bits 0.001894s 0.002179s 528.1 458.9 -# -# As it can be seen, RSA sign performance improves by 130-30%, -# hereafter less for longer keys, while verify - by 74-13%. -# DSA performance improves by 115-30%. - -# $output is the last argument if it looks like a file (it has an extension) -$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; - -if ($^O eq "hpux") { - $ADDP="addp4"; - for (@ARGV) { $ADDP="add" if (/[\+DD|\-mlp]64/); } -} else { $ADDP="add"; } - -$code=<<___; -.explicit -.text - -// int bn_mul_mont (BN_ULONG *rp,const BN_ULONG *ap, -// const BN_ULONG *bp,const BN_ULONG *np, -// const BN_ULONG *n0p,int num); -.align 64 -.global bn_mul_mont# -.proc bn_mul_mont# -bn_mul_mont: - .prologue - .body -{ .mmi; cmp4.le p6,p7=2,r37;; -(p6) cmp4.lt.unc p8,p9=8,r37 - mov ret0=r0 };; -{ .bbb; -(p9) br.cond.dptk.many bn_mul_mont_8 -(p8) br.cond.dpnt.many bn_mul_mont_general -(p7) br.ret.spnt.many b0 };; -.endp bn_mul_mont# - -prevfs=r2; prevpr=r3; prevlc=r10; prevsp=r11; - -rptr=r8; aptr=r9; bptr=r14; nptr=r15; -tptr=r16; // &tp[0] -tp_1=r17; // &tp[-1] -num=r18; len=r19; lc=r20; -topbit=r21; // carry bit from tmp[num] - -n0=f6; -m0=f7; -bi=f8; - -.align 64 -.local bn_mul_mont_general# -.proc bn_mul_mont_general# -bn_mul_mont_general: - .prologue -{ .mmi; .save ar.pfs,prevfs - alloc prevfs=ar.pfs,6,2,0,8 - $ADDP aptr=0,in1 - .save ar.lc,prevlc - mov prevlc=ar.lc } -{ .mmi; .vframe prevsp - mov prevsp=sp - $ADDP bptr=0,in2 - .save pr,prevpr - mov prevpr=pr };; - - .body - .rotf alo[6],nlo[4],ahi[8],nhi[6] - .rotr a[3],n[3],t[2] - -{ .mmi; ldf8 bi=[bptr],8 // (*bp++) - ldf8 alo[4]=[aptr],16 // ap[0] - $ADDP r30=8,in1 };; -{ .mmi; ldf8 alo[3]=[r30],16 // ap[1] - ldf8 alo[2]=[aptr],16 // ap[2] - $ADDP in4=0,in4 };; -{ .mmi; ldf8 alo[1]=[r30] // ap[3] - ldf8 n0=[in4] // n0 - $ADDP rptr=0,in0 } -{ .mmi; $ADDP nptr=0,in3 - mov r31=16 - zxt4 num=in5 };; -{ .mmi; ldf8 nlo[2]=[nptr],8 // np[0] - shladd len=num,3,r0 - shladd r31=num,3,r31 };; -{ .mmi; ldf8 nlo[1]=[nptr],8 // np[1] - add lc=-5,num - sub r31=sp,r31 };; -{ .mfb; and sp=-16,r31 // alloca - xmpy.hu ahi[2]=alo[4],bi // ap[0]*bp[0] - nop.b 0 } -{ .mfb; nop.m 0 - xmpy.lu alo[4]=alo[4],bi - brp.loop.imp .L1st_ctop,.L1st_cend-16 - };; -{ .mfi; nop.m 0 - xma.hu ahi[1]=alo[3],bi,ahi[2] // ap[1]*bp[0] - add tp_1=8,sp } -{ .mfi; nop.m 0 - xma.lu alo[3]=alo[3],bi,ahi[2] - mov pr.rot=0x20001f<<16 - // ------^----- (p40) at first (p23) - // ----------^^ p[16:20]=1 - };; -{ .mfi; nop.m 0 - xmpy.lu m0=alo[4],n0 // (ap[0]*bp[0])*n0 - mov ar.lc=lc } -{ .mfi; nop.m 0 - fcvt.fxu.s1 nhi[1]=f0 - mov ar.ec=8 };; - -.align 32 -.L1st_ctop: -.pred.rel "mutex",p40,p42 -{ .mfi; (p16) ldf8 alo[0]=[aptr],8 // *(aptr++) - (p18) xma.hu ahi[0]=alo[2],bi,ahi[1] - (p40) add n[2]=n[2],a[2] } // (p23) } -{ .mfi; (p18) ldf8 nlo[0]=[nptr],8 // *(nptr++)(p16) - (p18) xma.lu alo[2]=alo[2],bi,ahi[1] - (p42) add n[2]=n[2],a[2],1 };; // (p23) -{ .mfi; (p21) getf.sig a[0]=alo[5] - (p20) xma.hu nhi[0]=nlo[2],m0,nhi[1] - (p42) cmp.leu p41,p39=n[2],a[2] } // (p23) -{ .mfi; (p23) st8 [tp_1]=n[2],8 - (p20) xma.lu nlo[2]=nlo[2],m0,nhi[1] - (p40) cmp.ltu p41,p39=n[2],a[2] } // (p23) -{ .mmb; (p21) getf.sig n[0]=nlo[3] - (p16) nop.m 0 - br.ctop.sptk .L1st_ctop };; -.L1st_cend: - -{ .mmi; getf.sig a[0]=ahi[6] // (p24) - getf.sig n[0]=nhi[4] - add num=-1,num };; // num-- -{ .mmi; .pred.rel "mutex",p40,p42 -(p40) add n[0]=n[0],a[0] -(p42) add n[0]=n[0],a[0],1 - sub aptr=aptr,len };; // rewind -{ .mmi; .pred.rel "mutex",p40,p42 -(p40) cmp.ltu p41,p39=n[0],a[0] -(p42) cmp.leu p41,p39=n[0],a[0] - sub nptr=nptr,len };; -{ .mmi; .pred.rel "mutex",p39,p41 -(p39) add topbit=r0,r0 -(p41) add topbit=r0,r0,1 - nop.i 0 } -{ .mmi; st8 [tp_1]=n[0] - add tptr=16,sp - add tp_1=8,sp };; - -.Louter: -{ .mmi; ldf8 bi=[bptr],8 // (*bp++) - ldf8 ahi[3]=[tptr] // tp[0] - add r30=8,aptr };; -{ .mmi; ldf8 alo[4]=[aptr],16 // ap[0] - ldf8 alo[3]=[r30],16 // ap[1] - add r31=8,nptr };; -{ .mfb; ldf8 alo[2]=[aptr],16 // ap[2] - xma.hu ahi[2]=alo[4],bi,ahi[3] // ap[0]*bp[i]+tp[0] - brp.loop.imp .Linner_ctop,.Linner_cend-16 - } -{ .mfb; ldf8 alo[1]=[r30] // ap[3] - xma.lu alo[4]=alo[4],bi,ahi[3] - clrrrb.pr };; -{ .mfi; ldf8 nlo[2]=[nptr],16 // np[0] - xma.hu ahi[1]=alo[3],bi,ahi[2] // ap[1]*bp[i] - nop.i 0 } -{ .mfi; ldf8 nlo[1]=[r31] // np[1] - xma.lu alo[3]=alo[3],bi,ahi[2] - mov pr.rot=0x20101f<<16 - // ------^----- (p40) at first (p23) - // --------^--- (p30) at first (p22) - // ----------^^ p[16:20]=1 - };; -{ .mfi; st8 [tptr]=r0 // tp[0] is already accounted - xmpy.lu m0=alo[4],n0 // (ap[0]*bp[i]+tp[0])*n0 - mov ar.lc=lc } -{ .mfi; - fcvt.fxu.s1 nhi[1]=f0 - mov ar.ec=8 };; - -// This loop spins in 4*(n+7) ticks on Itanium 2 and should spin in -// 7*(n+7) ticks on Itanium (the one codenamed Merced). Factor of 7 -// in latter case accounts for two-tick pipeline stall, which means -// that its performance would be ~20% lower than optimal one. No -// attempt was made to address this, because original Itanium is -// hardly represented out in the wild... -.align 32 -.Linner_ctop: -.pred.rel "mutex",p40,p42 -.pred.rel "mutex",p30,p32 -{ .mfi; (p16) ldf8 alo[0]=[aptr],8 // *(aptr++) - (p18) xma.hu ahi[0]=alo[2],bi,ahi[1] - (p40) add n[2]=n[2],a[2] } // (p23) -{ .mfi; (p16) nop.m 0 - (p18) xma.lu alo[2]=alo[2],bi,ahi[1] - (p42) add n[2]=n[2],a[2],1 };; // (p23) -{ .mfi; (p21) getf.sig a[0]=alo[5] - (p16) nop.f 0 - (p40) cmp.ltu p41,p39=n[2],a[2] } // (p23) -{ .mfi; (p21) ld8 t[0]=[tptr],8 - (p16) nop.f 0 - (p42) cmp.leu p41,p39=n[2],a[2] };; // (p23) -{ .mfi; (p18) ldf8 nlo[0]=[nptr],8 // *(nptr++) - (p20) xma.hu nhi[0]=nlo[2],m0,nhi[1] - (p30) add a[1]=a[1],t[1] } // (p22) -{ .mfi; (p16) nop.m 0 - (p20) xma.lu nlo[2]=nlo[2],m0,nhi[1] - (p32) add a[1]=a[1],t[1],1 };; // (p22) -{ .mmi; (p21) getf.sig n[0]=nlo[3] - (p16) nop.m 0 - (p30) cmp.ltu p31,p29=a[1],t[1] } // (p22) -{ .mmb; (p23) st8 [tp_1]=n[2],8 - (p32) cmp.leu p31,p29=a[1],t[1] // (p22) - br.ctop.sptk .Linner_ctop };; -.Linner_cend: - -{ .mmi; getf.sig a[0]=ahi[6] // (p24) - getf.sig n[0]=nhi[4] - nop.i 0 };; - -{ .mmi; .pred.rel "mutex",p31,p33 -(p31) add a[0]=a[0],topbit -(p33) add a[0]=a[0],topbit,1 - mov topbit=r0 };; -{ .mfi; .pred.rel "mutex",p31,p33 -(p31) cmp.ltu p32,p30=a[0],topbit -(p33) cmp.leu p32,p30=a[0],topbit - } -{ .mfi; .pred.rel "mutex",p40,p42 -(p40) add n[0]=n[0],a[0] -(p42) add n[0]=n[0],a[0],1 - };; -{ .mmi; .pred.rel "mutex",p44,p46 -(p40) cmp.ltu p41,p39=n[0],a[0] -(p42) cmp.leu p41,p39=n[0],a[0] -(p32) add topbit=r0,r0,1 } - -{ .mmi; st8 [tp_1]=n[0],8 - cmp4.ne p6,p0=1,num - sub aptr=aptr,len };; // rewind -{ .mmi; sub nptr=nptr,len -(p41) add topbit=r0,r0,1 - add tptr=16,sp } -{ .mmb; add tp_1=8,sp - add num=-1,num // num-- -(p6) br.cond.sptk.many .Louter };; - -{ .mbb; add lc=4,lc - brp.loop.imp .Lsub_ctop,.Lsub_cend-16 - clrrrb.pr };; -{ .mii; nop.m 0 - mov pr.rot=0x10001<<16 - // ------^---- (p33) at first (p17) - mov ar.lc=lc } -{ .mii; nop.m 0 - mov ar.ec=3 - nop.i 0 };; - -.Lsub_ctop: -.pred.rel "mutex",p33,p35 -{ .mfi; (p16) ld8 t[0]=[tptr],8 // t=*(tp++) - (p16) nop.f 0 - (p33) sub n[1]=t[1],n[1] } // (p17) -{ .mfi; (p16) ld8 n[0]=[nptr],8 // n=*(np++) - (p16) nop.f 0 - (p35) sub n[1]=t[1],n[1],1 };; // (p17) -{ .mib; (p18) st8 [rptr]=n[2],8 // *(rp++)=r - (p33) cmp.gtu p34,p32=n[1],t[1] // (p17) - (p18) nop.b 0 } -{ .mib; (p18) nop.m 0 - (p35) cmp.geu p34,p32=n[1],t[1] // (p17) - br.ctop.sptk .Lsub_ctop };; -.Lsub_cend: - -{ .mmb; .pred.rel "mutex",p34,p36 -(p34) sub topbit=topbit,r0 // (p19) -(p36) sub topbit=topbit,r0,1 - brp.loop.imp .Lcopy_ctop,.Lcopy_cend-16 - } -{ .mmb; sub rptr=rptr,len // rewind - sub tptr=tptr,len - clrrrb.pr };; -{ .mmi; mov aptr=rptr - mov bptr=tptr - mov pr.rot=1<<16 };; -{ .mii; cmp.eq p0,p6=topbit,r0 - mov ar.lc=lc - mov ar.ec=2 };; - -.Lcopy_ctop: -{ .mmi; (p16) ld8 a[0]=[aptr],8 - (p16) ld8 t[0]=[bptr],8 - (p6) mov a[1]=t[1] };; // (p17) -{ .mmb; (p17) st8 [rptr]=a[1],8 - (p17) st8 [tptr]=r0,8 - br.ctop.sptk .Lcopy_ctop };; -.Lcopy_cend: - -{ .mmi; mov ret0=1 // signal "handled" - rum 1<<5 // clear um.mfh - mov ar.lc=prevlc } -{ .mib; .restore sp - mov sp=prevsp - mov pr=prevpr,0x1ffff - br.ret.sptk.many b0 };; -.endp bn_mul_mont_general# - -a1=r16; a2=r17; a3=r18; a4=r19; a5=r20; a6=r21; a7=r22; a8=r23; -n1=r24; n2=r25; n3=r26; n4=r27; n5=r28; n6=r29; n7=r30; n8=r31; -t0=r15; - -ai0=f8; ai1=f9; ai2=f10; ai3=f11; ai4=f12; ai5=f13; ai6=f14; ai7=f15; -ni0=f16; ni1=f17; ni2=f18; ni3=f19; ni4=f20; ni5=f21; ni6=f22; ni7=f23; - -.align 64 -.skip 48 // aligns loop body -.local bn_mul_mont_8# -.proc bn_mul_mont_8# -bn_mul_mont_8: - .prologue -{ .mmi; .save ar.pfs,prevfs - alloc prevfs=ar.pfs,6,2,0,8 - .vframe prevsp - mov prevsp=sp - .save ar.lc,prevlc - mov prevlc=ar.lc } -{ .mmi; add r17=-6*16,sp - add sp=-7*16,sp - .save pr,prevpr - mov prevpr=pr };; - -{ .mmi; .save.gf 0,0x10 - stf.spill [sp]=f16,-16 - .save.gf 0,0x20 - stf.spill [r17]=f17,32 - add r16=-5*16,prevsp};; -{ .mmi; .save.gf 0,0x40 - stf.spill [r16]=f18,32 - .save.gf 0,0x80 - stf.spill [r17]=f19,32 - $ADDP aptr=0,in1 };; -{ .mmi; .save.gf 0,0x100 - stf.spill [r16]=f20,32 - .save.gf 0,0x200 - stf.spill [r17]=f21,32 - $ADDP r29=8,in1 };; -{ .mmi; .save.gf 0,0x400 - stf.spill [r16]=f22 - .save.gf 0,0x800 - stf.spill [r17]=f23 - $ADDP rptr=0,in0 };; - - .body - .rotf bj[8],mj[2],tf[2],alo[10],ahi[10],nlo[10],nhi[10] - .rotr t[8] - -// load input vectors padding them to 8 elements -{ .mmi; ldf8 ai0=[aptr],16 // ap[0] - ldf8 ai1=[r29],16 // ap[1] - $ADDP bptr=0,in2 } -{ .mmi; $ADDP r30=8,in2 - $ADDP nptr=0,in3 - $ADDP r31=8,in3 };; -{ .mmi; ldf8 bj[7]=[bptr],16 // bp[0] - ldf8 bj[6]=[r30],16 // bp[1] - cmp4.le p4,p5=3,in5 } -{ .mmi; ldf8 ni0=[nptr],16 // np[0] - ldf8 ni1=[r31],16 // np[1] - cmp4.le p6,p7=4,in5 };; - -{ .mfi; (p4)ldf8 ai2=[aptr],16 // ap[2] - (p5)fcvt.fxu ai2=f0 - cmp4.le p8,p9=5,in5 } -{ .mfi; (p6)ldf8 ai3=[r29],16 // ap[3] - (p7)fcvt.fxu ai3=f0 - cmp4.le p10,p11=6,in5 } -{ .mfi; (p4)ldf8 bj[5]=[bptr],16 // bp[2] - (p5)fcvt.fxu bj[5]=f0 - cmp4.le p12,p13=7,in5 } -{ .mfi; (p6)ldf8 bj[4]=[r30],16 // bp[3] - (p7)fcvt.fxu bj[4]=f0 - cmp4.le p14,p15=8,in5 } -{ .mfi; (p4)ldf8 ni2=[nptr],16 // np[2] - (p5)fcvt.fxu ni2=f0 - addp4 r28=-1,in5 } -{ .mfi; (p6)ldf8 ni3=[r31],16 // np[3] - (p7)fcvt.fxu ni3=f0 - $ADDP in4=0,in4 };; - -{ .mfi; ldf8 n0=[in4] - fcvt.fxu tf[1]=f0 - nop.i 0 } - -{ .mfi; (p8)ldf8 ai4=[aptr],16 // ap[4] - (p9)fcvt.fxu ai4=f0 - mov t[0]=r0 } -{ .mfi; (p10)ldf8 ai5=[r29],16 // ap[5] - (p11)fcvt.fxu ai5=f0 - mov t[1]=r0 } -{ .mfi; (p8)ldf8 bj[3]=[bptr],16 // bp[4] - (p9)fcvt.fxu bj[3]=f0 - mov t[2]=r0 } -{ .mfi; (p10)ldf8 bj[2]=[r30],16 // bp[5] - (p11)fcvt.fxu bj[2]=f0 - mov t[3]=r0 } -{ .mfi; (p8)ldf8 ni4=[nptr],16 // np[4] - (p9)fcvt.fxu ni4=f0 - mov t[4]=r0 } -{ .mfi; (p10)ldf8 ni5=[r31],16 // np[5] - (p11)fcvt.fxu ni5=f0 - mov t[5]=r0 };; - -{ .mfi; (p12)ldf8 ai6=[aptr],16 // ap[6] - (p13)fcvt.fxu ai6=f0 - mov t[6]=r0 } -{ .mfi; (p14)ldf8 ai7=[r29],16 // ap[7] - (p15)fcvt.fxu ai7=f0 - mov t[7]=r0 } -{ .mfi; (p12)ldf8 bj[1]=[bptr],16 // bp[6] - (p13)fcvt.fxu bj[1]=f0 - mov ar.lc=r28 } -{ .mfi; (p14)ldf8 bj[0]=[r30],16 // bp[7] - (p15)fcvt.fxu bj[0]=f0 - mov ar.ec=1 } -{ .mfi; (p12)ldf8 ni6=[nptr],16 // np[6] - (p13)fcvt.fxu ni6=f0 - mov pr.rot=1<<16 } -{ .mfb; (p14)ldf8 ni7=[r31],16 // np[7] - (p15)fcvt.fxu ni7=f0 - brp.loop.imp .Louter_8_ctop,.Louter_8_cend-16 - };; - -// The loop is scheduled for 32*n ticks on Itanium 2. Actual attempt -// to measure with help of Interval Time Counter indicated that the -// factor is a tad higher: 33 or 34, if not 35. Exact measurement and -// addressing the issue is problematic, because I don't have access -// to platform-specific instruction-level profiler. On Itanium it -// should run in 56*n ticks, because of higher xma latency... -.Louter_8_ctop: - .pred.rel "mutex",p40,p42 - .pred.rel "mutex",p48,p50 -{ .mfi; (p16) nop.m 0 // 0: - (p16) xma.hu ahi[0]=ai0,bj[7],tf[1] // ap[0]*b[i]+t[0] - (p40) add a3=a3,n3 } // (p17) a3+=n3 -{ .mfi; (p42) add a3=a3,n3,1 - (p16) xma.lu alo[0]=ai0,bj[7],tf[1] - (p16) nop.i 0 };; -{ .mii; (p17) getf.sig a7=alo[8] // 1: - (p48) add t[6]=t[6],a3 // (p17) t[6]+=a3 - (p50) add t[6]=t[6],a3,1 };; -{ .mfi; (p17) getf.sig a8=ahi[8] // 2: - (p17) xma.hu nhi[7]=ni6,mj[1],nhi[6] // np[6]*m0 - (p40) cmp.ltu p43,p41=a3,n3 } -{ .mfi; (p42) cmp.leu p43,p41=a3,n3 - (p17) xma.lu nlo[7]=ni6,mj[1],nhi[6] - (p16) nop.i 0 };; -{ .mii; (p17) getf.sig n5=nlo[6] // 3: - (p48) cmp.ltu p51,p49=t[6],a3 - (p50) cmp.leu p51,p49=t[6],a3 };; - .pred.rel "mutex",p41,p43 - .pred.rel "mutex",p49,p51 -{ .mfi; (p16) nop.m 0 // 4: - (p16) xma.hu ahi[1]=ai1,bj[7],ahi[0] // ap[1]*b[i] - (p41) add a4=a4,n4 } // (p17) a4+=n4 -{ .mfi; (p43) add a4=a4,n4,1 - (p16) xma.lu alo[1]=ai1,bj[7],ahi[0] - (p16) nop.i 0 };; -{ .mfi; (p49) add t[5]=t[5],a4 // 5: (p17) t[5]+=a4 - (p16) xmpy.lu mj[0]=alo[0],n0 // (ap[0]*b[i]+t[0])*n0 - (p51) add t[5]=t[5],a4,1 };; -{ .mfi; (p16) nop.m 0 // 6: - (p17) xma.hu nhi[8]=ni7,mj[1],nhi[7] // np[7]*m0 - (p41) cmp.ltu p42,p40=a4,n4 } -{ .mfi; (p43) cmp.leu p42,p40=a4,n4 - (p17) xma.lu nlo[8]=ni7,mj[1],nhi[7] - (p16) nop.i 0 };; -{ .mii; (p17) getf.sig n6=nlo[7] // 7: - (p49) cmp.ltu p50,p48=t[5],a4 - (p51) cmp.leu p50,p48=t[5],a4 };; - .pred.rel "mutex",p40,p42 - .pred.rel "mutex",p48,p50 -{ .mfi; (p16) nop.m 0 // 8: - (p16) xma.hu ahi[2]=ai2,bj[7],ahi[1] // ap[2]*b[i] - (p40) add a5=a5,n5 } // (p17) a5+=n5 -{ .mfi; (p42) add a5=a5,n5,1 - (p16) xma.lu alo[2]=ai2,bj[7],ahi[1] - (p16) nop.i 0 };; -{ .mii; (p16) getf.sig a1=alo[1] // 9: - (p48) add t[4]=t[4],a5 // p(17) t[4]+=a5 - (p50) add t[4]=t[4],a5,1 };; -{ .mfi; (p16) nop.m 0 // 10: - (p16) xma.hu nhi[0]=ni0,mj[0],alo[0] // np[0]*m0 - (p40) cmp.ltu p43,p41=a5,n5 } -{ .mfi; (p42) cmp.leu p43,p41=a5,n5 - (p16) xma.lu nlo[0]=ni0,mj[0],alo[0] - (p16) nop.i 0 };; -{ .mii; (p17) getf.sig n7=nlo[8] // 11: - (p48) cmp.ltu p51,p49=t[4],a5 - (p50) cmp.leu p51,p49=t[4],a5 };; - .pred.rel "mutex",p41,p43 - .pred.rel "mutex",p49,p51 -{ .mfi; (p17) getf.sig n8=nhi[8] // 12: - (p16) xma.hu ahi[3]=ai3,bj[7],ahi[2] // ap[3]*b[i] - (p41) add a6=a6,n6 } // (p17) a6+=n6 -{ .mfi; (p43) add a6=a6,n6,1 - (p16) xma.lu alo[3]=ai3,bj[7],ahi[2] - (p16) nop.i 0 };; -{ .mii; (p16) getf.sig a2=alo[2] // 13: - (p49) add t[3]=t[3],a6 // (p17) t[3]+=a6 - (p51) add t[3]=t[3],a6,1 };; -{ .mfi; (p16) nop.m 0 // 14: - (p16) xma.hu nhi[1]=ni1,mj[0],nhi[0] // np[1]*m0 - (p41) cmp.ltu p42,p40=a6,n6 } -{ .mfi; (p43) cmp.leu p42,p40=a6,n6 - (p16) xma.lu nlo[1]=ni1,mj[0],nhi[0] - (p16) nop.i 0 };; -{ .mii; (p16) nop.m 0 // 15: - (p49) cmp.ltu p50,p48=t[3],a6 - (p51) cmp.leu p50,p48=t[3],a6 };; - .pred.rel "mutex",p40,p42 - .pred.rel "mutex",p48,p50 -{ .mfi; (p16) nop.m 0 // 16: - (p16) xma.hu ahi[4]=ai4,bj[7],ahi[3] // ap[4]*b[i] - (p40) add a7=a7,n7 } // (p17) a7+=n7 -{ .mfi; (p42) add a7=a7,n7,1 - (p16) xma.lu alo[4]=ai4,bj[7],ahi[3] - (p16) nop.i 0 };; -{ .mii; (p16) getf.sig a3=alo[3] // 17: - (p48) add t[2]=t[2],a7 // (p17) t[2]+=a7 - (p50) add t[2]=t[2],a7,1 };; -{ .mfi; (p16) nop.m 0 // 18: - (p16) xma.hu nhi[2]=ni2,mj[0],nhi[1] // np[2]*m0 - (p40) cmp.ltu p43,p41=a7,n7 } -{ .mfi; (p42) cmp.leu p43,p41=a7,n7 - (p16) xma.lu nlo[2]=ni2,mj[0],nhi[1] - (p16) nop.i 0 };; -{ .mii; (p16) getf.sig n1=nlo[1] // 19: - (p48) cmp.ltu p51,p49=t[2],a7 - (p50) cmp.leu p51,p49=t[2],a7 };; - .pred.rel "mutex",p41,p43 - .pred.rel "mutex",p49,p51 -{ .mfi; (p16) nop.m 0 // 20: - (p16) xma.hu ahi[5]=ai5,bj[7],ahi[4] // ap[5]*b[i] - (p41) add a8=a8,n8 } // (p17) a8+=n8 -{ .mfi; (p43) add a8=a8,n8,1 - (p16) xma.lu alo[5]=ai5,bj[7],ahi[4] - (p16) nop.i 0 };; -{ .mii; (p16) getf.sig a4=alo[4] // 21: - (p49) add t[1]=t[1],a8 // (p17) t[1]+=a8 - (p51) add t[1]=t[1],a8,1 };; -{ .mfi; (p16) nop.m 0 // 22: - (p16) xma.hu nhi[3]=ni3,mj[0],nhi[2] // np[3]*m0 - (p41) cmp.ltu p42,p40=a8,n8 } -{ .mfi; (p43) cmp.leu p42,p40=a8,n8 - (p16) xma.lu nlo[3]=ni3,mj[0],nhi[2] - (p16) nop.i 0 };; -{ .mii; (p16) getf.sig n2=nlo[2] // 23: - (p49) cmp.ltu p50,p48=t[1],a8 - (p51) cmp.leu p50,p48=t[1],a8 };; -{ .mfi; (p16) nop.m 0 // 24: - (p16) xma.hu ahi[6]=ai6,bj[7],ahi[5] // ap[6]*b[i] - (p16) add a1=a1,n1 } // (p16) a1+=n1 -{ .mfi; (p16) nop.m 0 - (p16) xma.lu alo[6]=ai6,bj[7],ahi[5] - (p17) mov t[0]=r0 };; -{ .mii; (p16) getf.sig a5=alo[5] // 25: - (p16) add t0=t[7],a1 // (p16) t[7]+=a1 - (p42) add t[0]=t[0],r0,1 };; -{ .mfi; (p16) setf.sig tf[0]=t0 // 26: - (p16) xma.hu nhi[4]=ni4,mj[0],nhi[3] // np[4]*m0 - (p50) add t[0]=t[0],r0,1 } -{ .mfi; (p16) cmp.ltu.unc p42,p40=a1,n1 - (p16) xma.lu nlo[4]=ni4,mj[0],nhi[3] - (p16) nop.i 0 };; -{ .mii; (p16) getf.sig n3=nlo[3] // 27: - (p16) cmp.ltu.unc p50,p48=t0,a1 - (p16) nop.i 0 };; - .pred.rel "mutex",p40,p42 - .pred.rel "mutex",p48,p50 -{ .mfi; (p16) nop.m 0 // 28: - (p16) xma.hu ahi[7]=ai7,bj[7],ahi[6] // ap[7]*b[i] - (p40) add a2=a2,n2 } // (p16) a2+=n2 -{ .mfi; (p42) add a2=a2,n2,1 - (p16) xma.lu alo[7]=ai7,bj[7],ahi[6] - (p16) nop.i 0 };; -{ .mii; (p16) getf.sig a6=alo[6] // 29: - (p48) add t[6]=t[6],a2 // (p16) t[6]+=a2 - (p50) add t[6]=t[6],a2,1 };; -{ .mfi; (p16) nop.m 0 // 30: - (p16) xma.hu nhi[5]=ni5,mj[0],nhi[4] // np[5]*m0 - (p40) cmp.ltu p41,p39=a2,n2 } -{ .mfi; (p42) cmp.leu p41,p39=a2,n2 - (p16) xma.lu nlo[5]=ni5,mj[0],nhi[4] - (p16) nop.i 0 };; -{ .mfi; (p16) getf.sig n4=nlo[4] // 31: - (p16) nop.f 0 - (p48) cmp.ltu p49,p47=t[6],a2 } -{ .mfb; (p50) cmp.leu p49,p47=t[6],a2 - (p16) nop.f 0 - br.ctop.sptk.many .Louter_8_ctop };; -.Louter_8_cend: - -// above loop has to execute one more time, without (p16), which is -// replaced with merged move of np[8] to GPR bank - .pred.rel "mutex",p40,p42 - .pred.rel "mutex",p48,p50 -{ .mmi; (p0) getf.sig n1=ni0 // 0: - (p40) add a3=a3,n3 // (p17) a3+=n3 - (p42) add a3=a3,n3,1 };; -{ .mii; (p17) getf.sig a7=alo[8] // 1: - (p48) add t[6]=t[6],a3 // (p17) t[6]+=a3 - (p50) add t[6]=t[6],a3,1 };; -{ .mfi; (p17) getf.sig a8=ahi[8] // 2: - (p17) xma.hu nhi[7]=ni6,mj[1],nhi[6] // np[6]*m0 - (p40) cmp.ltu p43,p41=a3,n3 } -{ .mfi; (p42) cmp.leu p43,p41=a3,n3 - (p17) xma.lu nlo[7]=ni6,mj[1],nhi[6] - (p0) nop.i 0 };; -{ .mii; (p17) getf.sig n5=nlo[6] // 3: - (p48) cmp.ltu p51,p49=t[6],a3 - (p50) cmp.leu p51,p49=t[6],a3 };; - .pred.rel "mutex",p41,p43 - .pred.rel "mutex",p49,p51 -{ .mmi; (p0) getf.sig n2=ni1 // 4: - (p41) add a4=a4,n4 // (p17) a4+=n4 - (p43) add a4=a4,n4,1 };; -{ .mfi; (p49) add t[5]=t[5],a4 // 5: (p17) t[5]+=a4 - (p0) nop.f 0 - (p51) add t[5]=t[5],a4,1 };; -{ .mfi; (p0) getf.sig n3=ni2 // 6: - (p17) xma.hu nhi[8]=ni7,mj[1],nhi[7] // np[7]*m0 - (p41) cmp.ltu p42,p40=a4,n4 } -{ .mfi; (p43) cmp.leu p42,p40=a4,n4 - (p17) xma.lu nlo[8]=ni7,mj[1],nhi[7] - (p0) nop.i 0 };; -{ .mii; (p17) getf.sig n6=nlo[7] // 7: - (p49) cmp.ltu p50,p48=t[5],a4 - (p51) cmp.leu p50,p48=t[5],a4 };; - .pred.rel "mutex",p40,p42 - .pred.rel "mutex",p48,p50 -{ .mii; (p0) getf.sig n4=ni3 // 8: - (p40) add a5=a5,n5 // (p17) a5+=n5 - (p42) add a5=a5,n5,1 };; -{ .mii; (p0) nop.m 0 // 9: - (p48) add t[4]=t[4],a5 // p(17) t[4]+=a5 - (p50) add t[4]=t[4],a5,1 };; -{ .mii; (p0) nop.m 0 // 10: - (p40) cmp.ltu p43,p41=a5,n5 - (p42) cmp.leu p43,p41=a5,n5 };; -{ .mii; (p17) getf.sig n7=nlo[8] // 11: - (p48) cmp.ltu p51,p49=t[4],a5 - (p50) cmp.leu p51,p49=t[4],a5 };; - .pred.rel "mutex",p41,p43 - .pred.rel "mutex",p49,p51 -{ .mii; (p17) getf.sig n8=nhi[8] // 12: - (p41) add a6=a6,n6 // (p17) a6+=n6 - (p43) add a6=a6,n6,1 };; -{ .mii; (p0) getf.sig n5=ni4 // 13: - (p49) add t[3]=t[3],a6 // (p17) t[3]+=a6 - (p51) add t[3]=t[3],a6,1 };; -{ .mii; (p0) nop.m 0 // 14: - (p41) cmp.ltu p42,p40=a6,n6 - (p43) cmp.leu p42,p40=a6,n6 };; -{ .mii; (p0) getf.sig n6=ni5 // 15: - (p49) cmp.ltu p50,p48=t[3],a6 - (p51) cmp.leu p50,p48=t[3],a6 };; - .pred.rel "mutex",p40,p42 - .pred.rel "mutex",p48,p50 -{ .mii; (p0) nop.m 0 // 16: - (p40) add a7=a7,n7 // (p17) a7+=n7 - (p42) add a7=a7,n7,1 };; -{ .mii; (p0) nop.m 0 // 17: - (p48) add t[2]=t[2],a7 // (p17) t[2]+=a7 - (p50) add t[2]=t[2],a7,1 };; -{ .mii; (p0) nop.m 0 // 18: - (p40) cmp.ltu p43,p41=a7,n7 - (p42) cmp.leu p43,p41=a7,n7 };; -{ .mii; (p0) getf.sig n7=ni6 // 19: - (p48) cmp.ltu p51,p49=t[2],a7 - (p50) cmp.leu p51,p49=t[2],a7 };; - .pred.rel "mutex",p41,p43 - .pred.rel "mutex",p49,p51 -{ .mii; (p0) nop.m 0 // 20: - (p41) add a8=a8,n8 // (p17) a8+=n8 - (p43) add a8=a8,n8,1 };; -{ .mmi; (p0) nop.m 0 // 21: - (p49) add t[1]=t[1],a8 // (p17) t[1]+=a8 - (p51) add t[1]=t[1],a8,1 } -{ .mmi; (p17) mov t[0]=r0 - (p41) cmp.ltu p42,p40=a8,n8 - (p43) cmp.leu p42,p40=a8,n8 };; -{ .mmi; (p0) getf.sig n8=ni7 // 22: - (p49) cmp.ltu p50,p48=t[1],a8 - (p51) cmp.leu p50,p48=t[1],a8 } -{ .mmi; (p42) add t[0]=t[0],r0,1 - (p0) add r16=-7*16,prevsp - (p0) add r17=-6*16,prevsp };; - -// subtract np[8] from carrybit|tmp[8] -// carrybit|tmp[8] layout upon exit from above loop is: -// t[0]|t[1]|t[2]|t[3]|t[4]|t[5]|t[6]|t[7]|t0 (least significant) -{ .mmi; (p50)add t[0]=t[0],r0,1 - add r18=-5*16,prevsp - sub n1=t0,n1 };; -{ .mmi; cmp.gtu p34,p32=n1,t0;; - .pred.rel "mutex",p32,p34 - (p32)sub n2=t[7],n2 - (p34)sub n2=t[7],n2,1 };; -{ .mii; (p32)cmp.gtu p35,p33=n2,t[7] - (p34)cmp.geu p35,p33=n2,t[7];; - .pred.rel "mutex",p33,p35 - (p33)sub n3=t[6],n3 } -{ .mmi; (p35)sub n3=t[6],n3,1;; - (p33)cmp.gtu p34,p32=n3,t[6] - (p35)cmp.geu p34,p32=n3,t[6] };; - .pred.rel "mutex",p32,p34 -{ .mii; (p32)sub n4=t[5],n4 - (p34)sub n4=t[5],n4,1;; - (p32)cmp.gtu p35,p33=n4,t[5] } -{ .mmi; (p34)cmp.geu p35,p33=n4,t[5];; - .pred.rel "mutex",p33,p35 - (p33)sub n5=t[4],n5 - (p35)sub n5=t[4],n5,1 };; -{ .mii; (p33)cmp.gtu p34,p32=n5,t[4] - (p35)cmp.geu p34,p32=n5,t[4];; - .pred.rel "mutex",p32,p34 - (p32)sub n6=t[3],n6 } -{ .mmi; (p34)sub n6=t[3],n6,1;; - (p32)cmp.gtu p35,p33=n6,t[3] - (p34)cmp.geu p35,p33=n6,t[3] };; - .pred.rel "mutex",p33,p35 -{ .mii; (p33)sub n7=t[2],n7 - (p35)sub n7=t[2],n7,1;; - (p33)cmp.gtu p34,p32=n7,t[2] } -{ .mmi; (p35)cmp.geu p34,p32=n7,t[2];; - .pred.rel "mutex",p32,p34 - (p32)sub n8=t[1],n8 - (p34)sub n8=t[1],n8,1 };; -{ .mii; (p32)cmp.gtu p35,p33=n8,t[1] - (p34)cmp.geu p35,p33=n8,t[1];; - .pred.rel "mutex",p33,p35 - (p33)sub a8=t[0],r0 } -{ .mmi; (p35)sub a8=t[0],r0,1;; - (p33)cmp.gtu p34,p32=a8,t[0] - (p35)cmp.geu p34,p32=a8,t[0] };; - -// save the result, either tmp[num] or tmp[num]-np[num] - .pred.rel "mutex",p32,p34 -{ .mmi; (p32)st8 [rptr]=n1,8 - (p34)st8 [rptr]=t0,8 - add r19=-4*16,prevsp};; -{ .mmb; (p32)st8 [rptr]=n2,8 - (p34)st8 [rptr]=t[7],8 - (p5)br.cond.dpnt.few .Ldone };; -{ .mmb; (p32)st8 [rptr]=n3,8 - (p34)st8 [rptr]=t[6],8 - (p7)br.cond.dpnt.few .Ldone };; -{ .mmb; (p32)st8 [rptr]=n4,8 - (p34)st8 [rptr]=t[5],8 - (p9)br.cond.dpnt.few .Ldone };; -{ .mmb; (p32)st8 [rptr]=n5,8 - (p34)st8 [rptr]=t[4],8 - (p11)br.cond.dpnt.few .Ldone };; -{ .mmb; (p32)st8 [rptr]=n6,8 - (p34)st8 [rptr]=t[3],8 - (p13)br.cond.dpnt.few .Ldone };; -{ .mmb; (p32)st8 [rptr]=n7,8 - (p34)st8 [rptr]=t[2],8 - (p15)br.cond.dpnt.few .Ldone };; -{ .mmb; (p32)st8 [rptr]=n8,8 - (p34)st8 [rptr]=t[1],8 - nop.b 0 };; -.Ldone: // epilogue -{ .mmi; ldf.fill f16=[r16],64 - ldf.fill f17=[r17],64 - nop.i 0 } -{ .mmi; ldf.fill f18=[r18],64 - ldf.fill f19=[r19],64 - mov pr=prevpr,0x1ffff };; -{ .mmi; ldf.fill f20=[r16] - ldf.fill f21=[r17] - mov ar.lc=prevlc } -{ .mmi; ldf.fill f22=[r18] - ldf.fill f23=[r19] - mov ret0=1 } // signal "handled" -{ .mib; rum 1<<5 - .restore sp - mov sp=prevsp - br.ret.sptk.many b0 };; -.endp bn_mul_mont_8# - -.type copyright#,\@object -copyright: -stringz "Montgomery multiplication for IA-64, CRYPTOGAMS by " -___ - -open STDOUT,">$output" if $output; -print $code; -close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/bn/asm/ia64.S b/crypto/bn/asm/ia64.S deleted file mode 100644 index 0d64e98c48b0844cabdaaf389360260c4ad35626..0000000000000000000000000000000000000000 --- a/crypto/bn/asm/ia64.S +++ /dev/null @@ -1,1564 +0,0 @@ -.explicit -.text -.ident "ia64.S, Version 2.1" -.ident "IA-64 ISA artwork by Andy Polyakov " - -// Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. -// -// Licensed under the Apache License 2.0 (the "License"). You may not use -// this file except in compliance with the License. You can obtain a copy -// in the file LICENSE in the source distribution or at -// https://www.openssl.org/source/license.html - -// -// ==================================================================== -// Written by Andy Polyakov for the OpenSSL -// project. -// -// Rights for redistribution and usage in source and binary forms are -// granted according to the License. Warranty of any kind is disclaimed. -// ==================================================================== -// -// Version 2.x is Itanium2 re-tune. Few words about how Itanium2 is -// different from Itanium to this module viewpoint. Most notably, is it -// "wider" than Itanium? Can you experience loop scalability as -// discussed in commentary sections? Not really:-( Itanium2 has 6 -// integer ALU ports, i.e. it's 2 ports wider, but it's not enough to -// spin twice as fast, as I need 8 IALU ports. Amount of floating point -// ports is the same, i.e. 2, while I need 4. In other words, to this -// module Itanium2 remains effectively as "wide" as Itanium. Yet it's -// essentially different in respect to this module, and a re-tune was -// required. Well, because some instruction latencies has changed. Most -// noticeably those intensively used: -// -// Itanium Itanium2 -// ldf8 9 6 L2 hit -// ld8 2 1 L1 hit -// getf 2 5 -// xma[->getf] 7[+1] 4[+0] -// add[->st8] 1[+1] 1[+0] -// -// What does it mean? You might ratiocinate that the original code -// should run just faster... Because sum of latencies is smaller... -// Wrong! Note that getf latency increased. This means that if a loop is -// scheduled for lower latency (as they were), then it will suffer from -// stall condition and the code will therefore turn anti-scalable, e.g. -// original bn_mul_words spun at 5*n or 2.5 times slower than expected -// on Itanium2! What to do? Reschedule loops for Itanium2? But then -// Itanium would exhibit anti-scalability. So I've chosen to reschedule -// for worst latency for every instruction aiming for best *all-round* -// performance. - -// Q. How much faster does it get? -// A. Here is the output from 'openssl speed rsa dsa' for vanilla -// 0.9.6a compiled with gcc version 2.96 20000731 (Red Hat -// Linux 7.1 2.96-81): -// -// sign verify sign/s verify/s -// rsa 512 bits 0.0036s 0.0003s 275.3 2999.2 -// rsa 1024 bits 0.0203s 0.0011s 49.3 894.1 -// rsa 2048 bits 0.1331s 0.0040s 7.5 250.9 -// rsa 4096 bits 0.9270s 0.0147s 1.1 68.1 -// sign verify sign/s verify/s -// dsa 512 bits 0.0035s 0.0043s 288.3 234.8 -// dsa 1024 bits 0.0111s 0.0135s 90.0 74.2 -// -// And here is similar output but for this assembler -// implementation:-) -// -// sign verify sign/s verify/s -// rsa 512 bits 0.0021s 0.0001s 549.4 9638.5 -// rsa 1024 bits 0.0055s 0.0002s 183.8 4481.1 -// rsa 2048 bits 0.0244s 0.0006s 41.4 1726.3 -// rsa 4096 bits 0.1295s 0.0018s 7.7 561.5 -// sign verify sign/s verify/s -// dsa 512 bits 0.0012s 0.0013s 891.9 756.6 -// dsa 1024 bits 0.0023s 0.0028s 440.4 376.2 -// -// Yes, you may argue that it's not fair comparison as it's -// possible to craft the C implementation with BN_UMULT_HIGH -// inline assembler macro. But of course! Here is the output -// with the macro: -// -// sign verify sign/s verify/s -// rsa 512 bits 0.0020s 0.0002s 495.0 6561.0 -// rsa 1024 bits 0.0086s 0.0004s 116.2 2235.7 -// rsa 2048 bits 0.0519s 0.0015s 19.3 667.3 -// rsa 4096 bits 0.3464s 0.0053s 2.9 187.7 -// sign verify sign/s verify/s -// dsa 512 bits 0.0016s 0.0020s 613.1 510.5 -// dsa 1024 bits 0.0045s 0.0054s 221.0 183.9 -// -// My code is still way faster, huh:-) And I believe that even -// higher performance can be achieved. Note that as keys get -// longer, performance gain is larger. Why? According to the -// profiler there is another player in the field, namely -// BN_from_montgomery consuming larger and larger portion of CPU -// time as keysize decreases. I therefore consider putting effort -// to assembler implementation of the following routine: -// -// void bn_mul_add_mont (BN_ULONG *rp,BN_ULONG *np,int nl,BN_ULONG n0) -// { -// int i,j; -// BN_ULONG v; -// -// for (i=0; i for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# ==================================================================== - -# This module doesn't present direct interest for OpenSSL, because it -# doesn't provide better performance for longer keys, at least not on -# in-order-execution cores. While 512-bit RSA sign operations can be -# 65% faster in 64-bit mode, 1024-bit ones are only 15% faster, and -# 4096-bit ones are up to 15% slower. In 32-bit mode it varies from -# 16% improvement for 512-bit RSA sign to -33% for 4096-bit RSA -# verify:-( All comparisons are against bn_mul_mont-free assembler. -# The module might be of interest to embedded system developers, as -# the code is smaller than 1KB, yet offers >3x improvement on MIPS64 -# and 75-30% [less for longer keys] on MIPS32 over compiler-generated -# code. - -###################################################################### -# There is a number of MIPS ABI in use, O32 and N32/64 are most -# widely used. Then there is a new contender: NUBI. It appears that if -# one picks the latter, it's possible to arrange code in ABI neutral -# manner. Therefore let's stick to NUBI register layout: -# -($zero,$at,$t0,$t1,$t2)=map("\$$_",(0..2,24,25)); -($a0,$a1,$a2,$a3,$a4,$a5,$a6,$a7)=map("\$$_",(4..11)); -($s0,$s1,$s2,$s3,$s4,$s5,$s6,$s7,$s8,$s9,$s10,$s11)=map("\$$_",(12..23)); -($gp,$tp,$sp,$fp,$ra)=map("\$$_",(3,28..31)); -# -# The return value is placed in $a0. Following coding rules facilitate -# interoperability: -# -# - never ever touch $tp, "thread pointer", former $gp; -# - copy return value to $t0, former $v0 [or to $a0 if you're adapting -# old code]; -# - on O32 populate $a4-$a7 with 'lw $aN,4*N($sp)' if necessary; -# -# For reference here is register layout for N32/64 MIPS ABIs: -# -# ($zero,$at,$v0,$v1)=map("\$$_",(0..3)); -# ($a0,$a1,$a2,$a3,$a4,$a5,$a6,$a7)=map("\$$_",(4..11)); -# ($t0,$t1,$t2,$t3,$t8,$t9)=map("\$$_",(12..15,24,25)); -# ($s0,$s1,$s2,$s3,$s4,$s5,$s6,$s7)=map("\$$_",(16..23)); -# ($gp,$sp,$fp,$ra)=map("\$$_",(28..31)); - -# $output is the last argument if it looks like a file (it has an extension) -# $flavour is the first argument if it doesn't look like a file -$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; -# supported flavours are o32,n32,64,nubi32,nubi64, default is o32 -$flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : "o32"; - -if ($flavour =~ /64|n32/i) { - $PTR_ADD="daddu"; # incidentally works even on n32 - $PTR_SUB="dsubu"; # incidentally works even on n32 - $REG_S="sd"; - $REG_L="ld"; - $SZREG=8; -} else { - $PTR_ADD="addu"; - $PTR_SUB="subu"; - $REG_S="sw"; - $REG_L="lw"; - $SZREG=4; -} -$SAVED_REGS_MASK = ($flavour =~ /nubi/i) ? 0x00fff000 : 0x00ff0000; -# -# -# -###################################################################### - -$output and open STDOUT,">$output"; - -if ($flavour =~ /64|n32/i) { - $LD="ld"; - $ST="sd"; - $MULTU="dmultu"; - $ADDU="daddu"; - $SUBU="dsubu"; - $BNSZ=8; -} else { - $LD="lw"; - $ST="sw"; - $MULTU="multu"; - $ADDU="addu"; - $SUBU="subu"; - $BNSZ=4; -} - -# int bn_mul_mont( -$rp=$a0; # BN_ULONG *rp, -$ap=$a1; # const BN_ULONG *ap, -$bp=$a2; # const BN_ULONG *bp, -$np=$a3; # const BN_ULONG *np, -$n0=$a4; # const BN_ULONG *n0, -$num=$a5; # int num); - -$lo0=$a6; -$hi0=$a7; -$lo1=$t1; -$hi1=$t2; -$aj=$s0; -$bi=$s1; -$nj=$s2; -$tp=$s3; -$alo=$s4; -$ahi=$s5; -$nlo=$s6; -$nhi=$s7; -$tj=$s8; -$i=$s9; -$j=$s10; -$m1=$s11; - -$FRAMESIZE=14; - -$code=<<___; -#include "mips_arch.h" - -.text - -.set noat -.set noreorder - -.align 5 -.globl bn_mul_mont -.ent bn_mul_mont -bn_mul_mont: -___ -$code.=<<___ if ($flavour =~ /o32/i); - lw $n0,16($sp) - lw $num,20($sp) -___ -$code.=<<___; - slt $at,$num,4 - bnez $at,1f - li $t0,0 - slt $at,$num,17 # on in-order CPU - bnez $at,bn_mul_mont_internal - nop -1: jr $ra - li $a0,0 -.end bn_mul_mont - -.align 5 -.ent bn_mul_mont_internal -bn_mul_mont_internal: - .frame $fp,$FRAMESIZE*$SZREG,$ra - .mask 0x40000000|$SAVED_REGS_MASK,-$SZREG - $PTR_SUB $sp,$FRAMESIZE*$SZREG - $REG_S $fp,($FRAMESIZE-1)*$SZREG($sp) - $REG_S $s11,($FRAMESIZE-2)*$SZREG($sp) - $REG_S $s10,($FRAMESIZE-3)*$SZREG($sp) - $REG_S $s9,($FRAMESIZE-4)*$SZREG($sp) - $REG_S $s8,($FRAMESIZE-5)*$SZREG($sp) - $REG_S $s7,($FRAMESIZE-6)*$SZREG($sp) - $REG_S $s6,($FRAMESIZE-7)*$SZREG($sp) - $REG_S $s5,($FRAMESIZE-8)*$SZREG($sp) - $REG_S $s4,($FRAMESIZE-9)*$SZREG($sp) -___ -$code.=<<___ if ($flavour =~ /nubi/i); - $REG_S $s3,($FRAMESIZE-10)*$SZREG($sp) - $REG_S $s2,($FRAMESIZE-11)*$SZREG($sp) - $REG_S $s1,($FRAMESIZE-12)*$SZREG($sp) - $REG_S $s0,($FRAMESIZE-13)*$SZREG($sp) -___ -$code.=<<___; - move $fp,$sp - - .set reorder - $LD $n0,0($n0) - $LD $bi,0($bp) # bp[0] - $LD $aj,0($ap) # ap[0] - $LD $nj,0($np) # np[0] - - $PTR_SUB $sp,2*$BNSZ # place for two extra words - sll $num,`log($BNSZ)/log(2)` - li $at,-4096 - $PTR_SUB $sp,$num - and $sp,$at - - $MULTU ($aj,$bi) - $LD $ahi,$BNSZ($ap) - $LD $nhi,$BNSZ($np) - mflo ($lo0,$aj,$bi) - mfhi ($hi0,$aj,$bi) - $MULTU ($lo0,$n0) - mflo ($m1,$lo0,$n0) - - $MULTU ($ahi,$bi) - mflo ($alo,$ahi,$bi) - mfhi ($ahi,$ahi,$bi) - - $MULTU ($nj,$m1) - mflo ($lo1,$nj,$m1) - mfhi ($hi1,$nj,$m1) - $MULTU ($nhi,$m1) - $ADDU $lo1,$lo0 - sltu $at,$lo1,$lo0 - $ADDU $hi1,$at - mflo ($nlo,$nhi,$m1) - mfhi ($nhi,$nhi,$m1) - - move $tp,$sp - li $j,2*$BNSZ -.align 4 -.L1st: - .set noreorder - $PTR_ADD $aj,$ap,$j - $PTR_ADD $nj,$np,$j - $LD $aj,($aj) - $LD $nj,($nj) - - $MULTU ($aj,$bi) - $ADDU $lo0,$alo,$hi0 - $ADDU $lo1,$nlo,$hi1 - sltu $at,$lo0,$hi0 - sltu $t0,$lo1,$hi1 - $ADDU $hi0,$ahi,$at - $ADDU $hi1,$nhi,$t0 - mflo ($alo,$aj,$bi) - mfhi ($ahi,$aj,$bi) - - $ADDU $lo1,$lo0 - sltu $at,$lo1,$lo0 - $MULTU ($nj,$m1) - $ADDU $hi1,$at - addu $j,$BNSZ - $ST $lo1,($tp) - sltu $t0,$j,$num - mflo ($nlo,$nj,$m1) - mfhi ($nhi,$nj,$m1) - - bnez $t0,.L1st - $PTR_ADD $tp,$BNSZ - .set reorder - - $ADDU $lo0,$alo,$hi0 - sltu $at,$lo0,$hi0 - $ADDU $hi0,$ahi,$at - - $ADDU $lo1,$nlo,$hi1 - sltu $t0,$lo1,$hi1 - $ADDU $hi1,$nhi,$t0 - $ADDU $lo1,$lo0 - sltu $at,$lo1,$lo0 - $ADDU $hi1,$at - - $ST $lo1,($tp) - - $ADDU $hi1,$hi0 - sltu $at,$hi1,$hi0 - $ST $hi1,$BNSZ($tp) - $ST $at,2*$BNSZ($tp) - - li $i,$BNSZ -.align 4 -.Louter: - $PTR_ADD $bi,$bp,$i - $LD $bi,($bi) - $LD $aj,($ap) - $LD $ahi,$BNSZ($ap) - $LD $tj,($sp) - - $MULTU ($aj,$bi) - $LD $nj,($np) - $LD $nhi,$BNSZ($np) - mflo ($lo0,$aj,$bi) - mfhi ($hi0,$aj,$bi) - $ADDU $lo0,$tj - $MULTU ($lo0,$n0) - sltu $at,$lo0,$tj - $ADDU $hi0,$at - mflo ($m1,$lo0,$n0) - - $MULTU ($ahi,$bi) - mflo ($alo,$ahi,$bi) - mfhi ($ahi,$ahi,$bi) - - $MULTU ($nj,$m1) - mflo ($lo1,$nj,$m1) - mfhi ($hi1,$nj,$m1) - - $MULTU ($nhi,$m1) - $ADDU $lo1,$lo0 - sltu $at,$lo1,$lo0 - $ADDU $hi1,$at - mflo ($nlo,$nhi,$m1) - mfhi ($nhi,$nhi,$m1) - - move $tp,$sp - li $j,2*$BNSZ - $LD $tj,$BNSZ($tp) -.align 4 -.Linner: - .set noreorder - $PTR_ADD $aj,$ap,$j - $PTR_ADD $nj,$np,$j - $LD $aj,($aj) - $LD $nj,($nj) - - $MULTU ($aj,$bi) - $ADDU $lo0,$alo,$hi0 - $ADDU $lo1,$nlo,$hi1 - sltu $at,$lo0,$hi0 - sltu $t0,$lo1,$hi1 - $ADDU $hi0,$ahi,$at - $ADDU $hi1,$nhi,$t0 - mflo ($alo,$aj,$bi) - mfhi ($ahi,$aj,$bi) - - $ADDU $lo0,$tj - addu $j,$BNSZ - $MULTU ($nj,$m1) - sltu $at,$lo0,$tj - $ADDU $lo1,$lo0 - $ADDU $hi0,$at - sltu $t0,$lo1,$lo0 - $LD $tj,2*$BNSZ($tp) - $ADDU $hi1,$t0 - sltu $at,$j,$num - mflo ($nlo,$nj,$m1) - mfhi ($nhi,$nj,$m1) - $ST $lo1,($tp) - bnez $at,.Linner - $PTR_ADD $tp,$BNSZ - .set reorder - - $ADDU $lo0,$alo,$hi0 - sltu $at,$lo0,$hi0 - $ADDU $hi0,$ahi,$at - $ADDU $lo0,$tj - sltu $t0,$lo0,$tj - $ADDU $hi0,$t0 - - $LD $tj,2*$BNSZ($tp) - $ADDU $lo1,$nlo,$hi1 - sltu $at,$lo1,$hi1 - $ADDU $hi1,$nhi,$at - $ADDU $lo1,$lo0 - sltu $t0,$lo1,$lo0 - $ADDU $hi1,$t0 - $ST $lo1,($tp) - - $ADDU $lo1,$hi1,$hi0 - sltu $hi1,$lo1,$hi0 - $ADDU $lo1,$tj - sltu $at,$lo1,$tj - $ADDU $hi1,$at - $ST $lo1,$BNSZ($tp) - $ST $hi1,2*$BNSZ($tp) - - addu $i,$BNSZ - sltu $t0,$i,$num - bnez $t0,.Louter - - .set noreorder - $PTR_ADD $tj,$sp,$num # &tp[num] - move $tp,$sp - move $ap,$sp - li $hi0,0 # clear borrow bit - -.align 4 -.Lsub: $LD $lo0,($tp) - $LD $lo1,($np) - $PTR_ADD $tp,$BNSZ - $PTR_ADD $np,$BNSZ - $SUBU $lo1,$lo0,$lo1 # tp[i]-np[i] - sgtu $at,$lo1,$lo0 - $SUBU $lo0,$lo1,$hi0 - sgtu $hi0,$lo0,$lo1 - $ST $lo0,($rp) - or $hi0,$at - sltu $at,$tp,$tj - bnez $at,.Lsub - $PTR_ADD $rp,$BNSZ - - $SUBU $hi0,$hi1,$hi0 # handle upmost overflow bit - move $tp,$sp - $PTR_SUB $rp,$num # restore rp - not $hi1,$hi0 - -.Lcopy: $LD $nj,($tp) # conditional move - $LD $aj,($rp) - $ST $zero,($tp) - $PTR_ADD $tp,$BNSZ - and $nj,$hi0 - and $aj,$hi1 - or $aj,$nj - sltu $at,$tp,$tj - $ST $aj,($rp) - bnez $at,.Lcopy - $PTR_ADD $rp,$BNSZ - - li $a0,1 - li $t0,1 - - .set noreorder - move $sp,$fp - $REG_L $fp,($FRAMESIZE-1)*$SZREG($sp) - $REG_L $s11,($FRAMESIZE-2)*$SZREG($sp) - $REG_L $s10,($FRAMESIZE-3)*$SZREG($sp) - $REG_L $s9,($FRAMESIZE-4)*$SZREG($sp) - $REG_L $s8,($FRAMESIZE-5)*$SZREG($sp) - $REG_L $s7,($FRAMESIZE-6)*$SZREG($sp) - $REG_L $s6,($FRAMESIZE-7)*$SZREG($sp) - $REG_L $s5,($FRAMESIZE-8)*$SZREG($sp) - $REG_L $s4,($FRAMESIZE-9)*$SZREG($sp) -___ -$code.=<<___ if ($flavour =~ /nubi/i); - $REG_L $s3,($FRAMESIZE-10)*$SZREG($sp) - $REG_L $s2,($FRAMESIZE-11)*$SZREG($sp) - $REG_L $s1,($FRAMESIZE-12)*$SZREG($sp) - $REG_L $s0,($FRAMESIZE-13)*$SZREG($sp) -___ -$code.=<<___; - jr $ra - $PTR_ADD $sp,$FRAMESIZE*$SZREG -.end bn_mul_mont_internal -.rdata -.asciiz "Montgomery Multiplication for MIPS, CRYPTOGAMS by " -___ - -$code =~ s/\`([^\`]*)\`/eval $1/gem; - -print $code; -close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/bn/asm/mips.pl b/crypto/bn/asm/mips.pl deleted file mode 100644 index bc18826d08f8237346f0ee865e5949510c5df8b7..0000000000000000000000000000000000000000 --- a/crypto/bn/asm/mips.pl +++ /dev/null @@ -1,2269 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2010-2021 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - -# -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. -# -# Rights for redistribution and usage in source and binary forms are -# granted according to the License. Warranty of any kind is disclaimed. -# ==================================================================== - - -# July 1999 -# -# This is drop-in MIPS III/IV ISA replacement for crypto/bn/bn_asm.c. -# -# The module is designed to work with either of the "new" MIPS ABI(5), -# namely N32 or N64, offered by IRIX 6.x. It's not meant to work under -# IRIX 5.x not only because it doesn't support new ABIs but also -# because 5.x kernels put R4x00 CPU into 32-bit mode and all those -# 64-bit instructions (daddu, dmultu, etc.) found below gonna only -# cause illegal instruction exception:-( -# -# In addition the code depends on preprocessor flags set up by MIPSpro -# compiler driver (either as or cc) and therefore (probably?) can't be -# compiled by the GNU assembler. GNU C driver manages fine though... -# I mean as long as -mmips-as is specified or is the default option, -# because then it simply invokes /usr/bin/as which in turn takes -# perfect care of the preprocessor definitions. Another neat feature -# offered by the MIPSpro assembler is an optimization pass. This gave -# me the opportunity to have the code looking more regular as all those -# architecture dependent instruction rescheduling details were left to -# the assembler. Cool, huh? -# -# Performance improvement is astonishing! 'apps/openssl speed rsa dsa' -# goes way over 3 times faster! -# -# - -# October 2010 -# -# Adapt the module even for 32-bit ABIs and other OSes. The former was -# achieved by mechanical replacement of 64-bit arithmetic instructions -# such as dmultu, daddu, etc. with their 32-bit counterparts and -# adjusting offsets denoting multiples of BN_ULONG. Above mentioned -# >3x performance improvement naturally does not apply to 32-bit code -# [because there is no instruction 32-bit compiler can't use], one -# has to content with 40-85% improvement depending on benchmark and -# key length, more for longer keys. - -# $output is the last argument if it looks like a file (it has an extension) -# $flavour is the first argument if it doesn't look like a file -$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; -$flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : "o32"; - -if ($flavour =~ /64|n32/i) { - $LD="ld"; - $ST="sd"; - $MULTU="dmultu"; - $DIVU="ddivu"; - $ADDU="daddu"; - $SUBU="dsubu"; - $SRL="dsrl"; - $SLL="dsll"; - $BNSZ=8; - $PTR_ADD="daddu"; - $PTR_SUB="dsubu"; - $SZREG=8; - $REG_S="sd"; - $REG_L="ld"; -} else { - $LD="lw"; - $ST="sw"; - $MULTU="multu"; - $DIVU="divu"; - $ADDU="addu"; - $SUBU="subu"; - $SRL="srl"; - $SLL="sll"; - $BNSZ=4; - $PTR_ADD="addu"; - $PTR_SUB="subu"; - $SZREG=4; - $REG_S="sw"; - $REG_L="lw"; - $code="#if !(defined (__mips_isa_rev) && (__mips_isa_rev >= 6))\n.set mips2\n#endif\n"; -} - -$output and open STDOUT,">$output"; - -# Below is N32/64 register layout used in the original module. -# -($zero,$at,$v0,$v1)=map("\$$_",(0..3)); -($a0,$a1,$a2,$a3,$a4,$a5,$a6,$a7)=map("\$$_",(4..11)); -($t0,$t1,$t2,$t3,$t8,$t9)=map("\$$_",(12..15,24,25)); -($s0,$s1,$s2,$s3,$s4,$s5,$s6,$s7)=map("\$$_",(16..23)); -($gp,$sp,$fp,$ra)=map("\$$_",(28..31)); -($ta0,$ta1,$ta2,$ta3)=($a4,$a5,$a6,$a7); -# -# No special adaptation is required for O32. NUBI on the other hand -# is treated by saving/restoring ($v1,$t0..$t3). - -$gp=$v1 if ($flavour =~ /nubi/i); - -$minus4=$v1; - -$code.=<<___; -#include "mips_arch.h" - -#if defined(_MIPS_ARCH_MIPS64R6) -# define ddivu(rs,rt) -# define mfqt(rd,rs,rt) ddivu rd,rs,rt -# define mfrm(rd,rs,rt) dmodu rd,rs,rt -#elif defined(_MIPS_ARCH_MIPS32R6) -# define divu(rs,rt) -# define mfqt(rd,rs,rt) divu rd,rs,rt -# define mfrm(rd,rs,rt) modu rd,rs,rt -#else -# define $DIVU(rs,rt) $DIVU $zero,rs,rt -# define mfqt(rd,rs,rt) mflo rd -# define mfrm(rd,rs,rt) mfhi rd -#endif - -.rdata -.asciiz "mips3.s, Version 1.2" -.asciiz "MIPS II/III/IV ISA artwork by Andy Polyakov " - -.text -.set noat - -.align 5 -.globl bn_mul_add_words -.ent bn_mul_add_words -bn_mul_add_words: - .set noreorder - bgtz $a2,bn_mul_add_words_internal - move $v0,$zero - jr $ra - move $a0,$v0 -.end bn_mul_add_words - -.align 5 -.ent bn_mul_add_words_internal -bn_mul_add_words_internal: -___ -$code.=<<___ if ($flavour =~ /nubi/i); - .frame $sp,6*$SZREG,$ra - .mask 0x8000f008,-$SZREG - .set noreorder - $PTR_SUB $sp,6*$SZREG - $REG_S $ra,5*$SZREG($sp) - $REG_S $t3,4*$SZREG($sp) - $REG_S $t2,3*$SZREG($sp) - $REG_S $t1,2*$SZREG($sp) - $REG_S $t0,1*$SZREG($sp) - $REG_S $gp,0*$SZREG($sp) -___ -$code.=<<___; - .set reorder - li $minus4,-4 - and $ta0,$a2,$minus4 - beqz $ta0,.L_bn_mul_add_words_tail - -.L_bn_mul_add_words_loop: - $LD $t0,0($a1) - $MULTU ($t0,$a3) - $LD $t1,0($a0) - $LD $t2,$BNSZ($a1) - $LD $t3,$BNSZ($a0) - $LD $ta0,2*$BNSZ($a1) - $LD $ta1,2*$BNSZ($a0) - $ADDU $t1,$v0 - sltu $v0,$t1,$v0 # All manuals say it "compares 32-bit - # values", but it seems to work fine - # even on 64-bit registers. - mflo ($at,$t0,$a3) - mfhi ($t0,$t0,$a3) - $ADDU $t1,$at - $ADDU $v0,$t0 - $MULTU ($t2,$a3) - sltu $at,$t1,$at - $ST $t1,0($a0) - $ADDU $v0,$at - - $LD $ta2,3*$BNSZ($a1) - $LD $ta3,3*$BNSZ($a0) - $ADDU $t3,$v0 - sltu $v0,$t3,$v0 - mflo ($at,$t2,$a3) - mfhi ($t2,$t2,$a3) - $ADDU $t3,$at - $ADDU $v0,$t2 - $MULTU ($ta0,$a3) - sltu $at,$t3,$at - $ST $t3,$BNSZ($a0) - $ADDU $v0,$at - - subu $a2,4 - $PTR_ADD $a0,4*$BNSZ - $PTR_ADD $a1,4*$BNSZ - $ADDU $ta1,$v0 - sltu $v0,$ta1,$v0 - mflo ($at,$ta0,$a3) - mfhi ($ta0,$ta0,$a3) - $ADDU $ta1,$at - $ADDU $v0,$ta0 - $MULTU ($ta2,$a3) - sltu $at,$ta1,$at - $ST $ta1,-2*$BNSZ($a0) - $ADDU $v0,$at - - - and $ta0,$a2,$minus4 - $ADDU $ta3,$v0 - sltu $v0,$ta3,$v0 - mflo ($at,$ta2,$a3) - mfhi ($ta2,$ta2,$a3) - $ADDU $ta3,$at - $ADDU $v0,$ta2 - sltu $at,$ta3,$at - $ST $ta3,-$BNSZ($a0) - .set noreorder - bgtz $ta0,.L_bn_mul_add_words_loop - $ADDU $v0,$at - - beqz $a2,.L_bn_mul_add_words_return - nop - -.L_bn_mul_add_words_tail: - .set reorder - $LD $t0,0($a1) - $MULTU ($t0,$a3) - $LD $t1,0($a0) - subu $a2,1 - $ADDU $t1,$v0 - sltu $v0,$t1,$v0 - mflo ($at,$t0,$a3) - mfhi ($t0,$t0,$a3) - $ADDU $t1,$at - $ADDU $v0,$t0 - sltu $at,$t1,$at - $ST $t1,0($a0) - $ADDU $v0,$at - beqz $a2,.L_bn_mul_add_words_return - - $LD $t0,$BNSZ($a1) - $MULTU ($t0,$a3) - $LD $t1,$BNSZ($a0) - subu $a2,1 - $ADDU $t1,$v0 - sltu $v0,$t1,$v0 - mflo ($at,$t0,$a3) - mfhi ($t0,$t0,$a3) - $ADDU $t1,$at - $ADDU $v0,$t0 - sltu $at,$t1,$at - $ST $t1,$BNSZ($a0) - $ADDU $v0,$at - beqz $a2,.L_bn_mul_add_words_return - - $LD $t0,2*$BNSZ($a1) - $MULTU ($t0,$a3) - $LD $t1,2*$BNSZ($a0) - $ADDU $t1,$v0 - sltu $v0,$t1,$v0 - mflo ($at,$t0,$a3) - mfhi ($t0,$t0,$a3) - $ADDU $t1,$at - $ADDU $v0,$t0 - sltu $at,$t1,$at - $ST $t1,2*$BNSZ($a0) - $ADDU $v0,$at - -.L_bn_mul_add_words_return: - .set noreorder -___ -$code.=<<___ if ($flavour =~ /nubi/i); - $REG_L $t3,4*$SZREG($sp) - $REG_L $t2,3*$SZREG($sp) - $REG_L $t1,2*$SZREG($sp) - $REG_L $t0,1*$SZREG($sp) - $REG_L $gp,0*$SZREG($sp) - $PTR_ADD $sp,6*$SZREG -___ -$code.=<<___; - jr $ra - move $a0,$v0 -.end bn_mul_add_words_internal - -.align 5 -.globl bn_mul_words -.ent bn_mul_words -bn_mul_words: - .set noreorder - bgtz $a2,bn_mul_words_internal - move $v0,$zero - jr $ra - move $a0,$v0 -.end bn_mul_words - -.align 5 -.ent bn_mul_words_internal -bn_mul_words_internal: -___ -$code.=<<___ if ($flavour =~ /nubi/i); - .frame $sp,6*$SZREG,$ra - .mask 0x8000f008,-$SZREG - .set noreorder - $PTR_SUB $sp,6*$SZREG - $REG_S $ra,5*$SZREG($sp) - $REG_S $t3,4*$SZREG($sp) - $REG_S $t2,3*$SZREG($sp) - $REG_S $t1,2*$SZREG($sp) - $REG_S $t0,1*$SZREG($sp) - $REG_S $gp,0*$SZREG($sp) -___ -$code.=<<___; - .set reorder - li $minus4,-4 - and $ta0,$a2,$minus4 - beqz $ta0,.L_bn_mul_words_tail - -.L_bn_mul_words_loop: - $LD $t0,0($a1) - $MULTU ($t0,$a3) - $LD $t2,$BNSZ($a1) - $LD $ta0,2*$BNSZ($a1) - $LD $ta2,3*$BNSZ($a1) - mflo ($at,$t0,$a3) - mfhi ($t0,$t0,$a3) - $ADDU $v0,$at - sltu $t1,$v0,$at - $MULTU ($t2,$a3) - $ST $v0,0($a0) - $ADDU $v0,$t1,$t0 - - subu $a2,4 - $PTR_ADD $a0,4*$BNSZ - $PTR_ADD $a1,4*$BNSZ - mflo ($at,$t2,$a3) - mfhi ($t2,$t2,$a3) - $ADDU $v0,$at - sltu $t3,$v0,$at - $MULTU ($ta0,$a3) - $ST $v0,-3*$BNSZ($a0) - $ADDU $v0,$t3,$t2 - - mflo ($at,$ta0,$a3) - mfhi ($ta0,$ta0,$a3) - $ADDU $v0,$at - sltu $ta1,$v0,$at - $MULTU ($ta2,$a3) - $ST $v0,-2*$BNSZ($a0) - $ADDU $v0,$ta1,$ta0 - - and $ta0,$a2,$minus4 - mflo ($at,$ta2,$a3) - mfhi ($ta2,$ta2,$a3) - $ADDU $v0,$at - sltu $ta3,$v0,$at - $ST $v0,-$BNSZ($a0) - .set noreorder - bgtz $ta0,.L_bn_mul_words_loop - $ADDU $v0,$ta3,$ta2 - - beqz $a2,.L_bn_mul_words_return - nop - -.L_bn_mul_words_tail: - .set reorder - $LD $t0,0($a1) - $MULTU ($t0,$a3) - subu $a2,1 - mflo ($at,$t0,$a3) - mfhi ($t0,$t0,$a3) - $ADDU $v0,$at - sltu $t1,$v0,$at - $ST $v0,0($a0) - $ADDU $v0,$t1,$t0 - beqz $a2,.L_bn_mul_words_return - - $LD $t0,$BNSZ($a1) - $MULTU ($t0,$a3) - subu $a2,1 - mflo ($at,$t0,$a3) - mfhi ($t0,$t0,$a3) - $ADDU $v0,$at - sltu $t1,$v0,$at - $ST $v0,$BNSZ($a0) - $ADDU $v0,$t1,$t0 - beqz $a2,.L_bn_mul_words_return - - $LD $t0,2*$BNSZ($a1) - $MULTU ($t0,$a3) - mflo ($at,$t0,$a3) - mfhi ($t0,$t0,$a3) - $ADDU $v0,$at - sltu $t1,$v0,$at - $ST $v0,2*$BNSZ($a0) - $ADDU $v0,$t1,$t0 - -.L_bn_mul_words_return: - .set noreorder -___ -$code.=<<___ if ($flavour =~ /nubi/i); - $REG_L $t3,4*$SZREG($sp) - $REG_L $t2,3*$SZREG($sp) - $REG_L $t1,2*$SZREG($sp) - $REG_L $t0,1*$SZREG($sp) - $REG_L $gp,0*$SZREG($sp) - $PTR_ADD $sp,6*$SZREG -___ -$code.=<<___; - jr $ra - move $a0,$v0 -.end bn_mul_words_internal - -.align 5 -.globl bn_sqr_words -.ent bn_sqr_words -bn_sqr_words: - .set noreorder - bgtz $a2,bn_sqr_words_internal - move $v0,$zero - jr $ra - move $a0,$v0 -.end bn_sqr_words - -.align 5 -.ent bn_sqr_words_internal -bn_sqr_words_internal: -___ -$code.=<<___ if ($flavour =~ /nubi/i); - .frame $sp,6*$SZREG,$ra - .mask 0x8000f008,-$SZREG - .set noreorder - $PTR_SUB $sp,6*$SZREG - $REG_S $ra,5*$SZREG($sp) - $REG_S $t3,4*$SZREG($sp) - $REG_S $t2,3*$SZREG($sp) - $REG_S $t1,2*$SZREG($sp) - $REG_S $t0,1*$SZREG($sp) - $REG_S $gp,0*$SZREG($sp) -___ -$code.=<<___; - .set reorder - li $minus4,-4 - and $ta0,$a2,$minus4 - beqz $ta0,.L_bn_sqr_words_tail - -.L_bn_sqr_words_loop: - $LD $t0,0($a1) - $MULTU ($t0,$t0) - $LD $t2,$BNSZ($a1) - $LD $ta0,2*$BNSZ($a1) - $LD $ta2,3*$BNSZ($a1) - mflo ($t1,$t0,$t0) - mfhi ($t0,$t0,$t0) - $ST $t1,0($a0) - $ST $t0,$BNSZ($a0) - - $MULTU ($t2,$t2) - subu $a2,4 - $PTR_ADD $a0,8*$BNSZ - $PTR_ADD $a1,4*$BNSZ - mflo ($t3,$t2,$t2) - mfhi ($t2,$t2,$t2) - $ST $t3,-6*$BNSZ($a0) - $ST $t2,-5*$BNSZ($a0) - - $MULTU ($ta0,$ta0) - mflo ($ta1,$ta0,$ta0) - mfhi ($ta0,$ta0,$ta0) - $ST $ta1,-4*$BNSZ($a0) - $ST $ta0,-3*$BNSZ($a0) - - - $MULTU ($ta2,$ta2) - and $ta0,$a2,$minus4 - mflo ($ta3,$ta2,$ta2) - mfhi ($ta2,$ta2,$ta2) - $ST $ta3,-2*$BNSZ($a0) - - .set noreorder - bgtz $ta0,.L_bn_sqr_words_loop - $ST $ta2,-$BNSZ($a0) - - beqz $a2,.L_bn_sqr_words_return - nop - -.L_bn_sqr_words_tail: - .set reorder - $LD $t0,0($a1) - $MULTU ($t0,$t0) - subu $a2,1 - mflo ($t1,$t0,$t0) - mfhi ($t0,$t0,$t0) - $ST $t1,0($a0) - $ST $t0,$BNSZ($a0) - beqz $a2,.L_bn_sqr_words_return - - $LD $t0,$BNSZ($a1) - $MULTU ($t0,$t0) - subu $a2,1 - mflo ($t1,$t0,$t0) - mfhi ($t0,$t0,$t0) - $ST $t1,2*$BNSZ($a0) - $ST $t0,3*$BNSZ($a0) - beqz $a2,.L_bn_sqr_words_return - - $LD $t0,2*$BNSZ($a1) - $MULTU ($t0,$t0) - mflo ($t1,$t0,$t0) - mfhi ($t0,$t0,$t0) - $ST $t1,4*$BNSZ($a0) - $ST $t0,5*$BNSZ($a0) - -.L_bn_sqr_words_return: - .set noreorder -___ -$code.=<<___ if ($flavour =~ /nubi/i); - $REG_L $t3,4*$SZREG($sp) - $REG_L $t2,3*$SZREG($sp) - $REG_L $t1,2*$SZREG($sp) - $REG_L $t0,1*$SZREG($sp) - $REG_L $gp,0*$SZREG($sp) - $PTR_ADD $sp,6*$SZREG -___ -$code.=<<___; - jr $ra - move $a0,$v0 - -.end bn_sqr_words_internal - -.align 5 -.globl bn_add_words -.ent bn_add_words -bn_add_words: - .set noreorder - bgtz $a3,bn_add_words_internal - move $v0,$zero - jr $ra - move $a0,$v0 -.end bn_add_words - -.align 5 -.ent bn_add_words_internal -bn_add_words_internal: -___ -$code.=<<___ if ($flavour =~ /nubi/i); - .frame $sp,6*$SZREG,$ra - .mask 0x8000f008,-$SZREG - .set noreorder - $PTR_SUB $sp,6*$SZREG - $REG_S $ra,5*$SZREG($sp) - $REG_S $t3,4*$SZREG($sp) - $REG_S $t2,3*$SZREG($sp) - $REG_S $t1,2*$SZREG($sp) - $REG_S $t0,1*$SZREG($sp) - $REG_S $gp,0*$SZREG($sp) -___ -$code.=<<___; - .set reorder - li $minus4,-4 - and $at,$a3,$minus4 - beqz $at,.L_bn_add_words_tail - -.L_bn_add_words_loop: - $LD $t0,0($a1) - $LD $ta0,0($a2) - subu $a3,4 - $LD $t1,$BNSZ($a1) - and $at,$a3,$minus4 - $LD $t2,2*$BNSZ($a1) - $PTR_ADD $a2,4*$BNSZ - $LD $t3,3*$BNSZ($a1) - $PTR_ADD $a0,4*$BNSZ - $LD $ta1,-3*$BNSZ($a2) - $PTR_ADD $a1,4*$BNSZ - $LD $ta2,-2*$BNSZ($a2) - $LD $ta3,-$BNSZ($a2) - $ADDU $ta0,$t0 - sltu $t8,$ta0,$t0 - $ADDU $t0,$ta0,$v0 - sltu $v0,$t0,$ta0 - $ST $t0,-4*$BNSZ($a0) - $ADDU $v0,$t8 - - $ADDU $ta1,$t1 - sltu $t9,$ta1,$t1 - $ADDU $t1,$ta1,$v0 - sltu $v0,$t1,$ta1 - $ST $t1,-3*$BNSZ($a0) - $ADDU $v0,$t9 - - $ADDU $ta2,$t2 - sltu $t8,$ta2,$t2 - $ADDU $t2,$ta2,$v0 - sltu $v0,$t2,$ta2 - $ST $t2,-2*$BNSZ($a0) - $ADDU $v0,$t8 - - $ADDU $ta3,$t3 - sltu $t9,$ta3,$t3 - $ADDU $t3,$ta3,$v0 - sltu $v0,$t3,$ta3 - $ST $t3,-$BNSZ($a0) - - .set noreorder - bgtz $at,.L_bn_add_words_loop - $ADDU $v0,$t9 - - beqz $a3,.L_bn_add_words_return - nop - -.L_bn_add_words_tail: - .set reorder - $LD $t0,0($a1) - $LD $ta0,0($a2) - $ADDU $ta0,$t0 - subu $a3,1 - sltu $t8,$ta0,$t0 - $ADDU $t0,$ta0,$v0 - sltu $v0,$t0,$ta0 - $ST $t0,0($a0) - $ADDU $v0,$t8 - beqz $a3,.L_bn_add_words_return - - $LD $t1,$BNSZ($a1) - $LD $ta1,$BNSZ($a2) - $ADDU $ta1,$t1 - subu $a3,1 - sltu $t9,$ta1,$t1 - $ADDU $t1,$ta1,$v0 - sltu $v0,$t1,$ta1 - $ST $t1,$BNSZ($a0) - $ADDU $v0,$t9 - beqz $a3,.L_bn_add_words_return - - $LD $t2,2*$BNSZ($a1) - $LD $ta2,2*$BNSZ($a2) - $ADDU $ta2,$t2 - sltu $t8,$ta2,$t2 - $ADDU $t2,$ta2,$v0 - sltu $v0,$t2,$ta2 - $ST $t2,2*$BNSZ($a0) - $ADDU $v0,$t8 - -.L_bn_add_words_return: - .set noreorder -___ -$code.=<<___ if ($flavour =~ /nubi/i); - $REG_L $t3,4*$SZREG($sp) - $REG_L $t2,3*$SZREG($sp) - $REG_L $t1,2*$SZREG($sp) - $REG_L $t0,1*$SZREG($sp) - $REG_L $gp,0*$SZREG($sp) - $PTR_ADD $sp,6*$SZREG -___ -$code.=<<___; - jr $ra - move $a0,$v0 - -.end bn_add_words_internal - -.align 5 -.globl bn_sub_words -.ent bn_sub_words -bn_sub_words: - .set noreorder - bgtz $a3,bn_sub_words_internal - move $v0,$zero - jr $ra - move $a0,$zero -.end bn_sub_words - -.align 5 -.ent bn_sub_words_internal -bn_sub_words_internal: -___ -$code.=<<___ if ($flavour =~ /nubi/i); - .frame $sp,6*$SZREG,$ra - .mask 0x8000f008,-$SZREG - .set noreorder - $PTR_SUB $sp,6*$SZREG - $REG_S $ra,5*$SZREG($sp) - $REG_S $t3,4*$SZREG($sp) - $REG_S $t2,3*$SZREG($sp) - $REG_S $t1,2*$SZREG($sp) - $REG_S $t0,1*$SZREG($sp) - $REG_S $gp,0*$SZREG($sp) -___ -$code.=<<___; - .set reorder - li $minus4,-4 - and $at,$a3,$minus4 - beqz $at,.L_bn_sub_words_tail - -.L_bn_sub_words_loop: - $LD $t0,0($a1) - $LD $ta0,0($a2) - subu $a3,4 - $LD $t1,$BNSZ($a1) - and $at,$a3,$minus4 - $LD $t2,2*$BNSZ($a1) - $PTR_ADD $a2,4*$BNSZ - $LD $t3,3*$BNSZ($a1) - $PTR_ADD $a0,4*$BNSZ - $LD $ta1,-3*$BNSZ($a2) - $PTR_ADD $a1,4*$BNSZ - $LD $ta2,-2*$BNSZ($a2) - $LD $ta3,-$BNSZ($a2) - sltu $t8,$t0,$ta0 - $SUBU $ta0,$t0,$ta0 - $SUBU $t0,$ta0,$v0 - sgtu $v0,$t0,$ta0 - $ST $t0,-4*$BNSZ($a0) - $ADDU $v0,$t8 - - sltu $t9,$t1,$ta1 - $SUBU $ta1,$t1,$ta1 - $SUBU $t1,$ta1,$v0 - sgtu $v0,$t1,$ta1 - $ST $t1,-3*$BNSZ($a0) - $ADDU $v0,$t9 - - - sltu $t8,$t2,$ta2 - $SUBU $ta2,$t2,$ta2 - $SUBU $t2,$ta2,$v0 - sgtu $v0,$t2,$ta2 - $ST $t2,-2*$BNSZ($a0) - $ADDU $v0,$t8 - - sltu $t9,$t3,$ta3 - $SUBU $ta3,$t3,$ta3 - $SUBU $t3,$ta3,$v0 - sgtu $v0,$t3,$ta3 - $ST $t3,-$BNSZ($a0) - - .set noreorder - bgtz $at,.L_bn_sub_words_loop - $ADDU $v0,$t9 - - beqz $a3,.L_bn_sub_words_return - nop - -.L_bn_sub_words_tail: - .set reorder - $LD $t0,0($a1) - $LD $ta0,0($a2) - subu $a3,1 - sltu $t8,$t0,$ta0 - $SUBU $ta0,$t0,$ta0 - $SUBU $t0,$ta0,$v0 - sgtu $v0,$t0,$ta0 - $ST $t0,0($a0) - $ADDU $v0,$t8 - beqz $a3,.L_bn_sub_words_return - - $LD $t1,$BNSZ($a1) - subu $a3,1 - $LD $ta1,$BNSZ($a2) - sltu $t9,$t1,$ta1 - $SUBU $ta1,$t1,$ta1 - $SUBU $t1,$ta1,$v0 - sgtu $v0,$t1,$ta1 - $ST $t1,$BNSZ($a0) - $ADDU $v0,$t9 - beqz $a3,.L_bn_sub_words_return - - $LD $t2,2*$BNSZ($a1) - $LD $ta2,2*$BNSZ($a2) - sltu $t8,$t2,$ta2 - $SUBU $ta2,$t2,$ta2 - $SUBU $t2,$ta2,$v0 - sgtu $v0,$t2,$ta2 - $ST $t2,2*$BNSZ($a0) - $ADDU $v0,$t8 - -.L_bn_sub_words_return: - .set noreorder -___ -$code.=<<___ if ($flavour =~ /nubi/i); - $REG_L $t3,4*$SZREG($sp) - $REG_L $t2,3*$SZREG($sp) - $REG_L $t1,2*$SZREG($sp) - $REG_L $t0,1*$SZREG($sp) - $REG_L $gp,0*$SZREG($sp) - $PTR_ADD $sp,6*$SZREG -___ -$code.=<<___; - jr $ra - move $a0,$v0 -.end bn_sub_words_internal - -#if 0 -/* - * The bn_div_3_words entry point is re-used for constant-time interface. - * Implementation is retained as historical reference. - */ -.align 5 -.globl bn_div_3_words -.ent bn_div_3_words -bn_div_3_words: - .set noreorder - move $a3,$a0 # we know that bn_div_words does not - # touch $a3, $ta2, $ta3 and preserves $a2 - # so that we can save two arguments - # and return address in registers - # instead of stack:-) - - $LD $a0,($a3) - move $ta2,$a1 - bne $a0,$a2,bn_div_3_words_internal - $LD $a1,-$BNSZ($a3) - li $v0,-1 - jr $ra - move $a0,$v0 -.end bn_div_3_words - -.align 5 -.ent bn_div_3_words_internal -bn_div_3_words_internal: -___ -$code.=<<___ if ($flavour =~ /nubi/i); - .frame $sp,6*$SZREG,$ra - .mask 0x8000f008,-$SZREG - .set noreorder - $PTR_SUB $sp,6*$SZREG - $REG_S $ra,5*$SZREG($sp) - $REG_S $t3,4*$SZREG($sp) - $REG_S $t2,3*$SZREG($sp) - $REG_S $t1,2*$SZREG($sp) - $REG_S $t0,1*$SZREG($sp) - $REG_S $gp,0*$SZREG($sp) -___ -$code.=<<___; - .set reorder - move $ta3,$ra - bal bn_div_words_internal - move $ra,$ta3 - $MULTU ($ta2,$v0) - $LD $t2,-2*$BNSZ($a3) - move $ta0,$zero - mfhi ($t1,$ta2,$v0) - mflo ($t0,$ta2,$v0) - sltu $t8,$t1,$a1 -.L_bn_div_3_words_inner_loop: - bnez $t8,.L_bn_div_3_words_inner_loop_done - sgeu $at,$t2,$t0 - seq $t9,$t1,$a1 - and $at,$t9 - sltu $t3,$t0,$ta2 - $ADDU $a1,$a2 - $SUBU $t1,$t3 - $SUBU $t0,$ta2 - sltu $t8,$t1,$a1 - sltu $ta0,$a1,$a2 - or $t8,$ta0 - .set noreorder - beqz $at,.L_bn_div_3_words_inner_loop - $SUBU $v0,1 - $ADDU $v0,1 - .set reorder -.L_bn_div_3_words_inner_loop_done: - .set noreorder -___ -$code.=<<___ if ($flavour =~ /nubi/i); - $REG_L $t3,4*$SZREG($sp) - $REG_L $t2,3*$SZREG($sp) - $REG_L $t1,2*$SZREG($sp) - $REG_L $t0,1*$SZREG($sp) - $REG_L $gp,0*$SZREG($sp) - $PTR_ADD $sp,6*$SZREG -___ -$code.=<<___; - jr $ra - move $a0,$v0 -.end bn_div_3_words_internal -#endif - -.align 5 -.globl bn_div_words -.ent bn_div_words -bn_div_words: - .set noreorder - bnez $a2,bn_div_words_internal - li $v0,-1 # I would rather signal div-by-zero - # which can be done with 'break 7' - jr $ra - move $a0,$v0 -.end bn_div_words - -.align 5 -.ent bn_div_words_internal -bn_div_words_internal: -___ -$code.=<<___ if ($flavour =~ /nubi/i); - .frame $sp,6*$SZREG,$ra - .mask 0x8000f008,-$SZREG - .set noreorder - $PTR_SUB $sp,6*$SZREG - $REG_S $ra,5*$SZREG($sp) - $REG_S $t3,4*$SZREG($sp) - $REG_S $t2,3*$SZREG($sp) - $REG_S $t1,2*$SZREG($sp) - $REG_S $t0,1*$SZREG($sp) - $REG_S $gp,0*$SZREG($sp) -___ -$code.=<<___; - move $v1,$zero - bltz $a2,.L_bn_div_words_body - move $t9,$v1 - $SLL $a2,1 - bgtz $a2,.-4 - addu $t9,1 - - .set reorder - negu $t1,$t9 - li $t2,-1 - $SLL $t2,$t1 - and $t2,$a0 - $SRL $at,$a1,$t1 - .set noreorder - beqz $t2,.+12 - nop - break 6 # signal overflow - .set reorder - $SLL $a0,$t9 - $SLL $a1,$t9 - or $a0,$at -___ -$QT=$ta0; -$HH=$ta1; -$DH=$v1; -$code.=<<___; -.L_bn_div_words_body: - $SRL $DH,$a2,4*$BNSZ # bits - sgeu $at,$a0,$a2 - .set noreorder - beqz $at,.+12 - nop - $SUBU $a0,$a2 - .set reorder - - li $QT,-1 - $SRL $HH,$a0,4*$BNSZ # bits - $SRL $QT,4*$BNSZ # q=0xffffffff - beq $DH,$HH,.L_bn_div_words_skip_div1 - $DIVU ($a0,$DH) - mfqt ($QT,$a0,$DH) -.L_bn_div_words_skip_div1: - $MULTU ($a2,$QT) - $SLL $t3,$a0,4*$BNSZ # bits - $SRL $at,$a1,4*$BNSZ # bits - or $t3,$at - mflo ($t0,$a2,$QT) - mfhi ($t1,$a2,$QT) -.L_bn_div_words_inner_loop1: - sltu $t2,$t3,$t0 - seq $t8,$HH,$t1 - sltu $at,$HH,$t1 - and $t2,$t8 - sltu $v0,$t0,$a2 - or $at,$t2 - .set noreorder - beqz $at,.L_bn_div_words_inner_loop1_done - $SUBU $t1,$v0 - $SUBU $t0,$a2 - b .L_bn_div_words_inner_loop1 - $SUBU $QT,1 - .set reorder -.L_bn_div_words_inner_loop1_done: - - $SLL $a1,4*$BNSZ # bits - $SUBU $a0,$t3,$t0 - $SLL $v0,$QT,4*$BNSZ # bits - - li $QT,-1 - $SRL $HH,$a0,4*$BNSZ # bits - $SRL $QT,4*$BNSZ # q=0xffffffff - beq $DH,$HH,.L_bn_div_words_skip_div2 - $DIVU ($a0,$DH) - mfqt ($QT,$a0,$DH) -.L_bn_div_words_skip_div2: - $MULTU ($a2,$QT) - $SLL $t3,$a0,4*$BNSZ # bits - $SRL $at,$a1,4*$BNSZ # bits - or $t3,$at - mflo ($t0,$a2,$QT) - mfhi ($t1,$a2,$QT) -.L_bn_div_words_inner_loop2: - sltu $t2,$t3,$t0 - seq $t8,$HH,$t1 - sltu $at,$HH,$t1 - and $t2,$t8 - sltu $v1,$t0,$a2 - or $at,$t2 - .set noreorder - beqz $at,.L_bn_div_words_inner_loop2_done - $SUBU $t1,$v1 - $SUBU $t0,$a2 - b .L_bn_div_words_inner_loop2 - $SUBU $QT,1 - .set reorder -.L_bn_div_words_inner_loop2_done: - - $SUBU $a0,$t3,$t0 - or $v0,$QT - $SRL $v1,$a0,$t9 # $v1 contains remainder if anybody wants it - $SRL $a2,$t9 # restore $a2 - - .set noreorder - move $a1,$v1 -___ -$code.=<<___ if ($flavour =~ /nubi/i); - $REG_L $t3,4*$SZREG($sp) - $REG_L $t2,3*$SZREG($sp) - $REG_L $t1,2*$SZREG($sp) - $REG_L $t0,1*$SZREG($sp) - $REG_L $gp,0*$SZREG($sp) - $PTR_ADD $sp,6*$SZREG -___ -$code.=<<___; - jr $ra - move $a0,$v0 -.end bn_div_words_internal -___ -undef $HH; undef $QT; undef $DH; - -($a_0,$a_1,$a_2,$a_3)=($t0,$t1,$t2,$t3); -($b_0,$b_1,$b_2,$b_3)=($ta0,$ta1,$ta2,$ta3); - -($a_4,$a_5,$a_6,$a_7)=($s0,$s2,$s4,$a1); # once we load a[7], no use for $a1 -($b_4,$b_5,$b_6,$b_7)=($s1,$s3,$s5,$a2); # once we load b[7], no use for $a2 - -($t_1,$t_2,$c_1,$c_2,$c_3)=($t8,$t9,$v0,$v1,$a3); - -$code.=<<___; - -.align 5 -.globl bn_mul_comba8 -.ent bn_mul_comba8 -bn_mul_comba8: - .set noreorder -___ -$code.=<<___ if ($flavour =~ /nubi/i); - .frame $sp,12*$SZREG,$ra - .mask 0x803ff008,-$SZREG - $PTR_SUB $sp,12*$SZREG - $REG_S $ra,11*$SZREG($sp) - $REG_S $s5,10*$SZREG($sp) - $REG_S $s4,9*$SZREG($sp) - $REG_S $s3,8*$SZREG($sp) - $REG_S $s2,7*$SZREG($sp) - $REG_S $s1,6*$SZREG($sp) - $REG_S $s0,5*$SZREG($sp) - $REG_S $t3,4*$SZREG($sp) - $REG_S $t2,3*$SZREG($sp) - $REG_S $t1,2*$SZREG($sp) - $REG_S $t0,1*$SZREG($sp) - $REG_S $gp,0*$SZREG($sp) -___ -$code.=<<___ if ($flavour !~ /nubi/i); - .frame $sp,6*$SZREG,$ra - .mask 0x003f0000,-$SZREG - $PTR_SUB $sp,6*$SZREG - $REG_S $s5,5*$SZREG($sp) - $REG_S $s4,4*$SZREG($sp) - $REG_S $s3,3*$SZREG($sp) - $REG_S $s2,2*$SZREG($sp) - $REG_S $s1,1*$SZREG($sp) - $REG_S $s0,0*$SZREG($sp) -___ -$code.=<<___; - - .set reorder - $LD $a_0,0($a1) # If compiled with -mips3 option on - # R5000 box assembler barks on this - # 1ine with "should not have mult/div - # as last instruction in bb (R10K - # bug)" warning. If anybody out there - # has a clue about how to circumvent - # this do send me a note. - # - - $LD $b_0,0($a2) - $LD $a_1,$BNSZ($a1) - $LD $a_2,2*$BNSZ($a1) - $MULTU ($a_0,$b_0) # mul_add_c(a[0],b[0],c1,c2,c3); - $LD $a_3,3*$BNSZ($a1) - $LD $b_1,$BNSZ($a2) - $LD $b_2,2*$BNSZ($a2) - $LD $b_3,3*$BNSZ($a2) - mflo ($c_1,$a_0,$b_0) - mfhi ($c_2,$a_0,$b_0) - - $LD $a_4,4*$BNSZ($a1) - $LD $a_5,5*$BNSZ($a1) - $MULTU ($a_0,$b_1) # mul_add_c(a[0],b[1],c2,c3,c1); - $LD $a_6,6*$BNSZ($a1) - $LD $a_7,7*$BNSZ($a1) - $LD $b_4,4*$BNSZ($a2) - $LD $b_5,5*$BNSZ($a2) - mflo ($t_1,$a_0,$b_1) - mfhi ($t_2,$a_0,$b_1) - $ADDU $c_2,$t_1 - sltu $at,$c_2,$t_1 - $MULTU ($a_1,$b_0) # mul_add_c(a[1],b[0],c2,c3,c1); - $ADDU $c_3,$t_2,$at - $LD $b_6,6*$BNSZ($a2) - $LD $b_7,7*$BNSZ($a2) - $ST $c_1,0($a0) # r[0]=c1; - mflo ($t_1,$a_1,$b_0) - mfhi ($t_2,$a_1,$b_0) - $ADDU $c_2,$t_1 - sltu $at,$c_2,$t_1 - $MULTU ($a_2,$b_0) # mul_add_c(a[2],b[0],c3,c1,c2); - $ADDU $t_2,$at - $ADDU $c_3,$t_2 - sltu $c_1,$c_3,$t_2 - $ST $c_2,$BNSZ($a0) # r[1]=c2; - - mflo ($t_1,$a_2,$b_0) - mfhi ($t_2,$a_2,$b_0) - $ADDU $c_3,$t_1 - sltu $at,$c_3,$t_1 - $MULTU ($a_1,$b_1) # mul_add_c(a[1],b[1],c3,c1,c2); - $ADDU $t_2,$at - $ADDU $c_1,$t_2 - mflo ($t_1,$a_1,$b_1) - mfhi ($t_2,$a_1,$b_1) - $ADDU $c_3,$t_1 - sltu $at,$c_3,$t_1 - $MULTU ($a_0,$b_2) # mul_add_c(a[0],b[2],c3,c1,c2); - $ADDU $t_2,$at - $ADDU $c_1,$t_2 - sltu $c_2,$c_1,$t_2 - mflo ($t_1,$a_0,$b_2) - mfhi ($t_2,$a_0,$b_2) - $ADDU $c_3,$t_1 - sltu $at,$c_3,$t_1 - $MULTU ($a_0,$b_3) # mul_add_c(a[0],b[3],c1,c2,c3); - $ADDU $t_2,$at - $ADDU $c_1,$t_2 - sltu $at,$c_1,$t_2 - $ADDU $c_2,$at - $ST $c_3,2*$BNSZ($a0) # r[2]=c3; - - mflo ($t_1,$a_0,$b_3) - mfhi ($t_2,$a_0,$b_3) - $ADDU $c_1,$t_1 - sltu $at,$c_1,$t_1 - $MULTU ($a_1,$b_2) # mul_add_c(a[1],b[2],c1,c2,c3); - $ADDU $t_2,$at - $ADDU $c_2,$t_2 - sltu $c_3,$c_2,$t_2 - mflo ($t_1,$a_1,$b_2) - mfhi ($t_2,$a_1,$b_2) - $ADDU $c_1,$t_1 - sltu $at,$c_1,$t_1 - $MULTU ($a_2,$b_1) # mul_add_c(a[2],b[1],c1,c2,c3); - $ADDU $t_2,$at - $ADDU $c_2,$t_2 - sltu $at,$c_2,$t_2 - $ADDU $c_3,$at - mflo ($t_1,$a_2,$b_1) - mfhi ($t_2,$a_2,$b_1) - $ADDU $c_1,$t_1 - sltu $at,$c_1,$t_1 - $MULTU ($a_3,$b_0) # mul_add_c(a[3],b[0],c1,c2,c3); - $ADDU $t_2,$at - $ADDU $c_2,$t_2 - sltu $at,$c_2,$t_2 - $ADDU $c_3,$at - mflo ($t_1,$a_3,$b_0) - mfhi ($t_2,$a_3,$b_0) - $ADDU $c_1,$t_1 - sltu $at,$c_1,$t_1 - $MULTU ($a_4,$b_0) # mul_add_c(a[4],b[0],c2,c3,c1); - $ADDU $t_2,$at - $ADDU $c_2,$t_2 - sltu $at,$c_2,$t_2 - $ADDU $c_3,$at - $ST $c_1,3*$BNSZ($a0) # r[3]=c1; - - mflo ($t_1,$a_4,$b_0) - mfhi ($t_2,$a_4,$b_0) - $ADDU $c_2,$t_1 - sltu $at,$c_2,$t_1 - $MULTU ($a_3,$b_1) # mul_add_c(a[3],b[1],c2,c3,c1); - $ADDU $t_2,$at - $ADDU $c_3,$t_2 - sltu $c_1,$c_3,$t_2 - mflo ($t_1,$a_3,$b_1) - mfhi ($t_2,$a_3,$b_1) - $ADDU $c_2,$t_1 - sltu $at,$c_2,$t_1 - $MULTU ($a_2,$b_2) # mul_add_c(a[2],b[2],c2,c3,c1); - $ADDU $t_2,$at - $ADDU $c_3,$t_2 - sltu $at,$c_3,$t_2 - $ADDU $c_1,$at - mflo ($t_1,$a_2,$b_2) - mfhi ($t_2,$a_2,$b_2) - $ADDU $c_2,$t_1 - sltu $at,$c_2,$t_1 - $MULTU ($a_1,$b_3) # mul_add_c(a[1],b[3],c2,c3,c1); - $ADDU $t_2,$at - $ADDU $c_3,$t_2 - sltu $at,$c_3,$t_2 - $ADDU $c_1,$at - mflo ($t_1,$a_1,$b_3) - mfhi ($t_2,$a_1,$b_3) - $ADDU $c_2,$t_1 - sltu $at,$c_2,$t_1 - $MULTU ($a_0,$b_4) # mul_add_c(a[0],b[4],c2,c3,c1); - $ADDU $t_2,$at - $ADDU $c_3,$t_2 - sltu $at,$c_3,$t_2 - $ADDU $c_1,$at - mflo ($t_1,$a_0,$b_4) - mfhi ($t_2,$a_0,$b_4) - $ADDU $c_2,$t_1 - sltu $at,$c_2,$t_1 - $MULTU ($a_0,$b_5) # mul_add_c(a[0],b[5],c3,c1,c2); - $ADDU $t_2,$at - $ADDU $c_3,$t_2 - sltu $at,$c_3,$t_2 - $ADDU $c_1,$at - $ST $c_2,4*$BNSZ($a0) # r[4]=c2; - - mflo ($t_1,$a_0,$b_5) - mfhi ($t_2,$a_0,$b_5) - $ADDU $c_3,$t_1 - sltu $at,$c_3,$t_1 - $MULTU ($a_1,$b_4) # mul_add_c(a[1],b[4],c3,c1,c2); - $ADDU $t_2,$at - $ADDU $c_1,$t_2 - sltu $c_2,$c_1,$t_2 - mflo ($t_1,$a_1,$b_4) - mfhi ($t_2,$a_1,$b_4) - $ADDU $c_3,$t_1 - sltu $at,$c_3,$t_1 - $MULTU ($a_2,$b_3) # mul_add_c(a[2],b[3],c3,c1,c2); - $ADDU $t_2,$at - $ADDU $c_1,$t_2 - sltu $at,$c_1,$t_2 - $ADDU $c_2,$at - mflo ($t_1,$a_2,$b_3) - mfhi ($t_2,$a_2,$b_3) - $ADDU $c_3,$t_1 - sltu $at,$c_3,$t_1 - $MULTU ($a_3,$b_2) # mul_add_c(a[3],b[2],c3,c1,c2); - $ADDU $t_2,$at - $ADDU $c_1,$t_2 - sltu $at,$c_1,$t_2 - $ADDU $c_2,$at - mflo ($t_1,$a_3,$b_2) - mfhi ($t_2,$a_3,$b_2) - $ADDU $c_3,$t_1 - sltu $at,$c_3,$t_1 - $MULTU ($a_4,$b_1) # mul_add_c(a[4],b[1],c3,c1,c2); - $ADDU $t_2,$at - $ADDU $c_1,$t_2 - sltu $at,$c_1,$t_2 - $ADDU $c_2,$at - mflo ($t_1,$a_4,$b_1) - mfhi ($t_2,$a_4,$b_1) - $ADDU $c_3,$t_1 - sltu $at,$c_3,$t_1 - $MULTU ($a_5,$b_0) # mul_add_c(a[5],b[0],c3,c1,c2); - $ADDU $t_2,$at - $ADDU $c_1,$t_2 - sltu $at,$c_1,$t_2 - $ADDU $c_2,$at - mflo ($t_1,$a_5,$b_0) - mfhi ($t_2,$a_5,$b_0) - $ADDU $c_3,$t_1 - sltu $at,$c_3,$t_1 - $MULTU ($a_6,$b_0) # mul_add_c(a[6],b[0],c1,c2,c3); - $ADDU $t_2,$at - $ADDU $c_1,$t_2 - sltu $at,$c_1,$t_2 - $ADDU $c_2,$at - $ST $c_3,5*$BNSZ($a0) # r[5]=c3; - - mflo ($t_1,$a_6,$b_0) - mfhi ($t_2,$a_6,$b_0) - $ADDU $c_1,$t_1 - sltu $at,$c_1,$t_1 - $MULTU ($a_5,$b_1) # mul_add_c(a[5],b[1],c1,c2,c3); - $ADDU $t_2,$at - $ADDU $c_2,$t_2 - sltu $c_3,$c_2,$t_2 - mflo ($t_1,$a_5,$b_1) - mfhi ($t_2,$a_5,$b_1) - $ADDU $c_1,$t_1 - sltu $at,$c_1,$t_1 - $MULTU ($a_4,$b_2) # mul_add_c(a[4],b[2],c1,c2,c3); - $ADDU $t_2,$at - $ADDU $c_2,$t_2 - sltu $at,$c_2,$t_2 - $ADDU $c_3,$at - mflo ($t_1,$a_4,$b_2) - mfhi ($t_2,$a_4,$b_2) - $ADDU $c_1,$t_1 - sltu $at,$c_1,$t_1 - $MULTU ($a_3,$b_3) # mul_add_c(a[3],b[3],c1,c2,c3); - $ADDU $t_2,$at - $ADDU $c_2,$t_2 - sltu $at,$c_2,$t_2 - $ADDU $c_3,$at - mflo ($t_1,$a_3,$b_3) - mfhi ($t_2,$a_3,$b_3) - $ADDU $c_1,$t_1 - sltu $at,$c_1,$t_1 - $MULTU ($a_2,$b_4) # mul_add_c(a[2],b[4],c1,c2,c3); - $ADDU $t_2,$at - $ADDU $c_2,$t_2 - sltu $at,$c_2,$t_2 - $ADDU $c_3,$at - mflo ($t_1,$a_2,$b_4) - mfhi ($t_2,$a_2,$b_4) - $ADDU $c_1,$t_1 - sltu $at,$c_1,$t_1 - $MULTU ($a_1,$b_5) # mul_add_c(a[1],b[5],c1,c2,c3); - $ADDU $t_2,$at - $ADDU $c_2,$t_2 - sltu $at,$c_2,$t_2 - $ADDU $c_3,$at - mflo ($t_1,$a_1,$b_5) - mfhi ($t_2,$a_1,$b_5) - $ADDU $c_1,$t_1 - sltu $at,$c_1,$t_1 - $MULTU ($a_0,$b_6) # mul_add_c(a[0],b[6],c1,c2,c3); - $ADDU $t_2,$at - $ADDU $c_2,$t_2 - sltu $at,$c_2,$t_2 - $ADDU $c_3,$at - mflo ($t_1,$a_0,$b_6) - mfhi ($t_2,$a_0,$b_6) - $ADDU $c_1,$t_1 - sltu $at,$c_1,$t_1 - $MULTU ($a_0,$b_7) # mul_add_c(a[0],b[7],c2,c3,c1); - $ADDU $t_2,$at - $ADDU $c_2,$t_2 - sltu $at,$c_2,$t_2 - $ADDU $c_3,$at - $ST $c_1,6*$BNSZ($a0) # r[6]=c1; - - mflo ($t_1,$a_0,$b_7) - mfhi ($t_2,$a_0,$b_7) - $ADDU $c_2,$t_1 - sltu $at,$c_2,$t_1 - $MULTU ($a_1,$b_6) # mul_add_c(a[1],b[6],c2,c3,c1); - $ADDU $t_2,$at - $ADDU $c_3,$t_2 - sltu $c_1,$c_3,$t_2 - mflo ($t_1,$a_1,$b_6) - mfhi ($t_2,$a_1,$b_6) - $ADDU $c_2,$t_1 - sltu $at,$c_2,$t_1 - $MULTU ($a_2,$b_5) # mul_add_c(a[2],b[5],c2,c3,c1); - $ADDU $t_2,$at - $ADDU $c_3,$t_2 - sltu $at,$c_3,$t_2 - $ADDU $c_1,$at - mflo ($t_1,$a_2,$b_5) - mfhi ($t_2,$a_2,$b_5) - $ADDU $c_2,$t_1 - sltu $at,$c_2,$t_1 - $MULTU ($a_3,$b_4) # mul_add_c(a[3],b[4],c2,c3,c1); - $ADDU $t_2,$at - $ADDU $c_3,$t_2 - sltu $at,$c_3,$t_2 - $ADDU $c_1,$at - mflo ($t_1,$a_3,$b_4) - mfhi ($t_2,$a_3,$b_4) - $ADDU $c_2,$t_1 - sltu $at,$c_2,$t_1 - $MULTU ($a_4,$b_3) # mul_add_c(a[4],b[3],c2,c3,c1); - $ADDU $t_2,$at - $ADDU $c_3,$t_2 - sltu $at,$c_3,$t_2 - $ADDU $c_1,$at - mflo ($t_1,$a_4,$b_3) - mfhi ($t_2,$a_4,$b_3) - $ADDU $c_2,$t_1 - sltu $at,$c_2,$t_1 - $MULTU ($a_5,$b_2) # mul_add_c(a[5],b[2],c2,c3,c1); - $ADDU $t_2,$at - $ADDU $c_3,$t_2 - sltu $at,$c_3,$t_2 - $ADDU $c_1,$at - mflo ($t_1,$a_5,$b_2) - mfhi ($t_2,$a_5,$b_2) - $ADDU $c_2,$t_1 - sltu $at,$c_2,$t_1 - $MULTU ($a_6,$b_1) # mul_add_c(a[6],b[1],c2,c3,c1); - $ADDU $t_2,$at - $ADDU $c_3,$t_2 - sltu $at,$c_3,$t_2 - $ADDU $c_1,$at - mflo ($t_1,$a_6,$b_1) - mfhi ($t_2,$a_6,$b_1) - $ADDU $c_2,$t_1 - sltu $at,$c_2,$t_1 - $MULTU ($a_7,$b_0) # mul_add_c(a[7],b[0],c2,c3,c1); - $ADDU $t_2,$at - $ADDU $c_3,$t_2 - sltu $at,$c_3,$t_2 - $ADDU $c_1,$at - mflo ($t_1,$a_7,$b_0) - mfhi ($t_2,$a_7,$b_0) - $ADDU $c_2,$t_1 - sltu $at,$c_2,$t_1 - $MULTU ($a_7,$b_1) # mul_add_c(a[7],b[1],c3,c1,c2); - $ADDU $t_2,$at - $ADDU $c_3,$t_2 - sltu $at,$c_3,$t_2 - $ADDU $c_1,$at - $ST $c_2,7*$BNSZ($a0) # r[7]=c2; - - mflo ($t_1,$a_7,$b_1) - mfhi ($t_2,$a_7,$b_1) - $ADDU $c_3,$t_1 - sltu $at,$c_3,$t_1 - $MULTU ($a_6,$b_2) # mul_add_c(a[6],b[2],c3,c1,c2); - $ADDU $t_2,$at - $ADDU $c_1,$t_2 - sltu $c_2,$c_1,$t_2 - mflo ($t_1,$a_6,$b_2) - mfhi ($t_2,$a_6,$b_2) - $ADDU $c_3,$t_1 - sltu $at,$c_3,$t_1 - $MULTU ($a_5,$b_3) # mul_add_c(a[5],b[3],c3,c1,c2); - $ADDU $t_2,$at - $ADDU $c_1,$t_2 - sltu $at,$c_1,$t_2 - $ADDU $c_2,$at - mflo ($t_1,$a_5,$b_3) - mfhi ($t_2,$a_5,$b_3) - $ADDU $c_3,$t_1 - sltu $at,$c_3,$t_1 - $MULTU ($a_4,$b_4) # mul_add_c(a[4],b[4],c3,c1,c2); - $ADDU $t_2,$at - $ADDU $c_1,$t_2 - sltu $at,$c_1,$t_2 - $ADDU $c_2,$at - mflo ($t_1,$a_4,$b_4) - mfhi ($t_2,$a_4,$b_4) - $ADDU $c_3,$t_1 - sltu $at,$c_3,$t_1 - $MULTU ($a_3,$b_5) # mul_add_c(a[3],b[5],c3,c1,c2); - $ADDU $t_2,$at - $ADDU $c_1,$t_2 - sltu $at,$c_1,$t_2 - $ADDU $c_2,$at - mflo ($t_1,$a_3,$b_5) - mfhi ($t_2,$a_3,$b_5) - $ADDU $c_3,$t_1 - sltu $at,$c_3,$t_1 - $MULTU ($a_2,$b_6) # mul_add_c(a[2],b[6],c3,c1,c2); - $ADDU $t_2,$at - $ADDU $c_1,$t_2 - sltu $at,$c_1,$t_2 - $ADDU $c_2,$at - mflo ($t_1,$a_2,$b_6) - mfhi ($t_2,$a_2,$b_6) - $ADDU $c_3,$t_1 - sltu $at,$c_3,$t_1 - $MULTU ($a_1,$b_7) # mul_add_c(a[1],b[7],c3,c1,c2); - $ADDU $t_2,$at - $ADDU $c_1,$t_2 - sltu $at,$c_1,$t_2 - $ADDU $c_2,$at - mflo ($t_1,$a_1,$b_7) - mfhi ($t_2,$a_1,$b_7) - $ADDU $c_3,$t_1 - sltu $at,$c_3,$t_1 - $MULTU ($a_2,$b_7) # mul_add_c(a[2],b[7],c1,c2,c3); - $ADDU $t_2,$at - $ADDU $c_1,$t_2 - sltu $at,$c_1,$t_2 - $ADDU $c_2,$at - $ST $c_3,8*$BNSZ($a0) # r[8]=c3; - - mflo ($t_1,$a_2,$b_7) - mfhi ($t_2,$a_2,$b_7) - $ADDU $c_1,$t_1 - sltu $at,$c_1,$t_1 - $MULTU ($a_3,$b_6) # mul_add_c(a[3],b[6],c1,c2,c3); - $ADDU $t_2,$at - $ADDU $c_2,$t_2 - sltu $c_3,$c_2,$t_2 - mflo ($t_1,$a_3,$b_6) - mfhi ($t_2,$a_3,$b_6) - $ADDU $c_1,$t_1 - sltu $at,$c_1,$t_1 - $MULTU ($a_4,$b_5) # mul_add_c(a[4],b[5],c1,c2,c3); - $ADDU $t_2,$at - $ADDU $c_2,$t_2 - sltu $at,$c_2,$t_2 - $ADDU $c_3,$at - mflo ($t_1,$a_4,$b_5) - mfhi ($t_2,$a_4,$b_5) - $ADDU $c_1,$t_1 - sltu $at,$c_1,$t_1 - $MULTU ($a_5,$b_4) # mul_add_c(a[5],b[4],c1,c2,c3); - $ADDU $t_2,$at - $ADDU $c_2,$t_2 - sltu $at,$c_2,$t_2 - $ADDU $c_3,$at - mflo ($t_1,$a_5,$b_4) - mfhi ($t_2,$a_5,$b_4) - $ADDU $c_1,$t_1 - sltu $at,$c_1,$t_1 - $MULTU ($a_6,$b_3) # mul_add_c(a[6],b[3],c1,c2,c3); - $ADDU $t_2,$at - $ADDU $c_2,$t_2 - sltu $at,$c_2,$t_2 - $ADDU $c_3,$at - mflo ($t_1,$a_6,$b_3) - mfhi ($t_2,$a_6,$b_3) - $ADDU $c_1,$t_1 - sltu $at,$c_1,$t_1 - $MULTU ($a_7,$b_2) # mul_add_c(a[7],b[2],c1,c2,c3); - $ADDU $t_2,$at - $ADDU $c_2,$t_2 - sltu $at,$c_2,$t_2 - $ADDU $c_3,$at - mflo ($t_1,$a_7,$b_2) - mfhi ($t_2,$a_7,$b_2) - $ADDU $c_1,$t_1 - sltu $at,$c_1,$t_1 - $MULTU ($a_7,$b_3) # mul_add_c(a[7],b[3],c2,c3,c1); - $ADDU $t_2,$at - $ADDU $c_2,$t_2 - sltu $at,$c_2,$t_2 - $ADDU $c_3,$at - $ST $c_1,9*$BNSZ($a0) # r[9]=c1; - - mflo ($t_1,$a_7,$b_3) - mfhi ($t_2,$a_7,$b_3) - $ADDU $c_2,$t_1 - sltu $at,$c_2,$t_1 - $MULTU ($a_6,$b_4) # mul_add_c(a[6],b[4],c2,c3,c1); - $ADDU $t_2,$at - $ADDU $c_3,$t_2 - sltu $c_1,$c_3,$t_2 - mflo ($t_1,$a_6,$b_4) - mfhi ($t_2,$a_6,$b_4) - $ADDU $c_2,$t_1 - sltu $at,$c_2,$t_1 - $MULTU ($a_5,$b_5) # mul_add_c(a[5],b[5],c2,c3,c1); - $ADDU $t_2,$at - $ADDU $c_3,$t_2 - sltu $at,$c_3,$t_2 - $ADDU $c_1,$at - mflo ($t_1,$a_5,$b_5) - mfhi ($t_2,$a_5,$b_5) - $ADDU $c_2,$t_1 - sltu $at,$c_2,$t_1 - $MULTU ($a_4,$b_6) # mul_add_c(a[4],b[6],c2,c3,c1); - $ADDU $t_2,$at - $ADDU $c_3,$t_2 - sltu $at,$c_3,$t_2 - $ADDU $c_1,$at - mflo ($t_1,$a_4,$b_6) - mfhi ($t_2,$a_4,$b_6) - $ADDU $c_2,$t_1 - sltu $at,$c_2,$t_1 - $MULTU ($a_3,$b_7) # mul_add_c(a[3],b[7],c2,c3,c1); - $ADDU $t_2,$at - $ADDU $c_3,$t_2 - sltu $at,$c_3,$t_2 - $ADDU $c_1,$at - mflo ($t_1,$a_3,$b_7) - mfhi ($t_2,$a_3,$b_7) - $ADDU $c_2,$t_1 - sltu $at,$c_2,$t_1 - $MULTU ($a_4,$b_7) # mul_add_c(a[4],b[7],c3,c1,c2); - $ADDU $t_2,$at - $ADDU $c_3,$t_2 - sltu $at,$c_3,$t_2 - $ADDU $c_1,$at - $ST $c_2,10*$BNSZ($a0) # r[10]=c2; - - mflo ($t_1,$a_4,$b_7) - mfhi ($t_2,$a_4,$b_7) - $ADDU $c_3,$t_1 - sltu $at,$c_3,$t_1 - $MULTU ($a_5,$b_6) # mul_add_c(a[5],b[6],c3,c1,c2); - $ADDU $t_2,$at - $ADDU $c_1,$t_2 - sltu $c_2,$c_1,$t_2 - mflo ($t_1,$a_5,$b_6) - mfhi ($t_2,$a_5,$b_6) - $ADDU $c_3,$t_1 - sltu $at,$c_3,$t_1 - $MULTU ($a_6,$b_5) # mul_add_c(a[6],b[5],c3,c1,c2); - $ADDU $t_2,$at - $ADDU $c_1,$t_2 - sltu $at,$c_1,$t_2 - $ADDU $c_2,$at - mflo ($t_1,$a_6,$b_5) - mfhi ($t_2,$a_6,$b_5) - $ADDU $c_3,$t_1 - sltu $at,$c_3,$t_1 - $MULTU ($a_7,$b_4) # mul_add_c(a[7],b[4],c3,c1,c2); - $ADDU $t_2,$at - $ADDU $c_1,$t_2 - sltu $at,$c_1,$t_2 - $ADDU $c_2,$at - mflo ($t_1,$a_7,$b_4) - mfhi ($t_2,$a_7,$b_4) - $ADDU $c_3,$t_1 - sltu $at,$c_3,$t_1 - $MULTU ($a_7,$b_5) # mul_add_c(a[7],b[5],c1,c2,c3); - $ADDU $t_2,$at - $ADDU $c_1,$t_2 - sltu $at,$c_1,$t_2 - $ADDU $c_2,$at - $ST $c_3,11*$BNSZ($a0) # r[11]=c3; - - mflo ($t_1,$a_7,$b_5) - mfhi ($t_2,$a_7,$b_5) - $ADDU $c_1,$t_1 - sltu $at,$c_1,$t_1 - $MULTU ($a_6,$b_6) # mul_add_c(a[6],b[6],c1,c2,c3); - $ADDU $t_2,$at - $ADDU $c_2,$t_2 - sltu $c_3,$c_2,$t_2 - mflo ($t_1,$a_6,$b_6) - mfhi ($t_2,$a_6,$b_6) - $ADDU $c_1,$t_1 - sltu $at,$c_1,$t_1 - $MULTU ($a_5,$b_7) # mul_add_c(a[5],b[7],c1,c2,c3); - $ADDU $t_2,$at - $ADDU $c_2,$t_2 - sltu $at,$c_2,$t_2 - $ADDU $c_3,$at - mflo ($t_1,$a_5,$b_7) - mfhi ($t_2,$a_5,$b_7) - $ADDU $c_1,$t_1 - sltu $at,$c_1,$t_1 - $MULTU ($a_6,$b_7) # mul_add_c(a[6],b[7],c2,c3,c1); - $ADDU $t_2,$at - $ADDU $c_2,$t_2 - sltu $at,$c_2,$t_2 - $ADDU $c_3,$at - $ST $c_1,12*$BNSZ($a0) # r[12]=c1; - - mflo ($t_1,$a_6,$b_7) - mfhi ($t_2,$a_6,$b_7) - $ADDU $c_2,$t_1 - sltu $at,$c_2,$t_1 - $MULTU ($a_7,$b_6) # mul_add_c(a[7],b[6],c2,c3,c1); - $ADDU $t_2,$at - $ADDU $c_3,$t_2 - sltu $c_1,$c_3,$t_2 - mflo ($t_1,$a_7,$b_6) - mfhi ($t_2,$a_7,$b_6) - $ADDU $c_2,$t_1 - sltu $at,$c_2,$t_1 - $MULTU ($a_7,$b_7) # mul_add_c(a[7],b[7],c3,c1,c2); - $ADDU $t_2,$at - $ADDU $c_3,$t_2 - sltu $at,$c_3,$t_2 - $ADDU $c_1,$at - $ST $c_2,13*$BNSZ($a0) # r[13]=c2; - - mflo ($t_1,$a_7,$b_7) - mfhi ($t_2,$a_7,$b_7) - $ADDU $c_3,$t_1 - sltu $at,$c_3,$t_1 - $ADDU $t_2,$at - $ADDU $c_1,$t_2 - $ST $c_3,14*$BNSZ($a0) # r[14]=c3; - $ST $c_1,15*$BNSZ($a0) # r[15]=c1; - - .set noreorder -___ -$code.=<<___ if ($flavour =~ /nubi/i); - $REG_L $s5,10*$SZREG($sp) - $REG_L $s4,9*$SZREG($sp) - $REG_L $s3,8*$SZREG($sp) - $REG_L $s2,7*$SZREG($sp) - $REG_L $s1,6*$SZREG($sp) - $REG_L $s0,5*$SZREG($sp) - $REG_L $t3,4*$SZREG($sp) - $REG_L $t2,3*$SZREG($sp) - $REG_L $t1,2*$SZREG($sp) - $REG_L $t0,1*$SZREG($sp) - $REG_L $gp,0*$SZREG($sp) - jr $ra - $PTR_ADD $sp,12*$SZREG -___ -$code.=<<___ if ($flavour !~ /nubi/i); - $REG_L $s5,5*$SZREG($sp) - $REG_L $s4,4*$SZREG($sp) - $REG_L $s3,3*$SZREG($sp) - $REG_L $s2,2*$SZREG($sp) - $REG_L $s1,1*$SZREG($sp) - $REG_L $s0,0*$SZREG($sp) - jr $ra - $PTR_ADD $sp,6*$SZREG -___ -$code.=<<___; -.end bn_mul_comba8 - -.align 5 -.globl bn_mul_comba4 -.ent bn_mul_comba4 -bn_mul_comba4: -___ -$code.=<<___ if ($flavour =~ /nubi/i); - .frame $sp,6*$SZREG,$ra - .mask 0x8000f008,-$SZREG - .set noreorder - $PTR_SUB $sp,6*$SZREG - $REG_S $ra,5*$SZREG($sp) - $REG_S $t3,4*$SZREG($sp) - $REG_S $t2,3*$SZREG($sp) - $REG_S $t1,2*$SZREG($sp) - $REG_S $t0,1*$SZREG($sp) - $REG_S $gp,0*$SZREG($sp) -___ -$code.=<<___; - .set reorder - $LD $a_0,0($a1) - $LD $b_0,0($a2) - $LD $a_1,$BNSZ($a1) - $LD $a_2,2*$BNSZ($a1) - $MULTU ($a_0,$b_0) # mul_add_c(a[0],b[0],c1,c2,c3); - $LD $a_3,3*$BNSZ($a1) - $LD $b_1,$BNSZ($a2) - $LD $b_2,2*$BNSZ($a2) - $LD $b_3,3*$BNSZ($a2) - mflo ($c_1,$a_0,$b_0) - mfhi ($c_2,$a_0,$b_0) - $ST $c_1,0($a0) - - $MULTU ($a_0,$b_1) # mul_add_c(a[0],b[1],c2,c3,c1); - mflo ($t_1,$a_0,$b_1) - mfhi ($t_2,$a_0,$b_1) - $ADDU $c_2,$t_1 - sltu $at,$c_2,$t_1 - $MULTU ($a_1,$b_0) # mul_add_c(a[1],b[0],c2,c3,c1); - $ADDU $c_3,$t_2,$at - mflo ($t_1,$a_1,$b_0) - mfhi ($t_2,$a_1,$b_0) - $ADDU $c_2,$t_1 - sltu $at,$c_2,$t_1 - $MULTU ($a_2,$b_0) # mul_add_c(a[2],b[0],c3,c1,c2); - $ADDU $t_2,$at - $ADDU $c_3,$t_2 - sltu $c_1,$c_3,$t_2 - $ST $c_2,$BNSZ($a0) - - mflo ($t_1,$a_2,$b_0) - mfhi ($t_2,$a_2,$b_0) - $ADDU $c_3,$t_1 - sltu $at,$c_3,$t_1 - $MULTU ($a_1,$b_1) # mul_add_c(a[1],b[1],c3,c1,c2); - $ADDU $t_2,$at - $ADDU $c_1,$t_2 - mflo ($t_1,$a_1,$b_1) - mfhi ($t_2,$a_1,$b_1) - $ADDU $c_3,$t_1 - sltu $at,$c_3,$t_1 - $MULTU ($a_0,$b_2) # mul_add_c(a[0],b[2],c3,c1,c2); - $ADDU $t_2,$at - $ADDU $c_1,$t_2 - sltu $c_2,$c_1,$t_2 - mflo ($t_1,$a_0,$b_2) - mfhi ($t_2,$a_0,$b_2) - $ADDU $c_3,$t_1 - sltu $at,$c_3,$t_1 - $MULTU ($a_0,$b_3) # mul_add_c(a[0],b[3],c1,c2,c3); - $ADDU $t_2,$at - $ADDU $c_1,$t_2 - sltu $at,$c_1,$t_2 - $ADDU $c_2,$at - $ST $c_3,2*$BNSZ($a0) - - mflo ($t_1,$a_0,$b_3) - mfhi ($t_2,$a_0,$b_3) - $ADDU $c_1,$t_1 - sltu $at,$c_1,$t_1 - $MULTU ($a_1,$b_2) # mul_add_c(a[1],b[2],c1,c2,c3); - $ADDU $t_2,$at - $ADDU $c_2,$t_2 - sltu $c_3,$c_2,$t_2 - mflo ($t_1,$a_1,$b_2) - mfhi ($t_2,$a_1,$b_2) - $ADDU $c_1,$t_1 - sltu $at,$c_1,$t_1 - $MULTU ($a_2,$b_1) # mul_add_c(a[2],b[1],c1,c2,c3); - $ADDU $t_2,$at - $ADDU $c_2,$t_2 - sltu $at,$c_2,$t_2 - $ADDU $c_3,$at - mflo ($t_1,$a_2,$b_1) - mfhi ($t_2,$a_2,$b_1) - $ADDU $c_1,$t_1 - sltu $at,$c_1,$t_1 - $MULTU ($a_3,$b_0) # mul_add_c(a[3],b[0],c1,c2,c3); - $ADDU $t_2,$at - $ADDU $c_2,$t_2 - sltu $at,$c_2,$t_2 - $ADDU $c_3,$at - mflo ($t_1,$a_3,$b_0) - mfhi ($t_2,$a_3,$b_0) - $ADDU $c_1,$t_1 - sltu $at,$c_1,$t_1 - $MULTU ($a_3,$b_1) # mul_add_c(a[3],b[1],c2,c3,c1); - $ADDU $t_2,$at - $ADDU $c_2,$t_2 - sltu $at,$c_2,$t_2 - $ADDU $c_3,$at - $ST $c_1,3*$BNSZ($a0) - - mflo ($t_1,$a_3,$b_1) - mfhi ($t_2,$a_3,$b_1) - $ADDU $c_2,$t_1 - sltu $at,$c_2,$t_1 - $MULTU ($a_2,$b_2) # mul_add_c(a[2],b[2],c2,c3,c1); - $ADDU $t_2,$at - $ADDU $c_3,$t_2 - sltu $c_1,$c_3,$t_2 - mflo ($t_1,$a_2,$b_2) - mfhi ($t_2,$a_2,$b_2) - $ADDU $c_2,$t_1 - sltu $at,$c_2,$t_1 - $MULTU ($a_1,$b_3) # mul_add_c(a[1],b[3],c2,c3,c1); - $ADDU $t_2,$at - $ADDU $c_3,$t_2 - sltu $at,$c_3,$t_2 - $ADDU $c_1,$at - mflo ($t_1,$a_1,$b_3) - mfhi ($t_2,$a_1,$b_3) - $ADDU $c_2,$t_1 - sltu $at,$c_2,$t_1 - $MULTU ($a_2,$b_3) # mul_add_c(a[2],b[3],c3,c1,c2); - $ADDU $t_2,$at - $ADDU $c_3,$t_2 - sltu $at,$c_3,$t_2 - $ADDU $c_1,$at - $ST $c_2,4*$BNSZ($a0) - - mflo ($t_1,$a_2,$b_3) - mfhi ($t_2,$a_2,$b_3) - $ADDU $c_3,$t_1 - sltu $at,$c_3,$t_1 - $MULTU ($a_3,$b_2) # mul_add_c(a[3],b[2],c3,c1,c2); - $ADDU $t_2,$at - $ADDU $c_1,$t_2 - sltu $c_2,$c_1,$t_2 - mflo ($t_1,$a_3,$b_2) - mfhi ($t_2,$a_3,$b_2) - $ADDU $c_3,$t_1 - sltu $at,$c_3,$t_1 - $MULTU ($a_3,$b_3) # mul_add_c(a[3],b[3],c1,c2,c3); - $ADDU $t_2,$at - $ADDU $c_1,$t_2 - sltu $at,$c_1,$t_2 - $ADDU $c_2,$at - $ST $c_3,5*$BNSZ($a0) - - mflo ($t_1,$a_3,$b_3) - mfhi ($t_2,$a_3,$b_3) - $ADDU $c_1,$t_1 - sltu $at,$c_1,$t_1 - $ADDU $t_2,$at - $ADDU $c_2,$t_2 - $ST $c_1,6*$BNSZ($a0) - $ST $c_2,7*$BNSZ($a0) - - .set noreorder -___ -$code.=<<___ if ($flavour =~ /nubi/i); - $REG_L $t3,4*$SZREG($sp) - $REG_L $t2,3*$SZREG($sp) - $REG_L $t1,2*$SZREG($sp) - $REG_L $t0,1*$SZREG($sp) - $REG_L $gp,0*$SZREG($sp) - $PTR_ADD $sp,6*$SZREG -___ -$code.=<<___; - jr $ra - nop -.end bn_mul_comba4 -___ - -($a_4,$a_5,$a_6,$a_7)=($b_0,$b_1,$b_2,$b_3); - -sub add_c2 () { -my ($hi,$lo,$c0,$c1,$c2, - $warm, # !$warm denotes first call with specific sequence of - # $c_[XYZ] when there is no Z-carry to accumulate yet; - $an,$bn # these two are arguments for multiplication which - # result is used in *next* step [which is why it's - # commented as "forward multiplication" below]; - )=@_; -$code.=<<___; - $ADDU $c0,$lo - sltu $at,$c0,$lo - $MULTU ($an,$bn) # forward multiplication - $ADDU $c0,$lo - $ADDU $at,$hi - sltu $lo,$c0,$lo - $ADDU $c1,$at - $ADDU $hi,$lo -___ -$code.=<<___ if (!$warm); - sltu $c2,$c1,$at - $ADDU $c1,$hi -___ -$code.=<<___ if ($warm); - sltu $at,$c1,$at - $ADDU $c1,$hi - $ADDU $c2,$at -___ -$code.=<<___; - sltu $hi,$c1,$hi - $ADDU $c2,$hi - mflo ($lo,$an,$bn) - mfhi ($hi,$an,$bn) -___ -} - -$code.=<<___; - -.align 5 -.globl bn_sqr_comba8 -.ent bn_sqr_comba8 -bn_sqr_comba8: -___ -$code.=<<___ if ($flavour =~ /nubi/i); - .frame $sp,6*$SZREG,$ra - .mask 0x8000f008,-$SZREG - .set noreorder - $PTR_SUB $sp,6*$SZREG - $REG_S $ra,5*$SZREG($sp) - $REG_S $t3,4*$SZREG($sp) - $REG_S $t2,3*$SZREG($sp) - $REG_S $t1,2*$SZREG($sp) - $REG_S $t0,1*$SZREG($sp) - $REG_S $gp,0*$SZREG($sp) -___ -$code.=<<___; - .set reorder - $LD $a_0,0($a1) - $LD $a_1,$BNSZ($a1) - $LD $a_2,2*$BNSZ($a1) - $LD $a_3,3*$BNSZ($a1) - - $MULTU ($a_0,$a_0) # mul_add_c(a[0],b[0],c1,c2,c3); - $LD $a_4,4*$BNSZ($a1) - $LD $a_5,5*$BNSZ($a1) - $LD $a_6,6*$BNSZ($a1) - $LD $a_7,7*$BNSZ($a1) - mflo ($c_1,$a_0,$a_0) - mfhi ($c_2,$a_0,$a_0) - $ST $c_1,0($a0) - - $MULTU ($a_0,$a_1) # mul_add_c2(a[0],b[1],c2,c3,c1); - mflo ($t_1,$a_0,$a_1) - mfhi ($t_2,$a_0,$a_1) - slt $c_1,$t_2,$zero - $SLL $t_2,1 - $MULTU ($a_2,$a_0) # mul_add_c2(a[2],b[0],c3,c1,c2); - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_2,$t_1 - sltu $at,$c_2,$t_1 - $ADDU $c_3,$t_2,$at - $ST $c_2,$BNSZ($a0) - sltu $at,$c_3,$t_2 - $ADDU $c_1,$at - mflo ($t_1,$a_2,$a_0) - mfhi ($t_2,$a_2,$a_0) -___ - &add_c2($t_2,$t_1,$c_3,$c_1,$c_2,0, - $a_1,$a_1); # mul_add_c(a[1],b[1],c3,c1,c2); -$code.=<<___; - $ADDU $c_3,$t_1 - sltu $at,$c_3,$t_1 - $MULTU ($a_0,$a_3) # mul_add_c2(a[0],b[3],c1,c2,c3); - $ADDU $t_2,$at - $ADDU $c_1,$t_2 - sltu $at,$c_1,$t_2 - $ADDU $c_2,$at - $ST $c_3,2*$BNSZ($a0) - mflo ($t_1,$a_0,$a_3) - mfhi ($t_2,$a_0,$a_3) -___ - &add_c2($t_2,$t_1,$c_1,$c_2,$c_3,0, - $a_1,$a_2); # mul_add_c2(a[1],b[2],c1,c2,c3); - &add_c2($t_2,$t_1,$c_1,$c_2,$c_3,1, - $a_4,$a_0); # mul_add_c2(a[4],b[0],c2,c3,c1); -$code.=<<___; - $ST $c_1,3*$BNSZ($a0) -___ - &add_c2($t_2,$t_1,$c_2,$c_3,$c_1,0, - $a_3,$a_1); # mul_add_c2(a[3],b[1],c2,c3,c1); - &add_c2($t_2,$t_1,$c_2,$c_3,$c_1,1, - $a_2,$a_2); # mul_add_c(a[2],b[2],c2,c3,c1); -$code.=<<___; - $ADDU $c_2,$t_1 - sltu $at,$c_2,$t_1 - $MULTU ($a_0,$a_5) # mul_add_c2(a[0],b[5],c3,c1,c2); - $ADDU $t_2,$at - $ADDU $c_3,$t_2 - sltu $at,$c_3,$t_2 - $ADDU $c_1,$at - $ST $c_2,4*$BNSZ($a0) - mflo ($t_1,$a_0,$a_5) - mfhi ($t_2,$a_0,$a_5) -___ - &add_c2($t_2,$t_1,$c_3,$c_1,$c_2,0, - $a_1,$a_4); # mul_add_c2(a[1],b[4],c3,c1,c2); - &add_c2($t_2,$t_1,$c_3,$c_1,$c_2,1, - $a_2,$a_3); # mul_add_c2(a[2],b[3],c3,c1,c2); - &add_c2($t_2,$t_1,$c_3,$c_1,$c_2,1, - $a_6,$a_0); # mul_add_c2(a[6],b[0],c1,c2,c3); -$code.=<<___; - $ST $c_3,5*$BNSZ($a0) -___ - &add_c2($t_2,$t_1,$c_1,$c_2,$c_3,0, - $a_5,$a_1); # mul_add_c2(a[5],b[1],c1,c2,c3); - &add_c2($t_2,$t_1,$c_1,$c_2,$c_3,1, - $a_4,$a_2); # mul_add_c2(a[4],b[2],c1,c2,c3); - &add_c2($t_2,$t_1,$c_1,$c_2,$c_3,1, - $a_3,$a_3); # mul_add_c(a[3],b[3],c1,c2,c3); -$code.=<<___; - $ADDU $c_1,$t_1 - sltu $at,$c_1,$t_1 - $MULTU ($a_0,$a_7) # mul_add_c2(a[0],b[7],c2,c3,c1); - $ADDU $t_2,$at - $ADDU $c_2,$t_2 - sltu $at,$c_2,$t_2 - $ADDU $c_3,$at - $ST $c_1,6*$BNSZ($a0) - mflo ($t_1,$a_0,$a_7) - mfhi ($t_2,$a_0,$a_7) -___ - &add_c2($t_2,$t_1,$c_2,$c_3,$c_1,0, - $a_1,$a_6); # mul_add_c2(a[1],b[6],c2,c3,c1); - &add_c2($t_2,$t_1,$c_2,$c_3,$c_1,1, - $a_2,$a_5); # mul_add_c2(a[2],b[5],c2,c3,c1); - &add_c2($t_2,$t_1,$c_2,$c_3,$c_1,1, - $a_3,$a_4); # mul_add_c2(a[3],b[4],c2,c3,c1); - &add_c2($t_2,$t_1,$c_2,$c_3,$c_1,1, - $a_7,$a_1); # mul_add_c2(a[7],b[1],c3,c1,c2); -$code.=<<___; - $ST $c_2,7*$BNSZ($a0) -___ - &add_c2($t_2,$t_1,$c_3,$c_1,$c_2,0, - $a_6,$a_2); # mul_add_c2(a[6],b[2],c3,c1,c2); - &add_c2($t_2,$t_1,$c_3,$c_1,$c_2,1, - $a_5,$a_3); # mul_add_c2(a[5],b[3],c3,c1,c2); - &add_c2($t_2,$t_1,$c_3,$c_1,$c_2,1, - $a_4,$a_4); # mul_add_c(a[4],b[4],c3,c1,c2); -$code.=<<___; - $ADDU $c_3,$t_1 - sltu $at,$c_3,$t_1 - $MULTU ($a_2,$a_7) # mul_add_c2(a[2],b[7],c1,c2,c3); - $ADDU $t_2,$at - $ADDU $c_1,$t_2 - sltu $at,$c_1,$t_2 - $ADDU $c_2,$at - $ST $c_3,8*$BNSZ($a0) - mflo ($t_1,$a_2,$a_7) - mfhi ($t_2,$a_2,$a_7) -___ - &add_c2($t_2,$t_1,$c_1,$c_2,$c_3,0, - $a_3,$a_6); # mul_add_c2(a[3],b[6],c1,c2,c3); - &add_c2($t_2,$t_1,$c_1,$c_2,$c_3,1, - $a_4,$a_5); # mul_add_c2(a[4],b[5],c1,c2,c3); - &add_c2($t_2,$t_1,$c_1,$c_2,$c_3,1, - $a_7,$a_3); # mul_add_c2(a[7],b[3],c2,c3,c1); -$code.=<<___; - $ST $c_1,9*$BNSZ($a0) -___ - &add_c2($t_2,$t_1,$c_2,$c_3,$c_1,0, - $a_6,$a_4); # mul_add_c2(a[6],b[4],c2,c3,c1); - &add_c2($t_2,$t_1,$c_2,$c_3,$c_1,1, - $a_5,$a_5); # mul_add_c(a[5],b[5],c2,c3,c1); -$code.=<<___; - $ADDU $c_2,$t_1 - sltu $at,$c_2,$t_1 - $MULTU ($a_4,$a_7) # mul_add_c2(a[4],b[7],c3,c1,c2); - $ADDU $t_2,$at - $ADDU $c_3,$t_2 - sltu $at,$c_3,$t_2 - $ADDU $c_1,$at - $ST $c_2,10*$BNSZ($a0) - mflo ($t_1,$a_4,$a_7) - mfhi ($t_2,$a_4,$a_7) -___ - &add_c2($t_2,$t_1,$c_3,$c_1,$c_2,0, - $a_5,$a_6); # mul_add_c2(a[5],b[6],c3,c1,c2); - &add_c2($t_2,$t_1,$c_3,$c_1,$c_2,1, - $a_7,$a_5); # mul_add_c2(a[7],b[5],c1,c2,c3); -$code.=<<___; - $ST $c_3,11*$BNSZ($a0) -___ - &add_c2($t_2,$t_1,$c_1,$c_2,$c_3,0, - $a_6,$a_6); # mul_add_c(a[6],b[6],c1,c2,c3); -$code.=<<___; - $ADDU $c_1,$t_1 - sltu $at,$c_1,$t_1 - $MULTU ($a_6,$a_7) # mul_add_c2(a[6],b[7],c2,c3,c1); - $ADDU $t_2,$at - $ADDU $c_2,$t_2 - sltu $at,$c_2,$t_2 - $ADDU $c_3,$at - $ST $c_1,12*$BNSZ($a0) - mflo ($t_1,$a_6,$a_7) - mfhi ($t_2,$a_6,$a_7) -___ - &add_c2($t_2,$t_1,$c_2,$c_3,$c_1,0, - $a_7,$a_7); # mul_add_c(a[7],b[7],c3,c1,c2); -$code.=<<___; - $ST $c_2,13*$BNSZ($a0) - - $ADDU $c_3,$t_1 - sltu $at,$c_3,$t_1 - $ADDU $t_2,$at - $ADDU $c_1,$t_2 - $ST $c_3,14*$BNSZ($a0) - $ST $c_1,15*$BNSZ($a0) - - .set noreorder -___ -$code.=<<___ if ($flavour =~ /nubi/i); - $REG_L $t3,4*$SZREG($sp) - $REG_L $t2,3*$SZREG($sp) - $REG_L $t1,2*$SZREG($sp) - $REG_L $t0,1*$SZREG($sp) - $REG_L $gp,0*$SZREG($sp) - $PTR_ADD $sp,6*$SZREG -___ -$code.=<<___; - jr $ra - nop -.end bn_sqr_comba8 - -.align 5 -.globl bn_sqr_comba4 -.ent bn_sqr_comba4 -bn_sqr_comba4: -___ -$code.=<<___ if ($flavour =~ /nubi/i); - .frame $sp,6*$SZREG,$ra - .mask 0x8000f008,-$SZREG - .set noreorder - $PTR_SUB $sp,6*$SZREG - $REG_S $ra,5*$SZREG($sp) - $REG_S $t3,4*$SZREG($sp) - $REG_S $t2,3*$SZREG($sp) - $REG_S $t1,2*$SZREG($sp) - $REG_S $t0,1*$SZREG($sp) - $REG_S $gp,0*$SZREG($sp) -___ -$code.=<<___; - .set reorder - $LD $a_0,0($a1) - $LD $a_1,$BNSZ($a1) - $MULTU ($a_0,$a_0) # mul_add_c(a[0],b[0],c1,c2,c3); - $LD $a_2,2*$BNSZ($a1) - $LD $a_3,3*$BNSZ($a1) - mflo ($c_1,$a_0,$a_0) - mfhi ($c_2,$a_0,$a_0) - $ST $c_1,0($a0) - - $MULTU ($a_0,$a_1) # mul_add_c2(a[0],b[1],c2,c3,c1); - mflo ($t_1,$a_0,$a_1) - mfhi ($t_2,$a_0,$a_1) - slt $c_1,$t_2,$zero - $SLL $t_2,1 - $MULTU ($a_2,$a_0) # mul_add_c2(a[2],b[0],c3,c1,c2); - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_2,$t_1 - sltu $at,$c_2,$t_1 - $ADDU $c_3,$t_2,$at - $ST $c_2,$BNSZ($a0) - sltu $at,$c_3,$t_2 - $ADDU $c_1,$at - mflo ($t_1,$a_2,$a_0) - mfhi ($t_2,$a_2,$a_0) -___ - &add_c2($t_2,$t_1,$c_3,$c_1,$c_2,0, - $a_1,$a_1); # mul_add_c(a[1],b[1],c3,c1,c2); -$code.=<<___; - $ADDU $c_3,$t_1 - sltu $at,$c_3,$t_1 - $MULTU ($a_0,$a_3) # mul_add_c2(a[0],b[3],c1,c2,c3); - $ADDU $t_2,$at - $ADDU $c_1,$t_2 - sltu $at,$c_1,$t_2 - $ADDU $c_2,$at - $ST $c_3,2*$BNSZ($a0) - mflo ($t_1,$a_0,$a_3) - mfhi ($t_2,$a_0,$a_3) -___ - &add_c2($t_2,$t_1,$c_1,$c_2,$c_3,0, - $a_1,$a_2); # mul_add_c2(a2[1],b[2],c1,c2,c3); - &add_c2($t_2,$t_1,$c_1,$c_2,$c_3,1, - $a_3,$a_1); # mul_add_c2(a[3],b[1],c2,c3,c1); -$code.=<<___; - $ST $c_1,3*$BNSZ($a0) -___ - &add_c2($t_2,$t_1,$c_2,$c_3,$c_1,0, - $a_2,$a_2); # mul_add_c(a[2],b[2],c2,c3,c1); -$code.=<<___; - $ADDU $c_2,$t_1 - sltu $at,$c_2,$t_1 - $MULTU ($a_2,$a_3) # mul_add_c2(a[2],b[3],c3,c1,c2); - $ADDU $t_2,$at - $ADDU $c_3,$t_2 - sltu $at,$c_3,$t_2 - $ADDU $c_1,$at - $ST $c_2,4*$BNSZ($a0) - mflo ($t_1,$a_2,$a_3) - mfhi ($t_2,$a_2,$a_3) -___ - &add_c2($t_2,$t_1,$c_3,$c_1,$c_2,0, - $a_3,$a_3); # mul_add_c(a[3],b[3],c1,c2,c3); -$code.=<<___; - $ST $c_3,5*$BNSZ($a0) - - $ADDU $c_1,$t_1 - sltu $at,$c_1,$t_1 - $ADDU $t_2,$at - $ADDU $c_2,$t_2 - $ST $c_1,6*$BNSZ($a0) - $ST $c_2,7*$BNSZ($a0) - - .set noreorder -___ -$code.=<<___ if ($flavour =~ /nubi/i); - $REG_L $t3,4*$SZREG($sp) - $REG_L $t2,3*$SZREG($sp) - $REG_L $t1,2*$SZREG($sp) - $REG_L $t0,1*$SZREG($sp) - $REG_L $gp,0*$SZREG($sp) - $PTR_ADD $sp,6*$SZREG -___ -$code.=<<___; - jr $ra - nop -.end bn_sqr_comba4 -___ -print $code; -close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/bn/asm/parisc-mont.pl b/crypto/bn/asm/parisc-mont.pl deleted file mode 100644 index d6ca83c40bacbbd5fda2482cbf7e23db88e89fe8..0000000000000000000000000000000000000000 --- a/crypto/bn/asm/parisc-mont.pl +++ /dev/null @@ -1,1008 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2009-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - - -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# ==================================================================== - -# On PA-7100LC this module performs ~90-50% better, less for longer -# keys, than code generated by gcc 3.2 for PA-RISC 1.1. Latter means -# that compiler utilized xmpyu instruction to perform 32x32=64-bit -# multiplication, which in turn means that "baseline" performance was -# optimal in respect to instruction set capabilities. Fair comparison -# with vendor compiler is problematic, because OpenSSL doesn't define -# BN_LLONG [presumably] for historical reasons, which drives compiler -# toward 4 times 16x16=32-bit multiplications [plus complementary -# shifts and additions] instead. This means that you should observe -# several times improvement over code generated by vendor compiler -# for PA-RISC 1.1, but the "baseline" is far from optimal. The actual -# improvement coefficient was never collected on PA-7100LC, or any -# other 1.1 CPU, because I don't have access to such machine with -# vendor compiler. But to give you a taste, PA-RISC 1.1 code path -# reportedly outperformed code generated by cc +DA1.1 +O3 by factor -# of ~5x on PA-8600. -# -# On PA-RISC 2.0 it has to compete with pa-risc2[W].s, which is -# reportedly ~2x faster than vendor compiler generated code [according -# to comment in pa-risc2[W].s]. Here comes a catch. Execution core of -# this implementation is actually 32-bit one, in the sense that it -# operates on 32-bit values. But pa-risc2[W].s operates on arrays of -# 64-bit BN_LONGs... How do they interoperate then? No problem. This -# module picks halves of 64-bit values in reverse order and pretends -# they were 32-bit BN_LONGs. But can 32-bit core compete with "pure" -# 64-bit code such as pa-risc2[W].s then? Well, the thing is that -# 32x32=64-bit multiplication is the best even PA-RISC 2.0 can do, -# i.e. there is no "wider" multiplication like on most other 64-bit -# platforms. This means that even being effectively 32-bit, this -# implementation performs "64-bit" computational task in same amount -# of arithmetic operations, most notably multiplications. It requires -# more memory references, most notably to tp[num], but this doesn't -# seem to exhaust memory port capacity. And indeed, dedicated PA-RISC -# 2.0 code path provides virtually same performance as pa-risc2[W].s: -# it's ~10% better for shortest key length and ~10% worse for longest -# one. -# -# In case it wasn't clear. The module has two distinct code paths: -# PA-RISC 1.1 and PA-RISC 2.0 ones. Latter features carry-free 64-bit -# additions and 64-bit integer loads, not to mention specific -# instruction scheduling. In 64-bit build naturally only 2.0 code path -# is assembled. In 32-bit application context both code paths are -# assembled, PA-RISC 2.0 CPU is detected at run-time and proper path -# is taken automatically. Also, in 32-bit build the module imposes -# couple of limitations: vector lengths has to be even and vector -# addresses has to be 64-bit aligned. Normally neither is a problem: -# most common key lengths are even and vectors are commonly malloc-ed, -# which ensures alignment. -# -# Special thanks to polarhome.com for providing HP-UX account on -# PA-RISC 1.1 machine, and to correspondent who chose to remain -# anonymous for testing the code on PA-RISC 2.0 machine. - -$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; - -# $output is the last argument if it looks like a file (it has an extension) -# $flavour is the first argument if it doesn't look like a file -$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; -$flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef; - -$output and open STDOUT,">$output"; - -if ($flavour =~ /64/) { - $LEVEL ="2.0W"; - $SIZE_T =8; - $FRAME_MARKER =80; - $SAVED_RP =16; - $PUSH ="std"; - $PUSHMA ="std,ma"; - $POP ="ldd"; - $POPMB ="ldd,mb"; - $BN_SZ =$SIZE_T; -} else { - $LEVEL ="1.1"; #$LEVEL.="\n\t.ALLOW\t2.0"; - $SIZE_T =4; - $FRAME_MARKER =48; - $SAVED_RP =20; - $PUSH ="stw"; - $PUSHMA ="stwm"; - $POP ="ldw"; - $POPMB ="ldwm"; - $BN_SZ =$SIZE_T; - if (open CONF,"<${dir}../../opensslconf.h") { - while() { - if (m/#\s*define\s+SIXTY_FOUR_BIT/) { - $BN_SZ=8; - $LEVEL="2.0"; - last; - } - } - close CONF; - } -} - -$FRAME=8*$SIZE_T+$FRAME_MARKER; # 8 saved regs + frame marker - # [+ argument transfer] -$LOCALS=$FRAME-$FRAME_MARKER; -$FRAME+=32; # local variables - -$tp="%r31"; -$ti1="%r29"; -$ti0="%r28"; - -$rp="%r26"; -$ap="%r25"; -$bp="%r24"; -$np="%r23"; -$n0="%r22"; # passed through stack in 32-bit -$num="%r21"; # passed through stack in 32-bit -$idx="%r20"; -$arrsz="%r19"; - -$nm1="%r7"; -$nm0="%r6"; -$ab1="%r5"; -$ab0="%r4"; - -$fp="%r3"; -$hi1="%r2"; -$hi0="%r1"; - -$xfer=$n0; # accommodates [-16..15] offset in fld[dw]s - -$fm0="%fr4"; $fti=$fm0; -$fbi="%fr5L"; -$fn0="%fr5R"; -$fai="%fr6"; $fab0="%fr7"; $fab1="%fr8"; -$fni="%fr9"; $fnm0="%fr10"; $fnm1="%fr11"; - -$code=<<___; - .LEVEL $LEVEL - .SPACE \$TEXT\$ - .SUBSPA \$CODE\$,QUAD=0,ALIGN=8,ACCESS=0x2C,CODE_ONLY - - .EXPORT bn_mul_mont,ENTRY,ARGW0=GR,ARGW1=GR,ARGW2=GR,ARGW3=GR - .ALIGN 64 -bn_mul_mont - .PROC - .CALLINFO FRAME=`$FRAME-8*$SIZE_T`,NO_CALLS,SAVE_RP,SAVE_SP,ENTRY_GR=6 - .ENTRY - $PUSH %r2,-$SAVED_RP(%sp) ; standard prologue - $PUSHMA %r3,$FRAME(%sp) - $PUSH %r4,`-$FRAME+1*$SIZE_T`(%sp) - $PUSH %r5,`-$FRAME+2*$SIZE_T`(%sp) - $PUSH %r6,`-$FRAME+3*$SIZE_T`(%sp) - $PUSH %r7,`-$FRAME+4*$SIZE_T`(%sp) - $PUSH %r8,`-$FRAME+5*$SIZE_T`(%sp) - $PUSH %r9,`-$FRAME+6*$SIZE_T`(%sp) - $PUSH %r10,`-$FRAME+7*$SIZE_T`(%sp) - ldo -$FRAME(%sp),$fp -___ -$code.=<<___ if ($SIZE_T==4); - ldw `-$FRAME_MARKER-4`($fp),$n0 - ldw `-$FRAME_MARKER-8`($fp),$num - nop - nop ; alignment -___ -$code.=<<___ if ($BN_SZ==4); - comiclr,<= 6,$num,%r0 ; are vectors long enough? - b L\$abort - ldi 0,%r28 ; signal "unhandled" - add,ev %r0,$num,$num ; is $num even? - b L\$abort - nop - or $ap,$np,$ti1 - extru,= $ti1,31,3,%r0 ; are ap and np 64-bit aligned? - b L\$abort - nop - nop ; alignment - nop - - fldws 0($n0),${fn0} - fldws,ma 4($bp),${fbi} ; bp[0] -___ -$code.=<<___ if ($BN_SZ==8); - comib,> 3,$num,L\$abort ; are vectors long enough? - ldi 0,%r28 ; signal "unhandled" - addl $num,$num,$num ; I operate on 32-bit values - - fldws 4($n0),${fn0} ; only low part of n0 - fldws 4($bp),${fbi} ; bp[0] in flipped word order -___ -$code.=<<___; - fldds 0($ap),${fai} ; ap[0,1] - fldds 0($np),${fni} ; np[0,1] - - sh2addl $num,%r0,$arrsz - ldi 31,$hi0 - ldo 36($arrsz),$hi1 ; space for tp[num+1] - andcm $hi1,$hi0,$hi1 ; align - addl $hi1,%sp,%sp - $PUSH $fp,-$SIZE_T(%sp) - - ldo `$LOCALS+16`($fp),$xfer - ldo `$LOCALS+32+4`($fp),$tp - - xmpyu ${fai}L,${fbi},${fab0} ; ap[0]*bp[0] - xmpyu ${fai}R,${fbi},${fab1} ; ap[1]*bp[0] - xmpyu ${fn0},${fab0}R,${fm0} - - addl $arrsz,$ap,$ap ; point at the end - addl $arrsz,$np,$np - subi 0,$arrsz,$idx ; j=0 - ldo 8($idx),$idx ; j++++ - - xmpyu ${fni}L,${fm0}R,${fnm0} ; np[0]*m - xmpyu ${fni}R,${fm0}R,${fnm1} ; np[1]*m - fstds ${fab0},-16($xfer) - fstds ${fnm0},-8($xfer) - fstds ${fab1},0($xfer) - fstds ${fnm1},8($xfer) - flddx $idx($ap),${fai} ; ap[2,3] - flddx $idx($np),${fni} ; np[2,3] -___ -$code.=<<___ if ($BN_SZ==4); - mtctl $hi0,%cr11 ; $hi0 still holds 31 - extrd,u,*= $hi0,%sar,1,$hi0 ; executes on PA-RISC 1.0 - b L\$parisc11 - nop -___ -$code.=<<___; # PA-RISC 2.0 code-path - xmpyu ${fai}L,${fbi},${fab0} ; ap[j]*bp[0] - xmpyu ${fni}L,${fm0}R,${fnm0} ; np[j]*m - ldd -16($xfer),$ab0 - fstds ${fab0},-16($xfer) - - extrd,u $ab0,31,32,$hi0 - extrd,u $ab0,63,32,$ab0 - ldd -8($xfer),$nm0 - fstds ${fnm0},-8($xfer) - ldo 8($idx),$idx ; j++++ - addl $ab0,$nm0,$nm0 ; low part is discarded - extrd,u $nm0,31,32,$hi1 - -L\$1st - xmpyu ${fai}R,${fbi},${fab1} ; ap[j+1]*bp[0] - xmpyu ${fni}R,${fm0}R,${fnm1} ; np[j+1]*m - ldd 0($xfer),$ab1 - fstds ${fab1},0($xfer) - addl $hi0,$ab1,$ab1 - extrd,u $ab1,31,32,$hi0 - ldd 8($xfer),$nm1 - fstds ${fnm1},8($xfer) - extrd,u $ab1,63,32,$ab1 - addl $hi1,$nm1,$nm1 - flddx $idx($ap),${fai} ; ap[j,j+1] - flddx $idx($np),${fni} ; np[j,j+1] - addl $ab1,$nm1,$nm1 - extrd,u $nm1,31,32,$hi1 - - xmpyu ${fai}L,${fbi},${fab0} ; ap[j]*bp[0] - xmpyu ${fni}L,${fm0}R,${fnm0} ; np[j]*m - ldd -16($xfer),$ab0 - fstds ${fab0},-16($xfer) - addl $hi0,$ab0,$ab0 - extrd,u $ab0,31,32,$hi0 - ldd -8($xfer),$nm0 - fstds ${fnm0},-8($xfer) - extrd,u $ab0,63,32,$ab0 - addl $hi1,$nm0,$nm0 - stw $nm1,-4($tp) ; tp[j-1] - addl $ab0,$nm0,$nm0 - stw,ma $nm0,8($tp) ; tp[j-1] - addib,<> 8,$idx,L\$1st ; j++++ - extrd,u $nm0,31,32,$hi1 - - xmpyu ${fai}R,${fbi},${fab1} ; ap[j]*bp[0] - xmpyu ${fni}R,${fm0}R,${fnm1} ; np[j]*m - ldd 0($xfer),$ab1 - fstds ${fab1},0($xfer) - addl $hi0,$ab1,$ab1 - extrd,u $ab1,31,32,$hi0 - ldd 8($xfer),$nm1 - fstds ${fnm1},8($xfer) - extrd,u $ab1,63,32,$ab1 - addl $hi1,$nm1,$nm1 - ldd -16($xfer),$ab0 - addl $ab1,$nm1,$nm1 - ldd -8($xfer),$nm0 - extrd,u $nm1,31,32,$hi1 - - addl $hi0,$ab0,$ab0 - extrd,u $ab0,31,32,$hi0 - stw $nm1,-4($tp) ; tp[j-1] - extrd,u $ab0,63,32,$ab0 - addl $hi1,$nm0,$nm0 - ldd 0($xfer),$ab1 - addl $ab0,$nm0,$nm0 - ldd,mb 8($xfer),$nm1 - extrd,u $nm0,31,32,$hi1 - stw,ma $nm0,8($tp) ; tp[j-1] - - ldo -1($num),$num ; i-- - subi 0,$arrsz,$idx ; j=0 -___ -$code.=<<___ if ($BN_SZ==4); - fldws,ma 4($bp),${fbi} ; bp[1] -___ -$code.=<<___ if ($BN_SZ==8); - fldws 0($bp),${fbi} ; bp[1] in flipped word order -___ -$code.=<<___; - flddx $idx($ap),${fai} ; ap[0,1] - flddx $idx($np),${fni} ; np[0,1] - fldws 8($xfer),${fti}R ; tp[0] - addl $hi0,$ab1,$ab1 - extrd,u $ab1,31,32,$hi0 - extrd,u $ab1,63,32,$ab1 - ldo 8($idx),$idx ; j++++ - xmpyu ${fai}L,${fbi},${fab0} ; ap[0]*bp[1] - xmpyu ${fai}R,${fbi},${fab1} ; ap[1]*bp[1] - addl $hi1,$nm1,$nm1 - addl $ab1,$nm1,$nm1 - extrd,u $nm1,31,32,$hi1 - fstws,mb ${fab0}L,-8($xfer) ; save high part - stw $nm1,-4($tp) ; tp[j-1] - - fcpy,sgl %fr0,${fti}L ; zero high part - fcpy,sgl %fr0,${fab0}L - addl $hi1,$hi0,$hi0 - extrd,u $hi0,31,32,$hi1 - fcnvxf,dbl,dbl ${fti},${fti} ; 32-bit unsigned int -> double - fcnvxf,dbl,dbl ${fab0},${fab0} - stw $hi0,0($tp) - stw $hi1,4($tp) - - fadd,dbl ${fti},${fab0},${fab0} ; add tp[0] - fcnvfx,dbl,dbl ${fab0},${fab0} ; double -> 33-bit unsigned int - xmpyu ${fn0},${fab0}R,${fm0} - ldo `$LOCALS+32+4`($fp),$tp -L\$outer - xmpyu ${fni}L,${fm0}R,${fnm0} ; np[0]*m - xmpyu ${fni}R,${fm0}R,${fnm1} ; np[1]*m - fstds ${fab0},-16($xfer) ; 33-bit value - fstds ${fnm0},-8($xfer) - flddx $idx($ap),${fai} ; ap[2] - flddx $idx($np),${fni} ; np[2] - ldo 8($idx),$idx ; j++++ - ldd -16($xfer),$ab0 ; 33-bit value - ldd -8($xfer),$nm0 - ldw 0($xfer),$hi0 ; high part - - xmpyu ${fai}L,${fbi},${fab0} ; ap[j]*bp[i] - xmpyu ${fni}L,${fm0}R,${fnm0} ; np[j]*m - extrd,u $ab0,31,32,$ti0 ; carry bit - extrd,u $ab0,63,32,$ab0 - fstds ${fab1},0($xfer) - addl $ti0,$hi0,$hi0 ; account carry bit - fstds ${fnm1},8($xfer) - addl $ab0,$nm0,$nm0 ; low part is discarded - ldw 0($tp),$ti1 ; tp[1] - extrd,u $nm0,31,32,$hi1 - fstds ${fab0},-16($xfer) - fstds ${fnm0},-8($xfer) - -L\$inner - xmpyu ${fai}R,${fbi},${fab1} ; ap[j+1]*bp[i] - xmpyu ${fni}R,${fm0}R,${fnm1} ; np[j+1]*m - ldd 0($xfer),$ab1 - fstds ${fab1},0($xfer) - addl $hi0,$ti1,$ti1 - addl $ti1,$ab1,$ab1 - ldd 8($xfer),$nm1 - fstds ${fnm1},8($xfer) - extrd,u $ab1,31,32,$hi0 - extrd,u $ab1,63,32,$ab1 - flddx $idx($ap),${fai} ; ap[j,j+1] - flddx $idx($np),${fni} ; np[j,j+1] - addl $hi1,$nm1,$nm1 - addl $ab1,$nm1,$nm1 - ldw 4($tp),$ti0 ; tp[j] - stw $nm1,-4($tp) ; tp[j-1] - - xmpyu ${fai}L,${fbi},${fab0} ; ap[j]*bp[i] - xmpyu ${fni}L,${fm0}R,${fnm0} ; np[j]*m - ldd -16($xfer),$ab0 - fstds ${fab0},-16($xfer) - addl $hi0,$ti0,$ti0 - addl $ti0,$ab0,$ab0 - ldd -8($xfer),$nm0 - fstds ${fnm0},-8($xfer) - extrd,u $ab0,31,32,$hi0 - extrd,u $nm1,31,32,$hi1 - ldw 8($tp),$ti1 ; tp[j] - extrd,u $ab0,63,32,$ab0 - addl $hi1,$nm0,$nm0 - addl $ab0,$nm0,$nm0 - stw,ma $nm0,8($tp) ; tp[j-1] - addib,<> 8,$idx,L\$inner ; j++++ - extrd,u $nm0,31,32,$hi1 - - xmpyu ${fai}R,${fbi},${fab1} ; ap[j]*bp[i] - xmpyu ${fni}R,${fm0}R,${fnm1} ; np[j]*m - ldd 0($xfer),$ab1 - fstds ${fab1},0($xfer) - addl $hi0,$ti1,$ti1 - addl $ti1,$ab1,$ab1 - ldd 8($xfer),$nm1 - fstds ${fnm1},8($xfer) - extrd,u $ab1,31,32,$hi0 - extrd,u $ab1,63,32,$ab1 - ldw 4($tp),$ti0 ; tp[j] - addl $hi1,$nm1,$nm1 - addl $ab1,$nm1,$nm1 - ldd -16($xfer),$ab0 - ldd -8($xfer),$nm0 - extrd,u $nm1,31,32,$hi1 - - addl $hi0,$ab0,$ab0 - addl $ti0,$ab0,$ab0 - stw $nm1,-4($tp) ; tp[j-1] - extrd,u $ab0,31,32,$hi0 - ldw 8($tp),$ti1 ; tp[j] - extrd,u $ab0,63,32,$ab0 - addl $hi1,$nm0,$nm0 - ldd 0($xfer),$ab1 - addl $ab0,$nm0,$nm0 - ldd,mb 8($xfer),$nm1 - extrd,u $nm0,31,32,$hi1 - stw,ma $nm0,8($tp) ; tp[j-1] - - addib,= -1,$num,L\$outerdone ; i-- - subi 0,$arrsz,$idx ; j=0 -___ -$code.=<<___ if ($BN_SZ==4); - fldws,ma 4($bp),${fbi} ; bp[i] -___ -$code.=<<___ if ($BN_SZ==8); - ldi 12,$ti0 ; bp[i] in flipped word order - addl,ev %r0,$num,$num - ldi -4,$ti0 - addl $ti0,$bp,$bp - fldws 0($bp),${fbi} -___ -$code.=<<___; - flddx $idx($ap),${fai} ; ap[0] - addl $hi0,$ab1,$ab1 - flddx $idx($np),${fni} ; np[0] - fldws 8($xfer),${fti}R ; tp[0] - addl $ti1,$ab1,$ab1 - extrd,u $ab1,31,32,$hi0 - extrd,u $ab1,63,32,$ab1 - - ldo 8($idx),$idx ; j++++ - xmpyu ${fai}L,${fbi},${fab0} ; ap[0]*bp[i] - xmpyu ${fai}R,${fbi},${fab1} ; ap[1]*bp[i] - ldw 4($tp),$ti0 ; tp[j] - - addl $hi1,$nm1,$nm1 - fstws,mb ${fab0}L,-8($xfer) ; save high part - addl $ab1,$nm1,$nm1 - extrd,u $nm1,31,32,$hi1 - fcpy,sgl %fr0,${fti}L ; zero high part - fcpy,sgl %fr0,${fab0}L - stw $nm1,-4($tp) ; tp[j-1] - - fcnvxf,dbl,dbl ${fti},${fti} ; 32-bit unsigned int -> double - fcnvxf,dbl,dbl ${fab0},${fab0} - addl $hi1,$hi0,$hi0 - fadd,dbl ${fti},${fab0},${fab0} ; add tp[0] - addl $ti0,$hi0,$hi0 - extrd,u $hi0,31,32,$hi1 - fcnvfx,dbl,dbl ${fab0},${fab0} ; double -> 33-bit unsigned int - stw $hi0,0($tp) - stw $hi1,4($tp) - xmpyu ${fn0},${fab0}R,${fm0} - - b L\$outer - ldo `$LOCALS+32+4`($fp),$tp - -L\$outerdone - addl $hi0,$ab1,$ab1 - addl $ti1,$ab1,$ab1 - extrd,u $ab1,31,32,$hi0 - extrd,u $ab1,63,32,$ab1 - - ldw 4($tp),$ti0 ; tp[j] - - addl $hi1,$nm1,$nm1 - addl $ab1,$nm1,$nm1 - extrd,u $nm1,31,32,$hi1 - stw $nm1,-4($tp) ; tp[j-1] - - addl $hi1,$hi0,$hi0 - addl $ti0,$hi0,$hi0 - extrd,u $hi0,31,32,$hi1 - stw $hi0,0($tp) - stw $hi1,4($tp) - - ldo `$LOCALS+32`($fp),$tp - sub %r0,%r0,%r0 ; clear borrow -___ -$code.=<<___ if ($BN_SZ==4); - ldws,ma 4($tp),$ti0 - extru,= $rp,31,3,%r0 ; is rp 64-bit aligned? - b L\$sub_pa11 - addl $tp,$arrsz,$tp -L\$sub - ldwx $idx($np),$hi0 - subb $ti0,$hi0,$hi1 - ldwx $idx($tp),$ti0 - addib,<> 4,$idx,L\$sub - stws,ma $hi1,4($rp) - - subb $ti0,%r0,$hi1 -___ -$code.=<<___ if ($BN_SZ==8); - ldd,ma 8($tp),$ti0 -L\$sub - ldd $idx($np),$hi0 - shrpd $ti0,$ti0,32,$ti0 ; flip word order - std $ti0,-8($tp) ; save flipped value - sub,db $ti0,$hi0,$hi1 - ldd,ma 8($tp),$ti0 - addib,<> 8,$idx,L\$sub - std,ma $hi1,8($rp) - - extrd,u $ti0,31,32,$ti0 ; carry in flipped word order - sub,db $ti0,%r0,$hi1 -___ -$code.=<<___; - ldo `$LOCALS+32`($fp),$tp - sub $rp,$arrsz,$rp ; rewind rp - subi 0,$arrsz,$idx -L\$copy - ldd 0($tp),$ti0 - ldd 0($rp),$hi0 - std,ma %r0,8($tp) - comiclr,= 0,$hi1,%r0 - copy $ti0,$hi0 - addib,<> 8,$idx,L\$copy - std,ma $hi0,8($rp) -___ - -if ($BN_SZ==4) { # PA-RISC 1.1 code-path -$ablo=$ab0; -$abhi=$ab1; -$nmlo0=$nm0; -$nmhi0=$nm1; -$nmlo1="%r9"; -$nmhi1="%r8"; - -$code.=<<___; - b L\$done - nop - - .ALIGN 8 -L\$parisc11 - xmpyu ${fai}L,${fbi},${fab0} ; ap[j]*bp[0] - xmpyu ${fni}L,${fm0}R,${fnm0} ; np[j]*m - ldw -12($xfer),$ablo - ldw -16($xfer),$hi0 - ldw -4($xfer),$nmlo0 - ldw -8($xfer),$nmhi0 - fstds ${fab0},-16($xfer) - fstds ${fnm0},-8($xfer) - - ldo 8($idx),$idx ; j++++ - add $ablo,$nmlo0,$nmlo0 ; discarded - addc %r0,$nmhi0,$hi1 - ldw 4($xfer),$ablo - ldw 0($xfer),$abhi - nop - -L\$1st_pa11 - xmpyu ${fai}R,${fbi},${fab1} ; ap[j+1]*bp[0] - flddx $idx($ap),${fai} ; ap[j,j+1] - xmpyu ${fni}R,${fm0}R,${fnm1} ; np[j+1]*m - flddx $idx($np),${fni} ; np[j,j+1] - add $hi0,$ablo,$ablo - ldw 12($xfer),$nmlo1 - addc %r0,$abhi,$hi0 - ldw 8($xfer),$nmhi1 - add $ablo,$nmlo1,$nmlo1 - fstds ${fab1},0($xfer) - addc %r0,$nmhi1,$nmhi1 - fstds ${fnm1},8($xfer) - add $hi1,$nmlo1,$nmlo1 - ldw -12($xfer),$ablo - addc %r0,$nmhi1,$hi1 - ldw -16($xfer),$abhi - - xmpyu ${fai}L,${fbi},${fab0} ; ap[j]*bp[0] - ldw -4($xfer),$nmlo0 - xmpyu ${fni}L,${fm0}R,${fnm0} ; np[j]*m - ldw -8($xfer),$nmhi0 - add $hi0,$ablo,$ablo - stw $nmlo1,-4($tp) ; tp[j-1] - addc %r0,$abhi,$hi0 - fstds ${fab0},-16($xfer) - add $ablo,$nmlo0,$nmlo0 - fstds ${fnm0},-8($xfer) - addc %r0,$nmhi0,$nmhi0 - ldw 0($xfer),$abhi - add $hi1,$nmlo0,$nmlo0 - ldw 4($xfer),$ablo - stws,ma $nmlo0,8($tp) ; tp[j-1] - addib,<> 8,$idx,L\$1st_pa11 ; j++++ - addc %r0,$nmhi0,$hi1 - - ldw 8($xfer),$nmhi1 - ldw 12($xfer),$nmlo1 - xmpyu ${fai}R,${fbi},${fab1} ; ap[j]*bp[0] - xmpyu ${fni}R,${fm0}R,${fnm1} ; np[j]*m - add $hi0,$ablo,$ablo - fstds ${fab1},0($xfer) - addc %r0,$abhi,$hi0 - fstds ${fnm1},8($xfer) - add $ablo,$nmlo1,$nmlo1 - ldw -16($xfer),$abhi - addc %r0,$nmhi1,$nmhi1 - ldw -12($xfer),$ablo - add $hi1,$nmlo1,$nmlo1 - ldw -8($xfer),$nmhi0 - addc %r0,$nmhi1,$hi1 - ldw -4($xfer),$nmlo0 - - add $hi0,$ablo,$ablo - stw $nmlo1,-4($tp) ; tp[j-1] - addc %r0,$abhi,$hi0 - ldw 0($xfer),$abhi - add $ablo,$nmlo0,$nmlo0 - ldw 4($xfer),$ablo - addc %r0,$nmhi0,$nmhi0 - ldws,mb 8($xfer),$nmhi1 - add $hi1,$nmlo0,$nmlo0 - ldw 4($xfer),$nmlo1 - addc %r0,$nmhi0,$hi1 - stws,ma $nmlo0,8($tp) ; tp[j-1] - - ldo -1($num),$num ; i-- - subi 0,$arrsz,$idx ; j=0 - - fldws,ma 4($bp),${fbi} ; bp[1] - flddx $idx($ap),${fai} ; ap[0,1] - flddx $idx($np),${fni} ; np[0,1] - fldws 8($xfer),${fti}R ; tp[0] - add $hi0,$ablo,$ablo - addc %r0,$abhi,$hi0 - ldo 8($idx),$idx ; j++++ - xmpyu ${fai}L,${fbi},${fab0} ; ap[0]*bp[1] - xmpyu ${fai}R,${fbi},${fab1} ; ap[1]*bp[1] - add $hi1,$nmlo1,$nmlo1 - addc %r0,$nmhi1,$nmhi1 - add $ablo,$nmlo1,$nmlo1 - addc %r0,$nmhi1,$hi1 - fstws,mb ${fab0}L,-8($xfer) ; save high part - stw $nmlo1,-4($tp) ; tp[j-1] - - fcpy,sgl %fr0,${fti}L ; zero high part - fcpy,sgl %fr0,${fab0}L - add $hi1,$hi0,$hi0 - addc %r0,%r0,$hi1 - fcnvxf,dbl,dbl ${fti},${fti} ; 32-bit unsigned int -> double - fcnvxf,dbl,dbl ${fab0},${fab0} - stw $hi0,0($tp) - stw $hi1,4($tp) - - fadd,dbl ${fti},${fab0},${fab0} ; add tp[0] - fcnvfx,dbl,dbl ${fab0},${fab0} ; double -> 33-bit unsigned int - xmpyu ${fn0},${fab0}R,${fm0} - ldo `$LOCALS+32+4`($fp),$tp -L\$outer_pa11 - xmpyu ${fni}L,${fm0}R,${fnm0} ; np[0]*m - xmpyu ${fni}R,${fm0}R,${fnm1} ; np[1]*m - fstds ${fab0},-16($xfer) ; 33-bit value - fstds ${fnm0},-8($xfer) - flddx $idx($ap),${fai} ; ap[2,3] - flddx $idx($np),${fni} ; np[2,3] - ldw -16($xfer),$abhi ; carry bit actually - ldo 8($idx),$idx ; j++++ - ldw -12($xfer),$ablo - ldw -8($xfer),$nmhi0 - ldw -4($xfer),$nmlo0 - ldw 0($xfer),$hi0 ; high part - - xmpyu ${fai}L,${fbi},${fab0} ; ap[j]*bp[i] - xmpyu ${fni}L,${fm0}R,${fnm0} ; np[j]*m - fstds ${fab1},0($xfer) - addl $abhi,$hi0,$hi0 ; account carry bit - fstds ${fnm1},8($xfer) - add $ablo,$nmlo0,$nmlo0 ; discarded - ldw 0($tp),$ti1 ; tp[1] - addc %r0,$nmhi0,$hi1 - fstds ${fab0},-16($xfer) - fstds ${fnm0},-8($xfer) - ldw 4($xfer),$ablo - ldw 0($xfer),$abhi - -L\$inner_pa11 - xmpyu ${fai}R,${fbi},${fab1} ; ap[j+1]*bp[i] - flddx $idx($ap),${fai} ; ap[j,j+1] - xmpyu ${fni}R,${fm0}R,${fnm1} ; np[j+1]*m - flddx $idx($np),${fni} ; np[j,j+1] - add $hi0,$ablo,$ablo - ldw 4($tp),$ti0 ; tp[j] - addc %r0,$abhi,$abhi - ldw 12($xfer),$nmlo1 - add $ti1,$ablo,$ablo - ldw 8($xfer),$nmhi1 - addc %r0,$abhi,$hi0 - fstds ${fab1},0($xfer) - add $ablo,$nmlo1,$nmlo1 - fstds ${fnm1},8($xfer) - addc %r0,$nmhi1,$nmhi1 - ldw -12($xfer),$ablo - add $hi1,$nmlo1,$nmlo1 - ldw -16($xfer),$abhi - addc %r0,$nmhi1,$hi1 - - xmpyu ${fai}L,${fbi},${fab0} ; ap[j]*bp[i] - ldw 8($tp),$ti1 ; tp[j] - xmpyu ${fni}L,${fm0}R,${fnm0} ; np[j]*m - ldw -4($xfer),$nmlo0 - add $hi0,$ablo,$ablo - ldw -8($xfer),$nmhi0 - addc %r0,$abhi,$abhi - stw $nmlo1,-4($tp) ; tp[j-1] - add $ti0,$ablo,$ablo - fstds ${fab0},-16($xfer) - addc %r0,$abhi,$hi0 - fstds ${fnm0},-8($xfer) - add $ablo,$nmlo0,$nmlo0 - ldw 4($xfer),$ablo - addc %r0,$nmhi0,$nmhi0 - ldw 0($xfer),$abhi - add $hi1,$nmlo0,$nmlo0 - stws,ma $nmlo0,8($tp) ; tp[j-1] - addib,<> 8,$idx,L\$inner_pa11 ; j++++ - addc %r0,$nmhi0,$hi1 - - xmpyu ${fai}R,${fbi},${fab1} ; ap[j]*bp[i] - ldw 12($xfer),$nmlo1 - xmpyu ${fni}R,${fm0}R,${fnm1} ; np[j]*m - ldw 8($xfer),$nmhi1 - add $hi0,$ablo,$ablo - ldw 4($tp),$ti0 ; tp[j] - addc %r0,$abhi,$abhi - fstds ${fab1},0($xfer) - add $ti1,$ablo,$ablo - fstds ${fnm1},8($xfer) - addc %r0,$abhi,$hi0 - ldw -16($xfer),$abhi - add $ablo,$nmlo1,$nmlo1 - ldw -12($xfer),$ablo - addc %r0,$nmhi1,$nmhi1 - ldw -8($xfer),$nmhi0 - add $hi1,$nmlo1,$nmlo1 - ldw -4($xfer),$nmlo0 - addc %r0,$nmhi1,$hi1 - - add $hi0,$ablo,$ablo - stw $nmlo1,-4($tp) ; tp[j-1] - addc %r0,$abhi,$abhi - add $ti0,$ablo,$ablo - ldw 8($tp),$ti1 ; tp[j] - addc %r0,$abhi,$hi0 - ldw 0($xfer),$abhi - add $ablo,$nmlo0,$nmlo0 - ldw 4($xfer),$ablo - addc %r0,$nmhi0,$nmhi0 - ldws,mb 8($xfer),$nmhi1 - add $hi1,$nmlo0,$nmlo0 - ldw 4($xfer),$nmlo1 - addc %r0,$nmhi0,$hi1 - stws,ma $nmlo0,8($tp) ; tp[j-1] - - addib,= -1,$num,L\$outerdone_pa11; i-- - subi 0,$arrsz,$idx ; j=0 - - fldws,ma 4($bp),${fbi} ; bp[i] - flddx $idx($ap),${fai} ; ap[0] - add $hi0,$ablo,$ablo - addc %r0,$abhi,$abhi - flddx $idx($np),${fni} ; np[0] - fldws 8($xfer),${fti}R ; tp[0] - add $ti1,$ablo,$ablo - addc %r0,$abhi,$hi0 - - ldo 8($idx),$idx ; j++++ - xmpyu ${fai}L,${fbi},${fab0} ; ap[0]*bp[i] - xmpyu ${fai}R,${fbi},${fab1} ; ap[1]*bp[i] - ldw 4($tp),$ti0 ; tp[j] - - add $hi1,$nmlo1,$nmlo1 - addc %r0,$nmhi1,$nmhi1 - fstws,mb ${fab0}L,-8($xfer) ; save high part - add $ablo,$nmlo1,$nmlo1 - addc %r0,$nmhi1,$hi1 - fcpy,sgl %fr0,${fti}L ; zero high part - fcpy,sgl %fr0,${fab0}L - stw $nmlo1,-4($tp) ; tp[j-1] - - fcnvxf,dbl,dbl ${fti},${fti} ; 32-bit unsigned int -> double - fcnvxf,dbl,dbl ${fab0},${fab0} - add $hi1,$hi0,$hi0 - addc %r0,%r0,$hi1 - fadd,dbl ${fti},${fab0},${fab0} ; add tp[0] - add $ti0,$hi0,$hi0 - addc %r0,$hi1,$hi1 - fcnvfx,dbl,dbl ${fab0},${fab0} ; double -> 33-bit unsigned int - stw $hi0,0($tp) - stw $hi1,4($tp) - xmpyu ${fn0},${fab0}R,${fm0} - - b L\$outer_pa11 - ldo `$LOCALS+32+4`($fp),$tp - -L\$outerdone_pa11 - add $hi0,$ablo,$ablo - addc %r0,$abhi,$abhi - add $ti1,$ablo,$ablo - addc %r0,$abhi,$hi0 - - ldw 4($tp),$ti0 ; tp[j] - - add $hi1,$nmlo1,$nmlo1 - addc %r0,$nmhi1,$nmhi1 - add $ablo,$nmlo1,$nmlo1 - addc %r0,$nmhi1,$hi1 - stw $nmlo1,-4($tp) ; tp[j-1] - - add $hi1,$hi0,$hi0 - addc %r0,%r0,$hi1 - add $ti0,$hi0,$hi0 - addc %r0,$hi1,$hi1 - stw $hi0,0($tp) - stw $hi1,4($tp) - - ldo `$LOCALS+32+4`($fp),$tp - sub %r0,%r0,%r0 ; clear borrow - ldw -4($tp),$ti0 - addl $tp,$arrsz,$tp -L\$sub_pa11 - ldwx $idx($np),$hi0 - subb $ti0,$hi0,$hi1 - ldwx $idx($tp),$ti0 - addib,<> 4,$idx,L\$sub_pa11 - stws,ma $hi1,4($rp) - - subb $ti0,%r0,$hi1 - - ldo `$LOCALS+32`($fp),$tp - sub $rp,$arrsz,$rp ; rewind rp - subi 0,$arrsz,$idx -L\$copy_pa11 - ldw 0($tp),$ti0 - ldw 0($rp),$hi0 - stws,ma %r0,4($tp) - comiclr,= 0,$hi1,%r0 - copy $ti0,$hi0 - addib,<> 4,$idx,L\$copy_pa11 - stws,ma $hi0,4($rp) - - nop ; alignment -L\$done -___ -} - -$code.=<<___; - ldi 1,%r28 ; signal "handled" - ldo $FRAME($fp),%sp ; destroy tp[num+1] - - $POP `-$FRAME-$SAVED_RP`(%sp),%r2 ; standard epilogue - $POP `-$FRAME+1*$SIZE_T`(%sp),%r4 - $POP `-$FRAME+2*$SIZE_T`(%sp),%r5 - $POP `-$FRAME+3*$SIZE_T`(%sp),%r6 - $POP `-$FRAME+4*$SIZE_T`(%sp),%r7 - $POP `-$FRAME+5*$SIZE_T`(%sp),%r8 - $POP `-$FRAME+6*$SIZE_T`(%sp),%r9 - $POP `-$FRAME+7*$SIZE_T`(%sp),%r10 -L\$abort - bv (%r2) - .EXIT - $POPMB -$FRAME(%sp),%r3 - .PROCEND - .STRINGZ "Montgomery Multiplication for PA-RISC, CRYPTOGAMS by " -___ - -# Explicitly encode PA-RISC 2.0 instructions used in this module, so -# that it can be compiled with .LEVEL 1.0. It should be noted that I -# wouldn't have to do this, if GNU assembler understood .ALLOW 2.0 -# directive... - -my $ldd = sub { - my ($mod,$args) = @_; - my $orig = "ldd$mod\t$args"; - - if ($args =~ /%r([0-9]+)\(%r([0-9]+)\),%r([0-9]+)/) # format 4 - { my $opcode=(0x03<<26)|($2<<21)|($1<<16)|(3<<6)|$3; - sprintf "\t.WORD\t0x%08x\t; %s",$opcode,$orig; - } - elsif ($args =~ /(\-?[0-9]+)\(%r([0-9]+)\),%r([0-9]+)/) # format 5 - { my $opcode=(0x03<<26)|($2<<21)|(1<<12)|(3<<6)|$3; - $opcode|=(($1&0xF)<<17)|(($1&0x10)<<12); # encode offset - $opcode|=(1<<5) if ($mod =~ /^,m/); - $opcode|=(1<<13) if ($mod =~ /^,mb/); - sprintf "\t.WORD\t0x%08x\t; %s",$opcode,$orig; - } - else { "\t".$orig; } -}; - -my $std = sub { - my ($mod,$args) = @_; - my $orig = "std$mod\t$args"; - - if ($args =~ /%r([0-9]+),(\-?[0-9]+)\(%r([0-9]+)\)/) # format 6 - { my $opcode=(0x03<<26)|($3<<21)|($1<<16)|(1<<12)|(0xB<<6); - $opcode|=(($2&0xF)<<1)|(($2&0x10)>>4); # encode offset - $opcode|=(1<<5) if ($mod =~ /^,m/); - $opcode|=(1<<13) if ($mod =~ /^,mb/); - sprintf "\t.WORD\t0x%08x\t; %s",$opcode,$orig; - } - else { "\t".$orig; } -}; - -my $extrd = sub { - my ($mod,$args) = @_; - my $orig = "extrd$mod\t$args"; - - # I only have ",u" completer, it's implicitly encoded... - if ($args =~ /%r([0-9]+),([0-9]+),([0-9]+),%r([0-9]+)/) # format 15 - { my $opcode=(0x36<<26)|($1<<21)|($4<<16); - my $len=32-$3; - $opcode |= (($2&0x20)<<6)|(($2&0x1f)<<5); # encode pos - $opcode |= (($len&0x20)<<7)|($len&0x1f); # encode len - sprintf "\t.WORD\t0x%08x\t; %s",$opcode,$orig; - } - elsif ($args =~ /%r([0-9]+),%sar,([0-9]+),%r([0-9]+)/) # format 12 - { my $opcode=(0x34<<26)|($1<<21)|($3<<16)|(2<<11)|(1<<9); - my $len=32-$2; - $opcode |= (($len&0x20)<<3)|($len&0x1f); # encode len - $opcode |= (1<<13) if ($mod =~ /,\**=/); - sprintf "\t.WORD\t0x%08x\t; %s",$opcode,$orig; - } - else { "\t".$orig; } -}; - -my $shrpd = sub { - my ($mod,$args) = @_; - my $orig = "shrpd$mod\t$args"; - - if ($args =~ /%r([0-9]+),%r([0-9]+),([0-9]+),%r([0-9]+)/) # format 14 - { my $opcode=(0x34<<26)|($2<<21)|($1<<16)|(1<<10)|$4; - my $cpos=63-$3; - $opcode |= (($cpos&0x20)<<6)|(($cpos&0x1f)<<5); # encode sa - sprintf "\t.WORD\t0x%08x\t; %s",$opcode,$orig; - } - else { "\t".$orig; } -}; - -my $sub = sub { - my ($mod,$args) = @_; - my $orig = "sub$mod\t$args"; - - if ($mod eq ",db" && $args =~ /%r([0-9]+),%r([0-9]+),%r([0-9]+)/) { - my $opcode=(0x02<<26)|($2<<21)|($1<<16)|$3; - $opcode|=(1<<10); # e1 - $opcode|=(1<<8); # e2 - $opcode|=(1<<5); # d - sprintf "\t.WORD\t0x%08x\t; %s",$opcode,$orig - } - else { "\t".$orig; } -}; - -sub assemble { - my ($mnemonic,$mod,$args)=@_; - my $opcode = eval("\$$mnemonic"); - - ref($opcode) eq 'CODE' ? &$opcode($mod,$args) : "\t$mnemonic$mod\t$args"; -} - -if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1` - =~ /GNU assembler/) { - $gnuas = 1; -} - -foreach (split("\n",$code)) { - s/\`([^\`]*)\`/eval $1/ge; - # flip word order in 64-bit mode... - s/(xmpyu\s+)($fai|$fni)([LR])/$1.$2.($3 eq "L"?"R":"L")/e if ($BN_SZ==8); - # assemble 2.0 instructions in 32-bit mode... - s/^\s+([a-z]+)([\S]*)\s+([\S]*)/&assemble($1,$2,$3)/e if ($BN_SZ==4); - - s/(\.LEVEL\s+2\.0)W/$1w/ if ($gnuas && $SIZE_T==8); - s/\.SPACE\s+\$TEXT\$/.text/ if ($gnuas && $SIZE_T==8); - s/\.SUBSPA.*// if ($gnuas && $SIZE_T==8); - s/\bbv\b/bve/ if ($SIZE_T==8); - - print $_,"\n"; -} -close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/bn/asm/ppc-mont.pl b/crypto/bn/asm/ppc-mont.pl deleted file mode 100644 index c3072f0d5f84c686e593c945d412900c608143af..0000000000000000000000000000000000000000 --- a/crypto/bn/asm/ppc-mont.pl +++ /dev/null @@ -1,1994 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - - -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# ==================================================================== - -# April 2006 - -# "Teaser" Montgomery multiplication module for PowerPC. It's possible -# to gain a bit more by modulo-scheduling outer loop, then dedicated -# squaring procedure should give further 20% and code can be adapted -# for 32-bit application running on 64-bit CPU. As for the latter. -# It won't be able to achieve "native" 64-bit performance, because in -# 32-bit application context every addc instruction will have to be -# expanded as addc, twice right shift by 32 and finally adde, etc. -# So far RSA *sign* performance improvement over pre-bn_mul_mont asm -# for 64-bit application running on PPC970/G5 is: -# -# 512-bit +65% -# 1024-bit +35% -# 2048-bit +18% -# 4096-bit +4% - -# September 2016 -# -# Add multiplication procedure operating on lengths divisible by 4 -# and squaring procedure operating on lengths divisible by 8. Length -# is expressed in number of limbs. RSA private key operations are -# ~35-50% faster (more for longer keys) on contemporary high-end POWER -# processors in 64-bit builds, [mysteriously enough] more in 32-bit -# builds. On low-end 32-bit processors performance improvement turned -# to be marginal... - -# $output is the last argument if it looks like a file (it has an extension) -# $flavour is the first argument if it doesn't look like a file -$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; -$flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef; - -if ($flavour =~ /32/) { - $BITS= 32; - $BNSZ= $BITS/8; - $SIZE_T=4; - $RZONE= 224; - - $LD= "lwz"; # load - $LDU= "lwzu"; # load and update - $LDX= "lwzx"; # load indexed - $ST= "stw"; # store - $STU= "stwu"; # store and update - $STX= "stwx"; # store indexed - $STUX= "stwux"; # store indexed and update - $UMULL= "mullw"; # unsigned multiply low - $UMULH= "mulhwu"; # unsigned multiply high - $UCMP= "cmplw"; # unsigned compare - $SHRI= "srwi"; # unsigned shift right by immediate - $SHLI= "slwi"; # unsigned shift left by immediate - $PUSH= $ST; - $POP= $LD; -} elsif ($flavour =~ /64/) { - $BITS= 64; - $BNSZ= $BITS/8; - $SIZE_T=8; - $RZONE= 288; - - # same as above, but 64-bit mnemonics... - $LD= "ld"; # load - $LDU= "ldu"; # load and update - $LDX= "ldx"; # load indexed - $ST= "std"; # store - $STU= "stdu"; # store and update - $STX= "stdx"; # store indexed - $STUX= "stdux"; # store indexed and update - $UMULL= "mulld"; # unsigned multiply low - $UMULH= "mulhdu"; # unsigned multiply high - $UCMP= "cmpld"; # unsigned compare - $SHRI= "srdi"; # unsigned shift right by immediate - $SHLI= "sldi"; # unsigned shift left by immediate - $PUSH= $ST; - $POP= $LD; -} else { die "nonsense $flavour"; } - -$FRAME=8*$SIZE_T+$RZONE; -$LOCALS=8*$SIZE_T; - -$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; -( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or -( $xlate="${dir}../../perlasm/ppc-xlate.pl" and -f $xlate) or -die "can't locate ppc-xlate.pl"; - -open STDOUT,"| $^X $xlate $flavour \"$output\"" - or die "can't call $xlate: $!"; - -$sp="r1"; -$toc="r2"; -$rp="r3"; -$ap="r4"; -$bp="r5"; -$np="r6"; -$n0="r7"; -$num="r8"; - -{ -my $ovf=$rp; -my $rp="r9"; # $rp is reassigned -my $aj="r10"; -my $nj="r11"; -my $tj="r12"; -# non-volatile registers -my $i="r20"; -my $j="r21"; -my $tp="r22"; -my $m0="r23"; -my $m1="r24"; -my $lo0="r25"; -my $hi0="r26"; -my $lo1="r27"; -my $hi1="r28"; -my $alo="r29"; -my $ahi="r30"; -my $nlo="r31"; -# -my $nhi="r0"; - -$code=<<___; -.machine "any" -.text - -.globl .bn_mul_mont_int -.align 5 -.bn_mul_mont_int: - mr $rp,r3 ; $rp is reassigned - li r3,0 -___ -$code.=<<___ if ($BNSZ==4); - cmpwi $num,32 ; longer key performance is not better - bgelr -___ -$code.=<<___; - slwi $num,$num,`log($BNSZ)/log(2)` - li $tj,-4096 - addi $ovf,$num,$FRAME - subf $ovf,$ovf,$sp ; $sp-$ovf - and $ovf,$ovf,$tj ; minimize TLB usage - subf $ovf,$sp,$ovf ; $ovf-$sp - mr $tj,$sp - srwi $num,$num,`log($BNSZ)/log(2)` - $STUX $sp,$sp,$ovf - - $PUSH r20,`-12*$SIZE_T`($tj) - $PUSH r21,`-11*$SIZE_T`($tj) - $PUSH r22,`-10*$SIZE_T`($tj) - $PUSH r23,`-9*$SIZE_T`($tj) - $PUSH r24,`-8*$SIZE_T`($tj) - $PUSH r25,`-7*$SIZE_T`($tj) - $PUSH r26,`-6*$SIZE_T`($tj) - $PUSH r27,`-5*$SIZE_T`($tj) - $PUSH r28,`-4*$SIZE_T`($tj) - $PUSH r29,`-3*$SIZE_T`($tj) - $PUSH r30,`-2*$SIZE_T`($tj) - $PUSH r31,`-1*$SIZE_T`($tj) - - $LD $n0,0($n0) ; pull n0[0] value - addi $num,$num,-2 ; adjust $num for counter register - - $LD $m0,0($bp) ; m0=bp[0] - $LD $aj,0($ap) ; ap[0] - addi $tp,$sp,$LOCALS - $UMULL $lo0,$aj,$m0 ; ap[0]*bp[0] - $UMULH $hi0,$aj,$m0 - - $LD $aj,$BNSZ($ap) ; ap[1] - $LD $nj,0($np) ; np[0] - - $UMULL $m1,$lo0,$n0 ; "tp[0]"*n0 - - $UMULL $alo,$aj,$m0 ; ap[1]*bp[0] - $UMULH $ahi,$aj,$m0 - - $UMULL $lo1,$nj,$m1 ; np[0]*m1 - $UMULH $hi1,$nj,$m1 - $LD $nj,$BNSZ($np) ; np[1] - addc $lo1,$lo1,$lo0 - addze $hi1,$hi1 - - $UMULL $nlo,$nj,$m1 ; np[1]*m1 - $UMULH $nhi,$nj,$m1 - - mtctr $num - li $j,`2*$BNSZ` -.align 4 -L1st: - $LDX $aj,$ap,$j ; ap[j] - addc $lo0,$alo,$hi0 - $LDX $nj,$np,$j ; np[j] - addze $hi0,$ahi - $UMULL $alo,$aj,$m0 ; ap[j]*bp[0] - addc $lo1,$nlo,$hi1 - $UMULH $ahi,$aj,$m0 - addze $hi1,$nhi - $UMULL $nlo,$nj,$m1 ; np[j]*m1 - addc $lo1,$lo1,$lo0 ; np[j]*m1+ap[j]*bp[0] - $UMULH $nhi,$nj,$m1 - addze $hi1,$hi1 - $ST $lo1,0($tp) ; tp[j-1] - - addi $j,$j,$BNSZ ; j++ - addi $tp,$tp,$BNSZ ; tp++ - bdnz L1st -;L1st - addc $lo0,$alo,$hi0 - addze $hi0,$ahi - - addc $lo1,$nlo,$hi1 - addze $hi1,$nhi - addc $lo1,$lo1,$lo0 ; np[j]*m1+ap[j]*bp[0] - addze $hi1,$hi1 - $ST $lo1,0($tp) ; tp[j-1] - - li $ovf,0 - addc $hi1,$hi1,$hi0 - addze $ovf,$ovf ; upmost overflow bit - $ST $hi1,$BNSZ($tp) - - li $i,$BNSZ -.align 4 -Louter: - $LDX $m0,$bp,$i ; m0=bp[i] - $LD $aj,0($ap) ; ap[0] - addi $tp,$sp,$LOCALS - $LD $tj,$LOCALS($sp); tp[0] - $UMULL $lo0,$aj,$m0 ; ap[0]*bp[i] - $UMULH $hi0,$aj,$m0 - $LD $aj,$BNSZ($ap) ; ap[1] - $LD $nj,0($np) ; np[0] - addc $lo0,$lo0,$tj ; ap[0]*bp[i]+tp[0] - $UMULL $alo,$aj,$m0 ; ap[j]*bp[i] - addze $hi0,$hi0 - $UMULL $m1,$lo0,$n0 ; tp[0]*n0 - $UMULH $ahi,$aj,$m0 - $UMULL $lo1,$nj,$m1 ; np[0]*m1 - $UMULH $hi1,$nj,$m1 - $LD $nj,$BNSZ($np) ; np[1] - addc $lo1,$lo1,$lo0 - $UMULL $nlo,$nj,$m1 ; np[1]*m1 - addze $hi1,$hi1 - $UMULH $nhi,$nj,$m1 - - mtctr $num - li $j,`2*$BNSZ` -.align 4 -Linner: - $LDX $aj,$ap,$j ; ap[j] - addc $lo0,$alo,$hi0 - $LD $tj,$BNSZ($tp) ; tp[j] - addze $hi0,$ahi - $LDX $nj,$np,$j ; np[j] - addc $lo1,$nlo,$hi1 - $UMULL $alo,$aj,$m0 ; ap[j]*bp[i] - addze $hi1,$nhi - $UMULH $ahi,$aj,$m0 - addc $lo0,$lo0,$tj ; ap[j]*bp[i]+tp[j] - $UMULL $nlo,$nj,$m1 ; np[j]*m1 - addze $hi0,$hi0 - $UMULH $nhi,$nj,$m1 - addc $lo1,$lo1,$lo0 ; np[j]*m1+ap[j]*bp[i]+tp[j] - addi $j,$j,$BNSZ ; j++ - addze $hi1,$hi1 - $ST $lo1,0($tp) ; tp[j-1] - addi $tp,$tp,$BNSZ ; tp++ - bdnz Linner -;Linner - $LD $tj,$BNSZ($tp) ; tp[j] - addc $lo0,$alo,$hi0 - addze $hi0,$ahi - addc $lo0,$lo0,$tj ; ap[j]*bp[i]+tp[j] - addze $hi0,$hi0 - - addc $lo1,$nlo,$hi1 - addze $hi1,$nhi - addc $lo1,$lo1,$lo0 ; np[j]*m1+ap[j]*bp[i]+tp[j] - addze $hi1,$hi1 - $ST $lo1,0($tp) ; tp[j-1] - - addic $ovf,$ovf,-1 ; move upmost overflow to XER[CA] - li $ovf,0 - adde $hi1,$hi1,$hi0 - addze $ovf,$ovf - $ST $hi1,$BNSZ($tp) -; - slwi $tj,$num,`log($BNSZ)/log(2)` - $UCMP $i,$tj - addi $i,$i,$BNSZ - ble Louter - - addi $num,$num,2 ; restore $num - subfc $j,$j,$j ; j=0 and "clear" XER[CA] - addi $tp,$sp,$LOCALS - mtctr $num - -.align 4 -Lsub: $LDX $tj,$tp,$j - $LDX $nj,$np,$j - subfe $aj,$nj,$tj ; tp[j]-np[j] - $STX $aj,$rp,$j - addi $j,$j,$BNSZ - bdnz Lsub - - li $j,0 - mtctr $num - subfe $ovf,$j,$ovf ; handle upmost overflow bit - -.align 4 -Lcopy: ; conditional copy - $LDX $tj,$tp,$j - $LDX $aj,$rp,$j - and $tj,$tj,$ovf - andc $aj,$aj,$ovf - $STX $j,$tp,$j ; zap at once - or $aj,$aj,$tj - $STX $aj,$rp,$j - addi $j,$j,$BNSZ - bdnz Lcopy - - $POP $tj,0($sp) - li r3,1 - $POP r20,`-12*$SIZE_T`($tj) - $POP r21,`-11*$SIZE_T`($tj) - $POP r22,`-10*$SIZE_T`($tj) - $POP r23,`-9*$SIZE_T`($tj) - $POP r24,`-8*$SIZE_T`($tj) - $POP r25,`-7*$SIZE_T`($tj) - $POP r26,`-6*$SIZE_T`($tj) - $POP r27,`-5*$SIZE_T`($tj) - $POP r28,`-4*$SIZE_T`($tj) - $POP r29,`-3*$SIZE_T`($tj) - $POP r30,`-2*$SIZE_T`($tj) - $POP r31,`-1*$SIZE_T`($tj) - mr $sp,$tj - blr - .long 0 - .byte 0,12,4,0,0x80,12,6,0 - .long 0 -.size .bn_mul_mont_int,.-.bn_mul_mont_int -___ -} -if (1) { -my ($a0,$a1,$a2,$a3, - $t0,$t1,$t2,$t3, - $m0,$m1,$m2,$m3, - $acc0,$acc1,$acc2,$acc3,$acc4, - $bi,$mi,$tp,$ap_end,$cnt) = map("r$_",(9..12,14..31)); -my ($carry,$zero) = ($rp,"r0"); - -# sp----------->+-------------------------------+ -# | saved sp | -# +-------------------------------+ -# . . -# +8*size_t +-------------------------------+ -# | 4 "n0*t0" | -# . . -# . . -# +12*size_t +-------------------------------+ -# | size_t tmp[num] | -# . . -# . . -# . . -# +-------------------------------+ -# | topmost carry | -# . . -# -18*size_t +-------------------------------+ -# | 18 saved gpr, r14-r31 | -# . . -# . . -# +-------------------------------+ -$code.=<<___; -.globl .bn_mul4x_mont_int -.align 5 -.bn_mul4x_mont_int: - andi. r0,$num,7 - bne .Lmul4x_do - $UCMP $ap,$bp - bne .Lmul4x_do - b .Lsqr8x_do -.Lmul4x_do: - slwi $num,$num,`log($SIZE_T)/log(2)` - mr $a0,$sp - li $a1,-32*$SIZE_T - sub $a1,$a1,$num - $STUX $sp,$sp,$a1 # alloca - - $PUSH r14,-$SIZE_T*18($a0) - $PUSH r15,-$SIZE_T*17($a0) - $PUSH r16,-$SIZE_T*16($a0) - $PUSH r17,-$SIZE_T*15($a0) - $PUSH r18,-$SIZE_T*14($a0) - $PUSH r19,-$SIZE_T*13($a0) - $PUSH r20,-$SIZE_T*12($a0) - $PUSH r21,-$SIZE_T*11($a0) - $PUSH r22,-$SIZE_T*10($a0) - $PUSH r23,-$SIZE_T*9($a0) - $PUSH r24,-$SIZE_T*8($a0) - $PUSH r25,-$SIZE_T*7($a0) - $PUSH r26,-$SIZE_T*6($a0) - $PUSH r27,-$SIZE_T*5($a0) - $PUSH r28,-$SIZE_T*4($a0) - $PUSH r29,-$SIZE_T*3($a0) - $PUSH r30,-$SIZE_T*2($a0) - $PUSH r31,-$SIZE_T*1($a0) - - subi $ap,$ap,$SIZE_T # bias by -1 - subi $np,$np,$SIZE_T # bias by -1 - subi $rp,$rp,$SIZE_T # bias by -1 - $LD $n0,0($n0) # *n0 - - add $t0,$bp,$num - add $ap_end,$ap,$num - subi $t0,$t0,$SIZE_T*4 # &b[num-4] - - $LD $bi,$SIZE_T*0($bp) # b[0] - li $acc0,0 - $LD $a0,$SIZE_T*1($ap) # a[0..3] - li $acc1,0 - $LD $a1,$SIZE_T*2($ap) - li $acc2,0 - $LD $a2,$SIZE_T*3($ap) - li $acc3,0 - $LDU $a3,$SIZE_T*4($ap) - $LD $m0,$SIZE_T*1($np) # n[0..3] - $LD $m1,$SIZE_T*2($np) - $LD $m2,$SIZE_T*3($np) - $LDU $m3,$SIZE_T*4($np) - - $PUSH $rp,$SIZE_T*6($sp) # offload rp and &b[num-4] - $PUSH $t0,$SIZE_T*7($sp) - li $carry,0 - addic $tp,$sp,$SIZE_T*7 # &t[-1], clear carry bit - li $cnt,0 - li $zero,0 - b .Loop_mul4x_1st_reduction - -.align 5 -.Loop_mul4x_1st_reduction: - $UMULL $t0,$a0,$bi # lo(a[0..3]*b[0]) - addze $carry,$carry # modulo-scheduled - $UMULL $t1,$a1,$bi - addi $cnt,$cnt,$SIZE_T - $UMULL $t2,$a2,$bi - andi. $cnt,$cnt,$SIZE_T*4-1 - $UMULL $t3,$a3,$bi - addc $acc0,$acc0,$t0 - $UMULH $t0,$a0,$bi # hi(a[0..3]*b[0]) - adde $acc1,$acc1,$t1 - $UMULH $t1,$a1,$bi - adde $acc2,$acc2,$t2 - $UMULL $mi,$acc0,$n0 # t[0]*n0 - adde $acc3,$acc3,$t3 - $UMULH $t2,$a2,$bi - addze $acc4,$zero - $UMULH $t3,$a3,$bi - $LDX $bi,$bp,$cnt # next b[i] (or b[0]) - addc $acc1,$acc1,$t0 - # (*) mul $t0,$m0,$mi # lo(n[0..3]*t[0]*n0) - $STU $mi,$SIZE_T($tp) # put aside t[0]*n0 for tail processing - adde $acc2,$acc2,$t1 - $UMULL $t1,$m1,$mi - adde $acc3,$acc3,$t2 - $UMULL $t2,$m2,$mi - adde $acc4,$acc4,$t3 # can't overflow - $UMULL $t3,$m3,$mi - # (*) addc $acc0,$acc0,$t0 - # (*) As for removal of first multiplication and addition - # instructions. The outcome of first addition is - # guaranteed to be zero, which leaves two computationally - # significant outcomes: it either carries or not. Then - # question is when does it carry? Is there alternative - # way to deduce it? If you follow operations, you can - # observe that condition for carry is quite simple: - # $acc0 being non-zero. So that carry can be calculated - # by adding -1 to $acc0. That's what next instruction does. - addic $acc0,$acc0,-1 # (*), discarded - $UMULH $t0,$m0,$mi # hi(n[0..3]*t[0]*n0) - adde $acc0,$acc1,$t1 - $UMULH $t1,$m1,$mi - adde $acc1,$acc2,$t2 - $UMULH $t2,$m2,$mi - adde $acc2,$acc3,$t3 - $UMULH $t3,$m3,$mi - adde $acc3,$acc4,$carry - addze $carry,$zero - addc $acc0,$acc0,$t0 - adde $acc1,$acc1,$t1 - adde $acc2,$acc2,$t2 - adde $acc3,$acc3,$t3 - #addze $carry,$carry - bne .Loop_mul4x_1st_reduction - - $UCMP $ap_end,$ap - beq .Lmul4x4_post_condition - - $LD $a0,$SIZE_T*1($ap) # a[4..7] - $LD $a1,$SIZE_T*2($ap) - $LD $a2,$SIZE_T*3($ap) - $LDU $a3,$SIZE_T*4($ap) - $LD $mi,$SIZE_T*8($sp) # a[0]*n0 - $LD $m0,$SIZE_T*1($np) # n[4..7] - $LD $m1,$SIZE_T*2($np) - $LD $m2,$SIZE_T*3($np) - $LDU $m3,$SIZE_T*4($np) - b .Loop_mul4x_1st_tail - -.align 5 -.Loop_mul4x_1st_tail: - $UMULL $t0,$a0,$bi # lo(a[4..7]*b[i]) - addze $carry,$carry # modulo-scheduled - $UMULL $t1,$a1,$bi - addi $cnt,$cnt,$SIZE_T - $UMULL $t2,$a2,$bi - andi. $cnt,$cnt,$SIZE_T*4-1 - $UMULL $t3,$a3,$bi - addc $acc0,$acc0,$t0 - $UMULH $t0,$a0,$bi # hi(a[4..7]*b[i]) - adde $acc1,$acc1,$t1 - $UMULH $t1,$a1,$bi - adde $acc2,$acc2,$t2 - $UMULH $t2,$a2,$bi - adde $acc3,$acc3,$t3 - $UMULH $t3,$a3,$bi - addze $acc4,$zero - $LDX $bi,$bp,$cnt # next b[i] (or b[0]) - addc $acc1,$acc1,$t0 - $UMULL $t0,$m0,$mi # lo(n[4..7]*a[0]*n0) - adde $acc2,$acc2,$t1 - $UMULL $t1,$m1,$mi - adde $acc3,$acc3,$t2 - $UMULL $t2,$m2,$mi - adde $acc4,$acc4,$t3 # can't overflow - $UMULL $t3,$m3,$mi - addc $acc0,$acc0,$t0 - $UMULH $t0,$m0,$mi # hi(n[4..7]*a[0]*n0) - adde $acc1,$acc1,$t1 - $UMULH $t1,$m1,$mi - adde $acc2,$acc2,$t2 - $UMULH $t2,$m2,$mi - adde $acc3,$acc3,$t3 - adde $acc4,$acc4,$carry - $UMULH $t3,$m3,$mi - addze $carry,$zero - addi $mi,$sp,$SIZE_T*8 - $LDX $mi,$mi,$cnt # next t[0]*n0 - $STU $acc0,$SIZE_T($tp) # word of result - addc $acc0,$acc1,$t0 - adde $acc1,$acc2,$t1 - adde $acc2,$acc3,$t2 - adde $acc3,$acc4,$t3 - #addze $carry,$carry - bne .Loop_mul4x_1st_tail - - sub $t1,$ap_end,$num # rewinded $ap - $UCMP $ap_end,$ap # done yet? - beq .Lmul4x_proceed - - $LD $a0,$SIZE_T*1($ap) - $LD $a1,$SIZE_T*2($ap) - $LD $a2,$SIZE_T*3($ap) - $LDU $a3,$SIZE_T*4($ap) - $LD $m0,$SIZE_T*1($np) - $LD $m1,$SIZE_T*2($np) - $LD $m2,$SIZE_T*3($np) - $LDU $m3,$SIZE_T*4($np) - b .Loop_mul4x_1st_tail - -.align 5 -.Lmul4x_proceed: - $LDU $bi,$SIZE_T*4($bp) # *++b - addze $carry,$carry # topmost carry - $LD $a0,$SIZE_T*1($t1) - $LD $a1,$SIZE_T*2($t1) - $LD $a2,$SIZE_T*3($t1) - $LD $a3,$SIZE_T*4($t1) - addi $ap,$t1,$SIZE_T*4 - sub $np,$np,$num # rewind np - - $ST $acc0,$SIZE_T*1($tp) # result - $ST $acc1,$SIZE_T*2($tp) - $ST $acc2,$SIZE_T*3($tp) - $ST $acc3,$SIZE_T*4($tp) - $ST $carry,$SIZE_T*5($tp) # save topmost carry - $LD $acc0,$SIZE_T*12($sp) # t[0..3] - $LD $acc1,$SIZE_T*13($sp) - $LD $acc2,$SIZE_T*14($sp) - $LD $acc3,$SIZE_T*15($sp) - - $LD $m0,$SIZE_T*1($np) # n[0..3] - $LD $m1,$SIZE_T*2($np) - $LD $m2,$SIZE_T*3($np) - $LDU $m3,$SIZE_T*4($np) - addic $tp,$sp,$SIZE_T*7 # &t[-1], clear carry bit - li $carry,0 - b .Loop_mul4x_reduction - -.align 5 -.Loop_mul4x_reduction: - $UMULL $t0,$a0,$bi # lo(a[0..3]*b[4]) - addze $carry,$carry # modulo-scheduled - $UMULL $t1,$a1,$bi - addi $cnt,$cnt,$SIZE_T - $UMULL $t2,$a2,$bi - andi. $cnt,$cnt,$SIZE_T*4-1 - $UMULL $t3,$a3,$bi - addc $acc0,$acc0,$t0 - $UMULH $t0,$a0,$bi # hi(a[0..3]*b[4]) - adde $acc1,$acc1,$t1 - $UMULH $t1,$a1,$bi - adde $acc2,$acc2,$t2 - $UMULL $mi,$acc0,$n0 # t[0]*n0 - adde $acc3,$acc3,$t3 - $UMULH $t2,$a2,$bi - addze $acc4,$zero - $UMULH $t3,$a3,$bi - $LDX $bi,$bp,$cnt # next b[i] - addc $acc1,$acc1,$t0 - # (*) mul $t0,$m0,$mi - $STU $mi,$SIZE_T($tp) # put aside t[0]*n0 for tail processing - adde $acc2,$acc2,$t1 - $UMULL $t1,$m1,$mi # lo(n[0..3]*t[0]*n0 - adde $acc3,$acc3,$t2 - $UMULL $t2,$m2,$mi - adde $acc4,$acc4,$t3 # can't overflow - $UMULL $t3,$m3,$mi - # (*) addc $acc0,$acc0,$t0 - addic $acc0,$acc0,-1 # (*), discarded - $UMULH $t0,$m0,$mi # hi(n[0..3]*t[0]*n0 - adde $acc0,$acc1,$t1 - $UMULH $t1,$m1,$mi - adde $acc1,$acc2,$t2 - $UMULH $t2,$m2,$mi - adde $acc2,$acc3,$t3 - $UMULH $t3,$m3,$mi - adde $acc3,$acc4,$carry - addze $carry,$zero - addc $acc0,$acc0,$t0 - adde $acc1,$acc1,$t1 - adde $acc2,$acc2,$t2 - adde $acc3,$acc3,$t3 - #addze $carry,$carry - bne .Loop_mul4x_reduction - - $LD $t0,$SIZE_T*5($tp) # t[4..7] - addze $carry,$carry - $LD $t1,$SIZE_T*6($tp) - $LD $t2,$SIZE_T*7($tp) - $LD $t3,$SIZE_T*8($tp) - $LD $a0,$SIZE_T*1($ap) # a[4..7] - $LD $a1,$SIZE_T*2($ap) - $LD $a2,$SIZE_T*3($ap) - $LDU $a3,$SIZE_T*4($ap) - addc $acc0,$acc0,$t0 - adde $acc1,$acc1,$t1 - adde $acc2,$acc2,$t2 - adde $acc3,$acc3,$t3 - #addze $carry,$carry - - $LD $mi,$SIZE_T*8($sp) # t[0]*n0 - $LD $m0,$SIZE_T*1($np) # n[4..7] - $LD $m1,$SIZE_T*2($np) - $LD $m2,$SIZE_T*3($np) - $LDU $m3,$SIZE_T*4($np) - b .Loop_mul4x_tail - -.align 5 -.Loop_mul4x_tail: - $UMULL $t0,$a0,$bi # lo(a[4..7]*b[4]) - addze $carry,$carry # modulo-scheduled - $UMULL $t1,$a1,$bi - addi $cnt,$cnt,$SIZE_T - $UMULL $t2,$a2,$bi - andi. $cnt,$cnt,$SIZE_T*4-1 - $UMULL $t3,$a3,$bi - addc $acc0,$acc0,$t0 - $UMULH $t0,$a0,$bi # hi(a[4..7]*b[4]) - adde $acc1,$acc1,$t1 - $UMULH $t1,$a1,$bi - adde $acc2,$acc2,$t2 - $UMULH $t2,$a2,$bi - adde $acc3,$acc3,$t3 - $UMULH $t3,$a3,$bi - addze $acc4,$zero - $LDX $bi,$bp,$cnt # next b[i] - addc $acc1,$acc1,$t0 - $UMULL $t0,$m0,$mi # lo(n[4..7]*t[0]*n0) - adde $acc2,$acc2,$t1 - $UMULL $t1,$m1,$mi - adde $acc3,$acc3,$t2 - $UMULL $t2,$m2,$mi - adde $acc4,$acc4,$t3 # can't overflow - $UMULL $t3,$m3,$mi - addc $acc0,$acc0,$t0 - $UMULH $t0,$m0,$mi # hi(n[4..7]*t[0]*n0) - adde $acc1,$acc1,$t1 - $UMULH $t1,$m1,$mi - adde $acc2,$acc2,$t2 - $UMULH $t2,$m2,$mi - adde $acc3,$acc3,$t3 - $UMULH $t3,$m3,$mi - adde $acc4,$acc4,$carry - addi $mi,$sp,$SIZE_T*8 - $LDX $mi,$mi,$cnt # next a[0]*n0 - addze $carry,$zero - $STU $acc0,$SIZE_T($tp) # word of result - addc $acc0,$acc1,$t0 - adde $acc1,$acc2,$t1 - adde $acc2,$acc3,$t2 - adde $acc3,$acc4,$t3 - #addze $carry,$carry - bne .Loop_mul4x_tail - - $LD $t0,$SIZE_T*5($tp) # next t[i] or topmost carry - sub $t1,$np,$num # rewinded np? - addze $carry,$carry - $UCMP $ap_end,$ap # done yet? - beq .Loop_mul4x_break - - $LD $t1,$SIZE_T*6($tp) - $LD $t2,$SIZE_T*7($tp) - $LD $t3,$SIZE_T*8($tp) - $LD $a0,$SIZE_T*1($ap) - $LD $a1,$SIZE_T*2($ap) - $LD $a2,$SIZE_T*3($ap) - $LDU $a3,$SIZE_T*4($ap) - addc $acc0,$acc0,$t0 - adde $acc1,$acc1,$t1 - adde $acc2,$acc2,$t2 - adde $acc3,$acc3,$t3 - #addze $carry,$carry - - $LD $m0,$SIZE_T*1($np) # n[4..7] - $LD $m1,$SIZE_T*2($np) - $LD $m2,$SIZE_T*3($np) - $LDU $m3,$SIZE_T*4($np) - b .Loop_mul4x_tail - -.align 5 -.Loop_mul4x_break: - $POP $t2,$SIZE_T*6($sp) # pull rp and &b[num-4] - $POP $t3,$SIZE_T*7($sp) - addc $a0,$acc0,$t0 # accumulate topmost carry - $LD $acc0,$SIZE_T*12($sp) # t[0..3] - addze $a1,$acc1 - $LD $acc1,$SIZE_T*13($sp) - addze $a2,$acc2 - $LD $acc2,$SIZE_T*14($sp) - addze $a3,$acc3 - $LD $acc3,$SIZE_T*15($sp) - addze $carry,$carry # topmost carry - $ST $a0,$SIZE_T*1($tp) # result - sub $ap,$ap_end,$num # rewind ap - $ST $a1,$SIZE_T*2($tp) - $ST $a2,$SIZE_T*3($tp) - $ST $a3,$SIZE_T*4($tp) - $ST $carry,$SIZE_T*5($tp) # store topmost carry - - $LD $m0,$SIZE_T*1($t1) # n[0..3] - $LD $m1,$SIZE_T*2($t1) - $LD $m2,$SIZE_T*3($t1) - $LD $m3,$SIZE_T*4($t1) - addi $np,$t1,$SIZE_T*4 - $UCMP $bp,$t3 # done yet? - beq .Lmul4x_post - - $LDU $bi,$SIZE_T*4($bp) - $LD $a0,$SIZE_T*1($ap) # a[0..3] - $LD $a1,$SIZE_T*2($ap) - $LD $a2,$SIZE_T*3($ap) - $LDU $a3,$SIZE_T*4($ap) - li $carry,0 - addic $tp,$sp,$SIZE_T*7 # &t[-1], clear carry bit - b .Loop_mul4x_reduction - -.align 5 -.Lmul4x_post: - # Final step. We see if result is larger than modulus, and - # if it is, subtract the modulus. But comparison implies - # subtraction. So we subtract modulus, see if it borrowed, - # and conditionally copy original value. - srwi $cnt,$num,`log($SIZE_T)/log(2)+2` - mr $bp,$t2 # &rp[-1] - subi $cnt,$cnt,1 - mr $ap_end,$t2 # &rp[-1] copy - subfc $t0,$m0,$acc0 - addi $tp,$sp,$SIZE_T*15 - subfe $t1,$m1,$acc1 - - mtctr $cnt -.Lmul4x_sub: - $LD $m0,$SIZE_T*1($np) - $LD $acc0,$SIZE_T*1($tp) - subfe $t2,$m2,$acc2 - $LD $m1,$SIZE_T*2($np) - $LD $acc1,$SIZE_T*2($tp) - subfe $t3,$m3,$acc3 - $LD $m2,$SIZE_T*3($np) - $LD $acc2,$SIZE_T*3($tp) - $LDU $m3,$SIZE_T*4($np) - $LDU $acc3,$SIZE_T*4($tp) - $ST $t0,$SIZE_T*1($bp) - $ST $t1,$SIZE_T*2($bp) - subfe $t0,$m0,$acc0 - $ST $t2,$SIZE_T*3($bp) - $STU $t3,$SIZE_T*4($bp) - subfe $t1,$m1,$acc1 - bdnz .Lmul4x_sub - - $LD $a0,$SIZE_T*1($ap_end) - $ST $t0,$SIZE_T*1($bp) - $LD $t0,$SIZE_T*12($sp) - subfe $t2,$m2,$acc2 - $LD $a1,$SIZE_T*2($ap_end) - $ST $t1,$SIZE_T*2($bp) - $LD $t1,$SIZE_T*13($sp) - subfe $t3,$m3,$acc3 - subfe $carry,$zero,$carry # did it borrow? - addi $tp,$sp,$SIZE_T*12 - $LD $a2,$SIZE_T*3($ap_end) - $ST $t2,$SIZE_T*3($bp) - $LD $t2,$SIZE_T*14($sp) - $LD $a3,$SIZE_T*4($ap_end) - $ST $t3,$SIZE_T*4($bp) - $LD $t3,$SIZE_T*15($sp) - - mtctr $cnt -.Lmul4x_cond_copy: - and $t0,$t0,$carry - andc $a0,$a0,$carry - $ST $zero,$SIZE_T*0($tp) # wipe stack clean - and $t1,$t1,$carry - andc $a1,$a1,$carry - $ST $zero,$SIZE_T*1($tp) - and $t2,$t2,$carry - andc $a2,$a2,$carry - $ST $zero,$SIZE_T*2($tp) - and $t3,$t3,$carry - andc $a3,$a3,$carry - $ST $zero,$SIZE_T*3($tp) - or $acc0,$t0,$a0 - $LD $a0,$SIZE_T*5($ap_end) - $LD $t0,$SIZE_T*4($tp) - or $acc1,$t1,$a1 - $LD $a1,$SIZE_T*6($ap_end) - $LD $t1,$SIZE_T*5($tp) - or $acc2,$t2,$a2 - $LD $a2,$SIZE_T*7($ap_end) - $LD $t2,$SIZE_T*6($tp) - or $acc3,$t3,$a3 - $LD $a3,$SIZE_T*8($ap_end) - $LD $t3,$SIZE_T*7($tp) - addi $tp,$tp,$SIZE_T*4 - $ST $acc0,$SIZE_T*1($ap_end) - $ST $acc1,$SIZE_T*2($ap_end) - $ST $acc2,$SIZE_T*3($ap_end) - $STU $acc3,$SIZE_T*4($ap_end) - bdnz .Lmul4x_cond_copy - - $POP $bp,0($sp) # pull saved sp - and $t0,$t0,$carry - andc $a0,$a0,$carry - $ST $zero,$SIZE_T*0($tp) - and $t1,$t1,$carry - andc $a1,$a1,$carry - $ST $zero,$SIZE_T*1($tp) - and $t2,$t2,$carry - andc $a2,$a2,$carry - $ST $zero,$SIZE_T*2($tp) - and $t3,$t3,$carry - andc $a3,$a3,$carry - $ST $zero,$SIZE_T*3($tp) - or $acc0,$t0,$a0 - or $acc1,$t1,$a1 - $ST $zero,$SIZE_T*4($tp) - or $acc2,$t2,$a2 - or $acc3,$t3,$a3 - $ST $acc0,$SIZE_T*1($ap_end) - $ST $acc1,$SIZE_T*2($ap_end) - $ST $acc2,$SIZE_T*3($ap_end) - $ST $acc3,$SIZE_T*4($ap_end) - - b .Lmul4x_done - -.align 4 -.Lmul4x4_post_condition: - $POP $ap,$SIZE_T*6($sp) # pull &rp[-1] - $POP $bp,0($sp) # pull saved sp - addze $carry,$carry # modulo-scheduled - # $acc0-3,$carry hold result, $m0-3 hold modulus - subfc $a0,$m0,$acc0 - subfe $a1,$m1,$acc1 - subfe $a2,$m2,$acc2 - subfe $a3,$m3,$acc3 - subfe $carry,$zero,$carry # did it borrow? - - and $m0,$m0,$carry - and $m1,$m1,$carry - addc $a0,$a0,$m0 - and $m2,$m2,$carry - adde $a1,$a1,$m1 - and $m3,$m3,$carry - adde $a2,$a2,$m2 - adde $a3,$a3,$m3 - - $ST $a0,$SIZE_T*1($ap) # write result - $ST $a1,$SIZE_T*2($ap) - $ST $a2,$SIZE_T*3($ap) - $ST $a3,$SIZE_T*4($ap) - -.Lmul4x_done: - $ST $zero,$SIZE_T*8($sp) # wipe stack clean - $ST $zero,$SIZE_T*9($sp) - $ST $zero,$SIZE_T*10($sp) - $ST $zero,$SIZE_T*11($sp) - li r3,1 # signal "done" - $POP r14,-$SIZE_T*18($bp) - $POP r15,-$SIZE_T*17($bp) - $POP r16,-$SIZE_T*16($bp) - $POP r17,-$SIZE_T*15($bp) - $POP r18,-$SIZE_T*14($bp) - $POP r19,-$SIZE_T*13($bp) - $POP r20,-$SIZE_T*12($bp) - $POP r21,-$SIZE_T*11($bp) - $POP r22,-$SIZE_T*10($bp) - $POP r23,-$SIZE_T*9($bp) - $POP r24,-$SIZE_T*8($bp) - $POP r25,-$SIZE_T*7($bp) - $POP r26,-$SIZE_T*6($bp) - $POP r27,-$SIZE_T*5($bp) - $POP r28,-$SIZE_T*4($bp) - $POP r29,-$SIZE_T*3($bp) - $POP r30,-$SIZE_T*2($bp) - $POP r31,-$SIZE_T*1($bp) - mr $sp,$bp - blr - .long 0 - .byte 0,12,4,0x20,0x80,18,6,0 - .long 0 -.size .bn_mul4x_mont_int,.-.bn_mul4x_mont_int -___ -} - -if (1) { -######################################################################## -# Following is PPC adaptation of sqrx8x_mont from x86_64-mont5 module. - -my ($a0,$a1,$a2,$a3,$a4,$a5,$a6,$a7)=map("r$_",(9..12,14..17)); -my ($t0,$t1,$t2,$t3)=map("r$_",(18..21)); -my ($acc0,$acc1,$acc2,$acc3,$acc4,$acc5,$acc6,$acc7)=map("r$_",(22..29)); -my ($cnt,$carry,$zero)=("r30","r31","r0"); -my ($tp,$ap_end,$na0)=($bp,$np,$carry); - -# sp----------->+-------------------------------+ -# | saved sp | -# +-------------------------------+ -# . . -# +12*size_t +-------------------------------+ -# | size_t tmp[2*num] | -# . . -# . . -# . . -# +-------------------------------+ -# . . -# -18*size_t +-------------------------------+ -# | 18 saved gpr, r14-r31 | -# . . -# . . -# +-------------------------------+ -$code.=<<___; -.align 5 -__bn_sqr8x_mont: -.Lsqr8x_do: - mr $a0,$sp - slwi $a1,$num,`log($SIZE_T)/log(2)+1` - li $a2,-32*$SIZE_T - sub $a1,$a2,$a1 - slwi $num,$num,`log($SIZE_T)/log(2)` - $STUX $sp,$sp,$a1 # alloca - - $PUSH r14,-$SIZE_T*18($a0) - $PUSH r15,-$SIZE_T*17($a0) - $PUSH r16,-$SIZE_T*16($a0) - $PUSH r17,-$SIZE_T*15($a0) - $PUSH r18,-$SIZE_T*14($a0) - $PUSH r19,-$SIZE_T*13($a0) - $PUSH r20,-$SIZE_T*12($a0) - $PUSH r21,-$SIZE_T*11($a0) - $PUSH r22,-$SIZE_T*10($a0) - $PUSH r23,-$SIZE_T*9($a0) - $PUSH r24,-$SIZE_T*8($a0) - $PUSH r25,-$SIZE_T*7($a0) - $PUSH r26,-$SIZE_T*6($a0) - $PUSH r27,-$SIZE_T*5($a0) - $PUSH r28,-$SIZE_T*4($a0) - $PUSH r29,-$SIZE_T*3($a0) - $PUSH r30,-$SIZE_T*2($a0) - $PUSH r31,-$SIZE_T*1($a0) - - subi $ap,$ap,$SIZE_T # bias by -1 - subi $t0,$np,$SIZE_T # bias by -1 - subi $rp,$rp,$SIZE_T # bias by -1 - $LD $n0,0($n0) # *n0 - li $zero,0 - - add $ap_end,$ap,$num - $LD $a0,$SIZE_T*1($ap) - #li $acc0,0 - $LD $a1,$SIZE_T*2($ap) - li $acc1,0 - $LD $a2,$SIZE_T*3($ap) - li $acc2,0 - $LD $a3,$SIZE_T*4($ap) - li $acc3,0 - $LD $a4,$SIZE_T*5($ap) - li $acc4,0 - $LD $a5,$SIZE_T*6($ap) - li $acc5,0 - $LD $a6,$SIZE_T*7($ap) - li $acc6,0 - $LDU $a7,$SIZE_T*8($ap) - li $acc7,0 - - addi $tp,$sp,$SIZE_T*11 # &tp[-1] - subic. $cnt,$num,$SIZE_T*8 - b .Lsqr8x_zero_start - -.align 5 -.Lsqr8x_zero: - subic. $cnt,$cnt,$SIZE_T*8 - $ST $zero,$SIZE_T*1($tp) - $ST $zero,$SIZE_T*2($tp) - $ST $zero,$SIZE_T*3($tp) - $ST $zero,$SIZE_T*4($tp) - $ST $zero,$SIZE_T*5($tp) - $ST $zero,$SIZE_T*6($tp) - $ST $zero,$SIZE_T*7($tp) - $ST $zero,$SIZE_T*8($tp) -.Lsqr8x_zero_start: - $ST $zero,$SIZE_T*9($tp) - $ST $zero,$SIZE_T*10($tp) - $ST $zero,$SIZE_T*11($tp) - $ST $zero,$SIZE_T*12($tp) - $ST $zero,$SIZE_T*13($tp) - $ST $zero,$SIZE_T*14($tp) - $ST $zero,$SIZE_T*15($tp) - $STU $zero,$SIZE_T*16($tp) - bne .Lsqr8x_zero - - $PUSH $rp,$SIZE_T*6($sp) # offload &rp[-1] - $PUSH $t0,$SIZE_T*7($sp) # offload &np[-1] - $PUSH $n0,$SIZE_T*8($sp) # offload n0 - $PUSH $tp,$SIZE_T*9($sp) # &tp[2*num-1] - $PUSH $zero,$SIZE_T*10($sp) # initial top-most carry - addi $tp,$sp,$SIZE_T*11 # &tp[-1] - - # Multiply everything but a[i]*a[i] -.align 5 -.Lsqr8x_outer_loop: - # a[1]a[0] (i) - # a[2]a[0] - # a[3]a[0] - # a[4]a[0] - # a[5]a[0] - # a[6]a[0] - # a[7]a[0] - # a[2]a[1] (ii) - # a[3]a[1] - # a[4]a[1] - # a[5]a[1] - # a[6]a[1] - # a[7]a[1] - # a[3]a[2] (iii) - # a[4]a[2] - # a[5]a[2] - # a[6]a[2] - # a[7]a[2] - # a[4]a[3] (iv) - # a[5]a[3] - # a[6]a[3] - # a[7]a[3] - # a[5]a[4] (v) - # a[6]a[4] - # a[7]a[4] - # a[6]a[5] (vi) - # a[7]a[5] - # a[7]a[6] (vii) - - $UMULL $t0,$a1,$a0 # lo(a[1..7]*a[0]) (i) - $UMULL $t1,$a2,$a0 - $UMULL $t2,$a3,$a0 - $UMULL $t3,$a4,$a0 - addc $acc1,$acc1,$t0 # t[1]+lo(a[1]*a[0]) - $UMULL $t0,$a5,$a0 - adde $acc2,$acc2,$t1 - $UMULL $t1,$a6,$a0 - adde $acc3,$acc3,$t2 - $UMULL $t2,$a7,$a0 - adde $acc4,$acc4,$t3 - $UMULH $t3,$a1,$a0 # hi(a[1..7]*a[0]) - adde $acc5,$acc5,$t0 - $UMULH $t0,$a2,$a0 - adde $acc6,$acc6,$t1 - $UMULH $t1,$a3,$a0 - adde $acc7,$acc7,$t2 - $UMULH $t2,$a4,$a0 - $ST $acc0,$SIZE_T*1($tp) # t[0] - addze $acc0,$zero # t[8] - $ST $acc1,$SIZE_T*2($tp) # t[1] - addc $acc2,$acc2,$t3 # t[2]+lo(a[1]*a[0]) - $UMULH $t3,$a5,$a0 - adde $acc3,$acc3,$t0 - $UMULH $t0,$a6,$a0 - adde $acc4,$acc4,$t1 - $UMULH $t1,$a7,$a0 - adde $acc5,$acc5,$t2 - $UMULL $t2,$a2,$a1 # lo(a[2..7]*a[1]) (ii) - adde $acc6,$acc6,$t3 - $UMULL $t3,$a3,$a1 - adde $acc7,$acc7,$t0 - $UMULL $t0,$a4,$a1 - adde $acc0,$acc0,$t1 - - $UMULL $t1,$a5,$a1 - addc $acc3,$acc3,$t2 - $UMULL $t2,$a6,$a1 - adde $acc4,$acc4,$t3 - $UMULL $t3,$a7,$a1 - adde $acc5,$acc5,$t0 - $UMULH $t0,$a2,$a1 # hi(a[2..7]*a[1]) - adde $acc6,$acc6,$t1 - $UMULH $t1,$a3,$a1 - adde $acc7,$acc7,$t2 - $UMULH $t2,$a4,$a1 - adde $acc0,$acc0,$t3 - $UMULH $t3,$a5,$a1 - $ST $acc2,$SIZE_T*3($tp) # t[2] - addze $acc1,$zero # t[9] - $ST $acc3,$SIZE_T*4($tp) # t[3] - addc $acc4,$acc4,$t0 - $UMULH $t0,$a6,$a1 - adde $acc5,$acc5,$t1 - $UMULH $t1,$a7,$a1 - adde $acc6,$acc6,$t2 - $UMULL $t2,$a3,$a2 # lo(a[3..7]*a[2]) (iii) - adde $acc7,$acc7,$t3 - $UMULL $t3,$a4,$a2 - adde $acc0,$acc0,$t0 - $UMULL $t0,$a5,$a2 - adde $acc1,$acc1,$t1 - - $UMULL $t1,$a6,$a2 - addc $acc5,$acc5,$t2 - $UMULL $t2,$a7,$a2 - adde $acc6,$acc6,$t3 - $UMULH $t3,$a3,$a2 # hi(a[3..7]*a[2]) - adde $acc7,$acc7,$t0 - $UMULH $t0,$a4,$a2 - adde $acc0,$acc0,$t1 - $UMULH $t1,$a5,$a2 - adde $acc1,$acc1,$t2 - $UMULH $t2,$a6,$a2 - $ST $acc4,$SIZE_T*5($tp) # t[4] - addze $acc2,$zero # t[10] - $ST $acc5,$SIZE_T*6($tp) # t[5] - addc $acc6,$acc6,$t3 - $UMULH $t3,$a7,$a2 - adde $acc7,$acc7,$t0 - $UMULL $t0,$a4,$a3 # lo(a[4..7]*a[3]) (iv) - adde $acc0,$acc0,$t1 - $UMULL $t1,$a5,$a3 - adde $acc1,$acc1,$t2 - $UMULL $t2,$a6,$a3 - adde $acc2,$acc2,$t3 - - $UMULL $t3,$a7,$a3 - addc $acc7,$acc7,$t0 - $UMULH $t0,$a4,$a3 # hi(a[4..7]*a[3]) - adde $acc0,$acc0,$t1 - $UMULH $t1,$a5,$a3 - adde $acc1,$acc1,$t2 - $UMULH $t2,$a6,$a3 - adde $acc2,$acc2,$t3 - $UMULH $t3,$a7,$a3 - $ST $acc6,$SIZE_T*7($tp) # t[6] - addze $acc3,$zero # t[11] - $STU $acc7,$SIZE_T*8($tp) # t[7] - addc $acc0,$acc0,$t0 - $UMULL $t0,$a5,$a4 # lo(a[5..7]*a[4]) (v) - adde $acc1,$acc1,$t1 - $UMULL $t1,$a6,$a4 - adde $acc2,$acc2,$t2 - $UMULL $t2,$a7,$a4 - adde $acc3,$acc3,$t3 - - $UMULH $t3,$a5,$a4 # hi(a[5..7]*a[4]) - addc $acc1,$acc1,$t0 - $UMULH $t0,$a6,$a4 - adde $acc2,$acc2,$t1 - $UMULH $t1,$a7,$a4 - adde $acc3,$acc3,$t2 - $UMULL $t2,$a6,$a5 # lo(a[6..7]*a[5]) (vi) - addze $acc4,$zero # t[12] - addc $acc2,$acc2,$t3 - $UMULL $t3,$a7,$a5 - adde $acc3,$acc3,$t0 - $UMULH $t0,$a6,$a5 # hi(a[6..7]*a[5]) - adde $acc4,$acc4,$t1 - - $UMULH $t1,$a7,$a5 - addc $acc3,$acc3,$t2 - $UMULL $t2,$a7,$a6 # lo(a[7]*a[6]) (vii) - adde $acc4,$acc4,$t3 - $UMULH $t3,$a7,$a6 # hi(a[7]*a[6]) - addze $acc5,$zero # t[13] - addc $acc4,$acc4,$t0 - $UCMP $ap_end,$ap # done yet? - adde $acc5,$acc5,$t1 - - addc $acc5,$acc5,$t2 - sub $t0,$ap_end,$num # rewinded ap - addze $acc6,$zero # t[14] - add $acc6,$acc6,$t3 - - beq .Lsqr8x_outer_break - - mr $n0,$a0 - $LD $a0,$SIZE_T*1($tp) - $LD $a1,$SIZE_T*2($tp) - $LD $a2,$SIZE_T*3($tp) - $LD $a3,$SIZE_T*4($tp) - $LD $a4,$SIZE_T*5($tp) - $LD $a5,$SIZE_T*6($tp) - $LD $a6,$SIZE_T*7($tp) - $LD $a7,$SIZE_T*8($tp) - addc $acc0,$acc0,$a0 - $LD $a0,$SIZE_T*1($ap) - adde $acc1,$acc1,$a1 - $LD $a1,$SIZE_T*2($ap) - adde $acc2,$acc2,$a2 - $LD $a2,$SIZE_T*3($ap) - adde $acc3,$acc3,$a3 - $LD $a3,$SIZE_T*4($ap) - adde $acc4,$acc4,$a4 - $LD $a4,$SIZE_T*5($ap) - adde $acc5,$acc5,$a5 - $LD $a5,$SIZE_T*6($ap) - adde $acc6,$acc6,$a6 - $LD $a6,$SIZE_T*7($ap) - subi $rp,$ap,$SIZE_T*7 - addze $acc7,$a7 - $LDU $a7,$SIZE_T*8($ap) - #addze $carry,$zero # moved below - li $cnt,0 - b .Lsqr8x_mul - - # a[8]a[0] - # a[9]a[0] - # a[a]a[0] - # a[b]a[0] - # a[c]a[0] - # a[d]a[0] - # a[e]a[0] - # a[f]a[0] - # a[8]a[1] - # a[f]a[1]........................ - # a[8]a[2] - # a[f]a[2]........................ - # a[8]a[3] - # a[f]a[3]........................ - # a[8]a[4] - # a[f]a[4]........................ - # a[8]a[5] - # a[f]a[5]........................ - # a[8]a[6] - # a[f]a[6]........................ - # a[8]a[7] - # a[f]a[7]........................ -.align 5 -.Lsqr8x_mul: - $UMULL $t0,$a0,$n0 - addze $carry,$zero # carry bit, modulo-scheduled - $UMULL $t1,$a1,$n0 - addi $cnt,$cnt,$SIZE_T - $UMULL $t2,$a2,$n0 - andi. $cnt,$cnt,$SIZE_T*8-1 - $UMULL $t3,$a3,$n0 - addc $acc0,$acc0,$t0 - $UMULL $t0,$a4,$n0 - adde $acc1,$acc1,$t1 - $UMULL $t1,$a5,$n0 - adde $acc2,$acc2,$t2 - $UMULL $t2,$a6,$n0 - adde $acc3,$acc3,$t3 - $UMULL $t3,$a7,$n0 - adde $acc4,$acc4,$t0 - $UMULH $t0,$a0,$n0 - adde $acc5,$acc5,$t1 - $UMULH $t1,$a1,$n0 - adde $acc6,$acc6,$t2 - $UMULH $t2,$a2,$n0 - adde $acc7,$acc7,$t3 - $UMULH $t3,$a3,$n0 - addze $carry,$carry - $STU $acc0,$SIZE_T($tp) - addc $acc0,$acc1,$t0 - $UMULH $t0,$a4,$n0 - adde $acc1,$acc2,$t1 - $UMULH $t1,$a5,$n0 - adde $acc2,$acc3,$t2 - $UMULH $t2,$a6,$n0 - adde $acc3,$acc4,$t3 - $UMULH $t3,$a7,$n0 - $LDX $n0,$rp,$cnt - adde $acc4,$acc5,$t0 - adde $acc5,$acc6,$t1 - adde $acc6,$acc7,$t2 - adde $acc7,$carry,$t3 - #addze $carry,$zero # moved above - bne .Lsqr8x_mul - # note that carry flag is guaranteed - # to be zero at this point - $UCMP $ap,$ap_end # done yet? - beq .Lsqr8x_break - - $LD $a0,$SIZE_T*1($tp) - $LD $a1,$SIZE_T*2($tp) - $LD $a2,$SIZE_T*3($tp) - $LD $a3,$SIZE_T*4($tp) - $LD $a4,$SIZE_T*5($tp) - $LD $a5,$SIZE_T*6($tp) - $LD $a6,$SIZE_T*7($tp) - $LD $a7,$SIZE_T*8($tp) - addc $acc0,$acc0,$a0 - $LD $a0,$SIZE_T*1($ap) - adde $acc1,$acc1,$a1 - $LD $a1,$SIZE_T*2($ap) - adde $acc2,$acc2,$a2 - $LD $a2,$SIZE_T*3($ap) - adde $acc3,$acc3,$a3 - $LD $a3,$SIZE_T*4($ap) - adde $acc4,$acc4,$a4 - $LD $a4,$SIZE_T*5($ap) - adde $acc5,$acc5,$a5 - $LD $a5,$SIZE_T*6($ap) - adde $acc6,$acc6,$a6 - $LD $a6,$SIZE_T*7($ap) - adde $acc7,$acc7,$a7 - $LDU $a7,$SIZE_T*8($ap) - #addze $carry,$zero # moved above - b .Lsqr8x_mul - -.align 5 -.Lsqr8x_break: - $LD $a0,$SIZE_T*8($rp) - addi $ap,$rp,$SIZE_T*15 - $LD $a1,$SIZE_T*9($rp) - sub. $t0,$ap_end,$ap # is it last iteration? - $LD $a2,$SIZE_T*10($rp) - sub $t1,$tp,$t0 - $LD $a3,$SIZE_T*11($rp) - $LD $a4,$SIZE_T*12($rp) - $LD $a5,$SIZE_T*13($rp) - $LD $a6,$SIZE_T*14($rp) - $LD $a7,$SIZE_T*15($rp) - beq .Lsqr8x_outer_loop - - $ST $acc0,$SIZE_T*1($tp) - $LD $acc0,$SIZE_T*1($t1) - $ST $acc1,$SIZE_T*2($tp) - $LD $acc1,$SIZE_T*2($t1) - $ST $acc2,$SIZE_T*3($tp) - $LD $acc2,$SIZE_T*3($t1) - $ST $acc3,$SIZE_T*4($tp) - $LD $acc3,$SIZE_T*4($t1) - $ST $acc4,$SIZE_T*5($tp) - $LD $acc4,$SIZE_T*5($t1) - $ST $acc5,$SIZE_T*6($tp) - $LD $acc5,$SIZE_T*6($t1) - $ST $acc6,$SIZE_T*7($tp) - $LD $acc6,$SIZE_T*7($t1) - $ST $acc7,$SIZE_T*8($tp) - $LD $acc7,$SIZE_T*8($t1) - mr $tp,$t1 - b .Lsqr8x_outer_loop - -.align 5 -.Lsqr8x_outer_break: - #################################################################### - # Now multiply above result by 2 and add a[n-1]*a[n-1]|...|a[0]*a[0] - $LD $a1,$SIZE_T*1($t0) # recall that $t0 is &a[-1] - $LD $a3,$SIZE_T*2($t0) - $LD $a5,$SIZE_T*3($t0) - $LD $a7,$SIZE_T*4($t0) - addi $ap,$t0,$SIZE_T*4 - # "tp[x]" comments are for num==8 case - $LD $t1,$SIZE_T*13($sp) # =tp[1], t[0] is not interesting - $LD $t2,$SIZE_T*14($sp) - $LD $t3,$SIZE_T*15($sp) - $LD $t0,$SIZE_T*16($sp) - - $ST $acc0,$SIZE_T*1($tp) # tp[8]= - srwi $cnt,$num,`log($SIZE_T)/log(2)+2` - $ST $acc1,$SIZE_T*2($tp) - subi $cnt,$cnt,1 - $ST $acc2,$SIZE_T*3($tp) - $ST $acc3,$SIZE_T*4($tp) - $ST $acc4,$SIZE_T*5($tp) - $ST $acc5,$SIZE_T*6($tp) - $ST $acc6,$SIZE_T*7($tp) - #$ST $acc7,$SIZE_T*8($tp) # tp[15] is not interesting - addi $tp,$sp,$SIZE_T*11 # &tp[-1] - $UMULL $acc0,$a1,$a1 - $UMULH $a1,$a1,$a1 - add $acc1,$t1,$t1 # <<1 - $SHRI $t1,$t1,$BITS-1 - $UMULL $a2,$a3,$a3 - $UMULH $a3,$a3,$a3 - addc $acc1,$acc1,$a1 - add $acc2,$t2,$t2 - $SHRI $t2,$t2,$BITS-1 - add $acc3,$t3,$t3 - $SHRI $t3,$t3,$BITS-1 - or $acc2,$acc2,$t1 - - mtctr $cnt -.Lsqr4x_shift_n_add: - $UMULL $a4,$a5,$a5 - $UMULH $a5,$a5,$a5 - $LD $t1,$SIZE_T*6($tp) # =tp[5] - $LD $a1,$SIZE_T*1($ap) - adde $acc2,$acc2,$a2 - add $acc4,$t0,$t0 - $SHRI $t0,$t0,$BITS-1 - or $acc3,$acc3,$t2 - $LD $t2,$SIZE_T*7($tp) # =tp[6] - adde $acc3,$acc3,$a3 - $LD $a3,$SIZE_T*2($ap) - add $acc5,$t1,$t1 - $SHRI $t1,$t1,$BITS-1 - or $acc4,$acc4,$t3 - $LD $t3,$SIZE_T*8($tp) # =tp[7] - $UMULL $a6,$a7,$a7 - $UMULH $a7,$a7,$a7 - adde $acc4,$acc4,$a4 - add $acc6,$t2,$t2 - $SHRI $t2,$t2,$BITS-1 - or $acc5,$acc5,$t0 - $LD $t0,$SIZE_T*9($tp) # =tp[8] - adde $acc5,$acc5,$a5 - $LD $a5,$SIZE_T*3($ap) - add $acc7,$t3,$t3 - $SHRI $t3,$t3,$BITS-1 - or $acc6,$acc6,$t1 - $LD $t1,$SIZE_T*10($tp) # =tp[9] - $UMULL $a0,$a1,$a1 - $UMULH $a1,$a1,$a1 - adde $acc6,$acc6,$a6 - $ST $acc0,$SIZE_T*1($tp) # tp[0]= - add $acc0,$t0,$t0 - $SHRI $t0,$t0,$BITS-1 - or $acc7,$acc7,$t2 - $LD $t2,$SIZE_T*11($tp) # =tp[10] - adde $acc7,$acc7,$a7 - $LDU $a7,$SIZE_T*4($ap) - $ST $acc1,$SIZE_T*2($tp) # tp[1]= - add $acc1,$t1,$t1 - $SHRI $t1,$t1,$BITS-1 - or $acc0,$acc0,$t3 - $LD $t3,$SIZE_T*12($tp) # =tp[11] - $UMULL $a2,$a3,$a3 - $UMULH $a3,$a3,$a3 - adde $acc0,$acc0,$a0 - $ST $acc2,$SIZE_T*3($tp) # tp[2]= - add $acc2,$t2,$t2 - $SHRI $t2,$t2,$BITS-1 - or $acc1,$acc1,$t0 - $LD $t0,$SIZE_T*13($tp) # =tp[12] - adde $acc1,$acc1,$a1 - $ST $acc3,$SIZE_T*4($tp) # tp[3]= - $ST $acc4,$SIZE_T*5($tp) # tp[4]= - $ST $acc5,$SIZE_T*6($tp) # tp[5]= - $ST $acc6,$SIZE_T*7($tp) # tp[6]= - $STU $acc7,$SIZE_T*8($tp) # tp[7]= - add $acc3,$t3,$t3 - $SHRI $t3,$t3,$BITS-1 - or $acc2,$acc2,$t1 - bdnz .Lsqr4x_shift_n_add -___ -my ($np,$np_end)=($ap,$ap_end); -$code.=<<___; - $POP $np,$SIZE_T*7($sp) # pull &np[-1] and n0 - $POP $n0,$SIZE_T*8($sp) - - $UMULL $a4,$a5,$a5 - $UMULH $a5,$a5,$a5 - $ST $acc0,$SIZE_T*1($tp) # tp[8]= - $LD $acc0,$SIZE_T*12($sp) # =tp[0] - $LD $t1,$SIZE_T*6($tp) # =tp[13] - adde $acc2,$acc2,$a2 - add $acc4,$t0,$t0 - $SHRI $t0,$t0,$BITS-1 - or $acc3,$acc3,$t2 - $LD $t2,$SIZE_T*7($tp) # =tp[14] - adde $acc3,$acc3,$a3 - add $acc5,$t1,$t1 - $SHRI $t1,$t1,$BITS-1 - or $acc4,$acc4,$t3 - $UMULL $a6,$a7,$a7 - $UMULH $a7,$a7,$a7 - adde $acc4,$acc4,$a4 - add $acc6,$t2,$t2 - $SHRI $t2,$t2,$BITS-1 - or $acc5,$acc5,$t0 - $ST $acc1,$SIZE_T*2($tp) # tp[9]= - $LD $acc1,$SIZE_T*13($sp) # =tp[1] - adde $acc5,$acc5,$a5 - or $acc6,$acc6,$t1 - $LD $a0,$SIZE_T*1($np) - $LD $a1,$SIZE_T*2($np) - adde $acc6,$acc6,$a6 - $LD $a2,$SIZE_T*3($np) - $LD $a3,$SIZE_T*4($np) - adde $acc7,$a7,$t2 - $LD $a4,$SIZE_T*5($np) - $LD $a5,$SIZE_T*6($np) - - ################################################################ - # Reduce by 8 limbs per iteration - $UMULL $na0,$n0,$acc0 # t[0]*n0 - li $cnt,8 - $LD $a6,$SIZE_T*7($np) - add $np_end,$np,$num - $LDU $a7,$SIZE_T*8($np) - $ST $acc2,$SIZE_T*3($tp) # tp[10]= - $LD $acc2,$SIZE_T*14($sp) - $ST $acc3,$SIZE_T*4($tp) # tp[11]= - $LD $acc3,$SIZE_T*15($sp) - $ST $acc4,$SIZE_T*5($tp) # tp[12]= - $LD $acc4,$SIZE_T*16($sp) - $ST $acc5,$SIZE_T*6($tp) # tp[13]= - $LD $acc5,$SIZE_T*17($sp) - $ST $acc6,$SIZE_T*7($tp) # tp[14]= - $LD $acc6,$SIZE_T*18($sp) - $ST $acc7,$SIZE_T*8($tp) # tp[15]= - $LD $acc7,$SIZE_T*19($sp) - addi $tp,$sp,$SIZE_T*11 # &tp[-1] - mtctr $cnt - b .Lsqr8x_reduction - -.align 5 -.Lsqr8x_reduction: - # (*) $UMULL $t0,$a0,$na0 # lo(n[0-7])*lo(t[0]*n0) - $UMULL $t1,$a1,$na0 - $UMULL $t2,$a2,$na0 - $STU $na0,$SIZE_T($tp) # put aside t[0]*n0 for tail processing - $UMULL $t3,$a3,$na0 - # (*) addc $acc0,$acc0,$t0 - addic $acc0,$acc0,-1 # (*) - $UMULL $t0,$a4,$na0 - adde $acc0,$acc1,$t1 - $UMULL $t1,$a5,$na0 - adde $acc1,$acc2,$t2 - $UMULL $t2,$a6,$na0 - adde $acc2,$acc3,$t3 - $UMULL $t3,$a7,$na0 - adde $acc3,$acc4,$t0 - $UMULH $t0,$a0,$na0 # hi(n[0-7])*lo(t[0]*n0) - adde $acc4,$acc5,$t1 - $UMULH $t1,$a1,$na0 - adde $acc5,$acc6,$t2 - $UMULH $t2,$a2,$na0 - adde $acc6,$acc7,$t3 - $UMULH $t3,$a3,$na0 - addze $acc7,$zero - addc $acc0,$acc0,$t0 - $UMULH $t0,$a4,$na0 - adde $acc1,$acc1,$t1 - $UMULH $t1,$a5,$na0 - adde $acc2,$acc2,$t2 - $UMULH $t2,$a6,$na0 - adde $acc3,$acc3,$t3 - $UMULH $t3,$a7,$na0 - $UMULL $na0,$n0,$acc0 # next t[0]*n0 - adde $acc4,$acc4,$t0 - adde $acc5,$acc5,$t1 - adde $acc6,$acc6,$t2 - adde $acc7,$acc7,$t3 - bdnz .Lsqr8x_reduction - - $LD $t0,$SIZE_T*1($tp) - $LD $t1,$SIZE_T*2($tp) - $LD $t2,$SIZE_T*3($tp) - $LD $t3,$SIZE_T*4($tp) - subi $rp,$tp,$SIZE_T*7 - $UCMP $np_end,$np # done yet? - addc $acc0,$acc0,$t0 - $LD $t0,$SIZE_T*5($tp) - adde $acc1,$acc1,$t1 - $LD $t1,$SIZE_T*6($tp) - adde $acc2,$acc2,$t2 - $LD $t2,$SIZE_T*7($tp) - adde $acc3,$acc3,$t3 - $LD $t3,$SIZE_T*8($tp) - adde $acc4,$acc4,$t0 - adde $acc5,$acc5,$t1 - adde $acc6,$acc6,$t2 - adde $acc7,$acc7,$t3 - #addze $carry,$zero # moved below - beq .Lsqr8x8_post_condition - - $LD $n0,$SIZE_T*0($rp) - $LD $a0,$SIZE_T*1($np) - $LD $a1,$SIZE_T*2($np) - $LD $a2,$SIZE_T*3($np) - $LD $a3,$SIZE_T*4($np) - $LD $a4,$SIZE_T*5($np) - $LD $a5,$SIZE_T*6($np) - $LD $a6,$SIZE_T*7($np) - $LDU $a7,$SIZE_T*8($np) - li $cnt,0 - -.align 5 -.Lsqr8x_tail: - $UMULL $t0,$a0,$n0 - addze $carry,$zero # carry bit, modulo-scheduled - $UMULL $t1,$a1,$n0 - addi $cnt,$cnt,$SIZE_T - $UMULL $t2,$a2,$n0 - andi. $cnt,$cnt,$SIZE_T*8-1 - $UMULL $t3,$a3,$n0 - addc $acc0,$acc0,$t0 - $UMULL $t0,$a4,$n0 - adde $acc1,$acc1,$t1 - $UMULL $t1,$a5,$n0 - adde $acc2,$acc2,$t2 - $UMULL $t2,$a6,$n0 - adde $acc3,$acc3,$t3 - $UMULL $t3,$a7,$n0 - adde $acc4,$acc4,$t0 - $UMULH $t0,$a0,$n0 - adde $acc5,$acc5,$t1 - $UMULH $t1,$a1,$n0 - adde $acc6,$acc6,$t2 - $UMULH $t2,$a2,$n0 - adde $acc7,$acc7,$t3 - $UMULH $t3,$a3,$n0 - addze $carry,$carry - $STU $acc0,$SIZE_T($tp) - addc $acc0,$acc1,$t0 - $UMULH $t0,$a4,$n0 - adde $acc1,$acc2,$t1 - $UMULH $t1,$a5,$n0 - adde $acc2,$acc3,$t2 - $UMULH $t2,$a6,$n0 - adde $acc3,$acc4,$t3 - $UMULH $t3,$a7,$n0 - $LDX $n0,$rp,$cnt - adde $acc4,$acc5,$t0 - adde $acc5,$acc6,$t1 - adde $acc6,$acc7,$t2 - adde $acc7,$carry,$t3 - #addze $carry,$zero # moved above - bne .Lsqr8x_tail - # note that carry flag is guaranteed - # to be zero at this point - $LD $a0,$SIZE_T*1($tp) - $POP $carry,$SIZE_T*10($sp) # pull top-most carry in case we break - $UCMP $np_end,$np # done yet? - $LD $a1,$SIZE_T*2($tp) - sub $t2,$np_end,$num # rewinded np - $LD $a2,$SIZE_T*3($tp) - $LD $a3,$SIZE_T*4($tp) - $LD $a4,$SIZE_T*5($tp) - $LD $a5,$SIZE_T*6($tp) - $LD $a6,$SIZE_T*7($tp) - $LD $a7,$SIZE_T*8($tp) - beq .Lsqr8x_tail_break - - addc $acc0,$acc0,$a0 - $LD $a0,$SIZE_T*1($np) - adde $acc1,$acc1,$a1 - $LD $a1,$SIZE_T*2($np) - adde $acc2,$acc2,$a2 - $LD $a2,$SIZE_T*3($np) - adde $acc3,$acc3,$a3 - $LD $a3,$SIZE_T*4($np) - adde $acc4,$acc4,$a4 - $LD $a4,$SIZE_T*5($np) - adde $acc5,$acc5,$a5 - $LD $a5,$SIZE_T*6($np) - adde $acc6,$acc6,$a6 - $LD $a6,$SIZE_T*7($np) - adde $acc7,$acc7,$a7 - $LDU $a7,$SIZE_T*8($np) - #addze $carry,$zero # moved above - b .Lsqr8x_tail - -.align 5 -.Lsqr8x_tail_break: - $POP $n0,$SIZE_T*8($sp) # pull n0 - $POP $t3,$SIZE_T*9($sp) # &tp[2*num-1] - addi $cnt,$tp,$SIZE_T*8 # end of current t[num] window - - addic $carry,$carry,-1 # "move" top-most carry to carry bit - adde $t0,$acc0,$a0 - $LD $acc0,$SIZE_T*8($rp) - $LD $a0,$SIZE_T*1($t2) # recall that $t2 is &n[-1] - adde $t1,$acc1,$a1 - $LD $acc1,$SIZE_T*9($rp) - $LD $a1,$SIZE_T*2($t2) - adde $acc2,$acc2,$a2 - $LD $a2,$SIZE_T*3($t2) - adde $acc3,$acc3,$a3 - $LD $a3,$SIZE_T*4($t2) - adde $acc4,$acc4,$a4 - $LD $a4,$SIZE_T*5($t2) - adde $acc5,$acc5,$a5 - $LD $a5,$SIZE_T*6($t2) - adde $acc6,$acc6,$a6 - $LD $a6,$SIZE_T*7($t2) - adde $acc7,$acc7,$a7 - $LD $a7,$SIZE_T*8($t2) - addi $np,$t2,$SIZE_T*8 - addze $t2,$zero # top-most carry - $UMULL $na0,$n0,$acc0 - $ST $t0,$SIZE_T*1($tp) - $UCMP $cnt,$t3 # did we hit the bottom? - $ST $t1,$SIZE_T*2($tp) - li $cnt,8 - $ST $acc2,$SIZE_T*3($tp) - $LD $acc2,$SIZE_T*10($rp) - $ST $acc3,$SIZE_T*4($tp) - $LD $acc3,$SIZE_T*11($rp) - $ST $acc4,$SIZE_T*5($tp) - $LD $acc4,$SIZE_T*12($rp) - $ST $acc5,$SIZE_T*6($tp) - $LD $acc5,$SIZE_T*13($rp) - $ST $acc6,$SIZE_T*7($tp) - $LD $acc6,$SIZE_T*14($rp) - $ST $acc7,$SIZE_T*8($tp) - $LD $acc7,$SIZE_T*15($rp) - $PUSH $t2,$SIZE_T*10($sp) # off-load top-most carry - addi $tp,$rp,$SIZE_T*7 # slide the window - mtctr $cnt - bne .Lsqr8x_reduction - - ################################################################ - # Final step. We see if result is larger than modulus, and - # if it is, subtract the modulus. But comparison implies - # subtraction. So we subtract modulus, see if it borrowed, - # and conditionally copy original value. - $POP $rp,$SIZE_T*6($sp) # pull &rp[-1] - srwi $cnt,$num,`log($SIZE_T)/log(2)+3` - mr $n0,$tp # put tp aside - addi $tp,$tp,$SIZE_T*8 - subi $cnt,$cnt,1 - subfc $t0,$a0,$acc0 - subfe $t1,$a1,$acc1 - mr $carry,$t2 - mr $ap_end,$rp # $rp copy - - mtctr $cnt - b .Lsqr8x_sub - -.align 5 -.Lsqr8x_sub: - $LD $a0,$SIZE_T*1($np) - $LD $acc0,$SIZE_T*1($tp) - $LD $a1,$SIZE_T*2($np) - $LD $acc1,$SIZE_T*2($tp) - subfe $t2,$a2,$acc2 - $LD $a2,$SIZE_T*3($np) - $LD $acc2,$SIZE_T*3($tp) - subfe $t3,$a3,$acc3 - $LD $a3,$SIZE_T*4($np) - $LD $acc3,$SIZE_T*4($tp) - $ST $t0,$SIZE_T*1($rp) - subfe $t0,$a4,$acc4 - $LD $a4,$SIZE_T*5($np) - $LD $acc4,$SIZE_T*5($tp) - $ST $t1,$SIZE_T*2($rp) - subfe $t1,$a5,$acc5 - $LD $a5,$SIZE_T*6($np) - $LD $acc5,$SIZE_T*6($tp) - $ST $t2,$SIZE_T*3($rp) - subfe $t2,$a6,$acc6 - $LD $a6,$SIZE_T*7($np) - $LD $acc6,$SIZE_T*7($tp) - $ST $t3,$SIZE_T*4($rp) - subfe $t3,$a7,$acc7 - $LDU $a7,$SIZE_T*8($np) - $LDU $acc7,$SIZE_T*8($tp) - $ST $t0,$SIZE_T*5($rp) - subfe $t0,$a0,$acc0 - $ST $t1,$SIZE_T*6($rp) - subfe $t1,$a1,$acc1 - $ST $t2,$SIZE_T*7($rp) - $STU $t3,$SIZE_T*8($rp) - bdnz .Lsqr8x_sub - - srwi $cnt,$num,`log($SIZE_T)/log(2)+2` - $LD $a0,$SIZE_T*1($ap_end) # original $rp - $LD $acc0,$SIZE_T*1($n0) # original $tp - subi $cnt,$cnt,1 - $LD $a1,$SIZE_T*2($ap_end) - $LD $acc1,$SIZE_T*2($n0) - subfe $t2,$a2,$acc2 - $LD $a2,$SIZE_T*3($ap_end) - $LD $acc2,$SIZE_T*3($n0) - subfe $t3,$a3,$acc3 - $LD $a3,$SIZE_T*4($ap_end) - $LDU $acc3,$SIZE_T*4($n0) - $ST $t0,$SIZE_T*1($rp) - subfe $t0,$a4,$acc4 - $ST $t1,$SIZE_T*2($rp) - subfe $t1,$a5,$acc5 - $ST $t2,$SIZE_T*3($rp) - subfe $t2,$a6,$acc6 - $ST $t3,$SIZE_T*4($rp) - subfe $t3,$a7,$acc7 - $ST $t0,$SIZE_T*5($rp) - subfe $carry,$zero,$carry # did it borrow? - $ST $t1,$SIZE_T*6($rp) - $ST $t2,$SIZE_T*7($rp) - $ST $t3,$SIZE_T*8($rp) - - addi $tp,$sp,$SIZE_T*11 - mtctr $cnt - -.Lsqr4x_cond_copy: - andc $a0,$a0,$carry - $ST $zero,-$SIZE_T*3($n0) # wipe stack clean - and $acc0,$acc0,$carry - $ST $zero,-$SIZE_T*2($n0) - andc $a1,$a1,$carry - $ST $zero,-$SIZE_T*1($n0) - and $acc1,$acc1,$carry - $ST $zero,-$SIZE_T*0($n0) - andc $a2,$a2,$carry - $ST $zero,$SIZE_T*1($tp) - and $acc2,$acc2,$carry - $ST $zero,$SIZE_T*2($tp) - andc $a3,$a3,$carry - $ST $zero,$SIZE_T*3($tp) - and $acc3,$acc3,$carry - $STU $zero,$SIZE_T*4($tp) - or $t0,$a0,$acc0 - $LD $a0,$SIZE_T*5($ap_end) - $LD $acc0,$SIZE_T*1($n0) - or $t1,$a1,$acc1 - $LD $a1,$SIZE_T*6($ap_end) - $LD $acc1,$SIZE_T*2($n0) - or $t2,$a2,$acc2 - $LD $a2,$SIZE_T*7($ap_end) - $LD $acc2,$SIZE_T*3($n0) - or $t3,$a3,$acc3 - $LD $a3,$SIZE_T*8($ap_end) - $LDU $acc3,$SIZE_T*4($n0) - $ST $t0,$SIZE_T*1($ap_end) - $ST $t1,$SIZE_T*2($ap_end) - $ST $t2,$SIZE_T*3($ap_end) - $STU $t3,$SIZE_T*4($ap_end) - bdnz .Lsqr4x_cond_copy - - $POP $ap,0($sp) # pull saved sp - andc $a0,$a0,$carry - and $acc0,$acc0,$carry - andc $a1,$a1,$carry - and $acc1,$acc1,$carry - andc $a2,$a2,$carry - and $acc2,$acc2,$carry - andc $a3,$a3,$carry - and $acc3,$acc3,$carry - or $t0,$a0,$acc0 - or $t1,$a1,$acc1 - or $t2,$a2,$acc2 - or $t3,$a3,$acc3 - $ST $t0,$SIZE_T*1($ap_end) - $ST $t1,$SIZE_T*2($ap_end) - $ST $t2,$SIZE_T*3($ap_end) - $ST $t3,$SIZE_T*4($ap_end) - - b .Lsqr8x_done - -.align 5 -.Lsqr8x8_post_condition: - $POP $rp,$SIZE_T*6($sp) # pull rp - $POP $ap,0($sp) # pull saved sp - addze $carry,$zero - - # $acc0-7,$carry hold result, $a0-7 hold modulus - subfc $acc0,$a0,$acc0 - subfe $acc1,$a1,$acc1 - $ST $zero,$SIZE_T*12($sp) # wipe stack clean - $ST $zero,$SIZE_T*13($sp) - subfe $acc2,$a2,$acc2 - $ST $zero,$SIZE_T*14($sp) - $ST $zero,$SIZE_T*15($sp) - subfe $acc3,$a3,$acc3 - $ST $zero,$SIZE_T*16($sp) - $ST $zero,$SIZE_T*17($sp) - subfe $acc4,$a4,$acc4 - $ST $zero,$SIZE_T*18($sp) - $ST $zero,$SIZE_T*19($sp) - subfe $acc5,$a5,$acc5 - $ST $zero,$SIZE_T*20($sp) - $ST $zero,$SIZE_T*21($sp) - subfe $acc6,$a6,$acc6 - $ST $zero,$SIZE_T*22($sp) - $ST $zero,$SIZE_T*23($sp) - subfe $acc7,$a7,$acc7 - $ST $zero,$SIZE_T*24($sp) - $ST $zero,$SIZE_T*25($sp) - subfe $carry,$zero,$carry # did it borrow? - $ST $zero,$SIZE_T*26($sp) - $ST $zero,$SIZE_T*27($sp) - - and $a0,$a0,$carry - and $a1,$a1,$carry - addc $acc0,$acc0,$a0 # add modulus back if borrowed - and $a2,$a2,$carry - adde $acc1,$acc1,$a1 - and $a3,$a3,$carry - adde $acc2,$acc2,$a2 - and $a4,$a4,$carry - adde $acc3,$acc3,$a3 - and $a5,$a5,$carry - adde $acc4,$acc4,$a4 - and $a6,$a6,$carry - adde $acc5,$acc5,$a5 - and $a7,$a7,$carry - adde $acc6,$acc6,$a6 - adde $acc7,$acc7,$a7 - $ST $acc0,$SIZE_T*1($rp) - $ST $acc1,$SIZE_T*2($rp) - $ST $acc2,$SIZE_T*3($rp) - $ST $acc3,$SIZE_T*4($rp) - $ST $acc4,$SIZE_T*5($rp) - $ST $acc5,$SIZE_T*6($rp) - $ST $acc6,$SIZE_T*7($rp) - $ST $acc7,$SIZE_T*8($rp) - -.Lsqr8x_done: - $PUSH $zero,$SIZE_T*8($sp) - $PUSH $zero,$SIZE_T*10($sp) - - $POP r14,-$SIZE_T*18($ap) - li r3,1 # signal "done" - $POP r15,-$SIZE_T*17($ap) - $POP r16,-$SIZE_T*16($ap) - $POP r17,-$SIZE_T*15($ap) - $POP r18,-$SIZE_T*14($ap) - $POP r19,-$SIZE_T*13($ap) - $POP r20,-$SIZE_T*12($ap) - $POP r21,-$SIZE_T*11($ap) - $POP r22,-$SIZE_T*10($ap) - $POP r23,-$SIZE_T*9($ap) - $POP r24,-$SIZE_T*8($ap) - $POP r25,-$SIZE_T*7($ap) - $POP r26,-$SIZE_T*6($ap) - $POP r27,-$SIZE_T*5($ap) - $POP r28,-$SIZE_T*4($ap) - $POP r29,-$SIZE_T*3($ap) - $POP r30,-$SIZE_T*2($ap) - $POP r31,-$SIZE_T*1($ap) - mr $sp,$ap - blr - .long 0 - .byte 0,12,4,0x20,0x80,18,6,0 - .long 0 -.size __bn_sqr8x_mont,.-__bn_sqr8x_mont -___ -} -$code.=<<___; -.asciz "Montgomery Multiplication for PPC, CRYPTOGAMS by " -___ - -$code =~ s/\`([^\`]*)\`/eval $1/gem; -print $code; -close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/bn/asm/ppc.pl b/crypto/bn/asm/ppc.pl deleted file mode 100644 index 5015f7e7efe1f311a69a495f73848619c89c7c6d..0000000000000000000000000000000000000000 --- a/crypto/bn/asm/ppc.pl +++ /dev/null @@ -1,2016 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2004-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - -# Implemented as a Perl wrapper as we want to support several different -# architectures with single file. We pick up the target based on the -# file name we are asked to generate. -# -# It should be noted though that this perl code is nothing like -# /crypto/perlasm/x86*. In this case perl is used pretty much -# as pre-processor to cover for platform differences in name decoration, -# linker tables, 32-/64-bit instruction sets... -# -# As you might know there're several PowerPC ABI in use. Most notably -# Linux and AIX use different 32-bit ABIs. Good news are that these ABIs -# are similar enough to implement leaf(!) functions, which would be ABI -# neutral. And that's what you find here: ABI neutral leaf functions. -# In case you wonder what that is... -# -# AIX performance -# -# MEASUREMENTS WITH cc ON a 200 MhZ PowerPC 604e. -# -# The following is the performance of 32-bit compiler -# generated code: -# -# OpenSSL 0.9.6c 21 dec 2001 -# built on: Tue Jun 11 11:06:51 EDT 2002 -# options:bn(64,32) ... -#compiler: cc -DTHREADS -DAIX -DB_ENDIAN -DBN_LLONG -O3 -# sign verify sign/s verify/s -#rsa 512 bits 0.0098s 0.0009s 102.0 1170.6 -#rsa 1024 bits 0.0507s 0.0026s 19.7 387.5 -#rsa 2048 bits 0.3036s 0.0085s 3.3 117.1 -#rsa 4096 bits 2.0040s 0.0299s 0.5 33.4 -#dsa 512 bits 0.0087s 0.0106s 114.3 94.5 -#dsa 1024 bits 0.0256s 0.0313s 39.0 32.0 -# -# Same benchmark with this assembler code: -# -#rsa 512 bits 0.0056s 0.0005s 178.6 2049.2 -#rsa 1024 bits 0.0283s 0.0015s 35.3 674.1 -#rsa 2048 bits 0.1744s 0.0050s 5.7 201.2 -#rsa 4096 bits 1.1644s 0.0179s 0.9 55.7 -#dsa 512 bits 0.0052s 0.0062s 191.6 162.0 -#dsa 1024 bits 0.0149s 0.0180s 67.0 55.5 -# -# Number of operations increases by at almost 75% -# -# Here are performance numbers for 64-bit compiler -# generated code: -# -# OpenSSL 0.9.6g [engine] 9 Aug 2002 -# built on: Fri Apr 18 16:59:20 EDT 2003 -# options:bn(64,64) ... -# compiler: cc -DTHREADS -D_REENTRANT -q64 -DB_ENDIAN -O3 -# sign verify sign/s verify/s -#rsa 512 bits 0.0028s 0.0003s 357.1 3844.4 -#rsa 1024 bits 0.0148s 0.0008s 67.5 1239.7 -#rsa 2048 bits 0.0963s 0.0028s 10.4 353.0 -#rsa 4096 bits 0.6538s 0.0102s 1.5 98.1 -#dsa 512 bits 0.0026s 0.0032s 382.5 313.7 -#dsa 1024 bits 0.0081s 0.0099s 122.8 100.6 -# -# Same benchmark with this assembler code: -# -#rsa 512 bits 0.0020s 0.0002s 510.4 6273.7 -#rsa 1024 bits 0.0088s 0.0005s 114.1 2128.3 -#rsa 2048 bits 0.0540s 0.0016s 18.5 622.5 -#rsa 4096 bits 0.3700s 0.0058s 2.7 171.0 -#dsa 512 bits 0.0016s 0.0020s 610.7 507.1 -#dsa 1024 bits 0.0047s 0.0058s 212.5 173.2 -# -# Again, performance increases by at about 75% -# -# Mac OS X, Apple G5 1.8GHz (Note this is 32 bit code) -# OpenSSL 0.9.7c 30 Sep 2003 -# -# Original code. -# -#rsa 512 bits 0.0011s 0.0001s 906.1 11012.5 -#rsa 1024 bits 0.0060s 0.0003s 166.6 3363.1 -#rsa 2048 bits 0.0370s 0.0010s 27.1 982.4 -#rsa 4096 bits 0.2426s 0.0036s 4.1 280.4 -#dsa 512 bits 0.0010s 0.0012s 1038.1 841.5 -#dsa 1024 bits 0.0030s 0.0037s 329.6 269.7 -#dsa 2048 bits 0.0101s 0.0127s 98.9 78.6 -# -# Same benchmark with this assembler code: -# -#rsa 512 bits 0.0007s 0.0001s 1416.2 16645.9 -#rsa 1024 bits 0.0036s 0.0002s 274.4 5380.6 -#rsa 2048 bits 0.0222s 0.0006s 45.1 1589.5 -#rsa 4096 bits 0.1469s 0.0022s 6.8 449.6 -#dsa 512 bits 0.0006s 0.0007s 1664.2 1376.2 -#dsa 1024 bits 0.0018s 0.0023s 545.0 442.2 -#dsa 2048 bits 0.0061s 0.0075s 163.5 132.8 -# -# Performance increase of ~60% -# Based on submission from Suresh N. Chari of IBM - -# $output is the last argument if it looks like a file (it has an extension) -# $flavour is the first argument if it doesn't look like a file -$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; -$flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef; - -if ($flavour =~ /32/) { - $BITS= 32; - $BNSZ= $BITS/8; - $ISA= "\"ppc\""; - - $LD= "lwz"; # load - $LDU= "lwzu"; # load and update - $ST= "stw"; # store - $STU= "stwu"; # store and update - $UMULL= "mullw"; # unsigned multiply low - $UMULH= "mulhwu"; # unsigned multiply high - $UDIV= "divwu"; # unsigned divide - $UCMPI= "cmplwi"; # unsigned compare with immediate - $UCMP= "cmplw"; # unsigned compare - $CNTLZ= "cntlzw"; # count leading zeros - $SHL= "slw"; # shift left - $SHR= "srw"; # unsigned shift right - $SHRI= "srwi"; # unsigned shift right by immediate - $SHLI= "slwi"; # shift left by immediate - $CLRU= "clrlwi"; # clear upper bits - $INSR= "insrwi"; # insert right - $ROTL= "rotlwi"; # rotate left by immediate - $TR= "tw"; # conditional trap -} elsif ($flavour =~ /64/) { - $BITS= 64; - $BNSZ= $BITS/8; - $ISA= "\"ppc64\""; - - # same as above, but 64-bit mnemonics... - $LD= "ld"; # load - $LDU= "ldu"; # load and update - $ST= "std"; # store - $STU= "stdu"; # store and update - $UMULL= "mulld"; # unsigned multiply low - $UMULH= "mulhdu"; # unsigned multiply high - $UDIV= "divdu"; # unsigned divide - $UCMPI= "cmpldi"; # unsigned compare with immediate - $UCMP= "cmpld"; # unsigned compare - $CNTLZ= "cntlzd"; # count leading zeros - $SHL= "sld"; # shift left - $SHR= "srd"; # unsigned shift right - $SHRI= "srdi"; # unsigned shift right by immediate - $SHLI= "sldi"; # shift left by immediate - $CLRU= "clrldi"; # clear upper bits - $INSR= "insrdi"; # insert right - $ROTL= "rotldi"; # rotate left by immediate - $TR= "td"; # conditional trap -} else { die "nonsense $flavour"; } - -$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; -( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or -( $xlate="${dir}../../perlasm/ppc-xlate.pl" and -f $xlate) or -die "can't locate ppc-xlate.pl"; - -open STDOUT,"| $^X $xlate $flavour \"$output\"" - or die "can't call $xlate: $!"; - -$data=< 0 then result !=0 - # In either case carry bit is set. - beq Lppcasm_sub_adios - addi r4,r4,-$BNSZ - addi r3,r3,-$BNSZ - addi r5,r5,-$BNSZ - mtctr r6 -Lppcasm_sub_mainloop: - $LDU r7,$BNSZ(r4) - $LDU r8,$BNSZ(r5) - subfe r6,r8,r7 # r6 = r7+carry bit + onescomplement(r8) - # if carry = 1 this is r7-r8. Else it - # is r7-r8 -1 as we need. - $STU r6,$BNSZ(r3) - bdnz Lppcasm_sub_mainloop -Lppcasm_sub_adios: - subfze r3,r0 # if carry bit is set then r3 = 0 else -1 - andi. r3,r3,1 # keep only last bit. - blr - .long 0 - .byte 0,12,0x14,0,0,0,4,0 - .long 0 -.size .bn_sub_words,.-.bn_sub_words - -# -# NOTE: The following label name should be changed to -# "bn_add_words" i.e. remove the first dot -# for the gcc compiler. This should be automatically -# done in the build -# - -.align 4 -.bn_add_words: -# -# Handcoded version of bn_add_words -# -#BN_ULONG bn_add_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n) -# -# r3 = r -# r4 = a -# r5 = b -# r6 = n -# -# Note: No loop unrolling done since this is not a performance -# critical loop. - - xor r0,r0,r0 -# -# check for r6 = 0. Is this needed? -# - addic. r6,r6,0 #test r6 and clear carry bit. - beq Lppcasm_add_adios - addi r4,r4,-$BNSZ - addi r3,r3,-$BNSZ - addi r5,r5,-$BNSZ - mtctr r6 -Lppcasm_add_mainloop: - $LDU r7,$BNSZ(r4) - $LDU r8,$BNSZ(r5) - adde r8,r7,r8 - $STU r8,$BNSZ(r3) - bdnz Lppcasm_add_mainloop -Lppcasm_add_adios: - addze r3,r0 #return carry bit. - blr - .long 0 - .byte 0,12,0x14,0,0,0,4,0 - .long 0 -.size .bn_add_words,.-.bn_add_words - -# -# NOTE: The following label name should be changed to -# "bn_div_words" i.e. remove the first dot -# for the gcc compiler. This should be automatically -# done in the build -# - -.align 4 -.bn_div_words: -# -# This is a cleaned up version of code generated by -# the AIX compiler. The only optimization is to use -# the PPC instruction to count leading zeros instead -# of call to num_bits_word. Since this was compiled -# only at level -O2 we can possibly squeeze it more? -# -# r3 = h -# r4 = l -# r5 = d - - $UCMPI 0,r5,0 # compare r5 and 0 - bne Lppcasm_div1 # proceed if d!=0 - li r3,-1 # d=0 return -1 - blr -Lppcasm_div1: - xor r0,r0,r0 #r0=0 - li r8,$BITS - $CNTLZ. r7,r5 #r7 = num leading 0s in d. - beq Lppcasm_div2 #proceed if no leading zeros - subf r8,r7,r8 #r8 = BN_num_bits_word(d) - $SHR. r9,r3,r8 #are there any bits above r8'th? - $TR 16,r9,r0 #if there're, signal to dump core... -Lppcasm_div2: - $UCMP 0,r3,r5 #h>=d? - blt Lppcasm_div3 #goto Lppcasm_div3 if not - subf r3,r5,r3 #h-=d ; -Lppcasm_div3: #r7 = BN_BITS2-i. so r7=i - cmpi 0,0,r7,0 # is (i == 0)? - beq Lppcasm_div4 - $SHL r3,r3,r7 # h = (h<< i) - $SHR r8,r4,r8 # r8 = (l >> BN_BITS2 -i) - $SHL r5,r5,r7 # d<<=i - or r3,r3,r8 # h = (h<>(BN_BITS2-i)) - $SHL r4,r4,r7 # l <<=i -Lppcasm_div4: - $SHRI r9,r5,`$BITS/2` # r9 = dh - # dl will be computed when needed - # as it saves registers. - li r6,2 #r6=2 - mtctr r6 #counter will be in count. -Lppcasm_divouterloop: - $SHRI r8,r3,`$BITS/2` #r8 = (h>>BN_BITS4) - $SHRI r11,r4,`$BITS/2` #r11= (l&BN_MASK2h)>>BN_BITS4 - # compute here for innerloop. - $UCMP 0,r8,r9 # is (h>>BN_BITS4)==dh - bne Lppcasm_div5 # goto Lppcasm_div5 if not - - li r8,-1 - $CLRU r8,r8,`$BITS/2` #q = BN_MASK2l - b Lppcasm_div6 -Lppcasm_div5: - $UDIV r8,r3,r9 #q = h/dh -Lppcasm_div6: - $UMULL r12,r9,r8 #th = q*dh - $CLRU r10,r5,`$BITS/2` #r10=dl - $UMULL r6,r8,r10 #tl = q*dl - -Lppcasm_divinnerloop: - subf r10,r12,r3 #t = h -th - $SHRI r7,r10,`$BITS/2` #r7= (t &BN_MASK2H), sort of... - addic. r7,r7,0 #test if r7 == 0. used below. - # now want to compute - # r7 = (t<>BN_BITS4) - # the following 2 instructions do that - $SHLI r7,r10,`$BITS/2` # r7 = (t<>BN_BITS4) - $UCMP cr1,r6,r7 # compare (tl <= r7) - bne Lppcasm_divinnerexit - ble cr1,Lppcasm_divinnerexit - addi r8,r8,-1 #q-- - subf r12,r9,r12 #th -=dh - $CLRU r10,r5,`$BITS/2` #r10=dl. t is no longer needed in loop. - subf r6,r10,r6 #tl -=dl - b Lppcasm_divinnerloop -Lppcasm_divinnerexit: - $SHRI r10,r6,`$BITS/2` #t=(tl>>BN_BITS4) - $SHLI r11,r6,`$BITS/2` #tl=(tl<=tl) goto Lppcasm_div7 - addi r12,r12,1 # th++ -Lppcasm_div7: - subf r11,r11,r4 #r11=l-tl - $UCMP cr1,r3,r12 #compare h and th - bge cr1,Lppcasm_div8 #if (h>=th) goto Lppcasm_div8 - addi r8,r8,-1 # q-- - add r3,r5,r3 # h+=d -Lppcasm_div8: - subf r12,r12,r3 #r12 = h-th - $SHLI r4,r11,`$BITS/2` #l=(l&BN_MASK2l)<>BN_BITS4))&BN_MASK2 - # the following 2 instructions will do this. - $INSR r11,r12,`$BITS/2`,`$BITS/2` # r11 is the value we want rotated $BITS/2. - $ROTL r3,r11,`$BITS/2` # rotate by $BITS/2 and store in r3 - bdz Lppcasm_div9 #if (count==0) break ; - $SHLI r0,r8,`$BITS/2` #ret =q<> 2 - beq Lppcasm_mw_REM - mtctr r7 -Lppcasm_mw_LOOP: - #mul(rp[0],ap[0],w,c1); - $LD r8,`0*$BNSZ`(r4) - $UMULL r9,r6,r8 - $UMULH r10,r6,r8 - addc r9,r9,r12 - #addze r10,r10 #carry is NOT ignored. - #will be taken care of - #in second spin below - #using adde. - $ST r9,`0*$BNSZ`(r3) - #mul(rp[1],ap[1],w,c1); - $LD r8,`1*$BNSZ`(r4) - $UMULL r11,r6,r8 - $UMULH r12,r6,r8 - adde r11,r11,r10 - #addze r12,r12 - $ST r11,`1*$BNSZ`(r3) - #mul(rp[2],ap[2],w,c1); - $LD r8,`2*$BNSZ`(r4) - $UMULL r9,r6,r8 - $UMULH r10,r6,r8 - adde r9,r9,r12 - #addze r10,r10 - $ST r9,`2*$BNSZ`(r3) - #mul_add(rp[3],ap[3],w,c1); - $LD r8,`3*$BNSZ`(r4) - $UMULL r11,r6,r8 - $UMULH r12,r6,r8 - adde r11,r11,r10 - addze r12,r12 #this spin we collect carry into - #r12 - $ST r11,`3*$BNSZ`(r3) - - addi r3,r3,`4*$BNSZ` - addi r4,r4,`4*$BNSZ` - bdnz Lppcasm_mw_LOOP - -Lppcasm_mw_REM: - andi. r5,r5,0x3 - beq Lppcasm_mw_OVER - #mul(rp[0],ap[0],w,c1); - $LD r8,`0*$BNSZ`(r4) - $UMULL r9,r6,r8 - $UMULH r10,r6,r8 - addc r9,r9,r12 - addze r10,r10 - $ST r9,`0*$BNSZ`(r3) - addi r12,r10,0 - - addi r5,r5,-1 - cmpli 0,0,r5,0 - beq Lppcasm_mw_OVER - - - #mul(rp[1],ap[1],w,c1); - $LD r8,`1*$BNSZ`(r4) - $UMULL r9,r6,r8 - $UMULH r10,r6,r8 - addc r9,r9,r12 - addze r10,r10 - $ST r9,`1*$BNSZ`(r3) - addi r12,r10,0 - - addi r5,r5,-1 - cmpli 0,0,r5,0 - beq Lppcasm_mw_OVER - - #mul_add(rp[2],ap[2],w,c1); - $LD r8,`2*$BNSZ`(r4) - $UMULL r9,r6,r8 - $UMULH r10,r6,r8 - addc r9,r9,r12 - addze r10,r10 - $ST r9,`2*$BNSZ`(r3) - addi r12,r10,0 - -Lppcasm_mw_OVER: - addi r3,r12,0 - blr - .long 0 - .byte 0,12,0x14,0,0,0,4,0 - .long 0 -.size .bn_mul_words,.-.bn_mul_words - -# -# NOTE: The following label name should be changed to -# "bn_mul_add_words" i.e. remove the first dot -# for the gcc compiler. This should be automatically -# done in the build -# - -.align 4 -.bn_mul_add_words: -# -# BN_ULONG bn_mul_add_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w) -# -# r3 = rp -# r4 = ap -# r5 = num -# r6 = w -# -# empirical evidence suggests that unrolled version performs best!! -# - xor r0,r0,r0 #r0 = 0 - xor r12,r12,r12 #r12 = 0 . used for carry - rlwinm. r7,r5,30,2,31 # num >> 2 - beq Lppcasm_maw_leftover # if (num < 4) go LPPCASM_maw_leftover - mtctr r7 -Lppcasm_maw_mainloop: - #mul_add(rp[0],ap[0],w,c1); - $LD r8,`0*$BNSZ`(r4) - $LD r11,`0*$BNSZ`(r3) - $UMULL r9,r6,r8 - $UMULH r10,r6,r8 - addc r9,r9,r12 #r12 is carry. - addze r10,r10 - addc r9,r9,r11 - #addze r10,r10 - #the above instruction addze - #is NOT needed. Carry will NOT - #be ignored. It's not affected - #by multiply and will be collected - #in the next spin - $ST r9,`0*$BNSZ`(r3) - - #mul_add(rp[1],ap[1],w,c1); - $LD r8,`1*$BNSZ`(r4) - $LD r9,`1*$BNSZ`(r3) - $UMULL r11,r6,r8 - $UMULH r12,r6,r8 - adde r11,r11,r10 #r10 is carry. - addze r12,r12 - addc r11,r11,r9 - #addze r12,r12 - $ST r11,`1*$BNSZ`(r3) - - #mul_add(rp[2],ap[2],w,c1); - $LD r8,`2*$BNSZ`(r4) - $UMULL r9,r6,r8 - $LD r11,`2*$BNSZ`(r3) - $UMULH r10,r6,r8 - adde r9,r9,r12 - addze r10,r10 - addc r9,r9,r11 - #addze r10,r10 - $ST r9,`2*$BNSZ`(r3) - - #mul_add(rp[3],ap[3],w,c1); - $LD r8,`3*$BNSZ`(r4) - $UMULL r11,r6,r8 - $LD r9,`3*$BNSZ`(r3) - $UMULH r12,r6,r8 - adde r11,r11,r10 - addze r12,r12 - addc r11,r11,r9 - addze r12,r12 - $ST r11,`3*$BNSZ`(r3) - addi r3,r3,`4*$BNSZ` - addi r4,r4,`4*$BNSZ` - bdnz Lppcasm_maw_mainloop - -Lppcasm_maw_leftover: - andi. r5,r5,0x3 - beq Lppcasm_maw_adios - addi r3,r3,-$BNSZ - addi r4,r4,-$BNSZ - #mul_add(rp[0],ap[0],w,c1); - mtctr r5 - $LDU r8,$BNSZ(r4) - $UMULL r9,r6,r8 - $UMULH r10,r6,r8 - $LDU r11,$BNSZ(r3) - addc r9,r9,r11 - addze r10,r10 - addc r9,r9,r12 - addze r12,r10 - $ST r9,0(r3) - - bdz Lppcasm_maw_adios - #mul_add(rp[1],ap[1],w,c1); - $LDU r8,$BNSZ(r4) - $UMULL r9,r6,r8 - $UMULH r10,r6,r8 - $LDU r11,$BNSZ(r3) - addc r9,r9,r11 - addze r10,r10 - addc r9,r9,r12 - addze r12,r10 - $ST r9,0(r3) - - bdz Lppcasm_maw_adios - #mul_add(rp[2],ap[2],w,c1); - $LDU r8,$BNSZ(r4) - $UMULL r9,r6,r8 - $UMULH r10,r6,r8 - $LDU r11,$BNSZ(r3) - addc r9,r9,r11 - addze r10,r10 - addc r9,r9,r12 - addze r12,r10 - $ST r9,0(r3) - -Lppcasm_maw_adios: - addi r3,r12,0 - blr - .long 0 - .byte 0,12,0x14,0,0,0,4,0 - .long 0 -.size .bn_mul_add_words,.-.bn_mul_add_words - .align 4 -EOF -$data =~ s/\`([^\`]*)\`/eval $1/gem; -print $data; -close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/bn/asm/ppc64-mont-fixed.pl b/crypto/bn/asm/ppc64-mont-fixed.pl deleted file mode 100755 index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..0000000000000000000000000000000000000000 diff --git a/crypto/bn/asm/ppc64-mont.pl b/crypto/bn/asm/ppc64-mont.pl deleted file mode 100644 index 59fae341e07aefd800007a8d79e86514d2ff6348..0000000000000000000000000000000000000000 --- a/crypto/bn/asm/ppc64-mont.pl +++ /dev/null @@ -1,1656 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - - -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# ==================================================================== - -# December 2007 - -# The reason for undertaken effort is basically following. Even though -# Power 6 CPU operates at incredible 4.7GHz clock frequency, its PKI -# performance was observed to be less than impressive, essentially as -# fast as 1.8GHz PPC970, or 2.6 times(!) slower than one would hope. -# Well, it's not surprising that IBM had to make some sacrifices to -# boost the clock frequency that much, but no overall improvement? -# Having observed how much difference did switching to FPU make on -# UltraSPARC, playing same stunt on Power 6 appeared appropriate... -# Unfortunately the resulting performance improvement is not as -# impressive, ~30%, and in absolute terms is still very far from what -# one would expect from 4.7GHz CPU. There is a chance that I'm doing -# something wrong, but in the lack of assembler level micro-profiling -# data or at least decent platform guide I can't tell... Or better -# results might be achieved with VMX... Anyway, this module provides -# *worse* performance on other PowerPC implementations, ~40-15% slower -# on PPC970 depending on key length and ~40% slower on Power 5 for all -# key lengths. As it's obviously inappropriate as "best all-round" -# alternative, it has to be complemented with run-time CPU family -# detection. Oh! It should also be noted that unlike other PowerPC -# implementation IALU ppc-mont.pl module performs *suboptimally* on -# >=1024-bit key lengths on Power 6. It should also be noted that -# *everything* said so far applies to 64-bit builds! As far as 32-bit -# application executed on 64-bit CPU goes, this module is likely to -# become preferred choice, because it's easy to adapt it for such -# case and *is* faster than 32-bit ppc-mont.pl on *all* processors. - -# February 2008 - -# Micro-profiling assisted optimization results in ~15% improvement -# over original ppc64-mont.pl version, or overall ~50% improvement -# over ppc.pl module on Power 6. If compared to ppc-mont.pl on same -# Power 6 CPU, this module is 5-150% faster depending on key length, -# [hereafter] more for longer keys. But if compared to ppc-mont.pl -# on 1.8GHz PPC970, it's only 5-55% faster. Still far from impressive -# in absolute terms, but it's apparently the way Power 6 is... - -# December 2009 - -# Adapted for 32-bit build this module delivers 25-120%, yes, more -# than *twice* for longer keys, performance improvement over 32-bit -# ppc-mont.pl on 1.8GHz PPC970. However! This implementation utilizes -# even 64-bit integer operations and the trouble is that most PPC -# operating systems don't preserve upper halves of general purpose -# registers upon 32-bit signal delivery. They do preserve them upon -# context switch, but not signalling:-( This means that asynchronous -# signals have to be blocked upon entry to this subroutine. Signal -# masking (and of course complementary unmasking) has quite an impact -# on performance, naturally larger for shorter keys. It's so severe -# that 512-bit key performance can be as low as 1/3 of expected one. -# This is why this routine can be engaged for longer key operations -# only on these OSes, see crypto/ppccap.c for further details. MacOS X -# is an exception from this and doesn't require signal masking, and -# that's where above improvement coefficients were collected. For -# others alternative would be to break dependence on upper halves of -# GPRs by sticking to 32-bit integer operations... - -# December 2012 - -# Remove above mentioned dependence on GPRs' upper halves in 32-bit -# build. No signal masking overhead, but integer instructions are -# *more* numerous... It's still "universally" faster than 32-bit -# ppc-mont.pl, but improvement coefficient is not as impressive -# for longer keys... - -# $output is the last argument if it looks like a file (it has an extension) -# $flavour is the first argument if it doesn't look like a file -$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; -$flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef; - -if ($flavour =~ /32/) { - $SIZE_T=4; - $RZONE= 224; - $fname= "bn_mul_mont_fpu64"; - - $STUX= "stwux"; # store indexed and update - $PUSH= "stw"; - $POP= "lwz"; -} elsif ($flavour =~ /64/) { - $SIZE_T=8; - $RZONE= 288; - $fname= "bn_mul_mont_fpu64"; - - # same as above, but 64-bit mnemonics... - $STUX= "stdux"; # store indexed and update - $PUSH= "std"; - $POP= "ld"; -} else { die "nonsense $flavour"; } - -$LITTLE_ENDIAN = ($flavour=~/le$/) ? 4 : 0; - -$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; -( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or -( $xlate="${dir}../../perlasm/ppc-xlate.pl" and -f $xlate) or -die "can't locate ppc-xlate.pl"; - -open STDOUT,"| $^X $xlate $flavour \"$output\"" - or die "can't call $xlate: $!"; - -$FRAME=64; # padded frame header -$TRANSFER=16*8; - -$carry="r0"; -$sp="r1"; -$toc="r2"; -$rp="r3"; $ovf="r3"; -$ap="r4"; -$bp="r5"; -$np="r6"; -$n0="r7"; -$num="r8"; -$rp="r9"; # $rp is reassigned -$tp="r10"; -$j="r11"; -$i="r12"; -# non-volatile registers -$c1="r19"; -$n1="r20"; -$a1="r21"; -$nap_d="r22"; # interleaved ap and np in double format -$a0="r23"; # ap[0] -$t0="r24"; # temporary registers -$t1="r25"; -$t2="r26"; -$t3="r27"; -$t4="r28"; -$t5="r29"; -$t6="r30"; -$t7="r31"; - -# PPC offers enough register bank capacity to unroll inner loops twice -# -# ..A3A2A1A0 -# dcba -# ----------- -# A0a -# A0b -# A0c -# A0d -# A1a -# A1b -# A1c -# A1d -# A2a -# A2b -# A2c -# A2d -# A3a -# A3b -# A3c -# A3d -# ..a -# ..b -# -$ba="f0"; $bb="f1"; $bc="f2"; $bd="f3"; -$na="f4"; $nb="f5"; $nc="f6"; $nd="f7"; -$dota="f8"; $dotb="f9"; -$A0="f10"; $A1="f11"; $A2="f12"; $A3="f13"; -$N0="f20"; $N1="f21"; $N2="f22"; $N3="f23"; -$T0a="f24"; $T0b="f25"; -$T1a="f26"; $T1b="f27"; -$T2a="f28"; $T2b="f29"; -$T3a="f30"; $T3b="f31"; - -# sp----------->+-------------------------------+ -# | saved sp | -# +-------------------------------+ -# . . -# +64 +-------------------------------+ -# | 16 gpr<->fpr transfer zone | -# . . -# . . -# +16*8 +-------------------------------+ -# | __int64 tmp[-1] | -# +-------------------------------+ -# | __int64 tmp[num] | -# . . -# . . -# . . -# +(num+1)*8 +-------------------------------+ -# | padding to 64 byte boundary | -# . . -# +X +-------------------------------+ -# | double nap_d[4*num] | -# . . -# . . -# . . -# +-------------------------------+ -# . . -# -13*size_t +-------------------------------+ -# | 13 saved gpr, r19-r31 | -# . . -# . . -# -12*8 +-------------------------------+ -# | 12 saved fpr, f20-f31 | -# . . -# . . -# +-------------------------------+ - -$code=<<___; -.machine "any" -.text - -.globl .$fname -.align 5 -.$fname: - cmpwi $num,`3*8/$SIZE_T` - mr $rp,r3 ; $rp is reassigned - li r3,0 ; possible "not handled" return code - bltlr- - andi. r0,$num,`16/$SIZE_T-1` ; $num has to be "even" - bnelr- - - slwi $num,$num,`log($SIZE_T)/log(2)` ; num*=sizeof(BN_LONG) - li $i,-4096 - slwi $tp,$num,2 ; place for {an}p_{lh}[num], i.e. 4*num - add $tp,$tp,$num ; place for tp[num+1] - addi $tp,$tp,`$FRAME+$TRANSFER+8+64+$RZONE` - subf $tp,$tp,$sp ; $sp-$tp - and $tp,$tp,$i ; minimize TLB usage - subf $tp,$sp,$tp ; $tp-$sp - mr $i,$sp - $STUX $sp,$sp,$tp ; alloca - - $PUSH r19,`-12*8-13*$SIZE_T`($i) - $PUSH r20,`-12*8-12*$SIZE_T`($i) - $PUSH r21,`-12*8-11*$SIZE_T`($i) - $PUSH r22,`-12*8-10*$SIZE_T`($i) - $PUSH r23,`-12*8-9*$SIZE_T`($i) - $PUSH r24,`-12*8-8*$SIZE_T`($i) - $PUSH r25,`-12*8-7*$SIZE_T`($i) - $PUSH r26,`-12*8-6*$SIZE_T`($i) - $PUSH r27,`-12*8-5*$SIZE_T`($i) - $PUSH r28,`-12*8-4*$SIZE_T`($i) - $PUSH r29,`-12*8-3*$SIZE_T`($i) - $PUSH r30,`-12*8-2*$SIZE_T`($i) - $PUSH r31,`-12*8-1*$SIZE_T`($i) - stfd f20,`-12*8`($i) - stfd f21,`-11*8`($i) - stfd f22,`-10*8`($i) - stfd f23,`-9*8`($i) - stfd f24,`-8*8`($i) - stfd f25,`-7*8`($i) - stfd f26,`-6*8`($i) - stfd f27,`-5*8`($i) - stfd f28,`-4*8`($i) - stfd f29,`-3*8`($i) - stfd f30,`-2*8`($i) - stfd f31,`-1*8`($i) - - addi $tp,$sp,`$FRAME+$TRANSFER+8+64` - li $i,-64 - add $nap_d,$tp,$num - and $nap_d,$nap_d,$i ; align to 64 bytes - ; nap_d is off by 1, because it's used with stfdu/lfdu - addi $nap_d,$nap_d,-8 - srwi $j,$num,`3+1` ; counter register, num/2 - addi $j,$j,-1 - addi $tp,$sp,`$FRAME+$TRANSFER-8` - li $carry,0 - mtctr $j -___ - -$code.=<<___ if ($SIZE_T==8); - ld $a0,0($ap) ; pull ap[0] value - ld $t3,0($bp) ; bp[0] - ld $n0,0($n0) ; pull n0[0] value - - mulld $t7,$a0,$t3 ; ap[0]*bp[0] - ; transfer bp[0] to FPU as 4x16-bit values - extrdi $t0,$t3,16,48 - extrdi $t1,$t3,16,32 - extrdi $t2,$t3,16,16 - extrdi $t3,$t3,16,0 - std $t0,`$FRAME+0`($sp) - std $t1,`$FRAME+8`($sp) - std $t2,`$FRAME+16`($sp) - std $t3,`$FRAME+24`($sp) - - mulld $t7,$t7,$n0 ; tp[0]*n0 - ; transfer (ap[0]*bp[0])*n0 to FPU as 4x16-bit values - extrdi $t4,$t7,16,48 - extrdi $t5,$t7,16,32 - extrdi $t6,$t7,16,16 - extrdi $t7,$t7,16,0 - std $t4,`$FRAME+32`($sp) - std $t5,`$FRAME+40`($sp) - std $t6,`$FRAME+48`($sp) - std $t7,`$FRAME+56`($sp) - - extrdi $t0,$a0,32,32 ; lwz $t0,4($ap) - extrdi $t1,$a0,32,0 ; lwz $t1,0($ap) - lwz $t2,`12^$LITTLE_ENDIAN`($ap) ; load a[1] as 32-bit word pair - lwz $t3,`8^$LITTLE_ENDIAN`($ap) - lwz $t4,`4^$LITTLE_ENDIAN`($np) ; load n[0] as 32-bit word pair - lwz $t5,`0^$LITTLE_ENDIAN`($np) - lwz $t6,`12^$LITTLE_ENDIAN`($np) ; load n[1] as 32-bit word pair - lwz $t7,`8^$LITTLE_ENDIAN`($np) -___ -$code.=<<___ if ($SIZE_T==4); - lwz $a0,0($ap) ; pull ap[0,1] value - mr $n1,$n0 - lwz $a1,4($ap) - li $c1,0 - lwz $t1,0($bp) ; bp[0,1] - lwz $t3,4($bp) - lwz $n0,0($n1) ; pull n0[0,1] value - lwz $n1,4($n1) - - mullw $t4,$a0,$t1 ; mulld ap[0]*bp[0] - mulhwu $t5,$a0,$t1 - mullw $t6,$a1,$t1 - mullw $t7,$a0,$t3 - add $t5,$t5,$t6 - add $t5,$t5,$t7 - ; transfer bp[0] to FPU as 4x16-bit values - extrwi $t0,$t1,16,16 - extrwi $t1,$t1,16,0 - extrwi $t2,$t3,16,16 - extrwi $t3,$t3,16,0 - std $t0,`$FRAME+0`($sp) ; yes, std in 32-bit build - std $t1,`$FRAME+8`($sp) - std $t2,`$FRAME+16`($sp) - std $t3,`$FRAME+24`($sp) - - mullw $t0,$t4,$n0 ; mulld tp[0]*n0 - mulhwu $t1,$t4,$n0 - mullw $t2,$t5,$n0 - mullw $t3,$t4,$n1 - add $t1,$t1,$t2 - add $t1,$t1,$t3 - ; transfer (ap[0]*bp[0])*n0 to FPU as 4x16-bit values - extrwi $t4,$t0,16,16 - extrwi $t5,$t0,16,0 - extrwi $t6,$t1,16,16 - extrwi $t7,$t1,16,0 - std $t4,`$FRAME+32`($sp) ; yes, std in 32-bit build - std $t5,`$FRAME+40`($sp) - std $t6,`$FRAME+48`($sp) - std $t7,`$FRAME+56`($sp) - - mr $t0,$a0 ; lwz $t0,0($ap) - mr $t1,$a1 ; lwz $t1,4($ap) - lwz $t2,8($ap) ; load a[j..j+3] as 32-bit word pairs - lwz $t3,12($ap) - lwz $t4,0($np) ; load n[j..j+3] as 32-bit word pairs - lwz $t5,4($np) - lwz $t6,8($np) - lwz $t7,12($np) -___ -$code.=<<___; - lfd $ba,`$FRAME+0`($sp) - lfd $bb,`$FRAME+8`($sp) - lfd $bc,`$FRAME+16`($sp) - lfd $bd,`$FRAME+24`($sp) - lfd $na,`$FRAME+32`($sp) - lfd $nb,`$FRAME+40`($sp) - lfd $nc,`$FRAME+48`($sp) - lfd $nd,`$FRAME+56`($sp) - std $t0,`$FRAME+64`($sp) ; yes, std even in 32-bit build - std $t1,`$FRAME+72`($sp) - std $t2,`$FRAME+80`($sp) - std $t3,`$FRAME+88`($sp) - std $t4,`$FRAME+96`($sp) - std $t5,`$FRAME+104`($sp) - std $t6,`$FRAME+112`($sp) - std $t7,`$FRAME+120`($sp) - fcfid $ba,$ba - fcfid $bb,$bb - fcfid $bc,$bc - fcfid $bd,$bd - fcfid $na,$na - fcfid $nb,$nb - fcfid $nc,$nc - fcfid $nd,$nd - - lfd $A0,`$FRAME+64`($sp) - lfd $A1,`$FRAME+72`($sp) - lfd $A2,`$FRAME+80`($sp) - lfd $A3,`$FRAME+88`($sp) - lfd $N0,`$FRAME+96`($sp) - lfd $N1,`$FRAME+104`($sp) - lfd $N2,`$FRAME+112`($sp) - lfd $N3,`$FRAME+120`($sp) - fcfid $A0,$A0 - fcfid $A1,$A1 - fcfid $A2,$A2 - fcfid $A3,$A3 - fcfid $N0,$N0 - fcfid $N1,$N1 - fcfid $N2,$N2 - fcfid $N3,$N3 - addi $ap,$ap,16 - addi $np,$np,16 - - fmul $T1a,$A1,$ba - fmul $T1b,$A1,$bb - stfd $A0,8($nap_d) ; save a[j] in double format - stfd $A1,16($nap_d) - fmul $T2a,$A2,$ba - fmul $T2b,$A2,$bb - stfd $A2,24($nap_d) ; save a[j+1] in double format - stfd $A3,32($nap_d) - fmul $T3a,$A3,$ba - fmul $T3b,$A3,$bb - stfd $N0,40($nap_d) ; save n[j] in double format - stfd $N1,48($nap_d) - fmul $T0a,$A0,$ba - fmul $T0b,$A0,$bb - stfd $N2,56($nap_d) ; save n[j+1] in double format - stfdu $N3,64($nap_d) - - fmadd $T1a,$A0,$bc,$T1a - fmadd $T1b,$A0,$bd,$T1b - fmadd $T2a,$A1,$bc,$T2a - fmadd $T2b,$A1,$bd,$T2b - fmadd $T3a,$A2,$bc,$T3a - fmadd $T3b,$A2,$bd,$T3b - fmul $dota,$A3,$bc - fmul $dotb,$A3,$bd - - fmadd $T1a,$N1,$na,$T1a - fmadd $T1b,$N1,$nb,$T1b - fmadd $T2a,$N2,$na,$T2a - fmadd $T2b,$N2,$nb,$T2b - fmadd $T3a,$N3,$na,$T3a - fmadd $T3b,$N3,$nb,$T3b - fmadd $T0a,$N0,$na,$T0a - fmadd $T0b,$N0,$nb,$T0b - - fmadd $T1a,$N0,$nc,$T1a - fmadd $T1b,$N0,$nd,$T1b - fmadd $T2a,$N1,$nc,$T2a - fmadd $T2b,$N1,$nd,$T2b - fmadd $T3a,$N2,$nc,$T3a - fmadd $T3b,$N2,$nd,$T3b - fmadd $dota,$N3,$nc,$dota - fmadd $dotb,$N3,$nd,$dotb - - fctid $T0a,$T0a - fctid $T0b,$T0b - fctid $T1a,$T1a - fctid $T1b,$T1b - fctid $T2a,$T2a - fctid $T2b,$T2b - fctid $T3a,$T3a - fctid $T3b,$T3b - - stfd $T0a,`$FRAME+0`($sp) - stfd $T0b,`$FRAME+8`($sp) - stfd $T1a,`$FRAME+16`($sp) - stfd $T1b,`$FRAME+24`($sp) - stfd $T2a,`$FRAME+32`($sp) - stfd $T2b,`$FRAME+40`($sp) - stfd $T3a,`$FRAME+48`($sp) - stfd $T3b,`$FRAME+56`($sp) - -.align 5 -L1st: -___ -$code.=<<___ if ($SIZE_T==8); - lwz $t0,`4^$LITTLE_ENDIAN`($ap) ; load a[j] as 32-bit word pair - lwz $t1,`0^$LITTLE_ENDIAN`($ap) - lwz $t2,`12^$LITTLE_ENDIAN`($ap) ; load a[j+1] as 32-bit word pair - lwz $t3,`8^$LITTLE_ENDIAN`($ap) - lwz $t4,`4^$LITTLE_ENDIAN`($np) ; load n[j] as 32-bit word pair - lwz $t5,`0^$LITTLE_ENDIAN`($np) - lwz $t6,`12^$LITTLE_ENDIAN`($np) ; load n[j+1] as 32-bit word pair - lwz $t7,`8^$LITTLE_ENDIAN`($np) -___ -$code.=<<___ if ($SIZE_T==4); - lwz $t0,0($ap) ; load a[j..j+3] as 32-bit word pairs - lwz $t1,4($ap) - lwz $t2,8($ap) - lwz $t3,12($ap) - lwz $t4,0($np) ; load n[j..j+3] as 32-bit word pairs - lwz $t5,4($np) - lwz $t6,8($np) - lwz $t7,12($np) -___ -$code.=<<___; - std $t0,`$FRAME+64`($sp) ; yes, std even in 32-bit build - std $t1,`$FRAME+72`($sp) - std $t2,`$FRAME+80`($sp) - std $t3,`$FRAME+88`($sp) - std $t4,`$FRAME+96`($sp) - std $t5,`$FRAME+104`($sp) - std $t6,`$FRAME+112`($sp) - std $t7,`$FRAME+120`($sp) -___ -if ($SIZE_T==8 or $flavour =~ /osx/) { -$code.=<<___; - ld $t0,`$FRAME+0`($sp) - ld $t1,`$FRAME+8`($sp) - ld $t2,`$FRAME+16`($sp) - ld $t3,`$FRAME+24`($sp) - ld $t4,`$FRAME+32`($sp) - ld $t5,`$FRAME+40`($sp) - ld $t6,`$FRAME+48`($sp) - ld $t7,`$FRAME+56`($sp) -___ -} else { -$code.=<<___; - lwz $t1,`$FRAME+0^$LITTLE_ENDIAN`($sp) - lwz $t0,`$FRAME+4^$LITTLE_ENDIAN`($sp) - lwz $t3,`$FRAME+8^$LITTLE_ENDIAN`($sp) - lwz $t2,`$FRAME+12^$LITTLE_ENDIAN`($sp) - lwz $t5,`$FRAME+16^$LITTLE_ENDIAN`($sp) - lwz $t4,`$FRAME+20^$LITTLE_ENDIAN`($sp) - lwz $t7,`$FRAME+24^$LITTLE_ENDIAN`($sp) - lwz $t6,`$FRAME+28^$LITTLE_ENDIAN`($sp) -___ -} -$code.=<<___; - lfd $A0,`$FRAME+64`($sp) - lfd $A1,`$FRAME+72`($sp) - lfd $A2,`$FRAME+80`($sp) - lfd $A3,`$FRAME+88`($sp) - lfd $N0,`$FRAME+96`($sp) - lfd $N1,`$FRAME+104`($sp) - lfd $N2,`$FRAME+112`($sp) - lfd $N3,`$FRAME+120`($sp) - fcfid $A0,$A0 - fcfid $A1,$A1 - fcfid $A2,$A2 - fcfid $A3,$A3 - fcfid $N0,$N0 - fcfid $N1,$N1 - fcfid $N2,$N2 - fcfid $N3,$N3 - addi $ap,$ap,16 - addi $np,$np,16 - - fmul $T1a,$A1,$ba - fmul $T1b,$A1,$bb - fmul $T2a,$A2,$ba - fmul $T2b,$A2,$bb - stfd $A0,8($nap_d) ; save a[j] in double format - stfd $A1,16($nap_d) - fmul $T3a,$A3,$ba - fmul $T3b,$A3,$bb - fmadd $T0a,$A0,$ba,$dota - fmadd $T0b,$A0,$bb,$dotb - stfd $A2,24($nap_d) ; save a[j+1] in double format - stfd $A3,32($nap_d) -___ -if ($SIZE_T==8 or $flavour =~ /osx/) { -$code.=<<___; - fmadd $T1a,$A0,$bc,$T1a - fmadd $T1b,$A0,$bd,$T1b - fmadd $T2a,$A1,$bc,$T2a - fmadd $T2b,$A1,$bd,$T2b - stfd $N0,40($nap_d) ; save n[j] in double format - stfd $N1,48($nap_d) - fmadd $T3a,$A2,$bc,$T3a - fmadd $T3b,$A2,$bd,$T3b - add $t0,$t0,$carry ; can not overflow - fmul $dota,$A3,$bc - fmul $dotb,$A3,$bd - stfd $N2,56($nap_d) ; save n[j+1] in double format - stfdu $N3,64($nap_d) - srdi $carry,$t0,16 - add $t1,$t1,$carry - srdi $carry,$t1,16 - - fmadd $T1a,$N1,$na,$T1a - fmadd $T1b,$N1,$nb,$T1b - insrdi $t0,$t1,16,32 - fmadd $T2a,$N2,$na,$T2a - fmadd $T2b,$N2,$nb,$T2b - add $t2,$t2,$carry - fmadd $T3a,$N3,$na,$T3a - fmadd $T3b,$N3,$nb,$T3b - srdi $carry,$t2,16 - fmadd $T0a,$N0,$na,$T0a - fmadd $T0b,$N0,$nb,$T0b - insrdi $t0,$t2,16,16 - add $t3,$t3,$carry - srdi $carry,$t3,16 - - fmadd $T1a,$N0,$nc,$T1a - fmadd $T1b,$N0,$nd,$T1b - insrdi $t0,$t3,16,0 ; 0..63 bits - fmadd $T2a,$N1,$nc,$T2a - fmadd $T2b,$N1,$nd,$T2b - add $t4,$t4,$carry - fmadd $T3a,$N2,$nc,$T3a - fmadd $T3b,$N2,$nd,$T3b - srdi $carry,$t4,16 - fmadd $dota,$N3,$nc,$dota - fmadd $dotb,$N3,$nd,$dotb - add $t5,$t5,$carry - srdi $carry,$t5,16 - insrdi $t4,$t5,16,32 - - fctid $T0a,$T0a - fctid $T0b,$T0b - add $t6,$t6,$carry - fctid $T1a,$T1a - fctid $T1b,$T1b - srdi $carry,$t6,16 - fctid $T2a,$T2a - fctid $T2b,$T2b - insrdi $t4,$t6,16,16 - fctid $T3a,$T3a - fctid $T3b,$T3b - add $t7,$t7,$carry - insrdi $t4,$t7,16,0 ; 64..127 bits - srdi $carry,$t7,16 ; upper 33 bits - - stfd $T0a,`$FRAME+0`($sp) - stfd $T0b,`$FRAME+8`($sp) - stfd $T1a,`$FRAME+16`($sp) - stfd $T1b,`$FRAME+24`($sp) - stfd $T2a,`$FRAME+32`($sp) - stfd $T2b,`$FRAME+40`($sp) - stfd $T3a,`$FRAME+48`($sp) - stfd $T3b,`$FRAME+56`($sp) - std $t0,8($tp) ; tp[j-1] - stdu $t4,16($tp) ; tp[j] -___ -} else { -$code.=<<___; - fmadd $T1a,$A0,$bc,$T1a - fmadd $T1b,$A0,$bd,$T1b - addc $t0,$t0,$carry - adde $t1,$t1,$c1 - srwi $carry,$t0,16 - fmadd $T2a,$A1,$bc,$T2a - fmadd $T2b,$A1,$bd,$T2b - stfd $N0,40($nap_d) ; save n[j] in double format - stfd $N1,48($nap_d) - srwi $c1,$t1,16 - insrwi $carry,$t1,16,0 - fmadd $T3a,$A2,$bc,$T3a - fmadd $T3b,$A2,$bd,$T3b - addc $t2,$t2,$carry - adde $t3,$t3,$c1 - srwi $carry,$t2,16 - fmul $dota,$A3,$bc - fmul $dotb,$A3,$bd - stfd $N2,56($nap_d) ; save n[j+1] in double format - stfdu $N3,64($nap_d) - insrwi $t0,$t2,16,0 ; 0..31 bits - srwi $c1,$t3,16 - insrwi $carry,$t3,16,0 - - fmadd $T1a,$N1,$na,$T1a - fmadd $T1b,$N1,$nb,$T1b - lwz $t3,`$FRAME+32^$LITTLE_ENDIAN`($sp) ; permuted $t1 - lwz $t2,`$FRAME+36^$LITTLE_ENDIAN`($sp) ; permuted $t0 - addc $t4,$t4,$carry - adde $t5,$t5,$c1 - srwi $carry,$t4,16 - fmadd $T2a,$N2,$na,$T2a - fmadd $T2b,$N2,$nb,$T2b - srwi $c1,$t5,16 - insrwi $carry,$t5,16,0 - fmadd $T3a,$N3,$na,$T3a - fmadd $T3b,$N3,$nb,$T3b - addc $t6,$t6,$carry - adde $t7,$t7,$c1 - srwi $carry,$t6,16 - fmadd $T0a,$N0,$na,$T0a - fmadd $T0b,$N0,$nb,$T0b - insrwi $t4,$t6,16,0 ; 32..63 bits - srwi $c1,$t7,16 - insrwi $carry,$t7,16,0 - - fmadd $T1a,$N0,$nc,$T1a - fmadd $T1b,$N0,$nd,$T1b - lwz $t7,`$FRAME+40^$LITTLE_ENDIAN`($sp) ; permuted $t3 - lwz $t6,`$FRAME+44^$LITTLE_ENDIAN`($sp) ; permuted $t2 - addc $t2,$t2,$carry - adde $t3,$t3,$c1 - srwi $carry,$t2,16 - fmadd $T2a,$N1,$nc,$T2a - fmadd $T2b,$N1,$nd,$T2b - stw $t0,12($tp) ; tp[j-1] - stw $t4,8($tp) - srwi $c1,$t3,16 - insrwi $carry,$t3,16,0 - fmadd $T3a,$N2,$nc,$T3a - fmadd $T3b,$N2,$nd,$T3b - lwz $t1,`$FRAME+48^$LITTLE_ENDIAN`($sp) ; permuted $t5 - lwz $t0,`$FRAME+52^$LITTLE_ENDIAN`($sp) ; permuted $t4 - addc $t6,$t6,$carry - adde $t7,$t7,$c1 - srwi $carry,$t6,16 - fmadd $dota,$N3,$nc,$dota - fmadd $dotb,$N3,$nd,$dotb - insrwi $t2,$t6,16,0 ; 64..95 bits - srwi $c1,$t7,16 - insrwi $carry,$t7,16,0 - - fctid $T0a,$T0a - fctid $T0b,$T0b - lwz $t5,`$FRAME+56^$LITTLE_ENDIAN`($sp) ; permuted $t7 - lwz $t4,`$FRAME+60^$LITTLE_ENDIAN`($sp) ; permuted $t6 - addc $t0,$t0,$carry - adde $t1,$t1,$c1 - srwi $carry,$t0,16 - fctid $T1a,$T1a - fctid $T1b,$T1b - srwi $c1,$t1,16 - insrwi $carry,$t1,16,0 - fctid $T2a,$T2a - fctid $T2b,$T2b - addc $t4,$t4,$carry - adde $t5,$t5,$c1 - srwi $carry,$t4,16 - fctid $T3a,$T3a - fctid $T3b,$T3b - insrwi $t0,$t4,16,0 ; 96..127 bits - srwi $c1,$t5,16 - insrwi $carry,$t5,16,0 - - stfd $T0a,`$FRAME+0`($sp) - stfd $T0b,`$FRAME+8`($sp) - stfd $T1a,`$FRAME+16`($sp) - stfd $T1b,`$FRAME+24`($sp) - stfd $T2a,`$FRAME+32`($sp) - stfd $T2b,`$FRAME+40`($sp) - stfd $T3a,`$FRAME+48`($sp) - stfd $T3b,`$FRAME+56`($sp) - stw $t2,20($tp) ; tp[j] - stwu $t0,16($tp) -___ -} -$code.=<<___; - bdnz L1st - - fctid $dota,$dota - fctid $dotb,$dotb -___ -if ($SIZE_T==8 or $flavour =~ /osx/) { -$code.=<<___; - ld $t0,`$FRAME+0`($sp) - ld $t1,`$FRAME+8`($sp) - ld $t2,`$FRAME+16`($sp) - ld $t3,`$FRAME+24`($sp) - ld $t4,`$FRAME+32`($sp) - ld $t5,`$FRAME+40`($sp) - ld $t6,`$FRAME+48`($sp) - ld $t7,`$FRAME+56`($sp) - stfd $dota,`$FRAME+64`($sp) - stfd $dotb,`$FRAME+72`($sp) - - add $t0,$t0,$carry ; can not overflow - srdi $carry,$t0,16 - add $t1,$t1,$carry - srdi $carry,$t1,16 - insrdi $t0,$t1,16,32 - add $t2,$t2,$carry - srdi $carry,$t2,16 - insrdi $t0,$t2,16,16 - add $t3,$t3,$carry - srdi $carry,$t3,16 - insrdi $t0,$t3,16,0 ; 0..63 bits - add $t4,$t4,$carry - srdi $carry,$t4,16 - add $t5,$t5,$carry - srdi $carry,$t5,16 - insrdi $t4,$t5,16,32 - add $t6,$t6,$carry - srdi $carry,$t6,16 - insrdi $t4,$t6,16,16 - add $t7,$t7,$carry - insrdi $t4,$t7,16,0 ; 64..127 bits - srdi $carry,$t7,16 ; upper 33 bits - ld $t6,`$FRAME+64`($sp) - ld $t7,`$FRAME+72`($sp) - - std $t0,8($tp) ; tp[j-1] - stdu $t4,16($tp) ; tp[j] - - add $t6,$t6,$carry ; can not overflow - srdi $carry,$t6,16 - add $t7,$t7,$carry - insrdi $t6,$t7,48,0 - srdi $ovf,$t7,48 - std $t6,8($tp) ; tp[num-1] -___ -} else { -$code.=<<___; - lwz $t1,`$FRAME+0^$LITTLE_ENDIAN`($sp) - lwz $t0,`$FRAME+4^$LITTLE_ENDIAN`($sp) - lwz $t3,`$FRAME+8^$LITTLE_ENDIAN`($sp) - lwz $t2,`$FRAME+12^$LITTLE_ENDIAN`($sp) - lwz $t5,`$FRAME+16^$LITTLE_ENDIAN`($sp) - lwz $t4,`$FRAME+20^$LITTLE_ENDIAN`($sp) - lwz $t7,`$FRAME+24^$LITTLE_ENDIAN`($sp) - lwz $t6,`$FRAME+28^$LITTLE_ENDIAN`($sp) - stfd $dota,`$FRAME+64`($sp) - stfd $dotb,`$FRAME+72`($sp) - - addc $t0,$t0,$carry - adde $t1,$t1,$c1 - srwi $carry,$t0,16 - insrwi $carry,$t1,16,0 - srwi $c1,$t1,16 - addc $t2,$t2,$carry - adde $t3,$t3,$c1 - srwi $carry,$t2,16 - insrwi $t0,$t2,16,0 ; 0..31 bits - insrwi $carry,$t3,16,0 - srwi $c1,$t3,16 - addc $t4,$t4,$carry - adde $t5,$t5,$c1 - srwi $carry,$t4,16 - insrwi $carry,$t5,16,0 - srwi $c1,$t5,16 - addc $t6,$t6,$carry - adde $t7,$t7,$c1 - srwi $carry,$t6,16 - insrwi $t4,$t6,16,0 ; 32..63 bits - insrwi $carry,$t7,16,0 - srwi $c1,$t7,16 - stw $t0,12($tp) ; tp[j-1] - stw $t4,8($tp) - - lwz $t3,`$FRAME+32^$LITTLE_ENDIAN`($sp) ; permuted $t1 - lwz $t2,`$FRAME+36^$LITTLE_ENDIAN`($sp) ; permuted $t0 - lwz $t7,`$FRAME+40^$LITTLE_ENDIAN`($sp) ; permuted $t3 - lwz $t6,`$FRAME+44^$LITTLE_ENDIAN`($sp) ; permuted $t2 - lwz $t1,`$FRAME+48^$LITTLE_ENDIAN`($sp) ; permuted $t5 - lwz $t0,`$FRAME+52^$LITTLE_ENDIAN`($sp) ; permuted $t4 - lwz $t5,`$FRAME+56^$LITTLE_ENDIAN`($sp) ; permuted $t7 - lwz $t4,`$FRAME+60^$LITTLE_ENDIAN`($sp) ; permuted $t6 - - addc $t2,$t2,$carry - adde $t3,$t3,$c1 - srwi $carry,$t2,16 - insrwi $carry,$t3,16,0 - srwi $c1,$t3,16 - addc $t6,$t6,$carry - adde $t7,$t7,$c1 - srwi $carry,$t6,16 - insrwi $t2,$t6,16,0 ; 64..95 bits - insrwi $carry,$t7,16,0 - srwi $c1,$t7,16 - addc $t0,$t0,$carry - adde $t1,$t1,$c1 - srwi $carry,$t0,16 - insrwi $carry,$t1,16,0 - srwi $c1,$t1,16 - addc $t4,$t4,$carry - adde $t5,$t5,$c1 - srwi $carry,$t4,16 - insrwi $t0,$t4,16,0 ; 96..127 bits - insrwi $carry,$t5,16,0 - srwi $c1,$t5,16 - stw $t2,20($tp) ; tp[j] - stwu $t0,16($tp) - - lwz $t7,`$FRAME+64^$LITTLE_ENDIAN`($sp) - lwz $t6,`$FRAME+68^$LITTLE_ENDIAN`($sp) - lwz $t5,`$FRAME+72^$LITTLE_ENDIAN`($sp) - lwz $t4,`$FRAME+76^$LITTLE_ENDIAN`($sp) - - addc $t6,$t6,$carry - adde $t7,$t7,$c1 - srwi $carry,$t6,16 - insrwi $carry,$t7,16,0 - srwi $c1,$t7,16 - addc $t4,$t4,$carry - adde $t5,$t5,$c1 - - insrwi $t6,$t4,16,0 - srwi $t4,$t4,16 - insrwi $t4,$t5,16,0 - srwi $ovf,$t5,16 - stw $t6,12($tp) ; tp[num-1] - stw $t4,8($tp) -___ -} -$code.=<<___; - slwi $t7,$num,2 - subf $nap_d,$t7,$nap_d ; rewind pointer - - li $i,8 ; i=1 -.align 5 -Louter: - addi $tp,$sp,`$FRAME+$TRANSFER` - li $carry,0 - mtctr $j -___ -$code.=<<___ if ($SIZE_T==8); - ldx $t3,$bp,$i ; bp[i] - - ld $t6,`$FRAME+$TRANSFER+8`($sp) ; tp[0] - mulld $t7,$a0,$t3 ; ap[0]*bp[i] - add $t7,$t7,$t6 ; ap[0]*bp[i]+tp[0] - ; transfer bp[i] to FPU as 4x16-bit values - extrdi $t0,$t3,16,48 - extrdi $t1,$t3,16,32 - extrdi $t2,$t3,16,16 - extrdi $t3,$t3,16,0 - std $t0,`$FRAME+0`($sp) - std $t1,`$FRAME+8`($sp) - std $t2,`$FRAME+16`($sp) - std $t3,`$FRAME+24`($sp) - - mulld $t7,$t7,$n0 ; tp[0]*n0 - ; transfer (ap[0]*bp[i]+tp[0])*n0 to FPU as 4x16-bit values - extrdi $t4,$t7,16,48 - extrdi $t5,$t7,16,32 - extrdi $t6,$t7,16,16 - extrdi $t7,$t7,16,0 - std $t4,`$FRAME+32`($sp) - std $t5,`$FRAME+40`($sp) - std $t6,`$FRAME+48`($sp) - std $t7,`$FRAME+56`($sp) -___ -$code.=<<___ if ($SIZE_T==4); - add $t0,$bp,$i - li $c1,0 - lwz $t1,0($t0) ; bp[i,i+1] - lwz $t3,4($t0) - - mullw $t4,$a0,$t1 ; ap[0]*bp[i] - lwz $t0,`$FRAME+$TRANSFER+8+4`($sp) ; tp[0] - mulhwu $t5,$a0,$t1 - lwz $t2,`$FRAME+$TRANSFER+8`($sp) ; tp[0] - mullw $t6,$a1,$t1 - mullw $t7,$a0,$t3 - add $t5,$t5,$t6 - add $t5,$t5,$t7 - addc $t4,$t4,$t0 ; ap[0]*bp[i]+tp[0] - adde $t5,$t5,$t2 - ; transfer bp[i] to FPU as 4x16-bit values - extrwi $t0,$t1,16,16 - extrwi $t1,$t1,16,0 - extrwi $t2,$t3,16,16 - extrwi $t3,$t3,16,0 - std $t0,`$FRAME+0`($sp) ; yes, std in 32-bit build - std $t1,`$FRAME+8`($sp) - std $t2,`$FRAME+16`($sp) - std $t3,`$FRAME+24`($sp) - - mullw $t0,$t4,$n0 ; mulld tp[0]*n0 - mulhwu $t1,$t4,$n0 - mullw $t2,$t5,$n0 - mullw $t3,$t4,$n1 - add $t1,$t1,$t2 - add $t1,$t1,$t3 - ; transfer (ap[0]*bp[i]+tp[0])*n0 to FPU as 4x16-bit values - extrwi $t4,$t0,16,16 - extrwi $t5,$t0,16,0 - extrwi $t6,$t1,16,16 - extrwi $t7,$t1,16,0 - std $t4,`$FRAME+32`($sp) ; yes, std in 32-bit build - std $t5,`$FRAME+40`($sp) - std $t6,`$FRAME+48`($sp) - std $t7,`$FRAME+56`($sp) -___ -$code.=<<___; - lfd $A0,8($nap_d) ; load a[j] in double format - lfd $A1,16($nap_d) - lfd $A2,24($nap_d) ; load a[j+1] in double format - lfd $A3,32($nap_d) - lfd $N0,40($nap_d) ; load n[j] in double format - lfd $N1,48($nap_d) - lfd $N2,56($nap_d) ; load n[j+1] in double format - lfdu $N3,64($nap_d) - - lfd $ba,`$FRAME+0`($sp) - lfd $bb,`$FRAME+8`($sp) - lfd $bc,`$FRAME+16`($sp) - lfd $bd,`$FRAME+24`($sp) - lfd $na,`$FRAME+32`($sp) - lfd $nb,`$FRAME+40`($sp) - lfd $nc,`$FRAME+48`($sp) - lfd $nd,`$FRAME+56`($sp) - - fcfid $ba,$ba - fcfid $bb,$bb - fcfid $bc,$bc - fcfid $bd,$bd - fcfid $na,$na - fcfid $nb,$nb - fcfid $nc,$nc - fcfid $nd,$nd - - fmul $T1a,$A1,$ba - fmul $T1b,$A1,$bb - fmul $T2a,$A2,$ba - fmul $T2b,$A2,$bb - fmul $T3a,$A3,$ba - fmul $T3b,$A3,$bb - fmul $T0a,$A0,$ba - fmul $T0b,$A0,$bb - - fmadd $T1a,$A0,$bc,$T1a - fmadd $T1b,$A0,$bd,$T1b - fmadd $T2a,$A1,$bc,$T2a - fmadd $T2b,$A1,$bd,$T2b - fmadd $T3a,$A2,$bc,$T3a - fmadd $T3b,$A2,$bd,$T3b - fmul $dota,$A3,$bc - fmul $dotb,$A3,$bd - - fmadd $T1a,$N1,$na,$T1a - fmadd $T1b,$N1,$nb,$T1b - lfd $A0,8($nap_d) ; load a[j] in double format - lfd $A1,16($nap_d) - fmadd $T2a,$N2,$na,$T2a - fmadd $T2b,$N2,$nb,$T2b - lfd $A2,24($nap_d) ; load a[j+1] in double format - lfd $A3,32($nap_d) - fmadd $T3a,$N3,$na,$T3a - fmadd $T3b,$N3,$nb,$T3b - fmadd $T0a,$N0,$na,$T0a - fmadd $T0b,$N0,$nb,$T0b - - fmadd $T1a,$N0,$nc,$T1a - fmadd $T1b,$N0,$nd,$T1b - fmadd $T2a,$N1,$nc,$T2a - fmadd $T2b,$N1,$nd,$T2b - fmadd $T3a,$N2,$nc,$T3a - fmadd $T3b,$N2,$nd,$T3b - fmadd $dota,$N3,$nc,$dota - fmadd $dotb,$N3,$nd,$dotb - - fctid $T0a,$T0a - fctid $T0b,$T0b - fctid $T1a,$T1a - fctid $T1b,$T1b - fctid $T2a,$T2a - fctid $T2b,$T2b - fctid $T3a,$T3a - fctid $T3b,$T3b - - stfd $T0a,`$FRAME+0`($sp) - stfd $T0b,`$FRAME+8`($sp) - stfd $T1a,`$FRAME+16`($sp) - stfd $T1b,`$FRAME+24`($sp) - stfd $T2a,`$FRAME+32`($sp) - stfd $T2b,`$FRAME+40`($sp) - stfd $T3a,`$FRAME+48`($sp) - stfd $T3b,`$FRAME+56`($sp) - -.align 5 -Linner: - fmul $T1a,$A1,$ba - fmul $T1b,$A1,$bb - fmul $T2a,$A2,$ba - fmul $T2b,$A2,$bb - lfd $N0,40($nap_d) ; load n[j] in double format - lfd $N1,48($nap_d) - fmul $T3a,$A3,$ba - fmul $T3b,$A3,$bb - fmadd $T0a,$A0,$ba,$dota - fmadd $T0b,$A0,$bb,$dotb - lfd $N2,56($nap_d) ; load n[j+1] in double format - lfdu $N3,64($nap_d) - - fmadd $T1a,$A0,$bc,$T1a - fmadd $T1b,$A0,$bd,$T1b - fmadd $T2a,$A1,$bc,$T2a - fmadd $T2b,$A1,$bd,$T2b - lfd $A0,8($nap_d) ; load a[j] in double format - lfd $A1,16($nap_d) - fmadd $T3a,$A2,$bc,$T3a - fmadd $T3b,$A2,$bd,$T3b - fmul $dota,$A3,$bc - fmul $dotb,$A3,$bd - lfd $A2,24($nap_d) ; load a[j+1] in double format - lfd $A3,32($nap_d) -___ -if ($SIZE_T==8 or $flavour =~ /osx/) { -$code.=<<___; - fmadd $T1a,$N1,$na,$T1a - fmadd $T1b,$N1,$nb,$T1b - ld $t0,`$FRAME+0`($sp) - ld $t1,`$FRAME+8`($sp) - fmadd $T2a,$N2,$na,$T2a - fmadd $T2b,$N2,$nb,$T2b - ld $t2,`$FRAME+16`($sp) - ld $t3,`$FRAME+24`($sp) - fmadd $T3a,$N3,$na,$T3a - fmadd $T3b,$N3,$nb,$T3b - add $t0,$t0,$carry ; can not overflow - ld $t4,`$FRAME+32`($sp) - ld $t5,`$FRAME+40`($sp) - fmadd $T0a,$N0,$na,$T0a - fmadd $T0b,$N0,$nb,$T0b - srdi $carry,$t0,16 - add $t1,$t1,$carry - srdi $carry,$t1,16 - ld $t6,`$FRAME+48`($sp) - ld $t7,`$FRAME+56`($sp) - - fmadd $T1a,$N0,$nc,$T1a - fmadd $T1b,$N0,$nd,$T1b - insrdi $t0,$t1,16,32 - ld $t1,8($tp) ; tp[j] - fmadd $T2a,$N1,$nc,$T2a - fmadd $T2b,$N1,$nd,$T2b - add $t2,$t2,$carry - fmadd $T3a,$N2,$nc,$T3a - fmadd $T3b,$N2,$nd,$T3b - srdi $carry,$t2,16 - insrdi $t0,$t2,16,16 - fmadd $dota,$N3,$nc,$dota - fmadd $dotb,$N3,$nd,$dotb - add $t3,$t3,$carry - ldu $t2,16($tp) ; tp[j+1] - srdi $carry,$t3,16 - insrdi $t0,$t3,16,0 ; 0..63 bits - add $t4,$t4,$carry - - fctid $T0a,$T0a - fctid $T0b,$T0b - srdi $carry,$t4,16 - fctid $T1a,$T1a - fctid $T1b,$T1b - add $t5,$t5,$carry - fctid $T2a,$T2a - fctid $T2b,$T2b - srdi $carry,$t5,16 - insrdi $t4,$t5,16,32 - fctid $T3a,$T3a - fctid $T3b,$T3b - add $t6,$t6,$carry - srdi $carry,$t6,16 - insrdi $t4,$t6,16,16 - - stfd $T0a,`$FRAME+0`($sp) - stfd $T0b,`$FRAME+8`($sp) - add $t7,$t7,$carry - addc $t3,$t0,$t1 -___ -$code.=<<___ if ($SIZE_T==4); # adjust XER[CA] - extrdi $t0,$t0,32,0 - extrdi $t1,$t1,32,0 - adde $t0,$t0,$t1 -___ -$code.=<<___; - stfd $T1a,`$FRAME+16`($sp) - stfd $T1b,`$FRAME+24`($sp) - insrdi $t4,$t7,16,0 ; 64..127 bits - srdi $carry,$t7,16 ; upper 33 bits - stfd $T2a,`$FRAME+32`($sp) - stfd $T2b,`$FRAME+40`($sp) - adde $t5,$t4,$t2 -___ -$code.=<<___ if ($SIZE_T==4); # adjust XER[CA] - extrdi $t4,$t4,32,0 - extrdi $t2,$t2,32,0 - adde $t4,$t4,$t2 -___ -$code.=<<___; - stfd $T3a,`$FRAME+48`($sp) - stfd $T3b,`$FRAME+56`($sp) - addze $carry,$carry - std $t3,-16($tp) ; tp[j-1] - std $t5,-8($tp) ; tp[j] -___ -} else { -$code.=<<___; - fmadd $T1a,$N1,$na,$T1a - fmadd $T1b,$N1,$nb,$T1b - lwz $t1,`$FRAME+0^$LITTLE_ENDIAN`($sp) - lwz $t0,`$FRAME+4^$LITTLE_ENDIAN`($sp) - fmadd $T2a,$N2,$na,$T2a - fmadd $T2b,$N2,$nb,$T2b - lwz $t3,`$FRAME+8^$LITTLE_ENDIAN`($sp) - lwz $t2,`$FRAME+12^$LITTLE_ENDIAN`($sp) - fmadd $T3a,$N3,$na,$T3a - fmadd $T3b,$N3,$nb,$T3b - lwz $t5,`$FRAME+16^$LITTLE_ENDIAN`($sp) - lwz $t4,`$FRAME+20^$LITTLE_ENDIAN`($sp) - addc $t0,$t0,$carry - adde $t1,$t1,$c1 - srwi $carry,$t0,16 - fmadd $T0a,$N0,$na,$T0a - fmadd $T0b,$N0,$nb,$T0b - lwz $t7,`$FRAME+24^$LITTLE_ENDIAN`($sp) - lwz $t6,`$FRAME+28^$LITTLE_ENDIAN`($sp) - srwi $c1,$t1,16 - insrwi $carry,$t1,16,0 - - fmadd $T1a,$N0,$nc,$T1a - fmadd $T1b,$N0,$nd,$T1b - addc $t2,$t2,$carry - adde $t3,$t3,$c1 - srwi $carry,$t2,16 - fmadd $T2a,$N1,$nc,$T2a - fmadd $T2b,$N1,$nd,$T2b - insrwi $t0,$t2,16,0 ; 0..31 bits - srwi $c1,$t3,16 - insrwi $carry,$t3,16,0 - fmadd $T3a,$N2,$nc,$T3a - fmadd $T3b,$N2,$nd,$T3b - lwz $t2,12($tp) ; tp[j] - lwz $t3,8($tp) - addc $t4,$t4,$carry - adde $t5,$t5,$c1 - srwi $carry,$t4,16 - fmadd $dota,$N3,$nc,$dota - fmadd $dotb,$N3,$nd,$dotb - srwi $c1,$t5,16 - insrwi $carry,$t5,16,0 - - fctid $T0a,$T0a - addc $t6,$t6,$carry - adde $t7,$t7,$c1 - srwi $carry,$t6,16 - fctid $T0b,$T0b - insrwi $t4,$t6,16,0 ; 32..63 bits - srwi $c1,$t7,16 - insrwi $carry,$t7,16,0 - fctid $T1a,$T1a - addc $t0,$t0,$t2 - adde $t4,$t4,$t3 - lwz $t3,`$FRAME+32^$LITTLE_ENDIAN`($sp) ; permuted $t1 - lwz $t2,`$FRAME+36^$LITTLE_ENDIAN`($sp) ; permuted $t0 - fctid $T1b,$T1b - addze $carry,$carry - addze $c1,$c1 - stw $t0,4($tp) ; tp[j-1] - stw $t4,0($tp) - fctid $T2a,$T2a - addc $t2,$t2,$carry - adde $t3,$t3,$c1 - srwi $carry,$t2,16 - lwz $t7,`$FRAME+40^$LITTLE_ENDIAN`($sp) ; permuted $t3 - lwz $t6,`$FRAME+44^$LITTLE_ENDIAN`($sp) ; permuted $t2 - fctid $T2b,$T2b - srwi $c1,$t3,16 - insrwi $carry,$t3,16,0 - lwz $t1,`$FRAME+48^$LITTLE_ENDIAN`($sp) ; permuted $t5 - lwz $t0,`$FRAME+52^$LITTLE_ENDIAN`($sp) ; permuted $t4 - fctid $T3a,$T3a - addc $t6,$t6,$carry - adde $t7,$t7,$c1 - srwi $carry,$t6,16 - lwz $t5,`$FRAME+56^$LITTLE_ENDIAN`($sp) ; permuted $t7 - lwz $t4,`$FRAME+60^$LITTLE_ENDIAN`($sp) ; permuted $t6 - fctid $T3b,$T3b - - insrwi $t2,$t6,16,0 ; 64..95 bits - insrwi $carry,$t7,16,0 - srwi $c1,$t7,16 - lwz $t6,20($tp) - lwzu $t7,16($tp) - addc $t0,$t0,$carry - stfd $T0a,`$FRAME+0`($sp) - adde $t1,$t1,$c1 - srwi $carry,$t0,16 - stfd $T0b,`$FRAME+8`($sp) - insrwi $carry,$t1,16,0 - srwi $c1,$t1,16 - addc $t4,$t4,$carry - stfd $T1a,`$FRAME+16`($sp) - adde $t5,$t5,$c1 - srwi $carry,$t4,16 - insrwi $t0,$t4,16,0 ; 96..127 bits - stfd $T1b,`$FRAME+24`($sp) - insrwi $carry,$t5,16,0 - srwi $c1,$t5,16 - - addc $t2,$t2,$t6 - stfd $T2a,`$FRAME+32`($sp) - adde $t0,$t0,$t7 - stfd $T2b,`$FRAME+40`($sp) - addze $carry,$carry - stfd $T3a,`$FRAME+48`($sp) - addze $c1,$c1 - stfd $T3b,`$FRAME+56`($sp) - stw $t2,-4($tp) ; tp[j] - stw $t0,-8($tp) -___ -} -$code.=<<___; - bdnz Linner - - fctid $dota,$dota - fctid $dotb,$dotb -___ -if ($SIZE_T==8 or $flavour =~ /osx/) { -$code.=<<___; - ld $t0,`$FRAME+0`($sp) - ld $t1,`$FRAME+8`($sp) - ld $t2,`$FRAME+16`($sp) - ld $t3,`$FRAME+24`($sp) - ld $t4,`$FRAME+32`($sp) - ld $t5,`$FRAME+40`($sp) - ld $t6,`$FRAME+48`($sp) - ld $t7,`$FRAME+56`($sp) - stfd $dota,`$FRAME+64`($sp) - stfd $dotb,`$FRAME+72`($sp) - - add $t0,$t0,$carry ; can not overflow - srdi $carry,$t0,16 - add $t1,$t1,$carry - srdi $carry,$t1,16 - insrdi $t0,$t1,16,32 - add $t2,$t2,$carry - ld $t1,8($tp) ; tp[j] - srdi $carry,$t2,16 - insrdi $t0,$t2,16,16 - add $t3,$t3,$carry - ldu $t2,16($tp) ; tp[j+1] - srdi $carry,$t3,16 - insrdi $t0,$t3,16,0 ; 0..63 bits - add $t4,$t4,$carry - srdi $carry,$t4,16 - add $t5,$t5,$carry - srdi $carry,$t5,16 - insrdi $t4,$t5,16,32 - add $t6,$t6,$carry - srdi $carry,$t6,16 - insrdi $t4,$t6,16,16 - add $t7,$t7,$carry - insrdi $t4,$t7,16,0 ; 64..127 bits - srdi $carry,$t7,16 ; upper 33 bits - ld $t6,`$FRAME+64`($sp) - ld $t7,`$FRAME+72`($sp) - - addc $t3,$t0,$t1 -___ -$code.=<<___ if ($SIZE_T==4); # adjust XER[CA] - extrdi $t0,$t0,32,0 - extrdi $t1,$t1,32,0 - adde $t0,$t0,$t1 -___ -$code.=<<___; - adde $t5,$t4,$t2 -___ -$code.=<<___ if ($SIZE_T==4); # adjust XER[CA] - extrdi $t4,$t4,32,0 - extrdi $t2,$t2,32,0 - adde $t4,$t4,$t2 -___ -$code.=<<___; - addze $carry,$carry - - std $t3,-16($tp) ; tp[j-1] - std $t5,-8($tp) ; tp[j] - - add $carry,$carry,$ovf ; consume upmost overflow - add $t6,$t6,$carry ; can not overflow - srdi $carry,$t6,16 - add $t7,$t7,$carry - insrdi $t6,$t7,48,0 - srdi $ovf,$t7,48 - std $t6,0($tp) ; tp[num-1] -___ -} else { -$code.=<<___; - lwz $t1,`$FRAME+0^$LITTLE_ENDIAN`($sp) - lwz $t0,`$FRAME+4^$LITTLE_ENDIAN`($sp) - lwz $t3,`$FRAME+8^$LITTLE_ENDIAN`($sp) - lwz $t2,`$FRAME+12^$LITTLE_ENDIAN`($sp) - lwz $t5,`$FRAME+16^$LITTLE_ENDIAN`($sp) - lwz $t4,`$FRAME+20^$LITTLE_ENDIAN`($sp) - lwz $t7,`$FRAME+24^$LITTLE_ENDIAN`($sp) - lwz $t6,`$FRAME+28^$LITTLE_ENDIAN`($sp) - stfd $dota,`$FRAME+64`($sp) - stfd $dotb,`$FRAME+72`($sp) - - addc $t0,$t0,$carry - adde $t1,$t1,$c1 - srwi $carry,$t0,16 - insrwi $carry,$t1,16,0 - srwi $c1,$t1,16 - addc $t2,$t2,$carry - adde $t3,$t3,$c1 - srwi $carry,$t2,16 - insrwi $t0,$t2,16,0 ; 0..31 bits - lwz $t2,12($tp) ; tp[j] - insrwi $carry,$t3,16,0 - srwi $c1,$t3,16 - lwz $t3,8($tp) - addc $t4,$t4,$carry - adde $t5,$t5,$c1 - srwi $carry,$t4,16 - insrwi $carry,$t5,16,0 - srwi $c1,$t5,16 - addc $t6,$t6,$carry - adde $t7,$t7,$c1 - srwi $carry,$t6,16 - insrwi $t4,$t6,16,0 ; 32..63 bits - insrwi $carry,$t7,16,0 - srwi $c1,$t7,16 - - addc $t0,$t0,$t2 - adde $t4,$t4,$t3 - addze $carry,$carry - addze $c1,$c1 - stw $t0,4($tp) ; tp[j-1] - stw $t4,0($tp) - - lwz $t3,`$FRAME+32^$LITTLE_ENDIAN`($sp) ; permuted $t1 - lwz $t2,`$FRAME+36^$LITTLE_ENDIAN`($sp) ; permuted $t0 - lwz $t7,`$FRAME+40^$LITTLE_ENDIAN`($sp) ; permuted $t3 - lwz $t6,`$FRAME+44^$LITTLE_ENDIAN`($sp) ; permuted $t2 - lwz $t1,`$FRAME+48^$LITTLE_ENDIAN`($sp) ; permuted $t5 - lwz $t0,`$FRAME+52^$LITTLE_ENDIAN`($sp) ; permuted $t4 - lwz $t5,`$FRAME+56^$LITTLE_ENDIAN`($sp) ; permuted $t7 - lwz $t4,`$FRAME+60^$LITTLE_ENDIAN`($sp) ; permuted $t6 - - addc $t2,$t2,$carry - adde $t3,$t3,$c1 - srwi $carry,$t2,16 - insrwi $carry,$t3,16,0 - srwi $c1,$t3,16 - addc $t6,$t6,$carry - adde $t7,$t7,$c1 - srwi $carry,$t6,16 - insrwi $t2,$t6,16,0 ; 64..95 bits - lwz $t6,20($tp) - insrwi $carry,$t7,16,0 - srwi $c1,$t7,16 - lwzu $t7,16($tp) - addc $t0,$t0,$carry - adde $t1,$t1,$c1 - srwi $carry,$t0,16 - insrwi $carry,$t1,16,0 - srwi $c1,$t1,16 - addc $t4,$t4,$carry - adde $t5,$t5,$c1 - srwi $carry,$t4,16 - insrwi $t0,$t4,16,0 ; 96..127 bits - insrwi $carry,$t5,16,0 - srwi $c1,$t5,16 - - addc $t2,$t2,$t6 - adde $t0,$t0,$t7 - lwz $t7,`$FRAME+64^$LITTLE_ENDIAN`($sp) - lwz $t6,`$FRAME+68^$LITTLE_ENDIAN`($sp) - addze $carry,$carry - addze $c1,$c1 - lwz $t5,`$FRAME+72^$LITTLE_ENDIAN`($sp) - lwz $t4,`$FRAME+76^$LITTLE_ENDIAN`($sp) - - addc $t6,$t6,$carry - adde $t7,$t7,$c1 - stw $t2,-4($tp) ; tp[j] - stw $t0,-8($tp) - addc $t6,$t6,$ovf - addze $t7,$t7 - srwi $carry,$t6,16 - insrwi $carry,$t7,16,0 - srwi $c1,$t7,16 - addc $t4,$t4,$carry - adde $t5,$t5,$c1 - - insrwi $t6,$t4,16,0 - srwi $t4,$t4,16 - insrwi $t4,$t5,16,0 - srwi $ovf,$t5,16 - stw $t6,4($tp) ; tp[num-1] - stw $t4,0($tp) -___ -} -$code.=<<___; - slwi $t7,$num,2 - addi $i,$i,8 - subf $nap_d,$t7,$nap_d ; rewind pointer - cmpw $i,$num - blt- Louter -___ - -$code.=<<___ if ($SIZE_T==8); - subf $np,$num,$np ; rewind np - addi $j,$j,1 ; restore counter - subfc $i,$i,$i ; j=0 and "clear" XER[CA] - addi $tp,$sp,`$FRAME+$TRANSFER+8` - addi $t4,$sp,`$FRAME+$TRANSFER+16` - addi $t5,$np,8 - addi $t6,$rp,8 - mtctr $j - -.align 4 -Lsub: ldx $t0,$tp,$i - ldx $t1,$np,$i - ldx $t2,$t4,$i - ldx $t3,$t5,$i - subfe $t0,$t1,$t0 ; tp[j]-np[j] - subfe $t2,$t3,$t2 ; tp[j+1]-np[j+1] - stdx $t0,$rp,$i - stdx $t2,$t6,$i - addi $i,$i,16 - bdnz Lsub - - li $i,0 - subfe $ovf,$i,$ovf ; handle upmost overflow bit - mtctr $j - -.align 4 -Lcopy: ; conditional copy - ldx $t0,$tp,$i - ldx $t1,$t4,$i - ldx $t2,$rp,$i - ldx $t3,$t6,$i - std $i,8($nap_d) ; zap nap_d - std $i,16($nap_d) - std $i,24($nap_d) - std $i,32($nap_d) - std $i,40($nap_d) - std $i,48($nap_d) - std $i,56($nap_d) - stdu $i,64($nap_d) - and $t0,$t0,$ovf - and $t1,$t1,$ovf - andc $t2,$t2,$ovf - andc $t3,$t3,$ovf - or $t0,$t0,$t2 - or $t1,$t1,$t3 - stdx $t0,$rp,$i - stdx $t1,$t6,$i - stdx $i,$tp,$i ; zap tp at once - stdx $i,$t4,$i - addi $i,$i,16 - bdnz Lcopy -___ -$code.=<<___ if ($SIZE_T==4); - subf $np,$num,$np ; rewind np - addi $j,$j,1 ; restore counter - subfc $i,$i,$i ; j=0 and "clear" XER[CA] - addi $tp,$sp,`$FRAME+$TRANSFER` - addi $np,$np,-4 - addi $rp,$rp,-4 - addi $ap,$sp,`$FRAME+$TRANSFER+4` - mtctr $j - -.align 4 -Lsub: lwz $t0,12($tp) ; load tp[j..j+3] in 64-bit word order - lwz $t1,8($tp) - lwz $t2,20($tp) - lwzu $t3,16($tp) - lwz $t4,4($np) ; load np[j..j+3] in 32-bit word order - lwz $t5,8($np) - lwz $t6,12($np) - lwzu $t7,16($np) - subfe $t4,$t4,$t0 ; tp[j]-np[j] - stw $t0,4($ap) ; save tp[j..j+3] in 32-bit word order - subfe $t5,$t5,$t1 ; tp[j+1]-np[j+1] - stw $t1,8($ap) - subfe $t6,$t6,$t2 ; tp[j+2]-np[j+2] - stw $t2,12($ap) - subfe $t7,$t7,$t3 ; tp[j+3]-np[j+3] - stwu $t3,16($ap) - stw $t4,4($rp) - stw $t5,8($rp) - stw $t6,12($rp) - stwu $t7,16($rp) - bdnz Lsub - - li $i,0 - subfe $ovf,$i,$ovf ; handle upmost overflow bit - addi $ap,$sp,`$FRAME+$TRANSFER+4` - subf $rp,$num,$rp ; rewind rp - addi $tp,$sp,`$FRAME+$TRANSFER` - mtctr $j - -.align 4 -Lcopy: ; conditional copy - lwz $t0,4($ap) - lwz $t1,8($ap) - lwz $t2,12($ap) - lwzu $t3,16($ap) - lwz $t4,4($rp) - lwz $t5,8($rp) - lwz $t6,12($rp) - lwz $t7,16($rp) - std $i,8($nap_d) ; zap nap_d - std $i,16($nap_d) - std $i,24($nap_d) - std $i,32($nap_d) - std $i,40($nap_d) - std $i,48($nap_d) - std $i,56($nap_d) - stdu $i,64($nap_d) - and $t0,$t0,$ovf - and $t1,$t1,$ovf - and $t2,$t2,$ovf - and $t3,$t3,$ovf - andc $t4,$t4,$ovf - andc $t5,$t5,$ovf - andc $t6,$t6,$ovf - andc $t7,$t7,$ovf - or $t0,$t0,$t4 - or $t1,$t1,$t5 - or $t2,$t2,$t6 - or $t3,$t3,$t7 - stw $t0,4($rp) - stw $t1,8($rp) - stw $t2,12($rp) - stwu $t3,16($rp) - std $i,8($tp) ; zap tp at once - stdu $i,16($tp) - bdnz Lcopy -___ - -$code.=<<___; - $POP $i,0($sp) - li r3,1 ; signal "handled" - $POP r19,`-12*8-13*$SIZE_T`($i) - $POP r20,`-12*8-12*$SIZE_T`($i) - $POP r21,`-12*8-11*$SIZE_T`($i) - $POP r22,`-12*8-10*$SIZE_T`($i) - $POP r23,`-12*8-9*$SIZE_T`($i) - $POP r24,`-12*8-8*$SIZE_T`($i) - $POP r25,`-12*8-7*$SIZE_T`($i) - $POP r26,`-12*8-6*$SIZE_T`($i) - $POP r27,`-12*8-5*$SIZE_T`($i) - $POP r28,`-12*8-4*$SIZE_T`($i) - $POP r29,`-12*8-3*$SIZE_T`($i) - $POP r30,`-12*8-2*$SIZE_T`($i) - $POP r31,`-12*8-1*$SIZE_T`($i) - lfd f20,`-12*8`($i) - lfd f21,`-11*8`($i) - lfd f22,`-10*8`($i) - lfd f23,`-9*8`($i) - lfd f24,`-8*8`($i) - lfd f25,`-7*8`($i) - lfd f26,`-6*8`($i) - lfd f27,`-5*8`($i) - lfd f28,`-4*8`($i) - lfd f29,`-3*8`($i) - lfd f30,`-2*8`($i) - lfd f31,`-1*8`($i) - mr $sp,$i - blr - .long 0 - .byte 0,12,4,0,0x8c,13,6,0 - .long 0 -.size .$fname,.-.$fname - -.asciz "Montgomery Multiplication for PPC64, CRYPTOGAMS by " -___ - -$code =~ s/\`([^\`]*)\`/eval $1/gem; -print $code; -close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/bn/asm/rsaz-avx2.pl b/crypto/bn/asm/rsaz-avx2.pl deleted file mode 100755 index 3d0e342a6b8cbb63957eeea5769ff3ebf700cd10..0000000000000000000000000000000000000000 --- a/crypto/bn/asm/rsaz-avx2.pl +++ /dev/null @@ -1,1984 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2013-2020 The OpenSSL Project Authors. All Rights Reserved. -# Copyright (c) 2012, Intel Corporation. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html -# -# Originally written by Shay Gueron (1, 2), and Vlad Krasnov (1) -# (1) Intel Corporation, Israel Development Center, Haifa, Israel -# (2) University of Haifa, Israel -# -# References: -# [1] S. Gueron, V. Krasnov: "Software Implementation of Modular -# Exponentiation, Using Advanced Vector Instructions Architectures", -# F. Ozbudak and F. Rodriguez-Henriquez (Eds.): WAIFI 2012, LNCS 7369, -# pp. 119?135, 2012. Springer-Verlag Berlin Heidelberg 2012 -# [2] S. Gueron: "Efficient Software Implementations of Modular -# Exponentiation", Journal of Cryptographic Engineering 2:31-43 (2012). -# [3] S. Gueron, V. Krasnov: "Speeding up Big-numbers Squaring",IEEE -# Proceedings of 9th International Conference on Information Technology: -# New Generations (ITNG 2012), pp.821-823 (2012) -# [4] S. Gueron, V. Krasnov: "[PATCH] Efficient and side channel analysis -# resistant 1024-bit modular exponentiation, for optimizing RSA2048 -# on AVX2 capable x86_64 platforms", -# http://rt.openssl.org/Ticket/Display.html?id=2850&user=guest&pass=guest -# -# +13% improvement over original submission by -# -# rsa2048 sign/sec OpenSSL 1.0.1 scalar(*) this -# 2.3GHz Haswell 621 765/+23% 1113/+79% -# 2.3GHz Broadwell(**) 688 1200(***)/+74% 1120/+63% -# -# (*) if system doesn't support AVX2, for reference purposes; -# (**) scaled to 2.3GHz to simplify comparison; -# (***) scalar AD*X code is faster than AVX2 and is preferred code -# path for Broadwell; - -# $output is the last argument if it looks like a file (it has an extension) -# $flavour is the first argument if it doesn't look like a file -$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; -$flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef; - -$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/); - -$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; -( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or -( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or -die "can't locate x86_64-xlate.pl"; - -if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1` - =~ /GNU assembler version ([2-9]\.[0-9]+)/) { - $avx = ($1>=2.19) + ($1>=2.22); - $addx = ($1>=2.23); -} - -if (!$avx && $win64 && ($flavour =~ /nasm/ || $ENV{ASM} =~ /nasm/) && - `nasm -v 2>&1` =~ /NASM version ([2-9]\.[0-9]+)/) { - $avx = ($1>=2.09) + ($1>=2.10); - $addx = ($1>=2.10); -} - -if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) && - `ml64 2>&1` =~ /Version ([0-9]+)\./) { - $avx = ($1>=10) + ($1>=11); - $addx = ($1>=11); -} - -if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:clang|LLVM) version|based on LLVM) ([0-9]+)\.([0-9]+)/) { - my $ver = $2 + $3/100.0; # 3.1->3.01, 3.10->3.10 - $avx = ($ver>=3.0) + ($ver>=3.01); - $addx = ($ver>=3.03); -} - -open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"" - or die "can't call $xlate: $!"; -*STDOUT = *OUT; - -if ($avx>1) {{{ -{ # void AMS_WW( -my $rp="%rdi"; # BN_ULONG *rp, -my $ap="%rsi"; # const BN_ULONG *ap, -my $np="%rdx"; # const BN_ULONG *np, -my $n0="%ecx"; # const BN_ULONG n0, -my $rep="%r8d"; # int repeat); - -# The registers that hold the accumulated redundant result -# The AMM works on 1024 bit operands, and redundant word size is 29 -# Therefore: ceil(1024/29)/4 = 9 -my $ACC0="%ymm0"; -my $ACC1="%ymm1"; -my $ACC2="%ymm2"; -my $ACC3="%ymm3"; -my $ACC4="%ymm4"; -my $ACC5="%ymm5"; -my $ACC6="%ymm6"; -my $ACC7="%ymm7"; -my $ACC8="%ymm8"; -my $ACC9="%ymm9"; -# Registers that hold the broadcasted words of bp, currently used -my $B1="%ymm10"; -my $B2="%ymm11"; -# Registers that hold the broadcasted words of Y, currently used -my $Y1="%ymm12"; -my $Y2="%ymm13"; -# Helper registers -my $TEMP1="%ymm14"; -my $AND_MASK="%ymm15"; -# alu registers that hold the first words of the ACC -my $r0="%r9"; -my $r1="%r10"; -my $r2="%r11"; -my $r3="%r12"; - -my $i="%r14d"; # loop counter -my $tmp = "%r15"; - -my $FrameSize=32*18+32*8; # place for A^2 and 2*A - -my $aap=$r0; -my $tp0="%rbx"; -my $tp1=$r3; -my $tpa=$tmp; - -$np="%r13"; # reassigned argument - -$code.=<<___; -.text - -.globl rsaz_1024_sqr_avx2 -.type rsaz_1024_sqr_avx2,\@function,5 -.align 64 -rsaz_1024_sqr_avx2: # 702 cycles, 14% faster than rsaz_1024_mul_avx2 -.cfi_startproc - lea (%rsp), %rax -.cfi_def_cfa_register %rax - push %rbx -.cfi_push %rbx - push %rbp -.cfi_push %rbp - push %r12 -.cfi_push %r12 - push %r13 -.cfi_push %r13 - push %r14 -.cfi_push %r14 - push %r15 -.cfi_push %r15 - vzeroupper -___ -$code.=<<___ if ($win64); - lea -0xa8(%rsp),%rsp - vmovaps %xmm6,-0xd8(%rax) - vmovaps %xmm7,-0xc8(%rax) - vmovaps %xmm8,-0xb8(%rax) - vmovaps %xmm9,-0xa8(%rax) - vmovaps %xmm10,-0x98(%rax) - vmovaps %xmm11,-0x88(%rax) - vmovaps %xmm12,-0x78(%rax) - vmovaps %xmm13,-0x68(%rax) - vmovaps %xmm14,-0x58(%rax) - vmovaps %xmm15,-0x48(%rax) -.Lsqr_1024_body: -___ -$code.=<<___; - mov %rax,%rbp -.cfi_def_cfa_register %rbp - mov %rdx, $np # reassigned argument - sub \$$FrameSize, %rsp - mov $np, $tmp - sub \$-128, $rp # size optimization - sub \$-128, $ap - sub \$-128, $np - - and \$4095, $tmp # see if $np crosses page - add \$32*10, $tmp - shr \$12, $tmp - vpxor $ACC9,$ACC9,$ACC9 - jz .Lsqr_1024_no_n_copy - - # unaligned 256-bit load that crosses page boundary can - # cause >2x performance degradation here, so if $np does - # cross page boundary, copy it to stack and make sure stack - # frame doesn't... - sub \$32*10,%rsp - vmovdqu 32*0-128($np), $ACC0 - and \$-2048, %rsp - vmovdqu 32*1-128($np), $ACC1 - vmovdqu 32*2-128($np), $ACC2 - vmovdqu 32*3-128($np), $ACC3 - vmovdqu 32*4-128($np), $ACC4 - vmovdqu 32*5-128($np), $ACC5 - vmovdqu 32*6-128($np), $ACC6 - vmovdqu 32*7-128($np), $ACC7 - vmovdqu 32*8-128($np), $ACC8 - lea $FrameSize+128(%rsp),$np - vmovdqu $ACC0, 32*0-128($np) - vmovdqu $ACC1, 32*1-128($np) - vmovdqu $ACC2, 32*2-128($np) - vmovdqu $ACC3, 32*3-128($np) - vmovdqu $ACC4, 32*4-128($np) - vmovdqu $ACC5, 32*5-128($np) - vmovdqu $ACC6, 32*6-128($np) - vmovdqu $ACC7, 32*7-128($np) - vmovdqu $ACC8, 32*8-128($np) - vmovdqu $ACC9, 32*9-128($np) # $ACC9 is zero - -.Lsqr_1024_no_n_copy: - and \$-1024, %rsp - - vmovdqu 32*1-128($ap), $ACC1 - vmovdqu 32*2-128($ap), $ACC2 - vmovdqu 32*3-128($ap), $ACC3 - vmovdqu 32*4-128($ap), $ACC4 - vmovdqu 32*5-128($ap), $ACC5 - vmovdqu 32*6-128($ap), $ACC6 - vmovdqu 32*7-128($ap), $ACC7 - vmovdqu 32*8-128($ap), $ACC8 - - lea 192(%rsp), $tp0 # 64+128=192 - vmovdqu .Land_mask(%rip), $AND_MASK - jmp .LOOP_GRANDE_SQR_1024 - -.align 32 -.LOOP_GRANDE_SQR_1024: - lea 32*18+128(%rsp), $aap # size optimization - lea 448(%rsp), $tp1 # 64+128+256=448 - - # the squaring is performed as described in Variant B of - # "Speeding up Big-Number Squaring", so start by calculating - # the A*2=A+A vector - vpaddq $ACC1, $ACC1, $ACC1 - vpbroadcastq 32*0-128($ap), $B1 - vpaddq $ACC2, $ACC2, $ACC2 - vmovdqa $ACC1, 32*0-128($aap) - vpaddq $ACC3, $ACC3, $ACC3 - vmovdqa $ACC2, 32*1-128($aap) - vpaddq $ACC4, $ACC4, $ACC4 - vmovdqa $ACC3, 32*2-128($aap) - vpaddq $ACC5, $ACC5, $ACC5 - vmovdqa $ACC4, 32*3-128($aap) - vpaddq $ACC6, $ACC6, $ACC6 - vmovdqa $ACC5, 32*4-128($aap) - vpaddq $ACC7, $ACC7, $ACC7 - vmovdqa $ACC6, 32*5-128($aap) - vpaddq $ACC8, $ACC8, $ACC8 - vmovdqa $ACC7, 32*6-128($aap) - vpxor $ACC9, $ACC9, $ACC9 - vmovdqa $ACC8, 32*7-128($aap) - - vpmuludq 32*0-128($ap), $B1, $ACC0 - vpbroadcastq 32*1-128($ap), $B2 - vmovdqu $ACC9, 32*9-192($tp0) # zero upper half - vpmuludq $B1, $ACC1, $ACC1 - vmovdqu $ACC9, 32*10-448($tp1) - vpmuludq $B1, $ACC2, $ACC2 - vmovdqu $ACC9, 32*11-448($tp1) - vpmuludq $B1, $ACC3, $ACC3 - vmovdqu $ACC9, 32*12-448($tp1) - vpmuludq $B1, $ACC4, $ACC4 - vmovdqu $ACC9, 32*13-448($tp1) - vpmuludq $B1, $ACC5, $ACC5 - vmovdqu $ACC9, 32*14-448($tp1) - vpmuludq $B1, $ACC6, $ACC6 - vmovdqu $ACC9, 32*15-448($tp1) - vpmuludq $B1, $ACC7, $ACC7 - vmovdqu $ACC9, 32*16-448($tp1) - vpmuludq $B1, $ACC8, $ACC8 - vpbroadcastq 32*2-128($ap), $B1 - vmovdqu $ACC9, 32*17-448($tp1) - - mov $ap, $tpa - mov \$4, $i - jmp .Lsqr_entry_1024 -___ -$TEMP0=$Y1; -$TEMP2=$Y2; -$code.=<<___; -.align 32 -.LOOP_SQR_1024: - vpbroadcastq 32*1-128($tpa), $B2 - vpmuludq 32*0-128($ap), $B1, $ACC0 - vpaddq 32*0-192($tp0), $ACC0, $ACC0 - vpmuludq 32*0-128($aap), $B1, $ACC1 - vpaddq 32*1-192($tp0), $ACC1, $ACC1 - vpmuludq 32*1-128($aap), $B1, $ACC2 - vpaddq 32*2-192($tp0), $ACC2, $ACC2 - vpmuludq 32*2-128($aap), $B1, $ACC3 - vpaddq 32*3-192($tp0), $ACC3, $ACC3 - vpmuludq 32*3-128($aap), $B1, $ACC4 - vpaddq 32*4-192($tp0), $ACC4, $ACC4 - vpmuludq 32*4-128($aap), $B1, $ACC5 - vpaddq 32*5-192($tp0), $ACC5, $ACC5 - vpmuludq 32*5-128($aap), $B1, $ACC6 - vpaddq 32*6-192($tp0), $ACC6, $ACC6 - vpmuludq 32*6-128($aap), $B1, $ACC7 - vpaddq 32*7-192($tp0), $ACC7, $ACC7 - vpmuludq 32*7-128($aap), $B1, $ACC8 - vpbroadcastq 32*2-128($tpa), $B1 - vpaddq 32*8-192($tp0), $ACC8, $ACC8 -.Lsqr_entry_1024: - vmovdqu $ACC0, 32*0-192($tp0) - vmovdqu $ACC1, 32*1-192($tp0) - - vpmuludq 32*1-128($ap), $B2, $TEMP0 - vpaddq $TEMP0, $ACC2, $ACC2 - vpmuludq 32*1-128($aap), $B2, $TEMP1 - vpaddq $TEMP1, $ACC3, $ACC3 - vpmuludq 32*2-128($aap), $B2, $TEMP2 - vpaddq $TEMP2, $ACC4, $ACC4 - vpmuludq 32*3-128($aap), $B2, $TEMP0 - vpaddq $TEMP0, $ACC5, $ACC5 - vpmuludq 32*4-128($aap), $B2, $TEMP1 - vpaddq $TEMP1, $ACC6, $ACC6 - vpmuludq 32*5-128($aap), $B2, $TEMP2 - vpaddq $TEMP2, $ACC7, $ACC7 - vpmuludq 32*6-128($aap), $B2, $TEMP0 - vpaddq $TEMP0, $ACC8, $ACC8 - vpmuludq 32*7-128($aap), $B2, $ACC0 - vpbroadcastq 32*3-128($tpa), $B2 - vpaddq 32*9-192($tp0), $ACC0, $ACC0 - - vmovdqu $ACC2, 32*2-192($tp0) - vmovdqu $ACC3, 32*3-192($tp0) - - vpmuludq 32*2-128($ap), $B1, $TEMP2 - vpaddq $TEMP2, $ACC4, $ACC4 - vpmuludq 32*2-128($aap), $B1, $TEMP0 - vpaddq $TEMP0, $ACC5, $ACC5 - vpmuludq 32*3-128($aap), $B1, $TEMP1 - vpaddq $TEMP1, $ACC6, $ACC6 - vpmuludq 32*4-128($aap), $B1, $TEMP2 - vpaddq $TEMP2, $ACC7, $ACC7 - vpmuludq 32*5-128($aap), $B1, $TEMP0 - vpaddq $TEMP0, $ACC8, $ACC8 - vpmuludq 32*6-128($aap), $B1, $TEMP1 - vpaddq $TEMP1, $ACC0, $ACC0 - vpmuludq 32*7-128($aap), $B1, $ACC1 - vpbroadcastq 32*4-128($tpa), $B1 - vpaddq 32*10-448($tp1), $ACC1, $ACC1 - - vmovdqu $ACC4, 32*4-192($tp0) - vmovdqu $ACC5, 32*5-192($tp0) - - vpmuludq 32*3-128($ap), $B2, $TEMP0 - vpaddq $TEMP0, $ACC6, $ACC6 - vpmuludq 32*3-128($aap), $B2, $TEMP1 - vpaddq $TEMP1, $ACC7, $ACC7 - vpmuludq 32*4-128($aap), $B2, $TEMP2 - vpaddq $TEMP2, $ACC8, $ACC8 - vpmuludq 32*5-128($aap), $B2, $TEMP0 - vpaddq $TEMP0, $ACC0, $ACC0 - vpmuludq 32*6-128($aap), $B2, $TEMP1 - vpaddq $TEMP1, $ACC1, $ACC1 - vpmuludq 32*7-128($aap), $B2, $ACC2 - vpbroadcastq 32*5-128($tpa), $B2 - vpaddq 32*11-448($tp1), $ACC2, $ACC2 - - vmovdqu $ACC6, 32*6-192($tp0) - vmovdqu $ACC7, 32*7-192($tp0) - - vpmuludq 32*4-128($ap), $B1, $TEMP0 - vpaddq $TEMP0, $ACC8, $ACC8 - vpmuludq 32*4-128($aap), $B1, $TEMP1 - vpaddq $TEMP1, $ACC0, $ACC0 - vpmuludq 32*5-128($aap), $B1, $TEMP2 - vpaddq $TEMP2, $ACC1, $ACC1 - vpmuludq 32*6-128($aap), $B1, $TEMP0 - vpaddq $TEMP0, $ACC2, $ACC2 - vpmuludq 32*7-128($aap), $B1, $ACC3 - vpbroadcastq 32*6-128($tpa), $B1 - vpaddq 32*12-448($tp1), $ACC3, $ACC3 - - vmovdqu $ACC8, 32*8-192($tp0) - vmovdqu $ACC0, 32*9-192($tp0) - lea 8($tp0), $tp0 - - vpmuludq 32*5-128($ap), $B2, $TEMP2 - vpaddq $TEMP2, $ACC1, $ACC1 - vpmuludq 32*5-128($aap), $B2, $TEMP0 - vpaddq $TEMP0, $ACC2, $ACC2 - vpmuludq 32*6-128($aap), $B2, $TEMP1 - vpaddq $TEMP1, $ACC3, $ACC3 - vpmuludq 32*7-128($aap), $B2, $ACC4 - vpbroadcastq 32*7-128($tpa), $B2 - vpaddq 32*13-448($tp1), $ACC4, $ACC4 - - vmovdqu $ACC1, 32*10-448($tp1) - vmovdqu $ACC2, 32*11-448($tp1) - - vpmuludq 32*6-128($ap), $B1, $TEMP0 - vpaddq $TEMP0, $ACC3, $ACC3 - vpmuludq 32*6-128($aap), $B1, $TEMP1 - vpbroadcastq 32*8-128($tpa), $ACC0 # borrow $ACC0 for $B1 - vpaddq $TEMP1, $ACC4, $ACC4 - vpmuludq 32*7-128($aap), $B1, $ACC5 - vpbroadcastq 32*0+8-128($tpa), $B1 # for next iteration - vpaddq 32*14-448($tp1), $ACC5, $ACC5 - - vmovdqu $ACC3, 32*12-448($tp1) - vmovdqu $ACC4, 32*13-448($tp1) - lea 8($tpa), $tpa - - vpmuludq 32*7-128($ap), $B2, $TEMP0 - vpaddq $TEMP0, $ACC5, $ACC5 - vpmuludq 32*7-128($aap), $B2, $ACC6 - vpaddq 32*15-448($tp1), $ACC6, $ACC6 - - vpmuludq 32*8-128($ap), $ACC0, $ACC7 - vmovdqu $ACC5, 32*14-448($tp1) - vpaddq 32*16-448($tp1), $ACC7, $ACC7 - vmovdqu $ACC6, 32*15-448($tp1) - vmovdqu $ACC7, 32*16-448($tp1) - lea 8($tp1), $tp1 - - dec $i - jnz .LOOP_SQR_1024 -___ -$ZERO = $ACC9; -$TEMP0 = $B1; -$TEMP2 = $B2; -$TEMP3 = $Y1; -$TEMP4 = $Y2; -$code.=<<___; - # we need to fix indices 32-39 to avoid overflow - vmovdqu 32*8(%rsp), $ACC8 # 32*8-192($tp0), - vmovdqu 32*9(%rsp), $ACC1 # 32*9-192($tp0) - vmovdqu 32*10(%rsp), $ACC2 # 32*10-192($tp0) - lea 192(%rsp), $tp0 # 64+128=192 - - vpsrlq \$29, $ACC8, $TEMP1 - vpand $AND_MASK, $ACC8, $ACC8 - vpsrlq \$29, $ACC1, $TEMP2 - vpand $AND_MASK, $ACC1, $ACC1 - - vpermq \$0x93, $TEMP1, $TEMP1 - vpxor $ZERO, $ZERO, $ZERO - vpermq \$0x93, $TEMP2, $TEMP2 - - vpblendd \$3, $ZERO, $TEMP1, $TEMP0 - vpblendd \$3, $TEMP1, $TEMP2, $TEMP1 - vpaddq $TEMP0, $ACC8, $ACC8 - vpblendd \$3, $TEMP2, $ZERO, $TEMP2 - vpaddq $TEMP1, $ACC1, $ACC1 - vpaddq $TEMP2, $ACC2, $ACC2 - vmovdqu $ACC1, 32*9-192($tp0) - vmovdqu $ACC2, 32*10-192($tp0) - - mov (%rsp), %rax - mov 8(%rsp), $r1 - mov 16(%rsp), $r2 - mov 24(%rsp), $r3 - vmovdqu 32*1(%rsp), $ACC1 - vmovdqu 32*2-192($tp0), $ACC2 - vmovdqu 32*3-192($tp0), $ACC3 - vmovdqu 32*4-192($tp0), $ACC4 - vmovdqu 32*5-192($tp0), $ACC5 - vmovdqu 32*6-192($tp0), $ACC6 - vmovdqu 32*7-192($tp0), $ACC7 - - mov %rax, $r0 - imull $n0, %eax - and \$0x1fffffff, %eax - vmovd %eax, $Y1 - - mov %rax, %rdx - imulq -128($np), %rax - vpbroadcastq $Y1, $Y1 - add %rax, $r0 - mov %rdx, %rax - imulq 8-128($np), %rax - shr \$29, $r0 - add %rax, $r1 - mov %rdx, %rax - imulq 16-128($np), %rax - add $r0, $r1 - add %rax, $r2 - imulq 24-128($np), %rdx - add %rdx, $r3 - - mov $r1, %rax - imull $n0, %eax - and \$0x1fffffff, %eax - - mov \$9, $i - jmp .LOOP_REDUCE_1024 - -.align 32 -.LOOP_REDUCE_1024: - vmovd %eax, $Y2 - vpbroadcastq $Y2, $Y2 - - vpmuludq 32*1-128($np), $Y1, $TEMP0 - mov %rax, %rdx - imulq -128($np), %rax - vpaddq $TEMP0, $ACC1, $ACC1 - add %rax, $r1 - vpmuludq 32*2-128($np), $Y1, $TEMP1 - mov %rdx, %rax - imulq 8-128($np), %rax - vpaddq $TEMP1, $ACC2, $ACC2 - vpmuludq 32*3-128($np), $Y1, $TEMP2 - .byte 0x67 - add %rax, $r2 - .byte 0x67 - mov %rdx, %rax - imulq 16-128($np), %rax - shr \$29, $r1 - vpaddq $TEMP2, $ACC3, $ACC3 - vpmuludq 32*4-128($np), $Y1, $TEMP0 - add %rax, $r3 - add $r1, $r2 - vpaddq $TEMP0, $ACC4, $ACC4 - vpmuludq 32*5-128($np), $Y1, $TEMP1 - mov $r2, %rax - imull $n0, %eax - vpaddq $TEMP1, $ACC5, $ACC5 - vpmuludq 32*6-128($np), $Y1, $TEMP2 - and \$0x1fffffff, %eax - vpaddq $TEMP2, $ACC6, $ACC6 - vpmuludq 32*7-128($np), $Y1, $TEMP0 - vpaddq $TEMP0, $ACC7, $ACC7 - vpmuludq 32*8-128($np), $Y1, $TEMP1 - vmovd %eax, $Y1 - #vmovdqu 32*1-8-128($np), $TEMP2 # moved below - vpaddq $TEMP1, $ACC8, $ACC8 - #vmovdqu 32*2-8-128($np), $TEMP0 # moved below - vpbroadcastq $Y1, $Y1 - - vpmuludq 32*1-8-128($np), $Y2, $TEMP2 # see above - vmovdqu 32*3-8-128($np), $TEMP1 - mov %rax, %rdx - imulq -128($np), %rax - vpaddq $TEMP2, $ACC1, $ACC1 - vpmuludq 32*2-8-128($np), $Y2, $TEMP0 # see above - vmovdqu 32*4-8-128($np), $TEMP2 - add %rax, $r2 - mov %rdx, %rax - imulq 8-128($np), %rax - vpaddq $TEMP0, $ACC2, $ACC2 - add $r3, %rax - shr \$29, $r2 - vpmuludq $Y2, $TEMP1, $TEMP1 - vmovdqu 32*5-8-128($np), $TEMP0 - add $r2, %rax - vpaddq $TEMP1, $ACC3, $ACC3 - vpmuludq $Y2, $TEMP2, $TEMP2 - vmovdqu 32*6-8-128($np), $TEMP1 - .byte 0x67 - mov %rax, $r3 - imull $n0, %eax - vpaddq $TEMP2, $ACC4, $ACC4 - vpmuludq $Y2, $TEMP0, $TEMP0 - .byte 0xc4,0x41,0x7e,0x6f,0x9d,0x58,0x00,0x00,0x00 # vmovdqu 32*7-8-128($np), $TEMP2 - and \$0x1fffffff, %eax - vpaddq $TEMP0, $ACC5, $ACC5 - vpmuludq $Y2, $TEMP1, $TEMP1 - vmovdqu 32*8-8-128($np), $TEMP0 - vpaddq $TEMP1, $ACC6, $ACC6 - vpmuludq $Y2, $TEMP2, $TEMP2 - vmovdqu 32*9-8-128($np), $ACC9 - vmovd %eax, $ACC0 # borrow ACC0 for Y2 - imulq -128($np), %rax - vpaddq $TEMP2, $ACC7, $ACC7 - vpmuludq $Y2, $TEMP0, $TEMP0 - vmovdqu 32*1-16-128($np), $TEMP1 - vpbroadcastq $ACC0, $ACC0 - vpaddq $TEMP0, $ACC8, $ACC8 - vpmuludq $Y2, $ACC9, $ACC9 - vmovdqu 32*2-16-128($np), $TEMP2 - add %rax, $r3 - -___ -($ACC0,$Y2)=($Y2,$ACC0); -$code.=<<___; - vmovdqu 32*1-24-128($np), $ACC0 - vpmuludq $Y1, $TEMP1, $TEMP1 - vmovdqu 32*3-16-128($np), $TEMP0 - vpaddq $TEMP1, $ACC1, $ACC1 - vpmuludq $Y2, $ACC0, $ACC0 - vpmuludq $Y1, $TEMP2, $TEMP2 - .byte 0xc4,0x41,0x7e,0x6f,0xb5,0xf0,0xff,0xff,0xff # vmovdqu 32*4-16-128($np), $TEMP1 - vpaddq $ACC1, $ACC0, $ACC0 - vpaddq $TEMP2, $ACC2, $ACC2 - vpmuludq $Y1, $TEMP0, $TEMP0 - vmovdqu 32*5-16-128($np), $TEMP2 - .byte 0x67 - vmovq $ACC0, %rax - vmovdqu $ACC0, (%rsp) # transfer $r0-$r3 - vpaddq $TEMP0, $ACC3, $ACC3 - vpmuludq $Y1, $TEMP1, $TEMP1 - vmovdqu 32*6-16-128($np), $TEMP0 - vpaddq $TEMP1, $ACC4, $ACC4 - vpmuludq $Y1, $TEMP2, $TEMP2 - vmovdqu 32*7-16-128($np), $TEMP1 - vpaddq $TEMP2, $ACC5, $ACC5 - vpmuludq $Y1, $TEMP0, $TEMP0 - vmovdqu 32*8-16-128($np), $TEMP2 - vpaddq $TEMP0, $ACC6, $ACC6 - vpmuludq $Y1, $TEMP1, $TEMP1 - shr \$29, $r3 - vmovdqu 32*9-16-128($np), $TEMP0 - add $r3, %rax - vpaddq $TEMP1, $ACC7, $ACC7 - vpmuludq $Y1, $TEMP2, $TEMP2 - #vmovdqu 32*2-24-128($np), $TEMP1 # moved below - mov %rax, $r0 - imull $n0, %eax - vpaddq $TEMP2, $ACC8, $ACC8 - vpmuludq $Y1, $TEMP0, $TEMP0 - and \$0x1fffffff, %eax - vmovd %eax, $Y1 - vmovdqu 32*3-24-128($np), $TEMP2 - .byte 0x67 - vpaddq $TEMP0, $ACC9, $ACC9 - vpbroadcastq $Y1, $Y1 - - vpmuludq 32*2-24-128($np), $Y2, $TEMP1 # see above - vmovdqu 32*4-24-128($np), $TEMP0 - mov %rax, %rdx - imulq -128($np), %rax - mov 8(%rsp), $r1 - vpaddq $TEMP1, $ACC2, $ACC1 - vpmuludq $Y2, $TEMP2, $TEMP2 - vmovdqu 32*5-24-128($np), $TEMP1 - add %rax, $r0 - mov %rdx, %rax - imulq 8-128($np), %rax - .byte 0x67 - shr \$29, $r0 - mov 16(%rsp), $r2 - vpaddq $TEMP2, $ACC3, $ACC2 - vpmuludq $Y2, $TEMP0, $TEMP0 - vmovdqu 32*6-24-128($np), $TEMP2 - add %rax, $r1 - mov %rdx, %rax - imulq 16-128($np), %rax - vpaddq $TEMP0, $ACC4, $ACC3 - vpmuludq $Y2, $TEMP1, $TEMP1 - vmovdqu 32*7-24-128($np), $TEMP0 - imulq 24-128($np), %rdx # future $r3 - add %rax, $r2 - lea ($r0,$r1), %rax - vpaddq $TEMP1, $ACC5, $ACC4 - vpmuludq $Y2, $TEMP2, $TEMP2 - vmovdqu 32*8-24-128($np), $TEMP1 - mov %rax, $r1 - imull $n0, %eax - vpmuludq $Y2, $TEMP0, $TEMP0 - vpaddq $TEMP2, $ACC6, $ACC5 - vmovdqu 32*9-24-128($np), $TEMP2 - and \$0x1fffffff, %eax - vpaddq $TEMP0, $ACC7, $ACC6 - vpmuludq $Y2, $TEMP1, $TEMP1 - add 24(%rsp), %rdx - vpaddq $TEMP1, $ACC8, $ACC7 - vpmuludq $Y2, $TEMP2, $TEMP2 - vpaddq $TEMP2, $ACC9, $ACC8 - vmovq $r3, $ACC9 - mov %rdx, $r3 - - dec $i - jnz .LOOP_REDUCE_1024 -___ -($ACC0,$Y2)=($Y2,$ACC0); -$code.=<<___; - lea 448(%rsp), $tp1 # size optimization - vpaddq $ACC9, $Y2, $ACC0 - vpxor $ZERO, $ZERO, $ZERO - - vpaddq 32*9-192($tp0), $ACC0, $ACC0 - vpaddq 32*10-448($tp1), $ACC1, $ACC1 - vpaddq 32*11-448($tp1), $ACC2, $ACC2 - vpaddq 32*12-448($tp1), $ACC3, $ACC3 - vpaddq 32*13-448($tp1), $ACC4, $ACC4 - vpaddq 32*14-448($tp1), $ACC5, $ACC5 - vpaddq 32*15-448($tp1), $ACC6, $ACC6 - vpaddq 32*16-448($tp1), $ACC7, $ACC7 - vpaddq 32*17-448($tp1), $ACC8, $ACC8 - - vpsrlq \$29, $ACC0, $TEMP1 - vpand $AND_MASK, $ACC0, $ACC0 - vpsrlq \$29, $ACC1, $TEMP2 - vpand $AND_MASK, $ACC1, $ACC1 - vpsrlq \$29, $ACC2, $TEMP3 - vpermq \$0x93, $TEMP1, $TEMP1 - vpand $AND_MASK, $ACC2, $ACC2 - vpsrlq \$29, $ACC3, $TEMP4 - vpermq \$0x93, $TEMP2, $TEMP2 - vpand $AND_MASK, $ACC3, $ACC3 - vpermq \$0x93, $TEMP3, $TEMP3 - - vpblendd \$3, $ZERO, $TEMP1, $TEMP0 - vpermq \$0x93, $TEMP4, $TEMP4 - vpblendd \$3, $TEMP1, $TEMP2, $TEMP1 - vpaddq $TEMP0, $ACC0, $ACC0 - vpblendd \$3, $TEMP2, $TEMP3, $TEMP2 - vpaddq $TEMP1, $ACC1, $ACC1 - vpblendd \$3, $TEMP3, $TEMP4, $TEMP3 - vpaddq $TEMP2, $ACC2, $ACC2 - vpblendd \$3, $TEMP4, $ZERO, $TEMP4 - vpaddq $TEMP3, $ACC3, $ACC3 - vpaddq $TEMP4, $ACC4, $ACC4 - - vpsrlq \$29, $ACC0, $TEMP1 - vpand $AND_MASK, $ACC0, $ACC0 - vpsrlq \$29, $ACC1, $TEMP2 - vpand $AND_MASK, $ACC1, $ACC1 - vpsrlq \$29, $ACC2, $TEMP3 - vpermq \$0x93, $TEMP1, $TEMP1 - vpand $AND_MASK, $ACC2, $ACC2 - vpsrlq \$29, $ACC3, $TEMP4 - vpermq \$0x93, $TEMP2, $TEMP2 - vpand $AND_MASK, $ACC3, $ACC3 - vpermq \$0x93, $TEMP3, $TEMP3 - - vpblendd \$3, $ZERO, $TEMP1, $TEMP0 - vpermq \$0x93, $TEMP4, $TEMP4 - vpblendd \$3, $TEMP1, $TEMP2, $TEMP1 - vpaddq $TEMP0, $ACC0, $ACC0 - vpblendd \$3, $TEMP2, $TEMP3, $TEMP2 - vpaddq $TEMP1, $ACC1, $ACC1 - vmovdqu $ACC0, 32*0-128($rp) - vpblendd \$3, $TEMP3, $TEMP4, $TEMP3 - vpaddq $TEMP2, $ACC2, $ACC2 - vmovdqu $ACC1, 32*1-128($rp) - vpblendd \$3, $TEMP4, $ZERO, $TEMP4 - vpaddq $TEMP3, $ACC3, $ACC3 - vmovdqu $ACC2, 32*2-128($rp) - vpaddq $TEMP4, $ACC4, $ACC4 - vmovdqu $ACC3, 32*3-128($rp) -___ -$TEMP5=$ACC0; -$code.=<<___; - vpsrlq \$29, $ACC4, $TEMP1 - vpand $AND_MASK, $ACC4, $ACC4 - vpsrlq \$29, $ACC5, $TEMP2 - vpand $AND_MASK, $ACC5, $ACC5 - vpsrlq \$29, $ACC6, $TEMP3 - vpermq \$0x93, $TEMP1, $TEMP1 - vpand $AND_MASK, $ACC6, $ACC6 - vpsrlq \$29, $ACC7, $TEMP4 - vpermq \$0x93, $TEMP2, $TEMP2 - vpand $AND_MASK, $ACC7, $ACC7 - vpsrlq \$29, $ACC8, $TEMP5 - vpermq \$0x93, $TEMP3, $TEMP3 - vpand $AND_MASK, $ACC8, $ACC8 - vpermq \$0x93, $TEMP4, $TEMP4 - - vpblendd \$3, $ZERO, $TEMP1, $TEMP0 - vpermq \$0x93, $TEMP5, $TEMP5 - vpblendd \$3, $TEMP1, $TEMP2, $TEMP1 - vpaddq $TEMP0, $ACC4, $ACC4 - vpblendd \$3, $TEMP2, $TEMP3, $TEMP2 - vpaddq $TEMP1, $ACC5, $ACC5 - vpblendd \$3, $TEMP3, $TEMP4, $TEMP3 - vpaddq $TEMP2, $ACC6, $ACC6 - vpblendd \$3, $TEMP4, $TEMP5, $TEMP4 - vpaddq $TEMP3, $ACC7, $ACC7 - vpaddq $TEMP4, $ACC8, $ACC8 - - vpsrlq \$29, $ACC4, $TEMP1 - vpand $AND_MASK, $ACC4, $ACC4 - vpsrlq \$29, $ACC5, $TEMP2 - vpand $AND_MASK, $ACC5, $ACC5 - vpsrlq \$29, $ACC6, $TEMP3 - vpermq \$0x93, $TEMP1, $TEMP1 - vpand $AND_MASK, $ACC6, $ACC6 - vpsrlq \$29, $ACC7, $TEMP4 - vpermq \$0x93, $TEMP2, $TEMP2 - vpand $AND_MASK, $ACC7, $ACC7 - vpsrlq \$29, $ACC8, $TEMP5 - vpermq \$0x93, $TEMP3, $TEMP3 - vpand $AND_MASK, $ACC8, $ACC8 - vpermq \$0x93, $TEMP4, $TEMP4 - - vpblendd \$3, $ZERO, $TEMP1, $TEMP0 - vpermq \$0x93, $TEMP5, $TEMP5 - vpblendd \$3, $TEMP1, $TEMP2, $TEMP1 - vpaddq $TEMP0, $ACC4, $ACC4 - vpblendd \$3, $TEMP2, $TEMP3, $TEMP2 - vpaddq $TEMP1, $ACC5, $ACC5 - vmovdqu $ACC4, 32*4-128($rp) - vpblendd \$3, $TEMP3, $TEMP4, $TEMP3 - vpaddq $TEMP2, $ACC6, $ACC6 - vmovdqu $ACC5, 32*5-128($rp) - vpblendd \$3, $TEMP4, $TEMP5, $TEMP4 - vpaddq $TEMP3, $ACC7, $ACC7 - vmovdqu $ACC6, 32*6-128($rp) - vpaddq $TEMP4, $ACC8, $ACC8 - vmovdqu $ACC7, 32*7-128($rp) - vmovdqu $ACC8, 32*8-128($rp) - - mov $rp, $ap - dec $rep - jne .LOOP_GRANDE_SQR_1024 - - vzeroall - mov %rbp, %rax -.cfi_def_cfa_register %rax -___ -$code.=<<___ if ($win64); -.Lsqr_1024_in_tail: - movaps -0xd8(%rax),%xmm6 - movaps -0xc8(%rax),%xmm7 - movaps -0xb8(%rax),%xmm8 - movaps -0xa8(%rax),%xmm9 - movaps -0x98(%rax),%xmm10 - movaps -0x88(%rax),%xmm11 - movaps -0x78(%rax),%xmm12 - movaps -0x68(%rax),%xmm13 - movaps -0x58(%rax),%xmm14 - movaps -0x48(%rax),%xmm15 -___ -$code.=<<___; - mov -48(%rax),%r15 -.cfi_restore %r15 - mov -40(%rax),%r14 -.cfi_restore %r14 - mov -32(%rax),%r13 -.cfi_restore %r13 - mov -24(%rax),%r12 -.cfi_restore %r12 - mov -16(%rax),%rbp -.cfi_restore %rbp - mov -8(%rax),%rbx -.cfi_restore %rbx - lea (%rax),%rsp # restore %rsp -.cfi_def_cfa_register %rsp -.Lsqr_1024_epilogue: - ret -.cfi_endproc -.size rsaz_1024_sqr_avx2,.-rsaz_1024_sqr_avx2 -___ -} - -{ # void AMM_WW( -my $rp="%rdi"; # BN_ULONG *rp, -my $ap="%rsi"; # const BN_ULONG *ap, -my $bp="%rdx"; # const BN_ULONG *bp, -my $np="%rcx"; # const BN_ULONG *np, -my $n0="%r8d"; # unsigned int n0); - -# The registers that hold the accumulated redundant result -# The AMM works on 1024 bit operands, and redundant word size is 29 -# Therefore: ceil(1024/29)/4 = 9 -my $ACC0="%ymm0"; -my $ACC1="%ymm1"; -my $ACC2="%ymm2"; -my $ACC3="%ymm3"; -my $ACC4="%ymm4"; -my $ACC5="%ymm5"; -my $ACC6="%ymm6"; -my $ACC7="%ymm7"; -my $ACC8="%ymm8"; -my $ACC9="%ymm9"; - -# Registers that hold the broadcasted words of multiplier, currently used -my $Bi="%ymm10"; -my $Yi="%ymm11"; - -# Helper registers -my $TEMP0=$ACC0; -my $TEMP1="%ymm12"; -my $TEMP2="%ymm13"; -my $ZERO="%ymm14"; -my $AND_MASK="%ymm15"; - -# alu registers that hold the first words of the ACC -my $r0="%r9"; -my $r1="%r10"; -my $r2="%r11"; -my $r3="%r12"; - -my $i="%r14d"; -my $tmp="%r15"; - -$bp="%r13"; # reassigned argument - -$code.=<<___; -.globl rsaz_1024_mul_avx2 -.type rsaz_1024_mul_avx2,\@function,5 -.align 64 -rsaz_1024_mul_avx2: -.cfi_startproc - lea (%rsp), %rax -.cfi_def_cfa_register %rax - push %rbx -.cfi_push %rbx - push %rbp -.cfi_push %rbp - push %r12 -.cfi_push %r12 - push %r13 -.cfi_push %r13 - push %r14 -.cfi_push %r14 - push %r15 -.cfi_push %r15 -___ -$code.=<<___ if ($win64); - vzeroupper - lea -0xa8(%rsp),%rsp - vmovaps %xmm6,-0xd8(%rax) - vmovaps %xmm7,-0xc8(%rax) - vmovaps %xmm8,-0xb8(%rax) - vmovaps %xmm9,-0xa8(%rax) - vmovaps %xmm10,-0x98(%rax) - vmovaps %xmm11,-0x88(%rax) - vmovaps %xmm12,-0x78(%rax) - vmovaps %xmm13,-0x68(%rax) - vmovaps %xmm14,-0x58(%rax) - vmovaps %xmm15,-0x48(%rax) -.Lmul_1024_body: -___ -$code.=<<___; - mov %rax,%rbp -.cfi_def_cfa_register %rbp - vzeroall - mov %rdx, $bp # reassigned argument - sub \$64,%rsp - - # unaligned 256-bit load that crosses page boundary can - # cause severe performance degradation here, so if $ap does - # cross page boundary, swap it with $bp [meaning that caller - # is advised to lay down $ap and $bp next to each other, so - # that only one can cross page boundary]. - .byte 0x67,0x67 - mov $ap, $tmp - and \$4095, $tmp - add \$32*10, $tmp - shr \$12, $tmp - mov $ap, $tmp - cmovnz $bp, $ap - cmovnz $tmp, $bp - - mov $np, $tmp - sub \$-128,$ap # size optimization - sub \$-128,$np - sub \$-128,$rp - - and \$4095, $tmp # see if $np crosses page - add \$32*10, $tmp - .byte 0x67,0x67 - shr \$12, $tmp - jz .Lmul_1024_no_n_copy - - # unaligned 256-bit load that crosses page boundary can - # cause severe performance degradation here, so if $np does - # cross page boundary, copy it to stack and make sure stack - # frame doesn't... - sub \$32*10,%rsp - vmovdqu 32*0-128($np), $ACC0 - and \$-512, %rsp - vmovdqu 32*1-128($np), $ACC1 - vmovdqu 32*2-128($np), $ACC2 - vmovdqu 32*3-128($np), $ACC3 - vmovdqu 32*4-128($np), $ACC4 - vmovdqu 32*5-128($np), $ACC5 - vmovdqu 32*6-128($np), $ACC6 - vmovdqu 32*7-128($np), $ACC7 - vmovdqu 32*8-128($np), $ACC8 - lea 64+128(%rsp),$np - vmovdqu $ACC0, 32*0-128($np) - vpxor $ACC0, $ACC0, $ACC0 - vmovdqu $ACC1, 32*1-128($np) - vpxor $ACC1, $ACC1, $ACC1 - vmovdqu $ACC2, 32*2-128($np) - vpxor $ACC2, $ACC2, $ACC2 - vmovdqu $ACC3, 32*3-128($np) - vpxor $ACC3, $ACC3, $ACC3 - vmovdqu $ACC4, 32*4-128($np) - vpxor $ACC4, $ACC4, $ACC4 - vmovdqu $ACC5, 32*5-128($np) - vpxor $ACC5, $ACC5, $ACC5 - vmovdqu $ACC6, 32*6-128($np) - vpxor $ACC6, $ACC6, $ACC6 - vmovdqu $ACC7, 32*7-128($np) - vpxor $ACC7, $ACC7, $ACC7 - vmovdqu $ACC8, 32*8-128($np) - vmovdqa $ACC0, $ACC8 - vmovdqu $ACC9, 32*9-128($np) # $ACC9 is zero after vzeroall -.Lmul_1024_no_n_copy: - and \$-64,%rsp - - mov ($bp), %rbx - vpbroadcastq ($bp), $Bi - vmovdqu $ACC0, (%rsp) # clear top of stack - xor $r0, $r0 - .byte 0x67 - xor $r1, $r1 - xor $r2, $r2 - xor $r3, $r3 - - vmovdqu .Land_mask(%rip), $AND_MASK - mov \$9, $i - vmovdqu $ACC9, 32*9-128($rp) # $ACC9 is zero after vzeroall - jmp .Loop_mul_1024 - -.align 32 -.Loop_mul_1024: - vpsrlq \$29, $ACC3, $ACC9 # correct $ACC3(*) - mov %rbx, %rax - imulq -128($ap), %rax - add $r0, %rax - mov %rbx, $r1 - imulq 8-128($ap), $r1 - add 8(%rsp), $r1 - - mov %rax, $r0 - imull $n0, %eax - and \$0x1fffffff, %eax - - mov %rbx, $r2 - imulq 16-128($ap), $r2 - add 16(%rsp), $r2 - - mov %rbx, $r3 - imulq 24-128($ap), $r3 - add 24(%rsp), $r3 - vpmuludq 32*1-128($ap),$Bi,$TEMP0 - vmovd %eax, $Yi - vpaddq $TEMP0,$ACC1,$ACC1 - vpmuludq 32*2-128($ap),$Bi,$TEMP1 - vpbroadcastq $Yi, $Yi - vpaddq $TEMP1,$ACC2,$ACC2 - vpmuludq 32*3-128($ap),$Bi,$TEMP2 - vpand $AND_MASK, $ACC3, $ACC3 # correct $ACC3 - vpaddq $TEMP2,$ACC3,$ACC3 - vpmuludq 32*4-128($ap),$Bi,$TEMP0 - vpaddq $TEMP0,$ACC4,$ACC4 - vpmuludq 32*5-128($ap),$Bi,$TEMP1 - vpaddq $TEMP1,$ACC5,$ACC5 - vpmuludq 32*6-128($ap),$Bi,$TEMP2 - vpaddq $TEMP2,$ACC6,$ACC6 - vpmuludq 32*7-128($ap),$Bi,$TEMP0 - vpermq \$0x93, $ACC9, $ACC9 # correct $ACC3 - vpaddq $TEMP0,$ACC7,$ACC7 - vpmuludq 32*8-128($ap),$Bi,$TEMP1 - vpbroadcastq 8($bp), $Bi - vpaddq $TEMP1,$ACC8,$ACC8 - - mov %rax,%rdx - imulq -128($np),%rax - add %rax,$r0 - mov %rdx,%rax - imulq 8-128($np),%rax - add %rax,$r1 - mov %rdx,%rax - imulq 16-128($np),%rax - add %rax,$r2 - shr \$29, $r0 - imulq 24-128($np),%rdx - add %rdx,$r3 - add $r0, $r1 - - vpmuludq 32*1-128($np),$Yi,$TEMP2 - vmovq $Bi, %rbx - vpaddq $TEMP2,$ACC1,$ACC1 - vpmuludq 32*2-128($np),$Yi,$TEMP0 - vpaddq $TEMP0,$ACC2,$ACC2 - vpmuludq 32*3-128($np),$Yi,$TEMP1 - vpaddq $TEMP1,$ACC3,$ACC3 - vpmuludq 32*4-128($np),$Yi,$TEMP2 - vpaddq $TEMP2,$ACC4,$ACC4 - vpmuludq 32*5-128($np),$Yi,$TEMP0 - vpaddq $TEMP0,$ACC5,$ACC5 - vpmuludq 32*6-128($np),$Yi,$TEMP1 - vpaddq $TEMP1,$ACC6,$ACC6 - vpmuludq 32*7-128($np),$Yi,$TEMP2 - vpblendd \$3, $ZERO, $ACC9, $TEMP1 # correct $ACC3 - vpaddq $TEMP2,$ACC7,$ACC7 - vpmuludq 32*8-128($np),$Yi,$TEMP0 - vpaddq $TEMP1, $ACC3, $ACC3 # correct $ACC3 - vpaddq $TEMP0,$ACC8,$ACC8 - - mov %rbx, %rax - imulq -128($ap),%rax - add %rax,$r1 - vmovdqu -8+32*1-128($ap),$TEMP1 - mov %rbx, %rax - imulq 8-128($ap),%rax - add %rax,$r2 - vmovdqu -8+32*2-128($ap),$TEMP2 - - mov $r1, %rax - vpblendd \$0xfc, $ZERO, $ACC9, $ACC9 # correct $ACC3 - imull $n0, %eax - vpaddq $ACC9,$ACC4,$ACC4 # correct $ACC3 - and \$0x1fffffff, %eax - - imulq 16-128($ap),%rbx - add %rbx,$r3 - vpmuludq $Bi,$TEMP1,$TEMP1 - vmovd %eax, $Yi - vmovdqu -8+32*3-128($ap),$TEMP0 - vpaddq $TEMP1,$ACC1,$ACC1 - vpmuludq $Bi,$TEMP2,$TEMP2 - vpbroadcastq $Yi, $Yi - vmovdqu -8+32*4-128($ap),$TEMP1 - vpaddq $TEMP2,$ACC2,$ACC2 - vpmuludq $Bi,$TEMP0,$TEMP0 - vmovdqu -8+32*5-128($ap),$TEMP2 - vpaddq $TEMP0,$ACC3,$ACC3 - vpmuludq $Bi,$TEMP1,$TEMP1 - vmovdqu -8+32*6-128($ap),$TEMP0 - vpaddq $TEMP1,$ACC4,$ACC4 - vpmuludq $Bi,$TEMP2,$TEMP2 - vmovdqu -8+32*7-128($ap),$TEMP1 - vpaddq $TEMP2,$ACC5,$ACC5 - vpmuludq $Bi,$TEMP0,$TEMP0 - vmovdqu -8+32*8-128($ap),$TEMP2 - vpaddq $TEMP0,$ACC6,$ACC6 - vpmuludq $Bi,$TEMP1,$TEMP1 - vmovdqu -8+32*9-128($ap),$ACC9 - vpaddq $TEMP1,$ACC7,$ACC7 - vpmuludq $Bi,$TEMP2,$TEMP2 - vpaddq $TEMP2,$ACC8,$ACC8 - vpmuludq $Bi,$ACC9,$ACC9 - vpbroadcastq 16($bp), $Bi - - mov %rax,%rdx - imulq -128($np),%rax - add %rax,$r1 - vmovdqu -8+32*1-128($np),$TEMP0 - mov %rdx,%rax - imulq 8-128($np),%rax - add %rax,$r2 - vmovdqu -8+32*2-128($np),$TEMP1 - shr \$29, $r1 - imulq 16-128($np),%rdx - add %rdx,$r3 - add $r1, $r2 - - vpmuludq $Yi,$TEMP0,$TEMP0 - vmovq $Bi, %rbx - vmovdqu -8+32*3-128($np),$TEMP2 - vpaddq $TEMP0,$ACC1,$ACC1 - vpmuludq $Yi,$TEMP1,$TEMP1 - vmovdqu -8+32*4-128($np),$TEMP0 - vpaddq $TEMP1,$ACC2,$ACC2 - vpmuludq $Yi,$TEMP2,$TEMP2 - vmovdqu -8+32*5-128($np),$TEMP1 - vpaddq $TEMP2,$ACC3,$ACC3 - vpmuludq $Yi,$TEMP0,$TEMP0 - vmovdqu -8+32*6-128($np),$TEMP2 - vpaddq $TEMP0,$ACC4,$ACC4 - vpmuludq $Yi,$TEMP1,$TEMP1 - vmovdqu -8+32*7-128($np),$TEMP0 - vpaddq $TEMP1,$ACC5,$ACC5 - vpmuludq $Yi,$TEMP2,$TEMP2 - vmovdqu -8+32*8-128($np),$TEMP1 - vpaddq $TEMP2,$ACC6,$ACC6 - vpmuludq $Yi,$TEMP0,$TEMP0 - vmovdqu -8+32*9-128($np),$TEMP2 - vpaddq $TEMP0,$ACC7,$ACC7 - vpmuludq $Yi,$TEMP1,$TEMP1 - vpaddq $TEMP1,$ACC8,$ACC8 - vpmuludq $Yi,$TEMP2,$TEMP2 - vpaddq $TEMP2,$ACC9,$ACC9 - - vmovdqu -16+32*1-128($ap),$TEMP0 - mov %rbx,%rax - imulq -128($ap),%rax - add $r2,%rax - - vmovdqu -16+32*2-128($ap),$TEMP1 - mov %rax,$r2 - imull $n0, %eax - and \$0x1fffffff, %eax - - imulq 8-128($ap),%rbx - add %rbx,$r3 - vpmuludq $Bi,$TEMP0,$TEMP0 - vmovd %eax, $Yi - vmovdqu -16+32*3-128($ap),$TEMP2 - vpaddq $TEMP0,$ACC1,$ACC1 - vpmuludq $Bi,$TEMP1,$TEMP1 - vpbroadcastq $Yi, $Yi - vmovdqu -16+32*4-128($ap),$TEMP0 - vpaddq $TEMP1,$ACC2,$ACC2 - vpmuludq $Bi,$TEMP2,$TEMP2 - vmovdqu -16+32*5-128($ap),$TEMP1 - vpaddq $TEMP2,$ACC3,$ACC3 - vpmuludq $Bi,$TEMP0,$TEMP0 - vmovdqu -16+32*6-128($ap),$TEMP2 - vpaddq $TEMP0,$ACC4,$ACC4 - vpmuludq $Bi,$TEMP1,$TEMP1 - vmovdqu -16+32*7-128($ap),$TEMP0 - vpaddq $TEMP1,$ACC5,$ACC5 - vpmuludq $Bi,$TEMP2,$TEMP2 - vmovdqu -16+32*8-128($ap),$TEMP1 - vpaddq $TEMP2,$ACC6,$ACC6 - vpmuludq $Bi,$TEMP0,$TEMP0 - vmovdqu -16+32*9-128($ap),$TEMP2 - vpaddq $TEMP0,$ACC7,$ACC7 - vpmuludq $Bi,$TEMP1,$TEMP1 - vpaddq $TEMP1,$ACC8,$ACC8 - vpmuludq $Bi,$TEMP2,$TEMP2 - vpbroadcastq 24($bp), $Bi - vpaddq $TEMP2,$ACC9,$ACC9 - - vmovdqu -16+32*1-128($np),$TEMP0 - mov %rax,%rdx - imulq -128($np),%rax - add %rax,$r2 - vmovdqu -16+32*2-128($np),$TEMP1 - imulq 8-128($np),%rdx - add %rdx,$r3 - shr \$29, $r2 - - vpmuludq $Yi,$TEMP0,$TEMP0 - vmovq $Bi, %rbx - vmovdqu -16+32*3-128($np),$TEMP2 - vpaddq $TEMP0,$ACC1,$ACC1 - vpmuludq $Yi,$TEMP1,$TEMP1 - vmovdqu -16+32*4-128($np),$TEMP0 - vpaddq $TEMP1,$ACC2,$ACC2 - vpmuludq $Yi,$TEMP2,$TEMP2 - vmovdqu -16+32*5-128($np),$TEMP1 - vpaddq $TEMP2,$ACC3,$ACC3 - vpmuludq $Yi,$TEMP0,$TEMP0 - vmovdqu -16+32*6-128($np),$TEMP2 - vpaddq $TEMP0,$ACC4,$ACC4 - vpmuludq $Yi,$TEMP1,$TEMP1 - vmovdqu -16+32*7-128($np),$TEMP0 - vpaddq $TEMP1,$ACC5,$ACC5 - vpmuludq $Yi,$TEMP2,$TEMP2 - vmovdqu -16+32*8-128($np),$TEMP1 - vpaddq $TEMP2,$ACC6,$ACC6 - vpmuludq $Yi,$TEMP0,$TEMP0 - vmovdqu -16+32*9-128($np),$TEMP2 - vpaddq $TEMP0,$ACC7,$ACC7 - vpmuludq $Yi,$TEMP1,$TEMP1 - vmovdqu -24+32*1-128($ap),$TEMP0 - vpaddq $TEMP1,$ACC8,$ACC8 - vpmuludq $Yi,$TEMP2,$TEMP2 - vmovdqu -24+32*2-128($ap),$TEMP1 - vpaddq $TEMP2,$ACC9,$ACC9 - - add $r2, $r3 - imulq -128($ap),%rbx - add %rbx,$r3 - - mov $r3, %rax - imull $n0, %eax - and \$0x1fffffff, %eax - - vpmuludq $Bi,$TEMP0,$TEMP0 - vmovd %eax, $Yi - vmovdqu -24+32*3-128($ap),$TEMP2 - vpaddq $TEMP0,$ACC1,$ACC1 - vpmuludq $Bi,$TEMP1,$TEMP1 - vpbroadcastq $Yi, $Yi - vmovdqu -24+32*4-128($ap),$TEMP0 - vpaddq $TEMP1,$ACC2,$ACC2 - vpmuludq $Bi,$TEMP2,$TEMP2 - vmovdqu -24+32*5-128($ap),$TEMP1 - vpaddq $TEMP2,$ACC3,$ACC3 - vpmuludq $Bi,$TEMP0,$TEMP0 - vmovdqu -24+32*6-128($ap),$TEMP2 - vpaddq $TEMP0,$ACC4,$ACC4 - vpmuludq $Bi,$TEMP1,$TEMP1 - vmovdqu -24+32*7-128($ap),$TEMP0 - vpaddq $TEMP1,$ACC5,$ACC5 - vpmuludq $Bi,$TEMP2,$TEMP2 - vmovdqu -24+32*8-128($ap),$TEMP1 - vpaddq $TEMP2,$ACC6,$ACC6 - vpmuludq $Bi,$TEMP0,$TEMP0 - vmovdqu -24+32*9-128($ap),$TEMP2 - vpaddq $TEMP0,$ACC7,$ACC7 - vpmuludq $Bi,$TEMP1,$TEMP1 - vpaddq $TEMP1,$ACC8,$ACC8 - vpmuludq $Bi,$TEMP2,$TEMP2 - vpbroadcastq 32($bp), $Bi - vpaddq $TEMP2,$ACC9,$ACC9 - add \$32, $bp # $bp++ - - vmovdqu -24+32*1-128($np),$TEMP0 - imulq -128($np),%rax - add %rax,$r3 - shr \$29, $r3 - - vmovdqu -24+32*2-128($np),$TEMP1 - vpmuludq $Yi,$TEMP0,$TEMP0 - vmovq $Bi, %rbx - vmovdqu -24+32*3-128($np),$TEMP2 - vpaddq $TEMP0,$ACC1,$ACC0 # $ACC0==$TEMP0 - vpmuludq $Yi,$TEMP1,$TEMP1 - vmovdqu $ACC0, (%rsp) # transfer $r0-$r3 - vpaddq $TEMP1,$ACC2,$ACC1 - vmovdqu -24+32*4-128($np),$TEMP0 - vpmuludq $Yi,$TEMP2,$TEMP2 - vmovdqu -24+32*5-128($np),$TEMP1 - vpaddq $TEMP2,$ACC3,$ACC2 - vpmuludq $Yi,$TEMP0,$TEMP0 - vmovdqu -24+32*6-128($np),$TEMP2 - vpaddq $TEMP0,$ACC4,$ACC3 - vpmuludq $Yi,$TEMP1,$TEMP1 - vmovdqu -24+32*7-128($np),$TEMP0 - vpaddq $TEMP1,$ACC5,$ACC4 - vpmuludq $Yi,$TEMP2,$TEMP2 - vmovdqu -24+32*8-128($np),$TEMP1 - vpaddq $TEMP2,$ACC6,$ACC5 - vpmuludq $Yi,$TEMP0,$TEMP0 - vmovdqu -24+32*9-128($np),$TEMP2 - mov $r3, $r0 - vpaddq $TEMP0,$ACC7,$ACC6 - vpmuludq $Yi,$TEMP1,$TEMP1 - add (%rsp), $r0 - vpaddq $TEMP1,$ACC8,$ACC7 - vpmuludq $Yi,$TEMP2,$TEMP2 - vmovq $r3, $TEMP1 - vpaddq $TEMP2,$ACC9,$ACC8 - - dec $i - jnz .Loop_mul_1024 -___ - -# (*) Original implementation was correcting ACC1-ACC3 for overflow -# after 7 loop runs, or after 28 iterations, or 56 additions. -# But as we underutilize resources, it's possible to correct in -# each iteration with marginal performance loss. But then, as -# we do it in each iteration, we can correct less digits, and -# avoid performance penalties completely. - -$TEMP0 = $ACC9; -$TEMP3 = $Bi; -$TEMP4 = $Yi; -$code.=<<___; - vpaddq (%rsp), $TEMP1, $ACC0 - - vpsrlq \$29, $ACC0, $TEMP1 - vpand $AND_MASK, $ACC0, $ACC0 - vpsrlq \$29, $ACC1, $TEMP2 - vpand $AND_MASK, $ACC1, $ACC1 - vpsrlq \$29, $ACC2, $TEMP3 - vpermq \$0x93, $TEMP1, $TEMP1 - vpand $AND_MASK, $ACC2, $ACC2 - vpsrlq \$29, $ACC3, $TEMP4 - vpermq \$0x93, $TEMP2, $TEMP2 - vpand $AND_MASK, $ACC3, $ACC3 - - vpblendd \$3, $ZERO, $TEMP1, $TEMP0 - vpermq \$0x93, $TEMP3, $TEMP3 - vpblendd \$3, $TEMP1, $TEMP2, $TEMP1 - vpermq \$0x93, $TEMP4, $TEMP4 - vpaddq $TEMP0, $ACC0, $ACC0 - vpblendd \$3, $TEMP2, $TEMP3, $TEMP2 - vpaddq $TEMP1, $ACC1, $ACC1 - vpblendd \$3, $TEMP3, $TEMP4, $TEMP3 - vpaddq $TEMP2, $ACC2, $ACC2 - vpblendd \$3, $TEMP4, $ZERO, $TEMP4 - vpaddq $TEMP3, $ACC3, $ACC3 - vpaddq $TEMP4, $ACC4, $ACC4 - - vpsrlq \$29, $ACC0, $TEMP1 - vpand $AND_MASK, $ACC0, $ACC0 - vpsrlq \$29, $ACC1, $TEMP2 - vpand $AND_MASK, $ACC1, $ACC1 - vpsrlq \$29, $ACC2, $TEMP3 - vpermq \$0x93, $TEMP1, $TEMP1 - vpand $AND_MASK, $ACC2, $ACC2 - vpsrlq \$29, $ACC3, $TEMP4 - vpermq \$0x93, $TEMP2, $TEMP2 - vpand $AND_MASK, $ACC3, $ACC3 - vpermq \$0x93, $TEMP3, $TEMP3 - - vpblendd \$3, $ZERO, $TEMP1, $TEMP0 - vpermq \$0x93, $TEMP4, $TEMP4 - vpblendd \$3, $TEMP1, $TEMP2, $TEMP1 - vpaddq $TEMP0, $ACC0, $ACC0 - vpblendd \$3, $TEMP2, $TEMP3, $TEMP2 - vpaddq $TEMP1, $ACC1, $ACC1 - vpblendd \$3, $TEMP3, $TEMP4, $TEMP3 - vpaddq $TEMP2, $ACC2, $ACC2 - vpblendd \$3, $TEMP4, $ZERO, $TEMP4 - vpaddq $TEMP3, $ACC3, $ACC3 - vpaddq $TEMP4, $ACC4, $ACC4 - - vmovdqu $ACC0, 0-128($rp) - vmovdqu $ACC1, 32-128($rp) - vmovdqu $ACC2, 64-128($rp) - vmovdqu $ACC3, 96-128($rp) -___ - -$TEMP5=$ACC0; -$code.=<<___; - vpsrlq \$29, $ACC4, $TEMP1 - vpand $AND_MASK, $ACC4, $ACC4 - vpsrlq \$29, $ACC5, $TEMP2 - vpand $AND_MASK, $ACC5, $ACC5 - vpsrlq \$29, $ACC6, $TEMP3 - vpermq \$0x93, $TEMP1, $TEMP1 - vpand $AND_MASK, $ACC6, $ACC6 - vpsrlq \$29, $ACC7, $TEMP4 - vpermq \$0x93, $TEMP2, $TEMP2 - vpand $AND_MASK, $ACC7, $ACC7 - vpsrlq \$29, $ACC8, $TEMP5 - vpermq \$0x93, $TEMP3, $TEMP3 - vpand $AND_MASK, $ACC8, $ACC8 - vpermq \$0x93, $TEMP4, $TEMP4 - - vpblendd \$3, $ZERO, $TEMP1, $TEMP0 - vpermq \$0x93, $TEMP5, $TEMP5 - vpblendd \$3, $TEMP1, $TEMP2, $TEMP1 - vpaddq $TEMP0, $ACC4, $ACC4 - vpblendd \$3, $TEMP2, $TEMP3, $TEMP2 - vpaddq $TEMP1, $ACC5, $ACC5 - vpblendd \$3, $TEMP3, $TEMP4, $TEMP3 - vpaddq $TEMP2, $ACC6, $ACC6 - vpblendd \$3, $TEMP4, $TEMP5, $TEMP4 - vpaddq $TEMP3, $ACC7, $ACC7 - vpaddq $TEMP4, $ACC8, $ACC8 - - vpsrlq \$29, $ACC4, $TEMP1 - vpand $AND_MASK, $ACC4, $ACC4 - vpsrlq \$29, $ACC5, $TEMP2 - vpand $AND_MASK, $ACC5, $ACC5 - vpsrlq \$29, $ACC6, $TEMP3 - vpermq \$0x93, $TEMP1, $TEMP1 - vpand $AND_MASK, $ACC6, $ACC6 - vpsrlq \$29, $ACC7, $TEMP4 - vpermq \$0x93, $TEMP2, $TEMP2 - vpand $AND_MASK, $ACC7, $ACC7 - vpsrlq \$29, $ACC8, $TEMP5 - vpermq \$0x93, $TEMP3, $TEMP3 - vpand $AND_MASK, $ACC8, $ACC8 - vpermq \$0x93, $TEMP4, $TEMP4 - - vpblendd \$3, $ZERO, $TEMP1, $TEMP0 - vpermq \$0x93, $TEMP5, $TEMP5 - vpblendd \$3, $TEMP1, $TEMP2, $TEMP1 - vpaddq $TEMP0, $ACC4, $ACC4 - vpblendd \$3, $TEMP2, $TEMP3, $TEMP2 - vpaddq $TEMP1, $ACC5, $ACC5 - vpblendd \$3, $TEMP3, $TEMP4, $TEMP3 - vpaddq $TEMP2, $ACC6, $ACC6 - vpblendd \$3, $TEMP4, $TEMP5, $TEMP4 - vpaddq $TEMP3, $ACC7, $ACC7 - vpaddq $TEMP4, $ACC8, $ACC8 - - vmovdqu $ACC4, 128-128($rp) - vmovdqu $ACC5, 160-128($rp) - vmovdqu $ACC6, 192-128($rp) - vmovdqu $ACC7, 224-128($rp) - vmovdqu $ACC8, 256-128($rp) - vzeroupper - - mov %rbp, %rax -.cfi_def_cfa_register %rax -___ -$code.=<<___ if ($win64); -.Lmul_1024_in_tail: - movaps -0xd8(%rax),%xmm6 - movaps -0xc8(%rax),%xmm7 - movaps -0xb8(%rax),%xmm8 - movaps -0xa8(%rax),%xmm9 - movaps -0x98(%rax),%xmm10 - movaps -0x88(%rax),%xmm11 - movaps -0x78(%rax),%xmm12 - movaps -0x68(%rax),%xmm13 - movaps -0x58(%rax),%xmm14 - movaps -0x48(%rax),%xmm15 -___ -$code.=<<___; - mov -48(%rax),%r15 -.cfi_restore %r15 - mov -40(%rax),%r14 -.cfi_restore %r14 - mov -32(%rax),%r13 -.cfi_restore %r13 - mov -24(%rax),%r12 -.cfi_restore %r12 - mov -16(%rax),%rbp -.cfi_restore %rbp - mov -8(%rax),%rbx -.cfi_restore %rbx - lea (%rax),%rsp # restore %rsp -.cfi_def_cfa_register %rsp -.Lmul_1024_epilogue: - ret -.cfi_endproc -.size rsaz_1024_mul_avx2,.-rsaz_1024_mul_avx2 -___ -} -{ -my ($out,$inp) = $win64 ? ("%rcx","%rdx") : ("%rdi","%rsi"); -my @T = map("%r$_",(8..11)); - -$code.=<<___; -.globl rsaz_1024_red2norm_avx2 -.type rsaz_1024_red2norm_avx2,\@abi-omnipotent -.align 32 -rsaz_1024_red2norm_avx2: -.cfi_startproc - sub \$-128,$inp # size optimization - xor %rax,%rax -___ - -for ($j=0,$i=0; $i<16; $i++) { - my $k=0; - while (29*$j<64*($i+1)) { # load data till boundary - $code.=" mov `8*$j-128`($inp), @T[0]\n"; - $j++; $k++; push(@T,shift(@T)); - } - $l=$k; - while ($k>1) { # shift loaded data but last value - $code.=" shl \$`29*($j-$k)`,@T[-$k]\n"; - $k--; - } - $code.=<<___; # shift last value - mov @T[-1], @T[0] - shl \$`29*($j-1)`, @T[-1] - shr \$`-29*($j-1)`, @T[0] -___ - while ($l) { # accumulate all values - $code.=" add @T[-$l], %rax\n"; - $l--; - } - $code.=<<___; - adc \$0, @T[0] # consume eventual carry - mov %rax, 8*$i($out) - mov @T[0], %rax -___ - push(@T,shift(@T)); -} -$code.=<<___; - ret -.cfi_endproc -.size rsaz_1024_red2norm_avx2,.-rsaz_1024_red2norm_avx2 - -.globl rsaz_1024_norm2red_avx2 -.type rsaz_1024_norm2red_avx2,\@abi-omnipotent -.align 32 -rsaz_1024_norm2red_avx2: -.cfi_startproc - sub \$-128,$out # size optimization - mov ($inp),@T[0] - mov \$0x1fffffff,%eax -___ -for ($j=0,$i=0; $i<16; $i++) { - $code.=" mov `8*($i+1)`($inp),@T[1]\n" if ($i<15); - $code.=" xor @T[1],@T[1]\n" if ($i==15); - my $k=1; - while (29*($j+1)<64*($i+1)) { - $code.=<<___; - mov @T[0],@T[-$k] - shr \$`29*$j`,@T[-$k] - and %rax,@T[-$k] # &0x1fffffff - mov @T[-$k],`8*$j-128`($out) -___ - $j++; $k++; - } - $code.=<<___; - shrd \$`29*$j`,@T[1],@T[0] - and %rax,@T[0] - mov @T[0],`8*$j-128`($out) -___ - $j++; - push(@T,shift(@T)); -} -$code.=<<___; - mov @T[0],`8*$j-128`($out) # zero - mov @T[0],`8*($j+1)-128`($out) - mov @T[0],`8*($j+2)-128`($out) - mov @T[0],`8*($j+3)-128`($out) - ret -.cfi_endproc -.size rsaz_1024_norm2red_avx2,.-rsaz_1024_norm2red_avx2 -___ -} -{ -my ($out,$inp,$power) = $win64 ? ("%rcx","%rdx","%r8d") : ("%rdi","%rsi","%edx"); - -$code.=<<___; -.globl rsaz_1024_scatter5_avx2 -.type rsaz_1024_scatter5_avx2,\@abi-omnipotent -.align 32 -rsaz_1024_scatter5_avx2: -.cfi_startproc - vzeroupper - vmovdqu .Lscatter_permd(%rip),%ymm5 - shl \$4,$power - lea ($out,$power),$out - mov \$9,%eax - jmp .Loop_scatter_1024 - -.align 32 -.Loop_scatter_1024: - vmovdqu ($inp),%ymm0 - lea 32($inp),$inp - vpermd %ymm0,%ymm5,%ymm0 - vmovdqu %xmm0,($out) - lea 16*32($out),$out - dec %eax - jnz .Loop_scatter_1024 - - vzeroupper - ret -.cfi_endproc -.size rsaz_1024_scatter5_avx2,.-rsaz_1024_scatter5_avx2 - -.globl rsaz_1024_gather5_avx2 -.type rsaz_1024_gather5_avx2,\@abi-omnipotent -.align 32 -rsaz_1024_gather5_avx2: -.cfi_startproc - vzeroupper - mov %rsp,%r11 -.cfi_def_cfa_register %r11 -___ -$code.=<<___ if ($win64); - lea -0x88(%rsp),%rax -.LSEH_begin_rsaz_1024_gather5: - # I can't trust assembler to use specific encoding:-( - .byte 0x48,0x8d,0x60,0xe0 # lea -0x20(%rax),%rsp - .byte 0xc5,0xf8,0x29,0x70,0xe0 # vmovaps %xmm6,-0x20(%rax) - .byte 0xc5,0xf8,0x29,0x78,0xf0 # vmovaps %xmm7,-0x10(%rax) - .byte 0xc5,0x78,0x29,0x40,0x00 # vmovaps %xmm8,0(%rax) - .byte 0xc5,0x78,0x29,0x48,0x10 # vmovaps %xmm9,0x10(%rax) - .byte 0xc5,0x78,0x29,0x50,0x20 # vmovaps %xmm10,0x20(%rax) - .byte 0xc5,0x78,0x29,0x58,0x30 # vmovaps %xmm11,0x30(%rax) - .byte 0xc5,0x78,0x29,0x60,0x40 # vmovaps %xmm12,0x40(%rax) - .byte 0xc5,0x78,0x29,0x68,0x50 # vmovaps %xmm13,0x50(%rax) - .byte 0xc5,0x78,0x29,0x70,0x60 # vmovaps %xmm14,0x60(%rax) - .byte 0xc5,0x78,0x29,0x78,0x70 # vmovaps %xmm15,0x70(%rax) -___ -$code.=<<___; - lea -0x100(%rsp),%rsp - and \$-32, %rsp - lea .Linc(%rip), %r10 - lea -128(%rsp),%rax # control u-op density - - vmovd $power, %xmm4 - vmovdqa (%r10),%ymm0 - vmovdqa 32(%r10),%ymm1 - vmovdqa 64(%r10),%ymm5 - vpbroadcastd %xmm4,%ymm4 - - vpaddd %ymm5, %ymm0, %ymm2 - vpcmpeqd %ymm4, %ymm0, %ymm0 - vpaddd %ymm5, %ymm1, %ymm3 - vpcmpeqd %ymm4, %ymm1, %ymm1 - vmovdqa %ymm0, 32*0+128(%rax) - vpaddd %ymm5, %ymm2, %ymm0 - vpcmpeqd %ymm4, %ymm2, %ymm2 - vmovdqa %ymm1, 32*1+128(%rax) - vpaddd %ymm5, %ymm3, %ymm1 - vpcmpeqd %ymm4, %ymm3, %ymm3 - vmovdqa %ymm2, 32*2+128(%rax) - vpaddd %ymm5, %ymm0, %ymm2 - vpcmpeqd %ymm4, %ymm0, %ymm0 - vmovdqa %ymm3, 32*3+128(%rax) - vpaddd %ymm5, %ymm1, %ymm3 - vpcmpeqd %ymm4, %ymm1, %ymm1 - vmovdqa %ymm0, 32*4+128(%rax) - vpaddd %ymm5, %ymm2, %ymm8 - vpcmpeqd %ymm4, %ymm2, %ymm2 - vmovdqa %ymm1, 32*5+128(%rax) - vpaddd %ymm5, %ymm3, %ymm9 - vpcmpeqd %ymm4, %ymm3, %ymm3 - vmovdqa %ymm2, 32*6+128(%rax) - vpaddd %ymm5, %ymm8, %ymm10 - vpcmpeqd %ymm4, %ymm8, %ymm8 - vmovdqa %ymm3, 32*7+128(%rax) - vpaddd %ymm5, %ymm9, %ymm11 - vpcmpeqd %ymm4, %ymm9, %ymm9 - vpaddd %ymm5, %ymm10, %ymm12 - vpcmpeqd %ymm4, %ymm10, %ymm10 - vpaddd %ymm5, %ymm11, %ymm13 - vpcmpeqd %ymm4, %ymm11, %ymm11 - vpaddd %ymm5, %ymm12, %ymm14 - vpcmpeqd %ymm4, %ymm12, %ymm12 - vpaddd %ymm5, %ymm13, %ymm15 - vpcmpeqd %ymm4, %ymm13, %ymm13 - vpcmpeqd %ymm4, %ymm14, %ymm14 - vpcmpeqd %ymm4, %ymm15, %ymm15 - - vmovdqa -32(%r10),%ymm7 # .Lgather_permd - lea 128($inp), $inp - mov \$9,$power - -.Loop_gather_1024: - vmovdqa 32*0-128($inp), %ymm0 - vmovdqa 32*1-128($inp), %ymm1 - vmovdqa 32*2-128($inp), %ymm2 - vmovdqa 32*3-128($inp), %ymm3 - vpand 32*0+128(%rax), %ymm0, %ymm0 - vpand 32*1+128(%rax), %ymm1, %ymm1 - vpand 32*2+128(%rax), %ymm2, %ymm2 - vpor %ymm0, %ymm1, %ymm4 - vpand 32*3+128(%rax), %ymm3, %ymm3 - vmovdqa 32*4-128($inp), %ymm0 - vmovdqa 32*5-128($inp), %ymm1 - vpor %ymm2, %ymm3, %ymm5 - vmovdqa 32*6-128($inp), %ymm2 - vmovdqa 32*7-128($inp), %ymm3 - vpand 32*4+128(%rax), %ymm0, %ymm0 - vpand 32*5+128(%rax), %ymm1, %ymm1 - vpand 32*6+128(%rax), %ymm2, %ymm2 - vpor %ymm0, %ymm4, %ymm4 - vpand 32*7+128(%rax), %ymm3, %ymm3 - vpand 32*8-128($inp), %ymm8, %ymm0 - vpor %ymm1, %ymm5, %ymm5 - vpand 32*9-128($inp), %ymm9, %ymm1 - vpor %ymm2, %ymm4, %ymm4 - vpand 32*10-128($inp),%ymm10, %ymm2 - vpor %ymm3, %ymm5, %ymm5 - vpand 32*11-128($inp),%ymm11, %ymm3 - vpor %ymm0, %ymm4, %ymm4 - vpand 32*12-128($inp),%ymm12, %ymm0 - vpor %ymm1, %ymm5, %ymm5 - vpand 32*13-128($inp),%ymm13, %ymm1 - vpor %ymm2, %ymm4, %ymm4 - vpand 32*14-128($inp),%ymm14, %ymm2 - vpor %ymm3, %ymm5, %ymm5 - vpand 32*15-128($inp),%ymm15, %ymm3 - lea 32*16($inp), $inp - vpor %ymm0, %ymm4, %ymm4 - vpor %ymm1, %ymm5, %ymm5 - vpor %ymm2, %ymm4, %ymm4 - vpor %ymm3, %ymm5, %ymm5 - - vpor %ymm5, %ymm4, %ymm4 - vextracti128 \$1, %ymm4, %xmm5 # upper half is cleared - vpor %xmm4, %xmm5, %xmm5 - vpermd %ymm5,%ymm7,%ymm5 - vmovdqu %ymm5,($out) - lea 32($out),$out - dec $power - jnz .Loop_gather_1024 - - vpxor %ymm0,%ymm0,%ymm0 - vmovdqu %ymm0,($out) - vzeroupper -___ -$code.=<<___ if ($win64); - movaps -0xa8(%r11),%xmm6 - movaps -0x98(%r11),%xmm7 - movaps -0x88(%r11),%xmm8 - movaps -0x78(%r11),%xmm9 - movaps -0x68(%r11),%xmm10 - movaps -0x58(%r11),%xmm11 - movaps -0x48(%r11),%xmm12 - movaps -0x38(%r11),%xmm13 - movaps -0x28(%r11),%xmm14 - movaps -0x18(%r11),%xmm15 -___ -$code.=<<___; - lea (%r11),%rsp -.cfi_def_cfa_register %rsp - ret -.cfi_endproc -.LSEH_end_rsaz_1024_gather5: -.size rsaz_1024_gather5_avx2,.-rsaz_1024_gather5_avx2 -___ -} - -$code.=<<___; -.extern OPENSSL_ia32cap_P -.globl rsaz_avx2_eligible -.type rsaz_avx2_eligible,\@abi-omnipotent -.align 32 -rsaz_avx2_eligible: - mov OPENSSL_ia32cap_P+8(%rip),%eax -___ -$code.=<<___ if ($addx); - mov \$`1<<8|1<<19`,%ecx - mov \$0,%edx - and %eax,%ecx - cmp \$`1<<8|1<<19`,%ecx # check for BMI2+AD*X - cmove %edx,%eax -___ -$code.=<<___; - and \$`1<<5`,%eax - shr \$5,%eax - ret -.size rsaz_avx2_eligible,.-rsaz_avx2_eligible - -.align 64 -.Land_mask: - .quad 0x1fffffff,0x1fffffff,0x1fffffff,0x1fffffff -.Lscatter_permd: - .long 0,2,4,6,7,7,7,7 -.Lgather_permd: - .long 0,7,1,7,2,7,3,7 -.Linc: - .long 0,0,0,0, 1,1,1,1 - .long 2,2,2,2, 3,3,3,3 - .long 4,4,4,4, 4,4,4,4 -.align 64 -___ - -if ($win64) { -$rec="%rcx"; -$frame="%rdx"; -$context="%r8"; -$disp="%r9"; - -$code.=<<___ -.extern __imp_RtlVirtualUnwind -.type rsaz_se_handler,\@abi-omnipotent -.align 16 -rsaz_se_handler: - push %rsi - push %rdi - push %rbx - push %rbp - push %r12 - push %r13 - push %r14 - push %r15 - pushfq - sub \$64,%rsp - - mov 120($context),%rax # pull context->Rax - mov 248($context),%rbx # pull context->Rip - - mov 8($disp),%rsi # disp->ImageBase - mov 56($disp),%r11 # disp->HandlerData - - mov 0(%r11),%r10d # HandlerData[0] - lea (%rsi,%r10),%r10 # prologue label - cmp %r10,%rbx # context->RipRip>=epilogue label - jae .Lcommon_seh_tail - - mov 160($context),%rbp # pull context->Rbp - - mov 8(%r11),%r10d # HandlerData[2] - lea (%rsi,%r10),%r10 # "in tail" label - cmp %r10,%rbx # context->Rip>="in tail" label - cmovc %rbp,%rax - - mov -48(%rax),%r15 - mov -40(%rax),%r14 - mov -32(%rax),%r13 - mov -24(%rax),%r12 - mov -16(%rax),%rbp - mov -8(%rax),%rbx - mov %r15,240($context) - mov %r14,232($context) - mov %r13,224($context) - mov %r12,216($context) - mov %rbp,160($context) - mov %rbx,144($context) - - lea -0xd8(%rax),%rsi # %xmm save area - lea 512($context),%rdi # & context.Xmm6 - mov \$20,%ecx # 10*sizeof(%xmm0)/sizeof(%rax) - .long 0xa548f3fc # cld; rep movsq - -.Lcommon_seh_tail: - mov 8(%rax),%rdi - mov 16(%rax),%rsi - mov %rax,152($context) # restore context->Rsp - mov %rsi,168($context) # restore context->Rsi - mov %rdi,176($context) # restore context->Rdi - - mov 40($disp),%rdi # disp->ContextRecord - mov $context,%rsi # context - mov \$154,%ecx # sizeof(CONTEXT) - .long 0xa548f3fc # cld; rep movsq - - mov $disp,%rsi - xor %rcx,%rcx # arg1, UNW_FLAG_NHANDLER - mov 8(%rsi),%rdx # arg2, disp->ImageBase - mov 0(%rsi),%r8 # arg3, disp->ControlPc - mov 16(%rsi),%r9 # arg4, disp->FunctionEntry - mov 40(%rsi),%r10 # disp->ContextRecord - lea 56(%rsi),%r11 # &disp->HandlerData - lea 24(%rsi),%r12 # &disp->EstablisherFrame - mov %r10,32(%rsp) # arg5 - mov %r11,40(%rsp) # arg6 - mov %r12,48(%rsp) # arg7 - mov %rcx,56(%rsp) # arg8, (NULL) - call *__imp_RtlVirtualUnwind(%rip) - - mov \$1,%eax # ExceptionContinueSearch - add \$64,%rsp - popfq - pop %r15 - pop %r14 - pop %r13 - pop %r12 - pop %rbp - pop %rbx - pop %rdi - pop %rsi - ret -.size rsaz_se_handler,.-rsaz_se_handler - -.section .pdata -.align 4 - .rva .LSEH_begin_rsaz_1024_sqr_avx2 - .rva .LSEH_end_rsaz_1024_sqr_avx2 - .rva .LSEH_info_rsaz_1024_sqr_avx2 - - .rva .LSEH_begin_rsaz_1024_mul_avx2 - .rva .LSEH_end_rsaz_1024_mul_avx2 - .rva .LSEH_info_rsaz_1024_mul_avx2 - - .rva .LSEH_begin_rsaz_1024_gather5 - .rva .LSEH_end_rsaz_1024_gather5 - .rva .LSEH_info_rsaz_1024_gather5 -.section .xdata -.align 8 -.LSEH_info_rsaz_1024_sqr_avx2: - .byte 9,0,0,0 - .rva rsaz_se_handler - .rva .Lsqr_1024_body,.Lsqr_1024_epilogue,.Lsqr_1024_in_tail - .long 0 -.LSEH_info_rsaz_1024_mul_avx2: - .byte 9,0,0,0 - .rva rsaz_se_handler - .rva .Lmul_1024_body,.Lmul_1024_epilogue,.Lmul_1024_in_tail - .long 0 -.LSEH_info_rsaz_1024_gather5: - .byte 0x01,0x36,0x17,0x0b - .byte 0x36,0xf8,0x09,0x00 # vmovaps 0x90(rsp),xmm15 - .byte 0x31,0xe8,0x08,0x00 # vmovaps 0x80(rsp),xmm14 - .byte 0x2c,0xd8,0x07,0x00 # vmovaps 0x70(rsp),xmm13 - .byte 0x27,0xc8,0x06,0x00 # vmovaps 0x60(rsp),xmm12 - .byte 0x22,0xb8,0x05,0x00 # vmovaps 0x50(rsp),xmm11 - .byte 0x1d,0xa8,0x04,0x00 # vmovaps 0x40(rsp),xmm10 - .byte 0x18,0x98,0x03,0x00 # vmovaps 0x30(rsp),xmm9 - .byte 0x13,0x88,0x02,0x00 # vmovaps 0x20(rsp),xmm8 - .byte 0x0e,0x78,0x01,0x00 # vmovaps 0x10(rsp),xmm7 - .byte 0x09,0x68,0x00,0x00 # vmovaps 0x00(rsp),xmm6 - .byte 0x04,0x01,0x15,0x00 # sub rsp,0xa8 - .byte 0x00,0xb3,0x00,0x00 # set_frame r11 -___ -} - -foreach (split("\n",$code)) { - s/\`([^\`]*)\`/eval($1)/ge; - - s/\b(sh[rl]d?\s+\$)(-?[0-9]+)/$1.$2%64/ge or - - s/\b(vmov[dq])\b(.+)%ymm([0-9]+)/$1$2%xmm$3/go or - s/\b(vmovdqu)\b(.+)%x%ymm([0-9]+)/$1$2%xmm$3/go or - s/\b(vpinsr[qd])\b(.+)%ymm([0-9]+)/$1$2%xmm$3/go or - s/\b(vpextr[qd])\b(.+)%ymm([0-9]+)/$1$2%xmm$3/go or - s/\b(vpbroadcast[qd]\s+)%ymm([0-9]+)/$1%xmm$2/go; - print $_,"\n"; -} - -}}} else {{{ -print <<___; # assembler is too old -.text - -.globl rsaz_avx2_eligible -.type rsaz_avx2_eligible,\@abi-omnipotent -rsaz_avx2_eligible: - xor %eax,%eax - ret -.size rsaz_avx2_eligible,.-rsaz_avx2_eligible - -.globl rsaz_1024_sqr_avx2 -.globl rsaz_1024_mul_avx2 -.globl rsaz_1024_norm2red_avx2 -.globl rsaz_1024_red2norm_avx2 -.globl rsaz_1024_scatter5_avx2 -.globl rsaz_1024_gather5_avx2 -.type rsaz_1024_sqr_avx2,\@abi-omnipotent -rsaz_1024_sqr_avx2: -rsaz_1024_mul_avx2: -rsaz_1024_norm2red_avx2: -rsaz_1024_red2norm_avx2: -rsaz_1024_scatter5_avx2: -rsaz_1024_gather5_avx2: - .byte 0x0f,0x0b # ud2 - ret -.size rsaz_1024_sqr_avx2,.-rsaz_1024_sqr_avx2 -___ -}}} - -close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/bn/asm/rsaz-avx512.pl b/crypto/bn/asm/rsaz-avx512.pl deleted file mode 100644 index 8d1d19f6c728ff11ebefcf11b60f4aaef2f60a6d..0000000000000000000000000000000000000000 --- a/crypto/bn/asm/rsaz-avx512.pl +++ /dev/null @@ -1,754 +0,0 @@ -# Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. -# Copyright (c) 2020, Intel Corporation. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html -# -# -# Originally written by Ilya Albrekht, Sergey Kirillov and Andrey Matyukov -# Intel Corporation -# -# December 2020 -# -# Initial release. -# -# Implementation utilizes 256-bit (ymm) registers to avoid frequency scaling issues. -# -# IceLake-Client @ 1.3GHz -# |---------+----------------------+--------------+-------------| -# | | OpenSSL 3.0.0-alpha9 | this | Unit | -# |---------+----------------------+--------------+-------------| -# | rsa2048 | 2 127 659 | 1 015 625 | cycles/sign | -# | | 611 | 1280 / +109% | sign/s | -# |---------+----------------------+--------------+-------------| -# - -# $output is the last argument if it looks like a file (it has an extension) -# $flavour is the first argument if it doesn't look like a file -$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; -$flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef; - -$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/); -$avx512ifma=0; - -$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; -( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or -( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or -die "can't locate x86_64-xlate.pl"; - -if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1` - =~ /GNU assembler version ([2-9]\.[0-9]+)/) { - $avx512ifma = ($1>=2.26); -} - -if (!$avx512 && $win64 && ($flavour =~ /nasm/ || $ENV{ASM} =~ /nasm/) && - `nasm -v 2>&1` =~ /NASM version ([2-9]\.[0-9]+)(?:\.([0-9]+))?/) { - $avx512ifma = ($1==2.11 && $2>=8) + ($1>=2.12); -} - -if (!$avx512 && `$ENV{CC} -v 2>&1` - =~ /(Apple)?\s*((?:clang|LLVM) version|.*based on LLVM) ([0-9]+)\.([0-9]+)\.([0-9]+)?/) { - my $ver = $3 + $4/100.0 + $5/10000.0; # 3.1.0->3.01, 3.10.1->3.1001 - if ($1) { - # Apple conditions, they use a different version series, see - # https://en.wikipedia.org/wiki/Xcode#Xcode_7.0_-_10.x_(since_Free_On-Device_Development)_2 - # clang 7.0.0 is Apple clang 10.0.1 - $avx512ifma = ($ver>=10.0001) - } else { - $avx512ifma = ($3>=7.0); - } -} - -open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"" - or die "can't call $xlate: $!"; -*STDOUT=*OUT; - -if ($avx512ifma>0) {{{ -@_6_args_universal_ABI = ("%rdi","%rsi","%rdx","%rcx","%r8","%r9"); - -$code.=<<___; -.extern OPENSSL_ia32cap_P -.globl ossl_rsaz_avx512ifma_eligible -.type ossl_rsaz_avx512ifma_eligible,\@abi-omnipotent -.align 32 -ossl_rsaz_avx512ifma_eligible: - mov OPENSSL_ia32cap_P+8(%rip), %ecx - xor %eax,%eax - and \$`1<<31|1<<21|1<<17|1<<16`, %ecx # avx512vl + avx512ifma + avx512dq + avx512f - cmp \$`1<<31|1<<21|1<<17|1<<16`, %ecx - cmove %ecx,%eax - ret -.size ossl_rsaz_avx512ifma_eligible, .-ossl_rsaz_avx512ifma_eligible -___ - -############################################################################### -# Almost Montgomery Multiplication (AMM) for 20-digit number in radix 2^52. -# -# AMM is defined as presented in the paper -# "Efficient Software Implementations of Modular Exponentiation" by Shay Gueron. -# -# The input and output are presented in 2^52 radix domain, i.e. -# |res|, |a|, |b|, |m| are arrays of 20 64-bit qwords with 12 high bits zeroed. -# |k0| is a Montgomery coefficient, which is here k0 = -1/m mod 2^64 -# (note, the implementation counts only 52 bits from it). -# -# NB: the AMM implementation does not perform "conditional" subtraction step as -# specified in the original algorithm as according to the paper "Enhanced Montgomery -# Multiplication" by Shay Gueron (see Lemma 1), the result will be always < 2*2^1024 -# and can be used as a direct input to the next AMM iteration. -# This post-condition is true, provided the correct parameter |s| is choosen, i.e. -# s >= n + 2 * k, which matches our case: 1040 > 1024 + 2 * 1. -# -# void ossl_rsaz_amm52x20_x1_256(BN_ULONG *res, -# const BN_ULONG *a, -# const BN_ULONG *b, -# const BN_ULONG *m, -# BN_ULONG k0); -############################################################################### -{ -# input parameters ("%rdi","%rsi","%rdx","%rcx","%r8") -my ($res,$a,$b,$m,$k0) = @_6_args_universal_ABI; - -my $mask52 = "%rax"; -my $acc0_0 = "%r9"; -my $acc0_0_low = "%r9d"; -my $acc0_1 = "%r15"; -my $acc0_1_low = "%r15d"; -my $b_ptr = "%r11"; - -my $iter = "%ebx"; - -my $zero = "%ymm0"; -my ($R0_0,$R0_0h,$R1_0,$R1_0h,$R2_0) = ("%ymm1", map("%ymm$_",(16..19))); -my ($R0_1,$R0_1h,$R1_1,$R1_1h,$R2_1) = ("%ymm2", map("%ymm$_",(20..23))); -my $Bi = "%ymm3"; -my $Yi = "%ymm4"; - -# Registers mapping for normalization. -# We can reuse Bi, Yi registers here. -my $TMP = $Bi; -my $mask52x4 = $Yi; -my ($T0,$T0h,$T1,$T1h,$T2) = map("%ymm$_", (24..28)); - -sub amm52x20_x1() { -# _data_offset - offset in the |a| or |m| arrays pointing to the beginning -# of data for corresponding AMM operation; -# _b_offset - offset in the |b| array pointing to the next qword digit; -my ($_data_offset,$_b_offset,$_acc,$_R0,$_R0h,$_R1,$_R1h,$_R2,$_k0) = @_; -my $_R0_xmm = $_R0; -$_R0_xmm =~ s/%y/%x/; -$code.=<<___; - movq $_b_offset($b_ptr), %r13 # b[i] - - vpbroadcastq %r13, $Bi # broadcast b[i] - movq $_data_offset($a), %rdx - mulx %r13, %r13, %r12 # a[0]*b[i] = (t0,t2) - addq %r13, $_acc # acc += t0 - movq %r12, %r10 - adcq \$0, %r10 # t2 += CF - - movq $_k0, %r13 - imulq $_acc, %r13 # acc * k0 - andq $mask52, %r13 # yi = (acc * k0) & mask52 - - vpbroadcastq %r13, $Yi # broadcast y[i] - movq $_data_offset($m), %rdx - mulx %r13, %r13, %r12 # yi * m[0] = (t0,t1) - addq %r13, $_acc # acc += t0 - adcq %r12, %r10 # t2 += (t1 + CF) - - shrq \$52, $_acc - salq \$12, %r10 - or %r10, $_acc # acc = ((acc >> 52) | (t2 << 12)) - - vpmadd52luq `$_data_offset+64*0`($a), $Bi, $_R0 - vpmadd52luq `$_data_offset+64*0+32`($a), $Bi, $_R0h - vpmadd52luq `$_data_offset+64*1`($a), $Bi, $_R1 - vpmadd52luq `$_data_offset+64*1+32`($a), $Bi, $_R1h - vpmadd52luq `$_data_offset+64*2`($a), $Bi, $_R2 - - vpmadd52luq `$_data_offset+64*0`($m), $Yi, $_R0 - vpmadd52luq `$_data_offset+64*0+32`($m), $Yi, $_R0h - vpmadd52luq `$_data_offset+64*1`($m), $Yi, $_R1 - vpmadd52luq `$_data_offset+64*1+32`($m), $Yi, $_R1h - vpmadd52luq `$_data_offset+64*2`($m), $Yi, $_R2 - - # Shift accumulators right by 1 qword, zero extending the highest one - valignq \$1, $_R0, $_R0h, $_R0 - valignq \$1, $_R0h, $_R1, $_R0h - valignq \$1, $_R1, $_R1h, $_R1 - valignq \$1, $_R1h, $_R2, $_R1h - valignq \$1, $_R2, $zero, $_R2 - - vmovq $_R0_xmm, %r13 - addq %r13, $_acc # acc += R0[0] - - vpmadd52huq `$_data_offset+64*0`($a), $Bi, $_R0 - vpmadd52huq `$_data_offset+64*0+32`($a), $Bi, $_R0h - vpmadd52huq `$_data_offset+64*1`($a), $Bi, $_R1 - vpmadd52huq `$_data_offset+64*1+32`($a), $Bi, $_R1h - vpmadd52huq `$_data_offset+64*2`($a), $Bi, $_R2 - - vpmadd52huq `$_data_offset+64*0`($m), $Yi, $_R0 - vpmadd52huq `$_data_offset+64*0+32`($m), $Yi, $_R0h - vpmadd52huq `$_data_offset+64*1`($m), $Yi, $_R1 - vpmadd52huq `$_data_offset+64*1+32`($m), $Yi, $_R1h - vpmadd52huq `$_data_offset+64*2`($m), $Yi, $_R2 -___ -} - -# Normalization routine: handles carry bits in R0..R2 QWs and -# gets R0..R2 back to normalized 2^52 representation. -# -# Uses %r8-14,%e[bcd]x -sub amm52x20_x1_norm { -my ($_acc,$_R0,$_R0h,$_R1,$_R1h,$_R2) = @_; -$code.=<<___; - # Put accumulator to low qword in R0 - vpbroadcastq $_acc, $TMP - vpblendd \$3, $TMP, $_R0, $_R0 - - # Extract "carries" (12 high bits) from each QW of R0..R2 - # Save them to LSB of QWs in T0..T2 - vpsrlq \$52, $_R0, $T0 - vpsrlq \$52, $_R0h, $T0h - vpsrlq \$52, $_R1, $T1 - vpsrlq \$52, $_R1h, $T1h - vpsrlq \$52, $_R2, $T2 - - # "Shift left" T0..T2 by 1 QW - valignq \$3, $T1h, $T2, $T2 - valignq \$3, $T1, $T1h, $T1h - valignq \$3, $T0h, $T1, $T1 - valignq \$3, $T0, $T0h, $T0h - valignq \$3, $zero, $T0, $T0 - - # Drop "carries" from R0..R2 QWs - vpandq $mask52x4, $_R0, $_R0 - vpandq $mask52x4, $_R0h, $_R0h - vpandq $mask52x4, $_R1, $_R1 - vpandq $mask52x4, $_R1h, $_R1h - vpandq $mask52x4, $_R2, $_R2 - - # Sum R0..R2 with corresponding adjusted carries - vpaddq $T0, $_R0, $_R0 - vpaddq $T0h, $_R0h, $_R0h - vpaddq $T1, $_R1, $_R1 - vpaddq $T1h, $_R1h, $_R1h - vpaddq $T2, $_R2, $_R2 - - # Now handle carry bits from this addition - # Get mask of QWs which 52-bit parts overflow... - vpcmpuq \$1, $_R0, $mask52x4, %k1 # OP=lt - vpcmpuq \$1, $_R0h, $mask52x4, %k2 - vpcmpuq \$1, $_R1, $mask52x4, %k3 - vpcmpuq \$1, $_R1h, $mask52x4, %k4 - vpcmpuq \$1, $_R2, $mask52x4, %k5 - kmovb %k1, %r14d # k1 - kmovb %k2, %r13d # k1h - kmovb %k3, %r12d # k2 - kmovb %k4, %r11d # k2h - kmovb %k5, %r10d # k3 - - # ...or saturated - vpcmpuq \$0, $_R0, $mask52x4, %k1 # OP=eq - vpcmpuq \$0, $_R0h, $mask52x4, %k2 - vpcmpuq \$0, $_R1, $mask52x4, %k3 - vpcmpuq \$0, $_R1h, $mask52x4, %k4 - vpcmpuq \$0, $_R2, $mask52x4, %k5 - kmovb %k1, %r9d # k4 - kmovb %k2, %r8d # k4h - kmovb %k3, %ebx # k5 - kmovb %k4, %ecx # k5h - kmovb %k5, %edx # k6 - - # Get mask of QWs where carries shall be propagated to. - # Merge 4-bit masks to 8-bit values to use add with carry. - shl \$4, %r13b - or %r13b, %r14b - shl \$4, %r11b - or %r11b, %r12b - - add %r14b, %r14b - adc %r12b, %r12b - adc %r10b, %r10b - - shl \$4, %r8b - or %r8b,%r9b - shl \$4, %cl - or %cl, %bl - - add %r9b, %r14b - adc %bl, %r12b - adc %dl, %r10b - - xor %r9b, %r14b - xor %bl, %r12b - xor %dl, %r10b - - kmovb %r14d, %k1 - shr \$4, %r14b - kmovb %r14d, %k2 - kmovb %r12d, %k3 - shr \$4, %r12b - kmovb %r12d, %k4 - kmovb %r10d, %k5 - - # Add carries according to the obtained mask - vpsubq $mask52x4, $_R0, ${_R0}{%k1} - vpsubq $mask52x4, $_R0h, ${_R0h}{%k2} - vpsubq $mask52x4, $_R1, ${_R1}{%k3} - vpsubq $mask52x4, $_R1h, ${_R1h}{%k4} - vpsubq $mask52x4, $_R2, ${_R2}{%k5} - - vpandq $mask52x4, $_R0, $_R0 - vpandq $mask52x4, $_R0h, $_R0h - vpandq $mask52x4, $_R1, $_R1 - vpandq $mask52x4, $_R1h, $_R1h - vpandq $mask52x4, $_R2, $_R2 -___ -} - -$code.=<<___; -.text - -.globl ossl_rsaz_amm52x20_x1_256 -.type ossl_rsaz_amm52x20_x1_256,\@function,5 -.align 32 -ossl_rsaz_amm52x20_x1_256: -.cfi_startproc - endbranch - push %rbx -.cfi_push %rbx - push %rbp -.cfi_push %rbp - push %r12 -.cfi_push %r12 - push %r13 -.cfi_push %r13 - push %r14 -.cfi_push %r14 - push %r15 -.cfi_push %r15 -.Lrsaz_amm52x20_x1_256_body: - - # Zeroing accumulators - vpxord $zero, $zero, $zero - vmovdqa64 $zero, $R0_0 - vmovdqa64 $zero, $R0_0h - vmovdqa64 $zero, $R1_0 - vmovdqa64 $zero, $R1_0h - vmovdqa64 $zero, $R2_0 - - xorl $acc0_0_low, $acc0_0_low - - movq $b, $b_ptr # backup address of b - movq \$0xfffffffffffff, $mask52 # 52-bit mask - - # Loop over 20 digits unrolled by 4 - mov \$5, $iter - -.align 32 -.Lloop5: -___ - foreach my $idx (0..3) { - &amm52x20_x1(0,8*$idx,$acc0_0,$R0_0,$R0_0h,$R1_0,$R1_0h,$R2_0,$k0); - } -$code.=<<___; - lea `4*8`($b_ptr), $b_ptr - dec $iter - jne .Lloop5 - - vmovdqa64 .Lmask52x4(%rip), $mask52x4 -___ - &amm52x20_x1_norm($acc0_0,$R0_0,$R0_0h,$R1_0,$R1_0h,$R2_0); -$code.=<<___; - - vmovdqu64 $R0_0, ($res) - vmovdqu64 $R0_0h, 32($res) - vmovdqu64 $R1_0, 64($res) - vmovdqu64 $R1_0h, 96($res) - vmovdqu64 $R2_0, 128($res) - - vzeroupper - mov 0(%rsp),%r15 -.cfi_restore %r15 - mov 8(%rsp),%r14 -.cfi_restore %r14 - mov 16(%rsp),%r13 -.cfi_restore %r13 - mov 24(%rsp),%r12 -.cfi_restore %r12 - mov 32(%rsp),%rbp -.cfi_restore %rbp - mov 40(%rsp),%rbx -.cfi_restore %rbx - lea 48(%rsp),%rsp -.cfi_adjust_cfa_offset -48 -.Lrsaz_amm52x20_x1_256_epilogue: - ret -.cfi_endproc -.size ossl_rsaz_amm52x20_x1_256, .-ossl_rsaz_amm52x20_x1_256 -___ - -$code.=<<___; -.data -.align 32 -.Lmask52x4: - .quad 0xfffffffffffff - .quad 0xfffffffffffff - .quad 0xfffffffffffff - .quad 0xfffffffffffff -___ - -############################################################################### -# Dual Almost Montgomery Multiplication for 20-digit number in radix 2^52 -# -# See description of ossl_rsaz_amm52x20_x1_256() above for details about Almost -# Montgomery Multiplication algorithm and function input parameters description. -# -# This function does two AMMs for two independent inputs, hence dual. -# -# void ossl_rsaz_amm52x20_x2_256(BN_ULONG out[2][20], -# const BN_ULONG a[2][20], -# const BN_ULONG b[2][20], -# const BN_ULONG m[2][20], -# const BN_ULONG k0[2]); -############################################################################### - -$code.=<<___; -.text - -.globl ossl_rsaz_amm52x20_x2_256 -.type ossl_rsaz_amm52x20_x2_256,\@function,5 -.align 32 -ossl_rsaz_amm52x20_x2_256: -.cfi_startproc - endbranch - push %rbx -.cfi_push %rbx - push %rbp -.cfi_push %rbp - push %r12 -.cfi_push %r12 - push %r13 -.cfi_push %r13 - push %r14 -.cfi_push %r14 - push %r15 -.cfi_push %r15 -.Lrsaz_amm52x20_x2_256_body: - - # Zeroing accumulators - vpxord $zero, $zero, $zero - vmovdqa64 $zero, $R0_0 - vmovdqa64 $zero, $R0_0h - vmovdqa64 $zero, $R1_0 - vmovdqa64 $zero, $R1_0h - vmovdqa64 $zero, $R2_0 - vmovdqa64 $zero, $R0_1 - vmovdqa64 $zero, $R0_1h - vmovdqa64 $zero, $R1_1 - vmovdqa64 $zero, $R1_1h - vmovdqa64 $zero, $R2_1 - - xorl $acc0_0_low, $acc0_0_low - xorl $acc0_1_low, $acc0_1_low - - movq $b, $b_ptr # backup address of b - movq \$0xfffffffffffff, $mask52 # 52-bit mask - - mov \$20, $iter - -.align 32 -.Lloop20: -___ - &amm52x20_x1( 0, 0,$acc0_0,$R0_0,$R0_0h,$R1_0,$R1_0h,$R2_0,"($k0)"); - # 20*8 = offset of the next dimension in two-dimension array - &amm52x20_x1(20*8,20*8,$acc0_1,$R0_1,$R0_1h,$R1_1,$R1_1h,$R2_1,"8($k0)"); -$code.=<<___; - lea 8($b_ptr), $b_ptr - dec $iter - jne .Lloop20 - - vmovdqa64 .Lmask52x4(%rip), $mask52x4 -___ - &amm52x20_x1_norm($acc0_0,$R0_0,$R0_0h,$R1_0,$R1_0h,$R2_0); - &amm52x20_x1_norm($acc0_1,$R0_1,$R0_1h,$R1_1,$R1_1h,$R2_1); -$code.=<<___; - - vmovdqu64 $R0_0, ($res) - vmovdqu64 $R0_0h, 32($res) - vmovdqu64 $R1_0, 64($res) - vmovdqu64 $R1_0h, 96($res) - vmovdqu64 $R2_0, 128($res) - - vmovdqu64 $R0_1, 160($res) - vmovdqu64 $R0_1h, 192($res) - vmovdqu64 $R1_1, 224($res) - vmovdqu64 $R1_1h, 256($res) - vmovdqu64 $R2_1, 288($res) - - vzeroupper - mov 0(%rsp),%r15 -.cfi_restore %r15 - mov 8(%rsp),%r14 -.cfi_restore %r14 - mov 16(%rsp),%r13 -.cfi_restore %r13 - mov 24(%rsp),%r12 -.cfi_restore %r12 - mov 32(%rsp),%rbp -.cfi_restore %rbp - mov 40(%rsp),%rbx -.cfi_restore %rbx - lea 48(%rsp),%rsp -.cfi_adjust_cfa_offset -48 -.Lrsaz_amm52x20_x2_256_epilogue: - ret -.cfi_endproc -.size ossl_rsaz_amm52x20_x2_256, .-ossl_rsaz_amm52x20_x2_256 -___ -} - -############################################################################### -# Constant time extraction from the precomputed table of powers base^i, where -# i = 0..2^EXP_WIN_SIZE-1 -# -# The input |red_table| contains precomputations for two independent base values, -# so the |tbl_idx| indicates for which base shall we extract the value. -# |red_table_idx| is a power index. -# -# Extracted value (output) is 20 digit number in 2^52 radix. -# -# void ossl_extract_multiplier_2x20_win5(BN_ULONG *red_Y, -# const BN_ULONG red_table[1 << EXP_WIN_SIZE][2][20], -# int red_table_idx, -# int tbl_idx); # 0 or 1 -# -# EXP_WIN_SIZE = 5 -############################################################################### -{ -# input parameters -my ($out,$red_tbl,$red_tbl_idx,$tbl_idx) = @_6_args_universal_ABI; - -my ($t0,$t1,$t2,$t3,$t4) = map("%ymm$_", (0..4)); -my $t4xmm = $t4; -$t4xmm =~ s/%y/%x/; -my ($tmp0,$tmp1,$tmp2,$tmp3,$tmp4) = map("%ymm$_", (16..20)); -my ($cur_idx,$idx,$ones) = map("%ymm$_", (21..23)); - -$code.=<<___; -.text - -.align 32 -.globl ossl_extract_multiplier_2x20_win5 -.type ossl_extract_multiplier_2x20_win5,\@function,4 -ossl_extract_multiplier_2x20_win5: -.cfi_startproc - endbranch - leaq ($tbl_idx,$tbl_idx,4), %rax - salq \$5, %rax - addq %rax, $red_tbl - - vmovdqa64 .Lones(%rip), $ones # broadcast ones - vpbroadcastq $red_tbl_idx, $idx - leaq `(1<<5)*2*20*8`($red_tbl), %rax # holds end of the tbl - - vpxor $t4xmm, $t4xmm, $t4xmm - vmovdqa64 $t4, $t3 # zeroing t0..4, cur_idx - vmovdqa64 $t4, $t2 - vmovdqa64 $t4, $t1 - vmovdqa64 $t4, $t0 - vmovdqa64 $t4, $cur_idx - -.align 32 -.Lloop: - vpcmpq \$0, $cur_idx, $idx, %k1 # mask of (idx == cur_idx) - addq \$320, $red_tbl # 320 = 2 * 20 digits * 8 bytes - vpaddq $ones, $cur_idx, $cur_idx # increment cur_idx - vmovdqu64 -320($red_tbl), $tmp0 # load data from red_tbl - vmovdqu64 -288($red_tbl), $tmp1 - vmovdqu64 -256($red_tbl), $tmp2 - vmovdqu64 -224($red_tbl), $tmp3 - vmovdqu64 -192($red_tbl), $tmp4 - vpblendmq $tmp0, $t0, ${t0}{%k1} # extract data when mask is not zero - vpblendmq $tmp1, $t1, ${t1}{%k1} - vpblendmq $tmp2, $t2, ${t2}{%k1} - vpblendmq $tmp3, $t3, ${t3}{%k1} - vpblendmq $tmp4, $t4, ${t4}{%k1} - cmpq $red_tbl, %rax - jne .Lloop - - vmovdqu64 $t0, ($out) # store t0..4 - vmovdqu64 $t1, 32($out) - vmovdqu64 $t2, 64($out) - vmovdqu64 $t3, 96($out) - vmovdqu64 $t4, 128($out) - - ret -.cfi_endproc -.size ossl_extract_multiplier_2x20_win5, .-ossl_extract_multiplier_2x20_win5 -___ -$code.=<<___; -.data -.align 32 -.Lones: - .quad 1,1,1,1 -___ -} - -if ($win64) { -$rec="%rcx"; -$frame="%rdx"; -$context="%r8"; -$disp="%r9"; - -$code.=<<___ -.extern __imp_RtlVirtualUnwind -.type rsaz_def_handler,\@abi-omnipotent -.align 16 -rsaz_def_handler: - push %rsi - push %rdi - push %rbx - push %rbp - push %r12 - push %r13 - push %r14 - push %r15 - pushfq - sub \$64,%rsp - - mov 120($context),%rax # pull context->Rax - mov 248($context),%rbx # pull context->Rip - - mov 8($disp),%rsi # disp->ImageBase - mov 56($disp),%r11 # disp->HandlerData - - mov 0(%r11),%r10d # HandlerData[0] - lea (%rsi,%r10),%r10 # prologue label - cmp %r10,%rbx # context->Rip<.Lprologue - jb .Lcommon_seh_tail - - mov 152($context),%rax # pull context->Rsp - - mov 4(%r11),%r10d # HandlerData[1] - lea (%rsi,%r10),%r10 # epilogue label - cmp %r10,%rbx # context->Rip>=.Lepilogue - jae .Lcommon_seh_tail - - lea 48(%rax),%rax - - mov -8(%rax),%rbx - mov -16(%rax),%rbp - mov -24(%rax),%r12 - mov -32(%rax),%r13 - mov -40(%rax),%r14 - mov -48(%rax),%r15 - mov %rbx,144($context) # restore context->Rbx - mov %rbp,160($context) # restore context->Rbp - mov %r12,216($context) # restore context->R12 - mov %r13,224($context) # restore context->R13 - mov %r14,232($context) # restore context->R14 - mov %r15,240($context) # restore context->R14 - -.Lcommon_seh_tail: - mov 8(%rax),%rdi - mov 16(%rax),%rsi - mov %rax,152($context) # restore context->Rsp - mov %rsi,168($context) # restore context->Rsi - mov %rdi,176($context) # restore context->Rdi - - mov 40($disp),%rdi # disp->ContextRecord - mov $context,%rsi # context - mov \$154,%ecx # sizeof(CONTEXT) - .long 0xa548f3fc # cld; rep movsq - - mov $disp,%rsi - xor %rcx,%rcx # arg1, UNW_FLAG_NHANDLER - mov 8(%rsi),%rdx # arg2, disp->ImageBase - mov 0(%rsi),%r8 # arg3, disp->ControlPc - mov 16(%rsi),%r9 # arg4, disp->FunctionEntry - mov 40(%rsi),%r10 # disp->ContextRecord - lea 56(%rsi),%r11 # &disp->HandlerData - lea 24(%rsi),%r12 # &disp->EstablisherFrame - mov %r10,32(%rsp) # arg5 - mov %r11,40(%rsp) # arg6 - mov %r12,48(%rsp) # arg7 - mov %rcx,56(%rsp) # arg8, (NULL) - call *__imp_RtlVirtualUnwind(%rip) - - mov \$1,%eax # ExceptionContinueSearch - add \$64,%rsp - popfq - pop %r15 - pop %r14 - pop %r13 - pop %r12 - pop %rbp - pop %rbx - pop %rdi - pop %rsi - ret -.size rsaz_def_handler,.-rsaz_def_handler - -.section .pdata -.align 4 - .rva .LSEH_begin_ossl_rsaz_amm52x20_x1_256 - .rva .LSEH_end_ossl_rsaz_amm52x20_x1_256 - .rva .LSEH_info_ossl_rsaz_amm52x20_x1_256 - - .rva .LSEH_begin_ossl_rsaz_amm52x20_x2_256 - .rva .LSEH_end_ossl_rsaz_amm52x20_x2_256 - .rva .LSEH_info_ossl_rsaz_amm52x20_x2_256 - - .rva .LSEH_begin_ossl_extract_multiplier_2x20_win5 - .rva .LSEH_end_ossl_extract_multiplier_2x20_win5 - .rva .LSEH_info_ossl_extract_multiplier_2x20_win5 - -.section .xdata -.align 8 -.LSEH_info_ossl_rsaz_amm52x20_x1_256: - .byte 9,0,0,0 - .rva rsaz_def_handler - .rva .Lrsaz_amm52x20_x1_256_body,.Lrsaz_amm52x20_x1_256_epilogue -.LSEH_info_ossl_rsaz_amm52x20_x2_256: - .byte 9,0,0,0 - .rva rsaz_def_handler - .rva .Lrsaz_amm52x20_x2_256_body,.Lrsaz_amm52x20_x2_256_epilogue -.LSEH_info_ossl_extract_multiplier_2x20_win5: - .byte 9,0,0,0 - .rva rsaz_def_handler - .rva .LSEH_begin_ossl_extract_multiplier_2x20_win5,.LSEH_begin_ossl_extract_multiplier_2x20_win5 -___ -} -}}} else {{{ # fallback for old assembler -$code.=<<___; -.text - -.globl ossl_rsaz_avx512ifma_eligible -.type ossl_rsaz_avx512ifma_eligible,\@abi-omnipotent -ossl_rsaz_avx512ifma_eligible: - xor %eax,%eax - ret -.size ossl_rsaz_avx512ifma_eligible, .-ossl_rsaz_avx512ifma_eligible - -.globl ossl_rsaz_amm52x20_x1_256 -.globl ossl_rsaz_amm52x20_x2_256 -.globl ossl_extract_multiplier_2x20_win5 -.type ossl_rsaz_amm52x20_x1_256,\@abi-omnipotent -ossl_rsaz_amm52x20_x1_256: -ossl_rsaz_amm52x20_x2_256: -ossl_extract_multiplier_2x20_win5: - .byte 0x0f,0x0b # ud2 - ret -.size ossl_rsaz_amm52x20_x1_256, .-ossl_rsaz_amm52x20_x1_256 -___ -}}} - -$code =~ s/\`([^\`]*)\`/eval $1/gem; -print $code; -close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/bn/asm/rsaz-x86_64.pl b/crypto/bn/asm/rsaz-x86_64.pl deleted file mode 100755 index 5c7d526fa37a8d9b983359dbc505413c53f5d07d..0000000000000000000000000000000000000000 --- a/crypto/bn/asm/rsaz-x86_64.pl +++ /dev/null @@ -1,2433 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2013-2020 The OpenSSL Project Authors. All Rights Reserved. -# Copyright (c) 2012, Intel Corporation. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html -# -# Originally written by Shay Gueron (1, 2), and Vlad Krasnov (1) -# (1) Intel Corporation, Israel Development Center, Haifa, Israel -# (2) University of Haifa, Israel -# -# References: -# [1] S. Gueron, "Efficient Software Implementations of Modular -# Exponentiation", http://eprint.iacr.org/2011/239 -# [2] S. Gueron, V. Krasnov. "Speeding up Big-Numbers Squaring". -# IEEE Proceedings of 9th International Conference on Information -# Technology: New Generations (ITNG 2012), 821-823 (2012). -# [3] S. Gueron, Efficient Software Implementations of Modular Exponentiation -# Journal of Cryptographic Engineering 2:31-43 (2012). -# [4] S. Gueron, V. Krasnov: "[PATCH] Efficient and side channel analysis -# resistant 512-bit and 1024-bit modular exponentiation for optimizing -# RSA1024 and RSA2048 on x86_64 platforms", -# http://rt.openssl.org/Ticket/Display.html?id=2582&user=guest&pass=guest -# -# While original submission covers 512- and 1024-bit exponentiation, -# this module is limited to 512-bit version only (and as such -# accelerates RSA1024 sign). This is because improvement for longer -# keys is not high enough to justify the effort, highest measured -# was ~5% on Westmere. [This is relative to OpenSSL 1.0.2, upcoming -# for the moment of this writing!] Nor does this module implement -# "monolithic" complete exponentiation jumbo-subroutine, but adheres -# to more modular mixture of C and assembly. And it's optimized even -# for processors other than Intel Core family (see table below for -# improvement coefficients). -# -# -# RSA1024 sign/sec this/original |this/rsax(*) this/fips(*) -# ----------------+--------------------------- -# Opteron +13% |+5% +20% -# Bulldozer -0% |-1% +10% -# P4 +11% |+7% +8% -# Westmere +5% |+14% +17% -# Sandy Bridge +2% |+12% +29% -# Ivy Bridge +1% |+11% +35% -# Haswell(**) -0% |+12% +39% -# Atom +13% |+11% +4% -# VIA Nano +70% |+9% +25% -# -# (*) rsax engine and fips numbers are presented for reference -# purposes; -# (**) MULX was attempted, but found to give only marginal improvement; - -# $output is the last argument if it looks like a file (it has an extension) -# $flavour is the first argument if it doesn't look like a file -$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; -$flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef; - -$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/); - -$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; -( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or -( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or -die "can't locate x86_64-xlate.pl"; - -open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"" - or die "can't call $xlate: $!"; -*STDOUT=*OUT; - -if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1` - =~ /GNU assembler version ([2-9]\.[0-9]+)/) { - $addx = ($1>=2.23); -} - -if (!$addx && $win64 && ($flavour =~ /nasm/ || $ENV{ASM} =~ /nasm/) && - `nasm -v 2>&1` =~ /NASM version ([2-9]\.[0-9]+)/) { - $addx = ($1>=2.10); -} - -if (!$addx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) && - `ml64 2>&1` =~ /Version ([0-9]+)\./) { - $addx = ($1>=12); -} - -if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:clang|LLVM) version|.*based on LLVM) ([0-9]+)\.([0-9]+)/) { - my $ver = $2 + $3/100.0; # 3.1->3.01, 3.10->3.10 - $addx = ($ver>=3.03); -} - -($out, $inp, $mod) = ("%rdi", "%rsi", "%rbp"); # common internal API -{ -my ($out,$inp,$mod,$n0,$times) = ("%rdi","%rsi","%rdx","%rcx","%r8d"); - -$code.=<<___; -.text - -.extern OPENSSL_ia32cap_P - -.globl rsaz_512_sqr -.type rsaz_512_sqr,\@function,5 -.align 32 -rsaz_512_sqr: # 25-29% faster than rsaz_512_mul -.cfi_startproc - push %rbx -.cfi_push %rbx - push %rbp -.cfi_push %rbp - push %r12 -.cfi_push %r12 - push %r13 -.cfi_push %r13 - push %r14 -.cfi_push %r14 - push %r15 -.cfi_push %r15 - - subq \$128+24, %rsp -.cfi_adjust_cfa_offset 128+24 -.Lsqr_body: - movq $mod, %xmm1 # common off-load - movq ($inp), %rdx - movq 8($inp), %rax - movq $n0, 128(%rsp) -___ -$code.=<<___ if ($addx); - movl \$0x80100,%r11d - andl OPENSSL_ia32cap_P+8(%rip),%r11d - cmpl \$0x80100,%r11d # check for MULX and ADO/CX - je .Loop_sqrx -___ -$code.=<<___; - jmp .Loop_sqr - -.align 32 -.Loop_sqr: - movl $times,128+8(%rsp) -#first iteration - movq %rdx, %rbx # 0($inp) - mov %rax, %rbp # 8($inp) - mulq %rdx - movq %rax, %r8 - movq 16($inp), %rax - movq %rdx, %r9 - - mulq %rbx - addq %rax, %r9 - movq 24($inp), %rax - movq %rdx, %r10 - adcq \$0, %r10 - - mulq %rbx - addq %rax, %r10 - movq 32($inp), %rax - movq %rdx, %r11 - adcq \$0, %r11 - - mulq %rbx - addq %rax, %r11 - movq 40($inp), %rax - movq %rdx, %r12 - adcq \$0, %r12 - - mulq %rbx - addq %rax, %r12 - movq 48($inp), %rax - movq %rdx, %r13 - adcq \$0, %r13 - - mulq %rbx - addq %rax, %r13 - movq 56($inp), %rax - movq %rdx, %r14 - adcq \$0, %r14 - - mulq %rbx - addq %rax, %r14 - movq %rbx, %rax - adcq \$0, %rdx - - xorq %rcx,%rcx # rcx:r8 = r8 << 1 - addq %r8, %r8 - movq %rdx, %r15 - adcq \$0, %rcx - - mulq %rax - addq %r8, %rdx - adcq \$0, %rcx - - movq %rax, (%rsp) - movq %rdx, 8(%rsp) - -#second iteration - movq 16($inp), %rax - mulq %rbp - addq %rax, %r10 - movq 24($inp), %rax - movq %rdx, %rbx - adcq \$0, %rbx - - mulq %rbp - addq %rax, %r11 - movq 32($inp), %rax - adcq \$0, %rdx - addq %rbx, %r11 - movq %rdx, %rbx - adcq \$0, %rbx - - mulq %rbp - addq %rax, %r12 - movq 40($inp), %rax - adcq \$0, %rdx - addq %rbx, %r12 - movq %rdx, %rbx - adcq \$0, %rbx - - mulq %rbp - addq %rax, %r13 - movq 48($inp), %rax - adcq \$0, %rdx - addq %rbx, %r13 - movq %rdx, %rbx - adcq \$0, %rbx - - mulq %rbp - addq %rax, %r14 - movq 56($inp), %rax - adcq \$0, %rdx - addq %rbx, %r14 - movq %rdx, %rbx - adcq \$0, %rbx - - mulq %rbp - addq %rax, %r15 - movq %rbp, %rax - adcq \$0, %rdx - addq %rbx, %r15 - adcq \$0, %rdx - - xorq %rbx, %rbx # rbx:r10:r9 = r10:r9 << 1 - addq %r9, %r9 - movq %rdx, %r8 - adcq %r10, %r10 - adcq \$0, %rbx - - mulq %rax - # rcx <= 2 and rax <= 0xFFFF..F9, so carry must be zero here - addq %rcx, %rax - movq 16($inp), %rbp - addq %rax, %r9 - movq 24($inp), %rax - adcq %rdx, %r10 - adcq \$0, %rbx - - movq %r9, 16(%rsp) - movq %r10, 24(%rsp) - -#third iteration - mulq %rbp - addq %rax, %r12 - movq 32($inp), %rax - movq %rdx, %rcx - adcq \$0, %rcx - - mulq %rbp - addq %rax, %r13 - movq 40($inp), %rax - adcq \$0, %rdx - addq %rcx, %r13 - movq %rdx, %rcx - adcq \$0, %rcx - - mulq %rbp - addq %rax, %r14 - movq 48($inp), %rax - adcq \$0, %rdx - addq %rcx, %r14 - movq %rdx, %rcx - adcq \$0, %rcx - - mulq %rbp - addq %rax, %r15 - movq 56($inp), %rax - adcq \$0, %rdx - addq %rcx, %r15 - movq %rdx, %rcx - adcq \$0, %rcx - - mulq %rbp - addq %rax, %r8 - movq %rbp, %rax - adcq \$0, %rdx - addq %rcx, %r8 - adcq \$0, %rdx - - xorq %rcx, %rcx # rcx:r12:r11 = r12:r11 << 1 - addq %r11, %r11 - movq %rdx, %r9 - adcq %r12, %r12 - adcq \$0, %rcx - - mulq %rax - # rbx <= 2 and rax <= 0xFFFF..F9, so carry must be zero here - addq %rbx, %rax - movq 24($inp), %r10 - addq %rax, %r11 - movq 32($inp), %rax - adcq %rdx, %r12 - adcq \$0, %rcx - - movq %r11, 32(%rsp) - movq %r12, 40(%rsp) - -#fourth iteration - mov %rax, %r11 # 32($inp) - mulq %r10 - addq %rax, %r14 - movq 40($inp), %rax - movq %rdx, %rbx - adcq \$0, %rbx - - mov %rax, %r12 # 40($inp) - mulq %r10 - addq %rax, %r15 - movq 48($inp), %rax - adcq \$0, %rdx - addq %rbx, %r15 - movq %rdx, %rbx - adcq \$0, %rbx - - mov %rax, %rbp # 48($inp) - mulq %r10 - addq %rax, %r8 - movq 56($inp), %rax - adcq \$0, %rdx - addq %rbx, %r8 - movq %rdx, %rbx - adcq \$0, %rbx - - mulq %r10 - addq %rax, %r9 - movq %r10, %rax - adcq \$0, %rdx - addq %rbx, %r9 - adcq \$0, %rdx - - xorq %rbx, %rbx # rbx:r13:r14 = r13:r14 << 1 - addq %r13, %r13 - movq %rdx, %r10 - adcq %r14, %r14 - adcq \$0, %rbx - - mulq %rax - # rcx <= 2 and rax <= 0xFFFF..F9, so carry must be zero here - addq %rcx, %rax - addq %rax, %r13 - movq %r12, %rax # 40($inp) - adcq %rdx, %r14 - adcq \$0, %rbx - - movq %r13, 48(%rsp) - movq %r14, 56(%rsp) - -#fifth iteration - mulq %r11 - addq %rax, %r8 - movq %rbp, %rax # 48($inp) - movq %rdx, %rcx - adcq \$0, %rcx - - mulq %r11 - addq %rax, %r9 - movq 56($inp), %rax - adcq \$0, %rdx - addq %rcx, %r9 - movq %rdx, %rcx - adcq \$0, %rcx - - mov %rax, %r14 # 56($inp) - mulq %r11 - addq %rax, %r10 - movq %r11, %rax - adcq \$0, %rdx - addq %rcx, %r10 - adcq \$0, %rdx - - xorq %rcx, %rcx # rcx:r8:r15 = r8:r15 << 1 - addq %r15, %r15 - movq %rdx, %r11 - adcq %r8, %r8 - adcq \$0, %rcx - - mulq %rax - # rbx <= 2 and rax <= 0xFFFF..F9, so carry must be zero here - addq %rbx, %rax - addq %rax, %r15 - movq %rbp, %rax # 48($inp) - adcq %rdx, %r8 - adcq \$0, %rcx - - movq %r15, 64(%rsp) - movq %r8, 72(%rsp) - -#sixth iteration - mulq %r12 - addq %rax, %r10 - movq %r14, %rax # 56($inp) - movq %rdx, %rbx - adcq \$0, %rbx - - mulq %r12 - addq %rax, %r11 - movq %r12, %rax - adcq \$0, %rdx - addq %rbx, %r11 - adcq \$0, %rdx - - xorq %rbx, %rbx # rbx:r10:r9 = r10:r9 << 1 - addq %r9, %r9 - movq %rdx, %r12 - adcq %r10, %r10 - adcq \$0, %rbx - - mulq %rax - # rcx <= 2 and rax <= 0xFFFF..F9, so carry must be zero here - addq %rcx, %rax - addq %rax, %r9 - movq %r14, %rax # 56($inp) - adcq %rdx, %r10 - adcq \$0, %rbx - - movq %r9, 80(%rsp) - movq %r10, 88(%rsp) - -#seventh iteration - mulq %rbp - addq %rax, %r12 - movq %rbp, %rax - adcq \$0, %rdx - - xorq %rcx, %rcx # rcx:r12:r11 = r12:r11 << 1 - addq %r11, %r11 - movq %rdx, %r13 - adcq %r12, %r12 - adcq \$0, %rcx - - mulq %rax - # rbx <= 2 and rax <= 0xFFFF..F9, so carry must be zero here - addq %rbx, %rax - addq %rax, %r11 - movq %r14, %rax # 56($inp) - adcq %rdx, %r12 - adcq \$0, %rcx - - movq %r11, 96(%rsp) - movq %r12, 104(%rsp) - -#eighth iteration - xorq %rbx, %rbx # rbx:r13 = r13 << 1 - addq %r13, %r13 - adcq \$0, %rbx - - mulq %rax - # rcx <= 2 and rax <= 0xFFFF..F9, so carry must be zero here - addq %rcx, %rax - addq %r13, %rax - adcq %rbx, %rdx - - movq (%rsp), %r8 - movq 8(%rsp), %r9 - movq 16(%rsp), %r10 - movq 24(%rsp), %r11 - movq 32(%rsp), %r12 - movq 40(%rsp), %r13 - movq 48(%rsp), %r14 - movq 56(%rsp), %r15 - movq %xmm1, %rbp - - movq %rax, 112(%rsp) - movq %rdx, 120(%rsp) - - call __rsaz_512_reduce - - addq 64(%rsp), %r8 - adcq 72(%rsp), %r9 - adcq 80(%rsp), %r10 - adcq 88(%rsp), %r11 - adcq 96(%rsp), %r12 - adcq 104(%rsp), %r13 - adcq 112(%rsp), %r14 - adcq 120(%rsp), %r15 - sbbq %rcx, %rcx - - call __rsaz_512_subtract - - movq %r8, %rdx - movq %r9, %rax - movl 128+8(%rsp), $times - movq $out, $inp - - decl $times - jnz .Loop_sqr -___ -if ($addx) { -$code.=<<___; - jmp .Lsqr_tail - -.align 32 -.Loop_sqrx: - movl $times,128+8(%rsp) - movq $out, %xmm0 # off-load -#first iteration - mulx %rax, %r8, %r9 - mov %rax, %rbx - - mulx 16($inp), %rcx, %r10 - xor %rbp, %rbp # cf=0, of=0 - - mulx 24($inp), %rax, %r11 - adcx %rcx, %r9 - - .byte 0xc4,0x62,0xf3,0xf6,0xa6,0x20,0x00,0x00,0x00 # mulx 32($inp), %rcx, %r12 - adcx %rax, %r10 - - .byte 0xc4,0x62,0xfb,0xf6,0xae,0x28,0x00,0x00,0x00 # mulx 40($inp), %rax, %r13 - adcx %rcx, %r11 - - mulx 48($inp), %rcx, %r14 - adcx %rax, %r12 - adcx %rcx, %r13 - - mulx 56($inp), %rax, %r15 - adcx %rax, %r14 - adcx %rbp, %r15 # %rbp is 0 - - mulx %rdx, %rax, $out - mov %rbx, %rdx # 8($inp) - xor %rcx, %rcx - adox %r8, %r8 - adcx $out, %r8 - adox %rbp, %rcx - adcx %rbp, %rcx - - mov %rax, (%rsp) - mov %r8, 8(%rsp) - -#second iteration - .byte 0xc4,0xe2,0xfb,0xf6,0x9e,0x10,0x00,0x00,0x00 # mulx 16($inp), %rax, %rbx - adox %rax, %r10 - adcx %rbx, %r11 - - mulx 24($inp), $out, %r8 - adox $out, %r11 - .byte 0x66 - adcx %r8, %r12 - - mulx 32($inp), %rax, %rbx - adox %rax, %r12 - adcx %rbx, %r13 - - mulx 40($inp), $out, %r8 - adox $out, %r13 - adcx %r8, %r14 - - .byte 0xc4,0xe2,0xfb,0xf6,0x9e,0x30,0x00,0x00,0x00 # mulx 48($inp), %rax, %rbx - adox %rax, %r14 - adcx %rbx, %r15 - - .byte 0xc4,0x62,0xc3,0xf6,0x86,0x38,0x00,0x00,0x00 # mulx 56($inp), $out, %r8 - adox $out, %r15 - adcx %rbp, %r8 - mulx %rdx, %rax, $out - adox %rbp, %r8 - .byte 0x48,0x8b,0x96,0x10,0x00,0x00,0x00 # mov 16($inp), %rdx - - xor %rbx, %rbx - adox %r9, %r9 - # rcx <= 2 and rax <= 0xFFFF..F9, so carry must be zero here - adcx %rcx, %rax - adox %r10, %r10 - adcx %rax, %r9 - adox %rbp, %rbx - adcx $out, %r10 - adcx %rbp, %rbx - - mov %r9, 16(%rsp) - .byte 0x4c,0x89,0x94,0x24,0x18,0x00,0x00,0x00 # mov %r10, 24(%rsp) - -#third iteration - mulx 24($inp), $out, %r9 - adox $out, %r12 - adcx %r9, %r13 - - mulx 32($inp), %rax, %rcx - adox %rax, %r13 - adcx %rcx, %r14 - - .byte 0xc4,0x62,0xc3,0xf6,0x8e,0x28,0x00,0x00,0x00 # mulx 40($inp), $out, %r9 - adox $out, %r14 - adcx %r9, %r15 - - .byte 0xc4,0xe2,0xfb,0xf6,0x8e,0x30,0x00,0x00,0x00 # mulx 48($inp), %rax, %rcx - adox %rax, %r15 - adcx %rcx, %r8 - - mulx 56($inp), $out, %r9 - adox $out, %r8 - adcx %rbp, %r9 - mulx %rdx, %rax, $out - adox %rbp, %r9 - mov 24($inp), %rdx - - xor %rcx, %rcx - adox %r11, %r11 - # rbx <= 2 and rax <= 0xFFFF..F9, so carry must be zero here - adcx %rbx, %rax - adox %r12, %r12 - adcx %rax, %r11 - adox %rbp, %rcx - adcx $out, %r12 - adcx %rbp, %rcx - - mov %r11, 32(%rsp) - mov %r12, 40(%rsp) - -#fourth iteration - mulx 32($inp), %rax, %rbx - adox %rax, %r14 - adcx %rbx, %r15 - - mulx 40($inp), $out, %r10 - adox $out, %r15 - adcx %r10, %r8 - - mulx 48($inp), %rax, %rbx - adox %rax, %r8 - adcx %rbx, %r9 - - mulx 56($inp), $out, %r10 - adox $out, %r9 - adcx %rbp, %r10 - mulx %rdx, %rax, $out - adox %rbp, %r10 - mov 32($inp), %rdx - - xor %rbx, %rbx - adox %r13, %r13 - # rcx <= 2 and rax <= 0xFFFF..F9, so carry must be zero here - adcx %rcx, %rax - adox %r14, %r14 - adcx %rax, %r13 - adox %rbp, %rbx - adcx $out, %r14 - adcx %rbp, %rbx - - mov %r13, 48(%rsp) - mov %r14, 56(%rsp) - -#fifth iteration - mulx 40($inp), $out, %r11 - adox $out, %r8 - adcx %r11, %r9 - - mulx 48($inp), %rax, %rcx - adox %rax, %r9 - adcx %rcx, %r10 - - mulx 56($inp), $out, %r11 - adox $out, %r10 - adcx %rbp, %r11 - mulx %rdx, %rax, $out - mov 40($inp), %rdx - adox %rbp, %r11 - - xor %rcx, %rcx - adox %r15, %r15 - # rbx <= 2 and rax <= 0xFFFF..F9, so carry must be zero here - adcx %rbx, %rax - adox %r8, %r8 - adcx %rax, %r15 - adox %rbp, %rcx - adcx $out, %r8 - adcx %rbp, %rcx - - mov %r15, 64(%rsp) - mov %r8, 72(%rsp) - -#sixth iteration - .byte 0xc4,0xe2,0xfb,0xf6,0x9e,0x30,0x00,0x00,0x00 # mulx 48($inp), %rax, %rbx - adox %rax, %r10 - adcx %rbx, %r11 - - .byte 0xc4,0x62,0xc3,0xf6,0xa6,0x38,0x00,0x00,0x00 # mulx 56($inp), $out, %r12 - adox $out, %r11 - adcx %rbp, %r12 - mulx %rdx, %rax, $out - adox %rbp, %r12 - mov 48($inp), %rdx - - xor %rbx, %rbx - adox %r9, %r9 - # rcx <= 2 and rax <= 0xFFFF..F9, so carry must be zero here - adcx %rcx, %rax - adox %r10, %r10 - adcx %rax, %r9 - adcx $out, %r10 - adox %rbp, %rbx - adcx %rbp, %rbx - - mov %r9, 80(%rsp) - mov %r10, 88(%rsp) - -#seventh iteration - .byte 0xc4,0x62,0xfb,0xf6,0xae,0x38,0x00,0x00,0x00 # mulx 56($inp), %rax, %r13 - adox %rax, %r12 - adox %rbp, %r13 - - mulx %rdx, %rax, $out - xor %rcx, %rcx - mov 56($inp), %rdx - adox %r11, %r11 - # rbx <= 2 and rax <= 0xFFFF..F9, so carry must be zero here - adcx %rbx, %rax - adox %r12, %r12 - adcx %rax, %r11 - adox %rbp, %rcx - adcx $out, %r12 - adcx %rbp, %rcx - - .byte 0x4c,0x89,0x9c,0x24,0x60,0x00,0x00,0x00 # mov %r11, 96(%rsp) - .byte 0x4c,0x89,0xa4,0x24,0x68,0x00,0x00,0x00 # mov %r12, 104(%rsp) - -#eighth iteration - mulx %rdx, %rax, %rdx - xor %rbx, %rbx - adox %r13, %r13 - # rcx <= 2 and rax <= 0xFFFF..F9, so carry must be zero here - adcx %rcx, %rax - adox %rbp, %rbx - adcx %r13, %rax - adcx %rdx, %rbx - - movq %xmm0, $out - movq %xmm1, %rbp - - movq 128(%rsp), %rdx # pull $n0 - movq (%rsp), %r8 - movq 8(%rsp), %r9 - movq 16(%rsp), %r10 - movq 24(%rsp), %r11 - movq 32(%rsp), %r12 - movq 40(%rsp), %r13 - movq 48(%rsp), %r14 - movq 56(%rsp), %r15 - - movq %rax, 112(%rsp) - movq %rbx, 120(%rsp) - - call __rsaz_512_reducex - - addq 64(%rsp), %r8 - adcq 72(%rsp), %r9 - adcq 80(%rsp), %r10 - adcq 88(%rsp), %r11 - adcq 96(%rsp), %r12 - adcq 104(%rsp), %r13 - adcq 112(%rsp), %r14 - adcq 120(%rsp), %r15 - sbbq %rcx, %rcx - - call __rsaz_512_subtract - - movq %r8, %rdx - movq %r9, %rax - movl 128+8(%rsp), $times - movq $out, $inp - - decl $times - jnz .Loop_sqrx - -.Lsqr_tail: -___ -} -$code.=<<___; - - leaq 128+24+48(%rsp), %rax -.cfi_def_cfa %rax,8 - movq -48(%rax), %r15 -.cfi_restore %r15 - movq -40(%rax), %r14 -.cfi_restore %r14 - movq -32(%rax), %r13 -.cfi_restore %r13 - movq -24(%rax), %r12 -.cfi_restore %r12 - movq -16(%rax), %rbp -.cfi_restore %rbp - movq -8(%rax), %rbx -.cfi_restore %rbx - leaq (%rax), %rsp -.cfi_def_cfa_register %rsp -.Lsqr_epilogue: - ret -.cfi_endproc -.size rsaz_512_sqr,.-rsaz_512_sqr -___ -} -{ -my ($out,$ap,$bp,$mod,$n0) = ("%rdi","%rsi","%rdx","%rcx","%r8"); -$code.=<<___; -.globl rsaz_512_mul -.type rsaz_512_mul,\@function,5 -.align 32 -rsaz_512_mul: -.cfi_startproc - push %rbx -.cfi_push %rbx - push %rbp -.cfi_push %rbp - push %r12 -.cfi_push %r12 - push %r13 -.cfi_push %r13 - push %r14 -.cfi_push %r14 - push %r15 -.cfi_push %r15 - - subq \$128+24, %rsp -.cfi_adjust_cfa_offset 128+24 -.Lmul_body: - movq $out, %xmm0 # off-load arguments - movq $mod, %xmm1 - movq $n0, 128(%rsp) -___ -$code.=<<___ if ($addx); - movl \$0x80100,%r11d - andl OPENSSL_ia32cap_P+8(%rip),%r11d - cmpl \$0x80100,%r11d # check for MULX and ADO/CX - je .Lmulx -___ -$code.=<<___; - movq ($bp), %rbx # pass b[0] - movq $bp, %rbp # pass argument - call __rsaz_512_mul - - movq %xmm0, $out - movq %xmm1, %rbp - - movq (%rsp), %r8 - movq 8(%rsp), %r9 - movq 16(%rsp), %r10 - movq 24(%rsp), %r11 - movq 32(%rsp), %r12 - movq 40(%rsp), %r13 - movq 48(%rsp), %r14 - movq 56(%rsp), %r15 - - call __rsaz_512_reduce -___ -$code.=<<___ if ($addx); - jmp .Lmul_tail - -.align 32 -.Lmulx: - movq $bp, %rbp # pass argument - movq ($bp), %rdx # pass b[0] - call __rsaz_512_mulx - - movq %xmm0, $out - movq %xmm1, %rbp - - movq 128(%rsp), %rdx # pull $n0 - movq (%rsp), %r8 - movq 8(%rsp), %r9 - movq 16(%rsp), %r10 - movq 24(%rsp), %r11 - movq 32(%rsp), %r12 - movq 40(%rsp), %r13 - movq 48(%rsp), %r14 - movq 56(%rsp), %r15 - - call __rsaz_512_reducex -.Lmul_tail: -___ -$code.=<<___; - addq 64(%rsp), %r8 - adcq 72(%rsp), %r9 - adcq 80(%rsp), %r10 - adcq 88(%rsp), %r11 - adcq 96(%rsp), %r12 - adcq 104(%rsp), %r13 - adcq 112(%rsp), %r14 - adcq 120(%rsp), %r15 - sbbq %rcx, %rcx - - call __rsaz_512_subtract - - leaq 128+24+48(%rsp), %rax -.cfi_def_cfa %rax,8 - movq -48(%rax), %r15 -.cfi_restore %r15 - movq -40(%rax), %r14 -.cfi_restore %r14 - movq -32(%rax), %r13 -.cfi_restore %r13 - movq -24(%rax), %r12 -.cfi_restore %r12 - movq -16(%rax), %rbp -.cfi_restore %rbp - movq -8(%rax), %rbx -.cfi_restore %rbx - leaq (%rax), %rsp -.cfi_def_cfa_register %rsp -.Lmul_epilogue: - ret -.cfi_endproc -.size rsaz_512_mul,.-rsaz_512_mul -___ -} -{ -my ($out,$ap,$bp,$mod,$n0,$pwr) = ("%rdi","%rsi","%rdx","%rcx","%r8","%r9d"); -$code.=<<___; -.globl rsaz_512_mul_gather4 -.type rsaz_512_mul_gather4,\@function,6 -.align 32 -rsaz_512_mul_gather4: -.cfi_startproc - push %rbx -.cfi_push %rbx - push %rbp -.cfi_push %rbp - push %r12 -.cfi_push %r12 - push %r13 -.cfi_push %r13 - push %r14 -.cfi_push %r14 - push %r15 -.cfi_push %r15 - - subq \$`128+24+($win64?0xb0:0)`, %rsp -.cfi_adjust_cfa_offset `128+24+($win64?0xb0:0)` -___ -$code.=<<___ if ($win64); - movaps %xmm6,0xa0(%rsp) - movaps %xmm7,0xb0(%rsp) - movaps %xmm8,0xc0(%rsp) - movaps %xmm9,0xd0(%rsp) - movaps %xmm10,0xe0(%rsp) - movaps %xmm11,0xf0(%rsp) - movaps %xmm12,0x100(%rsp) - movaps %xmm13,0x110(%rsp) - movaps %xmm14,0x120(%rsp) - movaps %xmm15,0x130(%rsp) -___ -$code.=<<___; -.Lmul_gather4_body: - movd $pwr,%xmm8 - movdqa .Linc+16(%rip),%xmm1 # 00000002000000020000000200000002 - movdqa .Linc(%rip),%xmm0 # 00000001000000010000000000000000 - - pshufd \$0,%xmm8,%xmm8 # broadcast $power - movdqa %xmm1,%xmm7 - movdqa %xmm1,%xmm2 -___ -######################################################################## -# calculate mask by comparing 0..15 to $power -# -for($i=0;$i<4;$i++) { -$code.=<<___; - paddd %xmm`$i`,%xmm`$i+1` - pcmpeqd %xmm8,%xmm`$i` - movdqa %xmm7,%xmm`$i+3` -___ -} -for(;$i<7;$i++) { -$code.=<<___; - paddd %xmm`$i`,%xmm`$i+1` - pcmpeqd %xmm8,%xmm`$i` -___ -} -$code.=<<___; - pcmpeqd %xmm8,%xmm7 - - movdqa 16*0($bp),%xmm8 - movdqa 16*1($bp),%xmm9 - movdqa 16*2($bp),%xmm10 - movdqa 16*3($bp),%xmm11 - pand %xmm0,%xmm8 - movdqa 16*4($bp),%xmm12 - pand %xmm1,%xmm9 - movdqa 16*5($bp),%xmm13 - pand %xmm2,%xmm10 - movdqa 16*6($bp),%xmm14 - pand %xmm3,%xmm11 - movdqa 16*7($bp),%xmm15 - leaq 128($bp), %rbp - pand %xmm4,%xmm12 - pand %xmm5,%xmm13 - pand %xmm6,%xmm14 - pand %xmm7,%xmm15 - por %xmm10,%xmm8 - por %xmm11,%xmm9 - por %xmm12,%xmm8 - por %xmm13,%xmm9 - por %xmm14,%xmm8 - por %xmm15,%xmm9 - - por %xmm9,%xmm8 - pshufd \$0x4e,%xmm8,%xmm9 - por %xmm9,%xmm8 -___ -$code.=<<___ if ($addx); - movl \$0x80100,%r11d - andl OPENSSL_ia32cap_P+8(%rip),%r11d - cmpl \$0x80100,%r11d # check for MULX and ADO/CX - je .Lmulx_gather -___ -$code.=<<___; - movq %xmm8,%rbx - - movq $n0, 128(%rsp) # off-load arguments - movq $out, 128+8(%rsp) - movq $mod, 128+16(%rsp) - - movq ($ap), %rax - movq 8($ap), %rcx - mulq %rbx # 0 iteration - movq %rax, (%rsp) - movq %rcx, %rax - movq %rdx, %r8 - - mulq %rbx - addq %rax, %r8 - movq 16($ap), %rax - movq %rdx, %r9 - adcq \$0, %r9 - - mulq %rbx - addq %rax, %r9 - movq 24($ap), %rax - movq %rdx, %r10 - adcq \$0, %r10 - - mulq %rbx - addq %rax, %r10 - movq 32($ap), %rax - movq %rdx, %r11 - adcq \$0, %r11 - - mulq %rbx - addq %rax, %r11 - movq 40($ap), %rax - movq %rdx, %r12 - adcq \$0, %r12 - - mulq %rbx - addq %rax, %r12 - movq 48($ap), %rax - movq %rdx, %r13 - adcq \$0, %r13 - - mulq %rbx - addq %rax, %r13 - movq 56($ap), %rax - movq %rdx, %r14 - adcq \$0, %r14 - - mulq %rbx - addq %rax, %r14 - movq ($ap), %rax - movq %rdx, %r15 - adcq \$0, %r15 - - leaq 8(%rsp), %rdi - movl \$7, %ecx - jmp .Loop_mul_gather - -.align 32 -.Loop_mul_gather: - movdqa 16*0(%rbp),%xmm8 - movdqa 16*1(%rbp),%xmm9 - movdqa 16*2(%rbp),%xmm10 - movdqa 16*3(%rbp),%xmm11 - pand %xmm0,%xmm8 - movdqa 16*4(%rbp),%xmm12 - pand %xmm1,%xmm9 - movdqa 16*5(%rbp),%xmm13 - pand %xmm2,%xmm10 - movdqa 16*6(%rbp),%xmm14 - pand %xmm3,%xmm11 - movdqa 16*7(%rbp),%xmm15 - leaq 128(%rbp), %rbp - pand %xmm4,%xmm12 - pand %xmm5,%xmm13 - pand %xmm6,%xmm14 - pand %xmm7,%xmm15 - por %xmm10,%xmm8 - por %xmm11,%xmm9 - por %xmm12,%xmm8 - por %xmm13,%xmm9 - por %xmm14,%xmm8 - por %xmm15,%xmm9 - - por %xmm9,%xmm8 - pshufd \$0x4e,%xmm8,%xmm9 - por %xmm9,%xmm8 - movq %xmm8,%rbx - - mulq %rbx - addq %rax, %r8 - movq 8($ap), %rax - movq %r8, (%rdi) - movq %rdx, %r8 - adcq \$0, %r8 - - mulq %rbx - addq %rax, %r9 - movq 16($ap), %rax - adcq \$0, %rdx - addq %r9, %r8 - movq %rdx, %r9 - adcq \$0, %r9 - - mulq %rbx - addq %rax, %r10 - movq 24($ap), %rax - adcq \$0, %rdx - addq %r10, %r9 - movq %rdx, %r10 - adcq \$0, %r10 - - mulq %rbx - addq %rax, %r11 - movq 32($ap), %rax - adcq \$0, %rdx - addq %r11, %r10 - movq %rdx, %r11 - adcq \$0, %r11 - - mulq %rbx - addq %rax, %r12 - movq 40($ap), %rax - adcq \$0, %rdx - addq %r12, %r11 - movq %rdx, %r12 - adcq \$0, %r12 - - mulq %rbx - addq %rax, %r13 - movq 48($ap), %rax - adcq \$0, %rdx - addq %r13, %r12 - movq %rdx, %r13 - adcq \$0, %r13 - - mulq %rbx - addq %rax, %r14 - movq 56($ap), %rax - adcq \$0, %rdx - addq %r14, %r13 - movq %rdx, %r14 - adcq \$0, %r14 - - mulq %rbx - addq %rax, %r15 - movq ($ap), %rax - adcq \$0, %rdx - addq %r15, %r14 - movq %rdx, %r15 - adcq \$0, %r15 - - leaq 8(%rdi), %rdi - - decl %ecx - jnz .Loop_mul_gather - - movq %r8, (%rdi) - movq %r9, 8(%rdi) - movq %r10, 16(%rdi) - movq %r11, 24(%rdi) - movq %r12, 32(%rdi) - movq %r13, 40(%rdi) - movq %r14, 48(%rdi) - movq %r15, 56(%rdi) - - movq 128+8(%rsp), $out - movq 128+16(%rsp), %rbp - - movq (%rsp), %r8 - movq 8(%rsp), %r9 - movq 16(%rsp), %r10 - movq 24(%rsp), %r11 - movq 32(%rsp), %r12 - movq 40(%rsp), %r13 - movq 48(%rsp), %r14 - movq 56(%rsp), %r15 - - call __rsaz_512_reduce -___ -$code.=<<___ if ($addx); - jmp .Lmul_gather_tail - -.align 32 -.Lmulx_gather: - movq %xmm8,%rdx - - mov $n0, 128(%rsp) # off-load arguments - mov $out, 128+8(%rsp) - mov $mod, 128+16(%rsp) - - mulx ($ap), %rbx, %r8 # 0 iteration - mov %rbx, (%rsp) - xor %edi, %edi # cf=0, of=0 - - mulx 8($ap), %rax, %r9 - - mulx 16($ap), %rbx, %r10 - adcx %rax, %r8 - - mulx 24($ap), %rax, %r11 - adcx %rbx, %r9 - - mulx 32($ap), %rbx, %r12 - adcx %rax, %r10 - - mulx 40($ap), %rax, %r13 - adcx %rbx, %r11 - - mulx 48($ap), %rbx, %r14 - adcx %rax, %r12 - - mulx 56($ap), %rax, %r15 - adcx %rbx, %r13 - adcx %rax, %r14 - .byte 0x67 - mov %r8, %rbx - adcx %rdi, %r15 # %rdi is 0 - - mov \$-7, %rcx - jmp .Loop_mulx_gather - -.align 32 -.Loop_mulx_gather: - movdqa 16*0(%rbp),%xmm8 - movdqa 16*1(%rbp),%xmm9 - movdqa 16*2(%rbp),%xmm10 - movdqa 16*3(%rbp),%xmm11 - pand %xmm0,%xmm8 - movdqa 16*4(%rbp),%xmm12 - pand %xmm1,%xmm9 - movdqa 16*5(%rbp),%xmm13 - pand %xmm2,%xmm10 - movdqa 16*6(%rbp),%xmm14 - pand %xmm3,%xmm11 - movdqa 16*7(%rbp),%xmm15 - leaq 128(%rbp), %rbp - pand %xmm4,%xmm12 - pand %xmm5,%xmm13 - pand %xmm6,%xmm14 - pand %xmm7,%xmm15 - por %xmm10,%xmm8 - por %xmm11,%xmm9 - por %xmm12,%xmm8 - por %xmm13,%xmm9 - por %xmm14,%xmm8 - por %xmm15,%xmm9 - - por %xmm9,%xmm8 - pshufd \$0x4e,%xmm8,%xmm9 - por %xmm9,%xmm8 - movq %xmm8,%rdx - - .byte 0xc4,0x62,0xfb,0xf6,0x86,0x00,0x00,0x00,0x00 # mulx ($ap), %rax, %r8 - adcx %rax, %rbx - adox %r9, %r8 - - mulx 8($ap), %rax, %r9 - adcx %rax, %r8 - adox %r10, %r9 - - mulx 16($ap), %rax, %r10 - adcx %rax, %r9 - adox %r11, %r10 - - .byte 0xc4,0x62,0xfb,0xf6,0x9e,0x18,0x00,0x00,0x00 # mulx 24($ap), %rax, %r11 - adcx %rax, %r10 - adox %r12, %r11 - - mulx 32($ap), %rax, %r12 - adcx %rax, %r11 - adox %r13, %r12 - - mulx 40($ap), %rax, %r13 - adcx %rax, %r12 - adox %r14, %r13 - - .byte 0xc4,0x62,0xfb,0xf6,0xb6,0x30,0x00,0x00,0x00 # mulx 48($ap), %rax, %r14 - adcx %rax, %r13 - .byte 0x67 - adox %r15, %r14 - - mulx 56($ap), %rax, %r15 - mov %rbx, 64(%rsp,%rcx,8) - adcx %rax, %r14 - adox %rdi, %r15 - mov %r8, %rbx - adcx %rdi, %r15 # cf=0 - - inc %rcx # of=0 - jnz .Loop_mulx_gather - - mov %r8, 64(%rsp) - mov %r9, 64+8(%rsp) - mov %r10, 64+16(%rsp) - mov %r11, 64+24(%rsp) - mov %r12, 64+32(%rsp) - mov %r13, 64+40(%rsp) - mov %r14, 64+48(%rsp) - mov %r15, 64+56(%rsp) - - mov 128(%rsp), %rdx # pull arguments - mov 128+8(%rsp), $out - mov 128+16(%rsp), %rbp - - mov (%rsp), %r8 - mov 8(%rsp), %r9 - mov 16(%rsp), %r10 - mov 24(%rsp), %r11 - mov 32(%rsp), %r12 - mov 40(%rsp), %r13 - mov 48(%rsp), %r14 - mov 56(%rsp), %r15 - - call __rsaz_512_reducex - -.Lmul_gather_tail: -___ -$code.=<<___; - addq 64(%rsp), %r8 - adcq 72(%rsp), %r9 - adcq 80(%rsp), %r10 - adcq 88(%rsp), %r11 - adcq 96(%rsp), %r12 - adcq 104(%rsp), %r13 - adcq 112(%rsp), %r14 - adcq 120(%rsp), %r15 - sbbq %rcx, %rcx - - call __rsaz_512_subtract - - leaq 128+24+48(%rsp), %rax -___ -$code.=<<___ if ($win64); - movaps 0xa0-0xc8(%rax),%xmm6 - movaps 0xb0-0xc8(%rax),%xmm7 - movaps 0xc0-0xc8(%rax),%xmm8 - movaps 0xd0-0xc8(%rax),%xmm9 - movaps 0xe0-0xc8(%rax),%xmm10 - movaps 0xf0-0xc8(%rax),%xmm11 - movaps 0x100-0xc8(%rax),%xmm12 - movaps 0x110-0xc8(%rax),%xmm13 - movaps 0x120-0xc8(%rax),%xmm14 - movaps 0x130-0xc8(%rax),%xmm15 - lea 0xb0(%rax),%rax -___ -$code.=<<___; -.cfi_def_cfa %rax,8 - movq -48(%rax), %r15 -.cfi_restore %r15 - movq -40(%rax), %r14 -.cfi_restore %r14 - movq -32(%rax), %r13 -.cfi_restore %r13 - movq -24(%rax), %r12 -.cfi_restore %r12 - movq -16(%rax), %rbp -.cfi_restore %rbp - movq -8(%rax), %rbx -.cfi_restore %rbx - leaq (%rax), %rsp -.cfi_def_cfa_register %rsp -.Lmul_gather4_epilogue: - ret -.cfi_endproc -.size rsaz_512_mul_gather4,.-rsaz_512_mul_gather4 -___ -} -{ -my ($out,$ap,$mod,$n0,$tbl,$pwr) = ("%rdi","%rsi","%rdx","%rcx","%r8","%r9d"); -$code.=<<___; -.globl rsaz_512_mul_scatter4 -.type rsaz_512_mul_scatter4,\@function,6 -.align 32 -rsaz_512_mul_scatter4: -.cfi_startproc - push %rbx -.cfi_push %rbx - push %rbp -.cfi_push %rbp - push %r12 -.cfi_push %r12 - push %r13 -.cfi_push %r13 - push %r14 -.cfi_push %r14 - push %r15 -.cfi_push %r15 - - mov $pwr, $pwr - subq \$128+24, %rsp -.cfi_adjust_cfa_offset 128+24 -.Lmul_scatter4_body: - leaq ($tbl,$pwr,8), $tbl - movq $out, %xmm0 # off-load arguments - movq $mod, %xmm1 - movq $tbl, %xmm2 - movq $n0, 128(%rsp) - - movq $out, %rbp -___ -$code.=<<___ if ($addx); - movl \$0x80100,%r11d - andl OPENSSL_ia32cap_P+8(%rip),%r11d - cmpl \$0x80100,%r11d # check for MULX and ADO/CX - je .Lmulx_scatter -___ -$code.=<<___; - movq ($out),%rbx # pass b[0] - call __rsaz_512_mul - - movq %xmm0, $out - movq %xmm1, %rbp - - movq (%rsp), %r8 - movq 8(%rsp), %r9 - movq 16(%rsp), %r10 - movq 24(%rsp), %r11 - movq 32(%rsp), %r12 - movq 40(%rsp), %r13 - movq 48(%rsp), %r14 - movq 56(%rsp), %r15 - - call __rsaz_512_reduce -___ -$code.=<<___ if ($addx); - jmp .Lmul_scatter_tail - -.align 32 -.Lmulx_scatter: - movq ($out), %rdx # pass b[0] - call __rsaz_512_mulx - - movq %xmm0, $out - movq %xmm1, %rbp - - movq 128(%rsp), %rdx # pull $n0 - movq (%rsp), %r8 - movq 8(%rsp), %r9 - movq 16(%rsp), %r10 - movq 24(%rsp), %r11 - movq 32(%rsp), %r12 - movq 40(%rsp), %r13 - movq 48(%rsp), %r14 - movq 56(%rsp), %r15 - - call __rsaz_512_reducex - -.Lmul_scatter_tail: -___ -$code.=<<___; - addq 64(%rsp), %r8 - adcq 72(%rsp), %r9 - adcq 80(%rsp), %r10 - adcq 88(%rsp), %r11 - adcq 96(%rsp), %r12 - adcq 104(%rsp), %r13 - adcq 112(%rsp), %r14 - adcq 120(%rsp), %r15 - movq %xmm2, $inp - sbbq %rcx, %rcx - - call __rsaz_512_subtract - - movq %r8, 128*0($inp) # scatter - movq %r9, 128*1($inp) - movq %r10, 128*2($inp) - movq %r11, 128*3($inp) - movq %r12, 128*4($inp) - movq %r13, 128*5($inp) - movq %r14, 128*6($inp) - movq %r15, 128*7($inp) - - leaq 128+24+48(%rsp), %rax -.cfi_def_cfa %rax,8 - movq -48(%rax), %r15 -.cfi_restore %r15 - movq -40(%rax), %r14 -.cfi_restore %r14 - movq -32(%rax), %r13 -.cfi_restore %r13 - movq -24(%rax), %r12 -.cfi_restore %r12 - movq -16(%rax), %rbp -.cfi_restore %rbp - movq -8(%rax), %rbx -.cfi_restore %rbx - leaq (%rax), %rsp -.cfi_def_cfa_register %rsp -.Lmul_scatter4_epilogue: - ret -.cfi_endproc -.size rsaz_512_mul_scatter4,.-rsaz_512_mul_scatter4 -___ -} -{ -my ($out,$inp,$mod,$n0) = ("%rdi","%rsi","%rdx","%rcx"); -$code.=<<___; -.globl rsaz_512_mul_by_one -.type rsaz_512_mul_by_one,\@function,4 -.align 32 -rsaz_512_mul_by_one: -.cfi_startproc - push %rbx -.cfi_push %rbx - push %rbp -.cfi_push %rbp - push %r12 -.cfi_push %r12 - push %r13 -.cfi_push %r13 - push %r14 -.cfi_push %r14 - push %r15 -.cfi_push %r15 - - subq \$128+24, %rsp -.cfi_adjust_cfa_offset 128+24 -.Lmul_by_one_body: -___ -$code.=<<___ if ($addx); - movl OPENSSL_ia32cap_P+8(%rip),%eax -___ -$code.=<<___; - movq $mod, %rbp # reassign argument - movq $n0, 128(%rsp) - - movq ($inp), %r8 - pxor %xmm0, %xmm0 - movq 8($inp), %r9 - movq 16($inp), %r10 - movq 24($inp), %r11 - movq 32($inp), %r12 - movq 40($inp), %r13 - movq 48($inp), %r14 - movq 56($inp), %r15 - - movdqa %xmm0, (%rsp) - movdqa %xmm0, 16(%rsp) - movdqa %xmm0, 32(%rsp) - movdqa %xmm0, 48(%rsp) - movdqa %xmm0, 64(%rsp) - movdqa %xmm0, 80(%rsp) - movdqa %xmm0, 96(%rsp) -___ -$code.=<<___ if ($addx); - andl \$0x80100,%eax - cmpl \$0x80100,%eax # check for MULX and ADO/CX - je .Lby_one_callx -___ -$code.=<<___; - call __rsaz_512_reduce -___ -$code.=<<___ if ($addx); - jmp .Lby_one_tail -.align 32 -.Lby_one_callx: - movq 128(%rsp), %rdx # pull $n0 - call __rsaz_512_reducex -.Lby_one_tail: -___ -$code.=<<___; - movq %r8, ($out) - movq %r9, 8($out) - movq %r10, 16($out) - movq %r11, 24($out) - movq %r12, 32($out) - movq %r13, 40($out) - movq %r14, 48($out) - movq %r15, 56($out) - - leaq 128+24+48(%rsp), %rax -.cfi_def_cfa %rax,8 - movq -48(%rax), %r15 -.cfi_restore %r15 - movq -40(%rax), %r14 -.cfi_restore %r14 - movq -32(%rax), %r13 -.cfi_restore %r13 - movq -24(%rax), %r12 -.cfi_restore %r12 - movq -16(%rax), %rbp -.cfi_restore %rbp - movq -8(%rax), %rbx -.cfi_restore %rbx - leaq (%rax), %rsp -.cfi_def_cfa_register %rsp -.Lmul_by_one_epilogue: - ret -.cfi_endproc -.size rsaz_512_mul_by_one,.-rsaz_512_mul_by_one -___ -} -{ # __rsaz_512_reduce - # - # input: %r8-%r15, %rbp - mod, 128(%rsp) - n0 - # output: %r8-%r15 - # clobbers: everything except %rbp and %rdi -$code.=<<___; -.type __rsaz_512_reduce,\@abi-omnipotent -.align 32 -__rsaz_512_reduce: -.cfi_startproc - movq %r8, %rbx - imulq 128+8(%rsp), %rbx - movq 0(%rbp), %rax - movl \$8, %ecx - jmp .Lreduction_loop - -.align 32 -.Lreduction_loop: - mulq %rbx - movq 8(%rbp), %rax - negq %r8 - movq %rdx, %r8 - adcq \$0, %r8 - - mulq %rbx - addq %rax, %r9 - movq 16(%rbp), %rax - adcq \$0, %rdx - addq %r9, %r8 - movq %rdx, %r9 - adcq \$0, %r9 - - mulq %rbx - addq %rax, %r10 - movq 24(%rbp), %rax - adcq \$0, %rdx - addq %r10, %r9 - movq %rdx, %r10 - adcq \$0, %r10 - - mulq %rbx - addq %rax, %r11 - movq 32(%rbp), %rax - adcq \$0, %rdx - addq %r11, %r10 - movq 128+8(%rsp), %rsi - #movq %rdx, %r11 - #adcq \$0, %r11 - adcq \$0, %rdx - movq %rdx, %r11 - - mulq %rbx - addq %rax, %r12 - movq 40(%rbp), %rax - adcq \$0, %rdx - imulq %r8, %rsi - addq %r12, %r11 - movq %rdx, %r12 - adcq \$0, %r12 - - mulq %rbx - addq %rax, %r13 - movq 48(%rbp), %rax - adcq \$0, %rdx - addq %r13, %r12 - movq %rdx, %r13 - adcq \$0, %r13 - - mulq %rbx - addq %rax, %r14 - movq 56(%rbp), %rax - adcq \$0, %rdx - addq %r14, %r13 - movq %rdx, %r14 - adcq \$0, %r14 - - mulq %rbx - movq %rsi, %rbx - addq %rax, %r15 - movq 0(%rbp), %rax - adcq \$0, %rdx - addq %r15, %r14 - movq %rdx, %r15 - adcq \$0, %r15 - - decl %ecx - jne .Lreduction_loop - - ret -.cfi_endproc -.size __rsaz_512_reduce,.-__rsaz_512_reduce -___ -} -if ($addx) { - # __rsaz_512_reducex - # - # input: %r8-%r15, %rbp - mod, 128(%rsp) - n0 - # output: %r8-%r15 - # clobbers: everything except %rbp and %rdi -$code.=<<___; -.type __rsaz_512_reducex,\@abi-omnipotent -.align 32 -__rsaz_512_reducex: -.cfi_startproc - #movq 128+8(%rsp), %rdx # pull $n0 - imulq %r8, %rdx - xorq %rsi, %rsi # cf=0,of=0 - movl \$8, %ecx - jmp .Lreduction_loopx - -.align 32 -.Lreduction_loopx: - mov %r8, %rbx - mulx 0(%rbp), %rax, %r8 - adcx %rbx, %rax - adox %r9, %r8 - - mulx 8(%rbp), %rax, %r9 - adcx %rax, %r8 - adox %r10, %r9 - - mulx 16(%rbp), %rbx, %r10 - adcx %rbx, %r9 - adox %r11, %r10 - - mulx 24(%rbp), %rbx, %r11 - adcx %rbx, %r10 - adox %r12, %r11 - - .byte 0xc4,0x62,0xe3,0xf6,0xa5,0x20,0x00,0x00,0x00 # mulx 32(%rbp), %rbx, %r12 - mov %rdx, %rax - mov %r8, %rdx - adcx %rbx, %r11 - adox %r13, %r12 - - mulx 128+8(%rsp), %rbx, %rdx - mov %rax, %rdx - - mulx 40(%rbp), %rax, %r13 - adcx %rax, %r12 - adox %r14, %r13 - - .byte 0xc4,0x62,0xfb,0xf6,0xb5,0x30,0x00,0x00,0x00 # mulx 48(%rbp), %rax, %r14 - adcx %rax, %r13 - adox %r15, %r14 - - mulx 56(%rbp), %rax, %r15 - mov %rbx, %rdx - adcx %rax, %r14 - adox %rsi, %r15 # %rsi is 0 - adcx %rsi, %r15 # cf=0 - - decl %ecx # of=0 - jne .Lreduction_loopx - - ret -.cfi_endproc -.size __rsaz_512_reducex,.-__rsaz_512_reducex -___ -} -{ # __rsaz_512_subtract - # input: %r8-%r15, %rdi - $out, %rbp - $mod, %rcx - mask - # output: - # clobbers: everything but %rdi, %rsi and %rbp -$code.=<<___; -.type __rsaz_512_subtract,\@abi-omnipotent -.align 32 -__rsaz_512_subtract: -.cfi_startproc - movq %r8, ($out) - movq %r9, 8($out) - movq %r10, 16($out) - movq %r11, 24($out) - movq %r12, 32($out) - movq %r13, 40($out) - movq %r14, 48($out) - movq %r15, 56($out) - - movq 0($mod), %r8 - movq 8($mod), %r9 - negq %r8 - notq %r9 - andq %rcx, %r8 - movq 16($mod), %r10 - andq %rcx, %r9 - notq %r10 - movq 24($mod), %r11 - andq %rcx, %r10 - notq %r11 - movq 32($mod), %r12 - andq %rcx, %r11 - notq %r12 - movq 40($mod), %r13 - andq %rcx, %r12 - notq %r13 - movq 48($mod), %r14 - andq %rcx, %r13 - notq %r14 - movq 56($mod), %r15 - andq %rcx, %r14 - notq %r15 - andq %rcx, %r15 - - addq ($out), %r8 - adcq 8($out), %r9 - adcq 16($out), %r10 - adcq 24($out), %r11 - adcq 32($out), %r12 - adcq 40($out), %r13 - adcq 48($out), %r14 - adcq 56($out), %r15 - - movq %r8, ($out) - movq %r9, 8($out) - movq %r10, 16($out) - movq %r11, 24($out) - movq %r12, 32($out) - movq %r13, 40($out) - movq %r14, 48($out) - movq %r15, 56($out) - - ret -.cfi_endproc -.size __rsaz_512_subtract,.-__rsaz_512_subtract -___ -} -{ # __rsaz_512_mul - # - # input: %rsi - ap, %rbp - bp - # output: - # clobbers: everything -my ($ap,$bp) = ("%rsi","%rbp"); -$code.=<<___; -.type __rsaz_512_mul,\@abi-omnipotent -.align 32 -__rsaz_512_mul: -.cfi_startproc - leaq 8(%rsp), %rdi - - movq ($ap), %rax - mulq %rbx - movq %rax, (%rdi) - movq 8($ap), %rax - movq %rdx, %r8 - - mulq %rbx - addq %rax, %r8 - movq 16($ap), %rax - movq %rdx, %r9 - adcq \$0, %r9 - - mulq %rbx - addq %rax, %r9 - movq 24($ap), %rax - movq %rdx, %r10 - adcq \$0, %r10 - - mulq %rbx - addq %rax, %r10 - movq 32($ap), %rax - movq %rdx, %r11 - adcq \$0, %r11 - - mulq %rbx - addq %rax, %r11 - movq 40($ap), %rax - movq %rdx, %r12 - adcq \$0, %r12 - - mulq %rbx - addq %rax, %r12 - movq 48($ap), %rax - movq %rdx, %r13 - adcq \$0, %r13 - - mulq %rbx - addq %rax, %r13 - movq 56($ap), %rax - movq %rdx, %r14 - adcq \$0, %r14 - - mulq %rbx - addq %rax, %r14 - movq ($ap), %rax - movq %rdx, %r15 - adcq \$0, %r15 - - leaq 8($bp), $bp - leaq 8(%rdi), %rdi - - movl \$7, %ecx - jmp .Loop_mul - -.align 32 -.Loop_mul: - movq ($bp), %rbx - mulq %rbx - addq %rax, %r8 - movq 8($ap), %rax - movq %r8, (%rdi) - movq %rdx, %r8 - adcq \$0, %r8 - - mulq %rbx - addq %rax, %r9 - movq 16($ap), %rax - adcq \$0, %rdx - addq %r9, %r8 - movq %rdx, %r9 - adcq \$0, %r9 - - mulq %rbx - addq %rax, %r10 - movq 24($ap), %rax - adcq \$0, %rdx - addq %r10, %r9 - movq %rdx, %r10 - adcq \$0, %r10 - - mulq %rbx - addq %rax, %r11 - movq 32($ap), %rax - adcq \$0, %rdx - addq %r11, %r10 - movq %rdx, %r11 - adcq \$0, %r11 - - mulq %rbx - addq %rax, %r12 - movq 40($ap), %rax - adcq \$0, %rdx - addq %r12, %r11 - movq %rdx, %r12 - adcq \$0, %r12 - - mulq %rbx - addq %rax, %r13 - movq 48($ap), %rax - adcq \$0, %rdx - addq %r13, %r12 - movq %rdx, %r13 - adcq \$0, %r13 - - mulq %rbx - addq %rax, %r14 - movq 56($ap), %rax - adcq \$0, %rdx - addq %r14, %r13 - movq %rdx, %r14 - leaq 8($bp), $bp - adcq \$0, %r14 - - mulq %rbx - addq %rax, %r15 - movq ($ap), %rax - adcq \$0, %rdx - addq %r15, %r14 - movq %rdx, %r15 - adcq \$0, %r15 - - leaq 8(%rdi), %rdi - - decl %ecx - jnz .Loop_mul - - movq %r8, (%rdi) - movq %r9, 8(%rdi) - movq %r10, 16(%rdi) - movq %r11, 24(%rdi) - movq %r12, 32(%rdi) - movq %r13, 40(%rdi) - movq %r14, 48(%rdi) - movq %r15, 56(%rdi) - - ret -.cfi_endproc -.size __rsaz_512_mul,.-__rsaz_512_mul -___ -} -if ($addx) { - # __rsaz_512_mulx - # - # input: %rsi - ap, %rbp - bp - # output: - # clobbers: everything -my ($ap,$bp,$zero) = ("%rsi","%rbp","%rdi"); -$code.=<<___; -.type __rsaz_512_mulx,\@abi-omnipotent -.align 32 -__rsaz_512_mulx: -.cfi_startproc - mulx ($ap), %rbx, %r8 # initial %rdx preloaded by caller - mov \$-6, %rcx - - mulx 8($ap), %rax, %r9 - movq %rbx, 8(%rsp) - - mulx 16($ap), %rbx, %r10 - adc %rax, %r8 - - mulx 24($ap), %rax, %r11 - adc %rbx, %r9 - - mulx 32($ap), %rbx, %r12 - adc %rax, %r10 - - mulx 40($ap), %rax, %r13 - adc %rbx, %r11 - - mulx 48($ap), %rbx, %r14 - adc %rax, %r12 - - mulx 56($ap), %rax, %r15 - mov 8($bp), %rdx - adc %rbx, %r13 - adc %rax, %r14 - adc \$0, %r15 - - xor $zero, $zero # cf=0,of=0 - jmp .Loop_mulx - -.align 32 -.Loop_mulx: - movq %r8, %rbx - mulx ($ap), %rax, %r8 - adcx %rax, %rbx - adox %r9, %r8 - - mulx 8($ap), %rax, %r9 - adcx %rax, %r8 - adox %r10, %r9 - - mulx 16($ap), %rax, %r10 - adcx %rax, %r9 - adox %r11, %r10 - - mulx 24($ap), %rax, %r11 - adcx %rax, %r10 - adox %r12, %r11 - - .byte 0x3e,0xc4,0x62,0xfb,0xf6,0xa6,0x20,0x00,0x00,0x00 # mulx 32($ap), %rax, %r12 - adcx %rax, %r11 - adox %r13, %r12 - - mulx 40($ap), %rax, %r13 - adcx %rax, %r12 - adox %r14, %r13 - - mulx 48($ap), %rax, %r14 - adcx %rax, %r13 - adox %r15, %r14 - - mulx 56($ap), %rax, %r15 - movq 64($bp,%rcx,8), %rdx - movq %rbx, 8+64-8(%rsp,%rcx,8) - adcx %rax, %r14 - adox $zero, %r15 - adcx $zero, %r15 # cf=0 - - inc %rcx # of=0 - jnz .Loop_mulx - - movq %r8, %rbx - mulx ($ap), %rax, %r8 - adcx %rax, %rbx - adox %r9, %r8 - - .byte 0xc4,0x62,0xfb,0xf6,0x8e,0x08,0x00,0x00,0x00 # mulx 8($ap), %rax, %r9 - adcx %rax, %r8 - adox %r10, %r9 - - .byte 0xc4,0x62,0xfb,0xf6,0x96,0x10,0x00,0x00,0x00 # mulx 16($ap), %rax, %r10 - adcx %rax, %r9 - adox %r11, %r10 - - mulx 24($ap), %rax, %r11 - adcx %rax, %r10 - adox %r12, %r11 - - mulx 32($ap), %rax, %r12 - adcx %rax, %r11 - adox %r13, %r12 - - mulx 40($ap), %rax, %r13 - adcx %rax, %r12 - adox %r14, %r13 - - .byte 0xc4,0x62,0xfb,0xf6,0xb6,0x30,0x00,0x00,0x00 # mulx 48($ap), %rax, %r14 - adcx %rax, %r13 - adox %r15, %r14 - - .byte 0xc4,0x62,0xfb,0xf6,0xbe,0x38,0x00,0x00,0x00 # mulx 56($ap), %rax, %r15 - adcx %rax, %r14 - adox $zero, %r15 - adcx $zero, %r15 - - mov %rbx, 8+64-8(%rsp) - mov %r8, 8+64(%rsp) - mov %r9, 8+64+8(%rsp) - mov %r10, 8+64+16(%rsp) - mov %r11, 8+64+24(%rsp) - mov %r12, 8+64+32(%rsp) - mov %r13, 8+64+40(%rsp) - mov %r14, 8+64+48(%rsp) - mov %r15, 8+64+56(%rsp) - - ret -.cfi_endproc -.size __rsaz_512_mulx,.-__rsaz_512_mulx -___ -} -{ -my ($out,$inp,$power)= $win64 ? ("%rcx","%rdx","%r8d") : ("%rdi","%rsi","%edx"); -$code.=<<___; -.globl rsaz_512_scatter4 -.type rsaz_512_scatter4,\@abi-omnipotent -.align 16 -rsaz_512_scatter4: -.cfi_startproc - leaq ($out,$power,8), $out - movl \$8, %r9d - jmp .Loop_scatter -.align 16 -.Loop_scatter: - movq ($inp), %rax - leaq 8($inp), $inp - movq %rax, ($out) - leaq 128($out), $out - decl %r9d - jnz .Loop_scatter - ret -.cfi_endproc -.size rsaz_512_scatter4,.-rsaz_512_scatter4 - -.globl rsaz_512_gather4 -.type rsaz_512_gather4,\@abi-omnipotent -.align 16 -rsaz_512_gather4: -.cfi_startproc -___ -$code.=<<___ if ($win64); -.LSEH_begin_rsaz_512_gather4: - .byte 0x48,0x81,0xec,0xa8,0x00,0x00,0x00 # sub $0xa8,%rsp - .byte 0x0f,0x29,0x34,0x24 # movaps %xmm6,(%rsp) - .byte 0x0f,0x29,0x7c,0x24,0x10 # movaps %xmm7,0x10(%rsp) - .byte 0x44,0x0f,0x29,0x44,0x24,0x20 # movaps %xmm8,0x20(%rsp) - .byte 0x44,0x0f,0x29,0x4c,0x24,0x30 # movaps %xmm9,0x30(%rsp) - .byte 0x44,0x0f,0x29,0x54,0x24,0x40 # movaps %xmm10,0x40(%rsp) - .byte 0x44,0x0f,0x29,0x5c,0x24,0x50 # movaps %xmm11,0x50(%rsp) - .byte 0x44,0x0f,0x29,0x64,0x24,0x60 # movaps %xmm12,0x60(%rsp) - .byte 0x44,0x0f,0x29,0x6c,0x24,0x70 # movaps %xmm13,0x70(%rsp) - .byte 0x44,0x0f,0x29,0xb4,0x24,0x80,0,0,0 # movaps %xmm14,0x80(%rsp) - .byte 0x44,0x0f,0x29,0xbc,0x24,0x90,0,0,0 # movaps %xmm15,0x90(%rsp) -___ -$code.=<<___; - movd $power,%xmm8 - movdqa .Linc+16(%rip),%xmm1 # 00000002000000020000000200000002 - movdqa .Linc(%rip),%xmm0 # 00000001000000010000000000000000 - - pshufd \$0,%xmm8,%xmm8 # broadcast $power - movdqa %xmm1,%xmm7 - movdqa %xmm1,%xmm2 -___ -######################################################################## -# calculate mask by comparing 0..15 to $power -# -for($i=0;$i<4;$i++) { -$code.=<<___; - paddd %xmm`$i`,%xmm`$i+1` - pcmpeqd %xmm8,%xmm`$i` - movdqa %xmm7,%xmm`$i+3` -___ -} -for(;$i<7;$i++) { -$code.=<<___; - paddd %xmm`$i`,%xmm`$i+1` - pcmpeqd %xmm8,%xmm`$i` -___ -} -$code.=<<___; - pcmpeqd %xmm8,%xmm7 - movl \$8, %r9d - jmp .Loop_gather -.align 16 -.Loop_gather: - movdqa 16*0($inp),%xmm8 - movdqa 16*1($inp),%xmm9 - movdqa 16*2($inp),%xmm10 - movdqa 16*3($inp),%xmm11 - pand %xmm0,%xmm8 - movdqa 16*4($inp),%xmm12 - pand %xmm1,%xmm9 - movdqa 16*5($inp),%xmm13 - pand %xmm2,%xmm10 - movdqa 16*6($inp),%xmm14 - pand %xmm3,%xmm11 - movdqa 16*7($inp),%xmm15 - leaq 128($inp), $inp - pand %xmm4,%xmm12 - pand %xmm5,%xmm13 - pand %xmm6,%xmm14 - pand %xmm7,%xmm15 - por %xmm10,%xmm8 - por %xmm11,%xmm9 - por %xmm12,%xmm8 - por %xmm13,%xmm9 - por %xmm14,%xmm8 - por %xmm15,%xmm9 - - por %xmm9,%xmm8 - pshufd \$0x4e,%xmm8,%xmm9 - por %xmm9,%xmm8 - movq %xmm8,($out) - leaq 8($out), $out - decl %r9d - jnz .Loop_gather -___ -$code.=<<___ if ($win64); - movaps 0x00(%rsp),%xmm6 - movaps 0x10(%rsp),%xmm7 - movaps 0x20(%rsp),%xmm8 - movaps 0x30(%rsp),%xmm9 - movaps 0x40(%rsp),%xmm10 - movaps 0x50(%rsp),%xmm11 - movaps 0x60(%rsp),%xmm12 - movaps 0x70(%rsp),%xmm13 - movaps 0x80(%rsp),%xmm14 - movaps 0x90(%rsp),%xmm15 - add \$0xa8,%rsp -___ -$code.=<<___; - ret -.LSEH_end_rsaz_512_gather4: -.cfi_endproc -.size rsaz_512_gather4,.-rsaz_512_gather4 - -.align 64 -.Linc: - .long 0,0, 1,1 - .long 2,2, 2,2 -___ -} - -# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame, -# CONTEXT *context,DISPATCHER_CONTEXT *disp) -if ($win64) { -$rec="%rcx"; -$frame="%rdx"; -$context="%r8"; -$disp="%r9"; - -$code.=<<___; -.extern __imp_RtlVirtualUnwind -.type se_handler,\@abi-omnipotent -.align 16 -se_handler: - push %rsi - push %rdi - push %rbx - push %rbp - push %r12 - push %r13 - push %r14 - push %r15 - pushfq - sub \$64,%rsp - - mov 120($context),%rax # pull context->Rax - mov 248($context),%rbx # pull context->Rip - - mov 8($disp),%rsi # disp->ImageBase - mov 56($disp),%r11 # disp->HandlerData - - mov 0(%r11),%r10d # HandlerData[0] - lea (%rsi,%r10),%r10 # end of prologue label - cmp %r10,%rbx # context->RipRsp - - mov 4(%r11),%r10d # HandlerData[1] - lea (%rsi,%r10),%r10 # epilogue label - cmp %r10,%rbx # context->Rip>=epilogue label - jae .Lcommon_seh_tail - - lea 128+24+48(%rax),%rax - - lea .Lmul_gather4_epilogue(%rip),%rbx - cmp %r10,%rbx - jne .Lse_not_in_mul_gather4 - - lea 0xb0(%rax),%rax - - lea -48-0xa8(%rax),%rsi - lea 512($context),%rdi - mov \$20,%ecx - .long 0xa548f3fc # cld; rep movsq - -.Lse_not_in_mul_gather4: - mov -8(%rax),%rbx - mov -16(%rax),%rbp - mov -24(%rax),%r12 - mov -32(%rax),%r13 - mov -40(%rax),%r14 - mov -48(%rax),%r15 - mov %rbx,144($context) # restore context->Rbx - mov %rbp,160($context) # restore context->Rbp - mov %r12,216($context) # restore context->R12 - mov %r13,224($context) # restore context->R13 - mov %r14,232($context) # restore context->R14 - mov %r15,240($context) # restore context->R15 - -.Lcommon_seh_tail: - mov 8(%rax),%rdi - mov 16(%rax),%rsi - mov %rax,152($context) # restore context->Rsp - mov %rsi,168($context) # restore context->Rsi - mov %rdi,176($context) # restore context->Rdi - - mov 40($disp),%rdi # disp->ContextRecord - mov $context,%rsi # context - mov \$154,%ecx # sizeof(CONTEXT) - .long 0xa548f3fc # cld; rep movsq - - mov $disp,%rsi - xor %rcx,%rcx # arg1, UNW_FLAG_NHANDLER - mov 8(%rsi),%rdx # arg2, disp->ImageBase - mov 0(%rsi),%r8 # arg3, disp->ControlPc - mov 16(%rsi),%r9 # arg4, disp->FunctionEntry - mov 40(%rsi),%r10 # disp->ContextRecord - lea 56(%rsi),%r11 # &disp->HandlerData - lea 24(%rsi),%r12 # &disp->EstablisherFrame - mov %r10,32(%rsp) # arg5 - mov %r11,40(%rsp) # arg6 - mov %r12,48(%rsp) # arg7 - mov %rcx,56(%rsp) # arg8, (NULL) - call *__imp_RtlVirtualUnwind(%rip) - - mov \$1,%eax # ExceptionContinueSearch - add \$64,%rsp - popfq - pop %r15 - pop %r14 - pop %r13 - pop %r12 - pop %rbp - pop %rbx - pop %rdi - pop %rsi - ret -.size se_handler,.-se_handler - -.section .pdata -.align 4 - .rva .LSEH_begin_rsaz_512_sqr - .rva .LSEH_end_rsaz_512_sqr - .rva .LSEH_info_rsaz_512_sqr - - .rva .LSEH_begin_rsaz_512_mul - .rva .LSEH_end_rsaz_512_mul - .rva .LSEH_info_rsaz_512_mul - - .rva .LSEH_begin_rsaz_512_mul_gather4 - .rva .LSEH_end_rsaz_512_mul_gather4 - .rva .LSEH_info_rsaz_512_mul_gather4 - - .rva .LSEH_begin_rsaz_512_mul_scatter4 - .rva .LSEH_end_rsaz_512_mul_scatter4 - .rva .LSEH_info_rsaz_512_mul_scatter4 - - .rva .LSEH_begin_rsaz_512_mul_by_one - .rva .LSEH_end_rsaz_512_mul_by_one - .rva .LSEH_info_rsaz_512_mul_by_one - - .rva .LSEH_begin_rsaz_512_gather4 - .rva .LSEH_end_rsaz_512_gather4 - .rva .LSEH_info_rsaz_512_gather4 - -.section .xdata -.align 8 -.LSEH_info_rsaz_512_sqr: - .byte 9,0,0,0 - .rva se_handler - .rva .Lsqr_body,.Lsqr_epilogue # HandlerData[] -.LSEH_info_rsaz_512_mul: - .byte 9,0,0,0 - .rva se_handler - .rva .Lmul_body,.Lmul_epilogue # HandlerData[] -.LSEH_info_rsaz_512_mul_gather4: - .byte 9,0,0,0 - .rva se_handler - .rva .Lmul_gather4_body,.Lmul_gather4_epilogue # HandlerData[] -.LSEH_info_rsaz_512_mul_scatter4: - .byte 9,0,0,0 - .rva se_handler - .rva .Lmul_scatter4_body,.Lmul_scatter4_epilogue # HandlerData[] -.LSEH_info_rsaz_512_mul_by_one: - .byte 9,0,0,0 - .rva se_handler - .rva .Lmul_by_one_body,.Lmul_by_one_epilogue # HandlerData[] -.LSEH_info_rsaz_512_gather4: - .byte 0x01,0x46,0x16,0x00 - .byte 0x46,0xf8,0x09,0x00 # vmovaps 0x90(rsp),xmm15 - .byte 0x3d,0xe8,0x08,0x00 # vmovaps 0x80(rsp),xmm14 - .byte 0x34,0xd8,0x07,0x00 # vmovaps 0x70(rsp),xmm13 - .byte 0x2e,0xc8,0x06,0x00 # vmovaps 0x60(rsp),xmm12 - .byte 0x28,0xb8,0x05,0x00 # vmovaps 0x50(rsp),xmm11 - .byte 0x22,0xa8,0x04,0x00 # vmovaps 0x40(rsp),xmm10 - .byte 0x1c,0x98,0x03,0x00 # vmovaps 0x30(rsp),xmm9 - .byte 0x16,0x88,0x02,0x00 # vmovaps 0x20(rsp),xmm8 - .byte 0x10,0x78,0x01,0x00 # vmovaps 0x10(rsp),xmm7 - .byte 0x0b,0x68,0x00,0x00 # vmovaps 0x00(rsp),xmm6 - .byte 0x07,0x01,0x15,0x00 # sub rsp,0xa8 -___ -} - -$code =~ s/\`([^\`]*)\`/eval $1/gem; -print $code; -close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/bn/asm/s390x-gf2m.pl b/crypto/bn/asm/s390x-gf2m.pl deleted file mode 100644 index 038a6bc97440fcffbafe7a757b9698b8a2b373b0..0000000000000000000000000000000000000000 --- a/crypto/bn/asm/s390x-gf2m.pl +++ /dev/null @@ -1,230 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2011-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - -# -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# ==================================================================== -# -# May 2011 -# -# The module implements bn_GF2m_mul_2x2 polynomial multiplication used -# in bn_gf2m.c. It's kind of low-hanging mechanical port from C for -# the time being... gcc 4.3 appeared to generate poor code, therefore -# the effort. And indeed, the module delivers 55%-90%(*) improvement -# on heaviest ECDSA verify and ECDH benchmarks for 163- and 571-bit -# key lengths on z990, 30%-55%(*) - on z10, and 70%-110%(*) - on z196. -# This is for 64-bit build. In 32-bit "highgprs" case improvement is -# even higher, for example on z990 it was measured 80%-150%. ECDSA -# sign is modest 9%-12% faster. Keep in mind that these coefficients -# are not ones for bn_GF2m_mul_2x2 itself, as not all CPU time is -# burnt in it... -# -# (*) gcc 4.1 was observed to deliver better results than gcc 4.3, -# so that improvement coefficients can vary from one specific -# setup to another. - -# $output is the last argument if it looks like a file (it has an extension) -# $flavour is the first argument if it doesn't look like a file -$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; -$flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef; - -if ($flavour =~ /3[12]/) { - $SIZE_T=4; - $g=""; -} else { - $SIZE_T=8; - $g="g"; -} - -$output and open STDOUT,">$output"; - -$stdframe=16*$SIZE_T+4*8; - -$rp="%r2"; -$a1="%r3"; -$a0="%r4"; -$b1="%r5"; -$b0="%r6"; - -$ra="%r14"; -$sp="%r15"; - -@T=("%r0","%r1"); -@i=("%r12","%r13"); - -($a1,$a2,$a4,$a8,$a12,$a48)=map("%r$_",(6..11)); -($lo,$hi,$b)=map("%r$_",(3..5)); $a=$lo; $mask=$a8; - -$code.=<<___; -.text - -.type _mul_1x1,\@function -.align 16 -_mul_1x1: - lgr $a1,$a - sllg $a2,$a,1 - sllg $a4,$a,2 - sllg $a8,$a,3 - - srag $lo,$a1,63 # broadcast 63rd bit - nihh $a1,0x1fff - srag @i[0],$a2,63 # broadcast 62nd bit - nihh $a2,0x3fff - srag @i[1],$a4,63 # broadcast 61st bit - nihh $a4,0x7fff - ngr $lo,$b - ngr @i[0],$b - ngr @i[1],$b - - lghi @T[0],0 - lgr $a12,$a1 - stg @T[0],`$stdframe+0*8`($sp) # tab[0]=0 - xgr $a12,$a2 - stg $a1,`$stdframe+1*8`($sp) # tab[1]=a1 - lgr $a48,$a4 - stg $a2,`$stdframe+2*8`($sp) # tab[2]=a2 - xgr $a48,$a8 - stg $a12,`$stdframe+3*8`($sp) # tab[3]=a1^a2 - xgr $a1,$a4 - - stg $a4,`$stdframe+4*8`($sp) # tab[4]=a4 - xgr $a2,$a4 - stg $a1,`$stdframe+5*8`($sp) # tab[5]=a1^a4 - xgr $a12,$a4 - stg $a2,`$stdframe+6*8`($sp) # tab[6]=a2^a4 - xgr $a1,$a48 - stg $a12,`$stdframe+7*8`($sp) # tab[7]=a1^a2^a4 - xgr $a2,$a48 - - stg $a8,`$stdframe+8*8`($sp) # tab[8]=a8 - xgr $a12,$a48 - stg $a1,`$stdframe+9*8`($sp) # tab[9]=a1^a8 - xgr $a1,$a4 - stg $a2,`$stdframe+10*8`($sp) # tab[10]=a2^a8 - xgr $a2,$a4 - stg $a12,`$stdframe+11*8`($sp) # tab[11]=a1^a2^a8 - - xgr $a12,$a4 - stg $a48,`$stdframe+12*8`($sp) # tab[12]=a4^a8 - srlg $hi,$lo,1 - stg $a1,`$stdframe+13*8`($sp) # tab[13]=a1^a4^a8 - sllg $lo,$lo,63 - stg $a2,`$stdframe+14*8`($sp) # tab[14]=a2^a4^a8 - srlg @T[0],@i[0],2 - stg $a12,`$stdframe+15*8`($sp) # tab[15]=a1^a2^a4^a8 - - lghi $mask,`0xf<<3` - sllg $a1,@i[0],62 - sllg @i[0],$b,3 - srlg @T[1],@i[1],3 - ngr @i[0],$mask - sllg $a2,@i[1],61 - srlg @i[1],$b,4-3 - xgr $hi,@T[0] - ngr @i[1],$mask - xgr $lo,$a1 - xgr $hi,@T[1] - xgr $lo,$a2 - - xg $lo,$stdframe(@i[0],$sp) - srlg @i[0],$b,8-3 - ngr @i[0],$mask -___ -for($n=1;$n<14;$n++) { -$code.=<<___; - lg @T[1],$stdframe(@i[1],$sp) - srlg @i[1],$b,`($n+2)*4`-3 - sllg @T[0],@T[1],`$n*4` - ngr @i[1],$mask - srlg @T[1],@T[1],`64-$n*4` - xgr $lo,@T[0] - xgr $hi,@T[1] -___ - push(@i,shift(@i)); push(@T,shift(@T)); -} -$code.=<<___; - lg @T[1],$stdframe(@i[1],$sp) - sllg @T[0],@T[1],`$n*4` - srlg @T[1],@T[1],`64-$n*4` - xgr $lo,@T[0] - xgr $hi,@T[1] - - lg @T[0],$stdframe(@i[0],$sp) - sllg @T[1],@T[0],`($n+1)*4` - srlg @T[0],@T[0],`64-($n+1)*4` - xgr $lo,@T[1] - xgr $hi,@T[0] - - br $ra -.size _mul_1x1,.-_mul_1x1 - -.globl bn_GF2m_mul_2x2 -.type bn_GF2m_mul_2x2,\@function -.align 16 -bn_GF2m_mul_2x2: - stm${g} %r3,%r15,3*$SIZE_T($sp) - - lghi %r1,-$stdframe-128 - la %r0,0($sp) - la $sp,0(%r1,$sp) # alloca - st${g} %r0,0($sp) # back chain -___ -if ($SIZE_T==8) { -my @r=map("%r$_",(6..9)); -$code.=<<___; - bras $ra,_mul_1x1 # a1·b1 - stmg $lo,$hi,16($rp) - - lg $a,`$stdframe+128+4*$SIZE_T`($sp) - lg $b,`$stdframe+128+6*$SIZE_T`($sp) - bras $ra,_mul_1x1 # a0·b0 - stmg $lo,$hi,0($rp) - - lg $a,`$stdframe+128+3*$SIZE_T`($sp) - lg $b,`$stdframe+128+5*$SIZE_T`($sp) - xg $a,`$stdframe+128+4*$SIZE_T`($sp) - xg $b,`$stdframe+128+6*$SIZE_T`($sp) - bras $ra,_mul_1x1 # (a0+a1)·(b0+b1) - lmg @r[0],@r[3],0($rp) - - xgr $lo,$hi - xgr $hi,@r[1] - xgr $lo,@r[0] - xgr $hi,@r[2] - xgr $lo,@r[3] - xgr $hi,@r[3] - xgr $lo,$hi - stg $hi,16($rp) - stg $lo,8($rp) -___ -} else { -$code.=<<___; - sllg %r3,%r3,32 - sllg %r5,%r5,32 - or %r3,%r4 - or %r5,%r6 - bras $ra,_mul_1x1 - rllg $lo,$lo,32 - rllg $hi,$hi,32 - stmg $lo,$hi,0($rp) -___ -} -$code.=<<___; - lm${g} %r6,%r15,`$stdframe+128+6*$SIZE_T`($sp) - br $ra -.size bn_GF2m_mul_2x2,.-bn_GF2m_mul_2x2 -.string "GF(2^m) Multiplication for s390x, CRYPTOGAMS by " -___ - -$code =~ s/\`([^\`]*)\`/eval($1)/gem; -print $code; -close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/bn/asm/s390x-mont.pl b/crypto/bn/asm/s390x-mont.pl deleted file mode 100644 index af088ccae10d186251a0acc00f6bca2479b49767..0000000000000000000000000000000000000000 --- a/crypto/bn/asm/s390x-mont.pl +++ /dev/null @@ -1,286 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - - -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# ==================================================================== - -# April 2007. -# -# Performance improvement over vanilla C code varies from 85% to 45% -# depending on key length and benchmark. Unfortunately in this context -# these are not very impressive results [for code that utilizes "wide" -# 64x64=128-bit multiplication, which is not commonly available to C -# programmers], at least hand-coded bn_asm.c replacement is known to -# provide 30-40% better results for longest keys. Well, on a second -# thought it's not very surprising, because z-CPUs are single-issue -# and _strictly_ in-order execution, while bn_mul_mont is more or less -# dependent on CPU ability to pipe-line instructions and have several -# of them "in-flight" at the same time. I mean while other methods, -# for example Karatsuba, aim to minimize amount of multiplications at -# the cost of other operations increase, bn_mul_mont aim to neatly -# "overlap" multiplications and the other operations [and on most -# platforms even minimize the amount of the other operations, in -# particular references to memory]. But it's possible to improve this -# module performance by implementing dedicated squaring code-path and -# possibly by unrolling loops... - -# January 2009. -# -# Reschedule to minimize/avoid Address Generation Interlock hazard, -# make inner loops counter-based. - -# November 2010. -# -# Adapt for -m31 build. If kernel supports what's called "highgprs" -# feature on Linux [see /proc/cpuinfo], it's possible to use 64-bit -# instructions and achieve "64-bit" performance even in 31-bit legacy -# application context. The feature is not specific to any particular -# processor, as long as it's "z-CPU". Latter implies that the code -# remains z/Architecture specific. Compatibility with 32-bit BN_ULONG -# is achieved by swapping words after 64-bit loads, follow _dswap-s. -# On z990 it was measured to perform 2.6-2.2 times better than -# compiler-generated code, less for longer keys... - -# $output is the last argument if it looks like a file (it has an extension) -# $flavour is the first argument if it doesn't look like a file -$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; -$flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef; - -if ($flavour =~ /3[12]/) { - $SIZE_T=4; - $g=""; -} else { - $SIZE_T=8; - $g="g"; -} - -$output and open STDOUT,">$output"; - -$stdframe=16*$SIZE_T+4*8; - -$mn0="%r0"; -$num="%r1"; - -# int bn_mul_mont( -$rp="%r2"; # BN_ULONG *rp, -$ap="%r3"; # const BN_ULONG *ap, -$bp="%r4"; # const BN_ULONG *bp, -$np="%r5"; # const BN_ULONG *np, -$n0="%r6"; # const BN_ULONG *n0, -#$num="160(%r15)" # int num); - -$bi="%r2"; # zaps rp -$j="%r7"; - -$ahi="%r8"; -$alo="%r9"; -$nhi="%r10"; -$nlo="%r11"; -$AHI="%r12"; -$NHI="%r13"; -$count="%r14"; -$sp="%r15"; - -$code.=<<___; -.text -.globl bn_mul_mont -.type bn_mul_mont,\@function -bn_mul_mont: - lgf $num,`$stdframe+$SIZE_T-4`($sp) # pull $num - sla $num,`log($SIZE_T)/log(2)` # $num to enumerate bytes - la $bp,0($num,$bp) - - st${g} %r2,2*$SIZE_T($sp) - - cghi $num,16 # - lghi %r2,0 # - blr %r14 # if($num<16) return 0; -___ -$code.=<<___ if ($flavour =~ /3[12]/); - tmll $num,4 - bnzr %r14 # if ($num&1) return 0; -___ -$code.=<<___ if ($flavour !~ /3[12]/); - cghi $num,96 # - bhr %r14 # if($num>96) return 0; -___ -$code.=<<___; - stm${g} %r3,%r15,3*$SIZE_T($sp) - - lghi $rp,-$stdframe-8 # leave room for carry bit - lcgr $j,$num # -$num - lgr %r0,$sp - la $rp,0($rp,$sp) - la $sp,0($j,$rp) # alloca - st${g} %r0,0($sp) # back chain - - sra $num,3 # restore $num - la $bp,0($j,$bp) # restore $bp - ahi $num,-1 # adjust $num for inner loop - lg $n0,0($n0) # pull n0 - _dswap $n0 - - lg $bi,0($bp) - _dswap $bi - lg $alo,0($ap) - _dswap $alo - mlgr $ahi,$bi # ap[0]*bp[0] - lgr $AHI,$ahi - - lgr $mn0,$alo # "tp[0]"*n0 - msgr $mn0,$n0 - - lg $nlo,0($np) # - _dswap $nlo - mlgr $nhi,$mn0 # np[0]*m1 - algr $nlo,$alo # +="tp[0]" - lghi $NHI,0 - alcgr $NHI,$nhi - - la $j,8 # j=1 - lr $count,$num - -.align 16 -.L1st: - lg $alo,0($j,$ap) - _dswap $alo - mlgr $ahi,$bi # ap[j]*bp[0] - algr $alo,$AHI - lghi $AHI,0 - alcgr $AHI,$ahi - - lg $nlo,0($j,$np) - _dswap $nlo - mlgr $nhi,$mn0 # np[j]*m1 - algr $nlo,$NHI - lghi $NHI,0 - alcgr $nhi,$NHI # +="tp[j]" - algr $nlo,$alo - alcgr $NHI,$nhi - - stg $nlo,$stdframe-8($j,$sp) # tp[j-1]= - la $j,8($j) # j++ - brct $count,.L1st - - algr $NHI,$AHI - lghi $AHI,0 - alcgr $AHI,$AHI # upmost overflow bit - stg $NHI,$stdframe-8($j,$sp) - stg $AHI,$stdframe($j,$sp) - la $bp,8($bp) # bp++ - -.Louter: - lg $bi,0($bp) # bp[i] - _dswap $bi - lg $alo,0($ap) - _dswap $alo - mlgr $ahi,$bi # ap[0]*bp[i] - alg $alo,$stdframe($sp) # +=tp[0] - lghi $AHI,0 - alcgr $AHI,$ahi - - lgr $mn0,$alo - msgr $mn0,$n0 # tp[0]*n0 - - lg $nlo,0($np) # np[0] - _dswap $nlo - mlgr $nhi,$mn0 # np[0]*m1 - algr $nlo,$alo # +="tp[0]" - lghi $NHI,0 - alcgr $NHI,$nhi - - la $j,8 # j=1 - lr $count,$num - -.align 16 -.Linner: - lg $alo,0($j,$ap) - _dswap $alo - mlgr $ahi,$bi # ap[j]*bp[i] - algr $alo,$AHI - lghi $AHI,0 - alcgr $ahi,$AHI - alg $alo,$stdframe($j,$sp)# +=tp[j] - alcgr $AHI,$ahi - - lg $nlo,0($j,$np) - _dswap $nlo - mlgr $nhi,$mn0 # np[j]*m1 - algr $nlo,$NHI - lghi $NHI,0 - alcgr $nhi,$NHI - algr $nlo,$alo # +="tp[j]" - alcgr $NHI,$nhi - - stg $nlo,$stdframe-8($j,$sp) # tp[j-1]= - la $j,8($j) # j++ - brct $count,.Linner - - algr $NHI,$AHI - lghi $AHI,0 - alcgr $AHI,$AHI - alg $NHI,$stdframe($j,$sp)# accumulate previous upmost overflow bit - lghi $ahi,0 - alcgr $AHI,$ahi # new upmost overflow bit - stg $NHI,$stdframe-8($j,$sp) - stg $AHI,$stdframe($j,$sp) - - la $bp,8($bp) # bp++ - cl${g} $bp,`$stdframe+8+4*$SIZE_T`($j,$sp) # compare to &bp[num] - jne .Louter - - l${g} $rp,`$stdframe+8+2*$SIZE_T`($j,$sp) # reincarnate rp - la $ap,$stdframe($sp) - ahi $num,1 # restore $num, incidentally clears "borrow" - - la $j,0 - lr $count,$num -.Lsub: lg $alo,0($j,$ap) - lg $nlo,0($j,$np) - _dswap $nlo - slbgr $alo,$nlo - stg $alo,0($j,$rp) - la $j,8($j) - brct $count,.Lsub - lghi $ahi,0 - slbgr $AHI,$ahi # handle upmost carry - lghi $NHI,-1 - xgr $NHI,$AHI - - la $j,0 - lgr $count,$num -.Lcopy: lg $ahi,$stdframe($j,$sp) # conditional copy - lg $alo,0($j,$rp) - ngr $ahi,$AHI - ngr $alo,$NHI - ogr $alo,$ahi - _dswap $alo - stg $j,$stdframe($j,$sp) # zap tp - stg $alo,0($j,$rp) - la $j,8($j) - brct $count,.Lcopy - - la %r1,`$stdframe+8+6*$SIZE_T`($j,$sp) - lm${g} %r6,%r15,0(%r1) - lghi %r2,1 # signal "processed" - br %r14 -.size bn_mul_mont,.-bn_mul_mont -.string "Montgomery Multiplication for s390x, CRYPTOGAMS by " -___ - -foreach (split("\n",$code)) { - s/\`([^\`]*)\`/eval $1/ge; - s/_dswap\s+(%r[0-9]+)/sprintf("rllg\t%s,%s,32",$1,$1) if($SIZE_T==4)/e; - print $_,"\n"; -} -close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/bn/asm/s390x.S b/crypto/bn/asm/s390x.S deleted file mode 100644 index 65a0898739b6257ee825dcd4502c516900451ab0..0000000000000000000000000000000000000000 --- a/crypto/bn/asm/s390x.S +++ /dev/null @@ -1,713 +0,0 @@ -.ident "s390x.S, version 1.1" -// ==================================================================== -// Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved. -// -// Licensed under the Apache License 2.0 (the "License"). You may not use -// this file except in compliance with the License. You can obtain a copy -// in the file LICENSE in the source distribution or at -// https://www.openssl.org/source/license.html -// ==================================================================== - -.text - -#define zero %r0 - -// BN_ULONG bn_mul_add_words(BN_ULONG *r2,BN_ULONG *r3,int r4,BN_ULONG r5); -.globl bn_mul_add_words -.type bn_mul_add_words,@function -.align 4 -bn_mul_add_words: - lghi zero,0 // zero = 0 - la %r1,0(%r2) // put rp aside [to give way to] - lghi %r2,0 // return value - ltgfr %r4,%r4 - bler %r14 // if (len<=0) return 0; - - stmg %r6,%r13,48(%r15) - lghi %r2,3 - lghi %r12,0 // carry = 0 - slgr %r1,%r3 // rp-=ap - nr %r2,%r4 // len%4 - sra %r4,2 // cnt=len/4 - jz .Loop1_madd // carry is incidentally cleared if branch taken - algr zero,zero // clear carry - - lg %r7,0(%r3) // ap[0] - lg %r9,8(%r3) // ap[1] - mlgr %r6,%r5 // *=w - brct %r4,.Loop4_madd - j .Loop4_madd_tail - -.Loop4_madd: - mlgr %r8,%r5 - lg %r11,16(%r3) // ap[i+2] - alcgr %r7,%r12 // +=carry - alcgr %r6,zero - alg %r7,0(%r3,%r1) // +=rp[i] - stg %r7,0(%r3,%r1) // rp[i]= - - mlgr %r10,%r5 - lg %r13,24(%r3) - alcgr %r9,%r6 - alcgr %r8,zero - alg %r9,8(%r3,%r1) - stg %r9,8(%r3,%r1) - - mlgr %r12,%r5 - lg %r7,32(%r3) - alcgr %r11,%r8 - alcgr %r10,zero - alg %r11,16(%r3,%r1) - stg %r11,16(%r3,%r1) - - mlgr %r6,%r5 - lg %r9,40(%r3) - alcgr %r13,%r10 - alcgr %r12,zero - alg %r13,24(%r3,%r1) - stg %r13,24(%r3,%r1) - - la %r3,32(%r3) // i+=4 - brct %r4,.Loop4_madd - -.Loop4_madd_tail: - mlgr %r8,%r5 - lg %r11,16(%r3) - alcgr %r7,%r12 // +=carry - alcgr %r6,zero - alg %r7,0(%r3,%r1) // +=rp[i] - stg %r7,0(%r3,%r1) // rp[i]= - - mlgr %r10,%r5 - lg %r13,24(%r3) - alcgr %r9,%r6 - alcgr %r8,zero - alg %r9,8(%r3,%r1) - stg %r9,8(%r3,%r1) - - mlgr %r12,%r5 - alcgr %r11,%r8 - alcgr %r10,zero - alg %r11,16(%r3,%r1) - stg %r11,16(%r3,%r1) - - alcgr %r13,%r10 - alcgr %r12,zero - alg %r13,24(%r3,%r1) - stg %r13,24(%r3,%r1) - - la %r3,32(%r3) // i+=4 - - la %r2,1(%r2) // see if len%4 is zero ... - brct %r2,.Loop1_madd // without touching condition code:-) - -.Lend_madd: - lgr %r2,zero // return value - alcgr %r2,%r12 // collect even carry bit - lmg %r6,%r13,48(%r15) - br %r14 - -.Loop1_madd: - lg %r7,0(%r3) // ap[i] - mlgr %r6,%r5 // *=w - alcgr %r7,%r12 // +=carry - alcgr %r6,zero - alg %r7,0(%r3,%r1) // +=rp[i] - stg %r7,0(%r3,%r1) // rp[i]= - - lgr %r12,%r6 - la %r3,8(%r3) // i++ - brct %r2,.Loop1_madd - - j .Lend_madd -.size bn_mul_add_words,.-bn_mul_add_words - -// BN_ULONG bn_mul_words(BN_ULONG *r2,BN_ULONG *r3,int r4,BN_ULONG r5); -.globl bn_mul_words -.type bn_mul_words,@function -.align 4 -bn_mul_words: - lghi zero,0 // zero = 0 - la %r1,0(%r2) // put rp aside - lghi %r2,0 // i=0; - ltgfr %r4,%r4 - bler %r14 // if (len<=0) return 0; - - stmg %r6,%r10,48(%r15) - lghi %r10,3 - lghi %r8,0 // carry = 0 - nr %r10,%r4 // len%4 - sra %r4,2 // cnt=len/4 - jz .Loop1_mul // carry is incidentally cleared if branch taken - algr zero,zero // clear carry - -.Loop4_mul: - lg %r7,0(%r2,%r3) // ap[i] - mlgr %r6,%r5 // *=w - alcgr %r7,%r8 // +=carry - stg %r7,0(%r2,%r1) // rp[i]= - - lg %r9,8(%r2,%r3) - mlgr %r8,%r5 - alcgr %r9,%r6 - stg %r9,8(%r2,%r1) - - lg %r7,16(%r2,%r3) - mlgr %r6,%r5 - alcgr %r7,%r8 - stg %r7,16(%r2,%r1) - - lg %r9,24(%r2,%r3) - mlgr %r8,%r5 - alcgr %r9,%r6 - stg %r9,24(%r2,%r1) - - la %r2,32(%r2) // i+=4 - brct %r4,.Loop4_mul - - la %r10,1(%r10) // see if len%4 is zero ... - brct %r10,.Loop1_mul // without touching condition code:-) - -.Lend_mul: - alcgr %r8,zero // collect carry bit - lgr %r2,%r8 - lmg %r6,%r10,48(%r15) - br %r14 - -.Loop1_mul: - lg %r7,0(%r2,%r3) // ap[i] - mlgr %r6,%r5 // *=w - alcgr %r7,%r8 // +=carry - stg %r7,0(%r2,%r1) // rp[i]= - - lgr %r8,%r6 - la %r2,8(%r2) // i++ - brct %r10,.Loop1_mul - - j .Lend_mul -.size bn_mul_words,.-bn_mul_words - -// void bn_sqr_words(BN_ULONG *r2,BN_ULONG *r2,int r4) -.globl bn_sqr_words -.type bn_sqr_words,@function -.align 4 -bn_sqr_words: - ltgfr %r4,%r4 - bler %r14 - - stmg %r6,%r7,48(%r15) - srag %r1,%r4,2 // cnt=len/4 - jz .Loop1_sqr - -.Loop4_sqr: - lg %r7,0(%r3) - mlgr %r6,%r7 - stg %r7,0(%r2) - stg %r6,8(%r2) - - lg %r7,8(%r3) - mlgr %r6,%r7 - stg %r7,16(%r2) - stg %r6,24(%r2) - - lg %r7,16(%r3) - mlgr %r6,%r7 - stg %r7,32(%r2) - stg %r6,40(%r2) - - lg %r7,24(%r3) - mlgr %r6,%r7 - stg %r7,48(%r2) - stg %r6,56(%r2) - - la %r3,32(%r3) - la %r2,64(%r2) - brct %r1,.Loop4_sqr - - lghi %r1,3 - nr %r4,%r1 // cnt=len%4 - jz .Lend_sqr - -.Loop1_sqr: - lg %r7,0(%r3) - mlgr %r6,%r7 - stg %r7,0(%r2) - stg %r6,8(%r2) - - la %r3,8(%r3) - la %r2,16(%r2) - brct %r4,.Loop1_sqr - -.Lend_sqr: - lmg %r6,%r7,48(%r15) - br %r14 -.size bn_sqr_words,.-bn_sqr_words - -// BN_ULONG bn_div_words(BN_ULONG h,BN_ULONG l,BN_ULONG d); -.globl bn_div_words -.type bn_div_words,@function -.align 4 -bn_div_words: - dlgr %r2,%r4 - lgr %r2,%r3 - br %r14 -.size bn_div_words,.-bn_div_words - -// BN_ULONG bn_add_words(BN_ULONG *r2,BN_ULONG *r3,BN_ULONG *r4,int r5); -.globl bn_add_words -.type bn_add_words,@function -.align 4 -bn_add_words: - la %r1,0(%r2) // put rp aside - lghi %r2,0 // i=0 - ltgfr %r5,%r5 - bler %r14 // if (len<=0) return 0; - - stg %r6,48(%r15) - lghi %r6,3 - nr %r6,%r5 // len%4 - sra %r5,2 // len/4, use sra because it sets condition code - jz .Loop1_add // carry is incidentally cleared if branch taken - algr %r2,%r2 // clear carry - -.Loop4_add: - lg %r0,0(%r2,%r3) - alcg %r0,0(%r2,%r4) - stg %r0,0(%r2,%r1) - lg %r0,8(%r2,%r3) - alcg %r0,8(%r2,%r4) - stg %r0,8(%r2,%r1) - lg %r0,16(%r2,%r3) - alcg %r0,16(%r2,%r4) - stg %r0,16(%r2,%r1) - lg %r0,24(%r2,%r3) - alcg %r0,24(%r2,%r4) - stg %r0,24(%r2,%r1) - - la %r2,32(%r2) // i+=4 - brct %r5,.Loop4_add - - la %r6,1(%r6) // see if len%4 is zero ... - brct %r6,.Loop1_add // without touching condition code:-) - -.Lexit_add: - lghi %r2,0 - alcgr %r2,%r2 - lg %r6,48(%r15) - br %r14 - -.Loop1_add: - lg %r0,0(%r2,%r3) - alcg %r0,0(%r2,%r4) - stg %r0,0(%r2,%r1) - - la %r2,8(%r2) // i++ - brct %r6,.Loop1_add - - j .Lexit_add -.size bn_add_words,.-bn_add_words - -// BN_ULONG bn_sub_words(BN_ULONG *r2,BN_ULONG *r3,BN_ULONG *r4,int r5); -.globl bn_sub_words -.type bn_sub_words,@function -.align 4 -bn_sub_words: - la %r1,0(%r2) // put rp aside - lghi %r2,0 // i=0 - ltgfr %r5,%r5 - bler %r14 // if (len<=0) return 0; - - stg %r6,48(%r15) - lghi %r6,3 - nr %r6,%r5 // len%4 - sra %r5,2 // len/4, use sra because it sets condition code - jnz .Loop4_sub // borrow is incidentally cleared if branch taken - slgr %r2,%r2 // clear borrow - -.Loop1_sub: - lg %r0,0(%r2,%r3) - slbg %r0,0(%r2,%r4) - stg %r0,0(%r2,%r1) - - la %r2,8(%r2) // i++ - brct %r6,.Loop1_sub - j .Lexit_sub - -.Loop4_sub: - lg %r0,0(%r2,%r3) - slbg %r0,0(%r2,%r4) - stg %r0,0(%r2,%r1) - lg %r0,8(%r2,%r3) - slbg %r0,8(%r2,%r4) - stg %r0,8(%r2,%r1) - lg %r0,16(%r2,%r3) - slbg %r0,16(%r2,%r4) - stg %r0,16(%r2,%r1) - lg %r0,24(%r2,%r3) - slbg %r0,24(%r2,%r4) - stg %r0,24(%r2,%r1) - - la %r2,32(%r2) // i+=4 - brct %r5,.Loop4_sub - - la %r6,1(%r6) // see if len%4 is zero ... - brct %r6,.Loop1_sub // without touching condition code:-) - -.Lexit_sub: - lghi %r2,0 - slbgr %r2,%r2 - lcgr %r2,%r2 - lg %r6,48(%r15) - br %r14 -.size bn_sub_words,.-bn_sub_words - -#define c1 %r1 -#define c2 %r5 -#define c3 %r8 - -#define mul_add_c(ai,bi,c1,c2,c3) \ - lg %r7,ai*8(%r3); \ - mlg %r6,bi*8(%r4); \ - algr c1,%r7; \ - alcgr c2,%r6; \ - alcgr c3,zero - -// void bn_mul_comba8(BN_ULONG *r2,BN_ULONG *r3,BN_ULONG *r4); -.globl bn_mul_comba8 -.type bn_mul_comba8,@function -.align 4 -bn_mul_comba8: - stmg %r6,%r8,48(%r15) - - lghi c1,0 - lghi c2,0 - lghi c3,0 - lghi zero,0 - - mul_add_c(0,0,c1,c2,c3); - stg c1,0*8(%r2) - lghi c1,0 - - mul_add_c(0,1,c2,c3,c1); - mul_add_c(1,0,c2,c3,c1); - stg c2,1*8(%r2) - lghi c2,0 - - mul_add_c(2,0,c3,c1,c2); - mul_add_c(1,1,c3,c1,c2); - mul_add_c(0,2,c3,c1,c2); - stg c3,2*8(%r2) - lghi c3,0 - - mul_add_c(0,3,c1,c2,c3); - mul_add_c(1,2,c1,c2,c3); - mul_add_c(2,1,c1,c2,c3); - mul_add_c(3,0,c1,c2,c3); - stg c1,3*8(%r2) - lghi c1,0 - - mul_add_c(4,0,c2,c3,c1); - mul_add_c(3,1,c2,c3,c1); - mul_add_c(2,2,c2,c3,c1); - mul_add_c(1,3,c2,c3,c1); - mul_add_c(0,4,c2,c3,c1); - stg c2,4*8(%r2) - lghi c2,0 - - mul_add_c(0,5,c3,c1,c2); - mul_add_c(1,4,c3,c1,c2); - mul_add_c(2,3,c3,c1,c2); - mul_add_c(3,2,c3,c1,c2); - mul_add_c(4,1,c3,c1,c2); - mul_add_c(5,0,c3,c1,c2); - stg c3,5*8(%r2) - lghi c3,0 - - mul_add_c(6,0,c1,c2,c3); - mul_add_c(5,1,c1,c2,c3); - mul_add_c(4,2,c1,c2,c3); - mul_add_c(3,3,c1,c2,c3); - mul_add_c(2,4,c1,c2,c3); - mul_add_c(1,5,c1,c2,c3); - mul_add_c(0,6,c1,c2,c3); - stg c1,6*8(%r2) - lghi c1,0 - - mul_add_c(0,7,c2,c3,c1); - mul_add_c(1,6,c2,c3,c1); - mul_add_c(2,5,c2,c3,c1); - mul_add_c(3,4,c2,c3,c1); - mul_add_c(4,3,c2,c3,c1); - mul_add_c(5,2,c2,c3,c1); - mul_add_c(6,1,c2,c3,c1); - mul_add_c(7,0,c2,c3,c1); - stg c2,7*8(%r2) - lghi c2,0 - - mul_add_c(7,1,c3,c1,c2); - mul_add_c(6,2,c3,c1,c2); - mul_add_c(5,3,c3,c1,c2); - mul_add_c(4,4,c3,c1,c2); - mul_add_c(3,5,c3,c1,c2); - mul_add_c(2,6,c3,c1,c2); - mul_add_c(1,7,c3,c1,c2); - stg c3,8*8(%r2) - lghi c3,0 - - mul_add_c(2,7,c1,c2,c3); - mul_add_c(3,6,c1,c2,c3); - mul_add_c(4,5,c1,c2,c3); - mul_add_c(5,4,c1,c2,c3); - mul_add_c(6,3,c1,c2,c3); - mul_add_c(7,2,c1,c2,c3); - stg c1,9*8(%r2) - lghi c1,0 - - mul_add_c(7,3,c2,c3,c1); - mul_add_c(6,4,c2,c3,c1); - mul_add_c(5,5,c2,c3,c1); - mul_add_c(4,6,c2,c3,c1); - mul_add_c(3,7,c2,c3,c1); - stg c2,10*8(%r2) - lghi c2,0 - - mul_add_c(4,7,c3,c1,c2); - mul_add_c(5,6,c3,c1,c2); - mul_add_c(6,5,c3,c1,c2); - mul_add_c(7,4,c3,c1,c2); - stg c3,11*8(%r2) - lghi c3,0 - - mul_add_c(7,5,c1,c2,c3); - mul_add_c(6,6,c1,c2,c3); - mul_add_c(5,7,c1,c2,c3); - stg c1,12*8(%r2) - lghi c1,0 - - - mul_add_c(6,7,c2,c3,c1); - mul_add_c(7,6,c2,c3,c1); - stg c2,13*8(%r2) - lghi c2,0 - - mul_add_c(7,7,c3,c1,c2); - stg c3,14*8(%r2) - stg c1,15*8(%r2) - - lmg %r6,%r8,48(%r15) - br %r14 -.size bn_mul_comba8,.-bn_mul_comba8 - -// void bn_mul_comba4(BN_ULONG *r2,BN_ULONG *r3,BN_ULONG *r4); -.globl bn_mul_comba4 -.type bn_mul_comba4,@function -.align 4 -bn_mul_comba4: - stmg %r6,%r8,48(%r15) - - lghi c1,0 - lghi c2,0 - lghi c3,0 - lghi zero,0 - - mul_add_c(0,0,c1,c2,c3); - stg c1,0*8(%r2) - lghi c1,0 - - mul_add_c(0,1,c2,c3,c1); - mul_add_c(1,0,c2,c3,c1); - stg c2,1*8(%r2) - lghi c2,0 - - mul_add_c(2,0,c3,c1,c2); - mul_add_c(1,1,c3,c1,c2); - mul_add_c(0,2,c3,c1,c2); - stg c3,2*8(%r2) - lghi c3,0 - - mul_add_c(0,3,c1,c2,c3); - mul_add_c(1,2,c1,c2,c3); - mul_add_c(2,1,c1,c2,c3); - mul_add_c(3,0,c1,c2,c3); - stg c1,3*8(%r2) - lghi c1,0 - - mul_add_c(3,1,c2,c3,c1); - mul_add_c(2,2,c2,c3,c1); - mul_add_c(1,3,c2,c3,c1); - stg c2,4*8(%r2) - lghi c2,0 - - mul_add_c(2,3,c3,c1,c2); - mul_add_c(3,2,c3,c1,c2); - stg c3,5*8(%r2) - lghi c3,0 - - mul_add_c(3,3,c1,c2,c3); - stg c1,6*8(%r2) - stg c2,7*8(%r2) - - stmg %r6,%r8,48(%r15) - br %r14 -.size bn_mul_comba4,.-bn_mul_comba4 - -#define sqr_add_c(ai,c1,c2,c3) \ - lg %r7,ai*8(%r3); \ - mlgr %r6,%r7; \ - algr c1,%r7; \ - alcgr c2,%r6; \ - alcgr c3,zero - -#define sqr_add_c2(ai,aj,c1,c2,c3) \ - lg %r7,ai*8(%r3); \ - mlg %r6,aj*8(%r3); \ - algr c1,%r7; \ - alcgr c2,%r6; \ - alcgr c3,zero; \ - algr c1,%r7; \ - alcgr c2,%r6; \ - alcgr c3,zero - -// void bn_sqr_comba8(BN_ULONG *r2,BN_ULONG *r3); -.globl bn_sqr_comba8 -.type bn_sqr_comba8,@function -.align 4 -bn_sqr_comba8: - stmg %r6,%r8,48(%r15) - - lghi c1,0 - lghi c2,0 - lghi c3,0 - lghi zero,0 - - sqr_add_c(0,c1,c2,c3); - stg c1,0*8(%r2) - lghi c1,0 - - sqr_add_c2(1,0,c2,c3,c1); - stg c2,1*8(%r2) - lghi c2,0 - - sqr_add_c(1,c3,c1,c2); - sqr_add_c2(2,0,c3,c1,c2); - stg c3,2*8(%r2) - lghi c3,0 - - sqr_add_c2(3,0,c1,c2,c3); - sqr_add_c2(2,1,c1,c2,c3); - stg c1,3*8(%r2) - lghi c1,0 - - sqr_add_c(2,c2,c3,c1); - sqr_add_c2(3,1,c2,c3,c1); - sqr_add_c2(4,0,c2,c3,c1); - stg c2,4*8(%r2) - lghi c2,0 - - sqr_add_c2(5,0,c3,c1,c2); - sqr_add_c2(4,1,c3,c1,c2); - sqr_add_c2(3,2,c3,c1,c2); - stg c3,5*8(%r2) - lghi c3,0 - - sqr_add_c(3,c1,c2,c3); - sqr_add_c2(4,2,c1,c2,c3); - sqr_add_c2(5,1,c1,c2,c3); - sqr_add_c2(6,0,c1,c2,c3); - stg c1,6*8(%r2) - lghi c1,0 - - sqr_add_c2(7,0,c2,c3,c1); - sqr_add_c2(6,1,c2,c3,c1); - sqr_add_c2(5,2,c2,c3,c1); - sqr_add_c2(4,3,c2,c3,c1); - stg c2,7*8(%r2) - lghi c2,0 - - sqr_add_c(4,c3,c1,c2); - sqr_add_c2(5,3,c3,c1,c2); - sqr_add_c2(6,2,c3,c1,c2); - sqr_add_c2(7,1,c3,c1,c2); - stg c3,8*8(%r2) - lghi c3,0 - - sqr_add_c2(7,2,c1,c2,c3); - sqr_add_c2(6,3,c1,c2,c3); - sqr_add_c2(5,4,c1,c2,c3); - stg c1,9*8(%r2) - lghi c1,0 - - sqr_add_c(5,c2,c3,c1); - sqr_add_c2(6,4,c2,c3,c1); - sqr_add_c2(7,3,c2,c3,c1); - stg c2,10*8(%r2) - lghi c2,0 - - sqr_add_c2(7,4,c3,c1,c2); - sqr_add_c2(6,5,c3,c1,c2); - stg c3,11*8(%r2) - lghi c3,0 - - sqr_add_c(6,c1,c2,c3); - sqr_add_c2(7,5,c1,c2,c3); - stg c1,12*8(%r2) - lghi c1,0 - - sqr_add_c2(7,6,c2,c3,c1); - stg c2,13*8(%r2) - lghi c2,0 - - sqr_add_c(7,c3,c1,c2); - stg c3,14*8(%r2) - stg c1,15*8(%r2) - - lmg %r6,%r8,48(%r15) - br %r14 -.size bn_sqr_comba8,.-bn_sqr_comba8 - -// void bn_sqr_comba4(BN_ULONG *r2,BN_ULONG *r3); -.globl bn_sqr_comba4 -.type bn_sqr_comba4,@function -.align 4 -bn_sqr_comba4: - stmg %r6,%r8,48(%r15) - - lghi c1,0 - lghi c2,0 - lghi c3,0 - lghi zero,0 - - sqr_add_c(0,c1,c2,c3); - stg c1,0*8(%r2) - lghi c1,0 - - sqr_add_c2(1,0,c2,c3,c1); - stg c2,1*8(%r2) - lghi c2,0 - - sqr_add_c(1,c3,c1,c2); - sqr_add_c2(2,0,c3,c1,c2); - stg c3,2*8(%r2) - lghi c3,0 - - sqr_add_c2(3,0,c1,c2,c3); - sqr_add_c2(2,1,c1,c2,c3); - stg c1,3*8(%r2) - lghi c1,0 - - sqr_add_c(2,c2,c3,c1); - sqr_add_c2(3,1,c2,c3,c1); - stg c2,4*8(%r2) - lghi c2,0 - - sqr_add_c2(3,2,c3,c1,c2); - stg c3,5*8(%r2) - lghi c3,0 - - sqr_add_c(3,c1,c2,c3); - stg c1,6*8(%r2) - stg c2,7*8(%r2) - - lmg %r6,%r8,48(%r15) - br %r14 -.size bn_sqr_comba4,.-bn_sqr_comba4 diff --git a/crypto/bn/asm/sparct4-mont.pl b/crypto/bn/asm/sparct4-mont.pl deleted file mode 100755 index 8a3bedc9af420c0acef2fed5bc3c2c49299f540a..0000000000000000000000000000000000000000 --- a/crypto/bn/asm/sparct4-mont.pl +++ /dev/null @@ -1,1230 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2012-2021 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - - -# ==================================================================== -# Written by David S. Miller and Andy Polyakov -# The module is licensed under 2-clause BSD license. -# November 2012. All rights reserved. -# ==================================================================== - -###################################################################### -# Montgomery squaring-n-multiplication module for SPARC T4. -# -# The module consists of three parts: -# -# 1) collection of "single-op" subroutines that perform single -# operation, Montgomery squaring or multiplication, on 512-, -# 1024-, 1536- and 2048-bit operands; -# 2) collection of "multi-op" subroutines that perform 5 squaring and -# 1 multiplication operations on operands of above lengths; -# 3) fall-back and helper VIS3 subroutines. -# -# RSA sign is dominated by multi-op subroutine, while RSA verify and -# DSA - by single-op. Special note about 4096-bit RSA verify result. -# Operands are too long for dedicated hardware and it's handled by -# VIS3 code, which is why you don't see any improvement. It's surely -# possible to improve it [by deploying 'mpmul' instruction], maybe in -# the future... -# -# Performance improvement. -# -# 64-bit process, VIS3: -# sign verify sign/s verify/s -# rsa 1024 bits 0.000628s 0.000028s 1592.4 35434.4 -# rsa 2048 bits 0.003282s 0.000106s 304.7 9438.3 -# rsa 4096 bits 0.025866s 0.000340s 38.7 2940.9 -# dsa 1024 bits 0.000301s 0.000332s 3323.7 3013.9 -# dsa 2048 bits 0.001056s 0.001233s 946.9 810.8 -# -# 64-bit process, this module: -# sign verify sign/s verify/s -# rsa 1024 bits 0.000256s 0.000016s 3904.4 61411.9 -# rsa 2048 bits 0.000946s 0.000029s 1056.8 34292.7 -# rsa 4096 bits 0.005061s 0.000340s 197.6 2940.5 -# dsa 1024 bits 0.000176s 0.000195s 5674.7 5130.5 -# dsa 2048 bits 0.000296s 0.000354s 3383.2 2827.6 -# -###################################################################### -# 32-bit process, VIS3: -# sign verify sign/s verify/s -# rsa 1024 bits 0.000665s 0.000028s 1504.8 35233.3 -# rsa 2048 bits 0.003349s 0.000106s 298.6 9433.4 -# rsa 4096 bits 0.025959s 0.000341s 38.5 2934.8 -# dsa 1024 bits 0.000320s 0.000341s 3123.3 2929.6 -# dsa 2048 bits 0.001101s 0.001260s 908.2 793.4 -# -# 32-bit process, this module: -# sign verify sign/s verify/s -# rsa 1024 bits 0.000301s 0.000017s 3317.1 60240.0 -# rsa 2048 bits 0.001034s 0.000030s 966.9 33812.7 -# rsa 4096 bits 0.005244s 0.000341s 190.7 2935.4 -# dsa 1024 bits 0.000201s 0.000205s 4976.1 4879.2 -# dsa 2048 bits 0.000328s 0.000360s 3051.1 2774.2 -# -# 32-bit code is prone to performance degradation as interrupt rate -# dispatched to CPU executing the code grows. This is because in -# standard process of handling interrupt in 32-bit process context -# upper halves of most integer registers used as input or output are -# zeroed. This renders result invalid, and operation has to be re-run. -# If CPU is "bothered" with timer interrupts only, the penalty is -# hardly measurable. But in order to mitigate this problem for higher -# interrupt rates contemporary Linux kernel recognizes biased stack -# even in 32-bit process context and preserves full register contents. -# See http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=517ffce4e1a03aea979fe3a18a3dd1761a24fafb -# for details. - -$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; -push(@INC,"${dir}","${dir}../../perlasm"); -require "sparcv9_modes.pl"; - -$output = pop and open STDOUT,">$output"; - -$code.=<<___; -#ifndef __ASSEMBLER__ -# define __ASSEMBLER__ 1 -#endif -#include "crypto/sparc_arch.h" - -#ifdef __arch64__ -.register %g2,#scratch -.register %g3,#scratch -#endif - -.section ".text",#alloc,#execinstr - -#ifdef __PIC__ -SPARC_PIC_THUNK(%g1) -#endif -___ - -######################################################################## -# Register layout for mont[mul|sqr] instructions. -# For details see "Oracle SPARC Architecture 2011" manual at -# http://www.oracle.com/technetwork/server-storage/sun-sparc-enterprise/documentation/. -# -my @R=map("%f".2*$_,(0..11,30,31,12..29)); -my @N=(map("%l$_",(0..7)),map("%o$_",(0..5))); @N=(@N,@N,@N[0..3]); -my @A=(@N[0..13],@R[14..31]); -my @B=(map("%i$_",(0..5)),map("%l$_",(0..7))); @B=(@B,@B,map("%o$_",(0..3))); - -######################################################################## -# int bn_mul_mont_t4_$NUM(u64 *rp,const u64 *ap,const u64 *bp, -# const u64 *np,const BN_ULONG *n0); -# -sub generate_bn_mul_mont_t4() { -my $NUM=shift; -my ($rp,$ap,$bp,$np,$sentinel)=map("%g$_",(1..5)); - -$code.=<<___; -.globl bn_mul_mont_t4_$NUM -.align 32 -bn_mul_mont_t4_$NUM: -#ifdef __arch64__ - mov 0,$sentinel - mov -128,%g4 -#elif defined(SPARCV9_64BIT_STACK) - SPARC_LOAD_ADDRESS_LEAF(OPENSSL_sparcv9cap_P,%g1,%g5) - ld [%g1+0],%g1 ! OPENSSL_sparcv9_P[0] - mov -2047,%g4 - and %g1,SPARCV9_64BIT_STACK,%g1 - movrz %g1,0,%g4 - mov -1,$sentinel - add %g4,-128,%g4 -#else - mov -1,$sentinel - mov -128,%g4 -#endif - sllx $sentinel,32,$sentinel - save %sp,%g4,%sp -#ifndef __arch64__ - save %sp,-128,%sp ! warm it up - save %sp,-128,%sp - save %sp,-128,%sp - save %sp,-128,%sp - save %sp,-128,%sp - save %sp,-128,%sp - restore - restore - restore - restore - restore - restore -#endif - and %sp,1,%g4 - or $sentinel,%fp,%fp - or %g4,$sentinel,$sentinel - - ! copy arguments to global registers - mov %i0,$rp - mov %i1,$ap - mov %i2,$bp - mov %i3,$np - ld [%i4+0],%f1 ! load *n0 - ld [%i4+4],%f0 - fsrc2 %f0,%f60 -___ - -# load ap[$NUM] ######################################################## -$code.=<<___; - save %sp,-128,%sp; or $sentinel,%fp,%fp -___ -for($i=0; $i<14 && $i<$NUM; $i++) { -my $lo=$i<13?@A[$i+1]:"%o7"; -$code.=<<___; - ld [$ap+$i*8+0],$lo - ld [$ap+$i*8+4],@A[$i] - sllx @A[$i],32,@A[$i] - or $lo,@A[$i],@A[$i] -___ -} -for(; $i<$NUM; $i++) { -my ($hi,$lo)=("%f".2*($i%4),"%f".(2*($i%4)+1)); -$code.=<<___; - ld [$ap+$i*8+0],$lo - ld [$ap+$i*8+4],$hi - fsrc2 $hi,@A[$i] -___ -} -# load np[$NUM] ######################################################## -$code.=<<___; - save %sp,-128,%sp; or $sentinel,%fp,%fp -___ -for($i=0; $i<14 && $i<$NUM; $i++) { -my $lo=$i<13?@N[$i+1]:"%o7"; -$code.=<<___; - ld [$np+$i*8+0],$lo - ld [$np+$i*8+4],@N[$i] - sllx @N[$i],32,@N[$i] - or $lo,@N[$i],@N[$i] -___ -} -$code.=<<___; - save %sp,-128,%sp; or $sentinel,%fp,%fp -___ -for(; $i<28 && $i<$NUM; $i++) { -my $lo=$i<27?@N[$i+1]:"%o7"; -$code.=<<___; - ld [$np+$i*8+0],$lo - ld [$np+$i*8+4],@N[$i] - sllx @N[$i],32,@N[$i] - or $lo,@N[$i],@N[$i] -___ -} -$code.=<<___; - save %sp,-128,%sp; or $sentinel,%fp,%fp -___ -for(; $i<$NUM; $i++) { -my $lo=($i<$NUM-1)?@N[$i+1]:"%o7"; -$code.=<<___; - ld [$np+$i*8+0],$lo - ld [$np+$i*8+4],@N[$i] - sllx @N[$i],32,@N[$i] - or $lo,@N[$i],@N[$i] -___ -} -$code.=<<___; - cmp $ap,$bp - be SIZE_T_CC,.Lmsquare_$NUM - nop -___ - -# load bp[$NUM] ######################################################## -$code.=<<___; - save %sp,-128,%sp; or $sentinel,%fp,%fp -___ -for($i=0; $i<14 && $i<$NUM; $i++) { -my $lo=$i<13?@B[$i+1]:"%o7"; -$code.=<<___; - ld [$bp+$i*8+0],$lo - ld [$bp+$i*8+4],@B[$i] - sllx @B[$i],32,@B[$i] - or $lo,@B[$i],@B[$i] -___ -} -$code.=<<___; - save %sp,-128,%sp; or $sentinel,%fp,%fp -___ -for(; $i<$NUM; $i++) { -my $lo=($i<$NUM-1)?@B[$i+1]:"%o7"; -$code.=<<___; - ld [$bp+$i*8+0],$lo - ld [$bp+$i*8+4],@B[$i] - sllx @B[$i],32,@B[$i] - or $lo,@B[$i],@B[$i] -___ -} -# magic ################################################################ -$code.=<<___; - .word 0x81b02920+$NUM-1 ! montmul $NUM-1 -.Lmresume_$NUM: - fbu,pn %fcc3,.Lmabort_$NUM -#ifndef __arch64__ - and %fp,$sentinel,$sentinel - brz,pn $sentinel,.Lmabort_$NUM -#endif - nop -#ifdef __arch64__ - restore - restore - restore - restore - restore -#else - restore; and %fp,$sentinel,$sentinel - restore; and %fp,$sentinel,$sentinel - restore; and %fp,$sentinel,$sentinel - restore; and %fp,$sentinel,$sentinel - brz,pn $sentinel,.Lmabort1_$NUM - restore -#endif -___ - -# save tp[$NUM] ######################################################## -for($i=0; $i<14 && $i<$NUM; $i++) { -$code.=<<___; - movxtod @A[$i],@R[$i] -___ -} -$code.=<<___; -#ifdef __arch64__ - restore -#else - and %fp,$sentinel,$sentinel - restore - and $sentinel,1,%o7 - and %fp,$sentinel,$sentinel - srl %fp,0,%fp ! just in case? - or %o7,$sentinel,$sentinel - brz,a,pn $sentinel,.Lmdone_$NUM - mov 0,%i0 ! return failure -#endif -___ -for($i=0; $i<12 && $i<$NUM; $i++) { -@R[$i] =~ /%f([0-9]+)/; -my $lo = "%f".($1+1); -$code.=<<___; - st $lo,[$rp+$i*8+0] - st @R[$i],[$rp+$i*8+4] -___ -} -for(; $i<$NUM; $i++) { -my ($hi,$lo)=("%f".2*($i%4),"%f".(2*($i%4)+1)); -$code.=<<___; - fsrc2 @R[$i],$hi - st $lo,[$rp+$i*8+0] - st $hi,[$rp+$i*8+4] -___ -} -$code.=<<___; - mov 1,%i0 ! return success -.Lmdone_$NUM: - ret - restore - -.Lmabort_$NUM: - restore - restore - restore - restore - restore -.Lmabort1_$NUM: - restore - - mov 0,%i0 ! return failure - ret - restore - -.align 32 -.Lmsquare_$NUM: - save %sp,-128,%sp; or $sentinel,%fp,%fp - save %sp,-128,%sp; or $sentinel,%fp,%fp - .word 0x81b02940+$NUM-1 ! montsqr $NUM-1 - ba .Lmresume_$NUM - nop -.type bn_mul_mont_t4_$NUM, #function -.size bn_mul_mont_t4_$NUM, .-bn_mul_mont_t4_$NUM -___ -} - -for ($i=8;$i<=32;$i+=8) { - &generate_bn_mul_mont_t4($i); -} - -######################################################################## -# -sub load_ccr { -my ($ptbl,$pwr,$ccr,$skip_wr)=@_; -$code.=<<___; - srl $pwr, 2, %o4 - and $pwr, 3, %o5 - and %o4, 7, %o4 - sll %o5, 3, %o5 ! offset within first cache line - add %o5, $ptbl, $ptbl ! of the pwrtbl - or %g0, 1, %o5 - sll %o5, %o4, $ccr -___ -$code.=<<___ if (!$skip_wr); - wr $ccr, %g0, %ccr -___ -} -sub load_b_pair { -my ($pwrtbl,$B0,$B1)=@_; - -$code.=<<___; - ldx [$pwrtbl+0*32], $B0 - ldx [$pwrtbl+8*32], $B1 - ldx [$pwrtbl+1*32], %o4 - ldx [$pwrtbl+9*32], %o5 - movvs %icc, %o4, $B0 - ldx [$pwrtbl+2*32], %o4 - movvs %icc, %o5, $B1 - ldx [$pwrtbl+10*32],%o5 - move %icc, %o4, $B0 - ldx [$pwrtbl+3*32], %o4 - move %icc, %o5, $B1 - ldx [$pwrtbl+11*32],%o5 - movneg %icc, %o4, $B0 - ldx [$pwrtbl+4*32], %o4 - movneg %icc, %o5, $B1 - ldx [$pwrtbl+12*32],%o5 - movcs %xcc, %o4, $B0 - ldx [$pwrtbl+5*32],%o4 - movcs %xcc, %o5, $B1 - ldx [$pwrtbl+13*32],%o5 - movvs %xcc, %o4, $B0 - ldx [$pwrtbl+6*32], %o4 - movvs %xcc, %o5, $B1 - ldx [$pwrtbl+14*32],%o5 - move %xcc, %o4, $B0 - ldx [$pwrtbl+7*32], %o4 - move %xcc, %o5, $B1 - ldx [$pwrtbl+15*32],%o5 - movneg %xcc, %o4, $B0 - add $pwrtbl,16*32, $pwrtbl - movneg %xcc, %o5, $B1 -___ -} -sub load_b { -my ($pwrtbl,$Bi)=@_; - -$code.=<<___; - ldx [$pwrtbl+0*32], $Bi - ldx [$pwrtbl+1*32], %o4 - ldx [$pwrtbl+2*32], %o5 - movvs %icc, %o4, $Bi - ldx [$pwrtbl+3*32], %o4 - move %icc, %o5, $Bi - ldx [$pwrtbl+4*32], %o5 - movneg %icc, %o4, $Bi - ldx [$pwrtbl+5*32], %o4 - movcs %xcc, %o5, $Bi - ldx [$pwrtbl+6*32], %o5 - movvs %xcc, %o4, $Bi - ldx [$pwrtbl+7*32], %o4 - move %xcc, %o5, $Bi - add $pwrtbl,8*32, $pwrtbl - movneg %xcc, %o4, $Bi -___ -} - -######################################################################## -# int bn_pwr5_mont_t4_$NUM(u64 *tp,const u64 *np,const BN_ULONG *n0, -# const u64 *pwrtbl,int pwr,int stride); -# -sub generate_bn_pwr5_mont_t4() { -my $NUM=shift; -my ($tp,$np,$pwrtbl,$pwr,$sentinel)=map("%g$_",(1..5)); - -$code.=<<___; -.globl bn_pwr5_mont_t4_$NUM -.align 32 -bn_pwr5_mont_t4_$NUM: -#ifdef __arch64__ - mov 0,$sentinel - mov -128,%g4 -#elif defined(SPARCV9_64BIT_STACK) - SPARC_LOAD_ADDRESS_LEAF(OPENSSL_sparcv9cap_P,%g1,%g5) - ld [%g1+0],%g1 ! OPENSSL_sparcv9_P[0] - mov -2047,%g4 - and %g1,SPARCV9_64BIT_STACK,%g1 - movrz %g1,0,%g4 - mov -1,$sentinel - add %g4,-128,%g4 -#else - mov -1,$sentinel - mov -128,%g4 -#endif - sllx $sentinel,32,$sentinel - save %sp,%g4,%sp -#ifndef __arch64__ - save %sp,-128,%sp ! warm it up - save %sp,-128,%sp - save %sp,-128,%sp - save %sp,-128,%sp - save %sp,-128,%sp - save %sp,-128,%sp - restore - restore - restore - restore - restore - restore -#endif - and %sp,1,%g4 - or $sentinel,%fp,%fp - or %g4,$sentinel,$sentinel - - ! copy arguments to global registers - mov %i0,$tp - mov %i1,$np - ld [%i2+0],%f1 ! load *n0 - ld [%i2+4],%f0 - mov %i3,$pwrtbl - srl %i4,%g0,%i4 ! pack last arguments - sllx %i5,32,$pwr - or %i4,$pwr,$pwr - fsrc2 %f0,%f60 -___ - -# load tp[$NUM] ######################################################## -$code.=<<___; - save %sp,-128,%sp; or $sentinel,%fp,%fp -___ -for($i=0; $i<14 && $i<$NUM; $i++) { -$code.=<<___; - ldx [$tp+$i*8],@A[$i] -___ -} -for(; $i<$NUM; $i++) { -$code.=<<___; - ldd [$tp+$i*8],@A[$i] -___ -} -# load np[$NUM] ######################################################## -$code.=<<___; - save %sp,-128,%sp; or $sentinel,%fp,%fp -___ -for($i=0; $i<14 && $i<$NUM; $i++) { -$code.=<<___; - ldx [$np+$i*8],@N[$i] -___ -} -$code.=<<___; - save %sp,-128,%sp; or $sentinel,%fp,%fp -___ -for(; $i<28 && $i<$NUM; $i++) { -$code.=<<___; - ldx [$np+$i*8],@N[$i] -___ -} -$code.=<<___; - save %sp,-128,%sp; or $sentinel,%fp,%fp -___ -for(; $i<$NUM; $i++) { -$code.=<<___; - ldx [$np+$i*8],@N[$i] -___ -} -# load pwrtbl[pwr] ######################################################## -$code.=<<___; - save %sp,-128,%sp; or $sentinel,%fp,%fp - - srlx $pwr, 32, %o4 ! unpack $pwr - srl $pwr, %g0, %o5 - sub %o4, 5, %o4 - mov $pwrtbl, %o7 - sllx %o4, 32, $pwr ! re-pack $pwr - or %o5, $pwr, $pwr - srl %o5, %o4, %o5 -___ - &load_ccr("%o7","%o5","%o4"); -$code.=<<___; - b .Lstride_$NUM - nop -.align 16 -.Lstride_$NUM: -___ -for($i=0; $i<14 && $i<$NUM; $i+=2) { - &load_b_pair("%o7",@B[$i],@B[$i+1]); -} -$code.=<<___; - save %sp,-128,%sp; or $sentinel,%fp,%fp -___ -for(; $i<$NUM; $i+=2) { - &load_b_pair("%i7",@B[$i],@B[$i+1]); -} -$code.=<<___; - srax $pwr, 32, %o4 ! unpack $pwr - srl $pwr, %g0, %o5 - sub %o4, 5, %o4 - mov $pwrtbl, %i7 - sllx %o4, 32, $pwr ! re-pack $pwr - or %o5, $pwr, $pwr - srl %o5, %o4, %o5 -___ - &load_ccr("%i7","%o5","%o4",1); - -# magic ################################################################ -for($i=0; $i<5; $i++) { -$code.=<<___; - .word 0x81b02940+$NUM-1 ! montsqr $NUM-1 - fbu,pn %fcc3,.Labort_$NUM -#ifndef __arch64__ - and %fp,$sentinel,$sentinel - brz,pn $sentinel,.Labort_$NUM -#endif - nop -___ -} -$code.=<<___; - wr %o4, %g0, %ccr - .word 0x81b02920+$NUM-1 ! montmul $NUM-1 - fbu,pn %fcc3,.Labort_$NUM -#ifndef __arch64__ - and %fp,$sentinel,$sentinel - brz,pn $sentinel,.Labort_$NUM -#endif - - srax $pwr, 32, %o4 -#ifdef __arch64__ - brgez %o4,.Lstride_$NUM - restore - restore - restore - restore - restore -#else - brgez %o4,.Lstride_$NUM - restore; and %fp,$sentinel,$sentinel - restore; and %fp,$sentinel,$sentinel - restore; and %fp,$sentinel,$sentinel - restore; and %fp,$sentinel,$sentinel - brz,pn $sentinel,.Labort1_$NUM - restore -#endif -___ - -# save tp[$NUM] ######################################################## -for($i=0; $i<14 && $i<$NUM; $i++) { -$code.=<<___; - movxtod @A[$i],@R[$i] -___ -} -$code.=<<___; -#ifdef __arch64__ - restore -#else - and %fp,$sentinel,$sentinel - restore - and $sentinel,1,%o7 - and %fp,$sentinel,$sentinel - srl %fp,0,%fp ! just in case? - or %o7,$sentinel,$sentinel - brz,a,pn $sentinel,.Ldone_$NUM - mov 0,%i0 ! return failure -#endif -___ -for($i=0; $i<$NUM; $i++) { -$code.=<<___; - std @R[$i],[$tp+$i*8] -___ -} -$code.=<<___; - mov 1,%i0 ! return success -.Ldone_$NUM: - ret - restore - -.Labort_$NUM: - restore - restore - restore - restore - restore -.Labort1_$NUM: - restore - - mov 0,%i0 ! return failure - ret - restore -.type bn_pwr5_mont_t4_$NUM, #function -.size bn_pwr5_mont_t4_$NUM, .-bn_pwr5_mont_t4_$NUM -___ -} - -for ($i=8;$i<=32;$i+=8) { - &generate_bn_pwr5_mont_t4($i); -} - -{ -######################################################################## -# Fall-back subroutines -# -# copy of bn_mul_mont_vis3 adjusted for vectors of 64-bit values -# -($n0,$m0,$m1,$lo0,$hi0, $lo1,$hi1,$aj,$alo,$nj,$nlo,$tj)= - (map("%g$_",(1..5)),map("%o$_",(0..5,7))); - -# int bn_mul_mont( -$rp="%o0"; # u64 *rp, -$ap="%o1"; # const u64 *ap, -$bp="%o2"; # const u64 *bp, -$np="%o3"; # const u64 *np, -$n0p="%o4"; # const BN_ULONG *n0, -$num="%o5"; # int num); # caller ensures that num is >=3 -$code.=<<___; -.globl bn_mul_mont_t4 -.align 32 -bn_mul_mont_t4: - add %sp, STACK_BIAS, %g4 ! real top of stack - sll $num, 3, $num ! size in bytes - add $num, 63, %g1 - andn %g1, 63, %g1 ! buffer size rounded up to 64 bytes - sub %g4, %g1, %g1 - andn %g1, 63, %g1 ! align at 64 byte - sub %g1, STACK_FRAME, %g1 ! new top of stack - sub %g1, %g4, %g1 - - save %sp, %g1, %sp -___ -# +-------------------------------+<----- %sp -# . . -# +-------------------------------+<----- aligned at 64 bytes -# | __int64 tmp[0] | -# +-------------------------------+ -# . . -# . . -# +-------------------------------+<----- aligned at 64 bytes -# . . -($rp,$ap,$bp,$np,$n0p,$num)=map("%i$_",(0..5)); -($t0,$t1,$t2,$t3,$cnt,$tp,$bufsz)=map("%l$_",(0..7)); -($ovf,$i)=($t0,$t1); -$code.=<<___; - ld [$n0p+0], $t0 ! pull n0[0..1] value - ld [$n0p+4], $t1 - add %sp, STACK_BIAS+STACK_FRAME, $tp - ldx [$bp+0], $m0 ! m0=bp[0] - sllx $t1, 32, $n0 - add $bp, 8, $bp - or $t0, $n0, $n0 - - ldx [$ap+0], $aj ! ap[0] - - mulx $aj, $m0, $lo0 ! ap[0]*bp[0] - umulxhi $aj, $m0, $hi0 - - ldx [$ap+8], $aj ! ap[1] - add $ap, 16, $ap - ldx [$np+0], $nj ! np[0] - - mulx $lo0, $n0, $m1 ! "tp[0]"*n0 - - mulx $aj, $m0, $alo ! ap[1]*bp[0] - umulxhi $aj, $m0, $aj ! ahi=aj - - mulx $nj, $m1, $lo1 ! np[0]*m1 - umulxhi $nj, $m1, $hi1 - - ldx [$np+8], $nj ! np[1] - - addcc $lo0, $lo1, $lo1 - add $np, 16, $np - addxc %g0, $hi1, $hi1 - - mulx $nj, $m1, $nlo ! np[1]*m1 - umulxhi $nj, $m1, $nj ! nhi=nj - - ba .L1st - sub $num, 24, $cnt ! cnt=num-3 - -.align 16 -.L1st: - addcc $alo, $hi0, $lo0 - addxc $aj, %g0, $hi0 - - ldx [$ap+0], $aj ! ap[j] - addcc $nlo, $hi1, $lo1 - add $ap, 8, $ap - addxc $nj, %g0, $hi1 ! nhi=nj - - ldx [$np+0], $nj ! np[j] - mulx $aj, $m0, $alo ! ap[j]*bp[0] - add $np, 8, $np - umulxhi $aj, $m0, $aj ! ahi=aj - - mulx $nj, $m1, $nlo ! np[j]*m1 - addcc $lo0, $lo1, $lo1 ! np[j]*m1+ap[j]*bp[0] - umulxhi $nj, $m1, $nj ! nhi=nj - addxc %g0, $hi1, $hi1 - stxa $lo1, [$tp]0xe2 ! tp[j-1] - add $tp, 8, $tp ! tp++ - - brnz,pt $cnt, .L1st - sub $cnt, 8, $cnt ! j-- -!.L1st - addcc $alo, $hi0, $lo0 - addxc $aj, %g0, $hi0 ! ahi=aj - - addcc $nlo, $hi1, $lo1 - addxc $nj, %g0, $hi1 - addcc $lo0, $lo1, $lo1 ! np[j]*m1+ap[j]*bp[0] - addxc %g0, $hi1, $hi1 - stxa $lo1, [$tp]0xe2 ! tp[j-1] - add $tp, 8, $tp - - addcc $hi0, $hi1, $hi1 - addxc %g0, %g0, $ovf ! upmost overflow bit - stxa $hi1, [$tp]0xe2 - add $tp, 8, $tp - - ba .Louter - sub $num, 16, $i ! i=num-2 - -.align 16 -.Louter: - ldx [$bp+0], $m0 ! m0=bp[i] - add $bp, 8, $bp - - sub $ap, $num, $ap ! rewind - sub $np, $num, $np - sub $tp, $num, $tp - - ldx [$ap+0], $aj ! ap[0] - ldx [$np+0], $nj ! np[0] - - mulx $aj, $m0, $lo0 ! ap[0]*bp[i] - ldx [$tp], $tj ! tp[0] - umulxhi $aj, $m0, $hi0 - ldx [$ap+8], $aj ! ap[1] - addcc $lo0, $tj, $lo0 ! ap[0]*bp[i]+tp[0] - mulx $aj, $m0, $alo ! ap[1]*bp[i] - addxc %g0, $hi0, $hi0 - mulx $lo0, $n0, $m1 ! tp[0]*n0 - umulxhi $aj, $m0, $aj ! ahi=aj - mulx $nj, $m1, $lo1 ! np[0]*m1 - add $ap, 16, $ap - umulxhi $nj, $m1, $hi1 - ldx [$np+8], $nj ! np[1] - add $np, 16, $np - addcc $lo1, $lo0, $lo1 - mulx $nj, $m1, $nlo ! np[1]*m1 - addxc %g0, $hi1, $hi1 - umulxhi $nj, $m1, $nj ! nhi=nj - - ba .Linner - sub $num, 24, $cnt ! cnt=num-3 -.align 16 -.Linner: - addcc $alo, $hi0, $lo0 - ldx [$tp+8], $tj ! tp[j] - addxc $aj, %g0, $hi0 ! ahi=aj - ldx [$ap+0], $aj ! ap[j] - add $ap, 8, $ap - addcc $nlo, $hi1, $lo1 - mulx $aj, $m0, $alo ! ap[j]*bp[i] - addxc $nj, %g0, $hi1 ! nhi=nj - ldx [$np+0], $nj ! np[j] - add $np, 8, $np - umulxhi $aj, $m0, $aj ! ahi=aj - addcc $lo0, $tj, $lo0 ! ap[j]*bp[i]+tp[j] - mulx $nj, $m1, $nlo ! np[j]*m1 - addxc %g0, $hi0, $hi0 - umulxhi $nj, $m1, $nj ! nhi=nj - addcc $lo1, $lo0, $lo1 ! np[j]*m1+ap[j]*bp[i]+tp[j] - addxc %g0, $hi1, $hi1 - stx $lo1, [$tp] ! tp[j-1] - add $tp, 8, $tp - brnz,pt $cnt, .Linner - sub $cnt, 8, $cnt -!.Linner - ldx [$tp+8], $tj ! tp[j] - addcc $alo, $hi0, $lo0 - addxc $aj, %g0, $hi0 ! ahi=aj - addcc $lo0, $tj, $lo0 ! ap[j]*bp[i]+tp[j] - addxc %g0, $hi0, $hi0 - - addcc $nlo, $hi1, $lo1 - addxc $nj, %g0, $hi1 ! nhi=nj - addcc $lo1, $lo0, $lo1 ! np[j]*m1+ap[j]*bp[i]+tp[j] - addxc %g0, $hi1, $hi1 - stx $lo1, [$tp] ! tp[j-1] - - subcc %g0, $ovf, %g0 ! move upmost overflow to CCR.xcc - addxccc $hi1, $hi0, $hi1 - addxc %g0, %g0, $ovf - stx $hi1, [$tp+8] - add $tp, 16, $tp - - brnz,pt $i, .Louter - sub $i, 8, $i - - sub $ap, $num, $ap ! rewind - sub $np, $num, $np - sub $tp, $num, $tp - ba .Lsub - subcc $num, 8, $cnt ! cnt=num-1 and clear CCR.xcc - -.align 16 -.Lsub: - ldx [$tp], $tj - add $tp, 8, $tp - ldx [$np+0], $nj - add $np, 8, $np - subccc $tj, $nj, $t2 ! tp[j]-np[j] - srlx $tj, 32, $tj - srlx $nj, 32, $nj - subccc $tj, $nj, $t3 - add $rp, 8, $rp - st $t2, [$rp-4] ! reverse order - st $t3, [$rp-8] - brnz,pt $cnt, .Lsub - sub $cnt, 8, $cnt - - sub $np, $num, $np ! rewind - sub $tp, $num, $tp - sub $rp, $num, $rp - - subccc $ovf, %g0, $ovf ! handle upmost overflow bit - ba .Lcopy - sub $num, 8, $cnt - -.align 16 -.Lcopy: ! conditional copy - ldx [$tp], $tj - ldx [$rp+0], $t2 - stx %g0, [$tp] ! zap - add $tp, 8, $tp - movcs %icc, $tj, $t2 - stx $t2, [$rp+0] - add $rp, 8, $rp - brnz $cnt, .Lcopy - sub $cnt, 8, $cnt - - mov 1, %o0 - ret - restore -.type bn_mul_mont_t4, #function -.size bn_mul_mont_t4, .-bn_mul_mont_t4 -___ - -# int bn_mul_mont_gather5( -$rp="%o0"; # u64 *rp, -$ap="%o1"; # const u64 *ap, -$bp="%o2"; # const u64 *pwrtbl, -$np="%o3"; # const u64 *np, -$n0p="%o4"; # const BN_ULONG *n0, -$num="%o5"; # int num, # caller ensures that num is >=3 - # int power); -$code.=<<___; -.globl bn_mul_mont_gather5_t4 -.align 32 -bn_mul_mont_gather5_t4: - add %sp, STACK_BIAS, %g4 ! real top of stack - sll $num, 3, $num ! size in bytes - add $num, 63, %g1 - andn %g1, 63, %g1 ! buffer size rounded up to 64 bytes - sub %g4, %g1, %g1 - andn %g1, 63, %g1 ! align at 64 byte - sub %g1, STACK_FRAME, %g1 ! new top of stack - sub %g1, %g4, %g1 - LDPTR [%sp+STACK_7thARG], %g4 ! load power, 7th argument - - save %sp, %g1, %sp -___ -# +-------------------------------+<----- %sp -# . . -# +-------------------------------+<----- aligned at 64 bytes -# | __int64 tmp[0] | -# +-------------------------------+ -# . . -# . . -# +-------------------------------+<----- aligned at 64 bytes -# . . -($rp,$ap,$bp,$np,$n0p,$num)=map("%i$_",(0..5)); -($t0,$t1,$t2,$t3,$cnt,$tp,$bufsz,$ccr)=map("%l$_",(0..7)); -($ovf,$i)=($t0,$t1); - &load_ccr($bp,"%g4",$ccr); - &load_b($bp,$m0,"%o7"); # m0=bp[0] - -$code.=<<___; - ld [$n0p+0], $t0 ! pull n0[0..1] value - ld [$n0p+4], $t1 - add %sp, STACK_BIAS+STACK_FRAME, $tp - sllx $t1, 32, $n0 - or $t0, $n0, $n0 - - ldx [$ap+0], $aj ! ap[0] - - mulx $aj, $m0, $lo0 ! ap[0]*bp[0] - umulxhi $aj, $m0, $hi0 - - ldx [$ap+8], $aj ! ap[1] - add $ap, 16, $ap - ldx [$np+0], $nj ! np[0] - - mulx $lo0, $n0, $m1 ! "tp[0]"*n0 - - mulx $aj, $m0, $alo ! ap[1]*bp[0] - umulxhi $aj, $m0, $aj ! ahi=aj - - mulx $nj, $m1, $lo1 ! np[0]*m1 - umulxhi $nj, $m1, $hi1 - - ldx [$np+8], $nj ! np[1] - - addcc $lo0, $lo1, $lo1 - add $np, 16, $np - addxc %g0, $hi1, $hi1 - - mulx $nj, $m1, $nlo ! np[1]*m1 - umulxhi $nj, $m1, $nj ! nhi=nj - - ba .L1st_g5 - sub $num, 24, $cnt ! cnt=num-3 - -.align 16 -.L1st_g5: - addcc $alo, $hi0, $lo0 - addxc $aj, %g0, $hi0 - - ldx [$ap+0], $aj ! ap[j] - addcc $nlo, $hi1, $lo1 - add $ap, 8, $ap - addxc $nj, %g0, $hi1 ! nhi=nj - - ldx [$np+0], $nj ! np[j] - mulx $aj, $m0, $alo ! ap[j]*bp[0] - add $np, 8, $np - umulxhi $aj, $m0, $aj ! ahi=aj - - mulx $nj, $m1, $nlo ! np[j]*m1 - addcc $lo0, $lo1, $lo1 ! np[j]*m1+ap[j]*bp[0] - umulxhi $nj, $m1, $nj ! nhi=nj - addxc %g0, $hi1, $hi1 - stxa $lo1, [$tp]0xe2 ! tp[j-1] - add $tp, 8, $tp ! tp++ - - brnz,pt $cnt, .L1st_g5 - sub $cnt, 8, $cnt ! j-- -!.L1st_g5 - addcc $alo, $hi0, $lo0 - addxc $aj, %g0, $hi0 ! ahi=aj - - addcc $nlo, $hi1, $lo1 - addxc $nj, %g0, $hi1 - addcc $lo0, $lo1, $lo1 ! np[j]*m1+ap[j]*bp[0] - addxc %g0, $hi1, $hi1 - stxa $lo1, [$tp]0xe2 ! tp[j-1] - add $tp, 8, $tp - - addcc $hi0, $hi1, $hi1 - addxc %g0, %g0, $ovf ! upmost overflow bit - stxa $hi1, [$tp]0xe2 - add $tp, 8, $tp - - ba .Louter_g5 - sub $num, 16, $i ! i=num-2 - -.align 16 -.Louter_g5: - wr $ccr, %g0, %ccr -___ - &load_b($bp,$m0); # m0=bp[i] -$code.=<<___; - sub $ap, $num, $ap ! rewind - sub $np, $num, $np - sub $tp, $num, $tp - - ldx [$ap+0], $aj ! ap[0] - ldx [$np+0], $nj ! np[0] - - mulx $aj, $m0, $lo0 ! ap[0]*bp[i] - ldx [$tp], $tj ! tp[0] - umulxhi $aj, $m0, $hi0 - ldx [$ap+8], $aj ! ap[1] - addcc $lo0, $tj, $lo0 ! ap[0]*bp[i]+tp[0] - mulx $aj, $m0, $alo ! ap[1]*bp[i] - addxc %g0, $hi0, $hi0 - mulx $lo0, $n0, $m1 ! tp[0]*n0 - umulxhi $aj, $m0, $aj ! ahi=aj - mulx $nj, $m1, $lo1 ! np[0]*m1 - add $ap, 16, $ap - umulxhi $nj, $m1, $hi1 - ldx [$np+8], $nj ! np[1] - add $np, 16, $np - addcc $lo1, $lo0, $lo1 - mulx $nj, $m1, $nlo ! np[1]*m1 - addxc %g0, $hi1, $hi1 - umulxhi $nj, $m1, $nj ! nhi=nj - - ba .Linner_g5 - sub $num, 24, $cnt ! cnt=num-3 -.align 16 -.Linner_g5: - addcc $alo, $hi0, $lo0 - ldx [$tp+8], $tj ! tp[j] - addxc $aj, %g0, $hi0 ! ahi=aj - ldx [$ap+0], $aj ! ap[j] - add $ap, 8, $ap - addcc $nlo, $hi1, $lo1 - mulx $aj, $m0, $alo ! ap[j]*bp[i] - addxc $nj, %g0, $hi1 ! nhi=nj - ldx [$np+0], $nj ! np[j] - add $np, 8, $np - umulxhi $aj, $m0, $aj ! ahi=aj - addcc $lo0, $tj, $lo0 ! ap[j]*bp[i]+tp[j] - mulx $nj, $m1, $nlo ! np[j]*m1 - addxc %g0, $hi0, $hi0 - umulxhi $nj, $m1, $nj ! nhi=nj - addcc $lo1, $lo0, $lo1 ! np[j]*m1+ap[j]*bp[i]+tp[j] - addxc %g0, $hi1, $hi1 - stx $lo1, [$tp] ! tp[j-1] - add $tp, 8, $tp - brnz,pt $cnt, .Linner_g5 - sub $cnt, 8, $cnt -!.Linner_g5 - ldx [$tp+8], $tj ! tp[j] - addcc $alo, $hi0, $lo0 - addxc $aj, %g0, $hi0 ! ahi=aj - addcc $lo0, $tj, $lo0 ! ap[j]*bp[i]+tp[j] - addxc %g0, $hi0, $hi0 - - addcc $nlo, $hi1, $lo1 - addxc $nj, %g0, $hi1 ! nhi=nj - addcc $lo1, $lo0, $lo1 ! np[j]*m1+ap[j]*bp[i]+tp[j] - addxc %g0, $hi1, $hi1 - stx $lo1, [$tp] ! tp[j-1] - - subcc %g0, $ovf, %g0 ! move upmost overflow to CCR.xcc - addxccc $hi1, $hi0, $hi1 - addxc %g0, %g0, $ovf - stx $hi1, [$tp+8] - add $tp, 16, $tp - - brnz,pt $i, .Louter_g5 - sub $i, 8, $i - - sub $ap, $num, $ap ! rewind - sub $np, $num, $np - sub $tp, $num, $tp - ba .Lsub_g5 - subcc $num, 8, $cnt ! cnt=num-1 and clear CCR.xcc - -.align 16 -.Lsub_g5: - ldx [$tp], $tj - add $tp, 8, $tp - ldx [$np+0], $nj - add $np, 8, $np - subccc $tj, $nj, $t2 ! tp[j]-np[j] - srlx $tj, 32, $tj - srlx $nj, 32, $nj - subccc $tj, $nj, $t3 - add $rp, 8, $rp - st $t2, [$rp-4] ! reverse order - st $t3, [$rp-8] - brnz,pt $cnt, .Lsub_g5 - sub $cnt, 8, $cnt - - sub $np, $num, $np ! rewind - sub $tp, $num, $tp - sub $rp, $num, $rp - - subccc $ovf, %g0, $ovf ! handle upmost overflow bit - ba .Lcopy_g5 - sub $num, 8, $cnt - -.align 16 -.Lcopy_g5: ! conditional copy - ldx [$tp], $tj - ldx [$rp+0], $t2 - stx %g0, [$tp] ! zap - add $tp, 8, $tp - movcs %icc, $tj, $t2 - stx $t2, [$rp+0] - add $rp, 8, $rp - brnz $cnt, .Lcopy_g5 - sub $cnt, 8, $cnt - - mov 1, %o0 - ret - restore -.type bn_mul_mont_gather5_t4, #function -.size bn_mul_mont_gather5_t4, .-bn_mul_mont_gather5_t4 -___ -} - -$code.=<<___; -.globl bn_flip_t4 -.align 32 -bn_flip_t4: -.Loop_flip: - ld [%o1+0], %o4 - sub %o2, 1, %o2 - ld [%o1+4], %o5 - add %o1, 8, %o1 - st %o5, [%o0+0] - st %o4, [%o0+4] - brnz %o2, .Loop_flip - add %o0, 8, %o0 - retl - nop -.type bn_flip_t4, #function -.size bn_flip_t4, .-bn_flip_t4 - -.globl bn_flip_n_scatter5_t4 -.align 32 -bn_flip_n_scatter5_t4: - sll %o3, 3, %o3 - srl %o1, 1, %o1 - add %o3, %o2, %o2 ! &pwrtbl[pwr] - sub %o1, 1, %o1 -.Loop_flip_n_scatter5: - ld [%o0+0], %o4 ! inp[i] - ld [%o0+4], %o5 - add %o0, 8, %o0 - sllx %o5, 32, %o5 - or %o4, %o5, %o5 - stx %o5, [%o2] - add %o2, 32*8, %o2 - brnz %o1, .Loop_flip_n_scatter5 - sub %o1, 1, %o1 - retl - nop -.type bn_flip_n_scatter5_t4, #function -.size bn_flip_n_scatter5_t4, .-bn_flip_n_scatter5_t4 - -.globl bn_gather5_t4 -.align 32 -bn_gather5_t4: -___ - &load_ccr("%o2","%o3","%g1"); -$code.=<<___; - sub %o1, 1, %o1 -.Loop_gather5: -___ - &load_b("%o2","%g1"); -$code.=<<___; - stx %g1, [%o0] - add %o0, 8, %o0 - brnz %o1, .Loop_gather5 - sub %o1, 1, %o1 - - retl - nop -.type bn_gather5_t4, #function -.size bn_gather5_t4, .-bn_gather5_t4 - -.asciz "Montgomery Multiplication for SPARC T4, David S. Miller, Andy Polyakov" -.align 4 -___ - -&emit_assembler(); - -close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/bn/asm/sparcv8.S b/crypto/bn/asm/sparcv8.S deleted file mode 100644 index 94487008443e261ca5f2b8c9edfea01bba350875..0000000000000000000000000000000000000000 --- a/crypto/bn/asm/sparcv8.S +++ /dev/null @@ -1,1458 +0,0 @@ -.ident "sparcv8.s, Version 1.4" -.ident "SPARC v8 ISA artwork by Andy Polyakov " - -/* - * ==================================================================== - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - * ==================================================================== - */ - -/* - * This is my modest contribution to OpenSSL project (see - * http://www.openssl.org/ for more information about it) and is - * a drop-in SuperSPARC ISA replacement for crypto/bn/bn_asm.c - * module. For updates see http://fy.chalmers.se/~appro/hpe/. - * - * See bn_asm.sparc.v8plus.S for more details. - */ - -/* - * Revision history. - * - * 1.1 - new loop unrolling model(*); - * 1.2 - made gas friendly; - * 1.3 - fixed problem with /usr/ccs/lib/cpp; - * 1.4 - some retunes; - * - * (*) see bn_asm.sparc.v8plus.S for details - */ - -.section ".text",#alloc,#execinstr -.file "bn_asm.sparc.v8.S" - -.align 32 - -.global bn_mul_add_words -/* - * BN_ULONG bn_mul_add_words(rp,ap,num,w) - * BN_ULONG *rp,*ap; - * int num; - * BN_ULONG w; - */ -bn_mul_add_words: - cmp %o2,0 - bg,a .L_bn_mul_add_words_proceed - ld [%o1],%g2 - retl - clr %o0 - -.L_bn_mul_add_words_proceed: - andcc %o2,-4,%g0 - bz .L_bn_mul_add_words_tail - clr %o5 - -.L_bn_mul_add_words_loop: - ld [%o0],%o4 - ld [%o1+4],%g3 - umul %o3,%g2,%g2 - rd %y,%g1 - addcc %o4,%o5,%o4 - addx %g1,0,%g1 - addcc %o4,%g2,%o4 - st %o4,[%o0] - addx %g1,0,%o5 - - ld [%o0+4],%o4 - ld [%o1+8],%g2 - umul %o3,%g3,%g3 - dec 4,%o2 - rd %y,%g1 - addcc %o4,%o5,%o4 - addx %g1,0,%g1 - addcc %o4,%g3,%o4 - st %o4,[%o0+4] - addx %g1,0,%o5 - - ld [%o0+8],%o4 - ld [%o1+12],%g3 - umul %o3,%g2,%g2 - inc 16,%o1 - rd %y,%g1 - addcc %o4,%o5,%o4 - addx %g1,0,%g1 - addcc %o4,%g2,%o4 - st %o4,[%o0+8] - addx %g1,0,%o5 - - ld [%o0+12],%o4 - umul %o3,%g3,%g3 - inc 16,%o0 - rd %y,%g1 - addcc %o4,%o5,%o4 - addx %g1,0,%g1 - addcc %o4,%g3,%o4 - st %o4,[%o0-4] - addx %g1,0,%o5 - andcc %o2,-4,%g0 - bnz,a .L_bn_mul_add_words_loop - ld [%o1],%g2 - - tst %o2 - bnz,a .L_bn_mul_add_words_tail - ld [%o1],%g2 -.L_bn_mul_add_words_return: - retl - mov %o5,%o0 - nop - -.L_bn_mul_add_words_tail: - ld [%o0],%o4 - umul %o3,%g2,%g2 - addcc %o4,%o5,%o4 - rd %y,%g1 - addx %g1,0,%g1 - addcc %o4,%g2,%o4 - addx %g1,0,%o5 - deccc %o2 - bz .L_bn_mul_add_words_return - st %o4,[%o0] - - ld [%o1+4],%g2 - ld [%o0+4],%o4 - umul %o3,%g2,%g2 - rd %y,%g1 - addcc %o4,%o5,%o4 - addx %g1,0,%g1 - addcc %o4,%g2,%o4 - addx %g1,0,%o5 - deccc %o2 - bz .L_bn_mul_add_words_return - st %o4,[%o0+4] - - ld [%o1+8],%g2 - ld [%o0+8],%o4 - umul %o3,%g2,%g2 - rd %y,%g1 - addcc %o4,%o5,%o4 - addx %g1,0,%g1 - addcc %o4,%g2,%o4 - st %o4,[%o0+8] - retl - addx %g1,0,%o0 - -.type bn_mul_add_words,#function -.size bn_mul_add_words,(.-bn_mul_add_words) - -.align 32 - -.global bn_mul_words -/* - * BN_ULONG bn_mul_words(rp,ap,num,w) - * BN_ULONG *rp,*ap; - * int num; - * BN_ULONG w; - */ -bn_mul_words: - cmp %o2,0 - bg,a .L_bn_mul_words_proceed - ld [%o1],%g2 - retl - clr %o0 - -.L_bn_mul_words_proceed: - andcc %o2,-4,%g0 - bz .L_bn_mul_words_tail - clr %o5 - -.L_bn_mul_words_loop: - ld [%o1+4],%g3 - umul %o3,%g2,%g2 - addcc %g2,%o5,%g2 - rd %y,%g1 - addx %g1,0,%o5 - st %g2,[%o0] - - ld [%o1+8],%g2 - umul %o3,%g3,%g3 - addcc %g3,%o5,%g3 - rd %y,%g1 - dec 4,%o2 - addx %g1,0,%o5 - st %g3,[%o0+4] - - ld [%o1+12],%g3 - umul %o3,%g2,%g2 - addcc %g2,%o5,%g2 - rd %y,%g1 - inc 16,%o1 - st %g2,[%o0+8] - addx %g1,0,%o5 - - umul %o3,%g3,%g3 - addcc %g3,%o5,%g3 - rd %y,%g1 - inc 16,%o0 - addx %g1,0,%o5 - st %g3,[%o0-4] - andcc %o2,-4,%g0 - nop - bnz,a .L_bn_mul_words_loop - ld [%o1],%g2 - - tst %o2 - bnz,a .L_bn_mul_words_tail - ld [%o1],%g2 -.L_bn_mul_words_return: - retl - mov %o5,%o0 - nop - -.L_bn_mul_words_tail: - umul %o3,%g2,%g2 - addcc %g2,%o5,%g2 - rd %y,%g1 - addx %g1,0,%o5 - deccc %o2 - bz .L_bn_mul_words_return - st %g2,[%o0] - nop - - ld [%o1+4],%g2 - umul %o3,%g2,%g2 - addcc %g2,%o5,%g2 - rd %y,%g1 - addx %g1,0,%o5 - deccc %o2 - bz .L_bn_mul_words_return - st %g2,[%o0+4] - - ld [%o1+8],%g2 - umul %o3,%g2,%g2 - addcc %g2,%o5,%g2 - rd %y,%g1 - st %g2,[%o0+8] - retl - addx %g1,0,%o0 - -.type bn_mul_words,#function -.size bn_mul_words,(.-bn_mul_words) - -.align 32 -.global bn_sqr_words -/* - * void bn_sqr_words(r,a,n) - * BN_ULONG *r,*a; - * int n; - */ -bn_sqr_words: - cmp %o2,0 - bg,a .L_bn_sqr_words_proceed - ld [%o1],%g2 - retl - clr %o0 - -.L_bn_sqr_words_proceed: - andcc %o2,-4,%g0 - bz .L_bn_sqr_words_tail - clr %o5 - -.L_bn_sqr_words_loop: - ld [%o1+4],%g3 - umul %g2,%g2,%o4 - st %o4,[%o0] - rd %y,%o5 - st %o5,[%o0+4] - - ld [%o1+8],%g2 - umul %g3,%g3,%o4 - dec 4,%o2 - st %o4,[%o0+8] - rd %y,%o5 - st %o5,[%o0+12] - nop - - ld [%o1+12],%g3 - umul %g2,%g2,%o4 - st %o4,[%o0+16] - rd %y,%o5 - inc 16,%o1 - st %o5,[%o0+20] - - umul %g3,%g3,%o4 - inc 32,%o0 - st %o4,[%o0-8] - rd %y,%o5 - st %o5,[%o0-4] - andcc %o2,-4,%g2 - bnz,a .L_bn_sqr_words_loop - ld [%o1],%g2 - - tst %o2 - nop - bnz,a .L_bn_sqr_words_tail - ld [%o1],%g2 -.L_bn_sqr_words_return: - retl - clr %o0 - -.L_bn_sqr_words_tail: - umul %g2,%g2,%o4 - st %o4,[%o0] - deccc %o2 - rd %y,%o5 - bz .L_bn_sqr_words_return - st %o5,[%o0+4] - - ld [%o1+4],%g2 - umul %g2,%g2,%o4 - st %o4,[%o0+8] - deccc %o2 - rd %y,%o5 - nop - bz .L_bn_sqr_words_return - st %o5,[%o0+12] - - ld [%o1+8],%g2 - umul %g2,%g2,%o4 - st %o4,[%o0+16] - rd %y,%o5 - st %o5,[%o0+20] - retl - clr %o0 - -.type bn_sqr_words,#function -.size bn_sqr_words,(.-bn_sqr_words) - -.align 32 - -.global bn_div_words -/* - * BN_ULONG bn_div_words(h,l,d) - * BN_ULONG h,l,d; - */ -bn_div_words: - wr %o0,%y - udiv %o1,%o2,%o0 - retl - nop - -.type bn_div_words,#function -.size bn_div_words,(.-bn_div_words) - -.align 32 - -.global bn_add_words -/* - * BN_ULONG bn_add_words(rp,ap,bp,n) - * BN_ULONG *rp,*ap,*bp; - * int n; - */ -bn_add_words: - cmp %o3,0 - bg,a .L_bn_add_words_proceed - ld [%o1],%o4 - retl - clr %o0 - -.L_bn_add_words_proceed: - andcc %o3,-4,%g0 - bz .L_bn_add_words_tail - clr %g1 - ba .L_bn_add_words_warn_loop - addcc %g0,0,%g0 ! clear carry flag - -.L_bn_add_words_loop: - ld [%o1],%o4 -.L_bn_add_words_warn_loop: - ld [%o2],%o5 - ld [%o1+4],%g3 - ld [%o2+4],%g4 - dec 4,%o3 - addxcc %o5,%o4,%o5 - st %o5,[%o0] - - ld [%o1+8],%o4 - ld [%o2+8],%o5 - inc 16,%o1 - addxcc %g3,%g4,%g3 - st %g3,[%o0+4] - - ld [%o1-4],%g3 - ld [%o2+12],%g4 - inc 16,%o2 - addxcc %o5,%o4,%o5 - st %o5,[%o0+8] - - inc 16,%o0 - addxcc %g3,%g4,%g3 - st %g3,[%o0-4] - addx %g0,0,%g1 - andcc %o3,-4,%g0 - bnz,a .L_bn_add_words_loop - addcc %g1,-1,%g0 - - tst %o3 - bnz,a .L_bn_add_words_tail - ld [%o1],%o4 -.L_bn_add_words_return: - retl - mov %g1,%o0 - -.L_bn_add_words_tail: - addcc %g1,-1,%g0 - ld [%o2],%o5 - addxcc %o5,%o4,%o5 - addx %g0,0,%g1 - deccc %o3 - bz .L_bn_add_words_return - st %o5,[%o0] - - ld [%o1+4],%o4 - addcc %g1,-1,%g0 - ld [%o2+4],%o5 - addxcc %o5,%o4,%o5 - addx %g0,0,%g1 - deccc %o3 - bz .L_bn_add_words_return - st %o5,[%o0+4] - - ld [%o1+8],%o4 - addcc %g1,-1,%g0 - ld [%o2+8],%o5 - addxcc %o5,%o4,%o5 - st %o5,[%o0+8] - retl - addx %g0,0,%o0 - -.type bn_add_words,#function -.size bn_add_words,(.-bn_add_words) - -.align 32 - -.global bn_sub_words -/* - * BN_ULONG bn_sub_words(rp,ap,bp,n) - * BN_ULONG *rp,*ap,*bp; - * int n; - */ -bn_sub_words: - cmp %o3,0 - bg,a .L_bn_sub_words_proceed - ld [%o1],%o4 - retl - clr %o0 - -.L_bn_sub_words_proceed: - andcc %o3,-4,%g0 - bz .L_bn_sub_words_tail - clr %g1 - ba .L_bn_sub_words_warm_loop - addcc %g0,0,%g0 ! clear carry flag - -.L_bn_sub_words_loop: - ld [%o1],%o4 -.L_bn_sub_words_warm_loop: - ld [%o2],%o5 - ld [%o1+4],%g3 - ld [%o2+4],%g4 - dec 4,%o3 - subxcc %o4,%o5,%o5 - st %o5,[%o0] - - ld [%o1+8],%o4 - ld [%o2+8],%o5 - inc 16,%o1 - subxcc %g3,%g4,%g4 - st %g4,[%o0+4] - - ld [%o1-4],%g3 - ld [%o2+12],%g4 - inc 16,%o2 - subxcc %o4,%o5,%o5 - st %o5,[%o0+8] - - inc 16,%o0 - subxcc %g3,%g4,%g4 - st %g4,[%o0-4] - addx %g0,0,%g1 - andcc %o3,-4,%g0 - bnz,a .L_bn_sub_words_loop - addcc %g1,-1,%g0 - - tst %o3 - nop - bnz,a .L_bn_sub_words_tail - ld [%o1],%o4 -.L_bn_sub_words_return: - retl - mov %g1,%o0 - -.L_bn_sub_words_tail: - addcc %g1,-1,%g0 - ld [%o2],%o5 - subxcc %o4,%o5,%o5 - addx %g0,0,%g1 - deccc %o3 - bz .L_bn_sub_words_return - st %o5,[%o0] - nop - - ld [%o1+4],%o4 - addcc %g1,-1,%g0 - ld [%o2+4],%o5 - subxcc %o4,%o5,%o5 - addx %g0,0,%g1 - deccc %o3 - bz .L_bn_sub_words_return - st %o5,[%o0+4] - - ld [%o1+8],%o4 - addcc %g1,-1,%g0 - ld [%o2+8],%o5 - subxcc %o4,%o5,%o5 - st %o5,[%o0+8] - retl - addx %g0,0,%o0 - -.type bn_sub_words,#function -.size bn_sub_words,(.-bn_sub_words) - -#define FRAME_SIZE -96 - -/* - * Here is register usage map for *all* routines below. - */ -#define t_1 %o0 -#define t_2 %o1 -#define c_1 %o2 -#define c_2 %o3 -#define c_3 %o4 - -#define ap(I) [%i1+4*I] -#define bp(I) [%i2+4*I] -#define rp(I) [%i0+4*I] - -#define a_0 %l0 -#define a_1 %l1 -#define a_2 %l2 -#define a_3 %l3 -#define a_4 %l4 -#define a_5 %l5 -#define a_6 %l6 -#define a_7 %l7 - -#define b_0 %i3 -#define b_1 %i4 -#define b_2 %i5 -#define b_3 %o5 -#define b_4 %g1 -#define b_5 %g2 -#define b_6 %g3 -#define b_7 %g4 - -.align 32 -.global bn_mul_comba8 -/* - * void bn_mul_comba8(r,a,b) - * BN_ULONG *r,*a,*b; - */ -bn_mul_comba8: - save %sp,FRAME_SIZE,%sp - ld ap(0),a_0 - ld bp(0),b_0 - umul a_0,b_0,c_1 !=!mul_add_c(a[0],b[0],c1,c2,c3); - ld bp(1),b_1 - rd %y,c_2 - st c_1,rp(0) !r[0]=c1; - - umul a_0,b_1,t_1 !=!mul_add_c(a[0],b[1],c2,c3,c1); - ld ap(1),a_1 - addcc c_2,t_1,c_2 - rd %y,t_2 - addxcc %g0,t_2,c_3 != - addx %g0,%g0,c_1 - ld ap(2),a_2 - umul a_1,b_0,t_1 !mul_add_c(a[1],b[0],c2,c3,c1); - addcc c_2,t_1,c_2 != - rd %y,t_2 - addxcc c_3,t_2,c_3 - st c_2,rp(1) !r[1]=c2; - addx c_1,%g0,c_1 != - - umul a_2,b_0,t_1 !mul_add_c(a[2],b[0],c3,c1,c2); - addcc c_3,t_1,c_3 - rd %y,t_2 - addxcc c_1,t_2,c_1 != - addx %g0,%g0,c_2 - ld bp(2),b_2 - umul a_1,b_1,t_1 !mul_add_c(a[1],b[1],c3,c1,c2); - addcc c_3,t_1,c_3 != - rd %y,t_2 - addxcc c_1,t_2,c_1 - ld bp(3),b_3 - addx c_2,%g0,c_2 != - umul a_0,b_2,t_1 !mul_add_c(a[0],b[2],c3,c1,c2); - addcc c_3,t_1,c_3 - rd %y,t_2 - addxcc c_1,t_2,c_1 != - addx c_2,%g0,c_2 - st c_3,rp(2) !r[2]=c3; - - umul a_0,b_3,t_1 !mul_add_c(a[0],b[3],c1,c2,c3); - addcc c_1,t_1,c_1 != - rd %y,t_2 - addxcc c_2,t_2,c_2 - addx %g0,%g0,c_3 - umul a_1,b_2,t_1 !=!mul_add_c(a[1],b[2],c1,c2,c3); - addcc c_1,t_1,c_1 - rd %y,t_2 - addxcc c_2,t_2,c_2 - addx c_3,%g0,c_3 != - ld ap(3),a_3 - umul a_2,b_1,t_1 !mul_add_c(a[2],b[1],c1,c2,c3); - addcc c_1,t_1,c_1 - rd %y,t_2 != - addxcc c_2,t_2,c_2 - addx c_3,%g0,c_3 - ld ap(4),a_4 - umul a_3,b_0,t_1 !mul_add_c(a[3],b[0],c1,c2,c3);!= - addcc c_1,t_1,c_1 - rd %y,t_2 - addxcc c_2,t_2,c_2 - addx c_3,%g0,c_3 != - st c_1,rp(3) !r[3]=c1; - - umul a_4,b_0,t_1 !mul_add_c(a[4],b[0],c2,c3,c1); - addcc c_2,t_1,c_2 - rd %y,t_2 != - addxcc c_3,t_2,c_3 - addx %g0,%g0,c_1 - umul a_3,b_1,t_1 !mul_add_c(a[3],b[1],c2,c3,c1); - addcc c_2,t_1,c_2 != - rd %y,t_2 - addxcc c_3,t_2,c_3 - addx c_1,%g0,c_1 - umul a_2,b_2,t_1 !=!mul_add_c(a[2],b[2],c2,c3,c1); - addcc c_2,t_1,c_2 - rd %y,t_2 - addxcc c_3,t_2,c_3 - addx c_1,%g0,c_1 != - ld bp(4),b_4 - umul a_1,b_3,t_1 !mul_add_c(a[1],b[3],c2,c3,c1); - addcc c_2,t_1,c_2 - rd %y,t_2 != - addxcc c_3,t_2,c_3 - addx c_1,%g0,c_1 - ld bp(5),b_5 - umul a_0,b_4,t_1 !=!mul_add_c(a[0],b[4],c2,c3,c1); - addcc c_2,t_1,c_2 - rd %y,t_2 - addxcc c_3,t_2,c_3 - addx c_1,%g0,c_1 != - st c_2,rp(4) !r[4]=c2; - - umul a_0,b_5,t_1 !mul_add_c(a[0],b[5],c3,c1,c2); - addcc c_3,t_1,c_3 - rd %y,t_2 != - addxcc c_1,t_2,c_1 - addx %g0,%g0,c_2 - umul a_1,b_4,t_1 !mul_add_c(a[1],b[4],c3,c1,c2); - addcc c_3,t_1,c_3 != - rd %y,t_2 - addxcc c_1,t_2,c_1 - addx c_2,%g0,c_2 - umul a_2,b_3,t_1 !=!mul_add_c(a[2],b[3],c3,c1,c2); - addcc c_3,t_1,c_3 - rd %y,t_2 - addxcc c_1,t_2,c_1 - addx c_2,%g0,c_2 != - umul a_3,b_2,t_1 !mul_add_c(a[3],b[2],c3,c1,c2); - addcc c_3,t_1,c_3 - rd %y,t_2 - addxcc c_1,t_2,c_1 != - addx c_2,%g0,c_2 - ld ap(5),a_5 - umul a_4,b_1,t_1 !mul_add_c(a[4],b[1],c3,c1,c2); - addcc c_3,t_1,c_3 != - rd %y,t_2 - addxcc c_1,t_2,c_1 - ld ap(6),a_6 - addx c_2,%g0,c_2 != - umul a_5,b_0,t_1 !mul_add_c(a[5],b[0],c3,c1,c2); - addcc c_3,t_1,c_3 - rd %y,t_2 - addxcc c_1,t_2,c_1 != - addx c_2,%g0,c_2 - st c_3,rp(5) !r[5]=c3; - - umul a_6,b_0,t_1 !mul_add_c(a[6],b[0],c1,c2,c3); - addcc c_1,t_1,c_1 != - rd %y,t_2 - addxcc c_2,t_2,c_2 - addx %g0,%g0,c_3 - umul a_5,b_1,t_1 !=!mul_add_c(a[5],b[1],c1,c2,c3); - addcc c_1,t_1,c_1 - rd %y,t_2 - addxcc c_2,t_2,c_2 - addx c_3,%g0,c_3 != - umul a_4,b_2,t_1 !mul_add_c(a[4],b[2],c1,c2,c3); - addcc c_1,t_1,c_1 - rd %y,t_2 - addxcc c_2,t_2,c_2 != - addx c_3,%g0,c_3 - umul a_3,b_3,t_1 !mul_add_c(a[3],b[3],c1,c2,c3); - addcc c_1,t_1,c_1 - rd %y,t_2 != - addxcc c_2,t_2,c_2 - addx c_3,%g0,c_3 - umul a_2,b_4,t_1 !mul_add_c(a[2],b[4],c1,c2,c3); - addcc c_1,t_1,c_1 != - rd %y,t_2 - addxcc c_2,t_2,c_2 - ld bp(6),b_6 - addx c_3,%g0,c_3 != - umul a_1,b_5,t_1 !mul_add_c(a[1],b[5],c1,c2,c3); - addcc c_1,t_1,c_1 - rd %y,t_2 - addxcc c_2,t_2,c_2 != - addx c_3,%g0,c_3 - ld bp(7),b_7 - umul a_0,b_6,t_1 !mul_add_c(a[0],b[6],c1,c2,c3); - addcc c_1,t_1,c_1 != - rd %y,t_2 - addxcc c_2,t_2,c_2 - st c_1,rp(6) !r[6]=c1; - addx c_3,%g0,c_3 != - - umul a_0,b_7,t_1 !mul_add_c(a[0],b[7],c2,c3,c1); - addcc c_2,t_1,c_2 - rd %y,t_2 - addxcc c_3,t_2,c_3 != - addx %g0,%g0,c_1 - umul a_1,b_6,t_1 !mul_add_c(a[1],b[6],c2,c3,c1); - addcc c_2,t_1,c_2 - rd %y,t_2 != - addxcc c_3,t_2,c_3 - addx c_1,%g0,c_1 - umul a_2,b_5,t_1 !mul_add_c(a[2],b[5],c2,c3,c1); - addcc c_2,t_1,c_2 != - rd %y,t_2 - addxcc c_3,t_2,c_3 - addx c_1,%g0,c_1 - umul a_3,b_4,t_1 !=!mul_add_c(a[3],b[4],c2,c3,c1); - addcc c_2,t_1,c_2 - rd %y,t_2 - addxcc c_3,t_2,c_3 - addx c_1,%g0,c_1 != - umul a_4,b_3,t_1 !mul_add_c(a[4],b[3],c2,c3,c1); - addcc c_2,t_1,c_2 - rd %y,t_2 - addxcc c_3,t_2,c_3 != - addx c_1,%g0,c_1 - umul a_5,b_2,t_1 !mul_add_c(a[5],b[2],c2,c3,c1); - addcc c_2,t_1,c_2 - rd %y,t_2 != - addxcc c_3,t_2,c_3 - addx c_1,%g0,c_1 - ld ap(7),a_7 - umul a_6,b_1,t_1 !=!mul_add_c(a[6],b[1],c2,c3,c1); - addcc c_2,t_1,c_2 - rd %y,t_2 - addxcc c_3,t_2,c_3 - addx c_1,%g0,c_1 != - umul a_7,b_0,t_1 !mul_add_c(a[7],b[0],c2,c3,c1); - addcc c_2,t_1,c_2 - rd %y,t_2 - addxcc c_3,t_2,c_3 != - addx c_1,%g0,c_1 - st c_2,rp(7) !r[7]=c2; - - umul a_7,b_1,t_1 !mul_add_c(a[7],b[1],c3,c1,c2); - addcc c_3,t_1,c_3 != - rd %y,t_2 - addxcc c_1,t_2,c_1 - addx %g0,%g0,c_2 - umul a_6,b_2,t_1 !=!mul_add_c(a[6],b[2],c3,c1,c2); - addcc c_3,t_1,c_3 - rd %y,t_2 - addxcc c_1,t_2,c_1 - addx c_2,%g0,c_2 != - umul a_5,b_3,t_1 !mul_add_c(a[5],b[3],c3,c1,c2); - addcc c_3,t_1,c_3 - rd %y,t_2 - addxcc c_1,t_2,c_1 != - addx c_2,%g0,c_2 - umul a_4,b_4,t_1 !mul_add_c(a[4],b[4],c3,c1,c2); - addcc c_3,t_1,c_3 - rd %y,t_2 != - addxcc c_1,t_2,c_1 - addx c_2,%g0,c_2 - umul a_3,b_5,t_1 !mul_add_c(a[3],b[5],c3,c1,c2); - addcc c_3,t_1,c_3 != - rd %y,t_2 - addxcc c_1,t_2,c_1 - addx c_2,%g0,c_2 - umul a_2,b_6,t_1 !=!mul_add_c(a[2],b[6],c3,c1,c2); - addcc c_3,t_1,c_3 - rd %y,t_2 - addxcc c_1,t_2,c_1 - addx c_2,%g0,c_2 != - umul a_1,b_7,t_1 !mul_add_c(a[1],b[7],c3,c1,c2); - addcc c_3,t_1,c_3 - rd %y,t_2 - addxcc c_1,t_2,c_1 ! - addx c_2,%g0,c_2 - st c_3,rp(8) !r[8]=c3; - - umul a_2,b_7,t_1 !mul_add_c(a[2],b[7],c1,c2,c3); - addcc c_1,t_1,c_1 != - rd %y,t_2 - addxcc c_2,t_2,c_2 - addx %g0,%g0,c_3 - umul a_3,b_6,t_1 !=!mul_add_c(a[3],b[6],c1,c2,c3); - addcc c_1,t_1,c_1 - rd %y,t_2 - addxcc c_2,t_2,c_2 - addx c_3,%g0,c_3 != - umul a_4,b_5,t_1 !mul_add_c(a[4],b[5],c1,c2,c3); - addcc c_1,t_1,c_1 - rd %y,t_2 - addxcc c_2,t_2,c_2 != - addx c_3,%g0,c_3 - umul a_5,b_4,t_1 !mul_add_c(a[5],b[4],c1,c2,c3); - addcc c_1,t_1,c_1 - rd %y,t_2 != - addxcc c_2,t_2,c_2 - addx c_3,%g0,c_3 - umul a_6,b_3,t_1 !mul_add_c(a[6],b[3],c1,c2,c3); - addcc c_1,t_1,c_1 != - rd %y,t_2 - addxcc c_2,t_2,c_2 - addx c_3,%g0,c_3 - umul a_7,b_2,t_1 !=!mul_add_c(a[7],b[2],c1,c2,c3); - addcc c_1,t_1,c_1 - rd %y,t_2 - addxcc c_2,t_2,c_2 - addx c_3,%g0,c_3 != - st c_1,rp(9) !r[9]=c1; - - umul a_7,b_3,t_1 !mul_add_c(a[7],b[3],c2,c3,c1); - addcc c_2,t_1,c_2 - rd %y,t_2 != - addxcc c_3,t_2,c_3 - addx %g0,%g0,c_1 - umul a_6,b_4,t_1 !mul_add_c(a[6],b[4],c2,c3,c1); - addcc c_2,t_1,c_2 != - rd %y,t_2 - addxcc c_3,t_2,c_3 - addx c_1,%g0,c_1 - umul a_5,b_5,t_1 !=!mul_add_c(a[5],b[5],c2,c3,c1); - addcc c_2,t_1,c_2 - rd %y,t_2 - addxcc c_3,t_2,c_3 - addx c_1,%g0,c_1 != - umul a_4,b_6,t_1 !mul_add_c(a[4],b[6],c2,c3,c1); - addcc c_2,t_1,c_2 - rd %y,t_2 - addxcc c_3,t_2,c_3 != - addx c_1,%g0,c_1 - umul a_3,b_7,t_1 !mul_add_c(a[3],b[7],c2,c3,c1); - addcc c_2,t_1,c_2 - rd %y,t_2 != - addxcc c_3,t_2,c_3 - addx c_1,%g0,c_1 - st c_2,rp(10) !r[10]=c2; - - umul a_4,b_7,t_1 !=!mul_add_c(a[4],b[7],c3,c1,c2); - addcc c_3,t_1,c_3 - rd %y,t_2 - addxcc c_1,t_2,c_1 - addx %g0,%g0,c_2 != - umul a_5,b_6,t_1 !mul_add_c(a[5],b[6],c3,c1,c2); - addcc c_3,t_1,c_3 - rd %y,t_2 - addxcc c_1,t_2,c_1 != - addx c_2,%g0,c_2 - umul a_6,b_5,t_1 !mul_add_c(a[6],b[5],c3,c1,c2); - addcc c_3,t_1,c_3 - rd %y,t_2 != - addxcc c_1,t_2,c_1 - addx c_2,%g0,c_2 - umul a_7,b_4,t_1 !mul_add_c(a[7],b[4],c3,c1,c2); - addcc c_3,t_1,c_3 != - rd %y,t_2 - addxcc c_1,t_2,c_1 - st c_3,rp(11) !r[11]=c3; - addx c_2,%g0,c_2 != - - umul a_7,b_5,t_1 !mul_add_c(a[7],b[5],c1,c2,c3); - addcc c_1,t_1,c_1 - rd %y,t_2 - addxcc c_2,t_2,c_2 != - addx %g0,%g0,c_3 - umul a_6,b_6,t_1 !mul_add_c(a[6],b[6],c1,c2,c3); - addcc c_1,t_1,c_1 - rd %y,t_2 != - addxcc c_2,t_2,c_2 - addx c_3,%g0,c_3 - umul a_5,b_7,t_1 !mul_add_c(a[5],b[7],c1,c2,c3); - addcc c_1,t_1,c_1 != - rd %y,t_2 - addxcc c_2,t_2,c_2 - st c_1,rp(12) !r[12]=c1; - addx c_3,%g0,c_3 != - - umul a_6,b_7,t_1 !mul_add_c(a[6],b[7],c2,c3,c1); - addcc c_2,t_1,c_2 - rd %y,t_2 - addxcc c_3,t_2,c_3 != - addx %g0,%g0,c_1 - umul a_7,b_6,t_1 !mul_add_c(a[7],b[6],c2,c3,c1); - addcc c_2,t_1,c_2 - rd %y,t_2 != - addxcc c_3,t_2,c_3 - addx c_1,%g0,c_1 - st c_2,rp(13) !r[13]=c2; - - umul a_7,b_7,t_1 !=!mul_add_c(a[7],b[7],c3,c1,c2); - addcc c_3,t_1,c_3 - rd %y,t_2 - addxcc c_1,t_2,c_1 - nop != - st c_3,rp(14) !r[14]=c3; - st c_1,rp(15) !r[15]=c1; - - ret - restore %g0,%g0,%o0 - -.type bn_mul_comba8,#function -.size bn_mul_comba8,(.-bn_mul_comba8) - -.align 32 - -.global bn_mul_comba4 -/* - * void bn_mul_comba4(r,a,b) - * BN_ULONG *r,*a,*b; - */ -bn_mul_comba4: - save %sp,FRAME_SIZE,%sp - ld ap(0),a_0 - ld bp(0),b_0 - umul a_0,b_0,c_1 !=!mul_add_c(a[0],b[0],c1,c2,c3); - ld bp(1),b_1 - rd %y,c_2 - st c_1,rp(0) !r[0]=c1; - - umul a_0,b_1,t_1 !=!mul_add_c(a[0],b[1],c2,c3,c1); - ld ap(1),a_1 - addcc c_2,t_1,c_2 - rd %y,t_2 != - addxcc %g0,t_2,c_3 - addx %g0,%g0,c_1 - ld ap(2),a_2 - umul a_1,b_0,t_1 !=!mul_add_c(a[1],b[0],c2,c3,c1); - addcc c_2,t_1,c_2 - rd %y,t_2 - addxcc c_3,t_2,c_3 - addx c_1,%g0,c_1 != - st c_2,rp(1) !r[1]=c2; - - umul a_2,b_0,t_1 !mul_add_c(a[2],b[0],c3,c1,c2); - addcc c_3,t_1,c_3 - rd %y,t_2 != - addxcc c_1,t_2,c_1 - addx %g0,%g0,c_2 - ld bp(2),b_2 - umul a_1,b_1,t_1 !=!mul_add_c(a[1],b[1],c3,c1,c2); - addcc c_3,t_1,c_3 - rd %y,t_2 - addxcc c_1,t_2,c_1 - addx c_2,%g0,c_2 != - ld bp(3),b_3 - umul a_0,b_2,t_1 !mul_add_c(a[0],b[2],c3,c1,c2); - addcc c_3,t_1,c_3 - rd %y,t_2 != - addxcc c_1,t_2,c_1 - addx c_2,%g0,c_2 - st c_3,rp(2) !r[2]=c3; - - umul a_0,b_3,t_1 !=!mul_add_c(a[0],b[3],c1,c2,c3); - addcc c_1,t_1,c_1 - rd %y,t_2 - addxcc c_2,t_2,c_2 - addx %g0,%g0,c_3 != - umul a_1,b_2,t_1 !mul_add_c(a[1],b[2],c1,c2,c3); - addcc c_1,t_1,c_1 - rd %y,t_2 - addxcc c_2,t_2,c_2 != - addx c_3,%g0,c_3 - ld ap(3),a_3 - umul a_2,b_1,t_1 !mul_add_c(a[2],b[1],c1,c2,c3); - addcc c_1,t_1,c_1 != - rd %y,t_2 - addxcc c_2,t_2,c_2 - addx c_3,%g0,c_3 - umul a_3,b_0,t_1 !=!mul_add_c(a[3],b[0],c1,c2,c3); - addcc c_1,t_1,c_1 - rd %y,t_2 - addxcc c_2,t_2,c_2 - addx c_3,%g0,c_3 != - st c_1,rp(3) !r[3]=c1; - - umul a_3,b_1,t_1 !mul_add_c(a[3],b[1],c2,c3,c1); - addcc c_2,t_1,c_2 - rd %y,t_2 != - addxcc c_3,t_2,c_3 - addx %g0,%g0,c_1 - umul a_2,b_2,t_1 !mul_add_c(a[2],b[2],c2,c3,c1); - addcc c_2,t_1,c_2 != - rd %y,t_2 - addxcc c_3,t_2,c_3 - addx c_1,%g0,c_1 - umul a_1,b_3,t_1 !=!mul_add_c(a[1],b[3],c2,c3,c1); - addcc c_2,t_1,c_2 - rd %y,t_2 - addxcc c_3,t_2,c_3 - addx c_1,%g0,c_1 != - st c_2,rp(4) !r[4]=c2; - - umul a_2,b_3,t_1 !mul_add_c(a[2],b[3],c3,c1,c2); - addcc c_3,t_1,c_3 - rd %y,t_2 != - addxcc c_1,t_2,c_1 - addx %g0,%g0,c_2 - umul a_3,b_2,t_1 !mul_add_c(a[3],b[2],c3,c1,c2); - addcc c_3,t_1,c_3 != - rd %y,t_2 - addxcc c_1,t_2,c_1 - st c_3,rp(5) !r[5]=c3; - addx c_2,%g0,c_2 != - - umul a_3,b_3,t_1 !mul_add_c(a[3],b[3],c1,c2,c3); - addcc c_1,t_1,c_1 - rd %y,t_2 - addxcc c_2,t_2,c_2 != - st c_1,rp(6) !r[6]=c1; - st c_2,rp(7) !r[7]=c2; - - ret - restore %g0,%g0,%o0 - -.type bn_mul_comba4,#function -.size bn_mul_comba4,(.-bn_mul_comba4) - -.align 32 - -.global bn_sqr_comba8 -bn_sqr_comba8: - save %sp,FRAME_SIZE,%sp - ld ap(0),a_0 - ld ap(1),a_1 - umul a_0,a_0,c_1 !=!sqr_add_c(a,0,c1,c2,c3); - rd %y,c_2 - st c_1,rp(0) !r[0]=c1; - - ld ap(2),a_2 - umul a_0,a_1,t_1 !=!sqr_add_c2(a,1,0,c2,c3,c1); - addcc c_2,t_1,c_2 - rd %y,t_2 - addxcc %g0,t_2,c_3 - addx %g0,%g0,c_1 != - addcc c_2,t_1,c_2 - addxcc c_3,t_2,c_3 - st c_2,rp(1) !r[1]=c2; - addx c_1,%g0,c_1 != - - umul a_2,a_0,t_1 !sqr_add_c2(a,2,0,c3,c1,c2); - addcc c_3,t_1,c_3 - rd %y,t_2 - addxcc c_1,t_2,c_1 != - addx %g0,%g0,c_2 - addcc c_3,t_1,c_3 - addxcc c_1,t_2,c_1 - addx c_2,%g0,c_2 != - ld ap(3),a_3 - umul a_1,a_1,t_1 !sqr_add_c(a,1,c3,c1,c2); - addcc c_3,t_1,c_3 - rd %y,t_2 != - addxcc c_1,t_2,c_1 - addx c_2,%g0,c_2 - st c_3,rp(2) !r[2]=c3; - - umul a_0,a_3,t_1 !=!sqr_add_c2(a,3,0,c1,c2,c3); - addcc c_1,t_1,c_1 - rd %y,t_2 - addxcc c_2,t_2,c_2 - addx %g0,%g0,c_3 != - addcc c_1,t_1,c_1 - addxcc c_2,t_2,c_2 - ld ap(4),a_4 - addx c_3,%g0,c_3 != - umul a_1,a_2,t_1 !sqr_add_c2(a,2,1,c1,c2,c3); - addcc c_1,t_1,c_1 - rd %y,t_2 - addxcc c_2,t_2,c_2 != - addx c_3,%g0,c_3 - addcc c_1,t_1,c_1 - addxcc c_2,t_2,c_2 - addx c_3,%g0,c_3 != - st c_1,rp(3) !r[3]=c1; - - umul a_4,a_0,t_1 !sqr_add_c2(a,4,0,c2,c3,c1); - addcc c_2,t_1,c_2 - rd %y,t_2 != - addxcc c_3,t_2,c_3 - addx %g0,%g0,c_1 - addcc c_2,t_1,c_2 - addxcc c_3,t_2,c_3 != - addx c_1,%g0,c_1 - umul a_3,a_1,t_1 !sqr_add_c2(a,3,1,c2,c3,c1); - addcc c_2,t_1,c_2 - rd %y,t_2 != - addxcc c_3,t_2,c_3 - addx c_1,%g0,c_1 - addcc c_2,t_1,c_2 - addxcc c_3,t_2,c_3 != - addx c_1,%g0,c_1 - ld ap(5),a_5 - umul a_2,a_2,t_1 !sqr_add_c(a,2,c2,c3,c1); - addcc c_2,t_1,c_2 != - rd %y,t_2 - addxcc c_3,t_2,c_3 - st c_2,rp(4) !r[4]=c2; - addx c_1,%g0,c_1 != - - umul a_0,a_5,t_1 !sqr_add_c2(a,5,0,c3,c1,c2); - addcc c_3,t_1,c_3 - rd %y,t_2 - addxcc c_1,t_2,c_1 != - addx %g0,%g0,c_2 - addcc c_3,t_1,c_3 - addxcc c_1,t_2,c_1 - addx c_2,%g0,c_2 != - umul a_1,a_4,t_1 !sqr_add_c2(a,4,1,c3,c1,c2); - addcc c_3,t_1,c_3 - rd %y,t_2 - addxcc c_1,t_2,c_1 != - addx c_2,%g0,c_2 - addcc c_3,t_1,c_3 - addxcc c_1,t_2,c_1 - addx c_2,%g0,c_2 != - ld ap(6),a_6 - umul a_2,a_3,t_1 !sqr_add_c2(a,3,2,c3,c1,c2); - addcc c_3,t_1,c_3 - rd %y,t_2 != - addxcc c_1,t_2,c_1 - addx c_2,%g0,c_2 - addcc c_3,t_1,c_3 - addxcc c_1,t_2,c_1 != - addx c_2,%g0,c_2 - st c_3,rp(5) !r[5]=c3; - - umul a_6,a_0,t_1 !sqr_add_c2(a,6,0,c1,c2,c3); - addcc c_1,t_1,c_1 != - rd %y,t_2 - addxcc c_2,t_2,c_2 - addx %g0,%g0,c_3 - addcc c_1,t_1,c_1 != - addxcc c_2,t_2,c_2 - addx c_3,%g0,c_3 - umul a_5,a_1,t_1 !sqr_add_c2(a,5,1,c1,c2,c3); - addcc c_1,t_1,c_1 != - rd %y,t_2 - addxcc c_2,t_2,c_2 - addx c_3,%g0,c_3 - addcc c_1,t_1,c_1 != - addxcc c_2,t_2,c_2 - addx c_3,%g0,c_3 - umul a_4,a_2,t_1 !sqr_add_c2(a,4,2,c1,c2,c3); - addcc c_1,t_1,c_1 != - rd %y,t_2 - addxcc c_2,t_2,c_2 - addx c_3,%g0,c_3 - addcc c_1,t_1,c_1 != - addxcc c_2,t_2,c_2 - addx c_3,%g0,c_3 - ld ap(7),a_7 - umul a_3,a_3,t_1 !=!sqr_add_c(a,3,c1,c2,c3); - addcc c_1,t_1,c_1 - rd %y,t_2 - addxcc c_2,t_2,c_2 - addx c_3,%g0,c_3 != - st c_1,rp(6) !r[6]=c1; - - umul a_0,a_7,t_1 !sqr_add_c2(a,7,0,c2,c3,c1); - addcc c_2,t_1,c_2 - rd %y,t_2 != - addxcc c_3,t_2,c_3 - addx %g0,%g0,c_1 - addcc c_2,t_1,c_2 - addxcc c_3,t_2,c_3 != - addx c_1,%g0,c_1 - umul a_1,a_6,t_1 !sqr_add_c2(a,6,1,c2,c3,c1); - addcc c_2,t_1,c_2 - rd %y,t_2 != - addxcc c_3,t_2,c_3 - addx c_1,%g0,c_1 - addcc c_2,t_1,c_2 - addxcc c_3,t_2,c_3 != - addx c_1,%g0,c_1 - umul a_2,a_5,t_1 !sqr_add_c2(a,5,2,c2,c3,c1); - addcc c_2,t_1,c_2 - rd %y,t_2 != - addxcc c_3,t_2,c_3 - addx c_1,%g0,c_1 - addcc c_2,t_1,c_2 - addxcc c_3,t_2,c_3 != - addx c_1,%g0,c_1 - umul a_3,a_4,t_1 !sqr_add_c2(a,4,3,c2,c3,c1); - addcc c_2,t_1,c_2 - rd %y,t_2 != - addxcc c_3,t_2,c_3 - addx c_1,%g0,c_1 - addcc c_2,t_1,c_2 - addxcc c_3,t_2,c_3 != - addx c_1,%g0,c_1 - st c_2,rp(7) !r[7]=c2; - - umul a_7,a_1,t_1 !sqr_add_c2(a,7,1,c3,c1,c2); - addcc c_3,t_1,c_3 != - rd %y,t_2 - addxcc c_1,t_2,c_1 - addx %g0,%g0,c_2 - addcc c_3,t_1,c_3 != - addxcc c_1,t_2,c_1 - addx c_2,%g0,c_2 - umul a_6,a_2,t_1 !sqr_add_c2(a,6,2,c3,c1,c2); - addcc c_3,t_1,c_3 != - rd %y,t_2 - addxcc c_1,t_2,c_1 - addx c_2,%g0,c_2 - addcc c_3,t_1,c_3 != - addxcc c_1,t_2,c_1 - addx c_2,%g0,c_2 - umul a_5,a_3,t_1 !sqr_add_c2(a,5,3,c3,c1,c2); - addcc c_3,t_1,c_3 != - rd %y,t_2 - addxcc c_1,t_2,c_1 - addx c_2,%g0,c_2 - addcc c_3,t_1,c_3 != - addxcc c_1,t_2,c_1 - addx c_2,%g0,c_2 - umul a_4,a_4,t_1 !sqr_add_c(a,4,c3,c1,c2); - addcc c_3,t_1,c_3 != - rd %y,t_2 - addxcc c_1,t_2,c_1 - st c_3,rp(8) !r[8]=c3; - addx c_2,%g0,c_2 != - - umul a_2,a_7,t_1 !sqr_add_c2(a,7,2,c1,c2,c3); - addcc c_1,t_1,c_1 - rd %y,t_2 - addxcc c_2,t_2,c_2 != - addx %g0,%g0,c_3 - addcc c_1,t_1,c_1 - addxcc c_2,t_2,c_2 - addx c_3,%g0,c_3 != - umul a_3,a_6,t_1 !sqr_add_c2(a,6,3,c1,c2,c3); - addcc c_1,t_1,c_1 - rd %y,t_2 - addxcc c_2,t_2,c_2 != - addx c_3,%g0,c_3 - addcc c_1,t_1,c_1 - addxcc c_2,t_2,c_2 - addx c_3,%g0,c_3 != - umul a_4,a_5,t_1 !sqr_add_c2(a,5,4,c1,c2,c3); - addcc c_1,t_1,c_1 - rd %y,t_2 - addxcc c_2,t_2,c_2 != - addx c_3,%g0,c_3 - addcc c_1,t_1,c_1 - addxcc c_2,t_2,c_2 - addx c_3,%g0,c_3 != - st c_1,rp(9) !r[9]=c1; - - umul a_7,a_3,t_1 !sqr_add_c2(a,7,3,c2,c3,c1); - addcc c_2,t_1,c_2 - rd %y,t_2 != - addxcc c_3,t_2,c_3 - addx %g0,%g0,c_1 - addcc c_2,t_1,c_2 - addxcc c_3,t_2,c_3 != - addx c_1,%g0,c_1 - umul a_6,a_4,t_1 !sqr_add_c2(a,6,4,c2,c3,c1); - addcc c_2,t_1,c_2 - rd %y,t_2 != - addxcc c_3,t_2,c_3 - addx c_1,%g0,c_1 - addcc c_2,t_1,c_2 - addxcc c_3,t_2,c_3 != - addx c_1,%g0,c_1 - umul a_5,a_5,t_1 !sqr_add_c(a,5,c2,c3,c1); - addcc c_2,t_1,c_2 - rd %y,t_2 != - addxcc c_3,t_2,c_3 - addx c_1,%g0,c_1 - st c_2,rp(10) !r[10]=c2; - - umul a_4,a_7,t_1 !=!sqr_add_c2(a,7,4,c3,c1,c2); - addcc c_3,t_1,c_3 - rd %y,t_2 - addxcc c_1,t_2,c_1 - addx %g0,%g0,c_2 != - addcc c_3,t_1,c_3 - addxcc c_1,t_2,c_1 - addx c_2,%g0,c_2 - umul a_5,a_6,t_1 !=!sqr_add_c2(a,6,5,c3,c1,c2); - addcc c_3,t_1,c_3 - rd %y,t_2 - addxcc c_1,t_2,c_1 - addx c_2,%g0,c_2 != - addcc c_3,t_1,c_3 - addxcc c_1,t_2,c_1 - st c_3,rp(11) !r[11]=c3; - addx c_2,%g0,c_2 != - - umul a_7,a_5,t_1 !sqr_add_c2(a,7,5,c1,c2,c3); - addcc c_1,t_1,c_1 - rd %y,t_2 - addxcc c_2,t_2,c_2 != - addx %g0,%g0,c_3 - addcc c_1,t_1,c_1 - addxcc c_2,t_2,c_2 - addx c_3,%g0,c_3 != - umul a_6,a_6,t_1 !sqr_add_c(a,6,c1,c2,c3); - addcc c_1,t_1,c_1 - rd %y,t_2 - addxcc c_2,t_2,c_2 != - addx c_3,%g0,c_3 - st c_1,rp(12) !r[12]=c1; - - umul a_6,a_7,t_1 !sqr_add_c2(a,7,6,c2,c3,c1); - addcc c_2,t_1,c_2 != - rd %y,t_2 - addxcc c_3,t_2,c_3 - addx %g0,%g0,c_1 - addcc c_2,t_1,c_2 != - addxcc c_3,t_2,c_3 - st c_2,rp(13) !r[13]=c2; - addx c_1,%g0,c_1 != - - umul a_7,a_7,t_1 !sqr_add_c(a,7,c3,c1,c2); - addcc c_3,t_1,c_3 - rd %y,t_2 - addxcc c_1,t_2,c_1 != - st c_3,rp(14) !r[14]=c3; - st c_1,rp(15) !r[15]=c1; - - ret - restore %g0,%g0,%o0 - -.type bn_sqr_comba8,#function -.size bn_sqr_comba8,(.-bn_sqr_comba8) - -.align 32 - -.global bn_sqr_comba4 -/* - * void bn_sqr_comba4(r,a) - * BN_ULONG *r,*a; - */ -bn_sqr_comba4: - save %sp,FRAME_SIZE,%sp - ld ap(0),a_0 - umul a_0,a_0,c_1 !sqr_add_c(a,0,c1,c2,c3); - ld ap(1),a_1 != - rd %y,c_2 - st c_1,rp(0) !r[0]=c1; - - ld ap(2),a_2 - umul a_0,a_1,t_1 !=!sqr_add_c2(a,1,0,c2,c3,c1); - addcc c_2,t_1,c_2 - rd %y,t_2 - addxcc %g0,t_2,c_3 - addx %g0,%g0,c_1 != - addcc c_2,t_1,c_2 - addxcc c_3,t_2,c_3 - addx c_1,%g0,c_1 != - st c_2,rp(1) !r[1]=c2; - - umul a_2,a_0,t_1 !sqr_add_c2(a,2,0,c3,c1,c2); - addcc c_3,t_1,c_3 - rd %y,t_2 != - addxcc c_1,t_2,c_1 - addx %g0,%g0,c_2 - addcc c_3,t_1,c_3 - addxcc c_1,t_2,c_1 != - addx c_2,%g0,c_2 - ld ap(3),a_3 - umul a_1,a_1,t_1 !sqr_add_c(a,1,c3,c1,c2); - addcc c_3,t_1,c_3 != - rd %y,t_2 - addxcc c_1,t_2,c_1 - st c_3,rp(2) !r[2]=c3; - addx c_2,%g0,c_2 != - - umul a_0,a_3,t_1 !sqr_add_c2(a,3,0,c1,c2,c3); - addcc c_1,t_1,c_1 - rd %y,t_2 - addxcc c_2,t_2,c_2 != - addx %g0,%g0,c_3 - addcc c_1,t_1,c_1 - addxcc c_2,t_2,c_2 - addx c_3,%g0,c_3 != - umul a_1,a_2,t_1 !sqr_add_c2(a,2,1,c1,c2,c3); - addcc c_1,t_1,c_1 - rd %y,t_2 - addxcc c_2,t_2,c_2 != - addx c_3,%g0,c_3 - addcc c_1,t_1,c_1 - addxcc c_2,t_2,c_2 - addx c_3,%g0,c_3 != - st c_1,rp(3) !r[3]=c1; - - umul a_3,a_1,t_1 !sqr_add_c2(a,3,1,c2,c3,c1); - addcc c_2,t_1,c_2 - rd %y,t_2 != - addxcc c_3,t_2,c_3 - addx %g0,%g0,c_1 - addcc c_2,t_1,c_2 - addxcc c_3,t_2,c_3 != - addx c_1,%g0,c_1 - umul a_2,a_2,t_1 !sqr_add_c(a,2,c2,c3,c1); - addcc c_2,t_1,c_2 - rd %y,t_2 != - addxcc c_3,t_2,c_3 - addx c_1,%g0,c_1 - st c_2,rp(4) !r[4]=c2; - - umul a_2,a_3,t_1 !=!sqr_add_c2(a,3,2,c3,c1,c2); - addcc c_3,t_1,c_3 - rd %y,t_2 - addxcc c_1,t_2,c_1 - addx %g0,%g0,c_2 != - addcc c_3,t_1,c_3 - addxcc c_1,t_2,c_1 - st c_3,rp(5) !r[5]=c3; - addx c_2,%g0,c_2 != - - umul a_3,a_3,t_1 !sqr_add_c(a,3,c1,c2,c3); - addcc c_1,t_1,c_1 - rd %y,t_2 - addxcc c_2,t_2,c_2 != - st c_1,rp(6) !r[6]=c1; - st c_2,rp(7) !r[7]=c2; - - ret - restore %g0,%g0,%o0 - -.type bn_sqr_comba4,#function -.size bn_sqr_comba4,(.-bn_sqr_comba4) - -.align 32 diff --git a/crypto/bn/asm/sparcv8plus.S b/crypto/bn/asm/sparcv8plus.S deleted file mode 100644 index 696dc7b5fe095b627bd00e2b7fbacdca6716f3bb..0000000000000000000000000000000000000000 --- a/crypto/bn/asm/sparcv8plus.S +++ /dev/null @@ -1,1558 +0,0 @@ -.ident "sparcv8plus.s, Version 1.4" -.ident "SPARC v9 ISA artwork by Andy Polyakov " - -/* - * ==================================================================== - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - * ==================================================================== - */ - -/* - * This is my modest contribution to OpenSSL project (see - * http://www.openssl.org/ for more information about it) and is - * a drop-in UltraSPARC ISA replacement for crypto/bn/bn_asm.c - * module. For updates see http://fy.chalmers.se/~appro/hpe/. - * - * Questions-n-answers. - * - * Q. How to compile? - * A. With SC4.x/SC5.x: - * - * cc -xarch=v8plus -c bn_asm.sparc.v8plus.S -o bn_asm.o - * - * and with gcc: - * - * gcc -mcpu=ultrasparc -c bn_asm.sparc.v8plus.S -o bn_asm.o - * - * or if above fails (it does if you have gas installed): - * - * gcc -E bn_asm.sparc.v8plus.S | as -xarch=v8plus /dev/fd/0 -o bn_asm.o - * - * Quick-n-dirty way to fuse the module into the library. - * Provided that the library is already configured and built - * (in 0.9.2 case with no-asm option): - * - * # cd crypto/bn - * # cp /some/place/bn_asm.sparc.v8plus.S . - * # cc -xarch=v8plus -c bn_asm.sparc.v8plus.S -o bn_asm.o - * # make - * # cd ../.. - * # make; make test - * - * Quick-n-dirty way to get rid of it: - * - * # cd crypto/bn - * # touch bn_asm.c - * # make - * # cd ../.. - * # make; make test - * - * Q. V8plus architecture? What kind of beast is that? - * A. Well, it's rather a programming model than an architecture... - * It's actually v9-compliant, i.e. *any* UltraSPARC, CPU under - * special conditions, namely when kernel doesn't preserve upper - * 32 bits of otherwise 64-bit registers during a context switch. - * - * Q. Why just UltraSPARC? What about SuperSPARC? - * A. Original release did target UltraSPARC only. Now SuperSPARC - * version is provided along. Both version share bn_*comba[48] - * implementations (see comment later in code for explanation). - * But what's so special about this UltraSPARC implementation? - * Why didn't I let compiler do the job? Trouble is that most of - * available compilers (well, SC5.0 is the only exception) don't - * attempt to take advantage of UltraSPARC's 64-bitness under - * 32-bit kernels even though it's perfectly possible (see next - * question). - * - * Q. 64-bit registers under 32-bit kernels? Didn't you just say it - * doesn't work? - * A. You can't address *all* registers as 64-bit wide:-( The catch is - * that you actually may rely upon %o0-%o5 and %g1-%g4 being fully - * preserved if you're in a leaf function, i.e. such never calling - * any other functions. All functions in this module are leaf and - * 10 registers is a handful. And as a matter of fact none-"comba" - * routines don't require even that much and I could even afford to - * not allocate own stack frame for 'em:-) - * - * Q. What about 64-bit kernels? - * A. What about 'em? Just kidding:-) Pure 64-bit version is currently - * under evaluation and development... - * - * Q. What about shared libraries? - * A. What about 'em? Kidding again:-) Code does *not* contain any - * code position dependencies and it's safe to include it into - * shared library as is. - * - * Q. How much faster does it go? - * A. Do you have a good benchmark? In either case below is what I - * experience with crypto/bn/expspeed.c test program: - * - * v8plus module on U10/300MHz against bn_asm.c compiled with: - * - * cc-5.0 -xarch=v8plus -xO5 -xdepend +7-12% - * cc-4.2 -xarch=v8plus -xO5 -xdepend +25-35% - * egcs-1.1.2 -mcpu=ultrasparc -O3 +35-45% - * - * v8 module on SS10/60MHz against bn_asm.c compiled with: - * - * cc-5.0 -xarch=v8 -xO5 -xdepend +7-10% - * cc-4.2 -xarch=v8 -xO5 -xdepend +10% - * egcs-1.1.2 -mv8 -O3 +35-45% - * - * As you can see it's damn hard to beat the new Sun C compiler - * and it's in first place GNU C users who will appreciate this - * assembler implementation:-) - */ - -/* - * Revision history. - * - * 1.0 - initial release; - * 1.1 - new loop unrolling model(*); - * - some more fine tuning; - * 1.2 - made gas friendly; - * - updates to documentation concerning v9; - * - new performance comparison matrix; - * 1.3 - fixed problem with /usr/ccs/lib/cpp; - * 1.4 - native V9 bn_*_comba[48] implementation (15% more efficient) - * resulting in slight overall performance kick; - * - some retunes; - * - support for GNU as added; - * - * (*) Originally unrolled loop looked like this: - * for (;;) { - * op(p+0); if (--n==0) break; - * op(p+1); if (--n==0) break; - * op(p+2); if (--n==0) break; - * op(p+3); if (--n==0) break; - * p+=4; - * } - * I unroll according to following: - * while (n&~3) { - * op(p+0); op(p+1); op(p+2); op(p+3); - * p+=4; n=-4; - * } - * if (n) { - * op(p+0); if (--n==0) return; - * op(p+2); if (--n==0) return; - * op(p+3); return; - * } - */ - -#if defined(__SUNPRO_C) && defined(__sparcv9) - /* They've said -xarch=v9 at command line */ - .register %g2,#scratch - .register %g3,#scratch -# define FRAME_SIZE -192 -#elif defined(__GNUC__) && defined(__arch64__) - /* They've said -m64 at command line */ - .register %g2,#scratch - .register %g3,#scratch -# define FRAME_SIZE -192 -#else -# define FRAME_SIZE -96 -#endif -/* - * GNU assembler can't stand stuw:-( - */ -#define stuw st - -.section ".text",#alloc,#execinstr -.file "bn_asm.sparc.v8plus.S" - -.align 32 - -.global bn_mul_add_words -/* - * BN_ULONG bn_mul_add_words(rp,ap,num,w) - * BN_ULONG *rp,*ap; - * int num; - * BN_ULONG w; - */ -bn_mul_add_words: - sra %o2,%g0,%o2 ! signx %o2 - brgz,a %o2,.L_bn_mul_add_words_proceed - lduw [%o1],%g2 - retl - clr %o0 - nop - nop - nop - -.L_bn_mul_add_words_proceed: - srl %o3,%g0,%o3 ! clruw %o3 - andcc %o2,-4,%g0 - bz,pn %icc,.L_bn_mul_add_words_tail - clr %o5 - -.L_bn_mul_add_words_loop: ! wow! 32 aligned! - lduw [%o0],%g1 - lduw [%o1+4],%g3 - mulx %o3,%g2,%g2 - add %g1,%o5,%o4 - nop - add %o4,%g2,%o4 - stuw %o4,[%o0] - srlx %o4,32,%o5 - - lduw [%o0+4],%g1 - lduw [%o1+8],%g2 - mulx %o3,%g3,%g3 - add %g1,%o5,%o4 - dec 4,%o2 - add %o4,%g3,%o4 - stuw %o4,[%o0+4] - srlx %o4,32,%o5 - - lduw [%o0+8],%g1 - lduw [%o1+12],%g3 - mulx %o3,%g2,%g2 - add %g1,%o5,%o4 - inc 16,%o1 - add %o4,%g2,%o4 - stuw %o4,[%o0+8] - srlx %o4,32,%o5 - - lduw [%o0+12],%g1 - mulx %o3,%g3,%g3 - add %g1,%o5,%o4 - inc 16,%o0 - add %o4,%g3,%o4 - andcc %o2,-4,%g0 - stuw %o4,[%o0-4] - srlx %o4,32,%o5 - bnz,a,pt %icc,.L_bn_mul_add_words_loop - lduw [%o1],%g2 - - brnz,a,pn %o2,.L_bn_mul_add_words_tail - lduw [%o1],%g2 -.L_bn_mul_add_words_return: - retl - mov %o5,%o0 - -.L_bn_mul_add_words_tail: - lduw [%o0],%g1 - mulx %o3,%g2,%g2 - add %g1,%o5,%o4 - dec %o2 - add %o4,%g2,%o4 - srlx %o4,32,%o5 - brz,pt %o2,.L_bn_mul_add_words_return - stuw %o4,[%o0] - - lduw [%o1+4],%g2 - lduw [%o0+4],%g1 - mulx %o3,%g2,%g2 - add %g1,%o5,%o4 - dec %o2 - add %o4,%g2,%o4 - srlx %o4,32,%o5 - brz,pt %o2,.L_bn_mul_add_words_return - stuw %o4,[%o0+4] - - lduw [%o1+8],%g2 - lduw [%o0+8],%g1 - mulx %o3,%g2,%g2 - add %g1,%o5,%o4 - add %o4,%g2,%o4 - stuw %o4,[%o0+8] - retl - srlx %o4,32,%o0 - -.type bn_mul_add_words,#function -.size bn_mul_add_words,(.-bn_mul_add_words) - -.align 32 - -.global bn_mul_words -/* - * BN_ULONG bn_mul_words(rp,ap,num,w) - * BN_ULONG *rp,*ap; - * int num; - * BN_ULONG w; - */ -bn_mul_words: - sra %o2,%g0,%o2 ! signx %o2 - brgz,a %o2,.L_bn_mul_words_proceed - lduw [%o1],%g2 - retl - clr %o0 - nop - nop - nop - -.L_bn_mul_words_proceed: - srl %o3,%g0,%o3 ! clruw %o3 - andcc %o2,-4,%g0 - bz,pn %icc,.L_bn_mul_words_tail - clr %o5 - -.L_bn_mul_words_loop: ! wow! 32 aligned! - lduw [%o1+4],%g3 - mulx %o3,%g2,%g2 - add %g2,%o5,%o4 - nop - stuw %o4,[%o0] - srlx %o4,32,%o5 - - lduw [%o1+8],%g2 - mulx %o3,%g3,%g3 - add %g3,%o5,%o4 - dec 4,%o2 - stuw %o4,[%o0+4] - srlx %o4,32,%o5 - - lduw [%o1+12],%g3 - mulx %o3,%g2,%g2 - add %g2,%o5,%o4 - inc 16,%o1 - stuw %o4,[%o0+8] - srlx %o4,32,%o5 - - mulx %o3,%g3,%g3 - add %g3,%o5,%o4 - inc 16,%o0 - stuw %o4,[%o0-4] - srlx %o4,32,%o5 - andcc %o2,-4,%g0 - bnz,a,pt %icc,.L_bn_mul_words_loop - lduw [%o1],%g2 - nop - nop - - brnz,a,pn %o2,.L_bn_mul_words_tail - lduw [%o1],%g2 -.L_bn_mul_words_return: - retl - mov %o5,%o0 - -.L_bn_mul_words_tail: - mulx %o3,%g2,%g2 - add %g2,%o5,%o4 - dec %o2 - srlx %o4,32,%o5 - brz,pt %o2,.L_bn_mul_words_return - stuw %o4,[%o0] - - lduw [%o1+4],%g2 - mulx %o3,%g2,%g2 - add %g2,%o5,%o4 - dec %o2 - srlx %o4,32,%o5 - brz,pt %o2,.L_bn_mul_words_return - stuw %o4,[%o0+4] - - lduw [%o1+8],%g2 - mulx %o3,%g2,%g2 - add %g2,%o5,%o4 - stuw %o4,[%o0+8] - retl - srlx %o4,32,%o0 - -.type bn_mul_words,#function -.size bn_mul_words,(.-bn_mul_words) - -.align 32 -.global bn_sqr_words -/* - * void bn_sqr_words(r,a,n) - * BN_ULONG *r,*a; - * int n; - */ -bn_sqr_words: - sra %o2,%g0,%o2 ! signx %o2 - brgz,a %o2,.L_bn_sqr_words_proceed - lduw [%o1],%g2 - retl - clr %o0 - nop - nop - nop - -.L_bn_sqr_words_proceed: - andcc %o2,-4,%g0 - nop - bz,pn %icc,.L_bn_sqr_words_tail - nop - -.L_bn_sqr_words_loop: ! wow! 32 aligned! - lduw [%o1+4],%g3 - mulx %g2,%g2,%o4 - stuw %o4,[%o0] - srlx %o4,32,%o5 - stuw %o5,[%o0+4] - nop - - lduw [%o1+8],%g2 - mulx %g3,%g3,%o4 - dec 4,%o2 - stuw %o4,[%o0+8] - srlx %o4,32,%o5 - stuw %o5,[%o0+12] - - lduw [%o1+12],%g3 - mulx %g2,%g2,%o4 - srlx %o4,32,%o5 - stuw %o4,[%o0+16] - inc 16,%o1 - stuw %o5,[%o0+20] - - mulx %g3,%g3,%o4 - inc 32,%o0 - stuw %o4,[%o0-8] - srlx %o4,32,%o5 - andcc %o2,-4,%g2 - stuw %o5,[%o0-4] - bnz,a,pt %icc,.L_bn_sqr_words_loop - lduw [%o1],%g2 - nop - - brnz,a,pn %o2,.L_bn_sqr_words_tail - lduw [%o1],%g2 -.L_bn_sqr_words_return: - retl - clr %o0 - -.L_bn_sqr_words_tail: - mulx %g2,%g2,%o4 - dec %o2 - stuw %o4,[%o0] - srlx %o4,32,%o5 - brz,pt %o2,.L_bn_sqr_words_return - stuw %o5,[%o0+4] - - lduw [%o1+4],%g2 - mulx %g2,%g2,%o4 - dec %o2 - stuw %o4,[%o0+8] - srlx %o4,32,%o5 - brz,pt %o2,.L_bn_sqr_words_return - stuw %o5,[%o0+12] - - lduw [%o1+8],%g2 - mulx %g2,%g2,%o4 - srlx %o4,32,%o5 - stuw %o4,[%o0+16] - stuw %o5,[%o0+20] - retl - clr %o0 - -.type bn_sqr_words,#function -.size bn_sqr_words,(.-bn_sqr_words) - -.align 32 -.global bn_div_words -/* - * BN_ULONG bn_div_words(h,l,d) - * BN_ULONG h,l,d; - */ -bn_div_words: - sllx %o0,32,%o0 - or %o0,%o1,%o0 - udivx %o0,%o2,%o0 - retl - srl %o0,%g0,%o0 ! clruw %o0 - -.type bn_div_words,#function -.size bn_div_words,(.-bn_div_words) - -.align 32 - -.global bn_add_words -/* - * BN_ULONG bn_add_words(rp,ap,bp,n) - * BN_ULONG *rp,*ap,*bp; - * int n; - */ -bn_add_words: - sra %o3,%g0,%o3 ! signx %o3 - brgz,a %o3,.L_bn_add_words_proceed - lduw [%o1],%o4 - retl - clr %o0 - -.L_bn_add_words_proceed: - andcc %o3,-4,%g0 - bz,pn %icc,.L_bn_add_words_tail - addcc %g0,0,%g0 ! clear carry flag - -.L_bn_add_words_loop: ! wow! 32 aligned! - dec 4,%o3 - lduw [%o2],%o5 - lduw [%o1+4],%g1 - lduw [%o2+4],%g2 - lduw [%o1+8],%g3 - lduw [%o2+8],%g4 - addccc %o5,%o4,%o5 - stuw %o5,[%o0] - - lduw [%o1+12],%o4 - lduw [%o2+12],%o5 - inc 16,%o1 - addccc %g1,%g2,%g1 - stuw %g1,[%o0+4] - - inc 16,%o2 - addccc %g3,%g4,%g3 - stuw %g3,[%o0+8] - - inc 16,%o0 - addccc %o5,%o4,%o5 - stuw %o5,[%o0-4] - and %o3,-4,%g1 - brnz,a,pt %g1,.L_bn_add_words_loop - lduw [%o1],%o4 - - brnz,a,pn %o3,.L_bn_add_words_tail - lduw [%o1],%o4 -.L_bn_add_words_return: - clr %o0 - retl - movcs %icc,1,%o0 - nop - -.L_bn_add_words_tail: - lduw [%o2],%o5 - dec %o3 - addccc %o5,%o4,%o5 - brz,pt %o3,.L_bn_add_words_return - stuw %o5,[%o0] - - lduw [%o1+4],%o4 - lduw [%o2+4],%o5 - dec %o3 - addccc %o5,%o4,%o5 - brz,pt %o3,.L_bn_add_words_return - stuw %o5,[%o0+4] - - lduw [%o1+8],%o4 - lduw [%o2+8],%o5 - addccc %o5,%o4,%o5 - stuw %o5,[%o0+8] - clr %o0 - retl - movcs %icc,1,%o0 - -.type bn_add_words,#function -.size bn_add_words,(.-bn_add_words) - -.global bn_sub_words -/* - * BN_ULONG bn_sub_words(rp,ap,bp,n) - * BN_ULONG *rp,*ap,*bp; - * int n; - */ -bn_sub_words: - sra %o3,%g0,%o3 ! signx %o3 - brgz,a %o3,.L_bn_sub_words_proceed - lduw [%o1],%o4 - retl - clr %o0 - -.L_bn_sub_words_proceed: - andcc %o3,-4,%g0 - bz,pn %icc,.L_bn_sub_words_tail - addcc %g0,0,%g0 ! clear carry flag - -.L_bn_sub_words_loop: ! wow! 32 aligned! - dec 4,%o3 - lduw [%o2],%o5 - lduw [%o1+4],%g1 - lduw [%o2+4],%g2 - lduw [%o1+8],%g3 - lduw [%o2+8],%g4 - subccc %o4,%o5,%o5 - stuw %o5,[%o0] - - lduw [%o1+12],%o4 - lduw [%o2+12],%o5 - inc 16,%o1 - subccc %g1,%g2,%g2 - stuw %g2,[%o0+4] - - inc 16,%o2 - subccc %g3,%g4,%g4 - stuw %g4,[%o0+8] - - inc 16,%o0 - subccc %o4,%o5,%o5 - stuw %o5,[%o0-4] - and %o3,-4,%g1 - brnz,a,pt %g1,.L_bn_sub_words_loop - lduw [%o1],%o4 - - brnz,a,pn %o3,.L_bn_sub_words_tail - lduw [%o1],%o4 -.L_bn_sub_words_return: - clr %o0 - retl - movcs %icc,1,%o0 - nop - -.L_bn_sub_words_tail: ! wow! 32 aligned! - lduw [%o2],%o5 - dec %o3 - subccc %o4,%o5,%o5 - brz,pt %o3,.L_bn_sub_words_return - stuw %o5,[%o0] - - lduw [%o1+4],%o4 - lduw [%o2+4],%o5 - dec %o3 - subccc %o4,%o5,%o5 - brz,pt %o3,.L_bn_sub_words_return - stuw %o5,[%o0+4] - - lduw [%o1+8],%o4 - lduw [%o2+8],%o5 - subccc %o4,%o5,%o5 - stuw %o5,[%o0+8] - clr %o0 - retl - movcs %icc,1,%o0 - -.type bn_sub_words,#function -.size bn_sub_words,(.-bn_sub_words) - -/* - * Code below depends on the fact that upper parts of the %l0-%l7 - * and %i0-%i7 are zeroed by kernel after context switch. In - * previous versions this comment stated that "the trouble is that - * it's not feasible to implement the mumbo-jumbo in less V9 - * instructions:-(" which apparently isn't true thanks to - * 'bcs,a %xcc,.+8; inc %rd' pair. But the performance improvement - * results not from the shorter code, but from elimination of - * multicycle none-pairable 'rd %y,%rd' instructions. - * - * Andy. - */ - -/* - * Here is register usage map for *all* routines below. - */ -#define t_1 %o0 -#define t_2 %o1 -#define c_12 %o2 -#define c_3 %o3 - -#define ap(I) [%i1+4*I] -#define bp(I) [%i2+4*I] -#define rp(I) [%i0+4*I] - -#define a_0 %l0 -#define a_1 %l1 -#define a_2 %l2 -#define a_3 %l3 -#define a_4 %l4 -#define a_5 %l5 -#define a_6 %l6 -#define a_7 %l7 - -#define b_0 %i3 -#define b_1 %i4 -#define b_2 %i5 -#define b_3 %o4 -#define b_4 %o5 -#define b_5 %o7 -#define b_6 %g1 -#define b_7 %g4 - -.align 32 -.global bn_mul_comba8 -/* - * void bn_mul_comba8(r,a,b) - * BN_ULONG *r,*a,*b; - */ -bn_mul_comba8: - save %sp,FRAME_SIZE,%sp - mov 1,t_2 - lduw ap(0),a_0 - sllx t_2,32,t_2 - lduw bp(0),b_0 != - lduw bp(1),b_1 - mulx a_0,b_0,t_1 !mul_add_c(a[0],b[0],c1,c2,c3); - srlx t_1,32,c_12 - stuw t_1,rp(0) !=!r[0]=c1; - - lduw ap(1),a_1 - mulx a_0,b_1,t_1 !mul_add_c(a[0],b[1],c2,c3,c1); - addcc c_12,t_1,c_12 - clr c_3 != - bcs,a %xcc,.+8 - add c_3,t_2,c_3 - lduw ap(2),a_2 - mulx a_1,b_0,t_1 !=!mul_add_c(a[1],b[0],c2,c3,c1); - addcc c_12,t_1,t_1 - bcs,a %xcc,.+8 - add c_3,t_2,c_3 - srlx t_1,32,c_12 != - stuw t_1,rp(1) !r[1]=c2; - or c_12,c_3,c_12 - - mulx a_2,b_0,t_1 !mul_add_c(a[2],b[0],c3,c1,c2); - addcc c_12,t_1,c_12 != - clr c_3 - bcs,a %xcc,.+8 - add c_3,t_2,c_3 - lduw bp(2),b_2 != - mulx a_1,b_1,t_1 !mul_add_c(a[1],b[1],c3,c1,c2); - addcc c_12,t_1,c_12 - bcs,a %xcc,.+8 - add c_3,t_2,c_3 != - lduw bp(3),b_3 - mulx a_0,b_2,t_1 !mul_add_c(a[0],b[2],c3,c1,c2); - addcc c_12,t_1,t_1 - bcs,a %xcc,.+8 != - add c_3,t_2,c_3 - srlx t_1,32,c_12 - stuw t_1,rp(2) !r[2]=c3; - or c_12,c_3,c_12 != - - mulx a_0,b_3,t_1 !mul_add_c(a[0],b[3],c1,c2,c3); - addcc c_12,t_1,c_12 - clr c_3 - bcs,a %xcc,.+8 != - add c_3,t_2,c_3 - mulx a_1,b_2,t_1 !=!mul_add_c(a[1],b[2],c1,c2,c3); - addcc c_12,t_1,c_12 - bcs,a %xcc,.+8 != - add c_3,t_2,c_3 - lduw ap(3),a_3 - mulx a_2,b_1,t_1 !mul_add_c(a[2],b[1],c1,c2,c3); - addcc c_12,t_1,c_12 != - bcs,a %xcc,.+8 - add c_3,t_2,c_3 - lduw ap(4),a_4 - mulx a_3,b_0,t_1 !=!mul_add_c(a[3],b[0],c1,c2,c3);!= - addcc c_12,t_1,t_1 - bcs,a %xcc,.+8 - add c_3,t_2,c_3 - srlx t_1,32,c_12 != - stuw t_1,rp(3) !r[3]=c1; - or c_12,c_3,c_12 - - mulx a_4,b_0,t_1 !mul_add_c(a[4],b[0],c2,c3,c1); - addcc c_12,t_1,c_12 != - clr c_3 - bcs,a %xcc,.+8 - add c_3,t_2,c_3 - mulx a_3,b_1,t_1 !=!mul_add_c(a[3],b[1],c2,c3,c1); - addcc c_12,t_1,c_12 - bcs,a %xcc,.+8 - add c_3,t_2,c_3 - mulx a_2,b_2,t_1 !=!mul_add_c(a[2],b[2],c2,c3,c1); - addcc c_12,t_1,c_12 - bcs,a %xcc,.+8 - add c_3,t_2,c_3 - lduw bp(4),b_4 != - mulx a_1,b_3,t_1 !mul_add_c(a[1],b[3],c2,c3,c1); - addcc c_12,t_1,c_12 - bcs,a %xcc,.+8 - add c_3,t_2,c_3 != - lduw bp(5),b_5 - mulx a_0,b_4,t_1 !mul_add_c(a[0],b[4],c2,c3,c1); - addcc c_12,t_1,t_1 - bcs,a %xcc,.+8 != - add c_3,t_2,c_3 - srlx t_1,32,c_12 - stuw t_1,rp(4) !r[4]=c2; - or c_12,c_3,c_12 != - - mulx a_0,b_5,t_1 !mul_add_c(a[0],b[5],c3,c1,c2); - addcc c_12,t_1,c_12 - clr c_3 - bcs,a %xcc,.+8 != - add c_3,t_2,c_3 - mulx a_1,b_4,t_1 !mul_add_c(a[1],b[4],c3,c1,c2); - addcc c_12,t_1,c_12 - bcs,a %xcc,.+8 != - add c_3,t_2,c_3 - mulx a_2,b_3,t_1 !mul_add_c(a[2],b[3],c3,c1,c2); - addcc c_12,t_1,c_12 - bcs,a %xcc,.+8 != - add c_3,t_2,c_3 - mulx a_3,b_2,t_1 !mul_add_c(a[3],b[2],c3,c1,c2); - addcc c_12,t_1,c_12 - bcs,a %xcc,.+8 != - add c_3,t_2,c_3 - lduw ap(5),a_5 - mulx a_4,b_1,t_1 !mul_add_c(a[4],b[1],c3,c1,c2); - addcc c_12,t_1,c_12 != - bcs,a %xcc,.+8 - add c_3,t_2,c_3 - lduw ap(6),a_6 - mulx a_5,b_0,t_1 !=!mul_add_c(a[5],b[0],c3,c1,c2); - addcc c_12,t_1,t_1 - bcs,a %xcc,.+8 - add c_3,t_2,c_3 - srlx t_1,32,c_12 != - stuw t_1,rp(5) !r[5]=c3; - or c_12,c_3,c_12 - - mulx a_6,b_0,t_1 !mul_add_c(a[6],b[0],c1,c2,c3); - addcc c_12,t_1,c_12 != - clr c_3 - bcs,a %xcc,.+8 - add c_3,t_2,c_3 - mulx a_5,b_1,t_1 !=!mul_add_c(a[5],b[1],c1,c2,c3); - addcc c_12,t_1,c_12 - bcs,a %xcc,.+8 - add c_3,t_2,c_3 - mulx a_4,b_2,t_1 !=!mul_add_c(a[4],b[2],c1,c2,c3); - addcc c_12,t_1,c_12 - bcs,a %xcc,.+8 - add c_3,t_2,c_3 - mulx a_3,b_3,t_1 !=!mul_add_c(a[3],b[3],c1,c2,c3); - addcc c_12,t_1,c_12 - bcs,a %xcc,.+8 - add c_3,t_2,c_3 - mulx a_2,b_4,t_1 !=!mul_add_c(a[2],b[4],c1,c2,c3); - addcc c_12,t_1,c_12 - bcs,a %xcc,.+8 - add c_3,t_2,c_3 - lduw bp(6),b_6 != - mulx a_1,b_5,t_1 !mul_add_c(a[1],b[5],c1,c2,c3); - addcc c_12,t_1,c_12 - bcs,a %xcc,.+8 - add c_3,t_2,c_3 != - lduw bp(7),b_7 - mulx a_0,b_6,t_1 !mul_add_c(a[0],b[6],c1,c2,c3); - addcc c_12,t_1,t_1 - bcs,a %xcc,.+8 != - add c_3,t_2,c_3 - srlx t_1,32,c_12 - stuw t_1,rp(6) !r[6]=c1; - or c_12,c_3,c_12 != - - mulx a_0,b_7,t_1 !mul_add_c(a[0],b[7],c2,c3,c1); - addcc c_12,t_1,c_12 - clr c_3 - bcs,a %xcc,.+8 != - add c_3,t_2,c_3 - mulx a_1,b_6,t_1 !mul_add_c(a[1],b[6],c2,c3,c1); - addcc c_12,t_1,c_12 - bcs,a %xcc,.+8 != - add c_3,t_2,c_3 - mulx a_2,b_5,t_1 !mul_add_c(a[2],b[5],c2,c3,c1); - addcc c_12,t_1,c_12 - bcs,a %xcc,.+8 != - add c_3,t_2,c_3 - mulx a_3,b_4,t_1 !mul_add_c(a[3],b[4],c2,c3,c1); - addcc c_12,t_1,c_12 - bcs,a %xcc,.+8 != - add c_3,t_2,c_3 - mulx a_4,b_3,t_1 !mul_add_c(a[4],b[3],c2,c3,c1); - addcc c_12,t_1,c_12 - bcs,a %xcc,.+8 != - add c_3,t_2,c_3 - mulx a_5,b_2,t_1 !mul_add_c(a[5],b[2],c2,c3,c1); - addcc c_12,t_1,c_12 - bcs,a %xcc,.+8 != - add c_3,t_2,c_3 - lduw ap(7),a_7 - mulx a_6,b_1,t_1 !=!mul_add_c(a[6],b[1],c2,c3,c1); - addcc c_12,t_1,c_12 - bcs,a %xcc,.+8 - add c_3,t_2,c_3 - mulx a_7,b_0,t_1 !=!mul_add_c(a[7],b[0],c2,c3,c1); - addcc c_12,t_1,t_1 - bcs,a %xcc,.+8 - add c_3,t_2,c_3 - srlx t_1,32,c_12 != - stuw t_1,rp(7) !r[7]=c2; - or c_12,c_3,c_12 - - mulx a_7,b_1,t_1 !=!mul_add_c(a[7],b[1],c3,c1,c2); - addcc c_12,t_1,c_12 - clr c_3 - bcs,a %xcc,.+8 - add c_3,t_2,c_3 != - mulx a_6,b_2,t_1 !mul_add_c(a[6],b[2],c3,c1,c2); - addcc c_12,t_1,c_12 - bcs,a %xcc,.+8 - add c_3,t_2,c_3 != - mulx a_5,b_3,t_1 !mul_add_c(a[5],b[3],c3,c1,c2); - addcc c_12,t_1,c_12 - bcs,a %xcc,.+8 - add c_3,t_2,c_3 != - mulx a_4,b_4,t_1 !mul_add_c(a[4],b[4],c3,c1,c2); - addcc c_12,t_1,c_12 - bcs,a %xcc,.+8 - add c_3,t_2,c_3 != - mulx a_3,b_5,t_1 !mul_add_c(a[3],b[5],c3,c1,c2); - addcc c_12,t_1,c_12 - bcs,a %xcc,.+8 - add c_3,t_2,c_3 != - mulx a_2,b_6,t_1 !mul_add_c(a[2],b[6],c3,c1,c2); - addcc c_12,t_1,c_12 - bcs,a %xcc,.+8 - add c_3,t_2,c_3 != - mulx a_1,b_7,t_1 !mul_add_c(a[1],b[7],c3,c1,c2); - addcc c_12,t_1,t_1 - bcs,a %xcc,.+8 - add c_3,t_2,c_3 != - srlx t_1,32,c_12 - stuw t_1,rp(8) !r[8]=c3; - or c_12,c_3,c_12 - - mulx a_2,b_7,t_1 !=!mul_add_c(a[2],b[7],c1,c2,c3); - addcc c_12,t_1,c_12 - clr c_3 - bcs,a %xcc,.+8 - add c_3,t_2,c_3 != - mulx a_3,b_6,t_1 !mul_add_c(a[3],b[6],c1,c2,c3); - addcc c_12,t_1,c_12 - bcs,a %xcc,.+8 != - add c_3,t_2,c_3 - mulx a_4,b_5,t_1 !mul_add_c(a[4],b[5],c1,c2,c3); - addcc c_12,t_1,c_12 - bcs,a %xcc,.+8 != - add c_3,t_2,c_3 - mulx a_5,b_4,t_1 !mul_add_c(a[5],b[4],c1,c2,c3); - addcc c_12,t_1,c_12 - bcs,a %xcc,.+8 != - add c_3,t_2,c_3 - mulx a_6,b_3,t_1 !mul_add_c(a[6],b[3],c1,c2,c3); - addcc c_12,t_1,c_12 - bcs,a %xcc,.+8 != - add c_3,t_2,c_3 - mulx a_7,b_2,t_1 !mul_add_c(a[7],b[2],c1,c2,c3); - addcc c_12,t_1,t_1 - bcs,a %xcc,.+8 != - add c_3,t_2,c_3 - srlx t_1,32,c_12 - stuw t_1,rp(9) !r[9]=c1; - or c_12,c_3,c_12 != - - mulx a_7,b_3,t_1 !mul_add_c(a[7],b[3],c2,c3,c1); - addcc c_12,t_1,c_12 - clr c_3 - bcs,a %xcc,.+8 != - add c_3,t_2,c_3 - mulx a_6,b_4,t_1 !mul_add_c(a[6],b[4],c2,c3,c1); - addcc c_12,t_1,c_12 - bcs,a %xcc,.+8 != - add c_3,t_2,c_3 - mulx a_5,b_5,t_1 !mul_add_c(a[5],b[5],c2,c3,c1); - addcc c_12,t_1,c_12 - bcs,a %xcc,.+8 != - add c_3,t_2,c_3 - mulx a_4,b_6,t_1 !mul_add_c(a[4],b[6],c2,c3,c1); - addcc c_12,t_1,c_12 - bcs,a %xcc,.+8 != - add c_3,t_2,c_3 - mulx a_3,b_7,t_1 !mul_add_c(a[3],b[7],c2,c3,c1); - addcc c_12,t_1,t_1 - bcs,a %xcc,.+8 != - add c_3,t_2,c_3 - srlx t_1,32,c_12 - stuw t_1,rp(10) !r[10]=c2; - or c_12,c_3,c_12 != - - mulx a_4,b_7,t_1 !mul_add_c(a[4],b[7],c3,c1,c2); - addcc c_12,t_1,c_12 - clr c_3 - bcs,a %xcc,.+8 != - add c_3,t_2,c_3 - mulx a_5,b_6,t_1 !mul_add_c(a[5],b[6],c3,c1,c2); - addcc c_12,t_1,c_12 - bcs,a %xcc,.+8 != - add c_3,t_2,c_3 - mulx a_6,b_5,t_1 !mul_add_c(a[6],b[5],c3,c1,c2); - addcc c_12,t_1,c_12 - bcs,a %xcc,.+8 != - add c_3,t_2,c_3 - mulx a_7,b_4,t_1 !mul_add_c(a[7],b[4],c3,c1,c2); - addcc c_12,t_1,t_1 - bcs,a %xcc,.+8 != - add c_3,t_2,c_3 - srlx t_1,32,c_12 - stuw t_1,rp(11) !r[11]=c3; - or c_12,c_3,c_12 != - - mulx a_7,b_5,t_1 !mul_add_c(a[7],b[5],c1,c2,c3); - addcc c_12,t_1,c_12 - clr c_3 - bcs,a %xcc,.+8 != - add c_3,t_2,c_3 - mulx a_6,b_6,t_1 !mul_add_c(a[6],b[6],c1,c2,c3); - addcc c_12,t_1,c_12 - bcs,a %xcc,.+8 != - add c_3,t_2,c_3 - mulx a_5,b_7,t_1 !mul_add_c(a[5],b[7],c1,c2,c3); - addcc c_12,t_1,t_1 - bcs,a %xcc,.+8 != - add c_3,t_2,c_3 - srlx t_1,32,c_12 - stuw t_1,rp(12) !r[12]=c1; - or c_12,c_3,c_12 != - - mulx a_6,b_7,t_1 !mul_add_c(a[6],b[7],c2,c3,c1); - addcc c_12,t_1,c_12 - clr c_3 - bcs,a %xcc,.+8 != - add c_3,t_2,c_3 - mulx a_7,b_6,t_1 !mul_add_c(a[7],b[6],c2,c3,c1); - addcc c_12,t_1,t_1 - bcs,a %xcc,.+8 != - add c_3,t_2,c_3 - srlx t_1,32,c_12 - st t_1,rp(13) !r[13]=c2; - or c_12,c_3,c_12 != - - mulx a_7,b_7,t_1 !mul_add_c(a[7],b[7],c3,c1,c2); - addcc c_12,t_1,t_1 - srlx t_1,32,c_12 != - stuw t_1,rp(14) !r[14]=c3; - stuw c_12,rp(15) !r[15]=c1; - - ret - restore %g0,%g0,%o0 != - -.type bn_mul_comba8,#function -.size bn_mul_comba8,(.-bn_mul_comba8) - -.align 32 - -.global bn_mul_comba4 -/* - * void bn_mul_comba4(r,a,b) - * BN_ULONG *r,*a,*b; - */ -bn_mul_comba4: - save %sp,FRAME_SIZE,%sp - lduw ap(0),a_0 - mov 1,t_2 - lduw bp(0),b_0 - sllx t_2,32,t_2 != - lduw bp(1),b_1 - mulx a_0,b_0,t_1 !mul_add_c(a[0],b[0],c1,c2,c3); - srlx t_1,32,c_12 - stuw t_1,rp(0) !=!r[0]=c1; - - lduw ap(1),a_1 - mulx a_0,b_1,t_1 !mul_add_c(a[0],b[1],c2,c3,c1); - addcc c_12,t_1,c_12 - clr c_3 != - bcs,a %xcc,.+8 - add c_3,t_2,c_3 - lduw ap(2),a_2 - mulx a_1,b_0,t_1 !=!mul_add_c(a[1],b[0],c2,c3,c1); - addcc c_12,t_1,t_1 - bcs,a %xcc,.+8 - add c_3,t_2,c_3 - srlx t_1,32,c_12 != - stuw t_1,rp(1) !r[1]=c2; - or c_12,c_3,c_12 - - mulx a_2,b_0,t_1 !mul_add_c(a[2],b[0],c3,c1,c2); - addcc c_12,t_1,c_12 != - clr c_3 - bcs,a %xcc,.+8 - add c_3,t_2,c_3 - lduw bp(2),b_2 != - mulx a_1,b_1,t_1 !mul_add_c(a[1],b[1],c3,c1,c2); - addcc c_12,t_1,c_12 - bcs,a %xcc,.+8 - add c_3,t_2,c_3 != - lduw bp(3),b_3 - mulx a_0,b_2,t_1 !mul_add_c(a[0],b[2],c3,c1,c2); - addcc c_12,t_1,t_1 - bcs,a %xcc,.+8 != - add c_3,t_2,c_3 - srlx t_1,32,c_12 - stuw t_1,rp(2) !r[2]=c3; - or c_12,c_3,c_12 != - - mulx a_0,b_3,t_1 !mul_add_c(a[0],b[3],c1,c2,c3); - addcc c_12,t_1,c_12 - clr c_3 - bcs,a %xcc,.+8 != - add c_3,t_2,c_3 - mulx a_1,b_2,t_1 !mul_add_c(a[1],b[2],c1,c2,c3); - addcc c_12,t_1,c_12 - bcs,a %xcc,.+8 != - add c_3,t_2,c_3 - lduw ap(3),a_3 - mulx a_2,b_1,t_1 !mul_add_c(a[2],b[1],c1,c2,c3); - addcc c_12,t_1,c_12 != - bcs,a %xcc,.+8 - add c_3,t_2,c_3 - mulx a_3,b_0,t_1 !mul_add_c(a[3],b[0],c1,c2,c3);!= - addcc c_12,t_1,t_1 != - bcs,a %xcc,.+8 - add c_3,t_2,c_3 - srlx t_1,32,c_12 - stuw t_1,rp(3) !=!r[3]=c1; - or c_12,c_3,c_12 - - mulx a_3,b_1,t_1 !mul_add_c(a[3],b[1],c2,c3,c1); - addcc c_12,t_1,c_12 - clr c_3 != - bcs,a %xcc,.+8 - add c_3,t_2,c_3 - mulx a_2,b_2,t_1 !mul_add_c(a[2],b[2],c2,c3,c1); - addcc c_12,t_1,c_12 != - bcs,a %xcc,.+8 - add c_3,t_2,c_3 - mulx a_1,b_3,t_1 !mul_add_c(a[1],b[3],c2,c3,c1); - addcc c_12,t_1,t_1 != - bcs,a %xcc,.+8 - add c_3,t_2,c_3 - srlx t_1,32,c_12 - stuw t_1,rp(4) !=!r[4]=c2; - or c_12,c_3,c_12 - - mulx a_2,b_3,t_1 !mul_add_c(a[2],b[3],c3,c1,c2); - addcc c_12,t_1,c_12 - clr c_3 != - bcs,a %xcc,.+8 - add c_3,t_2,c_3 - mulx a_3,b_2,t_1 !mul_add_c(a[3],b[2],c3,c1,c2); - addcc c_12,t_1,t_1 != - bcs,a %xcc,.+8 - add c_3,t_2,c_3 - srlx t_1,32,c_12 - stuw t_1,rp(5) !=!r[5]=c3; - or c_12,c_3,c_12 - - mulx a_3,b_3,t_1 !mul_add_c(a[3],b[3],c1,c2,c3); - addcc c_12,t_1,t_1 - srlx t_1,32,c_12 != - stuw t_1,rp(6) !r[6]=c1; - stuw c_12,rp(7) !r[7]=c2; - - ret - restore %g0,%g0,%o0 - -.type bn_mul_comba4,#function -.size bn_mul_comba4,(.-bn_mul_comba4) - -.align 32 - -.global bn_sqr_comba8 -bn_sqr_comba8: - save %sp,FRAME_SIZE,%sp - mov 1,t_2 - lduw ap(0),a_0 - sllx t_2,32,t_2 - lduw ap(1),a_1 - mulx a_0,a_0,t_1 !sqr_add_c(a,0,c1,c2,c3); - srlx t_1,32,c_12 - stuw t_1,rp(0) !r[0]=c1; - - lduw ap(2),a_2 - mulx a_0,a_1,t_1 !=!sqr_add_c2(a,1,0,c2,c3,c1); - addcc c_12,t_1,c_12 - clr c_3 - bcs,a %xcc,.+8 - add c_3,t_2,c_3 - addcc c_12,t_1,t_1 - bcs,a %xcc,.+8 - add c_3,t_2,c_3 - srlx t_1,32,c_12 - stuw t_1,rp(1) !r[1]=c2; - or c_12,c_3,c_12 - - mulx a_2,a_0,t_1 !sqr_add_c2(a,2,0,c3,c1,c2); - addcc c_12,t_1,c_12 - clr c_3 - bcs,a %xcc,.+8 - add c_3,t_2,c_3 - addcc c_12,t_1,c_12 - bcs,a %xcc,.+8 - add c_3,t_2,c_3 - lduw ap(3),a_3 - mulx a_1,a_1,t_1 !sqr_add_c(a,1,c3,c1,c2); - addcc c_12,t_1,t_1 - bcs,a %xcc,.+8 - add c_3,t_2,c_3 - srlx t_1,32,c_12 - stuw t_1,rp(2) !r[2]=c3; - or c_12,c_3,c_12 - - mulx a_0,a_3,t_1 !sqr_add_c2(a,3,0,c1,c2,c3); - addcc c_12,t_1,c_12 - clr c_3 - bcs,a %xcc,.+8 - add c_3,t_2,c_3 - addcc c_12,t_1,c_12 - bcs,a %xcc,.+8 - add c_3,t_2,c_3 - lduw ap(4),a_4 - mulx a_1,a_2,t_1 !sqr_add_c2(a,2,1,c1,c2,c3); - addcc c_12,t_1,c_12 - bcs,a %xcc,.+8 - add c_3,t_2,c_3 - addcc c_12,t_1,t_1 - bcs,a %xcc,.+8 - add c_3,t_2,c_3 - srlx t_1,32,c_12 - st t_1,rp(3) !r[3]=c1; - or c_12,c_3,c_12 - - mulx a_4,a_0,t_1 !sqr_add_c2(a,4,0,c2,c3,c1); - addcc c_12,t_1,c_12 - clr c_3 - bcs,a %xcc,.+8 - add c_3,t_2,c_3 - addcc c_12,t_1,c_12 - bcs,a %xcc,.+8 - add c_3,t_2,c_3 - mulx a_3,a_1,t_1 !sqr_add_c2(a,3,1,c2,c3,c1); - addcc c_12,t_1,c_12 - bcs,a %xcc,.+8 - add c_3,t_2,c_3 - addcc c_12,t_1,c_12 - bcs,a %xcc,.+8 - add c_3,t_2,c_3 - lduw ap(5),a_5 - mulx a_2,a_2,t_1 !sqr_add_c(a,2,c2,c3,c1); - addcc c_12,t_1,t_1 - bcs,a %xcc,.+8 - add c_3,t_2,c_3 - srlx t_1,32,c_12 - stuw t_1,rp(4) !r[4]=c2; - or c_12,c_3,c_12 - - mulx a_0,a_5,t_1 !sqr_add_c2(a,5,0,c3,c1,c2); - addcc c_12,t_1,c_12 - clr c_3 - bcs,a %xcc,.+8 - add c_3,t_2,c_3 - addcc c_12,t_1,c_12 - bcs,a %xcc,.+8 - add c_3,t_2,c_3 - mulx a_1,a_4,t_1 !sqr_add_c2(a,4,1,c3,c1,c2); - addcc c_12,t_1,c_12 - bcs,a %xcc,.+8 - add c_3,t_2,c_3 - addcc c_12,t_1,c_12 - bcs,a %xcc,.+8 - add c_3,t_2,c_3 - lduw ap(6),a_6 - mulx a_2,a_3,t_1 !sqr_add_c2(a,3,2,c3,c1,c2); - addcc c_12,t_1,c_12 - bcs,a %xcc,.+8 - add c_3,t_2,c_3 - addcc c_12,t_1,t_1 - bcs,a %xcc,.+8 - add c_3,t_2,c_3 - srlx t_1,32,c_12 - stuw t_1,rp(5) !r[5]=c3; - or c_12,c_3,c_12 - - mulx a_6,a_0,t_1 !sqr_add_c2(a,6,0,c1,c2,c3); - addcc c_12,t_1,c_12 - clr c_3 - bcs,a %xcc,.+8 - add c_3,t_2,c_3 - addcc c_12,t_1,c_12 - bcs,a %xcc,.+8 - add c_3,t_2,c_3 - mulx a_5,a_1,t_1 !sqr_add_c2(a,5,1,c1,c2,c3); - addcc c_12,t_1,c_12 - bcs,a %xcc,.+8 - add c_3,t_2,c_3 - addcc c_12,t_1,c_12 - bcs,a %xcc,.+8 - add c_3,t_2,c_3 - mulx a_4,a_2,t_1 !sqr_add_c2(a,4,2,c1,c2,c3); - addcc c_12,t_1,c_12 - bcs,a %xcc,.+8 - add c_3,t_2,c_3 - addcc c_12,t_1,c_12 - bcs,a %xcc,.+8 - add c_3,t_2,c_3 - lduw ap(7),a_7 - mulx a_3,a_3,t_1 !=!sqr_add_c(a,3,c1,c2,c3); - addcc c_12,t_1,t_1 - bcs,a %xcc,.+8 - add c_3,t_2,c_3 - srlx t_1,32,c_12 - stuw t_1,rp(6) !r[6]=c1; - or c_12,c_3,c_12 - - mulx a_0,a_7,t_1 !sqr_add_c2(a,7,0,c2,c3,c1); - addcc c_12,t_1,c_12 - clr c_3 - bcs,a %xcc,.+8 - add c_3,t_2,c_3 - addcc c_12,t_1,c_12 - bcs,a %xcc,.+8 - add c_3,t_2,c_3 - mulx a_1,a_6,t_1 !sqr_add_c2(a,6,1,c2,c3,c1); - addcc c_12,t_1,c_12 - bcs,a %xcc,.+8 - add c_3,t_2,c_3 - addcc c_12,t_1,c_12 - bcs,a %xcc,.+8 - add c_3,t_2,c_3 - mulx a_2,a_5,t_1 !sqr_add_c2(a,5,2,c2,c3,c1); - addcc c_12,t_1,c_12 - bcs,a %xcc,.+8 - add c_3,t_2,c_3 - addcc c_12,t_1,c_12 - bcs,a %xcc,.+8 - add c_3,t_2,c_3 - mulx a_3,a_4,t_1 !sqr_add_c2(a,4,3,c2,c3,c1); - addcc c_12,t_1,c_12 - bcs,a %xcc,.+8 - add c_3,t_2,c_3 - addcc c_12,t_1,t_1 - bcs,a %xcc,.+8 - add c_3,t_2,c_3 - srlx t_1,32,c_12 - stuw t_1,rp(7) !r[7]=c2; - or c_12,c_3,c_12 - - mulx a_7,a_1,t_1 !sqr_add_c2(a,7,1,c3,c1,c2); - addcc c_12,t_1,c_12 - clr c_3 - bcs,a %xcc,.+8 - add c_3,t_2,c_3 - addcc c_12,t_1,c_12 - bcs,a %xcc,.+8 - add c_3,t_2,c_3 - mulx a_6,a_2,t_1 !sqr_add_c2(a,6,2,c3,c1,c2); - addcc c_12,t_1,c_12 - bcs,a %xcc,.+8 - add c_3,t_2,c_3 - addcc c_12,t_1,c_12 - bcs,a %xcc,.+8 - add c_3,t_2,c_3 - mulx a_5,a_3,t_1 !sqr_add_c2(a,5,3,c3,c1,c2); - addcc c_12,t_1,c_12 - bcs,a %xcc,.+8 - add c_3,t_2,c_3 - addcc c_12,t_1,c_12 - bcs,a %xcc,.+8 - add c_3,t_2,c_3 - mulx a_4,a_4,t_1 !sqr_add_c(a,4,c3,c1,c2); - addcc c_12,t_1,t_1 - bcs,a %xcc,.+8 - add c_3,t_2,c_3 - srlx t_1,32,c_12 - stuw t_1,rp(8) !r[8]=c3; - or c_12,c_3,c_12 - - mulx a_2,a_7,t_1 !sqr_add_c2(a,7,2,c1,c2,c3); - addcc c_12,t_1,c_12 - clr c_3 - bcs,a %xcc,.+8 - add c_3,t_2,c_3 - addcc c_12,t_1,c_12 - bcs,a %xcc,.+8 - add c_3,t_2,c_3 - mulx a_3,a_6,t_1 !sqr_add_c2(a,6,3,c1,c2,c3); - addcc c_12,t_1,c_12 - bcs,a %xcc,.+8 - add c_3,t_2,c_3 - addcc c_12,t_1,c_12 - bcs,a %xcc,.+8 - add c_3,t_2,c_3 - mulx a_4,a_5,t_1 !sqr_add_c2(a,5,4,c1,c2,c3); - addcc c_12,t_1,c_12 - bcs,a %xcc,.+8 - add c_3,t_2,c_3 - addcc c_12,t_1,t_1 - bcs,a %xcc,.+8 - add c_3,t_2,c_3 - srlx t_1,32,c_12 - stuw t_1,rp(9) !r[9]=c1; - or c_12,c_3,c_12 - - mulx a_7,a_3,t_1 !sqr_add_c2(a,7,3,c2,c3,c1); - addcc c_12,t_1,c_12 - clr c_3 - bcs,a %xcc,.+8 - add c_3,t_2,c_3 - addcc c_12,t_1,c_12 - bcs,a %xcc,.+8 - add c_3,t_2,c_3 - mulx a_6,a_4,t_1 !sqr_add_c2(a,6,4,c2,c3,c1); - addcc c_12,t_1,c_12 - bcs,a %xcc,.+8 - add c_3,t_2,c_3 - addcc c_12,t_1,c_12 - bcs,a %xcc,.+8 - add c_3,t_2,c_3 - mulx a_5,a_5,t_1 !sqr_add_c(a,5,c2,c3,c1); - addcc c_12,t_1,t_1 - bcs,a %xcc,.+8 - add c_3,t_2,c_3 - srlx t_1,32,c_12 - stuw t_1,rp(10) !r[10]=c2; - or c_12,c_3,c_12 - - mulx a_4,a_7,t_1 !sqr_add_c2(a,7,4,c3,c1,c2); - addcc c_12,t_1,c_12 - clr c_3 - bcs,a %xcc,.+8 - add c_3,t_2,c_3 - addcc c_12,t_1,c_12 - bcs,a %xcc,.+8 - add c_3,t_2,c_3 - mulx a_5,a_6,t_1 !sqr_add_c2(a,6,5,c3,c1,c2); - addcc c_12,t_1,c_12 - bcs,a %xcc,.+8 - add c_3,t_2,c_3 - addcc c_12,t_1,t_1 - bcs,a %xcc,.+8 - add c_3,t_2,c_3 - srlx t_1,32,c_12 - stuw t_1,rp(11) !r[11]=c3; - or c_12,c_3,c_12 - - mulx a_7,a_5,t_1 !sqr_add_c2(a,7,5,c1,c2,c3); - addcc c_12,t_1,c_12 - clr c_3 - bcs,a %xcc,.+8 - add c_3,t_2,c_3 - addcc c_12,t_1,c_12 - bcs,a %xcc,.+8 - add c_3,t_2,c_3 - mulx a_6,a_6,t_1 !sqr_add_c(a,6,c1,c2,c3); - addcc c_12,t_1,t_1 - bcs,a %xcc,.+8 - add c_3,t_2,c_3 - srlx t_1,32,c_12 - stuw t_1,rp(12) !r[12]=c1; - or c_12,c_3,c_12 - - mulx a_6,a_7,t_1 !sqr_add_c2(a,7,6,c2,c3,c1); - addcc c_12,t_1,c_12 - clr c_3 - bcs,a %xcc,.+8 - add c_3,t_2,c_3 - addcc c_12,t_1,t_1 - bcs,a %xcc,.+8 - add c_3,t_2,c_3 - srlx t_1,32,c_12 - stuw t_1,rp(13) !r[13]=c2; - or c_12,c_3,c_12 - - mulx a_7,a_7,t_1 !sqr_add_c(a,7,c3,c1,c2); - addcc c_12,t_1,t_1 - srlx t_1,32,c_12 - stuw t_1,rp(14) !r[14]=c3; - stuw c_12,rp(15) !r[15]=c1; - - ret - restore %g0,%g0,%o0 - -.type bn_sqr_comba8,#function -.size bn_sqr_comba8,(.-bn_sqr_comba8) - -.align 32 - -.global bn_sqr_comba4 -/* - * void bn_sqr_comba4(r,a) - * BN_ULONG *r,*a; - */ -bn_sqr_comba4: - save %sp,FRAME_SIZE,%sp - mov 1,t_2 - lduw ap(0),a_0 - sllx t_2,32,t_2 - lduw ap(1),a_1 - mulx a_0,a_0,t_1 !sqr_add_c(a,0,c1,c2,c3); - srlx t_1,32,c_12 - stuw t_1,rp(0) !r[0]=c1; - - lduw ap(2),a_2 - mulx a_0,a_1,t_1 !sqr_add_c2(a,1,0,c2,c3,c1); - addcc c_12,t_1,c_12 - clr c_3 - bcs,a %xcc,.+8 - add c_3,t_2,c_3 - addcc c_12,t_1,t_1 - bcs,a %xcc,.+8 - add c_3,t_2,c_3 - srlx t_1,32,c_12 - stuw t_1,rp(1) !r[1]=c2; - or c_12,c_3,c_12 - - mulx a_2,a_0,t_1 !sqr_add_c2(a,2,0,c3,c1,c2); - addcc c_12,t_1,c_12 - clr c_3 - bcs,a %xcc,.+8 - add c_3,t_2,c_3 - addcc c_12,t_1,c_12 - bcs,a %xcc,.+8 - add c_3,t_2,c_3 - lduw ap(3),a_3 - mulx a_1,a_1,t_1 !sqr_add_c(a,1,c3,c1,c2); - addcc c_12,t_1,t_1 - bcs,a %xcc,.+8 - add c_3,t_2,c_3 - srlx t_1,32,c_12 - stuw t_1,rp(2) !r[2]=c3; - or c_12,c_3,c_12 - - mulx a_0,a_3,t_1 !sqr_add_c2(a,3,0,c1,c2,c3); - addcc c_12,t_1,c_12 - clr c_3 - bcs,a %xcc,.+8 - add c_3,t_2,c_3 - addcc c_12,t_1,c_12 - bcs,a %xcc,.+8 - add c_3,t_2,c_3 - mulx a_1,a_2,t_1 !sqr_add_c2(a,2,1,c1,c2,c3); - addcc c_12,t_1,c_12 - bcs,a %xcc,.+8 - add c_3,t_2,c_3 - addcc c_12,t_1,t_1 - bcs,a %xcc,.+8 - add c_3,t_2,c_3 - srlx t_1,32,c_12 - stuw t_1,rp(3) !r[3]=c1; - or c_12,c_3,c_12 - - mulx a_3,a_1,t_1 !sqr_add_c2(a,3,1,c2,c3,c1); - addcc c_12,t_1,c_12 - clr c_3 - bcs,a %xcc,.+8 - add c_3,t_2,c_3 - addcc c_12,t_1,c_12 - bcs,a %xcc,.+8 - add c_3,t_2,c_3 - mulx a_2,a_2,t_1 !sqr_add_c(a,2,c2,c3,c1); - addcc c_12,t_1,t_1 - bcs,a %xcc,.+8 - add c_3,t_2,c_3 - srlx t_1,32,c_12 - stuw t_1,rp(4) !r[4]=c2; - or c_12,c_3,c_12 - - mulx a_2,a_3,t_1 !sqr_add_c2(a,3,2,c3,c1,c2); - addcc c_12,t_1,c_12 - clr c_3 - bcs,a %xcc,.+8 - add c_3,t_2,c_3 - addcc c_12,t_1,t_1 - bcs,a %xcc,.+8 - add c_3,t_2,c_3 - srlx t_1,32,c_12 - stuw t_1,rp(5) !r[5]=c3; - or c_12,c_3,c_12 - - mulx a_3,a_3,t_1 !sqr_add_c(a,3,c1,c2,c3); - addcc c_12,t_1,t_1 - srlx t_1,32,c_12 - stuw t_1,rp(6) !r[6]=c1; - stuw c_12,rp(7) !r[7]=c2; - - ret - restore %g0,%g0,%o0 - -.type bn_sqr_comba4,#function -.size bn_sqr_comba4,(.-bn_sqr_comba4) - -.align 32 diff --git a/crypto/bn/asm/sparcv9-gf2m.pl b/crypto/bn/asm/sparcv9-gf2m.pl deleted file mode 100644 index 9f773f183c96936b4a339173ae424f577166210a..0000000000000000000000000000000000000000 --- a/crypto/bn/asm/sparcv9-gf2m.pl +++ /dev/null @@ -1,202 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2012-2021 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - -# -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# ==================================================================== -# -# October 2012 -# -# The module implements bn_GF2m_mul_2x2 polynomial multiplication used -# in bn_gf2m.c. It's kind of low-hanging mechanical port from C for -# the time being... Except that it has two code paths: one suitable -# for all SPARCv9 processors and one for VIS3-capable ones. Former -# delivers ~25-45% more, more for longer keys, heaviest DH and DSA -# verify operations on venerable UltraSPARC II. On T4 VIS3 code is -# ~100-230% faster than gcc-generated code and ~35-90% faster than -# the pure SPARCv9 code path. - -$output = pop and open STDOUT,">$output"; - -$locals=16*8; - -$tab="%l0"; - -@T=("%g2","%g3"); -@i=("%g4","%g5"); - -($a1,$a2,$a4,$a8,$a12,$a48)=map("%o$_",(0..5)); -($lo,$hi,$b)=("%g1",$a8,"%o7"); $a=$lo; - -$code.=<<___; -#ifndef __ASSEMBLER__ -# define __ASSEMBLER__ 1 -#endif -#include "crypto/sparc_arch.h" - -#ifdef __arch64__ -.register %g2,#scratch -.register %g3,#scratch -#endif - -#ifdef __PIC__ -SPARC_PIC_THUNK(%g1) -#endif - -.globl bn_GF2m_mul_2x2 -.align 16 -bn_GF2m_mul_2x2: - SPARC_LOAD_ADDRESS_LEAF(OPENSSL_sparcv9cap_P,%g1,%g5) - ld [%g1+0],%g1 ! OPENSSL_sparcv9cap_P[0] - - andcc %g1, SPARCV9_VIS3, %g0 - bz,pn %icc,.Lsoftware - nop - - sllx %o1, 32, %o1 - sllx %o3, 32, %o3 - or %o2, %o1, %o1 - or %o4, %o3, %o3 - .word 0x95b262ab ! xmulx %o1, %o3, %o2 - .word 0x99b262cb ! xmulxhi %o1, %o3, %o4 - srlx %o2, 32, %o1 ! 13 cycles later - st %o2, [%o0+0] - st %o1, [%o0+4] - srlx %o4, 32, %o3 - st %o4, [%o0+8] - retl - st %o3, [%o0+12] - -.align 16 -.Lsoftware: - save %sp,-STACK_FRAME-$locals,%sp - - sllx %i1,32,$a - mov -1,$a12 - sllx %i3,32,$b - or %i2,$a,$a - srlx $a12,1,$a48 ! 0x7fff... - or %i4,$b,$b - srlx $a12,2,$a12 ! 0x3fff... - add %sp,STACK_BIAS+STACK_FRAME,$tab - - sllx $a,2,$a4 - mov $a,$a1 - sllx $a,1,$a2 - - srax $a4,63,@i[1] ! broadcast 61st bit - and $a48,$a4,$a4 ! (a<<2)&0x7fff... - srlx $a48,2,$a48 - srax $a2,63,@i[0] ! broadcast 62nd bit - and $a12,$a2,$a2 ! (a<<1)&0x3fff... - srax $a1,63,$lo ! broadcast 63rd bit - and $a48,$a1,$a1 ! (a<<0)&0x1fff... - - sllx $a1,3,$a8 - and $b,$lo,$lo - and $b,@i[0],@i[0] - and $b,@i[1],@i[1] - - stx %g0,[$tab+0*8] ! tab[0]=0 - xor $a1,$a2,$a12 - stx $a1,[$tab+1*8] ! tab[1]=a1 - stx $a2,[$tab+2*8] ! tab[2]=a2 - xor $a4,$a8,$a48 - stx $a12,[$tab+3*8] ! tab[3]=a1^a2 - xor $a4,$a1,$a1 - - stx $a4,[$tab+4*8] ! tab[4]=a4 - xor $a4,$a2,$a2 - stx $a1,[$tab+5*8] ! tab[5]=a1^a4 - xor $a4,$a12,$a12 - stx $a2,[$tab+6*8] ! tab[6]=a2^a4 - xor $a48,$a1,$a1 - stx $a12,[$tab+7*8] ! tab[7]=a1^a2^a4 - xor $a48,$a2,$a2 - - stx $a8,[$tab+8*8] ! tab[8]=a8 - xor $a48,$a12,$a12 - stx $a1,[$tab+9*8] ! tab[9]=a1^a8 - xor $a4,$a1,$a1 - stx $a2,[$tab+10*8] ! tab[10]=a2^a8 - xor $a4,$a2,$a2 - stx $a12,[$tab+11*8] ! tab[11]=a1^a2^a8 - - xor $a4,$a12,$a12 - stx $a48,[$tab+12*8] ! tab[12]=a4^a8 - srlx $lo,1,$hi - stx $a1,[$tab+13*8] ! tab[13]=a1^a4^a8 - sllx $lo,63,$lo - stx $a2,[$tab+14*8] ! tab[14]=a2^a4^a8 - srlx @i[0],2,@T[0] - stx $a12,[$tab+15*8] ! tab[15]=a1^a2^a4^a8 - - sllx @i[0],62,$a1 - sllx $b,3,@i[0] - srlx @i[1],3,@T[1] - and @i[0],`0xf<<3`,@i[0] - sllx @i[1],61,$a2 - ldx [$tab+@i[0]],@i[0] - srlx $b,4-3,@i[1] - xor @T[0],$hi,$hi - and @i[1],`0xf<<3`,@i[1] - xor $a1,$lo,$lo - ldx [$tab+@i[1]],@i[1] - xor @T[1],$hi,$hi - - xor @i[0],$lo,$lo - srlx $b,8-3,@i[0] - xor $a2,$lo,$lo - and @i[0],`0xf<<3`,@i[0] -___ -for($n=1;$n<14;$n++) { -$code.=<<___; - sllx @i[1],`$n*4`,@T[0] - ldx [$tab+@i[0]],@i[0] - srlx @i[1],`64-$n*4`,@T[1] - xor @T[0],$lo,$lo - srlx $b,`($n+2)*4`-3,@i[1] - xor @T[1],$hi,$hi - and @i[1],`0xf<<3`,@i[1] -___ - push(@i,shift(@i)); push(@T,shift(@T)); -} -$code.=<<___; - sllx @i[1],`$n*4`,@T[0] - ldx [$tab+@i[0]],@i[0] - srlx @i[1],`64-$n*4`,@T[1] - xor @T[0],$lo,$lo - - sllx @i[0],`($n+1)*4`,@T[0] - xor @T[1],$hi,$hi - srlx @i[0],`64-($n+1)*4`,@T[1] - xor @T[0],$lo,$lo - xor @T[1],$hi,$hi - - srlx $lo,32,%i1 - st $lo,[%i0+0] - st %i1,[%i0+4] - srlx $hi,32,%i2 - st $hi,[%i0+8] - st %i2,[%i0+12] - - ret - restore -.type bn_GF2m_mul_2x2,#function -.size bn_GF2m_mul_2x2,.-bn_GF2m_mul_2x2 -.asciz "GF(2^m) Multiplication for SPARCv9, CRYPTOGAMS by " -.align 4 -___ - -$code =~ s/\`([^\`]*)\`/eval($1)/gem; -print $code; -close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/bn/asm/sparcv9-mont.pl b/crypto/bn/asm/sparcv9-mont.pl deleted file mode 100644 index fe51fcaf81c75e6728a13448f0b08d5459c7adb9..0000000000000000000000000000000000000000 --- a/crypto/bn/asm/sparcv9-mont.pl +++ /dev/null @@ -1,622 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2005-2021 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - - -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# ==================================================================== - -# December 2005 -# -# Pure SPARCv9/8+ and IALU-only bn_mul_mont implementation. The reasons -# for undertaken effort are multiple. First of all, UltraSPARC is not -# the whole SPARCv9 universe and other VIS-free implementations deserve -# optimized code as much. Secondly, newly introduced UltraSPARC T1, -# a.k.a. Niagara, has shared FPU and concurrent FPU-intensive paths, -# such as sparcv9a-mont, will simply sink it. Yes, T1 is equipped with -# several integrated RSA/DSA accelerator circuits accessible through -# kernel driver [only(*)], but having decent user-land software -# implementation is important too. Finally, reasons like desire to -# experiment with dedicated squaring procedure. Yes, this module -# implements one, because it was easiest to draft it in SPARCv9 -# instructions... - -# (*) Engine accessing the driver in question is on my TODO list. -# For reference, accelerator is estimated to give 6 to 10 times -# improvement on single-threaded RSA sign. It should be noted -# that 6-10x improvement coefficient does not actually mean -# something extraordinary in terms of absolute [single-threaded] -# performance, as SPARCv9 instruction set is by all means least -# suitable for high performance crypto among other 64 bit -# platforms. 6-10x factor simply places T1 in same performance -# domain as say AMD64 and IA-64. Improvement of RSA verify don't -# appear impressive at all, but it's the sign operation which is -# far more critical/interesting. - -# You might notice that inner loops are modulo-scheduled:-) This has -# essentially negligible impact on UltraSPARC performance, it's -# Fujitsu SPARC64 V users who should notice and hopefully appreciate -# the advantage... Currently this module surpasses sparcv9a-mont.pl -# by ~20% on UltraSPARC-III and later cores, but recall that sparcv9a -# module still have hidden potential [see TODO list there], which is -# estimated to be larger than 20%... - -$output = pop and open STDOUT,">$output"; - -# int bn_mul_mont( -$rp="%i0"; # BN_ULONG *rp, -$ap="%i1"; # const BN_ULONG *ap, -$bp="%i2"; # const BN_ULONG *bp, -$np="%i3"; # const BN_ULONG *np, -$n0="%i4"; # const BN_ULONG *n0, -$num="%i5"; # int num); - -$frame="STACK_FRAME"; -$bias="STACK_BIAS"; - -$car0="%o0"; -$car1="%o1"; -$car2="%o2"; # 1 bit -$acc0="%o3"; -$acc1="%o4"; -$mask="%g1"; # 32 bits, what a waste... -$tmp0="%g4"; -$tmp1="%g5"; - -$i="%l0"; -$j="%l1"; -$mul0="%l2"; -$mul1="%l3"; -$tp="%l4"; -$apj="%l5"; -$npj="%l6"; -$tpj="%l7"; - -$fname="bn_mul_mont_int"; - -$code=<<___; -#ifndef __ASSEMBLER__ -# define __ASSEMBLER__ 1 -#endif -#include "crypto/sparc_arch.h" - -.section ".text",#alloc,#execinstr - -.global $fname -.align 32 -$fname: - cmp %o5,4 ! 128 bits minimum - bge,pt %icc,.Lenter - sethi %hi(0xffffffff),$mask - retl - clr %o0 -.align 32 -.Lenter: - save %sp,-$frame,%sp - sll $num,2,$num ! num*=4 - or $mask,%lo(0xffffffff),$mask - ld [$n0],$n0 - cmp $ap,$bp - and $num,$mask,$num - ld [$bp],$mul0 ! bp[0] - nop - - add %sp,$bias,%o7 ! real top of stack - ld [$ap],$car0 ! ap[0] ! redundant in squaring context - sub %o7,$num,%o7 - ld [$ap+4],$apj ! ap[1] - and %o7,-1024,%o7 - ld [$np],$car1 ! np[0] - sub %o7,$bias,%sp ! alloca - ld [$np+4],$npj ! np[1] - be,pt SIZE_T_CC,.Lbn_sqr_mont - mov 12,$j - - mulx $car0,$mul0,$car0 ! ap[0]*bp[0] - mulx $apj,$mul0,$tmp0 !prologue! ap[1]*bp[0] - and $car0,$mask,$acc0 - add %sp,$bias+$frame,$tp - ld [$ap+8],$apj !prologue! - - mulx $n0,$acc0,$mul1 ! "t[0]"*n0 - and $mul1,$mask,$mul1 - - mulx $car1,$mul1,$car1 ! np[0]*"t[0]"*n0 - mulx $npj,$mul1,$acc1 !prologue! np[1]*"t[0]"*n0 - srlx $car0,32,$car0 - add $acc0,$car1,$car1 - ld [$np+8],$npj !prologue! - srlx $car1,32,$car1 - mov $tmp0,$acc0 !prologue! - -.L1st: - mulx $apj,$mul0,$tmp0 - mulx $npj,$mul1,$tmp1 - add $acc0,$car0,$car0 - ld [$ap+$j],$apj ! ap[j] - and $car0,$mask,$acc0 - add $acc1,$car1,$car1 - ld [$np+$j],$npj ! np[j] - srlx $car0,32,$car0 - add $acc0,$car1,$car1 - add $j,4,$j ! j++ - mov $tmp0,$acc0 - st $car1,[$tp] - cmp $j,$num - mov $tmp1,$acc1 - srlx $car1,32,$car1 - bl %icc,.L1st - add $tp,4,$tp ! tp++ -!.L1st - - mulx $apj,$mul0,$tmp0 !epilogue! - mulx $npj,$mul1,$tmp1 - add $acc0,$car0,$car0 - and $car0,$mask,$acc0 - add $acc1,$car1,$car1 - srlx $car0,32,$car0 - add $acc0,$car1,$car1 - st $car1,[$tp] - srlx $car1,32,$car1 - - add $tmp0,$car0,$car0 - and $car0,$mask,$acc0 - add $tmp1,$car1,$car1 - srlx $car0,32,$car0 - add $acc0,$car1,$car1 - st $car1,[$tp+4] - srlx $car1,32,$car1 - - add $car0,$car1,$car1 - st $car1,[$tp+8] - srlx $car1,32,$car2 - - mov 4,$i ! i++ - ld [$bp+4],$mul0 ! bp[1] -.Louter: - add %sp,$bias+$frame,$tp - ld [$ap],$car0 ! ap[0] - ld [$ap+4],$apj ! ap[1] - ld [$np],$car1 ! np[0] - ld [$np+4],$npj ! np[1] - ld [$tp],$tmp1 ! tp[0] - ld [$tp+4],$tpj ! tp[1] - mov 12,$j - - mulx $car0,$mul0,$car0 - mulx $apj,$mul0,$tmp0 !prologue! - add $tmp1,$car0,$car0 - ld [$ap+8],$apj !prologue! - and $car0,$mask,$acc0 - - mulx $n0,$acc0,$mul1 - and $mul1,$mask,$mul1 - - mulx $car1,$mul1,$car1 - mulx $npj,$mul1,$acc1 !prologue! - srlx $car0,32,$car0 - add $acc0,$car1,$car1 - ld [$np+8],$npj !prologue! - srlx $car1,32,$car1 - mov $tmp0,$acc0 !prologue! - -.Linner: - mulx $apj,$mul0,$tmp0 - mulx $npj,$mul1,$tmp1 - add $tpj,$car0,$car0 - ld [$ap+$j],$apj ! ap[j] - add $acc0,$car0,$car0 - add $acc1,$car1,$car1 - ld [$np+$j],$npj ! np[j] - and $car0,$mask,$acc0 - ld [$tp+8],$tpj ! tp[j] - srlx $car0,32,$car0 - add $acc0,$car1,$car1 - add $j,4,$j ! j++ - mov $tmp0,$acc0 - st $car1,[$tp] ! tp[j-1] - srlx $car1,32,$car1 - mov $tmp1,$acc1 - cmp $j,$num - bl %icc,.Linner - add $tp,4,$tp ! tp++ -!.Linner - - mulx $apj,$mul0,$tmp0 !epilogue! - mulx $npj,$mul1,$tmp1 - add $tpj,$car0,$car0 - add $acc0,$car0,$car0 - ld [$tp+8],$tpj ! tp[j] - and $car0,$mask,$acc0 - add $acc1,$car1,$car1 - srlx $car0,32,$car0 - add $acc0,$car1,$car1 - st $car1,[$tp] ! tp[j-1] - srlx $car1,32,$car1 - - add $tpj,$car0,$car0 - add $tmp0,$car0,$car0 - and $car0,$mask,$acc0 - add $tmp1,$car1,$car1 - add $acc0,$car1,$car1 - st $car1,[$tp+4] ! tp[j-1] - srlx $car0,32,$car0 - add $i,4,$i ! i++ - srlx $car1,32,$car1 - - add $car0,$car1,$car1 - cmp $i,$num - add $car2,$car1,$car1 - st $car1,[$tp+8] - - srlx $car1,32,$car2 - bl,a %icc,.Louter - ld [$bp+$i],$mul0 ! bp[i] -!.Louter - - add $tp,12,$tp - -.Ltail: - add $np,$num,$np - add $rp,$num,$rp - sub %g0,$num,%o7 ! k=-num - ba .Lsub - subcc %g0,%g0,%g0 ! clear %icc.c -.align 16 -.Lsub: - ld [$tp+%o7],%o0 - ld [$np+%o7],%o1 - subccc %o0,%o1,%o1 ! tp[j]-np[j] - add $rp,%o7,$i - add %o7,4,%o7 - brnz %o7,.Lsub - st %o1,[$i] - subccc $car2,0,$car2 ! handle upmost overflow bit - sub %g0,$num,%o7 - -.Lcopy: - ld [$tp+%o7],%o1 ! conditional copy - ld [$rp+%o7],%o0 - st %g0,[$tp+%o7] ! zap tp - movcs %icc,%o1,%o0 - st %o0,[$rp+%o7] - add %o7,4,%o7 - brnz %o7,.Lcopy - nop - mov 1,%i0 - ret - restore -___ - -######## -######## .Lbn_sqr_mont gives up to 20% *overall* improvement over -######## code without following dedicated squaring procedure. -######## -$sbit="%o5"; - -$code.=<<___; -.align 32 -.Lbn_sqr_mont: - mulx $mul0,$mul0,$car0 ! ap[0]*ap[0] - mulx $apj,$mul0,$tmp0 !prologue! - and $car0,$mask,$acc0 - add %sp,$bias+$frame,$tp - ld [$ap+8],$apj !prologue! - - mulx $n0,$acc0,$mul1 ! "t[0]"*n0 - srlx $car0,32,$car0 - and $mul1,$mask,$mul1 - - mulx $car1,$mul1,$car1 ! np[0]*"t[0]"*n0 - mulx $npj,$mul1,$acc1 !prologue! - and $car0,1,$sbit - ld [$np+8],$npj !prologue! - srlx $car0,1,$car0 - add $acc0,$car1,$car1 - srlx $car1,32,$car1 - mov $tmp0,$acc0 !prologue! - -.Lsqr_1st: - mulx $apj,$mul0,$tmp0 - mulx $npj,$mul1,$tmp1 - add $acc0,$car0,$car0 ! ap[j]*a0+c0 - add $acc1,$car1,$car1 - ld [$ap+$j],$apj ! ap[j] - and $car0,$mask,$acc0 - ld [$np+$j],$npj ! np[j] - srlx $car0,32,$car0 - add $acc0,$acc0,$acc0 - or $sbit,$acc0,$acc0 - mov $tmp1,$acc1 - srlx $acc0,32,$sbit - add $j,4,$j ! j++ - and $acc0,$mask,$acc0 - cmp $j,$num - add $acc0,$car1,$car1 - st $car1,[$tp] - mov $tmp0,$acc0 - srlx $car1,32,$car1 - bl %icc,.Lsqr_1st - add $tp,4,$tp ! tp++ -!.Lsqr_1st - - mulx $apj,$mul0,$tmp0 ! epilogue - mulx $npj,$mul1,$tmp1 - add $acc0,$car0,$car0 ! ap[j]*a0+c0 - add $acc1,$car1,$car1 - and $car0,$mask,$acc0 - srlx $car0,32,$car0 - add $acc0,$acc0,$acc0 - or $sbit,$acc0,$acc0 - srlx $acc0,32,$sbit - and $acc0,$mask,$acc0 - add $acc0,$car1,$car1 - st $car1,[$tp] - srlx $car1,32,$car1 - - add $tmp0,$car0,$car0 ! ap[j]*a0+c0 - add $tmp1,$car1,$car1 - and $car0,$mask,$acc0 - srlx $car0,32,$car0 - add $acc0,$acc0,$acc0 - or $sbit,$acc0,$acc0 - srlx $acc0,32,$sbit - and $acc0,$mask,$acc0 - add $acc0,$car1,$car1 - st $car1,[$tp+4] - srlx $car1,32,$car1 - - add $car0,$car0,$car0 - or $sbit,$car0,$car0 - add $car0,$car1,$car1 - st $car1,[$tp+8] - srlx $car1,32,$car2 - - ld [%sp+$bias+$frame],$tmp0 ! tp[0] - ld [%sp+$bias+$frame+4],$tmp1 ! tp[1] - ld [%sp+$bias+$frame+8],$tpj ! tp[2] - ld [$ap+4],$mul0 ! ap[1] - ld [$ap+8],$apj ! ap[2] - ld [$np],$car1 ! np[0] - ld [$np+4],$npj ! np[1] - mulx $n0,$tmp0,$mul1 - - mulx $mul0,$mul0,$car0 - and $mul1,$mask,$mul1 - - mulx $car1,$mul1,$car1 - mulx $npj,$mul1,$acc1 - add $tmp0,$car1,$car1 - and $car0,$mask,$acc0 - ld [$np+8],$npj ! np[2] - srlx $car1,32,$car1 - add $tmp1,$car1,$car1 - srlx $car0,32,$car0 - add $acc0,$car1,$car1 - and $car0,1,$sbit - add $acc1,$car1,$car1 - srlx $car0,1,$car0 - mov 12,$j - st $car1,[%sp+$bias+$frame] ! tp[0]= - srlx $car1,32,$car1 - add %sp,$bias+$frame+4,$tp - -.Lsqr_2nd: - mulx $apj,$mul0,$acc0 - mulx $npj,$mul1,$acc1 - add $acc0,$car0,$car0 - add $tpj,$sbit,$sbit - ld [$ap+$j],$apj ! ap[j] - and $car0,$mask,$acc0 - ld [$np+$j],$npj ! np[j] - srlx $car0,32,$car0 - add $acc1,$car1,$car1 - ld [$tp+8],$tpj ! tp[j] - add $acc0,$acc0,$acc0 - add $j,4,$j ! j++ - add $sbit,$acc0,$acc0 - srlx $acc0,32,$sbit - and $acc0,$mask,$acc0 - cmp $j,$num - add $acc0,$car1,$car1 - st $car1,[$tp] ! tp[j-1] - srlx $car1,32,$car1 - bl %icc,.Lsqr_2nd - add $tp,4,$tp ! tp++ -!.Lsqr_2nd - - mulx $apj,$mul0,$acc0 - mulx $npj,$mul1,$acc1 - add $acc0,$car0,$car0 - add $tpj,$sbit,$sbit - and $car0,$mask,$acc0 - srlx $car0,32,$car0 - add $acc1,$car1,$car1 - add $acc0,$acc0,$acc0 - add $sbit,$acc0,$acc0 - srlx $acc0,32,$sbit - and $acc0,$mask,$acc0 - add $acc0,$car1,$car1 - st $car1,[$tp] ! tp[j-1] - srlx $car1,32,$car1 - - add $car0,$car0,$car0 - add $sbit,$car0,$car0 - add $car0,$car1,$car1 - add $car2,$car1,$car1 - st $car1,[$tp+4] - srlx $car1,32,$car2 - - ld [%sp+$bias+$frame],$tmp1 ! tp[0] - ld [%sp+$bias+$frame+4],$tpj ! tp[1] - ld [$ap+8],$mul0 ! ap[2] - ld [$np],$car1 ! np[0] - ld [$np+4],$npj ! np[1] - mulx $n0,$tmp1,$mul1 - and $mul1,$mask,$mul1 - mov 8,$i - - mulx $mul0,$mul0,$car0 - mulx $car1,$mul1,$car1 - and $car0,$mask,$acc0 - add $tmp1,$car1,$car1 - srlx $car0,32,$car0 - add %sp,$bias+$frame,$tp - srlx $car1,32,$car1 - and $car0,1,$sbit - srlx $car0,1,$car0 - mov 4,$j - -.Lsqr_outer: -.Lsqr_inner1: - mulx $npj,$mul1,$acc1 - add $tpj,$car1,$car1 - add $j,4,$j - ld [$tp+8],$tpj - cmp $j,$i - add $acc1,$car1,$car1 - ld [$np+$j],$npj - st $car1,[$tp] - srlx $car1,32,$car1 - bl %icc,.Lsqr_inner1 - add $tp,4,$tp -!.Lsqr_inner1 - - add $j,4,$j - ld [$ap+$j],$apj ! ap[j] - mulx $npj,$mul1,$acc1 - add $tpj,$car1,$car1 - ld [$np+$j],$npj ! np[j] - srlx $car1,32,$tmp0 - and $car1,$mask,$car1 - add $tmp0,$sbit,$sbit - add $acc0,$car1,$car1 - ld [$tp+8],$tpj ! tp[j] - add $acc1,$car1,$car1 - st $car1,[$tp] - srlx $car1,32,$car1 - - add $j,4,$j - cmp $j,$num - be,pn %icc,.Lsqr_no_inner2 - add $tp,4,$tp - -.Lsqr_inner2: - mulx $apj,$mul0,$acc0 - mulx $npj,$mul1,$acc1 - add $tpj,$sbit,$sbit - add $acc0,$car0,$car0 - ld [$ap+$j],$apj ! ap[j] - and $car0,$mask,$acc0 - ld [$np+$j],$npj ! np[j] - srlx $car0,32,$car0 - add $acc0,$acc0,$acc0 - ld [$tp+8],$tpj ! tp[j] - add $sbit,$acc0,$acc0 - add $j,4,$j ! j++ - srlx $acc0,32,$sbit - and $acc0,$mask,$acc0 - cmp $j,$num - add $acc0,$car1,$car1 - add $acc1,$car1,$car1 - st $car1,[$tp] ! tp[j-1] - srlx $car1,32,$car1 - bl %icc,.Lsqr_inner2 - add $tp,4,$tp ! tp++ - -.Lsqr_no_inner2: - mulx $apj,$mul0,$acc0 - mulx $npj,$mul1,$acc1 - add $tpj,$sbit,$sbit - add $acc0,$car0,$car0 - and $car0,$mask,$acc0 - srlx $car0,32,$car0 - add $acc0,$acc0,$acc0 - add $sbit,$acc0,$acc0 - srlx $acc0,32,$sbit - and $acc0,$mask,$acc0 - add $acc0,$car1,$car1 - add $acc1,$car1,$car1 - st $car1,[$tp] ! tp[j-1] - srlx $car1,32,$car1 - - add $car0,$car0,$car0 - add $sbit,$car0,$car0 - add $car0,$car1,$car1 - add $car2,$car1,$car1 - st $car1,[$tp+4] - srlx $car1,32,$car2 - - add $i,4,$i ! i++ - ld [%sp+$bias+$frame],$tmp1 ! tp[0] - ld [%sp+$bias+$frame+4],$tpj ! tp[1] - ld [$ap+$i],$mul0 ! ap[j] - ld [$np],$car1 ! np[0] - ld [$np+4],$npj ! np[1] - mulx $n0,$tmp1,$mul1 - and $mul1,$mask,$mul1 - add $i,4,$tmp0 - - mulx $mul0,$mul0,$car0 - mulx $car1,$mul1,$car1 - and $car0,$mask,$acc0 - add $tmp1,$car1,$car1 - srlx $car0,32,$car0 - add %sp,$bias+$frame,$tp - srlx $car1,32,$car1 - and $car0,1,$sbit - srlx $car0,1,$car0 - - cmp $tmp0,$num ! i" -.align 32 -___ -$code =~ s/\`([^\`]*)\`/eval($1)/gem; -print $code; -close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/bn/asm/sparcv9a-mont.pl b/crypto/bn/asm/sparcv9a-mont.pl deleted file mode 100755 index 08773bc75835c02e389e5b59735ddd66d66b7539..0000000000000000000000000000000000000000 --- a/crypto/bn/asm/sparcv9a-mont.pl +++ /dev/null @@ -1,892 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2005-2021 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - - -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# ==================================================================== - -# October 2005 -# -# "Teaser" Montgomery multiplication module for UltraSPARC. Why FPU? -# Because unlike integer multiplier, which simply stalls whole CPU, -# FPU is fully pipelined and can effectively emit 48 bit partial -# product every cycle. Why not blended SPARC v9? One can argue that -# making this module dependent on UltraSPARC VIS extension limits its -# binary compatibility. Well yes, it does exclude SPARC64 prior-V(!) -# implementations from compatibility matrix. But the rest, whole Sun -# UltraSPARC family and brand new Fujitsu's SPARC64 V, all support -# VIS extension instructions used in this module. This is considered -# good enough to not care about HAL SPARC64 users [if any] who have -# integer-only pure SPARCv9 module to "fall down" to. - -# USI&II cores currently exhibit uniform 2x improvement [over pre- -# bn_mul_mont codebase] for all key lengths and benchmarks. On USIII -# performance improves few percents for shorter keys and worsens few -# percents for longer keys. This is because USIII integer multiplier -# is >3x faster than USI&II one, which is harder to match [but see -# TODO list below]. It should also be noted that SPARC64 V features -# out-of-order execution, which *might* mean that integer multiplier -# is pipelined, which in turn *might* be impossible to match... On -# additional note, SPARC64 V implements FP Multiply-Add instruction, -# which is perfectly usable in this context... In other words, as far -# as Fujitsu SPARC64 V goes, talk to the author:-) - -# The implementation implies following "non-natural" limitations on -# input arguments: -# - num may not be less than 4; -# - num has to be even; -# Failure to meet either condition has no fatal effects, simply -# doesn't give any performance gain. - -# TODO: -# - modulo-schedule inner loop for better performance (on in-order -# execution core such as UltraSPARC this shall result in further -# noticeable(!) improvement); -# - dedicated squaring procedure[?]; - -###################################################################### -# November 2006 -# -# Modulo-scheduled inner loops allow to interleave floating point and -# integer instructions and minimize Read-After-Write penalties. This -# results in *further* 20-50% performance improvement [depending on -# key length, more for longer keys] on USI&II cores and 30-80% - on -# USIII&IV. - -# $output is the last argument if it looks like a file (it has an extension) -$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; - -$output and open STDOUT,">$output"; - -$fname="bn_mul_mont_fpu"; - -$frame="STACK_FRAME"; -$bias="STACK_BIAS"; -$locals=64; - -# In order to provide for 32-/64-bit ABI duality, I keep integers wider -# than 32 bit in %g1-%g4 and %o0-%o5. %l0-%l7 and %i0-%i5 are used -# exclusively for pointers, indexes and other small values... -# int bn_mul_mont( -$rp="%i0"; # BN_ULONG *rp, -$ap="%i1"; # const BN_ULONG *ap, -$bp="%i2"; # const BN_ULONG *bp, -$np="%i3"; # const BN_ULONG *np, -$n0="%i4"; # const BN_ULONG *n0, -$num="%i5"; # int num); - -$tp="%l0"; # t[num] -$ap_l="%l1"; # a[num],n[num] are smashed to 32-bit words and saved -$ap_h="%l2"; # to these four vectors as double-precision FP values. -$np_l="%l3"; # This way a bunch of fxtods are eliminated in second -$np_h="%l4"; # loop and L1-cache aliasing is minimized... -$i="%l5"; -$j="%l6"; -$mask="%l7"; # 16-bit mask, 0xffff - -$n0="%g4"; # reassigned(!) to "64-bit" register -$carry="%i4"; # %i4 reused(!) for a carry bit - -# FP register naming chart -# -# ..HILO -# dcba -# -------- -# LOa -# LOb -# LOc -# LOd -# HIa -# HIb -# HIc -# HId -# ..a -# ..b -$ba="%f0"; $bb="%f2"; $bc="%f4"; $bd="%f6"; -$na="%f8"; $nb="%f10"; $nc="%f12"; $nd="%f14"; -$alo="%f16"; $alo_="%f17"; $ahi="%f18"; $ahi_="%f19"; -$nlo="%f20"; $nlo_="%f21"; $nhi="%f22"; $nhi_="%f23"; - -$dota="%f24"; $dotb="%f26"; - -$aloa="%f32"; $alob="%f34"; $aloc="%f36"; $alod="%f38"; -$ahia="%f40"; $ahib="%f42"; $ahic="%f44"; $ahid="%f46"; -$nloa="%f48"; $nlob="%f50"; $nloc="%f52"; $nlod="%f54"; -$nhia="%f56"; $nhib="%f58"; $nhic="%f60"; $nhid="%f62"; - -$ASI_FL16_P=0xD2; # magic ASI value to engage 16-bit FP load - -$code=<<___; -#ifndef __ASSEMBLER__ -# define __ASSEMBLER__ 1 -#endif -#include "crypto/sparc_arch.h" - -.section ".text",#alloc,#execinstr - -.global $fname -.align 32 -$fname: - save %sp,-$frame-$locals,%sp - - cmp $num,4 - bl,a,pn %icc,.Lret - clr %i0 - andcc $num,1,%g0 ! $num has to be even... - bnz,a,pn %icc,.Lret - clr %i0 ! signal "unsupported input value" - - srl $num,1,$num - sethi %hi(0xffff),$mask - ld [%i4+0],$n0 ! $n0 reassigned, remember? - or $mask,%lo(0xffff),$mask - ld [%i4+4],%o0 - sllx %o0,32,%o0 - or %o0,$n0,$n0 ! $n0=n0[1].n0[0] - - sll $num,3,$num ! num*=8 - - add %sp,$bias,%o0 ! real top of stack - sll $num,2,%o1 - add %o1,$num,%o1 ! %o1=num*5 - sub %o0,%o1,%o0 - and %o0,-2048,%o0 ! optimize TLB utilization - sub %o0,$bias,%sp ! alloca(5*num*8) - - rd %asi,%o7 ! save %asi - add %sp,$bias+$frame+$locals,$tp - add $tp,$num,$ap_l - add $ap_l,$num,$ap_l ! [an]p_[lh] point at the vectors' ends ! - add $ap_l,$num,$ap_h - add $ap_h,$num,$np_l - add $np_l,$num,$np_h - - wr %g0,$ASI_FL16_P,%asi ! setup %asi for 16-bit FP loads - - add $rp,$num,$rp ! readjust input pointers to point - add $ap,$num,$ap ! at the ends too... - add $bp,$num,$bp - add $np,$num,$np - - stx %o7,[%sp+$bias+$frame+48] ! save %asi - - sub %g0,$num,$i ! i=-num - sub %g0,$num,$j ! j=-num - - add $ap,$j,%o3 - add $bp,$i,%o4 - - ld [%o3+4],%g1 ! bp[0] - ld [%o3+0],%o0 - ld [%o4+4],%g5 ! ap[0] - sllx %g1,32,%g1 - ld [%o4+0],%o1 - sllx %g5,32,%g5 - or %g1,%o0,%o0 - or %g5,%o1,%o1 - - add $np,$j,%o5 - - mulx %o1,%o0,%o0 ! ap[0]*bp[0] - mulx $n0,%o0,%o0 ! ap[0]*bp[0]*n0 - stx %o0,[%sp+$bias+$frame+0] - - ld [%o3+0],$alo_ ! load a[j] as pair of 32-bit words - fzeros $alo - ld [%o3+4],$ahi_ - fzeros $ahi - ld [%o5+0],$nlo_ ! load n[j] as pair of 32-bit words - fzeros $nlo - ld [%o5+4],$nhi_ - fzeros $nhi - - ! transfer b[i] to FPU as 4x16-bit values - ldda [%o4+2]%asi,$ba - fxtod $alo,$alo - ldda [%o4+0]%asi,$bb - fxtod $ahi,$ahi - ldda [%o4+6]%asi,$bc - fxtod $nlo,$nlo - ldda [%o4+4]%asi,$bd - fxtod $nhi,$nhi - - ! transfer ap[0]*b[0]*n0 to FPU as 4x16-bit values - ldda [%sp+$bias+$frame+6]%asi,$na - fxtod $ba,$ba - ldda [%sp+$bias+$frame+4]%asi,$nb - fxtod $bb,$bb - ldda [%sp+$bias+$frame+2]%asi,$nc - fxtod $bc,$bc - ldda [%sp+$bias+$frame+0]%asi,$nd - fxtod $bd,$bd - - std $alo,[$ap_l+$j] ! save smashed ap[j] in double format - fxtod $na,$na - std $ahi,[$ap_h+$j] - fxtod $nb,$nb - std $nlo,[$np_l+$j] ! save smashed np[j] in double format - fxtod $nc,$nc - std $nhi,[$np_h+$j] - fxtod $nd,$nd - - fmuld $alo,$ba,$aloa - fmuld $nlo,$na,$nloa - fmuld $alo,$bb,$alob - fmuld $nlo,$nb,$nlob - fmuld $alo,$bc,$aloc - faddd $aloa,$nloa,$nloa - fmuld $nlo,$nc,$nloc - fmuld $alo,$bd,$alod - faddd $alob,$nlob,$nlob - fmuld $nlo,$nd,$nlod - fmuld $ahi,$ba,$ahia - faddd $aloc,$nloc,$nloc - fmuld $nhi,$na,$nhia - fmuld $ahi,$bb,$ahib - faddd $alod,$nlod,$nlod - fmuld $nhi,$nb,$nhib - fmuld $ahi,$bc,$ahic - faddd $ahia,$nhia,$nhia - fmuld $nhi,$nc,$nhic - fmuld $ahi,$bd,$ahid - faddd $ahib,$nhib,$nhib - fmuld $nhi,$nd,$nhid - - faddd $ahic,$nhic,$dota ! $nhic - faddd $ahid,$nhid,$dotb ! $nhid - - faddd $nloc,$nhia,$nloc - faddd $nlod,$nhib,$nlod - - fdtox $nloa,$nloa - fdtox $nlob,$nlob - fdtox $nloc,$nloc - fdtox $nlod,$nlod - - std $nloa,[%sp+$bias+$frame+0] - add $j,8,$j - std $nlob,[%sp+$bias+$frame+8] - add $ap,$j,%o4 - std $nloc,[%sp+$bias+$frame+16] - add $np,$j,%o5 - std $nlod,[%sp+$bias+$frame+24] - - ld [%o4+0],$alo_ ! load a[j] as pair of 32-bit words - fzeros $alo - ld [%o4+4],$ahi_ - fzeros $ahi - ld [%o5+0],$nlo_ ! load n[j] as pair of 32-bit words - fzeros $nlo - ld [%o5+4],$nhi_ - fzeros $nhi - - fxtod $alo,$alo - fxtod $ahi,$ahi - fxtod $nlo,$nlo - fxtod $nhi,$nhi - - ldx [%sp+$bias+$frame+0],%o0 - fmuld $alo,$ba,$aloa - ldx [%sp+$bias+$frame+8],%o1 - fmuld $nlo,$na,$nloa - ldx [%sp+$bias+$frame+16],%o2 - fmuld $alo,$bb,$alob - ldx [%sp+$bias+$frame+24],%o3 - fmuld $nlo,$nb,$nlob - - srlx %o0,16,%o7 - std $alo,[$ap_l+$j] ! save smashed ap[j] in double format - fmuld $alo,$bc,$aloc - add %o7,%o1,%o1 - std $ahi,[$ap_h+$j] - faddd $aloa,$nloa,$nloa - fmuld $nlo,$nc,$nloc - srlx %o1,16,%o7 - std $nlo,[$np_l+$j] ! save smashed np[j] in double format - fmuld $alo,$bd,$alod - add %o7,%o2,%o2 - std $nhi,[$np_h+$j] - faddd $alob,$nlob,$nlob - fmuld $nlo,$nd,$nlod - srlx %o2,16,%o7 - fmuld $ahi,$ba,$ahia - add %o7,%o3,%o3 ! %o3.%o2[0..15].%o1[0..15].%o0[0..15] - faddd $aloc,$nloc,$nloc - fmuld $nhi,$na,$nhia - !and %o0,$mask,%o0 - !and %o1,$mask,%o1 - !and %o2,$mask,%o2 - !sllx %o1,16,%o1 - !sllx %o2,32,%o2 - !sllx %o3,48,%o7 - !or %o1,%o0,%o0 - !or %o2,%o0,%o0 - !or %o7,%o0,%o0 ! 64-bit result - srlx %o3,16,%g1 ! 34-bit carry - fmuld $ahi,$bb,$ahib - - faddd $alod,$nlod,$nlod - fmuld $nhi,$nb,$nhib - fmuld $ahi,$bc,$ahic - faddd $ahia,$nhia,$nhia - fmuld $nhi,$nc,$nhic - fmuld $ahi,$bd,$ahid - faddd $ahib,$nhib,$nhib - fmuld $nhi,$nd,$nhid - - faddd $dota,$nloa,$nloa - faddd $dotb,$nlob,$nlob - faddd $ahic,$nhic,$dota ! $nhic - faddd $ahid,$nhid,$dotb ! $nhid - - faddd $nloc,$nhia,$nloc - faddd $nlod,$nhib,$nlod - - fdtox $nloa,$nloa - fdtox $nlob,$nlob - fdtox $nloc,$nloc - fdtox $nlod,$nlod - - std $nloa,[%sp+$bias+$frame+0] - std $nlob,[%sp+$bias+$frame+8] - addcc $j,8,$j - std $nloc,[%sp+$bias+$frame+16] - bz,pn %icc,.L1stskip - std $nlod,[%sp+$bias+$frame+24] - -.align 32 ! incidentally already aligned ! -.L1st: - add $ap,$j,%o4 - add $np,$j,%o5 - ld [%o4+0],$alo_ ! load a[j] as pair of 32-bit words - fzeros $alo - ld [%o4+4],$ahi_ - fzeros $ahi - ld [%o5+0],$nlo_ ! load n[j] as pair of 32-bit words - fzeros $nlo - ld [%o5+4],$nhi_ - fzeros $nhi - - fxtod $alo,$alo - fxtod $ahi,$ahi - fxtod $nlo,$nlo - fxtod $nhi,$nhi - - ldx [%sp+$bias+$frame+0],%o0 - fmuld $alo,$ba,$aloa - ldx [%sp+$bias+$frame+8],%o1 - fmuld $nlo,$na,$nloa - ldx [%sp+$bias+$frame+16],%o2 - fmuld $alo,$bb,$alob - ldx [%sp+$bias+$frame+24],%o3 - fmuld $nlo,$nb,$nlob - - srlx %o0,16,%o7 - std $alo,[$ap_l+$j] ! save smashed ap[j] in double format - fmuld $alo,$bc,$aloc - add %o7,%o1,%o1 - std $ahi,[$ap_h+$j] - faddd $aloa,$nloa,$nloa - fmuld $nlo,$nc,$nloc - srlx %o1,16,%o7 - std $nlo,[$np_l+$j] ! save smashed np[j] in double format - fmuld $alo,$bd,$alod - add %o7,%o2,%o2 - std $nhi,[$np_h+$j] - faddd $alob,$nlob,$nlob - fmuld $nlo,$nd,$nlod - srlx %o2,16,%o7 - fmuld $ahi,$ba,$ahia - add %o7,%o3,%o3 ! %o3.%o2[0..15].%o1[0..15].%o0[0..15] - and %o0,$mask,%o0 - faddd $aloc,$nloc,$nloc - fmuld $nhi,$na,$nhia - and %o1,$mask,%o1 - and %o2,$mask,%o2 - fmuld $ahi,$bb,$ahib - sllx %o1,16,%o1 - faddd $alod,$nlod,$nlod - fmuld $nhi,$nb,$nhib - sllx %o2,32,%o2 - fmuld $ahi,$bc,$ahic - sllx %o3,48,%o7 - or %o1,%o0,%o0 - faddd $ahia,$nhia,$nhia - fmuld $nhi,$nc,$nhic - or %o2,%o0,%o0 - fmuld $ahi,$bd,$ahid - or %o7,%o0,%o0 ! 64-bit result - faddd $ahib,$nhib,$nhib - fmuld $nhi,$nd,$nhid - addcc %g1,%o0,%o0 - faddd $dota,$nloa,$nloa - srlx %o3,16,%g1 ! 34-bit carry - faddd $dotb,$nlob,$nlob - bcs,a %xcc,.+8 - add %g1,1,%g1 - - stx %o0,[$tp] ! tp[j-1]= - - faddd $ahic,$nhic,$dota ! $nhic - faddd $ahid,$nhid,$dotb ! $nhid - - faddd $nloc,$nhia,$nloc - faddd $nlod,$nhib,$nlod - - fdtox $nloa,$nloa - fdtox $nlob,$nlob - fdtox $nloc,$nloc - fdtox $nlod,$nlod - - std $nloa,[%sp+$bias+$frame+0] - std $nlob,[%sp+$bias+$frame+8] - std $nloc,[%sp+$bias+$frame+16] - std $nlod,[%sp+$bias+$frame+24] - - addcc $j,8,$j - bnz,pt %icc,.L1st - add $tp,8,$tp - -.L1stskip: - fdtox $dota,$dota - fdtox $dotb,$dotb - - ldx [%sp+$bias+$frame+0],%o0 - ldx [%sp+$bias+$frame+8],%o1 - ldx [%sp+$bias+$frame+16],%o2 - ldx [%sp+$bias+$frame+24],%o3 - - srlx %o0,16,%o7 - std $dota,[%sp+$bias+$frame+32] - add %o7,%o1,%o1 - std $dotb,[%sp+$bias+$frame+40] - srlx %o1,16,%o7 - add %o7,%o2,%o2 - srlx %o2,16,%o7 - add %o7,%o3,%o3 ! %o3.%o2[0..15].%o1[0..15].%o0[0..15] - and %o0,$mask,%o0 - and %o1,$mask,%o1 - and %o2,$mask,%o2 - sllx %o1,16,%o1 - sllx %o2,32,%o2 - sllx %o3,48,%o7 - or %o1,%o0,%o0 - or %o2,%o0,%o0 - or %o7,%o0,%o0 ! 64-bit result - ldx [%sp+$bias+$frame+32],%o4 - addcc %g1,%o0,%o0 - ldx [%sp+$bias+$frame+40],%o5 - srlx %o3,16,%g1 ! 34-bit carry - bcs,a %xcc,.+8 - add %g1,1,%g1 - - stx %o0,[$tp] ! tp[j-1]= - add $tp,8,$tp - - srlx %o4,16,%o7 - add %o7,%o5,%o5 - and %o4,$mask,%o4 - sllx %o5,16,%o7 - or %o7,%o4,%o4 - addcc %g1,%o4,%o4 - srlx %o5,48,%g1 - bcs,a %xcc,.+8 - add %g1,1,%g1 - - mov %g1,$carry - stx %o4,[$tp] ! tp[num-1]= - - ba .Louter - add $i,8,$i -.align 32 -.Louter: - sub %g0,$num,$j ! j=-num - add %sp,$bias+$frame+$locals,$tp - - add $ap,$j,%o3 - add $bp,$i,%o4 - - ld [%o3+4],%g1 ! bp[i] - ld [%o3+0],%o0 - ld [%o4+4],%g5 ! ap[0] - sllx %g1,32,%g1 - ld [%o4+0],%o1 - sllx %g5,32,%g5 - or %g1,%o0,%o0 - or %g5,%o1,%o1 - - ldx [$tp],%o2 ! tp[0] - mulx %o1,%o0,%o0 - addcc %o2,%o0,%o0 - mulx $n0,%o0,%o0 ! (ap[0]*bp[i]+t[0])*n0 - stx %o0,[%sp+$bias+$frame+0] - - ! transfer b[i] to FPU as 4x16-bit values - ldda [%o4+2]%asi,$ba - ldda [%o4+0]%asi,$bb - ldda [%o4+6]%asi,$bc - ldda [%o4+4]%asi,$bd - - ! transfer (ap[0]*b[i]+t[0])*n0 to FPU as 4x16-bit values - ldda [%sp+$bias+$frame+6]%asi,$na - fxtod $ba,$ba - ldda [%sp+$bias+$frame+4]%asi,$nb - fxtod $bb,$bb - ldda [%sp+$bias+$frame+2]%asi,$nc - fxtod $bc,$bc - ldda [%sp+$bias+$frame+0]%asi,$nd - fxtod $bd,$bd - ldd [$ap_l+$j],$alo ! load a[j] in double format - fxtod $na,$na - ldd [$ap_h+$j],$ahi - fxtod $nb,$nb - ldd [$np_l+$j],$nlo ! load n[j] in double format - fxtod $nc,$nc - ldd [$np_h+$j],$nhi - fxtod $nd,$nd - - fmuld $alo,$ba,$aloa - fmuld $nlo,$na,$nloa - fmuld $alo,$bb,$alob - fmuld $nlo,$nb,$nlob - fmuld $alo,$bc,$aloc - faddd $aloa,$nloa,$nloa - fmuld $nlo,$nc,$nloc - fmuld $alo,$bd,$alod - faddd $alob,$nlob,$nlob - fmuld $nlo,$nd,$nlod - fmuld $ahi,$ba,$ahia - faddd $aloc,$nloc,$nloc - fmuld $nhi,$na,$nhia - fmuld $ahi,$bb,$ahib - faddd $alod,$nlod,$nlod - fmuld $nhi,$nb,$nhib - fmuld $ahi,$bc,$ahic - faddd $ahia,$nhia,$nhia - fmuld $nhi,$nc,$nhic - fmuld $ahi,$bd,$ahid - faddd $ahib,$nhib,$nhib - fmuld $nhi,$nd,$nhid - - faddd $ahic,$nhic,$dota ! $nhic - faddd $ahid,$nhid,$dotb ! $nhid - - faddd $nloc,$nhia,$nloc - faddd $nlod,$nhib,$nlod - - fdtox $nloa,$nloa - fdtox $nlob,$nlob - fdtox $nloc,$nloc - fdtox $nlod,$nlod - - std $nloa,[%sp+$bias+$frame+0] - std $nlob,[%sp+$bias+$frame+8] - std $nloc,[%sp+$bias+$frame+16] - add $j,8,$j - std $nlod,[%sp+$bias+$frame+24] - - ldd [$ap_l+$j],$alo ! load a[j] in double format - ldd [$ap_h+$j],$ahi - ldd [$np_l+$j],$nlo ! load n[j] in double format - ldd [$np_h+$j],$nhi - - fmuld $alo,$ba,$aloa - fmuld $nlo,$na,$nloa - fmuld $alo,$bb,$alob - fmuld $nlo,$nb,$nlob - fmuld $alo,$bc,$aloc - ldx [%sp+$bias+$frame+0],%o0 - faddd $aloa,$nloa,$nloa - fmuld $nlo,$nc,$nloc - ldx [%sp+$bias+$frame+8],%o1 - fmuld $alo,$bd,$alod - ldx [%sp+$bias+$frame+16],%o2 - faddd $alob,$nlob,$nlob - fmuld $nlo,$nd,$nlod - ldx [%sp+$bias+$frame+24],%o3 - fmuld $ahi,$ba,$ahia - - srlx %o0,16,%o7 - faddd $aloc,$nloc,$nloc - fmuld $nhi,$na,$nhia - add %o7,%o1,%o1 - fmuld $ahi,$bb,$ahib - srlx %o1,16,%o7 - faddd $alod,$nlod,$nlod - fmuld $nhi,$nb,$nhib - add %o7,%o2,%o2 - fmuld $ahi,$bc,$ahic - srlx %o2,16,%o7 - faddd $ahia,$nhia,$nhia - fmuld $nhi,$nc,$nhic - add %o7,%o3,%o3 ! %o3.%o2[0..15].%o1[0..15].%o0[0..15] - ! why? - and %o0,$mask,%o0 - fmuld $ahi,$bd,$ahid - and %o1,$mask,%o1 - and %o2,$mask,%o2 - faddd $ahib,$nhib,$nhib - fmuld $nhi,$nd,$nhid - sllx %o1,16,%o1 - faddd $dota,$nloa,$nloa - sllx %o2,32,%o2 - faddd $dotb,$nlob,$nlob - sllx %o3,48,%o7 - or %o1,%o0,%o0 - faddd $ahic,$nhic,$dota ! $nhic - or %o2,%o0,%o0 - faddd $ahid,$nhid,$dotb ! $nhid - or %o7,%o0,%o0 ! 64-bit result - ldx [$tp],%o7 - faddd $nloc,$nhia,$nloc - addcc %o7,%o0,%o0 - ! end-of-why? - faddd $nlod,$nhib,$nlod - srlx %o3,16,%g1 ! 34-bit carry - fdtox $nloa,$nloa - bcs,a %xcc,.+8 - add %g1,1,%g1 - - fdtox $nlob,$nlob - fdtox $nloc,$nloc - fdtox $nlod,$nlod - - std $nloa,[%sp+$bias+$frame+0] - std $nlob,[%sp+$bias+$frame+8] - addcc $j,8,$j - std $nloc,[%sp+$bias+$frame+16] - bz,pn %icc,.Linnerskip - std $nlod,[%sp+$bias+$frame+24] - - ba .Linner - nop -.align 32 -.Linner: - ldd [$ap_l+$j],$alo ! load a[j] in double format - ldd [$ap_h+$j],$ahi - ldd [$np_l+$j],$nlo ! load n[j] in double format - ldd [$np_h+$j],$nhi - - fmuld $alo,$ba,$aloa - fmuld $nlo,$na,$nloa - fmuld $alo,$bb,$alob - fmuld $nlo,$nb,$nlob - fmuld $alo,$bc,$aloc - ldx [%sp+$bias+$frame+0],%o0 - faddd $aloa,$nloa,$nloa - fmuld $nlo,$nc,$nloc - ldx [%sp+$bias+$frame+8],%o1 - fmuld $alo,$bd,$alod - ldx [%sp+$bias+$frame+16],%o2 - faddd $alob,$nlob,$nlob - fmuld $nlo,$nd,$nlod - ldx [%sp+$bias+$frame+24],%o3 - fmuld $ahi,$ba,$ahia - - srlx %o0,16,%o7 - faddd $aloc,$nloc,$nloc - fmuld $nhi,$na,$nhia - add %o7,%o1,%o1 - fmuld $ahi,$bb,$ahib - srlx %o1,16,%o7 - faddd $alod,$nlod,$nlod - fmuld $nhi,$nb,$nhib - add %o7,%o2,%o2 - fmuld $ahi,$bc,$ahic - srlx %o2,16,%o7 - faddd $ahia,$nhia,$nhia - fmuld $nhi,$nc,$nhic - add %o7,%o3,%o3 ! %o3.%o2[0..15].%o1[0..15].%o0[0..15] - and %o0,$mask,%o0 - fmuld $ahi,$bd,$ahid - and %o1,$mask,%o1 - and %o2,$mask,%o2 - faddd $ahib,$nhib,$nhib - fmuld $nhi,$nd,$nhid - sllx %o1,16,%o1 - faddd $dota,$nloa,$nloa - sllx %o2,32,%o2 - faddd $dotb,$nlob,$nlob - sllx %o3,48,%o7 - or %o1,%o0,%o0 - faddd $ahic,$nhic,$dota ! $nhic - or %o2,%o0,%o0 - faddd $ahid,$nhid,$dotb ! $nhid - or %o7,%o0,%o0 ! 64-bit result - faddd $nloc,$nhia,$nloc - addcc %g1,%o0,%o0 - ldx [$tp+8],%o7 ! tp[j] - faddd $nlod,$nhib,$nlod - srlx %o3,16,%g1 ! 34-bit carry - fdtox $nloa,$nloa - bcs,a %xcc,.+8 - add %g1,1,%g1 - fdtox $nlob,$nlob - addcc %o7,%o0,%o0 - fdtox $nloc,$nloc - bcs,a %xcc,.+8 - add %g1,1,%g1 - - stx %o0,[$tp] ! tp[j-1] - fdtox $nlod,$nlod - - std $nloa,[%sp+$bias+$frame+0] - std $nlob,[%sp+$bias+$frame+8] - std $nloc,[%sp+$bias+$frame+16] - addcc $j,8,$j - std $nlod,[%sp+$bias+$frame+24] - bnz,pt %icc,.Linner - add $tp,8,$tp - -.Linnerskip: - fdtox $dota,$dota - fdtox $dotb,$dotb - - ldx [%sp+$bias+$frame+0],%o0 - ldx [%sp+$bias+$frame+8],%o1 - ldx [%sp+$bias+$frame+16],%o2 - ldx [%sp+$bias+$frame+24],%o3 - - srlx %o0,16,%o7 - std $dota,[%sp+$bias+$frame+32] - add %o7,%o1,%o1 - std $dotb,[%sp+$bias+$frame+40] - srlx %o1,16,%o7 - add %o7,%o2,%o2 - srlx %o2,16,%o7 - add %o7,%o3,%o3 ! %o3.%o2[0..15].%o1[0..15].%o0[0..15] - and %o0,$mask,%o0 - and %o1,$mask,%o1 - and %o2,$mask,%o2 - sllx %o1,16,%o1 - sllx %o2,32,%o2 - sllx %o3,48,%o7 - or %o1,%o0,%o0 - or %o2,%o0,%o0 - ldx [%sp+$bias+$frame+32],%o4 - or %o7,%o0,%o0 ! 64-bit result - ldx [%sp+$bias+$frame+40],%o5 - addcc %g1,%o0,%o0 - ldx [$tp+8],%o7 ! tp[j] - srlx %o3,16,%g1 ! 34-bit carry - bcs,a %xcc,.+8 - add %g1,1,%g1 - - addcc %o7,%o0,%o0 - bcs,a %xcc,.+8 - add %g1,1,%g1 - - stx %o0,[$tp] ! tp[j-1] - add $tp,8,$tp - - srlx %o4,16,%o7 - add %o7,%o5,%o5 - and %o4,$mask,%o4 - sllx %o5,16,%o7 - or %o7,%o4,%o4 - addcc %g1,%o4,%o4 - srlx %o5,48,%g1 - bcs,a %xcc,.+8 - add %g1,1,%g1 - - addcc $carry,%o4,%o4 - stx %o4,[$tp] ! tp[num-1] - mov %g1,$carry - bcs,a %xcc,.+8 - add $carry,1,$carry - - addcc $i,8,$i - bnz %icc,.Louter - nop - - add $tp,8,$tp ! adjust tp to point at the end - orn %g0,%g0,%g4 - sub %g0,$num,%o7 ! n=-num - ba .Lsub - subcc %g0,%g0,%g0 ! clear %icc.c - -.align 32 -.Lsub: - ldx [$tp+%o7],%o0 - add $np,%o7,%g1 - ld [%g1+0],%o2 - ld [%g1+4],%o3 - srlx %o0,32,%o1 - subccc %o0,%o2,%o2 - add $rp,%o7,%g1 - subccc %o1,%o3,%o3 - st %o2,[%g1+0] - add %o7,8,%o7 - brnz,pt %o7,.Lsub - st %o3,[%g1+4] - subc $carry,0,%g4 - sub %g0,$num,%o7 ! n=-num - ba .Lcopy - nop - -.align 32 -.Lcopy: - ldx [$tp+%o7],%o0 - add $rp,%o7,%g1 - ld [%g1+0],%o2 - ld [%g1+4],%o3 - stx %g0,[$tp+%o7] - and %o0,%g4,%o0 - srlx %o0,32,%o1 - andn %o2,%g4,%o2 - andn %o3,%g4,%o3 - or %o2,%o0,%o0 - or %o3,%o1,%o1 - st %o0,[%g1+0] - add %o7,8,%o7 - brnz,pt %o7,.Lcopy - st %o1,[%g1+4] - sub %g0,$num,%o7 ! n=-num - -.Lzap: - stx %g0,[$ap_l+%o7] - stx %g0,[$ap_h+%o7] - stx %g0,[$np_l+%o7] - stx %g0,[$np_h+%o7] - add %o7,8,%o7 - brnz,pt %o7,.Lzap - nop - - ldx [%sp+$bias+$frame+48],%o7 - wr %g0,%o7,%asi ! restore %asi - - mov 1,%i0 -.Lret: - ret - restore -.type $fname,#function -.size $fname,(.-$fname) -.asciz "Montgomery Multiplication for UltraSPARC, CRYPTOGAMS by " -.align 32 -___ - -$code =~ s/\`([^\`]*)\`/eval($1)/gem; - -# Below substitution makes it possible to compile without demanding -# VIS extensions on command line, e.g. -xarch=v9 vs. -xarch=v9a. I -# dare to do this, because VIS capability is detected at run-time now -# and this routine is not called on CPU not capable to execute it. Do -# note that fzeros is not the only VIS dependency! Another dependency -# is implicit and is just _a_ numerical value loaded to %asi register, -# which assembler can't recognize as VIS specific... -$code =~ s/fzeros\s+%f([0-9]+)/ - sprintf(".word\t0x%x\t! fzeros %%f%d",0x81b00c20|($1<<25),$1) - /gem; - -print $code; -# flush -close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/bn/asm/via-mont.pl b/crypto/bn/asm/via-mont.pl deleted file mode 100644 index 365dc652fe51bf58d9e584468c7d7d0625e20346..0000000000000000000000000000000000000000 --- a/crypto/bn/asm/via-mont.pl +++ /dev/null @@ -1,250 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - -# -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# ==================================================================== -# -# Wrapper around 'rep montmul', VIA-specific instruction accessing -# PadLock Montgomery Multiplier. The wrapper is designed as drop-in -# replacement for OpenSSL bn_mul_mont [first implemented in 0.9.9]. -# -# Below are interleaved outputs from 'openssl speed rsa dsa' for 4 -# different software configurations on 1.5GHz VIA Esther processor. -# Lines marked with "software integer" denote performance of hand- -# coded integer-only assembler found in OpenSSL 0.9.7. "Software SSE2" -# refers to hand-coded SSE2 Montgomery multiplication procedure found -# OpenSSL 0.9.9. "Hardware VIA SDK" refers to padlock_pmm routine from -# Padlock SDK 2.0.1 available for download from VIA, which naturally -# utilizes the magic 'repz montmul' instruction. And finally "hardware -# this" refers to *this* implementation which also uses 'repz montmul' -# -# sign verify sign/s verify/s -# rsa 512 bits 0.001720s 0.000140s 581.4 7149.7 software integer -# rsa 512 bits 0.000690s 0.000086s 1450.3 11606.0 software SSE2 -# rsa 512 bits 0.006136s 0.000201s 163.0 4974.5 hardware VIA SDK -# rsa 512 bits 0.000712s 0.000050s 1404.9 19858.5 hardware this -# -# rsa 1024 bits 0.008518s 0.000413s 117.4 2420.8 software integer -# rsa 1024 bits 0.004275s 0.000277s 233.9 3609.7 software SSE2 -# rsa 1024 bits 0.012136s 0.000260s 82.4 3844.5 hardware VIA SDK -# rsa 1024 bits 0.002522s 0.000116s 396.5 8650.9 hardware this -# -# rsa 2048 bits 0.050101s 0.001371s 20.0 729.6 software integer -# rsa 2048 bits 0.030273s 0.001008s 33.0 991.9 software SSE2 -# rsa 2048 bits 0.030833s 0.000976s 32.4 1025.1 hardware VIA SDK -# rsa 2048 bits 0.011879s 0.000342s 84.2 2921.7 hardware this -# -# rsa 4096 bits 0.327097s 0.004859s 3.1 205.8 software integer -# rsa 4096 bits 0.229318s 0.003859s 4.4 259.2 software SSE2 -# rsa 4096 bits 0.233953s 0.003274s 4.3 305.4 hardware VIA SDK -# rsa 4096 bits 0.070493s 0.001166s 14.2 857.6 hardware this -# -# dsa 512 bits 0.001342s 0.001651s 745.2 605.7 software integer -# dsa 512 bits 0.000844s 0.000987s 1185.3 1013.1 software SSE2 -# dsa 512 bits 0.001902s 0.002247s 525.6 444.9 hardware VIA SDK -# dsa 512 bits 0.000458s 0.000524s 2182.2 1909.1 hardware this -# -# dsa 1024 bits 0.003964s 0.004926s 252.3 203.0 software integer -# dsa 1024 bits 0.002686s 0.003166s 372.3 315.8 software SSE2 -# dsa 1024 bits 0.002397s 0.002823s 417.1 354.3 hardware VIA SDK -# dsa 1024 bits 0.000978s 0.001170s 1022.2 855.0 hardware this -# -# dsa 2048 bits 0.013280s 0.016518s 75.3 60.5 software integer -# dsa 2048 bits 0.009911s 0.011522s 100.9 86.8 software SSE2 -# dsa 2048 bits 0.009542s 0.011763s 104.8 85.0 hardware VIA SDK -# dsa 2048 bits 0.002884s 0.003352s 346.8 298.3 hardware this -# -# To give you some other reference point here is output for 2.4GHz P4 -# running hand-coded SSE2 bn_mul_mont found in 0.9.9, i.e. "software -# SSE2" in above terms. -# -# rsa 512 bits 0.000407s 0.000047s 2454.2 21137.0 -# rsa 1024 bits 0.002426s 0.000141s 412.1 7100.0 -# rsa 2048 bits 0.015046s 0.000491s 66.5 2034.9 -# rsa 4096 bits 0.109770s 0.002379s 9.1 420.3 -# dsa 512 bits 0.000438s 0.000525s 2281.1 1904.1 -# dsa 1024 bits 0.001346s 0.001595s 742.7 627.0 -# dsa 2048 bits 0.004745s 0.005582s 210.7 179.1 -# -# Conclusions: -# - VIA SDK leaves a *lot* of room for improvement (which this -# implementation successfully fills:-); -# - 'rep montmul' gives up to >3x performance improvement depending on -# key length; -# - in terms of absolute performance it delivers approximately as much -# as modern out-of-order 32-bit cores [again, for longer keys]. - -$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; -push(@INC,"${dir}","${dir}../../perlasm"); -require "x86asm.pl"; - -$output = pop and open STDOUT,">$output"; - -&asm_init($ARGV[0]); - -# int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np,const BN_ULONG *n0, int num); -$func="bn_mul_mont_padlock"; - -$pad=16*1; # amount of reserved bytes on top of every vector - -# stack layout -$mZeroPrime=&DWP(0,"esp"); # these are specified by VIA -$A=&DWP(4,"esp"); -$B=&DWP(8,"esp"); -$T=&DWP(12,"esp"); -$M=&DWP(16,"esp"); -$scratch=&DWP(20,"esp"); -$rp=&DWP(24,"esp"); # these are mine -$sp=&DWP(28,"esp"); -# &DWP(32,"esp") # 32 byte scratch area -# &DWP(64+(4*$num+$pad)*0,"esp") # padded tp[num] -# &DWP(64+(4*$num+$pad)*1,"esp") # padded copy of ap[num] -# &DWP(64+(4*$num+$pad)*2,"esp") # padded copy of bp[num] -# &DWP(64+(4*$num+$pad)*3,"esp") # padded copy of np[num] -# Note that SDK suggests to unconditionally allocate 2K per vector. This -# has quite an impact on performance. It naturally depends on key length, -# but to give an example 1024 bit private RSA key operations suffer >30% -# penalty. I allocate only as much as actually required... - -&function_begin($func); - &xor ("eax","eax"); - &mov ("ecx",&wparam(5)); # num - # meet VIA's limitations for num [note that the specification - # expresses them in bits, while we work with amount of 32-bit words] - &test ("ecx",3); - &jnz (&label("leave")); # num % 4 != 0 - &cmp ("ecx",8); - &jb (&label("leave")); # num < 8 - &cmp ("ecx",1024); - &ja (&label("leave")); # num > 1024 - - &pushf (); - &cld (); - - &mov ("edi",&wparam(0)); # rp - &mov ("eax",&wparam(1)); # ap - &mov ("ebx",&wparam(2)); # bp - &mov ("edx",&wparam(3)); # np - &mov ("esi",&wparam(4)); # n0 - &mov ("esi",&DWP(0,"esi")); # *n0 - - &lea ("ecx",&DWP($pad,"","ecx",4)); # ecx becomes vector size in bytes - &lea ("ebp",&DWP(64,"","ecx",4)); # allocate 4 vectors + 64 bytes - &neg ("ebp"); - &add ("ebp","esp"); - &and ("ebp",-64); # align to cache-line - &xchg ("ebp","esp"); # alloca - - &mov ($rp,"edi"); # save rp - &mov ($sp,"ebp"); # save esp - - &mov ($mZeroPrime,"esi"); - &lea ("esi",&DWP(64,"esp")); # tp - &mov ($T,"esi"); - &lea ("edi",&DWP(32,"esp")); # scratch area - &mov ($scratch,"edi"); - &mov ("esi","eax"); - - &lea ("ebp",&DWP(-$pad,"ecx")); - &shr ("ebp",2); # restore original num value in ebp - - &xor ("eax","eax"); - - &mov ("ecx","ebp"); - &lea ("ecx",&DWP((32+$pad)/4,"ecx"));# padded tp + scratch - &data_byte(0xf3,0xab); # rep stosl, bzero - - &mov ("ecx","ebp"); - &lea ("edi",&DWP(64+$pad,"esp","ecx",4));# pointer to ap copy - &mov ($A,"edi"); - &data_byte(0xf3,0xa5); # rep movsl, memcpy - &mov ("ecx",$pad/4); - &data_byte(0xf3,0xab); # rep stosl, bzero pad - # edi points at the end of padded ap copy... - - &mov ("ecx","ebp"); - &mov ("esi","ebx"); - &mov ($B,"edi"); - &data_byte(0xf3,0xa5); # rep movsl, memcpy - &mov ("ecx",$pad/4); - &data_byte(0xf3,0xab); # rep stosl, bzero pad - # edi points at the end of padded bp copy... - - &mov ("ecx","ebp"); - &mov ("esi","edx"); - &mov ($M,"edi"); - &data_byte(0xf3,0xa5); # rep movsl, memcpy - &mov ("ecx",$pad/4); - &data_byte(0xf3,0xab); # rep stosl, bzero pad - # edi points at the end of padded np copy... - - # let magic happen... - &mov ("ecx","ebp"); - &mov ("esi","esp"); - &shl ("ecx",5); # convert word counter to bit counter - &align (4); - &data_byte(0xf3,0x0f,0xa6,0xc0);# rep montmul - - &mov ("ecx","ebp"); - &lea ("esi",&DWP(64,"esp")); # tp - # edi still points at the end of padded np copy... - &neg ("ebp"); - &lea ("ebp",&DWP(-$pad,"edi","ebp",4)); # so just "rewind" - &mov ("edi",$rp); # restore rp - &xor ("edx","edx"); # i=0 and clear CF - -&set_label("sub",8); - &mov ("eax",&DWP(0,"esi","edx",4)); - &sbb ("eax",&DWP(0,"ebp","edx",4)); - &mov (&DWP(0,"edi","edx",4),"eax"); # rp[i]=tp[i]-np[i] - &lea ("edx",&DWP(1,"edx")); # i++ - &loop (&label("sub")); # doesn't affect CF! - - &mov ("eax",&DWP(0,"esi","edx",4)); # upmost overflow bit - &sbb ("eax",0); - - &mov ("ecx","edx"); # num - &mov ("edx",0); # i=0 - -&set_label("copy",8); - &mov ("ebx",&DWP(0,"esi","edx",4)); - &mov ("eax",&DWP(0,"edi","edx",4)); - &mov (&DWP(0,"esi","edx",4),"ecx"); # zap tp - &cmovc ("eax","ebx"); - &mov (&DWP(0,"edi","edx",4),"eax"); - &lea ("edx",&DWP(1,"edx")); # i++ - &loop (&label("copy")); - - &mov ("ebp",$sp); - &xor ("eax","eax"); - - &mov ("ecx",64/4); - &mov ("edi","esp"); # zap frame including scratch area - &data_byte(0xf3,0xab); # rep stosl, bzero - - # zap copies of ap, bp and np - &lea ("edi",&DWP(64+$pad,"esp","edx",4));# pointer to ap - &lea ("ecx",&DWP(3*$pad/4,"edx","edx",2)); - &data_byte(0xf3,0xab); # rep stosl, bzero - - &mov ("esp","ebp"); - &inc ("eax"); # signal "done" - &popf (); -&set_label("leave"); -&function_end($func); - -&asciz("Padlock Montgomery Multiplication, CRYPTOGAMS by "); - -&asm_finish(); - -close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/bn/asm/vis3-mont.pl b/crypto/bn/asm/vis3-mont.pl deleted file mode 100644 index f7e6c38635acfdf09feac1a5c599b4fcc996a820..0000000000000000000000000000000000000000 --- a/crypto/bn/asm/vis3-mont.pl +++ /dev/null @@ -1,386 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2012-2021 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - - -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# ==================================================================== - -# October 2012. -# -# SPARCv9 VIS3 Montgomery multiplication procedure suitable for T3 and -# onward. There are three new instructions used here: umulxhi, -# addxc[cc] and initializing store. On T3 RSA private key operations -# are 1.54/1.87/2.11/2.26 times faster for 512/1024/2048/4096-bit key -# lengths. This is without dedicated squaring procedure. On T4 -# corresponding coefficients are 1.47/2.10/2.80/2.90x, which is mostly -# for reference purposes, because T4 has dedicated Montgomery -# multiplication and squaring *instructions* that deliver even more. - -$output = pop and open STDOUT,">$output"; - -$frame = "STACK_FRAME"; -$bias = "STACK_BIAS"; - -$code.=<<___; -#ifndef __ASSEMBLER__ -# define __ASSEMBLER__ 1 -#endif -#include "crypto/sparc_arch.h" - -#ifdef __arch64__ -.register %g2,#scratch -.register %g3,#scratch -#endif - -.section ".text",#alloc,#execinstr -___ - -($n0,$m0,$m1,$lo0,$hi0, $lo1,$hi1,$aj,$alo,$nj,$nlo,$tj)= - (map("%g$_",(1..5)),map("%o$_",(0..5,7))); - -# int bn_mul_mont( -$rp="%o0"; # BN_ULONG *rp, -$ap="%o1"; # const BN_ULONG *ap, -$bp="%o2"; # const BN_ULONG *bp, -$np="%o3"; # const BN_ULONG *np, -$n0p="%o4"; # const BN_ULONG *n0, -$num="%o5"; # int num); # caller ensures that num is even - # and >=6 -$code.=<<___; -.globl bn_mul_mont_vis3 -.align 32 -bn_mul_mont_vis3: - add %sp, $bias, %g4 ! real top of stack - sll $num, 2, $num ! size in bytes - add $num, 63, %g5 - andn %g5, 63, %g5 ! buffer size rounded up to 64 bytes - add %g5, %g5, %g1 - add %g5, %g1, %g1 ! 3*buffer size - sub %g4, %g1, %g1 - andn %g1, 63, %g1 ! align at 64 byte - sub %g1, $frame, %g1 ! new top of stack - sub %g1, %g4, %g1 - - save %sp, %g1, %sp -___ - -# +-------------------------------+<----- %sp -# . . -# +-------------------------------+<----- aligned at 64 bytes -# | __int64 tmp[0] | -# +-------------------------------+ -# . . -# . . -# +-------------------------------+<----- aligned at 64 bytes -# | __int64 ap[1..0] | converted ap[] -# +-------------------------------+ -# | __int64 np[1..0] | converted np[] -# +-------------------------------+ -# | __int64 ap[3..2] | -# . . -# . . -# +-------------------------------+ -($rp,$ap,$bp,$np,$n0p,$num)=map("%i$_",(0..5)); -($t0,$t1,$t2,$t3,$cnt,$tp,$bufsz,$anp)=map("%l$_",(0..7)); -($ovf,$i)=($t0,$t1); -$code.=<<___; - ld [$n0p+0], $t0 ! pull n0[0..1] value - add %sp, $bias+$frame, $tp - ld [$n0p+4], $t1 - add $tp, %g5, $anp - ld [$bp+0], $t2 ! m0=bp[0] - sllx $t1, 32, $n0 - ld [$bp+4], $t3 - or $t0, $n0, $n0 - add $bp, 8, $bp - - ld [$ap+0], $t0 ! ap[0] - sllx $t3, 32, $m0 - ld [$ap+4], $t1 - or $t2, $m0, $m0 - - ld [$ap+8], $t2 ! ap[1] - sllx $t1, 32, $aj - ld [$ap+12], $t3 - or $t0, $aj, $aj - add $ap, 16, $ap - stx $aj, [$anp] ! converted ap[0] - - mulx $aj, $m0, $lo0 ! ap[0]*bp[0] - umulxhi $aj, $m0, $hi0 - - ld [$np+0], $t0 ! np[0] - sllx $t3, 32, $aj - ld [$np+4], $t1 - or $t2, $aj, $aj - - ld [$np+8], $t2 ! np[1] - sllx $t1, 32, $nj - ld [$np+12], $t3 - or $t0, $nj, $nj - add $np, 16, $np - stx $nj, [$anp+8] ! converted np[0] - - mulx $lo0, $n0, $m1 ! "tp[0]"*n0 - stx $aj, [$anp+16] ! converted ap[1] - - mulx $aj, $m0, $alo ! ap[1]*bp[0] - umulxhi $aj, $m0, $aj ! ahi=aj - - mulx $nj, $m1, $lo1 ! np[0]*m1 - umulxhi $nj, $m1, $hi1 - - sllx $t3, 32, $nj - or $t2, $nj, $nj - stx $nj, [$anp+24] ! converted np[1] - add $anp, 32, $anp - - addcc $lo0, $lo1, $lo1 - addxc %g0, $hi1, $hi1 - - mulx $nj, $m1, $nlo ! np[1]*m1 - umulxhi $nj, $m1, $nj ! nhi=nj - - ba .L1st - sub $num, 24, $cnt ! cnt=num-3 - -.align 16 -.L1st: - ld [$ap+0], $t0 ! ap[j] - addcc $alo, $hi0, $lo0 - ld [$ap+4], $t1 - addxc $aj, %g0, $hi0 - - sllx $t1, 32, $aj - add $ap, 8, $ap - or $t0, $aj, $aj - stx $aj, [$anp] ! converted ap[j] - - ld [$np+0], $t2 ! np[j] - addcc $nlo, $hi1, $lo1 - ld [$np+4], $t3 - addxc $nj, %g0, $hi1 ! nhi=nj - - sllx $t3, 32, $nj - add $np, 8, $np - mulx $aj, $m0, $alo ! ap[j]*bp[0] - or $t2, $nj, $nj - umulxhi $aj, $m0, $aj ! ahi=aj - stx $nj, [$anp+8] ! converted np[j] - add $anp, 16, $anp ! anp++ - - mulx $nj, $m1, $nlo ! np[j]*m1 - addcc $lo0, $lo1, $lo1 ! np[j]*m1+ap[j]*bp[0] - umulxhi $nj, $m1, $nj ! nhi=nj - addxc %g0, $hi1, $hi1 - stx $lo1, [$tp] ! tp[j-1] - add $tp, 8, $tp ! tp++ - - brnz,pt $cnt, .L1st - sub $cnt, 8, $cnt ! j-- -!.L1st - addcc $alo, $hi0, $lo0 - addxc $aj, %g0, $hi0 ! ahi=aj - - addcc $nlo, $hi1, $lo1 - addxc $nj, %g0, $hi1 - addcc $lo0, $lo1, $lo1 ! np[j]*m1+ap[j]*bp[0] - addxc %g0, $hi1, $hi1 - stx $lo1, [$tp] ! tp[j-1] - add $tp, 8, $tp - - addcc $hi0, $hi1, $hi1 - addxc %g0, %g0, $ovf ! upmost overflow bit - stx $hi1, [$tp] - add $tp, 8, $tp - - ba .Louter - sub $num, 16, $i ! i=num-2 - -.align 16 -.Louter: - ld [$bp+0], $t2 ! m0=bp[i] - ld [$bp+4], $t3 - - sub $anp, $num, $anp ! rewind - sub $tp, $num, $tp - sub $anp, $num, $anp - - add $bp, 8, $bp - sllx $t3, 32, $m0 - ldx [$anp+0], $aj ! ap[0] - or $t2, $m0, $m0 - ldx [$anp+8], $nj ! np[0] - - mulx $aj, $m0, $lo0 ! ap[0]*bp[i] - ldx [$tp], $tj ! tp[0] - umulxhi $aj, $m0, $hi0 - ldx [$anp+16], $aj ! ap[1] - addcc $lo0, $tj, $lo0 ! ap[0]*bp[i]+tp[0] - mulx $aj, $m0, $alo ! ap[1]*bp[i] - addxc %g0, $hi0, $hi0 - mulx $lo0, $n0, $m1 ! tp[0]*n0 - umulxhi $aj, $m0, $aj ! ahi=aj - mulx $nj, $m1, $lo1 ! np[0]*m1 - umulxhi $nj, $m1, $hi1 - ldx [$anp+24], $nj ! np[1] - add $anp, 32, $anp - addcc $lo1, $lo0, $lo1 - mulx $nj, $m1, $nlo ! np[1]*m1 - addxc %g0, $hi1, $hi1 - umulxhi $nj, $m1, $nj ! nhi=nj - - ba .Linner - sub $num, 24, $cnt ! cnt=num-3 -.align 16 -.Linner: - addcc $alo, $hi0, $lo0 - ldx [$tp+8], $tj ! tp[j] - addxc $aj, %g0, $hi0 ! ahi=aj - ldx [$anp+0], $aj ! ap[j] - addcc $nlo, $hi1, $lo1 - mulx $aj, $m0, $alo ! ap[j]*bp[i] - addxc $nj, %g0, $hi1 ! nhi=nj - ldx [$anp+8], $nj ! np[j] - add $anp, 16, $anp - umulxhi $aj, $m0, $aj ! ahi=aj - addcc $lo0, $tj, $lo0 ! ap[j]*bp[i]+tp[j] - mulx $nj, $m1, $nlo ! np[j]*m1 - addxc %g0, $hi0, $hi0 - umulxhi $nj, $m1, $nj ! nhi=nj - addcc $lo1, $lo0, $lo1 ! np[j]*m1+ap[j]*bp[i]+tp[j] - addxc %g0, $hi1, $hi1 - stx $lo1, [$tp] ! tp[j-1] - add $tp, 8, $tp - brnz,pt $cnt, .Linner - sub $cnt, 8, $cnt -!.Linner - ldx [$tp+8], $tj ! tp[j] - addcc $alo, $hi0, $lo0 - addxc $aj, %g0, $hi0 ! ahi=aj - addcc $lo0, $tj, $lo0 ! ap[j]*bp[i]+tp[j] - addxc %g0, $hi0, $hi0 - - addcc $nlo, $hi1, $lo1 - addxc $nj, %g0, $hi1 ! nhi=nj - addcc $lo1, $lo0, $lo1 ! np[j]*m1+ap[j]*bp[i]+tp[j] - addxc %g0, $hi1, $hi1 - stx $lo1, [$tp] ! tp[j-1] - - subcc %g0, $ovf, %g0 ! move upmost overflow to CCR.xcc - addxccc $hi1, $hi0, $hi1 - addxc %g0, %g0, $ovf - stx $hi1, [$tp+8] - add $tp, 16, $tp - - brnz,pt $i, .Louter - sub $i, 8, $i - - sub $anp, $num, $anp ! rewind - sub $tp, $num, $tp - sub $anp, $num, $anp - ba .Lsub - subcc $num, 8, $cnt ! cnt=num-1 and clear CCR.xcc - -.align 16 -.Lsub: - ldx [$tp], $tj - add $tp, 8, $tp - ldx [$anp+8], $nj - add $anp, 16, $anp - subccc $tj, $nj, $t2 ! tp[j]-np[j] - srlx $tj, 32, $tj - srlx $nj, 32, $nj - subccc $tj, $nj, $t3 - add $rp, 8, $rp - st $t2, [$rp-4] ! reverse order - st $t3, [$rp-8] - brnz,pt $cnt, .Lsub - sub $cnt, 8, $cnt - - sub $anp, $num, $anp ! rewind - sub $tp, $num, $tp - sub $anp, $num, $anp - sub $rp, $num, $rp - - subccc $ovf, %g0, $ovf ! handle upmost overflow bit - ba .Lcopy - sub $num, 8, $cnt - -.align 16 -.Lcopy: ! conditional copy - ld [$tp+0], $t0 - ld [$tp+4], $t1 - ld [$rp+0], $t2 - ld [$rp+4], $t3 - stx %g0, [$tp] ! zap - add $tp, 8, $tp - stx %g0, [$anp] ! zap - stx %g0, [$anp+8] - add $anp, 16, $anp - movcs %icc, $t0, $t2 - movcs %icc, $t1, $t3 - st $t3, [$rp+0] ! flip order - st $t2, [$rp+4] - add $rp, 8, $rp - brnz $cnt, .Lcopy - sub $cnt, 8, $cnt - - mov 1, %o0 - ret - restore -.type bn_mul_mont_vis3, #function -.size bn_mul_mont_vis3, .-bn_mul_mont_vis3 -.asciz "Montgomery Multiplication for SPARCv9 VIS3, CRYPTOGAMS by " -.align 4 -___ - -# Purpose of these subroutines is to explicitly encode VIS instructions, -# so that one can compile the module without having to specify VIS -# extensions on compiler command line, e.g. -xarch=v9 vs. -xarch=v9a. -# Idea is to reserve for option to produce "universal" binary and let -# programmer detect if current CPU is VIS capable at run-time. -sub unvis3 { -my ($mnemonic,$rs1,$rs2,$rd)=@_; -my %bias = ( "g" => 0, "o" => 8, "l" => 16, "i" => 24 ); -my ($ref,$opf); -my %visopf = ( "addxc" => 0x011, - "addxccc" => 0x013, - "umulxhi" => 0x016 ); - - $ref = "$mnemonic\t$rs1,$rs2,$rd"; - - if ($opf=$visopf{$mnemonic}) { - foreach ($rs1,$rs2,$rd) { - return $ref if (!/%([goli])([0-9])/); - $_=$bias{$1}+$2; - } - - return sprintf ".word\t0x%08x !%s", - 0x81b00000|$rd<<25|$rs1<<14|$opf<<5|$rs2, - $ref; - } else { - return $ref; - } -} - -foreach (split("\n",$code)) { - s/\`([^\`]*)\`/eval $1/ge; - - s/\b(umulxhi|addxc[c]{0,2})\s+(%[goli][0-7]),\s*(%[goli][0-7]),\s*(%[goli][0-7])/ - &unvis3($1,$2,$3,$4) - /ge; - - print $_,"\n"; -} - -close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/bn/asm/x86-gf2m.pl b/crypto/bn/asm/x86-gf2m.pl deleted file mode 100644 index 469effd39e56cef73a4dc59c17e438ed511115a2..0000000000000000000000000000000000000000 --- a/crypto/bn/asm/x86-gf2m.pl +++ /dev/null @@ -1,324 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2011-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - -# -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# ==================================================================== -# -# May 2011 -# -# The module implements bn_GF2m_mul_2x2 polynomial multiplication used -# in bn_gf2m.c. It's kind of low-hanging mechanical port from C for -# the time being... Except that it has three code paths: pure integer -# code suitable for any x86 CPU, MMX code suitable for PIII and later -# and PCLMULQDQ suitable for Westmere and later. Improvement varies -# from one benchmark and µ-arch to another. Below are interval values -# for 163- and 571-bit ECDH benchmarks relative to compiler-generated -# code: -# -# PIII 16%-30% -# P4 12%-12% -# Opteron 18%-40% -# Core2 19%-44% -# Atom 38%-64% -# Westmere 53%-121%(PCLMULQDQ)/20%-32%(MMX) -# Sandy Bridge 72%-127%(PCLMULQDQ)/27%-23%(MMX) -# -# Note that above improvement coefficients are not coefficients for -# bn_GF2m_mul_2x2 itself. For example 120% ECDH improvement is result -# of bn_GF2m_mul_2x2 being >4x faster. As it gets faster, benchmark -# is more and more dominated by other subroutines, most notably by -# BN_GF2m_mod[_mul]_arr... - -$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; -push(@INC,"${dir}","${dir}../../perlasm"); -require "x86asm.pl"; - -$output = pop and open STDOUT,">$output"; - -&asm_init($ARGV[0],$x86only = $ARGV[$#ARGV] eq "386"); - -$sse2=0; -for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); } - -&external_label("OPENSSL_ia32cap_P") if ($sse2); - -$a="eax"; -$b="ebx"; -($a1,$a2,$a4)=("ecx","edx","ebp"); - -$R="mm0"; -@T=("mm1","mm2"); -($A,$B,$B30,$B31)=("mm2","mm3","mm4","mm5"); -@i=("esi","edi"); - - if (!$x86only) { -&function_begin_B("_mul_1x1_mmx"); - &sub ("esp",32+4); - &mov ($a1,$a); - &lea ($a2,&DWP(0,$a,$a)); - &and ($a1,0x3fffffff); - &lea ($a4,&DWP(0,$a2,$a2)); - &mov (&DWP(0*4,"esp"),0); - &and ($a2,0x7fffffff); - &movd ($A,$a); - &movd ($B,$b); - &mov (&DWP(1*4,"esp"),$a1); # a1 - &xor ($a1,$a2); # a1^a2 - &pxor ($B31,$B31); - &pxor ($B30,$B30); - &mov (&DWP(2*4,"esp"),$a2); # a2 - &xor ($a2,$a4); # a2^a4 - &mov (&DWP(3*4,"esp"),$a1); # a1^a2 - &pcmpgtd($B31,$A); # broadcast 31st bit - &paddd ($A,$A); # $A<<=1 - &xor ($a1,$a2); # a1^a4=a1^a2^a2^a4 - &mov (&DWP(4*4,"esp"),$a4); # a4 - &xor ($a4,$a2); # a2=a4^a2^a4 - &pand ($B31,$B); - &pcmpgtd($B30,$A); # broadcast 30th bit - &mov (&DWP(5*4,"esp"),$a1); # a1^a4 - &xor ($a4,$a1); # a1^a2^a4 - &psllq ($B31,31); - &pand ($B30,$B); - &mov (&DWP(6*4,"esp"),$a2); # a2^a4 - &mov (@i[0],0x7); - &mov (&DWP(7*4,"esp"),$a4); # a1^a2^a4 - &mov ($a4,@i[0]); - &and (@i[0],$b); - &shr ($b,3); - &mov (@i[1],$a4); - &psllq ($B30,30); - &and (@i[1],$b); - &shr ($b,3); - &movd ($R,&DWP(0,"esp",@i[0],4)); - &mov (@i[0],$a4); - &and (@i[0],$b); - &shr ($b,3); - for($n=1;$n<9;$n++) { - &movd (@T[1],&DWP(0,"esp",@i[1],4)); - &mov (@i[1],$a4); - &psllq (@T[1],3*$n); - &and (@i[1],$b); - &shr ($b,3); - &pxor ($R,@T[1]); - - push(@i,shift(@i)); push(@T,shift(@T)); - } - &movd (@T[1],&DWP(0,"esp",@i[1],4)); - &pxor ($R,$B30); - &psllq (@T[1],3*$n++); - &pxor ($R,@T[1]); - - &movd (@T[0],&DWP(0,"esp",@i[0],4)); - &pxor ($R,$B31); - &psllq (@T[0],3*$n); - &add ("esp",32+4); - &pxor ($R,@T[0]); - &ret (); -&function_end_B("_mul_1x1_mmx"); - } - -($lo,$hi)=("eax","edx"); -@T=("ecx","ebp"); - -&function_begin_B("_mul_1x1_ialu"); - &sub ("esp",32+4); - &mov ($a1,$a); - &lea ($a2,&DWP(0,$a,$a)); - &lea ($a4,&DWP(0,"",$a,4)); - &and ($a1,0x3fffffff); - &lea (@i[1],&DWP(0,$lo,$lo)); - &sar ($lo,31); # broadcast 31st bit - &mov (&DWP(0*4,"esp"),0); - &and ($a2,0x7fffffff); - &mov (&DWP(1*4,"esp"),$a1); # a1 - &xor ($a1,$a2); # a1^a2 - &mov (&DWP(2*4,"esp"),$a2); # a2 - &xor ($a2,$a4); # a2^a4 - &mov (&DWP(3*4,"esp"),$a1); # a1^a2 - &xor ($a1,$a2); # a1^a4=a1^a2^a2^a4 - &mov (&DWP(4*4,"esp"),$a4); # a4 - &xor ($a4,$a2); # a2=a4^a2^a4 - &mov (&DWP(5*4,"esp"),$a1); # a1^a4 - &xor ($a4,$a1); # a1^a2^a4 - &sar (@i[1],31); # broadcast 30th bit - &and ($lo,$b); - &mov (&DWP(6*4,"esp"),$a2); # a2^a4 - &and (@i[1],$b); - &mov (&DWP(7*4,"esp"),$a4); # a1^a2^a4 - &mov ($hi,$lo); - &shl ($lo,31); - &mov (@T[0],@i[1]); - &shr ($hi,1); - - &mov (@i[0],0x7); - &shl (@i[1],30); - &and (@i[0],$b); - &shr (@T[0],2); - &xor ($lo,@i[1]); - - &shr ($b,3); - &mov (@i[1],0x7); # 5-byte instruction!? - &and (@i[1],$b); - &shr ($b,3); - &xor ($hi,@T[0]); - &xor ($lo,&DWP(0,"esp",@i[0],4)); - &mov (@i[0],0x7); - &and (@i[0],$b); - &shr ($b,3); - for($n=1;$n<9;$n++) { - &mov (@T[1],&DWP(0,"esp",@i[1],4)); - &mov (@i[1],0x7); - &mov (@T[0],@T[1]); - &shl (@T[1],3*$n); - &and (@i[1],$b); - &shr (@T[0],32-3*$n); - &xor ($lo,@T[1]); - &shr ($b,3); - &xor ($hi,@T[0]); - - push(@i,shift(@i)); push(@T,shift(@T)); - } - &mov (@T[1],&DWP(0,"esp",@i[1],4)); - &mov (@T[0],@T[1]); - &shl (@T[1],3*$n); - &mov (@i[1],&DWP(0,"esp",@i[0],4)); - &shr (@T[0],32-3*$n); $n++; - &mov (@i[0],@i[1]); - &xor ($lo,@T[1]); - &shl (@i[1],3*$n); - &xor ($hi,@T[0]); - &shr (@i[0],32-3*$n); - &xor ($lo,@i[1]); - &xor ($hi,@i[0]); - - &add ("esp",32+4); - &ret (); -&function_end_B("_mul_1x1_ialu"); - -# void bn_GF2m_mul_2x2(BN_ULONG *r, BN_ULONG a1, BN_ULONG a0, BN_ULONG b1, BN_ULONG b0); -&function_begin_B("bn_GF2m_mul_2x2"); -if (!$x86only) { - &picmeup("edx","OPENSSL_ia32cap_P"); - &mov ("eax",&DWP(0,"edx")); - &mov ("edx",&DWP(4,"edx")); - &test ("eax",1<<23); # check MMX bit - &jz (&label("ialu")); -if ($sse2) { - &test ("eax",1<<24); # check FXSR bit - &jz (&label("mmx")); - &test ("edx",1<<1); # check PCLMULQDQ bit - &jz (&label("mmx")); - - &movups ("xmm0",&QWP(8,"esp")); - &shufps ("xmm0","xmm0",0b10110001); - &pclmulqdq ("xmm0","xmm0",1); - &mov ("eax",&DWP(4,"esp")); - &movups (&QWP(0,"eax"),"xmm0"); - &ret (); - -&set_label("mmx",16); -} - &push ("ebp"); - &push ("ebx"); - &push ("esi"); - &push ("edi"); - &mov ($a,&wparam(1)); - &mov ($b,&wparam(3)); - &call ("_mul_1x1_mmx"); # a1·b1 - &movq ("mm7",$R); - - &mov ($a,&wparam(2)); - &mov ($b,&wparam(4)); - &call ("_mul_1x1_mmx"); # a0·b0 - &movq ("mm6",$R); - - &mov ($a,&wparam(1)); - &mov ($b,&wparam(3)); - &xor ($a,&wparam(2)); - &xor ($b,&wparam(4)); - &call ("_mul_1x1_mmx"); # (a0+a1)·(b0+b1) - &pxor ($R,"mm7"); - &mov ($a,&wparam(0)); - &pxor ($R,"mm6"); # (a0+a1)·(b0+b1)-a1·b1-a0·b0 - - &movq ($A,$R); - &psllq ($R,32); - &pop ("edi"); - &psrlq ($A,32); - &pop ("esi"); - &pxor ($R,"mm6"); - &pop ("ebx"); - &pxor ($A,"mm7"); - &movq (&QWP(0,$a),$R); - &pop ("ebp"); - &movq (&QWP(8,$a),$A); - &emms (); - &ret (); -&set_label("ialu",16); -} - &push ("ebp"); - &push ("ebx"); - &push ("esi"); - &push ("edi"); - &stack_push(4+1); - - &mov ($a,&wparam(1)); - &mov ($b,&wparam(3)); - &call ("_mul_1x1_ialu"); # a1·b1 - &mov (&DWP(8,"esp"),$lo); - &mov (&DWP(12,"esp"),$hi); - - &mov ($a,&wparam(2)); - &mov ($b,&wparam(4)); - &call ("_mul_1x1_ialu"); # a0·b0 - &mov (&DWP(0,"esp"),$lo); - &mov (&DWP(4,"esp"),$hi); - - &mov ($a,&wparam(1)); - &mov ($b,&wparam(3)); - &xor ($a,&wparam(2)); - &xor ($b,&wparam(4)); - &call ("_mul_1x1_ialu"); # (a0+a1)·(b0+b1) - - &mov ("ebp",&wparam(0)); - @r=("ebx","ecx","edi","esi"); - &mov (@r[0],&DWP(0,"esp")); - &mov (@r[1],&DWP(4,"esp")); - &mov (@r[2],&DWP(8,"esp")); - &mov (@r[3],&DWP(12,"esp")); - - &xor ($lo,$hi); - &xor ($hi,@r[1]); - &xor ($lo,@r[0]); - &mov (&DWP(0,"ebp"),@r[0]); - &xor ($hi,@r[2]); - &mov (&DWP(12,"ebp"),@r[3]); - &xor ($lo,@r[3]); - &stack_pop(4+1); - &xor ($hi,@r[3]); - &pop ("edi"); - &xor ($lo,$hi); - &pop ("esi"); - &mov (&DWP(8,"ebp"),$hi); - &pop ("ebx"); - &mov (&DWP(4,"ebp"),$lo); - &pop ("ebp"); - &ret (); -&function_end_B("bn_GF2m_mul_2x2"); - -&asciz ("GF(2^m) Multiplication for x86, CRYPTOGAMS by "); - -&asm_finish(); - -close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/bn/asm/x86-mont.pl b/crypto/bn/asm/x86-mont.pl deleted file mode 100755 index 8fff9e1d3686223b327acf8fb184cb5a8a3c937f..0000000000000000000000000000000000000000 --- a/crypto/bn/asm/x86-mont.pl +++ /dev/null @@ -1,630 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2005-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - - -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# ==================================================================== - -# October 2005 -# -# This is a "teaser" code, as it can be improved in several ways... -# First of all non-SSE2 path should be implemented (yes, for now it -# performs Montgomery multiplication/convolution only on SSE2-capable -# CPUs such as P4, others fall down to original code). Then inner loop -# can be unrolled and modulo-scheduled to improve ILP and possibly -# moved to 128-bit XMM register bank (though it would require input -# rearrangement and/or increase bus bandwidth utilization). Dedicated -# squaring procedure should give further performance improvement... -# Yet, for being draft, the code improves rsa512 *sign* benchmark by -# 110%(!), rsa1024 one - by 70% and rsa4096 - by 20%:-) - -# December 2006 -# -# Modulo-scheduling SSE2 loops results in further 15-20% improvement. -# Integer-only code [being equipped with dedicated squaring procedure] -# gives ~40% on rsa512 sign benchmark... - -$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; -push(@INC,"${dir}","${dir}../../perlasm"); -require "x86asm.pl"; - -$output = pop and open STDOUT,">$output"; - -&asm_init($ARGV[0]); - -$sse2=0; -for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); } - -&external_label("OPENSSL_ia32cap_P") if ($sse2); - -&function_begin("bn_mul_mont"); - -$i="edx"; -$j="ecx"; -$ap="esi"; $tp="esi"; # overlapping variables!!! -$rp="edi"; $bp="edi"; # overlapping variables!!! -$np="ebp"; -$num="ebx"; - -$_num=&DWP(4*0,"esp"); # stack top layout -$_rp=&DWP(4*1,"esp"); -$_ap=&DWP(4*2,"esp"); -$_bp=&DWP(4*3,"esp"); -$_np=&DWP(4*4,"esp"); -$_n0=&DWP(4*5,"esp"); $_n0q=&QWP(4*5,"esp"); -$_sp=&DWP(4*6,"esp"); -$_bpend=&DWP(4*7,"esp"); -$frame=32; # size of above frame rounded up to 16n - - &xor ("eax","eax"); - &mov ("edi",&wparam(5)); # int num - &cmp ("edi",4); - &jl (&label("just_leave")); - - &lea ("esi",&wparam(0)); # put aside pointer to argument block - &lea ("edx",&wparam(1)); # load ap - &add ("edi",2); # extra two words on top of tp - &neg ("edi"); - &lea ("ebp",&DWP(-$frame,"esp","edi",4)); # future alloca($frame+4*(num+2)) - &neg ("edi"); - - # minimize cache contention by arranging 2K window between stack - # pointer and ap argument [np is also position sensitive vector, - # but it's assumed to be near ap, as it's allocated at ~same - # time]. - &mov ("eax","ebp"); - &sub ("eax","edx"); - &and ("eax",2047); - &sub ("ebp","eax"); # this aligns sp and ap modulo 2048 - - &xor ("edx","ebp"); - &and ("edx",2048); - &xor ("edx",2048); - &sub ("ebp","edx"); # this splits them apart modulo 4096 - - &and ("ebp",-64); # align to cache line - - # An OS-agnostic version of __chkstk. - # - # Some OSes (Windows) insist on stack being "wired" to - # physical memory in strictly sequential manner, i.e. if stack - # allocation spans two pages, then reference to farmost one can - # be punishable by SEGV. But page walking can do good even on - # other OSes, because it guarantees that villain thread hits - # the guard page before it can make damage to innocent one... - &mov ("eax","esp"); - &sub ("eax","ebp"); - &and ("eax",-4096); - &mov ("edx","esp"); # saved stack pointer! - &lea ("esp",&DWP(0,"ebp","eax")); - &mov ("eax",&DWP(0,"esp")); - &cmp ("esp","ebp"); - &ja (&label("page_walk")); - &jmp (&label("page_walk_done")); - -&set_label("page_walk",16); - &lea ("esp",&DWP(-4096,"esp")); - &mov ("eax",&DWP(0,"esp")); - &cmp ("esp","ebp"); - &ja (&label("page_walk")); -&set_label("page_walk_done"); - - ################################# load argument block... - &mov ("eax",&DWP(0*4,"esi"));# BN_ULONG *rp - &mov ("ebx",&DWP(1*4,"esi"));# const BN_ULONG *ap - &mov ("ecx",&DWP(2*4,"esi"));# const BN_ULONG *bp - &mov ("ebp",&DWP(3*4,"esi"));# const BN_ULONG *np - &mov ("esi",&DWP(4*4,"esi"));# const BN_ULONG *n0 - #&mov ("edi",&DWP(5*4,"esi"));# int num - - &mov ("esi",&DWP(0,"esi")); # pull n0[0] - &mov ($_rp,"eax"); # ... save a copy of argument block - &mov ($_ap,"ebx"); - &mov ($_bp,"ecx"); - &mov ($_np,"ebp"); - &mov ($_n0,"esi"); - &lea ($num,&DWP(-3,"edi")); # num=num-1 to assist modulo-scheduling - #&mov ($_num,$num); # redundant as $num is not reused - &mov ($_sp,"edx"); # saved stack pointer! - -if($sse2) { -$acc0="mm0"; # mmx register bank layout -$acc1="mm1"; -$car0="mm2"; -$car1="mm3"; -$mul0="mm4"; -$mul1="mm5"; -$temp="mm6"; -$mask="mm7"; - - &picmeup("eax","OPENSSL_ia32cap_P"); - &bt (&DWP(0,"eax"),26); - &jnc (&label("non_sse2")); - - &mov ("eax",-1); - &movd ($mask,"eax"); # mask 32 lower bits - - &mov ($ap,$_ap); # load input pointers - &mov ($bp,$_bp); - &mov ($np,$_np); - - &xor ($i,$i); # i=0 - &xor ($j,$j); # j=0 - - &movd ($mul0,&DWP(0,$bp)); # bp[0] - &movd ($mul1,&DWP(0,$ap)); # ap[0] - &movd ($car1,&DWP(0,$np)); # np[0] - - &pmuludq($mul1,$mul0); # ap[0]*bp[0] - &movq ($car0,$mul1); - &movq ($acc0,$mul1); # I wish movd worked for - &pand ($acc0,$mask); # inter-register transfers - - &pmuludq($mul1,$_n0q); # *=n0 - - &pmuludq($car1,$mul1); # "t[0]"*np[0]*n0 - &paddq ($car1,$acc0); - - &movd ($acc1,&DWP(4,$np)); # np[1] - &movd ($acc0,&DWP(4,$ap)); # ap[1] - - &psrlq ($car0,32); - &psrlq ($car1,32); - - &inc ($j); # j++ -&set_label("1st",16); - &pmuludq($acc0,$mul0); # ap[j]*bp[0] - &pmuludq($acc1,$mul1); # np[j]*m1 - &paddq ($car0,$acc0); # +=c0 - &paddq ($car1,$acc1); # +=c1 - - &movq ($acc0,$car0); - &pand ($acc0,$mask); - &movd ($acc1,&DWP(4,$np,$j,4)); # np[j+1] - &paddq ($car1,$acc0); # +=ap[j]*bp[0]; - &movd ($acc0,&DWP(4,$ap,$j,4)); # ap[j+1] - &psrlq ($car0,32); - &movd (&DWP($frame-4,"esp",$j,4),$car1); # tp[j-1]= - &psrlq ($car1,32); - - &lea ($j,&DWP(1,$j)); - &cmp ($j,$num); - &jl (&label("1st")); - - &pmuludq($acc0,$mul0); # ap[num-1]*bp[0] - &pmuludq($acc1,$mul1); # np[num-1]*m1 - &paddq ($car0,$acc0); # +=c0 - &paddq ($car1,$acc1); # +=c1 - - &movq ($acc0,$car0); - &pand ($acc0,$mask); - &paddq ($car1,$acc0); # +=ap[num-1]*bp[0]; - &movd (&DWP($frame-4,"esp",$j,4),$car1); # tp[num-2]= - - &psrlq ($car0,32); - &psrlq ($car1,32); - - &paddq ($car1,$car0); - &movq (&QWP($frame,"esp",$num,4),$car1); # tp[num].tp[num-1] - - &inc ($i); # i++ -&set_label("outer"); - &xor ($j,$j); # j=0 - - &movd ($mul0,&DWP(0,$bp,$i,4)); # bp[i] - &movd ($mul1,&DWP(0,$ap)); # ap[0] - &movd ($temp,&DWP($frame,"esp")); # tp[0] - &movd ($car1,&DWP(0,$np)); # np[0] - &pmuludq($mul1,$mul0); # ap[0]*bp[i] - - &paddq ($mul1,$temp); # +=tp[0] - &movq ($acc0,$mul1); - &movq ($car0,$mul1); - &pand ($acc0,$mask); - - &pmuludq($mul1,$_n0q); # *=n0 - - &pmuludq($car1,$mul1); - &paddq ($car1,$acc0); - - &movd ($temp,&DWP($frame+4,"esp")); # tp[1] - &movd ($acc1,&DWP(4,$np)); # np[1] - &movd ($acc0,&DWP(4,$ap)); # ap[1] - - &psrlq ($car0,32); - &psrlq ($car1,32); - &paddq ($car0,$temp); # +=tp[1] - - &inc ($j); # j++ - &dec ($num); -&set_label("inner"); - &pmuludq($acc0,$mul0); # ap[j]*bp[i] - &pmuludq($acc1,$mul1); # np[j]*m1 - &paddq ($car0,$acc0); # +=c0 - &paddq ($car1,$acc1); # +=c1 - - &movq ($acc0,$car0); - &movd ($temp,&DWP($frame+4,"esp",$j,4));# tp[j+1] - &pand ($acc0,$mask); - &movd ($acc1,&DWP(4,$np,$j,4)); # np[j+1] - &paddq ($car1,$acc0); # +=ap[j]*bp[i]+tp[j] - &movd ($acc0,&DWP(4,$ap,$j,4)); # ap[j+1] - &psrlq ($car0,32); - &movd (&DWP($frame-4,"esp",$j,4),$car1);# tp[j-1]= - &psrlq ($car1,32); - &paddq ($car0,$temp); # +=tp[j+1] - - &dec ($num); - &lea ($j,&DWP(1,$j)); # j++ - &jnz (&label("inner")); - - &mov ($num,$j); - &pmuludq($acc0,$mul0); # ap[num-1]*bp[i] - &pmuludq($acc1,$mul1); # np[num-1]*m1 - &paddq ($car0,$acc0); # +=c0 - &paddq ($car1,$acc1); # +=c1 - - &movq ($acc0,$car0); - &pand ($acc0,$mask); - &paddq ($car1,$acc0); # +=ap[num-1]*bp[i]+tp[num-1] - &movd (&DWP($frame-4,"esp",$j,4),$car1); # tp[num-2]= - &psrlq ($car0,32); - &psrlq ($car1,32); - - &movd ($temp,&DWP($frame+4,"esp",$num,4)); # += tp[num] - &paddq ($car1,$car0); - &paddq ($car1,$temp); - &movq (&QWP($frame,"esp",$num,4),$car1); # tp[num].tp[num-1] - - &lea ($i,&DWP(1,$i)); # i++ - &cmp ($i,$num); - &jle (&label("outer")); - - &emms (); # done with mmx bank - &jmp (&label("common_tail")); - -&set_label("non_sse2",16); -} - -if (0) { - &mov ("esp",$_sp); - &xor ("eax","eax"); # signal "not fast enough [yet]" - &jmp (&label("just_leave")); - # While the below code provides competitive performance for - # all key lengths on modern Intel cores, it's still more - # than 10% slower for 4096-bit key elsewhere:-( "Competitive" - # means compared to the original integer-only assembler. - # 512-bit RSA sign is better by ~40%, but that's about all - # one can say about all CPUs... -} else { -$inp="esi"; # integer path uses these registers differently -$word="edi"; -$carry="ebp"; - - &mov ($inp,$_ap); - &lea ($carry,&DWP(1,$num)); - &mov ($word,$_bp); - &xor ($j,$j); # j=0 - &mov ("edx",$inp); - &and ($carry,1); # see if num is even - &sub ("edx",$word); # see if ap==bp - &lea ("eax",&DWP(4,$word,$num,4)); # &bp[num] - &or ($carry,"edx"); - &mov ($word,&DWP(0,$word)); # bp[0] - &jz (&label("bn_sqr_mont")); - &mov ($_bpend,"eax"); - &mov ("eax",&DWP(0,$inp)); - &xor ("edx","edx"); - -&set_label("mull",16); - &mov ($carry,"edx"); - &mul ($word); # ap[j]*bp[0] - &add ($carry,"eax"); - &lea ($j,&DWP(1,$j)); - &adc ("edx",0); - &mov ("eax",&DWP(0,$inp,$j,4)); # ap[j+1] - &cmp ($j,$num); - &mov (&DWP($frame-4,"esp",$j,4),$carry); # tp[j]= - &jl (&label("mull")); - - &mov ($carry,"edx"); - &mul ($word); # ap[num-1]*bp[0] - &mov ($word,$_n0); - &add ("eax",$carry); - &mov ($inp,$_np); - &adc ("edx",0); - &imul ($word,&DWP($frame,"esp")); # n0*tp[0] - - &mov (&DWP($frame,"esp",$num,4),"eax"); # tp[num-1]= - &xor ($j,$j); - &mov (&DWP($frame+4,"esp",$num,4),"edx"); # tp[num]= - &mov (&DWP($frame+8,"esp",$num,4),$j); # tp[num+1]= - - &mov ("eax",&DWP(0,$inp)); # np[0] - &mul ($word); # np[0]*m - &add ("eax",&DWP($frame,"esp")); # +=tp[0] - &mov ("eax",&DWP(4,$inp)); # np[1] - &adc ("edx",0); - &inc ($j); - - &jmp (&label("2ndmadd")); - -&set_label("1stmadd",16); - &mov ($carry,"edx"); - &mul ($word); # ap[j]*bp[i] - &add ($carry,&DWP($frame,"esp",$j,4)); # +=tp[j] - &lea ($j,&DWP(1,$j)); - &adc ("edx",0); - &add ($carry,"eax"); - &mov ("eax",&DWP(0,$inp,$j,4)); # ap[j+1] - &adc ("edx",0); - &cmp ($j,$num); - &mov (&DWP($frame-4,"esp",$j,4),$carry); # tp[j]= - &jl (&label("1stmadd")); - - &mov ($carry,"edx"); - &mul ($word); # ap[num-1]*bp[i] - &add ("eax",&DWP($frame,"esp",$num,4)); # +=tp[num-1] - &mov ($word,$_n0); - &adc ("edx",0); - &mov ($inp,$_np); - &add ($carry,"eax"); - &adc ("edx",0); - &imul ($word,&DWP($frame,"esp")); # n0*tp[0] - - &xor ($j,$j); - &add ("edx",&DWP($frame+4,"esp",$num,4)); # carry+=tp[num] - &mov (&DWP($frame,"esp",$num,4),$carry); # tp[num-1]= - &adc ($j,0); - &mov ("eax",&DWP(0,$inp)); # np[0] - &mov (&DWP($frame+4,"esp",$num,4),"edx"); # tp[num]= - &mov (&DWP($frame+8,"esp",$num,4),$j); # tp[num+1]= - - &mul ($word); # np[0]*m - &add ("eax",&DWP($frame,"esp")); # +=tp[0] - &mov ("eax",&DWP(4,$inp)); # np[1] - &adc ("edx",0); - &mov ($j,1); - -&set_label("2ndmadd",16); - &mov ($carry,"edx"); - &mul ($word); # np[j]*m - &add ($carry,&DWP($frame,"esp",$j,4)); # +=tp[j] - &lea ($j,&DWP(1,$j)); - &adc ("edx",0); - &add ($carry,"eax"); - &mov ("eax",&DWP(0,$inp,$j,4)); # np[j+1] - &adc ("edx",0); - &cmp ($j,$num); - &mov (&DWP($frame-8,"esp",$j,4),$carry); # tp[j-1]= - &jl (&label("2ndmadd")); - - &mov ($carry,"edx"); - &mul ($word); # np[j]*m - &add ($carry,&DWP($frame,"esp",$num,4)); # +=tp[num-1] - &adc ("edx",0); - &add ($carry,"eax"); - &adc ("edx",0); - &mov (&DWP($frame-4,"esp",$num,4),$carry); # tp[num-2]= - - &xor ("eax","eax"); - &mov ($j,$_bp); # &bp[i] - &add ("edx",&DWP($frame+4,"esp",$num,4)); # carry+=tp[num] - &adc ("eax",&DWP($frame+8,"esp",$num,4)); # +=tp[num+1] - &lea ($j,&DWP(4,$j)); - &mov (&DWP($frame,"esp",$num,4),"edx"); # tp[num-1]= - &cmp ($j,$_bpend); - &mov (&DWP($frame+4,"esp",$num,4),"eax"); # tp[num]= - &je (&label("common_tail")); - - &mov ($word,&DWP(0,$j)); # bp[i+1] - &mov ($inp,$_ap); - &mov ($_bp,$j); # &bp[++i] - &xor ($j,$j); - &xor ("edx","edx"); - &mov ("eax",&DWP(0,$inp)); - &jmp (&label("1stmadd")); - -&set_label("bn_sqr_mont",16); -$sbit=$num; - &mov ($_num,$num); - &mov ($_bp,$j); # i=0 - - &mov ("eax",$word); # ap[0] - &mul ($word); # ap[0]*ap[0] - &mov (&DWP($frame,"esp"),"eax"); # tp[0]= - &mov ($sbit,"edx"); - &shr ("edx",1); - &and ($sbit,1); - &inc ($j); -&set_label("sqr",16); - &mov ("eax",&DWP(0,$inp,$j,4)); # ap[j] - &mov ($carry,"edx"); - &mul ($word); # ap[j]*ap[0] - &add ("eax",$carry); - &lea ($j,&DWP(1,$j)); - &adc ("edx",0); - &lea ($carry,&DWP(0,$sbit,"eax",2)); - &shr ("eax",31); - &cmp ($j,$_num); - &mov ($sbit,"eax"); - &mov (&DWP($frame-4,"esp",$j,4),$carry); # tp[j]= - &jl (&label("sqr")); - - &mov ("eax",&DWP(0,$inp,$j,4)); # ap[num-1] - &mov ($carry,"edx"); - &mul ($word); # ap[num-1]*ap[0] - &add ("eax",$carry); - &mov ($word,$_n0); - &adc ("edx",0); - &mov ($inp,$_np); - &lea ($carry,&DWP(0,$sbit,"eax",2)); - &imul ($word,&DWP($frame,"esp")); # n0*tp[0] - &shr ("eax",31); - &mov (&DWP($frame,"esp",$j,4),$carry); # tp[num-1]= - - &lea ($carry,&DWP(0,"eax","edx",2)); - &mov ("eax",&DWP(0,$inp)); # np[0] - &shr ("edx",31); - &mov (&DWP($frame+4,"esp",$j,4),$carry); # tp[num]= - &mov (&DWP($frame+8,"esp",$j,4),"edx"); # tp[num+1]= - - &mul ($word); # np[0]*m - &add ("eax",&DWP($frame,"esp")); # +=tp[0] - &mov ($num,$j); - &adc ("edx",0); - &mov ("eax",&DWP(4,$inp)); # np[1] - &mov ($j,1); - -&set_label("3rdmadd",16); - &mov ($carry,"edx"); - &mul ($word); # np[j]*m - &add ($carry,&DWP($frame,"esp",$j,4)); # +=tp[j] - &adc ("edx",0); - &add ($carry,"eax"); - &mov ("eax",&DWP(4,$inp,$j,4)); # np[j+1] - &adc ("edx",0); - &mov (&DWP($frame-4,"esp",$j,4),$carry); # tp[j-1]= - - &mov ($carry,"edx"); - &mul ($word); # np[j+1]*m - &add ($carry,&DWP($frame+4,"esp",$j,4)); # +=tp[j+1] - &lea ($j,&DWP(2,$j)); - &adc ("edx",0); - &add ($carry,"eax"); - &mov ("eax",&DWP(0,$inp,$j,4)); # np[j+2] - &adc ("edx",0); - &cmp ($j,$num); - &mov (&DWP($frame-8,"esp",$j,4),$carry); # tp[j]= - &jl (&label("3rdmadd")); - - &mov ($carry,"edx"); - &mul ($word); # np[j]*m - &add ($carry,&DWP($frame,"esp",$num,4)); # +=tp[num-1] - &adc ("edx",0); - &add ($carry,"eax"); - &adc ("edx",0); - &mov (&DWP($frame-4,"esp",$num,4),$carry); # tp[num-2]= - - &mov ($j,$_bp); # i - &xor ("eax","eax"); - &mov ($inp,$_ap); - &add ("edx",&DWP($frame+4,"esp",$num,4)); # carry+=tp[num] - &adc ("eax",&DWP($frame+8,"esp",$num,4)); # +=tp[num+1] - &mov (&DWP($frame,"esp",$num,4),"edx"); # tp[num-1]= - &cmp ($j,$num); - &mov (&DWP($frame+4,"esp",$num,4),"eax"); # tp[num]= - &je (&label("common_tail")); - - &mov ($word,&DWP(4,$inp,$j,4)); # ap[i] - &lea ($j,&DWP(1,$j)); - &mov ("eax",$word); - &mov ($_bp,$j); # ++i - &mul ($word); # ap[i]*ap[i] - &add ("eax",&DWP($frame,"esp",$j,4)); # +=tp[i] - &adc ("edx",0); - &mov (&DWP($frame,"esp",$j,4),"eax"); # tp[i]= - &xor ($carry,$carry); - &cmp ($j,$num); - &lea ($j,&DWP(1,$j)); - &je (&label("sqrlast")); - - &mov ($sbit,"edx"); # zaps $num - &shr ("edx",1); - &and ($sbit,1); -&set_label("sqradd",16); - &mov ("eax",&DWP(0,$inp,$j,4)); # ap[j] - &mov ($carry,"edx"); - &mul ($word); # ap[j]*ap[i] - &add ("eax",$carry); - &lea ($carry,&DWP(0,"eax","eax")); - &adc ("edx",0); - &shr ("eax",31); - &add ($carry,&DWP($frame,"esp",$j,4)); # +=tp[j] - &lea ($j,&DWP(1,$j)); - &adc ("eax",0); - &add ($carry,$sbit); - &adc ("eax",0); - &cmp ($j,$_num); - &mov (&DWP($frame-4,"esp",$j,4),$carry); # tp[j]= - &mov ($sbit,"eax"); - &jle (&label("sqradd")); - - &mov ($carry,"edx"); - &add ("edx","edx"); - &shr ($carry,31); - &add ("edx",$sbit); - &adc ($carry,0); -&set_label("sqrlast"); - &mov ($word,$_n0); - &mov ($inp,$_np); - &imul ($word,&DWP($frame,"esp")); # n0*tp[0] - - &add ("edx",&DWP($frame,"esp",$j,4)); # +=tp[num] - &mov ("eax",&DWP(0,$inp)); # np[0] - &adc ($carry,0); - &mov (&DWP($frame,"esp",$j,4),"edx"); # tp[num]= - &mov (&DWP($frame+4,"esp",$j,4),$carry); # tp[num+1]= - - &mul ($word); # np[0]*m - &add ("eax",&DWP($frame,"esp")); # +=tp[0] - &lea ($num,&DWP(-1,$j)); - &adc ("edx",0); - &mov ($j,1); - &mov ("eax",&DWP(4,$inp)); # np[1] - - &jmp (&label("3rdmadd")); -} - -&set_label("common_tail",16); - &mov ($np,$_np); # load modulus pointer - &mov ($rp,$_rp); # load result pointer - &lea ($tp,&DWP($frame,"esp")); # [$ap and $bp are zapped] - - &mov ("eax",&DWP(0,$tp)); # tp[0] - &mov ($j,$num); # j=num-1 - &xor ($i,$i); # i=0 and clear CF! - -&set_label("sub",16); - &sbb ("eax",&DWP(0,$np,$i,4)); - &mov (&DWP(0,$rp,$i,4),"eax"); # rp[i]=tp[i]-np[i] - &dec ($j); # doesn't affect CF! - &mov ("eax",&DWP(4,$tp,$i,4)); # tp[i+1] - &lea ($i,&DWP(1,$i)); # i++ - &jge (&label("sub")); - - &sbb ("eax",0); # handle upmost overflow bit - &mov ("edx",-1); - &xor ("edx","eax"); - &jmp (&label("copy")); - -&set_label("copy",16); # conditional copy - &mov ($tp,&DWP($frame,"esp",$num,4)); - &mov ($np,&DWP(0,$rp,$num,4)); - &mov (&DWP($frame,"esp",$num,4),$j); # zap temporary vector - &and ($tp,"eax"); - &and ($np,"edx"); - &or ($np,$tp); - &mov (&DWP(0,$rp,$num,4),$np); - &dec ($num); - &jge (&label("copy")); - - &mov ("esp",$_sp); # pull saved stack pointer - &mov ("eax",1); -&set_label("just_leave"); -&function_end("bn_mul_mont"); - -&asciz("Montgomery Multiplication for x86, CRYPTOGAMS by "); - -&asm_finish(); - -close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/bn/asm/x86_64-gcc.c b/crypto/bn/asm/x86_64-gcc.c deleted file mode 100644 index 68453b3d5276cf859ae7074f3fd7251fb16fdec6..0000000000000000000000000000000000000000 --- a/crypto/bn/asm/x86_64-gcc.c +++ /dev/null @@ -1,642 +0,0 @@ -/* - * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include "../bn_local.h" -#if !(defined(__GNUC__) && __GNUC__>=2) -# include "../bn_asm.c" /* kind of dirty hack for Sun Studio */ -#else -/*- - * x86_64 BIGNUM accelerator version 0.1, December 2002. - * - * Implemented by Andy Polyakov for the OpenSSL - * project. - * - * Rights for redistribution and usage in source and binary forms are - * granted according to the License. Warranty of any kind is disclaimed. - * - * Q. Version 0.1? It doesn't sound like Andy, he used to assign real - * versions, like 1.0... - * A. Well, that's because this code is basically a quick-n-dirty - * proof-of-concept hack. As you can see it's implemented with - * inline assembler, which means that you're bound to GCC and that - * there might be enough room for further improvement. - * - * Q. Why inline assembler? - * A. x86_64 features own ABI which I'm not familiar with. This is - * why I decided to let the compiler take care of subroutine - * prologue/epilogue as well as register allocation. For reference. - * Win64 implements different ABI for AMD64, different from Linux. - * - * Q. How much faster does it get? - * A. 'apps/openssl speed rsa dsa' output with no-asm: - * - * sign verify sign/s verify/s - * rsa 512 bits 0.0006s 0.0001s 1683.8 18456.2 - * rsa 1024 bits 0.0028s 0.0002s 356.0 6407.0 - * rsa 2048 bits 0.0172s 0.0005s 58.0 1957.8 - * rsa 4096 bits 0.1155s 0.0018s 8.7 555.6 - * sign verify sign/s verify/s - * dsa 512 bits 0.0005s 0.0006s 2100.8 1768.3 - * dsa 1024 bits 0.0014s 0.0018s 692.3 559.2 - * dsa 2048 bits 0.0049s 0.0061s 204.7 165.0 - * - * 'apps/openssl speed rsa dsa' output with this module: - * - * sign verify sign/s verify/s - * rsa 512 bits 0.0004s 0.0000s 2767.1 33297.9 - * rsa 1024 bits 0.0012s 0.0001s 867.4 14674.7 - * rsa 2048 bits 0.0061s 0.0002s 164.0 5270.0 - * rsa 4096 bits 0.0384s 0.0006s 26.1 1650.8 - * sign verify sign/s verify/s - * dsa 512 bits 0.0002s 0.0003s 4442.2 3786.3 - * dsa 1024 bits 0.0005s 0.0007s 1835.1 1497.4 - * dsa 2048 bits 0.0016s 0.0020s 620.4 504.6 - * - * For the reference. IA-32 assembler implementation performs - * very much like 64-bit code compiled with no-asm on the same - * machine. - */ - -# undef mul -# undef mul_add - -/*- - * "m"(a), "+m"(r) is the way to favor DirectPath µ-code; - * "g"(0) let the compiler to decide where does it - * want to keep the value of zero; - */ -# define mul_add(r,a,word,carry) do { \ - register BN_ULONG high,low; \ - asm ("mulq %3" \ - : "=a"(low),"=d"(high) \ - : "a"(word),"m"(a) \ - : "cc"); \ - asm ("addq %2,%0; adcq %3,%1" \ - : "+r"(carry),"+d"(high)\ - : "a"(low),"g"(0) \ - : "cc"); \ - asm ("addq %2,%0; adcq %3,%1" \ - : "+m"(r),"+d"(high) \ - : "r"(carry),"g"(0) \ - : "cc"); \ - carry=high; \ - } while (0) - -# define mul(r,a,word,carry) do { \ - register BN_ULONG high,low; \ - asm ("mulq %3" \ - : "=a"(low),"=d"(high) \ - : "a"(word),"g"(a) \ - : "cc"); \ - asm ("addq %2,%0; adcq %3,%1" \ - : "+r"(carry),"+d"(high)\ - : "a"(low),"g"(0) \ - : "cc"); \ - (r)=carry, carry=high; \ - } while (0) -# undef sqr -# define sqr(r0,r1,a) \ - asm ("mulq %2" \ - : "=a"(r0),"=d"(r1) \ - : "a"(a) \ - : "cc"); - -BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, - BN_ULONG w) -{ - BN_ULONG c1 = 0; - - if (num <= 0) - return c1; - - while (num & ~3) { - mul_add(rp[0], ap[0], w, c1); - mul_add(rp[1], ap[1], w, c1); - mul_add(rp[2], ap[2], w, c1); - mul_add(rp[3], ap[3], w, c1); - ap += 4; - rp += 4; - num -= 4; - } - if (num) { - mul_add(rp[0], ap[0], w, c1); - if (--num == 0) - return c1; - mul_add(rp[1], ap[1], w, c1); - if (--num == 0) - return c1; - mul_add(rp[2], ap[2], w, c1); - return c1; - } - - return c1; -} - -BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w) -{ - BN_ULONG c1 = 0; - - if (num <= 0) - return c1; - - while (num & ~3) { - mul(rp[0], ap[0], w, c1); - mul(rp[1], ap[1], w, c1); - mul(rp[2], ap[2], w, c1); - mul(rp[3], ap[3], w, c1); - ap += 4; - rp += 4; - num -= 4; - } - if (num) { - mul(rp[0], ap[0], w, c1); - if (--num == 0) - return c1; - mul(rp[1], ap[1], w, c1); - if (--num == 0) - return c1; - mul(rp[2], ap[2], w, c1); - } - return c1; -} - -void bn_sqr_words(BN_ULONG *r, const BN_ULONG *a, int n) -{ - if (n <= 0) - return; - - while (n & ~3) { - sqr(r[0], r[1], a[0]); - sqr(r[2], r[3], a[1]); - sqr(r[4], r[5], a[2]); - sqr(r[6], r[7], a[3]); - a += 4; - r += 8; - n -= 4; - } - if (n) { - sqr(r[0], r[1], a[0]); - if (--n == 0) - return; - sqr(r[2], r[3], a[1]); - if (--n == 0) - return; - sqr(r[4], r[5], a[2]); - } -} - -BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d) -{ - BN_ULONG ret, waste; - - asm("divq %4":"=a"(ret), "=d"(waste) - : "a"(l), "d"(h), "r"(d) - : "cc"); - - return ret; -} - -BN_ULONG bn_add_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, - int n) -{ - BN_ULONG ret; - size_t i = 0; - - if (n <= 0) - return 0; - - asm volatile (" subq %0,%0 \n" /* clear carry */ - " jmp 1f \n" - ".p2align 4 \n" - "1: movq (%4,%2,8),%0 \n" - " adcq (%5,%2,8),%0 \n" - " movq %0,(%3,%2,8) \n" - " lea 1(%2),%2 \n" - " dec %1 \n" - " jnz 1b \n" - " sbbq %0,%0 \n" - :"=&r" (ret), "+c"(n), "+r"(i) - :"r"(rp), "r"(ap), "r"(bp) - :"cc", "memory"); - - return ret & 1; -} - -# ifndef SIMICS -BN_ULONG bn_sub_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, - int n) -{ - BN_ULONG ret; - size_t i = 0; - - if (n <= 0) - return 0; - - asm volatile (" subq %0,%0 \n" /* clear borrow */ - " jmp 1f \n" - ".p2align 4 \n" - "1: movq (%4,%2,8),%0 \n" - " sbbq (%5,%2,8),%0 \n" - " movq %0,(%3,%2,8) \n" - " lea 1(%2),%2 \n" - " dec %1 \n" - " jnz 1b \n" - " sbbq %0,%0 \n" - :"=&r" (ret), "+c"(n), "+r"(i) - :"r"(rp), "r"(ap), "r"(bp) - :"cc", "memory"); - - return ret & 1; -} -# else -/* Simics 1.4<7 has buggy sbbq:-( */ -# define BN_MASK2 0xffffffffffffffffL -BN_ULONG bn_sub_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n) -{ - BN_ULONG t1, t2; - int c = 0; - - if (n <= 0) - return (BN_ULONG)0; - - for (;;) { - t1 = a[0]; - t2 = b[0]; - r[0] = (t1 - t2 - c) & BN_MASK2; - if (t1 != t2) - c = (t1 < t2); - if (--n <= 0) - break; - - t1 = a[1]; - t2 = b[1]; - r[1] = (t1 - t2 - c) & BN_MASK2; - if (t1 != t2) - c = (t1 < t2); - if (--n <= 0) - break; - - t1 = a[2]; - t2 = b[2]; - r[2] = (t1 - t2 - c) & BN_MASK2; - if (t1 != t2) - c = (t1 < t2); - if (--n <= 0) - break; - - t1 = a[3]; - t2 = b[3]; - r[3] = (t1 - t2 - c) & BN_MASK2; - if (t1 != t2) - c = (t1 < t2); - if (--n <= 0) - break; - - a += 4; - b += 4; - r += 4; - } - return c; -} -# endif - -/* mul_add_c(a,b,c0,c1,c2) -- c+=a*b for three word number c=(c2,c1,c0) */ -/* mul_add_c2(a,b,c0,c1,c2) -- c+=2*a*b for three word number c=(c2,c1,c0) */ -/* sqr_add_c(a,i,c0,c1,c2) -- c+=a[i]^2 for three word number c=(c2,c1,c0) */ -/* - * sqr_add_c2(a,i,c0,c1,c2) -- c+=2*a[i]*a[j] for three word number - * c=(c2,c1,c0) - */ - -/* - * Keep in mind that carrying into high part of multiplication result - * can not overflow, because it cannot be all-ones. - */ -# if 0 -/* original macros are kept for reference purposes */ -# define mul_add_c(a,b,c0,c1,c2) do { \ - BN_ULONG ta = (a), tb = (b); \ - BN_ULONG lo, hi; \ - BN_UMULT_LOHI(lo,hi,ta,tb); \ - c0 += lo; hi += (c0 for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# ==================================================================== -# -# May 2011 -# -# The module implements bn_GF2m_mul_2x2 polynomial multiplication used -# in bn_gf2m.c. It's kind of low-hanging mechanical port from C for -# the time being... Except that it has two code paths: code suitable -# for any x86_64 CPU and PCLMULQDQ one suitable for Westmere and -# later. Improvement varies from one benchmark and µ-arch to another. -# Vanilla code path is at most 20% faster than compiler-generated code -# [not very impressive], while PCLMULQDQ - whole 85%-160% better on -# 163- and 571-bit ECDH benchmarks on Intel CPUs. Keep in mind that -# these coefficients are not ones for bn_GF2m_mul_2x2 itself, as not -# all CPU time is burnt in it... - -# $output is the last argument if it looks like a file (it has an extension) -# $flavour is the first argument if it doesn't look like a file -$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; -$flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef; - -$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/); - -$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; -( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or -( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or -die "can't locate x86_64-xlate.pl"; - -open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"" - or die "can't call $xlate: $!"; -*STDOUT=*OUT; - -($lo,$hi)=("%rax","%rdx"); $a=$lo; -($i0,$i1)=("%rsi","%rdi"); -($t0,$t1)=("%rbx","%rcx"); -($b,$mask)=("%rbp","%r8"); -($a1,$a2,$a4,$a8,$a12,$a48)=map("%r$_",(9..15)); -($R,$Tx)=("%xmm0","%xmm1"); - -$code.=<<___; -.text - -.type _mul_1x1,\@abi-omnipotent -.align 16 -_mul_1x1: -.cfi_startproc - sub \$128+8,%rsp -.cfi_adjust_cfa_offset 128+8 - mov \$-1,$a1 - lea ($a,$a),$i0 - shr \$3,$a1 - lea (,$a,4),$i1 - and $a,$a1 # a1=a&0x1fffffffffffffff - lea (,$a,8),$a8 - sar \$63,$a # broadcast 63rd bit - lea ($a1,$a1),$a2 - sar \$63,$i0 # broadcast 62nd bit - lea (,$a1,4),$a4 - and $b,$a - sar \$63,$i1 # broadcast 61st bit - mov $a,$hi # $a is $lo - shl \$63,$lo - and $b,$i0 - shr \$1,$hi - mov $i0,$t1 - shl \$62,$i0 - and $b,$i1 - shr \$2,$t1 - xor $i0,$lo - mov $i1,$t0 - shl \$61,$i1 - xor $t1,$hi - shr \$3,$t0 - xor $i1,$lo - xor $t0,$hi - - mov $a1,$a12 - movq \$0,0(%rsp) # tab[0]=0 - xor $a2,$a12 # a1^a2 - mov $a1,8(%rsp) # tab[1]=a1 - mov $a4,$a48 - mov $a2,16(%rsp) # tab[2]=a2 - xor $a8,$a48 # a4^a8 - mov $a12,24(%rsp) # tab[3]=a1^a2 - - xor $a4,$a1 - mov $a4,32(%rsp) # tab[4]=a4 - xor $a4,$a2 - mov $a1,40(%rsp) # tab[5]=a1^a4 - xor $a4,$a12 - mov $a2,48(%rsp) # tab[6]=a2^a4 - xor $a48,$a1 # a1^a4^a4^a8=a1^a8 - mov $a12,56(%rsp) # tab[7]=a1^a2^a4 - xor $a48,$a2 # a2^a4^a4^a8=a1^a8 - - mov $a8,64(%rsp) # tab[8]=a8 - xor $a48,$a12 # a1^a2^a4^a4^a8=a1^a2^a8 - mov $a1,72(%rsp) # tab[9]=a1^a8 - xor $a4,$a1 # a1^a8^a4 - mov $a2,80(%rsp) # tab[10]=a2^a8 - xor $a4,$a2 # a2^a8^a4 - mov $a12,88(%rsp) # tab[11]=a1^a2^a8 - - xor $a4,$a12 # a1^a2^a8^a4 - mov $a48,96(%rsp) # tab[12]=a4^a8 - mov $mask,$i0 - mov $a1,104(%rsp) # tab[13]=a1^a4^a8 - and $b,$i0 - mov $a2,112(%rsp) # tab[14]=a2^a4^a8 - shr \$4,$b - mov $a12,120(%rsp) # tab[15]=a1^a2^a4^a8 - mov $mask,$i1 - and $b,$i1 - shr \$4,$b - - movq (%rsp,$i0,8),$R # half of calculations is done in SSE2 - mov $mask,$i0 - and $b,$i0 - shr \$4,$b -___ - for ($n=1;$n<8;$n++) { - $code.=<<___; - mov (%rsp,$i1,8),$t1 - mov $mask,$i1 - mov $t1,$t0 - shl \$`8*$n-4`,$t1 - and $b,$i1 - movq (%rsp,$i0,8),$Tx - shr \$`64-(8*$n-4)`,$t0 - xor $t1,$lo - pslldq \$$n,$Tx - mov $mask,$i0 - shr \$4,$b - xor $t0,$hi - and $b,$i0 - shr \$4,$b - pxor $Tx,$R -___ - } -$code.=<<___; - mov (%rsp,$i1,8),$t1 - mov $t1,$t0 - shl \$`8*$n-4`,$t1 - movq $R,$i0 - shr \$`64-(8*$n-4)`,$t0 - xor $t1,$lo - psrldq \$8,$R - xor $t0,$hi - movq $R,$i1 - xor $i0,$lo - xor $i1,$hi - - add \$128+8,%rsp -.cfi_adjust_cfa_offset -128-8 - ret -.Lend_mul_1x1: -.cfi_endproc -.size _mul_1x1,.-_mul_1x1 -___ - -($rp,$a1,$a0,$b1,$b0) = $win64? ("%rcx","%rdx","%r8", "%r9","%r10") : # Win64 order - ("%rdi","%rsi","%rdx","%rcx","%r8"); # Unix order - -$code.=<<___; -.extern OPENSSL_ia32cap_P -.globl bn_GF2m_mul_2x2 -.type bn_GF2m_mul_2x2,\@abi-omnipotent -.align 16 -bn_GF2m_mul_2x2: -.cfi_startproc - mov %rsp,%rax - mov OPENSSL_ia32cap_P(%rip),%r10 - bt \$33,%r10 - jnc .Lvanilla_mul_2x2 - - movq $a1,%xmm0 - movq $b1,%xmm1 - movq $a0,%xmm2 -___ -$code.=<<___ if ($win64); - movq 40(%rsp),%xmm3 -___ -$code.=<<___ if (!$win64); - movq $b0,%xmm3 -___ -$code.=<<___; - movdqa %xmm0,%xmm4 - movdqa %xmm1,%xmm5 - pclmulqdq \$0,%xmm1,%xmm0 # a1·b1 - pxor %xmm2,%xmm4 - pxor %xmm3,%xmm5 - pclmulqdq \$0,%xmm3,%xmm2 # a0·b0 - pclmulqdq \$0,%xmm5,%xmm4 # (a0+a1)·(b0+b1) - xorps %xmm0,%xmm4 - xorps %xmm2,%xmm4 # (a0+a1)·(b0+b1)-a0·b0-a1·b1 - movdqa %xmm4,%xmm5 - pslldq \$8,%xmm4 - psrldq \$8,%xmm5 - pxor %xmm4,%xmm2 - pxor %xmm5,%xmm0 - movdqu %xmm2,0($rp) - movdqu %xmm0,16($rp) - ret - -.align 16 -.Lvanilla_mul_2x2: - lea -8*17(%rsp),%rsp -.cfi_adjust_cfa_offset 8*17 -___ -$code.=<<___ if ($win64); - mov `8*17+40`(%rsp),$b0 - mov %rdi,8*15(%rsp) - mov %rsi,8*16(%rsp) -___ -$code.=<<___; - mov %r14,8*10(%rsp) -.cfi_rel_offset %r14,8*10 - mov %r13,8*11(%rsp) -.cfi_rel_offset %r13,8*11 - mov %r12,8*12(%rsp) -.cfi_rel_offset %r12,8*12 - mov %rbp,8*13(%rsp) -.cfi_rel_offset %rbp,8*13 - mov %rbx,8*14(%rsp) -.cfi_rel_offset %rbx,8*14 -.Lbody_mul_2x2: - mov $rp,32(%rsp) # save the arguments - mov $a1,40(%rsp) - mov $a0,48(%rsp) - mov $b1,56(%rsp) - mov $b0,64(%rsp) - - mov \$0xf,$mask - mov $a1,$a - mov $b1,$b - call _mul_1x1 # a1·b1 - mov $lo,16(%rsp) - mov $hi,24(%rsp) - - mov 48(%rsp),$a - mov 64(%rsp),$b - call _mul_1x1 # a0·b0 - mov $lo,0(%rsp) - mov $hi,8(%rsp) - - mov 40(%rsp),$a - mov 56(%rsp),$b - xor 48(%rsp),$a - xor 64(%rsp),$b - call _mul_1x1 # (a0+a1)·(b0+b1) -___ - @r=("%rbx","%rcx","%rdi","%rsi"); -$code.=<<___; - mov 0(%rsp),@r[0] - mov 8(%rsp),@r[1] - mov 16(%rsp),@r[2] - mov 24(%rsp),@r[3] - mov 32(%rsp),%rbp - - xor $hi,$lo - xor @r[1],$hi - xor @r[0],$lo - mov @r[0],0(%rbp) - xor @r[2],$hi - mov @r[3],24(%rbp) - xor @r[3],$lo - xor @r[3],$hi - xor $hi,$lo - mov $hi,16(%rbp) - mov $lo,8(%rbp) - - mov 8*10(%rsp),%r14 -.cfi_restore %r14 - mov 8*11(%rsp),%r13 -.cfi_restore %r13 - mov 8*12(%rsp),%r12 -.cfi_restore %r12 - mov 8*13(%rsp),%rbp -.cfi_restore %rbp - mov 8*14(%rsp),%rbx -.cfi_restore %rbx -___ -$code.=<<___ if ($win64); - mov 8*15(%rsp),%rdi - mov 8*16(%rsp),%rsi -___ -$code.=<<___; - lea 8*17(%rsp),%rsp -.cfi_adjust_cfa_offset -8*17 -.Lepilogue_mul_2x2: - ret -.Lend_mul_2x2: -.cfi_endproc -.size bn_GF2m_mul_2x2,.-bn_GF2m_mul_2x2 -.asciz "GF(2^m) Multiplication for x86_64, CRYPTOGAMS by " -.align 16 -___ - -# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame, -# CONTEXT *context,DISPATCHER_CONTEXT *disp) -if ($win64) { -$rec="%rcx"; -$frame="%rdx"; -$context="%r8"; -$disp="%r9"; - -$code.=<<___; -.extern __imp_RtlVirtualUnwind - -.type se_handler,\@abi-omnipotent -.align 16 -se_handler: - push %rsi - push %rdi - push %rbx - push %rbp - push %r12 - push %r13 - push %r14 - push %r15 - pushfq - sub \$64,%rsp - - mov 120($context),%rax # pull context->Rax - mov 248($context),%rbx # pull context->Rip - - lea .Lbody_mul_2x2(%rip),%r10 - cmp %r10,%rbx # context->Rip<"prologue" label - jb .Lin_prologue - - mov 152($context),%rax # pull context->Rsp - - lea .Lepilogue_mul_2x2(%rip),%r10 - cmp %r10,%rbx # context->Rip>="epilogue" label - jae .Lin_prologue - - mov 8*10(%rax),%r14 # mimic epilogue - mov 8*11(%rax),%r13 - mov 8*12(%rax),%r12 - mov 8*13(%rax),%rbp - mov 8*14(%rax),%rbx - mov 8*15(%rax),%rdi - mov 8*16(%rax),%rsi - - mov %rbx,144($context) # restore context->Rbx - mov %rbp,160($context) # restore context->Rbp - mov %rsi,168($context) # restore context->Rsi - mov %rdi,176($context) # restore context->Rdi - mov %r12,216($context) # restore context->R12 - mov %r13,224($context) # restore context->R13 - mov %r14,232($context) # restore context->R14 - - lea 8*17(%rax),%rax - -.Lin_prologue: - mov %rax,152($context) # restore context->Rsp - - mov 40($disp),%rdi # disp->ContextRecord - mov $context,%rsi # context - mov \$154,%ecx # sizeof(CONTEXT) - .long 0xa548f3fc # cld; rep movsq - - mov $disp,%rsi - xor %rcx,%rcx # arg1, UNW_FLAG_NHANDLER - mov 8(%rsi),%rdx # arg2, disp->ImageBase - mov 0(%rsi),%r8 # arg3, disp->ControlPc - mov 16(%rsi),%r9 # arg4, disp->FunctionEntry - mov 40(%rsi),%r10 # disp->ContextRecord - lea 56(%rsi),%r11 # &disp->HandlerData - lea 24(%rsi),%r12 # &disp->EstablisherFrame - mov %r10,32(%rsp) # arg5 - mov %r11,40(%rsp) # arg6 - mov %r12,48(%rsp) # arg7 - mov %rcx,56(%rsp) # arg8, (NULL) - call *__imp_RtlVirtualUnwind(%rip) - - mov \$1,%eax # ExceptionContinueSearch - add \$64,%rsp - popfq - pop %r15 - pop %r14 - pop %r13 - pop %r12 - pop %rbp - pop %rbx - pop %rdi - pop %rsi - ret -.size se_handler,.-se_handler - -.section .pdata -.align 4 - .rva _mul_1x1 - .rva .Lend_mul_1x1 - .rva .LSEH_info_1x1 - - .rva .Lvanilla_mul_2x2 - .rva .Lend_mul_2x2 - .rva .LSEH_info_2x2 -.section .xdata -.align 8 -.LSEH_info_1x1: - .byte 0x01,0x07,0x02,0x00 - .byte 0x07,0x01,0x11,0x00 # sub rsp,128+8 -.LSEH_info_2x2: - .byte 9,0,0,0 - .rva se_handler -___ -} - -$code =~ s/\`([^\`]*)\`/eval($1)/gem; -print $code; -close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/bn/asm/x86_64-mont.pl b/crypto/bn/asm/x86_64-mont.pl deleted file mode 100755 index 140072b899dcb70fbf02d54008456e123718049e..0000000000000000000000000000000000000000 --- a/crypto/bn/asm/x86_64-mont.pl +++ /dev/null @@ -1,1594 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2005-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - - -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# ==================================================================== - -# October 2005. -# -# Montgomery multiplication routine for x86_64. While it gives modest -# 9% improvement of rsa4096 sign on Opteron, rsa512 sign runs more -# than twice, >2x, as fast. Most common rsa1024 sign is improved by -# respectful 50%. It remains to be seen if loop unrolling and -# dedicated squaring routine can provide further improvement... - -# July 2011. -# -# Add dedicated squaring procedure. Performance improvement varies -# from platform to platform, but in average it's ~5%/15%/25%/33% -# for 512-/1024-/2048-/4096-bit RSA *sign* benchmarks respectively. - -# August 2011. -# -# Unroll and modulo-schedule inner loops in such manner that they -# are "fallen through" for input lengths of 8, which is critical for -# 1024-bit RSA *sign*. Average performance improvement in comparison -# to *initial* version of this module from 2005 is ~0%/30%/40%/45% -# for 512-/1024-/2048-/4096-bit RSA *sign* benchmarks respectively. - -# June 2013. -# -# Optimize reduction in squaring procedure and improve 1024+-bit RSA -# sign performance by 10-16% on Intel Sandy Bridge and later -# (virtually same on non-Intel processors). - -# August 2013. -# -# Add MULX/ADOX/ADCX code path. - -# $output is the last argument if it looks like a file (it has an extension) -# $flavour is the first argument if it doesn't look like a file -$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; -$flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef; - -$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/); - -$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; -( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or -( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or -die "can't locate x86_64-xlate.pl"; - -open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"" - or die "can't call $xlate: $!"; -*STDOUT=*OUT; - -if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1` - =~ /GNU assembler version ([2-9]\.[0-9]+)/) { - $addx = ($1>=2.23); -} - -if (!$addx && $win64 && ($flavour =~ /nasm/ || $ENV{ASM} =~ /nasm/) && - `nasm -v 2>&1` =~ /NASM version ([2-9]\.[0-9]+)/) { - $addx = ($1>=2.10); -} - -if (!$addx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) && - `ml64 2>&1` =~ /Version ([0-9]+)\./) { - $addx = ($1>=12); -} - -if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:clang|LLVM) version|.*based on LLVM) ([0-9]+)\.([0-9]+)/) { - my $ver = $2 + $3/100.0; # 3.1->3.01, 3.10->3.10 - $addx = ($ver>=3.03); -} - -# int bn_mul_mont( -$rp="%rdi"; # BN_ULONG *rp, -$ap="%rsi"; # const BN_ULONG *ap, -$bp="%rdx"; # const BN_ULONG *bp, -$np="%rcx"; # const BN_ULONG *np, -$n0="%r8"; # const BN_ULONG *n0, -$num="%r9"; # int num); -$lo0="%r10"; -$hi0="%r11"; -$hi1="%r13"; -$i="%r14"; -$j="%r15"; -$m0="%rbx"; -$m1="%rbp"; - -$code=<<___; -.text - -.extern OPENSSL_ia32cap_P - -.globl bn_mul_mont -.type bn_mul_mont,\@function,6 -.align 16 -bn_mul_mont: -.cfi_startproc - mov ${num}d,${num}d - mov %rsp,%rax -.cfi_def_cfa_register %rax - test \$3,${num}d - jnz .Lmul_enter - cmp \$8,${num}d - jb .Lmul_enter -___ -$code.=<<___ if ($addx); - mov OPENSSL_ia32cap_P+8(%rip),%r11d -___ -$code.=<<___; - cmp $ap,$bp - jne .Lmul4x_enter - test \$7,${num}d - jz .Lsqr8x_enter - jmp .Lmul4x_enter - -.align 16 -.Lmul_enter: - push %rbx -.cfi_push %rbx - push %rbp -.cfi_push %rbp - push %r12 -.cfi_push %r12 - push %r13 -.cfi_push %r13 - push %r14 -.cfi_push %r14 - push %r15 -.cfi_push %r15 - - neg $num - mov %rsp,%r11 - lea -16(%rsp,$num,8),%r10 # future alloca(8*(num+2)) - neg $num # restore $num - and \$-1024,%r10 # minimize TLB usage - - # An OS-agnostic version of __chkstk. - # - # Some OSes (Windows) insist on stack being "wired" to - # physical memory in strictly sequential manner, i.e. if stack - # allocation spans two pages, then reference to farmost one can - # be punishable by SEGV. But page walking can do good even on - # other OSes, because it guarantees that villain thread hits - # the guard page before it can make damage to innocent one... - sub %r10,%r11 - and \$-4096,%r11 - lea (%r10,%r11),%rsp - mov (%rsp),%r11 - cmp %r10,%rsp - ja .Lmul_page_walk - jmp .Lmul_page_walk_done - -.align 16 -.Lmul_page_walk: - lea -4096(%rsp),%rsp - mov (%rsp),%r11 - cmp %r10,%rsp - ja .Lmul_page_walk -.Lmul_page_walk_done: - - mov %rax,8(%rsp,$num,8) # tp[num+1]=%rsp -.cfi_cfa_expression %rsp+8,$num,8,mul,plus,deref,+8 -.Lmul_body: - mov $bp,%r12 # reassign $bp -___ - $bp="%r12"; -$code.=<<___; - mov ($n0),$n0 # pull n0[0] value - mov ($bp),$m0 # m0=bp[0] - mov ($ap),%rax - - xor $i,$i # i=0 - xor $j,$j # j=0 - - mov $n0,$m1 - mulq $m0 # ap[0]*bp[0] - mov %rax,$lo0 - mov ($np),%rax - - imulq $lo0,$m1 # "tp[0]"*n0 - mov %rdx,$hi0 - - mulq $m1 # np[0]*m1 - add %rax,$lo0 # discarded - mov 8($ap),%rax - adc \$0,%rdx - mov %rdx,$hi1 - - lea 1($j),$j # j++ - jmp .L1st_enter - -.align 16 -.L1st: - add %rax,$hi1 - mov ($ap,$j,8),%rax - adc \$0,%rdx - add $hi0,$hi1 # np[j]*m1+ap[j]*bp[0] - mov $lo0,$hi0 - adc \$0,%rdx - mov $hi1,-16(%rsp,$j,8) # tp[j-1] - mov %rdx,$hi1 - -.L1st_enter: - mulq $m0 # ap[j]*bp[0] - add %rax,$hi0 - mov ($np,$j,8),%rax - adc \$0,%rdx - lea 1($j),$j # j++ - mov %rdx,$lo0 - - mulq $m1 # np[j]*m1 - cmp $num,$j - jne .L1st - - add %rax,$hi1 - mov ($ap),%rax # ap[0] - adc \$0,%rdx - add $hi0,$hi1 # np[j]*m1+ap[j]*bp[0] - adc \$0,%rdx - mov $hi1,-16(%rsp,$j,8) # tp[j-1] - mov %rdx,$hi1 - mov $lo0,$hi0 - - xor %rdx,%rdx - add $hi0,$hi1 - adc \$0,%rdx - mov $hi1,-8(%rsp,$num,8) - mov %rdx,(%rsp,$num,8) # store upmost overflow bit - - lea 1($i),$i # i++ - jmp .Louter -.align 16 -.Louter: - mov ($bp,$i,8),$m0 # m0=bp[i] - xor $j,$j # j=0 - mov $n0,$m1 - mov (%rsp),$lo0 - mulq $m0 # ap[0]*bp[i] - add %rax,$lo0 # ap[0]*bp[i]+tp[0] - mov ($np),%rax - adc \$0,%rdx - - imulq $lo0,$m1 # tp[0]*n0 - mov %rdx,$hi0 - - mulq $m1 # np[0]*m1 - add %rax,$lo0 # discarded - mov 8($ap),%rax - adc \$0,%rdx - mov 8(%rsp),$lo0 # tp[1] - mov %rdx,$hi1 - - lea 1($j),$j # j++ - jmp .Linner_enter - -.align 16 -.Linner: - add %rax,$hi1 - mov ($ap,$j,8),%rax - adc \$0,%rdx - add $lo0,$hi1 # np[j]*m1+ap[j]*bp[i]+tp[j] - mov (%rsp,$j,8),$lo0 - adc \$0,%rdx - mov $hi1,-16(%rsp,$j,8) # tp[j-1] - mov %rdx,$hi1 - -.Linner_enter: - mulq $m0 # ap[j]*bp[i] - add %rax,$hi0 - mov ($np,$j,8),%rax - adc \$0,%rdx - add $hi0,$lo0 # ap[j]*bp[i]+tp[j] - mov %rdx,$hi0 - adc \$0,$hi0 - lea 1($j),$j # j++ - - mulq $m1 # np[j]*m1 - cmp $num,$j - jne .Linner - - add %rax,$hi1 - mov ($ap),%rax # ap[0] - adc \$0,%rdx - add $lo0,$hi1 # np[j]*m1+ap[j]*bp[i]+tp[j] - mov (%rsp,$j,8),$lo0 - adc \$0,%rdx - mov $hi1,-16(%rsp,$j,8) # tp[j-1] - mov %rdx,$hi1 - - xor %rdx,%rdx - add $hi0,$hi1 - adc \$0,%rdx - add $lo0,$hi1 # pull upmost overflow bit - adc \$0,%rdx - mov $hi1,-8(%rsp,$num,8) - mov %rdx,(%rsp,$num,8) # store upmost overflow bit - - lea 1($i),$i # i++ - cmp $num,$i - jb .Louter - - xor $i,$i # i=0 and clear CF! - mov (%rsp),%rax # tp[0] - mov $num,$j # j=num - -.align 16 -.Lsub: sbb ($np,$i,8),%rax - mov %rax,($rp,$i,8) # rp[i]=tp[i]-np[i] - mov 8(%rsp,$i,8),%rax # tp[i+1] - lea 1($i),$i # i++ - dec $j # doesn't affect CF! - jnz .Lsub - - sbb \$0,%rax # handle upmost overflow bit - mov \$-1,%rbx - xor %rax,%rbx # not %rax - xor $i,$i - mov $num,$j # j=num - -.Lcopy: # conditional copy - mov ($rp,$i,8),%rcx - mov (%rsp,$i,8),%rdx - and %rbx,%rcx - and %rax,%rdx - mov $num,(%rsp,$i,8) # zap temporary vector - or %rcx,%rdx - mov %rdx,($rp,$i,8) # rp[i]=tp[i] - lea 1($i),$i - sub \$1,$j - jnz .Lcopy - - mov 8(%rsp,$num,8),%rsi # restore %rsp -.cfi_def_cfa %rsi,8 - mov \$1,%rax - mov -48(%rsi),%r15 -.cfi_restore %r15 - mov -40(%rsi),%r14 -.cfi_restore %r14 - mov -32(%rsi),%r13 -.cfi_restore %r13 - mov -24(%rsi),%r12 -.cfi_restore %r12 - mov -16(%rsi),%rbp -.cfi_restore %rbp - mov -8(%rsi),%rbx -.cfi_restore %rbx - lea (%rsi),%rsp -.cfi_def_cfa_register %rsp -.Lmul_epilogue: - ret -.cfi_endproc -.size bn_mul_mont,.-bn_mul_mont -___ -{{{ -my @A=("%r10","%r11"); -my @N=("%r13","%rdi"); -$code.=<<___; -.type bn_mul4x_mont,\@function,6 -.align 16 -bn_mul4x_mont: -.cfi_startproc - mov ${num}d,${num}d - mov %rsp,%rax -.cfi_def_cfa_register %rax -.Lmul4x_enter: -___ -$code.=<<___ if ($addx); - and \$0x80100,%r11d - cmp \$0x80100,%r11d - je .Lmulx4x_enter -___ -$code.=<<___; - push %rbx -.cfi_push %rbx - push %rbp -.cfi_push %rbp - push %r12 -.cfi_push %r12 - push %r13 -.cfi_push %r13 - push %r14 -.cfi_push %r14 - push %r15 -.cfi_push %r15 - - neg $num - mov %rsp,%r11 - lea -32(%rsp,$num,8),%r10 # future alloca(8*(num+4)) - neg $num # restore - and \$-1024,%r10 # minimize TLB usage - - sub %r10,%r11 - and \$-4096,%r11 - lea (%r10,%r11),%rsp - mov (%rsp),%r11 - cmp %r10,%rsp - ja .Lmul4x_page_walk - jmp .Lmul4x_page_walk_done - -.Lmul4x_page_walk: - lea -4096(%rsp),%rsp - mov (%rsp),%r11 - cmp %r10,%rsp - ja .Lmul4x_page_walk -.Lmul4x_page_walk_done: - - mov %rax,8(%rsp,$num,8) # tp[num+1]=%rsp -.cfi_cfa_expression %rsp+8,$num,8,mul,plus,deref,+8 -.Lmul4x_body: - mov $rp,16(%rsp,$num,8) # tp[num+2]=$rp - mov %rdx,%r12 # reassign $bp -___ - $bp="%r12"; -$code.=<<___; - mov ($n0),$n0 # pull n0[0] value - mov ($bp),$m0 # m0=bp[0] - mov ($ap),%rax - - xor $i,$i # i=0 - xor $j,$j # j=0 - - mov $n0,$m1 - mulq $m0 # ap[0]*bp[0] - mov %rax,$A[0] - mov ($np),%rax - - imulq $A[0],$m1 # "tp[0]"*n0 - mov %rdx,$A[1] - - mulq $m1 # np[0]*m1 - add %rax,$A[0] # discarded - mov 8($ap),%rax - adc \$0,%rdx - mov %rdx,$N[1] - - mulq $m0 - add %rax,$A[1] - mov 8($np),%rax - adc \$0,%rdx - mov %rdx,$A[0] - - mulq $m1 - add %rax,$N[1] - mov 16($ap),%rax - adc \$0,%rdx - add $A[1],$N[1] - lea 4($j),$j # j++ - adc \$0,%rdx - mov $N[1],(%rsp) - mov %rdx,$N[0] - jmp .L1st4x -.align 16 -.L1st4x: - mulq $m0 # ap[j]*bp[0] - add %rax,$A[0] - mov -16($np,$j,8),%rax - adc \$0,%rdx - mov %rdx,$A[1] - - mulq $m1 # np[j]*m1 - add %rax,$N[0] - mov -8($ap,$j,8),%rax - adc \$0,%rdx - add $A[0],$N[0] # np[j]*m1+ap[j]*bp[0] - adc \$0,%rdx - mov $N[0],-24(%rsp,$j,8) # tp[j-1] - mov %rdx,$N[1] - - mulq $m0 # ap[j]*bp[0] - add %rax,$A[1] - mov -8($np,$j,8),%rax - adc \$0,%rdx - mov %rdx,$A[0] - - mulq $m1 # np[j]*m1 - add %rax,$N[1] - mov ($ap,$j,8),%rax - adc \$0,%rdx - add $A[1],$N[1] # np[j]*m1+ap[j]*bp[0] - adc \$0,%rdx - mov $N[1],-16(%rsp,$j,8) # tp[j-1] - mov %rdx,$N[0] - - mulq $m0 # ap[j]*bp[0] - add %rax,$A[0] - mov ($np,$j,8),%rax - adc \$0,%rdx - mov %rdx,$A[1] - - mulq $m1 # np[j]*m1 - add %rax,$N[0] - mov 8($ap,$j,8),%rax - adc \$0,%rdx - add $A[0],$N[0] # np[j]*m1+ap[j]*bp[0] - adc \$0,%rdx - mov $N[0],-8(%rsp,$j,8) # tp[j-1] - mov %rdx,$N[1] - - mulq $m0 # ap[j]*bp[0] - add %rax,$A[1] - mov 8($np,$j,8),%rax - adc \$0,%rdx - lea 4($j),$j # j++ - mov %rdx,$A[0] - - mulq $m1 # np[j]*m1 - add %rax,$N[1] - mov -16($ap,$j,8),%rax - adc \$0,%rdx - add $A[1],$N[1] # np[j]*m1+ap[j]*bp[0] - adc \$0,%rdx - mov $N[1],-32(%rsp,$j,8) # tp[j-1] - mov %rdx,$N[0] - cmp $num,$j - jb .L1st4x - - mulq $m0 # ap[j]*bp[0] - add %rax,$A[0] - mov -16($np,$j,8),%rax - adc \$0,%rdx - mov %rdx,$A[1] - - mulq $m1 # np[j]*m1 - add %rax,$N[0] - mov -8($ap,$j,8),%rax - adc \$0,%rdx - add $A[0],$N[0] # np[j]*m1+ap[j]*bp[0] - adc \$0,%rdx - mov $N[0],-24(%rsp,$j,8) # tp[j-1] - mov %rdx,$N[1] - - mulq $m0 # ap[j]*bp[0] - add %rax,$A[1] - mov -8($np,$j,8),%rax - adc \$0,%rdx - mov %rdx,$A[0] - - mulq $m1 # np[j]*m1 - add %rax,$N[1] - mov ($ap),%rax # ap[0] - adc \$0,%rdx - add $A[1],$N[1] # np[j]*m1+ap[j]*bp[0] - adc \$0,%rdx - mov $N[1],-16(%rsp,$j,8) # tp[j-1] - mov %rdx,$N[0] - - xor $N[1],$N[1] - add $A[0],$N[0] - adc \$0,$N[1] - mov $N[0],-8(%rsp,$j,8) - mov $N[1],(%rsp,$j,8) # store upmost overflow bit - - lea 1($i),$i # i++ -.align 4 -.Louter4x: - mov ($bp,$i,8),$m0 # m0=bp[i] - xor $j,$j # j=0 - mov (%rsp),$A[0] - mov $n0,$m1 - mulq $m0 # ap[0]*bp[i] - add %rax,$A[0] # ap[0]*bp[i]+tp[0] - mov ($np),%rax - adc \$0,%rdx - - imulq $A[0],$m1 # tp[0]*n0 - mov %rdx,$A[1] - - mulq $m1 # np[0]*m1 - add %rax,$A[0] # "$N[0]", discarded - mov 8($ap),%rax - adc \$0,%rdx - mov %rdx,$N[1] - - mulq $m0 # ap[j]*bp[i] - add %rax,$A[1] - mov 8($np),%rax - adc \$0,%rdx - add 8(%rsp),$A[1] # +tp[1] - adc \$0,%rdx - mov %rdx,$A[0] - - mulq $m1 # np[j]*m1 - add %rax,$N[1] - mov 16($ap),%rax - adc \$0,%rdx - add $A[1],$N[1] # np[j]*m1+ap[j]*bp[i]+tp[j] - lea 4($j),$j # j+=2 - adc \$0,%rdx - mov $N[1],(%rsp) # tp[j-1] - mov %rdx,$N[0] - jmp .Linner4x -.align 16 -.Linner4x: - mulq $m0 # ap[j]*bp[i] - add %rax,$A[0] - mov -16($np,$j,8),%rax - adc \$0,%rdx - add -16(%rsp,$j,8),$A[0] # ap[j]*bp[i]+tp[j] - adc \$0,%rdx - mov %rdx,$A[1] - - mulq $m1 # np[j]*m1 - add %rax,$N[0] - mov -8($ap,$j,8),%rax - adc \$0,%rdx - add $A[0],$N[0] - adc \$0,%rdx - mov $N[0],-24(%rsp,$j,8) # tp[j-1] - mov %rdx,$N[1] - - mulq $m0 # ap[j]*bp[i] - add %rax,$A[1] - mov -8($np,$j,8),%rax - adc \$0,%rdx - add -8(%rsp,$j,8),$A[1] - adc \$0,%rdx - mov %rdx,$A[0] - - mulq $m1 # np[j]*m1 - add %rax,$N[1] - mov ($ap,$j,8),%rax - adc \$0,%rdx - add $A[1],$N[1] - adc \$0,%rdx - mov $N[1],-16(%rsp,$j,8) # tp[j-1] - mov %rdx,$N[0] - - mulq $m0 # ap[j]*bp[i] - add %rax,$A[0] - mov ($np,$j,8),%rax - adc \$0,%rdx - add (%rsp,$j,8),$A[0] # ap[j]*bp[i]+tp[j] - adc \$0,%rdx - mov %rdx,$A[1] - - mulq $m1 # np[j]*m1 - add %rax,$N[0] - mov 8($ap,$j,8),%rax - adc \$0,%rdx - add $A[0],$N[0] - adc \$0,%rdx - mov $N[0],-8(%rsp,$j,8) # tp[j-1] - mov %rdx,$N[1] - - mulq $m0 # ap[j]*bp[i] - add %rax,$A[1] - mov 8($np,$j,8),%rax - adc \$0,%rdx - add 8(%rsp,$j,8),$A[1] - adc \$0,%rdx - lea 4($j),$j # j++ - mov %rdx,$A[0] - - mulq $m1 # np[j]*m1 - add %rax,$N[1] - mov -16($ap,$j,8),%rax - adc \$0,%rdx - add $A[1],$N[1] - adc \$0,%rdx - mov $N[1],-32(%rsp,$j,8) # tp[j-1] - mov %rdx,$N[0] - cmp $num,$j - jb .Linner4x - - mulq $m0 # ap[j]*bp[i] - add %rax,$A[0] - mov -16($np,$j,8),%rax - adc \$0,%rdx - add -16(%rsp,$j,8),$A[0] # ap[j]*bp[i]+tp[j] - adc \$0,%rdx - mov %rdx,$A[1] - - mulq $m1 # np[j]*m1 - add %rax,$N[0] - mov -8($ap,$j,8),%rax - adc \$0,%rdx - add $A[0],$N[0] - adc \$0,%rdx - mov $N[0],-24(%rsp,$j,8) # tp[j-1] - mov %rdx,$N[1] - - mulq $m0 # ap[j]*bp[i] - add %rax,$A[1] - mov -8($np,$j,8),%rax - adc \$0,%rdx - add -8(%rsp,$j,8),$A[1] - adc \$0,%rdx - lea 1($i),$i # i++ - mov %rdx,$A[0] - - mulq $m1 # np[j]*m1 - add %rax,$N[1] - mov ($ap),%rax # ap[0] - adc \$0,%rdx - add $A[1],$N[1] - adc \$0,%rdx - mov $N[1],-16(%rsp,$j,8) # tp[j-1] - mov %rdx,$N[0] - - xor $N[1],$N[1] - add $A[0],$N[0] - adc \$0,$N[1] - add (%rsp,$num,8),$N[0] # pull upmost overflow bit - adc \$0,$N[1] - mov $N[0],-8(%rsp,$j,8) - mov $N[1],(%rsp,$j,8) # store upmost overflow bit - - cmp $num,$i - jb .Louter4x -___ -{ -my @ri=("%rax","%rdx",$m0,$m1); -$code.=<<___; - mov 16(%rsp,$num,8),$rp # restore $rp - lea -4($num),$j - mov 0(%rsp),@ri[0] # tp[0] - mov 8(%rsp),@ri[1] # tp[1] - shr \$2,$j # j=num/4-1 - lea (%rsp),$ap # borrow ap for tp - xor $i,$i # i=0 and clear CF! - - sub 0($np),@ri[0] - mov 16($ap),@ri[2] # tp[2] - mov 24($ap),@ri[3] # tp[3] - sbb 8($np),@ri[1] - -.Lsub4x: - mov @ri[0],0($rp,$i,8) # rp[i]=tp[i]-np[i] - mov @ri[1],8($rp,$i,8) # rp[i]=tp[i]-np[i] - sbb 16($np,$i,8),@ri[2] - mov 32($ap,$i,8),@ri[0] # tp[i+1] - mov 40($ap,$i,8),@ri[1] - sbb 24($np,$i,8),@ri[3] - mov @ri[2],16($rp,$i,8) # rp[i]=tp[i]-np[i] - mov @ri[3],24($rp,$i,8) # rp[i]=tp[i]-np[i] - sbb 32($np,$i,8),@ri[0] - mov 48($ap,$i,8),@ri[2] - mov 56($ap,$i,8),@ri[3] - sbb 40($np,$i,8),@ri[1] - lea 4($i),$i # i++ - dec $j # doesn't affect CF! - jnz .Lsub4x - - mov @ri[0],0($rp,$i,8) # rp[i]=tp[i]-np[i] - mov 32($ap,$i,8),@ri[0] # load overflow bit - sbb 16($np,$i,8),@ri[2] - mov @ri[1],8($rp,$i,8) # rp[i]=tp[i]-np[i] - sbb 24($np,$i,8),@ri[3] - mov @ri[2],16($rp,$i,8) # rp[i]=tp[i]-np[i] - - sbb \$0,@ri[0] # handle upmost overflow bit - mov @ri[3],24($rp,$i,8) # rp[i]=tp[i]-np[i] - pxor %xmm0,%xmm0 - movq @ri[0],%xmm4 - pcmpeqd %xmm5,%xmm5 - pshufd \$0,%xmm4,%xmm4 - mov $num,$j - pxor %xmm4,%xmm5 - shr \$2,$j # j=num/4 - xor %eax,%eax # i=0 - - jmp .Lcopy4x -.align 16 -.Lcopy4x: # conditional copy - movdqa (%rsp,%rax),%xmm1 - movdqu ($rp,%rax),%xmm2 - pand %xmm4,%xmm1 - pand %xmm5,%xmm2 - movdqa 16(%rsp,%rax),%xmm3 - movdqa %xmm0,(%rsp,%rax) - por %xmm2,%xmm1 - movdqu 16($rp,%rax),%xmm2 - movdqu %xmm1,($rp,%rax) - pand %xmm4,%xmm3 - pand %xmm5,%xmm2 - movdqa %xmm0,16(%rsp,%rax) - por %xmm2,%xmm3 - movdqu %xmm3,16($rp,%rax) - lea 32(%rax),%rax - dec $j - jnz .Lcopy4x -___ -} -$code.=<<___; - mov 8(%rsp,$num,8),%rsi # restore %rsp -.cfi_def_cfa %rsi, 8 - mov \$1,%rax - mov -48(%rsi),%r15 -.cfi_restore %r15 - mov -40(%rsi),%r14 -.cfi_restore %r14 - mov -32(%rsi),%r13 -.cfi_restore %r13 - mov -24(%rsi),%r12 -.cfi_restore %r12 - mov -16(%rsi),%rbp -.cfi_restore %rbp - mov -8(%rsi),%rbx -.cfi_restore %rbx - lea (%rsi),%rsp -.cfi_def_cfa_register %rsp -.Lmul4x_epilogue: - ret -.cfi_endproc -.size bn_mul4x_mont,.-bn_mul4x_mont -___ -}}} - {{{ -###################################################################### -# void bn_sqr8x_mont( -my $rptr="%rdi"; # const BN_ULONG *rptr, -my $aptr="%rsi"; # const BN_ULONG *aptr, -my $bptr="%rdx"; # not used -my $nptr="%rcx"; # const BN_ULONG *nptr, -my $n0 ="%r8"; # const BN_ULONG *n0); -my $num ="%r9"; # int num, has to be divisible by 8 - -my ($i,$j,$tptr)=("%rbp","%rcx",$rptr); -my @A0=("%r10","%r11"); -my @A1=("%r12","%r13"); -my ($a0,$a1,$ai)=("%r14","%r15","%rbx"); - -$code.=<<___ if ($addx); -.extern bn_sqrx8x_internal # see x86_64-mont5 module -___ -$code.=<<___; -.extern bn_sqr8x_internal # see x86_64-mont5 module - -.type bn_sqr8x_mont,\@function,6 -.align 32 -bn_sqr8x_mont: -.cfi_startproc - mov %rsp,%rax -.cfi_def_cfa_register %rax -.Lsqr8x_enter: - push %rbx -.cfi_push %rbx - push %rbp -.cfi_push %rbp - push %r12 -.cfi_push %r12 - push %r13 -.cfi_push %r13 - push %r14 -.cfi_push %r14 - push %r15 -.cfi_push %r15 -.Lsqr8x_prologue: - - mov ${num}d,%r10d - shl \$3,${num}d # convert $num to bytes - shl \$3+2,%r10 # 4*$num - neg $num - - ############################################################## - # ensure that stack frame doesn't alias with $aptr modulo - # 4096. this is done to allow memory disambiguation logic - # do its job. - # - lea -64(%rsp,$num,2),%r11 - mov %rsp,%rbp - mov ($n0),$n0 # *n0 - sub $aptr,%r11 - and \$4095,%r11 - cmp %r11,%r10 - jb .Lsqr8x_sp_alt - sub %r11,%rbp # align with $aptr - lea -64(%rbp,$num,2),%rbp # future alloca(frame+2*$num) - jmp .Lsqr8x_sp_done - -.align 32 -.Lsqr8x_sp_alt: - lea 4096-64(,$num,2),%r10 # 4096-frame-2*$num - lea -64(%rbp,$num,2),%rbp # future alloca(frame+2*$num) - sub %r10,%r11 - mov \$0,%r10 - cmovc %r10,%r11 - sub %r11,%rbp -.Lsqr8x_sp_done: - and \$-64,%rbp - mov %rsp,%r11 - sub %rbp,%r11 - and \$-4096,%r11 - lea (%rbp,%r11),%rsp - mov (%rsp),%r10 - cmp %rbp,%rsp - ja .Lsqr8x_page_walk - jmp .Lsqr8x_page_walk_done - -.align 16 -.Lsqr8x_page_walk: - lea -4096(%rsp),%rsp - mov (%rsp),%r10 - cmp %rbp,%rsp - ja .Lsqr8x_page_walk -.Lsqr8x_page_walk_done: - - mov $num,%r10 - neg $num - - mov $n0, 32(%rsp) - mov %rax, 40(%rsp) # save original %rsp -.cfi_cfa_expression %rsp+40,deref,+8 -.Lsqr8x_body: - - movq $nptr, %xmm2 # save pointer to modulus - pxor %xmm0,%xmm0 - movq $rptr,%xmm1 # save $rptr - movq %r10, %xmm3 # -$num -___ -$code.=<<___ if ($addx); - mov OPENSSL_ia32cap_P+8(%rip),%eax - and \$0x80100,%eax - cmp \$0x80100,%eax - jne .Lsqr8x_nox - - call bn_sqrx8x_internal # see x86_64-mont5 module - # %rax top-most carry - # %rbp nptr - # %rcx -8*num - # %r8 end of tp[2*num] - lea (%r8,%rcx),%rbx - mov %rcx,$num - mov %rcx,%rdx - movq %xmm1,$rptr - sar \$3+2,%rcx # %cf=0 - jmp .Lsqr8x_sub - -.align 32 -.Lsqr8x_nox: -___ -$code.=<<___; - call bn_sqr8x_internal # see x86_64-mont5 module - # %rax top-most carry - # %rbp nptr - # %r8 -8*num - # %rdi end of tp[2*num] - lea (%rdi,$num),%rbx - mov $num,%rcx - mov $num,%rdx - movq %xmm1,$rptr - sar \$3+2,%rcx # %cf=0 - jmp .Lsqr8x_sub - -.align 32 -.Lsqr8x_sub: - mov 8*0(%rbx),%r12 - mov 8*1(%rbx),%r13 - mov 8*2(%rbx),%r14 - mov 8*3(%rbx),%r15 - lea 8*4(%rbx),%rbx - sbb 8*0(%rbp),%r12 - sbb 8*1(%rbp),%r13 - sbb 8*2(%rbp),%r14 - sbb 8*3(%rbp),%r15 - lea 8*4(%rbp),%rbp - mov %r12,8*0($rptr) - mov %r13,8*1($rptr) - mov %r14,8*2($rptr) - mov %r15,8*3($rptr) - lea 8*4($rptr),$rptr - inc %rcx # preserves %cf - jnz .Lsqr8x_sub - - sbb \$0,%rax # top-most carry - lea (%rbx,$num),%rbx # rewind - lea ($rptr,$num),$rptr # rewind - - movq %rax,%xmm1 - pxor %xmm0,%xmm0 - pshufd \$0,%xmm1,%xmm1 - mov 40(%rsp),%rsi # restore %rsp -.cfi_def_cfa %rsi,8 - jmp .Lsqr8x_cond_copy - -.align 32 -.Lsqr8x_cond_copy: - movdqa 16*0(%rbx),%xmm2 - movdqa 16*1(%rbx),%xmm3 - lea 16*2(%rbx),%rbx - movdqu 16*0($rptr),%xmm4 - movdqu 16*1($rptr),%xmm5 - lea 16*2($rptr),$rptr - movdqa %xmm0,-16*2(%rbx) # zero tp - movdqa %xmm0,-16*1(%rbx) - movdqa %xmm0,-16*2(%rbx,%rdx) - movdqa %xmm0,-16*1(%rbx,%rdx) - pcmpeqd %xmm1,%xmm0 - pand %xmm1,%xmm2 - pand %xmm1,%xmm3 - pand %xmm0,%xmm4 - pand %xmm0,%xmm5 - pxor %xmm0,%xmm0 - por %xmm2,%xmm4 - por %xmm3,%xmm5 - movdqu %xmm4,-16*2($rptr) - movdqu %xmm5,-16*1($rptr) - add \$32,$num - jnz .Lsqr8x_cond_copy - - mov \$1,%rax - mov -48(%rsi),%r15 -.cfi_restore %r15 - mov -40(%rsi),%r14 -.cfi_restore %r14 - mov -32(%rsi),%r13 -.cfi_restore %r13 - mov -24(%rsi),%r12 -.cfi_restore %r12 - mov -16(%rsi),%rbp -.cfi_restore %rbp - mov -8(%rsi),%rbx -.cfi_restore %rbx - lea (%rsi),%rsp -.cfi_def_cfa_register %rsp -.Lsqr8x_epilogue: - ret -.cfi_endproc -.size bn_sqr8x_mont,.-bn_sqr8x_mont -___ -}}} - -if ($addx) {{{ -my $bp="%rdx"; # original value - -$code.=<<___; -.type bn_mulx4x_mont,\@function,6 -.align 32 -bn_mulx4x_mont: -.cfi_startproc - mov %rsp,%rax -.cfi_def_cfa_register %rax -.Lmulx4x_enter: - push %rbx -.cfi_push %rbx - push %rbp -.cfi_push %rbp - push %r12 -.cfi_push %r12 - push %r13 -.cfi_push %r13 - push %r14 -.cfi_push %r14 - push %r15 -.cfi_push %r15 -.Lmulx4x_prologue: - - shl \$3,${num}d # convert $num to bytes - xor %r10,%r10 - sub $num,%r10 # -$num - mov ($n0),$n0 # *n0 - lea -72(%rsp,%r10),%rbp # future alloca(frame+$num+8) - and \$-128,%rbp - mov %rsp,%r11 - sub %rbp,%r11 - and \$-4096,%r11 - lea (%rbp,%r11),%rsp - mov (%rsp),%r10 - cmp %rbp,%rsp - ja .Lmulx4x_page_walk - jmp .Lmulx4x_page_walk_done - -.align 16 -.Lmulx4x_page_walk: - lea -4096(%rsp),%rsp - mov (%rsp),%r10 - cmp %rbp,%rsp - ja .Lmulx4x_page_walk -.Lmulx4x_page_walk_done: - - lea ($bp,$num),%r10 - ############################################################## - # Stack layout - # +0 num - # +8 off-loaded &b[i] - # +16 end of b[num] - # +24 saved n0 - # +32 saved rp - # +40 saved %rsp - # +48 inner counter - # +56 - # +64 tmp[num+1] - # - mov $num,0(%rsp) # save $num - shr \$5,$num - mov %r10,16(%rsp) # end of b[num] - sub \$1,$num - mov $n0, 24(%rsp) # save *n0 - mov $rp, 32(%rsp) # save $rp - mov %rax,40(%rsp) # save original %rsp -.cfi_cfa_expression %rsp+40,deref,+8 - mov $num,48(%rsp) # inner counter - jmp .Lmulx4x_body - -.align 32 -.Lmulx4x_body: -___ -my ($aptr, $bptr, $nptr, $tptr, $mi, $bi, $zero, $num)= - ("%rsi","%rdi","%rcx","%rbx","%r8","%r9","%rbp","%rax"); -my $rptr=$bptr; -$code.=<<___; - lea 8($bp),$bptr - mov ($bp),%rdx # b[0], $bp==%rdx actually - lea 64+32(%rsp),$tptr - mov %rdx,$bi - - mulx 0*8($aptr),$mi,%rax # a[0]*b[0] - mulx 1*8($aptr),%r11,%r14 # a[1]*b[0] - add %rax,%r11 - mov $bptr,8(%rsp) # off-load &b[i] - mulx 2*8($aptr),%r12,%r13 # ... - adc %r14,%r12 - adc \$0,%r13 - - mov $mi,$bptr # borrow $bptr - imulq 24(%rsp),$mi # "t[0]"*n0 - xor $zero,$zero # cf=0, of=0 - - mulx 3*8($aptr),%rax,%r14 - mov $mi,%rdx - lea 4*8($aptr),$aptr - adcx %rax,%r13 - adcx $zero,%r14 # cf=0 - - mulx 0*8($nptr),%rax,%r10 - adcx %rax,$bptr # discarded - adox %r11,%r10 - mulx 1*8($nptr),%rax,%r11 - adcx %rax,%r10 - adox %r12,%r11 - .byte 0xc4,0x62,0xfb,0xf6,0xa1,0x10,0x00,0x00,0x00 # mulx 2*8($nptr),%rax,%r12 - mov 48(%rsp),$bptr # counter value - mov %r10,-4*8($tptr) - adcx %rax,%r11 - adox %r13,%r12 - mulx 3*8($nptr),%rax,%r15 - mov $bi,%rdx - mov %r11,-3*8($tptr) - adcx %rax,%r12 - adox $zero,%r15 # of=0 - lea 4*8($nptr),$nptr - mov %r12,-2*8($tptr) - - jmp .Lmulx4x_1st - -.align 32 -.Lmulx4x_1st: - adcx $zero,%r15 # cf=0, modulo-scheduled - mulx 0*8($aptr),%r10,%rax # a[4]*b[0] - adcx %r14,%r10 - mulx 1*8($aptr),%r11,%r14 # a[5]*b[0] - adcx %rax,%r11 - mulx 2*8($aptr),%r12,%rax # ... - adcx %r14,%r12 - mulx 3*8($aptr),%r13,%r14 - .byte 0x67,0x67 - mov $mi,%rdx - adcx %rax,%r13 - adcx $zero,%r14 # cf=0 - lea 4*8($aptr),$aptr - lea 4*8($tptr),$tptr - - adox %r15,%r10 - mulx 0*8($nptr),%rax,%r15 - adcx %rax,%r10 - adox %r15,%r11 - mulx 1*8($nptr),%rax,%r15 - adcx %rax,%r11 - adox %r15,%r12 - mulx 2*8($nptr),%rax,%r15 - mov %r10,-5*8($tptr) - adcx %rax,%r12 - mov %r11,-4*8($tptr) - adox %r15,%r13 - mulx 3*8($nptr),%rax,%r15 - mov $bi,%rdx - mov %r12,-3*8($tptr) - adcx %rax,%r13 - adox $zero,%r15 - lea 4*8($nptr),$nptr - mov %r13,-2*8($tptr) - - dec $bptr # of=0, pass cf - jnz .Lmulx4x_1st - - mov 0(%rsp),$num # load num - mov 8(%rsp),$bptr # re-load &b[i] - adc $zero,%r15 # modulo-scheduled - add %r15,%r14 - sbb %r15,%r15 # top-most carry - mov %r14,-1*8($tptr) - jmp .Lmulx4x_outer - -.align 32 -.Lmulx4x_outer: - mov ($bptr),%rdx # b[i] - lea 8($bptr),$bptr # b++ - sub $num,$aptr # rewind $aptr - mov %r15,($tptr) # save top-most carry - lea 64+4*8(%rsp),$tptr - sub $num,$nptr # rewind $nptr - - mulx 0*8($aptr),$mi,%r11 # a[0]*b[i] - xor %ebp,%ebp # xor $zero,$zero # cf=0, of=0 - mov %rdx,$bi - mulx 1*8($aptr),%r14,%r12 # a[1]*b[i] - adox -4*8($tptr),$mi - adcx %r14,%r11 - mulx 2*8($aptr),%r15,%r13 # ... - adox -3*8($tptr),%r11 - adcx %r15,%r12 - adox -2*8($tptr),%r12 - adcx $zero,%r13 - adox $zero,%r13 - - mov $bptr,8(%rsp) # off-load &b[i] - mov $mi,%r15 - imulq 24(%rsp),$mi # "t[0]"*n0 - xor %ebp,%ebp # xor $zero,$zero # cf=0, of=0 - - mulx 3*8($aptr),%rax,%r14 - mov $mi,%rdx - adcx %rax,%r13 - adox -1*8($tptr),%r13 - adcx $zero,%r14 - lea 4*8($aptr),$aptr - adox $zero,%r14 - - mulx 0*8($nptr),%rax,%r10 - adcx %rax,%r15 # discarded - adox %r11,%r10 - mulx 1*8($nptr),%rax,%r11 - adcx %rax,%r10 - adox %r12,%r11 - mulx 2*8($nptr),%rax,%r12 - mov %r10,-4*8($tptr) - adcx %rax,%r11 - adox %r13,%r12 - mulx 3*8($nptr),%rax,%r15 - mov $bi,%rdx - mov %r11,-3*8($tptr) - lea 4*8($nptr),$nptr - adcx %rax,%r12 - adox $zero,%r15 # of=0 - mov 48(%rsp),$bptr # counter value - mov %r12,-2*8($tptr) - - jmp .Lmulx4x_inner - -.align 32 -.Lmulx4x_inner: - mulx 0*8($aptr),%r10,%rax # a[4]*b[i] - adcx $zero,%r15 # cf=0, modulo-scheduled - adox %r14,%r10 - mulx 1*8($aptr),%r11,%r14 # a[5]*b[i] - adcx 0*8($tptr),%r10 - adox %rax,%r11 - mulx 2*8($aptr),%r12,%rax # ... - adcx 1*8($tptr),%r11 - adox %r14,%r12 - mulx 3*8($aptr),%r13,%r14 - mov $mi,%rdx - adcx 2*8($tptr),%r12 - adox %rax,%r13 - adcx 3*8($tptr),%r13 - adox $zero,%r14 # of=0 - lea 4*8($aptr),$aptr - lea 4*8($tptr),$tptr - adcx $zero,%r14 # cf=0 - - adox %r15,%r10 - mulx 0*8($nptr),%rax,%r15 - adcx %rax,%r10 - adox %r15,%r11 - mulx 1*8($nptr),%rax,%r15 - adcx %rax,%r11 - adox %r15,%r12 - mulx 2*8($nptr),%rax,%r15 - mov %r10,-5*8($tptr) - adcx %rax,%r12 - adox %r15,%r13 - mulx 3*8($nptr),%rax,%r15 - mov $bi,%rdx - mov %r11,-4*8($tptr) - mov %r12,-3*8($tptr) - adcx %rax,%r13 - adox $zero,%r15 - lea 4*8($nptr),$nptr - mov %r13,-2*8($tptr) - - dec $bptr # of=0, pass cf - jnz .Lmulx4x_inner - - mov 0(%rsp),$num # load num - mov 8(%rsp),$bptr # re-load &b[i] - adc $zero,%r15 # modulo-scheduled - sub 0*8($tptr),$zero # pull top-most carry - adc %r15,%r14 - sbb %r15,%r15 # top-most carry - mov %r14,-1*8($tptr) - - cmp 16(%rsp),$bptr - jne .Lmulx4x_outer - - lea 64(%rsp),$tptr - sub $num,$nptr # rewind $nptr - neg %r15 - mov $num,%rdx - shr \$3+2,$num # %cf=0 - mov 32(%rsp),$rptr # restore rp - jmp .Lmulx4x_sub - -.align 32 -.Lmulx4x_sub: - mov 8*0($tptr),%r11 - mov 8*1($tptr),%r12 - mov 8*2($tptr),%r13 - mov 8*3($tptr),%r14 - lea 8*4($tptr),$tptr - sbb 8*0($nptr),%r11 - sbb 8*1($nptr),%r12 - sbb 8*2($nptr),%r13 - sbb 8*3($nptr),%r14 - lea 8*4($nptr),$nptr - mov %r11,8*0($rptr) - mov %r12,8*1($rptr) - mov %r13,8*2($rptr) - mov %r14,8*3($rptr) - lea 8*4($rptr),$rptr - dec $num # preserves %cf - jnz .Lmulx4x_sub - - sbb \$0,%r15 # top-most carry - lea 64(%rsp),$tptr - sub %rdx,$rptr # rewind - - movq %r15,%xmm1 - pxor %xmm0,%xmm0 - pshufd \$0,%xmm1,%xmm1 - mov 40(%rsp),%rsi # restore %rsp -.cfi_def_cfa %rsi,8 - jmp .Lmulx4x_cond_copy - -.align 32 -.Lmulx4x_cond_copy: - movdqa 16*0($tptr),%xmm2 - movdqa 16*1($tptr),%xmm3 - lea 16*2($tptr),$tptr - movdqu 16*0($rptr),%xmm4 - movdqu 16*1($rptr),%xmm5 - lea 16*2($rptr),$rptr - movdqa %xmm0,-16*2($tptr) # zero tp - movdqa %xmm0,-16*1($tptr) - pcmpeqd %xmm1,%xmm0 - pand %xmm1,%xmm2 - pand %xmm1,%xmm3 - pand %xmm0,%xmm4 - pand %xmm0,%xmm5 - pxor %xmm0,%xmm0 - por %xmm2,%xmm4 - por %xmm3,%xmm5 - movdqu %xmm4,-16*2($rptr) - movdqu %xmm5,-16*1($rptr) - sub \$32,%rdx - jnz .Lmulx4x_cond_copy - - mov %rdx,($tptr) - - mov \$1,%rax - mov -48(%rsi),%r15 -.cfi_restore %r15 - mov -40(%rsi),%r14 -.cfi_restore %r14 - mov -32(%rsi),%r13 -.cfi_restore %r13 - mov -24(%rsi),%r12 -.cfi_restore %r12 - mov -16(%rsi),%rbp -.cfi_restore %rbp - mov -8(%rsi),%rbx -.cfi_restore %rbx - lea (%rsi),%rsp -.cfi_def_cfa_register %rsp -.Lmulx4x_epilogue: - ret -.cfi_endproc -.size bn_mulx4x_mont,.-bn_mulx4x_mont -___ -}}} -$code.=<<___; -.asciz "Montgomery Multiplication for x86_64, CRYPTOGAMS by " -.align 16 -___ - -# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame, -# CONTEXT *context,DISPATCHER_CONTEXT *disp) -if ($win64) { -$rec="%rcx"; -$frame="%rdx"; -$context="%r8"; -$disp="%r9"; - -$code.=<<___; -.extern __imp_RtlVirtualUnwind -.type mul_handler,\@abi-omnipotent -.align 16 -mul_handler: - push %rsi - push %rdi - push %rbx - push %rbp - push %r12 - push %r13 - push %r14 - push %r15 - pushfq - sub \$64,%rsp - - mov 120($context),%rax # pull context->Rax - mov 248($context),%rbx # pull context->Rip - - mov 8($disp),%rsi # disp->ImageBase - mov 56($disp),%r11 # disp->HandlerData - - mov 0(%r11),%r10d # HandlerData[0] - lea (%rsi,%r10),%r10 # end of prologue label - cmp %r10,%rbx # context->RipRsp - - mov 4(%r11),%r10d # HandlerData[1] - lea (%rsi,%r10),%r10 # epilogue label - cmp %r10,%rbx # context->Rip>=epilogue label - jae .Lcommon_seh_tail - - mov 192($context),%r10 # pull $num - mov 8(%rax,%r10,8),%rax # pull saved stack pointer - - jmp .Lcommon_pop_regs -.size mul_handler,.-mul_handler - -.type sqr_handler,\@abi-omnipotent -.align 16 -sqr_handler: - push %rsi - push %rdi - push %rbx - push %rbp - push %r12 - push %r13 - push %r14 - push %r15 - pushfq - sub \$64,%rsp - - mov 120($context),%rax # pull context->Rax - mov 248($context),%rbx # pull context->Rip - - mov 8($disp),%rsi # disp->ImageBase - mov 56($disp),%r11 # disp->HandlerData - - mov 0(%r11),%r10d # HandlerData[0] - lea (%rsi,%r10),%r10 # end of prologue label - cmp %r10,%rbx # context->Rip<.Lsqr_prologue - jb .Lcommon_seh_tail - - mov 4(%r11),%r10d # HandlerData[1] - lea (%rsi,%r10),%r10 # body label - cmp %r10,%rbx # context->Rip<.Lsqr_body - jb .Lcommon_pop_regs - - mov 152($context),%rax # pull context->Rsp - - mov 8(%r11),%r10d # HandlerData[2] - lea (%rsi,%r10),%r10 # epilogue label - cmp %r10,%rbx # context->Rip>=.Lsqr_epilogue - jae .Lcommon_seh_tail - - mov 40(%rax),%rax # pull saved stack pointer - -.Lcommon_pop_regs: - mov -8(%rax),%rbx - mov -16(%rax),%rbp - mov -24(%rax),%r12 - mov -32(%rax),%r13 - mov -40(%rax),%r14 - mov -48(%rax),%r15 - mov %rbx,144($context) # restore context->Rbx - mov %rbp,160($context) # restore context->Rbp - mov %r12,216($context) # restore context->R12 - mov %r13,224($context) # restore context->R13 - mov %r14,232($context) # restore context->R14 - mov %r15,240($context) # restore context->R15 - -.Lcommon_seh_tail: - mov 8(%rax),%rdi - mov 16(%rax),%rsi - mov %rax,152($context) # restore context->Rsp - mov %rsi,168($context) # restore context->Rsi - mov %rdi,176($context) # restore context->Rdi - - mov 40($disp),%rdi # disp->ContextRecord - mov $context,%rsi # context - mov \$154,%ecx # sizeof(CONTEXT) - .long 0xa548f3fc # cld; rep movsq - - mov $disp,%rsi - xor %rcx,%rcx # arg1, UNW_FLAG_NHANDLER - mov 8(%rsi),%rdx # arg2, disp->ImageBase - mov 0(%rsi),%r8 # arg3, disp->ControlPc - mov 16(%rsi),%r9 # arg4, disp->FunctionEntry - mov 40(%rsi),%r10 # disp->ContextRecord - lea 56(%rsi),%r11 # &disp->HandlerData - lea 24(%rsi),%r12 # &disp->EstablisherFrame - mov %r10,32(%rsp) # arg5 - mov %r11,40(%rsp) # arg6 - mov %r12,48(%rsp) # arg7 - mov %rcx,56(%rsp) # arg8, (NULL) - call *__imp_RtlVirtualUnwind(%rip) - - mov \$1,%eax # ExceptionContinueSearch - add \$64,%rsp - popfq - pop %r15 - pop %r14 - pop %r13 - pop %r12 - pop %rbp - pop %rbx - pop %rdi - pop %rsi - ret -.size sqr_handler,.-sqr_handler - -.section .pdata -.align 4 - .rva .LSEH_begin_bn_mul_mont - .rva .LSEH_end_bn_mul_mont - .rva .LSEH_info_bn_mul_mont - - .rva .LSEH_begin_bn_mul4x_mont - .rva .LSEH_end_bn_mul4x_mont - .rva .LSEH_info_bn_mul4x_mont - - .rva .LSEH_begin_bn_sqr8x_mont - .rva .LSEH_end_bn_sqr8x_mont - .rva .LSEH_info_bn_sqr8x_mont -___ -$code.=<<___ if ($addx); - .rva .LSEH_begin_bn_mulx4x_mont - .rva .LSEH_end_bn_mulx4x_mont - .rva .LSEH_info_bn_mulx4x_mont -___ -$code.=<<___; -.section .xdata -.align 8 -.LSEH_info_bn_mul_mont: - .byte 9,0,0,0 - .rva mul_handler - .rva .Lmul_body,.Lmul_epilogue # HandlerData[] -.LSEH_info_bn_mul4x_mont: - .byte 9,0,0,0 - .rva mul_handler - .rva .Lmul4x_body,.Lmul4x_epilogue # HandlerData[] -.LSEH_info_bn_sqr8x_mont: - .byte 9,0,0,0 - .rva sqr_handler - .rva .Lsqr8x_prologue,.Lsqr8x_body,.Lsqr8x_epilogue # HandlerData[] -.align 8 -___ -$code.=<<___ if ($addx); -.LSEH_info_bn_mulx4x_mont: - .byte 9,0,0,0 - .rva sqr_handler - .rva .Lmulx4x_prologue,.Lmulx4x_body,.Lmulx4x_epilogue # HandlerData[] -.align 8 -___ -} - -print $code; -close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/bn/asm/x86_64-mont5.pl b/crypto/bn/asm/x86_64-mont5.pl deleted file mode 100755 index 185d9e76ce23b6b1bc5f3c89cf21b48a785c574c..0000000000000000000000000000000000000000 --- a/crypto/bn/asm/x86_64-mont5.pl +++ /dev/null @@ -1,3769 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2011-2022 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - - -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# ==================================================================== - -# August 2011. -# -# Companion to x86_64-mont.pl that optimizes cache-timing attack -# countermeasures. The subroutines are produced by replacing bp[i] -# references in their x86_64-mont.pl counterparts with cache-neutral -# references to powers table computed in BN_mod_exp_mont_consttime. -# In addition subroutine that scatters elements of the powers table -# is implemented, so that scatter-/gathering can be tuned without -# bn_exp.c modifications. - -# August 2013. -# -# Add MULX/AD*X code paths and additional interfaces to optimize for -# branch prediction unit. For input lengths that are multiples of 8 -# the np argument is not just modulus value, but one interleaved -# with 0. This is to optimize post-condition... - -# $output is the last argument if it looks like a file (it has an extension) -# $flavour is the first argument if it doesn't look like a file -$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; -$flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef; - -$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/); - -$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; -( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or -( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or -die "can't locate x86_64-xlate.pl"; - -open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"" - or die "can't call $xlate: $!"; -*STDOUT=*OUT; - -if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1` - =~ /GNU assembler version ([2-9]\.[0-9]+)/) { - $addx = ($1>=2.23); -} - -if (!$addx && $win64 && ($flavour =~ /nasm/ || $ENV{ASM} =~ /nasm/) && - `nasm -v 2>&1` =~ /NASM version ([2-9]\.[0-9]+)/) { - $addx = ($1>=2.10); -} - -if (!$addx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) && - `ml64 2>&1` =~ /Version ([0-9]+)\./) { - $addx = ($1>=12); -} - -if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:clang|LLVM) version|.*based on LLVM) ([0-9]+)\.([0-9]+)/) { - my $ver = $2 + $3/100.0; # 3.1->3.01, 3.10->3.10 - $addx = ($ver>=3.03); -} - -# int bn_mul_mont_gather5( -$rp="%rdi"; # BN_ULONG *rp, -$ap="%rsi"; # const BN_ULONG *ap, -$bp="%rdx"; # const BN_ULONG *bp, -$np="%rcx"; # const BN_ULONG *np, -$n0="%r8"; # const BN_ULONG *n0, -$num="%r9"; # int num, - # int idx); # 0 to 2^5-1, "index" in $bp holding - # pre-computed powers of a', interlaced - # in such manner that b[0] is $bp[idx], - # b[1] is [2^5+idx], etc. -$lo0="%r10"; -$hi0="%r11"; -$hi1="%r13"; -$i="%r14"; -$j="%r15"; -$m0="%rbx"; -$m1="%rbp"; - -$code=<<___; -.text - -.extern OPENSSL_ia32cap_P - -.globl bn_mul_mont_gather5 -.type bn_mul_mont_gather5,\@function,6 -.align 64 -bn_mul_mont_gather5: -.cfi_startproc - mov ${num}d,${num}d - mov %rsp,%rax -.cfi_def_cfa_register %rax - test \$7,${num}d - jnz .Lmul_enter -___ -$code.=<<___ if ($addx); - mov OPENSSL_ia32cap_P+8(%rip),%r11d -___ -$code.=<<___; - jmp .Lmul4x_enter - -.align 16 -.Lmul_enter: - movd `($win64?56:8)`(%rsp),%xmm5 # load 7th argument - push %rbx -.cfi_push %rbx - push %rbp -.cfi_push %rbp - push %r12 -.cfi_push %r12 - push %r13 -.cfi_push %r13 - push %r14 -.cfi_push %r14 - push %r15 -.cfi_push %r15 - - neg $num - mov %rsp,%r11 - lea -280(%rsp,$num,8),%r10 # future alloca(8*(num+2)+256+8) - neg $num # restore $num - and \$-1024,%r10 # minimize TLB usage - - # An OS-agnostic version of __chkstk. - # - # Some OSes (Windows) insist on stack being "wired" to - # physical memory in strictly sequential manner, i.e. if stack - # allocation spans two pages, then reference to farmost one can - # be punishable by SEGV. But page walking can do good even on - # other OSes, because it guarantees that villain thread hits - # the guard page before it can make damage to innocent one... - sub %r10,%r11 - and \$-4096,%r11 - lea (%r10,%r11),%rsp - mov (%rsp),%r11 - cmp %r10,%rsp - ja .Lmul_page_walk - jmp .Lmul_page_walk_done - -.Lmul_page_walk: - lea -4096(%rsp),%rsp - mov (%rsp),%r11 - cmp %r10,%rsp - ja .Lmul_page_walk -.Lmul_page_walk_done: - - lea .Linc(%rip),%r10 - mov %rax,8(%rsp,$num,8) # tp[num+1]=%rsp -.cfi_cfa_expression %rsp+8,$num,8,mul,plus,deref,+8 -.Lmul_body: - - lea 128($bp),%r12 # reassign $bp (+size optimization) -___ - $bp="%r12"; - $STRIDE=2**5*8; # 5 is "window size" - $N=$STRIDE/4; # should match cache line size -$code.=<<___; - movdqa 0(%r10),%xmm0 # 00000001000000010000000000000000 - movdqa 16(%r10),%xmm1 # 00000002000000020000000200000002 - lea 24-112(%rsp,$num,8),%r10# place the mask after tp[num+3] (+ICache optimization) - and \$-16,%r10 - - pshufd \$0,%xmm5,%xmm5 # broadcast index - movdqa %xmm1,%xmm4 - movdqa %xmm1,%xmm2 -___ -######################################################################## -# calculate mask by comparing 0..31 to index and save result to stack -# -$code.=<<___; - paddd %xmm0,%xmm1 - pcmpeqd %xmm5,%xmm0 # compare to 1,0 - .byte 0x67 - movdqa %xmm4,%xmm3 -___ -for($k=0;$k<$STRIDE/16-4;$k+=4) { -$code.=<<___; - paddd %xmm1,%xmm2 - pcmpeqd %xmm5,%xmm1 # compare to 3,2 - movdqa %xmm0,`16*($k+0)+112`(%r10) - movdqa %xmm4,%xmm0 - - paddd %xmm2,%xmm3 - pcmpeqd %xmm5,%xmm2 # compare to 5,4 - movdqa %xmm1,`16*($k+1)+112`(%r10) - movdqa %xmm4,%xmm1 - - paddd %xmm3,%xmm0 - pcmpeqd %xmm5,%xmm3 # compare to 7,6 - movdqa %xmm2,`16*($k+2)+112`(%r10) - movdqa %xmm4,%xmm2 - - paddd %xmm0,%xmm1 - pcmpeqd %xmm5,%xmm0 - movdqa %xmm3,`16*($k+3)+112`(%r10) - movdqa %xmm4,%xmm3 -___ -} -$code.=<<___; # last iteration can be optimized - paddd %xmm1,%xmm2 - pcmpeqd %xmm5,%xmm1 - movdqa %xmm0,`16*($k+0)+112`(%r10) - - paddd %xmm2,%xmm3 - .byte 0x67 - pcmpeqd %xmm5,%xmm2 - movdqa %xmm1,`16*($k+1)+112`(%r10) - - pcmpeqd %xmm5,%xmm3 - movdqa %xmm2,`16*($k+2)+112`(%r10) - pand `16*($k+0)-128`($bp),%xmm0 # while it's still in register - - pand `16*($k+1)-128`($bp),%xmm1 - pand `16*($k+2)-128`($bp),%xmm2 - movdqa %xmm3,`16*($k+3)+112`(%r10) - pand `16*($k+3)-128`($bp),%xmm3 - por %xmm2,%xmm0 - por %xmm3,%xmm1 -___ -for($k=0;$k<$STRIDE/16-4;$k+=4) { -$code.=<<___; - movdqa `16*($k+0)-128`($bp),%xmm4 - movdqa `16*($k+1)-128`($bp),%xmm5 - movdqa `16*($k+2)-128`($bp),%xmm2 - pand `16*($k+0)+112`(%r10),%xmm4 - movdqa `16*($k+3)-128`($bp),%xmm3 - pand `16*($k+1)+112`(%r10),%xmm5 - por %xmm4,%xmm0 - pand `16*($k+2)+112`(%r10),%xmm2 - por %xmm5,%xmm1 - pand `16*($k+3)+112`(%r10),%xmm3 - por %xmm2,%xmm0 - por %xmm3,%xmm1 -___ -} -$code.=<<___; - por %xmm1,%xmm0 - pshufd \$0x4e,%xmm0,%xmm1 - por %xmm1,%xmm0 - lea $STRIDE($bp),$bp - movq %xmm0,$m0 # m0=bp[0] - - mov ($n0),$n0 # pull n0[0] value - mov ($ap),%rax - - xor $i,$i # i=0 - xor $j,$j # j=0 - - mov $n0,$m1 - mulq $m0 # ap[0]*bp[0] - mov %rax,$lo0 - mov ($np),%rax - - imulq $lo0,$m1 # "tp[0]"*n0 - mov %rdx,$hi0 - - mulq $m1 # np[0]*m1 - add %rax,$lo0 # discarded - mov 8($ap),%rax - adc \$0,%rdx - mov %rdx,$hi1 - - lea 1($j),$j # j++ - jmp .L1st_enter - -.align 16 -.L1st: - add %rax,$hi1 - mov ($ap,$j,8),%rax - adc \$0,%rdx - add $hi0,$hi1 # np[j]*m1+ap[j]*bp[0] - mov $lo0,$hi0 - adc \$0,%rdx - mov $hi1,-16(%rsp,$j,8) # tp[j-1] - mov %rdx,$hi1 - -.L1st_enter: - mulq $m0 # ap[j]*bp[0] - add %rax,$hi0 - mov ($np,$j,8),%rax - adc \$0,%rdx - lea 1($j),$j # j++ - mov %rdx,$lo0 - - mulq $m1 # np[j]*m1 - cmp $num,$j - jne .L1st # note that upon exit $j==$num, so - # they can be used interchangeably - - add %rax,$hi1 - adc \$0,%rdx - add $hi0,$hi1 # np[j]*m1+ap[j]*bp[0] - adc \$0,%rdx - mov $hi1,-16(%rsp,$num,8) # tp[num-1] - mov %rdx,$hi1 - mov $lo0,$hi0 - - xor %rdx,%rdx - add $hi0,$hi1 - adc \$0,%rdx - mov $hi1,-8(%rsp,$num,8) - mov %rdx,(%rsp,$num,8) # store upmost overflow bit - - lea 1($i),$i # i++ - jmp .Louter -.align 16 -.Louter: - lea 24+128(%rsp,$num,8),%rdx # where 256-byte mask is (+size optimization) - and \$-16,%rdx - pxor %xmm4,%xmm4 - pxor %xmm5,%xmm5 -___ -for($k=0;$k<$STRIDE/16;$k+=4) { -$code.=<<___; - movdqa `16*($k+0)-128`($bp),%xmm0 - movdqa `16*($k+1)-128`($bp),%xmm1 - movdqa `16*($k+2)-128`($bp),%xmm2 - movdqa `16*($k+3)-128`($bp),%xmm3 - pand `16*($k+0)-128`(%rdx),%xmm0 - pand `16*($k+1)-128`(%rdx),%xmm1 - por %xmm0,%xmm4 - pand `16*($k+2)-128`(%rdx),%xmm2 - por %xmm1,%xmm5 - pand `16*($k+3)-128`(%rdx),%xmm3 - por %xmm2,%xmm4 - por %xmm3,%xmm5 -___ -} -$code.=<<___; - por %xmm5,%xmm4 - pshufd \$0x4e,%xmm4,%xmm0 - por %xmm4,%xmm0 - lea $STRIDE($bp),$bp - - mov ($ap),%rax # ap[0] - movq %xmm0,$m0 # m0=bp[i] - - xor $j,$j # j=0 - mov $n0,$m1 - mov (%rsp),$lo0 - - mulq $m0 # ap[0]*bp[i] - add %rax,$lo0 # ap[0]*bp[i]+tp[0] - mov ($np),%rax - adc \$0,%rdx - - imulq $lo0,$m1 # tp[0]*n0 - mov %rdx,$hi0 - - mulq $m1 # np[0]*m1 - add %rax,$lo0 # discarded - mov 8($ap),%rax - adc \$0,%rdx - mov 8(%rsp),$lo0 # tp[1] - mov %rdx,$hi1 - - lea 1($j),$j # j++ - jmp .Linner_enter - -.align 16 -.Linner: - add %rax,$hi1 - mov ($ap,$j,8),%rax - adc \$0,%rdx - add $lo0,$hi1 # np[j]*m1+ap[j]*bp[i]+tp[j] - mov (%rsp,$j,8),$lo0 - adc \$0,%rdx - mov $hi1,-16(%rsp,$j,8) # tp[j-1] - mov %rdx,$hi1 - -.Linner_enter: - mulq $m0 # ap[j]*bp[i] - add %rax,$hi0 - mov ($np,$j,8),%rax - adc \$0,%rdx - add $hi0,$lo0 # ap[j]*bp[i]+tp[j] - mov %rdx,$hi0 - adc \$0,$hi0 - lea 1($j),$j # j++ - - mulq $m1 # np[j]*m1 - cmp $num,$j - jne .Linner # note that upon exit $j==$num, so - # they can be used interchangeably - add %rax,$hi1 - adc \$0,%rdx - add $lo0,$hi1 # np[j]*m1+ap[j]*bp[i]+tp[j] - mov (%rsp,$num,8),$lo0 - adc \$0,%rdx - mov $hi1,-16(%rsp,$num,8) # tp[num-1] - mov %rdx,$hi1 - - xor %rdx,%rdx - add $hi0,$hi1 - adc \$0,%rdx - add $lo0,$hi1 # pull upmost overflow bit - adc \$0,%rdx - mov $hi1,-8(%rsp,$num,8) - mov %rdx,(%rsp,$num,8) # store upmost overflow bit - - lea 1($i),$i # i++ - cmp $num,$i - jb .Louter - - xor $i,$i # i=0 and clear CF! - mov (%rsp),%rax # tp[0] - lea (%rsp),$ap # borrow ap for tp - mov $num,$j # j=num - jmp .Lsub -.align 16 -.Lsub: sbb ($np,$i,8),%rax - mov %rax,($rp,$i,8) # rp[i]=tp[i]-np[i] - mov 8($ap,$i,8),%rax # tp[i+1] - lea 1($i),$i # i++ - dec $j # doesn't affect CF! - jnz .Lsub - - sbb \$0,%rax # handle upmost overflow bit - mov \$-1,%rbx - xor %rax,%rbx - xor $i,$i - mov $num,$j # j=num - -.Lcopy: # conditional copy - mov ($rp,$i,8),%rcx - mov (%rsp,$i,8),%rdx - and %rbx,%rcx - and %rax,%rdx - mov $i,(%rsp,$i,8) # zap temporary vector - or %rcx,%rdx - mov %rdx,($rp,$i,8) # rp[i]=tp[i] - lea 1($i),$i - sub \$1,$j - jnz .Lcopy - - mov 8(%rsp,$num,8),%rsi # restore %rsp -.cfi_def_cfa %rsi,8 - mov \$1,%rax - - mov -48(%rsi),%r15 -.cfi_restore %r15 - mov -40(%rsi),%r14 -.cfi_restore %r14 - mov -32(%rsi),%r13 -.cfi_restore %r13 - mov -24(%rsi),%r12 -.cfi_restore %r12 - mov -16(%rsi),%rbp -.cfi_restore %rbp - mov -8(%rsi),%rbx -.cfi_restore %rbx - lea (%rsi),%rsp -.cfi_def_cfa_register %rsp -.Lmul_epilogue: - ret -.cfi_endproc -.size bn_mul_mont_gather5,.-bn_mul_mont_gather5 -___ -{{{ -my @A=("%r10","%r11"); -my @N=("%r13","%rdi"); -$code.=<<___; -.type bn_mul4x_mont_gather5,\@function,6 -.align 32 -bn_mul4x_mont_gather5: -.cfi_startproc - .byte 0x67 - mov %rsp,%rax -.cfi_def_cfa_register %rax -.Lmul4x_enter: -___ -$code.=<<___ if ($addx); - and \$0x80108,%r11d - cmp \$0x80108,%r11d # check for AD*X+BMI2+BMI1 - je .Lmulx4x_enter -___ -$code.=<<___; - push %rbx -.cfi_push %rbx - push %rbp -.cfi_push %rbp - push %r12 -.cfi_push %r12 - push %r13 -.cfi_push %r13 - push %r14 -.cfi_push %r14 - push %r15 -.cfi_push %r15 -.Lmul4x_prologue: - - .byte 0x67 - shl \$3,${num}d # convert $num to bytes - lea ($num,$num,2),%r10 # 3*$num in bytes - neg $num # -$num - - ############################################################## - # Ensure that stack frame doesn't alias with $rptr+3*$num - # modulo 4096, which covers ret[num], am[num] and n[num] - # (see bn_exp.c). This is done to allow memory disambiguation - # logic do its magic. [Extra [num] is allocated in order - # to align with bn_power5's frame, which is cleansed after - # completing exponentiation. Extra 256 bytes is for power mask - # calculated from 7th argument, the index.] - # - lea -320(%rsp,$num,2),%r11 - mov %rsp,%rbp - sub $rp,%r11 - and \$4095,%r11 - cmp %r11,%r10 - jb .Lmul4xsp_alt - sub %r11,%rbp # align with $rp - lea -320(%rbp,$num,2),%rbp # future alloca(frame+2*num*8+256) - jmp .Lmul4xsp_done - -.align 32 -.Lmul4xsp_alt: - lea 4096-320(,$num,2),%r10 - lea -320(%rbp,$num,2),%rbp # future alloca(frame+2*num*8+256) - sub %r10,%r11 - mov \$0,%r10 - cmovc %r10,%r11 - sub %r11,%rbp -.Lmul4xsp_done: - and \$-64,%rbp - mov %rsp,%r11 - sub %rbp,%r11 - and \$-4096,%r11 - lea (%rbp,%r11),%rsp - mov (%rsp),%r10 - cmp %rbp,%rsp - ja .Lmul4x_page_walk - jmp .Lmul4x_page_walk_done - -.Lmul4x_page_walk: - lea -4096(%rsp),%rsp - mov (%rsp),%r10 - cmp %rbp,%rsp - ja .Lmul4x_page_walk -.Lmul4x_page_walk_done: - - neg $num - - mov %rax,40(%rsp) -.cfi_cfa_expression %rsp+40,deref,+8 -.Lmul4x_body: - - call mul4x_internal - - mov 40(%rsp),%rsi # restore %rsp -.cfi_def_cfa %rsi,8 - mov \$1,%rax - - mov -48(%rsi),%r15 -.cfi_restore %r15 - mov -40(%rsi),%r14 -.cfi_restore %r14 - mov -32(%rsi),%r13 -.cfi_restore %r13 - mov -24(%rsi),%r12 -.cfi_restore %r12 - mov -16(%rsi),%rbp -.cfi_restore %rbp - mov -8(%rsi),%rbx -.cfi_restore %rbx - lea (%rsi),%rsp -.cfi_def_cfa_register %rsp -.Lmul4x_epilogue: - ret -.cfi_endproc -.size bn_mul4x_mont_gather5,.-bn_mul4x_mont_gather5 - -.type mul4x_internal,\@abi-omnipotent -.align 32 -mul4x_internal: -.cfi_startproc - shl \$5,$num # $num was in bytes - movd `($win64?56:8)`(%rax),%xmm5 # load 7th argument, index - lea .Linc(%rip),%rax - lea 128(%rdx,$num),%r13 # end of powers table (+size optimization) - shr \$5,$num # restore $num -___ - $bp="%r12"; - $STRIDE=2**5*8; # 5 is "window size" - $N=$STRIDE/4; # should match cache line size - $tp=$i; -$code.=<<___; - movdqa 0(%rax),%xmm0 # 00000001000000010000000000000000 - movdqa 16(%rax),%xmm1 # 00000002000000020000000200000002 - lea 88-112(%rsp,$num),%r10 # place the mask after tp[num+1] (+ICache optimization) - lea 128(%rdx),$bp # size optimization - - pshufd \$0,%xmm5,%xmm5 # broadcast index - movdqa %xmm1,%xmm4 - .byte 0x67,0x67 - movdqa %xmm1,%xmm2 -___ -######################################################################## -# calculate mask by comparing 0..31 to index and save result to stack -# -$code.=<<___; - paddd %xmm0,%xmm1 - pcmpeqd %xmm5,%xmm0 # compare to 1,0 - .byte 0x67 - movdqa %xmm4,%xmm3 -___ -for($i=0;$i<$STRIDE/16-4;$i+=4) { -$code.=<<___; - paddd %xmm1,%xmm2 - pcmpeqd %xmm5,%xmm1 # compare to 3,2 - movdqa %xmm0,`16*($i+0)+112`(%r10) - movdqa %xmm4,%xmm0 - - paddd %xmm2,%xmm3 - pcmpeqd %xmm5,%xmm2 # compare to 5,4 - movdqa %xmm1,`16*($i+1)+112`(%r10) - movdqa %xmm4,%xmm1 - - paddd %xmm3,%xmm0 - pcmpeqd %xmm5,%xmm3 # compare to 7,6 - movdqa %xmm2,`16*($i+2)+112`(%r10) - movdqa %xmm4,%xmm2 - - paddd %xmm0,%xmm1 - pcmpeqd %xmm5,%xmm0 - movdqa %xmm3,`16*($i+3)+112`(%r10) - movdqa %xmm4,%xmm3 -___ -} -$code.=<<___; # last iteration can be optimized - paddd %xmm1,%xmm2 - pcmpeqd %xmm5,%xmm1 - movdqa %xmm0,`16*($i+0)+112`(%r10) - - paddd %xmm2,%xmm3 - .byte 0x67 - pcmpeqd %xmm5,%xmm2 - movdqa %xmm1,`16*($i+1)+112`(%r10) - - pcmpeqd %xmm5,%xmm3 - movdqa %xmm2,`16*($i+2)+112`(%r10) - pand `16*($i+0)-128`($bp),%xmm0 # while it's still in register - - pand `16*($i+1)-128`($bp),%xmm1 - pand `16*($i+2)-128`($bp),%xmm2 - movdqa %xmm3,`16*($i+3)+112`(%r10) - pand `16*($i+3)-128`($bp),%xmm3 - por %xmm2,%xmm0 - por %xmm3,%xmm1 -___ -for($i=0;$i<$STRIDE/16-4;$i+=4) { -$code.=<<___; - movdqa `16*($i+0)-128`($bp),%xmm4 - movdqa `16*($i+1)-128`($bp),%xmm5 - movdqa `16*($i+2)-128`($bp),%xmm2 - pand `16*($i+0)+112`(%r10),%xmm4 - movdqa `16*($i+3)-128`($bp),%xmm3 - pand `16*($i+1)+112`(%r10),%xmm5 - por %xmm4,%xmm0 - pand `16*($i+2)+112`(%r10),%xmm2 - por %xmm5,%xmm1 - pand `16*($i+3)+112`(%r10),%xmm3 - por %xmm2,%xmm0 - por %xmm3,%xmm1 -___ -} -$code.=<<___; - por %xmm1,%xmm0 - pshufd \$0x4e,%xmm0,%xmm1 - por %xmm1,%xmm0 - lea $STRIDE($bp),$bp - movq %xmm0,$m0 # m0=bp[0] - - mov %r13,16+8(%rsp) # save end of b[num] - mov $rp, 56+8(%rsp) # save $rp - - mov ($n0),$n0 # pull n0[0] value - mov ($ap),%rax - lea ($ap,$num),$ap # end of a[num] - neg $num - - mov $n0,$m1 - mulq $m0 # ap[0]*bp[0] - mov %rax,$A[0] - mov ($np),%rax - - imulq $A[0],$m1 # "tp[0]"*n0 - lea 64+8(%rsp),$tp - mov %rdx,$A[1] - - mulq $m1 # np[0]*m1 - add %rax,$A[0] # discarded - mov 8($ap,$num),%rax - adc \$0,%rdx - mov %rdx,$N[1] - - mulq $m0 - add %rax,$A[1] - mov 8*1($np),%rax - adc \$0,%rdx - mov %rdx,$A[0] - - mulq $m1 - add %rax,$N[1] - mov 16($ap,$num),%rax - adc \$0,%rdx - add $A[1],$N[1] - lea 4*8($num),$j # j=4 - lea 8*4($np),$np - adc \$0,%rdx - mov $N[1],($tp) - mov %rdx,$N[0] - jmp .L1st4x - -.align 32 -.L1st4x: - mulq $m0 # ap[j]*bp[0] - add %rax,$A[0] - mov -8*2($np),%rax - lea 32($tp),$tp - adc \$0,%rdx - mov %rdx,$A[1] - - mulq $m1 # np[j]*m1 - add %rax,$N[0] - mov -8($ap,$j),%rax - adc \$0,%rdx - add $A[0],$N[0] # np[j]*m1+ap[j]*bp[0] - adc \$0,%rdx - mov $N[0],-24($tp) # tp[j-1] - mov %rdx,$N[1] - - mulq $m0 # ap[j]*bp[0] - add %rax,$A[1] - mov -8*1($np),%rax - adc \$0,%rdx - mov %rdx,$A[0] - - mulq $m1 # np[j]*m1 - add %rax,$N[1] - mov ($ap,$j),%rax - adc \$0,%rdx - add $A[1],$N[1] # np[j]*m1+ap[j]*bp[0] - adc \$0,%rdx - mov $N[1],-16($tp) # tp[j-1] - mov %rdx,$N[0] - - mulq $m0 # ap[j]*bp[0] - add %rax,$A[0] - mov 8*0($np),%rax - adc \$0,%rdx - mov %rdx,$A[1] - - mulq $m1 # np[j]*m1 - add %rax,$N[0] - mov 8($ap,$j),%rax - adc \$0,%rdx - add $A[0],$N[0] # np[j]*m1+ap[j]*bp[0] - adc \$0,%rdx - mov $N[0],-8($tp) # tp[j-1] - mov %rdx,$N[1] - - mulq $m0 # ap[j]*bp[0] - add %rax,$A[1] - mov 8*1($np),%rax - adc \$0,%rdx - mov %rdx,$A[0] - - mulq $m1 # np[j]*m1 - add %rax,$N[1] - mov 16($ap,$j),%rax - adc \$0,%rdx - add $A[1],$N[1] # np[j]*m1+ap[j]*bp[0] - lea 8*4($np),$np - adc \$0,%rdx - mov $N[1],($tp) # tp[j-1] - mov %rdx,$N[0] - - add \$32,$j # j+=4 - jnz .L1st4x - - mulq $m0 # ap[j]*bp[0] - add %rax,$A[0] - mov -8*2($np),%rax - lea 32($tp),$tp - adc \$0,%rdx - mov %rdx,$A[1] - - mulq $m1 # np[j]*m1 - add %rax,$N[0] - mov -8($ap),%rax - adc \$0,%rdx - add $A[0],$N[0] # np[j]*m1+ap[j]*bp[0] - adc \$0,%rdx - mov $N[0],-24($tp) # tp[j-1] - mov %rdx,$N[1] - - mulq $m0 # ap[j]*bp[0] - add %rax,$A[1] - mov -8*1($np),%rax - adc \$0,%rdx - mov %rdx,$A[0] - - mulq $m1 # np[j]*m1 - add %rax,$N[1] - mov ($ap,$num),%rax # ap[0] - adc \$0,%rdx - add $A[1],$N[1] # np[j]*m1+ap[j]*bp[0] - adc \$0,%rdx - mov $N[1],-16($tp) # tp[j-1] - mov %rdx,$N[0] - - lea ($np,$num),$np # rewind $np - - xor $N[1],$N[1] - add $A[0],$N[0] - adc \$0,$N[1] - mov $N[0],-8($tp) - - jmp .Louter4x - -.align 32 -.Louter4x: - lea 16+128($tp),%rdx # where 256-byte mask is (+size optimization) - pxor %xmm4,%xmm4 - pxor %xmm5,%xmm5 -___ -for($i=0;$i<$STRIDE/16;$i+=4) { -$code.=<<___; - movdqa `16*($i+0)-128`($bp),%xmm0 - movdqa `16*($i+1)-128`($bp),%xmm1 - movdqa `16*($i+2)-128`($bp),%xmm2 - movdqa `16*($i+3)-128`($bp),%xmm3 - pand `16*($i+0)-128`(%rdx),%xmm0 - pand `16*($i+1)-128`(%rdx),%xmm1 - por %xmm0,%xmm4 - pand `16*($i+2)-128`(%rdx),%xmm2 - por %xmm1,%xmm5 - pand `16*($i+3)-128`(%rdx),%xmm3 - por %xmm2,%xmm4 - por %xmm3,%xmm5 -___ -} -$code.=<<___; - por %xmm5,%xmm4 - pshufd \$0x4e,%xmm4,%xmm0 - por %xmm4,%xmm0 - lea $STRIDE($bp),$bp - movq %xmm0,$m0 # m0=bp[i] - - mov ($tp,$num),$A[0] - mov $n0,$m1 - mulq $m0 # ap[0]*bp[i] - add %rax,$A[0] # ap[0]*bp[i]+tp[0] - mov ($np),%rax - adc \$0,%rdx - - imulq $A[0],$m1 # tp[0]*n0 - mov %rdx,$A[1] - mov $N[1],($tp) # store upmost overflow bit - - lea ($tp,$num),$tp # rewind $tp - - mulq $m1 # np[0]*m1 - add %rax,$A[0] # "$N[0]", discarded - mov 8($ap,$num),%rax - adc \$0,%rdx - mov %rdx,$N[1] - - mulq $m0 # ap[j]*bp[i] - add %rax,$A[1] - mov 8*1($np),%rax - adc \$0,%rdx - add 8($tp),$A[1] # +tp[1] - adc \$0,%rdx - mov %rdx,$A[0] - - mulq $m1 # np[j]*m1 - add %rax,$N[1] - mov 16($ap,$num),%rax - adc \$0,%rdx - add $A[1],$N[1] # np[j]*m1+ap[j]*bp[i]+tp[j] - lea 4*8($num),$j # j=4 - lea 8*4($np),$np - adc \$0,%rdx - mov %rdx,$N[0] - jmp .Linner4x - -.align 32 -.Linner4x: - mulq $m0 # ap[j]*bp[i] - add %rax,$A[0] - mov -8*2($np),%rax - adc \$0,%rdx - add 16($tp),$A[0] # ap[j]*bp[i]+tp[j] - lea 32($tp),$tp - adc \$0,%rdx - mov %rdx,$A[1] - - mulq $m1 # np[j]*m1 - add %rax,$N[0] - mov -8($ap,$j),%rax - adc \$0,%rdx - add $A[0],$N[0] - adc \$0,%rdx - mov $N[1],-32($tp) # tp[j-1] - mov %rdx,$N[1] - - mulq $m0 # ap[j]*bp[i] - add %rax,$A[1] - mov -8*1($np),%rax - adc \$0,%rdx - add -8($tp),$A[1] - adc \$0,%rdx - mov %rdx,$A[0] - - mulq $m1 # np[j]*m1 - add %rax,$N[1] - mov ($ap,$j),%rax - adc \$0,%rdx - add $A[1],$N[1] - adc \$0,%rdx - mov $N[0],-24($tp) # tp[j-1] - mov %rdx,$N[0] - - mulq $m0 # ap[j]*bp[i] - add %rax,$A[0] - mov 8*0($np),%rax - adc \$0,%rdx - add ($tp),$A[0] # ap[j]*bp[i]+tp[j] - adc \$0,%rdx - mov %rdx,$A[1] - - mulq $m1 # np[j]*m1 - add %rax,$N[0] - mov 8($ap,$j),%rax - adc \$0,%rdx - add $A[0],$N[0] - adc \$0,%rdx - mov $N[1],-16($tp) # tp[j-1] - mov %rdx,$N[1] - - mulq $m0 # ap[j]*bp[i] - add %rax,$A[1] - mov 8*1($np),%rax - adc \$0,%rdx - add 8($tp),$A[1] - adc \$0,%rdx - mov %rdx,$A[0] - - mulq $m1 # np[j]*m1 - add %rax,$N[1] - mov 16($ap,$j),%rax - adc \$0,%rdx - add $A[1],$N[1] - lea 8*4($np),$np - adc \$0,%rdx - mov $N[0],-8($tp) # tp[j-1] - mov %rdx,$N[0] - - add \$32,$j # j+=4 - jnz .Linner4x - - mulq $m0 # ap[j]*bp[i] - add %rax,$A[0] - mov -8*2($np),%rax - adc \$0,%rdx - add 16($tp),$A[0] # ap[j]*bp[i]+tp[j] - lea 32($tp),$tp - adc \$0,%rdx - mov %rdx,$A[1] - - mulq $m1 # np[j]*m1 - add %rax,$N[0] - mov -8($ap),%rax - adc \$0,%rdx - add $A[0],$N[0] - adc \$0,%rdx - mov $N[1],-32($tp) # tp[j-1] - mov %rdx,$N[1] - - mulq $m0 # ap[j]*bp[i] - add %rax,$A[1] - mov $m1,%rax - mov -8*1($np),$m1 - adc \$0,%rdx - add -8($tp),$A[1] - adc \$0,%rdx - mov %rdx,$A[0] - - mulq $m1 # np[j]*m1 - add %rax,$N[1] - mov ($ap,$num),%rax # ap[0] - adc \$0,%rdx - add $A[1],$N[1] - adc \$0,%rdx - mov $N[0],-24($tp) # tp[j-1] - mov %rdx,$N[0] - - mov $N[1],-16($tp) # tp[j-1] - lea ($np,$num),$np # rewind $np - - xor $N[1],$N[1] - add $A[0],$N[0] - adc \$0,$N[1] - add ($tp),$N[0] # pull upmost overflow bit - adc \$0,$N[1] # upmost overflow bit - mov $N[0],-8($tp) - - cmp 16+8(%rsp),$bp - jb .Louter4x -___ -if (1) { -$code.=<<___; - xor %rax,%rax - sub $N[0],$m1 # compare top-most words - adc $j,$j # $j is zero - or $j,$N[1] - sub $N[1],%rax # %rax=-$N[1] - lea ($tp,$num),%rbx # tptr in .sqr4x_sub - mov ($np),%r12 - lea ($np),%rbp # nptr in .sqr4x_sub - mov %r9,%rcx - sar \$3+2,%rcx - mov 56+8(%rsp),%rdi # rptr in .sqr4x_sub - dec %r12 # so that after 'not' we get -n[0] - xor %r10,%r10 - mov 8*1(%rbp),%r13 - mov 8*2(%rbp),%r14 - mov 8*3(%rbp),%r15 - jmp .Lsqr4x_sub_entry -___ -} else { -my @ri=("%rax",$bp,$m0,$m1); -my $rp="%rdx"; -$code.=<<___ - xor \$1,$N[1] - lea ($tp,$num),$tp # rewind $tp - sar \$5,$num # cf=0 - lea ($np,$N[1],8),$np - mov 56+8(%rsp),$rp # restore $rp - jmp .Lsub4x - -.align 32 -.Lsub4x: - .byte 0x66 - mov 8*0($tp),@ri[0] - mov 8*1($tp),@ri[1] - .byte 0x66 - sbb 16*0($np),@ri[0] - mov 8*2($tp),@ri[2] - sbb 16*1($np),@ri[1] - mov 3*8($tp),@ri[3] - lea 4*8($tp),$tp - sbb 16*2($np),@ri[2] - mov @ri[0],8*0($rp) - sbb 16*3($np),@ri[3] - lea 16*4($np),$np - mov @ri[1],8*1($rp) - mov @ri[2],8*2($rp) - mov @ri[3],8*3($rp) - lea 8*4($rp),$rp - - inc $num - jnz .Lsub4x - - ret -___ -} -$code.=<<___; -.cfi_endproc -.size mul4x_internal,.-mul4x_internal -___ -}}} - {{{ -###################################################################### -# void bn_power5( -my $rptr="%rdi"; # BN_ULONG *rptr, -my $aptr="%rsi"; # const BN_ULONG *aptr, -my $bptr="%rdx"; # const void *table, -my $nptr="%rcx"; # const BN_ULONG *nptr, -my $n0 ="%r8"; # const BN_ULONG *n0); -my $num ="%r9"; # int num, has to be divisible by 8 - # int pwr - -my ($i,$j,$tptr)=("%rbp","%rcx",$rptr); -my @A0=("%r10","%r11"); -my @A1=("%r12","%r13"); -my ($a0,$a1,$ai)=("%r14","%r15","%rbx"); - -$code.=<<___; -.globl bn_power5 -.type bn_power5,\@function,6 -.align 32 -bn_power5: -.cfi_startproc - mov %rsp,%rax -.cfi_def_cfa_register %rax -___ -$code.=<<___ if ($addx); - mov OPENSSL_ia32cap_P+8(%rip),%r11d - and \$0x80108,%r11d - cmp \$0x80108,%r11d # check for AD*X+BMI2+BMI1 - je .Lpowerx5_enter -___ -$code.=<<___; - push %rbx -.cfi_push %rbx - push %rbp -.cfi_push %rbp - push %r12 -.cfi_push %r12 - push %r13 -.cfi_push %r13 - push %r14 -.cfi_push %r14 - push %r15 -.cfi_push %r15 -.Lpower5_prologue: - - shl \$3,${num}d # convert $num to bytes - lea ($num,$num,2),%r10d # 3*$num - neg $num - mov ($n0),$n0 # *n0 - - ############################################################## - # Ensure that stack frame doesn't alias with $rptr+3*$num - # modulo 4096, which covers ret[num], am[num] and n[num] - # (see bn_exp.c). This is done to allow memory disambiguation - # logic do its magic. [Extra 256 bytes is for power mask - # calculated from 7th argument, the index.] - # - lea -320(%rsp,$num,2),%r11 - mov %rsp,%rbp - sub $rptr,%r11 - and \$4095,%r11 - cmp %r11,%r10 - jb .Lpwr_sp_alt - sub %r11,%rbp # align with $aptr - lea -320(%rbp,$num,2),%rbp # future alloca(frame+2*num*8+256) - jmp .Lpwr_sp_done - -.align 32 -.Lpwr_sp_alt: - lea 4096-320(,$num,2),%r10 - lea -320(%rbp,$num,2),%rbp # future alloca(frame+2*num*8+256) - sub %r10,%r11 - mov \$0,%r10 - cmovc %r10,%r11 - sub %r11,%rbp -.Lpwr_sp_done: - and \$-64,%rbp - mov %rsp,%r11 - sub %rbp,%r11 - and \$-4096,%r11 - lea (%rbp,%r11),%rsp - mov (%rsp),%r10 - cmp %rbp,%rsp - ja .Lpwr_page_walk - jmp .Lpwr_page_walk_done - -.Lpwr_page_walk: - lea -4096(%rsp),%rsp - mov (%rsp),%r10 - cmp %rbp,%rsp - ja .Lpwr_page_walk -.Lpwr_page_walk_done: - - mov $num,%r10 - neg $num - - ############################################################## - # Stack layout - # - # +0 saved $num, used in reduction section - # +8 &t[2*$num], used in reduction section - # +32 saved *n0 - # +40 saved %rsp - # +48 t[2*$num] - # - mov $n0, 32(%rsp) - mov %rax, 40(%rsp) # save original %rsp -.cfi_cfa_expression %rsp+40,deref,+8 -.Lpower5_body: - movq $rptr,%xmm1 # save $rptr, used in sqr8x - movq $nptr,%xmm2 # save $nptr - movq %r10, %xmm3 # -$num, used in sqr8x - movq $bptr,%xmm4 - - call __bn_sqr8x_internal - call __bn_post4x_internal - call __bn_sqr8x_internal - call __bn_post4x_internal - call __bn_sqr8x_internal - call __bn_post4x_internal - call __bn_sqr8x_internal - call __bn_post4x_internal - call __bn_sqr8x_internal - call __bn_post4x_internal - - movq %xmm2,$nptr - movq %xmm4,$bptr - mov $aptr,$rptr - mov 40(%rsp),%rax - lea 32(%rsp),$n0 - - call mul4x_internal - - mov 40(%rsp),%rsi # restore %rsp -.cfi_def_cfa %rsi,8 - mov \$1,%rax - mov -48(%rsi),%r15 -.cfi_restore %r15 - mov -40(%rsi),%r14 -.cfi_restore %r14 - mov -32(%rsi),%r13 -.cfi_restore %r13 - mov -24(%rsi),%r12 -.cfi_restore %r12 - mov -16(%rsi),%rbp -.cfi_restore %rbp - mov -8(%rsi),%rbx -.cfi_restore %rbx - lea (%rsi),%rsp -.cfi_def_cfa_register %rsp -.Lpower5_epilogue: - ret -.cfi_endproc -.size bn_power5,.-bn_power5 - -.globl bn_sqr8x_internal -.hidden bn_sqr8x_internal -.type bn_sqr8x_internal,\@abi-omnipotent -.align 32 -bn_sqr8x_internal: -__bn_sqr8x_internal: -.cfi_startproc - ############################################################## - # Squaring part: - # - # a) multiply-n-add everything but a[i]*a[i]; - # b) shift result of a) by 1 to the left and accumulate - # a[i]*a[i] products; - # - ############################################################## - # a[1]a[0] - # a[2]a[0] - # a[3]a[0] - # a[2]a[1] - # a[4]a[0] - # a[3]a[1] - # a[5]a[0] - # a[4]a[1] - # a[3]a[2] - # a[6]a[0] - # a[5]a[1] - # a[4]a[2] - # a[7]a[0] - # a[6]a[1] - # a[5]a[2] - # a[4]a[3] - # a[7]a[1] - # a[6]a[2] - # a[5]a[3] - # a[7]a[2] - # a[6]a[3] - # a[5]a[4] - # a[7]a[3] - # a[6]a[4] - # a[7]a[4] - # a[6]a[5] - # a[7]a[5] - # a[7]a[6] - # a[1]a[0] - # a[2]a[0] - # a[3]a[0] - # a[4]a[0] - # a[5]a[0] - # a[6]a[0] - # a[7]a[0] - # a[2]a[1] - # a[3]a[1] - # a[4]a[1] - # a[5]a[1] - # a[6]a[1] - # a[7]a[1] - # a[3]a[2] - # a[4]a[2] - # a[5]a[2] - # a[6]a[2] - # a[7]a[2] - # a[4]a[3] - # a[5]a[3] - # a[6]a[3] - # a[7]a[3] - # a[5]a[4] - # a[6]a[4] - # a[7]a[4] - # a[6]a[5] - # a[7]a[5] - # a[7]a[6] - # a[0]a[0] - # a[1]a[1] - # a[2]a[2] - # a[3]a[3] - # a[4]a[4] - # a[5]a[5] - # a[6]a[6] - # a[7]a[7] - - lea 32(%r10),$i # $i=-($num-32) - lea ($aptr,$num),$aptr # end of a[] buffer, ($aptr,$i)=&ap[2] - - mov $num,$j # $j=$num - - # comments apply to $num==8 case - mov -32($aptr,$i),$a0 # a[0] - lea 48+8(%rsp,$num,2),$tptr # end of tp[] buffer, &tp[2*$num] - mov -24($aptr,$i),%rax # a[1] - lea -32($tptr,$i),$tptr # end of tp[] window, &tp[2*$num-"$i"] - mov -16($aptr,$i),$ai # a[2] - mov %rax,$a1 - - mul $a0 # a[1]*a[0] - mov %rax,$A0[0] # a[1]*a[0] - mov $ai,%rax # a[2] - mov %rdx,$A0[1] - mov $A0[0],-24($tptr,$i) # t[1] - - mul $a0 # a[2]*a[0] - add %rax,$A0[1] - mov $ai,%rax - adc \$0,%rdx - mov $A0[1],-16($tptr,$i) # t[2] - mov %rdx,$A0[0] - - - mov -8($aptr,$i),$ai # a[3] - mul $a1 # a[2]*a[1] - mov %rax,$A1[0] # a[2]*a[1]+t[3] - mov $ai,%rax - mov %rdx,$A1[1] - - lea ($i),$j - mul $a0 # a[3]*a[0] - add %rax,$A0[0] # a[3]*a[0]+a[2]*a[1]+t[3] - mov $ai,%rax - mov %rdx,$A0[1] - adc \$0,$A0[1] - add $A1[0],$A0[0] - adc \$0,$A0[1] - mov $A0[0],-8($tptr,$j) # t[3] - jmp .Lsqr4x_1st - -.align 32 -.Lsqr4x_1st: - mov ($aptr,$j),$ai # a[4] - mul $a1 # a[3]*a[1] - add %rax,$A1[1] # a[3]*a[1]+t[4] - mov $ai,%rax - mov %rdx,$A1[0] - adc \$0,$A1[0] - - mul $a0 # a[4]*a[0] - add %rax,$A0[1] # a[4]*a[0]+a[3]*a[1]+t[4] - mov $ai,%rax # a[3] - mov 8($aptr,$j),$ai # a[5] - mov %rdx,$A0[0] - adc \$0,$A0[0] - add $A1[1],$A0[1] - adc \$0,$A0[0] - - - mul $a1 # a[4]*a[3] - add %rax,$A1[0] # a[4]*a[3]+t[5] - mov $ai,%rax - mov $A0[1],($tptr,$j) # t[4] - mov %rdx,$A1[1] - adc \$0,$A1[1] - - mul $a0 # a[5]*a[2] - add %rax,$A0[0] # a[5]*a[2]+a[4]*a[3]+t[5] - mov $ai,%rax - mov 16($aptr,$j),$ai # a[6] - mov %rdx,$A0[1] - adc \$0,$A0[1] - add $A1[0],$A0[0] - adc \$0,$A0[1] - - mul $a1 # a[5]*a[3] - add %rax,$A1[1] # a[5]*a[3]+t[6] - mov $ai,%rax - mov $A0[0],8($tptr,$j) # t[5] - mov %rdx,$A1[0] - adc \$0,$A1[0] - - mul $a0 # a[6]*a[2] - add %rax,$A0[1] # a[6]*a[2]+a[5]*a[3]+t[6] - mov $ai,%rax # a[3] - mov 24($aptr,$j),$ai # a[7] - mov %rdx,$A0[0] - adc \$0,$A0[0] - add $A1[1],$A0[1] - adc \$0,$A0[0] - - - mul $a1 # a[6]*a[5] - add %rax,$A1[0] # a[6]*a[5]+t[7] - mov $ai,%rax - mov $A0[1],16($tptr,$j) # t[6] - mov %rdx,$A1[1] - adc \$0,$A1[1] - lea 32($j),$j - - mul $a0 # a[7]*a[4] - add %rax,$A0[0] # a[7]*a[4]+a[6]*a[5]+t[6] - mov $ai,%rax - mov %rdx,$A0[1] - adc \$0,$A0[1] - add $A1[0],$A0[0] - adc \$0,$A0[1] - mov $A0[0],-8($tptr,$j) # t[7] - - cmp \$0,$j - jne .Lsqr4x_1st - - mul $a1 # a[7]*a[5] - add %rax,$A1[1] - lea 16($i),$i - adc \$0,%rdx - add $A0[1],$A1[1] - adc \$0,%rdx - - mov $A1[1],($tptr) # t[8] - mov %rdx,$A1[0] - mov %rdx,8($tptr) # t[9] - jmp .Lsqr4x_outer - -.align 32 -.Lsqr4x_outer: # comments apply to $num==6 case - mov -32($aptr,$i),$a0 # a[0] - lea 48+8(%rsp,$num,2),$tptr # end of tp[] buffer, &tp[2*$num] - mov -24($aptr,$i),%rax # a[1] - lea -32($tptr,$i),$tptr # end of tp[] window, &tp[2*$num-"$i"] - mov -16($aptr,$i),$ai # a[2] - mov %rax,$a1 - - mul $a0 # a[1]*a[0] - mov -24($tptr,$i),$A0[0] # t[1] - add %rax,$A0[0] # a[1]*a[0]+t[1] - mov $ai,%rax # a[2] - adc \$0,%rdx - mov $A0[0],-24($tptr,$i) # t[1] - mov %rdx,$A0[1] - - mul $a0 # a[2]*a[0] - add %rax,$A0[1] - mov $ai,%rax - adc \$0,%rdx - add -16($tptr,$i),$A0[1] # a[2]*a[0]+t[2] - mov %rdx,$A0[0] - adc \$0,$A0[0] - mov $A0[1],-16($tptr,$i) # t[2] - - xor $A1[0],$A1[0] - - mov -8($aptr,$i),$ai # a[3] - mul $a1 # a[2]*a[1] - add %rax,$A1[0] # a[2]*a[1]+t[3] - mov $ai,%rax - adc \$0,%rdx - add -8($tptr,$i),$A1[0] - mov %rdx,$A1[1] - adc \$0,$A1[1] - - mul $a0 # a[3]*a[0] - add %rax,$A0[0] # a[3]*a[0]+a[2]*a[1]+t[3] - mov $ai,%rax - adc \$0,%rdx - add $A1[0],$A0[0] - mov %rdx,$A0[1] - adc \$0,$A0[1] - mov $A0[0],-8($tptr,$i) # t[3] - - lea ($i),$j - jmp .Lsqr4x_inner - -.align 32 -.Lsqr4x_inner: - mov ($aptr,$j),$ai # a[4] - mul $a1 # a[3]*a[1] - add %rax,$A1[1] # a[3]*a[1]+t[4] - mov $ai,%rax - mov %rdx,$A1[0] - adc \$0,$A1[0] - add ($tptr,$j),$A1[1] - adc \$0,$A1[0] - - .byte 0x67 - mul $a0 # a[4]*a[0] - add %rax,$A0[1] # a[4]*a[0]+a[3]*a[1]+t[4] - mov $ai,%rax # a[3] - mov 8($aptr,$j),$ai # a[5] - mov %rdx,$A0[0] - adc \$0,$A0[0] - add $A1[1],$A0[1] - adc \$0,$A0[0] - - mul $a1 # a[4]*a[3] - add %rax,$A1[0] # a[4]*a[3]+t[5] - mov $A0[1],($tptr,$j) # t[4] - mov $ai,%rax - mov %rdx,$A1[1] - adc \$0,$A1[1] - add 8($tptr,$j),$A1[0] - lea 16($j),$j # j++ - adc \$0,$A1[1] - - mul $a0 # a[5]*a[2] - add %rax,$A0[0] # a[5]*a[2]+a[4]*a[3]+t[5] - mov $ai,%rax - adc \$0,%rdx - add $A1[0],$A0[0] - mov %rdx,$A0[1] - adc \$0,$A0[1] - mov $A0[0],-8($tptr,$j) # t[5], "preloaded t[1]" below - - cmp \$0,$j - jne .Lsqr4x_inner - - .byte 0x67 - mul $a1 # a[5]*a[3] - add %rax,$A1[1] - adc \$0,%rdx - add $A0[1],$A1[1] - adc \$0,%rdx - - mov $A1[1],($tptr) # t[6], "preloaded t[2]" below - mov %rdx,$A1[0] - mov %rdx,8($tptr) # t[7], "preloaded t[3]" below - - add \$16,$i - jnz .Lsqr4x_outer - - # comments apply to $num==4 case - mov -32($aptr),$a0 # a[0] - lea 48+8(%rsp,$num,2),$tptr # end of tp[] buffer, &tp[2*$num] - mov -24($aptr),%rax # a[1] - lea -32($tptr,$i),$tptr # end of tp[] window, &tp[2*$num-"$i"] - mov -16($aptr),$ai # a[2] - mov %rax,$a1 - - mul $a0 # a[1]*a[0] - add %rax,$A0[0] # a[1]*a[0]+t[1], preloaded t[1] - mov $ai,%rax # a[2] - mov %rdx,$A0[1] - adc \$0,$A0[1] - - mul $a0 # a[2]*a[0] - add %rax,$A0[1] - mov $ai,%rax - mov $A0[0],-24($tptr) # t[1] - mov %rdx,$A0[0] - adc \$0,$A0[0] - add $A1[1],$A0[1] # a[2]*a[0]+t[2], preloaded t[2] - mov -8($aptr),$ai # a[3] - adc \$0,$A0[0] - - mul $a1 # a[2]*a[1] - add %rax,$A1[0] # a[2]*a[1]+t[3], preloaded t[3] - mov $ai,%rax - mov $A0[1],-16($tptr) # t[2] - mov %rdx,$A1[1] - adc \$0,$A1[1] - - mul $a0 # a[3]*a[0] - add %rax,$A0[0] # a[3]*a[0]+a[2]*a[1]+t[3] - mov $ai,%rax - mov %rdx,$A0[1] - adc \$0,$A0[1] - add $A1[0],$A0[0] - adc \$0,$A0[1] - mov $A0[0],-8($tptr) # t[3] - - mul $a1 # a[3]*a[1] - add %rax,$A1[1] - mov -16($aptr),%rax # a[2] - adc \$0,%rdx - add $A0[1],$A1[1] - adc \$0,%rdx - - mov $A1[1],($tptr) # t[4] - mov %rdx,$A1[0] - mov %rdx,8($tptr) # t[5] - - mul $ai # a[2]*a[3] -___ -{ -my ($shift,$carry)=($a0,$a1); -my @S=(@A1,$ai,$n0); -$code.=<<___; - add \$16,$i - xor $shift,$shift - sub $num,$i # $i=16-$num - xor $carry,$carry - - add $A1[0],%rax # t[5] - adc \$0,%rdx - mov %rax,8($tptr) # t[5] - mov %rdx,16($tptr) # t[6] - mov $carry,24($tptr) # t[7] - - mov -16($aptr,$i),%rax # a[0] - lea 48+8(%rsp),$tptr - xor $A0[0],$A0[0] # t[0] - mov 8($tptr),$A0[1] # t[1] - - lea ($shift,$A0[0],2),$S[0] # t[2*i]<<1 | shift - shr \$63,$A0[0] - lea ($j,$A0[1],2),$S[1] # t[2*i+1]<<1 | - shr \$63,$A0[1] - or $A0[0],$S[1] # | t[2*i]>>63 - mov 16($tptr),$A0[0] # t[2*i+2] # prefetch - mov $A0[1],$shift # shift=t[2*i+1]>>63 - mul %rax # a[i]*a[i] - neg $carry # mov $carry,cf - mov 24($tptr),$A0[1] # t[2*i+2+1] # prefetch - adc %rax,$S[0] - mov -8($aptr,$i),%rax # a[i+1] # prefetch - mov $S[0],($tptr) - adc %rdx,$S[1] - - lea ($shift,$A0[0],2),$S[2] # t[2*i]<<1 | shift - mov $S[1],8($tptr) - sbb $carry,$carry # mov cf,$carry - shr \$63,$A0[0] - lea ($j,$A0[1],2),$S[3] # t[2*i+1]<<1 | - shr \$63,$A0[1] - or $A0[0],$S[3] # | t[2*i]>>63 - mov 32($tptr),$A0[0] # t[2*i+2] # prefetch - mov $A0[1],$shift # shift=t[2*i+1]>>63 - mul %rax # a[i]*a[i] - neg $carry # mov $carry,cf - mov 40($tptr),$A0[1] # t[2*i+2+1] # prefetch - adc %rax,$S[2] - mov 0($aptr,$i),%rax # a[i+1] # prefetch - mov $S[2],16($tptr) - adc %rdx,$S[3] - lea 16($i),$i - mov $S[3],24($tptr) - sbb $carry,$carry # mov cf,$carry - lea 64($tptr),$tptr - jmp .Lsqr4x_shift_n_add - -.align 32 -.Lsqr4x_shift_n_add: - lea ($shift,$A0[0],2),$S[0] # t[2*i]<<1 | shift - shr \$63,$A0[0] - lea ($j,$A0[1],2),$S[1] # t[2*i+1]<<1 | - shr \$63,$A0[1] - or $A0[0],$S[1] # | t[2*i]>>63 - mov -16($tptr),$A0[0] # t[2*i+2] # prefetch - mov $A0[1],$shift # shift=t[2*i+1]>>63 - mul %rax # a[i]*a[i] - neg $carry # mov $carry,cf - mov -8($tptr),$A0[1] # t[2*i+2+1] # prefetch - adc %rax,$S[0] - mov -8($aptr,$i),%rax # a[i+1] # prefetch - mov $S[0],-32($tptr) - adc %rdx,$S[1] - - lea ($shift,$A0[0],2),$S[2] # t[2*i]<<1 | shift - mov $S[1],-24($tptr) - sbb $carry,$carry # mov cf,$carry - shr \$63,$A0[0] - lea ($j,$A0[1],2),$S[3] # t[2*i+1]<<1 | - shr \$63,$A0[1] - or $A0[0],$S[3] # | t[2*i]>>63 - mov 0($tptr),$A0[0] # t[2*i+2] # prefetch - mov $A0[1],$shift # shift=t[2*i+1]>>63 - mul %rax # a[i]*a[i] - neg $carry # mov $carry,cf - mov 8($tptr),$A0[1] # t[2*i+2+1] # prefetch - adc %rax,$S[2] - mov 0($aptr,$i),%rax # a[i+1] # prefetch - mov $S[2],-16($tptr) - adc %rdx,$S[3] - - lea ($shift,$A0[0],2),$S[0] # t[2*i]<<1 | shift - mov $S[3],-8($tptr) - sbb $carry,$carry # mov cf,$carry - shr \$63,$A0[0] - lea ($j,$A0[1],2),$S[1] # t[2*i+1]<<1 | - shr \$63,$A0[1] - or $A0[0],$S[1] # | t[2*i]>>63 - mov 16($tptr),$A0[0] # t[2*i+2] # prefetch - mov $A0[1],$shift # shift=t[2*i+1]>>63 - mul %rax # a[i]*a[i] - neg $carry # mov $carry,cf - mov 24($tptr),$A0[1] # t[2*i+2+1] # prefetch - adc %rax,$S[0] - mov 8($aptr,$i),%rax # a[i+1] # prefetch - mov $S[0],0($tptr) - adc %rdx,$S[1] - - lea ($shift,$A0[0],2),$S[2] # t[2*i]<<1 | shift - mov $S[1],8($tptr) - sbb $carry,$carry # mov cf,$carry - shr \$63,$A0[0] - lea ($j,$A0[1],2),$S[3] # t[2*i+1]<<1 | - shr \$63,$A0[1] - or $A0[0],$S[3] # | t[2*i]>>63 - mov 32($tptr),$A0[0] # t[2*i+2] # prefetch - mov $A0[1],$shift # shift=t[2*i+1]>>63 - mul %rax # a[i]*a[i] - neg $carry # mov $carry,cf - mov 40($tptr),$A0[1] # t[2*i+2+1] # prefetch - adc %rax,$S[2] - mov 16($aptr,$i),%rax # a[i+1] # prefetch - mov $S[2],16($tptr) - adc %rdx,$S[3] - mov $S[3],24($tptr) - sbb $carry,$carry # mov cf,$carry - lea 64($tptr),$tptr - add \$32,$i - jnz .Lsqr4x_shift_n_add - - lea ($shift,$A0[0],2),$S[0] # t[2*i]<<1 | shift - .byte 0x67 - shr \$63,$A0[0] - lea ($j,$A0[1],2),$S[1] # t[2*i+1]<<1 | - shr \$63,$A0[1] - or $A0[0],$S[1] # | t[2*i]>>63 - mov -16($tptr),$A0[0] # t[2*i+2] # prefetch - mov $A0[1],$shift # shift=t[2*i+1]>>63 - mul %rax # a[i]*a[i] - neg $carry # mov $carry,cf - mov -8($tptr),$A0[1] # t[2*i+2+1] # prefetch - adc %rax,$S[0] - mov -8($aptr),%rax # a[i+1] # prefetch - mov $S[0],-32($tptr) - adc %rdx,$S[1] - - lea ($shift,$A0[0],2),$S[2] # t[2*i]<<1|shift - mov $S[1],-24($tptr) - sbb $carry,$carry # mov cf,$carry - shr \$63,$A0[0] - lea ($j,$A0[1],2),$S[3] # t[2*i+1]<<1 | - shr \$63,$A0[1] - or $A0[0],$S[3] # | t[2*i]>>63 - mul %rax # a[i]*a[i] - neg $carry # mov $carry,cf - adc %rax,$S[2] - adc %rdx,$S[3] - mov $S[2],-16($tptr) - mov $S[3],-8($tptr) -___ -} -###################################################################### -# Montgomery reduction part, "word-by-word" algorithm. -# -# This new path is inspired by multiple submissions from Intel, by -# Shay Gueron, Vlad Krasnov, Erdinc Ozturk, James Guilford, -# Vinodh Gopal... -{ -my ($nptr,$tptr,$carry,$m0)=("%rbp","%rdi","%rsi","%rbx"); - -$code.=<<___; - movq %xmm2,$nptr -__bn_sqr8x_reduction: - xor %rax,%rax - lea ($nptr,$num),%rcx # end of n[] - lea 48+8(%rsp,$num,2),%rdx # end of t[] buffer - mov %rcx,0+8(%rsp) - lea 48+8(%rsp,$num),$tptr # end of initial t[] window - mov %rdx,8+8(%rsp) - neg $num - jmp .L8x_reduction_loop - -.align 32 -.L8x_reduction_loop: - lea ($tptr,$num),$tptr # start of current t[] window - .byte 0x66 - mov 8*0($tptr),$m0 - mov 8*1($tptr),%r9 - mov 8*2($tptr),%r10 - mov 8*3($tptr),%r11 - mov 8*4($tptr),%r12 - mov 8*5($tptr),%r13 - mov 8*6($tptr),%r14 - mov 8*7($tptr),%r15 - mov %rax,(%rdx) # store top-most carry bit - lea 8*8($tptr),$tptr - - .byte 0x67 - mov $m0,%r8 - imulq 32+8(%rsp),$m0 # n0*a[0] - mov 8*0($nptr),%rax # n[0] - mov \$8,%ecx - jmp .L8x_reduce - -.align 32 -.L8x_reduce: - mulq $m0 - mov 8*1($nptr),%rax # n[1] - neg %r8 - mov %rdx,%r8 - adc \$0,%r8 - - mulq $m0 - add %rax,%r9 - mov 8*2($nptr),%rax - adc \$0,%rdx - add %r9,%r8 - mov $m0,48-8+8(%rsp,%rcx,8) # put aside n0*a[i] - mov %rdx,%r9 - adc \$0,%r9 - - mulq $m0 - add %rax,%r10 - mov 8*3($nptr),%rax - adc \$0,%rdx - add %r10,%r9 - mov 32+8(%rsp),$carry # pull n0, borrow $carry - mov %rdx,%r10 - adc \$0,%r10 - - mulq $m0 - add %rax,%r11 - mov 8*4($nptr),%rax - adc \$0,%rdx - imulq %r8,$carry # modulo-scheduled - add %r11,%r10 - mov %rdx,%r11 - adc \$0,%r11 - - mulq $m0 - add %rax,%r12 - mov 8*5($nptr),%rax - adc \$0,%rdx - add %r12,%r11 - mov %rdx,%r12 - adc \$0,%r12 - - mulq $m0 - add %rax,%r13 - mov 8*6($nptr),%rax - adc \$0,%rdx - add %r13,%r12 - mov %rdx,%r13 - adc \$0,%r13 - - mulq $m0 - add %rax,%r14 - mov 8*7($nptr),%rax - adc \$0,%rdx - add %r14,%r13 - mov %rdx,%r14 - adc \$0,%r14 - - mulq $m0 - mov $carry,$m0 # n0*a[i] - add %rax,%r15 - mov 8*0($nptr),%rax # n[0] - adc \$0,%rdx - add %r15,%r14 - mov %rdx,%r15 - adc \$0,%r15 - - dec %ecx - jnz .L8x_reduce - - lea 8*8($nptr),$nptr - xor %rax,%rax - mov 8+8(%rsp),%rdx # pull end of t[] - cmp 0+8(%rsp),$nptr # end of n[]? - jae .L8x_no_tail - - .byte 0x66 - add 8*0($tptr),%r8 - adc 8*1($tptr),%r9 - adc 8*2($tptr),%r10 - adc 8*3($tptr),%r11 - adc 8*4($tptr),%r12 - adc 8*5($tptr),%r13 - adc 8*6($tptr),%r14 - adc 8*7($tptr),%r15 - sbb $carry,$carry # top carry - - mov 48+56+8(%rsp),$m0 # pull n0*a[0] - mov \$8,%ecx - mov 8*0($nptr),%rax - jmp .L8x_tail - -.align 32 -.L8x_tail: - mulq $m0 - add %rax,%r8 - mov 8*1($nptr),%rax - mov %r8,($tptr) # save result - mov %rdx,%r8 - adc \$0,%r8 - - mulq $m0 - add %rax,%r9 - mov 8*2($nptr),%rax - adc \$0,%rdx - add %r9,%r8 - lea 8($tptr),$tptr # $tptr++ - mov %rdx,%r9 - adc \$0,%r9 - - mulq $m0 - add %rax,%r10 - mov 8*3($nptr),%rax - adc \$0,%rdx - add %r10,%r9 - mov %rdx,%r10 - adc \$0,%r10 - - mulq $m0 - add %rax,%r11 - mov 8*4($nptr),%rax - adc \$0,%rdx - add %r11,%r10 - mov %rdx,%r11 - adc \$0,%r11 - - mulq $m0 - add %rax,%r12 - mov 8*5($nptr),%rax - adc \$0,%rdx - add %r12,%r11 - mov %rdx,%r12 - adc \$0,%r12 - - mulq $m0 - add %rax,%r13 - mov 8*6($nptr),%rax - adc \$0,%rdx - add %r13,%r12 - mov %rdx,%r13 - adc \$0,%r13 - - mulq $m0 - add %rax,%r14 - mov 8*7($nptr),%rax - adc \$0,%rdx - add %r14,%r13 - mov %rdx,%r14 - adc \$0,%r14 - - mulq $m0 - mov 48-16+8(%rsp,%rcx,8),$m0# pull n0*a[i] - add %rax,%r15 - adc \$0,%rdx - add %r15,%r14 - mov 8*0($nptr),%rax # pull n[0] - mov %rdx,%r15 - adc \$0,%r15 - - dec %ecx - jnz .L8x_tail - - lea 8*8($nptr),$nptr - mov 8+8(%rsp),%rdx # pull end of t[] - cmp 0+8(%rsp),$nptr # end of n[]? - jae .L8x_tail_done # break out of loop - - mov 48+56+8(%rsp),$m0 # pull n0*a[0] - neg $carry - mov 8*0($nptr),%rax # pull n[0] - adc 8*0($tptr),%r8 - adc 8*1($tptr),%r9 - adc 8*2($tptr),%r10 - adc 8*3($tptr),%r11 - adc 8*4($tptr),%r12 - adc 8*5($tptr),%r13 - adc 8*6($tptr),%r14 - adc 8*7($tptr),%r15 - sbb $carry,$carry # top carry - - mov \$8,%ecx - jmp .L8x_tail - -.align 32 -.L8x_tail_done: - xor %rax,%rax - add (%rdx),%r8 # can this overflow? - adc \$0,%r9 - adc \$0,%r10 - adc \$0,%r11 - adc \$0,%r12 - adc \$0,%r13 - adc \$0,%r14 - adc \$0,%r15 - adc \$0,%rax - - neg $carry -.L8x_no_tail: - adc 8*0($tptr),%r8 - adc 8*1($tptr),%r9 - adc 8*2($tptr),%r10 - adc 8*3($tptr),%r11 - adc 8*4($tptr),%r12 - adc 8*5($tptr),%r13 - adc 8*6($tptr),%r14 - adc 8*7($tptr),%r15 - adc \$0,%rax # top-most carry - mov -8($nptr),%rcx # np[num-1] - xor $carry,$carry - - movq %xmm2,$nptr # restore $nptr - - mov %r8,8*0($tptr) # store top 512 bits - mov %r9,8*1($tptr) - movq %xmm3,$num # $num is %r9, can't be moved upwards - mov %r10,8*2($tptr) - mov %r11,8*3($tptr) - mov %r12,8*4($tptr) - mov %r13,8*5($tptr) - mov %r14,8*6($tptr) - mov %r15,8*7($tptr) - lea 8*8($tptr),$tptr - - cmp %rdx,$tptr # end of t[]? - jb .L8x_reduction_loop - ret -.cfi_endproc -.size bn_sqr8x_internal,.-bn_sqr8x_internal -___ -} -############################################################## -# Post-condition, 4x unrolled -# -{ -my ($tptr,$nptr)=("%rbx","%rbp"); -$code.=<<___; -.type __bn_post4x_internal,\@abi-omnipotent -.align 32 -__bn_post4x_internal: -.cfi_startproc - mov 8*0($nptr),%r12 - lea (%rdi,$num),$tptr # %rdi was $tptr above - mov $num,%rcx - movq %xmm1,$rptr # restore $rptr - neg %rax - movq %xmm1,$aptr # prepare for back-to-back call - sar \$3+2,%rcx - dec %r12 # so that after 'not' we get -n[0] - xor %r10,%r10 - mov 8*1($nptr),%r13 - mov 8*2($nptr),%r14 - mov 8*3($nptr),%r15 - jmp .Lsqr4x_sub_entry - -.align 16 -.Lsqr4x_sub: - mov 8*0($nptr),%r12 - mov 8*1($nptr),%r13 - mov 8*2($nptr),%r14 - mov 8*3($nptr),%r15 -.Lsqr4x_sub_entry: - lea 8*4($nptr),$nptr - not %r12 - not %r13 - not %r14 - not %r15 - and %rax,%r12 - and %rax,%r13 - and %rax,%r14 - and %rax,%r15 - - neg %r10 # mov %r10,%cf - adc 8*0($tptr),%r12 - adc 8*1($tptr),%r13 - adc 8*2($tptr),%r14 - adc 8*3($tptr),%r15 - mov %r12,8*0($rptr) - lea 8*4($tptr),$tptr - mov %r13,8*1($rptr) - sbb %r10,%r10 # mov %cf,%r10 - mov %r14,8*2($rptr) - mov %r15,8*3($rptr) - lea 8*4($rptr),$rptr - - inc %rcx # pass %cf - jnz .Lsqr4x_sub - - mov $num,%r10 # prepare for back-to-back call - neg $num # restore $num - ret -.cfi_endproc -.size __bn_post4x_internal,.-__bn_post4x_internal -___ -} -}}} - -if ($addx) {{{ -my $bp="%rdx"; # restore original value - -$code.=<<___; -.type bn_mulx4x_mont_gather5,\@function,6 -.align 32 -bn_mulx4x_mont_gather5: -.cfi_startproc - mov %rsp,%rax -.cfi_def_cfa_register %rax -.Lmulx4x_enter: - push %rbx -.cfi_push %rbx - push %rbp -.cfi_push %rbp - push %r12 -.cfi_push %r12 - push %r13 -.cfi_push %r13 - push %r14 -.cfi_push %r14 - push %r15 -.cfi_push %r15 -.Lmulx4x_prologue: - - shl \$3,${num}d # convert $num to bytes - lea ($num,$num,2),%r10 # 3*$num in bytes - neg $num # -$num - mov ($n0),$n0 # *n0 - - ############################################################## - # Ensure that stack frame doesn't alias with $rptr+3*$num - # modulo 4096, which covers ret[num], am[num] and n[num] - # (see bn_exp.c). This is done to allow memory disambiguation - # logic do its magic. [Extra [num] is allocated in order - # to align with bn_power5's frame, which is cleansed after - # completing exponentiation. Extra 256 bytes is for power mask - # calculated from 7th argument, the index.] - # - lea -320(%rsp,$num,2),%r11 - mov %rsp,%rbp - sub $rp,%r11 - and \$4095,%r11 - cmp %r11,%r10 - jb .Lmulx4xsp_alt - sub %r11,%rbp # align with $aptr - lea -320(%rbp,$num,2),%rbp # future alloca(frame+2*$num*8+256) - jmp .Lmulx4xsp_done - -.Lmulx4xsp_alt: - lea 4096-320(,$num,2),%r10 - lea -320(%rbp,$num,2),%rbp # future alloca(frame+2*$num*8+256) - sub %r10,%r11 - mov \$0,%r10 - cmovc %r10,%r11 - sub %r11,%rbp -.Lmulx4xsp_done: - and \$-64,%rbp # ensure alignment - mov %rsp,%r11 - sub %rbp,%r11 - and \$-4096,%r11 - lea (%rbp,%r11),%rsp - mov (%rsp),%r10 - cmp %rbp,%rsp - ja .Lmulx4x_page_walk - jmp .Lmulx4x_page_walk_done - -.Lmulx4x_page_walk: - lea -4096(%rsp),%rsp - mov (%rsp),%r10 - cmp %rbp,%rsp - ja .Lmulx4x_page_walk -.Lmulx4x_page_walk_done: - - ############################################################## - # Stack layout - # +0 -num - # +8 off-loaded &b[i] - # +16 end of b[num] - # +24 inner counter - # +32 saved n0 - # +40 saved %rsp - # +48 - # +56 saved rp - # +64 tmp[num+1] - # - mov $n0, 32(%rsp) # save *n0 - mov %rax,40(%rsp) # save original %rsp -.cfi_cfa_expression %rsp+40,deref,+8 -.Lmulx4x_body: - call mulx4x_internal - - mov 40(%rsp),%rsi # restore %rsp -.cfi_def_cfa %rsi,8 - mov \$1,%rax - - mov -48(%rsi),%r15 -.cfi_restore %r15 - mov -40(%rsi),%r14 -.cfi_restore %r14 - mov -32(%rsi),%r13 -.cfi_restore %r13 - mov -24(%rsi),%r12 -.cfi_restore %r12 - mov -16(%rsi),%rbp -.cfi_restore %rbp - mov -8(%rsi),%rbx -.cfi_restore %rbx - lea (%rsi),%rsp -.cfi_def_cfa_register %rsp -.Lmulx4x_epilogue: - ret -.cfi_endproc -.size bn_mulx4x_mont_gather5,.-bn_mulx4x_mont_gather5 - -.type mulx4x_internal,\@abi-omnipotent -.align 32 -mulx4x_internal: -.cfi_startproc - mov $num,8(%rsp) # save -$num (it was in bytes) - mov $num,%r10 - neg $num # restore $num - shl \$5,$num - neg %r10 # restore $num - lea 128($bp,$num),%r13 # end of powers table (+size optimization) - shr \$5+5,$num - movd `($win64?56:8)`(%rax),%xmm5 # load 7th argument - sub \$1,$num - lea .Linc(%rip),%rax - mov %r13,16+8(%rsp) # end of b[num] - mov $num,24+8(%rsp) # inner counter - mov $rp, 56+8(%rsp) # save $rp -___ -my ($aptr, $bptr, $nptr, $tptr, $mi, $bi, $zero, $num)= - ("%rsi","%rdi","%rcx","%rbx","%r8","%r9","%rbp","%rax"); -my $rptr=$bptr; -my $STRIDE=2**5*8; # 5 is "window size" -my $N=$STRIDE/4; # should match cache line size -$code.=<<___; - movdqa 0(%rax),%xmm0 # 00000001000000010000000000000000 - movdqa 16(%rax),%xmm1 # 00000002000000020000000200000002 - lea 88-112(%rsp,%r10),%r10 # place the mask after tp[num+1] (+ICache optimization) - lea 128($bp),$bptr # size optimization - - pshufd \$0,%xmm5,%xmm5 # broadcast index - movdqa %xmm1,%xmm4 - .byte 0x67 - movdqa %xmm1,%xmm2 -___ -######################################################################## -# calculate mask by comparing 0..31 to index and save result to stack -# -$code.=<<___; - .byte 0x67 - paddd %xmm0,%xmm1 - pcmpeqd %xmm5,%xmm0 # compare to 1,0 - movdqa %xmm4,%xmm3 -___ -for($i=0;$i<$STRIDE/16-4;$i+=4) { -$code.=<<___; - paddd %xmm1,%xmm2 - pcmpeqd %xmm5,%xmm1 # compare to 3,2 - movdqa %xmm0,`16*($i+0)+112`(%r10) - movdqa %xmm4,%xmm0 - - paddd %xmm2,%xmm3 - pcmpeqd %xmm5,%xmm2 # compare to 5,4 - movdqa %xmm1,`16*($i+1)+112`(%r10) - movdqa %xmm4,%xmm1 - - paddd %xmm3,%xmm0 - pcmpeqd %xmm5,%xmm3 # compare to 7,6 - movdqa %xmm2,`16*($i+2)+112`(%r10) - movdqa %xmm4,%xmm2 - - paddd %xmm0,%xmm1 - pcmpeqd %xmm5,%xmm0 - movdqa %xmm3,`16*($i+3)+112`(%r10) - movdqa %xmm4,%xmm3 -___ -} -$code.=<<___; # last iteration can be optimized - .byte 0x67 - paddd %xmm1,%xmm2 - pcmpeqd %xmm5,%xmm1 - movdqa %xmm0,`16*($i+0)+112`(%r10) - - paddd %xmm2,%xmm3 - pcmpeqd %xmm5,%xmm2 - movdqa %xmm1,`16*($i+1)+112`(%r10) - - pcmpeqd %xmm5,%xmm3 - movdqa %xmm2,`16*($i+2)+112`(%r10) - - pand `16*($i+0)-128`($bptr),%xmm0 # while it's still in register - pand `16*($i+1)-128`($bptr),%xmm1 - pand `16*($i+2)-128`($bptr),%xmm2 - movdqa %xmm3,`16*($i+3)+112`(%r10) - pand `16*($i+3)-128`($bptr),%xmm3 - por %xmm2,%xmm0 - por %xmm3,%xmm1 -___ -for($i=0;$i<$STRIDE/16-4;$i+=4) { -$code.=<<___; - movdqa `16*($i+0)-128`($bptr),%xmm4 - movdqa `16*($i+1)-128`($bptr),%xmm5 - movdqa `16*($i+2)-128`($bptr),%xmm2 - pand `16*($i+0)+112`(%r10),%xmm4 - movdqa `16*($i+3)-128`($bptr),%xmm3 - pand `16*($i+1)+112`(%r10),%xmm5 - por %xmm4,%xmm0 - pand `16*($i+2)+112`(%r10),%xmm2 - por %xmm5,%xmm1 - pand `16*($i+3)+112`(%r10),%xmm3 - por %xmm2,%xmm0 - por %xmm3,%xmm1 -___ -} -$code.=<<___; - pxor %xmm1,%xmm0 - pshufd \$0x4e,%xmm0,%xmm1 - por %xmm1,%xmm0 - lea $STRIDE($bptr),$bptr - movq %xmm0,%rdx # bp[0] - lea 64+8*4+8(%rsp),$tptr - - mov %rdx,$bi - mulx 0*8($aptr),$mi,%rax # a[0]*b[0] - mulx 1*8($aptr),%r11,%r12 # a[1]*b[0] - add %rax,%r11 - mulx 2*8($aptr),%rax,%r13 # ... - adc %rax,%r12 - adc \$0,%r13 - mulx 3*8($aptr),%rax,%r14 - - mov $mi,%r15 - imulq 32+8(%rsp),$mi # "t[0]"*n0 - xor $zero,$zero # cf=0, of=0 - mov $mi,%rdx - - mov $bptr,8+8(%rsp) # off-load &b[i] - - lea 4*8($aptr),$aptr - adcx %rax,%r13 - adcx $zero,%r14 # cf=0 - - mulx 0*8($nptr),%rax,%r10 - adcx %rax,%r15 # discarded - adox %r11,%r10 - mulx 1*8($nptr),%rax,%r11 - adcx %rax,%r10 - adox %r12,%r11 - mulx 2*8($nptr),%rax,%r12 - mov 24+8(%rsp),$bptr # counter value - mov %r10,-8*4($tptr) - adcx %rax,%r11 - adox %r13,%r12 - mulx 3*8($nptr),%rax,%r15 - mov $bi,%rdx - mov %r11,-8*3($tptr) - adcx %rax,%r12 - adox $zero,%r15 # of=0 - lea 4*8($nptr),$nptr - mov %r12,-8*2($tptr) - jmp .Lmulx4x_1st - -.align 32 -.Lmulx4x_1st: - adcx $zero,%r15 # cf=0, modulo-scheduled - mulx 0*8($aptr),%r10,%rax # a[4]*b[0] - adcx %r14,%r10 - mulx 1*8($aptr),%r11,%r14 # a[5]*b[0] - adcx %rax,%r11 - mulx 2*8($aptr),%r12,%rax # ... - adcx %r14,%r12 - mulx 3*8($aptr),%r13,%r14 - .byte 0x67,0x67 - mov $mi,%rdx - adcx %rax,%r13 - adcx $zero,%r14 # cf=0 - lea 4*8($aptr),$aptr - lea 4*8($tptr),$tptr - - adox %r15,%r10 - mulx 0*8($nptr),%rax,%r15 - adcx %rax,%r10 - adox %r15,%r11 - mulx 1*8($nptr),%rax,%r15 - adcx %rax,%r11 - adox %r15,%r12 - mulx 2*8($nptr),%rax,%r15 - mov %r10,-5*8($tptr) - adcx %rax,%r12 - mov %r11,-4*8($tptr) - adox %r15,%r13 - mulx 3*8($nptr),%rax,%r15 - mov $bi,%rdx - mov %r12,-3*8($tptr) - adcx %rax,%r13 - adox $zero,%r15 - lea 4*8($nptr),$nptr - mov %r13,-2*8($tptr) - - dec $bptr # of=0, pass cf - jnz .Lmulx4x_1st - - mov 8(%rsp),$num # load -num - adc $zero,%r15 # modulo-scheduled - lea ($aptr,$num),$aptr # rewind $aptr - add %r15,%r14 - mov 8+8(%rsp),$bptr # re-load &b[i] - adc $zero,$zero # top-most carry - mov %r14,-1*8($tptr) - jmp .Lmulx4x_outer - -.align 32 -.Lmulx4x_outer: - lea 16-256($tptr),%r10 # where 256-byte mask is (+density control) - pxor %xmm4,%xmm4 - .byte 0x67,0x67 - pxor %xmm5,%xmm5 -___ -for($i=0;$i<$STRIDE/16;$i+=4) { -$code.=<<___; - movdqa `16*($i+0)-128`($bptr),%xmm0 - movdqa `16*($i+1)-128`($bptr),%xmm1 - movdqa `16*($i+2)-128`($bptr),%xmm2 - pand `16*($i+0)+256`(%r10),%xmm0 - movdqa `16*($i+3)-128`($bptr),%xmm3 - pand `16*($i+1)+256`(%r10),%xmm1 - por %xmm0,%xmm4 - pand `16*($i+2)+256`(%r10),%xmm2 - por %xmm1,%xmm5 - pand `16*($i+3)+256`(%r10),%xmm3 - por %xmm2,%xmm4 - por %xmm3,%xmm5 -___ -} -$code.=<<___; - por %xmm5,%xmm4 - pshufd \$0x4e,%xmm4,%xmm0 - por %xmm4,%xmm0 - lea $STRIDE($bptr),$bptr - movq %xmm0,%rdx # m0=bp[i] - - mov $zero,($tptr) # save top-most carry - lea 4*8($tptr,$num),$tptr # rewind $tptr - mulx 0*8($aptr),$mi,%r11 # a[0]*b[i] - xor $zero,$zero # cf=0, of=0 - mov %rdx,$bi - mulx 1*8($aptr),%r14,%r12 # a[1]*b[i] - adox -4*8($tptr),$mi # +t[0] - adcx %r14,%r11 - mulx 2*8($aptr),%r15,%r13 # ... - adox -3*8($tptr),%r11 - adcx %r15,%r12 - mulx 3*8($aptr),%rdx,%r14 - adox -2*8($tptr),%r12 - adcx %rdx,%r13 - lea ($nptr,$num),$nptr # rewind $nptr - lea 4*8($aptr),$aptr - adox -1*8($tptr),%r13 - adcx $zero,%r14 - adox $zero,%r14 - - mov $mi,%r15 - imulq 32+8(%rsp),$mi # "t[0]"*n0 - - mov $mi,%rdx - xor $zero,$zero # cf=0, of=0 - mov $bptr,8+8(%rsp) # off-load &b[i] - - mulx 0*8($nptr),%rax,%r10 - adcx %rax,%r15 # discarded - adox %r11,%r10 - mulx 1*8($nptr),%rax,%r11 - adcx %rax,%r10 - adox %r12,%r11 - mulx 2*8($nptr),%rax,%r12 - adcx %rax,%r11 - adox %r13,%r12 - mulx 3*8($nptr),%rax,%r15 - mov $bi,%rdx - mov 24+8(%rsp),$bptr # counter value - mov %r10,-8*4($tptr) - adcx %rax,%r12 - mov %r11,-8*3($tptr) - adox $zero,%r15 # of=0 - mov %r12,-8*2($tptr) - lea 4*8($nptr),$nptr - jmp .Lmulx4x_inner - -.align 32 -.Lmulx4x_inner: - mulx 0*8($aptr),%r10,%rax # a[4]*b[i] - adcx $zero,%r15 # cf=0, modulo-scheduled - adox %r14,%r10 - mulx 1*8($aptr),%r11,%r14 # a[5]*b[i] - adcx 0*8($tptr),%r10 - adox %rax,%r11 - mulx 2*8($aptr),%r12,%rax # ... - adcx 1*8($tptr),%r11 - adox %r14,%r12 - mulx 3*8($aptr),%r13,%r14 - mov $mi,%rdx - adcx 2*8($tptr),%r12 - adox %rax,%r13 - adcx 3*8($tptr),%r13 - adox $zero,%r14 # of=0 - lea 4*8($aptr),$aptr - lea 4*8($tptr),$tptr - adcx $zero,%r14 # cf=0 - - adox %r15,%r10 - mulx 0*8($nptr),%rax,%r15 - adcx %rax,%r10 - adox %r15,%r11 - mulx 1*8($nptr),%rax,%r15 - adcx %rax,%r11 - adox %r15,%r12 - mulx 2*8($nptr),%rax,%r15 - mov %r10,-5*8($tptr) - adcx %rax,%r12 - adox %r15,%r13 - mov %r11,-4*8($tptr) - mulx 3*8($nptr),%rax,%r15 - mov $bi,%rdx - lea 4*8($nptr),$nptr - mov %r12,-3*8($tptr) - adcx %rax,%r13 - adox $zero,%r15 - mov %r13,-2*8($tptr) - - dec $bptr # of=0, pass cf - jnz .Lmulx4x_inner - - mov 0+8(%rsp),$num # load -num - adc $zero,%r15 # modulo-scheduled - sub 0*8($tptr),$bptr # pull top-most carry to %cf - mov 8+8(%rsp),$bptr # re-load &b[i] - mov 16+8(%rsp),%r10 - adc %r15,%r14 - lea ($aptr,$num),$aptr # rewind $aptr - adc $zero,$zero # top-most carry - mov %r14,-1*8($tptr) - - cmp %r10,$bptr - jb .Lmulx4x_outer - - mov -8($nptr),%r10 - mov $zero,%r8 - mov ($nptr,$num),%r12 - lea ($nptr,$num),%rbp # rewind $nptr - mov $num,%rcx - lea ($tptr,$num),%rdi # rewind $tptr - xor %eax,%eax - xor %r15,%r15 - sub %r14,%r10 # compare top-most words - adc %r15,%r15 - or %r15,%r8 - sar \$3+2,%rcx - sub %r8,%rax # %rax=-%r8 - mov 56+8(%rsp),%rdx # restore rp - dec %r12 # so that after 'not' we get -n[0] - mov 8*1(%rbp),%r13 - xor %r8,%r8 - mov 8*2(%rbp),%r14 - mov 8*3(%rbp),%r15 - jmp .Lsqrx4x_sub_entry # common post-condition -.cfi_endproc -.size mulx4x_internal,.-mulx4x_internal -___ -} { -###################################################################### -# void bn_power5( -my $rptr="%rdi"; # BN_ULONG *rptr, -my $aptr="%rsi"; # const BN_ULONG *aptr, -my $bptr="%rdx"; # const void *table, -my $nptr="%rcx"; # const BN_ULONG *nptr, -my $n0 ="%r8"; # const BN_ULONG *n0); -my $num ="%r9"; # int num, has to be divisible by 8 - # int pwr); - -my ($i,$j,$tptr)=("%rbp","%rcx",$rptr); -my @A0=("%r10","%r11"); -my @A1=("%r12","%r13"); -my ($a0,$a1,$ai)=("%r14","%r15","%rbx"); - -$code.=<<___; -.type bn_powerx5,\@function,6 -.align 32 -bn_powerx5: -.cfi_startproc - mov %rsp,%rax -.cfi_def_cfa_register %rax -.Lpowerx5_enter: - push %rbx -.cfi_push %rbx - push %rbp -.cfi_push %rbp - push %r12 -.cfi_push %r12 - push %r13 -.cfi_push %r13 - push %r14 -.cfi_push %r14 - push %r15 -.cfi_push %r15 -.Lpowerx5_prologue: - - shl \$3,${num}d # convert $num to bytes - lea ($num,$num,2),%r10 # 3*$num in bytes - neg $num - mov ($n0),$n0 # *n0 - - ############################################################## - # Ensure that stack frame doesn't alias with $rptr+3*$num - # modulo 4096, which covers ret[num], am[num] and n[num] - # (see bn_exp.c). This is done to allow memory disambiguation - # logic do its magic. [Extra 256 bytes is for power mask - # calculated from 7th argument, the index.] - # - lea -320(%rsp,$num,2),%r11 - mov %rsp,%rbp - sub $rptr,%r11 - and \$4095,%r11 - cmp %r11,%r10 - jb .Lpwrx_sp_alt - sub %r11,%rbp # align with $aptr - lea -320(%rbp,$num,2),%rbp # future alloca(frame+2*$num*8+256) - jmp .Lpwrx_sp_done - -.align 32 -.Lpwrx_sp_alt: - lea 4096-320(,$num,2),%r10 - lea -320(%rbp,$num,2),%rbp # alloca(frame+2*$num*8+256) - sub %r10,%r11 - mov \$0,%r10 - cmovc %r10,%r11 - sub %r11,%rbp -.Lpwrx_sp_done: - and \$-64,%rbp - mov %rsp,%r11 - sub %rbp,%r11 - and \$-4096,%r11 - lea (%rbp,%r11),%rsp - mov (%rsp),%r10 - cmp %rbp,%rsp - ja .Lpwrx_page_walk - jmp .Lpwrx_page_walk_done - -.Lpwrx_page_walk: - lea -4096(%rsp),%rsp - mov (%rsp),%r10 - cmp %rbp,%rsp - ja .Lpwrx_page_walk -.Lpwrx_page_walk_done: - - mov $num,%r10 - neg $num - - ############################################################## - # Stack layout - # - # +0 saved $num, used in reduction section - # +8 &t[2*$num], used in reduction section - # +16 intermediate carry bit - # +24 top-most carry bit, used in reduction section - # +32 saved *n0 - # +40 saved %rsp - # +48 t[2*$num] - # - pxor %xmm0,%xmm0 - movq $rptr,%xmm1 # save $rptr - movq $nptr,%xmm2 # save $nptr - movq %r10, %xmm3 # -$num - movq $bptr,%xmm4 - mov $n0, 32(%rsp) - mov %rax, 40(%rsp) # save original %rsp -.cfi_cfa_expression %rsp+40,deref,+8 -.Lpowerx5_body: - - call __bn_sqrx8x_internal - call __bn_postx4x_internal - call __bn_sqrx8x_internal - call __bn_postx4x_internal - call __bn_sqrx8x_internal - call __bn_postx4x_internal - call __bn_sqrx8x_internal - call __bn_postx4x_internal - call __bn_sqrx8x_internal - call __bn_postx4x_internal - - mov %r10,$num # -num - mov $aptr,$rptr - movq %xmm2,$nptr - movq %xmm4,$bptr - mov 40(%rsp),%rax - - call mulx4x_internal - - mov 40(%rsp),%rsi # restore %rsp -.cfi_def_cfa %rsi,8 - mov \$1,%rax - - mov -48(%rsi),%r15 -.cfi_restore %r15 - mov -40(%rsi),%r14 -.cfi_restore %r14 - mov -32(%rsi),%r13 -.cfi_restore %r13 - mov -24(%rsi),%r12 -.cfi_restore %r12 - mov -16(%rsi),%rbp -.cfi_restore %rbp - mov -8(%rsi),%rbx -.cfi_restore %rbx - lea (%rsi),%rsp -.cfi_def_cfa_register %rsp -.Lpowerx5_epilogue: - ret -.cfi_endproc -.size bn_powerx5,.-bn_powerx5 - -.globl bn_sqrx8x_internal -.hidden bn_sqrx8x_internal -.type bn_sqrx8x_internal,\@abi-omnipotent -.align 32 -bn_sqrx8x_internal: -__bn_sqrx8x_internal: -.cfi_startproc - ################################################################## - # Squaring part: - # - # a) multiply-n-add everything but a[i]*a[i]; - # b) shift result of a) by 1 to the left and accumulate - # a[i]*a[i] products; - # - ################################################################## - # a[7]a[7]a[6]a[6]a[5]a[5]a[4]a[4]a[3]a[3]a[2]a[2]a[1]a[1]a[0]a[0] - # a[1]a[0] - # a[2]a[0] - # a[3]a[0] - # a[2]a[1] - # a[3]a[1] - # a[3]a[2] - # - # a[4]a[0] - # a[5]a[0] - # a[6]a[0] - # a[7]a[0] - # a[4]a[1] - # a[5]a[1] - # a[6]a[1] - # a[7]a[1] - # a[4]a[2] - # a[5]a[2] - # a[6]a[2] - # a[7]a[2] - # a[4]a[3] - # a[5]a[3] - # a[6]a[3] - # a[7]a[3] - # - # a[5]a[4] - # a[6]a[4] - # a[7]a[4] - # a[6]a[5] - # a[7]a[5] - # a[7]a[6] - # a[7]a[7]a[6]a[6]a[5]a[5]a[4]a[4]a[3]a[3]a[2]a[2]a[1]a[1]a[0]a[0] -___ -{ -my ($zero,$carry)=("%rbp","%rcx"); -my $aaptr=$zero; -$code.=<<___; - lea 48+8(%rsp),$tptr - lea ($aptr,$num),$aaptr - mov $num,0+8(%rsp) # save $num - mov $aaptr,8+8(%rsp) # save end of $aptr - jmp .Lsqr8x_zero_start - -.align 32 -.byte 0x66,0x66,0x66,0x2e,0x0f,0x1f,0x84,0x00,0x00,0x00,0x00,0x00 -.Lsqrx8x_zero: - .byte 0x3e - movdqa %xmm0,0*8($tptr) - movdqa %xmm0,2*8($tptr) - movdqa %xmm0,4*8($tptr) - movdqa %xmm0,6*8($tptr) -.Lsqr8x_zero_start: # aligned at 32 - movdqa %xmm0,8*8($tptr) - movdqa %xmm0,10*8($tptr) - movdqa %xmm0,12*8($tptr) - movdqa %xmm0,14*8($tptr) - lea 16*8($tptr),$tptr - sub \$64,$num - jnz .Lsqrx8x_zero - - mov 0*8($aptr),%rdx # a[0], modulo-scheduled - #xor %r9,%r9 # t[1], ex-$num, zero already - xor %r10,%r10 - xor %r11,%r11 - xor %r12,%r12 - xor %r13,%r13 - xor %r14,%r14 - xor %r15,%r15 - lea 48+8(%rsp),$tptr - xor $zero,$zero # cf=0, cf=0 - jmp .Lsqrx8x_outer_loop - -.align 32 -.Lsqrx8x_outer_loop: - mulx 1*8($aptr),%r8,%rax # a[1]*a[0] - adcx %r9,%r8 # a[1]*a[0]+=t[1] - adox %rax,%r10 - mulx 2*8($aptr),%r9,%rax # a[2]*a[0] - adcx %r10,%r9 - adox %rax,%r11 - .byte 0xc4,0xe2,0xab,0xf6,0x86,0x18,0x00,0x00,0x00 # mulx 3*8($aptr),%r10,%rax # ... - adcx %r11,%r10 - adox %rax,%r12 - .byte 0xc4,0xe2,0xa3,0xf6,0x86,0x20,0x00,0x00,0x00 # mulx 4*8($aptr),%r11,%rax - adcx %r12,%r11 - adox %rax,%r13 - mulx 5*8($aptr),%r12,%rax - adcx %r13,%r12 - adox %rax,%r14 - mulx 6*8($aptr),%r13,%rax - adcx %r14,%r13 - adox %r15,%rax - mulx 7*8($aptr),%r14,%r15 - mov 1*8($aptr),%rdx # a[1] - adcx %rax,%r14 - adox $zero,%r15 - adc 8*8($tptr),%r15 - mov %r8,1*8($tptr) # t[1] - mov %r9,2*8($tptr) # t[2] - sbb $carry,$carry # mov %cf,$carry - xor $zero,$zero # cf=0, of=0 - - - mulx 2*8($aptr),%r8,%rbx # a[2]*a[1] - mulx 3*8($aptr),%r9,%rax # a[3]*a[1] - adcx %r10,%r8 - adox %rbx,%r9 - mulx 4*8($aptr),%r10,%rbx # ... - adcx %r11,%r9 - adox %rax,%r10 - .byte 0xc4,0xe2,0xa3,0xf6,0x86,0x28,0x00,0x00,0x00 # mulx 5*8($aptr),%r11,%rax - adcx %r12,%r10 - adox %rbx,%r11 - .byte 0xc4,0xe2,0x9b,0xf6,0x9e,0x30,0x00,0x00,0x00 # mulx 6*8($aptr),%r12,%rbx - adcx %r13,%r11 - adox %r14,%r12 - .byte 0xc4,0x62,0x93,0xf6,0xb6,0x38,0x00,0x00,0x00 # mulx 7*8($aptr),%r13,%r14 - mov 2*8($aptr),%rdx # a[2] - adcx %rax,%r12 - adox %rbx,%r13 - adcx %r15,%r13 - adox $zero,%r14 # of=0 - adcx $zero,%r14 # cf=0 - - mov %r8,3*8($tptr) # t[3] - mov %r9,4*8($tptr) # t[4] - - mulx 3*8($aptr),%r8,%rbx # a[3]*a[2] - mulx 4*8($aptr),%r9,%rax # a[4]*a[2] - adcx %r10,%r8 - adox %rbx,%r9 - mulx 5*8($aptr),%r10,%rbx # ... - adcx %r11,%r9 - adox %rax,%r10 - .byte 0xc4,0xe2,0xa3,0xf6,0x86,0x30,0x00,0x00,0x00 # mulx 6*8($aptr),%r11,%rax - adcx %r12,%r10 - adox %r13,%r11 - .byte 0xc4,0x62,0x9b,0xf6,0xae,0x38,0x00,0x00,0x00 # mulx 7*8($aptr),%r12,%r13 - .byte 0x3e - mov 3*8($aptr),%rdx # a[3] - adcx %rbx,%r11 - adox %rax,%r12 - adcx %r14,%r12 - mov %r8,5*8($tptr) # t[5] - mov %r9,6*8($tptr) # t[6] - mulx 4*8($aptr),%r8,%rax # a[4]*a[3] - adox $zero,%r13 # of=0 - adcx $zero,%r13 # cf=0 - - mulx 5*8($aptr),%r9,%rbx # a[5]*a[3] - adcx %r10,%r8 - adox %rax,%r9 - mulx 6*8($aptr),%r10,%rax # ... - adcx %r11,%r9 - adox %r12,%r10 - mulx 7*8($aptr),%r11,%r12 - mov 4*8($aptr),%rdx # a[4] - mov 5*8($aptr),%r14 # a[5] - adcx %rbx,%r10 - adox %rax,%r11 - mov 6*8($aptr),%r15 # a[6] - adcx %r13,%r11 - adox $zero,%r12 # of=0 - adcx $zero,%r12 # cf=0 - - mov %r8,7*8($tptr) # t[7] - mov %r9,8*8($tptr) # t[8] - - mulx %r14,%r9,%rax # a[5]*a[4] - mov 7*8($aptr),%r8 # a[7] - adcx %r10,%r9 - mulx %r15,%r10,%rbx # a[6]*a[4] - adox %rax,%r10 - adcx %r11,%r10 - mulx %r8,%r11,%rax # a[7]*a[4] - mov %r14,%rdx # a[5] - adox %rbx,%r11 - adcx %r12,%r11 - #adox $zero,%rax # of=0 - adcx $zero,%rax # cf=0 - - mulx %r15,%r14,%rbx # a[6]*a[5] - mulx %r8,%r12,%r13 # a[7]*a[5] - mov %r15,%rdx # a[6] - lea 8*8($aptr),$aptr - adcx %r14,%r11 - adox %rbx,%r12 - adcx %rax,%r12 - adox $zero,%r13 - - .byte 0x67,0x67 - mulx %r8,%r8,%r14 # a[7]*a[6] - adcx %r8,%r13 - adcx $zero,%r14 - - cmp 8+8(%rsp),$aptr - je .Lsqrx8x_outer_break - - neg $carry # mov $carry,%cf - mov \$-8,%rcx - mov $zero,%r15 - mov 8*8($tptr),%r8 - adcx 9*8($tptr),%r9 # +=t[9] - adcx 10*8($tptr),%r10 # ... - adcx 11*8($tptr),%r11 - adc 12*8($tptr),%r12 - adc 13*8($tptr),%r13 - adc 14*8($tptr),%r14 - adc 15*8($tptr),%r15 - lea ($aptr),$aaptr - lea 2*64($tptr),$tptr - sbb %rax,%rax # mov %cf,$carry - - mov -64($aptr),%rdx # a[0] - mov %rax,16+8(%rsp) # offload $carry - mov $tptr,24+8(%rsp) - - #lea 8*8($tptr),$tptr # see 2*8*8($tptr) above - xor %eax,%eax # cf=0, of=0 - jmp .Lsqrx8x_loop - -.align 32 -.Lsqrx8x_loop: - mov %r8,%rbx - mulx 0*8($aaptr),%rax,%r8 # a[8]*a[i] - adcx %rax,%rbx # +=t[8] - adox %r9,%r8 - - mulx 1*8($aaptr),%rax,%r9 # ... - adcx %rax,%r8 - adox %r10,%r9 - - mulx 2*8($aaptr),%rax,%r10 - adcx %rax,%r9 - adox %r11,%r10 - - mulx 3*8($aaptr),%rax,%r11 - adcx %rax,%r10 - adox %r12,%r11 - - .byte 0xc4,0x62,0xfb,0xf6,0xa5,0x20,0x00,0x00,0x00 # mulx 4*8($aaptr),%rax,%r12 - adcx %rax,%r11 - adox %r13,%r12 - - mulx 5*8($aaptr),%rax,%r13 - adcx %rax,%r12 - adox %r14,%r13 - - mulx 6*8($aaptr),%rax,%r14 - mov %rbx,($tptr,%rcx,8) # store t[8+i] - mov \$0,%ebx - adcx %rax,%r13 - adox %r15,%r14 - - .byte 0xc4,0x62,0xfb,0xf6,0xbd,0x38,0x00,0x00,0x00 # mulx 7*8($aaptr),%rax,%r15 - mov 8($aptr,%rcx,8),%rdx # a[i] - adcx %rax,%r14 - adox %rbx,%r15 # %rbx is 0, of=0 - adcx %rbx,%r15 # cf=0 - - .byte 0x67 - inc %rcx # of=0 - jnz .Lsqrx8x_loop - - lea 8*8($aaptr),$aaptr - mov \$-8,%rcx - cmp 8+8(%rsp),$aaptr # done? - je .Lsqrx8x_break - - sub 16+8(%rsp),%rbx # mov 16(%rsp),%cf - .byte 0x66 - mov -64($aptr),%rdx - adcx 0*8($tptr),%r8 - adcx 1*8($tptr),%r9 - adc 2*8($tptr),%r10 - adc 3*8($tptr),%r11 - adc 4*8($tptr),%r12 - adc 5*8($tptr),%r13 - adc 6*8($tptr),%r14 - adc 7*8($tptr),%r15 - lea 8*8($tptr),$tptr - .byte 0x67 - sbb %rax,%rax # mov %cf,%rax - xor %ebx,%ebx # cf=0, of=0 - mov %rax,16+8(%rsp) # offload carry - jmp .Lsqrx8x_loop - -.align 32 -.Lsqrx8x_break: - xor $zero,$zero - sub 16+8(%rsp),%rbx # mov 16(%rsp),%cf - adcx $zero,%r8 - mov 24+8(%rsp),$carry # initial $tptr, borrow $carry - adcx $zero,%r9 - mov 0*8($aptr),%rdx # a[8], modulo-scheduled - adc \$0,%r10 - mov %r8,0*8($tptr) - adc \$0,%r11 - adc \$0,%r12 - adc \$0,%r13 - adc \$0,%r14 - adc \$0,%r15 - cmp $carry,$tptr # cf=0, of=0 - je .Lsqrx8x_outer_loop - - mov %r9,1*8($tptr) - mov 1*8($carry),%r9 - mov %r10,2*8($tptr) - mov 2*8($carry),%r10 - mov %r11,3*8($tptr) - mov 3*8($carry),%r11 - mov %r12,4*8($tptr) - mov 4*8($carry),%r12 - mov %r13,5*8($tptr) - mov 5*8($carry),%r13 - mov %r14,6*8($tptr) - mov 6*8($carry),%r14 - mov %r15,7*8($tptr) - mov 7*8($carry),%r15 - mov $carry,$tptr - jmp .Lsqrx8x_outer_loop - -.align 32 -.Lsqrx8x_outer_break: - mov %r9,9*8($tptr) # t[9] - movq %xmm3,%rcx # -$num - mov %r10,10*8($tptr) # ... - mov %r11,11*8($tptr) - mov %r12,12*8($tptr) - mov %r13,13*8($tptr) - mov %r14,14*8($tptr) -___ -} { -my $i="%rcx"; -$code.=<<___; - lea 48+8(%rsp),$tptr - mov ($aptr,$i),%rdx # a[0] - - mov 8($tptr),$A0[1] # t[1] - xor $A0[0],$A0[0] # t[0], of=0, cf=0 - mov 0+8(%rsp),$num # restore $num - adox $A0[1],$A0[1] - mov 16($tptr),$A1[0] # t[2] # prefetch - mov 24($tptr),$A1[1] # t[3] # prefetch - #jmp .Lsqrx4x_shift_n_add # happens to be aligned - -.align 32 -.Lsqrx4x_shift_n_add: - mulx %rdx,%rax,%rbx - adox $A1[0],$A1[0] - adcx $A0[0],%rax - .byte 0x48,0x8b,0x94,0x0e,0x08,0x00,0x00,0x00 # mov 8($aptr,$i),%rdx # a[i+1] # prefetch - .byte 0x4c,0x8b,0x97,0x20,0x00,0x00,0x00 # mov 32($tptr),$A0[0] # t[2*i+4] # prefetch - adox $A1[1],$A1[1] - adcx $A0[1],%rbx - mov 40($tptr),$A0[1] # t[2*i+4+1] # prefetch - mov %rax,0($tptr) - mov %rbx,8($tptr) - - mulx %rdx,%rax,%rbx - adox $A0[0],$A0[0] - adcx $A1[0],%rax - mov 16($aptr,$i),%rdx # a[i+2] # prefetch - mov 48($tptr),$A1[0] # t[2*i+6] # prefetch - adox $A0[1],$A0[1] - adcx $A1[1],%rbx - mov 56($tptr),$A1[1] # t[2*i+6+1] # prefetch - mov %rax,16($tptr) - mov %rbx,24($tptr) - - mulx %rdx,%rax,%rbx - adox $A1[0],$A1[0] - adcx $A0[0],%rax - mov 24($aptr,$i),%rdx # a[i+3] # prefetch - lea 32($i),$i - mov 64($tptr),$A0[0] # t[2*i+8] # prefetch - adox $A1[1],$A1[1] - adcx $A0[1],%rbx - mov 72($tptr),$A0[1] # t[2*i+8+1] # prefetch - mov %rax,32($tptr) - mov %rbx,40($tptr) - - mulx %rdx,%rax,%rbx - adox $A0[0],$A0[0] - adcx $A1[0],%rax - jrcxz .Lsqrx4x_shift_n_add_break - .byte 0x48,0x8b,0x94,0x0e,0x00,0x00,0x00,0x00 # mov 0($aptr,$i),%rdx # a[i+4] # prefetch - adox $A0[1],$A0[1] - adcx $A1[1],%rbx - mov 80($tptr),$A1[0] # t[2*i+10] # prefetch - mov 88($tptr),$A1[1] # t[2*i+10+1] # prefetch - mov %rax,48($tptr) - mov %rbx,56($tptr) - lea 64($tptr),$tptr - nop - jmp .Lsqrx4x_shift_n_add - -.align 32 -.Lsqrx4x_shift_n_add_break: - adcx $A1[1],%rbx - mov %rax,48($tptr) - mov %rbx,56($tptr) - lea 64($tptr),$tptr # end of t[] buffer -___ -} -###################################################################### -# Montgomery reduction part, "word-by-word" algorithm. -# -# This new path is inspired by multiple submissions from Intel, by -# Shay Gueron, Vlad Krasnov, Erdinc Ozturk, James Guilford, -# Vinodh Gopal... -{ -my ($nptr,$carry,$m0)=("%rbp","%rsi","%rdx"); - -$code.=<<___; - movq %xmm2,$nptr -__bn_sqrx8x_reduction: - xor %eax,%eax # initial top-most carry bit - mov 32+8(%rsp),%rbx # n0 - mov 48+8(%rsp),%rdx # "%r8", 8*0($tptr) - lea -8*8($nptr,$num),%rcx # end of n[] - #lea 48+8(%rsp,$num,2),$tptr # end of t[] buffer - mov %rcx, 0+8(%rsp) # save end of n[] - mov $tptr,8+8(%rsp) # save end of t[] - - lea 48+8(%rsp),$tptr # initial t[] window - jmp .Lsqrx8x_reduction_loop - -.align 32 -.Lsqrx8x_reduction_loop: - mov 8*1($tptr),%r9 - mov 8*2($tptr),%r10 - mov 8*3($tptr),%r11 - mov 8*4($tptr),%r12 - mov %rdx,%r8 - imulq %rbx,%rdx # n0*a[i] - mov 8*5($tptr),%r13 - mov 8*6($tptr),%r14 - mov 8*7($tptr),%r15 - mov %rax,24+8(%rsp) # store top-most carry bit - - lea 8*8($tptr),$tptr - xor $carry,$carry # cf=0,of=0 - mov \$-8,%rcx - jmp .Lsqrx8x_reduce - -.align 32 -.Lsqrx8x_reduce: - mov %r8, %rbx - mulx 8*0($nptr),%rax,%r8 # n[0] - adcx %rbx,%rax # discarded - adox %r9,%r8 - - mulx 8*1($nptr),%rbx,%r9 # n[1] - adcx %rbx,%r8 - adox %r10,%r9 - - mulx 8*2($nptr),%rbx,%r10 - adcx %rbx,%r9 - adox %r11,%r10 - - mulx 8*3($nptr),%rbx,%r11 - adcx %rbx,%r10 - adox %r12,%r11 - - .byte 0xc4,0x62,0xe3,0xf6,0xa5,0x20,0x00,0x00,0x00 # mulx 8*4($nptr),%rbx,%r12 - mov %rdx,%rax - mov %r8,%rdx - adcx %rbx,%r11 - adox %r13,%r12 - - mulx 32+8(%rsp),%rbx,%rdx # %rdx discarded - mov %rax,%rdx - mov %rax,64+48+8(%rsp,%rcx,8) # put aside n0*a[i] - - mulx 8*5($nptr),%rax,%r13 - adcx %rax,%r12 - adox %r14,%r13 - - mulx 8*6($nptr),%rax,%r14 - adcx %rax,%r13 - adox %r15,%r14 - - mulx 8*7($nptr),%rax,%r15 - mov %rbx,%rdx - adcx %rax,%r14 - adox $carry,%r15 # $carry is 0 - adcx $carry,%r15 # cf=0 - - .byte 0x67,0x67,0x67 - inc %rcx # of=0 - jnz .Lsqrx8x_reduce - - mov $carry,%rax # xor %rax,%rax - cmp 0+8(%rsp),$nptr # end of n[]? - jae .Lsqrx8x_no_tail - - mov 48+8(%rsp),%rdx # pull n0*a[0] - add 8*0($tptr),%r8 - lea 8*8($nptr),$nptr - mov \$-8,%rcx - adcx 8*1($tptr),%r9 - adcx 8*2($tptr),%r10 - adc 8*3($tptr),%r11 - adc 8*4($tptr),%r12 - adc 8*5($tptr),%r13 - adc 8*6($tptr),%r14 - adc 8*7($tptr),%r15 - lea 8*8($tptr),$tptr - sbb %rax,%rax # top carry - - xor $carry,$carry # of=0, cf=0 - mov %rax,16+8(%rsp) - jmp .Lsqrx8x_tail - -.align 32 -.Lsqrx8x_tail: - mov %r8,%rbx - mulx 8*0($nptr),%rax,%r8 - adcx %rax,%rbx - adox %r9,%r8 - - mulx 8*1($nptr),%rax,%r9 - adcx %rax,%r8 - adox %r10,%r9 - - mulx 8*2($nptr),%rax,%r10 - adcx %rax,%r9 - adox %r11,%r10 - - mulx 8*3($nptr),%rax,%r11 - adcx %rax,%r10 - adox %r12,%r11 - - .byte 0xc4,0x62,0xfb,0xf6,0xa5,0x20,0x00,0x00,0x00 # mulx 8*4($nptr),%rax,%r12 - adcx %rax,%r11 - adox %r13,%r12 - - mulx 8*5($nptr),%rax,%r13 - adcx %rax,%r12 - adox %r14,%r13 - - mulx 8*6($nptr),%rax,%r14 - adcx %rax,%r13 - adox %r15,%r14 - - mulx 8*7($nptr),%rax,%r15 - mov 72+48+8(%rsp,%rcx,8),%rdx # pull n0*a[i] - adcx %rax,%r14 - adox $carry,%r15 - mov %rbx,($tptr,%rcx,8) # save result - mov %r8,%rbx - adcx $carry,%r15 # cf=0 - - inc %rcx # of=0 - jnz .Lsqrx8x_tail - - cmp 0+8(%rsp),$nptr # end of n[]? - jae .Lsqrx8x_tail_done # break out of loop - - sub 16+8(%rsp),$carry # mov 16(%rsp),%cf - mov 48+8(%rsp),%rdx # pull n0*a[0] - lea 8*8($nptr),$nptr - adc 8*0($tptr),%r8 - adc 8*1($tptr),%r9 - adc 8*2($tptr),%r10 - adc 8*3($tptr),%r11 - adc 8*4($tptr),%r12 - adc 8*5($tptr),%r13 - adc 8*6($tptr),%r14 - adc 8*7($tptr),%r15 - lea 8*8($tptr),$tptr - sbb %rax,%rax - sub \$8,%rcx # mov \$-8,%rcx - - xor $carry,$carry # of=0, cf=0 - mov %rax,16+8(%rsp) - jmp .Lsqrx8x_tail - -.align 32 -.Lsqrx8x_tail_done: - xor %rax,%rax - add 24+8(%rsp),%r8 # can this overflow? - adc \$0,%r9 - adc \$0,%r10 - adc \$0,%r11 - adc \$0,%r12 - adc \$0,%r13 - adc \$0,%r14 - adc \$0,%r15 - adc \$0,%rax - - sub 16+8(%rsp),$carry # mov 16(%rsp),%cf -.Lsqrx8x_no_tail: # %cf is 0 if jumped here - adc 8*0($tptr),%r8 - movq %xmm3,%rcx - adc 8*1($tptr),%r9 - mov 8*7($nptr),$carry - movq %xmm2,$nptr # restore $nptr - adc 8*2($tptr),%r10 - adc 8*3($tptr),%r11 - adc 8*4($tptr),%r12 - adc 8*5($tptr),%r13 - adc 8*6($tptr),%r14 - adc 8*7($tptr),%r15 - adc \$0,%rax # top-most carry - - mov 32+8(%rsp),%rbx # n0 - mov 8*8($tptr,%rcx),%rdx # modulo-scheduled "%r8" - - mov %r8,8*0($tptr) # store top 512 bits - lea 8*8($tptr),%r8 # borrow %r8 - mov %r9,8*1($tptr) - mov %r10,8*2($tptr) - mov %r11,8*3($tptr) - mov %r12,8*4($tptr) - mov %r13,8*5($tptr) - mov %r14,8*6($tptr) - mov %r15,8*7($tptr) - - lea 8*8($tptr,%rcx),$tptr # start of current t[] window - cmp 8+8(%rsp),%r8 # end of t[]? - jb .Lsqrx8x_reduction_loop - ret -.cfi_endproc -.size bn_sqrx8x_internal,.-bn_sqrx8x_internal -___ -} -############################################################## -# Post-condition, 4x unrolled -# -{ -my ($rptr,$nptr)=("%rdx","%rbp"); -$code.=<<___; -.align 32 -__bn_postx4x_internal: -.cfi_startproc - mov 8*0($nptr),%r12 - mov %rcx,%r10 # -$num - mov %rcx,%r9 # -$num - neg %rax - sar \$3+2,%rcx - #lea 48+8(%rsp,%r9),$tptr - movq %xmm1,$rptr # restore $rptr - movq %xmm1,$aptr # prepare for back-to-back call - dec %r12 # so that after 'not' we get -n[0] - mov 8*1($nptr),%r13 - xor %r8,%r8 - mov 8*2($nptr),%r14 - mov 8*3($nptr),%r15 - jmp .Lsqrx4x_sub_entry - -.align 16 -.Lsqrx4x_sub: - mov 8*0($nptr),%r12 - mov 8*1($nptr),%r13 - mov 8*2($nptr),%r14 - mov 8*3($nptr),%r15 -.Lsqrx4x_sub_entry: - andn %rax,%r12,%r12 - lea 8*4($nptr),$nptr - andn %rax,%r13,%r13 - andn %rax,%r14,%r14 - andn %rax,%r15,%r15 - - neg %r8 # mov %r8,%cf - adc 8*0($tptr),%r12 - adc 8*1($tptr),%r13 - adc 8*2($tptr),%r14 - adc 8*3($tptr),%r15 - mov %r12,8*0($rptr) - lea 8*4($tptr),$tptr - mov %r13,8*1($rptr) - sbb %r8,%r8 # mov %cf,%r8 - mov %r14,8*2($rptr) - mov %r15,8*3($rptr) - lea 8*4($rptr),$rptr - - inc %rcx - jnz .Lsqrx4x_sub - - neg %r9 # restore $num - - ret -.cfi_endproc -.size __bn_postx4x_internal,.-__bn_postx4x_internal -___ -} -}}} -{ -my ($inp,$num,$tbl,$idx)=$win64?("%rcx","%edx","%r8", "%r9d") : # Win64 order - ("%rdi","%esi","%rdx","%ecx"); # Unix order -my $out=$inp; -my $STRIDE=2**5*8; -my $N=$STRIDE/4; - -$code.=<<___; -.globl bn_get_bits5 -.type bn_get_bits5,\@abi-omnipotent -.align 16 -bn_get_bits5: -.cfi_startproc - lea 0($inp),%r10 - lea 1($inp),%r11 - mov $num,%ecx - shr \$4,$num - and \$15,%ecx - lea -8(%ecx),%eax - cmp \$11,%ecx - cmova %r11,%r10 - cmova %eax,%ecx - movzw (%r10,$num,2),%eax - shrl %cl,%eax - and \$31,%eax - ret -.cfi_endproc -.size bn_get_bits5,.-bn_get_bits5 - -.globl bn_scatter5 -.type bn_scatter5,\@abi-omnipotent -.align 16 -bn_scatter5: -.cfi_startproc - cmp \$0, $num - jz .Lscatter_epilogue - lea ($tbl,$idx,8),$tbl -.Lscatter: - mov ($inp),%rax - lea 8($inp),$inp - mov %rax,($tbl) - lea 32*8($tbl),$tbl - sub \$1,$num - jnz .Lscatter -.Lscatter_epilogue: - ret -.cfi_endproc -.size bn_scatter5,.-bn_scatter5 - -.globl bn_gather5 -.type bn_gather5,\@abi-omnipotent -.align 32 -bn_gather5: -.LSEH_begin_bn_gather5: # Win64 thing, but harmless in other cases -.cfi_startproc - # I can't trust assembler to use specific encoding:-( - .byte 0x4c,0x8d,0x14,0x24 #lea (%rsp),%r10 - .byte 0x48,0x81,0xec,0x08,0x01,0x00,0x00 #sub $0x108,%rsp - lea .Linc(%rip),%rax - and \$-16,%rsp # shouldn't be formally required - - movd $idx,%xmm5 - movdqa 0(%rax),%xmm0 # 00000001000000010000000000000000 - movdqa 16(%rax),%xmm1 # 00000002000000020000000200000002 - lea 128($tbl),%r11 # size optimization - lea 128(%rsp),%rax # size optimization - - pshufd \$0,%xmm5,%xmm5 # broadcast $idx - movdqa %xmm1,%xmm4 - movdqa %xmm1,%xmm2 -___ -######################################################################## -# calculate mask by comparing 0..31 to $idx and save result to stack -# -for($i=0;$i<$STRIDE/16;$i+=4) { -$code.=<<___; - paddd %xmm0,%xmm1 - pcmpeqd %xmm5,%xmm0 # compare to 1,0 -___ -$code.=<<___ if ($i); - movdqa %xmm3,`16*($i-1)-128`(%rax) -___ -$code.=<<___; - movdqa %xmm4,%xmm3 - - paddd %xmm1,%xmm2 - pcmpeqd %xmm5,%xmm1 # compare to 3,2 - movdqa %xmm0,`16*($i+0)-128`(%rax) - movdqa %xmm4,%xmm0 - - paddd %xmm2,%xmm3 - pcmpeqd %xmm5,%xmm2 # compare to 5,4 - movdqa %xmm1,`16*($i+1)-128`(%rax) - movdqa %xmm4,%xmm1 - - paddd %xmm3,%xmm0 - pcmpeqd %xmm5,%xmm3 # compare to 7,6 - movdqa %xmm2,`16*($i+2)-128`(%rax) - movdqa %xmm4,%xmm2 -___ -} -$code.=<<___; - movdqa %xmm3,`16*($i-1)-128`(%rax) - jmp .Lgather - -.align 32 -.Lgather: - pxor %xmm4,%xmm4 - pxor %xmm5,%xmm5 -___ -for($i=0;$i<$STRIDE/16;$i+=4) { -$code.=<<___; - movdqa `16*($i+0)-128`(%r11),%xmm0 - movdqa `16*($i+1)-128`(%r11),%xmm1 - movdqa `16*($i+2)-128`(%r11),%xmm2 - pand `16*($i+0)-128`(%rax),%xmm0 - movdqa `16*($i+3)-128`(%r11),%xmm3 - pand `16*($i+1)-128`(%rax),%xmm1 - por %xmm0,%xmm4 - pand `16*($i+2)-128`(%rax),%xmm2 - por %xmm1,%xmm5 - pand `16*($i+3)-128`(%rax),%xmm3 - por %xmm2,%xmm4 - por %xmm3,%xmm5 -___ -} -$code.=<<___; - por %xmm5,%xmm4 - lea $STRIDE(%r11),%r11 - pshufd \$0x4e,%xmm4,%xmm0 - por %xmm4,%xmm0 - movq %xmm0,($out) # m0=bp[0] - lea 8($out),$out - sub \$1,$num - jnz .Lgather - - lea (%r10),%rsp - ret -.LSEH_end_bn_gather5: -.cfi_endproc -.size bn_gather5,.-bn_gather5 -___ -} -$code.=<<___; -.align 64 -.Linc: - .long 0,0, 1,1 - .long 2,2, 2,2 -.asciz "Montgomery Multiplication with scatter/gather for x86_64, CRYPTOGAMS by " -___ - -# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame, -# CONTEXT *context,DISPATCHER_CONTEXT *disp) -if ($win64) { -$rec="%rcx"; -$frame="%rdx"; -$context="%r8"; -$disp="%r9"; - -$code.=<<___; -.extern __imp_RtlVirtualUnwind -.type mul_handler,\@abi-omnipotent -.align 16 -mul_handler: - push %rsi - push %rdi - push %rbx - push %rbp - push %r12 - push %r13 - push %r14 - push %r15 - pushfq - sub \$64,%rsp - - mov 120($context),%rax # pull context->Rax - mov 248($context),%rbx # pull context->Rip - - mov 8($disp),%rsi # disp->ImageBase - mov 56($disp),%r11 # disp->HandlerData - - mov 0(%r11),%r10d # HandlerData[0] - lea (%rsi,%r10),%r10 # end of prologue label - cmp %r10,%rbx # context->RipRipRsp - - mov 8(%r11),%r10d # HandlerData[2] - lea (%rsi,%r10),%r10 # epilogue label - cmp %r10,%rbx # context->Rip>=epilogue label - jae .Lcommon_seh_tail - - lea .Lmul_epilogue(%rip),%r10 - cmp %r10,%rbx - ja .Lbody_40 - - mov 192($context),%r10 # pull $num - mov 8(%rax,%r10,8),%rax # pull saved stack pointer - - jmp .Lcommon_pop_regs - -.Lbody_40: - mov 40(%rax),%rax # pull saved stack pointer -.Lcommon_pop_regs: - mov -8(%rax),%rbx - mov -16(%rax),%rbp - mov -24(%rax),%r12 - mov -32(%rax),%r13 - mov -40(%rax),%r14 - mov -48(%rax),%r15 - mov %rbx,144($context) # restore context->Rbx - mov %rbp,160($context) # restore context->Rbp - mov %r12,216($context) # restore context->R12 - mov %r13,224($context) # restore context->R13 - mov %r14,232($context) # restore context->R14 - mov %r15,240($context) # restore context->R15 - -.Lcommon_seh_tail: - mov 8(%rax),%rdi - mov 16(%rax),%rsi - mov %rax,152($context) # restore context->Rsp - mov %rsi,168($context) # restore context->Rsi - mov %rdi,176($context) # restore context->Rdi - - mov 40($disp),%rdi # disp->ContextRecord - mov $context,%rsi # context - mov \$154,%ecx # sizeof(CONTEXT) - .long 0xa548f3fc # cld; rep movsq - - mov $disp,%rsi - xor %rcx,%rcx # arg1, UNW_FLAG_NHANDLER - mov 8(%rsi),%rdx # arg2, disp->ImageBase - mov 0(%rsi),%r8 # arg3, disp->ControlPc - mov 16(%rsi),%r9 # arg4, disp->FunctionEntry - mov 40(%rsi),%r10 # disp->ContextRecord - lea 56(%rsi),%r11 # &disp->HandlerData - lea 24(%rsi),%r12 # &disp->EstablisherFrame - mov %r10,32(%rsp) # arg5 - mov %r11,40(%rsp) # arg6 - mov %r12,48(%rsp) # arg7 - mov %rcx,56(%rsp) # arg8, (NULL) - call *__imp_RtlVirtualUnwind(%rip) - - mov \$1,%eax # ExceptionContinueSearch - add \$64,%rsp - popfq - pop %r15 - pop %r14 - pop %r13 - pop %r12 - pop %rbp - pop %rbx - pop %rdi - pop %rsi - ret -.size mul_handler,.-mul_handler - -.section .pdata -.align 4 - .rva .LSEH_begin_bn_mul_mont_gather5 - .rva .LSEH_end_bn_mul_mont_gather5 - .rva .LSEH_info_bn_mul_mont_gather5 - - .rva .LSEH_begin_bn_mul4x_mont_gather5 - .rva .LSEH_end_bn_mul4x_mont_gather5 - .rva .LSEH_info_bn_mul4x_mont_gather5 - - .rva .LSEH_begin_bn_power5 - .rva .LSEH_end_bn_power5 - .rva .LSEH_info_bn_power5 -___ -$code.=<<___ if ($addx); - .rva .LSEH_begin_bn_mulx4x_mont_gather5 - .rva .LSEH_end_bn_mulx4x_mont_gather5 - .rva .LSEH_info_bn_mulx4x_mont_gather5 - - .rva .LSEH_begin_bn_powerx5 - .rva .LSEH_end_bn_powerx5 - .rva .LSEH_info_bn_powerx5 -___ -$code.=<<___; - .rva .LSEH_begin_bn_gather5 - .rva .LSEH_end_bn_gather5 - .rva .LSEH_info_bn_gather5 - -.section .xdata -.align 8 -.LSEH_info_bn_mul_mont_gather5: - .byte 9,0,0,0 - .rva mul_handler - .rva .Lmul_body,.Lmul_body,.Lmul_epilogue # HandlerData[] -.align 8 -.LSEH_info_bn_mul4x_mont_gather5: - .byte 9,0,0,0 - .rva mul_handler - .rva .Lmul4x_prologue,.Lmul4x_body,.Lmul4x_epilogue # HandlerData[] -.align 8 -.LSEH_info_bn_power5: - .byte 9,0,0,0 - .rva mul_handler - .rva .Lpower5_prologue,.Lpower5_body,.Lpower5_epilogue # HandlerData[] -___ -$code.=<<___ if ($addx); -.align 8 -.LSEH_info_bn_mulx4x_mont_gather5: - .byte 9,0,0,0 - .rva mul_handler - .rva .Lmulx4x_prologue,.Lmulx4x_body,.Lmulx4x_epilogue # HandlerData[] -.align 8 -.LSEH_info_bn_powerx5: - .byte 9,0,0,0 - .rva mul_handler - .rva .Lpowerx5_prologue,.Lpowerx5_body,.Lpowerx5_epilogue # HandlerData[] -___ -$code.=<<___; -.align 8 -.LSEH_info_bn_gather5: - .byte 0x01,0x0b,0x03,0x0a - .byte 0x0b,0x01,0x21,0x00 # sub rsp,0x108 - .byte 0x04,0xa3,0x00,0x00 # lea r10,(rsp) -.align 8 -___ -} - -$code =~ s/\`([^\`]*)\`/eval($1)/gem; - -print $code; -close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/bn/bn_add.c b/crypto/bn/bn_add.c deleted file mode 100644 index ae3e549e44307f0ef1883f5fdc4dae0dbc48f38f..0000000000000000000000000000000000000000 --- a/crypto/bn/bn_add.c +++ /dev/null @@ -1,171 +0,0 @@ -/* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include "internal/cryptlib.h" -#include "bn_local.h" - -/* signed add of b to a. */ -int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) -{ - int ret, r_neg, cmp_res; - - bn_check_top(a); - bn_check_top(b); - - if (a->neg == b->neg) { - r_neg = a->neg; - ret = BN_uadd(r, a, b); - } else { - cmp_res = BN_ucmp(a, b); - if (cmp_res > 0) { - r_neg = a->neg; - ret = BN_usub(r, a, b); - } else if (cmp_res < 0) { - r_neg = b->neg; - ret = BN_usub(r, b, a); - } else { - r_neg = 0; - BN_zero(r); - ret = 1; - } - } - - r->neg = r_neg; - bn_check_top(r); - return ret; -} - -/* signed sub of b from a. */ -int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) -{ - int ret, r_neg, cmp_res; - - bn_check_top(a); - bn_check_top(b); - - if (a->neg != b->neg) { - r_neg = a->neg; - ret = BN_uadd(r, a, b); - } else { - cmp_res = BN_ucmp(a, b); - if (cmp_res > 0) { - r_neg = a->neg; - ret = BN_usub(r, a, b); - } else if (cmp_res < 0) { - r_neg = !b->neg; - ret = BN_usub(r, b, a); - } else { - r_neg = 0; - BN_zero(r); - ret = 1; - } - } - - r->neg = r_neg; - bn_check_top(r); - return ret; -} - -/* unsigned add of b to a, r can be equal to a or b. */ -int BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) -{ - int max, min, dif; - const BN_ULONG *ap, *bp; - BN_ULONG *rp, carry, t1, t2; - - bn_check_top(a); - bn_check_top(b); - - if (a->top < b->top) { - const BIGNUM *tmp; - - tmp = a; - a = b; - b = tmp; - } - max = a->top; - min = b->top; - dif = max - min; - - if (bn_wexpand(r, max + 1) == NULL) - return 0; - - r->top = max; - - ap = a->d; - bp = b->d; - rp = r->d; - - carry = bn_add_words(rp, ap, bp, min); - rp += min; - ap += min; - - while (dif) { - dif--; - t1 = *(ap++); - t2 = (t1 + carry) & BN_MASK2; - *(rp++) = t2; - carry &= (t2 == 0); - } - *rp = carry; - r->top += carry; - - r->neg = 0; - bn_check_top(r); - return 1; -} - -/* unsigned subtraction of b from a, a must be larger than b. */ -int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) -{ - int max, min, dif; - BN_ULONG t1, t2, borrow, *rp; - const BN_ULONG *ap, *bp; - - bn_check_top(a); - bn_check_top(b); - - max = a->top; - min = b->top; - dif = max - min; - - if (dif < 0) { /* hmm... should not be happening */ - ERR_raise(ERR_LIB_BN, BN_R_ARG2_LT_ARG3); - return 0; - } - - if (bn_wexpand(r, max) == NULL) - return 0; - - ap = a->d; - bp = b->d; - rp = r->d; - - borrow = bn_sub_words(rp, ap, bp, min); - ap += min; - rp += min; - - while (dif) { - dif--; - t1 = *(ap++); - t2 = (t1 - borrow) & BN_MASK2; - *(rp++) = t2; - borrow &= (t1 == 0); - } - - while (max && *--rp == 0) - max--; - - r->top = max; - r->neg = 0; - bn_pollute(r); - - return 1; -} - diff --git a/crypto/bn/bn_asm.c b/crypto/bn/bn_asm.c deleted file mode 100644 index 257701d9dc7c11fcb5d2065e115af498207ecc38..0000000000000000000000000000000000000000 --- a/crypto/bn/bn_asm.c +++ /dev/null @@ -1,1039 +0,0 @@ -/* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include "internal/cryptlib.h" -#include "bn_local.h" - -#if defined(BN_LLONG) || defined(BN_UMULT_HIGH) - -BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, - BN_ULONG w) -{ - BN_ULONG c1 = 0; - - assert(num >= 0); - if (num <= 0) - return c1; - -# ifndef OPENSSL_SMALL_FOOTPRINT - while (num & ~3) { - mul_add(rp[0], ap[0], w, c1); - mul_add(rp[1], ap[1], w, c1); - mul_add(rp[2], ap[2], w, c1); - mul_add(rp[3], ap[3], w, c1); - ap += 4; - rp += 4; - num -= 4; - } -# endif - while (num) { - mul_add(rp[0], ap[0], w, c1); - ap++; - rp++; - num--; - } - - return c1; -} - -BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w) -{ - BN_ULONG c1 = 0; - - assert(num >= 0); - if (num <= 0) - return c1; - -# ifndef OPENSSL_SMALL_FOOTPRINT - while (num & ~3) { - mul(rp[0], ap[0], w, c1); - mul(rp[1], ap[1], w, c1); - mul(rp[2], ap[2], w, c1); - mul(rp[3], ap[3], w, c1); - ap += 4; - rp += 4; - num -= 4; - } -# endif - while (num) { - mul(rp[0], ap[0], w, c1); - ap++; - rp++; - num--; - } - return c1; -} - -void bn_sqr_words(BN_ULONG *r, const BN_ULONG *a, int n) -{ - assert(n >= 0); - if (n <= 0) - return; - -# ifndef OPENSSL_SMALL_FOOTPRINT - while (n & ~3) { - sqr(r[0], r[1], a[0]); - sqr(r[2], r[3], a[1]); - sqr(r[4], r[5], a[2]); - sqr(r[6], r[7], a[3]); - a += 4; - r += 8; - n -= 4; - } -# endif - while (n) { - sqr(r[0], r[1], a[0]); - a++; - r += 2; - n--; - } -} - -#else /* !(defined(BN_LLONG) || - * defined(BN_UMULT_HIGH)) */ - -BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, - BN_ULONG w) -{ - BN_ULONG c = 0; - BN_ULONG bl, bh; - - assert(num >= 0); - if (num <= 0) - return (BN_ULONG)0; - - bl = LBITS(w); - bh = HBITS(w); - -# ifndef OPENSSL_SMALL_FOOTPRINT - while (num & ~3) { - mul_add(rp[0], ap[0], bl, bh, c); - mul_add(rp[1], ap[1], bl, bh, c); - mul_add(rp[2], ap[2], bl, bh, c); - mul_add(rp[3], ap[3], bl, bh, c); - ap += 4; - rp += 4; - num -= 4; - } -# endif - while (num) { - mul_add(rp[0], ap[0], bl, bh, c); - ap++; - rp++; - num--; - } - return c; -} - -BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w) -{ - BN_ULONG carry = 0; - BN_ULONG bl, bh; - - assert(num >= 0); - if (num <= 0) - return (BN_ULONG)0; - - bl = LBITS(w); - bh = HBITS(w); - -# ifndef OPENSSL_SMALL_FOOTPRINT - while (num & ~3) { - mul(rp[0], ap[0], bl, bh, carry); - mul(rp[1], ap[1], bl, bh, carry); - mul(rp[2], ap[2], bl, bh, carry); - mul(rp[3], ap[3], bl, bh, carry); - ap += 4; - rp += 4; - num -= 4; - } -# endif - while (num) { - mul(rp[0], ap[0], bl, bh, carry); - ap++; - rp++; - num--; - } - return carry; -} - -void bn_sqr_words(BN_ULONG *r, const BN_ULONG *a, int n) -{ - assert(n >= 0); - if (n <= 0) - return; - -# ifndef OPENSSL_SMALL_FOOTPRINT - while (n & ~3) { - sqr64(r[0], r[1], a[0]); - sqr64(r[2], r[3], a[1]); - sqr64(r[4], r[5], a[2]); - sqr64(r[6], r[7], a[3]); - a += 4; - r += 8; - n -= 4; - } -# endif - while (n) { - sqr64(r[0], r[1], a[0]); - a++; - r += 2; - n--; - } -} - -#endif /* !(defined(BN_LLONG) || - * defined(BN_UMULT_HIGH)) */ - -#if defined(BN_LLONG) && defined(BN_DIV2W) - -BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d) -{ - return ((BN_ULONG)(((((BN_ULLONG) h) << BN_BITS2) | l) / (BN_ULLONG) d)); -} - -#else - -/* Divide h,l by d and return the result. */ -/* I need to test this some more :-( */ -BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d) -{ - BN_ULONG dh, dl, q, ret = 0, th, tl, t; - int i, count = 2; - - if (d == 0) - return BN_MASK2; - - i = BN_num_bits_word(d); - assert((i == BN_BITS2) || (h <= (BN_ULONG)1 << i)); - - i = BN_BITS2 - i; - if (h >= d) - h -= d; - - if (i) { - d <<= i; - h = (h << i) | (l >> (BN_BITS2 - i)); - l <<= i; - } - dh = (d & BN_MASK2h) >> BN_BITS4; - dl = (d & BN_MASK2l); - for (;;) { - if ((h >> BN_BITS4) == dh) - q = BN_MASK2l; - else - q = h / dh; - - th = q * dh; - tl = dl * q; - for (;;) { - t = h - th; - if ((t & BN_MASK2h) || - ((tl) <= ((t << BN_BITS4) | ((l & BN_MASK2h) >> BN_BITS4)))) - break; - q--; - th -= dh; - tl -= dl; - } - t = (tl >> BN_BITS4); - tl = (tl << BN_BITS4) & BN_MASK2h; - th += t; - - if (l < tl) - th++; - l -= tl; - if (h < th) { - h += d; - q--; - } - h -= th; - - if (--count == 0) - break; - - ret = q << BN_BITS4; - h = ((h << BN_BITS4) | (l >> BN_BITS4)) & BN_MASK2; - l = (l & BN_MASK2l) << BN_BITS4; - } - ret |= q; - return ret; -} -#endif /* !defined(BN_LLONG) && defined(BN_DIV2W) */ - -#ifdef BN_LLONG -BN_ULONG bn_add_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, - int n) -{ - BN_ULLONG ll = 0; - - assert(n >= 0); - if (n <= 0) - return (BN_ULONG)0; - -# ifndef OPENSSL_SMALL_FOOTPRINT - while (n & ~3) { - ll += (BN_ULLONG) a[0] + b[0]; - r[0] = (BN_ULONG)ll & BN_MASK2; - ll >>= BN_BITS2; - ll += (BN_ULLONG) a[1] + b[1]; - r[1] = (BN_ULONG)ll & BN_MASK2; - ll >>= BN_BITS2; - ll += (BN_ULLONG) a[2] + b[2]; - r[2] = (BN_ULONG)ll & BN_MASK2; - ll >>= BN_BITS2; - ll += (BN_ULLONG) a[3] + b[3]; - r[3] = (BN_ULONG)ll & BN_MASK2; - ll >>= BN_BITS2; - a += 4; - b += 4; - r += 4; - n -= 4; - } -# endif - while (n) { - ll += (BN_ULLONG) a[0] + b[0]; - r[0] = (BN_ULONG)ll & BN_MASK2; - ll >>= BN_BITS2; - a++; - b++; - r++; - n--; - } - return (BN_ULONG)ll; -} -#else /* !BN_LLONG */ -BN_ULONG bn_add_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, - int n) -{ - BN_ULONG c, l, t; - - assert(n >= 0); - if (n <= 0) - return (BN_ULONG)0; - - c = 0; -# ifndef OPENSSL_SMALL_FOOTPRINT - while (n & ~3) { - t = a[0]; - t = (t + c) & BN_MASK2; - c = (t < c); - l = (t + b[0]) & BN_MASK2; - c += (l < t); - r[0] = l; - t = a[1]; - t = (t + c) & BN_MASK2; - c = (t < c); - l = (t + b[1]) & BN_MASK2; - c += (l < t); - r[1] = l; - t = a[2]; - t = (t + c) & BN_MASK2; - c = (t < c); - l = (t + b[2]) & BN_MASK2; - c += (l < t); - r[2] = l; - t = a[3]; - t = (t + c) & BN_MASK2; - c = (t < c); - l = (t + b[3]) & BN_MASK2; - c += (l < t); - r[3] = l; - a += 4; - b += 4; - r += 4; - n -= 4; - } -# endif - while (n) { - t = a[0]; - t = (t + c) & BN_MASK2; - c = (t < c); - l = (t + b[0]) & BN_MASK2; - c += (l < t); - r[0] = l; - a++; - b++; - r++; - n--; - } - return (BN_ULONG)c; -} -#endif /* !BN_LLONG */ - -BN_ULONG bn_sub_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, - int n) -{ - BN_ULONG t1, t2; - int c = 0; - - assert(n >= 0); - if (n <= 0) - return (BN_ULONG)0; - -#ifndef OPENSSL_SMALL_FOOTPRINT - while (n & ~3) { - t1 = a[0]; - t2 = b[0]; - r[0] = (t1 - t2 - c) & BN_MASK2; - if (t1 != t2) - c = (t1 < t2); - t1 = a[1]; - t2 = b[1]; - r[1] = (t1 - t2 - c) & BN_MASK2; - if (t1 != t2) - c = (t1 < t2); - t1 = a[2]; - t2 = b[2]; - r[2] = (t1 - t2 - c) & BN_MASK2; - if (t1 != t2) - c = (t1 < t2); - t1 = a[3]; - t2 = b[3]; - r[3] = (t1 - t2 - c) & BN_MASK2; - if (t1 != t2) - c = (t1 < t2); - a += 4; - b += 4; - r += 4; - n -= 4; - } -#endif - while (n) { - t1 = a[0]; - t2 = b[0]; - r[0] = (t1 - t2 - c) & BN_MASK2; - if (t1 != t2) - c = (t1 < t2); - a++; - b++; - r++; - n--; - } - return c; -} - -#if defined(BN_MUL_COMBA) && !defined(OPENSSL_SMALL_FOOTPRINT) - -# undef bn_mul_comba8 -# undef bn_mul_comba4 -# undef bn_sqr_comba8 -# undef bn_sqr_comba4 - -/* mul_add_c(a,b,c0,c1,c2) -- c+=a*b for three word number c=(c2,c1,c0) */ -/* mul_add_c2(a,b,c0,c1,c2) -- c+=2*a*b for three word number c=(c2,c1,c0) */ -/* sqr_add_c(a,i,c0,c1,c2) -- c+=a[i]^2 for three word number c=(c2,c1,c0) */ -/* - * sqr_add_c2(a,i,c0,c1,c2) -- c+=2*a[i]*a[j] for three word number - * c=(c2,c1,c0) - */ - -# ifdef BN_LLONG -/* - * Keep in mind that additions to multiplication result can not - * overflow, because its high half cannot be all-ones. - */ -# define mul_add_c(a,b,c0,c1,c2) do { \ - BN_ULONG hi; \ - BN_ULLONG t = (BN_ULLONG)(a)*(b); \ - t += c0; /* no carry */ \ - c0 = (BN_ULONG)Lw(t); \ - hi = (BN_ULONG)Hw(t); \ - c1 = (c1+hi)&BN_MASK2; if (c1 -/* - * This is essentially reference implementation, which may or may not - * result in performance improvement. E.g. on IA-32 this routine was - * observed to give 40% faster rsa1024 private key operations and 10% - * faster rsa4096 ones, while on AMD64 it improves rsa1024 sign only - * by 10% and *worsens* rsa4096 sign by 15%. Once again, it's a - * reference implementation, one to be used as starting point for - * platform-specific assembler. Mentioned numbers apply to compiler - * generated code compiled with and without -DOPENSSL_BN_ASM_MONT and - * can vary not only from platform to platform, but even for compiler - * versions. Assembler vs. assembler improvement coefficients can - * [and are known to] differ and are to be documented elsewhere. - */ -int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, - const BN_ULONG *np, const BN_ULONG *n0p, int num) -{ - BN_ULONG c0, c1, ml, *tp, n0; -# ifdef mul64 - BN_ULONG mh; -# endif - volatile BN_ULONG *vp; - int i = 0, j; - -# if 0 /* template for platform-specific - * implementation */ - if (ap == bp) - return bn_sqr_mont(rp, ap, np, n0p, num); -# endif - vp = tp = alloca((num + 2) * sizeof(BN_ULONG)); - - n0 = *n0p; - - c0 = 0; - ml = bp[0]; -# ifdef mul64 - mh = HBITS(ml); - ml = LBITS(ml); - for (j = 0; j < num; ++j) - mul(tp[j], ap[j], ml, mh, c0); -# else - for (j = 0; j < num; ++j) - mul(tp[j], ap[j], ml, c0); -# endif - - tp[num] = c0; - tp[num + 1] = 0; - goto enter; - - for (i = 0; i < num; i++) { - c0 = 0; - ml = bp[i]; -# ifdef mul64 - mh = HBITS(ml); - ml = LBITS(ml); - for (j = 0; j < num; ++j) - mul_add(tp[j], ap[j], ml, mh, c0); -# else - for (j = 0; j < num; ++j) - mul_add(tp[j], ap[j], ml, c0); -# endif - c1 = (tp[num] + c0) & BN_MASK2; - tp[num] = c1; - tp[num + 1] = (c1 < c0 ? 1 : 0); - enter: - c1 = tp[0]; - ml = (c1 * n0) & BN_MASK2; - c0 = 0; -# ifdef mul64 - mh = HBITS(ml); - ml = LBITS(ml); - mul_add(c1, np[0], ml, mh, c0); -# else - mul_add(c1, ml, np[0], c0); -# endif - for (j = 1; j < num; j++) { - c1 = tp[j]; -# ifdef mul64 - mul_add(c1, np[j], ml, mh, c0); -# else - mul_add(c1, ml, np[j], c0); -# endif - tp[j - 1] = c1 & BN_MASK2; - } - c1 = (tp[num] + c0) & BN_MASK2; - tp[num - 1] = c1; - tp[num] = tp[num + 1] + (c1 < c0 ? 1 : 0); - } - - if (tp[num] != 0 || tp[num - 1] >= np[num - 1]) { - c0 = bn_sub_words(rp, tp, np, num); - if (tp[num] != 0 || c0 == 0) { - for (i = 0; i < num + 2; i++) - vp[i] = 0; - return 1; - } - } - for (i = 0; i < num; i++) - rp[i] = tp[i], vp[i] = 0; - vp[num] = 0; - vp[num + 1] = 0; - return 1; -} -# else -/* - * Return value of 0 indicates that multiplication/convolution was not - * performed to signal the caller to fall down to alternative/original - * code-path. - */ -int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, - const BN_ULONG *np, const BN_ULONG *n0, int num) -{ - return 0; -} -# endif /* OPENSSL_BN_ASM_MONT */ -# endif - -#else /* !BN_MUL_COMBA */ - -/* hmm... is it faster just to do a multiply? */ -# undef bn_sqr_comba4 -# undef bn_sqr_comba8 -void bn_sqr_comba4(BN_ULONG *r, const BN_ULONG *a) -{ - BN_ULONG t[8]; - bn_sqr_normal(r, a, 4, t); -} - -void bn_sqr_comba8(BN_ULONG *r, const BN_ULONG *a) -{ - BN_ULONG t[16]; - bn_sqr_normal(r, a, 8, t); -} - -void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b) -{ - r[4] = bn_mul_words(&(r[0]), a, 4, b[0]); - r[5] = bn_mul_add_words(&(r[1]), a, 4, b[1]); - r[6] = bn_mul_add_words(&(r[2]), a, 4, b[2]); - r[7] = bn_mul_add_words(&(r[3]), a, 4, b[3]); -} - -void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b) -{ - r[8] = bn_mul_words(&(r[0]), a, 8, b[0]); - r[9] = bn_mul_add_words(&(r[1]), a, 8, b[1]); - r[10] = bn_mul_add_words(&(r[2]), a, 8, b[2]); - r[11] = bn_mul_add_words(&(r[3]), a, 8, b[3]); - r[12] = bn_mul_add_words(&(r[4]), a, 8, b[4]); - r[13] = bn_mul_add_words(&(r[5]), a, 8, b[5]); - r[14] = bn_mul_add_words(&(r[6]), a, 8, b[6]); - r[15] = bn_mul_add_words(&(r[7]), a, 8, b[7]); -} - -# ifdef OPENSSL_NO_ASM -# ifdef OPENSSL_BN_ASM_MONT -# include -int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, - const BN_ULONG *np, const BN_ULONG *n0p, int num) -{ - BN_ULONG c0, c1, *tp, n0 = *n0p; - volatile BN_ULONG *vp; - int i = 0, j; - - vp = tp = alloca((num + 2) * sizeof(BN_ULONG)); - - for (i = 0; i <= num; i++) - tp[i] = 0; - - for (i = 0; i < num; i++) { - c0 = bn_mul_add_words(tp, ap, num, bp[i]); - c1 = (tp[num] + c0) & BN_MASK2; - tp[num] = c1; - tp[num + 1] = (c1 < c0 ? 1 : 0); - - c0 = bn_mul_add_words(tp, np, num, tp[0] * n0); - c1 = (tp[num] + c0) & BN_MASK2; - tp[num] = c1; - tp[num + 1] += (c1 < c0 ? 1 : 0); - for (j = 0; j <= num; j++) - tp[j] = tp[j + 1]; - } - - if (tp[num] != 0 || tp[num - 1] >= np[num - 1]) { - c0 = bn_sub_words(rp, tp, np, num); - if (tp[num] != 0 || c0 == 0) { - for (i = 0; i < num + 2; i++) - vp[i] = 0; - return 1; - } - } - for (i = 0; i < num; i++) - rp[i] = tp[i], vp[i] = 0; - vp[num] = 0; - vp[num + 1] = 0; - return 1; -} -# else -int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, - const BN_ULONG *np, const BN_ULONG *n0, int num) -{ - return 0; -} -# endif /* OPENSSL_BN_ASM_MONT */ -# endif - -#endif /* !BN_MUL_COMBA */ diff --git a/crypto/bn/bn_const.c b/crypto/bn/bn_const.c deleted file mode 100644 index a36e0ac792dd6a193096e20b04e20d8779f2e56b..0000000000000000000000000000000000000000 --- a/crypto/bn/bn_const.c +++ /dev/null @@ -1,153 +0,0 @@ -/* - * Copyright 2005-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "crypto/bn_dh.h" - -#define COPY_BN(dst, src) (dst != NULL) ? BN_copy(dst, &src) : BN_dup(&src) - - -/*- - * "First Oakley Default Group" from RFC2409, section 6.1. - * - * The prime is: 2^768 - 2 ^704 - 1 + 2^64 * { [2^638 pi] + 149686 } - * - * RFC2409 specifies a generator of 2. - * RFC2412 specifies a generator of of 22. - */ - -BIGNUM *BN_get_rfc2409_prime_768(BIGNUM *bn) -{ - static const unsigned char RFC2409_PRIME_768[] = { - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34, - 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, - 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, - 0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22, - 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, - 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, - 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37, - 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, - 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, - 0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x3A, 0x36, 0x20, - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - }; - return BN_bin2bn(RFC2409_PRIME_768, sizeof(RFC2409_PRIME_768), bn); -} - -/*- - * "Second Oakley Default Group" from RFC2409, section 6.2. - * - * The prime is: 2^1024 - 2^960 - 1 + 2^64 * { [2^894 pi] + 129093 }. - * - * RFC2409 specifies a generator of 2. - * RFC2412 specifies a generator of 22. - */ - -BIGNUM *BN_get_rfc2409_prime_1024(BIGNUM *bn) -{ - static const unsigned char RFC2409_PRIME_1024[] = { - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34, - 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, - 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, - 0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22, - 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, - 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, - 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37, - 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, - 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, - 0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B, - 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED, - 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, - 0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6, - 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE6, 0x53, 0x81, - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - }; - return BN_bin2bn(RFC2409_PRIME_1024, sizeof(RFC2409_PRIME_1024), bn); -} - -/*- - * "1536-bit MODP Group" from RFC3526, Section 2. - * - * The prime is: 2^1536 - 2^1472 - 1 + 2^64 * { [2^1406 pi] + 741804 } - * - * RFC3526 specifies a generator of 2. - * RFC2312 specifies a generator of 22. - */ - -BIGNUM *BN_get_rfc3526_prime_1536(BIGNUM *bn) -{ - return COPY_BN(bn, ossl_bignum_modp_1536_p); -} - -/*- - * "2048-bit MODP Group" from RFC3526, Section 3. - * - * The prime is: 2^2048 - 2^1984 - 1 + 2^64 * { [2^1918 pi] + 124476 } - * - * RFC3526 specifies a generator of 2. - */ - -BIGNUM *BN_get_rfc3526_prime_2048(BIGNUM *bn) -{ - return COPY_BN(bn, ossl_bignum_modp_2048_p); -} - -/*- - * "3072-bit MODP Group" from RFC3526, Section 4. - * - * The prime is: 2^3072 - 2^3008 - 1 + 2^64 * { [2^2942 pi] + 1690314 } - * - * RFC3526 specifies a generator of 2. - */ - -BIGNUM *BN_get_rfc3526_prime_3072(BIGNUM *bn) -{ - return COPY_BN(bn, ossl_bignum_modp_3072_p); -} - -/*- - * "4096-bit MODP Group" from RFC3526, Section 5. - * - * The prime is: 2^4096 - 2^4032 - 1 + 2^64 * { [2^3966 pi] + 240904 } - * - * RFC3526 specifies a generator of 2. - */ - -BIGNUM *BN_get_rfc3526_prime_4096(BIGNUM *bn) -{ - return COPY_BN(bn, ossl_bignum_modp_4096_p); -} - -/*- - * "6144-bit MODP Group" from RFC3526, Section 6. - * - * The prime is: 2^6144 - 2^6080 - 1 + 2^64 * { [2^6014 pi] + 929484 } - * - * RFC3526 specifies a generator of 2. - */ - -BIGNUM *BN_get_rfc3526_prime_6144(BIGNUM *bn) -{ - return COPY_BN(bn, ossl_bignum_modp_6144_p); -} - -/*- - * "8192-bit MODP Group" from RFC3526, Section 7. - * - * The prime is: 2^8192 - 2^8128 - 1 + 2^64 * { [2^8062 pi] + 4743158 } - * - * RFC3526 specifies a generator of 2. - */ - -BIGNUM *BN_get_rfc3526_prime_8192(BIGNUM *bn) -{ - return COPY_BN(bn, ossl_bignum_modp_8192_p); -} diff --git a/crypto/bn/bn_conv.c b/crypto/bn/bn_conv.c deleted file mode 100644 index 75054f5d6a6c7432773276b077dc498e65b9ed64..0000000000000000000000000000000000000000 --- a/crypto/bn/bn_conv.c +++ /dev/null @@ -1,291 +0,0 @@ -/* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "crypto/ctype.h" -#include "bn_local.h" - -static const char Hex[] = "0123456789ABCDEF"; - -/* Must 'OPENSSL_free' the returned data */ -char *BN_bn2hex(const BIGNUM *a) -{ - int i, j, v, z = 0; - char *buf; - char *p; - - if (BN_is_zero(a)) - return OPENSSL_strdup("0"); - buf = OPENSSL_malloc(a->top * BN_BYTES * 2 + 2); - if (buf == NULL) { - ERR_raise(ERR_LIB_BN, ERR_R_MALLOC_FAILURE); - goto err; - } - p = buf; - if (a->neg) - *p++ = '-'; - for (i = a->top - 1; i >= 0; i--) { - for (j = BN_BITS2 - 8; j >= 0; j -= 8) { - /* strip leading zeros */ - v = (int)((a->d[i] >> j) & 0xff); - if (z || v != 0) { - *p++ = Hex[v >> 4]; - *p++ = Hex[v & 0x0f]; - z = 1; - } - } - } - *p = '\0'; - err: - return buf; -} - -#ifndef FIPS_MODULE -/* No BIO_snprintf in FIPS_MODULE */ -/* Must 'OPENSSL_free' the returned data */ -char *BN_bn2dec(const BIGNUM *a) -{ - int i = 0, num, ok = 0, n, tbytes; - char *buf = NULL; - char *p; - BIGNUM *t = NULL; - BN_ULONG *bn_data = NULL, *lp; - int bn_data_num; - - /*- - * get an upper bound for the length of the decimal integer - * num <= (BN_num_bits(a) + 1) * log(2) - * <= 3 * BN_num_bits(a) * 0.101 + log(2) + 1 (rounding error) - * <= 3 * BN_num_bits(a) / 10 + 3 * BN_num_bits / 1000 + 1 + 1 - */ - i = BN_num_bits(a) * 3; - num = (i / 10 + i / 1000 + 1) + 1; - tbytes = num + 3; /* negative and terminator and one spare? */ - bn_data_num = num / BN_DEC_NUM + 1; - bn_data = OPENSSL_malloc(bn_data_num * sizeof(BN_ULONG)); - buf = OPENSSL_malloc(tbytes); - if (buf == NULL || bn_data == NULL) { - ERR_raise(ERR_LIB_BN, ERR_R_MALLOC_FAILURE); - goto err; - } - if ((t = BN_dup(a)) == NULL) - goto err; - - p = buf; - lp = bn_data; - if (BN_is_zero(t)) { - *p++ = '0'; - *p++ = '\0'; - } else { - if (BN_is_negative(t)) - *p++ = '-'; - - while (!BN_is_zero(t)) { - if (lp - bn_data >= bn_data_num) - goto err; - *lp = BN_div_word(t, BN_DEC_CONV); - if (*lp == (BN_ULONG)-1) - goto err; - lp++; - } - lp--; - /* - * We now have a series of blocks, BN_DEC_NUM chars in length, where - * the last one needs truncation. The blocks need to be reversed in - * order. - */ - n = BIO_snprintf(p, tbytes - (size_t)(p - buf), BN_DEC_FMT1, *lp); - if (n < 0) - goto err; - p += n; - while (lp != bn_data) { - lp--; - n = BIO_snprintf(p, tbytes - (size_t)(p - buf), BN_DEC_FMT2, *lp); - if (n < 0) - goto err; - p += n; - } - } - ok = 1; - err: - OPENSSL_free(bn_data); - BN_free(t); - if (ok) - return buf; - OPENSSL_free(buf); - return NULL; -} -#endif - -int BN_hex2bn(BIGNUM **bn, const char *a) -{ - BIGNUM *ret = NULL; - BN_ULONG l = 0; - int neg = 0, h, m, i, j, k, c; - int num; - - if (a == NULL || *a == '\0') - return 0; - - if (*a == '-') { - neg = 1; - a++; - } - - for (i = 0; i <= INT_MAX / 4 && ossl_isxdigit(a[i]); i++) - continue; - - if (i == 0 || i > INT_MAX / 4) - return 0; - - num = i + neg; - if (bn == NULL) - return num; - - /* a is the start of the hex digits, and it is 'i' long */ - if (*bn == NULL) { - if ((ret = BN_new()) == NULL) - return 0; - } else { - ret = *bn; - if (BN_get_flags(ret, BN_FLG_STATIC_DATA)) { - ERR_raise(ERR_LIB_BN, ERR_R_PASSED_INVALID_ARGUMENT); - return 0; - } - BN_zero(ret); - } - - /* i is the number of hex digits */ - if (bn_expand(ret, i * 4) == NULL) - goto err; - - j = i; /* least significant 'hex' */ - m = 0; - h = 0; - while (j > 0) { - m = (BN_BYTES * 2 <= j) ? BN_BYTES * 2 : j; - l = 0; - for (;;) { - c = a[j - m]; - k = OPENSSL_hexchar2int(c); - if (k < 0) - k = 0; /* paranoia */ - l = (l << 4) | k; - - if (--m <= 0) { - ret->d[h++] = l; - break; - } - } - j -= BN_BYTES * 2; - } - ret->top = h; - bn_correct_top(ret); - - *bn = ret; - bn_check_top(ret); - /* Don't set the negative flag if it's zero. */ - if (ret->top != 0) - ret->neg = neg; - return num; - err: - if (*bn == NULL) - BN_free(ret); - return 0; -} - -int BN_dec2bn(BIGNUM **bn, const char *a) -{ - BIGNUM *ret = NULL; - BN_ULONG l = 0; - int neg = 0, i, j; - int num; - - if (a == NULL || *a == '\0') - return 0; - if (*a == '-') { - neg = 1; - a++; - } - - for (i = 0; i <= INT_MAX / 4 && ossl_isdigit(a[i]); i++) - continue; - - if (i == 0 || i > INT_MAX / 4) - goto err; - - num = i + neg; - if (bn == NULL) - return num; - - /* - * a is the start of the digits, and it is 'i' long. We chop it into - * BN_DEC_NUM digits at a time - */ - if (*bn == NULL) { - if ((ret = BN_new()) == NULL) - return 0; - } else { - ret = *bn; - BN_zero(ret); - } - - /* i is the number of digits, a bit of an over expand */ - if (bn_expand(ret, i * 4) == NULL) - goto err; - - j = BN_DEC_NUM - i % BN_DEC_NUM; - if (j == BN_DEC_NUM) - j = 0; - l = 0; - while (--i >= 0) { - l *= 10; - l += *a - '0'; - a++; - if (++j == BN_DEC_NUM) { - if (!BN_mul_word(ret, BN_DEC_CONV) - || !BN_add_word(ret, l)) - goto err; - l = 0; - j = 0; - } - } - - bn_correct_top(ret); - *bn = ret; - bn_check_top(ret); - /* Don't set the negative flag if it's zero. */ - if (ret->top != 0) - ret->neg = neg; - return num; - err: - if (*bn == NULL) - BN_free(ret); - return 0; -} - -int BN_asc2bn(BIGNUM **bn, const char *a) -{ - const char *p = a; - - if (*p == '-') - p++; - - if (p[0] == '0' && (p[1] == 'X' || p[1] == 'x')) { - if (!BN_hex2bn(bn, p + 2)) - return 0; - } else { - if (!BN_dec2bn(bn, p)) - return 0; - } - /* Don't set the negative flag if it's zero. */ - if (*a == '-' && (*bn)->top != 0) - (*bn)->neg = 1; - return 1; -} diff --git a/crypto/bn/bn_ctx.c b/crypto/bn/bn_ctx.c deleted file mode 100644 index 35a7ddbab7375189a4ae7a410b31acab6c986197..0000000000000000000000000000000000000000 --- a/crypto/bn/bn_ctx.c +++ /dev/null @@ -1,370 +0,0 @@ -/* - * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/cryptlib.h" -#include "bn_local.h" - -/* How many bignums are in each "pool item"; */ -#define BN_CTX_POOL_SIZE 16 -/* The stack frame info is resizing, set a first-time expansion size; */ -#define BN_CTX_START_FRAMES 32 - -/***********/ -/* BN_POOL */ -/***********/ - -/* A bundle of bignums that can be linked with other bundles */ -typedef struct bignum_pool_item { - /* The bignum values */ - BIGNUM vals[BN_CTX_POOL_SIZE]; - /* Linked-list admin */ - struct bignum_pool_item *prev, *next; -} BN_POOL_ITEM; -/* A linked-list of bignums grouped in bundles */ -typedef struct bignum_pool { - /* Linked-list admin */ - BN_POOL_ITEM *head, *current, *tail; - /* Stack depth and allocation size */ - unsigned used, size; -} BN_POOL; -static void BN_POOL_init(BN_POOL *); -static void BN_POOL_finish(BN_POOL *); -static BIGNUM *BN_POOL_get(BN_POOL *, int); -static void BN_POOL_release(BN_POOL *, unsigned int); - -/************/ -/* BN_STACK */ -/************/ - -/* A wrapper to manage the "stack frames" */ -typedef struct bignum_ctx_stack { - /* Array of indexes into the bignum stack */ - unsigned int *indexes; - /* Number of stack frames, and the size of the allocated array */ - unsigned int depth, size; -} BN_STACK; -static void BN_STACK_init(BN_STACK *); -static void BN_STACK_finish(BN_STACK *); -static int BN_STACK_push(BN_STACK *, unsigned int); -static unsigned int BN_STACK_pop(BN_STACK *); - -/**********/ -/* BN_CTX */ -/**********/ - -/* The opaque BN_CTX type */ -struct bignum_ctx { - /* The bignum bundles */ - BN_POOL pool; - /* The "stack frames", if you will */ - BN_STACK stack; - /* The number of bignums currently assigned */ - unsigned int used; - /* Depth of stack overflow */ - int err_stack; - /* Block "gets" until an "end" (compatibility behaviour) */ - int too_many; - /* Flags. */ - int flags; - /* The library context */ - OSSL_LIB_CTX *libctx; -}; - -#ifndef FIPS_MODULE -/* Debugging functionality */ -static void ctxdbg(BIO *channel, const char *text, BN_CTX *ctx) -{ - unsigned int bnidx = 0, fpidx = 0; - BN_POOL_ITEM *item = ctx->pool.head; - BN_STACK *stack = &ctx->stack; - - BIO_printf(channel, "%s\n", text); - BIO_printf(channel, " (%16p): ", (void*)ctx); - while (bnidx < ctx->used) { - BIO_printf(channel, "%03x ", - item->vals[bnidx++ % BN_CTX_POOL_SIZE].dmax); - if (!(bnidx % BN_CTX_POOL_SIZE)) - item = item->next; - } - BIO_printf(channel, "\n"); - bnidx = 0; - BIO_printf(channel, " %16s : ", ""); - while (fpidx < stack->depth) { - while (bnidx++ < stack->indexes[fpidx]) - BIO_printf(channel, " "); - BIO_printf(channel, "^^^ "); - bnidx++; - fpidx++; - } - BIO_printf(channel, "\n"); -} - -# define CTXDBG(str, ctx) \ - OSSL_TRACE_BEGIN(BN_CTX) { \ - ctxdbg(trc_out, str, ctx); \ - } OSSL_TRACE_END(BN_CTX) -#else -/* We do not want tracing in FIPS module */ -# define CTXDBG(str, ctx) do {} while(0) -#endif /* FIPS_MODULE */ - -BN_CTX *BN_CTX_new_ex(OSSL_LIB_CTX *ctx) -{ - BN_CTX *ret; - - if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL) { - ERR_raise(ERR_LIB_BN, ERR_R_MALLOC_FAILURE); - return NULL; - } - /* Initialise the structure */ - BN_POOL_init(&ret->pool); - BN_STACK_init(&ret->stack); - ret->libctx = ctx; - return ret; -} - -#ifndef FIPS_MODULE -BN_CTX *BN_CTX_new(void) -{ - return BN_CTX_new_ex(NULL); -} -#endif - -BN_CTX *BN_CTX_secure_new_ex(OSSL_LIB_CTX *ctx) -{ - BN_CTX *ret = BN_CTX_new_ex(ctx); - - if (ret != NULL) - ret->flags = BN_FLG_SECURE; - return ret; -} - -#ifndef FIPS_MODULE -BN_CTX *BN_CTX_secure_new(void) -{ - return BN_CTX_secure_new_ex(NULL); -} -#endif - -void BN_CTX_free(BN_CTX *ctx) -{ - if (ctx == NULL) - return; -#ifndef FIPS_MODULE - OSSL_TRACE_BEGIN(BN_CTX) { - BN_POOL_ITEM *pool = ctx->pool.head; - BIO_printf(trc_out, - "BN_CTX_free(): stack-size=%d, pool-bignums=%d\n", - ctx->stack.size, ctx->pool.size); - BIO_printf(trc_out, " dmaxs: "); - while (pool) { - unsigned loop = 0; - while (loop < BN_CTX_POOL_SIZE) - BIO_printf(trc_out, "%02x ", pool->vals[loop++].dmax); - pool = pool->next; - } - BIO_printf(trc_out, "\n"); - } OSSL_TRACE_END(BN_CTX); -#endif - BN_STACK_finish(&ctx->stack); - BN_POOL_finish(&ctx->pool); - OPENSSL_free(ctx); -} - -void BN_CTX_start(BN_CTX *ctx) -{ - CTXDBG("ENTER BN_CTX_start()", ctx); - /* If we're already overflowing ... */ - if (ctx->err_stack || ctx->too_many) - ctx->err_stack++; - /* (Try to) get a new frame pointer */ - else if (!BN_STACK_push(&ctx->stack, ctx->used)) { - ERR_raise(ERR_LIB_BN, BN_R_TOO_MANY_TEMPORARY_VARIABLES); - ctx->err_stack++; - } - CTXDBG("LEAVE BN_CTX_start()", ctx); -} - -void BN_CTX_end(BN_CTX *ctx) -{ - if (ctx == NULL) - return; - CTXDBG("ENTER BN_CTX_end()", ctx); - if (ctx->err_stack) - ctx->err_stack--; - else { - unsigned int fp = BN_STACK_pop(&ctx->stack); - /* Does this stack frame have anything to release? */ - if (fp < ctx->used) - BN_POOL_release(&ctx->pool, ctx->used - fp); - ctx->used = fp; - /* Unjam "too_many" in case "get" had failed */ - ctx->too_many = 0; - } - CTXDBG("LEAVE BN_CTX_end()", ctx); -} - -BIGNUM *BN_CTX_get(BN_CTX *ctx) -{ - BIGNUM *ret; - - CTXDBG("ENTER BN_CTX_get()", ctx); - if (ctx->err_stack || ctx->too_many) - return NULL; - if ((ret = BN_POOL_get(&ctx->pool, ctx->flags)) == NULL) { - /* - * Setting too_many prevents repeated "get" attempts from cluttering - * the error stack. - */ - ctx->too_many = 1; - ERR_raise(ERR_LIB_BN, BN_R_TOO_MANY_TEMPORARY_VARIABLES); - return NULL; - } - /* OK, make sure the returned bignum is "zero" */ - BN_zero(ret); - /* clear BN_FLG_CONSTTIME if leaked from previous frames */ - ret->flags &= (~BN_FLG_CONSTTIME); - ctx->used++; - CTXDBG("LEAVE BN_CTX_get()", ctx); - return ret; -} - -OSSL_LIB_CTX *ossl_bn_get_libctx(BN_CTX *ctx) -{ - if (ctx == NULL) - return NULL; - return ctx->libctx; -} - -/************/ -/* BN_STACK */ -/************/ - -static void BN_STACK_init(BN_STACK *st) -{ - st->indexes = NULL; - st->depth = st->size = 0; -} - -static void BN_STACK_finish(BN_STACK *st) -{ - OPENSSL_free(st->indexes); - st->indexes = NULL; -} - - -static int BN_STACK_push(BN_STACK *st, unsigned int idx) -{ - if (st->depth == st->size) { - /* Need to expand */ - unsigned int newsize = - st->size ? (st->size * 3 / 2) : BN_CTX_START_FRAMES; - unsigned int *newitems; - - if ((newitems = OPENSSL_malloc(sizeof(*newitems) * newsize)) == NULL) { - ERR_raise(ERR_LIB_BN, ERR_R_MALLOC_FAILURE); - return 0; - } - if (st->depth) - memcpy(newitems, st->indexes, sizeof(*newitems) * st->depth); - OPENSSL_free(st->indexes); - st->indexes = newitems; - st->size = newsize; - } - st->indexes[(st->depth)++] = idx; - return 1; -} - -static unsigned int BN_STACK_pop(BN_STACK *st) -{ - return st->indexes[--(st->depth)]; -} - -/***********/ -/* BN_POOL */ -/***********/ - -static void BN_POOL_init(BN_POOL *p) -{ - p->head = p->current = p->tail = NULL; - p->used = p->size = 0; -} - -static void BN_POOL_finish(BN_POOL *p) -{ - unsigned int loop; - BIGNUM *bn; - - while (p->head) { - for (loop = 0, bn = p->head->vals; loop++ < BN_CTX_POOL_SIZE; bn++) - if (bn->d) - BN_clear_free(bn); - p->current = p->head->next; - OPENSSL_free(p->head); - p->head = p->current; - } -} - - -static BIGNUM *BN_POOL_get(BN_POOL *p, int flag) -{ - BIGNUM *bn; - unsigned int loop; - - /* Full; allocate a new pool item and link it in. */ - if (p->used == p->size) { - BN_POOL_ITEM *item; - - if ((item = OPENSSL_malloc(sizeof(*item))) == NULL) { - ERR_raise(ERR_LIB_BN, ERR_R_MALLOC_FAILURE); - return NULL; - } - for (loop = 0, bn = item->vals; loop++ < BN_CTX_POOL_SIZE; bn++) { - bn_init(bn); - if ((flag & BN_FLG_SECURE) != 0) - BN_set_flags(bn, BN_FLG_SECURE); - } - item->prev = p->tail; - item->next = NULL; - - if (p->head == NULL) - p->head = p->current = p->tail = item; - else { - p->tail->next = item; - p->tail = item; - p->current = item; - } - p->size += BN_CTX_POOL_SIZE; - p->used++; - /* Return the first bignum from the new pool */ - return item->vals; - } - - if (!p->used) - p->current = p->head; - else if ((p->used % BN_CTX_POOL_SIZE) == 0) - p->current = p->current->next; - return p->current->vals + ((p->used++) % BN_CTX_POOL_SIZE); -} - -static void BN_POOL_release(BN_POOL *p, unsigned int num) -{ - unsigned int offset = (p->used - 1) % BN_CTX_POOL_SIZE; - - p->used -= num; - while (num--) { - bn_check_top(p->current->vals + offset); - if (offset == 0) { - offset = BN_CTX_POOL_SIZE - 1; - p->current = p->current->prev; - } else - offset--; - } -} diff --git a/crypto/bn/bn_depr.c b/crypto/bn/bn_depr.c deleted file mode 100644 index d55397016a5143fde8b08c0eafa74a463ca13fb2..0000000000000000000000000000000000000000 --- a/crypto/bn/bn_depr.c +++ /dev/null @@ -1,63 +0,0 @@ -/* - * Copyright 2002-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * Support for deprecated functions goes here - static linkage will only - * slurp this code if applications are using them directly. - */ - -#include - -#include -#include -#include "internal/cryptlib.h" -#include "bn_local.h" - -BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe, - const BIGNUM *add, const BIGNUM *rem, - void (*callback) (int, int, void *), void *cb_arg) -{ - BN_GENCB cb; - BIGNUM *rnd = NULL; - - BN_GENCB_set_old(&cb, callback, cb_arg); - - if (ret == NULL) { - if ((rnd = BN_new()) == NULL) - goto err; - } else - rnd = ret; - if (!BN_generate_prime_ex(rnd, bits, safe, add, rem, &cb)) - goto err; - - /* we have a prime :-) */ - return rnd; - err: - BN_free(rnd); - return NULL; -} - -int BN_is_prime(const BIGNUM *a, int checks, - void (*callback) (int, int, void *), BN_CTX *ctx_passed, - void *cb_arg) -{ - BN_GENCB cb; - BN_GENCB_set_old(&cb, callback, cb_arg); - return ossl_bn_check_prime(a, checks, ctx_passed, 0, &cb); -} - -int BN_is_prime_fasttest(const BIGNUM *a, int checks, - void (*callback) (int, int, void *), - BN_CTX *ctx_passed, void *cb_arg, - int do_trial_division) -{ - BN_GENCB cb; - BN_GENCB_set_old(&cb, callback, cb_arg); - return ossl_bn_check_prime(a, checks, ctx_passed, do_trial_division, &cb); -} diff --git a/crypto/bn/bn_dh.c b/crypto/bn/bn_dh.c deleted file mode 100644 index c0967e534c8c2073b3e9281a38c6d6b95ce2fde3..0000000000000000000000000000000000000000 --- a/crypto/bn/bn_dh.c +++ /dev/null @@ -1,1054 +0,0 @@ -/* - * Copyright 2014-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include "bn_local.h" -#include "internal/nelem.h" - -# include -# include "crypto/bn_dh.h" - -# if BN_BITS2 == 64 -# define BN_DEF(lo, hi) (BN_ULONG)hi << 32 | lo -# else -# define BN_DEF(lo, hi) lo, hi -# endif - -/* DH parameters from RFC3526 */ - -# ifndef FIPS_MODULE -/* - * "1536-bit MODP Group" from RFC3526, Section 2. - * - * The prime is: 2^1536 - 2^1472 - 1 + 2^64 * { [2^1406 pi] + 741804 } - * - * RFC3526 specifies a generator of 2. - * RFC2412 specifies a generator of 22. - */ -static const BN_ULONG modp_1536_p[] = { - BN_DEF(0xFFFFFFFF, 0xFFFFFFFF), BN_DEF(0xCA237327, 0xF1746C08), - BN_DEF(0x4ABC9804, 0x670C354E), BN_DEF(0x7096966D, 0x9ED52907), - BN_DEF(0x208552BB, 0x1C62F356), BN_DEF(0xDCA3AD96, 0x83655D23), - BN_DEF(0xFD24CF5F, 0x69163FA8), BN_DEF(0x1C55D39A, 0x98DA4836), - BN_DEF(0xA163BF05, 0xC2007CB8), BN_DEF(0xECE45B3D, 0x49286651), - BN_DEF(0x7C4B1FE6, 0xAE9F2411), BN_DEF(0x5A899FA5, 0xEE386BFB), - BN_DEF(0xF406B7ED, 0x0BFF5CB6), BN_DEF(0xA637ED6B, 0xF44C42E9), - BN_DEF(0x625E7EC6, 0xE485B576), BN_DEF(0x6D51C245, 0x4FE1356D), - BN_DEF(0xF25F1437, 0x302B0A6D), BN_DEF(0xCD3A431B, 0xEF9519B3), - BN_DEF(0x8E3404DD, 0x514A0879), BN_DEF(0x3B139B22, 0x020BBEA6), - BN_DEF(0x8A67CC74, 0x29024E08), BN_DEF(0x80DC1CD1, 0xC4C6628B), - BN_DEF(0x2168C234, 0xC90FDAA2), BN_DEF(0xFFFFFFFF, 0xFFFFFFFF) -}; -/* q = (p - 1) / 2 */ -static const BN_ULONG modp_1536_q[] = { - BN_DEF(0xFFFFFFFF, 0xFFFFFFFF), BN_DEF(0x6511B993, 0x78BA3604), - BN_DEF(0x255E4C02, 0xB3861AA7), BN_DEF(0xB84B4B36, 0xCF6A9483), - BN_DEF(0x1042A95D, 0x0E3179AB), BN_DEF(0xEE51D6CB, 0xC1B2AE91), - BN_DEF(0x7E9267AF, 0x348B1FD4), BN_DEF(0x0E2AE9CD, 0xCC6D241B), - BN_DEF(0x50B1DF82, 0xE1003E5C), BN_DEF(0xF6722D9E, 0x24943328), - BN_DEF(0xBE258FF3, 0xD74F9208), BN_DEF(0xAD44CFD2, 0xF71C35FD), - BN_DEF(0x7A035BF6, 0x85FFAE5B), BN_DEF(0xD31BF6B5, 0x7A262174), - BN_DEF(0x312F3F63, 0xF242DABB), BN_DEF(0xB6A8E122, 0xA7F09AB6), - BN_DEF(0xF92F8A1B, 0x98158536), BN_DEF(0xE69D218D, 0xF7CA8CD9), - BN_DEF(0xC71A026E, 0x28A5043C), BN_DEF(0x1D89CD91, 0x0105DF53), - BN_DEF(0x4533E63A, 0x94812704), BN_DEF(0xC06E0E68, 0x62633145), - BN_DEF(0x10B4611A, 0xE487ED51), BN_DEF(0xFFFFFFFF, 0x7FFFFFFF) -}; -# endif /* FIPS_MODULE */ - -/*- - * "2048-bit MODP Group" from RFC3526, Section 3. - * - * The prime is: 2^2048 - 2^1984 - 1 + 2^64 * { [2^1918 pi] + 124476 } - * - * RFC3526 specifies a generator of 2. - */ -static const BN_ULONG modp_2048_p[] = { - BN_DEF(0xFFFFFFFF, 0xFFFFFFFF), BN_DEF(0x8AACAA68, 0x15728E5A), - BN_DEF(0x98FA0510, 0x15D22618), BN_DEF(0xEA956AE5, 0x3995497C), - BN_DEF(0x95581718, 0xDE2BCBF6), BN_DEF(0x6F4C52C9, 0xB5C55DF0), - BN_DEF(0xEC07A28F, 0x9B2783A2), BN_DEF(0x180E8603, 0xE39E772C), - BN_DEF(0x2E36CE3B, 0x32905E46), BN_DEF(0xCA18217C, 0xF1746C08), - BN_DEF(0x4ABC9804, 0x670C354E), BN_DEF(0x7096966D, 0x9ED52907), - BN_DEF(0x208552BB, 0x1C62F356), BN_DEF(0xDCA3AD96, 0x83655D23), - BN_DEF(0xFD24CF5F, 0x69163FA8), BN_DEF(0x1C55D39A, 0x98DA4836), - BN_DEF(0xA163BF05, 0xC2007CB8), BN_DEF(0xECE45B3D, 0x49286651), - BN_DEF(0x7C4B1FE6, 0xAE9F2411), BN_DEF(0x5A899FA5, 0xEE386BFB), - BN_DEF(0xF406B7ED, 0x0BFF5CB6), BN_DEF(0xA637ED6B, 0xF44C42E9), - BN_DEF(0x625E7EC6, 0xE485B576), BN_DEF(0x6D51C245, 0x4FE1356D), - BN_DEF(0xF25F1437, 0x302B0A6D), BN_DEF(0xCD3A431B, 0xEF9519B3), - BN_DEF(0x8E3404DD, 0x514A0879), BN_DEF(0x3B139B22, 0x020BBEA6), - BN_DEF(0x8A67CC74, 0x29024E08), BN_DEF(0x80DC1CD1, 0xC4C6628B), - BN_DEF(0x2168C234, 0xC90FDAA2), BN_DEF(0xFFFFFFFF, 0xFFFFFFFF) -}; -/* q = (p - 1) / 2 */ -static const BN_ULONG modp_2048_q[] = { - BN_DEF(0xFFFFFFFF, 0x7FFFFFFF), BN_DEF(0x45565534, 0x0AB9472D), - BN_DEF(0x4C7D0288, 0x8AE9130C), BN_DEF(0x754AB572, 0x1CCAA4BE), - BN_DEF(0x4AAC0B8C, 0xEF15E5FB), BN_DEF(0x37A62964, 0xDAE2AEF8), - BN_DEF(0x7603D147, 0xCD93C1D1), BN_DEF(0x0C074301, 0xF1CF3B96), - BN_DEF(0x171B671D, 0x19482F23), BN_DEF(0x650C10BE, 0x78BA3604), - BN_DEF(0x255E4C02, 0xB3861AA7), BN_DEF(0xB84B4B36, 0xCF6A9483), - BN_DEF(0x1042A95D, 0x0E3179AB), BN_DEF(0xEE51D6CB, 0xC1B2AE91), - BN_DEF(0x7E9267AF, 0x348B1FD4), BN_DEF(0x0E2AE9CD, 0xCC6D241B), - BN_DEF(0x50B1DF82, 0xE1003E5C), BN_DEF(0xF6722D9E, 0x24943328), - BN_DEF(0xBE258FF3, 0xD74F9208), BN_DEF(0xAD44CFD2, 0xF71C35FD), - BN_DEF(0x7A035BF6, 0x85FFAE5B), BN_DEF(0xD31BF6B5, 0x7A262174), - BN_DEF(0x312F3F63, 0xF242DABB), BN_DEF(0xB6A8E122, 0xA7F09AB6), - BN_DEF(0xF92F8A1B, 0x98158536), BN_DEF(0xE69D218D, 0xF7CA8CD9), - BN_DEF(0xC71A026E, 0x28A5043C), BN_DEF(0x1D89CD91, 0x0105DF53), - BN_DEF(0x4533E63A, 0x94812704), BN_DEF(0xC06E0E68, 0x62633145), - BN_DEF(0x10B4611A, 0xE487ED51), BN_DEF(0xFFFFFFFF, 0x7FFFFFFF), -}; - -/*- - * "3072-bit MODP Group" from RFC3526, Section 4. - * - * The prime is: 2^3072 - 2^3008 - 1 + 2^64 * { [2^2942 pi] + 1690314 } - * - * RFC3526 specifies a generator of 2. - */ -static const BN_ULONG modp_3072_p[] = { - BN_DEF(0xFFFFFFFF, 0xFFFFFFFF), BN_DEF(0xA93AD2CA, 0x4B82D120), - BN_DEF(0xE0FD108E, 0x43DB5BFC), BN_DEF(0x74E5AB31, 0x08E24FA0), - BN_DEF(0xBAD946E2, 0x770988C0), BN_DEF(0x7A615D6C, 0xBBE11757), - BN_DEF(0x177B200C, 0x521F2B18), BN_DEF(0x3EC86A64, 0xD8760273), - BN_DEF(0xD98A0864, 0xF12FFA06), BN_DEF(0x1AD2EE6B, 0xCEE3D226), - BN_DEF(0x4A25619D, 0x1E8C94E0), BN_DEF(0xDB0933D7, 0xABF5AE8C), - BN_DEF(0xA6E1E4C7, 0xB3970F85), BN_DEF(0x5D060C7D, 0x8AEA7157), - BN_DEF(0x58DBEF0A, 0xECFB8504), BN_DEF(0xDF1CBA64, 0xA85521AB), - BN_DEF(0x04507A33, 0xAD33170D), BN_DEF(0x8AAAC42D, 0x15728E5A), - BN_DEF(0x98FA0510, 0x15D22618), BN_DEF(0xEA956AE5, 0x3995497C), - BN_DEF(0x95581718, 0xDE2BCBF6), BN_DEF(0x6F4C52C9, 0xB5C55DF0), - BN_DEF(0xEC07A28F, 0x9B2783A2), BN_DEF(0x180E8603, 0xE39E772C), - BN_DEF(0x2E36CE3B, 0x32905E46), BN_DEF(0xCA18217C, 0xF1746C08), - BN_DEF(0x4ABC9804, 0x670C354E), BN_DEF(0x7096966D, 0x9ED52907), - BN_DEF(0x208552BB, 0x1C62F356), BN_DEF(0xDCA3AD96, 0x83655D23), - BN_DEF(0xFD24CF5F, 0x69163FA8), BN_DEF(0x1C55D39A, 0x98DA4836), - BN_DEF(0xA163BF05, 0xC2007CB8), BN_DEF(0xECE45B3D, 0x49286651), - BN_DEF(0x7C4B1FE6, 0xAE9F2411), BN_DEF(0x5A899FA5, 0xEE386BFB), - BN_DEF(0xF406B7ED, 0x0BFF5CB6), BN_DEF(0xA637ED6B, 0xF44C42E9), - BN_DEF(0x625E7EC6, 0xE485B576), BN_DEF(0x6D51C245, 0x4FE1356D), - BN_DEF(0xF25F1437, 0x302B0A6D), BN_DEF(0xCD3A431B, 0xEF9519B3), - BN_DEF(0x8E3404DD, 0x514A0879), BN_DEF(0x3B139B22, 0x020BBEA6), - BN_DEF(0x8A67CC74, 0x29024E08), BN_DEF(0x80DC1CD1, 0xC4C6628B), - BN_DEF(0x2168C234, 0xC90FDAA2), BN_DEF(0xFFFFFFFF, 0xFFFFFFFF) -}; -/* q = (p - 1) / 2 */ -static const BN_ULONG modp_3072_q[] = { - BN_DEF(0xFFFFFFFF, 0x7FFFFFFF), BN_DEF(0x549D6965, 0x25C16890), - BN_DEF(0x707E8847, 0xA1EDADFE), BN_DEF(0x3A72D598, 0x047127D0), - BN_DEF(0x5D6CA371, 0x3B84C460), BN_DEF(0xBD30AEB6, 0x5DF08BAB), - BN_DEF(0x0BBD9006, 0x290F958C), BN_DEF(0x9F643532, 0x6C3B0139), - BN_DEF(0x6CC50432, 0xF897FD03), BN_DEF(0x0D697735, 0xE771E913), - BN_DEF(0x2512B0CE, 0x8F464A70), BN_DEF(0x6D8499EB, 0xD5FAD746), - BN_DEF(0xD370F263, 0xD9CB87C2), BN_DEF(0xAE83063E, 0x457538AB), - BN_DEF(0x2C6DF785, 0x767DC282), BN_DEF(0xEF8E5D32, 0xD42A90D5), - BN_DEF(0x82283D19, 0xD6998B86), BN_DEF(0x45556216, 0x0AB9472D), - BN_DEF(0x4C7D0288, 0x8AE9130C), BN_DEF(0x754AB572, 0x1CCAA4BE), - BN_DEF(0x4AAC0B8C, 0xEF15E5FB), BN_DEF(0x37A62964, 0xDAE2AEF8), - BN_DEF(0x7603D147, 0xCD93C1D1), BN_DEF(0x0C074301, 0xF1CF3B96), - BN_DEF(0x171B671D, 0x19482F23), BN_DEF(0x650C10BE, 0x78BA3604), - BN_DEF(0x255E4C02, 0xB3861AA7), BN_DEF(0xB84B4B36, 0xCF6A9483), - BN_DEF(0x1042A95D, 0x0E3179AB), BN_DEF(0xEE51D6CB, 0xC1B2AE91), - BN_DEF(0x7E9267AF, 0x348B1FD4), BN_DEF(0x0E2AE9CD, 0xCC6D241B), - BN_DEF(0x50B1DF82, 0xE1003E5C), BN_DEF(0xF6722D9E, 0x24943328), - BN_DEF(0xBE258FF3, 0xD74F9208), BN_DEF(0xAD44CFD2, 0xF71C35FD), - BN_DEF(0x7A035BF6, 0x85FFAE5B), BN_DEF(0xD31BF6B5, 0x7A262174), - BN_DEF(0x312F3F63, 0xF242DABB), BN_DEF(0xB6A8E122, 0xA7F09AB6), - BN_DEF(0xF92F8A1B, 0x98158536), BN_DEF(0xE69D218D, 0xF7CA8CD9), - BN_DEF(0xC71A026E, 0x28A5043C), BN_DEF(0x1D89CD91, 0x0105DF53), - BN_DEF(0x4533E63A, 0x94812704), BN_DEF(0xC06E0E68, 0x62633145), - BN_DEF(0x10B4611A, 0xE487ED51), BN_DEF(0xFFFFFFFF, 0x7FFFFFFF), -}; - -/*- - * "4096-bit MODP Group" from RFC3526, Section 5. - * - * The prime is: 2^4096 - 2^4032 - 1 + 2^64 * { [2^3966 pi] + 240904 } - * - * RFC3526 specifies a generator of 2. - */ -static const BN_ULONG modp_4096_p[] = { - BN_DEF(0xFFFFFFFF, 0xFFFFFFFF), BN_DEF(0x34063199, 0x4DF435C9), - BN_DEF(0x90A6C08F, 0x86FFB7DC), BN_DEF(0x8D8FDDC1, 0x93B4EA98), - BN_DEF(0xD5B05AA9, 0xD0069127), BN_DEF(0x2170481C, 0xB81BDD76), - BN_DEF(0xCEE2D7AF, 0x1F612970), BN_DEF(0x515BE7ED, 0x233BA186), - BN_DEF(0xA090C3A2, 0x99B2964F), BN_DEF(0x4E6BC05D, 0x287C5947), - BN_DEF(0x1FBECAA6, 0x2E8EFC14), BN_DEF(0x04DE8EF9, 0xDBBBC2DB), - BN_DEF(0x2AD44CE8, 0x2583E9CA), BN_DEF(0xB6150BDA, 0x1A946834), - BN_DEF(0x6AF4E23C, 0x99C32718), BN_DEF(0xBDBA5B26, 0x88719A10), - BN_DEF(0xA787E6D7, 0x1A723C12), BN_DEF(0xA9210801, 0x4B82D120), - BN_DEF(0xE0FD108E, 0x43DB5BFC), BN_DEF(0x74E5AB31, 0x08E24FA0), - BN_DEF(0xBAD946E2, 0x770988C0), BN_DEF(0x7A615D6C, 0xBBE11757), - BN_DEF(0x177B200C, 0x521F2B18), BN_DEF(0x3EC86A64, 0xD8760273), - BN_DEF(0xD98A0864, 0xF12FFA06), BN_DEF(0x1AD2EE6B, 0xCEE3D226), - BN_DEF(0x4A25619D, 0x1E8C94E0), BN_DEF(0xDB0933D7, 0xABF5AE8C), - BN_DEF(0xA6E1E4C7, 0xB3970F85), BN_DEF(0x5D060C7D, 0x8AEA7157), - BN_DEF(0x58DBEF0A, 0xECFB8504), BN_DEF(0xDF1CBA64, 0xA85521AB), - BN_DEF(0x04507A33, 0xAD33170D), BN_DEF(0x8AAAC42D, 0x15728E5A), - BN_DEF(0x98FA0510, 0x15D22618), BN_DEF(0xEA956AE5, 0x3995497C), - BN_DEF(0x95581718, 0xDE2BCBF6), BN_DEF(0x6F4C52C9, 0xB5C55DF0), - BN_DEF(0xEC07A28F, 0x9B2783A2), BN_DEF(0x180E8603, 0xE39E772C), - BN_DEF(0x2E36CE3B, 0x32905E46), BN_DEF(0xCA18217C, 0xF1746C08), - BN_DEF(0x4ABC9804, 0x670C354E), BN_DEF(0x7096966D, 0x9ED52907), - BN_DEF(0x208552BB, 0x1C62F356), BN_DEF(0xDCA3AD96, 0x83655D23), - BN_DEF(0xFD24CF5F, 0x69163FA8), BN_DEF(0x1C55D39A, 0x98DA4836), - BN_DEF(0xA163BF05, 0xC2007CB8), BN_DEF(0xECE45B3D, 0x49286651), - BN_DEF(0x7C4B1FE6, 0xAE9F2411), BN_DEF(0x5A899FA5, 0xEE386BFB), - BN_DEF(0xF406B7ED, 0x0BFF5CB6), BN_DEF(0xA637ED6B, 0xF44C42E9), - BN_DEF(0x625E7EC6, 0xE485B576), BN_DEF(0x6D51C245, 0x4FE1356D), - BN_DEF(0xF25F1437, 0x302B0A6D), BN_DEF(0xCD3A431B, 0xEF9519B3), - BN_DEF(0x8E3404DD, 0x514A0879), BN_DEF(0x3B139B22, 0x020BBEA6), - BN_DEF(0x8A67CC74, 0x29024E08), BN_DEF(0x80DC1CD1, 0xC4C6628B), - BN_DEF(0x2168C234, 0xC90FDAA2), BN_DEF(0xFFFFFFFF, 0xFFFFFFFF) -}; -/* q = (p - 1) / 2 */ -static const BN_ULONG modp_4096_q[] = { - BN_DEF(0xFFFFFFFF, 0xFFFFFFFF), BN_DEF(0x9A0318CC, 0xA6FA1AE4), - BN_DEF(0x48536047, 0xC37FDBEE), BN_DEF(0x46C7EEE0, 0xC9DA754C), - BN_DEF(0xEAD82D54, 0x68034893), BN_DEF(0x10B8240E, 0xDC0DEEBB), - BN_DEF(0x67716BD7, 0x8FB094B8), BN_DEF(0x28ADF3F6, 0x119DD0C3), - BN_DEF(0xD04861D1, 0xCCD94B27), BN_DEF(0xA735E02E, 0x143E2CA3), - BN_DEF(0x0FDF6553, 0x97477E0A), BN_DEF(0x826F477C, 0x6DDDE16D), - BN_DEF(0x156A2674, 0x12C1F4E5), BN_DEF(0x5B0A85ED, 0x0D4A341A), - BN_DEF(0x357A711E, 0x4CE1938C), BN_DEF(0x5EDD2D93, 0xC438CD08), - BN_DEF(0x53C3F36B, 0x8D391E09), BN_DEF(0x54908400, 0x25C16890), - BN_DEF(0x707E8847, 0xA1EDADFE), BN_DEF(0x3A72D598, 0x047127D0), - BN_DEF(0x5D6CA371, 0x3B84C460), BN_DEF(0xBD30AEB6, 0x5DF08BAB), - BN_DEF(0x0BBD9006, 0x290F958C), BN_DEF(0x9F643532, 0x6C3B0139), - BN_DEF(0x6CC50432, 0xF897FD03), BN_DEF(0x0D697735, 0xE771E913), - BN_DEF(0x2512B0CE, 0x8F464A70), BN_DEF(0x6D8499EB, 0xD5FAD746), - BN_DEF(0xD370F263, 0xD9CB87C2), BN_DEF(0xAE83063E, 0x457538AB), - BN_DEF(0x2C6DF785, 0x767DC282), BN_DEF(0xEF8E5D32, 0xD42A90D5), - BN_DEF(0x82283D19, 0xD6998B86), BN_DEF(0x45556216, 0x0AB9472D), - BN_DEF(0x4C7D0288, 0x8AE9130C), BN_DEF(0x754AB572, 0x1CCAA4BE), - BN_DEF(0x4AAC0B8C, 0xEF15E5FB), BN_DEF(0x37A62964, 0xDAE2AEF8), - BN_DEF(0x7603D147, 0xCD93C1D1), BN_DEF(0x0C074301, 0xF1CF3B96), - BN_DEF(0x171B671D, 0x19482F23), BN_DEF(0x650C10BE, 0x78BA3604), - BN_DEF(0x255E4C02, 0xB3861AA7), BN_DEF(0xB84B4B36, 0xCF6A9483), - BN_DEF(0x1042A95D, 0x0E3179AB), BN_DEF(0xEE51D6CB, 0xC1B2AE91), - BN_DEF(0x7E9267AF, 0x348B1FD4), BN_DEF(0x0E2AE9CD, 0xCC6D241B), - BN_DEF(0x50B1DF82, 0xE1003E5C), BN_DEF(0xF6722D9E, 0x24943328), - BN_DEF(0xBE258FF3, 0xD74F9208), BN_DEF(0xAD44CFD2, 0xF71C35FD), - BN_DEF(0x7A035BF6, 0x85FFAE5B), BN_DEF(0xD31BF6B5, 0x7A262174), - BN_DEF(0x312F3F63, 0xF242DABB), BN_DEF(0xB6A8E122, 0xA7F09AB6), - BN_DEF(0xF92F8A1B, 0x98158536), BN_DEF(0xE69D218D, 0xF7CA8CD9), - BN_DEF(0xC71A026E, 0x28A5043C), BN_DEF(0x1D89CD91, 0x0105DF53), - BN_DEF(0x4533E63A, 0x94812704), BN_DEF(0xC06E0E68, 0x62633145), - BN_DEF(0x10B4611A, 0xE487ED51), BN_DEF(0xFFFFFFFF, 0x7FFFFFFF), -}; - -/*- - * "6144-bit MODP Group" from RFC3526, Section 6. - * - * The prime is: 2^6144 - 2^6080 - 1 + 2^64 * { [2^6014 pi] + 929484 } - * - * RFC3526 specifies a generator of 2. - */ -static const BN_ULONG modp_6144_p[] = { - BN_DEF(0xFFFFFFFF, 0xFFFFFFFF), BN_DEF(0x6DCC4024, 0xE694F91E), - BN_DEF(0x0B7474D6, 0x12BF2D5B), BN_DEF(0x3F4860EE, 0x043E8F66), - BN_DEF(0x6E3C0468, 0x387FE8D7), BN_DEF(0x2EF29632, 0xDA56C9EC), - BN_DEF(0xA313D55C, 0xEB19CCB1), BN_DEF(0x8A1FBFF0, 0xF550AA3D), - BN_DEF(0xB7C5DA76, 0x06A1D58B), BN_DEF(0xF29BE328, 0xA79715EE), - BN_DEF(0x0F8037E0, 0x14CC5ED2), BN_DEF(0xBF48E1D8, 0xCC8F6D7E), - BN_DEF(0x2B4154AA, 0x4BD407B2), BN_DEF(0xFF585AC5, 0x0F1D45B7), - BN_DEF(0x36CC88BE, 0x23A97A7E), BN_DEF(0xBEC7E8F3, 0x59E7C97F), - BN_DEF(0x900B1C9E, 0xB5A84031), BN_DEF(0x46980C82, 0xD55E702F), - BN_DEF(0x6E74FEF6, 0xF482D7CE), BN_DEF(0xD1721D03, 0xF032EA15), - BN_DEF(0xC64B92EC, 0x5983CA01), BN_DEF(0x378CD2BF, 0x6FB8F401), - BN_DEF(0x2BD7AF42, 0x33205151), BN_DEF(0xE6CC254B, 0xDB7F1447), - BN_DEF(0xCED4BB1B, 0x44CE6CBA), BN_DEF(0xCF9B14ED, 0xDA3EDBEB), - BN_DEF(0x865A8918, 0x179727B0), BN_DEF(0x9027D831, 0xB06A53ED), - BN_DEF(0x413001AE, 0xE5DB382F), BN_DEF(0xAD9E530E, 0xF8FF9406), - BN_DEF(0x3DBA37BD, 0xC9751E76), BN_DEF(0x602646DE, 0xC1D4DCB2), - BN_DEF(0xD27C7026, 0x36C3FAB4), BN_DEF(0x34028492, 0x4DF435C9), - BN_DEF(0x90A6C08F, 0x86FFB7DC), BN_DEF(0x8D8FDDC1, 0x93B4EA98), - BN_DEF(0xD5B05AA9, 0xD0069127), BN_DEF(0x2170481C, 0xB81BDD76), - BN_DEF(0xCEE2D7AF, 0x1F612970), BN_DEF(0x515BE7ED, 0x233BA186), - BN_DEF(0xA090C3A2, 0x99B2964F), BN_DEF(0x4E6BC05D, 0x287C5947), - BN_DEF(0x1FBECAA6, 0x2E8EFC14), BN_DEF(0x04DE8EF9, 0xDBBBC2DB), - BN_DEF(0x2AD44CE8, 0x2583E9CA), BN_DEF(0xB6150BDA, 0x1A946834), - BN_DEF(0x6AF4E23C, 0x99C32718), BN_DEF(0xBDBA5B26, 0x88719A10), - BN_DEF(0xA787E6D7, 0x1A723C12), BN_DEF(0xA9210801, 0x4B82D120), - BN_DEF(0xE0FD108E, 0x43DB5BFC), BN_DEF(0x74E5AB31, 0x08E24FA0), - BN_DEF(0xBAD946E2, 0x770988C0), BN_DEF(0x7A615D6C, 0xBBE11757), - BN_DEF(0x177B200C, 0x521F2B18), BN_DEF(0x3EC86A64, 0xD8760273), - BN_DEF(0xD98A0864, 0xF12FFA06), BN_DEF(0x1AD2EE6B, 0xCEE3D226), - BN_DEF(0x4A25619D, 0x1E8C94E0), BN_DEF(0xDB0933D7, 0xABF5AE8C), - BN_DEF(0xA6E1E4C7, 0xB3970F85), BN_DEF(0x5D060C7D, 0x8AEA7157), - BN_DEF(0x58DBEF0A, 0xECFB8504), BN_DEF(0xDF1CBA64, 0xA85521AB), - BN_DEF(0x04507A33, 0xAD33170D), BN_DEF(0x8AAAC42D, 0x15728E5A), - BN_DEF(0x98FA0510, 0x15D22618), BN_DEF(0xEA956AE5, 0x3995497C), - BN_DEF(0x95581718, 0xDE2BCBF6), BN_DEF(0x6F4C52C9, 0xB5C55DF0), - BN_DEF(0xEC07A28F, 0x9B2783A2), BN_DEF(0x180E8603, 0xE39E772C), - BN_DEF(0x2E36CE3B, 0x32905E46), BN_DEF(0xCA18217C, 0xF1746C08), - BN_DEF(0x4ABC9804, 0x670C354E), BN_DEF(0x7096966D, 0x9ED52907), - BN_DEF(0x208552BB, 0x1C62F356), BN_DEF(0xDCA3AD96, 0x83655D23), - BN_DEF(0xFD24CF5F, 0x69163FA8), BN_DEF(0x1C55D39A, 0x98DA4836), - BN_DEF(0xA163BF05, 0xC2007CB8), BN_DEF(0xECE45B3D, 0x49286651), - BN_DEF(0x7C4B1FE6, 0xAE9F2411), BN_DEF(0x5A899FA5, 0xEE386BFB), - BN_DEF(0xF406B7ED, 0x0BFF5CB6), BN_DEF(0xA637ED6B, 0xF44C42E9), - BN_DEF(0x625E7EC6, 0xE485B576), BN_DEF(0x6D51C245, 0x4FE1356D), - BN_DEF(0xF25F1437, 0x302B0A6D), BN_DEF(0xCD3A431B, 0xEF9519B3), - BN_DEF(0x8E3404DD, 0x514A0879), BN_DEF(0x3B139B22, 0x020BBEA6), - BN_DEF(0x8A67CC74, 0x29024E08), BN_DEF(0x80DC1CD1, 0xC4C6628B), - BN_DEF(0x2168C234, 0xC90FDAA2), BN_DEF(0xFFFFFFFF, 0xFFFFFFFF) -}; -/* q = (p - 1) / 2 */ -static const BN_ULONG modp_6144_q[] = { - BN_DEF(0xFFFFFFFF, 0x7FFFFFFF), BN_DEF(0x36E62012, 0x734A7C8F), - BN_DEF(0x85BA3A6B, 0x095F96AD), BN_DEF(0x1FA43077, 0x021F47B3), - BN_DEF(0xB71E0234, 0x1C3FF46B), BN_DEF(0x17794B19, 0x6D2B64F6), - BN_DEF(0xD189EAAE, 0x758CE658), BN_DEF(0xC50FDFF8, 0x7AA8551E), - BN_DEF(0xDBE2ED3B, 0x0350EAC5), BN_DEF(0x794DF194, 0x53CB8AF7), - BN_DEF(0x07C01BF0, 0x0A662F69), BN_DEF(0x5FA470EC, 0x6647B6BF), - BN_DEF(0x15A0AA55, 0xA5EA03D9), BN_DEF(0xFFAC2D62, 0x078EA2DB), - BN_DEF(0x1B66445F, 0x91D4BD3F), BN_DEF(0xDF63F479, 0x2CF3E4BF), - BN_DEF(0xC8058E4F, 0x5AD42018), BN_DEF(0xA34C0641, 0x6AAF3817), - BN_DEF(0x373A7F7B, 0xFA416BE7), BN_DEF(0xE8B90E81, 0x7819750A), - BN_DEF(0xE325C976, 0xACC1E500), BN_DEF(0x9BC6695F, 0x37DC7A00), - BN_DEF(0x95EBD7A1, 0x999028A8), BN_DEF(0xF36612A5, 0xEDBF8A23), - BN_DEF(0x676A5D8D, 0xA267365D), BN_DEF(0xE7CD8A76, 0x6D1F6DF5), - BN_DEF(0x432D448C, 0x8BCB93D8), BN_DEF(0xC813EC18, 0x583529F6), - BN_DEF(0xA09800D7, 0x72ED9C17), BN_DEF(0x56CF2987, 0xFC7FCA03), - BN_DEF(0x1EDD1BDE, 0x64BA8F3B), BN_DEF(0x3013236F, 0x60EA6E59), - BN_DEF(0x693E3813, 0x1B61FD5A), BN_DEF(0x9A014249, 0xA6FA1AE4), - BN_DEF(0x48536047, 0xC37FDBEE), BN_DEF(0x46C7EEE0, 0xC9DA754C), - BN_DEF(0xEAD82D54, 0x68034893), BN_DEF(0x10B8240E, 0xDC0DEEBB), - BN_DEF(0x67716BD7, 0x8FB094B8), BN_DEF(0x28ADF3F6, 0x119DD0C3), - BN_DEF(0xD04861D1, 0xCCD94B27), BN_DEF(0xA735E02E, 0x143E2CA3), - BN_DEF(0x0FDF6553, 0x97477E0A), BN_DEF(0x826F477C, 0x6DDDE16D), - BN_DEF(0x156A2674, 0x12C1F4E5), BN_DEF(0x5B0A85ED, 0x0D4A341A), - BN_DEF(0x357A711E, 0x4CE1938C), BN_DEF(0x5EDD2D93, 0xC438CD08), - BN_DEF(0x53C3F36B, 0x8D391E09), BN_DEF(0x54908400, 0x25C16890), - BN_DEF(0x707E8847, 0xA1EDADFE), BN_DEF(0x3A72D598, 0x047127D0), - BN_DEF(0x5D6CA371, 0x3B84C460), BN_DEF(0xBD30AEB6, 0x5DF08BAB), - BN_DEF(0x0BBD9006, 0x290F958C), BN_DEF(0x9F643532, 0x6C3B0139), - BN_DEF(0x6CC50432, 0xF897FD03), BN_DEF(0x0D697735, 0xE771E913), - BN_DEF(0x2512B0CE, 0x8F464A70), BN_DEF(0x6D8499EB, 0xD5FAD746), - BN_DEF(0xD370F263, 0xD9CB87C2), BN_DEF(0xAE83063E, 0x457538AB), - BN_DEF(0x2C6DF785, 0x767DC282), BN_DEF(0xEF8E5D32, 0xD42A90D5), - BN_DEF(0x82283D19, 0xD6998B86), BN_DEF(0x45556216, 0x0AB9472D), - BN_DEF(0x4C7D0288, 0x8AE9130C), BN_DEF(0x754AB572, 0x1CCAA4BE), - BN_DEF(0x4AAC0B8C, 0xEF15E5FB), BN_DEF(0x37A62964, 0xDAE2AEF8), - BN_DEF(0x7603D147, 0xCD93C1D1), BN_DEF(0x0C074301, 0xF1CF3B96), - BN_DEF(0x171B671D, 0x19482F23), BN_DEF(0x650C10BE, 0x78BA3604), - BN_DEF(0x255E4C02, 0xB3861AA7), BN_DEF(0xB84B4B36, 0xCF6A9483), - BN_DEF(0x1042A95D, 0x0E3179AB), BN_DEF(0xEE51D6CB, 0xC1B2AE91), - BN_DEF(0x7E9267AF, 0x348B1FD4), BN_DEF(0x0E2AE9CD, 0xCC6D241B), - BN_DEF(0x50B1DF82, 0xE1003E5C), BN_DEF(0xF6722D9E, 0x24943328), - BN_DEF(0xBE258FF3, 0xD74F9208), BN_DEF(0xAD44CFD2, 0xF71C35FD), - BN_DEF(0x7A035BF6, 0x85FFAE5B), BN_DEF(0xD31BF6B5, 0x7A262174), - BN_DEF(0x312F3F63, 0xF242DABB), BN_DEF(0xB6A8E122, 0xA7F09AB6), - BN_DEF(0xF92F8A1B, 0x98158536), BN_DEF(0xE69D218D, 0xF7CA8CD9), - BN_DEF(0xC71A026E, 0x28A5043C), BN_DEF(0x1D89CD91, 0x0105DF53), - BN_DEF(0x4533E63A, 0x94812704), BN_DEF(0xC06E0E68, 0x62633145), - BN_DEF(0x10B4611A, 0xE487ED51), BN_DEF(0xFFFFFFFF, 0x7FFFFFFF), -}; - -/* - * "8192-bit MODP Group" from RFC3526, Section 7. - * - * The prime is: 2^8192 - 2^8128 - 1 + 2^64 * { [2^8062 pi] + 4743158 } - * - * RFC3526 specifies a generator of 2. - */ -static const BN_ULONG modp_8192_p[] = { - BN_DEF(0xFFFFFFFF, 0xFFFFFFFF), BN_DEF(0x98EDD3DF, 0x60C980DD), - BN_DEF(0x80B96E71, 0xC81F56E8), BN_DEF(0x765694DF, 0x9E3050E2), - BN_DEF(0x5677E9AA, 0x9558E447), BN_DEF(0xFC026E47, 0xC9190DA6), - BN_DEF(0xD5EE382B, 0x889A002E), BN_DEF(0x481C6CD7, 0x4009438B), - BN_DEF(0xEB879F92, 0x359046F4), BN_DEF(0x1ECFA268, 0xFAF36BC3), - BN_DEF(0x7EE74D73, 0xB1D510BD), BN_DEF(0x5DED7EA1, 0xF9AB4819), - BN_DEF(0x0846851D, 0x64F31CC5), BN_DEF(0xA0255DC1, 0x4597E899), - BN_DEF(0x74AB6A36, 0xDF310EE0), BN_DEF(0x3F44F82D, 0x6D2A13F8), - BN_DEF(0xB3A278A6, 0x062B3CF5), BN_DEF(0xED5BDD3A, 0x79683303), - BN_DEF(0xA2C087E8, 0xFA9D4B7F), BN_DEF(0x2F8385DD, 0x4BCBC886), - BN_DEF(0x6CEA306B, 0x3473FC64), BN_DEF(0x1A23F0C7, 0x13EB57A8), - BN_DEF(0xA4037C07, 0x22222E04), BN_DEF(0xFC848AD9, 0xE3FDB8BE), - BN_DEF(0xE39D652D, 0x238F16CB), BN_DEF(0x2BF1C978, 0x3423B474), - BN_DEF(0x5AE4F568, 0x3AAB639C), BN_DEF(0x6BA42466, 0x2576F693), - BN_DEF(0x8AFC47ED, 0x741FA7BF), BN_DEF(0x8D9DD300, 0x3BC832B6), - BN_DEF(0x73B931BA, 0xD8BEC4D0), BN_DEF(0xA932DF8C, 0x38777CB6), - BN_DEF(0x12FEE5E4, 0x74A3926F), BN_DEF(0x6DBE1159, 0xE694F91E), - BN_DEF(0x0B7474D6, 0x12BF2D5B), BN_DEF(0x3F4860EE, 0x043E8F66), - BN_DEF(0x6E3C0468, 0x387FE8D7), BN_DEF(0x2EF29632, 0xDA56C9EC), - BN_DEF(0xA313D55C, 0xEB19CCB1), BN_DEF(0x8A1FBFF0, 0xF550AA3D), - BN_DEF(0xB7C5DA76, 0x06A1D58B), BN_DEF(0xF29BE328, 0xA79715EE), - BN_DEF(0x0F8037E0, 0x14CC5ED2), BN_DEF(0xBF48E1D8, 0xCC8F6D7E), - BN_DEF(0x2B4154AA, 0x4BD407B2), BN_DEF(0xFF585AC5, 0x0F1D45B7), - BN_DEF(0x36CC88BE, 0x23A97A7E), BN_DEF(0xBEC7E8F3, 0x59E7C97F), - BN_DEF(0x900B1C9E, 0xB5A84031), BN_DEF(0x46980C82, 0xD55E702F), - BN_DEF(0x6E74FEF6, 0xF482D7CE), BN_DEF(0xD1721D03, 0xF032EA15), - BN_DEF(0xC64B92EC, 0x5983CA01), BN_DEF(0x378CD2BF, 0x6FB8F401), - BN_DEF(0x2BD7AF42, 0x33205151), BN_DEF(0xE6CC254B, 0xDB7F1447), - BN_DEF(0xCED4BB1B, 0x44CE6CBA), BN_DEF(0xCF9B14ED, 0xDA3EDBEB), - BN_DEF(0x865A8918, 0x179727B0), BN_DEF(0x9027D831, 0xB06A53ED), - BN_DEF(0x413001AE, 0xE5DB382F), BN_DEF(0xAD9E530E, 0xF8FF9406), - BN_DEF(0x3DBA37BD, 0xC9751E76), BN_DEF(0x602646DE, 0xC1D4DCB2), - BN_DEF(0xD27C7026, 0x36C3FAB4), BN_DEF(0x34028492, 0x4DF435C9), - BN_DEF(0x90A6C08F, 0x86FFB7DC), BN_DEF(0x8D8FDDC1, 0x93B4EA98), - BN_DEF(0xD5B05AA9, 0xD0069127), BN_DEF(0x2170481C, 0xB81BDD76), - BN_DEF(0xCEE2D7AF, 0x1F612970), BN_DEF(0x515BE7ED, 0x233BA186), - BN_DEF(0xA090C3A2, 0x99B2964F), BN_DEF(0x4E6BC05D, 0x287C5947), - BN_DEF(0x1FBECAA6, 0x2E8EFC14), BN_DEF(0x04DE8EF9, 0xDBBBC2DB), - BN_DEF(0x2AD44CE8, 0x2583E9CA), BN_DEF(0xB6150BDA, 0x1A946834), - BN_DEF(0x6AF4E23C, 0x99C32718), BN_DEF(0xBDBA5B26, 0x88719A10), - BN_DEF(0xA787E6D7, 0x1A723C12), BN_DEF(0xA9210801, 0x4B82D120), - BN_DEF(0xE0FD108E, 0x43DB5BFC), BN_DEF(0x74E5AB31, 0x08E24FA0), - BN_DEF(0xBAD946E2, 0x770988C0), BN_DEF(0x7A615D6C, 0xBBE11757), - BN_DEF(0x177B200C, 0x521F2B18), BN_DEF(0x3EC86A64, 0xD8760273), - BN_DEF(0xD98A0864, 0xF12FFA06), BN_DEF(0x1AD2EE6B, 0xCEE3D226), - BN_DEF(0x4A25619D, 0x1E8C94E0), BN_DEF(0xDB0933D7, 0xABF5AE8C), - BN_DEF(0xA6E1E4C7, 0xB3970F85), BN_DEF(0x5D060C7D, 0x8AEA7157), - BN_DEF(0x58DBEF0A, 0xECFB8504), BN_DEF(0xDF1CBA64, 0xA85521AB), - BN_DEF(0x04507A33, 0xAD33170D), BN_DEF(0x8AAAC42D, 0x15728E5A), - BN_DEF(0x98FA0510, 0x15D22618), BN_DEF(0xEA956AE5, 0x3995497C), - BN_DEF(0x95581718, 0xDE2BCBF6), BN_DEF(0x6F4C52C9, 0xB5C55DF0), - BN_DEF(0xEC07A28F, 0x9B2783A2), BN_DEF(0x180E8603, 0xE39E772C), - BN_DEF(0x2E36CE3B, 0x32905E46), BN_DEF(0xCA18217C, 0xF1746C08), - BN_DEF(0x4ABC9804, 0x670C354E), BN_DEF(0x7096966D, 0x9ED52907), - BN_DEF(0x208552BB, 0x1C62F356), BN_DEF(0xDCA3AD96, 0x83655D23), - BN_DEF(0xFD24CF5F, 0x69163FA8), BN_DEF(0x1C55D39A, 0x98DA4836), - BN_DEF(0xA163BF05, 0xC2007CB8), BN_DEF(0xECE45B3D, 0x49286651), - BN_DEF(0x7C4B1FE6, 0xAE9F2411), BN_DEF(0x5A899FA5, 0xEE386BFB), - BN_DEF(0xF406B7ED, 0x0BFF5CB6), BN_DEF(0xA637ED6B, 0xF44C42E9), - BN_DEF(0x625E7EC6, 0xE485B576), BN_DEF(0x6D51C245, 0x4FE1356D), - BN_DEF(0xF25F1437, 0x302B0A6D), BN_DEF(0xCD3A431B, 0xEF9519B3), - BN_DEF(0x8E3404DD, 0x514A0879), BN_DEF(0x3B139B22, 0x020BBEA6), - BN_DEF(0x8A67CC74, 0x29024E08), BN_DEF(0x80DC1CD1, 0xC4C6628B), - BN_DEF(0x2168C234, 0xC90FDAA2), BN_DEF(0xFFFFFFFF, 0xFFFFFFFF) -}; -/* q = (p - 1) / 2 */ -static const BN_ULONG modp_8192_q[] = { - BN_DEF(0xFFFFFFFF, 0xFFFFFFFF), BN_DEF(0xCC76E9EF, 0xB064C06E), - BN_DEF(0x405CB738, 0xE40FAB74), BN_DEF(0x3B2B4A6F, 0x4F182871), - BN_DEF(0xAB3BF4D5, 0xCAAC7223), BN_DEF(0x7E013723, 0xE48C86D3), - BN_DEF(0x6AF71C15, 0xC44D0017), BN_DEF(0xA40E366B, 0x2004A1C5), - BN_DEF(0x75C3CFC9, 0x1AC8237A), BN_DEF(0x8F67D134, 0xFD79B5E1), - BN_DEF(0xBF73A6B9, 0xD8EA885E), BN_DEF(0xAEF6BF50, 0xFCD5A40C), - BN_DEF(0x8423428E, 0xB2798E62), BN_DEF(0xD012AEE0, 0x22CBF44C), - BN_DEF(0x3A55B51B, 0xEF988770), BN_DEF(0x1FA27C16, 0x369509FC), - BN_DEF(0xD9D13C53, 0x03159E7A), BN_DEF(0xF6ADEE9D, 0x3CB41981), - BN_DEF(0xD16043F4, 0xFD4EA5BF), BN_DEF(0x17C1C2EE, 0xA5E5E443), - BN_DEF(0x36751835, 0x9A39FE32), BN_DEF(0x0D11F863, 0x89F5ABD4), - BN_DEF(0x5201BE03, 0x91111702), BN_DEF(0x7E42456C, 0xF1FEDC5F), - BN_DEF(0xF1CEB296, 0x11C78B65), BN_DEF(0x15F8E4BC, 0x1A11DA3A), - BN_DEF(0x2D727AB4, 0x1D55B1CE), BN_DEF(0xB5D21233, 0x92BB7B49), - BN_DEF(0xC57E23F6, 0x3A0FD3DF), BN_DEF(0x46CEE980, 0x1DE4195B), - BN_DEF(0x39DC98DD, 0x6C5F6268), BN_DEF(0x54996FC6, 0x1C3BBE5B), - BN_DEF(0x897F72F2, 0xBA51C937), BN_DEF(0x36DF08AC, 0x734A7C8F), - BN_DEF(0x85BA3A6B, 0x095F96AD), BN_DEF(0x1FA43077, 0x021F47B3), - BN_DEF(0xB71E0234, 0x1C3FF46B), BN_DEF(0x17794B19, 0x6D2B64F6), - BN_DEF(0xD189EAAE, 0x758CE658), BN_DEF(0xC50FDFF8, 0x7AA8551E), - BN_DEF(0xDBE2ED3B, 0x0350EAC5), BN_DEF(0x794DF194, 0x53CB8AF7), - BN_DEF(0x07C01BF0, 0x0A662F69), BN_DEF(0x5FA470EC, 0x6647B6BF), - BN_DEF(0x15A0AA55, 0xA5EA03D9), BN_DEF(0xFFAC2D62, 0x078EA2DB), - BN_DEF(0x1B66445F, 0x91D4BD3F), BN_DEF(0xDF63F479, 0x2CF3E4BF), - BN_DEF(0xC8058E4F, 0x5AD42018), BN_DEF(0xA34C0641, 0x6AAF3817), - BN_DEF(0x373A7F7B, 0xFA416BE7), BN_DEF(0xE8B90E81, 0x7819750A), - BN_DEF(0xE325C976, 0xACC1E500), BN_DEF(0x9BC6695F, 0x37DC7A00), - BN_DEF(0x95EBD7A1, 0x999028A8), BN_DEF(0xF36612A5, 0xEDBF8A23), - BN_DEF(0x676A5D8D, 0xA267365D), BN_DEF(0xE7CD8A76, 0x6D1F6DF5), - BN_DEF(0x432D448C, 0x8BCB93D8), BN_DEF(0xC813EC18, 0x583529F6), - BN_DEF(0xA09800D7, 0x72ED9C17), BN_DEF(0x56CF2987, 0xFC7FCA03), - BN_DEF(0x1EDD1BDE, 0x64BA8F3B), BN_DEF(0x3013236F, 0x60EA6E59), - BN_DEF(0x693E3813, 0x1B61FD5A), BN_DEF(0x9A014249, 0xA6FA1AE4), - BN_DEF(0x48536047, 0xC37FDBEE), BN_DEF(0x46C7EEE0, 0xC9DA754C), - BN_DEF(0xEAD82D54, 0x68034893), BN_DEF(0x10B8240E, 0xDC0DEEBB), - BN_DEF(0x67716BD7, 0x8FB094B8), BN_DEF(0x28ADF3F6, 0x119DD0C3), - BN_DEF(0xD04861D1, 0xCCD94B27), BN_DEF(0xA735E02E, 0x143E2CA3), - BN_DEF(0x0FDF6553, 0x97477E0A), BN_DEF(0x826F477C, 0x6DDDE16D), - BN_DEF(0x156A2674, 0x12C1F4E5), BN_DEF(0x5B0A85ED, 0x0D4A341A), - BN_DEF(0x357A711E, 0x4CE1938C), BN_DEF(0x5EDD2D93, 0xC438CD08), - BN_DEF(0x53C3F36B, 0x8D391E09), BN_DEF(0x54908400, 0x25C16890), - BN_DEF(0x707E8847, 0xA1EDADFE), BN_DEF(0x3A72D598, 0x047127D0), - BN_DEF(0x5D6CA371, 0x3B84C460), BN_DEF(0xBD30AEB6, 0x5DF08BAB), - BN_DEF(0x0BBD9006, 0x290F958C), BN_DEF(0x9F643532, 0x6C3B0139), - BN_DEF(0x6CC50432, 0xF897FD03), BN_DEF(0x0D697735, 0xE771E913), - BN_DEF(0x2512B0CE, 0x8F464A70), BN_DEF(0x6D8499EB, 0xD5FAD746), - BN_DEF(0xD370F263, 0xD9CB87C2), BN_DEF(0xAE83063E, 0x457538AB), - BN_DEF(0x2C6DF785, 0x767DC282), BN_DEF(0xEF8E5D32, 0xD42A90D5), - BN_DEF(0x82283D19, 0xD6998B86), BN_DEF(0x45556216, 0x0AB9472D), - BN_DEF(0x4C7D0288, 0x8AE9130C), BN_DEF(0x754AB572, 0x1CCAA4BE), - BN_DEF(0x4AAC0B8C, 0xEF15E5FB), BN_DEF(0x37A62964, 0xDAE2AEF8), - BN_DEF(0x7603D147, 0xCD93C1D1), BN_DEF(0x0C074301, 0xF1CF3B96), - BN_DEF(0x171B671D, 0x19482F23), BN_DEF(0x650C10BE, 0x78BA3604), - BN_DEF(0x255E4C02, 0xB3861AA7), BN_DEF(0xB84B4B36, 0xCF6A9483), - BN_DEF(0x1042A95D, 0x0E3179AB), BN_DEF(0xEE51D6CB, 0xC1B2AE91), - BN_DEF(0x7E9267AF, 0x348B1FD4), BN_DEF(0x0E2AE9CD, 0xCC6D241B), - BN_DEF(0x50B1DF82, 0xE1003E5C), BN_DEF(0xF6722D9E, 0x24943328), - BN_DEF(0xBE258FF3, 0xD74F9208), BN_DEF(0xAD44CFD2, 0xF71C35FD), - BN_DEF(0x7A035BF6, 0x85FFAE5B), BN_DEF(0xD31BF6B5, 0x7A262174), - BN_DEF(0x312F3F63, 0xF242DABB), BN_DEF(0xB6A8E122, 0xA7F09AB6), - BN_DEF(0xF92F8A1B, 0x98158536), BN_DEF(0xE69D218D, 0xF7CA8CD9), - BN_DEF(0xC71A026E, 0x28A5043C), BN_DEF(0x1D89CD91, 0x0105DF53), - BN_DEF(0x4533E63A, 0x94812704), BN_DEF(0xC06E0E68, 0x62633145), - BN_DEF(0x10B4611A, 0xE487ED51), BN_DEF(0xFFFFFFFF, 0x7FFFFFFF), -}; - -/* DH parameters from RFC5114 */ -static const BN_ULONG dh1024_160_p[] = { - BN_DEF(0x2E4A4371, 0xDF1FB2BC), BN_DEF(0x6D4DA708, 0xE68CFDA7), - BN_DEF(0x365C1A65, 0x45BF37DF), BN_DEF(0x0DC8B4BD, 0xA151AF5F), - BN_DEF(0xF55BCCC0, 0xFAA31A4F), BN_DEF(0xE5644738, 0x4EFFD6FA), - BN_DEF(0x219A7372, 0x98488E9C), BN_DEF(0x90C4BD70, 0xACCBDD7D), - BN_DEF(0xD49B83BF, 0x24975C3C), BN_DEF(0xA9061123, 0x13ECB4AE), - BN_DEF(0x2EE652C0, 0x9838EF1E), BN_DEF(0x75A23D18, 0x6073E286), - BN_DEF(0x52D23B61, 0x9A6A9DCA), BN_DEF(0xFB06A3C6, 0x52C99FBC), - BN_DEF(0xAE5D54EC, 0xDE92DE5E), BN_DEF(0xA080E01D, 0xB10B8F96) -}; -static const BN_ULONG dh1024_160_q[] = { - BN_DEF(0x49462353, 0x64B7CB9D), BN_DEF(0x8ABA4E7D, 0x81A8DF27), - (BN_ULONG)0xF518AA87 -}; -static const BN_ULONG dh1024_160_g[] = { - BN_DEF(0x22B3B2E5, 0x855E6EEB), BN_DEF(0xF97C2A24, 0x858F4DCE), - BN_DEF(0x18D08BC8, 0x2D779D59), BN_DEF(0x8E73AFA3, 0xD662A4D1), - BN_DEF(0x69B6A28A, 0x1DBF0A01), BN_DEF(0x7A091F53, 0xA6A24C08), - BN_DEF(0x63F80A76, 0x909D0D22), BN_DEF(0xB9A92EE1, 0xD7FBD7D3), - BN_DEF(0x9E2749F4, 0x5E91547F), BN_DEF(0xB01B886A, 0x160217B4), - BN_DEF(0x5504F213, 0x777E690F), BN_DEF(0x5C41564B, 0x266FEA1E), - BN_DEF(0x14266D31, 0xD6406CFF), BN_DEF(0x58AC507F, 0xF8104DD2), - BN_DEF(0xEFB99905, 0x6765A442), BN_DEF(0xC3FD3412, 0xA4D1CBD5) -}; - -static const BN_ULONG dh2048_224_p[] = { - BN_DEF(0x0C10E64F, 0x0AC4DFFE), BN_DEF(0x4E71B81C, 0xCF9DE538), - BN_DEF(0xFFA31F71, 0x7EF363E2), BN_DEF(0x6B8E75B9, 0xE3FB73C1), - BN_DEF(0x4BA80A29, 0xC9B53DCF), BN_DEF(0x16E79763, 0x23F10B0E), - BN_DEF(0x13042E9B, 0xC52172E4), BN_DEF(0xC928B2B9, 0xBE60E69C), - BN_DEF(0xB9E587E8, 0x80CD86A1), BN_DEF(0x98C641A4, 0x315D75E1), - BN_DEF(0x44328387, 0xCDF93ACC), BN_DEF(0xDC0A486D, 0x15987D9A), - BN_DEF(0x1FD5A074, 0x7310F712), BN_DEF(0xDE31EFDC, 0x278273C7), - BN_DEF(0x415D9330, 0x1602E714), BN_DEF(0xBC8985DB, 0x81286130), - BN_DEF(0x70918836, 0xB3BF8A31), BN_DEF(0xB9C49708, 0x6A00E0A0), - BN_DEF(0x8BBC27BE, 0xC6BA0B2C), BN_DEF(0xED34DBF6, 0xC9F98D11), - BN_DEF(0xB6C12207, 0x7AD5B7D0), BN_DEF(0x55B7394B, 0xD91E8FEF), - BN_DEF(0xEFDA4DF8, 0x9037C9ED), BN_DEF(0xAD6AC212, 0x6D3F8152), - BN_DEF(0x1274A0A6, 0x1DE6B85A), BN_DEF(0x309C180E, 0xEB3D688A), - BN_DEF(0x7BA1DF15, 0xAF9A3C40), BN_DEF(0xF95A56DB, 0xE6FA141D), - BN_DEF(0xB61D0A75, 0xB54B1597), BN_DEF(0x683B9FD1, 0xA20D64E5), - BN_DEF(0x9559C51F, 0xD660FAA7), BN_DEF(0x9123A9D0, 0xAD107E1E) -}; -static const BN_ULONG dh2048_224_q[] = { - BN_DEF(0xB36371EB, 0xBF389A99), BN_DEF(0x4738CEBC, 0x1F80535A), - BN_DEF(0x99717710, 0xC58D93FE), (BN_ULONG)0x801C0D34 -}; -static const BN_ULONG dh2048_224_g[] = { - BN_DEF(0x191F2BFA, 0x84B890D3), BN_DEF(0x2A7065B3, 0x81BC087F), - BN_DEF(0xF6EC0179, 0x19C418E1), BN_DEF(0x71CFFF4C, 0x7B5A0F1C), - BN_DEF(0x9B6AA4BD, 0xEDFE72FE), BN_DEF(0x94B30269, 0x81E1BCFE), - BN_DEF(0x8D6C0191, 0x566AFBB4), BN_DEF(0x409D13CD, 0xB539CCE3), - BN_DEF(0x5F2FF381, 0x6AA21E7F), BN_DEF(0x770589EF, 0xD9E263E4), - BN_DEF(0xD19963DD, 0x10E183ED), BN_DEF(0x150B8EEB, 0xB70A8137), - BN_DEF(0x28C8F8AC, 0x051AE3D4), BN_DEF(0x0C1AB15B, 0xBB77A86F), - BN_DEF(0x16A330EF, 0x6E3025E3), BN_DEF(0xD6F83456, 0x19529A45), - BN_DEF(0x118E98D1, 0xF180EB34), BN_DEF(0x50717CBE, 0xB5F6C6B2), - BN_DEF(0xDA7460CD, 0x09939D54), BN_DEF(0x22EA1ED4, 0xE2471504), - BN_DEF(0x521BC98A, 0xB8A762D0), BN_DEF(0x5AC1348B, 0xF4D02727), - BN_DEF(0x1999024A, 0xC1766910), BN_DEF(0xA8D66AD7, 0xBE5E9001), - BN_DEF(0x620A8652, 0xC57DB17C), BN_DEF(0x00C29F52, 0xAB739D77), - BN_DEF(0xA70C4AFA, 0xDD921F01), BN_DEF(0x10B9A6F0, 0xA6824A4E), - BN_DEF(0xCFE4FFE3, 0x74866A08), BN_DEF(0x89998CAF, 0x6CDEBE7B), - BN_DEF(0x8FFDAC50, 0x9DF30B5C), BN_DEF(0x4F2D9AE3, 0xAC4032EF) -}; - -static const BN_ULONG dh2048_256_p[] = { - BN_DEF(0x1E1A1597, 0xDB094AE9), BN_DEF(0xD7EF09CA, 0x693877FA), - BN_DEF(0x6E11715F, 0x6116D227), BN_DEF(0xC198AF12, 0xA4B54330), - BN_DEF(0xD7014103, 0x75F26375), BN_DEF(0x54E710C3, 0xC3A3960A), - BN_DEF(0xBD0BE621, 0xDED4010A), BN_DEF(0x89962856, 0xC0B857F6), - BN_DEF(0x71506026, 0xB3CA3F79), BN_DEF(0xE6B486F6, 0x1CCACB83), - BN_DEF(0x14056425, 0x67E144E5), BN_DEF(0xA41825D9, 0xF6A167B5), - BN_DEF(0x96524D8E, 0x3AD83477), BN_DEF(0x51BFA4AB, 0xF13C6D9A), - BN_DEF(0x35488A0E, 0x2D525267), BN_DEF(0xCAA6B790, 0xB63ACAE1), - BN_DEF(0x81B23F76, 0x4FDB70C5), BN_DEF(0x12307F5C, 0xBC39A0BF), - BN_DEF(0xB1E59BB8, 0xB941F54E), BN_DEF(0xD45F9088, 0x6C5BFC11), - BN_DEF(0x4275BF7B, 0x22E0B1EF), BN_DEF(0x5B4758C0, 0x91F9E672), - BN_DEF(0x6BCF67ED, 0x5A8A9D30), BN_DEF(0x97517ABD, 0x209E0C64), - BN_DEF(0x830E9A7C, 0x3BF4296D), BN_DEF(0x34096FAA, 0x16C3D911), - BN_DEF(0x61B2AA30, 0xFAF7DF45), BN_DEF(0xD61957D4, 0xE00DF8F1), - BN_DEF(0x435E3B00, 0x5D2CEED4), BN_DEF(0x660DD0F2, 0x8CEEF608), - BN_DEF(0x65195999, 0xFFBBD19C), BN_DEF(0xB4B6663C, 0x87A8E61D) -}; -static const BN_ULONG dh2048_256_q[] = { - BN_DEF(0x64F5FBD3, 0xA308B0FE), BN_DEF(0x1EB3750B, 0x99B1A47D), - BN_DEF(0x40129DA2, 0xB4479976), BN_DEF(0xA709A097, 0x8CF83642) -}; -static const BN_ULONG dh2048_256_g[] = { - BN_DEF(0x6CC41659, 0x664B4C0F), BN_DEF(0xEF98C582, 0x5E2327CF), - BN_DEF(0xD4795451, 0xD647D148), BN_DEF(0x90F00EF8, 0x2F630784), - BN_DEF(0x1DB246C3, 0x184B523D), BN_DEF(0xCDC67EB6, 0xC7891428), - BN_DEF(0x0DF92B52, 0x7FD02837), BN_DEF(0x64E0EC37, 0xB3353BBB), - BN_DEF(0x57CD0915, 0xECD06E15), BN_DEF(0xDF016199, 0xB7D2BBD2), - BN_DEF(0x052588B9, 0xC8484B1E), BN_DEF(0x13D3FE14, 0xDB2A3B73), - BN_DEF(0xD182EA0A, 0xD052B985), BN_DEF(0xE83B9C80, 0xA4BD1BFF), - BN_DEF(0xFB3F2E55, 0xDFC967C1), BN_DEF(0x767164E1, 0xB5045AF2), - BN_DEF(0x6F2F9193, 0x1D14348F), BN_DEF(0x428EBC83, 0x64E67982), - BN_DEF(0x82D6ED38, 0x8AC376D2), BN_DEF(0xAAB8A862, 0x777DE62A), - BN_DEF(0xE9EC144B, 0xDDF463E5), BN_DEF(0xC77A57F2, 0x0196F931), - BN_DEF(0x41000A65, 0xA55AE313), BN_DEF(0xC28CBB18, 0x901228F8), - BN_DEF(0x7E8C6F62, 0xBC3773BF), BN_DEF(0x0C6B47B1, 0xBE3A6C1B), - BN_DEF(0xAC0BB555, 0xFF4FED4A), BN_DEF(0x77BE463F, 0x10DBC150), - BN_DEF(0x1A0BA125, 0x07F4793A), BN_DEF(0x21EF2054, 0x4CA7B18F), - BN_DEF(0x60EDBD48, 0x2E775066), BN_DEF(0x73134D0B, 0x3FB32C9B) -}; - -/* Primes from RFC 7919 */ -static const BN_ULONG ffdhe2048_p[] = { - BN_DEF(0xFFFFFFFF, 0xFFFFFFFF), BN_DEF(0x61285C97, 0x886B4238), - BN_DEF(0xC1B2EFFA, 0xC6F34A26), BN_DEF(0x7D1683B2, 0xC58EF183), - BN_DEF(0x2EC22005, 0x3BB5FCBC), BN_DEF(0x4C6FAD73, 0xC3FE3B1B), - BN_DEF(0xEEF28183, 0x8E4F1232), BN_DEF(0xE98583FF, 0x9172FE9C), - BN_DEF(0x28342F61, 0xC03404CD), BN_DEF(0xCDF7E2EC, 0x9E02FCE1), - BN_DEF(0xEE0A6D70, 0x0B07A7C8), BN_DEF(0x6372BB19, 0xAE56EDE7), - BN_DEF(0xDE394DF4, 0x1D4F42A3), BN_DEF(0x60D7F468, 0xB96ADAB7), - BN_DEF(0xB2C8E3FB, 0xD108A94B), BN_DEF(0xB324FB61, 0xBC0AB182), - BN_DEF(0x483A797A, 0x30ACCA4F), BN_DEF(0x36ADE735, 0x1DF158A1), - BN_DEF(0xF3EFE872, 0xE2A689DA), BN_DEF(0xE0E68B77, 0x984F0C70), - BN_DEF(0x7F57C935, 0xB557135E), BN_DEF(0x3DED1AF3, 0x85636555), - BN_DEF(0x5F066ED0, 0x2433F51F), BN_DEF(0xD5FD6561, 0xD3DF1ED5), - BN_DEF(0xAEC4617A, 0xF681B202), BN_DEF(0x630C75D8, 0x7D2FE363), - BN_DEF(0x249B3EF9, 0xCC939DCE), BN_DEF(0x146433FB, 0xA9E13641), - BN_DEF(0xCE2D3695, 0xD8B9C583), BN_DEF(0x273D3CF1, 0xAFDC5620), - BN_DEF(0xA2BB4A9A, 0xADF85458), BN_DEF(0xFFFFFFFF, 0xFFFFFFFF) -}; -/* q = (p - 1) / 2 */ -static const BN_ULONG ffdhe2048_q[] = { - BN_DEF(0xFFFFFFFF, 0xFFFFFFFF), BN_DEF(0x30942E4B, 0x4435A11C), - BN_DEF(0x60D977FD, 0x6379A513), BN_DEF(0xBE8B41D9, 0xE2C778C1), - BN_DEF(0x17611002, 0x9DDAFE5E), BN_DEF(0xA637D6B9, 0xE1FF1D8D), - BN_DEF(0x777940C1, 0xC7278919), BN_DEF(0x74C2C1FF, 0xC8B97F4E), - BN_DEF(0x941A17B0, 0x601A0266), BN_DEF(0xE6FBF176, 0x4F017E70), - BN_DEF(0x770536B8, 0x8583D3E4), BN_DEF(0xB1B95D8C, 0x572B76F3), - BN_DEF(0xEF1CA6FA, 0x0EA7A151), BN_DEF(0xB06BFA34, 0xDCB56D5B), - BN_DEF(0xD96471FD, 0xE88454A5), BN_DEF(0x59927DB0, 0x5E0558C1), - BN_DEF(0xA41D3CBD, 0x98566527), BN_DEF(0x9B56F39A, 0x0EF8AC50), - BN_DEF(0x79F7F439, 0xF15344ED), BN_DEF(0x707345BB, 0xCC278638), - BN_DEF(0x3FABE49A, 0xDAAB89AF), BN_DEF(0x9EF68D79, 0x42B1B2AA), - BN_DEF(0xAF833768, 0x9219FA8F), BN_DEF(0xEAFEB2B0, 0x69EF8F6A), - BN_DEF(0x576230BD, 0x7B40D901), BN_DEF(0xB1863AEC, 0xBE97F1B1), - BN_DEF(0x124D9F7C, 0xE649CEE7), BN_DEF(0x8A3219FD, 0xD4F09B20), - BN_DEF(0xE7169B4A, 0xEC5CE2C1), BN_DEF(0x139E9E78, 0x57EE2B10), - BN_DEF(0x515DA54D, 0xD6FC2A2C), BN_DEF(0xFFFFFFFF, 0x7FFFFFFF), -}; - -static const BN_ULONG ffdhe3072_p[] = { - BN_DEF(0xFFFFFFFF, 0xFFFFFFFF), BN_DEF(0x66C62E37, 0x25E41D2B), - BN_DEF(0x3FD59D7C, 0x3C1B20EE), BN_DEF(0xFA53DDEF, 0x0ABCD06B), - BN_DEF(0xD5C4484E, 0x1DBF9A42), BN_DEF(0x9B0DEADA, 0xABC52197), - BN_DEF(0x22363A0D, 0xE86D2BC5), BN_DEF(0x9C9DF69E, 0x5CAE82AB), - BN_DEF(0x71F54BFF, 0x64F2E21E), BN_DEF(0xE2D74DD3, 0xF4FD4452), - BN_DEF(0xBC437944, 0xB4130C93), BN_DEF(0x85139270, 0xAEFE1309), - BN_DEF(0xC186D91C, 0x598CB0FA), BN_DEF(0x91F7F7EE, 0x7AD91D26), - BN_DEF(0xD6E6C907, 0x61B46FC9), BN_DEF(0xF99C0238, 0xBC34F4DE), - BN_DEF(0x6519035B, 0xDE355B3B), BN_DEF(0x611FCFDC, 0x886B4238), - BN_DEF(0xC1B2EFFA, 0xC6F34A26), BN_DEF(0x7D1683B2, 0xC58EF183), - BN_DEF(0x2EC22005, 0x3BB5FCBC), BN_DEF(0x4C6FAD73, 0xC3FE3B1B), - BN_DEF(0xEEF28183, 0x8E4F1232), BN_DEF(0xE98583FF, 0x9172FE9C), - BN_DEF(0x28342F61, 0xC03404CD), BN_DEF(0xCDF7E2EC, 0x9E02FCE1), - BN_DEF(0xEE0A6D70, 0x0B07A7C8), BN_DEF(0x6372BB19, 0xAE56EDE7), - BN_DEF(0xDE394DF4, 0x1D4F42A3), BN_DEF(0x60D7F468, 0xB96ADAB7), - BN_DEF(0xB2C8E3FB, 0xD108A94B), BN_DEF(0xB324FB61, 0xBC0AB182), - BN_DEF(0x483A797A, 0x30ACCA4F), BN_DEF(0x36ADE735, 0x1DF158A1), - BN_DEF(0xF3EFE872, 0xE2A689DA), BN_DEF(0xE0E68B77, 0x984F0C70), - BN_DEF(0x7F57C935, 0xB557135E), BN_DEF(0x3DED1AF3, 0x85636555), - BN_DEF(0x5F066ED0, 0x2433F51F), BN_DEF(0xD5FD6561, 0xD3DF1ED5), - BN_DEF(0xAEC4617A, 0xF681B202), BN_DEF(0x630C75D8, 0x7D2FE363), - BN_DEF(0x249B3EF9, 0xCC939DCE), BN_DEF(0x146433FB, 0xA9E13641), - BN_DEF(0xCE2D3695, 0xD8B9C583), BN_DEF(0x273D3CF1, 0xAFDC5620), - BN_DEF(0xA2BB4A9A, 0xADF85458), BN_DEF(0xFFFFFFFF, 0xFFFFFFFF) -}; -/* q = (p - 1) / 2 */ -static const BN_ULONG ffdhe3072_q[] = { - BN_DEF(0xFFFFFFFF, 0xFFFFFFFF), BN_DEF(0xB363171B, 0x12F20E95), - BN_DEF(0x1FEACEBE, 0x9E0D9077), BN_DEF(0xFD29EEF7, 0x055E6835), - BN_DEF(0x6AE22427, 0x0EDFCD21), BN_DEF(0xCD86F56D, 0xD5E290CB), - BN_DEF(0x911B1D06, 0x743695E2), BN_DEF(0xCE4EFB4F, 0xAE574155), - BN_DEF(0x38FAA5FF, 0xB279710F), BN_DEF(0x716BA6E9, 0x7A7EA229), - BN_DEF(0xDE21BCA2, 0x5A098649), BN_DEF(0xC289C938, 0x577F0984), - BN_DEF(0x60C36C8E, 0x2CC6587D), BN_DEF(0x48FBFBF7, 0xBD6C8E93), - BN_DEF(0xEB736483, 0x30DA37E4), BN_DEF(0x7CCE011C, 0xDE1A7A6F), - BN_DEF(0xB28C81AD, 0x6F1AAD9D), BN_DEF(0x308FE7EE, 0x4435A11C), - BN_DEF(0x60D977FD, 0x6379A513), BN_DEF(0xBE8B41D9, 0xE2C778C1), - BN_DEF(0x17611002, 0x9DDAFE5E), BN_DEF(0xA637D6B9, 0xE1FF1D8D), - BN_DEF(0x777940C1, 0xC7278919), BN_DEF(0x74C2C1FF, 0xC8B97F4E), - BN_DEF(0x941A17B0, 0x601A0266), BN_DEF(0xE6FBF176, 0x4F017E70), - BN_DEF(0x770536B8, 0x8583D3E4), BN_DEF(0xB1B95D8C, 0x572B76F3), - BN_DEF(0xEF1CA6FA, 0x0EA7A151), BN_DEF(0xB06BFA34, 0xDCB56D5B), - BN_DEF(0xD96471FD, 0xE88454A5), BN_DEF(0x59927DB0, 0x5E0558C1), - BN_DEF(0xA41D3CBD, 0x98566527), BN_DEF(0x9B56F39A, 0x0EF8AC50), - BN_DEF(0x79F7F439, 0xF15344ED), BN_DEF(0x707345BB, 0xCC278638), - BN_DEF(0x3FABE49A, 0xDAAB89AF), BN_DEF(0x9EF68D79, 0x42B1B2AA), - BN_DEF(0xAF833768, 0x9219FA8F), BN_DEF(0xEAFEB2B0, 0x69EF8F6A), - BN_DEF(0x576230BD, 0x7B40D901), BN_DEF(0xB1863AEC, 0xBE97F1B1), - BN_DEF(0x124D9F7C, 0xE649CEE7), BN_DEF(0x8A3219FD, 0xD4F09B20), - BN_DEF(0xE7169B4A, 0xEC5CE2C1), BN_DEF(0x139E9E78, 0x57EE2B10), - BN_DEF(0x515DA54D, 0xD6FC2A2C), BN_DEF(0xFFFFFFFF, 0x7FFFFFFF), -}; - -static const BN_ULONG ffdhe4096_p[] = { - BN_DEF(0xFFFFFFFF, 0xFFFFFFFF), BN_DEF(0x5E655F6A, 0xC68A007E), - BN_DEF(0xF44182E1, 0x4DB5A851), BN_DEF(0x7F88A46B, 0x8EC9B55A), - BN_DEF(0xCEC97DCF, 0x0A8291CD), BN_DEF(0xF98D0ACC, 0x2A4ECEA9), - BN_DEF(0x7140003C, 0x1A1DB93D), BN_DEF(0x33CB8B7A, 0x092999A3), - BN_DEF(0x71AD0038, 0x6DC778F9), BN_DEF(0x918130C4, 0xA907600A), - BN_DEF(0x2D9E6832, 0xED6A1E01), BN_DEF(0xEFB4318A, 0x7135C886), - BN_DEF(0x7E31CC7A, 0x87F55BA5), BN_DEF(0x55034004, 0x7763CF1D), - BN_DEF(0xD69F6D18, 0xAC7D5F42), BN_DEF(0xE58857B6, 0x7930E9E4), - BN_DEF(0x164DF4FB, 0x6E6F52C3), BN_DEF(0x669E1EF1, 0x25E41D2B), - BN_DEF(0x3FD59D7C, 0x3C1B20EE), BN_DEF(0xFA53DDEF, 0x0ABCD06B), - BN_DEF(0xD5C4484E, 0x1DBF9A42), BN_DEF(0x9B0DEADA, 0xABC52197), - BN_DEF(0x22363A0D, 0xE86D2BC5), BN_DEF(0x9C9DF69E, 0x5CAE82AB), - BN_DEF(0x71F54BFF, 0x64F2E21E), BN_DEF(0xE2D74DD3, 0xF4FD4452), - BN_DEF(0xBC437944, 0xB4130C93), BN_DEF(0x85139270, 0xAEFE1309), - BN_DEF(0xC186D91C, 0x598CB0FA), BN_DEF(0x91F7F7EE, 0x7AD91D26), - BN_DEF(0xD6E6C907, 0x61B46FC9), BN_DEF(0xF99C0238, 0xBC34F4DE), - BN_DEF(0x6519035B, 0xDE355B3B), BN_DEF(0x611FCFDC, 0x886B4238), - BN_DEF(0xC1B2EFFA, 0xC6F34A26), BN_DEF(0x7D1683B2, 0xC58EF183), - BN_DEF(0x2EC22005, 0x3BB5FCBC), BN_DEF(0x4C6FAD73, 0xC3FE3B1B), - BN_DEF(0xEEF28183, 0x8E4F1232), BN_DEF(0xE98583FF, 0x9172FE9C), - BN_DEF(0x28342F61, 0xC03404CD), BN_DEF(0xCDF7E2EC, 0x9E02FCE1), - BN_DEF(0xEE0A6D70, 0x0B07A7C8), BN_DEF(0x6372BB19, 0xAE56EDE7), - BN_DEF(0xDE394DF4, 0x1D4F42A3), BN_DEF(0x60D7F468, 0xB96ADAB7), - BN_DEF(0xB2C8E3FB, 0xD108A94B), BN_DEF(0xB324FB61, 0xBC0AB182), - BN_DEF(0x483A797A, 0x30ACCA4F), BN_DEF(0x36ADE735, 0x1DF158A1), - BN_DEF(0xF3EFE872, 0xE2A689DA), BN_DEF(0xE0E68B77, 0x984F0C70), - BN_DEF(0x7F57C935, 0xB557135E), BN_DEF(0x3DED1AF3, 0x85636555), - BN_DEF(0x5F066ED0, 0x2433F51F), BN_DEF(0xD5FD6561, 0xD3DF1ED5), - BN_DEF(0xAEC4617A, 0xF681B202), BN_DEF(0x630C75D8, 0x7D2FE363), - BN_DEF(0x249B3EF9, 0xCC939DCE), BN_DEF(0x146433FB, 0xA9E13641), - BN_DEF(0xCE2D3695, 0xD8B9C583), BN_DEF(0x273D3CF1, 0xAFDC5620), - BN_DEF(0xA2BB4A9A, 0xADF85458), BN_DEF(0xFFFFFFFF, 0xFFFFFFFF) -}; -/* q = (p - 1) / 2 */ -static const BN_ULONG ffdhe4096_q[] = { - BN_DEF(0xFFFFFFFF, 0x7FFFFFFF), BN_DEF(0x2F32AFB5, 0xE345003F), - BN_DEF(0xFA20C170, 0xA6DAD428), BN_DEF(0x3FC45235, 0xC764DAAD), - BN_DEF(0xE764BEE7, 0x054148E6), BN_DEF(0xFCC68566, 0x15276754), - BN_DEF(0xB8A0001E, 0x0D0EDC9E), BN_DEF(0x99E5C5BD, 0x0494CCD1), - BN_DEF(0xB8D6801C, 0x36E3BC7C), BN_DEF(0x48C09862, 0x5483B005), - BN_DEF(0x96CF3419, 0x76B50F00), BN_DEF(0x77DA18C5, 0x389AE443), - BN_DEF(0xBF18E63D, 0x43FAADD2), BN_DEF(0xAA81A002, 0x3BB1E78E), - BN_DEF(0x6B4FB68C, 0x563EAFA1), BN_DEF(0x72C42BDB, 0xBC9874F2), - BN_DEF(0x8B26FA7D, 0xB737A961), BN_DEF(0xB34F0F78, 0x12F20E95), - BN_DEF(0x1FEACEBE, 0x9E0D9077), BN_DEF(0xFD29EEF7, 0x055E6835), - BN_DEF(0x6AE22427, 0x0EDFCD21), BN_DEF(0xCD86F56D, 0xD5E290CB), - BN_DEF(0x911B1D06, 0x743695E2), BN_DEF(0xCE4EFB4F, 0xAE574155), - BN_DEF(0x38FAA5FF, 0xB279710F), BN_DEF(0x716BA6E9, 0x7A7EA229), - BN_DEF(0xDE21BCA2, 0x5A098649), BN_DEF(0xC289C938, 0x577F0984), - BN_DEF(0x60C36C8E, 0x2CC6587D), BN_DEF(0x48FBFBF7, 0xBD6C8E93), - BN_DEF(0xEB736483, 0x30DA37E4), BN_DEF(0x7CCE011C, 0xDE1A7A6F), - BN_DEF(0xB28C81AD, 0x6F1AAD9D), BN_DEF(0x308FE7EE, 0x4435A11C), - BN_DEF(0x60D977FD, 0x6379A513), BN_DEF(0xBE8B41D9, 0xE2C778C1), - BN_DEF(0x17611002, 0x9DDAFE5E), BN_DEF(0xA637D6B9, 0xE1FF1D8D), - BN_DEF(0x777940C1, 0xC7278919), BN_DEF(0x74C2C1FF, 0xC8B97F4E), - BN_DEF(0x941A17B0, 0x601A0266), BN_DEF(0xE6FBF176, 0x4F017E70), - BN_DEF(0x770536B8, 0x8583D3E4), BN_DEF(0xB1B95D8C, 0x572B76F3), - BN_DEF(0xEF1CA6FA, 0x0EA7A151), BN_DEF(0xB06BFA34, 0xDCB56D5B), - BN_DEF(0xD96471FD, 0xE88454A5), BN_DEF(0x59927DB0, 0x5E0558C1), - BN_DEF(0xA41D3CBD, 0x98566527), BN_DEF(0x9B56F39A, 0x0EF8AC50), - BN_DEF(0x79F7F439, 0xF15344ED), BN_DEF(0x707345BB, 0xCC278638), - BN_DEF(0x3FABE49A, 0xDAAB89AF), BN_DEF(0x9EF68D79, 0x42B1B2AA), - BN_DEF(0xAF833768, 0x9219FA8F), BN_DEF(0xEAFEB2B0, 0x69EF8F6A), - BN_DEF(0x576230BD, 0x7B40D901), BN_DEF(0xB1863AEC, 0xBE97F1B1), - BN_DEF(0x124D9F7C, 0xE649CEE7), BN_DEF(0x8A3219FD, 0xD4F09B20), - BN_DEF(0xE7169B4A, 0xEC5CE2C1), BN_DEF(0x139E9E78, 0x57EE2B10), - BN_DEF(0x515DA54D, 0xD6FC2A2C), BN_DEF(0xFFFFFFFF, 0x7FFFFFFF), -}; - -static const BN_ULONG ffdhe6144_p[] = { - BN_DEF(0xFFFFFFFF, 0xFFFFFFFF), BN_DEF(0xD0E40E65, 0xA40E329C), - BN_DEF(0x7938DAD4, 0xA41D570D), BN_DEF(0xD43161C1, 0x62A69526), - BN_DEF(0x9ADB1E69, 0x3FDD4A8E), BN_DEF(0xDC6B80D6, 0x5B3B71F9), - BN_DEF(0xC6272B04, 0xEC9D1810), BN_DEF(0xCACEF403, 0x8CCF2DD5), - BN_DEF(0xC95B9117, 0xE49F5235), BN_DEF(0xB854338A, 0x505DC82D), - BN_DEF(0x1562A846, 0x62292C31), BN_DEF(0x6AE77F5E, 0xD72B0374), - BN_DEF(0x462D538C, 0xF9C9091B), BN_DEF(0x47A67CBE, 0x0AE8DB58), - BN_DEF(0x22611682, 0xB3A739C1), BN_DEF(0x2A281BF6, 0xEEAAC023), - BN_DEF(0x77CAF992, 0x94C6651E), BN_DEF(0x94B2BBC1, 0x763E4E4B), - BN_DEF(0x0077D9B4, 0x587E38DA), BN_DEF(0x183023C3, 0x7FB29F8C), - BN_DEF(0xF9E3A26E, 0x0ABEC1FF), BN_DEF(0x350511E3, 0xA00EF092), - BN_DEF(0xDB6340D8, 0xB855322E), BN_DEF(0xA9A96910, 0xA52471F7), - BN_DEF(0x4CFDB477, 0x388147FB), BN_DEF(0x4E46041F, 0x9B1F5C3E), - BN_DEF(0xFCCFEC71, 0xCDAD0657), BN_DEF(0x4C701C3A, 0xB38E8C33), - BN_DEF(0xB1C0FD4C, 0x917BDD64), BN_DEF(0x9B7624C8, 0x3BB45432), - BN_DEF(0xCAF53EA6, 0x23BA4442), BN_DEF(0x38532A3A, 0x4E677D2C), - BN_DEF(0x45036C7A, 0x0BFD64B6), BN_DEF(0x5E0DD902, 0xC68A007E), - BN_DEF(0xF44182E1, 0x4DB5A851), BN_DEF(0x7F88A46B, 0x8EC9B55A), - BN_DEF(0xCEC97DCF, 0x0A8291CD), BN_DEF(0xF98D0ACC, 0x2A4ECEA9), - BN_DEF(0x7140003C, 0x1A1DB93D), BN_DEF(0x33CB8B7A, 0x092999A3), - BN_DEF(0x71AD0038, 0x6DC778F9), BN_DEF(0x918130C4, 0xA907600A), - BN_DEF(0x2D9E6832, 0xED6A1E01), BN_DEF(0xEFB4318A, 0x7135C886), - BN_DEF(0x7E31CC7A, 0x87F55BA5), BN_DEF(0x55034004, 0x7763CF1D), - BN_DEF(0xD69F6D18, 0xAC7D5F42), BN_DEF(0xE58857B6, 0x7930E9E4), - BN_DEF(0x164DF4FB, 0x6E6F52C3), BN_DEF(0x669E1EF1, 0x25E41D2B), - BN_DEF(0x3FD59D7C, 0x3C1B20EE), BN_DEF(0xFA53DDEF, 0x0ABCD06B), - BN_DEF(0xD5C4484E, 0x1DBF9A42), BN_DEF(0x9B0DEADA, 0xABC52197), - BN_DEF(0x22363A0D, 0xE86D2BC5), BN_DEF(0x9C9DF69E, 0x5CAE82AB), - BN_DEF(0x71F54BFF, 0x64F2E21E), BN_DEF(0xE2D74DD3, 0xF4FD4452), - BN_DEF(0xBC437944, 0xB4130C93), BN_DEF(0x85139270, 0xAEFE1309), - BN_DEF(0xC186D91C, 0x598CB0FA), BN_DEF(0x91F7F7EE, 0x7AD91D26), - BN_DEF(0xD6E6C907, 0x61B46FC9), BN_DEF(0xF99C0238, 0xBC34F4DE), - BN_DEF(0x6519035B, 0xDE355B3B), BN_DEF(0x611FCFDC, 0x886B4238), - BN_DEF(0xC1B2EFFA, 0xC6F34A26), BN_DEF(0x7D1683B2, 0xC58EF183), - BN_DEF(0x2EC22005, 0x3BB5FCBC), BN_DEF(0x4C6FAD73, 0xC3FE3B1B), - BN_DEF(0xEEF28183, 0x8E4F1232), BN_DEF(0xE98583FF, 0x9172FE9C), - BN_DEF(0x28342F61, 0xC03404CD), BN_DEF(0xCDF7E2EC, 0x9E02FCE1), - BN_DEF(0xEE0A6D70, 0x0B07A7C8), BN_DEF(0x6372BB19, 0xAE56EDE7), - BN_DEF(0xDE394DF4, 0x1D4F42A3), BN_DEF(0x60D7F468, 0xB96ADAB7), - BN_DEF(0xB2C8E3FB, 0xD108A94B), BN_DEF(0xB324FB61, 0xBC0AB182), - BN_DEF(0x483A797A, 0x30ACCA4F), BN_DEF(0x36ADE735, 0x1DF158A1), - BN_DEF(0xF3EFE872, 0xE2A689DA), BN_DEF(0xE0E68B77, 0x984F0C70), - BN_DEF(0x7F57C935, 0xB557135E), BN_DEF(0x3DED1AF3, 0x85636555), - BN_DEF(0x5F066ED0, 0x2433F51F), BN_DEF(0xD5FD6561, 0xD3DF1ED5), - BN_DEF(0xAEC4617A, 0xF681B202), BN_DEF(0x630C75D8, 0x7D2FE363), - BN_DEF(0x249B3EF9, 0xCC939DCE), BN_DEF(0x146433FB, 0xA9E13641), - BN_DEF(0xCE2D3695, 0xD8B9C583), BN_DEF(0x273D3CF1, 0xAFDC5620), - BN_DEF(0xA2BB4A9A, 0xADF85458), BN_DEF(0xFFFFFFFF, 0xFFFFFFFF) -}; -/* q = (p - 1) / 2 */ -static const BN_ULONG ffdhe6144_q[] = { - BN_DEF(0xFFFFFFFF, 0xFFFFFFFF), BN_DEF(0x68720732, 0x5207194E), - BN_DEF(0xBC9C6D6A, 0xD20EAB86), BN_DEF(0x6A18B0E0, 0xB1534A93), - BN_DEF(0x4D6D8F34, 0x1FEEA547), BN_DEF(0xEE35C06B, 0x2D9DB8FC), - BN_DEF(0x63139582, 0xF64E8C08), BN_DEF(0xE5677A01, 0xC66796EA), - BN_DEF(0xE4ADC88B, 0x724FA91A), BN_DEF(0xDC2A19C5, 0x282EE416), - BN_DEF(0x8AB15423, 0x31149618), BN_DEF(0x3573BFAF, 0x6B9581BA), - BN_DEF(0xA316A9C6, 0x7CE4848D), BN_DEF(0x23D33E5F, 0x05746DAC), - BN_DEF(0x91308B41, 0x59D39CE0), BN_DEF(0x95140DFB, 0x77556011), - BN_DEF(0x3BE57CC9, 0xCA63328F), BN_DEF(0xCA595DE0, 0x3B1F2725), - BN_DEF(0x003BECDA, 0xAC3F1C6D), BN_DEF(0x0C1811E1, 0x3FD94FC6), - BN_DEF(0xFCF1D137, 0x855F60FF), BN_DEF(0x1A8288F1, 0x50077849), - BN_DEF(0x6DB1A06C, 0x5C2A9917), BN_DEF(0xD4D4B488, 0xD29238FB), - BN_DEF(0xA67EDA3B, 0x9C40A3FD), BN_DEF(0x2723020F, 0xCD8FAE1F), - BN_DEF(0xFE67F638, 0x66D6832B), BN_DEF(0xA6380E1D, 0x59C74619), - BN_DEF(0x58E07EA6, 0x48BDEEB2), BN_DEF(0x4DBB1264, 0x1DDA2A19), - BN_DEF(0x657A9F53, 0x11DD2221), BN_DEF(0x1C29951D, 0x2733BE96), - BN_DEF(0x2281B63D, 0x05FEB25B), BN_DEF(0x2F06EC81, 0xE345003F), - BN_DEF(0xFA20C170, 0xA6DAD428), BN_DEF(0x3FC45235, 0xC764DAAD), - BN_DEF(0xE764BEE7, 0x054148E6), BN_DEF(0xFCC68566, 0x15276754), - BN_DEF(0xB8A0001E, 0x0D0EDC9E), BN_DEF(0x99E5C5BD, 0x0494CCD1), - BN_DEF(0xB8D6801C, 0x36E3BC7C), BN_DEF(0x48C09862, 0x5483B005), - BN_DEF(0x96CF3419, 0x76B50F00), BN_DEF(0x77DA18C5, 0x389AE443), - BN_DEF(0xBF18E63D, 0x43FAADD2), BN_DEF(0xAA81A002, 0x3BB1E78E), - BN_DEF(0x6B4FB68C, 0x563EAFA1), BN_DEF(0x72C42BDB, 0xBC9874F2), - BN_DEF(0x8B26FA7D, 0xB737A961), BN_DEF(0xB34F0F78, 0x12F20E95), - BN_DEF(0x1FEACEBE, 0x9E0D9077), BN_DEF(0xFD29EEF7, 0x055E6835), - BN_DEF(0x6AE22427, 0x0EDFCD21), BN_DEF(0xCD86F56D, 0xD5E290CB), - BN_DEF(0x911B1D06, 0x743695E2), BN_DEF(0xCE4EFB4F, 0xAE574155), - BN_DEF(0x38FAA5FF, 0xB279710F), BN_DEF(0x716BA6E9, 0x7A7EA229), - BN_DEF(0xDE21BCA2, 0x5A098649), BN_DEF(0xC289C938, 0x577F0984), - BN_DEF(0x60C36C8E, 0x2CC6587D), BN_DEF(0x48FBFBF7, 0xBD6C8E93), - BN_DEF(0xEB736483, 0x30DA37E4), BN_DEF(0x7CCE011C, 0xDE1A7A6F), - BN_DEF(0xB28C81AD, 0x6F1AAD9D), BN_DEF(0x308FE7EE, 0x4435A11C), - BN_DEF(0x60D977FD, 0x6379A513), BN_DEF(0xBE8B41D9, 0xE2C778C1), - BN_DEF(0x17611002, 0x9DDAFE5E), BN_DEF(0xA637D6B9, 0xE1FF1D8D), - BN_DEF(0x777940C1, 0xC7278919), BN_DEF(0x74C2C1FF, 0xC8B97F4E), - BN_DEF(0x941A17B0, 0x601A0266), BN_DEF(0xE6FBF176, 0x4F017E70), - BN_DEF(0x770536B8, 0x8583D3E4), BN_DEF(0xB1B95D8C, 0x572B76F3), - BN_DEF(0xEF1CA6FA, 0x0EA7A151), BN_DEF(0xB06BFA34, 0xDCB56D5B), - BN_DEF(0xD96471FD, 0xE88454A5), BN_DEF(0x59927DB0, 0x5E0558C1), - BN_DEF(0xA41D3CBD, 0x98566527), BN_DEF(0x9B56F39A, 0x0EF8AC50), - BN_DEF(0x79F7F439, 0xF15344ED), BN_DEF(0x707345BB, 0xCC278638), - BN_DEF(0x3FABE49A, 0xDAAB89AF), BN_DEF(0x9EF68D79, 0x42B1B2AA), - BN_DEF(0xAF833768, 0x9219FA8F), BN_DEF(0xEAFEB2B0, 0x69EF8F6A), - BN_DEF(0x576230BD, 0x7B40D901), BN_DEF(0xB1863AEC, 0xBE97F1B1), - BN_DEF(0x124D9F7C, 0xE649CEE7), BN_DEF(0x8A3219FD, 0xD4F09B20), - BN_DEF(0xE7169B4A, 0xEC5CE2C1), BN_DEF(0x139E9E78, 0x57EE2B10), - BN_DEF(0x515DA54D, 0xD6FC2A2C), BN_DEF(0xFFFFFFFF, 0x7FFFFFFF), -}; - -static const BN_ULONG ffdhe8192_p[] = { - BN_DEF(0xFFFFFFFF, 0xFFFFFFFF), BN_DEF(0xC5C6424C, 0xD68C8BB7), - BN_DEF(0x838FF88C, 0x011E2A94), BN_DEF(0xA9F4614E, 0x0822E506), - BN_DEF(0xF7A8443D, 0x97D11D49), BN_DEF(0x30677F0D, 0xA6BBFDE5), - BN_DEF(0xC1FE86FE, 0x2F741EF8), BN_DEF(0x5D71A87E, 0xFAFABE1C), - BN_DEF(0xFBE58A30, 0xDED2FBAB), BN_DEF(0x72B0A66E, 0xB6855DFE), - BN_DEF(0xBA8A4FE8, 0x1EFC8CE0), BN_DEF(0x3F2FA457, 0x83F81D4A), - BN_DEF(0xA577E231, 0xA1FE3075), BN_DEF(0x88D9C0A0, 0xD5B80194), - BN_DEF(0xAD9A95F9, 0x624816CD), BN_DEF(0x50C1217B, 0x99E9E316), - BN_DEF(0x0E423CFC, 0x51AA691E), BN_DEF(0x3826E52C, 0x1C217E6C), - BN_DEF(0x09703FEE, 0x51A8A931), BN_DEF(0x6A460E74, 0xBB709987), - BN_DEF(0x9C86B022, 0x541FC68C), BN_DEF(0x46FD8251, 0x59160CC0), - BN_DEF(0x35C35F5C, 0x2846C0BA), BN_DEF(0x8B758282, 0x54504AC7), - BN_DEF(0xD2AF05E4, 0x29388839), BN_DEF(0xC01BD702, 0xCB2C0F1C), - BN_DEF(0x7C932665, 0x555B2F74), BN_DEF(0xA3AB8829, 0x86B63142), - BN_DEF(0xF64B10EF, 0x0B8CC3BD), BN_DEF(0xEDD1CC5E, 0x687FEB69), - BN_DEF(0xC9509D43, 0xFDB23FCE), BN_DEF(0xD951AE64, 0x1E425A31), - BN_DEF(0xF600C838, 0x36AD004C), BN_DEF(0xCFF46AAA, 0xA40E329C), - BN_DEF(0x7938DAD4, 0xA41D570D), BN_DEF(0xD43161C1, 0x62A69526), - BN_DEF(0x9ADB1E69, 0x3FDD4A8E), BN_DEF(0xDC6B80D6, 0x5B3B71F9), - BN_DEF(0xC6272B04, 0xEC9D1810), BN_DEF(0xCACEF403, 0x8CCF2DD5), - BN_DEF(0xC95B9117, 0xE49F5235), BN_DEF(0xB854338A, 0x505DC82D), - BN_DEF(0x1562A846, 0x62292C31), BN_DEF(0x6AE77F5E, 0xD72B0374), - BN_DEF(0x462D538C, 0xF9C9091B), BN_DEF(0x47A67CBE, 0x0AE8DB58), - BN_DEF(0x22611682, 0xB3A739C1), BN_DEF(0x2A281BF6, 0xEEAAC023), - BN_DEF(0x77CAF992, 0x94C6651E), BN_DEF(0x94B2BBC1, 0x763E4E4B), - BN_DEF(0x0077D9B4, 0x587E38DA), BN_DEF(0x183023C3, 0x7FB29F8C), - BN_DEF(0xF9E3A26E, 0x0ABEC1FF), BN_DEF(0x350511E3, 0xA00EF092), - BN_DEF(0xDB6340D8, 0xB855322E), BN_DEF(0xA9A96910, 0xA52471F7), - BN_DEF(0x4CFDB477, 0x388147FB), BN_DEF(0x4E46041F, 0x9B1F5C3E), - BN_DEF(0xFCCFEC71, 0xCDAD0657), BN_DEF(0x4C701C3A, 0xB38E8C33), - BN_DEF(0xB1C0FD4C, 0x917BDD64), BN_DEF(0x9B7624C8, 0x3BB45432), - BN_DEF(0xCAF53EA6, 0x23BA4442), BN_DEF(0x38532A3A, 0x4E677D2C), - BN_DEF(0x45036C7A, 0x0BFD64B6), BN_DEF(0x5E0DD902, 0xC68A007E), - BN_DEF(0xF44182E1, 0x4DB5A851), BN_DEF(0x7F88A46B, 0x8EC9B55A), - BN_DEF(0xCEC97DCF, 0x0A8291CD), BN_DEF(0xF98D0ACC, 0x2A4ECEA9), - BN_DEF(0x7140003C, 0x1A1DB93D), BN_DEF(0x33CB8B7A, 0x092999A3), - BN_DEF(0x71AD0038, 0x6DC778F9), BN_DEF(0x918130C4, 0xA907600A), - BN_DEF(0x2D9E6832, 0xED6A1E01), BN_DEF(0xEFB4318A, 0x7135C886), - BN_DEF(0x7E31CC7A, 0x87F55BA5), BN_DEF(0x55034004, 0x7763CF1D), - BN_DEF(0xD69F6D18, 0xAC7D5F42), BN_DEF(0xE58857B6, 0x7930E9E4), - BN_DEF(0x164DF4FB, 0x6E6F52C3), BN_DEF(0x669E1EF1, 0x25E41D2B), - BN_DEF(0x3FD59D7C, 0x3C1B20EE), BN_DEF(0xFA53DDEF, 0x0ABCD06B), - BN_DEF(0xD5C4484E, 0x1DBF9A42), BN_DEF(0x9B0DEADA, 0xABC52197), - BN_DEF(0x22363A0D, 0xE86D2BC5), BN_DEF(0x9C9DF69E, 0x5CAE82AB), - BN_DEF(0x71F54BFF, 0x64F2E21E), BN_DEF(0xE2D74DD3, 0xF4FD4452), - BN_DEF(0xBC437944, 0xB4130C93), BN_DEF(0x85139270, 0xAEFE1309), - BN_DEF(0xC186D91C, 0x598CB0FA), BN_DEF(0x91F7F7EE, 0x7AD91D26), - BN_DEF(0xD6E6C907, 0x61B46FC9), BN_DEF(0xF99C0238, 0xBC34F4DE), - BN_DEF(0x6519035B, 0xDE355B3B), BN_DEF(0x611FCFDC, 0x886B4238), - BN_DEF(0xC1B2EFFA, 0xC6F34A26), BN_DEF(0x7D1683B2, 0xC58EF183), - BN_DEF(0x2EC22005, 0x3BB5FCBC), BN_DEF(0x4C6FAD73, 0xC3FE3B1B), - BN_DEF(0xEEF28183, 0x8E4F1232), BN_DEF(0xE98583FF, 0x9172FE9C), - BN_DEF(0x28342F61, 0xC03404CD), BN_DEF(0xCDF7E2EC, 0x9E02FCE1), - BN_DEF(0xEE0A6D70, 0x0B07A7C8), BN_DEF(0x6372BB19, 0xAE56EDE7), - BN_DEF(0xDE394DF4, 0x1D4F42A3), BN_DEF(0x60D7F468, 0xB96ADAB7), - BN_DEF(0xB2C8E3FB, 0xD108A94B), BN_DEF(0xB324FB61, 0xBC0AB182), - BN_DEF(0x483A797A, 0x30ACCA4F), BN_DEF(0x36ADE735, 0x1DF158A1), - BN_DEF(0xF3EFE872, 0xE2A689DA), BN_DEF(0xE0E68B77, 0x984F0C70), - BN_DEF(0x7F57C935, 0xB557135E), BN_DEF(0x3DED1AF3, 0x85636555), - BN_DEF(0x5F066ED0, 0x2433F51F), BN_DEF(0xD5FD6561, 0xD3DF1ED5), - BN_DEF(0xAEC4617A, 0xF681B202), BN_DEF(0x630C75D8, 0x7D2FE363), - BN_DEF(0x249B3EF9, 0xCC939DCE), BN_DEF(0x146433FB, 0xA9E13641), - BN_DEF(0xCE2D3695, 0xD8B9C583), BN_DEF(0x273D3CF1, 0xAFDC5620), - BN_DEF(0xA2BB4A9A, 0xADF85458), BN_DEF(0xFFFFFFFF, 0xFFFFFFFF) -}; -/* q = (p - 1) / 2 */ -static const BN_ULONG ffdhe8192_q[] = { - BN_DEF(0xFFFFFFFF, 0x7FFFFFFF), BN_DEF(0xE2E32126, 0x6B4645DB), - BN_DEF(0x41C7FC46, 0x008F154A), BN_DEF(0x54FA30A7, 0x84117283), - BN_DEF(0xFBD4221E, 0xCBE88EA4), BN_DEF(0x9833BF86, 0x535DFEF2), - BN_DEF(0x60FF437F, 0x17BA0F7C), BN_DEF(0x2EB8D43F, 0x7D7D5F0E), - BN_DEF(0xFDF2C518, 0x6F697DD5), BN_DEF(0x39585337, 0x5B42AEFF), - BN_DEF(0x5D4527F4, 0x8F7E4670), BN_DEF(0x1F97D22B, 0xC1FC0EA5), - BN_DEF(0xD2BBF118, 0x50FF183A), BN_DEF(0x446CE050, 0xEADC00CA), - BN_DEF(0xD6CD4AFC, 0xB1240B66), BN_DEF(0x286090BD, 0x4CF4F18B), - BN_DEF(0x07211E7E, 0x28D5348F), BN_DEF(0x1C137296, 0x0E10BF36), - BN_DEF(0x84B81FF7, 0x28D45498), BN_DEF(0xB523073A, 0x5DB84CC3), - BN_DEF(0x4E435811, 0xAA0FE346), BN_DEF(0x237EC128, 0x2C8B0660), - BN_DEF(0x1AE1AFAE, 0x1423605D), BN_DEF(0xC5BAC141, 0x2A282563), - BN_DEF(0xE95782F2, 0x149C441C), BN_DEF(0x600DEB81, 0xE596078E), - BN_DEF(0x3E499332, 0xAAAD97BA), BN_DEF(0x51D5C414, 0xC35B18A1), - BN_DEF(0xFB258877, 0x05C661DE), BN_DEF(0xF6E8E62F, 0xB43FF5B4), - BN_DEF(0x64A84EA1, 0x7ED91FE7), BN_DEF(0xECA8D732, 0x0F212D18), - BN_DEF(0x7B00641C, 0x1B568026), BN_DEF(0x67FA3555, 0x5207194E), - BN_DEF(0xBC9C6D6A, 0xD20EAB86), BN_DEF(0x6A18B0E0, 0xB1534A93), - BN_DEF(0x4D6D8F34, 0x1FEEA547), BN_DEF(0xEE35C06B, 0x2D9DB8FC), - BN_DEF(0x63139582, 0xF64E8C08), BN_DEF(0xE5677A01, 0xC66796EA), - BN_DEF(0xE4ADC88B, 0x724FA91A), BN_DEF(0xDC2A19C5, 0x282EE416), - BN_DEF(0x8AB15423, 0x31149618), BN_DEF(0x3573BFAF, 0x6B9581BA), - BN_DEF(0xA316A9C6, 0x7CE4848D), BN_DEF(0x23D33E5F, 0x05746DAC), - BN_DEF(0x91308B41, 0x59D39CE0), BN_DEF(0x95140DFB, 0x77556011), - BN_DEF(0x3BE57CC9, 0xCA63328F), BN_DEF(0xCA595DE0, 0x3B1F2725), - BN_DEF(0x003BECDA, 0xAC3F1C6D), BN_DEF(0x0C1811E1, 0x3FD94FC6), - BN_DEF(0xFCF1D137, 0x855F60FF), BN_DEF(0x1A8288F1, 0x50077849), - BN_DEF(0x6DB1A06C, 0x5C2A9917), BN_DEF(0xD4D4B488, 0xD29238FB), - BN_DEF(0xA67EDA3B, 0x9C40A3FD), BN_DEF(0x2723020F, 0xCD8FAE1F), - BN_DEF(0xFE67F638, 0x66D6832B), BN_DEF(0xA6380E1D, 0x59C74619), - BN_DEF(0x58E07EA6, 0x48BDEEB2), BN_DEF(0x4DBB1264, 0x1DDA2A19), - BN_DEF(0x657A9F53, 0x11DD2221), BN_DEF(0x1C29951D, 0x2733BE96), - BN_DEF(0x2281B63D, 0x05FEB25B), BN_DEF(0x2F06EC81, 0xE345003F), - BN_DEF(0xFA20C170, 0xA6DAD428), BN_DEF(0x3FC45235, 0xC764DAAD), - BN_DEF(0xE764BEE7, 0x054148E6), BN_DEF(0xFCC68566, 0x15276754), - BN_DEF(0xB8A0001E, 0x0D0EDC9E), BN_DEF(0x99E5C5BD, 0x0494CCD1), - BN_DEF(0xB8D6801C, 0x36E3BC7C), BN_DEF(0x48C09862, 0x5483B005), - BN_DEF(0x96CF3419, 0x76B50F00), BN_DEF(0x77DA18C5, 0x389AE443), - BN_DEF(0xBF18E63D, 0x43FAADD2), BN_DEF(0xAA81A002, 0x3BB1E78E), - BN_DEF(0x6B4FB68C, 0x563EAFA1), BN_DEF(0x72C42BDB, 0xBC9874F2), - BN_DEF(0x8B26FA7D, 0xB737A961), BN_DEF(0xB34F0F78, 0x12F20E95), - BN_DEF(0x1FEACEBE, 0x9E0D9077), BN_DEF(0xFD29EEF7, 0x055E6835), - BN_DEF(0x6AE22427, 0x0EDFCD21), BN_DEF(0xCD86F56D, 0xD5E290CB), - BN_DEF(0x911B1D06, 0x743695E2), BN_DEF(0xCE4EFB4F, 0xAE574155), - BN_DEF(0x38FAA5FF, 0xB279710F), BN_DEF(0x716BA6E9, 0x7A7EA229), - BN_DEF(0xDE21BCA2, 0x5A098649), BN_DEF(0xC289C938, 0x577F0984), - BN_DEF(0x60C36C8E, 0x2CC6587D), BN_DEF(0x48FBFBF7, 0xBD6C8E93), - BN_DEF(0xEB736483, 0x30DA37E4), BN_DEF(0x7CCE011C, 0xDE1A7A6F), - BN_DEF(0xB28C81AD, 0x6F1AAD9D), BN_DEF(0x308FE7EE, 0x4435A11C), - BN_DEF(0x60D977FD, 0x6379A513), BN_DEF(0xBE8B41D9, 0xE2C778C1), - BN_DEF(0x17611002, 0x9DDAFE5E), BN_DEF(0xA637D6B9, 0xE1FF1D8D), - BN_DEF(0x777940C1, 0xC7278919), BN_DEF(0x74C2C1FF, 0xC8B97F4E), - BN_DEF(0x941A17B0, 0x601A0266), BN_DEF(0xE6FBF176, 0x4F017E70), - BN_DEF(0x770536B8, 0x8583D3E4), BN_DEF(0xB1B95D8C, 0x572B76F3), - BN_DEF(0xEF1CA6FA, 0x0EA7A151), BN_DEF(0xB06BFA34, 0xDCB56D5B), - BN_DEF(0xD96471FD, 0xE88454A5), BN_DEF(0x59927DB0, 0x5E0558C1), - BN_DEF(0xA41D3CBD, 0x98566527), BN_DEF(0x9B56F39A, 0x0EF8AC50), - BN_DEF(0x79F7F439, 0xF15344ED), BN_DEF(0x707345BB, 0xCC278638), - BN_DEF(0x3FABE49A, 0xDAAB89AF), BN_DEF(0x9EF68D79, 0x42B1B2AA), - BN_DEF(0xAF833768, 0x9219FA8F), BN_DEF(0xEAFEB2B0, 0x69EF8F6A), - BN_DEF(0x576230BD, 0x7B40D901), BN_DEF(0xB1863AEC, 0xBE97F1B1), - BN_DEF(0x124D9F7C, 0xE649CEE7), BN_DEF(0x8A3219FD, 0xD4F09B20), - BN_DEF(0xE7169B4A, 0xEC5CE2C1), BN_DEF(0x139E9E78, 0x57EE2B10), - BN_DEF(0x515DA54D, 0xD6FC2A2C), BN_DEF(0xFFFFFFFF, 0x7FFFFFFF), -}; - -/* Macro to make a BIGNUM from static data */ - -# define make_dh_bn(x) \ - extern const BIGNUM ossl_bignum_##x; \ - const BIGNUM ossl_bignum_##x = { \ - (BN_ULONG *) x, \ - OSSL_NELEM(x), \ - OSSL_NELEM(x), \ - 0, BN_FLG_STATIC_DATA }; - -static const BN_ULONG value_2 = 2; - -const BIGNUM ossl_bignum_const_2 = { - (BN_ULONG *)&value_2, 1, 1, 0, BN_FLG_STATIC_DATA -}; - -make_dh_bn(dh1024_160_p) -make_dh_bn(dh1024_160_q) -make_dh_bn(dh1024_160_g) -make_dh_bn(dh2048_224_p) -make_dh_bn(dh2048_224_q) -make_dh_bn(dh2048_224_g) -make_dh_bn(dh2048_256_p) -make_dh_bn(dh2048_256_q) -make_dh_bn(dh2048_256_g) - -make_dh_bn(ffdhe2048_p) -make_dh_bn(ffdhe2048_q) -make_dh_bn(ffdhe3072_p) -make_dh_bn(ffdhe3072_q) -make_dh_bn(ffdhe4096_p) -make_dh_bn(ffdhe4096_q) -make_dh_bn(ffdhe6144_p) -make_dh_bn(ffdhe6144_q) -make_dh_bn(ffdhe8192_p) -make_dh_bn(ffdhe8192_q) - -# ifndef FIPS_MODULE -make_dh_bn(modp_1536_p) -make_dh_bn(modp_1536_q) -# endif -make_dh_bn(modp_2048_p) -make_dh_bn(modp_2048_q) -make_dh_bn(modp_3072_p) -make_dh_bn(modp_3072_q) -make_dh_bn(modp_4096_p) -make_dh_bn(modp_4096_q) -make_dh_bn(modp_6144_p) -make_dh_bn(modp_6144_q) -make_dh_bn(modp_8192_p) -make_dh_bn(modp_8192_q) diff --git a/crypto/bn/bn_div.c b/crypto/bn/bn_div.c deleted file mode 100644 index ff66baa48f226868b45e97b4b47194cde1e422ce..0000000000000000000000000000000000000000 --- a/crypto/bn/bn_div.c +++ /dev/null @@ -1,460 +0,0 @@ -/* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include "internal/cryptlib.h" -#include "bn_local.h" - -/* The old slow way */ -#if 0 -int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, - BN_CTX *ctx) -{ - int i, nm, nd; - int ret = 0; - BIGNUM *D; - - bn_check_top(m); - bn_check_top(d); - if (BN_is_zero(d)) { - ERR_raise(ERR_LIB_BN, BN_R_DIV_BY_ZERO); - return 0; - } - - if (BN_ucmp(m, d) < 0) { - if (rem != NULL) { - if (BN_copy(rem, m) == NULL) - return 0; - } - if (dv != NULL) - BN_zero(dv); - return 1; - } - - BN_CTX_start(ctx); - D = BN_CTX_get(ctx); - if (dv == NULL) - dv = BN_CTX_get(ctx); - if (rem == NULL) - rem = BN_CTX_get(ctx); - if (D == NULL || dv == NULL || rem == NULL) - goto end; - - nd = BN_num_bits(d); - nm = BN_num_bits(m); - if (BN_copy(D, d) == NULL) - goto end; - if (BN_copy(rem, m) == NULL) - goto end; - - /* - * The next 2 are needed so we can do a dv->d[0]|=1 later since - * BN_lshift1 will only work once there is a value :-) - */ - BN_zero(dv); - if (bn_wexpand(dv, 1) == NULL) - goto end; - dv->top = 1; - - if (!BN_lshift(D, D, nm - nd)) - goto end; - for (i = nm - nd; i >= 0; i--) { - if (!BN_lshift1(dv, dv)) - goto end; - if (BN_ucmp(rem, D) >= 0) { - dv->d[0] |= 1; - if (!BN_usub(rem, rem, D)) - goto end; - } -/* CAN IMPROVE (and have now :=) */ - if (!BN_rshift1(D, D)) - goto end; - } - rem->neg = BN_is_zero(rem) ? 0 : m->neg; - dv->neg = m->neg ^ d->neg; - ret = 1; - end: - BN_CTX_end(ctx); - return ret; -} - -#else - -# if defined(BN_DIV3W) -BN_ULONG bn_div_3_words(const BN_ULONG *m, BN_ULONG d1, BN_ULONG d0); -# elif 0 -/* - * This is #if-ed away, because it's a reference for assembly implementations, - * where it can and should be made constant-time. But if you want to test it, - * just replace 0 with 1. - */ -# if BN_BITS2 == 64 && defined(__SIZEOF_INT128__) && __SIZEOF_INT128__==16 -# undef BN_ULLONG -# define BN_ULLONG uint128_t -# define BN_LLONG -# endif - -# ifdef BN_LLONG -# define BN_DIV3W -/* - * Interface is somewhat quirky, |m| is pointer to most significant limb, - * and less significant limb is referred at |m[-1]|. This means that caller - * is responsible for ensuring that |m[-1]| is valid. Second condition that - * has to be met is that |d0|'s most significant bit has to be set. Or in - * other words divisor has to be "bit-aligned to the left." bn_div_fixed_top - * does all this. The subroutine considers four limbs, two of which are - * "overlapping," hence the name... - */ -static BN_ULONG bn_div_3_words(const BN_ULONG *m, BN_ULONG d1, BN_ULONG d0) -{ - BN_ULLONG R = ((BN_ULLONG)m[0] << BN_BITS2) | m[-1]; - BN_ULLONG D = ((BN_ULLONG)d0 << BN_BITS2) | d1; - BN_ULONG Q = 0, mask; - int i; - - for (i = 0; i < BN_BITS2; i++) { - Q <<= 1; - if (R >= D) { - Q |= 1; - R -= D; - } - D >>= 1; - } - - mask = 0 - (Q >> (BN_BITS2 - 1)); /* does it overflow? */ - - Q <<= 1; - Q |= (R >= D); - - return (Q | mask) & BN_MASK2; -} -# endif -# endif - -static int bn_left_align(BIGNUM *num) -{ - BN_ULONG *d = num->d, n, m, rmask; - int top = num->top; - int rshift = BN_num_bits_word(d[top - 1]), lshift, i; - - lshift = BN_BITS2 - rshift; - rshift %= BN_BITS2; /* say no to undefined behaviour */ - rmask = (BN_ULONG)0 - rshift; /* rmask = 0 - (rshift != 0) */ - rmask |= rmask >> 8; - - for (i = 0, m = 0; i < top; i++) { - n = d[i]; - d[i] = ((n << lshift) | m) & BN_MASK2; - m = (n >> rshift) & rmask; - } - - return lshift; -} - -# if !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) \ - && !defined(PEDANTIC) && !defined(BN_DIV3W) -# if defined(__GNUC__) && __GNUC__>=2 -# if defined(__i386) || defined (__i386__) - /*- - * There were two reasons for implementing this template: - * - GNU C generates a call to a function (__udivdi3 to be exact) - * in reply to ((((BN_ULLONG)n0)< */ -# endif /* __GNUC__ */ -# endif /* OPENSSL_NO_ASM */ - -/*- - * BN_div computes dv := num / divisor, rounding towards - * zero, and sets up rm such that dv*divisor + rm = num holds. - * Thus: - * dv->neg == num->neg ^ divisor->neg (unless the result is zero) - * rm->neg == num->neg (unless the remainder is zero) - * If 'dv' or 'rm' is NULL, the respective value is not returned. - */ -int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, - BN_CTX *ctx) -{ - int ret; - - if (BN_is_zero(divisor)) { - ERR_raise(ERR_LIB_BN, BN_R_DIV_BY_ZERO); - return 0; - } - - /* - * Invalid zero-padding would have particularly bad consequences so don't - * just rely on bn_check_top() here (bn_check_top() works only for - * BN_DEBUG builds) - */ - if (divisor->d[divisor->top - 1] == 0) { - ERR_raise(ERR_LIB_BN, BN_R_NOT_INITIALIZED); - return 0; - } - - ret = bn_div_fixed_top(dv, rm, num, divisor, ctx); - - if (ret) { - if (dv != NULL) - bn_correct_top(dv); - if (rm != NULL) - bn_correct_top(rm); - } - - return ret; -} - -/* - * It's argued that *length* of *significant* part of divisor is public. - * Even if it's private modulus that is. Again, *length* is assumed - * public, but not *value*. Former is likely to be pre-defined by - * algorithm with bit granularity, though below subroutine is invariant - * of limb length. Thanks to this assumption we can require that |divisor| - * may not be zero-padded, yet claim this subroutine "constant-time"(*). - * This is because zero-padded dividend, |num|, is tolerated, so that - * caller can pass dividend of public length(*), but with smaller amount - * of significant limbs. This naturally means that quotient, |dv|, would - * contain correspongly less significant limbs as well, and will be zero- - * padded accordingly. Returned remainder, |rm|, will have same bit length - * as divisor, also zero-padded if needed. These actually leave sign bits - * in ambiguous state. In sense that we try to avoid negative zeros, while - * zero-padded zeros would retain sign. - * - * (*) "Constant-time-ness" has two pre-conditions: - * - * - availability of constant-time bn_div_3_words; - * - dividend is at least as "wide" as divisor, limb-wise, zero-padded - * if so required, which shouldn't be a privacy problem, because - * divisor's length is considered public; - */ -int bn_div_fixed_top(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, - const BIGNUM *divisor, BN_CTX *ctx) -{ - int norm_shift, i, j, loop; - BIGNUM *tmp, *snum, *sdiv, *res; - BN_ULONG *resp, *wnum, *wnumtop; - BN_ULONG d0, d1; - int num_n, div_n, num_neg; - - assert(divisor->top > 0 && divisor->d[divisor->top - 1] != 0); - - bn_check_top(num); - bn_check_top(divisor); - bn_check_top(dv); - bn_check_top(rm); - - BN_CTX_start(ctx); - res = (dv == NULL) ? BN_CTX_get(ctx) : dv; - tmp = BN_CTX_get(ctx); - snum = BN_CTX_get(ctx); - sdiv = BN_CTX_get(ctx); - if (sdiv == NULL) - goto err; - - /* First we normalise the numbers */ - if (!BN_copy(sdiv, divisor)) - goto err; - norm_shift = bn_left_align(sdiv); - sdiv->neg = 0; - /* - * Note that bn_lshift_fixed_top's output is always one limb longer - * than input, even when norm_shift is zero. This means that amount of - * inner loop iterations is invariant of dividend value, and that one - * doesn't need to compare dividend and divisor if they were originally - * of the same bit length. - */ - if (!(bn_lshift_fixed_top(snum, num, norm_shift))) - goto err; - - div_n = sdiv->top; - num_n = snum->top; - - if (num_n <= div_n) { - /* caller didn't pad dividend -> no constant-time guarantee... */ - if (bn_wexpand(snum, div_n + 1) == NULL) - goto err; - memset(&(snum->d[num_n]), 0, (div_n - num_n + 1) * sizeof(BN_ULONG)); - snum->top = num_n = div_n + 1; - } - - loop = num_n - div_n; - /* - * Lets setup a 'window' into snum This is the part that corresponds to - * the current 'area' being divided - */ - wnum = &(snum->d[loop]); - wnumtop = &(snum->d[num_n - 1]); - - /* Get the top 2 words of sdiv */ - d0 = sdiv->d[div_n - 1]; - d1 = (div_n == 1) ? 0 : sdiv->d[div_n - 2]; - - /* Setup quotient */ - if (!bn_wexpand(res, loop)) - goto err; - num_neg = num->neg; - res->neg = (num_neg ^ divisor->neg); - res->top = loop; - res->flags |= BN_FLG_FIXED_TOP; - resp = &(res->d[loop]); - - /* space for temp */ - if (!bn_wexpand(tmp, (div_n + 1))) - goto err; - - for (i = 0; i < loop; i++, wnumtop--) { - BN_ULONG q, l0; - /* - * the first part of the loop uses the top two words of snum and sdiv - * to calculate a BN_ULONG q such that | wnum - sdiv * q | < sdiv - */ -# if defined(BN_DIV3W) - q = bn_div_3_words(wnumtop, d1, d0); -# else - BN_ULONG n0, n1, rem = 0; - - n0 = wnumtop[0]; - n1 = wnumtop[-1]; - if (n0 == d0) - q = BN_MASK2; - else { /* n0 < d0 */ - BN_ULONG n2 = (wnumtop == wnum) ? 0 : wnumtop[-2]; -# ifdef BN_LLONG - BN_ULLONG t2; - -# if defined(BN_LLONG) && defined(BN_DIV2W) && !defined(bn_div_words) - q = (BN_ULONG)(((((BN_ULLONG) n0) << BN_BITS2) | n1) / d0); -# else - q = bn_div_words(n0, n1, d0); -# endif - -# ifndef REMAINDER_IS_ALREADY_CALCULATED - /* - * rem doesn't have to be BN_ULLONG. The least we - * know it's less that d0, isn't it? - */ - rem = (n1 - q * d0) & BN_MASK2; -# endif - t2 = (BN_ULLONG) d1 *q; - - for (;;) { - if (t2 <= ((((BN_ULLONG) rem) << BN_BITS2) | n2)) - break; - q--; - rem += d0; - if (rem < d0) - break; /* don't let rem overflow */ - t2 -= d1; - } -# else /* !BN_LLONG */ - BN_ULONG t2l, t2h; - - q = bn_div_words(n0, n1, d0); -# ifndef REMAINDER_IS_ALREADY_CALCULATED - rem = (n1 - q * d0) & BN_MASK2; -# endif - -# if defined(BN_UMULT_LOHI) - BN_UMULT_LOHI(t2l, t2h, d1, q); -# elif defined(BN_UMULT_HIGH) - t2l = d1 * q; - t2h = BN_UMULT_HIGH(d1, q); -# else - { - BN_ULONG ql, qh; - t2l = LBITS(d1); - t2h = HBITS(d1); - ql = LBITS(q); - qh = HBITS(q); - mul64(t2l, t2h, ql, qh); /* t2=(BN_ULLONG)d1*q; */ - } -# endif - - for (;;) { - if ((t2h < rem) || ((t2h == rem) && (t2l <= n2))) - break; - q--; - rem += d0; - if (rem < d0) - break; /* don't let rem overflow */ - if (t2l < d1) - t2h--; - t2l -= d1; - } -# endif /* !BN_LLONG */ - } -# endif /* !BN_DIV3W */ - - l0 = bn_mul_words(tmp->d, sdiv->d, div_n, q); - tmp->d[div_n] = l0; - wnum--; - /* - * ignore top values of the bignums just sub the two BN_ULONG arrays - * with bn_sub_words - */ - l0 = bn_sub_words(wnum, wnum, tmp->d, div_n + 1); - q -= l0; - /* - * Note: As we have considered only the leading two BN_ULONGs in - * the calculation of q, sdiv * q might be greater than wnum (but - * then (q-1) * sdiv is less or equal than wnum) - */ - for (l0 = 0 - l0, j = 0; j < div_n; j++) - tmp->d[j] = sdiv->d[j] & l0; - l0 = bn_add_words(wnum, wnum, tmp->d, div_n); - (*wnumtop) += l0; - assert((*wnumtop) == 0); - - /* store part of the result */ - *--resp = q; - } - /* snum holds remainder, it's as wide as divisor */ - snum->neg = num_neg; - snum->top = div_n; - snum->flags |= BN_FLG_FIXED_TOP; - - if (rm != NULL && bn_rshift_fixed_top(rm, snum, norm_shift) == 0) - goto err; - - BN_CTX_end(ctx); - return 1; - err: - bn_check_top(rm); - BN_CTX_end(ctx); - return 0; -} -#endif diff --git a/crypto/bn/bn_err.c b/crypto/bn/bn_err.c deleted file mode 100644 index 953be9ed47172a000ede98ae71a2c591a72ec458..0000000000000000000000000000000000000000 --- a/crypto/bn/bn_err.c +++ /dev/null @@ -1,56 +0,0 @@ -/* - * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include "crypto/bnerr.h" - -#ifndef OPENSSL_NO_ERR - -static const ERR_STRING_DATA BN_str_reasons[] = { - {ERR_PACK(ERR_LIB_BN, 0, BN_R_ARG2_LT_ARG3), "arg2 lt arg3"}, - {ERR_PACK(ERR_LIB_BN, 0, BN_R_BAD_RECIPROCAL), "bad reciprocal"}, - {ERR_PACK(ERR_LIB_BN, 0, BN_R_BIGNUM_TOO_LONG), "bignum too long"}, - {ERR_PACK(ERR_LIB_BN, 0, BN_R_BITS_TOO_SMALL), "bits too small"}, - {ERR_PACK(ERR_LIB_BN, 0, BN_R_CALLED_WITH_EVEN_MODULUS), - "called with even modulus"}, - {ERR_PACK(ERR_LIB_BN, 0, BN_R_DIV_BY_ZERO), "div by zero"}, - {ERR_PACK(ERR_LIB_BN, 0, BN_R_ENCODING_ERROR), "encoding error"}, - {ERR_PACK(ERR_LIB_BN, 0, BN_R_EXPAND_ON_STATIC_BIGNUM_DATA), - "expand on static bignum data"}, - {ERR_PACK(ERR_LIB_BN, 0, BN_R_INPUT_NOT_REDUCED), "input not reduced"}, - {ERR_PACK(ERR_LIB_BN, 0, BN_R_INVALID_LENGTH), "invalid length"}, - {ERR_PACK(ERR_LIB_BN, 0, BN_R_INVALID_RANGE), "invalid range"}, - {ERR_PACK(ERR_LIB_BN, 0, BN_R_INVALID_SHIFT), "invalid shift"}, - {ERR_PACK(ERR_LIB_BN, 0, BN_R_NOT_A_SQUARE), "not a square"}, - {ERR_PACK(ERR_LIB_BN, 0, BN_R_NOT_INITIALIZED), "not initialized"}, - {ERR_PACK(ERR_LIB_BN, 0, BN_R_NO_INVERSE), "no inverse"}, - {ERR_PACK(ERR_LIB_BN, 0, BN_R_NO_PRIME_CANDIDATE), "no prime candidate"}, - {ERR_PACK(ERR_LIB_BN, 0, BN_R_NO_SOLUTION), "no solution"}, - {ERR_PACK(ERR_LIB_BN, 0, BN_R_NO_SUITABLE_DIGEST), "no suitable digest"}, - {ERR_PACK(ERR_LIB_BN, 0, BN_R_PRIVATE_KEY_TOO_LARGE), - "private key too large"}, - {ERR_PACK(ERR_LIB_BN, 0, BN_R_P_IS_NOT_PRIME), "p is not prime"}, - {ERR_PACK(ERR_LIB_BN, 0, BN_R_TOO_MANY_ITERATIONS), "too many iterations"}, - {ERR_PACK(ERR_LIB_BN, 0, BN_R_TOO_MANY_TEMPORARY_VARIABLES), - "too many temporary variables"}, - {0, NULL} -}; - -#endif - -int ossl_err_load_BN_strings(void) -{ -#ifndef OPENSSL_NO_ERR - if (ERR_reason_error_string(BN_str_reasons[0].error) == NULL) - ERR_load_strings_const(BN_str_reasons); -#endif - return 1; -} diff --git a/crypto/bn/bn_exp.c b/crypto/bn/bn_exp.c deleted file mode 100644 index 91d6b6b4bb5840078865b029d35346c8dd38ffae..0000000000000000000000000000000000000000 --- a/crypto/bn/bn_exp.c +++ /dev/null @@ -1,1482 +0,0 @@ -/* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include "internal/cryptlib.h" -#include "internal/constant_time.h" -#include "bn_local.h" - -#include -#ifdef _WIN32 -# include -# ifndef alloca -# define alloca _alloca -# endif -#elif defined(__GNUC__) -# ifndef alloca -# define alloca(s) __builtin_alloca((s)) -# endif -#elif defined(__sun) -# include -#endif - -#include "rsaz_exp.h" - -#undef SPARC_T4_MONT -#if defined(OPENSSL_BN_ASM_MONT) && (defined(__sparc__) || defined(__sparc)) -# include "crypto/sparc_arch.h" -# define SPARC_T4_MONT -#endif - -/* maximum precomputation table size for *variable* sliding windows */ -#define TABLE_SIZE 32 - -/* this one works - simple but works */ -int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) -{ - int i, bits, ret = 0; - BIGNUM *v, *rr; - - if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0 - || BN_get_flags(a, BN_FLG_CONSTTIME) != 0) { - /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */ - ERR_raise(ERR_LIB_BN, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return 0; - } - - BN_CTX_start(ctx); - rr = ((r == a) || (r == p)) ? BN_CTX_get(ctx) : r; - v = BN_CTX_get(ctx); - if (rr == NULL || v == NULL) - goto err; - - if (BN_copy(v, a) == NULL) - goto err; - bits = BN_num_bits(p); - - if (BN_is_odd(p)) { - if (BN_copy(rr, a) == NULL) - goto err; - } else { - if (!BN_one(rr)) - goto err; - } - - for (i = 1; i < bits; i++) { - if (!BN_sqr(v, v, ctx)) - goto err; - if (BN_is_bit_set(p, i)) { - if (!BN_mul(rr, rr, v, ctx)) - goto err; - } - } - if (r != rr && BN_copy(r, rr) == NULL) - goto err; - - ret = 1; - err: - BN_CTX_end(ctx); - bn_check_top(r); - return ret; -} - -int BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, - BN_CTX *ctx) -{ - int ret; - - bn_check_top(a); - bn_check_top(p); - bn_check_top(m); - - /*- - * For even modulus m = 2^k*m_odd, it might make sense to compute - * a^p mod m_odd and a^p mod 2^k separately (with Montgomery - * exponentiation for the odd part), using appropriate exponent - * reductions, and combine the results using the CRT. - * - * For now, we use Montgomery only if the modulus is odd; otherwise, - * exponentiation using the reciprocal-based quick remaindering - * algorithm is used. - * - * (Timing obtained with expspeed.c [computations a^p mod m - * where a, p, m are of the same length: 256, 512, 1024, 2048, - * 4096, 8192 bits], compared to the running time of the - * standard algorithm: - * - * BN_mod_exp_mont 33 .. 40 % [AMD K6-2, Linux, debug configuration] - * 55 .. 77 % [UltraSparc processor, but - * debug-solaris-sparcv8-gcc conf.] - * - * BN_mod_exp_recp 50 .. 70 % [AMD K6-2, Linux, debug configuration] - * 62 .. 118 % [UltraSparc, debug-solaris-sparcv8-gcc] - * - * On the Sparc, BN_mod_exp_recp was faster than BN_mod_exp_mont - * at 2048 and more bits, but at 512 and 1024 bits, it was - * slower even than the standard algorithm! - * - * "Real" timings [linux-elf, solaris-sparcv9-gcc configurations] - * should be obtained when the new Montgomery reduction code - * has been integrated into OpenSSL.) - */ - -#define MONT_MUL_MOD -#define MONT_EXP_WORD -#define RECP_MUL_MOD - -#ifdef MONT_MUL_MOD - if (BN_is_odd(m)) { -# ifdef MONT_EXP_WORD - if (a->top == 1 && !a->neg - && (BN_get_flags(p, BN_FLG_CONSTTIME) == 0) - && (BN_get_flags(a, BN_FLG_CONSTTIME) == 0) - && (BN_get_flags(m, BN_FLG_CONSTTIME) == 0)) { - BN_ULONG A = a->d[0]; - ret = BN_mod_exp_mont_word(r, A, p, m, ctx, NULL); - } else -# endif - ret = BN_mod_exp_mont(r, a, p, m, ctx, NULL); - } else -#endif -#ifdef RECP_MUL_MOD - { - ret = BN_mod_exp_recp(r, a, p, m, ctx); - } -#else - { - ret = BN_mod_exp_simple(r, a, p, m, ctx); - } -#endif - - bn_check_top(r); - return ret; -} - -int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx) -{ - int i, j, bits, ret = 0, wstart, wend, window, wvalue; - int start = 1; - BIGNUM *aa; - /* Table of variables obtained from 'ctx' */ - BIGNUM *val[TABLE_SIZE]; - BN_RECP_CTX recp; - - if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0 - || BN_get_flags(a, BN_FLG_CONSTTIME) != 0 - || BN_get_flags(m, BN_FLG_CONSTTIME) != 0) { - /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */ - ERR_raise(ERR_LIB_BN, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return 0; - } - - bits = BN_num_bits(p); - if (bits == 0) { - /* x**0 mod 1, or x**0 mod -1 is still zero. */ - if (BN_abs_is_word(m, 1)) { - ret = 1; - BN_zero(r); - } else { - ret = BN_one(r); - } - return ret; - } - - BN_RECP_CTX_init(&recp); - - BN_CTX_start(ctx); - aa = BN_CTX_get(ctx); - val[0] = BN_CTX_get(ctx); - if (val[0] == NULL) - goto err; - - if (m->neg) { - /* ignore sign of 'm' */ - if (!BN_copy(aa, m)) - goto err; - aa->neg = 0; - if (BN_RECP_CTX_set(&recp, aa, ctx) <= 0) - goto err; - } else { - if (BN_RECP_CTX_set(&recp, m, ctx) <= 0) - goto err; - } - - if (!BN_nnmod(val[0], a, m, ctx)) - goto err; /* 1 */ - if (BN_is_zero(val[0])) { - BN_zero(r); - ret = 1; - goto err; - } - - window = BN_window_bits_for_exponent_size(bits); - if (window > 1) { - if (!BN_mod_mul_reciprocal(aa, val[0], val[0], &recp, ctx)) - goto err; /* 2 */ - j = 1 << (window - 1); - for (i = 1; i < j; i++) { - if (((val[i] = BN_CTX_get(ctx)) == NULL) || - !BN_mod_mul_reciprocal(val[i], val[i - 1], aa, &recp, ctx)) - goto err; - } - } - - start = 1; /* This is used to avoid multiplication etc - * when there is only the value '1' in the - * buffer. */ - wvalue = 0; /* The 'value' of the window */ - wstart = bits - 1; /* The top bit of the window */ - wend = 0; /* The bottom bit of the window */ - - if (!BN_one(r)) - goto err; - - for (;;) { - if (BN_is_bit_set(p, wstart) == 0) { - if (!start) - if (!BN_mod_mul_reciprocal(r, r, r, &recp, ctx)) - goto err; - if (wstart == 0) - break; - wstart--; - continue; - } - /* - * We now have wstart on a 'set' bit, we now need to work out how bit - * a window to do. To do this we need to scan forward until the last - * set bit before the end of the window - */ - wvalue = 1; - wend = 0; - for (i = 1; i < window; i++) { - if (wstart - i < 0) - break; - if (BN_is_bit_set(p, wstart - i)) { - wvalue <<= (i - wend); - wvalue |= 1; - wend = i; - } - } - - /* wend is the size of the current window */ - j = wend + 1; - /* add the 'bytes above' */ - if (!start) - for (i = 0; i < j; i++) { - if (!BN_mod_mul_reciprocal(r, r, r, &recp, ctx)) - goto err; - } - - /* wvalue will be an odd number < 2^window */ - if (!BN_mod_mul_reciprocal(r, r, val[wvalue >> 1], &recp, ctx)) - goto err; - - /* move the 'window' down further */ - wstart -= wend + 1; - wvalue = 0; - start = 0; - if (wstart < 0) - break; - } - ret = 1; - err: - BN_CTX_end(ctx); - BN_RECP_CTX_free(&recp); - bn_check_top(r); - return ret; -} - -int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont) -{ - int i, j, bits, ret = 0, wstart, wend, window, wvalue; - int start = 1; - BIGNUM *d, *r; - const BIGNUM *aa; - /* Table of variables obtained from 'ctx' */ - BIGNUM *val[TABLE_SIZE]; - BN_MONT_CTX *mont = NULL; - - if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0 - || BN_get_flags(a, BN_FLG_CONSTTIME) != 0 - || BN_get_flags(m, BN_FLG_CONSTTIME) != 0) { - return BN_mod_exp_mont_consttime(rr, a, p, m, ctx, in_mont); - } - - bn_check_top(a); - bn_check_top(p); - bn_check_top(m); - - if (!BN_is_odd(m)) { - ERR_raise(ERR_LIB_BN, BN_R_CALLED_WITH_EVEN_MODULUS); - return 0; - } - bits = BN_num_bits(p); - if (bits == 0) { - /* x**0 mod 1, or x**0 mod -1 is still zero. */ - if (BN_abs_is_word(m, 1)) { - ret = 1; - BN_zero(rr); - } else { - ret = BN_one(rr); - } - return ret; - } - - BN_CTX_start(ctx); - d = BN_CTX_get(ctx); - r = BN_CTX_get(ctx); - val[0] = BN_CTX_get(ctx); - if (val[0] == NULL) - goto err; - - /* - * If this is not done, things will break in the montgomery part - */ - - if (in_mont != NULL) - mont = in_mont; - else { - if ((mont = BN_MONT_CTX_new()) == NULL) - goto err; - if (!BN_MONT_CTX_set(mont, m, ctx)) - goto err; - } - - if (a->neg || BN_ucmp(a, m) >= 0) { - if (!BN_nnmod(val[0], a, m, ctx)) - goto err; - aa = val[0]; - } else - aa = a; - if (!bn_to_mont_fixed_top(val[0], aa, mont, ctx)) - goto err; /* 1 */ - - window = BN_window_bits_for_exponent_size(bits); - if (window > 1) { - if (!bn_mul_mont_fixed_top(d, val[0], val[0], mont, ctx)) - goto err; /* 2 */ - j = 1 << (window - 1); - for (i = 1; i < j; i++) { - if (((val[i] = BN_CTX_get(ctx)) == NULL) || - !bn_mul_mont_fixed_top(val[i], val[i - 1], d, mont, ctx)) - goto err; - } - } - - start = 1; /* This is used to avoid multiplication etc - * when there is only the value '1' in the - * buffer. */ - wvalue = 0; /* The 'value' of the window */ - wstart = bits - 1; /* The top bit of the window */ - wend = 0; /* The bottom bit of the window */ - -#if 1 /* by Shay Gueron's suggestion */ - j = m->top; /* borrow j */ - if (m->d[j - 1] & (((BN_ULONG)1) << (BN_BITS2 - 1))) { - if (bn_wexpand(r, j) == NULL) - goto err; - /* 2^(top*BN_BITS2) - m */ - r->d[0] = (0 - m->d[0]) & BN_MASK2; - for (i = 1; i < j; i++) - r->d[i] = (~m->d[i]) & BN_MASK2; - r->top = j; - r->flags |= BN_FLG_FIXED_TOP; - } else -#endif - if (!bn_to_mont_fixed_top(r, BN_value_one(), mont, ctx)) - goto err; - for (;;) { - if (BN_is_bit_set(p, wstart) == 0) { - if (!start) { - if (!bn_mul_mont_fixed_top(r, r, r, mont, ctx)) - goto err; - } - if (wstart == 0) - break; - wstart--; - continue; - } - /* - * We now have wstart on a 'set' bit, we now need to work out how bit - * a window to do. To do this we need to scan forward until the last - * set bit before the end of the window - */ - wvalue = 1; - wend = 0; - for (i = 1; i < window; i++) { - if (wstart - i < 0) - break; - if (BN_is_bit_set(p, wstart - i)) { - wvalue <<= (i - wend); - wvalue |= 1; - wend = i; - } - } - - /* wend is the size of the current window */ - j = wend + 1; - /* add the 'bytes above' */ - if (!start) - for (i = 0; i < j; i++) { - if (!bn_mul_mont_fixed_top(r, r, r, mont, ctx)) - goto err; - } - - /* wvalue will be an odd number < 2^window */ - if (!bn_mul_mont_fixed_top(r, r, val[wvalue >> 1], mont, ctx)) - goto err; - - /* move the 'window' down further */ - wstart -= wend + 1; - wvalue = 0; - start = 0; - if (wstart < 0) - break; - } - /* - * Done with zero-padded intermediate BIGNUMs. Final BN_from_montgomery - * removes padding [if any] and makes return value suitable for public - * API consumer. - */ -#if defined(SPARC_T4_MONT) - if (OPENSSL_sparcv9cap_P[0] & (SPARCV9_VIS3 | SPARCV9_PREFER_FPU)) { - j = mont->N.top; /* borrow j */ - val[0]->d[0] = 1; /* borrow val[0] */ - for (i = 1; i < j; i++) - val[0]->d[i] = 0; - val[0]->top = j; - if (!BN_mod_mul_montgomery(rr, r, val[0], mont, ctx)) - goto err; - } else -#endif - if (!BN_from_montgomery(rr, r, mont, ctx)) - goto err; - ret = 1; - err: - if (in_mont == NULL) - BN_MONT_CTX_free(mont); - BN_CTX_end(ctx); - bn_check_top(rr); - return ret; -} - -static BN_ULONG bn_get_bits(const BIGNUM *a, int bitpos) -{ - BN_ULONG ret = 0; - int wordpos; - - wordpos = bitpos / BN_BITS2; - bitpos %= BN_BITS2; - if (wordpos >= 0 && wordpos < a->top) { - ret = a->d[wordpos] & BN_MASK2; - if (bitpos) { - ret >>= bitpos; - if (++wordpos < a->top) - ret |= a->d[wordpos] << (BN_BITS2 - bitpos); - } - } - - return ret & BN_MASK2; -} - -/* - * BN_mod_exp_mont_consttime() stores the precomputed powers in a specific - * layout so that accessing any of these table values shows the same access - * pattern as far as cache lines are concerned. The following functions are - * used to transfer a BIGNUM from/to that table. - */ - -static int MOD_EXP_CTIME_COPY_TO_PREBUF(const BIGNUM *b, int top, - unsigned char *buf, int idx, - int window) -{ - int i, j; - int width = 1 << window; - BN_ULONG *table = (BN_ULONG *)buf; - - if (top > b->top) - top = b->top; /* this works because 'buf' is explicitly - * zeroed */ - for (i = 0, j = idx; i < top; i++, j += width) { - table[j] = b->d[i]; - } - - return 1; -} - -static int MOD_EXP_CTIME_COPY_FROM_PREBUF(BIGNUM *b, int top, - unsigned char *buf, int idx, - int window) -{ - int i, j; - int width = 1 << window; - /* - * We declare table 'volatile' in order to discourage compiler - * from reordering loads from the table. Concern is that if - * reordered in specific manner loads might give away the - * information we are trying to conceal. Some would argue that - * compiler can reorder them anyway, but it can as well be - * argued that doing so would be violation of standard... - */ - volatile BN_ULONG *table = (volatile BN_ULONG *)buf; - - if (bn_wexpand(b, top) == NULL) - return 0; - - if (window <= 3) { - for (i = 0; i < top; i++, table += width) { - BN_ULONG acc = 0; - - for (j = 0; j < width; j++) { - acc |= table[j] & - ((BN_ULONG)0 - (constant_time_eq_int(j,idx)&1)); - } - - b->d[i] = acc; - } - } else { - int xstride = 1 << (window - 2); - BN_ULONG y0, y1, y2, y3; - - i = idx >> (window - 2); /* equivalent of idx / xstride */ - idx &= xstride - 1; /* equivalent of idx % xstride */ - - y0 = (BN_ULONG)0 - (constant_time_eq_int(i,0)&1); - y1 = (BN_ULONG)0 - (constant_time_eq_int(i,1)&1); - y2 = (BN_ULONG)0 - (constant_time_eq_int(i,2)&1); - y3 = (BN_ULONG)0 - (constant_time_eq_int(i,3)&1); - - for (i = 0; i < top; i++, table += width) { - BN_ULONG acc = 0; - - for (j = 0; j < xstride; j++) { - acc |= ( (table[j + 0 * xstride] & y0) | - (table[j + 1 * xstride] & y1) | - (table[j + 2 * xstride] & y2) | - (table[j + 3 * xstride] & y3) ) - & ((BN_ULONG)0 - (constant_time_eq_int(j,idx)&1)); - } - - b->d[i] = acc; - } - } - - b->top = top; - b->flags |= BN_FLG_FIXED_TOP; - return 1; -} - -/* - * Given a pointer value, compute the next address that is a cache line - * multiple. - */ -#define MOD_EXP_CTIME_ALIGN(x_) \ - ((unsigned char*)(x_) + (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - (((size_t)(x_)) & (MOD_EXP_CTIME_MIN_CACHE_LINE_MASK)))) - -/* - * This variant of BN_mod_exp_mont() uses fixed windows and the special - * precomputation memory layout to limit data-dependency to a minimum to - * protect secret exponents (cf. the hyper-threading timing attacks pointed - * out by Colin Percival, - * http://www.daemonology.net/hyperthreading-considered-harmful/) - */ -int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, - BN_MONT_CTX *in_mont) -{ - int i, bits, ret = 0, window, wvalue, wmask, window0; - int top; - BN_MONT_CTX *mont = NULL; - - int numPowers; - unsigned char *powerbufFree = NULL; - int powerbufLen = 0; - unsigned char *powerbuf = NULL; - BIGNUM tmp, am; -#if defined(SPARC_T4_MONT) - unsigned int t4 = 0; -#endif - - bn_check_top(a); - bn_check_top(p); - bn_check_top(m); - - if (!BN_is_odd(m)) { - ERR_raise(ERR_LIB_BN, BN_R_CALLED_WITH_EVEN_MODULUS); - return 0; - } - - top = m->top; - - /* - * Use all bits stored in |p|, rather than |BN_num_bits|, so we do not leak - * whether the top bits are zero. - */ - bits = p->top * BN_BITS2; - if (bits == 0) { - /* x**0 mod 1, or x**0 mod -1 is still zero. */ - if (BN_abs_is_word(m, 1)) { - ret = 1; - BN_zero(rr); - } else { - ret = BN_one(rr); - } - return ret; - } - - BN_CTX_start(ctx); - - /* - * Allocate a montgomery context if it was not supplied by the caller. If - * this is not done, things will break in the montgomery part. - */ - if (in_mont != NULL) - mont = in_mont; - else { - if ((mont = BN_MONT_CTX_new()) == NULL) - goto err; - if (!BN_MONT_CTX_set(mont, m, ctx)) - goto err; - } - - if (a->neg || BN_ucmp(a, m) >= 0) { - BIGNUM *reduced = BN_CTX_get(ctx); - if (reduced == NULL - || !BN_nnmod(reduced, a, m, ctx)) { - goto err; - } - a = reduced; - } - -#ifdef RSAZ_ENABLED - /* - * If the size of the operands allow it, perform the optimized - * RSAZ exponentiation. For further information see - * crypto/bn/rsaz_exp.c and accompanying assembly modules. - */ - if ((16 == a->top) && (16 == p->top) && (BN_num_bits(m) == 1024) - && rsaz_avx2_eligible()) { - if (NULL == bn_wexpand(rr, 16)) - goto err; - RSAZ_1024_mod_exp_avx2(rr->d, a->d, p->d, m->d, mont->RR.d, - mont->n0[0]); - rr->top = 16; - rr->neg = 0; - bn_correct_top(rr); - ret = 1; - goto err; - } else if ((8 == a->top) && (8 == p->top) && (BN_num_bits(m) == 512)) { - if (NULL == bn_wexpand(rr, 8)) - goto err; - RSAZ_512_mod_exp(rr->d, a->d, p->d, m->d, mont->n0[0], mont->RR.d); - rr->top = 8; - rr->neg = 0; - bn_correct_top(rr); - ret = 1; - goto err; - } -#endif - - /* Get the window size to use with size of p. */ - window = BN_window_bits_for_ctime_exponent_size(bits); -#if defined(SPARC_T4_MONT) - if (window >= 5 && (top & 15) == 0 && top <= 64 && - (OPENSSL_sparcv9cap_P[1] & (CFR_MONTMUL | CFR_MONTSQR)) == - (CFR_MONTMUL | CFR_MONTSQR) && (t4 = OPENSSL_sparcv9cap_P[0])) - window = 5; - else -#endif -#if defined(OPENSSL_BN_ASM_MONT5) - if (window >= 5) { - window = 5; /* ~5% improvement for RSA2048 sign, and even - * for RSA4096 */ - /* reserve space for mont->N.d[] copy */ - powerbufLen += top * sizeof(mont->N.d[0]); - } -#endif - (void)0; - - /* - * Allocate a buffer large enough to hold all of the pre-computed powers - * of am, am itself and tmp. - */ - numPowers = 1 << window; - powerbufLen += sizeof(m->d[0]) * (top * numPowers + - ((2 * top) > - numPowers ? (2 * top) : numPowers)); -#ifdef alloca - if (powerbufLen < 3072) - powerbufFree = - alloca(powerbufLen + MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH); - else -#endif - if ((powerbufFree = - OPENSSL_malloc(powerbufLen + MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH)) - == NULL) - goto err; - - powerbuf = MOD_EXP_CTIME_ALIGN(powerbufFree); - memset(powerbuf, 0, powerbufLen); - -#ifdef alloca - if (powerbufLen < 3072) - powerbufFree = NULL; -#endif - - /* lay down tmp and am right after powers table */ - tmp.d = (BN_ULONG *)(powerbuf + sizeof(m->d[0]) * top * numPowers); - am.d = tmp.d + top; - tmp.top = am.top = 0; - tmp.dmax = am.dmax = top; - tmp.neg = am.neg = 0; - tmp.flags = am.flags = BN_FLG_STATIC_DATA; - - /* prepare a^0 in Montgomery domain */ -#if 1 /* by Shay Gueron's suggestion */ - if (m->d[top - 1] & (((BN_ULONG)1) << (BN_BITS2 - 1))) { - /* 2^(top*BN_BITS2) - m */ - tmp.d[0] = (0 - m->d[0]) & BN_MASK2; - for (i = 1; i < top; i++) - tmp.d[i] = (~m->d[i]) & BN_MASK2; - tmp.top = top; - } else -#endif - if (!bn_to_mont_fixed_top(&tmp, BN_value_one(), mont, ctx)) - goto err; - - /* prepare a^1 in Montgomery domain */ - if (!bn_to_mont_fixed_top(&am, a, mont, ctx)) - goto err; - -#if defined(SPARC_T4_MONT) - if (t4) { - typedef int (*bn_pwr5_mont_f) (BN_ULONG *tp, const BN_ULONG *np, - const BN_ULONG *n0, const void *table, - int power, int bits); - int bn_pwr5_mont_t4_8(BN_ULONG *tp, const BN_ULONG *np, - const BN_ULONG *n0, const void *table, - int power, int bits); - int bn_pwr5_mont_t4_16(BN_ULONG *tp, const BN_ULONG *np, - const BN_ULONG *n0, const void *table, - int power, int bits); - int bn_pwr5_mont_t4_24(BN_ULONG *tp, const BN_ULONG *np, - const BN_ULONG *n0, const void *table, - int power, int bits); - int bn_pwr5_mont_t4_32(BN_ULONG *tp, const BN_ULONG *np, - const BN_ULONG *n0, const void *table, - int power, int bits); - static const bn_pwr5_mont_f pwr5_funcs[4] = { - bn_pwr5_mont_t4_8, bn_pwr5_mont_t4_16, - bn_pwr5_mont_t4_24, bn_pwr5_mont_t4_32 - }; - bn_pwr5_mont_f pwr5_worker = pwr5_funcs[top / 16 - 1]; - - typedef int (*bn_mul_mont_f) (BN_ULONG *rp, const BN_ULONG *ap, - const void *bp, const BN_ULONG *np, - const BN_ULONG *n0); - int bn_mul_mont_t4_8(BN_ULONG *rp, const BN_ULONG *ap, const void *bp, - const BN_ULONG *np, const BN_ULONG *n0); - int bn_mul_mont_t4_16(BN_ULONG *rp, const BN_ULONG *ap, - const void *bp, const BN_ULONG *np, - const BN_ULONG *n0); - int bn_mul_mont_t4_24(BN_ULONG *rp, const BN_ULONG *ap, - const void *bp, const BN_ULONG *np, - const BN_ULONG *n0); - int bn_mul_mont_t4_32(BN_ULONG *rp, const BN_ULONG *ap, - const void *bp, const BN_ULONG *np, - const BN_ULONG *n0); - static const bn_mul_mont_f mul_funcs[4] = { - bn_mul_mont_t4_8, bn_mul_mont_t4_16, - bn_mul_mont_t4_24, bn_mul_mont_t4_32 - }; - bn_mul_mont_f mul_worker = mul_funcs[top / 16 - 1]; - - void bn_mul_mont_vis3(BN_ULONG *rp, const BN_ULONG *ap, - const void *bp, const BN_ULONG *np, - const BN_ULONG *n0, int num); - void bn_mul_mont_t4(BN_ULONG *rp, const BN_ULONG *ap, - const void *bp, const BN_ULONG *np, - const BN_ULONG *n0, int num); - void bn_mul_mont_gather5_t4(BN_ULONG *rp, const BN_ULONG *ap, - const void *table, const BN_ULONG *np, - const BN_ULONG *n0, int num, int power); - void bn_flip_n_scatter5_t4(const BN_ULONG *inp, size_t num, - void *table, size_t power); - void bn_gather5_t4(BN_ULONG *out, size_t num, - void *table, size_t power); - void bn_flip_t4(BN_ULONG *dst, BN_ULONG *src, size_t num); - - BN_ULONG *np = mont->N.d, *n0 = mont->n0; - int stride = 5 * (6 - (top / 16 - 1)); /* multiple of 5, but less - * than 32 */ - - /* - * BN_to_montgomery can contaminate words above .top [in - * BN_DEBUG build... - */ - for (i = am.top; i < top; i++) - am.d[i] = 0; - for (i = tmp.top; i < top; i++) - tmp.d[i] = 0; - - bn_flip_n_scatter5_t4(tmp.d, top, powerbuf, 0); - bn_flip_n_scatter5_t4(am.d, top, powerbuf, 1); - if (!(*mul_worker) (tmp.d, am.d, am.d, np, n0) && - !(*mul_worker) (tmp.d, am.d, am.d, np, n0)) - bn_mul_mont_vis3(tmp.d, am.d, am.d, np, n0, top); - bn_flip_n_scatter5_t4(tmp.d, top, powerbuf, 2); - - for (i = 3; i < 32; i++) { - /* Calculate a^i = a^(i-1) * a */ - if (!(*mul_worker) (tmp.d, tmp.d, am.d, np, n0) && - !(*mul_worker) (tmp.d, tmp.d, am.d, np, n0)) - bn_mul_mont_vis3(tmp.d, tmp.d, am.d, np, n0, top); - bn_flip_n_scatter5_t4(tmp.d, top, powerbuf, i); - } - - /* switch to 64-bit domain */ - np = alloca(top * sizeof(BN_ULONG)); - top /= 2; - bn_flip_t4(np, mont->N.d, top); - - /* - * The exponent may not have a whole number of fixed-size windows. - * To simplify the main loop, the initial window has between 1 and - * full-window-size bits such that what remains is always a whole - * number of windows - */ - window0 = (bits - 1) % 5 + 1; - wmask = (1 << window0) - 1; - bits -= window0; - wvalue = bn_get_bits(p, bits) & wmask; - bn_gather5_t4(tmp.d, top, powerbuf, wvalue); - - /* - * Scan the exponent one window at a time starting from the most - * significant bits. - */ - while (bits > 0) { - if (bits < stride) - stride = bits; - bits -= stride; - wvalue = bn_get_bits(p, bits); - - if ((*pwr5_worker) (tmp.d, np, n0, powerbuf, wvalue, stride)) - continue; - /* retry once and fall back */ - if ((*pwr5_worker) (tmp.d, np, n0, powerbuf, wvalue, stride)) - continue; - - bits += stride - 5; - wvalue >>= stride - 5; - wvalue &= 31; - bn_mul_mont_t4(tmp.d, tmp.d, tmp.d, np, n0, top); - bn_mul_mont_t4(tmp.d, tmp.d, tmp.d, np, n0, top); - bn_mul_mont_t4(tmp.d, tmp.d, tmp.d, np, n0, top); - bn_mul_mont_t4(tmp.d, tmp.d, tmp.d, np, n0, top); - bn_mul_mont_t4(tmp.d, tmp.d, tmp.d, np, n0, top); - bn_mul_mont_gather5_t4(tmp.d, tmp.d, powerbuf, np, n0, top, - wvalue); - } - - bn_flip_t4(tmp.d, tmp.d, top); - top *= 2; - /* back to 32-bit domain */ - tmp.top = top; - bn_correct_top(&tmp); - OPENSSL_cleanse(np, top * sizeof(BN_ULONG)); - } else -#endif -#if defined(OPENSSL_BN_ASM_MONT5) - if (window == 5 && top > 1) { - /* - * This optimization uses ideas from https://eprint.iacr.org/2011/239, - * specifically optimization of cache-timing attack countermeasures, - * pre-computation optimization, and Almost Montgomery Multiplication. - * - * The paper discusses a 4-bit window to optimize 512-bit modular - * exponentiation, used in RSA-1024 with CRT, but RSA-1024 is no longer - * important. - * - * |bn_mul_mont_gather5| and |bn_power5| implement the "almost" - * reduction variant, so the values here may not be fully reduced. - * They are bounded by R (i.e. they fit in |top| words), not |m|. - * Additionally, we pass these "almost" reduced inputs into - * |bn_mul_mont|, which implements the normal reduction variant. - * Given those inputs, |bn_mul_mont| may not give reduced - * output, but it will still produce "almost" reduced output. - */ - void bn_mul_mont_gather5(BN_ULONG *rp, const BN_ULONG *ap, - const void *table, const BN_ULONG *np, - const BN_ULONG *n0, int num, int power); - void bn_scatter5(const BN_ULONG *inp, size_t num, - void *table, size_t power); - void bn_gather5(BN_ULONG *out, size_t num, void *table, size_t power); - void bn_power5(BN_ULONG *rp, const BN_ULONG *ap, - const void *table, const BN_ULONG *np, - const BN_ULONG *n0, int num, int power); - int bn_get_bits5(const BN_ULONG *ap, int off); - - BN_ULONG *n0 = mont->n0, *np; - - /* - * BN_to_montgomery can contaminate words above .top [in - * BN_DEBUG build... - */ - for (i = am.top; i < top; i++) - am.d[i] = 0; - for (i = tmp.top; i < top; i++) - tmp.d[i] = 0; - - /* - * copy mont->N.d[] to improve cache locality - */ - for (np = am.d + top, i = 0; i < top; i++) - np[i] = mont->N.d[i]; - - bn_scatter5(tmp.d, top, powerbuf, 0); - bn_scatter5(am.d, am.top, powerbuf, 1); - bn_mul_mont(tmp.d, am.d, am.d, np, n0, top); - bn_scatter5(tmp.d, top, powerbuf, 2); - -# if 0 - for (i = 3; i < 32; i++) { - /* Calculate a^i = a^(i-1) * a */ - bn_mul_mont_gather5(tmp.d, am.d, powerbuf, np, n0, top, i - 1); - bn_scatter5(tmp.d, top, powerbuf, i); - } -# else - /* same as above, but uses squaring for 1/2 of operations */ - for (i = 4; i < 32; i *= 2) { - bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top); - bn_scatter5(tmp.d, top, powerbuf, i); - } - for (i = 3; i < 8; i += 2) { - int j; - bn_mul_mont_gather5(tmp.d, am.d, powerbuf, np, n0, top, i - 1); - bn_scatter5(tmp.d, top, powerbuf, i); - for (j = 2 * i; j < 32; j *= 2) { - bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top); - bn_scatter5(tmp.d, top, powerbuf, j); - } - } - for (; i < 16; i += 2) { - bn_mul_mont_gather5(tmp.d, am.d, powerbuf, np, n0, top, i - 1); - bn_scatter5(tmp.d, top, powerbuf, i); - bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top); - bn_scatter5(tmp.d, top, powerbuf, 2 * i); - } - for (; i < 32; i += 2) { - bn_mul_mont_gather5(tmp.d, am.d, powerbuf, np, n0, top, i - 1); - bn_scatter5(tmp.d, top, powerbuf, i); - } -# endif - /* - * The exponent may not have a whole number of fixed-size windows. - * To simplify the main loop, the initial window has between 1 and - * full-window-size bits such that what remains is always a whole - * number of windows - */ - window0 = (bits - 1) % 5 + 1; - wmask = (1 << window0) - 1; - bits -= window0; - wvalue = bn_get_bits(p, bits) & wmask; - bn_gather5(tmp.d, top, powerbuf, wvalue); - - /* - * Scan the exponent one window at a time starting from the most - * significant bits. - */ - if (top & 7) { - while (bits > 0) { - bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top); - bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top); - bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top); - bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top); - bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top); - bn_mul_mont_gather5(tmp.d, tmp.d, powerbuf, np, n0, top, - bn_get_bits5(p->d, bits -= 5)); - } - } else { - while (bits > 0) { - bn_power5(tmp.d, tmp.d, powerbuf, np, n0, top, - bn_get_bits5(p->d, bits -= 5)); - } - } - - tmp.top = top; - /* - * The result is now in |tmp| in Montgomery form, but it may not be - * fully reduced. This is within bounds for |BN_from_montgomery| - * (tmp < R <= m*R) so it will, when converting from Montgomery form, - * produce a fully reduced result. - * - * This differs from Figure 2 of the paper, which uses AMM(h, 1) to - * convert from Montgomery form with unreduced output, followed by an - * extra reduction step. In the paper's terminology, we replace - * steps 9 and 10 with MM(h, 1). - */ - } else -#endif - { - if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&tmp, top, powerbuf, 0, window)) - goto err; - if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&am, top, powerbuf, 1, window)) - goto err; - - /* - * If the window size is greater than 1, then calculate - * val[i=2..2^winsize-1]. Powers are computed as a*a^(i-1) (even - * powers could instead be computed as (a^(i/2))^2 to use the slight - * performance advantage of sqr over mul). - */ - if (window > 1) { - if (!bn_mul_mont_fixed_top(&tmp, &am, &am, mont, ctx)) - goto err; - if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&tmp, top, powerbuf, 2, - window)) - goto err; - for (i = 3; i < numPowers; i++) { - /* Calculate a^i = a^(i-1) * a */ - if (!bn_mul_mont_fixed_top(&tmp, &am, &tmp, mont, ctx)) - goto err; - if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&tmp, top, powerbuf, i, - window)) - goto err; - } - } - - /* - * The exponent may not have a whole number of fixed-size windows. - * To simplify the main loop, the initial window has between 1 and - * full-window-size bits such that what remains is always a whole - * number of windows - */ - window0 = (bits - 1) % window + 1; - wmask = (1 << window0) - 1; - bits -= window0; - wvalue = bn_get_bits(p, bits) & wmask; - if (!MOD_EXP_CTIME_COPY_FROM_PREBUF(&tmp, top, powerbuf, wvalue, - window)) - goto err; - - wmask = (1 << window) - 1; - /* - * Scan the exponent one window at a time starting from the most - * significant bits. - */ - while (bits > 0) { - - /* Square the result window-size times */ - for (i = 0; i < window; i++) - if (!bn_mul_mont_fixed_top(&tmp, &tmp, &tmp, mont, ctx)) - goto err; - - /* - * Get a window's worth of bits from the exponent - * This avoids calling BN_is_bit_set for each bit, which - * is not only slower but also makes each bit vulnerable to - * EM (and likely other) side-channel attacks like One&Done - * (for details see "One&Done: A Single-Decryption EM-Based - * Attack on OpenSSL's Constant-Time Blinded RSA" by M. Alam, - * H. Khan, M. Dey, N. Sinha, R. Callan, A. Zajic, and - * M. Prvulovic, in USENIX Security'18) - */ - bits -= window; - wvalue = bn_get_bits(p, bits) & wmask; - /* - * Fetch the appropriate pre-computed value from the pre-buf - */ - if (!MOD_EXP_CTIME_COPY_FROM_PREBUF(&am, top, powerbuf, wvalue, - window)) - goto err; - - /* Multiply the result into the intermediate result */ - if (!bn_mul_mont_fixed_top(&tmp, &tmp, &am, mont, ctx)) - goto err; - } - } - - /* - * Done with zero-padded intermediate BIGNUMs. Final BN_from_montgomery - * removes padding [if any] and makes return value suitable for public - * API consumer. - */ -#if defined(SPARC_T4_MONT) - if (OPENSSL_sparcv9cap_P[0] & (SPARCV9_VIS3 | SPARCV9_PREFER_FPU)) { - am.d[0] = 1; /* borrow am */ - for (i = 1; i < top; i++) - am.d[i] = 0; - if (!BN_mod_mul_montgomery(rr, &tmp, &am, mont, ctx)) - goto err; - } else -#endif - if (!BN_from_montgomery(rr, &tmp, mont, ctx)) - goto err; - ret = 1; - err: - if (in_mont == NULL) - BN_MONT_CTX_free(mont); - if (powerbuf != NULL) { - OPENSSL_cleanse(powerbuf, powerbufLen); - OPENSSL_free(powerbufFree); - } - BN_CTX_end(ctx); - return ret; -} - -int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont) -{ - BN_MONT_CTX *mont = NULL; - int b, bits, ret = 0; - int r_is_one; - BN_ULONG w, next_w; - BIGNUM *r, *t; - BIGNUM *swap_tmp; -#define BN_MOD_MUL_WORD(r, w, m) \ - (BN_mul_word(r, (w)) && \ - (/* BN_ucmp(r, (m)) < 0 ? 1 :*/ \ - (BN_mod(t, r, m, ctx) && (swap_tmp = r, r = t, t = swap_tmp, 1)))) - /* - * BN_MOD_MUL_WORD is only used with 'w' large, so the BN_ucmp test is - * probably more overhead than always using BN_mod (which uses BN_copy if - * a similar test returns true). - */ - /* - * We can use BN_mod and do not need BN_nnmod because our accumulator is - * never negative (the result of BN_mod does not depend on the sign of - * the modulus). - */ -#define BN_TO_MONTGOMERY_WORD(r, w, mont) \ - (BN_set_word(r, (w)) && BN_to_montgomery(r, r, (mont), ctx)) - - if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0 - || BN_get_flags(m, BN_FLG_CONSTTIME) != 0) { - /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */ - ERR_raise(ERR_LIB_BN, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return 0; - } - - bn_check_top(p); - bn_check_top(m); - - if (!BN_is_odd(m)) { - ERR_raise(ERR_LIB_BN, BN_R_CALLED_WITH_EVEN_MODULUS); - return 0; - } - if (m->top == 1) - a %= m->d[0]; /* make sure that 'a' is reduced */ - - bits = BN_num_bits(p); - if (bits == 0) { - /* x**0 mod 1, or x**0 mod -1 is still zero. */ - if (BN_abs_is_word(m, 1)) { - ret = 1; - BN_zero(rr); - } else { - ret = BN_one(rr); - } - return ret; - } - if (a == 0) { - BN_zero(rr); - ret = 1; - return ret; - } - - BN_CTX_start(ctx); - r = BN_CTX_get(ctx); - t = BN_CTX_get(ctx); - if (t == NULL) - goto err; - - if (in_mont != NULL) - mont = in_mont; - else { - if ((mont = BN_MONT_CTX_new()) == NULL) - goto err; - if (!BN_MONT_CTX_set(mont, m, ctx)) - goto err; - } - - r_is_one = 1; /* except for Montgomery factor */ - - /* bits-1 >= 0 */ - - /* The result is accumulated in the product r*w. */ - w = a; /* bit 'bits-1' of 'p' is always set */ - for (b = bits - 2; b >= 0; b--) { - /* First, square r*w. */ - next_w = w * w; - if ((next_w / w) != w) { /* overflow */ - if (r_is_one) { - if (!BN_TO_MONTGOMERY_WORD(r, w, mont)) - goto err; - r_is_one = 0; - } else { - if (!BN_MOD_MUL_WORD(r, w, m)) - goto err; - } - next_w = 1; - } - w = next_w; - if (!r_is_one) { - if (!BN_mod_mul_montgomery(r, r, r, mont, ctx)) - goto err; - } - - /* Second, multiply r*w by 'a' if exponent bit is set. */ - if (BN_is_bit_set(p, b)) { - next_w = w * a; - if ((next_w / a) != w) { /* overflow */ - if (r_is_one) { - if (!BN_TO_MONTGOMERY_WORD(r, w, mont)) - goto err; - r_is_one = 0; - } else { - if (!BN_MOD_MUL_WORD(r, w, m)) - goto err; - } - next_w = a; - } - w = next_w; - } - } - - /* Finally, set r:=r*w. */ - if (w != 1) { - if (r_is_one) { - if (!BN_TO_MONTGOMERY_WORD(r, w, mont)) - goto err; - r_is_one = 0; - } else { - if (!BN_MOD_MUL_WORD(r, w, m)) - goto err; - } - } - - if (r_is_one) { /* can happen only if a == 1 */ - if (!BN_one(rr)) - goto err; - } else { - if (!BN_from_montgomery(rr, r, mont, ctx)) - goto err; - } - ret = 1; - err: - if (in_mont == NULL) - BN_MONT_CTX_free(mont); - BN_CTX_end(ctx); - bn_check_top(rr); - return ret; -} - -/* The old fallback, simple version :-) */ -int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx) -{ - int i, j, bits, ret = 0, wstart, wend, window, wvalue; - int start = 1; - BIGNUM *d; - /* Table of variables obtained from 'ctx' */ - BIGNUM *val[TABLE_SIZE]; - - if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0 - || BN_get_flags(a, BN_FLG_CONSTTIME) != 0 - || BN_get_flags(m, BN_FLG_CONSTTIME) != 0) { - /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */ - ERR_raise(ERR_LIB_BN, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return 0; - } - - bits = BN_num_bits(p); - if (bits == 0) { - /* x**0 mod 1, or x**0 mod -1 is still zero. */ - if (BN_abs_is_word(m, 1)) { - ret = 1; - BN_zero(r); - } else { - ret = BN_one(r); - } - return ret; - } - - BN_CTX_start(ctx); - d = BN_CTX_get(ctx); - val[0] = BN_CTX_get(ctx); - if (val[0] == NULL) - goto err; - - if (!BN_nnmod(val[0], a, m, ctx)) - goto err; /* 1 */ - if (BN_is_zero(val[0])) { - BN_zero(r); - ret = 1; - goto err; - } - - window = BN_window_bits_for_exponent_size(bits); - if (window > 1) { - if (!BN_mod_mul(d, val[0], val[0], m, ctx)) - goto err; /* 2 */ - j = 1 << (window - 1); - for (i = 1; i < j; i++) { - if (((val[i] = BN_CTX_get(ctx)) == NULL) || - !BN_mod_mul(val[i], val[i - 1], d, m, ctx)) - goto err; - } - } - - start = 1; /* This is used to avoid multiplication etc - * when there is only the value '1' in the - * buffer. */ - wvalue = 0; /* The 'value' of the window */ - wstart = bits - 1; /* The top bit of the window */ - wend = 0; /* The bottom bit of the window */ - - if (!BN_one(r)) - goto err; - - for (;;) { - if (BN_is_bit_set(p, wstart) == 0) { - if (!start) - if (!BN_mod_mul(r, r, r, m, ctx)) - goto err; - if (wstart == 0) - break; - wstart--; - continue; - } - /* - * We now have wstart on a 'set' bit, we now need to work out how bit - * a window to do. To do this we need to scan forward until the last - * set bit before the end of the window - */ - wvalue = 1; - wend = 0; - for (i = 1; i < window; i++) { - if (wstart - i < 0) - break; - if (BN_is_bit_set(p, wstart - i)) { - wvalue <<= (i - wend); - wvalue |= 1; - wend = i; - } - } - - /* wend is the size of the current window */ - j = wend + 1; - /* add the 'bytes above' */ - if (!start) - for (i = 0; i < j; i++) { - if (!BN_mod_mul(r, r, r, m, ctx)) - goto err; - } - - /* wvalue will be an odd number < 2^window */ - if (!BN_mod_mul(r, r, val[wvalue >> 1], m, ctx)) - goto err; - - /* move the 'window' down further */ - wstart -= wend + 1; - wvalue = 0; - start = 0; - if (wstart < 0) - break; - } - ret = 1; - err: - BN_CTX_end(ctx); - bn_check_top(r); - return ret; -} - -/* - * This is a variant of modular exponentiation optimization that does - * parallel 2-primes exponentiation using 256-bit (AVX512VL) AVX512_IFMA ISA - * in 52-bit binary redundant representation. - * If such instructions are not available, or input data size is not supported, - * it falls back to two BN_mod_exp_mont_consttime() calls. - */ -int BN_mod_exp_mont_consttime_x2(BIGNUM *rr1, const BIGNUM *a1, const BIGNUM *p1, - const BIGNUM *m1, BN_MONT_CTX *in_mont1, - BIGNUM *rr2, const BIGNUM *a2, const BIGNUM *p2, - const BIGNUM *m2, BN_MONT_CTX *in_mont2, - BN_CTX *ctx) -{ - int ret = 0; - -#ifdef RSAZ_ENABLED - BN_MONT_CTX *mont1 = NULL; - BN_MONT_CTX *mont2 = NULL; - - if (ossl_rsaz_avx512ifma_eligible() && - ((a1->top == 16) && (p1->top == 16) && (BN_num_bits(m1) == 1024) && - (a2->top == 16) && (p2->top == 16) && (BN_num_bits(m2) == 1024))) { - - if (bn_wexpand(rr1, 16) == NULL) - goto err; - if (bn_wexpand(rr2, 16) == NULL) - goto err; - - /* Ensure that montgomery contexts are initialized */ - if (in_mont1 != NULL) { - mont1 = in_mont1; - } else { - if ((mont1 = BN_MONT_CTX_new()) == NULL) - goto err; - if (!BN_MONT_CTX_set(mont1, m1, ctx)) - goto err; - } - if (in_mont2 != NULL) { - mont2 = in_mont2; - } else { - if ((mont2 = BN_MONT_CTX_new()) == NULL) - goto err; - if (!BN_MONT_CTX_set(mont2, m2, ctx)) - goto err; - } - - ret = ossl_rsaz_mod_exp_avx512_x2(rr1->d, a1->d, p1->d, m1->d, - mont1->RR.d, mont1->n0[0], - rr2->d, a2->d, p2->d, m2->d, - mont2->RR.d, mont2->n0[0], - 1024 /* factor bit size */); - - rr1->top = 16; - rr1->neg = 0; - bn_correct_top(rr1); - bn_check_top(rr1); - - rr2->top = 16; - rr2->neg = 0; - bn_correct_top(rr2); - bn_check_top(rr2); - - goto err; - } -#endif - - /* rr1 = a1^p1 mod m1 */ - ret = BN_mod_exp_mont_consttime(rr1, a1, p1, m1, ctx, in_mont1); - /* rr2 = a2^p2 mod m2 */ - ret &= BN_mod_exp_mont_consttime(rr2, a2, p2, m2, ctx, in_mont2); - -#ifdef RSAZ_ENABLED -err: - if (in_mont2 == NULL) - BN_MONT_CTX_free(mont2); - if (in_mont1 == NULL) - BN_MONT_CTX_free(mont1); -#endif - - return ret; -} diff --git a/crypto/bn/bn_exp2.c b/crypto/bn/bn_exp2.c deleted file mode 100644 index f5e29fd14de300f0c5a2579c3859ddcf46cdceca..0000000000000000000000000000000000000000 --- a/crypto/bn/bn_exp2.c +++ /dev/null @@ -1,201 +0,0 @@ -/* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/cryptlib.h" -#include "bn_local.h" - -#define TABLE_SIZE 32 - -int BN_mod_exp2_mont(BIGNUM *rr, const BIGNUM *a1, const BIGNUM *p1, - const BIGNUM *a2, const BIGNUM *p2, const BIGNUM *m, - BN_CTX *ctx, BN_MONT_CTX *in_mont) -{ - int i, j, bits, b, bits1, bits2, ret = - 0, wpos1, wpos2, window1, window2, wvalue1, wvalue2; - int r_is_one = 1; - BIGNUM *d, *r; - const BIGNUM *a_mod_m; - /* Tables of variables obtained from 'ctx' */ - BIGNUM *val1[TABLE_SIZE], *val2[TABLE_SIZE]; - BN_MONT_CTX *mont = NULL; - - bn_check_top(a1); - bn_check_top(p1); - bn_check_top(a2); - bn_check_top(p2); - bn_check_top(m); - - if (!BN_is_odd(m)) { - ERR_raise(ERR_LIB_BN, BN_R_CALLED_WITH_EVEN_MODULUS); - return 0; - } - bits1 = BN_num_bits(p1); - bits2 = BN_num_bits(p2); - if ((bits1 == 0) && (bits2 == 0)) { - ret = BN_one(rr); - return ret; - } - - bits = (bits1 > bits2) ? bits1 : bits2; - - BN_CTX_start(ctx); - d = BN_CTX_get(ctx); - r = BN_CTX_get(ctx); - val1[0] = BN_CTX_get(ctx); - val2[0] = BN_CTX_get(ctx); - if (val2[0] == NULL) - goto err; - - if (in_mont != NULL) - mont = in_mont; - else { - if ((mont = BN_MONT_CTX_new()) == NULL) - goto err; - if (!BN_MONT_CTX_set(mont, m, ctx)) - goto err; - } - - window1 = BN_window_bits_for_exponent_size(bits1); - window2 = BN_window_bits_for_exponent_size(bits2); - - /* - * Build table for a1: val1[i] := a1^(2*i + 1) mod m for i = 0 .. 2^(window1-1) - */ - if (a1->neg || BN_ucmp(a1, m) >= 0) { - if (!BN_mod(val1[0], a1, m, ctx)) - goto err; - a_mod_m = val1[0]; - } else - a_mod_m = a1; - if (BN_is_zero(a_mod_m)) { - BN_zero(rr); - ret = 1; - goto err; - } - - if (!BN_to_montgomery(val1[0], a_mod_m, mont, ctx)) - goto err; - if (window1 > 1) { - if (!BN_mod_mul_montgomery(d, val1[0], val1[0], mont, ctx)) - goto err; - - j = 1 << (window1 - 1); - for (i = 1; i < j; i++) { - if (((val1[i] = BN_CTX_get(ctx)) == NULL) || - !BN_mod_mul_montgomery(val1[i], val1[i - 1], d, mont, ctx)) - goto err; - } - } - - /* - * Build table for a2: val2[i] := a2^(2*i + 1) mod m for i = 0 .. 2^(window2-1) - */ - if (a2->neg || BN_ucmp(a2, m) >= 0) { - if (!BN_mod(val2[0], a2, m, ctx)) - goto err; - a_mod_m = val2[0]; - } else - a_mod_m = a2; - if (BN_is_zero(a_mod_m)) { - BN_zero(rr); - ret = 1; - goto err; - } - if (!BN_to_montgomery(val2[0], a_mod_m, mont, ctx)) - goto err; - if (window2 > 1) { - if (!BN_mod_mul_montgomery(d, val2[0], val2[0], mont, ctx)) - goto err; - - j = 1 << (window2 - 1); - for (i = 1; i < j; i++) { - if (((val2[i] = BN_CTX_get(ctx)) == NULL) || - !BN_mod_mul_montgomery(val2[i], val2[i - 1], d, mont, ctx)) - goto err; - } - } - - /* Now compute the power product, using independent windows. */ - r_is_one = 1; - wvalue1 = 0; /* The 'value' of the first window */ - wvalue2 = 0; /* The 'value' of the second window */ - wpos1 = 0; /* If wvalue1 > 0, the bottom bit of the - * first window */ - wpos2 = 0; /* If wvalue2 > 0, the bottom bit of the - * second window */ - - if (!BN_to_montgomery(r, BN_value_one(), mont, ctx)) - goto err; - for (b = bits - 1; b >= 0; b--) { - if (!r_is_one) { - if (!BN_mod_mul_montgomery(r, r, r, mont, ctx)) - goto err; - } - - if (!wvalue1) - if (BN_is_bit_set(p1, b)) { - /* - * consider bits b-window1+1 .. b for this window - */ - i = b - window1 + 1; - while (!BN_is_bit_set(p1, i)) /* works for i<0 */ - i++; - wpos1 = i; - wvalue1 = 1; - for (i = b - 1; i >= wpos1; i--) { - wvalue1 <<= 1; - if (BN_is_bit_set(p1, i)) - wvalue1++; - } - } - - if (!wvalue2) - if (BN_is_bit_set(p2, b)) { - /* - * consider bits b-window2+1 .. b for this window - */ - i = b - window2 + 1; - while (!BN_is_bit_set(p2, i)) - i++; - wpos2 = i; - wvalue2 = 1; - for (i = b - 1; i >= wpos2; i--) { - wvalue2 <<= 1; - if (BN_is_bit_set(p2, i)) - wvalue2++; - } - } - - if (wvalue1 && b == wpos1) { - /* wvalue1 is odd and < 2^window1 */ - if (!BN_mod_mul_montgomery(r, r, val1[wvalue1 >> 1], mont, ctx)) - goto err; - wvalue1 = 0; - r_is_one = 0; - } - - if (wvalue2 && b == wpos2) { - /* wvalue2 is odd and < 2^window2 */ - if (!BN_mod_mul_montgomery(r, r, val2[wvalue2 >> 1], mont, ctx)) - goto err; - wvalue2 = 0; - r_is_one = 0; - } - } - if (!BN_from_montgomery(rr, r, mont, ctx)) - goto err; - ret = 1; - err: - if (in_mont == NULL) - BN_MONT_CTX_free(mont); - BN_CTX_end(ctx); - bn_check_top(rr); - return ret; -} diff --git a/crypto/bn/bn_gcd.c b/crypto/bn/bn_gcd.c deleted file mode 100644 index 59d024f674ebd50e9f10c68525711a7006048767..0000000000000000000000000000000000000000 --- a/crypto/bn/bn_gcd.c +++ /dev/null @@ -1,647 +0,0 @@ -/* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include "internal/cryptlib.h" -#include "bn_local.h" - -/* - * bn_mod_inverse_no_branch is a special version of BN_mod_inverse. It does - * not contain branches that may leak sensitive information. - * - * This is a static function, we ensure all callers in this file pass valid - * arguments: all passed pointers here are non-NULL. - */ -static ossl_inline -BIGNUM *bn_mod_inverse_no_branch(BIGNUM *in, - const BIGNUM *a, const BIGNUM *n, - BN_CTX *ctx, int *pnoinv) -{ - BIGNUM *A, *B, *X, *Y, *M, *D, *T, *R = NULL; - BIGNUM *ret = NULL; - int sign; - - bn_check_top(a); - bn_check_top(n); - - BN_CTX_start(ctx); - A = BN_CTX_get(ctx); - B = BN_CTX_get(ctx); - X = BN_CTX_get(ctx); - D = BN_CTX_get(ctx); - M = BN_CTX_get(ctx); - Y = BN_CTX_get(ctx); - T = BN_CTX_get(ctx); - if (T == NULL) - goto err; - - if (in == NULL) - R = BN_new(); - else - R = in; - if (R == NULL) - goto err; - - if (!BN_one(X)) - goto err; - BN_zero(Y); - if (BN_copy(B, a) == NULL) - goto err; - if (BN_copy(A, n) == NULL) - goto err; - A->neg = 0; - - if (B->neg || (BN_ucmp(B, A) >= 0)) { - /* - * Turn BN_FLG_CONSTTIME flag on, so that when BN_div is invoked, - * BN_div_no_branch will be called eventually. - */ - { - BIGNUM local_B; - bn_init(&local_B); - BN_with_flags(&local_B, B, BN_FLG_CONSTTIME); - if (!BN_nnmod(B, &local_B, A, ctx)) - goto err; - /* Ensure local_B goes out of scope before any further use of B */ - } - } - sign = -1; - /*- - * From B = a mod |n|, A = |n| it follows that - * - * 0 <= B < A, - * -sign*X*a == B (mod |n|), - * sign*Y*a == A (mod |n|). - */ - - while (!BN_is_zero(B)) { - BIGNUM *tmp; - - /*- - * 0 < B < A, - * (*) -sign*X*a == B (mod |n|), - * sign*Y*a == A (mod |n|) - */ - - /* - * Turn BN_FLG_CONSTTIME flag on, so that when BN_div is invoked, - * BN_div_no_branch will be called eventually. - */ - { - BIGNUM local_A; - bn_init(&local_A); - BN_with_flags(&local_A, A, BN_FLG_CONSTTIME); - - /* (D, M) := (A/B, A%B) ... */ - if (!BN_div(D, M, &local_A, B, ctx)) - goto err; - /* Ensure local_A goes out of scope before any further use of A */ - } - - /*- - * Now - * A = D*B + M; - * thus we have - * (**) sign*Y*a == D*B + M (mod |n|). - */ - - tmp = A; /* keep the BIGNUM object, the value does not - * matter */ - - /* (A, B) := (B, A mod B) ... */ - A = B; - B = M; - /* ... so we have 0 <= B < A again */ - - /*- - * Since the former M is now B and the former B is now A, - * (**) translates into - * sign*Y*a == D*A + B (mod |n|), - * i.e. - * sign*Y*a - D*A == B (mod |n|). - * Similarly, (*) translates into - * -sign*X*a == A (mod |n|). - * - * Thus, - * sign*Y*a + D*sign*X*a == B (mod |n|), - * i.e. - * sign*(Y + D*X)*a == B (mod |n|). - * - * So if we set (X, Y, sign) := (Y + D*X, X, -sign), we arrive back at - * -sign*X*a == B (mod |n|), - * sign*Y*a == A (mod |n|). - * Note that X and Y stay non-negative all the time. - */ - - if (!BN_mul(tmp, D, X, ctx)) - goto err; - if (!BN_add(tmp, tmp, Y)) - goto err; - - M = Y; /* keep the BIGNUM object, the value does not - * matter */ - Y = X; - X = tmp; - sign = -sign; - } - - /*- - * The while loop (Euclid's algorithm) ends when - * A == gcd(a,n); - * we have - * sign*Y*a == A (mod |n|), - * where Y is non-negative. - */ - - if (sign < 0) { - if (!BN_sub(Y, n, Y)) - goto err; - } - /* Now Y*a == A (mod |n|). */ - - if (BN_is_one(A)) { - /* Y*a == 1 (mod |n|) */ - if (!Y->neg && BN_ucmp(Y, n) < 0) { - if (!BN_copy(R, Y)) - goto err; - } else { - if (!BN_nnmod(R, Y, n, ctx)) - goto err; - } - } else { - *pnoinv = 1; - /* caller sets the BN_R_NO_INVERSE error */ - goto err; - } - - ret = R; - *pnoinv = 0; - - err: - if ((ret == NULL) && (in == NULL)) - BN_free(R); - BN_CTX_end(ctx); - bn_check_top(ret); - return ret; -} - -/* - * This is an internal function, we assume all callers pass valid arguments: - * all pointers passed here are assumed non-NULL. - */ -BIGNUM *int_bn_mod_inverse(BIGNUM *in, - const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx, - int *pnoinv) -{ - BIGNUM *A, *B, *X, *Y, *M, *D, *T, *R = NULL; - BIGNUM *ret = NULL; - int sign; - - /* This is invalid input so we don't worry about constant time here */ - if (BN_abs_is_word(n, 1) || BN_is_zero(n)) { - *pnoinv = 1; - return NULL; - } - - *pnoinv = 0; - - if ((BN_get_flags(a, BN_FLG_CONSTTIME) != 0) - || (BN_get_flags(n, BN_FLG_CONSTTIME) != 0)) { - return bn_mod_inverse_no_branch(in, a, n, ctx, pnoinv); - } - - bn_check_top(a); - bn_check_top(n); - - BN_CTX_start(ctx); - A = BN_CTX_get(ctx); - B = BN_CTX_get(ctx); - X = BN_CTX_get(ctx); - D = BN_CTX_get(ctx); - M = BN_CTX_get(ctx); - Y = BN_CTX_get(ctx); - T = BN_CTX_get(ctx); - if (T == NULL) - goto err; - - if (in == NULL) - R = BN_new(); - else - R = in; - if (R == NULL) - goto err; - - if (!BN_one(X)) - goto err; - BN_zero(Y); - if (BN_copy(B, a) == NULL) - goto err; - if (BN_copy(A, n) == NULL) - goto err; - A->neg = 0; - if (B->neg || (BN_ucmp(B, A) >= 0)) { - if (!BN_nnmod(B, B, A, ctx)) - goto err; - } - sign = -1; - /*- - * From B = a mod |n|, A = |n| it follows that - * - * 0 <= B < A, - * -sign*X*a == B (mod |n|), - * sign*Y*a == A (mod |n|). - */ - - if (BN_is_odd(n) && (BN_num_bits(n) <= 2048)) { - /* - * Binary inversion algorithm; requires odd modulus. This is faster - * than the general algorithm if the modulus is sufficiently small - * (about 400 .. 500 bits on 32-bit systems, but much more on 64-bit - * systems) - */ - int shift; - - while (!BN_is_zero(B)) { - /*- - * 0 < B < |n|, - * 0 < A <= |n|, - * (1) -sign*X*a == B (mod |n|), - * (2) sign*Y*a == A (mod |n|) - */ - - /* - * Now divide B by the maximum possible power of two in the - * integers, and divide X by the same value mod |n|. When we're - * done, (1) still holds. - */ - shift = 0; - while (!BN_is_bit_set(B, shift)) { /* note that 0 < B */ - shift++; - - if (BN_is_odd(X)) { - if (!BN_uadd(X, X, n)) - goto err; - } - /* - * now X is even, so we can easily divide it by two - */ - if (!BN_rshift1(X, X)) - goto err; - } - if (shift > 0) { - if (!BN_rshift(B, B, shift)) - goto err; - } - - /* - * Same for A and Y. Afterwards, (2) still holds. - */ - shift = 0; - while (!BN_is_bit_set(A, shift)) { /* note that 0 < A */ - shift++; - - if (BN_is_odd(Y)) { - if (!BN_uadd(Y, Y, n)) - goto err; - } - /* now Y is even */ - if (!BN_rshift1(Y, Y)) - goto err; - } - if (shift > 0) { - if (!BN_rshift(A, A, shift)) - goto err; - } - - /*- - * We still have (1) and (2). - * Both A and B are odd. - * The following computations ensure that - * - * 0 <= B < |n|, - * 0 < A < |n|, - * (1) -sign*X*a == B (mod |n|), - * (2) sign*Y*a == A (mod |n|), - * - * and that either A or B is even in the next iteration. - */ - if (BN_ucmp(B, A) >= 0) { - /* -sign*(X + Y)*a == B - A (mod |n|) */ - if (!BN_uadd(X, X, Y)) - goto err; - /* - * NB: we could use BN_mod_add_quick(X, X, Y, n), but that - * actually makes the algorithm slower - */ - if (!BN_usub(B, B, A)) - goto err; - } else { - /* sign*(X + Y)*a == A - B (mod |n|) */ - if (!BN_uadd(Y, Y, X)) - goto err; - /* - * as above, BN_mod_add_quick(Y, Y, X, n) would slow things down - */ - if (!BN_usub(A, A, B)) - goto err; - } - } - } else { - /* general inversion algorithm */ - - while (!BN_is_zero(B)) { - BIGNUM *tmp; - - /*- - * 0 < B < A, - * (*) -sign*X*a == B (mod |n|), - * sign*Y*a == A (mod |n|) - */ - - /* (D, M) := (A/B, A%B) ... */ - if (BN_num_bits(A) == BN_num_bits(B)) { - if (!BN_one(D)) - goto err; - if (!BN_sub(M, A, B)) - goto err; - } else if (BN_num_bits(A) == BN_num_bits(B) + 1) { - /* A/B is 1, 2, or 3 */ - if (!BN_lshift1(T, B)) - goto err; - if (BN_ucmp(A, T) < 0) { - /* A < 2*B, so D=1 */ - if (!BN_one(D)) - goto err; - if (!BN_sub(M, A, B)) - goto err; - } else { - /* A >= 2*B, so D=2 or D=3 */ - if (!BN_sub(M, A, T)) - goto err; - if (!BN_add(D, T, B)) - goto err; /* use D (:= 3*B) as temp */ - if (BN_ucmp(A, D) < 0) { - /* A < 3*B, so D=2 */ - if (!BN_set_word(D, 2)) - goto err; - /* - * M (= A - 2*B) already has the correct value - */ - } else { - /* only D=3 remains */ - if (!BN_set_word(D, 3)) - goto err; - /* - * currently M = A - 2*B, but we need M = A - 3*B - */ - if (!BN_sub(M, M, B)) - goto err; - } - } - } else { - if (!BN_div(D, M, A, B, ctx)) - goto err; - } - - /*- - * Now - * A = D*B + M; - * thus we have - * (**) sign*Y*a == D*B + M (mod |n|). - */ - - tmp = A; /* keep the BIGNUM object, the value does not matter */ - - /* (A, B) := (B, A mod B) ... */ - A = B; - B = M; - /* ... so we have 0 <= B < A again */ - - /*- - * Since the former M is now B and the former B is now A, - * (**) translates into - * sign*Y*a == D*A + B (mod |n|), - * i.e. - * sign*Y*a - D*A == B (mod |n|). - * Similarly, (*) translates into - * -sign*X*a == A (mod |n|). - * - * Thus, - * sign*Y*a + D*sign*X*a == B (mod |n|), - * i.e. - * sign*(Y + D*X)*a == B (mod |n|). - * - * So if we set (X, Y, sign) := (Y + D*X, X, -sign), we arrive back at - * -sign*X*a == B (mod |n|), - * sign*Y*a == A (mod |n|). - * Note that X and Y stay non-negative all the time. - */ - - /* - * most of the time D is very small, so we can optimize tmp := D*X+Y - */ - if (BN_is_one(D)) { - if (!BN_add(tmp, X, Y)) - goto err; - } else { - if (BN_is_word(D, 2)) { - if (!BN_lshift1(tmp, X)) - goto err; - } else if (BN_is_word(D, 4)) { - if (!BN_lshift(tmp, X, 2)) - goto err; - } else if (D->top == 1) { - if (!BN_copy(tmp, X)) - goto err; - if (!BN_mul_word(tmp, D->d[0])) - goto err; - } else { - if (!BN_mul(tmp, D, X, ctx)) - goto err; - } - if (!BN_add(tmp, tmp, Y)) - goto err; - } - - M = Y; /* keep the BIGNUM object, the value does not matter */ - Y = X; - X = tmp; - sign = -sign; - } - } - - /*- - * The while loop (Euclid's algorithm) ends when - * A == gcd(a,n); - * we have - * sign*Y*a == A (mod |n|), - * where Y is non-negative. - */ - - if (sign < 0) { - if (!BN_sub(Y, n, Y)) - goto err; - } - /* Now Y*a == A (mod |n|). */ - - if (BN_is_one(A)) { - /* Y*a == 1 (mod |n|) */ - if (!Y->neg && BN_ucmp(Y, n) < 0) { - if (!BN_copy(R, Y)) - goto err; - } else { - if (!BN_nnmod(R, Y, n, ctx)) - goto err; - } - } else { - *pnoinv = 1; - goto err; - } - ret = R; - err: - if ((ret == NULL) && (in == NULL)) - BN_free(R); - BN_CTX_end(ctx); - bn_check_top(ret); - return ret; -} - -/* solves ax == 1 (mod n) */ -BIGNUM *BN_mod_inverse(BIGNUM *in, - const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx) -{ - BN_CTX *new_ctx = NULL; - BIGNUM *rv; - int noinv = 0; - - if (ctx == NULL) { - ctx = new_ctx = BN_CTX_new_ex(NULL); - if (ctx == NULL) { - ERR_raise(ERR_LIB_BN, ERR_R_MALLOC_FAILURE); - return NULL; - } - } - - rv = int_bn_mod_inverse(in, a, n, ctx, &noinv); - if (noinv) - ERR_raise(ERR_LIB_BN, BN_R_NO_INVERSE); - BN_CTX_free(new_ctx); - return rv; -} - -/*- - * This function is based on the constant-time GCD work by Bernstein and Yang: - * https://eprint.iacr.org/2019/266 - * Generalized fast GCD function to allow even inputs. - * The algorithm first finds the shared powers of 2 between - * the inputs, and removes them, reducing at least one of the - * inputs to an odd value. Then it proceeds to calculate the GCD. - * Before returning the resulting GCD, we take care of adding - * back the powers of two removed at the beginning. - * Note 1: we assume the bit length of both inputs is public information, - * since access to top potentially leaks this information. - */ -int BN_gcd(BIGNUM *r, const BIGNUM *in_a, const BIGNUM *in_b, BN_CTX *ctx) -{ - BIGNUM *g, *temp = NULL; - BN_ULONG mask = 0; - int i, j, top, rlen, glen, m, bit = 1, delta = 1, cond = 0, shifts = 0, ret = 0; - - /* Note 2: zero input corner cases are not constant-time since they are - * handled immediately. An attacker can run an attack under this - * assumption without the need of side-channel information. */ - if (BN_is_zero(in_b)) { - ret = BN_copy(r, in_a) != NULL; - r->neg = 0; - return ret; - } - if (BN_is_zero(in_a)) { - ret = BN_copy(r, in_b) != NULL; - r->neg = 0; - return ret; - } - - bn_check_top(in_a); - bn_check_top(in_b); - - BN_CTX_start(ctx); - temp = BN_CTX_get(ctx); - g = BN_CTX_get(ctx); - - /* make r != 0, g != 0 even, so BN_rshift is not a potential nop */ - if (g == NULL - || !BN_lshift1(g, in_b) - || !BN_lshift1(r, in_a)) - goto err; - - /* find shared powers of two, i.e. "shifts" >= 1 */ - for (i = 0; i < r->dmax && i < g->dmax; i++) { - mask = ~(r->d[i] | g->d[i]); - for (j = 0; j < BN_BITS2; j++) { - bit &= mask; - shifts += bit; - mask >>= 1; - } - } - - /* subtract shared powers of two; shifts >= 1 */ - if (!BN_rshift(r, r, shifts) - || !BN_rshift(g, g, shifts)) - goto err; - - /* expand to biggest nword, with room for a possible extra word */ - top = 1 + ((r->top >= g->top) ? r->top : g->top); - if (bn_wexpand(r, top) == NULL - || bn_wexpand(g, top) == NULL - || bn_wexpand(temp, top) == NULL) - goto err; - - /* re arrange inputs s.t. r is odd */ - BN_consttime_swap((~r->d[0]) & 1, r, g, top); - - /* compute the number of iterations */ - rlen = BN_num_bits(r); - glen = BN_num_bits(g); - m = 4 + 3 * ((rlen >= glen) ? rlen : glen); - - for (i = 0; i < m; i++) { - /* conditionally flip signs if delta is positive and g is odd */ - cond = (-delta >> (8 * sizeof(delta) - 1)) & g->d[0] & 1 - /* make sure g->top > 0 (i.e. if top == 0 then g == 0 always) */ - & (~((g->top - 1) >> (sizeof(g->top) * 8 - 1))); - delta = (-cond & -delta) | ((cond - 1) & delta); - r->neg ^= cond; - /* swap */ - BN_consttime_swap(cond, r, g, top); - - /* elimination step */ - delta++; - if (!BN_add(temp, g, r)) - goto err; - BN_consttime_swap(g->d[0] & 1 /* g is odd */ - /* make sure g->top > 0 (i.e. if top == 0 then g == 0 always) */ - & (~((g->top - 1) >> (sizeof(g->top) * 8 - 1))), - g, temp, top); - if (!BN_rshift1(g, g)) - goto err; - } - - /* remove possible negative sign */ - r->neg = 0; - /* add powers of 2 removed, then correct the artificial shift */ - if (!BN_lshift(r, r, shifts) - || !BN_rshift1(r, r)) - goto err; - - ret = 1; - - err: - BN_CTX_end(ctx); - bn_check_top(r); - return ret; -} diff --git a/crypto/bn/bn_gf2m.c b/crypto/bn/bn_gf2m.c deleted file mode 100644 index 304c2ea08d0e950b9ad8d26f5fc8e5b580ffc156..0000000000000000000000000000000000000000 --- a/crypto/bn/bn_gf2m.c +++ /dev/null @@ -1,1191 +0,0 @@ -/* - * Copyright 2002-2021 The OpenSSL Project Authors. All Rights Reserved. - * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include "internal/cryptlib.h" -#include "bn_local.h" - -#ifndef OPENSSL_NO_EC2M - -/* - * Maximum number of iterations before BN_GF2m_mod_solve_quad_arr should - * fail. - */ -# define MAX_ITERATIONS 50 - -# define SQR_nibble(w) ((((w) & 8) << 3) \ - | (((w) & 4) << 2) \ - | (((w) & 2) << 1) \ - | ((w) & 1)) - - -/* Platform-specific macros to accelerate squaring. */ -# if defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG) -# define SQR1(w) \ - SQR_nibble((w) >> 60) << 56 | SQR_nibble((w) >> 56) << 48 | \ - SQR_nibble((w) >> 52) << 40 | SQR_nibble((w) >> 48) << 32 | \ - SQR_nibble((w) >> 44) << 24 | SQR_nibble((w) >> 40) << 16 | \ - SQR_nibble((w) >> 36) << 8 | SQR_nibble((w) >> 32) -# define SQR0(w) \ - SQR_nibble((w) >> 28) << 56 | SQR_nibble((w) >> 24) << 48 | \ - SQR_nibble((w) >> 20) << 40 | SQR_nibble((w) >> 16) << 32 | \ - SQR_nibble((w) >> 12) << 24 | SQR_nibble((w) >> 8) << 16 | \ - SQR_nibble((w) >> 4) << 8 | SQR_nibble((w) ) -# endif -# ifdef THIRTY_TWO_BIT -# define SQR1(w) \ - SQR_nibble((w) >> 28) << 24 | SQR_nibble((w) >> 24) << 16 | \ - SQR_nibble((w) >> 20) << 8 | SQR_nibble((w) >> 16) -# define SQR0(w) \ - SQR_nibble((w) >> 12) << 24 | SQR_nibble((w) >> 8) << 16 | \ - SQR_nibble((w) >> 4) << 8 | SQR_nibble((w) ) -# endif - -# if !defined(OPENSSL_BN_ASM_GF2m) -/* - * Product of two polynomials a, b each with degree < BN_BITS2 - 1, result is - * a polynomial r with degree < 2 * BN_BITS - 1 The caller MUST ensure that - * the variables have the right amount of space allocated. - */ -# ifdef THIRTY_TWO_BIT -static void bn_GF2m_mul_1x1(BN_ULONG *r1, BN_ULONG *r0, const BN_ULONG a, - const BN_ULONG b) -{ - register BN_ULONG h, l, s; - BN_ULONG tab[8], top2b = a >> 30; - register BN_ULONG a1, a2, a4; - - a1 = a & (0x3FFFFFFF); - a2 = a1 << 1; - a4 = a2 << 1; - - tab[0] = 0; - tab[1] = a1; - tab[2] = a2; - tab[3] = a1 ^ a2; - tab[4] = a4; - tab[5] = a1 ^ a4; - tab[6] = a2 ^ a4; - tab[7] = a1 ^ a2 ^ a4; - - s = tab[b & 0x7]; - l = s; - s = tab[b >> 3 & 0x7]; - l ^= s << 3; - h = s >> 29; - s = tab[b >> 6 & 0x7]; - l ^= s << 6; - h ^= s >> 26; - s = tab[b >> 9 & 0x7]; - l ^= s << 9; - h ^= s >> 23; - s = tab[b >> 12 & 0x7]; - l ^= s << 12; - h ^= s >> 20; - s = tab[b >> 15 & 0x7]; - l ^= s << 15; - h ^= s >> 17; - s = tab[b >> 18 & 0x7]; - l ^= s << 18; - h ^= s >> 14; - s = tab[b >> 21 & 0x7]; - l ^= s << 21; - h ^= s >> 11; - s = tab[b >> 24 & 0x7]; - l ^= s << 24; - h ^= s >> 8; - s = tab[b >> 27 & 0x7]; - l ^= s << 27; - h ^= s >> 5; - s = tab[b >> 30]; - l ^= s << 30; - h ^= s >> 2; - - /* compensate for the top two bits of a */ - - if (top2b & 01) { - l ^= b << 30; - h ^= b >> 2; - } - if (top2b & 02) { - l ^= b << 31; - h ^= b >> 1; - } - - *r1 = h; - *r0 = l; -} -# endif -# if defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG) -static void bn_GF2m_mul_1x1(BN_ULONG *r1, BN_ULONG *r0, const BN_ULONG a, - const BN_ULONG b) -{ - register BN_ULONG h, l, s; - BN_ULONG tab[16], top3b = a >> 61; - register BN_ULONG a1, a2, a4, a8; - - a1 = a & (0x1FFFFFFFFFFFFFFFULL); - a2 = a1 << 1; - a4 = a2 << 1; - a8 = a4 << 1; - - tab[0] = 0; - tab[1] = a1; - tab[2] = a2; - tab[3] = a1 ^ a2; - tab[4] = a4; - tab[5] = a1 ^ a4; - tab[6] = a2 ^ a4; - tab[7] = a1 ^ a2 ^ a4; - tab[8] = a8; - tab[9] = a1 ^ a8; - tab[10] = a2 ^ a8; - tab[11] = a1 ^ a2 ^ a8; - tab[12] = a4 ^ a8; - tab[13] = a1 ^ a4 ^ a8; - tab[14] = a2 ^ a4 ^ a8; - tab[15] = a1 ^ a2 ^ a4 ^ a8; - - s = tab[b & 0xF]; - l = s; - s = tab[b >> 4 & 0xF]; - l ^= s << 4; - h = s >> 60; - s = tab[b >> 8 & 0xF]; - l ^= s << 8; - h ^= s >> 56; - s = tab[b >> 12 & 0xF]; - l ^= s << 12; - h ^= s >> 52; - s = tab[b >> 16 & 0xF]; - l ^= s << 16; - h ^= s >> 48; - s = tab[b >> 20 & 0xF]; - l ^= s << 20; - h ^= s >> 44; - s = tab[b >> 24 & 0xF]; - l ^= s << 24; - h ^= s >> 40; - s = tab[b >> 28 & 0xF]; - l ^= s << 28; - h ^= s >> 36; - s = tab[b >> 32 & 0xF]; - l ^= s << 32; - h ^= s >> 32; - s = tab[b >> 36 & 0xF]; - l ^= s << 36; - h ^= s >> 28; - s = tab[b >> 40 & 0xF]; - l ^= s << 40; - h ^= s >> 24; - s = tab[b >> 44 & 0xF]; - l ^= s << 44; - h ^= s >> 20; - s = tab[b >> 48 & 0xF]; - l ^= s << 48; - h ^= s >> 16; - s = tab[b >> 52 & 0xF]; - l ^= s << 52; - h ^= s >> 12; - s = tab[b >> 56 & 0xF]; - l ^= s << 56; - h ^= s >> 8; - s = tab[b >> 60]; - l ^= s << 60; - h ^= s >> 4; - - /* compensate for the top three bits of a */ - - if (top3b & 01) { - l ^= b << 61; - h ^= b >> 3; - } - if (top3b & 02) { - l ^= b << 62; - h ^= b >> 2; - } - if (top3b & 04) { - l ^= b << 63; - h ^= b >> 1; - } - - *r1 = h; - *r0 = l; -} -# endif - -/* - * Product of two polynomials a, b each with degree < 2 * BN_BITS2 - 1, - * result is a polynomial r with degree < 4 * BN_BITS2 - 1 The caller MUST - * ensure that the variables have the right amount of space allocated. - */ -static void bn_GF2m_mul_2x2(BN_ULONG *r, const BN_ULONG a1, const BN_ULONG a0, - const BN_ULONG b1, const BN_ULONG b0) -{ - BN_ULONG m1, m0; - /* r[3] = h1, r[2] = h0; r[1] = l1; r[0] = l0 */ - bn_GF2m_mul_1x1(r + 3, r + 2, a1, b1); - bn_GF2m_mul_1x1(r + 1, r, a0, b0); - bn_GF2m_mul_1x1(&m1, &m0, a0 ^ a1, b0 ^ b1); - /* Correction on m1 ^= l1 ^ h1; m0 ^= l0 ^ h0; */ - r[2] ^= m1 ^ r[1] ^ r[3]; /* h0 ^= m1 ^ l1 ^ h1; */ - r[1] = r[3] ^ r[2] ^ r[0] ^ m1 ^ m0; /* l1 ^= l0 ^ h0 ^ m0; */ -} -# else -void bn_GF2m_mul_2x2(BN_ULONG *r, BN_ULONG a1, BN_ULONG a0, BN_ULONG b1, - BN_ULONG b0); -# endif - -/* - * Add polynomials a and b and store result in r; r could be a or b, a and b - * could be equal; r is the bitwise XOR of a and b. - */ -int BN_GF2m_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) -{ - int i; - const BIGNUM *at, *bt; - - bn_check_top(a); - bn_check_top(b); - - if (a->top < b->top) { - at = b; - bt = a; - } else { - at = a; - bt = b; - } - - if (bn_wexpand(r, at->top) == NULL) - return 0; - - for (i = 0; i < bt->top; i++) { - r->d[i] = at->d[i] ^ bt->d[i]; - } - for (; i < at->top; i++) { - r->d[i] = at->d[i]; - } - - r->top = at->top; - bn_correct_top(r); - - return 1; -} - -/*- - * Some functions allow for representation of the irreducible polynomials - * as an int[], say p. The irreducible f(t) is then of the form: - * t^p[0] + t^p[1] + ... + t^p[k] - * where m = p[0] > p[1] > ... > p[k] = 0. - */ - -/* Performs modular reduction of a and store result in r. r could be a. */ -int BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const int p[]) -{ - int j, k; - int n, dN, d0, d1; - BN_ULONG zz, *z; - - bn_check_top(a); - - if (p[0] == 0) { - /* reduction mod 1 => return 0 */ - BN_zero(r); - return 1; - } - - /* - * Since the algorithm does reduction in the r value, if a != r, copy the - * contents of a into r so we can do reduction in r. - */ - if (a != r) { - if (!bn_wexpand(r, a->top)) - return 0; - for (j = 0; j < a->top; j++) { - r->d[j] = a->d[j]; - } - r->top = a->top; - } - z = r->d; - - /* start reduction */ - dN = p[0] / BN_BITS2; - for (j = r->top - 1; j > dN;) { - zz = z[j]; - if (z[j] == 0) { - j--; - continue; - } - z[j] = 0; - - for (k = 1; p[k] != 0; k++) { - /* reducing component t^p[k] */ - n = p[0] - p[k]; - d0 = n % BN_BITS2; - d1 = BN_BITS2 - d0; - n /= BN_BITS2; - z[j - n] ^= (zz >> d0); - if (d0) - z[j - n - 1] ^= (zz << d1); - } - - /* reducing component t^0 */ - n = dN; - d0 = p[0] % BN_BITS2; - d1 = BN_BITS2 - d0; - z[j - n] ^= (zz >> d0); - if (d0) - z[j - n - 1] ^= (zz << d1); - } - - /* final round of reduction */ - while (j == dN) { - - d0 = p[0] % BN_BITS2; - zz = z[dN] >> d0; - if (zz == 0) - break; - d1 = BN_BITS2 - d0; - - /* clear up the top d1 bits */ - if (d0) - z[dN] = (z[dN] << d1) >> d1; - else - z[dN] = 0; - z[0] ^= zz; /* reduction t^0 component */ - - for (k = 1; p[k] != 0; k++) { - BN_ULONG tmp_ulong; - - /* reducing component t^p[k] */ - n = p[k] / BN_BITS2; - d0 = p[k] % BN_BITS2; - d1 = BN_BITS2 - d0; - z[n] ^= (zz << d0); - if (d0 && (tmp_ulong = zz >> d1)) - z[n + 1] ^= tmp_ulong; - } - - } - - bn_correct_top(r); - return 1; -} - -/* - * Performs modular reduction of a by p and store result in r. r could be a. - * This function calls down to the BN_GF2m_mod_arr implementation; this wrapper - * function is only provided for convenience; for best performance, use the - * BN_GF2m_mod_arr function. - */ -int BN_GF2m_mod(BIGNUM *r, const BIGNUM *a, const BIGNUM *p) -{ - int ret = 0; - int arr[6]; - bn_check_top(a); - bn_check_top(p); - ret = BN_GF2m_poly2arr(p, arr, OSSL_NELEM(arr)); - if (!ret || ret > (int)OSSL_NELEM(arr)) { - ERR_raise(ERR_LIB_BN, BN_R_INVALID_LENGTH); - return 0; - } - ret = BN_GF2m_mod_arr(r, a, arr); - bn_check_top(r); - return ret; -} - -/* - * Compute the product of two polynomials a and b, reduce modulo p, and store - * the result in r. r could be a or b; a could be b. - */ -int BN_GF2m_mod_mul_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, - const int p[], BN_CTX *ctx) -{ - int zlen, i, j, k, ret = 0; - BIGNUM *s; - BN_ULONG x1, x0, y1, y0, zz[4]; - - bn_check_top(a); - bn_check_top(b); - - if (a == b) { - return BN_GF2m_mod_sqr_arr(r, a, p, ctx); - } - - BN_CTX_start(ctx); - if ((s = BN_CTX_get(ctx)) == NULL) - goto err; - - zlen = a->top + b->top + 4; - if (!bn_wexpand(s, zlen)) - goto err; - s->top = zlen; - - for (i = 0; i < zlen; i++) - s->d[i] = 0; - - for (j = 0; j < b->top; j += 2) { - y0 = b->d[j]; - y1 = ((j + 1) == b->top) ? 0 : b->d[j + 1]; - for (i = 0; i < a->top; i += 2) { - x0 = a->d[i]; - x1 = ((i + 1) == a->top) ? 0 : a->d[i + 1]; - bn_GF2m_mul_2x2(zz, x1, x0, y1, y0); - for (k = 0; k < 4; k++) - s->d[i + j + k] ^= zz[k]; - } - } - - bn_correct_top(s); - if (BN_GF2m_mod_arr(r, s, p)) - ret = 1; - bn_check_top(r); - - err: - BN_CTX_end(ctx); - return ret; -} - -/* - * Compute the product of two polynomials a and b, reduce modulo p, and store - * the result in r. r could be a or b; a could equal b. This function calls - * down to the BN_GF2m_mod_mul_arr implementation; this wrapper function is - * only provided for convenience; for best performance, use the - * BN_GF2m_mod_mul_arr function. - */ -int BN_GF2m_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, - const BIGNUM *p, BN_CTX *ctx) -{ - int ret = 0; - const int max = BN_num_bits(p) + 1; - int *arr; - - bn_check_top(a); - bn_check_top(b); - bn_check_top(p); - - arr = OPENSSL_malloc(sizeof(*arr) * max); - if (arr == NULL) { - ERR_raise(ERR_LIB_BN, ERR_R_MALLOC_FAILURE); - return 0; - } - ret = BN_GF2m_poly2arr(p, arr, max); - if (!ret || ret > max) { - ERR_raise(ERR_LIB_BN, BN_R_INVALID_LENGTH); - goto err; - } - ret = BN_GF2m_mod_mul_arr(r, a, b, arr, ctx); - bn_check_top(r); - err: - OPENSSL_free(arr); - return ret; -} - -/* Square a, reduce the result mod p, and store it in a. r could be a. */ -int BN_GF2m_mod_sqr_arr(BIGNUM *r, const BIGNUM *a, const int p[], - BN_CTX *ctx) -{ - int i, ret = 0; - BIGNUM *s; - - bn_check_top(a); - BN_CTX_start(ctx); - if ((s = BN_CTX_get(ctx)) == NULL) - goto err; - if (!bn_wexpand(s, 2 * a->top)) - goto err; - - for (i = a->top - 1; i >= 0; i--) { - s->d[2 * i + 1] = SQR1(a->d[i]); - s->d[2 * i] = SQR0(a->d[i]); - } - - s->top = 2 * a->top; - bn_correct_top(s); - if (!BN_GF2m_mod_arr(r, s, p)) - goto err; - bn_check_top(r); - ret = 1; - err: - BN_CTX_end(ctx); - return ret; -} - -/* - * Square a, reduce the result mod p, and store it in a. r could be a. This - * function calls down to the BN_GF2m_mod_sqr_arr implementation; this - * wrapper function is only provided for convenience; for best performance, - * use the BN_GF2m_mod_sqr_arr function. - */ -int BN_GF2m_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) -{ - int ret = 0; - const int max = BN_num_bits(p) + 1; - int *arr; - - bn_check_top(a); - bn_check_top(p); - - arr = OPENSSL_malloc(sizeof(*arr) * max); - if (arr == NULL) { - ERR_raise(ERR_LIB_BN, ERR_R_MALLOC_FAILURE); - return 0; - } - ret = BN_GF2m_poly2arr(p, arr, max); - if (!ret || ret > max) { - ERR_raise(ERR_LIB_BN, BN_R_INVALID_LENGTH); - goto err; - } - ret = BN_GF2m_mod_sqr_arr(r, a, arr, ctx); - bn_check_top(r); - err: - OPENSSL_free(arr); - return ret; -} - -/* - * Invert a, reduce modulo p, and store the result in r. r could be a. Uses - * Modified Almost Inverse Algorithm (Algorithm 10) from Hankerson, D., - * Hernandez, J.L., and Menezes, A. "Software Implementation of Elliptic - * Curve Cryptography Over Binary Fields". - */ -static int BN_GF2m_mod_inv_vartime(BIGNUM *r, const BIGNUM *a, - const BIGNUM *p, BN_CTX *ctx) -{ - BIGNUM *b, *c = NULL, *u = NULL, *v = NULL, *tmp; - int ret = 0; - - bn_check_top(a); - bn_check_top(p); - - BN_CTX_start(ctx); - - b = BN_CTX_get(ctx); - c = BN_CTX_get(ctx); - u = BN_CTX_get(ctx); - v = BN_CTX_get(ctx); - if (v == NULL) - goto err; - - if (!BN_GF2m_mod(u, a, p)) - goto err; - if (BN_is_zero(u)) - goto err; - - if (!BN_copy(v, p)) - goto err; -# if 0 - if (!BN_one(b)) - goto err; - - while (1) { - while (!BN_is_odd(u)) { - if (BN_is_zero(u)) - goto err; - if (!BN_rshift1(u, u)) - goto err; - if (BN_is_odd(b)) { - if (!BN_GF2m_add(b, b, p)) - goto err; - } - if (!BN_rshift1(b, b)) - goto err; - } - - if (BN_abs_is_word(u, 1)) - break; - - if (BN_num_bits(u) < BN_num_bits(v)) { - tmp = u; - u = v; - v = tmp; - tmp = b; - b = c; - c = tmp; - } - - if (!BN_GF2m_add(u, u, v)) - goto err; - if (!BN_GF2m_add(b, b, c)) - goto err; - } -# else - { - int i; - int ubits = BN_num_bits(u); - int vbits = BN_num_bits(v); /* v is copy of p */ - int top = p->top; - BN_ULONG *udp, *bdp, *vdp, *cdp; - - if (!bn_wexpand(u, top)) - goto err; - udp = u->d; - for (i = u->top; i < top; i++) - udp[i] = 0; - u->top = top; - if (!bn_wexpand(b, top)) - goto err; - bdp = b->d; - bdp[0] = 1; - for (i = 1; i < top; i++) - bdp[i] = 0; - b->top = top; - if (!bn_wexpand(c, top)) - goto err; - cdp = c->d; - for (i = 0; i < top; i++) - cdp[i] = 0; - c->top = top; - vdp = v->d; /* It pays off to "cache" *->d pointers, - * because it allows optimizer to be more - * aggressive. But we don't have to "cache" - * p->d, because *p is declared 'const'... */ - while (1) { - while (ubits && !(udp[0] & 1)) { - BN_ULONG u0, u1, b0, b1, mask; - - u0 = udp[0]; - b0 = bdp[0]; - mask = (BN_ULONG)0 - (b0 & 1); - b0 ^= p->d[0] & mask; - for (i = 0; i < top - 1; i++) { - u1 = udp[i + 1]; - udp[i] = ((u0 >> 1) | (u1 << (BN_BITS2 - 1))) & BN_MASK2; - u0 = u1; - b1 = bdp[i + 1] ^ (p->d[i + 1] & mask); - bdp[i] = ((b0 >> 1) | (b1 << (BN_BITS2 - 1))) & BN_MASK2; - b0 = b1; - } - udp[i] = u0 >> 1; - bdp[i] = b0 >> 1; - ubits--; - } - - if (ubits <= BN_BITS2) { - if (udp[0] == 0) /* poly was reducible */ - goto err; - if (udp[0] == 1) - break; - } - - if (ubits < vbits) { - i = ubits; - ubits = vbits; - vbits = i; - tmp = u; - u = v; - v = tmp; - tmp = b; - b = c; - c = tmp; - udp = vdp; - vdp = v->d; - bdp = cdp; - cdp = c->d; - } - for (i = 0; i < top; i++) { - udp[i] ^= vdp[i]; - bdp[i] ^= cdp[i]; - } - if (ubits == vbits) { - BN_ULONG ul; - int utop = (ubits - 1) / BN_BITS2; - - while ((ul = udp[utop]) == 0 && utop) - utop--; - ubits = utop * BN_BITS2 + BN_num_bits_word(ul); - } - } - bn_correct_top(b); - } -# endif - - if (!BN_copy(r, b)) - goto err; - bn_check_top(r); - ret = 1; - - err: -# ifdef BN_DEBUG - /* BN_CTX_end would complain about the expanded form */ - bn_correct_top(c); - bn_correct_top(u); - bn_correct_top(v); -# endif - BN_CTX_end(ctx); - return ret; -} - -/*- - * Wrapper for BN_GF2m_mod_inv_vartime that blinds the input before calling. - * This is not constant time. - * But it does eliminate first order deduction on the input. - */ -int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) -{ - BIGNUM *b = NULL; - int ret = 0; - - BN_CTX_start(ctx); - if ((b = BN_CTX_get(ctx)) == NULL) - goto err; - - /* generate blinding value */ - do { - if (!BN_priv_rand_ex(b, BN_num_bits(p) - 1, - BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY, 0, ctx)) - goto err; - } while (BN_is_zero(b)); - - /* r := a * b */ - if (!BN_GF2m_mod_mul(r, a, b, p, ctx)) - goto err; - - /* r := 1/(a * b) */ - if (!BN_GF2m_mod_inv_vartime(r, r, p, ctx)) - goto err; - - /* r := b/(a * b) = 1/a */ - if (!BN_GF2m_mod_mul(r, r, b, p, ctx)) - goto err; - - ret = 1; - - err: - BN_CTX_end(ctx); - return ret; -} - -/* - * Invert xx, reduce modulo p, and store the result in r. r could be xx. - * This function calls down to the BN_GF2m_mod_inv implementation; this - * wrapper function is only provided for convenience; for best performance, - * use the BN_GF2m_mod_inv function. - */ -int BN_GF2m_mod_inv_arr(BIGNUM *r, const BIGNUM *xx, const int p[], - BN_CTX *ctx) -{ - BIGNUM *field; - int ret = 0; - - bn_check_top(xx); - BN_CTX_start(ctx); - if ((field = BN_CTX_get(ctx)) == NULL) - goto err; - if (!BN_GF2m_arr2poly(p, field)) - goto err; - - ret = BN_GF2m_mod_inv(r, xx, field, ctx); - bn_check_top(r); - - err: - BN_CTX_end(ctx); - return ret; -} - -/* - * Divide y by x, reduce modulo p, and store the result in r. r could be x - * or y, x could equal y. - */ -int BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *y, const BIGNUM *x, - const BIGNUM *p, BN_CTX *ctx) -{ - BIGNUM *xinv = NULL; - int ret = 0; - - bn_check_top(y); - bn_check_top(x); - bn_check_top(p); - - BN_CTX_start(ctx); - xinv = BN_CTX_get(ctx); - if (xinv == NULL) - goto err; - - if (!BN_GF2m_mod_inv(xinv, x, p, ctx)) - goto err; - if (!BN_GF2m_mod_mul(r, y, xinv, p, ctx)) - goto err; - bn_check_top(r); - ret = 1; - - err: - BN_CTX_end(ctx); - return ret; -} - -/* - * Divide yy by xx, reduce modulo p, and store the result in r. r could be xx - * * or yy, xx could equal yy. This function calls down to the - * BN_GF2m_mod_div implementation; this wrapper function is only provided for - * convenience; for best performance, use the BN_GF2m_mod_div function. - */ -int BN_GF2m_mod_div_arr(BIGNUM *r, const BIGNUM *yy, const BIGNUM *xx, - const int p[], BN_CTX *ctx) -{ - BIGNUM *field; - int ret = 0; - - bn_check_top(yy); - bn_check_top(xx); - - BN_CTX_start(ctx); - if ((field = BN_CTX_get(ctx)) == NULL) - goto err; - if (!BN_GF2m_arr2poly(p, field)) - goto err; - - ret = BN_GF2m_mod_div(r, yy, xx, field, ctx); - bn_check_top(r); - - err: - BN_CTX_end(ctx); - return ret; -} - -/* - * Compute the bth power of a, reduce modulo p, and store the result in r. r - * could be a. Uses simple square-and-multiply algorithm A.5.1 from IEEE - * P1363. - */ -int BN_GF2m_mod_exp_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, - const int p[], BN_CTX *ctx) -{ - int ret = 0, i, n; - BIGNUM *u; - - bn_check_top(a); - bn_check_top(b); - - if (BN_is_zero(b)) - return BN_one(r); - - if (BN_abs_is_word(b, 1)) - return (BN_copy(r, a) != NULL); - - BN_CTX_start(ctx); - if ((u = BN_CTX_get(ctx)) == NULL) - goto err; - - if (!BN_GF2m_mod_arr(u, a, p)) - goto err; - - n = BN_num_bits(b) - 1; - for (i = n - 1; i >= 0; i--) { - if (!BN_GF2m_mod_sqr_arr(u, u, p, ctx)) - goto err; - if (BN_is_bit_set(b, i)) { - if (!BN_GF2m_mod_mul_arr(u, u, a, p, ctx)) - goto err; - } - } - if (!BN_copy(r, u)) - goto err; - bn_check_top(r); - ret = 1; - err: - BN_CTX_end(ctx); - return ret; -} - -/* - * Compute the bth power of a, reduce modulo p, and store the result in r. r - * could be a. This function calls down to the BN_GF2m_mod_exp_arr - * implementation; this wrapper function is only provided for convenience; - * for best performance, use the BN_GF2m_mod_exp_arr function. - */ -int BN_GF2m_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, - const BIGNUM *p, BN_CTX *ctx) -{ - int ret = 0; - const int max = BN_num_bits(p) + 1; - int *arr; - - bn_check_top(a); - bn_check_top(b); - bn_check_top(p); - - arr = OPENSSL_malloc(sizeof(*arr) * max); - if (arr == NULL) { - ERR_raise(ERR_LIB_BN, ERR_R_MALLOC_FAILURE); - return 0; - } - ret = BN_GF2m_poly2arr(p, arr, max); - if (!ret || ret > max) { - ERR_raise(ERR_LIB_BN, BN_R_INVALID_LENGTH); - goto err; - } - ret = BN_GF2m_mod_exp_arr(r, a, b, arr, ctx); - bn_check_top(r); - err: - OPENSSL_free(arr); - return ret; -} - -/* - * Compute the square root of a, reduce modulo p, and store the result in r. - * r could be a. Uses exponentiation as in algorithm A.4.1 from IEEE P1363. - */ -int BN_GF2m_mod_sqrt_arr(BIGNUM *r, const BIGNUM *a, const int p[], - BN_CTX *ctx) -{ - int ret = 0; - BIGNUM *u; - - bn_check_top(a); - - if (p[0] == 0) { - /* reduction mod 1 => return 0 */ - BN_zero(r); - return 1; - } - - BN_CTX_start(ctx); - if ((u = BN_CTX_get(ctx)) == NULL) - goto err; - - if (!BN_set_bit(u, p[0] - 1)) - goto err; - ret = BN_GF2m_mod_exp_arr(r, a, u, p, ctx); - bn_check_top(r); - - err: - BN_CTX_end(ctx); - return ret; -} - -/* - * Compute the square root of a, reduce modulo p, and store the result in r. - * r could be a. This function calls down to the BN_GF2m_mod_sqrt_arr - * implementation; this wrapper function is only provided for convenience; - * for best performance, use the BN_GF2m_mod_sqrt_arr function. - */ -int BN_GF2m_mod_sqrt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) -{ - int ret = 0; - const int max = BN_num_bits(p) + 1; - int *arr; - - bn_check_top(a); - bn_check_top(p); - - arr = OPENSSL_malloc(sizeof(*arr) * max); - if (arr == NULL) { - ERR_raise(ERR_LIB_BN, ERR_R_MALLOC_FAILURE); - return 0; - } - ret = BN_GF2m_poly2arr(p, arr, max); - if (!ret || ret > max) { - ERR_raise(ERR_LIB_BN, BN_R_INVALID_LENGTH); - goto err; - } - ret = BN_GF2m_mod_sqrt_arr(r, a, arr, ctx); - bn_check_top(r); - err: - OPENSSL_free(arr); - return ret; -} - -/* - * Find r such that r^2 + r = a mod p. r could be a. If no r exists returns - * 0. Uses algorithms A.4.7 and A.4.6 from IEEE P1363. - */ -int BN_GF2m_mod_solve_quad_arr(BIGNUM *r, const BIGNUM *a_, const int p[], - BN_CTX *ctx) -{ - int ret = 0, count = 0, j; - BIGNUM *a, *z, *rho, *w, *w2, *tmp; - - bn_check_top(a_); - - if (p[0] == 0) { - /* reduction mod 1 => return 0 */ - BN_zero(r); - return 1; - } - - BN_CTX_start(ctx); - a = BN_CTX_get(ctx); - z = BN_CTX_get(ctx); - w = BN_CTX_get(ctx); - if (w == NULL) - goto err; - - if (!BN_GF2m_mod_arr(a, a_, p)) - goto err; - - if (BN_is_zero(a)) { - BN_zero(r); - ret = 1; - goto err; - } - - if (p[0] & 0x1) { /* m is odd */ - /* compute half-trace of a */ - if (!BN_copy(z, a)) - goto err; - for (j = 1; j <= (p[0] - 1) / 2; j++) { - if (!BN_GF2m_mod_sqr_arr(z, z, p, ctx)) - goto err; - if (!BN_GF2m_mod_sqr_arr(z, z, p, ctx)) - goto err; - if (!BN_GF2m_add(z, z, a)) - goto err; - } - - } else { /* m is even */ - - rho = BN_CTX_get(ctx); - w2 = BN_CTX_get(ctx); - tmp = BN_CTX_get(ctx); - if (tmp == NULL) - goto err; - do { - if (!BN_priv_rand_ex(rho, p[0], BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY, - 0, ctx)) - goto err; - if (!BN_GF2m_mod_arr(rho, rho, p)) - goto err; - BN_zero(z); - if (!BN_copy(w, rho)) - goto err; - for (j = 1; j <= p[0] - 1; j++) { - if (!BN_GF2m_mod_sqr_arr(z, z, p, ctx)) - goto err; - if (!BN_GF2m_mod_sqr_arr(w2, w, p, ctx)) - goto err; - if (!BN_GF2m_mod_mul_arr(tmp, w2, a, p, ctx)) - goto err; - if (!BN_GF2m_add(z, z, tmp)) - goto err; - if (!BN_GF2m_add(w, w2, rho)) - goto err; - } - count++; - } while (BN_is_zero(w) && (count < MAX_ITERATIONS)); - if (BN_is_zero(w)) { - ERR_raise(ERR_LIB_BN, BN_R_TOO_MANY_ITERATIONS); - goto err; - } - } - - if (!BN_GF2m_mod_sqr_arr(w, z, p, ctx)) - goto err; - if (!BN_GF2m_add(w, z, w)) - goto err; - if (BN_GF2m_cmp(w, a)) { - ERR_raise(ERR_LIB_BN, BN_R_NO_SOLUTION); - goto err; - } - - if (!BN_copy(r, z)) - goto err; - bn_check_top(r); - - ret = 1; - - err: - BN_CTX_end(ctx); - return ret; -} - -/* - * Find r such that r^2 + r = a mod p. r could be a. If no r exists returns - * 0. This function calls down to the BN_GF2m_mod_solve_quad_arr - * implementation; this wrapper function is only provided for convenience; - * for best performance, use the BN_GF2m_mod_solve_quad_arr function. - */ -int BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - BN_CTX *ctx) -{ - int ret = 0; - const int max = BN_num_bits(p) + 1; - int *arr; - - bn_check_top(a); - bn_check_top(p); - - arr = OPENSSL_malloc(sizeof(*arr) * max); - if (arr == NULL) { - ERR_raise(ERR_LIB_BN, ERR_R_MALLOC_FAILURE); - goto err; - } - ret = BN_GF2m_poly2arr(p, arr, max); - if (!ret || ret > max) { - ERR_raise(ERR_LIB_BN, BN_R_INVALID_LENGTH); - goto err; - } - ret = BN_GF2m_mod_solve_quad_arr(r, a, arr, ctx); - bn_check_top(r); - err: - OPENSSL_free(arr); - return ret; -} - -/* - * Convert the bit-string representation of a polynomial ( \sum_{i=0}^n a_i * - * x^i) into an array of integers corresponding to the bits with non-zero - * coefficient. Array is terminated with -1. Up to max elements of the array - * will be filled. Return value is total number of array elements that would - * be filled if array was large enough. - */ -int BN_GF2m_poly2arr(const BIGNUM *a, int p[], int max) -{ - int i, j, k = 0; - BN_ULONG mask; - - if (BN_is_zero(a)) - return 0; - - for (i = a->top - 1; i >= 0; i--) { - if (!a->d[i]) - /* skip word if a->d[i] == 0 */ - continue; - mask = BN_TBIT; - for (j = BN_BITS2 - 1; j >= 0; j--) { - if (a->d[i] & mask) { - if (k < max) - p[k] = BN_BITS2 * i + j; - k++; - } - mask >>= 1; - } - } - - if (k < max) { - p[k] = -1; - k++; - } - - return k; -} - -/* - * Convert the coefficient array representation of a polynomial to a - * bit-string. The array must be terminated by -1. - */ -int BN_GF2m_arr2poly(const int p[], BIGNUM *a) -{ - int i; - - bn_check_top(a); - BN_zero(a); - for (i = 0; p[i] != -1; i++) { - if (BN_set_bit(a, p[i]) == 0) - return 0; - } - bn_check_top(a); - - return 1; -} - -#endif diff --git a/crypto/bn/bn_intern.c b/crypto/bn/bn_intern.c deleted file mode 100644 index c0f7f5fea6041a58711f4dd056dd2fe5266a6fbe..0000000000000000000000000000000000000000 --- a/crypto/bn/bn_intern.c +++ /dev/null @@ -1,199 +0,0 @@ -/* - * Copyright 2014-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include "internal/cryptlib.h" -#include "bn_local.h" - -/* - * Determine the modified width-(w+1) Non-Adjacent Form (wNAF) of 'scalar'. - * This is an array r[] of values that are either zero or odd with an - * absolute value less than 2^w satisfying - * scalar = \sum_j r[j]*2^j - * where at most one of any w+1 consecutive digits is non-zero - * with the exception that the most significant digit may be only - * w-1 zeros away from that next non-zero digit. - */ -signed char *bn_compute_wNAF(const BIGNUM *scalar, int w, size_t *ret_len) -{ - int window_val; - signed char *r = NULL; - int sign = 1; - int bit, next_bit, mask; - size_t len = 0, j; - - if (BN_is_zero(scalar)) { - r = OPENSSL_malloc(1); - if (r == NULL) { - ERR_raise(ERR_LIB_BN, ERR_R_MALLOC_FAILURE); - goto err; - } - r[0] = 0; - *ret_len = 1; - return r; - } - - if (w <= 0 || w > 7) { /* 'signed char' can represent integers with - * absolute values less than 2^7 */ - ERR_raise(ERR_LIB_BN, ERR_R_INTERNAL_ERROR); - goto err; - } - bit = 1 << w; /* at most 128 */ - next_bit = bit << 1; /* at most 256 */ - mask = next_bit - 1; /* at most 255 */ - - if (BN_is_negative(scalar)) { - sign = -1; - } - - if (scalar->d == NULL || scalar->top == 0) { - ERR_raise(ERR_LIB_BN, ERR_R_INTERNAL_ERROR); - goto err; - } - - len = BN_num_bits(scalar); - r = OPENSSL_malloc(len + 1); /* - * Modified wNAF may be one digit longer than binary representation - * (*ret_len will be set to the actual length, i.e. at most - * BN_num_bits(scalar) + 1) - */ - if (r == NULL) { - ERR_raise(ERR_LIB_BN, ERR_R_MALLOC_FAILURE); - goto err; - } - window_val = scalar->d[0] & mask; - j = 0; - while ((window_val != 0) || (j + w + 1 < len)) { /* if j+w+1 >= len, - * window_val will not - * increase */ - int digit = 0; - - /* 0 <= window_val <= 2^(w+1) */ - - if (window_val & 1) { - /* 0 < window_val < 2^(w+1) */ - - if (window_val & bit) { - digit = window_val - next_bit; /* -2^w < digit < 0 */ - -#if 1 /* modified wNAF */ - if (j + w + 1 >= len) { - /* - * Special case for generating modified wNAFs: - * no new bits will be added into window_val, - * so using a positive digit here will decrease - * the total length of the representation - */ - - digit = window_val & (mask >> 1); /* 0 < digit < 2^w */ - } -#endif - } else { - digit = window_val; /* 0 < digit < 2^w */ - } - - if (digit <= -bit || digit >= bit || !(digit & 1)) { - ERR_raise(ERR_LIB_BN, ERR_R_INTERNAL_ERROR); - goto err; - } - - window_val -= digit; - - /* - * now window_val is 0 or 2^(w+1) in standard wNAF generation; - * for modified window NAFs, it may also be 2^w - */ - if (window_val != 0 && window_val != next_bit - && window_val != bit) { - ERR_raise(ERR_LIB_BN, ERR_R_INTERNAL_ERROR); - goto err; - } - } - - r[j++] = sign * digit; - - window_val >>= 1; - window_val += bit * BN_is_bit_set(scalar, j + w); - - if (window_val > next_bit) { - ERR_raise(ERR_LIB_BN, ERR_R_INTERNAL_ERROR); - goto err; - } - } - - if (j > len + 1) { - ERR_raise(ERR_LIB_BN, ERR_R_INTERNAL_ERROR); - goto err; - } - *ret_len = j; - return r; - - err: - OPENSSL_free(r); - return NULL; -} - -int bn_get_top(const BIGNUM *a) -{ - return a->top; -} - -int bn_get_dmax(const BIGNUM *a) -{ - return a->dmax; -} - -void bn_set_all_zero(BIGNUM *a) -{ - int i; - - for (i = a->top; i < a->dmax; i++) - a->d[i] = 0; -} - -int bn_copy_words(BN_ULONG *out, const BIGNUM *in, int size) -{ - if (in->top > size) - return 0; - - memset(out, 0, sizeof(*out) * size); - if (in->d != NULL) - memcpy(out, in->d, sizeof(*out) * in->top); - return 1; -} - -BN_ULONG *bn_get_words(const BIGNUM *a) -{ - return a->d; -} - -void bn_set_static_words(BIGNUM *a, const BN_ULONG *words, int size) -{ - /* - * |const| qualifier omission is compensated by BN_FLG_STATIC_DATA - * flag, which effectively means "read-only data". - */ - a->d = (BN_ULONG *)words; - a->dmax = a->top = size; - a->neg = 0; - a->flags |= BN_FLG_STATIC_DATA; - bn_correct_top(a); -} - -int bn_set_words(BIGNUM *a, const BN_ULONG *words, int num_words) -{ - if (bn_wexpand(a, num_words) == NULL) { - ERR_raise(ERR_LIB_BN, ERR_R_MALLOC_FAILURE); - return 0; - } - - memcpy(a->d, words, sizeof(BN_ULONG) * num_words); - a->top = num_words; - bn_correct_top(a); - return 1; -} diff --git a/crypto/bn/bn_kron.c b/crypto/bn/bn_kron.c deleted file mode 100644 index 8258536dcaceff3e9ac27a402e79f5f9375732b0..0000000000000000000000000000000000000000 --- a/crypto/bn/bn_kron.c +++ /dev/null @@ -1,140 +0,0 @@ -/* - * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include "internal/cryptlib.h" -#include "bn_local.h" - -/* least significant word */ -#define BN_lsw(n) (((n)->top == 0) ? (BN_ULONG) 0 : (n)->d[0]) - -/* Returns -2 for errors because both -1 and 0 are valid results. */ -int BN_kronecker(const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) -{ - int i; - int ret = -2; /* avoid 'uninitialized' warning */ - int err = 0; - BIGNUM *A, *B, *tmp; - /*- - * In 'tab', only odd-indexed entries are relevant: - * For any odd BIGNUM n, - * tab[BN_lsw(n) & 7] - * is $(-1)^{(n^2-1)/8}$ (using TeX notation). - * Note that the sign of n does not matter. - */ - static const int tab[8] = { 0, 1, 0, -1, 0, -1, 0, 1 }; - - bn_check_top(a); - bn_check_top(b); - - BN_CTX_start(ctx); - A = BN_CTX_get(ctx); - B = BN_CTX_get(ctx); - if (B == NULL) - goto end; - - err = !BN_copy(A, a); - if (err) - goto end; - err = !BN_copy(B, b); - if (err) - goto end; - - /* - * Kronecker symbol, implemented according to Henri Cohen, - * "A Course in Computational Algebraic Number Theory" - * (algorithm 1.4.10). - */ - - /* Cohen's step 1: */ - - if (BN_is_zero(B)) { - ret = BN_abs_is_word(A, 1); - goto end; - } - - /* Cohen's step 2: */ - - if (!BN_is_odd(A) && !BN_is_odd(B)) { - ret = 0; - goto end; - } - - /* now B is non-zero */ - i = 0; - while (!BN_is_bit_set(B, i)) - i++; - err = !BN_rshift(B, B, i); - if (err) - goto end; - if (i & 1) { - /* i is odd */ - /* (thus B was even, thus A must be odd!) */ - - /* set 'ret' to $(-1)^{(A^2-1)/8}$ */ - ret = tab[BN_lsw(A) & 7]; - } else { - /* i is even */ - ret = 1; - } - - if (B->neg) { - B->neg = 0; - if (A->neg) - ret = -ret; - } - - /* - * now B is positive and odd, so what remains to be done is to compute - * the Jacobi symbol (A/B) and multiply it by 'ret' - */ - - while (1) { - /* Cohen's step 3: */ - - /* B is positive and odd */ - - if (BN_is_zero(A)) { - ret = BN_is_one(B) ? ret : 0; - goto end; - } - - /* now A is non-zero */ - i = 0; - while (!BN_is_bit_set(A, i)) - i++; - err = !BN_rshift(A, A, i); - if (err) - goto end; - if (i & 1) { - /* i is odd */ - /* multiply 'ret' by $(-1)^{(B^2-1)/8}$ */ - ret = ret * tab[BN_lsw(B) & 7]; - } - - /* Cohen's step 4: */ - /* multiply 'ret' by $(-1)^{(A-1)(B-1)/4}$ */ - if ((A->neg ? ~BN_lsw(A) : BN_lsw(A)) & BN_lsw(B) & 2) - ret = -ret; - - /* (A, B) := (B mod |A|, |A|) */ - err = !BN_nnmod(B, B, A, ctx); - if (err) - goto end; - tmp = A; - A = B; - B = tmp; - tmp->neg = 0; - } - end: - BN_CTX_end(ctx); - if (err) - return -2; - else - return ret; -} diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c deleted file mode 100644 index 7ad6842560b4fab06a4bd70405d9750cd8184c7e..0000000000000000000000000000000000000000 --- a/crypto/bn/bn_lib.c +++ /dev/null @@ -1,1041 +0,0 @@ -/* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include "internal/cryptlib.h" -#include "internal/endian.h" -#include "bn_local.h" -#include -#include "internal/constant_time.h" - -/* This stuff appears to be completely unused, so is deprecated */ -#ifndef OPENSSL_NO_DEPRECATED_0_9_8 -/*- - * For a 32 bit machine - * 2 - 4 == 128 - * 3 - 8 == 256 - * 4 - 16 == 512 - * 5 - 32 == 1024 - * 6 - 64 == 2048 - * 7 - 128 == 4096 - * 8 - 256 == 8192 - */ -static int bn_limit_bits = 0; -static int bn_limit_num = 8; /* (1<= 0) { - if (mult > (int)(sizeof(int) * 8) - 1) - mult = sizeof(int) * 8 - 1; - bn_limit_bits = mult; - bn_limit_num = 1 << mult; - } - if (high >= 0) { - if (high > (int)(sizeof(int) * 8) - 1) - high = sizeof(int) * 8 - 1; - bn_limit_bits_high = high; - bn_limit_num_high = 1 << high; - } - if (low >= 0) { - if (low > (int)(sizeof(int) * 8) - 1) - low = sizeof(int) * 8 - 1; - bn_limit_bits_low = low; - bn_limit_num_low = 1 << low; - } - if (mont >= 0) { - if (mont > (int)(sizeof(int) * 8) - 1) - mont = sizeof(int) * 8 - 1; - bn_limit_bits_mont = mont; - bn_limit_num_mont = 1 << mont; - } -} - -int BN_get_params(int which) -{ - if (which == 0) - return bn_limit_bits; - else if (which == 1) - return bn_limit_bits_high; - else if (which == 2) - return bn_limit_bits_low; - else if (which == 3) - return bn_limit_bits_mont; - else - return 0; -} -#endif - -const BIGNUM *BN_value_one(void) -{ - static const BN_ULONG data_one = 1L; - static const BIGNUM const_one = - { (BN_ULONG *)&data_one, 1, 1, 0, BN_FLG_STATIC_DATA }; - - return &const_one; -} - -/* - * Old Visual Studio ARM compiler miscompiles BN_num_bits_word() - * https://mta.openssl.org/pipermail/openssl-users/2018-August/008465.html - */ -#if defined(_MSC_VER) && defined(_ARM_) && defined(_WIN32_WCE) \ - && _MSC_VER>=1400 && _MSC_VER<1501 -# define MS_BROKEN_BN_num_bits_word -# pragma optimize("", off) -#endif -int BN_num_bits_word(BN_ULONG l) -{ - BN_ULONG x, mask; - int bits = (l != 0); - -#if BN_BITS2 > 32 - x = l >> 32; - mask = (0 - x) & BN_MASK2; - mask = (0 - (mask >> (BN_BITS2 - 1))); - bits += 32 & mask; - l ^= (x ^ l) & mask; -#endif - - x = l >> 16; - mask = (0 - x) & BN_MASK2; - mask = (0 - (mask >> (BN_BITS2 - 1))); - bits += 16 & mask; - l ^= (x ^ l) & mask; - - x = l >> 8; - mask = (0 - x) & BN_MASK2; - mask = (0 - (mask >> (BN_BITS2 - 1))); - bits += 8 & mask; - l ^= (x ^ l) & mask; - - x = l >> 4; - mask = (0 - x) & BN_MASK2; - mask = (0 - (mask >> (BN_BITS2 - 1))); - bits += 4 & mask; - l ^= (x ^ l) & mask; - - x = l >> 2; - mask = (0 - x) & BN_MASK2; - mask = (0 - (mask >> (BN_BITS2 - 1))); - bits += 2 & mask; - l ^= (x ^ l) & mask; - - x = l >> 1; - mask = (0 - x) & BN_MASK2; - mask = (0 - (mask >> (BN_BITS2 - 1))); - bits += 1 & mask; - - return bits; -} -#ifdef MS_BROKEN_BN_num_bits_word -# pragma optimize("", on) -#endif - -/* - * This function still leaks `a->dmax`: it's caller's responsibility to - * expand the input `a` in advance to a public length. - */ -static ossl_inline -int bn_num_bits_consttime(const BIGNUM *a) -{ - int j, ret; - unsigned int mask, past_i; - int i = a->top - 1; - bn_check_top(a); - - for (j = 0, past_i = 0, ret = 0; j < a->dmax; j++) { - mask = constant_time_eq_int(i, j); /* 0xff..ff if i==j, 0x0 otherwise */ - - ret += BN_BITS2 & (~mask & ~past_i); - ret += BN_num_bits_word(a->d[j]) & mask; - - past_i |= mask; /* past_i will become 0xff..ff after i==j */ - } - - /* - * if BN_is_zero(a) => i is -1 and ret contains garbage, so we mask the - * final result. - */ - mask = ~(constant_time_eq_int(i, ((int)-1))); - - return ret & mask; -} - -int BN_num_bits(const BIGNUM *a) -{ - int i = a->top - 1; - bn_check_top(a); - - if (a->flags & BN_FLG_CONSTTIME) { - /* - * We assume that BIGNUMs flagged as CONSTTIME have also been expanded - * so that a->dmax is not leaking secret information. - * - * In other words, it's the caller's responsibility to ensure `a` has - * been preallocated in advance to a public length if we hit this - * branch. - * - */ - return bn_num_bits_consttime(a); - } - - if (BN_is_zero(a)) - return 0; - - return ((i * BN_BITS2) + BN_num_bits_word(a->d[i])); -} - -static void bn_free_d(BIGNUM *a, int clear) -{ - if (BN_get_flags(a, BN_FLG_SECURE)) - OPENSSL_secure_clear_free(a->d, a->dmax * sizeof(a->d[0])); - else if (clear != 0) - OPENSSL_clear_free(a->d, a->dmax * sizeof(a->d[0])); - else - OPENSSL_free(a->d); -} - - -void BN_clear_free(BIGNUM *a) -{ - if (a == NULL) - return; - if (a->d != NULL && !BN_get_flags(a, BN_FLG_STATIC_DATA)) - bn_free_d(a, 1); - if (BN_get_flags(a, BN_FLG_MALLOCED)) { - OPENSSL_cleanse(a, sizeof(*a)); - OPENSSL_free(a); - } -} - -void BN_free(BIGNUM *a) -{ - if (a == NULL) - return; - if (!BN_get_flags(a, BN_FLG_STATIC_DATA)) - bn_free_d(a, 0); - if (a->flags & BN_FLG_MALLOCED) - OPENSSL_free(a); -} - -void bn_init(BIGNUM *a) -{ - static BIGNUM nilbn; - - *a = nilbn; - bn_check_top(a); -} - -BIGNUM *BN_new(void) -{ - BIGNUM *ret; - - if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL) { - ERR_raise(ERR_LIB_BN, ERR_R_MALLOC_FAILURE); - return NULL; - } - ret->flags = BN_FLG_MALLOCED; - bn_check_top(ret); - return ret; -} - - BIGNUM *BN_secure_new(void) - { - BIGNUM *ret = BN_new(); - if (ret != NULL) - ret->flags |= BN_FLG_SECURE; - return ret; - } - -/* This is used by bn_expand2() */ -/* The caller MUST check that words > b->dmax before calling this */ -static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words) -{ - BN_ULONG *a = NULL; - - if (words > (INT_MAX / (4 * BN_BITS2))) { - ERR_raise(ERR_LIB_BN, BN_R_BIGNUM_TOO_LONG); - return NULL; - } - if (BN_get_flags(b, BN_FLG_STATIC_DATA)) { - ERR_raise(ERR_LIB_BN, BN_R_EXPAND_ON_STATIC_BIGNUM_DATA); - return NULL; - } - if (BN_get_flags(b, BN_FLG_SECURE)) - a = OPENSSL_secure_zalloc(words * sizeof(*a)); - else - a = OPENSSL_zalloc(words * sizeof(*a)); - if (a == NULL) { - ERR_raise(ERR_LIB_BN, ERR_R_MALLOC_FAILURE); - return NULL; - } - - assert(b->top <= words); - if (b->top > 0) - memcpy(a, b->d, sizeof(*a) * b->top); - - return a; -} - -/* - * This is an internal function that should not be used in applications. It - * ensures that 'b' has enough room for a 'words' word number and initialises - * any unused part of b->d with leading zeros. It is mostly used by the - * various BIGNUM routines. If there is an error, NULL is returned. If not, - * 'b' is returned. - */ - -BIGNUM *bn_expand2(BIGNUM *b, int words) -{ - if (words > b->dmax) { - BN_ULONG *a = bn_expand_internal(b, words); - if (!a) - return NULL; - if (b->d != NULL) - bn_free_d(b, 1); - b->d = a; - b->dmax = words; - } - - return b; -} - -BIGNUM *BN_dup(const BIGNUM *a) -{ - BIGNUM *t; - - if (a == NULL) - return NULL; - bn_check_top(a); - - t = BN_get_flags(a, BN_FLG_SECURE) ? BN_secure_new() : BN_new(); - if (t == NULL) - return NULL; - if (!BN_copy(t, a)) { - BN_free(t); - return NULL; - } - bn_check_top(t); - return t; -} - -BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b) -{ - int bn_words; - - bn_check_top(b); - - bn_words = BN_get_flags(b, BN_FLG_CONSTTIME) ? b->dmax : b->top; - - if (a == b) - return a; - if (bn_wexpand(a, bn_words) == NULL) - return NULL; - - if (b->top > 0) - memcpy(a->d, b->d, sizeof(b->d[0]) * bn_words); - - a->neg = b->neg; - a->top = b->top; - a->flags |= b->flags & BN_FLG_FIXED_TOP; - bn_check_top(a); - return a; -} - -#define FLAGS_DATA(flags) ((flags) & (BN_FLG_STATIC_DATA \ - | BN_FLG_CONSTTIME \ - | BN_FLG_SECURE \ - | BN_FLG_FIXED_TOP)) -#define FLAGS_STRUCT(flags) ((flags) & (BN_FLG_MALLOCED)) - -void BN_swap(BIGNUM *a, BIGNUM *b) -{ - int flags_old_a, flags_old_b; - BN_ULONG *tmp_d; - int tmp_top, tmp_dmax, tmp_neg; - - bn_check_top(a); - bn_check_top(b); - - flags_old_a = a->flags; - flags_old_b = b->flags; - - tmp_d = a->d; - tmp_top = a->top; - tmp_dmax = a->dmax; - tmp_neg = a->neg; - - a->d = b->d; - a->top = b->top; - a->dmax = b->dmax; - a->neg = b->neg; - - b->d = tmp_d; - b->top = tmp_top; - b->dmax = tmp_dmax; - b->neg = tmp_neg; - - a->flags = FLAGS_STRUCT(flags_old_a) | FLAGS_DATA(flags_old_b); - b->flags = FLAGS_STRUCT(flags_old_b) | FLAGS_DATA(flags_old_a); - bn_check_top(a); - bn_check_top(b); -} - -void BN_clear(BIGNUM *a) -{ - if (a == NULL) - return; - bn_check_top(a); - if (a->d != NULL) - OPENSSL_cleanse(a->d, sizeof(*a->d) * a->dmax); - a->neg = 0; - a->top = 0; - a->flags &= ~BN_FLG_FIXED_TOP; -} - -BN_ULONG BN_get_word(const BIGNUM *a) -{ - if (a->top > 1) - return BN_MASK2; - else if (a->top == 1) - return a->d[0]; - /* a->top == 0 */ - return 0; -} - -int BN_set_word(BIGNUM *a, BN_ULONG w) -{ - bn_check_top(a); - if (bn_expand(a, (int)sizeof(BN_ULONG) * 8) == NULL) - return 0; - a->neg = 0; - a->d[0] = w; - a->top = (w ? 1 : 0); - a->flags &= ~BN_FLG_FIXED_TOP; - bn_check_top(a); - return 1; -} - -BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret) -{ - unsigned int i, m; - unsigned int n; - BN_ULONG l; - BIGNUM *bn = NULL; - - if (ret == NULL) - ret = bn = BN_new(); - if (ret == NULL) - return NULL; - bn_check_top(ret); - /* Skip leading zero's. */ - for ( ; len > 0 && *s == 0; s++, len--) - continue; - n = len; - if (n == 0) { - ret->top = 0; - return ret; - } - i = ((n - 1) / BN_BYTES) + 1; - m = ((n - 1) % (BN_BYTES)); - if (bn_wexpand(ret, (int)i) == NULL) { - BN_free(bn); - return NULL; - } - ret->top = i; - ret->neg = 0; - l = 0; - while (n--) { - l = (l << 8L) | *(s++); - if (m-- == 0) { - ret->d[--i] = l; - l = 0; - m = BN_BYTES - 1; - } - } - /* - * need to call this due to clear byte at top if avoiding having the top - * bit set (-ve number) - */ - bn_correct_top(ret); - return ret; -} - -typedef enum {big, little} endianess_t; - -/* ignore negative */ -static -int bn2binpad(const BIGNUM *a, unsigned char *to, int tolen, endianess_t endianess) -{ - int n; - size_t i, lasti, j, atop, mask; - BN_ULONG l; - - /* - * In case |a| is fixed-top, BN_num_bytes can return bogus length, - * but it's assumed that fixed-top inputs ought to be "nominated" - * even for padded output, so it works out... - */ - n = BN_num_bytes(a); - if (tolen == -1) { - tolen = n; - } else if (tolen < n) { /* uncommon/unlike case */ - BIGNUM temp = *a; - - bn_correct_top(&temp); - n = BN_num_bytes(&temp); - if (tolen < n) - return -1; - } - - /* Swipe through whole available data and don't give away padded zero. */ - atop = a->dmax * BN_BYTES; - if (atop == 0) { - if (tolen != 0) - memset(to, '\0', tolen); - return tolen; - } - - lasti = atop - 1; - atop = a->top * BN_BYTES; - if (endianess == big) - to += tolen; /* start from the end of the buffer */ - for (i = 0, j = 0; j < (size_t)tolen; j++) { - unsigned char val; - l = a->d[i / BN_BYTES]; - mask = 0 - ((j - atop) >> (8 * sizeof(i) - 1)); - val = (unsigned char)(l >> (8 * (i % BN_BYTES)) & mask); - if (endianess == big) - *--to = val; - else - *to++ = val; - i += (i - lasti) >> (8 * sizeof(i) - 1); /* stay on last limb */ - } - - return tolen; -} - -int BN_bn2binpad(const BIGNUM *a, unsigned char *to, int tolen) -{ - if (tolen < 0) - return -1; - return bn2binpad(a, to, tolen, big); -} - -int BN_bn2bin(const BIGNUM *a, unsigned char *to) -{ - return bn2binpad(a, to, -1, big); -} - -BIGNUM *BN_lebin2bn(const unsigned char *s, int len, BIGNUM *ret) -{ - unsigned int i, m; - unsigned int n; - BN_ULONG l; - BIGNUM *bn = NULL; - - if (ret == NULL) - ret = bn = BN_new(); - if (ret == NULL) - return NULL; - bn_check_top(ret); - s += len; - /* Skip trailing zeroes. */ - for ( ; len > 0 && s[-1] == 0; s--, len--) - continue; - n = len; - if (n == 0) { - ret->top = 0; - return ret; - } - i = ((n - 1) / BN_BYTES) + 1; - m = ((n - 1) % (BN_BYTES)); - if (bn_wexpand(ret, (int)i) == NULL) { - BN_free(bn); - return NULL; - } - ret->top = i; - ret->neg = 0; - l = 0; - while (n--) { - s--; - l = (l << 8L) | *s; - if (m-- == 0) { - ret->d[--i] = l; - l = 0; - m = BN_BYTES - 1; - } - } - /* - * need to call this due to clear byte at top if avoiding having the top - * bit set (-ve number) - */ - bn_correct_top(ret); - return ret; -} - -int BN_bn2lebinpad(const BIGNUM *a, unsigned char *to, int tolen) -{ - if (tolen < 0) - return -1; - return bn2binpad(a, to, tolen, little); -} - -BIGNUM *BN_native2bn(const unsigned char *s, int len, BIGNUM *ret) -{ - DECLARE_IS_ENDIAN; - - if (IS_LITTLE_ENDIAN) - return BN_lebin2bn(s, len, ret); - return BN_bin2bn(s, len, ret); -} - -int BN_bn2nativepad(const BIGNUM *a, unsigned char *to, int tolen) -{ - DECLARE_IS_ENDIAN; - - if (IS_LITTLE_ENDIAN) - return BN_bn2lebinpad(a, to, tolen); - return BN_bn2binpad(a, to, tolen); -} - -int BN_ucmp(const BIGNUM *a, const BIGNUM *b) -{ - int i; - BN_ULONG t1, t2, *ap, *bp; - - bn_check_top(a); - bn_check_top(b); - - i = a->top - b->top; - if (i != 0) - return i; - ap = a->d; - bp = b->d; - for (i = a->top - 1; i >= 0; i--) { - t1 = ap[i]; - t2 = bp[i]; - if (t1 != t2) - return ((t1 > t2) ? 1 : -1); - } - return 0; -} - -int BN_cmp(const BIGNUM *a, const BIGNUM *b) -{ - int i; - int gt, lt; - BN_ULONG t1, t2; - - if ((a == NULL) || (b == NULL)) { - if (a != NULL) - return -1; - else if (b != NULL) - return 1; - else - return 0; - } - - bn_check_top(a); - bn_check_top(b); - - if (a->neg != b->neg) { - if (a->neg) - return -1; - else - return 1; - } - if (a->neg == 0) { - gt = 1; - lt = -1; - } else { - gt = -1; - lt = 1; - } - - if (a->top > b->top) - return gt; - if (a->top < b->top) - return lt; - for (i = a->top - 1; i >= 0; i--) { - t1 = a->d[i]; - t2 = b->d[i]; - if (t1 > t2) - return gt; - if (t1 < t2) - return lt; - } - return 0; -} - -int BN_set_bit(BIGNUM *a, int n) -{ - int i, j, k; - - if (n < 0) - return 0; - - i = n / BN_BITS2; - j = n % BN_BITS2; - if (a->top <= i) { - if (bn_wexpand(a, i + 1) == NULL) - return 0; - for (k = a->top; k < i + 1; k++) - a->d[k] = 0; - a->top = i + 1; - a->flags &= ~BN_FLG_FIXED_TOP; - } - - a->d[i] |= (((BN_ULONG)1) << j); - bn_check_top(a); - return 1; -} - -int BN_clear_bit(BIGNUM *a, int n) -{ - int i, j; - - bn_check_top(a); - if (n < 0) - return 0; - - i = n / BN_BITS2; - j = n % BN_BITS2; - if (a->top <= i) - return 0; - - a->d[i] &= (~(((BN_ULONG)1) << j)); - bn_correct_top(a); - return 1; -} - -int BN_is_bit_set(const BIGNUM *a, int n) -{ - int i, j; - - bn_check_top(a); - if (n < 0) - return 0; - i = n / BN_BITS2; - j = n % BN_BITS2; - if (a->top <= i) - return 0; - return (int)(((a->d[i]) >> j) & ((BN_ULONG)1)); -} - -int BN_mask_bits(BIGNUM *a, int n) -{ - int b, w; - - bn_check_top(a); - if (n < 0) - return 0; - - w = n / BN_BITS2; - b = n % BN_BITS2; - if (w >= a->top) - return 0; - if (b == 0) - a->top = w; - else { - a->top = w + 1; - a->d[w] &= ~(BN_MASK2 << b); - } - bn_correct_top(a); - return 1; -} - -void BN_set_negative(BIGNUM *a, int b) -{ - if (b && !BN_is_zero(a)) - a->neg = 1; - else - a->neg = 0; -} - -int bn_cmp_words(const BN_ULONG *a, const BN_ULONG *b, int n) -{ - int i; - BN_ULONG aa, bb; - - if (n == 0) - return 0; - - aa = a[n - 1]; - bb = b[n - 1]; - if (aa != bb) - return ((aa > bb) ? 1 : -1); - for (i = n - 2; i >= 0; i--) { - aa = a[i]; - bb = b[i]; - if (aa != bb) - return ((aa > bb) ? 1 : -1); - } - return 0; -} - -/* - * Here follows a specialised variants of bn_cmp_words(). It has the - * capability of performing the operation on arrays of different sizes. The - * sizes of those arrays is expressed through cl, which is the common length - * ( basically, min(len(a),len(b)) ), and dl, which is the delta between the - * two lengths, calculated as len(a)-len(b). All lengths are the number of - * BN_ULONGs... - */ - -int bn_cmp_part_words(const BN_ULONG *a, const BN_ULONG *b, int cl, int dl) -{ - int n, i; - n = cl - 1; - - if (dl < 0) { - for (i = dl; i < 0; i++) { - if (b[n - i] != 0) - return -1; /* a < b */ - } - } - if (dl > 0) { - for (i = dl; i > 0; i--) { - if (a[n + i] != 0) - return 1; /* a > b */ - } - } - return bn_cmp_words(a, b, cl); -} - -/*- - * Constant-time conditional swap of a and b. - * a and b are swapped if condition is not 0. - * nwords is the number of words to swap. - * Assumes that at least nwords are allocated in both a and b. - * Assumes that no more than nwords are used by either a or b. - */ -void BN_consttime_swap(BN_ULONG condition, BIGNUM *a, BIGNUM *b, int nwords) -{ - BN_ULONG t; - int i; - - if (a == b) - return; - - bn_wcheck_size(a, nwords); - bn_wcheck_size(b, nwords); - - condition = ((~condition & ((condition - 1))) >> (BN_BITS2 - 1)) - 1; - - t = (a->top ^ b->top) & condition; - a->top ^= t; - b->top ^= t; - - t = (a->neg ^ b->neg) & condition; - a->neg ^= t; - b->neg ^= t; - - /*- - * BN_FLG_STATIC_DATA: indicates that data may not be written to. Intention - * is actually to treat it as it's read-only data, and some (if not most) - * of it does reside in read-only segment. In other words observation of - * BN_FLG_STATIC_DATA in BN_consttime_swap should be treated as fatal - * condition. It would either cause SEGV or effectively cause data - * corruption. - * - * BN_FLG_MALLOCED: refers to BN structure itself, and hence must be - * preserved. - * - * BN_FLG_SECURE: must be preserved, because it determines how x->d was - * allocated and hence how to free it. - * - * BN_FLG_CONSTTIME: sufficient to mask and swap - * - * BN_FLG_FIXED_TOP: indicates that we haven't called bn_correct_top() on - * the data, so the d array may be padded with additional 0 values (i.e. - * top could be greater than the minimal value that it could be). We should - * be swapping it - */ - -#define BN_CONSTTIME_SWAP_FLAGS (BN_FLG_CONSTTIME | BN_FLG_FIXED_TOP) - - t = ((a->flags ^ b->flags) & BN_CONSTTIME_SWAP_FLAGS) & condition; - a->flags ^= t; - b->flags ^= t; - - /* conditionally swap the data */ - for (i = 0; i < nwords; i++) { - t = (a->d[i] ^ b->d[i]) & condition; - a->d[i] ^= t; - b->d[i] ^= t; - } -} - -#undef BN_CONSTTIME_SWAP_FLAGS - -/* Bits of security, see SP800-57 */ - -int BN_security_bits(int L, int N) -{ - int secbits, bits; - if (L >= 15360) - secbits = 256; - else if (L >= 7680) - secbits = 192; - else if (L >= 3072) - secbits = 128; - else if (L >= 2048) - secbits = 112; - else if (L >= 1024) - secbits = 80; - else - return 0; - if (N == -1) - return secbits; - bits = N / 2; - if (bits < 80) - return 0; - return bits >= secbits ? secbits : bits; -} - -void BN_zero_ex(BIGNUM *a) -{ - a->neg = 0; - a->top = 0; - a->flags &= ~BN_FLG_FIXED_TOP; -} - -int BN_abs_is_word(const BIGNUM *a, const BN_ULONG w) -{ - return ((a->top == 1) && (a->d[0] == w)) || ((w == 0) && (a->top == 0)); -} - -int BN_is_zero(const BIGNUM *a) -{ - return a->top == 0; -} - -int BN_is_one(const BIGNUM *a) -{ - return BN_abs_is_word(a, 1) && !a->neg; -} - -int BN_is_word(const BIGNUM *a, const BN_ULONG w) -{ - return BN_abs_is_word(a, w) && (!w || !a->neg); -} - -int BN_is_odd(const BIGNUM *a) -{ - return (a->top > 0) && (a->d[0] & 1); -} - -int BN_is_negative(const BIGNUM *a) -{ - return (a->neg != 0); -} - -int BN_to_montgomery(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont, - BN_CTX *ctx) -{ - return BN_mod_mul_montgomery(r, a, &(mont->RR), mont, ctx); -} - -void BN_with_flags(BIGNUM *dest, const BIGNUM *b, int flags) -{ - dest->d = b->d; - dest->top = b->top; - dest->dmax = b->dmax; - dest->neg = b->neg; - dest->flags = ((dest->flags & BN_FLG_MALLOCED) - | (b->flags & ~BN_FLG_MALLOCED) - | BN_FLG_STATIC_DATA | flags); -} - -BN_GENCB *BN_GENCB_new(void) -{ - BN_GENCB *ret; - - if ((ret = OPENSSL_malloc(sizeof(*ret))) == NULL) { - ERR_raise(ERR_LIB_BN, ERR_R_MALLOC_FAILURE); - return NULL; - } - - return ret; -} - -void BN_GENCB_free(BN_GENCB *cb) -{ - if (cb == NULL) - return; - OPENSSL_free(cb); -} - -void BN_set_flags(BIGNUM *b, int n) -{ - b->flags |= n; -} - -int BN_get_flags(const BIGNUM *b, int n) -{ - return b->flags & n; -} - -/* Populate a BN_GENCB structure with an "old"-style callback */ -void BN_GENCB_set_old(BN_GENCB *gencb, void (*callback) (int, int, void *), - void *cb_arg) -{ - BN_GENCB *tmp_gencb = gencb; - tmp_gencb->ver = 1; - tmp_gencb->arg = cb_arg; - tmp_gencb->cb.cb_1 = callback; -} - -/* Populate a BN_GENCB structure with a "new"-style callback */ -void BN_GENCB_set(BN_GENCB *gencb, int (*callback) (int, int, BN_GENCB *), - void *cb_arg) -{ - BN_GENCB *tmp_gencb = gencb; - tmp_gencb->ver = 2; - tmp_gencb->arg = cb_arg; - tmp_gencb->cb.cb_2 = callback; -} - -void *BN_GENCB_get_arg(BN_GENCB *cb) -{ - return cb->arg; -} - -BIGNUM *bn_wexpand(BIGNUM *a, int words) -{ - return (words <= a->dmax) ? a : bn_expand2(a, words); -} - -void bn_correct_top(BIGNUM *a) -{ - BN_ULONG *ftl; - int tmp_top = a->top; - - if (tmp_top > 0) { - for (ftl = &(a->d[tmp_top]); tmp_top > 0; tmp_top--) { - ftl--; - if (*ftl != 0) - break; - } - a->top = tmp_top; - } - if (a->top == 0) - a->neg = 0; - a->flags &= ~BN_FLG_FIXED_TOP; - bn_pollute(a); -} diff --git a/crypto/bn/bn_local.h b/crypto/bn/bn_local.h deleted file mode 100644 index 2ca6a3496fb75017bf2267b1e4d76735aa7ad6db..0000000000000000000000000000000000000000 --- a/crypto/bn/bn_local.h +++ /dev/null @@ -1,692 +0,0 @@ -/* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#ifndef OSSL_CRYPTO_BN_LOCAL_H -# define OSSL_CRYPTO_BN_LOCAL_H - -/* - * The EDK2 build doesn't use bn_conf.h; it sets THIRTY_TWO_BIT or - * SIXTY_FOUR_BIT in its own environment since it doesn't re-run our - * Configure script and needs to support both 32-bit and 64-bit. - */ -# include - -# if !defined(OPENSSL_SYS_UEFI) -# include "crypto/bn_conf.h" -# endif - -# include "crypto/bn.h" -# include "internal/cryptlib.h" -# include "internal/numbers.h" - -/* - * These preprocessor symbols control various aspects of the bignum headers - * and library code. They're not defined by any "normal" configuration, as - * they are intended for development and testing purposes. NB: defining - * them can be useful for debugging application code as well as openssl - * itself. BN_DEBUG - turn on various debugging alterations to the bignum - * code BN_RAND_DEBUG - uses random poisoning of unused words to trip up - * mismanagement of bignum internals. Enable BN_RAND_DEBUG is known to - * break some of the OpenSSL tests. - */ -# if defined(BN_RAND_DEBUG) && !defined(BN_DEBUG) -# define BN_DEBUG -# endif -# if defined(BN_RAND_DEBUG) -# include -# endif - -# ifndef OPENSSL_SMALL_FOOTPRINT -# define BN_MUL_COMBA -# define BN_SQR_COMBA -# define BN_RECURSION -# endif - -/* - * This next option uses the C libraries (2 word)/(1 word) function. If it is - * not defined, I use my C version (which is slower). The reason for this - * flag is that when the particular C compiler library routine is used, and - * the library is linked with a different compiler, the library is missing. - * This mostly happens when the library is built with gcc and then linked - * using normal cc. This would be a common occurrence because gcc normally - * produces code that is 2 times faster than system compilers for the big - * number stuff. For machines with only one compiler (or shared libraries), - * this should be on. Again this in only really a problem on machines using - * "long long's", are 32bit, and are not using my assembler code. - */ -# if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WINDOWS) || \ - defined(OPENSSL_SYS_WIN32) || defined(linux) -# define BN_DIV2W -# endif - -/* - * 64-bit processor with LP64 ABI - */ -# ifdef SIXTY_FOUR_BIT_LONG -# define BN_ULLONG unsigned long long -# define BN_BITS4 32 -# define BN_MASK2 (0xffffffffffffffffL) -# define BN_MASK2l (0xffffffffL) -# define BN_MASK2h (0xffffffff00000000L) -# define BN_MASK2h1 (0xffffffff80000000L) -# define BN_DEC_CONV (10000000000000000000UL) -# define BN_DEC_NUM 19 -# define BN_DEC_FMT1 "%lu" -# define BN_DEC_FMT2 "%019lu" -# endif - -/* - * 64-bit processor other than LP64 ABI - */ -# ifdef SIXTY_FOUR_BIT -# undef BN_LLONG -# undef BN_ULLONG -# define BN_BITS4 32 -# define BN_MASK2 (0xffffffffffffffffLL) -# define BN_MASK2l (0xffffffffL) -# define BN_MASK2h (0xffffffff00000000LL) -# define BN_MASK2h1 (0xffffffff80000000LL) -# define BN_DEC_CONV (10000000000000000000ULL) -# define BN_DEC_NUM 19 -# define BN_DEC_FMT1 "%llu" -# define BN_DEC_FMT2 "%019llu" -# endif - -# ifdef THIRTY_TWO_BIT -# ifdef BN_LLONG -# if defined(_WIN32) && !defined(__GNUC__) -# define BN_ULLONG unsigned __int64 -# else -# define BN_ULLONG unsigned long long -# endif -# endif -# define BN_BITS4 16 -# define BN_MASK2 (0xffffffffL) -# define BN_MASK2l (0xffff) -# define BN_MASK2h1 (0xffff8000L) -# define BN_MASK2h (0xffff0000L) -# define BN_DEC_CONV (1000000000L) -# define BN_DEC_NUM 9 -# define BN_DEC_FMT1 "%u" -# define BN_DEC_FMT2 "%09u" -# endif - - -/*- - * Bignum consistency macros - * There is one "API" macro, bn_fix_top(), for stripping leading zeroes from - * bignum data after direct manipulations on the data. There is also an - * "internal" macro, bn_check_top(), for verifying that there are no leading - * zeroes. Unfortunately, some auditing is required due to the fact that - * bn_fix_top() has become an overabused duct-tape because bignum data is - * occasionally passed around in an inconsistent state. So the following - * changes have been made to sort this out; - * - bn_fix_top()s implementation has been moved to bn_correct_top() - * - if BN_DEBUG isn't defined, bn_fix_top() maps to bn_correct_top(), and - * bn_check_top() is as before. - * - if BN_DEBUG *is* defined; - * - bn_check_top() tries to pollute unused words even if the bignum 'top' is - * consistent. (ed: only if BN_RAND_DEBUG is defined) - * - bn_fix_top() maps to bn_check_top() rather than "fixing" anything. - * The idea is to have debug builds flag up inconsistent bignums when they - * occur. If that occurs in a bn_fix_top(), we examine the code in question; if - * the use of bn_fix_top() was appropriate (ie. it follows directly after code - * that manipulates the bignum) it is converted to bn_correct_top(), and if it - * was not appropriate, we convert it permanently to bn_check_top() and track - * down the cause of the bug. Eventually, no internal code should be using the - * bn_fix_top() macro. External applications and libraries should try this with - * their own code too, both in terms of building against the openssl headers - * with BN_DEBUG defined *and* linking with a version of OpenSSL built with it - * defined. This not only improves external code, it provides more test - * coverage for openssl's own code. - */ - -# ifdef BN_DEBUG -/* - * The new BN_FLG_FIXED_TOP flag marks vectors that were not treated with - * bn_correct_top, in other words such vectors are permitted to have zeros - * in most significant limbs. Such vectors are used internally to achieve - * execution time invariance for critical operations with private keys. - * It's BN_DEBUG-only flag, because user application is not supposed to - * observe it anyway. Moreover, optimizing compiler would actually remove - * all operations manipulating the bit in question in non-BN_DEBUG build. - */ -# define BN_FLG_FIXED_TOP 0x10000 -# ifdef BN_RAND_DEBUG -# define bn_pollute(a) \ - do { \ - const BIGNUM *_bnum1 = (a); \ - if (_bnum1->top < _bnum1->dmax) { \ - unsigned char _tmp_char; \ - /* We cast away const without the compiler knowing, any \ - * *genuinely* constant variables that aren't mutable \ - * wouldn't be constructed with top!=dmax. */ \ - BN_ULONG *_not_const; \ - memcpy(&_not_const, &_bnum1->d, sizeof(_not_const)); \ - (void)RAND_bytes(&_tmp_char, 1); /* Debug only - safe to ignore error return */\ - memset(_not_const + _bnum1->top, _tmp_char, \ - sizeof(*_not_const) * (_bnum1->dmax - _bnum1->top)); \ - } \ - } while(0) -# else -# define bn_pollute(a) -# endif -# define bn_check_top(a) \ - do { \ - const BIGNUM *_bnum2 = (a); \ - if (_bnum2 != NULL) { \ - int _top = _bnum2->top; \ - (void)ossl_assert((_top == 0 && !_bnum2->neg) || \ - (_top && ((_bnum2->flags & BN_FLG_FIXED_TOP) \ - || _bnum2->d[_top - 1] != 0))); \ - bn_pollute(_bnum2); \ - } \ - } while(0) - -# define bn_fix_top(a) bn_check_top(a) - -# define bn_check_size(bn, bits) bn_wcheck_size(bn, ((bits+BN_BITS2-1))/BN_BITS2) -# define bn_wcheck_size(bn, words) \ - do { \ - const BIGNUM *_bnum2 = (bn); \ - assert((words) <= (_bnum2)->dmax && \ - (words) >= (_bnum2)->top); \ - /* avoid unused variable warning with NDEBUG */ \ - (void)(_bnum2); \ - } while(0) - -# else /* !BN_DEBUG */ - -# define BN_FLG_FIXED_TOP 0 -# define bn_pollute(a) -# define bn_check_top(a) -# define bn_fix_top(a) bn_correct_top(a) -# define bn_check_size(bn, bits) -# define bn_wcheck_size(bn, words) - -# endif - -BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, - BN_ULONG w); -BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w); -void bn_sqr_words(BN_ULONG *rp, const BN_ULONG *ap, int num); -BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d); -BN_ULONG bn_add_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, - int num); -BN_ULONG bn_sub_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, - int num); - -struct bignum_st { - BN_ULONG *d; /* Pointer to an array of 'BN_BITS2' bit - * chunks. */ - int top; /* Index of last used d +1. */ - /* The next are internal book keeping for bn_expand. */ - int dmax; /* Size of the d array. */ - int neg; /* one if the number is negative */ - int flags; -}; - -/* Used for montgomery multiplication */ -struct bn_mont_ctx_st { - int ri; /* number of bits in R */ - BIGNUM RR; /* used to convert to montgomery form, - possibly zero-padded */ - BIGNUM N; /* The modulus */ - BIGNUM Ni; /* R*(1/R mod N) - N*Ni = 1 (Ni is only - * stored for bignum algorithm) */ - BN_ULONG n0[2]; /* least significant word(s) of Ni; (type - * changed with 0.9.9, was "BN_ULONG n0;" - * before) */ - int flags; -}; - -/* - * Used for reciprocal division/mod functions It cannot be shared between - * threads - */ -struct bn_recp_ctx_st { - BIGNUM N; /* the divisor */ - BIGNUM Nr; /* the reciprocal */ - int num_bits; - int shift; - int flags; -}; - -/* Used for slow "generation" functions. */ -struct bn_gencb_st { - unsigned int ver; /* To handle binary (in)compatibility */ - void *arg; /* callback-specific data */ - union { - /* if (ver==1) - handles old style callbacks */ - void (*cb_1) (int, int, void *); - /* if (ver==2) - new callback style */ - int (*cb_2) (int, int, BN_GENCB *); - } cb; -}; - -struct bn_blinding_st { - BIGNUM *A; - BIGNUM *Ai; - BIGNUM *e; - BIGNUM *mod; /* just a reference */ - CRYPTO_THREAD_ID tid; - int counter; - unsigned long flags; - BN_MONT_CTX *m_ctx; - int (*bn_mod_exp) (BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); - CRYPTO_RWLOCK *lock; -}; - -/*- - * BN_window_bits_for_exponent_size -- macro for sliding window mod_exp functions - * - * - * For window size 'w' (w >= 2) and a random 'b' bits exponent, - * the number of multiplications is a constant plus on average - * - * 2^(w-1) + (b-w)/(w+1); - * - * here 2^(w-1) is for precomputing the table (we actually need - * entries only for windows that have the lowest bit set), and - * (b-w)/(w+1) is an approximation for the expected number of - * w-bit windows, not counting the first one. - * - * Thus we should use - * - * w >= 6 if b > 671 - * w = 5 if 671 > b > 239 - * w = 4 if 239 > b > 79 - * w = 3 if 79 > b > 23 - * w <= 2 if 23 > b - * - * (with draws in between). Very small exponents are often selected - * with low Hamming weight, so we use w = 1 for b <= 23. - */ -# define BN_window_bits_for_exponent_size(b) \ - ((b) > 671 ? 6 : \ - (b) > 239 ? 5 : \ - (b) > 79 ? 4 : \ - (b) > 23 ? 3 : 1) - -/* - * BN_mod_exp_mont_consttime is based on the assumption that the L1 data cache - * line width of the target processor is at least the following value. - */ -# define MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH ( 64 ) -# define MOD_EXP_CTIME_MIN_CACHE_LINE_MASK (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - 1) - -/* - * Window sizes optimized for fixed window size modular exponentiation - * algorithm (BN_mod_exp_mont_consttime). To achieve the security goals of - * BN_mode_exp_mont_consttime, the maximum size of the window must not exceed - * log_2(MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH). Window size thresholds are - * defined for cache line sizes of 32 and 64, cache line sizes where - * log_2(32)=5 and log_2(64)=6 respectively. A window size of 7 should only be - * used on processors that have a 128 byte or greater cache line size. - */ -# if MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH == 64 - -# define BN_window_bits_for_ctime_exponent_size(b) \ - ((b) > 937 ? 6 : \ - (b) > 306 ? 5 : \ - (b) > 89 ? 4 : \ - (b) > 22 ? 3 : 1) -# define BN_MAX_WINDOW_BITS_FOR_CTIME_EXPONENT_SIZE (6) - -# elif MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH == 32 - -# define BN_window_bits_for_ctime_exponent_size(b) \ - ((b) > 306 ? 5 : \ - (b) > 89 ? 4 : \ - (b) > 22 ? 3 : 1) -# define BN_MAX_WINDOW_BITS_FOR_CTIME_EXPONENT_SIZE (5) - -# endif - -/* Pentium pro 16,16,16,32,64 */ -/* Alpha 16,16,16,16.64 */ -# define BN_MULL_SIZE_NORMAL (16)/* 32 */ -# define BN_MUL_RECURSIVE_SIZE_NORMAL (16)/* 32 less than */ -# define BN_SQR_RECURSIVE_SIZE_NORMAL (16)/* 32 */ -# define BN_MUL_LOW_RECURSIVE_SIZE_NORMAL (32)/* 32 */ -# define BN_MONT_CTX_SET_SIZE_WORD (64)/* 32 */ - -/* - * 2011-02-22 SMS. In various places, a size_t variable or a type cast to - * size_t was used to perform integer-only operations on pointers. This - * failed on VMS with 64-bit pointers (CC /POINTER_SIZE = 64) because size_t - * is still only 32 bits. What's needed in these cases is an integer type - * with the same size as a pointer, which size_t is not certain to be. The - * only fix here is VMS-specific. - */ -# if defined(OPENSSL_SYS_VMS) -# if __INITIAL_POINTER_SIZE == 64 -# define PTR_SIZE_INT long long -# else /* __INITIAL_POINTER_SIZE == 64 */ -# define PTR_SIZE_INT int -# endif /* __INITIAL_POINTER_SIZE == 64 [else] */ -# elif !defined(PTR_SIZE_INT) /* defined(OPENSSL_SYS_VMS) */ -# define PTR_SIZE_INT size_t -# endif /* defined(OPENSSL_SYS_VMS) [else] */ - -# if !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) && !defined(PEDANTIC) -/* - * BN_UMULT_HIGH section. - * If the compiler doesn't support 2*N integer type, then you have to - * replace every N*N multiplication with 4 (N/2)*(N/2) accompanied by some - * shifts and additions which unavoidably results in severe performance - * penalties. Of course provided that the hardware is capable of producing - * 2*N result... That's when you normally start considering assembler - * implementation. However! It should be pointed out that some CPUs (e.g., - * PowerPC, Alpha, and IA-64) provide *separate* instruction calculating - * the upper half of the product placing the result into a general - * purpose register. Now *if* the compiler supports inline assembler, - * then it's not impossible to implement the "bignum" routines (and have - * the compiler optimize 'em) exhibiting "native" performance in C. That's - * what BN_UMULT_HIGH macro is about:-) Note that more recent compilers do - * support 2*64 integer type, which is also used here. - */ -# if defined(__SIZEOF_INT128__) && __SIZEOF_INT128__==16 && \ - (defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG)) -# define BN_UMULT_HIGH(a,b) (((uint128_t)(a)*(b))>>64) -# define BN_UMULT_LOHI(low,high,a,b) ({ \ - uint128_t ret=(uint128_t)(a)*(b); \ - (high)=ret>>64; (low)=ret; }) -# elif defined(__alpha) && (defined(SIXTY_FOUR_BIT_LONG) || defined(SIXTY_FOUR_BIT)) -# if defined(__DECC) -# include -# define BN_UMULT_HIGH(a,b) (BN_ULONG)asm("umulh %a0,%a1,%v0",(a),(b)) -# elif defined(__GNUC__) && __GNUC__>=2 -# define BN_UMULT_HIGH(a,b) ({ \ - register BN_ULONG ret; \ - asm ("umulh %1,%2,%0" \ - : "=r"(ret) \ - : "r"(a), "r"(b)); \ - ret; }) -# endif /* compiler */ -# elif defined(_ARCH_PPC64) && defined(SIXTY_FOUR_BIT_LONG) -# if defined(__GNUC__) && __GNUC__>=2 -# define BN_UMULT_HIGH(a,b) ({ \ - register BN_ULONG ret; \ - asm ("mulhdu %0,%1,%2" \ - : "=r"(ret) \ - : "r"(a), "r"(b)); \ - ret; }) -# endif /* compiler */ -# elif (defined(__x86_64) || defined(__x86_64__)) && \ - (defined(SIXTY_FOUR_BIT_LONG) || defined(SIXTY_FOUR_BIT)) -# if defined(__GNUC__) && __GNUC__>=2 -# define BN_UMULT_HIGH(a,b) ({ \ - register BN_ULONG ret,discard; \ - asm ("mulq %3" \ - : "=a"(discard),"=d"(ret) \ - : "a"(a), "g"(b) \ - : "cc"); \ - ret; }) -# define BN_UMULT_LOHI(low,high,a,b) \ - asm ("mulq %3" \ - : "=a"(low),"=d"(high) \ - : "a"(a),"g"(b) \ - : "cc"); -# endif -# elif (defined(_M_AMD64) || defined(_M_X64)) && defined(SIXTY_FOUR_BIT) -# if defined(_MSC_VER) && _MSC_VER>=1400 -unsigned __int64 __umulh(unsigned __int64 a, unsigned __int64 b); -unsigned __int64 _umul128(unsigned __int64 a, unsigned __int64 b, - unsigned __int64 *h); -# pragma intrinsic(__umulh,_umul128) -# define BN_UMULT_HIGH(a,b) __umulh((a),(b)) -# define BN_UMULT_LOHI(low,high,a,b) ((low)=_umul128((a),(b),&(high))) -# endif -# elif defined(__mips) && (defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG)) -# if defined(__GNUC__) && __GNUC__>=2 -# define BN_UMULT_HIGH(a,b) ({ \ - register BN_ULONG ret; \ - asm ("dmultu %1,%2" \ - : "=h"(ret) \ - : "r"(a), "r"(b) : "l"); \ - ret; }) -# define BN_UMULT_LOHI(low,high,a,b) \ - asm ("dmultu %2,%3" \ - : "=l"(low),"=h"(high) \ - : "r"(a), "r"(b)); -# endif -# elif defined(__aarch64__) && defined(SIXTY_FOUR_BIT_LONG) -# if defined(__GNUC__) && __GNUC__>=2 -# define BN_UMULT_HIGH(a,b) ({ \ - register BN_ULONG ret; \ - asm ("umulh %0,%1,%2" \ - : "=r"(ret) \ - : "r"(a), "r"(b)); \ - ret; }) -# endif -# endif /* cpu */ -# endif /* OPENSSL_NO_ASM */ - -# ifdef BN_RAND_DEBUG -# define bn_clear_top2max(a) \ - { \ - int ind = (a)->dmax - (a)->top; \ - BN_ULONG *ftl = &(a)->d[(a)->top-1]; \ - for (; ind != 0; ind--) \ - *(++ftl) = 0x0; \ - } -# else -# define bn_clear_top2max(a) -# endif - -# ifdef BN_LLONG -/******************************************************************* - * Using the long long type, has to be twice as wide as BN_ULONG... - */ -# define Lw(t) (((BN_ULONG)(t))&BN_MASK2) -# define Hw(t) (((BN_ULONG)((t)>>BN_BITS2))&BN_MASK2) - -# define mul_add(r,a,w,c) { \ - BN_ULLONG t; \ - t=(BN_ULLONG)w * (a) + (r) + (c); \ - (r)= Lw(t); \ - (c)= Hw(t); \ - } - -# define mul(r,a,w,c) { \ - BN_ULLONG t; \ - t=(BN_ULLONG)w * (a) + (c); \ - (r)= Lw(t); \ - (c)= Hw(t); \ - } - -# define sqr(r0,r1,a) { \ - BN_ULLONG t; \ - t=(BN_ULLONG)(a)*(a); \ - (r0)=Lw(t); \ - (r1)=Hw(t); \ - } - -# elif defined(BN_UMULT_LOHI) -# define mul_add(r,a,w,c) { \ - BN_ULONG high,low,ret,tmp=(a); \ - ret = (r); \ - BN_UMULT_LOHI(low,high,w,tmp); \ - ret += (c); \ - (c) = (ret<(c))?1:0; \ - (c) += high; \ - ret += low; \ - (c) += (ret>BN_BITS4)&BN_MASK2l) -# define L2HBITS(a) (((a)<>BN_BITS2)&BN_MASKl) -# define LL2HBITS(a) ((BN_ULLONG)((a)&BN_MASKl)<>(BN_BITS4-1); \ - m =(m&BN_MASK2l)<<(BN_BITS4+1); \ - l=(l+m)&BN_MASK2; if (l < m) h++; \ - (lo)=l; \ - (ho)=h; \ - } - -# define mul_add(r,a,bl,bh,c) { \ - BN_ULONG l,h; \ - \ - h= (a); \ - l=LBITS(h); \ - h=HBITS(h); \ - mul64(l,h,(bl),(bh)); \ - \ - /* non-multiply part */ \ - l=(l+(c))&BN_MASK2; if (l < (c)) h++; \ - (c)=(r); \ - l=(l+(c))&BN_MASK2; if (l < (c)) h++; \ - (c)=h&BN_MASK2; \ - (r)=l; \ - } - -# define mul(r,a,bl,bh,c) { \ - BN_ULONG l,h; \ - \ - h= (a); \ - l=LBITS(h); \ - h=HBITS(h); \ - mul64(l,h,(bl),(bh)); \ - \ - /* non-multiply part */ \ - l+=(c); if ((l&BN_MASK2) < (c)) h++; \ - (c)=h&BN_MASK2; \ - (r)=l&BN_MASK2; \ - } -# endif /* !BN_LLONG */ - -void BN_RECP_CTX_init(BN_RECP_CTX *recp); -void BN_MONT_CTX_init(BN_MONT_CTX *ctx); - -void bn_init(BIGNUM *a); -void bn_mul_normal(BN_ULONG *r, BN_ULONG *a, int na, BN_ULONG *b, int nb); -void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b); -void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b); -void bn_sqr_normal(BN_ULONG *r, const BN_ULONG *a, int n, BN_ULONG *tmp); -void bn_sqr_comba8(BN_ULONG *r, const BN_ULONG *a); -void bn_sqr_comba4(BN_ULONG *r, const BN_ULONG *a); -int bn_cmp_words(const BN_ULONG *a, const BN_ULONG *b, int n); -int bn_cmp_part_words(const BN_ULONG *a, const BN_ULONG *b, int cl, int dl); -void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2, - int dna, int dnb, BN_ULONG *t); -void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, - int n, int tna, int tnb, BN_ULONG *t); -void bn_sqr_recursive(BN_ULONG *r, const BN_ULONG *a, int n2, BN_ULONG *t); -void bn_mul_low_normal(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n); -void bn_mul_low_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2, - BN_ULONG *t); -BN_ULONG bn_sub_part_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, - int cl, int dl); -int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, - const BN_ULONG *np, const BN_ULONG *n0, int num); - -BIGNUM *int_bn_mod_inverse(BIGNUM *in, - const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx, - int *noinv); - -static ossl_inline BIGNUM *bn_expand(BIGNUM *a, int bits) -{ - if (bits > (INT_MAX - BN_BITS2 + 1)) - return NULL; - - if (((bits+BN_BITS2-1)/BN_BITS2) <= (a)->dmax) - return a; - - return bn_expand2((a),(bits+BN_BITS2-1)/BN_BITS2); -} - -int ossl_bn_check_prime(const BIGNUM *w, int checks, BN_CTX *ctx, - int do_trial_division, BN_GENCB *cb); - -#endif diff --git a/crypto/bn/bn_mod.c b/crypto/bn/bn_mod.c deleted file mode 100644 index 7f5afa25ecc82de2b5c4950d448ca6fa973f323b..0000000000000000000000000000000000000000 --- a/crypto/bn/bn_mod.c +++ /dev/null @@ -1,325 +0,0 @@ -/* - * Copyright 1998-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include "internal/cryptlib.h" -#include "bn_local.h" - -int BN_nnmod(BIGNUM *r, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx) -{ - /* - * like BN_mod, but returns non-negative remainder (i.e., 0 <= r < |d| - * always holds) - */ - - if (!(BN_mod(r, m, d, ctx))) - return 0; - if (!r->neg) - return 1; - /* now -|d| < r < 0, so we have to set r := r + |d| */ - return (d->neg ? BN_sub : BN_add) (r, r, d); -} - -int BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, - BN_CTX *ctx) -{ - if (!BN_add(r, a, b)) - return 0; - return BN_nnmod(r, r, m, ctx); -} - -/* - * BN_mod_add variant that may be used if both a and b are non-negative and - * less than m. The original algorithm was - * - * if (!BN_uadd(r, a, b)) - * return 0; - * if (BN_ucmp(r, m) >= 0) - * return BN_usub(r, r, m); - * - * which is replaced with addition, subtracting modulus, and conditional - * move depending on whether or not subtraction borrowed. - */ -int bn_mod_add_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, - const BIGNUM *m) -{ - size_t i, ai, bi, mtop = m->top; - BN_ULONG storage[1024 / BN_BITS2]; - BN_ULONG carry, temp, mask, *rp, *tp = storage; - const BN_ULONG *ap, *bp; - - if (bn_wexpand(r, mtop) == NULL) - return 0; - - if (mtop > sizeof(storage) / sizeof(storage[0])) { - tp = OPENSSL_malloc(mtop * sizeof(BN_ULONG)); - if (tp == NULL) { - ERR_raise(ERR_LIB_BN, ERR_R_MALLOC_FAILURE); - return 0; - } - } - - ap = a->d != NULL ? a->d : tp; - bp = b->d != NULL ? b->d : tp; - - for (i = 0, ai = 0, bi = 0, carry = 0; i < mtop;) { - mask = (BN_ULONG)0 - ((i - a->top) >> (8 * sizeof(i) - 1)); - temp = ((ap[ai] & mask) + carry) & BN_MASK2; - carry = (temp < carry); - - mask = (BN_ULONG)0 - ((i - b->top) >> (8 * sizeof(i) - 1)); - tp[i] = ((bp[bi] & mask) + temp) & BN_MASK2; - carry += (tp[i] < temp); - - i++; - ai += (i - a->dmax) >> (8 * sizeof(i) - 1); - bi += (i - b->dmax) >> (8 * sizeof(i) - 1); - } - rp = r->d; - carry -= bn_sub_words(rp, tp, m->d, mtop); - for (i = 0; i < mtop; i++) { - rp[i] = (carry & tp[i]) | (~carry & rp[i]); - ((volatile BN_ULONG *)tp)[i] = 0; - } - r->top = mtop; - r->flags |= BN_FLG_FIXED_TOP; - r->neg = 0; - - if (tp != storage) - OPENSSL_free(tp); - - return 1; -} - -int BN_mod_add_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, - const BIGNUM *m) -{ - int ret = bn_mod_add_fixed_top(r, a, b, m); - - if (ret) - bn_correct_top(r); - - return ret; -} - -int BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, - BN_CTX *ctx) -{ - if (!BN_sub(r, a, b)) - return 0; - return BN_nnmod(r, r, m, ctx); -} - -/* - * BN_mod_sub variant that may be used if both a and b are non-negative, - * a is less than m, while b is of same bit width as m. It's implemented - * as subtraction followed by two conditional additions. - * - * 0 <= a < m - * 0 <= b < 2^w < 2*m - * - * after subtraction - * - * -2*m < r = a - b < m - * - * Thus it takes up to two conditional additions to make |r| positive. - */ -int bn_mod_sub_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, - const BIGNUM *m) -{ - size_t i, ai, bi, mtop = m->top; - BN_ULONG borrow, carry, ta, tb, mask, *rp; - const BN_ULONG *ap, *bp; - - if (bn_wexpand(r, mtop) == NULL) - return 0; - - rp = r->d; - ap = a->d != NULL ? a->d : rp; - bp = b->d != NULL ? b->d : rp; - - for (i = 0, ai = 0, bi = 0, borrow = 0; i < mtop;) { - mask = (BN_ULONG)0 - ((i - a->top) >> (8 * sizeof(i) - 1)); - ta = ap[ai] & mask; - - mask = (BN_ULONG)0 - ((i - b->top) >> (8 * sizeof(i) - 1)); - tb = bp[bi] & mask; - rp[i] = ta - tb - borrow; - if (ta != tb) - borrow = (ta < tb); - - i++; - ai += (i - a->dmax) >> (8 * sizeof(i) - 1); - bi += (i - b->dmax) >> (8 * sizeof(i) - 1); - } - ap = m->d; - for (i = 0, mask = 0 - borrow, carry = 0; i < mtop; i++) { - ta = ((ap[i] & mask) + carry) & BN_MASK2; - carry = (ta < carry); - rp[i] = (rp[i] + ta) & BN_MASK2; - carry += (rp[i] < ta); - } - borrow -= carry; - for (i = 0, mask = 0 - borrow, carry = 0; i < mtop; i++) { - ta = ((ap[i] & mask) + carry) & BN_MASK2; - carry = (ta < carry); - rp[i] = (rp[i] + ta) & BN_MASK2; - carry += (rp[i] < ta); - } - - r->top = mtop; - r->flags |= BN_FLG_FIXED_TOP; - r->neg = 0; - - return 1; -} - -/* - * BN_mod_sub variant that may be used if both a and b are non-negative and - * less than m - */ -int BN_mod_sub_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, - const BIGNUM *m) -{ - if (!BN_sub(r, a, b)) - return 0; - if (r->neg) - return BN_add(r, r, m); - return 1; -} - -/* slow but works */ -int BN_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, - BN_CTX *ctx) -{ - BIGNUM *t; - int ret = 0; - - bn_check_top(a); - bn_check_top(b); - bn_check_top(m); - - BN_CTX_start(ctx); - if ((t = BN_CTX_get(ctx)) == NULL) - goto err; - if (a == b) { - if (!BN_sqr(t, a, ctx)) - goto err; - } else { - if (!BN_mul(t, a, b, ctx)) - goto err; - } - if (!BN_nnmod(r, t, m, ctx)) - goto err; - bn_check_top(r); - ret = 1; - err: - BN_CTX_end(ctx); - return ret; -} - -int BN_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx) -{ - if (!BN_sqr(r, a, ctx)) - return 0; - /* r->neg == 0, thus we don't need BN_nnmod */ - return BN_mod(r, r, m, ctx); -} - -int BN_mod_lshift1(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx) -{ - if (!BN_lshift1(r, a)) - return 0; - bn_check_top(r); - return BN_nnmod(r, r, m, ctx); -} - -/* - * BN_mod_lshift1 variant that may be used if a is non-negative and less than - * m - */ -int BN_mod_lshift1_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *m) -{ - if (!BN_lshift1(r, a)) - return 0; - bn_check_top(r); - if (BN_cmp(r, m) >= 0) - return BN_sub(r, r, m); - return 1; -} - -int BN_mod_lshift(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m, - BN_CTX *ctx) -{ - BIGNUM *abs_m = NULL; - int ret; - - if (!BN_nnmod(r, a, m, ctx)) - return 0; - - if (m->neg) { - abs_m = BN_dup(m); - if (abs_m == NULL) - return 0; - abs_m->neg = 0; - } - - ret = BN_mod_lshift_quick(r, r, n, (abs_m ? abs_m : m)); - bn_check_top(r); - - BN_free(abs_m); - return ret; -} - -/* - * BN_mod_lshift variant that may be used if a is non-negative and less than - * m - */ -int BN_mod_lshift_quick(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m) -{ - if (r != a) { - if (BN_copy(r, a) == NULL) - return 0; - } - - while (n > 0) { - int max_shift; - - /* 0 < r < m */ - max_shift = BN_num_bits(m) - BN_num_bits(r); - /* max_shift >= 0 */ - - if (max_shift < 0) { - ERR_raise(ERR_LIB_BN, BN_R_INPUT_NOT_REDUCED); - return 0; - } - - if (max_shift > n) - max_shift = n; - - if (max_shift) { - if (!BN_lshift(r, r, max_shift)) - return 0; - n -= max_shift; - } else { - if (!BN_lshift1(r, r)) - return 0; - --n; - } - - /* BN_num_bits(r) <= BN_num_bits(m) */ - - if (BN_cmp(r, m) >= 0) { - if (!BN_sub(r, r, m)) - return 0; - } - } - bn_check_top(r); - - return 1; -} diff --git a/crypto/bn/bn_mont.c b/crypto/bn/bn_mont.c deleted file mode 100644 index 735989d98350fa3646acaab23555c895d91f3608..0000000000000000000000000000000000000000 --- a/crypto/bn/bn_mont.c +++ /dev/null @@ -1,469 +0,0 @@ -/* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * Details about Montgomery multiplication algorithms can be found at - * http://security.ece.orst.edu/publications.html, e.g. - * http://security.ece.orst.edu/koc/papers/j37acmon.pdf and - * sections 3.8 and 4.2 in http://security.ece.orst.edu/koc/papers/r01rsasw.pdf - */ - -#include "internal/cryptlib.h" -#include "bn_local.h" - -#define MONT_WORD /* use the faster word-based algorithm */ - -#ifdef MONT_WORD -static int bn_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont); -#endif - -int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, - BN_MONT_CTX *mont, BN_CTX *ctx) -{ - int ret = bn_mul_mont_fixed_top(r, a, b, mont, ctx); - - bn_correct_top(r); - bn_check_top(r); - - return ret; -} - -int bn_mul_mont_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, - BN_MONT_CTX *mont, BN_CTX *ctx) -{ - BIGNUM *tmp; - int ret = 0; - int num = mont->N.top; - -#if defined(OPENSSL_BN_ASM_MONT) && defined(MONT_WORD) - if (num > 1 && a->top == num && b->top == num) { - if (bn_wexpand(r, num) == NULL) - return 0; - if (bn_mul_mont(r->d, a->d, b->d, mont->N.d, mont->n0, num)) { - r->neg = a->neg ^ b->neg; - r->top = num; - r->flags |= BN_FLG_FIXED_TOP; - return 1; - } - } -#endif - - if ((a->top + b->top) > 2 * num) - return 0; - - BN_CTX_start(ctx); - tmp = BN_CTX_get(ctx); - if (tmp == NULL) - goto err; - - bn_check_top(tmp); - if (a == b) { - if (!bn_sqr_fixed_top(tmp, a, ctx)) - goto err; - } else { - if (!bn_mul_fixed_top(tmp, a, b, ctx)) - goto err; - } - /* reduce from aRR to aR */ -#ifdef MONT_WORD - if (!bn_from_montgomery_word(r, tmp, mont)) - goto err; -#else - if (!BN_from_montgomery(r, tmp, mont, ctx)) - goto err; -#endif - ret = 1; - err: - BN_CTX_end(ctx); - return ret; -} - -#ifdef MONT_WORD -static int bn_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont) -{ - BIGNUM *n; - BN_ULONG *ap, *np, *rp, n0, v, carry; - int nl, max, i; - unsigned int rtop; - - n = &(mont->N); - nl = n->top; - if (nl == 0) { - ret->top = 0; - return 1; - } - - max = (2 * nl); /* carry is stored separately */ - if (bn_wexpand(r, max) == NULL) - return 0; - - r->neg ^= n->neg; - np = n->d; - rp = r->d; - - /* clear the top words of T */ - for (rtop = r->top, i = 0; i < max; i++) { - v = (BN_ULONG)0 - ((i - rtop) >> (8 * sizeof(rtop) - 1)); - rp[i] &= v; - } - - r->top = max; - r->flags |= BN_FLG_FIXED_TOP; - n0 = mont->n0[0]; - - /* - * Add multiples of |n| to |r| until R = 2^(nl * BN_BITS2) divides it. On - * input, we had |r| < |n| * R, so now |r| < 2 * |n| * R. Note that |r| - * includes |carry| which is stored separately. - */ - for (carry = 0, i = 0; i < nl; i++, rp++) { - v = bn_mul_add_words(rp, np, nl, (rp[0] * n0) & BN_MASK2); - v = (v + carry + rp[nl]) & BN_MASK2; - carry |= (v != rp[nl]); - carry &= (v <= rp[nl]); - rp[nl] = v; - } - - if (bn_wexpand(ret, nl) == NULL) - return 0; - ret->top = nl; - ret->flags |= BN_FLG_FIXED_TOP; - ret->neg = r->neg; - - rp = ret->d; - - /* - * Shift |nl| words to divide by R. We have |ap| < 2 * |n|. Note that |ap| - * includes |carry| which is stored separately. - */ - ap = &(r->d[nl]); - - carry -= bn_sub_words(rp, ap, np, nl); - /* - * |carry| is -1 if |ap| - |np| underflowed or zero if it did not. Note - * |carry| cannot be 1. That would imply the subtraction did not fit in - * |nl| words, and we know at most one subtraction is needed. - */ - for (i = 0; i < nl; i++) { - rp[i] = (carry & ap[i]) | (~carry & rp[i]); - ap[i] = 0; - } - - return 1; -} -#endif /* MONT_WORD */ - -int BN_from_montgomery(BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont, - BN_CTX *ctx) -{ - int retn; - - retn = bn_from_mont_fixed_top(ret, a, mont, ctx); - bn_correct_top(ret); - bn_check_top(ret); - - return retn; -} - -int bn_from_mont_fixed_top(BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont, - BN_CTX *ctx) -{ - int retn = 0; -#ifdef MONT_WORD - BIGNUM *t; - - BN_CTX_start(ctx); - if ((t = BN_CTX_get(ctx)) && BN_copy(t, a)) { - retn = bn_from_montgomery_word(ret, t, mont); - } - BN_CTX_end(ctx); -#else /* !MONT_WORD */ - BIGNUM *t1, *t2; - - BN_CTX_start(ctx); - t1 = BN_CTX_get(ctx); - t2 = BN_CTX_get(ctx); - if (t2 == NULL) - goto err; - - if (!BN_copy(t1, a)) - goto err; - BN_mask_bits(t1, mont->ri); - - if (!BN_mul(t2, t1, &mont->Ni, ctx)) - goto err; - BN_mask_bits(t2, mont->ri); - - if (!BN_mul(t1, t2, &mont->N, ctx)) - goto err; - if (!BN_add(t2, a, t1)) - goto err; - if (!BN_rshift(ret, t2, mont->ri)) - goto err; - - if (BN_ucmp(ret, &(mont->N)) >= 0) { - if (!BN_usub(ret, ret, &(mont->N))) - goto err; - } - retn = 1; - bn_check_top(ret); - err: - BN_CTX_end(ctx); -#endif /* MONT_WORD */ - return retn; -} - -int bn_to_mont_fixed_top(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont, - BN_CTX *ctx) -{ - return bn_mul_mont_fixed_top(r, a, &(mont->RR), mont, ctx); -} - -BN_MONT_CTX *BN_MONT_CTX_new(void) -{ - BN_MONT_CTX *ret; - - if ((ret = OPENSSL_malloc(sizeof(*ret))) == NULL) { - ERR_raise(ERR_LIB_BN, ERR_R_MALLOC_FAILURE); - return NULL; - } - - BN_MONT_CTX_init(ret); - ret->flags = BN_FLG_MALLOCED; - return ret; -} - -void BN_MONT_CTX_init(BN_MONT_CTX *ctx) -{ - ctx->ri = 0; - bn_init(&ctx->RR); - bn_init(&ctx->N); - bn_init(&ctx->Ni); - ctx->n0[0] = ctx->n0[1] = 0; - ctx->flags = 0; -} - -void BN_MONT_CTX_free(BN_MONT_CTX *mont) -{ - if (mont == NULL) - return; - BN_clear_free(&mont->RR); - BN_clear_free(&mont->N); - BN_clear_free(&mont->Ni); - if (mont->flags & BN_FLG_MALLOCED) - OPENSSL_free(mont); -} - -int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx) -{ - int i, ret = 0; - BIGNUM *Ri, *R; - - if (BN_is_zero(mod)) - return 0; - - BN_CTX_start(ctx); - if ((Ri = BN_CTX_get(ctx)) == NULL) - goto err; - R = &(mont->RR); /* grab RR as a temp */ - if (!BN_copy(&(mont->N), mod)) - goto err; /* Set N */ - if (BN_get_flags(mod, BN_FLG_CONSTTIME) != 0) - BN_set_flags(&(mont->N), BN_FLG_CONSTTIME); - mont->N.neg = 0; - -#ifdef MONT_WORD - { - BIGNUM tmod; - BN_ULONG buf[2]; - - bn_init(&tmod); - tmod.d = buf; - tmod.dmax = 2; - tmod.neg = 0; - - if (BN_get_flags(mod, BN_FLG_CONSTTIME) != 0) - BN_set_flags(&tmod, BN_FLG_CONSTTIME); - - mont->ri = (BN_num_bits(mod) + (BN_BITS2 - 1)) / BN_BITS2 * BN_BITS2; - -# if defined(OPENSSL_BN_ASM_MONT) && (BN_BITS2<=32) - /* - * Only certain BN_BITS2<=32 platforms actually make use of n0[1], - * and we could use the #else case (with a shorter R value) for the - * others. However, currently only the assembler files do know which - * is which. - */ - - BN_zero(R); - if (!(BN_set_bit(R, 2 * BN_BITS2))) - goto err; - - tmod.top = 0; - if ((buf[0] = mod->d[0])) - tmod.top = 1; - if ((buf[1] = mod->top > 1 ? mod->d[1] : 0)) - tmod.top = 2; - - if (BN_is_one(&tmod)) - BN_zero(Ri); - else if ((BN_mod_inverse(Ri, R, &tmod, ctx)) == NULL) - goto err; - if (!BN_lshift(Ri, Ri, 2 * BN_BITS2)) - goto err; /* R*Ri */ - if (!BN_is_zero(Ri)) { - if (!BN_sub_word(Ri, 1)) - goto err; - } else { /* if N mod word size == 1 */ - - if (bn_expand(Ri, (int)sizeof(BN_ULONG) * 2) == NULL) - goto err; - /* Ri-- (mod double word size) */ - Ri->neg = 0; - Ri->d[0] = BN_MASK2; - Ri->d[1] = BN_MASK2; - Ri->top = 2; - } - if (!BN_div(Ri, NULL, Ri, &tmod, ctx)) - goto err; - /* - * Ni = (R*Ri-1)/N, keep only couple of least significant words: - */ - mont->n0[0] = (Ri->top > 0) ? Ri->d[0] : 0; - mont->n0[1] = (Ri->top > 1) ? Ri->d[1] : 0; -# else - BN_zero(R); - if (!(BN_set_bit(R, BN_BITS2))) - goto err; /* R */ - - buf[0] = mod->d[0]; /* tmod = N mod word size */ - buf[1] = 0; - tmod.top = buf[0] != 0 ? 1 : 0; - /* Ri = R^-1 mod N */ - if (BN_is_one(&tmod)) - BN_zero(Ri); - else if ((BN_mod_inverse(Ri, R, &tmod, ctx)) == NULL) - goto err; - if (!BN_lshift(Ri, Ri, BN_BITS2)) - goto err; /* R*Ri */ - if (!BN_is_zero(Ri)) { - if (!BN_sub_word(Ri, 1)) - goto err; - } else { /* if N mod word size == 1 */ - - if (!BN_set_word(Ri, BN_MASK2)) - goto err; /* Ri-- (mod word size) */ - } - if (!BN_div(Ri, NULL, Ri, &tmod, ctx)) - goto err; - /* - * Ni = (R*Ri-1)/N, keep only least significant word: - */ - mont->n0[0] = (Ri->top > 0) ? Ri->d[0] : 0; - mont->n0[1] = 0; -# endif - } -#else /* !MONT_WORD */ - { /* bignum version */ - mont->ri = BN_num_bits(&mont->N); - BN_zero(R); - if (!BN_set_bit(R, mont->ri)) - goto err; /* R = 2^ri */ - /* Ri = R^-1 mod N */ - if ((BN_mod_inverse(Ri, R, &mont->N, ctx)) == NULL) - goto err; - if (!BN_lshift(Ri, Ri, mont->ri)) - goto err; /* R*Ri */ - if (!BN_sub_word(Ri, 1)) - goto err; - /* - * Ni = (R*Ri-1) / N - */ - if (!BN_div(&(mont->Ni), NULL, Ri, &mont->N, ctx)) - goto err; - } -#endif - - /* setup RR for conversions */ - BN_zero(&(mont->RR)); - if (!BN_set_bit(&(mont->RR), mont->ri * 2)) - goto err; - if (!BN_mod(&(mont->RR), &(mont->RR), &(mont->N), ctx)) - goto err; - - for (i = mont->RR.top, ret = mont->N.top; i < ret; i++) - mont->RR.d[i] = 0; - mont->RR.top = ret; - mont->RR.flags |= BN_FLG_FIXED_TOP; - - ret = 1; - err: - BN_CTX_end(ctx); - return ret; -} - -BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from) -{ - if (to == from) - return to; - - if (!BN_copy(&(to->RR), &(from->RR))) - return NULL; - if (!BN_copy(&(to->N), &(from->N))) - return NULL; - if (!BN_copy(&(to->Ni), &(from->Ni))) - return NULL; - to->ri = from->ri; - to->n0[0] = from->n0[0]; - to->n0[1] = from->n0[1]; - return to; -} - -BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, CRYPTO_RWLOCK *lock, - const BIGNUM *mod, BN_CTX *ctx) -{ - BN_MONT_CTX *ret; - - if (!CRYPTO_THREAD_read_lock(lock)) - return NULL; - ret = *pmont; - CRYPTO_THREAD_unlock(lock); - if (ret) - return ret; - - /* - * We don't want to serialize globally while doing our lazy-init math in - * BN_MONT_CTX_set. That punishes threads that are doing independent - * things. Instead, punish the case where more than one thread tries to - * lazy-init the same 'pmont', by having each do the lazy-init math work - * independently and only use the one from the thread that wins the race - * (the losers throw away the work they've done). - */ - ret = BN_MONT_CTX_new(); - if (ret == NULL) - return NULL; - if (!BN_MONT_CTX_set(ret, mod, ctx)) { - BN_MONT_CTX_free(ret); - return NULL; - } - - /* The locked compare-and-set, after the local work is done. */ - if (!CRYPTO_THREAD_write_lock(lock)) { - BN_MONT_CTX_free(ret); - return NULL; - } - - if (*pmont) { - BN_MONT_CTX_free(ret); - ret = *pmont; - } else - *pmont = ret; - CRYPTO_THREAD_unlock(lock); - return ret; -} diff --git a/crypto/bn/bn_mpi.c b/crypto/bn/bn_mpi.c deleted file mode 100644 index 4eba0ae570029bbbf813d83c4965c3e594debbcf..0000000000000000000000000000000000000000 --- a/crypto/bn/bn_mpi.c +++ /dev/null @@ -1,86 +0,0 @@ -/* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/cryptlib.h" -#include "bn_local.h" - -int BN_bn2mpi(const BIGNUM *a, unsigned char *d) -{ - int bits; - int num = 0; - int ext = 0; - long l; - - bits = BN_num_bits(a); - num = (bits + 7) / 8; - if (bits > 0) { - ext = ((bits & 0x07) == 0); - } - if (d == NULL) - return (num + 4 + ext); - - l = num + ext; - d[0] = (unsigned char)(l >> 24) & 0xff; - d[1] = (unsigned char)(l >> 16) & 0xff; - d[2] = (unsigned char)(l >> 8) & 0xff; - d[3] = (unsigned char)(l) & 0xff; - if (ext) - d[4] = 0; - num = BN_bn2bin(a, &(d[4 + ext])); - if (a->neg) - d[4] |= 0x80; - return (num + 4 + ext); -} - -BIGNUM *BN_mpi2bn(const unsigned char *d, int n, BIGNUM *ain) -{ - long len; - int neg = 0; - BIGNUM *a = NULL; - - if (n < 4 || (d[0] & 0x80) != 0) { - ERR_raise(ERR_LIB_BN, BN_R_INVALID_LENGTH); - return NULL; - } - len = ((long)d[0] << 24) | ((long)d[1] << 16) | ((int)d[2] << 8) | (int) - d[3]; - if ((len + 4) != n) { - ERR_raise(ERR_LIB_BN, BN_R_ENCODING_ERROR); - return NULL; - } - - if (ain == NULL) - a = BN_new(); - else - a = ain; - - if (a == NULL) - return NULL; - - if (len == 0) { - a->neg = 0; - a->top = 0; - return a; - } - d += 4; - if ((*d) & 0x80) - neg = 1; - if (BN_bin2bn(d, (int)len, a) == NULL) { - if (ain == NULL) - BN_free(a); - return NULL; - } - a->neg = neg; - if (neg) { - BN_clear_bit(a, BN_num_bits(a) - 1); - } - bn_check_top(a); - return a; -} diff --git a/crypto/bn/bn_mul.c b/crypto/bn/bn_mul.c deleted file mode 100644 index dc6b6f5a1215a2cfaf1eb946bbe7507639f2378f..0000000000000000000000000000000000000000 --- a/crypto/bn/bn_mul.c +++ /dev/null @@ -1,684 +0,0 @@ -/* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/cryptlib.h" -#include "bn_local.h" - -#if defined(OPENSSL_NO_ASM) || !defined(OPENSSL_BN_ASM_PART_WORDS) -/* - * Here follows specialised variants of bn_add_words() and bn_sub_words(). - * They have the property performing operations on arrays of different sizes. - * The sizes of those arrays is expressed through cl, which is the common - * length ( basically, min(len(a),len(b)) ), and dl, which is the delta - * between the two lengths, calculated as len(a)-len(b). All lengths are the - * number of BN_ULONGs... For the operations that require a result array as - * parameter, it must have the length cl+abs(dl). These functions should - * probably end up in bn_asm.c as soon as there are assembler counterparts - * for the systems that use assembler files. - */ - -BN_ULONG bn_sub_part_words(BN_ULONG *r, - const BN_ULONG *a, const BN_ULONG *b, - int cl, int dl) -{ - BN_ULONG c, t; - - assert(cl >= 0); - c = bn_sub_words(r, a, b, cl); - - if (dl == 0) - return c; - - r += cl; - a += cl; - b += cl; - - if (dl < 0) { - for (;;) { - t = b[0]; - r[0] = (0 - t - c) & BN_MASK2; - if (t != 0) - c = 1; - if (++dl >= 0) - break; - - t = b[1]; - r[1] = (0 - t - c) & BN_MASK2; - if (t != 0) - c = 1; - if (++dl >= 0) - break; - - t = b[2]; - r[2] = (0 - t - c) & BN_MASK2; - if (t != 0) - c = 1; - if (++dl >= 0) - break; - - t = b[3]; - r[3] = (0 - t - c) & BN_MASK2; - if (t != 0) - c = 1; - if (++dl >= 0) - break; - - b += 4; - r += 4; - } - } else { - int save_dl = dl; - while (c) { - t = a[0]; - r[0] = (t - c) & BN_MASK2; - if (t != 0) - c = 0; - if (--dl <= 0) - break; - - t = a[1]; - r[1] = (t - c) & BN_MASK2; - if (t != 0) - c = 0; - if (--dl <= 0) - break; - - t = a[2]; - r[2] = (t - c) & BN_MASK2; - if (t != 0) - c = 0; - if (--dl <= 0) - break; - - t = a[3]; - r[3] = (t - c) & BN_MASK2; - if (t != 0) - c = 0; - if (--dl <= 0) - break; - - save_dl = dl; - a += 4; - r += 4; - } - if (dl > 0) { - if (save_dl > dl) { - switch (save_dl - dl) { - case 1: - r[1] = a[1]; - if (--dl <= 0) - break; - /* fall thru */ - case 2: - r[2] = a[2]; - if (--dl <= 0) - break; - /* fall thru */ - case 3: - r[3] = a[3]; - if (--dl <= 0) - break; - } - a += 4; - r += 4; - } - } - if (dl > 0) { - for (;;) { - r[0] = a[0]; - if (--dl <= 0) - break; - r[1] = a[1]; - if (--dl <= 0) - break; - r[2] = a[2]; - if (--dl <= 0) - break; - r[3] = a[3]; - if (--dl <= 0) - break; - - a += 4; - r += 4; - } - } - } - return c; -} -#endif - -#ifdef BN_RECURSION -/* - * Karatsuba recursive multiplication algorithm (cf. Knuth, The Art of - * Computer Programming, Vol. 2) - */ - -/*- - * r is 2*n2 words in size, - * a and b are both n2 words in size. - * n2 must be a power of 2. - * We multiply and return the result. - * t must be 2*n2 words in size - * We calculate - * a[0]*b[0] - * a[0]*b[0]+a[1]*b[1]+(a[0]-a[1])*(b[1]-b[0]) - * a[1]*b[1] - */ -/* dnX may not be positive, but n2/2+dnX has to be */ -void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2, - int dna, int dnb, BN_ULONG *t) -{ - int n = n2 / 2, c1, c2; - int tna = n + dna, tnb = n + dnb; - unsigned int neg, zero; - BN_ULONG ln, lo, *p; - -# ifdef BN_MUL_COMBA -# if 0 - if (n2 == 4) { - bn_mul_comba4(r, a, b); - return; - } -# endif - /* - * Only call bn_mul_comba 8 if n2 == 8 and the two arrays are complete - * [steve] - */ - if (n2 == 8 && dna == 0 && dnb == 0) { - bn_mul_comba8(r, a, b); - return; - } -# endif /* BN_MUL_COMBA */ - /* Else do normal multiply */ - if (n2 < BN_MUL_RECURSIVE_SIZE_NORMAL) { - bn_mul_normal(r, a, n2 + dna, b, n2 + dnb); - if ((dna + dnb) < 0) - memset(&r[2 * n2 + dna + dnb], 0, - sizeof(BN_ULONG) * -(dna + dnb)); - return; - } - /* r=(a[0]-a[1])*(b[1]-b[0]) */ - c1 = bn_cmp_part_words(a, &(a[n]), tna, n - tna); - c2 = bn_cmp_part_words(&(b[n]), b, tnb, tnb - n); - zero = neg = 0; - switch (c1 * 3 + c2) { - case -4: - bn_sub_part_words(t, &(a[n]), a, tna, tna - n); /* - */ - bn_sub_part_words(&(t[n]), b, &(b[n]), tnb, n - tnb); /* - */ - break; - case -3: - zero = 1; - break; - case -2: - bn_sub_part_words(t, &(a[n]), a, tna, tna - n); /* - */ - bn_sub_part_words(&(t[n]), &(b[n]), b, tnb, tnb - n); /* + */ - neg = 1; - break; - case -1: - case 0: - case 1: - zero = 1; - break; - case 2: - bn_sub_part_words(t, a, &(a[n]), tna, n - tna); /* + */ - bn_sub_part_words(&(t[n]), b, &(b[n]), tnb, n - tnb); /* - */ - neg = 1; - break; - case 3: - zero = 1; - break; - case 4: - bn_sub_part_words(t, a, &(a[n]), tna, n - tna); - bn_sub_part_words(&(t[n]), &(b[n]), b, tnb, tnb - n); - break; - } - -# ifdef BN_MUL_COMBA - if (n == 4 && dna == 0 && dnb == 0) { /* XXX: bn_mul_comba4 could take - * extra args to do this well */ - if (!zero) - bn_mul_comba4(&(t[n2]), t, &(t[n])); - else - memset(&t[n2], 0, sizeof(*t) * 8); - - bn_mul_comba4(r, a, b); - bn_mul_comba4(&(r[n2]), &(a[n]), &(b[n])); - } else if (n == 8 && dna == 0 && dnb == 0) { /* XXX: bn_mul_comba8 could - * take extra args to do - * this well */ - if (!zero) - bn_mul_comba8(&(t[n2]), t, &(t[n])); - else - memset(&t[n2], 0, sizeof(*t) * 16); - - bn_mul_comba8(r, a, b); - bn_mul_comba8(&(r[n2]), &(a[n]), &(b[n])); - } else -# endif /* BN_MUL_COMBA */ - { - p = &(t[n2 * 2]); - if (!zero) - bn_mul_recursive(&(t[n2]), t, &(t[n]), n, 0, 0, p); - else - memset(&t[n2], 0, sizeof(*t) * n2); - bn_mul_recursive(r, a, b, n, 0, 0, p); - bn_mul_recursive(&(r[n2]), &(a[n]), &(b[n]), n, dna, dnb, p); - } - - /*- - * t[32] holds (a[0]-a[1])*(b[1]-b[0]), c1 is the sign - * r[10] holds (a[0]*b[0]) - * r[32] holds (b[1]*b[1]) - */ - - c1 = (int)(bn_add_words(t, r, &(r[n2]), n2)); - - if (neg) { /* if t[32] is negative */ - c1 -= (int)(bn_sub_words(&(t[n2]), t, &(t[n2]), n2)); - } else { - /* Might have a carry */ - c1 += (int)(bn_add_words(&(t[n2]), &(t[n2]), t, n2)); - } - - /*- - * t[32] holds (a[0]-a[1])*(b[1]-b[0])+(a[0]*b[0])+(a[1]*b[1]) - * r[10] holds (a[0]*b[0]) - * r[32] holds (b[1]*b[1]) - * c1 holds the carry bits - */ - c1 += (int)(bn_add_words(&(r[n]), &(r[n]), &(t[n2]), n2)); - if (c1) { - p = &(r[n + n2]); - lo = *p; - ln = (lo + c1) & BN_MASK2; - *p = ln; - - /* - * The overflow will stop before we over write words we should not - * overwrite - */ - if (ln < (BN_ULONG)c1) { - do { - p++; - lo = *p; - ln = (lo + 1) & BN_MASK2; - *p = ln; - } while (ln == 0); - } - } -} - -/* - * n+tn is the word length t needs to be n*4 is size, as does r - */ -/* tnX may not be negative but less than n */ -void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n, - int tna, int tnb, BN_ULONG *t) -{ - int i, j, n2 = n * 2; - int c1, c2, neg; - BN_ULONG ln, lo, *p; - - if (n < 8) { - bn_mul_normal(r, a, n + tna, b, n + tnb); - return; - } - - /* r=(a[0]-a[1])*(b[1]-b[0]) */ - c1 = bn_cmp_part_words(a, &(a[n]), tna, n - tna); - c2 = bn_cmp_part_words(&(b[n]), b, tnb, tnb - n); - neg = 0; - switch (c1 * 3 + c2) { - case -4: - bn_sub_part_words(t, &(a[n]), a, tna, tna - n); /* - */ - bn_sub_part_words(&(t[n]), b, &(b[n]), tnb, n - tnb); /* - */ - break; - case -3: - case -2: - bn_sub_part_words(t, &(a[n]), a, tna, tna - n); /* - */ - bn_sub_part_words(&(t[n]), &(b[n]), b, tnb, tnb - n); /* + */ - neg = 1; - break; - case -1: - case 0: - case 1: - case 2: - bn_sub_part_words(t, a, &(a[n]), tna, n - tna); /* + */ - bn_sub_part_words(&(t[n]), b, &(b[n]), tnb, n - tnb); /* - */ - neg = 1; - break; - case 3: - case 4: - bn_sub_part_words(t, a, &(a[n]), tna, n - tna); - bn_sub_part_words(&(t[n]), &(b[n]), b, tnb, tnb - n); - break; - } - /* - * The zero case isn't yet implemented here. The speedup would probably - * be negligible. - */ -# if 0 - if (n == 4) { - bn_mul_comba4(&(t[n2]), t, &(t[n])); - bn_mul_comba4(r, a, b); - bn_mul_normal(&(r[n2]), &(a[n]), tn, &(b[n]), tn); - memset(&r[n2 + tn * 2], 0, sizeof(*r) * (n2 - tn * 2)); - } else -# endif - if (n == 8) { - bn_mul_comba8(&(t[n2]), t, &(t[n])); - bn_mul_comba8(r, a, b); - bn_mul_normal(&(r[n2]), &(a[n]), tna, &(b[n]), tnb); - memset(&r[n2 + tna + tnb], 0, sizeof(*r) * (n2 - tna - tnb)); - } else { - p = &(t[n2 * 2]); - bn_mul_recursive(&(t[n2]), t, &(t[n]), n, 0, 0, p); - bn_mul_recursive(r, a, b, n, 0, 0, p); - i = n / 2; - /* - * If there is only a bottom half to the number, just do it - */ - if (tna > tnb) - j = tna - i; - else - j = tnb - i; - if (j == 0) { - bn_mul_recursive(&(r[n2]), &(a[n]), &(b[n]), - i, tna - i, tnb - i, p); - memset(&r[n2 + i * 2], 0, sizeof(*r) * (n2 - i * 2)); - } else if (j > 0) { /* eg, n == 16, i == 8 and tn == 11 */ - bn_mul_part_recursive(&(r[n2]), &(a[n]), &(b[n]), - i, tna - i, tnb - i, p); - memset(&(r[n2 + tna + tnb]), 0, - sizeof(BN_ULONG) * (n2 - tna - tnb)); - } else { /* (j < 0) eg, n == 16, i == 8 and tn == 5 */ - - memset(&r[n2], 0, sizeof(*r) * n2); - if (tna < BN_MUL_RECURSIVE_SIZE_NORMAL - && tnb < BN_MUL_RECURSIVE_SIZE_NORMAL) { - bn_mul_normal(&(r[n2]), &(a[n]), tna, &(b[n]), tnb); - } else { - for (;;) { - i /= 2; - /* - * these simplified conditions work exclusively because - * difference between tna and tnb is 1 or 0 - */ - if (i < tna || i < tnb) { - bn_mul_part_recursive(&(r[n2]), - &(a[n]), &(b[n]), - i, tna - i, tnb - i, p); - break; - } else if (i == tna || i == tnb) { - bn_mul_recursive(&(r[n2]), - &(a[n]), &(b[n]), - i, tna - i, tnb - i, p); - break; - } - } - } - } - } - - /*- - * t[32] holds (a[0]-a[1])*(b[1]-b[0]), c1 is the sign - * r[10] holds (a[0]*b[0]) - * r[32] holds (b[1]*b[1]) - */ - - c1 = (int)(bn_add_words(t, r, &(r[n2]), n2)); - - if (neg) { /* if t[32] is negative */ - c1 -= (int)(bn_sub_words(&(t[n2]), t, &(t[n2]), n2)); - } else { - /* Might have a carry */ - c1 += (int)(bn_add_words(&(t[n2]), &(t[n2]), t, n2)); - } - - /*- - * t[32] holds (a[0]-a[1])*(b[1]-b[0])+(a[0]*b[0])+(a[1]*b[1]) - * r[10] holds (a[0]*b[0]) - * r[32] holds (b[1]*b[1]) - * c1 holds the carry bits - */ - c1 += (int)(bn_add_words(&(r[n]), &(r[n]), &(t[n2]), n2)); - if (c1) { - p = &(r[n + n2]); - lo = *p; - ln = (lo + c1) & BN_MASK2; - *p = ln; - - /* - * The overflow will stop before we over write words we should not - * overwrite - */ - if (ln < (BN_ULONG)c1) { - do { - p++; - lo = *p; - ln = (lo + 1) & BN_MASK2; - *p = ln; - } while (ln == 0); - } - } -} - -/*- - * a and b must be the same size, which is n2. - * r needs to be n2 words and t needs to be n2*2 - */ -void bn_mul_low_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2, - BN_ULONG *t) -{ - int n = n2 / 2; - - bn_mul_recursive(r, a, b, n, 0, 0, &(t[0])); - if (n >= BN_MUL_LOW_RECURSIVE_SIZE_NORMAL) { - bn_mul_low_recursive(&(t[0]), &(a[0]), &(b[n]), n, &(t[n2])); - bn_add_words(&(r[n]), &(r[n]), &(t[0]), n); - bn_mul_low_recursive(&(t[0]), &(a[n]), &(b[0]), n, &(t[n2])); - bn_add_words(&(r[n]), &(r[n]), &(t[0]), n); - } else { - bn_mul_low_normal(&(t[0]), &(a[0]), &(b[n]), n); - bn_mul_low_normal(&(t[n]), &(a[n]), &(b[0]), n); - bn_add_words(&(r[n]), &(r[n]), &(t[0]), n); - bn_add_words(&(r[n]), &(r[n]), &(t[n]), n); - } -} -#endif /* BN_RECURSION */ - -int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) -{ - int ret = bn_mul_fixed_top(r, a, b, ctx); - - bn_correct_top(r); - bn_check_top(r); - - return ret; -} - -int bn_mul_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) -{ - int ret = 0; - int top, al, bl; - BIGNUM *rr; -#if defined(BN_MUL_COMBA) || defined(BN_RECURSION) - int i; -#endif -#ifdef BN_RECURSION - BIGNUM *t = NULL; - int j = 0, k; -#endif - - bn_check_top(a); - bn_check_top(b); - bn_check_top(r); - - al = a->top; - bl = b->top; - - if ((al == 0) || (bl == 0)) { - BN_zero(r); - return 1; - } - top = al + bl; - - BN_CTX_start(ctx); - if ((r == a) || (r == b)) { - if ((rr = BN_CTX_get(ctx)) == NULL) - goto err; - } else - rr = r; - -#if defined(BN_MUL_COMBA) || defined(BN_RECURSION) - i = al - bl; -#endif -#ifdef BN_MUL_COMBA - if (i == 0) { -# if 0 - if (al == 4) { - if (bn_wexpand(rr, 8) == NULL) - goto err; - rr->top = 8; - bn_mul_comba4(rr->d, a->d, b->d); - goto end; - } -# endif - if (al == 8) { - if (bn_wexpand(rr, 16) == NULL) - goto err; - rr->top = 16; - bn_mul_comba8(rr->d, a->d, b->d); - goto end; - } - } -#endif /* BN_MUL_COMBA */ -#ifdef BN_RECURSION - if ((al >= BN_MULL_SIZE_NORMAL) && (bl >= BN_MULL_SIZE_NORMAL)) { - if (i >= -1 && i <= 1) { - /* - * Find out the power of two lower or equal to the longest of the - * two numbers - */ - if (i >= 0) { - j = BN_num_bits_word((BN_ULONG)al); - } - if (i == -1) { - j = BN_num_bits_word((BN_ULONG)bl); - } - j = 1 << (j - 1); - assert(j <= al || j <= bl); - k = j + j; - t = BN_CTX_get(ctx); - if (t == NULL) - goto err; - if (al > j || bl > j) { - if (bn_wexpand(t, k * 4) == NULL) - goto err; - if (bn_wexpand(rr, k * 4) == NULL) - goto err; - bn_mul_part_recursive(rr->d, a->d, b->d, - j, al - j, bl - j, t->d); - } else { /* al <= j || bl <= j */ - - if (bn_wexpand(t, k * 2) == NULL) - goto err; - if (bn_wexpand(rr, k * 2) == NULL) - goto err; - bn_mul_recursive(rr->d, a->d, b->d, j, al - j, bl - j, t->d); - } - rr->top = top; - goto end; - } - } -#endif /* BN_RECURSION */ - if (bn_wexpand(rr, top) == NULL) - goto err; - rr->top = top; - bn_mul_normal(rr->d, a->d, al, b->d, bl); - -#if defined(BN_MUL_COMBA) || defined(BN_RECURSION) - end: -#endif - rr->neg = a->neg ^ b->neg; - rr->flags |= BN_FLG_FIXED_TOP; - if (r != rr && BN_copy(r, rr) == NULL) - goto err; - - ret = 1; - err: - bn_check_top(r); - BN_CTX_end(ctx); - return ret; -} - -void bn_mul_normal(BN_ULONG *r, BN_ULONG *a, int na, BN_ULONG *b, int nb) -{ - BN_ULONG *rr; - - if (na < nb) { - int itmp; - BN_ULONG *ltmp; - - itmp = na; - na = nb; - nb = itmp; - ltmp = a; - a = b; - b = ltmp; - - } - rr = &(r[na]); - if (nb <= 0) { - (void)bn_mul_words(r, a, na, 0); - return; - } else - rr[0] = bn_mul_words(r, a, na, b[0]); - - for (;;) { - if (--nb <= 0) - return; - rr[1] = bn_mul_add_words(&(r[1]), a, na, b[1]); - if (--nb <= 0) - return; - rr[2] = bn_mul_add_words(&(r[2]), a, na, b[2]); - if (--nb <= 0) - return; - rr[3] = bn_mul_add_words(&(r[3]), a, na, b[3]); - if (--nb <= 0) - return; - rr[4] = bn_mul_add_words(&(r[4]), a, na, b[4]); - rr += 4; - r += 4; - b += 4; - } -} - -void bn_mul_low_normal(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n) -{ - bn_mul_words(r, a, n, b[0]); - - for (;;) { - if (--n <= 0) - return; - bn_mul_add_words(&(r[1]), a, n, b[1]); - if (--n <= 0) - return; - bn_mul_add_words(&(r[2]), a, n, b[2]); - if (--n <= 0) - return; - bn_mul_add_words(&(r[3]), a, n, b[3]); - if (--n <= 0) - return; - bn_mul_add_words(&(r[4]), a, n, b[4]); - r += 4; - b += 4; - } -} diff --git a/crypto/bn/bn_nist.c b/crypto/bn/bn_nist.c deleted file mode 100644 index da10c4054a3e9ec9531f294abbe524838fd0e17a..0000000000000000000000000000000000000000 --- a/crypto/bn/bn_nist.c +++ /dev/null @@ -1,1250 +0,0 @@ -/* - * Copyright 2002-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include "bn_local.h" -#include "internal/cryptlib.h" - -#define BN_NIST_192_TOP (192+BN_BITS2-1)/BN_BITS2 -#define BN_NIST_224_TOP (224+BN_BITS2-1)/BN_BITS2 -#define BN_NIST_256_TOP (256+BN_BITS2-1)/BN_BITS2 -#define BN_NIST_384_TOP (384+BN_BITS2-1)/BN_BITS2 -#define BN_NIST_521_TOP (521+BN_BITS2-1)/BN_BITS2 - -/* pre-computed tables are "carry-less" values of modulus*(i+1) */ -#if BN_BITS2 == 64 -static const BN_ULONG _nist_p_192[][BN_NIST_192_TOP] = { - {0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFEULL, 0xFFFFFFFFFFFFFFFFULL}, - {0xFFFFFFFFFFFFFFFEULL, 0xFFFFFFFFFFFFFFFDULL, 0xFFFFFFFFFFFFFFFFULL}, - {0xFFFFFFFFFFFFFFFDULL, 0xFFFFFFFFFFFFFFFCULL, 0xFFFFFFFFFFFFFFFFULL} -}; - -static const BN_ULONG _nist_p_192_sqr[] = { - 0x0000000000000001ULL, 0x0000000000000002ULL, 0x0000000000000001ULL, - 0xFFFFFFFFFFFFFFFEULL, 0xFFFFFFFFFFFFFFFDULL, 0xFFFFFFFFFFFFFFFFULL -}; - -static const BN_ULONG _nist_p_224[][BN_NIST_224_TOP] = { - {0x0000000000000001ULL, 0xFFFFFFFF00000000ULL, - 0xFFFFFFFFFFFFFFFFULL, 0x00000000FFFFFFFFULL}, - {0x0000000000000002ULL, 0xFFFFFFFE00000000ULL, - 0xFFFFFFFFFFFFFFFFULL, 0x00000001FFFFFFFFULL} /* this one is - * "carry-full" */ -}; - -static const BN_ULONG _nist_p_224_sqr[] = { - 0x0000000000000001ULL, 0xFFFFFFFE00000000ULL, - 0xFFFFFFFFFFFFFFFFULL, 0x0000000200000000ULL, - 0x0000000000000000ULL, 0xFFFFFFFFFFFFFFFEULL, - 0xFFFFFFFFFFFFFFFFULL -}; - -static const BN_ULONG _nist_p_256[][BN_NIST_256_TOP] = { - {0xFFFFFFFFFFFFFFFFULL, 0x00000000FFFFFFFFULL, - 0x0000000000000000ULL, 0xFFFFFFFF00000001ULL}, - {0xFFFFFFFFFFFFFFFEULL, 0x00000001FFFFFFFFULL, - 0x0000000000000000ULL, 0xFFFFFFFE00000002ULL}, - {0xFFFFFFFFFFFFFFFDULL, 0x00000002FFFFFFFFULL, - 0x0000000000000000ULL, 0xFFFFFFFD00000003ULL}, - {0xFFFFFFFFFFFFFFFCULL, 0x00000003FFFFFFFFULL, - 0x0000000000000000ULL, 0xFFFFFFFC00000004ULL}, - {0xFFFFFFFFFFFFFFFBULL, 0x00000004FFFFFFFFULL, - 0x0000000000000000ULL, 0xFFFFFFFB00000005ULL}, -}; - -static const BN_ULONG _nist_p_256_sqr[] = { - 0x0000000000000001ULL, 0xFFFFFFFE00000000ULL, - 0xFFFFFFFFFFFFFFFFULL, 0x00000001FFFFFFFEULL, - 0x00000001FFFFFFFEULL, 0x00000001FFFFFFFEULL, - 0xFFFFFFFE00000001ULL, 0xFFFFFFFE00000002ULL -}; - -static const BN_ULONG _nist_p_384[][BN_NIST_384_TOP] = { - {0x00000000FFFFFFFFULL, 0xFFFFFFFF00000000ULL, 0xFFFFFFFFFFFFFFFEULL, - 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL}, - {0x00000001FFFFFFFEULL, 0xFFFFFFFE00000000ULL, 0xFFFFFFFFFFFFFFFDULL, - 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL}, - {0x00000002FFFFFFFDULL, 0xFFFFFFFD00000000ULL, 0xFFFFFFFFFFFFFFFCULL, - 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL}, - {0x00000003FFFFFFFCULL, 0xFFFFFFFC00000000ULL, 0xFFFFFFFFFFFFFFFBULL, - 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL}, - {0x00000004FFFFFFFBULL, 0xFFFFFFFB00000000ULL, 0xFFFFFFFFFFFFFFFAULL, - 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL}, -}; - -static const BN_ULONG _nist_p_384_sqr[] = { - 0xFFFFFFFE00000001ULL, 0x0000000200000000ULL, 0xFFFFFFFE00000000ULL, - 0x0000000200000000ULL, 0x0000000000000001ULL, 0x0000000000000000ULL, - 0x00000001FFFFFFFEULL, 0xFFFFFFFE00000000ULL, 0xFFFFFFFFFFFFFFFDULL, - 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL -}; - -static const BN_ULONG _nist_p_521[] = - { 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, - 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, - 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, - 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, - 0x00000000000001FFULL -}; - -static const BN_ULONG _nist_p_521_sqr[] = { - 0x0000000000000001ULL, 0x0000000000000000ULL, 0x0000000000000000ULL, - 0x0000000000000000ULL, 0x0000000000000000ULL, 0x0000000000000000ULL, - 0x0000000000000000ULL, 0x0000000000000000ULL, 0xFFFFFFFFFFFFFC00ULL, - 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, - 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, - 0xFFFFFFFFFFFFFFFFULL, 0x000000000003FFFFULL -}; -#elif BN_BITS2 == 32 -static const BN_ULONG _nist_p_192[][BN_NIST_192_TOP] = { - {0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFE, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF}, - {0xFFFFFFFE, 0xFFFFFFFF, 0xFFFFFFFD, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF}, - {0xFFFFFFFD, 0xFFFFFFFF, 0xFFFFFFFC, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF} -}; - -static const BN_ULONG _nist_p_192_sqr[] = { - 0x00000001, 0x00000000, 0x00000002, 0x00000000, 0x00000001, 0x00000000, - 0xFFFFFFFE, 0xFFFFFFFF, 0xFFFFFFFD, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF -}; - -static const BN_ULONG _nist_p_224[][BN_NIST_224_TOP] = { - {0x00000001, 0x00000000, 0x00000000, 0xFFFFFFFF, - 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF}, - {0x00000002, 0x00000000, 0x00000000, 0xFFFFFFFE, - 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF} -}; - -static const BN_ULONG _nist_p_224_sqr[] = { - 0x00000001, 0x00000000, 0x00000000, 0xFFFFFFFE, - 0xFFFFFFFF, 0xFFFFFFFF, 0x00000000, 0x00000002, - 0x00000000, 0x00000000, 0xFFFFFFFE, 0xFFFFFFFF, - 0xFFFFFFFF, 0xFFFFFFFF -}; - -static const BN_ULONG _nist_p_256[][BN_NIST_256_TOP] = { - {0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0x00000000, - 0x00000000, 0x00000000, 0x00000001, 0xFFFFFFFF}, - {0xFFFFFFFE, 0xFFFFFFFF, 0xFFFFFFFF, 0x00000001, - 0x00000000, 0x00000000, 0x00000002, 0xFFFFFFFE}, - {0xFFFFFFFD, 0xFFFFFFFF, 0xFFFFFFFF, 0x00000002, - 0x00000000, 0x00000000, 0x00000003, 0xFFFFFFFD}, - {0xFFFFFFFC, 0xFFFFFFFF, 0xFFFFFFFF, 0x00000003, - 0x00000000, 0x00000000, 0x00000004, 0xFFFFFFFC}, - {0xFFFFFFFB, 0xFFFFFFFF, 0xFFFFFFFF, 0x00000004, - 0x00000000, 0x00000000, 0x00000005, 0xFFFFFFFB}, -}; - -static const BN_ULONG _nist_p_256_sqr[] = { - 0x00000001, 0x00000000, 0x00000000, 0xFFFFFFFE, - 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFE, 0x00000001, - 0xFFFFFFFE, 0x00000001, 0xFFFFFFFE, 0x00000001, - 0x00000001, 0xFFFFFFFE, 0x00000002, 0xFFFFFFFE -}; - -static const BN_ULONG _nist_p_384[][BN_NIST_384_TOP] = { - {0xFFFFFFFF, 0x00000000, 0x00000000, 0xFFFFFFFF, 0xFFFFFFFE, 0xFFFFFFFF, - 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF}, - {0xFFFFFFFE, 0x00000001, 0x00000000, 0xFFFFFFFE, 0xFFFFFFFD, 0xFFFFFFFF, - 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF}, - {0xFFFFFFFD, 0x00000002, 0x00000000, 0xFFFFFFFD, 0xFFFFFFFC, 0xFFFFFFFF, - 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF}, - {0xFFFFFFFC, 0x00000003, 0x00000000, 0xFFFFFFFC, 0xFFFFFFFB, 0xFFFFFFFF, - 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF}, - {0xFFFFFFFB, 0x00000004, 0x00000000, 0xFFFFFFFB, 0xFFFFFFFA, 0xFFFFFFFF, - 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF}, -}; - -static const BN_ULONG _nist_p_384_sqr[] = { - 0x00000001, 0xFFFFFFFE, 0x00000000, 0x00000002, 0x00000000, 0xFFFFFFFE, - 0x00000000, 0x00000002, 0x00000001, 0x00000000, 0x00000000, 0x00000000, - 0xFFFFFFFE, 0x00000001, 0x00000000, 0xFFFFFFFE, 0xFFFFFFFD, 0xFFFFFFFF, - 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF -}; - -static const BN_ULONG _nist_p_521[] = { 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, - 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, - 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, - 0xFFFFFFFF, 0x000001FF -}; - -static const BN_ULONG _nist_p_521_sqr[] = { - 0x00000001, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, - 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, - 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0xFFFFFC00, 0xFFFFFFFF, - 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, - 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, - 0xFFFFFFFF, 0xFFFFFFFF, 0x0003FFFF -}; -#else -# error "unsupported BN_BITS2" -#endif - -static const BIGNUM ossl_bignum_nist_p_192 = { - (BN_ULONG *)_nist_p_192[0], - BN_NIST_192_TOP, - BN_NIST_192_TOP, - 0, - BN_FLG_STATIC_DATA -}; - -static const BIGNUM ossl_bignum_nist_p_224 = { - (BN_ULONG *)_nist_p_224[0], - BN_NIST_224_TOP, - BN_NIST_224_TOP, - 0, - BN_FLG_STATIC_DATA -}; - -static const BIGNUM ossl_bignum_nist_p_256 = { - (BN_ULONG *)_nist_p_256[0], - BN_NIST_256_TOP, - BN_NIST_256_TOP, - 0, - BN_FLG_STATIC_DATA -}; - -static const BIGNUM ossl_bignum_nist_p_384 = { - (BN_ULONG *)_nist_p_384[0], - BN_NIST_384_TOP, - BN_NIST_384_TOP, - 0, - BN_FLG_STATIC_DATA -}; - -static const BIGNUM ossl_bignum_nist_p_521 = { - (BN_ULONG *)_nist_p_521, - BN_NIST_521_TOP, - BN_NIST_521_TOP, - 0, - BN_FLG_STATIC_DATA -}; - -const BIGNUM *BN_get0_nist_prime_192(void) -{ - return &ossl_bignum_nist_p_192; -} - -const BIGNUM *BN_get0_nist_prime_224(void) -{ - return &ossl_bignum_nist_p_224; -} - -const BIGNUM *BN_get0_nist_prime_256(void) -{ - return &ossl_bignum_nist_p_256; -} - -const BIGNUM *BN_get0_nist_prime_384(void) -{ - return &ossl_bignum_nist_p_384; -} - -const BIGNUM *BN_get0_nist_prime_521(void) -{ - return &ossl_bignum_nist_p_521; -} - -/* - * To avoid more recent compilers (specifically clang-14) from treating this - * code as a violation of the strict aliasing conditions and omiting it, this - * cannot be declared as a function. Moreover, the dst parameter cannot be - * cached in a local since this no longer references the union and again falls - * foul of the strict aliasing criteria. Refer to #18225 for the initial - * diagnostics and llvm/llvm-project#55255 for the later discussions with the - * LLVM developers. The problem boils down to if an array in the union is - * converted to a pointer or if it is used directly. - * - * This function was inlined regardless, so there is no space cost to be - * paid for making it a macro. - */ -#define nist_cp_bn_0(dst, src_in, top, max) \ -{ \ - int ii; \ - const BN_ULONG *src = src_in; \ - \ - for (ii = 0; ii < top; ii++) \ - (dst)[ii] = src[ii]; \ - for (; ii < max; ii++) \ - (dst)[ii] = 0; \ -} - -static void nist_cp_bn(BN_ULONG *dst, const BN_ULONG *src, int top) -{ - int i; - - for (i = 0; i < top; i++) - dst[i] = src[i]; -} - -#if BN_BITS2 == 64 -# define bn_cp_64(to, n, from, m) (to)[n] = (m>=0)?((from)[m]):0; -# define bn_64_set_0(to, n) (to)[n] = (BN_ULONG)0; -/* - * two following macros are implemented under assumption that they - * are called in a sequence with *ascending* n, i.e. as they are... - */ -# define bn_cp_32_naked(to, n, from, m) (((n)&1)?(to[(n)/2]|=((m)&1)?(from[(m)/2]&BN_MASK2h):(from[(m)/2]<<32))\ - :(to[(n)/2] =((m)&1)?(from[(m)/2]>>32):(from[(m)/2]&BN_MASK2l))) -# define bn_32_set_0(to, n) (((n)&1)?(to[(n)/2]&=BN_MASK2l):(to[(n)/2]=0)); -# define bn_cp_32(to,n,from,m) ((m)>=0)?bn_cp_32_naked(to,n,from,m):bn_32_set_0(to,n) -# if defined(L_ENDIAN) -# if defined(__arch64__) -# define NIST_INT64 long -# else -# define NIST_INT64 long long -# endif -# endif -#else -# define bn_cp_64(to, n, from, m) \ - { \ - bn_cp_32(to, (n)*2, from, (m)*2); \ - bn_cp_32(to, (n)*2+1, from, (m)*2+1); \ - } -# define bn_64_set_0(to, n) \ - { \ - bn_32_set_0(to, (n)*2); \ - bn_32_set_0(to, (n)*2+1); \ - } -# define bn_cp_32(to, n, from, m) (to)[n] = (m>=0)?((from)[m]):0; -# define bn_32_set_0(to, n) (to)[n] = (BN_ULONG)0; -# if defined(_WIN32) && !defined(__GNUC__) -# define NIST_INT64 __int64 -# elif defined(BN_LLONG) -# define NIST_INT64 long long -# endif -#endif /* BN_BITS2 != 64 */ - -#define nist_set_192(to, from, a1, a2, a3) \ - { \ - bn_cp_64(to, 0, from, (a3) - 3) \ - bn_cp_64(to, 1, from, (a2) - 3) \ - bn_cp_64(to, 2, from, (a1) - 3) \ - } - -int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, - BN_CTX *ctx) -{ - int top = a->top, i; - int carry; - register BN_ULONG *r_d, *a_d = a->d; - union { - BN_ULONG bn[BN_NIST_192_TOP]; - unsigned int ui[BN_NIST_192_TOP * sizeof(BN_ULONG) / - sizeof(unsigned int)]; - } buf; - BN_ULONG c_d[BN_NIST_192_TOP], *res; - PTR_SIZE_INT mask; - static const BIGNUM ossl_bignum_nist_p_192_sqr = { - (BN_ULONG *)_nist_p_192_sqr, - OSSL_NELEM(_nist_p_192_sqr), - OSSL_NELEM(_nist_p_192_sqr), - 0, BN_FLG_STATIC_DATA - }; - - field = &ossl_bignum_nist_p_192; /* just to make sure */ - - if (BN_is_negative(a) || BN_ucmp(a, &ossl_bignum_nist_p_192_sqr) >= 0) - return BN_nnmod(r, a, field, ctx); - - i = BN_ucmp(field, a); - if (i == 0) { - BN_zero(r); - return 1; - } else if (i > 0) - return (r == a) ? 1 : (BN_copy(r, a) != NULL); - - if (r != a) { - if (!bn_wexpand(r, BN_NIST_192_TOP)) - return 0; - r_d = r->d; - nist_cp_bn(r_d, a_d, BN_NIST_192_TOP); - } else - r_d = a_d; - - nist_cp_bn_0(buf.bn, a_d + BN_NIST_192_TOP, top - BN_NIST_192_TOP, - BN_NIST_192_TOP); - -#if defined(NIST_INT64) - { - NIST_INT64 acc; /* accumulator */ - unsigned int *rp = (unsigned int *)r_d; - const unsigned int *bp = (const unsigned int *)buf.ui; - - acc = rp[0]; - acc += bp[3 * 2 - 6]; - acc += bp[5 * 2 - 6]; - rp[0] = (unsigned int)acc; - acc >>= 32; - - acc += rp[1]; - acc += bp[3 * 2 - 5]; - acc += bp[5 * 2 - 5]; - rp[1] = (unsigned int)acc; - acc >>= 32; - - acc += rp[2]; - acc += bp[3 * 2 - 6]; - acc += bp[4 * 2 - 6]; - acc += bp[5 * 2 - 6]; - rp[2] = (unsigned int)acc; - acc >>= 32; - - acc += rp[3]; - acc += bp[3 * 2 - 5]; - acc += bp[4 * 2 - 5]; - acc += bp[5 * 2 - 5]; - rp[3] = (unsigned int)acc; - acc >>= 32; - - acc += rp[4]; - acc += bp[4 * 2 - 6]; - acc += bp[5 * 2 - 6]; - rp[4] = (unsigned int)acc; - acc >>= 32; - - acc += rp[5]; - acc += bp[4 * 2 - 5]; - acc += bp[5 * 2 - 5]; - rp[5] = (unsigned int)acc; - - carry = (int)(acc >> 32); - } -#else - { - BN_ULONG t_d[BN_NIST_192_TOP]; - - nist_set_192(t_d, buf.bn, 0, 3, 3); - carry = (int)bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP); - nist_set_192(t_d, buf.bn, 4, 4, 0); - carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP); - nist_set_192(t_d, buf.bn, 5, 5, 5) - carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP); - } -#endif - if (carry > 0) - carry = - (int)bn_sub_words(r_d, r_d, _nist_p_192[carry - 1], - BN_NIST_192_TOP); - else - carry = 1; - - /* - * we need 'if (carry==0 || result>=modulus) result-=modulus;' - * as comparison implies subtraction, we can write - * 'tmp=result-modulus; if (!carry || !borrow) result=tmp;' - * this is what happens below, but without explicit if:-) a. - */ - mask = - 0 - (PTR_SIZE_INT) bn_sub_words(c_d, r_d, _nist_p_192[0], - BN_NIST_192_TOP); - mask &= 0 - (PTR_SIZE_INT) carry; - res = c_d; - res = (BN_ULONG *) - (((PTR_SIZE_INT) res & ~mask) | ((PTR_SIZE_INT) r_d & mask)); - nist_cp_bn(r_d, res, BN_NIST_192_TOP); - r->top = BN_NIST_192_TOP; - bn_correct_top(r); - - return 1; -} - -typedef BN_ULONG (*bn_addsub_f) (BN_ULONG *, const BN_ULONG *, - const BN_ULONG *, int); - -#define nist_set_224(to, from, a1, a2, a3, a4, a5, a6, a7) \ - { \ - bn_cp_32(to, 0, from, (a7) - 7) \ - bn_cp_32(to, 1, from, (a6) - 7) \ - bn_cp_32(to, 2, from, (a5) - 7) \ - bn_cp_32(to, 3, from, (a4) - 7) \ - bn_cp_32(to, 4, from, (a3) - 7) \ - bn_cp_32(to, 5, from, (a2) - 7) \ - bn_cp_32(to, 6, from, (a1) - 7) \ - } - -int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, - BN_CTX *ctx) -{ - int top = a->top, i; - int carry; - BN_ULONG *r_d, *a_d = a->d; - union { - BN_ULONG bn[BN_NIST_224_TOP]; - unsigned int ui[BN_NIST_224_TOP * sizeof(BN_ULONG) / - sizeof(unsigned int)]; - } buf; - BN_ULONG c_d[BN_NIST_224_TOP], *res; - PTR_SIZE_INT mask; - union { - bn_addsub_f f; - PTR_SIZE_INT p; - } u; - static const BIGNUM ossl_bignum_nist_p_224_sqr = { - (BN_ULONG *)_nist_p_224_sqr, - OSSL_NELEM(_nist_p_224_sqr), - OSSL_NELEM(_nist_p_224_sqr), - 0, BN_FLG_STATIC_DATA - }; - - field = &ossl_bignum_nist_p_224; /* just to make sure */ - - if (BN_is_negative(a) || BN_ucmp(a, &ossl_bignum_nist_p_224_sqr) >= 0) - return BN_nnmod(r, a, field, ctx); - - i = BN_ucmp(field, a); - if (i == 0) { - BN_zero(r); - return 1; - } else if (i > 0) - return (r == a) ? 1 : (BN_copy(r, a) != NULL); - - if (r != a) { - if (!bn_wexpand(r, BN_NIST_224_TOP)) - return 0; - r_d = r->d; - nist_cp_bn(r_d, a_d, BN_NIST_224_TOP); - } else - r_d = a_d; - -#if BN_BITS2==64 - /* copy upper 256 bits of 448 bit number ... */ - nist_cp_bn_0(c_d, a_d + (BN_NIST_224_TOP - 1), - top - (BN_NIST_224_TOP - 1), BN_NIST_224_TOP); - /* ... and right shift by 32 to obtain upper 224 bits */ - nist_set_224(buf.bn, c_d, 14, 13, 12, 11, 10, 9, 8); - /* truncate lower part to 224 bits too */ - r_d[BN_NIST_224_TOP - 1] &= BN_MASK2l; -#else - nist_cp_bn_0(buf.bn, a_d + BN_NIST_224_TOP, top - BN_NIST_224_TOP, - BN_NIST_224_TOP); -#endif - -#if defined(NIST_INT64) && BN_BITS2!=64 - { - NIST_INT64 acc; /* accumulator */ - unsigned int *rp = (unsigned int *)r_d; - const unsigned int *bp = (const unsigned int *)buf.ui; - - acc = rp[0]; - acc -= bp[7 - 7]; - acc -= bp[11 - 7]; - rp[0] = (unsigned int)acc; - acc >>= 32; - - acc += rp[1]; - acc -= bp[8 - 7]; - acc -= bp[12 - 7]; - rp[1] = (unsigned int)acc; - acc >>= 32; - - acc += rp[2]; - acc -= bp[9 - 7]; - acc -= bp[13 - 7]; - rp[2] = (unsigned int)acc; - acc >>= 32; - - acc += rp[3]; - acc += bp[7 - 7]; - acc += bp[11 - 7]; - acc -= bp[10 - 7]; - rp[3] = (unsigned int)acc; - acc >>= 32; - - acc += rp[4]; - acc += bp[8 - 7]; - acc += bp[12 - 7]; - acc -= bp[11 - 7]; - rp[4] = (unsigned int)acc; - acc >>= 32; - - acc += rp[5]; - acc += bp[9 - 7]; - acc += bp[13 - 7]; - acc -= bp[12 - 7]; - rp[5] = (unsigned int)acc; - acc >>= 32; - - acc += rp[6]; - acc += bp[10 - 7]; - acc -= bp[13 - 7]; - rp[6] = (unsigned int)acc; - - carry = (int)(acc >> 32); -# if BN_BITS2==64 - rp[7] = carry; -# endif - } -#else - { - BN_ULONG t_d[BN_NIST_224_TOP]; - - nist_set_224(t_d, buf.bn, 10, 9, 8, 7, 0, 0, 0); - carry = (int)bn_add_words(r_d, r_d, t_d, BN_NIST_224_TOP); - nist_set_224(t_d, buf.bn, 0, 13, 12, 11, 0, 0, 0); - carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_224_TOP); - nist_set_224(t_d, buf.bn, 13, 12, 11, 10, 9, 8, 7); - carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_224_TOP); - nist_set_224(t_d, buf.bn, 0, 0, 0, 0, 13, 12, 11); - carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_224_TOP); - -# if BN_BITS2==64 - carry = (int)(r_d[BN_NIST_224_TOP - 1] >> 32); -# endif - } -#endif - u.f = bn_sub_words; - if (carry > 0) { - carry = - (int)bn_sub_words(r_d, r_d, _nist_p_224[carry - 1], - BN_NIST_224_TOP); -#if BN_BITS2==64 - carry = (int)(~(r_d[BN_NIST_224_TOP - 1] >> 32)) & 1; -#endif - } else if (carry < 0) { - /* - * it's a bit more complicated logic in this case. if bn_add_words - * yields no carry, then result has to be adjusted by unconditionally - * *adding* the modulus. but if it does, then result has to be - * compared to the modulus and conditionally adjusted by - * *subtracting* the latter. - */ - carry = - (int)bn_add_words(r_d, r_d, _nist_p_224[-carry - 1], - BN_NIST_224_TOP); - mask = 0 - (PTR_SIZE_INT) carry; - u.p = ((PTR_SIZE_INT) bn_sub_words & mask) | - ((PTR_SIZE_INT) bn_add_words & ~mask); - } else - carry = 1; - - /* otherwise it's effectively same as in BN_nist_mod_192... */ - mask = - 0 - (PTR_SIZE_INT) (*u.f) (c_d, r_d, _nist_p_224[0], BN_NIST_224_TOP); - mask &= 0 - (PTR_SIZE_INT) carry; - res = c_d; - res = (BN_ULONG *)(((PTR_SIZE_INT) res & ~mask) | - ((PTR_SIZE_INT) r_d & mask)); - nist_cp_bn(r_d, res, BN_NIST_224_TOP); - r->top = BN_NIST_224_TOP; - bn_correct_top(r); - - return 1; -} - -#define nist_set_256(to, from, a1, a2, a3, a4, a5, a6, a7, a8) \ - { \ - bn_cp_32(to, 0, from, (a8) - 8) \ - bn_cp_32(to, 1, from, (a7) - 8) \ - bn_cp_32(to, 2, from, (a6) - 8) \ - bn_cp_32(to, 3, from, (a5) - 8) \ - bn_cp_32(to, 4, from, (a4) - 8) \ - bn_cp_32(to, 5, from, (a3) - 8) \ - bn_cp_32(to, 6, from, (a2) - 8) \ - bn_cp_32(to, 7, from, (a1) - 8) \ - } - -int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, - BN_CTX *ctx) -{ - int i, top = a->top; - int carry = 0; - register BN_ULONG *a_d = a->d, *r_d; - union { - BN_ULONG bn[BN_NIST_256_TOP]; - unsigned int ui[BN_NIST_256_TOP * sizeof(BN_ULONG) / - sizeof(unsigned int)]; - } buf; - BN_ULONG c_d[BN_NIST_256_TOP], *res; - PTR_SIZE_INT mask; - union { - bn_addsub_f f; - PTR_SIZE_INT p; - } u; - static const BIGNUM ossl_bignum_nist_p_256_sqr = { - (BN_ULONG *)_nist_p_256_sqr, - OSSL_NELEM(_nist_p_256_sqr), - OSSL_NELEM(_nist_p_256_sqr), - 0, BN_FLG_STATIC_DATA - }; - - field = &ossl_bignum_nist_p_256; /* just to make sure */ - - if (BN_is_negative(a) || BN_ucmp(a, &ossl_bignum_nist_p_256_sqr) >= 0) - return BN_nnmod(r, a, field, ctx); - - i = BN_ucmp(field, a); - if (i == 0) { - BN_zero(r); - return 1; - } else if (i > 0) - return (r == a) ? 1 : (BN_copy(r, a) != NULL); - - if (r != a) { - if (!bn_wexpand(r, BN_NIST_256_TOP)) - return 0; - r_d = r->d; - nist_cp_bn(r_d, a_d, BN_NIST_256_TOP); - } else - r_d = a_d; - - nist_cp_bn_0(buf.bn, a_d + BN_NIST_256_TOP, top - BN_NIST_256_TOP, - BN_NIST_256_TOP); - -#if defined(NIST_INT64) - { - NIST_INT64 acc; /* accumulator */ - unsigned int *rp = (unsigned int *)r_d; - const unsigned int *bp = (const unsigned int *)buf.ui; - - acc = rp[0]; - acc += bp[8 - 8]; - acc += bp[9 - 8]; - acc -= bp[11 - 8]; - acc -= bp[12 - 8]; - acc -= bp[13 - 8]; - acc -= bp[14 - 8]; - rp[0] = (unsigned int)acc; - acc >>= 32; - - acc += rp[1]; - acc += bp[9 - 8]; - acc += bp[10 - 8]; - acc -= bp[12 - 8]; - acc -= bp[13 - 8]; - acc -= bp[14 - 8]; - acc -= bp[15 - 8]; - rp[1] = (unsigned int)acc; - acc >>= 32; - - acc += rp[2]; - acc += bp[10 - 8]; - acc += bp[11 - 8]; - acc -= bp[13 - 8]; - acc -= bp[14 - 8]; - acc -= bp[15 - 8]; - rp[2] = (unsigned int)acc; - acc >>= 32; - - acc += rp[3]; - acc += bp[11 - 8]; - acc += bp[11 - 8]; - acc += bp[12 - 8]; - acc += bp[12 - 8]; - acc += bp[13 - 8]; - acc -= bp[15 - 8]; - acc -= bp[8 - 8]; - acc -= bp[9 - 8]; - rp[3] = (unsigned int)acc; - acc >>= 32; - - acc += rp[4]; - acc += bp[12 - 8]; - acc += bp[12 - 8]; - acc += bp[13 - 8]; - acc += bp[13 - 8]; - acc += bp[14 - 8]; - acc -= bp[9 - 8]; - acc -= bp[10 - 8]; - rp[4] = (unsigned int)acc; - acc >>= 32; - - acc += rp[5]; - acc += bp[13 - 8]; - acc += bp[13 - 8]; - acc += bp[14 - 8]; - acc += bp[14 - 8]; - acc += bp[15 - 8]; - acc -= bp[10 - 8]; - acc -= bp[11 - 8]; - rp[5] = (unsigned int)acc; - acc >>= 32; - - acc += rp[6]; - acc += bp[14 - 8]; - acc += bp[14 - 8]; - acc += bp[15 - 8]; - acc += bp[15 - 8]; - acc += bp[14 - 8]; - acc += bp[13 - 8]; - acc -= bp[8 - 8]; - acc -= bp[9 - 8]; - rp[6] = (unsigned int)acc; - acc >>= 32; - - acc += rp[7]; - acc += bp[15 - 8]; - acc += bp[15 - 8]; - acc += bp[15 - 8]; - acc += bp[8 - 8]; - acc -= bp[10 - 8]; - acc -= bp[11 - 8]; - acc -= bp[12 - 8]; - acc -= bp[13 - 8]; - rp[7] = (unsigned int)acc; - - carry = (int)(acc >> 32); - } -#else - { - BN_ULONG t_d[BN_NIST_256_TOP]; - - /* - * S1 - */ - nist_set_256(t_d, buf.bn, 15, 14, 13, 12, 11, 0, 0, 0); - /* - * S2 - */ - nist_set_256(c_d, buf.bn, 0, 15, 14, 13, 12, 0, 0, 0); - carry = (int)bn_add_words(t_d, t_d, c_d, BN_NIST_256_TOP); - /* left shift */ - { - register BN_ULONG *ap, t, c; - ap = t_d; - c = 0; - for (i = BN_NIST_256_TOP; i != 0; --i) { - t = *ap; - *(ap++) = ((t << 1) | c) & BN_MASK2; - c = (t & BN_TBIT) ? 1 : 0; - } - carry <<= 1; - carry |= c; - } - carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_256_TOP); - /* - * S3 - */ - nist_set_256(t_d, buf.bn, 15, 14, 0, 0, 0, 10, 9, 8); - carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_256_TOP); - /* - * S4 - */ - nist_set_256(t_d, buf.bn, 8, 13, 15, 14, 13, 11, 10, 9); - carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_256_TOP); - /* - * D1 - */ - nist_set_256(t_d, buf.bn, 10, 8, 0, 0, 0, 13, 12, 11); - carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP); - /* - * D2 - */ - nist_set_256(t_d, buf.bn, 11, 9, 0, 0, 15, 14, 13, 12); - carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP); - /* - * D3 - */ - nist_set_256(t_d, buf.bn, 12, 0, 10, 9, 8, 15, 14, 13); - carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP); - /* - * D4 - */ - nist_set_256(t_d, buf.bn, 13, 0, 11, 10, 9, 0, 15, 14); - carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP); - - } -#endif - /* see BN_nist_mod_224 for explanation */ - u.f = bn_sub_words; - if (carry > 0) - carry = - (int)bn_sub_words(r_d, r_d, _nist_p_256[carry - 1], - BN_NIST_256_TOP); - else if (carry < 0) { - carry = - (int)bn_add_words(r_d, r_d, _nist_p_256[-carry - 1], - BN_NIST_256_TOP); - mask = 0 - (PTR_SIZE_INT) carry; - u.p = ((PTR_SIZE_INT) bn_sub_words & mask) | - ((PTR_SIZE_INT) bn_add_words & ~mask); - } else - carry = 1; - - mask = - 0 - (PTR_SIZE_INT) (*u.f) (c_d, r_d, _nist_p_256[0], BN_NIST_256_TOP); - mask &= 0 - (PTR_SIZE_INT) carry; - res = c_d; - res = (BN_ULONG *)(((PTR_SIZE_INT) res & ~mask) | - ((PTR_SIZE_INT) r_d & mask)); - nist_cp_bn(r_d, res, BN_NIST_256_TOP); - r->top = BN_NIST_256_TOP; - bn_correct_top(r); - - return 1; -} - -#define nist_set_384(to,from,a1,a2,a3,a4,a5,a6,a7,a8,a9,a10,a11,a12) \ - { \ - bn_cp_32(to, 0, from, (a12) - 12) \ - bn_cp_32(to, 1, from, (a11) - 12) \ - bn_cp_32(to, 2, from, (a10) - 12) \ - bn_cp_32(to, 3, from, (a9) - 12) \ - bn_cp_32(to, 4, from, (a8) - 12) \ - bn_cp_32(to, 5, from, (a7) - 12) \ - bn_cp_32(to, 6, from, (a6) - 12) \ - bn_cp_32(to, 7, from, (a5) - 12) \ - bn_cp_32(to, 8, from, (a4) - 12) \ - bn_cp_32(to, 9, from, (a3) - 12) \ - bn_cp_32(to, 10, from, (a2) - 12) \ - bn_cp_32(to, 11, from, (a1) - 12) \ - } - -int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, - BN_CTX *ctx) -{ - int i, top = a->top; - int carry = 0; - register BN_ULONG *r_d, *a_d = a->d; - union { - BN_ULONG bn[BN_NIST_384_TOP]; - unsigned int ui[BN_NIST_384_TOP * sizeof(BN_ULONG) / - sizeof(unsigned int)]; - } buf; - BN_ULONG c_d[BN_NIST_384_TOP], *res; - PTR_SIZE_INT mask; - union { - bn_addsub_f f; - PTR_SIZE_INT p; - } u; - static const BIGNUM ossl_bignum_nist_p_384_sqr = { - (BN_ULONG *)_nist_p_384_sqr, - OSSL_NELEM(_nist_p_384_sqr), - OSSL_NELEM(_nist_p_384_sqr), - 0, BN_FLG_STATIC_DATA - }; - - field = &ossl_bignum_nist_p_384; /* just to make sure */ - - if (BN_is_negative(a) || BN_ucmp(a, &ossl_bignum_nist_p_384_sqr) >= 0) - return BN_nnmod(r, a, field, ctx); - - i = BN_ucmp(field, a); - if (i == 0) { - BN_zero(r); - return 1; - } else if (i > 0) - return (r == a) ? 1 : (BN_copy(r, a) != NULL); - - if (r != a) { - if (!bn_wexpand(r, BN_NIST_384_TOP)) - return 0; - r_d = r->d; - nist_cp_bn(r_d, a_d, BN_NIST_384_TOP); - } else - r_d = a_d; - - nist_cp_bn_0(buf.bn, a_d + BN_NIST_384_TOP, top - BN_NIST_384_TOP, - BN_NIST_384_TOP); - -#if defined(NIST_INT64) - { - NIST_INT64 acc; /* accumulator */ - unsigned int *rp = (unsigned int *)r_d; - const unsigned int *bp = (const unsigned int *)buf.ui; - - acc = rp[0]; - acc += bp[12 - 12]; - acc += bp[21 - 12]; - acc += bp[20 - 12]; - acc -= bp[23 - 12]; - rp[0] = (unsigned int)acc; - acc >>= 32; - - acc += rp[1]; - acc += bp[13 - 12]; - acc += bp[22 - 12]; - acc += bp[23 - 12]; - acc -= bp[12 - 12]; - acc -= bp[20 - 12]; - rp[1] = (unsigned int)acc; - acc >>= 32; - - acc += rp[2]; - acc += bp[14 - 12]; - acc += bp[23 - 12]; - acc -= bp[13 - 12]; - acc -= bp[21 - 12]; - rp[2] = (unsigned int)acc; - acc >>= 32; - - acc += rp[3]; - acc += bp[15 - 12]; - acc += bp[12 - 12]; - acc += bp[20 - 12]; - acc += bp[21 - 12]; - acc -= bp[14 - 12]; - acc -= bp[22 - 12]; - acc -= bp[23 - 12]; - rp[3] = (unsigned int)acc; - acc >>= 32; - - acc += rp[4]; - acc += bp[21 - 12]; - acc += bp[21 - 12]; - acc += bp[16 - 12]; - acc += bp[13 - 12]; - acc += bp[12 - 12]; - acc += bp[20 - 12]; - acc += bp[22 - 12]; - acc -= bp[15 - 12]; - acc -= bp[23 - 12]; - acc -= bp[23 - 12]; - rp[4] = (unsigned int)acc; - acc >>= 32; - - acc += rp[5]; - acc += bp[22 - 12]; - acc += bp[22 - 12]; - acc += bp[17 - 12]; - acc += bp[14 - 12]; - acc += bp[13 - 12]; - acc += bp[21 - 12]; - acc += bp[23 - 12]; - acc -= bp[16 - 12]; - rp[5] = (unsigned int)acc; - acc >>= 32; - - acc += rp[6]; - acc += bp[23 - 12]; - acc += bp[23 - 12]; - acc += bp[18 - 12]; - acc += bp[15 - 12]; - acc += bp[14 - 12]; - acc += bp[22 - 12]; - acc -= bp[17 - 12]; - rp[6] = (unsigned int)acc; - acc >>= 32; - - acc += rp[7]; - acc += bp[19 - 12]; - acc += bp[16 - 12]; - acc += bp[15 - 12]; - acc += bp[23 - 12]; - acc -= bp[18 - 12]; - rp[7] = (unsigned int)acc; - acc >>= 32; - - acc += rp[8]; - acc += bp[20 - 12]; - acc += bp[17 - 12]; - acc += bp[16 - 12]; - acc -= bp[19 - 12]; - rp[8] = (unsigned int)acc; - acc >>= 32; - - acc += rp[9]; - acc += bp[21 - 12]; - acc += bp[18 - 12]; - acc += bp[17 - 12]; - acc -= bp[20 - 12]; - rp[9] = (unsigned int)acc; - acc >>= 32; - - acc += rp[10]; - acc += bp[22 - 12]; - acc += bp[19 - 12]; - acc += bp[18 - 12]; - acc -= bp[21 - 12]; - rp[10] = (unsigned int)acc; - acc >>= 32; - - acc += rp[11]; - acc += bp[23 - 12]; - acc += bp[20 - 12]; - acc += bp[19 - 12]; - acc -= bp[22 - 12]; - rp[11] = (unsigned int)acc; - - carry = (int)(acc >> 32); - } -#else - { - BN_ULONG t_d[BN_NIST_384_TOP]; - - /* - * S1 - */ - nist_set_256(t_d, buf.bn, 0, 0, 0, 0, 0, 23 - 4, 22 - 4, 21 - 4); - /* left shift */ - { - register BN_ULONG *ap, t, c; - ap = t_d; - c = 0; - for (i = 3; i != 0; --i) { - t = *ap; - *(ap++) = ((t << 1) | c) & BN_MASK2; - c = (t & BN_TBIT) ? 1 : 0; - } - *ap = c; - } - carry = - (int)bn_add_words(r_d + (128 / BN_BITS2), r_d + (128 / BN_BITS2), - t_d, BN_NIST_256_TOP); - /* - * S2 - */ - carry += (int)bn_add_words(r_d, r_d, buf.bn, BN_NIST_384_TOP); - /* - * S3 - */ - nist_set_384(t_d, buf.bn, 20, 19, 18, 17, 16, 15, 14, 13, 12, 23, 22, - 21); - carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP); - /* - * S4 - */ - nist_set_384(t_d, buf.bn, 19, 18, 17, 16, 15, 14, 13, 12, 20, 0, 23, - 0); - carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP); - /* - * S5 - */ - nist_set_384(t_d, buf.bn, 0, 0, 0, 0, 23, 22, 21, 20, 0, 0, 0, 0); - carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP); - /* - * S6 - */ - nist_set_384(t_d, buf.bn, 0, 0, 0, 0, 0, 0, 23, 22, 21, 0, 0, 20); - carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP); - /* - * D1 - */ - nist_set_384(t_d, buf.bn, 22, 21, 20, 19, 18, 17, 16, 15, 14, 13, 12, - 23); - carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP); - /* - * D2 - */ - nist_set_384(t_d, buf.bn, 0, 0, 0, 0, 0, 0, 0, 23, 22, 21, 20, 0); - carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP); - /* - * D3 - */ - nist_set_384(t_d, buf.bn, 0, 0, 0, 0, 0, 0, 0, 23, 23, 0, 0, 0); - carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP); - - } -#endif - /* see BN_nist_mod_224 for explanation */ - u.f = bn_sub_words; - if (carry > 0) - carry = - (int)bn_sub_words(r_d, r_d, _nist_p_384[carry - 1], - BN_NIST_384_TOP); - else if (carry < 0) { - carry = - (int)bn_add_words(r_d, r_d, _nist_p_384[-carry - 1], - BN_NIST_384_TOP); - mask = 0 - (PTR_SIZE_INT) carry; - u.p = ((PTR_SIZE_INT) bn_sub_words & mask) | - ((PTR_SIZE_INT) bn_add_words & ~mask); - } else - carry = 1; - - mask = - 0 - (PTR_SIZE_INT) (*u.f) (c_d, r_d, _nist_p_384[0], BN_NIST_384_TOP); - mask &= 0 - (PTR_SIZE_INT) carry; - res = c_d; - res = (BN_ULONG *)(((PTR_SIZE_INT) res & ~mask) | - ((PTR_SIZE_INT) r_d & mask)); - nist_cp_bn(r_d, res, BN_NIST_384_TOP); - r->top = BN_NIST_384_TOP; - bn_correct_top(r); - - return 1; -} - -#define BN_NIST_521_RSHIFT (521%BN_BITS2) -#define BN_NIST_521_LSHIFT (BN_BITS2-BN_NIST_521_RSHIFT) -#define BN_NIST_521_TOP_MASK ((BN_ULONG)BN_MASK2>>BN_NIST_521_LSHIFT) - -int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, - BN_CTX *ctx) -{ - int top = a->top, i; - BN_ULONG *r_d, *a_d = a->d, t_d[BN_NIST_521_TOP], val, tmp, *res; - PTR_SIZE_INT mask; - static const BIGNUM ossl_bignum_nist_p_521_sqr = { - (BN_ULONG *)_nist_p_521_sqr, - OSSL_NELEM(_nist_p_521_sqr), - OSSL_NELEM(_nist_p_521_sqr), - 0, BN_FLG_STATIC_DATA - }; - - field = &ossl_bignum_nist_p_521; /* just to make sure */ - - if (BN_is_negative(a) || BN_ucmp(a, &ossl_bignum_nist_p_521_sqr) >= 0) - return BN_nnmod(r, a, field, ctx); - - i = BN_ucmp(field, a); - if (i == 0) { - BN_zero(r); - return 1; - } else if (i > 0) - return (r == a) ? 1 : (BN_copy(r, a) != NULL); - - if (r != a) { - if (!bn_wexpand(r, BN_NIST_521_TOP)) - return 0; - r_d = r->d; - nist_cp_bn(r_d, a_d, BN_NIST_521_TOP); - } else - r_d = a_d; - - /* upper 521 bits, copy ... */ - nist_cp_bn_0(t_d, a_d + (BN_NIST_521_TOP - 1), - top - (BN_NIST_521_TOP - 1), BN_NIST_521_TOP); - /* ... and right shift */ - for (val = t_d[0], i = 0; i < BN_NIST_521_TOP - 1; i++) { -#if 0 - /* - * MSC ARM compiler [version 2013, presumably even earlier, - * much earlier] miscompiles this code, but not one in - * #else section. See RT#3541. - */ - tmp = val >> BN_NIST_521_RSHIFT; - val = t_d[i + 1]; - t_d[i] = (tmp | val << BN_NIST_521_LSHIFT) & BN_MASK2; -#else - t_d[i] = (val >> BN_NIST_521_RSHIFT | - (tmp = t_d[i + 1]) << BN_NIST_521_LSHIFT) & BN_MASK2; - val = tmp; -#endif - } - t_d[i] = val >> BN_NIST_521_RSHIFT; - /* lower 521 bits */ - r_d[i] &= BN_NIST_521_TOP_MASK; - - bn_add_words(r_d, r_d, t_d, BN_NIST_521_TOP); - mask = - 0 - (PTR_SIZE_INT) bn_sub_words(t_d, r_d, _nist_p_521, - BN_NIST_521_TOP); - res = t_d; - res = (BN_ULONG *)(((PTR_SIZE_INT) res & ~mask) | - ((PTR_SIZE_INT) r_d & mask)); - nist_cp_bn(r_d, res, BN_NIST_521_TOP); - r->top = BN_NIST_521_TOP; - bn_correct_top(r); - - return 1; -} - -int (*BN_nist_mod_func(const BIGNUM *p)) (BIGNUM *r, const BIGNUM *a, - const BIGNUM *field, BN_CTX *ctx) { - if (BN_ucmp(&ossl_bignum_nist_p_192, p) == 0) - return BN_nist_mod_192; - if (BN_ucmp(&ossl_bignum_nist_p_224, p) == 0) - return BN_nist_mod_224; - if (BN_ucmp(&ossl_bignum_nist_p_256, p) == 0) - return BN_nist_mod_256; - if (BN_ucmp(&ossl_bignum_nist_p_384, p) == 0) - return BN_nist_mod_384; - if (BN_ucmp(&ossl_bignum_nist_p_521, p) == 0) - return BN_nist_mod_521; - return 0; -} diff --git a/crypto/bn/bn_ppc.c b/crypto/bn/bn_ppc.c deleted file mode 100644 index 3ee76ea96574af7cbc3d6d06eccecf449f9d85b0..0000000000000000000000000000000000000000 --- a/crypto/bn/bn_ppc.c +++ /dev/null @@ -1,38 +0,0 @@ -/* - * Copyright 2009-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include "crypto/ppc_arch.h" -#include "bn_local.h" - -int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, - const BN_ULONG *np, const BN_ULONG *n0, int num) -{ - int bn_mul_mont_int(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, - const BN_ULONG *np, const BN_ULONG *n0, int num); - int bn_mul4x_mont_int(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, - const BN_ULONG *np, const BN_ULONG *n0, int num); - - if (num < 4) - return 0; - - if ((num & 3) == 0) - return bn_mul4x_mont_int(rp, ap, bp, np, n0, num); - - /* - * There used to be [optional] call to bn_mul_mont_fpu64 here, - * but above subroutine is faster on contemporary processors. - * Formulation means that there might be old processors where - * FPU code path would be faster, POWER6 perhaps, but there was - * no opportunity to figure it out... - */ - - return bn_mul_mont_int(rp, ap, bp, np, n0, num); -} diff --git a/crypto/bn/bn_prime.c b/crypto/bn/bn_prime.c deleted file mode 100644 index ddd31a025254649db0754d50776142cf7aee3b4a..0000000000000000000000000000000000000000 --- a/crypto/bn/bn_prime.c +++ /dev/null @@ -1,608 +0,0 @@ -/* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include "internal/cryptlib.h" -#include "bn_local.h" - -/* - * The quick sieve algorithm approach to weeding out primes is Philip - * Zimmermann's, as implemented in PGP. I have had a read of his comments - * and implemented my own version. - */ -#include "bn_prime.h" - -static int probable_prime(BIGNUM *rnd, int bits, int safe, prime_t *mods, - BN_CTX *ctx); -static int probable_prime_dh(BIGNUM *rnd, int bits, int safe, prime_t *mods, - const BIGNUM *add, const BIGNUM *rem, - BN_CTX *ctx); -static int bn_is_prime_int(const BIGNUM *w, int checks, BN_CTX *ctx, - int do_trial_division, BN_GENCB *cb); - -#define square(x) ((BN_ULONG)(x) * (BN_ULONG)(x)) - -#if BN_BITS2 == 64 -# define BN_DEF(lo, hi) (BN_ULONG)hi<<32|lo -#else -# define BN_DEF(lo, hi) lo, hi -#endif - -/* - * See SP800 89 5.3.3 (Step f) - * The product of the set of primes ranging from 3 to 751 - * Generated using process in test/bn_internal_test.c test_bn_small_factors(). - * This includes 751 (which is not currently included in SP 800-89). - */ -static const BN_ULONG small_prime_factors[] = { - BN_DEF(0x3ef4e3e1, 0xc4309333), BN_DEF(0xcd2d655f, 0x71161eb6), - BN_DEF(0x0bf94862, 0x95e2238c), BN_DEF(0x24f7912b, 0x3eb233d3), - BN_DEF(0xbf26c483, 0x6b55514b), BN_DEF(0x5a144871, 0x0a84d817), - BN_DEF(0x9b82210a, 0x77d12fee), BN_DEF(0x97f050b3, 0xdb5b93c2), - BN_DEF(0x4d6c026b, 0x4acad6b9), BN_DEF(0x54aec893, 0xeb7751f3), - BN_DEF(0x36bc85c4, 0xdba53368), BN_DEF(0x7f5ec78e, 0xd85a1b28), - BN_DEF(0x6b322244, 0x2eb072d8), BN_DEF(0x5e2b3aea, 0xbba51112), - BN_DEF(0x0e2486bf, 0x36ed1a6c), BN_DEF(0xec0c5727, 0x5f270460), - (BN_ULONG)0x000017b1 -}; - -#define BN_SMALL_PRIME_FACTORS_TOP OSSL_NELEM(small_prime_factors) -static const BIGNUM _bignum_small_prime_factors = { - (BN_ULONG *)small_prime_factors, - BN_SMALL_PRIME_FACTORS_TOP, - BN_SMALL_PRIME_FACTORS_TOP, - 0, - BN_FLG_STATIC_DATA -}; - -const BIGNUM *ossl_bn_get0_small_factors(void) -{ - return &_bignum_small_prime_factors; -} - -/* - * Calculate the number of trial divisions that gives the best speed in - * combination with Miller-Rabin prime test, based on the sized of the prime. - */ -static int calc_trial_divisions(int bits) -{ - if (bits <= 512) - return 64; - else if (bits <= 1024) - return 128; - else if (bits <= 2048) - return 384; - else if (bits <= 4096) - return 1024; - return NUMPRIMES; -} - -/* - * Use a minimum of 64 rounds of Miller-Rabin, which should give a false - * positive rate of 2^-128. If the size of the prime is larger than 2048 - * the user probably wants a higher security level than 128, so switch - * to 128 rounds giving a false positive rate of 2^-256. - * Returns the number of rounds. - */ -static int bn_mr_min_checks(int bits) -{ - if (bits > 2048) - return 128; - return 64; -} - -int BN_GENCB_call(BN_GENCB *cb, int a, int b) -{ - /* No callback means continue */ - if (!cb) - return 1; - switch (cb->ver) { - case 1: - /* Deprecated-style callbacks */ - if (!cb->cb.cb_1) - return 1; - cb->cb.cb_1(a, b, cb->arg); - return 1; - case 2: - /* New-style callbacks */ - return cb->cb.cb_2(a, b, cb); - default: - break; - } - /* Unrecognised callback type */ - return 0; -} - -int BN_generate_prime_ex2(BIGNUM *ret, int bits, int safe, - const BIGNUM *add, const BIGNUM *rem, BN_GENCB *cb, - BN_CTX *ctx) -{ - BIGNUM *t; - int found = 0; - int i, j, c1 = 0; - prime_t *mods = NULL; - int checks = bn_mr_min_checks(bits); - - if (bits < 2) { - /* There are no prime numbers this small. */ - ERR_raise(ERR_LIB_BN, BN_R_BITS_TOO_SMALL); - return 0; - } else if (add == NULL && safe && bits < 6 && bits != 3) { - /* - * The smallest safe prime (7) is three bits. - * But the following two safe primes with less than 6 bits (11, 23) - * are unreachable for BN_rand with BN_RAND_TOP_TWO. - */ - ERR_raise(ERR_LIB_BN, BN_R_BITS_TOO_SMALL); - return 0; - } - - mods = OPENSSL_zalloc(sizeof(*mods) * NUMPRIMES); - if (mods == NULL) { - ERR_raise(ERR_LIB_BN, ERR_R_MALLOC_FAILURE); - return 0; - } - - BN_CTX_start(ctx); - t = BN_CTX_get(ctx); - if (t == NULL) - goto err; - loop: - /* make a random number and set the top and bottom bits */ - if (add == NULL) { - if (!probable_prime(ret, bits, safe, mods, ctx)) - goto err; - } else { - if (!probable_prime_dh(ret, bits, safe, mods, add, rem, ctx)) - goto err; - } - - if (!BN_GENCB_call(cb, 0, c1++)) - /* aborted */ - goto err; - - if (!safe) { - i = bn_is_prime_int(ret, checks, ctx, 0, cb); - if (i == -1) - goto err; - if (i == 0) - goto loop; - } else { - /* - * for "safe prime" generation, check that (p-1)/2 is prime. Since a - * prime is odd, We just need to divide by 2 - */ - if (!BN_rshift1(t, ret)) - goto err; - - for (i = 0; i < checks; i++) { - j = bn_is_prime_int(ret, 1, ctx, 0, cb); - if (j == -1) - goto err; - if (j == 0) - goto loop; - - j = bn_is_prime_int(t, 1, ctx, 0, cb); - if (j == -1) - goto err; - if (j == 0) - goto loop; - - if (!BN_GENCB_call(cb, 2, c1 - 1)) - goto err; - /* We have a safe prime test pass */ - } - } - /* we have a prime :-) */ - found = 1; - err: - OPENSSL_free(mods); - BN_CTX_end(ctx); - bn_check_top(ret); - return found; -} - -#ifndef FIPS_MODULE -int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, - const BIGNUM *add, const BIGNUM *rem, BN_GENCB *cb) -{ - BN_CTX *ctx = BN_CTX_new(); - int retval; - - if (ctx == NULL) - return 0; - - retval = BN_generate_prime_ex2(ret, bits, safe, add, rem, cb, ctx); - - BN_CTX_free(ctx); - return retval; -} -#endif - -#ifndef OPENSSL_NO_DEPRECATED_3_0 -int BN_is_prime_ex(const BIGNUM *a, int checks, BN_CTX *ctx_passed, - BN_GENCB *cb) -{ - return ossl_bn_check_prime(a, checks, ctx_passed, 0, cb); -} - -int BN_is_prime_fasttest_ex(const BIGNUM *w, int checks, BN_CTX *ctx, - int do_trial_division, BN_GENCB *cb) -{ - return ossl_bn_check_prime(w, checks, ctx, do_trial_division, cb); -} -#endif - -/* Wrapper around bn_is_prime_int that sets the minimum number of checks */ -int ossl_bn_check_prime(const BIGNUM *w, int checks, BN_CTX *ctx, - int do_trial_division, BN_GENCB *cb) -{ - int min_checks = bn_mr_min_checks(BN_num_bits(w)); - - if (checks < min_checks) - checks = min_checks; - - return bn_is_prime_int(w, checks, ctx, do_trial_division, cb); -} - -int BN_check_prime(const BIGNUM *p, BN_CTX *ctx, BN_GENCB *cb) -{ - return ossl_bn_check_prime(p, 0, ctx, 1, cb); -} - -/* - * Tests that |w| is probably prime - * See FIPS 186-4 C.3.1 Miller Rabin Probabilistic Primality Test. - * - * Returns 0 when composite, 1 when probable prime, -1 on error. - */ -static int bn_is_prime_int(const BIGNUM *w, int checks, BN_CTX *ctx, - int do_trial_division, BN_GENCB *cb) -{ - int i, status, ret = -1; -#ifndef FIPS_MODULE - BN_CTX *ctxlocal = NULL; -#else - - if (ctx == NULL) - return -1; -#endif - - /* w must be bigger than 1 */ - if (BN_cmp(w, BN_value_one()) <= 0) - return 0; - - /* w must be odd */ - if (BN_is_odd(w)) { - /* Take care of the really small prime 3 */ - if (BN_is_word(w, 3)) - return 1; - } else { - /* 2 is the only even prime */ - return BN_is_word(w, 2); - } - - /* first look for small factors */ - if (do_trial_division) { - int trial_divisions = calc_trial_divisions(BN_num_bits(w)); - - for (i = 1; i < trial_divisions; i++) { - BN_ULONG mod = BN_mod_word(w, primes[i]); - if (mod == (BN_ULONG)-1) - return -1; - if (mod == 0) - return BN_is_word(w, primes[i]); - } - if (!BN_GENCB_call(cb, 1, -1)) - return -1; - } -#ifndef FIPS_MODULE - if (ctx == NULL && (ctxlocal = ctx = BN_CTX_new()) == NULL) - goto err; -#endif - - if (!ossl_bn_miller_rabin_is_prime(w, checks, ctx, cb, 0, &status)) { - ret = -1; - goto err; - } - ret = (status == BN_PRIMETEST_PROBABLY_PRIME); -err: -#ifndef FIPS_MODULE - BN_CTX_free(ctxlocal); -#endif - return ret; -} - -/* - * Refer to FIPS 186-4 C.3.2 Enhanced Miller-Rabin Probabilistic Primality Test. - * OR C.3.1 Miller-Rabin Probabilistic Primality Test (if enhanced is zero). - * The Step numbers listed in the code refer to the enhanced case. - * - * if enhanced is set, then status returns one of the following: - * BN_PRIMETEST_PROBABLY_PRIME - * BN_PRIMETEST_COMPOSITE_WITH_FACTOR - * BN_PRIMETEST_COMPOSITE_NOT_POWER_OF_PRIME - * if enhanced is zero, then status returns either - * BN_PRIMETEST_PROBABLY_PRIME or - * BN_PRIMETEST_COMPOSITE - * - * returns 0 if there was an error, otherwise it returns 1. - */ -int ossl_bn_miller_rabin_is_prime(const BIGNUM *w, int iterations, BN_CTX *ctx, - BN_GENCB *cb, int enhanced, int *status) -{ - int i, j, a, ret = 0; - BIGNUM *g, *w1, *w3, *x, *m, *z, *b; - BN_MONT_CTX *mont = NULL; - - /* w must be odd */ - if (!BN_is_odd(w)) - return 0; - - BN_CTX_start(ctx); - g = BN_CTX_get(ctx); - w1 = BN_CTX_get(ctx); - w3 = BN_CTX_get(ctx); - x = BN_CTX_get(ctx); - m = BN_CTX_get(ctx); - z = BN_CTX_get(ctx); - b = BN_CTX_get(ctx); - - if (!(b != NULL - /* w1 := w - 1 */ - && BN_copy(w1, w) - && BN_sub_word(w1, 1) - /* w3 := w - 3 */ - && BN_copy(w3, w) - && BN_sub_word(w3, 3))) - goto err; - - /* check w is larger than 3, otherwise the random b will be too small */ - if (BN_is_zero(w3) || BN_is_negative(w3)) - goto err; - - /* (Step 1) Calculate largest integer 'a' such that 2^a divides w-1 */ - a = 1; - while (!BN_is_bit_set(w1, a)) - a++; - /* (Step 2) m = (w-1) / 2^a */ - if (!BN_rshift(m, w1, a)) - goto err; - - /* Montgomery setup for computations mod a */ - mont = BN_MONT_CTX_new(); - if (mont == NULL || !BN_MONT_CTX_set(mont, w, ctx)) - goto err; - - if (iterations == 0) - iterations = bn_mr_min_checks(BN_num_bits(w)); - - /* (Step 4) */ - for (i = 0; i < iterations; ++i) { - /* (Step 4.1) obtain a Random string of bits b where 1 < b < w-1 */ - if (!BN_priv_rand_range_ex(b, w3, 0, ctx) - || !BN_add_word(b, 2)) /* 1 < b < w-1 */ - goto err; - - if (enhanced) { - /* (Step 4.3) */ - if (!BN_gcd(g, b, w, ctx)) - goto err; - /* (Step 4.4) */ - if (!BN_is_one(g)) { - *status = BN_PRIMETEST_COMPOSITE_WITH_FACTOR; - ret = 1; - goto err; - } - } - /* (Step 4.5) z = b^m mod w */ - if (!BN_mod_exp_mont(z, b, m, w, ctx, mont)) - goto err; - /* (Step 4.6) if (z = 1 or z = w-1) */ - if (BN_is_one(z) || BN_cmp(z, w1) == 0) - goto outer_loop; - /* (Step 4.7) for j = 1 to a-1 */ - for (j = 1; j < a ; ++j) { - /* (Step 4.7.1 - 4.7.2) x = z. z = x^2 mod w */ - if (!BN_copy(x, z) || !BN_mod_mul(z, x, x, w, ctx)) - goto err; - /* (Step 4.7.3) */ - if (BN_cmp(z, w1) == 0) - goto outer_loop; - /* (Step 4.7.4) */ - if (BN_is_one(z)) - goto composite; - } - /* At this point z = b^((w-1)/2) mod w */ - /* (Steps 4.8 - 4.9) x = z, z = x^2 mod w */ - if (!BN_copy(x, z) || !BN_mod_mul(z, x, x, w, ctx)) - goto err; - /* (Step 4.10) */ - if (BN_is_one(z)) - goto composite; - /* (Step 4.11) x = b^(w-1) mod w */ - if (!BN_copy(x, z)) - goto err; -composite: - if (enhanced) { - /* (Step 4.1.2) g = GCD(x-1, w) */ - if (!BN_sub_word(x, 1) || !BN_gcd(g, x, w, ctx)) - goto err; - /* (Steps 4.1.3 - 4.1.4) */ - if (BN_is_one(g)) - *status = BN_PRIMETEST_COMPOSITE_NOT_POWER_OF_PRIME; - else - *status = BN_PRIMETEST_COMPOSITE_WITH_FACTOR; - } else { - *status = BN_PRIMETEST_COMPOSITE; - } - ret = 1; - goto err; -outer_loop: ; - /* (Step 4.1.5) */ - if (!BN_GENCB_call(cb, 1, i)) - goto err; - } - /* (Step 5) */ - *status = BN_PRIMETEST_PROBABLY_PRIME; - ret = 1; -err: - BN_clear(g); - BN_clear(w1); - BN_clear(w3); - BN_clear(x); - BN_clear(m); - BN_clear(z); - BN_clear(b); - BN_CTX_end(ctx); - BN_MONT_CTX_free(mont); - return ret; -} - -/* - * Generate a random number of |bits| bits that is probably prime by sieving. - * If |safe| != 0, it generates a safe prime. - * |mods| is a preallocated array that gets reused when called again. - * - * The probably prime is saved in |rnd|. - * - * Returns 1 on success and 0 on error. - */ -static int probable_prime(BIGNUM *rnd, int bits, int safe, prime_t *mods, - BN_CTX *ctx) -{ - int i; - BN_ULONG delta; - int trial_divisions = calc_trial_divisions(bits); - BN_ULONG maxdelta = BN_MASK2 - primes[trial_divisions - 1]; - - again: - if (!BN_priv_rand_ex(rnd, bits, BN_RAND_TOP_TWO, BN_RAND_BOTTOM_ODD, 0, - ctx)) - return 0; - if (safe && !BN_set_bit(rnd, 1)) - return 0; - /* we now have a random number 'rnd' to test. */ - for (i = 1; i < trial_divisions; i++) { - BN_ULONG mod = BN_mod_word(rnd, (BN_ULONG)primes[i]); - if (mod == (BN_ULONG)-1) - return 0; - mods[i] = (prime_t) mod; - } - delta = 0; - loop: - for (i = 1; i < trial_divisions; i++) { - /* - * check that rnd is a prime and also that - * gcd(rnd-1,primes) == 1 (except for 2) - * do the second check only if we are interested in safe primes - * in the case that the candidate prime is a single word then - * we check only the primes up to sqrt(rnd) - */ - if (bits <= 31 && delta <= 0x7fffffff - && square(primes[i]) > BN_get_word(rnd) + delta) - break; - if (safe ? (mods[i] + delta) % primes[i] <= 1 - : (mods[i] + delta) % primes[i] == 0) { - delta += safe ? 4 : 2; - if (delta > maxdelta) - goto again; - goto loop; - } - } - if (!BN_add_word(rnd, delta)) - return 0; - if (BN_num_bits(rnd) != bits) - goto again; - bn_check_top(rnd); - return 1; -} - -/* - * Generate a random number |rnd| of |bits| bits that is probably prime - * and satisfies |rnd| % |add| == |rem| by sieving. - * If |safe| != 0, it generates a safe prime. - * |mods| is a preallocated array that gets reused when called again. - * - * Returns 1 on success and 0 on error. - */ -static int probable_prime_dh(BIGNUM *rnd, int bits, int safe, prime_t *mods, - const BIGNUM *add, const BIGNUM *rem, - BN_CTX *ctx) -{ - int i, ret = 0; - BIGNUM *t1; - BN_ULONG delta; - int trial_divisions = calc_trial_divisions(bits); - BN_ULONG maxdelta = BN_MASK2 - primes[trial_divisions - 1]; - - BN_CTX_start(ctx); - if ((t1 = BN_CTX_get(ctx)) == NULL) - goto err; - - if (maxdelta > BN_MASK2 - BN_get_word(add)) - maxdelta = BN_MASK2 - BN_get_word(add); - - again: - if (!BN_rand_ex(rnd, bits, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ODD, 0, ctx)) - goto err; - - /* we need ((rnd-rem) % add) == 0 */ - - if (!BN_mod(t1, rnd, add, ctx)) - goto err; - if (!BN_sub(rnd, rnd, t1)) - goto err; - if (rem == NULL) { - if (!BN_add_word(rnd, safe ? 3u : 1u)) - goto err; - } else { - if (!BN_add(rnd, rnd, rem)) - goto err; - } - - if (BN_num_bits(rnd) < bits - || BN_get_word(rnd) < (safe ? 5u : 3u)) { - if (!BN_add(rnd, rnd, add)) - goto err; - } - - /* we now have a random number 'rnd' to test. */ - for (i = 1; i < trial_divisions; i++) { - BN_ULONG mod = BN_mod_word(rnd, (BN_ULONG)primes[i]); - if (mod == (BN_ULONG)-1) - goto err; - mods[i] = (prime_t) mod; - } - delta = 0; - loop: - for (i = 1; i < trial_divisions; i++) { - /* check that rnd is a prime */ - if (bits <= 31 && delta <= 0x7fffffff - && square(primes[i]) > BN_get_word(rnd) + delta) - break; - /* rnd mod p == 1 implies q = (rnd-1)/2 is divisible by p */ - if (safe ? (mods[i] + delta) % primes[i] <= 1 - : (mods[i] + delta) % primes[i] == 0) { - delta += BN_get_word(add); - if (delta > maxdelta) - goto again; - goto loop; - } - } - if (!BN_add_word(rnd, delta)) - goto err; - ret = 1; - - err: - BN_CTX_end(ctx); - bn_check_top(rnd); - return ret; -} diff --git a/crypto/bn/bn_prime.h b/crypto/bn/bn_prime.h deleted file mode 100644 index 8a859ac02e266b03de98a24695fd762c332d4bcc..0000000000000000000000000000000000000000 --- a/crypto/bn/bn_prime.h +++ /dev/null @@ -1,273 +0,0 @@ -/* - * WARNING: do not edit! - * Generated by crypto/bn/bn_prime.pl - * - * Copyright 1998-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -typedef unsigned short prime_t; -# define NUMPRIMES 2048 - -static const prime_t primes[2048] = { - 2, 3, 5, 7, 11, 13, 17, 19, - 23, 29, 31, 37, 41, 43, 47, 53, - 59, 61, 67, 71, 73, 79, 83, 89, - 97, 101, 103, 107, 109, 113, 127, 131, - 137, 139, 149, 151, 157, 163, 167, 173, - 179, 181, 191, 193, 197, 199, 211, 223, - 227, 229, 233, 239, 241, 251, 257, 263, - 269, 271, 277, 281, 283, 293, 307, 311, - 313, 317, 331, 337, 347, 349, 353, 359, - 367, 373, 379, 383, 389, 397, 401, 409, - 419, 421, 431, 433, 439, 443, 449, 457, - 461, 463, 467, 479, 487, 491, 499, 503, - 509, 521, 523, 541, 547, 557, 563, 569, - 571, 577, 587, 593, 599, 601, 607, 613, - 617, 619, 631, 641, 643, 647, 653, 659, - 661, 673, 677, 683, 691, 701, 709, 719, - 727, 733, 739, 743, 751, 757, 761, 769, - 773, 787, 797, 809, 811, 821, 823, 827, - 829, 839, 853, 857, 859, 863, 877, 881, - 883, 887, 907, 911, 919, 929, 937, 941, - 947, 953, 967, 971, 977, 983, 991, 997, - 1009, 1013, 1019, 1021, 1031, 1033, 1039, 1049, - 1051, 1061, 1063, 1069, 1087, 1091, 1093, 1097, - 1103, 1109, 1117, 1123, 1129, 1151, 1153, 1163, - 1171, 1181, 1187, 1193, 1201, 1213, 1217, 1223, - 1229, 1231, 1237, 1249, 1259, 1277, 1279, 1283, - 1289, 1291, 1297, 1301, 1303, 1307, 1319, 1321, - 1327, 1361, 1367, 1373, 1381, 1399, 1409, 1423, - 1427, 1429, 1433, 1439, 1447, 1451, 1453, 1459, - 1471, 1481, 1483, 1487, 1489, 1493, 1499, 1511, - 1523, 1531, 1543, 1549, 1553, 1559, 1567, 1571, - 1579, 1583, 1597, 1601, 1607, 1609, 1613, 1619, - 1621, 1627, 1637, 1657, 1663, 1667, 1669, 1693, - 1697, 1699, 1709, 1721, 1723, 1733, 1741, 1747, - 1753, 1759, 1777, 1783, 1787, 1789, 1801, 1811, - 1823, 1831, 1847, 1861, 1867, 1871, 1873, 1877, - 1879, 1889, 1901, 1907, 1913, 1931, 1933, 1949, - 1951, 1973, 1979, 1987, 1993, 1997, 1999, 2003, - 2011, 2017, 2027, 2029, 2039, 2053, 2063, 2069, - 2081, 2083, 2087, 2089, 2099, 2111, 2113, 2129, - 2131, 2137, 2141, 2143, 2153, 2161, 2179, 2203, - 2207, 2213, 2221, 2237, 2239, 2243, 2251, 2267, - 2269, 2273, 2281, 2287, 2293, 2297, 2309, 2311, - 2333, 2339, 2341, 2347, 2351, 2357, 2371, 2377, - 2381, 2383, 2389, 2393, 2399, 2411, 2417, 2423, - 2437, 2441, 2447, 2459, 2467, 2473, 2477, 2503, - 2521, 2531, 2539, 2543, 2549, 2551, 2557, 2579, - 2591, 2593, 2609, 2617, 2621, 2633, 2647, 2657, - 2659, 2663, 2671, 2677, 2683, 2687, 2689, 2693, - 2699, 2707, 2711, 2713, 2719, 2729, 2731, 2741, - 2749, 2753, 2767, 2777, 2789, 2791, 2797, 2801, - 2803, 2819, 2833, 2837, 2843, 2851, 2857, 2861, - 2879, 2887, 2897, 2903, 2909, 2917, 2927, 2939, - 2953, 2957, 2963, 2969, 2971, 2999, 3001, 3011, - 3019, 3023, 3037, 3041, 3049, 3061, 3067, 3079, - 3083, 3089, 3109, 3119, 3121, 3137, 3163, 3167, - 3169, 3181, 3187, 3191, 3203, 3209, 3217, 3221, - 3229, 3251, 3253, 3257, 3259, 3271, 3299, 3301, - 3307, 3313, 3319, 3323, 3329, 3331, 3343, 3347, - 3359, 3361, 3371, 3373, 3389, 3391, 3407, 3413, - 3433, 3449, 3457, 3461, 3463, 3467, 3469, 3491, - 3499, 3511, 3517, 3527, 3529, 3533, 3539, 3541, - 3547, 3557, 3559, 3571, 3581, 3583, 3593, 3607, - 3613, 3617, 3623, 3631, 3637, 3643, 3659, 3671, - 3673, 3677, 3691, 3697, 3701, 3709, 3719, 3727, - 3733, 3739, 3761, 3767, 3769, 3779, 3793, 3797, - 3803, 3821, 3823, 3833, 3847, 3851, 3853, 3863, - 3877, 3881, 3889, 3907, 3911, 3917, 3919, 3923, - 3929, 3931, 3943, 3947, 3967, 3989, 4001, 4003, - 4007, 4013, 4019, 4021, 4027, 4049, 4051, 4057, - 4073, 4079, 4091, 4093, 4099, 4111, 4127, 4129, - 4133, 4139, 4153, 4157, 4159, 4177, 4201, 4211, - 4217, 4219, 4229, 4231, 4241, 4243, 4253, 4259, - 4261, 4271, 4273, 4283, 4289, 4297, 4327, 4337, - 4339, 4349, 4357, 4363, 4373, 4391, 4397, 4409, - 4421, 4423, 4441, 4447, 4451, 4457, 4463, 4481, - 4483, 4493, 4507, 4513, 4517, 4519, 4523, 4547, - 4549, 4561, 4567, 4583, 4591, 4597, 4603, 4621, - 4637, 4639, 4643, 4649, 4651, 4657, 4663, 4673, - 4679, 4691, 4703, 4721, 4723, 4729, 4733, 4751, - 4759, 4783, 4787, 4789, 4793, 4799, 4801, 4813, - 4817, 4831, 4861, 4871, 4877, 4889, 4903, 4909, - 4919, 4931, 4933, 4937, 4943, 4951, 4957, 4967, - 4969, 4973, 4987, 4993, 4999, 5003, 5009, 5011, - 5021, 5023, 5039, 5051, 5059, 5077, 5081, 5087, - 5099, 5101, 5107, 5113, 5119, 5147, 5153, 5167, - 5171, 5179, 5189, 5197, 5209, 5227, 5231, 5233, - 5237, 5261, 5273, 5279, 5281, 5297, 5303, 5309, - 5323, 5333, 5347, 5351, 5381, 5387, 5393, 5399, - 5407, 5413, 5417, 5419, 5431, 5437, 5441, 5443, - 5449, 5471, 5477, 5479, 5483, 5501, 5503, 5507, - 5519, 5521, 5527, 5531, 5557, 5563, 5569, 5573, - 5581, 5591, 5623, 5639, 5641, 5647, 5651, 5653, - 5657, 5659, 5669, 5683, 5689, 5693, 5701, 5711, - 5717, 5737, 5741, 5743, 5749, 5779, 5783, 5791, - 5801, 5807, 5813, 5821, 5827, 5839, 5843, 5849, - 5851, 5857, 5861, 5867, 5869, 5879, 5881, 5897, - 5903, 5923, 5927, 5939, 5953, 5981, 5987, 6007, - 6011, 6029, 6037, 6043, 6047, 6053, 6067, 6073, - 6079, 6089, 6091, 6101, 6113, 6121, 6131, 6133, - 6143, 6151, 6163, 6173, 6197, 6199, 6203, 6211, - 6217, 6221, 6229, 6247, 6257, 6263, 6269, 6271, - 6277, 6287, 6299, 6301, 6311, 6317, 6323, 6329, - 6337, 6343, 6353, 6359, 6361, 6367, 6373, 6379, - 6389, 6397, 6421, 6427, 6449, 6451, 6469, 6473, - 6481, 6491, 6521, 6529, 6547, 6551, 6553, 6563, - 6569, 6571, 6577, 6581, 6599, 6607, 6619, 6637, - 6653, 6659, 6661, 6673, 6679, 6689, 6691, 6701, - 6703, 6709, 6719, 6733, 6737, 6761, 6763, 6779, - 6781, 6791, 6793, 6803, 6823, 6827, 6829, 6833, - 6841, 6857, 6863, 6869, 6871, 6883, 6899, 6907, - 6911, 6917, 6947, 6949, 6959, 6961, 6967, 6971, - 6977, 6983, 6991, 6997, 7001, 7013, 7019, 7027, - 7039, 7043, 7057, 7069, 7079, 7103, 7109, 7121, - 7127, 7129, 7151, 7159, 7177, 7187, 7193, 7207, - 7211, 7213, 7219, 7229, 7237, 7243, 7247, 7253, - 7283, 7297, 7307, 7309, 7321, 7331, 7333, 7349, - 7351, 7369, 7393, 7411, 7417, 7433, 7451, 7457, - 7459, 7477, 7481, 7487, 7489, 7499, 7507, 7517, - 7523, 7529, 7537, 7541, 7547, 7549, 7559, 7561, - 7573, 7577, 7583, 7589, 7591, 7603, 7607, 7621, - 7639, 7643, 7649, 7669, 7673, 7681, 7687, 7691, - 7699, 7703, 7717, 7723, 7727, 7741, 7753, 7757, - 7759, 7789, 7793, 7817, 7823, 7829, 7841, 7853, - 7867, 7873, 7877, 7879, 7883, 7901, 7907, 7919, - 7927, 7933, 7937, 7949, 7951, 7963, 7993, 8009, - 8011, 8017, 8039, 8053, 8059, 8069, 8081, 8087, - 8089, 8093, 8101, 8111, 8117, 8123, 8147, 8161, - 8167, 8171, 8179, 8191, 8209, 8219, 8221, 8231, - 8233, 8237, 8243, 8263, 8269, 8273, 8287, 8291, - 8293, 8297, 8311, 8317, 8329, 8353, 8363, 8369, - 8377, 8387, 8389, 8419, 8423, 8429, 8431, 8443, - 8447, 8461, 8467, 8501, 8513, 8521, 8527, 8537, - 8539, 8543, 8563, 8573, 8581, 8597, 8599, 8609, - 8623, 8627, 8629, 8641, 8647, 8663, 8669, 8677, - 8681, 8689, 8693, 8699, 8707, 8713, 8719, 8731, - 8737, 8741, 8747, 8753, 8761, 8779, 8783, 8803, - 8807, 8819, 8821, 8831, 8837, 8839, 8849, 8861, - 8863, 8867, 8887, 8893, 8923, 8929, 8933, 8941, - 8951, 8963, 8969, 8971, 8999, 9001, 9007, 9011, - 9013, 9029, 9041, 9043, 9049, 9059, 9067, 9091, - 9103, 9109, 9127, 9133, 9137, 9151, 9157, 9161, - 9173, 9181, 9187, 9199, 9203, 9209, 9221, 9227, - 9239, 9241, 9257, 9277, 9281, 9283, 9293, 9311, - 9319, 9323, 9337, 9341, 9343, 9349, 9371, 9377, - 9391, 9397, 9403, 9413, 9419, 9421, 9431, 9433, - 9437, 9439, 9461, 9463, 9467, 9473, 9479, 9491, - 9497, 9511, 9521, 9533, 9539, 9547, 9551, 9587, - 9601, 9613, 9619, 9623, 9629, 9631, 9643, 9649, - 9661, 9677, 9679, 9689, 9697, 9719, 9721, 9733, - 9739, 9743, 9749, 9767, 9769, 9781, 9787, 9791, - 9803, 9811, 9817, 9829, 9833, 9839, 9851, 9857, - 9859, 9871, 9883, 9887, 9901, 9907, 9923, 9929, - 9931, 9941, 9949, 9967, 9973, 10007, 10009, 10037, - 10039, 10061, 10067, 10069, 10079, 10091, 10093, 10099, - 10103, 10111, 10133, 10139, 10141, 10151, 10159, 10163, - 10169, 10177, 10181, 10193, 10211, 10223, 10243, 10247, - 10253, 10259, 10267, 10271, 10273, 10289, 10301, 10303, - 10313, 10321, 10331, 10333, 10337, 10343, 10357, 10369, - 10391, 10399, 10427, 10429, 10433, 10453, 10457, 10459, - 10463, 10477, 10487, 10499, 10501, 10513, 10529, 10531, - 10559, 10567, 10589, 10597, 10601, 10607, 10613, 10627, - 10631, 10639, 10651, 10657, 10663, 10667, 10687, 10691, - 10709, 10711, 10723, 10729, 10733, 10739, 10753, 10771, - 10781, 10789, 10799, 10831, 10837, 10847, 10853, 10859, - 10861, 10867, 10883, 10889, 10891, 10903, 10909, 10937, - 10939, 10949, 10957, 10973, 10979, 10987, 10993, 11003, - 11027, 11047, 11057, 11059, 11069, 11071, 11083, 11087, - 11093, 11113, 11117, 11119, 11131, 11149, 11159, 11161, - 11171, 11173, 11177, 11197, 11213, 11239, 11243, 11251, - 11257, 11261, 11273, 11279, 11287, 11299, 11311, 11317, - 11321, 11329, 11351, 11353, 11369, 11383, 11393, 11399, - 11411, 11423, 11437, 11443, 11447, 11467, 11471, 11483, - 11489, 11491, 11497, 11503, 11519, 11527, 11549, 11551, - 11579, 11587, 11593, 11597, 11617, 11621, 11633, 11657, - 11677, 11681, 11689, 11699, 11701, 11717, 11719, 11731, - 11743, 11777, 11779, 11783, 11789, 11801, 11807, 11813, - 11821, 11827, 11831, 11833, 11839, 11863, 11867, 11887, - 11897, 11903, 11909, 11923, 11927, 11933, 11939, 11941, - 11953, 11959, 11969, 11971, 11981, 11987, 12007, 12011, - 12037, 12041, 12043, 12049, 12071, 12073, 12097, 12101, - 12107, 12109, 12113, 12119, 12143, 12149, 12157, 12161, - 12163, 12197, 12203, 12211, 12227, 12239, 12241, 12251, - 12253, 12263, 12269, 12277, 12281, 12289, 12301, 12323, - 12329, 12343, 12347, 12373, 12377, 12379, 12391, 12401, - 12409, 12413, 12421, 12433, 12437, 12451, 12457, 12473, - 12479, 12487, 12491, 12497, 12503, 12511, 12517, 12527, - 12539, 12541, 12547, 12553, 12569, 12577, 12583, 12589, - 12601, 12611, 12613, 12619, 12637, 12641, 12647, 12653, - 12659, 12671, 12689, 12697, 12703, 12713, 12721, 12739, - 12743, 12757, 12763, 12781, 12791, 12799, 12809, 12821, - 12823, 12829, 12841, 12853, 12889, 12893, 12899, 12907, - 12911, 12917, 12919, 12923, 12941, 12953, 12959, 12967, - 12973, 12979, 12983, 13001, 13003, 13007, 13009, 13033, - 13037, 13043, 13049, 13063, 13093, 13099, 13103, 13109, - 13121, 13127, 13147, 13151, 13159, 13163, 13171, 13177, - 13183, 13187, 13217, 13219, 13229, 13241, 13249, 13259, - 13267, 13291, 13297, 13309, 13313, 13327, 13331, 13337, - 13339, 13367, 13381, 13397, 13399, 13411, 13417, 13421, - 13441, 13451, 13457, 13463, 13469, 13477, 13487, 13499, - 13513, 13523, 13537, 13553, 13567, 13577, 13591, 13597, - 13613, 13619, 13627, 13633, 13649, 13669, 13679, 13681, - 13687, 13691, 13693, 13697, 13709, 13711, 13721, 13723, - 13729, 13751, 13757, 13759, 13763, 13781, 13789, 13799, - 13807, 13829, 13831, 13841, 13859, 13873, 13877, 13879, - 13883, 13901, 13903, 13907, 13913, 13921, 13931, 13933, - 13963, 13967, 13997, 13999, 14009, 14011, 14029, 14033, - 14051, 14057, 14071, 14081, 14083, 14087, 14107, 14143, - 14149, 14153, 14159, 14173, 14177, 14197, 14207, 14221, - 14243, 14249, 14251, 14281, 14293, 14303, 14321, 14323, - 14327, 14341, 14347, 14369, 14387, 14389, 14401, 14407, - 14411, 14419, 14423, 14431, 14437, 14447, 14449, 14461, - 14479, 14489, 14503, 14519, 14533, 14537, 14543, 14549, - 14551, 14557, 14561, 14563, 14591, 14593, 14621, 14627, - 14629, 14633, 14639, 14653, 14657, 14669, 14683, 14699, - 14713, 14717, 14723, 14731, 14737, 14741, 14747, 14753, - 14759, 14767, 14771, 14779, 14783, 14797, 14813, 14821, - 14827, 14831, 14843, 14851, 14867, 14869, 14879, 14887, - 14891, 14897, 14923, 14929, 14939, 14947, 14951, 14957, - 14969, 14983, 15013, 15017, 15031, 15053, 15061, 15073, - 15077, 15083, 15091, 15101, 15107, 15121, 15131, 15137, - 15139, 15149, 15161, 15173, 15187, 15193, 15199, 15217, - 15227, 15233, 15241, 15259, 15263, 15269, 15271, 15277, - 15287, 15289, 15299, 15307, 15313, 15319, 15329, 15331, - 15349, 15359, 15361, 15373, 15377, 15383, 15391, 15401, - 15413, 15427, 15439, 15443, 15451, 15461, 15467, 15473, - 15493, 15497, 15511, 15527, 15541, 15551, 15559, 15569, - 15581, 15583, 15601, 15607, 15619, 15629, 15641, 15643, - 15647, 15649, 15661, 15667, 15671, 15679, 15683, 15727, - 15731, 15733, 15737, 15739, 15749, 15761, 15767, 15773, - 15787, 15791, 15797, 15803, 15809, 15817, 15823, 15859, - 15877, 15881, 15887, 15889, 15901, 15907, 15913, 15919, - 15923, 15937, 15959, 15971, 15973, 15991, 16001, 16007, - 16033, 16057, 16061, 16063, 16067, 16069, 16073, 16087, - 16091, 16097, 16103, 16111, 16127, 16139, 16141, 16183, - 16187, 16189, 16193, 16217, 16223, 16229, 16231, 16249, - 16253, 16267, 16273, 16301, 16319, 16333, 16339, 16349, - 16361, 16363, 16369, 16381, 16411, 16417, 16421, 16427, - 16433, 16447, 16451, 16453, 16477, 16481, 16487, 16493, - 16519, 16529, 16547, 16553, 16561, 16567, 16573, 16603, - 16607, 16619, 16631, 16633, 16649, 16651, 16657, 16661, - 16673, 16691, 16693, 16699, 16703, 16729, 16741, 16747, - 16759, 16763, 16787, 16811, 16823, 16829, 16831, 16843, - 16871, 16879, 16883, 16889, 16901, 16903, 16921, 16927, - 16931, 16937, 16943, 16963, 16979, 16981, 16987, 16993, - 17011, 17021, 17027, 17029, 17033, 17041, 17047, 17053, - 17077, 17093, 17099, 17107, 17117, 17123, 17137, 17159, - 17167, 17183, 17189, 17191, 17203, 17207, 17209, 17231, - 17239, 17257, 17291, 17293, 17299, 17317, 17321, 17327, - 17333, 17341, 17351, 17359, 17377, 17383, 17387, 17389, - 17393, 17401, 17417, 17419, 17431, 17443, 17449, 17467, - 17471, 17477, 17483, 17489, 17491, 17497, 17509, 17519, - 17539, 17551, 17569, 17573, 17579, 17581, 17597, 17599, - 17609, 17623, 17627, 17657, 17659, 17669, 17681, 17683, - 17707, 17713, 17729, 17737, 17747, 17749, 17761, 17783, - 17789, 17791, 17807, 17827, 17837, 17839, 17851, 17863, -}; diff --git a/crypto/bn/bn_prime.pl b/crypto/bn/bn_prime.pl deleted file mode 100644 index a7a764627b94f69f3d3578657628a25579334873..0000000000000000000000000000000000000000 --- a/crypto/bn/bn_prime.pl +++ /dev/null @@ -1,52 +0,0 @@ -#! /usr/bin/env perl -# Copyright 1998-2021 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html -use FindBin; -use lib "$FindBin::Bin/../../util/perl"; -use OpenSSL::copyright; - -# The year the output file is generated. -my $YEAR = OpenSSL::copyright::year_of($0); - -print <<"EOF"; -/* - * WARNING: do not edit! - * Generated by crypto/bn/bn_prime.pl - * - * Copyright 1998-$YEAR The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -EOF - - -my $num = shift || 2048; -my @primes = ( 2 ); -my $p = 1; -loop: while ($#primes < $num-1) { - $p += 2; - my $s = int(sqrt($p)); - - for (my $i = 0; defined($primes[$i]) && $primes[$i] <= $s; $i++) { - next loop if ($p % $primes[$i]) == 0; - } - push(@primes, $p); -} - -print "typedef unsigned short prime_t;\n"; -printf "# define NUMPRIMES %d\n\n", $num; - -printf "static const prime_t primes[%d] = {", $num; -for (my $i = 0; $i <= $#primes; $i++) { - printf "\n " if ($i % 8) == 0; - printf " %5d,", $primes[$i]; -} -print "\n};\n"; diff --git a/crypto/bn/bn_print.c b/crypto/bn/bn_print.c deleted file mode 100644 index ccc954c5b1c08cde0566e51379b63de8e0eed15f..0000000000000000000000000000000000000000 --- a/crypto/bn/bn_print.c +++ /dev/null @@ -1,72 +0,0 @@ -/* - * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include "bn_local.h" - -static const char Hex[] = "0123456789ABCDEF"; - -#ifndef OPENSSL_NO_STDIO -int BN_print_fp(FILE *fp, const BIGNUM *a) -{ - BIO *b; - int ret; - - if ((b = BIO_new(BIO_s_file())) == NULL) - return 0; - BIO_set_fp(b, fp, BIO_NOCLOSE); - ret = BN_print(b, a); - BIO_free(b); - return ret; -} -#endif - -int BN_print(BIO *bp, const BIGNUM *a) -{ - int i, j, v, z = 0; - int ret = 0; - - if ((a->neg) && BIO_write(bp, "-", 1) != 1) - goto end; - if (BN_is_zero(a) && BIO_write(bp, "0", 1) != 1) - goto end; - for (i = a->top - 1; i >= 0; i--) { - for (j = BN_BITS2 - 4; j >= 0; j -= 4) { - /* strip leading zeros */ - v = (int)((a->d[i] >> j) & 0x0f); - if (z || v != 0) { - if (BIO_write(bp, &Hex[v], 1) != 1) - goto end; - z = 1; - } - } - } - ret = 1; - end: - return ret; -} - -char *BN_options(void) -{ - static int init = 0; - static char data[16]; - - if (!init) { - init++; -#ifdef BN_LLONG - BIO_snprintf(data, sizeof(data), "bn(%zu,%zu)", - sizeof(BN_ULLONG) * 8, sizeof(BN_ULONG) * 8); -#else - BIO_snprintf(data, sizeof(data), "bn(%zu,%zu)", - sizeof(BN_ULONG) * 8, sizeof(BN_ULONG) * 8); -#endif - } - return data; -} diff --git a/crypto/bn/bn_rand.c b/crypto/bn/bn_rand.c deleted file mode 100644 index 05d4c6ecd7b3bb64cd8fa128b5cf4ac86b89c0f7..0000000000000000000000000000000000000000 --- a/crypto/bn/bn_rand.c +++ /dev/null @@ -1,326 +0,0 @@ -/* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include "internal/cryptlib.h" -#include "crypto/rand.h" -#include "bn_local.h" -#include -#include -#include - -typedef enum bnrand_flag_e { - NORMAL, TESTING, PRIVATE -} BNRAND_FLAG; - -static int bnrand(BNRAND_FLAG flag, BIGNUM *rnd, int bits, int top, int bottom, - unsigned int strength, BN_CTX *ctx) -{ - unsigned char *buf = NULL; - int b, ret = 0, bit, bytes, mask; - OSSL_LIB_CTX *libctx = ossl_bn_get_libctx(ctx); - - if (bits == 0) { - if (top != BN_RAND_TOP_ANY || bottom != BN_RAND_BOTTOM_ANY) - goto toosmall; - BN_zero(rnd); - return 1; - } - if (bits < 0 || (bits == 1 && top > 0)) - goto toosmall; - - bytes = (bits + 7) / 8; - bit = (bits - 1) % 8; - mask = 0xff << (bit + 1); - - buf = OPENSSL_malloc(bytes); - if (buf == NULL) { - ERR_raise(ERR_LIB_BN, ERR_R_MALLOC_FAILURE); - goto err; - } - - /* make a random number and set the top and bottom bits */ - b = flag == NORMAL ? RAND_bytes_ex(libctx, buf, bytes, strength) - : RAND_priv_bytes_ex(libctx, buf, bytes, strength); - if (b <= 0) - goto err; - - if (flag == TESTING) { - /* - * generate patterns that are more likely to trigger BN library bugs - */ - int i; - unsigned char c; - - for (i = 0; i < bytes; i++) { - if (RAND_bytes_ex(libctx, &c, 1, strength) <= 0) - goto err; - if (c >= 128 && i > 0) - buf[i] = buf[i - 1]; - else if (c < 42) - buf[i] = 0; - else if (c < 84) - buf[i] = 255; - } - } - - if (top >= 0) { - if (top) { - if (bit == 0) { - buf[0] = 1; - buf[1] |= 0x80; - } else { - buf[0] |= (3 << (bit - 1)); - } - } else { - buf[0] |= (1 << bit); - } - } - buf[0] &= ~mask; - if (bottom) /* set bottom bit if requested */ - buf[bytes - 1] |= 1; - if (!BN_bin2bn(buf, bytes, rnd)) - goto err; - ret = 1; - err: - OPENSSL_clear_free(buf, bytes); - bn_check_top(rnd); - return ret; - -toosmall: - ERR_raise(ERR_LIB_BN, BN_R_BITS_TOO_SMALL); - return 0; -} - -int BN_rand_ex(BIGNUM *rnd, int bits, int top, int bottom, - unsigned int strength, BN_CTX *ctx) -{ - return bnrand(NORMAL, rnd, bits, top, bottom, strength, ctx); -} -#ifndef FIPS_MODULE -int BN_rand(BIGNUM *rnd, int bits, int top, int bottom) -{ - return bnrand(NORMAL, rnd, bits, top, bottom, 0, NULL); -} - -int BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom) -{ - return bnrand(TESTING, rnd, bits, top, bottom, 0, NULL); -} -#endif - -int BN_priv_rand_ex(BIGNUM *rnd, int bits, int top, int bottom, - unsigned int strength, BN_CTX *ctx) -{ - return bnrand(PRIVATE, rnd, bits, top, bottom, strength, ctx); -} - -#ifndef FIPS_MODULE -int BN_priv_rand(BIGNUM *rnd, int bits, int top, int bottom) -{ - return bnrand(PRIVATE, rnd, bits, top, bottom, 0, NULL); -} -#endif - -/* random number r: 0 <= r < range */ -static int bnrand_range(BNRAND_FLAG flag, BIGNUM *r, const BIGNUM *range, - unsigned int strength, BN_CTX *ctx) -{ - int n; - int count = 100; - - if (r == NULL) { - ERR_raise(ERR_LIB_BN, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - - if (range->neg || BN_is_zero(range)) { - ERR_raise(ERR_LIB_BN, BN_R_INVALID_RANGE); - return 0; - } - - n = BN_num_bits(range); /* n > 0 */ - - /* BN_is_bit_set(range, n - 1) always holds */ - - if (n == 1) - BN_zero(r); - else if (!BN_is_bit_set(range, n - 2) && !BN_is_bit_set(range, n - 3)) { - /* - * range = 100..._2, so 3*range (= 11..._2) is exactly one bit longer - * than range - */ - do { - if (!bnrand(flag, r, n + 1, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY, - strength, ctx)) - return 0; - - /* - * If r < 3*range, use r := r MOD range (which is either r, r - - * range, or r - 2*range). Otherwise, iterate once more. Since - * 3*range = 11..._2, each iteration succeeds with probability >= - * .75. - */ - if (BN_cmp(r, range) >= 0) { - if (!BN_sub(r, r, range)) - return 0; - if (BN_cmp(r, range) >= 0) - if (!BN_sub(r, r, range)) - return 0; - } - - if (!--count) { - ERR_raise(ERR_LIB_BN, BN_R_TOO_MANY_ITERATIONS); - return 0; - } - - } - while (BN_cmp(r, range) >= 0); - } else { - do { - /* range = 11..._2 or range = 101..._2 */ - if (!bnrand(flag, r, n, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY, 0, - ctx)) - return 0; - - if (!--count) { - ERR_raise(ERR_LIB_BN, BN_R_TOO_MANY_ITERATIONS); - return 0; - } - } - while (BN_cmp(r, range) >= 0); - } - - bn_check_top(r); - return 1; -} - -int BN_rand_range_ex(BIGNUM *r, const BIGNUM *range, unsigned int strength, - BN_CTX *ctx) -{ - return bnrand_range(NORMAL, r, range, strength, ctx); -} - -#ifndef FIPS_MODULE -int BN_rand_range(BIGNUM *r, const BIGNUM *range) -{ - return bnrand_range(NORMAL, r, range, 0, NULL); -} -#endif - -int BN_priv_rand_range_ex(BIGNUM *r, const BIGNUM *range, unsigned int strength, - BN_CTX *ctx) -{ - return bnrand_range(PRIVATE, r, range, strength, ctx); -} - -#ifndef FIPS_MODULE -int BN_priv_rand_range(BIGNUM *r, const BIGNUM *range) -{ - return bnrand_range(PRIVATE, r, range, 0, NULL); -} - -# ifndef OPENSSL_NO_DEPRECATED_3_0 -int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom) -{ - return BN_rand(rnd, bits, top, bottom); -} - -int BN_pseudo_rand_range(BIGNUM *r, const BIGNUM *range) -{ - return BN_rand_range(r, range); -} -# endif -#endif - -/* - * BN_generate_dsa_nonce generates a random number 0 <= out < range. Unlike - * BN_rand_range, it also includes the contents of |priv| and |message| in - * the generation so that an RNG failure isn't fatal as long as |priv| - * remains secret. This is intended for use in DSA and ECDSA where an RNG - * weakness leads directly to private key exposure unless this function is - * used. - */ -int BN_generate_dsa_nonce(BIGNUM *out, const BIGNUM *range, - const BIGNUM *priv, const unsigned char *message, - size_t message_len, BN_CTX *ctx) -{ - EVP_MD_CTX *mdctx = EVP_MD_CTX_new(); - /* - * We use 512 bits of random data per iteration to ensure that we have at - * least |range| bits of randomness. - */ - unsigned char random_bytes[64]; - unsigned char digest[SHA512_DIGEST_LENGTH]; - unsigned done, todo; - /* We generate |range|+8 bytes of random output. */ - const unsigned num_k_bytes = BN_num_bytes(range) + 8; - unsigned char private_bytes[96]; - unsigned char *k_bytes = NULL; - int ret = 0; - EVP_MD *md = NULL; - OSSL_LIB_CTX *libctx = ossl_bn_get_libctx(ctx); - - if (mdctx == NULL) - goto err; - - k_bytes = OPENSSL_malloc(num_k_bytes); - if (k_bytes == NULL) - goto err; - - /* We copy |priv| into a local buffer to avoid exposing its length. */ - if (BN_bn2binpad(priv, private_bytes, sizeof(private_bytes)) < 0) { - /* - * No reasonable DSA or ECDSA key should have a private key this - * large and we don't handle this case in order to avoid leaking the - * length of the private key. - */ - ERR_raise(ERR_LIB_BN, BN_R_PRIVATE_KEY_TOO_LARGE); - goto err; - } - - md = EVP_MD_fetch(libctx, "SHA512", NULL); - if (md == NULL) { - ERR_raise(ERR_LIB_BN, BN_R_NO_SUITABLE_DIGEST); - goto err; - } - for (done = 0; done < num_k_bytes;) { - if (RAND_priv_bytes_ex(libctx, random_bytes, sizeof(random_bytes), 0) <= 0) - goto err; - - if (!EVP_DigestInit_ex(mdctx, md, NULL) - || !EVP_DigestUpdate(mdctx, &done, sizeof(done)) - || !EVP_DigestUpdate(mdctx, private_bytes, - sizeof(private_bytes)) - || !EVP_DigestUpdate(mdctx, message, message_len) - || !EVP_DigestUpdate(mdctx, random_bytes, sizeof(random_bytes)) - || !EVP_DigestFinal_ex(mdctx, digest, NULL)) - goto err; - - todo = num_k_bytes - done; - if (todo > SHA512_DIGEST_LENGTH) - todo = SHA512_DIGEST_LENGTH; - memcpy(k_bytes + done, digest, todo); - done += todo; - } - - if (!BN_bin2bn(k_bytes, num_k_bytes, out)) - goto err; - if (BN_mod(out, out, range, ctx) != 1) - goto err; - ret = 1; - - err: - EVP_MD_CTX_free(mdctx); - EVP_MD_free(md); - OPENSSL_free(k_bytes); - OPENSSL_cleanse(private_bytes, sizeof(private_bytes)); - return ret; -} diff --git a/crypto/bn/bn_recp.c b/crypto/bn/bn_recp.c deleted file mode 100644 index 96a6b19ab0da2acaeae8dba14a706e562c12e527..0000000000000000000000000000000000000000 --- a/crypto/bn/bn_recp.c +++ /dev/null @@ -1,194 +0,0 @@ -/* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include "internal/cryptlib.h" -#include "bn_local.h" - -void BN_RECP_CTX_init(BN_RECP_CTX *recp) -{ - memset(recp, 0, sizeof(*recp)); - bn_init(&(recp->N)); - bn_init(&(recp->Nr)); -} - -BN_RECP_CTX *BN_RECP_CTX_new(void) -{ - BN_RECP_CTX *ret; - - if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL) { - ERR_raise(ERR_LIB_BN, ERR_R_MALLOC_FAILURE); - return NULL; - } - - bn_init(&(ret->N)); - bn_init(&(ret->Nr)); - ret->flags = BN_FLG_MALLOCED; - return ret; -} - -void BN_RECP_CTX_free(BN_RECP_CTX *recp) -{ - if (recp == NULL) - return; - BN_free(&recp->N); - BN_free(&recp->Nr); - if (recp->flags & BN_FLG_MALLOCED) - OPENSSL_free(recp); -} - -int BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *d, BN_CTX *ctx) -{ - if (!BN_copy(&(recp->N), d)) - return 0; - BN_zero(&(recp->Nr)); - recp->num_bits = BN_num_bits(d); - recp->shift = 0; - return 1; -} - -int BN_mod_mul_reciprocal(BIGNUM *r, const BIGNUM *x, const BIGNUM *y, - BN_RECP_CTX *recp, BN_CTX *ctx) -{ - int ret = 0; - BIGNUM *a; - const BIGNUM *ca; - - BN_CTX_start(ctx); - if ((a = BN_CTX_get(ctx)) == NULL) - goto err; - if (y != NULL) { - if (x == y) { - if (!BN_sqr(a, x, ctx)) - goto err; - } else { - if (!BN_mul(a, x, y, ctx)) - goto err; - } - ca = a; - } else - ca = x; /* Just do the mod */ - - ret = BN_div_recp(NULL, r, ca, recp, ctx); - err: - BN_CTX_end(ctx); - bn_check_top(r); - return ret; -} - -int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, - BN_RECP_CTX *recp, BN_CTX *ctx) -{ - int i, j, ret = 0; - BIGNUM *a, *b, *d, *r; - - BN_CTX_start(ctx); - d = (dv != NULL) ? dv : BN_CTX_get(ctx); - r = (rem != NULL) ? rem : BN_CTX_get(ctx); - a = BN_CTX_get(ctx); - b = BN_CTX_get(ctx); - if (b == NULL) - goto err; - - if (BN_ucmp(m, &(recp->N)) < 0) { - BN_zero(d); - if (!BN_copy(r, m)) { - BN_CTX_end(ctx); - return 0; - } - BN_CTX_end(ctx); - return 1; - } - - /* - * We want the remainder Given input of ABCDEF / ab we need multiply - * ABCDEF by 3 digests of the reciprocal of ab - */ - - /* i := max(BN_num_bits(m), 2*BN_num_bits(N)) */ - i = BN_num_bits(m); - j = recp->num_bits << 1; - if (j > i) - i = j; - - /* Nr := round(2^i / N) */ - if (i != recp->shift) - recp->shift = BN_reciprocal(&(recp->Nr), &(recp->N), i, ctx); - /* BN_reciprocal could have returned -1 for an error */ - if (recp->shift == -1) - goto err; - - /*- - * d := |round(round(m / 2^BN_num_bits(N)) * recp->Nr / 2^(i - BN_num_bits(N)))| - * = |round(round(m / 2^BN_num_bits(N)) * round(2^i / N) / 2^(i - BN_num_bits(N)))| - * <= |(m / 2^BN_num_bits(N)) * (2^i / N) * (2^BN_num_bits(N) / 2^i)| - * = |m/N| - */ - if (!BN_rshift(a, m, recp->num_bits)) - goto err; - if (!BN_mul(b, a, &(recp->Nr), ctx)) - goto err; - if (!BN_rshift(d, b, i - recp->num_bits)) - goto err; - d->neg = 0; - - if (!BN_mul(b, &(recp->N), d, ctx)) - goto err; - if (!BN_usub(r, m, b)) - goto err; - r->neg = 0; - - j = 0; - while (BN_ucmp(r, &(recp->N)) >= 0) { - if (j++ > 2) { - ERR_raise(ERR_LIB_BN, BN_R_BAD_RECIPROCAL); - goto err; - } - if (!BN_usub(r, r, &(recp->N))) - goto err; - if (!BN_add_word(d, 1)) - goto err; - } - - r->neg = BN_is_zero(r) ? 0 : m->neg; - d->neg = m->neg ^ recp->N.neg; - ret = 1; - err: - BN_CTX_end(ctx); - bn_check_top(dv); - bn_check_top(rem); - return ret; -} - -/* - * len is the expected size of the result We actually calculate with an extra - * word of precision, so we can do faster division if the remainder is not - * required. - */ -/* r := 2^len / m */ -int BN_reciprocal(BIGNUM *r, const BIGNUM *m, int len, BN_CTX *ctx) -{ - int ret = -1; - BIGNUM *t; - - BN_CTX_start(ctx); - if ((t = BN_CTX_get(ctx)) == NULL) - goto err; - - if (!BN_set_bit(t, len)) - goto err; - - if (!BN_div(r, NULL, t, m, ctx)) - goto err; - - ret = len; - err: - bn_check_top(r); - BN_CTX_end(ctx); - return ret; -} diff --git a/crypto/bn/bn_rsa_fips186_4.c b/crypto/bn/bn_rsa_fips186_4.c deleted file mode 100644 index abce1aa2d830717af71bd3b2eceb4e592e63c913..0000000000000000000000000000000000000000 --- a/crypto/bn/bn_rsa_fips186_4.c +++ /dev/null @@ -1,367 +0,0 @@ -/* - * Copyright 2018-2022 The OpenSSL Project Authors. All Rights Reserved. - * Copyright (c) 2018-2019, Oracle and/or its affiliates. All rights reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * According to NIST SP800-131A "Transitioning the use of cryptographic - * algorithms and key lengths" Generation of 1024 bit RSA keys are no longer - * allowed for signatures (Table 2) or key transport (Table 5). In the code - * below any attempt to generate 1024 bit RSA keys will result in an error (Note - * that digital signature verification can still use deprecated 1024 bit keys). - * - * FIPS 186-4 relies on the use of the auxiliary primes p1, p2, q1 and q2 that - * must be generated before the module generates the RSA primes p and q. - * Table B.1 in FIPS 186-4 specifies RSA modulus lengths of 2048 and - * 3072 bits only, the min/max total length of the auxiliary primes. - * FIPS 186-5 Table A.1 includes an additional entry for 4096 which has been - * included here. - */ -#include -#include -#include "bn_local.h" -#include "crypto/bn.h" -#include "internal/nelem.h" - -#if BN_BITS2 == 64 -# define BN_DEF(lo, hi) (BN_ULONG)hi<<32|lo -#else -# define BN_DEF(lo, hi) lo, hi -#endif - -/* 1 / sqrt(2) * 2^256, rounded up */ -static const BN_ULONG inv_sqrt_2_val[] = { - BN_DEF(0x83339916UL, 0xED17AC85UL), BN_DEF(0x893BA84CUL, 0x1D6F60BAUL), - BN_DEF(0x754ABE9FUL, 0x597D89B3UL), BN_DEF(0xF9DE6484UL, 0xB504F333UL) -}; - -const BIGNUM ossl_bn_inv_sqrt_2 = { - (BN_ULONG *)inv_sqrt_2_val, - OSSL_NELEM(inv_sqrt_2_val), - OSSL_NELEM(inv_sqrt_2_val), - 0, - BN_FLG_STATIC_DATA -}; - -/* - * FIPS 186-5 Table A.1. "Min length of auxiliary primes p1, p2, q1, q2". - * (FIPS 186-5 has an entry for >= 4096 bits). - * - * Params: - * nbits The key size in bits. - * Returns: - * The minimum size of the auxiliary primes or 0 if nbits is invalid. - */ -static int bn_rsa_fips186_5_aux_prime_min_size(int nbits) -{ - if (nbits >= 4096) - return 201; - if (nbits >= 3072) - return 171; - if (nbits >= 2048) - return 141; - return 0; -} - -/* - * FIPS 186-5 Table A.1 "Max of len(p1) + len(p2) and - * len(q1) + len(q2) for p,q Probable Primes". - * (FIPS 186-5 has an entry for >= 4096 bits). - * Params: - * nbits The key size in bits. - * Returns: - * The maximum length or 0 if nbits is invalid. - */ -static int bn_rsa_fips186_5_aux_prime_max_sum_size_for_prob_primes(int nbits) -{ - if (nbits >= 4096) - return 2030; - if (nbits >= 3072) - return 1518; - if (nbits >= 2048) - return 1007; - return 0; -} - -/* - * Find the first odd integer that is a probable prime. - * - * See section FIPS 186-4 B.3.6 (Steps 4.2/5.2). - * - * Params: - * Xp1 The passed in starting point to find a probably prime. - * p1 The returned probable prime (first odd integer >= Xp1) - * ctx A BN_CTX object. - * cb An optional BIGNUM callback. - * Returns: 1 on success otherwise it returns 0. - */ -static int bn_rsa_fips186_4_find_aux_prob_prime(const BIGNUM *Xp1, - BIGNUM *p1, BN_CTX *ctx, - BN_GENCB *cb) -{ - int ret = 0; - int i = 0; - int tmp = 0; - - if (BN_copy(p1, Xp1) == NULL) - return 0; - BN_set_flags(p1, BN_FLG_CONSTTIME); - - /* Find the first odd number >= Xp1 that is probably prime */ - for(;;) { - i++; - BN_GENCB_call(cb, 0, i); - /* MR test with trial division */ - tmp = BN_check_prime(p1, ctx, cb); - if (tmp > 0) - break; - if (tmp < 0) - goto err; - /* Get next odd number */ - if (!BN_add_word(p1, 2)) - goto err; - } - BN_GENCB_call(cb, 2, i); - ret = 1; -err: - return ret; -} - -/* - * Generate a probable prime (p or q). - * - * See FIPS 186-4 B.3.6 (Steps 4 & 5) - * - * Params: - * p The returned probable prime. - * Xpout An optionally returned random number used during generation of p. - * p1, p2 The returned auxiliary primes. If NULL they are not returned. - * Xp An optional passed in value (that is random number used during - * generation of p). - * Xp1, Xp2 Optional passed in values that are normally generated - * internally. Used to find p1, p2. - * nlen The bit length of the modulus (the key size). - * e The public exponent. - * ctx A BN_CTX object. - * cb An optional BIGNUM callback. - * Returns: 1 on success otherwise it returns 0. - */ -int ossl_bn_rsa_fips186_4_gen_prob_primes(BIGNUM *p, BIGNUM *Xpout, - BIGNUM *p1, BIGNUM *p2, - const BIGNUM *Xp, const BIGNUM *Xp1, - const BIGNUM *Xp2, int nlen, - const BIGNUM *e, BN_CTX *ctx, - BN_GENCB *cb) -{ - int ret = 0; - BIGNUM *p1i = NULL, *p2i = NULL, *Xp1i = NULL, *Xp2i = NULL; - int bitlen; - - if (p == NULL || Xpout == NULL) - return 0; - - BN_CTX_start(ctx); - - p1i = (p1 != NULL) ? p1 : BN_CTX_get(ctx); - p2i = (p2 != NULL) ? p2 : BN_CTX_get(ctx); - Xp1i = (Xp1 != NULL) ? (BIGNUM *)Xp1 : BN_CTX_get(ctx); - Xp2i = (Xp2 != NULL) ? (BIGNUM *)Xp2 : BN_CTX_get(ctx); - if (p1i == NULL || p2i == NULL || Xp1i == NULL || Xp2i == NULL) - goto err; - - bitlen = bn_rsa_fips186_5_aux_prime_min_size(nlen); - if (bitlen == 0) - goto err; - - /* (Steps 4.1/5.1): Randomly generate Xp1 if it is not passed in */ - if (Xp1 == NULL) { - /* Set the top and bottom bits to make it odd and the correct size */ - if (!BN_priv_rand_ex(Xp1i, bitlen, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ODD, - 0, ctx)) - goto err; - } - /* (Steps 4.1/5.1): Randomly generate Xp2 if it is not passed in */ - if (Xp2 == NULL) { - /* Set the top and bottom bits to make it odd and the correct size */ - if (!BN_priv_rand_ex(Xp2i, bitlen, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ODD, - 0, ctx)) - goto err; - } - - /* (Steps 4.2/5.2) - find first auxiliary probable primes */ - if (!bn_rsa_fips186_4_find_aux_prob_prime(Xp1i, p1i, ctx, cb) - || !bn_rsa_fips186_4_find_aux_prob_prime(Xp2i, p2i, ctx, cb)) - goto err; - /* (Table B.1) auxiliary prime Max length check */ - if ((BN_num_bits(p1i) + BN_num_bits(p2i)) >= - bn_rsa_fips186_5_aux_prime_max_sum_size_for_prob_primes(nlen)) - goto err; - /* (Steps 4.3/5.3) - generate prime */ - if (!ossl_bn_rsa_fips186_4_derive_prime(p, Xpout, Xp, p1i, p2i, nlen, e, - ctx, cb)) - goto err; - ret = 1; -err: - /* Zeroize any internally generated values that are not returned */ - if (p1 == NULL) - BN_clear(p1i); - if (p2 == NULL) - BN_clear(p2i); - if (Xp1 == NULL) - BN_clear(Xp1i); - if (Xp2 == NULL) - BN_clear(Xp2i); - BN_CTX_end(ctx); - return ret; -} - -/* - * Constructs a probable prime (a candidate for p or q) using 2 auxiliary - * prime numbers and the Chinese Remainder Theorem. - * - * See FIPS 186-4 C.9 "Compute a Probable Prime Factor Based on Auxiliary - * Primes". Used by FIPS 186-4 B.3.6 Section (4.3) for p and Section (5.3) for q. - * - * Params: - * Y The returned prime factor (private_prime_factor) of the modulus n. - * X The returned random number used during generation of the prime factor. - * Xin An optional passed in value for X used for testing purposes. - * r1 An auxiliary prime. - * r2 An auxiliary prime. - * nlen The desired length of n (the RSA modulus). - * e The public exponent. - * ctx A BN_CTX object. - * cb An optional BIGNUM callback object. - * Returns: 1 on success otherwise it returns 0. - * Assumptions: - * Y, X, r1, r2, e are not NULL. - */ -int ossl_bn_rsa_fips186_4_derive_prime(BIGNUM *Y, BIGNUM *X, const BIGNUM *Xin, - const BIGNUM *r1, const BIGNUM *r2, - int nlen, const BIGNUM *e, BN_CTX *ctx, - BN_GENCB *cb) -{ - int ret = 0; - int i, imax; - int bits = nlen >> 1; - BIGNUM *tmp, *R, *r1r2x2, *y1, *r1x2; - BIGNUM *base, *range; - - BN_CTX_start(ctx); - - base = BN_CTX_get(ctx); - range = BN_CTX_get(ctx); - R = BN_CTX_get(ctx); - tmp = BN_CTX_get(ctx); - r1r2x2 = BN_CTX_get(ctx); - y1 = BN_CTX_get(ctx); - r1x2 = BN_CTX_get(ctx); - if (r1x2 == NULL) - goto err; - - if (Xin != NULL && BN_copy(X, Xin) == NULL) - goto err; - - /* - * We need to generate a random number X in the range - * 1/sqrt(2) * 2^(nlen/2) <= X < 2^(nlen/2). - * We can rewrite that as: - * base = 1/sqrt(2) * 2^(nlen/2) - * range = ((2^(nlen/2))) - (1/sqrt(2) * 2^(nlen/2)) - * X = base + random(range) - * We only have the first 256 bit of 1/sqrt(2) - */ - if (Xin == NULL) { - if (bits < BN_num_bits(&ossl_bn_inv_sqrt_2)) - goto err; - if (!BN_lshift(base, &ossl_bn_inv_sqrt_2, - bits - BN_num_bits(&ossl_bn_inv_sqrt_2)) - || !BN_lshift(range, BN_value_one(), bits) - || !BN_sub(range, range, base)) - goto err; - } - - if (!(BN_lshift1(r1x2, r1) - /* (Step 1) GCD(2r1, r2) = 1 */ - && BN_gcd(tmp, r1x2, r2, ctx) - && BN_is_one(tmp) - /* (Step 2) R = ((r2^-1 mod 2r1) * r2) - ((2r1^-1 mod r2)*2r1) */ - && BN_mod_inverse(R, r2, r1x2, ctx) - && BN_mul(R, R, r2, ctx) /* R = (r2^-1 mod 2r1) * r2 */ - && BN_mod_inverse(tmp, r1x2, r2, ctx) - && BN_mul(tmp, tmp, r1x2, ctx) /* tmp = (2r1^-1 mod r2)*2r1 */ - && BN_sub(R, R, tmp) - /* Calculate 2r1r2 */ - && BN_mul(r1r2x2, r1x2, r2, ctx))) - goto err; - /* Make positive by adding the modulus */ - if (BN_is_negative(R) && !BN_add(R, R, r1r2x2)) - goto err; - - /* - * In FIPS 186-4 imax was set to 5 * nlen/2. - * Analysis by Allen Roginsky (See https://csrc.nist.gov/CSRC/media/Publications/fips/186/4/final/documents/comments-received-fips186-4-december-2015.pdf - * page 68) indicates this has a 1 in 2 million chance of failure. - * The number has been updated to 20 * nlen/2 as used in - * FIPS186-5 Appendix B.9 Step 9. - */ - imax = 20 * bits; /* max = 20/2 * nbits */ - for (;;) { - if (Xin == NULL) { - /* - * (Step 3) Choose Random X such that - * sqrt(2) * 2^(nlen/2-1) <= Random X <= (2^(nlen/2)) - 1. - */ - if (!BN_priv_rand_range_ex(X, range, 0, ctx) || !BN_add(X, X, base)) - goto end; - } - /* (Step 4) Y = X + ((R - X) mod 2r1r2) */ - if (!BN_mod_sub(Y, R, X, r1r2x2, ctx) || !BN_add(Y, Y, X)) - goto err; - /* (Step 5) */ - i = 0; - for (;;) { - /* (Step 6) */ - if (BN_num_bits(Y) > bits) { - if (Xin == NULL) - break; /* Randomly Generated X so Go back to Step 3 */ - else - goto err; /* X is not random so it will always fail */ - } - BN_GENCB_call(cb, 0, 2); - - /* (Step 7) If GCD(Y-1) == 1 & Y is probably prime then return Y */ - if (BN_copy(y1, Y) == NULL - || !BN_sub_word(y1, 1) - || !BN_gcd(tmp, y1, e, ctx)) - goto err; - if (BN_is_one(tmp)) { - int rv = BN_check_prime(Y, ctx, cb); - - if (rv > 0) - goto end; - if (rv < 0) - goto err; - } - /* (Step 8-10) */ - if (++i >= imax) { - ERR_raise(ERR_LIB_BN, BN_R_NO_PRIME_CANDIDATE); - goto err; - } - if (!BN_add(Y, Y, r1r2x2)) - goto err; - } - } -end: - ret = 1; - BN_GENCB_call(cb, 3, 0); -err: - BN_clear(y1); - BN_CTX_end(ctx); - return ret; -} diff --git a/crypto/bn/bn_shift.c b/crypto/bn/bn_shift.c deleted file mode 100644 index 8fcb04324e6d593296f8a3e8b0e5888d35a5eeb4..0000000000000000000000000000000000000000 --- a/crypto/bn/bn_shift.c +++ /dev/null @@ -1,216 +0,0 @@ -/* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/cryptlib.h" -#include "bn_local.h" - -int BN_lshift1(BIGNUM *r, const BIGNUM *a) -{ - register BN_ULONG *ap, *rp, t, c; - int i; - - bn_check_top(r); - bn_check_top(a); - - if (r != a) { - r->neg = a->neg; - if (bn_wexpand(r, a->top + 1) == NULL) - return 0; - r->top = a->top; - } else { - if (bn_wexpand(r, a->top + 1) == NULL) - return 0; - } - ap = a->d; - rp = r->d; - c = 0; - for (i = 0; i < a->top; i++) { - t = *(ap++); - *(rp++) = ((t << 1) | c) & BN_MASK2; - c = t >> (BN_BITS2 - 1); - } - *rp = c; - r->top += c; - bn_check_top(r); - return 1; -} - -int BN_rshift1(BIGNUM *r, const BIGNUM *a) -{ - BN_ULONG *ap, *rp, t, c; - int i; - - bn_check_top(r); - bn_check_top(a); - - if (BN_is_zero(a)) { - BN_zero(r); - return 1; - } - i = a->top; - ap = a->d; - if (a != r) { - if (bn_wexpand(r, i) == NULL) - return 0; - r->neg = a->neg; - } - rp = r->d; - r->top = i; - t = ap[--i]; - rp[i] = t >> 1; - c = t << (BN_BITS2 - 1); - r->top -= (t == 1); - while (i > 0) { - t = ap[--i]; - rp[i] = ((t >> 1) & BN_MASK2) | c; - c = t << (BN_BITS2 - 1); - } - if (!r->top) - r->neg = 0; /* don't allow negative zero */ - bn_check_top(r); - return 1; -} - -int BN_lshift(BIGNUM *r, const BIGNUM *a, int n) -{ - int ret; - - if (n < 0) { - ERR_raise(ERR_LIB_BN, BN_R_INVALID_SHIFT); - return 0; - } - - ret = bn_lshift_fixed_top(r, a, n); - - bn_correct_top(r); - bn_check_top(r); - - return ret; -} - -/* - * In respect to shift factor the execution time is invariant of - * |n % BN_BITS2|, but not |n / BN_BITS2|. Or in other words pre-condition - * for constant-time-ness is |n < BN_BITS2| or |n / BN_BITS2| being - * non-secret. - */ -int bn_lshift_fixed_top(BIGNUM *r, const BIGNUM *a, int n) -{ - int i, nw; - unsigned int lb, rb; - BN_ULONG *t, *f; - BN_ULONG l, m, rmask = 0; - - assert(n >= 0); - - bn_check_top(r); - bn_check_top(a); - - nw = n / BN_BITS2; - if (bn_wexpand(r, a->top + nw + 1) == NULL) - return 0; - - if (a->top != 0) { - lb = (unsigned int)n % BN_BITS2; - rb = BN_BITS2 - lb; - rb %= BN_BITS2; /* say no to undefined behaviour */ - rmask = (BN_ULONG)0 - rb; /* rmask = 0 - (rb != 0) */ - rmask |= rmask >> 8; - f = &(a->d[0]); - t = &(r->d[nw]); - l = f[a->top - 1]; - t[a->top] = (l >> rb) & rmask; - for (i = a->top - 1; i > 0; i--) { - m = l << lb; - l = f[i - 1]; - t[i] = (m | ((l >> rb) & rmask)) & BN_MASK2; - } - t[0] = (l << lb) & BN_MASK2; - } else { - /* shouldn't happen, but formally required */ - r->d[nw] = 0; - } - if (nw != 0) - memset(r->d, 0, sizeof(*t) * nw); - - r->neg = a->neg; - r->top = a->top + nw + 1; - r->flags |= BN_FLG_FIXED_TOP; - - return 1; -} - -int BN_rshift(BIGNUM *r, const BIGNUM *a, int n) -{ - int ret = 0; - - if (n < 0) { - ERR_raise(ERR_LIB_BN, BN_R_INVALID_SHIFT); - return 0; - } - - ret = bn_rshift_fixed_top(r, a, n); - - bn_correct_top(r); - bn_check_top(r); - - return ret; -} - -/* - * In respect to shift factor the execution time is invariant of - * |n % BN_BITS2|, but not |n / BN_BITS2|. Or in other words pre-condition - * for constant-time-ness for sufficiently[!] zero-padded inputs is - * |n < BN_BITS2| or |n / BN_BITS2| being non-secret. - */ -int bn_rshift_fixed_top(BIGNUM *r, const BIGNUM *a, int n) -{ - int i, top, nw; - unsigned int lb, rb; - BN_ULONG *t, *f; - BN_ULONG l, m, mask; - - bn_check_top(r); - bn_check_top(a); - - assert(n >= 0); - - nw = n / BN_BITS2; - if (nw >= a->top) { - /* shouldn't happen, but formally required */ - BN_zero(r); - return 1; - } - - rb = (unsigned int)n % BN_BITS2; - lb = BN_BITS2 - rb; - lb %= BN_BITS2; /* say no to undefined behaviour */ - mask = (BN_ULONG)0 - lb; /* mask = 0 - (lb != 0) */ - mask |= mask >> 8; - top = a->top - nw; - if (r != a && bn_wexpand(r, top) == NULL) - return 0; - - t = &(r->d[0]); - f = &(a->d[nw]); - l = f[0]; - for (i = 0; i < top - 1; i++) { - m = f[i + 1]; - t[i] = (l >> rb) | ((m << lb) & mask); - l = m; - } - t[i] = l >> rb; - - r->neg = a->neg; - r->top = top; - r->flags |= BN_FLG_FIXED_TOP; - - return 1; -} diff --git a/crypto/bn/bn_sparc.c b/crypto/bn/bn_sparc.c deleted file mode 100644 index a810c3b1faee957646a1e5796d092c0bd64017fe..0000000000000000000000000000000000000000 --- a/crypto/bn/bn_sparc.c +++ /dev/null @@ -1,77 +0,0 @@ -/* - * Copyright 2005-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include "internal/cryptlib.h" -#include "crypto/sparc_arch.h" -#include "bn_local.h" /* for definition of bn_mul_mont */ - -int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, - const BN_ULONG *np, const BN_ULONG *n0, int num) -{ - int bn_mul_mont_vis3(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, - const BN_ULONG *np, const BN_ULONG *n0, int num); - int bn_mul_mont_fpu(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, - const BN_ULONG *np, const BN_ULONG *n0, int num); - int bn_mul_mont_int(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, - const BN_ULONG *np, const BN_ULONG *n0, int num); - - if (!(num & 1) && num >= 6) { - if ((num & 15) == 0 && num <= 64 && - (OPENSSL_sparcv9cap_P[1] & (CFR_MONTMUL | CFR_MONTSQR)) == - (CFR_MONTMUL | CFR_MONTSQR)) { - typedef int (*bn_mul_mont_f) (BN_ULONG *rp, const BN_ULONG *ap, - const BN_ULONG *bp, - const BN_ULONG *np, - const BN_ULONG *n0); - int bn_mul_mont_t4_8(BN_ULONG *rp, const BN_ULONG *ap, - const BN_ULONG *bp, const BN_ULONG *np, - const BN_ULONG *n0); - int bn_mul_mont_t4_16(BN_ULONG *rp, const BN_ULONG *ap, - const BN_ULONG *bp, const BN_ULONG *np, - const BN_ULONG *n0); - int bn_mul_mont_t4_24(BN_ULONG *rp, const BN_ULONG *ap, - const BN_ULONG *bp, const BN_ULONG *np, - const BN_ULONG *n0); - int bn_mul_mont_t4_32(BN_ULONG *rp, const BN_ULONG *ap, - const BN_ULONG *bp, const BN_ULONG *np, - const BN_ULONG *n0); - static const bn_mul_mont_f funcs[4] = { - bn_mul_mont_t4_8, bn_mul_mont_t4_16, - bn_mul_mont_t4_24, bn_mul_mont_t4_32 - }; - bn_mul_mont_f worker = funcs[num / 16 - 1]; - - if ((*worker) (rp, ap, bp, np, n0)) - return 1; - /* retry once and fall back */ - if ((*worker) (rp, ap, bp, np, n0)) - return 1; - return bn_mul_mont_vis3(rp, ap, bp, np, n0, num); - } - if ((OPENSSL_sparcv9cap_P[0] & SPARCV9_VIS3)) - return bn_mul_mont_vis3(rp, ap, bp, np, n0, num); - else if (num >= 8 && - /* - * bn_mul_mont_fpu doesn't use FMADD, we just use the - * flag to detect when FPU path is preferable in cases - * when current heuristics is unreliable. [it works - * out because FMADD-capable processors where FPU - * code path is undesirable are also VIS3-capable and - * VIS3 code path takes precedence.] - */ - ( (OPENSSL_sparcv9cap_P[0] & SPARCV9_FMADD) || - (OPENSSL_sparcv9cap_P[0] & - (SPARCV9_PREFER_FPU | SPARCV9_VIS1)) == - (SPARCV9_PREFER_FPU | SPARCV9_VIS1) )) - return bn_mul_mont_fpu(rp, ap, bp, np, n0, num); - } - return bn_mul_mont_int(rp, ap, bp, np, n0, num); -} diff --git a/crypto/bn/bn_sqr.c b/crypto/bn/bn_sqr.c deleted file mode 100644 index 990bed90b5906166d97e3fa1f6cc02fe967aff77..0000000000000000000000000000000000000000 --- a/crypto/bn/bn_sqr.c +++ /dev/null @@ -1,239 +0,0 @@ -/* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include "internal/cryptlib.h" -#include "bn_local.h" - -/* r must not be a */ -/* - * I've just gone over this and it is now %20 faster on x86 - eay - 27 Jun 96 - */ -int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx) -{ - int ret = bn_sqr_fixed_top(r, a, ctx); - - bn_correct_top(r); - bn_check_top(r); - - return ret; -} - -int bn_sqr_fixed_top(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx) -{ - int max, al; - int ret = 0; - BIGNUM *tmp, *rr; - - bn_check_top(a); - - al = a->top; - if (al <= 0) { - r->top = 0; - r->neg = 0; - return 1; - } - - BN_CTX_start(ctx); - rr = (a != r) ? r : BN_CTX_get(ctx); - tmp = BN_CTX_get(ctx); - if (rr == NULL || tmp == NULL) - goto err; - - max = 2 * al; /* Non-zero (from above) */ - if (bn_wexpand(rr, max) == NULL) - goto err; - - if (al == 4) { -#ifndef BN_SQR_COMBA - BN_ULONG t[8]; - bn_sqr_normal(rr->d, a->d, 4, t); -#else - bn_sqr_comba4(rr->d, a->d); -#endif - } else if (al == 8) { -#ifndef BN_SQR_COMBA - BN_ULONG t[16]; - bn_sqr_normal(rr->d, a->d, 8, t); -#else - bn_sqr_comba8(rr->d, a->d); -#endif - } else { -#if defined(BN_RECURSION) - if (al < BN_SQR_RECURSIVE_SIZE_NORMAL) { - BN_ULONG t[BN_SQR_RECURSIVE_SIZE_NORMAL * 2]; - bn_sqr_normal(rr->d, a->d, al, t); - } else { - int j, k; - - j = BN_num_bits_word((BN_ULONG)al); - j = 1 << (j - 1); - k = j + j; - if (al == j) { - if (bn_wexpand(tmp, k * 2) == NULL) - goto err; - bn_sqr_recursive(rr->d, a->d, al, tmp->d); - } else { - if (bn_wexpand(tmp, max) == NULL) - goto err; - bn_sqr_normal(rr->d, a->d, al, tmp->d); - } - } -#else - if (bn_wexpand(tmp, max) == NULL) - goto err; - bn_sqr_normal(rr->d, a->d, al, tmp->d); -#endif - } - - rr->neg = 0; - rr->top = max; - rr->flags |= BN_FLG_FIXED_TOP; - if (r != rr && BN_copy(r, rr) == NULL) - goto err; - - ret = 1; - err: - bn_check_top(rr); - bn_check_top(tmp); - BN_CTX_end(ctx); - return ret; -} - -/* tmp must have 2*n words */ -void bn_sqr_normal(BN_ULONG *r, const BN_ULONG *a, int n, BN_ULONG *tmp) -{ - int i, j, max; - const BN_ULONG *ap; - BN_ULONG *rp; - - max = n * 2; - ap = a; - rp = r; - rp[0] = rp[max - 1] = 0; - rp++; - j = n; - - if (--j > 0) { - ap++; - rp[j] = bn_mul_words(rp, ap, j, ap[-1]); - rp += 2; - } - - for (i = n - 2; i > 0; i--) { - j--; - ap++; - rp[j] = bn_mul_add_words(rp, ap, j, ap[-1]); - rp += 2; - } - - bn_add_words(r, r, r, max); - - /* There will not be a carry */ - - bn_sqr_words(tmp, a, n); - - bn_add_words(r, r, tmp, max); -} - -#ifdef BN_RECURSION -/*- - * r is 2*n words in size, - * a and b are both n words in size. (There's not actually a 'b' here ...) - * n must be a power of 2. - * We multiply and return the result. - * t must be 2*n words in size - * We calculate - * a[0]*b[0] - * a[0]*b[0]+a[1]*b[1]+(a[0]-a[1])*(b[1]-b[0]) - * a[1]*b[1] - */ -void bn_sqr_recursive(BN_ULONG *r, const BN_ULONG *a, int n2, BN_ULONG *t) -{ - int n = n2 / 2; - int zero, c1; - BN_ULONG ln, lo, *p; - - if (n2 == 4) { -# ifndef BN_SQR_COMBA - bn_sqr_normal(r, a, 4, t); -# else - bn_sqr_comba4(r, a); -# endif - return; - } else if (n2 == 8) { -# ifndef BN_SQR_COMBA - bn_sqr_normal(r, a, 8, t); -# else - bn_sqr_comba8(r, a); -# endif - return; - } - if (n2 < BN_SQR_RECURSIVE_SIZE_NORMAL) { - bn_sqr_normal(r, a, n2, t); - return; - } - /* r=(a[0]-a[1])*(a[1]-a[0]) */ - c1 = bn_cmp_words(a, &(a[n]), n); - zero = 0; - if (c1 > 0) - bn_sub_words(t, a, &(a[n]), n); - else if (c1 < 0) - bn_sub_words(t, &(a[n]), a, n); - else - zero = 1; - - /* The result will always be negative unless it is zero */ - p = &(t[n2 * 2]); - - if (!zero) - bn_sqr_recursive(&(t[n2]), t, n, p); - else - memset(&t[n2], 0, sizeof(*t) * n2); - bn_sqr_recursive(r, a, n, p); - bn_sqr_recursive(&(r[n2]), &(a[n]), n, p); - - /*- - * t[32] holds (a[0]-a[1])*(a[1]-a[0]), it is negative or zero - * r[10] holds (a[0]*b[0]) - * r[32] holds (b[1]*b[1]) - */ - - c1 = (int)(bn_add_words(t, r, &(r[n2]), n2)); - - /* t[32] is negative */ - c1 -= (int)(bn_sub_words(&(t[n2]), t, &(t[n2]), n2)); - - /*- - * t[32] holds (a[0]-a[1])*(a[1]-a[0])+(a[0]*a[0])+(a[1]*a[1]) - * r[10] holds (a[0]*a[0]) - * r[32] holds (a[1]*a[1]) - * c1 holds the carry bits - */ - c1 += (int)(bn_add_words(&(r[n]), &(r[n]), &(t[n2]), n2)); - if (c1) { - p = &(r[n + n2]); - lo = *p; - ln = (lo + c1) & BN_MASK2; - *p = ln; - - /* - * The overflow will stop before we over write words we should not - * overwrite - */ - if (ln < (BN_ULONG)c1) { - do { - p++; - lo = *p; - ln = (lo + 1) & BN_MASK2; - *p = ln; - } while (ln == 0); - } - } -} -#endif diff --git a/crypto/bn/bn_sqrt.c b/crypto/bn/bn_sqrt.c deleted file mode 100644 index 5c77e72132d42642f4afc9cca881f192110b2946..0000000000000000000000000000000000000000 --- a/crypto/bn/bn_sqrt.c +++ /dev/null @@ -1,368 +0,0 @@ -/* - * Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include "internal/cryptlib.h" -#include "bn_local.h" - -BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) -/* - * Returns 'ret' such that ret^2 == a (mod p), using the Tonelli/Shanks - * algorithm (cf. Henri Cohen, "A Course in Algebraic Computational Number - * Theory", algorithm 1.5.1). 'p' must be prime, otherwise an error or - * an incorrect "result" will be returned. - */ -{ - BIGNUM *ret = in; - int err = 1; - int r; - BIGNUM *A, *b, *q, *t, *x, *y; - int e, i, j; - int used_ctx = 0; - - if (!BN_is_odd(p) || BN_abs_is_word(p, 1)) { - if (BN_abs_is_word(p, 2)) { - if (ret == NULL) - ret = BN_new(); - if (ret == NULL) - goto end; - if (!BN_set_word(ret, BN_is_bit_set(a, 0))) { - if (ret != in) - BN_free(ret); - return NULL; - } - bn_check_top(ret); - return ret; - } - - ERR_raise(ERR_LIB_BN, BN_R_P_IS_NOT_PRIME); - return NULL; - } - - if (BN_is_zero(a) || BN_is_one(a)) { - if (ret == NULL) - ret = BN_new(); - if (ret == NULL) - goto end; - if (!BN_set_word(ret, BN_is_one(a))) { - if (ret != in) - BN_free(ret); - return NULL; - } - bn_check_top(ret); - return ret; - } - - BN_CTX_start(ctx); - used_ctx = 1; - A = BN_CTX_get(ctx); - b = BN_CTX_get(ctx); - q = BN_CTX_get(ctx); - t = BN_CTX_get(ctx); - x = BN_CTX_get(ctx); - y = BN_CTX_get(ctx); - if (y == NULL) - goto end; - - if (ret == NULL) - ret = BN_new(); - if (ret == NULL) - goto end; - - /* A = a mod p */ - if (!BN_nnmod(A, a, p, ctx)) - goto end; - - /* now write |p| - 1 as 2^e*q where q is odd */ - e = 1; - while (!BN_is_bit_set(p, e)) - e++; - /* we'll set q later (if needed) */ - - if (e == 1) { - /*- - * The easy case: (|p|-1)/2 is odd, so 2 has an inverse - * modulo (|p|-1)/2, and square roots can be computed - * directly by modular exponentiation. - * We have - * 2 * (|p|+1)/4 == 1 (mod (|p|-1)/2), - * so we can use exponent (|p|+1)/4, i.e. (|p|-3)/4 + 1. - */ - if (!BN_rshift(q, p, 2)) - goto end; - q->neg = 0; - if (!BN_add_word(q, 1)) - goto end; - if (!BN_mod_exp(ret, A, q, p, ctx)) - goto end; - err = 0; - goto vrfy; - } - - if (e == 2) { - /*- - * |p| == 5 (mod 8) - * - * In this case 2 is always a non-square since - * Legendre(2,p) = (-1)^((p^2-1)/8) for any odd prime. - * So if a really is a square, then 2*a is a non-square. - * Thus for - * b := (2*a)^((|p|-5)/8), - * i := (2*a)*b^2 - * we have - * i^2 = (2*a)^((1 + (|p|-5)/4)*2) - * = (2*a)^((p-1)/2) - * = -1; - * so if we set - * x := a*b*(i-1), - * then - * x^2 = a^2 * b^2 * (i^2 - 2*i + 1) - * = a^2 * b^2 * (-2*i) - * = a*(-i)*(2*a*b^2) - * = a*(-i)*i - * = a. - * - * (This is due to A.O.L. Atkin, - * Subject: Square Roots and Cognate Matters modulo p=8n+5. - * URL: https://listserv.nodak.edu/cgi-bin/wa.exe?A2=ind9211&L=NMBRTHRY&P=4026 - * November 1992.) - */ - - /* t := 2*a */ - if (!BN_mod_lshift1_quick(t, A, p)) - goto end; - - /* b := (2*a)^((|p|-5)/8) */ - if (!BN_rshift(q, p, 3)) - goto end; - q->neg = 0; - if (!BN_mod_exp(b, t, q, p, ctx)) - goto end; - - /* y := b^2 */ - if (!BN_mod_sqr(y, b, p, ctx)) - goto end; - - /* t := (2*a)*b^2 - 1 */ - if (!BN_mod_mul(t, t, y, p, ctx)) - goto end; - if (!BN_sub_word(t, 1)) - goto end; - - /* x = a*b*t */ - if (!BN_mod_mul(x, A, b, p, ctx)) - goto end; - if (!BN_mod_mul(x, x, t, p, ctx)) - goto end; - - if (!BN_copy(ret, x)) - goto end; - err = 0; - goto vrfy; - } - - /* - * e > 2, so we really have to use the Tonelli/Shanks algorithm. First, - * find some y that is not a square. - */ - if (!BN_copy(q, p)) - goto end; /* use 'q' as temp */ - q->neg = 0; - i = 2; - do { - /* - * For efficiency, try small numbers first; if this fails, try random - * numbers. - */ - if (i < 22) { - if (!BN_set_word(y, i)) - goto end; - } else { - if (!BN_priv_rand_ex(y, BN_num_bits(p), 0, 0, 0, ctx)) - goto end; - if (BN_ucmp(y, p) >= 0) { - if (!(p->neg ? BN_add : BN_sub) (y, y, p)) - goto end; - } - /* now 0 <= y < |p| */ - if (BN_is_zero(y)) - if (!BN_set_word(y, i)) - goto end; - } - - r = BN_kronecker(y, q, ctx); /* here 'q' is |p| */ - if (r < -1) - goto end; - if (r == 0) { - /* m divides p */ - ERR_raise(ERR_LIB_BN, BN_R_P_IS_NOT_PRIME); - goto end; - } - } - while (r == 1 && ++i < 82); - - if (r != -1) { - /* - * Many rounds and still no non-square -- this is more likely a bug - * than just bad luck. Even if p is not prime, we should have found - * some y such that r == -1. - */ - ERR_raise(ERR_LIB_BN, BN_R_TOO_MANY_ITERATIONS); - goto end; - } - - /* Here's our actual 'q': */ - if (!BN_rshift(q, q, e)) - goto end; - - /* - * Now that we have some non-square, we can find an element of order 2^e - * by computing its q'th power. - */ - if (!BN_mod_exp(y, y, q, p, ctx)) - goto end; - if (BN_is_one(y)) { - ERR_raise(ERR_LIB_BN, BN_R_P_IS_NOT_PRIME); - goto end; - } - - /*- - * Now we know that (if p is indeed prime) there is an integer - * k, 0 <= k < 2^e, such that - * - * a^q * y^k == 1 (mod p). - * - * As a^q is a square and y is not, k must be even. - * q+1 is even, too, so there is an element - * - * X := a^((q+1)/2) * y^(k/2), - * - * and it satisfies - * - * X^2 = a^q * a * y^k - * = a, - * - * so it is the square root that we are looking for. - */ - - /* t := (q-1)/2 (note that q is odd) */ - if (!BN_rshift1(t, q)) - goto end; - - /* x := a^((q-1)/2) */ - if (BN_is_zero(t)) { /* special case: p = 2^e + 1 */ - if (!BN_nnmod(t, A, p, ctx)) - goto end; - if (BN_is_zero(t)) { - /* special case: a == 0 (mod p) */ - BN_zero(ret); - err = 0; - goto end; - } else if (!BN_one(x)) - goto end; - } else { - if (!BN_mod_exp(x, A, t, p, ctx)) - goto end; - if (BN_is_zero(x)) { - /* special case: a == 0 (mod p) */ - BN_zero(ret); - err = 0; - goto end; - } - } - - /* b := a*x^2 (= a^q) */ - if (!BN_mod_sqr(b, x, p, ctx)) - goto end; - if (!BN_mod_mul(b, b, A, p, ctx)) - goto end; - - /* x := a*x (= a^((q+1)/2)) */ - if (!BN_mod_mul(x, x, A, p, ctx)) - goto end; - - while (1) { - /*- - * Now b is a^q * y^k for some even k (0 <= k < 2^E - * where E refers to the original value of e, which we - * don't keep in a variable), and x is a^((q+1)/2) * y^(k/2). - * - * We have a*b = x^2, - * y^2^(e-1) = -1, - * b^2^(e-1) = 1. - */ - - if (BN_is_one(b)) { - if (!BN_copy(ret, x)) - goto end; - err = 0; - goto vrfy; - } - - /* Find the smallest i, 0 < i < e, such that b^(2^i) = 1. */ - for (i = 1; i < e; i++) { - if (i == 1) { - if (!BN_mod_sqr(t, b, p, ctx)) - goto end; - - } else { - if (!BN_mod_mul(t, t, t, p, ctx)) - goto end; - } - if (BN_is_one(t)) - break; - } - /* If not found, a is not a square or p is not prime. */ - if (i >= e) { - ERR_raise(ERR_LIB_BN, BN_R_NOT_A_SQUARE); - goto end; - } - - /* t := y^2^(e - i - 1) */ - if (!BN_copy(t, y)) - goto end; - for (j = e - i - 1; j > 0; j--) { - if (!BN_mod_sqr(t, t, p, ctx)) - goto end; - } - if (!BN_mod_mul(y, t, t, p, ctx)) - goto end; - if (!BN_mod_mul(x, x, t, p, ctx)) - goto end; - if (!BN_mod_mul(b, b, y, p, ctx)) - goto end; - e = i; - } - - vrfy: - if (!err) { - /* - * verify the result -- the input might have been not a square (test - * added in 0.9.8) - */ - - if (!BN_mod_sqr(x, ret, p, ctx)) - err = 1; - - if (!err && 0 != BN_cmp(x, A)) { - ERR_raise(ERR_LIB_BN, BN_R_NOT_A_SQUARE); - err = 1; - } - } - - end: - if (err) { - if (ret != in) - BN_clear_free(ret); - ret = NULL; - } - if (used_ctx) - BN_CTX_end(ctx); - bn_check_top(ret); - return ret; -} diff --git a/crypto/bn/bn_srp.c b/crypto/bn/bn_srp.c deleted file mode 100644 index ffb8fc61e0fe983f1c5fa3ac1c5bc32b2edcbc10..0000000000000000000000000000000000000000 --- a/crypto/bn/bn_srp.c +++ /dev/null @@ -1,545 +0,0 @@ -/* - * Copyright 2014-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include "bn_local.h" -#include "internal/nelem.h" - -#ifndef OPENSSL_NO_SRP - -#include -#include "crypto/bn_srp.h" - -# if (BN_BYTES == 8) -# if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__) -# define bn_pack4(a1,a2,a3,a4) ((a1##UI64<<48)|(a2##UI64<<32)|(a3##UI64<<16)|a4##UI64) -# elif defined(__arch64__) -# define bn_pack4(a1,a2,a3,a4) ((a1##UL<<48)|(a2##UL<<32)|(a3##UL<<16)|a4##UL) -# else -# define bn_pack4(a1,a2,a3,a4) ((a1##ULL<<48)|(a2##ULL<<32)|(a3##ULL<<16)|a4##ULL) -# endif -# elif (BN_BYTES == 4) -# define bn_pack4(a1,a2,a3,a4) ((a3##UL<<16)|a4##UL), ((a1##UL<<16)|a2##UL) -# else -# error "unsupported BN_BYTES" -# endif - -static const BN_ULONG bn_group_1024_value[] = { - bn_pack4(0x9FC6, 0x1D2F, 0xC0EB, 0x06E3), - bn_pack4(0xFD51, 0x38FE, 0x8376, 0x435B), - bn_pack4(0x2FD4, 0xCBF4, 0x976E, 0xAA9A), - bn_pack4(0x68ED, 0xBC3C, 0x0572, 0x6CC0), - bn_pack4(0xC529, 0xF566, 0x660E, 0x57EC), - bn_pack4(0x8255, 0x9B29, 0x7BCF, 0x1885), - bn_pack4(0xCE8E, 0xF4AD, 0x69B1, 0x5D49), - bn_pack4(0x5DC7, 0xD7B4, 0x6154, 0xD6B6), - bn_pack4(0x8E49, 0x5C1D, 0x6089, 0xDAD1), - bn_pack4(0xE0D5, 0xD8E2, 0x50B9, 0x8BE4), - bn_pack4(0x383B, 0x4813, 0xD692, 0xC6E0), - bn_pack4(0xD674, 0xDF74, 0x96EA, 0x81D3), - bn_pack4(0x9EA2, 0x314C, 0x9C25, 0x6576), - bn_pack4(0x6072, 0x6187, 0x75FF, 0x3C0B), - bn_pack4(0x9C33, 0xF80A, 0xFA8F, 0xC5E8), - bn_pack4(0xEEAF, 0x0AB9, 0xADB3, 0x8DD6) -}; - -const BIGNUM ossl_bn_group_1024 = { - (BN_ULONG *)bn_group_1024_value, - OSSL_NELEM(bn_group_1024_value), - OSSL_NELEM(bn_group_1024_value), - 0, - BN_FLG_STATIC_DATA -}; - -static const BN_ULONG bn_group_1536_value[] = { - bn_pack4(0xCF76, 0xE3FE, 0xD135, 0xF9BB), - bn_pack4(0x1518, 0x0F93, 0x499A, 0x234D), - bn_pack4(0x8CE7, 0xA28C, 0x2442, 0xC6F3), - bn_pack4(0x5A02, 0x1FFF, 0x5E91, 0x479E), - bn_pack4(0x7F8A, 0x2FE9, 0xB8B5, 0x292E), - bn_pack4(0x837C, 0x264A, 0xE3A9, 0xBEB8), - bn_pack4(0xE442, 0x734A, 0xF7CC, 0xB7AE), - bn_pack4(0x6577, 0x2E43, 0x7D6C, 0x7F8C), - bn_pack4(0xDB2F, 0xD53D, 0x24B7, 0xC486), - bn_pack4(0x6EDF, 0x0195, 0x3934, 0x9627), - bn_pack4(0x158B, 0xFD3E, 0x2B9C, 0x8CF5), - bn_pack4(0x764E, 0x3F4B, 0x53DD, 0x9DA1), - bn_pack4(0x4754, 0x8381, 0xDBC5, 0xB1FC), - bn_pack4(0x9B60, 0x9E0B, 0xE3BA, 0xB63D), - bn_pack4(0x8134, 0xB1C8, 0xB979, 0x8914), - bn_pack4(0xDF02, 0x8A7C, 0xEC67, 0xF0D0), - bn_pack4(0x80B6, 0x55BB, 0x9A22, 0xE8DC), - bn_pack4(0x1558, 0x903B, 0xA0D0, 0xF843), - bn_pack4(0x51C6, 0xA94B, 0xE460, 0x7A29), - bn_pack4(0x5F4F, 0x5F55, 0x6E27, 0xCBDE), - bn_pack4(0xBEEE, 0xA961, 0x4B19, 0xCC4D), - bn_pack4(0xDBA5, 0x1DF4, 0x99AC, 0x4C80), - bn_pack4(0xB1F1, 0x2A86, 0x17A4, 0x7BBB), - bn_pack4(0x9DEF, 0x3CAF, 0xB939, 0x277A) -}; - -const BIGNUM ossl_bn_group_1536 = { - (BN_ULONG *)bn_group_1536_value, - OSSL_NELEM(bn_group_1536_value), - OSSL_NELEM(bn_group_1536_value), - 0, - BN_FLG_STATIC_DATA -}; - -static const BN_ULONG bn_group_2048_value[] = { - bn_pack4(0x0FA7, 0x111F, 0x9E4A, 0xFF73), - bn_pack4(0x9B65, 0xE372, 0xFCD6, 0x8EF2), - bn_pack4(0x35DE, 0x236D, 0x525F, 0x5475), - bn_pack4(0x94B5, 0xC803, 0xD89F, 0x7AE4), - bn_pack4(0x71AE, 0x35F8, 0xE9DB, 0xFBB6), - bn_pack4(0x2A56, 0x98F3, 0xA8D0, 0xC382), - bn_pack4(0x9CCC, 0x041C, 0x7BC3, 0x08D8), - bn_pack4(0xAF87, 0x4E73, 0x03CE, 0x5329), - bn_pack4(0x6160, 0x2790, 0x04E5, 0x7AE6), - bn_pack4(0x032C, 0xFBDB, 0xF52F, 0xB378), - bn_pack4(0x5EA7, 0x7A27, 0x75D2, 0xECFA), - bn_pack4(0x5445, 0x23B5, 0x24B0, 0xD57D), - bn_pack4(0x5B9D, 0x32E6, 0x88F8, 0x7748), - bn_pack4(0xF1D2, 0xB907, 0x8717, 0x461A), - bn_pack4(0x76BD, 0x207A, 0x436C, 0x6481), - bn_pack4(0xCA97, 0xB43A, 0x23FB, 0x8016), - bn_pack4(0x1D28, 0x1E44, 0x6B14, 0x773B), - bn_pack4(0x7359, 0xD041, 0xD5C3, 0x3EA7), - bn_pack4(0xA80D, 0x740A, 0xDBF4, 0xFF74), - bn_pack4(0x55F9, 0x7993, 0xEC97, 0x5EEA), - bn_pack4(0x2918, 0xA996, 0x2F0B, 0x93B8), - bn_pack4(0x661A, 0x05FB, 0xD5FA, 0xAAE8), - bn_pack4(0xCF60, 0x9517, 0x9A16, 0x3AB3), - bn_pack4(0xE808, 0x3969, 0xEDB7, 0x67B0), - bn_pack4(0xCD7F, 0x48A9, 0xDA04, 0xFD50), - bn_pack4(0xD523, 0x12AB, 0x4B03, 0x310D), - bn_pack4(0x8193, 0xE075, 0x7767, 0xA13D), - bn_pack4(0xA373, 0x29CB, 0xB4A0, 0x99ED), - bn_pack4(0xFC31, 0x9294, 0x3DB5, 0x6050), - bn_pack4(0xAF72, 0xB665, 0x1987, 0xEE07), - bn_pack4(0xF166, 0xDE5E, 0x1389, 0x582F), - bn_pack4(0xAC6B, 0xDB41, 0x324A, 0x9A9B) -}; - -const BIGNUM ossl_bn_group_2048 = { - (BN_ULONG *)bn_group_2048_value, - OSSL_NELEM(bn_group_2048_value), - OSSL_NELEM(bn_group_2048_value), - 0, - BN_FLG_STATIC_DATA -}; - -static const BN_ULONG bn_group_3072_value[] = { - bn_pack4(0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF), - bn_pack4(0x4B82, 0xD120, 0xA93A, 0xD2CA), - bn_pack4(0x43DB, 0x5BFC, 0xE0FD, 0x108E), - bn_pack4(0x08E2, 0x4FA0, 0x74E5, 0xAB31), - bn_pack4(0x7709, 0x88C0, 0xBAD9, 0x46E2), - bn_pack4(0xBBE1, 0x1757, 0x7A61, 0x5D6C), - bn_pack4(0x521F, 0x2B18, 0x177B, 0x200C), - bn_pack4(0xD876, 0x0273, 0x3EC8, 0x6A64), - bn_pack4(0xF12F, 0xFA06, 0xD98A, 0x0864), - bn_pack4(0xCEE3, 0xD226, 0x1AD2, 0xEE6B), - bn_pack4(0x1E8C, 0x94E0, 0x4A25, 0x619D), - bn_pack4(0xABF5, 0xAE8C, 0xDB09, 0x33D7), - bn_pack4(0xB397, 0x0F85, 0xA6E1, 0xE4C7), - bn_pack4(0x8AEA, 0x7157, 0x5D06, 0x0C7D), - bn_pack4(0xECFB, 0x8504, 0x58DB, 0xEF0A), - bn_pack4(0xA855, 0x21AB, 0xDF1C, 0xBA64), - bn_pack4(0xAD33, 0x170D, 0x0450, 0x7A33), - bn_pack4(0x1572, 0x8E5A, 0x8AAA, 0xC42D), - bn_pack4(0x15D2, 0x2618, 0x98FA, 0x0510), - bn_pack4(0x3995, 0x497C, 0xEA95, 0x6AE5), - bn_pack4(0xDE2B, 0xCBF6, 0x9558, 0x1718), - bn_pack4(0xB5C5, 0x5DF0, 0x6F4C, 0x52C9), - bn_pack4(0x9B27, 0x83A2, 0xEC07, 0xA28F), - bn_pack4(0xE39E, 0x772C, 0x180E, 0x8603), - bn_pack4(0x3290, 0x5E46, 0x2E36, 0xCE3B), - bn_pack4(0xF174, 0x6C08, 0xCA18, 0x217C), - bn_pack4(0x670C, 0x354E, 0x4ABC, 0x9804), - bn_pack4(0x9ED5, 0x2907, 0x7096, 0x966D), - bn_pack4(0x1C62, 0xF356, 0x2085, 0x52BB), - bn_pack4(0x8365, 0x5D23, 0xDCA3, 0xAD96), - bn_pack4(0x6916, 0x3FA8, 0xFD24, 0xCF5F), - bn_pack4(0x98DA, 0x4836, 0x1C55, 0xD39A), - bn_pack4(0xC200, 0x7CB8, 0xA163, 0xBF05), - bn_pack4(0x4928, 0x6651, 0xECE4, 0x5B3D), - bn_pack4(0xAE9F, 0x2411, 0x7C4B, 0x1FE6), - bn_pack4(0xEE38, 0x6BFB, 0x5A89, 0x9FA5), - bn_pack4(0x0BFF, 0x5CB6, 0xF406, 0xB7ED), - bn_pack4(0xF44C, 0x42E9, 0xA637, 0xED6B), - bn_pack4(0xE485, 0xB576, 0x625E, 0x7EC6), - bn_pack4(0x4FE1, 0x356D, 0x6D51, 0xC245), - bn_pack4(0x302B, 0x0A6D, 0xF25F, 0x1437), - bn_pack4(0xEF95, 0x19B3, 0xCD3A, 0x431B), - bn_pack4(0x514A, 0x0879, 0x8E34, 0x04DD), - bn_pack4(0x020B, 0xBEA6, 0x3B13, 0x9B22), - bn_pack4(0x2902, 0x4E08, 0x8A67, 0xCC74), - bn_pack4(0xC4C6, 0x628B, 0x80DC, 0x1CD1), - bn_pack4(0xC90F, 0xDAA2, 0x2168, 0xC234), - bn_pack4(0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF) -}; - -const BIGNUM ossl_bn_group_3072 = { - (BN_ULONG *)bn_group_3072_value, - OSSL_NELEM(bn_group_3072_value), - OSSL_NELEM(bn_group_3072_value), - 0, - BN_FLG_STATIC_DATA -}; - -static const BN_ULONG bn_group_4096_value[] = { - bn_pack4(0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF), - bn_pack4(0x4DF4, 0x35C9, 0x3406, 0x3199), - bn_pack4(0x86FF, 0xB7DC, 0x90A6, 0xC08F), - bn_pack4(0x93B4, 0xEA98, 0x8D8F, 0xDDC1), - bn_pack4(0xD006, 0x9127, 0xD5B0, 0x5AA9), - bn_pack4(0xB81B, 0xDD76, 0x2170, 0x481C), - bn_pack4(0x1F61, 0x2970, 0xCEE2, 0xD7AF), - bn_pack4(0x233B, 0xA186, 0x515B, 0xE7ED), - bn_pack4(0x99B2, 0x964F, 0xA090, 0xC3A2), - bn_pack4(0x287C, 0x5947, 0x4E6B, 0xC05D), - bn_pack4(0x2E8E, 0xFC14, 0x1FBE, 0xCAA6), - bn_pack4(0xDBBB, 0xC2DB, 0x04DE, 0x8EF9), - bn_pack4(0x2583, 0xE9CA, 0x2AD4, 0x4CE8), - bn_pack4(0x1A94, 0x6834, 0xB615, 0x0BDA), - bn_pack4(0x99C3, 0x2718, 0x6AF4, 0xE23C), - bn_pack4(0x8871, 0x9A10, 0xBDBA, 0x5B26), - bn_pack4(0x1A72, 0x3C12, 0xA787, 0xE6D7), - bn_pack4(0x4B82, 0xD120, 0xA921, 0x0801), - bn_pack4(0x43DB, 0x5BFC, 0xE0FD, 0x108E), - bn_pack4(0x08E2, 0x4FA0, 0x74E5, 0xAB31), - bn_pack4(0x7709, 0x88C0, 0xBAD9, 0x46E2), - bn_pack4(0xBBE1, 0x1757, 0x7A61, 0x5D6C), - bn_pack4(0x521F, 0x2B18, 0x177B, 0x200C), - bn_pack4(0xD876, 0x0273, 0x3EC8, 0x6A64), - bn_pack4(0xF12F, 0xFA06, 0xD98A, 0x0864), - bn_pack4(0xCEE3, 0xD226, 0x1AD2, 0xEE6B), - bn_pack4(0x1E8C, 0x94E0, 0x4A25, 0x619D), - bn_pack4(0xABF5, 0xAE8C, 0xDB09, 0x33D7), - bn_pack4(0xB397, 0x0F85, 0xA6E1, 0xE4C7), - bn_pack4(0x8AEA, 0x7157, 0x5D06, 0x0C7D), - bn_pack4(0xECFB, 0x8504, 0x58DB, 0xEF0A), - bn_pack4(0xA855, 0x21AB, 0xDF1C, 0xBA64), - bn_pack4(0xAD33, 0x170D, 0x0450, 0x7A33), - bn_pack4(0x1572, 0x8E5A, 0x8AAA, 0xC42D), - bn_pack4(0x15D2, 0x2618, 0x98FA, 0x0510), - bn_pack4(0x3995, 0x497C, 0xEA95, 0x6AE5), - bn_pack4(0xDE2B, 0xCBF6, 0x9558, 0x1718), - bn_pack4(0xB5C5, 0x5DF0, 0x6F4C, 0x52C9), - bn_pack4(0x9B27, 0x83A2, 0xEC07, 0xA28F), - bn_pack4(0xE39E, 0x772C, 0x180E, 0x8603), - bn_pack4(0x3290, 0x5E46, 0x2E36, 0xCE3B), - bn_pack4(0xF174, 0x6C08, 0xCA18, 0x217C), - bn_pack4(0x670C, 0x354E, 0x4ABC, 0x9804), - bn_pack4(0x9ED5, 0x2907, 0x7096, 0x966D), - bn_pack4(0x1C62, 0xF356, 0x2085, 0x52BB), - bn_pack4(0x8365, 0x5D23, 0xDCA3, 0xAD96), - bn_pack4(0x6916, 0x3FA8, 0xFD24, 0xCF5F), - bn_pack4(0x98DA, 0x4836, 0x1C55, 0xD39A), - bn_pack4(0xC200, 0x7CB8, 0xA163, 0xBF05), - bn_pack4(0x4928, 0x6651, 0xECE4, 0x5B3D), - bn_pack4(0xAE9F, 0x2411, 0x7C4B, 0x1FE6), - bn_pack4(0xEE38, 0x6BFB, 0x5A89, 0x9FA5), - bn_pack4(0x0BFF, 0x5CB6, 0xF406, 0xB7ED), - bn_pack4(0xF44C, 0x42E9, 0xA637, 0xED6B), - bn_pack4(0xE485, 0xB576, 0x625E, 0x7EC6), - bn_pack4(0x4FE1, 0x356D, 0x6D51, 0xC245), - bn_pack4(0x302B, 0x0A6D, 0xF25F, 0x1437), - bn_pack4(0xEF95, 0x19B3, 0xCD3A, 0x431B), - bn_pack4(0x514A, 0x0879, 0x8E34, 0x04DD), - bn_pack4(0x020B, 0xBEA6, 0x3B13, 0x9B22), - bn_pack4(0x2902, 0x4E08, 0x8A67, 0xCC74), - bn_pack4(0xC4C6, 0x628B, 0x80DC, 0x1CD1), - bn_pack4(0xC90F, 0xDAA2, 0x2168, 0xC234), - bn_pack4(0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF) -}; - -const BIGNUM ossl_bn_group_4096 = { - (BN_ULONG *)bn_group_4096_value, - OSSL_NELEM(bn_group_4096_value), - OSSL_NELEM(bn_group_4096_value), - 0, - BN_FLG_STATIC_DATA -}; - -static const BN_ULONG bn_group_6144_value[] = { - bn_pack4(0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF), - bn_pack4(0xE694, 0xF91E, 0x6DCC, 0x4024), - bn_pack4(0x12BF, 0x2D5B, 0x0B74, 0x74D6), - bn_pack4(0x043E, 0x8F66, 0x3F48, 0x60EE), - bn_pack4(0x387F, 0xE8D7, 0x6E3C, 0x0468), - bn_pack4(0xDA56, 0xC9EC, 0x2EF2, 0x9632), - bn_pack4(0xEB19, 0xCCB1, 0xA313, 0xD55C), - bn_pack4(0xF550, 0xAA3D, 0x8A1F, 0xBFF0), - bn_pack4(0x06A1, 0xD58B, 0xB7C5, 0xDA76), - bn_pack4(0xA797, 0x15EE, 0xF29B, 0xE328), - bn_pack4(0x14CC, 0x5ED2, 0x0F80, 0x37E0), - bn_pack4(0xCC8F, 0x6D7E, 0xBF48, 0xE1D8), - bn_pack4(0x4BD4, 0x07B2, 0x2B41, 0x54AA), - bn_pack4(0x0F1D, 0x45B7, 0xFF58, 0x5AC5), - bn_pack4(0x23A9, 0x7A7E, 0x36CC, 0x88BE), - bn_pack4(0x59E7, 0xC97F, 0xBEC7, 0xE8F3), - bn_pack4(0xB5A8, 0x4031, 0x900B, 0x1C9E), - bn_pack4(0xD55E, 0x702F, 0x4698, 0x0C82), - bn_pack4(0xF482, 0xD7CE, 0x6E74, 0xFEF6), - bn_pack4(0xF032, 0xEA15, 0xD172, 0x1D03), - bn_pack4(0x5983, 0xCA01, 0xC64B, 0x92EC), - bn_pack4(0x6FB8, 0xF401, 0x378C, 0xD2BF), - bn_pack4(0x3320, 0x5151, 0x2BD7, 0xAF42), - bn_pack4(0xDB7F, 0x1447, 0xE6CC, 0x254B), - bn_pack4(0x44CE, 0x6CBA, 0xCED4, 0xBB1B), - bn_pack4(0xDA3E, 0xDBEB, 0xCF9B, 0x14ED), - bn_pack4(0x1797, 0x27B0, 0x865A, 0x8918), - bn_pack4(0xB06A, 0x53ED, 0x9027, 0xD831), - bn_pack4(0xE5DB, 0x382F, 0x4130, 0x01AE), - bn_pack4(0xF8FF, 0x9406, 0xAD9E, 0x530E), - bn_pack4(0xC975, 0x1E76, 0x3DBA, 0x37BD), - bn_pack4(0xC1D4, 0xDCB2, 0x6026, 0x46DE), - bn_pack4(0x36C3, 0xFAB4, 0xD27C, 0x7026), - bn_pack4(0x4DF4, 0x35C9, 0x3402, 0x8492), - bn_pack4(0x86FF, 0xB7DC, 0x90A6, 0xC08F), - bn_pack4(0x93B4, 0xEA98, 0x8D8F, 0xDDC1), - bn_pack4(0xD006, 0x9127, 0xD5B0, 0x5AA9), - bn_pack4(0xB81B, 0xDD76, 0x2170, 0x481C), - bn_pack4(0x1F61, 0x2970, 0xCEE2, 0xD7AF), - bn_pack4(0x233B, 0xA186, 0x515B, 0xE7ED), - bn_pack4(0x99B2, 0x964F, 0xA090, 0xC3A2), - bn_pack4(0x287C, 0x5947, 0x4E6B, 0xC05D), - bn_pack4(0x2E8E, 0xFC14, 0x1FBE, 0xCAA6), - bn_pack4(0xDBBB, 0xC2DB, 0x04DE, 0x8EF9), - bn_pack4(0x2583, 0xE9CA, 0x2AD4, 0x4CE8), - bn_pack4(0x1A94, 0x6834, 0xB615, 0x0BDA), - bn_pack4(0x99C3, 0x2718, 0x6AF4, 0xE23C), - bn_pack4(0x8871, 0x9A10, 0xBDBA, 0x5B26), - bn_pack4(0x1A72, 0x3C12, 0xA787, 0xE6D7), - bn_pack4(0x4B82, 0xD120, 0xA921, 0x0801), - bn_pack4(0x43DB, 0x5BFC, 0xE0FD, 0x108E), - bn_pack4(0x08E2, 0x4FA0, 0x74E5, 0xAB31), - bn_pack4(0x7709, 0x88C0, 0xBAD9, 0x46E2), - bn_pack4(0xBBE1, 0x1757, 0x7A61, 0x5D6C), - bn_pack4(0x521F, 0x2B18, 0x177B, 0x200C), - bn_pack4(0xD876, 0x0273, 0x3EC8, 0x6A64), - bn_pack4(0xF12F, 0xFA06, 0xD98A, 0x0864), - bn_pack4(0xCEE3, 0xD226, 0x1AD2, 0xEE6B), - bn_pack4(0x1E8C, 0x94E0, 0x4A25, 0x619D), - bn_pack4(0xABF5, 0xAE8C, 0xDB09, 0x33D7), - bn_pack4(0xB397, 0x0F85, 0xA6E1, 0xE4C7), - bn_pack4(0x8AEA, 0x7157, 0x5D06, 0x0C7D), - bn_pack4(0xECFB, 0x8504, 0x58DB, 0xEF0A), - bn_pack4(0xA855, 0x21AB, 0xDF1C, 0xBA64), - bn_pack4(0xAD33, 0x170D, 0x0450, 0x7A33), - bn_pack4(0x1572, 0x8E5A, 0x8AAA, 0xC42D), - bn_pack4(0x15D2, 0x2618, 0x98FA, 0x0510), - bn_pack4(0x3995, 0x497C, 0xEA95, 0x6AE5), - bn_pack4(0xDE2B, 0xCBF6, 0x9558, 0x1718), - bn_pack4(0xB5C5, 0x5DF0, 0x6F4C, 0x52C9), - bn_pack4(0x9B27, 0x83A2, 0xEC07, 0xA28F), - bn_pack4(0xE39E, 0x772C, 0x180E, 0x8603), - bn_pack4(0x3290, 0x5E46, 0x2E36, 0xCE3B), - bn_pack4(0xF174, 0x6C08, 0xCA18, 0x217C), - bn_pack4(0x670C, 0x354E, 0x4ABC, 0x9804), - bn_pack4(0x9ED5, 0x2907, 0x7096, 0x966D), - bn_pack4(0x1C62, 0xF356, 0x2085, 0x52BB), - bn_pack4(0x8365, 0x5D23, 0xDCA3, 0xAD96), - bn_pack4(0x6916, 0x3FA8, 0xFD24, 0xCF5F), - bn_pack4(0x98DA, 0x4836, 0x1C55, 0xD39A), - bn_pack4(0xC200, 0x7CB8, 0xA163, 0xBF05), - bn_pack4(0x4928, 0x6651, 0xECE4, 0x5B3D), - bn_pack4(0xAE9F, 0x2411, 0x7C4B, 0x1FE6), - bn_pack4(0xEE38, 0x6BFB, 0x5A89, 0x9FA5), - bn_pack4(0x0BFF, 0x5CB6, 0xF406, 0xB7ED), - bn_pack4(0xF44C, 0x42E9, 0xA637, 0xED6B), - bn_pack4(0xE485, 0xB576, 0x625E, 0x7EC6), - bn_pack4(0x4FE1, 0x356D, 0x6D51, 0xC245), - bn_pack4(0x302B, 0x0A6D, 0xF25F, 0x1437), - bn_pack4(0xEF95, 0x19B3, 0xCD3A, 0x431B), - bn_pack4(0x514A, 0x0879, 0x8E34, 0x04DD), - bn_pack4(0x020B, 0xBEA6, 0x3B13, 0x9B22), - bn_pack4(0x2902, 0x4E08, 0x8A67, 0xCC74), - bn_pack4(0xC4C6, 0x628B, 0x80DC, 0x1CD1), - bn_pack4(0xC90F, 0xDAA2, 0x2168, 0xC234), - bn_pack4(0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF) -}; - -const BIGNUM ossl_bn_group_6144 = { - (BN_ULONG *)bn_group_6144_value, - OSSL_NELEM(bn_group_6144_value), - OSSL_NELEM(bn_group_6144_value), - 0, - BN_FLG_STATIC_DATA -}; - -static const BN_ULONG bn_group_8192_value[] = { - bn_pack4(0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF), - bn_pack4(0x60C9, 0x80DD, 0x98ED, 0xD3DF), - bn_pack4(0xC81F, 0x56E8, 0x80B9, 0x6E71), - bn_pack4(0x9E30, 0x50E2, 0x7656, 0x94DF), - bn_pack4(0x9558, 0xE447, 0x5677, 0xE9AA), - bn_pack4(0xC919, 0x0DA6, 0xFC02, 0x6E47), - bn_pack4(0x889A, 0x002E, 0xD5EE, 0x382B), - bn_pack4(0x4009, 0x438B, 0x481C, 0x6CD7), - bn_pack4(0x3590, 0x46F4, 0xEB87, 0x9F92), - bn_pack4(0xFAF3, 0x6BC3, 0x1ECF, 0xA268), - bn_pack4(0xB1D5, 0x10BD, 0x7EE7, 0x4D73), - bn_pack4(0xF9AB, 0x4819, 0x5DED, 0x7EA1), - bn_pack4(0x64F3, 0x1CC5, 0x0846, 0x851D), - bn_pack4(0x4597, 0xE899, 0xA025, 0x5DC1), - bn_pack4(0xDF31, 0x0EE0, 0x74AB, 0x6A36), - bn_pack4(0x6D2A, 0x13F8, 0x3F44, 0xF82D), - bn_pack4(0x062B, 0x3CF5, 0xB3A2, 0x78A6), - bn_pack4(0x7968, 0x3303, 0xED5B, 0xDD3A), - bn_pack4(0xFA9D, 0x4B7F, 0xA2C0, 0x87E8), - bn_pack4(0x4BCB, 0xC886, 0x2F83, 0x85DD), - bn_pack4(0x3473, 0xFC64, 0x6CEA, 0x306B), - bn_pack4(0x13EB, 0x57A8, 0x1A23, 0xF0C7), - bn_pack4(0x2222, 0x2E04, 0xA403, 0x7C07), - bn_pack4(0xE3FD, 0xB8BE, 0xFC84, 0x8AD9), - bn_pack4(0x238F, 0x16CB, 0xE39D, 0x652D), - bn_pack4(0x3423, 0xB474, 0x2BF1, 0xC978), - bn_pack4(0x3AAB, 0x639C, 0x5AE4, 0xF568), - bn_pack4(0x2576, 0xF693, 0x6BA4, 0x2466), - bn_pack4(0x741F, 0xA7BF, 0x8AFC, 0x47ED), - bn_pack4(0x3BC8, 0x32B6, 0x8D9D, 0xD300), - bn_pack4(0xD8BE, 0xC4D0, 0x73B9, 0x31BA), - bn_pack4(0x3877, 0x7CB6, 0xA932, 0xDF8C), - bn_pack4(0x74A3, 0x926F, 0x12FE, 0xE5E4), - bn_pack4(0xE694, 0xF91E, 0x6DBE, 0x1159), - bn_pack4(0x12BF, 0x2D5B, 0x0B74, 0x74D6), - bn_pack4(0x043E, 0x8F66, 0x3F48, 0x60EE), - bn_pack4(0x387F, 0xE8D7, 0x6E3C, 0x0468), - bn_pack4(0xDA56, 0xC9EC, 0x2EF2, 0x9632), - bn_pack4(0xEB19, 0xCCB1, 0xA313, 0xD55C), - bn_pack4(0xF550, 0xAA3D, 0x8A1F, 0xBFF0), - bn_pack4(0x06A1, 0xD58B, 0xB7C5, 0xDA76), - bn_pack4(0xA797, 0x15EE, 0xF29B, 0xE328), - bn_pack4(0x14CC, 0x5ED2, 0x0F80, 0x37E0), - bn_pack4(0xCC8F, 0x6D7E, 0xBF48, 0xE1D8), - bn_pack4(0x4BD4, 0x07B2, 0x2B41, 0x54AA), - bn_pack4(0x0F1D, 0x45B7, 0xFF58, 0x5AC5), - bn_pack4(0x23A9, 0x7A7E, 0x36CC, 0x88BE), - bn_pack4(0x59E7, 0xC97F, 0xBEC7, 0xE8F3), - bn_pack4(0xB5A8, 0x4031, 0x900B, 0x1C9E), - bn_pack4(0xD55E, 0x702F, 0x4698, 0x0C82), - bn_pack4(0xF482, 0xD7CE, 0x6E74, 0xFEF6), - bn_pack4(0xF032, 0xEA15, 0xD172, 0x1D03), - bn_pack4(0x5983, 0xCA01, 0xC64B, 0x92EC), - bn_pack4(0x6FB8, 0xF401, 0x378C, 0xD2BF), - bn_pack4(0x3320, 0x5151, 0x2BD7, 0xAF42), - bn_pack4(0xDB7F, 0x1447, 0xE6CC, 0x254B), - bn_pack4(0x44CE, 0x6CBA, 0xCED4, 0xBB1B), - bn_pack4(0xDA3E, 0xDBEB, 0xCF9B, 0x14ED), - bn_pack4(0x1797, 0x27B0, 0x865A, 0x8918), - bn_pack4(0xB06A, 0x53ED, 0x9027, 0xD831), - bn_pack4(0xE5DB, 0x382F, 0x4130, 0x01AE), - bn_pack4(0xF8FF, 0x9406, 0xAD9E, 0x530E), - bn_pack4(0xC975, 0x1E76, 0x3DBA, 0x37BD), - bn_pack4(0xC1D4, 0xDCB2, 0x6026, 0x46DE), - bn_pack4(0x36C3, 0xFAB4, 0xD27C, 0x7026), - bn_pack4(0x4DF4, 0x35C9, 0x3402, 0x8492), - bn_pack4(0x86FF, 0xB7DC, 0x90A6, 0xC08F), - bn_pack4(0x93B4, 0xEA98, 0x8D8F, 0xDDC1), - bn_pack4(0xD006, 0x9127, 0xD5B0, 0x5AA9), - bn_pack4(0xB81B, 0xDD76, 0x2170, 0x481C), - bn_pack4(0x1F61, 0x2970, 0xCEE2, 0xD7AF), - bn_pack4(0x233B, 0xA186, 0x515B, 0xE7ED), - bn_pack4(0x99B2, 0x964F, 0xA090, 0xC3A2), - bn_pack4(0x287C, 0x5947, 0x4E6B, 0xC05D), - bn_pack4(0x2E8E, 0xFC14, 0x1FBE, 0xCAA6), - bn_pack4(0xDBBB, 0xC2DB, 0x04DE, 0x8EF9), - bn_pack4(0x2583, 0xE9CA, 0x2AD4, 0x4CE8), - bn_pack4(0x1A94, 0x6834, 0xB615, 0x0BDA), - bn_pack4(0x99C3, 0x2718, 0x6AF4, 0xE23C), - bn_pack4(0x8871, 0x9A10, 0xBDBA, 0x5B26), - bn_pack4(0x1A72, 0x3C12, 0xA787, 0xE6D7), - bn_pack4(0x4B82, 0xD120, 0xA921, 0x0801), - bn_pack4(0x43DB, 0x5BFC, 0xE0FD, 0x108E), - bn_pack4(0x08E2, 0x4FA0, 0x74E5, 0xAB31), - bn_pack4(0x7709, 0x88C0, 0xBAD9, 0x46E2), - bn_pack4(0xBBE1, 0x1757, 0x7A61, 0x5D6C), - bn_pack4(0x521F, 0x2B18, 0x177B, 0x200C), - bn_pack4(0xD876, 0x0273, 0x3EC8, 0x6A64), - bn_pack4(0xF12F, 0xFA06, 0xD98A, 0x0864), - bn_pack4(0xCEE3, 0xD226, 0x1AD2, 0xEE6B), - bn_pack4(0x1E8C, 0x94E0, 0x4A25, 0x619D), - bn_pack4(0xABF5, 0xAE8C, 0xDB09, 0x33D7), - bn_pack4(0xB397, 0x0F85, 0xA6E1, 0xE4C7), - bn_pack4(0x8AEA, 0x7157, 0x5D06, 0x0C7D), - bn_pack4(0xECFB, 0x8504, 0x58DB, 0xEF0A), - bn_pack4(0xA855, 0x21AB, 0xDF1C, 0xBA64), - bn_pack4(0xAD33, 0x170D, 0x0450, 0x7A33), - bn_pack4(0x1572, 0x8E5A, 0x8AAA, 0xC42D), - bn_pack4(0x15D2, 0x2618, 0x98FA, 0x0510), - bn_pack4(0x3995, 0x497C, 0xEA95, 0x6AE5), - bn_pack4(0xDE2B, 0xCBF6, 0x9558, 0x1718), - bn_pack4(0xB5C5, 0x5DF0, 0x6F4C, 0x52C9), - bn_pack4(0x9B27, 0x83A2, 0xEC07, 0xA28F), - bn_pack4(0xE39E, 0x772C, 0x180E, 0x8603), - bn_pack4(0x3290, 0x5E46, 0x2E36, 0xCE3B), - bn_pack4(0xF174, 0x6C08, 0xCA18, 0x217C), - bn_pack4(0x670C, 0x354E, 0x4ABC, 0x9804), - bn_pack4(0x9ED5, 0x2907, 0x7096, 0x966D), - bn_pack4(0x1C62, 0xF356, 0x2085, 0x52BB), - bn_pack4(0x8365, 0x5D23, 0xDCA3, 0xAD96), - bn_pack4(0x6916, 0x3FA8, 0xFD24, 0xCF5F), - bn_pack4(0x98DA, 0x4836, 0x1C55, 0xD39A), - bn_pack4(0xC200, 0x7CB8, 0xA163, 0xBF05), - bn_pack4(0x4928, 0x6651, 0xECE4, 0x5B3D), - bn_pack4(0xAE9F, 0x2411, 0x7C4B, 0x1FE6), - bn_pack4(0xEE38, 0x6BFB, 0x5A89, 0x9FA5), - bn_pack4(0x0BFF, 0x5CB6, 0xF406, 0xB7ED), - bn_pack4(0xF44C, 0x42E9, 0xA637, 0xED6B), - bn_pack4(0xE485, 0xB576, 0x625E, 0x7EC6), - bn_pack4(0x4FE1, 0x356D, 0x6D51, 0xC245), - bn_pack4(0x302B, 0x0A6D, 0xF25F, 0x1437), - bn_pack4(0xEF95, 0x19B3, 0xCD3A, 0x431B), - bn_pack4(0x514A, 0x0879, 0x8E34, 0x04DD), - bn_pack4(0x020B, 0xBEA6, 0x3B13, 0x9B22), - bn_pack4(0x2902, 0x4E08, 0x8A67, 0xCC74), - bn_pack4(0xC4C6, 0x628B, 0x80DC, 0x1CD1), - bn_pack4(0xC90F, 0xDAA2, 0x2168, 0xC234), - bn_pack4(0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF) -}; - -const BIGNUM ossl_bn_group_8192 = { - (BN_ULONG *)bn_group_8192_value, - OSSL_NELEM(bn_group_8192_value), - OSSL_NELEM(bn_group_8192_value), - 0, - BN_FLG_STATIC_DATA -}; - -static const BN_ULONG bn_generator_19_value[] = { 19 }; - -const BIGNUM ossl_bn_generator_19 = { - (BN_ULONG *)bn_generator_19_value, - 1, - 1, - 0, - BN_FLG_STATIC_DATA -}; -static const BN_ULONG bn_generator_5_value[] = { 5 }; - -const BIGNUM ossl_bn_generator_5 = { - (BN_ULONG *)bn_generator_5_value, - 1, - 1, - 0, - BN_FLG_STATIC_DATA -}; -static const BN_ULONG bn_generator_2_value[] = { 2 }; - -const BIGNUM ossl_bn_generator_2 = { - (BN_ULONG *)bn_generator_2_value, - 1, - 1, - 0, - BN_FLG_STATIC_DATA -}; - -#endif diff --git a/crypto/bn/bn_word.c b/crypto/bn/bn_word.c deleted file mode 100644 index 93c014793e22cdd5a5d6e09671062f5c70414e06..0000000000000000000000000000000000000000 --- a/crypto/bn/bn_word.c +++ /dev/null @@ -1,201 +0,0 @@ -/* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include "internal/cryptlib.h" -#include "bn_local.h" - -BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w) -{ -#ifndef BN_LLONG - BN_ULONG ret = 0; -#else - BN_ULLONG ret = 0; -#endif - int i; - - if (w == 0) - return (BN_ULONG)-1; - -#ifndef BN_LLONG - /* - * If |w| is too long and we don't have BN_ULLONG then we need to fall - * back to using BN_div_word - */ - if (w > ((BN_ULONG)1 << BN_BITS4)) { - BIGNUM *tmp = BN_dup(a); - if (tmp == NULL) - return (BN_ULONG)-1; - - ret = BN_div_word(tmp, w); - BN_free(tmp); - - return ret; - } -#endif - - bn_check_top(a); - w &= BN_MASK2; - for (i = a->top - 1; i >= 0; i--) { -#ifndef BN_LLONG - /* - * We can assume here that | w <= ((BN_ULONG)1 << BN_BITS4) | and so - * | ret < ((BN_ULONG)1 << BN_BITS4) | and therefore the shifts here are - * safe and will not overflow - */ - ret = ((ret << BN_BITS4) | ((a->d[i] >> BN_BITS4) & BN_MASK2l)) % w; - ret = ((ret << BN_BITS4) | (a->d[i] & BN_MASK2l)) % w; -#else - ret = (BN_ULLONG) (((ret << (BN_ULLONG) BN_BITS2) | a->d[i]) % - (BN_ULLONG) w); -#endif - } - return (BN_ULONG)ret; -} - -BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w) -{ - BN_ULONG ret = 0; - int i, j; - - bn_check_top(a); - w &= BN_MASK2; - - if (!w) - /* actually this an error (division by zero) */ - return (BN_ULONG)-1; - if (a->top == 0) - return 0; - - /* normalize input (so bn_div_words doesn't complain) */ - j = BN_BITS2 - BN_num_bits_word(w); - w <<= j; - if (!BN_lshift(a, a, j)) - return (BN_ULONG)-1; - - for (i = a->top - 1; i >= 0; i--) { - BN_ULONG l, d; - - l = a->d[i]; - d = bn_div_words(ret, l, w); - ret = (l - ((d * w) & BN_MASK2)) & BN_MASK2; - a->d[i] = d; - } - if ((a->top > 0) && (a->d[a->top - 1] == 0)) - a->top--; - ret >>= j; - if (!a->top) - a->neg = 0; /* don't allow negative zero */ - bn_check_top(a); - return ret; -} - -int BN_add_word(BIGNUM *a, BN_ULONG w) -{ - BN_ULONG l; - int i; - - bn_check_top(a); - w &= BN_MASK2; - - /* degenerate case: w is zero */ - if (!w) - return 1; - /* degenerate case: a is zero */ - if (BN_is_zero(a)) - return BN_set_word(a, w); - /* handle 'a' when negative */ - if (a->neg) { - a->neg = 0; - i = BN_sub_word(a, w); - if (!BN_is_zero(a)) - a->neg = !(a->neg); - return i; - } - for (i = 0; w != 0 && i < a->top; i++) { - a->d[i] = l = (a->d[i] + w) & BN_MASK2; - w = (w > l) ? 1 : 0; - } - if (w && i == a->top) { - if (bn_wexpand(a, a->top + 1) == NULL) - return 0; - a->top++; - a->d[i] = w; - } - bn_check_top(a); - return 1; -} - -int BN_sub_word(BIGNUM *a, BN_ULONG w) -{ - int i; - - bn_check_top(a); - w &= BN_MASK2; - - /* degenerate case: w is zero */ - if (!w) - return 1; - /* degenerate case: a is zero */ - if (BN_is_zero(a)) { - i = BN_set_word(a, w); - if (i != 0) - BN_set_negative(a, 1); - return i; - } - /* handle 'a' when negative */ - if (a->neg) { - a->neg = 0; - i = BN_add_word(a, w); - a->neg = 1; - return i; - } - - if ((a->top == 1) && (a->d[0] < w)) { - a->d[0] = w - a->d[0]; - a->neg = 1; - return 1; - } - i = 0; - for (;;) { - if (a->d[i] >= w) { - a->d[i] -= w; - break; - } else { - a->d[i] = (a->d[i] - w) & BN_MASK2; - i++; - w = 1; - } - } - if ((a->d[i] == 0) && (i == (a->top - 1))) - a->top--; - bn_check_top(a); - return 1; -} - -int BN_mul_word(BIGNUM *a, BN_ULONG w) -{ - BN_ULONG ll; - - bn_check_top(a); - w &= BN_MASK2; - if (a->top) { - if (w == 0) - BN_zero(a); - else { - ll = bn_mul_words(a->d, a->d, a->top, w); - if (ll) { - if (bn_wexpand(a, a->top + 1) == NULL) - return 0; - a->d[a->top++] = ll; - } - } - } - bn_check_top(a); - return 1; -} diff --git a/crypto/bn/bn_x931p.c b/crypto/bn/bn_x931p.c deleted file mode 100644 index 20d35cf7afbd44233de142bc1a4ce0de0c7f55b3..0000000000000000000000000000000000000000 --- a/crypto/bn/bn_x931p.c +++ /dev/null @@ -1,248 +0,0 @@ -/* - * Copyright 2011-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#define OPENSSL_SUPPRESS_DEPRECATED - -#include -#include -#include "bn_local.h" - -/* X9.31 routines for prime derivation */ - -/* - * X9.31 prime derivation. This is used to generate the primes pi (p1, p2, - * q1, q2) from a parameter Xpi by checking successive odd integers. - */ - -static int bn_x931_derive_pi(BIGNUM *pi, const BIGNUM *Xpi, BN_CTX *ctx, - BN_GENCB *cb) -{ - int i = 0, is_prime; - if (!BN_copy(pi, Xpi)) - return 0; - if (!BN_is_odd(pi) && !BN_add_word(pi, 1)) - return 0; - for (;;) { - i++; - BN_GENCB_call(cb, 0, i); - /* NB 27 MR is specified in X9.31 */ - is_prime = BN_check_prime(pi, ctx, cb); - if (is_prime < 0) - return 0; - if (is_prime) - break; - if (!BN_add_word(pi, 2)) - return 0; - } - BN_GENCB_call(cb, 2, i); - return 1; -} - -/* - * This is the main X9.31 prime derivation function. From parameters Xp1, Xp2 - * and Xp derive the prime p. If the parameters p1 or p2 are not NULL they - * will be returned too: this is needed for testing. - */ - -int BN_X931_derive_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, - const BIGNUM *Xp, const BIGNUM *Xp1, - const BIGNUM *Xp2, const BIGNUM *e, BN_CTX *ctx, - BN_GENCB *cb) -{ - int ret = 0; - - BIGNUM *t, *p1p2, *pm1; - - /* Only even e supported */ - if (!BN_is_odd(e)) - return 0; - - BN_CTX_start(ctx); - if (p1 == NULL) - p1 = BN_CTX_get(ctx); - - if (p2 == NULL) - p2 = BN_CTX_get(ctx); - - t = BN_CTX_get(ctx); - - p1p2 = BN_CTX_get(ctx); - - pm1 = BN_CTX_get(ctx); - - if (pm1 == NULL) - goto err; - - if (!bn_x931_derive_pi(p1, Xp1, ctx, cb)) - goto err; - - if (!bn_x931_derive_pi(p2, Xp2, ctx, cb)) - goto err; - - if (!BN_mul(p1p2, p1, p2, ctx)) - goto err; - - /* First set p to value of Rp */ - - if (!BN_mod_inverse(p, p2, p1, ctx)) - goto err; - - if (!BN_mul(p, p, p2, ctx)) - goto err; - - if (!BN_mod_inverse(t, p1, p2, ctx)) - goto err; - - if (!BN_mul(t, t, p1, ctx)) - goto err; - - if (!BN_sub(p, p, t)) - goto err; - - if (p->neg && !BN_add(p, p, p1p2)) - goto err; - - /* p now equals Rp */ - - if (!BN_mod_sub(p, p, Xp, p1p2, ctx)) - goto err; - - if (!BN_add(p, p, Xp)) - goto err; - - /* p now equals Yp0 */ - - for (;;) { - int i = 1; - BN_GENCB_call(cb, 0, i++); - if (!BN_copy(pm1, p)) - goto err; - if (!BN_sub_word(pm1, 1)) - goto err; - if (!BN_gcd(t, pm1, e, ctx)) - goto err; - if (BN_is_one(t)) { - /* - * X9.31 specifies 8 MR and 1 Lucas test or any prime test - * offering similar or better guarantees 50 MR is considerably - * better. - */ - int r = BN_check_prime(p, ctx, cb); - if (r < 0) - goto err; - if (r) - break; - } - if (!BN_add(p, p, p1p2)) - goto err; - } - - BN_GENCB_call(cb, 3, 0); - - ret = 1; - - err: - - BN_CTX_end(ctx); - - return ret; -} - -/* - * Generate pair of parameters Xp, Xq for X9.31 prime generation. Note: nbits - * parameter is sum of number of bits in both. - */ - -int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx) -{ - BIGNUM *t; - int i; - /* - * Number of bits for each prime is of the form 512+128s for s = 0, 1, - * ... - */ - if ((nbits < 1024) || (nbits & 0xff)) - return 0; - nbits >>= 1; - /* - * The random value Xp must be between sqrt(2) * 2^(nbits-1) and 2^nbits - * - 1. By setting the top two bits we ensure that the lower bound is - * exceeded. - */ - if (!BN_priv_rand_ex(Xp, nbits, BN_RAND_TOP_TWO, BN_RAND_BOTTOM_ANY, 0, - ctx)) - return 0; - - BN_CTX_start(ctx); - t = BN_CTX_get(ctx); - if (t == NULL) - goto err; - - for (i = 0; i < 1000; i++) { - if (!BN_priv_rand_ex(Xq, nbits, BN_RAND_TOP_TWO, BN_RAND_BOTTOM_ANY, 0, - ctx)) - goto err; - - /* Check that |Xp - Xq| > 2^(nbits - 100) */ - if (!BN_sub(t, Xp, Xq)) - goto err; - if (BN_num_bits(t) > (nbits - 100)) - break; - } - - BN_CTX_end(ctx); - - if (i < 1000) - return 1; - - return 0; - - err: - BN_CTX_end(ctx); - return 0; -} - -/* - * Generate primes using X9.31 algorithm. Of the values p, p1, p2, Xp1 and - * Xp2 only 'p' needs to be non-NULL. If any of the others are not NULL the - * relevant parameter will be stored in it. Due to the fact that |Xp - Xq| > - * 2^(nbits - 100) must be satisfied Xp and Xq are generated using the - * previous function and supplied as input. - */ - -int BN_X931_generate_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, - BIGNUM *Xp1, BIGNUM *Xp2, - const BIGNUM *Xp, - const BIGNUM *e, BN_CTX *ctx, BN_GENCB *cb) -{ - int ret = 0; - - BN_CTX_start(ctx); - if (Xp1 == NULL) - Xp1 = BN_CTX_get(ctx); - if (Xp2 == NULL) - Xp2 = BN_CTX_get(ctx); - if (Xp1 == NULL || Xp2 == NULL) - goto error; - - if (!BN_priv_rand_ex(Xp1, 101, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY, 0, ctx)) - goto error; - if (!BN_priv_rand_ex(Xp2, 101, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY, 0, ctx)) - goto error; - if (!BN_X931_derive_prime_ex(p, p1, p2, Xp, Xp1, Xp2, e, ctx, cb)) - goto error; - - ret = 1; - - error: - BN_CTX_end(ctx); - - return ret; - -} diff --git a/crypto/bn/build.info b/crypto/bn/build.info deleted file mode 100644 index ca76bf9db5afac2930df78787a64d178d1ba726e..0000000000000000000000000000000000000000 --- a/crypto/bn/build.info +++ /dev/null @@ -1,182 +0,0 @@ -LIBS=../../libcrypto - -$BNASM=bn_asm.c -IF[{- !$disabled{asm} -}] - # Define source files and macros per asm architecture - # Known macros are: - # - # OPENSSL_BN_ASM_PART_WORDS For any collection with /-586/ file names - # OPENSSL_BN_ASM_MONT For any collection with /-mont/ file names - # OPENSSL_BN_ASM_MONT5 For any collection with /-mont5/ file names - # OPENSSL_BN_ASM_GF2m For any collection with /-gf2m/ file names - # OPENSSL_IA32_SSE2 For any collection with /86/ file names - # when sse2 is enabled - # BN_DIV3W For any collection with /-div3w/ file names - # - # All variables are named in such a way that they can be "indexed" with - # $target{asm_arch} - - $BNASM_x86=bn-586.S co-586.S x86-mont.S x86-gf2m.S - # bn-586 is the only one implementing bn_*_part_words - # => OPENSSL_BN_ASM_PART_WORDS - $BNDEF_x86=OPENSSL_BN_ASM_PART_WORDS OPENSSL_BN_ASM_MONT OPENSSL_BN_ASM_GF2m - $BNDEF_x86_sse2=OPENSSL_IA32_SSE2 - - $BNASM_x86_64=\ - x86_64-mont.s x86_64-mont5.s x86_64-gf2m.s rsaz_exp.c rsaz-x86_64.s \ - rsaz-avx2.s rsaz_exp_x2.c rsaz-avx512.s - IF[{- $config{target} !~ /^VC/ -}] - $BNASM_x86_64=asm/x86_64-gcc.c $BNASM_x86_64 - ELSE - $BNASM_x86_64=bn_asm.c $BNASM_x86_64 - ENDIF - $BNDEF_x86_64=OPENSSL_BN_ASM_MONT OPENSSL_BN_ASM_MONT5 OPENSSL_BN_ASM_GF2m - $BNDEF_x86_64_sse2=OPENSSL_IA32_SSE2 - - IF[{- $config{target} !~ /^VC/ -}] - $BNASM_ia64=bn-ia64.s ia64-mont.s - ELSE - $BNASM_ia64=bn_asm.c ia64-mont.s - ENDIF - - $BNASM_sparcv9=asm/sparcv8plus.S sparcv9-mont.S sparcv9a-mont.S vis3-mont.S \ - sparct4-mont.S bn_sparc.c - $BNDEF_sparcv9=OPENSSL_BN_ASM_MONT - $BNASM_sparcv9_ec2m=sparcv9-gf2m.S - $BNDEF_sparcv9_ec2m=OPENSSL_BN_ASM_GF2m - - $BNASM_sparcv8=asm/sparcv8.S - - $BNASM_alpha=bn_asm.c alpha-mont.S - $BNDEF_alpha=OPENSSL_BN_ASM_MONT - - $BNASM_mips32=bn-mips.S mips-mont.S - $BNDEF_mips32=OPENSSL_BN_ASM_MONT - $BNASM_mips64=$BNASM_mips32 - $BNDEF_mips64=$BNDEF_mips32 - - IF[{- ($target{perlasm_scheme} // '') eq '31' -}] - $BNASM_s390x=bn_asm.c s390x-mont.S - ELSE - $BNASM_s390x=asm/s390x.S s390x-mont.S - ENDIF - $BNDEF_s390x=OPENSSL_BN_ASM_MONT - $BNASM_s390x_ec2m=s390x-gf2m.s - $BNDEF_s390x_ec2m=OPENSSL_BN_ASM_GF2m - - $BNASM_armv4=bn_asm.c armv4-mont.S - $BNDEF_armv4=OPENSSL_BN_ASM_MONT - $BNASM_armv4_ec2m=armv4-gf2m.S - $BNDEF_armv4_ec2m=OPENSSL_BN_ASM_GF2m - - $BNASM_aarch64=bn_asm.c armv8-mont.S - $BNDEF_aarch64=OPENSSL_BN_ASM_MONT - - $BNASM_parisc11=bn_asm.c parisc-mont.s - $BNDEF_parisc11=OPENSSL_BN_ASM_MONT - $BNASM_parisc20_64=$BNASM_parisc11 - $BNDEF_parisc20_64=$BNDEF_parisc11 - - $BNASM_ppc32=bn_ppc.c bn-ppc.s ppc-mont.s - $BNDEF_ppc32=OPENSSL_BN_ASM_MONT - $BNASM_ppc64=$BNASM_ppc32 - $BNDEF_ppc64=$BNDEF_ppc32 - - $BNASM_c64xplus=asm/bn-c64xplus.asm - $BNASM_c64xplus_ec2m=c64xplus-gf2m.s - $BNDEF_c64xplus_ec2m=OPENSSL_BN_ASM_GF2m - - # Now that we have defined all the arch specific variables, use the - # appropriate ones, and define the appropriate macros - IF[$BNASM_{- $target{asm_arch} -}] - $BNASM=$BNASM_{- $target{asm_arch} -} - $BNDEF=$BNDEF_{- $target{asm_arch} -} - IF[{- !$disabled{ec2m} -}] - $BNASM=$BNASM $BNASM_{- $target{asm_arch} -}_ec2m - $BNDEF=$BNDEF $BNDEF_{- $target{asm_arch} -}_ec2m - ENDIF - IF[{- !$disabled{sse2} -}] - $BNDEF=$BNDEF $BNDEF_{- $target{asm_arch} -}_sse2 - ENDIF - ENDIF -ENDIF - -$COMMON=bn_add.c bn_div.c bn_exp.c bn_lib.c bn_ctx.c bn_mul.c \ - bn_mod.c bn_conv.c bn_rand.c bn_shift.c bn_word.c bn_blind.c \ - bn_kron.c bn_sqrt.c bn_gcd.c bn_prime.c bn_sqr.c \ - bn_recp.c bn_mont.c bn_mpi.c bn_exp2.c bn_gf2m.c bn_nist.c \ - bn_intern.c bn_dh.c bn_rsa_fips186_4.c bn_const.c rsa_sup_mul.c -SOURCE[../../libcrypto]=$COMMON $BNASM bn_print.c bn_err.c bn_srp.c -DEFINE[../../libcrypto]=$BNDEF -IF[{- !$disabled{'deprecated-0.9.8'} -}] - SOURCE[../../libcrypto]=bn_depr.c -ENDIF -IF[{- !$disabled{'deprecated-3.0'} -}] - SOURCE[../../libcrypto]=bn_x931p.c -ENDIF -SOURCE[../../providers/libfips.a]=$COMMON $BNASM -DEFINE[../../providers/libfips.a]=$BNDEF -# Because some CPUID implementations use some BN assembler (!!!), we -# must include assembler code into the legacy provider under the same -# conditions as CPUID code is included. See ../build.info -SOURCE[../../providers/liblegacy.a]=$BNASM -DEFINE[../../providers/liblegacy.a]=$BNDEF -# Implementations are now spread across several libraries, so the defines -# need to be applied to all affected libraries and modules. -DEFINE[../../providers/libcommon.a]=$BNDEF - -INCLUDE[bn_exp.o]=.. - -GENERATE[bn-586.S]=asm/bn-586.pl -DEPEND[bn-586.S]=../perlasm/x86asm.pl -GENERATE[co-586.S]=asm/co-586.pl -DEPEND[co-586.S]=../perlasm/x86asm.pl -GENERATE[x86-mont.S]=asm/x86-mont.pl -DEPEND[x86-mont.S]=../perlasm/x86asm.pl -GENERATE[x86-gf2m.S]=asm/x86-gf2m.pl -DEPEND[x86-gf2m.S]=../perlasm/x86asm.pl - -GENERATE[sparcv9a-mont.S]=asm/sparcv9a-mont.pl -INCLUDE[sparcv9a-mont.o]=.. -GENERATE[sparcv9-mont.S]=asm/sparcv9-mont.pl -INCLUDE[sparcv9-mont.o]=.. -GENERATE[vis3-mont.S]=asm/vis3-mont.pl -INCLUDE[vis3-mont.o]=.. -GENERATE[sparct4-mont.S]=asm/sparct4-mont.pl -INCLUDE[sparct4-mont.o]=.. -GENERATE[sparcv9-gf2m.S]=asm/sparcv9-gf2m.pl -INCLUDE[sparcv9-gf2m.o]=.. - -GENERATE[bn-mips.S]=asm/mips.pl -INCLUDE[bn-mips.o]=.. -GENERATE[mips-mont.S]=asm/mips-mont.pl -INCLUDE[mips-mont.o]=.. - -GENERATE[s390x-mont.S]=asm/s390x-mont.pl -GENERATE[s390x-gf2m.s]=asm/s390x-gf2m.pl - -GENERATE[x86_64-mont.s]=asm/x86_64-mont.pl -GENERATE[x86_64-mont5.s]=asm/x86_64-mont5.pl -GENERATE[x86_64-gf2m.s]=asm/x86_64-gf2m.pl -GENERATE[rsaz-x86_64.s]=asm/rsaz-x86_64.pl -GENERATE[rsaz-avx2.s]=asm/rsaz-avx2.pl -GENERATE[rsaz-avx512.s]=asm/rsaz-avx512.pl - -GENERATE[bn-ia64.s]=asm/ia64.S -GENERATE[ia64-mont.s]=asm/ia64-mont.pl - -GENERATE[parisc-mont.s]=asm/parisc-mont.pl - -# ppc - AIX, Linux, MacOS X... -GENERATE[bn-ppc.s]=asm/ppc.pl -GENERATE[ppc-mont.s]=asm/ppc-mont.pl -GENERATE[ppc64-mont.s]=asm/ppc64-mont.pl - -GENERATE[alpha-mont.S]=asm/alpha-mont.pl - -GENERATE[armv4-mont.S]=asm/armv4-mont.pl -INCLUDE[armv4-mont.o]=.. -GENERATE[armv4-gf2m.S]=asm/armv4-gf2m.pl -INCLUDE[armv4-gf2m.o]=.. -GENERATE[armv8-mont.S]=asm/armv8-mont.pl -INCLUDE[armv8-mont.o]=.. diff --git a/crypto/bn/rsa_sup_mul.c b/crypto/bn/rsa_sup_mul.c deleted file mode 100644 index 0e0d02e1946e16d2a80d81edddaa0a0568153338..0000000000000000000000000000000000000000 --- a/crypto/bn/rsa_sup_mul.c +++ /dev/null @@ -1,604 +0,0 @@ -#include -#include -#include -#include -#include -#include -#include -#include "internal/endian.h" -#include "internal/numbers.h" -#include "internal/constant_time.h" -#include "bn_local.h" - -# if BN_BYTES == 8 -typedef uint64_t limb_t; -# if defined(__SIZEOF_INT128__) && __SIZEOF_INT128__ == 16 -typedef uint128_t limb2_t; -# define HAVE_LIMB2_T -# endif -# define LIMB_BIT_SIZE 64 -# define LIMB_BYTE_SIZE 8 -# elif BN_BYTES == 4 -typedef uint32_t limb_t; -typedef uint64_t limb2_t; -# define LIMB_BIT_SIZE 32 -# define LIMB_BYTE_SIZE 4 -# define HAVE_LIMB2_T -# else -# error "Not supported" -# endif - -/* - * For multiplication we're using schoolbook multiplication, - * so if we have two numbers, each with 6 "digits" (words) - * the multiplication is calculated as follows: - * A B C D E F - * x I J K L M N - * -------------- - * N*F - * N*E - * N*D - * N*C - * N*B - * N*A - * M*F - * M*E - * M*D - * M*C - * M*B - * M*A - * L*F - * L*E - * L*D - * L*C - * L*B - * L*A - * K*F - * K*E - * K*D - * K*C - * K*B - * K*A - * J*F - * J*E - * J*D - * J*C - * J*B - * J*A - * I*F - * I*E - * I*D - * I*C - * I*B - * + I*A - * ========================== - * N*B N*D N*F - * + N*A N*C N*E - * + M*B M*D M*F - * + M*A M*C M*E - * + L*B L*D L*F - * + L*A L*C L*E - * + K*B K*D K*F - * + K*A K*C K*E - * + J*B J*D J*F - * + J*A J*C J*E - * + I*B I*D I*F - * + I*A I*C I*E - * - * 1+1 1+3 1+5 - * 1+0 1+2 1+4 - * 0+1 0+3 0+5 - * 0+0 0+2 0+4 - * - * 0 1 2 3 4 5 6 - * which requires n^2 multiplications and 2n full length additions - * as we can keep every other result of limb multiplication in two separate - * limbs - */ - -#if defined HAVE_LIMB2_T -static ossl_inline void _mul_limb(limb_t *hi, limb_t *lo, limb_t a, limb_t b) -{ - limb2_t t; - /* - * this is idiomatic code to tell compiler to use the native mul - * those three lines will actually compile to single instruction - */ - - t = (limb2_t)a * b; - *hi = t >> LIMB_BIT_SIZE; - *lo = (limb_t)t; -} -#elif (BN_BYTES == 8) && (defined _MSC_VER) -/* https://learn.microsoft.com/en-us/cpp/intrinsics/umul128?view=msvc-170 */ -#pragma intrinsic(_umul128) -static ossl_inline void _mul_limb(limb_t *hi, limb_t *lo, limb_t a, limb_t b) -{ - *lo = _umul128(a, b, hi); -} -#else -/* - * if the compiler doesn't have either a 128bit data type nor a "return - * high 64 bits of multiplication" - */ -static ossl_inline void _mul_limb(limb_t *hi, limb_t *lo, limb_t a, limb_t b) -{ - limb_t a_low = (limb_t)(uint32_t)a; - limb_t a_hi = a >> 32; - limb_t b_low = (limb_t)(uint32_t)b; - limb_t b_hi = b >> 32; - - limb_t p0 = a_low * b_low; - limb_t p1 = a_low * b_hi; - limb_t p2 = a_hi * b_low; - limb_t p3 = a_hi * b_hi; - - uint32_t cy = (uint32_t)(((p0 >> 32) + (uint32_t)p1 + (uint32_t)p2) >> 32); - - *lo = p0 + (p1 << 32) + (p2 << 32); - *hi = p3 + (p1 >> 32) + (p2 >> 32) + cy; -} -#endif - -/* add two limbs with carry in, return carry out */ -static ossl_inline limb_t _add_limb(limb_t *ret, limb_t a, limb_t b, limb_t carry) -{ - limb_t carry1, carry2, t; - /* - * `c = a + b; if (c < a)` is idiomatic code that makes compilers - * use add with carry on assembly level - */ - - *ret = a + carry; - if (*ret < a) - carry1 = 1; - else - carry1 = 0; - - t = *ret; - *ret = t + b; - if (*ret < t) - carry2 = 1; - else - carry2 = 0; - - return carry1 + carry2; -} - -/* - * add two numbers of the same size, return overflow - * - * add a to b, place result in ret; all arrays need to be n limbs long - * return overflow from addition (0 or 1) - */ -static ossl_inline limb_t add(limb_t *ret, limb_t *a, limb_t *b, size_t n) -{ - limb_t c = 0; - ossl_ssize_t i; - - for(i = n - 1; i > -1; i--) - c = _add_limb(&ret[i], a[i], b[i], c); - - return c; -} - -/* - * return number of limbs necessary for temporary values - * when multiplying numbers n limbs large - */ -static ossl_inline size_t mul_limb_numb(size_t n) -{ - return 2 * n * 2; -} - -/* - * multiply two numbers of the same size - * - * multiply a by b, place result in ret; a and b need to be n limbs long - * ret needs to be 2*n limbs long, tmp needs to be mul_limb_numb(n) limbs - * long - */ -static void limb_mul(limb_t *ret, limb_t *a, limb_t *b, size_t n, limb_t *tmp) -{ - limb_t *r_odd, *r_even; - size_t i, j, k; - - r_odd = tmp; - r_even = &tmp[2 * n]; - - memset(ret, 0, 2 * n * sizeof(limb_t)); - - for (i = 0; i < n; i++) { - for (k = 0; k < i + n + 1; k++) { - r_even[k] = 0; - r_odd[k] = 0; - } - for (j = 0; j < n; j++) { - /* - * place results from even and odd limbs in separate arrays so that - * we don't have to calculate overflow every time we get individual - * limb multiplication result - */ - if (j % 2 == 0) - _mul_limb(&r_even[i + j], &r_even[i + j + 1], a[i], b[j]); - else - _mul_limb(&r_odd[i + j], &r_odd[i + j + 1], a[i], b[j]); - } - /* - * skip the least significant limbs when adding multiples of - * more significant limbs (they're zero anyway) - */ - add(ret, ret, r_even, n + i + 1); - add(ret, ret, r_odd, n + i + 1); - } -} - -/* modifies the value in place by performing a right shift by one bit */ -static ossl_inline void rshift1(limb_t *val, size_t n) -{ - limb_t shift_in = 0, shift_out = 0; - size_t i; - - for (i = 0; i < n; i++) { - shift_out = val[i] & 1; - val[i] = shift_in << (LIMB_BIT_SIZE - 1) | (val[i] >> 1); - shift_in = shift_out; - } -} - -/* extend the LSB of flag to all bits of limb */ -static ossl_inline limb_t mk_mask(limb_t flag) -{ - flag |= flag << 1; - flag |= flag << 2; - flag |= flag << 4; - flag |= flag << 8; - flag |= flag << 16; -#if (LIMB_BYTE_SIZE == 8) - flag |= flag << 32; -#endif - return flag; -} - -/* - * copy from either a or b to ret based on flag - * when flag == 0, then copies from b - * when flag == 1, then copies from a - */ -static ossl_inline void cselect(limb_t flag, limb_t *ret, limb_t *a, limb_t *b, size_t n) -{ - /* - * would be more efficient with non volatile mask, but then gcc - * generates code with jumps - */ - volatile limb_t mask; - size_t i; - - mask = mk_mask(flag); - for (i = 0; i < n; i++) { -#if (LIMB_BYTE_SIZE == 8) - ret[i] = constant_time_select_64(mask, a[i], b[i]); -#else - ret[i] = constant_time_select_32(mask, a[i], b[i]); -#endif - } -} - -static limb_t _sub_limb(limb_t *ret, limb_t a, limb_t b, limb_t borrow) -{ - limb_t borrow1, borrow2, t; - /* - * while it doesn't look constant-time, this is idiomatic code - * to tell compilers to use the carry bit from subtraction - */ - - *ret = a - borrow; - if (*ret > a) - borrow1 = 1; - else - borrow1 = 0; - - t = *ret; - *ret = t - b; - if (*ret > t) - borrow2 = 1; - else - borrow2 = 0; - - return borrow1 + borrow2; -} - -/* - * place the result of a - b into ret, return the borrow bit. - * All arrays need to be n limbs long - */ -static limb_t sub(limb_t *ret, limb_t *a, limb_t *b, size_t n) -{ - limb_t borrow = 0; - ossl_ssize_t i; - - for (i = n - 1; i > -1; i--) - borrow = _sub_limb(&ret[i], a[i], b[i], borrow); - - return borrow; -} - -/* return the number of limbs necessary to allocate for the mod() tmp operand */ -static ossl_inline size_t mod_limb_numb(size_t anum, size_t modnum) -{ - return (anum + modnum) * 3; -} - -/* - * calculate a % mod, place the result in ret - * size of a is defined by anum, size of ret and mod is modnum, - * size of tmp is returned by mod_limb_numb() - */ -static void mod(limb_t *ret, limb_t *a, size_t anum, limb_t *mod, - size_t modnum, limb_t *tmp) -{ - limb_t *atmp, *modtmp, *rettmp; - limb_t res; - size_t i; - - memset(tmp, 0, mod_limb_numb(anum, modnum) * LIMB_BYTE_SIZE); - - atmp = tmp; - modtmp = &tmp[anum + modnum]; - rettmp = &tmp[(anum + modnum) * 2]; - - for (i = modnum; i 0; i--, rp--) { - v = _mul_add_limb(rp, mod, modnum, rp[modnum-1] * ni0, tmp2); - v = v + carry + rp[-1]; - carry |= (v != rp[-1]); - carry &= (v <= rp[-1]); - rp[-1] = v; - } - - /* perform the final reduction by mod... */ - carry -= sub(ret, rp, mod, modnum); - - /* ...conditionally */ - cselect(carry, ret, rp, ret, modnum); -} - -/* allocated buffer should be freed afterwards */ -static void BN_to_limb(const BIGNUM *bn, limb_t *buf, size_t limbs) -{ - int i; - int real_limbs = (BN_num_bytes(bn) + LIMB_BYTE_SIZE - 1) / LIMB_BYTE_SIZE; - limb_t *ptr = buf + (limbs - real_limbs); - - for (i = 0; i < real_limbs; i++) - ptr[i] = bn->d[real_limbs - i - 1]; -} - -#if LIMB_BYTE_SIZE == 8 -static ossl_inline uint64_t be64(uint64_t host) -{ - uint64_t big = 0; - DECLARE_IS_ENDIAN; - - if (!IS_LITTLE_ENDIAN) - return host; - - big |= (host & 0xff00000000000000) >> 56; - big |= (host & 0x00ff000000000000) >> 40; - big |= (host & 0x0000ff0000000000) >> 24; - big |= (host & 0x000000ff00000000) >> 8; - big |= (host & 0x00000000ff000000) << 8; - big |= (host & 0x0000000000ff0000) << 24; - big |= (host & 0x000000000000ff00) << 40; - big |= (host & 0x00000000000000ff) << 56; - return big; -} - -#else -/* Not all platforms have htobe32(). */ -static ossl_inline uint32_t be32(uint32_t host) -{ - uint32_t big = 0; - DECLARE_IS_ENDIAN; - - if (!IS_LITTLE_ENDIAN) - return host; - - big |= (host & 0xff000000) >> 24; - big |= (host & 0x00ff0000) >> 8; - big |= (host & 0x0000ff00) << 8; - big |= (host & 0x000000ff) << 24; - return big; -} -#endif - -/* - * We assume that intermediate, possible_arg2, blinding, and ctx are used - * similar to BN_BLINDING_invert_ex() arguments. - * to_mod is RSA modulus. - * buf and num is the serialization buffer and its length. - * - * Here we use classic/Montgomery multiplication and modulo. After the calculation finished - * we serialize the new structure instead of BIGNUMs taking endianness into account. - */ -int ossl_bn_rsa_do_unblind(const BIGNUM *intermediate, - const BN_BLINDING *blinding, - const BIGNUM *possible_arg2, - const BIGNUM *to_mod, BN_CTX *ctx, - unsigned char *buf, int num) -{ - limb_t *l_im = NULL, *l_mul = NULL, *l_mod = NULL; - limb_t *l_ret = NULL, *l_tmp = NULL, l_buf; - size_t l_im_count = 0, l_mul_count = 0, l_size = 0, l_mod_count = 0; - size_t l_tmp_count = 0; - int ret = 0; - size_t i; - unsigned char *tmp; - const BIGNUM *arg1 = intermediate; - const BIGNUM *arg2 = (possible_arg2 == NULL) ? blinding->Ai : possible_arg2; - - l_im_count = (BN_num_bytes(arg1) + LIMB_BYTE_SIZE - 1) / LIMB_BYTE_SIZE; - l_mul_count = (BN_num_bytes(arg2) + LIMB_BYTE_SIZE - 1) / LIMB_BYTE_SIZE; - l_mod_count = (BN_num_bytes(to_mod) + LIMB_BYTE_SIZE - 1) / LIMB_BYTE_SIZE; - - l_size = l_im_count > l_mul_count ? l_im_count : l_mul_count; - l_im = OPENSSL_zalloc(l_size * LIMB_BYTE_SIZE); - l_mul = OPENSSL_zalloc(l_size * LIMB_BYTE_SIZE); - l_mod = OPENSSL_zalloc(l_mod_count * LIMB_BYTE_SIZE); - - if ((l_im == NULL) || (l_mul == NULL) || (l_mod == NULL)) - goto err; - - BN_to_limb(arg1, l_im, l_size); - BN_to_limb(arg2, l_mul, l_size); - BN_to_limb(to_mod, l_mod, l_mod_count); - - l_ret = OPENSSL_malloc(2 * l_size * LIMB_BYTE_SIZE); - - if (blinding->m_ctx != NULL) { - l_tmp_count = mul_limb_numb(l_size) > mod_montgomery_limb_numb(l_mod_count) ? - mul_limb_numb(l_size) : mod_montgomery_limb_numb(l_mod_count); - l_tmp = OPENSSL_malloc(l_tmp_count * LIMB_BYTE_SIZE); - } else { - l_tmp_count = mul_limb_numb(l_size) > mod_limb_numb(2 * l_size, l_mod_count) ? - mul_limb_numb(l_size) : mod_limb_numb(2 * l_size, l_mod_count); - l_tmp = OPENSSL_malloc(l_tmp_count * LIMB_BYTE_SIZE); - } - - if ((l_ret == NULL) || (l_tmp == NULL)) - goto err; - - if (blinding->m_ctx != NULL) { - limb_mul(l_ret, l_im, l_mul, l_size, l_tmp); - mod_montgomery(l_ret, l_ret, 2 * l_size, l_mod, l_mod_count, - blinding->m_ctx->n0[0], l_tmp); - } else { - limb_mul(l_ret, l_im, l_mul, l_size, l_tmp); - mod(l_ret, l_ret, 2 * l_size, l_mod, l_mod_count, l_tmp); - } - - /* modulus size in bytes can be equal to num but after limbs conversion it becomes bigger */ - if (num < BN_num_bytes(to_mod)) { - ERR_raise(ERR_LIB_BN, ERR_R_PASSED_INVALID_ARGUMENT); - goto err; - } - - memset(buf, 0, num); - tmp = buf + num - BN_num_bytes(to_mod); - for (i = 0; i < l_mod_count; i++) { -#if LIMB_BYTE_SIZE == 8 - l_buf = be64(l_ret[i]); -#else - l_buf = be32(l_ret[i]); -#endif - if (i == 0) { - int delta = LIMB_BYTE_SIZE - ((l_mod_count * LIMB_BYTE_SIZE) - num); - - memcpy(tmp, ((char *)&l_buf) + LIMB_BYTE_SIZE - delta, delta); - tmp += delta; - } else { - memcpy(tmp, &l_buf, LIMB_BYTE_SIZE); - tmp += LIMB_BYTE_SIZE; - } - } - ret = num; - - err: - OPENSSL_free(l_im); - OPENSSL_free(l_mul); - OPENSSL_free(l_mod); - OPENSSL_free(l_tmp); - OPENSSL_free(l_ret); - - return ret; -} diff --git a/crypto/bn/rsaz_exp.c b/crypto/bn/rsaz_exp.c deleted file mode 100644 index 2a1ff09eefc999501add71d8bd8c293ef562f3b3..0000000000000000000000000000000000000000 --- a/crypto/bn/rsaz_exp.c +++ /dev/null @@ -1,323 +0,0 @@ -/* - * Copyright 2013-2022 The OpenSSL Project Authors. All Rights Reserved. - * Copyright (c) 2012, Intel Corporation. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - * - * Originally written by Shay Gueron (1, 2), and Vlad Krasnov (1) - * (1) Intel Corporation, Israel Development Center, Haifa, Israel - * (2) University of Haifa, Israel - */ - -#include -#include "rsaz_exp.h" - -#ifndef RSAZ_ENABLED -NON_EMPTY_TRANSLATION_UNIT -#else - -/* - * See crypto/bn/asm/rsaz-avx2.pl for further details. - */ -void rsaz_1024_norm2red_avx2(void *red, const void *norm); -void rsaz_1024_mul_avx2(void *ret, const void *a, const void *b, - const void *n, BN_ULONG k); -void rsaz_1024_sqr_avx2(void *ret, const void *a, const void *n, BN_ULONG k, - int cnt); -void rsaz_1024_scatter5_avx2(void *tbl, const void *val, int i); -void rsaz_1024_gather5_avx2(void *val, const void *tbl, int i); -void rsaz_1024_red2norm_avx2(void *norm, const void *red); - -#if defined(__GNUC__) -# define ALIGN64 __attribute__((aligned(64))) -#elif defined(_MSC_VER) -# define ALIGN64 __declspec(align(64)) -#elif defined(__SUNPRO_C) -# define ALIGN64 -# pragma align 64(one,two80) -#else -/* not fatal, might hurt performance a little */ -# define ALIGN64 -#endif - -ALIGN64 static const BN_ULONG one[40] = { - 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 -}; - -ALIGN64 static const BN_ULONG two80[40] = { - 0, 0, 1 << 22, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 -}; - -void RSAZ_1024_mod_exp_avx2(BN_ULONG result_norm[16], - const BN_ULONG base_norm[16], - const BN_ULONG exponent[16], - const BN_ULONG m_norm[16], const BN_ULONG RR[16], - BN_ULONG k0) -{ - unsigned char storage[320 * 3 + 32 * 9 * 16 + 64]; /* 5.5KB */ - unsigned char *p_str = storage + (64 - ((size_t)storage % 64)); - unsigned char *a_inv, *m, *result; - unsigned char *table_s = p_str + 320 * 3; - unsigned char *R2 = table_s; /* borrow */ - int index; - int wvalue; - BN_ULONG tmp[16]; - - if ((((size_t)p_str & 4095) + 320) >> 12) { - result = p_str; - a_inv = p_str + 320; - m = p_str + 320 * 2; /* should not cross page */ - } else { - m = p_str; /* should not cross page */ - result = p_str + 320; - a_inv = p_str + 320 * 2; - } - - rsaz_1024_norm2red_avx2(m, m_norm); - rsaz_1024_norm2red_avx2(a_inv, base_norm); - rsaz_1024_norm2red_avx2(R2, RR); - - rsaz_1024_mul_avx2(R2, R2, R2, m, k0); - rsaz_1024_mul_avx2(R2, R2, two80, m, k0); - - /* table[0] = 1 */ - rsaz_1024_mul_avx2(result, R2, one, m, k0); - /* table[1] = a_inv^1 */ - rsaz_1024_mul_avx2(a_inv, a_inv, R2, m, k0); - - rsaz_1024_scatter5_avx2(table_s, result, 0); - rsaz_1024_scatter5_avx2(table_s, a_inv, 1); - - /* table[2] = a_inv^2 */ - rsaz_1024_sqr_avx2(result, a_inv, m, k0, 1); - rsaz_1024_scatter5_avx2(table_s, result, 2); -#if 0 - /* this is almost 2x smaller and less than 1% slower */ - for (index = 3; index < 32; index++) { - rsaz_1024_mul_avx2(result, result, a_inv, m, k0); - rsaz_1024_scatter5_avx2(table_s, result, index); - } -#else - /* table[4] = a_inv^4 */ - rsaz_1024_sqr_avx2(result, result, m, k0, 1); - rsaz_1024_scatter5_avx2(table_s, result, 4); - /* table[8] = a_inv^8 */ - rsaz_1024_sqr_avx2(result, result, m, k0, 1); - rsaz_1024_scatter5_avx2(table_s, result, 8); - /* table[16] = a_inv^16 */ - rsaz_1024_sqr_avx2(result, result, m, k0, 1); - rsaz_1024_scatter5_avx2(table_s, result, 16); - /* table[17] = a_inv^17 */ - rsaz_1024_mul_avx2(result, result, a_inv, m, k0); - rsaz_1024_scatter5_avx2(table_s, result, 17); - - /* table[3] */ - rsaz_1024_gather5_avx2(result, table_s, 2); - rsaz_1024_mul_avx2(result, result, a_inv, m, k0); - rsaz_1024_scatter5_avx2(table_s, result, 3); - /* table[6] */ - rsaz_1024_sqr_avx2(result, result, m, k0, 1); - rsaz_1024_scatter5_avx2(table_s, result, 6); - /* table[12] */ - rsaz_1024_sqr_avx2(result, result, m, k0, 1); - rsaz_1024_scatter5_avx2(table_s, result, 12); - /* table[24] */ - rsaz_1024_sqr_avx2(result, result, m, k0, 1); - rsaz_1024_scatter5_avx2(table_s, result, 24); - /* table[25] */ - rsaz_1024_mul_avx2(result, result, a_inv, m, k0); - rsaz_1024_scatter5_avx2(table_s, result, 25); - - /* table[5] */ - rsaz_1024_gather5_avx2(result, table_s, 4); - rsaz_1024_mul_avx2(result, result, a_inv, m, k0); - rsaz_1024_scatter5_avx2(table_s, result, 5); - /* table[10] */ - rsaz_1024_sqr_avx2(result, result, m, k0, 1); - rsaz_1024_scatter5_avx2(table_s, result, 10); - /* table[20] */ - rsaz_1024_sqr_avx2(result, result, m, k0, 1); - rsaz_1024_scatter5_avx2(table_s, result, 20); - /* table[21] */ - rsaz_1024_mul_avx2(result, result, a_inv, m, k0); - rsaz_1024_scatter5_avx2(table_s, result, 21); - - /* table[7] */ - rsaz_1024_gather5_avx2(result, table_s, 6); - rsaz_1024_mul_avx2(result, result, a_inv, m, k0); - rsaz_1024_scatter5_avx2(table_s, result, 7); - /* table[14] */ - rsaz_1024_sqr_avx2(result, result, m, k0, 1); - rsaz_1024_scatter5_avx2(table_s, result, 14); - /* table[28] */ - rsaz_1024_sqr_avx2(result, result, m, k0, 1); - rsaz_1024_scatter5_avx2(table_s, result, 28); - /* table[29] */ - rsaz_1024_mul_avx2(result, result, a_inv, m, k0); - rsaz_1024_scatter5_avx2(table_s, result, 29); - - /* table[9] */ - rsaz_1024_gather5_avx2(result, table_s, 8); - rsaz_1024_mul_avx2(result, result, a_inv, m, k0); - rsaz_1024_scatter5_avx2(table_s, result, 9); - /* table[18] */ - rsaz_1024_sqr_avx2(result, result, m, k0, 1); - rsaz_1024_scatter5_avx2(table_s, result, 18); - /* table[19] */ - rsaz_1024_mul_avx2(result, result, a_inv, m, k0); - rsaz_1024_scatter5_avx2(table_s, result, 19); - - /* table[11] */ - rsaz_1024_gather5_avx2(result, table_s, 10); - rsaz_1024_mul_avx2(result, result, a_inv, m, k0); - rsaz_1024_scatter5_avx2(table_s, result, 11); - /* table[22] */ - rsaz_1024_sqr_avx2(result, result, m, k0, 1); - rsaz_1024_scatter5_avx2(table_s, result, 22); - /* table[23] */ - rsaz_1024_mul_avx2(result, result, a_inv, m, k0); - rsaz_1024_scatter5_avx2(table_s, result, 23); - - /* table[13] */ - rsaz_1024_gather5_avx2(result, table_s, 12); - rsaz_1024_mul_avx2(result, result, a_inv, m, k0); - rsaz_1024_scatter5_avx2(table_s, result, 13); - /* table[26] */ - rsaz_1024_sqr_avx2(result, result, m, k0, 1); - rsaz_1024_scatter5_avx2(table_s, result, 26); - /* table[27] */ - rsaz_1024_mul_avx2(result, result, a_inv, m, k0); - rsaz_1024_scatter5_avx2(table_s, result, 27); - - /* table[15] */ - rsaz_1024_gather5_avx2(result, table_s, 14); - rsaz_1024_mul_avx2(result, result, a_inv, m, k0); - rsaz_1024_scatter5_avx2(table_s, result, 15); - /* table[30] */ - rsaz_1024_sqr_avx2(result, result, m, k0, 1); - rsaz_1024_scatter5_avx2(table_s, result, 30); - /* table[31] */ - rsaz_1024_mul_avx2(result, result, a_inv, m, k0); - rsaz_1024_scatter5_avx2(table_s, result, 31); -#endif - - /* load first window */ - p_str = (unsigned char *)exponent; - wvalue = p_str[127] >> 3; - rsaz_1024_gather5_avx2(result, table_s, wvalue); - - index = 1014; - - while (index > -1) { /* loop for the remaining 127 windows */ - - rsaz_1024_sqr_avx2(result, result, m, k0, 5); - - wvalue = (p_str[(index / 8) + 1] << 8) | p_str[index / 8]; - wvalue = (wvalue >> (index % 8)) & 31; - index -= 5; - - rsaz_1024_gather5_avx2(a_inv, table_s, wvalue); /* borrow a_inv */ - rsaz_1024_mul_avx2(result, result, a_inv, m, k0); - } - - /* square four times */ - rsaz_1024_sqr_avx2(result, result, m, k0, 4); - - wvalue = p_str[0] & 15; - - rsaz_1024_gather5_avx2(a_inv, table_s, wvalue); /* borrow a_inv */ - rsaz_1024_mul_avx2(result, result, a_inv, m, k0); - - /* from Montgomery */ - rsaz_1024_mul_avx2(result, result, one, m, k0); - - rsaz_1024_red2norm_avx2(result_norm, result); - - bn_reduce_once_in_place(result_norm, /*carry=*/0, m_norm, tmp, 16); - - OPENSSL_cleanse(storage, sizeof(storage)); - OPENSSL_cleanse(tmp, sizeof(tmp)); -} - -/* - * See crypto/bn/rsaz-x86_64.pl for further details. - */ -void rsaz_512_mul(void *ret, const void *a, const void *b, const void *n, - BN_ULONG k); -void rsaz_512_mul_scatter4(void *ret, const void *a, const void *n, - BN_ULONG k, const void *tbl, unsigned int power); -void rsaz_512_mul_gather4(void *ret, const void *a, const void *tbl, - const void *n, BN_ULONG k, unsigned int power); -void rsaz_512_mul_by_one(void *ret, const void *a, const void *n, BN_ULONG k); -void rsaz_512_sqr(void *ret, const void *a, const void *n, BN_ULONG k, - int cnt); -void rsaz_512_scatter4(void *tbl, const BN_ULONG *val, int power); -void rsaz_512_gather4(BN_ULONG *val, const void *tbl, int power); - -void RSAZ_512_mod_exp(BN_ULONG result[8], - const BN_ULONG base[8], const BN_ULONG exponent[8], - const BN_ULONG m[8], BN_ULONG k0, const BN_ULONG RR[8]) -{ - unsigned char storage[16 * 8 * 8 + 64 * 2 + 64]; /* 1.2KB */ - unsigned char *table = storage + (64 - ((size_t)storage % 64)); - BN_ULONG *a_inv = (BN_ULONG *)(table + 16 * 8 * 8); - BN_ULONG *temp = (BN_ULONG *)(table + 16 * 8 * 8 + 8 * 8); - unsigned char *p_str = (unsigned char *)exponent; - int index; - unsigned int wvalue; - BN_ULONG tmp[8]; - - /* table[0] = 1_inv */ - temp[0] = 0 - m[0]; - temp[1] = ~m[1]; - temp[2] = ~m[2]; - temp[3] = ~m[3]; - temp[4] = ~m[4]; - temp[5] = ~m[5]; - temp[6] = ~m[6]; - temp[7] = ~m[7]; - rsaz_512_scatter4(table, temp, 0); - - /* table [1] = a_inv^1 */ - rsaz_512_mul(a_inv, base, RR, m, k0); - rsaz_512_scatter4(table, a_inv, 1); - - /* table [2] = a_inv^2 */ - rsaz_512_sqr(temp, a_inv, m, k0, 1); - rsaz_512_scatter4(table, temp, 2); - - for (index = 3; index < 16; index++) - rsaz_512_mul_scatter4(temp, a_inv, m, k0, table, index); - - /* load first window */ - wvalue = p_str[63]; - - rsaz_512_gather4(temp, table, wvalue >> 4); - rsaz_512_sqr(temp, temp, m, k0, 4); - rsaz_512_mul_gather4(temp, temp, table, m, k0, wvalue & 0xf); - - for (index = 62; index >= 0; index--) { - wvalue = p_str[index]; - - rsaz_512_sqr(temp, temp, m, k0, 4); - rsaz_512_mul_gather4(temp, temp, table, m, k0, wvalue >> 4); - - rsaz_512_sqr(temp, temp, m, k0, 4); - rsaz_512_mul_gather4(temp, temp, table, m, k0, wvalue & 0x0f); - } - - /* from Montgomery */ - rsaz_512_mul_by_one(result, temp, m, k0); - - bn_reduce_once_in_place(result, /*carry=*/0, m, tmp, 8); - - OPENSSL_cleanse(storage, sizeof(storage)); - OPENSSL_cleanse(tmp, sizeof(tmp)); -} - -#endif diff --git a/crypto/bn/rsaz_exp.h b/crypto/bn/rsaz_exp.h deleted file mode 100644 index e27e9f047138b06548970f813183293ff892a7d9..0000000000000000000000000000000000000000 --- a/crypto/bn/rsaz_exp.h +++ /dev/null @@ -1,80 +0,0 @@ -/* - * Copyright 2013-2022 The OpenSSL Project Authors. All Rights Reserved. - * Copyright (c) 2020, Intel Corporation. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - * - * Originally written by Shay Gueron (1, 2), and Vlad Krasnov (1) - * (1) Intel Corporation, Israel Development Center, Haifa, Israel - * (2) University of Haifa, Israel - */ - -#ifndef OSSL_CRYPTO_BN_RSAZ_EXP_H -# define OSSL_CRYPTO_BN_RSAZ_EXP_H - -# undef RSAZ_ENABLED -# if defined(OPENSSL_BN_ASM_MONT) && \ - (defined(__x86_64) || defined(__x86_64__) || \ - defined(_M_AMD64) || defined(_M_X64)) -# define RSAZ_ENABLED - -# include -# include "internal/constant_time.h" -# include "bn_local.h" - -void RSAZ_1024_mod_exp_avx2(BN_ULONG result[16], - const BN_ULONG base_norm[16], - const BN_ULONG exponent[16], - const BN_ULONG m_norm[16], const BN_ULONG RR[16], - BN_ULONG k0); -int rsaz_avx2_eligible(void); - -void RSAZ_512_mod_exp(BN_ULONG result[8], - const BN_ULONG base_norm[8], const BN_ULONG exponent[8], - const BN_ULONG m_norm[8], BN_ULONG k0, - const BN_ULONG RR[8]); - - -int ossl_rsaz_avx512ifma_eligible(void); - -int ossl_rsaz_mod_exp_avx512_x2(BN_ULONG *res1, - const BN_ULONG *base1, - const BN_ULONG *exponent1, - const BN_ULONG *m1, - const BN_ULONG *RR1, - BN_ULONG k0_1, - BN_ULONG *res2, - const BN_ULONG *base2, - const BN_ULONG *exponent2, - const BN_ULONG *m2, - const BN_ULONG *RR2, - BN_ULONG k0_2, - int factor_size); - -static ossl_inline void bn_select_words(BN_ULONG *r, BN_ULONG mask, - const BN_ULONG *a, - const BN_ULONG *b, size_t num) -{ - size_t i; - - for (i = 0; i < num; i++) { - r[i] = constant_time_select_64(mask, a[i], b[i]); - } -} - -static ossl_inline BN_ULONG bn_reduce_once_in_place(BN_ULONG *r, - BN_ULONG carry, - const BN_ULONG *m, - BN_ULONG *tmp, size_t num) -{ - carry -= bn_sub_words(tmp, r, m, num); - bn_select_words(r, carry, r /* tmp < 0 */, tmp /* tmp >= 0 */, num); - return carry; -} - -# endif - -#endif diff --git a/crypto/bn/rsaz_exp_x2.c b/crypto/bn/rsaz_exp_x2.c deleted file mode 100644 index c6542ad49a388dbc14f8a203526d92f9a079f93d..0000000000000000000000000000000000000000 --- a/crypto/bn/rsaz_exp_x2.c +++ /dev/null @@ -1,576 +0,0 @@ -/* - * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. - * Copyright (c) 2020, Intel Corporation. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - * - * - * Originally written by Ilya Albrekht, Sergey Kirillov and Andrey Matyukov - * Intel Corporation - * - */ - -#include -#include -#include "rsaz_exp.h" - -#ifndef RSAZ_ENABLED -NON_EMPTY_TRANSLATION_UNIT -#else -# include -# include - -# if defined(__GNUC__) -# define ALIGN64 __attribute__((aligned(64))) -# elif defined(_MSC_VER) -# define ALIGN64 __declspec(align(64)) -# else -# define ALIGN64 -# endif - -# if defined(__GNUC__) -# define ALIGN1 __attribute__((aligned(1))) -# elif defined(_MSC_VER) -# define ALIGN1 __declspec(align(1)) -# else -# define ALIGN1 -# endif - -# define ALIGN_OF(ptr, boundary) \ - ((unsigned char *)(ptr) + (boundary - (((size_t)(ptr)) & (boundary - 1)))) - -/* Internal radix */ -# define DIGIT_SIZE (52) -/* 52-bit mask */ -# define DIGIT_MASK ((uint64_t)0xFFFFFFFFFFFFF) - -# define BITS2WORD8_SIZE(x) (((x) + 7) >> 3) -# define BITS2WORD64_SIZE(x) (((x) + 63) >> 6) - -typedef uint64_t ALIGN1 uint64_t_align1; - -static ossl_inline uint64_t get_digit52(const uint8_t *in, int in_len); -static ossl_inline void put_digit52(uint8_t *out, int out_len, uint64_t digit); -static void to_words52(BN_ULONG *out, int out_len, const BN_ULONG *in, - int in_bitsize); -static void from_words52(BN_ULONG *bn_out, int out_bitsize, const BN_ULONG *in); -static ossl_inline void set_bit(BN_ULONG *a, int idx); - -/* Number of |digit_size|-bit digits in |bitsize|-bit value */ -static ossl_inline int number_of_digits(int bitsize, int digit_size) -{ - return (bitsize + digit_size - 1) / digit_size; -} - -typedef void (*AMM52)(BN_ULONG *res, const BN_ULONG *base, - const BN_ULONG *exp, const BN_ULONG *m, BN_ULONG k0); -typedef void (*EXP52_x2)(BN_ULONG *res, const BN_ULONG *base, - const BN_ULONG *exp[2], const BN_ULONG *m, - const BN_ULONG *rr, const BN_ULONG k0[2]); - -/* - * For details of the methods declared below please refer to - * crypto/bn/asm/rsaz-avx512.pl - * - * Naming notes: - * amm = Almost Montgomery Multiplication - * ams = Almost Montgomery Squaring - * 52x20 - data represented as array of 20 digits in 52-bit radix - * _x1_/_x2_ - 1 or 2 independent inputs/outputs - * _256 suffix - uses 256-bit (AVX512VL) registers - */ - -/*AMM = Almost Montgomery Multiplication. */ -void ossl_rsaz_amm52x20_x1_256(BN_ULONG *res, const BN_ULONG *base, - const BN_ULONG *exp, const BN_ULONG *m, - BN_ULONG k0); -static void RSAZ_exp52x20_x2_256(BN_ULONG *res, const BN_ULONG *base, - const BN_ULONG *exp[2], const BN_ULONG *m, - const BN_ULONG *rr, const BN_ULONG k0[2]); -void ossl_rsaz_amm52x20_x2_256(BN_ULONG *out, const BN_ULONG *a, - const BN_ULONG *b, const BN_ULONG *m, - const BN_ULONG k0[2]); -void ossl_extract_multiplier_2x20_win5(BN_ULONG *red_Y, - const BN_ULONG *red_table, - int red_table_idx, int tbl_idx); - -/* - * Dual Montgomery modular exponentiation using prime moduli of the - * same bit size, optimized with AVX512 ISA. - * - * Input and output parameters for each exponentiation are independent and - * denoted here by index |i|, i = 1..2. - * - * Input and output are all in regular 2^64 radix. - * - * Each moduli shall be |factor_size| bit size. - * - * NOTE: currently only 2x1024 case is supported. - * - * [out] res|i| - result of modular exponentiation: array of qword values - * in regular (2^64) radix. Size of array shall be enough - * to hold |factor_size| bits. - * [in] base|i| - base - * [in] exp|i| - exponent - * [in] m|i| - moduli - * [in] rr|i| - Montgomery parameter RR = R^2 mod m|i| - * [in] k0_|i| - Montgomery parameter k0 = -1/m|i| mod 2^64 - * [in] factor_size - moduli bit size - * - * \return 0 in case of failure, - * 1 in case of success. - */ -int ossl_rsaz_mod_exp_avx512_x2(BN_ULONG *res1, - const BN_ULONG *base1, - const BN_ULONG *exp1, - const BN_ULONG *m1, - const BN_ULONG *rr1, - BN_ULONG k0_1, - BN_ULONG *res2, - const BN_ULONG *base2, - const BN_ULONG *exp2, - const BN_ULONG *m2, - const BN_ULONG *rr2, - BN_ULONG k0_2, - int factor_size) -{ - int ret = 0; - - /* - * Number of word-size (BN_ULONG) digits to store exponent in redundant - * representation. - */ - int exp_digits = number_of_digits(factor_size + 2, DIGIT_SIZE); - int coeff_pow = 4 * (DIGIT_SIZE * exp_digits - factor_size); - BN_ULONG *base1_red, *m1_red, *rr1_red; - BN_ULONG *base2_red, *m2_red, *rr2_red; - BN_ULONG *coeff_red; - BN_ULONG *storage = NULL; - BN_ULONG *storage_aligned = NULL; - BN_ULONG storage_len_bytes = 7 * exp_digits * sizeof(BN_ULONG); - - /* AMM = Almost Montgomery Multiplication */ - AMM52 amm = NULL; - /* Dual (2-exps in parallel) exponentiation */ - EXP52_x2 exp_x2 = NULL; - - const BN_ULONG *exp[2] = {0}; - BN_ULONG k0[2] = {0}; - - /* Only 1024-bit factor size is supported now */ - switch (factor_size) { - case 1024: - amm = ossl_rsaz_amm52x20_x1_256; - exp_x2 = RSAZ_exp52x20_x2_256; - break; - default: - goto err; - } - - storage = (BN_ULONG *)OPENSSL_malloc(storage_len_bytes + 64); - if (storage == NULL) - goto err; - storage_aligned = (BN_ULONG *)ALIGN_OF(storage, 64); - - /* Memory layout for red(undant) representations */ - base1_red = storage_aligned; - base2_red = storage_aligned + 1 * exp_digits; - m1_red = storage_aligned + 2 * exp_digits; - m2_red = storage_aligned + 3 * exp_digits; - rr1_red = storage_aligned + 4 * exp_digits; - rr2_red = storage_aligned + 5 * exp_digits; - coeff_red = storage_aligned + 6 * exp_digits; - - /* Convert base_i, m_i, rr_i, from regular to 52-bit radix */ - to_words52(base1_red, exp_digits, base1, factor_size); - to_words52(base2_red, exp_digits, base2, factor_size); - to_words52(m1_red, exp_digits, m1, factor_size); - to_words52(m2_red, exp_digits, m2, factor_size); - to_words52(rr1_red, exp_digits, rr1, factor_size); - to_words52(rr2_red, exp_digits, rr2, factor_size); - - /* - * Compute target domain Montgomery converters RR' for each modulus - * based on precomputed original domain's RR. - * - * RR -> RR' transformation steps: - * (1) coeff = 2^k - * (2) t = AMM(RR,RR) = RR^2 / R' mod m - * (3) RR' = AMM(t, coeff) = RR^2 * 2^k / R'^2 mod m - * where - * k = 4 * (52 * digits52 - modlen) - * R = 2^(64 * ceil(modlen/64)) mod m - * RR = R^2 mod M - * R' = 2^(52 * ceil(modlen/52)) mod m - * - * modlen = 1024: k = 64, RR = 2^2048 mod m, RR' = 2^2080 mod m - */ - memset(coeff_red, 0, exp_digits * sizeof(BN_ULONG)); - /* (1) in reduced domain representation */ - set_bit(coeff_red, 64 * (int)(coeff_pow / 52) + coeff_pow % 52); - - amm(rr1_red, rr1_red, rr1_red, m1_red, k0_1); /* (2) for m1 */ - amm(rr1_red, rr1_red, coeff_red, m1_red, k0_1); /* (3) for m1 */ - - amm(rr2_red, rr2_red, rr2_red, m2_red, k0_2); /* (2) for m2 */ - amm(rr2_red, rr2_red, coeff_red, m2_red, k0_2); /* (3) for m2 */ - - exp[0] = exp1; - exp[1] = exp2; - - k0[0] = k0_1; - k0[1] = k0_2; - - exp_x2(rr1_red, base1_red, exp, m1_red, rr1_red, k0); - - /* Convert rr_i back to regular radix */ - from_words52(res1, factor_size, rr1_red); - from_words52(res2, factor_size, rr2_red); - - /* bn_reduce_once_in_place expects number of BN_ULONG, not bit size */ - factor_size /= sizeof(BN_ULONG) * 8; - - bn_reduce_once_in_place(res1, /*carry=*/0, m1, storage, factor_size); - bn_reduce_once_in_place(res2, /*carry=*/0, m2, storage, factor_size); - - ret = 1; -err: - if (storage != NULL) { - OPENSSL_cleanse(storage, storage_len_bytes); - OPENSSL_free(storage); - } - return ret; -} - -/* - * Dual 1024-bit w-ary modular exponentiation using prime moduli of the same - * bit size using Almost Montgomery Multiplication, optimized with AVX512_IFMA - * ISA. - * - * The parameter w (window size) = 5. - * - * [out] res - result of modular exponentiation: 2x20 qword - * values in 2^52 radix. - * [in] base - base (2x20 qword values in 2^52 radix) - * [in] exp - array of 2 pointers to 16 qword values in 2^64 radix. - * Exponent is not converted to redundant representation. - * [in] m - moduli (2x20 qword values in 2^52 radix) - * [in] rr - Montgomery parameter for 2 moduli: RR = 2^2080 mod m. - * (2x20 qword values in 2^52 radix) - * [in] k0 - Montgomery parameter for 2 moduli: k0 = -1/m mod 2^64 - * - * \return (void). - */ -static void RSAZ_exp52x20_x2_256(BN_ULONG *out, /* [2][20] */ - const BN_ULONG *base, /* [2][20] */ - const BN_ULONG *exp[2], /* 2x16 */ - const BN_ULONG *m, /* [2][20] */ - const BN_ULONG *rr, /* [2][20] */ - const BN_ULONG k0[2]) -{ -# define BITSIZE_MODULUS (1024) -# define EXP_WIN_SIZE (5) -# define EXP_WIN_MASK ((1U << EXP_WIN_SIZE) - 1) -/* - * Number of digits (64-bit words) in redundant representation to handle - * modulus bits - */ -# define RED_DIGITS (20) -# define EXP_DIGITS (16) -# define DAMM ossl_rsaz_amm52x20_x2_256 -/* - * Squaring is done using multiplication now. That can be a subject of - * optimization in future. - */ -# define DAMS(r,a,m,k0) \ - ossl_rsaz_amm52x20_x2_256((r),(a),(a),(m),(k0)) - - /* Allocate stack for red(undant) result Y and multiplier X */ - ALIGN64 BN_ULONG red_Y[2][RED_DIGITS]; - ALIGN64 BN_ULONG red_X[2][RED_DIGITS]; - - /* Allocate expanded exponent */ - ALIGN64 BN_ULONG expz[2][EXP_DIGITS + 1]; - - /* Pre-computed table of base powers */ - ALIGN64 BN_ULONG red_table[1U << EXP_WIN_SIZE][2][RED_DIGITS]; - - int idx; - - memset(red_Y, 0, sizeof(red_Y)); - memset(red_table, 0, sizeof(red_table)); - memset(red_X, 0, sizeof(red_X)); - - /* - * Compute table of powers base^i, i = 0, ..., (2^EXP_WIN_SIZE) - 1 - * table[0] = mont(x^0) = mont(1) - * table[1] = mont(x^1) = mont(x) - */ - red_X[0][0] = 1; - red_X[1][0] = 1; - DAMM(red_table[0][0], (const BN_ULONG*)red_X, rr, m, k0); - DAMM(red_table[1][0], base, rr, m, k0); - - for (idx = 1; idx < (int)((1U << EXP_WIN_SIZE) / 2); idx++) { - DAMS(red_table[2 * idx + 0][0], red_table[1 * idx][0], m, k0); - DAMM(red_table[2 * idx + 1][0], red_table[2 * idx][0], red_table[1][0], m, k0); - } - - /* Copy and expand exponents */ - memcpy(expz[0], exp[0], EXP_DIGITS * sizeof(BN_ULONG)); - expz[0][EXP_DIGITS] = 0; - memcpy(expz[1], exp[1], EXP_DIGITS * sizeof(BN_ULONG)); - expz[1][EXP_DIGITS] = 0; - - /* Exponentiation */ - { - const int rem = BITSIZE_MODULUS % EXP_WIN_SIZE; - BN_ULONG table_idx_mask = EXP_WIN_MASK; - - int exp_bit_no = BITSIZE_MODULUS - rem; - int exp_chunk_no = exp_bit_no / 64; - int exp_chunk_shift = exp_bit_no % 64; - - BN_ULONG red_table_idx_0, red_table_idx_1; - - /* - * If rem == 0, then - * exp_bit_no = modulus_bitsize - exp_win_size - * However, this isn't possible because rem is { 1024, 1536, 2048 } % 5 - * which is { 4, 1, 3 } respectively. - * - * If this assertion ever fails the fix above is easy. - */ - OPENSSL_assert(rem != 0); - - /* Process 1-st exp window - just init result */ - red_table_idx_0 = expz[0][exp_chunk_no]; - red_table_idx_1 = expz[1][exp_chunk_no]; - /* - * The function operates with fixed moduli sizes divisible by 64, - * thus table index here is always in supported range [0, EXP_WIN_SIZE). - */ - red_table_idx_0 >>= exp_chunk_shift; - red_table_idx_1 >>= exp_chunk_shift; - - ossl_extract_multiplier_2x20_win5(red_Y[0], (const BN_ULONG*)red_table, - (int)red_table_idx_0, 0); - ossl_extract_multiplier_2x20_win5(red_Y[1], (const BN_ULONG*)red_table, - (int)red_table_idx_1, 1); - - /* Process other exp windows */ - for (exp_bit_no -= EXP_WIN_SIZE; exp_bit_no >= 0; exp_bit_no -= EXP_WIN_SIZE) { - /* Extract pre-computed multiplier from the table */ - { - BN_ULONG T; - - exp_chunk_no = exp_bit_no / 64; - exp_chunk_shift = exp_bit_no % 64; - { - red_table_idx_0 = expz[0][exp_chunk_no]; - T = expz[0][exp_chunk_no + 1]; - - red_table_idx_0 >>= exp_chunk_shift; - /* - * Get additional bits from then next quadword - * when 64-bit boundaries are crossed. - */ - if (exp_chunk_shift > 64 - EXP_WIN_SIZE) { - T <<= (64 - exp_chunk_shift); - red_table_idx_0 ^= T; - } - red_table_idx_0 &= table_idx_mask; - - ossl_extract_multiplier_2x20_win5(red_X[0], - (const BN_ULONG*)red_table, - (int)red_table_idx_0, 0); - } - { - red_table_idx_1 = expz[1][exp_chunk_no]; - T = expz[1][exp_chunk_no + 1]; - - red_table_idx_1 >>= exp_chunk_shift; - /* - * Get additional bits from then next quadword - * when 64-bit boundaries are crossed. - */ - if (exp_chunk_shift > 64 - EXP_WIN_SIZE) { - T <<= (64 - exp_chunk_shift); - red_table_idx_1 ^= T; - } - red_table_idx_1 &= table_idx_mask; - - ossl_extract_multiplier_2x20_win5(red_X[1], - (const BN_ULONG*)red_table, - (int)red_table_idx_1, 1); - } - } - - /* Series of squaring */ - DAMS((BN_ULONG*)red_Y, (const BN_ULONG*)red_Y, m, k0); - DAMS((BN_ULONG*)red_Y, (const BN_ULONG*)red_Y, m, k0); - DAMS((BN_ULONG*)red_Y, (const BN_ULONG*)red_Y, m, k0); - DAMS((BN_ULONG*)red_Y, (const BN_ULONG*)red_Y, m, k0); - DAMS((BN_ULONG*)red_Y, (const BN_ULONG*)red_Y, m, k0); - - DAMM((BN_ULONG*)red_Y, (const BN_ULONG*)red_Y, (const BN_ULONG*)red_X, m, k0); - } - } - - /* - * - * NB: After the last AMM of exponentiation in Montgomery domain, the result - * may be 1025-bit, but the conversion out of Montgomery domain performs an - * AMM(x,1) which guarantees that the final result is less than |m|, so no - * conditional subtraction is needed here. See "Efficient Software - * Implementations of Modular Exponentiation" (by Shay Gueron) paper for details. - */ - - /* Convert result back in regular 2^52 domain */ - memset(red_X, 0, sizeof(red_X)); - red_X[0][0] = 1; - red_X[1][0] = 1; - DAMM(out, (const BN_ULONG*)red_Y, (const BN_ULONG*)red_X, m, k0); - - /* Clear exponents */ - OPENSSL_cleanse(expz, sizeof(expz)); - OPENSSL_cleanse(red_Y, sizeof(red_Y)); - -# undef DAMS -# undef DAMM -# undef EXP_DIGITS -# undef RED_DIGITS -# undef EXP_WIN_MASK -# undef EXP_WIN_SIZE -# undef BITSIZE_MODULUS -} - -static ossl_inline uint64_t get_digit52(const uint8_t *in, int in_len) -{ - uint64_t digit = 0; - - assert(in != NULL); - - for (; in_len > 0; in_len--) { - digit <<= 8; - digit += (uint64_t)(in[in_len - 1]); - } - return digit; -} - -/* - * Convert array of words in regular (base=2^64) representation to array of - * words in redundant (base=2^52) one. - */ -static void to_words52(BN_ULONG *out, int out_len, - const BN_ULONG *in, int in_bitsize) -{ - uint8_t *in_str = NULL; - - assert(out != NULL); - assert(in != NULL); - /* Check destination buffer capacity */ - assert(out_len >= number_of_digits(in_bitsize, DIGIT_SIZE)); - - in_str = (uint8_t *)in; - - for (; in_bitsize >= (2 * DIGIT_SIZE); in_bitsize -= (2 * DIGIT_SIZE), out += 2) { - out[0] = (*(uint64_t_align1 *)in_str) & DIGIT_MASK; - in_str += 6; - out[1] = ((*(uint64_t_align1 *)in_str) >> 4) & DIGIT_MASK; - in_str += 7; - out_len -= 2; - } - - if (in_bitsize > DIGIT_SIZE) { - uint64_t digit = get_digit52(in_str, 7); - - out[0] = digit & DIGIT_MASK; - in_str += 6; - in_bitsize -= DIGIT_SIZE; - digit = get_digit52(in_str, BITS2WORD8_SIZE(in_bitsize)); - out[1] = digit >> 4; - out += 2; - out_len -= 2; - } else if (in_bitsize > 0) { - out[0] = get_digit52(in_str, BITS2WORD8_SIZE(in_bitsize)); - out++; - out_len--; - } - - while (out_len > 0) { - *out = 0; - out_len--; - out++; - } -} - -static ossl_inline void put_digit52(uint8_t *pStr, int strLen, uint64_t digit) -{ - assert(pStr != NULL); - - for (; strLen > 0; strLen--) { - *pStr++ = (uint8_t)(digit & 0xFF); - digit >>= 8; - } -} - -/* - * Convert array of words in redundant (base=2^52) representation to array of - * words in regular (base=2^64) one. - */ -static void from_words52(BN_ULONG *out, int out_bitsize, const BN_ULONG *in) -{ - int i; - int out_len = BITS2WORD64_SIZE(out_bitsize); - - assert(out != NULL); - assert(in != NULL); - - for (i = 0; i < out_len; i++) - out[i] = 0; - - { - uint8_t *out_str = (uint8_t *)out; - - for (; out_bitsize >= (2 * DIGIT_SIZE); out_bitsize -= (2 * DIGIT_SIZE), in += 2) { - (*(uint64_t_align1 *)out_str) = in[0]; - out_str += 6; - (*(uint64_t_align1 *)out_str) ^= in[1] << 4; - out_str += 7; - } - - if (out_bitsize > DIGIT_SIZE) { - put_digit52(out_str, 7, in[0]); - out_str += 6; - out_bitsize -= DIGIT_SIZE; - put_digit52(out_str, BITS2WORD8_SIZE(out_bitsize), - (in[1] << 4 | in[0] >> 48)); - } else if (out_bitsize) { - put_digit52(out_str, BITS2WORD8_SIZE(out_bitsize), in[0]); - } - } -} - -/* - * Set bit at index |idx| in the words array |a|. - * It does not do any boundaries checks, make sure the index is valid before - * calling the function. - */ -static ossl_inline void set_bit(BN_ULONG *a, int idx) -{ - assert(a != NULL); - - { - int i, j; - - i = idx / BN_BITS2; - j = idx % BN_BITS2; - a[i] |= (((BN_ULONG)1) << j); - } -} - -#endif diff --git a/crypto/bsearch.c b/crypto/bsearch.c deleted file mode 100644 index f812c4f8ef0f9ee22549cc2b2d01b33ddcb398f7..0000000000000000000000000000000000000000 --- a/crypto/bsearch.c +++ /dev/null @@ -1,44 +0,0 @@ -/* - * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/cryptlib.h" - -const void *ossl_bsearch(const void *key, const void *base, int num, - int size, int (*cmp) (const void *, const void *), - int flags) -{ - const char *base_ = base; - int l, h, i = 0, c = 0; - const char *p = NULL; - - if (num == 0) - return NULL; - l = 0; - h = num; - while (l < h) { - i = (l + h) / 2; - p = &(base_[i * size]); - c = (*cmp) (key, p); - if (c < 0) - h = i; - else if (c > 0) - l = i + 1; - else - break; - } - if (c != 0 && !(flags & OSSL_BSEARCH_VALUE_ON_NOMATCH)) - p = NULL; - else if (c == 0 && (flags & OSSL_BSEARCH_FIRST_VALUE_ON_MATCH)) { - while (i > 0 && (*cmp) (key, &(base_[(i - 1) * size])) == 0) - i--; - p = &(base_[i * size]); - } - return p; -} diff --git a/crypto/buffer/buf_err.c b/crypto/buffer/buf_err.c deleted file mode 100644 index 9233b0a23c17e4c8a5b45a5af827c285c00eb50d..0000000000000000000000000000000000000000 --- a/crypto/buffer/buf_err.c +++ /dev/null @@ -1,30 +0,0 @@ -/* - * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include "crypto/buffererr.h" - -#ifndef OPENSSL_NO_ERR - -static const ERR_STRING_DATA BUF_str_reasons[] = { - {0, NULL} -}; - -#endif - -int ossl_err_load_BUF_strings(void) -{ -#ifndef OPENSSL_NO_ERR - if (ERR_reason_error_string(BUF_str_reasons[0].error) == NULL) - ERR_load_strings_const(BUF_str_reasons); -#endif - return 1; -} diff --git a/crypto/buffer/buffer.c b/crypto/buffer/buffer.c deleted file mode 100644 index db1ea38b195a83e8544cdcae584ceb03d79862f7..0000000000000000000000000000000000000000 --- a/crypto/buffer/buffer.c +++ /dev/null @@ -1,165 +0,0 @@ -/* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/cryptlib.h" -#include - -/* - * LIMIT_BEFORE_EXPANSION is the maximum n such that (n+3)/3*4 < 2**31. That - * function is applied in several functions in this file and this limit - * ensures that the result fits in an int. - */ -#define LIMIT_BEFORE_EXPANSION 0x5ffffffc - -BUF_MEM *BUF_MEM_new_ex(unsigned long flags) -{ - BUF_MEM *ret; - - ret = BUF_MEM_new(); - if (ret != NULL) - ret->flags = flags; - return ret; -} - -BUF_MEM *BUF_MEM_new(void) -{ - BUF_MEM *ret; - - ret = OPENSSL_zalloc(sizeof(*ret)); - if (ret == NULL) { - ERR_raise(ERR_LIB_BUF, ERR_R_MALLOC_FAILURE); - return NULL; - } - return ret; -} - -void BUF_MEM_free(BUF_MEM *a) -{ - if (a == NULL) - return; - if (a->data != NULL) { - if (a->flags & BUF_MEM_FLAG_SECURE) - OPENSSL_secure_clear_free(a->data, a->max); - else - OPENSSL_clear_free(a->data, a->max); - } - OPENSSL_free(a); -} - -/* Allocate a block of secure memory; copy over old data if there - * was any, and then free it. */ -static char *sec_alloc_realloc(BUF_MEM *str, size_t len) -{ - char *ret; - - ret = OPENSSL_secure_malloc(len); - if (str->data != NULL) { - if (ret != NULL) { - memcpy(ret, str->data, str->length); - OPENSSL_secure_clear_free(str->data, str->length); - str->data = NULL; - } - } - return ret; -} - -size_t BUF_MEM_grow(BUF_MEM *str, size_t len) -{ - char *ret; - size_t n; - - if (str->length >= len) { - str->length = len; - return len; - } - if (str->max >= len) { - if (str->data != NULL) - memset(&str->data[str->length], 0, len - str->length); - str->length = len; - return len; - } - /* This limit is sufficient to ensure (len+3)/3*4 < 2**31 */ - if (len > LIMIT_BEFORE_EXPANSION) { - ERR_raise(ERR_LIB_BUF, ERR_R_MALLOC_FAILURE); - return 0; - } - n = (len + 3) / 3 * 4; - if ((str->flags & BUF_MEM_FLAG_SECURE)) - ret = sec_alloc_realloc(str, n); - else - ret = OPENSSL_realloc(str->data, n); - if (ret == NULL) { - ERR_raise(ERR_LIB_BUF, ERR_R_MALLOC_FAILURE); - len = 0; - } else { - str->data = ret; - str->max = n; - memset(&str->data[str->length], 0, len - str->length); - str->length = len; - } - return len; -} - -size_t BUF_MEM_grow_clean(BUF_MEM *str, size_t len) -{ - char *ret; - size_t n; - - if (str->length >= len) { - if (str->data != NULL) - memset(&str->data[len], 0, str->length - len); - str->length = len; - return len; - } - if (str->max >= len) { - memset(&str->data[str->length], 0, len - str->length); - str->length = len; - return len; - } - /* This limit is sufficient to ensure (len+3)/3*4 < 2**31 */ - if (len > LIMIT_BEFORE_EXPANSION) { - ERR_raise(ERR_LIB_BUF, ERR_R_MALLOC_FAILURE); - return 0; - } - n = (len + 3) / 3 * 4; - if ((str->flags & BUF_MEM_FLAG_SECURE)) - ret = sec_alloc_realloc(str, n); - else - ret = OPENSSL_clear_realloc(str->data, str->max, n); - if (ret == NULL) { - ERR_raise(ERR_LIB_BUF, ERR_R_MALLOC_FAILURE); - len = 0; - } else { - str->data = ret; - str->max = n; - memset(&str->data[str->length], 0, len - str->length); - str->length = len; - } - return len; -} - -void BUF_reverse(unsigned char *out, const unsigned char *in, size_t size) -{ - size_t i; - if (in) { - out += size - 1; - for (i = 0; i < size; i++) - *out-- = *in++; - } else { - unsigned char *q; - char c; - q = out + size - 1; - for (i = 0; i < size / 2; i++) { - c = *q; - *q-- = *out; - *out++ = c; - } - } -} diff --git a/crypto/buffer/build.info b/crypto/buffer/build.info deleted file mode 100644 index 6f31397be722f100ab195505efa812cd78a0eb9c..0000000000000000000000000000000000000000 --- a/crypto/buffer/build.info +++ /dev/null @@ -1,3 +0,0 @@ -LIBS=../../libcrypto -SOURCE[../../libcrypto]=buffer.c buf_err.c -SOURCE[../../providers/libfips.a]=buffer.c diff --git a/crypto/build.info b/crypto/build.info deleted file mode 100644 index c04db5591120df945972de3e801aaa32bcbf3241..0000000000000000000000000000000000000000 --- a/crypto/build.info +++ /dev/null @@ -1,136 +0,0 @@ -# Note that these directories are filtered in Configure. Look for %skipdir -# there for further explanations. -SUBDIRS=objects buffer bio stack lhash rand evp asn1 pem x509 conf \ - txt_db pkcs7 pkcs12 ui kdf store property \ - md2 md4 md5 sha mdc2 hmac ripemd whrlpool poly1305 \ - siphash sm3 des aes rc2 rc4 rc5 idea aria bf cast camellia \ - seed sm4 chacha modes bn ec rsa dsa dh sm2 dso engine \ - err comp http ocsp cms ts srp cmac ct async ess crmf cmp encode_decode \ - ffc - -LIBS=../libcrypto - -$UPLINKSRC= -$UPLINKDEF= -IF[{- !$disabled{uplink} -}] - $UPLINKSRC_common=../ms/uplink.c - $UPLINKSRC_x86=$UPLINKSRC_common uplink-x86.S - $UPLINKSRC_x86_64=$UPLINKSRC_common uplink-x86_64.s - $UPLINKSRC_ia64=$UPLINKSRC_common uplink-ia64.s - - IF[$UPLINKSRC_{- $target{uplink_arch} -}] - $UPLINKSRC=$UPLINKSRC_{- $target{uplink_arch} -} - $UPLINKDEF=OPENSSL_USE_APPLINK - ENDIF -ENDIF - -$CPUIDASM=mem_clr.c -$CPUIDDEF= -IF[{- !$disabled{asm} && $config{processor} ne '386' -}] - $CPUIDASM_x86=x86cpuid.S - - $CPUIDASM_x86_64=x86_64cpuid.s - - $CPUIDASM_ia64=ia64cpuid.s - - $CPUIDASM_sparcv9=sparcv9cap.c sparccpuid.S - - $CPUIDASM_alpha=alphacpuid.s - - $CPUIDASM_s390x=s390xcap.c s390xcpuid.S - - $CPUIDASM_armv4=armcap.c armv4cpuid.S - - $CPUIDASM_aarch64=armcap.c arm64cpuid.S - - $CPUIDASM_parisc11=pariscid.s - $CPUIDASM_parisc20_64=$CPUIDASM_parisc11 - - $CPUIDASM_ppc32=ppccpuid.s ppccap.c - $CPUIDASM_ppc64=$CPUIDASM_ppc32 - - $CPUIDASM_c64xplus=c64xpluscpuid.s - - # Now that we have defined all the arch specific variables, use the - # appropriate one, and define the appropriate macros - IF[$CPUIDASM_{- $target{asm_arch} -}] - $CPUIDASM=$CPUIDASM_{- $target{asm_arch} -} - $CPUIDDEF=OPENSSL_CPUID_OBJ - ENDIF -ENDIF - -# CPUID support. We need to add that explicitly in every shared library and -# provider module that uses it. ctype.c is included here because the CPUID -# uses functions from there to parse magic environment variables. -$CPUID_COMMON=$CPUIDASM cpuid.c ctype.c -INCLUDE[cpuid.o]=.. - -SOURCE[../libcrypto]=$CPUID_COMMON -DEFINE[../libcrypto]=$CPUIDDEF -SOURCE[../providers/libfips.a]=$CPUID_COMMON -DEFINE[../providers/libfips.a]=$CPUIDDEF -# We only need to include the CPUID stuff in the legacy provider when it's a -# separate module and it's dynamically linked with libcrypto. Otherwise, it -# already gets everything that the static libcrypto.a has, and doesn't need it -# added again. -IF[{- !$disabled{module} && !$disabled{shared} -}] - SOURCE[../providers/liblegacy.a]=$CPUID_COMMON - DEFINE[../providers/liblegacy.a]=$CPUIDDEF -ENDIF - -# Implementations are now spread across several libraries, so the CPUID define -# need to be applied to all affected libraries and modules. -DEFINE[../providers/libcommon.a]=$CPUIDDEF -DEFINE[../providers/libdefault.a]=$CPUIDDEF - -# The Core -$CORE_COMMON=provider_core.c provider_predefined.c \ - core_fetch.c core_algorithm.c core_namemap.c self_test_core.c - -SOURCE[../libcrypto]=$CORE_COMMON provider_conf.c -SOURCE[../providers/libfips.a]=$CORE_COMMON - -# Central utilities -$UTIL_COMMON=\ - cryptlib.c params.c params_from_text.c bsearch.c ex_data.c o_str.c \ - threads_pthread.c threads_win.c threads_none.c initthread.c \ - context.c sparse_array.c asn1_dsa.c packet.c param_build.c \ - param_build_set.c der_writer.c threads_lib.c params_dup.c - -SOURCE[../libcrypto]=$UTIL_COMMON \ - mem.c mem_sec.c \ - cversion.c info.c cpt_err.c ebcdic.c uid.c o_time.c o_dir.c \ - o_fopen.c getenv.c o_init.c init.c trace.c provider.c provider_child.c \ - punycode.c passphrase.c -SOURCE[../providers/libfips.a]=$UTIL_COMMON - -SOURCE[../libcrypto]=$UPLINKSRC -DEFINE[../libcrypto]=$UPLINKDEF - -DEPEND[info.o]=buildinf.h -DEPEND[cversion.o]=buildinf.h -GENERATE[buildinf.h]=../util/mkbuildinf.pl "$(CC) $(LIB_CFLAGS) $(CPPFLAGS_Q)" "$(PLATFORM)" - -GENERATE[uplink-x86.S]=../ms/uplink-x86.pl -GENERATE[uplink-x86_64.s]=../ms/uplink-x86_64.pl -GENERATE[uplink-ia64.s]=../ms/uplink-ia64.pl - -GENERATE[x86cpuid.S]=x86cpuid.pl -DEPEND[x86cpuid.s]=perlasm/x86asm.pl - -GENERATE[x86_64cpuid.s]=x86_64cpuid.pl - -GENERATE[ia64cpuid.s]=ia64cpuid.S -GENERATE[ppccpuid.s]=ppccpuid.pl -GENERATE[pariscid.s]=pariscid.pl -GENERATE[alphacpuid.s]=alphacpuid.pl -GENERATE[arm64cpuid.S]=arm64cpuid.pl -INCLUDE[arm64cpuid.o]=. -GENERATE[armv4cpuid.S]=armv4cpuid.pl -INCLUDE[armv4cpuid.o]=. -GENERATE[s390xcpuid.S]=s390xcpuid.pl -INCLUDE[s390xcpuid.o]=. - -IF[{- $config{target} =~ /^(?:Cygwin|mingw|VC-|BC-)/ -}] - SHARED_SOURCE[../libcrypto]=dllmain.c -ENDIF diff --git a/crypto/c64xpluscpuid.pl b/crypto/c64xpluscpuid.pl deleted file mode 100644 index 20728c03bc690a241cebb372012e4d840c1e2029..0000000000000000000000000000000000000000 --- a/crypto/c64xpluscpuid.pl +++ /dev/null @@ -1,287 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2012-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - -while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {} -open STDOUT,">$output"; - -$code.=<<___; - .text - - .if .ASSEMBLER_VERSION<7000000 - .asg 0,__TI_EABI__ - .endif - .if __TI_EABI__ - .asg OPENSSL_rdtsc,_OPENSSL_rdtsc - .asg OPENSSL_cleanse,_OPENSSL_cleanse - .asg CRYPTO_memcmp,_CRYPTO_memcmp - .asg OPENSSL_atomic_add,_OPENSSL_atomic_add - .asg OPENSSL_wipe_cpu,_OPENSSL_wipe_cpu - .asg OPENSSL_instrument_bus,_OPENSSL_instrument_bus - .asg OPENSSL_instrument_bus2,_OPENSSL_instrument_bus2 - .endif - - .asg B3,RA - - .global _OPENSSL_rdtsc -_OPENSSL_rdtsc: - .asmfunc - B RA - MVC TSCL,B0 - MVC TSCH,B1 - [!B0] MVC B0,TSCL ; start TSC - MV B0,A4 - MV B1,A5 - .endasmfunc - - .global _OPENSSL_cleanse -_OPENSSL_cleanse: - .asmfunc - ZERO A3:A2 -|| ZERO B2 -|| SHRU B4,3,B0 ; is length >= 8 -|| ADD 1,A4,B6 - [!B0] BNOP RA -|| ZERO A1 -|| ZERO B1 - [B0] MVC B0,ILC -||[!B0] CMPLT 0,B4,A1 -||[!B0] CMPLT 1,B4,B1 - [A1] STB A2,*A4++[2] -|| [B1] STB B2,*B6++[2] -||[!B0] CMPLT 2,B4,A1 -||[!B0] CMPLT 3,B4,B1 - [A1] STB A2,*A4++[2] -|| [B1] STB B2,*B6++[2] -||[!B0] CMPLT 4,B4,A1 -||[!B0] CMPLT 5,B4,B1 - [A1] STB A2,*A4++[2] -|| [B1] STB B2,*B6++[2] -||[!B0] CMPLT 6,B4,A1 - [A1] STB A2,*A4++[2] - - SPLOOP 1 - STNDW A3:A2,*A4++ -|| SUB B4,8,B4 - SPKERNEL - - MV B4,B0 ; remaining bytes -|| ADD 1,A4,B6 -|| BNOP RA - [B0] CMPLT 0,B0,A1 -|| [B0] CMPLT 1,B0,B1 - [A1] STB A2,*A4++[2] -|| [B1] STB B2,*B6++[2] -|| [B0] CMPLT 2,B0,A1 -|| [B0] CMPLT 3,B0,B1 - [A1] STB A2,*A4++[2] -|| [B1] STB B2,*B6++[2] -|| [B0] CMPLT 4,B0,A1 -|| [B0] CMPLT 5,B0,B1 - [A1] STB A2,*A4++[2] -|| [B1] STB B2,*B6++[2] -|| [B0] CMPLT 6,B0,A1 - [A1] STB A2,*A4++[2] - .endasmfunc - - .global _CRYPTO_memcmp -_CRYPTO_memcmp: - .asmfunc - MV A6,B0 - [!B0] BNOP RA -||[!B0] ZERO A4 - [B0] MVC B0,ILC -|| [B0] ZERO A0 - NOP 4 - - SPLOOP 1 - LDBU *A4++,A1 -|| LDBU *B4++,B1 - NOP 4 - XOR.L B1,A1,A2 - SPKERNEL 1,0 -|| OR.S A2,A0,A0 - - BNOP RA,3 - ZERO.L A4 - [A0] MVK 1,A4 - .endasmfunc - - .global _OPENSSL_atomic_add -_OPENSSL_atomic_add: - .asmfunc - MV A4,B0 -atomic_add?: - LL *B0,B5 - NOP 4 - ADD B4,B5,B5 - SL B5,*B0 - CMTL *B0,B1 - NOP 4 - [!B1] B atomic_add? - [B1] BNOP RA,4 - MV B5,A4 - .endasmfunc - - .global _OPENSSL_wipe_cpu -_OPENSSL_wipe_cpu: - .asmfunc - ZERO A0 -|| ZERO B0 -|| ZERO A1 -|| ZERO B1 - ZERO A3:A2 -|| MVD B0,B2 -|| ZERO A4 -|| ZERO B4 -|| ZERO A5 -|| ZERO B5 -|| BNOP RA - ZERO A7:A6 -|| ZERO B7:B6 -|| ZERO A8 -|| ZERO B8 -|| ZERO A9 -|| ZERO B9 - ZERO A17:A16 -|| ZERO B17:B16 -|| ZERO A18 -|| ZERO B18 -|| ZERO A19 -|| ZERO B19 - ZERO A21:A20 -|| ZERO B21:B20 -|| ZERO A22 -|| ZERO B22 -|| ZERO A23 -|| ZERO B23 - ZERO A25:A24 -|| ZERO B25:B24 -|| ZERO A26 -|| ZERO B26 -|| ZERO A27 -|| ZERO B27 - ZERO A29:A28 -|| ZERO B29:B28 -|| ZERO A30 -|| ZERO B30 -|| ZERO A31 -|| ZERO B31 - .endasmfunc - -CLFLUSH .macro CONTROL,ADDR,LEN - B passthrough? -|| STW ADDR,*CONTROL[0] - STW LEN,*CONTROL[1] -spinlock?: - LDW *CONTROL[1],A0 - NOP 3 -passthrough?: - NOP - [A0] BNOP spinlock?,5 - .endm - - .global _OPENSSL_instrument_bus -_OPENSSL_instrument_bus: - .asmfunc - MV B4,B0 ; reassign sizeof(output) -|| MV A4,B4 ; reassign output -|| MVK 0x00004030,A3 - MV B0,A4 ; return value -|| MVK 1,A1 -|| MVKH 0x01840000,A3 ; L1DWIBAR - MVC TSCL,B8 ; collect 1st tick -|| MVK 0x00004010,A5 - MV B8,B9 ; lasttick = tick -|| MVK 0,B7 ; lastdiff = 0 -|| MVKH 0x01840000,A5 ; L2WIBAR - CLFLUSH A3,B4,A1 ; write-back and invalidate L1D line - CLFLUSH A5,B4,A1 ; write-back and invalidate L2 line - LL *B4,B5 - NOP 4 - ADD B7,B5,B5 - SL B5,*B4 - CMTL *B4,B1 - NOP 4 - STW B5,*B4 -bus_loop1?: - MVC TSCL,B8 -|| [B0] SUB B0,1,B0 - SUB B8,B9,B7 ; lastdiff = tick - lasttick -|| MV B8,B9 ; lasttick = tick - CLFLUSH A3,B4,A1 ; write-back and invalidate L1D line - CLFLUSH A5,B4,A1 ; write-back and invalidate L2 line - LL *B4,B5 - NOP 4 - ADD B7,B5,B5 - SL B5,*B4 - CMTL *B4,B1 - STW B5,*B4 ; [!B1] is removed to flatten samples -|| ADDK 4,B4 -|| [B0] BNOP bus_loop1?,5 - - BNOP RA,5 - .endasmfunc - - .global _OPENSSL_instrument_bus2 -_OPENSSL_instrument_bus2: - .asmfunc - MV A6,B0 ; reassign max -|| MV B4,A6 ; reassign sizeof(output) -|| MVK 0x00004030,A3 - MV A4,B4 ; reassign output -|| MVK 0,A4 ; return value -|| MVK 1,A1 -|| MVKH 0x01840000,A3 ; L1DWIBAR - - MVC TSCL,B8 ; collect 1st tick -|| MVK 0x00004010,A5 - MV B8,B9 ; lasttick = tick -|| MVK 0,B7 ; lastdiff = 0 -|| MVKH 0x01840000,A5 ; L2WIBAR - CLFLUSH A3,B4,A1 ; write-back and invalidate L1D line - CLFLUSH A5,B4,A1 ; write-back and invalidate L2 line - LL *B4,B5 - NOP 4 - ADD B7,B5,B5 - SL B5,*B4 - CMTL *B4,B1 - NOP 4 - STW B5,*B4 - - MVC TSCL,B8 ; collect 1st diff - SUB B8,B9,B7 ; lastdiff = tick - lasttick -|| MV B8,B9 ; lasttick = tick -|| SUB B0,1,B0 -bus_loop2?: - CLFLUSH A3,B4,A1 ; write-back and invalidate L1D line - CLFLUSH A5,B4,A1 ; write-back and invalidate L2 line - LL *B4,B5 - NOP 4 - ADD B7,B5,B5 - SL B5,*B4 - CMTL *B4,B1 - STW B5,*B4 ; [!B1] is removed to flatten samples -||[!B0] BNOP bus_loop2_done?,2 -|| SUB B0,1,B0 - MVC TSCL,B8 - SUB B8,B9,B8 -|| MV B8,B9 - CMPEQ B8,B7,B2 -|| MV B8,B7 - [!B2] ADDAW B4,1,B4 -||[!B2] ADDK 1,A4 - CMPEQ A4,A6,A2 - [!A2] BNOP bus_loop2?,5 - -bus_loop2_done?: - BNOP RA,5 - .endasmfunc -___ - -print $code; -close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/camellia/asm/cmll-x86.pl b/crypto/camellia/asm/cmll-x86.pl deleted file mode 100644 index 284d31ca9435e5bd8872419b1922d252f88b2da8..0000000000000000000000000000000000000000 --- a/crypto/camellia/asm/cmll-x86.pl +++ /dev/null @@ -1,1149 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2008-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - - -# ==================================================================== -# Copyright (c) 2008 Andy Polyakov -# -# This module may be used under the terms of either the GNU General -# Public License version 2 or later, the GNU Lesser General Public -# License version 2.1 or later, the Mozilla Public License version -# 1.1 or the BSD License. The exact terms of either license are -# distributed along with this module. For further details see -# http://www.openssl.org/~appro/camellia/. -# ==================================================================== - -# Performance in cycles per processed byte (less is better) in -# 'openssl speed ...' benchmark: -# -# AMD K8 Core2 PIII P4 -# -evp camellia-128-ecb 21.5 22.8 27.0 28.9 -# + over gcc 3.4.6 +90/11% +70/10% +53/4% +160/64% -# + over icc 8.0 +48/19% +21/15% +21/17% +55/37% -# -# camellia-128-cbc 17.3 21.1 23.9 25.9 -# -# 128-bit key setup 196 280 256 240 cycles/key -# + over gcc 3.4.6 +30/0% +17/11% +11/0% +63/40% -# + over icc 8.0 +18/3% +10/0% +10/3% +21/10% -# -# Pairs of numbers in "+" rows represent performance improvement over -# compiler generated position-independent code, PIC, and non-PIC -# respectively. PIC results are of greater relevance, as this module -# is position-independent, i.e. suitable for a shared library or PIE. -# Position independence "costs" one register, which is why compilers -# are so close with non-PIC results, they have an extra register to -# spare. CBC results are better than ECB ones thanks to "zero-copy" -# private _x86_* interface, and are ~30-40% better than with compiler -# generated cmll_cbc.o, and reach ~80-90% of x86_64 performance on -# same CPU (where applicable). - -$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; -push(@INC,"${dir}","${dir}../../perlasm"); -require "x86asm.pl"; - -$OPENSSL=1; - -$output = pop and open STDOUT,">$output"; - -&asm_init($ARGV[0],$ARGV[$#ARGV] eq "386"); - -@T=("eax","ebx","ecx","edx"); -$idx="esi"; -$key="edi"; -$Tbl="ebp"; - -# stack frame layout in _x86_Camellia_* routines, frame is allocated -# by caller -$__ra=&DWP(0,"esp"); # return address -$__s0=&DWP(4,"esp"); # s0 backing store -$__s1=&DWP(8,"esp"); # s1 backing store -$__s2=&DWP(12,"esp"); # s2 backing store -$__s3=&DWP(16,"esp"); # s3 backing store -$__end=&DWP(20,"esp"); # pointer to end/start of key schedule - -# stack frame layout in Camellia_[en|crypt] routines, which differs from -# above by 4 and overlaps by pointer to end/start of key schedule -$_end=&DWP(16,"esp"); -$_esp=&DWP(20,"esp"); - -# const unsigned int Camellia_SBOX[4][256]; -# Well, sort of... Camellia_SBOX[0][] is interleaved with [1][], -# and [2][] - with [3][]. This is done to optimize code size. -$SBOX1_1110=0; # Camellia_SBOX[0] -$SBOX4_4404=4; # Camellia_SBOX[1] -$SBOX2_0222=2048; # Camellia_SBOX[2] -$SBOX3_3033=2052; # Camellia_SBOX[3] -&static_label("Camellia_SIGMA"); -&static_label("Camellia_SBOX"); - -sub Camellia_Feistel { -my $i=@_[0]; -my $seed=defined(@_[1])?@_[1]:0; -my $scale=$seed<0?-8:8; -my $frame=defined(@_[2])?@_[2]:0; -my $j=($i&1)*2; -my $t0=@T[($j)%4],$t1=@T[($j+1)%4],$t2=@T[($j+2)%4],$t3=@T[($j+3)%4]; - - &xor ($t0,$idx); # t0^=key[0] - &xor ($t1,&DWP($seed+$i*$scale+4,$key)); # t1^=key[1] - &movz ($idx,&HB($t0)); # (t0>>8)&0xff - &mov ($t3,&DWP($SBOX3_3033,$Tbl,$idx,8)); # t3=SBOX3_3033[0] - &movz ($idx,&LB($t0)); # (t0>>0)&0xff - &xor ($t3,&DWP($SBOX4_4404,$Tbl,$idx,8)); # t3^=SBOX4_4404[0] - &shr ($t0,16); - &movz ($idx,&LB($t1)); # (t1>>0)&0xff - &mov ($t2,&DWP($SBOX1_1110,$Tbl,$idx,8)); # t2=SBOX1_1110[1] - &movz ($idx,&HB($t0)); # (t0>>24)&0xff - &xor ($t3,&DWP($SBOX1_1110,$Tbl,$idx,8)); # t3^=SBOX1_1110[0] - &movz ($idx,&HB($t1)); # (t1>>8)&0xff - &xor ($t2,&DWP($SBOX4_4404,$Tbl,$idx,8)); # t2^=SBOX4_4404[1] - &shr ($t1,16); - &movz ($t0,&LB($t0)); # (t0>>16)&0xff - &xor ($t3,&DWP($SBOX2_0222,$Tbl,$t0,8)); # t3^=SBOX2_0222[0] - &movz ($idx,&HB($t1)); # (t1>>24)&0xff - &mov ($t0,&DWP($frame+4*(($j+3)%4),"esp")); # prefetch "s3" - &xor ($t2,$t3); # t2^=t3 - &rotr ($t3,8); # t3=RightRotate(t3,8) - &xor ($t2,&DWP($SBOX2_0222,$Tbl,$idx,8)); # t2^=SBOX2_0222[1] - &movz ($idx,&LB($t1)); # (t1>>16)&0xff - &mov ($t1,&DWP($frame+4*(($j+2)%4),"esp")); # prefetch "s2" - &xor ($t3,$t0); # t3^=s3 - &xor ($t2,&DWP($SBOX3_3033,$Tbl,$idx,8)); # t2^=SBOX3_3033[1] - &mov ($idx,&DWP($seed+($i+1)*$scale,$key)); # prefetch key[i+1] - &xor ($t3,$t2); # t3^=t2 - &mov (&DWP($frame+4*(($j+3)%4),"esp"),$t3); # s3=t3 - &xor ($t2,$t1); # t2^=s2 - &mov (&DWP($frame+4*(($j+2)%4),"esp"),$t2); # s2=t2 -} - -# void Camellia_EncryptBlock_Rounds( -# int grandRounds, -# const Byte plaintext[], -# const KEY_TABLE_TYPE keyTable, -# Byte ciphertext[]) -&function_begin("Camellia_EncryptBlock_Rounds"); - &mov ("eax",&wparam(0)); # load grandRounds - &mov ($idx,&wparam(1)); # load plaintext pointer - &mov ($key,&wparam(2)); # load key schedule pointer - - &mov ("ebx","esp"); - &sub ("esp",7*4); # place for s[0-3],keyEnd,esp and ra - &and ("esp",-64); - - # place stack frame just "above mod 1024" the key schedule - # this ensures that cache associativity of 2 suffices - &lea ("ecx",&DWP(-64-63,$key)); - &sub ("ecx","esp"); - &neg ("ecx"); - &and ("ecx",0x3C0); # modulo 1024, but aligned to cache-line - &sub ("esp","ecx"); - &add ("esp",4); # 4 is reserved for callee's return address - - &shl ("eax",6); - &lea ("eax",&DWP(0,$key,"eax")); - &mov ($_esp,"ebx"); # save %esp - &mov ($_end,"eax"); # save keyEnd - - &call (&label("pic_point")); - &set_label("pic_point"); - &blindpop($Tbl); - &lea ($Tbl,&DWP(&label("Camellia_SBOX")."-".&label("pic_point"),$Tbl)); - - &mov (@T[0],&DWP(0,$idx)); # load plaintext - &mov (@T[1],&DWP(4,$idx)); - &mov (@T[2],&DWP(8,$idx)); - &bswap (@T[0]); - &mov (@T[3],&DWP(12,$idx)); - &bswap (@T[1]); - &bswap (@T[2]); - &bswap (@T[3]); - - &call ("_x86_Camellia_encrypt"); - - &mov ("esp",$_esp); - &bswap (@T[0]); - &mov ($idx,&wparam(3)); # load ciphertext pointer - &bswap (@T[1]); - &bswap (@T[2]); - &bswap (@T[3]); - &mov (&DWP(0,$idx),@T[0]); # write ciphertext - &mov (&DWP(4,$idx),@T[1]); - &mov (&DWP(8,$idx),@T[2]); - &mov (&DWP(12,$idx),@T[3]); -&function_end("Camellia_EncryptBlock_Rounds"); -# V1.x API -&function_begin_B("Camellia_EncryptBlock"); - &mov ("eax",128); - &sub ("eax",&wparam(0)); # load keyBitLength - &mov ("eax",3); - &adc ("eax",0); # keyBitLength==128?3:4 - &mov (&wparam(0),"eax"); - &jmp (&label("Camellia_EncryptBlock_Rounds")); -&function_end_B("Camellia_EncryptBlock"); - -if ($OPENSSL) { -# void Camellia_encrypt( -# const unsigned char *in, -# unsigned char *out, -# const CAMELLIA_KEY *key) -&function_begin("Camellia_encrypt"); - &mov ($idx,&wparam(0)); # load plaintext pointer - &mov ($key,&wparam(2)); # load key schedule pointer - - &mov ("ebx","esp"); - &sub ("esp",7*4); # place for s[0-3],keyEnd,esp and ra - &and ("esp",-64); - &mov ("eax",&DWP(272,$key)); # load grandRounds counter - - # place stack frame just "above mod 1024" the key schedule - # this ensures that cache associativity of 2 suffices - &lea ("ecx",&DWP(-64-63,$key)); - &sub ("ecx","esp"); - &neg ("ecx"); - &and ("ecx",0x3C0); # modulo 1024, but aligned to cache-line - &sub ("esp","ecx"); - &add ("esp",4); # 4 is reserved for callee's return address - - &shl ("eax",6); - &lea ("eax",&DWP(0,$key,"eax")); - &mov ($_esp,"ebx"); # save %esp - &mov ($_end,"eax"); # save keyEnd - - &call (&label("pic_point")); - &set_label("pic_point"); - &blindpop($Tbl); - &lea ($Tbl,&DWP(&label("Camellia_SBOX")."-".&label("pic_point"),$Tbl)); - - &mov (@T[0],&DWP(0,$idx)); # load plaintext - &mov (@T[1],&DWP(4,$idx)); - &mov (@T[2],&DWP(8,$idx)); - &bswap (@T[0]); - &mov (@T[3],&DWP(12,$idx)); - &bswap (@T[1]); - &bswap (@T[2]); - &bswap (@T[3]); - - &call ("_x86_Camellia_encrypt"); - - &mov ("esp",$_esp); - &bswap (@T[0]); - &mov ($idx,&wparam(1)); # load ciphertext pointer - &bswap (@T[1]); - &bswap (@T[2]); - &bswap (@T[3]); - &mov (&DWP(0,$idx),@T[0]); # write ciphertext - &mov (&DWP(4,$idx),@T[1]); - &mov (&DWP(8,$idx),@T[2]); - &mov (&DWP(12,$idx),@T[3]); -&function_end("Camellia_encrypt"); -} - -&function_begin_B("_x86_Camellia_encrypt"); - &xor (@T[0],&DWP(0,$key)); # ^=key[0-3] - &xor (@T[1],&DWP(4,$key)); - &xor (@T[2],&DWP(8,$key)); - &xor (@T[3],&DWP(12,$key)); - &mov ($idx,&DWP(16,$key)); # prefetch key[4] - - &mov ($__s0,@T[0]); # save s[0-3] - &mov ($__s1,@T[1]); - &mov ($__s2,@T[2]); - &mov ($__s3,@T[3]); - -&set_label("loop",16); - for ($i=0;$i<6;$i++) { Camellia_Feistel($i,16,4); } - - &add ($key,16*4); - &cmp ($key,$__end); - &je (&label("done")); - - # @T[0-1] are preloaded, $idx is preloaded with key[0] - &and ($idx,@T[0]); - &mov (@T[3],$__s3); - &rotl ($idx,1); - &mov (@T[2],@T[3]); - &xor (@T[1],$idx); - &or (@T[2],&DWP(12,$key)); - &mov ($__s1,@T[1]); # s1^=LeftRotate(s0&key[0],1); - &xor (@T[2],$__s2); - - &mov ($idx,&DWP(4,$key)); - &mov ($__s2,@T[2]); # s2^=s3|key[3]; - &or ($idx,@T[1]); - &and (@T[2],&DWP(8,$key)); - &xor (@T[0],$idx); - &rotl (@T[2],1); - &mov ($__s0,@T[0]); # s0^=s1|key[1]; - &xor (@T[3],@T[2]); - &mov ($idx,&DWP(16,$key)); # prefetch key[4] - &mov ($__s3,@T[3]); # s3^=LeftRotate(s2&key[2],1); - &jmp (&label("loop")); - -&set_label("done",8); - &mov (@T[2],@T[0]); # SwapHalf - &mov (@T[3],@T[1]); - &mov (@T[0],$__s2); - &mov (@T[1],$__s3); - &xor (@T[0],$idx); # $idx is preloaded with key[0] - &xor (@T[1],&DWP(4,$key)); - &xor (@T[2],&DWP(8,$key)); - &xor (@T[3],&DWP(12,$key)); - &ret (); -&function_end_B("_x86_Camellia_encrypt"); - -# void Camellia_DecryptBlock_Rounds( -# int grandRounds, -# const Byte ciphertext[], -# const KEY_TABLE_TYPE keyTable, -# Byte plaintext[]) -&function_begin("Camellia_DecryptBlock_Rounds"); - &mov ("eax",&wparam(0)); # load grandRounds - &mov ($idx,&wparam(1)); # load ciphertext pointer - &mov ($key,&wparam(2)); # load key schedule pointer - - &mov ("ebx","esp"); - &sub ("esp",7*4); # place for s[0-3],keyEnd,esp and ra - &and ("esp",-64); - - # place stack frame just "above mod 1024" the key schedule - # this ensures that cache associativity of 2 suffices - &lea ("ecx",&DWP(-64-63,$key)); - &sub ("ecx","esp"); - &neg ("ecx"); - &and ("ecx",0x3C0); # modulo 1024, but aligned to cache-line - &sub ("esp","ecx"); - &add ("esp",4); # 4 is reserved for callee's return address - - &shl ("eax",6); - &mov (&DWP(4*4,"esp"),$key); # save keyStart - &lea ($key,&DWP(0,$key,"eax")); - &mov (&DWP(5*4,"esp"),"ebx");# save %esp - - &call (&label("pic_point")); - &set_label("pic_point"); - &blindpop($Tbl); - &lea ($Tbl,&DWP(&label("Camellia_SBOX")."-".&label("pic_point"),$Tbl)); - - &mov (@T[0],&DWP(0,$idx)); # load ciphertext - &mov (@T[1],&DWP(4,$idx)); - &mov (@T[2],&DWP(8,$idx)); - &bswap (@T[0]); - &mov (@T[3],&DWP(12,$idx)); - &bswap (@T[1]); - &bswap (@T[2]); - &bswap (@T[3]); - - &call ("_x86_Camellia_decrypt"); - - &mov ("esp",&DWP(5*4,"esp")); - &bswap (@T[0]); - &mov ($idx,&wparam(3)); # load plaintext pointer - &bswap (@T[1]); - &bswap (@T[2]); - &bswap (@T[3]); - &mov (&DWP(0,$idx),@T[0]); # write plaintext - &mov (&DWP(4,$idx),@T[1]); - &mov (&DWP(8,$idx),@T[2]); - &mov (&DWP(12,$idx),@T[3]); -&function_end("Camellia_DecryptBlock_Rounds"); -# V1.x API -&function_begin_B("Camellia_DecryptBlock"); - &mov ("eax",128); - &sub ("eax",&wparam(0)); # load keyBitLength - &mov ("eax",3); - &adc ("eax",0); # keyBitLength==128?3:4 - &mov (&wparam(0),"eax"); - &jmp (&label("Camellia_DecryptBlock_Rounds")); -&function_end_B("Camellia_DecryptBlock"); - -if ($OPENSSL) { -# void Camellia_decrypt( -# const unsigned char *in, -# unsigned char *out, -# const CAMELLIA_KEY *key) -&function_begin("Camellia_decrypt"); - &mov ($idx,&wparam(0)); # load ciphertext pointer - &mov ($key,&wparam(2)); # load key schedule pointer - - &mov ("ebx","esp"); - &sub ("esp",7*4); # place for s[0-3],keyEnd,esp and ra - &and ("esp",-64); - &mov ("eax",&DWP(272,$key)); # load grandRounds counter - - # place stack frame just "above mod 1024" the key schedule - # this ensures that cache associativity of 2 suffices - &lea ("ecx",&DWP(-64-63,$key)); - &sub ("ecx","esp"); - &neg ("ecx"); - &and ("ecx",0x3C0); # modulo 1024, but aligned to cache-line - &sub ("esp","ecx"); - &add ("esp",4); # 4 is reserved for callee's return address - - &shl ("eax",6); - &mov (&DWP(4*4,"esp"),$key); # save keyStart - &lea ($key,&DWP(0,$key,"eax")); - &mov (&DWP(5*4,"esp"),"ebx");# save %esp - - &call (&label("pic_point")); - &set_label("pic_point"); - &blindpop($Tbl); - &lea ($Tbl,&DWP(&label("Camellia_SBOX")."-".&label("pic_point"),$Tbl)); - - &mov (@T[0],&DWP(0,$idx)); # load ciphertext - &mov (@T[1],&DWP(4,$idx)); - &mov (@T[2],&DWP(8,$idx)); - &bswap (@T[0]); - &mov (@T[3],&DWP(12,$idx)); - &bswap (@T[1]); - &bswap (@T[2]); - &bswap (@T[3]); - - &call ("_x86_Camellia_decrypt"); - - &mov ("esp",&DWP(5*4,"esp")); - &bswap (@T[0]); - &mov ($idx,&wparam(1)); # load plaintext pointer - &bswap (@T[1]); - &bswap (@T[2]); - &bswap (@T[3]); - &mov (&DWP(0,$idx),@T[0]); # write plaintext - &mov (&DWP(4,$idx),@T[1]); - &mov (&DWP(8,$idx),@T[2]); - &mov (&DWP(12,$idx),@T[3]); -&function_end("Camellia_decrypt"); -} - -&function_begin_B("_x86_Camellia_decrypt"); - &xor (@T[0],&DWP(0,$key)); # ^=key[0-3] - &xor (@T[1],&DWP(4,$key)); - &xor (@T[2],&DWP(8,$key)); - &xor (@T[3],&DWP(12,$key)); - &mov ($idx,&DWP(-8,$key)); # prefetch key[-2] - - &mov ($__s0,@T[0]); # save s[0-3] - &mov ($__s1,@T[1]); - &mov ($__s2,@T[2]); - &mov ($__s3,@T[3]); - -&set_label("loop",16); - for ($i=0;$i<6;$i++) { Camellia_Feistel($i,-8,4); } - - &sub ($key,16*4); - &cmp ($key,$__end); - &je (&label("done")); - - # @T[0-1] are preloaded, $idx is preloaded with key[2] - &and ($idx,@T[0]); - &mov (@T[3],$__s3); - &rotl ($idx,1); - &mov (@T[2],@T[3]); - &xor (@T[1],$idx); - &or (@T[2],&DWP(4,$key)); - &mov ($__s1,@T[1]); # s1^=LeftRotate(s0&key[0],1); - &xor (@T[2],$__s2); - - &mov ($idx,&DWP(12,$key)); - &mov ($__s2,@T[2]); # s2^=s3|key[3]; - &or ($idx,@T[1]); - &and (@T[2],&DWP(0,$key)); - &xor (@T[0],$idx); - &rotl (@T[2],1); - &mov ($__s0,@T[0]); # s0^=s1|key[1]; - &xor (@T[3],@T[2]); - &mov ($idx,&DWP(-8,$key)); # prefetch key[4] - &mov ($__s3,@T[3]); # s3^=LeftRotate(s2&key[2],1); - &jmp (&label("loop")); - -&set_label("done",8); - &mov (@T[2],@T[0]); # SwapHalf - &mov (@T[3],@T[1]); - &mov (@T[0],$__s2); - &mov (@T[1],$__s3); - &xor (@T[2],$idx); # $idx is preloaded with key[2] - &xor (@T[3],&DWP(12,$key)); - &xor (@T[0],&DWP(0,$key)); - &xor (@T[1],&DWP(4,$key)); - &ret (); -&function_end_B("_x86_Camellia_decrypt"); - -# shld is very slow on Intel P4 family. Even on AMD it limits -# instruction decode rate [because it's VectorPath] and consequently -# performance. PIII, PM and Core[2] seem to be the only ones which -# execute this code ~7% faster... -sub __rotl128 { - my ($i0,$i1,$i2,$i3,$rot,$rnd,@T)=@_; - - $rnd *= 2; - if ($rot) { - &mov ($idx,$i0); - &shld ($i0,$i1,$rot); - &shld ($i1,$i2,$rot); - &shld ($i2,$i3,$rot); - &shld ($i3,$idx,$rot); - } - &mov (&DWP(-128+4*$rnd++,$key),shift(@T)) if ($i0 eq @T[0]); - &mov (&DWP(-128+4*$rnd++,$key),shift(@T)) if ($i1 eq @T[0]); - &mov (&DWP(-128+4*$rnd++,$key),shift(@T)) if ($i2 eq @T[0]); - &mov (&DWP(-128+4*$rnd++,$key),shift(@T)) if ($i3 eq @T[0]); -} - -# ... Implementing 128-bit rotate without shld gives >3x performance -# improvement on P4, only ~7% degradation on other Intel CPUs and -# not worse performance on AMD. This is therefore preferred. -sub _rotl128 { - my ($i0,$i1,$i2,$i3,$rot,$rnd,@T)=@_; - - $rnd *= 2; - if ($rot) { - &mov ($Tbl,$i0); - &shl ($i0,$rot); - &mov ($idx,$i1); - &shr ($idx,32-$rot); - &shl ($i1,$rot); - &or ($i0,$idx); - &mov ($idx,$i2); - &shl ($i2,$rot); - &mov (&DWP(-128+4*$rnd++,$key),shift(@T)) if ($i0 eq @T[0]); - &shr ($idx,32-$rot); - &or ($i1,$idx); - &shr ($Tbl,32-$rot); - &mov ($idx,$i3); - &shr ($idx,32-$rot); - &mov (&DWP(-128+4*$rnd++,$key),shift(@T)) if ($i1 eq @T[0]); - &shl ($i3,$rot); - &or ($i2,$idx); - &or ($i3,$Tbl); - &mov (&DWP(-128+4*$rnd++,$key),shift(@T)) if ($i2 eq @T[0]); - &mov (&DWP(-128+4*$rnd++,$key),shift(@T)) if ($i3 eq @T[0]); - } else { - &mov (&DWP(-128+4*$rnd++,$key),shift(@T)) if ($i0 eq @T[0]); - &mov (&DWP(-128+4*$rnd++,$key),shift(@T)) if ($i1 eq @T[0]); - &mov (&DWP(-128+4*$rnd++,$key),shift(@T)) if ($i2 eq @T[0]); - &mov (&DWP(-128+4*$rnd++,$key),shift(@T)) if ($i3 eq @T[0]); - } -} - -sub _saveround { -my ($rnd,$key,@T)=@_; -my $bias=int(@T[0])?shift(@T):0; - - &mov (&DWP($bias+$rnd*8+0,$key),@T[0]); - &mov (&DWP($bias+$rnd*8+4,$key),@T[1]) if ($#T>=1); - &mov (&DWP($bias+$rnd*8+8,$key),@T[2]) if ($#T>=2); - &mov (&DWP($bias+$rnd*8+12,$key),@T[3]) if ($#T>=3); -} - -sub _loadround { -my ($rnd,$key,@T)=@_; -my $bias=int(@T[0])?shift(@T):0; - - &mov (@T[0],&DWP($bias+$rnd*8+0,$key)); - &mov (@T[1],&DWP($bias+$rnd*8+4,$key)) if ($#T>=1); - &mov (@T[2],&DWP($bias+$rnd*8+8,$key)) if ($#T>=2); - &mov (@T[3],&DWP($bias+$rnd*8+12,$key)) if ($#T>=3); -} - -# void Camellia_Ekeygen( -# const int keyBitLength, -# const Byte *rawKey, -# KEY_TABLE_TYPE keyTable) -&function_begin("Camellia_Ekeygen"); -{ my $step=0; - - &stack_push(4); # place for s[0-3] - - &mov ($Tbl,&wparam(0)); # load arguments - &mov ($idx,&wparam(1)); - &mov ($key,&wparam(2)); - - &mov (@T[0],&DWP(0,$idx)); # load 0-127 bits - &mov (@T[1],&DWP(4,$idx)); - &mov (@T[2],&DWP(8,$idx)); - &mov (@T[3],&DWP(12,$idx)); - - &bswap (@T[0]); - &bswap (@T[1]); - &bswap (@T[2]); - &bswap (@T[3]); - - &_saveround (0,$key,@T); # KL<<<0 - - &cmp ($Tbl,128); - &je (&label("1st128")); - - &mov (@T[0],&DWP(16,$idx)); # load 128-191 bits - &mov (@T[1],&DWP(20,$idx)); - &cmp ($Tbl,192); - &je (&label("1st192")); - &mov (@T[2],&DWP(24,$idx)); # load 192-255 bits - &mov (@T[3],&DWP(28,$idx)); - &jmp (&label("1st256")); -&set_label("1st192",4); - &mov (@T[2],@T[0]); - &mov (@T[3],@T[1]); - ¬ (@T[2]); - ¬ (@T[3]); -&set_label("1st256",4); - &bswap (@T[0]); - &bswap (@T[1]); - &bswap (@T[2]); - &bswap (@T[3]); - - &_saveround (4,$key,@T); # temporary storage for KR! - - &xor (@T[0],&DWP(0*8+0,$key)); # KR^KL - &xor (@T[1],&DWP(0*8+4,$key)); - &xor (@T[2],&DWP(1*8+0,$key)); - &xor (@T[3],&DWP(1*8+4,$key)); - -&set_label("1st128",4); - &call (&label("pic_point")); - &set_label("pic_point"); - &blindpop($Tbl); - &lea ($Tbl,&DWP(&label("Camellia_SBOX")."-".&label("pic_point"),$Tbl)); - &lea ($key,&DWP(&label("Camellia_SIGMA")."-".&label("Camellia_SBOX"),$Tbl)); - - &mov ($idx,&DWP($step*8,$key)); # prefetch SIGMA[0] - &mov (&swtmp(0),@T[0]); # save s[0-3] - &mov (&swtmp(1),@T[1]); - &mov (&swtmp(2),@T[2]); - &mov (&swtmp(3),@T[3]); - &Camellia_Feistel($step++); - &Camellia_Feistel($step++); - &mov (@T[2],&swtmp(2)); - &mov (@T[3],&swtmp(3)); - - &mov ($idx,&wparam(2)); - &xor (@T[0],&DWP(0*8+0,$idx)); # ^KL - &xor (@T[1],&DWP(0*8+4,$idx)); - &xor (@T[2],&DWP(1*8+0,$idx)); - &xor (@T[3],&DWP(1*8+4,$idx)); - - &mov ($idx,&DWP($step*8,$key)); # prefetch SIGMA[4] - &mov (&swtmp(0),@T[0]); # save s[0-3] - &mov (&swtmp(1),@T[1]); - &mov (&swtmp(2),@T[2]); - &mov (&swtmp(3),@T[3]); - &Camellia_Feistel($step++); - &Camellia_Feistel($step++); - &mov (@T[2],&swtmp(2)); - &mov (@T[3],&swtmp(3)); - - &mov ($idx,&wparam(0)); - &cmp ($idx,128); - &jne (&label("2nd256")); - - &mov ($key,&wparam(2)); - &lea ($key,&DWP(128,$key)); # size optimization - - ####### process KA - &_saveround (2,$key,-128,@T); # KA<<<0 - &_rotl128 (@T,15,6,@T); # KA<<<15 - &_rotl128 (@T,15,8,@T); # KA<<<(15+15=30) - &_rotl128 (@T,15,12,@T[0],@T[1]); # KA<<<(30+15=45) - &_rotl128 (@T,15,14,@T); # KA<<<(45+15=60) - push (@T,shift(@T)); # rotl128(@T,32); - &_rotl128 (@T,2,20,@T); # KA<<<(60+32+2=94) - &_rotl128 (@T,17,24,@T); # KA<<<(94+17=111) - - ####### process KL - &_loadround (0,$key,-128,@T); # load KL - &_rotl128 (@T,15,4,@T); # KL<<<15 - &_rotl128 (@T,30,10,@T); # KL<<<(15+30=45) - &_rotl128 (@T,15,13,@T[2],@T[3]); # KL<<<(45+15=60) - &_rotl128 (@T,17,16,@T); # KL<<<(60+17=77) - &_rotl128 (@T,17,18,@T); # KL<<<(77+17=94) - &_rotl128 (@T,17,22,@T); # KL<<<(94+17=111) - - while (@T[0] ne "eax") # restore order - { unshift (@T,pop(@T)); } - - &mov ("eax",3); # 3 grandRounds - &jmp (&label("done")); - -&set_label("2nd256",16); - &mov ($idx,&wparam(2)); - &_saveround (6,$idx,@T); # temporary storage for KA! - - &xor (@T[0],&DWP(4*8+0,$idx)); # KA^KR - &xor (@T[1],&DWP(4*8+4,$idx)); - &xor (@T[2],&DWP(5*8+0,$idx)); - &xor (@T[3],&DWP(5*8+4,$idx)); - - &mov ($idx,&DWP($step*8,$key)); # prefetch SIGMA[8] - &mov (&swtmp(0),@T[0]); # save s[0-3] - &mov (&swtmp(1),@T[1]); - &mov (&swtmp(2),@T[2]); - &mov (&swtmp(3),@T[3]); - &Camellia_Feistel($step++); - &Camellia_Feistel($step++); - &mov (@T[2],&swtmp(2)); - &mov (@T[3],&swtmp(3)); - - &mov ($key,&wparam(2)); - &lea ($key,&DWP(128,$key)); # size optimization - - ####### process KB - &_saveround (2,$key,-128,@T); # KB<<<0 - &_rotl128 (@T,30,10,@T); # KB<<<30 - &_rotl128 (@T,30,20,@T); # KB<<<(30+30=60) - push (@T,shift(@T)); # rotl128(@T,32); - &_rotl128 (@T,19,32,@T); # KB<<<(60+32+19=111) - - ####### process KR - &_loadround (4,$key,-128,@T); # load KR - &_rotl128 (@T,15,4,@T); # KR<<<15 - &_rotl128 (@T,15,8,@T); # KR<<<(15+15=30) - &_rotl128 (@T,30,18,@T); # KR<<<(30+30=60) - push (@T,shift(@T)); # rotl128(@T,32); - &_rotl128 (@T,2,26,@T); # KR<<<(60+32+2=94) - - ####### process KA - &_loadround (6,$key,-128,@T); # load KA - &_rotl128 (@T,15,6,@T); # KA<<<15 - &_rotl128 (@T,30,14,@T); # KA<<<(15+30=45) - push (@T,shift(@T)); # rotl128(@T,32); - &_rotl128 (@T,0,24,@T); # KA<<<(45+32+0=77) - &_rotl128 (@T,17,28,@T); # KA<<<(77+17=94) - - ####### process KL - &_loadround (0,$key,-128,@T); # load KL - push (@T,shift(@T)); # rotl128(@T,32); - &_rotl128 (@T,13,12,@T); # KL<<<(32+13=45) - &_rotl128 (@T,15,16,@T); # KL<<<(45+15=60) - &_rotl128 (@T,17,22,@T); # KL<<<(60+17=77) - push (@T,shift(@T)); # rotl128(@T,32); - &_rotl128 (@T,2,30,@T); # KL<<<(77+32+2=111) - - while (@T[0] ne "eax") # restore order - { unshift (@T,pop(@T)); } - - &mov ("eax",4); # 4 grandRounds -&set_label("done"); - &lea ("edx",&DWP(272-128,$key)); # end of key schedule - &stack_pop(4); -} -&function_end("Camellia_Ekeygen"); - -if ($OPENSSL) { -# int Camellia_set_key ( -# const unsigned char *userKey, -# int bits, -# CAMELLIA_KEY *key) -&function_begin_B("Camellia_set_key"); - &push ("ebx"); - &mov ("ecx",&wparam(0)); # pull arguments - &mov ("ebx",&wparam(1)); - &mov ("edx",&wparam(2)); - - &mov ("eax",-1); - &test ("ecx","ecx"); - &jz (&label("done")); # userKey==NULL? - &test ("edx","edx"); - &jz (&label("done")); # key==NULL? - - &mov ("eax",-2); - &cmp ("ebx",256); - &je (&label("arg_ok")); # bits==256? - &cmp ("ebx",192); - &je (&label("arg_ok")); # bits==192? - &cmp ("ebx",128); - &jne (&label("done")); # bits!=128? -&set_label("arg_ok",4); - - &push ("edx"); # push arguments - &push ("ecx"); - &push ("ebx"); - &call ("Camellia_Ekeygen"); - &stack_pop(3); - - # eax holds grandRounds and edx points at where to put it - &mov (&DWP(0,"edx"),"eax"); - &xor ("eax","eax"); -&set_label("done",4); - &pop ("ebx"); - &ret (); -&function_end_B("Camellia_set_key"); -} - -@SBOX=( -112,130, 44,236,179, 39,192,229,228,133, 87, 53,234, 12,174, 65, - 35,239,107,147, 69, 25,165, 33,237, 14, 79, 78, 29,101,146,189, -134,184,175,143,124,235, 31,206, 62, 48,220, 95, 94,197, 11, 26, -166,225, 57,202,213, 71, 93, 61,217, 1, 90,214, 81, 86,108, 77, -139, 13,154,102,251,204,176, 45,116, 18, 43, 32,240,177,132,153, -223, 76,203,194, 52,126,118, 5,109,183,169, 49,209, 23, 4,215, - 20, 88, 58, 97,222, 27, 17, 28, 50, 15,156, 22, 83, 24,242, 34, -254, 68,207,178,195,181,122,145, 36, 8,232,168, 96,252,105, 80, -170,208,160,125,161,137, 98,151, 84, 91, 30,149,224,255,100,210, - 16,196, 0, 72,163,247,117,219,138, 3,230,218, 9, 63,221,148, -135, 92,131, 2,205, 74,144, 51,115,103,246,243,157,127,191,226, - 82,155,216, 38,200, 55,198, 59,129,150,111, 75, 19,190, 99, 46, -233,121,167,140,159,110,188,142, 41,245,249,182, 47,253,180, 89, -120,152, 6,106,231, 70,113,186,212, 37,171, 66,136,162,141,250, -114, 7,185, 85,248,238,172, 10, 54, 73, 42,104, 60, 56,241,164, - 64, 40,211,123,187,201, 67,193, 21,227,173,244,119,199,128,158); - -sub S1110 { my $i=shift; $i=@SBOX[$i]; return $i<<24|$i<<16|$i<<8; } -sub S4404 { my $i=shift; $i=($i<<1|$i>>7)&0xff; $i=@SBOX[$i]; return $i<<24|$i<<16|$i; } -sub S0222 { my $i=shift; $i=@SBOX[$i]; $i=($i<<1|$i>>7)&0xff; return $i<<16|$i<<8|$i; } -sub S3033 { my $i=shift; $i=@SBOX[$i]; $i=($i>>1|$i<<7)&0xff; return $i<<24|$i<<8|$i; } - -&set_label("Camellia_SIGMA",64); -&data_word( - 0xa09e667f, 0x3bcc908b, 0xb67ae858, 0x4caa73b2, - 0xc6ef372f, 0xe94f82be, 0x54ff53a5, 0xf1d36f1c, - 0x10e527fa, 0xde682d1d, 0xb05688c2, 0xb3e6c1fd, - 0, 0, 0, 0); -&set_label("Camellia_SBOX",64); -# tables are interleaved, remember? -for ($i=0;$i<256;$i++) { &data_word(&S1110($i),&S4404($i)); } -for ($i=0;$i<256;$i++) { &data_word(&S0222($i),&S3033($i)); } - -# void Camellia_cbc_encrypt (const void char *inp, unsigned char *out, -# size_t length, const CAMELLIA_KEY *key, -# unsigned char *ivp,const int enc); -{ -# stack frame layout -# -4(%esp) # return address 0(%esp) -# 0(%esp) # s0 4(%esp) -# 4(%esp) # s1 8(%esp) -# 8(%esp) # s2 12(%esp) -# 12(%esp) # s3 16(%esp) -# 16(%esp) # end of key schedule 20(%esp) -# 20(%esp) # %esp backup -my $_inp=&DWP(24,"esp"); #copy of wparam(0) -my $_out=&DWP(28,"esp"); #copy of wparam(1) -my $_len=&DWP(32,"esp"); #copy of wparam(2) -my $_key=&DWP(36,"esp"); #copy of wparam(3) -my $_ivp=&DWP(40,"esp"); #copy of wparam(4) -my $ivec=&DWP(44,"esp"); #ivec[16] -my $_tmp=&DWP(44,"esp"); #volatile variable [yes, aliases with ivec] -my ($s0,$s1,$s2,$s3) = @T; - -&function_begin("Camellia_cbc_encrypt"); - &mov ($s2 eq "ecx"? $s2 : "",&wparam(2)); # load len - &cmp ($s2,0); - &je (&label("enc_out")); - - &pushf (); - &cld (); - - &mov ($s0,&wparam(0)); # load inp - &mov ($s1,&wparam(1)); # load out - #&mov ($s2,&wparam(2)); # load len - &mov ($s3,&wparam(3)); # load key - &mov ($Tbl,&wparam(4)); # load ivp - - # allocate aligned stack frame... - &lea ($idx,&DWP(-64,"esp")); - &and ($idx,-64); - - # place stack frame just "above mod 1024" the key schedule - # this ensures that cache associativity of 2 suffices - &lea ($key,&DWP(-64-63,$s3)); - &sub ($key,$idx); - &neg ($key); - &and ($key,0x3C0); # modulo 1024, but aligned to cache-line - &sub ($idx,$key); - - &mov ($key,&wparam(5)); # load enc - - &exch ("esp",$idx); - &add ("esp",4); # reserve for return address! - &mov ($_esp,$idx); # save %esp - - &mov ($_inp,$s0); # save copy of inp - &mov ($_out,$s1); # save copy of out - &mov ($_len,$s2); # save copy of len - &mov ($_key,$s3); # save copy of key - &mov ($_ivp,$Tbl); # save copy of ivp - - &call (&label("pic_point")); # make it PIC! - &set_label("pic_point"); - &blindpop($Tbl); - &lea ($Tbl,&DWP(&label("Camellia_SBOX")."-".&label("pic_point"),$Tbl)); - - &mov ($idx,32); - &set_label("prefetch_sbox",4); - &mov ($s0,&DWP(0,$Tbl)); - &mov ($s1,&DWP(32,$Tbl)); - &mov ($s2,&DWP(64,$Tbl)); - &mov ($s3,&DWP(96,$Tbl)); - &lea ($Tbl,&DWP(128,$Tbl)); - &dec ($idx); - &jnz (&label("prefetch_sbox")); - &mov ($s0,$_key); - &sub ($Tbl,4096); - &mov ($idx,$_inp); - &mov ($s3,&DWP(272,$s0)); # load grandRounds - - &cmp ($key,0); - &je (&label("DECRYPT")); - - &mov ($s2,$_len); - &mov ($key,$_ivp); - &shl ($s3,6); - &lea ($s3,&DWP(0,$s0,$s3)); - &mov ($_end,$s3); - - &test ($s2,0xFFFFFFF0); - &jz (&label("enc_tail")); # short input... - - &mov ($s0,&DWP(0,$key)); # load iv - &mov ($s1,&DWP(4,$key)); - - &set_label("enc_loop",4); - &mov ($s2,&DWP(8,$key)); - &mov ($s3,&DWP(12,$key)); - - &xor ($s0,&DWP(0,$idx)); # xor input data - &xor ($s1,&DWP(4,$idx)); - &xor ($s2,&DWP(8,$idx)); - &bswap ($s0); - &xor ($s3,&DWP(12,$idx)); - &bswap ($s1); - &mov ($key,$_key); # load key - &bswap ($s2); - &bswap ($s3); - - &call ("_x86_Camellia_encrypt"); - - &mov ($idx,$_inp); # load inp - &mov ($key,$_out); # load out - - &bswap ($s0); - &bswap ($s1); - &bswap ($s2); - &mov (&DWP(0,$key),$s0); # save output data - &bswap ($s3); - &mov (&DWP(4,$key),$s1); - &mov (&DWP(8,$key),$s2); - &mov (&DWP(12,$key),$s3); - - &mov ($s2,$_len); # load len - - &lea ($idx,&DWP(16,$idx)); - &mov ($_inp,$idx); # save inp - - &lea ($s3,&DWP(16,$key)); - &mov ($_out,$s3); # save out - - &sub ($s2,16); - &test ($s2,0xFFFFFFF0); - &mov ($_len,$s2); # save len - &jnz (&label("enc_loop")); - &test ($s2,15); - &jnz (&label("enc_tail")); - &mov ($idx,$_ivp); # load ivp - &mov ($s2,&DWP(8,$key)); # restore last dwords - &mov ($s3,&DWP(12,$key)); - &mov (&DWP(0,$idx),$s0); # save ivec - &mov (&DWP(4,$idx),$s1); - &mov (&DWP(8,$idx),$s2); - &mov (&DWP(12,$idx),$s3); - - &mov ("esp",$_esp); - &popf (); - &set_label("enc_out"); - &function_end_A(); - &pushf (); # kludge, never executed - - &set_label("enc_tail",4); - &mov ($s0,$key eq "edi" ? $key : ""); - &mov ($key,$_out); # load out - &push ($s0); # push ivp - &mov ($s1,16); - &sub ($s1,$s2); - &cmp ($key,$idx); # compare with inp - &je (&label("enc_in_place")); - &align (4); - &data_word(0xA4F3F689); # rep movsb # copy input - &jmp (&label("enc_skip_in_place")); - &set_label("enc_in_place"); - &lea ($key,&DWP(0,$key,$s2)); - &set_label("enc_skip_in_place"); - &mov ($s2,$s1); - &xor ($s0,$s0); - &align (4); - &data_word(0xAAF3F689); # rep stosb # zero tail - &pop ($key); # pop ivp - - &mov ($idx,$_out); # output as input - &mov ($s0,&DWP(0,$key)); - &mov ($s1,&DWP(4,$key)); - &mov ($_len,16); # len=16 - &jmp (&label("enc_loop")); # one more spin... - -#----------------------------- DECRYPT -----------------------------# -&set_label("DECRYPT",16); - &shl ($s3,6); - &lea ($s3,&DWP(0,$s0,$s3)); - &mov ($_end,$s0); - &mov ($_key,$s3); - - &cmp ($idx,$_out); - &je (&label("dec_in_place")); # in-place processing... - - &mov ($key,$_ivp); # load ivp - &mov ($_tmp,$key); - - &set_label("dec_loop",4); - &mov ($s0,&DWP(0,$idx)); # read input - &mov ($s1,&DWP(4,$idx)); - &mov ($s2,&DWP(8,$idx)); - &bswap ($s0); - &mov ($s3,&DWP(12,$idx)); - &bswap ($s1); - &mov ($key,$_key); # load key - &bswap ($s2); - &bswap ($s3); - - &call ("_x86_Camellia_decrypt"); - - &mov ($key,$_tmp); # load ivp - &mov ($idx,$_len); # load len - - &bswap ($s0); - &bswap ($s1); - &bswap ($s2); - &xor ($s0,&DWP(0,$key)); # xor iv - &bswap ($s3); - &xor ($s1,&DWP(4,$key)); - &xor ($s2,&DWP(8,$key)); - &xor ($s3,&DWP(12,$key)); - - &sub ($idx,16); - &jc (&label("dec_partial")); - &mov ($_len,$idx); # save len - &mov ($idx,$_inp); # load inp - &mov ($key,$_out); # load out - - &mov (&DWP(0,$key),$s0); # write output - &mov (&DWP(4,$key),$s1); - &mov (&DWP(8,$key),$s2); - &mov (&DWP(12,$key),$s3); - - &mov ($_tmp,$idx); # save ivp - &lea ($idx,&DWP(16,$idx)); - &mov ($_inp,$idx); # save inp - - &lea ($key,&DWP(16,$key)); - &mov ($_out,$key); # save out - - &jnz (&label("dec_loop")); - &mov ($key,$_tmp); # load temp ivp - &set_label("dec_end"); - &mov ($idx,$_ivp); # load user ivp - &mov ($s0,&DWP(0,$key)); # load iv - &mov ($s1,&DWP(4,$key)); - &mov ($s2,&DWP(8,$key)); - &mov ($s3,&DWP(12,$key)); - &mov (&DWP(0,$idx),$s0); # copy back to user - &mov (&DWP(4,$idx),$s1); - &mov (&DWP(8,$idx),$s2); - &mov (&DWP(12,$idx),$s3); - &jmp (&label("dec_out")); - - &set_label("dec_partial",4); - &lea ($key,$ivec); - &mov (&DWP(0,$key),$s0); # dump output to stack - &mov (&DWP(4,$key),$s1); - &mov (&DWP(8,$key),$s2); - &mov (&DWP(12,$key),$s3); - &lea ($s2 eq "ecx" ? $s2 : "",&DWP(16,$idx)); - &mov ($idx eq "esi" ? $idx : "",$key); - &mov ($key eq "edi" ? $key : "",$_out); # load out - &data_word(0xA4F3F689); # rep movsb # copy output - &mov ($key,$_inp); # use inp as temp ivp - &jmp (&label("dec_end")); - - &set_label("dec_in_place",4); - &set_label("dec_in_place_loop"); - &lea ($key,$ivec); - &mov ($s0,&DWP(0,$idx)); # read input - &mov ($s1,&DWP(4,$idx)); - &mov ($s2,&DWP(8,$idx)); - &mov ($s3,&DWP(12,$idx)); - - &mov (&DWP(0,$key),$s0); # copy to temp - &mov (&DWP(4,$key),$s1); - &mov (&DWP(8,$key),$s2); - &bswap ($s0); - &mov (&DWP(12,$key),$s3); - &bswap ($s1); - &mov ($key,$_key); # load key - &bswap ($s2); - &bswap ($s3); - - &call ("_x86_Camellia_decrypt"); - - &mov ($key,$_ivp); # load ivp - &mov ($idx,$_out); # load out - - &bswap ($s0); - &bswap ($s1); - &bswap ($s2); - &xor ($s0,&DWP(0,$key)); # xor iv - &bswap ($s3); - &xor ($s1,&DWP(4,$key)); - &xor ($s2,&DWP(8,$key)); - &xor ($s3,&DWP(12,$key)); - - &mov (&DWP(0,$idx),$s0); # write output - &mov (&DWP(4,$idx),$s1); - &mov (&DWP(8,$idx),$s2); - &mov (&DWP(12,$idx),$s3); - - &lea ($idx,&DWP(16,$idx)); - &mov ($_out,$idx); # save out - - &lea ($idx,$ivec); - &mov ($s0,&DWP(0,$idx)); # read temp - &mov ($s1,&DWP(4,$idx)); - &mov ($s2,&DWP(8,$idx)); - &mov ($s3,&DWP(12,$idx)); - - &mov (&DWP(0,$key),$s0); # copy iv - &mov (&DWP(4,$key),$s1); - &mov (&DWP(8,$key),$s2); - &mov (&DWP(12,$key),$s3); - - &mov ($idx,$_inp); # load inp - - &lea ($idx,&DWP(16,$idx)); - &mov ($_inp,$idx); # save inp - - &mov ($s2,$_len); # load len - &sub ($s2,16); - &jc (&label("dec_in_place_partial")); - &mov ($_len,$s2); # save len - &jnz (&label("dec_in_place_loop")); - &jmp (&label("dec_out")); - - &set_label("dec_in_place_partial",4); - # one can argue if this is actually required... - &mov ($key eq "edi" ? $key : "",$_out); - &lea ($idx eq "esi" ? $idx : "",$ivec); - &lea ($key,&DWP(0,$key,$s2)); - &lea ($idx,&DWP(16,$idx,$s2)); - &neg ($s2 eq "ecx" ? $s2 : ""); - &data_word(0xA4F3F689); # rep movsb # restore tail - - &set_label("dec_out",4); - &mov ("esp",$_esp); - &popf (); -&function_end("Camellia_cbc_encrypt"); -} - -&asciz("Camellia for x86 by "); - -&asm_finish(); - -close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/camellia/asm/cmll-x86_64.pl b/crypto/camellia/asm/cmll-x86_64.pl deleted file mode 100644 index 7e069614d9157a9229ef7a262e2cb37e0825e110..0000000000000000000000000000000000000000 --- a/crypto/camellia/asm/cmll-x86_64.pl +++ /dev/null @@ -1,1156 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2008-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - - -# ==================================================================== -# Copyright (c) 2008 Andy Polyakov -# -# This module may be used under the terms of either the GNU General -# Public License version 2 or later, the GNU Lesser General Public -# License version 2.1 or later, the Mozilla Public License version -# 1.1 or the BSD License. The exact terms of either license are -# distributed along with this module. For further details see -# http://www.openssl.org/~appro/camellia/. -# ==================================================================== - -# Performance in cycles per processed byte (less is better) in -# 'openssl speed ...' benchmark: -# -# AMD64 Core2 EM64T -# -evp camellia-128-ecb 16.7 21.0 22.7 -# + over gcc 3.4.6 +25% +5% 0% -# -# camellia-128-cbc 15.7 20.4 21.1 -# -# 128-bit key setup 128 216 205 cycles/key -# + over gcc 3.4.6 +54% +39% +15% -# -# Numbers in "+" rows represent performance improvement over compiler -# generated code. Key setup timings are impressive on AMD and Core2 -# thanks to 64-bit operations being covertly deployed. Improvement on -# EM64T, pre-Core2 Intel x86_64 CPU, is not as impressive, because it -# apparently emulates some of 64-bit operations in [32-bit] microcode. - -# $output is the last argument if it looks like a file (it has an extension) -# $flavour is the first argument if it doesn't look like a file -$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; -$flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef; - -$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/); - -$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; -( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or -( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or -die "can't locate x86_64-xlate.pl"; - -open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"" - or die "can't call $xlate: $!"; -*STDOUT=*OUT; - -sub hi() { my $r=shift; $r =~ s/%[er]([a-d])x/%\1h/; $r; } -sub lo() { my $r=shift; $r =~ s/%[er]([a-d])x/%\1l/; - $r =~ s/%[er]([sd]i)/%\1l/; - $r =~ s/%(r[0-9]+)[d]?/%\1b/; $r; } - -$t0="%eax";$t1="%ebx";$t2="%ecx";$t3="%edx"; -@S=("%r8d","%r9d","%r10d","%r11d"); -$i0="%esi"; -$i1="%edi"; -$Tbl="%rbp"; # size optimization -$inp="%r12"; -$out="%r13"; -$key="%r14"; -$keyend="%r15"; -$arg0d=$win64?"%ecx":"%edi"; - -# const unsigned int Camellia_SBOX[4][256]; -# Well, sort of... Camellia_SBOX[0][] is interleaved with [1][], -# and [2][] - with [3][]. This is done to minimize code size. -$SBOX1_1110=0; # Camellia_SBOX[0] -$SBOX4_4404=4; # Camellia_SBOX[1] -$SBOX2_0222=2048; # Camellia_SBOX[2] -$SBOX3_3033=2052; # Camellia_SBOX[3] - -sub Camellia_Feistel { -my $i=@_[0]; -my $seed=defined(@_[1])?@_[1]:0; -my $scale=$seed<0?-8:8; -my $j=($i&1)*2; -my ($s0,$s1,$s2,$s3)=(@S[($j)%4],@S[($j+1)%4],@S[($j+2)%4],@S[($j+3)%4]); - -$code.=<<___; - xor $s0,$t0 # t0^=key[0] - xor $s1,$t1 # t1^=key[1] - movz `&hi("$t0")`,$i0 # (t0>>8)&0xff - movz `&lo("$t1")`,$i1 # (t1>>0)&0xff - mov $SBOX3_3033($Tbl,$i0,8),$t3 # t3=SBOX3_3033[0] - mov $SBOX1_1110($Tbl,$i1,8),$t2 # t2=SBOX1_1110[1] - movz `&lo("$t0")`,$i0 # (t0>>0)&0xff - shr \$16,$t0 - movz `&hi("$t1")`,$i1 # (t1>>8)&0xff - xor $SBOX4_4404($Tbl,$i0,8),$t3 # t3^=SBOX4_4404[0] - shr \$16,$t1 - xor $SBOX4_4404($Tbl,$i1,8),$t2 # t2^=SBOX4_4404[1] - movz `&hi("$t0")`,$i0 # (t0>>24)&0xff - movz `&lo("$t1")`,$i1 # (t1>>16)&0xff - xor $SBOX1_1110($Tbl,$i0,8),$t3 # t3^=SBOX1_1110[0] - xor $SBOX3_3033($Tbl,$i1,8),$t2 # t2^=SBOX3_3033[1] - movz `&lo("$t0")`,$i0 # (t0>>16)&0xff - movz `&hi("$t1")`,$i1 # (t1>>24)&0xff - xor $SBOX2_0222($Tbl,$i0,8),$t3 # t3^=SBOX2_0222[0] - xor $SBOX2_0222($Tbl,$i1,8),$t2 # t2^=SBOX2_0222[1] - mov `$seed+($i+1)*$scale`($key),$t1 # prefetch key[i+1] - mov `$seed+($i+1)*$scale+4`($key),$t0 - xor $t3,$t2 # t2^=t3 - ror \$8,$t3 # t3=RightRotate(t3,8) - xor $t2,$s2 - xor $t2,$s3 - xor $t3,$s3 -___ -} - -# void Camellia_EncryptBlock_Rounds( -# int grandRounds, -# const Byte plaintext[], -# const KEY_TABLE_TYPE keyTable, -# Byte ciphertext[]) -$code=<<___; -.text - -# V1.x API -.globl Camellia_EncryptBlock -.type Camellia_EncryptBlock,\@abi-omnipotent -.align 16 -Camellia_EncryptBlock: -.cfi_startproc - movl \$128,%eax - subl $arg0d,%eax - movl \$3,$arg0d - adcl \$0,$arg0d # keyBitLength==128?3:4 - jmp .Lenc_rounds -.cfi_endproc -.size Camellia_EncryptBlock,.-Camellia_EncryptBlock -# V2 -.globl Camellia_EncryptBlock_Rounds -.type Camellia_EncryptBlock_Rounds,\@function,4 -.align 16 -.Lenc_rounds: -Camellia_EncryptBlock_Rounds: -.cfi_startproc - push %rbx -.cfi_push %rbx - push %rbp -.cfi_push %rbp - push %r13 -.cfi_push %r13 - push %r14 -.cfi_push %r14 - push %r15 -.cfi_push %r15 -.Lenc_prologue: - - #mov %rsi,$inp # put away arguments - mov %rcx,$out - mov %rdx,$key - - shl \$6,%edi # process grandRounds - lea .LCamellia_SBOX(%rip),$Tbl - lea ($key,%rdi),$keyend - - mov 0(%rsi),@S[0] # load plaintext - mov 4(%rsi),@S[1] - mov 8(%rsi),@S[2] - bswap @S[0] - mov 12(%rsi),@S[3] - bswap @S[1] - bswap @S[2] - bswap @S[3] - - call _x86_64_Camellia_encrypt - - bswap @S[0] - bswap @S[1] - bswap @S[2] - mov @S[0],0($out) - bswap @S[3] - mov @S[1],4($out) - mov @S[2],8($out) - mov @S[3],12($out) - - mov 0(%rsp),%r15 -.cfi_restore %r15 - mov 8(%rsp),%r14 -.cfi_restore %r14 - mov 16(%rsp),%r13 -.cfi_restore %r13 - mov 24(%rsp),%rbp -.cfi_restore %rbp - mov 32(%rsp),%rbx -.cfi_restore %rbx - lea 40(%rsp),%rsp -.cfi_adjust_cfa_offset -40 -.Lenc_epilogue: - ret -.cfi_endproc -.size Camellia_EncryptBlock_Rounds,.-Camellia_EncryptBlock_Rounds - -.type _x86_64_Camellia_encrypt,\@abi-omnipotent -.align 16 -_x86_64_Camellia_encrypt: -.cfi_startproc - xor 0($key),@S[1] - xor 4($key),@S[0] # ^=key[0-3] - xor 8($key),@S[3] - xor 12($key),@S[2] -.align 16 -.Leloop: - mov 16($key),$t1 # prefetch key[4-5] - mov 20($key),$t0 - -___ - for ($i=0;$i<6;$i++) { Camellia_Feistel($i,16); } -$code.=<<___; - lea 16*4($key),$key - cmp $keyend,$key - mov 8($key),$t3 # prefetch key[2-3] - mov 12($key),$t2 - je .Ledone - - and @S[0],$t0 - or @S[3],$t3 - rol \$1,$t0 - xor $t3,@S[2] # s2^=s3|key[3]; - xor $t0,@S[1] # s1^=LeftRotate(s0&key[0],1); - and @S[2],$t2 - or @S[1],$t1 - rol \$1,$t2 - xor $t1,@S[0] # s0^=s1|key[1]; - xor $t2,@S[3] # s3^=LeftRotate(s2&key[2],1); - jmp .Leloop - -.align 16 -.Ledone: - xor @S[2],$t0 # SwapHalf - xor @S[3],$t1 - xor @S[0],$t2 - xor @S[1],$t3 - - mov $t0,@S[0] - mov $t1,@S[1] - mov $t2,@S[2] - mov $t3,@S[3] - - .byte 0xf3,0xc3 # rep ret -.cfi_endproc -.size _x86_64_Camellia_encrypt,.-_x86_64_Camellia_encrypt - -# V1.x API -.globl Camellia_DecryptBlock -.type Camellia_DecryptBlock,\@abi-omnipotent -.align 16 -Camellia_DecryptBlock: -.cfi_startproc - movl \$128,%eax - subl $arg0d,%eax - movl \$3,$arg0d - adcl \$0,$arg0d # keyBitLength==128?3:4 - jmp .Ldec_rounds -.cfi_endproc -.size Camellia_DecryptBlock,.-Camellia_DecryptBlock -# V2 -.globl Camellia_DecryptBlock_Rounds -.type Camellia_DecryptBlock_Rounds,\@function,4 -.align 16 -.Ldec_rounds: -Camellia_DecryptBlock_Rounds: -.cfi_startproc - push %rbx -.cfi_push %rbx - push %rbp -.cfi_push %rbp - push %r13 -.cfi_push %r13 - push %r14 -.cfi_push %r14 - push %r15 -.cfi_push %r15 -.Ldec_prologue: - - #mov %rsi,$inp # put away arguments - mov %rcx,$out - mov %rdx,$keyend - - shl \$6,%edi # process grandRounds - lea .LCamellia_SBOX(%rip),$Tbl - lea ($keyend,%rdi),$key - - mov 0(%rsi),@S[0] # load plaintext - mov 4(%rsi),@S[1] - mov 8(%rsi),@S[2] - bswap @S[0] - mov 12(%rsi),@S[3] - bswap @S[1] - bswap @S[2] - bswap @S[3] - - call _x86_64_Camellia_decrypt - - bswap @S[0] - bswap @S[1] - bswap @S[2] - mov @S[0],0($out) - bswap @S[3] - mov @S[1],4($out) - mov @S[2],8($out) - mov @S[3],12($out) - - mov 0(%rsp),%r15 -.cfi_restore %r15 - mov 8(%rsp),%r14 -.cfi_restore %r14 - mov 16(%rsp),%r13 -.cfi_restore %r13 - mov 24(%rsp),%rbp -.cfi_restore %rbp - mov 32(%rsp),%rbx -.cfi_restore %rbx - lea 40(%rsp),%rsp -.cfi_adjust_cfa_offset -40 -.Ldec_epilogue: - ret -.cfi_endproc -.size Camellia_DecryptBlock_Rounds,.-Camellia_DecryptBlock_Rounds - -.type _x86_64_Camellia_decrypt,\@abi-omnipotent -.align 16 -_x86_64_Camellia_decrypt: -.cfi_startproc - xor 0($key),@S[1] - xor 4($key),@S[0] # ^=key[0-3] - xor 8($key),@S[3] - xor 12($key),@S[2] -.align 16 -.Ldloop: - mov -8($key),$t1 # prefetch key[4-5] - mov -4($key),$t0 - -___ - for ($i=0;$i<6;$i++) { Camellia_Feistel($i,-8); } -$code.=<<___; - lea -16*4($key),$key - cmp $keyend,$key - mov 0($key),$t3 # prefetch key[2-3] - mov 4($key),$t2 - je .Lddone - - and @S[0],$t0 - or @S[3],$t3 - rol \$1,$t0 - xor $t3,@S[2] # s2^=s3|key[3]; - xor $t0,@S[1] # s1^=LeftRotate(s0&key[0],1); - and @S[2],$t2 - or @S[1],$t1 - rol \$1,$t2 - xor $t1,@S[0] # s0^=s1|key[1]; - xor $t2,@S[3] # s3^=LeftRotate(s2&key[2],1); - - jmp .Ldloop - -.align 16 -.Lddone: - xor @S[2],$t2 - xor @S[3],$t3 - xor @S[0],$t0 - xor @S[1],$t1 - - mov $t2,@S[0] # SwapHalf - mov $t3,@S[1] - mov $t0,@S[2] - mov $t1,@S[3] - - .byte 0xf3,0xc3 # rep ret -.cfi_endproc -.size _x86_64_Camellia_decrypt,.-_x86_64_Camellia_decrypt -___ - -sub _saveround { -my ($rnd,$key,@T)=@_; -my $bias=int(@T[0])?shift(@T):0; - - if ($#T==3) { - $code.=<<___; - mov @T[1],`$bias+$rnd*8+0`($key) - mov @T[0],`$bias+$rnd*8+4`($key) - mov @T[3],`$bias+$rnd*8+8`($key) - mov @T[2],`$bias+$rnd*8+12`($key) -___ - } else { - $code.=" mov @T[0],`$bias+$rnd*8+0`($key)\n"; - $code.=" mov @T[1],`$bias+$rnd*8+8`($key)\n" if ($#T>=1); - } -} - -sub _loadround { -my ($rnd,$key,@T)=@_; -my $bias=int(@T[0])?shift(@T):0; - -$code.=" mov `$bias+$rnd*8+0`($key),@T[0]\n"; -$code.=" mov `$bias+$rnd*8+8`($key),@T[1]\n" if ($#T>=1); -} - -# shld is very slow on Intel EM64T family. Even on AMD it limits -# instruction decode rate [because it's VectorPath] and consequently -# performance... -sub __rotl128 { -my ($i0,$i1,$rot)=@_; - - if ($rot) { - $code.=<<___; - mov $i0,%r11 - shld \$$rot,$i1,$i0 - shld \$$rot,%r11,$i1 -___ - } -} - -# ... Implementing 128-bit rotate without shld gives 80% better -# performance EM64T, +15% on AMD64 and only ~7% degradation on -# Core2. This is therefore preferred. -sub _rotl128 { -my ($i0,$i1,$rot)=@_; - - if ($rot) { - $code.=<<___; - mov $i0,%r11 - shl \$$rot,$i0 - mov $i1,%r9 - shr \$`64-$rot`,%r9 - shr \$`64-$rot`,%r11 - or %r9,$i0 - shl \$$rot,$i1 - or %r11,$i1 -___ - } -} - -{ my $step=0; - -$code.=<<___; -.globl Camellia_Ekeygen -.type Camellia_Ekeygen,\@function,3 -.align 16 -Camellia_Ekeygen: -.cfi_startproc - push %rbx -.cfi_push %rbx - push %rbp -.cfi_push %rbp - push %r13 -.cfi_push %r13 - push %r14 -.cfi_push %r14 - push %r15 -.cfi_push %r15 -.Lkey_prologue: - - mov %edi,${keyend}d # put away arguments, keyBitLength - mov %rdx,$out # keyTable - - mov 0(%rsi),@S[0] # load 0-127 bits - mov 4(%rsi),@S[1] - mov 8(%rsi),@S[2] - mov 12(%rsi),@S[3] - - bswap @S[0] - bswap @S[1] - bswap @S[2] - bswap @S[3] -___ - &_saveround (0,$out,@S); # KL<<<0 -$code.=<<___; - cmp \$128,$keyend # check keyBitLength - je .L1st128 - - mov 16(%rsi),@S[0] # load 128-191 bits - mov 20(%rsi),@S[1] - cmp \$192,$keyend - je .L1st192 - mov 24(%rsi),@S[2] # load 192-255 bits - mov 28(%rsi),@S[3] - jmp .L1st256 -.L1st192: - mov @S[0],@S[2] - mov @S[1],@S[3] - not @S[2] - not @S[3] -.L1st256: - bswap @S[0] - bswap @S[1] - bswap @S[2] - bswap @S[3] -___ - &_saveround (4,$out,@S); # temp storage for KR! -$code.=<<___; - xor 0($out),@S[1] # KR^KL - xor 4($out),@S[0] - xor 8($out),@S[3] - xor 12($out),@S[2] - -.L1st128: - lea .LCamellia_SIGMA(%rip),$key - lea .LCamellia_SBOX(%rip),$Tbl - - mov 0($key),$t1 - mov 4($key),$t0 -___ - &Camellia_Feistel($step++); - &Camellia_Feistel($step++); -$code.=<<___; - xor 0($out),@S[1] # ^KL - xor 4($out),@S[0] - xor 8($out),@S[3] - xor 12($out),@S[2] -___ - &Camellia_Feistel($step++); - &Camellia_Feistel($step++); -$code.=<<___; - cmp \$128,$keyend - jne .L2nd256 - - lea 128($out),$out # size optimization - shl \$32,%r8 # @S[0]|| - shl \$32,%r10 # @S[2]|| - or %r9,%r8 # ||@S[1] - or %r11,%r10 # ||@S[3] -___ - &_loadround (0,$out,-128,"%rax","%rbx"); # KL - &_saveround (2,$out,-128,"%r8","%r10"); # KA<<<0 - &_rotl128 ("%rax","%rbx",15); - &_saveround (4,$out,-128,"%rax","%rbx"); # KL<<<15 - &_rotl128 ("%r8","%r10",15); - &_saveround (6,$out,-128,"%r8","%r10"); # KA<<<15 - &_rotl128 ("%r8","%r10",15); # 15+15=30 - &_saveround (8,$out,-128,"%r8","%r10"); # KA<<<30 - &_rotl128 ("%rax","%rbx",30); # 15+30=45 - &_saveround (10,$out,-128,"%rax","%rbx"); # KL<<<45 - &_rotl128 ("%r8","%r10",15); # 30+15=45 - &_saveround (12,$out,-128,"%r8"); # KA<<<45 - &_rotl128 ("%rax","%rbx",15); # 45+15=60 - &_saveround (13,$out,-128,"%rbx"); # KL<<<60 - &_rotl128 ("%r8","%r10",15); # 45+15=60 - &_saveround (14,$out,-128,"%r8","%r10"); # KA<<<60 - &_rotl128 ("%rax","%rbx",17); # 60+17=77 - &_saveround (16,$out,-128,"%rax","%rbx"); # KL<<<77 - &_rotl128 ("%rax","%rbx",17); # 77+17=94 - &_saveround (18,$out,-128,"%rax","%rbx"); # KL<<<94 - &_rotl128 ("%r8","%r10",34); # 60+34=94 - &_saveround (20,$out,-128,"%r8","%r10"); # KA<<<94 - &_rotl128 ("%rax","%rbx",17); # 94+17=111 - &_saveround (22,$out,-128,"%rax","%rbx"); # KL<<<111 - &_rotl128 ("%r8","%r10",17); # 94+17=111 - &_saveround (24,$out,-128,"%r8","%r10"); # KA<<<111 -$code.=<<___; - mov \$3,%eax - jmp .Ldone -.align 16 -.L2nd256: -___ - &_saveround (6,$out,@S); # temp storage for KA! -$code.=<<___; - xor `4*8+0`($out),@S[1] # KA^KR - xor `4*8+4`($out),@S[0] - xor `5*8+0`($out),@S[3] - xor `5*8+4`($out),@S[2] -___ - &Camellia_Feistel($step++); - &Camellia_Feistel($step++); - - &_loadround (0,$out,"%rax","%rbx"); # KL - &_loadround (4,$out,"%rcx","%rdx"); # KR - &_loadround (6,$out,"%r14","%r15"); # KA -$code.=<<___; - lea 128($out),$out # size optimization - shl \$32,%r8 # @S[0]|| - shl \$32,%r10 # @S[2]|| - or %r9,%r8 # ||@S[1] - or %r11,%r10 # ||@S[3] -___ - &_saveround (2,$out,-128,"%r8","%r10"); # KB<<<0 - &_rotl128 ("%rcx","%rdx",15); - &_saveround (4,$out,-128,"%rcx","%rdx"); # KR<<<15 - &_rotl128 ("%r14","%r15",15); - &_saveround (6,$out,-128,"%r14","%r15"); # KA<<<15 - &_rotl128 ("%rcx","%rdx",15); # 15+15=30 - &_saveround (8,$out,-128,"%rcx","%rdx"); # KR<<<30 - &_rotl128 ("%r8","%r10",30); - &_saveround (10,$out,-128,"%r8","%r10"); # KB<<<30 - &_rotl128 ("%rax","%rbx",45); - &_saveround (12,$out,-128,"%rax","%rbx"); # KL<<<45 - &_rotl128 ("%r14","%r15",30); # 15+30=45 - &_saveround (14,$out,-128,"%r14","%r15"); # KA<<<45 - &_rotl128 ("%rax","%rbx",15); # 45+15=60 - &_saveround (16,$out,-128,"%rax","%rbx"); # KL<<<60 - &_rotl128 ("%rcx","%rdx",30); # 30+30=60 - &_saveround (18,$out,-128,"%rcx","%rdx"); # KR<<<60 - &_rotl128 ("%r8","%r10",30); # 30+30=60 - &_saveround (20,$out,-128,"%r8","%r10"); # KB<<<60 - &_rotl128 ("%rax","%rbx",17); # 60+17=77 - &_saveround (22,$out,-128,"%rax","%rbx"); # KL<<<77 - &_rotl128 ("%r14","%r15",32); # 45+32=77 - &_saveround (24,$out,-128,"%r14","%r15"); # KA<<<77 - &_rotl128 ("%rcx","%rdx",34); # 60+34=94 - &_saveround (26,$out,-128,"%rcx","%rdx"); # KR<<<94 - &_rotl128 ("%r14","%r15",17); # 77+17=94 - &_saveround (28,$out,-128,"%r14","%r15"); # KA<<<77 - &_rotl128 ("%rax","%rbx",34); # 77+34=111 - &_saveround (30,$out,-128,"%rax","%rbx"); # KL<<<111 - &_rotl128 ("%r8","%r10",51); # 60+51=111 - &_saveround (32,$out,-128,"%r8","%r10"); # KB<<<111 -$code.=<<___; - mov \$4,%eax -.Ldone: - mov 0(%rsp),%r15 -.cfi_restore %r15 - mov 8(%rsp),%r14 -.cfi_restore %r14 - mov 16(%rsp),%r13 -.cfi_restore %r13 - mov 24(%rsp),%rbp -.cfi_restore %rbp - mov 32(%rsp),%rbx -.cfi_restore %rbx - lea 40(%rsp),%rsp -.cfi_adjust_cfa_offset -40 -.Lkey_epilogue: - ret -.cfi_endproc -.size Camellia_Ekeygen,.-Camellia_Ekeygen -___ -} - -@SBOX=( -112,130, 44,236,179, 39,192,229,228,133, 87, 53,234, 12,174, 65, - 35,239,107,147, 69, 25,165, 33,237, 14, 79, 78, 29,101,146,189, -134,184,175,143,124,235, 31,206, 62, 48,220, 95, 94,197, 11, 26, -166,225, 57,202,213, 71, 93, 61,217, 1, 90,214, 81, 86,108, 77, -139, 13,154,102,251,204,176, 45,116, 18, 43, 32,240,177,132,153, -223, 76,203,194, 52,126,118, 5,109,183,169, 49,209, 23, 4,215, - 20, 88, 58, 97,222, 27, 17, 28, 50, 15,156, 22, 83, 24,242, 34, -254, 68,207,178,195,181,122,145, 36, 8,232,168, 96,252,105, 80, -170,208,160,125,161,137, 98,151, 84, 91, 30,149,224,255,100,210, - 16,196, 0, 72,163,247,117,219,138, 3,230,218, 9, 63,221,148, -135, 92,131, 2,205, 74,144, 51,115,103,246,243,157,127,191,226, - 82,155,216, 38,200, 55,198, 59,129,150,111, 75, 19,190, 99, 46, -233,121,167,140,159,110,188,142, 41,245,249,182, 47,253,180, 89, -120,152, 6,106,231, 70,113,186,212, 37,171, 66,136,162,141,250, -114, 7,185, 85,248,238,172, 10, 54, 73, 42,104, 60, 56,241,164, - 64, 40,211,123,187,201, 67,193, 21,227,173,244,119,199,128,158); - -sub S1110 { my $i=shift; $i=@SBOX[$i]; $i=$i<<24|$i<<16|$i<<8; sprintf("0x%08x",$i); } -sub S4404 { my $i=shift; $i=($i<<1|$i>>7)&0xff; $i=@SBOX[$i]; $i=$i<<24|$i<<16|$i; sprintf("0x%08x",$i); } -sub S0222 { my $i=shift; $i=@SBOX[$i]; $i=($i<<1|$i>>7)&0xff; $i=$i<<16|$i<<8|$i; sprintf("0x%08x",$i); } -sub S3033 { my $i=shift; $i=@SBOX[$i]; $i=($i>>1|$i<<7)&0xff; $i=$i<<24|$i<<8|$i; sprintf("0x%08x",$i); } - -$code.=<<___; -.align 64 -.LCamellia_SIGMA: -.long 0x3bcc908b, 0xa09e667f, 0x4caa73b2, 0xb67ae858 -.long 0xe94f82be, 0xc6ef372f, 0xf1d36f1c, 0x54ff53a5 -.long 0xde682d1d, 0x10e527fa, 0xb3e6c1fd, 0xb05688c2 -.long 0, 0, 0, 0 -.LCamellia_SBOX: -___ -# tables are interleaved, remember? -sub data_word { $code.=".long\t".join(',',@_)."\n"; } -for ($i=0;$i<256;$i++) { &data_word(&S1110($i),&S4404($i)); } -for ($i=0;$i<256;$i++) { &data_word(&S0222($i),&S3033($i)); } - -# void Camellia_cbc_encrypt (const void char *inp, unsigned char *out, -# size_t length, const CAMELLIA_KEY *key, -# unsigned char *ivp,const int enc); -{ -$_key="0(%rsp)"; -$_end="8(%rsp)"; # inp+len&~15 -$_res="16(%rsp)"; # len&15 -$ivec="24(%rsp)"; -$_ivp="40(%rsp)"; -$_rsp="48(%rsp)"; - -$code.=<<___; -.globl Camellia_cbc_encrypt -.type Camellia_cbc_encrypt,\@function,6 -.align 16 -Camellia_cbc_encrypt: -.cfi_startproc - endbranch - cmp \$0,%rdx - je .Lcbc_abort - push %rbx -.cfi_push %rbx - push %rbp -.cfi_push %rbp - push %r12 -.cfi_push %r12 - push %r13 -.cfi_push %r13 - push %r14 -.cfi_push %r14 - push %r15 -.cfi_push %r15 -.Lcbc_prologue: - - mov %rsp,%rbp -.cfi_def_cfa_register %rbp - sub \$64,%rsp - and \$-64,%rsp - - # place stack frame just "above mod 1024" the key schedule, - # this ensures that cache associativity suffices - lea -64-63(%rcx),%r10 - sub %rsp,%r10 - neg %r10 - and \$0x3C0,%r10 - sub %r10,%rsp - #add \$8,%rsp # 8 is reserved for callee's ra - - mov %rdi,$inp # inp argument - mov %rsi,$out # out argument - mov %r8,%rbx # ivp argument - mov %rcx,$key # key argument - mov 272(%rcx),${keyend}d # grandRounds - - mov %r8,$_ivp - mov %rbp,$_rsp -.cfi_cfa_expression $_rsp,deref,+56 - -.Lcbc_body: - lea .LCamellia_SBOX(%rip),$Tbl - - mov \$32,%ecx -.align 4 -.Lcbc_prefetch_sbox: - mov 0($Tbl),%rax - mov 32($Tbl),%rsi - mov 64($Tbl),%rdi - mov 96($Tbl),%r11 - lea 128($Tbl),$Tbl - loop .Lcbc_prefetch_sbox - sub \$4096,$Tbl - shl \$6,$keyend - mov %rdx,%rcx # len argument - lea ($key,$keyend),$keyend - - cmp \$0,%r9d # enc argument - je .LCBC_DECRYPT - - and \$-16,%rdx - and \$15,%rcx # length residue - lea ($inp,%rdx),%rdx - mov $key,$_key - mov %rdx,$_end - mov %rcx,$_res - - cmp $inp,%rdx - mov 0(%rbx),@S[0] # load IV - mov 4(%rbx),@S[1] - mov 8(%rbx),@S[2] - mov 12(%rbx),@S[3] - je .Lcbc_enc_tail - jmp .Lcbc_eloop - -.align 16 -.Lcbc_eloop: - xor 0($inp),@S[0] - xor 4($inp),@S[1] - xor 8($inp),@S[2] - bswap @S[0] - xor 12($inp),@S[3] - bswap @S[1] - bswap @S[2] - bswap @S[3] - - call _x86_64_Camellia_encrypt - - mov $_key,$key # "rewind" the key - bswap @S[0] - mov $_end,%rdx - bswap @S[1] - mov $_res,%rcx - bswap @S[2] - mov @S[0],0($out) - bswap @S[3] - mov @S[1],4($out) - mov @S[2],8($out) - lea 16($inp),$inp - mov @S[3],12($out) - cmp %rdx,$inp - lea 16($out),$out - jne .Lcbc_eloop - - cmp \$0,%rcx - jne .Lcbc_enc_tail - - mov $_ivp,$out - mov @S[0],0($out) # write out IV residue - mov @S[1],4($out) - mov @S[2],8($out) - mov @S[3],12($out) - jmp .Lcbc_done - -.align 16 -.Lcbc_enc_tail: - xor %rax,%rax - mov %rax,0+$ivec - mov %rax,8+$ivec - mov %rax,$_res - -.Lcbc_enc_pushf: - pushfq - cld - mov $inp,%rsi - lea 8+$ivec,%rdi - .long 0x9066A4F3 # rep movsb - popfq -.Lcbc_enc_popf: - - lea $ivec,$inp - lea 16+$ivec,%rax - mov %rax,$_end - jmp .Lcbc_eloop # one more time - -.align 16 -.LCBC_DECRYPT: - xchg $key,$keyend - add \$15,%rdx - and \$15,%rcx # length residue - and \$-16,%rdx - mov $key,$_key - lea ($inp,%rdx),%rdx - mov %rdx,$_end - mov %rcx,$_res - - mov (%rbx),%rax # load IV - mov 8(%rbx),%rbx - jmp .Lcbc_dloop -.align 16 -.Lcbc_dloop: - mov 0($inp),@S[0] - mov 4($inp),@S[1] - mov 8($inp),@S[2] - bswap @S[0] - mov 12($inp),@S[3] - bswap @S[1] - mov %rax,0+$ivec # save IV to temporary storage - bswap @S[2] - mov %rbx,8+$ivec - bswap @S[3] - - call _x86_64_Camellia_decrypt - - mov $_key,$key # "rewind" the key - mov $_end,%rdx - mov $_res,%rcx - - bswap @S[0] - mov ($inp),%rax # load IV for next iteration - bswap @S[1] - mov 8($inp),%rbx - bswap @S[2] - xor 0+$ivec,@S[0] - bswap @S[3] - xor 4+$ivec,@S[1] - xor 8+$ivec,@S[2] - lea 16($inp),$inp - xor 12+$ivec,@S[3] - cmp %rdx,$inp - je .Lcbc_ddone - - mov @S[0],0($out) - mov @S[1],4($out) - mov @S[2],8($out) - mov @S[3],12($out) - - lea 16($out),$out - jmp .Lcbc_dloop - -.align 16 -.Lcbc_ddone: - mov $_ivp,%rdx - cmp \$0,%rcx - jne .Lcbc_dec_tail - - mov @S[0],0($out) - mov @S[1],4($out) - mov @S[2],8($out) - mov @S[3],12($out) - - mov %rax,(%rdx) # write out IV residue - mov %rbx,8(%rdx) - jmp .Lcbc_done -.align 16 -.Lcbc_dec_tail: - mov @S[0],0+$ivec - mov @S[1],4+$ivec - mov @S[2],8+$ivec - mov @S[3],12+$ivec - -.Lcbc_dec_pushf: - pushfq - cld - lea 8+$ivec,%rsi - lea ($out),%rdi - .long 0x9066A4F3 # rep movsb - popfq -.Lcbc_dec_popf: - - mov %rax,(%rdx) # write out IV residue - mov %rbx,8(%rdx) - jmp .Lcbc_done - -.align 16 -.Lcbc_done: - mov $_rsp,%rcx -.cfi_def_cfa %rcx,56 - mov 0(%rcx),%r15 -.cfi_restore %r15 - mov 8(%rcx),%r14 -.cfi_restore %r14 - mov 16(%rcx),%r13 -.cfi_restore %r13 - mov 24(%rcx),%r12 -.cfi_restore %r12 - mov 32(%rcx),%rbp -.cfi_restore %rbp - mov 40(%rcx),%rbx -.cfi_restore %rbx - lea 48(%rcx),%rsp -.cfi_def_cfa %rsp,8 -.Lcbc_abort: - ret -.cfi_endproc -.size Camellia_cbc_encrypt,.-Camellia_cbc_encrypt - -.asciz "Camellia for x86_64 by " -___ -} - -# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame, -# CONTEXT *context,DISPATCHER_CONTEXT *disp) -if ($win64) { -$rec="%rcx"; -$frame="%rdx"; -$context="%r8"; -$disp="%r9"; - -$code.=<<___; -.extern __imp_RtlVirtualUnwind -.type common_se_handler,\@abi-omnipotent -.align 16 -common_se_handler: - push %rsi - push %rdi - push %rbx - push %rbp - push %r12 - push %r13 - push %r14 - push %r15 - pushfq - lea -64(%rsp),%rsp - - mov 120($context),%rax # pull context->Rax - mov 248($context),%rbx # pull context->Rip - - mov 8($disp),%rsi # disp->ImageBase - mov 56($disp),%r11 # disp->HandlerData - - mov 0(%r11),%r10d # HandlerData[0] - lea (%rsi,%r10),%r10 # prologue label - cmp %r10,%rbx # context->RipRsp - - mov 4(%r11),%r10d # HandlerData[1] - lea (%rsi,%r10),%r10 # epilogue label - cmp %r10,%rbx # context->Rip>=epilogue label - jae .Lin_prologue - - lea 40(%rax),%rax - mov -8(%rax),%rbx - mov -16(%rax),%rbp - mov -24(%rax),%r13 - mov -32(%rax),%r14 - mov -40(%rax),%r15 - mov %rbx,144($context) # restore context->Rbx - mov %rbp,160($context) # restore context->Rbp - mov %r13,224($context) # restore context->R13 - mov %r14,232($context) # restore context->R14 - mov %r15,240($context) # restore context->R15 - -.Lin_prologue: - mov 8(%rax),%rdi - mov 16(%rax),%rsi - mov %rax,152($context) # restore context->Rsp - mov %rsi,168($context) # restore context->Rsi - mov %rdi,176($context) # restore context->Rdi - - jmp .Lcommon_seh_exit -.size common_se_handler,.-common_se_handler - -.type cbc_se_handler,\@abi-omnipotent -.align 16 -cbc_se_handler: - push %rsi - push %rdi - push %rbx - push %rbp - push %r12 - push %r13 - push %r14 - push %r15 - pushfq - lea -64(%rsp),%rsp - - mov 120($context),%rax # pull context->Rax - mov 248($context),%rbx # pull context->Rip - - lea .Lcbc_prologue(%rip),%r10 - cmp %r10,%rbx # context->Rip<.Lcbc_prologue - jb .Lin_cbc_prologue - - lea .Lcbc_body(%rip),%r10 - cmp %r10,%rbx # context->Rip<.Lcbc_body - jb .Lin_cbc_frame_setup - - mov 152($context),%rax # pull context->Rsp - - lea .Lcbc_abort(%rip),%r10 - cmp %r10,%rbx # context->Rip>=.Lcbc_abort - jae .Lin_cbc_prologue - - # handle pushf/popf in Camellia_cbc_encrypt - lea .Lcbc_enc_pushf(%rip),%r10 - cmp %r10,%rbx # context->Rip<=.Lcbc_enc_pushf - jbe .Lin_cbc_no_flag - lea 8(%rax),%rax - lea .Lcbc_enc_popf(%rip),%r10 - cmp %r10,%rbx # context->Rip<.Lcbc_enc_popf - jb .Lin_cbc_no_flag - lea -8(%rax),%rax - lea .Lcbc_dec_pushf(%rip),%r10 - cmp %r10,%rbx # context->Rip<=.Lcbc_dec_pushf - jbe .Lin_cbc_no_flag - lea 8(%rax),%rax - lea .Lcbc_dec_popf(%rip),%r10 - cmp %r10,%rbx # context->Rip<.Lcbc_dec_popf - jb .Lin_cbc_no_flag - lea -8(%rax),%rax - -.Lin_cbc_no_flag: - mov 48(%rax),%rax # $_rsp - lea 48(%rax),%rax - -.Lin_cbc_frame_setup: - mov -8(%rax),%rbx - mov -16(%rax),%rbp - mov -24(%rax),%r12 - mov -32(%rax),%r13 - mov -40(%rax),%r14 - mov -48(%rax),%r15 - mov %rbx,144($context) # restore context->Rbx - mov %rbp,160($context) # restore context->Rbp - mov %r12,216($context) # restore context->R12 - mov %r13,224($context) # restore context->R13 - mov %r14,232($context) # restore context->R14 - mov %r15,240($context) # restore context->R15 - -.Lin_cbc_prologue: - mov 8(%rax),%rdi - mov 16(%rax),%rsi - mov %rax,152($context) # restore context->Rsp - mov %rsi,168($context) # restore context->Rsi - mov %rdi,176($context) # restore context->Rdi - -.align 4 -.Lcommon_seh_exit: - - mov 40($disp),%rdi # disp->ContextRecord - mov $context,%rsi # context - mov \$`1232/8`,%ecx # sizeof(CONTEXT) - .long 0xa548f3fc # cld; rep movsq - - mov $disp,%rsi - xor %rcx,%rcx # arg1, UNW_FLAG_NHANDLER - mov 8(%rsi),%rdx # arg2, disp->ImageBase - mov 0(%rsi),%r8 # arg3, disp->ControlPc - mov 16(%rsi),%r9 # arg4, disp->FunctionEntry - mov 40(%rsi),%r10 # disp->ContextRecord - lea 56(%rsi),%r11 # &disp->HandlerData - lea 24(%rsi),%r12 # &disp->EstablisherFrame - mov %r10,32(%rsp) # arg5 - mov %r11,40(%rsp) # arg6 - mov %r12,48(%rsp) # arg7 - mov %rcx,56(%rsp) # arg8, (NULL) - call *__imp_RtlVirtualUnwind(%rip) - - mov \$1,%eax # ExceptionContinueSearch - lea 64(%rsp),%rsp - popfq - pop %r15 - pop %r14 - pop %r13 - pop %r12 - pop %rbp - pop %rbx - pop %rdi - pop %rsi - ret -.size cbc_se_handler,.-cbc_se_handler - -.section .pdata -.align 4 - .rva .LSEH_begin_Camellia_EncryptBlock_Rounds - .rva .LSEH_end_Camellia_EncryptBlock_Rounds - .rva .LSEH_info_Camellia_EncryptBlock_Rounds - - .rva .LSEH_begin_Camellia_DecryptBlock_Rounds - .rva .LSEH_end_Camellia_DecryptBlock_Rounds - .rva .LSEH_info_Camellia_DecryptBlock_Rounds - - .rva .LSEH_begin_Camellia_Ekeygen - .rva .LSEH_end_Camellia_Ekeygen - .rva .LSEH_info_Camellia_Ekeygen - - .rva .LSEH_begin_Camellia_cbc_encrypt - .rva .LSEH_end_Camellia_cbc_encrypt - .rva .LSEH_info_Camellia_cbc_encrypt - -.section .xdata -.align 8 -.LSEH_info_Camellia_EncryptBlock_Rounds: - .byte 9,0,0,0 - .rva common_se_handler - .rva .Lenc_prologue,.Lenc_epilogue # HandlerData[] -.LSEH_info_Camellia_DecryptBlock_Rounds: - .byte 9,0,0,0 - .rva common_se_handler - .rva .Ldec_prologue,.Ldec_epilogue # HandlerData[] -.LSEH_info_Camellia_Ekeygen: - .byte 9,0,0,0 - .rva common_se_handler - .rva .Lkey_prologue,.Lkey_epilogue # HandlerData[] -.LSEH_info_Camellia_cbc_encrypt: - .byte 9,0,0,0 - .rva cbc_se_handler -___ -} - -$code =~ s/\`([^\`]*)\`/eval $1/gem; -print $code; -close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/camellia/asm/cmllt4-sparcv9.pl b/crypto/camellia/asm/cmllt4-sparcv9.pl deleted file mode 100644 index 86e38d65c4768364293bc4f998895ccf447e175d..0000000000000000000000000000000000000000 --- a/crypto/camellia/asm/cmllt4-sparcv9.pl +++ /dev/null @@ -1,941 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2012-2021 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - - -# ==================================================================== -# Written by David S. Miller and Andy Polyakov. -# The module is licensed under 2-clause BSD -# license. October 2012. All rights reserved. -# ==================================================================== - -###################################################################### -# Camellia for SPARC T4. -# -# As with AES below results [for aligned data] are virtually identical -# to critical path lengths for 3-cycle instruction latency: -# -# 128-bit key 192/256- -# CBC encrypt 4.14/4.21(*) 5.46/5.52 -# (*) numbers after slash are for -# misaligned data. -# -# As with Intel AES-NI, question is if it's possible to improve -# performance of parallelizable modes by interleaving round -# instructions. In Camellia every instruction is dependent on -# previous, which means that there is place for 2 additional ones -# in between two dependent. Can we expect 3x performance improvement? -# At least one can argue that it should be possible to break 2x -# barrier... For some reason not even 2x appears to be possible: -# -# 128-bit key 192/256- -# CBC decrypt 2.21/2.74 2.99/3.40 -# CTR 2.15/2.68(*) 2.93/3.34 -# (*) numbers after slash are for -# misaligned data. -# -# This is for 2x interleave. But compared to 1x interleave CBC decrypt -# improved by ... 0% for 128-bit key, and 11% for 192/256-bit one. -# So that out-of-order execution logic can take non-interleaved code -# to 1.87x, but can't take 2x interleaved one any further. There -# surely is some explanation... As result 3x interleave was not even -# attempted. Instead an effort was made to share specific modes -# implementations with AES module (therefore sparct4_modes.pl). -# -# To anchor to something else, software C implementation processes -# one byte in 38 cycles with 128-bit key on same processor. - -$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; -push(@INC,"${dir}","${dir}../../perlasm"); -require "sparcv9_modes.pl"; - -$output = pop and open STDOUT,">$output"; - -$::evp=1; # if $evp is set to 0, script generates module with -# Camellia_[en|de]crypt, Camellia_set_key and Camellia_cbc_encrypt -# entry points. These are fully compatible with openssl/camellia.h. - -###################################################################### -# single-round subroutines -# -{ -my ($inp,$out,$key,$rounds,$tmp,$mask)=map("%o$_",(0..5)); - -$code=<<___; -#ifndef __ASSEMBLER__ -# define __ASSEMBLER__ 1 -#endif -#include "crypto/sparc_arch.h" - -.text - -.globl cmll_t4_encrypt -.align 32 -cmll_t4_encrypt: - andcc $inp, 7, %g1 ! is input aligned? - andn $inp, 7, $inp - - ldx [$key + 0], %g4 - ldx [$key + 8], %g5 - - ldx [$inp + 0], %o4 - bz,pt %icc, 1f - ldx [$inp + 8], %o5 - ldx [$inp + 16], $inp - sll %g1, 3, %g1 - sub %g0, %g1, %o3 - sllx %o4, %g1, %o4 - sllx %o5, %g1, %g1 - srlx %o5, %o3, %o5 - srlx $inp, %o3, %o3 - or %o5, %o4, %o4 - or %o3, %g1, %o5 -1: - ld [$key + 272], $rounds ! grandRounds, 3 or 4 - ldd [$key + 16], %f12 - ldd [$key + 24], %f14 - xor %g4, %o4, %o4 - xor %g5, %o5, %o5 - ldd [$key + 32], %f16 - ldd [$key + 40], %f18 - movxtod %o4, %f0 - movxtod %o5, %f2 - ldd [$key + 48], %f20 - ldd [$key + 56], %f22 - sub $rounds, 1, $rounds - ldd [$key + 64], %f24 - ldd [$key + 72], %f26 - add $key, 80, $key - -.Lenc: - camellia_f %f12, %f2, %f0, %f2 - ldd [$key + 0], %f12 - sub $rounds,1,$rounds - camellia_f %f14, %f0, %f2, %f0 - ldd [$key + 8], %f14 - camellia_f %f16, %f2, %f0, %f2 - ldd [$key + 16], %f16 - camellia_f %f18, %f0, %f2, %f0 - ldd [$key + 24], %f18 - camellia_f %f20, %f2, %f0, %f2 - ldd [$key + 32], %f20 - camellia_f %f22, %f0, %f2, %f0 - ldd [$key + 40], %f22 - camellia_fl %f24, %f0, %f0 - ldd [$key + 48], %f24 - camellia_fli %f26, %f2, %f2 - ldd [$key + 56], %f26 - brnz,pt $rounds, .Lenc - add $key, 64, $key - - andcc $out, 7, $tmp ! is output aligned? - camellia_f %f12, %f2, %f0, %f2 - camellia_f %f14, %f0, %f2, %f0 - camellia_f %f16, %f2, %f0, %f2 - camellia_f %f18, %f0, %f2, %f0 - camellia_f %f20, %f2, %f0, %f4 - camellia_f %f22, %f0, %f4, %f2 - fxor %f24, %f4, %f0 - fxor %f26, %f2, %f2 - - bnz,pn %icc, 2f - nop - - std %f0, [$out + 0] - retl - std %f2, [$out + 8] - -2: alignaddrl $out, %g0, $out - mov 0xff, $mask - srl $mask, $tmp, $mask - - faligndata %f0, %f0, %f4 - faligndata %f0, %f2, %f6 - faligndata %f2, %f2, %f8 - - stda %f4, [$out + $mask]0xc0 ! partial store - std %f6, [$out + 8] - add $out, 16, $out - orn %g0, $mask, $mask - retl - stda %f8, [$out + $mask]0xc0 ! partial store -.type cmll_t4_encrypt,#function -.size cmll_t4_encrypt,.-cmll_t4_encrypt - -.globl cmll_t4_decrypt -.align 32 -cmll_t4_decrypt: - ld [$key + 272], $rounds ! grandRounds, 3 or 4 - andcc $inp, 7, %g1 ! is input aligned? - andn $inp, 7, $inp - - sll $rounds, 6, $rounds - add $rounds, $key, $key - - ldx [$inp + 0], %o4 - bz,pt %icc, 1f - ldx [$inp + 8], %o5 - ldx [$inp + 16], $inp - sll %g1, 3, %g1 - sub %g0, %g1, %g4 - sllx %o4, %g1, %o4 - sllx %o5, %g1, %g1 - srlx %o5, %g4, %o5 - srlx $inp, %g4, %g4 - or %o5, %o4, %o4 - or %g4, %g1, %o5 -1: - ldx [$key + 0], %g4 - ldx [$key + 8], %g5 - ldd [$key - 8], %f12 - ldd [$key - 16], %f14 - xor %g4, %o4, %o4 - xor %g5, %o5, %o5 - ldd [$key - 24], %f16 - ldd [$key - 32], %f18 - movxtod %o4, %f0 - movxtod %o5, %f2 - ldd [$key - 40], %f20 - ldd [$key - 48], %f22 - sub $rounds, 64, $rounds - ldd [$key - 56], %f24 - ldd [$key - 64], %f26 - sub $key, 64, $key - -.Ldec: - camellia_f %f12, %f2, %f0, %f2 - ldd [$key - 8], %f12 - sub $rounds, 64, $rounds - camellia_f %f14, %f0, %f2, %f0 - ldd [$key - 16], %f14 - camellia_f %f16, %f2, %f0, %f2 - ldd [$key - 24], %f16 - camellia_f %f18, %f0, %f2, %f0 - ldd [$key - 32], %f18 - camellia_f %f20, %f2, %f0, %f2 - ldd [$key - 40], %f20 - camellia_f %f22, %f0, %f2, %f0 - ldd [$key - 48], %f22 - camellia_fl %f24, %f0, %f0 - ldd [$key - 56], %f24 - camellia_fli %f26, %f2, %f2 - ldd [$key - 64], %f26 - brnz,pt $rounds, .Ldec - sub $key, 64, $key - - andcc $out, 7, $tmp ! is output aligned? - camellia_f %f12, %f2, %f0, %f2 - camellia_f %f14, %f0, %f2, %f0 - camellia_f %f16, %f2, %f0, %f2 - camellia_f %f18, %f0, %f2, %f0 - camellia_f %f20, %f2, %f0, %f4 - camellia_f %f22, %f0, %f4, %f2 - fxor %f26, %f4, %f0 - fxor %f24, %f2, %f2 - - bnz,pn %icc, 2f - nop - - std %f0, [$out + 0] - retl - std %f2, [$out + 8] - -2: alignaddrl $out, %g0, $out - mov 0xff, $mask - srl $mask, $tmp, $mask - - faligndata %f0, %f0, %f4 - faligndata %f0, %f2, %f6 - faligndata %f2, %f2, %f8 - - stda %f4, [$out + $mask]0xc0 ! partial store - std %f6, [$out + 8] - add $out, 16, $out - orn %g0, $mask, $mask - retl - stda %f8, [$out + $mask]0xc0 ! partial store -.type cmll_t4_decrypt,#function -.size cmll_t4_decrypt,.-cmll_t4_decrypt -___ -} - -###################################################################### -# key setup subroutines -# -{ -sub ROTL128 { - my $rot = shift; - - "srlx %o4, 64-$rot, %g4\n\t". - "sllx %o4, $rot, %o4\n\t". - "srlx %o5, 64-$rot, %g5\n\t". - "sllx %o5, $rot, %o5\n\t". - "or %o4, %g5, %o4\n\t". - "or %o5, %g4, %o5"; -} - -my ($inp,$bits,$out,$tmp)=map("%o$_",(0..5)); -$code.=<<___; -.globl cmll_t4_set_key -.align 32 -cmll_t4_set_key: - and $inp, 7, $tmp - alignaddr $inp, %g0, $inp - cmp $bits, 192 - ldd [$inp + 0], %f0 - bl,pt %icc,.L128 - ldd [$inp + 8], %f2 - - be,pt %icc,.L192 - ldd [$inp + 16], %f4 - - brz,pt $tmp, .L256aligned - ldd [$inp + 24], %f6 - - ldd [$inp + 32], %f8 - faligndata %f0, %f2, %f0 - faligndata %f2, %f4, %f2 - faligndata %f4, %f6, %f4 - b .L256aligned - faligndata %f6, %f8, %f6 - -.align 16 -.L192: - brz,a,pt $tmp, .L256aligned - fnot2 %f4, %f6 - - ldd [$inp + 24], %f6 - nop - faligndata %f0, %f2, %f0 - faligndata %f2, %f4, %f2 - faligndata %f4, %f6, %f4 - fnot2 %f4, %f6 - -.L256aligned: - std %f0, [$out + 0] ! k[0, 1] - fsrc2 %f0, %f28 - std %f2, [$out + 8] ! k[2, 3] - fsrc2 %f2, %f30 - fxor %f4, %f0, %f0 - b .L128key - fxor %f6, %f2, %f2 - -.align 16 -.L128: - brz,pt $tmp, .L128aligned - nop - - ldd [$inp + 16], %f4 - nop - faligndata %f0, %f2, %f0 - faligndata %f2, %f4, %f2 - -.L128aligned: - std %f0, [$out + 0] ! k[0, 1] - fsrc2 %f0, %f28 - std %f2, [$out + 8] ! k[2, 3] - fsrc2 %f2, %f30 - -.L128key: - mov %o7, %o5 -1: call .+8 - add %o7, SIGMA-1b, %o4 - mov %o5, %o7 - - ldd [%o4 + 0], %f16 - ldd [%o4 + 8], %f18 - ldd [%o4 + 16], %f20 - ldd [%o4 + 24], %f22 - - camellia_f %f16, %f2, %f0, %f2 - camellia_f %f18, %f0, %f2, %f0 - fxor %f28, %f0, %f0 - fxor %f30, %f2, %f2 - camellia_f %f20, %f2, %f0, %f2 - camellia_f %f22, %f0, %f2, %f0 - - bge,pn %icc, .L256key - nop - std %f0, [$out + 0x10] ! k[ 4, 5] - std %f2, [$out + 0x18] ! k[ 6, 7] - - movdtox %f0, %o4 - movdtox %f2, %o5 - `&ROTL128(15)` - stx %o4, [$out + 0x30] ! k[12, 13] - stx %o5, [$out + 0x38] ! k[14, 15] - `&ROTL128(15)` - stx %o4, [$out + 0x40] ! k[16, 17] - stx %o5, [$out + 0x48] ! k[18, 19] - `&ROTL128(15)` - stx %o4, [$out + 0x60] ! k[24, 25] - `&ROTL128(15)` - stx %o4, [$out + 0x70] ! k[28, 29] - stx %o5, [$out + 0x78] ! k[30, 31] - `&ROTL128(34)` - stx %o4, [$out + 0xa0] ! k[40, 41] - stx %o5, [$out + 0xa8] ! k[42, 43] - `&ROTL128(17)` - stx %o4, [$out + 0xc0] ! k[48, 49] - stx %o5, [$out + 0xc8] ! k[50, 51] - - movdtox %f28, %o4 ! k[ 0, 1] - movdtox %f30, %o5 ! k[ 2, 3] - `&ROTL128(15)` - stx %o4, [$out + 0x20] ! k[ 8, 9] - stx %o5, [$out + 0x28] ! k[10, 11] - `&ROTL128(30)` - stx %o4, [$out + 0x50] ! k[20, 21] - stx %o5, [$out + 0x58] ! k[22, 23] - `&ROTL128(15)` - stx %o5, [$out + 0x68] ! k[26, 27] - `&ROTL128(17)` - stx %o4, [$out + 0x80] ! k[32, 33] - stx %o5, [$out + 0x88] ! k[34, 35] - `&ROTL128(17)` - stx %o4, [$out + 0x90] ! k[36, 37] - stx %o5, [$out + 0x98] ! k[38, 39] - `&ROTL128(17)` - stx %o4, [$out + 0xb0] ! k[44, 45] - stx %o5, [$out + 0xb8] ! k[46, 47] - - mov 3, $tmp - st $tmp, [$out + 0x110] - retl - xor %o0, %o0, %o0 - -.align 16 -.L256key: - ldd [%o4 + 32], %f24 - ldd [%o4 + 40], %f26 - - std %f0, [$out + 0x30] ! k[12, 13] - std %f2, [$out + 0x38] ! k[14, 15] - - fxor %f4, %f0, %f0 - fxor %f6, %f2, %f2 - camellia_f %f24, %f2, %f0, %f2 - camellia_f %f26, %f0, %f2, %f0 - - std %f0, [$out + 0x10] ! k[ 4, 5] - std %f2, [$out + 0x18] ! k[ 6, 7] - - movdtox %f0, %o4 - movdtox %f2, %o5 - `&ROTL128(30)` - stx %o4, [$out + 0x50] ! k[20, 21] - stx %o5, [$out + 0x58] ! k[22, 23] - `&ROTL128(30)` - stx %o4, [$out + 0xa0] ! k[40, 41] - stx %o5, [$out + 0xa8] ! k[42, 43] - `&ROTL128(51)` - stx %o4, [$out + 0x100] ! k[64, 65] - stx %o5, [$out + 0x108] ! k[66, 67] - - movdtox %f4, %o4 ! k[ 8, 9] - movdtox %f6, %o5 ! k[10, 11] - `&ROTL128(15)` - stx %o4, [$out + 0x20] ! k[ 8, 9] - stx %o5, [$out + 0x28] ! k[10, 11] - `&ROTL128(15)` - stx %o4, [$out + 0x40] ! k[16, 17] - stx %o5, [$out + 0x48] ! k[18, 19] - `&ROTL128(30)` - stx %o4, [$out + 0x90] ! k[36, 37] - stx %o5, [$out + 0x98] ! k[38, 39] - `&ROTL128(34)` - stx %o4, [$out + 0xd0] ! k[52, 53] - stx %o5, [$out + 0xd8] ! k[54, 55] - ldx [$out + 0x30], %o4 ! k[12, 13] - ldx [$out + 0x38], %o5 ! k[14, 15] - `&ROTL128(15)` - stx %o4, [$out + 0x30] ! k[12, 13] - stx %o5, [$out + 0x38] ! k[14, 15] - `&ROTL128(30)` - stx %o4, [$out + 0x70] ! k[28, 29] - stx %o5, [$out + 0x78] ! k[30, 31] - srlx %o4, 32, %g4 - srlx %o5, 32, %g5 - st %o4, [$out + 0xc0] ! k[48] - st %g5, [$out + 0xc4] ! k[49] - st %o5, [$out + 0xc8] ! k[50] - st %g4, [$out + 0xcc] ! k[51] - `&ROTL128(49)` - stx %o4, [$out + 0xe0] ! k[56, 57] - stx %o5, [$out + 0xe8] ! k[58, 59] - - movdtox %f28, %o4 ! k[ 0, 1] - movdtox %f30, %o5 ! k[ 2, 3] - `&ROTL128(45)` - stx %o4, [$out + 0x60] ! k[24, 25] - stx %o5, [$out + 0x68] ! k[26, 27] - `&ROTL128(15)` - stx %o4, [$out + 0x80] ! k[32, 33] - stx %o5, [$out + 0x88] ! k[34, 35] - `&ROTL128(17)` - stx %o4, [$out + 0xb0] ! k[44, 45] - stx %o5, [$out + 0xb8] ! k[46, 47] - `&ROTL128(34)` - stx %o4, [$out + 0xf0] ! k[60, 61] - stx %o5, [$out + 0xf8] ! k[62, 63] - - mov 4, $tmp - st $tmp, [$out + 0x110] - retl - xor %o0, %o0, %o0 -.type cmll_t4_set_key,#function -.size cmll_t4_set_key,.-cmll_t4_set_key -.align 32 -SIGMA: - .long 0xa09e667f, 0x3bcc908b, 0xb67ae858, 0x4caa73b2 - .long 0xc6ef372f, 0xe94f82be, 0x54ff53a5, 0xf1d36f1c - .long 0x10e527fa, 0xde682d1d, 0xb05688c2, 0xb3e6c1fd -.type SIGMA,#object -.size SIGMA,.-SIGMA -.asciz "Camellia for SPARC T4, David S. Miller, Andy Polyakov" -___ -} - -{{{ -my ($inp,$out,$len,$key,$ivec,$enc)=map("%i$_",(0..5)); -my ($ileft,$iright,$ooff,$omask,$ivoff)=map("%l$_",(1..7)); - -$code.=<<___; -.align 32 -_cmll128_load_enckey: - ldx [$key + 0], %g4 - ldx [$key + 8], %g5 -___ -for ($i=2; $i<26;$i++) { # load key schedule - $code.=<<___; - ldd [$key + `8*$i`], %f`12+2*$i` -___ -} -$code.=<<___; - retl - nop -.type _cmll128_load_enckey,#function -.size _cmll128_load_enckey,.-_cmll128_load_enckey -_cmll256_load_enckey=_cmll128_load_enckey - -.align 32 -_cmll256_load_deckey: - ldd [$key + 64], %f62 - ldd [$key + 72], %f60 - b .Load_deckey - add $key, 64, $key -_cmll128_load_deckey: - ldd [$key + 0], %f60 - ldd [$key + 8], %f62 -.Load_deckey: -___ -for ($i=2; $i<24;$i++) { # load key schedule - $code.=<<___; - ldd [$key + `8*$i`], %f`62-2*$i` -___ -} -$code.=<<___; - ldx [$key + 192], %g4 - retl - ldx [$key + 200], %g5 -.type _cmll256_load_deckey,#function -.size _cmll256_load_deckey,.-_cmll256_load_deckey - -.align 32 -_cmll128_encrypt_1x: -___ -for ($i=0; $i<3; $i++) { - $code.=<<___; - camellia_f %f`16+16*$i+0`, %f2, %f0, %f2 - camellia_f %f`16+16*$i+2`, %f0, %f2, %f0 - camellia_f %f`16+16*$i+4`, %f2, %f0, %f2 - camellia_f %f`16+16*$i+6`, %f0, %f2, %f0 -___ -$code.=<<___ if ($i<2); - camellia_f %f`16+16*$i+8`, %f2, %f0, %f2 - camellia_f %f`16+16*$i+10`, %f0, %f2, %f0 - camellia_fl %f`16+16*$i+12`, %f0, %f0 - camellia_fli %f`16+16*$i+14`, %f2, %f2 -___ -} -$code.=<<___; - camellia_f %f56, %f2, %f0, %f4 - camellia_f %f58, %f0, %f4, %f2 - fxor %f60, %f4, %f0 - retl - fxor %f62, %f2, %f2 -.type _cmll128_encrypt_1x,#function -.size _cmll128_encrypt_1x,.-_cmll128_encrypt_1x -_cmll128_decrypt_1x=_cmll128_encrypt_1x - -.align 32 -_cmll128_encrypt_2x: -___ -for ($i=0; $i<3; $i++) { - $code.=<<___; - camellia_f %f`16+16*$i+0`, %f2, %f0, %f2 - camellia_f %f`16+16*$i+0`, %f6, %f4, %f6 - camellia_f %f`16+16*$i+2`, %f0, %f2, %f0 - camellia_f %f`16+16*$i+2`, %f4, %f6, %f4 - camellia_f %f`16+16*$i+4`, %f2, %f0, %f2 - camellia_f %f`16+16*$i+4`, %f6, %f4, %f6 - camellia_f %f`16+16*$i+6`, %f0, %f2, %f0 - camellia_f %f`16+16*$i+6`, %f4, %f6, %f4 -___ -$code.=<<___ if ($i<2); - camellia_f %f`16+16*$i+8`, %f2, %f0, %f2 - camellia_f %f`16+16*$i+8`, %f6, %f4, %f6 - camellia_f %f`16+16*$i+10`, %f0, %f2, %f0 - camellia_f %f`16+16*$i+10`, %f4, %f6, %f4 - camellia_fl %f`16+16*$i+12`, %f0, %f0 - camellia_fl %f`16+16*$i+12`, %f4, %f4 - camellia_fli %f`16+16*$i+14`, %f2, %f2 - camellia_fli %f`16+16*$i+14`, %f6, %f6 -___ -} -$code.=<<___; - camellia_f %f56, %f2, %f0, %f8 - camellia_f %f56, %f6, %f4, %f10 - camellia_f %f58, %f0, %f8, %f2 - camellia_f %f58, %f4, %f10, %f6 - fxor %f60, %f8, %f0 - fxor %f60, %f10, %f4 - fxor %f62, %f2, %f2 - retl - fxor %f62, %f6, %f6 -.type _cmll128_encrypt_2x,#function -.size _cmll128_encrypt_2x,.-_cmll128_encrypt_2x -_cmll128_decrypt_2x=_cmll128_encrypt_2x - -.align 32 -_cmll256_encrypt_1x: - camellia_f %f16, %f2, %f0, %f2 - camellia_f %f18, %f0, %f2, %f0 - ldd [$key + 208], %f16 - ldd [$key + 216], %f18 - camellia_f %f20, %f2, %f0, %f2 - camellia_f %f22, %f0, %f2, %f0 - ldd [$key + 224], %f20 - ldd [$key + 232], %f22 - camellia_f %f24, %f2, %f0, %f2 - camellia_f %f26, %f0, %f2, %f0 - ldd [$key + 240], %f24 - ldd [$key + 248], %f26 - camellia_fl %f28, %f0, %f0 - camellia_fli %f30, %f2, %f2 - ldd [$key + 256], %f28 - ldd [$key + 264], %f30 -___ -for ($i=1; $i<3; $i++) { - $code.=<<___; - camellia_f %f`16+16*$i+0`, %f2, %f0, %f2 - camellia_f %f`16+16*$i+2`, %f0, %f2, %f0 - camellia_f %f`16+16*$i+4`, %f2, %f0, %f2 - camellia_f %f`16+16*$i+6`, %f0, %f2, %f0 - camellia_f %f`16+16*$i+8`, %f2, %f0, %f2 - camellia_f %f`16+16*$i+10`, %f0, %f2, %f0 - camellia_fl %f`16+16*$i+12`, %f0, %f0 - camellia_fli %f`16+16*$i+14`, %f2, %f2 -___ -} -$code.=<<___; - camellia_f %f16, %f2, %f0, %f2 - camellia_f %f18, %f0, %f2, %f0 - ldd [$key + 16], %f16 - ldd [$key + 24], %f18 - camellia_f %f20, %f2, %f0, %f2 - camellia_f %f22, %f0, %f2, %f0 - ldd [$key + 32], %f20 - ldd [$key + 40], %f22 - camellia_f %f24, %f2, %f0, %f4 - camellia_f %f26, %f0, %f4, %f2 - ldd [$key + 48], %f24 - ldd [$key + 56], %f26 - fxor %f28, %f4, %f0 - fxor %f30, %f2, %f2 - ldd [$key + 64], %f28 - retl - ldd [$key + 72], %f30 -.type _cmll256_encrypt_1x,#function -.size _cmll256_encrypt_1x,.-_cmll256_encrypt_1x - -.align 32 -_cmll256_encrypt_2x: - camellia_f %f16, %f2, %f0, %f2 - camellia_f %f16, %f6, %f4, %f6 - camellia_f %f18, %f0, %f2, %f0 - camellia_f %f18, %f4, %f6, %f4 - ldd [$key + 208], %f16 - ldd [$key + 216], %f18 - camellia_f %f20, %f2, %f0, %f2 - camellia_f %f20, %f6, %f4, %f6 - camellia_f %f22, %f0, %f2, %f0 - camellia_f %f22, %f4, %f6, %f4 - ldd [$key + 224], %f20 - ldd [$key + 232], %f22 - camellia_f %f24, %f2, %f0, %f2 - camellia_f %f24, %f6, %f4, %f6 - camellia_f %f26, %f0, %f2, %f0 - camellia_f %f26, %f4, %f6, %f4 - ldd [$key + 240], %f24 - ldd [$key + 248], %f26 - camellia_fl %f28, %f0, %f0 - camellia_fl %f28, %f4, %f4 - camellia_fli %f30, %f2, %f2 - camellia_fli %f30, %f6, %f6 - ldd [$key + 256], %f28 - ldd [$key + 264], %f30 -___ -for ($i=1; $i<3; $i++) { - $code.=<<___; - camellia_f %f`16+16*$i+0`, %f2, %f0, %f2 - camellia_f %f`16+16*$i+0`, %f6, %f4, %f6 - camellia_f %f`16+16*$i+2`, %f0, %f2, %f0 - camellia_f %f`16+16*$i+2`, %f4, %f6, %f4 - camellia_f %f`16+16*$i+4`, %f2, %f0, %f2 - camellia_f %f`16+16*$i+4`, %f6, %f4, %f6 - camellia_f %f`16+16*$i+6`, %f0, %f2, %f0 - camellia_f %f`16+16*$i+6`, %f4, %f6, %f4 - camellia_f %f`16+16*$i+8`, %f2, %f0, %f2 - camellia_f %f`16+16*$i+8`, %f6, %f4, %f6 - camellia_f %f`16+16*$i+10`, %f0, %f2, %f0 - camellia_f %f`16+16*$i+10`, %f4, %f6, %f4 - camellia_fl %f`16+16*$i+12`, %f0, %f0 - camellia_fl %f`16+16*$i+12`, %f4, %f4 - camellia_fli %f`16+16*$i+14`, %f2, %f2 - camellia_fli %f`16+16*$i+14`, %f6, %f6 -___ -} -$code.=<<___; - camellia_f %f16, %f2, %f0, %f2 - camellia_f %f16, %f6, %f4, %f6 - camellia_f %f18, %f0, %f2, %f0 - camellia_f %f18, %f4, %f6, %f4 - ldd [$key + 16], %f16 - ldd [$key + 24], %f18 - camellia_f %f20, %f2, %f0, %f2 - camellia_f %f20, %f6, %f4, %f6 - camellia_f %f22, %f0, %f2, %f0 - camellia_f %f22, %f4, %f6, %f4 - ldd [$key + 32], %f20 - ldd [$key + 40], %f22 - camellia_f %f24, %f2, %f0, %f8 - camellia_f %f24, %f6, %f4, %f10 - camellia_f %f26, %f0, %f8, %f2 - camellia_f %f26, %f4, %f10, %f6 - ldd [$key + 48], %f24 - ldd [$key + 56], %f26 - fxor %f28, %f8, %f0 - fxor %f28, %f10, %f4 - fxor %f30, %f2, %f2 - fxor %f30, %f6, %f6 - ldd [$key + 64], %f28 - retl - ldd [$key + 72], %f30 -.type _cmll256_encrypt_2x,#function -.size _cmll256_encrypt_2x,.-_cmll256_encrypt_2x - -.align 32 -_cmll256_decrypt_1x: - camellia_f %f16, %f2, %f0, %f2 - camellia_f %f18, %f0, %f2, %f0 - ldd [$key - 8], %f16 - ldd [$key - 16], %f18 - camellia_f %f20, %f2, %f0, %f2 - camellia_f %f22, %f0, %f2, %f0 - ldd [$key - 24], %f20 - ldd [$key - 32], %f22 - camellia_f %f24, %f2, %f0, %f2 - camellia_f %f26, %f0, %f2, %f0 - ldd [$key - 40], %f24 - ldd [$key - 48], %f26 - camellia_fl %f28, %f0, %f0 - camellia_fli %f30, %f2, %f2 - ldd [$key - 56], %f28 - ldd [$key - 64], %f30 -___ -for ($i=1; $i<3; $i++) { - $code.=<<___; - camellia_f %f`16+16*$i+0`, %f2, %f0, %f2 - camellia_f %f`16+16*$i+2`, %f0, %f2, %f0 - camellia_f %f`16+16*$i+4`, %f2, %f0, %f2 - camellia_f %f`16+16*$i+6`, %f0, %f2, %f0 - camellia_f %f`16+16*$i+8`, %f2, %f0, %f2 - camellia_f %f`16+16*$i+10`, %f0, %f2, %f0 - camellia_fl %f`16+16*$i+12`, %f0, %f0 - camellia_fli %f`16+16*$i+14`, %f2, %f2 -___ -} -$code.=<<___; - camellia_f %f16, %f2, %f0, %f2 - camellia_f %f18, %f0, %f2, %f0 - ldd [$key + 184], %f16 - ldd [$key + 176], %f18 - camellia_f %f20, %f2, %f0, %f2 - camellia_f %f22, %f0, %f2, %f0 - ldd [$key + 168], %f20 - ldd [$key + 160], %f22 - camellia_f %f24, %f2, %f0, %f4 - camellia_f %f26, %f0, %f4, %f2 - ldd [$key + 152], %f24 - ldd [$key + 144], %f26 - fxor %f30, %f4, %f0 - fxor %f28, %f2, %f2 - ldd [$key + 136], %f28 - retl - ldd [$key + 128], %f30 -.type _cmll256_decrypt_1x,#function -.size _cmll256_decrypt_1x,.-_cmll256_decrypt_1x - -.align 32 -_cmll256_decrypt_2x: - camellia_f %f16, %f2, %f0, %f2 - camellia_f %f16, %f6, %f4, %f6 - camellia_f %f18, %f0, %f2, %f0 - camellia_f %f18, %f4, %f6, %f4 - ldd [$key - 8], %f16 - ldd [$key - 16], %f18 - camellia_f %f20, %f2, %f0, %f2 - camellia_f %f20, %f6, %f4, %f6 - camellia_f %f22, %f0, %f2, %f0 - camellia_f %f22, %f4, %f6, %f4 - ldd [$key - 24], %f20 - ldd [$key - 32], %f22 - camellia_f %f24, %f2, %f0, %f2 - camellia_f %f24, %f6, %f4, %f6 - camellia_f %f26, %f0, %f2, %f0 - camellia_f %f26, %f4, %f6, %f4 - ldd [$key - 40], %f24 - ldd [$key - 48], %f26 - camellia_fl %f28, %f0, %f0 - camellia_fl %f28, %f4, %f4 - camellia_fli %f30, %f2, %f2 - camellia_fli %f30, %f6, %f6 - ldd [$key - 56], %f28 - ldd [$key - 64], %f30 -___ -for ($i=1; $i<3; $i++) { - $code.=<<___; - camellia_f %f`16+16*$i+0`, %f2, %f0, %f2 - camellia_f %f`16+16*$i+0`, %f6, %f4, %f6 - camellia_f %f`16+16*$i+2`, %f0, %f2, %f0 - camellia_f %f`16+16*$i+2`, %f4, %f6, %f4 - camellia_f %f`16+16*$i+4`, %f2, %f0, %f2 - camellia_f %f`16+16*$i+4`, %f6, %f4, %f6 - camellia_f %f`16+16*$i+6`, %f0, %f2, %f0 - camellia_f %f`16+16*$i+6`, %f4, %f6, %f4 - camellia_f %f`16+16*$i+8`, %f2, %f0, %f2 - camellia_f %f`16+16*$i+8`, %f6, %f4, %f6 - camellia_f %f`16+16*$i+10`, %f0, %f2, %f0 - camellia_f %f`16+16*$i+10`, %f4, %f6, %f4 - camellia_fl %f`16+16*$i+12`, %f0, %f0 - camellia_fl %f`16+16*$i+12`, %f4, %f4 - camellia_fli %f`16+16*$i+14`, %f2, %f2 - camellia_fli %f`16+16*$i+14`, %f6, %f6 -___ -} -$code.=<<___; - camellia_f %f16, %f2, %f0, %f2 - camellia_f %f16, %f6, %f4, %f6 - camellia_f %f18, %f0, %f2, %f0 - camellia_f %f18, %f4, %f6, %f4 - ldd [$key + 184], %f16 - ldd [$key + 176], %f18 - camellia_f %f20, %f2, %f0, %f2 - camellia_f %f20, %f6, %f4, %f6 - camellia_f %f22, %f0, %f2, %f0 - camellia_f %f22, %f4, %f6, %f4 - ldd [$key + 168], %f20 - ldd [$key + 160], %f22 - camellia_f %f24, %f2, %f0, %f8 - camellia_f %f24, %f6, %f4, %f10 - camellia_f %f26, %f0, %f8, %f2 - camellia_f %f26, %f4, %f10, %f6 - ldd [$key + 152], %f24 - ldd [$key + 144], %f26 - fxor %f30, %f8, %f0 - fxor %f30, %f10, %f4 - fxor %f28, %f2, %f2 - fxor %f28, %f6, %f6 - ldd [$key + 136], %f28 - retl - ldd [$key + 128], %f30 -.type _cmll256_decrypt_2x,#function -.size _cmll256_decrypt_2x,.-_cmll256_decrypt_2x -___ - -&alg_cbc_encrypt_implement("cmll",128); -&alg_cbc_encrypt_implement("cmll",256); - -&alg_cbc_decrypt_implement("cmll",128); -&alg_cbc_decrypt_implement("cmll",256); - -if ($::evp) { - &alg_ctr32_implement("cmll",128); - &alg_ctr32_implement("cmll",256); -} -}}} - -if (!$::evp) { -$code.=<<___; -.global Camellia_encrypt -Camellia_encrypt=cmll_t4_encrypt -.global Camellia_decrypt -Camellia_decrypt=cmll_t4_decrypt -.global Camellia_set_key -.align 32 -Camellia_set_key: - andcc %o2, 7, %g0 ! double-check alignment - bnz,a,pn %icc, 1f - mov -1, %o0 - brz,a,pn %o0, 1f - mov -1, %o0 - brz,a,pn %o2, 1f - mov -1, %o0 - andncc %o1, 0x1c0, %g0 - bnz,a,pn %icc, 1f - mov -2, %o0 - cmp %o1, 128 - bl,a,pn %icc, 1f - mov -2, %o0 - b cmll_t4_set_key - nop -1: retl - nop -.type Camellia_set_key,#function -.size Camellia_set_key,.-Camellia_set_key -___ - -my ($inp,$out,$len,$key,$ivec,$enc)=map("%o$_",(0..5)); - -$code.=<<___; -.globl Camellia_cbc_encrypt -.align 32 -Camellia_cbc_encrypt: - ld [$key + 272], %g1 - nop - brz $enc, .Lcbc_decrypt - cmp %g1, 3 - - be,pt %icc, cmll128_t4_cbc_encrypt - nop - ba cmll256_t4_cbc_encrypt - nop - -.Lcbc_decrypt: - be,pt %icc, cmll128_t4_cbc_decrypt - nop - ba cmll256_t4_cbc_decrypt - nop -.type Camellia_cbc_encrypt,#function -.size Camellia_cbc_encrypt,.-Camellia_cbc_encrypt -___ -} - -&emit_assembler(); - -close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/camellia/build.info b/crypto/camellia/build.info deleted file mode 100644 index f13cd8c958be28f5993819b4085ff385e9785bc3..0000000000000000000000000000000000000000 --- a/crypto/camellia/build.info +++ /dev/null @@ -1,25 +0,0 @@ -LIBS=../../libcrypto - -$CMLLASM=camellia.c cmll_misc.c cmll_cbc.c -IF[{- !$disabled{asm} -}] - $CMLLASM_x86=cmll-x86.S - $CMLLASM_x86_64=cmll-x86_64.s cmll_misc.c - $CMLLASM_sparcv9=camellia.c cmll_misc.c cmll_cbc.c cmllt4-sparcv9.S - - # Now that we have defined all the arch specific variables, use the - # appropriate one - IF[$CMLLASM_{- $target{asm_arch} -}] - $CMLLASM=$CMLLASM_{- $target{asm_arch} -} - $CMLLDEF=CMLL_ASM - ENDIF -ENDIF - -SOURCE[../../libcrypto]=cmll_ecb.c cmll_ofb.c cmll_cfb.c cmll_ctr.c $CMLLASM -DEFINE[../../libcrypto]=$CMLLDEF - -GENERATE[cmll-x86.S]=asm/cmll-x86.pl -DEPEND[cmll-x86.S]=../perlasm/x86asm.pl -GENERATE[cmll-x86_64.s]=asm/cmll-x86_64.pl -GENERATE[cmllt4-sparcv9.S]=asm/cmllt4-sparcv9.pl -INCLUDE[cmllt4-sparcv9.o]=.. -DEPEND[cmllt4-sparcv9.S]=../perlasm/sparcv9_modes.pl diff --git a/crypto/camellia/camellia.c b/crypto/camellia/camellia.c deleted file mode 100644 index a4de9f891ab8698ad985194d394836091f61b0cd..0000000000000000000000000000000000000000 --- a/crypto/camellia/camellia.c +++ /dev/null @@ -1,507 +0,0 @@ -/* - * Copyright 2006-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* ==================================================================== - * Copyright 2006 NTT (Nippon Telegraph and Telephone Corporation) . - * ALL RIGHTS RESERVED. - * - * Intellectual Property information for Camellia: - * http://info.isl.ntt.co.jp/crypt/eng/info/chiteki.html - * - * News Release for Announcement of Camellia open source: - * http://www.ntt.co.jp/news/news06e/0604/060413a.html - * - * The Camellia Code included herein is developed by - * NTT (Nippon Telegraph and Telephone Corporation), and is contributed - * to the OpenSSL project. - */ - -/* - * Algorithm Specification - * http://info.isl.ntt.co.jp/crypt/eng/camellia/specifications.html - */ - -/* - * This release balances code size and performance. In particular key - * schedule setup is fully unrolled, because doing so *significantly* - * reduces amount of instructions per setup round and code increase is - * justifiable. In block functions on the other hand only inner loops - * are unrolled, as full unroll gives only nominal performance boost, - * while code size grows 4 or 7 times. Also, unlike previous versions - * this one "encourages" compiler to keep intermediate variables in - * registers, which should give better "all round" results, in other - * words reasonable performance even with not so modern compilers. - */ - -/* - * Camellia low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include -#include "cmll_local.h" -#include -#include - -#define RightRotate(x, s) ( ((x) >> (s)) + ((x) << (32 - s)) ) -#define LeftRotate(x, s) ( ((x) << (s)) + ((x) >> (32 - s)) ) - -#define GETU32(p) (((u32)(p)[0] << 24) ^ ((u32)(p)[1] << 16) ^ ((u32)(p)[2] << 8) ^ ((u32)(p)[3])) -#define PUTU32(p,v) ((p)[0] = (u8)((v) >> 24), (p)[1] = (u8)((v) >> 16), (p)[2] = (u8)((v) >> 8), (p)[3] = (u8)(v)) - -/* S-box data */ -#define SBOX1_1110 Camellia_SBOX[0] -#define SBOX4_4404 Camellia_SBOX[1] -#define SBOX2_0222 Camellia_SBOX[2] -#define SBOX3_3033 Camellia_SBOX[3] -static const u32 Camellia_SBOX[][256] = { - {0x70707000, 0x82828200, 0x2c2c2c00, 0xececec00, 0xb3b3b300, 0x27272700, - 0xc0c0c000, 0xe5e5e500, 0xe4e4e400, 0x85858500, 0x57575700, 0x35353500, - 0xeaeaea00, 0x0c0c0c00, 0xaeaeae00, 0x41414100, 0x23232300, 0xefefef00, - 0x6b6b6b00, 0x93939300, 0x45454500, 0x19191900, 0xa5a5a500, 0x21212100, - 0xededed00, 0x0e0e0e00, 0x4f4f4f00, 0x4e4e4e00, 0x1d1d1d00, 0x65656500, - 0x92929200, 0xbdbdbd00, 0x86868600, 0xb8b8b800, 0xafafaf00, 0x8f8f8f00, - 0x7c7c7c00, 0xebebeb00, 0x1f1f1f00, 0xcecece00, 0x3e3e3e00, 0x30303000, - 0xdcdcdc00, 0x5f5f5f00, 0x5e5e5e00, 0xc5c5c500, 0x0b0b0b00, 0x1a1a1a00, - 0xa6a6a600, 0xe1e1e100, 0x39393900, 0xcacaca00, 0xd5d5d500, 0x47474700, - 0x5d5d5d00, 0x3d3d3d00, 0xd9d9d900, 0x01010100, 0x5a5a5a00, 0xd6d6d600, - 0x51515100, 0x56565600, 0x6c6c6c00, 0x4d4d4d00, 0x8b8b8b00, 0x0d0d0d00, - 0x9a9a9a00, 0x66666600, 0xfbfbfb00, 0xcccccc00, 0xb0b0b000, 0x2d2d2d00, - 0x74747400, 0x12121200, 0x2b2b2b00, 0x20202000, 0xf0f0f000, 0xb1b1b100, - 0x84848400, 0x99999900, 0xdfdfdf00, 0x4c4c4c00, 0xcbcbcb00, 0xc2c2c200, - 0x34343400, 0x7e7e7e00, 0x76767600, 0x05050500, 0x6d6d6d00, 0xb7b7b700, - 0xa9a9a900, 0x31313100, 0xd1d1d100, 0x17171700, 0x04040400, 0xd7d7d700, - 0x14141400, 0x58585800, 0x3a3a3a00, 0x61616100, 0xdedede00, 0x1b1b1b00, - 0x11111100, 0x1c1c1c00, 0x32323200, 0x0f0f0f00, 0x9c9c9c00, 0x16161600, - 0x53535300, 0x18181800, 0xf2f2f200, 0x22222200, 0xfefefe00, 0x44444400, - 0xcfcfcf00, 0xb2b2b200, 0xc3c3c300, 0xb5b5b500, 0x7a7a7a00, 0x91919100, - 0x24242400, 0x08080800, 0xe8e8e800, 0xa8a8a800, 0x60606000, 0xfcfcfc00, - 0x69696900, 0x50505000, 0xaaaaaa00, 0xd0d0d000, 0xa0a0a000, 0x7d7d7d00, - 0xa1a1a100, 0x89898900, 0x62626200, 0x97979700, 0x54545400, 0x5b5b5b00, - 0x1e1e1e00, 0x95959500, 0xe0e0e000, 0xffffff00, 0x64646400, 0xd2d2d200, - 0x10101000, 0xc4c4c400, 0x00000000, 0x48484800, 0xa3a3a300, 0xf7f7f700, - 0x75757500, 0xdbdbdb00, 0x8a8a8a00, 0x03030300, 0xe6e6e600, 0xdadada00, - 0x09090900, 0x3f3f3f00, 0xdddddd00, 0x94949400, 0x87878700, 0x5c5c5c00, - 0x83838300, 0x02020200, 0xcdcdcd00, 0x4a4a4a00, 0x90909000, 0x33333300, - 0x73737300, 0x67676700, 0xf6f6f600, 0xf3f3f300, 0x9d9d9d00, 0x7f7f7f00, - 0xbfbfbf00, 0xe2e2e200, 0x52525200, 0x9b9b9b00, 0xd8d8d800, 0x26262600, - 0xc8c8c800, 0x37373700, 0xc6c6c600, 0x3b3b3b00, 0x81818100, 0x96969600, - 0x6f6f6f00, 0x4b4b4b00, 0x13131300, 0xbebebe00, 0x63636300, 0x2e2e2e00, - 0xe9e9e900, 0x79797900, 0xa7a7a700, 0x8c8c8c00, 0x9f9f9f00, 0x6e6e6e00, - 0xbcbcbc00, 0x8e8e8e00, 0x29292900, 0xf5f5f500, 0xf9f9f900, 0xb6b6b600, - 0x2f2f2f00, 0xfdfdfd00, 0xb4b4b400, 0x59595900, 0x78787800, 0x98989800, - 0x06060600, 0x6a6a6a00, 0xe7e7e700, 0x46464600, 0x71717100, 0xbababa00, - 0xd4d4d400, 0x25252500, 0xababab00, 0x42424200, 0x88888800, 0xa2a2a200, - 0x8d8d8d00, 0xfafafa00, 0x72727200, 0x07070700, 0xb9b9b900, 0x55555500, - 0xf8f8f800, 0xeeeeee00, 0xacacac00, 0x0a0a0a00, 0x36363600, 0x49494900, - 0x2a2a2a00, 0x68686800, 0x3c3c3c00, 0x38383800, 0xf1f1f100, 0xa4a4a400, - 0x40404000, 0x28282800, 0xd3d3d300, 0x7b7b7b00, 0xbbbbbb00, 0xc9c9c900, - 0x43434300, 0xc1c1c100, 0x15151500, 0xe3e3e300, 0xadadad00, 0xf4f4f400, - 0x77777700, 0xc7c7c700, 0x80808000, 0x9e9e9e00}, - {0x70700070, 0x2c2c002c, 0xb3b300b3, 0xc0c000c0, 0xe4e400e4, 0x57570057, - 0xeaea00ea, 0xaeae00ae, 0x23230023, 0x6b6b006b, 0x45450045, 0xa5a500a5, - 0xeded00ed, 0x4f4f004f, 0x1d1d001d, 0x92920092, 0x86860086, 0xafaf00af, - 0x7c7c007c, 0x1f1f001f, 0x3e3e003e, 0xdcdc00dc, 0x5e5e005e, 0x0b0b000b, - 0xa6a600a6, 0x39390039, 0xd5d500d5, 0x5d5d005d, 0xd9d900d9, 0x5a5a005a, - 0x51510051, 0x6c6c006c, 0x8b8b008b, 0x9a9a009a, 0xfbfb00fb, 0xb0b000b0, - 0x74740074, 0x2b2b002b, 0xf0f000f0, 0x84840084, 0xdfdf00df, 0xcbcb00cb, - 0x34340034, 0x76760076, 0x6d6d006d, 0xa9a900a9, 0xd1d100d1, 0x04040004, - 0x14140014, 0x3a3a003a, 0xdede00de, 0x11110011, 0x32320032, 0x9c9c009c, - 0x53530053, 0xf2f200f2, 0xfefe00fe, 0xcfcf00cf, 0xc3c300c3, 0x7a7a007a, - 0x24240024, 0xe8e800e8, 0x60600060, 0x69690069, 0xaaaa00aa, 0xa0a000a0, - 0xa1a100a1, 0x62620062, 0x54540054, 0x1e1e001e, 0xe0e000e0, 0x64640064, - 0x10100010, 0x00000000, 0xa3a300a3, 0x75750075, 0x8a8a008a, 0xe6e600e6, - 0x09090009, 0xdddd00dd, 0x87870087, 0x83830083, 0xcdcd00cd, 0x90900090, - 0x73730073, 0xf6f600f6, 0x9d9d009d, 0xbfbf00bf, 0x52520052, 0xd8d800d8, - 0xc8c800c8, 0xc6c600c6, 0x81810081, 0x6f6f006f, 0x13130013, 0x63630063, - 0xe9e900e9, 0xa7a700a7, 0x9f9f009f, 0xbcbc00bc, 0x29290029, 0xf9f900f9, - 0x2f2f002f, 0xb4b400b4, 0x78780078, 0x06060006, 0xe7e700e7, 0x71710071, - 0xd4d400d4, 0xabab00ab, 0x88880088, 0x8d8d008d, 0x72720072, 0xb9b900b9, - 0xf8f800f8, 0xacac00ac, 0x36360036, 0x2a2a002a, 0x3c3c003c, 0xf1f100f1, - 0x40400040, 0xd3d300d3, 0xbbbb00bb, 0x43430043, 0x15150015, 0xadad00ad, - 0x77770077, 0x80800080, 0x82820082, 0xecec00ec, 0x27270027, 0xe5e500e5, - 0x85850085, 0x35350035, 0x0c0c000c, 0x41410041, 0xefef00ef, 0x93930093, - 0x19190019, 0x21210021, 0x0e0e000e, 0x4e4e004e, 0x65650065, 0xbdbd00bd, - 0xb8b800b8, 0x8f8f008f, 0xebeb00eb, 0xcece00ce, 0x30300030, 0x5f5f005f, - 0xc5c500c5, 0x1a1a001a, 0xe1e100e1, 0xcaca00ca, 0x47470047, 0x3d3d003d, - 0x01010001, 0xd6d600d6, 0x56560056, 0x4d4d004d, 0x0d0d000d, 0x66660066, - 0xcccc00cc, 0x2d2d002d, 0x12120012, 0x20200020, 0xb1b100b1, 0x99990099, - 0x4c4c004c, 0xc2c200c2, 0x7e7e007e, 0x05050005, 0xb7b700b7, 0x31310031, - 0x17170017, 0xd7d700d7, 0x58580058, 0x61610061, 0x1b1b001b, 0x1c1c001c, - 0x0f0f000f, 0x16160016, 0x18180018, 0x22220022, 0x44440044, 0xb2b200b2, - 0xb5b500b5, 0x91910091, 0x08080008, 0xa8a800a8, 0xfcfc00fc, 0x50500050, - 0xd0d000d0, 0x7d7d007d, 0x89890089, 0x97970097, 0x5b5b005b, 0x95950095, - 0xffff00ff, 0xd2d200d2, 0xc4c400c4, 0x48480048, 0xf7f700f7, 0xdbdb00db, - 0x03030003, 0xdada00da, 0x3f3f003f, 0x94940094, 0x5c5c005c, 0x02020002, - 0x4a4a004a, 0x33330033, 0x67670067, 0xf3f300f3, 0x7f7f007f, 0xe2e200e2, - 0x9b9b009b, 0x26260026, 0x37370037, 0x3b3b003b, 0x96960096, 0x4b4b004b, - 0xbebe00be, 0x2e2e002e, 0x79790079, 0x8c8c008c, 0x6e6e006e, 0x8e8e008e, - 0xf5f500f5, 0xb6b600b6, 0xfdfd00fd, 0x59590059, 0x98980098, 0x6a6a006a, - 0x46460046, 0xbaba00ba, 0x25250025, 0x42420042, 0xa2a200a2, 0xfafa00fa, - 0x07070007, 0x55550055, 0xeeee00ee, 0x0a0a000a, 0x49490049, 0x68680068, - 0x38380038, 0xa4a400a4, 0x28280028, 0x7b7b007b, 0xc9c900c9, 0xc1c100c1, - 0xe3e300e3, 0xf4f400f4, 0xc7c700c7, 0x9e9e009e}, - {0x00e0e0e0, 0x00050505, 0x00585858, 0x00d9d9d9, 0x00676767, 0x004e4e4e, - 0x00818181, 0x00cbcbcb, 0x00c9c9c9, 0x000b0b0b, 0x00aeaeae, 0x006a6a6a, - 0x00d5d5d5, 0x00181818, 0x005d5d5d, 0x00828282, 0x00464646, 0x00dfdfdf, - 0x00d6d6d6, 0x00272727, 0x008a8a8a, 0x00323232, 0x004b4b4b, 0x00424242, - 0x00dbdbdb, 0x001c1c1c, 0x009e9e9e, 0x009c9c9c, 0x003a3a3a, 0x00cacaca, - 0x00252525, 0x007b7b7b, 0x000d0d0d, 0x00717171, 0x005f5f5f, 0x001f1f1f, - 0x00f8f8f8, 0x00d7d7d7, 0x003e3e3e, 0x009d9d9d, 0x007c7c7c, 0x00606060, - 0x00b9b9b9, 0x00bebebe, 0x00bcbcbc, 0x008b8b8b, 0x00161616, 0x00343434, - 0x004d4d4d, 0x00c3c3c3, 0x00727272, 0x00959595, 0x00ababab, 0x008e8e8e, - 0x00bababa, 0x007a7a7a, 0x00b3b3b3, 0x00020202, 0x00b4b4b4, 0x00adadad, - 0x00a2a2a2, 0x00acacac, 0x00d8d8d8, 0x009a9a9a, 0x00171717, 0x001a1a1a, - 0x00353535, 0x00cccccc, 0x00f7f7f7, 0x00999999, 0x00616161, 0x005a5a5a, - 0x00e8e8e8, 0x00242424, 0x00565656, 0x00404040, 0x00e1e1e1, 0x00636363, - 0x00090909, 0x00333333, 0x00bfbfbf, 0x00989898, 0x00979797, 0x00858585, - 0x00686868, 0x00fcfcfc, 0x00ececec, 0x000a0a0a, 0x00dadada, 0x006f6f6f, - 0x00535353, 0x00626262, 0x00a3a3a3, 0x002e2e2e, 0x00080808, 0x00afafaf, - 0x00282828, 0x00b0b0b0, 0x00747474, 0x00c2c2c2, 0x00bdbdbd, 0x00363636, - 0x00222222, 0x00383838, 0x00646464, 0x001e1e1e, 0x00393939, 0x002c2c2c, - 0x00a6a6a6, 0x00303030, 0x00e5e5e5, 0x00444444, 0x00fdfdfd, 0x00888888, - 0x009f9f9f, 0x00656565, 0x00878787, 0x006b6b6b, 0x00f4f4f4, 0x00232323, - 0x00484848, 0x00101010, 0x00d1d1d1, 0x00515151, 0x00c0c0c0, 0x00f9f9f9, - 0x00d2d2d2, 0x00a0a0a0, 0x00555555, 0x00a1a1a1, 0x00414141, 0x00fafafa, - 0x00434343, 0x00131313, 0x00c4c4c4, 0x002f2f2f, 0x00a8a8a8, 0x00b6b6b6, - 0x003c3c3c, 0x002b2b2b, 0x00c1c1c1, 0x00ffffff, 0x00c8c8c8, 0x00a5a5a5, - 0x00202020, 0x00898989, 0x00000000, 0x00909090, 0x00474747, 0x00efefef, - 0x00eaeaea, 0x00b7b7b7, 0x00151515, 0x00060606, 0x00cdcdcd, 0x00b5b5b5, - 0x00121212, 0x007e7e7e, 0x00bbbbbb, 0x00292929, 0x000f0f0f, 0x00b8b8b8, - 0x00070707, 0x00040404, 0x009b9b9b, 0x00949494, 0x00212121, 0x00666666, - 0x00e6e6e6, 0x00cecece, 0x00ededed, 0x00e7e7e7, 0x003b3b3b, 0x00fefefe, - 0x007f7f7f, 0x00c5c5c5, 0x00a4a4a4, 0x00373737, 0x00b1b1b1, 0x004c4c4c, - 0x00919191, 0x006e6e6e, 0x008d8d8d, 0x00767676, 0x00030303, 0x002d2d2d, - 0x00dedede, 0x00969696, 0x00262626, 0x007d7d7d, 0x00c6c6c6, 0x005c5c5c, - 0x00d3d3d3, 0x00f2f2f2, 0x004f4f4f, 0x00191919, 0x003f3f3f, 0x00dcdcdc, - 0x00797979, 0x001d1d1d, 0x00525252, 0x00ebebeb, 0x00f3f3f3, 0x006d6d6d, - 0x005e5e5e, 0x00fbfbfb, 0x00696969, 0x00b2b2b2, 0x00f0f0f0, 0x00313131, - 0x000c0c0c, 0x00d4d4d4, 0x00cfcfcf, 0x008c8c8c, 0x00e2e2e2, 0x00757575, - 0x00a9a9a9, 0x004a4a4a, 0x00575757, 0x00848484, 0x00111111, 0x00454545, - 0x001b1b1b, 0x00f5f5f5, 0x00e4e4e4, 0x000e0e0e, 0x00737373, 0x00aaaaaa, - 0x00f1f1f1, 0x00dddddd, 0x00595959, 0x00141414, 0x006c6c6c, 0x00929292, - 0x00545454, 0x00d0d0d0, 0x00787878, 0x00707070, 0x00e3e3e3, 0x00494949, - 0x00808080, 0x00505050, 0x00a7a7a7, 0x00f6f6f6, 0x00777777, 0x00939393, - 0x00868686, 0x00838383, 0x002a2a2a, 0x00c7c7c7, 0x005b5b5b, 0x00e9e9e9, - 0x00eeeeee, 0x008f8f8f, 0x00010101, 0x003d3d3d}, - {0x38003838, 0x41004141, 0x16001616, 0x76007676, 0xd900d9d9, 0x93009393, - 0x60006060, 0xf200f2f2, 0x72007272, 0xc200c2c2, 0xab00abab, 0x9a009a9a, - 0x75007575, 0x06000606, 0x57005757, 0xa000a0a0, 0x91009191, 0xf700f7f7, - 0xb500b5b5, 0xc900c9c9, 0xa200a2a2, 0x8c008c8c, 0xd200d2d2, 0x90009090, - 0xf600f6f6, 0x07000707, 0xa700a7a7, 0x27002727, 0x8e008e8e, 0xb200b2b2, - 0x49004949, 0xde00dede, 0x43004343, 0x5c005c5c, 0xd700d7d7, 0xc700c7c7, - 0x3e003e3e, 0xf500f5f5, 0x8f008f8f, 0x67006767, 0x1f001f1f, 0x18001818, - 0x6e006e6e, 0xaf00afaf, 0x2f002f2f, 0xe200e2e2, 0x85008585, 0x0d000d0d, - 0x53005353, 0xf000f0f0, 0x9c009c9c, 0x65006565, 0xea00eaea, 0xa300a3a3, - 0xae00aeae, 0x9e009e9e, 0xec00ecec, 0x80008080, 0x2d002d2d, 0x6b006b6b, - 0xa800a8a8, 0x2b002b2b, 0x36003636, 0xa600a6a6, 0xc500c5c5, 0x86008686, - 0x4d004d4d, 0x33003333, 0xfd00fdfd, 0x66006666, 0x58005858, 0x96009696, - 0x3a003a3a, 0x09000909, 0x95009595, 0x10001010, 0x78007878, 0xd800d8d8, - 0x42004242, 0xcc00cccc, 0xef00efef, 0x26002626, 0xe500e5e5, 0x61006161, - 0x1a001a1a, 0x3f003f3f, 0x3b003b3b, 0x82008282, 0xb600b6b6, 0xdb00dbdb, - 0xd400d4d4, 0x98009898, 0xe800e8e8, 0x8b008b8b, 0x02000202, 0xeb00ebeb, - 0x0a000a0a, 0x2c002c2c, 0x1d001d1d, 0xb000b0b0, 0x6f006f6f, 0x8d008d8d, - 0x88008888, 0x0e000e0e, 0x19001919, 0x87008787, 0x4e004e4e, 0x0b000b0b, - 0xa900a9a9, 0x0c000c0c, 0x79007979, 0x11001111, 0x7f007f7f, 0x22002222, - 0xe700e7e7, 0x59005959, 0xe100e1e1, 0xda00dada, 0x3d003d3d, 0xc800c8c8, - 0x12001212, 0x04000404, 0x74007474, 0x54005454, 0x30003030, 0x7e007e7e, - 0xb400b4b4, 0x28002828, 0x55005555, 0x68006868, 0x50005050, 0xbe00bebe, - 0xd000d0d0, 0xc400c4c4, 0x31003131, 0xcb00cbcb, 0x2a002a2a, 0xad00adad, - 0x0f000f0f, 0xca00caca, 0x70007070, 0xff00ffff, 0x32003232, 0x69006969, - 0x08000808, 0x62006262, 0x00000000, 0x24002424, 0xd100d1d1, 0xfb00fbfb, - 0xba00baba, 0xed00eded, 0x45004545, 0x81008181, 0x73007373, 0x6d006d6d, - 0x84008484, 0x9f009f9f, 0xee00eeee, 0x4a004a4a, 0xc300c3c3, 0x2e002e2e, - 0xc100c1c1, 0x01000101, 0xe600e6e6, 0x25002525, 0x48004848, 0x99009999, - 0xb900b9b9, 0xb300b3b3, 0x7b007b7b, 0xf900f9f9, 0xce00cece, 0xbf00bfbf, - 0xdf00dfdf, 0x71007171, 0x29002929, 0xcd00cdcd, 0x6c006c6c, 0x13001313, - 0x64006464, 0x9b009b9b, 0x63006363, 0x9d009d9d, 0xc000c0c0, 0x4b004b4b, - 0xb700b7b7, 0xa500a5a5, 0x89008989, 0x5f005f5f, 0xb100b1b1, 0x17001717, - 0xf400f4f4, 0xbc00bcbc, 0xd300d3d3, 0x46004646, 0xcf00cfcf, 0x37003737, - 0x5e005e5e, 0x47004747, 0x94009494, 0xfa00fafa, 0xfc00fcfc, 0x5b005b5b, - 0x97009797, 0xfe00fefe, 0x5a005a5a, 0xac00acac, 0x3c003c3c, 0x4c004c4c, - 0x03000303, 0x35003535, 0xf300f3f3, 0x23002323, 0xb800b8b8, 0x5d005d5d, - 0x6a006a6a, 0x92009292, 0xd500d5d5, 0x21002121, 0x44004444, 0x51005151, - 0xc600c6c6, 0x7d007d7d, 0x39003939, 0x83008383, 0xdc00dcdc, 0xaa00aaaa, - 0x7c007c7c, 0x77007777, 0x56005656, 0x05000505, 0x1b001b1b, 0xa400a4a4, - 0x15001515, 0x34003434, 0x1e001e1e, 0x1c001c1c, 0xf800f8f8, 0x52005252, - 0x20002020, 0x14001414, 0xe900e9e9, 0xbd00bdbd, 0xdd00dddd, 0xe400e4e4, - 0xa100a1a1, 0xe000e0e0, 0x8a008a8a, 0xf100f1f1, 0xd600d6d6, 0x7a007a7a, - 0xbb00bbbb, 0xe300e3e3, 0x40004040, 0x4f004f4f} -}; - -/* Key generation constants */ -static const u32 SIGMA[] = { - 0xa09e667f, 0x3bcc908b, 0xb67ae858, 0x4caa73b2, 0xc6ef372f, 0xe94f82be, - 0x54ff53a5, 0xf1d36f1c, 0x10e527fa, 0xde682d1d, 0xb05688c2, 0xb3e6c1fd -}; - -/* The phi algorithm given in C.2.7 of the Camellia spec document. */ -/* - * This version does not attempt to minimize amount of temporary - * variables, but instead explicitly exposes algorithm's parallelism. - * It is therefore most appropriate for platforms with not less than - * ~16 registers. For platforms with less registers [well, x86 to be - * specific] assembler version should be/is provided anyway... - */ -#define Camellia_Feistel(_s0,_s1,_s2,_s3,_key) do {\ - register u32 _t0,_t1,_t2,_t3;\ -\ - _t0 = _s0 ^ (_key)[0];\ - _t3 = SBOX4_4404[_t0&0xff];\ - _t1 = _s1 ^ (_key)[1];\ - _t3 ^= SBOX3_3033[(_t0 >> 8)&0xff];\ - _t2 = SBOX1_1110[_t1&0xff];\ - _t3 ^= SBOX2_0222[(_t0 >> 16)&0xff];\ - _t2 ^= SBOX4_4404[(_t1 >> 8)&0xff];\ - _t3 ^= SBOX1_1110[(_t0 >> 24)];\ - _t2 ^= _t3;\ - _t3 = RightRotate(_t3,8);\ - _t2 ^= SBOX3_3033[(_t1 >> 16)&0xff];\ - _s3 ^= _t3;\ - _t2 ^= SBOX2_0222[(_t1 >> 24)];\ - _s2 ^= _t2; \ - _s3 ^= _t2;\ -} while(0) - -/* - * Note that n has to be less than 32. Rotations for larger amount - * of bits are achieved by "rotating" order of s-elements and - * adjusting n accordingly, e.g. RotLeft128(s1,s2,s3,s0,n-32). - */ -#define RotLeft128(_s0,_s1,_s2,_s3,_n) do {\ - u32 _t0=_s0>>(32-_n);\ - _s0 = (_s0<<_n) | (_s1>>(32-_n));\ - _s1 = (_s1<<_n) | (_s2>>(32-_n));\ - _s2 = (_s2<<_n) | (_s3>>(32-_n));\ - _s3 = (_s3<<_n) | _t0;\ -} while (0) - -int Camellia_Ekeygen(int keyBitLength, const u8 *rawKey, KEY_TABLE_TYPE k) -{ - register u32 s0, s1, s2, s3; - - k[0] = s0 = GETU32(rawKey); - k[1] = s1 = GETU32(rawKey + 4); - k[2] = s2 = GETU32(rawKey + 8); - k[3] = s3 = GETU32(rawKey + 12); - - if (keyBitLength != 128) { - k[8] = s0 = GETU32(rawKey + 16); - k[9] = s1 = GETU32(rawKey + 20); - if (keyBitLength == 192) { - k[10] = s2 = ~s0; - k[11] = s3 = ~s1; - } else { - k[10] = s2 = GETU32(rawKey + 24); - k[11] = s3 = GETU32(rawKey + 28); - } - s0 ^= k[0], s1 ^= k[1], s2 ^= k[2], s3 ^= k[3]; - } - - /* Use the Feistel routine to scramble the key material */ - Camellia_Feistel(s0, s1, s2, s3, SIGMA + 0); - Camellia_Feistel(s2, s3, s0, s1, SIGMA + 2); - - s0 ^= k[0], s1 ^= k[1], s2 ^= k[2], s3 ^= k[3]; - Camellia_Feistel(s0, s1, s2, s3, SIGMA + 4); - Camellia_Feistel(s2, s3, s0, s1, SIGMA + 6); - - /* Fill the keyTable. Requires many block rotations. */ - if (keyBitLength == 128) { - k[4] = s0, k[5] = s1, k[6] = s2, k[7] = s3; - RotLeft128(s0, s1, s2, s3, 15); /* KA <<< 15 */ - k[12] = s0, k[13] = s1, k[14] = s2, k[15] = s3; - RotLeft128(s0, s1, s2, s3, 15); /* KA <<< 30 */ - k[16] = s0, k[17] = s1, k[18] = s2, k[19] = s3; - RotLeft128(s0, s1, s2, s3, 15); /* KA <<< 45 */ - k[24] = s0, k[25] = s1; - RotLeft128(s0, s1, s2, s3, 15); /* KA <<< 60 */ - k[28] = s0, k[29] = s1, k[30] = s2, k[31] = s3; - RotLeft128(s1, s2, s3, s0, 2); /* KA <<< 94 */ - k[40] = s1, k[41] = s2, k[42] = s3, k[43] = s0; - RotLeft128(s1, s2, s3, s0, 17); /* KA <<<111 */ - k[48] = s1, k[49] = s2, k[50] = s3, k[51] = s0; - - s0 = k[0], s1 = k[1], s2 = k[2], s3 = k[3]; - RotLeft128(s0, s1, s2, s3, 15); /* KL <<< 15 */ - k[8] = s0, k[9] = s1, k[10] = s2, k[11] = s3; - RotLeft128(s0, s1, s2, s3, 30); /* KL <<< 45 */ - k[20] = s0, k[21] = s1, k[22] = s2, k[23] = s3; - RotLeft128(s0, s1, s2, s3, 15); /* KL <<< 60 */ - k[26] = s2, k[27] = s3; - RotLeft128(s0, s1, s2, s3, 17); /* KL <<< 77 */ - k[32] = s0, k[33] = s1, k[34] = s2, k[35] = s3; - RotLeft128(s0, s1, s2, s3, 17); /* KL <<< 94 */ - k[36] = s0, k[37] = s1, k[38] = s2, k[39] = s3; - RotLeft128(s0, s1, s2, s3, 17); /* KL <<<111 */ - k[44] = s0, k[45] = s1, k[46] = s2, k[47] = s3; - - return 3; /* grand rounds */ - } else { - k[12] = s0, k[13] = s1, k[14] = s2, k[15] = s3; - s0 ^= k[8], s1 ^= k[9], s2 ^= k[10], s3 ^= k[11]; - Camellia_Feistel(s0, s1, s2, s3, (SIGMA + 8)); - Camellia_Feistel(s2, s3, s0, s1, (SIGMA + 10)); - - k[4] = s0, k[5] = s1, k[6] = s2, k[7] = s3; - RotLeft128(s0, s1, s2, s3, 30); /* KB <<< 30 */ - k[20] = s0, k[21] = s1, k[22] = s2, k[23] = s3; - RotLeft128(s0, s1, s2, s3, 30); /* KB <<< 60 */ - k[40] = s0, k[41] = s1, k[42] = s2, k[43] = s3; - RotLeft128(s1, s2, s3, s0, 19); /* KB <<<111 */ - k[64] = s1, k[65] = s2, k[66] = s3, k[67] = s0; - - s0 = k[8], s1 = k[9], s2 = k[10], s3 = k[11]; - RotLeft128(s0, s1, s2, s3, 15); /* KR <<< 15 */ - k[8] = s0, k[9] = s1, k[10] = s2, k[11] = s3; - RotLeft128(s0, s1, s2, s3, 15); /* KR <<< 30 */ - k[16] = s0, k[17] = s1, k[18] = s2, k[19] = s3; - RotLeft128(s0, s1, s2, s3, 30); /* KR <<< 60 */ - k[36] = s0, k[37] = s1, k[38] = s2, k[39] = s3; - RotLeft128(s1, s2, s3, s0, 2); /* KR <<< 94 */ - k[52] = s1, k[53] = s2, k[54] = s3, k[55] = s0; - - s0 = k[12], s1 = k[13], s2 = k[14], s3 = k[15]; - RotLeft128(s0, s1, s2, s3, 15); /* KA <<< 15 */ - k[12] = s0, k[13] = s1, k[14] = s2, k[15] = s3; - RotLeft128(s0, s1, s2, s3, 30); /* KA <<< 45 */ - k[28] = s0, k[29] = s1, k[30] = s2, k[31] = s3; - /* KA <<< 77 */ - k[48] = s1, k[49] = s2, k[50] = s3, k[51] = s0; - RotLeft128(s1, s2, s3, s0, 17); /* KA <<< 94 */ - k[56] = s1, k[57] = s2, k[58] = s3, k[59] = s0; - - s0 = k[0], s1 = k[1], s2 = k[2], s3 = k[3]; - RotLeft128(s1, s2, s3, s0, 13); /* KL <<< 45 */ - k[24] = s1, k[25] = s2, k[26] = s3, k[27] = s0; - RotLeft128(s1, s2, s3, s0, 15); /* KL <<< 60 */ - k[32] = s1, k[33] = s2, k[34] = s3, k[35] = s0; - RotLeft128(s1, s2, s3, s0, 17); /* KL <<< 77 */ - k[44] = s1, k[45] = s2, k[46] = s3, k[47] = s0; - RotLeft128(s2, s3, s0, s1, 2); /* KL <<<111 */ - k[60] = s2, k[61] = s3, k[62] = s0, k[63] = s1; - - return 4; /* grand rounds */ - } - /* - * It is possible to perform certain precalculations, which - * would spare few cycles in block procedure. It's not done, - * because it upsets the performance balance between key - * setup and block procedures, negatively affecting overall - * throughput in applications operating on short messages - * and volatile keys. - */ -} - -void Camellia_EncryptBlock_Rounds(int grandRounds, const u8 plaintext[], - const KEY_TABLE_TYPE keyTable, - u8 ciphertext[]) -{ - register u32 s0, s1, s2, s3; - const u32 *k = keyTable, *kend = keyTable + grandRounds * 16; - - s0 = GETU32(plaintext) ^ k[0]; - s1 = GETU32(plaintext + 4) ^ k[1]; - s2 = GETU32(plaintext + 8) ^ k[2]; - s3 = GETU32(plaintext + 12) ^ k[3]; - k += 4; - - while (1) { - /* Camellia makes 6 Feistel rounds */ - Camellia_Feistel(s0, s1, s2, s3, k + 0); - Camellia_Feistel(s2, s3, s0, s1, k + 2); - Camellia_Feistel(s0, s1, s2, s3, k + 4); - Camellia_Feistel(s2, s3, s0, s1, k + 6); - Camellia_Feistel(s0, s1, s2, s3, k + 8); - Camellia_Feistel(s2, s3, s0, s1, k + 10); - k += 12; - - if (k == kend) - break; - - /* - * This is the same function as the diffusion function D of the - * accompanying documentation. See section 3.2 for properties of the - * FLlayer function. - */ - s1 ^= LeftRotate(s0 & k[0], 1); - s2 ^= s3 | k[3]; - s0 ^= s1 | k[1]; - s3 ^= LeftRotate(s2 & k[2], 1); - k += 4; - } - - s2 ^= k[0], s3 ^= k[1], s0 ^= k[2], s1 ^= k[3]; - - PUTU32(ciphertext, s2); - PUTU32(ciphertext + 4, s3); - PUTU32(ciphertext + 8, s0); - PUTU32(ciphertext + 12, s1); -} - -void Camellia_EncryptBlock(int keyBitLength, const u8 plaintext[], - const KEY_TABLE_TYPE keyTable, u8 ciphertext[]) -{ - Camellia_EncryptBlock_Rounds(keyBitLength == 128 ? 3 : 4, - plaintext, keyTable, ciphertext); -} - -void Camellia_DecryptBlock_Rounds(int grandRounds, const u8 ciphertext[], - const KEY_TABLE_TYPE keyTable, - u8 plaintext[]) -{ - u32 s0, s1, s2, s3; - const u32 *k = keyTable + grandRounds * 16, *kend = keyTable + 4; - - s0 = GETU32(ciphertext) ^ k[0]; - s1 = GETU32(ciphertext + 4) ^ k[1]; - s2 = GETU32(ciphertext + 8) ^ k[2]; - s3 = GETU32(ciphertext + 12) ^ k[3]; - - while (1) { - /* Camellia makes 6 Feistel rounds */ - k -= 12; - Camellia_Feistel(s0, s1, s2, s3, k + 10); - Camellia_Feistel(s2, s3, s0, s1, k + 8); - Camellia_Feistel(s0, s1, s2, s3, k + 6); - Camellia_Feistel(s2, s3, s0, s1, k + 4); - Camellia_Feistel(s0, s1, s2, s3, k + 2); - Camellia_Feistel(s2, s3, s0, s1, k + 0); - - if (k == kend) - break; - - /* - * This is the same function as the diffusion function D of the - * accompanying documentation. See section 3.2 for properties of the - * FLlayer function. - */ - k -= 4; - s1 ^= LeftRotate(s0 & k[2], 1); - s2 ^= s3 | k[1]; - s0 ^= s1 | k[3]; - s3 ^= LeftRotate(s2 & k[0], 1); - } - - k -= 4; - s2 ^= k[0], s3 ^= k[1], s0 ^= k[2], s1 ^= k[3]; - - PUTU32(plaintext, s2); - PUTU32(plaintext + 4, s3); - PUTU32(plaintext + 8, s0); - PUTU32(plaintext + 12, s1); -} - -void Camellia_DecryptBlock(int keyBitLength, const u8 ciphertext[], - const KEY_TABLE_TYPE keyTable, u8 plaintext[]) -{ - Camellia_DecryptBlock_Rounds(keyBitLength == 128 ? 3 : 4, - ciphertext, keyTable, plaintext); -} diff --git a/crypto/camellia/cmll_cbc.c b/crypto/camellia/cmll_cbc.c deleted file mode 100644 index 140681a9bd260a6ce1c5f7e1d32dfa34664085c9..0000000000000000000000000000000000000000 --- a/crypto/camellia/cmll_cbc.c +++ /dev/null @@ -1,30 +0,0 @@ -/* - * Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * Camellia low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include -#include - -void Camellia_cbc_encrypt(const unsigned char *in, unsigned char *out, - size_t len, const CAMELLIA_KEY *key, - unsigned char *ivec, const int enc) -{ - - if (enc) - CRYPTO_cbc128_encrypt(in, out, len, key, ivec, - (block128_f) Camellia_encrypt); - else - CRYPTO_cbc128_decrypt(in, out, len, key, ivec, - (block128_f) Camellia_decrypt); -} diff --git a/crypto/camellia/cmll_cfb.c b/crypto/camellia/cmll_cfb.c deleted file mode 100644 index 8a92572d9395438c4251a8448c1585ee400e48e8..0000000000000000000000000000000000000000 --- a/crypto/camellia/cmll_cfb.c +++ /dev/null @@ -1,49 +0,0 @@ -/* - * Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * Camellia low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include -#include - -/* - * The input and output encrypted as though 128bit cfb mode is being used. - * The extra state information to record how much of the 128bit block we have - * used is contained in *num; - */ - -void Camellia_cfb128_encrypt(const unsigned char *in, unsigned char *out, - size_t length, const CAMELLIA_KEY *key, - unsigned char *ivec, int *num, const int enc) -{ - - CRYPTO_cfb128_encrypt(in, out, length, key, ivec, num, enc, - (block128_f) Camellia_encrypt); -} - -/* N.B. This expects the input to be packed, MS bit first */ -void Camellia_cfb1_encrypt(const unsigned char *in, unsigned char *out, - size_t length, const CAMELLIA_KEY *key, - unsigned char *ivec, int *num, const int enc) -{ - CRYPTO_cfb128_1_encrypt(in, out, length, key, ivec, num, enc, - (block128_f) Camellia_encrypt); -} - -void Camellia_cfb8_encrypt(const unsigned char *in, unsigned char *out, - size_t length, const CAMELLIA_KEY *key, - unsigned char *ivec, int *num, const int enc) -{ - CRYPTO_cfb128_8_encrypt(in, out, length, key, ivec, num, enc, - (block128_f) Camellia_encrypt); -} diff --git a/crypto/camellia/cmll_ctr.c b/crypto/camellia/cmll_ctr.c deleted file mode 100644 index 26d875e34c418abf590f781d60bcca3760252643..0000000000000000000000000000000000000000 --- a/crypto/camellia/cmll_ctr.c +++ /dev/null @@ -1,28 +0,0 @@ -/* - * Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * Camellia low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include -#include - -void Camellia_ctr128_encrypt(const unsigned char *in, unsigned char *out, - size_t length, const CAMELLIA_KEY *key, - unsigned char ivec[CAMELLIA_BLOCK_SIZE], - unsigned char ecount_buf[CAMELLIA_BLOCK_SIZE], - unsigned int *num) -{ - - CRYPTO_ctr128_encrypt(in, out, length, key, ivec, ecount_buf, num, - (block128_f) Camellia_encrypt); -} diff --git a/crypto/camellia/cmll_ecb.c b/crypto/camellia/cmll_ecb.c deleted file mode 100644 index 86ffbd51e6c281c8700afbfbc3dcff4758c0a8a2..0000000000000000000000000000000000000000 --- a/crypto/camellia/cmll_ecb.c +++ /dev/null @@ -1,26 +0,0 @@ -/* - * Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * Camellia low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include -#include "cmll_local.h" - -void Camellia_ecb_encrypt(const unsigned char *in, unsigned char *out, - const CAMELLIA_KEY *key, const int enc) -{ - if (CAMELLIA_ENCRYPT == enc) - Camellia_encrypt(in, out, key); - else - Camellia_decrypt(in, out, key); -} diff --git a/crypto/camellia/cmll_local.h b/crypto/camellia/cmll_local.h deleted file mode 100644 index c1d940d3d8f80540ffae079644071f79bfd804e3..0000000000000000000000000000000000000000 --- a/crypto/camellia/cmll_local.h +++ /dev/null @@ -1,43 +0,0 @@ -/* - * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* ==================================================================== - * Copyright 2006 NTT (Nippon Telegraph and Telephone Corporation) . - * ALL RIGHTS RESERVED. - * - * Intellectual Property information for Camellia: - * http://info.isl.ntt.co.jp/crypt/eng/info/chiteki.html - * - * News Release for Announcement of Camellia open source: - * http://www.ntt.co.jp/news/news06e/0604/060413a.html - * - * The Camellia Code included herein is developed by - * NTT (Nippon Telegraph and Telephone Corporation), and is contributed - * to the OpenSSL project. - */ - -#ifndef OSSL_CRYPTO_CAMELLIA_CMLL_LOCAL_H -# define OSSL_CRYPTO_CAMELLIA_CMLL_LOCAL_H - -typedef unsigned int u32; -typedef unsigned char u8; - -int Camellia_Ekeygen(int keyBitLength, const u8 *rawKey, - KEY_TABLE_TYPE keyTable); -void Camellia_EncryptBlock_Rounds(int grandRounds, const u8 plaintext[], - const KEY_TABLE_TYPE keyTable, - u8 ciphertext[]); -void Camellia_DecryptBlock_Rounds(int grandRounds, const u8 ciphertext[], - const KEY_TABLE_TYPE keyTable, - u8 plaintext[]); -void Camellia_EncryptBlock(int keyBitLength, const u8 plaintext[], - const KEY_TABLE_TYPE keyTable, u8 ciphertext[]); -void Camellia_DecryptBlock(int keyBitLength, const u8 ciphertext[], - const KEY_TABLE_TYPE keyTable, u8 plaintext[]); -#endif /* #ifndef OSSL_CRYPTO_CAMELLIA_CMLL_LOCAL_H */ diff --git a/crypto/camellia/cmll_misc.c b/crypto/camellia/cmll_misc.c deleted file mode 100644 index f98dff7e3daa424770bf737450c9b086abb2e35a..0000000000000000000000000000000000000000 --- a/crypto/camellia/cmll_misc.c +++ /dev/null @@ -1,41 +0,0 @@ -/* - * Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * Camellia low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include -#include -#include "cmll_local.h" - -int Camellia_set_key(const unsigned char *userKey, const int bits, - CAMELLIA_KEY *key) -{ - if (!userKey || !key) - return -1; - if (bits != 128 && bits != 192 && bits != 256) - return -2; - key->grand_rounds = Camellia_Ekeygen(bits, userKey, key->u.rd_key); - return 0; -} - -void Camellia_encrypt(const unsigned char *in, unsigned char *out, - const CAMELLIA_KEY *key) -{ - Camellia_EncryptBlock_Rounds(key->grand_rounds, in, key->u.rd_key, out); -} - -void Camellia_decrypt(const unsigned char *in, unsigned char *out, - const CAMELLIA_KEY *key) -{ - Camellia_DecryptBlock_Rounds(key->grand_rounds, in, key->u.rd_key, out); -} diff --git a/crypto/camellia/cmll_ofb.c b/crypto/camellia/cmll_ofb.c deleted file mode 100644 index 4eeb0b5b75ee8c4704bd88bcc509acbe5aa596e9..0000000000000000000000000000000000000000 --- a/crypto/camellia/cmll_ofb.c +++ /dev/null @@ -1,30 +0,0 @@ -/* - * Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * Camellia low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include -#include - -/* - * The input and output encrypted as though 128bit ofb mode is being used. - * The extra state information to record how much of the 128bit block we have - * used is contained in *num; - */ -void Camellia_ofb128_encrypt(const unsigned char *in, unsigned char *out, - size_t length, const CAMELLIA_KEY *key, - unsigned char *ivec, int *num) -{ - CRYPTO_ofb128_encrypt(in, out, length, key, ivec, num, - (block128_f) Camellia_encrypt); -} diff --git a/crypto/cast/asm/cast-586.pl b/crypto/cast/asm/cast-586.pl deleted file mode 100644 index 044d703c12780b87252fb9a56a42dbbcde2120a0..0000000000000000000000000000000000000000 --- a/crypto/cast/asm/cast-586.pl +++ /dev/null @@ -1,191 +0,0 @@ -#! /usr/bin/env perl -# Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - - -# This flag makes the inner loop one cycle longer, but generates -# code that runs %30 faster on the pentium pro/II, 44% faster -# of PIII, while only %7 slower on the pentium. -# By default, this flag is on. -$ppro=1; - -$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; -push(@INC,"${dir}","${dir}../../perlasm"); -require "x86asm.pl"; -require "cbc.pl"; - -$output=pop and open STDOUT,">$output"; - -&asm_init($ARGV[0],$ARGV[$#ARGV] eq "386"); - -$CAST_ROUNDS=16; -$L="edi"; -$R="esi"; -$K="ebp"; -$tmp1="ecx"; -$tmp2="ebx"; -$tmp3="eax"; -$tmp4="edx"; -$S1="CAST_S_table0"; -$S2="CAST_S_table1"; -$S3="CAST_S_table2"; -$S4="CAST_S_table3"; - -@F1=("add","xor","sub"); -@F2=("xor","sub","add"); -@F3=("sub","add","xor"); - -&CAST_encrypt("CAST_encrypt",1); -&CAST_encrypt("CAST_decrypt",0); -&cbc("CAST_cbc_encrypt","CAST_encrypt","CAST_decrypt",1,4,5,3,-1,-1); - -&asm_finish(); - -close STDOUT or die "error closing STDOUT: $!"; - -sub CAST_encrypt { - local($name,$enc)=@_; - - local($win_ex)=<<"EOF"; -EXTERN _CAST_S_table0:DWORD -EXTERN _CAST_S_table1:DWORD -EXTERN _CAST_S_table2:DWORD -EXTERN _CAST_S_table3:DWORD -EOF - &main::external_label( - "CAST_S_table0", - "CAST_S_table1", - "CAST_S_table2", - "CAST_S_table3", - ); - - &function_begin_B($name,$win_ex); - - &comment(""); - - &push("ebp"); - &push("ebx"); - &mov($tmp2,&wparam(0)); - &mov($K,&wparam(1)); - &push("esi"); - &push("edi"); - - &comment("Load the 2 words"); - &mov($L,&DWP(0,$tmp2,"",0)); - &mov($R,&DWP(4,$tmp2,"",0)); - - &comment('Get short key flag'); - &mov($tmp3,&DWP(128,$K,"",0)); - if($enc) { - &push($tmp3); - } else { - &or($tmp3,$tmp3); - &jnz(&label('cast_dec_skip')); - } - - &xor($tmp3, $tmp3); - - # encrypting part - - if ($enc) { - &E_CAST( 0,$S,$L,$R,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4); - &E_CAST( 1,$S,$R,$L,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4); - &E_CAST( 2,$S,$L,$R,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4); - &E_CAST( 3,$S,$R,$L,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4); - &E_CAST( 4,$S,$L,$R,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4); - &E_CAST( 5,$S,$R,$L,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4); - &E_CAST( 6,$S,$L,$R,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4); - &E_CAST( 7,$S,$R,$L,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4); - &E_CAST( 8,$S,$L,$R,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4); - &E_CAST( 9,$S,$R,$L,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4); - &E_CAST(10,$S,$L,$R,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4); - &E_CAST(11,$S,$R,$L,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4); - &comment('test short key flag'); - &pop($tmp4); - &or($tmp4,$tmp4); - &jnz(&label('cast_enc_done')); - &E_CAST(12,$S,$L,$R,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4); - &E_CAST(13,$S,$R,$L,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4); - &E_CAST(14,$S,$L,$R,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4); - &E_CAST(15,$S,$R,$L,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4); - } else { - &E_CAST(15,$S,$L,$R,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4); - &E_CAST(14,$S,$R,$L,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4); - &E_CAST(13,$S,$L,$R,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4); - &E_CAST(12,$S,$R,$L,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4); - &set_label('cast_dec_skip'); - &E_CAST(11,$S,$L,$R,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4); - &E_CAST(10,$S,$R,$L,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4); - &E_CAST( 9,$S,$L,$R,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4); - &E_CAST( 8,$S,$R,$L,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4); - &E_CAST( 7,$S,$L,$R,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4); - &E_CAST( 6,$S,$R,$L,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4); - &E_CAST( 5,$S,$L,$R,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4); - &E_CAST( 4,$S,$R,$L,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4); - &E_CAST( 3,$S,$L,$R,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4); - &E_CAST( 2,$S,$R,$L,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4); - &E_CAST( 1,$S,$L,$R,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4); - &E_CAST( 0,$S,$R,$L,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4); - } - - &set_label('cast_enc_done') if $enc; -# Why the nop? - Ben 17/1/99 - &nop(); - &mov($tmp3,&wparam(0)); - &mov(&DWP(4,$tmp3,"",0),$L); - &mov(&DWP(0,$tmp3,"",0),$R); - &function_end($name); -} - -sub E_CAST { - local($i,$S,$L,$R,$K,$OP1,$OP2,$OP3,$tmp1,$tmp2,$tmp3,$tmp4)=@_; - # Ri needs to have 16 pre added. - - &comment("round $i"); - &mov( $tmp4, &DWP($i*8,$K,"",1)); - - &mov( $tmp1, &DWP($i*8+4,$K,"",1)); - &$OP1( $tmp4, $R); - - &rotl( $tmp4, &LB($tmp1)); - - if ($ppro) { - &xor( $tmp1, $tmp1); - &mov( $tmp2, 0xff); - - &movb( &LB($tmp1), &HB($tmp4)); # A - &and( $tmp2, $tmp4); - - &shr( $tmp4, 16); # - &xor( $tmp3, $tmp3); - } else { - &mov( $tmp2, $tmp4); # B - &movb( &LB($tmp1), &HB($tmp4)); # A # BAD BAD BAD - - &shr( $tmp4, 16); # - &and( $tmp2, 0xff); - } - - &movb( &LB($tmp3), &HB($tmp4)); # C # BAD BAD BAD - &and( $tmp4, 0xff); # D - - &mov( $tmp1, &DWP($S1,"",$tmp1,4)); - &mov( $tmp2, &DWP($S2,"",$tmp2,4)); - - &$OP2( $tmp1, $tmp2); - &mov( $tmp2, &DWP($S3,"",$tmp3,4)); - - &$OP3( $tmp1, $tmp2); - &mov( $tmp2, &DWP($S4,"",$tmp4,4)); - - &$OP1( $tmp1, $tmp2); - # XXX - - &xor( $L, $tmp1); - # XXX -} - diff --git a/crypto/cast/build.info b/crypto/cast/build.info deleted file mode 100644 index 7653b221881a2c31ee39f84c9a1bdba42ac4635a..0000000000000000000000000000000000000000 --- a/crypto/cast/build.info +++ /dev/null @@ -1,26 +0,0 @@ -LIBS=../../libcrypto - -$CASTASM=c_enc.c -# CAST assembly source is not PIC -IF[{- !$disabled{asm} && $disabled{pic} -}] - $CASTASM_x86=cast-586.S - - # Now that we have defined all the arch specific variables, use the - # appropriate one - IF[$CASTASM_{- $target{asm_arch} -}] - $CASTASM=$CASTASM_{- $target{asm_arch} -} - ENDIF -ENDIF - -$ALL=c_skey.c c_ecb.c $CASTASM c_cfb64.c c_ofb64.c - -SOURCE[../../libcrypto]=$ALL - -# When all deprecated symbols are removed, libcrypto doesn't export the -# cast functions, so we must include them directly in liblegacy.a -IF[{- $disabled{'deprecated-3.0'} -}] - SOURCE[../../providers/liblegacy.a]=$ALL -ENDIF - -GENERATE[cast-586.S]=asm/cast-586.pl -DEPEND[cast-586.S]=../perlasm/x86asm.pl ../perlasm/cbc.pl diff --git a/crypto/cast/c_cfb64.c b/crypto/cast/c_cfb64.c deleted file mode 100644 index 97081734ecb797cbbcd361aab4e8aedda6da0966..0000000000000000000000000000000000000000 --- a/crypto/cast/c_cfb64.c +++ /dev/null @@ -1,80 +0,0 @@ -/* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * CAST low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include -#include "cast_local.h" - -/* - * The input and output encrypted as though 64bit cfb mode is being used. - * The extra state information to record how much of the 64bit block we have - * used is contained in *num; - */ - -void CAST_cfb64_encrypt(const unsigned char *in, unsigned char *out, - long length, const CAST_KEY *schedule, - unsigned char *ivec, int *num, int enc) -{ - register CAST_LONG v0, v1, t; - register int n = *num; - register long l = length; - CAST_LONG ti[2]; - unsigned char *iv, c, cc; - - iv = ivec; - if (enc) { - while (l--) { - if (n == 0) { - n2l(iv, v0); - ti[0] = v0; - n2l(iv, v1); - ti[1] = v1; - CAST_encrypt((CAST_LONG *)ti, schedule); - iv = ivec; - t = ti[0]; - l2n(t, iv); - t = ti[1]; - l2n(t, iv); - iv = ivec; - } - c = *(in++) ^ iv[n]; - *(out++) = c; - iv[n] = c; - n = (n + 1) & 0x07; - } - } else { - while (l--) { - if (n == 0) { - n2l(iv, v0); - ti[0] = v0; - n2l(iv, v1); - ti[1] = v1; - CAST_encrypt((CAST_LONG *)ti, schedule); - iv = ivec; - t = ti[0]; - l2n(t, iv); - t = ti[1]; - l2n(t, iv); - iv = ivec; - } - cc = *(in++); - c = iv[n]; - iv[n] = cc; - *(out++) = c ^ cc; - n = (n + 1) & 0x07; - } - } - v0 = v1 = ti[0] = ti[1] = t = c = cc = 0; - *num = n; -} diff --git a/crypto/cast/c_ecb.c b/crypto/cast/c_ecb.c deleted file mode 100644 index a0ab660f848950eb1f99633ff8e6b9ed324abe3f..0000000000000000000000000000000000000000 --- a/crypto/cast/c_ecb.c +++ /dev/null @@ -1,38 +0,0 @@ -/* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * CAST low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include -#include "cast_local.h" -#include - -void CAST_ecb_encrypt(const unsigned char *in, unsigned char *out, - const CAST_KEY *ks, int enc) -{ - CAST_LONG l, d[2]; - - n2l(in, l); - d[0] = l; - n2l(in, l); - d[1] = l; - if (enc) - CAST_encrypt(d, ks); - else - CAST_decrypt(d, ks); - l = d[0]; - l2n(l, out); - l = d[1]; - l2n(l, out); - l = d[0] = d[1] = 0; -} diff --git a/crypto/cast/c_enc.c b/crypto/cast/c_enc.c deleted file mode 100644 index 4ed945a50887249146645f5a5c4dc3e89a122c23..0000000000000000000000000000000000000000 --- a/crypto/cast/c_enc.c +++ /dev/null @@ -1,157 +0,0 @@ -/* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * CAST low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include -#include "cast_local.h" - -void CAST_encrypt(CAST_LONG *data, const CAST_KEY *key) -{ - CAST_LONG l, r, t; - const CAST_LONG *k; - - k = &(key->data[0]); - l = data[0]; - r = data[1]; - - E_CAST(0, k, l, r, +, ^, -); - E_CAST(1, k, r, l, ^, -, +); - E_CAST(2, k, l, r, -, +, ^); - E_CAST(3, k, r, l, +, ^, -); - E_CAST(4, k, l, r, ^, -, +); - E_CAST(5, k, r, l, -, +, ^); - E_CAST(6, k, l, r, +, ^, -); - E_CAST(7, k, r, l, ^, -, +); - E_CAST(8, k, l, r, -, +, ^); - E_CAST(9, k, r, l, +, ^, -); - E_CAST(10, k, l, r, ^, -, +); - E_CAST(11, k, r, l, -, +, ^); - if (!key->short_key) { - E_CAST(12, k, l, r, +, ^, -); - E_CAST(13, k, r, l, ^, -, +); - E_CAST(14, k, l, r, -, +, ^); - E_CAST(15, k, r, l, +, ^, -); - } - - data[1] = l & 0xffffffffL; - data[0] = r & 0xffffffffL; -} - -void CAST_decrypt(CAST_LONG *data, const CAST_KEY *key) -{ - CAST_LONG l, r, t; - const CAST_LONG *k; - - k = &(key->data[0]); - l = data[0]; - r = data[1]; - - if (!key->short_key) { - E_CAST(15, k, l, r, +, ^, -); - E_CAST(14, k, r, l, -, +, ^); - E_CAST(13, k, l, r, ^, -, +); - E_CAST(12, k, r, l, +, ^, -); - } - E_CAST(11, k, l, r, -, +, ^); - E_CAST(10, k, r, l, ^, -, +); - E_CAST(9, k, l, r, +, ^, -); - E_CAST(8, k, r, l, -, +, ^); - E_CAST(7, k, l, r, ^, -, +); - E_CAST(6, k, r, l, +, ^, -); - E_CAST(5, k, l, r, -, +, ^); - E_CAST(4, k, r, l, ^, -, +); - E_CAST(3, k, l, r, +, ^, -); - E_CAST(2, k, r, l, -, +, ^); - E_CAST(1, k, l, r, ^, -, +); - E_CAST(0, k, r, l, +, ^, -); - - data[1] = l & 0xffffffffL; - data[0] = r & 0xffffffffL; -} - -void CAST_cbc_encrypt(const unsigned char *in, unsigned char *out, - long length, const CAST_KEY *ks, unsigned char *iv, - int enc) -{ - register CAST_LONG tin0, tin1; - register CAST_LONG tout0, tout1, xor0, xor1; - register long l = length; - CAST_LONG tin[2]; - - if (enc) { - n2l(iv, tout0); - n2l(iv, tout1); - iv -= 8; - for (l -= 8; l >= 0; l -= 8) { - n2l(in, tin0); - n2l(in, tin1); - tin0 ^= tout0; - tin1 ^= tout1; - tin[0] = tin0; - tin[1] = tin1; - CAST_encrypt(tin, ks); - tout0 = tin[0]; - tout1 = tin[1]; - l2n(tout0, out); - l2n(tout1, out); - } - if (l != -8) { - n2ln(in, tin0, tin1, l + 8); - tin0 ^= tout0; - tin1 ^= tout1; - tin[0] = tin0; - tin[1] = tin1; - CAST_encrypt(tin, ks); - tout0 = tin[0]; - tout1 = tin[1]; - l2n(tout0, out); - l2n(tout1, out); - } - l2n(tout0, iv); - l2n(tout1, iv); - } else { - n2l(iv, xor0); - n2l(iv, xor1); - iv -= 8; - for (l -= 8; l >= 0; l -= 8) { - n2l(in, tin0); - n2l(in, tin1); - tin[0] = tin0; - tin[1] = tin1; - CAST_decrypt(tin, ks); - tout0 = tin[0] ^ xor0; - tout1 = tin[1] ^ xor1; - l2n(tout0, out); - l2n(tout1, out); - xor0 = tin0; - xor1 = tin1; - } - if (l != -8) { - n2l(in, tin0); - n2l(in, tin1); - tin[0] = tin0; - tin[1] = tin1; - CAST_decrypt(tin, ks); - tout0 = tin[0] ^ xor0; - tout1 = tin[1] ^ xor1; - l2nn(tout0, tout1, out, l + 8); - xor0 = tin0; - xor1 = tin1; - } - l2n(xor0, iv); - l2n(xor1, iv); - } - tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0; - tin[0] = tin[1] = 0; -} diff --git a/crypto/cast/c_ofb64.c b/crypto/cast/c_ofb64.c deleted file mode 100644 index d4aa10ff6867fe03741f6b5fe5bad64b852dfeab..0000000000000000000000000000000000000000 --- a/crypto/cast/c_ofb64.c +++ /dev/null @@ -1,67 +0,0 @@ -/* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * CAST low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include -#include "cast_local.h" - -/* - * The input and output encrypted as though 64bit ofb mode is being used. - * The extra state information to record how much of the 64bit block we have - * used is contained in *num; - */ -void CAST_ofb64_encrypt(const unsigned char *in, unsigned char *out, - long length, const CAST_KEY *schedule, - unsigned char *ivec, int *num) -{ - register CAST_LONG v0, v1, t; - register int n = *num; - register long l = length; - unsigned char d[8]; - register char *dp; - CAST_LONG ti[2]; - unsigned char *iv; - int save = 0; - - iv = ivec; - n2l(iv, v0); - n2l(iv, v1); - ti[0] = v0; - ti[1] = v1; - dp = (char *)d; - l2n(v0, dp); - l2n(v1, dp); - while (l--) { - if (n == 0) { - CAST_encrypt((CAST_LONG *)ti, schedule); - dp = (char *)d; - t = ti[0]; - l2n(t, dp); - t = ti[1]; - l2n(t, dp); - save++; - } - *(out++) = *(in++) ^ d[n]; - n = (n + 1) & 0x07; - } - if (save) { - v0 = ti[0]; - v1 = ti[1]; - iv = ivec; - l2n(v0, iv); - l2n(v1, iv); - } - t = v0 = v1 = ti[0] = ti[1] = 0; - *num = n; -} diff --git a/crypto/cast/c_skey.c b/crypto/cast/c_skey.c deleted file mode 100644 index 030e20ea31475baadc0e80a8cd721ccaf2d620e2..0000000000000000000000000000000000000000 --- a/crypto/cast/c_skey.c +++ /dev/null @@ -1,124 +0,0 @@ -/* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * CAST low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include -#include "cast_local.h" -#include "cast_s.h" - -#define CAST_exp(l,A,a,n) \ - A[n/4]=l; \ - a[n+3]=(l )&0xff; \ - a[n+2]=(l>> 8)&0xff; \ - a[n+1]=(l>>16)&0xff; \ - a[n+0]=(l>>24)&0xff; - -#define S4 CAST_S_table4 -#define S5 CAST_S_table5 -#define S6 CAST_S_table6 -#define S7 CAST_S_table7 - -void CAST_set_key(CAST_KEY *key, int len, const unsigned char *data) -{ - CAST_LONG x[16]; - CAST_LONG z[16]; - CAST_LONG k[32]; - CAST_LONG X[4], Z[4]; - CAST_LONG l, *K; - int i; - - for (i = 0; i < 16; i++) - x[i] = 0; - if (len > 16) - len = 16; - for (i = 0; i < len; i++) - x[i] = data[i]; - if (len <= 10) - key->short_key = 1; - else - key->short_key = 0; - - K = &k[0]; - X[0] = ((x[0] << 24) | (x[1] << 16) | (x[2] << 8) | x[3]) & 0xffffffffL; - X[1] = ((x[4] << 24) | (x[5] << 16) | (x[6] << 8) | x[7]) & 0xffffffffL; - X[2] = ((x[8] << 24) | (x[9] << 16) | (x[10] << 8) | x[11]) & 0xffffffffL; - X[3] = - ((x[12] << 24) | (x[13] << 16) | (x[14] << 8) | x[15]) & 0xffffffffL; - - for (;;) { - l = X[0] ^ S4[x[13]] ^ S5[x[15]] ^ S6[x[12]] ^ S7[x[14]] ^ S6[x[8]]; - CAST_exp(l, Z, z, 0); - l = X[2] ^ S4[z[0]] ^ S5[z[2]] ^ S6[z[1]] ^ S7[z[3]] ^ S7[x[10]]; - CAST_exp(l, Z, z, 4); - l = X[3] ^ S4[z[7]] ^ S5[z[6]] ^ S6[z[5]] ^ S7[z[4]] ^ S4[x[9]]; - CAST_exp(l, Z, z, 8); - l = X[1] ^ S4[z[10]] ^ S5[z[9]] ^ S6[z[11]] ^ S7[z[8]] ^ S5[x[11]]; - CAST_exp(l, Z, z, 12); - - K[0] = S4[z[8]] ^ S5[z[9]] ^ S6[z[7]] ^ S7[z[6]] ^ S4[z[2]]; - K[1] = S4[z[10]] ^ S5[z[11]] ^ S6[z[5]] ^ S7[z[4]] ^ S5[z[6]]; - K[2] = S4[z[12]] ^ S5[z[13]] ^ S6[z[3]] ^ S7[z[2]] ^ S6[z[9]]; - K[3] = S4[z[14]] ^ S5[z[15]] ^ S6[z[1]] ^ S7[z[0]] ^ S7[z[12]]; - - l = Z[2] ^ S4[z[5]] ^ S5[z[7]] ^ S6[z[4]] ^ S7[z[6]] ^ S6[z[0]]; - CAST_exp(l, X, x, 0); - l = Z[0] ^ S4[x[0]] ^ S5[x[2]] ^ S6[x[1]] ^ S7[x[3]] ^ S7[z[2]]; - CAST_exp(l, X, x, 4); - l = Z[1] ^ S4[x[7]] ^ S5[x[6]] ^ S6[x[5]] ^ S7[x[4]] ^ S4[z[1]]; - CAST_exp(l, X, x, 8); - l = Z[3] ^ S4[x[10]] ^ S5[x[9]] ^ S6[x[11]] ^ S7[x[8]] ^ S5[z[3]]; - CAST_exp(l, X, x, 12); - - K[4] = S4[x[3]] ^ S5[x[2]] ^ S6[x[12]] ^ S7[x[13]] ^ S4[x[8]]; - K[5] = S4[x[1]] ^ S5[x[0]] ^ S6[x[14]] ^ S7[x[15]] ^ S5[x[13]]; - K[6] = S4[x[7]] ^ S5[x[6]] ^ S6[x[8]] ^ S7[x[9]] ^ S6[x[3]]; - K[7] = S4[x[5]] ^ S5[x[4]] ^ S6[x[10]] ^ S7[x[11]] ^ S7[x[7]]; - - l = X[0] ^ S4[x[13]] ^ S5[x[15]] ^ S6[x[12]] ^ S7[x[14]] ^ S6[x[8]]; - CAST_exp(l, Z, z, 0); - l = X[2] ^ S4[z[0]] ^ S5[z[2]] ^ S6[z[1]] ^ S7[z[3]] ^ S7[x[10]]; - CAST_exp(l, Z, z, 4); - l = X[3] ^ S4[z[7]] ^ S5[z[6]] ^ S6[z[5]] ^ S7[z[4]] ^ S4[x[9]]; - CAST_exp(l, Z, z, 8); - l = X[1] ^ S4[z[10]] ^ S5[z[9]] ^ S6[z[11]] ^ S7[z[8]] ^ S5[x[11]]; - CAST_exp(l, Z, z, 12); - - K[8] = S4[z[3]] ^ S5[z[2]] ^ S6[z[12]] ^ S7[z[13]] ^ S4[z[9]]; - K[9] = S4[z[1]] ^ S5[z[0]] ^ S6[z[14]] ^ S7[z[15]] ^ S5[z[12]]; - K[10] = S4[z[7]] ^ S5[z[6]] ^ S6[z[8]] ^ S7[z[9]] ^ S6[z[2]]; - K[11] = S4[z[5]] ^ S5[z[4]] ^ S6[z[10]] ^ S7[z[11]] ^ S7[z[6]]; - - l = Z[2] ^ S4[z[5]] ^ S5[z[7]] ^ S6[z[4]] ^ S7[z[6]] ^ S6[z[0]]; - CAST_exp(l, X, x, 0); - l = Z[0] ^ S4[x[0]] ^ S5[x[2]] ^ S6[x[1]] ^ S7[x[3]] ^ S7[z[2]]; - CAST_exp(l, X, x, 4); - l = Z[1] ^ S4[x[7]] ^ S5[x[6]] ^ S6[x[5]] ^ S7[x[4]] ^ S4[z[1]]; - CAST_exp(l, X, x, 8); - l = Z[3] ^ S4[x[10]] ^ S5[x[9]] ^ S6[x[11]] ^ S7[x[8]] ^ S5[z[3]]; - CAST_exp(l, X, x, 12); - - K[12] = S4[x[8]] ^ S5[x[9]] ^ S6[x[7]] ^ S7[x[6]] ^ S4[x[3]]; - K[13] = S4[x[10]] ^ S5[x[11]] ^ S6[x[5]] ^ S7[x[4]] ^ S5[x[7]]; - K[14] = S4[x[12]] ^ S5[x[13]] ^ S6[x[3]] ^ S7[x[2]] ^ S6[x[8]]; - K[15] = S4[x[14]] ^ S5[x[15]] ^ S6[x[1]] ^ S7[x[0]] ^ S7[x[13]]; - if (K != k) - break; - K += 16; - } - - for (i = 0; i < 16; i++) { - key->data[i * 2] = k[i]; - key->data[i * 2 + 1] = ((k[i + 16]) + 16) & 0x1f; - } -} diff --git a/crypto/cast/cast_local.h b/crypto/cast/cast_local.h deleted file mode 100644 index 4434a342002aa987f56ba11047ff97480f9ae0f4..0000000000000000000000000000000000000000 --- a/crypto/cast/cast_local.h +++ /dev/null @@ -1,188 +0,0 @@ -/* - * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#ifdef OPENSSL_SYS_WIN32 -# include -#endif - -#undef c2l -#define c2l(c,l) (l =((unsigned long)(*((c)++))) , \ - l|=((unsigned long)(*((c)++)))<< 8L, \ - l|=((unsigned long)(*((c)++)))<<16L, \ - l|=((unsigned long)(*((c)++)))<<24L) - -/* NOTE - c is not incremented as per c2l */ -#undef c2ln -#define c2ln(c,l1,l2,n) { \ - c+=n; \ - l1=l2=0; \ - switch (n) { \ - case 8: l2 =((unsigned long)(*(--(c))))<<24L; \ - case 7: l2|=((unsigned long)(*(--(c))))<<16L; \ - case 6: l2|=((unsigned long)(*(--(c))))<< 8L; \ - case 5: l2|=((unsigned long)(*(--(c)))); \ - case 4: l1 =((unsigned long)(*(--(c))))<<24L; \ - case 3: l1|=((unsigned long)(*(--(c))))<<16L; \ - case 2: l1|=((unsigned long)(*(--(c))))<< 8L; \ - case 1: l1|=((unsigned long)(*(--(c)))); \ - } \ - } - -#undef l2c -#define l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \ - *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \ - *((c)++)=(unsigned char)(((l)>>16L)&0xff), \ - *((c)++)=(unsigned char)(((l)>>24L)&0xff)) - -/* NOTE - c is not incremented as per l2c */ -#undef l2cn -#define l2cn(l1,l2,c,n) { \ - c+=n; \ - switch (n) { \ - case 8: *(--(c))=(unsigned char)(((l2)>>24L)&0xff); \ - case 7: *(--(c))=(unsigned char)(((l2)>>16L)&0xff); \ - case 6: *(--(c))=(unsigned char)(((l2)>> 8L)&0xff); \ - case 5: *(--(c))=(unsigned char)(((l2) )&0xff); \ - case 4: *(--(c))=(unsigned char)(((l1)>>24L)&0xff); \ - case 3: *(--(c))=(unsigned char)(((l1)>>16L)&0xff); \ - case 2: *(--(c))=(unsigned char)(((l1)>> 8L)&0xff); \ - case 1: *(--(c))=(unsigned char)(((l1) )&0xff); \ - } \ - } - -/* NOTE - c is not incremented as per n2l */ -#define n2ln(c,l1,l2,n) { \ - c+=n; \ - l1=l2=0; \ - switch (n) { \ - case 8: l2 =((unsigned long)(*(--(c)))) ; \ - /* fall thru */ \ - case 7: l2|=((unsigned long)(*(--(c))))<< 8; \ - /* fall thru */ \ - case 6: l2|=((unsigned long)(*(--(c))))<<16; \ - /* fall thru */ \ - case 5: l2|=((unsigned long)(*(--(c))))<<24; \ - /* fall thru */ \ - case 4: l1 =((unsigned long)(*(--(c)))) ; \ - /* fall thru */ \ - case 3: l1|=((unsigned long)(*(--(c))))<< 8; \ - /* fall thru */ \ - case 2: l1|=((unsigned long)(*(--(c))))<<16; \ - /* fall thru */ \ - case 1: l1|=((unsigned long)(*(--(c))))<<24; \ - } \ - } - -/* NOTE - c is not incremented as per l2n */ -#define l2nn(l1,l2,c,n) { \ - c+=n; \ - switch (n) { \ - case 8: *(--(c))=(unsigned char)(((l2) )&0xff); \ - /* fall thru */ \ - case 7: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \ - /* fall thru */ \ - case 6: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \ - /* fall thru */ \ - case 5: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \ - /* fall thru */ \ - case 4: *(--(c))=(unsigned char)(((l1) )&0xff); \ - /* fall thru */ \ - case 3: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \ - /* fall thru */ \ - case 2: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \ - /* fall thru */ \ - case 1: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \ - } \ - } - -#undef n2l -#define n2l(c,l) (l =((unsigned long)(*((c)++)))<<24L, \ - l|=((unsigned long)(*((c)++)))<<16L, \ - l|=((unsigned long)(*((c)++)))<< 8L, \ - l|=((unsigned long)(*((c)++)))) - -#undef l2n -#define l2n(l,c) (*((c)++)=(unsigned char)(((l)>>24L)&0xff), \ - *((c)++)=(unsigned char)(((l)>>16L)&0xff), \ - *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \ - *((c)++)=(unsigned char)(((l) )&0xff)) - -#if defined(OPENSSL_SYS_WIN32) && defined(_MSC_VER) -# define ROTL(a,n) (_lrotl(a,n)) -#else -# define ROTL(a,n) ((((a)<<(n))&0xffffffffL)|((a)>>((32-(n))&31))) -#endif - -#define C_M 0x3fc -#define C_0 22L -#define C_1 14L -#define C_2 6L -#define C_3 2L /* left shift */ - -/* The rotate has an extra 16 added to it to help the x86 asm */ -#if defined(CAST_PTR) -# define E_CAST(n,key,L,R,OP1,OP2,OP3) \ - { \ - int i; \ - t=(key[n*2] OP1 R)&0xffffffffL; \ - i=key[n*2+1]; \ - t=ROTL(t,i); \ - L^= (((((*(CAST_LONG *)((unsigned char *) \ - CAST_S_table0+((t>>C_2)&C_M)) OP2 \ - *(CAST_LONG *)((unsigned char *) \ - CAST_S_table1+((t<>C_0)&C_M)))&0xffffffffL) OP1 \ - *(CAST_LONG *)((unsigned char *) \ - CAST_S_table3+((t>>C_1)&C_M)))&0xffffffffL; \ - } -#elif defined(CAST_PTR2) -# define E_CAST(n,key,L,R,OP1,OP2,OP3) \ - { \ - int i; \ - CAST_LONG u,v,w; \ - w=(key[n*2] OP1 R)&0xffffffffL; \ - i=key[n*2+1]; \ - w=ROTL(w,i); \ - u=w>>C_2; \ - v=w<>C_0; \ - t=(t OP2 *(CAST_LONG *)((unsigned char *)CAST_S_table1+v))&0xffffffffL;\ - v=w>>C_1; \ - u&=C_M; \ - v&=C_M; \ - t=(t OP3 *(CAST_LONG *)((unsigned char *)CAST_S_table2+u)&0xffffffffL);\ - t=(t OP1 *(CAST_LONG *)((unsigned char *)CAST_S_table3+v)&0xffffffffL);\ - L^=(t&0xffffffff); \ - } -#else -# define E_CAST(n,key,L,R,OP1,OP2,OP3) \ - { \ - CAST_LONG a,b,c,d; \ - t=(key[n*2] OP1 R)&0xffffffff; \ - t=ROTL(t,(key[n*2+1])); \ - a=CAST_S_table0[(t>> 8)&0xff]; \ - b=CAST_S_table1[(t )&0xff]; \ - c=CAST_S_table2[(t>>24)&0xff]; \ - d=CAST_S_table3[(t>>16)&0xff]; \ - L^=(((((a OP2 b)&0xffffffffL) OP3 c)&0xffffffffL) OP1 d)&0xffffffffL; \ - } -#endif - -extern const CAST_LONG CAST_S_table0[256]; -extern const CAST_LONG CAST_S_table1[256]; -extern const CAST_LONG CAST_S_table2[256]; -extern const CAST_LONG CAST_S_table3[256]; -extern const CAST_LONG CAST_S_table4[256]; -extern const CAST_LONG CAST_S_table5[256]; -extern const CAST_LONG CAST_S_table6[256]; -extern const CAST_LONG CAST_S_table7[256]; diff --git a/crypto/cast/cast_s.h b/crypto/cast/cast_s.h deleted file mode 100644 index 57163d17e124c0bf05c222e1bafd8a574d3d4381..0000000000000000000000000000000000000000 --- a/crypto/cast/cast_s.h +++ /dev/null @@ -1,544 +0,0 @@ -/* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -const CAST_LONG CAST_S_table0[256] = { - 0x30fb40d4, 0x9fa0ff0b, 0x6beccd2f, 0x3f258c7a, - 0x1e213f2f, 0x9c004dd3, 0x6003e540, 0xcf9fc949, - 0xbfd4af27, 0x88bbbdb5, 0xe2034090, 0x98d09675, - 0x6e63a0e0, 0x15c361d2, 0xc2e7661d, 0x22d4ff8e, - 0x28683b6f, 0xc07fd059, 0xff2379c8, 0x775f50e2, - 0x43c340d3, 0xdf2f8656, 0x887ca41a, 0xa2d2bd2d, - 0xa1c9e0d6, 0x346c4819, 0x61b76d87, 0x22540f2f, - 0x2abe32e1, 0xaa54166b, 0x22568e3a, 0xa2d341d0, - 0x66db40c8, 0xa784392f, 0x004dff2f, 0x2db9d2de, - 0x97943fac, 0x4a97c1d8, 0x527644b7, 0xb5f437a7, - 0xb82cbaef, 0xd751d159, 0x6ff7f0ed, 0x5a097a1f, - 0x827b68d0, 0x90ecf52e, 0x22b0c054, 0xbc8e5935, - 0x4b6d2f7f, 0x50bb64a2, 0xd2664910, 0xbee5812d, - 0xb7332290, 0xe93b159f, 0xb48ee411, 0x4bff345d, - 0xfd45c240, 0xad31973f, 0xc4f6d02e, 0x55fc8165, - 0xd5b1caad, 0xa1ac2dae, 0xa2d4b76d, 0xc19b0c50, - 0x882240f2, 0x0c6e4f38, 0xa4e4bfd7, 0x4f5ba272, - 0x564c1d2f, 0xc59c5319, 0xb949e354, 0xb04669fe, - 0xb1b6ab8a, 0xc71358dd, 0x6385c545, 0x110f935d, - 0x57538ad5, 0x6a390493, 0xe63d37e0, 0x2a54f6b3, - 0x3a787d5f, 0x6276a0b5, 0x19a6fcdf, 0x7a42206a, - 0x29f9d4d5, 0xf61b1891, 0xbb72275e, 0xaa508167, - 0x38901091, 0xc6b505eb, 0x84c7cb8c, 0x2ad75a0f, - 0x874a1427, 0xa2d1936b, 0x2ad286af, 0xaa56d291, - 0xd7894360, 0x425c750d, 0x93b39e26, 0x187184c9, - 0x6c00b32d, 0x73e2bb14, 0xa0bebc3c, 0x54623779, - 0x64459eab, 0x3f328b82, 0x7718cf82, 0x59a2cea6, - 0x04ee002e, 0x89fe78e6, 0x3fab0950, 0x325ff6c2, - 0x81383f05, 0x6963c5c8, 0x76cb5ad6, 0xd49974c9, - 0xca180dcf, 0x380782d5, 0xc7fa5cf6, 0x8ac31511, - 0x35e79e13, 0x47da91d0, 0xf40f9086, 0xa7e2419e, - 0x31366241, 0x051ef495, 0xaa573b04, 0x4a805d8d, - 0x548300d0, 0x00322a3c, 0xbf64cddf, 0xba57a68e, - 0x75c6372b, 0x50afd341, 0xa7c13275, 0x915a0bf5, - 0x6b54bfab, 0x2b0b1426, 0xab4cc9d7, 0x449ccd82, - 0xf7fbf265, 0xab85c5f3, 0x1b55db94, 0xaad4e324, - 0xcfa4bd3f, 0x2deaa3e2, 0x9e204d02, 0xc8bd25ac, - 0xeadf55b3, 0xd5bd9e98, 0xe31231b2, 0x2ad5ad6c, - 0x954329de, 0xadbe4528, 0xd8710f69, 0xaa51c90f, - 0xaa786bf6, 0x22513f1e, 0xaa51a79b, 0x2ad344cc, - 0x7b5a41f0, 0xd37cfbad, 0x1b069505, 0x41ece491, - 0xb4c332e6, 0x032268d4, 0xc9600acc, 0xce387e6d, - 0xbf6bb16c, 0x6a70fb78, 0x0d03d9c9, 0xd4df39de, - 0xe01063da, 0x4736f464, 0x5ad328d8, 0xb347cc96, - 0x75bb0fc3, 0x98511bfb, 0x4ffbcc35, 0xb58bcf6a, - 0xe11f0abc, 0xbfc5fe4a, 0xa70aec10, 0xac39570a, - 0x3f04442f, 0x6188b153, 0xe0397a2e, 0x5727cb79, - 0x9ceb418f, 0x1cacd68d, 0x2ad37c96, 0x0175cb9d, - 0xc69dff09, 0xc75b65f0, 0xd9db40d8, 0xec0e7779, - 0x4744ead4, 0xb11c3274, 0xdd24cb9e, 0x7e1c54bd, - 0xf01144f9, 0xd2240eb1, 0x9675b3fd, 0xa3ac3755, - 0xd47c27af, 0x51c85f4d, 0x56907596, 0xa5bb15e6, - 0x580304f0, 0xca042cf1, 0x011a37ea, 0x8dbfaadb, - 0x35ba3e4a, 0x3526ffa0, 0xc37b4d09, 0xbc306ed9, - 0x98a52666, 0x5648f725, 0xff5e569d, 0x0ced63d0, - 0x7c63b2cf, 0x700b45e1, 0xd5ea50f1, 0x85a92872, - 0xaf1fbda7, 0xd4234870, 0xa7870bf3, 0x2d3b4d79, - 0x42e04198, 0x0cd0ede7, 0x26470db8, 0xf881814c, - 0x474d6ad7, 0x7c0c5e5c, 0xd1231959, 0x381b7298, - 0xf5d2f4db, 0xab838653, 0x6e2f1e23, 0x83719c9e, - 0xbd91e046, 0x9a56456e, 0xdc39200c, 0x20c8c571, - 0x962bda1c, 0xe1e696ff, 0xb141ab08, 0x7cca89b9, - 0x1a69e783, 0x02cc4843, 0xa2f7c579, 0x429ef47d, - 0x427b169c, 0x5ac9f049, 0xdd8f0f00, 0x5c8165bf, -}; - -const CAST_LONG CAST_S_table1[256] = { - 0x1f201094, 0xef0ba75b, 0x69e3cf7e, 0x393f4380, - 0xfe61cf7a, 0xeec5207a, 0x55889c94, 0x72fc0651, - 0xada7ef79, 0x4e1d7235, 0xd55a63ce, 0xde0436ba, - 0x99c430ef, 0x5f0c0794, 0x18dcdb7d, 0xa1d6eff3, - 0xa0b52f7b, 0x59e83605, 0xee15b094, 0xe9ffd909, - 0xdc440086, 0xef944459, 0xba83ccb3, 0xe0c3cdfb, - 0xd1da4181, 0x3b092ab1, 0xf997f1c1, 0xa5e6cf7b, - 0x01420ddb, 0xe4e7ef5b, 0x25a1ff41, 0xe180f806, - 0x1fc41080, 0x179bee7a, 0xd37ac6a9, 0xfe5830a4, - 0x98de8b7f, 0x77e83f4e, 0x79929269, 0x24fa9f7b, - 0xe113c85b, 0xacc40083, 0xd7503525, 0xf7ea615f, - 0x62143154, 0x0d554b63, 0x5d681121, 0xc866c359, - 0x3d63cf73, 0xcee234c0, 0xd4d87e87, 0x5c672b21, - 0x071f6181, 0x39f7627f, 0x361e3084, 0xe4eb573b, - 0x602f64a4, 0xd63acd9c, 0x1bbc4635, 0x9e81032d, - 0x2701f50c, 0x99847ab4, 0xa0e3df79, 0xba6cf38c, - 0x10843094, 0x2537a95e, 0xf46f6ffe, 0xa1ff3b1f, - 0x208cfb6a, 0x8f458c74, 0xd9e0a227, 0x4ec73a34, - 0xfc884f69, 0x3e4de8df, 0xef0e0088, 0x3559648d, - 0x8a45388c, 0x1d804366, 0x721d9bfd, 0xa58684bb, - 0xe8256333, 0x844e8212, 0x128d8098, 0xfed33fb4, - 0xce280ae1, 0x27e19ba5, 0xd5a6c252, 0xe49754bd, - 0xc5d655dd, 0xeb667064, 0x77840b4d, 0xa1b6a801, - 0x84db26a9, 0xe0b56714, 0x21f043b7, 0xe5d05860, - 0x54f03084, 0x066ff472, 0xa31aa153, 0xdadc4755, - 0xb5625dbf, 0x68561be6, 0x83ca6b94, 0x2d6ed23b, - 0xeccf01db, 0xa6d3d0ba, 0xb6803d5c, 0xaf77a709, - 0x33b4a34c, 0x397bc8d6, 0x5ee22b95, 0x5f0e5304, - 0x81ed6f61, 0x20e74364, 0xb45e1378, 0xde18639b, - 0x881ca122, 0xb96726d1, 0x8049a7e8, 0x22b7da7b, - 0x5e552d25, 0x5272d237, 0x79d2951c, 0xc60d894c, - 0x488cb402, 0x1ba4fe5b, 0xa4b09f6b, 0x1ca815cf, - 0xa20c3005, 0x8871df63, 0xb9de2fcb, 0x0cc6c9e9, - 0x0beeff53, 0xe3214517, 0xb4542835, 0x9f63293c, - 0xee41e729, 0x6e1d2d7c, 0x50045286, 0x1e6685f3, - 0xf33401c6, 0x30a22c95, 0x31a70850, 0x60930f13, - 0x73f98417, 0xa1269859, 0xec645c44, 0x52c877a9, - 0xcdff33a6, 0xa02b1741, 0x7cbad9a2, 0x2180036f, - 0x50d99c08, 0xcb3f4861, 0xc26bd765, 0x64a3f6ab, - 0x80342676, 0x25a75e7b, 0xe4e6d1fc, 0x20c710e6, - 0xcdf0b680, 0x17844d3b, 0x31eef84d, 0x7e0824e4, - 0x2ccb49eb, 0x846a3bae, 0x8ff77888, 0xee5d60f6, - 0x7af75673, 0x2fdd5cdb, 0xa11631c1, 0x30f66f43, - 0xb3faec54, 0x157fd7fa, 0xef8579cc, 0xd152de58, - 0xdb2ffd5e, 0x8f32ce19, 0x306af97a, 0x02f03ef8, - 0x99319ad5, 0xc242fa0f, 0xa7e3ebb0, 0xc68e4906, - 0xb8da230c, 0x80823028, 0xdcdef3c8, 0xd35fb171, - 0x088a1bc8, 0xbec0c560, 0x61a3c9e8, 0xbca8f54d, - 0xc72feffa, 0x22822e99, 0x82c570b4, 0xd8d94e89, - 0x8b1c34bc, 0x301e16e6, 0x273be979, 0xb0ffeaa6, - 0x61d9b8c6, 0x00b24869, 0xb7ffce3f, 0x08dc283b, - 0x43daf65a, 0xf7e19798, 0x7619b72f, 0x8f1c9ba4, - 0xdc8637a0, 0x16a7d3b1, 0x9fc393b7, 0xa7136eeb, - 0xc6bcc63e, 0x1a513742, 0xef6828bc, 0x520365d6, - 0x2d6a77ab, 0x3527ed4b, 0x821fd216, 0x095c6e2e, - 0xdb92f2fb, 0x5eea29cb, 0x145892f5, 0x91584f7f, - 0x5483697b, 0x2667a8cc, 0x85196048, 0x8c4bacea, - 0x833860d4, 0x0d23e0f9, 0x6c387e8a, 0x0ae6d249, - 0xb284600c, 0xd835731d, 0xdcb1c647, 0xac4c56ea, - 0x3ebd81b3, 0x230eabb0, 0x6438bc87, 0xf0b5b1fa, - 0x8f5ea2b3, 0xfc184642, 0x0a036b7a, 0x4fb089bd, - 0x649da589, 0xa345415e, 0x5c038323, 0x3e5d3bb9, - 0x43d79572, 0x7e6dd07c, 0x06dfdf1e, 0x6c6cc4ef, - 0x7160a539, 0x73bfbe70, 0x83877605, 0x4523ecf1, -}; - -const CAST_LONG CAST_S_table2[256] = { - 0x8defc240, 0x25fa5d9f, 0xeb903dbf, 0xe810c907, - 0x47607fff, 0x369fe44b, 0x8c1fc644, 0xaececa90, - 0xbeb1f9bf, 0xeefbcaea, 0xe8cf1950, 0x51df07ae, - 0x920e8806, 0xf0ad0548, 0xe13c8d83, 0x927010d5, - 0x11107d9f, 0x07647db9, 0xb2e3e4d4, 0x3d4f285e, - 0xb9afa820, 0xfade82e0, 0xa067268b, 0x8272792e, - 0x553fb2c0, 0x489ae22b, 0xd4ef9794, 0x125e3fbc, - 0x21fffcee, 0x825b1bfd, 0x9255c5ed, 0x1257a240, - 0x4e1a8302, 0xbae07fff, 0x528246e7, 0x8e57140e, - 0x3373f7bf, 0x8c9f8188, 0xa6fc4ee8, 0xc982b5a5, - 0xa8c01db7, 0x579fc264, 0x67094f31, 0xf2bd3f5f, - 0x40fff7c1, 0x1fb78dfc, 0x8e6bd2c1, 0x437be59b, - 0x99b03dbf, 0xb5dbc64b, 0x638dc0e6, 0x55819d99, - 0xa197c81c, 0x4a012d6e, 0xc5884a28, 0xccc36f71, - 0xb843c213, 0x6c0743f1, 0x8309893c, 0x0feddd5f, - 0x2f7fe850, 0xd7c07f7e, 0x02507fbf, 0x5afb9a04, - 0xa747d2d0, 0x1651192e, 0xaf70bf3e, 0x58c31380, - 0x5f98302e, 0x727cc3c4, 0x0a0fb402, 0x0f7fef82, - 0x8c96fdad, 0x5d2c2aae, 0x8ee99a49, 0x50da88b8, - 0x8427f4a0, 0x1eac5790, 0x796fb449, 0x8252dc15, - 0xefbd7d9b, 0xa672597d, 0xada840d8, 0x45f54504, - 0xfa5d7403, 0xe83ec305, 0x4f91751a, 0x925669c2, - 0x23efe941, 0xa903f12e, 0x60270df2, 0x0276e4b6, - 0x94fd6574, 0x927985b2, 0x8276dbcb, 0x02778176, - 0xf8af918d, 0x4e48f79e, 0x8f616ddf, 0xe29d840e, - 0x842f7d83, 0x340ce5c8, 0x96bbb682, 0x93b4b148, - 0xef303cab, 0x984faf28, 0x779faf9b, 0x92dc560d, - 0x224d1e20, 0x8437aa88, 0x7d29dc96, 0x2756d3dc, - 0x8b907cee, 0xb51fd240, 0xe7c07ce3, 0xe566b4a1, - 0xc3e9615e, 0x3cf8209d, 0x6094d1e3, 0xcd9ca341, - 0x5c76460e, 0x00ea983b, 0xd4d67881, 0xfd47572c, - 0xf76cedd9, 0xbda8229c, 0x127dadaa, 0x438a074e, - 0x1f97c090, 0x081bdb8a, 0x93a07ebe, 0xb938ca15, - 0x97b03cff, 0x3dc2c0f8, 0x8d1ab2ec, 0x64380e51, - 0x68cc7bfb, 0xd90f2788, 0x12490181, 0x5de5ffd4, - 0xdd7ef86a, 0x76a2e214, 0xb9a40368, 0x925d958f, - 0x4b39fffa, 0xba39aee9, 0xa4ffd30b, 0xfaf7933b, - 0x6d498623, 0x193cbcfa, 0x27627545, 0x825cf47a, - 0x61bd8ba0, 0xd11e42d1, 0xcead04f4, 0x127ea392, - 0x10428db7, 0x8272a972, 0x9270c4a8, 0x127de50b, - 0x285ba1c8, 0x3c62f44f, 0x35c0eaa5, 0xe805d231, - 0x428929fb, 0xb4fcdf82, 0x4fb66a53, 0x0e7dc15b, - 0x1f081fab, 0x108618ae, 0xfcfd086d, 0xf9ff2889, - 0x694bcc11, 0x236a5cae, 0x12deca4d, 0x2c3f8cc5, - 0xd2d02dfe, 0xf8ef5896, 0xe4cf52da, 0x95155b67, - 0x494a488c, 0xb9b6a80c, 0x5c8f82bc, 0x89d36b45, - 0x3a609437, 0xec00c9a9, 0x44715253, 0x0a874b49, - 0xd773bc40, 0x7c34671c, 0x02717ef6, 0x4feb5536, - 0xa2d02fff, 0xd2bf60c4, 0xd43f03c0, 0x50b4ef6d, - 0x07478cd1, 0x006e1888, 0xa2e53f55, 0xb9e6d4bc, - 0xa2048016, 0x97573833, 0xd7207d67, 0xde0f8f3d, - 0x72f87b33, 0xabcc4f33, 0x7688c55d, 0x7b00a6b0, - 0x947b0001, 0x570075d2, 0xf9bb88f8, 0x8942019e, - 0x4264a5ff, 0x856302e0, 0x72dbd92b, 0xee971b69, - 0x6ea22fde, 0x5f08ae2b, 0xaf7a616d, 0xe5c98767, - 0xcf1febd2, 0x61efc8c2, 0xf1ac2571, 0xcc8239c2, - 0x67214cb8, 0xb1e583d1, 0xb7dc3e62, 0x7f10bdce, - 0xf90a5c38, 0x0ff0443d, 0x606e6dc6, 0x60543a49, - 0x5727c148, 0x2be98a1d, 0x8ab41738, 0x20e1be24, - 0xaf96da0f, 0x68458425, 0x99833be5, 0x600d457d, - 0x282f9350, 0x8334b362, 0xd91d1120, 0x2b6d8da0, - 0x642b1e31, 0x9c305a00, 0x52bce688, 0x1b03588a, - 0xf7baefd5, 0x4142ed9c, 0xa4315c11, 0x83323ec5, - 0xdfef4636, 0xa133c501, 0xe9d3531c, 0xee353783, -}; - -const CAST_LONG CAST_S_table3[256] = { - 0x9db30420, 0x1fb6e9de, 0xa7be7bef, 0xd273a298, - 0x4a4f7bdb, 0x64ad8c57, 0x85510443, 0xfa020ed1, - 0x7e287aff, 0xe60fb663, 0x095f35a1, 0x79ebf120, - 0xfd059d43, 0x6497b7b1, 0xf3641f63, 0x241e4adf, - 0x28147f5f, 0x4fa2b8cd, 0xc9430040, 0x0cc32220, - 0xfdd30b30, 0xc0a5374f, 0x1d2d00d9, 0x24147b15, - 0xee4d111a, 0x0fca5167, 0x71ff904c, 0x2d195ffe, - 0x1a05645f, 0x0c13fefe, 0x081b08ca, 0x05170121, - 0x80530100, 0xe83e5efe, 0xac9af4f8, 0x7fe72701, - 0xd2b8ee5f, 0x06df4261, 0xbb9e9b8a, 0x7293ea25, - 0xce84ffdf, 0xf5718801, 0x3dd64b04, 0xa26f263b, - 0x7ed48400, 0x547eebe6, 0x446d4ca0, 0x6cf3d6f5, - 0x2649abdf, 0xaea0c7f5, 0x36338cc1, 0x503f7e93, - 0xd3772061, 0x11b638e1, 0x72500e03, 0xf80eb2bb, - 0xabe0502e, 0xec8d77de, 0x57971e81, 0xe14f6746, - 0xc9335400, 0x6920318f, 0x081dbb99, 0xffc304a5, - 0x4d351805, 0x7f3d5ce3, 0xa6c866c6, 0x5d5bcca9, - 0xdaec6fea, 0x9f926f91, 0x9f46222f, 0x3991467d, - 0xa5bf6d8e, 0x1143c44f, 0x43958302, 0xd0214eeb, - 0x022083b8, 0x3fb6180c, 0x18f8931e, 0x281658e6, - 0x26486e3e, 0x8bd78a70, 0x7477e4c1, 0xb506e07c, - 0xf32d0a25, 0x79098b02, 0xe4eabb81, 0x28123b23, - 0x69dead38, 0x1574ca16, 0xdf871b62, 0x211c40b7, - 0xa51a9ef9, 0x0014377b, 0x041e8ac8, 0x09114003, - 0xbd59e4d2, 0xe3d156d5, 0x4fe876d5, 0x2f91a340, - 0x557be8de, 0x00eae4a7, 0x0ce5c2ec, 0x4db4bba6, - 0xe756bdff, 0xdd3369ac, 0xec17b035, 0x06572327, - 0x99afc8b0, 0x56c8c391, 0x6b65811c, 0x5e146119, - 0x6e85cb75, 0xbe07c002, 0xc2325577, 0x893ff4ec, - 0x5bbfc92d, 0xd0ec3b25, 0xb7801ab7, 0x8d6d3b24, - 0x20c763ef, 0xc366a5fc, 0x9c382880, 0x0ace3205, - 0xaac9548a, 0xeca1d7c7, 0x041afa32, 0x1d16625a, - 0x6701902c, 0x9b757a54, 0x31d477f7, 0x9126b031, - 0x36cc6fdb, 0xc70b8b46, 0xd9e66a48, 0x56e55a79, - 0x026a4ceb, 0x52437eff, 0x2f8f76b4, 0x0df980a5, - 0x8674cde3, 0xedda04eb, 0x17a9be04, 0x2c18f4df, - 0xb7747f9d, 0xab2af7b4, 0xefc34d20, 0x2e096b7c, - 0x1741a254, 0xe5b6a035, 0x213d42f6, 0x2c1c7c26, - 0x61c2f50f, 0x6552daf9, 0xd2c231f8, 0x25130f69, - 0xd8167fa2, 0x0418f2c8, 0x001a96a6, 0x0d1526ab, - 0x63315c21, 0x5e0a72ec, 0x49bafefd, 0x187908d9, - 0x8d0dbd86, 0x311170a7, 0x3e9b640c, 0xcc3e10d7, - 0xd5cad3b6, 0x0caec388, 0xf73001e1, 0x6c728aff, - 0x71eae2a1, 0x1f9af36e, 0xcfcbd12f, 0xc1de8417, - 0xac07be6b, 0xcb44a1d8, 0x8b9b0f56, 0x013988c3, - 0xb1c52fca, 0xb4be31cd, 0xd8782806, 0x12a3a4e2, - 0x6f7de532, 0x58fd7eb6, 0xd01ee900, 0x24adffc2, - 0xf4990fc5, 0x9711aac5, 0x001d7b95, 0x82e5e7d2, - 0x109873f6, 0x00613096, 0xc32d9521, 0xada121ff, - 0x29908415, 0x7fbb977f, 0xaf9eb3db, 0x29c9ed2a, - 0x5ce2a465, 0xa730f32c, 0xd0aa3fe8, 0x8a5cc091, - 0xd49e2ce7, 0x0ce454a9, 0xd60acd86, 0x015f1919, - 0x77079103, 0xdea03af6, 0x78a8565e, 0xdee356df, - 0x21f05cbe, 0x8b75e387, 0xb3c50651, 0xb8a5c3ef, - 0xd8eeb6d2, 0xe523be77, 0xc2154529, 0x2f69efdf, - 0xafe67afb, 0xf470c4b2, 0xf3e0eb5b, 0xd6cc9876, - 0x39e4460c, 0x1fda8538, 0x1987832f, 0xca007367, - 0xa99144f8, 0x296b299e, 0x492fc295, 0x9266beab, - 0xb5676e69, 0x9bd3ddda, 0xdf7e052f, 0xdb25701c, - 0x1b5e51ee, 0xf65324e6, 0x6afce36c, 0x0316cc04, - 0x8644213e, 0xb7dc59d0, 0x7965291f, 0xccd6fd43, - 0x41823979, 0x932bcdf6, 0xb657c34d, 0x4edfd282, - 0x7ae5290c, 0x3cb9536b, 0x851e20fe, 0x9833557e, - 0x13ecf0b0, 0xd3ffb372, 0x3f85c5c1, 0x0aef7ed2, -}; - -const CAST_LONG CAST_S_table4[256] = { - 0x7ec90c04, 0x2c6e74b9, 0x9b0e66df, 0xa6337911, - 0xb86a7fff, 0x1dd358f5, 0x44dd9d44, 0x1731167f, - 0x08fbf1fa, 0xe7f511cc, 0xd2051b00, 0x735aba00, - 0x2ab722d8, 0x386381cb, 0xacf6243a, 0x69befd7a, - 0xe6a2e77f, 0xf0c720cd, 0xc4494816, 0xccf5c180, - 0x38851640, 0x15b0a848, 0xe68b18cb, 0x4caadeff, - 0x5f480a01, 0x0412b2aa, 0x259814fc, 0x41d0efe2, - 0x4e40b48d, 0x248eb6fb, 0x8dba1cfe, 0x41a99b02, - 0x1a550a04, 0xba8f65cb, 0x7251f4e7, 0x95a51725, - 0xc106ecd7, 0x97a5980a, 0xc539b9aa, 0x4d79fe6a, - 0xf2f3f763, 0x68af8040, 0xed0c9e56, 0x11b4958b, - 0xe1eb5a88, 0x8709e6b0, 0xd7e07156, 0x4e29fea7, - 0x6366e52d, 0x02d1c000, 0xc4ac8e05, 0x9377f571, - 0x0c05372a, 0x578535f2, 0x2261be02, 0xd642a0c9, - 0xdf13a280, 0x74b55bd2, 0x682199c0, 0xd421e5ec, - 0x53fb3ce8, 0xc8adedb3, 0x28a87fc9, 0x3d959981, - 0x5c1ff900, 0xfe38d399, 0x0c4eff0b, 0x062407ea, - 0xaa2f4fb1, 0x4fb96976, 0x90c79505, 0xb0a8a774, - 0xef55a1ff, 0xe59ca2c2, 0xa6b62d27, 0xe66a4263, - 0xdf65001f, 0x0ec50966, 0xdfdd55bc, 0x29de0655, - 0x911e739a, 0x17af8975, 0x32c7911c, 0x89f89468, - 0x0d01e980, 0x524755f4, 0x03b63cc9, 0x0cc844b2, - 0xbcf3f0aa, 0x87ac36e9, 0xe53a7426, 0x01b3d82b, - 0x1a9e7449, 0x64ee2d7e, 0xcddbb1da, 0x01c94910, - 0xb868bf80, 0x0d26f3fd, 0x9342ede7, 0x04a5c284, - 0x636737b6, 0x50f5b616, 0xf24766e3, 0x8eca36c1, - 0x136e05db, 0xfef18391, 0xfb887a37, 0xd6e7f7d4, - 0xc7fb7dc9, 0x3063fcdf, 0xb6f589de, 0xec2941da, - 0x26e46695, 0xb7566419, 0xf654efc5, 0xd08d58b7, - 0x48925401, 0xc1bacb7f, 0xe5ff550f, 0xb6083049, - 0x5bb5d0e8, 0x87d72e5a, 0xab6a6ee1, 0x223a66ce, - 0xc62bf3cd, 0x9e0885f9, 0x68cb3e47, 0x086c010f, - 0xa21de820, 0xd18b69de, 0xf3f65777, 0xfa02c3f6, - 0x407edac3, 0xcbb3d550, 0x1793084d, 0xb0d70eba, - 0x0ab378d5, 0xd951fb0c, 0xded7da56, 0x4124bbe4, - 0x94ca0b56, 0x0f5755d1, 0xe0e1e56e, 0x6184b5be, - 0x580a249f, 0x94f74bc0, 0xe327888e, 0x9f7b5561, - 0xc3dc0280, 0x05687715, 0x646c6bd7, 0x44904db3, - 0x66b4f0a3, 0xc0f1648a, 0x697ed5af, 0x49e92ff6, - 0x309e374f, 0x2cb6356a, 0x85808573, 0x4991f840, - 0x76f0ae02, 0x083be84d, 0x28421c9a, 0x44489406, - 0x736e4cb8, 0xc1092910, 0x8bc95fc6, 0x7d869cf4, - 0x134f616f, 0x2e77118d, 0xb31b2be1, 0xaa90b472, - 0x3ca5d717, 0x7d161bba, 0x9cad9010, 0xaf462ba2, - 0x9fe459d2, 0x45d34559, 0xd9f2da13, 0xdbc65487, - 0xf3e4f94e, 0x176d486f, 0x097c13ea, 0x631da5c7, - 0x445f7382, 0x175683f4, 0xcdc66a97, 0x70be0288, - 0xb3cdcf72, 0x6e5dd2f3, 0x20936079, 0x459b80a5, - 0xbe60e2db, 0xa9c23101, 0xeba5315c, 0x224e42f2, - 0x1c5c1572, 0xf6721b2c, 0x1ad2fff3, 0x8c25404e, - 0x324ed72f, 0x4067b7fd, 0x0523138e, 0x5ca3bc78, - 0xdc0fd66e, 0x75922283, 0x784d6b17, 0x58ebb16e, - 0x44094f85, 0x3f481d87, 0xfcfeae7b, 0x77b5ff76, - 0x8c2302bf, 0xaaf47556, 0x5f46b02a, 0x2b092801, - 0x3d38f5f7, 0x0ca81f36, 0x52af4a8a, 0x66d5e7c0, - 0xdf3b0874, 0x95055110, 0x1b5ad7a8, 0xf61ed5ad, - 0x6cf6e479, 0x20758184, 0xd0cefa65, 0x88f7be58, - 0x4a046826, 0x0ff6f8f3, 0xa09c7f70, 0x5346aba0, - 0x5ce96c28, 0xe176eda3, 0x6bac307f, 0x376829d2, - 0x85360fa9, 0x17e3fe2a, 0x24b79767, 0xf5a96b20, - 0xd6cd2595, 0x68ff1ebf, 0x7555442c, 0xf19f06be, - 0xf9e0659a, 0xeeb9491d, 0x34010718, 0xbb30cab8, - 0xe822fe15, 0x88570983, 0x750e6249, 0xda627e55, - 0x5e76ffa8, 0xb1534546, 0x6d47de08, 0xefe9e7d4, -}; - -const CAST_LONG CAST_S_table5[256] = { - 0xf6fa8f9d, 0x2cac6ce1, 0x4ca34867, 0xe2337f7c, - 0x95db08e7, 0x016843b4, 0xeced5cbc, 0x325553ac, - 0xbf9f0960, 0xdfa1e2ed, 0x83f0579d, 0x63ed86b9, - 0x1ab6a6b8, 0xde5ebe39, 0xf38ff732, 0x8989b138, - 0x33f14961, 0xc01937bd, 0xf506c6da, 0xe4625e7e, - 0xa308ea99, 0x4e23e33c, 0x79cbd7cc, 0x48a14367, - 0xa3149619, 0xfec94bd5, 0xa114174a, 0xeaa01866, - 0xa084db2d, 0x09a8486f, 0xa888614a, 0x2900af98, - 0x01665991, 0xe1992863, 0xc8f30c60, 0x2e78ef3c, - 0xd0d51932, 0xcf0fec14, 0xf7ca07d2, 0xd0a82072, - 0xfd41197e, 0x9305a6b0, 0xe86be3da, 0x74bed3cd, - 0x372da53c, 0x4c7f4448, 0xdab5d440, 0x6dba0ec3, - 0x083919a7, 0x9fbaeed9, 0x49dbcfb0, 0x4e670c53, - 0x5c3d9c01, 0x64bdb941, 0x2c0e636a, 0xba7dd9cd, - 0xea6f7388, 0xe70bc762, 0x35f29adb, 0x5c4cdd8d, - 0xf0d48d8c, 0xb88153e2, 0x08a19866, 0x1ae2eac8, - 0x284caf89, 0xaa928223, 0x9334be53, 0x3b3a21bf, - 0x16434be3, 0x9aea3906, 0xefe8c36e, 0xf890cdd9, - 0x80226dae, 0xc340a4a3, 0xdf7e9c09, 0xa694a807, - 0x5b7c5ecc, 0x221db3a6, 0x9a69a02f, 0x68818a54, - 0xceb2296f, 0x53c0843a, 0xfe893655, 0x25bfe68a, - 0xb4628abc, 0xcf222ebf, 0x25ac6f48, 0xa9a99387, - 0x53bddb65, 0xe76ffbe7, 0xe967fd78, 0x0ba93563, - 0x8e342bc1, 0xe8a11be9, 0x4980740d, 0xc8087dfc, - 0x8de4bf99, 0xa11101a0, 0x7fd37975, 0xda5a26c0, - 0xe81f994f, 0x9528cd89, 0xfd339fed, 0xb87834bf, - 0x5f04456d, 0x22258698, 0xc9c4c83b, 0x2dc156be, - 0x4f628daa, 0x57f55ec5, 0xe2220abe, 0xd2916ebf, - 0x4ec75b95, 0x24f2c3c0, 0x42d15d99, 0xcd0d7fa0, - 0x7b6e27ff, 0xa8dc8af0, 0x7345c106, 0xf41e232f, - 0x35162386, 0xe6ea8926, 0x3333b094, 0x157ec6f2, - 0x372b74af, 0x692573e4, 0xe9a9d848, 0xf3160289, - 0x3a62ef1d, 0xa787e238, 0xf3a5f676, 0x74364853, - 0x20951063, 0x4576698d, 0xb6fad407, 0x592af950, - 0x36f73523, 0x4cfb6e87, 0x7da4cec0, 0x6c152daa, - 0xcb0396a8, 0xc50dfe5d, 0xfcd707ab, 0x0921c42f, - 0x89dff0bb, 0x5fe2be78, 0x448f4f33, 0x754613c9, - 0x2b05d08d, 0x48b9d585, 0xdc049441, 0xc8098f9b, - 0x7dede786, 0xc39a3373, 0x42410005, 0x6a091751, - 0x0ef3c8a6, 0x890072d6, 0x28207682, 0xa9a9f7be, - 0xbf32679d, 0xd45b5b75, 0xb353fd00, 0xcbb0e358, - 0x830f220a, 0x1f8fb214, 0xd372cf08, 0xcc3c4a13, - 0x8cf63166, 0x061c87be, 0x88c98f88, 0x6062e397, - 0x47cf8e7a, 0xb6c85283, 0x3cc2acfb, 0x3fc06976, - 0x4e8f0252, 0x64d8314d, 0xda3870e3, 0x1e665459, - 0xc10908f0, 0x513021a5, 0x6c5b68b7, 0x822f8aa0, - 0x3007cd3e, 0x74719eef, 0xdc872681, 0x073340d4, - 0x7e432fd9, 0x0c5ec241, 0x8809286c, 0xf592d891, - 0x08a930f6, 0x957ef305, 0xb7fbffbd, 0xc266e96f, - 0x6fe4ac98, 0xb173ecc0, 0xbc60b42a, 0x953498da, - 0xfba1ae12, 0x2d4bd736, 0x0f25faab, 0xa4f3fceb, - 0xe2969123, 0x257f0c3d, 0x9348af49, 0x361400bc, - 0xe8816f4a, 0x3814f200, 0xa3f94043, 0x9c7a54c2, - 0xbc704f57, 0xda41e7f9, 0xc25ad33a, 0x54f4a084, - 0xb17f5505, 0x59357cbe, 0xedbd15c8, 0x7f97c5ab, - 0xba5ac7b5, 0xb6f6deaf, 0x3a479c3a, 0x5302da25, - 0x653d7e6a, 0x54268d49, 0x51a477ea, 0x5017d55b, - 0xd7d25d88, 0x44136c76, 0x0404a8c8, 0xb8e5a121, - 0xb81a928a, 0x60ed5869, 0x97c55b96, 0xeaec991b, - 0x29935913, 0x01fdb7f1, 0x088e8dfa, 0x9ab6f6f5, - 0x3b4cbf9f, 0x4a5de3ab, 0xe6051d35, 0xa0e1d855, - 0xd36b4cf1, 0xf544edeb, 0xb0e93524, 0xbebb8fbd, - 0xa2d762cf, 0x49c92f54, 0x38b5f331, 0x7128a454, - 0x48392905, 0xa65b1db8, 0x851c97bd, 0xd675cf2f, -}; - -const CAST_LONG CAST_S_table6[256] = { - 0x85e04019, 0x332bf567, 0x662dbfff, 0xcfc65693, - 0x2a8d7f6f, 0xab9bc912, 0xde6008a1, 0x2028da1f, - 0x0227bce7, 0x4d642916, 0x18fac300, 0x50f18b82, - 0x2cb2cb11, 0xb232e75c, 0x4b3695f2, 0xb28707de, - 0xa05fbcf6, 0xcd4181e9, 0xe150210c, 0xe24ef1bd, - 0xb168c381, 0xfde4e789, 0x5c79b0d8, 0x1e8bfd43, - 0x4d495001, 0x38be4341, 0x913cee1d, 0x92a79c3f, - 0x089766be, 0xbaeeadf4, 0x1286becf, 0xb6eacb19, - 0x2660c200, 0x7565bde4, 0x64241f7a, 0x8248dca9, - 0xc3b3ad66, 0x28136086, 0x0bd8dfa8, 0x356d1cf2, - 0x107789be, 0xb3b2e9ce, 0x0502aa8f, 0x0bc0351e, - 0x166bf52a, 0xeb12ff82, 0xe3486911, 0xd34d7516, - 0x4e7b3aff, 0x5f43671b, 0x9cf6e037, 0x4981ac83, - 0x334266ce, 0x8c9341b7, 0xd0d854c0, 0xcb3a6c88, - 0x47bc2829, 0x4725ba37, 0xa66ad22b, 0x7ad61f1e, - 0x0c5cbafa, 0x4437f107, 0xb6e79962, 0x42d2d816, - 0x0a961288, 0xe1a5c06e, 0x13749e67, 0x72fc081a, - 0xb1d139f7, 0xf9583745, 0xcf19df58, 0xbec3f756, - 0xc06eba30, 0x07211b24, 0x45c28829, 0xc95e317f, - 0xbc8ec511, 0x38bc46e9, 0xc6e6fa14, 0xbae8584a, - 0xad4ebc46, 0x468f508b, 0x7829435f, 0xf124183b, - 0x821dba9f, 0xaff60ff4, 0xea2c4e6d, 0x16e39264, - 0x92544a8b, 0x009b4fc3, 0xaba68ced, 0x9ac96f78, - 0x06a5b79a, 0xb2856e6e, 0x1aec3ca9, 0xbe838688, - 0x0e0804e9, 0x55f1be56, 0xe7e5363b, 0xb3a1f25d, - 0xf7debb85, 0x61fe033c, 0x16746233, 0x3c034c28, - 0xda6d0c74, 0x79aac56c, 0x3ce4e1ad, 0x51f0c802, - 0x98f8f35a, 0x1626a49f, 0xeed82b29, 0x1d382fe3, - 0x0c4fb99a, 0xbb325778, 0x3ec6d97b, 0x6e77a6a9, - 0xcb658b5c, 0xd45230c7, 0x2bd1408b, 0x60c03eb7, - 0xb9068d78, 0xa33754f4, 0xf430c87d, 0xc8a71302, - 0xb96d8c32, 0xebd4e7be, 0xbe8b9d2d, 0x7979fb06, - 0xe7225308, 0x8b75cf77, 0x11ef8da4, 0xe083c858, - 0x8d6b786f, 0x5a6317a6, 0xfa5cf7a0, 0x5dda0033, - 0xf28ebfb0, 0xf5b9c310, 0xa0eac280, 0x08b9767a, - 0xa3d9d2b0, 0x79d34217, 0x021a718d, 0x9ac6336a, - 0x2711fd60, 0x438050e3, 0x069908a8, 0x3d7fedc4, - 0x826d2bef, 0x4eeb8476, 0x488dcf25, 0x36c9d566, - 0x28e74e41, 0xc2610aca, 0x3d49a9cf, 0xbae3b9df, - 0xb65f8de6, 0x92aeaf64, 0x3ac7d5e6, 0x9ea80509, - 0xf22b017d, 0xa4173f70, 0xdd1e16c3, 0x15e0d7f9, - 0x50b1b887, 0x2b9f4fd5, 0x625aba82, 0x6a017962, - 0x2ec01b9c, 0x15488aa9, 0xd716e740, 0x40055a2c, - 0x93d29a22, 0xe32dbf9a, 0x058745b9, 0x3453dc1e, - 0xd699296e, 0x496cff6f, 0x1c9f4986, 0xdfe2ed07, - 0xb87242d1, 0x19de7eae, 0x053e561a, 0x15ad6f8c, - 0x66626c1c, 0x7154c24c, 0xea082b2a, 0x93eb2939, - 0x17dcb0f0, 0x58d4f2ae, 0x9ea294fb, 0x52cf564c, - 0x9883fe66, 0x2ec40581, 0x763953c3, 0x01d6692e, - 0xd3a0c108, 0xa1e7160e, 0xe4f2dfa6, 0x693ed285, - 0x74904698, 0x4c2b0edd, 0x4f757656, 0x5d393378, - 0xa132234f, 0x3d321c5d, 0xc3f5e194, 0x4b269301, - 0xc79f022f, 0x3c997e7e, 0x5e4f9504, 0x3ffafbbd, - 0x76f7ad0e, 0x296693f4, 0x3d1fce6f, 0xc61e45be, - 0xd3b5ab34, 0xf72bf9b7, 0x1b0434c0, 0x4e72b567, - 0x5592a33d, 0xb5229301, 0xcfd2a87f, 0x60aeb767, - 0x1814386b, 0x30bcc33d, 0x38a0c07d, 0xfd1606f2, - 0xc363519b, 0x589dd390, 0x5479f8e6, 0x1cb8d647, - 0x97fd61a9, 0xea7759f4, 0x2d57539d, 0x569a58cf, - 0xe84e63ad, 0x462e1b78, 0x6580f87e, 0xf3817914, - 0x91da55f4, 0x40a230f3, 0xd1988f35, 0xb6e318d2, - 0x3ffa50bc, 0x3d40f021, 0xc3c0bdae, 0x4958c24c, - 0x518f36b2, 0x84b1d370, 0x0fedce83, 0x878ddada, - 0xf2a279c7, 0x94e01be8, 0x90716f4b, 0x954b8aa3, -}; - -const CAST_LONG CAST_S_table7[256] = { - 0xe216300d, 0xbbddfffc, 0xa7ebdabd, 0x35648095, - 0x7789f8b7, 0xe6c1121b, 0x0e241600, 0x052ce8b5, - 0x11a9cfb0, 0xe5952f11, 0xece7990a, 0x9386d174, - 0x2a42931c, 0x76e38111, 0xb12def3a, 0x37ddddfc, - 0xde9adeb1, 0x0a0cc32c, 0xbe197029, 0x84a00940, - 0xbb243a0f, 0xb4d137cf, 0xb44e79f0, 0x049eedfd, - 0x0b15a15d, 0x480d3168, 0x8bbbde5a, 0x669ded42, - 0xc7ece831, 0x3f8f95e7, 0x72df191b, 0x7580330d, - 0x94074251, 0x5c7dcdfa, 0xabbe6d63, 0xaa402164, - 0xb301d40a, 0x02e7d1ca, 0x53571dae, 0x7a3182a2, - 0x12a8ddec, 0xfdaa335d, 0x176f43e8, 0x71fb46d4, - 0x38129022, 0xce949ad4, 0xb84769ad, 0x965bd862, - 0x82f3d055, 0x66fb9767, 0x15b80b4e, 0x1d5b47a0, - 0x4cfde06f, 0xc28ec4b8, 0x57e8726e, 0x647a78fc, - 0x99865d44, 0x608bd593, 0x6c200e03, 0x39dc5ff6, - 0x5d0b00a3, 0xae63aff2, 0x7e8bd632, 0x70108c0c, - 0xbbd35049, 0x2998df04, 0x980cf42a, 0x9b6df491, - 0x9e7edd53, 0x06918548, 0x58cb7e07, 0x3b74ef2e, - 0x522fffb1, 0xd24708cc, 0x1c7e27cd, 0xa4eb215b, - 0x3cf1d2e2, 0x19b47a38, 0x424f7618, 0x35856039, - 0x9d17dee7, 0x27eb35e6, 0xc9aff67b, 0x36baf5b8, - 0x09c467cd, 0xc18910b1, 0xe11dbf7b, 0x06cd1af8, - 0x7170c608, 0x2d5e3354, 0xd4de495a, 0x64c6d006, - 0xbcc0c62c, 0x3dd00db3, 0x708f8f34, 0x77d51b42, - 0x264f620f, 0x24b8d2bf, 0x15c1b79e, 0x46a52564, - 0xf8d7e54e, 0x3e378160, 0x7895cda5, 0x859c15a5, - 0xe6459788, 0xc37bc75f, 0xdb07ba0c, 0x0676a3ab, - 0x7f229b1e, 0x31842e7b, 0x24259fd7, 0xf8bef472, - 0x835ffcb8, 0x6df4c1f2, 0x96f5b195, 0xfd0af0fc, - 0xb0fe134c, 0xe2506d3d, 0x4f9b12ea, 0xf215f225, - 0xa223736f, 0x9fb4c428, 0x25d04979, 0x34c713f8, - 0xc4618187, 0xea7a6e98, 0x7cd16efc, 0x1436876c, - 0xf1544107, 0xbedeee14, 0x56e9af27, 0xa04aa441, - 0x3cf7c899, 0x92ecbae6, 0xdd67016d, 0x151682eb, - 0xa842eedf, 0xfdba60b4, 0xf1907b75, 0x20e3030f, - 0x24d8c29e, 0xe139673b, 0xefa63fb8, 0x71873054, - 0xb6f2cf3b, 0x9f326442, 0xcb15a4cc, 0xb01a4504, - 0xf1e47d8d, 0x844a1be5, 0xbae7dfdc, 0x42cbda70, - 0xcd7dae0a, 0x57e85b7a, 0xd53f5af6, 0x20cf4d8c, - 0xcea4d428, 0x79d130a4, 0x3486ebfb, 0x33d3cddc, - 0x77853b53, 0x37effcb5, 0xc5068778, 0xe580b3e6, - 0x4e68b8f4, 0xc5c8b37e, 0x0d809ea2, 0x398feb7c, - 0x132a4f94, 0x43b7950e, 0x2fee7d1c, 0x223613bd, - 0xdd06caa2, 0x37df932b, 0xc4248289, 0xacf3ebc3, - 0x5715f6b7, 0xef3478dd, 0xf267616f, 0xc148cbe4, - 0x9052815e, 0x5e410fab, 0xb48a2465, 0x2eda7fa4, - 0xe87b40e4, 0xe98ea084, 0x5889e9e1, 0xefd390fc, - 0xdd07d35b, 0xdb485694, 0x38d7e5b2, 0x57720101, - 0x730edebc, 0x5b643113, 0x94917e4f, 0x503c2fba, - 0x646f1282, 0x7523d24a, 0xe0779695, 0xf9c17a8f, - 0x7a5b2121, 0xd187b896, 0x29263a4d, 0xba510cdf, - 0x81f47c9f, 0xad1163ed, 0xea7b5965, 0x1a00726e, - 0x11403092, 0x00da6d77, 0x4a0cdd61, 0xad1f4603, - 0x605bdfb0, 0x9eedc364, 0x22ebe6a8, 0xcee7d28a, - 0xa0e736a0, 0x5564a6b9, 0x10853209, 0xc7eb8f37, - 0x2de705ca, 0x8951570f, 0xdf09822b, 0xbd691a6c, - 0xaa12e4f2, 0x87451c0f, 0xe0f6a27a, 0x3ada4819, - 0x4cf1764f, 0x0d771c2b, 0x67cdb156, 0x350d8384, - 0x5938fa0f, 0x42399ef3, 0x36997b07, 0x0e84093d, - 0x4aa93e61, 0x8360d87b, 0x1fa98b0c, 0x1149382c, - 0xe97625a5, 0x0614d1b7, 0x0e25244b, 0x0c768347, - 0x589e8d82, 0x0d2059d1, 0xa466bb1e, 0xf8da0a82, - 0x04f19130, 0xba6e4ec0, 0x99265164, 0x1ee7230d, - 0x50b2ad80, 0xeaee6801, 0x8db2a283, 0xea8bf59e, -}; diff --git a/crypto/chacha/asm/chacha-armv4.pl b/crypto/chacha/asm/chacha-armv4.pl deleted file mode 100755 index 0aa13519eb836990c45e49b458f957f9e41e0800..0000000000000000000000000000000000000000 --- a/crypto/chacha/asm/chacha-armv4.pl +++ /dev/null @@ -1,1169 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - -# -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# ==================================================================== -# -# December 2014 -# -# ChaCha20 for ARMv4. -# -# Performance in cycles per byte out of large buffer. -# -# IALU/gcc-4.4 1xNEON 3xNEON+1xIALU -# -# Cortex-A5 19.3(*)/+95% 21.8 14.1 -# Cortex-A8 10.5(*)/+160% 13.9 6.35 -# Cortex-A9 12.9(**)/+110% 14.3 6.50 -# Cortex-A15 11.0/+40% 16.0 5.00 -# Snapdragon S4 11.5/+125% 13.6 4.90 -# -# (*) most "favourable" result for aligned data on little-endian -# processor, result for misaligned data is 10-15% lower; -# (**) this result is a trade-off: it can be improved by 20%, -# but then Snapdragon S4 and Cortex-A8 results get -# 20-25% worse; - -# $output is the last argument if it looks like a file (it has an extension) -# $flavour is the first argument if it doesn't look like a file -$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; -$flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef; - -if ($flavour && $flavour ne "void") { - $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; - ( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or - ( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or - die "can't locate arm-xlate.pl"; - - open STDOUT,"| \"$^X\" $xlate $flavour $output" - or die "can't call $xlate: $!"; -} else { - $output and open STDOUT,">$output"; -} - -sub AUTOLOAD() # thunk [simplified] x86-style perlasm -{ my $opcode = $AUTOLOAD; $opcode =~ s/.*:://; $opcode =~ s/_/\./; - my $arg = pop; - $arg = "#$arg" if ($arg*1 eq $arg); - $code .= "\t$opcode\t".join(',',@_,$arg)."\n"; -} - -my @x=map("r$_",(0..7,"x","x","x","x",12,"x",14,"x")); -my @t=map("r$_",(8..11)); - -sub ROUND { -my ($a0,$b0,$c0,$d0)=@_; -my ($a1,$b1,$c1,$d1)=map(($_&~3)+(($_+1)&3),($a0,$b0,$c0,$d0)); -my ($a2,$b2,$c2,$d2)=map(($_&~3)+(($_+1)&3),($a1,$b1,$c1,$d1)); -my ($a3,$b3,$c3,$d3)=map(($_&~3)+(($_+1)&3),($a2,$b2,$c2,$d2)); -my $odd = $d0&1; -my ($xc,$xc_) = (@t[0..1]); -my ($xd,$xd_) = $odd ? (@t[2],@x[$d1]) : (@x[$d0],@t[2]); -my @ret; - - # Consider order in which variables are addressed by their - # index: - # - # a b c d - # - # 0 4 8 12 < even round - # 1 5 9 13 - # 2 6 10 14 - # 3 7 11 15 - # 0 5 10 15 < odd round - # 1 6 11 12 - # 2 7 8 13 - # 3 4 9 14 - # - # 'a', 'b' are permanently allocated in registers, @x[0..7], - # while 'c's and pair of 'd's are maintained in memory. If - # you observe 'c' column, you'll notice that pair of 'c's is - # invariant between rounds. This means that we have to reload - # them once per round, in the middle. This is why you'll see - # bunch of 'c' stores and loads in the middle, but none in - # the beginning or end. If you observe 'd' column, you'll - # notice that 15 and 13 are reused in next pair of rounds. - # This is why these two are chosen for offloading to memory, - # to make loads count more. - push @ret,( - "&add (@x[$a0],@x[$a0],@x[$b0])", - "&mov ($xd,$xd,'ror#16')", - "&add (@x[$a1],@x[$a1],@x[$b1])", - "&mov ($xd_,$xd_,'ror#16')", - "&eor ($xd,$xd,@x[$a0],'ror#16')", - "&eor ($xd_,$xd_,@x[$a1],'ror#16')", - - "&add ($xc,$xc,$xd)", - "&mov (@x[$b0],@x[$b0],'ror#20')", - "&add ($xc_,$xc_,$xd_)", - "&mov (@x[$b1],@x[$b1],'ror#20')", - "&eor (@x[$b0],@x[$b0],$xc,'ror#20')", - "&eor (@x[$b1],@x[$b1],$xc_,'ror#20')", - - "&add (@x[$a0],@x[$a0],@x[$b0])", - "&mov ($xd,$xd,'ror#24')", - "&add (@x[$a1],@x[$a1],@x[$b1])", - "&mov ($xd_,$xd_,'ror#24')", - "&eor ($xd,$xd,@x[$a0],'ror#24')", - "&eor ($xd_,$xd_,@x[$a1],'ror#24')", - - "&add ($xc,$xc,$xd)", - "&mov (@x[$b0],@x[$b0],'ror#25')" ); - push @ret,( - "&str ($xd,'[sp,#4*(16+$d0)]')", - "&ldr ($xd,'[sp,#4*(16+$d2)]')" ) if ($odd); - push @ret,( - "&add ($xc_,$xc_,$xd_)", - "&mov (@x[$b1],@x[$b1],'ror#25')" ); - push @ret,( - "&str ($xd_,'[sp,#4*(16+$d1)]')", - "&ldr ($xd_,'[sp,#4*(16+$d3)]')" ) if (!$odd); - push @ret,( - "&eor (@x[$b0],@x[$b0],$xc,'ror#25')", - "&eor (@x[$b1],@x[$b1],$xc_,'ror#25')" ); - - $xd=@x[$d2] if (!$odd); - $xd_=@x[$d3] if ($odd); - push @ret,( - "&str ($xc,'[sp,#4*(16+$c0)]')", - "&ldr ($xc,'[sp,#4*(16+$c2)]')", - "&add (@x[$a2],@x[$a2],@x[$b2])", - "&mov ($xd,$xd,'ror#16')", - "&str ($xc_,'[sp,#4*(16+$c1)]')", - "&ldr ($xc_,'[sp,#4*(16+$c3)]')", - "&add (@x[$a3],@x[$a3],@x[$b3])", - "&mov ($xd_,$xd_,'ror#16')", - "&eor ($xd,$xd,@x[$a2],'ror#16')", - "&eor ($xd_,$xd_,@x[$a3],'ror#16')", - - "&add ($xc,$xc,$xd)", - "&mov (@x[$b2],@x[$b2],'ror#20')", - "&add ($xc_,$xc_,$xd_)", - "&mov (@x[$b3],@x[$b3],'ror#20')", - "&eor (@x[$b2],@x[$b2],$xc,'ror#20')", - "&eor (@x[$b3],@x[$b3],$xc_,'ror#20')", - - "&add (@x[$a2],@x[$a2],@x[$b2])", - "&mov ($xd,$xd,'ror#24')", - "&add (@x[$a3],@x[$a3],@x[$b3])", - "&mov ($xd_,$xd_,'ror#24')", - "&eor ($xd,$xd,@x[$a2],'ror#24')", - "&eor ($xd_,$xd_,@x[$a3],'ror#24')", - - "&add ($xc,$xc,$xd)", - "&mov (@x[$b2],@x[$b2],'ror#25')", - "&add ($xc_,$xc_,$xd_)", - "&mov (@x[$b3],@x[$b3],'ror#25')", - "&eor (@x[$b2],@x[$b2],$xc,'ror#25')", - "&eor (@x[$b3],@x[$b3],$xc_,'ror#25')" ); - - @ret; -} - -$code.=<<___; -#include "arm_arch.h" - -#if defined(__thumb2__) || defined(__clang__) -.syntax unified -#endif -#if defined(__thumb2__) -.thumb -#else -.code 32 -#endif - -#if defined(__thumb2__) || defined(__clang__) -#define ldrhsb ldrbhs -#endif - -.text - -.align 5 -.Lsigma: -.long 0x61707865,0x3320646e,0x79622d32,0x6b206574 @ endian-neutral -.Lone: -.long 1,0,0,0 -#if __ARM_MAX_ARCH__>=7 -.LOPENSSL_armcap: -# ifdef _WIN32 -.word OPENSSL_armcap_P -# else -.word OPENSSL_armcap_P-.LChaCha20_ctr32 -# endif -#else -.word -1 -#endif - -.globl ChaCha20_ctr32 -.type ChaCha20_ctr32,%function -.align 5 -ChaCha20_ctr32: -.LChaCha20_ctr32: - ldr r12,[sp,#0] @ pull pointer to counter and nonce - stmdb sp!,{r0-r2,r4-r11,lr} -#if __ARM_ARCH__<7 && !defined(__thumb2__) - sub r14,pc,#16 @ ChaCha20_ctr32 -#else - adr r14,.LChaCha20_ctr32 -#endif - cmp r2,#0 @ len==0? -#ifdef __thumb2__ - itt eq -#endif - addeq sp,sp,#4*3 - beq .Lno_data -#if __ARM_MAX_ARCH__>=7 - cmp r2,#192 @ test len - bls .Lshort - ldr r4,[r14,#-32] -# if !defined(_WIN32) - ldr r4,[r14,r4] -# endif -# if defined(__APPLE__) || defined(_WIN32) - ldr r4,[r4] -# endif - tst r4,#ARMV7_NEON - bne .LChaCha20_neon -.Lshort: -#endif - ldmia r12,{r4-r7} @ load counter and nonce - sub sp,sp,#4*(16) @ off-load area - sub r14,r14,#64 @ .Lsigma - stmdb sp!,{r4-r7} @ copy counter and nonce - ldmia r3,{r4-r11} @ load key - ldmia r14,{r0-r3} @ load sigma - stmdb sp!,{r4-r11} @ copy key - stmdb sp!,{r0-r3} @ copy sigma - str r10,[sp,#4*(16+10)] @ off-load "@x[10]" - str r11,[sp,#4*(16+11)] @ off-load "@x[11]" - b .Loop_outer_enter - -.align 4 -.Loop_outer: - ldmia sp,{r0-r9} @ load key material - str @t[3],[sp,#4*(32+2)] @ save len - str r12, [sp,#4*(32+1)] @ save inp - str r14, [sp,#4*(32+0)] @ save out -.Loop_outer_enter: - ldr @t[3], [sp,#4*(15)] - ldr @x[12],[sp,#4*(12)] @ modulo-scheduled load - ldr @t[2], [sp,#4*(13)] - ldr @x[14],[sp,#4*(14)] - str @t[3], [sp,#4*(16+15)] - mov @t[3],#10 - b .Loop - -.align 4 -.Loop: - subs @t[3],@t[3],#1 -___ - foreach (&ROUND(0, 4, 8,12)) { eval; } - foreach (&ROUND(0, 5,10,15)) { eval; } -$code.=<<___; - bne .Loop - - ldr @t[3],[sp,#4*(32+2)] @ load len - - str @t[0], [sp,#4*(16+8)] @ modulo-scheduled store - str @t[1], [sp,#4*(16+9)] - str @x[12],[sp,#4*(16+12)] - str @t[2], [sp,#4*(16+13)] - str @x[14],[sp,#4*(16+14)] - - @ at this point we have first half of 512-bit result in - @ @x[0-7] and second half at sp+4*(16+8) - - cmp @t[3],#64 @ done yet? -#ifdef __thumb2__ - itete lo -#endif - addlo r12,sp,#4*(0) @ shortcut or ... - ldrhs r12,[sp,#4*(32+1)] @ ... load inp - addlo r14,sp,#4*(0) @ shortcut or ... - ldrhs r14,[sp,#4*(32+0)] @ ... load out - - ldr @t[0],[sp,#4*(0)] @ load key material - ldr @t[1],[sp,#4*(1)] - -#if __ARM_ARCH__>=6 || !defined(__ARMEB__) -# if __ARM_ARCH__<7 - orr @t[2],r12,r14 - tst @t[2],#3 @ are input and output aligned? - ldr @t[2],[sp,#4*(2)] - bne .Lunaligned - cmp @t[3],#64 @ restore flags -# else - ldr @t[2],[sp,#4*(2)] -# endif - ldr @t[3],[sp,#4*(3)] - - add @x[0],@x[0],@t[0] @ accumulate key material - add @x[1],@x[1],@t[1] -# ifdef __thumb2__ - itt hs -# endif - ldrhs @t[0],[r12],#16 @ load input - ldrhs @t[1],[r12,#-12] - - add @x[2],@x[2],@t[2] - add @x[3],@x[3],@t[3] -# ifdef __thumb2__ - itt hs -# endif - ldrhs @t[2],[r12,#-8] - ldrhs @t[3],[r12,#-4] -# if __ARM_ARCH__>=6 && defined(__ARMEB__) - rev @x[0],@x[0] - rev @x[1],@x[1] - rev @x[2],@x[2] - rev @x[3],@x[3] -# endif -# ifdef __thumb2__ - itt hs -# endif - eorhs @x[0],@x[0],@t[0] @ xor with input - eorhs @x[1],@x[1],@t[1] - add @t[0],sp,#4*(4) - str @x[0],[r14],#16 @ store output -# ifdef __thumb2__ - itt hs -# endif - eorhs @x[2],@x[2],@t[2] - eorhs @x[3],@x[3],@t[3] - ldmia @t[0],{@t[0]-@t[3]} @ load key material - str @x[1],[r14,#-12] - str @x[2],[r14,#-8] - str @x[3],[r14,#-4] - - add @x[4],@x[4],@t[0] @ accumulate key material - add @x[5],@x[5],@t[1] -# ifdef __thumb2__ - itt hs -# endif - ldrhs @t[0],[r12],#16 @ load input - ldrhs @t[1],[r12,#-12] - add @x[6],@x[6],@t[2] - add @x[7],@x[7],@t[3] -# ifdef __thumb2__ - itt hs -# endif - ldrhs @t[2],[r12,#-8] - ldrhs @t[3],[r12,#-4] -# if __ARM_ARCH__>=6 && defined(__ARMEB__) - rev @x[4],@x[4] - rev @x[5],@x[5] - rev @x[6],@x[6] - rev @x[7],@x[7] -# endif -# ifdef __thumb2__ - itt hs -# endif - eorhs @x[4],@x[4],@t[0] - eorhs @x[5],@x[5],@t[1] - add @t[0],sp,#4*(8) - str @x[4],[r14],#16 @ store output -# ifdef __thumb2__ - itt hs -# endif - eorhs @x[6],@x[6],@t[2] - eorhs @x[7],@x[7],@t[3] - str @x[5],[r14,#-12] - ldmia @t[0],{@t[0]-@t[3]} @ load key material - str @x[6],[r14,#-8] - add @x[0],sp,#4*(16+8) - str @x[7],[r14,#-4] - - ldmia @x[0],{@x[0]-@x[7]} @ load second half - - add @x[0],@x[0],@t[0] @ accumulate key material - add @x[1],@x[1],@t[1] -# ifdef __thumb2__ - itt hs -# endif - ldrhs @t[0],[r12],#16 @ load input - ldrhs @t[1],[r12,#-12] -# ifdef __thumb2__ - itt hi -# endif - strhi @t[2],[sp,#4*(16+10)] @ copy "@x[10]" while at it - strhi @t[3],[sp,#4*(16+11)] @ copy "@x[11]" while at it - add @x[2],@x[2],@t[2] - add @x[3],@x[3],@t[3] -# ifdef __thumb2__ - itt hs -# endif - ldrhs @t[2],[r12,#-8] - ldrhs @t[3],[r12,#-4] -# if __ARM_ARCH__>=6 && defined(__ARMEB__) - rev @x[0],@x[0] - rev @x[1],@x[1] - rev @x[2],@x[2] - rev @x[3],@x[3] -# endif -# ifdef __thumb2__ - itt hs -# endif - eorhs @x[0],@x[0],@t[0] - eorhs @x[1],@x[1],@t[1] - add @t[0],sp,#4*(12) - str @x[0],[r14],#16 @ store output -# ifdef __thumb2__ - itt hs -# endif - eorhs @x[2],@x[2],@t[2] - eorhs @x[3],@x[3],@t[3] - str @x[1],[r14,#-12] - ldmia @t[0],{@t[0]-@t[3]} @ load key material - str @x[2],[r14,#-8] - str @x[3],[r14,#-4] - - add @x[4],@x[4],@t[0] @ accumulate key material - add @x[5],@x[5],@t[1] -# ifdef __thumb2__ - itt hi -# endif - addhi @t[0],@t[0],#1 @ next counter value - strhi @t[0],[sp,#4*(12)] @ save next counter value -# ifdef __thumb2__ - itt hs -# endif - ldrhs @t[0],[r12],#16 @ load input - ldrhs @t[1],[r12,#-12] - add @x[6],@x[6],@t[2] - add @x[7],@x[7],@t[3] -# ifdef __thumb2__ - itt hs -# endif - ldrhs @t[2],[r12,#-8] - ldrhs @t[3],[r12,#-4] -# if __ARM_ARCH__>=6 && defined(__ARMEB__) - rev @x[4],@x[4] - rev @x[5],@x[5] - rev @x[6],@x[6] - rev @x[7],@x[7] -# endif -# ifdef __thumb2__ - itt hs -# endif - eorhs @x[4],@x[4],@t[0] - eorhs @x[5],@x[5],@t[1] -# ifdef __thumb2__ - it ne -# endif - ldrne @t[0],[sp,#4*(32+2)] @ re-load len -# ifdef __thumb2__ - itt hs -# endif - eorhs @x[6],@x[6],@t[2] - eorhs @x[7],@x[7],@t[3] - str @x[4],[r14],#16 @ store output - str @x[5],[r14,#-12] -# ifdef __thumb2__ - it hs -# endif - subhs @t[3],@t[0],#64 @ len-=64 - str @x[6],[r14,#-8] - str @x[7],[r14,#-4] - bhi .Loop_outer - - beq .Ldone -# if __ARM_ARCH__<7 - b .Ltail - -.align 4 -.Lunaligned: @ unaligned endian-neutral path - cmp @t[3],#64 @ restore flags -# endif -#endif -#if __ARM_ARCH__<7 - ldr @t[3],[sp,#4*(3)] -___ -for ($i=0;$i<16;$i+=4) { -my $j=$i&0x7; - -$code.=<<___ if ($i==4); - add @x[0],sp,#4*(16+8) -___ -$code.=<<___ if ($i==8); - ldmia @x[0],{@x[0]-@x[7]} @ load second half -# ifdef __thumb2__ - itt hi -# endif - strhi @t[2],[sp,#4*(16+10)] @ copy "@x[10]" - strhi @t[3],[sp,#4*(16+11)] @ copy "@x[11]" -___ -$code.=<<___; - add @x[$j+0],@x[$j+0],@t[0] @ accumulate key material -___ -$code.=<<___ if ($i==12); -# ifdef __thumb2__ - itt hi -# endif - addhi @t[0],@t[0],#1 @ next counter value - strhi @t[0],[sp,#4*(12)] @ save next counter value -___ -$code.=<<___; - add @x[$j+1],@x[$j+1],@t[1] - add @x[$j+2],@x[$j+2],@t[2] -# ifdef __thumb2__ - itete lo -# endif - eorlo @t[0],@t[0],@t[0] @ zero or ... - ldrhsb @t[0],[r12],#16 @ ... load input - eorlo @t[1],@t[1],@t[1] - ldrhsb @t[1],[r12,#-12] - - add @x[$j+3],@x[$j+3],@t[3] -# ifdef __thumb2__ - itete lo -# endif - eorlo @t[2],@t[2],@t[2] - ldrhsb @t[2],[r12,#-8] - eorlo @t[3],@t[3],@t[3] - ldrhsb @t[3],[r12,#-4] - - eor @x[$j+0],@t[0],@x[$j+0] @ xor with input (or zero) - eor @x[$j+1],@t[1],@x[$j+1] -# ifdef __thumb2__ - itt hs -# endif - ldrhsb @t[0],[r12,#-15] @ load more input - ldrhsb @t[1],[r12,#-11] - eor @x[$j+2],@t[2],@x[$j+2] - strb @x[$j+0],[r14],#16 @ store output - eor @x[$j+3],@t[3],@x[$j+3] -# ifdef __thumb2__ - itt hs -# endif - ldrhsb @t[2],[r12,#-7] - ldrhsb @t[3],[r12,#-3] - strb @x[$j+1],[r14,#-12] - eor @x[$j+0],@t[0],@x[$j+0],lsr#8 - strb @x[$j+2],[r14,#-8] - eor @x[$j+1],@t[1],@x[$j+1],lsr#8 -# ifdef __thumb2__ - itt hs -# endif - ldrhsb @t[0],[r12,#-14] @ load more input - ldrhsb @t[1],[r12,#-10] - strb @x[$j+3],[r14,#-4] - eor @x[$j+2],@t[2],@x[$j+2],lsr#8 - strb @x[$j+0],[r14,#-15] - eor @x[$j+3],@t[3],@x[$j+3],lsr#8 -# ifdef __thumb2__ - itt hs -# endif - ldrhsb @t[2],[r12,#-6] - ldrhsb @t[3],[r12,#-2] - strb @x[$j+1],[r14,#-11] - eor @x[$j+0],@t[0],@x[$j+0],lsr#8 - strb @x[$j+2],[r14,#-7] - eor @x[$j+1],@t[1],@x[$j+1],lsr#8 -# ifdef __thumb2__ - itt hs -# endif - ldrhsb @t[0],[r12,#-13] @ load more input - ldrhsb @t[1],[r12,#-9] - strb @x[$j+3],[r14,#-3] - eor @x[$j+2],@t[2],@x[$j+2],lsr#8 - strb @x[$j+0],[r14,#-14] - eor @x[$j+3],@t[3],@x[$j+3],lsr#8 -# ifdef __thumb2__ - itt hs -# endif - ldrhsb @t[2],[r12,#-5] - ldrhsb @t[3],[r12,#-1] - strb @x[$j+1],[r14,#-10] - strb @x[$j+2],[r14,#-6] - eor @x[$j+0],@t[0],@x[$j+0],lsr#8 - strb @x[$j+3],[r14,#-2] - eor @x[$j+1],@t[1],@x[$j+1],lsr#8 - strb @x[$j+0],[r14,#-13] - eor @x[$j+2],@t[2],@x[$j+2],lsr#8 - strb @x[$j+1],[r14,#-9] - eor @x[$j+3],@t[3],@x[$j+3],lsr#8 - strb @x[$j+2],[r14,#-5] - strb @x[$j+3],[r14,#-1] -___ -$code.=<<___ if ($i<12); - add @t[0],sp,#4*(4+$i) - ldmia @t[0],{@t[0]-@t[3]} @ load key material -___ -} -$code.=<<___; -# ifdef __thumb2__ - it ne -# endif - ldrne @t[0],[sp,#4*(32+2)] @ re-load len -# ifdef __thumb2__ - it hs -# endif - subhs @t[3],@t[0],#64 @ len-=64 - bhi .Loop_outer - - beq .Ldone -#endif - -.Ltail: - ldr r12,[sp,#4*(32+1)] @ load inp - add @t[1],sp,#4*(0) - ldr r14,[sp,#4*(32+0)] @ load out - -.Loop_tail: - ldrb @t[2],[@t[1]],#1 @ read buffer on stack - ldrb @t[3],[r12],#1 @ read input - subs @t[0],@t[0],#1 - eor @t[3],@t[3],@t[2] - strb @t[3],[r14],#1 @ store output - bne .Loop_tail - -.Ldone: - add sp,sp,#4*(32+3) -.Lno_data: - ldmia sp!,{r4-r11,pc} -.size ChaCha20_ctr32,.-ChaCha20_ctr32 -___ - -{{{ -my ($a0,$b0,$c0,$d0,$a1,$b1,$c1,$d1,$a2,$b2,$c2,$d2,$t0,$t1,$t2,$t3) = - map("q$_",(0..15)); - -sub NEONROUND { -my $odd = pop; -my ($a,$b,$c,$d,$t)=@_; - - ( - "&vadd_i32 ($a,$a,$b)", - "&veor ($d,$d,$a)", - "&vrev32_16 ($d,$d)", # vrot ($d,16) - - "&vadd_i32 ($c,$c,$d)", - "&veor ($t,$b,$c)", - "&vshr_u32 ($b,$t,20)", - "&vsli_32 ($b,$t,12)", - - "&vadd_i32 ($a,$a,$b)", - "&veor ($t,$d,$a)", - "&vshr_u32 ($d,$t,24)", - "&vsli_32 ($d,$t,8)", - - "&vadd_i32 ($c,$c,$d)", - "&veor ($t,$b,$c)", - "&vshr_u32 ($b,$t,25)", - "&vsli_32 ($b,$t,7)", - - "&vext_8 ($c,$c,$c,8)", - "&vext_8 ($b,$b,$b,$odd?12:4)", - "&vext_8 ($d,$d,$d,$odd?4:12)" - ); -} - -$code.=<<___; -#if __ARM_MAX_ARCH__>=7 -.arch armv7-a -.fpu neon - -.type ChaCha20_neon,%function -.align 5 -ChaCha20_neon: - ldr r12,[sp,#0] @ pull pointer to counter and nonce - stmdb sp!,{r0-r2,r4-r11,lr} -.LChaCha20_neon: - adr r14,.Lsigma - vstmdb sp!,{d8-d15} @ ABI spec says so - stmdb sp!,{r0-r3} - - vld1.32 {$b0-$c0},[r3] @ load key - ldmia r3,{r4-r11} @ load key - - sub sp,sp,#4*(16+16) - vld1.32 {$d0},[r12] @ load counter and nonce - add r12,sp,#4*8 - ldmia r14,{r0-r3} @ load sigma - vld1.32 {$a0},[r14]! @ load sigma - vld1.32 {$t0},[r14] @ one - vst1.32 {$c0-$d0},[r12] @ copy 1/2key|counter|nonce - vst1.32 {$a0-$b0},[sp] @ copy sigma|1/2key - - str r10,[sp,#4*(16+10)] @ off-load "@x[10]" - str r11,[sp,#4*(16+11)] @ off-load "@x[11]" - vshl.i32 $t1#lo,$t0#lo,#1 @ two - vstr $t0#lo,[sp,#4*(16+0)] - vshl.i32 $t2#lo,$t0#lo,#2 @ four - vstr $t1#lo,[sp,#4*(16+2)] - vmov $a1,$a0 - vstr $t2#lo,[sp,#4*(16+4)] - vmov $a2,$a0 - vmov $b1,$b0 - vmov $b2,$b0 - b .Loop_neon_enter - -.align 4 -.Loop_neon_outer: - ldmia sp,{r0-r9} @ load key material - cmp @t[3],#64*2 @ if len<=64*2 - bls .Lbreak_neon @ switch to integer-only - vmov $a1,$a0 - str @t[3],[sp,#4*(32+2)] @ save len - vmov $a2,$a0 - str r12, [sp,#4*(32+1)] @ save inp - vmov $b1,$b0 - str r14, [sp,#4*(32+0)] @ save out - vmov $b2,$b0 -.Loop_neon_enter: - ldr @t[3], [sp,#4*(15)] - vadd.i32 $d1,$d0,$t0 @ counter+1 - ldr @x[12],[sp,#4*(12)] @ modulo-scheduled load - vmov $c1,$c0 - ldr @t[2], [sp,#4*(13)] - vmov $c2,$c0 - ldr @x[14],[sp,#4*(14)] - vadd.i32 $d2,$d1,$t0 @ counter+2 - str @t[3], [sp,#4*(16+15)] - mov @t[3],#10 - add @x[12],@x[12],#3 @ counter+3 - b .Loop_neon - -.align 4 -.Loop_neon: - subs @t[3],@t[3],#1 -___ - my @thread0=&NEONROUND($a0,$b0,$c0,$d0,$t0,0); - my @thread1=&NEONROUND($a1,$b1,$c1,$d1,$t1,0); - my @thread2=&NEONROUND($a2,$b2,$c2,$d2,$t2,0); - my @thread3=&ROUND(0,4,8,12); - - foreach (@thread0) { - eval; eval(shift(@thread3)); - eval(shift(@thread1)); eval(shift(@thread3)); - eval(shift(@thread2)); eval(shift(@thread3)); - } - - @thread0=&NEONROUND($a0,$b0,$c0,$d0,$t0,1); - @thread1=&NEONROUND($a1,$b1,$c1,$d1,$t1,1); - @thread2=&NEONROUND($a2,$b2,$c2,$d2,$t2,1); - @thread3=&ROUND(0,5,10,15); - - foreach (@thread0) { - eval; eval(shift(@thread3)); - eval(shift(@thread1)); eval(shift(@thread3)); - eval(shift(@thread2)); eval(shift(@thread3)); - } -$code.=<<___; - bne .Loop_neon - - add @t[3],sp,#32 - vld1.32 {$t0-$t1},[sp] @ load key material - vld1.32 {$t2-$t3},[@t[3]] - - ldr @t[3],[sp,#4*(32+2)] @ load len - - str @t[0], [sp,#4*(16+8)] @ modulo-scheduled store - str @t[1], [sp,#4*(16+9)] - str @x[12],[sp,#4*(16+12)] - str @t[2], [sp,#4*(16+13)] - str @x[14],[sp,#4*(16+14)] - - @ at this point we have first half of 512-bit result in - @ @x[0-7] and second half at sp+4*(16+8) - - ldr r12,[sp,#4*(32+1)] @ load inp - ldr r14,[sp,#4*(32+0)] @ load out - - vadd.i32 $a0,$a0,$t0 @ accumulate key material - vadd.i32 $a1,$a1,$t0 - vadd.i32 $a2,$a2,$t0 - vldr $t0#lo,[sp,#4*(16+0)] @ one - - vadd.i32 $b0,$b0,$t1 - vadd.i32 $b1,$b1,$t1 - vadd.i32 $b2,$b2,$t1 - vldr $t1#lo,[sp,#4*(16+2)] @ two - - vadd.i32 $c0,$c0,$t2 - vadd.i32 $c1,$c1,$t2 - vadd.i32 $c2,$c2,$t2 - vadd.i32 $d1#lo,$d1#lo,$t0#lo @ counter+1 - vadd.i32 $d2#lo,$d2#lo,$t1#lo @ counter+2 - - vadd.i32 $d0,$d0,$t3 - vadd.i32 $d1,$d1,$t3 - vadd.i32 $d2,$d2,$t3 - - cmp @t[3],#64*4 - blo .Ltail_neon - - vld1.8 {$t0-$t1},[r12]! @ load input - mov @t[3],sp - vld1.8 {$t2-$t3},[r12]! - veor $a0,$a0,$t0 @ xor with input - veor $b0,$b0,$t1 - vld1.8 {$t0-$t1},[r12]! - veor $c0,$c0,$t2 - veor $d0,$d0,$t3 - vld1.8 {$t2-$t3},[r12]! - - veor $a1,$a1,$t0 - vst1.8 {$a0-$b0},[r14]! @ store output - veor $b1,$b1,$t1 - vld1.8 {$t0-$t1},[r12]! - veor $c1,$c1,$t2 - vst1.8 {$c0-$d0},[r14]! - veor $d1,$d1,$t3 - vld1.8 {$t2-$t3},[r12]! - - veor $a2,$a2,$t0 - vld1.32 {$a0-$b0},[@t[3]]! @ load for next iteration - veor $t0#hi,$t0#hi,$t0#hi - vldr $t0#lo,[sp,#4*(16+4)] @ four - veor $b2,$b2,$t1 - vld1.32 {$c0-$d0},[@t[3]] - veor $c2,$c2,$t2 - vst1.8 {$a1-$b1},[r14]! - veor $d2,$d2,$t3 - vst1.8 {$c1-$d1},[r14]! - - vadd.i32 $d0#lo,$d0#lo,$t0#lo @ next counter value - vldr $t0#lo,[sp,#4*(16+0)] @ one - - ldmia sp,{@t[0]-@t[3]} @ load key material - add @x[0],@x[0],@t[0] @ accumulate key material - ldr @t[0],[r12],#16 @ load input - vst1.8 {$a2-$b2},[r14]! - add @x[1],@x[1],@t[1] - ldr @t[1],[r12,#-12] - vst1.8 {$c2-$d2},[r14]! - add @x[2],@x[2],@t[2] - ldr @t[2],[r12,#-8] - add @x[3],@x[3],@t[3] - ldr @t[3],[r12,#-4] -# ifdef __ARMEB__ - rev @x[0],@x[0] - rev @x[1],@x[1] - rev @x[2],@x[2] - rev @x[3],@x[3] -# endif - eor @x[0],@x[0],@t[0] @ xor with input - add @t[0],sp,#4*(4) - eor @x[1],@x[1],@t[1] - str @x[0],[r14],#16 @ store output - eor @x[2],@x[2],@t[2] - str @x[1],[r14,#-12] - eor @x[3],@x[3],@t[3] - ldmia @t[0],{@t[0]-@t[3]} @ load key material - str @x[2],[r14,#-8] - str @x[3],[r14,#-4] - - add @x[4],@x[4],@t[0] @ accumulate key material - ldr @t[0],[r12],#16 @ load input - add @x[5],@x[5],@t[1] - ldr @t[1],[r12,#-12] - add @x[6],@x[6],@t[2] - ldr @t[2],[r12,#-8] - add @x[7],@x[7],@t[3] - ldr @t[3],[r12,#-4] -# ifdef __ARMEB__ - rev @x[4],@x[4] - rev @x[5],@x[5] - rev @x[6],@x[6] - rev @x[7],@x[7] -# endif - eor @x[4],@x[4],@t[0] - add @t[0],sp,#4*(8) - eor @x[5],@x[5],@t[1] - str @x[4],[r14],#16 @ store output - eor @x[6],@x[6],@t[2] - str @x[5],[r14,#-12] - eor @x[7],@x[7],@t[3] - ldmia @t[0],{@t[0]-@t[3]} @ load key material - str @x[6],[r14,#-8] - add @x[0],sp,#4*(16+8) - str @x[7],[r14,#-4] - - ldmia @x[0],{@x[0]-@x[7]} @ load second half - - add @x[0],@x[0],@t[0] @ accumulate key material - ldr @t[0],[r12],#16 @ load input - add @x[1],@x[1],@t[1] - ldr @t[1],[r12,#-12] -# ifdef __thumb2__ - it hi -# endif - strhi @t[2],[sp,#4*(16+10)] @ copy "@x[10]" while at it - add @x[2],@x[2],@t[2] - ldr @t[2],[r12,#-8] -# ifdef __thumb2__ - it hi -# endif - strhi @t[3],[sp,#4*(16+11)] @ copy "@x[11]" while at it - add @x[3],@x[3],@t[3] - ldr @t[3],[r12,#-4] -# ifdef __ARMEB__ - rev @x[0],@x[0] - rev @x[1],@x[1] - rev @x[2],@x[2] - rev @x[3],@x[3] -# endif - eor @x[0],@x[0],@t[0] - add @t[0],sp,#4*(12) - eor @x[1],@x[1],@t[1] - str @x[0],[r14],#16 @ store output - eor @x[2],@x[2],@t[2] - str @x[1],[r14,#-12] - eor @x[3],@x[3],@t[3] - ldmia @t[0],{@t[0]-@t[3]} @ load key material - str @x[2],[r14,#-8] - str @x[3],[r14,#-4] - - add @x[4],@x[4],@t[0] @ accumulate key material - add @t[0],@t[0],#4 @ next counter value - add @x[5],@x[5],@t[1] - str @t[0],[sp,#4*(12)] @ save next counter value - ldr @t[0],[r12],#16 @ load input - add @x[6],@x[6],@t[2] - add @x[4],@x[4],#3 @ counter+3 - ldr @t[1],[r12,#-12] - add @x[7],@x[7],@t[3] - ldr @t[2],[r12,#-8] - ldr @t[3],[r12,#-4] -# ifdef __ARMEB__ - rev @x[4],@x[4] - rev @x[5],@x[5] - rev @x[6],@x[6] - rev @x[7],@x[7] -# endif - eor @x[4],@x[4],@t[0] -# ifdef __thumb2__ - it hi -# endif - ldrhi @t[0],[sp,#4*(32+2)] @ re-load len - eor @x[5],@x[5],@t[1] - eor @x[6],@x[6],@t[2] - str @x[4],[r14],#16 @ store output - eor @x[7],@x[7],@t[3] - str @x[5],[r14,#-12] - sub @t[3],@t[0],#64*4 @ len-=64*4 - str @x[6],[r14,#-8] - str @x[7],[r14,#-4] - bhi .Loop_neon_outer - - b .Ldone_neon - -.align 4 -.Lbreak_neon: - @ harmonize NEON and integer-only stack frames: load data - @ from NEON frame, but save to integer-only one; distance - @ between the two is 4*(32+4+16-32)=4*(20). - - str @t[3], [sp,#4*(20+32+2)] @ save len - add @t[3],sp,#4*(32+4) - str r12, [sp,#4*(20+32+1)] @ save inp - str r14, [sp,#4*(20+32+0)] @ save out - - ldr @x[12],[sp,#4*(16+10)] - ldr @x[14],[sp,#4*(16+11)] - vldmia @t[3],{d8-d15} @ fulfill ABI requirement - str @x[12],[sp,#4*(20+16+10)] @ copy "@x[10]" - str @x[14],[sp,#4*(20+16+11)] @ copy "@x[11]" - - ldr @t[3], [sp,#4*(15)] - ldr @x[12],[sp,#4*(12)] @ modulo-scheduled load - ldr @t[2], [sp,#4*(13)] - ldr @x[14],[sp,#4*(14)] - str @t[3], [sp,#4*(20+16+15)] - add @t[3],sp,#4*(20) - vst1.32 {$a0-$b0},[@t[3]]! @ copy key - add sp,sp,#4*(20) @ switch frame - vst1.32 {$c0-$d0},[@t[3]] - mov @t[3],#10 - b .Loop @ go integer-only - -.align 4 -.Ltail_neon: - cmp @t[3],#64*3 - bhs .L192_or_more_neon - cmp @t[3],#64*2 - bhs .L128_or_more_neon - cmp @t[3],#64*1 - bhs .L64_or_more_neon - - add @t[0],sp,#4*(8) - vst1.8 {$a0-$b0},[sp] - add @t[2],sp,#4*(0) - vst1.8 {$c0-$d0},[@t[0]] - b .Loop_tail_neon - -.align 4 -.L64_or_more_neon: - vld1.8 {$t0-$t1},[r12]! - vld1.8 {$t2-$t3},[r12]! - veor $a0,$a0,$t0 - veor $b0,$b0,$t1 - veor $c0,$c0,$t2 - veor $d0,$d0,$t3 - vst1.8 {$a0-$b0},[r14]! - vst1.8 {$c0-$d0},[r14]! - - beq .Ldone_neon - - add @t[0],sp,#4*(8) - vst1.8 {$a1-$b1},[sp] - add @t[2],sp,#4*(0) - vst1.8 {$c1-$d1},[@t[0]] - sub @t[3],@t[3],#64*1 @ len-=64*1 - b .Loop_tail_neon - -.align 4 -.L128_or_more_neon: - vld1.8 {$t0-$t1},[r12]! - vld1.8 {$t2-$t3},[r12]! - veor $a0,$a0,$t0 - veor $b0,$b0,$t1 - vld1.8 {$t0-$t1},[r12]! - veor $c0,$c0,$t2 - veor $d0,$d0,$t3 - vld1.8 {$t2-$t3},[r12]! - - veor $a1,$a1,$t0 - veor $b1,$b1,$t1 - vst1.8 {$a0-$b0},[r14]! - veor $c1,$c1,$t2 - vst1.8 {$c0-$d0},[r14]! - veor $d1,$d1,$t3 - vst1.8 {$a1-$b1},[r14]! - vst1.8 {$c1-$d1},[r14]! - - beq .Ldone_neon - - add @t[0],sp,#4*(8) - vst1.8 {$a2-$b2},[sp] - add @t[2],sp,#4*(0) - vst1.8 {$c2-$d2},[@t[0]] - sub @t[3],@t[3],#64*2 @ len-=64*2 - b .Loop_tail_neon - -.align 4 -.L192_or_more_neon: - vld1.8 {$t0-$t1},[r12]! - vld1.8 {$t2-$t3},[r12]! - veor $a0,$a0,$t0 - veor $b0,$b0,$t1 - vld1.8 {$t0-$t1},[r12]! - veor $c0,$c0,$t2 - veor $d0,$d0,$t3 - vld1.8 {$t2-$t3},[r12]! - - veor $a1,$a1,$t0 - veor $b1,$b1,$t1 - vld1.8 {$t0-$t1},[r12]! - veor $c1,$c1,$t2 - vst1.8 {$a0-$b0},[r14]! - veor $d1,$d1,$t3 - vld1.8 {$t2-$t3},[r12]! - - veor $a2,$a2,$t0 - vst1.8 {$c0-$d0},[r14]! - veor $b2,$b2,$t1 - vst1.8 {$a1-$b1},[r14]! - veor $c2,$c2,$t2 - vst1.8 {$c1-$d1},[r14]! - veor $d2,$d2,$t3 - vst1.8 {$a2-$b2},[r14]! - vst1.8 {$c2-$d2},[r14]! - - beq .Ldone_neon - - ldmia sp,{@t[0]-@t[3]} @ load key material - add @x[0],@x[0],@t[0] @ accumulate key material - add @t[0],sp,#4*(4) - add @x[1],@x[1],@t[1] - add @x[2],@x[2],@t[2] - add @x[3],@x[3],@t[3] - ldmia @t[0],{@t[0]-@t[3]} @ load key material - - add @x[4],@x[4],@t[0] @ accumulate key material - add @t[0],sp,#4*(8) - add @x[5],@x[5],@t[1] - add @x[6],@x[6],@t[2] - add @x[7],@x[7],@t[3] - ldmia @t[0],{@t[0]-@t[3]} @ load key material -# ifdef __ARMEB__ - rev @x[0],@x[0] - rev @x[1],@x[1] - rev @x[2],@x[2] - rev @x[3],@x[3] - rev @x[4],@x[4] - rev @x[5],@x[5] - rev @x[6],@x[6] - rev @x[7],@x[7] -# endif - stmia sp,{@x[0]-@x[7]} - add @x[0],sp,#4*(16+8) - - ldmia @x[0],{@x[0]-@x[7]} @ load second half - - add @x[0],@x[0],@t[0] @ accumulate key material - add @t[0],sp,#4*(12) - add @x[1],@x[1],@t[1] - add @x[2],@x[2],@t[2] - add @x[3],@x[3],@t[3] - ldmia @t[0],{@t[0]-@t[3]} @ load key material - - add @x[4],@x[4],@t[0] @ accumulate key material - add @t[0],sp,#4*(8) - add @x[5],@x[5],@t[1] - add @x[4],@x[4],#3 @ counter+3 - add @x[6],@x[6],@t[2] - add @x[7],@x[7],@t[3] - ldr @t[3],[sp,#4*(32+2)] @ re-load len -# ifdef __ARMEB__ - rev @x[0],@x[0] - rev @x[1],@x[1] - rev @x[2],@x[2] - rev @x[3],@x[3] - rev @x[4],@x[4] - rev @x[5],@x[5] - rev @x[6],@x[6] - rev @x[7],@x[7] -# endif - stmia @t[0],{@x[0]-@x[7]} - add @t[2],sp,#4*(0) - sub @t[3],@t[3],#64*3 @ len-=64*3 - -.Loop_tail_neon: - ldrb @t[0],[@t[2]],#1 @ read buffer on stack - ldrb @t[1],[r12],#1 @ read input - subs @t[3],@t[3],#1 - eor @t[0],@t[0],@t[1] - strb @t[0],[r14],#1 @ store output - bne .Loop_tail_neon - -.Ldone_neon: - add sp,sp,#4*(32+4) - vldmia sp,{d8-d15} - add sp,sp,#4*(16+3) - ldmia sp!,{r4-r11,pc} -.size ChaCha20_neon,.-ChaCha20_neon -.comm OPENSSL_armcap_P,4,4 -#endif -___ -}}} - -foreach (split("\n",$code)) { - s/\`([^\`]*)\`/eval $1/geo; - - s/\bq([0-9]+)#(lo|hi)/sprintf "d%d",2*$1+($2 eq "hi")/geo; - - print $_,"\n"; -} -close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/chacha/asm/chacha-armv8.pl b/crypto/chacha/asm/chacha-armv8.pl deleted file mode 100755 index dcdc4a04e367f90b4cf21256b0f1d0da40ce8ee2..0000000000000000000000000000000000000000 --- a/crypto/chacha/asm/chacha-armv8.pl +++ /dev/null @@ -1,1293 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - -# -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# ==================================================================== -# -# June 2015 -# -# ChaCha20 for ARMv8. -# -# April 2019 -# -# Replace 3xNEON+1xIALU code path with 4+1. 4+1 is actually fastest -# option on most(*), but not all, processors, yet 6+2 is retained. -# This is because penalties are considered tolerable in comparison to -# improvement on processors where 6+2 helps. Most notably +37% on -# ThunderX2. It's server-oriented processor which will have to serve -# as many requests as possible. While others are mostly clients, when -# performance doesn't have to be absolute top-notch, just fast enough, -# as majority of time is spent "entertaining" relatively slow human. -# -# Performance in cycles per byte out of large buffer. -# -# IALU/gcc-4.9 4xNEON+1xIALU 6xNEON+2xIALU -# -# Apple A7 5.50/+49% 2.72 1.60 -# Cortex-A53 8.40/+80% 4.06 4.45(*) -# Cortex-A57 8.06/+43% 4.15 4.40(*) -# Denver 4.50/+82% 2.30 2.70(*) -# X-Gene 9.50/+46% 8.20 8.90(*) -# Mongoose 8.00/+44% 2.74 3.12(*) -# Kryo 8.17/+50% 4.47 4.65(*) -# ThunderX2 7.22/+48% 5.64 4.10 -# -# (*) slower than 4+1:-( - -# $output is the last argument if it looks like a file (it has an extension) -# $flavour is the first argument if it doesn't look like a file -$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; -$flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef; - -$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; -( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or -( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or -die "can't locate arm-xlate.pl"; - -open OUT,"| \"$^X\" $xlate $flavour \"$output\"" - or die "can't call $xlate: $!"; -*STDOUT=*OUT; - -sub AUTOLOAD() # thunk [simplified] x86-style perlasm -{ my $opcode = $AUTOLOAD; $opcode =~ s/.*:://; $opcode =~ s/_/\./; - my $arg = pop; - $arg = "#$arg" if ($arg*1 eq $arg); - $code .= "\t$opcode\t".join(',',@_,$arg)."\n"; -} - -my ($out,$inp,$len,$key,$ctr) = map("x$_",(0..4)); - -my @x=map("x$_",(5..17,19..21)); -my @d=map("x$_",(22..28,30)); - -sub ROUND { -my ($a0,$b0,$c0,$d0)=@_; -my ($a1,$b1,$c1,$d1)=map(($_&~3)+(($_+1)&3),($a0,$b0,$c0,$d0)); -my ($a2,$b2,$c2,$d2)=map(($_&~3)+(($_+1)&3),($a1,$b1,$c1,$d1)); -my ($a3,$b3,$c3,$d3)=map(($_&~3)+(($_+1)&3),($a2,$b2,$c2,$d2)); - - ( - "&add_32 (@x[$a0],@x[$a0],@x[$b0])", - "&add_32 (@x[$a1],@x[$a1],@x[$b1])", - "&add_32 (@x[$a2],@x[$a2],@x[$b2])", - "&add_32 (@x[$a3],@x[$a3],@x[$b3])", - "&eor_32 (@x[$d0],@x[$d0],@x[$a0])", - "&eor_32 (@x[$d1],@x[$d1],@x[$a1])", - "&eor_32 (@x[$d2],@x[$d2],@x[$a2])", - "&eor_32 (@x[$d3],@x[$d3],@x[$a3])", - "&ror_32 (@x[$d0],@x[$d0],16)", - "&ror_32 (@x[$d1],@x[$d1],16)", - "&ror_32 (@x[$d2],@x[$d2],16)", - "&ror_32 (@x[$d3],@x[$d3],16)", - - "&add_32 (@x[$c0],@x[$c0],@x[$d0])", - "&add_32 (@x[$c1],@x[$c1],@x[$d1])", - "&add_32 (@x[$c2],@x[$c2],@x[$d2])", - "&add_32 (@x[$c3],@x[$c3],@x[$d3])", - "&eor_32 (@x[$b0],@x[$b0],@x[$c0])", - "&eor_32 (@x[$b1],@x[$b1],@x[$c1])", - "&eor_32 (@x[$b2],@x[$b2],@x[$c2])", - "&eor_32 (@x[$b3],@x[$b3],@x[$c3])", - "&ror_32 (@x[$b0],@x[$b0],20)", - "&ror_32 (@x[$b1],@x[$b1],20)", - "&ror_32 (@x[$b2],@x[$b2],20)", - "&ror_32 (@x[$b3],@x[$b3],20)", - - "&add_32 (@x[$a0],@x[$a0],@x[$b0])", - "&add_32 (@x[$a1],@x[$a1],@x[$b1])", - "&add_32 (@x[$a2],@x[$a2],@x[$b2])", - "&add_32 (@x[$a3],@x[$a3],@x[$b3])", - "&eor_32 (@x[$d0],@x[$d0],@x[$a0])", - "&eor_32 (@x[$d1],@x[$d1],@x[$a1])", - "&eor_32 (@x[$d2],@x[$d2],@x[$a2])", - "&eor_32 (@x[$d3],@x[$d3],@x[$a3])", - "&ror_32 (@x[$d0],@x[$d0],24)", - "&ror_32 (@x[$d1],@x[$d1],24)", - "&ror_32 (@x[$d2],@x[$d2],24)", - "&ror_32 (@x[$d3],@x[$d3],24)", - - "&add_32 (@x[$c0],@x[$c0],@x[$d0])", - "&add_32 (@x[$c1],@x[$c1],@x[$d1])", - "&add_32 (@x[$c2],@x[$c2],@x[$d2])", - "&add_32 (@x[$c3],@x[$c3],@x[$d3])", - "&eor_32 (@x[$b0],@x[$b0],@x[$c0])", - "&eor_32 (@x[$b1],@x[$b1],@x[$c1])", - "&eor_32 (@x[$b2],@x[$b2],@x[$c2])", - "&eor_32 (@x[$b3],@x[$b3],@x[$c3])", - "&ror_32 (@x[$b0],@x[$b0],25)", - "&ror_32 (@x[$b1],@x[$b1],25)", - "&ror_32 (@x[$b2],@x[$b2],25)", - "&ror_32 (@x[$b3],@x[$b3],25)" - ); -} - -$code.=<<___; -#ifndef __KERNEL__ -# include "arm_arch.h" -.extern OPENSSL_armcap_P -.hidden OPENSSL_armcap_P -#endif - -.text - -.align 5 -.Lsigma: -.quad 0x3320646e61707865,0x6b20657479622d32 // endian-neutral -.Lone: -.long 1,2,3,4 -.Lrot24: -.long 0x02010003,0x06050407,0x0a09080b,0x0e0d0c0f -.asciz "ChaCha20 for ARMv8, CRYPTOGAMS by \@dot-asm" - -.globl ChaCha20_ctr32 -.type ChaCha20_ctr32,%function -.align 5 -ChaCha20_ctr32: - cbz $len,.Labort - cmp $len,#192 - b.lo .Lshort - -#ifndef __KERNEL__ - adrp x17,OPENSSL_armcap_P - ldr w17,[x17,#:lo12:OPENSSL_armcap_P] - tst w17,#ARMV7_NEON - b.ne .LChaCha20_neon -#endif - -.Lshort: - .inst 0xd503233f // paciasp - stp x29,x30,[sp,#-96]! - add x29,sp,#0 - - adr @x[0],.Lsigma - stp x19,x20,[sp,#16] - stp x21,x22,[sp,#32] - stp x23,x24,[sp,#48] - stp x25,x26,[sp,#64] - stp x27,x28,[sp,#80] - sub sp,sp,#64 - - ldp @d[0],@d[1],[@x[0]] // load sigma - ldp @d[2],@d[3],[$key] // load key - ldp @d[4],@d[5],[$key,#16] - ldp @d[6],@d[7],[$ctr] // load counter -#ifdef __AARCH64EB__ - ror @d[2],@d[2],#32 - ror @d[3],@d[3],#32 - ror @d[4],@d[4],#32 - ror @d[5],@d[5],#32 - ror @d[6],@d[6],#32 - ror @d[7],@d[7],#32 -#endif - -.Loop_outer: - mov.32 @x[0],@d[0] // unpack key block - lsr @x[1],@d[0],#32 - mov.32 @x[2],@d[1] - lsr @x[3],@d[1],#32 - mov.32 @x[4],@d[2] - lsr @x[5],@d[2],#32 - mov.32 @x[6],@d[3] - lsr @x[7],@d[3],#32 - mov.32 @x[8],@d[4] - lsr @x[9],@d[4],#32 - mov.32 @x[10],@d[5] - lsr @x[11],@d[5],#32 - mov.32 @x[12],@d[6] - lsr @x[13],@d[6],#32 - mov.32 @x[14],@d[7] - lsr @x[15],@d[7],#32 - - mov $ctr,#10 - subs $len,$len,#64 -.Loop: - sub $ctr,$ctr,#1 -___ - foreach (&ROUND(0, 4, 8,12)) { eval; } - foreach (&ROUND(0, 5,10,15)) { eval; } -$code.=<<___; - cbnz $ctr,.Loop - - add.32 @x[0],@x[0],@d[0] // accumulate key block - add @x[1],@x[1],@d[0],lsr#32 - add.32 @x[2],@x[2],@d[1] - add @x[3],@x[3],@d[1],lsr#32 - add.32 @x[4],@x[4],@d[2] - add @x[5],@x[5],@d[2],lsr#32 - add.32 @x[6],@x[6],@d[3] - add @x[7],@x[7],@d[3],lsr#32 - add.32 @x[8],@x[8],@d[4] - add @x[9],@x[9],@d[4],lsr#32 - add.32 @x[10],@x[10],@d[5] - add @x[11],@x[11],@d[5],lsr#32 - add.32 @x[12],@x[12],@d[6] - add @x[13],@x[13],@d[6],lsr#32 - add.32 @x[14],@x[14],@d[7] - add @x[15],@x[15],@d[7],lsr#32 - - b.lo .Ltail - - add @x[0],@x[0],@x[1],lsl#32 // pack - add @x[2],@x[2],@x[3],lsl#32 - ldp @x[1],@x[3],[$inp,#0] // load input - add @x[4],@x[4],@x[5],lsl#32 - add @x[6],@x[6],@x[7],lsl#32 - ldp @x[5],@x[7],[$inp,#16] - add @x[8],@x[8],@x[9],lsl#32 - add @x[10],@x[10],@x[11],lsl#32 - ldp @x[9],@x[11],[$inp,#32] - add @x[12],@x[12],@x[13],lsl#32 - add @x[14],@x[14],@x[15],lsl#32 - ldp @x[13],@x[15],[$inp,#48] - add $inp,$inp,#64 -#ifdef __AARCH64EB__ - rev @x[0],@x[0] - rev @x[2],@x[2] - rev @x[4],@x[4] - rev @x[6],@x[6] - rev @x[8],@x[8] - rev @x[10],@x[10] - rev @x[12],@x[12] - rev @x[14],@x[14] -#endif - eor @x[0],@x[0],@x[1] - eor @x[2],@x[2],@x[3] - eor @x[4],@x[4],@x[5] - eor @x[6],@x[6],@x[7] - eor @x[8],@x[8],@x[9] - eor @x[10],@x[10],@x[11] - eor @x[12],@x[12],@x[13] - eor @x[14],@x[14],@x[15] - - stp @x[0],@x[2],[$out,#0] // store output - add @d[6],@d[6],#1 // increment counter - stp @x[4],@x[6],[$out,#16] - stp @x[8],@x[10],[$out,#32] - stp @x[12],@x[14],[$out,#48] - add $out,$out,#64 - - b.hi .Loop_outer - - ldp x19,x20,[x29,#16] - add sp,sp,#64 - ldp x21,x22,[x29,#32] - ldp x23,x24,[x29,#48] - ldp x25,x26,[x29,#64] - ldp x27,x28,[x29,#80] - ldp x29,x30,[sp],#96 - .inst 0xd50323bf // autiasp -.Labort: - ret - -.align 4 -.Ltail: - add $len,$len,#64 -.Less_than_64: - sub $out,$out,#1 - add $inp,$inp,$len - add $out,$out,$len - add $ctr,sp,$len - neg $len,$len - - add @x[0],@x[0],@x[1],lsl#32 // pack - add @x[2],@x[2],@x[3],lsl#32 - add @x[4],@x[4],@x[5],lsl#32 - add @x[6],@x[6],@x[7],lsl#32 - add @x[8],@x[8],@x[9],lsl#32 - add @x[10],@x[10],@x[11],lsl#32 - add @x[12],@x[12],@x[13],lsl#32 - add @x[14],@x[14],@x[15],lsl#32 -#ifdef __AARCH64EB__ - rev @x[0],@x[0] - rev @x[2],@x[2] - rev @x[4],@x[4] - rev @x[6],@x[6] - rev @x[8],@x[8] - rev @x[10],@x[10] - rev @x[12],@x[12] - rev @x[14],@x[14] -#endif - stp @x[0],@x[2],[sp,#0] - stp @x[4],@x[6],[sp,#16] - stp @x[8],@x[10],[sp,#32] - stp @x[12],@x[14],[sp,#48] - -.Loop_tail: - ldrb w10,[$inp,$len] - ldrb w11,[$ctr,$len] - add $len,$len,#1 - eor w10,w10,w11 - strb w10,[$out,$len] - cbnz $len,.Loop_tail - - stp xzr,xzr,[sp,#0] - stp xzr,xzr,[sp,#16] - stp xzr,xzr,[sp,#32] - stp xzr,xzr,[sp,#48] - - ldp x19,x20,[x29,#16] - add sp,sp,#64 - ldp x21,x22,[x29,#32] - ldp x23,x24,[x29,#48] - ldp x25,x26,[x29,#64] - ldp x27,x28,[x29,#80] - ldp x29,x30,[sp],#96 - .inst 0xd50323bf // autiasp - ret -.size ChaCha20_ctr32,.-ChaCha20_ctr32 -___ - -{{{ -my @K = map("v$_.4s",(0..3)); -my ($xt0,$xt1,$xt2,$xt3, $CTR,$ROT24) = map("v$_.4s",(4..9)); -my @X = map("v$_.4s",(16,20,24,28, 17,21,25,29, 18,22,26,30, 19,23,27,31)); -my ($xa0,$xa1,$xa2,$xa3, $xb0,$xb1,$xb2,$xb3, - $xc0,$xc1,$xc2,$xc3, $xd0,$xd1,$xd2,$xd3) = @X; - -sub NEON_lane_ROUND { -my ($a0,$b0,$c0,$d0)=@_; -my ($a1,$b1,$c1,$d1)=map(($_&~3)+(($_+1)&3),($a0,$b0,$c0,$d0)); -my ($a2,$b2,$c2,$d2)=map(($_&~3)+(($_+1)&3),($a1,$b1,$c1,$d1)); -my ($a3,$b3,$c3,$d3)=map(($_&~3)+(($_+1)&3),($a2,$b2,$c2,$d2)); -my @x=map("'$_'",@X); - - ( - "&add (@x[$a0],@x[$a0],@x[$b0])", # Q1 - "&add (@x[$a1],@x[$a1],@x[$b1])", # Q2 - "&add (@x[$a2],@x[$a2],@x[$b2])", # Q3 - "&add (@x[$a3],@x[$a3],@x[$b3])", # Q4 - "&eor (@x[$d0],@x[$d0],@x[$a0])", - "&eor (@x[$d1],@x[$d1],@x[$a1])", - "&eor (@x[$d2],@x[$d2],@x[$a2])", - "&eor (@x[$d3],@x[$d3],@x[$a3])", - "&rev32_16 (@x[$d0],@x[$d0])", - "&rev32_16 (@x[$d1],@x[$d1])", - "&rev32_16 (@x[$d2],@x[$d2])", - "&rev32_16 (@x[$d3],@x[$d3])", - - "&add (@x[$c0],@x[$c0],@x[$d0])", - "&add (@x[$c1],@x[$c1],@x[$d1])", - "&add (@x[$c2],@x[$c2],@x[$d2])", - "&add (@x[$c3],@x[$c3],@x[$d3])", - "&eor ('$xt0',@x[$b0],@x[$c0])", - "&eor ('$xt1',@x[$b1],@x[$c1])", - "&eor ('$xt2',@x[$b2],@x[$c2])", - "&eor ('$xt3',@x[$b3],@x[$c3])", - "&ushr (@x[$b0],'$xt0',20)", - "&ushr (@x[$b1],'$xt1',20)", - "&ushr (@x[$b2],'$xt2',20)", - "&ushr (@x[$b3],'$xt3',20)", - "&sli (@x[$b0],'$xt0',12)", - "&sli (@x[$b1],'$xt1',12)", - "&sli (@x[$b2],'$xt2',12)", - "&sli (@x[$b3],'$xt3',12)", - - "&add (@x[$a0],@x[$a0],@x[$b0])", - "&add (@x[$a1],@x[$a1],@x[$b1])", - "&add (@x[$a2],@x[$a2],@x[$b2])", - "&add (@x[$a3],@x[$a3],@x[$b3])", - "&eor ('$xt0',@x[$d0],@x[$a0])", - "&eor ('$xt1',@x[$d1],@x[$a1])", - "&eor ('$xt2',@x[$d2],@x[$a2])", - "&eor ('$xt3',@x[$d3],@x[$a3])", - "&tbl (@x[$d0],'{$xt0}','$ROT24')", - "&tbl (@x[$d1],'{$xt1}','$ROT24')", - "&tbl (@x[$d2],'{$xt2}','$ROT24')", - "&tbl (@x[$d3],'{$xt3}','$ROT24')", - - "&add (@x[$c0],@x[$c0],@x[$d0])", - "&add (@x[$c1],@x[$c1],@x[$d1])", - "&add (@x[$c2],@x[$c2],@x[$d2])", - "&add (@x[$c3],@x[$c3],@x[$d3])", - "&eor ('$xt0',@x[$b0],@x[$c0])", - "&eor ('$xt1',@x[$b1],@x[$c1])", - "&eor ('$xt2',@x[$b2],@x[$c2])", - "&eor ('$xt3',@x[$b3],@x[$c3])", - "&ushr (@x[$b0],'$xt0',25)", - "&ushr (@x[$b1],'$xt1',25)", - "&ushr (@x[$b2],'$xt2',25)", - "&ushr (@x[$b3],'$xt3',25)", - "&sli (@x[$b0],'$xt0',7)", - "&sli (@x[$b1],'$xt1',7)", - "&sli (@x[$b2],'$xt2',7)", - "&sli (@x[$b3],'$xt3',7)" - ); -} - -$code.=<<___; - -#ifdef __KERNEL__ -.globl ChaCha20_neon -#endif -.type ChaCha20_neon,%function -.align 5 -ChaCha20_neon: -.LChaCha20_neon: - .inst 0xd503233f // paciasp - stp x29,x30,[sp,#-96]! - add x29,sp,#0 - - adr @x[0],.Lsigma - stp x19,x20,[sp,#16] - stp x21,x22,[sp,#32] - stp x23,x24,[sp,#48] - stp x25,x26,[sp,#64] - stp x27,x28,[sp,#80] - cmp $len,#512 - b.hs .L512_or_more_neon - - sub sp,sp,#64 - - ldp @d[0],@d[1],[@x[0]] // load sigma - ld1 {@K[0]},[@x[0]],#16 - ldp @d[2],@d[3],[$key] // load key - ldp @d[4],@d[5],[$key,#16] - ld1 {@K[1],@K[2]},[$key] - ldp @d[6],@d[7],[$ctr] // load counter - ld1 {@K[3]},[$ctr] - stp d8,d9,[sp] // meet ABI requirements - ld1 {$CTR,$ROT24},[@x[0]] -#ifdef __AARCH64EB__ - rev64 @K[0],@K[0] - ror @d[2],@d[2],#32 - ror @d[3],@d[3],#32 - ror @d[4],@d[4],#32 - ror @d[5],@d[5],#32 - ror @d[6],@d[6],#32 - ror @d[7],@d[7],#32 -#endif - -.Loop_outer_neon: - dup $xa0,@{K[0]}[0] // unpack key block - mov.32 @x[0],@d[0] - dup $xa1,@{K[0]}[1] - lsr @x[1],@d[0],#32 - dup $xa2,@{K[0]}[2] - mov.32 @x[2],@d[1] - dup $xa3,@{K[0]}[3] - lsr @x[3],@d[1],#32 - dup $xb0,@{K[1]}[0] - mov.32 @x[4],@d[2] - dup $xb1,@{K[1]}[1] - lsr @x[5],@d[2],#32 - dup $xb2,@{K[1]}[2] - mov.32 @x[6],@d[3] - dup $xb3,@{K[1]}[3] - lsr @x[7],@d[3],#32 - dup $xd0,@{K[3]}[0] - mov.32 @x[8],@d[4] - dup $xd1,@{K[3]}[1] - lsr @x[9],@d[4],#32 - dup $xd2,@{K[3]}[2] - mov.32 @x[10],@d[5] - dup $xd3,@{K[3]}[3] - lsr @x[11],@d[5],#32 - add $xd0,$xd0,$CTR - mov.32 @x[12],@d[6] - dup $xc0,@{K[2]}[0] - lsr @x[13],@d[6],#32 - dup $xc1,@{K[2]}[1] - mov.32 @x[14],@d[7] - dup $xc2,@{K[2]}[2] - lsr @x[15],@d[7],#32 - dup $xc3,@{K[2]}[3] - - mov $ctr,#10 - subs $len,$len,#320 -.Loop_neon: - sub $ctr,$ctr,#1 -___ - my @plus_one=&ROUND(0,4,8,12); - foreach (&NEON_lane_ROUND(0,4,8,12)) { eval; eval(shift(@plus_one)); } - - @plus_one=&ROUND(0,5,10,15); - foreach (&NEON_lane_ROUND(0,5,10,15)) { eval; eval(shift(@plus_one)); } -$code.=<<___; - cbnz $ctr,.Loop_neon - - add $xd0,$xd0,$CTR - - zip1 $xt0,$xa0,$xa1 // transpose data - zip1 $xt1,$xa2,$xa3 - zip2 $xt2,$xa0,$xa1 - zip2 $xt3,$xa2,$xa3 - zip1.64 $xa0,$xt0,$xt1 - zip2.64 $xa1,$xt0,$xt1 - zip1.64 $xa2,$xt2,$xt3 - zip2.64 $xa3,$xt2,$xt3 - - zip1 $xt0,$xb0,$xb1 - zip1 $xt1,$xb2,$xb3 - zip2 $xt2,$xb0,$xb1 - zip2 $xt3,$xb2,$xb3 - zip1.64 $xb0,$xt0,$xt1 - zip2.64 $xb1,$xt0,$xt1 - zip1.64 $xb2,$xt2,$xt3 - zip2.64 $xb3,$xt2,$xt3 - - zip1 $xt0,$xc0,$xc1 - add.32 @x[0],@x[0],@d[0] // accumulate key block - zip1 $xt1,$xc2,$xc3 - add @x[1],@x[1],@d[0],lsr#32 - zip2 $xt2,$xc0,$xc1 - add.32 @x[2],@x[2],@d[1] - zip2 $xt3,$xc2,$xc3 - add @x[3],@x[3],@d[1],lsr#32 - zip1.64 $xc0,$xt0,$xt1 - add.32 @x[4],@x[4],@d[2] - zip2.64 $xc1,$xt0,$xt1 - add @x[5],@x[5],@d[2],lsr#32 - zip1.64 $xc2,$xt2,$xt3 - add.32 @x[6],@x[6],@d[3] - zip2.64 $xc3,$xt2,$xt3 - add @x[7],@x[7],@d[3],lsr#32 - - zip1 $xt0,$xd0,$xd1 - add.32 @x[8],@x[8],@d[4] - zip1 $xt1,$xd2,$xd3 - add @x[9],@x[9],@d[4],lsr#32 - zip2 $xt2,$xd0,$xd1 - add.32 @x[10],@x[10],@d[5] - zip2 $xt3,$xd2,$xd3 - add @x[11],@x[11],@d[5],lsr#32 - zip1.64 $xd0,$xt0,$xt1 - add.32 @x[12],@x[12],@d[6] - zip2.64 $xd1,$xt0,$xt1 - add @x[13],@x[13],@d[6],lsr#32 - zip1.64 $xd2,$xt2,$xt3 - add.32 @x[14],@x[14],@d[7] - zip2.64 $xd3,$xt2,$xt3 - add @x[15],@x[15],@d[7],lsr#32 - - b.lo .Ltail_neon - - add @x[0],@x[0],@x[1],lsl#32 // pack - add @x[2],@x[2],@x[3],lsl#32 - ldp @x[1],@x[3],[$inp,#0] // load input - add $xa0,$xa0,@K[0] // accumulate key block - add @x[4],@x[4],@x[5],lsl#32 - add @x[6],@x[6],@x[7],lsl#32 - ldp @x[5],@x[7],[$inp,#16] - add $xb0,$xb0,@K[1] - add @x[8],@x[8],@x[9],lsl#32 - add @x[10],@x[10],@x[11],lsl#32 - ldp @x[9],@x[11],[$inp,#32] - add $xc0,$xc0,@K[2] - add @x[12],@x[12],@x[13],lsl#32 - add @x[14],@x[14],@x[15],lsl#32 - ldp @x[13],@x[15],[$inp,#48] - add $xd0,$xd0,@K[3] - add $inp,$inp,#64 -#ifdef __AARCH64EB__ - rev @x[0],@x[0] - rev @x[2],@x[2] - rev @x[4],@x[4] - rev @x[6],@x[6] - rev @x[8],@x[8] - rev @x[10],@x[10] - rev @x[12],@x[12] - rev @x[14],@x[14] -#endif - ld1.8 {$xt0-$xt3},[$inp],#64 - eor @x[0],@x[0],@x[1] - add $xa1,$xa1,@K[0] - eor @x[2],@x[2],@x[3] - add $xb1,$xb1,@K[1] - eor @x[4],@x[4],@x[5] - add $xc1,$xc1,@K[2] - eor @x[6],@x[6],@x[7] - add $xd1,$xd1,@K[3] - eor @x[8],@x[8],@x[9] - eor $xa0,$xa0,$xt0 - movi $xt0,#5 - eor @x[10],@x[10],@x[11] - eor $xb0,$xb0,$xt1 - eor @x[12],@x[12],@x[13] - eor $xc0,$xc0,$xt2 - eor @x[14],@x[14],@x[15] - eor $xd0,$xd0,$xt3 - add $CTR,$CTR,$xt0 // += 5 - ld1.8 {$xt0-$xt3},[$inp],#64 - - stp @x[0],@x[2],[$out,#0] // store output - add @d[6],@d[6],#5 // increment counter - stp @x[4],@x[6],[$out,#16] - stp @x[8],@x[10],[$out,#32] - stp @x[12],@x[14],[$out,#48] - add $out,$out,#64 - - st1.8 {$xa0-$xd0},[$out],#64 - add $xa2,$xa2,@K[0] - add $xb2,$xb2,@K[1] - add $xc2,$xc2,@K[2] - add $xd2,$xd2,@K[3] - ld1.8 {$xa0-$xd0},[$inp],#64 - - eor $xa1,$xa1,$xt0 - eor $xb1,$xb1,$xt1 - eor $xc1,$xc1,$xt2 - eor $xd1,$xd1,$xt3 - st1.8 {$xa1-$xd1},[$out],#64 - add $xa3,$xa3,@K[0] - add $xb3,$xb3,@K[1] - add $xc3,$xc3,@K[2] - add $xd3,$xd3,@K[3] - ld1.8 {$xa1-$xd1},[$inp],#64 - - eor $xa2,$xa2,$xa0 - eor $xb2,$xb2,$xb0 - eor $xc2,$xc2,$xc0 - eor $xd2,$xd2,$xd0 - st1.8 {$xa2-$xd2},[$out],#64 - - eor $xa3,$xa3,$xa1 - eor $xb3,$xb3,$xb1 - eor $xc3,$xc3,$xc1 - eor $xd3,$xd3,$xd1 - st1.8 {$xa3-$xd3},[$out],#64 - - b.hi .Loop_outer_neon - - ldp d8,d9,[sp] // meet ABI requirements - - ldp x19,x20,[x29,#16] - add sp,sp,#64 - ldp x21,x22,[x29,#32] - ldp x23,x24,[x29,#48] - ldp x25,x26,[x29,#64] - ldp x27,x28,[x29,#80] - ldp x29,x30,[sp],#96 - .inst 0xd50323bf // autiasp - ret - -.align 4 -.Ltail_neon: - add $len,$len,#320 - ldp d8,d9,[sp] // meet ABI requirements - cmp $len,#64 - b.lo .Less_than_64 - - add @x[0],@x[0],@x[1],lsl#32 // pack - add @x[2],@x[2],@x[3],lsl#32 - ldp @x[1],@x[3],[$inp,#0] // load input - add @x[4],@x[4],@x[5],lsl#32 - add @x[6],@x[6],@x[7],lsl#32 - ldp @x[5],@x[7],[$inp,#16] - add @x[8],@x[8],@x[9],lsl#32 - add @x[10],@x[10],@x[11],lsl#32 - ldp @x[9],@x[11],[$inp,#32] - add @x[12],@x[12],@x[13],lsl#32 - add @x[14],@x[14],@x[15],lsl#32 - ldp @x[13],@x[15],[$inp,#48] - add $inp,$inp,#64 -#ifdef __AARCH64EB__ - rev @x[0],@x[0] - rev @x[2],@x[2] - rev @x[4],@x[4] - rev @x[6],@x[6] - rev @x[8],@x[8] - rev @x[10],@x[10] - rev @x[12],@x[12] - rev @x[14],@x[14] -#endif - eor @x[0],@x[0],@x[1] - eor @x[2],@x[2],@x[3] - eor @x[4],@x[4],@x[5] - eor @x[6],@x[6],@x[7] - eor @x[8],@x[8],@x[9] - eor @x[10],@x[10],@x[11] - eor @x[12],@x[12],@x[13] - eor @x[14],@x[14],@x[15] - - stp @x[0],@x[2],[$out,#0] // store output - add $xa0,$xa0,@K[0] // accumulate key block - stp @x[4],@x[6],[$out,#16] - add $xb0,$xb0,@K[1] - stp @x[8],@x[10],[$out,#32] - add $xc0,$xc0,@K[2] - stp @x[12],@x[14],[$out,#48] - add $xd0,$xd0,@K[3] - add $out,$out,#64 - b.eq .Ldone_neon - sub $len,$len,#64 - cmp $len,#64 - b.lo .Last_neon - - ld1.8 {$xt0-$xt3},[$inp],#64 - eor $xa0,$xa0,$xt0 - eor $xb0,$xb0,$xt1 - eor $xc0,$xc0,$xt2 - eor $xd0,$xd0,$xt3 - st1.8 {$xa0-$xd0},[$out],#64 - b.eq .Ldone_neon - - add $xa0,$xa1,@K[0] - add $xb0,$xb1,@K[1] - sub $len,$len,#64 - add $xc0,$xc1,@K[2] - cmp $len,#64 - add $xd0,$xd1,@K[3] - b.lo .Last_neon - - ld1.8 {$xt0-$xt3},[$inp],#64 - eor $xa1,$xa0,$xt0 - eor $xb1,$xb0,$xt1 - eor $xc1,$xc0,$xt2 - eor $xd1,$xd0,$xt3 - st1.8 {$xa1-$xd1},[$out],#64 - b.eq .Ldone_neon - - add $xa0,$xa2,@K[0] - add $xb0,$xb2,@K[1] - sub $len,$len,#64 - add $xc0,$xc2,@K[2] - cmp $len,#64 - add $xd0,$xd2,@K[3] - b.lo .Last_neon - - ld1.8 {$xt0-$xt3},[$inp],#64 - eor $xa2,$xa0,$xt0 - eor $xb2,$xb0,$xt1 - eor $xc2,$xc0,$xt2 - eor $xd2,$xd0,$xt3 - st1.8 {$xa2-$xd2},[$out],#64 - b.eq .Ldone_neon - - add $xa0,$xa3,@K[0] - add $xb0,$xb3,@K[1] - add $xc0,$xc3,@K[2] - add $xd0,$xd3,@K[3] - sub $len,$len,#64 - -.Last_neon: - st1.8 {$xa0-$xd0},[sp] - - sub $out,$out,#1 - add $inp,$inp,$len - add $out,$out,$len - add $ctr,sp,$len - neg $len,$len - -.Loop_tail_neon: - ldrb w10,[$inp,$len] - ldrb w11,[$ctr,$len] - add $len,$len,#1 - eor w10,w10,w11 - strb w10,[$out,$len] - cbnz $len,.Loop_tail_neon - - stp xzr,xzr,[sp,#0] - stp xzr,xzr,[sp,#16] - stp xzr,xzr,[sp,#32] - stp xzr,xzr,[sp,#48] - -.Ldone_neon: - ldp x19,x20,[x29,#16] - add sp,sp,#64 - ldp x21,x22,[x29,#32] - ldp x23,x24,[x29,#48] - ldp x25,x26,[x29,#64] - ldp x27,x28,[x29,#80] - ldp x29,x30,[sp],#96 - .inst 0xd50323bf // autiasp - ret -.size ChaCha20_neon,.-ChaCha20_neon -___ -{ -my @K = map("v$_.4s",(0..6)); -my ($T0,$T1,$T2,$T3,$T4,$T5)=@K; -my ($A0,$B0,$C0,$D0,$A1,$B1,$C1,$D1,$A2,$B2,$C2,$D2, - $A3,$B3,$C3,$D3,$A4,$B4,$C4,$D4,$A5,$B5,$C5,$D5) = map("v$_.4s",(8..31)); -my $rot24 = @K[6]; -my $ONE = "v7.4s"; - -sub NEONROUND { -my $odd = pop; -my ($a,$b,$c,$d,$t)=@_; - - ( - "&add ('$a','$a','$b')", - "&eor ('$d','$d','$a')", - "&rev32_16 ('$d','$d')", # vrot ($d,16) - - "&add ('$c','$c','$d')", - "&eor ('$t','$b','$c')", - "&ushr ('$b','$t',20)", - "&sli ('$b','$t',12)", - - "&add ('$a','$a','$b')", - "&eor ('$d','$d','$a')", - "&tbl ('$d','{$d}','$rot24')", - - "&add ('$c','$c','$d')", - "&eor ('$t','$b','$c')", - "&ushr ('$b','$t',25)", - "&sli ('$b','$t',7)", - - "&ext ('$c','$c','$c',8)", - "&ext ('$d','$d','$d',$odd?4:12)", - "&ext ('$b','$b','$b',$odd?12:4)" - ); -} - -$code.=<<___; -.type ChaCha20_512_neon,%function -.align 5 -ChaCha20_512_neon: - .inst 0xd503233f // paciasp - stp x29,x30,[sp,#-96]! - add x29,sp,#0 - - adr @x[0],.Lsigma - stp x19,x20,[sp,#16] - stp x21,x22,[sp,#32] - stp x23,x24,[sp,#48] - stp x25,x26,[sp,#64] - stp x27,x28,[sp,#80] - -.L512_or_more_neon: - sub sp,sp,#128+64 - - eor $ONE,$ONE,$ONE - ldp @d[0],@d[1],[@x[0]] // load sigma - ld1 {@K[0]},[@x[0]],#16 - ldp @d[2],@d[3],[$key] // load key - ldp @d[4],@d[5],[$key,#16] - ld1 {@K[1],@K[2]},[$key] - ldp @d[6],@d[7],[$ctr] // load counter - ld1 {@K[3]},[$ctr] - ld1 {$ONE}[0],[@x[0]] - add $key,@x[0],#16 // .Lrot24 -#ifdef __AARCH64EB__ - rev64 @K[0],@K[0] - ror @d[2],@d[2],#32 - ror @d[3],@d[3],#32 - ror @d[4],@d[4],#32 - ror @d[5],@d[5],#32 - ror @d[6],@d[6],#32 - ror @d[7],@d[7],#32 -#endif - add @K[3],@K[3],$ONE // += 1 - stp @K[0],@K[1],[sp,#0] // off-load key block, invariant part - add @K[3],@K[3],$ONE // not typo - str @K[2],[sp,#32] - add @K[4],@K[3],$ONE - add @K[5],@K[4],$ONE - add @K[6],@K[5],$ONE - shl $ONE,$ONE,#2 // 1 -> 4 - - stp d8,d9,[sp,#128+0] // meet ABI requirements - stp d10,d11,[sp,#128+16] - stp d12,d13,[sp,#128+32] - stp d14,d15,[sp,#128+48] - - sub $len,$len,#512 // not typo - -.Loop_outer_512_neon: - mov $A0,@K[0] - mov $A1,@K[0] - mov $A2,@K[0] - mov $A3,@K[0] - mov $A4,@K[0] - mov $A5,@K[0] - mov $B0,@K[1] - mov.32 @x[0],@d[0] // unpack key block - mov $B1,@K[1] - lsr @x[1],@d[0],#32 - mov $B2,@K[1] - mov.32 @x[2],@d[1] - mov $B3,@K[1] - lsr @x[3],@d[1],#32 - mov $B4,@K[1] - mov.32 @x[4],@d[2] - mov $B5,@K[1] - lsr @x[5],@d[2],#32 - mov $D0,@K[3] - mov.32 @x[6],@d[3] - mov $D1,@K[4] - lsr @x[7],@d[3],#32 - mov $D2,@K[5] - mov.32 @x[8],@d[4] - mov $D3,@K[6] - lsr @x[9],@d[4],#32 - mov $C0,@K[2] - mov.32 @x[10],@d[5] - mov $C1,@K[2] - lsr @x[11],@d[5],#32 - add $D4,$D0,$ONE // +4 - mov.32 @x[12],@d[6] - add $D5,$D1,$ONE // +4 - lsr @x[13],@d[6],#32 - mov $C2,@K[2] - mov.32 @x[14],@d[7] - mov $C3,@K[2] - lsr @x[15],@d[7],#32 - mov $C4,@K[2] - stp @K[3],@K[4],[sp,#48] // off-load key block, variable part - mov $C5,@K[2] - stp @K[5],@K[6],[sp,#80] - - mov $ctr,#5 - ld1 {$rot24},[$key] - subs $len,$len,#512 -.Loop_upper_neon: - sub $ctr,$ctr,#1 -___ - my @thread0=&NEONROUND($A0,$B0,$C0,$D0,$T0,0); - my @thread1=&NEONROUND($A1,$B1,$C1,$D1,$T1,0); - my @thread2=&NEONROUND($A2,$B2,$C2,$D2,$T2,0); - my @thread3=&NEONROUND($A3,$B3,$C3,$D3,$T3,0); - my @thread4=&NEONROUND($A4,$B4,$C4,$D4,$T4,0); - my @thread5=&NEONROUND($A5,$B5,$C5,$D5,$T5,0); - my @thread67=(&ROUND(0,4,8,12),&ROUND(0,5,10,15)); - my $diff = ($#thread0+1)*6 - $#thread67 - 1; - my $i = 0; - - foreach (@thread0) { - eval; eval(shift(@thread67)); - eval(shift(@thread1)); eval(shift(@thread67)); - eval(shift(@thread2)); eval(shift(@thread67)); - eval(shift(@thread3)); eval(shift(@thread67)); - eval(shift(@thread4)); eval(shift(@thread67)); - eval(shift(@thread5)); eval(shift(@thread67)); - } - - @thread0=&NEONROUND($A0,$B0,$C0,$D0,$T0,1); - @thread1=&NEONROUND($A1,$B1,$C1,$D1,$T1,1); - @thread2=&NEONROUND($A2,$B2,$C2,$D2,$T2,1); - @thread3=&NEONROUND($A3,$B3,$C3,$D3,$T3,1); - @thread4=&NEONROUND($A4,$B4,$C4,$D4,$T4,1); - @thread5=&NEONROUND($A5,$B5,$C5,$D5,$T5,1); - @thread67=(&ROUND(0,4,8,12),&ROUND(0,5,10,15)); - - foreach (@thread0) { - eval; eval(shift(@thread67)); - eval(shift(@thread1)); eval(shift(@thread67)); - eval(shift(@thread2)); eval(shift(@thread67)); - eval(shift(@thread3)); eval(shift(@thread67)); - eval(shift(@thread4)); eval(shift(@thread67)); - eval(shift(@thread5)); eval(shift(@thread67)); - } -$code.=<<___; - cbnz $ctr,.Loop_upper_neon - - add.32 @x[0],@x[0],@d[0] // accumulate key block - add @x[1],@x[1],@d[0],lsr#32 - add.32 @x[2],@x[2],@d[1] - add @x[3],@x[3],@d[1],lsr#32 - add.32 @x[4],@x[4],@d[2] - add @x[5],@x[5],@d[2],lsr#32 - add.32 @x[6],@x[6],@d[3] - add @x[7],@x[7],@d[3],lsr#32 - add.32 @x[8],@x[8],@d[4] - add @x[9],@x[9],@d[4],lsr#32 - add.32 @x[10],@x[10],@d[5] - add @x[11],@x[11],@d[5],lsr#32 - add.32 @x[12],@x[12],@d[6] - add @x[13],@x[13],@d[6],lsr#32 - add.32 @x[14],@x[14],@d[7] - add @x[15],@x[15],@d[7],lsr#32 - - add @x[0],@x[0],@x[1],lsl#32 // pack - add @x[2],@x[2],@x[3],lsl#32 - ldp @x[1],@x[3],[$inp,#0] // load input - add @x[4],@x[4],@x[5],lsl#32 - add @x[6],@x[6],@x[7],lsl#32 - ldp @x[5],@x[7],[$inp,#16] - add @x[8],@x[8],@x[9],lsl#32 - add @x[10],@x[10],@x[11],lsl#32 - ldp @x[9],@x[11],[$inp,#32] - add @x[12],@x[12],@x[13],lsl#32 - add @x[14],@x[14],@x[15],lsl#32 - ldp @x[13],@x[15],[$inp,#48] - add $inp,$inp,#64 -#ifdef __AARCH64EB__ - rev @x[0],@x[0] - rev @x[2],@x[2] - rev @x[4],@x[4] - rev @x[6],@x[6] - rev @x[8],@x[8] - rev @x[10],@x[10] - rev @x[12],@x[12] - rev @x[14],@x[14] -#endif - eor @x[0],@x[0],@x[1] - eor @x[2],@x[2],@x[3] - eor @x[4],@x[4],@x[5] - eor @x[6],@x[6],@x[7] - eor @x[8],@x[8],@x[9] - eor @x[10],@x[10],@x[11] - eor @x[12],@x[12],@x[13] - eor @x[14],@x[14],@x[15] - - stp @x[0],@x[2],[$out,#0] // store output - add @d[6],@d[6],#1 // increment counter - mov.32 @x[0],@d[0] // unpack key block - lsr @x[1],@d[0],#32 - stp @x[4],@x[6],[$out,#16] - mov.32 @x[2],@d[1] - lsr @x[3],@d[1],#32 - stp @x[8],@x[10],[$out,#32] - mov.32 @x[4],@d[2] - lsr @x[5],@d[2],#32 - stp @x[12],@x[14],[$out,#48] - add $out,$out,#64 - mov.32 @x[6],@d[3] - lsr @x[7],@d[3],#32 - mov.32 @x[8],@d[4] - lsr @x[9],@d[4],#32 - mov.32 @x[10],@d[5] - lsr @x[11],@d[5],#32 - mov.32 @x[12],@d[6] - lsr @x[13],@d[6],#32 - mov.32 @x[14],@d[7] - lsr @x[15],@d[7],#32 - - mov $ctr,#5 -.Loop_lower_neon: - sub $ctr,$ctr,#1 -___ - @thread0=&NEONROUND($A0,$B0,$C0,$D0,$T0,0); - @thread1=&NEONROUND($A1,$B1,$C1,$D1,$T1,0); - @thread2=&NEONROUND($A2,$B2,$C2,$D2,$T2,0); - @thread3=&NEONROUND($A3,$B3,$C3,$D3,$T3,0); - @thread4=&NEONROUND($A4,$B4,$C4,$D4,$T4,0); - @thread5=&NEONROUND($A5,$B5,$C5,$D5,$T5,0); - @thread67=(&ROUND(0,4,8,12),&ROUND(0,5,10,15)); - - foreach (@thread0) { - eval; eval(shift(@thread67)); - eval(shift(@thread1)); eval(shift(@thread67)); - eval(shift(@thread2)); eval(shift(@thread67)); - eval(shift(@thread3)); eval(shift(@thread67)); - eval(shift(@thread4)); eval(shift(@thread67)); - eval(shift(@thread5)); eval(shift(@thread67)); - } - - @thread0=&NEONROUND($A0,$B0,$C0,$D0,$T0,1); - @thread1=&NEONROUND($A1,$B1,$C1,$D1,$T1,1); - @thread2=&NEONROUND($A2,$B2,$C2,$D2,$T2,1); - @thread3=&NEONROUND($A3,$B3,$C3,$D3,$T3,1); - @thread4=&NEONROUND($A4,$B4,$C4,$D4,$T4,1); - @thread5=&NEONROUND($A5,$B5,$C5,$D5,$T5,1); - @thread67=(&ROUND(0,4,8,12),&ROUND(0,5,10,15)); - - foreach (@thread0) { - eval; eval(shift(@thread67)); - eval(shift(@thread1)); eval(shift(@thread67)); - eval(shift(@thread2)); eval(shift(@thread67)); - eval(shift(@thread3)); eval(shift(@thread67)); - eval(shift(@thread4)); eval(shift(@thread67)); - eval(shift(@thread5)); eval(shift(@thread67)); - } -$code.=<<___; - cbnz $ctr,.Loop_lower_neon - - add.32 @x[0],@x[0],@d[0] // accumulate key block - ldp @K[0],@K[1],[sp,#0] - add @x[1],@x[1],@d[0],lsr#32 - ldp @K[2],@K[3],[sp,#32] - add.32 @x[2],@x[2],@d[1] - ldp @K[4],@K[5],[sp,#64] - add @x[3],@x[3],@d[1],lsr#32 - ldr @K[6],[sp,#96] - add $A0,$A0,@K[0] - add.32 @x[4],@x[4],@d[2] - add $A1,$A1,@K[0] - add @x[5],@x[5],@d[2],lsr#32 - add $A2,$A2,@K[0] - add.32 @x[6],@x[6],@d[3] - add $A3,$A3,@K[0] - add @x[7],@x[7],@d[3],lsr#32 - add $A4,$A4,@K[0] - add.32 @x[8],@x[8],@d[4] - add $A5,$A5,@K[0] - add @x[9],@x[9],@d[4],lsr#32 - add $C0,$C0,@K[2] - add.32 @x[10],@x[10],@d[5] - add $C1,$C1,@K[2] - add @x[11],@x[11],@d[5],lsr#32 - add $C2,$C2,@K[2] - add.32 @x[12],@x[12],@d[6] - add $C3,$C3,@K[2] - add @x[13],@x[13],@d[6],lsr#32 - add $C4,$C4,@K[2] - add.32 @x[14],@x[14],@d[7] - add $C5,$C5,@K[2] - add @x[15],@x[15],@d[7],lsr#32 - add $D4,$D4,$ONE // +4 - add @x[0],@x[0],@x[1],lsl#32 // pack - add $D5,$D5,$ONE // +4 - add @x[2],@x[2],@x[3],lsl#32 - add $D0,$D0,@K[3] - ldp @x[1],@x[3],[$inp,#0] // load input - add $D1,$D1,@K[4] - add @x[4],@x[4],@x[5],lsl#32 - add $D2,$D2,@K[5] - add @x[6],@x[6],@x[7],lsl#32 - add $D3,$D3,@K[6] - ldp @x[5],@x[7],[$inp,#16] - add $D4,$D4,@K[3] - add @x[8],@x[8],@x[9],lsl#32 - add $D5,$D5,@K[4] - add @x[10],@x[10],@x[11],lsl#32 - add $B0,$B0,@K[1] - ldp @x[9],@x[11],[$inp,#32] - add $B1,$B1,@K[1] - add @x[12],@x[12],@x[13],lsl#32 - add $B2,$B2,@K[1] - add @x[14],@x[14],@x[15],lsl#32 - add $B3,$B3,@K[1] - ldp @x[13],@x[15],[$inp,#48] - add $B4,$B4,@K[1] - add $inp,$inp,#64 - add $B5,$B5,@K[1] - -#ifdef __AARCH64EB__ - rev @x[0],@x[0] - rev @x[2],@x[2] - rev @x[4],@x[4] - rev @x[6],@x[6] - rev @x[8],@x[8] - rev @x[10],@x[10] - rev @x[12],@x[12] - rev @x[14],@x[14] -#endif - ld1.8 {$T0-$T3},[$inp],#64 - eor @x[0],@x[0],@x[1] - eor @x[2],@x[2],@x[3] - eor @x[4],@x[4],@x[5] - eor @x[6],@x[6],@x[7] - eor @x[8],@x[8],@x[9] - eor $A0,$A0,$T0 - eor @x[10],@x[10],@x[11] - eor $B0,$B0,$T1 - eor @x[12],@x[12],@x[13] - eor $C0,$C0,$T2 - eor @x[14],@x[14],@x[15] - eor $D0,$D0,$T3 - ld1.8 {$T0-$T3},[$inp],#64 - - stp @x[0],@x[2],[$out,#0] // store output - add @d[6],@d[6],#7 // increment counter - stp @x[4],@x[6],[$out,#16] - stp @x[8],@x[10],[$out,#32] - stp @x[12],@x[14],[$out,#48] - add $out,$out,#64 - st1.8 {$A0-$D0},[$out],#64 - - ld1.8 {$A0-$D0},[$inp],#64 - eor $A1,$A1,$T0 - eor $B1,$B1,$T1 - eor $C1,$C1,$T2 - eor $D1,$D1,$T3 - st1.8 {$A1-$D1},[$out],#64 - - ld1.8 {$A1-$D1},[$inp],#64 - eor $A2,$A2,$A0 - ldp @K[0],@K[1],[sp,#0] - eor $B2,$B2,$B0 - ldp @K[2],@K[3],[sp,#32] - eor $C2,$C2,$C0 - eor $D2,$D2,$D0 - st1.8 {$A2-$D2},[$out],#64 - - ld1.8 {$A2-$D2},[$inp],#64 - eor $A3,$A3,$A1 - eor $B3,$B3,$B1 - eor $C3,$C3,$C1 - eor $D3,$D3,$D1 - st1.8 {$A3-$D3},[$out],#64 - - ld1.8 {$A3-$D3},[$inp],#64 - eor $A4,$A4,$A2 - eor $B4,$B4,$B2 - eor $C4,$C4,$C2 - eor $D4,$D4,$D2 - st1.8 {$A4-$D4},[$out],#64 - - shl $A0,$ONE,#1 // 4 -> 8 - eor $A5,$A5,$A3 - eor $B5,$B5,$B3 - eor $C5,$C5,$C3 - eor $D5,$D5,$D3 - st1.8 {$A5-$D5},[$out],#64 - - add @K[3],@K[3],$A0 // += 8 - add @K[4],@K[4],$A0 - add @K[5],@K[5],$A0 - add @K[6],@K[6],$A0 - - b.hs .Loop_outer_512_neon - - adds $len,$len,#512 - ushr $ONE,$ONE,#1 // 4 -> 2 - - ldp d10,d11,[sp,#128+16] // meet ABI requirements - ldp d12,d13,[sp,#128+32] - ldp d14,d15,[sp,#128+48] - - stp @K[0],@K[0],[sp,#0] // wipe off-load area - stp @K[0],@K[0],[sp,#32] - stp @K[0],@K[0],[sp,#64] - - b.eq .Ldone_512_neon - - sub $key,$key,#16 // .Lone - cmp $len,#192 - add sp,sp,#128 - sub @K[3],@K[3],$ONE // -= 2 - ld1 {$CTR,$ROT24},[$key] - b.hs .Loop_outer_neon - - ldp d8,d9,[sp,#0] // meet ABI requirements - eor @K[1],@K[1],@K[1] - eor @K[2],@K[2],@K[2] - eor @K[3],@K[3],@K[3] - eor @K[4],@K[4],@K[4] - eor @K[5],@K[5],@K[5] - eor @K[6],@K[6],@K[6] - b .Loop_outer - -.Ldone_512_neon: - ldp d8,d9,[sp,#128+0] // meet ABI requirements - ldp x19,x20,[x29,#16] - add sp,sp,#128+64 - ldp x21,x22,[x29,#32] - ldp x23,x24,[x29,#48] - ldp x25,x26,[x29,#64] - ldp x27,x28,[x29,#80] - ldp x29,x30,[sp],#96 - .inst 0xd50323bf // autiasp - ret -.size ChaCha20_512_neon,.-ChaCha20_512_neon -___ -} -}}} - -foreach (split("\n",$code)) { - s/\`([^\`]*)\`/eval $1/geo; - - (s/\b([a-z]+)\.32\b/$1/ and (s/x([0-9]+)/w$1/g or 1)) or - (m/\b(eor|ext|mov|tbl)\b/ and (s/\.4s/\.16b/g or 1)) or - (s/\b((?:ld|st)1)\.8\b/$1/ and (s/\.4s/\.16b/g or 1)) or - (m/\b(ld|st)[rp]\b/ and (s/v([0-9]+)\.4s/q$1/g or 1)) or - (m/\b(dup|ld1)\b/ and (s/\.4(s}?\[[0-3]\])/.$1/g or 1)) or - (s/\b(zip[12])\.64\b/$1/ and (s/\.4s/\.2d/g or 1)) or - (s/\brev32\.16\b/rev32/ and (s/\.4s/\.8h/g or 1)); - - #s/\bq([0-9]+)#(lo|hi)/sprintf "d%d",2*$1+($2 eq "hi")/geo; - - print $_,"\n"; -} -close STDOUT or die "error closing STDOUT: $!"; # flush diff --git a/crypto/chacha/asm/chacha-c64xplus.pl b/crypto/chacha/asm/chacha-c64xplus.pl deleted file mode 100755 index a10f7c0aff3f5154073c3c30a6d62b8093fdaed5..0000000000000000000000000000000000000000 --- a/crypto/chacha/asm/chacha-c64xplus.pl +++ /dev/null @@ -1,925 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - -# -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# ==================================================================== -# -# ChaCha20 for C64x+. -# -# October 2015 -# -# Performance is 3.54 cycles per processed byte, which is ~4.3 times -# faster than code generated by TI compiler. Compiler also disables -# interrupts for some reason, thus making interrupt response time -# dependent on input length. This module on the other hand is free -# from such limitation. - -$output=pop and open STDOUT,">$output"; - -($OUT,$INP,$LEN,$KEYB,$COUNTERA)=("A4","B4","A6","B6","A8"); -($KEYA,$COUNTERB,$STEP)=("A7","B7","A3"); - -@X= ("A16","B16","A17","B17","A18","B18","A19","B19", - "A20","B20","A21","B21","A22","B22","A23","B23"); -@Y= ("A24","B24","A25","B25","A26","B26","A27","B27", - "A28","B28","A29","B29","A30","B30","A31","B31"); -@DAT=("A6", "A7", "B6", "B7", "A8", "A9", "B8", "B9", - "A10","A11","B10","B11","A12","A13","B12","B13"); - -# yes, overlaps with @DAT, used only in 2x interleave code path... -@K2x=("A6", "B6", "A7", "B7", "A8", "B8", "A9", "B9", - "A10","B10","A11","B11","A2", "B2", "A13","B13"); - -$code.=<<___; - .text - - .if .ASSEMBLER_VERSION<7000000 - .asg 0,__TI_EABI__ - .endif - .if __TI_EABI__ - .asg ChaCha20_ctr32,_ChaCha20_ctr32 - .endif - - .asg B3,RA - .asg A15,FP - .asg B15,SP - - .global _ChaCha20_ctr32 - .align 32 -_ChaCha20_ctr32: - .asmfunc stack_usage(40+64) - MV $LEN,A0 ; reassign - [!A0] BNOP RA ; no data -|| [A0] STW FP,*SP--(40+64) ; save frame pointer and alloca(40+64) -|| [A0] MV SP,FP - [A0] STDW B13:B12,*SP[4+8] ; ABI says so -|| [A0] MV $KEYB,$KEYA -|| [A0] MV $COUNTERA,$COUNTERB - [A0] STDW B11:B10,*SP[3+8] -|| [A0] STDW A13:A12,*FP[-3] - [A0] STDW A11:A10,*FP[-4] -|| [A0] MVK 128,$STEP ; 2 * input block size - - [A0] LDW *${KEYA}[0],@Y[4] ; load key -|| [A0] LDW *${KEYB}[1],@Y[5] -|| [A0] MVK 0x00007865,@Y[0] ; synthesize sigma -|| [A0] MVK 0x0000646e,@Y[1] - [A0] LDW *${KEYA}[2],@Y[6] -|| [A0] LDW *${KEYB}[3],@Y[7] -|| [A0] MVKH 0x61700000,@Y[0] -|| [A0] MVKH 0x33200000,@Y[1] - LDW *${KEYA}[4],@Y[8] -|| LDW *${KEYB}[5],@Y[9] -|| MVK 0x00002d32,@Y[2] -|| MVK 0x00006574,@Y[3] - LDW *${KEYA}[6],@Y[10] -|| LDW *${KEYB}[7],@Y[11] -|| MVKH 0x79620000,@Y[2] -|| MVKH 0x6b200000,@Y[3] - LDW *${COUNTERA}[0],@Y[12] ; load counter||nonce -|| LDW *${COUNTERB}[1],@Y[13] -|| CMPLTU A0,$STEP,A1 ; is length < 2*blocks? - LDW *${COUNTERA}[2],@Y[14] -|| LDW *${COUNTERB}[3],@Y[15] -|| [A1] BNOP top1x? - [A1] MVK 64,$STEP ; input block size -|| MVK 10,B0 ; inner loop counter - - DMV @Y[2],@Y[0],@X[2]:@X[0] ; copy block -|| DMV @Y[3],@Y[1],@X[3]:@X[1] -||[!A1] STDW @Y[2]:@Y[0],*FP[-12] ; offload key material to stack -||[!A1] STDW @Y[3]:@Y[1],*SP[2] - DMV @Y[6],@Y[4],@X[6]:@X[4] -|| DMV @Y[7],@Y[5],@X[7]:@X[5] -||[!A1] STDW @Y[6]:@Y[4],*FP[-10] -||[!A1] STDW @Y[7]:@Y[5],*SP[4] - DMV @Y[10],@Y[8],@X[10]:@X[8] -|| DMV @Y[11],@Y[9],@X[11]:@X[9] -||[!A1] STDW @Y[10]:@Y[8],*FP[-8] -||[!A1] STDW @Y[11]:@Y[9],*SP[6] - DMV @Y[14],@Y[12],@X[14]:@X[12] -|| DMV @Y[15],@Y[13],@X[15]:@X[13] -||[!A1] MV @Y[12],@K2x[12] ; counter -||[!A1] MV @Y[13],@K2x[13] -||[!A1] STW @Y[14],*FP[-6*2] -||[!A1] STW @Y[15],*SP[8*2] -___ -{ ################################################################ - # 2x interleave gives 50% performance improvement - # -my ($a0,$a1,$a2,$a3) = (0..3); -my ($b0,$b1,$b2,$b3) = (4..7); -my ($c0,$c1,$c2,$c3) = (8..11); -my ($d0,$d1,$d2,$d3) = (12..15); - -$code.=<<___; -outer2x?: - ADD @X[$b1],@X[$a1],@X[$a1] -|| ADD @X[$b2],@X[$a2],@X[$a2] -|| ADD @X[$b0],@X[$a0],@X[$a0] -|| ADD @X[$b3],@X[$a3],@X[$a3] -|| DMV @Y[2],@Y[0],@K2x[2]:@K2x[0] -|| DMV @Y[3],@Y[1],@K2x[3]:@K2x[1] - XOR @X[$a1],@X[$d1],@X[$d1] -|| XOR @X[$a2],@X[$d2],@X[$d2] -|| XOR @X[$a0],@X[$d0],@X[$d0] -|| XOR @X[$a3],@X[$d3],@X[$d3] -|| DMV @Y[6],@Y[4],@K2x[6]:@K2x[4] -|| DMV @Y[7],@Y[5],@K2x[7]:@K2x[5] - SWAP2 @X[$d1],@X[$d1] ; rotate by 16 -|| SWAP2 @X[$d2],@X[$d2] -|| SWAP2 @X[$d0],@X[$d0] -|| SWAP2 @X[$d3],@X[$d3] - - ADD @X[$d1],@X[$c1],@X[$c1] -|| ADD @X[$d2],@X[$c2],@X[$c2] -|| ADD @X[$d0],@X[$c0],@X[$c0] -|| ADD @X[$d3],@X[$c3],@X[$c3] -|| DMV @Y[10],@Y[8],@K2x[10]:@K2x[8] -|| DMV @Y[11],@Y[9],@K2x[11]:@K2x[9] - XOR @X[$c1],@X[$b1],@X[$b1] -|| XOR @X[$c2],@X[$b2],@X[$b2] -|| XOR @X[$c0],@X[$b0],@X[$b0] -|| XOR @X[$c3],@X[$b3],@X[$b3] -|| ADD 1,@Y[12],@Y[12] ; adjust counter for 2nd block - ROTL @X[$b1],12,@X[$b1] -|| ROTL @X[$b2],12,@X[$b2] -|| MV @Y[14],@K2x[14] -|| MV @Y[15],@K2x[15] -top2x?: - ROTL @X[$b0],12,@X[$b0] -|| ROTL @X[$b3],12,@X[$b3] -|| ADD @Y[$b1],@Y[$a1],@Y[$a1] -|| ADD @Y[$b2],@Y[$a2],@Y[$a2] - ADD @Y[$b0],@Y[$a0],@Y[$a0] -|| ADD @Y[$b3],@Y[$a3],@Y[$a3] - -|| ADD @X[$b1],@X[$a1],@X[$a1] -|| ADD @X[$b2],@X[$a2],@X[$a2] -|| XOR @Y[$a1],@Y[$d1],@Y[$d1] -|| XOR @Y[$a2],@Y[$d2],@Y[$d2] - XOR @Y[$a0],@Y[$d0],@Y[$d0] -|| XOR @Y[$a3],@Y[$d3],@Y[$d3] -|| ADD @X[$b0],@X[$a0],@X[$a0] -|| ADD @X[$b3],@X[$a3],@X[$a3] -|| XOR @X[$a1],@X[$d1],@X[$d1] -|| XOR @X[$a2],@X[$d2],@X[$d2] - XOR @X[$a0],@X[$d0],@X[$d0] -|| XOR @X[$a3],@X[$d3],@X[$d3] -|| ROTL @X[$d1],8,@X[$d1] -|| ROTL @X[$d2],8,@X[$d2] -|| SWAP2 @Y[$d1],@Y[$d1] ; rotate by 16 -|| SWAP2 @Y[$d2],@Y[$d2] -|| SWAP2 @Y[$d0],@Y[$d0] -|| SWAP2 @Y[$d3],@Y[$d3] - ROTL @X[$d0],8,@X[$d0] -|| ROTL @X[$d3],8,@X[$d3] -|| ADD @Y[$d1],@Y[$c1],@Y[$c1] -|| ADD @Y[$d2],@Y[$c2],@Y[$c2] -|| ADD @Y[$d0],@Y[$c0],@Y[$c0] -|| ADD @Y[$d3],@Y[$c3],@Y[$c3] -|| BNOP middle2x1? ; protect from interrupt - - ADD @X[$d1],@X[$c1],@X[$c1] -|| ADD @X[$d2],@X[$c2],@X[$c2] -|| XOR @Y[$c1],@Y[$b1],@Y[$b1] -|| XOR @Y[$c2],@Y[$b2],@Y[$b2] -|| XOR @Y[$c0],@Y[$b0],@Y[$b0] -|| XOR @Y[$c3],@Y[$b3],@Y[$b3] - ADD @X[$d0],@X[$c0],@X[$c0] -|| ADD @X[$d3],@X[$c3],@X[$c3] -|| XOR @X[$c1],@X[$b1],@X[$b1] -|| XOR @X[$c2],@X[$b2],@X[$b2] -|| ROTL @X[$d1],0,@X[$d2] ; moved to avoid cross-path stall -|| ROTL @X[$d2],0,@X[$d3] - XOR @X[$c0],@X[$b0],@X[$b0] -|| XOR @X[$c3],@X[$b3],@X[$b3] -|| MV @X[$d0],@X[$d1] -|| MV @X[$d3],@X[$d0] -|| ROTL @Y[$b1],12,@Y[$b1] -|| ROTL @Y[$b2],12,@Y[$b2] - ROTL @X[$b1],7,@X[$b0] ; avoided cross-path stall -|| ROTL @X[$b2],7,@X[$b1] - ROTL @X[$b0],7,@X[$b3] -|| ROTL @X[$b3],7,@X[$b2] -middle2x1?: - - ROTL @Y[$b0],12,@Y[$b0] -|| ROTL @Y[$b3],12,@Y[$b3] -|| ADD @X[$b0],@X[$a0],@X[$a0] -|| ADD @X[$b1],@X[$a1],@X[$a1] - ADD @X[$b2],@X[$a2],@X[$a2] -|| ADD @X[$b3],@X[$a3],@X[$a3] - -|| ADD @Y[$b1],@Y[$a1],@Y[$a1] -|| ADD @Y[$b2],@Y[$a2],@Y[$a2] -|| XOR @X[$a0],@X[$d0],@X[$d0] -|| XOR @X[$a1],@X[$d1],@X[$d1] - XOR @X[$a2],@X[$d2],@X[$d2] -|| XOR @X[$a3],@X[$d3],@X[$d3] -|| ADD @Y[$b0],@Y[$a0],@Y[$a0] -|| ADD @Y[$b3],@Y[$a3],@Y[$a3] -|| XOR @Y[$a1],@Y[$d1],@Y[$d1] -|| XOR @Y[$a2],@Y[$d2],@Y[$d2] - XOR @Y[$a0],@Y[$d0],@Y[$d0] -|| XOR @Y[$a3],@Y[$d3],@Y[$d3] -|| ROTL @Y[$d1],8,@Y[$d1] -|| ROTL @Y[$d2],8,@Y[$d2] -|| SWAP2 @X[$d0],@X[$d0] ; rotate by 16 -|| SWAP2 @X[$d1],@X[$d1] -|| SWAP2 @X[$d2],@X[$d2] -|| SWAP2 @X[$d3],@X[$d3] - ROTL @Y[$d0],8,@Y[$d0] -|| ROTL @Y[$d3],8,@Y[$d3] -|| ADD @X[$d0],@X[$c2],@X[$c2] -|| ADD @X[$d1],@X[$c3],@X[$c3] -|| ADD @X[$d2],@X[$c0],@X[$c0] -|| ADD @X[$d3],@X[$c1],@X[$c1] -|| BNOP middle2x2? ; protect from interrupt - - ADD @Y[$d1],@Y[$c1],@Y[$c1] -|| ADD @Y[$d2],@Y[$c2],@Y[$c2] -|| XOR @X[$c2],@X[$b0],@X[$b0] -|| XOR @X[$c3],@X[$b1],@X[$b1] -|| XOR @X[$c0],@X[$b2],@X[$b2] -|| XOR @X[$c1],@X[$b3],@X[$b3] - ADD @Y[$d0],@Y[$c0],@Y[$c0] -|| ADD @Y[$d3],@Y[$c3],@Y[$c3] -|| XOR @Y[$c1],@Y[$b1],@Y[$b1] -|| XOR @Y[$c2],@Y[$b2],@Y[$b2] -|| ROTL @Y[$d1],0,@Y[$d2] ; moved to avoid cross-path stall -|| ROTL @Y[$d2],0,@Y[$d3] - XOR @Y[$c0],@Y[$b0],@Y[$b0] -|| XOR @Y[$c3],@Y[$b3],@Y[$b3] -|| MV @Y[$d0],@Y[$d1] -|| MV @Y[$d3],@Y[$d0] -|| ROTL @X[$b0],12,@X[$b0] -|| ROTL @X[$b1],12,@X[$b1] - ROTL @Y[$b1],7,@Y[$b0] ; avoided cross-path stall -|| ROTL @Y[$b2],7,@Y[$b1] - ROTL @Y[$b0],7,@Y[$b3] -|| ROTL @Y[$b3],7,@Y[$b2] -middle2x2?: - - ROTL @X[$b2],12,@X[$b2] -|| ROTL @X[$b3],12,@X[$b3] -|| ADD @Y[$b0],@Y[$a0],@Y[$a0] -|| ADD @Y[$b1],@Y[$a1],@Y[$a1] - ADD @Y[$b2],@Y[$a2],@Y[$a2] -|| ADD @Y[$b3],@Y[$a3],@Y[$a3] - -|| ADD @X[$b0],@X[$a0],@X[$a0] -|| ADD @X[$b1],@X[$a1],@X[$a1] -|| XOR @Y[$a0],@Y[$d0],@Y[$d0] -|| XOR @Y[$a1],@Y[$d1],@Y[$d1] - XOR @Y[$a2],@Y[$d2],@Y[$d2] -|| XOR @Y[$a3],@Y[$d3],@Y[$d3] -|| ADD @X[$b2],@X[$a2],@X[$a2] -|| ADD @X[$b3],@X[$a3],@X[$a3] -|| XOR @X[$a0],@X[$d0],@X[$d0] -|| XOR @X[$a1],@X[$d1],@X[$d1] - XOR @X[$a2],@X[$d2],@X[$d2] -|| XOR @X[$a3],@X[$d3],@X[$d3] -|| ROTL @X[$d0],8,@X[$d0] -|| ROTL @X[$d1],8,@X[$d1] -|| SWAP2 @Y[$d0],@Y[$d0] ; rotate by 16 -|| SWAP2 @Y[$d1],@Y[$d1] -|| SWAP2 @Y[$d2],@Y[$d2] -|| SWAP2 @Y[$d3],@Y[$d3] - ROTL @X[$d2],8,@X[$d2] -|| ROTL @X[$d3],8,@X[$d3] -|| ADD @Y[$d0],@Y[$c2],@Y[$c2] -|| ADD @Y[$d1],@Y[$c3],@Y[$c3] -|| ADD @Y[$d2],@Y[$c0],@Y[$c0] -|| ADD @Y[$d3],@Y[$c1],@Y[$c1] -|| BNOP bottom2x1? ; protect from interrupt - - ADD @X[$d0],@X[$c2],@X[$c2] -|| ADD @X[$d1],@X[$c3],@X[$c3] -|| XOR @Y[$c2],@Y[$b0],@Y[$b0] -|| XOR @Y[$c3],@Y[$b1],@Y[$b1] -|| XOR @Y[$c0],@Y[$b2],@Y[$b2] -|| XOR @Y[$c1],@Y[$b3],@Y[$b3] - ADD @X[$d2],@X[$c0],@X[$c0] -|| ADD @X[$d3],@X[$c1],@X[$c1] -|| XOR @X[$c2],@X[$b0],@X[$b0] -|| XOR @X[$c3],@X[$b1],@X[$b1] -|| ROTL @X[$d0],0,@X[$d3] ; moved to avoid cross-path stall -|| ROTL @X[$d1],0,@X[$d0] - XOR @X[$c0],@X[$b2],@X[$b2] -|| XOR @X[$c1],@X[$b3],@X[$b3] -|| MV @X[$d2],@X[$d1] -|| MV @X[$d3],@X[$d2] -|| ROTL @Y[$b0],12,@Y[$b0] -|| ROTL @Y[$b1],12,@Y[$b1] - ROTL @X[$b0],7,@X[$b1] ; avoided cross-path stall -|| ROTL @X[$b1],7,@X[$b2] - ROTL @X[$b2],7,@X[$b3] -|| ROTL @X[$b3],7,@X[$b0] -|| [B0] SUB B0,1,B0 ; decrement inner loop counter -bottom2x1?: - - ROTL @Y[$b2],12,@Y[$b2] -|| ROTL @Y[$b3],12,@Y[$b3] -|| [B0] ADD @X[$b1],@X[$a1],@X[$a1] ; modulo-scheduled -|| [B0] ADD @X[$b2],@X[$a2],@X[$a2] - [B0] ADD @X[$b0],@X[$a0],@X[$a0] -|| [B0] ADD @X[$b3],@X[$a3],@X[$a3] - -|| ADD @Y[$b0],@Y[$a0],@Y[$a0] -|| ADD @Y[$b1],@Y[$a1],@Y[$a1] -|| [B0] XOR @X[$a1],@X[$d1],@X[$d1] -|| [B0] XOR @X[$a2],@X[$d2],@X[$d2] - [B0] XOR @X[$a0],@X[$d0],@X[$d0] -|| [B0] XOR @X[$a3],@X[$d3],@X[$d3] -|| ADD @Y[$b2],@Y[$a2],@Y[$a2] -|| ADD @Y[$b3],@Y[$a3],@Y[$a3] -|| XOR @Y[$a0],@Y[$d0],@Y[$d0] -|| XOR @Y[$a1],@Y[$d1],@Y[$d1] - XOR @Y[$a2],@Y[$d2],@Y[$d2] -|| XOR @Y[$a3],@Y[$d3],@Y[$d3] -|| ROTL @Y[$d0],8,@Y[$d0] -|| ROTL @Y[$d1],8,@Y[$d1] -|| [B0] SWAP2 @X[$d1],@X[$d1] ; rotate by 16 -|| [B0] SWAP2 @X[$d2],@X[$d2] -|| [B0] SWAP2 @X[$d0],@X[$d0] -|| [B0] SWAP2 @X[$d3],@X[$d3] - ROTL @Y[$d2],8,@Y[$d2] -|| ROTL @Y[$d3],8,@Y[$d3] -|| [B0] ADD @X[$d1],@X[$c1],@X[$c1] -|| [B0] ADD @X[$d2],@X[$c2],@X[$c2] -|| [B0] ADD @X[$d0],@X[$c0],@X[$c0] -|| [B0] ADD @X[$d3],@X[$c3],@X[$c3] -|| [B0] BNOP top2x? ; even protects from interrupt - - ADD @Y[$d0],@Y[$c2],@Y[$c2] -|| ADD @Y[$d1],@Y[$c3],@Y[$c3] -|| [B0] XOR @X[$c1],@X[$b1],@X[$b1] -|| [B0] XOR @X[$c2],@X[$b2],@X[$b2] -|| [B0] XOR @X[$c0],@X[$b0],@X[$b0] -|| [B0] XOR @X[$c3],@X[$b3],@X[$b3] - ADD @Y[$d2],@Y[$c0],@Y[$c0] -|| ADD @Y[$d3],@Y[$c1],@Y[$c1] -|| XOR @Y[$c2],@Y[$b0],@Y[$b0] -|| XOR @Y[$c3],@Y[$b1],@Y[$b1] -|| ROTL @Y[$d0],0,@Y[$d3] ; moved to avoid cross-path stall -|| ROTL @Y[$d1],0,@Y[$d0] - XOR @Y[$c0],@Y[$b2],@Y[$b2] -|| XOR @Y[$c1],@Y[$b3],@Y[$b3] -|| MV @Y[$d2],@Y[$d1] -|| MV @Y[$d3],@Y[$d2] -|| [B0] ROTL @X[$b1],12,@X[$b1] -|| [B0] ROTL @X[$b2],12,@X[$b2] - ROTL @Y[$b0],7,@Y[$b1] ; avoided cross-path stall -|| ROTL @Y[$b1],7,@Y[$b2] - ROTL @Y[$b2],7,@Y[$b3] -|| ROTL @Y[$b3],7,@Y[$b0] -bottom2x2?: -___ -} - -$code.=<<___; - ADD @K2x[0],@X[0],@X[0] ; accumulate key material -|| ADD @K2x[1],@X[1],@X[1] -|| ADD @K2x[2],@X[2],@X[2] -|| ADD @K2x[3],@X[3],@X[3] - ADD @K2x[0],@Y[0],@Y[0] -|| ADD @K2x[1],@Y[1],@Y[1] -|| ADD @K2x[2],@Y[2],@Y[2] -|| ADD @K2x[3],@Y[3],@Y[3] -|| LDNDW *${INP}++[8],@DAT[1]:@DAT[0] - ADD @K2x[4],@X[4],@X[4] -|| ADD @K2x[5],@X[5],@X[5] -|| ADD @K2x[6],@X[6],@X[6] -|| ADD @K2x[7],@X[7],@X[7] -|| LDNDW *${INP}[-7],@DAT[3]:@DAT[2] - ADD @K2x[4],@Y[4],@Y[4] -|| ADD @K2x[5],@Y[5],@Y[5] -|| ADD @K2x[6],@Y[6],@Y[6] -|| ADD @K2x[7],@Y[7],@Y[7] -|| LDNDW *${INP}[-6],@DAT[5]:@DAT[4] - ADD @K2x[8],@X[8],@X[8] -|| ADD @K2x[9],@X[9],@X[9] -|| ADD @K2x[10],@X[10],@X[10] -|| ADD @K2x[11],@X[11],@X[11] -|| LDNDW *${INP}[-5],@DAT[7]:@DAT[6] - ADD @K2x[8],@Y[8],@Y[8] -|| ADD @K2x[9],@Y[9],@Y[9] -|| ADD @K2x[10],@Y[10],@Y[10] -|| ADD @K2x[11],@Y[11],@Y[11] -|| LDNDW *${INP}[-4],@DAT[9]:@DAT[8] - ADD @K2x[12],@X[12],@X[12] -|| ADD @K2x[13],@X[13],@X[13] -|| ADD @K2x[14],@X[14],@X[14] -|| ADD @K2x[15],@X[15],@X[15] -|| LDNDW *${INP}[-3],@DAT[11]:@DAT[10] - ADD @K2x[12],@Y[12],@Y[12] -|| ADD @K2x[13],@Y[13],@Y[13] -|| ADD @K2x[14],@Y[14],@Y[14] -|| ADD @K2x[15],@Y[15],@Y[15] -|| LDNDW *${INP}[-2],@DAT[13]:@DAT[12] - ADD 1,@Y[12],@Y[12] ; adjust counter for 2nd block -|| ADD 2,@K2x[12],@K2x[12] ; increment counter -|| LDNDW *${INP}[-1],@DAT[15]:@DAT[14] - - .if .BIG_ENDIAN - SWAP2 @X[0],@X[0] -|| SWAP2 @X[1],@X[1] -|| SWAP2 @X[2],@X[2] -|| SWAP2 @X[3],@X[3] - SWAP2 @X[4],@X[4] -|| SWAP2 @X[5],@X[5] -|| SWAP2 @X[6],@X[6] -|| SWAP2 @X[7],@X[7] - SWAP2 @X[8],@X[8] -|| SWAP2 @X[9],@X[9] -|| SWAP4 @X[0],@X[1] -|| SWAP4 @X[1],@X[0] - SWAP2 @X[10],@X[10] -|| SWAP2 @X[11],@X[11] -|| SWAP4 @X[2],@X[3] -|| SWAP4 @X[3],@X[2] - SWAP2 @X[12],@X[12] -|| SWAP2 @X[13],@X[13] -|| SWAP4 @X[4],@X[5] -|| SWAP4 @X[5],@X[4] - SWAP2 @X[14],@X[14] -|| SWAP2 @X[15],@X[15] -|| SWAP4 @X[6],@X[7] -|| SWAP4 @X[7],@X[6] - SWAP4 @X[8],@X[9] -|| SWAP4 @X[9],@X[8] -|| SWAP2 @Y[0],@Y[0] -|| SWAP2 @Y[1],@Y[1] - SWAP4 @X[10],@X[11] -|| SWAP4 @X[11],@X[10] -|| SWAP2 @Y[2],@Y[2] -|| SWAP2 @Y[3],@Y[3] - SWAP4 @X[12],@X[13] -|| SWAP4 @X[13],@X[12] -|| SWAP2 @Y[4],@Y[4] -|| SWAP2 @Y[5],@Y[5] - SWAP4 @X[14],@X[15] -|| SWAP4 @X[15],@X[14] -|| SWAP2 @Y[6],@Y[6] -|| SWAP2 @Y[7],@Y[7] - SWAP2 @Y[8],@Y[8] -|| SWAP2 @Y[9],@Y[9] -|| SWAP4 @Y[0],@Y[1] -|| SWAP4 @Y[1],@Y[0] - SWAP2 @Y[10],@Y[10] -|| SWAP2 @Y[11],@Y[11] -|| SWAP4 @Y[2],@Y[3] -|| SWAP4 @Y[3],@Y[2] - SWAP2 @Y[12],@Y[12] -|| SWAP2 @Y[13],@Y[13] -|| SWAP4 @Y[4],@Y[5] -|| SWAP4 @Y[5],@Y[4] - SWAP2 @Y[14],@Y[14] -|| SWAP2 @Y[15],@Y[15] -|| SWAP4 @Y[6],@Y[7] -|| SWAP4 @Y[7],@Y[6] - SWAP4 @Y[8],@Y[9] -|| SWAP4 @Y[9],@Y[8] - SWAP4 @Y[10],@Y[11] -|| SWAP4 @Y[11],@Y[10] - SWAP4 @Y[12],@Y[13] -|| SWAP4 @Y[13],@Y[12] - SWAP4 @Y[14],@Y[15] -|| SWAP4 @Y[15],@Y[14] - .endif - - XOR @DAT[0],@X[0],@X[0] ; xor 1st block -|| XOR @DAT[3],@X[3],@X[3] -|| XOR @DAT[2],@X[2],@X[1] -|| XOR @DAT[1],@X[1],@X[2] -|| LDNDW *${INP}++[8],@DAT[1]:@DAT[0] - XOR @DAT[4],@X[4],@X[4] -|| XOR @DAT[7],@X[7],@X[7] -|| LDNDW *${INP}[-7],@DAT[3]:@DAT[2] - XOR @DAT[6],@X[6],@X[5] -|| XOR @DAT[5],@X[5],@X[6] -|| LDNDW *${INP}[-6],@DAT[5]:@DAT[4] - XOR @DAT[8],@X[8],@X[8] -|| XOR @DAT[11],@X[11],@X[11] -|| LDNDW *${INP}[-5],@DAT[7]:@DAT[6] - XOR @DAT[10],@X[10],@X[9] -|| XOR @DAT[9],@X[9],@X[10] -|| LDNDW *${INP}[-4],@DAT[9]:@DAT[8] - XOR @DAT[12],@X[12],@X[12] -|| XOR @DAT[15],@X[15],@X[15] -|| LDNDW *${INP}[-3],@DAT[11]:@DAT[10] - XOR @DAT[14],@X[14],@X[13] -|| XOR @DAT[13],@X[13],@X[14] -|| LDNDW *${INP}[-2],@DAT[13]:@DAT[12] - [A0] SUB A0,$STEP,A0 ; SUB A0,128,A0 -|| LDNDW *${INP}[-1],@DAT[15]:@DAT[14] - - XOR @Y[0],@DAT[0],@DAT[0] ; xor 2nd block -|| XOR @Y[1],@DAT[1],@DAT[1] -|| STNDW @X[2]:@X[0],*${OUT}++[8] - XOR @Y[2],@DAT[2],@DAT[2] -|| XOR @Y[3],@DAT[3],@DAT[3] -|| STNDW @X[3]:@X[1],*${OUT}[-7] - XOR @Y[4],@DAT[4],@DAT[4] -|| [A0] LDDW *FP[-12],@X[2]:@X[0] ; re-load key material from stack -|| [A0] LDDW *SP[2], @X[3]:@X[1] - XOR @Y[5],@DAT[5],@DAT[5] -|| STNDW @X[6]:@X[4],*${OUT}[-6] - XOR @Y[6],@DAT[6],@DAT[6] -|| XOR @Y[7],@DAT[7],@DAT[7] -|| STNDW @X[7]:@X[5],*${OUT}[-5] - XOR @Y[8],@DAT[8],@DAT[8] -|| [A0] LDDW *FP[-10],@X[6]:@X[4] -|| [A0] LDDW *SP[4], @X[7]:@X[5] - XOR @Y[9],@DAT[9],@DAT[9] -|| STNDW @X[10]:@X[8],*${OUT}[-4] - XOR @Y[10],@DAT[10],@DAT[10] -|| XOR @Y[11],@DAT[11],@DAT[11] -|| STNDW @X[11]:@X[9],*${OUT}[-3] - XOR @Y[12],@DAT[12],@DAT[12] -|| [A0] LDDW *FP[-8], @X[10]:@X[8] -|| [A0] LDDW *SP[6], @X[11]:@X[9] - XOR @Y[13],@DAT[13],@DAT[13] -|| STNDW @X[14]:@X[12],*${OUT}[-2] - XOR @Y[14],@DAT[14],@DAT[14] -|| XOR @Y[15],@DAT[15],@DAT[15] -|| STNDW @X[15]:@X[13],*${OUT}[-1] - - [A0] MV @K2x[12],@X[12] -|| [A0] MV @K2x[13],@X[13] -|| [A0] LDW *FP[-6*2], @X[14] -|| [A0] LDW *SP[8*2], @X[15] - - [A0] DMV @X[2],@X[0],@Y[2]:@Y[0] ; duplicate key material -|| STNDW @DAT[1]:@DAT[0],*${OUT}++[8] - [A0] DMV @X[3],@X[1],@Y[3]:@Y[1] -|| STNDW @DAT[3]:@DAT[2],*${OUT}[-7] - [A0] DMV @X[6],@X[4],@Y[6]:@Y[4] -|| STNDW @DAT[5]:@DAT[4],*${OUT}[-6] -|| CMPLTU A0,$STEP,A1 ; is remaining length < 2*blocks? -||[!A0] BNOP epilogue? - [A0] DMV @X[7],@X[5],@Y[7]:@Y[5] -|| STNDW @DAT[7]:@DAT[6],*${OUT}[-5] -||[!A1] BNOP outer2x? - [A0] DMV @X[10],@X[8],@Y[10]:@Y[8] -|| STNDW @DAT[9]:@DAT[8],*${OUT}[-4] - [A0] DMV @X[11],@X[9],@Y[11]:@Y[9] -|| STNDW @DAT[11]:@DAT[10],*${OUT}[-3] - [A0] DMV @X[14],@X[12],@Y[14]:@Y[12] -|| STNDW @DAT[13]:@DAT[12],*${OUT}[-2] - [A0] DMV @X[15],@X[13],@Y[15]:@Y[13] -|| STNDW @DAT[15]:@DAT[14],*${OUT}[-1] -;;===== branch to epilogue? is taken here - [A1] MVK 64,$STEP -|| [A0] MVK 10,B0 ; inner loop counter -;;===== branch to outer2x? is taken here -___ -{ -my ($a0,$a1,$a2,$a3) = (0..3); -my ($b0,$b1,$b2,$b3) = (4..7); -my ($c0,$c1,$c2,$c3) = (8..11); -my ($d0,$d1,$d2,$d3) = (12..15); - -$code.=<<___; -top1x?: - ADD @X[$b1],@X[$a1],@X[$a1] -|| ADD @X[$b2],@X[$a2],@X[$a2] - ADD @X[$b0],@X[$a0],@X[$a0] -|| ADD @X[$b3],@X[$a3],@X[$a3] -|| XOR @X[$a1],@X[$d1],@X[$d1] -|| XOR @X[$a2],@X[$d2],@X[$d2] - XOR @X[$a0],@X[$d0],@X[$d0] -|| XOR @X[$a3],@X[$d3],@X[$d3] -|| SWAP2 @X[$d1],@X[$d1] ; rotate by 16 -|| SWAP2 @X[$d2],@X[$d2] - SWAP2 @X[$d0],@X[$d0] -|| SWAP2 @X[$d3],@X[$d3] - -|| ADD @X[$d1],@X[$c1],@X[$c1] -|| ADD @X[$d2],@X[$c2],@X[$c2] - ADD @X[$d0],@X[$c0],@X[$c0] -|| ADD @X[$d3],@X[$c3],@X[$c3] -|| XOR @X[$c1],@X[$b1],@X[$b1] -|| XOR @X[$c2],@X[$b2],@X[$b2] - XOR @X[$c0],@X[$b0],@X[$b0] -|| XOR @X[$c3],@X[$b3],@X[$b3] -|| ROTL @X[$b1],12,@X[$b1] -|| ROTL @X[$b2],12,@X[$b2] - ROTL @X[$b0],12,@X[$b0] -|| ROTL @X[$b3],12,@X[$b3] - - ADD @X[$b1],@X[$a1],@X[$a1] -|| ADD @X[$b2],@X[$a2],@X[$a2] - ADD @X[$b0],@X[$a0],@X[$a0] -|| ADD @X[$b3],@X[$a3],@X[$a3] -|| XOR @X[$a1],@X[$d1],@X[$d1] -|| XOR @X[$a2],@X[$d2],@X[$d2] - XOR @X[$a0],@X[$d0],@X[$d0] -|| XOR @X[$a3],@X[$d3],@X[$d3] -|| ROTL @X[$d1],8,@X[$d1] -|| ROTL @X[$d2],8,@X[$d2] - ROTL @X[$d0],8,@X[$d0] -|| ROTL @X[$d3],8,@X[$d3] -|| BNOP middle1x? ; protect from interrupt - - ADD @X[$d1],@X[$c1],@X[$c1] -|| ADD @X[$d2],@X[$c2],@X[$c2] - ADD @X[$d0],@X[$c0],@X[$c0] -|| ADD @X[$d3],@X[$c3],@X[$c3] -|| XOR @X[$c1],@X[$b1],@X[$b1] -|| XOR @X[$c2],@X[$b2],@X[$b2] -|| ROTL @X[$d1],0,@X[$d2] ; moved to avoid cross-path stall -|| ROTL @X[$d2],0,@X[$d3] - XOR @X[$c0],@X[$b0],@X[$b0] -|| XOR @X[$c3],@X[$b3],@X[$b3] -|| ROTL @X[$d0],0,@X[$d1] -|| ROTL @X[$d3],0,@X[$d0] - ROTL @X[$b1],7,@X[$b0] ; avoided cross-path stall -|| ROTL @X[$b2],7,@X[$b1] - ROTL @X[$b0],7,@X[$b3] -|| ROTL @X[$b3],7,@X[$b2] -middle1x?: - - ADD @X[$b0],@X[$a0],@X[$a0] -|| ADD @X[$b1],@X[$a1],@X[$a1] - ADD @X[$b2],@X[$a2],@X[$a2] -|| ADD @X[$b3],@X[$a3],@X[$a3] -|| XOR @X[$a0],@X[$d0],@X[$d0] -|| XOR @X[$a1],@X[$d1],@X[$d1] - XOR @X[$a2],@X[$d2],@X[$d2] -|| XOR @X[$a3],@X[$d3],@X[$d3] -|| SWAP2 @X[$d0],@X[$d0] ; rotate by 16 -|| SWAP2 @X[$d1],@X[$d1] - SWAP2 @X[$d2],@X[$d2] -|| SWAP2 @X[$d3],@X[$d3] - -|| ADD @X[$d0],@X[$c2],@X[$c2] -|| ADD @X[$d1],@X[$c3],@X[$c3] - ADD @X[$d2],@X[$c0],@X[$c0] -|| ADD @X[$d3],@X[$c1],@X[$c1] -|| XOR @X[$c2],@X[$b0],@X[$b0] -|| XOR @X[$c3],@X[$b1],@X[$b1] - XOR @X[$c0],@X[$b2],@X[$b2] -|| XOR @X[$c1],@X[$b3],@X[$b3] -|| ROTL @X[$b0],12,@X[$b0] -|| ROTL @X[$b1],12,@X[$b1] - ROTL @X[$b2],12,@X[$b2] -|| ROTL @X[$b3],12,@X[$b3] - - ADD @X[$b0],@X[$a0],@X[$a0] -|| ADD @X[$b1],@X[$a1],@X[$a1] -|| [B0] SUB B0,1,B0 ; decrement inner loop counter - ADD @X[$b2],@X[$a2],@X[$a2] -|| ADD @X[$b3],@X[$a3],@X[$a3] -|| XOR @X[$a0],@X[$d0],@X[$d0] -|| XOR @X[$a1],@X[$d1],@X[$d1] - XOR @X[$a2],@X[$d2],@X[$d2] -|| XOR @X[$a3],@X[$d3],@X[$d3] -|| ROTL @X[$d0],8,@X[$d0] -|| ROTL @X[$d1],8,@X[$d1] - ROTL @X[$d2],8,@X[$d2] -|| ROTL @X[$d3],8,@X[$d3] -|| [B0] BNOP top1x? ; even protects from interrupt - - ADD @X[$d0],@X[$c2],@X[$c2] -|| ADD @X[$d1],@X[$c3],@X[$c3] - ADD @X[$d2],@X[$c0],@X[$c0] -|| ADD @X[$d3],@X[$c1],@X[$c1] -|| XOR @X[$c2],@X[$b0],@X[$b0] -|| XOR @X[$c3],@X[$b1],@X[$b1] -|| ROTL @X[$d0],0,@X[$d3] ; moved to avoid cross-path stall -|| ROTL @X[$d1],0,@X[$d0] - XOR @X[$c0],@X[$b2],@X[$b2] -|| XOR @X[$c1],@X[$b3],@X[$b3] -|| ROTL @X[$d2],0,@X[$d1] -|| ROTL @X[$d3],0,@X[$d2] - ROTL @X[$b0],7,@X[$b1] ; avoided cross-path stall -|| ROTL @X[$b1],7,@X[$b2] - ROTL @X[$b2],7,@X[$b3] -|| ROTL @X[$b3],7,@X[$b0] -||[!B0] CMPLTU A0,$STEP,A1 ; less than 64 bytes left? -bottom1x?: -___ -} - -$code.=<<___; - ADD @Y[0],@X[0],@X[0] ; accumulate key material -|| ADD @Y[1],@X[1],@X[1] -|| ADD @Y[2],@X[2],@X[2] -|| ADD @Y[3],@X[3],@X[3] -||[!A1] LDNDW *${INP}++[8],@DAT[1]:@DAT[0] -|| [A1] BNOP tail? - ADD @Y[4],@X[4],@X[4] -|| ADD @Y[5],@X[5],@X[5] -|| ADD @Y[6],@X[6],@X[6] -|| ADD @Y[7],@X[7],@X[7] -||[!A1] LDNDW *${INP}[-7],@DAT[3]:@DAT[2] - ADD @Y[8],@X[8],@X[8] -|| ADD @Y[9],@X[9],@X[9] -|| ADD @Y[10],@X[10],@X[10] -|| ADD @Y[11],@X[11],@X[11] -||[!A1] LDNDW *${INP}[-6],@DAT[5]:@DAT[4] - ADD @Y[12],@X[12],@X[12] -|| ADD @Y[13],@X[13],@X[13] -|| ADD @Y[14],@X[14],@X[14] -|| ADD @Y[15],@X[15],@X[15] -||[!A1] LDNDW *${INP}[-5],@DAT[7]:@DAT[6] - [!A1] LDNDW *${INP}[-4],@DAT[9]:@DAT[8] - [!A1] LDNDW *${INP}[-3],@DAT[11]:@DAT[10] - LDNDW *${INP}[-2],@DAT[13]:@DAT[12] - LDNDW *${INP}[-1],@DAT[15]:@DAT[14] - - .if .BIG_ENDIAN - SWAP2 @X[0],@X[0] -|| SWAP2 @X[1],@X[1] -|| SWAP2 @X[2],@X[2] -|| SWAP2 @X[3],@X[3] - SWAP2 @X[4],@X[4] -|| SWAP2 @X[5],@X[5] -|| SWAP2 @X[6],@X[6] -|| SWAP2 @X[7],@X[7] - SWAP2 @X[8],@X[8] -|| SWAP2 @X[9],@X[9] -|| SWAP4 @X[0],@X[1] -|| SWAP4 @X[1],@X[0] - SWAP2 @X[10],@X[10] -|| SWAP2 @X[11],@X[11] -|| SWAP4 @X[2],@X[3] -|| SWAP4 @X[3],@X[2] - SWAP2 @X[12],@X[12] -|| SWAP2 @X[13],@X[13] -|| SWAP4 @X[4],@X[5] -|| SWAP4 @X[5],@X[4] - SWAP2 @X[14],@X[14] -|| SWAP2 @X[15],@X[15] -|| SWAP4 @X[6],@X[7] -|| SWAP4 @X[7],@X[6] - SWAP4 @X[8],@X[9] -|| SWAP4 @X[9],@X[8] - SWAP4 @X[10],@X[11] -|| SWAP4 @X[11],@X[10] - SWAP4 @X[12],@X[13] -|| SWAP4 @X[13],@X[12] - SWAP4 @X[14],@X[15] -|| SWAP4 @X[15],@X[14] - .else - NOP 1 - .endif - - XOR @X[0],@DAT[0],@DAT[0] ; xor with input -|| XOR @X[1],@DAT[1],@DAT[1] -|| XOR @X[2],@DAT[2],@DAT[2] -|| XOR @X[3],@DAT[3],@DAT[3] -|| [A0] SUB A0,$STEP,A0 ; SUB A0,64,A0 - XOR @X[4],@DAT[4],@DAT[4] -|| XOR @X[5],@DAT[5],@DAT[5] -|| XOR @X[6],@DAT[6],@DAT[6] -|| XOR @X[7],@DAT[7],@DAT[7] -|| STNDW @DAT[1]:@DAT[0],*${OUT}++[8] - XOR @X[8],@DAT[8],@DAT[8] -|| XOR @X[9],@DAT[9],@DAT[9] -|| XOR @X[10],@DAT[10],@DAT[10] -|| XOR @X[11],@DAT[11],@DAT[11] -|| STNDW @DAT[3]:@DAT[2],*${OUT}[-7] - XOR @X[12],@DAT[12],@DAT[12] -|| XOR @X[13],@DAT[13],@DAT[13] -|| XOR @X[14],@DAT[14],@DAT[14] -|| XOR @X[15],@DAT[15],@DAT[15] -|| STNDW @DAT[5]:@DAT[4],*${OUT}[-6] -|| [A0] BNOP top1x? - [A0] DMV @Y[2],@Y[0],@X[2]:@X[0] ; duplicate key material -|| [A0] DMV @Y[3],@Y[1],@X[3]:@X[1] -|| STNDW @DAT[7]:@DAT[6],*${OUT}[-5] - [A0] DMV @Y[6],@Y[4],@X[6]:@X[4] -|| [A0] DMV @Y[7],@Y[5],@X[7]:@X[5] -|| STNDW @DAT[9]:@DAT[8],*${OUT}[-4] - [A0] DMV @Y[10],@Y[8],@X[10]:@X[8] -|| [A0] DMV @Y[11],@Y[9],@X[11]:@X[9] -|| [A0] ADD 1,@Y[12],@Y[12] ; increment counter -|| STNDW @DAT[11]:@DAT[10],*${OUT}[-3] - [A0] DMV @Y[14],@Y[12],@X[14]:@X[12] -|| [A0] DMV @Y[15],@Y[13],@X[15]:@X[13] -|| STNDW @DAT[13]:@DAT[12],*${OUT}[-2] - [A0] MVK 10,B0 ; inner loop counter -|| STNDW @DAT[15]:@DAT[14],*${OUT}[-1] -;;===== branch to top1x? is taken here - -epilogue?: - LDDW *FP[-4],A11:A10 ; ABI says so - LDDW *FP[-3],A13:A12 -|| LDDW *SP[3+8],B11:B10 - LDDW *SP[4+8],B13:B12 -|| BNOP RA - LDW *++SP(40+64),FP ; restore frame pointer - NOP 4 - -tail?: - LDBU *${INP}++[1],B24 ; load byte by byte -|| SUB A0,1,A0 -|| SUB A0,1,B1 - [!B1] BNOP epilogue? ; interrupts are disabled for whole time -|| [A0] LDBU *${INP}++[1],B24 -|| [A0] SUB A0,1,A0 -|| SUB B1,1,B1 - [!B1] BNOP epilogue? -|| [A0] LDBU *${INP}++[1],B24 -|| [A0] SUB A0,1,A0 -|| SUB B1,1,B1 - [!B1] BNOP epilogue? -|| ROTL @X[0],0,A24 -|| [A0] LDBU *${INP}++[1],B24 -|| [A0] SUB A0,1,A0 -|| SUB B1,1,B1 - [!B1] BNOP epilogue? -|| ROTL @X[0],24,A24 -|| [A0] LDBU *${INP}++[1],A24 -|| [A0] SUB A0,1,A0 -|| SUB B1,1,B1 - [!B1] BNOP epilogue? -|| ROTL @X[0],16,A24 -|| [A0] LDBU *${INP}++[1],A24 -|| [A0] SUB A0,1,A0 -|| SUB B1,1,B1 -|| XOR A24,B24,B25 - STB B25,*${OUT}++[1] ; store byte by byte -||[!B1] BNOP epilogue? -|| ROTL @X[0],8,A24 -|| [A0] LDBU *${INP}++[1],A24 -|| [A0] SUB A0,1,A0 -|| SUB B1,1,B1 -|| XOR A24,B24,B25 - STB B25,*${OUT}++[1] -___ -sub TAIL_STEP { -my $Xi= shift; -my $T = ($Xi=~/^B/?"B24":"A24"); # match @X[i] to avoid cross path -my $D = $T; $D=~tr/AB/BA/; -my $O = $D; $O=~s/24/25/; - -$code.=<<___; -||[!B1] BNOP epilogue? -|| ROTL $Xi,0,$T -|| [A0] LDBU *${INP}++[1],$D -|| [A0] SUB A0,1,A0 -|| SUB B1,1,B1 -|| XOR A24,B24,$O - STB $O,*${OUT}++[1] -||[!B1] BNOP epilogue? -|| ROTL $Xi,24,$T -|| [A0] LDBU *${INP}++[1],$T -|| [A0] SUB A0,1,A0 -|| SUB B1,1,B1 -|| XOR A24,B24,$O - STB $O,*${OUT}++[1] -||[!B1] BNOP epilogue? -|| ROTL $Xi,16,$T -|| [A0] LDBU *${INP}++[1],$T -|| [A0] SUB A0,1,A0 -|| SUB B1,1,B1 -|| XOR A24,B24,$O - STB $O,*${OUT}++[1] -||[!B1] BNOP epilogue? -|| ROTL $Xi,8,$T -|| [A0] LDBU *${INP}++[1],$T -|| [A0] SUB A0,1,A0 -|| SUB B1,1,B1 -|| XOR A24,B24,$O - STB $O,*${OUT}++[1] -___ -} - foreach (1..14) { TAIL_STEP(@X[$_]); } -$code.=<<___; -||[!B1] BNOP epilogue? -|| ROTL @X[15],0,B24 -|| XOR A24,B24,A25 - STB A25,*${OUT}++[1] -|| ROTL @X[15],24,B24 -|| XOR A24,B24,A25 - STB A25,*${OUT}++[1] -|| ROTL @X[15],16,B24 -|| XOR A24,B24,A25 - STB A25,*${OUT}++[1] -|| XOR A24,B24,A25 - STB A25,*${OUT}++[1] -|| XOR A24,B24,B25 - STB B25,*${OUT}++[1] - .endasmfunc - - .sect .const - .cstring "ChaCha20 for C64x+, CRYPTOGAMS by " - .align 4 -___ - -print $code; -close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/chacha/asm/chacha-ia64.pl b/crypto/chacha/asm/chacha-ia64.pl deleted file mode 100644 index b13d972855754d2a41bcc4d309ec632a22e9685f..0000000000000000000000000000000000000000 --- a/crypto/chacha/asm/chacha-ia64.pl +++ /dev/null @@ -1,291 +0,0 @@ -#!/usr/bin/env perl -# -# ==================================================================== -# Written by Andy Polyakov, @dot-asm, initially for use with OpenSSL. -# ==================================================================== -# -# ChaCha20 for Itanium. -# -# March 2019 -# -# Itanium 9xxx, which has pair of shifters, manages to process one byte -# in 9.3 cycles. This aligns perfectly with theoretical estimate. -# On the other hand, pre-9000 CPU has single shifter and each extr/dep -# pairs below takes additional cycle. Then final input->xor->output -# pass runs slower than expected... Overall result is 15.6 cpb, two -# cycles more than theoretical estimate. - -$output = pop and open STDOUT, ">$output"; - -my @k = map("r$_",(16..31)); -my @x = map("r$_",(38..53)); -my @y = map("r$_",(8..11)); -my @z = map("r$_",(15,35..37)); -my ($out,$inp,$len,$key,$counter) = map("r$_",(32..36)); - -$code.=<<___; -#if defined(_HPUX_SOURCE) -# if !defined(_LP64) -# define ADDP addp4 -# else -# define ADDP add -# endif -#else -# define ADDP add -#endif - -.text - -.global ChaCha20_ctr32# -.proc ChaCha20_ctr32# -.align 32 -ChaCha20_ctr32: - .prologue - .save ar.pfs,r2 -{ .mmi; alloc r2=ar.pfs,5,17,0,0 - ADDP @k[11]=4,$key - .save ar.lc,r3 - mov r3=ar.lc } -{ .mmi; ADDP $key=0,$key - ADDP $counter=0,$counter - .save pr,r14 - mov r14=pr };; - - .body -{ .mlx; ld4 @k[4]=[$key],8 - movl @k[0]=0x61707865 } -{ .mlx; ld4 @k[5]=[@k[11]],8 - movl @k[1]=0x3320646e };; -{ .mlx; ld4 @k[6]=[$key],8 - movl @k[2]=0x79622d32 } -{ .mlx; ld4 @k[7]=[@k[11]],8 - movl @k[3]=0x6b206574 };; -{ .mmi; ld4 @k[8]=[$key],8 - ld4 @k[9]=[@k[11]],8 - add @k[15]=4,$counter };; -{ .mmi; ld4 @k[10]=[$key] - ld4 @k[11]=[@k[11]] - mov @x[0]=@k[0] };; -{ .mmi; ld4 @k[12]=[$counter],8 - ld4 @k[13]=[@k[15]],8 - mov @x[1]=@k[1] };; -{ .mmi; ld4 @k[14]=[$counter] - ld4 @k[15]=[@k[15]] - mov @x[2]=@k[2] } -{ .mmi; mov @x[3]=@k[3] - mov @x[4]=@k[4] - mov @x[5]=@k[5] };; -{ .mmi; mov @x[6]=@k[6] - mov @x[7]=@k[7] - mov @x[8]=@k[8] } -{ .mmi; mov @x[9]=@k[9] - mov @x[10]=@k[10] - mov @x[11]=@k[11] } -{ .mmi; mov @x[12]=@k[12] - mov @x[13]=@k[13] - mov @x[14]=@k[14] };; - -.Loop_outer: -{ .mii; mov @x[15]=@k[15] - mov ar.lc=9 - mov ar.ec=1 } -{ .mmb; cmp.geu p6,p0=64,$len - sub @z[1]=64,$len - brp.loop.imp .Loop_top,.Loop_end-16 };; - -.Loop_top: -___ -sub ROUND { -my ($a0,$b0,$c0,$d0)=@_; -my ($a1,$b1,$c1,$d1)=map(($_&~3)+(($_+1)&3),($a0,$b0,$c0,$d0)); -my ($a2,$b2,$c2,$d2)=map(($_&~3)+(($_+1)&3),($a1,$b1,$c1,$d1)); -my ($a3,$b3,$c3,$d3)=map(($_&~3)+(($_+1)&3),($a2,$b2,$c2,$d2)); - -$code.=<<___; -{ .mmi; add @x[$a0]=@x[$a0],@x[$b0] - add @x[$a1]=@x[$a1],@x[$b1] - add @x[$a2]=@x[$a2],@x[$b2] };; -{ .mmi; add @x[$a3]=@x[$a3],@x[$b3] - xor @x[$d0]=@x[$d0],@x[$a0] - xor @x[$d1]=@x[$d1],@x[$a1] };; -{ .mmi; xor @x[$d2]=@x[$d2],@x[$a2] - xor @x[$d3]=@x[$d3],@x[$a3] - extr.u @y[0]=@x[$d0],16,16 };; -{ .mii; extr.u @y[1]=@x[$d1],16,16 - dep @x[$d0]=@x[$d0],@y[0],16,16 };; -{ .mii; add @x[$c0]=@x[$c0],@x[$d0] - extr.u @y[2]=@x[$d2],16,16 - dep @x[$d1]=@x[$d1],@y[1],16,16 };; -{ .mii; add @x[$c1]=@x[$c1],@x[$d1] - xor @x[$b0]=@x[$b0],@x[$c0] - extr.u @y[3]=@x[$d3],16,16 };; -{ .mii; xor @x[$b1]=@x[$b1],@x[$c1] - dep @x[$d2]=@x[$d2],@y[2],16,16 - dep @x[$d3]=@x[$d3],@y[3],16,16 };; -{ .mmi; add @x[$c2]=@x[$c2],@x[$d2] - add @x[$c3]=@x[$c3],@x[$d3] - extr.u @y[0]=@x[$b0],20,12 };; -{ .mmi; xor @x[$b2]=@x[$b2],@x[$c2] - xor @x[$b3]=@x[$b3],@x[$c3] - dep.z @x[$b0]=@x[$b0],12,20 };; -{ .mii; or @x[$b0]=@x[$b0],@y[0] - extr.u @y[1]=@x[$b1],20,12 - dep.z @x[$b1]=@x[$b1],12,20 };; -{ .mii; add @x[$a0]=@x[$a0],@x[$b0] - extr.u @y[2]=@x[$b2],20,12 - extr.u @y[3]=@x[$b3],20,12 } -{ .mii; or @x[$b1]=@x[$b1],@y[1] - dep.z @x[$b2]=@x[$b2],12,20 - dep.z @x[$b3]=@x[$b3],12,20 };; -{ .mmi; or @x[$b2]=@x[$b2],@y[2] - or @x[$b3]=@x[$b3],@y[3] - add @x[$a1]=@x[$a1],@x[$b1] };; -{ .mmi; add @x[$a2]=@x[$a2],@x[$b2] - add @x[$a3]=@x[$a3],@x[$b3] - xor @x[$d0]=@x[$d0],@x[$a0] };; -{ .mii; xor @x[$d1]=@x[$d1],@x[$a1] - extr.u @y[0]=@x[$d0],24,8 - dep.z @x[$d0]=@x[$d0],8,24 };; -{ .mii; or @x[$d0]=@x[$d0],@y[0] - extr.u @y[1]=@x[$d1],24,8 - dep.z @x[$d1]=@x[$d1],8,24 };; -{ .mmi; or @x[$d1]=@x[$d1],@y[1] - xor @x[$d2]=@x[$d2],@x[$a2] - xor @x[$d3]=@x[$d3],@x[$a3] };; -{ .mii; add @x[$c0]=@x[$c0],@x[$d0] - extr.u @y[2]=@x[$d2],24,8 - dep.z @x[$d2]=@x[$d2],8,24 };; -{ .mii; xor @x[$b0]=@x[$b0],@x[$c0] - extr.u @y[3]=@x[$d3],24,8 - dep.z @x[$d3]=@x[$d3],8,24 };; -{ .mmi; or @x[$d2]=@x[$d2],@y[2] - or @x[$d3]=@x[$d3],@y[3] - extr.u @y[0]=@x[$b0],25,7 };; -{ .mmi; add @x[$c1]=@x[$c1],@x[$d1] - add @x[$c2]=@x[$c2],@x[$d2] - dep.z @x[$b0]=@x[$b0],7,25 };; -{ .mmi; xor @x[$b1]=@x[$b1],@x[$c1] - xor @x[$b2]=@x[$b2],@x[$c2] - add @x[$c3]=@x[$c3],@x[$d3] };; -{ .mii; xor @x[$b3]=@x[$b3],@x[$c3] - extr.u @y[1]=@x[$b1],25,7 - dep.z @x[$b1]=@x[$b1],7,25 };; -{ .mii; or @x[$b0]=@x[$b0],@y[0] - extr.u @y[2]=@x[$b2],25,7 - dep.z @x[$b2]=@x[$b2],7,25 };; -{ .mii; or @x[$b1]=@x[$b1],@y[1] - extr.u @y[3]=@x[$b3],25,7 - dep.z @x[$b3]=@x[$b3],7,25 };; -___ -$code.=<<___ if ($d0 == 12); -{ .mmi; or @x[$b2]=@x[$b2],@y[2] - or @x[$b3]=@x[$b3],@y[3] - mov @z[0]=-1 };; -___ -$code.=<<___ if ($d0 == 15); -{ .mmb; or @x[$b2]=@x[$b2],@y[2] - or @x[$b3]=@x[$b3],@y[3] - br.ctop.sptk .Loop_top };; -___ -} - &ROUND(0, 4, 8, 12); - &ROUND(0, 5, 10, 15); -$code.=<<___; -.Loop_end: - -{ .mmi; add @x[0]=@x[0],@k[0] - add @x[1]=@x[1],@k[1] -(p6) shr.u @z[0]=@z[0],@z[1] } -{ .mmb; add @x[2]=@x[2],@k[2] - add @x[3]=@x[3],@k[3] - clrrrb.pr };; -{ .mmi; add @x[4]=@x[4],@k[4] - add @x[5]=@x[5],@k[5] - add @x[6]=@x[6],@k[6] } -{ .mmi; add @x[7]=@x[7],@k[7] - add @x[8]=@x[8],@k[8] - add @x[9]=@x[9],@k[9] } -{ .mmi; add @x[10]=@x[10],@k[10] - add @x[11]=@x[11],@k[11] - add @x[12]=@x[12],@k[12] } -{ .mmi; add @x[13]=@x[13],@k[13] - add @x[14]=@x[14],@k[14] - add @x[15]=@x[15],@k[15] } -{ .mmi; add @k[12]=1,@k[12] // next counter - mov pr=@z[0],0x1ffff };; - -////////////////////////////////////////////////////////////////// -// Each predicate bit corresponds to byte to be processed. Note -// that p0 is wired to 1, but it works out, because there always -// is at least one byte to process... -{ .mmi; (p0) ld1 @z[0]=[$inp],1 - shr.u @y[1]=@x[0],8 };; -{ .mmi; (p1) ld1 @z[1]=[$inp],1 - (p2) shr.u @y[2]=@x[0],16 };; -{ .mmi; (p2) ld1 @z[2]=[$inp],1 - (p0) xor @z[0]=@z[0],@x[0] - (p3) shr.u @y[3]=@x[0],24 };; -___ -for(my $i0=0; $i0<60; $i0+=4) { -my ($i1, $i2, $i3, $i4, $i5, $i6, $i7) = map($i0+$_,(1..7)); -my $k = $i0/4+1; - -$code.=<<___; -{ .mmi; (p$i3) ld1 @z[3]=[$inp],1 - (p$i0) st1 [$out]=@z[0],1 - (p$i1) xor @z[1]=@z[1],@y[1] };; -{ .mmi; (p$i4) ld1 @z[0]=[$inp],1 - (p$i5) shr.u @y[1]=@x[$k],8 } -{ .mmi; (p$i1) st1 [$out]=@z[1],1 - (p$i2) xor @z[2]=@z[2],@y[2] - (p1) mov @x[$k-1]=@k[$k-1] };; -{ .mfi; (p$i5) ld1 @z[1]=[$inp],1 - (p$i6) shr.u @y[2]=@x[$k],16 } -{ .mfi; (p$i2) st1 [$out]=@z[2],1 - (p$i3) xor @z[3]=@z[3],@y[3] };; -{ .mfi; (p$i6) ld1 @z[2]=[$inp],1 - (p$i7) shr.u @y[3]=@x[$k],24 } -___ -$code.=<<___ if ($i0==0); # p1,p2 are available for reuse in first round -{ .mmi; (p$i3) st1 [$out]=@z[3],1 - (p$i4) xor @z[0]=@z[0],@x[$k] - cmp.ltu p1,p2=64,$len };; -___ -$code.=<<___ if ($i0>0); -{ .mfi; (p$i3) st1 [$out]=@z[3],1 - (p$i4) xor @z[0]=@z[0],@x[$k] };; -___ -} -$code.=<<___; -{ .mmi; (p63) ld1 @z[3]=[$inp],1 - (p60) st1 [$out]=@z[0],1 - (p61) xor @z[1]=@z[1],@y[1] };; -{ .mmi; (p61) st1 [$out]=@z[1],1 - (p62) xor @z[2]=@z[2],@y[2] };; -{ .mmi; (p62) st1 [$out]=@z[2],1 - (p63) xor @z[3]=@z[3],@y[3] - (p2) mov ar.lc=r3 };; -{ .mib; (p63) st1 [$out]=@z[3],1 - (p1) add $len=-64,$len -(p1) br.dptk.many .Loop_outer };; - -{ .mmi; mov @k[4]=0 // wipe key material - mov @k[5]=0 - mov @k[6]=0 } -{ .mmi; mov @k[7]=0 - mov @k[8]=0 - mov @k[9]=0 } -{ .mmi; mov @k[10]=0 - mov @k[11]=0 - mov @k[12]=0 } -{ .mmi; mov @k[13]=0 - mov @k[14]=0 - mov @k[15]=0 } -{ .mib; mov pr=r14,0x1ffff - br.ret.sptk.many b0 };; -.endp ChaCha20_ctr32# -stringz "ChaCha20 for IA64, CRYPTOGAMS by \@dot-asm" -___ - -print $code; -close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/chacha/asm/chacha-ppc.pl b/crypto/chacha/asm/chacha-ppc.pl deleted file mode 100755 index 60982dddb2114df60a9ef21bf714df774f9fc61d..0000000000000000000000000000000000000000 --- a/crypto/chacha/asm/chacha-ppc.pl +++ /dev/null @@ -1,1352 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - -# -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# ==================================================================== -# -# October 2015 -# -# ChaCha20 for PowerPC/AltiVec. -# -# June 2018 -# -# Add VSX 2.07 code path. Original 3xAltiVec+1xIALU is well-suited for -# processors that can't issue more than one vector instruction per -# cycle. But POWER8 (and POWER9) can issue a pair, and vector-only 4x -# interleave would perform better. Incidentally PowerISA 2.07 (first -# implemented by POWER8) defined new usable instructions, hence 4xVSX -# code path... -# -# Performance in cycles per byte out of large buffer. -# -# IALU/gcc-4.x 3xAltiVec+1xIALU 4xVSX -# -# Freescale e300 13.6/+115% - - -# PPC74x0/G4e 6.81/+310% 3.81 - -# PPC970/G5 9.29/+160% ? - -# POWER7 8.62/+61% 3.35 - -# POWER8 8.70/+51% 2.91 2.09 -# POWER9 8.80/+29% 4.44(*) 2.45(**) -# -# (*) this is trade-off result, it's possible to improve it, but -# then it would negatively affect all others; -# (**) POWER9 seems to be "allergic" to mixing vector and integer -# instructions, which is why switch to vector-only code pays -# off that much; - -# $output is the last argument if it looks like a file (it has an extension) -# $flavour is the first argument if it doesn't look like a file -$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; -$flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef; - -if ($flavour =~ /64/) { - $SIZE_T =8; - $LRSAVE =2*$SIZE_T; - $STU ="stdu"; - $POP ="ld"; - $PUSH ="std"; - $UCMP ="cmpld"; -} elsif ($flavour =~ /32/) { - $SIZE_T =4; - $LRSAVE =$SIZE_T; - $STU ="stwu"; - $POP ="lwz"; - $PUSH ="stw"; - $UCMP ="cmplw"; -} else { die "nonsense $flavour"; } - -$LITTLE_ENDIAN = ($flavour=~/le$/) ? 1 : 0; - -$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; -( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or -( $xlate="${dir}../../perlasm/ppc-xlate.pl" and -f $xlate) or -die "can't locate ppc-xlate.pl"; - -open STDOUT,"| $^X $xlate $flavour \"$output\"" - or die "can't call $xlate: $!"; - -$LOCALS=6*$SIZE_T; -$FRAME=$LOCALS+64+18*$SIZE_T; # 64 is for local variables - -sub AUTOLOAD() # thunk [simplified] x86-style perlasm -{ my $opcode = $AUTOLOAD; $opcode =~ s/.*:://; $opcode =~ s/_/\./; - $code .= "\t$opcode\t".join(',',@_)."\n"; -} - -my $sp = "r1"; - -my ($out,$inp,$len,$key,$ctr) = map("r$_",(3..7)); - -my @x=map("r$_",(16..31)); -my @d=map("r$_",(11,12,14,15)); -my @t=map("r$_",(7..10)); - -sub ROUND { -my ($a0,$b0,$c0,$d0)=@_; -my ($a1,$b1,$c1,$d1)=map(($_&~3)+(($_+1)&3),($a0,$b0,$c0,$d0)); -my ($a2,$b2,$c2,$d2)=map(($_&~3)+(($_+1)&3),($a1,$b1,$c1,$d1)); -my ($a3,$b3,$c3,$d3)=map(($_&~3)+(($_+1)&3),($a2,$b2,$c2,$d2)); - - ( - "&add (@x[$a0],@x[$a0],@x[$b0])", - "&add (@x[$a1],@x[$a1],@x[$b1])", - "&add (@x[$a2],@x[$a2],@x[$b2])", - "&add (@x[$a3],@x[$a3],@x[$b3])", - "&xor (@x[$d0],@x[$d0],@x[$a0])", - "&xor (@x[$d1],@x[$d1],@x[$a1])", - "&xor (@x[$d2],@x[$d2],@x[$a2])", - "&xor (@x[$d3],@x[$d3],@x[$a3])", - "&rotlwi (@x[$d0],@x[$d0],16)", - "&rotlwi (@x[$d1],@x[$d1],16)", - "&rotlwi (@x[$d2],@x[$d2],16)", - "&rotlwi (@x[$d3],@x[$d3],16)", - - "&add (@x[$c0],@x[$c0],@x[$d0])", - "&add (@x[$c1],@x[$c1],@x[$d1])", - "&add (@x[$c2],@x[$c2],@x[$d2])", - "&add (@x[$c3],@x[$c3],@x[$d3])", - "&xor (@x[$b0],@x[$b0],@x[$c0])", - "&xor (@x[$b1],@x[$b1],@x[$c1])", - "&xor (@x[$b2],@x[$b2],@x[$c2])", - "&xor (@x[$b3],@x[$b3],@x[$c3])", - "&rotlwi (@x[$b0],@x[$b0],12)", - "&rotlwi (@x[$b1],@x[$b1],12)", - "&rotlwi (@x[$b2],@x[$b2],12)", - "&rotlwi (@x[$b3],@x[$b3],12)", - - "&add (@x[$a0],@x[$a0],@x[$b0])", - "&add (@x[$a1],@x[$a1],@x[$b1])", - "&add (@x[$a2],@x[$a2],@x[$b2])", - "&add (@x[$a3],@x[$a3],@x[$b3])", - "&xor (@x[$d0],@x[$d0],@x[$a0])", - "&xor (@x[$d1],@x[$d1],@x[$a1])", - "&xor (@x[$d2],@x[$d2],@x[$a2])", - "&xor (@x[$d3],@x[$d3],@x[$a3])", - "&rotlwi (@x[$d0],@x[$d0],8)", - "&rotlwi (@x[$d1],@x[$d1],8)", - "&rotlwi (@x[$d2],@x[$d2],8)", - "&rotlwi (@x[$d3],@x[$d3],8)", - - "&add (@x[$c0],@x[$c0],@x[$d0])", - "&add (@x[$c1],@x[$c1],@x[$d1])", - "&add (@x[$c2],@x[$c2],@x[$d2])", - "&add (@x[$c3],@x[$c3],@x[$d3])", - "&xor (@x[$b0],@x[$b0],@x[$c0])", - "&xor (@x[$b1],@x[$b1],@x[$c1])", - "&xor (@x[$b2],@x[$b2],@x[$c2])", - "&xor (@x[$b3],@x[$b3],@x[$c3])", - "&rotlwi (@x[$b0],@x[$b0],7)", - "&rotlwi (@x[$b1],@x[$b1],7)", - "&rotlwi (@x[$b2],@x[$b2],7)", - "&rotlwi (@x[$b3],@x[$b3],7)" - ); -} - -$code.=<<___; -.machine "any" -.text - -.globl .ChaCha20_ctr32_int -.align 5 -.ChaCha20_ctr32_int: -__ChaCha20_ctr32_int: - ${UCMP}i $len,0 - beqlr- - - $STU $sp,-$FRAME($sp) - mflr r0 - - $PUSH r14,`$FRAME-$SIZE_T*18`($sp) - $PUSH r15,`$FRAME-$SIZE_T*17`($sp) - $PUSH r16,`$FRAME-$SIZE_T*16`($sp) - $PUSH r17,`$FRAME-$SIZE_T*15`($sp) - $PUSH r18,`$FRAME-$SIZE_T*14`($sp) - $PUSH r19,`$FRAME-$SIZE_T*13`($sp) - $PUSH r20,`$FRAME-$SIZE_T*12`($sp) - $PUSH r21,`$FRAME-$SIZE_T*11`($sp) - $PUSH r22,`$FRAME-$SIZE_T*10`($sp) - $PUSH r23,`$FRAME-$SIZE_T*9`($sp) - $PUSH r24,`$FRAME-$SIZE_T*8`($sp) - $PUSH r25,`$FRAME-$SIZE_T*7`($sp) - $PUSH r26,`$FRAME-$SIZE_T*6`($sp) - $PUSH r27,`$FRAME-$SIZE_T*5`($sp) - $PUSH r28,`$FRAME-$SIZE_T*4`($sp) - $PUSH r29,`$FRAME-$SIZE_T*3`($sp) - $PUSH r30,`$FRAME-$SIZE_T*2`($sp) - $PUSH r31,`$FRAME-$SIZE_T*1`($sp) - $PUSH r0,`$FRAME+$LRSAVE`($sp) - - lwz @d[0],0($ctr) # load counter - lwz @d[1],4($ctr) - lwz @d[2],8($ctr) - lwz @d[3],12($ctr) - - bl __ChaCha20_1x - - $POP r0,`$FRAME+$LRSAVE`($sp) - $POP r14,`$FRAME-$SIZE_T*18`($sp) - $POP r15,`$FRAME-$SIZE_T*17`($sp) - $POP r16,`$FRAME-$SIZE_T*16`($sp) - $POP r17,`$FRAME-$SIZE_T*15`($sp) - $POP r18,`$FRAME-$SIZE_T*14`($sp) - $POP r19,`$FRAME-$SIZE_T*13`($sp) - $POP r20,`$FRAME-$SIZE_T*12`($sp) - $POP r21,`$FRAME-$SIZE_T*11`($sp) - $POP r22,`$FRAME-$SIZE_T*10`($sp) - $POP r23,`$FRAME-$SIZE_T*9`($sp) - $POP r24,`$FRAME-$SIZE_T*8`($sp) - $POP r25,`$FRAME-$SIZE_T*7`($sp) - $POP r26,`$FRAME-$SIZE_T*6`($sp) - $POP r27,`$FRAME-$SIZE_T*5`($sp) - $POP r28,`$FRAME-$SIZE_T*4`($sp) - $POP r29,`$FRAME-$SIZE_T*3`($sp) - $POP r30,`$FRAME-$SIZE_T*2`($sp) - $POP r31,`$FRAME-$SIZE_T*1`($sp) - mtlr r0 - addi $sp,$sp,$FRAME - blr - .long 0 - .byte 0,12,4,1,0x80,18,5,0 - .long 0 -.size .ChaCha20_ctr32_int,.-.ChaCha20_ctr32_int - -.align 5 -__ChaCha20_1x: -Loop_outer: - lis @x[0],0x6170 # synthesize sigma - lis @x[1],0x3320 - lis @x[2],0x7962 - lis @x[3],0x6b20 - ori @x[0],@x[0],0x7865 - ori @x[1],@x[1],0x646e - ori @x[2],@x[2],0x2d32 - ori @x[3],@x[3],0x6574 - - li r0,10 # inner loop counter - lwz @x[4],0($key) # load key - lwz @x[5],4($key) - lwz @x[6],8($key) - lwz @x[7],12($key) - lwz @x[8],16($key) - mr @x[12],@d[0] # copy counter - lwz @x[9],20($key) - mr @x[13],@d[1] - lwz @x[10],24($key) - mr @x[14],@d[2] - lwz @x[11],28($key) - mr @x[15],@d[3] - - mr @t[0],@x[4] - mr @t[1],@x[5] - mr @t[2],@x[6] - mr @t[3],@x[7] - - mtctr r0 -Loop: -___ - foreach (&ROUND(0, 4, 8,12)) { eval; } - foreach (&ROUND(0, 5,10,15)) { eval; } -$code.=<<___; - bdnz Loop - - subic $len,$len,64 # $len-=64 - addi @x[0],@x[0],0x7865 # accumulate key block - addi @x[1],@x[1],0x646e - addi @x[2],@x[2],0x2d32 - addi @x[3],@x[3],0x6574 - addis @x[0],@x[0],0x6170 - addis @x[1],@x[1],0x3320 - addis @x[2],@x[2],0x7962 - addis @x[3],@x[3],0x6b20 - - subfe. r0,r0,r0 # borrow?-1:0 - add @x[4],@x[4],@t[0] - lwz @t[0],16($key) - add @x[5],@x[5],@t[1] - lwz @t[1],20($key) - add @x[6],@x[6],@t[2] - lwz @t[2],24($key) - add @x[7],@x[7],@t[3] - lwz @t[3],28($key) - add @x[8],@x[8],@t[0] - add @x[9],@x[9],@t[1] - add @x[10],@x[10],@t[2] - add @x[11],@x[11],@t[3] - - add @x[12],@x[12],@d[0] - add @x[13],@x[13],@d[1] - add @x[14],@x[14],@d[2] - add @x[15],@x[15],@d[3] - addi @d[0],@d[0],1 # increment counter -___ -if (!$LITTLE_ENDIAN) { for($i=0;$i<16;$i++) { # flip byte order -$code.=<<___; - mr @t[$i&3],@x[$i] - rotlwi @x[$i],@x[$i],8 - rlwimi @x[$i],@t[$i&3],24,0,7 - rlwimi @x[$i],@t[$i&3],24,16,23 -___ -} } -$code.=<<___; - bne Ltail # $len-=64 borrowed - - lwz @t[0],0($inp) # load input, aligned or not - lwz @t[1],4($inp) - ${UCMP}i $len,0 # done already? - lwz @t[2],8($inp) - lwz @t[3],12($inp) - xor @x[0],@x[0],@t[0] # xor with input - lwz @t[0],16($inp) - xor @x[1],@x[1],@t[1] - lwz @t[1],20($inp) - xor @x[2],@x[2],@t[2] - lwz @t[2],24($inp) - xor @x[3],@x[3],@t[3] - lwz @t[3],28($inp) - xor @x[4],@x[4],@t[0] - lwz @t[0],32($inp) - xor @x[5],@x[5],@t[1] - lwz @t[1],36($inp) - xor @x[6],@x[6],@t[2] - lwz @t[2],40($inp) - xor @x[7],@x[7],@t[3] - lwz @t[3],44($inp) - xor @x[8],@x[8],@t[0] - lwz @t[0],48($inp) - xor @x[9],@x[9],@t[1] - lwz @t[1],52($inp) - xor @x[10],@x[10],@t[2] - lwz @t[2],56($inp) - xor @x[11],@x[11],@t[3] - lwz @t[3],60($inp) - xor @x[12],@x[12],@t[0] - stw @x[0],0($out) # store output, aligned or not - xor @x[13],@x[13],@t[1] - stw @x[1],4($out) - xor @x[14],@x[14],@t[2] - stw @x[2],8($out) - xor @x[15],@x[15],@t[3] - stw @x[3],12($out) - stw @x[4],16($out) - stw @x[5],20($out) - stw @x[6],24($out) - stw @x[7],28($out) - stw @x[8],32($out) - stw @x[9],36($out) - stw @x[10],40($out) - stw @x[11],44($out) - stw @x[12],48($out) - stw @x[13],52($out) - stw @x[14],56($out) - addi $inp,$inp,64 - stw @x[15],60($out) - addi $out,$out,64 - - bne Loop_outer - - blr - -.align 4 -Ltail: - addi $len,$len,64 # restore tail length - subi $inp,$inp,1 # prepare for *++ptr - subi $out,$out,1 - addi @t[0],$sp,$LOCALS-1 - mtctr $len - - stw @x[0],`$LOCALS+0`($sp) # save whole block to stack - stw @x[1],`$LOCALS+4`($sp) - stw @x[2],`$LOCALS+8`($sp) - stw @x[3],`$LOCALS+12`($sp) - stw @x[4],`$LOCALS+16`($sp) - stw @x[5],`$LOCALS+20`($sp) - stw @x[6],`$LOCALS+24`($sp) - stw @x[7],`$LOCALS+28`($sp) - stw @x[8],`$LOCALS+32`($sp) - stw @x[9],`$LOCALS+36`($sp) - stw @x[10],`$LOCALS+40`($sp) - stw @x[11],`$LOCALS+44`($sp) - stw @x[12],`$LOCALS+48`($sp) - stw @x[13],`$LOCALS+52`($sp) - stw @x[14],`$LOCALS+56`($sp) - stw @x[15],`$LOCALS+60`($sp) - -Loop_tail: # byte-by-byte loop - lbzu @d[0],1($inp) - lbzu @x[0],1(@t[0]) - xor @d[1],@d[0],@x[0] - stbu @d[1],1($out) - bdnz Loop_tail - - stw $sp,`$LOCALS+0`($sp) # wipe block on stack - stw $sp,`$LOCALS+4`($sp) - stw $sp,`$LOCALS+8`($sp) - stw $sp,`$LOCALS+12`($sp) - stw $sp,`$LOCALS+16`($sp) - stw $sp,`$LOCALS+20`($sp) - stw $sp,`$LOCALS+24`($sp) - stw $sp,`$LOCALS+28`($sp) - stw $sp,`$LOCALS+32`($sp) - stw $sp,`$LOCALS+36`($sp) - stw $sp,`$LOCALS+40`($sp) - stw $sp,`$LOCALS+44`($sp) - stw $sp,`$LOCALS+48`($sp) - stw $sp,`$LOCALS+52`($sp) - stw $sp,`$LOCALS+56`($sp) - stw $sp,`$LOCALS+60`($sp) - - blr - .long 0 - .byte 0,12,0x14,0,0,0,0,0 -___ - -{{{ -my ($A0,$B0,$C0,$D0,$A1,$B1,$C1,$D1,$A2,$B2,$C2,$D2) - = map("v$_",(0..11)); -my @K = map("v$_",(12..17)); -my ($FOUR,$sixteen,$twenty4) = map("v$_",(18..19,23)); -my ($inpperm,$outperm,$outmask) = map("v$_",(24..26)); -my @D = map("v$_",(27..31)); -my ($twelve,$seven,$T0,$T1) = @D; - -my $FRAME=$LOCALS+64+10*16+18*$SIZE_T; # 10*16 is for v23-v31 offload - -sub VMXROUND { -my $odd = pop; -my ($a,$b,$c,$d)=@_; - - ( - "&vadduwm ('$a','$a','$b')", - "&vxor ('$d','$d','$a')", - "&vperm ('$d','$d','$d','$sixteen')", - - "&vadduwm ('$c','$c','$d')", - "&vxor ('$b','$b','$c')", - "&vrlw ('$b','$b','$twelve')", - - "&vadduwm ('$a','$a','$b')", - "&vxor ('$d','$d','$a')", - "&vperm ('$d','$d','$d','$twenty4')", - - "&vadduwm ('$c','$c','$d')", - "&vxor ('$b','$b','$c')", - "&vrlw ('$b','$b','$seven')", - - "&vrldoi ('$c','$c',8)", - "&vrldoi ('$b','$b',$odd?4:12)", - "&vrldoi ('$d','$d',$odd?12:4)" - ); -} - -$code.=<<___; - -.globl .ChaCha20_ctr32_vmx -.align 5 -.ChaCha20_ctr32_vmx: - ${UCMP}i $len,256 - blt __ChaCha20_ctr32_int - - $STU $sp,-$FRAME($sp) - mflr r0 - li r10,`15+$LOCALS+64` - li r11,`31+$LOCALS+64` - mfspr r12,256 - stvx v23,r10,$sp - addi r10,r10,32 - stvx v24,r11,$sp - addi r11,r11,32 - stvx v25,r10,$sp - addi r10,r10,32 - stvx v26,r11,$sp - addi r11,r11,32 - stvx v27,r10,$sp - addi r10,r10,32 - stvx v28,r11,$sp - addi r11,r11,32 - stvx v29,r10,$sp - addi r10,r10,32 - stvx v30,r11,$sp - stvx v31,r10,$sp - stw r12,`$FRAME-$SIZE_T*18-4`($sp) # save vrsave - $PUSH r14,`$FRAME-$SIZE_T*18`($sp) - $PUSH r15,`$FRAME-$SIZE_T*17`($sp) - $PUSH r16,`$FRAME-$SIZE_T*16`($sp) - $PUSH r17,`$FRAME-$SIZE_T*15`($sp) - $PUSH r18,`$FRAME-$SIZE_T*14`($sp) - $PUSH r19,`$FRAME-$SIZE_T*13`($sp) - $PUSH r20,`$FRAME-$SIZE_T*12`($sp) - $PUSH r21,`$FRAME-$SIZE_T*11`($sp) - $PUSH r22,`$FRAME-$SIZE_T*10`($sp) - $PUSH r23,`$FRAME-$SIZE_T*9`($sp) - $PUSH r24,`$FRAME-$SIZE_T*8`($sp) - $PUSH r25,`$FRAME-$SIZE_T*7`($sp) - $PUSH r26,`$FRAME-$SIZE_T*6`($sp) - $PUSH r27,`$FRAME-$SIZE_T*5`($sp) - $PUSH r28,`$FRAME-$SIZE_T*4`($sp) - $PUSH r29,`$FRAME-$SIZE_T*3`($sp) - $PUSH r30,`$FRAME-$SIZE_T*2`($sp) - $PUSH r31,`$FRAME-$SIZE_T*1`($sp) - li r12,-4096+511 - $PUSH r0, `$FRAME+$LRSAVE`($sp) - mtspr 256,r12 # preserve 29 AltiVec registers - - bl Lconsts # returns pointer Lsigma in r12 - li @x[0],16 - li @x[1],32 - li @x[2],48 - li @x[3],64 - li @x[4],31 # 31 is not a typo - li @x[5],15 # nor is 15 - - lvx @K[1],0,$key # load key - ?lvsr $T0,0,$key # prepare unaligned load - lvx @K[2],@x[0],$key - lvx @D[0],@x[4],$key - - lvx @K[3],0,$ctr # load counter - ?lvsr $T1,0,$ctr # prepare unaligned load - lvx @D[1],@x[5],$ctr - - lvx @K[0],0,r12 # load constants - lvx @K[5],@x[0],r12 # one - lvx $FOUR,@x[1],r12 - lvx $sixteen,@x[2],r12 - lvx $twenty4,@x[3],r12 - - ?vperm @K[1],@K[2],@K[1],$T0 # align key - ?vperm @K[2],@D[0],@K[2],$T0 - ?vperm @K[3],@D[1],@K[3],$T1 # align counter - - lwz @d[0],0($ctr) # load counter to GPR - lwz @d[1],4($ctr) - vadduwm @K[3],@K[3],@K[5] # adjust AltiVec counter - lwz @d[2],8($ctr) - vadduwm @K[4],@K[3],@K[5] - lwz @d[3],12($ctr) - vadduwm @K[5],@K[4],@K[5] - - vxor $T0,$T0,$T0 # 0x00..00 - vspltisw $outmask,-1 # 0xff..ff - ?lvsr $inpperm,0,$inp # prepare for unaligned load - ?lvsl $outperm,0,$out # prepare for unaligned store - ?vperm $outmask,$outmask,$T0,$outperm - - be?lvsl $T0,0,@x[0] # 0x00..0f - be?vspltisb $T1,3 # 0x03..03 - be?vxor $T0,$T0,$T1 # swap bytes within words - be?vxor $outperm,$outperm,$T1 - be?vperm $inpperm,$inpperm,$inpperm,$T0 - - li r0,10 # inner loop counter - b Loop_outer_vmx - -.align 4 -Loop_outer_vmx: - lis @x[0],0x6170 # synthesize sigma - lis @x[1],0x3320 - vmr $A0,@K[0] - lis @x[2],0x7962 - lis @x[3],0x6b20 - vmr $A1,@K[0] - ori @x[0],@x[0],0x7865 - ori @x[1],@x[1],0x646e - vmr $A2,@K[0] - ori @x[2],@x[2],0x2d32 - ori @x[3],@x[3],0x6574 - vmr $B0,@K[1] - - lwz @x[4],0($key) # load key to GPR - vmr $B1,@K[1] - lwz @x[5],4($key) - vmr $B2,@K[1] - lwz @x[6],8($key) - vmr $C0,@K[2] - lwz @x[7],12($key) - vmr $C1,@K[2] - lwz @x[8],16($key) - vmr $C2,@K[2] - mr @x[12],@d[0] # copy GPR counter - lwz @x[9],20($key) - vmr $D0,@K[3] - mr @x[13],@d[1] - lwz @x[10],24($key) - vmr $D1,@K[4] - mr @x[14],@d[2] - lwz @x[11],28($key) - vmr $D2,@K[5] - mr @x[15],@d[3] - - mr @t[0],@x[4] - mr @t[1],@x[5] - mr @t[2],@x[6] - mr @t[3],@x[7] - - vspltisw $twelve,12 # synthesize constants - vspltisw $seven,7 - - mtctr r0 - nop -Loop_vmx: -___ - my @thread0=&VMXROUND($A0,$B0,$C0,$D0,0); - my @thread1=&VMXROUND($A1,$B1,$C1,$D1,0); - my @thread2=&VMXROUND($A2,$B2,$C2,$D2,0); - my @thread3=&ROUND(0,4,8,12); - - foreach (@thread0) { - eval; - eval(shift(@thread1)); - eval(shift(@thread2)); - - eval(shift(@thread3)); - eval(shift(@thread3)); - eval(shift(@thread3)); - } - foreach (@thread3) { eval; } - - @thread0=&VMXROUND($A0,$B0,$C0,$D0,1); - @thread1=&VMXROUND($A1,$B1,$C1,$D1,1); - @thread2=&VMXROUND($A2,$B2,$C2,$D2,1); - @thread3=&ROUND(0,5,10,15); - - foreach (@thread0) { - eval; - eval(shift(@thread1)); - eval(shift(@thread2)); - - eval(shift(@thread3)); - eval(shift(@thread3)); - eval(shift(@thread3)); - } - foreach (@thread3) { eval; } -$code.=<<___; - bdnz Loop_vmx - - subi $len,$len,256 # $len-=256 - addi @x[0],@x[0],0x7865 # accumulate key block - addi @x[1],@x[1],0x646e - addi @x[2],@x[2],0x2d32 - addi @x[3],@x[3],0x6574 - addis @x[0],@x[0],0x6170 - addis @x[1],@x[1],0x3320 - addis @x[2],@x[2],0x7962 - addis @x[3],@x[3],0x6b20 - add @x[4],@x[4],@t[0] - lwz @t[0],16($key) - add @x[5],@x[5],@t[1] - lwz @t[1],20($key) - add @x[6],@x[6],@t[2] - lwz @t[2],24($key) - add @x[7],@x[7],@t[3] - lwz @t[3],28($key) - add @x[8],@x[8],@t[0] - add @x[9],@x[9],@t[1] - add @x[10],@x[10],@t[2] - add @x[11],@x[11],@t[3] - add @x[12],@x[12],@d[0] - add @x[13],@x[13],@d[1] - add @x[14],@x[14],@d[2] - add @x[15],@x[15],@d[3] - - vadduwm $A0,$A0,@K[0] # accumulate key block - vadduwm $A1,$A1,@K[0] - vadduwm $A2,$A2,@K[0] - vadduwm $B0,$B0,@K[1] - vadduwm $B1,$B1,@K[1] - vadduwm $B2,$B2,@K[1] - vadduwm $C0,$C0,@K[2] - vadduwm $C1,$C1,@K[2] - vadduwm $C2,$C2,@K[2] - vadduwm $D0,$D0,@K[3] - vadduwm $D1,$D1,@K[4] - vadduwm $D2,$D2,@K[5] - - addi @d[0],@d[0],4 # increment counter - vadduwm @K[3],@K[3],$FOUR - vadduwm @K[4],@K[4],$FOUR - vadduwm @K[5],@K[5],$FOUR - -___ -if (!$LITTLE_ENDIAN) { for($i=0;$i<16;$i++) { # flip byte order -$code.=<<___; - mr @t[$i&3],@x[$i] - rotlwi @x[$i],@x[$i],8 - rlwimi @x[$i],@t[$i&3],24,0,7 - rlwimi @x[$i],@t[$i&3],24,16,23 -___ -} } -$code.=<<___; - lwz @t[0],0($inp) # load input, aligned or not - lwz @t[1],4($inp) - lwz @t[2],8($inp) - lwz @t[3],12($inp) - xor @x[0],@x[0],@t[0] # xor with input - lwz @t[0],16($inp) - xor @x[1],@x[1],@t[1] - lwz @t[1],20($inp) - xor @x[2],@x[2],@t[2] - lwz @t[2],24($inp) - xor @x[3],@x[3],@t[3] - lwz @t[3],28($inp) - xor @x[4],@x[4],@t[0] - lwz @t[0],32($inp) - xor @x[5],@x[5],@t[1] - lwz @t[1],36($inp) - xor @x[6],@x[6],@t[2] - lwz @t[2],40($inp) - xor @x[7],@x[7],@t[3] - lwz @t[3],44($inp) - xor @x[8],@x[8],@t[0] - lwz @t[0],48($inp) - xor @x[9],@x[9],@t[1] - lwz @t[1],52($inp) - xor @x[10],@x[10],@t[2] - lwz @t[2],56($inp) - xor @x[11],@x[11],@t[3] - lwz @t[3],60($inp) - xor @x[12],@x[12],@t[0] - stw @x[0],0($out) # store output, aligned or not - xor @x[13],@x[13],@t[1] - stw @x[1],4($out) - xor @x[14],@x[14],@t[2] - stw @x[2],8($out) - xor @x[15],@x[15],@t[3] - stw @x[3],12($out) - addi $inp,$inp,64 - stw @x[4],16($out) - li @t[0],16 - stw @x[5],20($out) - li @t[1],32 - stw @x[6],24($out) - li @t[2],48 - stw @x[7],28($out) - li @t[3],64 - stw @x[8],32($out) - stw @x[9],36($out) - stw @x[10],40($out) - stw @x[11],44($out) - stw @x[12],48($out) - stw @x[13],52($out) - stw @x[14],56($out) - stw @x[15],60($out) - addi $out,$out,64 - - lvx @D[0],0,$inp # load input - lvx @D[1],@t[0],$inp - lvx @D[2],@t[1],$inp - lvx @D[3],@t[2],$inp - lvx @D[4],@t[3],$inp - addi $inp,$inp,64 - - ?vperm @D[0],@D[1],@D[0],$inpperm # align input - ?vperm @D[1],@D[2],@D[1],$inpperm - ?vperm @D[2],@D[3],@D[2],$inpperm - ?vperm @D[3],@D[4],@D[3],$inpperm - vxor $A0,$A0,@D[0] # xor with input - vxor $B0,$B0,@D[1] - lvx @D[1],@t[0],$inp # keep loading input - vxor $C0,$C0,@D[2] - lvx @D[2],@t[1],$inp - vxor $D0,$D0,@D[3] - lvx @D[3],@t[2],$inp - lvx @D[0],@t[3],$inp - addi $inp,$inp,64 - li @t[3],63 # 63 is not a typo - vperm $A0,$A0,$A0,$outperm # pre-misalign output - vperm $B0,$B0,$B0,$outperm - vperm $C0,$C0,$C0,$outperm - vperm $D0,$D0,$D0,$outperm - - ?vperm @D[4],@D[1],@D[4],$inpperm # align input - ?vperm @D[1],@D[2],@D[1],$inpperm - ?vperm @D[2],@D[3],@D[2],$inpperm - ?vperm @D[3],@D[0],@D[3],$inpperm - vxor $A1,$A1,@D[4] - vxor $B1,$B1,@D[1] - lvx @D[1],@t[0],$inp # keep loading input - vxor $C1,$C1,@D[2] - lvx @D[2],@t[1],$inp - vxor $D1,$D1,@D[3] - lvx @D[3],@t[2],$inp - lvx @D[4],@t[3],$inp # redundant in aligned case - addi $inp,$inp,64 - vperm $A1,$A1,$A1,$outperm # pre-misalign output - vperm $B1,$B1,$B1,$outperm - vperm $C1,$C1,$C1,$outperm - vperm $D1,$D1,$D1,$outperm - - ?vperm @D[0],@D[1],@D[0],$inpperm # align input - ?vperm @D[1],@D[2],@D[1],$inpperm - ?vperm @D[2],@D[3],@D[2],$inpperm - ?vperm @D[3],@D[4],@D[3],$inpperm - vxor $A2,$A2,@D[0] - vxor $B2,$B2,@D[1] - vxor $C2,$C2,@D[2] - vxor $D2,$D2,@D[3] - vperm $A2,$A2,$A2,$outperm # pre-misalign output - vperm $B2,$B2,$B2,$outperm - vperm $C2,$C2,$C2,$outperm - vperm $D2,$D2,$D2,$outperm - - andi. @x[1],$out,15 # is $out aligned? - mr @x[0],$out - - vsel @D[0],$A0,$B0,$outmask # collect pre-misaligned output - vsel @D[1],$B0,$C0,$outmask - vsel @D[2],$C0,$D0,$outmask - vsel @D[3],$D0,$A1,$outmask - vsel $B0,$A1,$B1,$outmask - vsel $C0,$B1,$C1,$outmask - vsel $D0,$C1,$D1,$outmask - vsel $A1,$D1,$A2,$outmask - vsel $B1,$A2,$B2,$outmask - vsel $C1,$B2,$C2,$outmask - vsel $D1,$C2,$D2,$outmask - - #stvx $A0,0,$out # take it easy on the edges - stvx @D[0],@t[0],$out # store output - stvx @D[1],@t[1],$out - stvx @D[2],@t[2],$out - addi $out,$out,64 - stvx @D[3],0,$out - stvx $B0,@t[0],$out - stvx $C0,@t[1],$out - stvx $D0,@t[2],$out - addi $out,$out,64 - stvx $A1,0,$out - stvx $B1,@t[0],$out - stvx $C1,@t[1],$out - stvx $D1,@t[2],$out - addi $out,$out,64 - - beq Laligned_vmx - - sub @x[2],$out,@x[1] # in misaligned case edges - li @x[3],0 # are written byte-by-byte -Lunaligned_tail_vmx: - stvebx $D2,@x[3],@x[2] - addi @x[3],@x[3],1 - cmpw @x[3],@x[1] - bne Lunaligned_tail_vmx - - sub @x[2],@x[0],@x[1] -Lunaligned_head_vmx: - stvebx $A0,@x[1],@x[2] - cmpwi @x[1],15 - addi @x[1],@x[1],1 - bne Lunaligned_head_vmx - - ${UCMP}i $len,255 # done with 256-byte blocks yet? - bgt Loop_outer_vmx - - b Ldone_vmx - -.align 4 -Laligned_vmx: - stvx $A0,0,@x[0] # head hexaword was not stored - - ${UCMP}i $len,255 # done with 256-byte blocks yet? - bgt Loop_outer_vmx - nop - -Ldone_vmx: - ${UCMP}i $len,0 # done yet? - bnel __ChaCha20_1x - - lwz r12,`$FRAME-$SIZE_T*18-4`($sp) # pull vrsave - li r10,`15+$LOCALS+64` - li r11,`31+$LOCALS+64` - mtspr 256,r12 # restore vrsave - lvx v23,r10,$sp - addi r10,r10,32 - lvx v24,r11,$sp - addi r11,r11,32 - lvx v25,r10,$sp - addi r10,r10,32 - lvx v26,r11,$sp - addi r11,r11,32 - lvx v27,r10,$sp - addi r10,r10,32 - lvx v28,r11,$sp - addi r11,r11,32 - lvx v29,r10,$sp - addi r10,r10,32 - lvx v30,r11,$sp - lvx v31,r10,$sp - $POP r0, `$FRAME+$LRSAVE`($sp) - $POP r14,`$FRAME-$SIZE_T*18`($sp) - $POP r15,`$FRAME-$SIZE_T*17`($sp) - $POP r16,`$FRAME-$SIZE_T*16`($sp) - $POP r17,`$FRAME-$SIZE_T*15`($sp) - $POP r18,`$FRAME-$SIZE_T*14`($sp) - $POP r19,`$FRAME-$SIZE_T*13`($sp) - $POP r20,`$FRAME-$SIZE_T*12`($sp) - $POP r21,`$FRAME-$SIZE_T*11`($sp) - $POP r22,`$FRAME-$SIZE_T*10`($sp) - $POP r23,`$FRAME-$SIZE_T*9`($sp) - $POP r24,`$FRAME-$SIZE_T*8`($sp) - $POP r25,`$FRAME-$SIZE_T*7`($sp) - $POP r26,`$FRAME-$SIZE_T*6`($sp) - $POP r27,`$FRAME-$SIZE_T*5`($sp) - $POP r28,`$FRAME-$SIZE_T*4`($sp) - $POP r29,`$FRAME-$SIZE_T*3`($sp) - $POP r30,`$FRAME-$SIZE_T*2`($sp) - $POP r31,`$FRAME-$SIZE_T*1`($sp) - mtlr r0 - addi $sp,$sp,$FRAME - blr - .long 0 - .byte 0,12,0x04,1,0x80,18,5,0 - .long 0 -.size .ChaCha20_ctr32_vmx,.-.ChaCha20_ctr32_vmx -___ -}}} -{{{ -my ($xa0,$xa1,$xa2,$xa3, $xb0,$xb1,$xb2,$xb3, - $xc0,$xc1,$xc2,$xc3, $xd0,$xd1,$xd2,$xd3) = map("v$_",(0..15)); -my @K = map("v$_",(16..19)); -my $CTR = "v26"; -my ($xt0,$xt1,$xt2,$xt3) = map("v$_",(27..30)); -my ($sixteen,$twelve,$eight,$seven) = ($xt0,$xt1,$xt2,$xt3); -my $beperm = "v31"; - -my ($x00,$x10,$x20,$x30) = (0, map("r$_",(8..10))); - -my $FRAME=$LOCALS+64+7*16; # 7*16 is for v26-v31 offload - -sub VSX_lane_ROUND { -my ($a0,$b0,$c0,$d0)=@_; -my ($a1,$b1,$c1,$d1)=map(($_&~3)+(($_+1)&3),($a0,$b0,$c0,$d0)); -my ($a2,$b2,$c2,$d2)=map(($_&~3)+(($_+1)&3),($a1,$b1,$c1,$d1)); -my ($a3,$b3,$c3,$d3)=map(($_&~3)+(($_+1)&3),($a2,$b2,$c2,$d2)); -my @x=map("\"v$_\"",(0..15)); - - ( - "&vadduwm (@x[$a0],@x[$a0],@x[$b0])", # Q1 - "&vadduwm (@x[$a1],@x[$a1],@x[$b1])", # Q2 - "&vadduwm (@x[$a2],@x[$a2],@x[$b2])", # Q3 - "&vadduwm (@x[$a3],@x[$a3],@x[$b3])", # Q4 - "&vxor (@x[$d0],@x[$d0],@x[$a0])", - "&vxor (@x[$d1],@x[$d1],@x[$a1])", - "&vxor (@x[$d2],@x[$d2],@x[$a2])", - "&vxor (@x[$d3],@x[$d3],@x[$a3])", - "&vrlw (@x[$d0],@x[$d0],'$sixteen')", - "&vrlw (@x[$d1],@x[$d1],'$sixteen')", - "&vrlw (@x[$d2],@x[$d2],'$sixteen')", - "&vrlw (@x[$d3],@x[$d3],'$sixteen')", - - "&vadduwm (@x[$c0],@x[$c0],@x[$d0])", - "&vadduwm (@x[$c1],@x[$c1],@x[$d1])", - "&vadduwm (@x[$c2],@x[$c2],@x[$d2])", - "&vadduwm (@x[$c3],@x[$c3],@x[$d3])", - "&vxor (@x[$b0],@x[$b0],@x[$c0])", - "&vxor (@x[$b1],@x[$b1],@x[$c1])", - "&vxor (@x[$b2],@x[$b2],@x[$c2])", - "&vxor (@x[$b3],@x[$b3],@x[$c3])", - "&vrlw (@x[$b0],@x[$b0],'$twelve')", - "&vrlw (@x[$b1],@x[$b1],'$twelve')", - "&vrlw (@x[$b2],@x[$b2],'$twelve')", - "&vrlw (@x[$b3],@x[$b3],'$twelve')", - - "&vadduwm (@x[$a0],@x[$a0],@x[$b0])", - "&vadduwm (@x[$a1],@x[$a1],@x[$b1])", - "&vadduwm (@x[$a2],@x[$a2],@x[$b2])", - "&vadduwm (@x[$a3],@x[$a3],@x[$b3])", - "&vxor (@x[$d0],@x[$d0],@x[$a0])", - "&vxor (@x[$d1],@x[$d1],@x[$a1])", - "&vxor (@x[$d2],@x[$d2],@x[$a2])", - "&vxor (@x[$d3],@x[$d3],@x[$a3])", - "&vrlw (@x[$d0],@x[$d0],'$eight')", - "&vrlw (@x[$d1],@x[$d1],'$eight')", - "&vrlw (@x[$d2],@x[$d2],'$eight')", - "&vrlw (@x[$d3],@x[$d3],'$eight')", - - "&vadduwm (@x[$c0],@x[$c0],@x[$d0])", - "&vadduwm (@x[$c1],@x[$c1],@x[$d1])", - "&vadduwm (@x[$c2],@x[$c2],@x[$d2])", - "&vadduwm (@x[$c3],@x[$c3],@x[$d3])", - "&vxor (@x[$b0],@x[$b0],@x[$c0])", - "&vxor (@x[$b1],@x[$b1],@x[$c1])", - "&vxor (@x[$b2],@x[$b2],@x[$c2])", - "&vxor (@x[$b3],@x[$b3],@x[$c3])", - "&vrlw (@x[$b0],@x[$b0],'$seven')", - "&vrlw (@x[$b1],@x[$b1],'$seven')", - "&vrlw (@x[$b2],@x[$b2],'$seven')", - "&vrlw (@x[$b3],@x[$b3],'$seven')" - ); -} - -$code.=<<___; - -.globl .ChaCha20_ctr32_vsx -.align 5 -.ChaCha20_ctr32_vsx: - $STU $sp,-$FRAME($sp) - mflr r0 - li r10,`15+$LOCALS+64` - li r11,`31+$LOCALS+64` - mfspr r12,256 - stvx v26,r10,$sp - addi r10,r10,32 - stvx v27,r11,$sp - addi r11,r11,32 - stvx v28,r10,$sp - addi r10,r10,32 - stvx v29,r11,$sp - addi r11,r11,32 - stvx v30,r10,$sp - stvx v31,r11,$sp - stw r12,`$FRAME-4`($sp) # save vrsave - li r12,-4096+63 - $PUSH r0, `$FRAME+$LRSAVE`($sp) - mtspr 256,r12 # preserve 29 AltiVec registers - - bl Lconsts # returns pointer Lsigma in r12 - lvx_4w @K[0],0,r12 # load sigma - addi r12,r12,0x50 - li $x10,16 - li $x20,32 - li $x30,48 - li r11,64 - - lvx_4w @K[1],0,$key # load key - lvx_4w @K[2],$x10,$key - lvx_4w @K[3],0,$ctr # load counter - - vxor $xt0,$xt0,$xt0 - lvx_4w $xt1,r11,r12 - vspltw $CTR,@K[3],0 - vsldoi @K[3],@K[3],$xt0,4 - vsldoi @K[3],$xt0,@K[3],12 # clear @K[3].word[0] - vadduwm $CTR,$CTR,$xt1 - - be?lvsl $beperm,0,$x10 # 0x00..0f - be?vspltisb $xt0,3 # 0x03..03 - be?vxor $beperm,$beperm,$xt0 # swap bytes within words - - li r0,10 # inner loop counter - mtctr r0 - b Loop_outer_vsx - -.align 5 -Loop_outer_vsx: - lvx $xa0,$x00,r12 # load [smashed] sigma - lvx $xa1,$x10,r12 - lvx $xa2,$x20,r12 - lvx $xa3,$x30,r12 - - vspltw $xb0,@K[1],0 # smash the key - vspltw $xb1,@K[1],1 - vspltw $xb2,@K[1],2 - vspltw $xb3,@K[1],3 - - vspltw $xc0,@K[2],0 - vspltw $xc1,@K[2],1 - vspltw $xc2,@K[2],2 - vspltw $xc3,@K[2],3 - - vmr $xd0,$CTR # smash the counter - vspltw $xd1,@K[3],1 - vspltw $xd2,@K[3],2 - vspltw $xd3,@K[3],3 - - vspltisw $sixteen,-16 # synthesize constants - vspltisw $twelve,12 - vspltisw $eight,8 - vspltisw $seven,7 - -Loop_vsx: -___ - foreach (&VSX_lane_ROUND(0, 4, 8,12)) { eval; } - foreach (&VSX_lane_ROUND(0, 5,10,15)) { eval; } -$code.=<<___; - bdnz Loop_vsx - - vadduwm $xd0,$xd0,$CTR - - vmrgew $xt0,$xa0,$xa1 # transpose data - vmrgew $xt1,$xa2,$xa3 - vmrgow $xa0,$xa0,$xa1 - vmrgow $xa2,$xa2,$xa3 - vmrgew $xt2,$xb0,$xb1 - vmrgew $xt3,$xb2,$xb3 - vpermdi $xa1,$xa0,$xa2,0b00 - vpermdi $xa3,$xa0,$xa2,0b11 - vpermdi $xa0,$xt0,$xt1,0b00 - vpermdi $xa2,$xt0,$xt1,0b11 - - vmrgow $xb0,$xb0,$xb1 - vmrgow $xb2,$xb2,$xb3 - vmrgew $xt0,$xc0,$xc1 - vmrgew $xt1,$xc2,$xc3 - vpermdi $xb1,$xb0,$xb2,0b00 - vpermdi $xb3,$xb0,$xb2,0b11 - vpermdi $xb0,$xt2,$xt3,0b00 - vpermdi $xb2,$xt2,$xt3,0b11 - - vmrgow $xc0,$xc0,$xc1 - vmrgow $xc2,$xc2,$xc3 - vmrgew $xt2,$xd0,$xd1 - vmrgew $xt3,$xd2,$xd3 - vpermdi $xc1,$xc0,$xc2,0b00 - vpermdi $xc3,$xc0,$xc2,0b11 - vpermdi $xc0,$xt0,$xt1,0b00 - vpermdi $xc2,$xt0,$xt1,0b11 - - vmrgow $xd0,$xd0,$xd1 - vmrgow $xd2,$xd2,$xd3 - vspltisw $xt0,4 - vadduwm $CTR,$CTR,$xt0 # next counter value - vpermdi $xd1,$xd0,$xd2,0b00 - vpermdi $xd3,$xd0,$xd2,0b11 - vpermdi $xd0,$xt2,$xt3,0b00 - vpermdi $xd2,$xt2,$xt3,0b11 - - vadduwm $xa0,$xa0,@K[0] - vadduwm $xb0,$xb0,@K[1] - vadduwm $xc0,$xc0,@K[2] - vadduwm $xd0,$xd0,@K[3] - - be?vperm $xa0,$xa0,$xa0,$beperm - be?vperm $xb0,$xb0,$xb0,$beperm - be?vperm $xc0,$xc0,$xc0,$beperm - be?vperm $xd0,$xd0,$xd0,$beperm - - ${UCMP}i $len,0x40 - blt Ltail_vsx - - lvx_4w $xt0,$x00,$inp - lvx_4w $xt1,$x10,$inp - lvx_4w $xt2,$x20,$inp - lvx_4w $xt3,$x30,$inp - - vxor $xt0,$xt0,$xa0 - vxor $xt1,$xt1,$xb0 - vxor $xt2,$xt2,$xc0 - vxor $xt3,$xt3,$xd0 - - stvx_4w $xt0,$x00,$out - stvx_4w $xt1,$x10,$out - addi $inp,$inp,0x40 - stvx_4w $xt2,$x20,$out - subi $len,$len,0x40 - stvx_4w $xt3,$x30,$out - addi $out,$out,0x40 - beq Ldone_vsx - - vadduwm $xa0,$xa1,@K[0] - vadduwm $xb0,$xb1,@K[1] - vadduwm $xc0,$xc1,@K[2] - vadduwm $xd0,$xd1,@K[3] - - be?vperm $xa0,$xa0,$xa0,$beperm - be?vperm $xb0,$xb0,$xb0,$beperm - be?vperm $xc0,$xc0,$xc0,$beperm - be?vperm $xd0,$xd0,$xd0,$beperm - - ${UCMP}i $len,0x40 - blt Ltail_vsx - - lvx_4w $xt0,$x00,$inp - lvx_4w $xt1,$x10,$inp - lvx_4w $xt2,$x20,$inp - lvx_4w $xt3,$x30,$inp - - vxor $xt0,$xt0,$xa0 - vxor $xt1,$xt1,$xb0 - vxor $xt2,$xt2,$xc0 - vxor $xt3,$xt3,$xd0 - - stvx_4w $xt0,$x00,$out - stvx_4w $xt1,$x10,$out - addi $inp,$inp,0x40 - stvx_4w $xt2,$x20,$out - subi $len,$len,0x40 - stvx_4w $xt3,$x30,$out - addi $out,$out,0x40 - beq Ldone_vsx - - vadduwm $xa0,$xa2,@K[0] - vadduwm $xb0,$xb2,@K[1] - vadduwm $xc0,$xc2,@K[2] - vadduwm $xd0,$xd2,@K[3] - - be?vperm $xa0,$xa0,$xa0,$beperm - be?vperm $xb0,$xb0,$xb0,$beperm - be?vperm $xc0,$xc0,$xc0,$beperm - be?vperm $xd0,$xd0,$xd0,$beperm - - ${UCMP}i $len,0x40 - blt Ltail_vsx - - lvx_4w $xt0,$x00,$inp - lvx_4w $xt1,$x10,$inp - lvx_4w $xt2,$x20,$inp - lvx_4w $xt3,$x30,$inp - - vxor $xt0,$xt0,$xa0 - vxor $xt1,$xt1,$xb0 - vxor $xt2,$xt2,$xc0 - vxor $xt3,$xt3,$xd0 - - stvx_4w $xt0,$x00,$out - stvx_4w $xt1,$x10,$out - addi $inp,$inp,0x40 - stvx_4w $xt2,$x20,$out - subi $len,$len,0x40 - stvx_4w $xt3,$x30,$out - addi $out,$out,0x40 - beq Ldone_vsx - - vadduwm $xa0,$xa3,@K[0] - vadduwm $xb0,$xb3,@K[1] - vadduwm $xc0,$xc3,@K[2] - vadduwm $xd0,$xd3,@K[3] - - be?vperm $xa0,$xa0,$xa0,$beperm - be?vperm $xb0,$xb0,$xb0,$beperm - be?vperm $xc0,$xc0,$xc0,$beperm - be?vperm $xd0,$xd0,$xd0,$beperm - - ${UCMP}i $len,0x40 - blt Ltail_vsx - - lvx_4w $xt0,$x00,$inp - lvx_4w $xt1,$x10,$inp - lvx_4w $xt2,$x20,$inp - lvx_4w $xt3,$x30,$inp - - vxor $xt0,$xt0,$xa0 - vxor $xt1,$xt1,$xb0 - vxor $xt2,$xt2,$xc0 - vxor $xt3,$xt3,$xd0 - - stvx_4w $xt0,$x00,$out - stvx_4w $xt1,$x10,$out - addi $inp,$inp,0x40 - stvx_4w $xt2,$x20,$out - subi $len,$len,0x40 - stvx_4w $xt3,$x30,$out - addi $out,$out,0x40 - mtctr r0 - bne Loop_outer_vsx - -Ldone_vsx: - lwz r12,`$FRAME-4`($sp) # pull vrsave - li r10,`15+$LOCALS+64` - li r11,`31+$LOCALS+64` - $POP r0, `$FRAME+$LRSAVE`($sp) - mtspr 256,r12 # restore vrsave - lvx v26,r10,$sp - addi r10,r10,32 - lvx v27,r11,$sp - addi r11,r11,32 - lvx v28,r10,$sp - addi r10,r10,32 - lvx v29,r11,$sp - addi r11,r11,32 - lvx v30,r10,$sp - lvx v31,r11,$sp - mtlr r0 - addi $sp,$sp,$FRAME - blr - -.align 4 -Ltail_vsx: - addi r11,$sp,$LOCALS - mtctr $len - stvx_4w $xa0,$x00,r11 # offload block to stack - stvx_4w $xb0,$x10,r11 - stvx_4w $xc0,$x20,r11 - stvx_4w $xd0,$x30,r11 - subi r12,r11,1 # prepare for *++ptr - subi $inp,$inp,1 - subi $out,$out,1 - -Loop_tail_vsx: - lbzu r6,1(r12) - lbzu r7,1($inp) - xor r6,r6,r7 - stbu r6,1($out) - bdnz Loop_tail_vsx - - stvx_4w $K[0],$x00,r11 # wipe copy of the block - stvx_4w $K[0],$x10,r11 - stvx_4w $K[0],$x20,r11 - stvx_4w $K[0],$x30,r11 - - b Ldone_vsx - .long 0 - .byte 0,12,0x04,1,0x80,0,5,0 - .long 0 -.size .ChaCha20_ctr32_vsx,.-.ChaCha20_ctr32_vsx -___ -}}} -$code.=<<___; -.align 5 -Lconsts: - mflr r0 - bcl 20,31,\$+4 - mflr r12 #vvvvv "distance between . and Lsigma - addi r12,r12,`64-8` - mtlr r0 - blr - .long 0 - .byte 0,12,0x14,0,0,0,0,0 - .space `64-9*4` -Lsigma: - .long 0x61707865,0x3320646e,0x79622d32,0x6b206574 - .long 1,0,0,0 - .long 4,0,0,0 -___ -$code.=<<___ if ($LITTLE_ENDIAN); - .long 0x0e0f0c0d,0x0a0b0809,0x06070405,0x02030001 - .long 0x0d0e0f0c,0x090a0b08,0x05060704,0x01020300 -___ -$code.=<<___ if (!$LITTLE_ENDIAN); # flipped words - .long 0x02030001,0x06070405,0x0a0b0809,0x0e0f0c0d - .long 0x01020300,0x05060704,0x090a0b08,0x0d0e0f0c -___ -$code.=<<___; - .long 0x61707865,0x61707865,0x61707865,0x61707865 - .long 0x3320646e,0x3320646e,0x3320646e,0x3320646e - .long 0x79622d32,0x79622d32,0x79622d32,0x79622d32 - .long 0x6b206574,0x6b206574,0x6b206574,0x6b206574 - .long 0,1,2,3 -.asciz "ChaCha20 for PowerPC/AltiVec, CRYPTOGAMS by " -.align 2 -___ - -foreach (split("\n",$code)) { - s/\`([^\`]*)\`/eval $1/ge; - - # instructions prefixed with '?' are endian-specific and need - # to be adjusted accordingly... - if ($flavour !~ /le$/) { # big-endian - s/be\?// or - s/le\?/#le#/ or - s/\?lvsr/lvsl/ or - s/\?lvsl/lvsr/ or - s/\?(vperm\s+v[0-9]+,\s*)(v[0-9]+,\s*)(v[0-9]+,\s*)(v[0-9]+)/$1$3$2$4/ or - s/vrldoi(\s+v[0-9]+,\s*)(v[0-9]+,)\s*([0-9]+)/vsldoi$1$2$2 16-$3/; - } else { # little-endian - s/le\?// or - s/be\?/#be#/ or - s/\?([a-z]+)/$1/ or - s/vrldoi(\s+v[0-9]+,\s*)(v[0-9]+,)\s*([0-9]+)/vsldoi$1$2$2 $3/; - } - - print $_,"\n"; -} - -close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/chacha/asm/chacha-s390x.pl b/crypto/chacha/asm/chacha-s390x.pl deleted file mode 100755 index 9e29ebccb5964163d0ceaf0ed414a89a678637e3..0000000000000000000000000000000000000000 --- a/crypto/chacha/asm/chacha-s390x.pl +++ /dev/null @@ -1,1056 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - -# -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# ==================================================================== -# -# December 2015 -# -# ChaCha20 for s390x. -# -# 3 times faster than compiler-generated code. - -# -# August 2018 -# -# Add vx code path: 4x"vertical". -# -# Copyright IBM Corp. 2018 -# Author: Patrick Steuer - -# -# February 2019 -# -# Add 6x"horizontal" VX implementation. It's ~25% faster than IBM's -# 4x"vertical" submission [on z13] and >3 faster than scalar code. -# But to harness overheads revert to transliteration of VSX code path -# from chacha-ppc module, which is also 4x"vertical", to handle inputs -# not longer than 256 bytes. - -use strict; -use FindBin qw($Bin); -use lib "$Bin/../.."; -use perlasm::s390x qw(:DEFAULT :VX :EI AUTOLOAD LABEL INCLUDE); - -# $output is the last argument if it looks like a file (it has an extension) -# $flavour is the first argument if it doesn't look like a file -my $output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; -my $flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef; - -my ($z,$SIZE_T); -if ($flavour =~ /3[12]/) { - $z=0; # S/390 ABI - $SIZE_T=4; -} else { - $z=1; # zSeries ABI - $SIZE_T=8; -} - -my $sp="%r15"; -my $stdframe=16*$SIZE_T+4*8; - -sub ROUND { -my @x=map("%r$_",(0..7,"x","x","x","x",(10..13))); -my @t=map("%r$_",(8,9)); -my ($a0,$b0,$c0,$d0)=@_; -my ($a1,$b1,$c1,$d1)=map(($_&~3)+(($_+1)&3),($a0,$b0,$c0,$d0)); -my ($a2,$b2,$c2,$d2)=map(($_&~3)+(($_+1)&3),($a1,$b1,$c1,$d1)); -my ($a3,$b3,$c3,$d3)=map(($_&~3)+(($_+1)&3),($a2,$b2,$c2,$d2)); -my ($xc,$xc_)=map("$_",@t); - - # Consider order in which variables are addressed by their - # index: - # - # a b c d - # - # 0 4 8 12 < even round - # 1 5 9 13 - # 2 6 10 14 - # 3 7 11 15 - # 0 5 10 15 < odd round - # 1 6 11 12 - # 2 7 8 13 - # 3 4 9 14 - # - # 'a', 'b' and 'd's are permanently allocated in registers, - # @x[0..7,12..15], while 'c's are maintained in memory. If - # you observe 'c' column, you'll notice that pair of 'c's is - # invariant between rounds. This means that we have to reload - # them once per round, in the middle. This is why you'll see - # 'c' stores and loads in the middle, but none in the beginning - # or end. - - alr (@x[$a0],@x[$b0]); # Q1 - alr (@x[$a1],@x[$b1]); # Q2 - xr (@x[$d0],@x[$a0]); - xr (@x[$d1],@x[$a1]); - rll (@x[$d0],@x[$d0],16); - rll (@x[$d1],@x[$d1],16); - - alr ($xc,@x[$d0]); - alr ($xc_,@x[$d1]); - xr (@x[$b0],$xc); - xr (@x[$b1],$xc_); - rll (@x[$b0],@x[$b0],12); - rll (@x[$b1],@x[$b1],12); - - alr (@x[$a0],@x[$b0]); - alr (@x[$a1],@x[$b1]); - xr (@x[$d0],@x[$a0]); - xr (@x[$d1],@x[$a1]); - rll (@x[$d0],@x[$d0],8); - rll (@x[$d1],@x[$d1],8); - - alr ($xc,@x[$d0]); - alr ($xc_,@x[$d1]); - xr (@x[$b0],$xc); - xr (@x[$b1],$xc_); - rll (@x[$b0],@x[$b0],7); - rll (@x[$b1],@x[$b1],7); - - stm ($xc,$xc_,"$stdframe+4*8+4*$c0($sp)"); # reload pair of 'c's - lm ($xc,$xc_,"$stdframe+4*8+4*$c2($sp)"); - - alr (@x[$a2],@x[$b2]); # Q3 - alr (@x[$a3],@x[$b3]); # Q4 - xr (@x[$d2],@x[$a2]); - xr (@x[$d3],@x[$a3]); - rll (@x[$d2],@x[$d2],16); - rll (@x[$d3],@x[$d3],16); - - alr ($xc,@x[$d2]); - alr ($xc_,@x[$d3]); - xr (@x[$b2],$xc); - xr (@x[$b3],$xc_); - rll (@x[$b2],@x[$b2],12); - rll (@x[$b3],@x[$b3],12); - - alr (@x[$a2],@x[$b2]); - alr (@x[$a3],@x[$b3]); - xr (@x[$d2],@x[$a2]); - xr (@x[$d3],@x[$a3]); - rll (@x[$d2],@x[$d2],8); - rll (@x[$d3],@x[$d3],8); - - alr ($xc,@x[$d2]); - alr ($xc_,@x[$d3]); - xr (@x[$b2],$xc); - xr (@x[$b3],$xc_); - rll (@x[$b2],@x[$b2],7); - rll (@x[$b3],@x[$b3],7); -} - -sub VX_lane_ROUND { -my ($a0,$b0,$c0,$d0)=@_; -my ($a1,$b1,$c1,$d1)=map(($_&~3)+(($_+1)&3),($a0,$b0,$c0,$d0)); -my ($a2,$b2,$c2,$d2)=map(($_&~3)+(($_+1)&3),($a1,$b1,$c1,$d1)); -my ($a3,$b3,$c3,$d3)=map(($_&~3)+(($_+1)&3),($a2,$b2,$c2,$d2)); -my @x=map("%v$_",(0..15)); - - vaf (@x[$a0],@x[$a0],@x[$b0]); # Q1 - vx (@x[$d0],@x[$d0],@x[$a0]); - verllf (@x[$d0],@x[$d0],16); - vaf (@x[$a1],@x[$a1],@x[$b1]); # Q2 - vx (@x[$d1],@x[$d1],@x[$a1]); - verllf (@x[$d1],@x[$d1],16); - vaf (@x[$a2],@x[$a2],@x[$b2]); # Q3 - vx (@x[$d2],@x[$d2],@x[$a2]); - verllf (@x[$d2],@x[$d2],16); - vaf (@x[$a3],@x[$a3],@x[$b3]); # Q4 - vx (@x[$d3],@x[$d3],@x[$a3]); - verllf (@x[$d3],@x[$d3],16); - - vaf (@x[$c0],@x[$c0],@x[$d0]); - vx (@x[$b0],@x[$b0],@x[$c0]); - verllf (@x[$b0],@x[$b0],12); - vaf (@x[$c1],@x[$c1],@x[$d1]); - vx (@x[$b1],@x[$b1],@x[$c1]); - verllf (@x[$b1],@x[$b1],12); - vaf (@x[$c2],@x[$c2],@x[$d2]); - vx (@x[$b2],@x[$b2],@x[$c2]); - verllf (@x[$b2],@x[$b2],12); - vaf (@x[$c3],@x[$c3],@x[$d3]); - vx (@x[$b3],@x[$b3],@x[$c3]); - verllf (@x[$b3],@x[$b3],12); - - vaf (@x[$a0],@x[$a0],@x[$b0]); - vx (@x[$d0],@x[$d0],@x[$a0]); - verllf (@x[$d0],@x[$d0],8); - vaf (@x[$a1],@x[$a1],@x[$b1]); - vx (@x[$d1],@x[$d1],@x[$a1]); - verllf (@x[$d1],@x[$d1],8); - vaf (@x[$a2],@x[$a2],@x[$b2]); - vx (@x[$d2],@x[$d2],@x[$a2]); - verllf (@x[$d2],@x[$d2],8); - vaf (@x[$a3],@x[$a3],@x[$b3]); - vx (@x[$d3],@x[$d3],@x[$a3]); - verllf (@x[$d3],@x[$d3],8); - - vaf (@x[$c0],@x[$c0],@x[$d0]); - vx (@x[$b0],@x[$b0],@x[$c0]); - verllf (@x[$b0],@x[$b0],7); - vaf (@x[$c1],@x[$c1],@x[$d1]); - vx (@x[$b1],@x[$b1],@x[$c1]); - verllf (@x[$b1],@x[$b1],7); - vaf (@x[$c2],@x[$c2],@x[$d2]); - vx (@x[$b2],@x[$b2],@x[$c2]); - verllf (@x[$b2],@x[$b2],7); - vaf (@x[$c3],@x[$c3],@x[$d3]); - vx (@x[$b3],@x[$b3],@x[$c3]); - verllf (@x[$b3],@x[$b3],7); -} - -sub VX_ROUND { -my @a=@_[0..5]; -my @b=@_[6..11]; -my @c=@_[12..17]; -my @d=@_[18..23]; -my $odd=@_[24]; - - vaf (@a[$_],@a[$_],@b[$_]) for (0..5); - vx (@d[$_],@d[$_],@a[$_]) for (0..5); - verllf (@d[$_],@d[$_],16) for (0..5); - - vaf (@c[$_],@c[$_],@d[$_]) for (0..5); - vx (@b[$_],@b[$_],@c[$_]) for (0..5); - verllf (@b[$_],@b[$_],12) for (0..5); - - vaf (@a[$_],@a[$_],@b[$_]) for (0..5); - vx (@d[$_],@d[$_],@a[$_]) for (0..5); - verllf (@d[$_],@d[$_],8) for (0..5); - - vaf (@c[$_],@c[$_],@d[$_]) for (0..5); - vx (@b[$_],@b[$_],@c[$_]) for (0..5); - verllf (@b[$_],@b[$_],7) for (0..5); - - vsldb (@c[$_],@c[$_],@c[$_],8) for (0..5); - vsldb (@b[$_],@b[$_],@b[$_],$odd?12:4) for (0..5); - vsldb (@d[$_],@d[$_],@d[$_],$odd?4:12) for (0..5); -} - -PERLASM_BEGIN($output); - -INCLUDE ("s390x_arch.h"); -TEXT (); - -################ -# void ChaCha20_ctr32(unsigned char *out, const unsigned char *inp, size_t len, -# const unsigned int key[8], const unsigned int counter[4]) -my ($out,$inp,$len,$key,$counter)=map("%r$_",(2..6)); -{ -my $frame=$stdframe+4*20; -my @x=map("%r$_",(0..7,"x","x","x","x",(10..13))); -my @t=map("%r$_",(8,9)); - -GLOBL ("ChaCha20_ctr32"); -TYPE ("ChaCha20_ctr32","\@function"); -ALIGN (32); -LABEL ("ChaCha20_ctr32"); - larl ("%r1","OPENSSL_s390xcap_P"); - - lghi ("%r0",64); -&{$z? \<gr:\<r} ($len,$len); # len==0? - bzr ("%r14"); - lg ("%r1","S390X_STFLE+16(%r1)"); -&{$z? \&clgr:\&clr} ($len,"%r0"); - jle (".Lshort"); - - tmhh ("%r1",0x4000); # check for vx bit - jnz (".LChaCha20_ctr32_vx"); - -LABEL (".Lshort"); -&{$z? \&aghi:\&ahi} ($len,-64); -&{$z? \&lghi:\&lhi} ("%r1",-$frame); -&{$z? \&stmg:\&stm} ("%r6","%r15","6*$SIZE_T($sp)"); -&{$z? \&slgr:\&slr} ($out,$inp); # difference - la ($len,"0($inp,$len)"); # end of input minus 64 - larl ("%r7",".Lsigma"); - lgr ("%r0",$sp); - la ($sp,"0(%r1,$sp)"); -&{$z? \&stg:\&st} ("%r0","0($sp)"); - - lmg ("%r8","%r11","0($key)"); # load key - lmg ("%r12","%r13","0($counter)"); # load counter - lmg ("%r6","%r7","0(%r7)"); # load sigma constant - - la ("%r14","0($inp)"); -&{$z? \&stg:\&st} ($out,"$frame+3*$SIZE_T($sp)"); -&{$z? \&stg:\&st} ($len,"$frame+4*$SIZE_T($sp)"); - stmg ("%r6","%r13","$stdframe($sp)");# copy key schedule to stack - srlg (@x[12],"%r12",32); # 32-bit counter value - j (".Loop_outer"); - -ALIGN (16); -LABEL (".Loop_outer"); - lm (@x[0],@x[7],"$stdframe+4*0($sp)"); # load x[0]-x[7] - lm (@t[0],@t[1],"$stdframe+4*10($sp)"); # load x[10]-x[11] - lm (@x[13],@x[15],"$stdframe+4*13($sp)"); # load x[13]-x[15] - stm (@t[0],@t[1],"$stdframe+4*8+4*10($sp)");# offload x[10]-x[11] - lm (@t[0],@t[1],"$stdframe+4*8($sp)"); # load x[8]-x[9] - st (@x[12],"$stdframe+4*12($sp)"); # save counter -&{$z? \&stg:\&st} ("%r14","$frame+2*$SIZE_T($sp)");# save input pointer - lhi ("%r14",10); - j (".Loop"); - -ALIGN (4); -LABEL (".Loop"); - ROUND (0, 4, 8,12); - ROUND (0, 5,10,15); - brct ("%r14",".Loop"); - -&{$z? \&lg:\&l} ("%r14","$frame+2*$SIZE_T($sp)");# pull input pointer - stm (@t[0],@t[1],"$stdframe+4*8+4*8($sp)"); # offload x[8]-x[9] -&{$z? \&lmg:\&lm} (@t[0],@t[1],"$frame+3*$SIZE_T($sp)"); - - al (@x[0],"$stdframe+4*0($sp)"); # accumulate key schedule - al (@x[1],"$stdframe+4*1($sp)"); - al (@x[2],"$stdframe+4*2($sp)"); - al (@x[3],"$stdframe+4*3($sp)"); - al (@x[4],"$stdframe+4*4($sp)"); - al (@x[5],"$stdframe+4*5($sp)"); - al (@x[6],"$stdframe+4*6($sp)"); - al (@x[7],"$stdframe+4*7($sp)"); - lrvr (@x[0],@x[0]); - lrvr (@x[1],@x[1]); - lrvr (@x[2],@x[2]); - lrvr (@x[3],@x[3]); - lrvr (@x[4],@x[4]); - lrvr (@x[5],@x[5]); - lrvr (@x[6],@x[6]); - lrvr (@x[7],@x[7]); - al (@x[12],"$stdframe+4*12($sp)"); - al (@x[13],"$stdframe+4*13($sp)"); - al (@x[14],"$stdframe+4*14($sp)"); - al (@x[15],"$stdframe+4*15($sp)"); - lrvr (@x[12],@x[12]); - lrvr (@x[13],@x[13]); - lrvr (@x[14],@x[14]); - lrvr (@x[15],@x[15]); - - la (@t[0],"0(@t[0],%r14)"); # reconstruct output pointer -&{$z? \&clgr:\&clr} ("%r14",@t[1]); - jh (".Ltail"); - - x (@x[0],"4*0(%r14)"); # xor with input - x (@x[1],"4*1(%r14)"); - st (@x[0],"4*0(@t[0])"); # store output - x (@x[2],"4*2(%r14)"); - st (@x[1],"4*1(@t[0])"); - x (@x[3],"4*3(%r14)"); - st (@x[2],"4*2(@t[0])"); - x (@x[4],"4*4(%r14)"); - st (@x[3],"4*3(@t[0])"); - lm (@x[0],@x[3],"$stdframe+4*8+4*8($sp)"); # load x[8]-x[11] - x (@x[5],"4*5(%r14)"); - st (@x[4],"4*4(@t[0])"); - x (@x[6],"4*6(%r14)"); - al (@x[0],"$stdframe+4*8($sp)"); - st (@x[5],"4*5(@t[0])"); - x (@x[7],"4*7(%r14)"); - al (@x[1],"$stdframe+4*9($sp)"); - st (@x[6],"4*6(@t[0])"); - x (@x[12],"4*12(%r14)"); - al (@x[2],"$stdframe+4*10($sp)"); - st (@x[7],"4*7(@t[0])"); - x (@x[13],"4*13(%r14)"); - al (@x[3],"$stdframe+4*11($sp)"); - st (@x[12],"4*12(@t[0])"); - x (@x[14],"4*14(%r14)"); - st (@x[13],"4*13(@t[0])"); - x (@x[15],"4*15(%r14)"); - st (@x[14],"4*14(@t[0])"); - lrvr (@x[0],@x[0]); - st (@x[15],"4*15(@t[0])"); - lrvr (@x[1],@x[1]); - lrvr (@x[2],@x[2]); - lrvr (@x[3],@x[3]); - lhi (@x[12],1); - x (@x[0],"4*8(%r14)"); - al (@x[12],"$stdframe+4*12($sp)"); # increment counter - x (@x[1],"4*9(%r14)"); - st (@x[0],"4*8(@t[0])"); - x (@x[2],"4*10(%r14)"); - st (@x[1],"4*9(@t[0])"); - x (@x[3],"4*11(%r14)"); - st (@x[2],"4*10(@t[0])"); - st (@x[3],"4*11(@t[0])"); - -&{$z? \&clgr:\&clr} ("%r14",@t[1]); # done yet? - la ("%r14","64(%r14)"); - jl (".Loop_outer"); - -LABEL (".Ldone"); - xgr ("%r0","%r0"); - xgr ("%r1","%r1"); - xgr ("%r2","%r2"); - xgr ("%r3","%r3"); - stmg ("%r0","%r3","$stdframe+4*4($sp)"); # wipe key copy - stmg ("%r0","%r3","$stdframe+4*12($sp)"); - -&{$z? \&lmg:\&lm} ("%r6","%r15","$frame+6*$SIZE_T($sp)"); - br ("%r14"); - -ALIGN (16); -LABEL (".Ltail"); - la (@t[1],"64($t[1])"); - stm (@x[0],@x[7],"$stdframe+4*0($sp)"); -&{$z? \&slgr:\&slr} (@t[1],"%r14"); - lm (@x[0],@x[3],"$stdframe+4*8+4*8($sp)"); -&{$z? \&lghi:\&lhi} (@x[6],0); - stm (@x[12],@x[15],"$stdframe+4*12($sp)"); - al (@x[0],"$stdframe+4*8($sp)"); - al (@x[1],"$stdframe+4*9($sp)"); - al (@x[2],"$stdframe+4*10($sp)"); - al (@x[3],"$stdframe+4*11($sp)"); - lrvr (@x[0],@x[0]); - lrvr (@x[1],@x[1]); - lrvr (@x[2],@x[2]); - lrvr (@x[3],@x[3]); - stm (@x[0],@x[3],"$stdframe+4*8($sp)"); - -LABEL (".Loop_tail"); - llgc (@x[4],"0(@x[6],%r14)"); - llgc (@x[5],"$stdframe(@x[6],$sp)"); - xr (@x[5],@x[4]); - stc (@x[5],"0(@x[6],@t[0])"); - la (@x[6],"1(@x[6])"); - brct (@t[1],".Loop_tail"); - - j (".Ldone"); -SIZE ("ChaCha20_ctr32",".-ChaCha20_ctr32"); -} - -######################################################################## -# 4x"vertical" layout minimizes amount of instructions, but pipeline -# runs underutilized [because of vector instructions' high latency]. -# On the other hand minimum amount of data it takes to fully utilize -# the pipeline is higher, so that effectively, short inputs would be -# processed slower. Hence this code path targeting <=256 bytes lengths. -# -{ -my ($xa0,$xa1,$xa2,$xa3, $xb0,$xb1,$xb2,$xb3, - $xc0,$xc1,$xc2,$xc3, $xd0,$xd1,$xd2,$xd3)=map("%v$_",(0..15)); -my @K=map("%v$_",(16..19)); -my $CTR="%v26"; -my ($xt0,$xt1,$xt2,$xt3)=map("%v$_",(27..30)); -my $beperm="%v31"; -my ($x00,$x10,$x20,$x30)=(0,map("r$_",(8..10))); -my $FRAME=$stdframe+4*16; - -ALIGN (32); -LABEL ("ChaCha20_ctr32_4x"); -LABEL (".LChaCha20_ctr32_4x"); -&{$z? \&stmg:\&stm} ("%r6","%r7","6*$SIZE_T($sp)"); -if (!$z) { - std ("%f4","16*$SIZE_T+2*8($sp)"); - std ("%f6","16*$SIZE_T+3*8($sp)"); -} -&{$z? \&lghi:\&lhi} ("%r1",-$FRAME); - lgr ("%r0",$sp); - la ($sp,"0(%r1,$sp)"); -&{$z? \&stg:\&st} ("%r0","0($sp)"); # back-chain -if ($z) { - std ("%f8","$stdframe+8*0($sp)"); - std ("%f9","$stdframe+8*1($sp)"); - std ("%f10","$stdframe+8*2($sp)"); - std ("%f11","$stdframe+8*3($sp)"); - std ("%f12","$stdframe+8*4($sp)"); - std ("%f13","$stdframe+8*5($sp)"); - std ("%f14","$stdframe+8*6($sp)"); - std ("%f15","$stdframe+8*7($sp)"); -} - larl ("%r7",".Lsigma"); - lhi ("%r0",10); - lhi ("%r1",0); - - vl (@K[0],"0(%r7)"); # load sigma - vl (@K[1],"0($key)"); # load key - vl (@K[2],"16($key)"); - vl (@K[3],"0($counter)"); # load counter - - vl ($beperm,"0x40(%r7)"); - vl ($xt1,"0x50(%r7)"); - vrepf ($CTR,@K[3],0); - vlvgf (@K[3],"%r1",0); # clear @K[3].word[0] - vaf ($CTR,$CTR,$xt1); - -#LABEL (".Loop_outer_4x"); - vlm ($xa0,$xa3,"0x60(%r7)"); # load [smashed] sigma - - vrepf ($xb0,@K[1],0); # smash the key - vrepf ($xb1,@K[1],1); - vrepf ($xb2,@K[1],2); - vrepf ($xb3,@K[1],3); - - vrepf ($xc0,@K[2],0); - vrepf ($xc1,@K[2],1); - vrepf ($xc2,@K[2],2); - vrepf ($xc3,@K[2],3); - - vlr ($xd0,$CTR); - vrepf ($xd1,@K[3],1); - vrepf ($xd2,@K[3],2); - vrepf ($xd3,@K[3],3); - -LABEL (".Loop_4x"); - VX_lane_ROUND(0, 4, 8,12); - VX_lane_ROUND(0, 5,10,15); - brct ("%r0",".Loop_4x"); - - vaf ($xd0,$xd0,$CTR); - - vmrhf ($xt0,$xa0,$xa1); # transpose data - vmrhf ($xt1,$xa2,$xa3); - vmrlf ($xt2,$xa0,$xa1); - vmrlf ($xt3,$xa2,$xa3); - vpdi ($xa0,$xt0,$xt1,0b0000); - vpdi ($xa1,$xt0,$xt1,0b0101); - vpdi ($xa2,$xt2,$xt3,0b0000); - vpdi ($xa3,$xt2,$xt3,0b0101); - - vmrhf ($xt0,$xb0,$xb1); - vmrhf ($xt1,$xb2,$xb3); - vmrlf ($xt2,$xb0,$xb1); - vmrlf ($xt3,$xb2,$xb3); - vpdi ($xb0,$xt0,$xt1,0b0000); - vpdi ($xb1,$xt0,$xt1,0b0101); - vpdi ($xb2,$xt2,$xt3,0b0000); - vpdi ($xb3,$xt2,$xt3,0b0101); - - vmrhf ($xt0,$xc0,$xc1); - vmrhf ($xt1,$xc2,$xc3); - vmrlf ($xt2,$xc0,$xc1); - vmrlf ($xt3,$xc2,$xc3); - vpdi ($xc0,$xt0,$xt1,0b0000); - vpdi ($xc1,$xt0,$xt1,0b0101); - vpdi ($xc2,$xt2,$xt3,0b0000); - vpdi ($xc3,$xt2,$xt3,0b0101); - - vmrhf ($xt0,$xd0,$xd1); - vmrhf ($xt1,$xd2,$xd3); - vmrlf ($xt2,$xd0,$xd1); - vmrlf ($xt3,$xd2,$xd3); - vpdi ($xd0,$xt0,$xt1,0b0000); - vpdi ($xd1,$xt0,$xt1,0b0101); - vpdi ($xd2,$xt2,$xt3,0b0000); - vpdi ($xd3,$xt2,$xt3,0b0101); - - #vrepif ($xt0,4); - #vaf ($CTR,$CTR,$xt0); # next counter value - - vaf ($xa0,$xa0,@K[0]); - vaf ($xb0,$xb0,@K[1]); - vaf ($xc0,$xc0,@K[2]); - vaf ($xd0,$xd0,@K[3]); - - vperm ($xa0,$xa0,$xa0,$beperm); - vperm ($xb0,$xb0,$xb0,$beperm); - vperm ($xc0,$xc0,$xc0,$beperm); - vperm ($xd0,$xd0,$xd0,$beperm); - - #&{$z? \&clgfi:\&clfi} ($len,0x40); - #jl (".Ltail_4x"); - - vlm ($xt0,$xt3,"0($inp)"); - - vx ($xt0,$xt0,$xa0); - vx ($xt1,$xt1,$xb0); - vx ($xt2,$xt2,$xc0); - vx ($xt3,$xt3,$xd0); - - vstm ($xt0,$xt3,"0($out)"); - - la ($inp,"0x40($inp)"); - la ($out,"0x40($out)"); -&{$z? \&aghi:\&ahi} ($len,-0x40); - #je (".Ldone_4x"); - - vaf ($xa0,$xa1,@K[0]); - vaf ($xb0,$xb1,@K[1]); - vaf ($xc0,$xc1,@K[2]); - vaf ($xd0,$xd1,@K[3]); - - vperm ($xa0,$xa0,$xa0,$beperm); - vperm ($xb0,$xb0,$xb0,$beperm); - vperm ($xc0,$xc0,$xc0,$beperm); - vperm ($xd0,$xd0,$xd0,$beperm); - -&{$z? \&clgfi:\&clfi} ($len,0x40); - jl (".Ltail_4x"); - - vlm ($xt0,$xt3,"0($inp)"); - - vx ($xt0,$xt0,$xa0); - vx ($xt1,$xt1,$xb0); - vx ($xt2,$xt2,$xc0); - vx ($xt3,$xt3,$xd0); - - vstm ($xt0,$xt3,"0($out)"); - - la ($inp,"0x40($inp)"); - la ($out,"0x40($out)"); -&{$z? \&aghi:\&ahi} ($len,-0x40); - je (".Ldone_4x"); - - vaf ($xa0,$xa2,@K[0]); - vaf ($xb0,$xb2,@K[1]); - vaf ($xc0,$xc2,@K[2]); - vaf ($xd0,$xd2,@K[3]); - - vperm ($xa0,$xa0,$xa0,$beperm); - vperm ($xb0,$xb0,$xb0,$beperm); - vperm ($xc0,$xc0,$xc0,$beperm); - vperm ($xd0,$xd0,$xd0,$beperm); - -&{$z? \&clgfi:\&clfi} ($len,0x40); - jl (".Ltail_4x"); - - vlm ($xt0,$xt3,"0($inp)"); - - vx ($xt0,$xt0,$xa0); - vx ($xt1,$xt1,$xb0); - vx ($xt2,$xt2,$xc0); - vx ($xt3,$xt3,$xd0); - - vstm ($xt0,$xt3,"0($out)"); - - la ($inp,"0x40($inp)"); - la ($out,"0x40($out)"); -&{$z? \&aghi:\&ahi} ($len,-0x40); - je (".Ldone_4x"); - - vaf ($xa0,$xa3,@K[0]); - vaf ($xb0,$xb3,@K[1]); - vaf ($xc0,$xc3,@K[2]); - vaf ($xd0,$xd3,@K[3]); - - vperm ($xa0,$xa0,$xa0,$beperm); - vperm ($xb0,$xb0,$xb0,$beperm); - vperm ($xc0,$xc0,$xc0,$beperm); - vperm ($xd0,$xd0,$xd0,$beperm); - -&{$z? \&clgfi:\&clfi} ($len,0x40); - jl (".Ltail_4x"); - - vlm ($xt0,$xt3,"0($inp)"); - - vx ($xt0,$xt0,$xa0); - vx ($xt1,$xt1,$xb0); - vx ($xt2,$xt2,$xc0); - vx ($xt3,$xt3,$xd0); - - vstm ($xt0,$xt3,"0($out)"); - - #la $inp,0x40($inp)); - #la $out,0x40($out)); - #lhi %r0,10); - #&{$z? \&aghi:\&ahi} $len,-0x40); - #jne .Loop_outer_4x); - -LABEL (".Ldone_4x"); -if (!$z) { - ld ("%f4","$FRAME+16*$SIZE_T+2*8($sp)"); - ld ("%f6","$FRAME+16*$SIZE_T+3*8($sp)"); -} else { - ld ("%f8","$stdframe+8*0($sp)"); - ld ("%f9","$stdframe+8*1($sp)"); - ld ("%f10","$stdframe+8*2($sp)"); - ld ("%f11","$stdframe+8*3($sp)"); - ld ("%f12","$stdframe+8*4($sp)"); - ld ("%f13","$stdframe+8*5($sp)"); - ld ("%f14","$stdframe+8*6($sp)"); - ld ("%f15","$stdframe+8*7($sp)"); -} -&{$z? \&lmg:\&lm} ("%r6","%r7","$FRAME+6*$SIZE_T($sp)"); - la ($sp,"$FRAME($sp)"); - br ("%r14"); - -ALIGN (16); -LABEL (".Ltail_4x"); -if (!$z) { - vlr ($xt0,$xb0); - ld ("%f4","$FRAME+16*$SIZE_T+2*8($sp)"); - ld ("%f6","$FRAME+16*$SIZE_T+3*8($sp)"); - - vst ($xa0,"$stdframe+0x00($sp)"); - vst ($xt0,"$stdframe+0x10($sp)"); - vst ($xc0,"$stdframe+0x20($sp)"); - vst ($xd0,"$stdframe+0x30($sp)"); -} else { - vlr ($xt0,$xc0); - ld ("%f8","$stdframe+8*0($sp)"); - ld ("%f9","$stdframe+8*1($sp)"); - ld ("%f10","$stdframe+8*2($sp)"); - ld ("%f11","$stdframe+8*3($sp)"); - vlr ($xt1,$xd0); - ld ("%f12","$stdframe+8*4($sp)"); - ld ("%f13","$stdframe+8*5($sp)"); - ld ("%f14","$stdframe+8*6($sp)"); - ld ("%f15","$stdframe+8*7($sp)"); - - vst ($xa0,"$stdframe+0x00($sp)"); - vst ($xb0,"$stdframe+0x10($sp)"); - vst ($xt0,"$stdframe+0x20($sp)"); - vst ($xt1,"$stdframe+0x30($sp)"); -} - lghi ("%r1",0); - -LABEL (".Loop_tail_4x"); - llgc ("%r5","0(%r1,$inp)"); - llgc ("%r6","$stdframe(%r1,$sp)"); - xr ("%r6","%r5"); - stc ("%r6","0(%r1,$out)"); - la ("%r1","1(%r1)"); - brct ($len,".Loop_tail_4x"); - -&{$z? \&lmg:\&lm} ("%r6","%r7","$FRAME+6*$SIZE_T($sp)"); - la ($sp,"$FRAME($sp)"); - br ("%r14"); -SIZE ("ChaCha20_ctr32_4x",".-ChaCha20_ctr32_4x"); -} - -######################################################################## -# 6x"horizontal" layout is optimal fit for the platform in its current -# shape, more specifically for given vector instructions' latency. Well, -# computational part of 8x"vertical" would be faster, but it consumes -# all registers and dealing with that will diminish the return... -# -{ -my ($a0,$b0,$c0,$d0, $a1,$b1,$c1,$d1, - $a2,$b2,$c2,$d2, $a3,$b3,$c3,$d3, - $a4,$b4,$c4,$d4, $a5,$b5,$c5,$d5)=map("%v$_",(0..23)); -my @K=map("%v$_",(27,24..26)); -my ($t0,$t1,$t2,$t3)=map("%v$_",27..30); -my $beperm="%v31"; -my $FRAME=$stdframe + 4*16; - -GLOBL ("ChaCha20_ctr32_vx"); -ALIGN (32); -LABEL ("ChaCha20_ctr32_vx"); -LABEL (".LChaCha20_ctr32_vx"); -&{$z? \&clgfi:\&clfi} ($len,256); - jle (".LChaCha20_ctr32_4x"); -&{$z? \&stmg:\&stm} ("%r6","%r7","6*$SIZE_T($sp)"); -if (!$z) { - std ("%f4","16*$SIZE_T+2*8($sp)"); - std ("%f6","16*$SIZE_T+3*8($sp)"); -} -&{$z? \&lghi:\&lhi} ("%r1",-$FRAME); - lgr ("%r0",$sp); - la ($sp,"0(%r1,$sp)"); -&{$z? \&stg:\&st} ("%r0","0($sp)"); # back-chain -if ($z) { - std ("%f8","$FRAME-8*8($sp)"); - std ("%f9","$FRAME-8*7($sp)"); - std ("%f10","$FRAME-8*6($sp)"); - std ("%f11","$FRAME-8*5($sp)"); - std ("%f12","$FRAME-8*4($sp)"); - std ("%f13","$FRAME-8*3($sp)"); - std ("%f14","$FRAME-8*2($sp)"); - std ("%f15","$FRAME-8*1($sp)"); -} - larl ("%r7",".Lsigma"); - lhi ("%r0",10); - - vlm (@K[1],@K[2],"0($key)"); # load key - vl (@K[3],"0($counter)"); # load counter - - vlm (@K[0],"$beperm","0(%r7)"); # load sigma, increments, ... - -LABEL (".Loop_outer_vx"); - vlr ($a0,@K[0]); - vlr ($b0,@K[1]); - vlr ($a1,@K[0]); - vlr ($b1,@K[1]); - vlr ($a2,@K[0]); - vlr ($b2,@K[1]); - vlr ($a3,@K[0]); - vlr ($b3,@K[1]); - vlr ($a4,@K[0]); - vlr ($b4,@K[1]); - vlr ($a5,@K[0]); - vlr ($b5,@K[1]); - - vlr ($d0,@K[3]); - vaf ($d1,@K[3],$t1); # K[3]+1 - vaf ($d2,@K[3],$t2); # K[3]+2 - vaf ($d3,@K[3],$t3); # K[3]+3 - vaf ($d4,$d2,$t2); # K[3]+4 - vaf ($d5,$d2,$t3); # K[3]+5 - - vlr ($c0,@K[2]); - vlr ($c1,@K[2]); - vlr ($c2,@K[2]); - vlr ($c3,@K[2]); - vlr ($c4,@K[2]); - vlr ($c5,@K[2]); - - vlr ($t1,$d1); - vlr ($t2,$d2); - vlr ($t3,$d3); - -ALIGN (4); -LABEL (".Loop_vx"); - - VX_ROUND($a0,$a1,$a2,$a3,$a4,$a5, - $b0,$b1,$b2,$b3,$b4,$b5, - $c0,$c1,$c2,$c3,$c4,$c5, - $d0,$d1,$d2,$d3,$d4,$d5, - 0); - - VX_ROUND($a0,$a1,$a2,$a3,$a4,$a5, - $b0,$b1,$b2,$b3,$b4,$b5, - $c0,$c1,$c2,$c3,$c4,$c5, - $d0,$d1,$d2,$d3,$d4,$d5, - 1); - - brct ("%r0",".Loop_vx"); - - vaf ($a0,$a0,@K[0]); - vaf ($b0,$b0,@K[1]); - vaf ($c0,$c0,@K[2]); - vaf ($d0,$d0,@K[3]); - vaf ($a1,$a1,@K[0]); - vaf ($d1,$d1,$t1); # +K[3]+1 - - vperm ($a0,$a0,$a0,$beperm); - vperm ($b0,$b0,$b0,$beperm); - vperm ($c0,$c0,$c0,$beperm); - vperm ($d0,$d0,$d0,$beperm); - -&{$z? \&clgfi:\&clfi} ($len,0x40); - jl (".Ltail_vx"); - - vaf ($d2,$d2,$t2); # +K[3]+2 - vaf ($d3,$d3,$t3); # +K[3]+3 - vlm ($t0,$t3,"0($inp)"); - - vx ($a0,$a0,$t0); - vx ($b0,$b0,$t1); - vx ($c0,$c0,$t2); - vx ($d0,$d0,$t3); - - vlm (@K[0],$t3,"0(%r7)"); # re-load sigma and increments - - vstm ($a0,$d0,"0($out)"); - - la ($inp,"0x40($inp)"); - la ($out,"0x40($out)"); -&{$z? \&aghi:\&ahi} ($len,-0x40); - je (".Ldone_vx"); - - vaf ($b1,$b1,@K[1]); - vaf ($c1,$c1,@K[2]); - - vperm ($a0,$a1,$a1,$beperm); - vperm ($b0,$b1,$b1,$beperm); - vperm ($c0,$c1,$c1,$beperm); - vperm ($d0,$d1,$d1,$beperm); - -&{$z? \&clgfi:\&clfi} ($len,0x40); - jl (".Ltail_vx"); - - vlm ($a1,$d1,"0($inp)"); - - vx ($a0,$a0,$a1); - vx ($b0,$b0,$b1); - vx ($c0,$c0,$c1); - vx ($d0,$d0,$d1); - - vstm ($a0,$d0,"0($out)"); - - la ($inp,"0x40($inp)"); - la ($out,"0x40($out)"); -&{$z? \&aghi:\&ahi} ($len,-0x40); - je (".Ldone_vx"); - - vaf ($a2,$a2,@K[0]); - vaf ($b2,$b2,@K[1]); - vaf ($c2,$c2,@K[2]); - - vperm ($a0,$a2,$a2,$beperm); - vperm ($b0,$b2,$b2,$beperm); - vperm ($c0,$c2,$c2,$beperm); - vperm ($d0,$d2,$d2,$beperm); - -&{$z? \&clgfi:\&clfi} ($len,0x40); - jl (".Ltail_vx"); - - vlm ($a1,$d1,"0($inp)"); - - vx ($a0,$a0,$a1); - vx ($b0,$b0,$b1); - vx ($c0,$c0,$c1); - vx ($d0,$d0,$d1); - - vstm ($a0,$d0,"0($out)"); - - la ($inp,"0x40($inp)"); - la ($out,"0x40($out)"); -&{$z? \&aghi:\&ahi} ($len,-0x40); - je (".Ldone_vx"); - - vaf ($a3,$a3,@K[0]); - vaf ($b3,$b3,@K[1]); - vaf ($c3,$c3,@K[2]); - vaf ($d2,@K[3],$t3); # K[3]+3 - - vperm ($a0,$a3,$a3,$beperm); - vperm ($b0,$b3,$b3,$beperm); - vperm ($c0,$c3,$c3,$beperm); - vperm ($d0,$d3,$d3,$beperm); - -&{$z? \&clgfi:\&clfi} ($len,0x40); - jl (".Ltail_vx"); - - vaf ($d3,$d2,$t1); # K[3]+4 - vlm ($a1,$d1,"0($inp)"); - - vx ($a0,$a0,$a1); - vx ($b0,$b0,$b1); - vx ($c0,$c0,$c1); - vx ($d0,$d0,$d1); - - vstm ($a0,$d0,"0($out)"); - - la ($inp,"0x40($inp)"); - la ($out,"0x40($out)"); -&{$z? \&aghi:\&ahi} ($len,-0x40); - je (".Ldone_vx"); - - vaf ($a4,$a4,@K[0]); - vaf ($b4,$b4,@K[1]); - vaf ($c4,$c4,@K[2]); - vaf ($d4,$d4,$d3); # +K[3]+4 - vaf ($d3,$d3,$t1); # K[3]+5 - vaf (@K[3],$d2,$t3); # K[3]+=6 - - vperm ($a0,$a4,$a4,$beperm); - vperm ($b0,$b4,$b4,$beperm); - vperm ($c0,$c4,$c4,$beperm); - vperm ($d0,$d4,$d4,$beperm); - -&{$z? \&clgfi:\&clfi} ($len,0x40); - jl (".Ltail_vx"); - - vlm ($a1,$d1,"0($inp)"); - - vx ($a0,$a0,$a1); - vx ($b0,$b0,$b1); - vx ($c0,$c0,$c1); - vx ($d0,$d0,$d1); - - vstm ($a0,$d0,"0($out)"); - - la ($inp,"0x40($inp)"); - la ($out,"0x40($out)"); -&{$z? \&aghi:\&ahi} ($len,-0x40); - je (".Ldone_vx"); - - vaf ($a5,$a5,@K[0]); - vaf ($b5,$b5,@K[1]); - vaf ($c5,$c5,@K[2]); - vaf ($d5,$d5,$d3); # +K[3]+5 - - vperm ($a0,$a5,$a5,$beperm); - vperm ($b0,$b5,$b5,$beperm); - vperm ($c0,$c5,$c5,$beperm); - vperm ($d0,$d5,$d5,$beperm); - -&{$z? \&clgfi:\&clfi} ($len,0x40); - jl (".Ltail_vx"); - - vlm ($a1,$d1,"0($inp)"); - - vx ($a0,$a0,$a1); - vx ($b0,$b0,$b1); - vx ($c0,$c0,$c1); - vx ($d0,$d0,$d1); - - vstm ($a0,$d0,"0($out)"); - - la ($inp,"0x40($inp)"); - la ($out,"0x40($out)"); - lhi ("%r0",10); -&{$z? \&aghi:\&ahi} ($len,-0x40); - jne (".Loop_outer_vx"); - -LABEL (".Ldone_vx"); -if (!$z) { - ld ("%f4","$FRAME+16*$SIZE_T+2*8($sp)"); - ld ("%f6","$FRAME+16*$SIZE_T+3*8($sp)"); -} else { - ld ("%f8","$FRAME-8*8($sp)"); - ld ("%f9","$FRAME-8*7($sp)"); - ld ("%f10","$FRAME-8*6($sp)"); - ld ("%f11","$FRAME-8*5($sp)"); - ld ("%f12","$FRAME-8*4($sp)"); - ld ("%f13","$FRAME-8*3($sp)"); - ld ("%f14","$FRAME-8*2($sp)"); - ld ("%f15","$FRAME-8*1($sp)"); -} -&{$z? \&lmg:\&lm} ("%r6","%r7","$FRAME+6*$SIZE_T($sp)"); - la ($sp,"$FRAME($sp)"); - br ("%r14"); - -ALIGN (16); -LABEL (".Ltail_vx"); -if (!$z) { - ld ("%f4","$FRAME+16*$SIZE_T+2*8($sp)"); - ld ("%f6","$FRAME+16*$SIZE_T+3*8($sp)"); -} else { - ld ("%f8","$FRAME-8*8($sp)"); - ld ("%f9","$FRAME-8*7($sp)"); - ld ("%f10","$FRAME-8*6($sp)"); - ld ("%f11","$FRAME-8*5($sp)"); - ld ("%f12","$FRAME-8*4($sp)"); - ld ("%f13","$FRAME-8*3($sp)"); - ld ("%f14","$FRAME-8*2($sp)"); - ld ("%f15","$FRAME-8*1($sp)"); -} - vstm ($a0,$d0,"$stdframe($sp)"); - lghi ("%r1",0); - -LABEL (".Loop_tail_vx"); - llgc ("%r5","0(%r1,$inp)"); - llgc ("%r6","$stdframe(%r1,$sp)"); - xr ("%r6","%r5"); - stc ("%r6","0(%r1,$out)"); - la ("%r1","1(%r1)"); - brct ($len,".Loop_tail_vx"); - -&{$z? \&lmg:\&lm} ("%r6","%r7","$FRAME+6*$SIZE_T($sp)"); - la ($sp,"$FRAME($sp)"); - br ("%r14"); -SIZE ("ChaCha20_ctr32_vx",".-ChaCha20_ctr32_vx"); -} -################ - -ALIGN (32); -LABEL (".Lsigma"); -LONG (0x61707865,0x3320646e,0x79622d32,0x6b206574); # endian-neutral sigma -LONG (1,0,0,0); -LONG (2,0,0,0); -LONG (3,0,0,0); -LONG (0x03020100,0x07060504,0x0b0a0908,0x0f0e0d0c); # byte swap - -LONG (0,1,2,3); -LONG (0x61707865,0x61707865,0x61707865,0x61707865); # smashed sigma -LONG (0x3320646e,0x3320646e,0x3320646e,0x3320646e); -LONG (0x79622d32,0x79622d32,0x79622d32,0x79622d32); -LONG (0x6b206574,0x6b206574,0x6b206574,0x6b206574); - -ASCIZ ("\"ChaCha20 for s390x, CRYPTOGAMS by \""); -ALIGN (4); - -PERLASM_END(); diff --git a/crypto/chacha/asm/chacha-x86.pl b/crypto/chacha/asm/chacha-x86.pl deleted file mode 100755 index d0e83d88cec3b78a26dcefe90c404761ac1b9312..0000000000000000000000000000000000000000 --- a/crypto/chacha/asm/chacha-x86.pl +++ /dev/null @@ -1,1154 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - -# -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# ==================================================================== -# -# January 2015 -# -# ChaCha20 for x86. -# -# Performance in cycles per byte out of large buffer. -# -# 1xIALU/gcc 4xSSSE3 -# Pentium 17.5/+80% -# PIII 14.2/+60% -# P4 18.6/+84% -# Core2 9.56/+89% 4.83 -# Westmere 9.50/+45% 3.35 -# Sandy Bridge 10.5/+47% 3.20 -# Haswell 8.15/+50% 2.83 -# Skylake 7.53/+22% 2.75 -# Silvermont 17.4/+36% 8.35 -# Goldmont 13.4/+40% 4.36 -# Sledgehammer 10.2/+54% -# Bulldozer 13.4/+50% 4.38(*) -# -# (*) Bulldozer actually executes 4xXOP code path that delivers 3.55; - -$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; -push(@INC,"${dir}","${dir}../../perlasm"); -require "x86asm.pl"; - -$output = pop and open STDOUT,">$output"; - -&asm_init($ARGV[0],$ARGV[$#ARGV] eq "386"); - -$xmm=$ymm=0; -for (@ARGV) { $xmm=1 if (/-DOPENSSL_IA32_SSE2/); } - -$ymm=1 if ($xmm && - `$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1` - =~ /GNU assembler version ([2-9]\.[0-9]+)/ && - ($gasver=$1)>=2.19); # first version supporting AVX - -$ymm=1 if ($xmm && !$ymm && $ARGV[0] eq "win32n" && - `nasm -v 2>&1` =~ /NASM version ([2-9]\.[0-9]+)/ && - $1>=2.03); # first version supporting AVX - -$ymm=1 if ($xmm && !$ymm && $ARGV[0] eq "win32" && - `ml 2>&1` =~ /Version ([0-9]+)\./ && - $1>=10); # first version supporting AVX - -$ymm=1 if ($xmm && !$ymm && - `$ENV{CC} -v 2>&1` =~ /((?:clang|LLVM) version|based on LLVM) ([0-9]+\.[0-9]+)/ && - $2>=3.0); # first version supporting AVX - -$a="eax"; -($b,$b_)=("ebx","ebp"); -($c,$c_)=("ecx","esi"); -($d,$d_)=("edx","edi"); - -sub QUARTERROUND { -my ($ai,$bi,$ci,$di,$i)=@_; -my ($an,$bn,$cn,$dn)=map(($_&~3)+(($_+1)&3),($ai,$bi,$ci,$di)); # next -my ($ap,$bp,$cp,$dp)=map(($_&~3)+(($_-1)&3),($ai,$bi,$ci,$di)); # previous - - # a b c d - # - # 0 4 8 12 < even round - # 1 5 9 13 - # 2 6 10 14 - # 3 7 11 15 - # 0 5 10 15 < odd round - # 1 6 11 12 - # 2 7 8 13 - # 3 4 9 14 - - if ($i==0) { - my $j=4; - ($ap,$bp,$cp,$dp)=map(($_&~3)+(($_-$j--)&3),($ap,$bp,$cp,$dp)); - } elsif ($i==3) { - my $j=0; - ($an,$bn,$cn,$dn)=map(($_&~3)+(($_+$j++)&3),($an,$bn,$cn,$dn)); - } elsif ($i==4) { - my $j=4; - ($ap,$bp,$cp,$dp)=map(($_&~3)+(($_+$j--)&3),($ap,$bp,$cp,$dp)); - } elsif ($i==7) { - my $j=0; - ($an,$bn,$cn,$dn)=map(($_&~3)+(($_-$j++)&3),($an,$bn,$cn,$dn)); - } - - #&add ($a,$b); # see elsewhere - &xor ($d,$a); - &mov (&DWP(4*$cp,"esp"),$c_) if ($ai>0 && $ai<3); - &rol ($d,16); - &mov (&DWP(4*$bp,"esp"),$b_) if ($i!=0); - &add ($c,$d); - &mov ($c_,&DWP(4*$cn,"esp")) if ($ai>0 && $ai<3); - &xor ($b,$c); - &mov ($d_,&DWP(4*$dn,"esp")) if ($di!=$dn); - &rol ($b,12); - &mov ($b_,&DWP(4*$bn,"esp")) if ($i<7); - &mov ($b_,&DWP(128,"esp")) if ($i==7); # loop counter - &add ($a,$b); - &xor ($d,$a); - &mov (&DWP(4*$ai,"esp"),$a); - &rol ($d,8); - &mov ($a,&DWP(4*$an,"esp")); - &add ($c,$d); - &mov (&DWP(4*$di,"esp"),$d) if ($di!=$dn); - &mov ($d_,$d) if ($di==$dn); - &xor ($b,$c); - &add ($a,$b_) if ($i<7); # elsewhere - &rol ($b,7); - - ($b,$b_)=($b_,$b); - ($c,$c_)=($c_,$c); - ($d,$d_)=($d_,$d); -} - -&static_label("ssse3_shortcut"); -&static_label("xop_shortcut"); -&static_label("ssse3_data"); -&static_label("pic_point"); - -&function_begin("ChaCha20_ctr32"); - &xor ("eax","eax"); - &cmp ("eax",&wparam(2)); # len==0? - &je (&label("no_data")); -if ($xmm) { - &call (&label("pic_point")); -&set_label("pic_point"); - &blindpop("eax"); - &picmeup("ebp","OPENSSL_ia32cap_P","eax",&label("pic_point")); - &test (&DWP(0,"ebp"),1<<24); # test FXSR bit - &jz (&label("x86")); - &test (&DWP(4,"ebp"),1<<9); # test SSSE3 bit - &jz (&label("x86")); - &jmp (&label("ssse3_shortcut")); -&set_label("x86"); -} - &mov ("esi",&wparam(3)); # key - &mov ("edi",&wparam(4)); # counter and nonce - - &stack_push(33); - - &mov ("eax",&DWP(4*0,"esi")); # copy key - &mov ("ebx",&DWP(4*1,"esi")); - &mov ("ecx",&DWP(4*2,"esi")); - &mov ("edx",&DWP(4*3,"esi")); - &mov (&DWP(64+4*4,"esp"),"eax"); - &mov (&DWP(64+4*5,"esp"),"ebx"); - &mov (&DWP(64+4*6,"esp"),"ecx"); - &mov (&DWP(64+4*7,"esp"),"edx"); - &mov ("eax",&DWP(4*4,"esi")); - &mov ("ebx",&DWP(4*5,"esi")); - &mov ("ecx",&DWP(4*6,"esi")); - &mov ("edx",&DWP(4*7,"esi")); - &mov (&DWP(64+4*8,"esp"),"eax"); - &mov (&DWP(64+4*9,"esp"),"ebx"); - &mov (&DWP(64+4*10,"esp"),"ecx"); - &mov (&DWP(64+4*11,"esp"),"edx"); - &mov ("eax",&DWP(4*0,"edi")); # copy counter and nonce - &mov ("ebx",&DWP(4*1,"edi")); - &mov ("ecx",&DWP(4*2,"edi")); - &mov ("edx",&DWP(4*3,"edi")); - &sub ("eax",1); - &mov (&DWP(64+4*12,"esp"),"eax"); - &mov (&DWP(64+4*13,"esp"),"ebx"); - &mov (&DWP(64+4*14,"esp"),"ecx"); - &mov (&DWP(64+4*15,"esp"),"edx"); - &jmp (&label("entry")); - -&set_label("outer_loop",16); - &mov (&wparam(1),$b); # save input - &mov (&wparam(0),$a); # save output - &mov (&wparam(2),$c); # save len -&set_label("entry"); - &mov ($a,0x61707865); - &mov (&DWP(4*1,"esp"),0x3320646e); - &mov (&DWP(4*2,"esp"),0x79622d32); - &mov (&DWP(4*3,"esp"),0x6b206574); - - &mov ($b, &DWP(64+4*5,"esp")); # copy key material - &mov ($b_,&DWP(64+4*6,"esp")); - &mov ($c, &DWP(64+4*10,"esp")); - &mov ($c_,&DWP(64+4*11,"esp")); - &mov ($d, &DWP(64+4*13,"esp")); - &mov ($d_,&DWP(64+4*14,"esp")); - &mov (&DWP(4*5,"esp"),$b); - &mov (&DWP(4*6,"esp"),$b_); - &mov (&DWP(4*10,"esp"),$c); - &mov (&DWP(4*11,"esp"),$c_); - &mov (&DWP(4*13,"esp"),$d); - &mov (&DWP(4*14,"esp"),$d_); - - &mov ($b, &DWP(64+4*7,"esp")); - &mov ($d_,&DWP(64+4*15,"esp")); - &mov ($d, &DWP(64+4*12,"esp")); - &mov ($b_,&DWP(64+4*4,"esp")); - &mov ($c, &DWP(64+4*8,"esp")); - &mov ($c_,&DWP(64+4*9,"esp")); - &add ($d,1); # counter value - &mov (&DWP(4*7,"esp"),$b); - &mov (&DWP(4*15,"esp"),$d_); - &mov (&DWP(64+4*12,"esp"),$d); # save counter value - - &mov ($b,10); # loop counter - &jmp (&label("loop")); - -&set_label("loop",16); - &add ($a,$b_); # elsewhere - &mov (&DWP(128,"esp"),$b); # save loop counter - &mov ($b,$b_); - &QUARTERROUND(0, 4, 8, 12, 0); - &QUARTERROUND(1, 5, 9, 13, 1); - &QUARTERROUND(2, 6,10, 14, 2); - &QUARTERROUND(3, 7,11, 15, 3); - &QUARTERROUND(0, 5,10, 15, 4); - &QUARTERROUND(1, 6,11, 12, 5); - &QUARTERROUND(2, 7, 8, 13, 6); - &QUARTERROUND(3, 4, 9, 14, 7); - &dec ($b); - &jnz (&label("loop")); - - &mov ($b,&wparam(2)); # load len - - &add ($a,0x61707865); # accumulate key material - &add ($b_,&DWP(64+4*4,"esp")); - &add ($c, &DWP(64+4*8,"esp")); - &add ($c_,&DWP(64+4*9,"esp")); - - &cmp ($b,64); - &jb (&label("tail")); - - &mov ($b,&wparam(1)); # load input pointer - &add ($d, &DWP(64+4*12,"esp")); - &add ($d_,&DWP(64+4*14,"esp")); - - &xor ($a, &DWP(4*0,$b)); # xor with input - &xor ($b_,&DWP(4*4,$b)); - &mov (&DWP(4*0,"esp"),$a); - &mov ($a,&wparam(0)); # load output pointer - &xor ($c, &DWP(4*8,$b)); - &xor ($c_,&DWP(4*9,$b)); - &xor ($d, &DWP(4*12,$b)); - &xor ($d_,&DWP(4*14,$b)); - &mov (&DWP(4*4,$a),$b_); # write output - &mov (&DWP(4*8,$a),$c); - &mov (&DWP(4*9,$a),$c_); - &mov (&DWP(4*12,$a),$d); - &mov (&DWP(4*14,$a),$d_); - - &mov ($b_,&DWP(4*1,"esp")); - &mov ($c, &DWP(4*2,"esp")); - &mov ($c_,&DWP(4*3,"esp")); - &mov ($d, &DWP(4*5,"esp")); - &mov ($d_,&DWP(4*6,"esp")); - &add ($b_,0x3320646e); # accumulate key material - &add ($c, 0x79622d32); - &add ($c_,0x6b206574); - &add ($d, &DWP(64+4*5,"esp")); - &add ($d_,&DWP(64+4*6,"esp")); - &xor ($b_,&DWP(4*1,$b)); - &xor ($c, &DWP(4*2,$b)); - &xor ($c_,&DWP(4*3,$b)); - &xor ($d, &DWP(4*5,$b)); - &xor ($d_,&DWP(4*6,$b)); - &mov (&DWP(4*1,$a),$b_); - &mov (&DWP(4*2,$a),$c); - &mov (&DWP(4*3,$a),$c_); - &mov (&DWP(4*5,$a),$d); - &mov (&DWP(4*6,$a),$d_); - - &mov ($b_,&DWP(4*7,"esp")); - &mov ($c, &DWP(4*10,"esp")); - &mov ($c_,&DWP(4*11,"esp")); - &mov ($d, &DWP(4*13,"esp")); - &mov ($d_,&DWP(4*15,"esp")); - &add ($b_,&DWP(64+4*7,"esp")); - &add ($c, &DWP(64+4*10,"esp")); - &add ($c_,&DWP(64+4*11,"esp")); - &add ($d, &DWP(64+4*13,"esp")); - &add ($d_,&DWP(64+4*15,"esp")); - &xor ($b_,&DWP(4*7,$b)); - &xor ($c, &DWP(4*10,$b)); - &xor ($c_,&DWP(4*11,$b)); - &xor ($d, &DWP(4*13,$b)); - &xor ($d_,&DWP(4*15,$b)); - &lea ($b,&DWP(4*16,$b)); - &mov (&DWP(4*7,$a),$b_); - &mov ($b_,&DWP(4*0,"esp")); - &mov (&DWP(4*10,$a),$c); - &mov ($c,&wparam(2)); # len - &mov (&DWP(4*11,$a),$c_); - &mov (&DWP(4*13,$a),$d); - &mov (&DWP(4*15,$a),$d_); - &mov (&DWP(4*0,$a),$b_); - &lea ($a,&DWP(4*16,$a)); - &sub ($c,64); - &jnz (&label("outer_loop")); - - &jmp (&label("done")); - -&set_label("tail"); - &add ($d, &DWP(64+4*12,"esp")); - &add ($d_,&DWP(64+4*14,"esp")); - &mov (&DWP(4*0,"esp"),$a); - &mov (&DWP(4*4,"esp"),$b_); - &mov (&DWP(4*8,"esp"),$c); - &mov (&DWP(4*9,"esp"),$c_); - &mov (&DWP(4*12,"esp"),$d); - &mov (&DWP(4*14,"esp"),$d_); - - &mov ($b_,&DWP(4*1,"esp")); - &mov ($c, &DWP(4*2,"esp")); - &mov ($c_,&DWP(4*3,"esp")); - &mov ($d, &DWP(4*5,"esp")); - &mov ($d_,&DWP(4*6,"esp")); - &add ($b_,0x3320646e); # accumulate key material - &add ($c, 0x79622d32); - &add ($c_,0x6b206574); - &add ($d, &DWP(64+4*5,"esp")); - &add ($d_,&DWP(64+4*6,"esp")); - &mov (&DWP(4*1,"esp"),$b_); - &mov (&DWP(4*2,"esp"),$c); - &mov (&DWP(4*3,"esp"),$c_); - &mov (&DWP(4*5,"esp"),$d); - &mov (&DWP(4*6,"esp"),$d_); - - &mov ($b_,&DWP(4*7,"esp")); - &mov ($c, &DWP(4*10,"esp")); - &mov ($c_,&DWP(4*11,"esp")); - &mov ($d, &DWP(4*13,"esp")); - &mov ($d_,&DWP(4*15,"esp")); - &add ($b_,&DWP(64+4*7,"esp")); - &add ($c, &DWP(64+4*10,"esp")); - &add ($c_,&DWP(64+4*11,"esp")); - &add ($d, &DWP(64+4*13,"esp")); - &add ($d_,&DWP(64+4*15,"esp")); - &mov (&DWP(4*7,"esp"),$b_); - &mov ($b_,&wparam(1)); # load input - &mov (&DWP(4*10,"esp"),$c); - &mov ($c,&wparam(0)); # load output - &mov (&DWP(4*11,"esp"),$c_); - &xor ($c_,$c_); - &mov (&DWP(4*13,"esp"),$d); - &mov (&DWP(4*15,"esp"),$d_); - - &xor ("eax","eax"); - &xor ("edx","edx"); -&set_label("tail_loop"); - &movb ("al",&BP(0,$c_,$b_)); - &movb ("dl",&BP(0,"esp",$c_)); - &lea ($c_,&DWP(1,$c_)); - &xor ("al","dl"); - &mov (&BP(-1,$c,$c_),"al"); - &dec ($b); - &jnz (&label("tail_loop")); - -&set_label("done"); - &stack_pop(33); -&set_label("no_data"); -&function_end("ChaCha20_ctr32"); - -if ($xmm) { -my ($xa,$xa_,$xb,$xb_,$xc,$xc_,$xd,$xd_)=map("xmm$_",(0..7)); -my ($out,$inp,$len)=("edi","esi","ecx"); - -sub QUARTERROUND_SSSE3 { -my ($ai,$bi,$ci,$di,$i)=@_; -my ($an,$bn,$cn,$dn)=map(($_&~3)+(($_+1)&3),($ai,$bi,$ci,$di)); # next -my ($ap,$bp,$cp,$dp)=map(($_&~3)+(($_-1)&3),($ai,$bi,$ci,$di)); # previous - - # a b c d - # - # 0 4 8 12 < even round - # 1 5 9 13 - # 2 6 10 14 - # 3 7 11 15 - # 0 5 10 15 < odd round - # 1 6 11 12 - # 2 7 8 13 - # 3 4 9 14 - - if ($i==0) { - my $j=4; - ($ap,$bp,$cp,$dp)=map(($_&~3)+(($_-$j--)&3),($ap,$bp,$cp,$dp)); - } elsif ($i==3) { - my $j=0; - ($an,$bn,$cn,$dn)=map(($_&~3)+(($_+$j++)&3),($an,$bn,$cn,$dn)); - } elsif ($i==4) { - my $j=4; - ($ap,$bp,$cp,$dp)=map(($_&~3)+(($_+$j--)&3),($ap,$bp,$cp,$dp)); - } elsif ($i==7) { - my $j=0; - ($an,$bn,$cn,$dn)=map(($_&~3)+(($_-$j++)&3),($an,$bn,$cn,$dn)); - } - - #&paddd ($xa,$xb); # see elsewhere - #&pxor ($xd,$xa); # see elsewhere - &movdqa(&QWP(16*$cp-128,"ebx"),$xc_) if ($ai>0 && $ai<3); - &pshufb ($xd,&QWP(0,"eax")); # rot16 - &movdqa(&QWP(16*$bp-128,"ebx"),$xb_) if ($i!=0); - &paddd ($xc,$xd); - &movdqa($xc_,&QWP(16*$cn-128,"ebx")) if ($ai>0 && $ai<3); - &pxor ($xb,$xc); - &movdqa($xb_,&QWP(16*$bn-128,"ebx")) if ($i<7); - &movdqa ($xa_,$xb); # borrow as temporary - &pslld ($xb,12); - &psrld ($xa_,20); - &por ($xb,$xa_); - &movdqa($xa_,&QWP(16*$an-128,"ebx")); - &paddd ($xa,$xb); - &movdqa($xd_,&QWP(16*$dn-128,"ebx")) if ($di!=$dn); - &pxor ($xd,$xa); - &movdqa (&QWP(16*$ai-128,"ebx"),$xa); - &pshufb ($xd,&QWP(16,"eax")); # rot8 - &paddd ($xc,$xd); - &movdqa (&QWP(16*$di-128,"ebx"),$xd) if ($di!=$dn); - &movdqa ($xd_,$xd) if ($di==$dn); - &pxor ($xb,$xc); - &paddd ($xa_,$xb_) if ($i<7); # elsewhere - &movdqa ($xa,$xb); # borrow as temporary - &pslld ($xb,7); - &psrld ($xa,25); - &pxor ($xd_,$xa_) if ($i<7); # elsewhere - &por ($xb,$xa); - - ($xa,$xa_)=($xa_,$xa); - ($xb,$xb_)=($xb_,$xb); - ($xc,$xc_)=($xc_,$xc); - ($xd,$xd_)=($xd_,$xd); -} - -&function_begin("ChaCha20_ssse3"); -&set_label("ssse3_shortcut"); -if ($ymm) { - &test (&DWP(4,"ebp"),1<<11); # test XOP bit - &jnz (&label("xop_shortcut")); -} - - &mov ($out,&wparam(0)); - &mov ($inp,&wparam(1)); - &mov ($len,&wparam(2)); - &mov ("edx",&wparam(3)); # key - &mov ("ebx",&wparam(4)); # counter and nonce - - &mov ("ebp","esp"); - &stack_push (131); - &and ("esp",-64); - &mov (&DWP(512,"esp"),"ebp"); - - &lea ("eax",&DWP(&label("ssse3_data")."-". - &label("pic_point"),"eax")); - &movdqu ("xmm3",&QWP(0,"ebx")); # counter and nonce - -if (defined($gasver) && $gasver>=2.17) { # even though we encode - # pshufb manually, we - # handle only register - # operands, while this - # segment uses memory - # operand... - &cmp ($len,64*4); - &jb (&label("1x")); - - &mov (&DWP(512+4,"esp"),"edx"); # offload pointers - &mov (&DWP(512+8,"esp"),"ebx"); - &sub ($len,64*4); # bias len - &lea ("ebp",&DWP(256+128,"esp")); # size optimization - - &movdqu ("xmm7",&QWP(0,"edx")); # key - &pshufd ("xmm0","xmm3",0x00); - &pshufd ("xmm1","xmm3",0x55); - &pshufd ("xmm2","xmm3",0xaa); - &pshufd ("xmm3","xmm3",0xff); - &paddd ("xmm0",&QWP(16*3,"eax")); # fix counters - &pshufd ("xmm4","xmm7",0x00); - &pshufd ("xmm5","xmm7",0x55); - &psubd ("xmm0",&QWP(16*4,"eax")); - &pshufd ("xmm6","xmm7",0xaa); - &pshufd ("xmm7","xmm7",0xff); - &movdqa (&QWP(16*12-128,"ebp"),"xmm0"); - &movdqa (&QWP(16*13-128,"ebp"),"xmm1"); - &movdqa (&QWP(16*14-128,"ebp"),"xmm2"); - &movdqa (&QWP(16*15-128,"ebp"),"xmm3"); - &movdqu ("xmm3",&QWP(16,"edx")); # key - &movdqa (&QWP(16*4-128,"ebp"),"xmm4"); - &movdqa (&QWP(16*5-128,"ebp"),"xmm5"); - &movdqa (&QWP(16*6-128,"ebp"),"xmm6"); - &movdqa (&QWP(16*7-128,"ebp"),"xmm7"); - &movdqa ("xmm7",&QWP(16*2,"eax")); # sigma - &lea ("ebx",&DWP(128,"esp")); # size optimization - - &pshufd ("xmm0","xmm3",0x00); - &pshufd ("xmm1","xmm3",0x55); - &pshufd ("xmm2","xmm3",0xaa); - &pshufd ("xmm3","xmm3",0xff); - &pshufd ("xmm4","xmm7",0x00); - &pshufd ("xmm5","xmm7",0x55); - &pshufd ("xmm6","xmm7",0xaa); - &pshufd ("xmm7","xmm7",0xff); - &movdqa (&QWP(16*8-128,"ebp"),"xmm0"); - &movdqa (&QWP(16*9-128,"ebp"),"xmm1"); - &movdqa (&QWP(16*10-128,"ebp"),"xmm2"); - &movdqa (&QWP(16*11-128,"ebp"),"xmm3"); - &movdqa (&QWP(16*0-128,"ebp"),"xmm4"); - &movdqa (&QWP(16*1-128,"ebp"),"xmm5"); - &movdqa (&QWP(16*2-128,"ebp"),"xmm6"); - &movdqa (&QWP(16*3-128,"ebp"),"xmm7"); - - &lea ($inp,&DWP(128,$inp)); # size optimization - &lea ($out,&DWP(128,$out)); # size optimization - &jmp (&label("outer_loop")); - -&set_label("outer_loop",16); - #&movdqa ("xmm0",&QWP(16*0-128,"ebp")); # copy key material - &movdqa ("xmm1",&QWP(16*1-128,"ebp")); - &movdqa ("xmm2",&QWP(16*2-128,"ebp")); - &movdqa ("xmm3",&QWP(16*3-128,"ebp")); - #&movdqa ("xmm4",&QWP(16*4-128,"ebp")); - &movdqa ("xmm5",&QWP(16*5-128,"ebp")); - &movdqa ("xmm6",&QWP(16*6-128,"ebp")); - &movdqa ("xmm7",&QWP(16*7-128,"ebp")); - #&movdqa (&QWP(16*0-128,"ebx"),"xmm0"); - &movdqa (&QWP(16*1-128,"ebx"),"xmm1"); - &movdqa (&QWP(16*2-128,"ebx"),"xmm2"); - &movdqa (&QWP(16*3-128,"ebx"),"xmm3"); - #&movdqa (&QWP(16*4-128,"ebx"),"xmm4"); - &movdqa (&QWP(16*5-128,"ebx"),"xmm5"); - &movdqa (&QWP(16*6-128,"ebx"),"xmm6"); - &movdqa (&QWP(16*7-128,"ebx"),"xmm7"); - #&movdqa ("xmm0",&QWP(16*8-128,"ebp")); - #&movdqa ("xmm1",&QWP(16*9-128,"ebp")); - &movdqa ("xmm2",&QWP(16*10-128,"ebp")); - &movdqa ("xmm3",&QWP(16*11-128,"ebp")); - &movdqa ("xmm4",&QWP(16*12-128,"ebp")); - &movdqa ("xmm5",&QWP(16*13-128,"ebp")); - &movdqa ("xmm6",&QWP(16*14-128,"ebp")); - &movdqa ("xmm7",&QWP(16*15-128,"ebp")); - &paddd ("xmm4",&QWP(16*4,"eax")); # counter value - #&movdqa (&QWP(16*8-128,"ebx"),"xmm0"); - #&movdqa (&QWP(16*9-128,"ebx"),"xmm1"); - &movdqa (&QWP(16*10-128,"ebx"),"xmm2"); - &movdqa (&QWP(16*11-128,"ebx"),"xmm3"); - &movdqa (&QWP(16*12-128,"ebx"),"xmm4"); - &movdqa (&QWP(16*13-128,"ebx"),"xmm5"); - &movdqa (&QWP(16*14-128,"ebx"),"xmm6"); - &movdqa (&QWP(16*15-128,"ebx"),"xmm7"); - &movdqa (&QWP(16*12-128,"ebp"),"xmm4"); # save counter value - - &movdqa ($xa, &QWP(16*0-128,"ebp")); - &movdqa ($xd, "xmm4"); - &movdqa ($xb_,&QWP(16*4-128,"ebp")); - &movdqa ($xc, &QWP(16*8-128,"ebp")); - &movdqa ($xc_,&QWP(16*9-128,"ebp")); - - &mov ("edx",10); # loop counter - &nop (); - -&set_label("loop",16); - &paddd ($xa,$xb_); # elsewhere - &movdqa ($xb,$xb_); - &pxor ($xd,$xa); # elsewhere - &QUARTERROUND_SSSE3(0, 4, 8, 12, 0); - &QUARTERROUND_SSSE3(1, 5, 9, 13, 1); - &QUARTERROUND_SSSE3(2, 6,10, 14, 2); - &QUARTERROUND_SSSE3(3, 7,11, 15, 3); - &QUARTERROUND_SSSE3(0, 5,10, 15, 4); - &QUARTERROUND_SSSE3(1, 6,11, 12, 5); - &QUARTERROUND_SSSE3(2, 7, 8, 13, 6); - &QUARTERROUND_SSSE3(3, 4, 9, 14, 7); - &dec ("edx"); - &jnz (&label("loop")); - - &movdqa (&QWP(16*4-128,"ebx"),$xb_); - &movdqa (&QWP(16*8-128,"ebx"),$xc); - &movdqa (&QWP(16*9-128,"ebx"),$xc_); - &movdqa (&QWP(16*12-128,"ebx"),$xd); - &movdqa (&QWP(16*14-128,"ebx"),$xd_); - - my ($xa0,$xa1,$xa2,$xa3,$xt0,$xt1,$xt2,$xt3)=map("xmm$_",(0..7)); - - #&movdqa ($xa0,&QWP(16*0-128,"ebx")); # it's there - &movdqa ($xa1,&QWP(16*1-128,"ebx")); - &movdqa ($xa2,&QWP(16*2-128,"ebx")); - &movdqa ($xa3,&QWP(16*3-128,"ebx")); - - for($i=0;$i<256;$i+=64) { - &paddd ($xa0,&QWP($i+16*0-128,"ebp")); # accumulate key material - &paddd ($xa1,&QWP($i+16*1-128,"ebp")); - &paddd ($xa2,&QWP($i+16*2-128,"ebp")); - &paddd ($xa3,&QWP($i+16*3-128,"ebp")); - - &movdqa ($xt2,$xa0); # "de-interlace" data - &punpckldq ($xa0,$xa1); - &movdqa ($xt3,$xa2); - &punpckldq ($xa2,$xa3); - &punpckhdq ($xt2,$xa1); - &punpckhdq ($xt3,$xa3); - &movdqa ($xa1,$xa0); - &punpcklqdq ($xa0,$xa2); # "a0" - &movdqa ($xa3,$xt2); - &punpcklqdq ($xt2,$xt3); # "a2" - &punpckhqdq ($xa1,$xa2); # "a1" - &punpckhqdq ($xa3,$xt3); # "a3" - - #($xa2,$xt2)=($xt2,$xa2); - - &movdqu ($xt0,&QWP(64*0-128,$inp)); # load input - &movdqu ($xt1,&QWP(64*1-128,$inp)); - &movdqu ($xa2,&QWP(64*2-128,$inp)); - &movdqu ($xt3,&QWP(64*3-128,$inp)); - &lea ($inp,&QWP($i<192?16:(64*4-16*3),$inp)); - &pxor ($xt0,$xa0); - &movdqa ($xa0,&QWP($i+16*4-128,"ebx")) if ($i<192); - &pxor ($xt1,$xa1); - &movdqa ($xa1,&QWP($i+16*5-128,"ebx")) if ($i<192); - &pxor ($xt2,$xa2); - &movdqa ($xa2,&QWP($i+16*6-128,"ebx")) if ($i<192); - &pxor ($xt3,$xa3); - &movdqa ($xa3,&QWP($i+16*7-128,"ebx")) if ($i<192); - &movdqu (&QWP(64*0-128,$out),$xt0); # store output - &movdqu (&QWP(64*1-128,$out),$xt1); - &movdqu (&QWP(64*2-128,$out),$xt2); - &movdqu (&QWP(64*3-128,$out),$xt3); - &lea ($out,&QWP($i<192?16:(64*4-16*3),$out)); - } - &sub ($len,64*4); - &jnc (&label("outer_loop")); - - &add ($len,64*4); - &jz (&label("done")); - - &mov ("ebx",&DWP(512+8,"esp")); # restore pointers - &lea ($inp,&DWP(-128,$inp)); - &mov ("edx",&DWP(512+4,"esp")); - &lea ($out,&DWP(-128,$out)); - - &movd ("xmm2",&DWP(16*12-128,"ebp")); # counter value - &movdqu ("xmm3",&QWP(0,"ebx")); - &paddd ("xmm2",&QWP(16*6,"eax")); # +four - &pand ("xmm3",&QWP(16*7,"eax")); - &por ("xmm3","xmm2"); # counter value -} -{ -my ($a,$b,$c,$d,$t,$t1,$rot16,$rot24)=map("xmm$_",(0..7)); - -sub SSSE3ROUND { # critical path is 20 "SIMD ticks" per round - &paddd ($a,$b); - &pxor ($d,$a); - &pshufb ($d,$rot16); - - &paddd ($c,$d); - &pxor ($b,$c); - &movdqa ($t,$b); - &psrld ($b,20); - &pslld ($t,12); - &por ($b,$t); - - &paddd ($a,$b); - &pxor ($d,$a); - &pshufb ($d,$rot24); - - &paddd ($c,$d); - &pxor ($b,$c); - &movdqa ($t,$b); - &psrld ($b,25); - &pslld ($t,7); - &por ($b,$t); -} - -&set_label("1x"); - &movdqa ($a,&QWP(16*2,"eax")); # sigma - &movdqu ($b,&QWP(0,"edx")); - &movdqu ($c,&QWP(16,"edx")); - #&movdqu ($d,&QWP(0,"ebx")); # already loaded - &movdqa ($rot16,&QWP(0,"eax")); - &movdqa ($rot24,&QWP(16,"eax")); - &mov (&DWP(16*3,"esp"),"ebp"); - - &movdqa (&QWP(16*0,"esp"),$a); - &movdqa (&QWP(16*1,"esp"),$b); - &movdqa (&QWP(16*2,"esp"),$c); - &movdqa (&QWP(16*3,"esp"),$d); - &mov ("edx",10); - &jmp (&label("loop1x")); - -&set_label("outer1x",16); - &movdqa ($d,&QWP(16*5,"eax")); # one - &movdqa ($a,&QWP(16*0,"esp")); - &movdqa ($b,&QWP(16*1,"esp")); - &movdqa ($c,&QWP(16*2,"esp")); - &paddd ($d,&QWP(16*3,"esp")); - &mov ("edx",10); - &movdqa (&QWP(16*3,"esp"),$d); - &jmp (&label("loop1x")); - -&set_label("loop1x",16); - &SSSE3ROUND(); - &pshufd ($c,$c,0b01001110); - &pshufd ($b,$b,0b00111001); - &pshufd ($d,$d,0b10010011); - &nop (); - - &SSSE3ROUND(); - &pshufd ($c,$c,0b01001110); - &pshufd ($b,$b,0b10010011); - &pshufd ($d,$d,0b00111001); - - &dec ("edx"); - &jnz (&label("loop1x")); - - &paddd ($a,&QWP(16*0,"esp")); - &paddd ($b,&QWP(16*1,"esp")); - &paddd ($c,&QWP(16*2,"esp")); - &paddd ($d,&QWP(16*3,"esp")); - - &cmp ($len,64); - &jb (&label("tail")); - - &movdqu ($t,&QWP(16*0,$inp)); - &movdqu ($t1,&QWP(16*1,$inp)); - &pxor ($a,$t); # xor with input - &movdqu ($t,&QWP(16*2,$inp)); - &pxor ($b,$t1); - &movdqu ($t1,&QWP(16*3,$inp)); - &pxor ($c,$t); - &pxor ($d,$t1); - &lea ($inp,&DWP(16*4,$inp)); # inp+=64 - - &movdqu (&QWP(16*0,$out),$a); # write output - &movdqu (&QWP(16*1,$out),$b); - &movdqu (&QWP(16*2,$out),$c); - &movdqu (&QWP(16*3,$out),$d); - &lea ($out,&DWP(16*4,$out)); # inp+=64 - - &sub ($len,64); - &jnz (&label("outer1x")); - - &jmp (&label("done")); - -&set_label("tail"); - &movdqa (&QWP(16*0,"esp"),$a); - &movdqa (&QWP(16*1,"esp"),$b); - &movdqa (&QWP(16*2,"esp"),$c); - &movdqa (&QWP(16*3,"esp"),$d); - - &xor ("eax","eax"); - &xor ("edx","edx"); - &xor ("ebp","ebp"); - -&set_label("tail_loop"); - &movb ("al",&BP(0,"esp","ebp")); - &movb ("dl",&BP(0,$inp,"ebp")); - &lea ("ebp",&DWP(1,"ebp")); - &xor ("al","dl"); - &movb (&BP(-1,$out,"ebp"),"al"); - &dec ($len); - &jnz (&label("tail_loop")); -} -&set_label("done"); - &mov ("esp",&DWP(512,"esp")); -&function_end("ChaCha20_ssse3"); - -&align (64); -&set_label("ssse3_data"); -&data_byte(0x2,0x3,0x0,0x1, 0x6,0x7,0x4,0x5, 0xa,0xb,0x8,0x9, 0xe,0xf,0xc,0xd); -&data_byte(0x3,0x0,0x1,0x2, 0x7,0x4,0x5,0x6, 0xb,0x8,0x9,0xa, 0xf,0xc,0xd,0xe); -&data_word(0x61707865,0x3320646e,0x79622d32,0x6b206574); -&data_word(0,1,2,3); -&data_word(4,4,4,4); -&data_word(1,0,0,0); -&data_word(4,0,0,0); -&data_word(0,-1,-1,-1); -&align (64); -} -&asciz ("ChaCha20 for x86, CRYPTOGAMS by "); - -if ($ymm) { -my ($xa,$xa_,$xb,$xb_,$xc,$xc_,$xd,$xd_)=map("xmm$_",(0..7)); -my ($out,$inp,$len)=("edi","esi","ecx"); - -sub QUARTERROUND_XOP { -my ($ai,$bi,$ci,$di,$i)=@_; -my ($an,$bn,$cn,$dn)=map(($_&~3)+(($_+1)&3),($ai,$bi,$ci,$di)); # next -my ($ap,$bp,$cp,$dp)=map(($_&~3)+(($_-1)&3),($ai,$bi,$ci,$di)); # previous - - # a b c d - # - # 0 4 8 12 < even round - # 1 5 9 13 - # 2 6 10 14 - # 3 7 11 15 - # 0 5 10 15 < odd round - # 1 6 11 12 - # 2 7 8 13 - # 3 4 9 14 - - if ($i==0) { - my $j=4; - ($ap,$bp,$cp,$dp)=map(($_&~3)+(($_-$j--)&3),($ap,$bp,$cp,$dp)); - } elsif ($i==3) { - my $j=0; - ($an,$bn,$cn,$dn)=map(($_&~3)+(($_+$j++)&3),($an,$bn,$cn,$dn)); - } elsif ($i==4) { - my $j=4; - ($ap,$bp,$cp,$dp)=map(($_&~3)+(($_+$j--)&3),($ap,$bp,$cp,$dp)); - } elsif ($i==7) { - my $j=0; - ($an,$bn,$cn,$dn)=map(($_&~3)+(($_-$j++)&3),($an,$bn,$cn,$dn)); - } - - #&vpaddd ($xa,$xa,$xb); # see elsewhere - #&vpxor ($xd,$xd,$xa); # see elsewhere - &vmovdqa (&QWP(16*$cp-128,"ebx"),$xc_) if ($ai>0 && $ai<3); - &vprotd ($xd,$xd,16); - &vmovdqa (&QWP(16*$bp-128,"ebx"),$xb_) if ($i!=0); - &vpaddd ($xc,$xc,$xd); - &vmovdqa ($xc_,&QWP(16*$cn-128,"ebx")) if ($ai>0 && $ai<3); - &vpxor ($xb,$i!=0?$xb:$xb_,$xc); - &vmovdqa ($xa_,&QWP(16*$an-128,"ebx")); - &vprotd ($xb,$xb,12); - &vmovdqa ($xb_,&QWP(16*$bn-128,"ebx")) if ($i<7); - &vpaddd ($xa,$xa,$xb); - &vmovdqa ($xd_,&QWP(16*$dn-128,"ebx")) if ($di!=$dn); - &vpxor ($xd,$xd,$xa); - &vpaddd ($xa_,$xa_,$xb_) if ($i<7); # elsewhere - &vprotd ($xd,$xd,8); - &vmovdqa (&QWP(16*$ai-128,"ebx"),$xa); - &vpaddd ($xc,$xc,$xd); - &vmovdqa (&QWP(16*$di-128,"ebx"),$xd) if ($di!=$dn); - &vpxor ($xb,$xb,$xc); - &vpxor ($xd_,$di==$dn?$xd:$xd_,$xa_) if ($i<7); # elsewhere - &vprotd ($xb,$xb,7); - - ($xa,$xa_)=($xa_,$xa); - ($xb,$xb_)=($xb_,$xb); - ($xc,$xc_)=($xc_,$xc); - ($xd,$xd_)=($xd_,$xd); -} - -&function_begin("ChaCha20_xop"); -&set_label("xop_shortcut"); - &mov ($out,&wparam(0)); - &mov ($inp,&wparam(1)); - &mov ($len,&wparam(2)); - &mov ("edx",&wparam(3)); # key - &mov ("ebx",&wparam(4)); # counter and nonce - &vzeroupper (); - - &mov ("ebp","esp"); - &stack_push (131); - &and ("esp",-64); - &mov (&DWP(512,"esp"),"ebp"); - - &lea ("eax",&DWP(&label("ssse3_data")."-". - &label("pic_point"),"eax")); - &vmovdqu ("xmm3",&QWP(0,"ebx")); # counter and nonce - - &cmp ($len,64*4); - &jb (&label("1x")); - - &mov (&DWP(512+4,"esp"),"edx"); # offload pointers - &mov (&DWP(512+8,"esp"),"ebx"); - &sub ($len,64*4); # bias len - &lea ("ebp",&DWP(256+128,"esp")); # size optimization - - &vmovdqu ("xmm7",&QWP(0,"edx")); # key - &vpshufd ("xmm0","xmm3",0x00); - &vpshufd ("xmm1","xmm3",0x55); - &vpshufd ("xmm2","xmm3",0xaa); - &vpshufd ("xmm3","xmm3",0xff); - &vpaddd ("xmm0","xmm0",&QWP(16*3,"eax")); # fix counters - &vpshufd ("xmm4","xmm7",0x00); - &vpshufd ("xmm5","xmm7",0x55); - &vpsubd ("xmm0","xmm0",&QWP(16*4,"eax")); - &vpshufd ("xmm6","xmm7",0xaa); - &vpshufd ("xmm7","xmm7",0xff); - &vmovdqa (&QWP(16*12-128,"ebp"),"xmm0"); - &vmovdqa (&QWP(16*13-128,"ebp"),"xmm1"); - &vmovdqa (&QWP(16*14-128,"ebp"),"xmm2"); - &vmovdqa (&QWP(16*15-128,"ebp"),"xmm3"); - &vmovdqu ("xmm3",&QWP(16,"edx")); # key - &vmovdqa (&QWP(16*4-128,"ebp"),"xmm4"); - &vmovdqa (&QWP(16*5-128,"ebp"),"xmm5"); - &vmovdqa (&QWP(16*6-128,"ebp"),"xmm6"); - &vmovdqa (&QWP(16*7-128,"ebp"),"xmm7"); - &vmovdqa ("xmm7",&QWP(16*2,"eax")); # sigma - &lea ("ebx",&DWP(128,"esp")); # size optimization - - &vpshufd ("xmm0","xmm3",0x00); - &vpshufd ("xmm1","xmm3",0x55); - &vpshufd ("xmm2","xmm3",0xaa); - &vpshufd ("xmm3","xmm3",0xff); - &vpshufd ("xmm4","xmm7",0x00); - &vpshufd ("xmm5","xmm7",0x55); - &vpshufd ("xmm6","xmm7",0xaa); - &vpshufd ("xmm7","xmm7",0xff); - &vmovdqa (&QWP(16*8-128,"ebp"),"xmm0"); - &vmovdqa (&QWP(16*9-128,"ebp"),"xmm1"); - &vmovdqa (&QWP(16*10-128,"ebp"),"xmm2"); - &vmovdqa (&QWP(16*11-128,"ebp"),"xmm3"); - &vmovdqa (&QWP(16*0-128,"ebp"),"xmm4"); - &vmovdqa (&QWP(16*1-128,"ebp"),"xmm5"); - &vmovdqa (&QWP(16*2-128,"ebp"),"xmm6"); - &vmovdqa (&QWP(16*3-128,"ebp"),"xmm7"); - - &lea ($inp,&DWP(128,$inp)); # size optimization - &lea ($out,&DWP(128,$out)); # size optimization - &jmp (&label("outer_loop")); - -&set_label("outer_loop",32); - #&vmovdqa ("xmm0",&QWP(16*0-128,"ebp")); # copy key material - &vmovdqa ("xmm1",&QWP(16*1-128,"ebp")); - &vmovdqa ("xmm2",&QWP(16*2-128,"ebp")); - &vmovdqa ("xmm3",&QWP(16*3-128,"ebp")); - #&vmovdqa ("xmm4",&QWP(16*4-128,"ebp")); - &vmovdqa ("xmm5",&QWP(16*5-128,"ebp")); - &vmovdqa ("xmm6",&QWP(16*6-128,"ebp")); - &vmovdqa ("xmm7",&QWP(16*7-128,"ebp")); - #&vmovdqa (&QWP(16*0-128,"ebx"),"xmm0"); - &vmovdqa (&QWP(16*1-128,"ebx"),"xmm1"); - &vmovdqa (&QWP(16*2-128,"ebx"),"xmm2"); - &vmovdqa (&QWP(16*3-128,"ebx"),"xmm3"); - #&vmovdqa (&QWP(16*4-128,"ebx"),"xmm4"); - &vmovdqa (&QWP(16*5-128,"ebx"),"xmm5"); - &vmovdqa (&QWP(16*6-128,"ebx"),"xmm6"); - &vmovdqa (&QWP(16*7-128,"ebx"),"xmm7"); - #&vmovdqa ("xmm0",&QWP(16*8-128,"ebp")); - #&vmovdqa ("xmm1",&QWP(16*9-128,"ebp")); - &vmovdqa ("xmm2",&QWP(16*10-128,"ebp")); - &vmovdqa ("xmm3",&QWP(16*11-128,"ebp")); - &vmovdqa ("xmm4",&QWP(16*12-128,"ebp")); - &vmovdqa ("xmm5",&QWP(16*13-128,"ebp")); - &vmovdqa ("xmm6",&QWP(16*14-128,"ebp")); - &vmovdqa ("xmm7",&QWP(16*15-128,"ebp")); - &vpaddd ("xmm4","xmm4",&QWP(16*4,"eax")); # counter value - #&vmovdqa (&QWP(16*8-128,"ebx"),"xmm0"); - #&vmovdqa (&QWP(16*9-128,"ebx"),"xmm1"); - &vmovdqa (&QWP(16*10-128,"ebx"),"xmm2"); - &vmovdqa (&QWP(16*11-128,"ebx"),"xmm3"); - &vmovdqa (&QWP(16*12-128,"ebx"),"xmm4"); - &vmovdqa (&QWP(16*13-128,"ebx"),"xmm5"); - &vmovdqa (&QWP(16*14-128,"ebx"),"xmm6"); - &vmovdqa (&QWP(16*15-128,"ebx"),"xmm7"); - &vmovdqa (&QWP(16*12-128,"ebp"),"xmm4"); # save counter value - - &vmovdqa ($xa, &QWP(16*0-128,"ebp")); - &vmovdqa ($xd, "xmm4"); - &vmovdqa ($xb_,&QWP(16*4-128,"ebp")); - &vmovdqa ($xc, &QWP(16*8-128,"ebp")); - &vmovdqa ($xc_,&QWP(16*9-128,"ebp")); - - &mov ("edx",10); # loop counter - &nop (); - -&set_label("loop",32); - &vpaddd ($xa,$xa,$xb_); # elsewhere - &vpxor ($xd,$xd,$xa); # elsewhere - &QUARTERROUND_XOP(0, 4, 8, 12, 0); - &QUARTERROUND_XOP(1, 5, 9, 13, 1); - &QUARTERROUND_XOP(2, 6,10, 14, 2); - &QUARTERROUND_XOP(3, 7,11, 15, 3); - &QUARTERROUND_XOP(0, 5,10, 15, 4); - &QUARTERROUND_XOP(1, 6,11, 12, 5); - &QUARTERROUND_XOP(2, 7, 8, 13, 6); - &QUARTERROUND_XOP(3, 4, 9, 14, 7); - &dec ("edx"); - &jnz (&label("loop")); - - &vmovdqa (&QWP(16*4-128,"ebx"),$xb_); - &vmovdqa (&QWP(16*8-128,"ebx"),$xc); - &vmovdqa (&QWP(16*9-128,"ebx"),$xc_); - &vmovdqa (&QWP(16*12-128,"ebx"),$xd); - &vmovdqa (&QWP(16*14-128,"ebx"),$xd_); - - my ($xa0,$xa1,$xa2,$xa3,$xt0,$xt1,$xt2,$xt3)=map("xmm$_",(0..7)); - - #&vmovdqa ($xa0,&QWP(16*0-128,"ebx")); # it's there - &vmovdqa ($xa1,&QWP(16*1-128,"ebx")); - &vmovdqa ($xa2,&QWP(16*2-128,"ebx")); - &vmovdqa ($xa3,&QWP(16*3-128,"ebx")); - - for($i=0;$i<256;$i+=64) { - &vpaddd ($xa0,$xa0,&QWP($i+16*0-128,"ebp")); # accumulate key material - &vpaddd ($xa1,$xa1,&QWP($i+16*1-128,"ebp")); - &vpaddd ($xa2,$xa2,&QWP($i+16*2-128,"ebp")); - &vpaddd ($xa3,$xa3,&QWP($i+16*3-128,"ebp")); - - &vpunpckldq ($xt2,$xa0,$xa1); # "de-interlace" data - &vpunpckldq ($xt3,$xa2,$xa3); - &vpunpckhdq ($xa0,$xa0,$xa1); - &vpunpckhdq ($xa2,$xa2,$xa3); - &vpunpcklqdq ($xa1,$xt2,$xt3); # "a0" - &vpunpckhqdq ($xt2,$xt2,$xt3); # "a1" - &vpunpcklqdq ($xt3,$xa0,$xa2); # "a2" - &vpunpckhqdq ($xa3,$xa0,$xa2); # "a3" - - &vpxor ($xt0,$xa1,&QWP(64*0-128,$inp)); - &vpxor ($xt1,$xt2,&QWP(64*1-128,$inp)); - &vpxor ($xt2,$xt3,&QWP(64*2-128,$inp)); - &vpxor ($xt3,$xa3,&QWP(64*3-128,$inp)); - &lea ($inp,&QWP($i<192?16:(64*4-16*3),$inp)); - &vmovdqa ($xa0,&QWP($i+16*4-128,"ebx")) if ($i<192); - &vmovdqa ($xa1,&QWP($i+16*5-128,"ebx")) if ($i<192); - &vmovdqa ($xa2,&QWP($i+16*6-128,"ebx")) if ($i<192); - &vmovdqa ($xa3,&QWP($i+16*7-128,"ebx")) if ($i<192); - &vmovdqu (&QWP(64*0-128,$out),$xt0); # store output - &vmovdqu (&QWP(64*1-128,$out),$xt1); - &vmovdqu (&QWP(64*2-128,$out),$xt2); - &vmovdqu (&QWP(64*3-128,$out),$xt3); - &lea ($out,&QWP($i<192?16:(64*4-16*3),$out)); - } - &sub ($len,64*4); - &jnc (&label("outer_loop")); - - &add ($len,64*4); - &jz (&label("done")); - - &mov ("ebx",&DWP(512+8,"esp")); # restore pointers - &lea ($inp,&DWP(-128,$inp)); - &mov ("edx",&DWP(512+4,"esp")); - &lea ($out,&DWP(-128,$out)); - - &vmovd ("xmm2",&DWP(16*12-128,"ebp")); # counter value - &vmovdqu ("xmm3",&QWP(0,"ebx")); - &vpaddd ("xmm2","xmm2",&QWP(16*6,"eax"));# +four - &vpand ("xmm3","xmm3",&QWP(16*7,"eax")); - &vpor ("xmm3","xmm3","xmm2"); # counter value -{ -my ($a,$b,$c,$d,$t,$t1,$rot16,$rot24)=map("xmm$_",(0..7)); - -sub XOPROUND { - &vpaddd ($a,$a,$b); - &vpxor ($d,$d,$a); - &vprotd ($d,$d,16); - - &vpaddd ($c,$c,$d); - &vpxor ($b,$b,$c); - &vprotd ($b,$b,12); - - &vpaddd ($a,$a,$b); - &vpxor ($d,$d,$a); - &vprotd ($d,$d,8); - - &vpaddd ($c,$c,$d); - &vpxor ($b,$b,$c); - &vprotd ($b,$b,7); -} - -&set_label("1x"); - &vmovdqa ($a,&QWP(16*2,"eax")); # sigma - &vmovdqu ($b,&QWP(0,"edx")); - &vmovdqu ($c,&QWP(16,"edx")); - #&vmovdqu ($d,&QWP(0,"ebx")); # already loaded - &vmovdqa ($rot16,&QWP(0,"eax")); - &vmovdqa ($rot24,&QWP(16,"eax")); - &mov (&DWP(16*3,"esp"),"ebp"); - - &vmovdqa (&QWP(16*0,"esp"),$a); - &vmovdqa (&QWP(16*1,"esp"),$b); - &vmovdqa (&QWP(16*2,"esp"),$c); - &vmovdqa (&QWP(16*3,"esp"),$d); - &mov ("edx",10); - &jmp (&label("loop1x")); - -&set_label("outer1x",16); - &vmovdqa ($d,&QWP(16*5,"eax")); # one - &vmovdqa ($a,&QWP(16*0,"esp")); - &vmovdqa ($b,&QWP(16*1,"esp")); - &vmovdqa ($c,&QWP(16*2,"esp")); - &vpaddd ($d,$d,&QWP(16*3,"esp")); - &mov ("edx",10); - &vmovdqa (&QWP(16*3,"esp"),$d); - &jmp (&label("loop1x")); - -&set_label("loop1x",16); - &XOPROUND(); - &vpshufd ($c,$c,0b01001110); - &vpshufd ($b,$b,0b00111001); - &vpshufd ($d,$d,0b10010011); - - &XOPROUND(); - &vpshufd ($c,$c,0b01001110); - &vpshufd ($b,$b,0b10010011); - &vpshufd ($d,$d,0b00111001); - - &dec ("edx"); - &jnz (&label("loop1x")); - - &vpaddd ($a,$a,&QWP(16*0,"esp")); - &vpaddd ($b,$b,&QWP(16*1,"esp")); - &vpaddd ($c,$c,&QWP(16*2,"esp")); - &vpaddd ($d,$d,&QWP(16*3,"esp")); - - &cmp ($len,64); - &jb (&label("tail")); - - &vpxor ($a,$a,&QWP(16*0,$inp)); # xor with input - &vpxor ($b,$b,&QWP(16*1,$inp)); - &vpxor ($c,$c,&QWP(16*2,$inp)); - &vpxor ($d,$d,&QWP(16*3,$inp)); - &lea ($inp,&DWP(16*4,$inp)); # inp+=64 - - &vmovdqu (&QWP(16*0,$out),$a); # write output - &vmovdqu (&QWP(16*1,$out),$b); - &vmovdqu (&QWP(16*2,$out),$c); - &vmovdqu (&QWP(16*3,$out),$d); - &lea ($out,&DWP(16*4,$out)); # inp+=64 - - &sub ($len,64); - &jnz (&label("outer1x")); - - &jmp (&label("done")); - -&set_label("tail"); - &vmovdqa (&QWP(16*0,"esp"),$a); - &vmovdqa (&QWP(16*1,"esp"),$b); - &vmovdqa (&QWP(16*2,"esp"),$c); - &vmovdqa (&QWP(16*3,"esp"),$d); - - &xor ("eax","eax"); - &xor ("edx","edx"); - &xor ("ebp","ebp"); - -&set_label("tail_loop"); - &movb ("al",&BP(0,"esp","ebp")); - &movb ("dl",&BP(0,$inp,"ebp")); - &lea ("ebp",&DWP(1,"ebp")); - &xor ("al","dl"); - &movb (&BP(-1,$out,"ebp"),"al"); - &dec ($len); - &jnz (&label("tail_loop")); -} -&set_label("done"); - &vzeroupper (); - &mov ("esp",&DWP(512,"esp")); -&function_end("ChaCha20_xop"); -} - -&asm_finish(); - -close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/chacha/asm/chacha-x86_64.pl b/crypto/chacha/asm/chacha-x86_64.pl deleted file mode 100755 index cdb900c037fd4717f5b779195d956ebbacdf2b6d..0000000000000000000000000000000000000000 --- a/crypto/chacha/asm/chacha-x86_64.pl +++ /dev/null @@ -1,4039 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - -# -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# ==================================================================== -# -# November 2014 -# -# ChaCha20 for x86_64. -# -# December 2016 -# -# Add AVX512F code path. -# -# December 2017 -# -# Add AVX512VL code path. -# -# Performance in cycles per byte out of large buffer. -# -# IALU/gcc 4.8(i) 1x/2xSSSE3(ii) 4xSSSE3 NxAVX(v) -# -# P4 9.48/+99% - - -# Core2 7.83/+55% 7.90/5.76 4.35 -# Westmere 7.19/+50% 5.60/4.50 3.00 -# Sandy Bridge 8.31/+42% 5.45/4.00 2.72 -# Ivy Bridge 6.71/+46% 5.40/? 2.41 -# Haswell 5.92/+43% 5.20/3.45 2.42 1.23 -# Skylake[-X] 5.87/+39% 4.70/3.22 2.31 1.19[0.80(vi)] -# Silvermont 12.0/+33% 7.75/6.90 7.03(iii) -# Knights L 11.7/- ? 9.60(iii) 0.80 -# Goldmont 10.6/+17% 5.10/3.52 3.28 -# Sledgehammer 7.28/+52% - - -# Bulldozer 9.66/+28% 9.85/5.35(iv) 3.06(iv) -# Ryzen 5.96/+50% 5.19/3.00 2.40 2.09 -# VIA Nano 10.5/+46% 6.72/6.88 6.05 -# -# (i) compared to older gcc 3.x one can observe >2x improvement on -# most platforms; -# (ii) 2xSSSE3 is code path optimized specifically for 128 bytes used -# by chacha20_poly1305_tls_cipher, results are EVP-free; -# (iii) this is not optimal result for Atom because of MSROM -# limitations, SSE2 can do better, but gain is considered too -# low to justify the [maintenance] effort; -# (iv) Bulldozer actually executes 4xXOP code path that delivers 2.20 -# and 4.85 for 128-byte inputs; -# (v) 8xAVX2, 8xAVX512VL or 16xAVX512F, whichever best applicable; -# (vi) even though Skylake-X can execute AVX512F code and deliver 0.57 -# cpb in single thread, the corresponding capability is suppressed; - -# $output is the last argument if it looks like a file (it has an extension) -# $flavour is the first argument if it doesn't look like a file -$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; -$flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef; - -$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/); - -$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; -( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or -( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or -die "can't locate x86_64-xlate.pl"; - -if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1` - =~ /GNU assembler version ([2-9]\.[0-9]+)/) { - $avx = ($1>=2.19) + ($1>=2.22) + ($1>=2.25); -} - -if (!$avx && $win64 && ($flavour =~ /nasm/ || $ENV{ASM} =~ /nasm/) && - `nasm -v 2>&1` =~ /NASM version ([2-9]\.[0-9]+)(?:\.([0-9]+))?/) { - $avx = ($1>=2.09) + ($1>=2.10) + ($1>=2.12); - $avx += 1 if ($1==2.11 && $2>=8); -} - -if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) && - `ml64 2>&1` =~ /Version ([0-9]+)\./) { - $avx = ($1>=10) + ($1>=11); -} - -if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:clang|LLVM) version|.*based on LLVM) ([0-9]+\.[0-9]+)/) { - $avx = ($2>=3.0) + ($2>3.0); -} - -open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"" - or die "can't call $xlate: $!"; -*STDOUT=*OUT; - -# input parameter block -($out,$inp,$len,$key,$counter)=("%rdi","%rsi","%rdx","%rcx","%r8"); - -$code.=<<___; -.text - -.extern OPENSSL_ia32cap_P - -.align 64 -.Lzero: -.long 0,0,0,0 -.Lone: -.long 1,0,0,0 -.Linc: -.long 0,1,2,3 -.Lfour: -.long 4,4,4,4 -.Lincy: -.long 0,2,4,6,1,3,5,7 -.Leight: -.long 8,8,8,8,8,8,8,8 -.Lrot16: -.byte 0x2,0x3,0x0,0x1, 0x6,0x7,0x4,0x5, 0xa,0xb,0x8,0x9, 0xe,0xf,0xc,0xd -.Lrot24: -.byte 0x3,0x0,0x1,0x2, 0x7,0x4,0x5,0x6, 0xb,0x8,0x9,0xa, 0xf,0xc,0xd,0xe -.Ltwoy: -.long 2,0,0,0, 2,0,0,0 -.align 64 -.Lzeroz: -.long 0,0,0,0, 1,0,0,0, 2,0,0,0, 3,0,0,0 -.Lfourz: -.long 4,0,0,0, 4,0,0,0, 4,0,0,0, 4,0,0,0 -.Lincz: -.long 0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15 -.Lsixteen: -.long 16,16,16,16,16,16,16,16,16,16,16,16,16,16,16,16 -.Lsigma: -.asciz "expand 32-byte k" -.asciz "ChaCha20 for x86_64, CRYPTOGAMS by " -___ - -sub AUTOLOAD() # thunk [simplified] 32-bit style perlasm -{ my $opcode = $AUTOLOAD; $opcode =~ s/.*:://; - my $arg = pop; - $arg = "\$$arg" if ($arg*1 eq $arg); - $code .= "\t$opcode\t".join(',',$arg,reverse @_)."\n"; -} - -@x=("%eax","%ebx","%ecx","%edx",map("%r${_}d",(8..11)), - "%nox","%nox","%nox","%nox",map("%r${_}d",(12..15))); -@t=("%esi","%edi"); - -sub ROUND { # critical path is 24 cycles per round -my ($a0,$b0,$c0,$d0)=@_; -my ($a1,$b1,$c1,$d1)=map(($_&~3)+(($_+1)&3),($a0,$b0,$c0,$d0)); -my ($a2,$b2,$c2,$d2)=map(($_&~3)+(($_+1)&3),($a1,$b1,$c1,$d1)); -my ($a3,$b3,$c3,$d3)=map(($_&~3)+(($_+1)&3),($a2,$b2,$c2,$d2)); -my ($xc,$xc_)=map("\"$_\"",@t); -my @x=map("\"$_\"",@x); - - # Consider order in which variables are addressed by their - # index: - # - # a b c d - # - # 0 4 8 12 < even round - # 1 5 9 13 - # 2 6 10 14 - # 3 7 11 15 - # 0 5 10 15 < odd round - # 1 6 11 12 - # 2 7 8 13 - # 3 4 9 14 - # - # 'a', 'b' and 'd's are permanently allocated in registers, - # @x[0..7,12..15], while 'c's are maintained in memory. If - # you observe 'c' column, you'll notice that pair of 'c's is - # invariant between rounds. This means that we have to reload - # them once per round, in the middle. This is why you'll see - # bunch of 'c' stores and loads in the middle, but none in - # the beginning or end. - - # Normally instructions would be interleaved to favour in-order - # execution. Generally out-of-order cores manage it gracefully, - # but not this time for some reason. As in-order execution - # cores are dying breed, old Atom is the only one around, - # instructions are left uninterleaved. Besides, Atom is better - # off executing 1xSSSE3 code anyway... - - ( - "&add (@x[$a0],@x[$b0])", # Q1 - "&xor (@x[$d0],@x[$a0])", - "&rol (@x[$d0],16)", - "&add (@x[$a1],@x[$b1])", # Q2 - "&xor (@x[$d1],@x[$a1])", - "&rol (@x[$d1],16)", - - "&add ($xc,@x[$d0])", - "&xor (@x[$b0],$xc)", - "&rol (@x[$b0],12)", - "&add ($xc_,@x[$d1])", - "&xor (@x[$b1],$xc_)", - "&rol (@x[$b1],12)", - - "&add (@x[$a0],@x[$b0])", - "&xor (@x[$d0],@x[$a0])", - "&rol (@x[$d0],8)", - "&add (@x[$a1],@x[$b1])", - "&xor (@x[$d1],@x[$a1])", - "&rol (@x[$d1],8)", - - "&add ($xc,@x[$d0])", - "&xor (@x[$b0],$xc)", - "&rol (@x[$b0],7)", - "&add ($xc_,@x[$d1])", - "&xor (@x[$b1],$xc_)", - "&rol (@x[$b1],7)", - - "&mov (\"4*$c0(%rsp)\",$xc)", # reload pair of 'c's - "&mov (\"4*$c1(%rsp)\",$xc_)", - "&mov ($xc,\"4*$c2(%rsp)\")", - "&mov ($xc_,\"4*$c3(%rsp)\")", - - "&add (@x[$a2],@x[$b2])", # Q3 - "&xor (@x[$d2],@x[$a2])", - "&rol (@x[$d2],16)", - "&add (@x[$a3],@x[$b3])", # Q4 - "&xor (@x[$d3],@x[$a3])", - "&rol (@x[$d3],16)", - - "&add ($xc,@x[$d2])", - "&xor (@x[$b2],$xc)", - "&rol (@x[$b2],12)", - "&add ($xc_,@x[$d3])", - "&xor (@x[$b3],$xc_)", - "&rol (@x[$b3],12)", - - "&add (@x[$a2],@x[$b2])", - "&xor (@x[$d2],@x[$a2])", - "&rol (@x[$d2],8)", - "&add (@x[$a3],@x[$b3])", - "&xor (@x[$d3],@x[$a3])", - "&rol (@x[$d3],8)", - - "&add ($xc,@x[$d2])", - "&xor (@x[$b2],$xc)", - "&rol (@x[$b2],7)", - "&add ($xc_,@x[$d3])", - "&xor (@x[$b3],$xc_)", - "&rol (@x[$b3],7)" - ); -} - -######################################################################## -# Generic code path that handles all lengths on pre-SSSE3 processors. -$code.=<<___; -.globl ChaCha20_ctr32 -.type ChaCha20_ctr32,\@function,5 -.align 64 -ChaCha20_ctr32: -.cfi_startproc - cmp \$0,$len - je .Lno_data - mov OPENSSL_ia32cap_P+4(%rip),%r10 -___ -$code.=<<___ if ($avx>2); - bt \$48,%r10 # check for AVX512F - jc .LChaCha20_avx512 - test %r10,%r10 # check for AVX512VL - js .LChaCha20_avx512vl -___ -$code.=<<___; - test \$`1<<(41-32)`,%r10d - jnz .LChaCha20_ssse3 - - push %rbx -.cfi_push %rbx - push %rbp -.cfi_push %rbp - push %r12 -.cfi_push %r12 - push %r13 -.cfi_push %r13 - push %r14 -.cfi_push %r14 - push %r15 -.cfi_push %r15 - sub \$64+24,%rsp -.cfi_adjust_cfa_offset 64+24 -.Lctr32_body: - - #movdqa .Lsigma(%rip),%xmm0 - movdqu ($key),%xmm1 - movdqu 16($key),%xmm2 - movdqu ($counter),%xmm3 - movdqa .Lone(%rip),%xmm4 - - #movdqa %xmm0,4*0(%rsp) # key[0] - movdqa %xmm1,4*4(%rsp) # key[1] - movdqa %xmm2,4*8(%rsp) # key[2] - movdqa %xmm3,4*12(%rsp) # key[3] - mov $len,%rbp # reassign $len - jmp .Loop_outer - -.align 32 -.Loop_outer: - mov \$0x61707865,@x[0] # 'expa' - mov \$0x3320646e,@x[1] # 'nd 3' - mov \$0x79622d32,@x[2] # '2-by' - mov \$0x6b206574,@x[3] # 'te k' - mov 4*4(%rsp),@x[4] - mov 4*5(%rsp),@x[5] - mov 4*6(%rsp),@x[6] - mov 4*7(%rsp),@x[7] - movd %xmm3,@x[12] - mov 4*13(%rsp),@x[13] - mov 4*14(%rsp),@x[14] - mov 4*15(%rsp),@x[15] - - mov %rbp,64+0(%rsp) # save len - mov \$10,%ebp - mov $inp,64+8(%rsp) # save inp - movq %xmm2,%rsi # "@x[8]" - mov $out,64+16(%rsp) # save out - mov %rsi,%rdi - shr \$32,%rdi # "@x[9]" - jmp .Loop - -.align 32 -.Loop: -___ - foreach (&ROUND (0, 4, 8,12)) { eval; } - foreach (&ROUND (0, 5,10,15)) { eval; } - &dec ("%ebp"); - &jnz (".Loop"); - -$code.=<<___; - mov @t[1],4*9(%rsp) # modulo-scheduled - mov @t[0],4*8(%rsp) - mov 64(%rsp),%rbp # load len - movdqa %xmm2,%xmm1 - mov 64+8(%rsp),$inp # load inp - paddd %xmm4,%xmm3 # increment counter - mov 64+16(%rsp),$out # load out - - add \$0x61707865,@x[0] # 'expa' - add \$0x3320646e,@x[1] # 'nd 3' - add \$0x79622d32,@x[2] # '2-by' - add \$0x6b206574,@x[3] # 'te k' - add 4*4(%rsp),@x[4] - add 4*5(%rsp),@x[5] - add 4*6(%rsp),@x[6] - add 4*7(%rsp),@x[7] - add 4*12(%rsp),@x[12] - add 4*13(%rsp),@x[13] - add 4*14(%rsp),@x[14] - add 4*15(%rsp),@x[15] - paddd 4*8(%rsp),%xmm1 - - cmp \$64,%rbp - jb .Ltail - - xor 4*0($inp),@x[0] # xor with input - xor 4*1($inp),@x[1] - xor 4*2($inp),@x[2] - xor 4*3($inp),@x[3] - xor 4*4($inp),@x[4] - xor 4*5($inp),@x[5] - xor 4*6($inp),@x[6] - xor 4*7($inp),@x[7] - movdqu 4*8($inp),%xmm0 - xor 4*12($inp),@x[12] - xor 4*13($inp),@x[13] - xor 4*14($inp),@x[14] - xor 4*15($inp),@x[15] - lea 4*16($inp),$inp # inp+=64 - pxor %xmm1,%xmm0 - - movdqa %xmm2,4*8(%rsp) - movd %xmm3,4*12(%rsp) - - mov @x[0],4*0($out) # write output - mov @x[1],4*1($out) - mov @x[2],4*2($out) - mov @x[3],4*3($out) - mov @x[4],4*4($out) - mov @x[5],4*5($out) - mov @x[6],4*6($out) - mov @x[7],4*7($out) - movdqu %xmm0,4*8($out) - mov @x[12],4*12($out) - mov @x[13],4*13($out) - mov @x[14],4*14($out) - mov @x[15],4*15($out) - lea 4*16($out),$out # out+=64 - - sub \$64,%rbp - jnz .Loop_outer - - jmp .Ldone - -.align 16 -.Ltail: - mov @x[0],4*0(%rsp) - mov @x[1],4*1(%rsp) - xor %rbx,%rbx - mov @x[2],4*2(%rsp) - mov @x[3],4*3(%rsp) - mov @x[4],4*4(%rsp) - mov @x[5],4*5(%rsp) - mov @x[6],4*6(%rsp) - mov @x[7],4*7(%rsp) - movdqa %xmm1,4*8(%rsp) - mov @x[12],4*12(%rsp) - mov @x[13],4*13(%rsp) - mov @x[14],4*14(%rsp) - mov @x[15],4*15(%rsp) - -.Loop_tail: - movzb ($inp,%rbx),%eax - movzb (%rsp,%rbx),%edx - lea 1(%rbx),%rbx - xor %edx,%eax - mov %al,-1($out,%rbx) - dec %rbp - jnz .Loop_tail - -.Ldone: - lea 64+24+48(%rsp),%rsi -.cfi_def_cfa %rsi,8 - mov -48(%rsi),%r15 -.cfi_restore %r15 - mov -40(%rsi),%r14 -.cfi_restore %r14 - mov -32(%rsi),%r13 -.cfi_restore %r13 - mov -24(%rsi),%r12 -.cfi_restore %r12 - mov -16(%rsi),%rbp -.cfi_restore %rbp - mov -8(%rsi),%rbx -.cfi_restore %rbx - lea (%rsi),%rsp -.cfi_def_cfa_register %rsp -.Lno_data: - ret -.cfi_endproc -.size ChaCha20_ctr32,.-ChaCha20_ctr32 -___ - -######################################################################## -# SSSE3 code path that handles shorter lengths -{ -my ($a,$b,$c,$d,$t,$t1,$rot16,$rot24)=map("%xmm$_",(0..7)); - -sub SSSE3ROUND { # critical path is 20 "SIMD ticks" per round - &paddd ($a,$b); - &pxor ($d,$a); - &pshufb ($d,$rot16); - - &paddd ($c,$d); - &pxor ($b,$c); - &movdqa ($t,$b); - &psrld ($b,20); - &pslld ($t,12); - &por ($b,$t); - - &paddd ($a,$b); - &pxor ($d,$a); - &pshufb ($d,$rot24); - - &paddd ($c,$d); - &pxor ($b,$c); - &movdqa ($t,$b); - &psrld ($b,25); - &pslld ($t,7); - &por ($b,$t); -} - -my $xframe = $win64 ? 160+8 : 8; - -$code.=<<___; -.type ChaCha20_ssse3,\@function,5 -.align 32 -ChaCha20_ssse3: -.cfi_startproc -.LChaCha20_ssse3: - mov %rsp,%r9 # frame pointer -.cfi_def_cfa_register %r9 -___ -$code.=<<___ if ($avx); - test \$`1<<(43-32)`,%r10d - jnz .LChaCha20_4xop # XOP is fastest even if we use 1/4 -___ -$code.=<<___; - cmp \$128,$len # we might throw away some data, - je .LChaCha20_128 - ja .LChaCha20_4x # but overall it won't be slower - -.Ldo_sse3_after_all: - sub \$64+$xframe,%rsp -___ -$code.=<<___ if ($win64); - movaps %xmm6,-0x28(%r9) - movaps %xmm7,-0x18(%r9) -.Lssse3_body: -___ -$code.=<<___; - movdqa .Lsigma(%rip),$a - movdqu ($key),$b - movdqu 16($key),$c - movdqu ($counter),$d - movdqa .Lrot16(%rip),$rot16 - movdqa .Lrot24(%rip),$rot24 - - movdqa $a,0x00(%rsp) - movdqa $b,0x10(%rsp) - movdqa $c,0x20(%rsp) - movdqa $d,0x30(%rsp) - mov \$10,$counter # reuse $counter - jmp .Loop_ssse3 - -.align 32 -.Loop_outer_ssse3: - movdqa .Lone(%rip),$d - movdqa 0x00(%rsp),$a - movdqa 0x10(%rsp),$b - movdqa 0x20(%rsp),$c - paddd 0x30(%rsp),$d - mov \$10,$counter - movdqa $d,0x30(%rsp) - jmp .Loop_ssse3 - -.align 32 -.Loop_ssse3: -___ - &SSSE3ROUND(); - &pshufd ($c,$c,0b01001110); - &pshufd ($b,$b,0b00111001); - &pshufd ($d,$d,0b10010011); - &nop (); - - &SSSE3ROUND(); - &pshufd ($c,$c,0b01001110); - &pshufd ($b,$b,0b10010011); - &pshufd ($d,$d,0b00111001); - - &dec ($counter); - &jnz (".Loop_ssse3"); - -$code.=<<___; - paddd 0x00(%rsp),$a - paddd 0x10(%rsp),$b - paddd 0x20(%rsp),$c - paddd 0x30(%rsp),$d - - cmp \$64,$len - jb .Ltail_ssse3 - - movdqu 0x00($inp),$t - movdqu 0x10($inp),$t1 - pxor $t,$a # xor with input - movdqu 0x20($inp),$t - pxor $t1,$b - movdqu 0x30($inp),$t1 - lea 0x40($inp),$inp # inp+=64 - pxor $t,$c - pxor $t1,$d - - movdqu $a,0x00($out) # write output - movdqu $b,0x10($out) - movdqu $c,0x20($out) - movdqu $d,0x30($out) - lea 0x40($out),$out # out+=64 - - sub \$64,$len - jnz .Loop_outer_ssse3 - - jmp .Ldone_ssse3 - -.align 16 -.Ltail_ssse3: - movdqa $a,0x00(%rsp) - movdqa $b,0x10(%rsp) - movdqa $c,0x20(%rsp) - movdqa $d,0x30(%rsp) - xor $counter,$counter - -.Loop_tail_ssse3: - movzb ($inp,$counter),%eax - movzb (%rsp,$counter),%ecx - lea 1($counter),$counter - xor %ecx,%eax - mov %al,-1($out,$counter) - dec $len - jnz .Loop_tail_ssse3 - -.Ldone_ssse3: -___ -$code.=<<___ if ($win64); - movaps -0x28(%r9),%xmm6 - movaps -0x18(%r9),%xmm7 -___ -$code.=<<___; - lea (%r9),%rsp -.cfi_def_cfa_register %rsp -.Lssse3_epilogue: - ret -.cfi_endproc -.size ChaCha20_ssse3,.-ChaCha20_ssse3 -___ -} - -######################################################################## -# SSSE3 code path that handles 128-byte inputs -{ -my ($a,$b,$c,$d,$t,$t1,$rot16,$rot24)=map("%xmm$_",(8,9,2..7)); -my ($a1,$b1,$c1,$d1)=map("%xmm$_",(10,11,0,1)); - -sub SSSE3ROUND_2x { - &paddd ($a,$b); - &pxor ($d,$a); - &paddd ($a1,$b1); - &pxor ($d1,$a1); - &pshufb ($d,$rot16); - &pshufb($d1,$rot16); - - &paddd ($c,$d); - &paddd ($c1,$d1); - &pxor ($b,$c); - &pxor ($b1,$c1); - &movdqa ($t,$b); - &psrld ($b,20); - &movdqa($t1,$b1); - &pslld ($t,12); - &psrld ($b1,20); - &por ($b,$t); - &pslld ($t1,12); - &por ($b1,$t1); - - &paddd ($a,$b); - &pxor ($d,$a); - &paddd ($a1,$b1); - &pxor ($d1,$a1); - &pshufb ($d,$rot24); - &pshufb($d1,$rot24); - - &paddd ($c,$d); - &paddd ($c1,$d1); - &pxor ($b,$c); - &pxor ($b1,$c1); - &movdqa ($t,$b); - &psrld ($b,25); - &movdqa($t1,$b1); - &pslld ($t,7); - &psrld ($b1,25); - &por ($b,$t); - &pslld ($t1,7); - &por ($b1,$t1); -} - -my $xframe = $win64 ? 0x68 : 8; - -$code.=<<___; -.type ChaCha20_128,\@function,5 -.align 32 -ChaCha20_128: -.cfi_startproc -.LChaCha20_128: - mov %rsp,%r9 # frame pointer -.cfi_def_cfa_register %r9 - sub \$64+$xframe,%rsp -___ -$code.=<<___ if ($win64); - movaps %xmm6,-0x68(%r9) - movaps %xmm7,-0x58(%r9) - movaps %xmm8,-0x48(%r9) - movaps %xmm9,-0x38(%r9) - movaps %xmm10,-0x28(%r9) - movaps %xmm11,-0x18(%r9) -.L128_body: -___ -$code.=<<___; - movdqa .Lsigma(%rip),$a - movdqu ($key),$b - movdqu 16($key),$c - movdqu ($counter),$d - movdqa .Lone(%rip),$d1 - movdqa .Lrot16(%rip),$rot16 - movdqa .Lrot24(%rip),$rot24 - - movdqa $a,$a1 - movdqa $a,0x00(%rsp) - movdqa $b,$b1 - movdqa $b,0x10(%rsp) - movdqa $c,$c1 - movdqa $c,0x20(%rsp) - paddd $d,$d1 - movdqa $d,0x30(%rsp) - mov \$10,$counter # reuse $counter - jmp .Loop_128 - -.align 32 -.Loop_128: -___ - &SSSE3ROUND_2x(); - &pshufd ($c,$c,0b01001110); - &pshufd ($b,$b,0b00111001); - &pshufd ($d,$d,0b10010011); - &pshufd ($c1,$c1,0b01001110); - &pshufd ($b1,$b1,0b00111001); - &pshufd ($d1,$d1,0b10010011); - - &SSSE3ROUND_2x(); - &pshufd ($c,$c,0b01001110); - &pshufd ($b,$b,0b10010011); - &pshufd ($d,$d,0b00111001); - &pshufd ($c1,$c1,0b01001110); - &pshufd ($b1,$b1,0b10010011); - &pshufd ($d1,$d1,0b00111001); - - &dec ($counter); - &jnz (".Loop_128"); - -$code.=<<___; - paddd 0x00(%rsp),$a - paddd 0x10(%rsp),$b - paddd 0x20(%rsp),$c - paddd 0x30(%rsp),$d - paddd .Lone(%rip),$d1 - paddd 0x00(%rsp),$a1 - paddd 0x10(%rsp),$b1 - paddd 0x20(%rsp),$c1 - paddd 0x30(%rsp),$d1 - - movdqu 0x00($inp),$t - movdqu 0x10($inp),$t1 - pxor $t,$a # xor with input - movdqu 0x20($inp),$t - pxor $t1,$b - movdqu 0x30($inp),$t1 - pxor $t,$c - movdqu 0x40($inp),$t - pxor $t1,$d - movdqu 0x50($inp),$t1 - pxor $t,$a1 - movdqu 0x60($inp),$t - pxor $t1,$b1 - movdqu 0x70($inp),$t1 - pxor $t,$c1 - pxor $t1,$d1 - - movdqu $a,0x00($out) # write output - movdqu $b,0x10($out) - movdqu $c,0x20($out) - movdqu $d,0x30($out) - movdqu $a1,0x40($out) - movdqu $b1,0x50($out) - movdqu $c1,0x60($out) - movdqu $d1,0x70($out) -___ -$code.=<<___ if ($win64); - movaps -0x68(%r9),%xmm6 - movaps -0x58(%r9),%xmm7 - movaps -0x48(%r9),%xmm8 - movaps -0x38(%r9),%xmm9 - movaps -0x28(%r9),%xmm10 - movaps -0x18(%r9),%xmm11 -___ -$code.=<<___; - lea (%r9),%rsp -.cfi_def_cfa_register %rsp -.L128_epilogue: - ret -.cfi_endproc -.size ChaCha20_128,.-ChaCha20_128 -___ -} - -######################################################################## -# SSSE3 code path that handles longer messages. -{ -# assign variables to favor Atom front-end -my ($xd0,$xd1,$xd2,$xd3, $xt0,$xt1,$xt2,$xt3, - $xa0,$xa1,$xa2,$xa3, $xb0,$xb1,$xb2,$xb3)=map("%xmm$_",(0..15)); -my @xx=($xa0,$xa1,$xa2,$xa3, $xb0,$xb1,$xb2,$xb3, - "%nox","%nox","%nox","%nox", $xd0,$xd1,$xd2,$xd3); - -sub SSSE3_lane_ROUND { -my ($a0,$b0,$c0,$d0)=@_; -my ($a1,$b1,$c1,$d1)=map(($_&~3)+(($_+1)&3),($a0,$b0,$c0,$d0)); -my ($a2,$b2,$c2,$d2)=map(($_&~3)+(($_+1)&3),($a1,$b1,$c1,$d1)); -my ($a3,$b3,$c3,$d3)=map(($_&~3)+(($_+1)&3),($a2,$b2,$c2,$d2)); -my ($xc,$xc_,$t0,$t1)=map("\"$_\"",$xt0,$xt1,$xt2,$xt3); -my @x=map("\"$_\"",@xx); - - # Consider order in which variables are addressed by their - # index: - # - # a b c d - # - # 0 4 8 12 < even round - # 1 5 9 13 - # 2 6 10 14 - # 3 7 11 15 - # 0 5 10 15 < odd round - # 1 6 11 12 - # 2 7 8 13 - # 3 4 9 14 - # - # 'a', 'b' and 'd's are permanently allocated in registers, - # @x[0..7,12..15], while 'c's are maintained in memory. If - # you observe 'c' column, you'll notice that pair of 'c's is - # invariant between rounds. This means that we have to reload - # them once per round, in the middle. This is why you'll see - # bunch of 'c' stores and loads in the middle, but none in - # the beginning or end. - - ( - "&paddd (@x[$a0],@x[$b0])", # Q1 - "&paddd (@x[$a1],@x[$b1])", # Q2 - "&pxor (@x[$d0],@x[$a0])", - "&pxor (@x[$d1],@x[$a1])", - "&pshufb (@x[$d0],$t1)", - "&pshufb (@x[$d1],$t1)", - - "&paddd ($xc,@x[$d0])", - "&paddd ($xc_,@x[$d1])", - "&pxor (@x[$b0],$xc)", - "&pxor (@x[$b1],$xc_)", - "&movdqa ($t0,@x[$b0])", - "&pslld (@x[$b0],12)", - "&psrld ($t0,20)", - "&movdqa ($t1,@x[$b1])", - "&pslld (@x[$b1],12)", - "&por (@x[$b0],$t0)", - "&psrld ($t1,20)", - "&movdqa ($t0,'(%r11)')", # .Lrot24(%rip) - "&por (@x[$b1],$t1)", - - "&paddd (@x[$a0],@x[$b0])", - "&paddd (@x[$a1],@x[$b1])", - "&pxor (@x[$d0],@x[$a0])", - "&pxor (@x[$d1],@x[$a1])", - "&pshufb (@x[$d0],$t0)", - "&pshufb (@x[$d1],$t0)", - - "&paddd ($xc,@x[$d0])", - "&paddd ($xc_,@x[$d1])", - "&pxor (@x[$b0],$xc)", - "&pxor (@x[$b1],$xc_)", - "&movdqa ($t1,@x[$b0])", - "&pslld (@x[$b0],7)", - "&psrld ($t1,25)", - "&movdqa ($t0,@x[$b1])", - "&pslld (@x[$b1],7)", - "&por (@x[$b0],$t1)", - "&psrld ($t0,25)", - "&movdqa ($t1,'(%r10)')", # .Lrot16(%rip) - "&por (@x[$b1],$t0)", - - "&movdqa (\"`16*($c0-8)`(%rsp)\",$xc)", # reload pair of 'c's - "&movdqa (\"`16*($c1-8)`(%rsp)\",$xc_)", - "&movdqa ($xc,\"`16*($c2-8)`(%rsp)\")", - "&movdqa ($xc_,\"`16*($c3-8)`(%rsp)\")", - - "&paddd (@x[$a2],@x[$b2])", # Q3 - "&paddd (@x[$a3],@x[$b3])", # Q4 - "&pxor (@x[$d2],@x[$a2])", - "&pxor (@x[$d3],@x[$a3])", - "&pshufb (@x[$d2],$t1)", - "&pshufb (@x[$d3],$t1)", - - "&paddd ($xc,@x[$d2])", - "&paddd ($xc_,@x[$d3])", - "&pxor (@x[$b2],$xc)", - "&pxor (@x[$b3],$xc_)", - "&movdqa ($t0,@x[$b2])", - "&pslld (@x[$b2],12)", - "&psrld ($t0,20)", - "&movdqa ($t1,@x[$b3])", - "&pslld (@x[$b3],12)", - "&por (@x[$b2],$t0)", - "&psrld ($t1,20)", - "&movdqa ($t0,'(%r11)')", # .Lrot24(%rip) - "&por (@x[$b3],$t1)", - - "&paddd (@x[$a2],@x[$b2])", - "&paddd (@x[$a3],@x[$b3])", - "&pxor (@x[$d2],@x[$a2])", - "&pxor (@x[$d3],@x[$a3])", - "&pshufb (@x[$d2],$t0)", - "&pshufb (@x[$d3],$t0)", - - "&paddd ($xc,@x[$d2])", - "&paddd ($xc_,@x[$d3])", - "&pxor (@x[$b2],$xc)", - "&pxor (@x[$b3],$xc_)", - "&movdqa ($t1,@x[$b2])", - "&pslld (@x[$b2],7)", - "&psrld ($t1,25)", - "&movdqa ($t0,@x[$b3])", - "&pslld (@x[$b3],7)", - "&por (@x[$b2],$t1)", - "&psrld ($t0,25)", - "&movdqa ($t1,'(%r10)')", # .Lrot16(%rip) - "&por (@x[$b3],$t0)" - ); -} - -my $xframe = $win64 ? 0xa8 : 8; - -$code.=<<___; -.type ChaCha20_4x,\@function,5 -.align 32 -ChaCha20_4x: -.cfi_startproc -.LChaCha20_4x: - mov %rsp,%r9 # frame pointer -.cfi_def_cfa_register %r9 - mov %r10,%r11 -___ -$code.=<<___ if ($avx>1); - shr \$32,%r10 # OPENSSL_ia32cap_P+8 - test \$`1<<5`,%r10 # test AVX2 - jnz .LChaCha20_8x -___ -$code.=<<___; - cmp \$192,$len - ja .Lproceed4x - - and \$`1<<26|1<<22`,%r11 # isolate XSAVE+MOVBE - cmp \$`1<<22`,%r11 # check for MOVBE without XSAVE - je .Ldo_sse3_after_all # to detect Atom - -.Lproceed4x: - sub \$0x140+$xframe,%rsp -___ - ################ stack layout - # +0x00 SIMD equivalent of @x[8-12] - # ... - # +0x40 constant copy of key[0-2] smashed by lanes - # ... - # +0x100 SIMD counters (with nonce smashed by lanes) - # ... - # +0x140 -$code.=<<___ if ($win64); - movaps %xmm6,-0xa8(%r9) - movaps %xmm7,-0x98(%r9) - movaps %xmm8,-0x88(%r9) - movaps %xmm9,-0x78(%r9) - movaps %xmm10,-0x68(%r9) - movaps %xmm11,-0x58(%r9) - movaps %xmm12,-0x48(%r9) - movaps %xmm13,-0x38(%r9) - movaps %xmm14,-0x28(%r9) - movaps %xmm15,-0x18(%r9) -.L4x_body: -___ -$code.=<<___; - movdqa .Lsigma(%rip),$xa3 # key[0] - movdqu ($key),$xb3 # key[1] - movdqu 16($key),$xt3 # key[2] - movdqu ($counter),$xd3 # key[3] - lea 0x100(%rsp),%rcx # size optimization - lea .Lrot16(%rip),%r10 - lea .Lrot24(%rip),%r11 - - pshufd \$0x00,$xa3,$xa0 # smash key by lanes... - pshufd \$0x55,$xa3,$xa1 - movdqa $xa0,0x40(%rsp) # ... and offload - pshufd \$0xaa,$xa3,$xa2 - movdqa $xa1,0x50(%rsp) - pshufd \$0xff,$xa3,$xa3 - movdqa $xa2,0x60(%rsp) - movdqa $xa3,0x70(%rsp) - - pshufd \$0x00,$xb3,$xb0 - pshufd \$0x55,$xb3,$xb1 - movdqa $xb0,0x80-0x100(%rcx) - pshufd \$0xaa,$xb3,$xb2 - movdqa $xb1,0x90-0x100(%rcx) - pshufd \$0xff,$xb3,$xb3 - movdqa $xb2,0xa0-0x100(%rcx) - movdqa $xb3,0xb0-0x100(%rcx) - - pshufd \$0x00,$xt3,$xt0 # "$xc0" - pshufd \$0x55,$xt3,$xt1 # "$xc1" - movdqa $xt0,0xc0-0x100(%rcx) - pshufd \$0xaa,$xt3,$xt2 # "$xc2" - movdqa $xt1,0xd0-0x100(%rcx) - pshufd \$0xff,$xt3,$xt3 # "$xc3" - movdqa $xt2,0xe0-0x100(%rcx) - movdqa $xt3,0xf0-0x100(%rcx) - - pshufd \$0x00,$xd3,$xd0 - pshufd \$0x55,$xd3,$xd1 - paddd .Linc(%rip),$xd0 # don't save counters yet - pshufd \$0xaa,$xd3,$xd2 - movdqa $xd1,0x110-0x100(%rcx) - pshufd \$0xff,$xd3,$xd3 - movdqa $xd2,0x120-0x100(%rcx) - movdqa $xd3,0x130-0x100(%rcx) - - jmp .Loop_enter4x - -.align 32 -.Loop_outer4x: - movdqa 0x40(%rsp),$xa0 # re-load smashed key - movdqa 0x50(%rsp),$xa1 - movdqa 0x60(%rsp),$xa2 - movdqa 0x70(%rsp),$xa3 - movdqa 0x80-0x100(%rcx),$xb0 - movdqa 0x90-0x100(%rcx),$xb1 - movdqa 0xa0-0x100(%rcx),$xb2 - movdqa 0xb0-0x100(%rcx),$xb3 - movdqa 0xc0-0x100(%rcx),$xt0 # "$xc0" - movdqa 0xd0-0x100(%rcx),$xt1 # "$xc1" - movdqa 0xe0-0x100(%rcx),$xt2 # "$xc2" - movdqa 0xf0-0x100(%rcx),$xt3 # "$xc3" - movdqa 0x100-0x100(%rcx),$xd0 - movdqa 0x110-0x100(%rcx),$xd1 - movdqa 0x120-0x100(%rcx),$xd2 - movdqa 0x130-0x100(%rcx),$xd3 - paddd .Lfour(%rip),$xd0 # next SIMD counters - -.Loop_enter4x: - movdqa $xt2,0x20(%rsp) # SIMD equivalent of "@x[10]" - movdqa $xt3,0x30(%rsp) # SIMD equivalent of "@x[11]" - movdqa (%r10),$xt3 # .Lrot16(%rip) - mov \$10,%eax - movdqa $xd0,0x100-0x100(%rcx) # save SIMD counters - jmp .Loop4x - -.align 32 -.Loop4x: -___ - foreach (&SSSE3_lane_ROUND(0, 4, 8,12)) { eval; } - foreach (&SSSE3_lane_ROUND(0, 5,10,15)) { eval; } -$code.=<<___; - dec %eax - jnz .Loop4x - - paddd 0x40(%rsp),$xa0 # accumulate key material - paddd 0x50(%rsp),$xa1 - paddd 0x60(%rsp),$xa2 - paddd 0x70(%rsp),$xa3 - - movdqa $xa0,$xt2 # "de-interlace" data - punpckldq $xa1,$xa0 - movdqa $xa2,$xt3 - punpckldq $xa3,$xa2 - punpckhdq $xa1,$xt2 - punpckhdq $xa3,$xt3 - movdqa $xa0,$xa1 - punpcklqdq $xa2,$xa0 # "a0" - movdqa $xt2,$xa3 - punpcklqdq $xt3,$xt2 # "a2" - punpckhqdq $xa2,$xa1 # "a1" - punpckhqdq $xt3,$xa3 # "a3" -___ - ($xa2,$xt2)=($xt2,$xa2); -$code.=<<___; - paddd 0x80-0x100(%rcx),$xb0 - paddd 0x90-0x100(%rcx),$xb1 - paddd 0xa0-0x100(%rcx),$xb2 - paddd 0xb0-0x100(%rcx),$xb3 - - movdqa $xa0,0x00(%rsp) # offload $xaN - movdqa $xa1,0x10(%rsp) - movdqa 0x20(%rsp),$xa0 # "xc2" - movdqa 0x30(%rsp),$xa1 # "xc3" - - movdqa $xb0,$xt2 - punpckldq $xb1,$xb0 - movdqa $xb2,$xt3 - punpckldq $xb3,$xb2 - punpckhdq $xb1,$xt2 - punpckhdq $xb3,$xt3 - movdqa $xb0,$xb1 - punpcklqdq $xb2,$xb0 # "b0" - movdqa $xt2,$xb3 - punpcklqdq $xt3,$xt2 # "b2" - punpckhqdq $xb2,$xb1 # "b1" - punpckhqdq $xt3,$xb3 # "b3" -___ - ($xb2,$xt2)=($xt2,$xb2); - my ($xc0,$xc1,$xc2,$xc3)=($xt0,$xt1,$xa0,$xa1); -$code.=<<___; - paddd 0xc0-0x100(%rcx),$xc0 - paddd 0xd0-0x100(%rcx),$xc1 - paddd 0xe0-0x100(%rcx),$xc2 - paddd 0xf0-0x100(%rcx),$xc3 - - movdqa $xa2,0x20(%rsp) # keep offloading $xaN - movdqa $xa3,0x30(%rsp) - - movdqa $xc0,$xt2 - punpckldq $xc1,$xc0 - movdqa $xc2,$xt3 - punpckldq $xc3,$xc2 - punpckhdq $xc1,$xt2 - punpckhdq $xc3,$xt3 - movdqa $xc0,$xc1 - punpcklqdq $xc2,$xc0 # "c0" - movdqa $xt2,$xc3 - punpcklqdq $xt3,$xt2 # "c2" - punpckhqdq $xc2,$xc1 # "c1" - punpckhqdq $xt3,$xc3 # "c3" -___ - ($xc2,$xt2)=($xt2,$xc2); - ($xt0,$xt1)=($xa2,$xa3); # use $xaN as temporary -$code.=<<___; - paddd 0x100-0x100(%rcx),$xd0 - paddd 0x110-0x100(%rcx),$xd1 - paddd 0x120-0x100(%rcx),$xd2 - paddd 0x130-0x100(%rcx),$xd3 - - movdqa $xd0,$xt2 - punpckldq $xd1,$xd0 - movdqa $xd2,$xt3 - punpckldq $xd3,$xd2 - punpckhdq $xd1,$xt2 - punpckhdq $xd3,$xt3 - movdqa $xd0,$xd1 - punpcklqdq $xd2,$xd0 # "d0" - movdqa $xt2,$xd3 - punpcklqdq $xt3,$xt2 # "d2" - punpckhqdq $xd2,$xd1 # "d1" - punpckhqdq $xt3,$xd3 # "d3" -___ - ($xd2,$xt2)=($xt2,$xd2); -$code.=<<___; - cmp \$64*4,$len - jb .Ltail4x - - movdqu 0x00($inp),$xt0 # xor with input - movdqu 0x10($inp),$xt1 - movdqu 0x20($inp),$xt2 - movdqu 0x30($inp),$xt3 - pxor 0x00(%rsp),$xt0 # $xaN is offloaded, remember? - pxor $xb0,$xt1 - pxor $xc0,$xt2 - pxor $xd0,$xt3 - - movdqu $xt0,0x00($out) - movdqu 0x40($inp),$xt0 - movdqu $xt1,0x10($out) - movdqu 0x50($inp),$xt1 - movdqu $xt2,0x20($out) - movdqu 0x60($inp),$xt2 - movdqu $xt3,0x30($out) - movdqu 0x70($inp),$xt3 - lea 0x80($inp),$inp # size optimization - pxor 0x10(%rsp),$xt0 - pxor $xb1,$xt1 - pxor $xc1,$xt2 - pxor $xd1,$xt3 - - movdqu $xt0,0x40($out) - movdqu 0x00($inp),$xt0 - movdqu $xt1,0x50($out) - movdqu 0x10($inp),$xt1 - movdqu $xt2,0x60($out) - movdqu 0x20($inp),$xt2 - movdqu $xt3,0x70($out) - lea 0x80($out),$out # size optimization - movdqu 0x30($inp),$xt3 - pxor 0x20(%rsp),$xt0 - pxor $xb2,$xt1 - pxor $xc2,$xt2 - pxor $xd2,$xt3 - - movdqu $xt0,0x00($out) - movdqu 0x40($inp),$xt0 - movdqu $xt1,0x10($out) - movdqu 0x50($inp),$xt1 - movdqu $xt2,0x20($out) - movdqu 0x60($inp),$xt2 - movdqu $xt3,0x30($out) - movdqu 0x70($inp),$xt3 - lea 0x80($inp),$inp # inp+=64*4 - pxor 0x30(%rsp),$xt0 - pxor $xb3,$xt1 - pxor $xc3,$xt2 - pxor $xd3,$xt3 - movdqu $xt0,0x40($out) - movdqu $xt1,0x50($out) - movdqu $xt2,0x60($out) - movdqu $xt3,0x70($out) - lea 0x80($out),$out # out+=64*4 - - sub \$64*4,$len - jnz .Loop_outer4x - - jmp .Ldone4x - -.Ltail4x: - cmp \$192,$len - jae .L192_or_more4x - cmp \$128,$len - jae .L128_or_more4x - cmp \$64,$len - jae .L64_or_more4x - - #movdqa 0x00(%rsp),$xt0 # $xaN is offloaded, remember? - xor %r10,%r10 - #movdqa $xt0,0x00(%rsp) - movdqa $xb0,0x10(%rsp) - movdqa $xc0,0x20(%rsp) - movdqa $xd0,0x30(%rsp) - jmp .Loop_tail4x - -.align 32 -.L64_or_more4x: - movdqu 0x00($inp),$xt0 # xor with input - movdqu 0x10($inp),$xt1 - movdqu 0x20($inp),$xt2 - movdqu 0x30($inp),$xt3 - pxor 0x00(%rsp),$xt0 # $xaxN is offloaded, remember? - pxor $xb0,$xt1 - pxor $xc0,$xt2 - pxor $xd0,$xt3 - movdqu $xt0,0x00($out) - movdqu $xt1,0x10($out) - movdqu $xt2,0x20($out) - movdqu $xt3,0x30($out) - je .Ldone4x - - movdqa 0x10(%rsp),$xt0 # $xaN is offloaded, remember? - lea 0x40($inp),$inp # inp+=64*1 - xor %r10,%r10 - movdqa $xt0,0x00(%rsp) - movdqa $xb1,0x10(%rsp) - lea 0x40($out),$out # out+=64*1 - movdqa $xc1,0x20(%rsp) - sub \$64,$len # len-=64*1 - movdqa $xd1,0x30(%rsp) - jmp .Loop_tail4x - -.align 32 -.L128_or_more4x: - movdqu 0x00($inp),$xt0 # xor with input - movdqu 0x10($inp),$xt1 - movdqu 0x20($inp),$xt2 - movdqu 0x30($inp),$xt3 - pxor 0x00(%rsp),$xt0 # $xaN is offloaded, remember? - pxor $xb0,$xt1 - pxor $xc0,$xt2 - pxor $xd0,$xt3 - - movdqu $xt0,0x00($out) - movdqu 0x40($inp),$xt0 - movdqu $xt1,0x10($out) - movdqu 0x50($inp),$xt1 - movdqu $xt2,0x20($out) - movdqu 0x60($inp),$xt2 - movdqu $xt3,0x30($out) - movdqu 0x70($inp),$xt3 - pxor 0x10(%rsp),$xt0 - pxor $xb1,$xt1 - pxor $xc1,$xt2 - pxor $xd1,$xt3 - movdqu $xt0,0x40($out) - movdqu $xt1,0x50($out) - movdqu $xt2,0x60($out) - movdqu $xt3,0x70($out) - je .Ldone4x - - movdqa 0x20(%rsp),$xt0 # $xaN is offloaded, remember? - lea 0x80($inp),$inp # inp+=64*2 - xor %r10,%r10 - movdqa $xt0,0x00(%rsp) - movdqa $xb2,0x10(%rsp) - lea 0x80($out),$out # out+=64*2 - movdqa $xc2,0x20(%rsp) - sub \$128,$len # len-=64*2 - movdqa $xd2,0x30(%rsp) - jmp .Loop_tail4x - -.align 32 -.L192_or_more4x: - movdqu 0x00($inp),$xt0 # xor with input - movdqu 0x10($inp),$xt1 - movdqu 0x20($inp),$xt2 - movdqu 0x30($inp),$xt3 - pxor 0x00(%rsp),$xt0 # $xaN is offloaded, remember? - pxor $xb0,$xt1 - pxor $xc0,$xt2 - pxor $xd0,$xt3 - - movdqu $xt0,0x00($out) - movdqu 0x40($inp),$xt0 - movdqu $xt1,0x10($out) - movdqu 0x50($inp),$xt1 - movdqu $xt2,0x20($out) - movdqu 0x60($inp),$xt2 - movdqu $xt3,0x30($out) - movdqu 0x70($inp),$xt3 - lea 0x80($inp),$inp # size optimization - pxor 0x10(%rsp),$xt0 - pxor $xb1,$xt1 - pxor $xc1,$xt2 - pxor $xd1,$xt3 - - movdqu $xt0,0x40($out) - movdqu 0x00($inp),$xt0 - movdqu $xt1,0x50($out) - movdqu 0x10($inp),$xt1 - movdqu $xt2,0x60($out) - movdqu 0x20($inp),$xt2 - movdqu $xt3,0x70($out) - lea 0x80($out),$out # size optimization - movdqu 0x30($inp),$xt3 - pxor 0x20(%rsp),$xt0 - pxor $xb2,$xt1 - pxor $xc2,$xt2 - pxor $xd2,$xt3 - movdqu $xt0,0x00($out) - movdqu $xt1,0x10($out) - movdqu $xt2,0x20($out) - movdqu $xt3,0x30($out) - je .Ldone4x - - movdqa 0x30(%rsp),$xt0 # $xaN is offloaded, remember? - lea 0x40($inp),$inp # inp+=64*3 - xor %r10,%r10 - movdqa $xt0,0x00(%rsp) - movdqa $xb3,0x10(%rsp) - lea 0x40($out),$out # out+=64*3 - movdqa $xc3,0x20(%rsp) - sub \$192,$len # len-=64*3 - movdqa $xd3,0x30(%rsp) - -.Loop_tail4x: - movzb ($inp,%r10),%eax - movzb (%rsp,%r10),%ecx - lea 1(%r10),%r10 - xor %ecx,%eax - mov %al,-1($out,%r10) - dec $len - jnz .Loop_tail4x - -.Ldone4x: -___ -$code.=<<___ if ($win64); - movaps -0xa8(%r9),%xmm6 - movaps -0x98(%r9),%xmm7 - movaps -0x88(%r9),%xmm8 - movaps -0x78(%r9),%xmm9 - movaps -0x68(%r9),%xmm10 - movaps -0x58(%r9),%xmm11 - movaps -0x48(%r9),%xmm12 - movaps -0x38(%r9),%xmm13 - movaps -0x28(%r9),%xmm14 - movaps -0x18(%r9),%xmm15 -___ -$code.=<<___; - lea (%r9),%rsp -.cfi_def_cfa_register %rsp -.L4x_epilogue: - ret -.cfi_endproc -.size ChaCha20_4x,.-ChaCha20_4x -___ -} - -######################################################################## -# XOP code path that handles all lengths. -if ($avx) { -# There is some "anomaly" observed depending on instructions' size or -# alignment. If you look closely at below code you'll notice that -# sometimes argument order varies. The order affects instruction -# encoding by making it larger, and such fiddling gives 5% performance -# improvement. This is on FX-4100... - -my ($xb0,$xb1,$xb2,$xb3, $xd0,$xd1,$xd2,$xd3, - $xa0,$xa1,$xa2,$xa3, $xt0,$xt1,$xt2,$xt3)=map("%xmm$_",(0..15)); -my @xx=($xa0,$xa1,$xa2,$xa3, $xb0,$xb1,$xb2,$xb3, - $xt0,$xt1,$xt2,$xt3, $xd0,$xd1,$xd2,$xd3); - -sub XOP_lane_ROUND { -my ($a0,$b0,$c0,$d0)=@_; -my ($a1,$b1,$c1,$d1)=map(($_&~3)+(($_+1)&3),($a0,$b0,$c0,$d0)); -my ($a2,$b2,$c2,$d2)=map(($_&~3)+(($_+1)&3),($a1,$b1,$c1,$d1)); -my ($a3,$b3,$c3,$d3)=map(($_&~3)+(($_+1)&3),($a2,$b2,$c2,$d2)); -my @x=map("\"$_\"",@xx); - - ( - "&vpaddd (@x[$a0],@x[$a0],@x[$b0])", # Q1 - "&vpaddd (@x[$a1],@x[$a1],@x[$b1])", # Q2 - "&vpaddd (@x[$a2],@x[$a2],@x[$b2])", # Q3 - "&vpaddd (@x[$a3],@x[$a3],@x[$b3])", # Q4 - "&vpxor (@x[$d0],@x[$a0],@x[$d0])", - "&vpxor (@x[$d1],@x[$a1],@x[$d1])", - "&vpxor (@x[$d2],@x[$a2],@x[$d2])", - "&vpxor (@x[$d3],@x[$a3],@x[$d3])", - "&vprotd (@x[$d0],@x[$d0],16)", - "&vprotd (@x[$d1],@x[$d1],16)", - "&vprotd (@x[$d2],@x[$d2],16)", - "&vprotd (@x[$d3],@x[$d3],16)", - - "&vpaddd (@x[$c0],@x[$c0],@x[$d0])", - "&vpaddd (@x[$c1],@x[$c1],@x[$d1])", - "&vpaddd (@x[$c2],@x[$c2],@x[$d2])", - "&vpaddd (@x[$c3],@x[$c3],@x[$d3])", - "&vpxor (@x[$b0],@x[$c0],@x[$b0])", - "&vpxor (@x[$b1],@x[$c1],@x[$b1])", - "&vpxor (@x[$b2],@x[$b2],@x[$c2])", # flip - "&vpxor (@x[$b3],@x[$b3],@x[$c3])", # flip - "&vprotd (@x[$b0],@x[$b0],12)", - "&vprotd (@x[$b1],@x[$b1],12)", - "&vprotd (@x[$b2],@x[$b2],12)", - "&vprotd (@x[$b3],@x[$b3],12)", - - "&vpaddd (@x[$a0],@x[$b0],@x[$a0])", # flip - "&vpaddd (@x[$a1],@x[$b1],@x[$a1])", # flip - "&vpaddd (@x[$a2],@x[$a2],@x[$b2])", - "&vpaddd (@x[$a3],@x[$a3],@x[$b3])", - "&vpxor (@x[$d0],@x[$a0],@x[$d0])", - "&vpxor (@x[$d1],@x[$a1],@x[$d1])", - "&vpxor (@x[$d2],@x[$a2],@x[$d2])", - "&vpxor (@x[$d3],@x[$a3],@x[$d3])", - "&vprotd (@x[$d0],@x[$d0],8)", - "&vprotd (@x[$d1],@x[$d1],8)", - "&vprotd (@x[$d2],@x[$d2],8)", - "&vprotd (@x[$d3],@x[$d3],8)", - - "&vpaddd (@x[$c0],@x[$c0],@x[$d0])", - "&vpaddd (@x[$c1],@x[$c1],@x[$d1])", - "&vpaddd (@x[$c2],@x[$c2],@x[$d2])", - "&vpaddd (@x[$c3],@x[$c3],@x[$d3])", - "&vpxor (@x[$b0],@x[$c0],@x[$b0])", - "&vpxor (@x[$b1],@x[$c1],@x[$b1])", - "&vpxor (@x[$b2],@x[$b2],@x[$c2])", # flip - "&vpxor (@x[$b3],@x[$b3],@x[$c3])", # flip - "&vprotd (@x[$b0],@x[$b0],7)", - "&vprotd (@x[$b1],@x[$b1],7)", - "&vprotd (@x[$b2],@x[$b2],7)", - "&vprotd (@x[$b3],@x[$b3],7)" - ); -} - -my $xframe = $win64 ? 0xa8 : 8; - -$code.=<<___; -.type ChaCha20_4xop,\@function,5 -.align 32 -ChaCha20_4xop: -.cfi_startproc -.LChaCha20_4xop: - mov %rsp,%r9 # frame pointer -.cfi_def_cfa_register %r9 - sub \$0x140+$xframe,%rsp -___ - ################ stack layout - # +0x00 SIMD equivalent of @x[8-12] - # ... - # +0x40 constant copy of key[0-2] smashed by lanes - # ... - # +0x100 SIMD counters (with nonce smashed by lanes) - # ... - # +0x140 -$code.=<<___ if ($win64); - movaps %xmm6,-0xa8(%r9) - movaps %xmm7,-0x98(%r9) - movaps %xmm8,-0x88(%r9) - movaps %xmm9,-0x78(%r9) - movaps %xmm10,-0x68(%r9) - movaps %xmm11,-0x58(%r9) - movaps %xmm12,-0x48(%r9) - movaps %xmm13,-0x38(%r9) - movaps %xmm14,-0x28(%r9) - movaps %xmm15,-0x18(%r9) -.L4xop_body: -___ -$code.=<<___; - vzeroupper - - vmovdqa .Lsigma(%rip),$xa3 # key[0] - vmovdqu ($key),$xb3 # key[1] - vmovdqu 16($key),$xt3 # key[2] - vmovdqu ($counter),$xd3 # key[3] - lea 0x100(%rsp),%rcx # size optimization - - vpshufd \$0x00,$xa3,$xa0 # smash key by lanes... - vpshufd \$0x55,$xa3,$xa1 - vmovdqa $xa0,0x40(%rsp) # ... and offload - vpshufd \$0xaa,$xa3,$xa2 - vmovdqa $xa1,0x50(%rsp) - vpshufd \$0xff,$xa3,$xa3 - vmovdqa $xa2,0x60(%rsp) - vmovdqa $xa3,0x70(%rsp) - - vpshufd \$0x00,$xb3,$xb0 - vpshufd \$0x55,$xb3,$xb1 - vmovdqa $xb0,0x80-0x100(%rcx) - vpshufd \$0xaa,$xb3,$xb2 - vmovdqa $xb1,0x90-0x100(%rcx) - vpshufd \$0xff,$xb3,$xb3 - vmovdqa $xb2,0xa0-0x100(%rcx) - vmovdqa $xb3,0xb0-0x100(%rcx) - - vpshufd \$0x00,$xt3,$xt0 # "$xc0" - vpshufd \$0x55,$xt3,$xt1 # "$xc1" - vmovdqa $xt0,0xc0-0x100(%rcx) - vpshufd \$0xaa,$xt3,$xt2 # "$xc2" - vmovdqa $xt1,0xd0-0x100(%rcx) - vpshufd \$0xff,$xt3,$xt3 # "$xc3" - vmovdqa $xt2,0xe0-0x100(%rcx) - vmovdqa $xt3,0xf0-0x100(%rcx) - - vpshufd \$0x00,$xd3,$xd0 - vpshufd \$0x55,$xd3,$xd1 - vpaddd .Linc(%rip),$xd0,$xd0 # don't save counters yet - vpshufd \$0xaa,$xd3,$xd2 - vmovdqa $xd1,0x110-0x100(%rcx) - vpshufd \$0xff,$xd3,$xd3 - vmovdqa $xd2,0x120-0x100(%rcx) - vmovdqa $xd3,0x130-0x100(%rcx) - - jmp .Loop_enter4xop - -.align 32 -.Loop_outer4xop: - vmovdqa 0x40(%rsp),$xa0 # re-load smashed key - vmovdqa 0x50(%rsp),$xa1 - vmovdqa 0x60(%rsp),$xa2 - vmovdqa 0x70(%rsp),$xa3 - vmovdqa 0x80-0x100(%rcx),$xb0 - vmovdqa 0x90-0x100(%rcx),$xb1 - vmovdqa 0xa0-0x100(%rcx),$xb2 - vmovdqa 0xb0-0x100(%rcx),$xb3 - vmovdqa 0xc0-0x100(%rcx),$xt0 # "$xc0" - vmovdqa 0xd0-0x100(%rcx),$xt1 # "$xc1" - vmovdqa 0xe0-0x100(%rcx),$xt2 # "$xc2" - vmovdqa 0xf0-0x100(%rcx),$xt3 # "$xc3" - vmovdqa 0x100-0x100(%rcx),$xd0 - vmovdqa 0x110-0x100(%rcx),$xd1 - vmovdqa 0x120-0x100(%rcx),$xd2 - vmovdqa 0x130-0x100(%rcx),$xd3 - vpaddd .Lfour(%rip),$xd0,$xd0 # next SIMD counters - -.Loop_enter4xop: - mov \$10,%eax - vmovdqa $xd0,0x100-0x100(%rcx) # save SIMD counters - jmp .Loop4xop - -.align 32 -.Loop4xop: -___ - foreach (&XOP_lane_ROUND(0, 4, 8,12)) { eval; } - foreach (&XOP_lane_ROUND(0, 5,10,15)) { eval; } -$code.=<<___; - dec %eax - jnz .Loop4xop - - vpaddd 0x40(%rsp),$xa0,$xa0 # accumulate key material - vpaddd 0x50(%rsp),$xa1,$xa1 - vpaddd 0x60(%rsp),$xa2,$xa2 - vpaddd 0x70(%rsp),$xa3,$xa3 - - vmovdqa $xt2,0x20(%rsp) # offload $xc2,3 - vmovdqa $xt3,0x30(%rsp) - - vpunpckldq $xa1,$xa0,$xt2 # "de-interlace" data - vpunpckldq $xa3,$xa2,$xt3 - vpunpckhdq $xa1,$xa0,$xa0 - vpunpckhdq $xa3,$xa2,$xa2 - vpunpcklqdq $xt3,$xt2,$xa1 # "a0" - vpunpckhqdq $xt3,$xt2,$xt2 # "a1" - vpunpcklqdq $xa2,$xa0,$xa3 # "a2" - vpunpckhqdq $xa2,$xa0,$xa0 # "a3" -___ - ($xa0,$xa1,$xa2,$xa3,$xt2)=($xa1,$xt2,$xa3,$xa0,$xa2); -$code.=<<___; - vpaddd 0x80-0x100(%rcx),$xb0,$xb0 - vpaddd 0x90-0x100(%rcx),$xb1,$xb1 - vpaddd 0xa0-0x100(%rcx),$xb2,$xb2 - vpaddd 0xb0-0x100(%rcx),$xb3,$xb3 - - vmovdqa $xa0,0x00(%rsp) # offload $xa0,1 - vmovdqa $xa1,0x10(%rsp) - vmovdqa 0x20(%rsp),$xa0 # "xc2" - vmovdqa 0x30(%rsp),$xa1 # "xc3" - - vpunpckldq $xb1,$xb0,$xt2 - vpunpckldq $xb3,$xb2,$xt3 - vpunpckhdq $xb1,$xb0,$xb0 - vpunpckhdq $xb3,$xb2,$xb2 - vpunpcklqdq $xt3,$xt2,$xb1 # "b0" - vpunpckhqdq $xt3,$xt2,$xt2 # "b1" - vpunpcklqdq $xb2,$xb0,$xb3 # "b2" - vpunpckhqdq $xb2,$xb0,$xb0 # "b3" -___ - ($xb0,$xb1,$xb2,$xb3,$xt2)=($xb1,$xt2,$xb3,$xb0,$xb2); - my ($xc0,$xc1,$xc2,$xc3)=($xt0,$xt1,$xa0,$xa1); -$code.=<<___; - vpaddd 0xc0-0x100(%rcx),$xc0,$xc0 - vpaddd 0xd0-0x100(%rcx),$xc1,$xc1 - vpaddd 0xe0-0x100(%rcx),$xc2,$xc2 - vpaddd 0xf0-0x100(%rcx),$xc3,$xc3 - - vpunpckldq $xc1,$xc0,$xt2 - vpunpckldq $xc3,$xc2,$xt3 - vpunpckhdq $xc1,$xc0,$xc0 - vpunpckhdq $xc3,$xc2,$xc2 - vpunpcklqdq $xt3,$xt2,$xc1 # "c0" - vpunpckhqdq $xt3,$xt2,$xt2 # "c1" - vpunpcklqdq $xc2,$xc0,$xc3 # "c2" - vpunpckhqdq $xc2,$xc0,$xc0 # "c3" -___ - ($xc0,$xc1,$xc2,$xc3,$xt2)=($xc1,$xt2,$xc3,$xc0,$xc2); -$code.=<<___; - vpaddd 0x100-0x100(%rcx),$xd0,$xd0 - vpaddd 0x110-0x100(%rcx),$xd1,$xd1 - vpaddd 0x120-0x100(%rcx),$xd2,$xd2 - vpaddd 0x130-0x100(%rcx),$xd3,$xd3 - - vpunpckldq $xd1,$xd0,$xt2 - vpunpckldq $xd3,$xd2,$xt3 - vpunpckhdq $xd1,$xd0,$xd0 - vpunpckhdq $xd3,$xd2,$xd2 - vpunpcklqdq $xt3,$xt2,$xd1 # "d0" - vpunpckhqdq $xt3,$xt2,$xt2 # "d1" - vpunpcklqdq $xd2,$xd0,$xd3 # "d2" - vpunpckhqdq $xd2,$xd0,$xd0 # "d3" -___ - ($xd0,$xd1,$xd2,$xd3,$xt2)=($xd1,$xt2,$xd3,$xd0,$xd2); - ($xa0,$xa1)=($xt2,$xt3); -$code.=<<___; - vmovdqa 0x00(%rsp),$xa0 # restore $xa0,1 - vmovdqa 0x10(%rsp),$xa1 - - cmp \$64*4,$len - jb .Ltail4xop - - vpxor 0x00($inp),$xa0,$xa0 # xor with input - vpxor 0x10($inp),$xb0,$xb0 - vpxor 0x20($inp),$xc0,$xc0 - vpxor 0x30($inp),$xd0,$xd0 - vpxor 0x40($inp),$xa1,$xa1 - vpxor 0x50($inp),$xb1,$xb1 - vpxor 0x60($inp),$xc1,$xc1 - vpxor 0x70($inp),$xd1,$xd1 - lea 0x80($inp),$inp # size optimization - vpxor 0x00($inp),$xa2,$xa2 - vpxor 0x10($inp),$xb2,$xb2 - vpxor 0x20($inp),$xc2,$xc2 - vpxor 0x30($inp),$xd2,$xd2 - vpxor 0x40($inp),$xa3,$xa3 - vpxor 0x50($inp),$xb3,$xb3 - vpxor 0x60($inp),$xc3,$xc3 - vpxor 0x70($inp),$xd3,$xd3 - lea 0x80($inp),$inp # inp+=64*4 - - vmovdqu $xa0,0x00($out) - vmovdqu $xb0,0x10($out) - vmovdqu $xc0,0x20($out) - vmovdqu $xd0,0x30($out) - vmovdqu $xa1,0x40($out) - vmovdqu $xb1,0x50($out) - vmovdqu $xc1,0x60($out) - vmovdqu $xd1,0x70($out) - lea 0x80($out),$out # size optimization - vmovdqu $xa2,0x00($out) - vmovdqu $xb2,0x10($out) - vmovdqu $xc2,0x20($out) - vmovdqu $xd2,0x30($out) - vmovdqu $xa3,0x40($out) - vmovdqu $xb3,0x50($out) - vmovdqu $xc3,0x60($out) - vmovdqu $xd3,0x70($out) - lea 0x80($out),$out # out+=64*4 - - sub \$64*4,$len - jnz .Loop_outer4xop - - jmp .Ldone4xop - -.align 32 -.Ltail4xop: - cmp \$192,$len - jae .L192_or_more4xop - cmp \$128,$len - jae .L128_or_more4xop - cmp \$64,$len - jae .L64_or_more4xop - - xor %r10,%r10 - vmovdqa $xa0,0x00(%rsp) - vmovdqa $xb0,0x10(%rsp) - vmovdqa $xc0,0x20(%rsp) - vmovdqa $xd0,0x30(%rsp) - jmp .Loop_tail4xop - -.align 32 -.L64_or_more4xop: - vpxor 0x00($inp),$xa0,$xa0 # xor with input - vpxor 0x10($inp),$xb0,$xb0 - vpxor 0x20($inp),$xc0,$xc0 - vpxor 0x30($inp),$xd0,$xd0 - vmovdqu $xa0,0x00($out) - vmovdqu $xb0,0x10($out) - vmovdqu $xc0,0x20($out) - vmovdqu $xd0,0x30($out) - je .Ldone4xop - - lea 0x40($inp),$inp # inp+=64*1 - vmovdqa $xa1,0x00(%rsp) - xor %r10,%r10 - vmovdqa $xb1,0x10(%rsp) - lea 0x40($out),$out # out+=64*1 - vmovdqa $xc1,0x20(%rsp) - sub \$64,$len # len-=64*1 - vmovdqa $xd1,0x30(%rsp) - jmp .Loop_tail4xop - -.align 32 -.L128_or_more4xop: - vpxor 0x00($inp),$xa0,$xa0 # xor with input - vpxor 0x10($inp),$xb0,$xb0 - vpxor 0x20($inp),$xc0,$xc0 - vpxor 0x30($inp),$xd0,$xd0 - vpxor 0x40($inp),$xa1,$xa1 - vpxor 0x50($inp),$xb1,$xb1 - vpxor 0x60($inp),$xc1,$xc1 - vpxor 0x70($inp),$xd1,$xd1 - - vmovdqu $xa0,0x00($out) - vmovdqu $xb0,0x10($out) - vmovdqu $xc0,0x20($out) - vmovdqu $xd0,0x30($out) - vmovdqu $xa1,0x40($out) - vmovdqu $xb1,0x50($out) - vmovdqu $xc1,0x60($out) - vmovdqu $xd1,0x70($out) - je .Ldone4xop - - lea 0x80($inp),$inp # inp+=64*2 - vmovdqa $xa2,0x00(%rsp) - xor %r10,%r10 - vmovdqa $xb2,0x10(%rsp) - lea 0x80($out),$out # out+=64*2 - vmovdqa $xc2,0x20(%rsp) - sub \$128,$len # len-=64*2 - vmovdqa $xd2,0x30(%rsp) - jmp .Loop_tail4xop - -.align 32 -.L192_or_more4xop: - vpxor 0x00($inp),$xa0,$xa0 # xor with input - vpxor 0x10($inp),$xb0,$xb0 - vpxor 0x20($inp),$xc0,$xc0 - vpxor 0x30($inp),$xd0,$xd0 - vpxor 0x40($inp),$xa1,$xa1 - vpxor 0x50($inp),$xb1,$xb1 - vpxor 0x60($inp),$xc1,$xc1 - vpxor 0x70($inp),$xd1,$xd1 - lea 0x80($inp),$inp # size optimization - vpxor 0x00($inp),$xa2,$xa2 - vpxor 0x10($inp),$xb2,$xb2 - vpxor 0x20($inp),$xc2,$xc2 - vpxor 0x30($inp),$xd2,$xd2 - - vmovdqu $xa0,0x00($out) - vmovdqu $xb0,0x10($out) - vmovdqu $xc0,0x20($out) - vmovdqu $xd0,0x30($out) - vmovdqu $xa1,0x40($out) - vmovdqu $xb1,0x50($out) - vmovdqu $xc1,0x60($out) - vmovdqu $xd1,0x70($out) - lea 0x80($out),$out # size optimization - vmovdqu $xa2,0x00($out) - vmovdqu $xb2,0x10($out) - vmovdqu $xc2,0x20($out) - vmovdqu $xd2,0x30($out) - je .Ldone4xop - - lea 0x40($inp),$inp # inp+=64*3 - vmovdqa $xa3,0x00(%rsp) - xor %r10,%r10 - vmovdqa $xb3,0x10(%rsp) - lea 0x40($out),$out # out+=64*3 - vmovdqa $xc3,0x20(%rsp) - sub \$192,$len # len-=64*3 - vmovdqa $xd3,0x30(%rsp) - -.Loop_tail4xop: - movzb ($inp,%r10),%eax - movzb (%rsp,%r10),%ecx - lea 1(%r10),%r10 - xor %ecx,%eax - mov %al,-1($out,%r10) - dec $len - jnz .Loop_tail4xop - -.Ldone4xop: - vzeroupper -___ -$code.=<<___ if ($win64); - movaps -0xa8(%r9),%xmm6 - movaps -0x98(%r9),%xmm7 - movaps -0x88(%r9),%xmm8 - movaps -0x78(%r9),%xmm9 - movaps -0x68(%r9),%xmm10 - movaps -0x58(%r9),%xmm11 - movaps -0x48(%r9),%xmm12 - movaps -0x38(%r9),%xmm13 - movaps -0x28(%r9),%xmm14 - movaps -0x18(%r9),%xmm15 -___ -$code.=<<___; - lea (%r9),%rsp -.cfi_def_cfa_register %rsp -.L4xop_epilogue: - ret -.cfi_endproc -.size ChaCha20_4xop,.-ChaCha20_4xop -___ -} - -######################################################################## -# AVX2 code path -if ($avx>1) { -my ($xb0,$xb1,$xb2,$xb3, $xd0,$xd1,$xd2,$xd3, - $xa0,$xa1,$xa2,$xa3, $xt0,$xt1,$xt2,$xt3)=map("%ymm$_",(0..15)); -my @xx=($xa0,$xa1,$xa2,$xa3, $xb0,$xb1,$xb2,$xb3, - "%nox","%nox","%nox","%nox", $xd0,$xd1,$xd2,$xd3); - -sub AVX2_lane_ROUND { -my ($a0,$b0,$c0,$d0)=@_; -my ($a1,$b1,$c1,$d1)=map(($_&~3)+(($_+1)&3),($a0,$b0,$c0,$d0)); -my ($a2,$b2,$c2,$d2)=map(($_&~3)+(($_+1)&3),($a1,$b1,$c1,$d1)); -my ($a3,$b3,$c3,$d3)=map(($_&~3)+(($_+1)&3),($a2,$b2,$c2,$d2)); -my ($xc,$xc_,$t0,$t1)=map("\"$_\"",$xt0,$xt1,$xt2,$xt3); -my @x=map("\"$_\"",@xx); - - # Consider order in which variables are addressed by their - # index: - # - # a b c d - # - # 0 4 8 12 < even round - # 1 5 9 13 - # 2 6 10 14 - # 3 7 11 15 - # 0 5 10 15 < odd round - # 1 6 11 12 - # 2 7 8 13 - # 3 4 9 14 - # - # 'a', 'b' and 'd's are permanently allocated in registers, - # @x[0..7,12..15], while 'c's are maintained in memory. If - # you observe 'c' column, you'll notice that pair of 'c's is - # invariant between rounds. This means that we have to reload - # them once per round, in the middle. This is why you'll see - # bunch of 'c' stores and loads in the middle, but none in - # the beginning or end. - - ( - "&vpaddd (@x[$a0],@x[$a0],@x[$b0])", # Q1 - "&vpxor (@x[$d0],@x[$a0],@x[$d0])", - "&vpshufb (@x[$d0],@x[$d0],$t1)", - "&vpaddd (@x[$a1],@x[$a1],@x[$b1])", # Q2 - "&vpxor (@x[$d1],@x[$a1],@x[$d1])", - "&vpshufb (@x[$d1],@x[$d1],$t1)", - - "&vpaddd ($xc,$xc,@x[$d0])", - "&vpxor (@x[$b0],$xc,@x[$b0])", - "&vpslld ($t0,@x[$b0],12)", - "&vpsrld (@x[$b0],@x[$b0],20)", - "&vpor (@x[$b0],$t0,@x[$b0])", - "&vbroadcasti128($t0,'(%r11)')", # .Lrot24(%rip) - "&vpaddd ($xc_,$xc_,@x[$d1])", - "&vpxor (@x[$b1],$xc_,@x[$b1])", - "&vpslld ($t1,@x[$b1],12)", - "&vpsrld (@x[$b1],@x[$b1],20)", - "&vpor (@x[$b1],$t1,@x[$b1])", - - "&vpaddd (@x[$a0],@x[$a0],@x[$b0])", - "&vpxor (@x[$d0],@x[$a0],@x[$d0])", - "&vpshufb (@x[$d0],@x[$d0],$t0)", - "&vpaddd (@x[$a1],@x[$a1],@x[$b1])", - "&vpxor (@x[$d1],@x[$a1],@x[$d1])", - "&vpshufb (@x[$d1],@x[$d1],$t0)", - - "&vpaddd ($xc,$xc,@x[$d0])", - "&vpxor (@x[$b0],$xc,@x[$b0])", - "&vpslld ($t1,@x[$b0],7)", - "&vpsrld (@x[$b0],@x[$b0],25)", - "&vpor (@x[$b0],$t1,@x[$b0])", - "&vbroadcasti128($t1,'(%r10)')", # .Lrot16(%rip) - "&vpaddd ($xc_,$xc_,@x[$d1])", - "&vpxor (@x[$b1],$xc_,@x[$b1])", - "&vpslld ($t0,@x[$b1],7)", - "&vpsrld (@x[$b1],@x[$b1],25)", - "&vpor (@x[$b1],$t0,@x[$b1])", - - "&vmovdqa (\"`32*($c0-8)`(%rsp)\",$xc)", # reload pair of 'c's - "&vmovdqa (\"`32*($c1-8)`(%rsp)\",$xc_)", - "&vmovdqa ($xc,\"`32*($c2-8)`(%rsp)\")", - "&vmovdqa ($xc_,\"`32*($c3-8)`(%rsp)\")", - - "&vpaddd (@x[$a2],@x[$a2],@x[$b2])", # Q3 - "&vpxor (@x[$d2],@x[$a2],@x[$d2])", - "&vpshufb (@x[$d2],@x[$d2],$t1)", - "&vpaddd (@x[$a3],@x[$a3],@x[$b3])", # Q4 - "&vpxor (@x[$d3],@x[$a3],@x[$d3])", - "&vpshufb (@x[$d3],@x[$d3],$t1)", - - "&vpaddd ($xc,$xc,@x[$d2])", - "&vpxor (@x[$b2],$xc,@x[$b2])", - "&vpslld ($t0,@x[$b2],12)", - "&vpsrld (@x[$b2],@x[$b2],20)", - "&vpor (@x[$b2],$t0,@x[$b2])", - "&vbroadcasti128($t0,'(%r11)')", # .Lrot24(%rip) - "&vpaddd ($xc_,$xc_,@x[$d3])", - "&vpxor (@x[$b3],$xc_,@x[$b3])", - "&vpslld ($t1,@x[$b3],12)", - "&vpsrld (@x[$b3],@x[$b3],20)", - "&vpor (@x[$b3],$t1,@x[$b3])", - - "&vpaddd (@x[$a2],@x[$a2],@x[$b2])", - "&vpxor (@x[$d2],@x[$a2],@x[$d2])", - "&vpshufb (@x[$d2],@x[$d2],$t0)", - "&vpaddd (@x[$a3],@x[$a3],@x[$b3])", - "&vpxor (@x[$d3],@x[$a3],@x[$d3])", - "&vpshufb (@x[$d3],@x[$d3],$t0)", - - "&vpaddd ($xc,$xc,@x[$d2])", - "&vpxor (@x[$b2],$xc,@x[$b2])", - "&vpslld ($t1,@x[$b2],7)", - "&vpsrld (@x[$b2],@x[$b2],25)", - "&vpor (@x[$b2],$t1,@x[$b2])", - "&vbroadcasti128($t1,'(%r10)')", # .Lrot16(%rip) - "&vpaddd ($xc_,$xc_,@x[$d3])", - "&vpxor (@x[$b3],$xc_,@x[$b3])", - "&vpslld ($t0,@x[$b3],7)", - "&vpsrld (@x[$b3],@x[$b3],25)", - "&vpor (@x[$b3],$t0,@x[$b3])" - ); -} - -my $xframe = $win64 ? 0xa8 : 8; - -$code.=<<___; -.type ChaCha20_8x,\@function,5 -.align 32 -ChaCha20_8x: -.cfi_startproc -.LChaCha20_8x: - mov %rsp,%r9 # frame register -.cfi_def_cfa_register %r9 - sub \$0x280+$xframe,%rsp - and \$-32,%rsp -___ -$code.=<<___ if ($win64); - movaps %xmm6,-0xa8(%r9) - movaps %xmm7,-0x98(%r9) - movaps %xmm8,-0x88(%r9) - movaps %xmm9,-0x78(%r9) - movaps %xmm10,-0x68(%r9) - movaps %xmm11,-0x58(%r9) - movaps %xmm12,-0x48(%r9) - movaps %xmm13,-0x38(%r9) - movaps %xmm14,-0x28(%r9) - movaps %xmm15,-0x18(%r9) -.L8x_body: -___ -$code.=<<___; - vzeroupper - - ################ stack layout - # +0x00 SIMD equivalent of @x[8-12] - # ... - # +0x80 constant copy of key[0-2] smashed by lanes - # ... - # +0x200 SIMD counters (with nonce smashed by lanes) - # ... - # +0x280 - - vbroadcasti128 .Lsigma(%rip),$xa3 # key[0] - vbroadcasti128 ($key),$xb3 # key[1] - vbroadcasti128 16($key),$xt3 # key[2] - vbroadcasti128 ($counter),$xd3 # key[3] - lea 0x100(%rsp),%rcx # size optimization - lea 0x200(%rsp),%rax # size optimization - lea .Lrot16(%rip),%r10 - lea .Lrot24(%rip),%r11 - - vpshufd \$0x00,$xa3,$xa0 # smash key by lanes... - vpshufd \$0x55,$xa3,$xa1 - vmovdqa $xa0,0x80-0x100(%rcx) # ... and offload - vpshufd \$0xaa,$xa3,$xa2 - vmovdqa $xa1,0xa0-0x100(%rcx) - vpshufd \$0xff,$xa3,$xa3 - vmovdqa $xa2,0xc0-0x100(%rcx) - vmovdqa $xa3,0xe0-0x100(%rcx) - - vpshufd \$0x00,$xb3,$xb0 - vpshufd \$0x55,$xb3,$xb1 - vmovdqa $xb0,0x100-0x100(%rcx) - vpshufd \$0xaa,$xb3,$xb2 - vmovdqa $xb1,0x120-0x100(%rcx) - vpshufd \$0xff,$xb3,$xb3 - vmovdqa $xb2,0x140-0x100(%rcx) - vmovdqa $xb3,0x160-0x100(%rcx) - - vpshufd \$0x00,$xt3,$xt0 # "xc0" - vpshufd \$0x55,$xt3,$xt1 # "xc1" - vmovdqa $xt0,0x180-0x200(%rax) - vpshufd \$0xaa,$xt3,$xt2 # "xc2" - vmovdqa $xt1,0x1a0-0x200(%rax) - vpshufd \$0xff,$xt3,$xt3 # "xc3" - vmovdqa $xt2,0x1c0-0x200(%rax) - vmovdqa $xt3,0x1e0-0x200(%rax) - - vpshufd \$0x00,$xd3,$xd0 - vpshufd \$0x55,$xd3,$xd1 - vpaddd .Lincy(%rip),$xd0,$xd0 # don't save counters yet - vpshufd \$0xaa,$xd3,$xd2 - vmovdqa $xd1,0x220-0x200(%rax) - vpshufd \$0xff,$xd3,$xd3 - vmovdqa $xd2,0x240-0x200(%rax) - vmovdqa $xd3,0x260-0x200(%rax) - - jmp .Loop_enter8x - -.align 32 -.Loop_outer8x: - vmovdqa 0x80-0x100(%rcx),$xa0 # re-load smashed key - vmovdqa 0xa0-0x100(%rcx),$xa1 - vmovdqa 0xc0-0x100(%rcx),$xa2 - vmovdqa 0xe0-0x100(%rcx),$xa3 - vmovdqa 0x100-0x100(%rcx),$xb0 - vmovdqa 0x120-0x100(%rcx),$xb1 - vmovdqa 0x140-0x100(%rcx),$xb2 - vmovdqa 0x160-0x100(%rcx),$xb3 - vmovdqa 0x180-0x200(%rax),$xt0 # "xc0" - vmovdqa 0x1a0-0x200(%rax),$xt1 # "xc1" - vmovdqa 0x1c0-0x200(%rax),$xt2 # "xc2" - vmovdqa 0x1e0-0x200(%rax),$xt3 # "xc3" - vmovdqa 0x200-0x200(%rax),$xd0 - vmovdqa 0x220-0x200(%rax),$xd1 - vmovdqa 0x240-0x200(%rax),$xd2 - vmovdqa 0x260-0x200(%rax),$xd3 - vpaddd .Leight(%rip),$xd0,$xd0 # next SIMD counters - -.Loop_enter8x: - vmovdqa $xt2,0x40(%rsp) # SIMD equivalent of "@x[10]" - vmovdqa $xt3,0x60(%rsp) # SIMD equivalent of "@x[11]" - vbroadcasti128 (%r10),$xt3 - vmovdqa $xd0,0x200-0x200(%rax) # save SIMD counters - mov \$10,%eax - jmp .Loop8x - -.align 32 -.Loop8x: -___ - foreach (&AVX2_lane_ROUND(0, 4, 8,12)) { eval; } - foreach (&AVX2_lane_ROUND(0, 5,10,15)) { eval; } -$code.=<<___; - dec %eax - jnz .Loop8x - - lea 0x200(%rsp),%rax # size optimization - vpaddd 0x80-0x100(%rcx),$xa0,$xa0 # accumulate key - vpaddd 0xa0-0x100(%rcx),$xa1,$xa1 - vpaddd 0xc0-0x100(%rcx),$xa2,$xa2 - vpaddd 0xe0-0x100(%rcx),$xa3,$xa3 - - vpunpckldq $xa1,$xa0,$xt2 # "de-interlace" data - vpunpckldq $xa3,$xa2,$xt3 - vpunpckhdq $xa1,$xa0,$xa0 - vpunpckhdq $xa3,$xa2,$xa2 - vpunpcklqdq $xt3,$xt2,$xa1 # "a0" - vpunpckhqdq $xt3,$xt2,$xt2 # "a1" - vpunpcklqdq $xa2,$xa0,$xa3 # "a2" - vpunpckhqdq $xa2,$xa0,$xa0 # "a3" -___ - ($xa0,$xa1,$xa2,$xa3,$xt2)=($xa1,$xt2,$xa3,$xa0,$xa2); -$code.=<<___; - vpaddd 0x100-0x100(%rcx),$xb0,$xb0 - vpaddd 0x120-0x100(%rcx),$xb1,$xb1 - vpaddd 0x140-0x100(%rcx),$xb2,$xb2 - vpaddd 0x160-0x100(%rcx),$xb3,$xb3 - - vpunpckldq $xb1,$xb0,$xt2 - vpunpckldq $xb3,$xb2,$xt3 - vpunpckhdq $xb1,$xb0,$xb0 - vpunpckhdq $xb3,$xb2,$xb2 - vpunpcklqdq $xt3,$xt2,$xb1 # "b0" - vpunpckhqdq $xt3,$xt2,$xt2 # "b1" - vpunpcklqdq $xb2,$xb0,$xb3 # "b2" - vpunpckhqdq $xb2,$xb0,$xb0 # "b3" -___ - ($xb0,$xb1,$xb2,$xb3,$xt2)=($xb1,$xt2,$xb3,$xb0,$xb2); -$code.=<<___; - vperm2i128 \$0x20,$xb0,$xa0,$xt3 # "de-interlace" further - vperm2i128 \$0x31,$xb0,$xa0,$xb0 - vperm2i128 \$0x20,$xb1,$xa1,$xa0 - vperm2i128 \$0x31,$xb1,$xa1,$xb1 - vperm2i128 \$0x20,$xb2,$xa2,$xa1 - vperm2i128 \$0x31,$xb2,$xa2,$xb2 - vperm2i128 \$0x20,$xb3,$xa3,$xa2 - vperm2i128 \$0x31,$xb3,$xa3,$xb3 -___ - ($xa0,$xa1,$xa2,$xa3,$xt3)=($xt3,$xa0,$xa1,$xa2,$xa3); - my ($xc0,$xc1,$xc2,$xc3)=($xt0,$xt1,$xa0,$xa1); -$code.=<<___; - vmovdqa $xa0,0x00(%rsp) # offload $xaN - vmovdqa $xa1,0x20(%rsp) - vmovdqa 0x40(%rsp),$xc2 # $xa0 - vmovdqa 0x60(%rsp),$xc3 # $xa1 - - vpaddd 0x180-0x200(%rax),$xc0,$xc0 - vpaddd 0x1a0-0x200(%rax),$xc1,$xc1 - vpaddd 0x1c0-0x200(%rax),$xc2,$xc2 - vpaddd 0x1e0-0x200(%rax),$xc3,$xc3 - - vpunpckldq $xc1,$xc0,$xt2 - vpunpckldq $xc3,$xc2,$xt3 - vpunpckhdq $xc1,$xc0,$xc0 - vpunpckhdq $xc3,$xc2,$xc2 - vpunpcklqdq $xt3,$xt2,$xc1 # "c0" - vpunpckhqdq $xt3,$xt2,$xt2 # "c1" - vpunpcklqdq $xc2,$xc0,$xc3 # "c2" - vpunpckhqdq $xc2,$xc0,$xc0 # "c3" -___ - ($xc0,$xc1,$xc2,$xc3,$xt2)=($xc1,$xt2,$xc3,$xc0,$xc2); -$code.=<<___; - vpaddd 0x200-0x200(%rax),$xd0,$xd0 - vpaddd 0x220-0x200(%rax),$xd1,$xd1 - vpaddd 0x240-0x200(%rax),$xd2,$xd2 - vpaddd 0x260-0x200(%rax),$xd3,$xd3 - - vpunpckldq $xd1,$xd0,$xt2 - vpunpckldq $xd3,$xd2,$xt3 - vpunpckhdq $xd1,$xd0,$xd0 - vpunpckhdq $xd3,$xd2,$xd2 - vpunpcklqdq $xt3,$xt2,$xd1 # "d0" - vpunpckhqdq $xt3,$xt2,$xt2 # "d1" - vpunpcklqdq $xd2,$xd0,$xd3 # "d2" - vpunpckhqdq $xd2,$xd0,$xd0 # "d3" -___ - ($xd0,$xd1,$xd2,$xd3,$xt2)=($xd1,$xt2,$xd3,$xd0,$xd2); -$code.=<<___; - vperm2i128 \$0x20,$xd0,$xc0,$xt3 # "de-interlace" further - vperm2i128 \$0x31,$xd0,$xc0,$xd0 - vperm2i128 \$0x20,$xd1,$xc1,$xc0 - vperm2i128 \$0x31,$xd1,$xc1,$xd1 - vperm2i128 \$0x20,$xd2,$xc2,$xc1 - vperm2i128 \$0x31,$xd2,$xc2,$xd2 - vperm2i128 \$0x20,$xd3,$xc3,$xc2 - vperm2i128 \$0x31,$xd3,$xc3,$xd3 -___ - ($xc0,$xc1,$xc2,$xc3,$xt3)=($xt3,$xc0,$xc1,$xc2,$xc3); - ($xb0,$xb1,$xb2,$xb3,$xc0,$xc1,$xc2,$xc3)= - ($xc0,$xc1,$xc2,$xc3,$xb0,$xb1,$xb2,$xb3); - ($xa0,$xa1)=($xt2,$xt3); -$code.=<<___; - vmovdqa 0x00(%rsp),$xa0 # $xaN was offloaded, remember? - vmovdqa 0x20(%rsp),$xa1 - - cmp \$64*8,$len - jb .Ltail8x - - vpxor 0x00($inp),$xa0,$xa0 # xor with input - vpxor 0x20($inp),$xb0,$xb0 - vpxor 0x40($inp),$xc0,$xc0 - vpxor 0x60($inp),$xd0,$xd0 - lea 0x80($inp),$inp # size optimization - vmovdqu $xa0,0x00($out) - vmovdqu $xb0,0x20($out) - vmovdqu $xc0,0x40($out) - vmovdqu $xd0,0x60($out) - lea 0x80($out),$out # size optimization - - vpxor 0x00($inp),$xa1,$xa1 - vpxor 0x20($inp),$xb1,$xb1 - vpxor 0x40($inp),$xc1,$xc1 - vpxor 0x60($inp),$xd1,$xd1 - lea 0x80($inp),$inp # size optimization - vmovdqu $xa1,0x00($out) - vmovdqu $xb1,0x20($out) - vmovdqu $xc1,0x40($out) - vmovdqu $xd1,0x60($out) - lea 0x80($out),$out # size optimization - - vpxor 0x00($inp),$xa2,$xa2 - vpxor 0x20($inp),$xb2,$xb2 - vpxor 0x40($inp),$xc2,$xc2 - vpxor 0x60($inp),$xd2,$xd2 - lea 0x80($inp),$inp # size optimization - vmovdqu $xa2,0x00($out) - vmovdqu $xb2,0x20($out) - vmovdqu $xc2,0x40($out) - vmovdqu $xd2,0x60($out) - lea 0x80($out),$out # size optimization - - vpxor 0x00($inp),$xa3,$xa3 - vpxor 0x20($inp),$xb3,$xb3 - vpxor 0x40($inp),$xc3,$xc3 - vpxor 0x60($inp),$xd3,$xd3 - lea 0x80($inp),$inp # size optimization - vmovdqu $xa3,0x00($out) - vmovdqu $xb3,0x20($out) - vmovdqu $xc3,0x40($out) - vmovdqu $xd3,0x60($out) - lea 0x80($out),$out # size optimization - - sub \$64*8,$len - jnz .Loop_outer8x - - jmp .Ldone8x - -.Ltail8x: - cmp \$448,$len - jae .L448_or_more8x - cmp \$384,$len - jae .L384_or_more8x - cmp \$320,$len - jae .L320_or_more8x - cmp \$256,$len - jae .L256_or_more8x - cmp \$192,$len - jae .L192_or_more8x - cmp \$128,$len - jae .L128_or_more8x - cmp \$64,$len - jae .L64_or_more8x - - xor %r10,%r10 - vmovdqa $xa0,0x00(%rsp) - vmovdqa $xb0,0x20(%rsp) - jmp .Loop_tail8x - -.align 32 -.L64_or_more8x: - vpxor 0x00($inp),$xa0,$xa0 # xor with input - vpxor 0x20($inp),$xb0,$xb0 - vmovdqu $xa0,0x00($out) - vmovdqu $xb0,0x20($out) - je .Ldone8x - - lea 0x40($inp),$inp # inp+=64*1 - xor %r10,%r10 - vmovdqa $xc0,0x00(%rsp) - lea 0x40($out),$out # out+=64*1 - sub \$64,$len # len-=64*1 - vmovdqa $xd0,0x20(%rsp) - jmp .Loop_tail8x - -.align 32 -.L128_or_more8x: - vpxor 0x00($inp),$xa0,$xa0 # xor with input - vpxor 0x20($inp),$xb0,$xb0 - vpxor 0x40($inp),$xc0,$xc0 - vpxor 0x60($inp),$xd0,$xd0 - vmovdqu $xa0,0x00($out) - vmovdqu $xb0,0x20($out) - vmovdqu $xc0,0x40($out) - vmovdqu $xd0,0x60($out) - je .Ldone8x - - lea 0x80($inp),$inp # inp+=64*2 - xor %r10,%r10 - vmovdqa $xa1,0x00(%rsp) - lea 0x80($out),$out # out+=64*2 - sub \$128,$len # len-=64*2 - vmovdqa $xb1,0x20(%rsp) - jmp .Loop_tail8x - -.align 32 -.L192_or_more8x: - vpxor 0x00($inp),$xa0,$xa0 # xor with input - vpxor 0x20($inp),$xb0,$xb0 - vpxor 0x40($inp),$xc0,$xc0 - vpxor 0x60($inp),$xd0,$xd0 - vpxor 0x80($inp),$xa1,$xa1 - vpxor 0xa0($inp),$xb1,$xb1 - vmovdqu $xa0,0x00($out) - vmovdqu $xb0,0x20($out) - vmovdqu $xc0,0x40($out) - vmovdqu $xd0,0x60($out) - vmovdqu $xa1,0x80($out) - vmovdqu $xb1,0xa0($out) - je .Ldone8x - - lea 0xc0($inp),$inp # inp+=64*3 - xor %r10,%r10 - vmovdqa $xc1,0x00(%rsp) - lea 0xc0($out),$out # out+=64*3 - sub \$192,$len # len-=64*3 - vmovdqa $xd1,0x20(%rsp) - jmp .Loop_tail8x - -.align 32 -.L256_or_more8x: - vpxor 0x00($inp),$xa0,$xa0 # xor with input - vpxor 0x20($inp),$xb0,$xb0 - vpxor 0x40($inp),$xc0,$xc0 - vpxor 0x60($inp),$xd0,$xd0 - vpxor 0x80($inp),$xa1,$xa1 - vpxor 0xa0($inp),$xb1,$xb1 - vpxor 0xc0($inp),$xc1,$xc1 - vpxor 0xe0($inp),$xd1,$xd1 - vmovdqu $xa0,0x00($out) - vmovdqu $xb0,0x20($out) - vmovdqu $xc0,0x40($out) - vmovdqu $xd0,0x60($out) - vmovdqu $xa1,0x80($out) - vmovdqu $xb1,0xa0($out) - vmovdqu $xc1,0xc0($out) - vmovdqu $xd1,0xe0($out) - je .Ldone8x - - lea 0x100($inp),$inp # inp+=64*4 - xor %r10,%r10 - vmovdqa $xa2,0x00(%rsp) - lea 0x100($out),$out # out+=64*4 - sub \$256,$len # len-=64*4 - vmovdqa $xb2,0x20(%rsp) - jmp .Loop_tail8x - -.align 32 -.L320_or_more8x: - vpxor 0x00($inp),$xa0,$xa0 # xor with input - vpxor 0x20($inp),$xb0,$xb0 - vpxor 0x40($inp),$xc0,$xc0 - vpxor 0x60($inp),$xd0,$xd0 - vpxor 0x80($inp),$xa1,$xa1 - vpxor 0xa0($inp),$xb1,$xb1 - vpxor 0xc0($inp),$xc1,$xc1 - vpxor 0xe0($inp),$xd1,$xd1 - vpxor 0x100($inp),$xa2,$xa2 - vpxor 0x120($inp),$xb2,$xb2 - vmovdqu $xa0,0x00($out) - vmovdqu $xb0,0x20($out) - vmovdqu $xc0,0x40($out) - vmovdqu $xd0,0x60($out) - vmovdqu $xa1,0x80($out) - vmovdqu $xb1,0xa0($out) - vmovdqu $xc1,0xc0($out) - vmovdqu $xd1,0xe0($out) - vmovdqu $xa2,0x100($out) - vmovdqu $xb2,0x120($out) - je .Ldone8x - - lea 0x140($inp),$inp # inp+=64*5 - xor %r10,%r10 - vmovdqa $xc2,0x00(%rsp) - lea 0x140($out),$out # out+=64*5 - sub \$320,$len # len-=64*5 - vmovdqa $xd2,0x20(%rsp) - jmp .Loop_tail8x - -.align 32 -.L384_or_more8x: - vpxor 0x00($inp),$xa0,$xa0 # xor with input - vpxor 0x20($inp),$xb0,$xb0 - vpxor 0x40($inp),$xc0,$xc0 - vpxor 0x60($inp),$xd0,$xd0 - vpxor 0x80($inp),$xa1,$xa1 - vpxor 0xa0($inp),$xb1,$xb1 - vpxor 0xc0($inp),$xc1,$xc1 - vpxor 0xe0($inp),$xd1,$xd1 - vpxor 0x100($inp),$xa2,$xa2 - vpxor 0x120($inp),$xb2,$xb2 - vpxor 0x140($inp),$xc2,$xc2 - vpxor 0x160($inp),$xd2,$xd2 - vmovdqu $xa0,0x00($out) - vmovdqu $xb0,0x20($out) - vmovdqu $xc0,0x40($out) - vmovdqu $xd0,0x60($out) - vmovdqu $xa1,0x80($out) - vmovdqu $xb1,0xa0($out) - vmovdqu $xc1,0xc0($out) - vmovdqu $xd1,0xe0($out) - vmovdqu $xa2,0x100($out) - vmovdqu $xb2,0x120($out) - vmovdqu $xc2,0x140($out) - vmovdqu $xd2,0x160($out) - je .Ldone8x - - lea 0x180($inp),$inp # inp+=64*6 - xor %r10,%r10 - vmovdqa $xa3,0x00(%rsp) - lea 0x180($out),$out # out+=64*6 - sub \$384,$len # len-=64*6 - vmovdqa $xb3,0x20(%rsp) - jmp .Loop_tail8x - -.align 32 -.L448_or_more8x: - vpxor 0x00($inp),$xa0,$xa0 # xor with input - vpxor 0x20($inp),$xb0,$xb0 - vpxor 0x40($inp),$xc0,$xc0 - vpxor 0x60($inp),$xd0,$xd0 - vpxor 0x80($inp),$xa1,$xa1 - vpxor 0xa0($inp),$xb1,$xb1 - vpxor 0xc0($inp),$xc1,$xc1 - vpxor 0xe0($inp),$xd1,$xd1 - vpxor 0x100($inp),$xa2,$xa2 - vpxor 0x120($inp),$xb2,$xb2 - vpxor 0x140($inp),$xc2,$xc2 - vpxor 0x160($inp),$xd2,$xd2 - vpxor 0x180($inp),$xa3,$xa3 - vpxor 0x1a0($inp),$xb3,$xb3 - vmovdqu $xa0,0x00($out) - vmovdqu $xb0,0x20($out) - vmovdqu $xc0,0x40($out) - vmovdqu $xd0,0x60($out) - vmovdqu $xa1,0x80($out) - vmovdqu $xb1,0xa0($out) - vmovdqu $xc1,0xc0($out) - vmovdqu $xd1,0xe0($out) - vmovdqu $xa2,0x100($out) - vmovdqu $xb2,0x120($out) - vmovdqu $xc2,0x140($out) - vmovdqu $xd2,0x160($out) - vmovdqu $xa3,0x180($out) - vmovdqu $xb3,0x1a0($out) - je .Ldone8x - - lea 0x1c0($inp),$inp # inp+=64*7 - xor %r10,%r10 - vmovdqa $xc3,0x00(%rsp) - lea 0x1c0($out),$out # out+=64*7 - sub \$448,$len # len-=64*7 - vmovdqa $xd3,0x20(%rsp) - -.Loop_tail8x: - movzb ($inp,%r10),%eax - movzb (%rsp,%r10),%ecx - lea 1(%r10),%r10 - xor %ecx,%eax - mov %al,-1($out,%r10) - dec $len - jnz .Loop_tail8x - -.Ldone8x: - vzeroall -___ -$code.=<<___ if ($win64); - movaps -0xa8(%r9),%xmm6 - movaps -0x98(%r9),%xmm7 - movaps -0x88(%r9),%xmm8 - movaps -0x78(%r9),%xmm9 - movaps -0x68(%r9),%xmm10 - movaps -0x58(%r9),%xmm11 - movaps -0x48(%r9),%xmm12 - movaps -0x38(%r9),%xmm13 - movaps -0x28(%r9),%xmm14 - movaps -0x18(%r9),%xmm15 -___ -$code.=<<___; - lea (%r9),%rsp -.cfi_def_cfa_register %rsp -.L8x_epilogue: - ret -.cfi_endproc -.size ChaCha20_8x,.-ChaCha20_8x -___ -} - -######################################################################## -# AVX512 code paths -if ($avx>2) { -# This one handles shorter inputs... - -my ($a,$b,$c,$d, $a_,$b_,$c_,$d_,$fourz) = map("%zmm$_",(0..3,16..20)); -my ($t0,$t1,$t2,$t3) = map("%xmm$_",(4..7)); - -sub vpxord() # size optimization -{ my $opcode = "vpxor"; # adhere to vpxor when possible - - foreach (@_) { - if (/%([zy])mm([0-9]+)/ && ($1 eq "z" || $2>=16)) { - $opcode = "vpxord"; - last; - } - } - - $code .= "\t$opcode\t".join(',',reverse @_)."\n"; -} - -sub AVX512ROUND { # critical path is 14 "SIMD ticks" per round - &vpaddd ($a,$a,$b); - &vpxord ($d,$d,$a); - &vprold ($d,$d,16); - - &vpaddd ($c,$c,$d); - &vpxord ($b,$b,$c); - &vprold ($b,$b,12); - - &vpaddd ($a,$a,$b); - &vpxord ($d,$d,$a); - &vprold ($d,$d,8); - - &vpaddd ($c,$c,$d); - &vpxord ($b,$b,$c); - &vprold ($b,$b,7); -} - -my $xframe = $win64 ? 160+8 : 8; - -$code.=<<___; -.type ChaCha20_avx512,\@function,5 -.align 32 -ChaCha20_avx512: -.cfi_startproc -.LChaCha20_avx512: - mov %rsp,%r9 # frame pointer -.cfi_def_cfa_register %r9 - cmp \$512,$len - ja .LChaCha20_16x - - sub \$64+$xframe,%rsp -___ -$code.=<<___ if ($win64); - movaps %xmm6,-0xa8(%r9) - movaps %xmm7,-0x98(%r9) - movaps %xmm8,-0x88(%r9) - movaps %xmm9,-0x78(%r9) - movaps %xmm10,-0x68(%r9) - movaps %xmm11,-0x58(%r9) - movaps %xmm12,-0x48(%r9) - movaps %xmm13,-0x38(%r9) - movaps %xmm14,-0x28(%r9) - movaps %xmm15,-0x18(%r9) -.Lavx512_body: -___ -$code.=<<___; - vbroadcasti32x4 .Lsigma(%rip),$a - vbroadcasti32x4 ($key),$b - vbroadcasti32x4 16($key),$c - vbroadcasti32x4 ($counter),$d - - vmovdqa32 $a,$a_ - vmovdqa32 $b,$b_ - vmovdqa32 $c,$c_ - vpaddd .Lzeroz(%rip),$d,$d - vmovdqa32 .Lfourz(%rip),$fourz - mov \$10,$counter # reuse $counter - vmovdqa32 $d,$d_ - jmp .Loop_avx512 - -.align 16 -.Loop_outer_avx512: - vmovdqa32 $a_,$a - vmovdqa32 $b_,$b - vmovdqa32 $c_,$c - vpaddd $fourz,$d_,$d - mov \$10,$counter - vmovdqa32 $d,$d_ - jmp .Loop_avx512 - -.align 32 -.Loop_avx512: -___ - &AVX512ROUND(); - &vpshufd ($c,$c,0b01001110); - &vpshufd ($b,$b,0b00111001); - &vpshufd ($d,$d,0b10010011); - - &AVX512ROUND(); - &vpshufd ($c,$c,0b01001110); - &vpshufd ($b,$b,0b10010011); - &vpshufd ($d,$d,0b00111001); - - &dec ($counter); - &jnz (".Loop_avx512"); - -$code.=<<___; - vpaddd $a_,$a,$a - vpaddd $b_,$b,$b - vpaddd $c_,$c,$c - vpaddd $d_,$d,$d - - sub \$64,$len - jb .Ltail64_avx512 - - vpxor 0x00($inp),%x#$a,$t0 # xor with input - vpxor 0x10($inp),%x#$b,$t1 - vpxor 0x20($inp),%x#$c,$t2 - vpxor 0x30($inp),%x#$d,$t3 - lea 0x40($inp),$inp # inp+=64 - - vmovdqu $t0,0x00($out) # write output - vmovdqu $t1,0x10($out) - vmovdqu $t2,0x20($out) - vmovdqu $t3,0x30($out) - lea 0x40($out),$out # out+=64 - - jz .Ldone_avx512 - - vextracti32x4 \$1,$a,$t0 - vextracti32x4 \$1,$b,$t1 - vextracti32x4 \$1,$c,$t2 - vextracti32x4 \$1,$d,$t3 - - sub \$64,$len - jb .Ltail_avx512 - - vpxor 0x00($inp),$t0,$t0 # xor with input - vpxor 0x10($inp),$t1,$t1 - vpxor 0x20($inp),$t2,$t2 - vpxor 0x30($inp),$t3,$t3 - lea 0x40($inp),$inp # inp+=64 - - vmovdqu $t0,0x00($out) # write output - vmovdqu $t1,0x10($out) - vmovdqu $t2,0x20($out) - vmovdqu $t3,0x30($out) - lea 0x40($out),$out # out+=64 - - jz .Ldone_avx512 - - vextracti32x4 \$2,$a,$t0 - vextracti32x4 \$2,$b,$t1 - vextracti32x4 \$2,$c,$t2 - vextracti32x4 \$2,$d,$t3 - - sub \$64,$len - jb .Ltail_avx512 - - vpxor 0x00($inp),$t0,$t0 # xor with input - vpxor 0x10($inp),$t1,$t1 - vpxor 0x20($inp),$t2,$t2 - vpxor 0x30($inp),$t3,$t3 - lea 0x40($inp),$inp # inp+=64 - - vmovdqu $t0,0x00($out) # write output - vmovdqu $t1,0x10($out) - vmovdqu $t2,0x20($out) - vmovdqu $t3,0x30($out) - lea 0x40($out),$out # out+=64 - - jz .Ldone_avx512 - - vextracti32x4 \$3,$a,$t0 - vextracti32x4 \$3,$b,$t1 - vextracti32x4 \$3,$c,$t2 - vextracti32x4 \$3,$d,$t3 - - sub \$64,$len - jb .Ltail_avx512 - - vpxor 0x00($inp),$t0,$t0 # xor with input - vpxor 0x10($inp),$t1,$t1 - vpxor 0x20($inp),$t2,$t2 - vpxor 0x30($inp),$t3,$t3 - lea 0x40($inp),$inp # inp+=64 - - vmovdqu $t0,0x00($out) # write output - vmovdqu $t1,0x10($out) - vmovdqu $t2,0x20($out) - vmovdqu $t3,0x30($out) - lea 0x40($out),$out # out+=64 - - jnz .Loop_outer_avx512 - - jmp .Ldone_avx512 - -.align 16 -.Ltail64_avx512: - vmovdqa %x#$a,0x00(%rsp) - vmovdqa %x#$b,0x10(%rsp) - vmovdqa %x#$c,0x20(%rsp) - vmovdqa %x#$d,0x30(%rsp) - add \$64,$len - jmp .Loop_tail_avx512 - -.align 16 -.Ltail_avx512: - vmovdqa $t0,0x00(%rsp) - vmovdqa $t1,0x10(%rsp) - vmovdqa $t2,0x20(%rsp) - vmovdqa $t3,0x30(%rsp) - add \$64,$len - -.Loop_tail_avx512: - movzb ($inp,$counter),%eax - movzb (%rsp,$counter),%ecx - lea 1($counter),$counter - xor %ecx,%eax - mov %al,-1($out,$counter) - dec $len - jnz .Loop_tail_avx512 - - vmovdqu32 $a_,0x00(%rsp) - -.Ldone_avx512: - vzeroall -___ -$code.=<<___ if ($win64); - movaps -0xa8(%r9),%xmm6 - movaps -0x98(%r9),%xmm7 - movaps -0x88(%r9),%xmm8 - movaps -0x78(%r9),%xmm9 - movaps -0x68(%r9),%xmm10 - movaps -0x58(%r9),%xmm11 - movaps -0x48(%r9),%xmm12 - movaps -0x38(%r9),%xmm13 - movaps -0x28(%r9),%xmm14 - movaps -0x18(%r9),%xmm15 -___ -$code.=<<___; - lea (%r9),%rsp -.cfi_def_cfa_register %rsp -.Lavx512_epilogue: - ret -.cfi_endproc -.size ChaCha20_avx512,.-ChaCha20_avx512 -___ - -map(s/%z/%y/, $a,$b,$c,$d, $a_,$b_,$c_,$d_,$fourz); - -$code.=<<___; -.type ChaCha20_avx512vl,\@function,5 -.align 32 -ChaCha20_avx512vl: -.cfi_startproc -.LChaCha20_avx512vl: - mov %rsp,%r9 # frame pointer -.cfi_def_cfa_register %r9 - cmp \$128,$len - ja .LChaCha20_8xvl - - sub \$64+$xframe,%rsp -___ -$code.=<<___ if ($win64); - movaps %xmm6,-0xa8(%r9) - movaps %xmm7,-0x98(%r9) - movaps %xmm8,-0x88(%r9) - movaps %xmm9,-0x78(%r9) - movaps %xmm10,-0x68(%r9) - movaps %xmm11,-0x58(%r9) - movaps %xmm12,-0x48(%r9) - movaps %xmm13,-0x38(%r9) - movaps %xmm14,-0x28(%r9) - movaps %xmm15,-0x18(%r9) -.Lavx512vl_body: -___ -$code.=<<___; - vbroadcasti128 .Lsigma(%rip),$a - vbroadcasti128 ($key),$b - vbroadcasti128 16($key),$c - vbroadcasti128 ($counter),$d - - vmovdqa32 $a,$a_ - vmovdqa32 $b,$b_ - vmovdqa32 $c,$c_ - vpaddd .Lzeroz(%rip),$d,$d - vmovdqa32 .Ltwoy(%rip),$fourz - mov \$10,$counter # reuse $counter - vmovdqa32 $d,$d_ - jmp .Loop_avx512vl - -.align 16 -.Loop_outer_avx512vl: - vmovdqa32 $c_,$c - vpaddd $fourz,$d_,$d - mov \$10,$counter - vmovdqa32 $d,$d_ - jmp .Loop_avx512vl - -.align 32 -.Loop_avx512vl: -___ - &AVX512ROUND(); - &vpshufd ($c,$c,0b01001110); - &vpshufd ($b,$b,0b00111001); - &vpshufd ($d,$d,0b10010011); - - &AVX512ROUND(); - &vpshufd ($c,$c,0b01001110); - &vpshufd ($b,$b,0b10010011); - &vpshufd ($d,$d,0b00111001); - - &dec ($counter); - &jnz (".Loop_avx512vl"); - -$code.=<<___; - vpaddd $a_,$a,$a - vpaddd $b_,$b,$b - vpaddd $c_,$c,$c - vpaddd $d_,$d,$d - - sub \$64,$len - jb .Ltail64_avx512vl - - vpxor 0x00($inp),%x#$a,$t0 # xor with input - vpxor 0x10($inp),%x#$b,$t1 - vpxor 0x20($inp),%x#$c,$t2 - vpxor 0x30($inp),%x#$d,$t3 - lea 0x40($inp),$inp # inp+=64 - - vmovdqu $t0,0x00($out) # write output - vmovdqu $t1,0x10($out) - vmovdqu $t2,0x20($out) - vmovdqu $t3,0x30($out) - lea 0x40($out),$out # out+=64 - - jz .Ldone_avx512vl - - vextracti128 \$1,$a,$t0 - vextracti128 \$1,$b,$t1 - vextracti128 \$1,$c,$t2 - vextracti128 \$1,$d,$t3 - - sub \$64,$len - jb .Ltail_avx512vl - - vpxor 0x00($inp),$t0,$t0 # xor with input - vpxor 0x10($inp),$t1,$t1 - vpxor 0x20($inp),$t2,$t2 - vpxor 0x30($inp),$t3,$t3 - lea 0x40($inp),$inp # inp+=64 - - vmovdqu $t0,0x00($out) # write output - vmovdqu $t1,0x10($out) - vmovdqu $t2,0x20($out) - vmovdqu $t3,0x30($out) - lea 0x40($out),$out # out+=64 - - vmovdqa32 $a_,$a - vmovdqa32 $b_,$b - jnz .Loop_outer_avx512vl - - jmp .Ldone_avx512vl - -.align 16 -.Ltail64_avx512vl: - vmovdqa %x#$a,0x00(%rsp) - vmovdqa %x#$b,0x10(%rsp) - vmovdqa %x#$c,0x20(%rsp) - vmovdqa %x#$d,0x30(%rsp) - add \$64,$len - jmp .Loop_tail_avx512vl - -.align 16 -.Ltail_avx512vl: - vmovdqa $t0,0x00(%rsp) - vmovdqa $t1,0x10(%rsp) - vmovdqa $t2,0x20(%rsp) - vmovdqa $t3,0x30(%rsp) - add \$64,$len - -.Loop_tail_avx512vl: - movzb ($inp,$counter),%eax - movzb (%rsp,$counter),%ecx - lea 1($counter),$counter - xor %ecx,%eax - mov %al,-1($out,$counter) - dec $len - jnz .Loop_tail_avx512vl - - vmovdqu32 $a_,0x00(%rsp) - vmovdqu32 $a_,0x20(%rsp) - -.Ldone_avx512vl: - vzeroall -___ -$code.=<<___ if ($win64); - movaps -0xa8(%r9),%xmm6 - movaps -0x98(%r9),%xmm7 - movaps -0x88(%r9),%xmm8 - movaps -0x78(%r9),%xmm9 - movaps -0x68(%r9),%xmm10 - movaps -0x58(%r9),%xmm11 - movaps -0x48(%r9),%xmm12 - movaps -0x38(%r9),%xmm13 - movaps -0x28(%r9),%xmm14 - movaps -0x18(%r9),%xmm15 -___ -$code.=<<___; - lea (%r9),%rsp -.cfi_def_cfa_register %rsp -.Lavx512vl_epilogue: - ret -.cfi_endproc -.size ChaCha20_avx512vl,.-ChaCha20_avx512vl -___ -} -if ($avx>2) { -# This one handles longer inputs... - -my ($xa0,$xa1,$xa2,$xa3, $xb0,$xb1,$xb2,$xb3, - $xc0,$xc1,$xc2,$xc3, $xd0,$xd1,$xd2,$xd3)=map("%zmm$_",(0..15)); -my @xx=($xa0,$xa1,$xa2,$xa3, $xb0,$xb1,$xb2,$xb3, - $xc0,$xc1,$xc2,$xc3, $xd0,$xd1,$xd2,$xd3); -my @key=map("%zmm$_",(16..31)); -my ($xt0,$xt1,$xt2,$xt3)=@key[0..3]; - -sub AVX512_lane_ROUND { -my ($a0,$b0,$c0,$d0)=@_; -my ($a1,$b1,$c1,$d1)=map(($_&~3)+(($_+1)&3),($a0,$b0,$c0,$d0)); -my ($a2,$b2,$c2,$d2)=map(($_&~3)+(($_+1)&3),($a1,$b1,$c1,$d1)); -my ($a3,$b3,$c3,$d3)=map(($_&~3)+(($_+1)&3),($a2,$b2,$c2,$d2)); -my @x=map("\"$_\"",@xx); - - ( - "&vpaddd (@x[$a0],@x[$a0],@x[$b0])", # Q1 - "&vpaddd (@x[$a1],@x[$a1],@x[$b1])", # Q2 - "&vpaddd (@x[$a2],@x[$a2],@x[$b2])", # Q3 - "&vpaddd (@x[$a3],@x[$a3],@x[$b3])", # Q4 - "&vpxord (@x[$d0],@x[$d0],@x[$a0])", - "&vpxord (@x[$d1],@x[$d1],@x[$a1])", - "&vpxord (@x[$d2],@x[$d2],@x[$a2])", - "&vpxord (@x[$d3],@x[$d3],@x[$a3])", - "&vprold (@x[$d0],@x[$d0],16)", - "&vprold (@x[$d1],@x[$d1],16)", - "&vprold (@x[$d2],@x[$d2],16)", - "&vprold (@x[$d3],@x[$d3],16)", - - "&vpaddd (@x[$c0],@x[$c0],@x[$d0])", - "&vpaddd (@x[$c1],@x[$c1],@x[$d1])", - "&vpaddd (@x[$c2],@x[$c2],@x[$d2])", - "&vpaddd (@x[$c3],@x[$c3],@x[$d3])", - "&vpxord (@x[$b0],@x[$b0],@x[$c0])", - "&vpxord (@x[$b1],@x[$b1],@x[$c1])", - "&vpxord (@x[$b2],@x[$b2],@x[$c2])", - "&vpxord (@x[$b3],@x[$b3],@x[$c3])", - "&vprold (@x[$b0],@x[$b0],12)", - "&vprold (@x[$b1],@x[$b1],12)", - "&vprold (@x[$b2],@x[$b2],12)", - "&vprold (@x[$b3],@x[$b3],12)", - - "&vpaddd (@x[$a0],@x[$a0],@x[$b0])", - "&vpaddd (@x[$a1],@x[$a1],@x[$b1])", - "&vpaddd (@x[$a2],@x[$a2],@x[$b2])", - "&vpaddd (@x[$a3],@x[$a3],@x[$b3])", - "&vpxord (@x[$d0],@x[$d0],@x[$a0])", - "&vpxord (@x[$d1],@x[$d1],@x[$a1])", - "&vpxord (@x[$d2],@x[$d2],@x[$a2])", - "&vpxord (@x[$d3],@x[$d3],@x[$a3])", - "&vprold (@x[$d0],@x[$d0],8)", - "&vprold (@x[$d1],@x[$d1],8)", - "&vprold (@x[$d2],@x[$d2],8)", - "&vprold (@x[$d3],@x[$d3],8)", - - "&vpaddd (@x[$c0],@x[$c0],@x[$d0])", - "&vpaddd (@x[$c1],@x[$c1],@x[$d1])", - "&vpaddd (@x[$c2],@x[$c2],@x[$d2])", - "&vpaddd (@x[$c3],@x[$c3],@x[$d3])", - "&vpxord (@x[$b0],@x[$b0],@x[$c0])", - "&vpxord (@x[$b1],@x[$b1],@x[$c1])", - "&vpxord (@x[$b2],@x[$b2],@x[$c2])", - "&vpxord (@x[$b3],@x[$b3],@x[$c3])", - "&vprold (@x[$b0],@x[$b0],7)", - "&vprold (@x[$b1],@x[$b1],7)", - "&vprold (@x[$b2],@x[$b2],7)", - "&vprold (@x[$b3],@x[$b3],7)" - ); -} - -my $xframe = $win64 ? 0xa8 : 8; - -$code.=<<___; -.type ChaCha20_16x,\@function,5 -.align 32 -ChaCha20_16x: -.cfi_startproc -.LChaCha20_16x: - mov %rsp,%r9 # frame register -.cfi_def_cfa_register %r9 - sub \$64+$xframe,%rsp - and \$-64,%rsp -___ -$code.=<<___ if ($win64); - movaps %xmm6,-0xa8(%r9) - movaps %xmm7,-0x98(%r9) - movaps %xmm8,-0x88(%r9) - movaps %xmm9,-0x78(%r9) - movaps %xmm10,-0x68(%r9) - movaps %xmm11,-0x58(%r9) - movaps %xmm12,-0x48(%r9) - movaps %xmm13,-0x38(%r9) - movaps %xmm14,-0x28(%r9) - movaps %xmm15,-0x18(%r9) -.L16x_body: -___ -$code.=<<___; - vzeroupper - - lea .Lsigma(%rip),%r10 - vbroadcasti32x4 (%r10),$xa3 # key[0] - vbroadcasti32x4 ($key),$xb3 # key[1] - vbroadcasti32x4 16($key),$xc3 # key[2] - vbroadcasti32x4 ($counter),$xd3 # key[3] - - vpshufd \$0x00,$xa3,$xa0 # smash key by lanes... - vpshufd \$0x55,$xa3,$xa1 - vpshufd \$0xaa,$xa3,$xa2 - vpshufd \$0xff,$xa3,$xa3 - vmovdqa64 $xa0,@key[0] - vmovdqa64 $xa1,@key[1] - vmovdqa64 $xa2,@key[2] - vmovdqa64 $xa3,@key[3] - - vpshufd \$0x00,$xb3,$xb0 - vpshufd \$0x55,$xb3,$xb1 - vpshufd \$0xaa,$xb3,$xb2 - vpshufd \$0xff,$xb3,$xb3 - vmovdqa64 $xb0,@key[4] - vmovdqa64 $xb1,@key[5] - vmovdqa64 $xb2,@key[6] - vmovdqa64 $xb3,@key[7] - - vpshufd \$0x00,$xc3,$xc0 - vpshufd \$0x55,$xc3,$xc1 - vpshufd \$0xaa,$xc3,$xc2 - vpshufd \$0xff,$xc3,$xc3 - vmovdqa64 $xc0,@key[8] - vmovdqa64 $xc1,@key[9] - vmovdqa64 $xc2,@key[10] - vmovdqa64 $xc3,@key[11] - - vpshufd \$0x00,$xd3,$xd0 - vpshufd \$0x55,$xd3,$xd1 - vpshufd \$0xaa,$xd3,$xd2 - vpshufd \$0xff,$xd3,$xd3 - vpaddd .Lincz(%rip),$xd0,$xd0 # don't save counters yet - vmovdqa64 $xd0,@key[12] - vmovdqa64 $xd1,@key[13] - vmovdqa64 $xd2,@key[14] - vmovdqa64 $xd3,@key[15] - - mov \$10,%eax - jmp .Loop16x - -.align 32 -.Loop_outer16x: - vpbroadcastd 0(%r10),$xa0 # reload key - vpbroadcastd 4(%r10),$xa1 - vpbroadcastd 8(%r10),$xa2 - vpbroadcastd 12(%r10),$xa3 - vpaddd .Lsixteen(%rip),@key[12],@key[12] # next SIMD counters - vmovdqa64 @key[4],$xb0 - vmovdqa64 @key[5],$xb1 - vmovdqa64 @key[6],$xb2 - vmovdqa64 @key[7],$xb3 - vmovdqa64 @key[8],$xc0 - vmovdqa64 @key[9],$xc1 - vmovdqa64 @key[10],$xc2 - vmovdqa64 @key[11],$xc3 - vmovdqa64 @key[12],$xd0 - vmovdqa64 @key[13],$xd1 - vmovdqa64 @key[14],$xd2 - vmovdqa64 @key[15],$xd3 - - vmovdqa64 $xa0,@key[0] - vmovdqa64 $xa1,@key[1] - vmovdqa64 $xa2,@key[2] - vmovdqa64 $xa3,@key[3] - - mov \$10,%eax - jmp .Loop16x - -.align 32 -.Loop16x: -___ - foreach (&AVX512_lane_ROUND(0, 4, 8,12)) { eval; } - foreach (&AVX512_lane_ROUND(0, 5,10,15)) { eval; } -$code.=<<___; - dec %eax - jnz .Loop16x - - vpaddd @key[0],$xa0,$xa0 # accumulate key - vpaddd @key[1],$xa1,$xa1 - vpaddd @key[2],$xa2,$xa2 - vpaddd @key[3],$xa3,$xa3 - - vpunpckldq $xa1,$xa0,$xt2 # "de-interlace" data - vpunpckldq $xa3,$xa2,$xt3 - vpunpckhdq $xa1,$xa0,$xa0 - vpunpckhdq $xa3,$xa2,$xa2 - vpunpcklqdq $xt3,$xt2,$xa1 # "a0" - vpunpckhqdq $xt3,$xt2,$xt2 # "a1" - vpunpcklqdq $xa2,$xa0,$xa3 # "a2" - vpunpckhqdq $xa2,$xa0,$xa0 # "a3" -___ - ($xa0,$xa1,$xa2,$xa3,$xt2)=($xa1,$xt2,$xa3,$xa0,$xa2); -$code.=<<___; - vpaddd @key[4],$xb0,$xb0 - vpaddd @key[5],$xb1,$xb1 - vpaddd @key[6],$xb2,$xb2 - vpaddd @key[7],$xb3,$xb3 - - vpunpckldq $xb1,$xb0,$xt2 - vpunpckldq $xb3,$xb2,$xt3 - vpunpckhdq $xb1,$xb0,$xb0 - vpunpckhdq $xb3,$xb2,$xb2 - vpunpcklqdq $xt3,$xt2,$xb1 # "b0" - vpunpckhqdq $xt3,$xt2,$xt2 # "b1" - vpunpcklqdq $xb2,$xb0,$xb3 # "b2" - vpunpckhqdq $xb2,$xb0,$xb0 # "b3" -___ - ($xb0,$xb1,$xb2,$xb3,$xt2)=($xb1,$xt2,$xb3,$xb0,$xb2); -$code.=<<___; - vshufi32x4 \$0x44,$xb0,$xa0,$xt3 # "de-interlace" further - vshufi32x4 \$0xee,$xb0,$xa0,$xb0 - vshufi32x4 \$0x44,$xb1,$xa1,$xa0 - vshufi32x4 \$0xee,$xb1,$xa1,$xb1 - vshufi32x4 \$0x44,$xb2,$xa2,$xa1 - vshufi32x4 \$0xee,$xb2,$xa2,$xb2 - vshufi32x4 \$0x44,$xb3,$xa3,$xa2 - vshufi32x4 \$0xee,$xb3,$xa3,$xb3 -___ - ($xa0,$xa1,$xa2,$xa3,$xt3)=($xt3,$xa0,$xa1,$xa2,$xa3); -$code.=<<___; - vpaddd @key[8],$xc0,$xc0 - vpaddd @key[9],$xc1,$xc1 - vpaddd @key[10],$xc2,$xc2 - vpaddd @key[11],$xc3,$xc3 - - vpunpckldq $xc1,$xc0,$xt2 - vpunpckldq $xc3,$xc2,$xt3 - vpunpckhdq $xc1,$xc0,$xc0 - vpunpckhdq $xc3,$xc2,$xc2 - vpunpcklqdq $xt3,$xt2,$xc1 # "c0" - vpunpckhqdq $xt3,$xt2,$xt2 # "c1" - vpunpcklqdq $xc2,$xc0,$xc3 # "c2" - vpunpckhqdq $xc2,$xc0,$xc0 # "c3" -___ - ($xc0,$xc1,$xc2,$xc3,$xt2)=($xc1,$xt2,$xc3,$xc0,$xc2); -$code.=<<___; - vpaddd @key[12],$xd0,$xd0 - vpaddd @key[13],$xd1,$xd1 - vpaddd @key[14],$xd2,$xd2 - vpaddd @key[15],$xd3,$xd3 - - vpunpckldq $xd1,$xd0,$xt2 - vpunpckldq $xd3,$xd2,$xt3 - vpunpckhdq $xd1,$xd0,$xd0 - vpunpckhdq $xd3,$xd2,$xd2 - vpunpcklqdq $xt3,$xt2,$xd1 # "d0" - vpunpckhqdq $xt3,$xt2,$xt2 # "d1" - vpunpcklqdq $xd2,$xd0,$xd3 # "d2" - vpunpckhqdq $xd2,$xd0,$xd0 # "d3" -___ - ($xd0,$xd1,$xd2,$xd3,$xt2)=($xd1,$xt2,$xd3,$xd0,$xd2); -$code.=<<___; - vshufi32x4 \$0x44,$xd0,$xc0,$xt3 # "de-interlace" further - vshufi32x4 \$0xee,$xd0,$xc0,$xd0 - vshufi32x4 \$0x44,$xd1,$xc1,$xc0 - vshufi32x4 \$0xee,$xd1,$xc1,$xd1 - vshufi32x4 \$0x44,$xd2,$xc2,$xc1 - vshufi32x4 \$0xee,$xd2,$xc2,$xd2 - vshufi32x4 \$0x44,$xd3,$xc3,$xc2 - vshufi32x4 \$0xee,$xd3,$xc3,$xd3 -___ - ($xc0,$xc1,$xc2,$xc3,$xt3)=($xt3,$xc0,$xc1,$xc2,$xc3); -$code.=<<___; - vshufi32x4 \$0x88,$xc0,$xa0,$xt0 # "de-interlace" further - vshufi32x4 \$0xdd,$xc0,$xa0,$xa0 - vshufi32x4 \$0x88,$xd0,$xb0,$xc0 - vshufi32x4 \$0xdd,$xd0,$xb0,$xd0 - vshufi32x4 \$0x88,$xc1,$xa1,$xt1 - vshufi32x4 \$0xdd,$xc1,$xa1,$xa1 - vshufi32x4 \$0x88,$xd1,$xb1,$xc1 - vshufi32x4 \$0xdd,$xd1,$xb1,$xd1 - vshufi32x4 \$0x88,$xc2,$xa2,$xt2 - vshufi32x4 \$0xdd,$xc2,$xa2,$xa2 - vshufi32x4 \$0x88,$xd2,$xb2,$xc2 - vshufi32x4 \$0xdd,$xd2,$xb2,$xd2 - vshufi32x4 \$0x88,$xc3,$xa3,$xt3 - vshufi32x4 \$0xdd,$xc3,$xa3,$xa3 - vshufi32x4 \$0x88,$xd3,$xb3,$xc3 - vshufi32x4 \$0xdd,$xd3,$xb3,$xd3 -___ - ($xa0,$xa1,$xa2,$xa3,$xb0,$xb1,$xb2,$xb3)= - ($xt0,$xt1,$xt2,$xt3,$xa0,$xa1,$xa2,$xa3); - - ($xa0,$xb0,$xc0,$xd0, $xa1,$xb1,$xc1,$xd1, - $xa2,$xb2,$xc2,$xd2, $xa3,$xb3,$xc3,$xd3) = - ($xa0,$xa1,$xa2,$xa3, $xb0,$xb1,$xb2,$xb3, - $xc0,$xc1,$xc2,$xc3, $xd0,$xd1,$xd2,$xd3); -$code.=<<___; - cmp \$64*16,$len - jb .Ltail16x - - vpxord 0x00($inp),$xa0,$xa0 # xor with input - vpxord 0x40($inp),$xb0,$xb0 - vpxord 0x80($inp),$xc0,$xc0 - vpxord 0xc0($inp),$xd0,$xd0 - vmovdqu32 $xa0,0x00($out) - vmovdqu32 $xb0,0x40($out) - vmovdqu32 $xc0,0x80($out) - vmovdqu32 $xd0,0xc0($out) - - vpxord 0x100($inp),$xa1,$xa1 - vpxord 0x140($inp),$xb1,$xb1 - vpxord 0x180($inp),$xc1,$xc1 - vpxord 0x1c0($inp),$xd1,$xd1 - vmovdqu32 $xa1,0x100($out) - vmovdqu32 $xb1,0x140($out) - vmovdqu32 $xc1,0x180($out) - vmovdqu32 $xd1,0x1c0($out) - - vpxord 0x200($inp),$xa2,$xa2 - vpxord 0x240($inp),$xb2,$xb2 - vpxord 0x280($inp),$xc2,$xc2 - vpxord 0x2c0($inp),$xd2,$xd2 - vmovdqu32 $xa2,0x200($out) - vmovdqu32 $xb2,0x240($out) - vmovdqu32 $xc2,0x280($out) - vmovdqu32 $xd2,0x2c0($out) - - vpxord 0x300($inp),$xa3,$xa3 - vpxord 0x340($inp),$xb3,$xb3 - vpxord 0x380($inp),$xc3,$xc3 - vpxord 0x3c0($inp),$xd3,$xd3 - lea 0x400($inp),$inp - vmovdqu32 $xa3,0x300($out) - vmovdqu32 $xb3,0x340($out) - vmovdqu32 $xc3,0x380($out) - vmovdqu32 $xd3,0x3c0($out) - lea 0x400($out),$out - - sub \$64*16,$len - jnz .Loop_outer16x - - jmp .Ldone16x - -.align 32 -.Ltail16x: - xor %r10,%r10 - sub $inp,$out - cmp \$64*1,$len - jb .Less_than_64_16x - vpxord ($inp),$xa0,$xa0 # xor with input - vmovdqu32 $xa0,($out,$inp) - je .Ldone16x - vmovdqa32 $xb0,$xa0 - lea 64($inp),$inp - - cmp \$64*2,$len - jb .Less_than_64_16x - vpxord ($inp),$xb0,$xb0 - vmovdqu32 $xb0,($out,$inp) - je .Ldone16x - vmovdqa32 $xc0,$xa0 - lea 64($inp),$inp - - cmp \$64*3,$len - jb .Less_than_64_16x - vpxord ($inp),$xc0,$xc0 - vmovdqu32 $xc0,($out,$inp) - je .Ldone16x - vmovdqa32 $xd0,$xa0 - lea 64($inp),$inp - - cmp \$64*4,$len - jb .Less_than_64_16x - vpxord ($inp),$xd0,$xd0 - vmovdqu32 $xd0,($out,$inp) - je .Ldone16x - vmovdqa32 $xa1,$xa0 - lea 64($inp),$inp - - cmp \$64*5,$len - jb .Less_than_64_16x - vpxord ($inp),$xa1,$xa1 - vmovdqu32 $xa1,($out,$inp) - je .Ldone16x - vmovdqa32 $xb1,$xa0 - lea 64($inp),$inp - - cmp \$64*6,$len - jb .Less_than_64_16x - vpxord ($inp),$xb1,$xb1 - vmovdqu32 $xb1,($out,$inp) - je .Ldone16x - vmovdqa32 $xc1,$xa0 - lea 64($inp),$inp - - cmp \$64*7,$len - jb .Less_than_64_16x - vpxord ($inp),$xc1,$xc1 - vmovdqu32 $xc1,($out,$inp) - je .Ldone16x - vmovdqa32 $xd1,$xa0 - lea 64($inp),$inp - - cmp \$64*8,$len - jb .Less_than_64_16x - vpxord ($inp),$xd1,$xd1 - vmovdqu32 $xd1,($out,$inp) - je .Ldone16x - vmovdqa32 $xa2,$xa0 - lea 64($inp),$inp - - cmp \$64*9,$len - jb .Less_than_64_16x - vpxord ($inp),$xa2,$xa2 - vmovdqu32 $xa2,($out,$inp) - je .Ldone16x - vmovdqa32 $xb2,$xa0 - lea 64($inp),$inp - - cmp \$64*10,$len - jb .Less_than_64_16x - vpxord ($inp),$xb2,$xb2 - vmovdqu32 $xb2,($out,$inp) - je .Ldone16x - vmovdqa32 $xc2,$xa0 - lea 64($inp),$inp - - cmp \$64*11,$len - jb .Less_than_64_16x - vpxord ($inp),$xc2,$xc2 - vmovdqu32 $xc2,($out,$inp) - je .Ldone16x - vmovdqa32 $xd2,$xa0 - lea 64($inp),$inp - - cmp \$64*12,$len - jb .Less_than_64_16x - vpxord ($inp),$xd2,$xd2 - vmovdqu32 $xd2,($out,$inp) - je .Ldone16x - vmovdqa32 $xa3,$xa0 - lea 64($inp),$inp - - cmp \$64*13,$len - jb .Less_than_64_16x - vpxord ($inp),$xa3,$xa3 - vmovdqu32 $xa3,($out,$inp) - je .Ldone16x - vmovdqa32 $xb3,$xa0 - lea 64($inp),$inp - - cmp \$64*14,$len - jb .Less_than_64_16x - vpxord ($inp),$xb3,$xb3 - vmovdqu32 $xb3,($out,$inp) - je .Ldone16x - vmovdqa32 $xc3,$xa0 - lea 64($inp),$inp - - cmp \$64*15,$len - jb .Less_than_64_16x - vpxord ($inp),$xc3,$xc3 - vmovdqu32 $xc3,($out,$inp) - je .Ldone16x - vmovdqa32 $xd3,$xa0 - lea 64($inp),$inp - -.Less_than_64_16x: - vmovdqa32 $xa0,0x00(%rsp) - lea ($out,$inp),$out - and \$63,$len - -.Loop_tail16x: - movzb ($inp,%r10),%eax - movzb (%rsp,%r10),%ecx - lea 1(%r10),%r10 - xor %ecx,%eax - mov %al,-1($out,%r10) - dec $len - jnz .Loop_tail16x - - vpxord $xa0,$xa0,$xa0 - vmovdqa32 $xa0,0(%rsp) - -.Ldone16x: - vzeroall -___ -$code.=<<___ if ($win64); - movaps -0xa8(%r9),%xmm6 - movaps -0x98(%r9),%xmm7 - movaps -0x88(%r9),%xmm8 - movaps -0x78(%r9),%xmm9 - movaps -0x68(%r9),%xmm10 - movaps -0x58(%r9),%xmm11 - movaps -0x48(%r9),%xmm12 - movaps -0x38(%r9),%xmm13 - movaps -0x28(%r9),%xmm14 - movaps -0x18(%r9),%xmm15 -___ -$code.=<<___; - lea (%r9),%rsp -.cfi_def_cfa_register %rsp -.L16x_epilogue: - ret -.cfi_endproc -.size ChaCha20_16x,.-ChaCha20_16x -___ - -# switch to %ymm domain -($xa0,$xa1,$xa2,$xa3, $xb0,$xb1,$xb2,$xb3, - $xc0,$xc1,$xc2,$xc3, $xd0,$xd1,$xd2,$xd3)=map("%ymm$_",(0..15)); -@xx=($xa0,$xa1,$xa2,$xa3, $xb0,$xb1,$xb2,$xb3, - $xc0,$xc1,$xc2,$xc3, $xd0,$xd1,$xd2,$xd3); -@key=map("%ymm$_",(16..31)); -($xt0,$xt1,$xt2,$xt3)=@key[0..3]; - -$code.=<<___; -.type ChaCha20_8xvl,\@function,5 -.align 32 -ChaCha20_8xvl: -.cfi_startproc -.LChaCha20_8xvl: - mov %rsp,%r9 # frame register -.cfi_def_cfa_register %r9 - sub \$64+$xframe,%rsp - and \$-64,%rsp -___ -$code.=<<___ if ($win64); - movaps %xmm6,-0xa8(%r9) - movaps %xmm7,-0x98(%r9) - movaps %xmm8,-0x88(%r9) - movaps %xmm9,-0x78(%r9) - movaps %xmm10,-0x68(%r9) - movaps %xmm11,-0x58(%r9) - movaps %xmm12,-0x48(%r9) - movaps %xmm13,-0x38(%r9) - movaps %xmm14,-0x28(%r9) - movaps %xmm15,-0x18(%r9) -.L8xvl_body: -___ -$code.=<<___; - vzeroupper - - lea .Lsigma(%rip),%r10 - vbroadcasti128 (%r10),$xa3 # key[0] - vbroadcasti128 ($key),$xb3 # key[1] - vbroadcasti128 16($key),$xc3 # key[2] - vbroadcasti128 ($counter),$xd3 # key[3] - - vpshufd \$0x00,$xa3,$xa0 # smash key by lanes... - vpshufd \$0x55,$xa3,$xa1 - vpshufd \$0xaa,$xa3,$xa2 - vpshufd \$0xff,$xa3,$xa3 - vmovdqa64 $xa0,@key[0] - vmovdqa64 $xa1,@key[1] - vmovdqa64 $xa2,@key[2] - vmovdqa64 $xa3,@key[3] - - vpshufd \$0x00,$xb3,$xb0 - vpshufd \$0x55,$xb3,$xb1 - vpshufd \$0xaa,$xb3,$xb2 - vpshufd \$0xff,$xb3,$xb3 - vmovdqa64 $xb0,@key[4] - vmovdqa64 $xb1,@key[5] - vmovdqa64 $xb2,@key[6] - vmovdqa64 $xb3,@key[7] - - vpshufd \$0x00,$xc3,$xc0 - vpshufd \$0x55,$xc3,$xc1 - vpshufd \$0xaa,$xc3,$xc2 - vpshufd \$0xff,$xc3,$xc3 - vmovdqa64 $xc0,@key[8] - vmovdqa64 $xc1,@key[9] - vmovdqa64 $xc2,@key[10] - vmovdqa64 $xc3,@key[11] - - vpshufd \$0x00,$xd3,$xd0 - vpshufd \$0x55,$xd3,$xd1 - vpshufd \$0xaa,$xd3,$xd2 - vpshufd \$0xff,$xd3,$xd3 - vpaddd .Lincy(%rip),$xd0,$xd0 # don't save counters yet - vmovdqa64 $xd0,@key[12] - vmovdqa64 $xd1,@key[13] - vmovdqa64 $xd2,@key[14] - vmovdqa64 $xd3,@key[15] - - mov \$10,%eax - jmp .Loop8xvl - -.align 32 -.Loop_outer8xvl: - #vpbroadcastd 0(%r10),$xa0 # reload key - #vpbroadcastd 4(%r10),$xa1 - vpbroadcastd 8(%r10),$xa2 - vpbroadcastd 12(%r10),$xa3 - vpaddd .Leight(%rip),@key[12],@key[12] # next SIMD counters - vmovdqa64 @key[4],$xb0 - vmovdqa64 @key[5],$xb1 - vmovdqa64 @key[6],$xb2 - vmovdqa64 @key[7],$xb3 - vmovdqa64 @key[8],$xc0 - vmovdqa64 @key[9],$xc1 - vmovdqa64 @key[10],$xc2 - vmovdqa64 @key[11],$xc3 - vmovdqa64 @key[12],$xd0 - vmovdqa64 @key[13],$xd1 - vmovdqa64 @key[14],$xd2 - vmovdqa64 @key[15],$xd3 - - vmovdqa64 $xa0,@key[0] - vmovdqa64 $xa1,@key[1] - vmovdqa64 $xa2,@key[2] - vmovdqa64 $xa3,@key[3] - - mov \$10,%eax - jmp .Loop8xvl - -.align 32 -.Loop8xvl: -___ - foreach (&AVX512_lane_ROUND(0, 4, 8,12)) { eval; } - foreach (&AVX512_lane_ROUND(0, 5,10,15)) { eval; } -$code.=<<___; - dec %eax - jnz .Loop8xvl - - vpaddd @key[0],$xa0,$xa0 # accumulate key - vpaddd @key[1],$xa1,$xa1 - vpaddd @key[2],$xa2,$xa2 - vpaddd @key[3],$xa3,$xa3 - - vpunpckldq $xa1,$xa0,$xt2 # "de-interlace" data - vpunpckldq $xa3,$xa2,$xt3 - vpunpckhdq $xa1,$xa0,$xa0 - vpunpckhdq $xa3,$xa2,$xa2 - vpunpcklqdq $xt3,$xt2,$xa1 # "a0" - vpunpckhqdq $xt3,$xt2,$xt2 # "a1" - vpunpcklqdq $xa2,$xa0,$xa3 # "a2" - vpunpckhqdq $xa2,$xa0,$xa0 # "a3" -___ - ($xa0,$xa1,$xa2,$xa3,$xt2)=($xa1,$xt2,$xa3,$xa0,$xa2); -$code.=<<___; - vpaddd @key[4],$xb0,$xb0 - vpaddd @key[5],$xb1,$xb1 - vpaddd @key[6],$xb2,$xb2 - vpaddd @key[7],$xb3,$xb3 - - vpunpckldq $xb1,$xb0,$xt2 - vpunpckldq $xb3,$xb2,$xt3 - vpunpckhdq $xb1,$xb0,$xb0 - vpunpckhdq $xb3,$xb2,$xb2 - vpunpcklqdq $xt3,$xt2,$xb1 # "b0" - vpunpckhqdq $xt3,$xt2,$xt2 # "b1" - vpunpcklqdq $xb2,$xb0,$xb3 # "b2" - vpunpckhqdq $xb2,$xb0,$xb0 # "b3" -___ - ($xb0,$xb1,$xb2,$xb3,$xt2)=($xb1,$xt2,$xb3,$xb0,$xb2); -$code.=<<___; - vshufi32x4 \$0,$xb0,$xa0,$xt3 # "de-interlace" further - vshufi32x4 \$3,$xb0,$xa0,$xb0 - vshufi32x4 \$0,$xb1,$xa1,$xa0 - vshufi32x4 \$3,$xb1,$xa1,$xb1 - vshufi32x4 \$0,$xb2,$xa2,$xa1 - vshufi32x4 \$3,$xb2,$xa2,$xb2 - vshufi32x4 \$0,$xb3,$xa3,$xa2 - vshufi32x4 \$3,$xb3,$xa3,$xb3 -___ - ($xa0,$xa1,$xa2,$xa3,$xt3)=($xt3,$xa0,$xa1,$xa2,$xa3); -$code.=<<___; - vpaddd @key[8],$xc0,$xc0 - vpaddd @key[9],$xc1,$xc1 - vpaddd @key[10],$xc2,$xc2 - vpaddd @key[11],$xc3,$xc3 - - vpunpckldq $xc1,$xc0,$xt2 - vpunpckldq $xc3,$xc2,$xt3 - vpunpckhdq $xc1,$xc0,$xc0 - vpunpckhdq $xc3,$xc2,$xc2 - vpunpcklqdq $xt3,$xt2,$xc1 # "c0" - vpunpckhqdq $xt3,$xt2,$xt2 # "c1" - vpunpcklqdq $xc2,$xc0,$xc3 # "c2" - vpunpckhqdq $xc2,$xc0,$xc0 # "c3" -___ - ($xc0,$xc1,$xc2,$xc3,$xt2)=($xc1,$xt2,$xc3,$xc0,$xc2); -$code.=<<___; - vpaddd @key[12],$xd0,$xd0 - vpaddd @key[13],$xd1,$xd1 - vpaddd @key[14],$xd2,$xd2 - vpaddd @key[15],$xd3,$xd3 - - vpunpckldq $xd1,$xd0,$xt2 - vpunpckldq $xd3,$xd2,$xt3 - vpunpckhdq $xd1,$xd0,$xd0 - vpunpckhdq $xd3,$xd2,$xd2 - vpunpcklqdq $xt3,$xt2,$xd1 # "d0" - vpunpckhqdq $xt3,$xt2,$xt2 # "d1" - vpunpcklqdq $xd2,$xd0,$xd3 # "d2" - vpunpckhqdq $xd2,$xd0,$xd0 # "d3" -___ - ($xd0,$xd1,$xd2,$xd3,$xt2)=($xd1,$xt2,$xd3,$xd0,$xd2); -$code.=<<___; - vperm2i128 \$0x20,$xd0,$xc0,$xt3 # "de-interlace" further - vperm2i128 \$0x31,$xd0,$xc0,$xd0 - vperm2i128 \$0x20,$xd1,$xc1,$xc0 - vperm2i128 \$0x31,$xd1,$xc1,$xd1 - vperm2i128 \$0x20,$xd2,$xc2,$xc1 - vperm2i128 \$0x31,$xd2,$xc2,$xd2 - vperm2i128 \$0x20,$xd3,$xc3,$xc2 - vperm2i128 \$0x31,$xd3,$xc3,$xd3 -___ - ($xc0,$xc1,$xc2,$xc3,$xt3)=($xt3,$xc0,$xc1,$xc2,$xc3); - ($xb0,$xb1,$xb2,$xb3,$xc0,$xc1,$xc2,$xc3)= - ($xc0,$xc1,$xc2,$xc3,$xb0,$xb1,$xb2,$xb3); -$code.=<<___; - cmp \$64*8,$len - jb .Ltail8xvl - - mov \$0x80,%eax # size optimization - vpxord 0x00($inp),$xa0,$xa0 # xor with input - vpxor 0x20($inp),$xb0,$xb0 - vpxor 0x40($inp),$xc0,$xc0 - vpxor 0x60($inp),$xd0,$xd0 - lea ($inp,%rax),$inp # size optimization - vmovdqu32 $xa0,0x00($out) - vmovdqu $xb0,0x20($out) - vmovdqu $xc0,0x40($out) - vmovdqu $xd0,0x60($out) - lea ($out,%rax),$out # size optimization - - vpxor 0x00($inp),$xa1,$xa1 - vpxor 0x20($inp),$xb1,$xb1 - vpxor 0x40($inp),$xc1,$xc1 - vpxor 0x60($inp),$xd1,$xd1 - lea ($inp,%rax),$inp # size optimization - vmovdqu $xa1,0x00($out) - vmovdqu $xb1,0x20($out) - vmovdqu $xc1,0x40($out) - vmovdqu $xd1,0x60($out) - lea ($out,%rax),$out # size optimization - - vpxord 0x00($inp),$xa2,$xa2 - vpxor 0x20($inp),$xb2,$xb2 - vpxor 0x40($inp),$xc2,$xc2 - vpxor 0x60($inp),$xd2,$xd2 - lea ($inp,%rax),$inp # size optimization - vmovdqu32 $xa2,0x00($out) - vmovdqu $xb2,0x20($out) - vmovdqu $xc2,0x40($out) - vmovdqu $xd2,0x60($out) - lea ($out,%rax),$out # size optimization - - vpxor 0x00($inp),$xa3,$xa3 - vpxor 0x20($inp),$xb3,$xb3 - vpxor 0x40($inp),$xc3,$xc3 - vpxor 0x60($inp),$xd3,$xd3 - lea ($inp,%rax),$inp # size optimization - vmovdqu $xa3,0x00($out) - vmovdqu $xb3,0x20($out) - vmovdqu $xc3,0x40($out) - vmovdqu $xd3,0x60($out) - lea ($out,%rax),$out # size optimization - - vpbroadcastd 0(%r10),%ymm0 # reload key - vpbroadcastd 4(%r10),%ymm1 - - sub \$64*8,$len - jnz .Loop_outer8xvl - - jmp .Ldone8xvl - -.align 32 -.Ltail8xvl: - vmovdqa64 $xa0,%ymm8 # size optimization -___ -$xa0 = "%ymm8"; -$code.=<<___; - xor %r10,%r10 - sub $inp,$out - cmp \$64*1,$len - jb .Less_than_64_8xvl - vpxor 0x00($inp),$xa0,$xa0 # xor with input - vpxor 0x20($inp),$xb0,$xb0 - vmovdqu $xa0,0x00($out,$inp) - vmovdqu $xb0,0x20($out,$inp) - je .Ldone8xvl - vmovdqa $xc0,$xa0 - vmovdqa $xd0,$xb0 - lea 64($inp),$inp - - cmp \$64*2,$len - jb .Less_than_64_8xvl - vpxor 0x00($inp),$xc0,$xc0 - vpxor 0x20($inp),$xd0,$xd0 - vmovdqu $xc0,0x00($out,$inp) - vmovdqu $xd0,0x20($out,$inp) - je .Ldone8xvl - vmovdqa $xa1,$xa0 - vmovdqa $xb1,$xb0 - lea 64($inp),$inp - - cmp \$64*3,$len - jb .Less_than_64_8xvl - vpxor 0x00($inp),$xa1,$xa1 - vpxor 0x20($inp),$xb1,$xb1 - vmovdqu $xa1,0x00($out,$inp) - vmovdqu $xb1,0x20($out,$inp) - je .Ldone8xvl - vmovdqa $xc1,$xa0 - vmovdqa $xd1,$xb0 - lea 64($inp),$inp - - cmp \$64*4,$len - jb .Less_than_64_8xvl - vpxor 0x00($inp),$xc1,$xc1 - vpxor 0x20($inp),$xd1,$xd1 - vmovdqu $xc1,0x00($out,$inp) - vmovdqu $xd1,0x20($out,$inp) - je .Ldone8xvl - vmovdqa32 $xa2,$xa0 - vmovdqa $xb2,$xb0 - lea 64($inp),$inp - - cmp \$64*5,$len - jb .Less_than_64_8xvl - vpxord 0x00($inp),$xa2,$xa2 - vpxor 0x20($inp),$xb2,$xb2 - vmovdqu32 $xa2,0x00($out,$inp) - vmovdqu $xb2,0x20($out,$inp) - je .Ldone8xvl - vmovdqa $xc2,$xa0 - vmovdqa $xd2,$xb0 - lea 64($inp),$inp - - cmp \$64*6,$len - jb .Less_than_64_8xvl - vpxor 0x00($inp),$xc2,$xc2 - vpxor 0x20($inp),$xd2,$xd2 - vmovdqu $xc2,0x00($out,$inp) - vmovdqu $xd2,0x20($out,$inp) - je .Ldone8xvl - vmovdqa $xa3,$xa0 - vmovdqa $xb3,$xb0 - lea 64($inp),$inp - - cmp \$64*7,$len - jb .Less_than_64_8xvl - vpxor 0x00($inp),$xa3,$xa3 - vpxor 0x20($inp),$xb3,$xb3 - vmovdqu $xa3,0x00($out,$inp) - vmovdqu $xb3,0x20($out,$inp) - je .Ldone8xvl - vmovdqa $xc3,$xa0 - vmovdqa $xd3,$xb0 - lea 64($inp),$inp - -.Less_than_64_8xvl: - vmovdqa $xa0,0x00(%rsp) - vmovdqa $xb0,0x20(%rsp) - lea ($out,$inp),$out - and \$63,$len - -.Loop_tail8xvl: - movzb ($inp,%r10),%eax - movzb (%rsp,%r10),%ecx - lea 1(%r10),%r10 - xor %ecx,%eax - mov %al,-1($out,%r10) - dec $len - jnz .Loop_tail8xvl - - vpxor $xa0,$xa0,$xa0 - vmovdqa $xa0,0x00(%rsp) - vmovdqa $xa0,0x20(%rsp) - -.Ldone8xvl: - vzeroall -___ -$code.=<<___ if ($win64); - movaps -0xa8(%r9),%xmm6 - movaps -0x98(%r9),%xmm7 - movaps -0x88(%r9),%xmm8 - movaps -0x78(%r9),%xmm9 - movaps -0x68(%r9),%xmm10 - movaps -0x58(%r9),%xmm11 - movaps -0x48(%r9),%xmm12 - movaps -0x38(%r9),%xmm13 - movaps -0x28(%r9),%xmm14 - movaps -0x18(%r9),%xmm15 -___ -$code.=<<___; - lea (%r9),%rsp -.cfi_def_cfa_register %rsp -.L8xvl_epilogue: - ret -.cfi_endproc -.size ChaCha20_8xvl,.-ChaCha20_8xvl -___ -} - -# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame, -# CONTEXT *context,DISPATCHER_CONTEXT *disp) -if ($win64) { -$rec="%rcx"; -$frame="%rdx"; -$context="%r8"; -$disp="%r9"; - -$code.=<<___; -.extern __imp_RtlVirtualUnwind -.type se_handler,\@abi-omnipotent -.align 16 -se_handler: - push %rsi - push %rdi - push %rbx - push %rbp - push %r12 - push %r13 - push %r14 - push %r15 - pushfq - sub \$64,%rsp - - mov 120($context),%rax # pull context->Rax - mov 248($context),%rbx # pull context->Rip - - mov 8($disp),%rsi # disp->ImageBase - mov 56($disp),%r11 # disp->HandlerData - - lea .Lctr32_body(%rip),%r10 - cmp %r10,%rbx # context->Rip<.Lprologue - jb .Lcommon_seh_tail - - mov 152($context),%rax # pull context->Rsp - - lea .Lno_data(%rip),%r10 # epilogue label - cmp %r10,%rbx # context->Rip>=.Lepilogue - jae .Lcommon_seh_tail - - lea 64+24+48(%rax),%rax - - mov -8(%rax),%rbx - mov -16(%rax),%rbp - mov -24(%rax),%r12 - mov -32(%rax),%r13 - mov -40(%rax),%r14 - mov -48(%rax),%r15 - mov %rbx,144($context) # restore context->Rbx - mov %rbp,160($context) # restore context->Rbp - mov %r12,216($context) # restore context->R12 - mov %r13,224($context) # restore context->R13 - mov %r14,232($context) # restore context->R14 - mov %r15,240($context) # restore context->R14 - -.Lcommon_seh_tail: - mov 8(%rax),%rdi - mov 16(%rax),%rsi - mov %rax,152($context) # restore context->Rsp - mov %rsi,168($context) # restore context->Rsi - mov %rdi,176($context) # restore context->Rdi - - mov 40($disp),%rdi # disp->ContextRecord - mov $context,%rsi # context - mov \$154,%ecx # sizeof(CONTEXT) - .long 0xa548f3fc # cld; rep movsq - - mov $disp,%rsi - xor %rcx,%rcx # arg1, UNW_FLAG_NHANDLER - mov 8(%rsi),%rdx # arg2, disp->ImageBase - mov 0(%rsi),%r8 # arg3, disp->ControlPc - mov 16(%rsi),%r9 # arg4, disp->FunctionEntry - mov 40(%rsi),%r10 # disp->ContextRecord - lea 56(%rsi),%r11 # &disp->HandlerData - lea 24(%rsi),%r12 # &disp->EstablisherFrame - mov %r10,32(%rsp) # arg5 - mov %r11,40(%rsp) # arg6 - mov %r12,48(%rsp) # arg7 - mov %rcx,56(%rsp) # arg8, (NULL) - call *__imp_RtlVirtualUnwind(%rip) - - mov \$1,%eax # ExceptionContinueSearch - add \$64,%rsp - popfq - pop %r15 - pop %r14 - pop %r13 - pop %r12 - pop %rbp - pop %rbx - pop %rdi - pop %rsi - ret -.size se_handler,.-se_handler - -.type simd_handler,\@abi-omnipotent -.align 16 -simd_handler: - push %rsi - push %rdi - push %rbx - push %rbp - push %r12 - push %r13 - push %r14 - push %r15 - pushfq - sub \$64,%rsp - - mov 120($context),%rax # pull context->Rax - mov 248($context),%rbx # pull context->Rip - - mov 8($disp),%rsi # disp->ImageBase - mov 56($disp),%r11 # disp->HandlerData - - mov 0(%r11),%r10d # HandlerData[0] - lea (%rsi,%r10),%r10 # prologue label - cmp %r10,%rbx # context->RipR9 - - mov 4(%r11),%r10d # HandlerData[1] - mov 8(%r11),%ecx # HandlerData[2] - lea (%rsi,%r10),%r10 # epilogue label - cmp %r10,%rbx # context->Rip>=epilogue label - jae .Lcommon_seh_tail - - neg %rcx - lea -8(%rax,%rcx),%rsi - lea 512($context),%rdi # &context.Xmm6 - neg %ecx - shr \$3,%ecx - .long 0xa548f3fc # cld; rep movsq - - jmp .Lcommon_seh_tail -.size simd_handler,.-simd_handler - -.section .pdata -.align 4 - .rva .LSEH_begin_ChaCha20_ctr32 - .rva .LSEH_end_ChaCha20_ctr32 - .rva .LSEH_info_ChaCha20_ctr32 - - .rva .LSEH_begin_ChaCha20_ssse3 - .rva .LSEH_end_ChaCha20_ssse3 - .rva .LSEH_info_ChaCha20_ssse3 - - .rva .LSEH_begin_ChaCha20_128 - .rva .LSEH_end_ChaCha20_128 - .rva .LSEH_info_ChaCha20_128 - - .rva .LSEH_begin_ChaCha20_4x - .rva .LSEH_end_ChaCha20_4x - .rva .LSEH_info_ChaCha20_4x -___ -$code.=<<___ if ($avx); - .rva .LSEH_begin_ChaCha20_4xop - .rva .LSEH_end_ChaCha20_4xop - .rva .LSEH_info_ChaCha20_4xop -___ -$code.=<<___ if ($avx>1); - .rva .LSEH_begin_ChaCha20_8x - .rva .LSEH_end_ChaCha20_8x - .rva .LSEH_info_ChaCha20_8x -___ -$code.=<<___ if ($avx>2); - .rva .LSEH_begin_ChaCha20_avx512 - .rva .LSEH_end_ChaCha20_avx512 - .rva .LSEH_info_ChaCha20_avx512 - - .rva .LSEH_begin_ChaCha20_avx512vl - .rva .LSEH_end_ChaCha20_avx512vl - .rva .LSEH_info_ChaCha20_avx512vl - - .rva .LSEH_begin_ChaCha20_16x - .rva .LSEH_end_ChaCha20_16x - .rva .LSEH_info_ChaCha20_16x - - .rva .LSEH_begin_ChaCha20_8xvl - .rva .LSEH_end_ChaCha20_8xvl - .rva .LSEH_info_ChaCha20_8xvl -___ -$code.=<<___; -.section .xdata -.align 8 -.LSEH_info_ChaCha20_ctr32: - .byte 9,0,0,0 - .rva se_handler - -.LSEH_info_ChaCha20_ssse3: - .byte 9,0,0,0 - .rva simd_handler - .rva .Lssse3_body,.Lssse3_epilogue - .long 0x20,0 - -.LSEH_info_ChaCha20_128: - .byte 9,0,0,0 - .rva simd_handler - .rva .L128_body,.L128_epilogue - .long 0x60,0 - -.LSEH_info_ChaCha20_4x: - .byte 9,0,0,0 - .rva simd_handler - .rva .L4x_body,.L4x_epilogue - .long 0xa0,0 -___ -$code.=<<___ if ($avx); -.LSEH_info_ChaCha20_4xop: - .byte 9,0,0,0 - .rva simd_handler - .rva .L4xop_body,.L4xop_epilogue # HandlerData[] - .long 0xa0,0 -___ -$code.=<<___ if ($avx>1); -.LSEH_info_ChaCha20_8x: - .byte 9,0,0,0 - .rva simd_handler - .rva .L8x_body,.L8x_epilogue # HandlerData[] - .long 0xa0,0 -___ -$code.=<<___ if ($avx>2); -.LSEH_info_ChaCha20_avx512: - .byte 9,0,0,0 - .rva simd_handler - .rva .Lavx512_body,.Lavx512_epilogue # HandlerData[] - .long 0x20,0 - -.LSEH_info_ChaCha20_avx512vl: - .byte 9,0,0,0 - .rva simd_handler - .rva .Lavx512vl_body,.Lavx512vl_epilogue # HandlerData[] - .long 0x20,0 - -.LSEH_info_ChaCha20_16x: - .byte 9,0,0,0 - .rva simd_handler - .rva .L16x_body,.L16x_epilogue # HandlerData[] - .long 0xa0,0 - -.LSEH_info_ChaCha20_8xvl: - .byte 9,0,0,0 - .rva simd_handler - .rva .L8xvl_body,.L8xvl_epilogue # HandlerData[] - .long 0xa0,0 -___ -} - -foreach (split("\n",$code)) { - s/\`([^\`]*)\`/eval $1/ge; - - s/%x#%[yz]/%x/g; # "down-shift" - - print $_,"\n"; -} - -close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/chacha/build.info b/crypto/chacha/build.info deleted file mode 100644 index e7159dc066dc9c7002042c7c5afe2f4a86422a3e..0000000000000000000000000000000000000000 --- a/crypto/chacha/build.info +++ /dev/null @@ -1,40 +0,0 @@ -LIBS=../../libcrypto - -$CHACHAASM=chacha_enc.c -IF[{- !$disabled{asm} -}] - $CHACHAASM_x86=chacha-x86.S - $CHACHAASM_x86_64=chacha-x86_64.s - - $CHACHAASM_ia64=chacha-ia64.s - - $CHACHAASM_s390x=chacha-s390x.S - - $CHACHAASM_armv4=chacha-armv4.S - $CHACHAASM_aarch64=chacha-armv8.S - - $CHACHAASM_ppc32=chacha_ppc.c chacha-ppc.s - $CHACHAASM_ppc64=$CHACHAASM_ppc32 - - $CHACHAASM_c64xplus=chacha-c64xplus.s - - # Now that we have defined all the arch specific variables, use the - # appropriate one - IF[$CHACHAASM_{- $target{asm_arch} -}] - $CHACHAASM=$CHACHAASM_{- $target{asm_arch} -} - ENDIF -ENDIF - -SOURCE[../../libcrypto]=$CHACHAASM - -GENERATE[chacha-x86.S]=asm/chacha-x86.pl -GENERATE[chacha-x86_64.s]=asm/chacha-x86_64.pl -GENERATE[chacha-ppc.s]=asm/chacha-ppc.pl -GENERATE[chacha-armv4.S]=asm/chacha-armv4.pl -INCLUDE[chacha-armv4.o]=.. -GENERATE[chacha-armv8.S]=asm/chacha-armv8.pl -INCLUDE[chacha-armv8.o]=.. -INCLUDE[chacha-s390x.o]=.. -GENERATE[chacha-c64xplus.S]=asm/chacha-c64xplus.pl -GENERATE[chacha-s390x.S]=asm/chacha-s390x.pl -GENERATE[chacha-ia64.S]=asm/chacha-ia64.pl -GENERATE[chacha-ia64.s]=chacha-ia64.S diff --git a/crypto/chacha/chacha_enc.c b/crypto/chacha/chacha_enc.c deleted file mode 100644 index c5d1d63d80272f02fce98b1018f049ee4d729aee..0000000000000000000000000000000000000000 --- a/crypto/chacha/chacha_enc.c +++ /dev/null @@ -1,128 +0,0 @@ -/* - * Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* Adapted from the public domain code by D. Bernstein from SUPERCOP. */ - -#include - -#include "internal/endian.h" -#include "crypto/chacha.h" -#include "crypto/ctype.h" - -typedef unsigned int u32; -typedef unsigned char u8; -typedef union { - u32 u[16]; - u8 c[64]; -} chacha_buf; - -# define ROTATE(v, n) (((v) << (n)) | ((v) >> (32 - (n)))) - -# define U32TO8_LITTLE(p, v) do { \ - (p)[0] = (u8)(v >> 0); \ - (p)[1] = (u8)(v >> 8); \ - (p)[2] = (u8)(v >> 16); \ - (p)[3] = (u8)(v >> 24); \ - } while(0) - -/* QUARTERROUND updates a, b, c, d with a ChaCha "quarter" round. */ -# define QUARTERROUND(a,b,c,d) ( \ - x[a] += x[b], x[d] = ROTATE((x[d] ^ x[a]),16), \ - x[c] += x[d], x[b] = ROTATE((x[b] ^ x[c]),12), \ - x[a] += x[b], x[d] = ROTATE((x[d] ^ x[a]), 8), \ - x[c] += x[d], x[b] = ROTATE((x[b] ^ x[c]), 7) ) - -/* chacha_core performs 20 rounds of ChaCha on the input words in - * |input| and writes the 64 output bytes to |output|. */ -static void chacha20_core(chacha_buf *output, const u32 input[16]) -{ - u32 x[16]; - int i; - DECLARE_IS_ENDIAN; - - memcpy(x, input, sizeof(x)); - - for (i = 20; i > 0; i -= 2) { - QUARTERROUND(0, 4, 8, 12); - QUARTERROUND(1, 5, 9, 13); - QUARTERROUND(2, 6, 10, 14); - QUARTERROUND(3, 7, 11, 15); - QUARTERROUND(0, 5, 10, 15); - QUARTERROUND(1, 6, 11, 12); - QUARTERROUND(2, 7, 8, 13); - QUARTERROUND(3, 4, 9, 14); - } - - if (IS_LITTLE_ENDIAN) { - for (i = 0; i < 16; ++i) - output->u[i] = x[i] + input[i]; - } else { - for (i = 0; i < 16; ++i) - U32TO8_LITTLE(output->c + 4 * i, (x[i] + input[i])); - } -} - -void ChaCha20_ctr32(unsigned char *out, const unsigned char *inp, - size_t len, const unsigned int key[8], - const unsigned int counter[4]) -{ - u32 input[16]; - chacha_buf buf; - size_t todo, i; - - /* sigma constant "expand 32-byte k" in little-endian encoding */ - input[0] = ((u32)ossl_toascii('e')) | ((u32)ossl_toascii('x') << 8) - | ((u32)ossl_toascii('p') << 16) - | ((u32)ossl_toascii('a') << 24); - input[1] = ((u32)ossl_toascii('n')) | ((u32)ossl_toascii('d') << 8) - | ((u32)ossl_toascii(' ') << 16) - | ((u32)ossl_toascii('3') << 24); - input[2] = ((u32)ossl_toascii('2')) | ((u32)ossl_toascii('-') << 8) - | ((u32)ossl_toascii('b') << 16) - | ((u32)ossl_toascii('y') << 24); - input[3] = ((u32)ossl_toascii('t')) | ((u32)ossl_toascii('e') << 8) - | ((u32)ossl_toascii(' ') << 16) - | ((u32)ossl_toascii('k') << 24); - - input[4] = key[0]; - input[5] = key[1]; - input[6] = key[2]; - input[7] = key[3]; - input[8] = key[4]; - input[9] = key[5]; - input[10] = key[6]; - input[11] = key[7]; - - input[12] = counter[0]; - input[13] = counter[1]; - input[14] = counter[2]; - input[15] = counter[3]; - - while (len > 0) { - todo = sizeof(buf); - if (len < todo) - todo = len; - - chacha20_core(&buf, input); - - for (i = 0; i < todo; i++) - out[i] = inp[i] ^ buf.c[i]; - out += todo; - inp += todo; - len -= todo; - - /* - * Advance 32-bit counter. Note that as subroutine is so to - * say nonce-agnostic, this limited counter width doesn't - * prevent caller from implementing wider counter. It would - * simply take two calls split on counter overflow... - */ - input[12]++; - } -} diff --git a/crypto/chacha/chacha_ppc.c b/crypto/chacha/chacha_ppc.c deleted file mode 100644 index 5319040cc167a506cfd5897a1e71fa3c9d85eca2..0000000000000000000000000000000000000000 --- a/crypto/chacha/chacha_ppc.c +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Copyright 2009-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include - -#include -#include "crypto/chacha.h" -#include "crypto/ppc_arch.h" - -void ChaCha20_ctr32_int(unsigned char *out, const unsigned char *inp, - size_t len, const unsigned int key[8], - const unsigned int counter[4]); -void ChaCha20_ctr32_vmx(unsigned char *out, const unsigned char *inp, - size_t len, const unsigned int key[8], - const unsigned int counter[4]); -void ChaCha20_ctr32_vsx(unsigned char *out, const unsigned char *inp, - size_t len, const unsigned int key[8], - const unsigned int counter[4]); -void ChaCha20_ctr32(unsigned char *out, const unsigned char *inp, - size_t len, const unsigned int key[8], - const unsigned int counter[4]) -{ - OPENSSL_ppccap_P & PPC_CRYPTO207 - ? ChaCha20_ctr32_vsx(out, inp, len, key, counter) - : OPENSSL_ppccap_P & PPC_ALTIVEC - ? ChaCha20_ctr32_vmx(out, inp, len, key, counter) - : ChaCha20_ctr32_int(out, inp, len, key, counter); -} diff --git a/crypto/cmac/build.info b/crypto/cmac/build.info deleted file mode 100644 index 0c0e50941f67f97ea5ff6d0f993e8c65a4dea143..0000000000000000000000000000000000000000 --- a/crypto/cmac/build.info +++ /dev/null @@ -1,6 +0,0 @@ -LIBS=../../libcrypto - -$COMMON=cmac.c - -SOURCE[../../libcrypto]=$COMMON -SOURCE[../../providers/libfips.a]=$COMMON diff --git a/crypto/cmac/cmac.c b/crypto/cmac/cmac.c deleted file mode 100644 index 7f94727085e5b4ef19d3a6d867913b5b3054c369..0000000000000000000000000000000000000000 --- a/crypto/cmac/cmac.c +++ /dev/null @@ -1,249 +0,0 @@ -/* - * Copyright 2010-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * CMAC low level APIs are deprecated for public use, but still ok for internal - * use. - */ -#include "internal/deprecated.h" - -#include -#include -#include -#include "internal/cryptlib.h" -#include -#include - -struct CMAC_CTX_st { - /* Cipher context to use */ - EVP_CIPHER_CTX *cctx; - /* Keys k1 and k2 */ - unsigned char k1[EVP_MAX_BLOCK_LENGTH]; - unsigned char k2[EVP_MAX_BLOCK_LENGTH]; - /* Temporary block */ - unsigned char tbl[EVP_MAX_BLOCK_LENGTH]; - /* Last (possibly partial) block */ - unsigned char last_block[EVP_MAX_BLOCK_LENGTH]; - /* Number of bytes in last block: -1 means context not initialised */ - int nlast_block; -}; - -/* Make temporary keys K1 and K2 */ - -static void make_kn(unsigned char *k1, const unsigned char *l, int bl) -{ - int i; - unsigned char c = l[0], carry = c >> 7, cnext; - - /* Shift block to left, including carry */ - for (i = 0; i < bl - 1; i++, c = cnext) - k1[i] = (c << 1) | ((cnext = l[i + 1]) >> 7); - - /* If MSB set fixup with R */ - k1[i] = (c << 1) ^ ((0 - carry) & (bl == 16 ? 0x87 : 0x1b)); -} - -CMAC_CTX *CMAC_CTX_new(void) -{ - CMAC_CTX *ctx; - - if ((ctx = OPENSSL_malloc(sizeof(*ctx))) == NULL) { - ERR_raise(ERR_LIB_CRYPTO, ERR_R_MALLOC_FAILURE); - return NULL; - } - ctx->cctx = EVP_CIPHER_CTX_new(); - if (ctx->cctx == NULL) { - OPENSSL_free(ctx); - return NULL; - } - ctx->nlast_block = -1; - return ctx; -} - -void CMAC_CTX_cleanup(CMAC_CTX *ctx) -{ - EVP_CIPHER_CTX_reset(ctx->cctx); - OPENSSL_cleanse(ctx->tbl, EVP_MAX_BLOCK_LENGTH); - OPENSSL_cleanse(ctx->k1, EVP_MAX_BLOCK_LENGTH); - OPENSSL_cleanse(ctx->k2, EVP_MAX_BLOCK_LENGTH); - OPENSSL_cleanse(ctx->last_block, EVP_MAX_BLOCK_LENGTH); - ctx->nlast_block = -1; -} - -EVP_CIPHER_CTX *CMAC_CTX_get0_cipher_ctx(CMAC_CTX *ctx) -{ - return ctx->cctx; -} - -void CMAC_CTX_free(CMAC_CTX *ctx) -{ - if (!ctx) - return; - CMAC_CTX_cleanup(ctx); - EVP_CIPHER_CTX_free(ctx->cctx); - OPENSSL_free(ctx); -} - -int CMAC_CTX_copy(CMAC_CTX *out, const CMAC_CTX *in) -{ - int bl; - - if (in->nlast_block == -1) - return 0; - if ((bl = EVP_CIPHER_CTX_get_block_size(in->cctx)) < 0) - return 0; - if (!EVP_CIPHER_CTX_copy(out->cctx, in->cctx)) - return 0; - memcpy(out->k1, in->k1, bl); - memcpy(out->k2, in->k2, bl); - memcpy(out->tbl, in->tbl, bl); - memcpy(out->last_block, in->last_block, bl); - out->nlast_block = in->nlast_block; - return 1; -} - -int CMAC_Init(CMAC_CTX *ctx, const void *key, size_t keylen, - const EVP_CIPHER *cipher, ENGINE *impl) -{ - static const unsigned char zero_iv[EVP_MAX_BLOCK_LENGTH] = { 0 }; - - /* All zeros means restart */ - if (!key && !cipher && !impl && keylen == 0) { - /* Not initialised */ - if (ctx->nlast_block == -1) - return 0; - if (!EVP_EncryptInit_ex(ctx->cctx, NULL, NULL, NULL, zero_iv)) - return 0; - memset(ctx->tbl, 0, EVP_CIPHER_CTX_get_block_size(ctx->cctx)); - ctx->nlast_block = 0; - return 1; - } - /* Initialise context */ - if (cipher != NULL) { - /* Ensure we can't use this ctx until we also have a key */ - ctx->nlast_block = -1; - if (!EVP_EncryptInit_ex(ctx->cctx, cipher, impl, NULL, NULL)) - return 0; - } - /* Non-NULL key means initialisation complete */ - if (key != NULL) { - int bl; - - /* If anything fails then ensure we can't use this ctx */ - ctx->nlast_block = -1; - if (EVP_CIPHER_CTX_get0_cipher(ctx->cctx) == NULL) - return 0; - if (EVP_CIPHER_CTX_set_key_length(ctx->cctx, keylen) <= 0) - return 0; - if (!EVP_EncryptInit_ex(ctx->cctx, NULL, NULL, key, zero_iv)) - return 0; - if ((bl = EVP_CIPHER_CTX_get_block_size(ctx->cctx)) < 0) - return 0; - if (EVP_Cipher(ctx->cctx, ctx->tbl, zero_iv, bl) <= 0) - return 0; - make_kn(ctx->k1, ctx->tbl, bl); - make_kn(ctx->k2, ctx->k1, bl); - OPENSSL_cleanse(ctx->tbl, bl); - /* Reset context again ready for first data block */ - if (!EVP_EncryptInit_ex(ctx->cctx, NULL, NULL, NULL, zero_iv)) - return 0; - /* Zero tbl so resume works */ - memset(ctx->tbl, 0, bl); - ctx->nlast_block = 0; - } - return 1; -} - -int CMAC_Update(CMAC_CTX *ctx, const void *in, size_t dlen) -{ - const unsigned char *data = in; - int bl; - - if (ctx->nlast_block == -1) - return 0; - if (dlen == 0) - return 1; - if ((bl = EVP_CIPHER_CTX_get_block_size(ctx->cctx)) < 0) - return 0; - /* Copy into partial block if we need to */ - if (ctx->nlast_block > 0) { - size_t nleft; - - nleft = bl - ctx->nlast_block; - if (dlen < nleft) - nleft = dlen; - memcpy(ctx->last_block + ctx->nlast_block, data, nleft); - dlen -= nleft; - ctx->nlast_block += nleft; - /* If no more to process return */ - if (dlen == 0) - return 1; - data += nleft; - /* Else not final block so encrypt it */ - if (EVP_Cipher(ctx->cctx, ctx->tbl, ctx->last_block, bl) <= 0) - return 0; - } - /* Encrypt all but one of the complete blocks left */ - while (dlen > (size_t)bl) { - if (EVP_Cipher(ctx->cctx, ctx->tbl, data, bl) <= 0) - return 0; - dlen -= bl; - data += bl; - } - /* Copy any data left to last block buffer */ - memcpy(ctx->last_block, data, dlen); - ctx->nlast_block = dlen; - return 1; - -} - -int CMAC_Final(CMAC_CTX *ctx, unsigned char *out, size_t *poutlen) -{ - int i, bl, lb; - - if (ctx->nlast_block == -1) - return 0; - if ((bl = EVP_CIPHER_CTX_get_block_size(ctx->cctx)) < 0) - return 0; - if (poutlen != NULL) - *poutlen = (size_t)bl; - if (!out) - return 1; - lb = ctx->nlast_block; - /* Is last block complete? */ - if (lb == bl) { - for (i = 0; i < bl; i++) - out[i] = ctx->last_block[i] ^ ctx->k1[i]; - } else { - ctx->last_block[lb] = 0x80; - if (bl - lb > 1) - memset(ctx->last_block + lb + 1, 0, bl - lb - 1); - for (i = 0; i < bl; i++) - out[i] = ctx->last_block[i] ^ ctx->k2[i]; - } - if (EVP_Cipher(ctx->cctx, out, out, bl) <= 0) { - OPENSSL_cleanse(out, bl); - return 0; - } - return 1; -} - -int CMAC_resume(CMAC_CTX *ctx) -{ - if (ctx->nlast_block == -1) - return 0; - /* - * The buffer "tbl" contains the last fully encrypted block which is the - * last IV (or all zeroes if no last encrypted block). The last block has - * not been modified since CMAC_final(). So reinitialising using the last - * decrypted block will allow CMAC to continue after calling - * CMAC_Final(). - */ - return EVP_EncryptInit_ex(ctx->cctx, NULL, NULL, NULL, ctx->tbl); -} diff --git a/crypto/cmp/build.info b/crypto/cmp/build.info deleted file mode 100644 index a2a57c14ec10061234ee3e992a2f6e834cffcabc..0000000000000000000000000000000000000000 --- a/crypto/cmp/build.info +++ /dev/null @@ -1,4 +0,0 @@ -LIBS=../../libcrypto -SOURCE[../../libcrypto]= cmp_asn.c cmp_ctx.c cmp_err.c cmp_util.c \ - cmp_status.c cmp_hdr.c cmp_protect.c cmp_msg.c cmp_vfy.c \ - cmp_server.c cmp_client.c cmp_http.c diff --git a/crypto/cmp/cmp_asn.c b/crypto/cmp/cmp_asn.c deleted file mode 100644 index 0ca107554c96dd04913119563f8a3149a0cd6ad1..0000000000000000000000000000000000000000 --- a/crypto/cmp/cmp_asn.c +++ /dev/null @@ -1,459 +0,0 @@ -/* - * Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved. - * Copyright Nokia 2007-2019 - * Copyright Siemens AG 2015-2019 - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include - -#include "cmp_local.h" - -/* explicit #includes not strictly needed since implied by the above: */ -#include -#include - -/* ASN.1 declarations from RFC4210 */ -ASN1_SEQUENCE(OSSL_CMP_REVANNCONTENT) = { - /* OSSL_CMP_PKISTATUS is effectively ASN1_INTEGER so it is used directly */ - ASN1_SIMPLE(OSSL_CMP_REVANNCONTENT, status, ASN1_INTEGER), - ASN1_SIMPLE(OSSL_CMP_REVANNCONTENT, certId, OSSL_CRMF_CERTID), - ASN1_SIMPLE(OSSL_CMP_REVANNCONTENT, willBeRevokedAt, ASN1_GENERALIZEDTIME), - ASN1_SIMPLE(OSSL_CMP_REVANNCONTENT, badSinceDate, ASN1_GENERALIZEDTIME), - ASN1_OPT(OSSL_CMP_REVANNCONTENT, crlDetails, X509_EXTENSIONS) -} ASN1_SEQUENCE_END(OSSL_CMP_REVANNCONTENT) -IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_REVANNCONTENT) - - -ASN1_SEQUENCE(OSSL_CMP_CHALLENGE) = { - ASN1_OPT(OSSL_CMP_CHALLENGE, owf, X509_ALGOR), - ASN1_SIMPLE(OSSL_CMP_CHALLENGE, witness, ASN1_OCTET_STRING), - ASN1_SIMPLE(OSSL_CMP_CHALLENGE, challenge, ASN1_OCTET_STRING) -} ASN1_SEQUENCE_END(OSSL_CMP_CHALLENGE) -IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_CHALLENGE) - - -ASN1_ITEM_TEMPLATE(OSSL_CMP_POPODECKEYCHALLCONTENT) = - ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, - OSSL_CMP_POPODECKEYCHALLCONTENT, OSSL_CMP_CHALLENGE) -ASN1_ITEM_TEMPLATE_END(OSSL_CMP_POPODECKEYCHALLCONTENT) - - -ASN1_ITEM_TEMPLATE(OSSL_CMP_POPODECKEYRESPCONTENT) = - ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, - OSSL_CMP_POPODECKEYRESPCONTENT, ASN1_INTEGER) -ASN1_ITEM_TEMPLATE_END(OSSL_CMP_POPODECKEYRESPCONTENT) - - -ASN1_SEQUENCE(OSSL_CMP_CAKEYUPDANNCONTENT) = { - /* OSSL_CMP_CMPCERTIFICATE is effectively X509 so it is used directly */ - ASN1_SIMPLE(OSSL_CMP_CAKEYUPDANNCONTENT, oldWithNew, X509), - /* OSSL_CMP_CMPCERTIFICATE is effectively X509 so it is used directly */ - ASN1_SIMPLE(OSSL_CMP_CAKEYUPDANNCONTENT, newWithOld, X509), - /* OSSL_CMP_CMPCERTIFICATE is effectively X509 so it is used directly */ - ASN1_SIMPLE(OSSL_CMP_CAKEYUPDANNCONTENT, newWithNew, X509) -} ASN1_SEQUENCE_END(OSSL_CMP_CAKEYUPDANNCONTENT) -IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_CAKEYUPDANNCONTENT) - - -ASN1_SEQUENCE(OSSL_CMP_ERRORMSGCONTENT) = { - ASN1_SIMPLE(OSSL_CMP_ERRORMSGCONTENT, pKIStatusInfo, OSSL_CMP_PKISI), - ASN1_OPT(OSSL_CMP_ERRORMSGCONTENT, errorCode, ASN1_INTEGER), - /* - * OSSL_CMP_PKIFREETEXT is effectively a sequence of ASN1_UTF8STRING - * so it is used directly - * - */ - ASN1_SEQUENCE_OF_OPT(OSSL_CMP_ERRORMSGCONTENT, errorDetails, - ASN1_UTF8STRING) -} ASN1_SEQUENCE_END(OSSL_CMP_ERRORMSGCONTENT) -IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_ERRORMSGCONTENT) - -ASN1_ADB_TEMPLATE(infotypeandvalue_default) = ASN1_OPT(OSSL_CMP_ITAV, - infoValue.other, - ASN1_ANY); -/* ITAV means InfoTypeAndValue */ -ASN1_ADB(OSSL_CMP_ITAV) = { - /* OSSL_CMP_CMPCERTIFICATE is effectively X509 so it is used directly */ - ADB_ENTRY(NID_id_it_caProtEncCert, ASN1_OPT(OSSL_CMP_ITAV, - infoValue.caProtEncCert, X509)), - ADB_ENTRY(NID_id_it_signKeyPairTypes, - ASN1_SEQUENCE_OF_OPT(OSSL_CMP_ITAV, - infoValue.signKeyPairTypes, X509_ALGOR)), - ADB_ENTRY(NID_id_it_encKeyPairTypes, - ASN1_SEQUENCE_OF_OPT(OSSL_CMP_ITAV, - infoValue.encKeyPairTypes, X509_ALGOR)), - ADB_ENTRY(NID_id_it_preferredSymmAlg, - ASN1_OPT(OSSL_CMP_ITAV, infoValue.preferredSymmAlg, - X509_ALGOR)), - ADB_ENTRY(NID_id_it_caKeyUpdateInfo, - ASN1_OPT(OSSL_CMP_ITAV, infoValue.caKeyUpdateInfo, - OSSL_CMP_CAKEYUPDANNCONTENT)), - ADB_ENTRY(NID_id_it_currentCRL, - ASN1_OPT(OSSL_CMP_ITAV, infoValue.currentCRL, X509_CRL)), - ADB_ENTRY(NID_id_it_unsupportedOIDs, - ASN1_SEQUENCE_OF_OPT(OSSL_CMP_ITAV, - infoValue.unsupportedOIDs, ASN1_OBJECT)), - ADB_ENTRY(NID_id_it_keyPairParamReq, - ASN1_OPT(OSSL_CMP_ITAV, infoValue.keyPairParamReq, - ASN1_OBJECT)), - ADB_ENTRY(NID_id_it_keyPairParamRep, - ASN1_OPT(OSSL_CMP_ITAV, infoValue.keyPairParamRep, - X509_ALGOR)), - ADB_ENTRY(NID_id_it_revPassphrase, - ASN1_OPT(OSSL_CMP_ITAV, infoValue.revPassphrase, - OSSL_CRMF_ENCRYPTEDVALUE)), - ADB_ENTRY(NID_id_it_implicitConfirm, - ASN1_OPT(OSSL_CMP_ITAV, infoValue.implicitConfirm, - ASN1_NULL)), - ADB_ENTRY(NID_id_it_confirmWaitTime, - ASN1_OPT(OSSL_CMP_ITAV, infoValue.confirmWaitTime, - ASN1_GENERALIZEDTIME)), - ADB_ENTRY(NID_id_it_origPKIMessage, - ASN1_OPT(OSSL_CMP_ITAV, infoValue.origPKIMessage, - OSSL_CMP_MSGS)), - ADB_ENTRY(NID_id_it_suppLangTags, - ASN1_SEQUENCE_OF_OPT(OSSL_CMP_ITAV, infoValue.suppLangTagsValue, - ASN1_UTF8STRING)), -} ASN1_ADB_END(OSSL_CMP_ITAV, 0, infoType, 0, - &infotypeandvalue_default_tt, NULL); - - -ASN1_SEQUENCE(OSSL_CMP_ITAV) = { - ASN1_SIMPLE(OSSL_CMP_ITAV, infoType, ASN1_OBJECT), - ASN1_ADB_OBJECT(OSSL_CMP_ITAV) -} ASN1_SEQUENCE_END(OSSL_CMP_ITAV) -IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_ITAV) -IMPLEMENT_ASN1_DUP_FUNCTION(OSSL_CMP_ITAV) - -OSSL_CMP_ITAV *OSSL_CMP_ITAV_create(ASN1_OBJECT *type, ASN1_TYPE *value) -{ - OSSL_CMP_ITAV *itav; - - if (type == NULL || (itav = OSSL_CMP_ITAV_new()) == NULL) - return NULL; - OSSL_CMP_ITAV_set0(itav, type, value); - return itav; -} - -void OSSL_CMP_ITAV_set0(OSSL_CMP_ITAV *itav, ASN1_OBJECT *type, - ASN1_TYPE *value) -{ - itav->infoType = type; - itav->infoValue.other = value; -} - -ASN1_OBJECT *OSSL_CMP_ITAV_get0_type(const OSSL_CMP_ITAV *itav) -{ - if (itav == NULL) - return NULL; - return itav->infoType; -} - -ASN1_TYPE *OSSL_CMP_ITAV_get0_value(const OSSL_CMP_ITAV *itav) -{ - if (itav == NULL) - return NULL; - return itav->infoValue.other; -} - -int OSSL_CMP_ITAV_push0_stack_item(STACK_OF(OSSL_CMP_ITAV) **itav_sk_p, - OSSL_CMP_ITAV *itav) -{ - int created = 0; - - if (itav_sk_p == NULL || itav == NULL) { - ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); - goto err; - } - - if (*itav_sk_p == NULL) { - if ((*itav_sk_p = sk_OSSL_CMP_ITAV_new_null()) == NULL) - goto err; - created = 1; - } - if (!sk_OSSL_CMP_ITAV_push(*itav_sk_p, itav)) - goto err; - return 1; - - err: - if (created != 0) { - sk_OSSL_CMP_ITAV_free(*itav_sk_p); - *itav_sk_p = NULL; - } - return 0; -} - -/* get ASN.1 encoded integer, return -1 on error */ -int ossl_cmp_asn1_get_int(const ASN1_INTEGER *a) -{ - int64_t res; - - if (!ASN1_INTEGER_get_int64(&res, a)) { - ERR_raise(ERR_LIB_CMP, ASN1_R_INVALID_NUMBER); - return -1; - } - if (res < INT_MIN) { - ERR_raise(ERR_LIB_CMP, ASN1_R_TOO_SMALL); - return -1; - } - if (res > INT_MAX) { - ERR_raise(ERR_LIB_CMP, ASN1_R_TOO_LARGE); - return -1; - } - return (int)res; -} - -static int ossl_cmp_msg_cb(int operation, ASN1_VALUE **pval, - const ASN1_ITEM *it, void *exarg) -{ - OSSL_CMP_MSG *msg = (OSSL_CMP_MSG *)*pval; - - switch (operation) { - case ASN1_OP_FREE_POST: - OPENSSL_free(msg->propq); - break; - - case ASN1_OP_DUP_POST: - { - OSSL_CMP_MSG *old = exarg; - - if (!ossl_cmp_msg_set0_libctx(msg, old->libctx, old->propq)) - return 0; - } - break; - case ASN1_OP_GET0_LIBCTX: - { - OSSL_LIB_CTX **libctx = exarg; - - *libctx = msg->libctx; - } - break; - case ASN1_OP_GET0_PROPQ: - { - const char **propq = exarg; - - *propq = msg->propq; - } - break; - default: - break; - } - - return 1; -} - -ASN1_CHOICE(OSSL_CMP_CERTORENCCERT) = { - /* OSSL_CMP_CMPCERTIFICATE is effectively X509 so it is used directly */ - ASN1_EXP(OSSL_CMP_CERTORENCCERT, value.certificate, X509, 0), - ASN1_EXP(OSSL_CMP_CERTORENCCERT, value.encryptedCert, - OSSL_CRMF_ENCRYPTEDVALUE, 1), -} ASN1_CHOICE_END(OSSL_CMP_CERTORENCCERT) -IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_CERTORENCCERT) - - -ASN1_SEQUENCE(OSSL_CMP_CERTIFIEDKEYPAIR) = { - ASN1_SIMPLE(OSSL_CMP_CERTIFIEDKEYPAIR, certOrEncCert, - OSSL_CMP_CERTORENCCERT), - ASN1_EXP_OPT(OSSL_CMP_CERTIFIEDKEYPAIR, privateKey, - OSSL_CRMF_ENCRYPTEDVALUE, 0), - ASN1_EXP_OPT(OSSL_CMP_CERTIFIEDKEYPAIR, publicationInfo, - OSSL_CRMF_PKIPUBLICATIONINFO, 1) -} ASN1_SEQUENCE_END(OSSL_CMP_CERTIFIEDKEYPAIR) -IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_CERTIFIEDKEYPAIR) - - -ASN1_SEQUENCE(OSSL_CMP_REVDETAILS) = { - ASN1_SIMPLE(OSSL_CMP_REVDETAILS, certDetails, OSSL_CRMF_CERTTEMPLATE), - ASN1_OPT(OSSL_CMP_REVDETAILS, crlEntryDetails, X509_EXTENSIONS) -} ASN1_SEQUENCE_END(OSSL_CMP_REVDETAILS) -IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_REVDETAILS) - - -ASN1_ITEM_TEMPLATE(OSSL_CMP_REVREQCONTENT) = - ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, OSSL_CMP_REVREQCONTENT, - OSSL_CMP_REVDETAILS) -ASN1_ITEM_TEMPLATE_END(OSSL_CMP_REVREQCONTENT) - - -ASN1_SEQUENCE(OSSL_CMP_REVREPCONTENT) = { - ASN1_SEQUENCE_OF(OSSL_CMP_REVREPCONTENT, status, OSSL_CMP_PKISI), - ASN1_EXP_SEQUENCE_OF_OPT(OSSL_CMP_REVREPCONTENT, revCerts, OSSL_CRMF_CERTID, - 0), - ASN1_EXP_SEQUENCE_OF_OPT(OSSL_CMP_REVREPCONTENT, crls, X509_CRL, 1) -} ASN1_SEQUENCE_END(OSSL_CMP_REVREPCONTENT) -IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_REVREPCONTENT) - - -ASN1_SEQUENCE(OSSL_CMP_KEYRECREPCONTENT) = { - ASN1_SIMPLE(OSSL_CMP_KEYRECREPCONTENT, status, OSSL_CMP_PKISI), - ASN1_EXP_OPT(OSSL_CMP_KEYRECREPCONTENT, newSigCert, X509, 0), - ASN1_EXP_SEQUENCE_OF_OPT(OSSL_CMP_KEYRECREPCONTENT, caCerts, X509, 1), - ASN1_EXP_SEQUENCE_OF_OPT(OSSL_CMP_KEYRECREPCONTENT, keyPairHist, - OSSL_CMP_CERTIFIEDKEYPAIR, 2) -} ASN1_SEQUENCE_END(OSSL_CMP_KEYRECREPCONTENT) -IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_KEYRECREPCONTENT) - - -ASN1_ITEM_TEMPLATE(OSSL_CMP_PKISTATUS) = - ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_UNIVERSAL, 0, status, ASN1_INTEGER) -ASN1_ITEM_TEMPLATE_END(OSSL_CMP_PKISTATUS) - -ASN1_SEQUENCE(OSSL_CMP_PKISI) = { - ASN1_SIMPLE(OSSL_CMP_PKISI, status, OSSL_CMP_PKISTATUS), - /* - * CMP_PKIFREETEXT is effectively a sequence of ASN1_UTF8STRING - * so it is used directly - */ - ASN1_SEQUENCE_OF_OPT(OSSL_CMP_PKISI, statusString, ASN1_UTF8STRING), - /* - * OSSL_CMP_PKIFAILUREINFO is effectively ASN1_BIT_STRING so used directly - */ - ASN1_OPT(OSSL_CMP_PKISI, failInfo, ASN1_BIT_STRING) -} ASN1_SEQUENCE_END(OSSL_CMP_PKISI) -IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_PKISI) -IMPLEMENT_ASN1_DUP_FUNCTION(OSSL_CMP_PKISI) - -ASN1_SEQUENCE(OSSL_CMP_CERTSTATUS) = { - ASN1_SIMPLE(OSSL_CMP_CERTSTATUS, certHash, ASN1_OCTET_STRING), - ASN1_SIMPLE(OSSL_CMP_CERTSTATUS, certReqId, ASN1_INTEGER), - ASN1_OPT(OSSL_CMP_CERTSTATUS, statusInfo, OSSL_CMP_PKISI) -} ASN1_SEQUENCE_END(OSSL_CMP_CERTSTATUS) -IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_CERTSTATUS) - -ASN1_ITEM_TEMPLATE(OSSL_CMP_CERTCONFIRMCONTENT) = - ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, OSSL_CMP_CERTCONFIRMCONTENT, - OSSL_CMP_CERTSTATUS) -ASN1_ITEM_TEMPLATE_END(OSSL_CMP_CERTCONFIRMCONTENT) - -ASN1_SEQUENCE(OSSL_CMP_CERTRESPONSE) = { - ASN1_SIMPLE(OSSL_CMP_CERTRESPONSE, certReqId, ASN1_INTEGER), - ASN1_SIMPLE(OSSL_CMP_CERTRESPONSE, status, OSSL_CMP_PKISI), - ASN1_OPT(OSSL_CMP_CERTRESPONSE, certifiedKeyPair, - OSSL_CMP_CERTIFIEDKEYPAIR), - ASN1_OPT(OSSL_CMP_CERTRESPONSE, rspInfo, ASN1_OCTET_STRING) -} ASN1_SEQUENCE_END(OSSL_CMP_CERTRESPONSE) -IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_CERTRESPONSE) - -ASN1_SEQUENCE(OSSL_CMP_POLLREQ) = { - ASN1_SIMPLE(OSSL_CMP_POLLREQ, certReqId, ASN1_INTEGER) -} ASN1_SEQUENCE_END(OSSL_CMP_POLLREQ) -IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_POLLREQ) - -ASN1_ITEM_TEMPLATE(OSSL_CMP_POLLREQCONTENT) = - ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, OSSL_CMP_POLLREQCONTENT, - OSSL_CMP_POLLREQ) -ASN1_ITEM_TEMPLATE_END(OSSL_CMP_POLLREQCONTENT) - -ASN1_SEQUENCE(OSSL_CMP_POLLREP) = { - ASN1_SIMPLE(OSSL_CMP_POLLREP, certReqId, ASN1_INTEGER), - ASN1_SIMPLE(OSSL_CMP_POLLREP, checkAfter, ASN1_INTEGER), - ASN1_SEQUENCE_OF_OPT(OSSL_CMP_POLLREP, reason, ASN1_UTF8STRING), -} ASN1_SEQUENCE_END(OSSL_CMP_POLLREP) -IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_POLLREP) - -ASN1_ITEM_TEMPLATE(OSSL_CMP_POLLREPCONTENT) = - ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, - OSSL_CMP_POLLREPCONTENT, - OSSL_CMP_POLLREP) -ASN1_ITEM_TEMPLATE_END(OSSL_CMP_POLLREPCONTENT) - -ASN1_SEQUENCE(OSSL_CMP_CERTREPMESSAGE) = { - /* OSSL_CMP_CMPCERTIFICATE is effectively X509 so it is used directly */ - ASN1_EXP_SEQUENCE_OF_OPT(OSSL_CMP_CERTREPMESSAGE, caPubs, X509, 1), - ASN1_SEQUENCE_OF(OSSL_CMP_CERTREPMESSAGE, response, OSSL_CMP_CERTRESPONSE) -} ASN1_SEQUENCE_END(OSSL_CMP_CERTREPMESSAGE) -IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_CERTREPMESSAGE) - -ASN1_ITEM_TEMPLATE(OSSL_CMP_GENMSGCONTENT) = - ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, OSSL_CMP_GENMSGCONTENT, - OSSL_CMP_ITAV) -ASN1_ITEM_TEMPLATE_END(OSSL_CMP_GENMSGCONTENT) - -ASN1_ITEM_TEMPLATE(OSSL_CMP_GENREPCONTENT) = - ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, OSSL_CMP_GENREPCONTENT, - OSSL_CMP_ITAV) -ASN1_ITEM_TEMPLATE_END(OSSL_CMP_GENREPCONTENT) - -ASN1_ITEM_TEMPLATE(OSSL_CMP_CRLANNCONTENT) = - ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, - OSSL_CMP_CRLANNCONTENT, X509_CRL) -ASN1_ITEM_TEMPLATE_END(OSSL_CMP_CRLANNCONTENT) - -ASN1_CHOICE(OSSL_CMP_PKIBODY) = { - ASN1_EXP(OSSL_CMP_PKIBODY, value.ir, OSSL_CRMF_MSGS, 0), - ASN1_EXP(OSSL_CMP_PKIBODY, value.ip, OSSL_CMP_CERTREPMESSAGE, 1), - ASN1_EXP(OSSL_CMP_PKIBODY, value.cr, OSSL_CRMF_MSGS, 2), - ASN1_EXP(OSSL_CMP_PKIBODY, value.cp, OSSL_CMP_CERTREPMESSAGE, 3), - ASN1_EXP(OSSL_CMP_PKIBODY, value.p10cr, X509_REQ, 4), - ASN1_EXP(OSSL_CMP_PKIBODY, value.popdecc, - OSSL_CMP_POPODECKEYCHALLCONTENT, 5), - ASN1_EXP(OSSL_CMP_PKIBODY, value.popdecr, - OSSL_CMP_POPODECKEYRESPCONTENT, 6), - ASN1_EXP(OSSL_CMP_PKIBODY, value.kur, OSSL_CRMF_MSGS, 7), - ASN1_EXP(OSSL_CMP_PKIBODY, value.kup, OSSL_CMP_CERTREPMESSAGE, 8), - ASN1_EXP(OSSL_CMP_PKIBODY, value.krr, OSSL_CRMF_MSGS, 9), - ASN1_EXP(OSSL_CMP_PKIBODY, value.krp, OSSL_CMP_KEYRECREPCONTENT, 10), - ASN1_EXP(OSSL_CMP_PKIBODY, value.rr, OSSL_CMP_REVREQCONTENT, 11), - ASN1_EXP(OSSL_CMP_PKIBODY, value.rp, OSSL_CMP_REVREPCONTENT, 12), - ASN1_EXP(OSSL_CMP_PKIBODY, value.ccr, OSSL_CRMF_MSGS, 13), - ASN1_EXP(OSSL_CMP_PKIBODY, value.ccp, OSSL_CMP_CERTREPMESSAGE, 14), - ASN1_EXP(OSSL_CMP_PKIBODY, value.ckuann, OSSL_CMP_CAKEYUPDANNCONTENT, 15), - ASN1_EXP(OSSL_CMP_PKIBODY, value.cann, X509, 16), - ASN1_EXP(OSSL_CMP_PKIBODY, value.rann, OSSL_CMP_REVANNCONTENT, 17), - ASN1_EXP(OSSL_CMP_PKIBODY, value.crlann, OSSL_CMP_CRLANNCONTENT, 18), - ASN1_EXP(OSSL_CMP_PKIBODY, value.pkiconf, ASN1_ANY, 19), - ASN1_EXP(OSSL_CMP_PKIBODY, value.nested, OSSL_CMP_MSGS, 20), - ASN1_EXP(OSSL_CMP_PKIBODY, value.genm, OSSL_CMP_GENMSGCONTENT, 21), - ASN1_EXP(OSSL_CMP_PKIBODY, value.genp, OSSL_CMP_GENREPCONTENT, 22), - ASN1_EXP(OSSL_CMP_PKIBODY, value.error, OSSL_CMP_ERRORMSGCONTENT, 23), - ASN1_EXP(OSSL_CMP_PKIBODY, value.certConf, OSSL_CMP_CERTCONFIRMCONTENT, 24), - ASN1_EXP(OSSL_CMP_PKIBODY, value.pollReq, OSSL_CMP_POLLREQCONTENT, 25), - ASN1_EXP(OSSL_CMP_PKIBODY, value.pollRep, OSSL_CMP_POLLREPCONTENT, 26), -} ASN1_CHOICE_END(OSSL_CMP_PKIBODY) -IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_PKIBODY) - -ASN1_SEQUENCE(OSSL_CMP_PKIHEADER) = { - ASN1_SIMPLE(OSSL_CMP_PKIHEADER, pvno, ASN1_INTEGER), - ASN1_SIMPLE(OSSL_CMP_PKIHEADER, sender, GENERAL_NAME), - ASN1_SIMPLE(OSSL_CMP_PKIHEADER, recipient, GENERAL_NAME), - ASN1_EXP_OPT(OSSL_CMP_PKIHEADER, messageTime, ASN1_GENERALIZEDTIME, 0), - ASN1_EXP_OPT(OSSL_CMP_PKIHEADER, protectionAlg, X509_ALGOR, 1), - ASN1_EXP_OPT(OSSL_CMP_PKIHEADER, senderKID, ASN1_OCTET_STRING, 2), - ASN1_EXP_OPT(OSSL_CMP_PKIHEADER, recipKID, ASN1_OCTET_STRING, 3), - ASN1_EXP_OPT(OSSL_CMP_PKIHEADER, transactionID, ASN1_OCTET_STRING, 4), - ASN1_EXP_OPT(OSSL_CMP_PKIHEADER, senderNonce, ASN1_OCTET_STRING, 5), - ASN1_EXP_OPT(OSSL_CMP_PKIHEADER, recipNonce, ASN1_OCTET_STRING, 6), - /* - * OSSL_CMP_PKIFREETEXT is effectively a sequence of ASN1_UTF8STRING - * so it is used directly - */ - ASN1_EXP_SEQUENCE_OF_OPT(OSSL_CMP_PKIHEADER, freeText, ASN1_UTF8STRING, 7), - ASN1_EXP_SEQUENCE_OF_OPT(OSSL_CMP_PKIHEADER, generalInfo, - OSSL_CMP_ITAV, 8) -} ASN1_SEQUENCE_END(OSSL_CMP_PKIHEADER) -IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_PKIHEADER) - -ASN1_SEQUENCE(OSSL_CMP_PROTECTEDPART) = { - ASN1_SIMPLE(OSSL_CMP_MSG, header, OSSL_CMP_PKIHEADER), - ASN1_SIMPLE(OSSL_CMP_MSG, body, OSSL_CMP_PKIBODY) -} ASN1_SEQUENCE_END(OSSL_CMP_PROTECTEDPART) -IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_PROTECTEDPART) - -ASN1_SEQUENCE_cb(OSSL_CMP_MSG, ossl_cmp_msg_cb) = { - ASN1_SIMPLE(OSSL_CMP_MSG, header, OSSL_CMP_PKIHEADER), - ASN1_SIMPLE(OSSL_CMP_MSG, body, OSSL_CMP_PKIBODY), - ASN1_EXP_OPT(OSSL_CMP_MSG, protection, ASN1_BIT_STRING, 0), - /* OSSL_CMP_CMPCERTIFICATE is effectively X509 so it is used directly */ - ASN1_EXP_SEQUENCE_OF_OPT(OSSL_CMP_MSG, extraCerts, X509, 1) -} ASN1_SEQUENCE_END_cb(OSSL_CMP_MSG, OSSL_CMP_MSG) -IMPLEMENT_ASN1_DUP_FUNCTION(OSSL_CMP_MSG) - -ASN1_ITEM_TEMPLATE(OSSL_CMP_MSGS) = - ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, OSSL_CMP_MSGS, - OSSL_CMP_MSG) -ASN1_ITEM_TEMPLATE_END(OSSL_CMP_MSGS) diff --git a/crypto/cmp/cmp_client.c b/crypto/cmp/cmp_client.c deleted file mode 100644 index c7674ce088695c62957da0e3ca8937032822b71b..0000000000000000000000000000000000000000 --- a/crypto/cmp/cmp_client.c +++ /dev/null @@ -1,887 +0,0 @@ -/* - * Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved. - * Copyright Nokia 2007-2019 - * Copyright Siemens AG 2015-2019 - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include "cmp_local.h" -#include "internal/cryptlib.h" -#include "e_os.h" /* ossl_sleep() */ - -/* explicit #includes not strictly needed since implied by the above: */ -#include -#include -#include -#include -#include -#include - -#define IS_CREP(t) ((t) == OSSL_CMP_PKIBODY_IP || (t) == OSSL_CMP_PKIBODY_CP \ - || (t) == OSSL_CMP_PKIBODY_KUP) - -/*- - * Evaluate whether there's an exception (violating the standard) configured for - * handling negative responses without protection or with invalid protection. - * Returns 1 on acceptance, 0 on rejection, or -1 on (internal) error. - */ -static int unprotected_exception(const OSSL_CMP_CTX *ctx, - const OSSL_CMP_MSG *rep, - int invalid_protection, - int expected_type /* ignored here */) -{ - int rcvd_type = OSSL_CMP_MSG_get_bodytype(rep /* may be NULL */); - const char *msg_type = NULL; - - if (!ossl_assert(ctx != NULL && rep != NULL)) - return -1; - - if (!ctx->unprotectedErrors) - return 0; - - switch (rcvd_type) { - case OSSL_CMP_PKIBODY_ERROR: - msg_type = "error response"; - break; - case OSSL_CMP_PKIBODY_RP: - { - OSSL_CMP_PKISI *si = - ossl_cmp_revrepcontent_get_pkisi(rep->body->value.rp, - OSSL_CMP_REVREQSID); - - if (si == NULL) - return -1; - if (ossl_cmp_pkisi_get_status(si) == OSSL_CMP_PKISTATUS_rejection) - msg_type = "revocation response message with rejection status"; - break; - } - case OSSL_CMP_PKIBODY_PKICONF: - msg_type = "PKI Confirmation message"; - break; - default: - if (IS_CREP(rcvd_type)) { - OSSL_CMP_CERTREPMESSAGE *crepmsg = rep->body->value.ip; - OSSL_CMP_CERTRESPONSE *crep = - ossl_cmp_certrepmessage_get0_certresponse(crepmsg, - -1 /* any rid */); - - if (sk_OSSL_CMP_CERTRESPONSE_num(crepmsg->response) > 1) - return -1; - if (crep == NULL) - return -1; - if (ossl_cmp_pkisi_get_status(crep->status) - == OSSL_CMP_PKISTATUS_rejection) - msg_type = "CertRepMessage with rejection status"; - } - } - if (msg_type == NULL) - return 0; - ossl_cmp_log2(WARN, ctx, "ignoring %s protection of %s", - invalid_protection ? "invalid" : "missing", msg_type); - return 1; -} - -/* Save error info from PKIStatusInfo field of a certresponse into ctx */ -static int save_statusInfo(OSSL_CMP_CTX *ctx, OSSL_CMP_PKISI *si) -{ - int i; - OSSL_CMP_PKIFREETEXT *ss; - - if (!ossl_assert(ctx != NULL && si != NULL)) - return 0; - - if ((ctx->status = ossl_cmp_pkisi_get_status(si)) < 0) - return 0; - - ctx->failInfoCode = 0; - if (si->failInfo != NULL) { - for (i = 0; i <= OSSL_CMP_PKIFAILUREINFO_MAX; i++) { - if (ASN1_BIT_STRING_get_bit(si->failInfo, i)) - ctx->failInfoCode |= (1 << i); - } - } - - if (!ossl_cmp_ctx_set0_statusString(ctx, sk_ASN1_UTF8STRING_new_null()) - || (ctx->statusString == NULL)) - return 0; - - ss = si->statusString; /* may be NULL */ - for (i = 0; i < sk_ASN1_UTF8STRING_num(ss); i++) { - ASN1_UTF8STRING *str = sk_ASN1_UTF8STRING_value(ss, i); - - if (!sk_ASN1_UTF8STRING_push(ctx->statusString, ASN1_STRING_dup(str))) - return 0; - } - return 1; -} - -/*- - * Perform the generic aspects of sending a request and receiving a response. - * Returns 1 on success and provides the received PKIMESSAGE in *rep. - * Returns 0 on error. - * Regardless of success, caller is responsible for freeing *rep (unless NULL). - */ -static int send_receive_check(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *req, - OSSL_CMP_MSG **rep, int expected_type) -{ - int is_enrollment = IS_CREP(expected_type) - || expected_type == OSSL_CMP_PKIBODY_POLLREP - || expected_type == OSSL_CMP_PKIBODY_PKICONF; - const char *req_type_str = - ossl_cmp_bodytype_to_string(OSSL_CMP_MSG_get_bodytype(req)); - const char *expected_type_str = ossl_cmp_bodytype_to_string(expected_type); - int msg_timeout; - int bt; - time_t now = time(NULL); - int time_left; - OSSL_CMP_transfer_cb_t transfer_cb = ctx->transfer_cb; - - if (transfer_cb == NULL) - transfer_cb = OSSL_CMP_MSG_http_perform; - - *rep = NULL; - msg_timeout = ctx->msg_timeout; /* backup original value */ - if (is_enrollment && ctx->total_timeout > 0 /* timeout is not infinite */) { - if (now >= ctx->end_time) { - ERR_raise(ERR_LIB_CMP, CMP_R_TOTAL_TIMEOUT); - return 0; - } - if (!ossl_assert(ctx->end_time - time(NULL) < INT_MAX)) { - /* actually cannot happen due to assignment in initial_certreq() */ - ERR_raise(ERR_LIB_CMP, CMP_R_INVALID_ARGS); - return 0; - } - time_left = (int)(ctx->end_time - now); - if (ctx->msg_timeout == 0 || time_left < ctx->msg_timeout) - ctx->msg_timeout = time_left; - } - - /* should print error queue since transfer_cb may call ERR_clear_error() */ - OSSL_CMP_CTX_print_errors(ctx); - - ossl_cmp_log1(INFO, ctx, "sending %s", req_type_str); - - *rep = (*transfer_cb)(ctx, req); - ctx->msg_timeout = msg_timeout; /* restore original value */ - - if (*rep == NULL) { - ERR_raise_data(ERR_LIB_CMP, - ctx->total_timeout > 0 && time(NULL) >= ctx->end_time ? - CMP_R_TOTAL_TIMEOUT : CMP_R_TRANSFER_ERROR, - "request sent: %s, expected response: %s", - req_type_str, expected_type_str); - return 0; - } - - bt = OSSL_CMP_MSG_get_bodytype(*rep); - /* - * The body type in the 'bt' variable is not yet verified. - * Still we use this preliminary value already for a progress report because - * the following msg verification may also produce log entries and may fail. - */ - ossl_cmp_log1(INFO, ctx, "received %s", ossl_cmp_bodytype_to_string(bt)); - - /* copy received extraCerts to ctx->extraCertsIn so they can be retrieved */ - if (bt != OSSL_CMP_PKIBODY_POLLREP && bt != OSSL_CMP_PKIBODY_PKICONF - && !ossl_cmp_ctx_set1_extraCertsIn(ctx, (*rep)->extraCerts)) - return 0; - - if (!ossl_cmp_msg_check_update(ctx, *rep, unprotected_exception, - expected_type)) - return 0; - - if (bt == expected_type - /* as an answer to polling, there could be IP/CP/KUP: */ - || (IS_CREP(bt) && expected_type == OSSL_CMP_PKIBODY_POLLREP)) - return 1; - - /* received message type is not one of the expected ones (e.g., error) */ - ERR_raise(ERR_LIB_CMP, bt == OSSL_CMP_PKIBODY_ERROR ? CMP_R_RECEIVED_ERROR : - CMP_R_UNEXPECTED_PKIBODY); /* in next line for mkerr.pl */ - - if (bt != OSSL_CMP_PKIBODY_ERROR) { - ERR_add_error_data(3, "message type is '", - ossl_cmp_bodytype_to_string(bt), "'"); - } else { - OSSL_CMP_ERRORMSGCONTENT *emc = (*rep)->body->value.error; - OSSL_CMP_PKISI *si = emc->pKIStatusInfo; - char buf[OSSL_CMP_PKISI_BUFLEN]; - - if (save_statusInfo(ctx, si) - && OSSL_CMP_CTX_snprint_PKIStatus(ctx, buf, - sizeof(buf)) != NULL) - ERR_add_error_data(1, buf); - if (emc->errorCode != NULL - && BIO_snprintf(buf, sizeof(buf), "; errorCode: %08lX", - ASN1_INTEGER_get(emc->errorCode)) > 0) - ERR_add_error_data(1, buf); - if (emc->errorDetails != NULL) { - char *text = ossl_sk_ASN1_UTF8STRING2text(emc->errorDetails, ", ", - OSSL_CMP_PKISI_BUFLEN - 1); - - if (text != NULL && *text != '\0') - ERR_add_error_data(2, "; errorDetails: ", text); - OPENSSL_free(text); - } - if (ctx->status != OSSL_CMP_PKISTATUS_rejection) { - ERR_raise(ERR_LIB_CMP, CMP_R_UNEXPECTED_PKISTATUS); - if (ctx->status == OSSL_CMP_PKISTATUS_waiting) - ctx->status = OSSL_CMP_PKISTATUS_rejection; - } - } - return 0; -} - -/*- - * When a 'waiting' PKIStatus has been received, this function is used to - * poll, which should yield a pollRep or finally a CertRepMessage in ip/cp/kup. - * On receiving a pollRep, which includes a checkAfter value, it return this - * value if sleep == 0, else it sleeps as long as indicated and retries. - * - * A transaction timeout is enabled if ctx->total_timeout is > 0. - * In this case polling will continue until the timeout is reached and then - * polling is done a last time even if this is before the "checkAfter" time. - * - * Returns -1 on receiving pollRep if sleep == 0, setting the checkAfter value. - * Returns 1 on success and provides the received PKIMESSAGE in *rep. - * In this case the caller is responsible for freeing *rep. - * Returns 0 on error (which includes the case that timeout has been reached). - */ -static int poll_for_response(OSSL_CMP_CTX *ctx, int sleep, int rid, - OSSL_CMP_MSG **rep, int *checkAfter) -{ - OSSL_CMP_MSG *preq = NULL; - OSSL_CMP_MSG *prep = NULL; - - ossl_cmp_info(ctx, - "received 'waiting' PKIStatus, starting to poll for response"); - *rep = NULL; - for (;;) { - if ((preq = ossl_cmp_pollReq_new(ctx, rid)) == NULL) - goto err; - - if (!send_receive_check(ctx, preq, &prep, OSSL_CMP_PKIBODY_POLLREP)) - goto err; - - /* handle potential pollRep */ - if (OSSL_CMP_MSG_get_bodytype(prep) == OSSL_CMP_PKIBODY_POLLREP) { - OSSL_CMP_POLLREPCONTENT *prc = prep->body->value.pollRep; - OSSL_CMP_POLLREP *pollRep = NULL; - int64_t check_after; - char str[OSSL_CMP_PKISI_BUFLEN]; - int len; - - if (sk_OSSL_CMP_POLLREP_num(prc) > 1) { - ERR_raise(ERR_LIB_CMP, CMP_R_MULTIPLE_RESPONSES_NOT_SUPPORTED); - goto err; - } - pollRep = ossl_cmp_pollrepcontent_get0_pollrep(prc, rid); - if (pollRep == NULL) - goto err; - - if (!ASN1_INTEGER_get_int64(&check_after, pollRep->checkAfter)) { - ERR_raise(ERR_LIB_CMP, CMP_R_BAD_CHECKAFTER_IN_POLLREP); - goto err; - } - if (check_after < 0 || (uint64_t)check_after - > (sleep ? ULONG_MAX / 1000 : INT_MAX)) { - ERR_raise(ERR_LIB_CMP, CMP_R_CHECKAFTER_OUT_OF_RANGE); - if (BIO_snprintf(str, OSSL_CMP_PKISI_BUFLEN, "value = %jd", - check_after) >= 0) - ERR_add_error_data(1, str); - goto err; - } - - if (pollRep->reason == NULL - || (len = BIO_snprintf(str, OSSL_CMP_PKISI_BUFLEN, - " with reason = '")) < 0) { - *str = '\0'; - } else { - char *text = ossl_sk_ASN1_UTF8STRING2text(pollRep->reason, ", ", - sizeof(str) - len - 2); - - if (text == NULL - || BIO_snprintf(str + len, sizeof(str) - len, - "%s'", text) < 0) - *str = '\0'; - OPENSSL_free(text); - } - ossl_cmp_log2(INFO, ctx, - "received polling response%s; checkAfter = %ld seconds", - str, check_after); - - if (ctx->total_timeout > 0) { /* timeout is not infinite */ - const int exp = 5; /* expected max time per msg round trip */ - int64_t time_left = (int64_t)(ctx->end_time - exp - time(NULL)); - - if (time_left <= 0) { - ERR_raise(ERR_LIB_CMP, CMP_R_TOTAL_TIMEOUT); - goto err; - } - if (time_left < check_after) - check_after = time_left; - /* poll one last time just when timeout was reached */ - } - - OSSL_CMP_MSG_free(preq); - preq = NULL; - OSSL_CMP_MSG_free(prep); - prep = NULL; - if (sleep) { - ossl_sleep((unsigned long)(1000 * check_after)); - } else { - if (checkAfter != NULL) - *checkAfter = (int)check_after; - return -1; /* exits the loop */ - } - } else { - ossl_cmp_info(ctx, "received ip/cp/kup after polling"); - /* any other body type has been rejected by send_receive_check() */ - break; - } - } - if (prep == NULL) - goto err; - - OSSL_CMP_MSG_free(preq); - *rep = prep; - - return 1; - err: - OSSL_CMP_MSG_free(preq); - OSSL_CMP_MSG_free(prep); - return 0; -} - -/* Send certConf for IR, CR or KUR sequences and check response */ -int ossl_cmp_exchange_certConf(OSSL_CMP_CTX *ctx, int fail_info, - const char *txt) -{ - OSSL_CMP_MSG *certConf; - OSSL_CMP_MSG *PKIconf = NULL; - int res = 0; - - /* OSSL_CMP_certConf_new() also checks if all necessary options are set */ - if ((certConf = ossl_cmp_certConf_new(ctx, fail_info, txt)) == NULL) - goto err; - - res = send_receive_check(ctx, certConf, &PKIconf, OSSL_CMP_PKIBODY_PKICONF); - - err: - OSSL_CMP_MSG_free(certConf); - OSSL_CMP_MSG_free(PKIconf); - return res; -} - -/* Send given error and check response */ -int ossl_cmp_exchange_error(OSSL_CMP_CTX *ctx, int status, int fail_info, - const char *txt, int errorCode, const char *details) -{ - OSSL_CMP_MSG *error = NULL; - OSSL_CMP_PKISI *si = NULL; - OSSL_CMP_MSG *PKIconf = NULL; - int res = 0; - - if ((si = OSSL_CMP_STATUSINFO_new(status, fail_info, txt)) == NULL) - goto err; - /* ossl_cmp_error_new() also checks if all necessary options are set */ - if ((error = ossl_cmp_error_new(ctx, si, errorCode, details, 0)) == NULL) - goto err; - - res = send_receive_check(ctx, error, &PKIconf, OSSL_CMP_PKIBODY_PKICONF); - - err: - OSSL_CMP_MSG_free(error); - OSSL_CMP_PKISI_free(si); - OSSL_CMP_MSG_free(PKIconf); - return res; -} - -/*- - * Retrieve a copy of the certificate, if any, from the given CertResponse. - * Take into account PKIStatusInfo of CertResponse in ctx, report it on error. - * Returns NULL if not found or on error. - */ -static X509 *get1_cert_status(OSSL_CMP_CTX *ctx, int bodytype, - OSSL_CMP_CERTRESPONSE *crep) -{ - char buf[OSSL_CMP_PKISI_BUFLEN]; - X509 *crt = NULL; - EVP_PKEY *privkey; - - if (!ossl_assert(ctx != NULL && crep != NULL)) - return NULL; - - privkey = OSSL_CMP_CTX_get0_newPkey(ctx, 1); - switch (ossl_cmp_pkisi_get_status(crep->status)) { - case OSSL_CMP_PKISTATUS_waiting: - ossl_cmp_err(ctx, - "received \"waiting\" status for cert when actually aiming to extract cert"); - ERR_raise(ERR_LIB_CMP, CMP_R_ENCOUNTERED_WAITING); - goto err; - case OSSL_CMP_PKISTATUS_grantedWithMods: - ossl_cmp_warn(ctx, "received \"grantedWithMods\" for certificate"); - break; - case OSSL_CMP_PKISTATUS_accepted: - break; - /* get all information in case of a rejection before going to error */ - case OSSL_CMP_PKISTATUS_rejection: - ossl_cmp_err(ctx, "received \"rejection\" status rather than cert"); - ERR_raise(ERR_LIB_CMP, CMP_R_REQUEST_REJECTED_BY_SERVER); - goto err; - case OSSL_CMP_PKISTATUS_revocationWarning: - ossl_cmp_warn(ctx, - "received \"revocationWarning\" - a revocation of the cert is imminent"); - break; - case OSSL_CMP_PKISTATUS_revocationNotification: - ossl_cmp_warn(ctx, - "received \"revocationNotification\" - a revocation of the cert has occurred"); - break; - case OSSL_CMP_PKISTATUS_keyUpdateWarning: - if (bodytype != OSSL_CMP_PKIBODY_KUR) { - ERR_raise(ERR_LIB_CMP, CMP_R_ENCOUNTERED_KEYUPDATEWARNING); - goto err; - } - break; - default: - ossl_cmp_log1(ERROR, ctx, - "received unsupported PKIStatus %d for certificate", - ctx->status); - ERR_raise(ERR_LIB_CMP, CMP_R_UNKNOWN_PKISTATUS); - goto err; - } - crt = ossl_cmp_certresponse_get1_cert(crep, ctx, privkey); - if (crt == NULL) /* according to PKIStatus, we can expect a cert */ - ERR_raise(ERR_LIB_CMP, CMP_R_CERTIFICATE_NOT_FOUND); - - return crt; - - err: - if (OSSL_CMP_CTX_snprint_PKIStatus(ctx, buf, sizeof(buf)) != NULL) - ERR_add_error_data(1, buf); - return NULL; -} - -/*- - * Callback fn validating that the new certificate can be verified, using - * ctx->certConf_cb_arg, which has been initialized using opt_out_trusted, and - * ctx->untrusted, which at this point already contains msg->extraCerts. - * Returns 0 on acceptance, else a bit field reflecting PKIFailureInfo. - * Quoting from RFC 4210 section 5.1. Overall PKI Message: - * The extraCerts field can contain certificates that may be useful to - * the recipient. For example, this can be used by a CA or RA to - * present an end entity with certificates that it needs to verify its - * own new certificate (if, for example, the CA that issued the end - * entity's certificate is not a root CA for the end entity). Note that - * this field does not necessarily contain a certification path; the - * recipient may have to sort, select from, or otherwise process the - * extra certificates in order to use them. - * Note: While often handy, there is no hard requirement by CMP that - * an EE must be able to validate the certificates it gets enrolled. - */ -int OSSL_CMP_certConf_cb(OSSL_CMP_CTX *ctx, X509 *cert, int fail_info, - const char **text) -{ - X509_STORE *out_trusted = OSSL_CMP_CTX_get_certConf_cb_arg(ctx); - STACK_OF(X509) *chain = NULL; - (void)text; /* make (artificial) use of var to prevent compiler warning */ - - if (fail_info != 0) /* accept any error flagged by CMP core library */ - return fail_info; - - ossl_cmp_debug(ctx, "trying to build chain for newly enrolled cert"); - chain = X509_build_chain(cert, ctx->untrusted, out_trusted /* maybe NULL */, - 0, ctx->libctx, ctx->propq); - if (sk_X509_num(chain) > 0) - X509_free(sk_X509_shift(chain)); /* remove leaf (EE) cert */ - if (out_trusted != NULL) { - if (chain == NULL) { - ossl_cmp_err(ctx, "failed building chain for newly enrolled cert"); - fail_info = 1 << OSSL_CMP_PKIFAILUREINFO_incorrectData; - } else { - ossl_cmp_debug(ctx, - "succeeded building proper chain for newly enrolled cert"); - } - } else if (chain == NULL) { - ossl_cmp_warn(ctx, "could not build approximate chain for newly enrolled cert, resorting to received extraCerts"); - chain = OSSL_CMP_CTX_get1_extraCertsIn(ctx); - } else { - ossl_cmp_debug(ctx, - "success building approximate chain for newly enrolled cert"); - } - (void)ossl_cmp_ctx_set1_newChain(ctx, chain); - sk_X509_pop_free(chain, X509_free); - - return fail_info; -} - -/*- - * Perform the generic handling of certificate responses for IR/CR/KUR/P10CR. - * Returns -1 on receiving pollRep if sleep == 0, setting the checkAfter value. - * Returns 1 on success and provides the received PKIMESSAGE in *resp. - * Returns 0 on error (which includes the case that timeout has been reached). - * Regardless of success, caller is responsible for freeing *resp (unless NULL). - */ -static int cert_response(OSSL_CMP_CTX *ctx, int sleep, int rid, - OSSL_CMP_MSG **resp, int *checkAfter, - int req_type, int expected_type) -{ - EVP_PKEY *rkey = OSSL_CMP_CTX_get0_newPkey(ctx /* may be NULL */, 0); - int fail_info = 0; /* no failure */ - const char *txt = NULL; - OSSL_CMP_CERTREPMESSAGE *crepmsg; - OSSL_CMP_CERTRESPONSE *crep; - OSSL_CMP_certConf_cb_t cb; - X509 *cert; - char *subj = NULL; - int ret = 1; - - if (!ossl_assert(ctx != NULL)) - return 0; - - retry: - crepmsg = (*resp)->body->value.ip; /* same for cp and kup */ - if (sk_OSSL_CMP_CERTRESPONSE_num(crepmsg->response) > 1) { - ERR_raise(ERR_LIB_CMP, CMP_R_MULTIPLE_RESPONSES_NOT_SUPPORTED); - return 0; - } - crep = ossl_cmp_certrepmessage_get0_certresponse(crepmsg, rid); - if (crep == NULL) - return 0; - if (!save_statusInfo(ctx, crep->status)) - return 0; - if (rid == -1) { - /* for OSSL_CMP_PKIBODY_P10CR learn CertReqId from response */ - rid = ossl_cmp_asn1_get_int(crep->certReqId); - if (rid == -1) { - ERR_raise(ERR_LIB_CMP, CMP_R_BAD_REQUEST_ID); - return 0; - } - } - - if (ossl_cmp_pkisi_get_status(crep->status) == OSSL_CMP_PKISTATUS_waiting) { - OSSL_CMP_MSG_free(*resp); - *resp = NULL; - if ((ret = poll_for_response(ctx, sleep, rid, resp, checkAfter)) != 0) { - if (ret == -1) /* at this point implies sleep == 0 */ - return ret; /* waiting */ - goto retry; /* got ip/cp/kup, which may still indicate 'waiting' */ - } else { - ERR_raise(ERR_LIB_CMP, CMP_R_POLLING_FAILED); - return 0; - } - } - - cert = get1_cert_status(ctx, (*resp)->body->type, crep); - if (cert == NULL) { - ERR_add_error_data(1, "; cannot extract certificate from response"); - return 0; - } - if (!ossl_cmp_ctx_set0_newCert(ctx, cert)) - return 0; - - /* - * if the CMP server returned certificates in the caPubs field, copy them - * to the context so that they can be retrieved if necessary - */ - if (crepmsg->caPubs != NULL - && !ossl_cmp_ctx_set1_caPubs(ctx, crepmsg->caPubs)) - return 0; - - subj = X509_NAME_oneline(X509_get_subject_name(cert), NULL, 0); - if (rkey != NULL - /* X509_check_private_key() also works if rkey is just public key */ - && !(X509_check_private_key(ctx->newCert, rkey))) { - fail_info = 1 << OSSL_CMP_PKIFAILUREINFO_incorrectData; - txt = "public key in new certificate does not match our enrollment key"; - /*- - * not calling (void)ossl_cmp_exchange_error(ctx, - * OSSL_CMP_PKISTATUS_rejection, fail_info, txt) - * not throwing CMP_R_CERTIFICATE_NOT_ACCEPTED with txt - * not returning 0 - * since we better leave this for the certConf_cb to decide - */ - } - - /* - * Execute the certification checking callback function, - * which can determine whether to accept a newly enrolled certificate. - * It may overrule the pre-decision reflected in 'fail_info' and '*txt'. - */ - cb = ctx->certConf_cb != NULL ? ctx->certConf_cb : OSSL_CMP_certConf_cb; - if ((fail_info = cb(ctx, ctx->newCert, fail_info, &txt)) != 0 - && txt == NULL) - txt = "CMP client did not accept it"; - if (fail_info != 0) /* immediately log error before any certConf exchange */ - ossl_cmp_log1(ERROR, ctx, - "rejecting newly enrolled cert with subject: %s", subj); - if (!ctx->disableConfirm - && !ossl_cmp_hdr_has_implicitConfirm((*resp)->header)) { - if (!ossl_cmp_exchange_certConf(ctx, fail_info, txt)) - ret = 0; - } - - /* not throwing failure earlier as transfer_cb may call ERR_clear_error() */ - if (fail_info != 0) { - ERR_raise_data(ERR_LIB_CMP, CMP_R_CERTIFICATE_NOT_ACCEPTED, - "rejecting newly enrolled cert with subject: %s; %s", - subj, txt); - ret = 0; - } - OPENSSL_free(subj); - return ret; -} - -static int initial_certreq(OSSL_CMP_CTX *ctx, - int req_type, const OSSL_CRMF_MSG *crm, - OSSL_CMP_MSG **p_rep, int rep_type) -{ - OSSL_CMP_MSG *req; - int res; - - ctx->status = -1; - if (!ossl_cmp_ctx_set0_newCert(ctx, NULL)) - return 0; - - if (ctx->total_timeout > 0) /* else ctx->end_time is not used */ - ctx->end_time = time(NULL) + ctx->total_timeout; - - /* also checks if all necessary options are set */ - if ((req = ossl_cmp_certreq_new(ctx, req_type, crm)) == NULL) - return 0; - - res = send_receive_check(ctx, req, p_rep, rep_type); - OSSL_CMP_MSG_free(req); - return res; -} - -int OSSL_CMP_try_certreq(OSSL_CMP_CTX *ctx, int req_type, - const OSSL_CRMF_MSG *crm, int *checkAfter) -{ - OSSL_CMP_MSG *rep = NULL; - int is_p10 = req_type == OSSL_CMP_PKIBODY_P10CR; - int rid = is_p10 ? -1 : OSSL_CMP_CERTREQID; - int rep_type = is_p10 ? OSSL_CMP_PKIBODY_CP : req_type + 1; - int res = 0; - - if (ctx == NULL) { - ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); - return 0; - } - - if (ctx->status != OSSL_CMP_PKISTATUS_waiting) { /* not polling already */ - if (!initial_certreq(ctx, req_type, crm, &rep, rep_type)) - goto err; - } else { - if (req_type < 0) - return ossl_cmp_exchange_error(ctx, OSSL_CMP_PKISTATUS_rejection, - 0, "polling aborted", - 0 /* errorCode */, "by application"); - res = poll_for_response(ctx, 0 /* no sleep */, rid, &rep, checkAfter); - if (res <= 0) /* waiting or error */ - return res; - } - res = cert_response(ctx, 0 /* no sleep */, rid, &rep, checkAfter, - req_type, rep_type); - - err: - OSSL_CMP_MSG_free(rep); - return res; -} - -/*- - * Do the full sequence CR/IR/KUR/P10CR, CP/IP/KUP/CP, - * certConf, PKIconf, and polling if required. - * Will sleep as long as indicated by the server (according to checkAfter). - * All enrollment options need to be present in the context. - * Returns pointer to received certificate, or NULL if none was received. - */ -X509 *OSSL_CMP_exec_certreq(OSSL_CMP_CTX *ctx, int req_type, - const OSSL_CRMF_MSG *crm) -{ - - OSSL_CMP_MSG *rep = NULL; - int is_p10 = req_type == OSSL_CMP_PKIBODY_P10CR; - int rid = is_p10 ? -1 : OSSL_CMP_CERTREQID; - int rep_type = is_p10 ? OSSL_CMP_PKIBODY_CP : req_type + 1; - X509 *result = NULL; - - if (ctx == NULL) { - ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); - return NULL; - } - - if (!initial_certreq(ctx, req_type, crm, &rep, rep_type)) - goto err; - - if (cert_response(ctx, 1 /* sleep */, rid, &rep, NULL, req_type, rep_type) - <= 0) - goto err; - - result = ctx->newCert; - err: - OSSL_CMP_MSG_free(rep); - return result; -} - -int OSSL_CMP_exec_RR_ses(OSSL_CMP_CTX *ctx) -{ - OSSL_CMP_MSG *rr = NULL; - OSSL_CMP_MSG *rp = NULL; - const int num_RevDetails = 1; - const int rsid = OSSL_CMP_REVREQSID; - OSSL_CMP_REVREPCONTENT *rrep = NULL; - OSSL_CMP_PKISI *si = NULL; - char buf[OSSL_CMP_PKISI_BUFLEN]; - int ret = 0; - - if (ctx == NULL) { - ERR_raise(ERR_LIB_CMP, CMP_R_INVALID_ARGS); - return 0; - } - if (ctx->oldCert == NULL && ctx->p10CSR == NULL) { - ERR_raise(ERR_LIB_CMP, CMP_R_MISSING_REFERENCE_CERT); - return 0; - } - ctx->status = -1; - - /* OSSL_CMP_rr_new() also checks if all necessary options are set */ - if ((rr = ossl_cmp_rr_new(ctx)) == NULL) - goto end; - - if (!send_receive_check(ctx, rr, &rp, OSSL_CMP_PKIBODY_RP)) - goto end; - - rrep = rp->body->value.rp; -#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION - if (sk_OSSL_CMP_PKISI_num(rrep->status) != num_RevDetails) { - ERR_raise(ERR_LIB_CMP, CMP_R_WRONG_RP_COMPONENT_COUNT); - goto end; - } -#else - if (sk_OSSL_CMP_PKISI_num(rrep->status) < 1) { - ERR_raise(ERR_LIB_CMP, CMP_R_WRONG_RP_COMPONENT_COUNT); - goto end; - } -#endif - - /* evaluate PKIStatus field */ - si = ossl_cmp_revrepcontent_get_pkisi(rrep, rsid); - if (!save_statusInfo(ctx, si)) - goto err; - switch (ossl_cmp_pkisi_get_status(si)) { - case OSSL_CMP_PKISTATUS_accepted: - ossl_cmp_info(ctx, "revocation accepted (PKIStatus=accepted)"); - ret = 1; - break; - case OSSL_CMP_PKISTATUS_grantedWithMods: - ossl_cmp_info(ctx, "revocation accepted (PKIStatus=grantedWithMods)"); - ret = 1; - break; - case OSSL_CMP_PKISTATUS_rejection: - ERR_raise(ERR_LIB_CMP, CMP_R_REQUEST_REJECTED_BY_SERVER); - goto err; - case OSSL_CMP_PKISTATUS_revocationWarning: - ossl_cmp_info(ctx, "revocation accepted (PKIStatus=revocationWarning)"); - ret = 1; - break; - case OSSL_CMP_PKISTATUS_revocationNotification: - /* interpretation as warning or error depends on CA */ - ossl_cmp_warn(ctx, - "revocation accepted (PKIStatus=revocationNotification)"); - ret = 1; - break; - case OSSL_CMP_PKISTATUS_waiting: - case OSSL_CMP_PKISTATUS_keyUpdateWarning: - ERR_raise(ERR_LIB_CMP, CMP_R_UNEXPECTED_PKISTATUS); - goto err; - default: - ERR_raise(ERR_LIB_CMP, CMP_R_UNKNOWN_PKISTATUS); - goto err; - } - - /* check any present CertId in optional revCerts field */ - if (sk_OSSL_CRMF_CERTID_num(rrep->revCerts) >= 1) { - OSSL_CRMF_CERTID *cid; - OSSL_CRMF_CERTTEMPLATE *tmpl = - sk_OSSL_CMP_REVDETAILS_value(rr->body->value.rr, rsid)->certDetails; - const X509_NAME *issuer = OSSL_CRMF_CERTTEMPLATE_get0_issuer(tmpl); - const ASN1_INTEGER *serial = OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(tmpl); - - if (sk_OSSL_CRMF_CERTID_num(rrep->revCerts) != num_RevDetails) { - ERR_raise(ERR_LIB_CMP, CMP_R_WRONG_RP_COMPONENT_COUNT); - ret = 0; - goto err; - } - if ((cid = ossl_cmp_revrepcontent_get_CertId(rrep, rsid)) == NULL) { - ERR_raise(ERR_LIB_CMP, CMP_R_MISSING_CERTID); - ret = 0; - goto err; - } - if (X509_NAME_cmp(issuer, OSSL_CRMF_CERTID_get0_issuer(cid)) != 0) { -#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION - ERR_raise(ERR_LIB_CMP, CMP_R_WRONG_CERTID_IN_RP); - ret = 0; - goto err; -#endif - } - if (ASN1_INTEGER_cmp(serial, - OSSL_CRMF_CERTID_get0_serialNumber(cid)) != 0) { -#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION - ERR_raise(ERR_LIB_CMP, CMP_R_WRONG_SERIAL_IN_RP); - ret = 0; - goto err; -#endif - } - } - - /* check number of any optionally present crls */ - if (rrep->crls != NULL && sk_X509_CRL_num(rrep->crls) != num_RevDetails) { - ERR_raise(ERR_LIB_CMP, CMP_R_WRONG_RP_COMPONENT_COUNT); - ret = 0; - goto err; - } - - err: - if (ret == 0 - && OSSL_CMP_CTX_snprint_PKIStatus(ctx, buf, sizeof(buf)) != NULL) - ERR_add_error_data(1, buf); - - end: - OSSL_CMP_MSG_free(rr); - OSSL_CMP_MSG_free(rp); - return ret; -} - -STACK_OF(OSSL_CMP_ITAV) *OSSL_CMP_exec_GENM_ses(OSSL_CMP_CTX *ctx) -{ - OSSL_CMP_MSG *genm; - OSSL_CMP_MSG *genp = NULL; - STACK_OF(OSSL_CMP_ITAV) *rcvd_itavs = NULL; - - if (ctx == NULL) { - ERR_raise(ERR_LIB_CMP, CMP_R_INVALID_ARGS); - return 0; - } - ctx->status = -1; - - if ((genm = ossl_cmp_genm_new(ctx)) == NULL) - goto err; - - if (!send_receive_check(ctx, genm, &genp, OSSL_CMP_PKIBODY_GENP)) - goto err; - - /* received stack of itavs not to be freed with the genp */ - rcvd_itavs = genp->body->value.genp; - genp->body->value.genp = NULL; - - err: - OSSL_CMP_MSG_free(genm); - OSSL_CMP_MSG_free(genp); - - return rcvd_itavs; /* recv_itavs == NULL indicates an error */ -} diff --git a/crypto/cmp/cmp_ctx.c b/crypto/cmp/cmp_ctx.c deleted file mode 100644 index f514ab27e06d54c2f283deff13953d11c06e2522..0000000000000000000000000000000000000000 --- a/crypto/cmp/cmp_ctx.c +++ /dev/null @@ -1,1136 +0,0 @@ -/* - * Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved. - * Copyright Nokia 2007-2019 - * Copyright Siemens AG 2015-2019 - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include /* for OCSP_REVOKED_STATUS_* */ - -#include "cmp_local.h" - -/* explicit #includes not strictly needed since implied by the above: */ -#include -#include -#include - -/* - * Get current certificate store containing trusted root CA certs - */ -X509_STORE *OSSL_CMP_CTX_get0_trustedStore(const OSSL_CMP_CTX *ctx) -{ - if (ctx == NULL) { - ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); - return NULL; - } - return ctx->trusted; -} - -/* - * Set certificate store containing trusted (root) CA certs and possibly CRLs - * and a cert verification callback function used for CMP server authentication. - * Any already existing store entry is freed. Given NULL, the entry is reset. - */ -int OSSL_CMP_CTX_set0_trustedStore(OSSL_CMP_CTX *ctx, X509_STORE *store) -{ - if (ctx == NULL) { - ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); - return 0; - } - X509_STORE_free(ctx->trusted); - ctx->trusted = store; - return 1; -} - -/* Get current list of non-trusted intermediate certs */ -STACK_OF(X509) *OSSL_CMP_CTX_get0_untrusted(const OSSL_CMP_CTX *ctx) -{ - if (ctx == NULL) { - ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); - return NULL; - } - return ctx->untrusted; -} - -/* - * Set untrusted certificates for path construction in authentication of - * the CMP server and potentially others (TLS server, newly enrolled cert). - */ -int OSSL_CMP_CTX_set1_untrusted(OSSL_CMP_CTX *ctx, STACK_OF(X509) *certs) -{ - STACK_OF(X509) *untrusted = NULL; - - if (ctx == NULL) { - ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); - return 0; - } - if (!ossl_x509_add_certs_new(&untrusted, certs, - X509_ADD_FLAG_UP_REF | X509_ADD_FLAG_NO_DUP)) - goto err; - sk_X509_pop_free(ctx->untrusted, X509_free); - ctx->untrusted = untrusted; - return 1; - err: - sk_X509_pop_free(untrusted, X509_free); - return 0; -} - -static int cmp_ctx_set_md(OSSL_CMP_CTX *ctx, EVP_MD **pmd, int nid) -{ - EVP_MD *md = EVP_MD_fetch(ctx->libctx, OBJ_nid2sn(nid), ctx->propq); - /* fetching in advance to be able to throw error early if unsupported */ - - if (md == NULL) { - ERR_raise(ERR_LIB_CMP, CMP_R_UNSUPPORTED_ALGORITHM); - return 0; - } - EVP_MD_free(*pmd); - *pmd = md; - return 1; -} - -/* - * Allocates and initializes OSSL_CMP_CTX context structure with default values. - * Returns new context on success, NULL on error - */ -OSSL_CMP_CTX *OSSL_CMP_CTX_new(OSSL_LIB_CTX *libctx, const char *propq) -{ - OSSL_CMP_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx)); - - if (ctx == NULL) - goto err; - - ctx->libctx = libctx; - if (propq != NULL && (ctx->propq = OPENSSL_strdup(propq)) == NULL) - goto oom; - - ctx->log_verbosity = OSSL_CMP_LOG_INFO; - - ctx->status = -1; - ctx->failInfoCode = -1; - - ctx->keep_alive = 1; - ctx->msg_timeout = -1; - - if ((ctx->untrusted = sk_X509_new_null()) == NULL) - goto oom; - - ctx->pbm_slen = 16; - if (!cmp_ctx_set_md(ctx, &ctx->pbm_owf, NID_sha256)) - goto err; - ctx->pbm_itercnt = 500; - ctx->pbm_mac = NID_hmac_sha1; - - if (!cmp_ctx_set_md(ctx, &ctx->digest, NID_sha256)) - goto err; - ctx->popoMethod = OSSL_CRMF_POPO_SIGNATURE; - ctx->revocationReason = CRL_REASON_NONE; - - /* all other elements are initialized to 0 or NULL, respectively */ - return ctx; - - oom: - ERR_raise(ERR_LIB_X509, ERR_R_MALLOC_FAILURE); - err: - OSSL_CMP_CTX_free(ctx); - return NULL; -} - -/* Prepare the OSSL_CMP_CTX for next use, partly re-initializing OSSL_CMP_CTX */ -int OSSL_CMP_CTX_reinit(OSSL_CMP_CTX *ctx) -{ - if (ctx == NULL) { - ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); - return 0; - } - - if (ctx->http_ctx != NULL) { - (void)OSSL_HTTP_close(ctx->http_ctx, 1); - ossl_cmp_debug(ctx, "disconnected from CMP server"); - ctx->http_ctx = NULL; - } - ctx->status = -1; - ctx->failInfoCode = -1; - - return ossl_cmp_ctx_set0_statusString(ctx, NULL) - && ossl_cmp_ctx_set0_newCert(ctx, NULL) - && ossl_cmp_ctx_set1_newChain(ctx, NULL) - && ossl_cmp_ctx_set1_caPubs(ctx, NULL) - && ossl_cmp_ctx_set1_extraCertsIn(ctx, NULL) - && ossl_cmp_ctx_set0_validatedSrvCert(ctx, NULL) - && OSSL_CMP_CTX_set1_transactionID(ctx, NULL) - && OSSL_CMP_CTX_set1_senderNonce(ctx, NULL) - && ossl_cmp_ctx_set1_recipNonce(ctx, NULL); -} - -/* Frees OSSL_CMP_CTX variables allocated in OSSL_CMP_CTX_new() */ -void OSSL_CMP_CTX_free(OSSL_CMP_CTX *ctx) -{ - if (ctx == NULL) - return; - - if (ctx->http_ctx != NULL) { - (void)OSSL_HTTP_close(ctx->http_ctx, 1); - ossl_cmp_debug(ctx, "disconnected from CMP server"); - } - OPENSSL_free(ctx->propq); - OPENSSL_free(ctx->serverPath); - OPENSSL_free(ctx->server); - OPENSSL_free(ctx->proxy); - OPENSSL_free(ctx->no_proxy); - - X509_free(ctx->srvCert); - X509_free(ctx->validatedSrvCert); - X509_NAME_free(ctx->expected_sender); - X509_STORE_free(ctx->trusted); - sk_X509_pop_free(ctx->untrusted, X509_free); - - X509_free(ctx->cert); - sk_X509_pop_free(ctx->chain, X509_free); - EVP_PKEY_free(ctx->pkey); - ASN1_OCTET_STRING_free(ctx->referenceValue); - if (ctx->secretValue != NULL) - OPENSSL_cleanse(ctx->secretValue->data, ctx->secretValue->length); - ASN1_OCTET_STRING_free(ctx->secretValue); - EVP_MD_free(ctx->pbm_owf); - - X509_NAME_free(ctx->recipient); - EVP_MD_free(ctx->digest); - ASN1_OCTET_STRING_free(ctx->transactionID); - ASN1_OCTET_STRING_free(ctx->senderNonce); - ASN1_OCTET_STRING_free(ctx->recipNonce); - sk_OSSL_CMP_ITAV_pop_free(ctx->geninfo_ITAVs, OSSL_CMP_ITAV_free); - sk_X509_pop_free(ctx->extraCertsOut, X509_free); - - EVP_PKEY_free(ctx->newPkey); - X509_NAME_free(ctx->issuer); - X509_NAME_free(ctx->subjectName); - sk_GENERAL_NAME_pop_free(ctx->subjectAltNames, GENERAL_NAME_free); - sk_X509_EXTENSION_pop_free(ctx->reqExtensions, X509_EXTENSION_free); - sk_POLICYINFO_pop_free(ctx->policies, POLICYINFO_free); - X509_free(ctx->oldCert); - X509_REQ_free(ctx->p10CSR); - - sk_OSSL_CMP_ITAV_pop_free(ctx->genm_ITAVs, OSSL_CMP_ITAV_free); - - sk_ASN1_UTF8STRING_pop_free(ctx->statusString, ASN1_UTF8STRING_free); - X509_free(ctx->newCert); - sk_X509_pop_free(ctx->newChain, X509_free); - sk_X509_pop_free(ctx->caPubs, X509_free); - sk_X509_pop_free(ctx->extraCertsIn, X509_free); - - OPENSSL_free(ctx); -} - -int ossl_cmp_ctx_set_status(OSSL_CMP_CTX *ctx, int status) -{ - if (!ossl_assert(ctx != NULL)) - return 0; - ctx->status = status; - return 1; -} - -/* - * Returns the PKIStatus from the last CertRepMessage - * or Revocation Response or error message, -1 on error - */ -int OSSL_CMP_CTX_get_status(const OSSL_CMP_CTX *ctx) -{ - if (ctx == NULL) { - ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); - return -1; - } - return ctx->status; -} - -/* - * Returns the statusString from the last CertRepMessage - * or Revocation Response or error message, NULL on error - */ -OSSL_CMP_PKIFREETEXT *OSSL_CMP_CTX_get0_statusString(const OSSL_CMP_CTX *ctx) -{ - if (ctx == NULL) { - ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); - return NULL; - } - return ctx->statusString; -} - -int ossl_cmp_ctx_set0_statusString(OSSL_CMP_CTX *ctx, - OSSL_CMP_PKIFREETEXT *text) -{ - if (!ossl_assert(ctx != NULL)) - return 0; - sk_ASN1_UTF8STRING_pop_free(ctx->statusString, ASN1_UTF8STRING_free); - ctx->statusString = text; - return 1; -} - -int ossl_cmp_ctx_set0_validatedSrvCert(OSSL_CMP_CTX *ctx, X509 *cert) -{ - if (!ossl_assert(ctx != NULL)) - return 0; - X509_free(ctx->validatedSrvCert); - ctx->validatedSrvCert = cert; - return 1; -} - -/* Set callback function for checking if the cert is ok or should be rejected */ -int OSSL_CMP_CTX_set_certConf_cb(OSSL_CMP_CTX *ctx, OSSL_CMP_certConf_cb_t cb) -{ - if (ctx == NULL) { - ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); - return 0; - } - ctx->certConf_cb = cb; - return 1; -} - -/* - * Set argument, respectively a pointer to a structure containing arguments, - * optionally to be used by the certConf callback. - */ -int OSSL_CMP_CTX_set_certConf_cb_arg(OSSL_CMP_CTX *ctx, void *arg) -{ - if (ctx == NULL) { - ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); - return 0; - } - ctx->certConf_cb_arg = arg; - return 1; -} - -/* - * Get argument, respectively the pointer to a structure containing arguments, - * optionally to be used by certConf callback. - * Returns callback argument set previously (NULL if not set or on error) - */ -void *OSSL_CMP_CTX_get_certConf_cb_arg(const OSSL_CMP_CTX *ctx) -{ - if (ctx == NULL) { - ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); - return NULL; - } - return ctx->certConf_cb_arg; -} - -#ifndef OPENSSL_NO_TRACE -static size_t ossl_cmp_log_trace_cb(const char *buf, size_t cnt, - int category, int cmd, void *vdata) -{ - OSSL_CMP_CTX *ctx = vdata; - const char *msg; - OSSL_CMP_severity level = -1; - char *func = NULL; - char *file = NULL; - int line = 0; - - if (buf == NULL || cnt == 0 || cmd != OSSL_TRACE_CTRL_WRITE || ctx == NULL) - return 0; - if (ctx->log_cb == NULL) - return 1; /* silently drop message */ - - msg = ossl_cmp_log_parse_metadata(buf, &level, &func, &file, &line); - - if (level > ctx->log_verbosity) /* excludes the case level is unknown */ - goto end; /* suppress output since severity is not sufficient */ - - if (!ctx->log_cb(func != NULL ? func : "(no func)", - file != NULL ? file : "(no file)", - line, level, msg)) - cnt = 0; - - end: - OPENSSL_free(func); - OPENSSL_free(file); - return cnt; -} -#endif - -/* Print CMP log messages (i.e., diagnostic info) via the log cb of the ctx */ -int ossl_cmp_print_log(OSSL_CMP_severity level, const OSSL_CMP_CTX *ctx, - const char *func, const char *file, int line, - const char *level_str, const char *format, ...) -{ - va_list args; - char hugebuf[1024 * 2]; - int res = 0; - - if (ctx == NULL || ctx->log_cb == NULL) - return 1; /* silently drop message */ - - if (level > ctx->log_verbosity) /* excludes the case level is unknown */ - return 1; /* suppress output since severity is not sufficient */ - - if (format == NULL) - return 0; - - va_start(args, format); - - if (func == NULL) - func = "(unset function name)"; - if (file == NULL) - file = "(unset file name)"; - if (level_str == NULL) - level_str = "(unset level string)"; - -#ifndef OPENSSL_NO_TRACE - if (OSSL_TRACE_ENABLED(CMP)) { - OSSL_TRACE_BEGIN(CMP) { - int printed = - BIO_snprintf(hugebuf, sizeof(hugebuf), - "%s:%s:%d:" OSSL_CMP_LOG_PREFIX "%s: ", - func, file, line, level_str); - if (printed > 0 && (size_t)printed < sizeof(hugebuf)) { - if (BIO_vsnprintf(hugebuf + printed, - sizeof(hugebuf) - printed, format, args) > 0) - res = BIO_puts(trc_out, hugebuf) > 0; - } - } OSSL_TRACE_END(CMP); - } -#else /* compensate for disabled trace API */ - { - if (BIO_vsnprintf(hugebuf, sizeof(hugebuf), format, args) > 0) - res = ctx->log_cb(func, file, line, level, hugebuf); - } -#endif - va_end(args); - return res; -} - -/* Set a callback function for error reporting and logging messages */ -int OSSL_CMP_CTX_set_log_cb(OSSL_CMP_CTX *ctx, OSSL_CMP_log_cb_t cb) -{ - if (ctx == NULL) { - ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); - return 0; - } - ctx->log_cb = cb; - -#ifndef OPENSSL_NO_TRACE - /* do also in case cb == NULL, to switch off logging output: */ - if (!OSSL_trace_set_callback(OSSL_TRACE_CATEGORY_CMP, - ossl_cmp_log_trace_cb, ctx)) - return 0; -#endif - - return 1; -} - -/* Print OpenSSL and CMP errors via the log cb of the ctx or ERR_print_errors */ -void OSSL_CMP_CTX_print_errors(const OSSL_CMP_CTX *ctx) -{ - if (ctx != NULL && OSSL_CMP_LOG_ERR > ctx->log_verbosity) - return; /* suppress output since severity is not sufficient */ - OSSL_CMP_print_errors_cb(ctx == NULL ? NULL : ctx->log_cb); -} - -/* - * Set or clear the reference value to be used for identification - * (i.e., the user name) when using PBMAC. - */ -int OSSL_CMP_CTX_set1_referenceValue(OSSL_CMP_CTX *ctx, - const unsigned char *ref, int len) -{ - if (ctx == NULL) { - ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); - return 0; - } - return ossl_cmp_asn1_octet_string_set1_bytes(&ctx->referenceValue, ref, - len); -} - -/* Set or clear the password to be used for protecting messages with PBMAC */ -int OSSL_CMP_CTX_set1_secretValue(OSSL_CMP_CTX *ctx, const unsigned char *sec, - const int len) -{ - ASN1_OCTET_STRING *secretValue = NULL; - if (ctx == NULL) { - ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); - return 0; - } - if (ossl_cmp_asn1_octet_string_set1_bytes(&secretValue, sec, len) != 1) - return 0; - if (ctx->secretValue != NULL) { - OPENSSL_cleanse(ctx->secretValue->data, ctx->secretValue->length); - ASN1_OCTET_STRING_free(ctx->secretValue); - } - ctx->secretValue = secretValue; - return 1; -} - -/* Returns the cert chain computed by OSSL_CMP_certConf_cb(), NULL on error */ -STACK_OF(X509) *OSSL_CMP_CTX_get1_newChain(const OSSL_CMP_CTX *ctx) -{ - if (ctx == NULL) { - ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); - return NULL; - } - return X509_chain_up_ref(ctx->newChain); -} - -/* - * Copies any given stack of inbound X509 certificates to newChain - * of the OSSL_CMP_CTX structure so that they may be retrieved later. - */ -int ossl_cmp_ctx_set1_newChain(OSSL_CMP_CTX *ctx, STACK_OF(X509) *newChain) -{ - if (!ossl_assert(ctx != NULL)) - return 0; - - sk_X509_pop_free(ctx->newChain, X509_free); - ctx->newChain = NULL; - return newChain == NULL || - (ctx->newChain = X509_chain_up_ref(newChain)) != NULL; -} - -/* Returns the stack of extraCerts received in CertRepMessage, NULL on error */ -STACK_OF(X509) *OSSL_CMP_CTX_get1_extraCertsIn(const OSSL_CMP_CTX *ctx) -{ - if (ctx == NULL) { - ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); - return NULL; - } - return X509_chain_up_ref(ctx->extraCertsIn); -} - -/* - * Copies any given stack of inbound X509 certificates to extraCertsIn - * of the OSSL_CMP_CTX structure so that they may be retrieved later. - */ -int ossl_cmp_ctx_set1_extraCertsIn(OSSL_CMP_CTX *ctx, - STACK_OF(X509) *extraCertsIn) -{ - if (!ossl_assert(ctx != NULL)) - return 0; - - sk_X509_pop_free(ctx->extraCertsIn, X509_free); - ctx->extraCertsIn = NULL; - return extraCertsIn == NULL - || (ctx->extraCertsIn = X509_chain_up_ref(extraCertsIn)) != NULL; -} - -/* - * Copies any given stack as the new stack of X509 - * certificates to send out in the extraCerts field. - */ -int OSSL_CMP_CTX_set1_extraCertsOut(OSSL_CMP_CTX *ctx, - STACK_OF(X509) *extraCertsOut) -{ - if (ctx == NULL) { - ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); - return 0; - } - - sk_X509_pop_free(ctx->extraCertsOut, X509_free); - ctx->extraCertsOut = NULL; - return extraCertsOut == NULL - || (ctx->extraCertsOut = X509_chain_up_ref(extraCertsOut)) != NULL; -} - -/* - * Add the given policy info object - * to the X509_EXTENSIONS of the requested certificate template. - */ -int OSSL_CMP_CTX_push0_policy(OSSL_CMP_CTX *ctx, POLICYINFO *pinfo) -{ - if (ctx == NULL || pinfo == NULL) { - ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); - return 0; - } - - if (ctx->policies == NULL - && (ctx->policies = CERTIFICATEPOLICIES_new()) == NULL) - return 0; - - return sk_POLICYINFO_push(ctx->policies, pinfo); -} - -/* Add an ITAV for geninfo of the PKI message header */ -int OSSL_CMP_CTX_push0_geninfo_ITAV(OSSL_CMP_CTX *ctx, OSSL_CMP_ITAV *itav) -{ - if (ctx == NULL) { - ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); - return 0; - } - return OSSL_CMP_ITAV_push0_stack_item(&ctx->geninfo_ITAVs, itav); -} - -/* Add an itav for the body of outgoing general messages */ -int OSSL_CMP_CTX_push0_genm_ITAV(OSSL_CMP_CTX *ctx, OSSL_CMP_ITAV *itav) -{ - if (ctx == NULL) { - ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); - return 0; - } - return OSSL_CMP_ITAV_push0_stack_item(&ctx->genm_ITAVs, itav); -} - -/* - * Returns a duplicate of the stack of X509 certificates that - * were received in the caPubs field of the last CertRepMessage. - * Returns NULL on error - */ -STACK_OF(X509) *OSSL_CMP_CTX_get1_caPubs(const OSSL_CMP_CTX *ctx) -{ - if (ctx == NULL) { - ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); - return NULL; - } - return X509_chain_up_ref(ctx->caPubs); -} - -/* - * Copies any given stack of certificates to the given - * OSSL_CMP_CTX structure so that they may be retrieved later. - */ -int ossl_cmp_ctx_set1_caPubs(OSSL_CMP_CTX *ctx, STACK_OF(X509) *caPubs) -{ - if (!ossl_assert(ctx != NULL)) - return 0; - - sk_X509_pop_free(ctx->caPubs, X509_free); - ctx->caPubs = NULL; - return caPubs == NULL || (ctx->caPubs = X509_chain_up_ref(caPubs)) != NULL; -} - -#define char_dup OPENSSL_strdup -#define char_free OPENSSL_free -#define DEFINE_OSSL_CMP_CTX_set1(FIELD, TYPE) /* this uses _dup */ \ -int OSSL_CMP_CTX_set1_##FIELD(OSSL_CMP_CTX *ctx, const TYPE *val) \ -{ \ - TYPE *val_dup = NULL; \ - \ - if (ctx == NULL) { \ - ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); \ - return 0; \ - } \ - \ - if (val != NULL && (val_dup = TYPE##_dup(val)) == NULL) \ - return 0; \ - TYPE##_free(ctx->FIELD); \ - ctx->FIELD = val_dup; \ - return 1; \ -} - -#define X509_invalid(cert) (!ossl_x509v3_cache_extensions(cert)) -#define EVP_PKEY_invalid(key) 0 -#define DEFINE_OSSL_CMP_CTX_set1_up_ref(FIELD, TYPE) \ -int OSSL_CMP_CTX_set1_##FIELD(OSSL_CMP_CTX *ctx, TYPE *val) \ -{ \ - if (ctx == NULL) { \ - ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); \ - return 0; \ - } \ - \ - /* prevent misleading error later on malformed cert or provider issue */ \ - if (val != NULL && TYPE##_invalid(val)) { \ - ERR_raise(ERR_LIB_CMP, CMP_R_POTENTIALLY_INVALID_CERTIFICATE); \ - return 0; \ - } \ - if (val != NULL && !TYPE##_up_ref(val)) \ - return 0; \ - TYPE##_free(ctx->FIELD); \ - ctx->FIELD = val; \ - return 1; \ -} - -/* - * Pins the server certificate to be directly trusted (even if it is expired) - * for verifying response messages. - * Cert pointer is not consumed. It may be NULL to clear the entry. - */ -DEFINE_OSSL_CMP_CTX_set1_up_ref(srvCert, X509) - -/* Set the X509 name of the recipient. Set in the PKIHeader */ -DEFINE_OSSL_CMP_CTX_set1(recipient, X509_NAME) - -/* Store the X509 name of the expected sender in the PKIHeader of responses */ -DEFINE_OSSL_CMP_CTX_set1(expected_sender, X509_NAME) - -/* Set the X509 name of the issuer. Set in the PKIHeader */ -DEFINE_OSSL_CMP_CTX_set1(issuer, X509_NAME) - -/* - * Set the subject name that will be placed in the certificate - * request. This will be the subject name on the received certificate. - */ -DEFINE_OSSL_CMP_CTX_set1(subjectName, X509_NAME) - -/* Set the X.509v3 certificate request extensions to be used in IR/CR/KUR */ -int OSSL_CMP_CTX_set0_reqExtensions(OSSL_CMP_CTX *ctx, X509_EXTENSIONS *exts) -{ - if (ctx == NULL) { - ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); - return 0; - } - - if (sk_GENERAL_NAME_num(ctx->subjectAltNames) > 0 && exts != NULL - && X509v3_get_ext_by_NID(exts, NID_subject_alt_name, -1) >= 0) { - ERR_raise(ERR_LIB_CMP, CMP_R_MULTIPLE_SAN_SOURCES); - return 0; - } - sk_X509_EXTENSION_pop_free(ctx->reqExtensions, X509_EXTENSION_free); - ctx->reqExtensions = exts; - return 1; -} - -/* returns 1 if ctx contains a Subject Alternative Name extension, else 0 */ -int OSSL_CMP_CTX_reqExtensions_have_SAN(OSSL_CMP_CTX *ctx) -{ - if (ctx == NULL) { - ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); - return -1; - } - /* if one of the following conditions 'fail' this is not an error */ - return ctx->reqExtensions != NULL - && X509v3_get_ext_by_NID(ctx->reqExtensions, - NID_subject_alt_name, -1) >= 0; -} - -/* - * Add a GENERAL_NAME structure that will be added to the CRMF - * request's extensions field to request subject alternative names. - */ -int OSSL_CMP_CTX_push1_subjectAltName(OSSL_CMP_CTX *ctx, - const GENERAL_NAME *name) -{ - GENERAL_NAME *name_dup; - - if (ctx == NULL || name == NULL) { - ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); - return 0; - } - - if (OSSL_CMP_CTX_reqExtensions_have_SAN(ctx) == 1) { - ERR_raise(ERR_LIB_CMP, CMP_R_MULTIPLE_SAN_SOURCES); - return 0; - } - - if (ctx->subjectAltNames == NULL - && (ctx->subjectAltNames = sk_GENERAL_NAME_new_null()) == NULL) - return 0; - if ((name_dup = GENERAL_NAME_dup(name)) == NULL) - return 0; - if (!sk_GENERAL_NAME_push(ctx->subjectAltNames, name_dup)) { - GENERAL_NAME_free(name_dup); - return 0; - } - return 1; -} - -/* - * Set our own client certificate, used for example in KUR and when - * doing the IR with existing certificate. - */ -DEFINE_OSSL_CMP_CTX_set1_up_ref(cert, X509) - -int OSSL_CMP_CTX_build_cert_chain(OSSL_CMP_CTX *ctx, X509_STORE *own_trusted, - STACK_OF(X509) *candidates) -{ - STACK_OF(X509) *chain; - - if (ctx == NULL) { - ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); - return 0; - } - - if (!ossl_x509_add_certs_new(&ctx->untrusted, candidates, - X509_ADD_FLAG_UP_REF | X509_ADD_FLAG_NO_DUP)) - return 0; - - ossl_cmp_debug(ctx, "trying to build chain for own CMP signer cert"); - chain = X509_build_chain(ctx->cert, ctx->untrusted, own_trusted, 0, - ctx->libctx, ctx->propq); - if (chain == NULL) { - ERR_raise(ERR_LIB_CMP, CMP_R_FAILED_BUILDING_OWN_CHAIN); - return 0; - } - ossl_cmp_debug(ctx, "success building chain for own CMP signer cert"); - ctx->chain = chain; - return 1; -} - -/* - * Set the old certificate that we are updating in KUR - * or the certificate to be revoked in RR, respectively. - * Also used as reference cert (defaulting to cert) for deriving subject DN - * and SANs. Its issuer is used as default recipient in the CMP message header. - */ -DEFINE_OSSL_CMP_CTX_set1_up_ref(oldCert, X509) - -/* Set the PKCS#10 CSR to be sent in P10CR */ -DEFINE_OSSL_CMP_CTX_set1(p10CSR, X509_REQ) - -/* - * Set the (newly received in IP/KUP/CP) certificate in the context. - * This only permits for one cert to be enrolled at a time. - */ -int ossl_cmp_ctx_set0_newCert(OSSL_CMP_CTX *ctx, X509 *cert) -{ - if (!ossl_assert(ctx != NULL)) - return 0; - - X509_free(ctx->newCert); - ctx->newCert = cert; - return 1; -} - -/* - * Get the (newly received in IP/KUP/CP) client certificate from the context - * This only permits for one client cert to be received... - */ -X509 *OSSL_CMP_CTX_get0_newCert(const OSSL_CMP_CTX *ctx) -{ - if (ctx == NULL) { - ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); - return NULL; - } - return ctx->newCert; -} - -/* Set the client's current private key */ -DEFINE_OSSL_CMP_CTX_set1_up_ref(pkey, EVP_PKEY) - -/* Set new key pair. Used e.g. when doing Key Update */ -int OSSL_CMP_CTX_set0_newPkey(OSSL_CMP_CTX *ctx, int priv, EVP_PKEY *pkey) -{ - if (ctx == NULL) { - ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); - return 0; - } - - EVP_PKEY_free(ctx->newPkey); - ctx->newPkey = pkey; - ctx->newPkey_priv = priv; - return 1; -} - -/* Get the private/public key to use for cert enrollment, or NULL on error */ -EVP_PKEY *OSSL_CMP_CTX_get0_newPkey(const OSSL_CMP_CTX *ctx, int priv) -{ - if (ctx == NULL) { - ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); - return NULL; - } - - if (ctx->newPkey != NULL) - return priv && !ctx->newPkey_priv ? NULL : ctx->newPkey; - if (ctx->p10CSR != NULL) - return priv ? NULL : X509_REQ_get0_pubkey(ctx->p10CSR); - return ctx->pkey; /* may be NULL */ -} - -/* Set the given transactionID to the context */ -int OSSL_CMP_CTX_set1_transactionID(OSSL_CMP_CTX *ctx, - const ASN1_OCTET_STRING *id) -{ - if (ctx == NULL) { - ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); - return 0; - } - return ossl_cmp_asn1_octet_string_set1(&ctx->transactionID, id); -} - -/* Set the nonce to be used for the recipNonce in the message created next */ -int ossl_cmp_ctx_set1_recipNonce(OSSL_CMP_CTX *ctx, - const ASN1_OCTET_STRING *nonce) -{ - if (!ossl_assert(ctx != NULL)) - return 0; - return ossl_cmp_asn1_octet_string_set1(&ctx->recipNonce, nonce); -} - -/* Stores the given nonce as the last senderNonce sent out */ -int OSSL_CMP_CTX_set1_senderNonce(OSSL_CMP_CTX *ctx, - const ASN1_OCTET_STRING *nonce) -{ - if (ctx == NULL) { - ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); - return 0; - } - return ossl_cmp_asn1_octet_string_set1(&ctx->senderNonce, nonce); -} - -/* Set the proxy server to use for HTTP(S) connections */ -DEFINE_OSSL_CMP_CTX_set1(proxy, char) - -/* Set the (HTTP) host name of the CMP server */ -DEFINE_OSSL_CMP_CTX_set1(server, char) - -/* Set the server exclusion list of the HTTP proxy server */ -DEFINE_OSSL_CMP_CTX_set1(no_proxy, char) - -/* Set the http connect/disconnect callback function to be used for HTTP(S) */ -int OSSL_CMP_CTX_set_http_cb(OSSL_CMP_CTX *ctx, OSSL_HTTP_bio_cb_t cb) -{ - if (ctx == NULL) { - ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); - return 0; - } - ctx->http_cb = cb; - return 1; -} - -/* Set argument optionally to be used by the http connect/disconnect callback */ -int OSSL_CMP_CTX_set_http_cb_arg(OSSL_CMP_CTX *ctx, void *arg) -{ - if (ctx == NULL) { - ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); - return 0; - } - ctx->http_cb_arg = arg; - return 1; -} - -/* - * Get argument optionally to be used by the http connect/disconnect callback - * Returns callback argument set previously (NULL if not set or on error) - */ -void *OSSL_CMP_CTX_get_http_cb_arg(const OSSL_CMP_CTX *ctx) -{ - if (ctx == NULL) { - ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); - return NULL; - } - return ctx->http_cb_arg; -} - -/* Set callback function for sending CMP request and receiving response */ -int OSSL_CMP_CTX_set_transfer_cb(OSSL_CMP_CTX *ctx, OSSL_CMP_transfer_cb_t cb) -{ - if (ctx == NULL) { - ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); - return 0; - } - ctx->transfer_cb = cb; - return 1; -} - -/* Set argument optionally to be used by the transfer callback */ -int OSSL_CMP_CTX_set_transfer_cb_arg(OSSL_CMP_CTX *ctx, void *arg) -{ - if (ctx == NULL) { - ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); - return 0; - } - ctx->transfer_cb_arg = arg; - return 1; -} - -/* - * Get argument optionally to be used by the transfer callback. - * Returns callback argument set previously (NULL if not set or on error) - */ -void *OSSL_CMP_CTX_get_transfer_cb_arg(const OSSL_CMP_CTX *ctx) -{ - if (ctx == NULL) { - ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); - return NULL; - } - return ctx->transfer_cb_arg; -} - -/** Set the HTTP server port to be used */ -int OSSL_CMP_CTX_set_serverPort(OSSL_CMP_CTX *ctx, int port) -{ - if (ctx == NULL) { - ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); - return 0; - } - ctx->serverPort = port; - return 1; -} - -/* Set the HTTP path to be used on the server (e.g "pkix/") */ -DEFINE_OSSL_CMP_CTX_set1(serverPath, char) - -/* Set the failInfo error code as bit encoding in OSSL_CMP_CTX */ -int ossl_cmp_ctx_set_failInfoCode(OSSL_CMP_CTX *ctx, int fail_info) -{ - if (!ossl_assert(ctx != NULL)) - return 0; - ctx->failInfoCode = fail_info; - return 1; -} - -/* - * Get the failInfo error code in OSSL_CMP_CTX as bit encoding. - * Returns bit string as integer on success, -1 on error - */ -int OSSL_CMP_CTX_get_failInfoCode(const OSSL_CMP_CTX *ctx) -{ - if (ctx == NULL) { - ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); - return -1; - } - return ctx->failInfoCode; -} - -/* Set a Boolean or integer option of the context to the "val" arg */ -int OSSL_CMP_CTX_set_option(OSSL_CMP_CTX *ctx, int opt, int val) -{ - int min_val; - - if (ctx == NULL) { - ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); - return 0; - } - - switch (opt) { - case OSSL_CMP_OPT_REVOCATION_REASON: - min_val = OCSP_REVOKED_STATUS_NOSTATUS; - break; - case OSSL_CMP_OPT_POPO_METHOD: - min_val = OSSL_CRMF_POPO_NONE; - break; - default: - min_val = 0; - break; - } - if (val < min_val) { - ERR_raise(ERR_LIB_CMP, CMP_R_VALUE_TOO_SMALL); - return 0; - } - - switch (opt) { - case OSSL_CMP_OPT_LOG_VERBOSITY: - if (val > OSSL_CMP_LOG_MAX) { - ERR_raise(ERR_LIB_CMP, CMP_R_VALUE_TOO_LARGE); - return 0; - } - ctx->log_verbosity = val; - break; - case OSSL_CMP_OPT_IMPLICIT_CONFIRM: - ctx->implicitConfirm = val; - break; - case OSSL_CMP_OPT_DISABLE_CONFIRM: - ctx->disableConfirm = val; - break; - case OSSL_CMP_OPT_UNPROTECTED_SEND: - ctx->unprotectedSend = val; - break; - case OSSL_CMP_OPT_UNPROTECTED_ERRORS: - ctx->unprotectedErrors = val; - break; - case OSSL_CMP_OPT_VALIDITY_DAYS: - ctx->days = val; - break; - case OSSL_CMP_OPT_SUBJECTALTNAME_NODEFAULT: - ctx->SubjectAltName_nodefault = val; - break; - case OSSL_CMP_OPT_SUBJECTALTNAME_CRITICAL: - ctx->setSubjectAltNameCritical = val; - break; - case OSSL_CMP_OPT_POLICIES_CRITICAL: - ctx->setPoliciesCritical = val; - break; - case OSSL_CMP_OPT_IGNORE_KEYUSAGE: - ctx->ignore_keyusage = val; - break; - case OSSL_CMP_OPT_POPO_METHOD: - if (val > OSSL_CRMF_POPO_KEYAGREE) { - ERR_raise(ERR_LIB_CMP, CMP_R_VALUE_TOO_LARGE); - return 0; - } - ctx->popoMethod = val; - break; - case OSSL_CMP_OPT_DIGEST_ALGNID: - if (!cmp_ctx_set_md(ctx, &ctx->digest, val)) - return 0; - break; - case OSSL_CMP_OPT_OWF_ALGNID: - if (!cmp_ctx_set_md(ctx, &ctx->pbm_owf, val)) - return 0; - break; - case OSSL_CMP_OPT_MAC_ALGNID: - ctx->pbm_mac = val; - break; - case OSSL_CMP_OPT_KEEP_ALIVE: - ctx->keep_alive = val; - break; - case OSSL_CMP_OPT_MSG_TIMEOUT: - ctx->msg_timeout = val; - break; - case OSSL_CMP_OPT_TOTAL_TIMEOUT: - ctx->total_timeout = val; - break; - case OSSL_CMP_OPT_PERMIT_TA_IN_EXTRACERTS_FOR_IR: - ctx->permitTAInExtraCertsForIR = val; - break; - case OSSL_CMP_OPT_REVOCATION_REASON: - if (val > OCSP_REVOKED_STATUS_AACOMPROMISE) { - ERR_raise(ERR_LIB_CMP, CMP_R_VALUE_TOO_LARGE); - return 0; - } - ctx->revocationReason = val; - break; - default: - ERR_raise(ERR_LIB_CMP, CMP_R_INVALID_OPTION); - return 0; - } - - return 1; -} - -/* - * Reads a Boolean or integer option value from the context. - * Returns -1 on error (which is the default OSSL_CMP_OPT_REVOCATION_REASON) - */ -int OSSL_CMP_CTX_get_option(const OSSL_CMP_CTX *ctx, int opt) -{ - if (ctx == NULL) { - ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); - return -1; - } - - switch (opt) { - case OSSL_CMP_OPT_LOG_VERBOSITY: - return ctx->log_verbosity; - case OSSL_CMP_OPT_IMPLICIT_CONFIRM: - return ctx->implicitConfirm; - case OSSL_CMP_OPT_DISABLE_CONFIRM: - return ctx->disableConfirm; - case OSSL_CMP_OPT_UNPROTECTED_SEND: - return ctx->unprotectedSend; - case OSSL_CMP_OPT_UNPROTECTED_ERRORS: - return ctx->unprotectedErrors; - case OSSL_CMP_OPT_VALIDITY_DAYS: - return ctx->days; - case OSSL_CMP_OPT_SUBJECTALTNAME_NODEFAULT: - return ctx->SubjectAltName_nodefault; - case OSSL_CMP_OPT_SUBJECTALTNAME_CRITICAL: - return ctx->setSubjectAltNameCritical; - case OSSL_CMP_OPT_POLICIES_CRITICAL: - return ctx->setPoliciesCritical; - case OSSL_CMP_OPT_IGNORE_KEYUSAGE: - return ctx->ignore_keyusage; - case OSSL_CMP_OPT_POPO_METHOD: - return ctx->popoMethod; - case OSSL_CMP_OPT_DIGEST_ALGNID: - return EVP_MD_get_type(ctx->digest); - case OSSL_CMP_OPT_OWF_ALGNID: - return EVP_MD_get_type(ctx->pbm_owf); - case OSSL_CMP_OPT_MAC_ALGNID: - return ctx->pbm_mac; - case OSSL_CMP_OPT_KEEP_ALIVE: - return ctx->keep_alive; - case OSSL_CMP_OPT_MSG_TIMEOUT: - return ctx->msg_timeout; - case OSSL_CMP_OPT_TOTAL_TIMEOUT: - return ctx->total_timeout; - case OSSL_CMP_OPT_PERMIT_TA_IN_EXTRACERTS_FOR_IR: - return ctx->permitTAInExtraCertsForIR; - case OSSL_CMP_OPT_REVOCATION_REASON: - return ctx->revocationReason; - default: - ERR_raise(ERR_LIB_CMP, CMP_R_INVALID_OPTION); - return -1; - } -} diff --git a/crypto/cmp/cmp_err.c b/crypto/cmp/cmp_err.c deleted file mode 100644 index 67d9964dbe224a5f4369c3d52ad30a71db972a90..0000000000000000000000000000000000000000 --- a/crypto/cmp/cmp_err.c +++ /dev/null @@ -1,175 +0,0 @@ -/* - * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include "crypto/cmperr.h" - -#ifndef OPENSSL_NO_CMP - -# ifndef OPENSSL_NO_ERR - -static const ERR_STRING_DATA CMP_str_reasons[] = { - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_ALGORITHM_NOT_SUPPORTED), - "algorithm not supported"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_BAD_CHECKAFTER_IN_POLLREP), - "bad checkafter in pollrep"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_BAD_REQUEST_ID), "bad request id"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_CERTHASH_UNMATCHED), "certhash unmatched"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_CERTID_NOT_FOUND), "certid not found"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_CERTIFICATE_NOT_ACCEPTED), - "certificate not accepted"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_CERTIFICATE_NOT_FOUND), - "certificate not found"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_CERTREQMSG_NOT_FOUND), - "certreqmsg not found"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_CERTRESPONSE_NOT_FOUND), - "certresponse not found"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_CERT_AND_KEY_DO_NOT_MATCH), - "cert and key do not match"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_CHECKAFTER_OUT_OF_RANGE), - "checkafter out of range"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_ENCOUNTERED_KEYUPDATEWARNING), - "encountered keyupdatewarning"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_ENCOUNTERED_WAITING), - "encountered waiting"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_ERROR_CALCULATING_PROTECTION), - "error calculating protection"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_ERROR_CREATING_CERTCONF), - "error creating certconf"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_ERROR_CREATING_CERTREP), - "error creating certrep"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_ERROR_CREATING_CERTREQ), - "error creating certreq"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_ERROR_CREATING_ERROR), - "error creating error"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_ERROR_CREATING_GENM), - "error creating genm"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_ERROR_CREATING_GENP), - "error creating genp"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_ERROR_CREATING_PKICONF), - "error creating pkiconf"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_ERROR_CREATING_POLLREP), - "error creating pollrep"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_ERROR_CREATING_POLLREQ), - "error creating pollreq"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_ERROR_CREATING_RP), "error creating rp"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_ERROR_CREATING_RR), "error creating rr"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_ERROR_PARSING_PKISTATUS), - "error parsing pkistatus"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_ERROR_PROCESSING_MESSAGE), - "error processing message"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_ERROR_PROTECTING_MESSAGE), - "error protecting message"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_ERROR_SETTING_CERTHASH), - "error setting certhash"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_ERROR_UNEXPECTED_CERTCONF), - "error unexpected certconf"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_ERROR_VALIDATING_PROTECTION), - "error validating protection"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_ERROR_VALIDATING_SIGNATURE), - "error validating signature"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_FAILED_BUILDING_OWN_CHAIN), - "failed building own chain"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_FAILED_EXTRACTING_PUBKEY), - "failed extracting pubkey"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_FAILURE_OBTAINING_RANDOM), - "failure obtaining random"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_FAIL_INFO_OUT_OF_RANGE), - "fail info out of range"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_INVALID_ARGS), "invalid args"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_INVALID_OPTION), "invalid option"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_MISSING_CERTID), "missing certid"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_MISSING_KEY_INPUT_FOR_CREATING_PROTECTION), - "missing key input for creating protection"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_MISSING_KEY_USAGE_DIGITALSIGNATURE), - "missing key usage digitalsignature"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_MISSING_P10CSR), "missing p10csr"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_MISSING_PBM_SECRET), "missing pbm secret"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_MISSING_PRIVATE_KEY), - "missing private key"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_MISSING_PROTECTION), "missing protection"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_MISSING_REFERENCE_CERT), - "missing reference cert"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_MISSING_SENDER_IDENTIFICATION), - "missing sender identification"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_MISSING_TRUST_STORE), - "missing trust store"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_MULTIPLE_REQUESTS_NOT_SUPPORTED), - "multiple requests not supported"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_MULTIPLE_RESPONSES_NOT_SUPPORTED), - "multiple responses not supported"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_MULTIPLE_SAN_SOURCES), - "multiple san sources"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_NO_STDIO), "no stdio"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_NO_SUITABLE_SENDER_CERT), - "no suitable sender cert"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_NULL_ARGUMENT), "null argument"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_PKIBODY_ERROR), "pkibody error"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_PKISTATUSINFO_NOT_FOUND), - "pkistatusinfo not found"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_POLLING_FAILED), "polling failed"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_POTENTIALLY_INVALID_CERTIFICATE), - "potentially invalid certificate"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_RECEIVED_ERROR), "received error"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_RECIPNONCE_UNMATCHED), - "recipnonce unmatched"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_REQUEST_NOT_ACCEPTED), - "request not accepted"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_REQUEST_REJECTED_BY_SERVER), - "request rejected by server"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_SENDER_GENERALNAME_TYPE_NOT_SUPPORTED), - "sender generalname type not supported"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_SRVCERT_DOES_NOT_VALIDATE_MSG), - "srvcert does not validate msg"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_TOTAL_TIMEOUT), "total timeout"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_TRANSACTIONID_UNMATCHED), - "transactionid unmatched"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_TRANSFER_ERROR), "transfer error"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_UNEXPECTED_PKIBODY), "unexpected pkibody"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_UNEXPECTED_PKISTATUS), - "unexpected pkistatus"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_UNEXPECTED_PVNO), "unexpected pvno"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_UNKNOWN_ALGORITHM_ID), - "unknown algorithm id"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_UNKNOWN_CERT_TYPE), "unknown cert type"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_UNKNOWN_PKISTATUS), "unknown pkistatus"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_UNSUPPORTED_ALGORITHM), - "unsupported algorithm"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_UNSUPPORTED_KEY_TYPE), - "unsupported key type"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_UNSUPPORTED_PROTECTION_ALG_DHBASEDMAC), - "unsupported protection alg dhbasedmac"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_VALUE_TOO_LARGE), "value too large"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_VALUE_TOO_SMALL), "value too small"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_WRONG_ALGORITHM_OID), - "wrong algorithm oid"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_WRONG_CERTID), "wrong certid"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_WRONG_CERTID_IN_RP), "wrong certid in rp"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_WRONG_PBM_VALUE), "wrong pbm value"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_WRONG_RP_COMPONENT_COUNT), - "wrong rp component count"}, - {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_WRONG_SERIAL_IN_RP), "wrong serial in rp"}, - {0, NULL} -}; - -# endif - -int ossl_err_load_CMP_strings(void) -{ -# ifndef OPENSSL_NO_ERR - if (ERR_reason_error_string(CMP_str_reasons[0].error) == NULL) - ERR_load_strings_const(CMP_str_reasons); -# endif - return 1; -} -#else -NON_EMPTY_TRANSLATION_UNIT -#endif diff --git a/crypto/cmp/cmp_hdr.c b/crypto/cmp/cmp_hdr.c deleted file mode 100644 index 8c553af61a53283fd695563c4b9d92881b3448ff..0000000000000000000000000000000000000000 --- a/crypto/cmp/cmp_hdr.c +++ /dev/null @@ -1,369 +0,0 @@ -/* - * Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved. - * Copyright Nokia 2007-2019 - * Copyright Siemens AG 2015-2019 - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* CMP functions for PKIHeader handling */ - -#include "cmp_local.h" - -#include - -/* explicit #includes not strictly needed since implied by the above: */ -#include -#include -#include - -int ossl_cmp_hdr_set_pvno(OSSL_CMP_PKIHEADER *hdr, int pvno) -{ - if (!ossl_assert(hdr != NULL)) - return 0; - return ASN1_INTEGER_set(hdr->pvno, pvno); -} - -int ossl_cmp_hdr_get_pvno(const OSSL_CMP_PKIHEADER *hdr) -{ - int64_t pvno; - - if (!ossl_assert(hdr != NULL)) - return -1; - if (!ASN1_INTEGER_get_int64(&pvno, hdr->pvno) || pvno < 0 || pvno > INT_MAX) - return -1; - return (int)pvno; -} - -int ossl_cmp_hdr_get_protection_nid(const OSSL_CMP_PKIHEADER *hdr) -{ - if (!ossl_assert(hdr != NULL) - || hdr->protectionAlg == NULL) - return NID_undef; - return OBJ_obj2nid(hdr->protectionAlg->algorithm); -} - -ASN1_OCTET_STRING *OSSL_CMP_HDR_get0_transactionID(const - OSSL_CMP_PKIHEADER *hdr) -{ - if (hdr == NULL) { - ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); - return NULL; - } - return hdr->transactionID; -} - -ASN1_OCTET_STRING *ossl_cmp_hdr_get0_senderNonce(const OSSL_CMP_PKIHEADER *hdr) -{ - if (!ossl_assert(hdr != NULL)) - return NULL; - return hdr->senderNonce; -} - -ASN1_OCTET_STRING *OSSL_CMP_HDR_get0_recipNonce(const OSSL_CMP_PKIHEADER *hdr) -{ - if (hdr == NULL) { - ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); - return NULL; - } - return hdr->recipNonce; -} - -/* a NULL-DN as an empty sequence of RDNs */ -int ossl_cmp_general_name_is_NULL_DN(GENERAL_NAME *name) -{ - return name == NULL - || (name->type == GEN_DIRNAME && IS_NULL_DN(name->d.directoryName)); -} - -/* assign to *tgt a copy of src (which may be NULL to indicate an empty DN) */ -static int set1_general_name(GENERAL_NAME **tgt, const X509_NAME *src) -{ - GENERAL_NAME *name; - - if (!ossl_assert(tgt != NULL)) - return 0; - if ((name = GENERAL_NAME_new()) == NULL) - goto err; - name->type = GEN_DIRNAME; - - if (src == NULL) { /* NULL-DN */ - if ((name->d.directoryName = X509_NAME_new()) == NULL) - goto err; - } else if (!X509_NAME_set(&name->d.directoryName, src)) { - goto err; - } - - GENERAL_NAME_free(*tgt); - *tgt = name; - - return 1; - - err: - GENERAL_NAME_free(name); - return 0; -} - -/* - * Set the sender name in PKIHeader. - * when nm is NULL, sender is set to an empty string - * returns 1 on success, 0 on error - */ -int ossl_cmp_hdr_set1_sender(OSSL_CMP_PKIHEADER *hdr, const X509_NAME *nm) -{ - if (!ossl_assert(hdr != NULL)) - return 0; - return set1_general_name(&hdr->sender, nm); -} - -int ossl_cmp_hdr_set1_recipient(OSSL_CMP_PKIHEADER *hdr, const X509_NAME *nm) -{ - if (!ossl_assert(hdr != NULL)) - return 0; - return set1_general_name(&hdr->recipient, nm); -} - -int ossl_cmp_hdr_update_messageTime(OSSL_CMP_PKIHEADER *hdr) -{ - if (!ossl_assert(hdr != NULL)) - return 0; - if (hdr->messageTime == NULL - && (hdr->messageTime = ASN1_GENERALIZEDTIME_new()) == NULL) - return 0; - return ASN1_GENERALIZEDTIME_set(hdr->messageTime, time(NULL)) != NULL; -} - -/* assign to *tgt a random byte array of given length */ -static int set_random(ASN1_OCTET_STRING **tgt, OSSL_CMP_CTX *ctx, size_t len) -{ - unsigned char *bytes = OPENSSL_malloc(len); - int res = 0; - - if (bytes == NULL || RAND_bytes_ex(ctx->libctx, bytes, len, 0) <= 0) - ERR_raise(ERR_LIB_CMP, CMP_R_FAILURE_OBTAINING_RANDOM); - else - res = ossl_cmp_asn1_octet_string_set1_bytes(tgt, bytes, len); - OPENSSL_free(bytes); - return res; -} - -int ossl_cmp_hdr_set1_senderKID(OSSL_CMP_PKIHEADER *hdr, - const ASN1_OCTET_STRING *senderKID) -{ - if (!ossl_assert(hdr != NULL)) - return 0; - return ossl_cmp_asn1_octet_string_set1(&hdr->senderKID, senderKID); -} - -/* push the given text string to the given PKIFREETEXT ft */ -int ossl_cmp_hdr_push0_freeText(OSSL_CMP_PKIHEADER *hdr, ASN1_UTF8STRING *text) -{ - if (!ossl_assert(hdr != NULL && text != NULL)) - return 0; - - if (hdr->freeText == NULL - && (hdr->freeText = sk_ASN1_UTF8STRING_new_null()) == NULL) - return 0; - - return sk_ASN1_UTF8STRING_push(hdr->freeText, text); -} - -int ossl_cmp_hdr_push1_freeText(OSSL_CMP_PKIHEADER *hdr, ASN1_UTF8STRING *text) -{ - if (!ossl_assert(hdr != NULL && text != NULL)) - return 0; - - if (hdr->freeText == NULL - && (hdr->freeText = sk_ASN1_UTF8STRING_new_null()) == NULL) - return 0; - - return - ossl_cmp_sk_ASN1_UTF8STRING_push_str(hdr->freeText, (char *)text->data, - text->length); -} - -int ossl_cmp_hdr_generalInfo_push0_item(OSSL_CMP_PKIHEADER *hdr, - OSSL_CMP_ITAV *itav) -{ - if (!ossl_assert(hdr != NULL && itav != NULL)) - return 0; - return OSSL_CMP_ITAV_push0_stack_item(&hdr->generalInfo, itav); -} - -int ossl_cmp_hdr_generalInfo_push1_items(OSSL_CMP_PKIHEADER *hdr, - const STACK_OF(OSSL_CMP_ITAV) *itavs) -{ - int i; - OSSL_CMP_ITAV *itav; - - if (!ossl_assert(hdr != NULL)) - return 0; - - for (i = 0; i < sk_OSSL_CMP_ITAV_num(itavs); i++) { - itav = OSSL_CMP_ITAV_dup(sk_OSSL_CMP_ITAV_value(itavs, i)); - if (itav == NULL) - return 0; - - if (!ossl_cmp_hdr_generalInfo_push0_item(hdr, itav)) { - OSSL_CMP_ITAV_free(itav); - return 0; - } - } - return 1; -} - -int ossl_cmp_hdr_set_implicitConfirm(OSSL_CMP_PKIHEADER *hdr) -{ - OSSL_CMP_ITAV *itav; - ASN1_TYPE *asn1null; - - if (!ossl_assert(hdr != NULL)) - return 0; - asn1null = (ASN1_TYPE *)ASN1_NULL_new(); - if (asn1null == NULL) - return 0; - if ((itav = OSSL_CMP_ITAV_create(OBJ_nid2obj(NID_id_it_implicitConfirm), - asn1null)) == NULL) - goto err; - if (!ossl_cmp_hdr_generalInfo_push0_item(hdr, itav)) - goto err; - return 1; - - err: - ASN1_TYPE_free(asn1null); - OSSL_CMP_ITAV_free(itav); - return 0; -} - -/* return 1 if implicitConfirm in the generalInfo field of the header is set */ -int ossl_cmp_hdr_has_implicitConfirm(const OSSL_CMP_PKIHEADER *hdr) -{ - int itavCount; - int i; - OSSL_CMP_ITAV *itav; - - if (!ossl_assert(hdr != NULL)) - return 0; - - itavCount = sk_OSSL_CMP_ITAV_num(hdr->generalInfo); - for (i = 0; i < itavCount; i++) { - itav = sk_OSSL_CMP_ITAV_value(hdr->generalInfo, i); - if (itav != NULL - && OBJ_obj2nid(itav->infoType) == NID_id_it_implicitConfirm) - return 1; - } - - return 0; -} - -/* - * set ctx->transactionID in CMP header - * if ctx->transactionID is NULL, a random one is created with 128 bit - * according to section 5.1.1: - * - * It is RECOMMENDED that the clients fill the transactionID field with - * 128 bits of (pseudo-) random data for the start of a transaction to - * reduce the probability of having the transactionID in use at the server. - */ -int ossl_cmp_hdr_set_transactionID(OSSL_CMP_CTX *ctx, OSSL_CMP_PKIHEADER *hdr) -{ - if (ctx->transactionID == NULL) { - char *tid; - - if (!set_random(&ctx->transactionID, ctx, - OSSL_CMP_TRANSACTIONID_LENGTH)) - return 0; - tid = OPENSSL_buf2hexstr(ctx->transactionID->data, - ctx->transactionID->length); - if (tid != NULL) - ossl_cmp_log1(DEBUG, ctx, - "Starting new transaction with ID=%s", tid); - OPENSSL_free(tid); - } - - return ossl_cmp_asn1_octet_string_set1(&hdr->transactionID, - ctx->transactionID); -} - -/* fill in all fields of the hdr according to the info given in ctx */ -int ossl_cmp_hdr_init(OSSL_CMP_CTX *ctx, OSSL_CMP_PKIHEADER *hdr) -{ - const X509_NAME *sender; - const X509_NAME *rcp = NULL; - - if (!ossl_assert(ctx != NULL && hdr != NULL)) - return 0; - - /* set the CMP version */ - if (!ossl_cmp_hdr_set_pvno(hdr, OSSL_CMP_PVNO)) - return 0; - - /* - * If neither protection cert nor oldCert nor subject are given, - * sender name is not known to the client and thus set to NULL-DN - */ - sender = ctx->cert != NULL ? X509_get_subject_name(ctx->cert) : - ctx->oldCert != NULL ? X509_get_subject_name(ctx->oldCert) : - ctx->subjectName; - if (!ossl_cmp_hdr_set1_sender(hdr, sender)) - return 0; - - /* determine recipient entry in PKIHeader */ - if (ctx->recipient != NULL) - rcp = ctx->recipient; - else if (ctx->srvCert != NULL) - rcp = X509_get_subject_name(ctx->srvCert); - else if (ctx->issuer != NULL) - rcp = ctx->issuer; - else if (ctx->oldCert != NULL) - rcp = X509_get_issuer_name(ctx->oldCert); - else if (ctx->cert != NULL) - rcp = X509_get_issuer_name(ctx->cert); - if (!ossl_cmp_hdr_set1_recipient(hdr, rcp)) - return 0; - - /* set current time as message time */ - if (!ossl_cmp_hdr_update_messageTime(hdr)) - return 0; - - if (ctx->recipNonce != NULL - && !ossl_cmp_asn1_octet_string_set1(&hdr->recipNonce, - ctx->recipNonce)) - return 0; - - if (!ossl_cmp_hdr_set_transactionID(ctx, hdr)) - return 0; - - /*- - * set random senderNonce - * according to section 5.1.1: - * - * senderNonce present - * -- 128 (pseudo-)random bits - * The senderNonce and recipNonce fields protect the PKIMessage against - * replay attacks. The senderNonce will typically be 128 bits of - * (pseudo-) random data generated by the sender, whereas the recipNonce - * is copied from the senderNonce of the previous message in the - * transaction. - */ - if (!set_random(&hdr->senderNonce, ctx, OSSL_CMP_SENDERNONCE_LENGTH)) - return 0; - - /* store senderNonce - for cmp with recipNonce in next outgoing msg */ - if (!OSSL_CMP_CTX_set1_senderNonce(ctx, hdr->senderNonce)) - return 0; - - /*- - * freeText [7] PKIFreeText OPTIONAL, - * -- this may be used to indicate context-specific instructions - * -- (this field is intended for human consumption) - */ - if (ctx->freeText != NULL - && !ossl_cmp_hdr_push1_freeText(hdr, ctx->freeText)) - return 0; - - return 1; -} diff --git a/crypto/cmp/cmp_http.c b/crypto/cmp/cmp_http.c deleted file mode 100644 index d29bfa8674adad4689e3d91fb0d4e3e046befdd0..0000000000000000000000000000000000000000 --- a/crypto/cmp/cmp_http.c +++ /dev/null @@ -1,106 +0,0 @@ -/* - * Copyright 2007-2022 The OpenSSL Project Authors. All Rights Reserved. - * Copyright Nokia 2007-2019 - * Copyright Siemens AG 2015-2019 - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include - -#include -#include -#include "internal/sockets.h" - -#include -#include "cmp_local.h" - -/* explicit #includes not strictly needed since implied by the above: */ -#include -#include -#include -#include -#include -#include -#include - -static int keep_alive(int keep_alive, int body_type) -{ - if (keep_alive != 0 - /* - * Ask for persistent connection only if may need more round trips. - * Do so even with disableConfirm because polling might be needed. - */ - && body_type != OSSL_CMP_PKIBODY_IR - && body_type != OSSL_CMP_PKIBODY_CR - && body_type != OSSL_CMP_PKIBODY_P10CR - && body_type != OSSL_CMP_PKIBODY_KUR - && body_type != OSSL_CMP_PKIBODY_POLLREQ) - keep_alive = 0; - return keep_alive; -} - -/* - * Send the PKIMessage req and on success return the response, else NULL. - * Any previous error queue entries will likely be removed by ERR_clear_error(). - */ -OSSL_CMP_MSG *OSSL_CMP_MSG_http_perform(OSSL_CMP_CTX *ctx, - const OSSL_CMP_MSG *req) -{ - char server_port[32] = { '\0' }; - STACK_OF(CONF_VALUE) *headers = NULL; - const char content_type_pkix[] = "application/pkixcmp"; - int tls_used; - const ASN1_ITEM *it = ASN1_ITEM_rptr(OSSL_CMP_MSG); - BIO *req_mem, *rsp; - OSSL_CMP_MSG *res = NULL; - - if (ctx == NULL || req == NULL) { - ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); - return NULL; - } - - if (!X509V3_add_value("Pragma", "no-cache", &headers)) - return NULL; - if ((req_mem = ASN1_item_i2d_mem_bio(it, (const ASN1_VALUE *)req)) == NULL) - goto err; - - if (ctx->serverPort != 0) - BIO_snprintf(server_port, sizeof(server_port), "%d", ctx->serverPort); - tls_used = OSSL_CMP_CTX_get_http_cb_arg(ctx) != NULL; - if (ctx->http_ctx == NULL) - ossl_cmp_log3(DEBUG, ctx, "connecting to CMP server %s:%s%s", - ctx->server, server_port, tls_used ? " using TLS" : ""); - - rsp = OSSL_HTTP_transfer(&ctx->http_ctx, ctx->server, server_port, - ctx->serverPath, tls_used, - ctx->proxy, ctx->no_proxy, - NULL /* bio */, NULL /* rbio */, - ctx->http_cb, OSSL_CMP_CTX_get_http_cb_arg(ctx), - 0 /* buf_size */, headers, - content_type_pkix, req_mem, - content_type_pkix, 1 /* expect_asn1 */, - OSSL_HTTP_DEFAULT_MAX_RESP_LEN, - ctx->msg_timeout, - keep_alive(ctx->keep_alive, req->body->type)); - BIO_free(req_mem); - res = (OSSL_CMP_MSG *)ASN1_item_d2i_bio(it, rsp, NULL); - BIO_free(rsp); - - if (ctx->http_ctx == NULL) - ossl_cmp_debug(ctx, "disconnected from CMP server"); - /* - * Note that on normal successful end of the transaction the connection - * is not closed at this level, but this will be done by the CMP client - * application via OSSL_CMP_CTX_free() or OSSL_CMP_CTX_reinit(). - */ - if (res != NULL) - ossl_cmp_debug(ctx, "finished reading response from CMP server"); - err: - sk_CONF_VALUE_pop_free(headers, X509V3_conf_free); - return res; -} diff --git a/crypto/cmp/cmp_local.h b/crypto/cmp/cmp_local.h deleted file mode 100644 index 3da021043b81f0610a50e080def70d37a8c3f20f..0000000000000000000000000000000000000000 --- a/crypto/cmp/cmp_local.h +++ /dev/null @@ -1,930 +0,0 @@ -/* - * Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved. - * Copyright Nokia 2007-2019 - * Copyright Siemens AG 2015-2019 - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#ifndef OSSL_CRYPTO_CMP_LOCAL_H -# define OSSL_CRYPTO_CMP_LOCAL_H - -# include "internal/cryptlib.h" - -# include -# include - -/* explicit #includes not strictly needed since implied by the above: */ -# include -# include -# include -# include -# include -# include "crypto/x509.h" - -#define IS_NULL_DN(name) (X509_NAME_get_entry(name, 0) == NULL) - -/* - * this structure is used to store the context for CMP sessions - */ -struct ossl_cmp_ctx_st { - OSSL_LIB_CTX *libctx; - char *propq; - OSSL_CMP_log_cb_t log_cb; /* log callback for error/debug/etc. output */ - OSSL_CMP_severity log_verbosity; /* level of verbosity of log output */ - - /* message transfer */ - OSSL_CMP_transfer_cb_t transfer_cb; /* default: OSSL_CMP_MSG_http_perform */ - void *transfer_cb_arg; /* allows to store optional argument to cb */ - /* HTTP-based transfer */ - OSSL_HTTP_REQ_CTX *http_ctx; - char *serverPath; - char *server; - int serverPort; - char *proxy; - char *no_proxy; - int keep_alive; /* persistent connection: 0=no, 1=prefer, 2=require */ - int msg_timeout; /* max seconds to wait for each CMP message round trip */ - int total_timeout; /* max number of seconds an enrollment may take, incl. */ - /* attempts polling for a response if a 'waiting' PKIStatus is received */ - time_t end_time; /* session start time + totaltimeout */ - OSSL_HTTP_bio_cb_t http_cb; - void *http_cb_arg; /* allows to store optional argument to cb */ - - /* server authentication */ - /* - * unprotectedErrors may be set as workaround for broken server responses: - * accept missing or invalid protection of regular error messages, negative - * certificate responses (ip/cp/kup), revocation responses (rp), and PKIConf - */ - int unprotectedErrors; - X509 *srvCert; /* certificate used to identify the server */ - X509 *validatedSrvCert; /* caches any already validated server cert */ - X509_NAME *expected_sender; /* expected sender in header of response */ - X509_STORE *trusted; /* trust store maybe w CRLs and cert verify callback */ - STACK_OF(X509) *untrusted; /* untrusted (intermediate CA) certs */ - int ignore_keyusage; /* ignore key usage entry when validating certs */ - /* - * permitTAInExtraCertsForIR allows use of root certs in extracerts - * when validating message protection; this is used for 3GPP-style E.7 - */ - int permitTAInExtraCertsForIR; - - /* client authentication */ - int unprotectedSend; /* send unprotected PKI messages */ - X509 *cert; /* protection cert used to identify and sign for MSG_SIG_ALG */ - STACK_OF(X509) *chain; /* (cached) chain of protection cert including it */ - EVP_PKEY *pkey; /* the key pair corresponding to cert */ - ASN1_OCTET_STRING *referenceValue; /* optional user name for MSG_MAC_ALG */ - ASN1_OCTET_STRING *secretValue; /* password/shared secret for MSG_MAC_ALG */ - /* PBMParameters for MSG_MAC_ALG */ - size_t pbm_slen; /* salt length, currently fixed to 16 */ - EVP_MD *pbm_owf; /* one-way function (OWF), default: SHA256 */ - int pbm_itercnt; /* OWF iteration count, currently fixed to 500 */ - int pbm_mac; /* NID of MAC algorithm, default: HMAC-SHA1 as per RFC 4210 */ - - /* CMP message header and extra certificates */ - X509_NAME *recipient; /* to set in recipient in pkiheader */ - EVP_MD *digest; /* digest used in MSG_SIG_ALG and POPO, default SHA256 */ - ASN1_OCTET_STRING *transactionID; /* the current transaction ID */ - ASN1_OCTET_STRING *senderNonce; /* last nonce sent */ - ASN1_OCTET_STRING *recipNonce; /* last nonce received */ - ASN1_UTF8STRING *freeText; /* optional string to include each msg */ - STACK_OF(OSSL_CMP_ITAV) *geninfo_ITAVs; - int implicitConfirm; /* set implicitConfirm in IR/KUR/CR messages */ - int disableConfirm; /* disable certConf in IR/KUR/CR for broken servers */ - STACK_OF(X509) *extraCertsOut; /* to be included in request messages */ - - /* certificate template */ - EVP_PKEY *newPkey; /* explicit new private/public key for cert enrollment */ - int newPkey_priv; /* flag indicating if newPkey contains private key */ - X509_NAME *issuer; /* issuer name to used in cert template */ - int days; /* Number of days new certificates are asked to be valid for */ - X509_NAME *subjectName; /* subject name to be used in cert template */ - STACK_OF(GENERAL_NAME) *subjectAltNames; /* to add to the cert template */ - int SubjectAltName_nodefault; - int setSubjectAltNameCritical; - X509_EXTENSIONS *reqExtensions; /* exts to be added to cert template */ - CERTIFICATEPOLICIES *policies; /* policies to be included in extensions */ - int setPoliciesCritical; - int popoMethod; /* Proof-of-possession mechanism; default: signature */ - X509 *oldCert; /* cert to be updated (via KUR) or to be revoked (via RR) */ - X509_REQ *p10CSR; /* for P10CR: PKCS#10 CSR to be sent */ - - /* misc body contents */ - int revocationReason; /* revocation reason code to be included in RR */ - STACK_OF(OSSL_CMP_ITAV) *genm_ITAVs; /* content of general message */ - - /* result returned in responses */ - int status; /* PKIStatus of last received IP/CP/KUP/RP/error or -1 */ - OSSL_CMP_PKIFREETEXT *statusString; /* of last IP/CP/KUP/RP/error */ - int failInfoCode; /* failInfoCode of last received IP/CP/KUP/error, or -1 */ - X509 *newCert; /* newly enrolled cert received from the CA */ - STACK_OF(X509) *newChain; /* chain of newly enrolled cert received */ - STACK_OF(X509) *caPubs; /* CA certs received from server (in IP message) */ - STACK_OF(X509) *extraCertsIn; /* extraCerts received from server */ - - /* certificate confirmation */ - OSSL_CMP_certConf_cb_t certConf_cb; /* callback for app checking new cert */ - void *certConf_cb_arg; /* allows to store an argument individual to cb */ -} /* OSSL_CMP_CTX */; - -/* - * ########################################################################## - * ASN.1 DECLARATIONS - * ########################################################################## - */ - -/*- - * RevAnnContent ::= SEQUENCE { - * status PKIStatus, - * certId CertId, - * willBeRevokedAt GeneralizedTime, - * badSinceDate GeneralizedTime, - * crlDetails Extensions OPTIONAL - * -- extra CRL details (e.g., crl number, reason, location, etc.) - * } - */ -typedef struct ossl_cmp_revanncontent_st { - ASN1_INTEGER *status; - OSSL_CRMF_CERTID *certId; - ASN1_GENERALIZEDTIME *willBeRevokedAt; - ASN1_GENERALIZEDTIME *badSinceDate; - X509_EXTENSIONS *crlDetails; -} OSSL_CMP_REVANNCONTENT; -DECLARE_ASN1_FUNCTIONS(OSSL_CMP_REVANNCONTENT) - -/*- - * Challenge ::= SEQUENCE { - * owf AlgorithmIdentifier OPTIONAL, - * - * -- MUST be present in the first Challenge; MAY be omitted in - * -- any subsequent Challenge in POPODecKeyChallContent (if - * -- omitted, then the owf used in the immediately preceding - * -- Challenge is to be used). - * - * witness OCTET STRING, - * -- the result of applying the one-way function (owf) to a - * -- randomly-generated INTEGER, A. [Note that a different - * -- INTEGER MUST be used for each Challenge.] - * challenge OCTET STRING - * -- the encryption (under the public key for which the cert. - * -- request is being made) of Rand, where Rand is specified as - * -- Rand ::= SEQUENCE { - * -- int INTEGER, - * -- - the randomly-generated INTEGER A (above) - * -- sender GeneralName - * -- - the sender's name (as included in PKIHeader) - * -- } - * } - */ -typedef struct ossl_cmp_challenge_st { - X509_ALGOR *owf; - ASN1_OCTET_STRING *witness; - ASN1_OCTET_STRING *challenge; -} OSSL_CMP_CHALLENGE; -DECLARE_ASN1_FUNCTIONS(OSSL_CMP_CHALLENGE) - -/*- - * CAKeyUpdAnnContent ::= SEQUENCE { - * oldWithNew Certificate, - * newWithOld Certificate, - * newWithNew Certificate - * } - */ -typedef struct ossl_cmp_cakeyupdanncontent_st { - X509 *oldWithNew; - X509 *newWithOld; - X509 *newWithNew; -} OSSL_CMP_CAKEYUPDANNCONTENT; -DECLARE_ASN1_FUNCTIONS(OSSL_CMP_CAKEYUPDANNCONTENT) - -/*- - * declared already here as it will be used in OSSL_CMP_MSG (nested) and - * infoType and infoValue - */ -typedef STACK_OF(OSSL_CMP_MSG) OSSL_CMP_MSGS; -DECLARE_ASN1_FUNCTIONS(OSSL_CMP_MSGS) - -/*- - * InfoTypeAndValue ::= SEQUENCE { - * infoType OBJECT IDENTIFIER, - * infoValue ANY DEFINED BY infoType OPTIONAL - * } - */ -struct ossl_cmp_itav_st { - ASN1_OBJECT *infoType; - union { - char *ptr; - /* NID_id_it_caProtEncCert - CA Protocol Encryption Certificate */ - X509 *caProtEncCert; - /* NID_id_it_signKeyPairTypes - Signing Key Pair Types */ - STACK_OF(X509_ALGOR) *signKeyPairTypes; - /* NID_id_it_encKeyPairTypes - Encryption/Key Agreement Key Pair Types */ - STACK_OF(X509_ALGOR) *encKeyPairTypes; - /* NID_id_it_preferredSymmAlg - Preferred Symmetric Algorithm */ - X509_ALGOR *preferredSymmAlg; - /* NID_id_it_caKeyUpdateInfo - Updated CA Key Pair */ - OSSL_CMP_CAKEYUPDANNCONTENT *caKeyUpdateInfo; - /* NID_id_it_currentCRL - CRL */ - X509_CRL *currentCRL; - /* NID_id_it_unsupportedOIDs - Unsupported Object Identifiers */ - STACK_OF(ASN1_OBJECT) *unsupportedOIDs; - /* NID_id_it_keyPairParamReq - Key Pair Parameters Request */ - ASN1_OBJECT *keyPairParamReq; - /* NID_id_it_keyPairParamRep - Key Pair Parameters Response */ - X509_ALGOR *keyPairParamRep; - /* NID_id_it_revPassphrase - Revocation Passphrase */ - OSSL_CRMF_ENCRYPTEDVALUE *revPassphrase; - /* NID_id_it_implicitConfirm - ImplicitConfirm */ - ASN1_NULL *implicitConfirm; - /* NID_id_it_confirmWaitTime - ConfirmWaitTime */ - ASN1_GENERALIZEDTIME *confirmWaitTime; - /* NID_id_it_origPKIMessage - origPKIMessage */ - OSSL_CMP_MSGS *origPKIMessage; - /* NID_id_it_suppLangTags - Supported Language Tags */ - STACK_OF(ASN1_UTF8STRING) *suppLangTagsValue; - /* this is to be used for so far undeclared objects */ - ASN1_TYPE *other; - } infoValue; -} /* OSSL_CMP_ITAV */; -DECLARE_ASN1_FUNCTIONS(OSSL_CMP_ITAV) - -typedef struct ossl_cmp_certorenccert_st { - int type; - union { - X509 *certificate; - OSSL_CRMF_ENCRYPTEDVALUE *encryptedCert; - } value; -} OSSL_CMP_CERTORENCCERT; -DECLARE_ASN1_FUNCTIONS(OSSL_CMP_CERTORENCCERT) - -/*- - * CertifiedKeyPair ::= SEQUENCE { - * certOrEncCert CertOrEncCert, - * privateKey [0] EncryptedValue OPTIONAL, - * -- see [CRMF] for comment on encoding - * publicationInfo [1] PKIPublicationInfo OPTIONAL - * } - */ -typedef struct ossl_cmp_certifiedkeypair_st { - OSSL_CMP_CERTORENCCERT *certOrEncCert; - OSSL_CRMF_ENCRYPTEDVALUE *privateKey; - OSSL_CRMF_PKIPUBLICATIONINFO *publicationInfo; -} OSSL_CMP_CERTIFIEDKEYPAIR; -DECLARE_ASN1_FUNCTIONS(OSSL_CMP_CERTIFIEDKEYPAIR) - -/*- - * PKIStatusInfo ::= SEQUENCE { - * status PKIStatus, - * statusString PKIFreeText OPTIONAL, - * failInfo PKIFailureInfo OPTIONAL - * } - */ -struct ossl_cmp_pkisi_st { - OSSL_CMP_PKISTATUS *status; - OSSL_CMP_PKIFREETEXT *statusString; - OSSL_CMP_PKIFAILUREINFO *failInfo; -} /* OSSL_CMP_PKISI */; - -/*- - * RevReqContent ::= SEQUENCE OF RevDetails - * - * RevDetails ::= SEQUENCE { - * certDetails CertTemplate, - * crlEntryDetails Extensions OPTIONAL - * } - */ -struct ossl_cmp_revdetails_st { - OSSL_CRMF_CERTTEMPLATE *certDetails; - X509_EXTENSIONS *crlEntryDetails; -} /* OSSL_CMP_REVDETAILS */; -typedef struct ossl_cmp_revdetails_st OSSL_CMP_REVDETAILS; -DECLARE_ASN1_FUNCTIONS(OSSL_CMP_REVDETAILS) -DEFINE_STACK_OF(OSSL_CMP_REVDETAILS) - -/*- - * RevRepContent ::= SEQUENCE { - * status SEQUENCE SIZE (1..MAX) OF PKIStatusInfo, - * -- in same order as was sent in RevReqContent - * revCerts [0] SEQUENCE SIZE (1..MAX) OF CertId - * OPTIONAL, - * -- IDs for which revocation was requested - * -- (same order as status) - * crls [1] SEQUENCE SIZE (1..MAX) OF CertificateList - * OPTIONAL - * -- the resulting CRLs (there may be more than one) - * } - */ -struct ossl_cmp_revrepcontent_st { - STACK_OF(OSSL_CMP_PKISI) *status; - STACK_OF(OSSL_CRMF_CERTID) *revCerts; - STACK_OF(X509_CRL) *crls; -} /* OSSL_CMP_REVREPCONTENT */; -DECLARE_ASN1_FUNCTIONS(OSSL_CMP_REVREPCONTENT) - -/*- - * KeyRecRepContent ::= SEQUENCE { - * status PKIStatusInfo, - * newSigCert [0] Certificate OPTIONAL, - * caCerts [1] SEQUENCE SIZE (1..MAX) OF - * Certificate OPTIONAL, - * keyPairHist [2] SEQUENCE SIZE (1..MAX) OF - * CertifiedKeyPair OPTIONAL - * } - */ -typedef struct ossl_cmp_keyrecrepcontent_st { - OSSL_CMP_PKISI *status; - X509 *newSigCert; - STACK_OF(X509) *caCerts; - STACK_OF(OSSL_CMP_CERTIFIEDKEYPAIR) *keyPairHist; -} OSSL_CMP_KEYRECREPCONTENT; -DECLARE_ASN1_FUNCTIONS(OSSL_CMP_KEYRECREPCONTENT) - -/*- - * ErrorMsgContent ::= SEQUENCE { - * pKIStatusInfo PKIStatusInfo, - * errorCode INTEGER OPTIONAL, - * -- implementation-specific error codes - * errorDetails PKIFreeText OPTIONAL - * -- implementation-specific error details - * } - */ -typedef struct ossl_cmp_errormsgcontent_st { - OSSL_CMP_PKISI *pKIStatusInfo; - ASN1_INTEGER *errorCode; - OSSL_CMP_PKIFREETEXT *errorDetails; -} OSSL_CMP_ERRORMSGCONTENT; -DECLARE_ASN1_FUNCTIONS(OSSL_CMP_ERRORMSGCONTENT) - -/*- - * CertConfirmContent ::= SEQUENCE OF CertStatus - * - * CertStatus ::= SEQUENCE { - * certHash OCTET STRING, - * -- the hash of the certificate, using the same hash algorithm - * -- as is used to create and verify the certificate signature - * certReqId INTEGER, - * -- to match this confirmation with the corresponding req/rep - * statusInfo PKIStatusInfo OPTIONAL - * } - */ -struct ossl_cmp_certstatus_st { - ASN1_OCTET_STRING *certHash; - ASN1_INTEGER *certReqId; - OSSL_CMP_PKISI *statusInfo; -} /* OSSL_CMP_CERTSTATUS */; -DECLARE_ASN1_FUNCTIONS(OSSL_CMP_CERTSTATUS) -typedef STACK_OF(OSSL_CMP_CERTSTATUS) OSSL_CMP_CERTCONFIRMCONTENT; -DECLARE_ASN1_FUNCTIONS(OSSL_CMP_CERTCONFIRMCONTENT) - -/*- - * CertResponse ::= SEQUENCE { - * certReqId INTEGER, - * -- to match this response with corresponding request (a value - * -- of -1 is to be used if certReqId is not specified in the - * -- corresponding request) - * status PKIStatusInfo, - * certifiedKeyPair CertifiedKeyPair OPTIONAL, - * rspInfo OCTET STRING OPTIONAL - * -- analogous to the id-regInfo-utf8Pairs string defined - * -- for regInfo in CertReqMsg [CRMF] - * } - */ -struct ossl_cmp_certresponse_st { - ASN1_INTEGER *certReqId; - OSSL_CMP_PKISI *status; - OSSL_CMP_CERTIFIEDKEYPAIR *certifiedKeyPair; - ASN1_OCTET_STRING *rspInfo; -} /* OSSL_CMP_CERTRESPONSE */; -DECLARE_ASN1_FUNCTIONS(OSSL_CMP_CERTRESPONSE) - -/*- - * CertRepMessage ::= SEQUENCE { - * caPubs [1] SEQUENCE SIZE (1..MAX) OF CMPCertificate - * OPTIONAL, - * response SEQUENCE OF CertResponse - * } - */ -struct ossl_cmp_certrepmessage_st { - STACK_OF(X509) *caPubs; - STACK_OF(OSSL_CMP_CERTRESPONSE) *response; -} /* OSSL_CMP_CERTREPMESSAGE */; -DECLARE_ASN1_FUNCTIONS(OSSL_CMP_CERTREPMESSAGE) - -/*- - * PollReqContent ::= SEQUENCE OF SEQUENCE { - * certReqId INTEGER - * } - */ -typedef struct ossl_cmp_pollreq_st { - ASN1_INTEGER *certReqId; -} OSSL_CMP_POLLREQ; -DECLARE_ASN1_FUNCTIONS(OSSL_CMP_POLLREQ) -DEFINE_STACK_OF(OSSL_CMP_POLLREQ) -typedef STACK_OF(OSSL_CMP_POLLREQ) OSSL_CMP_POLLREQCONTENT; -DECLARE_ASN1_FUNCTIONS(OSSL_CMP_POLLREQCONTENT) - -/*- - * PollRepContent ::= SEQUENCE OF SEQUENCE { - * certReqId INTEGER, - * checkAfter INTEGER, -- time in seconds - * reason PKIFreeText OPTIONAL - * } - */ -struct ossl_cmp_pollrep_st { - ASN1_INTEGER *certReqId; - ASN1_INTEGER *checkAfter; - OSSL_CMP_PKIFREETEXT *reason; -} /* OSSL_CMP_POLLREP */; -DECLARE_ASN1_FUNCTIONS(OSSL_CMP_POLLREP) -DEFINE_STACK_OF(OSSL_CMP_POLLREP) -DECLARE_ASN1_FUNCTIONS(OSSL_CMP_POLLREPCONTENT) - -/*- - * PKIHeader ::= SEQUENCE { - * pvno INTEGER { cmp1999(1), cmp2000(2) }, - * sender GeneralName, - * -- identifies the sender - * recipient GeneralName, - * -- identifies the intended recipient - * messageTime [0] GeneralizedTime OPTIONAL, - * -- time of production of this message (used when sender - * -- believes that the transport will be "suitable"; i.e., - * -- that the time will still be meaningful upon receipt) - * protectionAlg [1] AlgorithmIdentifier OPTIONAL, - * -- algorithm used for calculation of protection bits - * senderKID [2] KeyIdentifier OPTIONAL, - * recipKID [3] KeyIdentifier OPTIONAL, - * -- to identify specific keys used for protection - * transactionID [4] OCTET STRING OPTIONAL, - * -- identifies the transaction; i.e., this will be the same in - * -- corresponding request, response, certConf, and PKIConf - * -- messages - * senderNonce [5] OCTET STRING OPTIONAL, - * recipNonce [6] OCTET STRING OPTIONAL, - * -- nonces used to provide replay protection, senderNonce - * -- is inserted by the creator of this message; recipNonce - * -- is a nonce previously inserted in a related message by - * -- the intended recipient of this message - * freeText [7] PKIFreeText OPTIONAL, - * -- this may be used to indicate context-specific instructions - * -- (this field is intended for human consumption) - * generalInfo [8] SEQUENCE SIZE (1..MAX) OF - * InfoTypeAndValue OPTIONAL - * -- this may be used to convey context-specific information - * -- (this field not primarily intended for human consumption) - * } - */ -struct ossl_cmp_pkiheader_st { - ASN1_INTEGER *pvno; - GENERAL_NAME *sender; - GENERAL_NAME *recipient; - ASN1_GENERALIZEDTIME *messageTime; /* 0 */ - X509_ALGOR *protectionAlg; /* 1 */ - ASN1_OCTET_STRING *senderKID; /* 2 */ - ASN1_OCTET_STRING *recipKID; /* 3 */ - ASN1_OCTET_STRING *transactionID; /* 4 */ - ASN1_OCTET_STRING *senderNonce; /* 5 */ - ASN1_OCTET_STRING *recipNonce; /* 6 */ - OSSL_CMP_PKIFREETEXT *freeText; /* 7 */ - STACK_OF(OSSL_CMP_ITAV) *generalInfo; /* 8 */ -} /* OSSL_CMP_PKIHEADER */; - -typedef STACK_OF(OSSL_CMP_CHALLENGE) OSSL_CMP_POPODECKEYCHALLCONTENT; -DECLARE_ASN1_FUNCTIONS(OSSL_CMP_POPODECKEYCHALLCONTENT) -typedef STACK_OF(ASN1_INTEGER) OSSL_CMP_POPODECKEYRESPCONTENT; -DECLARE_ASN1_FUNCTIONS(OSSL_CMP_POPODECKEYRESPCONTENT) -typedef STACK_OF(OSSL_CMP_REVDETAILS) OSSL_CMP_REVREQCONTENT; -DECLARE_ASN1_FUNCTIONS(OSSL_CMP_REVREQCONTENT) -typedef STACK_OF(X509_CRL) OSSL_CMP_CRLANNCONTENT; -DECLARE_ASN1_FUNCTIONS(OSSL_CMP_CRLANNCONTENT) -typedef STACK_OF(OSSL_CMP_ITAV) OSSL_CMP_GENMSGCONTENT; -DECLARE_ASN1_FUNCTIONS(OSSL_CMP_GENMSGCONTENT) -typedef STACK_OF(OSSL_CMP_ITAV) OSSL_CMP_GENREPCONTENT; -DECLARE_ASN1_FUNCTIONS(OSSL_CMP_GENREPCONTENT) - -/*- - * PKIBody ::= CHOICE { -- message-specific body elements - * ir [0] CertReqMessages, --Initialization Request - * ip [1] CertRepMessage, --Initialization Response - * cr [2] CertReqMessages, --Certification Request - * cp [3] CertRepMessage, --Certification Response - * p10cr [4] CertificationRequest, --imported from [PKCS10] - * popdecc [5] POPODecKeyChallContent, --pop Challenge - * popdecr [6] POPODecKeyRespContent, --pop Response - * kur [7] CertReqMessages, --Key Update Request - * kup [8] CertRepMessage, --Key Update Response - * krr [9] CertReqMessages, --Key Recovery Request - * krp [10] KeyRecRepContent, --Key Recovery Response - * rr [11] RevReqContent, --Revocation Request - * rp [12] RevRepContent, --Revocation Response - * ccr [13] CertReqMessages, --Cross-Cert. Request - * ccp [14] CertRepMessage, --Cross-Cert. Response - * ckuann [15] CAKeyUpdAnnContent, --CA Key Update Ann. - * cann [16] CertAnnContent, --Certificate Ann. - * rann [17] RevAnnContent, --Revocation Ann. - * crlann [18] CRLAnnContent, --CRL Announcement - * pkiconf [19] PKIConfirmContent, --Confirmation - * nested [20] NestedMessageContent, --Nested Message - * genm [21] GenMsgContent, --General Message - * genp [22] GenRepContent, --General Response - * error [23] ErrorMsgContent, --Error Message - * certConf [24] CertConfirmContent, --Certificate confirm - * pollReq [25] PollReqContent, --Polling request - * pollRep [26] PollRepContent --Polling response - * } - */ -typedef struct ossl_cmp_pkibody_st { - int type; - union { - OSSL_CRMF_MSGS *ir; /* 0 */ - OSSL_CMP_CERTREPMESSAGE *ip; /* 1 */ - OSSL_CRMF_MSGS *cr; /* 2 */ - OSSL_CMP_CERTREPMESSAGE *cp; /* 3 */ - /*- - * p10cr [4] CertificationRequest, --imported from [PKCS10] - * - * PKCS10_CERTIFICATIONREQUEST is effectively X509_REQ - * so it is used directly - */ - X509_REQ *p10cr; /* 4 */ - /*- - * popdecc [5] POPODecKeyChallContent, --pop Challenge - * - * POPODecKeyChallContent ::= SEQUENCE OF Challenge - */ - OSSL_CMP_POPODECKEYCHALLCONTENT *popdecc; /* 5 */ - /*- - * popdecr [6] POPODecKeyRespContent, --pop Response - * - * POPODecKeyRespContent ::= SEQUENCE OF INTEGER - */ - OSSL_CMP_POPODECKEYRESPCONTENT *popdecr; /* 6 */ - OSSL_CRMF_MSGS *kur; /* 7 */ - OSSL_CMP_CERTREPMESSAGE *kup; /* 8 */ - OSSL_CRMF_MSGS *krr; /* 9 */ - - /*- - * krp [10] KeyRecRepContent, --Key Recovery Response - */ - OSSL_CMP_KEYRECREPCONTENT *krp; /* 10 */ - /*- - * rr [11] RevReqContent, --Revocation Request - */ - OSSL_CMP_REVREQCONTENT *rr; /* 11 */ - /*- - * rp [12] RevRepContent, --Revocation Response - */ - OSSL_CMP_REVREPCONTENT *rp; /* 12 */ - /*- - * ccr [13] CertReqMessages, --Cross-Cert. Request - */ - OSSL_CRMF_MSGS *ccr; /* 13 */ - /*- - * ccp [14] CertRepMessage, --Cross-Cert. Response - */ - OSSL_CMP_CERTREPMESSAGE *ccp; /* 14 */ - /*- - * ckuann [15] CAKeyUpdAnnContent, --CA Key Update Ann. - */ - OSSL_CMP_CAKEYUPDANNCONTENT *ckuann; /* 15 */ - /*- - * cann [16] CertAnnContent, --Certificate Ann. - * OSSL_CMP_CMPCERTIFICATE is effectively X509 so it is used directly - */ - X509 *cann; /* 16 */ - /*- - * rann [17] RevAnnContent, --Revocation Ann. - */ - OSSL_CMP_REVANNCONTENT *rann; /* 17 */ - /*- - * crlann [18] CRLAnnContent, --CRL Announcement - * CRLAnnContent ::= SEQUENCE OF CertificateList - */ - OSSL_CMP_CRLANNCONTENT *crlann; /* 18 */ - /*- - * PKIConfirmContent ::= NULL - * pkiconf [19] PKIConfirmContent, --Confirmation - * OSSL_CMP_PKICONFIRMCONTENT would be only a typedef of ASN1_NULL - * OSSL_CMP_CONFIRMCONTENT *pkiconf; - * - * NOTE: this should ASN1_NULL according to the RFC - * but there might be a struct in it when sent from faulty servers... - */ - ASN1_TYPE *pkiconf; /* 19 */ - /*- - * nested [20] NestedMessageContent, --Nested Message - * NestedMessageContent ::= PKIMessages - */ - OSSL_CMP_MSGS *nested; /* 20 */ - /*- - * genm [21] GenMsgContent, --General Message - * GenMsgContent ::= SEQUENCE OF InfoTypeAndValue - */ - OSSL_CMP_GENMSGCONTENT *genm; /* 21 */ - /*- - * genp [22] GenRepContent, --General Response - * GenRepContent ::= SEQUENCE OF InfoTypeAndValue - */ - OSSL_CMP_GENREPCONTENT *genp; /* 22 */ - /*- - * error [23] ErrorMsgContent, --Error Message - */ - OSSL_CMP_ERRORMSGCONTENT *error; /* 23 */ - /*- - * certConf [24] CertConfirmContent, --Certificate confirm - */ - OSSL_CMP_CERTCONFIRMCONTENT *certConf; /* 24 */ - /*- - * pollReq [25] PollReqContent, --Polling request - */ - OSSL_CMP_POLLREQCONTENT *pollReq; /* 25 */ - /*- - * pollRep [26] PollRepContent --Polling response - */ - OSSL_CMP_POLLREPCONTENT *pollRep; /* 26 */ - } value; -} OSSL_CMP_PKIBODY; -DECLARE_ASN1_FUNCTIONS(OSSL_CMP_PKIBODY) - -/*- - * PKIProtection ::= BIT STRING - * - * PKIMessages ::= SEQUENCE SIZE (1..MAX) OF PKIMessage - * - * PKIMessage ::= SEQUENCE { - * header PKIHeader, - * body PKIBody, - * protection [0] PKIProtection OPTIONAL, - * extraCerts [1] SEQUENCE SIZE (1..MAX) OF CMPCertificate - * OPTIONAL - * } - */ -struct ossl_cmp_msg_st { - OSSL_CMP_PKIHEADER *header; - OSSL_CMP_PKIBODY *body; - ASN1_BIT_STRING *protection; /* 0 */ - /* OSSL_CMP_CMPCERTIFICATE is effectively X509 so it is used directly */ - STACK_OF(X509) *extraCerts; /* 1 */ - OSSL_LIB_CTX *libctx; - char *propq; -} /* OSSL_CMP_MSG */; -OSSL_CMP_MSG *OSSL_CMP_MSG_new(OSSL_LIB_CTX *libctx, const char *propq); -void OSSL_CMP_MSG_free(OSSL_CMP_MSG *msg); - -/*- - * ProtectedPart ::= SEQUENCE { - * header PKIHeader, - * body PKIBody - * } - */ -typedef struct ossl_cmp_protectedpart_st { - OSSL_CMP_PKIHEADER *header; - OSSL_CMP_PKIBODY *body; -} OSSL_CMP_PROTECTEDPART; -DECLARE_ASN1_FUNCTIONS(OSSL_CMP_PROTECTEDPART) - -/*- - * this is not defined here as it is already in CRMF: - * id-PasswordBasedMac OBJECT IDENTIFIER ::= {1 2 840 113533 7 66 13} - * PBMParameter ::= SEQUENCE { - * salt OCTET STRING, - * -- note: implementations MAY wish to limit acceptable sizes - * -- of this string to values appropriate for their environment - * -- in order to reduce the risk of denial-of-service attacks - * owf AlgorithmIdentifier, - * -- AlgId for a One-Way Function (SHA-1 recommended) - * iterationCount INTEGER, - * -- number of times the OWF is applied - * -- note: implementations MAY wish to limit acceptable sizes - * -- of this integer to values appropriate for their environment - * -- in order to reduce the risk of denial-of-service attacks - * mac AlgorithmIdentifier - * -- the MAC AlgId (e.g., DES-MAC, Triple-DES-MAC [PKCS11], - * } -- or HMAC [RFC2104, RFC2202]) - */ -/*- - * id-DHBasedMac OBJECT IDENTIFIER ::= {1 2 840 113533 7 66 30} - * DHBMParameter ::= SEQUENCE { - * owf AlgorithmIdentifier, - * -- AlgId for a One-Way Function (SHA-1 recommended) - * mac AlgorithmIdentifier - * -- the MAC AlgId (e.g., DES-MAC, Triple-DES-MAC [PKCS11], - * } -- or HMAC [RFC2104, RFC2202]) - */ -/*- - * The following is not cared for, because it is described in section 5.2.5 - * that this is beyond the scope of CMP - * OOBCert ::= CMPCertificate - * - * OOBCertHash ::= SEQUENCE { - * hashAlg [0] AlgorithmIdentifier OPTIONAL, - * certId [1] CertId OPTIONAL, - * hashVal BIT STRING - * -- hashVal is calculated over the DER encoding of the - * -- self-signed certificate with the identifier certID. - * } - */ - -/* from cmp_asn.c */ -int ossl_cmp_asn1_get_int(const ASN1_INTEGER *a); - -/* from cmp_util.c */ -const char *ossl_cmp_log_parse_metadata(const char *buf, - OSSL_CMP_severity *level, char **func, - char **file, int *line); -# define ossl_cmp_add_error_data(txt) ERR_add_error_txt(" : ", txt) -# define ossl_cmp_add_error_line(txt) ERR_add_error_txt("\n", txt) -/* The two functions manipulating X509_STORE could be generally useful */ -int ossl_cmp_X509_STORE_add1_certs(X509_STORE *store, STACK_OF(X509) *certs, - int only_self_issued); -STACK_OF(X509) *ossl_cmp_X509_STORE_get1_certs(X509_STORE *store); -int ossl_cmp_sk_ASN1_UTF8STRING_push_str(STACK_OF(ASN1_UTF8STRING) *sk, - const char *text, int len); -int ossl_cmp_asn1_octet_string_set1(ASN1_OCTET_STRING **tgt, - const ASN1_OCTET_STRING *src); -int ossl_cmp_asn1_octet_string_set1_bytes(ASN1_OCTET_STRING **tgt, - const unsigned char *bytes, int len); - -/* from cmp_ctx.c */ -int ossl_cmp_print_log(OSSL_CMP_severity level, const OSSL_CMP_CTX *ctx, - const char *func, const char *file, int line, - const char *level_str, const char *format, ...); -# define ossl_cmp_log(level, ctx, msg) \ - ossl_cmp_print_log(OSSL_CMP_LOG_##level, ctx, OPENSSL_FUNC, OPENSSL_FILE, \ - OPENSSL_LINE, #level, "%s", msg) -# define ossl_cmp_log1(level, ctx, fmt, arg1) \ - ossl_cmp_print_log(OSSL_CMP_LOG_##level, ctx, OPENSSL_FUNC, OPENSSL_FILE, \ - OPENSSL_LINE, #level, fmt, arg1) -# define ossl_cmp_log2(level, ctx, fmt, arg1, arg2) \ - ossl_cmp_print_log(OSSL_CMP_LOG_##level, ctx, OPENSSL_FUNC, OPENSSL_FILE, \ - OPENSSL_LINE, #level, fmt, arg1, arg2) -# define ossl_cmp_log3(level, ctx, fmt, arg1, arg2, arg3) \ - ossl_cmp_print_log(OSSL_CMP_LOG_##level, ctx, OPENSSL_FUNC, OPENSSL_FILE, \ - OPENSSL_LINE, #level, fmt, arg1, arg2, arg3) -# define ossl_cmp_log4(level, ctx, fmt, arg1, arg2, arg3, arg4) \ - ossl_cmp_print_log(OSSL_CMP_LOG_##level, ctx, OPENSSL_FUNC, OPENSSL_FILE, \ - OPENSSL_LINE, #level, fmt, arg1, arg2, arg3, arg4) -# define OSSL_CMP_LOG_ERROR OSSL_CMP_LOG_ERR -# define OSSL_CMP_LOG_WARN OSSL_CMP_LOG_WARNING -# define ossl_cmp_alert(ctx, msg) ossl_cmp_log(ALERT, ctx, msg) -# define ossl_cmp_err(ctx, msg) ossl_cmp_log(ERROR, ctx, msg) -# define ossl_cmp_warn(ctx, msg) ossl_cmp_log(WARN, ctx, msg) -# define ossl_cmp_info(ctx, msg) ossl_cmp_log(INFO, ctx, msg) -# define ossl_cmp_debug(ctx, msg) ossl_cmp_log(DEBUG, ctx, msg) -# define ossl_cmp_trace(ctx, msg) ossl_cmp_log(TRACE, ctx, msg) -int ossl_cmp_ctx_set0_validatedSrvCert(OSSL_CMP_CTX *ctx, X509 *cert); -int ossl_cmp_ctx_set_status(OSSL_CMP_CTX *ctx, int status); -int ossl_cmp_ctx_set0_statusString(OSSL_CMP_CTX *ctx, - OSSL_CMP_PKIFREETEXT *text); -int ossl_cmp_ctx_set_failInfoCode(OSSL_CMP_CTX *ctx, int fail_info); -int ossl_cmp_ctx_set0_newCert(OSSL_CMP_CTX *ctx, X509 *cert); -int ossl_cmp_ctx_set1_newChain(OSSL_CMP_CTX *ctx, STACK_OF(X509) *newChain); -int ossl_cmp_ctx_set1_caPubs(OSSL_CMP_CTX *ctx, STACK_OF(X509) *caPubs); -int ossl_cmp_ctx_set1_extraCertsIn(OSSL_CMP_CTX *ctx, - STACK_OF(X509) *extraCertsIn); -int ossl_cmp_ctx_set1_recipNonce(OSSL_CMP_CTX *ctx, - const ASN1_OCTET_STRING *nonce); - -/* from cmp_status.c */ -int ossl_cmp_pkisi_get_status(const OSSL_CMP_PKISI *si); -const char *ossl_cmp_PKIStatus_to_string(int status); -OSSL_CMP_PKIFREETEXT *ossl_cmp_pkisi_get0_statusString(const OSSL_CMP_PKISI *s); -int ossl_cmp_pkisi_get_pkifailureinfo(const OSSL_CMP_PKISI *si); -int ossl_cmp_pkisi_check_pkifailureinfo(const OSSL_CMP_PKISI *si, int index); - -/* from cmp_hdr.c */ -int ossl_cmp_hdr_set_pvno(OSSL_CMP_PKIHEADER *hdr, int pvno); -int ossl_cmp_hdr_get_pvno(const OSSL_CMP_PKIHEADER *hdr); -int ossl_cmp_hdr_get_protection_nid(const OSSL_CMP_PKIHEADER *hdr); -ASN1_OCTET_STRING *ossl_cmp_hdr_get0_senderNonce(const OSSL_CMP_PKIHEADER *hdr); -int ossl_cmp_general_name_is_NULL_DN(GENERAL_NAME *name); -int ossl_cmp_hdr_set1_sender(OSSL_CMP_PKIHEADER *hdr, const X509_NAME *nm); -int ossl_cmp_hdr_set1_recipient(OSSL_CMP_PKIHEADER *hdr, const X509_NAME *nm); -int ossl_cmp_hdr_update_messageTime(OSSL_CMP_PKIHEADER *hdr); -int ossl_cmp_hdr_set1_senderKID(OSSL_CMP_PKIHEADER *hdr, - const ASN1_OCTET_STRING *senderKID); -int ossl_cmp_hdr_push0_freeText(OSSL_CMP_PKIHEADER *hdr, ASN1_UTF8STRING *text); -int ossl_cmp_hdr_push1_freeText(OSSL_CMP_PKIHEADER *hdr, ASN1_UTF8STRING *text); -int ossl_cmp_hdr_generalInfo_push0_item(OSSL_CMP_PKIHEADER *hdr, - OSSL_CMP_ITAV *itav); -int ossl_cmp_hdr_generalInfo_push1_items(OSSL_CMP_PKIHEADER *hdr, - const STACK_OF(OSSL_CMP_ITAV) *itavs); -int ossl_cmp_hdr_set_implicitConfirm(OSSL_CMP_PKIHEADER *hdr); -int ossl_cmp_hdr_has_implicitConfirm(const OSSL_CMP_PKIHEADER *hdr); -# define OSSL_CMP_TRANSACTIONID_LENGTH 16 -# define OSSL_CMP_SENDERNONCE_LENGTH 16 -int ossl_cmp_hdr_set_transactionID(OSSL_CMP_CTX *ctx, OSSL_CMP_PKIHEADER *hdr); -int ossl_cmp_hdr_init(OSSL_CMP_CTX *ctx, OSSL_CMP_PKIHEADER *hdr); - -/* from cmp_msg.c */ -/* OSSL_CMP_MSG bodytype ASN.1 choice IDs */ -# define OSSL_CMP_PKIBODY_IR 0 -# define OSSL_CMP_PKIBODY_IP 1 -# define OSSL_CMP_PKIBODY_CR 2 -# define OSSL_CMP_PKIBODY_CP 3 -# define OSSL_CMP_PKIBODY_P10CR 4 -# define OSSL_CMP_PKIBODY_POPDECC 5 -# define OSSL_CMP_PKIBODY_POPDECR 6 -# define OSSL_CMP_PKIBODY_KUR 7 -# define OSSL_CMP_PKIBODY_KUP 8 -# define OSSL_CMP_PKIBODY_KRR 9 -# define OSSL_CMP_PKIBODY_KRP 10 -# define OSSL_CMP_PKIBODY_RR 11 -# define OSSL_CMP_PKIBODY_RP 12 -# define OSSL_CMP_PKIBODY_CCR 13 -# define OSSL_CMP_PKIBODY_CCP 14 -# define OSSL_CMP_PKIBODY_CKUANN 15 -# define OSSL_CMP_PKIBODY_CANN 16 -# define OSSL_CMP_PKIBODY_RANN 17 -# define OSSL_CMP_PKIBODY_CRLANN 18 -# define OSSL_CMP_PKIBODY_PKICONF 19 -# define OSSL_CMP_PKIBODY_NESTED 20 -# define OSSL_CMP_PKIBODY_GENM 21 -# define OSSL_CMP_PKIBODY_GENP 22 -# define OSSL_CMP_PKIBODY_ERROR 23 -# define OSSL_CMP_PKIBODY_CERTCONF 24 -# define OSSL_CMP_PKIBODY_POLLREQ 25 -# define OSSL_CMP_PKIBODY_POLLREP 26 -# define OSSL_CMP_PKIBODY_TYPE_MAX OSSL_CMP_PKIBODY_POLLREP -/* certReqId for the first - and so far only - certificate request */ -# define OSSL_CMP_CERTREQID 0 -/* sequence id for the first - and so far only - revocation request */ -# define OSSL_CMP_REVREQSID 0 -int ossl_cmp_msg_set0_libctx(OSSL_CMP_MSG *msg, OSSL_LIB_CTX *libctx, - const char *propq); -const char *ossl_cmp_bodytype_to_string(int type); -int ossl_cmp_msg_set_bodytype(OSSL_CMP_MSG *msg, int type); -OSSL_CMP_MSG *ossl_cmp_msg_create(OSSL_CMP_CTX *ctx, int bodytype); -OSSL_CMP_MSG *ossl_cmp_certreq_new(OSSL_CMP_CTX *ctx, int bodytype, - const OSSL_CRMF_MSG *crm); -OSSL_CMP_MSG *ossl_cmp_certrep_new(OSSL_CMP_CTX *ctx, int bodytype, - int certReqId, const OSSL_CMP_PKISI *si, - X509 *cert, const X509 *encryption_recip, - STACK_OF(X509) *chain, STACK_OF(X509) *caPubs, - int unprotectedErrors); -OSSL_CMP_MSG *ossl_cmp_rr_new(OSSL_CMP_CTX *ctx); -OSSL_CMP_MSG *ossl_cmp_rp_new(OSSL_CMP_CTX *ctx, const OSSL_CMP_PKISI *si, - const OSSL_CRMF_CERTID *cid, - int unprotectedErrors); -OSSL_CMP_MSG *ossl_cmp_pkiconf_new(OSSL_CMP_CTX *ctx); -OSSL_CMP_MSG *ossl_cmp_pollRep_new(OSSL_CMP_CTX *ctx, int crid, - int64_t poll_after); -int ossl_cmp_msg_gen_push0_ITAV(OSSL_CMP_MSG *msg, OSSL_CMP_ITAV *itav); -int ossl_cmp_msg_gen_push1_ITAVs(OSSL_CMP_MSG *msg, - const STACK_OF(OSSL_CMP_ITAV) *itavs); -OSSL_CMP_MSG *ossl_cmp_genm_new(OSSL_CMP_CTX *ctx); -OSSL_CMP_MSG *ossl_cmp_genp_new(OSSL_CMP_CTX *ctx, - const STACK_OF(OSSL_CMP_ITAV) *itavs); -OSSL_CMP_MSG *ossl_cmp_error_new(OSSL_CMP_CTX *ctx, const OSSL_CMP_PKISI *si, - int64_t errorCode, const char *details, - int unprotected); -int ossl_cmp_certstatus_set0_certHash(OSSL_CMP_CERTSTATUS *certStatus, - ASN1_OCTET_STRING *hash); -OSSL_CMP_MSG *ossl_cmp_certConf_new(OSSL_CMP_CTX *ctx, int fail_info, - const char *text); -OSSL_CMP_MSG *ossl_cmp_pollReq_new(OSSL_CMP_CTX *ctx, int crid); -OSSL_CMP_MSG *ossl_cmp_pollRep_new(OSSL_CMP_CTX *ctx, int crid, - int64_t poll_after); -OSSL_CMP_PKISI * -ossl_cmp_revrepcontent_get_pkisi(OSSL_CMP_REVREPCONTENT *rrep, int rsid); -OSSL_CRMF_CERTID *ossl_cmp_revrepcontent_get_CertId(OSSL_CMP_REVREPCONTENT *rc, - int rsid); -OSSL_CMP_POLLREP * -ossl_cmp_pollrepcontent_get0_pollrep(const OSSL_CMP_POLLREPCONTENT *prc, - int rid); -OSSL_CMP_CERTRESPONSE * -ossl_cmp_certrepmessage_get0_certresponse(const OSSL_CMP_CERTREPMESSAGE *crm, - int rid); -X509 *ossl_cmp_certresponse_get1_cert(const OSSL_CMP_CERTRESPONSE *crep, - const OSSL_CMP_CTX *ctx, EVP_PKEY *pkey); -OSSL_CMP_MSG *ossl_cmp_msg_load(const char *file); - -/* from cmp_protect.c */ -int ossl_cmp_msg_add_extraCerts(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg); -ASN1_BIT_STRING *ossl_cmp_calc_protection(const OSSL_CMP_CTX *ctx, - const OSSL_CMP_MSG *msg); -int ossl_cmp_msg_protect(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg); - -/* from cmp_vfy.c */ -typedef int (*ossl_cmp_allow_unprotected_cb_t)(const OSSL_CMP_CTX *ctx, - const OSSL_CMP_MSG *msg, - int invalid_protection, int arg); -int ossl_cmp_msg_check_update(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg, - ossl_cmp_allow_unprotected_cb_t cb, int cb_arg); -int ossl_cmp_msg_check_received(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg, - ossl_cmp_allow_unprotected_cb_t cb, int cb_arg); -int ossl_cmp_verify_popo(const OSSL_CMP_CTX *ctx, - const OSSL_CMP_MSG *msg, int accept_RAVerified); - -/* from cmp_client.c */ -int ossl_cmp_exchange_certConf(OSSL_CMP_CTX *ctx, int fail_info, - const char *txt); -int ossl_cmp_exchange_error(OSSL_CMP_CTX *ctx, int status, int fail_info, - const char *txt, int errorCode, const char *detail); - -#endif /* !defined(OSSL_CRYPTO_CMP_LOCAL_H) */ diff --git a/crypto/cmp/cmp_msg.c b/crypto/cmp/cmp_msg.c deleted file mode 100644 index 9890fc3dcb29c4193ac5f708436f5d41166a668c..0000000000000000000000000000000000000000 --- a/crypto/cmp/cmp_msg.c +++ /dev/null @@ -1,1171 +0,0 @@ -/* - * Copyright 2007-2022 The OpenSSL Project Authors. All Rights Reserved. - * Copyright Nokia 2007-2019 - * Copyright Siemens AG 2015-2019 - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* CMP functions for PKIMessage construction */ - -#include "cmp_local.h" - -/* explicit #includes not strictly needed since implied by the above: */ -#include -#include -#include -#include -#include - -OSSL_CMP_MSG *OSSL_CMP_MSG_new(OSSL_LIB_CTX *libctx, const char *propq) -{ - OSSL_CMP_MSG *msg = NULL; - - msg = (OSSL_CMP_MSG *)ASN1_item_new_ex(ASN1_ITEM_rptr(OSSL_CMP_MSG), - libctx, propq); - if (!ossl_cmp_msg_set0_libctx(msg, libctx, propq)) { - OSSL_CMP_MSG_free(msg); - msg = NULL; - } - return msg; -} - -void OSSL_CMP_MSG_free(OSSL_CMP_MSG *msg) -{ - ASN1_item_free((ASN1_VALUE *)msg, ASN1_ITEM_rptr(OSSL_CMP_MSG)); -} - -/* - * This should only be used if the X509 object was embedded inside another - * asn1 object and it needs a libctx to operate. - * Use OSSL_CMP_MSG_new() instead if possible. - */ -int ossl_cmp_msg_set0_libctx(OSSL_CMP_MSG *msg, OSSL_LIB_CTX *libctx, - const char *propq) -{ - if (msg != NULL) { - msg->libctx = libctx; - OPENSSL_free(msg->propq); - msg->propq = NULL; - if (propq != NULL) { - msg->propq = OPENSSL_strdup(propq); - if (msg->propq == NULL) - return 0; - } - } - return 1; -} - - -OSSL_CMP_PKIHEADER *OSSL_CMP_MSG_get0_header(const OSSL_CMP_MSG *msg) -{ - if (msg == NULL) { - ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); - return NULL; - } - return msg->header; -} - -const char *ossl_cmp_bodytype_to_string(int type) -{ - static const char *type_names[] = { - "IR", "IP", "CR", "CP", "P10CR", - "POPDECC", "POPDECR", "KUR", "KUP", - "KRR", "KRP", "RR", "RP", "CCR", "CCP", - "CKUANN", "CANN", "RANN", "CRLANN", "PKICONF", "NESTED", - "GENM", "GENP", "ERROR", "CERTCONF", "POLLREQ", "POLLREP", - }; - - if (type < 0 || type > OSSL_CMP_PKIBODY_TYPE_MAX) - return "illegal body type"; - return type_names[type]; -} - -int ossl_cmp_msg_set_bodytype(OSSL_CMP_MSG *msg, int type) -{ - if (!ossl_assert(msg != NULL && msg->body != NULL)) - return 0; - - msg->body->type = type; - return 1; -} - -int OSSL_CMP_MSG_get_bodytype(const OSSL_CMP_MSG *msg) -{ - if (!ossl_assert(msg != NULL && msg->body != NULL)) - return -1; - - return msg->body->type; -} - -/* Add an extension to the referenced extension stack, which may be NULL */ -static int add1_extension(X509_EXTENSIONS **pexts, int nid, int crit, void *ex) -{ - X509_EXTENSION *ext; - int res; - - if (!ossl_assert(pexts != NULL)) /* pointer to var must not be NULL */ - return 0; - - if ((ext = X509V3_EXT_i2d(nid, crit, ex)) == NULL) - return 0; - - res = X509v3_add_ext(pexts, ext, 0) != NULL; - X509_EXTENSION_free(ext); - return res; -} - -/* Add extension list to the referenced extension stack, which may be NULL */ -static int add_extensions(STACK_OF(X509_EXTENSION) **target, - const STACK_OF(X509_EXTENSION) *exts) -{ - int i; - - if (target == NULL) - return 0; - - for (i = 0; i < sk_X509_EXTENSION_num(exts); i++) { - X509_EXTENSION *ext = sk_X509_EXTENSION_value(exts, i); - ASN1_OBJECT *obj = X509_EXTENSION_get_object(ext); - int idx = X509v3_get_ext_by_OBJ(*target, obj, -1); - - /* Does extension exist in target? */ - if (idx != -1) { - /* Delete all extensions of same type */ - do { - X509_EXTENSION_free(sk_X509_EXTENSION_delete(*target, idx)); - idx = X509v3_get_ext_by_OBJ(*target, obj, -1); - } while (idx != -1); - } - if (!X509v3_add_ext(target, ext, -1)) - return 0; - } - return 1; -} - -/* Add a CRL revocation reason code to extension stack, which may be NULL */ -static int add_crl_reason_extension(X509_EXTENSIONS **pexts, int reason_code) -{ - ASN1_ENUMERATED *val = ASN1_ENUMERATED_new(); - int res = 0; - - if (val != NULL && ASN1_ENUMERATED_set(val, reason_code)) - res = add1_extension(pexts, NID_crl_reason, 0 /* non-critical */, val); - ASN1_ENUMERATED_free(val); - return res; -} - -OSSL_CMP_MSG *ossl_cmp_msg_create(OSSL_CMP_CTX *ctx, int bodytype) -{ - OSSL_CMP_MSG *msg = NULL; - - if (!ossl_assert(ctx != NULL)) - return NULL; - - if ((msg = OSSL_CMP_MSG_new(ctx->libctx, ctx->propq)) == NULL) - return NULL; - if (!ossl_cmp_hdr_init(ctx, msg->header) - || !ossl_cmp_msg_set_bodytype(msg, bodytype)) - goto err; - if (ctx->geninfo_ITAVs != NULL - && !ossl_cmp_hdr_generalInfo_push1_items(msg->header, - ctx->geninfo_ITAVs)) - goto err; - - switch (bodytype) { - case OSSL_CMP_PKIBODY_IR: - case OSSL_CMP_PKIBODY_CR: - case OSSL_CMP_PKIBODY_KUR: - if ((msg->body->value.ir = OSSL_CRMF_MSGS_new()) == NULL) - goto err; - return msg; - - case OSSL_CMP_PKIBODY_P10CR: - if (ctx->p10CSR == NULL) { - ERR_raise(ERR_LIB_CMP, CMP_R_MISSING_P10CSR); - goto err; - } - if ((msg->body->value.p10cr = X509_REQ_dup(ctx->p10CSR)) == NULL) - goto err; - return msg; - - case OSSL_CMP_PKIBODY_IP: - case OSSL_CMP_PKIBODY_CP: - case OSSL_CMP_PKIBODY_KUP: - if ((msg->body->value.ip = OSSL_CMP_CERTREPMESSAGE_new()) == NULL) - goto err; - return msg; - - case OSSL_CMP_PKIBODY_RR: - if ((msg->body->value.rr = sk_OSSL_CMP_REVDETAILS_new_null()) == NULL) - goto err; - return msg; - case OSSL_CMP_PKIBODY_RP: - if ((msg->body->value.rp = OSSL_CMP_REVREPCONTENT_new()) == NULL) - goto err; - return msg; - - case OSSL_CMP_PKIBODY_CERTCONF: - if ((msg->body->value.certConf = - sk_OSSL_CMP_CERTSTATUS_new_null()) == NULL) - goto err; - return msg; - case OSSL_CMP_PKIBODY_PKICONF: - if ((msg->body->value.pkiconf = ASN1_TYPE_new()) == NULL) - goto err; - ASN1_TYPE_set(msg->body->value.pkiconf, V_ASN1_NULL, NULL); - return msg; - - case OSSL_CMP_PKIBODY_POLLREQ: - if ((msg->body->value.pollReq = sk_OSSL_CMP_POLLREQ_new_null()) == NULL) - goto err; - return msg; - case OSSL_CMP_PKIBODY_POLLREP: - if ((msg->body->value.pollRep = sk_OSSL_CMP_POLLREP_new_null()) == NULL) - goto err; - return msg; - - case OSSL_CMP_PKIBODY_GENM: - case OSSL_CMP_PKIBODY_GENP: - if ((msg->body->value.genm = sk_OSSL_CMP_ITAV_new_null()) == NULL) - goto err; - return msg; - - case OSSL_CMP_PKIBODY_ERROR: - if ((msg->body->value.error = OSSL_CMP_ERRORMSGCONTENT_new()) == NULL) - goto err; - return msg; - - default: - ERR_raise(ERR_LIB_CMP, CMP_R_UNEXPECTED_PKIBODY); - goto err; - } - - err: - OSSL_CMP_MSG_free(msg); - return NULL; -} - -#define HAS_SAN(ctx) \ - (sk_GENERAL_NAME_num((ctx)->subjectAltNames) > 0 \ - || OSSL_CMP_CTX_reqExtensions_have_SAN(ctx) == 1) - -static const X509_NAME *determine_subj(OSSL_CMP_CTX *ctx, int for_KUR, - const X509_NAME *ref_subj) -{ - if (ctx->subjectName != NULL) - return IS_NULL_DN(ctx->subjectName) ? NULL : ctx->subjectName; - if (ctx->p10CSR != NULL) /* first default is from any given CSR */ - return X509_REQ_get_subject_name(ctx->p10CSR); - if (for_KUR || !HAS_SAN(ctx)) - /* - * For KUR, copy subject from any reference cert as fallback. - * For IR or CR, do the same only if there is no subjectAltName. - */ - return ref_subj; - return NULL; -} - -OSSL_CRMF_MSG *OSSL_CMP_CTX_setup_CRM(OSSL_CMP_CTX *ctx, int for_KUR, int rid) -{ - OSSL_CRMF_MSG *crm = NULL; - X509 *refcert = ctx->oldCert != NULL ? ctx->oldCert : ctx->cert; - /* refcert defaults to current client cert */ - EVP_PKEY *rkey = OSSL_CMP_CTX_get0_newPkey(ctx, 0); - STACK_OF(GENERAL_NAME) *default_sans = NULL; - const X509_NAME *ref_subj = - refcert != NULL ? X509_get_subject_name(refcert) : NULL; - const X509_NAME *subject = determine_subj(ctx, for_KUR, ref_subj); - const X509_NAME *issuer = ctx->issuer != NULL || refcert == NULL - ? (IS_NULL_DN(ctx->issuer) ? NULL : ctx->issuer) - : X509_get_issuer_name(refcert); - int crit = ctx->setSubjectAltNameCritical || subject == NULL; - /* RFC5280: subjectAltName MUST be critical if subject is null */ - X509_EXTENSIONS *exts = NULL; - - if (rkey == NULL && ctx->p10CSR != NULL) - rkey = X509_REQ_get0_pubkey(ctx->p10CSR); - if (rkey == NULL && refcert != NULL) - rkey = X509_get0_pubkey(refcert); - if (rkey == NULL) - rkey = ctx->pkey; /* default is independent of ctx->oldCert */ - if (rkey == NULL) { -#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION - ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); - return NULL; -#endif - } - if (for_KUR && refcert == NULL && ctx->p10CSR == NULL) { - ERR_raise(ERR_LIB_CMP, CMP_R_MISSING_REFERENCE_CERT); - return NULL; - } - if ((crm = OSSL_CRMF_MSG_new()) == NULL) - return NULL; - if (!OSSL_CRMF_MSG_set_certReqId(crm, rid) - /* - * fill certTemplate, corresponding to CertificationRequestInfo - * of PKCS#10. The rkey param cannot be NULL so far - - * it could be NULL if centralized key creation was supported - */ - || !OSSL_CRMF_CERTTEMPLATE_fill(OSSL_CRMF_MSG_get0_tmpl(crm), rkey, - subject, issuer, NULL /* serial */)) - goto err; - if (ctx->days != 0) { - time_t now = time(NULL); - ASN1_TIME *notBefore = ASN1_TIME_adj(NULL, now, 0, 0); - ASN1_TIME *notAfter = ASN1_TIME_adj(NULL, now, ctx->days, 0); - - if (notBefore == NULL - || notAfter == NULL - || !OSSL_CRMF_MSG_set0_validity(crm, notBefore, notAfter)) { - ASN1_TIME_free(notBefore); - ASN1_TIME_free(notAfter); - goto err; - } - } - - /* extensions */ - if (ctx->p10CSR != NULL - && (exts = X509_REQ_get_extensions(ctx->p10CSR)) == NULL) - goto err; - if (!ctx->SubjectAltName_nodefault && !HAS_SAN(ctx) && refcert != NULL - && (default_sans = X509V3_get_d2i(X509_get0_extensions(refcert), - NID_subject_alt_name, NULL, NULL)) - != NULL - && !add1_extension(&exts, NID_subject_alt_name, crit, default_sans)) - goto err; - if (ctx->reqExtensions != NULL /* augment/override existing ones */ - && !add_extensions(&exts, ctx->reqExtensions)) - goto err; - if (sk_GENERAL_NAME_num(ctx->subjectAltNames) > 0 - && !add1_extension(&exts, NID_subject_alt_name, - crit, ctx->subjectAltNames)) - goto err; - if (ctx->policies != NULL - && !add1_extension(&exts, NID_certificate_policies, - ctx->setPoliciesCritical, ctx->policies)) - goto err; - if (!OSSL_CRMF_MSG_set0_extensions(crm, exts)) - goto err; - exts = NULL; - /* end fill certTemplate, now set any controls */ - - /* for KUR, set OldCertId according to D.6 */ - if (for_KUR && refcert != NULL) { - OSSL_CRMF_CERTID *cid = - OSSL_CRMF_CERTID_gen(X509_get_issuer_name(refcert), - X509_get0_serialNumber(refcert)); - int ret; - - if (cid == NULL) - goto err; - ret = OSSL_CRMF_MSG_set1_regCtrl_oldCertID(crm, cid); - OSSL_CRMF_CERTID_free(cid); - if (ret == 0) - goto err; - } - - goto end; - - err: - OSSL_CRMF_MSG_free(crm); - crm = NULL; - - end: - sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free); - sk_GENERAL_NAME_pop_free(default_sans, GENERAL_NAME_free); - return crm; -} - -OSSL_CMP_MSG *ossl_cmp_certreq_new(OSSL_CMP_CTX *ctx, int type, - const OSSL_CRMF_MSG *crm) -{ - OSSL_CMP_MSG *msg; - OSSL_CRMF_MSG *local_crm = NULL; - - if (!ossl_assert(ctx != NULL)) - return NULL; - - if (type != OSSL_CMP_PKIBODY_IR && type != OSSL_CMP_PKIBODY_CR - && type != OSSL_CMP_PKIBODY_KUR && type != OSSL_CMP_PKIBODY_P10CR) { - ERR_raise(ERR_LIB_CMP, CMP_R_INVALID_ARGS); - return NULL; - } - if (type == OSSL_CMP_PKIBODY_P10CR && crm != NULL) { - ERR_raise(ERR_LIB_CMP, CMP_R_INVALID_ARGS); - return NULL; - } - - if ((msg = ossl_cmp_msg_create(ctx, type)) == NULL) - goto err; - - /* header */ - if (ctx->implicitConfirm && !ossl_cmp_hdr_set_implicitConfirm(msg->header)) - goto err; - - /* body */ - /* For P10CR the content has already been set in OSSL_CMP_MSG_create */ - if (type != OSSL_CMP_PKIBODY_P10CR) { - EVP_PKEY *privkey = OSSL_CMP_CTX_get0_newPkey(ctx, 1); - - /* - * privkey is NULL in case ctx->newPkey does not include a private key. - * We then may try to use ctx->pkey as fallback/default, but only - * if ctx-> newPkey does not include a (non-matching) public key: - */ - if (privkey == NULL && OSSL_CMP_CTX_get0_newPkey(ctx, 0) == NULL) - privkey = ctx->pkey; /* default is independent of ctx->oldCert */ - if (ctx->popoMethod == OSSL_CRMF_POPO_SIGNATURE && privkey == NULL) { - ERR_raise(ERR_LIB_CMP, CMP_R_MISSING_PRIVATE_KEY); - goto err; - } - if (crm == NULL) { - local_crm = OSSL_CMP_CTX_setup_CRM(ctx, - type == OSSL_CMP_PKIBODY_KUR, - OSSL_CMP_CERTREQID); - if (local_crm == NULL - || !OSSL_CRMF_MSG_create_popo(ctx->popoMethod, local_crm, - privkey, ctx->digest, - ctx->libctx, ctx->propq)) - goto err; - } else { - if ((local_crm = OSSL_CRMF_MSG_dup(crm)) == NULL) - goto err; - } - - /* value.ir is same for cr and kur */ - if (!sk_OSSL_CRMF_MSG_push(msg->body->value.ir, local_crm)) - goto err; - local_crm = NULL; - } - - if (!ossl_cmp_msg_protect(ctx, msg)) - goto err; - - return msg; - - err: - ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_CREATING_CERTREQ); - OSSL_CRMF_MSG_free(local_crm); - OSSL_CMP_MSG_free(msg); - return NULL; -} - -OSSL_CMP_MSG *ossl_cmp_certrep_new(OSSL_CMP_CTX *ctx, int bodytype, - int certReqId, const OSSL_CMP_PKISI *si, - X509 *cert, const X509 *encryption_recip, - STACK_OF(X509) *chain, STACK_OF(X509) *caPubs, - int unprotectedErrors) -{ - OSSL_CMP_MSG *msg = NULL; - OSSL_CMP_CERTREPMESSAGE *repMsg = NULL; - OSSL_CMP_CERTRESPONSE *resp = NULL; - int status = -1; - - if (!ossl_assert(ctx != NULL && si != NULL)) - return NULL; - - if ((msg = ossl_cmp_msg_create(ctx, bodytype)) == NULL) - goto err; - repMsg = msg->body->value.ip; /* value.ip is same for cp and kup */ - - /* header */ - if (ctx->implicitConfirm && !ossl_cmp_hdr_set_implicitConfirm(msg->header)) - goto err; - - /* body */ - if ((resp = OSSL_CMP_CERTRESPONSE_new()) == NULL) - goto err; - OSSL_CMP_PKISI_free(resp->status); - if ((resp->status = OSSL_CMP_PKISI_dup(si)) == NULL - || !ASN1_INTEGER_set(resp->certReqId, certReqId)) - goto err; - - status = ossl_cmp_pkisi_get_status(resp->status); - if (status != OSSL_CMP_PKISTATUS_rejection - && status != OSSL_CMP_PKISTATUS_waiting && cert != NULL) { - if (encryption_recip != NULL) { - ERR_raise(ERR_LIB_CMP, ERR_R_UNSUPPORTED); - goto err; - } - - if ((resp->certifiedKeyPair = OSSL_CMP_CERTIFIEDKEYPAIR_new()) - == NULL) - goto err; - resp->certifiedKeyPair->certOrEncCert->type = - OSSL_CMP_CERTORENCCERT_CERTIFICATE; - if (!X509_up_ref(cert)) - goto err; - resp->certifiedKeyPair->certOrEncCert->value.certificate = cert; - } - - if (!sk_OSSL_CMP_CERTRESPONSE_push(repMsg->response, resp)) - goto err; - resp = NULL; - - if (bodytype == OSSL_CMP_PKIBODY_IP && caPubs != NULL - && (repMsg->caPubs = X509_chain_up_ref(caPubs)) == NULL) - goto err; - if (sk_X509_num(chain) > 0 - && !ossl_x509_add_certs_new(&msg->extraCerts, chain, - X509_ADD_FLAG_UP_REF | X509_ADD_FLAG_NO_DUP)) - goto err; - - if (!unprotectedErrors - || ossl_cmp_pkisi_get_status(si) != OSSL_CMP_PKISTATUS_rejection) - if (!ossl_cmp_msg_protect(ctx, msg)) - goto err; - - return msg; - - err: - ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_CREATING_CERTREP); - OSSL_CMP_CERTRESPONSE_free(resp); - OSSL_CMP_MSG_free(msg); - return NULL; -} - -OSSL_CMP_MSG *ossl_cmp_rr_new(OSSL_CMP_CTX *ctx) -{ - OSSL_CMP_MSG *msg = NULL; - OSSL_CMP_REVDETAILS *rd; - int ret; - - if (!ossl_assert(ctx != NULL && (ctx->oldCert != NULL - || ctx->p10CSR != NULL))) - return NULL; - - if ((rd = OSSL_CMP_REVDETAILS_new()) == NULL) - goto err; - - /* Fill the template from the contents of the certificate to be revoked */ - ret = ctx->oldCert != NULL - ? OSSL_CRMF_CERTTEMPLATE_fill(rd->certDetails, - NULL /* pubkey would be redundant */, - NULL /* subject would be redundant */, - X509_get_issuer_name(ctx->oldCert), - X509_get0_serialNumber(ctx->oldCert)) - : OSSL_CRMF_CERTTEMPLATE_fill(rd->certDetails, - X509_REQ_get0_pubkey(ctx->p10CSR), - X509_REQ_get_subject_name(ctx->p10CSR), - NULL, NULL); - if (!ret) - goto err; - - /* revocation reason code is optional */ - if (ctx->revocationReason != CRL_REASON_NONE - && !add_crl_reason_extension(&rd->crlEntryDetails, - ctx->revocationReason)) - goto err; - - if ((msg = ossl_cmp_msg_create(ctx, OSSL_CMP_PKIBODY_RR)) == NULL) - goto err; - - if (!sk_OSSL_CMP_REVDETAILS_push(msg->body->value.rr, rd)) - goto err; - rd = NULL; - /* Revocation Passphrase according to section 5.3.19.9 could be set here */ - - if (!ossl_cmp_msg_protect(ctx, msg)) - goto err; - - return msg; - - err: - ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_CREATING_RR); - OSSL_CMP_MSG_free(msg); - OSSL_CMP_REVDETAILS_free(rd); - return NULL; -} - -OSSL_CMP_MSG *ossl_cmp_rp_new(OSSL_CMP_CTX *ctx, const OSSL_CMP_PKISI *si, - const OSSL_CRMF_CERTID *cid, int unprotectedErrors) -{ - OSSL_CMP_REVREPCONTENT *rep = NULL; - OSSL_CMP_PKISI *si1 = NULL; - OSSL_CRMF_CERTID *cid_copy = NULL; - OSSL_CMP_MSG *msg = NULL; - - if (!ossl_assert(ctx != NULL && si != NULL)) - return NULL; - - if ((msg = ossl_cmp_msg_create(ctx, OSSL_CMP_PKIBODY_RP)) == NULL) - goto err; - rep = msg->body->value.rp; - - if ((si1 = OSSL_CMP_PKISI_dup(si)) == NULL) - goto err; - - if (!sk_OSSL_CMP_PKISI_push(rep->status, si1)) { - OSSL_CMP_PKISI_free(si1); - goto err; - } - - if ((rep->revCerts = sk_OSSL_CRMF_CERTID_new_null()) == NULL) - goto err; - if (cid != NULL) { - if ((cid_copy = OSSL_CRMF_CERTID_dup(cid)) == NULL) - goto err; - if (!sk_OSSL_CRMF_CERTID_push(rep->revCerts, cid_copy)) { - OSSL_CRMF_CERTID_free(cid_copy); - goto err; - } - } - - if (!unprotectedErrors - || ossl_cmp_pkisi_get_status(si) != OSSL_CMP_PKISTATUS_rejection) - if (!ossl_cmp_msg_protect(ctx, msg)) - goto err; - - return msg; - - err: - ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_CREATING_RP); - OSSL_CMP_MSG_free(msg); - return NULL; -} - -OSSL_CMP_MSG *ossl_cmp_pkiconf_new(OSSL_CMP_CTX *ctx) -{ - OSSL_CMP_MSG *msg; - - if (!ossl_assert(ctx != NULL)) - return NULL; - - if ((msg = ossl_cmp_msg_create(ctx, OSSL_CMP_PKIBODY_PKICONF)) == NULL) - goto err; - if (ossl_cmp_msg_protect(ctx, msg)) - return msg; - - err: - ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_CREATING_PKICONF); - OSSL_CMP_MSG_free(msg); - return NULL; -} - -int ossl_cmp_msg_gen_push0_ITAV(OSSL_CMP_MSG *msg, OSSL_CMP_ITAV *itav) -{ - int bodytype; - - if (!ossl_assert(msg != NULL && itav != NULL)) - return 0; - - bodytype = OSSL_CMP_MSG_get_bodytype(msg); - if (bodytype != OSSL_CMP_PKIBODY_GENM - && bodytype != OSSL_CMP_PKIBODY_GENP) { - ERR_raise(ERR_LIB_CMP, CMP_R_INVALID_ARGS); - return 0; - } - - /* value.genp has the same structure, so this works for genp as well */ - return OSSL_CMP_ITAV_push0_stack_item(&msg->body->value.genm, itav); -} - -int ossl_cmp_msg_gen_push1_ITAVs(OSSL_CMP_MSG *msg, - const STACK_OF(OSSL_CMP_ITAV) *itavs) -{ - int i; - OSSL_CMP_ITAV *itav = NULL; - - if (!ossl_assert(msg != NULL)) - return 0; - - for (i = 0; i < sk_OSSL_CMP_ITAV_num(itavs); i++) { - itav = OSSL_CMP_ITAV_dup(sk_OSSL_CMP_ITAV_value(itavs, i)); - if (itav == NULL - || !ossl_cmp_msg_gen_push0_ITAV(msg, itav)) { - OSSL_CMP_ITAV_free(itav); - return 0; - } - } - return 1; -} - -/* - * Creates a new General Message/Response with an empty itav stack - * returns a pointer to the PKIMessage on success, NULL on error - */ -static OSSL_CMP_MSG *gen_new(OSSL_CMP_CTX *ctx, - const STACK_OF(OSSL_CMP_ITAV) *itavs, - int body_type, int err_code) -{ - OSSL_CMP_MSG *msg = NULL; - - if (!ossl_assert(ctx != NULL)) - return NULL; - - if ((msg = ossl_cmp_msg_create(ctx, body_type)) == NULL) - return NULL; - - if (ctx->genm_ITAVs != NULL - && !ossl_cmp_msg_gen_push1_ITAVs(msg, itavs)) - goto err; - - if (!ossl_cmp_msg_protect(ctx, msg)) - goto err; - - return msg; - - err: - ERR_raise(ERR_LIB_CMP, err_code); - OSSL_CMP_MSG_free(msg); - return NULL; -} - -OSSL_CMP_MSG *ossl_cmp_genm_new(OSSL_CMP_CTX *ctx) -{ - return gen_new(ctx, ctx->genm_ITAVs, - OSSL_CMP_PKIBODY_GENM, CMP_R_ERROR_CREATING_GENM); -} - -OSSL_CMP_MSG *ossl_cmp_genp_new(OSSL_CMP_CTX *ctx, - const STACK_OF(OSSL_CMP_ITAV) *itavs) -{ - return gen_new(ctx, itavs, - OSSL_CMP_PKIBODY_GENP, CMP_R_ERROR_CREATING_GENP); -} - -OSSL_CMP_MSG *ossl_cmp_error_new(OSSL_CMP_CTX *ctx, const OSSL_CMP_PKISI *si, - int64_t errorCode, const char *details, - int unprotected) -{ - OSSL_CMP_MSG *msg = NULL; - const char *lib = NULL, *reason = NULL; - OSSL_CMP_PKIFREETEXT *ft; - - if (!ossl_assert(ctx != NULL && si != NULL)) - return NULL; - - if ((msg = ossl_cmp_msg_create(ctx, OSSL_CMP_PKIBODY_ERROR)) == NULL) - goto err; - - OSSL_CMP_PKISI_free(msg->body->value.error->pKIStatusInfo); - if ((msg->body->value.error->pKIStatusInfo = OSSL_CMP_PKISI_dup(si)) - == NULL) - goto err; - if ((msg->body->value.error->errorCode = ASN1_INTEGER_new()) == NULL) - goto err; - if (!ASN1_INTEGER_set_int64(msg->body->value.error->errorCode, errorCode)) - goto err; - if (errorCode > 0 - && (uint64_t)errorCode < ((uint64_t)ERR_SYSTEM_FLAG << 1)) { - lib = ERR_lib_error_string((unsigned long)errorCode); - reason = ERR_reason_error_string((unsigned long)errorCode); - } - if (lib != NULL || reason != NULL || details != NULL) { - if ((ft = sk_ASN1_UTF8STRING_new_null()) == NULL) - goto err; - msg->body->value.error->errorDetails = ft; - if (lib != NULL && *lib != '\0' - && !ossl_cmp_sk_ASN1_UTF8STRING_push_str(ft, lib, -1)) - goto err; - if (reason != NULL && *reason != '\0' - && !ossl_cmp_sk_ASN1_UTF8STRING_push_str(ft, reason, -1)) - goto err; - if (details != NULL - && !ossl_cmp_sk_ASN1_UTF8STRING_push_str(ft, details, -1)) - goto err; - } - - if (!unprotected && !ossl_cmp_msg_protect(ctx, msg)) - goto err; - return msg; - - err: - ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_CREATING_ERROR); - OSSL_CMP_MSG_free(msg); - return NULL; -} - -/* - * Set the certHash field of a OSSL_CMP_CERTSTATUS structure. - * This is used in the certConf message, for example, - * to confirm that the certificate was received successfully. - */ -int ossl_cmp_certstatus_set0_certHash(OSSL_CMP_CERTSTATUS *certStatus, - ASN1_OCTET_STRING *hash) -{ - if (!ossl_assert(certStatus != NULL)) - return 0; - ASN1_OCTET_STRING_free(certStatus->certHash); - certStatus->certHash = hash; - return 1; -} - -OSSL_CMP_MSG *ossl_cmp_certConf_new(OSSL_CMP_CTX *ctx, int fail_info, - const char *text) -{ - OSSL_CMP_MSG *msg = NULL; - OSSL_CMP_CERTSTATUS *certStatus = NULL; - ASN1_OCTET_STRING *certHash = NULL; - OSSL_CMP_PKISI *sinfo; - - if (!ossl_assert(ctx != NULL && ctx->newCert != NULL)) - return NULL; - - if ((unsigned)fail_info > OSSL_CMP_PKIFAILUREINFO_MAX_BIT_PATTERN) { - ERR_raise(ERR_LIB_CMP, CMP_R_FAIL_INFO_OUT_OF_RANGE); - return NULL; - } - - if ((msg = ossl_cmp_msg_create(ctx, OSSL_CMP_PKIBODY_CERTCONF)) == NULL) - goto err; - - if ((certStatus = OSSL_CMP_CERTSTATUS_new()) == NULL) - goto err; - /* consume certStatus into msg right away so it gets deallocated with msg */ - if (!sk_OSSL_CMP_CERTSTATUS_push(msg->body->value.certConf, certStatus)) - goto err; - /* set the ID of the certReq */ - if (!ASN1_INTEGER_set(certStatus->certReqId, OSSL_CMP_CERTREQID)) - goto err; - /* - * The hash of the certificate, using the same hash algorithm - * as is used to create and verify the certificate signature. - * If not available, a default hash algorithm is used. - */ - if ((certHash = X509_digest_sig(ctx->newCert, NULL, NULL)) == NULL) - goto err; - - if (!ossl_cmp_certstatus_set0_certHash(certStatus, certHash)) - goto err; - certHash = NULL; - /* - * For any particular CertStatus, omission of the statusInfo field - * indicates ACCEPTANCE of the specified certificate. Alternatively, - * explicit status details (with respect to acceptance or rejection) MAY - * be provided in the statusInfo field, perhaps for auditing purposes at - * the CA/RA. - */ - sinfo = fail_info != 0 ? - OSSL_CMP_STATUSINFO_new(OSSL_CMP_PKISTATUS_rejection, fail_info, text) : - OSSL_CMP_STATUSINFO_new(OSSL_CMP_PKISTATUS_accepted, 0, text); - if (sinfo == NULL) - goto err; - certStatus->statusInfo = sinfo; - - if (!ossl_cmp_msg_protect(ctx, msg)) - goto err; - - return msg; - - err: - ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_CREATING_CERTCONF); - OSSL_CMP_MSG_free(msg); - ASN1_OCTET_STRING_free(certHash); - return NULL; -} - -OSSL_CMP_MSG *ossl_cmp_pollReq_new(OSSL_CMP_CTX *ctx, int crid) -{ - OSSL_CMP_MSG *msg = NULL; - OSSL_CMP_POLLREQ *preq = NULL; - - if (!ossl_assert(ctx != NULL)) - return NULL; - - if ((msg = ossl_cmp_msg_create(ctx, OSSL_CMP_PKIBODY_POLLREQ)) == NULL) - goto err; - - if ((preq = OSSL_CMP_POLLREQ_new()) == NULL - || !ASN1_INTEGER_set(preq->certReqId, crid) - || !sk_OSSL_CMP_POLLREQ_push(msg->body->value.pollReq, preq)) - goto err; - - preq = NULL; - if (!ossl_cmp_msg_protect(ctx, msg)) - goto err; - - return msg; - - err: - ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_CREATING_POLLREQ); - OSSL_CMP_POLLREQ_free(preq); - OSSL_CMP_MSG_free(msg); - return NULL; -} - -OSSL_CMP_MSG *ossl_cmp_pollRep_new(OSSL_CMP_CTX *ctx, int crid, - int64_t poll_after) -{ - OSSL_CMP_MSG *msg; - OSSL_CMP_POLLREP *prep; - - if (!ossl_assert(ctx != NULL)) - return NULL; - - if ((msg = ossl_cmp_msg_create(ctx, OSSL_CMP_PKIBODY_POLLREP)) == NULL) - goto err; - if ((prep = OSSL_CMP_POLLREP_new()) == NULL) - goto err; - if (!sk_OSSL_CMP_POLLREP_push(msg->body->value.pollRep, prep)) - goto err; - if (!ASN1_INTEGER_set(prep->certReqId, crid)) - goto err; - if (!ASN1_INTEGER_set_int64(prep->checkAfter, poll_after)) - goto err; - - if (!ossl_cmp_msg_protect(ctx, msg)) - goto err; - return msg; - - err: - ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_CREATING_POLLREP); - OSSL_CMP_MSG_free(msg); - return NULL; -} - -/*- - * returns the status field of the RevRepContent with the given - * request/sequence id inside a revocation response. - * RevRepContent has the revocation statuses in same order as they were sent in - * RevReqContent. - * returns NULL on error - */ -OSSL_CMP_PKISI * -ossl_cmp_revrepcontent_get_pkisi(OSSL_CMP_REVREPCONTENT *rrep, int rsid) -{ - OSSL_CMP_PKISI *status; - - if (!ossl_assert(rrep != NULL)) - return NULL; - - if ((status = sk_OSSL_CMP_PKISI_value(rrep->status, rsid)) != NULL) - return status; - - ERR_raise(ERR_LIB_CMP, CMP_R_PKISTATUSINFO_NOT_FOUND); - return NULL; -} - -/* - * returns the CertId field in the revCerts part of the RevRepContent - * with the given request/sequence id inside a revocation response. - * RevRepContent has the CertIds in same order as they were sent in - * RevReqContent. - * returns NULL on error - */ -OSSL_CRMF_CERTID * -ossl_cmp_revrepcontent_get_CertId(OSSL_CMP_REVREPCONTENT *rrep, int rsid) -{ - OSSL_CRMF_CERTID *cid = NULL; - - if (!ossl_assert(rrep != NULL)) - return NULL; - - if ((cid = sk_OSSL_CRMF_CERTID_value(rrep->revCerts, rsid)) != NULL) - return cid; - - ERR_raise(ERR_LIB_CMP, CMP_R_CERTID_NOT_FOUND); - return NULL; -} - -static int suitable_rid(const ASN1_INTEGER *certReqId, int rid) -{ - int trid; - - if (rid == -1) - return 1; - - trid = ossl_cmp_asn1_get_int(certReqId); - - if (trid == -1) { - ERR_raise(ERR_LIB_CMP, CMP_R_BAD_REQUEST_ID); - return 0; - } - return rid == trid; -} - -/* - * returns a pointer to the PollResponse with the given CertReqId - * (or the first one in case -1) inside a PollRepContent - * returns NULL on error or if no suitable PollResponse available - */ -OSSL_CMP_POLLREP * -ossl_cmp_pollrepcontent_get0_pollrep(const OSSL_CMP_POLLREPCONTENT *prc, - int rid) -{ - OSSL_CMP_POLLREP *pollRep = NULL; - int i; - - if (!ossl_assert(prc != NULL)) - return NULL; - - for (i = 0; i < sk_OSSL_CMP_POLLREP_num(prc); i++) { - pollRep = sk_OSSL_CMP_POLLREP_value(prc, i); - if (suitable_rid(pollRep->certReqId, rid)) - return pollRep; - } - - ERR_raise_data(ERR_LIB_CMP, CMP_R_CERTRESPONSE_NOT_FOUND, - "expected certReqId = %d", rid); - return NULL; -} - -/* - * returns a pointer to the CertResponse with the given CertReqId - * (or the first one in case -1) inside a CertRepMessage - * returns NULL on error or if no suitable CertResponse available - */ -OSSL_CMP_CERTRESPONSE * -ossl_cmp_certrepmessage_get0_certresponse(const OSSL_CMP_CERTREPMESSAGE *crm, - int rid) -{ - OSSL_CMP_CERTRESPONSE *crep = NULL; - int i; - - if (!ossl_assert(crm != NULL && crm->response != NULL)) - return NULL; - - for (i = 0; i < sk_OSSL_CMP_CERTRESPONSE_num(crm->response); i++) { - crep = sk_OSSL_CMP_CERTRESPONSE_value(crm->response, i); - if (suitable_rid(crep->certReqId, rid)) - return crep; - } - - ERR_raise_data(ERR_LIB_CMP, CMP_R_CERTRESPONSE_NOT_FOUND, - "expected certReqId = %d", rid); - return NULL; -} - -/*- - * Retrieve the newly enrolled certificate from the given certResponse crep. - * In case of indirect POPO uses the libctx and propq from ctx and private key. - * Returns a pointer to a copy of the found certificate, or NULL if not found. - */ -X509 *ossl_cmp_certresponse_get1_cert(const OSSL_CMP_CERTRESPONSE *crep, - const OSSL_CMP_CTX *ctx, EVP_PKEY *pkey) -{ - OSSL_CMP_CERTORENCCERT *coec; - X509 *crt = NULL; - - if (!ossl_assert(crep != NULL && ctx != NULL)) - return NULL; - - if (crep->certifiedKeyPair - && (coec = crep->certifiedKeyPair->certOrEncCert) != NULL) { - switch (coec->type) { - case OSSL_CMP_CERTORENCCERT_CERTIFICATE: - crt = X509_dup(coec->value.certificate); - break; - case OSSL_CMP_CERTORENCCERT_ENCRYPTEDCERT: - /* cert encrypted for indirect PoP; RFC 4210, 5.2.8.2 */ - if (pkey == NULL) { - ERR_raise(ERR_LIB_CMP, CMP_R_MISSING_PRIVATE_KEY); - return NULL; - } - crt = - OSSL_CRMF_ENCRYPTEDVALUE_get1_encCert(coec->value.encryptedCert, - ctx->libctx, ctx->propq, - pkey); - break; - default: - ERR_raise(ERR_LIB_CMP, CMP_R_UNKNOWN_CERT_TYPE); - return NULL; - } - } - if (crt == NULL) - ERR_raise(ERR_LIB_CMP, CMP_R_CERTIFICATE_NOT_FOUND); - else - (void)ossl_x509_set0_libctx(crt, ctx->libctx, ctx->propq); - return crt; -} - -int OSSL_CMP_MSG_update_transactionID(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg) -{ - if (ctx == NULL || msg == NULL) { - ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); - return 0; - } - if (!ossl_cmp_hdr_set_transactionID(ctx, msg->header)) - return 0; - return msg->header->protectionAlg == NULL - || ossl_cmp_msg_protect(ctx, msg); -} - -OSSL_CMP_MSG *OSSL_CMP_MSG_read(const char *file, OSSL_LIB_CTX *libctx, - const char *propq) -{ - OSSL_CMP_MSG *msg; - BIO *bio = NULL; - - if (file == NULL) { - ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); - return NULL; - } - - msg = OSSL_CMP_MSG_new(libctx, propq); - if (msg == NULL){ - ERR_raise(ERR_LIB_CMP, ERR_R_MALLOC_FAILURE); - return NULL; - } - - if ((bio = BIO_new_file(file, "rb")) == NULL - || d2i_OSSL_CMP_MSG_bio(bio, &msg) == NULL) { - OSSL_CMP_MSG_free(msg); - msg = NULL; - } - BIO_free(bio); - return msg; -} - -int OSSL_CMP_MSG_write(const char *file, const OSSL_CMP_MSG *msg) -{ - BIO *bio; - int res; - - if (file == NULL || msg == NULL) { - ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); - return -1; - } - - bio = BIO_new_file(file, "wb"); - if (bio == NULL) - return -2; - res = i2d_OSSL_CMP_MSG_bio(bio, msg); - BIO_free(bio); - return res; -} - -OSSL_CMP_MSG *d2i_OSSL_CMP_MSG(OSSL_CMP_MSG **msg, const unsigned char **in, - long len) -{ - OSSL_LIB_CTX *libctx = NULL; - const char *propq = NULL; - - if (msg != NULL && *msg != NULL) { - libctx = (*msg)->libctx; - propq = (*msg)->propq; - } - - return (OSSL_CMP_MSG *)ASN1_item_d2i_ex((ASN1_VALUE **)msg, in, len, - ASN1_ITEM_rptr(OSSL_CMP_MSG), - libctx, propq); -} - -int i2d_OSSL_CMP_MSG(const OSSL_CMP_MSG *msg, unsigned char **out) -{ - return ASN1_item_i2d((const ASN1_VALUE *)msg, out, - ASN1_ITEM_rptr(OSSL_CMP_MSG)); -} - -OSSL_CMP_MSG *d2i_OSSL_CMP_MSG_bio(BIO *bio, OSSL_CMP_MSG **msg) -{ - OSSL_LIB_CTX *libctx = NULL; - const char *propq = NULL; - - if (msg != NULL && *msg != NULL) { - libctx = (*msg)->libctx; - propq = (*msg)->propq; - } - - return ASN1_item_d2i_bio_ex(ASN1_ITEM_rptr(OSSL_CMP_MSG), bio, msg, libctx, - propq); -} - -int i2d_OSSL_CMP_MSG_bio(BIO *bio, const OSSL_CMP_MSG *msg) -{ - return ASN1_i2d_bio_of(OSSL_CMP_MSG, i2d_OSSL_CMP_MSG, bio, msg); -} diff --git a/crypto/cmp/cmp_protect.c b/crypto/cmp/cmp_protect.c deleted file mode 100644 index 02526196ad2a79db323093e6ea716d9621795cf9..0000000000000000000000000000000000000000 --- a/crypto/cmp/cmp_protect.c +++ /dev/null @@ -1,332 +0,0 @@ -/* - * Copyright 2007-2022 The OpenSSL Project Authors. All Rights Reserved. - * Copyright Nokia 2007-2019 - * Copyright Siemens AG 2015-2019 - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include "cmp_local.h" - -/* explicit #includes not strictly needed since implied by the above: */ -#include -#include -#include -#include -#include - -/* - * This function is also used by the internal verify_PBMAC() in cmp_vfy.c. - * - * Calculate protection for given PKImessage according to - * the algorithm and parameters in the message header's protectionAlg - * using the credentials, library context, and property criteria in the ctx. - * - * returns ASN1_BIT_STRING representing the protection on success, else NULL - */ -ASN1_BIT_STRING *ossl_cmp_calc_protection(const OSSL_CMP_CTX *ctx, - const OSSL_CMP_MSG *msg) -{ - ASN1_BIT_STRING *prot = NULL; - OSSL_CMP_PROTECTEDPART prot_part; - const ASN1_OBJECT *algorOID = NULL; - const void *ppval = NULL; - int pptype = 0; - - if (!ossl_assert(ctx != NULL && msg != NULL)) - return NULL; - - /* construct data to be signed */ - prot_part.header = msg->header; - prot_part.body = msg->body; - - if (msg->header->protectionAlg == NULL) { - ERR_raise(ERR_LIB_CMP, CMP_R_UNKNOWN_ALGORITHM_ID); - return NULL; - } - X509_ALGOR_get0(&algorOID, &pptype, &ppval, msg->header->protectionAlg); - - if (OBJ_obj2nid(algorOID) == NID_id_PasswordBasedMAC) { - int len; - size_t prot_part_der_len; - unsigned char *prot_part_der = NULL; - size_t sig_len; - unsigned char *protection = NULL; - OSSL_CRMF_PBMPARAMETER *pbm = NULL; - ASN1_STRING *pbm_str = NULL; - const unsigned char *pbm_str_uc = NULL; - - if (ctx->secretValue == NULL) { - ERR_raise(ERR_LIB_CMP, CMP_R_MISSING_PBM_SECRET); - return NULL; - } - if (ppval == NULL) { - ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_CALCULATING_PROTECTION); - return NULL; - } - - len = i2d_OSSL_CMP_PROTECTEDPART(&prot_part, &prot_part_der); - if (len < 0 || prot_part_der == NULL) { - ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_CALCULATING_PROTECTION); - goto end; - } - prot_part_der_len = (size_t)len; - - pbm_str = (ASN1_STRING *)ppval; - pbm_str_uc = pbm_str->data; - pbm = d2i_OSSL_CRMF_PBMPARAMETER(NULL, &pbm_str_uc, pbm_str->length); - if (pbm == NULL) { - ERR_raise(ERR_LIB_CMP, CMP_R_WRONG_ALGORITHM_OID); - goto end; - } - - if (!OSSL_CRMF_pbm_new(ctx->libctx, ctx->propq, - pbm, prot_part_der, prot_part_der_len, - ctx->secretValue->data, ctx->secretValue->length, - &protection, &sig_len)) - goto end; - - if ((prot = ASN1_BIT_STRING_new()) == NULL) - goto end; - /* OpenSSL defaults all bit strings to be encoded as ASN.1 NamedBitList */ - prot->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); - prot->flags |= ASN1_STRING_FLAG_BITS_LEFT; - if (!ASN1_BIT_STRING_set(prot, protection, sig_len)) { - ASN1_BIT_STRING_free(prot); - prot = NULL; - } - end: - OSSL_CRMF_PBMPARAMETER_free(pbm); - OPENSSL_free(protection); - OPENSSL_free(prot_part_der); - return prot; - } else { - int md_nid; - const EVP_MD *md = NULL; - - if (ctx->pkey == NULL) { - ERR_raise(ERR_LIB_CMP, - CMP_R_MISSING_KEY_INPUT_FOR_CREATING_PROTECTION); - return NULL; - } - if (!OBJ_find_sigid_algs(OBJ_obj2nid(algorOID), &md_nid, NULL) - || (md = EVP_get_digestbynid(md_nid)) == NULL) { - ERR_raise(ERR_LIB_CMP, CMP_R_UNKNOWN_ALGORITHM_ID); - return NULL; - } - - if ((prot = ASN1_BIT_STRING_new()) == NULL) - return NULL; - if (ASN1_item_sign_ex(ASN1_ITEM_rptr(OSSL_CMP_PROTECTEDPART), NULL, - NULL, prot, &prot_part, NULL, ctx->pkey, md, - ctx->libctx, ctx->propq)) - return prot; - ASN1_BIT_STRING_free(prot); - return NULL; - } -} - -int ossl_cmp_msg_add_extraCerts(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg) -{ - if (!ossl_assert(ctx != NULL && msg != NULL)) - return 0; - - /* Add first ctx->cert and its chain if using signature-based protection */ - if (!ctx->unprotectedSend && ctx->secretValue == NULL - && ctx->cert != NULL && ctx->pkey != NULL) { - int prepend = X509_ADD_FLAG_UP_REF | X509_ADD_FLAG_NO_DUP - | X509_ADD_FLAG_PREPEND | X509_ADD_FLAG_NO_SS; - - /* if not yet done try to build chain using available untrusted certs */ - if (ctx->chain == NULL) { - ossl_cmp_debug(ctx, - "trying to build chain for own CMP signer cert"); - ctx->chain = X509_build_chain(ctx->cert, ctx->untrusted, NULL, 0, - ctx->libctx, ctx->propq); - if (ctx->chain != NULL) { - ossl_cmp_debug(ctx, - "success building chain for own CMP signer cert"); - } else { - /* dump errors to avoid confusion when printing further ones */ - OSSL_CMP_CTX_print_errors(ctx); - ossl_cmp_warn(ctx, - "could not build chain for own CMP signer cert"); - } - } - if (ctx->chain != NULL) { - if (!ossl_x509_add_certs_new(&msg->extraCerts, ctx->chain, prepend)) - return 0; - } else { - /* make sure that at least our own signer cert is included first */ - if (!ossl_x509_add_cert_new(&msg->extraCerts, ctx->cert, prepend)) - return 0; - ossl_cmp_debug(ctx, "fallback: adding just own CMP signer cert"); - } - } - - /* add any additional certificates from ctx->extraCertsOut */ - if (!ossl_x509_add_certs_new(&msg->extraCerts, ctx->extraCertsOut, - X509_ADD_FLAG_UP_REF | X509_ADD_FLAG_NO_DUP)) - return 0; - - /* in case extraCerts are empty list avoid empty ASN.1 sequence */ - if (sk_X509_num(msg->extraCerts) == 0) { - sk_X509_free(msg->extraCerts); - msg->extraCerts = NULL; - } - return 1; -} - -/* - * Create an X509_ALGOR structure for PasswordBasedMAC protection based on - * the pbm settings in the context - */ -static int set_pbmac_algor(const OSSL_CMP_CTX *ctx, X509_ALGOR **alg) -{ - OSSL_CRMF_PBMPARAMETER *pbm = NULL; - unsigned char *pbm_der = NULL; - int pbm_der_len; - ASN1_STRING *pbm_str = NULL; - - if (!ossl_assert(ctx != NULL)) - return 0; - - pbm = OSSL_CRMF_pbmp_new(ctx->libctx, ctx->pbm_slen, - EVP_MD_get_type(ctx->pbm_owf), ctx->pbm_itercnt, - ctx->pbm_mac); - pbm_str = ASN1_STRING_new(); - if (pbm == NULL || pbm_str == NULL) - goto err; - - if ((pbm_der_len = i2d_OSSL_CRMF_PBMPARAMETER(pbm, &pbm_der)) < 0) - goto err; - - if (!ASN1_STRING_set(pbm_str, pbm_der, pbm_der_len)) - goto err; - if (*alg == NULL && (*alg = X509_ALGOR_new()) == NULL) - goto err; - OPENSSL_free(pbm_der); - - X509_ALGOR_set0(*alg, OBJ_nid2obj(NID_id_PasswordBasedMAC), - V_ASN1_SEQUENCE, pbm_str); - OSSL_CRMF_PBMPARAMETER_free(pbm); - return 1; - - err: - ASN1_STRING_free(pbm_str); - OPENSSL_free(pbm_der); - OSSL_CRMF_PBMPARAMETER_free(pbm); - return 0; -} - -static int set_sig_algor(const OSSL_CMP_CTX *ctx, X509_ALGOR **alg) -{ - int nid = 0; - ASN1_OBJECT *algo = NULL; - - if (!OBJ_find_sigid_by_algs(&nid, EVP_MD_get_type(ctx->digest), - EVP_PKEY_get_id(ctx->pkey))) { - ERR_raise(ERR_LIB_CMP, CMP_R_UNSUPPORTED_KEY_TYPE); - return 0; - } - if ((algo = OBJ_nid2obj(nid)) == NULL) - return 0; - if (*alg == NULL && (*alg = X509_ALGOR_new()) == NULL) - return 0; - - if (X509_ALGOR_set0(*alg, algo, V_ASN1_UNDEF, NULL)) - return 1; - ASN1_OBJECT_free(algo); - return 0; -} - -static int set_senderKID(const OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg, - const ASN1_OCTET_STRING *id) -{ - if (id == NULL) - id = ctx->referenceValue; /* standard for PBM, fallback for sig-based */ - return id == NULL || ossl_cmp_hdr_set1_senderKID(msg->header, id); -} - -int ossl_cmp_msg_protect(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg) -{ - if (!ossl_assert(ctx != NULL && msg != NULL)) - return 0; - - /* - * For the case of re-protection remove pre-existing protection. - */ - X509_ALGOR_free(msg->header->protectionAlg); - msg->header->protectionAlg = NULL; - ASN1_BIT_STRING_free(msg->protection); - msg->protection = NULL; - - if (ctx->unprotectedSend) { - if (!set_senderKID(ctx, msg, NULL)) - goto err; - } else if (ctx->secretValue != NULL) { - /* use PasswordBasedMac according to 5.1.3.1 if secretValue is given */ - if (!set_pbmac_algor(ctx, &msg->header->protectionAlg)) - goto err; - if (!set_senderKID(ctx, msg, NULL)) - goto err; - - /* - * will add any additional certificates from ctx->extraCertsOut - * while not needed to validate the protection certificate, - * the option to do this might be handy for certain use cases - */ - } else if (ctx->cert != NULL && ctx->pkey != NULL) { - /* use MSG_SIG_ALG according to 5.1.3.3 if client cert and key given */ - - /* make sure that key and certificate match */ - if (!X509_check_private_key(ctx->cert, ctx->pkey)) { - ERR_raise(ERR_LIB_CMP, CMP_R_CERT_AND_KEY_DO_NOT_MATCH); - goto err; - } - - if (!set_sig_algor(ctx, &msg->header->protectionAlg)) - goto err; - /* set senderKID to keyIdentifier of the cert according to 5.1.1 */ - if (!set_senderKID(ctx, msg, X509_get0_subject_key_id(ctx->cert))) - goto err; - - /* - * will add ctx->cert followed, if possible, by its chain built - * from ctx->untrusted, and then ctx->extraCertsOut - */ - } else { - ERR_raise(ERR_LIB_CMP, - CMP_R_MISSING_KEY_INPUT_FOR_CREATING_PROTECTION); - goto err; - } - if (!ctx->unprotectedSend - && ((msg->protection = ossl_cmp_calc_protection(ctx, msg)) == NULL)) - goto err; - - /* - * For signature-based protection add ctx->cert followed by its chain. - * Finally add any additional certificates from ctx->extraCertsOut; - * even if not needed to validate the protection - * the option to do this might be handy for certain use cases. - */ - if (!ossl_cmp_msg_add_extraCerts(ctx, msg)) - goto err; - - /* - * As required by RFC 4210 section 5.1.1., if the sender name is not known - * to the client it set to NULL-DN. In this case for identification at least - * the senderKID must be set, where we took the referenceValue as fallback. - */ - if (!(ossl_cmp_general_name_is_NULL_DN(msg->header->sender) - && msg->header->senderKID == NULL)) - return 1; - ERR_raise(ERR_LIB_CMP, CMP_R_MISSING_SENDER_IDENTIFICATION); - - err: - ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_PROTECTING_MESSAGE); - return 0; -} diff --git a/crypto/cmp/cmp_server.c b/crypto/cmp/cmp_server.c deleted file mode 100644 index 7ce4662aee5f1477cf0dd03987c270e31f828d80..0000000000000000000000000000000000000000 --- a/crypto/cmp/cmp_server.c +++ /dev/null @@ -1,644 +0,0 @@ -/* - * Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved. - * Copyright Nokia 2007-2019 - * Copyright Siemens AG 2015-2019 - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* general CMP server functions */ - -#include - -#include "cmp_local.h" - -/* explicit #includes not strictly needed since implied by the above: */ -#include -#include - -/* the context for the generic CMP server */ -struct ossl_cmp_srv_ctx_st -{ - OSSL_CMP_CTX *ctx; /* Client CMP context, partly reused for srv */ - void *custom_ctx; /* pointer to specific server context */ - - OSSL_CMP_SRV_cert_request_cb_t process_cert_request; - OSSL_CMP_SRV_rr_cb_t process_rr; - OSSL_CMP_SRV_genm_cb_t process_genm; - OSSL_CMP_SRV_error_cb_t process_error; - OSSL_CMP_SRV_certConf_cb_t process_certConf; - OSSL_CMP_SRV_pollReq_cb_t process_pollReq; - - int sendUnprotectedErrors; /* Send error and rejection msgs unprotected */ - int acceptUnprotected; /* Accept requests with no/invalid prot. */ - int acceptRAVerified; /* Accept ir/cr/kur with POPO RAVerified */ - int grantImplicitConfirm; /* Grant implicit confirmation if requested */ - -}; /* OSSL_CMP_SRV_CTX */ - -void OSSL_CMP_SRV_CTX_free(OSSL_CMP_SRV_CTX *srv_ctx) -{ - if (srv_ctx == NULL) - return; - - OSSL_CMP_CTX_free(srv_ctx->ctx); - OPENSSL_free(srv_ctx); -} - -OSSL_CMP_SRV_CTX *OSSL_CMP_SRV_CTX_new(OSSL_LIB_CTX *libctx, const char *propq) -{ - OSSL_CMP_SRV_CTX *ctx = OPENSSL_zalloc(sizeof(OSSL_CMP_SRV_CTX)); - - if (ctx == NULL) - goto err; - - if ((ctx->ctx = OSSL_CMP_CTX_new(libctx, propq)) == NULL) - goto err; - - /* all other elements are initialized to 0 or NULL, respectively */ - return ctx; - err: - OSSL_CMP_SRV_CTX_free(ctx); - return NULL; -} - -int OSSL_CMP_SRV_CTX_init(OSSL_CMP_SRV_CTX *srv_ctx, void *custom_ctx, - OSSL_CMP_SRV_cert_request_cb_t process_cert_request, - OSSL_CMP_SRV_rr_cb_t process_rr, - OSSL_CMP_SRV_genm_cb_t process_genm, - OSSL_CMP_SRV_error_cb_t process_error, - OSSL_CMP_SRV_certConf_cb_t process_certConf, - OSSL_CMP_SRV_pollReq_cb_t process_pollReq) -{ - if (srv_ctx == NULL) { - ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); - return 0; - } - srv_ctx->custom_ctx = custom_ctx; - srv_ctx->process_cert_request = process_cert_request; - srv_ctx->process_rr = process_rr; - srv_ctx->process_genm = process_genm; - srv_ctx->process_error = process_error; - srv_ctx->process_certConf = process_certConf; - srv_ctx->process_pollReq = process_pollReq; - return 1; -} - -OSSL_CMP_CTX *OSSL_CMP_SRV_CTX_get0_cmp_ctx(const OSSL_CMP_SRV_CTX *srv_ctx) -{ - if (srv_ctx == NULL) { - ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); - return NULL; - } - return srv_ctx->ctx; -} - -void *OSSL_CMP_SRV_CTX_get0_custom_ctx(const OSSL_CMP_SRV_CTX *srv_ctx) -{ - if (srv_ctx == NULL) { - ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); - return NULL; - } - return srv_ctx->custom_ctx; -} - -int OSSL_CMP_SRV_CTX_set_send_unprotected_errors(OSSL_CMP_SRV_CTX *srv_ctx, - int val) -{ - if (srv_ctx == NULL) { - ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); - return 0; - } - srv_ctx->sendUnprotectedErrors = val != 0; - return 1; -} - -int OSSL_CMP_SRV_CTX_set_accept_unprotected(OSSL_CMP_SRV_CTX *srv_ctx, int val) -{ - if (srv_ctx == NULL) { - ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); - return 0; - } - srv_ctx->acceptUnprotected = val != 0; - return 1; -} - -int OSSL_CMP_SRV_CTX_set_accept_raverified(OSSL_CMP_SRV_CTX *srv_ctx, int val) -{ - if (srv_ctx == NULL) { - ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); - return 0; - } - srv_ctx->acceptRAVerified = val != 0; - return 1; -} - -int OSSL_CMP_SRV_CTX_set_grant_implicit_confirm(OSSL_CMP_SRV_CTX *srv_ctx, - int val) -{ - if (srv_ctx == NULL) { - ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); - return 0; - } - srv_ctx->grantImplicitConfirm = val != 0; - return 1; -} - -/* - * Processes an ir/cr/p10cr/kur and returns a certification response. - * Only handles the first certification request contained in req - * returns an ip/cp/kup on success and NULL on error - */ -static OSSL_CMP_MSG *process_cert_request(OSSL_CMP_SRV_CTX *srv_ctx, - const OSSL_CMP_MSG *req) -{ - OSSL_CMP_MSG *msg = NULL; - OSSL_CMP_PKISI *si = NULL; - X509 *certOut = NULL; - STACK_OF(X509) *chainOut = NULL, *caPubs = NULL; - const OSSL_CRMF_MSG *crm = NULL; - const X509_REQ *p10cr = NULL; - int bodytype; - int certReqId; - - if (!ossl_assert(srv_ctx != NULL && srv_ctx->ctx != NULL && req != NULL)) - return NULL; - - switch (OSSL_CMP_MSG_get_bodytype(req)) { - case OSSL_CMP_PKIBODY_P10CR: - case OSSL_CMP_PKIBODY_CR: - bodytype = OSSL_CMP_PKIBODY_CP; - break; - case OSSL_CMP_PKIBODY_IR: - bodytype = OSSL_CMP_PKIBODY_IP; - break; - case OSSL_CMP_PKIBODY_KUR: - bodytype = OSSL_CMP_PKIBODY_KUP; - break; - default: - ERR_raise(ERR_LIB_CMP, CMP_R_UNEXPECTED_PKIBODY); - return NULL; - } - - if (OSSL_CMP_MSG_get_bodytype(req) == OSSL_CMP_PKIBODY_P10CR) { - certReqId = OSSL_CMP_CERTREQID; - p10cr = req->body->value.p10cr; - } else { - OSSL_CRMF_MSGS *reqs = req->body->value.ir; /* same for cr and kur */ - - if (sk_OSSL_CRMF_MSG_num(reqs) != 1) { - ERR_raise(ERR_LIB_CMP, CMP_R_MULTIPLE_REQUESTS_NOT_SUPPORTED); - return NULL; - } - - if ((crm = sk_OSSL_CRMF_MSG_value(reqs, OSSL_CMP_CERTREQID)) == NULL) { - ERR_raise(ERR_LIB_CMP, CMP_R_CERTREQMSG_NOT_FOUND); - return NULL; - } - certReqId = OSSL_CRMF_MSG_get_certReqId(crm); - } - - if (!ossl_cmp_verify_popo(srv_ctx->ctx, req, srv_ctx->acceptRAVerified)) { - /* Proof of possession could not be verified */ - si = OSSL_CMP_STATUSINFO_new(OSSL_CMP_PKISTATUS_rejection, - 1 << OSSL_CMP_PKIFAILUREINFO_badPOP, - ERR_reason_error_string(ERR_peek_error())); - if (si == NULL) - return NULL; - } else { - OSSL_CMP_PKIHEADER *hdr = OSSL_CMP_MSG_get0_header(req); - - si = srv_ctx->process_cert_request(srv_ctx, req, certReqId, crm, p10cr, - &certOut, &chainOut, &caPubs); - if (si == NULL) - goto err; - /* set OSSL_CMP_OPT_IMPLICIT_CONFIRM if and only if transaction ends */ - if (!OSSL_CMP_CTX_set_option(srv_ctx->ctx, - OSSL_CMP_OPT_IMPLICIT_CONFIRM, - ossl_cmp_hdr_has_implicitConfirm(hdr) - && srv_ctx->grantImplicitConfirm - /* do not set if polling starts: */ - && certOut != NULL)) - goto err; - } - - msg = ossl_cmp_certrep_new(srv_ctx->ctx, bodytype, certReqId, si, - certOut, NULL /* enc */, chainOut, caPubs, - srv_ctx->sendUnprotectedErrors); - if (msg == NULL) - ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_CREATING_CERTREP); - - err: - OSSL_CMP_PKISI_free(si); - X509_free(certOut); - sk_X509_pop_free(chainOut, X509_free); - sk_X509_pop_free(caPubs, X509_free); - return msg; -} - -static OSSL_CMP_MSG *process_rr(OSSL_CMP_SRV_CTX *srv_ctx, - const OSSL_CMP_MSG *req) -{ - OSSL_CMP_MSG *msg = NULL; - OSSL_CMP_REVDETAILS *details; - OSSL_CRMF_CERTID *certId = NULL; - OSSL_CRMF_CERTTEMPLATE *tmpl; - const X509_NAME *issuer; - const ASN1_INTEGER *serial; - OSSL_CMP_PKISI *si; - - if (!ossl_assert(srv_ctx != NULL && srv_ctx->ctx != NULL && req != NULL)) - return NULL; - - if (sk_OSSL_CMP_REVDETAILS_num(req->body->value.rr) != 1) { - ERR_raise(ERR_LIB_CMP, CMP_R_MULTIPLE_REQUESTS_NOT_SUPPORTED); - return NULL; - } - - if ((details = sk_OSSL_CMP_REVDETAILS_value(req->body->value.rr, - OSSL_CMP_REVREQSID)) == NULL) { - ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_PROCESSING_MESSAGE); - return NULL; - } - - tmpl = details->certDetails; - issuer = OSSL_CRMF_CERTTEMPLATE_get0_issuer(tmpl); - serial = OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(tmpl); - if (issuer != NULL && serial != NULL - && (certId = OSSL_CRMF_CERTID_gen(issuer, serial)) == NULL) - return NULL; - if ((si = srv_ctx->process_rr(srv_ctx, req, issuer, serial)) == NULL) - goto err; - - if ((msg = ossl_cmp_rp_new(srv_ctx->ctx, si, certId, - srv_ctx->sendUnprotectedErrors)) == NULL) - ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_CREATING_RR); - - err: - OSSL_CRMF_CERTID_free(certId); - OSSL_CMP_PKISI_free(si); - return msg; -} - -/* - * Processes genm and creates a genp message mirroring the contents of the - * incoming message - */ -static OSSL_CMP_MSG *process_genm(OSSL_CMP_SRV_CTX *srv_ctx, - const OSSL_CMP_MSG *req) -{ - OSSL_CMP_GENMSGCONTENT *itavs; - OSSL_CMP_MSG *msg; - - if (!ossl_assert(srv_ctx != NULL && srv_ctx->ctx != NULL && req != NULL)) - return NULL; - - if (!srv_ctx->process_genm(srv_ctx, req, req->body->value.genm, &itavs)) - return NULL; - - msg = ossl_cmp_genp_new(srv_ctx->ctx, itavs); - sk_OSSL_CMP_ITAV_pop_free(itavs, OSSL_CMP_ITAV_free); - return msg; -} - -static OSSL_CMP_MSG *process_error(OSSL_CMP_SRV_CTX *srv_ctx, - const OSSL_CMP_MSG *req) -{ - OSSL_CMP_ERRORMSGCONTENT *errorContent; - OSSL_CMP_MSG *msg; - - if (!ossl_assert(srv_ctx != NULL && srv_ctx->ctx != NULL && req != NULL)) - return NULL; - errorContent = req->body->value.error; - srv_ctx->process_error(srv_ctx, req, errorContent->pKIStatusInfo, - errorContent->errorCode, errorContent->errorDetails); - - if ((msg = ossl_cmp_pkiconf_new(srv_ctx->ctx)) == NULL) - ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_CREATING_PKICONF); - return msg; -} - -static OSSL_CMP_MSG *process_certConf(OSSL_CMP_SRV_CTX *srv_ctx, - const OSSL_CMP_MSG *req) -{ - OSSL_CMP_CTX *ctx; - OSSL_CMP_CERTCONFIRMCONTENT *ccc; - int num; - OSSL_CMP_MSG *msg = NULL; - OSSL_CMP_CERTSTATUS *status = NULL; - - if (!ossl_assert(srv_ctx != NULL && srv_ctx->ctx != NULL && req != NULL)) - return NULL; - - ctx = srv_ctx->ctx; - ccc = req->body->value.certConf; - num = sk_OSSL_CMP_CERTSTATUS_num(ccc); - - if (OSSL_CMP_CTX_get_option(ctx, OSSL_CMP_OPT_IMPLICIT_CONFIRM) == 1 - || ctx->status != -2 /* transaction not open */) { - ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_UNEXPECTED_CERTCONF); - return NULL; - } - - if (num == 0) { - ossl_cmp_err(ctx, "certificate rejected by client"); - } else { - if (num > 1) - ossl_cmp_warn(ctx, "All CertStatus but the first will be ignored"); - status = sk_OSSL_CMP_CERTSTATUS_value(ccc, OSSL_CMP_CERTREQID); - } - - if (status != NULL) { - int certReqId = ossl_cmp_asn1_get_int(status->certReqId); - ASN1_OCTET_STRING *certHash = status->certHash; - OSSL_CMP_PKISI *si = status->statusInfo; - - if (!srv_ctx->process_certConf(srv_ctx, req, certReqId, certHash, si)) - return NULL; /* reason code may be: CMP_R_CERTHASH_UNMATCHED */ - - if (si != NULL && ossl_cmp_pkisi_get_status(si) - != OSSL_CMP_PKISTATUS_accepted) { - int pki_status = ossl_cmp_pkisi_get_status(si); - const char *str = ossl_cmp_PKIStatus_to_string(pki_status); - - ossl_cmp_log2(INFO, ctx, "certificate rejected by client %s %s", - str == NULL ? "without" : "with", - str == NULL ? "PKIStatus" : str); - } - } - - if ((msg = ossl_cmp_pkiconf_new(ctx)) == NULL) - ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_CREATING_PKICONF); - return msg; -} - -static OSSL_CMP_MSG *process_pollReq(OSSL_CMP_SRV_CTX *srv_ctx, - const OSSL_CMP_MSG *req) -{ - OSSL_CMP_POLLREQCONTENT *prc; - OSSL_CMP_POLLREQ *pr; - int certReqId; - OSSL_CMP_MSG *certReq; - int64_t check_after = 0; - OSSL_CMP_MSG *msg = NULL; - - if (!ossl_assert(srv_ctx != NULL && srv_ctx->ctx != NULL && req != NULL)) - return NULL; - - prc = req->body->value.pollReq; - if (sk_OSSL_CMP_POLLREQ_num(prc) != 1) { - ERR_raise(ERR_LIB_CMP, CMP_R_MULTIPLE_REQUESTS_NOT_SUPPORTED); - return NULL; - } - - pr = sk_OSSL_CMP_POLLREQ_value(prc, 0); - certReqId = ossl_cmp_asn1_get_int(pr->certReqId); - if (!srv_ctx->process_pollReq(srv_ctx, req, certReqId, - &certReq, &check_after)) - return NULL; - - if (certReq != NULL) { - msg = process_cert_request(srv_ctx, certReq); - OSSL_CMP_MSG_free(certReq); - } else { - if ((msg = ossl_cmp_pollRep_new(srv_ctx->ctx, certReqId, - check_after)) == NULL) - ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_CREATING_POLLREP); - } - return msg; -} - -/* - * Determine whether missing/invalid protection of request message is allowed. - * Return 1 on acceptance, 0 on rejection, or -1 on (internal) error. - */ -static int unprotected_exception(const OSSL_CMP_CTX *ctx, - const OSSL_CMP_MSG *req, - int invalid_protection, - int accept_unprotected_requests) -{ - if (!ossl_assert(ctx != NULL && req != NULL)) - return -1; - - if (accept_unprotected_requests) { - ossl_cmp_log1(WARN, ctx, "ignoring %s protection of request message", - invalid_protection ? "invalid" : "missing"); - return 1; - } - if (OSSL_CMP_MSG_get_bodytype(req) == OSSL_CMP_PKIBODY_ERROR - && OSSL_CMP_CTX_get_option(ctx, OSSL_CMP_OPT_UNPROTECTED_ERRORS) == 1) { - ossl_cmp_warn(ctx, "ignoring missing protection of error message"); - return 1; - } - return 0; -} - -/* - * returns created message and NULL on internal error - */ -OSSL_CMP_MSG *OSSL_CMP_SRV_process_request(OSSL_CMP_SRV_CTX *srv_ctx, - const OSSL_CMP_MSG *req) -{ - OSSL_CMP_CTX *ctx; - ASN1_OCTET_STRING *backup_secret; - OSSL_CMP_PKIHEADER *hdr; - int req_type, rsp_type; - int res; - OSSL_CMP_MSG *rsp = NULL; - - if (srv_ctx == NULL || srv_ctx->ctx == NULL - || req == NULL || req->body == NULL - || (hdr = OSSL_CMP_MSG_get0_header(req)) == NULL) { - ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); - return 0; - } - ctx = srv_ctx->ctx; - backup_secret = ctx->secretValue; - req_type = OSSL_CMP_MSG_get_bodytype(req); - ossl_cmp_log1(DEBUG, ctx, - "received %s", ossl_cmp_bodytype_to_string(req_type)); - - /* - * Some things need to be done already before validating the message in - * order to be able to send an error message as far as needed and possible. - */ - if (hdr->sender->type != GEN_DIRNAME) { - ERR_raise(ERR_LIB_CMP, CMP_R_SENDER_GENERALNAME_TYPE_NOT_SUPPORTED); - goto err; - } - if (!OSSL_CMP_CTX_set1_recipient(ctx, hdr->sender->d.directoryName)) - goto err; - - switch (req_type) { - case OSSL_CMP_PKIBODY_IR: - case OSSL_CMP_PKIBODY_CR: - case OSSL_CMP_PKIBODY_P10CR: - case OSSL_CMP_PKIBODY_KUR: - case OSSL_CMP_PKIBODY_RR: - case OSSL_CMP_PKIBODY_GENM: - case OSSL_CMP_PKIBODY_ERROR: - if (ctx->transactionID != NULL) { - char *tid; - - tid = OPENSSL_buf2hexstr(ctx->transactionID->data, - ctx->transactionID->length); - if (tid != NULL) - ossl_cmp_log1(WARN, ctx, - "Assuming that last transaction with ID=%s got aborted", - tid); - OPENSSL_free(tid); - } - /* start of a new transaction, reset transactionID and senderNonce */ - if (!OSSL_CMP_CTX_set1_transactionID(ctx, NULL) - || !OSSL_CMP_CTX_set1_senderNonce(ctx, NULL)) - goto err; - break; - default: - /* transactionID should be already initialized */ - if (ctx->transactionID == NULL) { -#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION - ERR_raise(ERR_LIB_CMP, CMP_R_UNEXPECTED_PKIBODY); - goto err; -#endif - } - } - - res = ossl_cmp_msg_check_update(ctx, req, unprotected_exception, - srv_ctx->acceptUnprotected); - if (ctx->secretValue != NULL && ctx->pkey != NULL - && ossl_cmp_hdr_get_protection_nid(hdr) != NID_id_PasswordBasedMAC) - ctx->secretValue = NULL; /* use MSG_SIG_ALG when protecting rsp */ - if (!res) - goto err; - - switch (req_type) { - case OSSL_CMP_PKIBODY_IR: - case OSSL_CMP_PKIBODY_CR: - case OSSL_CMP_PKIBODY_P10CR: - case OSSL_CMP_PKIBODY_KUR: - if (srv_ctx->process_cert_request == NULL) - ERR_raise(ERR_LIB_CMP, CMP_R_UNEXPECTED_PKIBODY); - else - rsp = process_cert_request(srv_ctx, req); - break; - case OSSL_CMP_PKIBODY_RR: - if (srv_ctx->process_rr == NULL) - ERR_raise(ERR_LIB_CMP, CMP_R_UNEXPECTED_PKIBODY); - else - rsp = process_rr(srv_ctx, req); - break; - case OSSL_CMP_PKIBODY_GENM: - if (srv_ctx->process_genm == NULL) - ERR_raise(ERR_LIB_CMP, CMP_R_UNEXPECTED_PKIBODY); - else - rsp = process_genm(srv_ctx, req); - break; - case OSSL_CMP_PKIBODY_ERROR: - if (srv_ctx->process_error == NULL) - ERR_raise(ERR_LIB_CMP, CMP_R_UNEXPECTED_PKIBODY); - else - rsp = process_error(srv_ctx, req); - break; - case OSSL_CMP_PKIBODY_CERTCONF: - if (srv_ctx->process_certConf == NULL) - ERR_raise(ERR_LIB_CMP, CMP_R_UNEXPECTED_PKIBODY); - else - rsp = process_certConf(srv_ctx, req); - break; - case OSSL_CMP_PKIBODY_POLLREQ: - if (srv_ctx->process_pollReq == NULL) - ERR_raise(ERR_LIB_CMP, CMP_R_UNEXPECTED_PKIBODY); - else - rsp = process_pollReq(srv_ctx, req); - break; - default: - ERR_raise(ERR_LIB_CMP, CMP_R_UNEXPECTED_PKIBODY); - break; - } - - err: - if (rsp == NULL) { - /* on error, try to respond with CMP error message to client */ - const char *data = NULL, *reason = NULL; - int flags = 0; - unsigned long err = ERR_peek_error_data(&data, &flags); - int fail_info = 1 << OSSL_CMP_PKIFAILUREINFO_badRequest; - OSSL_CMP_PKISI *si = NULL; - - if (ctx->transactionID == NULL) { - /* ignore any (extra) error in next two function calls: */ - (void)OSSL_CMP_CTX_set1_transactionID(ctx, hdr->transactionID); - (void)ossl_cmp_ctx_set1_recipNonce(ctx, hdr->senderNonce); - } - - if ((flags & ERR_TXT_STRING) == 0 || *data == '\0') - data = NULL; - reason = ERR_reason_error_string(err); - if ((si = OSSL_CMP_STATUSINFO_new(OSSL_CMP_PKISTATUS_rejection, - fail_info, reason)) != NULL) { - rsp = ossl_cmp_error_new(srv_ctx->ctx, si, err, - data, srv_ctx->sendUnprotectedErrors); - OSSL_CMP_PKISI_free(si); - } - } - OSSL_CMP_CTX_print_errors(ctx); - ctx->secretValue = backup_secret; - - rsp_type = - rsp != NULL ? OSSL_CMP_MSG_get_bodytype(rsp) : OSSL_CMP_PKIBODY_ERROR; - if (rsp != NULL) - ossl_cmp_log1(DEBUG, ctx, - "sending %s", ossl_cmp_bodytype_to_string(rsp_type)); - else - ossl_cmp_log(ERR, ctx, "cannot send proper CMP response"); - - /* possibly close the transaction */ - ctx->status = -2; /* this indicates transaction is open */ - switch (rsp_type) { - case OSSL_CMP_PKIBODY_IP: - case OSSL_CMP_PKIBODY_CP: - case OSSL_CMP_PKIBODY_KUP: - if (OSSL_CMP_CTX_get_option(ctx, OSSL_CMP_OPT_IMPLICIT_CONFIRM) == 0) - break; - /* fall through */ - - case OSSL_CMP_PKIBODY_RP: - case OSSL_CMP_PKIBODY_PKICONF: - case OSSL_CMP_PKIBODY_GENP: - case OSSL_CMP_PKIBODY_ERROR: - (void)OSSL_CMP_CTX_set1_transactionID(ctx, NULL); - (void)OSSL_CMP_CTX_set1_senderNonce(ctx, NULL); - ctx->status = -1; /* transaction closed */ - - default: /* not closing transaction in other cases */ - break; - } - return rsp; -} - -/* - * Server interface that may substitute OSSL_CMP_MSG_http_perform at the client. - * The OSSL_CMP_SRV_CTX must be set as client_ctx->transfer_cb_arg. - * returns received message on success, else NULL and pushes an element on the - * error stack. - */ -OSSL_CMP_MSG *OSSL_CMP_CTX_server_perform(OSSL_CMP_CTX *client_ctx, - const OSSL_CMP_MSG *req) -{ - OSSL_CMP_SRV_CTX *srv_ctx = NULL; - - if (client_ctx == NULL || req == NULL) { - ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); - return NULL; - } - - if ((srv_ctx = OSSL_CMP_CTX_get_transfer_cb_arg(client_ctx)) == NULL) { - ERR_raise(ERR_LIB_CMP, CMP_R_TRANSFER_ERROR); - return NULL; - } - - return OSSL_CMP_SRV_process_request(srv_ctx, req); -} diff --git a/crypto/cmp/cmp_status.c b/crypto/cmp/cmp_status.c deleted file mode 100644 index 46be6b68992fe30f0f096856b6ae521228147b2b..0000000000000000000000000000000000000000 --- a/crypto/cmp/cmp_status.c +++ /dev/null @@ -1,310 +0,0 @@ -/* - * Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved. - * Copyright Nokia 2007-2019 - * Copyright Siemens AG 2015-2019 - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* CMP functions for PKIStatusInfo handling and PKIMessage decomposition */ - -#include - -#include "cmp_local.h" - -/* explicit #includes not strictly needed since implied by the above: */ -#include -#include -#include -#include /* needed in case config no-deprecated */ -#include -#include -#include -#include -#include /* for ASN1_R_TOO_SMALL and ASN1_R_TOO_LARGE */ - -/* CMP functions related to PKIStatus */ - -int ossl_cmp_pkisi_get_status(const OSSL_CMP_PKISI *si) -{ - if (!ossl_assert(si != NULL && si->status != NULL)) - return -1; - return ossl_cmp_asn1_get_int(si->status); -} - -const char *ossl_cmp_PKIStatus_to_string(int status) -{ - switch (status) { - case OSSL_CMP_PKISTATUS_accepted: - return "PKIStatus: accepted"; - case OSSL_CMP_PKISTATUS_grantedWithMods: - return "PKIStatus: granted with modifications"; - case OSSL_CMP_PKISTATUS_rejection: - return "PKIStatus: rejection"; - case OSSL_CMP_PKISTATUS_waiting: - return "PKIStatus: waiting"; - case OSSL_CMP_PKISTATUS_revocationWarning: - return "PKIStatus: revocation warning - a revocation of the cert is imminent"; - case OSSL_CMP_PKISTATUS_revocationNotification: - return "PKIStatus: revocation notification - a revocation of the cert has occurred"; - case OSSL_CMP_PKISTATUS_keyUpdateWarning: - return "PKIStatus: key update warning - update already done for the cert"; - default: - ERR_raise_data(ERR_LIB_CMP, CMP_R_ERROR_PARSING_PKISTATUS, - "PKIStatus: invalid=%d", status); - return NULL; - } -} - -OSSL_CMP_PKIFREETEXT *ossl_cmp_pkisi_get0_statusString(const OSSL_CMP_PKISI *si) -{ - if (!ossl_assert(si != NULL)) - return NULL; - return si->statusString; -} - -int ossl_cmp_pkisi_get_pkifailureinfo(const OSSL_CMP_PKISI *si) -{ - int i; - int res = 0; - - if (!ossl_assert(si != NULL)) - return -1; - for (i = 0; i <= OSSL_CMP_PKIFAILUREINFO_MAX; i++) - if (ASN1_BIT_STRING_get_bit(si->failInfo, i)) - res |= 1 << i; - return res; -} - -/*- - * convert PKIFailureInfo number to human-readable string - * returns pointer to static string, or NULL on error - */ -static const char *CMP_PKIFAILUREINFO_to_string(int number) -{ - switch (number) { - case OSSL_CMP_PKIFAILUREINFO_badAlg: - return "badAlg"; - case OSSL_CMP_PKIFAILUREINFO_badMessageCheck: - return "badMessageCheck"; - case OSSL_CMP_PKIFAILUREINFO_badRequest: - return "badRequest"; - case OSSL_CMP_PKIFAILUREINFO_badTime: - return "badTime"; - case OSSL_CMP_PKIFAILUREINFO_badCertId: - return "badCertId"; - case OSSL_CMP_PKIFAILUREINFO_badDataFormat: - return "badDataFormat"; - case OSSL_CMP_PKIFAILUREINFO_wrongAuthority: - return "wrongAuthority"; - case OSSL_CMP_PKIFAILUREINFO_incorrectData: - return "incorrectData"; - case OSSL_CMP_PKIFAILUREINFO_missingTimeStamp: - return "missingTimeStamp"; - case OSSL_CMP_PKIFAILUREINFO_badPOP: - return "badPOP"; - case OSSL_CMP_PKIFAILUREINFO_certRevoked: - return "certRevoked"; - case OSSL_CMP_PKIFAILUREINFO_certConfirmed: - return "certConfirmed"; - case OSSL_CMP_PKIFAILUREINFO_wrongIntegrity: - return "wrongIntegrity"; - case OSSL_CMP_PKIFAILUREINFO_badRecipientNonce: - return "badRecipientNonce"; - case OSSL_CMP_PKIFAILUREINFO_timeNotAvailable: - return "timeNotAvailable"; - case OSSL_CMP_PKIFAILUREINFO_unacceptedPolicy: - return "unacceptedPolicy"; - case OSSL_CMP_PKIFAILUREINFO_unacceptedExtension: - return "unacceptedExtension"; - case OSSL_CMP_PKIFAILUREINFO_addInfoNotAvailable: - return "addInfoNotAvailable"; - case OSSL_CMP_PKIFAILUREINFO_badSenderNonce: - return "badSenderNonce"; - case OSSL_CMP_PKIFAILUREINFO_badCertTemplate: - return "badCertTemplate"; - case OSSL_CMP_PKIFAILUREINFO_signerNotTrusted: - return "signerNotTrusted"; - case OSSL_CMP_PKIFAILUREINFO_transactionIdInUse: - return "transactionIdInUse"; - case OSSL_CMP_PKIFAILUREINFO_unsupportedVersion: - return "unsupportedVersion"; - case OSSL_CMP_PKIFAILUREINFO_notAuthorized: - return "notAuthorized"; - case OSSL_CMP_PKIFAILUREINFO_systemUnavail: - return "systemUnavail"; - case OSSL_CMP_PKIFAILUREINFO_systemFailure: - return "systemFailure"; - case OSSL_CMP_PKIFAILUREINFO_duplicateCertReq: - return "duplicateCertReq"; - default: - return NULL; /* illegal failure number */ - } -} - -int ossl_cmp_pkisi_check_pkifailureinfo(const OSSL_CMP_PKISI *si, int bit_index) -{ - if (!ossl_assert(si != NULL && si->failInfo != NULL)) - return -1; - if (bit_index < 0 || bit_index > OSSL_CMP_PKIFAILUREINFO_MAX) { - ERR_raise(ERR_LIB_CMP, CMP_R_INVALID_ARGS); - return -1; - } - - return ASN1_BIT_STRING_get_bit(si->failInfo, bit_index); -} - -/*- - * place human-readable error string created from PKIStatusInfo in given buffer - * returns pointer to the same buffer containing the string, or NULL on error - */ -static -char *snprint_PKIStatusInfo_parts(int status, int fail_info, - const OSSL_CMP_PKIFREETEXT *status_strings, - char *buf, size_t bufsize) -{ - int failure; - const char *status_string, *failure_string; - ASN1_UTF8STRING *text; - int i; - int printed_chars; - int failinfo_found = 0; - int n_status_strings; - char *write_ptr = buf; - - if (buf == NULL - || status < 0 - || (status_string = ossl_cmp_PKIStatus_to_string(status)) == NULL) - return NULL; - -#define ADVANCE_BUFFER \ - if (printed_chars < 0 || (size_t)printed_chars >= bufsize) \ - return NULL; \ - write_ptr += printed_chars; \ - bufsize -= printed_chars; - - printed_chars = BIO_snprintf(write_ptr, bufsize, "%s", status_string); - ADVANCE_BUFFER; - - /* failInfo is optional and may be empty */ - if (fail_info != 0) { - printed_chars = BIO_snprintf(write_ptr, bufsize, "; PKIFailureInfo: "); - ADVANCE_BUFFER; - for (failure = 0; failure <= OSSL_CMP_PKIFAILUREINFO_MAX; failure++) { - if ((fail_info & (1 << failure)) != 0) { - failure_string = CMP_PKIFAILUREINFO_to_string(failure); - if (failure_string != NULL) { - printed_chars = BIO_snprintf(write_ptr, bufsize, "%s%s", - failinfo_found ? ", " : "", - failure_string); - ADVANCE_BUFFER; - failinfo_found = 1; - } - } - } - } - if (!failinfo_found && status != OSSL_CMP_PKISTATUS_accepted - && status != OSSL_CMP_PKISTATUS_grantedWithMods) { - printed_chars = BIO_snprintf(write_ptr, bufsize, "; "); - ADVANCE_BUFFER; - } - - /* statusString sequence is optional and may be empty */ - n_status_strings = sk_ASN1_UTF8STRING_num(status_strings); - if (n_status_strings > 0) { - printed_chars = BIO_snprintf(write_ptr, bufsize, "; StatusString%s: ", - n_status_strings > 1 ? "s" : ""); - ADVANCE_BUFFER; - for (i = 0; i < n_status_strings; i++) { - text = sk_ASN1_UTF8STRING_value(status_strings, i); - printed_chars = BIO_snprintf(write_ptr, bufsize, "\"%.*s\"%s", - ASN1_STRING_length(text), - ASN1_STRING_get0_data(text), - i < n_status_strings - 1 ? ", " : ""); - ADVANCE_BUFFER; - } - } -#undef ADVANCE_BUFFER - return buf; -} - -char *OSSL_CMP_snprint_PKIStatusInfo(const OSSL_CMP_PKISI *statusInfo, - char *buf, size_t bufsize) -{ - int failure_info; - - if (statusInfo == NULL) { - ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); - return NULL; - } - - failure_info = ossl_cmp_pkisi_get_pkifailureinfo(statusInfo); - - return snprint_PKIStatusInfo_parts(ASN1_INTEGER_get(statusInfo->status), - failure_info, - statusInfo->statusString, buf, bufsize); -} - -char *OSSL_CMP_CTX_snprint_PKIStatus(const OSSL_CMP_CTX *ctx, char *buf, - size_t bufsize) -{ - if (ctx == NULL) { - ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); - return NULL; - } - - return snprint_PKIStatusInfo_parts(OSSL_CMP_CTX_get_status(ctx), - OSSL_CMP_CTX_get_failInfoCode(ctx), - OSSL_CMP_CTX_get0_statusString(ctx), - buf, bufsize); -} - -/*- - * Creates a new PKIStatusInfo structure and fills it in - * returns a pointer to the structure on success, NULL on error - * note: strongly overlaps with TS_RESP_CTX_set_status_info() - * and TS_RESP_CTX_add_failure_info() in ../ts/ts_rsp_sign.c - */ -OSSL_CMP_PKISI *OSSL_CMP_STATUSINFO_new(int status, int fail_info, - const char *text) -{ - OSSL_CMP_PKISI *si = OSSL_CMP_PKISI_new(); - ASN1_UTF8STRING *utf8_text = NULL; - int failure; - - if (si == NULL) - goto err; - if (!ASN1_INTEGER_set(si->status, status)) - goto err; - - if (text != NULL) { - if ((utf8_text = ASN1_UTF8STRING_new()) == NULL - || !ASN1_STRING_set(utf8_text, text, -1)) - goto err; - if ((si->statusString = sk_ASN1_UTF8STRING_new_null()) == NULL) - goto err; - if (!sk_ASN1_UTF8STRING_push(si->statusString, utf8_text)) - goto err; - /* Ownership is lost. */ - utf8_text = NULL; - } - - for (failure = 0; failure <= OSSL_CMP_PKIFAILUREINFO_MAX; failure++) { - if ((fail_info & (1 << failure)) != 0) { - if (si->failInfo == NULL - && (si->failInfo = ASN1_BIT_STRING_new()) == NULL) - goto err; - if (!ASN1_BIT_STRING_set_bit(si->failInfo, failure, 1)) - goto err; - } - } - return si; - - err: - OSSL_CMP_PKISI_free(si); - ASN1_UTF8STRING_free(utf8_text); - return NULL; -} diff --git a/crypto/cmp/cmp_util.c b/crypto/cmp/cmp_util.c deleted file mode 100644 index 7cf27cc9d4b4bffadaf8290e6f0d8c0de2b709ae..0000000000000000000000000000000000000000 --- a/crypto/cmp/cmp_util.c +++ /dev/null @@ -1,286 +0,0 @@ -/* - * Copyright 2007-2022 The OpenSSL Project Authors. All Rights Reserved. - * Copyright Nokia 2007-2019 - * Copyright Siemens AG 2015-2019 - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include "cmp_local.h" /* just for decls of internal functions defined here */ -#include -#include /* should be implied by cmperr.h */ -#include - -/* - * use trace API for CMP-specific logging, prefixed by "CMP " and severity - */ - -int OSSL_CMP_log_open(void) /* is designed to be idempotent */ -{ -#ifdef OPENSSL_NO_TRACE - return 1; -#else -# ifndef OPENSSL_NO_STDIO - BIO *bio = BIO_new_fp(stdout, BIO_NOCLOSE); - - if (bio != NULL && OSSL_trace_set_channel(OSSL_TRACE_CATEGORY_CMP, bio)) - return 1; - BIO_free(bio); -# endif - ERR_raise(ERR_LIB_CMP, CMP_R_NO_STDIO); - return 0; -#endif -} - -void OSSL_CMP_log_close(void) /* is designed to be idempotent */ -{ - (void)OSSL_trace_set_channel(OSSL_TRACE_CATEGORY_CMP, NULL); -} - -/* return >= 0 if level contains logging level, possibly preceded by "CMP " */ -#define max_level_len 5 /* = max length of the below strings, e.g., "EMERG" */ -static OSSL_CMP_severity parse_level(const char *level) -{ - const char *end_level = strchr(level, ':'); - int len; - char level_copy[max_level_len + 1]; - - if (end_level == NULL) - return -1; - - if (strncmp(level, OSSL_CMP_LOG_PREFIX, - strlen(OSSL_CMP_LOG_PREFIX)) == 0) - level += strlen(OSSL_CMP_LOG_PREFIX); - len = end_level - level; - if (len > max_level_len) - return -1; - OPENSSL_strlcpy(level_copy, level, len + 1); - return - strcmp(level_copy, "EMERG") == 0 ? OSSL_CMP_LOG_EMERG : - strcmp(level_copy, "ALERT") == 0 ? OSSL_CMP_LOG_ALERT : - strcmp(level_copy, "CRIT") == 0 ? OSSL_CMP_LOG_CRIT : - strcmp(level_copy, "ERROR") == 0 ? OSSL_CMP_LOG_ERR : - strcmp(level_copy, "WARN") == 0 ? OSSL_CMP_LOG_WARNING : - strcmp(level_copy, "NOTE") == 0 ? OSSL_CMP_LOG_NOTICE : - strcmp(level_copy, "INFO") == 0 ? OSSL_CMP_LOG_INFO : - strcmp(level_copy, "DEBUG") == 0 ? OSSL_CMP_LOG_DEBUG : - -1; -} - -const char *ossl_cmp_log_parse_metadata(const char *buf, - OSSL_CMP_severity *level, - char **func, char **file, int *line) -{ - const char *p_func = buf; - const char *p_file = buf == NULL ? NULL : strchr(buf, ':'); - const char *p_level = buf; - const char *msg = buf; - - *level = -1; - *func = NULL; - *file = NULL; - *line = 0; - - if (p_file != NULL) { - const char *p_line = strchr(++p_file, ':'); - - if ((*level = parse_level(buf)) < 0 && p_line != NULL) { - /* check if buf contains location info and logging level */ - char *p_level_tmp = (char *)p_level; - const long line_number = strtol(++p_line, &p_level_tmp, 10); - - p_level = p_level_tmp; - if (p_level > p_line && *(p_level++) == ':') { - if ((*level = parse_level(p_level)) >= 0) { - *func = OPENSSL_strndup(p_func, p_file - 1 - p_func); - *file = OPENSSL_strndup(p_file, p_line - 1 - p_file); - /* no real problem if OPENSSL_strndup() returns NULL */ - *line = (int)line_number; - msg = strchr(p_level, ':'); - if (msg != NULL && *++msg == ' ') - msg++; - } - } - } - } - return msg; -} - -#define UNKNOWN_FUNC "(unknown function)" /* the default for OPENSSL_FUNC */ -/* - * substitute fallback if component/function name is NULL or empty or contains - * just pseudo-information "(unknown function)" due to -pedantic and macros.h - */ -static const char *improve_location_name(const char *func, const char *fallback) -{ - if (fallback == NULL) - return func == NULL ? UNKNOWN_FUNC : func; - - return func == NULL || *func == '\0' || strcmp(func, UNKNOWN_FUNC) == 0 - ? fallback : func; -} - -int OSSL_CMP_print_to_bio(BIO *bio, const char *component, const char *file, - int line, OSSL_CMP_severity level, const char *msg) -{ - const char *level_string = - level == OSSL_CMP_LOG_EMERG ? "EMERG" : - level == OSSL_CMP_LOG_ALERT ? "ALERT" : - level == OSSL_CMP_LOG_CRIT ? "CRIT" : - level == OSSL_CMP_LOG_ERR ? "error" : - level == OSSL_CMP_LOG_WARNING ? "warning" : - level == OSSL_CMP_LOG_NOTICE ? "NOTE" : - level == OSSL_CMP_LOG_INFO ? "info" : - level == OSSL_CMP_LOG_DEBUG ? "DEBUG" : "(unknown level)"; - -#ifndef NDEBUG - if (BIO_printf(bio, "%s:%s:%d:", improve_location_name(component, "CMP"), - file, line) < 0) - return 0; -#endif - return BIO_printf(bio, OSSL_CMP_LOG_PREFIX"%s: %s\n", - level_string, msg) >= 0; -} - -#define ERR_PRINT_BUF_SIZE 4096 -/* this is similar to ERR_print_errors_cb, but uses the CMP-specific cb type */ -void OSSL_CMP_print_errors_cb(OSSL_CMP_log_cb_t log_fn) -{ - unsigned long err; - char msg[ERR_PRINT_BUF_SIZE]; - const char *file = NULL, *func = NULL, *data = NULL; - int line, flags; - - while ((err = ERR_get_error_all(&file, &line, &func, &data, &flags)) != 0) { - const char *component = - improve_location_name(func, ERR_lib_error_string(err)); - unsigned long reason = ERR_GET_REASON(err); - const char *rs = NULL; - char rsbuf[256]; - -#ifndef OPENSSL_NO_ERR - if (ERR_SYSTEM_ERROR(err)) { - if (openssl_strerror_r(reason, rsbuf, sizeof(rsbuf))) - rs = rsbuf; - } else { - rs = ERR_reason_error_string(err); - } -#endif - if (rs == NULL) { - BIO_snprintf(rsbuf, sizeof(rsbuf), "reason(%lu)", reason); - rs = rsbuf; - } - if (data != NULL && (flags & ERR_TXT_STRING) != 0) - BIO_snprintf(msg, sizeof(msg), "%s:%s", rs, data); - else - BIO_snprintf(msg, sizeof(msg), "%s", rs); - - if (log_fn == NULL) { -#ifndef OPENSSL_NO_STDIO - BIO *bio = BIO_new_fp(stderr, BIO_NOCLOSE); - - if (bio != NULL) { - OSSL_CMP_print_to_bio(bio, component, file, line, - OSSL_CMP_LOG_ERR, msg); - BIO_free(bio); - } -#else - /* ERR_raise(ERR_LIB_CMP, CMP_R_NO_STDIO) makes no sense during error printing */ -#endif - } else { - if (log_fn(component, file, line, OSSL_CMP_LOG_ERR, msg) <= 0) - break; /* abort outputting the error report */ - } - } -} - -int ossl_cmp_X509_STORE_add1_certs(X509_STORE *store, STACK_OF(X509) *certs, - int only_self_signed) -{ - int i; - - if (store == NULL) { - ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); - return 0; - } - if (certs == NULL) - return 1; - for (i = 0; i < sk_X509_num(certs); i++) { - X509 *cert = sk_X509_value(certs, i); - - if (!only_self_signed || X509_self_signed(cert, 0) == 1) - if (!X509_STORE_add_cert(store, cert)) /* ups cert ref counter */ - return 0; - } - return 1; -} - -int ossl_cmp_sk_ASN1_UTF8STRING_push_str(STACK_OF(ASN1_UTF8STRING) *sk, - const char *text, int len) -{ - ASN1_UTF8STRING *utf8string; - - if (!ossl_assert(sk != NULL && text != NULL)) - return 0; - if ((utf8string = ASN1_UTF8STRING_new()) == NULL) - return 0; - if (!ASN1_STRING_set(utf8string, text, len)) - goto err; - if (!sk_ASN1_UTF8STRING_push(sk, utf8string)) - goto err; - return 1; - - err: - ASN1_UTF8STRING_free(utf8string); - return 0; -} - -int ossl_cmp_asn1_octet_string_set1(ASN1_OCTET_STRING **tgt, - const ASN1_OCTET_STRING *src) -{ - ASN1_OCTET_STRING *new; - if (tgt == NULL) { - ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); - return 0; - } - if (*tgt == src) /* self-assignment */ - return 1; - - if (src != NULL) { - if ((new = ASN1_OCTET_STRING_dup(src)) == NULL) - return 0; - } else { - new = NULL; - } - - ASN1_OCTET_STRING_free(*tgt); - *tgt = new; - return 1; -} - -int ossl_cmp_asn1_octet_string_set1_bytes(ASN1_OCTET_STRING **tgt, - const unsigned char *bytes, int len) -{ - ASN1_OCTET_STRING *new = NULL; - - if (tgt == NULL) { - ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); - return 0; - } - if (bytes != NULL) { - if ((new = ASN1_OCTET_STRING_new()) == NULL - || !(ASN1_OCTET_STRING_set(new, bytes, len))) { - ASN1_OCTET_STRING_free(new); - return 0; - } - } - - ASN1_OCTET_STRING_free(*tgt); - *tgt = new; - return 1; -} diff --git a/crypto/cmp/cmp_vfy.c b/crypto/cmp/cmp_vfy.c deleted file mode 100644 index b9d6fc2bdd17eeffa6a54da6710d619d2ca42270..0000000000000000000000000000000000000000 --- a/crypto/cmp/cmp_vfy.c +++ /dev/null @@ -1,854 +0,0 @@ -/* - * Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved. - * Copyright Nokia 2007-2020 - * Copyright Siemens AG 2015-2020 - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* CMP functions for PKIMessage checking */ - -#include "cmp_local.h" -#include - -/* explicit #includes not strictly needed since implied by the above: */ -#include -#include -#include -#include -#include - -/* Verify a message protected by signature according to RFC section 5.1.3.3 */ -static int verify_signature(const OSSL_CMP_CTX *cmp_ctx, - const OSSL_CMP_MSG *msg, X509 *cert) -{ - OSSL_CMP_PROTECTEDPART prot_part; - EVP_PKEY *pubkey = NULL; - BIO *bio; - int res = 0; - - if (!ossl_assert(cmp_ctx != NULL && msg != NULL && cert != NULL)) - return 0; - - bio = BIO_new(BIO_s_mem()); /* may be NULL */ - - /* verify that keyUsage, if present, contains digitalSignature */ - if (!cmp_ctx->ignore_keyusage - && (X509_get_key_usage(cert) & X509v3_KU_DIGITAL_SIGNATURE) == 0) { - ERR_raise(ERR_LIB_CMP, CMP_R_MISSING_KEY_USAGE_DIGITALSIGNATURE); - goto sig_err; - } - - pubkey = X509_get_pubkey(cert); - if (pubkey == NULL) { - ERR_raise(ERR_LIB_CMP, CMP_R_FAILED_EXTRACTING_PUBKEY); - goto sig_err; - } - - prot_part.header = msg->header; - prot_part.body = msg->body; - - if (ASN1_item_verify_ex(ASN1_ITEM_rptr(OSSL_CMP_PROTECTEDPART), - msg->header->protectionAlg, msg->protection, - &prot_part, NULL, pubkey, cmp_ctx->libctx, - cmp_ctx->propq) > 0) { - res = 1; - goto end; - } - - sig_err: - res = ossl_x509_print_ex_brief(bio, cert, X509_FLAG_NO_EXTENSIONS); - ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_VALIDATING_SIGNATURE); - if (res) - ERR_add_error_mem_bio("\n", bio); - res = 0; - - end: - EVP_PKEY_free(pubkey); - BIO_free(bio); - - return res; -} - -/* Verify a message protected with PBMAC */ -static int verify_PBMAC(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg) -{ - ASN1_BIT_STRING *protection = NULL; - int valid = 0; - - /* generate expected protection for the message */ - if ((protection = ossl_cmp_calc_protection(ctx, msg)) == NULL) - return 0; /* failed to generate protection string! */ - - valid = msg->protection != NULL && msg->protection->length >= 0 - && msg->protection->type == protection->type - && msg->protection->length == protection->length - && CRYPTO_memcmp(msg->protection->data, protection->data, - protection->length) == 0; - ASN1_BIT_STRING_free(protection); - if (!valid) - ERR_raise(ERR_LIB_CMP, CMP_R_WRONG_PBM_VALUE); - - return valid; -} - -/*- - * Attempt to validate certificate and path using any given store with trusted - * certs (possibly including CRLs and a cert verification callback function) - * and non-trusted intermediate certs from the given ctx. - * - * Returns 1 on successful validation and 0 otherwise. - */ -int OSSL_CMP_validate_cert_path(const OSSL_CMP_CTX *ctx, - X509_STORE *trusted_store, X509 *cert) -{ - int valid = 0; - X509_STORE_CTX *csc = NULL; - int err; - - if (ctx == NULL || cert == NULL) { - ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); - return 0; - } - - if (trusted_store == NULL) { - ERR_raise(ERR_LIB_CMP, CMP_R_MISSING_TRUST_STORE); - return 0; - } - - if ((csc = X509_STORE_CTX_new_ex(ctx->libctx, ctx->propq)) == NULL - || !X509_STORE_CTX_init(csc, trusted_store, - cert, ctx->untrusted)) - goto err; - - valid = X509_verify_cert(csc) > 0; - - /* make sure suitable error is queued even if callback did not do */ - err = ERR_peek_last_error(); - if (!valid && ERR_GET_REASON(err) != CMP_R_POTENTIALLY_INVALID_CERTIFICATE) - ERR_raise(ERR_LIB_CMP, CMP_R_POTENTIALLY_INVALID_CERTIFICATE); - - err: - /* directly output any fresh errors, needed for check_msg_find_cert() */ - OSSL_CMP_CTX_print_errors(ctx); - X509_STORE_CTX_free(csc); - return valid; -} - -/* Return 0 if expect_name != NULL and there is no matching actual_name */ -static int check_name(const OSSL_CMP_CTX *ctx, int log_success, - const char *actual_desc, const X509_NAME *actual_name, - const char *expect_desc, const X509_NAME *expect_name) -{ - char *str; - - if (expect_name == NULL) - return 1; /* no expectation, thus trivially fulfilled */ - - /* make sure that a matching name is there */ - if (actual_name == NULL) { - ossl_cmp_log1(WARN, ctx, "missing %s", actual_desc); - return 0; - } - str = X509_NAME_oneline(actual_name, NULL, 0); - if (X509_NAME_cmp(actual_name, expect_name) == 0) { - if (log_success && str != NULL) - ossl_cmp_log2(INFO, ctx, " subject matches %s: %s", expect_desc, - str); - OPENSSL_free(str); - return 1; - } - - if (str != NULL) - ossl_cmp_log2(INFO, ctx, " actual name in %s = %s", actual_desc, str); - OPENSSL_free(str); - if ((str = X509_NAME_oneline(expect_name, NULL, 0)) != NULL) - ossl_cmp_log2(INFO, ctx, " does not match %s = %s", expect_desc, str); - OPENSSL_free(str); - return 0; -} - -/* Return 0 if skid != NULL and there is no matching subject key ID in cert */ -static int check_kid(const OSSL_CMP_CTX *ctx, - const ASN1_OCTET_STRING *ckid, - const ASN1_OCTET_STRING *skid) -{ - char *str; - - if (skid == NULL) - return 1; /* no expectation, thus trivially fulfilled */ - - /* make sure that the expected subject key identifier is there */ - if (ckid == NULL) { - ossl_cmp_warn(ctx, "missing Subject Key Identifier in certificate"); - return 0; - } - str = OPENSSL_buf2hexstr(ckid->data, ckid->length); - if (ASN1_OCTET_STRING_cmp(ckid, skid) == 0) { - if (str != NULL) - ossl_cmp_log1(INFO, ctx, " subjectKID matches senderKID: %s", str); - OPENSSL_free(str); - return 1; - } - - if (str != NULL) - ossl_cmp_log1(INFO, ctx, " cert Subject Key Identifier = %s", str); - OPENSSL_free(str); - if ((str = OPENSSL_buf2hexstr(skid->data, skid->length)) != NULL) - ossl_cmp_log1(INFO, ctx, " does not match senderKID = %s", str); - OPENSSL_free(str); - return 0; -} - -static int already_checked(const X509 *cert, - const STACK_OF(X509) *already_checked) -{ - int i; - - for (i = sk_X509_num(already_checked /* may be NULL */); i > 0; i--) - if (X509_cmp(sk_X509_value(already_checked, i - 1), cert) == 0) - return 1; - return 0; -} - -/*- - * Check if the given cert is acceptable as sender cert of the given message. - * The subject DN must match, the subject key ID as well if present in the msg, - * and the cert must be current (checked if ctx->trusted is not NULL). - * Note that cert revocation etc. is checked by OSSL_CMP_validate_cert_path(). - * - * Returns 0 on error or not acceptable, else 1. - */ -static int cert_acceptable(const OSSL_CMP_CTX *ctx, - const char *desc1, const char *desc2, X509 *cert, - const STACK_OF(X509) *already_checked1, - const STACK_OF(X509) *already_checked2, - const OSSL_CMP_MSG *msg) -{ - X509_STORE *ts = ctx->trusted; - int self_issued = X509_check_issued(cert, cert) == X509_V_OK; - char *str; - X509_VERIFY_PARAM *vpm = ts != NULL ? X509_STORE_get0_param(ts) : NULL; - int time_cmp; - - ossl_cmp_log3(INFO, ctx, " considering %s%s %s with..", - self_issued ? "self-issued ": "", desc1, desc2); - if ((str = X509_NAME_oneline(X509_get_subject_name(cert), NULL, 0)) != NULL) - ossl_cmp_log1(INFO, ctx, " subject = %s", str); - OPENSSL_free(str); - if (!self_issued) { - str = X509_NAME_oneline(X509_get_issuer_name(cert), NULL, 0); - if (str != NULL) - ossl_cmp_log1(INFO, ctx, " issuer = %s", str); - OPENSSL_free(str); - } - - if (already_checked(cert, already_checked1) - || already_checked(cert, already_checked2)) { - ossl_cmp_info(ctx, " cert has already been checked"); - return 0; - } - - time_cmp = X509_cmp_timeframe(vpm, X509_get0_notBefore(cert), - X509_get0_notAfter(cert)); - if (time_cmp != 0) { - ossl_cmp_warn(ctx, time_cmp > 0 ? "cert has expired" - : "cert is not yet valid"); - return 0; - } - - if (!check_name(ctx, 1, - "cert subject", X509_get_subject_name(cert), - "sender field", msg->header->sender->d.directoryName)) - return 0; - - if (!check_kid(ctx, X509_get0_subject_key_id(cert), msg->header->senderKID)) - return 0; - /* prevent misleading error later in case x509v3_cache_extensions() fails */ - if (!ossl_x509v3_cache_extensions(cert)) { - ossl_cmp_warn(ctx, "cert appears to be invalid"); - return 0; - } - if (!verify_signature(ctx, msg, cert)) { - ossl_cmp_warn(ctx, "msg signature verification failed"); - return 0; - } - /* acceptable also if there is no senderKID in msg header */ - ossl_cmp_info(ctx, " cert seems acceptable"); - return 1; -} - -static int check_cert_path(const OSSL_CMP_CTX *ctx, X509_STORE *store, - X509 *scrt) -{ - if (OSSL_CMP_validate_cert_path(ctx, store, scrt)) - return 1; - - ossl_cmp_warn(ctx, - "msg signature validates but cert path validation failed"); - return 0; -} - -/* - * Exceptional handling for 3GPP TS 33.310 [3G/LTE Network Domain Security - * (NDS); Authentication Framework (AF)], only to use for IP messages - * and if the ctx option is explicitly set: use self-issued certificates - * from extraCerts as trust anchor to validate sender cert - - * provided it also can validate the newly enrolled certificate - */ -static int check_cert_path_3gpp(const OSSL_CMP_CTX *ctx, - const OSSL_CMP_MSG *msg, X509 *scrt) -{ - int valid = 0; - X509_STORE *store; - - if (!ctx->permitTAInExtraCertsForIR) - return 0; - - if ((store = X509_STORE_new()) == NULL - || !ossl_cmp_X509_STORE_add1_certs(store, msg->extraCerts, - 1 /* self-issued only */)) - goto err; - - /* store does not include CRLs */ - valid = OSSL_CMP_validate_cert_path(ctx, store, scrt); - if (!valid) { - ossl_cmp_warn(ctx, - "also exceptional 3GPP mode cert path validation failed"); - } else { - /* - * verify that the newly enrolled certificate (which assumed rid == - * OSSL_CMP_CERTREQID) can also be validated with the same trusted store - */ - EVP_PKEY *pkey = OSSL_CMP_CTX_get0_newPkey(ctx, 1); - OSSL_CMP_CERTRESPONSE *crep = - ossl_cmp_certrepmessage_get0_certresponse(msg->body->value.ip, - OSSL_CMP_CERTREQID); - X509 *newcrt = ossl_cmp_certresponse_get1_cert(crep, ctx, pkey); - /* - * maybe better use get_cert_status() from cmp_client.c, which catches - * errors - */ - valid = OSSL_CMP_validate_cert_path(ctx, store, newcrt); - X509_free(newcrt); - } - - err: - X509_STORE_free(store); - return valid; -} - -static int check_msg_given_cert(const OSSL_CMP_CTX *ctx, X509 *cert, - const OSSL_CMP_MSG *msg) -{ - return cert_acceptable(ctx, "previously validated", "sender cert", - cert, NULL, NULL, msg) - && (check_cert_path(ctx, ctx->trusted, cert) - || check_cert_path_3gpp(ctx, msg, cert)); -} - -/*- - * Try all certs in given list for verifying msg, normally or in 3GPP mode. - * If already_checked1 == NULL then certs are assumed to be the msg->extraCerts. - * On success cache the found cert using ossl_cmp_ctx_set0_validatedSrvCert(). - */ -static int check_msg_with_certs(OSSL_CMP_CTX *ctx, const STACK_OF(X509) *certs, - const char *desc, - const STACK_OF(X509) *already_checked1, - const STACK_OF(X509) *already_checked2, - const OSSL_CMP_MSG *msg, int mode_3gpp) -{ - int in_extraCerts = already_checked1 == NULL; - int n_acceptable_certs = 0; - int i; - - if (sk_X509_num(certs) <= 0) { - ossl_cmp_log1(WARN, ctx, "no %s", desc); - return 0; - } - - for (i = 0; i < sk_X509_num(certs); i++) { /* certs may be NULL */ - X509 *cert = sk_X509_value(certs, i); - - if (!ossl_assert(cert != NULL)) - return 0; - if (!cert_acceptable(ctx, "cert from", desc, cert, - already_checked1, already_checked2, msg)) - continue; - n_acceptable_certs++; - if (mode_3gpp ? check_cert_path_3gpp(ctx, msg, cert) - : check_cert_path(ctx, ctx->trusted, cert)) { - /* store successful sender cert for further msgs in transaction */ - if (!X509_up_ref(cert)) - return 0; - if (!ossl_cmp_ctx_set0_validatedSrvCert(ctx, cert)) { - X509_free(cert); - return 0; - } - return 1; - } - } - if (in_extraCerts && n_acceptable_certs == 0) - ossl_cmp_warn(ctx, "no acceptable cert in extraCerts"); - return 0; -} - -/*- - * Verify msg trying first ctx->untrusted, which should include extraCerts - * at its front, then trying the trusted certs in truststore (if any) of ctx. - * On success cache the found cert using ossl_cmp_ctx_set0_validatedSrvCert(). - */ -static int check_msg_all_certs(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg, - int mode_3gpp) -{ - int ret = 0; - - if (mode_3gpp - && ((!ctx->permitTAInExtraCertsForIR - || OSSL_CMP_MSG_get_bodytype(msg) != OSSL_CMP_PKIBODY_IP))) - return 0; - - ossl_cmp_info(ctx, - mode_3gpp ? "normal mode failed; trying now 3GPP mode trusting extraCerts" - : "trying first normal mode using trust store"); - if (check_msg_with_certs(ctx, msg->extraCerts, "extraCerts", - NULL, NULL, msg, mode_3gpp)) - return 1; - if (check_msg_with_certs(ctx, ctx->untrusted, "untrusted certs", - msg->extraCerts, NULL, msg, mode_3gpp)) - return 1; - - if (ctx->trusted == NULL) { - ossl_cmp_warn(ctx, mode_3gpp ? "no self-issued extraCerts" - : "no trusted store"); - } else { - STACK_OF(X509) *trusted = X509_STORE_get1_all_certs(ctx->trusted); - ret = check_msg_with_certs(ctx, trusted, - mode_3gpp ? "self-issued extraCerts" - : "certs in trusted store", - msg->extraCerts, ctx->untrusted, - msg, mode_3gpp); - sk_X509_pop_free(trusted, X509_free); - } - return ret; -} - -static int no_log_cb(const char *func, const char *file, int line, - OSSL_CMP_severity level, const char *msg) -{ - return 1; -} - -/*- - * Verify message signature with any acceptable and valid candidate cert. - * On success cache the found cert using ossl_cmp_ctx_set0_validatedSrvCert(). - */ -static int check_msg_find_cert(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg) -{ - X509 *scrt = ctx->validatedSrvCert; /* previous successful sender cert */ - GENERAL_NAME *sender = msg->header->sender; - char *sname = NULL; - char *skid_str = NULL; - const ASN1_OCTET_STRING *skid = msg->header->senderKID; - OSSL_CMP_log_cb_t backup_log_cb = ctx->log_cb; - int res = 0; - - if (sender == NULL || msg->body == NULL) - return 0; /* other NULL cases already have been checked */ - if (sender->type != GEN_DIRNAME) { - ERR_raise(ERR_LIB_CMP, CMP_R_SENDER_GENERALNAME_TYPE_NOT_SUPPORTED); - return 0; - } - - /* dump any hitherto errors to avoid confusion when printing further ones */ - OSSL_CMP_CTX_print_errors(ctx); - - /* enable clearing irrelevant errors in attempts to validate sender certs */ - (void)ERR_set_mark(); - ctx->log_cb = no_log_cb; /* temporarily disable logging */ - - /* - * try first cached scrt, used successfully earlier in same transaction, - * for validating this and any further msgs where extraCerts may be left out - */ - if (scrt != NULL) { - if (check_msg_given_cert(ctx, scrt, msg)) { - ctx->log_cb = backup_log_cb; - (void)ERR_pop_to_mark(); - return 1; - } - /* cached sender cert has shown to be no more successfully usable */ - (void)ossl_cmp_ctx_set0_validatedSrvCert(ctx, NULL); - /* re-do the above check (just) for adding diagnostic information */ - ossl_cmp_info(ctx, - "trying to verify msg signature with previously validated cert"); - (void)check_msg_given_cert(ctx, scrt, msg); - } - - res = check_msg_all_certs(ctx, msg, 0 /* using ctx->trusted */) - || check_msg_all_certs(ctx, msg, 1 /* 3gpp */); - ctx->log_cb = backup_log_cb; - if (res) { - /* discard any diagnostic information on trying to use certs */ - (void)ERR_pop_to_mark(); - goto end; - } - /* failed finding a sender cert that verifies the message signature */ - (void)ERR_clear_last_mark(); - - sname = X509_NAME_oneline(sender->d.directoryName, NULL, 0); - skid_str = skid == NULL ? NULL - : OPENSSL_buf2hexstr(skid->data, skid->length); - if (ctx->log_cb != NULL) { - ossl_cmp_info(ctx, "trying to verify msg signature with a valid cert that.."); - if (sname != NULL) - ossl_cmp_log1(INFO, ctx, "matches msg sender = %s", sname); - if (skid_str != NULL) - ossl_cmp_log1(INFO, ctx, "matches msg senderKID = %s", skid_str); - else - ossl_cmp_info(ctx, "while msg header does not contain senderKID"); - /* re-do the above checks (just) for adding diagnostic information */ - (void)check_msg_all_certs(ctx, msg, 0 /* using ctx->trusted */); - (void)check_msg_all_certs(ctx, msg, 1 /* 3gpp */); - } - - ERR_raise(ERR_LIB_CMP, CMP_R_NO_SUITABLE_SENDER_CERT); - if (sname != NULL) { - ERR_add_error_txt(NULL, "for msg sender name = "); - ERR_add_error_txt(NULL, sname); - } - if (skid_str != NULL) { - ERR_add_error_txt(" and ", "for msg senderKID = "); - ERR_add_error_txt(NULL, skid_str); - } - - end: - OPENSSL_free(sname); - OPENSSL_free(skid_str); - return res; -} - -/*- - * Validate the protection of the given PKIMessage using either password- - * based mac (PBM) or a signature algorithm. In the case of signature algorithm, - * the sender certificate can have been pinned by providing it in ctx->srvCert, - * else it is searched in msg->extraCerts, ctx->untrusted, in ctx->trusted - * (in this order) and is path is validated against ctx->trusted. - * On success cache the found cert using ossl_cmp_ctx_set0_validatedSrvCert(). - * - * If ctx->permitTAInExtraCertsForIR is true and when validating a CMP IP msg, - * the trust anchor for validating the IP msg may be taken from msg->extraCerts - * if a self-issued certificate is found there that can be used to - * validate the enrolled certificate returned in the IP. - * This is according to the need given in 3GPP TS 33.310. - * - * Returns 1 on success, 0 on error or validation failed. - */ -int OSSL_CMP_validate_msg(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg) -{ - X509 *scrt; - - ossl_cmp_debug(ctx, "validating CMP message"); - if (ctx == NULL || msg == NULL - || msg->header == NULL || msg->body == NULL) { - ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); - return 0; - } - - if (msg->header->protectionAlg == NULL /* unprotected message */ - || msg->protection == NULL || msg->protection->data == NULL) { - ERR_raise(ERR_LIB_CMP, CMP_R_MISSING_PROTECTION); - return 0; - } - - switch (ossl_cmp_hdr_get_protection_nid(msg->header)) { - /* 5.1.3.1. Shared Secret Information */ - case NID_id_PasswordBasedMAC: - if (ctx->secretValue == NULL) { - ossl_cmp_warn(ctx, "no secret available for verifying PBM-based CMP message protection"); - return 1; - } - if (verify_PBMAC(ctx, msg)) { - /* - * RFC 4210, 5.3.2: 'Note that if the PKI Message Protection is - * "shared secret information", then any certificate transported in - * the caPubs field may be directly trusted as a root CA - * certificate by the initiator.' - */ - switch (OSSL_CMP_MSG_get_bodytype(msg)) { - case -1: - return 0; - case OSSL_CMP_PKIBODY_IP: - case OSSL_CMP_PKIBODY_CP: - case OSSL_CMP_PKIBODY_KUP: - case OSSL_CMP_PKIBODY_CCP: - if (ctx->trusted != NULL) { - STACK_OF(X509) *certs = msg->body->value.ip->caPubs; - /* value.ip is same for cp, kup, and ccp */ - - if (!ossl_cmp_X509_STORE_add1_certs(ctx->trusted, certs, 0)) - /* adds both self-issued and not self-issued certs */ - return 0; - } - break; - default: - break; - } - ossl_cmp_debug(ctx, - "sucessfully validated PBM-based CMP message protection"); - return 1; - } - ossl_cmp_warn(ctx, "verifying PBM-based CMP message protection failed"); - break; - - /* - * 5.1.3.2 DH Key Pairs - * Not yet supported - */ - case NID_id_DHBasedMac: - ERR_raise(ERR_LIB_CMP, CMP_R_UNSUPPORTED_PROTECTION_ALG_DHBASEDMAC); - break; - - /* - * 5.1.3.3. Signature - */ - default: - scrt = ctx->srvCert; - if (scrt == NULL) { - if (ctx->trusted == NULL) { - ossl_cmp_warn(ctx, "no trust store nor pinned server cert available for verifying signature-based CMP message protection"); - return 1; - } - if (check_msg_find_cert(ctx, msg)) - return 1; - } else { /* use pinned sender cert */ - /* use ctx->srvCert for signature check even if not acceptable */ - if (verify_signature(ctx, msg, scrt)) { - ossl_cmp_debug(ctx, - "sucessfully validated signature-based CMP message protection"); - - return 1; - } - ossl_cmp_warn(ctx, "CMP message signature verification failed"); - ERR_raise(ERR_LIB_CMP, CMP_R_SRVCERT_DOES_NOT_VALIDATE_MSG); - } - break; - } - return 0; -} - - -/*- - * Check received message (i.e., response by server or request from client) - * Any msg->extraCerts are prepended to ctx->untrusted. - * - * Ensures that: - * its sender is of appropriate type (curently only X509_NAME) and - * matches any expected sender or srvCert subject given in the ctx - * it has a valid body type - * its protection is valid (or invalid/absent, but only if a callback function - * is present and yields a positive result using also the supplied argument) - * its transaction ID matches the previous transaction ID stored in ctx (if any) - * its recipNonce matches the previous senderNonce stored in the ctx (if any) - * - * If everything is fine: - * learns the senderNonce from the received message, - * learns the transaction ID if it is not yet in ctx, - * and makes any certs in caPubs directly trusted. - * - * Returns 1 on success, 0 on error. - */ -int ossl_cmp_msg_check_update(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg, - ossl_cmp_allow_unprotected_cb_t cb, int cb_arg) -{ - OSSL_CMP_PKIHEADER *hdr; - const X509_NAME *expected_sender; - - if (!ossl_assert(ctx != NULL && msg != NULL && msg->header != NULL)) - return 0; - hdr = OSSL_CMP_MSG_get0_header(msg); - - /* validate sender name of received msg */ - if (hdr->sender->type != GEN_DIRNAME) { - ERR_raise(ERR_LIB_CMP, CMP_R_SENDER_GENERALNAME_TYPE_NOT_SUPPORTED); - return 0; - } - /* - * Compare actual sender name of response with expected sender name. - * Mitigates risk to accept misused PBM secret - * or misused certificate of an unauthorized entity of a trusted hierarchy. - */ - expected_sender = ctx->expected_sender; - if (expected_sender == NULL && ctx->srvCert != NULL) - expected_sender = X509_get_subject_name(ctx->srvCert); - if (!check_name(ctx, 0, "sender DN field", hdr->sender->d.directoryName, - "expected sender", expected_sender)) - return 0; - /* Note: if recipient was NULL-DN it could be learned here if needed */ - - if (sk_X509_num(msg->extraCerts) > 10) - ossl_cmp_warn(ctx, - "received CMP message contains more than 10 extraCerts"); - /* - * Store any provided extraCerts in ctx for use in OSSL_CMP_validate_msg() - * and for future use, such that they are available to ctx->certConf_cb and - * the peer does not need to send them again in the same transaction. - * Note that it does not help validating the message before storing the - * extraCerts because they do not belong to the protected msg part anyway. - * For efficiency, the extraCerts are prepended so they get used first. - */ - if (!X509_add_certs(ctx->untrusted, msg->extraCerts, - /* this allows self-signed certs */ - X509_ADD_FLAG_UP_REF | X509_ADD_FLAG_NO_DUP - | X509_ADD_FLAG_PREPEND)) - return 0; - - /* validate message protection */ - if (hdr->protectionAlg != NULL) { - /* detect explicitly permitted exceptions for invalid protection */ - if (!OSSL_CMP_validate_msg(ctx, msg) - && (cb == NULL || (*cb)(ctx, msg, 1, cb_arg) <= 0)) { -#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION - ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_VALIDATING_PROTECTION); - return 0; -#endif - } - } else { - /* detect explicitly permitted exceptions for missing protection */ - if (cb == NULL || (*cb)(ctx, msg, 0, cb_arg) <= 0) { -#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION - ERR_raise(ERR_LIB_CMP, CMP_R_MISSING_PROTECTION); - return 0; -#endif - } - } - - /* check CMP version number in header */ - if (ossl_cmp_hdr_get_pvno(hdr) != OSSL_CMP_PVNO) { -#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION - ERR_raise(ERR_LIB_CMP, CMP_R_UNEXPECTED_PVNO); - return 0; -#endif - } - - if (OSSL_CMP_MSG_get_bodytype(msg) < 0) { -#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION - ERR_raise(ERR_LIB_CMP, CMP_R_PKIBODY_ERROR); - return 0; -#endif - } - - /* compare received transactionID with the expected one in previous msg */ - if (ctx->transactionID != NULL - && (hdr->transactionID == NULL - || ASN1_OCTET_STRING_cmp(ctx->transactionID, - hdr->transactionID) != 0)) { -#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION - ERR_raise(ERR_LIB_CMP, CMP_R_TRANSACTIONID_UNMATCHED); - return 0; -#endif - } - - /* compare received nonce with the one we sent */ - if (ctx->senderNonce != NULL - && (msg->header->recipNonce == NULL - || ASN1_OCTET_STRING_cmp(ctx->senderNonce, - hdr->recipNonce) != 0)) { -#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION - ERR_raise(ERR_LIB_CMP, CMP_R_RECIPNONCE_UNMATCHED); - return 0; -#endif - } - - /* - * RFC 4210 section 5.1.1 states: the recipNonce is copied from - * the senderNonce of the previous message in the transaction. - * --> Store for setting in next message - */ - if (!ossl_cmp_ctx_set1_recipNonce(ctx, hdr->senderNonce)) - return 0; - - /* if not yet present, learn transactionID */ - if (ctx->transactionID == NULL - && !OSSL_CMP_CTX_set1_transactionID(ctx, hdr->transactionID)) - return -1; - - /* - * Store any provided extraCerts in ctx for future use, - * such that they are available to ctx->certConf_cb and - * the peer does not need to send them again in the same transaction. - * For efficiency, the extraCerts are prepended so they get used first. - */ - if (!X509_add_certs(ctx->untrusted, msg->extraCerts, - /* this allows self-signed certs */ - X509_ADD_FLAG_UP_REF | X509_ADD_FLAG_NO_DUP - | X509_ADD_FLAG_PREPEND)) - return -1; - - if (ossl_cmp_hdr_get_protection_nid(hdr) == NID_id_PasswordBasedMAC) { - /* - * RFC 4210, 5.3.2: 'Note that if the PKI Message Protection is - * "shared secret information", then any certificate transported in - * the caPubs field may be directly trusted as a root CA - * certificate by the initiator.' - */ - switch (OSSL_CMP_MSG_get_bodytype(msg)) { - case OSSL_CMP_PKIBODY_IP: - case OSSL_CMP_PKIBODY_CP: - case OSSL_CMP_PKIBODY_KUP: - case OSSL_CMP_PKIBODY_CCP: - if (ctx->trusted != NULL) { - STACK_OF(X509) *certs = msg->body->value.ip->caPubs; - /* value.ip is same for cp, kup, and ccp */ - - if (!ossl_cmp_X509_STORE_add1_certs(ctx->trusted, certs, 0)) - /* adds both self-issued and not self-issued certs */ - return 0; - } - break; - default: - break; - } - } - return 1; -} - -int ossl_cmp_verify_popo(const OSSL_CMP_CTX *ctx, - const OSSL_CMP_MSG *msg, int acceptRAVerified) -{ - if (!ossl_assert(msg != NULL && msg->body != NULL)) - return 0; - switch (msg->body->type) { - case OSSL_CMP_PKIBODY_P10CR: - { - X509_REQ *req = msg->body->value.p10cr; - - if (X509_REQ_verify_ex(req, X509_REQ_get0_pubkey(req), ctx->libctx, - ctx->propq) <= 0) { -#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION - ERR_raise(ERR_LIB_CMP, CMP_R_REQUEST_NOT_ACCEPTED); - return 0; -#endif - } - } - break; - case OSSL_CMP_PKIBODY_IR: - case OSSL_CMP_PKIBODY_CR: - case OSSL_CMP_PKIBODY_KUR: - if (!OSSL_CRMF_MSGS_verify_popo(msg->body->value.ir, OSSL_CMP_CERTREQID, - acceptRAVerified, - ctx->libctx, ctx->propq)) { -#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION - return 0; -#endif - } - break; - default: - ERR_raise(ERR_LIB_CMP, CMP_R_PKIBODY_ERROR); - return 0; - } - return 1; -} diff --git a/crypto/cms/build.info b/crypto/cms/build.info deleted file mode 100644 index 5fabea7c53d1d9b8008aa2c7125f4c3fcb76ee3e..0000000000000000000000000000000000000000 --- a/crypto/cms/build.info +++ /dev/null @@ -1,5 +0,0 @@ -LIBS=../../libcrypto -SOURCE[../../libcrypto]= \ - cms_lib.c cms_asn1.c cms_att.c cms_io.c cms_smime.c cms_err.c \ - cms_sd.c cms_dd.c cms_cd.c cms_env.c cms_enc.c cms_ess.c \ - cms_pwri.c cms_kari.c cms_rsa.c cms_dh.c cms_ec.c diff --git a/crypto/cms/cms_asn1.c b/crypto/cms/cms_asn1.c deleted file mode 100644 index 72cd14317d47ea4462228239990109bac38457f8..0000000000000000000000000000000000000000 --- a/crypto/cms/cms_asn1.c +++ /dev/null @@ -1,415 +0,0 @@ -/* - * Copyright 2008-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include -#include "cms_local.h" - - -ASN1_SEQUENCE(CMS_IssuerAndSerialNumber) = { - ASN1_SIMPLE(CMS_IssuerAndSerialNumber, issuer, X509_NAME), - ASN1_SIMPLE(CMS_IssuerAndSerialNumber, serialNumber, ASN1_INTEGER) -} ASN1_SEQUENCE_END(CMS_IssuerAndSerialNumber) - -ASN1_SEQUENCE(CMS_OtherCertificateFormat) = { - ASN1_SIMPLE(CMS_OtherCertificateFormat, otherCertFormat, ASN1_OBJECT), - ASN1_OPT(CMS_OtherCertificateFormat, otherCert, ASN1_ANY) -} static_ASN1_SEQUENCE_END(CMS_OtherCertificateFormat) - -ASN1_CHOICE(CMS_CertificateChoices) = { - ASN1_SIMPLE(CMS_CertificateChoices, d.certificate, X509), - ASN1_IMP(CMS_CertificateChoices, d.extendedCertificate, ASN1_SEQUENCE, 0), - ASN1_IMP(CMS_CertificateChoices, d.v1AttrCert, ASN1_SEQUENCE, 1), - ASN1_IMP(CMS_CertificateChoices, d.v2AttrCert, ASN1_SEQUENCE, 2), - ASN1_IMP(CMS_CertificateChoices, d.other, CMS_OtherCertificateFormat, 3) -} ASN1_CHOICE_END(CMS_CertificateChoices) - -ASN1_CHOICE(CMS_SignerIdentifier) = { - ASN1_SIMPLE(CMS_SignerIdentifier, d.issuerAndSerialNumber, CMS_IssuerAndSerialNumber), - ASN1_IMP(CMS_SignerIdentifier, d.subjectKeyIdentifier, ASN1_OCTET_STRING, 0) -} static_ASN1_CHOICE_END(CMS_SignerIdentifier) - -ASN1_NDEF_SEQUENCE(CMS_EncapsulatedContentInfo) = { - ASN1_SIMPLE(CMS_EncapsulatedContentInfo, eContentType, ASN1_OBJECT), - ASN1_NDEF_EXP_OPT(CMS_EncapsulatedContentInfo, eContent, ASN1_OCTET_STRING_NDEF, 0) -} static_ASN1_NDEF_SEQUENCE_END(CMS_EncapsulatedContentInfo) - -/* Minor tweak to operation: free up signer key, cert */ -static int cms_si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, - void *exarg) -{ - if (operation == ASN1_OP_FREE_POST) { - CMS_SignerInfo *si = (CMS_SignerInfo *)*pval; - EVP_PKEY_free(si->pkey); - X509_free(si->signer); - EVP_MD_CTX_free(si->mctx); - } - return 1; -} - -ASN1_SEQUENCE_cb(CMS_SignerInfo, cms_si_cb) = { - ASN1_EMBED(CMS_SignerInfo, version, INT32), - ASN1_SIMPLE(CMS_SignerInfo, sid, CMS_SignerIdentifier), - ASN1_SIMPLE(CMS_SignerInfo, digestAlgorithm, X509_ALGOR), - ASN1_IMP_SET_OF_OPT(CMS_SignerInfo, signedAttrs, X509_ATTRIBUTE, 0), - ASN1_SIMPLE(CMS_SignerInfo, signatureAlgorithm, X509_ALGOR), - ASN1_SIMPLE(CMS_SignerInfo, signature, ASN1_OCTET_STRING), - ASN1_IMP_SET_OF_OPT(CMS_SignerInfo, unsignedAttrs, X509_ATTRIBUTE, 1) -} ASN1_SEQUENCE_END_cb(CMS_SignerInfo, CMS_SignerInfo) - -ASN1_SEQUENCE(CMS_OtherRevocationInfoFormat) = { - ASN1_SIMPLE(CMS_OtherRevocationInfoFormat, otherRevInfoFormat, ASN1_OBJECT), - ASN1_OPT(CMS_OtherRevocationInfoFormat, otherRevInfo, ASN1_ANY) -} static_ASN1_SEQUENCE_END(CMS_OtherRevocationInfoFormat) - -ASN1_CHOICE(CMS_RevocationInfoChoice) = { - ASN1_SIMPLE(CMS_RevocationInfoChoice, d.crl, X509_CRL), - ASN1_IMP(CMS_RevocationInfoChoice, d.other, CMS_OtherRevocationInfoFormat, 1) -} ASN1_CHOICE_END(CMS_RevocationInfoChoice) - -ASN1_NDEF_SEQUENCE(CMS_SignedData) = { - ASN1_EMBED(CMS_SignedData, version, INT32), - ASN1_SET_OF(CMS_SignedData, digestAlgorithms, X509_ALGOR), - ASN1_SIMPLE(CMS_SignedData, encapContentInfo, CMS_EncapsulatedContentInfo), - ASN1_IMP_SET_OF_OPT(CMS_SignedData, certificates, CMS_CertificateChoices, 0), - ASN1_IMP_SET_OF_OPT(CMS_SignedData, crls, CMS_RevocationInfoChoice, 1), - ASN1_SET_OF(CMS_SignedData, signerInfos, CMS_SignerInfo) -} ASN1_NDEF_SEQUENCE_END(CMS_SignedData) - -ASN1_SEQUENCE(CMS_OriginatorInfo) = { - ASN1_IMP_SET_OF_OPT(CMS_OriginatorInfo, certificates, CMS_CertificateChoices, 0), - ASN1_IMP_SET_OF_OPT(CMS_OriginatorInfo, crls, CMS_RevocationInfoChoice, 1) -} static_ASN1_SEQUENCE_END(CMS_OriginatorInfo) - -ASN1_NDEF_SEQUENCE(CMS_EncryptedContentInfo) = { - ASN1_SIMPLE(CMS_EncryptedContentInfo, contentType, ASN1_OBJECT), - ASN1_SIMPLE(CMS_EncryptedContentInfo, contentEncryptionAlgorithm, X509_ALGOR), - ASN1_IMP_OPT(CMS_EncryptedContentInfo, encryptedContent, ASN1_OCTET_STRING_NDEF, 0) -} static_ASN1_NDEF_SEQUENCE_END(CMS_EncryptedContentInfo) - -ASN1_SEQUENCE(CMS_KeyTransRecipientInfo) = { - ASN1_EMBED(CMS_KeyTransRecipientInfo, version, INT32), - ASN1_SIMPLE(CMS_KeyTransRecipientInfo, rid, CMS_SignerIdentifier), - ASN1_SIMPLE(CMS_KeyTransRecipientInfo, keyEncryptionAlgorithm, X509_ALGOR), - ASN1_SIMPLE(CMS_KeyTransRecipientInfo, encryptedKey, ASN1_OCTET_STRING) -} ASN1_SEQUENCE_END(CMS_KeyTransRecipientInfo) - -ASN1_SEQUENCE(CMS_OtherKeyAttribute) = { - ASN1_SIMPLE(CMS_OtherKeyAttribute, keyAttrId, ASN1_OBJECT), - ASN1_OPT(CMS_OtherKeyAttribute, keyAttr, ASN1_ANY) -} ASN1_SEQUENCE_END(CMS_OtherKeyAttribute) - -ASN1_SEQUENCE(CMS_RecipientKeyIdentifier) = { - ASN1_SIMPLE(CMS_RecipientKeyIdentifier, subjectKeyIdentifier, ASN1_OCTET_STRING), - ASN1_OPT(CMS_RecipientKeyIdentifier, date, ASN1_GENERALIZEDTIME), - ASN1_OPT(CMS_RecipientKeyIdentifier, other, CMS_OtherKeyAttribute) -} ASN1_SEQUENCE_END(CMS_RecipientKeyIdentifier) - -ASN1_CHOICE(CMS_KeyAgreeRecipientIdentifier) = { - ASN1_SIMPLE(CMS_KeyAgreeRecipientIdentifier, d.issuerAndSerialNumber, CMS_IssuerAndSerialNumber), - ASN1_IMP(CMS_KeyAgreeRecipientIdentifier, d.rKeyId, CMS_RecipientKeyIdentifier, 0) -} static_ASN1_CHOICE_END(CMS_KeyAgreeRecipientIdentifier) - -static int cms_rek_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, - void *exarg) -{ - CMS_RecipientEncryptedKey *rek = (CMS_RecipientEncryptedKey *)*pval; - if (operation == ASN1_OP_FREE_POST) { - EVP_PKEY_free(rek->pkey); - } - return 1; -} - -ASN1_SEQUENCE_cb(CMS_RecipientEncryptedKey, cms_rek_cb) = { - ASN1_SIMPLE(CMS_RecipientEncryptedKey, rid, CMS_KeyAgreeRecipientIdentifier), - ASN1_SIMPLE(CMS_RecipientEncryptedKey, encryptedKey, ASN1_OCTET_STRING) -} ASN1_SEQUENCE_END_cb(CMS_RecipientEncryptedKey, CMS_RecipientEncryptedKey) - -ASN1_SEQUENCE(CMS_OriginatorPublicKey) = { - ASN1_SIMPLE(CMS_OriginatorPublicKey, algorithm, X509_ALGOR), - ASN1_SIMPLE(CMS_OriginatorPublicKey, publicKey, ASN1_BIT_STRING) -} ASN1_SEQUENCE_END(CMS_OriginatorPublicKey) - -ASN1_CHOICE(CMS_OriginatorIdentifierOrKey) = { - ASN1_SIMPLE(CMS_OriginatorIdentifierOrKey, d.issuerAndSerialNumber, CMS_IssuerAndSerialNumber), - ASN1_IMP(CMS_OriginatorIdentifierOrKey, d.subjectKeyIdentifier, ASN1_OCTET_STRING, 0), - ASN1_IMP(CMS_OriginatorIdentifierOrKey, d.originatorKey, CMS_OriginatorPublicKey, 1) -} static_ASN1_CHOICE_END(CMS_OriginatorIdentifierOrKey) - -static int cms_kari_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, - void *exarg) -{ - CMS_KeyAgreeRecipientInfo *kari = (CMS_KeyAgreeRecipientInfo *)*pval; - if (operation == ASN1_OP_NEW_POST) { - kari->ctx = EVP_CIPHER_CTX_new(); - if (kari->ctx == NULL) - return 0; - EVP_CIPHER_CTX_set_flags(kari->ctx, EVP_CIPHER_CTX_FLAG_WRAP_ALLOW); - kari->pctx = NULL; - } else if (operation == ASN1_OP_FREE_POST) { - EVP_PKEY_CTX_free(kari->pctx); - EVP_CIPHER_CTX_free(kari->ctx); - } - return 1; -} - -ASN1_SEQUENCE_cb(CMS_KeyAgreeRecipientInfo, cms_kari_cb) = { - ASN1_EMBED(CMS_KeyAgreeRecipientInfo, version, INT32), - ASN1_EXP(CMS_KeyAgreeRecipientInfo, originator, CMS_OriginatorIdentifierOrKey, 0), - ASN1_EXP_OPT(CMS_KeyAgreeRecipientInfo, ukm, ASN1_OCTET_STRING, 1), - ASN1_SIMPLE(CMS_KeyAgreeRecipientInfo, keyEncryptionAlgorithm, X509_ALGOR), - ASN1_SEQUENCE_OF(CMS_KeyAgreeRecipientInfo, recipientEncryptedKeys, CMS_RecipientEncryptedKey) -} ASN1_SEQUENCE_END_cb(CMS_KeyAgreeRecipientInfo, CMS_KeyAgreeRecipientInfo) - -ASN1_SEQUENCE(CMS_KEKIdentifier) = { - ASN1_SIMPLE(CMS_KEKIdentifier, keyIdentifier, ASN1_OCTET_STRING), - ASN1_OPT(CMS_KEKIdentifier, date, ASN1_GENERALIZEDTIME), - ASN1_OPT(CMS_KEKIdentifier, other, CMS_OtherKeyAttribute) -} static_ASN1_SEQUENCE_END(CMS_KEKIdentifier) - -ASN1_SEQUENCE(CMS_KEKRecipientInfo) = { - ASN1_EMBED(CMS_KEKRecipientInfo, version, INT32), - ASN1_SIMPLE(CMS_KEKRecipientInfo, kekid, CMS_KEKIdentifier), - ASN1_SIMPLE(CMS_KEKRecipientInfo, keyEncryptionAlgorithm, X509_ALGOR), - ASN1_SIMPLE(CMS_KEKRecipientInfo, encryptedKey, ASN1_OCTET_STRING) -} ASN1_SEQUENCE_END(CMS_KEKRecipientInfo) - -ASN1_SEQUENCE(CMS_PasswordRecipientInfo) = { - ASN1_EMBED(CMS_PasswordRecipientInfo, version, INT32), - ASN1_IMP_OPT(CMS_PasswordRecipientInfo, keyDerivationAlgorithm, X509_ALGOR, 0), - ASN1_SIMPLE(CMS_PasswordRecipientInfo, keyEncryptionAlgorithm, X509_ALGOR), - ASN1_SIMPLE(CMS_PasswordRecipientInfo, encryptedKey, ASN1_OCTET_STRING) -} ASN1_SEQUENCE_END(CMS_PasswordRecipientInfo) - -ASN1_SEQUENCE(CMS_OtherRecipientInfo) = { - ASN1_SIMPLE(CMS_OtherRecipientInfo, oriType, ASN1_OBJECT), - ASN1_OPT(CMS_OtherRecipientInfo, oriValue, ASN1_ANY) -} static_ASN1_SEQUENCE_END(CMS_OtherRecipientInfo) - -/* Free up RecipientInfo additional data */ -static int cms_ri_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, - void *exarg) -{ - if (operation == ASN1_OP_FREE_PRE) { - CMS_RecipientInfo *ri = (CMS_RecipientInfo *)*pval; - if (ri->type == CMS_RECIPINFO_TRANS) { - CMS_KeyTransRecipientInfo *ktri = ri->d.ktri; - EVP_PKEY_free(ktri->pkey); - X509_free(ktri->recip); - EVP_PKEY_CTX_free(ktri->pctx); - } else if (ri->type == CMS_RECIPINFO_KEK) { - CMS_KEKRecipientInfo *kekri = ri->d.kekri; - OPENSSL_clear_free(kekri->key, kekri->keylen); - } else if (ri->type == CMS_RECIPINFO_PASS) { - CMS_PasswordRecipientInfo *pwri = ri->d.pwri; - OPENSSL_clear_free(pwri->pass, pwri->passlen); - } - } - return 1; -} - -ASN1_CHOICE_cb(CMS_RecipientInfo, cms_ri_cb) = { - ASN1_SIMPLE(CMS_RecipientInfo, d.ktri, CMS_KeyTransRecipientInfo), - ASN1_IMP(CMS_RecipientInfo, d.kari, CMS_KeyAgreeRecipientInfo, 1), - ASN1_IMP(CMS_RecipientInfo, d.kekri, CMS_KEKRecipientInfo, 2), - ASN1_IMP(CMS_RecipientInfo, d.pwri, CMS_PasswordRecipientInfo, 3), - ASN1_IMP(CMS_RecipientInfo, d.ori, CMS_OtherRecipientInfo, 4) -} ASN1_CHOICE_END_cb(CMS_RecipientInfo, CMS_RecipientInfo, type) - -ASN1_NDEF_SEQUENCE(CMS_EnvelopedData) = { - ASN1_EMBED(CMS_EnvelopedData, version, INT32), - ASN1_IMP_OPT(CMS_EnvelopedData, originatorInfo, CMS_OriginatorInfo, 0), - ASN1_SET_OF(CMS_EnvelopedData, recipientInfos, CMS_RecipientInfo), - ASN1_SIMPLE(CMS_EnvelopedData, encryptedContentInfo, CMS_EncryptedContentInfo), - ASN1_IMP_SET_OF_OPT(CMS_EnvelopedData, unprotectedAttrs, X509_ATTRIBUTE, 1) -} ASN1_NDEF_SEQUENCE_END(CMS_EnvelopedData) - -ASN1_NDEF_SEQUENCE(CMS_DigestedData) = { - ASN1_EMBED(CMS_DigestedData, version, INT32), - ASN1_SIMPLE(CMS_DigestedData, digestAlgorithm, X509_ALGOR), - ASN1_SIMPLE(CMS_DigestedData, encapContentInfo, CMS_EncapsulatedContentInfo), - ASN1_SIMPLE(CMS_DigestedData, digest, ASN1_OCTET_STRING) -} ASN1_NDEF_SEQUENCE_END(CMS_DigestedData) - -ASN1_NDEF_SEQUENCE(CMS_EncryptedData) = { - ASN1_EMBED(CMS_EncryptedData, version, INT32), - ASN1_SIMPLE(CMS_EncryptedData, encryptedContentInfo, CMS_EncryptedContentInfo), - ASN1_IMP_SET_OF_OPT(CMS_EncryptedData, unprotectedAttrs, X509_ATTRIBUTE, 1) -} ASN1_NDEF_SEQUENCE_END(CMS_EncryptedData) - -/* Defined in RFC 5083 - Section 2.1. AuthEnvelopedData Type */ -ASN1_NDEF_SEQUENCE(CMS_AuthEnvelopedData) = { - ASN1_EMBED(CMS_AuthEnvelopedData, version, INT32), - ASN1_IMP_OPT(CMS_AuthEnvelopedData, originatorInfo, CMS_OriginatorInfo, 0), - ASN1_SET_OF(CMS_AuthEnvelopedData, recipientInfos, CMS_RecipientInfo), - ASN1_SIMPLE(CMS_AuthEnvelopedData, authEncryptedContentInfo, CMS_EncryptedContentInfo), - ASN1_IMP_SET_OF_OPT(CMS_AuthEnvelopedData, authAttrs, X509_ALGOR, 2), - ASN1_SIMPLE(CMS_AuthEnvelopedData, mac, ASN1_OCTET_STRING), - ASN1_IMP_SET_OF_OPT(CMS_AuthEnvelopedData, unauthAttrs, X509_ALGOR, 3) -} ASN1_NDEF_SEQUENCE_END(CMS_AuthEnvelopedData) - -ASN1_NDEF_SEQUENCE(CMS_AuthenticatedData) = { - ASN1_EMBED(CMS_AuthenticatedData, version, INT32), - ASN1_IMP_OPT(CMS_AuthenticatedData, originatorInfo, CMS_OriginatorInfo, 0), - ASN1_SET_OF(CMS_AuthenticatedData, recipientInfos, CMS_RecipientInfo), - ASN1_SIMPLE(CMS_AuthenticatedData, macAlgorithm, X509_ALGOR), - ASN1_IMP(CMS_AuthenticatedData, digestAlgorithm, X509_ALGOR, 1), - ASN1_SIMPLE(CMS_AuthenticatedData, encapContentInfo, CMS_EncapsulatedContentInfo), - ASN1_IMP_SET_OF_OPT(CMS_AuthenticatedData, authAttrs, X509_ALGOR, 2), - ASN1_SIMPLE(CMS_AuthenticatedData, mac, ASN1_OCTET_STRING), - ASN1_IMP_SET_OF_OPT(CMS_AuthenticatedData, unauthAttrs, X509_ALGOR, 3) -} static_ASN1_NDEF_SEQUENCE_END(CMS_AuthenticatedData) - -ASN1_NDEF_SEQUENCE(CMS_CompressedData) = { - ASN1_EMBED(CMS_CompressedData, version, INT32), - ASN1_SIMPLE(CMS_CompressedData, compressionAlgorithm, X509_ALGOR), - ASN1_SIMPLE(CMS_CompressedData, encapContentInfo, CMS_EncapsulatedContentInfo), -} ASN1_NDEF_SEQUENCE_END(CMS_CompressedData) - -/* This is the ANY DEFINED BY table for the top level ContentInfo structure */ - -ASN1_ADB_TEMPLATE(cms_default) = ASN1_EXP(CMS_ContentInfo, d.other, ASN1_ANY, 0); - -ASN1_ADB(CMS_ContentInfo) = { - ADB_ENTRY(NID_pkcs7_data, ASN1_NDEF_EXP(CMS_ContentInfo, d.data, ASN1_OCTET_STRING_NDEF, 0)), - ADB_ENTRY(NID_pkcs7_signed, ASN1_NDEF_EXP(CMS_ContentInfo, d.signedData, CMS_SignedData, 0)), - ADB_ENTRY(NID_pkcs7_enveloped, ASN1_NDEF_EXP(CMS_ContentInfo, d.envelopedData, CMS_EnvelopedData, 0)), - ADB_ENTRY(NID_pkcs7_digest, ASN1_NDEF_EXP(CMS_ContentInfo, d.digestedData, CMS_DigestedData, 0)), - ADB_ENTRY(NID_pkcs7_encrypted, ASN1_NDEF_EXP(CMS_ContentInfo, d.encryptedData, CMS_EncryptedData, 0)), - ADB_ENTRY(NID_id_smime_ct_authEnvelopedData, ASN1_NDEF_EXP(CMS_ContentInfo, d.authEnvelopedData, CMS_AuthEnvelopedData, 0)), - ADB_ENTRY(NID_id_smime_ct_authData, ASN1_NDEF_EXP(CMS_ContentInfo, d.authenticatedData, CMS_AuthenticatedData, 0)), - ADB_ENTRY(NID_id_smime_ct_compressedData, ASN1_NDEF_EXP(CMS_ContentInfo, d.compressedData, CMS_CompressedData, 0)), -} ASN1_ADB_END(CMS_ContentInfo, 0, contentType, 0, &cms_default_tt, NULL); - -/* CMS streaming support */ -static int cms_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, - void *exarg) -{ - ASN1_STREAM_ARG *sarg = exarg; - CMS_ContentInfo *cms = NULL; - if (pval) - cms = (CMS_ContentInfo *)*pval; - else - return 1; - switch (operation) { - - case ASN1_OP_STREAM_PRE: - if (CMS_stream(&sarg->boundary, cms) <= 0) - return 0; - /* fall thru */ - case ASN1_OP_DETACHED_PRE: - sarg->ndef_bio = CMS_dataInit(cms, sarg->out); - if (!sarg->ndef_bio) - return 0; - break; - - case ASN1_OP_STREAM_POST: - case ASN1_OP_DETACHED_POST: - if (CMS_dataFinal(cms, sarg->ndef_bio) <= 0) - return 0; - break; - - } - return 1; -} - -ASN1_NDEF_SEQUENCE_cb(CMS_ContentInfo, cms_cb) = { - ASN1_SIMPLE(CMS_ContentInfo, contentType, ASN1_OBJECT), - ASN1_ADB_OBJECT(CMS_ContentInfo) -} ASN1_NDEF_SEQUENCE_END_cb(CMS_ContentInfo, CMS_ContentInfo) - -/* Specials for signed attributes */ - -/* - * When signing attributes we want to reorder them to match the sorted - * encoding. - */ - -ASN1_ITEM_TEMPLATE(CMS_Attributes_Sign) = - ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SET_ORDER, 0, CMS_ATTRIBUTES, X509_ATTRIBUTE) -ASN1_ITEM_TEMPLATE_END(CMS_Attributes_Sign) - -/* - * When verifying attributes we need to use the received order. So we use - * SEQUENCE OF and tag it to SET OF - */ - -ASN1_ITEM_TEMPLATE(CMS_Attributes_Verify) = - ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_IMPTAG | ASN1_TFLG_UNIVERSAL, - V_ASN1_SET, CMS_ATTRIBUTES, X509_ATTRIBUTE) -ASN1_ITEM_TEMPLATE_END(CMS_Attributes_Verify) - - - -ASN1_CHOICE(CMS_ReceiptsFrom) = { - ASN1_IMP_EMBED(CMS_ReceiptsFrom, d.allOrFirstTier, INT32, 0), - ASN1_IMP_SEQUENCE_OF(CMS_ReceiptsFrom, d.receiptList, GENERAL_NAMES, 1) -} static_ASN1_CHOICE_END(CMS_ReceiptsFrom) - -ASN1_SEQUENCE(CMS_ReceiptRequest) = { - ASN1_SIMPLE(CMS_ReceiptRequest, signedContentIdentifier, ASN1_OCTET_STRING), - ASN1_SIMPLE(CMS_ReceiptRequest, receiptsFrom, CMS_ReceiptsFrom), - ASN1_SEQUENCE_OF(CMS_ReceiptRequest, receiptsTo, GENERAL_NAMES) -} ASN1_SEQUENCE_END(CMS_ReceiptRequest) - -ASN1_SEQUENCE(CMS_Receipt) = { - ASN1_EMBED(CMS_Receipt, version, INT32), - ASN1_SIMPLE(CMS_Receipt, contentType, ASN1_OBJECT), - ASN1_SIMPLE(CMS_Receipt, signedContentIdentifier, ASN1_OCTET_STRING), - ASN1_SIMPLE(CMS_Receipt, originatorSignatureValue, ASN1_OCTET_STRING) -} ASN1_SEQUENCE_END(CMS_Receipt) - -/* - * Utilities to encode the CMS_SharedInfo structure used during key - * derivation. - */ - -typedef struct { - X509_ALGOR *keyInfo; - ASN1_OCTET_STRING *entityUInfo; - ASN1_OCTET_STRING *suppPubInfo; -} CMS_SharedInfo; - -ASN1_SEQUENCE(CMS_SharedInfo) = { - ASN1_SIMPLE(CMS_SharedInfo, keyInfo, X509_ALGOR), - ASN1_EXP_OPT(CMS_SharedInfo, entityUInfo, ASN1_OCTET_STRING, 0), - ASN1_EXP_OPT(CMS_SharedInfo, suppPubInfo, ASN1_OCTET_STRING, 2), -} static_ASN1_SEQUENCE_END(CMS_SharedInfo) - -int CMS_SharedInfo_encode(unsigned char **pder, X509_ALGOR *kekalg, - ASN1_OCTET_STRING *ukm, int keylen) -{ - union { - CMS_SharedInfo *pecsi; - ASN1_VALUE *a; - } intsi = { - NULL - }; - - ASN1_OCTET_STRING oklen; - unsigned char kl[4]; - CMS_SharedInfo ecsi; - - keylen <<= 3; - kl[0] = (keylen >> 24) & 0xff; - kl[1] = (keylen >> 16) & 0xff; - kl[2] = (keylen >> 8) & 0xff; - kl[3] = keylen & 0xff; - oklen.length = 4; - oklen.data = kl; - oklen.type = V_ASN1_OCTET_STRING; - oklen.flags = 0; - ecsi.keyInfo = kekalg; - ecsi.entityUInfo = ukm; - ecsi.suppPubInfo = &oklen; - intsi.pecsi = &ecsi; - return ASN1_item_i2d(intsi.a, pder, ASN1_ITEM_rptr(CMS_SharedInfo)); -} diff --git a/crypto/cms/cms_att.c b/crypto/cms/cms_att.c deleted file mode 100644 index 5b99516b29a16ab540f45ca4c23a99f7c84e20a7..0000000000000000000000000000000000000000 --- a/crypto/cms/cms_att.c +++ /dev/null @@ -1,285 +0,0 @@ -/* - * Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include -#include -#include "cms_local.h" -#include "internal/nelem.h" - -/*- - * Attribute flags. - * CMS attribute restrictions are discussed in - * - RFC 5652 Section 11. - * ESS attribute restrictions are discussed in - * - RFC 2634 Section 1.3.4 AND - * - RFC 5035 Section 5.4 - */ -/* This is a signed attribute */ -#define CMS_ATTR_F_SIGNED 0x01 -/* This is an unsigned attribute */ -#define CMS_ATTR_F_UNSIGNED 0x02 -/* Must be present if there are any other attributes of the same type */ -#define CMS_ATTR_F_REQUIRED_COND 0x10 -/* There can only be one instance of this attribute */ -#define CMS_ATTR_F_ONLY_ONE 0x20 -/* The Attribute's value must have exactly one entry */ -#define CMS_ATTR_F_ONE_ATTR_VALUE 0x40 - -/* Attributes rules for different attributes */ -static const struct { - int nid; /* The attribute id */ - int flags; -} cms_attribute_properties[] = { - /* See RFC Section 11 */ - { NID_pkcs9_contentType, CMS_ATTR_F_SIGNED - | CMS_ATTR_F_ONLY_ONE - | CMS_ATTR_F_ONE_ATTR_VALUE - | CMS_ATTR_F_REQUIRED_COND }, - { NID_pkcs9_messageDigest, CMS_ATTR_F_SIGNED - | CMS_ATTR_F_ONLY_ONE - | CMS_ATTR_F_ONE_ATTR_VALUE - | CMS_ATTR_F_REQUIRED_COND }, - { NID_pkcs9_signingTime, CMS_ATTR_F_SIGNED - | CMS_ATTR_F_ONLY_ONE - | CMS_ATTR_F_ONE_ATTR_VALUE }, - { NID_pkcs9_countersignature, CMS_ATTR_F_UNSIGNED }, - /* ESS */ - { NID_id_smime_aa_signingCertificate, CMS_ATTR_F_SIGNED - | CMS_ATTR_F_ONLY_ONE - | CMS_ATTR_F_ONE_ATTR_VALUE }, - { NID_id_smime_aa_signingCertificateV2, CMS_ATTR_F_SIGNED - | CMS_ATTR_F_ONLY_ONE - | CMS_ATTR_F_ONE_ATTR_VALUE }, - { NID_id_smime_aa_receiptRequest, CMS_ATTR_F_SIGNED - | CMS_ATTR_F_ONLY_ONE - | CMS_ATTR_F_ONE_ATTR_VALUE } -}; - -/* CMS SignedData Attribute utilities */ - -int CMS_signed_get_attr_count(const CMS_SignerInfo *si) -{ - return X509at_get_attr_count(si->signedAttrs); -} - -int CMS_signed_get_attr_by_NID(const CMS_SignerInfo *si, int nid, int lastpos) -{ - return X509at_get_attr_by_NID(si->signedAttrs, nid, lastpos); -} - -int CMS_signed_get_attr_by_OBJ(const CMS_SignerInfo *si, const ASN1_OBJECT *obj, - int lastpos) -{ - return X509at_get_attr_by_OBJ(si->signedAttrs, obj, lastpos); -} - -X509_ATTRIBUTE *CMS_signed_get_attr(const CMS_SignerInfo *si, int loc) -{ - return X509at_get_attr(si->signedAttrs, loc); -} - -X509_ATTRIBUTE *CMS_signed_delete_attr(CMS_SignerInfo *si, int loc) -{ - return X509at_delete_attr(si->signedAttrs, loc); -} - -int CMS_signed_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr) -{ - if (X509at_add1_attr(&si->signedAttrs, attr)) - return 1; - return 0; -} - -int CMS_signed_add1_attr_by_OBJ(CMS_SignerInfo *si, - const ASN1_OBJECT *obj, int type, - const void *bytes, int len) -{ - if (X509at_add1_attr_by_OBJ(&si->signedAttrs, obj, type, bytes, len)) - return 1; - return 0; -} - -int CMS_signed_add1_attr_by_NID(CMS_SignerInfo *si, - int nid, int type, const void *bytes, int len) -{ - if (X509at_add1_attr_by_NID(&si->signedAttrs, nid, type, bytes, len)) - return 1; - return 0; -} - -int CMS_signed_add1_attr_by_txt(CMS_SignerInfo *si, - const char *attrname, int type, - const void *bytes, int len) -{ - if (X509at_add1_attr_by_txt(&si->signedAttrs, attrname, type, bytes, len)) - return 1; - return 0; -} - -void *CMS_signed_get0_data_by_OBJ(const CMS_SignerInfo *si, - const ASN1_OBJECT *oid, - int lastpos, int type) -{ - return X509at_get0_data_by_OBJ(si->signedAttrs, oid, lastpos, type); -} - -int CMS_unsigned_get_attr_count(const CMS_SignerInfo *si) -{ - return X509at_get_attr_count(si->unsignedAttrs); -} - -int CMS_unsigned_get_attr_by_NID(const CMS_SignerInfo *si, int nid, - int lastpos) -{ - return X509at_get_attr_by_NID(si->unsignedAttrs, nid, lastpos); -} - -int CMS_unsigned_get_attr_by_OBJ(const CMS_SignerInfo *si, - const ASN1_OBJECT *obj, int lastpos) -{ - return X509at_get_attr_by_OBJ(si->unsignedAttrs, obj, lastpos); -} - -X509_ATTRIBUTE *CMS_unsigned_get_attr(const CMS_SignerInfo *si, int loc) -{ - return X509at_get_attr(si->unsignedAttrs, loc); -} - -X509_ATTRIBUTE *CMS_unsigned_delete_attr(CMS_SignerInfo *si, int loc) -{ - return X509at_delete_attr(si->unsignedAttrs, loc); -} - -int CMS_unsigned_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr) -{ - if (X509at_add1_attr(&si->unsignedAttrs, attr)) - return 1; - return 0; -} - -int CMS_unsigned_add1_attr_by_OBJ(CMS_SignerInfo *si, - const ASN1_OBJECT *obj, int type, - const void *bytes, int len) -{ - if (X509at_add1_attr_by_OBJ(&si->unsignedAttrs, obj, type, bytes, len)) - return 1; - return 0; -} - -int CMS_unsigned_add1_attr_by_NID(CMS_SignerInfo *si, - int nid, int type, - const void *bytes, int len) -{ - if (X509at_add1_attr_by_NID(&si->unsignedAttrs, nid, type, bytes, len)) - return 1; - return 0; -} - -int CMS_unsigned_add1_attr_by_txt(CMS_SignerInfo *si, - const char *attrname, int type, - const void *bytes, int len) -{ - if (X509at_add1_attr_by_txt(&si->unsignedAttrs, attrname, - type, bytes, len)) - return 1; - return 0; -} - -void *CMS_unsigned_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid, - int lastpos, int type) -{ - return X509at_get0_data_by_OBJ(si->unsignedAttrs, oid, lastpos, type); -} - -/* - * Retrieve an attribute by nid from a stack of attributes starting at index - * *lastpos + 1. - * Returns the attribute or NULL if there is no attribute. - * If an attribute was found *lastpos returns the index of the found attribute. - */ -static X509_ATTRIBUTE *cms_attrib_get(int nid, - const STACK_OF(X509_ATTRIBUTE) *attrs, - int *lastpos) -{ - X509_ATTRIBUTE *at; - int loc; - - loc = X509at_get_attr_by_NID(attrs, nid, *lastpos); - if (loc < 0) - return NULL; - - at = X509at_get_attr(attrs, loc); - *lastpos = loc; - return at; -} - -static int cms_check_attribute(int nid, int flags, int type, - const STACK_OF(X509_ATTRIBUTE) *attrs, - int have_attrs) -{ - int lastpos = -1; - X509_ATTRIBUTE *at = cms_attrib_get(nid, attrs, &lastpos); - - if (at != NULL) { - int count = X509_ATTRIBUTE_count(at); - - /* Is this attribute allowed? */ - if (((flags & type) == 0) - /* check if multiple attributes of the same type are allowed */ - || (((flags & CMS_ATTR_F_ONLY_ONE) != 0) - && cms_attrib_get(nid, attrs, &lastpos) != NULL) - /* Check if attribute should have exactly one value in its set */ - || (((flags & CMS_ATTR_F_ONE_ATTR_VALUE) != 0) - && count != 1) - /* There should be at least one value */ - || count == 0) - return 0; - } else { - /* fail if a required attribute is missing */ - if (have_attrs - && ((flags & CMS_ATTR_F_REQUIRED_COND) != 0) - && (flags & type) != 0) - return 0; - } - return 1; -} - -/* - * Check that the signerinfo attributes obey the attribute rules which includes - * the following checks - * - If any signed attributes exist then there must be a Content Type - * and Message Digest attribute in the signed attributes. - * - The countersignature attribute is an optional unsigned attribute only. - * - Content Type, Message Digest, and Signing time attributes are signed - * attributes. Only one instance of each is allowed, with each of these - * attributes containing a single attribute value in its set. - */ -int ossl_cms_si_check_attributes(const CMS_SignerInfo *si) -{ - int i; - int have_signed_attrs = (CMS_signed_get_attr_count(si) > 0); - int have_unsigned_attrs = (CMS_unsigned_get_attr_count(si) > 0); - - for (i = 0; i < (int)OSSL_NELEM(cms_attribute_properties); ++i) { - int nid = cms_attribute_properties[i].nid; - int flags = cms_attribute_properties[i].flags; - - if (!cms_check_attribute(nid, flags, CMS_ATTR_F_SIGNED, - si->signedAttrs, have_signed_attrs) - || !cms_check_attribute(nid, flags, CMS_ATTR_F_UNSIGNED, - si->unsignedAttrs, have_unsigned_attrs)) { - ERR_raise(ERR_LIB_CMS, CMS_R_ATTRIBUTE_ERROR); - return 0; - } - } - return 1; -} diff --git a/crypto/cms/cms_cd.c b/crypto/cms/cms_cd.c deleted file mode 100644 index 6de6d55e58d85521ddcc860cd42f1cb1227dd04c..0000000000000000000000000000000000000000 --- a/crypto/cms/cms_cd.c +++ /dev/null @@ -1,83 +0,0 @@ -/* - * Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include "internal/cryptlib.h" -#include -#include -#include -#include -#include -#include -#include -#include "cms_local.h" - -#ifdef ZLIB - -/* CMS CompressedData Utilities */ - -CMS_ContentInfo *ossl_cms_CompressedData_create(int comp_nid, - OSSL_LIB_CTX *libctx, - const char *propq) -{ - CMS_ContentInfo *cms; - CMS_CompressedData *cd; - - /* - * Will need something cleverer if there is ever more than one - * compression algorithm or parameters have some meaning... - */ - if (comp_nid != NID_zlib_compression) { - ERR_raise(ERR_LIB_CMS, CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM); - return NULL; - } - cms = CMS_ContentInfo_new_ex(libctx, propq); - if (cms == NULL) - return NULL; - - cd = M_ASN1_new_of(CMS_CompressedData); - - if (cd == NULL) - goto err; - - cms->contentType = OBJ_nid2obj(NID_id_smime_ct_compressedData); - cms->d.compressedData = cd; - - cd->version = 0; - - X509_ALGOR_set0(cd->compressionAlgorithm, - OBJ_nid2obj(NID_zlib_compression), V_ASN1_UNDEF, NULL); - - cd->encapContentInfo->eContentType = OBJ_nid2obj(NID_pkcs7_data); - - return cms; - - err: - CMS_ContentInfo_free(cms); - return NULL; -} - -BIO *ossl_cms_CompressedData_init_bio(const CMS_ContentInfo *cms) -{ - CMS_CompressedData *cd; - const ASN1_OBJECT *compoid; - - if (OBJ_obj2nid(cms->contentType) != NID_id_smime_ct_compressedData) { - ERR_raise(ERR_LIB_CMS, CMS_R_CONTENT_TYPE_NOT_COMPRESSED_DATA); - return NULL; - } - cd = cms->d.compressedData; - X509_ALGOR_get0(&compoid, NULL, NULL, cd->compressionAlgorithm); - if (OBJ_obj2nid(compoid) != NID_zlib_compression) { - ERR_raise(ERR_LIB_CMS, CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM); - return NULL; - } - return BIO_new(BIO_f_zlib()); -} - -#endif diff --git a/crypto/cms/cms_dd.c b/crypto/cms/cms_dd.c deleted file mode 100644 index 6a7c049ef316ee10dd2d322d16c6a5106f77b694..0000000000000000000000000000000000000000 --- a/crypto/cms/cms_dd.c +++ /dev/null @@ -1,102 +0,0 @@ -/* - * Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include "internal/cryptlib.h" -#include -#include -#include -#include -#include -#include "cms_local.h" - -/* CMS DigestedData Utilities */ - -CMS_ContentInfo *ossl_cms_DigestedData_create(const EVP_MD *md, - OSSL_LIB_CTX *libctx, - const char *propq) -{ - CMS_ContentInfo *cms; - CMS_DigestedData *dd; - - cms = CMS_ContentInfo_new_ex(libctx, propq); - if (cms == NULL) - return NULL; - - dd = M_ASN1_new_of(CMS_DigestedData); - - if (dd == NULL) - goto err; - - cms->contentType = OBJ_nid2obj(NID_pkcs7_digest); - cms->d.digestedData = dd; - - dd->version = 0; - dd->encapContentInfo->eContentType = OBJ_nid2obj(NID_pkcs7_data); - - X509_ALGOR_set_md(dd->digestAlgorithm, md); - - return cms; - - err: - CMS_ContentInfo_free(cms); - return NULL; -} - -BIO *ossl_cms_DigestedData_init_bio(const CMS_ContentInfo *cms) -{ - CMS_DigestedData *dd = cms->d.digestedData; - - return ossl_cms_DigestAlgorithm_init_bio(dd->digestAlgorithm, - ossl_cms_get0_cmsctx(cms)); -} - -int ossl_cms_DigestedData_do_final(const CMS_ContentInfo *cms, BIO *chain, - int verify) -{ - EVP_MD_CTX *mctx = EVP_MD_CTX_new(); - unsigned char md[EVP_MAX_MD_SIZE]; - unsigned int mdlen; - int r = 0; - CMS_DigestedData *dd; - - if (mctx == NULL) { - ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE); - goto err; - } - - dd = cms->d.digestedData; - - if (!ossl_cms_DigestAlgorithm_find_ctx(mctx, chain, dd->digestAlgorithm)) - goto err; - - if (EVP_DigestFinal_ex(mctx, md, &mdlen) <= 0) - goto err; - - if (verify) { - if (mdlen != (unsigned int)dd->digest->length) { - ERR_raise(ERR_LIB_CMS, CMS_R_MESSAGEDIGEST_WRONG_LENGTH); - goto err; - } - - if (memcmp(md, dd->digest->data, mdlen)) - ERR_raise(ERR_LIB_CMS, CMS_R_VERIFICATION_FAILURE); - else - r = 1; - } else { - if (!ASN1_STRING_set(dd->digest, md, mdlen)) - goto err; - r = 1; - } - - err: - EVP_MD_CTX_free(mctx); - - return r; - -} diff --git a/crypto/cms/cms_dh.c b/crypto/cms/cms_dh.c deleted file mode 100644 index 7cc36f835f21dd693be71d0e3eaeed34ab41d689..0000000000000000000000000000000000000000 --- a/crypto/cms/cms_dh.c +++ /dev/null @@ -1,343 +0,0 @@ -/* - * Copyright 2006-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include -#include -#include "internal/sizes.h" -#include "crypto/evp.h" -#include "cms_local.h" - -static int dh_cms_set_peerkey(EVP_PKEY_CTX *pctx, - X509_ALGOR *alg, ASN1_BIT_STRING *pubkey) -{ - const ASN1_OBJECT *aoid; - int atype; - const void *aval; - ASN1_INTEGER *public_key = NULL; - int rv = 0; - EVP_PKEY *pkpeer = NULL, *pk = NULL; - BIGNUM *bnpub = NULL; - const unsigned char *p; - unsigned char *buf = NULL; - int plen; - - X509_ALGOR_get0(&aoid, &atype, &aval, alg); - if (OBJ_obj2nid(aoid) != NID_dhpublicnumber) - goto err; - /* Only absent parameters allowed in RFC XXXX */ - if (atype != V_ASN1_UNDEF && atype == V_ASN1_NULL) - goto err; - - pk = EVP_PKEY_CTX_get0_pkey(pctx); - if (pk == NULL || !EVP_PKEY_is_a(pk, "DHX")) - goto err; - - /* Get public key */ - plen = ASN1_STRING_length(pubkey); - p = ASN1_STRING_get0_data(pubkey); - if (p == NULL || plen == 0) - goto err; - - if ((public_key = d2i_ASN1_INTEGER(NULL, &p, plen)) == NULL) - goto err; - /* - * Pad to full p parameter size as that is checked by - * EVP_PKEY_set1_encoded_public_key() - */ - plen = EVP_PKEY_get_size(pk); - if ((bnpub = ASN1_INTEGER_to_BN(public_key, NULL)) == NULL) - goto err; - if ((buf = OPENSSL_malloc(plen)) == NULL) - goto err; - if (BN_bn2binpad(bnpub, buf, plen) < 0) - goto err; - - pkpeer = EVP_PKEY_new(); - if (pkpeer == NULL - || !EVP_PKEY_copy_parameters(pkpeer, pk) - || !EVP_PKEY_set1_encoded_public_key(pkpeer, buf, plen)) - goto err; - - if (EVP_PKEY_derive_set_peer(pctx, pkpeer) > 0) - rv = 1; - err: - ASN1_INTEGER_free(public_key); - BN_free(bnpub); - OPENSSL_free(buf); - EVP_PKEY_free(pkpeer); - return rv; -} - -static int dh_cms_set_shared_info(EVP_PKEY_CTX *pctx, CMS_RecipientInfo *ri) -{ - int rv = 0; - X509_ALGOR *alg, *kekalg = NULL; - ASN1_OCTET_STRING *ukm; - const unsigned char *p; - unsigned char *dukm = NULL; - size_t dukmlen = 0; - int keylen, plen; - EVP_CIPHER *kekcipher = NULL; - EVP_CIPHER_CTX *kekctx; - char name[OSSL_MAX_NAME_SIZE]; - - if (!CMS_RecipientInfo_kari_get0_alg(ri, &alg, &ukm)) - goto err; - - /* - * For DH we only have one OID permissible. If ever any more get defined - * we will need something cleverer. - */ - if (OBJ_obj2nid(alg->algorithm) != NID_id_smime_alg_ESDH) { - ERR_raise(ERR_LIB_CMS, CMS_R_KDF_PARAMETER_ERROR); - goto err; - } - - if (EVP_PKEY_CTX_set_dh_kdf_type(pctx, EVP_PKEY_DH_KDF_X9_42) <= 0 - || EVP_PKEY_CTX_set_dh_kdf_md(pctx, EVP_sha1()) <= 0) - goto err; - - if (alg->parameter->type != V_ASN1_SEQUENCE) - goto err; - - p = alg->parameter->value.sequence->data; - plen = alg->parameter->value.sequence->length; - kekalg = d2i_X509_ALGOR(NULL, &p, plen); - if (kekalg == NULL) - goto err; - kekctx = CMS_RecipientInfo_kari_get0_ctx(ri); - if (kekctx == NULL) - goto err; - - if (OBJ_obj2txt(name, sizeof(name), kekalg->algorithm, 0) <= 0) - goto err; - - kekcipher = EVP_CIPHER_fetch(pctx->libctx, name, pctx->propquery); - if (kekcipher == NULL - || EVP_CIPHER_get_mode(kekcipher) != EVP_CIPH_WRAP_MODE) - goto err; - if (!EVP_EncryptInit_ex(kekctx, kekcipher, NULL, NULL, NULL)) - goto err; - if (EVP_CIPHER_asn1_to_param(kekctx, kekalg->parameter) <= 0) - goto err; - - keylen = EVP_CIPHER_CTX_get_key_length(kekctx); - if (EVP_PKEY_CTX_set_dh_kdf_outlen(pctx, keylen) <= 0) - goto err; - /* Use OBJ_nid2obj to ensure we use built in OID that isn't freed */ - if (EVP_PKEY_CTX_set0_dh_kdf_oid(pctx, - OBJ_nid2obj(EVP_CIPHER_get_type(kekcipher))) - <= 0) - goto err; - - if (ukm != NULL) { - dukmlen = ASN1_STRING_length(ukm); - dukm = OPENSSL_memdup(ASN1_STRING_get0_data(ukm), dukmlen); - if (dukm == NULL) - goto err; - } - - if (EVP_PKEY_CTX_set0_dh_kdf_ukm(pctx, dukm, dukmlen) <= 0) - goto err; - dukm = NULL; - - rv = 1; - err: - X509_ALGOR_free(kekalg); - EVP_CIPHER_free(kekcipher); - OPENSSL_free(dukm); - return rv; -} - -static int dh_cms_decrypt(CMS_RecipientInfo *ri) -{ - EVP_PKEY_CTX *pctx = CMS_RecipientInfo_get0_pkey_ctx(ri); - - if (pctx == NULL) - return 0; - /* See if we need to set peer key */ - if (!EVP_PKEY_CTX_get0_peerkey(pctx)) { - X509_ALGOR *alg; - ASN1_BIT_STRING *pubkey; - - if (!CMS_RecipientInfo_kari_get0_orig_id(ri, &alg, &pubkey, - NULL, NULL, NULL)) - return 0; - if (alg == NULL || pubkey == NULL) - return 0; - if (!dh_cms_set_peerkey(pctx, alg, pubkey)) { - ERR_raise(ERR_LIB_CMS, CMS_R_PEER_KEY_ERROR); - return 0; - } - } - /* Set DH derivation parameters and initialise unwrap context */ - if (!dh_cms_set_shared_info(pctx, ri)) { - ERR_raise(ERR_LIB_CMS, CMS_R_SHARED_INFO_ERROR); - return 0; - } - return 1; -} - -static int dh_cms_encrypt(CMS_RecipientInfo *ri) -{ - EVP_PKEY_CTX *pctx; - EVP_PKEY *pkey; - EVP_CIPHER_CTX *ctx; - int keylen; - X509_ALGOR *talg, *wrap_alg = NULL; - const ASN1_OBJECT *aoid; - ASN1_BIT_STRING *pubkey; - ASN1_STRING *wrap_str; - ASN1_OCTET_STRING *ukm; - unsigned char *penc = NULL, *dukm = NULL; - int penclen; - size_t dukmlen = 0; - int rv = 0; - int kdf_type, wrap_nid; - const EVP_MD *kdf_md; - - pctx = CMS_RecipientInfo_get0_pkey_ctx(ri); - if (pctx == NULL) - return 0; - /* Get ephemeral key */ - pkey = EVP_PKEY_CTX_get0_pkey(pctx); - if (!CMS_RecipientInfo_kari_get0_orig_id(ri, &talg, &pubkey, - NULL, NULL, NULL)) - goto err; - - /* Is everything uninitialised? */ - X509_ALGOR_get0(&aoid, NULL, NULL, talg); - if (aoid == OBJ_nid2obj(NID_undef)) { - BIGNUM *bn_pub_key = NULL; - ASN1_INTEGER *pubk; - - if (!EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_PUB_KEY, &bn_pub_key)) - goto err; - - pubk = BN_to_ASN1_INTEGER(bn_pub_key, NULL); - BN_free(bn_pub_key); - if (pubk == NULL) - goto err; - - /* Set the key */ - penclen = i2d_ASN1_INTEGER(pubk, &penc); - ASN1_INTEGER_free(pubk); - if (penclen <= 0) - goto err; - ASN1_STRING_set0(pubkey, penc, penclen); - pubkey->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); - pubkey->flags |= ASN1_STRING_FLAG_BITS_LEFT; - - penc = NULL; - X509_ALGOR_set0(talg, OBJ_nid2obj(NID_dhpublicnumber), - V_ASN1_UNDEF, NULL); - } - - /* See if custom parameters set */ - kdf_type = EVP_PKEY_CTX_get_dh_kdf_type(pctx); - if (kdf_type <= 0 || EVP_PKEY_CTX_get_dh_kdf_md(pctx, &kdf_md) <= 0) - goto err; - - if (kdf_type == EVP_PKEY_DH_KDF_NONE) { - kdf_type = EVP_PKEY_DH_KDF_X9_42; - if (EVP_PKEY_CTX_set_dh_kdf_type(pctx, kdf_type) <= 0) - goto err; - } else if (kdf_type != EVP_PKEY_DH_KDF_X9_42) - /* Unknown KDF */ - goto err; - if (kdf_md == NULL) { - /* Only SHA1 supported */ - kdf_md = EVP_sha1(); - if (EVP_PKEY_CTX_set_dh_kdf_md(pctx, kdf_md) <= 0) - goto err; - } else if (EVP_MD_get_type(kdf_md) != NID_sha1) - /* Unsupported digest */ - goto err; - - if (!CMS_RecipientInfo_kari_get0_alg(ri, &talg, &ukm)) - goto err; - - /* Get wrap NID */ - ctx = CMS_RecipientInfo_kari_get0_ctx(ri); - wrap_nid = EVP_CIPHER_CTX_get_type(ctx); - if (EVP_PKEY_CTX_set0_dh_kdf_oid(pctx, OBJ_nid2obj(wrap_nid)) <= 0) - goto err; - keylen = EVP_CIPHER_CTX_get_key_length(ctx); - - /* Package wrap algorithm in an AlgorithmIdentifier */ - - wrap_alg = X509_ALGOR_new(); - if (wrap_alg == NULL) - goto err; - wrap_alg->algorithm = OBJ_nid2obj(wrap_nid); - wrap_alg->parameter = ASN1_TYPE_new(); - if (wrap_alg->parameter == NULL) - goto err; - if (EVP_CIPHER_param_to_asn1(ctx, wrap_alg->parameter) <= 0) - goto err; - if (ASN1_TYPE_get(wrap_alg->parameter) == NID_undef) { - ASN1_TYPE_free(wrap_alg->parameter); - wrap_alg->parameter = NULL; - } - - if (EVP_PKEY_CTX_set_dh_kdf_outlen(pctx, keylen) <= 0) - goto err; - - if (ukm != NULL) { - dukmlen = ASN1_STRING_length(ukm); - dukm = OPENSSL_memdup(ASN1_STRING_get0_data(ukm), dukmlen); - if (dukm == NULL) - goto err; - } - - if (EVP_PKEY_CTX_set0_dh_kdf_ukm(pctx, dukm, dukmlen) <= 0) - goto err; - dukm = NULL; - - /* - * Now need to wrap encoding of wrap AlgorithmIdentifier into parameter - * of another AlgorithmIdentifier. - */ - penc = NULL; - penclen = i2d_X509_ALGOR(wrap_alg, &penc); - if (penc == NULL || penclen == 0) - goto err; - wrap_str = ASN1_STRING_new(); - if (wrap_str == NULL) - goto err; - ASN1_STRING_set0(wrap_str, penc, penclen); - penc = NULL; - X509_ALGOR_set0(talg, OBJ_nid2obj(NID_id_smime_alg_ESDH), - V_ASN1_SEQUENCE, wrap_str); - - rv = 1; - - err: - OPENSSL_free(penc); - X509_ALGOR_free(wrap_alg); - OPENSSL_free(dukm); - return rv; -} - -int ossl_cms_dh_envelope(CMS_RecipientInfo *ri, int decrypt) -{ - assert(decrypt == 0 || decrypt == 1); - - if (decrypt == 1) - return dh_cms_decrypt(ri); - - if (decrypt == 0) - return dh_cms_encrypt(ri); - - ERR_raise(ERR_LIB_CMS, CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE); - return 0; -} diff --git a/crypto/cms/cms_ec.c b/crypto/cms/cms_ec.c deleted file mode 100644 index 8ecf730aa7b0fd8bca61eeecee51e95a6c9185ad..0000000000000000000000000000000000000000 --- a/crypto/cms/cms_ec.c +++ /dev/null @@ -1,413 +0,0 @@ -/* - * Copyright 2006-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include -#include "internal/sizes.h" -#include "crypto/evp.h" -#include "cms_local.h" - -static EVP_PKEY *pkey_type2param(int ptype, const void *pval, - OSSL_LIB_CTX *libctx, const char *propq) -{ - EVP_PKEY *pkey = NULL; - EVP_PKEY_CTX *pctx = NULL; - OSSL_DECODER_CTX *ctx = NULL; - - if (ptype == V_ASN1_SEQUENCE) { - const ASN1_STRING *pstr = pval; - const unsigned char *pm = pstr->data; - size_t pmlen = (size_t)pstr->length; - int selection = OSSL_KEYMGMT_SELECT_ALL_PARAMETERS; - - ctx = OSSL_DECODER_CTX_new_for_pkey(&pkey, "DER", NULL, "EC", - selection, libctx, propq); - if (ctx == NULL) - goto err; - - if (!OSSL_DECODER_from_data(ctx, &pm, &pmlen)) { - ERR_raise(ERR_LIB_CMS, CMS_R_DECODE_ERROR); - goto err; - } - OSSL_DECODER_CTX_free(ctx); - return pkey; - } else if (ptype == V_ASN1_OBJECT) { - const ASN1_OBJECT *poid = pval; - char groupname[OSSL_MAX_NAME_SIZE]; - - /* type == V_ASN1_OBJECT => the parameters are given by an asn1 OID */ - pctx = EVP_PKEY_CTX_new_from_name(libctx, "EC", propq); - if (pctx == NULL || EVP_PKEY_paramgen_init(pctx) <= 0) - goto err; - if (OBJ_obj2txt(groupname, sizeof(groupname), poid, 0) <= 0 - || EVP_PKEY_CTX_set_group_name(pctx, groupname) <= 0) { - ERR_raise(ERR_LIB_CMS, CMS_R_DECODE_ERROR); - goto err; - } - if (EVP_PKEY_paramgen(pctx, &pkey) <= 0) - goto err; - EVP_PKEY_CTX_free(pctx); - return pkey; - } - - ERR_raise(ERR_LIB_CMS, CMS_R_DECODE_ERROR); - return NULL; - - err: - EVP_PKEY_free(pkey); - EVP_PKEY_CTX_free(pctx); - OSSL_DECODER_CTX_free(ctx); - return NULL; -} - -static int ecdh_cms_set_peerkey(EVP_PKEY_CTX *pctx, - X509_ALGOR *alg, ASN1_BIT_STRING *pubkey) -{ - const ASN1_OBJECT *aoid; - int atype; - const void *aval; - int rv = 0; - EVP_PKEY *pkpeer = NULL; - const unsigned char *p; - int plen; - - X509_ALGOR_get0(&aoid, &atype, &aval, alg); - if (OBJ_obj2nid(aoid) != NID_X9_62_id_ecPublicKey) - goto err; - - /* If absent parameters get group from main key */ - if (atype == V_ASN1_UNDEF || atype == V_ASN1_NULL) { - EVP_PKEY *pk; - - pk = EVP_PKEY_CTX_get0_pkey(pctx); - if (pk == NULL) - goto err; - - pkpeer = EVP_PKEY_new(); - if (pkpeer == NULL) - goto err; - if (!EVP_PKEY_copy_parameters(pkpeer, pk)) - goto err; - } else { - pkpeer = pkey_type2param(atype, aval, - EVP_PKEY_CTX_get0_libctx(pctx), - EVP_PKEY_CTX_get0_propq(pctx)); - if (pkpeer == NULL) - goto err; - } - /* We have parameters now set public key */ - plen = ASN1_STRING_length(pubkey); - p = ASN1_STRING_get0_data(pubkey); - if (p == NULL || plen == 0) - goto err; - - if (!EVP_PKEY_set1_encoded_public_key(pkpeer, p, plen)) - goto err; - - if (EVP_PKEY_derive_set_peer(pctx, pkpeer) > 0) - rv = 1; - err: - EVP_PKEY_free(pkpeer); - return rv; -} - -/* Set KDF parameters based on KDF NID */ -static int ecdh_cms_set_kdf_param(EVP_PKEY_CTX *pctx, int eckdf_nid) -{ - int kdf_nid, kdfmd_nid, cofactor; - const EVP_MD *kdf_md; - - if (eckdf_nid == NID_undef) - return 0; - - /* Lookup KDF type, cofactor mode and digest */ - if (!OBJ_find_sigid_algs(eckdf_nid, &kdfmd_nid, &kdf_nid)) - return 0; - - if (kdf_nid == NID_dh_std_kdf) - cofactor = 0; - else if (kdf_nid == NID_dh_cofactor_kdf) - cofactor = 1; - else - return 0; - - if (EVP_PKEY_CTX_set_ecdh_cofactor_mode(pctx, cofactor) <= 0) - return 0; - - if (EVP_PKEY_CTX_set_ecdh_kdf_type(pctx, EVP_PKEY_ECDH_KDF_X9_63) <= 0) - return 0; - - kdf_md = EVP_get_digestbynid(kdfmd_nid); - if (!kdf_md) - return 0; - - if (EVP_PKEY_CTX_set_ecdh_kdf_md(pctx, kdf_md) <= 0) - return 0; - return 1; -} - -static int ecdh_cms_set_shared_info(EVP_PKEY_CTX *pctx, CMS_RecipientInfo *ri) -{ - int rv = 0; - X509_ALGOR *alg, *kekalg = NULL; - ASN1_OCTET_STRING *ukm; - const unsigned char *p; - unsigned char *der = NULL; - int plen, keylen; - EVP_CIPHER *kekcipher = NULL; - EVP_CIPHER_CTX *kekctx; - char name[OSSL_MAX_NAME_SIZE]; - - if (!CMS_RecipientInfo_kari_get0_alg(ri, &alg, &ukm)) - return 0; - - if (!ecdh_cms_set_kdf_param(pctx, OBJ_obj2nid(alg->algorithm))) { - ERR_raise(ERR_LIB_CMS, CMS_R_KDF_PARAMETER_ERROR); - return 0; - } - - if (alg->parameter->type != V_ASN1_SEQUENCE) - return 0; - - p = alg->parameter->value.sequence->data; - plen = alg->parameter->value.sequence->length; - kekalg = d2i_X509_ALGOR(NULL, &p, plen); - if (kekalg == NULL) - goto err; - kekctx = CMS_RecipientInfo_kari_get0_ctx(ri); - if (kekctx == NULL) - goto err; - OBJ_obj2txt(name, sizeof(name), kekalg->algorithm, 0); - kekcipher = EVP_CIPHER_fetch(pctx->libctx, name, pctx->propquery); - if (kekcipher == NULL || EVP_CIPHER_get_mode(kekcipher) != EVP_CIPH_WRAP_MODE) - goto err; - if (!EVP_EncryptInit_ex(kekctx, kekcipher, NULL, NULL, NULL)) - goto err; - if (EVP_CIPHER_asn1_to_param(kekctx, kekalg->parameter) <= 0) - goto err; - - keylen = EVP_CIPHER_CTX_get_key_length(kekctx); - if (EVP_PKEY_CTX_set_ecdh_kdf_outlen(pctx, keylen) <= 0) - goto err; - - plen = CMS_SharedInfo_encode(&der, kekalg, ukm, keylen); - - if (plen <= 0) - goto err; - - if (EVP_PKEY_CTX_set0_ecdh_kdf_ukm(pctx, der, plen) <= 0) - goto err; - der = NULL; - - rv = 1; - err: - EVP_CIPHER_free(kekcipher); - X509_ALGOR_free(kekalg); - OPENSSL_free(der); - return rv; -} - -static int ecdh_cms_decrypt(CMS_RecipientInfo *ri) -{ - EVP_PKEY_CTX *pctx; - - pctx = CMS_RecipientInfo_get0_pkey_ctx(ri); - if (pctx == NULL) - return 0; - /* See if we need to set peer key */ - if (!EVP_PKEY_CTX_get0_peerkey(pctx)) { - X509_ALGOR *alg; - ASN1_BIT_STRING *pubkey; - - if (!CMS_RecipientInfo_kari_get0_orig_id(ri, &alg, &pubkey, - NULL, NULL, NULL)) - return 0; - if (alg == NULL || pubkey == NULL) - return 0; - if (!ecdh_cms_set_peerkey(pctx, alg, pubkey)) { - ERR_raise(ERR_LIB_CMS, CMS_R_PEER_KEY_ERROR); - return 0; - } - } - /* Set ECDH derivation parameters and initialise unwrap context */ - if (!ecdh_cms_set_shared_info(pctx, ri)) { - ERR_raise(ERR_LIB_CMS, CMS_R_SHARED_INFO_ERROR); - return 0; - } - return 1; -} - -static int ecdh_cms_encrypt(CMS_RecipientInfo *ri) -{ - EVP_PKEY_CTX *pctx; - EVP_PKEY *pkey; - EVP_CIPHER_CTX *ctx; - int keylen; - X509_ALGOR *talg, *wrap_alg = NULL; - const ASN1_OBJECT *aoid; - ASN1_BIT_STRING *pubkey; - ASN1_STRING *wrap_str; - ASN1_OCTET_STRING *ukm; - unsigned char *penc = NULL; - size_t penclen; - int rv = 0; - int ecdh_nid, kdf_type, kdf_nid, wrap_nid; - const EVP_MD *kdf_md; - - pctx = CMS_RecipientInfo_get0_pkey_ctx(ri); - if (pctx == NULL) - return 0; - /* Get ephemeral key */ - pkey = EVP_PKEY_CTX_get0_pkey(pctx); - if (!CMS_RecipientInfo_kari_get0_orig_id(ri, &talg, &pubkey, - NULL, NULL, NULL)) - goto err; - X509_ALGOR_get0(&aoid, NULL, NULL, talg); - /* Is everything uninitialised? */ - if (aoid == OBJ_nid2obj(NID_undef)) { - /* Set the key */ - - penclen = EVP_PKEY_get1_encoded_public_key(pkey, &penc); - ASN1_STRING_set0(pubkey, penc, penclen); - pubkey->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); - pubkey->flags |= ASN1_STRING_FLAG_BITS_LEFT; - - penc = NULL; - X509_ALGOR_set0(talg, OBJ_nid2obj(NID_X9_62_id_ecPublicKey), - V_ASN1_UNDEF, NULL); - } - - /* See if custom parameters set */ - kdf_type = EVP_PKEY_CTX_get_ecdh_kdf_type(pctx); - if (kdf_type <= 0) - goto err; - if (EVP_PKEY_CTX_get_ecdh_kdf_md(pctx, &kdf_md) <= 0) - goto err; - ecdh_nid = EVP_PKEY_CTX_get_ecdh_cofactor_mode(pctx); - if (ecdh_nid < 0) - goto err; - else if (ecdh_nid == 0) - ecdh_nid = NID_dh_std_kdf; - else if (ecdh_nid == 1) - ecdh_nid = NID_dh_cofactor_kdf; - - if (kdf_type == EVP_PKEY_ECDH_KDF_NONE) { - kdf_type = EVP_PKEY_ECDH_KDF_X9_63; - if (EVP_PKEY_CTX_set_ecdh_kdf_type(pctx, kdf_type) <= 0) - goto err; - } else - /* Unknown KDF */ - goto err; - if (kdf_md == NULL) { - /* Fixme later for better MD */ - kdf_md = EVP_sha1(); - if (EVP_PKEY_CTX_set_ecdh_kdf_md(pctx, kdf_md) <= 0) - goto err; - } - - if (!CMS_RecipientInfo_kari_get0_alg(ri, &talg, &ukm)) - goto err; - - /* Lookup NID for KDF+cofactor+digest */ - - if (!OBJ_find_sigid_by_algs(&kdf_nid, EVP_MD_get_type(kdf_md), ecdh_nid)) - goto err; - /* Get wrap NID */ - ctx = CMS_RecipientInfo_kari_get0_ctx(ri); - wrap_nid = EVP_CIPHER_CTX_get_type(ctx); - keylen = EVP_CIPHER_CTX_get_key_length(ctx); - - /* Package wrap algorithm in an AlgorithmIdentifier */ - - wrap_alg = X509_ALGOR_new(); - if (wrap_alg == NULL) - goto err; - wrap_alg->algorithm = OBJ_nid2obj(wrap_nid); - wrap_alg->parameter = ASN1_TYPE_new(); - if (wrap_alg->parameter == NULL) - goto err; - if (EVP_CIPHER_param_to_asn1(ctx, wrap_alg->parameter) <= 0) - goto err; - if (ASN1_TYPE_get(wrap_alg->parameter) == NID_undef) { - ASN1_TYPE_free(wrap_alg->parameter); - wrap_alg->parameter = NULL; - } - - if (EVP_PKEY_CTX_set_ecdh_kdf_outlen(pctx, keylen) <= 0) - goto err; - - penclen = CMS_SharedInfo_encode(&penc, wrap_alg, ukm, keylen); - - if (penclen == 0) - goto err; - - if (EVP_PKEY_CTX_set0_ecdh_kdf_ukm(pctx, penc, penclen) <= 0) - goto err; - penc = NULL; - - /* - * Now need to wrap encoding of wrap AlgorithmIdentifier into parameter - * of another AlgorithmIdentifier. - */ - penclen = i2d_X509_ALGOR(wrap_alg, &penc); - if (penc == NULL || penclen == 0) - goto err; - wrap_str = ASN1_STRING_new(); - if (wrap_str == NULL) - goto err; - ASN1_STRING_set0(wrap_str, penc, penclen); - penc = NULL; - X509_ALGOR_set0(talg, OBJ_nid2obj(kdf_nid), V_ASN1_SEQUENCE, wrap_str); - - rv = 1; - - err: - OPENSSL_free(penc); - X509_ALGOR_free(wrap_alg); - return rv; -} - -int ossl_cms_ecdh_envelope(CMS_RecipientInfo *ri, int decrypt) -{ - assert(decrypt == 0 || decrypt == 1); - - if (decrypt == 1) - return ecdh_cms_decrypt(ri); - - if (decrypt == 0) - return ecdh_cms_encrypt(ri); - - ERR_raise(ERR_LIB_CMS, CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE); - return 0; -} - -/* ECDSA and DSA implementation is the same */ -int ossl_cms_ecdsa_dsa_sign(CMS_SignerInfo *si, int verify) -{ - assert(verify == 0 || verify == 1); - - if (verify == 0) { - int snid, hnid; - X509_ALGOR *alg1, *alg2; - EVP_PKEY *pkey = si->pkey; - - CMS_SignerInfo_get0_algs(si, NULL, NULL, &alg1, &alg2); - if (alg1 == NULL || alg1->algorithm == NULL) - return -1; - hnid = OBJ_obj2nid(alg1->algorithm); - if (hnid == NID_undef) - return -1; - if (!OBJ_find_sigid_by_algs(&snid, hnid, EVP_PKEY_get_id(pkey))) - return -1; - X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF, 0); - } - return 1; -} diff --git a/crypto/cms/cms_enc.c b/crypto/cms/cms_enc.c deleted file mode 100644 index a3909ba70ccf92a279dd1092fe181092573ea0c2..0000000000000000000000000000000000000000 --- a/crypto/cms/cms_enc.c +++ /dev/null @@ -1,254 +0,0 @@ -/* - * Copyright 2008-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include "internal/cryptlib.h" -#include -#include -#include -#include -#include -#include -#include "crypto/evp.h" -#include "cms_local.h" - -/* CMS EncryptedData Utilities */ - -/* Return BIO based on EncryptedContentInfo and key */ - -BIO *ossl_cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec, - const CMS_CTX *cms_ctx) -{ - BIO *b; - EVP_CIPHER_CTX *ctx; - EVP_CIPHER *fetched_ciph = NULL; - const EVP_CIPHER *cipher = NULL; - X509_ALGOR *calg = ec->contentEncryptionAlgorithm; - evp_cipher_aead_asn1_params aparams; - unsigned char iv[EVP_MAX_IV_LENGTH], *piv = NULL; - unsigned char *tkey = NULL; - int len; - int ivlen = 0; - size_t tkeylen = 0; - int ok = 0; - int enc, keep_key = 0; - OSSL_LIB_CTX *libctx = ossl_cms_ctx_get0_libctx(cms_ctx); - const char *propq = ossl_cms_ctx_get0_propq(cms_ctx); - - enc = ec->cipher ? 1 : 0; - - b = BIO_new(BIO_f_cipher()); - if (b == NULL) { - ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE); - return NULL; - } - - BIO_get_cipher_ctx(b, &ctx); - - (void)ERR_set_mark(); - if (enc) { - cipher = ec->cipher; - /* - * If not keeping key set cipher to NULL so subsequent calls decrypt. - */ - if (ec->key != NULL) - ec->cipher = NULL; - } else { - cipher = EVP_get_cipherbyobj(calg->algorithm); - } - if (cipher != NULL) { - fetched_ciph = EVP_CIPHER_fetch(libctx, EVP_CIPHER_get0_name(cipher), - propq); - if (fetched_ciph != NULL) - cipher = fetched_ciph; - } - if (cipher == NULL) { - (void)ERR_clear_last_mark(); - ERR_raise(ERR_LIB_CMS, CMS_R_UNKNOWN_CIPHER); - goto err; - } - (void)ERR_pop_to_mark(); - - if (EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc) <= 0) { - ERR_raise(ERR_LIB_CMS, CMS_R_CIPHER_INITIALISATION_ERROR); - goto err; - } - - if (enc) { - calg->algorithm = OBJ_nid2obj(EVP_CIPHER_CTX_get_type(ctx)); - /* Generate a random IV if we need one */ - ivlen = EVP_CIPHER_CTX_get_iv_length(ctx); - if (ivlen < 0) { - ERR_raise(ERR_LIB_CMS, ERR_R_EVP_LIB); - goto err; - } - - if (ivlen > 0) { - if (RAND_bytes_ex(libctx, iv, ivlen, 0) <= 0) - goto err; - piv = iv; - } - } else { - if (evp_cipher_asn1_to_param_ex(ctx, calg->parameter, &aparams) <= 0) { - ERR_raise(ERR_LIB_CMS, CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR); - goto err; - } - if ((EVP_CIPHER_get_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER)) { - piv = aparams.iv; - if (ec->taglen > 0 - && EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, - ec->taglen, ec->tag) <= 0) { - ERR_raise(ERR_LIB_CMS, CMS_R_CIPHER_AEAD_SET_TAG_ERROR); - goto err; - } - } - } - len = EVP_CIPHER_CTX_get_key_length(ctx); - if (len <= 0) - goto err; - tkeylen = (size_t)len; - - /* Generate random session key */ - if (!enc || !ec->key) { - tkey = OPENSSL_malloc(tkeylen); - if (tkey == NULL) { - ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE); - goto err; - } - if (EVP_CIPHER_CTX_rand_key(ctx, tkey) <= 0) - goto err; - } - - if (!ec->key) { - ec->key = tkey; - ec->keylen = tkeylen; - tkey = NULL; - if (enc) - keep_key = 1; - else - ERR_clear_error(); - - } - - if (ec->keylen != tkeylen) { - /* If necessary set key length */ - if (EVP_CIPHER_CTX_set_key_length(ctx, ec->keylen) <= 0) { - /* - * Only reveal failure if debugging so we don't leak information - * which may be useful in MMA. - */ - if (enc || ec->debug) { - ERR_raise(ERR_LIB_CMS, CMS_R_INVALID_KEY_LENGTH); - goto err; - } else { - /* Use random key */ - OPENSSL_clear_free(ec->key, ec->keylen); - ec->key = tkey; - ec->keylen = tkeylen; - tkey = NULL; - ERR_clear_error(); - } - } - } - - if (EVP_CipherInit_ex(ctx, NULL, NULL, ec->key, piv, enc) <= 0) { - ERR_raise(ERR_LIB_CMS, CMS_R_CIPHER_INITIALISATION_ERROR); - goto err; - } - if (enc) { - calg->parameter = ASN1_TYPE_new(); - if (calg->parameter == NULL) { - ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE); - goto err; - } - if ((EVP_CIPHER_get_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER)) { - memcpy(aparams.iv, piv, ivlen); - aparams.iv_len = ivlen; - aparams.tag_len = EVP_CIPHER_CTX_get_tag_length(ctx); - if (aparams.tag_len <= 0) - goto err; - } - - if (evp_cipher_param_to_asn1_ex(ctx, calg->parameter, &aparams) <= 0) { - ERR_raise(ERR_LIB_CMS, CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR); - goto err; - } - /* If parameter type not set omit parameter */ - if (calg->parameter->type == V_ASN1_UNDEF) { - ASN1_TYPE_free(calg->parameter); - calg->parameter = NULL; - } - } - ok = 1; - - err: - EVP_CIPHER_free(fetched_ciph); - if (!keep_key || !ok) { - OPENSSL_clear_free(ec->key, ec->keylen); - ec->key = NULL; - } - OPENSSL_clear_free(tkey, tkeylen); - if (ok) - return b; - BIO_free(b); - return NULL; -} - -int ossl_cms_EncryptedContent_init(CMS_EncryptedContentInfo *ec, - const EVP_CIPHER *cipher, - const unsigned char *key, size_t keylen, - const CMS_CTX *cms_ctx) -{ - ec->cipher = cipher; - if (key) { - if ((ec->key = OPENSSL_malloc(keylen)) == NULL) { - ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE); - return 0; - } - memcpy(ec->key, key, keylen); - } - ec->keylen = keylen; - if (cipher != NULL) - ec->contentType = OBJ_nid2obj(NID_pkcs7_data); - return 1; -} - -int CMS_EncryptedData_set1_key(CMS_ContentInfo *cms, const EVP_CIPHER *ciph, - const unsigned char *key, size_t keylen) -{ - CMS_EncryptedContentInfo *ec; - - if (!key || !keylen) { - ERR_raise(ERR_LIB_CMS, CMS_R_NO_KEY); - return 0; - } - if (ciph) { - cms->d.encryptedData = M_ASN1_new_of(CMS_EncryptedData); - if (!cms->d.encryptedData) { - ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE); - return 0; - } - cms->contentType = OBJ_nid2obj(NID_pkcs7_encrypted); - cms->d.encryptedData->version = 0; - } else if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_encrypted) { - ERR_raise(ERR_LIB_CMS, CMS_R_NOT_ENCRYPTED_DATA); - return 0; - } - ec = cms->d.encryptedData->encryptedContentInfo; - return ossl_cms_EncryptedContent_init(ec, ciph, key, keylen, - ossl_cms_get0_cmsctx(cms)); -} - -BIO *ossl_cms_EncryptedData_init_bio(const CMS_ContentInfo *cms) -{ - CMS_EncryptedData *enc = cms->d.encryptedData; - if (enc->encryptedContentInfo->cipher && enc->unprotectedAttrs) - enc->version = 2; - return ossl_cms_EncryptedContent_init_bio(enc->encryptedContentInfo, - ossl_cms_get0_cmsctx(cms)); -} diff --git a/crypto/cms/cms_env.c b/crypto/cms/cms_env.c deleted file mode 100644 index 51a1d7df848c73360b811a30f34fcd3b68cd498f..0000000000000000000000000000000000000000 --- a/crypto/cms/cms_env.c +++ /dev/null @@ -1,1336 +0,0 @@ -/* - * Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include "internal/cryptlib.h" -#include -#include -#include -#include -#include -#include -#include "internal/sizes.h" -#include "crypto/asn1.h" -#include "crypto/evp.h" -#include "crypto/x509.h" -#include "cms_local.h" - -/* CMS EnvelopedData Utilities */ -static void cms_env_set_version(CMS_EnvelopedData *env); - -#define CMS_ENVELOPED_STANDARD 1 -#define CMS_ENVELOPED_AUTH 2 - -static int cms_get_enveloped_type(const CMS_ContentInfo *cms) -{ - int nid = OBJ_obj2nid(cms->contentType); - - switch (nid) { - case NID_pkcs7_enveloped: - return CMS_ENVELOPED_STANDARD; - - case NID_id_smime_ct_authEnvelopedData: - return CMS_ENVELOPED_AUTH; - - default: - ERR_raise(ERR_LIB_CMS, CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA); - return 0; - } -} - -CMS_EnvelopedData *ossl_cms_get0_enveloped(CMS_ContentInfo *cms) -{ - if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_enveloped) { - ERR_raise(ERR_LIB_CMS, CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA); - return NULL; - } - return cms->d.envelopedData; -} - -CMS_AuthEnvelopedData *ossl_cms_get0_auth_enveloped(CMS_ContentInfo *cms) -{ - if (OBJ_obj2nid(cms->contentType) != NID_id_smime_ct_authEnvelopedData) { - ERR_raise(ERR_LIB_CMS, CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA); - return NULL; - } - return cms->d.authEnvelopedData; -} - -static CMS_EnvelopedData *cms_enveloped_data_init(CMS_ContentInfo *cms) -{ - if (cms->d.other == NULL) { - cms->d.envelopedData = M_ASN1_new_of(CMS_EnvelopedData); - if (cms->d.envelopedData == NULL) { - ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE); - return NULL; - } - cms->d.envelopedData->version = 0; - cms->d.envelopedData->encryptedContentInfo->contentType = - OBJ_nid2obj(NID_pkcs7_data); - ASN1_OBJECT_free(cms->contentType); - cms->contentType = OBJ_nid2obj(NID_pkcs7_enveloped); - return cms->d.envelopedData; - } - return ossl_cms_get0_enveloped(cms); -} - -static CMS_AuthEnvelopedData * -cms_auth_enveloped_data_init(CMS_ContentInfo *cms) -{ - if (cms->d.other == NULL) { - cms->d.authEnvelopedData = M_ASN1_new_of(CMS_AuthEnvelopedData); - if (cms->d.authEnvelopedData == NULL) { - ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE); - return NULL; - } - /* Defined in RFC 5083 - Section 2.1. "AuthEnvelopedData Type" */ - cms->d.authEnvelopedData->version = 0; - cms->d.authEnvelopedData->authEncryptedContentInfo->contentType = - OBJ_nid2obj(NID_pkcs7_data); - ASN1_OBJECT_free(cms->contentType); - cms->contentType = OBJ_nid2obj(NID_id_smime_ct_authEnvelopedData); - return cms->d.authEnvelopedData; - } - return ossl_cms_get0_auth_enveloped(cms); -} - -int ossl_cms_env_asn1_ctrl(CMS_RecipientInfo *ri, int cmd) -{ - EVP_PKEY *pkey; - int i; - if (ri->type == CMS_RECIPINFO_TRANS) - pkey = ri->d.ktri->pkey; - else if (ri->type == CMS_RECIPINFO_AGREE) { - EVP_PKEY_CTX *pctx = ri->d.kari->pctx; - - if (pctx == NULL) - return 0; - pkey = EVP_PKEY_CTX_get0_pkey(pctx); - if (pkey == NULL) - return 0; - } else - return 0; - - if (EVP_PKEY_is_a(pkey, "DHX") || EVP_PKEY_is_a(pkey, "DH")) - return ossl_cms_dh_envelope(ri, cmd); - else if (EVP_PKEY_is_a(pkey, "EC")) - return ossl_cms_ecdh_envelope(ri, cmd); - else if (EVP_PKEY_is_a(pkey, "RSA")) - return ossl_cms_rsa_envelope(ri, cmd); - - /* Something else? We'll give engines etc a chance to handle this */ - if (pkey->ameth == NULL || pkey->ameth->pkey_ctrl == NULL) - return 1; - i = pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_CMS_ENVELOPE, cmd, ri); - if (i == -2) { - ERR_raise(ERR_LIB_CMS, CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE); - return 0; - } - if (i <= 0) { - ERR_raise(ERR_LIB_CMS, CMS_R_CTRL_FAILURE); - return 0; - } - return 1; -} - -CMS_EncryptedContentInfo* ossl_cms_get0_env_enc_content(const CMS_ContentInfo *cms) -{ - switch (cms_get_enveloped_type(cms)) { - case CMS_ENVELOPED_STANDARD: - return cms->d.envelopedData->encryptedContentInfo; - - case CMS_ENVELOPED_AUTH: - return cms->d.authEnvelopedData->authEncryptedContentInfo; - - default: - return NULL; - } -} - -STACK_OF(CMS_RecipientInfo) *CMS_get0_RecipientInfos(CMS_ContentInfo *cms) -{ - switch (cms_get_enveloped_type(cms)) { - case CMS_ENVELOPED_STANDARD: - return cms->d.envelopedData->recipientInfos; - - case CMS_ENVELOPED_AUTH: - return cms->d.authEnvelopedData->recipientInfos; - - default: - return NULL; - } -} - -void ossl_cms_RecipientInfos_set_cmsctx(CMS_ContentInfo *cms) -{ - int i; - CMS_RecipientInfo *ri; - const CMS_CTX *ctx = ossl_cms_get0_cmsctx(cms); - STACK_OF(CMS_RecipientInfo) *rinfos = CMS_get0_RecipientInfos(cms); - - for (i = 0; i < sk_CMS_RecipientInfo_num(rinfos); i++) { - ri = sk_CMS_RecipientInfo_value(rinfos, i); - if (ri != NULL) { - switch (ri->type) { - case CMS_RECIPINFO_AGREE: - ri->d.kari->cms_ctx = ctx; - break; - case CMS_RECIPINFO_TRANS: - ri->d.ktri->cms_ctx = ctx; - ossl_x509_set0_libctx(ri->d.ktri->recip, - ossl_cms_ctx_get0_libctx(ctx), - ossl_cms_ctx_get0_propq(ctx)); - break; - case CMS_RECIPINFO_KEK: - ri->d.kekri->cms_ctx = ctx; - break; - case CMS_RECIPINFO_PASS: - ri->d.pwri->cms_ctx = ctx; - break; - default: - break; - } - } - } -} - -int CMS_RecipientInfo_type(CMS_RecipientInfo *ri) -{ - return ri->type; -} - -EVP_PKEY_CTX *CMS_RecipientInfo_get0_pkey_ctx(CMS_RecipientInfo *ri) -{ - if (ri->type == CMS_RECIPINFO_TRANS) - return ri->d.ktri->pctx; - else if (ri->type == CMS_RECIPINFO_AGREE) - return ri->d.kari->pctx; - return NULL; -} - -CMS_ContentInfo *CMS_EnvelopedData_create_ex(const EVP_CIPHER *cipher, - OSSL_LIB_CTX *libctx, - const char *propq) -{ - CMS_ContentInfo *cms; - CMS_EnvelopedData *env; - - cms = CMS_ContentInfo_new_ex(libctx, propq); - if (cms == NULL) - goto merr; - env = cms_enveloped_data_init(cms); - if (env == NULL) - goto merr; - - if (!ossl_cms_EncryptedContent_init(env->encryptedContentInfo, cipher, NULL, - 0, ossl_cms_get0_cmsctx(cms))) - goto merr; - return cms; - merr: - CMS_ContentInfo_free(cms); - ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE); - return NULL; -} - -CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher) -{ - return CMS_EnvelopedData_create_ex(cipher, NULL, NULL); -} - -CMS_ContentInfo * -CMS_AuthEnvelopedData_create_ex(const EVP_CIPHER *cipher, OSSL_LIB_CTX *libctx, - const char *propq) -{ - CMS_ContentInfo *cms; - CMS_AuthEnvelopedData *aenv; - - cms = CMS_ContentInfo_new_ex(libctx, propq); - if (cms == NULL) - goto merr; - aenv = cms_auth_enveloped_data_init(cms); - if (aenv == NULL) - goto merr; - if (!ossl_cms_EncryptedContent_init(aenv->authEncryptedContentInfo, - cipher, NULL, 0, - ossl_cms_get0_cmsctx(cms))) - goto merr; - return cms; - merr: - CMS_ContentInfo_free(cms); - ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE); - return NULL; -} - - -CMS_ContentInfo *CMS_AuthEnvelopedData_create(const EVP_CIPHER *cipher) -{ - return CMS_AuthEnvelopedData_create_ex(cipher, NULL, NULL); -} - -/* Key Transport Recipient Info (KTRI) routines */ - -/* Initialise a ktri based on passed certificate and key */ - -static int cms_RecipientInfo_ktri_init(CMS_RecipientInfo *ri, X509 *recip, - EVP_PKEY *pk, unsigned int flags, - const CMS_CTX *ctx) -{ - CMS_KeyTransRecipientInfo *ktri; - int idtype; - - ri->d.ktri = M_ASN1_new_of(CMS_KeyTransRecipientInfo); - if (!ri->d.ktri) - return 0; - ri->type = CMS_RECIPINFO_TRANS; - - ktri = ri->d.ktri; - ktri->cms_ctx = ctx; - - if (flags & CMS_USE_KEYID) { - ktri->version = 2; - idtype = CMS_RECIPINFO_KEYIDENTIFIER; - } else { - ktri->version = 0; - idtype = CMS_RECIPINFO_ISSUER_SERIAL; - } - - /* - * Not a typo: RecipientIdentifier and SignerIdentifier are the same - * structure. - */ - - if (!ossl_cms_set1_SignerIdentifier(ktri->rid, recip, idtype, ctx)) - return 0; - - X509_up_ref(recip); - EVP_PKEY_up_ref(pk); - - ktri->pkey = pk; - ktri->recip = recip; - - if (flags & CMS_KEY_PARAM) { - ktri->pctx = EVP_PKEY_CTX_new_from_pkey(ossl_cms_ctx_get0_libctx(ctx), - ktri->pkey, - ossl_cms_ctx_get0_propq(ctx)); - if (ktri->pctx == NULL) - return 0; - if (EVP_PKEY_encrypt_init(ktri->pctx) <= 0) - return 0; - } else if (!ossl_cms_env_asn1_ctrl(ri, 0)) - return 0; - return 1; -} - -/* - * Add a recipient certificate using appropriate type of RecipientInfo - */ - -CMS_RecipientInfo *CMS_add1_recipient(CMS_ContentInfo *cms, X509 *recip, - EVP_PKEY *originatorPrivKey, - X509 *originator, unsigned int flags) -{ - CMS_RecipientInfo *ri = NULL; - STACK_OF(CMS_RecipientInfo) *ris; - EVP_PKEY *pk = NULL; - const CMS_CTX *ctx = ossl_cms_get0_cmsctx(cms); - - ris = CMS_get0_RecipientInfos(cms); - if (ris == NULL) - goto err; - - /* Initialize recipient info */ - ri = M_ASN1_new_of(CMS_RecipientInfo); - if (ri == NULL) - goto merr; - - pk = X509_get0_pubkey(recip); - if (pk == NULL) { - ERR_raise(ERR_LIB_CMS, CMS_R_ERROR_GETTING_PUBLIC_KEY); - goto err; - } - - switch (ossl_cms_pkey_get_ri_type(pk)) { - - case CMS_RECIPINFO_TRANS: - if (!cms_RecipientInfo_ktri_init(ri, recip, pk, flags, ctx)) - goto err; - break; - - case CMS_RECIPINFO_AGREE: - if (!ossl_cms_RecipientInfo_kari_init(ri, recip, pk, originator, - originatorPrivKey, flags, ctx)) - goto err; - break; - - default: - ERR_raise(ERR_LIB_CMS, CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE); - goto err; - - } - - if (!sk_CMS_RecipientInfo_push(ris, ri)) - goto merr; - - return ri; - - merr: - ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE); - err: - M_ASN1_free_of(ri, CMS_RecipientInfo); - return NULL; - -} - -CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms, X509 *recip, - unsigned int flags) -{ - return CMS_add1_recipient(cms, recip, NULL, NULL, flags); -} - -int CMS_RecipientInfo_ktri_get0_algs(CMS_RecipientInfo *ri, - EVP_PKEY **pk, X509 **recip, - X509_ALGOR **palg) -{ - CMS_KeyTransRecipientInfo *ktri; - if (ri->type != CMS_RECIPINFO_TRANS) { - ERR_raise(ERR_LIB_CMS, CMS_R_NOT_KEY_TRANSPORT); - return 0; - } - - ktri = ri->d.ktri; - - if (pk) - *pk = ktri->pkey; - if (recip) - *recip = ktri->recip; - if (palg) - *palg = ktri->keyEncryptionAlgorithm; - return 1; -} - -int CMS_RecipientInfo_ktri_get0_signer_id(CMS_RecipientInfo *ri, - ASN1_OCTET_STRING **keyid, - X509_NAME **issuer, - ASN1_INTEGER **sno) -{ - CMS_KeyTransRecipientInfo *ktri; - if (ri->type != CMS_RECIPINFO_TRANS) { - ERR_raise(ERR_LIB_CMS, CMS_R_NOT_KEY_TRANSPORT); - return 0; - } - ktri = ri->d.ktri; - - return ossl_cms_SignerIdentifier_get0_signer_id(ktri->rid, keyid, issuer, - sno); -} - -int CMS_RecipientInfo_ktri_cert_cmp(CMS_RecipientInfo *ri, X509 *cert) -{ - if (ri->type != CMS_RECIPINFO_TRANS) { - ERR_raise(ERR_LIB_CMS, CMS_R_NOT_KEY_TRANSPORT); - return -2; - } - return ossl_cms_SignerIdentifier_cert_cmp(ri->d.ktri->rid, cert); -} - -int CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey) -{ - if (ri->type != CMS_RECIPINFO_TRANS) { - ERR_raise(ERR_LIB_CMS, CMS_R_NOT_KEY_TRANSPORT); - return 0; - } - EVP_PKEY_free(ri->d.ktri->pkey); - ri->d.ktri->pkey = pkey; - return 1; -} - -/* Encrypt content key in key transport recipient info */ - -static int cms_RecipientInfo_ktri_encrypt(const CMS_ContentInfo *cms, - CMS_RecipientInfo *ri) -{ - CMS_KeyTransRecipientInfo *ktri; - CMS_EncryptedContentInfo *ec; - EVP_PKEY_CTX *pctx; - unsigned char *ek = NULL; - size_t eklen; - const CMS_CTX *ctx = ossl_cms_get0_cmsctx(cms); - - int ret = 0; - - if (ri->type != CMS_RECIPINFO_TRANS) { - ERR_raise(ERR_LIB_CMS, CMS_R_NOT_KEY_TRANSPORT); - return 0; - } - ktri = ri->d.ktri; - ec = ossl_cms_get0_env_enc_content(cms); - - pctx = ktri->pctx; - - if (pctx) { - if (!ossl_cms_env_asn1_ctrl(ri, 0)) - goto err; - } else { - pctx = EVP_PKEY_CTX_new_from_pkey(ossl_cms_ctx_get0_libctx(ctx), - ktri->pkey, - ossl_cms_ctx_get0_propq(ctx)); - if (pctx == NULL) - return 0; - - if (EVP_PKEY_encrypt_init(pctx) <= 0) - goto err; - } - - if (EVP_PKEY_encrypt(pctx, NULL, &eklen, ec->key, ec->keylen) <= 0) - goto err; - - ek = OPENSSL_malloc(eklen); - - if (ek == NULL) { - ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE); - goto err; - } - - if (EVP_PKEY_encrypt(pctx, ek, &eklen, ec->key, ec->keylen) <= 0) - goto err; - - ASN1_STRING_set0(ktri->encryptedKey, ek, eklen); - ek = NULL; - - ret = 1; - - err: - EVP_PKEY_CTX_free(pctx); - ktri->pctx = NULL; - OPENSSL_free(ek); - return ret; -} - -/* Decrypt content key from KTRI */ - -static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms, - CMS_RecipientInfo *ri) -{ - CMS_KeyTransRecipientInfo *ktri = ri->d.ktri; - EVP_PKEY *pkey = ktri->pkey; - unsigned char *ek = NULL; - size_t eklen; - int ret = 0; - size_t fixlen = 0; - const EVP_CIPHER *cipher = NULL; - EVP_CIPHER *fetched_cipher = NULL; - CMS_EncryptedContentInfo *ec; - const CMS_CTX *ctx = ossl_cms_get0_cmsctx(cms); - OSSL_LIB_CTX *libctx = ossl_cms_ctx_get0_libctx(ctx); - const char *propq = ossl_cms_ctx_get0_propq(ctx); - - ec = ossl_cms_get0_env_enc_content(cms); - - if (ktri->pkey == NULL) { - ERR_raise(ERR_LIB_CMS, CMS_R_NO_PRIVATE_KEY); - return 0; - } - - if (cms->d.envelopedData->encryptedContentInfo->havenocert - && !cms->d.envelopedData->encryptedContentInfo->debug) { - X509_ALGOR *calg = ec->contentEncryptionAlgorithm; - char name[OSSL_MAX_NAME_SIZE]; - - OBJ_obj2txt(name, sizeof(name), calg->algorithm, 0); - - (void)ERR_set_mark(); - fetched_cipher = EVP_CIPHER_fetch(libctx, name, propq); - - if (fetched_cipher != NULL) - cipher = fetched_cipher; - else - cipher = EVP_get_cipherbyobj(calg->algorithm); - if (cipher == NULL) { - (void)ERR_clear_last_mark(); - ERR_raise(ERR_LIB_CMS, CMS_R_UNKNOWN_CIPHER); - return 0; - } - (void)ERR_pop_to_mark(); - - fixlen = EVP_CIPHER_get_key_length(cipher); - EVP_CIPHER_free(fetched_cipher); - } - - ktri->pctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, propq); - if (ktri->pctx == NULL) - goto err; - - if (EVP_PKEY_decrypt_init(ktri->pctx) <= 0) - goto err; - - if (!ossl_cms_env_asn1_ctrl(ri, 1)) - goto err; - - if (EVP_PKEY_decrypt(ktri->pctx, NULL, &eklen, - ktri->encryptedKey->data, - ktri->encryptedKey->length) <= 0) - goto err; - - ek = OPENSSL_malloc(eklen); - if (ek == NULL) { - ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE); - goto err; - } - - if (EVP_PKEY_decrypt(ktri->pctx, ek, &eklen, - ktri->encryptedKey->data, - ktri->encryptedKey->length) <= 0 - || eklen == 0 - || (fixlen != 0 && eklen != fixlen)) { - ERR_raise(ERR_LIB_CMS, CMS_R_CMS_LIB); - goto err; - } - - ret = 1; - - OPENSSL_clear_free(ec->key, ec->keylen); - ec->key = ek; - ec->keylen = eklen; - - err: - EVP_PKEY_CTX_free(ktri->pctx); - ktri->pctx = NULL; - if (!ret) - OPENSSL_free(ek); - - return ret; -} - -/* Key Encrypted Key (KEK) RecipientInfo routines */ - -int CMS_RecipientInfo_kekri_id_cmp(CMS_RecipientInfo *ri, - const unsigned char *id, size_t idlen) -{ - ASN1_OCTET_STRING tmp_os; - CMS_KEKRecipientInfo *kekri; - if (ri->type != CMS_RECIPINFO_KEK) { - ERR_raise(ERR_LIB_CMS, CMS_R_NOT_KEK); - return -2; - } - kekri = ri->d.kekri; - tmp_os.type = V_ASN1_OCTET_STRING; - tmp_os.flags = 0; - tmp_os.data = (unsigned char *)id; - tmp_os.length = (int)idlen; - return ASN1_OCTET_STRING_cmp(&tmp_os, kekri->kekid->keyIdentifier); -} - -/* For now hard code AES key wrap info */ - -static size_t aes_wrap_keylen(int nid) -{ - switch (nid) { - case NID_id_aes128_wrap: - return 16; - - case NID_id_aes192_wrap: - return 24; - - case NID_id_aes256_wrap: - return 32; - - default: - return 0; - } -} - -CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid, - unsigned char *key, size_t keylen, - unsigned char *id, size_t idlen, - ASN1_GENERALIZEDTIME *date, - ASN1_OBJECT *otherTypeId, - ASN1_TYPE *otherType) -{ - CMS_RecipientInfo *ri = NULL; - CMS_KEKRecipientInfo *kekri; - STACK_OF(CMS_RecipientInfo) *ris = CMS_get0_RecipientInfos(cms); - - if (ris == NULL) - goto err; - - if (nid == NID_undef) { - switch (keylen) { - case 16: - nid = NID_id_aes128_wrap; - break; - - case 24: - nid = NID_id_aes192_wrap; - break; - - case 32: - nid = NID_id_aes256_wrap; - break; - - default: - ERR_raise(ERR_LIB_CMS, CMS_R_INVALID_KEY_LENGTH); - goto err; - } - - } else { - - size_t exp_keylen = aes_wrap_keylen(nid); - - if (!exp_keylen) { - ERR_raise(ERR_LIB_CMS, CMS_R_UNSUPPORTED_KEK_ALGORITHM); - goto err; - } - - if (keylen != exp_keylen) { - ERR_raise(ERR_LIB_CMS, CMS_R_INVALID_KEY_LENGTH); - goto err; - } - - } - - /* Initialize recipient info */ - ri = M_ASN1_new_of(CMS_RecipientInfo); - if (!ri) - goto merr; - - ri->d.kekri = M_ASN1_new_of(CMS_KEKRecipientInfo); - if (!ri->d.kekri) - goto merr; - ri->type = CMS_RECIPINFO_KEK; - - kekri = ri->d.kekri; - - if (otherTypeId) { - kekri->kekid->other = M_ASN1_new_of(CMS_OtherKeyAttribute); - if (kekri->kekid->other == NULL) - goto merr; - } - - if (!sk_CMS_RecipientInfo_push(ris, ri)) - goto merr; - - /* After this point no calls can fail */ - - kekri->version = 4; - - kekri->key = key; - kekri->keylen = keylen; - - ASN1_STRING_set0(kekri->kekid->keyIdentifier, id, idlen); - - kekri->kekid->date = date; - - if (kekri->kekid->other) { - kekri->kekid->other->keyAttrId = otherTypeId; - kekri->kekid->other->keyAttr = otherType; - } - - X509_ALGOR_set0(kekri->keyEncryptionAlgorithm, - OBJ_nid2obj(nid), V_ASN1_UNDEF, NULL); - - return ri; - - merr: - ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE); - err: - M_ASN1_free_of(ri, CMS_RecipientInfo); - return NULL; -} - -int CMS_RecipientInfo_kekri_get0_id(CMS_RecipientInfo *ri, - X509_ALGOR **palg, - ASN1_OCTET_STRING **pid, - ASN1_GENERALIZEDTIME **pdate, - ASN1_OBJECT **potherid, - ASN1_TYPE **pothertype) -{ - CMS_KEKIdentifier *rkid; - if (ri->type != CMS_RECIPINFO_KEK) { - ERR_raise(ERR_LIB_CMS, CMS_R_NOT_KEK); - return 0; - } - rkid = ri->d.kekri->kekid; - if (palg) - *palg = ri->d.kekri->keyEncryptionAlgorithm; - if (pid) - *pid = rkid->keyIdentifier; - if (pdate) - *pdate = rkid->date; - if (potherid) { - if (rkid->other) - *potherid = rkid->other->keyAttrId; - else - *potherid = NULL; - } - if (pothertype) { - if (rkid->other) - *pothertype = rkid->other->keyAttr; - else - *pothertype = NULL; - } - return 1; -} - -int CMS_RecipientInfo_set0_key(CMS_RecipientInfo *ri, - unsigned char *key, size_t keylen) -{ - CMS_KEKRecipientInfo *kekri; - if (ri->type != CMS_RECIPINFO_KEK) { - ERR_raise(ERR_LIB_CMS, CMS_R_NOT_KEK); - return 0; - } - - kekri = ri->d.kekri; - kekri->key = key; - kekri->keylen = keylen; - return 1; -} - -static EVP_CIPHER *cms_get_key_wrap_cipher(size_t keylen, const CMS_CTX *ctx) -{ - const char *alg = NULL; - - switch(keylen) { - case 16: - alg = "AES-128-WRAP"; - break; - case 24: - alg = "AES-192-WRAP"; - break; - case 32: - alg = "AES-256-WRAP"; - break; - default: - return NULL; - } - return EVP_CIPHER_fetch(ossl_cms_ctx_get0_libctx(ctx), alg, - ossl_cms_ctx_get0_propq(ctx)); -} - - -/* Encrypt content key in KEK recipient info */ - -static int cms_RecipientInfo_kekri_encrypt(const CMS_ContentInfo *cms, - CMS_RecipientInfo *ri) -{ - CMS_EncryptedContentInfo *ec; - CMS_KEKRecipientInfo *kekri; - unsigned char *wkey = NULL; - int wkeylen; - int r = 0; - EVP_CIPHER *cipher = NULL; - int outlen = 0; - EVP_CIPHER_CTX *ctx = NULL; - const CMS_CTX *cms_ctx = ossl_cms_get0_cmsctx(cms); - - ec = ossl_cms_get0_env_enc_content(cms); - if (ec == NULL) - return 0; - - kekri = ri->d.kekri; - - if (kekri->key == NULL) { - ERR_raise(ERR_LIB_CMS, CMS_R_NO_KEY); - return 0; - } - - cipher = cms_get_key_wrap_cipher(kekri->keylen, cms_ctx); - if (cipher == NULL) { - ERR_raise(ERR_LIB_CMS, CMS_R_INVALID_KEY_LENGTH); - goto err; - } - - /* 8 byte prefix for AES wrap ciphers */ - wkey = OPENSSL_malloc(ec->keylen + 8); - if (wkey == NULL) { - ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE); - goto err; - } - - ctx = EVP_CIPHER_CTX_new(); - if (ctx == NULL) { - ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE); - goto err; - } - - EVP_CIPHER_CTX_set_flags(ctx, EVP_CIPHER_CTX_FLAG_WRAP_ALLOW); - if (!EVP_EncryptInit_ex(ctx, cipher, NULL, kekri->key, NULL) - || !EVP_EncryptUpdate(ctx, wkey, &wkeylen, ec->key, ec->keylen) - || !EVP_EncryptFinal_ex(ctx, wkey + wkeylen, &outlen)) { - ERR_raise(ERR_LIB_CMS, CMS_R_WRAP_ERROR); - goto err; - } - wkeylen += outlen; - if (!ossl_assert((size_t)wkeylen == ec->keylen + 8)) { - ERR_raise(ERR_LIB_CMS, CMS_R_WRAP_ERROR); - goto err; - } - - ASN1_STRING_set0(kekri->encryptedKey, wkey, wkeylen); - - r = 1; - - err: - EVP_CIPHER_free(cipher); - if (!r) - OPENSSL_free(wkey); - EVP_CIPHER_CTX_free(ctx); - - return r; -} - -/* Decrypt content key in KEK recipient info */ - -static int cms_RecipientInfo_kekri_decrypt(CMS_ContentInfo *cms, - CMS_RecipientInfo *ri) -{ - CMS_EncryptedContentInfo *ec; - CMS_KEKRecipientInfo *kekri; - unsigned char *ukey = NULL; - int ukeylen; - int r = 0, wrap_nid; - EVP_CIPHER *cipher = NULL; - int outlen = 0; - EVP_CIPHER_CTX *ctx = NULL; - const CMS_CTX *cms_ctx = ossl_cms_get0_cmsctx(cms); - - ec = ossl_cms_get0_env_enc_content(cms); - if (ec == NULL) - return 0; - - kekri = ri->d.kekri; - - if (!kekri->key) { - ERR_raise(ERR_LIB_CMS, CMS_R_NO_KEY); - return 0; - } - - wrap_nid = OBJ_obj2nid(kekri->keyEncryptionAlgorithm->algorithm); - if (aes_wrap_keylen(wrap_nid) != kekri->keylen) { - ERR_raise(ERR_LIB_CMS, CMS_R_INVALID_KEY_LENGTH); - return 0; - } - - /* If encrypted key length is invalid don't bother */ - - if (kekri->encryptedKey->length < 16) { - ERR_raise(ERR_LIB_CMS, CMS_R_INVALID_ENCRYPTED_KEY_LENGTH); - goto err; - } - - cipher = cms_get_key_wrap_cipher(kekri->keylen, cms_ctx); - if (cipher == NULL) { - ERR_raise(ERR_LIB_CMS, CMS_R_INVALID_KEY_LENGTH); - goto err; - } - - ukey = OPENSSL_malloc(kekri->encryptedKey->length - 8); - if (ukey == NULL) { - ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE); - goto err; - } - - ctx = EVP_CIPHER_CTX_new(); - if (ctx == NULL) { - ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE); - goto err; - } - - if (!EVP_DecryptInit_ex(ctx, cipher, NULL, kekri->key, NULL) - || !EVP_DecryptUpdate(ctx, ukey, &ukeylen, - kekri->encryptedKey->data, - kekri->encryptedKey->length) - || !EVP_DecryptFinal_ex(ctx, ukey + ukeylen, &outlen)) { - ERR_raise(ERR_LIB_CMS, CMS_R_UNWRAP_ERROR); - goto err; - } - ukeylen += outlen; - - OPENSSL_clear_free(ec->key, ec->keylen); - ec->key = ukey; - ec->keylen = ukeylen; - - r = 1; - - err: - EVP_CIPHER_free(cipher); - if (!r) - OPENSSL_free(ukey); - EVP_CIPHER_CTX_free(ctx); - - return r; -} - -int CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri) -{ - switch (ri->type) { - case CMS_RECIPINFO_TRANS: - return cms_RecipientInfo_ktri_decrypt(cms, ri); - - case CMS_RECIPINFO_KEK: - return cms_RecipientInfo_kekri_decrypt(cms, ri); - - case CMS_RECIPINFO_PASS: - return ossl_cms_RecipientInfo_pwri_crypt(cms, ri, 0); - - default: - ERR_raise(ERR_LIB_CMS, CMS_R_UNSUPPORTED_RECIPIENTINFO_TYPE); - return 0; - } -} - -int CMS_RecipientInfo_encrypt(const CMS_ContentInfo *cms, CMS_RecipientInfo *ri) -{ - switch (ri->type) { - case CMS_RECIPINFO_TRANS: - return cms_RecipientInfo_ktri_encrypt(cms, ri); - - case CMS_RECIPINFO_AGREE: - return ossl_cms_RecipientInfo_kari_encrypt(cms, ri); - - case CMS_RECIPINFO_KEK: - return cms_RecipientInfo_kekri_encrypt(cms, ri); - - case CMS_RECIPINFO_PASS: - return ossl_cms_RecipientInfo_pwri_crypt(cms, ri, 1); - - default: - ERR_raise(ERR_LIB_CMS, CMS_R_UNSUPPORTED_RECIPIENT_TYPE); - return 0; - } -} - -/* Check structures and fixup version numbers (if necessary) */ - -static void cms_env_set_originfo_version(CMS_EnvelopedData *env) -{ - CMS_OriginatorInfo *org = env->originatorInfo; - int i; - if (org == NULL) - return; - for (i = 0; i < sk_CMS_CertificateChoices_num(org->certificates); i++) { - CMS_CertificateChoices *cch; - cch = sk_CMS_CertificateChoices_value(org->certificates, i); - if (cch->type == CMS_CERTCHOICE_OTHER) { - env->version = 4; - return; - } else if (cch->type == CMS_CERTCHOICE_V2ACERT) { - if (env->version < 3) - env->version = 3; - } - } - - for (i = 0; i < sk_CMS_RevocationInfoChoice_num(org->crls); i++) { - CMS_RevocationInfoChoice *rch; - rch = sk_CMS_RevocationInfoChoice_value(org->crls, i); - if (rch->type == CMS_REVCHOICE_OTHER) { - env->version = 4; - return; - } - } -} - -static void cms_env_set_version(CMS_EnvelopedData *env) -{ - int i; - CMS_RecipientInfo *ri; - - /* - * Can't set version higher than 4 so if 4 or more already nothing to do. - */ - if (env->version >= 4) - return; - - cms_env_set_originfo_version(env); - - if (env->version >= 3) - return; - - for (i = 0; i < sk_CMS_RecipientInfo_num(env->recipientInfos); i++) { - ri = sk_CMS_RecipientInfo_value(env->recipientInfos, i); - if (ri->type == CMS_RECIPINFO_PASS || ri->type == CMS_RECIPINFO_OTHER) { - env->version = 3; - return; - } else if (ri->type != CMS_RECIPINFO_TRANS - || ri->d.ktri->version != 0) { - env->version = 2; - } - } - if (env->originatorInfo || env->unprotectedAttrs) - env->version = 2; - if (env->version == 2) - return; - env->version = 0; -} - -static int cms_env_encrypt_content_key(const CMS_ContentInfo *cms, - STACK_OF(CMS_RecipientInfo) *ris) -{ - int i; - CMS_RecipientInfo *ri; - - for (i = 0; i < sk_CMS_RecipientInfo_num(ris); i++) { - ri = sk_CMS_RecipientInfo_value(ris, i); - if (CMS_RecipientInfo_encrypt(cms, ri) <= 0) - return -1; - } - return 1; -} - -static void cms_env_clear_ec(CMS_EncryptedContentInfo *ec) -{ - ec->cipher = NULL; - OPENSSL_clear_free(ec->key, ec->keylen); - ec->key = NULL; - ec->keylen = 0; -} - -static BIO *cms_EnvelopedData_Decryption_init_bio(CMS_ContentInfo *cms) -{ - CMS_EncryptedContentInfo *ec = cms->d.envelopedData->encryptedContentInfo; - BIO *contentBio = ossl_cms_EncryptedContent_init_bio(ec, - ossl_cms_get0_cmsctx(cms)); - EVP_CIPHER_CTX *ctx = NULL; - - if (contentBio == NULL) - return NULL; - - BIO_get_cipher_ctx(contentBio, &ctx); - if (ctx == NULL) { - BIO_free(contentBio); - return NULL; - } - /* - * If the selected cipher supports unprotected attributes, - * deal with it using special ctrl function - */ - if ((EVP_CIPHER_get_flags(EVP_CIPHER_CTX_get0_cipher(ctx)) - & EVP_CIPH_FLAG_CIPHER_WITH_MAC) != 0 - && EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_PROCESS_UNPROTECTED, 0, - cms->d.envelopedData->unprotectedAttrs) <= 0) { - BIO_free(contentBio); - return NULL; - } - return contentBio; -} - -static BIO *cms_EnvelopedData_Encryption_init_bio(CMS_ContentInfo *cms) -{ - CMS_EncryptedContentInfo *ec; - STACK_OF(CMS_RecipientInfo) *rinfos; - int ok = 0; - BIO *ret; - CMS_EnvelopedData *env = cms->d.envelopedData; - - /* Get BIO first to set up key */ - - ec = env->encryptedContentInfo; - ret = ossl_cms_EncryptedContent_init_bio(ec, ossl_cms_get0_cmsctx(cms)); - - /* If error end of processing */ - if (!ret) - return ret; - - /* Now encrypt content key according to each RecipientInfo type */ - rinfos = env->recipientInfos; - if (cms_env_encrypt_content_key(cms, rinfos) < 0) { - ERR_raise(ERR_LIB_CMS, CMS_R_ERROR_SETTING_RECIPIENTINFO); - goto err; - } - - /* And finally set the version */ - cms_env_set_version(env); - - ok = 1; - - err: - cms_env_clear_ec(ec); - if (ok) - return ret; - BIO_free(ret); - return NULL; -} - -BIO *ossl_cms_EnvelopedData_init_bio(CMS_ContentInfo *cms) -{ - if (cms->d.envelopedData->encryptedContentInfo->cipher != NULL) { - /* If cipher is set it's encryption */ - return cms_EnvelopedData_Encryption_init_bio(cms); - } - - /* If cipher is not set it's decryption */ - return cms_EnvelopedData_Decryption_init_bio(cms); -} - -BIO *ossl_cms_AuthEnvelopedData_init_bio(CMS_ContentInfo *cms) -{ - CMS_EncryptedContentInfo *ec; - STACK_OF(CMS_RecipientInfo) *rinfos; - int ok = 0; - BIO *ret; - CMS_AuthEnvelopedData *aenv = cms->d.authEnvelopedData; - - /* Get BIO first to set up key */ - ec = aenv->authEncryptedContentInfo; - /* Set tag for decryption */ - if (ec->cipher == NULL) { - ec->tag = aenv->mac->data; - ec->taglen = aenv->mac->length; - } - ret = ossl_cms_EncryptedContent_init_bio(ec, ossl_cms_get0_cmsctx(cms)); - - /* If error or no cipher end of processing */ - if (ret == NULL || ec->cipher == NULL) - return ret; - - /* Now encrypt content key according to each RecipientInfo type */ - rinfos = aenv->recipientInfos; - if (cms_env_encrypt_content_key(cms, rinfos) < 0) { - ERR_raise(ERR_LIB_CMS, CMS_R_ERROR_SETTING_RECIPIENTINFO); - goto err; - } - - /* And finally set the version */ - aenv->version = 0; - - ok = 1; - - err: - cms_env_clear_ec(ec); - if (ok) - return ret; - BIO_free(ret); - return NULL; -} - -int ossl_cms_EnvelopedData_final(CMS_ContentInfo *cms, BIO *chain) -{ - CMS_EnvelopedData *env = NULL; - EVP_CIPHER_CTX *ctx = NULL; - BIO *mbio = BIO_find_type(chain, BIO_TYPE_CIPHER); - - env = ossl_cms_get0_enveloped(cms); - if (env == NULL) - return 0; - - if (mbio == NULL) { - ERR_raise(ERR_LIB_CMS, CMS_R_CONTENT_NOT_FOUND); - return 0; - } - - BIO_get_cipher_ctx(mbio, &ctx); - - /* - * If the selected cipher supports unprotected attributes, - * deal with it using special ctrl function - */ - if ((EVP_CIPHER_get_flags(EVP_CIPHER_CTX_get0_cipher(ctx)) - & EVP_CIPH_FLAG_CIPHER_WITH_MAC) != 0) { - if (env->unprotectedAttrs == NULL) - env->unprotectedAttrs = sk_X509_ATTRIBUTE_new_null(); - - if (env->unprotectedAttrs == NULL) { - ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE); - return 0; - } - - if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_PROCESS_UNPROTECTED, - 1, env->unprotectedAttrs) <= 0) { - ERR_raise(ERR_LIB_CMS, CMS_R_CTRL_FAILURE); - return 0; - } - } - - cms_env_set_version(cms->d.envelopedData); - return 1; -} - -int ossl_cms_AuthEnvelopedData_final(CMS_ContentInfo *cms, BIO *cmsbio) -{ - EVP_CIPHER_CTX *ctx; - unsigned char *tag = NULL; - int taglen, ok = 0; - - BIO_get_cipher_ctx(cmsbio, &ctx); - - /* - * The tag is set only for encryption. There is nothing to do for - * decryption. - */ - if (!EVP_CIPHER_CTX_is_encrypting(ctx)) - return 1; - - taglen = EVP_CIPHER_CTX_get_tag_length(ctx); - if (taglen <= 0 - || (tag = OPENSSL_malloc(taglen)) == NULL - || EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, - tag) <= 0) { - ERR_raise(ERR_LIB_CMS, CMS_R_CIPHER_GET_TAG); - goto err; - } - - if (!ASN1_OCTET_STRING_set(cms->d.authEnvelopedData->mac, tag, taglen)) - goto err; - - ok = 1; -err: - OPENSSL_free(tag); - return ok; -} - -/* - * Get RecipientInfo type (if any) supported by a key (public or private). To - * retain compatibility with previous behaviour if the ctrl value isn't - * supported we assume key transport. - */ -int ossl_cms_pkey_get_ri_type(EVP_PKEY *pk) -{ - /* Check types that we know about */ - if (EVP_PKEY_is_a(pk, "DH")) - return CMS_RECIPINFO_AGREE; - else if (EVP_PKEY_is_a(pk, "DHX")) - return CMS_RECIPINFO_AGREE; - else if (EVP_PKEY_is_a(pk, "DSA")) - return CMS_RECIPINFO_NONE; - else if (EVP_PKEY_is_a(pk, "EC")) - return CMS_RECIPINFO_AGREE; - else if (EVP_PKEY_is_a(pk, "RSA")) - return CMS_RECIPINFO_TRANS; - - /* - * Otherwise this might ben an engine implementation, so see if we can get - * the type from the ameth. - */ - if (pk->ameth && pk->ameth->pkey_ctrl) { - int i, r; - i = pk->ameth->pkey_ctrl(pk, ASN1_PKEY_CTRL_CMS_RI_TYPE, 0, &r); - if (i > 0) - return r; - } - return CMS_RECIPINFO_TRANS; -} - -int ossl_cms_pkey_is_ri_type_supported(EVP_PKEY *pk, int ri_type) -{ - int supportedRiType; - - if (pk->ameth != NULL && pk->ameth->pkey_ctrl != NULL) { - int i, r; - - i = pk->ameth->pkey_ctrl(pk, ASN1_PKEY_CTRL_CMS_IS_RI_TYPE_SUPPORTED, - ri_type, &r); - if (i > 0) - return r; - } - - supportedRiType = ossl_cms_pkey_get_ri_type(pk); - if (supportedRiType < 0) - return 0; - - return (supportedRiType == ri_type); -} diff --git a/crypto/cms/cms_err.c b/crypto/cms/cms_err.c deleted file mode 100644 index 1fba9d8502494dc80719be2931cf783f9e197641..0000000000000000000000000000000000000000 --- a/crypto/cms/cms_err.c +++ /dev/null @@ -1,176 +0,0 @@ -/* - * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include "crypto/cmserr.h" - -#ifndef OPENSSL_NO_CMS - -# ifndef OPENSSL_NO_ERR - -static const ERR_STRING_DATA CMS_str_reasons[] = { - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_ADD_SIGNER_ERROR), "add signer error"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_ATTRIBUTE_ERROR), "attribute error"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CERTIFICATE_ALREADY_PRESENT), - "certificate already present"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CERTIFICATE_HAS_NO_KEYID), - "certificate has no keyid"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CERTIFICATE_VERIFY_ERROR), - "certificate verify error"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CIPHER_AEAD_SET_TAG_ERROR), - "cipher aead set tag error"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CIPHER_GET_TAG), "cipher get tag"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CIPHER_INITIALISATION_ERROR), - "cipher initialisation error"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR), - "cipher parameter initialisation error"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CMS_DATAFINAL_ERROR), - "cms datafinal error"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CMS_LIB), "cms lib"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CONTENTIDENTIFIER_MISMATCH), - "contentidentifier mismatch"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CONTENT_NOT_FOUND), "content not found"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CONTENT_TYPE_MISMATCH), - "content type mismatch"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CONTENT_TYPE_NOT_COMPRESSED_DATA), - "content type not compressed data"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA), - "content type not enveloped data"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CONTENT_TYPE_NOT_SIGNED_DATA), - "content type not signed data"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CONTENT_VERIFY_ERROR), - "content verify error"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CTRL_ERROR), "ctrl error"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CTRL_FAILURE), "ctrl failure"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_DECODE_ERROR), "decode error"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_DECRYPT_ERROR), "decrypt error"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_ERROR_GETTING_PUBLIC_KEY), - "error getting public key"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE), - "error reading messagedigest attribute"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_ERROR_SETTING_KEY), "error setting key"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_ERROR_SETTING_RECIPIENTINFO), - "error setting recipientinfo"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_ESS_SIGNING_CERTID_MISMATCH_ERROR), - "ess signing certid mismatch error"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_INVALID_ENCRYPTED_KEY_LENGTH), - "invalid encrypted key length"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_INVALID_KEY_ENCRYPTION_PARAMETER), - "invalid key encryption parameter"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_INVALID_KEY_LENGTH), "invalid key length"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_INVALID_LABEL), "invalid label"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_INVALID_OAEP_PARAMETERS), - "invalid oaep parameters"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_KDF_PARAMETER_ERROR), - "kdf parameter error"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_MD_BIO_INIT_ERROR), "md bio init error"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH), - "messagedigest attribute wrong length"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_MESSAGEDIGEST_WRONG_LENGTH), - "messagedigest wrong length"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_MSGSIGDIGEST_ERROR), "msgsigdigest error"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_MSGSIGDIGEST_VERIFICATION_FAILURE), - "msgsigdigest verification failure"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_MSGSIGDIGEST_WRONG_LENGTH), - "msgsigdigest wrong length"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NEED_ONE_SIGNER), "need one signer"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NOT_A_SIGNED_RECEIPT), - "not a signed receipt"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NOT_ENCRYPTED_DATA), "not encrypted data"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NOT_KEK), "not kek"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NOT_KEY_AGREEMENT), "not key agreement"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NOT_KEY_TRANSPORT), "not key transport"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NOT_PWRI), "not pwri"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE), - "not supported for this key type"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_CIPHER), "no cipher"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_CONTENT), "no content"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_CONTENT_TYPE), "no content type"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_DEFAULT_DIGEST), "no default digest"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_DIGEST_SET), "no digest set"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_KEY), "no key"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_KEY_OR_CERT), "no key or cert"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_MATCHING_DIGEST), "no matching digest"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_MATCHING_RECIPIENT), - "no matching recipient"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_MATCHING_SIGNATURE), - "no matching signature"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_MSGSIGDIGEST), "no msgsigdigest"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_PASSWORD), "no password"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_PRIVATE_KEY), "no private key"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_PUBLIC_KEY), "no public key"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_RECEIPT_REQUEST), "no receipt request"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_SIGNERS), "no signers"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_PEER_KEY_ERROR), "peer key error"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE), - "private key does not match certificate"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_RECEIPT_DECODE_ERROR), - "receipt decode error"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_RECIPIENT_ERROR), "recipient error"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_SHARED_INFO_ERROR), "shared info error"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_SIGNER_CERTIFICATE_NOT_FOUND), - "signer certificate not found"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_SIGNFINAL_ERROR), "signfinal error"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_SMIME_TEXT_ERROR), "smime text error"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_STORE_INIT_ERROR), "store init error"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_TYPE_NOT_COMPRESSED_DATA), - "type not compressed data"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_TYPE_NOT_DATA), "type not data"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_TYPE_NOT_DIGESTED_DATA), - "type not digested data"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_TYPE_NOT_ENCRYPTED_DATA), - "type not encrypted data"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_TYPE_NOT_ENVELOPED_DATA), - "type not enveloped data"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNABLE_TO_FINALIZE_CONTEXT), - "unable to finalize context"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNKNOWN_CIPHER), "unknown cipher"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNKNOWN_DIGEST_ALGORITHM), - "unknown digest algorithm"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNKNOWN_ID), "unknown id"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM), - "unsupported compression algorithm"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_CONTENT_TYPE), - "unsupported content type"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_ENCRYPTION_TYPE), - "unsupported encryption type"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_KEK_ALGORITHM), - "unsupported kek algorithm"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM), - "unsupported key encryption algorithm"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_LABEL_SOURCE), - "unsupported label source"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_RECIPIENTINFO_TYPE), - "unsupported recipientinfo type"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_RECIPIENT_TYPE), - "unsupported recipient type"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_TYPE), "unsupported type"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNWRAP_ERROR), "unwrap error"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNWRAP_FAILURE), "unwrap failure"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_VERIFICATION_FAILURE), - "verification failure"}, - {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_WRAP_ERROR), "wrap error"}, - {0, NULL} -}; - -# endif - -int ossl_err_load_CMS_strings(void) -{ -# ifndef OPENSSL_NO_ERR - if (ERR_reason_error_string(CMS_str_reasons[0].error) == NULL) - ERR_load_strings_const(CMS_str_reasons); -# endif - return 1; -} -#else -NON_EMPTY_TRANSLATION_UNIT -#endif diff --git a/crypto/cms/cms_ess.c b/crypto/cms/cms_ess.c deleted file mode 100644 index 6c43dd102a91d93adc30c93247a9deb1badb2938..0000000000000000000000000000000000000000 --- a/crypto/cms/cms_ess.c +++ /dev/null @@ -1,417 +0,0 @@ -/* - * Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include "internal/cryptlib.h" -#include -#include -#include -#include -#include -#include -#include -#include "crypto/ess.h" -#include "crypto/x509.h" -#include "cms_local.h" - -IMPLEMENT_ASN1_FUNCTIONS(CMS_ReceiptRequest) - -/* ESS services */ - -int CMS_get1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest **prr) -{ - ASN1_STRING *str; - CMS_ReceiptRequest *rr; - ASN1_OBJECT *obj = OBJ_nid2obj(NID_id_smime_aa_receiptRequest); - - if (prr != NULL) - *prr = NULL; - str = CMS_signed_get0_data_by_OBJ(si, obj, -3, V_ASN1_SEQUENCE); - if (str == NULL) - return 0; - - rr = ASN1_item_unpack(str, ASN1_ITEM_rptr(CMS_ReceiptRequest)); - if (rr == NULL) - return -1; - if (prr != NULL) - *prr = rr; - else - CMS_ReceiptRequest_free(rr); - return 1; -} - -/* - * Returns 0 if attribute is not found, 1 if found, - * or -1 on attribute parsing failure. - */ -static int ossl_cms_signerinfo_get_signing_cert(const CMS_SignerInfo *si, - ESS_SIGNING_CERT **psc) -{ - ASN1_STRING *str; - ESS_SIGNING_CERT *sc; - ASN1_OBJECT *obj = OBJ_nid2obj(NID_id_smime_aa_signingCertificate); - - if (psc != NULL) - *psc = NULL; - str = CMS_signed_get0_data_by_OBJ(si, obj, -3, V_ASN1_SEQUENCE); - if (str == NULL) - return 0; - - sc = ASN1_item_unpack(str, ASN1_ITEM_rptr(ESS_SIGNING_CERT)); - if (sc == NULL) - return -1; - if (psc != NULL) - *psc = sc; - else - ESS_SIGNING_CERT_free(sc); - return 1; -} - -/* - * Returns 0 if attribute is not found, 1 if found, - * or -1 on attribute parsing failure. - */ -static int ossl_cms_signerinfo_get_signing_cert_v2(const CMS_SignerInfo *si, - ESS_SIGNING_CERT_V2 **psc) -{ - ASN1_STRING *str; - ESS_SIGNING_CERT_V2 *sc; - ASN1_OBJECT *obj = OBJ_nid2obj(NID_id_smime_aa_signingCertificateV2); - - if (psc != NULL) - *psc = NULL; - str = CMS_signed_get0_data_by_OBJ(si, obj, -3, V_ASN1_SEQUENCE); - if (str == NULL) - return 0; - - sc = ASN1_item_unpack(str, ASN1_ITEM_rptr(ESS_SIGNING_CERT_V2)); - if (sc == NULL) - return -1; - if (psc != NULL) - *psc = sc; - else - ESS_SIGNING_CERT_V2_free(sc); - return 1; -} - -int ossl_cms_check_signing_certs(const CMS_SignerInfo *si, - const STACK_OF(X509) *chain) -{ - ESS_SIGNING_CERT *ss = NULL; - ESS_SIGNING_CERT_V2 *ssv2 = NULL; - int ret = ossl_cms_signerinfo_get_signing_cert(si, &ss) >= 0 - && ossl_cms_signerinfo_get_signing_cert_v2(si, &ssv2) >= 0 - && OSSL_ESS_check_signing_certs(ss, ssv2, chain, 1) > 0; - - ESS_SIGNING_CERT_free(ss); - ESS_SIGNING_CERT_V2_free(ssv2); - return ret; -} - -CMS_ReceiptRequest *CMS_ReceiptRequest_create0_ex( - unsigned char *id, int idlen, int allorfirst, - STACK_OF(GENERAL_NAMES) *receiptList, STACK_OF(GENERAL_NAMES) *receiptsTo, - OSSL_LIB_CTX *libctx) -{ - CMS_ReceiptRequest *rr; - - rr = CMS_ReceiptRequest_new(); - if (rr == NULL) - goto merr; - if (id) - ASN1_STRING_set0(rr->signedContentIdentifier, id, idlen); - else { - if (!ASN1_STRING_set(rr->signedContentIdentifier, NULL, 32)) - goto merr; - if (RAND_bytes_ex(libctx, rr->signedContentIdentifier->data, 32, - 0) <= 0) - goto err; - } - - sk_GENERAL_NAMES_pop_free(rr->receiptsTo, GENERAL_NAMES_free); - rr->receiptsTo = receiptsTo; - - if (receiptList != NULL) { - rr->receiptsFrom->type = 1; - rr->receiptsFrom->d.receiptList = receiptList; - } else { - rr->receiptsFrom->type = 0; - rr->receiptsFrom->d.allOrFirstTier = allorfirst; - } - - return rr; - - merr: - ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE); - - err: - CMS_ReceiptRequest_free(rr); - return NULL; - -} - -CMS_ReceiptRequest *CMS_ReceiptRequest_create0( - unsigned char *id, int idlen, int allorfirst, - STACK_OF(GENERAL_NAMES) *receiptList, STACK_OF(GENERAL_NAMES) *receiptsTo) -{ - return CMS_ReceiptRequest_create0_ex(id, idlen, allorfirst, receiptList, - receiptsTo, NULL); -} - -int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr) -{ - unsigned char *rrder = NULL; - int rrderlen, r = 0; - - rrderlen = i2d_CMS_ReceiptRequest(rr, &rrder); - if (rrderlen < 0) - goto merr; - - if (!CMS_signed_add1_attr_by_NID(si, NID_id_smime_aa_receiptRequest, - V_ASN1_SEQUENCE, rrder, rrderlen)) - goto merr; - - r = 1; - - merr: - if (!r) - ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE); - - OPENSSL_free(rrder); - - return r; - -} - -void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr, - ASN1_STRING **pcid, - int *pallorfirst, - STACK_OF(GENERAL_NAMES) **plist, - STACK_OF(GENERAL_NAMES) **prto) -{ - if (pcid != NULL) - *pcid = rr->signedContentIdentifier; - if (rr->receiptsFrom->type == 0) { - if (pallorfirst != NULL) - *pallorfirst = (int)rr->receiptsFrom->d.allOrFirstTier; - if (plist != NULL) - *plist = NULL; - } else { - if (pallorfirst != NULL) - *pallorfirst = -1; - if (plist != NULL) - *plist = rr->receiptsFrom->d.receiptList; - } - if (prto != NULL) - *prto = rr->receiptsTo; -} - -/* Digest a SignerInfo structure for msgSigDigest attribute processing */ - -static int cms_msgSigDigest(CMS_SignerInfo *si, - unsigned char *dig, unsigned int *diglen) -{ - const EVP_MD *md = EVP_get_digestbyobj(si->digestAlgorithm->algorithm); - - if (md == NULL) - return 0; - if (!ossl_asn1_item_digest_ex(ASN1_ITEM_rptr(CMS_Attributes_Verify), md, - si->signedAttrs, dig, diglen, - ossl_cms_ctx_get0_libctx(si->cms_ctx), - ossl_cms_ctx_get0_propq(si->cms_ctx))) - return 0; - return 1; -} - -/* Add a msgSigDigest attribute to a SignerInfo */ - -int ossl_cms_msgSigDigest_add1(CMS_SignerInfo *dest, CMS_SignerInfo *src) -{ - unsigned char dig[EVP_MAX_MD_SIZE]; - unsigned int diglen; - - if (!cms_msgSigDigest(src, dig, &diglen)) { - ERR_raise(ERR_LIB_CMS, CMS_R_MSGSIGDIGEST_ERROR); - return 0; - } - if (!CMS_signed_add1_attr_by_NID(dest, NID_id_smime_aa_msgSigDigest, - V_ASN1_OCTET_STRING, dig, diglen)) { - ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE); - return 0; - } - return 1; -} - -/* Verify signed receipt after it has already passed normal CMS verify */ - -int ossl_cms_Receipt_verify(CMS_ContentInfo *cms, CMS_ContentInfo *req_cms) -{ - int r = 0, i; - CMS_ReceiptRequest *rr = NULL; - CMS_Receipt *rct = NULL; - STACK_OF(CMS_SignerInfo) *sis, *osis; - CMS_SignerInfo *si, *osi = NULL; - ASN1_OCTET_STRING *msig, **pcont; - ASN1_OBJECT *octype; - unsigned char dig[EVP_MAX_MD_SIZE]; - unsigned int diglen; - - /* Get SignerInfos, also checks SignedData content type */ - osis = CMS_get0_SignerInfos(req_cms); - sis = CMS_get0_SignerInfos(cms); - if (!osis || !sis) - goto err; - - if (sk_CMS_SignerInfo_num(sis) != 1) { - ERR_raise(ERR_LIB_CMS, CMS_R_NEED_ONE_SIGNER); - goto err; - } - - /* Check receipt content type */ - if (OBJ_obj2nid(CMS_get0_eContentType(cms)) != NID_id_smime_ct_receipt) { - ERR_raise(ERR_LIB_CMS, CMS_R_NOT_A_SIGNED_RECEIPT); - goto err; - } - - /* Extract and decode receipt content */ - pcont = CMS_get0_content(cms); - if (pcont == NULL || *pcont == NULL) { - ERR_raise(ERR_LIB_CMS, CMS_R_NO_CONTENT); - goto err; - } - - rct = ASN1_item_unpack(*pcont, ASN1_ITEM_rptr(CMS_Receipt)); - - if (!rct) { - ERR_raise(ERR_LIB_CMS, CMS_R_RECEIPT_DECODE_ERROR); - goto err; - } - - /* Locate original request */ - - for (i = 0; i < sk_CMS_SignerInfo_num(osis); i++) { - osi = sk_CMS_SignerInfo_value(osis, i); - if (!ASN1_STRING_cmp(osi->signature, rct->originatorSignatureValue)) - break; - } - - if (i == sk_CMS_SignerInfo_num(osis)) { - ERR_raise(ERR_LIB_CMS, CMS_R_NO_MATCHING_SIGNATURE); - goto err; - } - - si = sk_CMS_SignerInfo_value(sis, 0); - - /* Get msgSigDigest value and compare */ - - msig = CMS_signed_get0_data_by_OBJ(si, - OBJ_nid2obj - (NID_id_smime_aa_msgSigDigest), -3, - V_ASN1_OCTET_STRING); - - if (!msig) { - ERR_raise(ERR_LIB_CMS, CMS_R_NO_MSGSIGDIGEST); - goto err; - } - - if (!cms_msgSigDigest(osi, dig, &diglen)) { - ERR_raise(ERR_LIB_CMS, CMS_R_MSGSIGDIGEST_ERROR); - goto err; - } - - if (diglen != (unsigned int)msig->length) { - ERR_raise(ERR_LIB_CMS, CMS_R_MSGSIGDIGEST_WRONG_LENGTH); - goto err; - } - - if (memcmp(dig, msig->data, diglen)) { - ERR_raise(ERR_LIB_CMS, CMS_R_MSGSIGDIGEST_VERIFICATION_FAILURE); - goto err; - } - - /* Compare content types */ - - octype = CMS_signed_get0_data_by_OBJ(osi, - OBJ_nid2obj(NID_pkcs9_contentType), - -3, V_ASN1_OBJECT); - if (!octype) { - ERR_raise(ERR_LIB_CMS, CMS_R_NO_CONTENT_TYPE); - goto err; - } - - /* Compare details in receipt request */ - - if (OBJ_cmp(octype, rct->contentType)) { - ERR_raise(ERR_LIB_CMS, CMS_R_CONTENT_TYPE_MISMATCH); - goto err; - } - - /* Get original receipt request details */ - - if (CMS_get1_ReceiptRequest(osi, &rr) <= 0) { - ERR_raise(ERR_LIB_CMS, CMS_R_NO_RECEIPT_REQUEST); - goto err; - } - - if (ASN1_STRING_cmp(rr->signedContentIdentifier, - rct->signedContentIdentifier)) { - ERR_raise(ERR_LIB_CMS, CMS_R_CONTENTIDENTIFIER_MISMATCH); - goto err; - } - - r = 1; - - err: - CMS_ReceiptRequest_free(rr); - M_ASN1_free_of(rct, CMS_Receipt); - return r; - -} - -/* - * Encode a Receipt into an OCTET STRING read for including into content of a - * SignedData ContentInfo. - */ - -ASN1_OCTET_STRING *ossl_cms_encode_Receipt(CMS_SignerInfo *si) -{ - CMS_Receipt rct; - CMS_ReceiptRequest *rr = NULL; - ASN1_OBJECT *ctype; - ASN1_OCTET_STRING *os = NULL; - - /* Get original receipt request */ - - /* Get original receipt request details */ - - if (CMS_get1_ReceiptRequest(si, &rr) <= 0) { - ERR_raise(ERR_LIB_CMS, CMS_R_NO_RECEIPT_REQUEST); - goto err; - } - - /* Get original content type */ - - ctype = CMS_signed_get0_data_by_OBJ(si, - OBJ_nid2obj(NID_pkcs9_contentType), - -3, V_ASN1_OBJECT); - if (!ctype) { - ERR_raise(ERR_LIB_CMS, CMS_R_NO_CONTENT_TYPE); - goto err; - } - - rct.version = 1; - rct.contentType = ctype; - rct.signedContentIdentifier = rr->signedContentIdentifier; - rct.originatorSignatureValue = si->signature; - - os = ASN1_item_pack(&rct, ASN1_ITEM_rptr(CMS_Receipt), NULL); - - err: - CMS_ReceiptRequest_free(rr); - return os; -} diff --git a/crypto/cms/cms_io.c b/crypto/cms/cms_io.c deleted file mode 100644 index dab70af73c336e921e598bda01c8b6480d678d77..0000000000000000000000000000000000000000 --- a/crypto/cms/cms_io.c +++ /dev/null @@ -1,121 +0,0 @@ -/* - * Copyright 2008-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include -#include -#include "cms_local.h" - -/* unfortunately cannot constify BIO_new_NDEF() due to this and PKCS7_stream() */ -int CMS_stream(unsigned char ***boundary, CMS_ContentInfo *cms) -{ - ASN1_OCTET_STRING **pos; - pos = CMS_get0_content(cms); - if (pos == NULL) - return 0; - if (*pos == NULL) - *pos = ASN1_OCTET_STRING_new(); - if (*pos != NULL) { - (*pos)->flags |= ASN1_STRING_FLAG_NDEF; - (*pos)->flags &= ~ASN1_STRING_FLAG_CONT; - *boundary = &(*pos)->data; - return 1; - } - ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE); - return 0; -} - -CMS_ContentInfo *d2i_CMS_bio(BIO *bp, CMS_ContentInfo **cms) -{ - CMS_ContentInfo *ci; - const CMS_CTX *ctx = ossl_cms_get0_cmsctx(cms == NULL ? NULL : *cms); - - ci = ASN1_item_d2i_bio_ex(ASN1_ITEM_rptr(CMS_ContentInfo), bp, cms, - ossl_cms_ctx_get0_libctx(ctx), - ossl_cms_ctx_get0_propq(ctx)); - if (ci != NULL) { - ERR_set_mark(); - ossl_cms_resolve_libctx(ci); - ERR_pop_to_mark(); - } - return ci; -} - -int i2d_CMS_bio(BIO *bp, CMS_ContentInfo *cms) -{ - return ASN1_item_i2d_bio(ASN1_ITEM_rptr(CMS_ContentInfo), bp, cms); -} - -IMPLEMENT_PEM_rw(CMS, CMS_ContentInfo, PEM_STRING_CMS, CMS_ContentInfo) - -BIO *BIO_new_CMS(BIO *out, CMS_ContentInfo *cms) -{ - return BIO_new_NDEF(out, (ASN1_VALUE *)cms, - ASN1_ITEM_rptr(CMS_ContentInfo)); -} - -/* CMS wrappers round generalised stream and MIME routines */ - -int i2d_CMS_bio_stream(BIO *out, CMS_ContentInfo *cms, BIO *in, int flags) -{ - return i2d_ASN1_bio_stream(out, (ASN1_VALUE *)cms, in, flags, - ASN1_ITEM_rptr(CMS_ContentInfo)); -} - -int PEM_write_bio_CMS_stream(BIO *out, CMS_ContentInfo *cms, BIO *in, - int flags) -{ - return PEM_write_bio_ASN1_stream(out, (ASN1_VALUE *)cms, in, flags, - "CMS", ASN1_ITEM_rptr(CMS_ContentInfo)); -} - -int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags) -{ - STACK_OF(X509_ALGOR) *mdalgs; - int ctype_nid = OBJ_obj2nid(cms->contentType); - int econt_nid = OBJ_obj2nid(CMS_get0_eContentType(cms)); - const CMS_CTX *ctx = ossl_cms_get0_cmsctx(cms); - - if (ctype_nid == NID_pkcs7_signed) - mdalgs = cms->d.signedData->digestAlgorithms; - else - mdalgs = NULL; - - return SMIME_write_ASN1_ex(bio, (ASN1_VALUE *)cms, data, flags, ctype_nid, - econt_nid, mdalgs, - ASN1_ITEM_rptr(CMS_ContentInfo), - ossl_cms_ctx_get0_libctx(ctx), - ossl_cms_ctx_get0_propq(ctx)); -} - -CMS_ContentInfo *SMIME_read_CMS_ex(BIO *bio, int flags, BIO **bcont, - CMS_ContentInfo **cms) -{ - CMS_ContentInfo *ci; - const CMS_CTX *ctx = ossl_cms_get0_cmsctx(cms == NULL ? NULL : *cms); - - ci = (CMS_ContentInfo *)SMIME_read_ASN1_ex(bio, flags, bcont, - ASN1_ITEM_rptr(CMS_ContentInfo), - (ASN1_VALUE **)cms, - ossl_cms_ctx_get0_libctx(ctx), - ossl_cms_ctx_get0_propq(ctx)); - if (ci != NULL) { - ERR_set_mark(); - ossl_cms_resolve_libctx(ci); - ERR_pop_to_mark(); - } - return ci; -} - -CMS_ContentInfo *SMIME_read_CMS(BIO *bio, BIO **bcont) -{ - return SMIME_read_CMS_ex(bio, 0, bcont, NULL); -} diff --git a/crypto/cms/cms_kari.c b/crypto/cms/cms_kari.c deleted file mode 100644 index a2f422a78d8b5cc1d7a4b1887f4fe1f3e17136fe..0000000000000000000000000000000000000000 --- a/crypto/cms/cms_kari.c +++ /dev/null @@ -1,523 +0,0 @@ -/* - * Copyright 2013-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * Low level key APIs (DH etc) are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include "internal/cryptlib.h" -#include -#include -#include -#include -#include -#include -#include "cms_local.h" -#include "crypto/asn1.h" - -/* Key Agreement Recipient Info (KARI) routines */ - -int CMS_RecipientInfo_kari_get0_alg(CMS_RecipientInfo *ri, - X509_ALGOR **palg, - ASN1_OCTET_STRING **pukm) -{ - if (ri->type != CMS_RECIPINFO_AGREE) { - ERR_raise(ERR_LIB_CMS, CMS_R_NOT_KEY_AGREEMENT); - return 0; - } - if (palg) - *palg = ri->d.kari->keyEncryptionAlgorithm; - if (pukm) - *pukm = ri->d.kari->ukm; - return 1; -} - -/* Retrieve recipient encrypted keys from a kari */ - -STACK_OF(CMS_RecipientEncryptedKey) -*CMS_RecipientInfo_kari_get0_reks(CMS_RecipientInfo *ri) -{ - if (ri->type != CMS_RECIPINFO_AGREE) { - ERR_raise(ERR_LIB_CMS, CMS_R_NOT_KEY_AGREEMENT); - return NULL; - } - return ri->d.kari->recipientEncryptedKeys; -} - -int CMS_RecipientInfo_kari_get0_orig_id(CMS_RecipientInfo *ri, - X509_ALGOR **pubalg, - ASN1_BIT_STRING **pubkey, - ASN1_OCTET_STRING **keyid, - X509_NAME **issuer, - ASN1_INTEGER **sno) -{ - CMS_OriginatorIdentifierOrKey *oik; - - if (ri->type != CMS_RECIPINFO_AGREE) { - ERR_raise(ERR_LIB_CMS, CMS_R_NOT_KEY_AGREEMENT); - return 0; - } - oik = ri->d.kari->originator; - if (issuer) - *issuer = NULL; - if (sno) - *sno = NULL; - if (keyid) - *keyid = NULL; - if (pubalg) - *pubalg = NULL; - if (pubkey) - *pubkey = NULL; - if (oik->type == CMS_OIK_ISSUER_SERIAL) { - if (issuer) - *issuer = oik->d.issuerAndSerialNumber->issuer; - if (sno) - *sno = oik->d.issuerAndSerialNumber->serialNumber; - } else if (oik->type == CMS_OIK_KEYIDENTIFIER) { - if (keyid) - *keyid = oik->d.subjectKeyIdentifier; - } else if (oik->type == CMS_OIK_PUBKEY) { - if (pubalg) - *pubalg = oik->d.originatorKey->algorithm; - if (pubkey) - *pubkey = oik->d.originatorKey->publicKey; - } else - return 0; - return 1; -} - -int CMS_RecipientInfo_kari_orig_id_cmp(CMS_RecipientInfo *ri, X509 *cert) -{ - CMS_OriginatorIdentifierOrKey *oik; - - if (ri->type != CMS_RECIPINFO_AGREE) { - ERR_raise(ERR_LIB_CMS, CMS_R_NOT_KEY_AGREEMENT); - return -2; - } - oik = ri->d.kari->originator; - if (oik->type == CMS_OIK_ISSUER_SERIAL) - return ossl_cms_ias_cert_cmp(oik->d.issuerAndSerialNumber, cert); - else if (oik->type == CMS_OIK_KEYIDENTIFIER) - return ossl_cms_keyid_cert_cmp(oik->d.subjectKeyIdentifier, cert); - return -1; -} - -int CMS_RecipientEncryptedKey_get0_id(CMS_RecipientEncryptedKey *rek, - ASN1_OCTET_STRING **keyid, - ASN1_GENERALIZEDTIME **tm, - CMS_OtherKeyAttribute **other, - X509_NAME **issuer, ASN1_INTEGER **sno) -{ - CMS_KeyAgreeRecipientIdentifier *rid = rek->rid; - - if (rid->type == CMS_REK_ISSUER_SERIAL) { - if (issuer) - *issuer = rid->d.issuerAndSerialNumber->issuer; - if (sno) - *sno = rid->d.issuerAndSerialNumber->serialNumber; - if (keyid) - *keyid = NULL; - if (tm) - *tm = NULL; - if (other) - *other = NULL; - } else if (rid->type == CMS_REK_KEYIDENTIFIER) { - if (keyid) - *keyid = rid->d.rKeyId->subjectKeyIdentifier; - if (tm) - *tm = rid->d.rKeyId->date; - if (other) - *other = rid->d.rKeyId->other; - if (issuer) - *issuer = NULL; - if (sno) - *sno = NULL; - } else - return 0; - return 1; -} - -int CMS_RecipientEncryptedKey_cert_cmp(CMS_RecipientEncryptedKey *rek, - X509 *cert) -{ - CMS_KeyAgreeRecipientIdentifier *rid = rek->rid; - - if (rid->type == CMS_REK_ISSUER_SERIAL) - return ossl_cms_ias_cert_cmp(rid->d.issuerAndSerialNumber, cert); - else if (rid->type == CMS_REK_KEYIDENTIFIER) - return ossl_cms_keyid_cert_cmp(rid->d.rKeyId->subjectKeyIdentifier, - cert); - else - return -1; -} - -int CMS_RecipientInfo_kari_set0_pkey_and_peer(CMS_RecipientInfo *ri, - EVP_PKEY *pk, X509 *peer) -{ - EVP_PKEY_CTX *pctx; - CMS_KeyAgreeRecipientInfo *kari = ri->d.kari; - - EVP_PKEY_CTX_free(kari->pctx); - kari->pctx = NULL; - if (pk == NULL) - return 1; - - pctx = EVP_PKEY_CTX_new_from_pkey(ossl_cms_ctx_get0_libctx(kari->cms_ctx), - pk, - ossl_cms_ctx_get0_propq(kari->cms_ctx)); - if (pctx == NULL || EVP_PKEY_derive_init(pctx) <= 0) - goto err; - - if (peer != NULL) { - EVP_PKEY *pub_pkey = X509_get0_pubkey(peer); - - if (EVP_PKEY_derive_set_peer(pctx, pub_pkey) <= 0) - goto err; - } - - kari->pctx = pctx; - return 1; - err: - EVP_PKEY_CTX_free(pctx); - return 0; -} - -int CMS_RecipientInfo_kari_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pk) -{ - return CMS_RecipientInfo_kari_set0_pkey_and_peer(ri, pk, NULL); -} - -EVP_CIPHER_CTX *CMS_RecipientInfo_kari_get0_ctx(CMS_RecipientInfo *ri) -{ - if (ri->type == CMS_RECIPINFO_AGREE) - return ri->d.kari->ctx; - return NULL; -} - -/* - * Derive KEK and decrypt/encrypt with it to produce either the original CEK - * or the encrypted CEK. - */ - -static int cms_kek_cipher(unsigned char **pout, size_t *poutlen, - const unsigned char *in, size_t inlen, - CMS_KeyAgreeRecipientInfo *kari, int enc) -{ - /* Key encryption key */ - unsigned char kek[EVP_MAX_KEY_LENGTH]; - size_t keklen; - int rv = 0; - unsigned char *out = NULL; - int outlen; - - keklen = EVP_CIPHER_CTX_get_key_length(kari->ctx); - if (keklen > EVP_MAX_KEY_LENGTH) - return 0; - /* Derive KEK */ - if (EVP_PKEY_derive(kari->pctx, kek, &keklen) <= 0) - goto err; - /* Set KEK in context */ - if (!EVP_CipherInit_ex(kari->ctx, NULL, NULL, kek, NULL, enc)) - goto err; - /* obtain output length of ciphered key */ - if (!EVP_CipherUpdate(kari->ctx, NULL, &outlen, in, inlen)) - goto err; - out = OPENSSL_malloc(outlen); - if (out == NULL) - goto err; - if (!EVP_CipherUpdate(kari->ctx, out, &outlen, in, inlen)) - goto err; - *pout = out; - *poutlen = (size_t)outlen; - rv = 1; - - err: - OPENSSL_cleanse(kek, keklen); - if (!rv) - OPENSSL_free(out); - EVP_CIPHER_CTX_reset(kari->ctx); - /* FIXME: WHY IS kari->pctx freed here? /RL */ - EVP_PKEY_CTX_free(kari->pctx); - kari->pctx = NULL; - return rv; -} - -int CMS_RecipientInfo_kari_decrypt(CMS_ContentInfo *cms, - CMS_RecipientInfo *ri, - CMS_RecipientEncryptedKey *rek) -{ - int rv = 0; - unsigned char *enckey = NULL, *cek = NULL; - size_t enckeylen; - size_t ceklen; - CMS_EncryptedContentInfo *ec; - - enckeylen = rek->encryptedKey->length; - enckey = rek->encryptedKey->data; - /* Setup all parameters to derive KEK */ - if (!ossl_cms_env_asn1_ctrl(ri, 1)) - goto err; - /* Attempt to decrypt CEK */ - if (!cms_kek_cipher(&cek, &ceklen, enckey, enckeylen, ri->d.kari, 0)) - goto err; - ec = ossl_cms_get0_env_enc_content(cms); - OPENSSL_clear_free(ec->key, ec->keylen); - ec->key = cek; - ec->keylen = ceklen; - cek = NULL; - rv = 1; - err: - OPENSSL_free(cek); - return rv; -} - -/* Create ephemeral key and initialise context based on it */ -static int cms_kari_create_ephemeral_key(CMS_KeyAgreeRecipientInfo *kari, - EVP_PKEY *pk) -{ - EVP_PKEY_CTX *pctx = NULL; - EVP_PKEY *ekey = NULL; - int rv = 0; - const CMS_CTX *ctx = kari->cms_ctx; - OSSL_LIB_CTX *libctx = ossl_cms_ctx_get0_libctx(ctx); - const char *propq = ossl_cms_ctx_get0_propq(ctx); - - pctx = EVP_PKEY_CTX_new_from_pkey(libctx, pk, propq); - if (pctx == NULL) - goto err; - if (EVP_PKEY_keygen_init(pctx) <= 0) - goto err; - if (EVP_PKEY_keygen(pctx, &ekey) <= 0) - goto err; - EVP_PKEY_CTX_free(pctx); - pctx = EVP_PKEY_CTX_new_from_pkey(libctx, ekey, propq); - if (pctx == NULL) - goto err; - if (EVP_PKEY_derive_init(pctx) <= 0) - goto err; - kari->pctx = pctx; - rv = 1; - err: - if (!rv) - EVP_PKEY_CTX_free(pctx); - EVP_PKEY_free(ekey); - return rv; -} - -/* Set originator private key and initialise context based on it */ -static int cms_kari_set_originator_private_key(CMS_KeyAgreeRecipientInfo *kari, - EVP_PKEY *originatorPrivKey ) -{ - EVP_PKEY_CTX *pctx = NULL; - int rv = 0; - const CMS_CTX *ctx = kari->cms_ctx; - - pctx = EVP_PKEY_CTX_new_from_pkey(ossl_cms_ctx_get0_libctx(ctx), - originatorPrivKey, - ossl_cms_ctx_get0_propq(ctx)); - if (pctx == NULL) - goto err; - if (EVP_PKEY_derive_init(pctx) <= 0) - goto err; - - kari->pctx = pctx; - rv = 1; - err: - if (rv == 0) - EVP_PKEY_CTX_free(pctx); - return rv; -} - -/* Initialise a kari based on passed certificate and key */ - -int ossl_cms_RecipientInfo_kari_init(CMS_RecipientInfo *ri, X509 *recip, - EVP_PKEY *recipPubKey, X509 *originator, - EVP_PKEY *originatorPrivKey, - unsigned int flags, const CMS_CTX *ctx) -{ - CMS_KeyAgreeRecipientInfo *kari; - CMS_RecipientEncryptedKey *rek = NULL; - - ri->d.kari = M_ASN1_new_of(CMS_KeyAgreeRecipientInfo); - if (ri->d.kari == NULL) - return 0; - ri->type = CMS_RECIPINFO_AGREE; - - kari = ri->d.kari; - kari->version = 3; - kari->cms_ctx = ctx; - - rek = M_ASN1_new_of(CMS_RecipientEncryptedKey); - if (rek == NULL) - return 0; - - if (!sk_CMS_RecipientEncryptedKey_push(kari->recipientEncryptedKeys, rek)) { - M_ASN1_free_of(rek, CMS_RecipientEncryptedKey); - return 0; - } - - if (flags & CMS_USE_KEYID) { - rek->rid->type = CMS_REK_KEYIDENTIFIER; - rek->rid->d.rKeyId = M_ASN1_new_of(CMS_RecipientKeyIdentifier); - if (rek->rid->d.rKeyId == NULL) - return 0; - if (!ossl_cms_set1_keyid(&rek->rid->d.rKeyId->subjectKeyIdentifier, recip)) - return 0; - } else { - rek->rid->type = CMS_REK_ISSUER_SERIAL; - if (!ossl_cms_set1_ias(&rek->rid->d.issuerAndSerialNumber, recip)) - return 0; - } - - if (originatorPrivKey == NULL && originator == NULL) { - /* Create ephemeral key */ - if (!cms_kari_create_ephemeral_key(kari, recipPubKey)) - return 0; - } else { - /* Use originator key */ - CMS_OriginatorIdentifierOrKey *oik = ri->d.kari->originator; - - if (originatorPrivKey == NULL || originator == NULL) - return 0; - - if (flags & CMS_USE_ORIGINATOR_KEYID) { - oik->type = CMS_OIK_KEYIDENTIFIER; - oik->d.subjectKeyIdentifier = ASN1_OCTET_STRING_new(); - if (oik->d.subjectKeyIdentifier == NULL) - return 0; - if (!ossl_cms_set1_keyid(&oik->d.subjectKeyIdentifier, originator)) - return 0; - } else { - oik->type = CMS_REK_ISSUER_SERIAL; - if (!ossl_cms_set1_ias(&oik->d.issuerAndSerialNumber, originator)) - return 0; - } - - if (!cms_kari_set_originator_private_key(kari, originatorPrivKey)) - return 0; - } - - EVP_PKEY_up_ref(recipPubKey); - rek->pkey = recipPubKey; - return 1; -} - -static int cms_wrap_init(CMS_KeyAgreeRecipientInfo *kari, - const EVP_CIPHER *cipher) -{ - const CMS_CTX *cms_ctx = kari->cms_ctx; - EVP_CIPHER_CTX *ctx = kari->ctx; - const EVP_CIPHER *kekcipher; - EVP_CIPHER *fetched_kekcipher; - const char *kekcipher_name; - int keylen; - int ret; - - /* If a suitable wrap algorithm is already set nothing to do */ - kekcipher = EVP_CIPHER_CTX_get0_cipher(ctx); - if (kekcipher != NULL) { - if (EVP_CIPHER_CTX_get_mode(ctx) != EVP_CIPH_WRAP_MODE) - return 0; - return 1; - } - if (cipher == NULL) - return 0; - keylen = EVP_CIPHER_get_key_length(cipher); - if ((EVP_CIPHER_get_flags(cipher) & EVP_CIPH_FLAG_GET_WRAP_CIPHER) != 0) { - ret = EVP_CIPHER_meth_get_ctrl(cipher)(NULL, EVP_CTRL_GET_WRAP_CIPHER, - 0, &kekcipher); - if (ret <= 0) - return 0; - - if (kekcipher != NULL) { - if (EVP_CIPHER_get_mode(kekcipher) != EVP_CIPH_WRAP_MODE) - return 0; - kekcipher_name = EVP_CIPHER_get0_name(kekcipher); - goto enc; - } - } - - /* - * Pick a cipher based on content encryption cipher. If it is DES3 use - * DES3 wrap otherwise use AES wrap similar to key size. - */ -#ifndef OPENSSL_NO_DES - if (EVP_CIPHER_get_type(cipher) == NID_des_ede3_cbc) - kekcipher_name = SN_id_smime_alg_CMS3DESwrap; - else -#endif - if (keylen <= 16) - kekcipher_name = SN_id_aes128_wrap; - else if (keylen <= 24) - kekcipher_name = SN_id_aes192_wrap; - else - kekcipher_name = SN_id_aes256_wrap; -enc: - fetched_kekcipher = EVP_CIPHER_fetch(ossl_cms_ctx_get0_libctx(cms_ctx), - kekcipher_name, - ossl_cms_ctx_get0_propq(cms_ctx)); - if (fetched_kekcipher == NULL) - return 0; - ret = EVP_EncryptInit_ex(ctx, fetched_kekcipher, NULL, NULL, NULL); - EVP_CIPHER_free(fetched_kekcipher); - return ret; -} - -/* Encrypt content key in key agreement recipient info */ - -int ossl_cms_RecipientInfo_kari_encrypt(const CMS_ContentInfo *cms, - CMS_RecipientInfo *ri) -{ - CMS_KeyAgreeRecipientInfo *kari; - CMS_EncryptedContentInfo *ec; - CMS_RecipientEncryptedKey *rek; - STACK_OF(CMS_RecipientEncryptedKey) *reks; - int i; - - if (ri->type != CMS_RECIPINFO_AGREE) { - ERR_raise(ERR_LIB_CMS, CMS_R_NOT_KEY_AGREEMENT); - return 0; - } - kari = ri->d.kari; - reks = kari->recipientEncryptedKeys; - ec = ossl_cms_get0_env_enc_content(cms); - /* Initialise wrap algorithm parameters */ - if (!cms_wrap_init(kari, ec->cipher)) - return 0; - /* - * If no originator key set up initialise for ephemeral key the public key - * ASN1 structure will set the actual public key value. - */ - if (kari->originator->type == -1) { - CMS_OriginatorIdentifierOrKey *oik = kari->originator; - oik->type = CMS_OIK_PUBKEY; - oik->d.originatorKey = M_ASN1_new_of(CMS_OriginatorPublicKey); - if (!oik->d.originatorKey) - return 0; - } - /* Initialise KDF algorithm */ - if (!ossl_cms_env_asn1_ctrl(ri, 0)) - return 0; - /* For each rek, derive KEK, encrypt CEK */ - for (i = 0; i < sk_CMS_RecipientEncryptedKey_num(reks); i++) { - unsigned char *enckey; - size_t enckeylen; - rek = sk_CMS_RecipientEncryptedKey_value(reks, i); - if (EVP_PKEY_derive_set_peer(kari->pctx, rek->pkey) <= 0) - return 0; - if (!cms_kek_cipher(&enckey, &enckeylen, ec->key, ec->keylen, - kari, 1)) - return 0; - ASN1_STRING_set0(rek->encryptedKey, enckey, enckeylen); - } - - return 1; -} diff --git a/crypto/cms/cms_lib.c b/crypto/cms/cms_lib.c deleted file mode 100644 index 1fd542d2375cfee14ef7d25c2b7a907ff774b4a8..0000000000000000000000000000000000000000 --- a/crypto/cms/cms_lib.c +++ /dev/null @@ -1,731 +0,0 @@ -/* - * Copyright 2008-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include "internal/sizes.h" -#include "crypto/x509.h" -#include "cms_local.h" - -static STACK_OF(CMS_CertificateChoices) -**cms_get0_certificate_choices(CMS_ContentInfo *cms); - -IMPLEMENT_ASN1_PRINT_FUNCTION(CMS_ContentInfo) - -CMS_ContentInfo *d2i_CMS_ContentInfo(CMS_ContentInfo **a, - const unsigned char **in, long len) -{ - CMS_ContentInfo *ci; - const CMS_CTX *ctx = ossl_cms_get0_cmsctx(a == NULL ? NULL : *a); - - ci = (CMS_ContentInfo *)ASN1_item_d2i_ex((ASN1_VALUE **)a, in, len, - (CMS_ContentInfo_it()), - ossl_cms_ctx_get0_libctx(ctx), - ossl_cms_ctx_get0_propq(ctx)); - if (ci != NULL) { - ERR_set_mark(); - ossl_cms_resolve_libctx(ci); - ERR_pop_to_mark(); - } - return ci; -} - -int i2d_CMS_ContentInfo(const CMS_ContentInfo *a, unsigned char **out) -{ - return ASN1_item_i2d((const ASN1_VALUE *)a, out, (CMS_ContentInfo_it())); -} - -CMS_ContentInfo *CMS_ContentInfo_new_ex(OSSL_LIB_CTX *libctx, const char *propq) -{ - CMS_ContentInfo *ci; - - ci = (CMS_ContentInfo *)ASN1_item_new_ex(ASN1_ITEM_rptr(CMS_ContentInfo), - libctx, propq); - if (ci != NULL) { - ci->ctx.libctx = libctx; - ci->ctx.propq = NULL; - if (propq != NULL) { - ci->ctx.propq = OPENSSL_strdup(propq); - if (ci->ctx.propq == NULL) { - CMS_ContentInfo_free(ci); - ci = NULL; - ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); - } - } - } - return ci; -} - -CMS_ContentInfo *CMS_ContentInfo_new(void) -{ - return CMS_ContentInfo_new_ex(NULL, NULL); -} - -void CMS_ContentInfo_free(CMS_ContentInfo *cms) -{ - if (cms != NULL) { - OPENSSL_free(cms->ctx.propq); - ASN1_item_free((ASN1_VALUE *)cms, ASN1_ITEM_rptr(CMS_ContentInfo)); - } -} - -const CMS_CTX *ossl_cms_get0_cmsctx(const CMS_ContentInfo *cms) -{ - return cms != NULL ? &cms->ctx : NULL; -} - -OSSL_LIB_CTX *ossl_cms_ctx_get0_libctx(const CMS_CTX *ctx) -{ - return ctx != NULL ? ctx->libctx : NULL; -} - -const char *ossl_cms_ctx_get0_propq(const CMS_CTX *ctx) -{ - return ctx != NULL ? ctx->propq : NULL; -} - -void ossl_cms_resolve_libctx(CMS_ContentInfo *ci) -{ - int i; - CMS_CertificateChoices *cch; - STACK_OF(CMS_CertificateChoices) **pcerts; - const CMS_CTX *ctx = ossl_cms_get0_cmsctx(ci); - OSSL_LIB_CTX *libctx = ossl_cms_ctx_get0_libctx(ctx); - const char *propq = ossl_cms_ctx_get0_propq(ctx); - - ossl_cms_SignerInfos_set_cmsctx(ci); - ossl_cms_RecipientInfos_set_cmsctx(ci); - - pcerts = cms_get0_certificate_choices(ci); - if (pcerts != NULL) { - for (i = 0; i < sk_CMS_CertificateChoices_num(*pcerts); i++) { - cch = sk_CMS_CertificateChoices_value(*pcerts, i); - if (cch->type == CMS_CERTCHOICE_CERT) - ossl_x509_set0_libctx(cch->d.certificate, libctx, propq); - } - } -} - -const ASN1_OBJECT *CMS_get0_type(const CMS_ContentInfo *cms) -{ - return cms->contentType; -} - -CMS_ContentInfo *ossl_cms_Data_create(OSSL_LIB_CTX *libctx, const char *propq) -{ - CMS_ContentInfo *cms = CMS_ContentInfo_new_ex(libctx, propq); - - if (cms != NULL) { - cms->contentType = OBJ_nid2obj(NID_pkcs7_data); - /* Never detached */ - CMS_set_detached(cms, 0); - } - return cms; -} - -BIO *ossl_cms_content_bio(CMS_ContentInfo *cms) -{ - ASN1_OCTET_STRING **pos = CMS_get0_content(cms); - - if (pos == NULL) - return NULL; - /* If content detached data goes nowhere: create NULL BIO */ - if (*pos == NULL) - return BIO_new(BIO_s_null()); - /* - * If content not detached and created return memory BIO - */ - if (*pos == NULL || ((*pos)->flags == ASN1_STRING_FLAG_CONT)) - return BIO_new(BIO_s_mem()); - /* Else content was read in: return read only BIO for it */ - return BIO_new_mem_buf((*pos)->data, (*pos)->length); -} - -BIO *CMS_dataInit(CMS_ContentInfo *cms, BIO *icont) -{ - BIO *cmsbio, *cont; - if (icont) - cont = icont; - else - cont = ossl_cms_content_bio(cms); - if (!cont) { - ERR_raise(ERR_LIB_CMS, CMS_R_NO_CONTENT); - return NULL; - } - switch (OBJ_obj2nid(cms->contentType)) { - - case NID_pkcs7_data: - return cont; - - case NID_pkcs7_signed: - cmsbio = ossl_cms_SignedData_init_bio(cms); - break; - - case NID_pkcs7_digest: - cmsbio = ossl_cms_DigestedData_init_bio(cms); - break; -#ifdef ZLIB - case NID_id_smime_ct_compressedData: - cmsbio = ossl_cms_CompressedData_init_bio(cms); - break; -#endif - - case NID_pkcs7_encrypted: - cmsbio = ossl_cms_EncryptedData_init_bio(cms); - break; - - case NID_pkcs7_enveloped: - cmsbio = ossl_cms_EnvelopedData_init_bio(cms); - break; - - case NID_id_smime_ct_authEnvelopedData: - cmsbio = ossl_cms_AuthEnvelopedData_init_bio(cms); - break; - - default: - ERR_raise(ERR_LIB_CMS, CMS_R_UNSUPPORTED_TYPE); - goto err; - } - - if (cmsbio) - return BIO_push(cmsbio, cont); -err: - if (!icont) - BIO_free(cont); - return NULL; - -} - -/* unfortunately cannot constify SMIME_write_ASN1() due to this function */ -int CMS_dataFinal(CMS_ContentInfo *cms, BIO *cmsbio) -{ - ASN1_OCTET_STRING **pos = CMS_get0_content(cms); - - if (pos == NULL) - return 0; - /* If embedded content find memory BIO and set content */ - if (*pos && ((*pos)->flags & ASN1_STRING_FLAG_CONT)) { - BIO *mbio; - unsigned char *cont; - long contlen; - mbio = BIO_find_type(cmsbio, BIO_TYPE_MEM); - if (!mbio) { - ERR_raise(ERR_LIB_CMS, CMS_R_CONTENT_NOT_FOUND); - return 0; - } - contlen = BIO_get_mem_data(mbio, &cont); - /* Set bio as read only so its content can't be clobbered */ - BIO_set_flags(mbio, BIO_FLAGS_MEM_RDONLY); - BIO_set_mem_eof_return(mbio, 0); - ASN1_STRING_set0(*pos, cont, contlen); - (*pos)->flags &= ~ASN1_STRING_FLAG_CONT; - } - - switch (OBJ_obj2nid(cms->contentType)) { - - case NID_pkcs7_data: - case NID_pkcs7_encrypted: - case NID_id_smime_ct_compressedData: - /* Nothing to do */ - return 1; - - case NID_pkcs7_enveloped: - return ossl_cms_EnvelopedData_final(cms, cmsbio); - - case NID_id_smime_ct_authEnvelopedData: - return ossl_cms_AuthEnvelopedData_final(cms, cmsbio); - - case NID_pkcs7_signed: - return ossl_cms_SignedData_final(cms, cmsbio); - - case NID_pkcs7_digest: - return ossl_cms_DigestedData_do_final(cms, cmsbio, 0); - - default: - ERR_raise(ERR_LIB_CMS, CMS_R_UNSUPPORTED_TYPE); - return 0; - } -} - -/* - * Return an OCTET STRING pointer to content. This allows it to be accessed - * or set later. - */ - -ASN1_OCTET_STRING **CMS_get0_content(CMS_ContentInfo *cms) -{ - switch (OBJ_obj2nid(cms->contentType)) { - - case NID_pkcs7_data: - return &cms->d.data; - - case NID_pkcs7_signed: - return &cms->d.signedData->encapContentInfo->eContent; - - case NID_pkcs7_enveloped: - return &cms->d.envelopedData->encryptedContentInfo->encryptedContent; - - case NID_pkcs7_digest: - return &cms->d.digestedData->encapContentInfo->eContent; - - case NID_pkcs7_encrypted: - return &cms->d.encryptedData->encryptedContentInfo->encryptedContent; - - case NID_id_smime_ct_authEnvelopedData: - return &cms->d.authEnvelopedData->authEncryptedContentInfo - ->encryptedContent; - - case NID_id_smime_ct_authData: - return &cms->d.authenticatedData->encapContentInfo->eContent; - - case NID_id_smime_ct_compressedData: - return &cms->d.compressedData->encapContentInfo->eContent; - - default: - if (cms->d.other->type == V_ASN1_OCTET_STRING) - return &cms->d.other->value.octet_string; - ERR_raise(ERR_LIB_CMS, CMS_R_UNSUPPORTED_CONTENT_TYPE); - return NULL; - - } -} - -/* - * Return an ASN1_OBJECT pointer to content type. This allows it to be - * accessed or set later. - */ - -static ASN1_OBJECT **cms_get0_econtent_type(CMS_ContentInfo *cms) -{ - switch (OBJ_obj2nid(cms->contentType)) { - - case NID_pkcs7_signed: - return &cms->d.signedData->encapContentInfo->eContentType; - - case NID_pkcs7_enveloped: - return &cms->d.envelopedData->encryptedContentInfo->contentType; - - case NID_pkcs7_digest: - return &cms->d.digestedData->encapContentInfo->eContentType; - - case NID_pkcs7_encrypted: - return &cms->d.encryptedData->encryptedContentInfo->contentType; - - case NID_id_smime_ct_authEnvelopedData: - return &cms->d.authEnvelopedData->authEncryptedContentInfo - ->contentType; - case NID_id_smime_ct_authData: - return &cms->d.authenticatedData->encapContentInfo->eContentType; - - case NID_id_smime_ct_compressedData: - return &cms->d.compressedData->encapContentInfo->eContentType; - - default: - ERR_raise(ERR_LIB_CMS, CMS_R_UNSUPPORTED_CONTENT_TYPE); - return NULL; - - } -} - -const ASN1_OBJECT *CMS_get0_eContentType(CMS_ContentInfo *cms) -{ - ASN1_OBJECT **petype; - petype = cms_get0_econtent_type(cms); - if (petype) - return *petype; - return NULL; -} - -int CMS_set1_eContentType(CMS_ContentInfo *cms, const ASN1_OBJECT *oid) -{ - ASN1_OBJECT **petype, *etype; - - petype = cms_get0_econtent_type(cms); - if (petype == NULL) - return 0; - if (oid == NULL) - return 1; - etype = OBJ_dup(oid); - if (etype == NULL) - return 0; - ASN1_OBJECT_free(*petype); - *petype = etype; - return 1; -} - -int CMS_is_detached(CMS_ContentInfo *cms) -{ - ASN1_OCTET_STRING **pos; - - pos = CMS_get0_content(cms); - if (pos == NULL) - return -1; - if (*pos != NULL) - return 0; - return 1; -} - -int CMS_set_detached(CMS_ContentInfo *cms, int detached) -{ - ASN1_OCTET_STRING **pos; - - pos = CMS_get0_content(cms); - if (pos == NULL) - return 0; - if (detached) { - ASN1_OCTET_STRING_free(*pos); - *pos = NULL; - return 1; - } - if (*pos == NULL) - *pos = ASN1_OCTET_STRING_new(); - if (*pos != NULL) { - /* - * NB: special flag to show content is created and not read in. - */ - (*pos)->flags |= ASN1_STRING_FLAG_CONT; - return 1; - } - ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE); - return 0; -} - -/* Create a digest BIO from an X509_ALGOR structure */ - -BIO *ossl_cms_DigestAlgorithm_init_bio(X509_ALGOR *digestAlgorithm, - const CMS_CTX *ctx) -{ - BIO *mdbio = NULL; - const ASN1_OBJECT *digestoid; - const EVP_MD *digest = NULL; - EVP_MD *fetched_digest = NULL; - char alg[OSSL_MAX_NAME_SIZE]; - - X509_ALGOR_get0(&digestoid, NULL, NULL, digestAlgorithm); - OBJ_obj2txt(alg, sizeof(alg), digestoid, 0); - - (void)ERR_set_mark(); - fetched_digest = EVP_MD_fetch(ossl_cms_ctx_get0_libctx(ctx), alg, - ossl_cms_ctx_get0_propq(ctx)); - - if (fetched_digest != NULL) - digest = fetched_digest; - else - digest = EVP_get_digestbyobj(digestoid); - if (digest == NULL) { - (void)ERR_clear_last_mark(); - ERR_raise(ERR_LIB_CMS, CMS_R_UNKNOWN_DIGEST_ALGORITHM); - goto err; - } - (void)ERR_pop_to_mark(); - - mdbio = BIO_new(BIO_f_md()); - if (mdbio == NULL || !BIO_set_md(mdbio, digest)) { - ERR_raise(ERR_LIB_CMS, CMS_R_MD_BIO_INIT_ERROR); - goto err; - } - EVP_MD_free(fetched_digest); - return mdbio; - err: - EVP_MD_free(fetched_digest); - BIO_free(mdbio); - return NULL; -} - -/* Locate a message digest content from a BIO chain based on SignerInfo */ - -int ossl_cms_DigestAlgorithm_find_ctx(EVP_MD_CTX *mctx, BIO *chain, - X509_ALGOR *mdalg) -{ - int nid; - const ASN1_OBJECT *mdoid; - X509_ALGOR_get0(&mdoid, NULL, NULL, mdalg); - nid = OBJ_obj2nid(mdoid); - /* Look for digest type to match signature */ - for (;;) { - EVP_MD_CTX *mtmp; - chain = BIO_find_type(chain, BIO_TYPE_MD); - if (chain == NULL) { - ERR_raise(ERR_LIB_CMS, CMS_R_NO_MATCHING_DIGEST); - return 0; - } - BIO_get_md_ctx(chain, &mtmp); - if (EVP_MD_CTX_get_type(mtmp) == nid - /* - * Workaround for broken implementations that use signature - * algorithm OID instead of digest. - */ - || EVP_MD_get_pkey_type(EVP_MD_CTX_get0_md(mtmp)) == nid) - return EVP_MD_CTX_copy_ex(mctx, mtmp); - chain = BIO_next(chain); - } -} - -static STACK_OF(CMS_CertificateChoices) -**cms_get0_certificate_choices(CMS_ContentInfo *cms) -{ - switch (OBJ_obj2nid(cms->contentType)) { - - case NID_pkcs7_signed: - return &cms->d.signedData->certificates; - - case NID_pkcs7_enveloped: - if (cms->d.envelopedData->originatorInfo == NULL) - return NULL; - return &cms->d.envelopedData->originatorInfo->certificates; - - case NID_id_smime_ct_authEnvelopedData: - if (cms->d.authEnvelopedData->originatorInfo == NULL) - return NULL; - return &cms->d.authEnvelopedData->originatorInfo->certificates; - - default: - ERR_raise(ERR_LIB_CMS, CMS_R_UNSUPPORTED_CONTENT_TYPE); - return NULL; - - } -} - -CMS_CertificateChoices *CMS_add0_CertificateChoices(CMS_ContentInfo *cms) -{ - STACK_OF(CMS_CertificateChoices) **pcerts; - CMS_CertificateChoices *cch; - - pcerts = cms_get0_certificate_choices(cms); - if (pcerts == NULL) - return NULL; - if (*pcerts == NULL) - *pcerts = sk_CMS_CertificateChoices_new_null(); - if (*pcerts == NULL) - return NULL; - cch = M_ASN1_new_of(CMS_CertificateChoices); - if (!cch) - return NULL; - if (!sk_CMS_CertificateChoices_push(*pcerts, cch)) { - M_ASN1_free_of(cch, CMS_CertificateChoices); - return NULL; - } - return cch; -} - -int CMS_add0_cert(CMS_ContentInfo *cms, X509 *cert) -{ - CMS_CertificateChoices *cch; - STACK_OF(CMS_CertificateChoices) **pcerts; - int i; - - pcerts = cms_get0_certificate_choices(cms); - if (pcerts == NULL) - return 0; - for (i = 0; i < sk_CMS_CertificateChoices_num(*pcerts); i++) { - cch = sk_CMS_CertificateChoices_value(*pcerts, i); - if (cch->type == CMS_CERTCHOICE_CERT) { - if (!X509_cmp(cch->d.certificate, cert)) { - ERR_raise(ERR_LIB_CMS, CMS_R_CERTIFICATE_ALREADY_PRESENT); - return 0; - } - } - } - cch = CMS_add0_CertificateChoices(cms); - if (!cch) - return 0; - cch->type = CMS_CERTCHOICE_CERT; - cch->d.certificate = cert; - return 1; -} - -int CMS_add1_cert(CMS_ContentInfo *cms, X509 *cert) -{ - int r; - r = CMS_add0_cert(cms, cert); - if (r > 0) - X509_up_ref(cert); - return r; -} - -static STACK_OF(CMS_RevocationInfoChoice) -**cms_get0_revocation_choices(CMS_ContentInfo *cms) -{ - switch (OBJ_obj2nid(cms->contentType)) { - - case NID_pkcs7_signed: - return &cms->d.signedData->crls; - - case NID_pkcs7_enveloped: - if (cms->d.envelopedData->originatorInfo == NULL) - return NULL; - return &cms->d.envelopedData->originatorInfo->crls; - - case NID_id_smime_ct_authEnvelopedData: - if (cms->d.authEnvelopedData->originatorInfo == NULL) - return NULL; - return &cms->d.authEnvelopedData->originatorInfo->crls; - - default: - ERR_raise(ERR_LIB_CMS, CMS_R_UNSUPPORTED_CONTENT_TYPE); - return NULL; - - } -} - -CMS_RevocationInfoChoice *CMS_add0_RevocationInfoChoice(CMS_ContentInfo *cms) -{ - STACK_OF(CMS_RevocationInfoChoice) **pcrls; - CMS_RevocationInfoChoice *rch; - - pcrls = cms_get0_revocation_choices(cms); - if (pcrls == NULL) - return NULL; - if (*pcrls == NULL) - *pcrls = sk_CMS_RevocationInfoChoice_new_null(); - if (*pcrls == NULL) - return NULL; - rch = M_ASN1_new_of(CMS_RevocationInfoChoice); - if (rch == NULL) - return NULL; - if (!sk_CMS_RevocationInfoChoice_push(*pcrls, rch)) { - M_ASN1_free_of(rch, CMS_RevocationInfoChoice); - return NULL; - } - return rch; -} - -int CMS_add0_crl(CMS_ContentInfo *cms, X509_CRL *crl) -{ - CMS_RevocationInfoChoice *rch; - rch = CMS_add0_RevocationInfoChoice(cms); - if (!rch) - return 0; - rch->type = CMS_REVCHOICE_CRL; - rch->d.crl = crl; - return 1; -} - -int CMS_add1_crl(CMS_ContentInfo *cms, X509_CRL *crl) -{ - int r; - r = CMS_add0_crl(cms, crl); - if (r > 0) - X509_CRL_up_ref(crl); - return r; -} - -STACK_OF(X509) *CMS_get1_certs(CMS_ContentInfo *cms) -{ - STACK_OF(X509) *certs = NULL; - CMS_CertificateChoices *cch; - STACK_OF(CMS_CertificateChoices) **pcerts; - int i; - - pcerts = cms_get0_certificate_choices(cms); - if (pcerts == NULL) - return NULL; - for (i = 0; i < sk_CMS_CertificateChoices_num(*pcerts); i++) { - cch = sk_CMS_CertificateChoices_value(*pcerts, i); - if (cch->type == 0) { - if (!ossl_x509_add_cert_new(&certs, cch->d.certificate, - X509_ADD_FLAG_UP_REF)) { - sk_X509_pop_free(certs, X509_free); - return NULL; - } - } - } - return certs; - -} - -STACK_OF(X509_CRL) *CMS_get1_crls(CMS_ContentInfo *cms) -{ - STACK_OF(X509_CRL) *crls = NULL; - STACK_OF(CMS_RevocationInfoChoice) **pcrls; - CMS_RevocationInfoChoice *rch; - int i; - - pcrls = cms_get0_revocation_choices(cms); - if (pcrls == NULL) - return NULL; - for (i = 0; i < sk_CMS_RevocationInfoChoice_num(*pcrls); i++) { - rch = sk_CMS_RevocationInfoChoice_value(*pcrls, i); - if (rch->type == 0) { - if (!crls) { - crls = sk_X509_CRL_new_null(); - if (!crls) - return NULL; - } - if (!sk_X509_CRL_push(crls, rch->d.crl)) { - sk_X509_CRL_pop_free(crls, X509_CRL_free); - return NULL; - } - X509_CRL_up_ref(rch->d.crl); - } - } - return crls; -} - -int ossl_cms_ias_cert_cmp(CMS_IssuerAndSerialNumber *ias, X509 *cert) -{ - int ret; - ret = X509_NAME_cmp(ias->issuer, X509_get_issuer_name(cert)); - if (ret) - return ret; - return ASN1_INTEGER_cmp(ias->serialNumber, X509_get0_serialNumber(cert)); -} - -int ossl_cms_keyid_cert_cmp(ASN1_OCTET_STRING *keyid, X509 *cert) -{ - const ASN1_OCTET_STRING *cert_keyid = X509_get0_subject_key_id(cert); - - if (cert_keyid == NULL) - return -1; - return ASN1_OCTET_STRING_cmp(keyid, cert_keyid); -} - -int ossl_cms_set1_ias(CMS_IssuerAndSerialNumber **pias, X509 *cert) -{ - CMS_IssuerAndSerialNumber *ias; - ias = M_ASN1_new_of(CMS_IssuerAndSerialNumber); - if (!ias) - goto err; - if (!X509_NAME_set(&ias->issuer, X509_get_issuer_name(cert))) - goto err; - if (!ASN1_STRING_copy(ias->serialNumber, X509_get0_serialNumber(cert))) - goto err; - M_ASN1_free_of(*pias, CMS_IssuerAndSerialNumber); - *pias = ias; - return 1; - err: - M_ASN1_free_of(ias, CMS_IssuerAndSerialNumber); - ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE); - return 0; -} - -int ossl_cms_set1_keyid(ASN1_OCTET_STRING **pkeyid, X509 *cert) -{ - ASN1_OCTET_STRING *keyid = NULL; - const ASN1_OCTET_STRING *cert_keyid; - cert_keyid = X509_get0_subject_key_id(cert); - if (cert_keyid == NULL) { - ERR_raise(ERR_LIB_CMS, CMS_R_CERTIFICATE_HAS_NO_KEYID); - return 0; - } - keyid = ASN1_STRING_dup(cert_keyid); - if (!keyid) { - ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE); - return 0; - } - ASN1_OCTET_STRING_free(*pkeyid); - *pkeyid = keyid; - return 1; -} diff --git a/crypto/cms/cms_local.h b/crypto/cms/cms_local.h deleted file mode 100644 index 15b4a29ce03dce4535338513f26803d677fa6ffa..0000000000000000000000000000000000000000 --- a/crypto/cms/cms_local.h +++ /dev/null @@ -1,503 +0,0 @@ -/* - * Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#ifndef OSSL_CRYPTO_CMS_LOCAL_H -# define OSSL_CRYPTO_CMS_LOCAL_H - -# include - -/* - * Cryptographic message syntax (CMS) structures: taken from RFC3852 - */ - -/* Forward references */ - -typedef struct CMS_IssuerAndSerialNumber_st CMS_IssuerAndSerialNumber; -typedef struct CMS_EncapsulatedContentInfo_st CMS_EncapsulatedContentInfo; -typedef struct CMS_SignerIdentifier_st CMS_SignerIdentifier; -typedef struct CMS_SignedData_st CMS_SignedData; -typedef struct CMS_OtherRevocationInfoFormat_st CMS_OtherRevocationInfoFormat; -typedef struct CMS_OriginatorInfo_st CMS_OriginatorInfo; -typedef struct CMS_EncryptedContentInfo_st CMS_EncryptedContentInfo; -typedef struct CMS_EnvelopedData_st CMS_EnvelopedData; -typedef struct CMS_DigestedData_st CMS_DigestedData; -typedef struct CMS_EncryptedData_st CMS_EncryptedData; -typedef struct CMS_AuthenticatedData_st CMS_AuthenticatedData; -typedef struct CMS_AuthEnvelopedData_st CMS_AuthEnvelopedData; -typedef struct CMS_CompressedData_st CMS_CompressedData; -typedef struct CMS_OtherCertificateFormat_st CMS_OtherCertificateFormat; -typedef struct CMS_KeyTransRecipientInfo_st CMS_KeyTransRecipientInfo; -typedef struct CMS_OriginatorPublicKey_st CMS_OriginatorPublicKey; -typedef struct CMS_OriginatorIdentifierOrKey_st CMS_OriginatorIdentifierOrKey; -typedef struct CMS_KeyAgreeRecipientInfo_st CMS_KeyAgreeRecipientInfo; -typedef struct CMS_RecipientKeyIdentifier_st CMS_RecipientKeyIdentifier; -typedef struct CMS_KeyAgreeRecipientIdentifier_st - CMS_KeyAgreeRecipientIdentifier; -typedef struct CMS_KEKIdentifier_st CMS_KEKIdentifier; -typedef struct CMS_KEKRecipientInfo_st CMS_KEKRecipientInfo; -typedef struct CMS_PasswordRecipientInfo_st CMS_PasswordRecipientInfo; -typedef struct CMS_OtherRecipientInfo_st CMS_OtherRecipientInfo; -typedef struct CMS_ReceiptsFrom_st CMS_ReceiptsFrom; -typedef struct CMS_CTX_st CMS_CTX; - -struct CMS_CTX_st { - OSSL_LIB_CTX *libctx; - char *propq; -}; - -struct CMS_ContentInfo_st { - ASN1_OBJECT *contentType; - union { - ASN1_OCTET_STRING *data; - CMS_SignedData *signedData; - CMS_EnvelopedData *envelopedData; - CMS_DigestedData *digestedData; - CMS_EncryptedData *encryptedData; - CMS_AuthEnvelopedData *authEnvelopedData; - CMS_AuthenticatedData *authenticatedData; - CMS_CompressedData *compressedData; - ASN1_TYPE *other; - /* Other types ... */ - void *otherData; - } d; - CMS_CTX ctx; -}; - -DEFINE_STACK_OF(CMS_CertificateChoices) - -struct CMS_SignedData_st { - int32_t version; - STACK_OF(X509_ALGOR) *digestAlgorithms; - CMS_EncapsulatedContentInfo *encapContentInfo; - STACK_OF(CMS_CertificateChoices) *certificates; - STACK_OF(CMS_RevocationInfoChoice) *crls; - STACK_OF(CMS_SignerInfo) *signerInfos; -}; - -struct CMS_EncapsulatedContentInfo_st { - ASN1_OBJECT *eContentType; - ASN1_OCTET_STRING *eContent; - /* Set to 1 if incomplete structure only part set up */ - int partial; -}; - -struct CMS_SignerInfo_st { - int32_t version; - CMS_SignerIdentifier *sid; - X509_ALGOR *digestAlgorithm; - STACK_OF(X509_ATTRIBUTE) *signedAttrs; - X509_ALGOR *signatureAlgorithm; - ASN1_OCTET_STRING *signature; - STACK_OF(X509_ATTRIBUTE) *unsignedAttrs; - /* Signing certificate and key */ - X509 *signer; - EVP_PKEY *pkey; - /* Digest and public key context for alternative parameters */ - EVP_MD_CTX *mctx; - EVP_PKEY_CTX *pctx; - const CMS_CTX *cms_ctx; -}; - -struct CMS_SignerIdentifier_st { - int type; - union { - CMS_IssuerAndSerialNumber *issuerAndSerialNumber; - ASN1_OCTET_STRING *subjectKeyIdentifier; - } d; -}; - -struct CMS_EnvelopedData_st { - int32_t version; - CMS_OriginatorInfo *originatorInfo; - STACK_OF(CMS_RecipientInfo) *recipientInfos; - CMS_EncryptedContentInfo *encryptedContentInfo; - STACK_OF(X509_ATTRIBUTE) *unprotectedAttrs; -}; - -struct CMS_OriginatorInfo_st { - STACK_OF(CMS_CertificateChoices) *certificates; - STACK_OF(CMS_RevocationInfoChoice) *crls; -}; - -struct CMS_EncryptedContentInfo_st { - ASN1_OBJECT *contentType; - X509_ALGOR *contentEncryptionAlgorithm; - ASN1_OCTET_STRING *encryptedContent; - /* Content encryption algorithm, key and tag */ - const EVP_CIPHER *cipher; - unsigned char *key; - size_t keylen; - unsigned char *tag; - size_t taglen; - /* Set to 1 if we are debugging decrypt and don't fake keys for MMA */ - int debug; - /* Set to 1 if we have no cert and need extra safety measures for MMA */ - int havenocert; -}; - -struct CMS_RecipientInfo_st { - int type; - union { - CMS_KeyTransRecipientInfo *ktri; - CMS_KeyAgreeRecipientInfo *kari; - CMS_KEKRecipientInfo *kekri; - CMS_PasswordRecipientInfo *pwri; - CMS_OtherRecipientInfo *ori; - } d; -}; - -typedef CMS_SignerIdentifier CMS_RecipientIdentifier; - -struct CMS_KeyTransRecipientInfo_st { - int32_t version; - CMS_RecipientIdentifier *rid; - X509_ALGOR *keyEncryptionAlgorithm; - ASN1_OCTET_STRING *encryptedKey; - /* Recipient Key and cert */ - X509 *recip; - EVP_PKEY *pkey; - /* Public key context for this operation */ - EVP_PKEY_CTX *pctx; - const CMS_CTX *cms_ctx; -}; - -struct CMS_KeyAgreeRecipientInfo_st { - int32_t version; - CMS_OriginatorIdentifierOrKey *originator; - ASN1_OCTET_STRING *ukm; - X509_ALGOR *keyEncryptionAlgorithm; - STACK_OF(CMS_RecipientEncryptedKey) *recipientEncryptedKeys; - /* Public key context associated with current operation */ - EVP_PKEY_CTX *pctx; - /* Cipher context for CEK wrapping */ - EVP_CIPHER_CTX *ctx; - const CMS_CTX *cms_ctx; -}; - -struct CMS_OriginatorIdentifierOrKey_st { - int type; - union { - CMS_IssuerAndSerialNumber *issuerAndSerialNumber; - ASN1_OCTET_STRING *subjectKeyIdentifier; - CMS_OriginatorPublicKey *originatorKey; - } d; -}; - -struct CMS_OriginatorPublicKey_st { - X509_ALGOR *algorithm; - ASN1_BIT_STRING *publicKey; -}; - -struct CMS_RecipientEncryptedKey_st { - CMS_KeyAgreeRecipientIdentifier *rid; - ASN1_OCTET_STRING *encryptedKey; - /* Public key associated with this recipient */ - EVP_PKEY *pkey; -}; - -struct CMS_KeyAgreeRecipientIdentifier_st { - int type; - union { - CMS_IssuerAndSerialNumber *issuerAndSerialNumber; - CMS_RecipientKeyIdentifier *rKeyId; - } d; -}; - -struct CMS_RecipientKeyIdentifier_st { - ASN1_OCTET_STRING *subjectKeyIdentifier; - ASN1_GENERALIZEDTIME *date; - CMS_OtherKeyAttribute *other; -}; - -struct CMS_KEKRecipientInfo_st { - int32_t version; - CMS_KEKIdentifier *kekid; - X509_ALGOR *keyEncryptionAlgorithm; - ASN1_OCTET_STRING *encryptedKey; - /* Extra info: symmetric key to use */ - unsigned char *key; - size_t keylen; - const CMS_CTX *cms_ctx; -}; - -struct CMS_KEKIdentifier_st { - ASN1_OCTET_STRING *keyIdentifier; - ASN1_GENERALIZEDTIME *date; - CMS_OtherKeyAttribute *other; -}; - -struct CMS_PasswordRecipientInfo_st { - int32_t version; - X509_ALGOR *keyDerivationAlgorithm; - X509_ALGOR *keyEncryptionAlgorithm; - ASN1_OCTET_STRING *encryptedKey; - /* Extra info: password to use */ - unsigned char *pass; - size_t passlen; - const CMS_CTX *cms_ctx; -}; - -struct CMS_OtherRecipientInfo_st { - ASN1_OBJECT *oriType; - ASN1_TYPE *oriValue; -}; - -struct CMS_DigestedData_st { - int32_t version; - X509_ALGOR *digestAlgorithm; - CMS_EncapsulatedContentInfo *encapContentInfo; - ASN1_OCTET_STRING *digest; -}; - -struct CMS_EncryptedData_st { - int32_t version; - CMS_EncryptedContentInfo *encryptedContentInfo; - STACK_OF(X509_ATTRIBUTE) *unprotectedAttrs; -}; - -struct CMS_AuthenticatedData_st { - int32_t version; - CMS_OriginatorInfo *originatorInfo; - STACK_OF(CMS_RecipientInfo) *recipientInfos; - X509_ALGOR *macAlgorithm; - X509_ALGOR *digestAlgorithm; - CMS_EncapsulatedContentInfo *encapContentInfo; - STACK_OF(X509_ATTRIBUTE) *authAttrs; - ASN1_OCTET_STRING *mac; - STACK_OF(X509_ATTRIBUTE) *unauthAttrs; -}; - -struct CMS_AuthEnvelopedData_st { - int32_t version; - CMS_OriginatorInfo *originatorInfo; - STACK_OF(CMS_RecipientInfo) *recipientInfos; - CMS_EncryptedContentInfo *authEncryptedContentInfo; - STACK_OF(X509_ATTRIBUTE) *authAttrs; - ASN1_OCTET_STRING *mac; - STACK_OF(X509_ATTRIBUTE) *unauthAttrs; -}; - -struct CMS_CompressedData_st { - int32_t version; - X509_ALGOR *compressionAlgorithm; - STACK_OF(CMS_RecipientInfo) *recipientInfos; - CMS_EncapsulatedContentInfo *encapContentInfo; -}; - -struct CMS_RevocationInfoChoice_st { - int type; - union { - X509_CRL *crl; - CMS_OtherRevocationInfoFormat *other; - } d; -}; - -# define CMS_REVCHOICE_CRL 0 -# define CMS_REVCHOICE_OTHER 1 - -struct CMS_OtherRevocationInfoFormat_st { - ASN1_OBJECT *otherRevInfoFormat; - ASN1_TYPE *otherRevInfo; -}; - -struct CMS_CertificateChoices { - int type; - union { - X509 *certificate; - ASN1_STRING *extendedCertificate; /* Obsolete */ - ASN1_STRING *v1AttrCert; /* Left encoded for now */ - ASN1_STRING *v2AttrCert; /* Left encoded for now */ - CMS_OtherCertificateFormat *other; - } d; -}; - -# define CMS_CERTCHOICE_CERT 0 -# define CMS_CERTCHOICE_EXCERT 1 -# define CMS_CERTCHOICE_V1ACERT 2 -# define CMS_CERTCHOICE_V2ACERT 3 -# define CMS_CERTCHOICE_OTHER 4 - -struct CMS_OtherCertificateFormat_st { - ASN1_OBJECT *otherCertFormat; - ASN1_TYPE *otherCert; -}; - -/* - * This is also defined in pkcs7.h but we duplicate it to allow the CMS code - * to be independent of PKCS#7 - */ - -struct CMS_IssuerAndSerialNumber_st { - X509_NAME *issuer; - ASN1_INTEGER *serialNumber; -}; - -struct CMS_OtherKeyAttribute_st { - ASN1_OBJECT *keyAttrId; - ASN1_TYPE *keyAttr; -}; - -/* ESS structures */ - -struct CMS_ReceiptRequest_st { - ASN1_OCTET_STRING *signedContentIdentifier; - CMS_ReceiptsFrom *receiptsFrom; - STACK_OF(GENERAL_NAMES) *receiptsTo; -}; - -struct CMS_ReceiptsFrom_st { - int type; - union { - int32_t allOrFirstTier; - STACK_OF(GENERAL_NAMES) *receiptList; - } d; -}; - -struct CMS_Receipt_st { - int32_t version; - ASN1_OBJECT *contentType; - ASN1_OCTET_STRING *signedContentIdentifier; - ASN1_OCTET_STRING *originatorSignatureValue; -}; - -DECLARE_ASN1_FUNCTIONS(CMS_ContentInfo) -DECLARE_ASN1_ITEM(CMS_SignerInfo) -DECLARE_ASN1_ITEM(CMS_IssuerAndSerialNumber) -DECLARE_ASN1_ITEM(CMS_Attributes_Sign) -DECLARE_ASN1_ITEM(CMS_Attributes_Verify) -DECLARE_ASN1_ITEM(CMS_RecipientInfo) -DECLARE_ASN1_ITEM(CMS_PasswordRecipientInfo) -DECLARE_ASN1_ALLOC_FUNCTIONS(CMS_IssuerAndSerialNumber) - -# define CMS_SIGNERINFO_ISSUER_SERIAL 0 -# define CMS_SIGNERINFO_KEYIDENTIFIER 1 - -# define CMS_RECIPINFO_ISSUER_SERIAL 0 -# define CMS_RECIPINFO_KEYIDENTIFIER 1 - -# define CMS_REK_ISSUER_SERIAL 0 -# define CMS_REK_KEYIDENTIFIER 1 - -# define CMS_OIK_ISSUER_SERIAL 0 -# define CMS_OIK_KEYIDENTIFIER 1 -# define CMS_OIK_PUBKEY 2 - -BIO *ossl_cms_content_bio(CMS_ContentInfo *cms); -const CMS_CTX *ossl_cms_get0_cmsctx(const CMS_ContentInfo *cms); -OSSL_LIB_CTX *ossl_cms_ctx_get0_libctx(const CMS_CTX *ctx); -const char *ossl_cms_ctx_get0_propq(const CMS_CTX *ctx); -void ossl_cms_resolve_libctx(CMS_ContentInfo *ci); - -CMS_ContentInfo *ossl_cms_Data_create(OSSL_LIB_CTX *ctx, const char *propq); - -CMS_ContentInfo *ossl_cms_DigestedData_create(const EVP_MD *md, - OSSL_LIB_CTX *libctx, - const char *propq); -BIO *ossl_cms_DigestedData_init_bio(const CMS_ContentInfo *cms); -int ossl_cms_DigestedData_do_final(const CMS_ContentInfo *cms, - BIO *chain, int verify); - -BIO *ossl_cms_SignedData_init_bio(CMS_ContentInfo *cms); -int ossl_cms_SignedData_final(CMS_ContentInfo *cms, BIO *chain); -int ossl_cms_set1_SignerIdentifier(CMS_SignerIdentifier *sid, X509 *cert, - int type, const CMS_CTX *ctx); -int ossl_cms_SignerIdentifier_get0_signer_id(CMS_SignerIdentifier *sid, - ASN1_OCTET_STRING **keyid, - X509_NAME **issuer, - ASN1_INTEGER **sno); -int ossl_cms_SignerIdentifier_cert_cmp(CMS_SignerIdentifier *sid, X509 *cert); - -CMS_ContentInfo *ossl_cms_CompressedData_create(int comp_nid, - OSSL_LIB_CTX *libctx, - const char *propq); -BIO *ossl_cms_CompressedData_init_bio(const CMS_ContentInfo *cms); - -BIO *ossl_cms_DigestAlgorithm_init_bio(X509_ALGOR *digestAlgorithm, - const CMS_CTX *ctx); -int ossl_cms_DigestAlgorithm_find_ctx(EVP_MD_CTX *mctx, BIO *chain, - X509_ALGOR *mdalg); - -int ossl_cms_ias_cert_cmp(CMS_IssuerAndSerialNumber *ias, X509 *cert); -int ossl_cms_keyid_cert_cmp(ASN1_OCTET_STRING *keyid, X509 *cert); -int ossl_cms_set1_ias(CMS_IssuerAndSerialNumber **pias, X509 *cert); -int ossl_cms_set1_keyid(ASN1_OCTET_STRING **pkeyid, X509 *cert); - -BIO *ossl_cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec, - const CMS_CTX *ctx); -BIO *ossl_cms_EncryptedData_init_bio(const CMS_ContentInfo *cms); -int ossl_cms_EncryptedContent_init(CMS_EncryptedContentInfo *ec, - const EVP_CIPHER *cipher, - const unsigned char *key, size_t keylen, - const CMS_CTX *ctx); - -int ossl_cms_Receipt_verify(CMS_ContentInfo *cms, CMS_ContentInfo *req_cms); -int ossl_cms_msgSigDigest_add1(CMS_SignerInfo *dest, CMS_SignerInfo *src); -ASN1_OCTET_STRING *ossl_cms_encode_Receipt(CMS_SignerInfo *si); - -BIO *ossl_cms_EnvelopedData_init_bio(CMS_ContentInfo *cms); -int ossl_cms_EnvelopedData_final(CMS_ContentInfo *cms, BIO *chain); -BIO *ossl_cms_AuthEnvelopedData_init_bio(CMS_ContentInfo *cms); -int ossl_cms_AuthEnvelopedData_final(CMS_ContentInfo *cms, BIO *cmsbio); -CMS_EnvelopedData *ossl_cms_get0_enveloped(CMS_ContentInfo *cms); -CMS_AuthEnvelopedData *ossl_cms_get0_auth_enveloped(CMS_ContentInfo *cms); -CMS_EncryptedContentInfo *ossl_cms_get0_env_enc_content(const CMS_ContentInfo *cms); - -/* RecipientInfo routines */ -int ossl_cms_env_asn1_ctrl(CMS_RecipientInfo *ri, int cmd); -int ossl_cms_pkey_get_ri_type(EVP_PKEY *pk); -int ossl_cms_pkey_is_ri_type_supported(EVP_PKEY *pk, int ri_type); - -void ossl_cms_RecipientInfos_set_cmsctx(CMS_ContentInfo *cms); - -/* KARI routines */ -int ossl_cms_RecipientInfo_kari_init(CMS_RecipientInfo *ri, X509 *recip, - EVP_PKEY *recipPubKey, X509 *originator, - EVP_PKEY *originatorPrivKey, - unsigned int flags, - const CMS_CTX *ctx); -int ossl_cms_RecipientInfo_kari_encrypt(const CMS_ContentInfo *cms, - CMS_RecipientInfo *ri); - -/* PWRI routines */ -int ossl_cms_RecipientInfo_pwri_crypt(const CMS_ContentInfo *cms, - CMS_RecipientInfo *ri, int en_de); -/* SignerInfo routines */ -int ossl_cms_si_check_attributes(const CMS_SignerInfo *si); -void ossl_cms_SignerInfos_set_cmsctx(CMS_ContentInfo *cms); - - -/* ESS routines */ -int ossl_cms_check_signing_certs(const CMS_SignerInfo *si, - const STACK_OF(X509) *chain); - -int ossl_cms_dh_envelope(CMS_RecipientInfo *ri, int decrypt); -int ossl_cms_ecdh_envelope(CMS_RecipientInfo *ri, int decrypt); -int ossl_cms_rsa_envelope(CMS_RecipientInfo *ri, int decrypt); -int ossl_cms_ecdsa_dsa_sign(CMS_SignerInfo *si, int verify); -int ossl_cms_rsa_sign(CMS_SignerInfo *si, int verify); - -DECLARE_ASN1_ITEM(CMS_CertificateChoices) -DECLARE_ASN1_ITEM(CMS_DigestedData) -DECLARE_ASN1_ITEM(CMS_EncryptedData) -DECLARE_ASN1_ITEM(CMS_EnvelopedData) -DECLARE_ASN1_ITEM(CMS_AuthEnvelopedData) -DECLARE_ASN1_ITEM(CMS_KEKRecipientInfo) -DECLARE_ASN1_ITEM(CMS_KeyAgreeRecipientInfo) -DECLARE_ASN1_ITEM(CMS_KeyTransRecipientInfo) -DECLARE_ASN1_ITEM(CMS_OriginatorPublicKey) -DECLARE_ASN1_ITEM(CMS_OtherKeyAttribute) -DECLARE_ASN1_ITEM(CMS_Receipt) -DECLARE_ASN1_ITEM(CMS_ReceiptRequest) -DECLARE_ASN1_ITEM(CMS_RecipientEncryptedKey) -DECLARE_ASN1_ITEM(CMS_RecipientKeyIdentifier) -DECLARE_ASN1_ITEM(CMS_RevocationInfoChoice) -DECLARE_ASN1_ITEM(CMS_SignedData) -DECLARE_ASN1_ITEM(CMS_CompressedData) - -#endif diff --git a/crypto/cms/cms_pwri.c b/crypto/cms/cms_pwri.c deleted file mode 100644 index 2373092bed550c1b20a0a12882a2cae391b72bc4..0000000000000000000000000000000000000000 --- a/crypto/cms/cms_pwri.c +++ /dev/null @@ -1,409 +0,0 @@ -/* - * Copyright 2009-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include "internal/cryptlib.h" -#include -#include -#include -#include -#include -#include -#include -#include "internal/sizes.h" -#include "crypto/asn1.h" -#include "cms_local.h" - -int CMS_RecipientInfo_set0_password(CMS_RecipientInfo *ri, - unsigned char *pass, ossl_ssize_t passlen) -{ - CMS_PasswordRecipientInfo *pwri; - if (ri->type != CMS_RECIPINFO_PASS) { - ERR_raise(ERR_LIB_CMS, CMS_R_NOT_PWRI); - return 0; - } - - pwri = ri->d.pwri; - pwri->pass = pass; - if (pass && passlen < 0) - passlen = strlen((char *)pass); - pwri->passlen = passlen; - return 1; -} - -CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms, - int iter, int wrap_nid, - int pbe_nid, - unsigned char *pass, - ossl_ssize_t passlen, - const EVP_CIPHER *kekciph) -{ - STACK_OF(CMS_RecipientInfo) *ris; - CMS_RecipientInfo *ri = NULL; - CMS_EncryptedContentInfo *ec; - CMS_PasswordRecipientInfo *pwri; - EVP_CIPHER_CTX *ctx = NULL; - X509_ALGOR *encalg = NULL; - unsigned char iv[EVP_MAX_IV_LENGTH]; - int ivlen; - const CMS_CTX *cms_ctx = ossl_cms_get0_cmsctx(cms); - - ec = ossl_cms_get0_env_enc_content(cms); - if (ec == NULL) - return NULL; - ris = CMS_get0_RecipientInfos(cms); - if (ris == NULL) - return NULL; - - if (wrap_nid <= 0) - wrap_nid = NID_id_alg_PWRI_KEK; - - if (pbe_nid <= 0) - pbe_nid = NID_id_pbkdf2; - - /* Get from enveloped data */ - if (kekciph == NULL) - kekciph = ec->cipher; - - if (kekciph == NULL) { - ERR_raise(ERR_LIB_CMS, CMS_R_NO_CIPHER); - return NULL; - } - if (wrap_nid != NID_id_alg_PWRI_KEK) { - ERR_raise(ERR_LIB_CMS, CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM); - return NULL; - } - - /* Setup algorithm identifier for cipher */ - encalg = X509_ALGOR_new(); - if (encalg == NULL) { - goto merr; - } - ctx = EVP_CIPHER_CTX_new(); - if (ctx == NULL) { - ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE); - goto err; - } - - if (EVP_EncryptInit_ex(ctx, kekciph, NULL, NULL, NULL) <= 0) { - ERR_raise(ERR_LIB_CMS, ERR_R_EVP_LIB); - goto err; - } - - ivlen = EVP_CIPHER_CTX_get_iv_length(ctx); - if (ivlen < 0) { - ERR_raise(ERR_LIB_CMS, ERR_R_EVP_LIB); - goto err; - } - - if (ivlen > 0) { - if (RAND_bytes_ex(ossl_cms_ctx_get0_libctx(cms_ctx), iv, ivlen, 0) <= 0) - goto err; - if (EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv) <= 0) { - ERR_raise(ERR_LIB_CMS, ERR_R_EVP_LIB); - goto err; - } - encalg->parameter = ASN1_TYPE_new(); - if (!encalg->parameter) { - ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE); - goto err; - } - if (EVP_CIPHER_param_to_asn1(ctx, encalg->parameter) <= 0) { - ERR_raise(ERR_LIB_CMS, CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR); - goto err; - } - } - - encalg->algorithm = OBJ_nid2obj(EVP_CIPHER_CTX_get_type(ctx)); - - EVP_CIPHER_CTX_free(ctx); - ctx = NULL; - - /* Initialize recipient info */ - ri = M_ASN1_new_of(CMS_RecipientInfo); - if (ri == NULL) - goto merr; - - ri->d.pwri = M_ASN1_new_of(CMS_PasswordRecipientInfo); - if (ri->d.pwri == NULL) - goto merr; - ri->type = CMS_RECIPINFO_PASS; - - pwri = ri->d.pwri; - pwri->cms_ctx = cms_ctx; - /* Since this is overwritten, free up empty structure already there */ - X509_ALGOR_free(pwri->keyEncryptionAlgorithm); - pwri->keyEncryptionAlgorithm = X509_ALGOR_new(); - if (pwri->keyEncryptionAlgorithm == NULL) - goto merr; - pwri->keyEncryptionAlgorithm->algorithm = OBJ_nid2obj(wrap_nid); - pwri->keyEncryptionAlgorithm->parameter = ASN1_TYPE_new(); - if (pwri->keyEncryptionAlgorithm->parameter == NULL) - goto merr; - - if (!ASN1_item_pack(encalg, ASN1_ITEM_rptr(X509_ALGOR), - &pwri->keyEncryptionAlgorithm->parameter-> - value.sequence)) - goto merr; - pwri->keyEncryptionAlgorithm->parameter->type = V_ASN1_SEQUENCE; - - X509_ALGOR_free(encalg); - encalg = NULL; - - /* Setup PBE algorithm */ - - pwri->keyDerivationAlgorithm = PKCS5_pbkdf2_set(iter, NULL, 0, -1, -1); - - if (pwri->keyDerivationAlgorithm == NULL) - goto err; - - CMS_RecipientInfo_set0_password(ri, pass, passlen); - pwri->version = 0; - - if (!sk_CMS_RecipientInfo_push(ris, ri)) - goto merr; - - return ri; - - merr: - ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE); - err: - EVP_CIPHER_CTX_free(ctx); - if (ri) - M_ASN1_free_of(ri, CMS_RecipientInfo); - X509_ALGOR_free(encalg); - return NULL; - -} - -/* - * This is an implementation of the key wrapping mechanism in RFC3211, at - * some point this should go into EVP. - */ - -static int kek_unwrap_key(unsigned char *out, size_t *outlen, - const unsigned char *in, size_t inlen, - EVP_CIPHER_CTX *ctx) -{ - size_t blocklen = EVP_CIPHER_CTX_get_block_size(ctx); - unsigned char *tmp; - int outl, rv = 0; - if (inlen < 2 * blocklen) { - /* too small */ - return 0; - } - if (inlen % blocklen) { - /* Invalid size */ - return 0; - } - if ((tmp = OPENSSL_malloc(inlen)) == NULL) { - ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE); - return 0; - } - /* setup IV by decrypting last two blocks */ - if (!EVP_DecryptUpdate(ctx, tmp + inlen - 2 * blocklen, &outl, - in + inlen - 2 * blocklen, blocklen * 2) - /* - * Do a decrypt of last decrypted block to set IV to correct value - * output it to start of buffer so we don't corrupt decrypted block - * this works because buffer is at least two block lengths long. - */ - || !EVP_DecryptUpdate(ctx, tmp, &outl, - tmp + inlen - blocklen, blocklen) - /* Can now decrypt first n - 1 blocks */ - || !EVP_DecryptUpdate(ctx, tmp, &outl, in, inlen - blocklen) - - /* Reset IV to original value */ - || !EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, NULL) - /* Decrypt again */ - || !EVP_DecryptUpdate(ctx, tmp, &outl, tmp, inlen)) - goto err; - /* Check check bytes */ - if (((tmp[1] ^ tmp[4]) & (tmp[2] ^ tmp[5]) & (tmp[3] ^ tmp[6])) != 0xff) { - /* Check byte failure */ - goto err; - } - if (inlen < (size_t)(tmp[0] - 4)) { - /* Invalid length value */ - goto err; - } - *outlen = (size_t)tmp[0]; - memcpy(out, tmp + 4, *outlen); - rv = 1; - err: - OPENSSL_clear_free(tmp, inlen); - return rv; - -} - -static int kek_wrap_key(unsigned char *out, size_t *outlen, - const unsigned char *in, size_t inlen, - EVP_CIPHER_CTX *ctx, const CMS_CTX *cms_ctx) -{ - size_t blocklen = EVP_CIPHER_CTX_get_block_size(ctx); - size_t olen; - int dummy; - /* - * First decide length of output buffer: need header and round up to - * multiple of block length. - */ - olen = (inlen + 4 + blocklen - 1) / blocklen; - olen *= blocklen; - if (olen < 2 * blocklen) { - /* Key too small */ - return 0; - } - if (inlen > 0xFF) { - /* Key too large */ - return 0; - } - if (out) { - /* Set header */ - out[0] = (unsigned char)inlen; - out[1] = in[0] ^ 0xFF; - out[2] = in[1] ^ 0xFF; - out[3] = in[2] ^ 0xFF; - memcpy(out + 4, in, inlen); - /* Add random padding to end */ - if (olen > inlen + 4 - && RAND_bytes_ex(ossl_cms_ctx_get0_libctx(cms_ctx), out + 4 + inlen, - olen - 4 - inlen, 0) <= 0) - return 0; - /* Encrypt twice */ - if (!EVP_EncryptUpdate(ctx, out, &dummy, out, olen) - || !EVP_EncryptUpdate(ctx, out, &dummy, out, olen)) - return 0; - } - - *outlen = olen; - - return 1; -} - -/* Encrypt/Decrypt content key in PWRI recipient info */ - -int ossl_cms_RecipientInfo_pwri_crypt(const CMS_ContentInfo *cms, - CMS_RecipientInfo *ri, int en_de) -{ - CMS_EncryptedContentInfo *ec; - CMS_PasswordRecipientInfo *pwri; - int r = 0; - X509_ALGOR *algtmp, *kekalg = NULL; - EVP_CIPHER_CTX *kekctx = NULL; - char name[OSSL_MAX_NAME_SIZE]; - EVP_CIPHER *kekcipher; - unsigned char *key = NULL; - size_t keylen; - const CMS_CTX *cms_ctx = ossl_cms_get0_cmsctx(cms); - - ec = ossl_cms_get0_env_enc_content(cms); - - pwri = ri->d.pwri; - - if (pwri->pass == NULL) { - ERR_raise(ERR_LIB_CMS, CMS_R_NO_PASSWORD); - return 0; - } - algtmp = pwri->keyEncryptionAlgorithm; - - if (!algtmp || OBJ_obj2nid(algtmp->algorithm) != NID_id_alg_PWRI_KEK) { - ERR_raise(ERR_LIB_CMS, CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM); - return 0; - } - - kekalg = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(X509_ALGOR), - algtmp->parameter); - - if (kekalg == NULL) { - ERR_raise(ERR_LIB_CMS, CMS_R_INVALID_KEY_ENCRYPTION_PARAMETER); - return 0; - } - - OBJ_obj2txt(name, sizeof(name), kekalg->algorithm, 0); - kekcipher = EVP_CIPHER_fetch(ossl_cms_ctx_get0_libctx(cms_ctx), name, - ossl_cms_ctx_get0_propq(cms_ctx)); - - if (kekcipher == NULL) { - ERR_raise(ERR_LIB_CMS, CMS_R_UNKNOWN_CIPHER); - goto err; - } - - kekctx = EVP_CIPHER_CTX_new(); - if (kekctx == NULL) { - ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE); - goto err; - } - /* Fixup cipher based on AlgorithmIdentifier to set IV etc */ - if (!EVP_CipherInit_ex(kekctx, kekcipher, NULL, NULL, NULL, en_de)) - goto err; - EVP_CIPHER_CTX_set_padding(kekctx, 0); - if (EVP_CIPHER_asn1_to_param(kekctx, kekalg->parameter) <= 0) { - ERR_raise(ERR_LIB_CMS, CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR); - goto err; - } - - algtmp = pwri->keyDerivationAlgorithm; - - /* Finish password based key derivation to setup key in "ctx" */ - - if (EVP_PBE_CipherInit(algtmp->algorithm, - (char *)pwri->pass, pwri->passlen, - algtmp->parameter, kekctx, en_de) < 0) { - ERR_raise(ERR_LIB_CMS, ERR_R_EVP_LIB); - goto err; - } - - /* Finally wrap/unwrap the key */ - - if (en_de) { - - if (!kek_wrap_key(NULL, &keylen, ec->key, ec->keylen, kekctx, cms_ctx)) - goto err; - - key = OPENSSL_malloc(keylen); - - if (key == NULL) - goto err; - - if (!kek_wrap_key(key, &keylen, ec->key, ec->keylen, kekctx, cms_ctx)) - goto err; - pwri->encryptedKey->data = key; - pwri->encryptedKey->length = keylen; - } else { - key = OPENSSL_malloc(pwri->encryptedKey->length); - - if (key == NULL) { - ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE); - goto err; - } - if (!kek_unwrap_key(key, &keylen, - pwri->encryptedKey->data, - pwri->encryptedKey->length, kekctx)) { - ERR_raise(ERR_LIB_CMS, CMS_R_UNWRAP_FAILURE); - goto err; - } - - OPENSSL_clear_free(ec->key, ec->keylen); - ec->key = key; - ec->keylen = keylen; - - } - - r = 1; - - err: - EVP_CIPHER_free(kekcipher); - EVP_CIPHER_CTX_free(kekctx); - - if (!r) - OPENSSL_free(key); - X509_ALGOR_free(kekalg); - - return r; - -} diff --git a/crypto/cms/cms_rsa.c b/crypto/cms/cms_rsa.c deleted file mode 100644 index 20ed8169183a745827727c3a069944b2de0a2af9..0000000000000000000000000000000000000000 --- a/crypto/cms/cms_rsa.c +++ /dev/null @@ -1,253 +0,0 @@ -/* - * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include "crypto/asn1.h" -#include "crypto/rsa.h" -#include "cms_local.h" - -static RSA_OAEP_PARAMS *rsa_oaep_decode(const X509_ALGOR *alg) -{ - RSA_OAEP_PARAMS *oaep; - - oaep = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(RSA_OAEP_PARAMS), - alg->parameter); - - if (oaep == NULL) - return NULL; - - if (oaep->maskGenFunc != NULL) { - oaep->maskHash = ossl_x509_algor_mgf1_decode(oaep->maskGenFunc); - if (oaep->maskHash == NULL) { - RSA_OAEP_PARAMS_free(oaep); - return NULL; - } - } - return oaep; -} - -static int rsa_cms_decrypt(CMS_RecipientInfo *ri) -{ - EVP_PKEY_CTX *pkctx; - X509_ALGOR *cmsalg; - int nid; - int rv = -1; - unsigned char *label = NULL; - int labellen = 0; - const EVP_MD *mgf1md = NULL, *md = NULL; - RSA_OAEP_PARAMS *oaep; - - pkctx = CMS_RecipientInfo_get0_pkey_ctx(ri); - if (pkctx == NULL) - return 0; - if (!CMS_RecipientInfo_ktri_get0_algs(ri, NULL, NULL, &cmsalg)) - return -1; - nid = OBJ_obj2nid(cmsalg->algorithm); - if (nid == NID_rsaEncryption) - return 1; - if (nid != NID_rsaesOaep) { - ERR_raise(ERR_LIB_CMS, CMS_R_UNSUPPORTED_ENCRYPTION_TYPE); - return -1; - } - /* Decode OAEP parameters */ - oaep = rsa_oaep_decode(cmsalg); - - if (oaep == NULL) { - ERR_raise(ERR_LIB_CMS, CMS_R_INVALID_OAEP_PARAMETERS); - goto err; - } - - mgf1md = ossl_x509_algor_get_md(oaep->maskHash); - if (mgf1md == NULL) - goto err; - md = ossl_x509_algor_get_md(oaep->hashFunc); - if (md == NULL) - goto err; - - if (oaep->pSourceFunc != NULL) { - X509_ALGOR *plab = oaep->pSourceFunc; - - if (OBJ_obj2nid(plab->algorithm) != NID_pSpecified) { - ERR_raise(ERR_LIB_CMS, CMS_R_UNSUPPORTED_LABEL_SOURCE); - goto err; - } - if (plab->parameter->type != V_ASN1_OCTET_STRING) { - ERR_raise(ERR_LIB_CMS, CMS_R_INVALID_LABEL); - goto err; - } - - label = plab->parameter->value.octet_string->data; - /* Stop label being freed when OAEP parameters are freed */ - plab->parameter->value.octet_string->data = NULL; - labellen = plab->parameter->value.octet_string->length; - } - - if (EVP_PKEY_CTX_set_rsa_padding(pkctx, RSA_PKCS1_OAEP_PADDING) <= 0) - goto err; - if (EVP_PKEY_CTX_set_rsa_oaep_md(pkctx, md) <= 0) - goto err; - if (EVP_PKEY_CTX_set_rsa_mgf1_md(pkctx, mgf1md) <= 0) - goto err; - if (label != NULL - && EVP_PKEY_CTX_set0_rsa_oaep_label(pkctx, label, labellen) <= 0) - goto err; - /* Carry on */ - rv = 1; - - err: - RSA_OAEP_PARAMS_free(oaep); - return rv; -} - -static int rsa_cms_encrypt(CMS_RecipientInfo *ri) -{ - const EVP_MD *md, *mgf1md; - RSA_OAEP_PARAMS *oaep = NULL; - ASN1_STRING *os = NULL; - X509_ALGOR *alg; - EVP_PKEY_CTX *pkctx = CMS_RecipientInfo_get0_pkey_ctx(ri); - int pad_mode = RSA_PKCS1_PADDING, rv = 0, labellen; - unsigned char *label; - - if (CMS_RecipientInfo_ktri_get0_algs(ri, NULL, NULL, &alg) <= 0) - return 0; - if (pkctx != NULL) { - if (EVP_PKEY_CTX_get_rsa_padding(pkctx, &pad_mode) <= 0) - return 0; - } - if (pad_mode == RSA_PKCS1_PADDING) { - X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsaEncryption), V_ASN1_NULL, 0); - return 1; - } - /* Not supported */ - if (pad_mode != RSA_PKCS1_OAEP_PADDING) - return 0; - if (EVP_PKEY_CTX_get_rsa_oaep_md(pkctx, &md) <= 0) - goto err; - if (EVP_PKEY_CTX_get_rsa_mgf1_md(pkctx, &mgf1md) <= 0) - goto err; - labellen = EVP_PKEY_CTX_get0_rsa_oaep_label(pkctx, &label); - if (labellen < 0) - goto err; - oaep = RSA_OAEP_PARAMS_new(); - if (oaep == NULL) - goto err; - if (!ossl_x509_algor_new_from_md(&oaep->hashFunc, md)) - goto err; - if (!ossl_x509_algor_md_to_mgf1(&oaep->maskGenFunc, mgf1md)) - goto err; - if (labellen > 0) { - ASN1_OCTET_STRING *los; - - oaep->pSourceFunc = X509_ALGOR_new(); - if (oaep->pSourceFunc == NULL) - goto err; - los = ASN1_OCTET_STRING_new(); - if (los == NULL) - goto err; - if (!ASN1_OCTET_STRING_set(los, label, labellen)) { - ASN1_OCTET_STRING_free(los); - goto err; - } - X509_ALGOR_set0(oaep->pSourceFunc, OBJ_nid2obj(NID_pSpecified), - V_ASN1_OCTET_STRING, los); - } - /* create string with pss parameter encoding. */ - if (!ASN1_item_pack(oaep, ASN1_ITEM_rptr(RSA_OAEP_PARAMS), &os)) - goto err; - X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsaesOaep), V_ASN1_SEQUENCE, os); - os = NULL; - rv = 1; - err: - RSA_OAEP_PARAMS_free(oaep); - ASN1_STRING_free(os); - return rv; -} - -int ossl_cms_rsa_envelope(CMS_RecipientInfo *ri, int decrypt) -{ - assert(decrypt == 0 || decrypt == 1); - - if (decrypt == 1) - return rsa_cms_decrypt(ri); - - if (decrypt == 0) - return rsa_cms_encrypt(ri); - - ERR_raise(ERR_LIB_CMS, CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE); - return 0; -} - -static int rsa_cms_sign(CMS_SignerInfo *si) -{ - int pad_mode = RSA_PKCS1_PADDING; - X509_ALGOR *alg; - EVP_PKEY_CTX *pkctx = CMS_SignerInfo_get0_pkey_ctx(si); - ASN1_STRING *os = NULL; - - CMS_SignerInfo_get0_algs(si, NULL, NULL, NULL, &alg); - if (pkctx != NULL) { - if (EVP_PKEY_CTX_get_rsa_padding(pkctx, &pad_mode) <= 0) - return 0; - } - if (pad_mode == RSA_PKCS1_PADDING) { - X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsaEncryption), V_ASN1_NULL, 0); - return 1; - } - /* We don't support it */ - if (pad_mode != RSA_PKCS1_PSS_PADDING) - return 0; - os = ossl_rsa_ctx_to_pss_string(pkctx); - if (os == NULL) - return 0; - X509_ALGOR_set0(alg, OBJ_nid2obj(EVP_PKEY_RSA_PSS), V_ASN1_SEQUENCE, os); - return 1; -} - -static int rsa_cms_verify(CMS_SignerInfo *si) -{ - int nid, nid2; - X509_ALGOR *alg; - EVP_PKEY_CTX *pkctx = CMS_SignerInfo_get0_pkey_ctx(si); - EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(pkctx); - - CMS_SignerInfo_get0_algs(si, NULL, NULL, NULL, &alg); - nid = OBJ_obj2nid(alg->algorithm); - if (nid == EVP_PKEY_RSA_PSS) - return ossl_rsa_pss_to_ctx(NULL, pkctx, alg, NULL) > 0; - /* Only PSS allowed for PSS keys */ - if (EVP_PKEY_is_a(pkey, "RSA-PSS")) { - ERR_raise(ERR_LIB_RSA, RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE); - return 0; - } - if (nid == NID_rsaEncryption) - return 1; - /* Workaround for some implementation that use a signature OID */ - if (OBJ_find_sigid_algs(nid, NULL, &nid2)) { - if (nid2 == NID_rsaEncryption) - return 1; - } - return 0; -} - -int ossl_cms_rsa_sign(CMS_SignerInfo *si, int verify) -{ - assert(verify == 0 || verify == 1); - - if (verify == 1) - return rsa_cms_verify(si); - - if (verify == 0) - return rsa_cms_sign(si); - - ERR_raise(ERR_LIB_CMS, CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE); - return 0; -} diff --git a/crypto/cms/cms_sd.c b/crypto/cms/cms_sd.c deleted file mode 100644 index 34c021bba64af7300600640f9b04768546b9d175..0000000000000000000000000000000000000000 --- a/crypto/cms/cms_sd.c +++ /dev/null @@ -1,1091 +0,0 @@ -/* - * Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include "internal/cryptlib.h" -#include -#include -#include -#include -#include -#include -#include -#include "internal/sizes.h" -#include "crypto/asn1.h" -#include "crypto/evp.h" -#include "crypto/ess.h" -#include "crypto/x509.h" /* for ossl_x509_add_cert_new() */ -#include "cms_local.h" - -/* CMS SignedData Utilities */ - -static CMS_SignedData *cms_get0_signed(CMS_ContentInfo *cms) -{ - if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_signed) { - ERR_raise(ERR_LIB_CMS, CMS_R_CONTENT_TYPE_NOT_SIGNED_DATA); - return NULL; - } - return cms->d.signedData; -} - -static CMS_SignedData *cms_signed_data_init(CMS_ContentInfo *cms) -{ - if (cms->d.other == NULL) { - cms->d.signedData = M_ASN1_new_of(CMS_SignedData); - if (!cms->d.signedData) { - ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE); - return NULL; - } - cms->d.signedData->version = 1; - cms->d.signedData->encapContentInfo->eContentType = - OBJ_nid2obj(NID_pkcs7_data); - cms->d.signedData->encapContentInfo->partial = 1; - ASN1_OBJECT_free(cms->contentType); - cms->contentType = OBJ_nid2obj(NID_pkcs7_signed); - return cms->d.signedData; - } - return cms_get0_signed(cms); -} - -/* Just initialise SignedData e.g. for certs only structure */ - -int CMS_SignedData_init(CMS_ContentInfo *cms) -{ - if (cms_signed_data_init(cms)) - return 1; - else - return 0; -} - - -/* Check structures and fixup version numbers (if necessary) */ - -static void cms_sd_set_version(CMS_SignedData *sd) -{ - int i; - CMS_CertificateChoices *cch; - CMS_RevocationInfoChoice *rch; - CMS_SignerInfo *si; - - for (i = 0; i < sk_CMS_CertificateChoices_num(sd->certificates); i++) { - cch = sk_CMS_CertificateChoices_value(sd->certificates, i); - if (cch->type == CMS_CERTCHOICE_OTHER) { - if (sd->version < 5) - sd->version = 5; - } else if (cch->type == CMS_CERTCHOICE_V2ACERT) { - if (sd->version < 4) - sd->version = 4; - } else if (cch->type == CMS_CERTCHOICE_V1ACERT) { - if (sd->version < 3) - sd->version = 3; - } - } - - for (i = 0; i < sk_CMS_RevocationInfoChoice_num(sd->crls); i++) { - rch = sk_CMS_RevocationInfoChoice_value(sd->crls, i); - if (rch->type == CMS_REVCHOICE_OTHER) { - if (sd->version < 5) - sd->version = 5; - } - } - - if ((OBJ_obj2nid(sd->encapContentInfo->eContentType) != NID_pkcs7_data) - && (sd->version < 3)) - sd->version = 3; - - for (i = 0; i < sk_CMS_SignerInfo_num(sd->signerInfos); i++) { - si = sk_CMS_SignerInfo_value(sd->signerInfos, i); - if (si->sid->type == CMS_SIGNERINFO_KEYIDENTIFIER) { - if (si->version < 3) - si->version = 3; - if (sd->version < 3) - sd->version = 3; - } else if (si->version < 1) - si->version = 1; - } - - if (sd->version < 1) - sd->version = 1; - -} - -/* - * RFC 5652 Section 11.1 Content Type - * The content-type attribute within signed-data MUST - * 1) be present if there are signed attributes - * 2) match the content type in the signed-data, - * 3) be a signed attribute. - * 4) not have more than one copy of the attribute. - * - * Note that since the CMS_SignerInfo_sign() always adds the "signing time" - * attribute, the content type attribute MUST be added also. - * Assumptions: This assumes that the attribute does not already exist. - */ -static int cms_set_si_contentType_attr(CMS_ContentInfo *cms, CMS_SignerInfo *si) -{ - ASN1_OBJECT *ctype = cms->d.signedData->encapContentInfo->eContentType; - - /* Add the contentType attribute */ - return CMS_signed_add1_attr_by_NID(si, NID_pkcs9_contentType, - V_ASN1_OBJECT, ctype, -1) > 0; -} - -/* Copy an existing messageDigest value */ - -static int cms_copy_messageDigest(CMS_ContentInfo *cms, CMS_SignerInfo *si) -{ - STACK_OF(CMS_SignerInfo) *sinfos; - CMS_SignerInfo *sitmp; - int i; - - sinfos = CMS_get0_SignerInfos(cms); - for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) { - ASN1_OCTET_STRING *messageDigest; - - sitmp = sk_CMS_SignerInfo_value(sinfos, i); - if (sitmp == si) - continue; - if (CMS_signed_get_attr_count(sitmp) < 0) - continue; - if (OBJ_cmp(si->digestAlgorithm->algorithm, - sitmp->digestAlgorithm->algorithm)) - continue; - messageDigest = CMS_signed_get0_data_by_OBJ(sitmp, - OBJ_nid2obj - (NID_pkcs9_messageDigest), - -3, V_ASN1_OCTET_STRING); - if (!messageDigest) { - ERR_raise(ERR_LIB_CMS, CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE); - return 0; - } - - if (CMS_signed_add1_attr_by_NID(si, NID_pkcs9_messageDigest, - V_ASN1_OCTET_STRING, - messageDigest, -1)) - return 1; - else - return 0; - } - ERR_raise(ERR_LIB_CMS, CMS_R_NO_MATCHING_DIGEST); - return 0; -} - -int ossl_cms_set1_SignerIdentifier(CMS_SignerIdentifier *sid, X509 *cert, - int type, const CMS_CTX *ctx) -{ - switch (type) { - case CMS_SIGNERINFO_ISSUER_SERIAL: - if (!ossl_cms_set1_ias(&sid->d.issuerAndSerialNumber, cert)) - return 0; - break; - - case CMS_SIGNERINFO_KEYIDENTIFIER: - if (!ossl_cms_set1_keyid(&sid->d.subjectKeyIdentifier, cert)) - return 0; - break; - - default: - ERR_raise(ERR_LIB_CMS, CMS_R_UNKNOWN_ID); - return 0; - } - - sid->type = type; - - return 1; -} - -int ossl_cms_SignerIdentifier_get0_signer_id(CMS_SignerIdentifier *sid, - ASN1_OCTET_STRING **keyid, - X509_NAME **issuer, - ASN1_INTEGER **sno) -{ - if (sid->type == CMS_SIGNERINFO_ISSUER_SERIAL) { - if (issuer) - *issuer = sid->d.issuerAndSerialNumber->issuer; - if (sno) - *sno = sid->d.issuerAndSerialNumber->serialNumber; - } else if (sid->type == CMS_SIGNERINFO_KEYIDENTIFIER) { - if (keyid) - *keyid = sid->d.subjectKeyIdentifier; - } else - return 0; - return 1; -} - -int ossl_cms_SignerIdentifier_cert_cmp(CMS_SignerIdentifier *sid, X509 *cert) -{ - if (sid->type == CMS_SIGNERINFO_ISSUER_SERIAL) - return ossl_cms_ias_cert_cmp(sid->d.issuerAndSerialNumber, cert); - else if (sid->type == CMS_SIGNERINFO_KEYIDENTIFIER) - return ossl_cms_keyid_cert_cmp(sid->d.subjectKeyIdentifier, cert); - else - return -1; -} - -static int cms_sd_asn1_ctrl(CMS_SignerInfo *si, int cmd) -{ - EVP_PKEY *pkey = si->pkey; - int i; - - if (EVP_PKEY_is_a(pkey, "DSA") || EVP_PKEY_is_a(pkey, "EC")) - return ossl_cms_ecdsa_dsa_sign(si, cmd); - else if (EVP_PKEY_is_a(pkey, "RSA") || EVP_PKEY_is_a(pkey, "RSA-PSS")) - return ossl_cms_rsa_sign(si, cmd); - - /* Something else? We'll give engines etc a chance to handle this */ - if (pkey->ameth == NULL || pkey->ameth->pkey_ctrl == NULL) - return 1; - i = pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_CMS_SIGN, cmd, si); - if (i == -2) { - ERR_raise(ERR_LIB_CMS, CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE); - return 0; - } - if (i <= 0) { - ERR_raise(ERR_LIB_CMS, CMS_R_CTRL_FAILURE); - return 0; - } - return 1; -} - -/* Add SigningCertificate signed attribute to the signer info. */ -static int ossl_cms_add1_signing_cert(CMS_SignerInfo *si, - const ESS_SIGNING_CERT *sc) -{ - ASN1_STRING *seq = NULL; - unsigned char *p, *pp = NULL; - int ret, len = i2d_ESS_SIGNING_CERT(sc, NULL); - - if (len <= 0 || (pp = OPENSSL_malloc(len)) == NULL) - return 0; - - p = pp; - i2d_ESS_SIGNING_CERT(sc, &p); - if (!(seq = ASN1_STRING_new()) || !ASN1_STRING_set(seq, pp, len)) { - ASN1_STRING_free(seq); - OPENSSL_free(pp); - return 0; - } - OPENSSL_free(pp); - ret = CMS_signed_add1_attr_by_NID(si, NID_id_smime_aa_signingCertificate, - V_ASN1_SEQUENCE, seq, -1); - ASN1_STRING_free(seq); - return ret; -} - -/* Add SigningCertificateV2 signed attribute to the signer info. */ -static int ossl_cms_add1_signing_cert_v2(CMS_SignerInfo *si, - const ESS_SIGNING_CERT_V2 *sc) -{ - ASN1_STRING *seq = NULL; - unsigned char *p, *pp = NULL; - int ret, len = i2d_ESS_SIGNING_CERT_V2(sc, NULL); - - if (len <= 0 || (pp = OPENSSL_malloc(len)) == NULL) - return 0; - - p = pp; - i2d_ESS_SIGNING_CERT_V2(sc, &p); - if (!(seq = ASN1_STRING_new()) || !ASN1_STRING_set(seq, pp, len)) { - ASN1_STRING_free(seq); - OPENSSL_free(pp); - return 0; - } - OPENSSL_free(pp); - ret = CMS_signed_add1_attr_by_NID(si, NID_id_smime_aa_signingCertificateV2, - V_ASN1_SEQUENCE, seq, -1); - ASN1_STRING_free(seq); - return ret; -} - -CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms, - X509 *signer, EVP_PKEY *pk, const EVP_MD *md, - unsigned int flags) -{ - CMS_SignedData *sd; - CMS_SignerInfo *si = NULL; - X509_ALGOR *alg; - int i, type; - const CMS_CTX *ctx = ossl_cms_get0_cmsctx(cms); - - if (!X509_check_private_key(signer, pk)) { - ERR_raise(ERR_LIB_CMS, CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE); - return NULL; - } - sd = cms_signed_data_init(cms); - if (!sd) - goto err; - si = M_ASN1_new_of(CMS_SignerInfo); - if (!si) - goto merr; - /* Call for side-effect of computing hash and caching extensions */ - X509_check_purpose(signer, -1, -1); - - X509_up_ref(signer); - EVP_PKEY_up_ref(pk); - - si->cms_ctx = ctx; - si->pkey = pk; - si->signer = signer; - si->mctx = EVP_MD_CTX_new(); - si->pctx = NULL; - - if (si->mctx == NULL) { - ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE); - goto err; - } - - if (flags & CMS_USE_KEYID) { - si->version = 3; - if (sd->version < 3) - sd->version = 3; - type = CMS_SIGNERINFO_KEYIDENTIFIER; - } else { - type = CMS_SIGNERINFO_ISSUER_SERIAL; - si->version = 1; - } - - if (!ossl_cms_set1_SignerIdentifier(si->sid, signer, type, ctx)) - goto err; - - if (md == NULL) { - int def_nid; - if (EVP_PKEY_get_default_digest_nid(pk, &def_nid) <= 0) - goto err; - md = EVP_get_digestbynid(def_nid); - if (md == NULL) { - ERR_raise(ERR_LIB_CMS, CMS_R_NO_DEFAULT_DIGEST); - goto err; - } - } - - if (!md) { - ERR_raise(ERR_LIB_CMS, CMS_R_NO_DIGEST_SET); - goto err; - } - - if (md == NULL) { - ERR_raise(ERR_LIB_CMS, CMS_R_NO_DIGEST_SET); - goto err; - } - - X509_ALGOR_set_md(si->digestAlgorithm, md); - - /* See if digest is present in digestAlgorithms */ - for (i = 0; i < sk_X509_ALGOR_num(sd->digestAlgorithms); i++) { - const ASN1_OBJECT *aoid; - char name[OSSL_MAX_NAME_SIZE]; - - alg = sk_X509_ALGOR_value(sd->digestAlgorithms, i); - X509_ALGOR_get0(&aoid, NULL, NULL, alg); - OBJ_obj2txt(name, sizeof(name), aoid, 0); - if (EVP_MD_is_a(md, name)) - break; - } - - if (i == sk_X509_ALGOR_num(sd->digestAlgorithms)) { - alg = X509_ALGOR_new(); - if (alg == NULL) - goto merr; - X509_ALGOR_set_md(alg, md); - if (!sk_X509_ALGOR_push(sd->digestAlgorithms, alg)) { - X509_ALGOR_free(alg); - goto merr; - } - } - - if (!(flags & CMS_KEY_PARAM) && !cms_sd_asn1_ctrl(si, 0)) - goto err; - if (!(flags & CMS_NOATTR)) { - /* - * Initialize signed attributes structure so other attributes - * such as signing time etc are added later even if we add none here. - */ - if (!si->signedAttrs) { - si->signedAttrs = sk_X509_ATTRIBUTE_new_null(); - if (!si->signedAttrs) - goto merr; - } - - if (!(flags & CMS_NOSMIMECAP)) { - STACK_OF(X509_ALGOR) *smcap = NULL; - i = CMS_add_standard_smimecap(&smcap); - if (i) - i = CMS_add_smimecap(si, smcap); - sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free); - if (!i) - goto merr; - } - if (flags & CMS_CADES) { - ESS_SIGNING_CERT *sc = NULL; - ESS_SIGNING_CERT_V2 *sc2 = NULL; - int add_sc; - - if (md == NULL || EVP_MD_is_a(md, SN_sha1)) { - if ((sc = OSSL_ESS_signing_cert_new_init(signer, - NULL, 1)) == NULL) - goto err; - add_sc = ossl_cms_add1_signing_cert(si, sc); - ESS_SIGNING_CERT_free(sc); - } else { - if ((sc2 = OSSL_ESS_signing_cert_v2_new_init(md, signer, - NULL, 1)) == NULL) - goto err; - add_sc = ossl_cms_add1_signing_cert_v2(si, sc2); - ESS_SIGNING_CERT_V2_free(sc2); - } - if (!add_sc) - goto err; - } - if (flags & CMS_REUSE_DIGEST) { - if (!cms_copy_messageDigest(cms, si)) - goto err; - if (!cms_set_si_contentType_attr(cms, si)) - goto err; - if (!(flags & (CMS_PARTIAL | CMS_KEY_PARAM)) && - !CMS_SignerInfo_sign(si)) - goto err; - } - } - - if (!(flags & CMS_NOCERTS)) { - /* NB ignore -1 return for duplicate cert */ - if (!CMS_add1_cert(cms, signer)) - goto merr; - } - - if (flags & CMS_KEY_PARAM) { - if (flags & CMS_NOATTR) { - si->pctx = EVP_PKEY_CTX_new_from_pkey(ossl_cms_ctx_get0_libctx(ctx), - si->pkey, - ossl_cms_ctx_get0_propq(ctx)); - if (si->pctx == NULL) - goto err; - if (EVP_PKEY_sign_init(si->pctx) <= 0) - goto err; - if (EVP_PKEY_CTX_set_signature_md(si->pctx, md) <= 0) - goto err; - } else if (EVP_DigestSignInit_ex(si->mctx, &si->pctx, - EVP_MD_get0_name(md), - ossl_cms_ctx_get0_libctx(ctx), - ossl_cms_ctx_get0_propq(ctx), - pk, NULL) <= 0) { - goto err; - } - } - - if (!sd->signerInfos) - sd->signerInfos = sk_CMS_SignerInfo_new_null(); - if (!sd->signerInfos || !sk_CMS_SignerInfo_push(sd->signerInfos, si)) - goto merr; - - return si; - - merr: - ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE); - err: - M_ASN1_free_of(si, CMS_SignerInfo); - return NULL; - -} - -void ossl_cms_SignerInfos_set_cmsctx(CMS_ContentInfo *cms) -{ - int i; - CMS_SignerInfo *si; - STACK_OF(CMS_SignerInfo) *sinfos; - const CMS_CTX *ctx = ossl_cms_get0_cmsctx(cms); - - ERR_set_mark(); - sinfos = CMS_get0_SignerInfos(cms); - ERR_pop_to_mark(); /* removes error in case sinfos == NULL */ - - for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) { - si = sk_CMS_SignerInfo_value(sinfos, i); - if (si != NULL) - si->cms_ctx = ctx; - } -} - -static int cms_add1_signingTime(CMS_SignerInfo *si, ASN1_TIME *t) -{ - ASN1_TIME *tt; - int r = 0; - - if (t != NULL) - tt = t; - else - tt = X509_gmtime_adj(NULL, 0); - - if (tt == NULL) - goto merr; - - if (CMS_signed_add1_attr_by_NID(si, NID_pkcs9_signingTime, - tt->type, tt, -1) <= 0) - goto merr; - - r = 1; - merr: - if (t == NULL) - ASN1_TIME_free(tt); - - if (!r) - ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE); - - return r; - -} - -EVP_PKEY_CTX *CMS_SignerInfo_get0_pkey_ctx(CMS_SignerInfo *si) -{ - return si->pctx; -} - -EVP_MD_CTX *CMS_SignerInfo_get0_md_ctx(CMS_SignerInfo *si) -{ - return si->mctx; -} - -STACK_OF(CMS_SignerInfo) *CMS_get0_SignerInfos(CMS_ContentInfo *cms) -{ - CMS_SignedData *sd = cms_get0_signed(cms); - - return sd != NULL ? sd->signerInfos : NULL; -} - -STACK_OF(X509) *CMS_get0_signers(CMS_ContentInfo *cms) -{ - STACK_OF(X509) *signers = NULL; - STACK_OF(CMS_SignerInfo) *sinfos; - CMS_SignerInfo *si; - int i; - - sinfos = CMS_get0_SignerInfos(cms); - for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) { - si = sk_CMS_SignerInfo_value(sinfos, i); - if (si->signer != NULL) { - if (!ossl_x509_add_cert_new(&signers, si->signer, - X509_ADD_FLAG_DEFAULT)) { - sk_X509_free(signers); - return NULL; - } - } - } - return signers; -} - -void CMS_SignerInfo_set1_signer_cert(CMS_SignerInfo *si, X509 *signer) -{ - if (signer != NULL) { - X509_up_ref(signer); - EVP_PKEY_free(si->pkey); - si->pkey = X509_get_pubkey(signer); - } - X509_free(si->signer); - si->signer = signer; -} - -int CMS_SignerInfo_get0_signer_id(CMS_SignerInfo *si, - ASN1_OCTET_STRING **keyid, - X509_NAME **issuer, ASN1_INTEGER **sno) -{ - return ossl_cms_SignerIdentifier_get0_signer_id(si->sid, keyid, issuer, sno); -} - -int CMS_SignerInfo_cert_cmp(CMS_SignerInfo *si, X509 *cert) -{ - return ossl_cms_SignerIdentifier_cert_cmp(si->sid, cert); -} - -int CMS_set1_signers_certs(CMS_ContentInfo *cms, STACK_OF(X509) *scerts, - unsigned int flags) -{ - CMS_SignedData *sd; - CMS_SignerInfo *si; - CMS_CertificateChoices *cch; - STACK_OF(CMS_CertificateChoices) *certs; - X509 *x; - int i, j; - int ret = 0; - - sd = cms_get0_signed(cms); - if (sd == NULL) - return -1; - certs = sd->certificates; - for (i = 0; i < sk_CMS_SignerInfo_num(sd->signerInfos); i++) { - si = sk_CMS_SignerInfo_value(sd->signerInfos, i); - if (si->signer != NULL) - continue; - - for (j = 0; j < sk_X509_num(scerts); j++) { - x = sk_X509_value(scerts, j); - if (CMS_SignerInfo_cert_cmp(si, x) == 0) { - CMS_SignerInfo_set1_signer_cert(si, x); - ret++; - break; - } - } - - if (si->signer != NULL || (flags & CMS_NOINTERN)) - continue; - - for (j = 0; j < sk_CMS_CertificateChoices_num(certs); j++) { - cch = sk_CMS_CertificateChoices_value(certs, j); - if (cch->type != 0) - continue; - x = cch->d.certificate; - if (CMS_SignerInfo_cert_cmp(si, x) == 0) { - CMS_SignerInfo_set1_signer_cert(si, x); - ret++; - break; - } - } - } - return ret; -} - -void CMS_SignerInfo_get0_algs(CMS_SignerInfo *si, EVP_PKEY **pk, - X509 **signer, X509_ALGOR **pdig, - X509_ALGOR **psig) -{ - if (pk != NULL) - *pk = si->pkey; - if (signer != NULL) - *signer = si->signer; - if (pdig != NULL) - *pdig = si->digestAlgorithm; - if (psig != NULL) - *psig = si->signatureAlgorithm; -} - -ASN1_OCTET_STRING *CMS_SignerInfo_get0_signature(CMS_SignerInfo *si) -{ - return si->signature; -} - -static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms, - CMS_SignerInfo *si, BIO *chain) -{ - EVP_MD_CTX *mctx = EVP_MD_CTX_new(); - int r = 0; - EVP_PKEY_CTX *pctx = NULL; - const CMS_CTX *ctx = ossl_cms_get0_cmsctx(cms); - - if (mctx == NULL) { - ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE); - return 0; - } - - if (si->pkey == NULL) { - ERR_raise(ERR_LIB_CMS, CMS_R_NO_PRIVATE_KEY); - goto err; - } - - if (!ossl_cms_DigestAlgorithm_find_ctx(mctx, chain, si->digestAlgorithm)) - goto err; - /* Set SignerInfo algorithm details if we used custom parameter */ - if (si->pctx && !cms_sd_asn1_ctrl(si, 0)) - goto err; - - /* - * If any signed attributes calculate and add messageDigest attribute - */ - - if (CMS_signed_get_attr_count(si) >= 0) { - unsigned char md[EVP_MAX_MD_SIZE]; - unsigned int mdlen; - - if (!EVP_DigestFinal_ex(mctx, md, &mdlen)) - goto err; - if (!CMS_signed_add1_attr_by_NID(si, NID_pkcs9_messageDigest, - V_ASN1_OCTET_STRING, md, mdlen)) - goto err; - /* Copy content type across */ - if (!cms_set_si_contentType_attr(cms, si)) - goto err; - - if (!CMS_SignerInfo_sign(si)) - goto err; - } else if (si->pctx) { - unsigned char *sig; - size_t siglen; - unsigned char md[EVP_MAX_MD_SIZE]; - unsigned int mdlen; - - pctx = si->pctx; - if (!EVP_DigestFinal_ex(mctx, md, &mdlen)) - goto err; - siglen = EVP_PKEY_get_size(si->pkey); - sig = OPENSSL_malloc(siglen); - if (sig == NULL) { - ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE); - goto err; - } - if (EVP_PKEY_sign(pctx, sig, &siglen, md, mdlen) <= 0) { - OPENSSL_free(sig); - goto err; - } - ASN1_STRING_set0(si->signature, sig, siglen); - } else { - unsigned char *sig; - unsigned int siglen; - - sig = OPENSSL_malloc(EVP_PKEY_get_size(si->pkey)); - if (sig == NULL) { - ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE); - goto err; - } - if (!EVP_SignFinal_ex(mctx, sig, &siglen, si->pkey, - ossl_cms_ctx_get0_libctx(ctx), - ossl_cms_ctx_get0_propq(ctx))) { - ERR_raise(ERR_LIB_CMS, CMS_R_SIGNFINAL_ERROR); - OPENSSL_free(sig); - goto err; - } - ASN1_STRING_set0(si->signature, sig, siglen); - } - - r = 1; - - err: - EVP_MD_CTX_free(mctx); - EVP_PKEY_CTX_free(pctx); - return r; - -} - -int ossl_cms_SignedData_final(CMS_ContentInfo *cms, BIO *chain) -{ - STACK_OF(CMS_SignerInfo) *sinfos; - CMS_SignerInfo *si; - int i; - - sinfos = CMS_get0_SignerInfos(cms); - for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) { - si = sk_CMS_SignerInfo_value(sinfos, i); - if (!cms_SignerInfo_content_sign(cms, si, chain)) - return 0; - } - cms->d.signedData->encapContentInfo->partial = 0; - return 1; -} - -int CMS_SignerInfo_sign(CMS_SignerInfo *si) -{ - EVP_MD_CTX *mctx = si->mctx; - EVP_PKEY_CTX *pctx = NULL; - unsigned char *abuf = NULL; - int alen; - size_t siglen; - const CMS_CTX *ctx = si->cms_ctx; - char md_name[OSSL_MAX_NAME_SIZE]; - - if (OBJ_obj2txt(md_name, sizeof(md_name), - si->digestAlgorithm->algorithm, 0) <= 0) - return 0; - - if (CMS_signed_get_attr_by_NID(si, NID_pkcs9_signingTime, -1) < 0) { - if (!cms_add1_signingTime(si, NULL)) - goto err; - } - - if (!ossl_cms_si_check_attributes(si)) - goto err; - - if (si->pctx) - pctx = si->pctx; - else { - EVP_MD_CTX_reset(mctx); - if (EVP_DigestSignInit_ex(mctx, &pctx, md_name, - ossl_cms_ctx_get0_libctx(ctx), - ossl_cms_ctx_get0_propq(ctx), si->pkey, - NULL) <= 0) - goto err; - si->pctx = pctx; - } - - alen = ASN1_item_i2d((ASN1_VALUE *)si->signedAttrs, &abuf, - ASN1_ITEM_rptr(CMS_Attributes_Sign)); - if (!abuf) - goto err; - if (EVP_DigestSignUpdate(mctx, abuf, alen) <= 0) - goto err; - if (EVP_DigestSignFinal(mctx, NULL, &siglen) <= 0) - goto err; - OPENSSL_free(abuf); - abuf = OPENSSL_malloc(siglen); - if (abuf == NULL) - goto err; - if (EVP_DigestSignFinal(mctx, abuf, &siglen) <= 0) - goto err; - - EVP_MD_CTX_reset(mctx); - - ASN1_STRING_set0(si->signature, abuf, siglen); - - return 1; - - err: - OPENSSL_free(abuf); - EVP_MD_CTX_reset(mctx); - return 0; -} - -int CMS_SignerInfo_verify(CMS_SignerInfo *si) -{ - EVP_MD_CTX *mctx = NULL; - unsigned char *abuf = NULL; - int alen, r = -1; - char name[OSSL_MAX_NAME_SIZE]; - const EVP_MD *md; - EVP_MD *fetched_md = NULL; - const CMS_CTX *ctx = si->cms_ctx; - OSSL_LIB_CTX *libctx = ossl_cms_ctx_get0_libctx(ctx); - const char *propq = ossl_cms_ctx_get0_propq(ctx); - - if (si->pkey == NULL) { - ERR_raise(ERR_LIB_CMS, CMS_R_NO_PUBLIC_KEY); - return -1; - } - - if (!ossl_cms_si_check_attributes(si)) - return -1; - - OBJ_obj2txt(name, sizeof(name), si->digestAlgorithm->algorithm, 0); - - (void)ERR_set_mark(); - fetched_md = EVP_MD_fetch(libctx, name, propq); - - if (fetched_md != NULL) - md = fetched_md; - else - md = EVP_get_digestbyobj(si->digestAlgorithm->algorithm); - if (md == NULL) { - (void)ERR_clear_last_mark(); - ERR_raise(ERR_LIB_CMS, CMS_R_UNKNOWN_DIGEST_ALGORITHM); - return -1; - } - (void)ERR_pop_to_mark(); - - if (si->mctx == NULL && (si->mctx = EVP_MD_CTX_new()) == NULL) { - ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE); - goto err; - } - mctx = si->mctx; - if (EVP_DigestVerifyInit_ex(mctx, &si->pctx, EVP_MD_get0_name(md), libctx, - propq, si->pkey, NULL) <= 0) - goto err; - - if (!cms_sd_asn1_ctrl(si, 1)) - goto err; - - alen = ASN1_item_i2d((ASN1_VALUE *)si->signedAttrs, &abuf, - ASN1_ITEM_rptr(CMS_Attributes_Verify)); - if (abuf == NULL || alen < 0) - goto err; - r = EVP_DigestVerifyUpdate(mctx, abuf, alen); - OPENSSL_free(abuf); - if (r <= 0) { - r = -1; - goto err; - } - r = EVP_DigestVerifyFinal(mctx, - si->signature->data, si->signature->length); - if (r <= 0) - ERR_raise(ERR_LIB_CMS, CMS_R_VERIFICATION_FAILURE); - err: - EVP_MD_free(fetched_md); - EVP_MD_CTX_reset(mctx); - return r; -} - -/* Create a chain of digest BIOs from a CMS ContentInfo */ - -BIO *ossl_cms_SignedData_init_bio(CMS_ContentInfo *cms) -{ - int i; - CMS_SignedData *sd; - BIO *chain = NULL; - - sd = cms_get0_signed(cms); - if (sd == NULL) - return NULL; - if (cms->d.signedData->encapContentInfo->partial) - cms_sd_set_version(sd); - for (i = 0; i < sk_X509_ALGOR_num(sd->digestAlgorithms); i++) { - X509_ALGOR *digestAlgorithm; - BIO *mdbio; - - digestAlgorithm = sk_X509_ALGOR_value(sd->digestAlgorithms, i); - mdbio = ossl_cms_DigestAlgorithm_init_bio(digestAlgorithm, - ossl_cms_get0_cmsctx(cms)); - if (mdbio == NULL) - goto err; - if (chain != NULL) - BIO_push(chain, mdbio); - else - chain = mdbio; - } - return chain; - err: - BIO_free_all(chain); - return NULL; -} - -int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain) -{ - ASN1_OCTET_STRING *os = NULL; - EVP_MD_CTX *mctx = EVP_MD_CTX_new(); - EVP_PKEY_CTX *pkctx = NULL; - int r = -1; - unsigned char mval[EVP_MAX_MD_SIZE]; - unsigned int mlen; - - if (mctx == NULL) { - ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE); - goto err; - } - /* If we have any signed attributes look for messageDigest value */ - if (CMS_signed_get_attr_count(si) >= 0) { - os = CMS_signed_get0_data_by_OBJ(si, - OBJ_nid2obj(NID_pkcs9_messageDigest), - -3, V_ASN1_OCTET_STRING); - if (os == NULL) { - ERR_raise(ERR_LIB_CMS, CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE); - goto err; - } - } - - if (!ossl_cms_DigestAlgorithm_find_ctx(mctx, chain, si->digestAlgorithm)) - goto err; - - if (EVP_DigestFinal_ex(mctx, mval, &mlen) <= 0) { - ERR_raise(ERR_LIB_CMS, CMS_R_UNABLE_TO_FINALIZE_CONTEXT); - goto err; - } - - /* If messageDigest found compare it */ - - if (os != NULL) { - if (mlen != (unsigned int)os->length) { - ERR_raise(ERR_LIB_CMS, CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH); - goto err; - } - - if (memcmp(mval, os->data, mlen)) { - ERR_raise(ERR_LIB_CMS, CMS_R_VERIFICATION_FAILURE); - r = 0; - } else - r = 1; - } else { - const EVP_MD *md = EVP_MD_CTX_get0_md(mctx); - const CMS_CTX *ctx = si->cms_ctx; - - pkctx = EVP_PKEY_CTX_new_from_pkey(ossl_cms_ctx_get0_libctx(ctx), - si->pkey, - ossl_cms_ctx_get0_propq(ctx)); - if (pkctx == NULL) - goto err; - if (EVP_PKEY_verify_init(pkctx) <= 0) - goto err; - if (EVP_PKEY_CTX_set_signature_md(pkctx, md) <= 0) - goto err; - si->pctx = pkctx; - if (!cms_sd_asn1_ctrl(si, 1)) - goto err; - r = EVP_PKEY_verify(pkctx, si->signature->data, - si->signature->length, mval, mlen); - if (r <= 0) { - ERR_raise(ERR_LIB_CMS, CMS_R_VERIFICATION_FAILURE); - r = 0; - } - } - - err: - EVP_PKEY_CTX_free(pkctx); - EVP_MD_CTX_free(mctx); - return r; - -} - -int CMS_add_smimecap(CMS_SignerInfo *si, STACK_OF(X509_ALGOR) *algs) -{ - unsigned char *smder = NULL; - int smderlen, r; - - smderlen = i2d_X509_ALGORS(algs, &smder); - if (smderlen <= 0) - return 0; - r = CMS_signed_add1_attr_by_NID(si, NID_SMIMECapabilities, - V_ASN1_SEQUENCE, smder, smderlen); - OPENSSL_free(smder); - return r; -} - -int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs, - int algnid, int keysize) -{ - X509_ALGOR *alg; - ASN1_INTEGER *key = NULL; - - if (keysize > 0) { - key = ASN1_INTEGER_new(); - if (key == NULL || !ASN1_INTEGER_set(key, keysize)) { - ASN1_INTEGER_free(key); - return 0; - } - } - alg = X509_ALGOR_new(); - if (alg == NULL) { - ASN1_INTEGER_free(key); - return 0; - } - - X509_ALGOR_set0(alg, OBJ_nid2obj(algnid), - key ? V_ASN1_INTEGER : V_ASN1_UNDEF, key); - if (*algs == NULL) - *algs = sk_X509_ALGOR_new_null(); - if (*algs == NULL || !sk_X509_ALGOR_push(*algs, alg)) { - X509_ALGOR_free(alg); - return 0; - } - return 1; -} - -/* Check to see if a cipher exists and if so add S/MIME capabilities */ - -static int cms_add_cipher_smcap(STACK_OF(X509_ALGOR) **sk, int nid, int arg) -{ - if (EVP_get_cipherbynid(nid)) - return CMS_add_simple_smimecap(sk, nid, arg); - return 1; -} - -static int cms_add_digest_smcap(STACK_OF(X509_ALGOR) **sk, int nid, int arg) -{ - if (EVP_get_digestbynid(nid)) - return CMS_add_simple_smimecap(sk, nid, arg); - return 1; -} - -int CMS_add_standard_smimecap(STACK_OF(X509_ALGOR) **smcap) -{ - if (!cms_add_cipher_smcap(smcap, NID_aes_256_cbc, -1) - || !cms_add_digest_smcap(smcap, NID_id_GostR3411_2012_256, -1) - || !cms_add_digest_smcap(smcap, NID_id_GostR3411_2012_512, -1) - || !cms_add_digest_smcap(smcap, NID_id_GostR3411_94, -1) - || !cms_add_cipher_smcap(smcap, NID_id_Gost28147_89, -1) - || !cms_add_cipher_smcap(smcap, NID_aes_192_cbc, -1) - || !cms_add_cipher_smcap(smcap, NID_aes_128_cbc, -1) - || !cms_add_cipher_smcap(smcap, NID_des_ede3_cbc, -1) - || !cms_add_cipher_smcap(smcap, NID_rc2_cbc, 128) - || !cms_add_cipher_smcap(smcap, NID_rc2_cbc, 64) - || !cms_add_cipher_smcap(smcap, NID_des_cbc, -1) - || !cms_add_cipher_smcap(smcap, NID_rc2_cbc, 40)) - return 0; - return 1; -} diff --git a/crypto/cms/cms_smime.c b/crypto/cms/cms_smime.c deleted file mode 100644 index d17df31dd41221591b4def86af9b22d6fc373ba5..0000000000000000000000000000000000000000 --- a/crypto/cms/cms_smime.c +++ /dev/null @@ -1,965 +0,0 @@ -/* - * Copyright 2008-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include "internal/cryptlib.h" -#include -#include -#include -#include -#include -#include "cms_local.h" -#include "crypto/asn1.h" - -static BIO *cms_get_text_bio(BIO *out, unsigned int flags) -{ - BIO *rbio; - - if (out == NULL) - rbio = BIO_new(BIO_s_null()); - else if (flags & CMS_TEXT) { - rbio = BIO_new(BIO_s_mem()); - BIO_set_mem_eof_return(rbio, 0); - } else - rbio = out; - return rbio; -} - -static int cms_copy_content(BIO *out, BIO *in, unsigned int flags) -{ - unsigned char buf[4096]; - int r = 0, i; - BIO *tmpout; - - tmpout = cms_get_text_bio(out, flags); - - if (tmpout == NULL) { - ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE); - goto err; - } - - /* Read all content through chain to process digest, decrypt etc */ - for (;;) { - i = BIO_read(in, buf, sizeof(buf)); - if (i <= 0) { - if (BIO_method_type(in) == BIO_TYPE_CIPHER) { - if (BIO_get_cipher_status(in) <= 0) - goto err; - } - if (i < 0) - goto err; - break; - } - - if (tmpout != NULL && (BIO_write(tmpout, buf, i) != i)) - goto err; - } - - if (flags & CMS_TEXT) { - if (!SMIME_text(tmpout, out)) { - ERR_raise(ERR_LIB_CMS, CMS_R_SMIME_TEXT_ERROR); - goto err; - } - } - - r = 1; - err: - if (tmpout != out) - BIO_free(tmpout); - return r; - -} - -static int check_content(CMS_ContentInfo *cms) -{ - ASN1_OCTET_STRING **pos = CMS_get0_content(cms); - - if (pos == NULL || *pos == NULL) { - ERR_raise(ERR_LIB_CMS, CMS_R_NO_CONTENT); - return 0; - } - return 1; -} - -static void do_free_upto(BIO *f, BIO *upto) -{ - if (upto != NULL) { - BIO *tbio; - - do { - tbio = BIO_pop(f); - BIO_free(f); - f = tbio; - } while (f != NULL && f != upto); - } else { - BIO_free_all(f); - } -} - -int CMS_data(CMS_ContentInfo *cms, BIO *out, unsigned int flags) -{ - BIO *cont; - int r; - - if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_data) { - ERR_raise(ERR_LIB_CMS, CMS_R_TYPE_NOT_DATA); - return 0; - } - cont = CMS_dataInit(cms, NULL); - if (cont == NULL) - return 0; - r = cms_copy_content(out, cont, flags); - BIO_free_all(cont); - return r; -} - -CMS_ContentInfo *CMS_data_create_ex(BIO *in, unsigned int flags, - OSSL_LIB_CTX *libctx, const char *propq) -{ - CMS_ContentInfo *cms = ossl_cms_Data_create(libctx, propq); - - if (cms == NULL) - return NULL; - - if ((flags & CMS_STREAM) || CMS_final(cms, in, NULL, flags)) - return cms; - - CMS_ContentInfo_free(cms); - return NULL; -} - -CMS_ContentInfo *CMS_data_create(BIO *in, unsigned int flags) -{ - return CMS_data_create_ex(in, flags, NULL, NULL); -} - -int CMS_digest_verify(CMS_ContentInfo *cms, BIO *dcont, BIO *out, - unsigned int flags) -{ - BIO *cont; - int r; - - if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_digest) { - ERR_raise(ERR_LIB_CMS, CMS_R_TYPE_NOT_DIGESTED_DATA); - return 0; - } - - if (dcont == NULL && !check_content(cms)) - return 0; - - cont = CMS_dataInit(cms, dcont); - if (cont == NULL) - return 0; - - r = cms_copy_content(out, cont, flags); - if (r) - r = ossl_cms_DigestedData_do_final(cms, cont, 1); - do_free_upto(cont, dcont); - return r; -} - -CMS_ContentInfo *CMS_digest_create_ex(BIO *in, const EVP_MD *md, - unsigned int flags, OSSL_LIB_CTX *ctx, - const char *propq) -{ - CMS_ContentInfo *cms; - - /* - * Because the EVP_MD is cached and can be a legacy algorithm, we - * cannot fetch the algorithm if it isn't supplied. - */ - if (md == NULL) - md = EVP_sha1(); - cms = ossl_cms_DigestedData_create(md, ctx, propq); - if (cms == NULL) - return NULL; - - if (!(flags & CMS_DETACHED)) - CMS_set_detached(cms, 0); - - if ((flags & CMS_STREAM) || CMS_final(cms, in, NULL, flags)) - return cms; - - CMS_ContentInfo_free(cms); - return NULL; -} - -CMS_ContentInfo *CMS_digest_create(BIO *in, const EVP_MD *md, - unsigned int flags) -{ - return CMS_digest_create_ex(in, md, flags, NULL, NULL); -} - -int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms, - const unsigned char *key, size_t keylen, - BIO *dcont, BIO *out, unsigned int flags) -{ - BIO *cont; - int r; - - if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_encrypted) { - ERR_raise(ERR_LIB_CMS, CMS_R_TYPE_NOT_ENCRYPTED_DATA); - return 0; - } - - if (dcont == NULL && !check_content(cms)) - return 0; - - if (CMS_EncryptedData_set1_key(cms, NULL, key, keylen) <= 0) - return 0; - cont = CMS_dataInit(cms, dcont); - if (cont == NULL) - return 0; - r = cms_copy_content(out, cont, flags); - do_free_upto(cont, dcont); - return r; -} - -CMS_ContentInfo *CMS_EncryptedData_encrypt_ex(BIO *in, const EVP_CIPHER *cipher, - const unsigned char *key, - size_t keylen, unsigned int flags, - OSSL_LIB_CTX *libctx, - const char *propq) -{ - CMS_ContentInfo *cms; - - if (cipher == NULL) { - ERR_raise(ERR_LIB_CMS, CMS_R_NO_CIPHER); - return NULL; - } - cms = CMS_ContentInfo_new_ex(libctx, propq); - if (cms == NULL) - return NULL; - if (!CMS_EncryptedData_set1_key(cms, cipher, key, keylen)) - return NULL; - - if (!(flags & CMS_DETACHED)) - CMS_set_detached(cms, 0); - - if ((flags & (CMS_STREAM | CMS_PARTIAL)) - || CMS_final(cms, in, NULL, flags)) - return cms; - - CMS_ContentInfo_free(cms); - return NULL; -} - -CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher, - const unsigned char *key, - size_t keylen, unsigned int flags) -{ - return CMS_EncryptedData_encrypt_ex(in, cipher, key, keylen, flags, NULL, - NULL); -} - -static int cms_signerinfo_verify_cert(CMS_SignerInfo *si, - X509_STORE *store, - STACK_OF(X509) *certs, - STACK_OF(X509_CRL) *crls, - STACK_OF(X509) **chain, - const CMS_CTX *cms_ctx) -{ - X509_STORE_CTX *ctx; - X509 *signer; - int i, j, r = 0; - - ctx = X509_STORE_CTX_new_ex(ossl_cms_ctx_get0_libctx(cms_ctx), - ossl_cms_ctx_get0_propq(cms_ctx)); - if (ctx == NULL) { - ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE); - goto err; - } - CMS_SignerInfo_get0_algs(si, NULL, &signer, NULL, NULL); - if (!X509_STORE_CTX_init(ctx, store, signer, certs)) { - ERR_raise(ERR_LIB_CMS, CMS_R_STORE_INIT_ERROR); - goto err; - } - X509_STORE_CTX_set_default(ctx, "smime_sign"); - if (crls != NULL) - X509_STORE_CTX_set0_crls(ctx, crls); - - i = X509_verify_cert(ctx); - if (i <= 0) { - j = X509_STORE_CTX_get_error(ctx); - ERR_raise_data(ERR_LIB_CMS, CMS_R_CERTIFICATE_VERIFY_ERROR, - "Verify error: %s", X509_verify_cert_error_string(j)); - goto err; - } - r = 1; - - /* also send back the trust chain when required */ - if (chain != NULL) - *chain = X509_STORE_CTX_get1_chain(ctx); - err: - X509_STORE_CTX_free(ctx); - return r; - -} - -int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs, - X509_STORE *store, BIO *dcont, BIO *out, unsigned int flags) -{ - CMS_SignerInfo *si; - STACK_OF(CMS_SignerInfo) *sinfos; - STACK_OF(X509) *cms_certs = NULL; - STACK_OF(X509_CRL) *crls = NULL; - STACK_OF(X509) **si_chains = NULL; - X509 *signer; - int i, scount = 0, ret = 0; - BIO *cmsbio = NULL, *tmpin = NULL, *tmpout = NULL; - int cadesVerify = (flags & CMS_CADES) != 0; - const CMS_CTX *ctx = ossl_cms_get0_cmsctx(cms); - - if (dcont == NULL && !check_content(cms)) - return 0; - if (dcont != NULL && !(flags & CMS_BINARY)) { - const ASN1_OBJECT *coid = CMS_get0_eContentType(cms); - - if (OBJ_obj2nid(coid) == NID_id_ct_asciiTextWithCRLF) - flags |= CMS_ASCIICRLF; - } - - /* Attempt to find all signer certificates */ - - sinfos = CMS_get0_SignerInfos(cms); - - if (sk_CMS_SignerInfo_num(sinfos) <= 0) { - ERR_raise(ERR_LIB_CMS, CMS_R_NO_SIGNERS); - goto err; - } - - for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) { - si = sk_CMS_SignerInfo_value(sinfos, i); - CMS_SignerInfo_get0_algs(si, NULL, &signer, NULL, NULL); - if (signer) - scount++; - } - - if (scount != sk_CMS_SignerInfo_num(sinfos)) - scount += CMS_set1_signers_certs(cms, certs, flags); - - if (scount != sk_CMS_SignerInfo_num(sinfos)) { - ERR_raise(ERR_LIB_CMS, CMS_R_SIGNER_CERTIFICATE_NOT_FOUND); - goto err; - } - - /* Attempt to verify all signers certs */ - /* at this point scount == sk_CMS_SignerInfo_num(sinfos) */ - - if ((flags & CMS_NO_SIGNER_CERT_VERIFY) == 0 || cadesVerify) { - if (cadesVerify) { - /* Certificate trust chain is required to check CAdES signature */ - si_chains = OPENSSL_zalloc(scount * sizeof(si_chains[0])); - if (si_chains == NULL) { - ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE); - goto err; - } - } - cms_certs = CMS_get1_certs(cms); - if (!(flags & CMS_NOCRL)) - crls = CMS_get1_crls(cms); - for (i = 0; i < scount; i++) { - si = sk_CMS_SignerInfo_value(sinfos, i); - - if (!cms_signerinfo_verify_cert(si, store, cms_certs, crls, - si_chains ? &si_chains[i] : NULL, - ctx)) - goto err; - } - } - - /* Attempt to verify all SignerInfo signed attribute signatures */ - - if ((flags & CMS_NO_ATTR_VERIFY) == 0 || cadesVerify) { - for (i = 0; i < scount; i++) { - si = sk_CMS_SignerInfo_value(sinfos, i); - if (CMS_signed_get_attr_count(si) < 0) - continue; - if (CMS_SignerInfo_verify(si) <= 0) - goto err; - if (cadesVerify) { - STACK_OF(X509) *si_chain = si_chains ? si_chains[i] : NULL; - - if (ossl_cms_check_signing_certs(si, si_chain) <= 0) - goto err; - } - } - } - - /* - * Performance optimization: if the content is a memory BIO then store - * its contents in a temporary read only memory BIO. This avoids - * potentially large numbers of slow copies of data which will occur when - * reading from a read write memory BIO when signatures are calculated. - */ - - if (dcont != NULL && (BIO_method_type(dcont) == BIO_TYPE_MEM)) { - char *ptr; - long len; - - len = BIO_get_mem_data(dcont, &ptr); - tmpin = (len == 0) ? dcont : BIO_new_mem_buf(ptr, len); - if (tmpin == NULL) { - ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE); - goto err2; - } - } else { - tmpin = dcont; - } - /* - * If not binary mode and detached generate digests by *writing* through - * the BIO. That makes it possible to canonicalise the input. - */ - if (!(flags & SMIME_BINARY) && dcont) { - /* - * Create output BIO so we can either handle text or to ensure - * included content doesn't override detached content. - */ - tmpout = cms_get_text_bio(out, flags); - if (tmpout == NULL) { - ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE); - goto err; - } - cmsbio = CMS_dataInit(cms, tmpout); - if (cmsbio == NULL) - goto err; - /* - * Don't use SMIME_TEXT for verify: it adds headers and we want to - * remove them. - */ - if (!SMIME_crlf_copy(dcont, cmsbio, flags & ~SMIME_TEXT)) - goto err; - - if (flags & CMS_TEXT) { - if (!SMIME_text(tmpout, out)) { - ERR_raise(ERR_LIB_CMS, CMS_R_SMIME_TEXT_ERROR); - goto err; - } - } - } else { - cmsbio = CMS_dataInit(cms, tmpin); - if (cmsbio == NULL) - goto err; - - if (!cms_copy_content(out, cmsbio, flags)) - goto err; - - } - if (!(flags & CMS_NO_CONTENT_VERIFY)) { - for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) { - si = sk_CMS_SignerInfo_value(sinfos, i); - if (CMS_SignerInfo_verify_content(si, cmsbio) <= 0) { - ERR_raise(ERR_LIB_CMS, CMS_R_CONTENT_VERIFY_ERROR); - goto err; - } - } - } - - ret = 1; - err: - if (!(flags & SMIME_BINARY) && dcont) { - do_free_upto(cmsbio, tmpout); - if (tmpin != dcont) - BIO_free(tmpin); - } else { - if (dcont && (tmpin == dcont)) - do_free_upto(cmsbio, dcont); - else - BIO_free_all(cmsbio); - } - - if (out != tmpout) - BIO_free_all(tmpout); - - err2: - if (si_chains != NULL) { - for (i = 0; i < scount; ++i) - sk_X509_pop_free(si_chains[i], X509_free); - OPENSSL_free(si_chains); - } - sk_X509_pop_free(cms_certs, X509_free); - sk_X509_CRL_pop_free(crls, X509_CRL_free); - - return ret; -} - -int CMS_verify_receipt(CMS_ContentInfo *rcms, CMS_ContentInfo *ocms, - STACK_OF(X509) *certs, - X509_STORE *store, unsigned int flags) -{ - int r; - - flags &= ~(CMS_DETACHED | CMS_TEXT); - r = CMS_verify(rcms, certs, store, NULL, NULL, flags); - if (r <= 0) - return r; - return ossl_cms_Receipt_verify(rcms, ocms); -} - -CMS_ContentInfo *CMS_sign_ex(X509 *signcert, EVP_PKEY *pkey, - STACK_OF(X509) *certs, BIO *data, - unsigned int flags, OSSL_LIB_CTX *libctx, - const char *propq) -{ - CMS_ContentInfo *cms; - int i; - - cms = CMS_ContentInfo_new_ex(libctx, propq); - if (cms == NULL || !CMS_SignedData_init(cms)) - goto merr; - if (flags & CMS_ASCIICRLF - && !CMS_set1_eContentType(cms, - OBJ_nid2obj(NID_id_ct_asciiTextWithCRLF))) - goto err; - - if (pkey != NULL && !CMS_add1_signer(cms, signcert, pkey, NULL, flags)) { - ERR_raise(ERR_LIB_CMS, CMS_R_ADD_SIGNER_ERROR); - goto err; - } - - for (i = 0; i < sk_X509_num(certs); i++) { - X509 *x = sk_X509_value(certs, i); - - if (!CMS_add1_cert(cms, x)) - goto merr; - } - - if (!(flags & CMS_DETACHED)) - CMS_set_detached(cms, 0); - - if ((flags & (CMS_STREAM | CMS_PARTIAL)) - || CMS_final(cms, data, NULL, flags)) - return cms; - else - goto err; - - merr: - ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE); - - err: - CMS_ContentInfo_free(cms); - return NULL; -} - -CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, - BIO *data, unsigned int flags) -{ - return CMS_sign_ex(signcert, pkey, certs, data, flags, NULL, NULL); -} - -CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si, - X509 *signcert, EVP_PKEY *pkey, - STACK_OF(X509) *certs, unsigned int flags) -{ - CMS_SignerInfo *rct_si; - CMS_ContentInfo *cms = NULL; - ASN1_OCTET_STRING **pos, *os; - BIO *rct_cont = NULL; - int r = 0; - const CMS_CTX *ctx = si->cms_ctx; - - flags &= ~(CMS_STREAM | CMS_TEXT); - /* Not really detached but avoids content being allocated */ - flags |= CMS_PARTIAL | CMS_BINARY | CMS_DETACHED; - if (pkey == NULL || signcert == NULL) { - ERR_raise(ERR_LIB_CMS, CMS_R_NO_KEY_OR_CERT); - return NULL; - } - - /* Initialize signed data */ - - cms = CMS_sign_ex(NULL, NULL, certs, NULL, flags, - ossl_cms_ctx_get0_libctx(ctx), - ossl_cms_ctx_get0_propq(ctx)); - if (cms == NULL) - goto err; - - /* Set inner content type to signed receipt */ - if (!CMS_set1_eContentType(cms, OBJ_nid2obj(NID_id_smime_ct_receipt))) - goto err; - - rct_si = CMS_add1_signer(cms, signcert, pkey, NULL, flags); - if (!rct_si) { - ERR_raise(ERR_LIB_CMS, CMS_R_ADD_SIGNER_ERROR); - goto err; - } - - os = ossl_cms_encode_Receipt(si); - if (os == NULL) - goto err; - - /* Set content to digest */ - rct_cont = BIO_new_mem_buf(os->data, os->length); - if (rct_cont == NULL) - goto err; - - /* Add msgSigDigest attribute */ - - if (!ossl_cms_msgSigDigest_add1(rct_si, si)) - goto err; - - /* Finalize structure */ - if (!CMS_final(cms, rct_cont, NULL, flags)) - goto err; - - /* Set embedded content */ - pos = CMS_get0_content(cms); - if (pos == NULL) - goto err; - *pos = os; - - r = 1; - - err: - BIO_free(rct_cont); - if (r) - return cms; - CMS_ContentInfo_free(cms); - return NULL; - -} - -CMS_ContentInfo *CMS_encrypt_ex(STACK_OF(X509) *certs, BIO *data, - const EVP_CIPHER *cipher, unsigned int flags, - OSSL_LIB_CTX *libctx, const char *propq) -{ - CMS_ContentInfo *cms; - int i; - X509 *recip; - - - cms = (EVP_CIPHER_get_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) - ? CMS_AuthEnvelopedData_create_ex(cipher, libctx, propq) - : CMS_EnvelopedData_create_ex(cipher, libctx, propq); - if (cms == NULL) - goto merr; - for (i = 0; i < sk_X509_num(certs); i++) { - recip = sk_X509_value(certs, i); - if (!CMS_add1_recipient_cert(cms, recip, flags)) { - ERR_raise(ERR_LIB_CMS, CMS_R_RECIPIENT_ERROR); - goto err; - } - } - - if (!(flags & CMS_DETACHED)) - CMS_set_detached(cms, 0); - - if ((flags & (CMS_STREAM | CMS_PARTIAL)) - || CMS_final(cms, data, NULL, flags)) - return cms; - else - goto err; - - merr: - ERR_raise(ERR_LIB_CMS, ERR_R_MALLOC_FAILURE); - err: - CMS_ContentInfo_free(cms); - return NULL; -} - -CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *data, - const EVP_CIPHER *cipher, unsigned int flags) -{ - return CMS_encrypt_ex(certs, data, cipher, flags, NULL, NULL); -} - -static int cms_kari_set1_pkey_and_peer(CMS_ContentInfo *cms, - CMS_RecipientInfo *ri, - EVP_PKEY *pk, X509 *cert, X509 *peer) -{ - int i; - STACK_OF(CMS_RecipientEncryptedKey) *reks; - CMS_RecipientEncryptedKey *rek; - - reks = CMS_RecipientInfo_kari_get0_reks(ri); - for (i = 0; i < sk_CMS_RecipientEncryptedKey_num(reks); i++) { - int rv; - - rek = sk_CMS_RecipientEncryptedKey_value(reks, i); - if (cert != NULL && CMS_RecipientEncryptedKey_cert_cmp(rek, cert)) - continue; - CMS_RecipientInfo_kari_set0_pkey_and_peer(ri, pk, peer); - rv = CMS_RecipientInfo_kari_decrypt(cms, ri, rek); - CMS_RecipientInfo_kari_set0_pkey(ri, NULL); - if (rv > 0) - return 1; - return cert == NULL ? 0 : -1; - } - return 0; -} - -int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert) -{ - return CMS_decrypt_set1_pkey_and_peer(cms, pk, cert, NULL); -} - -int CMS_decrypt_set1_pkey_and_peer(CMS_ContentInfo *cms, EVP_PKEY *pk, - X509 *cert, X509 *peer) -{ - STACK_OF(CMS_RecipientInfo) *ris; - CMS_RecipientInfo *ri; - int i, r, cms_pkey_ri_type; - int debug = 0, match_ri = 0; - - ris = CMS_get0_RecipientInfos(cms); - if (ris != NULL) - debug = ossl_cms_get0_env_enc_content(cms)->debug; - - cms_pkey_ri_type = ossl_cms_pkey_get_ri_type(pk); - if (cms_pkey_ri_type == CMS_RECIPINFO_NONE) { - ERR_raise(ERR_LIB_CMS, CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE); - return 0; - } - - for (i = 0; i < sk_CMS_RecipientInfo_num(ris); i++) { - int ri_type; - - ri = sk_CMS_RecipientInfo_value(ris, i); - ri_type = CMS_RecipientInfo_type(ri); - if (!ossl_cms_pkey_is_ri_type_supported(pk, ri_type)) - continue; - match_ri = 1; - if (ri_type == CMS_RECIPINFO_AGREE) { - r = cms_kari_set1_pkey_and_peer(cms, ri, pk, cert, peer); - if (r > 0) - return 1; - if (r < 0) - return 0; - } - /* - * If we have a cert try matching RecipientInfo otherwise try them - * all. - */ - else if (cert == NULL|| !CMS_RecipientInfo_ktri_cert_cmp(ri, cert)) { - EVP_PKEY_up_ref(pk); - CMS_RecipientInfo_set0_pkey(ri, pk); - r = CMS_RecipientInfo_decrypt(cms, ri); - CMS_RecipientInfo_set0_pkey(ri, NULL); - if (cert != NULL) { - /* - * If not debugging clear any error and return success to - * avoid leaking of information useful to MMA - */ - if (!debug) { - ERR_clear_error(); - return 1; - } - if (r > 0) - return 1; - ERR_raise(ERR_LIB_CMS, CMS_R_DECRYPT_ERROR); - return 0; - } - /* - * If no cert and not debugging don't leave loop after first - * successful decrypt. Always attempt to decrypt all recipients - * to avoid leaking timing of a successful decrypt. - */ - else if (r > 0 && (debug || cms_pkey_ri_type != CMS_RECIPINFO_TRANS)) - return 1; - } - } - /* If no cert, key transport and not debugging always return success */ - if (cert == NULL - && cms_pkey_ri_type == CMS_RECIPINFO_TRANS - && match_ri - && !debug) { - ERR_clear_error(); - return 1; - } - - ERR_raise(ERR_LIB_CMS, CMS_R_NO_MATCHING_RECIPIENT); - return 0; - -} - -int CMS_decrypt_set1_key(CMS_ContentInfo *cms, - unsigned char *key, size_t keylen, - const unsigned char *id, size_t idlen) -{ - STACK_OF(CMS_RecipientInfo) *ris; - CMS_RecipientInfo *ri; - int i, r; - - ris = CMS_get0_RecipientInfos(cms); - for (i = 0; i < sk_CMS_RecipientInfo_num(ris); i++) { - ri = sk_CMS_RecipientInfo_value(ris, i); - if (CMS_RecipientInfo_type(ri) != CMS_RECIPINFO_KEK) - continue; - - /* - * If we have an id try matching RecipientInfo otherwise try them - * all. - */ - if (id == NULL || (CMS_RecipientInfo_kekri_id_cmp(ri, id, idlen) == 0)) { - CMS_RecipientInfo_set0_key(ri, key, keylen); - r = CMS_RecipientInfo_decrypt(cms, ri); - CMS_RecipientInfo_set0_key(ri, NULL, 0); - if (r > 0) - return 1; - if (id != NULL) { - ERR_raise(ERR_LIB_CMS, CMS_R_DECRYPT_ERROR); - return 0; - } - ERR_clear_error(); - } - } - - ERR_raise(ERR_LIB_CMS, CMS_R_NO_MATCHING_RECIPIENT); - return 0; - -} - -int CMS_decrypt_set1_password(CMS_ContentInfo *cms, - unsigned char *pass, ossl_ssize_t passlen) -{ - STACK_OF(CMS_RecipientInfo) *ris; - CMS_RecipientInfo *ri; - int i, r; - - ris = CMS_get0_RecipientInfos(cms); - for (i = 0; i < sk_CMS_RecipientInfo_num(ris); i++) { - ri = sk_CMS_RecipientInfo_value(ris, i); - if (CMS_RecipientInfo_type(ri) != CMS_RECIPINFO_PASS) - continue; - CMS_RecipientInfo_set0_password(ri, pass, passlen); - r = CMS_RecipientInfo_decrypt(cms, ri); - CMS_RecipientInfo_set0_password(ri, NULL, 0); - if (r > 0) - return 1; - } - - ERR_raise(ERR_LIB_CMS, CMS_R_NO_MATCHING_RECIPIENT); - return 0; - -} - -int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert, - BIO *dcont, BIO *out, unsigned int flags) -{ - int r; - BIO *cont; - - int nid = OBJ_obj2nid(CMS_get0_type(cms)); - - if (nid != NID_pkcs7_enveloped - && nid != NID_id_smime_ct_authEnvelopedData) { - ERR_raise(ERR_LIB_CMS, CMS_R_TYPE_NOT_ENVELOPED_DATA); - return 0; - } - if (dcont == NULL && !check_content(cms)) - return 0; - if (flags & CMS_DEBUG_DECRYPT) - ossl_cms_get0_env_enc_content(cms)->debug = 1; - else - ossl_cms_get0_env_enc_content(cms)->debug = 0; - if (cert == NULL) - ossl_cms_get0_env_enc_content(cms)->havenocert = 1; - else - ossl_cms_get0_env_enc_content(cms)->havenocert = 0; - if (pk == NULL && cert == NULL && dcont == NULL && out == NULL) - return 1; - if (pk != NULL && !CMS_decrypt_set1_pkey(cms, pk, cert)) - return 0; - cont = CMS_dataInit(cms, dcont); - if (cont == NULL) - return 0; - r = cms_copy_content(out, cont, flags); - do_free_upto(cont, dcont); - return r; -} - -int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont, unsigned int flags) -{ - BIO *cmsbio; - int ret = 0; - - if ((cmsbio = CMS_dataInit(cms, dcont)) == NULL) { - ERR_raise(ERR_LIB_CMS, CMS_R_CMS_LIB); - return 0; - } - - if (!SMIME_crlf_copy(data, cmsbio, flags)) { - goto err; - } - - (void)BIO_flush(cmsbio); - - if (!CMS_dataFinal(cms, cmsbio)) { - ERR_raise(ERR_LIB_CMS, CMS_R_CMS_DATAFINAL_ERROR); - goto err; - } - - ret = 1; - -err: - do_free_upto(cmsbio, dcont); - - return ret; - -} - -#ifdef ZLIB - -int CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out, - unsigned int flags) -{ - BIO *cont; - int r; - - if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_id_smime_ct_compressedData) { - ERR_raise(ERR_LIB_CMS, CMS_R_TYPE_NOT_COMPRESSED_DATA); - return 0; - } - - if (dcont == NULL && !check_content(cms)) - return 0; - - cont = CMS_dataInit(cms, dcont); - if (cont == NULL) - return 0; - r = cms_copy_content(out, cont, flags); - do_free_upto(cont, dcont); - return r; -} - -CMS_ContentInfo *CMS_compress(BIO *in, int comp_nid, unsigned int flags) -{ - CMS_ContentInfo *cms; - - if (comp_nid <= 0) - comp_nid = NID_zlib_compression; - cms = ossl_cms_CompressedData_create(comp_nid, NULL, NULL); - if (cms == NULL) - return NULL; - - if (!(flags & CMS_DETACHED)) - CMS_set_detached(cms, 0); - - if ((flags & CMS_STREAM) || CMS_final(cms, in, NULL, flags)) - return cms; - - CMS_ContentInfo_free(cms); - return NULL; -} - -#else - -int CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out, - unsigned int flags) -{ - ERR_raise(ERR_LIB_CMS, CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM); - return 0; -} - -CMS_ContentInfo *CMS_compress(BIO *in, int comp_nid, unsigned int flags) -{ - ERR_raise(ERR_LIB_CMS, CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM); - return NULL; -} - -#endif diff --git a/crypto/comp/c_zlib.c b/crypto/comp/c_zlib.c deleted file mode 100644 index 9a7087e444048c476b3cb042feb708565150739e..0000000000000000000000000000000000000000 --- a/crypto/comp/c_zlib.c +++ /dev/null @@ -1,645 +0,0 @@ -/* - * Copyright 1998-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include -#include "internal/comp.h" -#include -#include "crypto/cryptlib.h" -#include "internal/bio.h" -#include "internal/thread_once.h" -#include "comp_local.h" - -COMP_METHOD *COMP_zlib(void); - -static COMP_METHOD zlib_method_nozlib = { - NID_undef, - "(undef)", - NULL, - NULL, - NULL, - NULL, -}; - -#ifndef ZLIB -# undef ZLIB_SHARED -#else - -# include - -static int zlib_stateful_init(COMP_CTX *ctx); -static void zlib_stateful_finish(COMP_CTX *ctx); -static int zlib_stateful_compress_block(COMP_CTX *ctx, unsigned char *out, - unsigned int olen, unsigned char *in, - unsigned int ilen); -static int zlib_stateful_expand_block(COMP_CTX *ctx, unsigned char *out, - unsigned int olen, unsigned char *in, - unsigned int ilen); - -/* memory allocations functions for zlib initialisation */ -static void *zlib_zalloc(void *opaque, unsigned int no, unsigned int size) -{ - void *p; - - p = OPENSSL_zalloc(no * size); - return p; -} - -static void zlib_zfree(void *opaque, void *address) -{ - OPENSSL_free(address); -} - - -static COMP_METHOD zlib_stateful_method = { - NID_zlib_compression, - LN_zlib_compression, - zlib_stateful_init, - zlib_stateful_finish, - zlib_stateful_compress_block, - zlib_stateful_expand_block -}; - -/* - * When OpenSSL is built on Windows, we do not want to require that - * the ZLIB.DLL be available in order for the OpenSSL DLLs to - * work. Therefore, all ZLIB routines are loaded at run time - * and we do not link to a .LIB file when ZLIB_SHARED is set. - */ -# if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) -# include -# endif /* !(OPENSSL_SYS_WINDOWS || - * OPENSSL_SYS_WIN32) */ - -# ifdef ZLIB_SHARED -# include "internal/dso.h" - -/* Function pointers */ -typedef int (*compress_ft) (Bytef *dest, uLongf * destLen, - const Bytef *source, uLong sourceLen); -typedef int (*inflateEnd_ft) (z_streamp strm); -typedef int (*inflate_ft) (z_streamp strm, int flush); -typedef int (*inflateInit__ft) (z_streamp strm, - const char *version, int stream_size); -typedef int (*deflateEnd_ft) (z_streamp strm); -typedef int (*deflate_ft) (z_streamp strm, int flush); -typedef int (*deflateInit__ft) (z_streamp strm, int level, - const char *version, int stream_size); -typedef const char *(*zError__ft) (int err); -static compress_ft p_compress = NULL; -static inflateEnd_ft p_inflateEnd = NULL; -static inflate_ft p_inflate = NULL; -static inflateInit__ft p_inflateInit_ = NULL; -static deflateEnd_ft p_deflateEnd = NULL; -static deflate_ft p_deflate = NULL; -static deflateInit__ft p_deflateInit_ = NULL; -static zError__ft p_zError = NULL; - -static DSO *zlib_dso = NULL; - -# define compress p_compress -# define inflateEnd p_inflateEnd -# define inflate p_inflate -# define inflateInit_ p_inflateInit_ -# define deflateEnd p_deflateEnd -# define deflate p_deflate -# define deflateInit_ p_deflateInit_ -# define zError p_zError -# endif /* ZLIB_SHARED */ - -struct zlib_state { - z_stream istream; - z_stream ostream; -}; - -static int zlib_stateful_init(COMP_CTX *ctx) -{ - int err; - struct zlib_state *state = OPENSSL_zalloc(sizeof(*state)); - - if (state == NULL) - goto err; - - state->istream.zalloc = zlib_zalloc; - state->istream.zfree = zlib_zfree; - state->istream.opaque = Z_NULL; - state->istream.next_in = Z_NULL; - state->istream.next_out = Z_NULL; - err = inflateInit_(&state->istream, ZLIB_VERSION, sizeof(z_stream)); - if (err != Z_OK) - goto err; - - state->ostream.zalloc = zlib_zalloc; - state->ostream.zfree = zlib_zfree; - state->ostream.opaque = Z_NULL; - state->ostream.next_in = Z_NULL; - state->ostream.next_out = Z_NULL; - err = deflateInit_(&state->ostream, Z_DEFAULT_COMPRESSION, - ZLIB_VERSION, sizeof(z_stream)); - if (err != Z_OK) - goto err; - - ctx->data = state; - return 1; - err: - OPENSSL_free(state); - return 0; -} - -static void zlib_stateful_finish(COMP_CTX *ctx) -{ - struct zlib_state *state = ctx->data; - inflateEnd(&state->istream); - deflateEnd(&state->ostream); - OPENSSL_free(state); -} - -static int zlib_stateful_compress_block(COMP_CTX *ctx, unsigned char *out, - unsigned int olen, unsigned char *in, - unsigned int ilen) -{ - int err = Z_OK; - struct zlib_state *state = ctx->data; - - if (state == NULL) - return -1; - - state->ostream.next_in = in; - state->ostream.avail_in = ilen; - state->ostream.next_out = out; - state->ostream.avail_out = olen; - if (ilen > 0) - err = deflate(&state->ostream, Z_SYNC_FLUSH); - if (err != Z_OK) - return -1; - return olen - state->ostream.avail_out; -} - -static int zlib_stateful_expand_block(COMP_CTX *ctx, unsigned char *out, - unsigned int olen, unsigned char *in, - unsigned int ilen) -{ - int err = Z_OK; - struct zlib_state *state = ctx->data; - - if (state == NULL) - return 0; - - state->istream.next_in = in; - state->istream.avail_in = ilen; - state->istream.next_out = out; - state->istream.avail_out = olen; - if (ilen > 0) - err = inflate(&state->istream, Z_SYNC_FLUSH); - if (err != Z_OK) - return -1; - return olen - state->istream.avail_out; -} - -static CRYPTO_ONCE zlib_once = CRYPTO_ONCE_STATIC_INIT; -DEFINE_RUN_ONCE_STATIC(ossl_comp_zlib_init) -{ -# ifdef ZLIB_SHARED - /* LIBZ may be externally defined, and we should respect that value */ -# ifndef LIBZ -# if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) -# define LIBZ "ZLIB1" -# elif defined(OPENSSL_SYS_VMS) -# define LIBZ "LIBZ" -# else -# define LIBZ "z" -# endif -# endif - - zlib_dso = DSO_load(NULL, LIBZ, NULL, 0); - if (zlib_dso != NULL) { - p_compress = (compress_ft) DSO_bind_func(zlib_dso, "compress"); - p_inflateEnd = (inflateEnd_ft) DSO_bind_func(zlib_dso, "inflateEnd"); - p_inflate = (inflate_ft) DSO_bind_func(zlib_dso, "inflate"); - p_inflateInit_ = (inflateInit__ft) DSO_bind_func(zlib_dso, "inflateInit_"); - p_deflateEnd = (deflateEnd_ft) DSO_bind_func(zlib_dso, "deflateEnd"); - p_deflate = (deflate_ft) DSO_bind_func(zlib_dso, "deflate"); - p_deflateInit_ = (deflateInit__ft) DSO_bind_func(zlib_dso, "deflateInit_"); - p_zError = (zError__ft) DSO_bind_func(zlib_dso, "zError"); - - if (p_compress == NULL || p_inflateEnd == NULL - || p_inflate == NULL || p_inflateInit_ == NULL - || p_deflateEnd == NULL || p_deflate == NULL - || p_deflateInit_ == NULL || p_zError == NULL) { - ossl_comp_zlib_cleanup(); - return 0; - } - } -# endif - return 1; -} -#endif - -COMP_METHOD *COMP_zlib(void) -{ - COMP_METHOD *meth = &zlib_method_nozlib; - -#ifdef ZLIB - if (RUN_ONCE(&zlib_once, ossl_comp_zlib_init)) - meth = &zlib_stateful_method; -#endif - - return meth; -} - -/* Also called from OPENSSL_cleanup() */ -void ossl_comp_zlib_cleanup(void) -{ -#ifdef ZLIB_SHARED - DSO_free(zlib_dso); - zlib_dso = NULL; -#endif -} - -#ifdef ZLIB - -/* Zlib based compression/decompression filter BIO */ - -typedef struct { - unsigned char *ibuf; /* Input buffer */ - int ibufsize; /* Buffer size */ - z_stream zin; /* Input decompress context */ - unsigned char *obuf; /* Output buffer */ - int obufsize; /* Output buffer size */ - unsigned char *optr; /* Position in output buffer */ - int ocount; /* Amount of data in output buffer */ - int odone; /* deflate EOF */ - int comp_level; /* Compression level to use */ - z_stream zout; /* Output compression context */ -} BIO_ZLIB_CTX; - -# define ZLIB_DEFAULT_BUFSIZE 1024 - -static int bio_zlib_new(BIO *bi); -static int bio_zlib_free(BIO *bi); -static int bio_zlib_read(BIO *b, char *out, int outl); -static int bio_zlib_write(BIO *b, const char *in, int inl); -static long bio_zlib_ctrl(BIO *b, int cmd, long num, void *ptr); -static long bio_zlib_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp); - -static const BIO_METHOD bio_meth_zlib = { - BIO_TYPE_COMP, - "zlib", - bwrite_conv, - bio_zlib_write, - bread_conv, - bio_zlib_read, - NULL, /* bio_zlib_puts, */ - NULL, /* bio_zlib_gets, */ - bio_zlib_ctrl, - bio_zlib_new, - bio_zlib_free, - bio_zlib_callback_ctrl -}; - -const BIO_METHOD *BIO_f_zlib(void) -{ - return &bio_meth_zlib; -} - -static int bio_zlib_new(BIO *bi) -{ - BIO_ZLIB_CTX *ctx; - -# ifdef ZLIB_SHARED - if (!RUN_ONCE(&zlib_once, ossl_comp_zlib_init)) { - ERR_raise(ERR_LIB_COMP, COMP_R_ZLIB_NOT_SUPPORTED); - return 0; - } -# endif - ctx = OPENSSL_zalloc(sizeof(*ctx)); - if (ctx == NULL) { - ERR_raise(ERR_LIB_COMP, ERR_R_MALLOC_FAILURE); - return 0; - } - ctx->ibufsize = ZLIB_DEFAULT_BUFSIZE; - ctx->obufsize = ZLIB_DEFAULT_BUFSIZE; - ctx->zin.zalloc = Z_NULL; - ctx->zin.zfree = Z_NULL; - ctx->zout.zalloc = Z_NULL; - ctx->zout.zfree = Z_NULL; - ctx->comp_level = Z_DEFAULT_COMPRESSION; - BIO_set_init(bi, 1); - BIO_set_data(bi, ctx); - - return 1; -} - -static int bio_zlib_free(BIO *bi) -{ - BIO_ZLIB_CTX *ctx; - - if (!bi) - return 0; - ctx = BIO_get_data(bi); - if (ctx->ibuf) { - /* Destroy decompress context */ - inflateEnd(&ctx->zin); - OPENSSL_free(ctx->ibuf); - } - if (ctx->obuf) { - /* Destroy compress context */ - deflateEnd(&ctx->zout); - OPENSSL_free(ctx->obuf); - } - OPENSSL_free(ctx); - BIO_set_data(bi, NULL); - BIO_set_init(bi, 0); - - return 1; -} - -static int bio_zlib_read(BIO *b, char *out, int outl) -{ - BIO_ZLIB_CTX *ctx; - int ret; - z_stream *zin; - BIO *next = BIO_next(b); - - if (!out || !outl) - return 0; - ctx = BIO_get_data(b); - zin = &ctx->zin; - BIO_clear_retry_flags(b); - if (!ctx->ibuf) { - ctx->ibuf = OPENSSL_malloc(ctx->ibufsize); - if (ctx->ibuf == NULL) { - ERR_raise(ERR_LIB_COMP, ERR_R_MALLOC_FAILURE); - return 0; - } - if ((ret = inflateInit(zin)) != Z_OK) { - ERR_raise_data(ERR_LIB_COMP, COMP_R_ZLIB_INFLATE_ERROR, - "zlib error: %s", zError(ret)); - return 0; - } - zin->next_in = ctx->ibuf; - zin->avail_in = 0; - } - - /* Copy output data directly to supplied buffer */ - zin->next_out = (unsigned char *)out; - zin->avail_out = (unsigned int)outl; - for (;;) { - /* Decompress while data available */ - while (zin->avail_in) { - ret = inflate(zin, 0); - if ((ret != Z_OK) && (ret != Z_STREAM_END)) { - ERR_raise_data(ERR_LIB_COMP, COMP_R_ZLIB_INFLATE_ERROR, - "zlib error: %s", zError(ret)); - return 0; - } - /* If EOF or we've read everything then return */ - if ((ret == Z_STREAM_END) || !zin->avail_out) - return outl - zin->avail_out; - } - - /* - * No data in input buffer try to read some in, if an error then - * return the total data read. - */ - ret = BIO_read(next, ctx->ibuf, ctx->ibufsize); - if (ret <= 0) { - /* Total data read */ - int tot = outl - zin->avail_out; - BIO_copy_next_retry(b); - if (ret < 0) - return (tot > 0) ? tot : ret; - return tot; - } - zin->avail_in = ret; - zin->next_in = ctx->ibuf; - } -} - -static int bio_zlib_write(BIO *b, const char *in, int inl) -{ - BIO_ZLIB_CTX *ctx; - int ret; - z_stream *zout; - BIO *next = BIO_next(b); - - if (!in || !inl) - return 0; - ctx = BIO_get_data(b); - if (ctx->odone) - return 0; - zout = &ctx->zout; - BIO_clear_retry_flags(b); - if (!ctx->obuf) { - ctx->obuf = OPENSSL_malloc(ctx->obufsize); - /* Need error here */ - if (ctx->obuf == NULL) { - ERR_raise(ERR_LIB_COMP, ERR_R_MALLOC_FAILURE); - return 0; - } - ctx->optr = ctx->obuf; - ctx->ocount = 0; - if ((ret = deflateInit(zout, ctx->comp_level)) != Z_OK) { - ERR_raise_data(ERR_LIB_COMP, COMP_R_ZLIB_DEFLATE_ERROR, - "zlib error: %s", zError(ret)); - return 0; - } - zout->next_out = ctx->obuf; - zout->avail_out = ctx->obufsize; - } - /* Obtain input data directly from supplied buffer */ - zout->next_in = (void *)in; - zout->avail_in = inl; - for (;;) { - /* If data in output buffer write it first */ - while (ctx->ocount) { - ret = BIO_write(next, ctx->optr, ctx->ocount); - if (ret <= 0) { - /* Total data written */ - int tot = inl - zout->avail_in; - BIO_copy_next_retry(b); - if (ret < 0) - return (tot > 0) ? tot : ret; - return tot; - } - ctx->optr += ret; - ctx->ocount -= ret; - } - - /* Have we consumed all supplied data? */ - if (!zout->avail_in) - return inl; - - /* Compress some more */ - - /* Reset buffer */ - ctx->optr = ctx->obuf; - zout->next_out = ctx->obuf; - zout->avail_out = ctx->obufsize; - /* Compress some more */ - ret = deflate(zout, 0); - if (ret != Z_OK) { - ERR_raise_data(ERR_LIB_COMP, COMP_R_ZLIB_DEFLATE_ERROR, - "zlib error: %s", zError(ret)); - return 0; - } - ctx->ocount = ctx->obufsize - zout->avail_out; - } -} - -static int bio_zlib_flush(BIO *b) -{ - BIO_ZLIB_CTX *ctx; - int ret; - z_stream *zout; - BIO *next = BIO_next(b); - - ctx = BIO_get_data(b); - /* If no data written or already flush show success */ - if (!ctx->obuf || (ctx->odone && !ctx->ocount)) - return 1; - zout = &ctx->zout; - BIO_clear_retry_flags(b); - /* No more input data */ - zout->next_in = NULL; - zout->avail_in = 0; - for (;;) { - /* If data in output buffer write it first */ - while (ctx->ocount) { - ret = BIO_write(next, ctx->optr, ctx->ocount); - if (ret <= 0) { - BIO_copy_next_retry(b); - return ret; - } - ctx->optr += ret; - ctx->ocount -= ret; - } - if (ctx->odone) - return 1; - - /* Compress some more */ - - /* Reset buffer */ - ctx->optr = ctx->obuf; - zout->next_out = ctx->obuf; - zout->avail_out = ctx->obufsize; - /* Compress some more */ - ret = deflate(zout, Z_FINISH); - if (ret == Z_STREAM_END) - ctx->odone = 1; - else if (ret != Z_OK) { - ERR_raise_data(ERR_LIB_COMP, COMP_R_ZLIB_DEFLATE_ERROR, - "zlib error: %s", zError(ret)); - return 0; - } - ctx->ocount = ctx->obufsize - zout->avail_out; - } -} - -static long bio_zlib_ctrl(BIO *b, int cmd, long num, void *ptr) -{ - BIO_ZLIB_CTX *ctx; - int ret, *ip; - int ibs, obs; - BIO *next = BIO_next(b); - - if (next == NULL) - return 0; - ctx = BIO_get_data(b); - switch (cmd) { - - case BIO_CTRL_RESET: - ctx->ocount = 0; - ctx->odone = 0; - ret = 1; - break; - - case BIO_CTRL_FLUSH: - ret = bio_zlib_flush(b); - if (ret > 0) - ret = BIO_flush(next); - break; - - case BIO_C_SET_BUFF_SIZE: - ibs = -1; - obs = -1; - if (ptr != NULL) { - ip = ptr; - if (*ip == 0) - ibs = (int)num; - else - obs = (int)num; - } else { - ibs = (int)num; - obs = ibs; - } - - if (ibs != -1) { - OPENSSL_free(ctx->ibuf); - ctx->ibuf = NULL; - ctx->ibufsize = ibs; - } - - if (obs != -1) { - OPENSSL_free(ctx->obuf); - ctx->obuf = NULL; - ctx->obufsize = obs; - } - ret = 1; - break; - - case BIO_C_DO_STATE_MACHINE: - BIO_clear_retry_flags(b); - ret = BIO_ctrl(next, cmd, num, ptr); - BIO_copy_next_retry(b); - break; - - case BIO_CTRL_WPENDING: - if (ctx->obuf == NULL) - return 0; - - if (ctx->odone) { - ret = ctx->ocount; - } else { - ret = ctx->ocount; - if (ret == 0) - /* Unknown amount pending but we are not finished */ - ret = 1; - } - if (ret == 0) - ret = BIO_ctrl(next, cmd, num, ptr); - break; - - case BIO_CTRL_PENDING: - ret = ctx->zin.avail_in; - if (ret == 0) - ret = BIO_ctrl(next, cmd, num, ptr); - break; - - default: - ret = BIO_ctrl(next, cmd, num, ptr); - break; - - } - - return ret; -} - -static long bio_zlib_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp) -{ - BIO *next = BIO_next(b); - - if (next == NULL) - return 0; - return BIO_callback_ctrl(next, cmd, fp); -} - -#endif diff --git a/crypto/comp/comp_err.c b/crypto/comp/comp_err.c deleted file mode 100644 index 70a6eea0f052715da49eebc4108530c72cd5087e..0000000000000000000000000000000000000000 --- a/crypto/comp/comp_err.c +++ /dev/null @@ -1,41 +0,0 @@ -/* - * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include "crypto/comperr.h" - -#ifndef OPENSSL_NO_COMP - -# ifndef OPENSSL_NO_ERR - -static const ERR_STRING_DATA COMP_str_reasons[] = { - {ERR_PACK(ERR_LIB_COMP, 0, COMP_R_ZLIB_DEFLATE_ERROR), - "zlib deflate error"}, - {ERR_PACK(ERR_LIB_COMP, 0, COMP_R_ZLIB_INFLATE_ERROR), - "zlib inflate error"}, - {ERR_PACK(ERR_LIB_COMP, 0, COMP_R_ZLIB_NOT_SUPPORTED), - "zlib not supported"}, - {0, NULL} -}; - -# endif - -int ossl_err_load_COMP_strings(void) -{ -# ifndef OPENSSL_NO_ERR - if (ERR_reason_error_string(COMP_str_reasons[0].error) == NULL) - ERR_load_strings_const(COMP_str_reasons); -# endif - return 1; -} -#else -NON_EMPTY_TRANSLATION_UNIT -#endif diff --git a/crypto/comp/comp_lib.c b/crypto/comp/comp_lib.c deleted file mode 100644 index bf9069d871a45c975be21a76601604ded7ab5146..0000000000000000000000000000000000000000 --- a/crypto/comp/comp_lib.c +++ /dev/null @@ -1,93 +0,0 @@ -/* - * Copyright 1998-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include -#include -#include -#include "comp_local.h" - -COMP_CTX *COMP_CTX_new(COMP_METHOD *meth) -{ - COMP_CTX *ret; - - if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL) { - ERR_raise(ERR_LIB_COMP, ERR_R_MALLOC_FAILURE); - return NULL; - } - ret->meth = meth; - if ((ret->meth->init != NULL) && !ret->meth->init(ret)) { - OPENSSL_free(ret); - ret = NULL; - } - return ret; -} - -const COMP_METHOD *COMP_CTX_get_method(const COMP_CTX *ctx) -{ - return ctx->meth; -} - -int COMP_get_type(const COMP_METHOD *meth) -{ - return meth->type; -} - -const char *COMP_get_name(const COMP_METHOD *meth) -{ - return meth->name; -} - -void COMP_CTX_free(COMP_CTX *ctx) -{ - if (ctx == NULL) - return; - if (ctx->meth->finish != NULL) - ctx->meth->finish(ctx); - - OPENSSL_free(ctx); -} - -int COMP_compress_block(COMP_CTX *ctx, unsigned char *out, int olen, - unsigned char *in, int ilen) -{ - int ret; - if (ctx->meth->compress == NULL) { - return -1; - } - ret = ctx->meth->compress(ctx, out, olen, in, ilen); - if (ret > 0) { - ctx->compress_in += ilen; - ctx->compress_out += ret; - } - return ret; -} - -int COMP_expand_block(COMP_CTX *ctx, unsigned char *out, int olen, - unsigned char *in, int ilen) -{ - int ret; - - if (ctx->meth->expand == NULL) { - return -1; - } - ret = ctx->meth->expand(ctx, out, olen, in, ilen); - if (ret > 0) { - ctx->expand_in += ilen; - ctx->expand_out += ret; - } - return ret; -} - -int COMP_CTX_get_type(const COMP_CTX* comp) -{ - return comp->meth ? comp->meth->type : NID_undef; -} diff --git a/crypto/comp/comp_local.h b/crypto/comp/comp_local.h deleted file mode 100644 index acf113e31cd0865174bd5bfc399a7d744d62ed96..0000000000000000000000000000000000000000 --- a/crypto/comp/comp_local.h +++ /dev/null @@ -1,30 +0,0 @@ -/* - * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -struct comp_method_st { - int type; /* NID for compression library */ - const char *name; /* A text string to identify the library */ - int (*init) (COMP_CTX *ctx); - void (*finish) (COMP_CTX *ctx); - int (*compress) (COMP_CTX *ctx, - unsigned char *out, unsigned int olen, - unsigned char *in, unsigned int ilen); - int (*expand) (COMP_CTX *ctx, - unsigned char *out, unsigned int olen, - unsigned char *in, unsigned int ilen); -}; - -struct comp_ctx_st { - struct comp_method_st *meth; - unsigned long compress_in; - unsigned long compress_out; - unsigned long expand_in; - unsigned long expand_out; - void* data; -}; diff --git a/crypto/conf/conf_api.c b/crypto/conf/conf_api.c deleted file mode 100644 index 7a4efe6dbb2b1297f353a50e724d420469c22ffd..0000000000000000000000000000000000000000 --- a/crypto/conf/conf_api.c +++ /dev/null @@ -1,214 +0,0 @@ -/* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* Part of the code in here was originally in conf.c, which is now removed */ - -#include "e_os.h" -#include "internal/cryptlib.h" -#include -#include -#include -#include -#include "conf_local.h" - -static void value_free_hash(const CONF_VALUE *a, LHASH_OF(CONF_VALUE) *conf); -static void value_free_stack_doall(CONF_VALUE *a); - -CONF_VALUE *_CONF_get_section(const CONF *conf, const char *section) -{ - CONF_VALUE vv; - - if (conf == NULL || section == NULL) - return NULL; - vv.name = NULL; - vv.section = (char *)section; - return conf->data != NULL ? lh_CONF_VALUE_retrieve(conf->data, &vv) : NULL; -} - -STACK_OF(CONF_VALUE) *_CONF_get_section_values(const CONF *conf, - const char *section) -{ - CONF_VALUE *v; - - v = _CONF_get_section(conf, section); - if (v == NULL) - return NULL; - return ((STACK_OF(CONF_VALUE) *)v->value); -} - -int _CONF_add_string(CONF *conf, CONF_VALUE *section, CONF_VALUE *value) -{ - CONF_VALUE *v = NULL; - STACK_OF(CONF_VALUE) *ts; - - ts = (STACK_OF(CONF_VALUE) *)section->value; - - value->section = section->section; - if (!sk_CONF_VALUE_push(ts, value)) - return 0; - - v = lh_CONF_VALUE_insert(conf->data, value); - if (v != NULL) { - (void)sk_CONF_VALUE_delete_ptr(ts, v); - OPENSSL_free(v->name); - OPENSSL_free(v->value); - OPENSSL_free(v); - } - return 1; -} - -char *_CONF_get_string(const CONF *conf, const char *section, - const char *name) -{ - CONF_VALUE *v, vv; - char *p; - - if (name == NULL) - return NULL; - if (conf == NULL) - return ossl_safe_getenv(name); - if (conf->data == NULL) - return NULL; - if (section != NULL) { - vv.name = (char *)name; - vv.section = (char *)section; - v = lh_CONF_VALUE_retrieve(conf->data, &vv); - if (v != NULL) - return v->value; - if (strcmp(section, "ENV") == 0) { - p = ossl_safe_getenv(name); - if (p != NULL) - return p; - } - } - vv.section = "default"; - vv.name = (char *)name; - v = lh_CONF_VALUE_retrieve(conf->data, &vv); - if (v == NULL) - return NULL; - return v->value; -} - -static unsigned long conf_value_hash(const CONF_VALUE *v) -{ - return (OPENSSL_LH_strhash(v->section) << 2) ^ OPENSSL_LH_strhash(v->name); -} - -static int conf_value_cmp(const CONF_VALUE *a, const CONF_VALUE *b) -{ - int i; - - if (a->section != b->section) { - i = strcmp(a->section, b->section); - if (i != 0) - return i; - } - - if (a->name != NULL && b->name != NULL) - return strcmp(a->name, b->name); - if (a->name == b->name) - return 0; - return (a->name == NULL) ? -1 : 1; -} - -int _CONF_new_data(CONF *conf) -{ - if (conf == NULL) - return 0; - if (conf->data == NULL) { - conf->data = lh_CONF_VALUE_new(conf_value_hash, conf_value_cmp); - if (conf->data == NULL) - return 0; - } - return 1; -} - -typedef LHASH_OF(CONF_VALUE) LH_CONF_VALUE; - -IMPLEMENT_LHASH_DOALL_ARG_CONST(CONF_VALUE, LH_CONF_VALUE); - -void _CONF_free_data(CONF *conf) -{ - if (conf == NULL) - return; - - OPENSSL_free(conf->includedir); - if (conf->data == NULL) - return; - - /* evil thing to make sure the 'OPENSSL_free()' works as expected */ - lh_CONF_VALUE_set_down_load(conf->data, 0); - lh_CONF_VALUE_doall_LH_CONF_VALUE(conf->data, value_free_hash, conf->data); - - /* - * We now have only 'section' entries in the hash table. Due to problems - * with - */ - - lh_CONF_VALUE_doall(conf->data, value_free_stack_doall); - lh_CONF_VALUE_free(conf->data); -} - -static void value_free_hash(const CONF_VALUE *a, LHASH_OF(CONF_VALUE) *conf) -{ - if (a->name != NULL) - (void)lh_CONF_VALUE_delete(conf, a); -} - -static void value_free_stack_doall(CONF_VALUE *a) -{ - CONF_VALUE *vv; - STACK_OF(CONF_VALUE) *sk; - int i; - - if (a->name != NULL) - return; - - sk = (STACK_OF(CONF_VALUE) *)a->value; - for (i = sk_CONF_VALUE_num(sk) - 1; i >= 0; i--) { - vv = sk_CONF_VALUE_value(sk, i); - OPENSSL_free(vv->value); - OPENSSL_free(vv->name); - OPENSSL_free(vv); - } - sk_CONF_VALUE_free(sk); - OPENSSL_free(a->section); - OPENSSL_free(a); -} - -CONF_VALUE *_CONF_new_section(CONF *conf, const char *section) -{ - STACK_OF(CONF_VALUE) *sk = NULL; - int i; - CONF_VALUE *v = NULL, *vv; - - if ((sk = sk_CONF_VALUE_new_null()) == NULL) - goto err; - if ((v = OPENSSL_malloc(sizeof(*v))) == NULL) - goto err; - i = strlen(section) + 1; - if ((v->section = OPENSSL_malloc(i)) == NULL) - goto err; - - memcpy(v->section, section, i); - v->name = NULL; - v->value = (char *)sk; - - vv = lh_CONF_VALUE_insert(conf->data, v); - if (vv != NULL || lh_CONF_VALUE_error(conf->data) > 0) - goto err; - return v; - - err: - sk_CONF_VALUE_free(sk); - if (v != NULL) - OPENSSL_free(v->section); - OPENSSL_free(v); - return NULL; -} diff --git a/crypto/conf/conf_def.c b/crypto/conf/conf_def.c deleted file mode 100644 index b5d6668f4276a82002deeadae5925cfc6a5c92e9..0000000000000000000000000000000000000000 --- a/crypto/conf/conf_def.c +++ /dev/null @@ -1,1007 +0,0 @@ -/* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* Part of the code in here was originally in conf.c, which is now removed */ - -#include -#include -#include "e_os.h" /* struct stat */ -#ifdef __TANDEM -# include /* needed for stat.h */ -# include /* struct stat */ -#endif -#include "internal/cryptlib.h" -#include "internal/o_dir.h" -#include -#include -#include -#include "conf_local.h" -#include "conf_def.h" -#include -#include -#ifndef OPENSSL_NO_POSIX_IO -# include -# ifdef _WIN32 -# define stat _stat -# endif -#endif - -#ifndef S_ISDIR -# define S_ISDIR(a) (((a) & S_IFMT) == S_IFDIR) -#endif - -/* - * The maximum length we can grow a value to after variable expansion. 64k - * should be more than enough for all reasonable uses. - */ -#define MAX_CONF_VALUE_LENGTH 65536 - -static int is_keytype(const CONF *conf, char c, unsigned short type); -static char *eat_ws(CONF *conf, char *p); -static void trim_ws(CONF *conf, char *start); -static char *eat_alpha_numeric(CONF *conf, char *p); -static void clear_comments(CONF *conf, char *p); -static int str_copy(CONF *conf, char *section, char **to, char *from); -static char *scan_quote(CONF *conf, char *p); -static char *scan_dquote(CONF *conf, char *p); -#define scan_esc(conf,p) (((IS_EOF((conf),(p)[1]))?((p)+1):((p)+2))) -#ifndef OPENSSL_NO_POSIX_IO -static BIO *process_include(char *include, OPENSSL_DIR_CTX **dirctx, - char **dirpath); -static BIO *get_next_file(const char *path, OPENSSL_DIR_CTX **dirctx); -#endif - -static CONF *def_create(CONF_METHOD *meth); -static int def_init_default(CONF *conf); -#ifndef OPENSSL_NO_DEPRECATED_3_0 -static int def_init_WIN32(CONF *conf); -#endif -static int def_destroy(CONF *conf); -static int def_destroy_data(CONF *conf); -static int def_load(CONF *conf, const char *name, long *eline); -static int def_load_bio(CONF *conf, BIO *bp, long *eline); -static int def_dump(const CONF *conf, BIO *bp); -static int def_is_number(const CONF *conf, char c); -static int def_to_int(const CONF *conf, char c); - -static CONF_METHOD default_method = { - "OpenSSL default", - def_create, - def_init_default, - def_destroy, - def_destroy_data, - def_load_bio, - def_dump, - def_is_number, - def_to_int, - def_load -}; - -CONF_METHOD *NCONF_default(void) -{ - return &default_method; -} - -#ifndef OPENSSL_NO_DEPRECATED_3_0 -static CONF_METHOD WIN32_method = { - "WIN32", - def_create, - def_init_WIN32, - def_destroy, - def_destroy_data, - def_load_bio, - def_dump, - def_is_number, - def_to_int, - def_load -}; - -CONF_METHOD *NCONF_WIN32(void) -{ - return &WIN32_method; -} -#endif - -static CONF *def_create(CONF_METHOD *meth) -{ - CONF *ret; - - ret = OPENSSL_malloc(sizeof(*ret)); - if (ret != NULL) - if (meth->init(ret) == 0) { - OPENSSL_free(ret); - ret = NULL; - } - return ret; -} - -static int def_init_default(CONF *conf) -{ - if (conf == NULL) - return 0; - - memset(conf, 0, sizeof(*conf)); - conf->meth = &default_method; - conf->meth_data = (void *)CONF_type_default; - - return 1; -} - -#ifndef OPENSSL_NO_DEPRECATED_3_0 -static int def_init_WIN32(CONF *conf) -{ - if (conf == NULL) - return 0; - - memset(conf, 0, sizeof(*conf)); - conf->meth = &WIN32_method; - conf->meth_data = (void *)CONF_type_win32; - - return 1; -} -#endif - -static int def_destroy(CONF *conf) -{ - if (def_destroy_data(conf)) { - OPENSSL_free(conf); - return 1; - } - return 0; -} - -static int def_destroy_data(CONF *conf) -{ - if (conf == NULL) - return 0; - _CONF_free_data(conf); - return 1; -} - -static int def_load(CONF *conf, const char *name, long *line) -{ - int ret; - BIO *in = NULL; - -#ifdef OPENSSL_SYS_VMS - in = BIO_new_file(name, "r"); -#else - in = BIO_new_file(name, "rb"); -#endif - if (in == NULL) { - if (ERR_GET_REASON(ERR_peek_last_error()) == BIO_R_NO_SUCH_FILE) - ERR_raise(ERR_LIB_CONF, CONF_R_NO_SUCH_FILE); - else - ERR_raise(ERR_LIB_CONF, ERR_R_SYS_LIB); - return 0; - } - - ret = def_load_bio(conf, in, line); - BIO_free(in); - - return ret; -} - - -/* Parse a boolean value and fill in *flag. Return 0 on error. */ -static int parsebool(const char *pval, int *flag) -{ - if (OPENSSL_strcasecmp(pval, "on") == 0 - || OPENSSL_strcasecmp(pval, "true") == 0) { - *flag = 1; - } else if (OPENSSL_strcasecmp(pval, "off") == 0 - || OPENSSL_strcasecmp(pval, "false") == 0) { - *flag = 0; - } else { - ERR_raise(ERR_LIB_CONF, CONF_R_INVALID_PRAGMA); - return 0; - } - return 1; -} - -static int def_load_bio(CONF *conf, BIO *in, long *line) -{ -/* The macro BUFSIZE conflicts with a system macro in VxWorks */ -#define CONFBUFSIZE 512 - int bufnum = 0, i, ii; - BUF_MEM *buff = NULL; - char *s, *p, *end; - int again; - int first_call = 1; - long eline = 0; - char btmp[DECIMAL_SIZE(eline) + 1]; - CONF_VALUE *v = NULL, *tv; - CONF_VALUE *sv = NULL; - char *section = NULL, *buf; - char *start, *psection, *pname; - void *h = (void *)(conf->data); - STACK_OF(BIO) *biosk = NULL; -#ifndef OPENSSL_NO_POSIX_IO - char *dirpath = NULL; - OPENSSL_DIR_CTX *dirctx = NULL; -#endif - - if ((buff = BUF_MEM_new()) == NULL) { - ERR_raise(ERR_LIB_CONF, ERR_R_BUF_LIB); - goto err; - } - - section = OPENSSL_strdup("default"); - if (section == NULL) { - ERR_raise(ERR_LIB_CONF, ERR_R_MALLOC_FAILURE); - goto err; - } - - if (_CONF_new_data(conf) == 0) { - ERR_raise(ERR_LIB_CONF, ERR_R_MALLOC_FAILURE); - goto err; - } - - sv = _CONF_new_section(conf, section); - if (sv == NULL) { - ERR_raise(ERR_LIB_CONF, CONF_R_UNABLE_TO_CREATE_NEW_SECTION); - goto err; - } - - bufnum = 0; - again = 0; - for (;;) { - if (!BUF_MEM_grow(buff, bufnum + CONFBUFSIZE)) { - ERR_raise(ERR_LIB_CONF, ERR_R_BUF_LIB); - goto err; - } - p = &(buff->data[bufnum]); - *p = '\0'; - read_retry: - if (in != NULL && BIO_gets(in, p, CONFBUFSIZE - 1) < 0) - goto err; - p[CONFBUFSIZE - 1] = '\0'; - ii = i = strlen(p); - if (first_call) { - /* Other BOMs imply unsupported multibyte encoding, - * so don't strip them and let the error raise */ - const unsigned char utf8_bom[3] = {0xEF, 0xBB, 0xBF}; - - if (i >= 3 && memcmp(p, utf8_bom, 3) == 0) { - memmove(p, p + 3, i - 3); - p[i - 3] = 0; - i -= 3; - ii -= 3; - } - first_call = 0; - } - if (i == 0 && !again) { - /* the currently processed BIO is NULL or at EOF */ - BIO *parent; - -#ifndef OPENSSL_NO_POSIX_IO - /* continue processing with the next file from directory */ - if (dirctx != NULL) { - BIO *next; - - if ((next = get_next_file(dirpath, &dirctx)) != NULL) { - BIO_vfree(in); - in = next; - goto read_retry; - } else { - OPENSSL_free(dirpath); - dirpath = NULL; - } - } -#endif - /* no more files in directory, continue with processing parent */ - if ((parent = sk_BIO_pop(biosk)) == NULL) { - /* everything processed get out of the loop */ - break; - } else { - BIO_vfree(in); - in = parent; - goto read_retry; - } - } - again = 0; - while (i > 0) { - if ((p[i - 1] != '\r') && (p[i - 1] != '\n')) - break; - else - i--; - } - /* - * we removed some trailing stuff so there is a new line on the end. - */ - if (ii && i == ii) - again = 1; /* long line */ - else { - p[i] = '\0'; - eline++; /* another input line */ - } - - /* we now have a line with trailing \r\n removed */ - - /* i is the number of bytes */ - bufnum += i; - - v = NULL; - /* check for line continuation */ - if (bufnum >= 1) { - /* - * If we have bytes and the last char '\\' and second last char - * is not '\\' - */ - p = &(buff->data[bufnum - 1]); - if (IS_ESC(conf, p[0]) && ((bufnum <= 1) || !IS_ESC(conf, p[-1]))) { - bufnum--; - again = 1; - } - } - if (again) - continue; - bufnum = 0; - buf = buff->data; - - clear_comments(conf, buf); - s = eat_ws(conf, buf); - if (IS_EOF(conf, *s)) - continue; /* blank line */ - if (*s == '[') { - char *ss; - - s++; - start = eat_ws(conf, s); - ss = start; - again: - end = eat_alpha_numeric(conf, ss); - p = eat_ws(conf, end); - if (*p != ']') { - if (*p != '\0' && ss != p) { - ss = p; - goto again; - } - ERR_raise(ERR_LIB_CONF, CONF_R_MISSING_CLOSE_SQUARE_BRACKET); - goto err; - } - *end = '\0'; - if (!str_copy(conf, NULL, §ion, start)) - goto err; - if ((sv = _CONF_get_section(conf, section)) == NULL) - sv = _CONF_new_section(conf, section); - if (sv == NULL) { - ERR_raise(ERR_LIB_CONF, CONF_R_UNABLE_TO_CREATE_NEW_SECTION); - goto err; - } - continue; - } else { - pname = s; - end = eat_alpha_numeric(conf, s); - if ((end[0] == ':') && (end[1] == ':')) { - *end = '\0'; - end += 2; - psection = pname; - pname = end; - end = eat_alpha_numeric(conf, end); - } else { - psection = section; - } - p = eat_ws(conf, end); - if (strncmp(pname, ".pragma", 7) == 0 - && (p != pname + 7 || *p == '=')) { - char *pval; - - if (*p == '=') { - p++; - p = eat_ws(conf, p); - } - trim_ws(conf, p); - - /* Pragma values take the form keyword:value */ - pval = strchr(p, ':'); - if (pval == NULL || pval == p || pval[1] == '\0') { - ERR_raise(ERR_LIB_CONF, CONF_R_INVALID_PRAGMA); - goto err; - } - - *pval++ = '\0'; - trim_ws(conf, p); - pval = eat_ws(conf, pval); - - /* - * Known pragmas: - * - * dollarid takes "on", "true or "off", "false" - * abspath takes "on", "true or "off", "false" - * includedir directory prefix - */ - if (strcmp(p, "dollarid") == 0) { - if (!parsebool(pval, &conf->flag_dollarid)) - goto err; - } else if (strcmp(p, "abspath") == 0) { - if (!parsebool(pval, &conf->flag_abspath)) - goto err; - } else if (strcmp(p, "includedir") == 0) { - OPENSSL_free(conf->includedir); - if ((conf->includedir = OPENSSL_strdup(pval)) == NULL) { - ERR_raise(ERR_LIB_CONF, ERR_R_MALLOC_FAILURE); - goto err; - } - } - - /* - * We *ignore* any unknown pragma. - */ - continue; - } else if (strncmp(pname, ".include", 8) == 0 - && (p != pname + 8 || *p == '=')) { - char *include = NULL; - BIO *next; - const char *include_dir = ossl_safe_getenv("OPENSSL_CONF_INCLUDE"); - char *include_path = NULL; - - if (include_dir == NULL) - include_dir = conf->includedir; - - if (*p == '=') { - p++; - p = eat_ws(conf, p); - } - trim_ws(conf, p); - if (!str_copy(conf, psection, &include, p)) - goto err; - - if (include_dir != NULL && !ossl_is_absolute_path(include)) { - size_t newlen = strlen(include_dir) + strlen(include) + 2; - - include_path = OPENSSL_malloc(newlen); - if (include_path == NULL) { - ERR_raise(ERR_LIB_CONF, ERR_R_MALLOC_FAILURE); - OPENSSL_free(include); - goto err; - } - - OPENSSL_strlcpy(include_path, include_dir, newlen); - if (!ossl_ends_with_dirsep(include_path)) - OPENSSL_strlcat(include_path, "/", newlen); - OPENSSL_strlcat(include_path, include, newlen); - OPENSSL_free(include); - } else { - include_path = include; - } - - if (conf->flag_abspath - && !ossl_is_absolute_path(include_path)) { - ERR_raise(ERR_LIB_CONF, CONF_R_RELATIVE_PATH); - OPENSSL_free(include_path); - goto err; - } - - /* get the BIO of the included file */ -#ifndef OPENSSL_NO_POSIX_IO - next = process_include(include_path, &dirctx, &dirpath); - if (include_path != dirpath) { - /* dirpath will contain include in case of a directory */ - OPENSSL_free(include_path); - } -#else - next = BIO_new_file(include_path, "r"); - OPENSSL_free(include_path); -#endif - - if (next != NULL) { - /* push the currently processing BIO onto stack */ - if (biosk == NULL) { - if ((biosk = sk_BIO_new_null()) == NULL) { - ERR_raise(ERR_LIB_CONF, ERR_R_MALLOC_FAILURE); - BIO_free(next); - goto err; - } - } - if (!sk_BIO_push(biosk, in)) { - ERR_raise(ERR_LIB_CONF, ERR_R_MALLOC_FAILURE); - BIO_free(next); - goto err; - } - /* continue with reading from the included BIO */ - in = next; - } - continue; - } else if (*p != '=') { - ERR_raise_data(ERR_LIB_CONF, CONF_R_MISSING_EQUAL_SIGN, - "HERE-->%s", p); - goto err; - } - *end = '\0'; - p++; - start = eat_ws(conf, p); - trim_ws(conf, start); - - if ((v = OPENSSL_malloc(sizeof(*v))) == NULL) { - ERR_raise(ERR_LIB_CONF, ERR_R_MALLOC_FAILURE); - goto err; - } - v->name = OPENSSL_strdup(pname); - v->value = NULL; - if (v->name == NULL) { - ERR_raise(ERR_LIB_CONF, ERR_R_MALLOC_FAILURE); - goto err; - } - if (!str_copy(conf, psection, &(v->value), start)) - goto err; - - if (strcmp(psection, section) != 0) { - if ((tv = _CONF_get_section(conf, psection)) - == NULL) - tv = _CONF_new_section(conf, psection); - if (tv == NULL) { - ERR_raise(ERR_LIB_CONF, - CONF_R_UNABLE_TO_CREATE_NEW_SECTION); - goto err; - } - } else - tv = sv; - if (_CONF_add_string(conf, tv, v) == 0) { - ERR_raise(ERR_LIB_CONF, ERR_R_MALLOC_FAILURE); - goto err; - } - v = NULL; - } - } - BUF_MEM_free(buff); - OPENSSL_free(section); - /* - * No need to pop, since we only get here if the stack is empty. - * If this causes a BIO leak, THE ISSUE IS SOMEWHERE ELSE! - */ - sk_BIO_free(biosk); - return 1; - - err: - BUF_MEM_free(buff); - OPENSSL_free(section); - /* - * Since |in| is the first element of the stack and should NOT be freed - * here, we cannot use sk_BIO_pop_free(). Instead, we pop and free one - * BIO at a time, making sure that the last one popped isn't. - */ - while (sk_BIO_num(biosk) > 0) { - BIO *popped = sk_BIO_pop(biosk); - BIO_vfree(in); - in = popped; - } - sk_BIO_free(biosk); -#ifndef OPENSSL_NO_POSIX_IO - OPENSSL_free(dirpath); - if (dirctx != NULL) - OPENSSL_DIR_end(&dirctx); -#endif - if (line != NULL) - *line = eline; - BIO_snprintf(btmp, sizeof(btmp), "%ld", eline); - ERR_add_error_data(2, "line ", btmp); - if (h != conf->data) { - CONF_free(conf->data); - conf->data = NULL; - } - if (v != NULL) { - OPENSSL_free(v->name); - OPENSSL_free(v->value); - OPENSSL_free(v); - } - return 0; -} - -static void clear_comments(CONF *conf, char *p) -{ - for (;;) { - if (IS_FCOMMENT(conf, *p)) { - *p = '\0'; - return; - } - if (!IS_WS(conf, *p)) { - break; - } - p++; - } - - for (;;) { - if (IS_COMMENT(conf, *p)) { - *p = '\0'; - return; - } - if (IS_DQUOTE(conf, *p)) { - p = scan_dquote(conf, p); - continue; - } - if (IS_QUOTE(conf, *p)) { - p = scan_quote(conf, p); - continue; - } - if (IS_ESC(conf, *p)) { - p = scan_esc(conf, p); - continue; - } - if (IS_EOF(conf, *p)) - return; - else - p++; - } -} - -static int str_copy(CONF *conf, char *section, char **pto, char *from) -{ - int q, r, rr = 0, to = 0, len = 0; - char *s, *e, *rp, *p, *rrp, *np, *cp, v; - BUF_MEM *buf; - - if ((buf = BUF_MEM_new()) == NULL) - return 0; - - len = strlen(from) + 1; - if (!BUF_MEM_grow(buf, len)) - goto err; - - for (;;) { - if (IS_QUOTE(conf, *from)) { - q = *from; - from++; - while (!IS_EOF(conf, *from) && (*from != q)) { - if (IS_ESC(conf, *from)) { - from++; - if (IS_EOF(conf, *from)) - break; - } - buf->data[to++] = *(from++); - } - if (*from == q) - from++; - } else if (IS_DQUOTE(conf, *from)) { - q = *from; - from++; - while (!IS_EOF(conf, *from)) { - if (*from == q) { - if (*(from + 1) == q) { - from++; - } else { - break; - } - } - buf->data[to++] = *(from++); - } - if (*from == q) - from++; - } else if (IS_ESC(conf, *from)) { - from++; - v = *(from++); - if (IS_EOF(conf, v)) - break; - else if (v == 'r') - v = '\r'; - else if (v == 'n') - v = '\n'; - else if (v == 'b') - v = '\b'; - else if (v == 't') - v = '\t'; - buf->data[to++] = v; - } else if (IS_EOF(conf, *from)) - break; - else if (*from == '$' - && (!conf->flag_dollarid - || from[1] == '{' - || from[1] == '(')) { - size_t newsize; - - /* try to expand it */ - rrp = NULL; - s = &(from[1]); - if (*s == '{') - q = '}'; - else if (*s == '(') - q = ')'; - else - q = 0; - - if (q) - s++; - cp = section; - e = np = s; - while (IS_ALNUM(conf, *e) - || (conf->flag_dollarid && IS_DOLLAR(conf, *e))) - e++; - if ((e[0] == ':') && (e[1] == ':')) { - cp = np; - rrp = e; - rr = *e; - *rrp = '\0'; - e += 2; - np = e; - while (IS_ALNUM(conf, *e) - || (conf->flag_dollarid && IS_DOLLAR(conf, *e))) - e++; - } - r = *e; - *e = '\0'; - rp = e; - if (q) { - if (r != q) { - ERR_raise(ERR_LIB_CONF, CONF_R_NO_CLOSE_BRACE); - goto err; - } - e++; - } - /*- - * So at this point we have - * np which is the start of the name string which is - * '\0' terminated. - * cp which is the start of the section string which is - * '\0' terminated. - * e is the 'next point after'. - * r and rr are the chars replaced by the '\0' - * rp and rrp is where 'r' and 'rr' came from. - */ - p = _CONF_get_string(conf, cp, np); - if (rrp != NULL) - *rrp = rr; - *rp = r; - if (p == NULL) { - ERR_raise(ERR_LIB_CONF, CONF_R_VARIABLE_HAS_NO_VALUE); - goto err; - } - newsize = strlen(p) + buf->length - (e - from); - if (newsize > MAX_CONF_VALUE_LENGTH) { - ERR_raise(ERR_LIB_CONF, CONF_R_VARIABLE_EXPANSION_TOO_LONG); - goto err; - } - if (!BUF_MEM_grow_clean(buf, newsize)) { - ERR_raise(ERR_LIB_CONF, ERR_R_MALLOC_FAILURE); - goto err; - } - while (*p) - buf->data[to++] = *(p++); - - /* - * Since we change the pointer 'from', we also have to change the - * perceived length of the string it points at. /RL - */ - len -= e - from; - from = e; - - /* - * In case there were no braces or parenthesis around the - * variable reference, we have to put back the character that was - * replaced with a '\0'. /RL - */ - *rp = r; - } else - buf->data[to++] = *(from++); - } - buf->data[to] = '\0'; - OPENSSL_free(*pto); - *pto = buf->data; - OPENSSL_free(buf); - return 1; - err: - BUF_MEM_free(buf); - return 0; -} - -#ifndef OPENSSL_NO_POSIX_IO -/* - * Check whether included path is a directory. - * Returns next BIO to process and in case of a directory - * also an opened directory context and the include path. - */ -static BIO *process_include(char *include, OPENSSL_DIR_CTX **dirctx, - char **dirpath) -{ - struct stat st; - BIO *next; - - if (stat(include, &st) < 0) { - ERR_raise_data(ERR_LIB_SYS, errno, "calling stat(%s)", include); - /* missing include file is not fatal error */ - return NULL; - } - - if (S_ISDIR(st.st_mode)) { - if (*dirctx != NULL) { - ERR_raise_data(ERR_LIB_CONF, CONF_R_RECURSIVE_DIRECTORY_INCLUDE, - "%s", include); - return NULL; - } - /* a directory, load its contents */ - if ((next = get_next_file(include, dirctx)) != NULL) - *dirpath = include; - return next; - } - - next = BIO_new_file(include, "r"); - return next; -} - -/* - * Get next file from the directory path. - * Returns BIO of the next file to read and updates dirctx. - */ -static BIO *get_next_file(const char *path, OPENSSL_DIR_CTX **dirctx) -{ - const char *filename; - size_t pathlen; - - pathlen = strlen(path); - while ((filename = OPENSSL_DIR_read(dirctx, path)) != NULL) { - size_t namelen; - - namelen = strlen(filename); - - - if ((namelen > 5 - && OPENSSL_strcasecmp(filename + namelen - 5, ".conf") == 0) - || (namelen > 4 - && OPENSSL_strcasecmp(filename + namelen - 4, ".cnf") == 0)) { - size_t newlen; - char *newpath; - BIO *bio; - - newlen = pathlen + namelen + 2; - newpath = OPENSSL_zalloc(newlen); - if (newpath == NULL) { - ERR_raise(ERR_LIB_CONF, ERR_R_MALLOC_FAILURE); - break; - } -#ifdef OPENSSL_SYS_VMS - /* - * If the given path isn't clear VMS syntax, - * we treat it as on Unix. - */ - if (path[pathlen - 1] == ']' - || path[pathlen - 1] == '>' - || path[pathlen - 1] == ':') { - /* Clear VMS directory syntax, just copy as is */ - OPENSSL_strlcpy(newpath, path, newlen); - } -#endif - if (newpath[0] == '\0') { - OPENSSL_strlcpy(newpath, path, newlen); - OPENSSL_strlcat(newpath, "/", newlen); - } - OPENSSL_strlcat(newpath, filename, newlen); - - bio = BIO_new_file(newpath, "r"); - OPENSSL_free(newpath); - /* Errors when opening files are non-fatal. */ - if (bio != NULL) - return bio; - } - } - OPENSSL_DIR_end(dirctx); - *dirctx = NULL; - return NULL; -} -#endif - -static int is_keytype(const CONF *conf, char c, unsigned short type) -{ - const unsigned short * keytypes = (const unsigned short *) conf->meth_data; - unsigned char key = (unsigned char)c; - -#ifdef CHARSET_EBCDIC -# if CHAR_BIT > 8 - if (key > 255) { - /* key is out of range for os_toascii table */ - return 0; - } -# endif - /* convert key from ebcdic to ascii */ - key = os_toascii[key]; -#endif - - if (key > 127) { - /* key is not a seven bit ascii character */ - return 0; - } - - return (keytypes[key] & type) ? 1 : 0; -} - -static char *eat_ws(CONF *conf, char *p) -{ - while (IS_WS(conf, *p) && (!IS_EOF(conf, *p))) - p++; - return p; -} - -static void trim_ws(CONF *conf, char *start) -{ - char *p = start; - - while (!IS_EOF(conf, *p)) - p++; - p--; - while ((p >= start) && IS_WS(conf, *p)) - p--; - p++; - *p = '\0'; -} - -static char *eat_alpha_numeric(CONF *conf, char *p) -{ - for (;;) { - if (IS_ESC(conf, *p)) { - p = scan_esc(conf, p); - continue; - } - if (!(IS_ALNUM_PUNCT(conf, *p) - || (conf->flag_dollarid && IS_DOLLAR(conf, *p)))) - return p; - p++; - } -} - -static char *scan_quote(CONF *conf, char *p) -{ - int q = *p; - - p++; - while (!(IS_EOF(conf, *p)) && (*p != q)) { - if (IS_ESC(conf, *p)) { - p++; - if (IS_EOF(conf, *p)) - return p; - } - p++; - } - if (*p == q) - p++; - return p; -} - -static char *scan_dquote(CONF *conf, char *p) -{ - int q = *p; - - p++; - while (!(IS_EOF(conf, *p))) { - if (*p == q) { - if (*(p + 1) == q) { - p++; - } else { - break; - } - } - p++; - } - if (*p == q) - p++; - return p; -} - -static void dump_value_doall_arg(const CONF_VALUE *a, BIO *out) -{ - if (a->name) - BIO_printf(out, "[%s] %s=%s\n", a->section, a->name, a->value); - else - BIO_printf(out, "[[%s]]\n", a->section); -} - -IMPLEMENT_LHASH_DOALL_ARG_CONST(CONF_VALUE, BIO); - -static int def_dump(const CONF *conf, BIO *out) -{ - lh_CONF_VALUE_doall_BIO(conf->data, dump_value_doall_arg, out); - return 1; -} - -static int def_is_number(const CONF *conf, char c) -{ - return IS_NUMBER(conf, c); -} - -static int def_to_int(const CONF *conf, char c) -{ - return c - '0'; -} diff --git a/crypto/conf/conf_def.h b/crypto/conf/conf_def.h deleted file mode 100644 index 1f66a58e092318a6fe5f061a0b3c450650a5b5a1..0000000000000000000000000000000000000000 --- a/crypto/conf/conf_def.h +++ /dev/null @@ -1,80 +0,0 @@ -/* - * WARNING: do not edit! - * Generated by crypto/conf/keysets.pl - * - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#define CONF_NUMBER 1 -#define CONF_UPPER 2 -#define CONF_LOWER 4 -#define CONF_UNDER 256 -#define CONF_PUNCT 512 -#define CONF_WS 16 -#define CONF_ESC 32 -#define CONF_QUOTE 64 -#define CONF_DQUOTE 1024 -#define CONF_COMMENT 128 -#define CONF_FCOMMENT 2048 -#define CONF_DOLLAR 4096 -#define CONF_EOF 8 -#define CONF_ALPHA (CONF_UPPER|CONF_LOWER) -#define CONF_ALNUM (CONF_ALPHA|CONF_NUMBER|CONF_UNDER) -#define CONF_ALNUM_PUNCT (CONF_ALPHA|CONF_NUMBER|CONF_UNDER|CONF_PUNCT) - - -#define IS_COMMENT(conf,c) is_keytype(conf, c, CONF_COMMENT) -#define IS_FCOMMENT(conf,c) is_keytype(conf, c, CONF_FCOMMENT) -#define IS_EOF(conf,c) is_keytype(conf, c, CONF_EOF) -#define IS_ESC(conf,c) is_keytype(conf, c, CONF_ESC) -#define IS_NUMBER(conf,c) is_keytype(conf, c, CONF_NUMBER) -#define IS_WS(conf,c) is_keytype(conf, c, CONF_WS) -#define IS_ALNUM(conf,c) is_keytype(conf, c, CONF_ALNUM) -#define IS_ALNUM_PUNCT(conf,c) is_keytype(conf, c, CONF_ALNUM_PUNCT) -#define IS_QUOTE(conf,c) is_keytype(conf, c, CONF_QUOTE) -#define IS_DQUOTE(conf,c) is_keytype(conf, c, CONF_DQUOTE) -#define IS_DOLLAR(conf,c) is_keytype(conf, c, CONF_DOLLAR) - -static const unsigned short CONF_type_default[128] = { - 0x0008, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, - 0x0000, 0x0010, 0x0010, 0x0000, 0x0000, 0x0010, 0x0000, 0x0000, - 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, - 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, - 0x0010, 0x0200, 0x0040, 0x0080, 0x1000, 0x0200, 0x0200, 0x0040, - 0x0000, 0x0000, 0x0200, 0x0200, 0x0200, 0x0200, 0x0200, 0x0200, - 0x0001, 0x0001, 0x0001, 0x0001, 0x0001, 0x0001, 0x0001, 0x0001, - 0x0001, 0x0001, 0x0000, 0x0200, 0x0000, 0x0000, 0x0000, 0x0200, - 0x0200, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, - 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, - 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, - 0x0002, 0x0002, 0x0002, 0x0000, 0x0020, 0x0000, 0x0200, 0x0100, - 0x0040, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, - 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, - 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, - 0x0004, 0x0004, 0x0004, 0x0000, 0x0200, 0x0000, 0x0200, 0x0000, -}; - -#ifndef OPENSSL_NO_DEPRECATED_3_0 -static const unsigned short CONF_type_win32[128] = { - 0x0008, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, - 0x0000, 0x0010, 0x0010, 0x0000, 0x0000, 0x0010, 0x0000, 0x0000, - 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, - 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, - 0x0010, 0x0200, 0x0400, 0x0000, 0x1000, 0x0200, 0x0200, 0x0000, - 0x0000, 0x0000, 0x0200, 0x0200, 0x0200, 0x0200, 0x0200, 0x0200, - 0x0001, 0x0001, 0x0001, 0x0001, 0x0001, 0x0001, 0x0001, 0x0001, - 0x0001, 0x0001, 0x0000, 0x0A00, 0x0000, 0x0000, 0x0000, 0x0200, - 0x0200, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, - 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, - 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, - 0x0002, 0x0002, 0x0002, 0x0000, 0x0000, 0x0000, 0x0200, 0x0100, - 0x0000, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, - 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, - 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, - 0x0004, 0x0004, 0x0004, 0x0000, 0x0200, 0x0000, 0x0200, 0x0000, -}; -#endif diff --git a/crypto/conf/conf_err.c b/crypto/conf/conf_err.c deleted file mode 100644 index 68ee90b97055e77a2f7f2b2cdf4999703170c5b6..0000000000000000000000000000000000000000 --- a/crypto/conf/conf_err.c +++ /dev/null @@ -1,72 +0,0 @@ -/* - * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include "crypto/conferr.h" - -#ifndef OPENSSL_NO_ERR - -static const ERR_STRING_DATA CONF_str_reasons[] = { - {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_ERROR_LOADING_DSO), "error loading dso"}, - {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_INVALID_PRAGMA), "invalid pragma"}, - {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_LIST_CANNOT_BE_NULL), - "list cannot be null"}, - {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_MANDATORY_BRACES_IN_VARIABLE_EXPANSION), - "mandatory braces in variable expansion"}, - {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_MISSING_CLOSE_SQUARE_BRACKET), - "missing close square bracket"}, - {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_MISSING_EQUAL_SIGN), - "missing equal sign"}, - {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_MISSING_INIT_FUNCTION), - "missing init function"}, - {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_MODULE_INITIALIZATION_ERROR), - "module initialization error"}, - {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_NO_CLOSE_BRACE), "no close brace"}, - {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_NO_CONF), "no conf"}, - {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE), - "no conf or environment variable"}, - {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_NO_SECTION), "no section"}, - {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_NO_SUCH_FILE), "no such file"}, - {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_NO_VALUE), "no value"}, - {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_NUMBER_TOO_LARGE), "number too large"}, - {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_OPENSSL_CONF_REFERENCES_MISSING_SECTION), - "openssl conf references missing section"}, - {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_RECURSIVE_DIRECTORY_INCLUDE), - "recursive directory include"}, - {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_RELATIVE_PATH), "relative path"}, - {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_SSL_COMMAND_SECTION_EMPTY), - "ssl command section empty"}, - {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_SSL_COMMAND_SECTION_NOT_FOUND), - "ssl command section not found"}, - {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_SSL_SECTION_EMPTY), "ssl section empty"}, - {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_SSL_SECTION_NOT_FOUND), - "ssl section not found"}, - {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_UNABLE_TO_CREATE_NEW_SECTION), - "unable to create new section"}, - {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_UNKNOWN_MODULE_NAME), - "unknown module name"}, - {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_VARIABLE_EXPANSION_TOO_LONG), - "variable expansion too long"}, - {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_VARIABLE_HAS_NO_VALUE), - "variable has no value"}, - {0, NULL} -}; - -#endif - -int ossl_err_load_CONF_strings(void) -{ -#ifndef OPENSSL_NO_ERR - if (ERR_reason_error_string(CONF_str_reasons[0].error) == NULL) - ERR_load_strings_const(CONF_str_reasons); -#endif - return 1; -} diff --git a/crypto/conf/conf_lib.c b/crypto/conf/conf_lib.c deleted file mode 100644 index a2360035257a97076335df5e77acc6f8660aefa6..0000000000000000000000000000000000000000 --- a/crypto/conf/conf_lib.c +++ /dev/null @@ -1,470 +0,0 @@ -/* - * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include "e_os.h" -#include -#include -#include "internal/conf.h" -#include "crypto/ctype.h" -#include -#include -#include -#include -#include "conf_local.h" -#include - -static CONF_METHOD *default_CONF_method = NULL; - -/* Init a 'CONF' structure from an old LHASH */ - -void CONF_set_nconf(CONF *conf, LHASH_OF(CONF_VALUE) *hash) -{ - if (default_CONF_method == NULL) - default_CONF_method = NCONF_default(); - - default_CONF_method->init(conf); - conf->data = hash; -} - -/* - * The following section contains the "CONF classic" functions, rewritten in - * terms of the new CONF interface. - */ - -int CONF_set_default_method(CONF_METHOD *meth) -{ - default_CONF_method = meth; - return 1; -} - -LHASH_OF(CONF_VALUE) *CONF_load(LHASH_OF(CONF_VALUE) *conf, const char *file, - long *eline) -{ - LHASH_OF(CONF_VALUE) *ltmp; - BIO *in = NULL; - -#ifdef OPENSSL_SYS_VMS - in = BIO_new_file(file, "r"); -#else - in = BIO_new_file(file, "rb"); -#endif - if (in == NULL) { - ERR_raise(ERR_LIB_CONF, ERR_R_SYS_LIB); - return NULL; - } - - ltmp = CONF_load_bio(conf, in, eline); - BIO_free(in); - - return ltmp; -} - -#ifndef OPENSSL_NO_STDIO -LHASH_OF(CONF_VALUE) *CONF_load_fp(LHASH_OF(CONF_VALUE) *conf, FILE *fp, - long *eline) -{ - BIO *btmp; - LHASH_OF(CONF_VALUE) *ltmp; - if ((btmp = BIO_new_fp(fp, BIO_NOCLOSE)) == NULL) { - ERR_raise(ERR_LIB_CONF, ERR_R_BUF_LIB); - return NULL; - } - ltmp = CONF_load_bio(conf, btmp, eline); - BIO_free(btmp); - return ltmp; -} -#endif - -LHASH_OF(CONF_VALUE) *CONF_load_bio(LHASH_OF(CONF_VALUE) *conf, BIO *bp, - long *eline) -{ - CONF ctmp; - int ret; - - CONF_set_nconf(&ctmp, conf); - - ret = NCONF_load_bio(&ctmp, bp, eline); - if (ret) - return ctmp.data; - return NULL; -} - -STACK_OF(CONF_VALUE) *CONF_get_section(LHASH_OF(CONF_VALUE) *conf, - const char *section) -{ - if (conf == NULL) { - return NULL; - } else { - CONF ctmp; - - CONF_set_nconf(&ctmp, conf); - return NCONF_get_section(&ctmp, section); - } -} - -char *CONF_get_string(LHASH_OF(CONF_VALUE) *conf, const char *group, - const char *name) -{ - if (conf == NULL) { - return NCONF_get_string(NULL, group, name); - } else { - CONF ctmp; - - CONF_set_nconf(&ctmp, conf); - return NCONF_get_string(&ctmp, group, name); - } -} - -long CONF_get_number(LHASH_OF(CONF_VALUE) *conf, const char *group, - const char *name) -{ - int status; - long result = 0; - - ERR_set_mark(); - if (conf == NULL) { - status = NCONF_get_number_e(NULL, group, name, &result); - } else { - CONF ctmp; - - CONF_set_nconf(&ctmp, conf); - status = NCONF_get_number_e(&ctmp, group, name, &result); - } - ERR_pop_to_mark(); - return status == 0 ? 0L : result; -} - -void CONF_free(LHASH_OF(CONF_VALUE) *conf) -{ - CONF ctmp; - CONF_set_nconf(&ctmp, conf); - NCONF_free_data(&ctmp); -} - -#ifndef OPENSSL_NO_STDIO -int CONF_dump_fp(LHASH_OF(CONF_VALUE) *conf, FILE *out) -{ - BIO *btmp; - int ret; - - if ((btmp = BIO_new_fp(out, BIO_NOCLOSE)) == NULL) { - ERR_raise(ERR_LIB_CONF, ERR_R_BUF_LIB); - return 0; - } - ret = CONF_dump_bio(conf, btmp); - BIO_free(btmp); - return ret; -} -#endif - -int CONF_dump_bio(LHASH_OF(CONF_VALUE) *conf, BIO *out) -{ - CONF ctmp; - - CONF_set_nconf(&ctmp, conf); - return NCONF_dump_bio(&ctmp, out); -} - -/* - * The following section contains the "New CONF" functions. They are - * completely centralised around a new CONF structure that may contain - * basically anything, but at least a method pointer and a table of data. - * These functions are also written in terms of the bridge functions used by - * the "CONF classic" functions, for consistency. - */ - -CONF *NCONF_new_ex(OSSL_LIB_CTX *libctx, CONF_METHOD *meth) -{ - CONF *ret; - - if (meth == NULL) - meth = NCONF_default(); - - ret = meth->create(meth); - if (ret == NULL) { - ERR_raise(ERR_LIB_CONF, ERR_R_MALLOC_FAILURE); - return NULL; - } - ret->libctx = libctx; - - return ret; -} - -CONF *NCONF_new(CONF_METHOD *meth) -{ - return NCONF_new_ex(NULL, meth); -} - -void NCONF_free(CONF *conf) -{ - if (conf == NULL) - return; - conf->meth->destroy(conf); -} - -void NCONF_free_data(CONF *conf) -{ - if (conf == NULL) - return; - conf->meth->destroy_data(conf); -} - -OSSL_LIB_CTX *NCONF_get0_libctx(const CONF *conf) -{ - return conf->libctx; -} - -typedef STACK_OF(OPENSSL_CSTRING) SECTION_NAMES; - -IMPLEMENT_LHASH_DOALL_ARG_CONST(CONF_VALUE, SECTION_NAMES); - -static void collect_section_name(const CONF_VALUE *v, SECTION_NAMES *names) -{ - /* A section is a CONF_VALUE with name == NULL */ - if (v->name == NULL) - sk_OPENSSL_CSTRING_push(names, v->section); -} - -static int section_name_cmp(OPENSSL_CSTRING const *a, OPENSSL_CSTRING const *b) -{ - return strcmp(*a, *b); -} - -STACK_OF(OPENSSL_CSTRING) *NCONF_get_section_names(const CONF *cnf) -{ - SECTION_NAMES *names; - - if ((names = sk_OPENSSL_CSTRING_new(section_name_cmp)) == NULL) - return NULL; - lh_CONF_VALUE_doall_SECTION_NAMES(cnf->data, collect_section_name, names); - sk_OPENSSL_CSTRING_sort(names); - return names; -} - -int NCONF_load(CONF *conf, const char *file, long *eline) -{ - if (conf == NULL) { - ERR_raise(ERR_LIB_CONF, CONF_R_NO_CONF); - return 0; - } - - return conf->meth->load(conf, file, eline); -} - -#ifndef OPENSSL_NO_STDIO -int NCONF_load_fp(CONF *conf, FILE *fp, long *eline) -{ - BIO *btmp; - int ret; - if ((btmp = BIO_new_fp(fp, BIO_NOCLOSE)) == NULL) { - ERR_raise(ERR_LIB_CONF, ERR_R_BUF_LIB); - return 0; - } - ret = NCONF_load_bio(conf, btmp, eline); - BIO_free(btmp); - return ret; -} -#endif - -int NCONF_load_bio(CONF *conf, BIO *bp, long *eline) -{ - if (conf == NULL) { - ERR_raise(ERR_LIB_CONF, CONF_R_NO_CONF); - return 0; - } - - return conf->meth->load_bio(conf, bp, eline); -} - -STACK_OF(CONF_VALUE) *NCONF_get_section(const CONF *conf, const char *section) -{ - if (conf == NULL) { - ERR_raise(ERR_LIB_CONF, CONF_R_NO_CONF); - return NULL; - } - - if (section == NULL) { - ERR_raise(ERR_LIB_CONF, CONF_R_NO_SECTION); - return NULL; - } - - return _CONF_get_section_values(conf, section); -} - -char *NCONF_get_string(const CONF *conf, const char *group, const char *name) -{ - char *s = _CONF_get_string(conf, group, name); - - /* - * Since we may get a value from an environment variable even if conf is - * NULL, let's check the value first - */ - if (s) - return s; - - if (conf == NULL) { - ERR_raise(ERR_LIB_CONF, CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE); - return NULL; - } - ERR_raise_data(ERR_LIB_CONF, CONF_R_NO_VALUE, - "group=%s name=%s", group, name); - return NULL; -} - -static int default_is_number(const CONF *conf, char c) -{ - return ossl_isdigit(c); -} - -static int default_to_int(const CONF *conf, char c) -{ - return (int)(c - '0'); -} - -int NCONF_get_number_e(const CONF *conf, const char *group, const char *name, - long *result) -{ - char *str; - long res; - int (*is_number)(const CONF *, char) = &default_is_number; - int (*to_int)(const CONF *, char) = &default_to_int; - - if (result == NULL) { - ERR_raise(ERR_LIB_CONF, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - - str = NCONF_get_string(conf, group, name); - - if (str == NULL) - return 0; - - if (conf != NULL) { - if (conf->meth->is_number != NULL) - is_number = conf->meth->is_number; - if (conf->meth->to_int != NULL) - to_int = conf->meth->to_int; - } - for (res = 0; is_number(conf, *str); str++) { - const int d = to_int(conf, *str); - - if (res > (LONG_MAX - d) / 10L) { - ERR_raise(ERR_LIB_CONF, CONF_R_NUMBER_TOO_LARGE); - return 0; - } - res = res * 10 + d; - } - - *result = res; - return 1; -} - -long _CONF_get_number(const CONF *conf, const char *section, - const char *name) -{ - int status; - long result = 0; - - ERR_set_mark(); - status = NCONF_get_number_e(conf, section, name, &result); - ERR_pop_to_mark(); - return status == 0 ? 0L : result; -} - -#ifndef OPENSSL_NO_STDIO -int NCONF_dump_fp(const CONF *conf, FILE *out) -{ - BIO *btmp; - int ret; - if ((btmp = BIO_new_fp(out, BIO_NOCLOSE)) == NULL) { - ERR_raise(ERR_LIB_CONF, ERR_R_BUF_LIB); - return 0; - } - ret = NCONF_dump_bio(conf, btmp); - BIO_free(btmp); - return ret; -} -#endif - -int NCONF_dump_bio(const CONF *conf, BIO *out) -{ - if (conf == NULL) { - ERR_raise(ERR_LIB_CONF, CONF_R_NO_CONF); - return 0; - } - - return conf->meth->dump(conf, out); -} - -/* - * These routines call the C malloc/free, to avoid intermixing with - * OpenSSL function pointers before the library is initialized. - */ -OPENSSL_INIT_SETTINGS *OPENSSL_INIT_new(void) -{ - OPENSSL_INIT_SETTINGS *ret = malloc(sizeof(*ret)); - - if (ret == NULL) - return NULL; - - memset(ret, 0, sizeof(*ret)); - ret->flags = DEFAULT_CONF_MFLAGS; - - return ret; -} - - -#ifndef OPENSSL_NO_STDIO -int OPENSSL_INIT_set_config_filename(OPENSSL_INIT_SETTINGS *settings, - const char *filename) -{ - char *newfilename = NULL; - - if (filename != NULL) { - newfilename = strdup(filename); - if (newfilename == NULL) - return 0; - } - - free(settings->filename); - settings->filename = newfilename; - - return 1; -} - -void OPENSSL_INIT_set_config_file_flags(OPENSSL_INIT_SETTINGS *settings, - unsigned long flags) -{ - settings->flags = flags; -} - -int OPENSSL_INIT_set_config_appname(OPENSSL_INIT_SETTINGS *settings, - const char *appname) -{ - char *newappname = NULL; - - if (appname != NULL) { - newappname = strdup(appname); - if (newappname == NULL) - return 0; - } - - free(settings->appname); - settings->appname = newappname; - - return 1; -} -#endif - -void OPENSSL_INIT_free(OPENSSL_INIT_SETTINGS *settings) -{ - free(settings->filename); - free(settings->appname); - free(settings); -} diff --git a/crypto/conf/conf_local.h b/crypto/conf/conf_local.h deleted file mode 100644 index f3b16f1138525c4c0051d717bd3a956234534c8c..0000000000000000000000000000000000000000 --- a/crypto/conf/conf_local.h +++ /dev/null @@ -1,11 +0,0 @@ -/* - * Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -void ossl_config_add_ssl_module(void); diff --git a/crypto/conf/conf_mall.c b/crypto/conf/conf_mall.c deleted file mode 100644 index bad19c96cca0a92389c471266f3062a3adbf8e93..0000000000000000000000000000000000000000 --- a/crypto/conf/conf_mall.c +++ /dev/null @@ -1,38 +0,0 @@ -/* - * Copyright 2002-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* We need to use some engine deprecated APIs */ -#define OPENSSL_SUPPRESS_DEPRECATED - -#include -#include -#include "internal/cryptlib.h" -#include -#include -#include -#include -#include "internal/provider.h" -#include "crypto/rand.h" -#include "conf_local.h" - -/* Load all OpenSSL builtin modules */ - -void OPENSSL_load_builtin_modules(void) -{ - /* Add builtin modules here */ - ASN1_add_oid_module(); - ASN1_add_stable_module(); -#ifndef OPENSSL_NO_ENGINE - ENGINE_add_conf_module(); -#endif - EVP_add_alg_module(); - ossl_config_add_ssl_module(); - ossl_provider_add_conf_module(); - ossl_random_add_conf_module(); -} diff --git a/crypto/conf/conf_mod.c b/crypto/conf/conf_mod.c deleted file mode 100644 index 17bbbf7a27475ab365d29465f218be2a4f542d15..0000000000000000000000000000000000000000 --- a/crypto/conf/conf_mod.c +++ /dev/null @@ -1,693 +0,0 @@ -/* - * Copyright 2002-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* We need to use some engine deprecated APIs */ -#define OPENSSL_SUPPRESS_DEPRECATED - -#include "internal/cryptlib.h" -#include -#include -#include -#include "internal/conf.h" -#include -#include "internal/dso.h" -#include "internal/thread_once.h" -#include -#include -#include -#include "conf_local.h" - -DEFINE_STACK_OF(CONF_MODULE) -DEFINE_STACK_OF(CONF_IMODULE) - -#define DSO_mod_init_name "OPENSSL_init" -#define DSO_mod_finish_name "OPENSSL_finish" - -/* - * This structure contains a data about supported modules. entries in this - * table correspond to either dynamic or static modules. - */ - -struct conf_module_st { - /* DSO of this module or NULL if static */ - DSO *dso; - /* Name of the module */ - char *name; - /* Init function */ - conf_init_func *init; - /* Finish function */ - conf_finish_func *finish; - /* Number of successfully initialized modules */ - int links; - void *usr_data; -}; - -/* - * This structure contains information about modules that have been - * successfully initialized. There may be more than one entry for a given - * module. - */ - -struct conf_imodule_st { - CONF_MODULE *pmod; - char *name; - char *value; - unsigned long flags; - void *usr_data; -}; - -static CRYPTO_ONCE init_module_list_lock = CRYPTO_ONCE_STATIC_INIT; -static CRYPTO_RWLOCK *module_list_lock = NULL; -static STACK_OF(CONF_MODULE) *supported_modules = NULL; /* protected by lock */ -static STACK_OF(CONF_IMODULE) *initialized_modules = NULL; /* protected by lock */ - -static CRYPTO_ONCE load_builtin_modules = CRYPTO_ONCE_STATIC_INIT; - -static void module_free(CONF_MODULE *md); -static void module_finish(CONF_IMODULE *imod); -static int module_run(const CONF *cnf, const char *name, const char *value, - unsigned long flags); -static CONF_MODULE *module_add(DSO *dso, const char *name, - conf_init_func *ifunc, - conf_finish_func *ffunc); -static CONF_MODULE *module_find(const char *name); -static int module_init(CONF_MODULE *pmod, const char *name, const char *value, - const CONF *cnf); -static CONF_MODULE *module_load_dso(const CONF *cnf, const char *name, - const char *value); - -static int conf_modules_finish_int(void); - -static void module_lists_free(void) -{ - CRYPTO_THREAD_lock_free(module_list_lock); - module_list_lock = NULL; - - sk_CONF_MODULE_free(supported_modules); - supported_modules = NULL; - - sk_CONF_IMODULE_free(initialized_modules); - initialized_modules = NULL; -} - -DEFINE_RUN_ONCE_STATIC(do_init_module_list_lock) -{ - module_list_lock = CRYPTO_THREAD_lock_new(); - if (module_list_lock == NULL) { - ERR_raise(ERR_LIB_CONF, ERR_R_MALLOC_FAILURE); - return 0; - } - - return 1; -} - -static int conf_diagnostics(const CONF *cnf) -{ - return _CONF_get_number(cnf, NULL, "config_diagnostics") != 0; -} - -/* Main function: load modules from a CONF structure */ - -int CONF_modules_load(const CONF *cnf, const char *appname, - unsigned long flags) -{ - STACK_OF(CONF_VALUE) *values; - CONF_VALUE *vl; - char *vsection = NULL; - int ret, i; - - if (!cnf) - return 1; - - if (conf_diagnostics(cnf)) - flags &= ~(CONF_MFLAGS_IGNORE_ERRORS - | CONF_MFLAGS_IGNORE_RETURN_CODES - | CONF_MFLAGS_SILENT - | CONF_MFLAGS_IGNORE_MISSING_FILE); - - ERR_set_mark(); - if (appname) - vsection = NCONF_get_string(cnf, NULL, appname); - - if (!appname || (!vsection && (flags & CONF_MFLAGS_DEFAULT_SECTION))) - vsection = NCONF_get_string(cnf, NULL, "openssl_conf"); - - if (!vsection) { - ERR_pop_to_mark(); - return 1; - } - - OSSL_TRACE1(CONF, "Configuration in section %s\n", vsection); - values = NCONF_get_section(cnf, vsection); - - if (values == NULL) { - if (!(flags & CONF_MFLAGS_SILENT)) { - ERR_clear_last_mark(); - ERR_raise_data(ERR_LIB_CONF, - CONF_R_OPENSSL_CONF_REFERENCES_MISSING_SECTION, - "openssl_conf=%s", vsection); - } else { - ERR_pop_to_mark(); - } - return 0; - } - ERR_pop_to_mark(); - - for (i = 0; i < sk_CONF_VALUE_num(values); i++) { - vl = sk_CONF_VALUE_value(values, i); - ERR_set_mark(); - ret = module_run(cnf, vl->name, vl->value, flags); - OSSL_TRACE3(CONF, "Running module %s (%s) returned %d\n", - vl->name, vl->value, ret); - if (ret <= 0) - if (!(flags & CONF_MFLAGS_IGNORE_ERRORS)) { - ERR_clear_last_mark(); - return ret; - } - ERR_pop_to_mark(); - } - - return 1; - -} - -int CONF_modules_load_file_ex(OSSL_LIB_CTX *libctx, const char *filename, - const char *appname, unsigned long flags) -{ - char *file = NULL; - CONF *conf = NULL; - int ret = 0, diagnostics = 0; - - if (filename == NULL) { - file = CONF_get1_default_config_file(); - if (file == NULL) - goto err; - } else { - file = (char *)filename; - } - - ERR_set_mark(); - conf = NCONF_new_ex(libctx, NULL); - if (conf == NULL) - goto err; - - if (NCONF_load(conf, file, NULL) <= 0) { - if ((flags & CONF_MFLAGS_IGNORE_MISSING_FILE) && - (ERR_GET_REASON(ERR_peek_last_error()) == CONF_R_NO_SUCH_FILE)) { - ret = 1; - } - goto err; - } - - ret = CONF_modules_load(conf, appname, flags); - diagnostics = conf_diagnostics(conf); - - err: - if (filename == NULL) - OPENSSL_free(file); - NCONF_free(conf); - - if ((flags & CONF_MFLAGS_IGNORE_RETURN_CODES) != 0 && !diagnostics) - ret = 1; - - if (ret > 0) - ERR_pop_to_mark(); - else - ERR_clear_last_mark(); - - return ret; -} - -int CONF_modules_load_file(const char *filename, - const char *appname, unsigned long flags) -{ - return CONF_modules_load_file_ex(NULL, filename, appname, flags); -} - -DEFINE_RUN_ONCE_STATIC(do_load_builtin_modules) -{ - OPENSSL_load_builtin_modules(); -#ifndef OPENSSL_NO_ENGINE - /* Need to load ENGINEs */ - ENGINE_load_builtin_engines(); -#endif - return 1; -} - -static int module_run(const CONF *cnf, const char *name, const char *value, - unsigned long flags) -{ - CONF_MODULE *md; - int ret; - - if (!RUN_ONCE(&load_builtin_modules, do_load_builtin_modules)) - return -1; - - md = module_find(name); - - /* Module not found: try to load DSO */ - if (!md && !(flags & CONF_MFLAGS_NO_DSO)) - md = module_load_dso(cnf, name, value); - - if (!md) { - if (!(flags & CONF_MFLAGS_SILENT)) { - ERR_raise_data(ERR_LIB_CONF, CONF_R_UNKNOWN_MODULE_NAME, - "module=%s", name); - } - return -1; - } - - ret = module_init(md, name, value, cnf); - - if (ret <= 0) { - if (!(flags & CONF_MFLAGS_SILENT)) - ERR_raise_data(ERR_LIB_CONF, CONF_R_MODULE_INITIALIZATION_ERROR, - "module=%s, value=%s retcode=%-8d", - name, value, ret); - } - - return ret; -} - -/* Load a module from a DSO */ -static CONF_MODULE *module_load_dso(const CONF *cnf, - const char *name, const char *value) -{ - DSO *dso = NULL; - conf_init_func *ifunc; - conf_finish_func *ffunc; - const char *path = NULL; - int errcode = 0; - CONF_MODULE *md; - - /* Look for alternative path in module section */ - path = _CONF_get_string(cnf, value, "path"); - if (path == NULL) { - path = name; - } - dso = DSO_load(NULL, path, NULL, 0); - if (dso == NULL) { - errcode = CONF_R_ERROR_LOADING_DSO; - goto err; - } - ifunc = (conf_init_func *)DSO_bind_func(dso, DSO_mod_init_name); - if (ifunc == NULL) { - errcode = CONF_R_MISSING_INIT_FUNCTION; - goto err; - } - ffunc = (conf_finish_func *)DSO_bind_func(dso, DSO_mod_finish_name); - /* All OK, add module */ - md = module_add(dso, name, ifunc, ffunc); - - if (md == NULL) - goto err; - - return md; - - err: - DSO_free(dso); - ERR_raise_data(ERR_LIB_CONF, errcode, "module=%s, path=%s", name, path); - return NULL; -} - -/* add module to list */ -static CONF_MODULE *module_add(DSO *dso, const char *name, - conf_init_func *ifunc, conf_finish_func *ffunc) -{ - CONF_MODULE *tmod = NULL; - - if (!RUN_ONCE(&init_module_list_lock, do_init_module_list_lock)) - return NULL; - - if (!CRYPTO_THREAD_write_lock(module_list_lock)) - return NULL; - - if (supported_modules == NULL) - supported_modules = sk_CONF_MODULE_new_null(); - if (supported_modules == NULL) - goto err; - if ((tmod = OPENSSL_zalloc(sizeof(*tmod))) == NULL) { - ERR_raise(ERR_LIB_CONF, ERR_R_MALLOC_FAILURE); - goto err; - } - - tmod->dso = dso; - tmod->name = OPENSSL_strdup(name); - tmod->init = ifunc; - tmod->finish = ffunc; - if (tmod->name == NULL) - goto err; - - if (!sk_CONF_MODULE_push(supported_modules, tmod)) - goto err; - - CRYPTO_THREAD_unlock(module_list_lock); - return tmod; - - err: - CRYPTO_THREAD_unlock(module_list_lock); - if (tmod != NULL) { - OPENSSL_free(tmod->name); - OPENSSL_free(tmod); - } - return NULL; -} - -/* - * Find a module from the list. We allow module names of the form - * modname.XXXX to just search for modname to allow the same module to be - * initialized more than once. - */ - -static CONF_MODULE *module_find(const char *name) -{ - CONF_MODULE *tmod; - int i, nchar; - char *p; - p = strrchr(name, '.'); - - if (p) - nchar = p - name; - else - nchar = strlen(name); - - if (!RUN_ONCE(&init_module_list_lock, do_init_module_list_lock)) - return NULL; - - if (!CRYPTO_THREAD_read_lock(module_list_lock)) - return NULL; - - for (i = 0; i < sk_CONF_MODULE_num(supported_modules); i++) { - tmod = sk_CONF_MODULE_value(supported_modules, i); - if (strncmp(tmod->name, name, nchar) == 0) { - CRYPTO_THREAD_unlock(module_list_lock); - return tmod; - } - } - - CRYPTO_THREAD_unlock(module_list_lock); - return NULL; -} - -/* initialize a module */ -static int module_init(CONF_MODULE *pmod, const char *name, const char *value, - const CONF *cnf) -{ - int ret = 1; - int init_called = 0; - CONF_IMODULE *imod = NULL; - - /* Otherwise add initialized module to list */ - imod = OPENSSL_malloc(sizeof(*imod)); - if (imod == NULL) - goto err; - - imod->pmod = pmod; - imod->name = OPENSSL_strdup(name); - imod->value = OPENSSL_strdup(value); - imod->usr_data = NULL; - - if (!imod->name || !imod->value) - goto memerr; - - /* Try to initialize module */ - if (pmod->init) { - ret = pmod->init(imod, cnf); - init_called = 1; - /* Error occurred, exit */ - if (ret <= 0) - goto err; - } - - if (!RUN_ONCE(&init_module_list_lock, do_init_module_list_lock)) - goto err; - - if (!CRYPTO_THREAD_write_lock(module_list_lock)) - goto err; - - if (initialized_modules == NULL) { - initialized_modules = sk_CONF_IMODULE_new_null(); - if (initialized_modules == NULL) { - CRYPTO_THREAD_unlock(module_list_lock); - ERR_raise(ERR_LIB_CONF, ERR_R_MALLOC_FAILURE); - goto err; - } - } - - if (!sk_CONF_IMODULE_push(initialized_modules, imod)) { - CRYPTO_THREAD_unlock(module_list_lock); - ERR_raise(ERR_LIB_CONF, ERR_R_MALLOC_FAILURE); - goto err; - } - - pmod->links++; - - CRYPTO_THREAD_unlock(module_list_lock); - return ret; - - err: - - /* We've started the module so we'd better finish it */ - if (pmod->finish && init_called) - pmod->finish(imod); - - memerr: - if (imod) { - OPENSSL_free(imod->name); - OPENSSL_free(imod->value); - OPENSSL_free(imod); - } - - return -1; - -} - -/* - * Unload any dynamic modules that have a link count of zero: i.e. have no - * active initialized modules. If 'all' is set then all modules are unloaded - * including static ones. - */ - -void CONF_modules_unload(int all) -{ - int i; - CONF_MODULE *md; - - if (!conf_modules_finish_int()) /* also inits module list lock */ - return; - - if (!CRYPTO_THREAD_write_lock(module_list_lock)) - return; - - /* unload modules in reverse order */ - for (i = sk_CONF_MODULE_num(supported_modules) - 1; i >= 0; i--) { - md = sk_CONF_MODULE_value(supported_modules, i); - /* If static or in use and 'all' not set ignore it */ - if (((md->links > 0) || !md->dso) && !all) - continue; - /* Since we're working in reverse this is OK */ - (void)sk_CONF_MODULE_delete(supported_modules, i); - module_free(md); - } - - if (sk_CONF_MODULE_num(supported_modules) == 0) { - sk_CONF_MODULE_free(supported_modules); - supported_modules = NULL; - } - - CRYPTO_THREAD_unlock(module_list_lock); -} - -/* unload a single module */ -static void module_free(CONF_MODULE *md) -{ - DSO_free(md->dso); - OPENSSL_free(md->name); - OPENSSL_free(md); -} - -/* finish and free up all modules instances */ - -static int conf_modules_finish_int(void) -{ - CONF_IMODULE *imod; - - if (!RUN_ONCE(&init_module_list_lock, do_init_module_list_lock)) - return 0; - - /* If module_list_lock is NULL here it means we were already unloaded */ - if (module_list_lock == NULL - || !CRYPTO_THREAD_write_lock(module_list_lock)) - return 0; - - while (sk_CONF_IMODULE_num(initialized_modules) > 0) { - imod = sk_CONF_IMODULE_pop(initialized_modules); - module_finish(imod); - } - sk_CONF_IMODULE_free(initialized_modules); - initialized_modules = NULL; - - CRYPTO_THREAD_unlock(module_list_lock); - - return 1; -} - -void CONF_modules_finish(void) -{ - conf_modules_finish_int(); -} - -/* finish a module instance */ - -static void module_finish(CONF_IMODULE *imod) -{ - if (!imod) - return; - if (imod->pmod->finish) - imod->pmod->finish(imod); - imod->pmod->links--; - OPENSSL_free(imod->name); - OPENSSL_free(imod->value); - OPENSSL_free(imod); -} - -/* Add a static module to OpenSSL */ - -int CONF_module_add(const char *name, conf_init_func *ifunc, - conf_finish_func *ffunc) -{ - if (module_add(NULL, name, ifunc, ffunc)) - return 1; - else - return 0; -} - -void ossl_config_modules_free(void) -{ - CONF_modules_unload(1); /* calls CONF_modules_finish */ - module_lists_free(); -} - -/* Utility functions */ - -const char *CONF_imodule_get_name(const CONF_IMODULE *md) -{ - return md->name; -} - -const char *CONF_imodule_get_value(const CONF_IMODULE *md) -{ - return md->value; -} - -void *CONF_imodule_get_usr_data(const CONF_IMODULE *md) -{ - return md->usr_data; -} - -void CONF_imodule_set_usr_data(CONF_IMODULE *md, void *usr_data) -{ - md->usr_data = usr_data; -} - -CONF_MODULE *CONF_imodule_get_module(const CONF_IMODULE *md) -{ - return md->pmod; -} - -unsigned long CONF_imodule_get_flags(const CONF_IMODULE *md) -{ - return md->flags; -} - -void CONF_imodule_set_flags(CONF_IMODULE *md, unsigned long flags) -{ - md->flags = flags; -} - -void *CONF_module_get_usr_data(CONF_MODULE *pmod) -{ - return pmod->usr_data; -} - -void CONF_module_set_usr_data(CONF_MODULE *pmod, void *usr_data) -{ - pmod->usr_data = usr_data; -} - -/* Return default config file name */ -char *CONF_get1_default_config_file(void) -{ - const char *t; - char *file, *sep = ""; - size_t size; - - if ((file = ossl_safe_getenv("OPENSSL_CONF")) != NULL) - return OPENSSL_strdup(file); - - t = X509_get_default_cert_area(); -#ifndef OPENSSL_SYS_VMS - sep = "/"; -#endif - size = strlen(t) + strlen(sep) + strlen(OPENSSL_CONF) + 1; - file = OPENSSL_malloc(size); - - if (file == NULL) - return NULL; - BIO_snprintf(file, size, "%s%s%s", t, sep, OPENSSL_CONF); - - return file; -} - -/* - * This function takes a list separated by 'sep' and calls the callback - * function giving the start and length of each member optionally stripping - * leading and trailing whitespace. This can be used to parse comma separated - * lists for example. - */ - -int CONF_parse_list(const char *list_, int sep, int nospc, - int (*list_cb) (const char *elem, int len, void *usr), - void *arg) -{ - int ret; - const char *lstart, *tmpend, *p; - - if (list_ == NULL) { - ERR_raise(ERR_LIB_CONF, CONF_R_LIST_CANNOT_BE_NULL); - return 0; - } - - lstart = list_; - for (;;) { - if (nospc) { - while (*lstart && isspace((unsigned char)*lstart)) - lstart++; - } - p = strchr(lstart, sep); - if (p == lstart || *lstart == '\0') - ret = list_cb(NULL, 0, arg); - else { - if (p) - tmpend = p - 1; - else - tmpend = lstart + strlen(lstart) - 1; - if (nospc) { - while (isspace((unsigned char)*tmpend)) - tmpend--; - } - ret = list_cb(lstart, tmpend - lstart + 1, arg); - } - if (ret <= 0) - return ret; - if (p == NULL) - return 1; - lstart = p + 1; - } -} diff --git a/crypto/conf/conf_sap.c b/crypto/conf/conf_sap.c deleted file mode 100644 index 39efcdbf90fa3a76a0a12874de6996ace6bdf5dc..0000000000000000000000000000000000000000 --- a/crypto/conf/conf_sap.c +++ /dev/null @@ -1,77 +0,0 @@ -/* - * Copyright 2002-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include "internal/cryptlib.h" -#include "internal/conf.h" -#include "conf_local.h" -#include -#include -#include - -#if defined(_WIN32) && !defined(__BORLANDC__) -# define strdup _strdup -#endif - -/* - * This is the automatic configuration loader: it is called automatically by - * OpenSSL when any of a number of standard initialisation functions are - * called, unless this is overridden by calling OPENSSL_no_config() - */ - -static int openssl_configured = 0; - -#ifndef OPENSSL_NO_DEPRECATED_1_1_0 -void OPENSSL_config(const char *appname) -{ - OPENSSL_INIT_SETTINGS settings; - - memset(&settings, 0, sizeof(settings)); - if (appname != NULL) - settings.appname = strdup(appname); - settings.flags = DEFAULT_CONF_MFLAGS; - OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, &settings); -} -#endif - -int ossl_config_int(const OPENSSL_INIT_SETTINGS *settings) -{ - int ret = 0; -#if defined(OPENSSL_INIT_DEBUG) || !defined(OPENSSL_SYS_UEFI) - const char *filename; - const char *appname; - unsigned long flags; -#endif - - if (openssl_configured) - return 1; - -#if defined(OPENSSL_INIT_DEBUG) || !defined(OPENSSL_SYS_UEFI) - filename = settings ? settings->filename : NULL; - appname = settings ? settings->appname : NULL; - flags = settings ? settings->flags : DEFAULT_CONF_MFLAGS; -#endif - -#ifdef OPENSSL_INIT_DEBUG - fprintf(stderr, "OPENSSL_INIT: ossl_config_int(%s, %s, %lu)\n", - filename, appname, flags); -#endif - -#ifndef OPENSSL_SYS_UEFI - ret = CONF_modules_load_file(filename, appname, flags); -#endif - openssl_configured = 1; - return ret; -} - -void ossl_no_config_int(void) -{ - openssl_configured = 1; -} diff --git a/crypto/conf/conf_ssl.c b/crypto/conf/conf_ssl.c deleted file mode 100644 index 84c5b2afe5818fd96b875659f37194fee528130e..0000000000000000000000000000000000000000 --- a/crypto/conf/conf_ssl.c +++ /dev/null @@ -1,182 +0,0 @@ -/* - * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include -#include "internal/sslconf.h" -#include "conf_local.h" - -/* - * SSL library configuration module placeholder. We load it here but defer - * all decisions about its contents to libssl. - */ - -struct ssl_conf_name_st { - /* Name of this set of commands */ - char *name; - /* List of commands */ - SSL_CONF_CMD *cmds; - /* Number of commands */ - size_t cmd_count; -}; - -struct ssl_conf_cmd_st { - /* Command */ - char *cmd; - /* Argument */ - char *arg; -}; - -static struct ssl_conf_name_st *ssl_names; -static size_t ssl_names_count; - -static void ssl_module_free(CONF_IMODULE *md) -{ - size_t i, j; - if (ssl_names == NULL) - return; - for (i = 0; i < ssl_names_count; i++) { - struct ssl_conf_name_st *tname = ssl_names + i; - - OPENSSL_free(tname->name); - for (j = 0; j < tname->cmd_count; j++) { - OPENSSL_free(tname->cmds[j].cmd); - OPENSSL_free(tname->cmds[j].arg); - } - OPENSSL_free(tname->cmds); - } - OPENSSL_free(ssl_names); - ssl_names = NULL; - ssl_names_count = 0; -} - -static int ssl_module_init(CONF_IMODULE *md, const CONF *cnf) -{ - size_t i, j, cnt; - int rv = 0; - const char *ssl_conf_section; - STACK_OF(CONF_VALUE) *cmd_lists; - - ssl_conf_section = CONF_imodule_get_value(md); - cmd_lists = NCONF_get_section(cnf, ssl_conf_section); - if (sk_CONF_VALUE_num(cmd_lists) <= 0) { - int rcode = - cmd_lists == NULL - ? CONF_R_SSL_SECTION_NOT_FOUND - : CONF_R_SSL_SECTION_EMPTY; - - ERR_raise_data(ERR_LIB_CONF, rcode, "section=%s", ssl_conf_section); - goto err; - } - cnt = sk_CONF_VALUE_num(cmd_lists); - ssl_module_free(md); - ssl_names = OPENSSL_zalloc(sizeof(*ssl_names) * cnt); - if (ssl_names == NULL) - goto err; - ssl_names_count = cnt; - for (i = 0; i < ssl_names_count; i++) { - struct ssl_conf_name_st *ssl_name = ssl_names + i; - CONF_VALUE *sect = sk_CONF_VALUE_value(cmd_lists, (int)i); - STACK_OF(CONF_VALUE) *cmds = NCONF_get_section(cnf, sect->value); - - if (sk_CONF_VALUE_num(cmds) <= 0) { - int rcode = - cmds == NULL - ? CONF_R_SSL_COMMAND_SECTION_NOT_FOUND - : CONF_R_SSL_COMMAND_SECTION_EMPTY; - - ERR_raise_data(ERR_LIB_CONF, rcode, - "name=%s, value=%s", sect->name, sect->value); - goto err; - } - ssl_name->name = OPENSSL_strdup(sect->name); - if (ssl_name->name == NULL) - goto err; - cnt = sk_CONF_VALUE_num(cmds); - ssl_name->cmds = OPENSSL_zalloc(cnt * sizeof(struct ssl_conf_cmd_st)); - if (ssl_name->cmds == NULL) - goto err; - ssl_name->cmd_count = cnt; - for (j = 0; j < cnt; j++) { - const char *name; - CONF_VALUE *cmd_conf = sk_CONF_VALUE_value(cmds, (int)j); - struct ssl_conf_cmd_st *cmd = ssl_name->cmds + j; - - /* Skip any initial dot in name */ - name = strchr(cmd_conf->name, '.'); - if (name != NULL) - name++; - else - name = cmd_conf->name; - cmd->cmd = OPENSSL_strdup(name); - cmd->arg = OPENSSL_strdup(cmd_conf->value); - if (cmd->cmd == NULL || cmd->arg == NULL) - goto err; - } - - } - rv = 1; - err: - if (rv == 0) - ssl_module_free(md); - return rv; -} - -/* - * Returns the set of commands with index |idx| previously searched for via - * conf_ssl_name_find. Also stores the name of the set of commands in |*name| - * and the number of commands in the set in |*cnt|. - */ -const SSL_CONF_CMD *conf_ssl_get(size_t idx, const char **name, size_t *cnt) -{ - *name = ssl_names[idx].name; - *cnt = ssl_names[idx].cmd_count; - return ssl_names[idx].cmds; -} - -/* - * Search for the named set of commands given in |name|. On success return the - * index for the command set in |*idx|. - * Returns 1 on success or 0 on failure. - */ -int conf_ssl_name_find(const char *name, size_t *idx) -{ - size_t i; - const struct ssl_conf_name_st *nm; - - if (name == NULL) - return 0; - for (i = 0, nm = ssl_names; i < ssl_names_count; i++, nm++) { - if (strcmp(nm->name, name) == 0) { - *idx = i; - return 1; - } - } - return 0; -} - -/* - * Given a command set |cmd|, return details on the command at index |idx| which - * must be less than the number of commands in the set (as returned by - * conf_ssl_get). The name of the command will be returned in |*cmdstr| and the - * argument is returned in |*arg|. - */ -void conf_ssl_get_cmd(const SSL_CONF_CMD *cmd, size_t idx, char **cmdstr, - char **arg) -{ - *cmdstr = cmd[idx].cmd; - *arg = cmd[idx].arg; -} - -void ossl_config_add_ssl_module(void) -{ - CONF_module_add("ssl_conf", ssl_module_init, ssl_module_free); -} diff --git a/crypto/conf/keysets.pl b/crypto/conf/keysets.pl deleted file mode 100644 index 7e83d800501bfae3064d52076dfa441004e1422c..0000000000000000000000000000000000000000 --- a/crypto/conf/keysets.pl +++ /dev/null @@ -1,125 +0,0 @@ -#! /usr/bin/env perl -# Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - -use strict; -use warnings; -use FindBin; -use lib "$FindBin::Bin/../../util/perl"; -use OpenSSL::copyright; - -my $NUMBER = 0x0001; -my $UPPER = 0x0002; -my $LOWER = 0x0004; -my $UNDER = 0x0100; -my $PUNCTUATION = 0x0200; -my $WS = 0x0010; -my $ESC = 0x0020; -my $QUOTE = 0x0040; -my $DQUOTE = 0x0400; -my $COMMENT = 0x0080; -my $FCOMMENT = 0x0800; -my $DOLLAR = 0x1000; -my $EOF = 0x0008; -my @V_def; -my @V_w32; - -my $v; -my $c; -foreach (0 .. 127) { - $c = sprintf("%c", $_); - $v = 0; - $v |= $NUMBER if $c =~ /[0-9]/; - $v |= $UPPER if $c =~ /[A-Z]/; - $v |= $LOWER if $c =~ /[a-z]/; - $v |= $UNDER if $c =~ /_/; - $v |= $PUNCTUATION if $c =~ /[!\.%&\*\+,\/;\?\@\^\~\|-]/; - $v |= $WS if $c =~ /[ \t\r\n]/; - $v |= $ESC if $c =~ /\\/; - $v |= $QUOTE if $c =~ /['`"]/; # for emacs: "`' - $v |= $COMMENT if $c =~ /\#/; - $v |= $DOLLAR if $c eq '$'; - $v |= $EOF if $c =~ /\0/; - push(@V_def, $v); - - $v = 0; - $v |= $NUMBER if $c =~ /[0-9]/; - $v |= $UPPER if $c =~ /[A-Z]/; - $v |= $LOWER if $c =~ /[a-z]/; - $v |= $UNDER if $c =~ /_/; - $v |= $PUNCTUATION if $c =~ /[!\.%&\*\+,\/;\?\@\^\~\|-]/; - $v |= $WS if $c =~ /[ \t\r\n]/; - $v |= $DQUOTE if $c =~ /["]/; # for emacs: " - $v |= $FCOMMENT if $c =~ /;/; - $v |= $DOLLAR if $c eq '$'; - $v |= $EOF if $c =~ /\0/; - push(@V_w32, $v); -} - -# The year the output file is generated. -my $YEAR = OpenSSL::copyright::year_of($0); -print <<"EOF"; -/* - * WARNING: do not edit! - * Generated by crypto/conf/keysets.pl - * - * Copyright 1995-$YEAR The OpenSSL Project Authors. All Rights Reserved. - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#define CONF_NUMBER $NUMBER -#define CONF_UPPER $UPPER -#define CONF_LOWER $LOWER -#define CONF_UNDER $UNDER -#define CONF_PUNCT $PUNCTUATION -#define CONF_WS $WS -#define CONF_ESC $ESC -#define CONF_QUOTE $QUOTE -#define CONF_DQUOTE $DQUOTE -#define CONF_COMMENT $COMMENT -#define CONF_FCOMMENT $FCOMMENT -#define CONF_DOLLAR $DOLLAR -#define CONF_EOF $EOF -#define CONF_ALPHA (CONF_UPPER|CONF_LOWER) -#define CONF_ALNUM (CONF_ALPHA|CONF_NUMBER|CONF_UNDER) -#define CONF_ALNUM_PUNCT (CONF_ALPHA|CONF_NUMBER|CONF_UNDER|CONF_PUNCT) - - -#define IS_COMMENT(conf,c) is_keytype(conf, c, CONF_COMMENT) -#define IS_FCOMMENT(conf,c) is_keytype(conf, c, CONF_FCOMMENT) -#define IS_EOF(conf,c) is_keytype(conf, c, CONF_EOF) -#define IS_ESC(conf,c) is_keytype(conf, c, CONF_ESC) -#define IS_NUMBER(conf,c) is_keytype(conf, c, CONF_NUMBER) -#define IS_WS(conf,c) is_keytype(conf, c, CONF_WS) -#define IS_ALNUM(conf,c) is_keytype(conf, c, CONF_ALNUM) -#define IS_ALNUM_PUNCT(conf,c) is_keytype(conf, c, CONF_ALNUM_PUNCT) -#define IS_QUOTE(conf,c) is_keytype(conf, c, CONF_QUOTE) -#define IS_DQUOTE(conf,c) is_keytype(conf, c, CONF_DQUOTE) -#define IS_DOLLAR(conf,c) is_keytype(conf, c, CONF_DOLLAR) - -EOF - -my $i; - -print "static const unsigned short CONF_type_default[128] = {"; -for ($i = 0; $i < 128; $i++) { - print "\n " if ($i % 8) == 0; - printf " 0x%04X,", $V_def[$i]; -} -print "\n};\n\n"; - -print "#ifndef OPENSSL_NO_DEPRECATED_3_0\n"; -print "static const unsigned short CONF_type_win32[128] = {"; -for ($i = 0; $i < 128; $i++) { - print "\n " if ($i % 8) == 0; - printf " 0x%04X,", $V_w32[$i]; -} -print "\n};\n"; -print "#endif\n"; diff --git a/crypto/context.c b/crypto/context.c deleted file mode 100644 index bdfc4d02a3f0f24c6c6a4b8eb537df3b3d1de21e..0000000000000000000000000000000000000000 --- a/crypto/context.c +++ /dev/null @@ -1,495 +0,0 @@ -/* - * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include "crypto/cryptlib.h" -#include -#include "internal/thread_once.h" -#include "internal/property.h" -#include "internal/core.h" -#include "internal/bio.h" -#include "internal/provider.h" -#include "crypto/ctype.h" - -struct ossl_lib_ctx_onfree_list_st { - ossl_lib_ctx_onfree_fn *fn; - struct ossl_lib_ctx_onfree_list_st *next; -}; - -struct ossl_lib_ctx_st { - CRYPTO_RWLOCK *lock; - CRYPTO_EX_DATA data; - - /* - * For most data in the OSSL_LIB_CTX we just use ex_data to store it. But - * that doesn't work for ex_data itself - so we store that directly. - */ - OSSL_EX_DATA_GLOBAL global; - - /* Map internal static indexes to dynamically created indexes */ - int dyn_indexes[OSSL_LIB_CTX_MAX_INDEXES]; - - /* Keep a separate lock for each index */ - CRYPTO_RWLOCK *index_locks[OSSL_LIB_CTX_MAX_INDEXES]; - - CRYPTO_RWLOCK *oncelock; - int run_once_done[OSSL_LIB_CTX_MAX_RUN_ONCE]; - int run_once_ret[OSSL_LIB_CTX_MAX_RUN_ONCE]; - struct ossl_lib_ctx_onfree_list_st *onfreelist; - unsigned int ischild:1; -}; - -int ossl_lib_ctx_write_lock(OSSL_LIB_CTX *ctx) -{ - return CRYPTO_THREAD_write_lock(ossl_lib_ctx_get_concrete(ctx)->lock); -} - -int ossl_lib_ctx_read_lock(OSSL_LIB_CTX *ctx) -{ - return CRYPTO_THREAD_read_lock(ossl_lib_ctx_get_concrete(ctx)->lock); -} - -int ossl_lib_ctx_unlock(OSSL_LIB_CTX *ctx) -{ - return CRYPTO_THREAD_unlock(ossl_lib_ctx_get_concrete(ctx)->lock); -} - -int ossl_lib_ctx_is_child(OSSL_LIB_CTX *ctx) -{ - ctx = ossl_lib_ctx_get_concrete(ctx); - - if (ctx == NULL) - return 0; - return ctx->ischild; -} - -static int context_init(OSSL_LIB_CTX *ctx) -{ - size_t i; - int exdata_done = 0; - - ctx->lock = CRYPTO_THREAD_lock_new(); - if (ctx->lock == NULL) - return 0; - - ctx->oncelock = CRYPTO_THREAD_lock_new(); - if (ctx->oncelock == NULL) - goto err; - - for (i = 0; i < OSSL_LIB_CTX_MAX_INDEXES; i++) { - ctx->index_locks[i] = CRYPTO_THREAD_lock_new(); - ctx->dyn_indexes[i] = -1; - if (ctx->index_locks[i] == NULL) - goto err; - } - - /* OSSL_LIB_CTX is built on top of ex_data so we initialise that directly */ - if (!ossl_do_ex_data_init(ctx)) - goto err; - exdata_done = 1; - - if (!ossl_crypto_new_ex_data_ex(ctx, CRYPTO_EX_INDEX_OSSL_LIB_CTX, NULL, - &ctx->data)) - goto err; - - /* Everything depends on properties, so we also pre-initialise that */ - if (!ossl_property_parse_init(ctx)) - goto err; - - return 1; - err: - if (exdata_done) - ossl_crypto_cleanup_all_ex_data_int(ctx); - for (i = 0; i < OSSL_LIB_CTX_MAX_INDEXES; i++) - CRYPTO_THREAD_lock_free(ctx->index_locks[i]); - CRYPTO_THREAD_lock_free(ctx->oncelock); - CRYPTO_THREAD_lock_free(ctx->lock); - memset(ctx, '\0', sizeof(*ctx)); - return 0; -} - -static int context_deinit(OSSL_LIB_CTX *ctx) -{ - struct ossl_lib_ctx_onfree_list_st *tmp, *onfree; - int i; - - if (ctx == NULL) - return 1; - - ossl_ctx_thread_stop(ctx); - - onfree = ctx->onfreelist; - while (onfree != NULL) { - onfree->fn(ctx); - tmp = onfree; - onfree = onfree->next; - OPENSSL_free(tmp); - } - CRYPTO_free_ex_data(CRYPTO_EX_INDEX_OSSL_LIB_CTX, NULL, &ctx->data); - ossl_crypto_cleanup_all_ex_data_int(ctx); - for (i = 0; i < OSSL_LIB_CTX_MAX_INDEXES; i++) - CRYPTO_THREAD_lock_free(ctx->index_locks[i]); - - CRYPTO_THREAD_lock_free(ctx->oncelock); - CRYPTO_THREAD_lock_free(ctx->lock); - ctx->lock = NULL; - return 1; -} - -#ifndef FIPS_MODULE -/* The default default context */ -static OSSL_LIB_CTX default_context_int; - -static CRYPTO_ONCE default_context_init = CRYPTO_ONCE_STATIC_INIT; -static CRYPTO_THREAD_LOCAL default_context_thread_local; - -DEFINE_RUN_ONCE_STATIC(default_context_do_init) -{ - return CRYPTO_THREAD_init_local(&default_context_thread_local, NULL) - && context_init(&default_context_int); -} - -void ossl_lib_ctx_default_deinit(void) -{ - context_deinit(&default_context_int); - CRYPTO_THREAD_cleanup_local(&default_context_thread_local); -} - -static OSSL_LIB_CTX *get_thread_default_context(void) -{ - if (!RUN_ONCE(&default_context_init, default_context_do_init)) - return NULL; - - return CRYPTO_THREAD_get_local(&default_context_thread_local); -} - -static OSSL_LIB_CTX *get_default_context(void) -{ - OSSL_LIB_CTX *current_defctx = get_thread_default_context(); - - if (current_defctx == NULL) - current_defctx = &default_context_int; - return current_defctx; -} - -static int set_default_context(OSSL_LIB_CTX *defctx) -{ - if (defctx == &default_context_int) - defctx = NULL; - - return CRYPTO_THREAD_set_local(&default_context_thread_local, defctx); -} -#endif - -OSSL_LIB_CTX *OSSL_LIB_CTX_new(void) -{ - OSSL_LIB_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx)); - - if (ctx != NULL && !context_init(ctx)) { - OPENSSL_free(ctx); - ctx = NULL; - } - return ctx; -} - -#ifndef FIPS_MODULE -OSSL_LIB_CTX *OSSL_LIB_CTX_new_from_dispatch(const OSSL_CORE_HANDLE *handle, - const OSSL_DISPATCH *in) -{ - OSSL_LIB_CTX *ctx = OSSL_LIB_CTX_new(); - - if (ctx == NULL) - return NULL; - - if (!ossl_bio_init_core(ctx, in)) { - OSSL_LIB_CTX_free(ctx); - return NULL; - } - - return ctx; -} - -OSSL_LIB_CTX *OSSL_LIB_CTX_new_child(const OSSL_CORE_HANDLE *handle, - const OSSL_DISPATCH *in) -{ - OSSL_LIB_CTX *ctx = OSSL_LIB_CTX_new_from_dispatch(handle, in); - - if (ctx == NULL) - return NULL; - - if (!ossl_provider_init_as_child(ctx, handle, in)) { - OSSL_LIB_CTX_free(ctx); - return NULL; - } - ctx->ischild = 1; - - return ctx; -} - -int OSSL_LIB_CTX_load_config(OSSL_LIB_CTX *ctx, const char *config_file) -{ - return CONF_modules_load_file_ex(ctx, config_file, NULL, 0) > 0; -} -#endif - -void OSSL_LIB_CTX_free(OSSL_LIB_CTX *ctx) -{ - if (ossl_lib_ctx_is_default(ctx)) - return; - -#ifndef FIPS_MODULE - if (ctx->ischild) - ossl_provider_deinit_child(ctx); -#endif - context_deinit(ctx); - OPENSSL_free(ctx); -} - -#ifndef FIPS_MODULE -OSSL_LIB_CTX *OSSL_LIB_CTX_get0_global_default(void) -{ - if (!RUN_ONCE(&default_context_init, default_context_do_init)) - return NULL; - - return &default_context_int; -} - -OSSL_LIB_CTX *OSSL_LIB_CTX_set0_default(OSSL_LIB_CTX *libctx) -{ - OSSL_LIB_CTX *current_defctx; - - if ((current_defctx = get_default_context()) != NULL) { - if (libctx != NULL) - set_default_context(libctx); - return current_defctx; - } - - return NULL; -} -#endif - -OSSL_LIB_CTX *ossl_lib_ctx_get_concrete(OSSL_LIB_CTX *ctx) -{ -#ifndef FIPS_MODULE - if (ctx == NULL) - return get_default_context(); -#endif - return ctx; -} - -int ossl_lib_ctx_is_default(OSSL_LIB_CTX *ctx) -{ -#ifndef FIPS_MODULE - if (ctx == NULL || ctx == get_default_context()) - return 1; -#endif - return 0; -} - -int ossl_lib_ctx_is_global_default(OSSL_LIB_CTX *ctx) -{ -#ifndef FIPS_MODULE - if (ossl_lib_ctx_get_concrete(ctx) == &default_context_int) - return 1; -#endif - return 0; -} - -static void ossl_lib_ctx_generic_new(void *parent_ign, void *ptr_ign, - CRYPTO_EX_DATA *ad, int index, - long argl_ign, void *argp) -{ - const OSSL_LIB_CTX_METHOD *meth = argp; - OSSL_LIB_CTX *ctx = ossl_crypto_ex_data_get_ossl_lib_ctx(ad); - void *ptr = meth->new_func(ctx); - - if (ptr != NULL) { - if (!CRYPTO_THREAD_write_lock(ctx->lock)) - /* - * Can't return something, so best to hope that something will - * fail later. :( - */ - return; - CRYPTO_set_ex_data(ad, index, ptr); - CRYPTO_THREAD_unlock(ctx->lock); - } -} -static void ossl_lib_ctx_generic_free(void *parent_ign, void *ptr, - CRYPTO_EX_DATA *ad, int index, - long argl_ign, void *argp) -{ - const OSSL_LIB_CTX_METHOD *meth = argp; - - meth->free_func(ptr); -} - -static int ossl_lib_ctx_init_index(OSSL_LIB_CTX *ctx, int static_index, - const OSSL_LIB_CTX_METHOD *meth) -{ - int idx; - - ctx = ossl_lib_ctx_get_concrete(ctx); - if (ctx == NULL) - return 0; - - idx = ossl_crypto_get_ex_new_index_ex(ctx, CRYPTO_EX_INDEX_OSSL_LIB_CTX, 0, - (void *)meth, - ossl_lib_ctx_generic_new, - NULL, ossl_lib_ctx_generic_free, - meth->priority); - if (idx < 0) - return 0; - - ctx->dyn_indexes[static_index] = idx; - return 1; -} - -void *ossl_lib_ctx_get_data(OSSL_LIB_CTX *ctx, int index, - const OSSL_LIB_CTX_METHOD *meth) -{ - void *data = NULL; - int dynidx; - - ctx = ossl_lib_ctx_get_concrete(ctx); - if (ctx == NULL) - return NULL; - - if (!CRYPTO_THREAD_read_lock(ctx->lock)) - return NULL; - dynidx = ctx->dyn_indexes[index]; - CRYPTO_THREAD_unlock(ctx->lock); - - if (dynidx != -1) { - if (!CRYPTO_THREAD_read_lock(ctx->index_locks[index])) - return NULL; - if (!CRYPTO_THREAD_read_lock(ctx->lock)) { - CRYPTO_THREAD_unlock(ctx->index_locks[index]); - return NULL; - } - data = CRYPTO_get_ex_data(&ctx->data, dynidx); - CRYPTO_THREAD_unlock(ctx->lock); - CRYPTO_THREAD_unlock(ctx->index_locks[index]); - return data; - } - - if (!CRYPTO_THREAD_write_lock(ctx->index_locks[index])) - return NULL; - if (!CRYPTO_THREAD_write_lock(ctx->lock)) { - CRYPTO_THREAD_unlock(ctx->index_locks[index]); - return NULL; - } - - dynidx = ctx->dyn_indexes[index]; - if (dynidx != -1) { - data = CRYPTO_get_ex_data(&ctx->data, dynidx); - CRYPTO_THREAD_unlock(ctx->lock); - CRYPTO_THREAD_unlock(ctx->index_locks[index]); - return data; - } - - if (!ossl_lib_ctx_init_index(ctx, index, meth)) { - CRYPTO_THREAD_unlock(ctx->lock); - CRYPTO_THREAD_unlock(ctx->index_locks[index]); - return NULL; - } - - CRYPTO_THREAD_unlock(ctx->lock); - - /* - * The alloc call ensures there's a value there. We release the ctx->lock - * for this, because the allocation itself may recursively call - * ossl_lib_ctx_get_data for other indexes (never this one). The allocation - * will itself aquire the ctx->lock when it actually comes to store the - * allocated data (see ossl_lib_ctx_generic_new() above). We call - * ossl_crypto_alloc_ex_data_intern() here instead of CRYPTO_alloc_ex_data(). - * They do the same thing except that the latter calls CRYPTO_get_ex_data() - * as well - which we must not do without holding the ctx->lock. - */ - if (ossl_crypto_alloc_ex_data_intern(CRYPTO_EX_INDEX_OSSL_LIB_CTX, NULL, - &ctx->data, ctx->dyn_indexes[index])) { - if (!CRYPTO_THREAD_read_lock(ctx->lock)) - goto end; - data = CRYPTO_get_ex_data(&ctx->data, ctx->dyn_indexes[index]); - CRYPTO_THREAD_unlock(ctx->lock); - } - -end: - CRYPTO_THREAD_unlock(ctx->index_locks[index]); - return data; -} - -OSSL_EX_DATA_GLOBAL *ossl_lib_ctx_get_ex_data_global(OSSL_LIB_CTX *ctx) -{ - ctx = ossl_lib_ctx_get_concrete(ctx); - if (ctx == NULL) - return NULL; - return &ctx->global; -} - -int ossl_lib_ctx_run_once(OSSL_LIB_CTX *ctx, unsigned int idx, - ossl_lib_ctx_run_once_fn run_once_fn) -{ - int done = 0, ret = 0; - - ctx = ossl_lib_ctx_get_concrete(ctx); - if (ctx == NULL) - return 0; - - if (!CRYPTO_THREAD_read_lock(ctx->oncelock)) - return 0; - done = ctx->run_once_done[idx]; - if (done) - ret = ctx->run_once_ret[idx]; - CRYPTO_THREAD_unlock(ctx->oncelock); - - if (done) - return ret; - - if (!CRYPTO_THREAD_write_lock(ctx->oncelock)) - return 0; - if (ctx->run_once_done[idx]) { - ret = ctx->run_once_ret[idx]; - CRYPTO_THREAD_unlock(ctx->oncelock); - return ret; - } - - ret = run_once_fn(ctx); - ctx->run_once_done[idx] = 1; - ctx->run_once_ret[idx] = ret; - CRYPTO_THREAD_unlock(ctx->oncelock); - - return ret; -} - -int ossl_lib_ctx_onfree(OSSL_LIB_CTX *ctx, ossl_lib_ctx_onfree_fn onfreefn) -{ - struct ossl_lib_ctx_onfree_list_st *newonfree - = OPENSSL_malloc(sizeof(*newonfree)); - - if (newonfree == NULL) - return 0; - - newonfree->fn = onfreefn; - newonfree->next = ctx->onfreelist; - ctx->onfreelist = newonfree; - - return 1; -} - -const char *ossl_lib_ctx_get_descriptor(OSSL_LIB_CTX *libctx) -{ -#ifdef FIPS_MODULE - return "FIPS internal library context"; -#else - if (ossl_lib_ctx_is_global_default(libctx)) - return "Global default library context"; - if (ossl_lib_ctx_is_default(libctx)) - return "Thread-local default library context"; - return "Non-default library context"; -#endif -} diff --git a/crypto/core_algorithm.c b/crypto/core_algorithm.c deleted file mode 100644 index c245c814d98c6b26d29dd89ce01f1f4da2503b04..0000000000000000000000000000000000000000 --- a/crypto/core_algorithm.c +++ /dev/null @@ -1,199 +0,0 @@ -/* - * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include "internal/core.h" -#include "internal/property.h" -#include "internal/provider.h" - -struct algorithm_data_st { - OSSL_LIB_CTX *libctx; - int operation_id; /* May be zero for finding them all */ - int (*pre)(OSSL_PROVIDER *, int operation_id, int no_store, void *data, - int *result); - int (*reserve_store)(int no_store, void *data); - void (*fn)(OSSL_PROVIDER *, const OSSL_ALGORITHM *, int no_store, - void *data); - int (*unreserve_store)(void *data); - int (*post)(OSSL_PROVIDER *, int operation_id, int no_store, void *data, - int *result); - void *data; -}; - -/* - * Process one OSSL_ALGORITHM array, for the operation |cur_operation|, - * by constructing methods for all its implementations and adding those - * to the appropriate method store. - * Which method store is appropriate is given by |no_store| ("permanent" - * if 0, temporary if 1) and other data in |data->data|. - * - * Returns: - * -1 to quit adding algorithm implementations immediately - * 0 if not successful, but adding should continue - * 1 if successful so far, and adding should continue - */ -static int algorithm_do_map(OSSL_PROVIDER *provider, const OSSL_ALGORITHM *map, - int cur_operation, int no_store, void *cbdata) -{ - struct algorithm_data_st *data = cbdata; - int ret = 0; - - if (!data->reserve_store(no_store, data->data)) - /* Error, bail out! */ - return -1; - - /* Do we fulfill pre-conditions? */ - if (data->pre == NULL) { - /* If there is no pre-condition function, assume "yes" */ - ret = 1; - } else if (!data->pre(provider, cur_operation, no_store, data->data, - &ret)) { - /* Error, bail out! */ - ret = -1; - goto end; - } - - /* - * If pre-condition not fulfilled don't add this set of implementations, - * but do continue with the next. This simply means that another thread - * got to it first. - */ - if (ret == 0) { - ret = 1; - goto end; - } - - if (map != NULL) { - const OSSL_ALGORITHM *thismap; - - for (thismap = map; thismap->algorithm_names != NULL; thismap++) - data->fn(provider, thismap, no_store, data->data); - } - - /* Do we fulfill post-conditions? */ - if (data->post == NULL) { - /* If there is no post-condition function, assume "yes" */ - ret = 1; - } else if (!data->post(provider, cur_operation, no_store, data->data, - &ret)) { - /* Error, bail out! */ - ret = -1; - } - - end: - data->unreserve_store(data->data); - - return ret; -} - -/* - * Given a provider, process one operation given by |data->operation_id|, or - * if that's zero, process all known operations. - * For each such operation, query the associated OSSL_ALGORITHM array from - * the provider, then process that array with |algorithm_do_map()|. - */ -static int algorithm_do_this(OSSL_PROVIDER *provider, void *cbdata) -{ - struct algorithm_data_st *data = cbdata; - int first_operation = 1; - int last_operation = OSSL_OP__HIGHEST; - int cur_operation; - int ok = 1; - - if (data->operation_id != 0) - first_operation = last_operation = data->operation_id; - - for (cur_operation = first_operation; - cur_operation <= last_operation; - cur_operation++) { - int no_store = 0; /* Assume caching is ok */ - const OSSL_ALGORITHM *map = NULL; - int ret = 0; - - map = ossl_provider_query_operation(provider, cur_operation, - &no_store); - ret = algorithm_do_map(provider, map, cur_operation, no_store, data); - ossl_provider_unquery_operation(provider, cur_operation, map); - - if (ret < 0) - /* Hard error, bail out immediately! */ - return 0; - - /* If post-condition not fulfilled, set general failure */ - if (!ret) - ok = 0; - } - - return ok; -} - -void ossl_algorithm_do_all(OSSL_LIB_CTX *libctx, int operation_id, - OSSL_PROVIDER *provider, - int (*pre)(OSSL_PROVIDER *, int operation_id, - int no_store, void *data, int *result), - int (*reserve_store)(int no_store, void *data), - void (*fn)(OSSL_PROVIDER *provider, - const OSSL_ALGORITHM *algo, - int no_store, void *data), - int (*unreserve_store)(void *data), - int (*post)(OSSL_PROVIDER *, int operation_id, - int no_store, void *data, int *result), - void *data) -{ - struct algorithm_data_st cbdata = { 0, }; - - cbdata.libctx = libctx; - cbdata.operation_id = operation_id; - cbdata.pre = pre; - cbdata.reserve_store = reserve_store; - cbdata.fn = fn; - cbdata.unreserve_store = unreserve_store; - cbdata.post = post; - cbdata.data = data; - - if (provider == NULL) { - ossl_provider_doall_activated(libctx, algorithm_do_this, &cbdata); - } else { - OSSL_LIB_CTX *libctx2 = ossl_provider_libctx(provider); - - /* - * If a provider is given, its library context MUST match the library - * context we're passed. If this turns out not to be true, there is - * a programming error in the functions up the call stack. - */ - if (!ossl_assert(ossl_lib_ctx_get_concrete(libctx) - == ossl_lib_ctx_get_concrete(libctx2))) - return; - - cbdata.libctx = libctx2; - algorithm_do_this(provider, &cbdata); - } -} - -char *ossl_algorithm_get1_first_name(const OSSL_ALGORITHM *algo) -{ - const char *first_name_end = NULL; - size_t first_name_len = 0; - char *ret; - - if (algo->algorithm_names == NULL) - return NULL; - - first_name_end = strchr(algo->algorithm_names, ':'); - if (first_name_end == NULL) - first_name_len = strlen(algo->algorithm_names); - else - first_name_len = first_name_end - algo->algorithm_names; - - ret = OPENSSL_strndup(algo->algorithm_names, first_name_len); - if (ret == NULL) - ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE); - return ret; -} diff --git a/crypto/core_fetch.c b/crypto/core_fetch.c deleted file mode 100644 index 38db36ee1f75e928893a1da65133531817ddad37..0000000000000000000000000000000000000000 --- a/crypto/core_fetch.c +++ /dev/null @@ -1,171 +0,0 @@ -/* - * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include - -#include -#include "internal/cryptlib.h" -#include "internal/core.h" -#include "internal/property.h" -#include "internal/provider.h" - -struct construct_data_st { - OSSL_LIB_CTX *libctx; - OSSL_METHOD_STORE *store; - int operation_id; - int force_store; - OSSL_METHOD_CONSTRUCT_METHOD *mcm; - void *mcm_data; -}; - -static int is_temporary_method_store(int no_store, void *cbdata) -{ - struct construct_data_st *data = cbdata; - - return no_store && !data->force_store; -} - -static int ossl_method_construct_reserve_store(int no_store, void *cbdata) -{ - struct construct_data_st *data = cbdata; - - if (is_temporary_method_store(no_store, data) && data->store == NULL) { - /* - * If we have been told not to store the method "permanently", we - * ask for a temporary store, and store the method there. - * The owner of |data->mcm| is completely responsible for managing - * that temporary store. - */ - if ((data->store = data->mcm->get_tmp_store(data->mcm_data)) == NULL) - return 0; - } - - return data->mcm->lock_store(data->store, data->mcm_data); -} - -static int ossl_method_construct_unreserve_store(void *cbdata) -{ - struct construct_data_st *data = cbdata; - - return data->mcm->unlock_store(data->store, data->mcm_data); -} - -static int ossl_method_construct_precondition(OSSL_PROVIDER *provider, - int operation_id, int no_store, - void *cbdata, int *result) -{ - if (!ossl_assert(result != NULL)) { - ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - - /* Assume that no bits are set */ - *result = 0; - - /* No flag bits for temporary stores */ - if (!is_temporary_method_store(no_store, cbdata) - && !ossl_provider_test_operation_bit(provider, operation_id, result)) - return 0; - - /* - * The result we get tells if methods have already been constructed. - * However, we want to tell whether construction should happen (true) - * or not (false), which is the opposite of what we got. - */ - *result = !*result; - - return 1; -} - -static int ossl_method_construct_postcondition(OSSL_PROVIDER *provider, - int operation_id, int no_store, - void *cbdata, int *result) -{ - if (!ossl_assert(result != NULL)) { - ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - - *result = 1; - - /* No flag bits for temporary stores */ - return is_temporary_method_store(no_store, cbdata) - || ossl_provider_set_operation_bit(provider, operation_id); -} - -static void ossl_method_construct_this(OSSL_PROVIDER *provider, - const OSSL_ALGORITHM *algo, - int no_store, void *cbdata) -{ - struct construct_data_st *data = cbdata; - void *method = NULL; - - if ((method = data->mcm->construct(algo, provider, data->mcm_data)) - == NULL) - return; - - /* - * Note regarding putting the method in stores: - * - * we don't need to care if it actually got in or not here. - * If it didn't get in, it will simply not be available when - * ossl_method_construct() tries to get it from the store. - * - * It is *expected* that the put function increments the refcnt - * of the passed method. - */ - data->mcm->put(data->store, method, provider, algo->algorithm_names, - algo->property_definition, data->mcm_data); - - /* refcnt-- because we're dropping the reference */ - data->mcm->destruct(method, data->mcm_data); -} - -void *ossl_method_construct(OSSL_LIB_CTX *libctx, int operation_id, - OSSL_PROVIDER **provider_rw, int force_store, - OSSL_METHOD_CONSTRUCT_METHOD *mcm, void *mcm_data) -{ - void *method = NULL; - OSSL_PROVIDER *provider = provider_rw != NULL ? *provider_rw : NULL; - struct construct_data_st cbdata; - - /* - * We might be tempted to try to look into the method store without - * constructing to see if we can find our method there already. - * Unfortunately that does not work well if the query contains - * optional properties as newly loaded providers can match them better. - * We trust that ossl_method_construct_precondition() and - * ossl_method_construct_postcondition() make sure that the - * ossl_algorithm_do_all() does very little when methods from - * a provider have already been constructed. - */ - - cbdata.store = NULL; - cbdata.force_store = force_store; - cbdata.mcm = mcm; - cbdata.mcm_data = mcm_data; - ossl_algorithm_do_all(libctx, operation_id, provider, - ossl_method_construct_precondition, - ossl_method_construct_reserve_store, - ossl_method_construct_this, - ossl_method_construct_unreserve_store, - ossl_method_construct_postcondition, - &cbdata); - - /* If there is a temporary store, try there first */ - if (cbdata.store != NULL) - method = mcm->get(cbdata.store, (const OSSL_PROVIDER **)provider_rw, - mcm_data); - - /* If no method was found yet, try the global store */ - if (method == NULL) - method = mcm->get(NULL, (const OSSL_PROVIDER **)provider_rw, mcm_data); - - return method; -} diff --git a/crypto/core_namemap.c b/crypto/core_namemap.c deleted file mode 100644 index 7e11ab1c8845d94f2ed98f13a4f097b3971f1858..0000000000000000000000000000000000000000 --- a/crypto/core_namemap.c +++ /dev/null @@ -1,531 +0,0 @@ -/* - * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include "internal/namemap.h" -#include -#include "crypto/lhash.h" /* ossl_lh_strcasehash */ -#include "internal/tsan_assist.h" -#include "internal/sizes.h" - -/*- - * The namenum entry - * ================= - */ -typedef struct { - char *name; - int number; -} NAMENUM_ENTRY; - -DEFINE_LHASH_OF(NAMENUM_ENTRY); - -/*- - * The namemap itself - * ================== - */ - -struct ossl_namemap_st { - /* Flags */ - unsigned int stored:1; /* If 1, it's stored in a library context */ - - CRYPTO_RWLOCK *lock; - LHASH_OF(NAMENUM_ENTRY) *namenum; /* Name->number mapping */ - - TSAN_QUALIFIER int max_number; /* Current max number */ -}; - -/* LHASH callbacks */ - -static unsigned long namenum_hash(const NAMENUM_ENTRY *n) -{ - return ossl_lh_strcasehash(n->name); -} - -static int namenum_cmp(const NAMENUM_ENTRY *a, const NAMENUM_ENTRY *b) -{ - return OPENSSL_strcasecmp(a->name, b->name); -} - -static void namenum_free(NAMENUM_ENTRY *n) -{ - if (n != NULL) - OPENSSL_free(n->name); - OPENSSL_free(n); -} - -/* OSSL_LIB_CTX_METHOD functions for a namemap stored in a library context */ - -static void *stored_namemap_new(OSSL_LIB_CTX *libctx) -{ - OSSL_NAMEMAP *namemap = ossl_namemap_new(); - - if (namemap != NULL) - namemap->stored = 1; - - return namemap; -} - -static void stored_namemap_free(void *vnamemap) -{ - OSSL_NAMEMAP *namemap = vnamemap; - - if (namemap != NULL) { - /* Pretend it isn't stored, or ossl_namemap_free() will do nothing */ - namemap->stored = 0; - ossl_namemap_free(namemap); - } -} - -static const OSSL_LIB_CTX_METHOD stored_namemap_method = { - OSSL_LIB_CTX_METHOD_DEFAULT_PRIORITY, - stored_namemap_new, - stored_namemap_free, -}; - -/*- - * API functions - * ============= - */ - -int ossl_namemap_empty(OSSL_NAMEMAP *namemap) -{ -#ifdef TSAN_REQUIRES_LOCKING - /* No TSAN support */ - int rv; - - if (namemap == NULL) - return 1; - - if (!CRYPTO_THREAD_read_lock(namemap->lock)) - return -1; - rv = namemap->max_number == 0; - CRYPTO_THREAD_unlock(namemap->lock); - return rv; -#else - /* Have TSAN support */ - return namemap == NULL || tsan_load(&namemap->max_number) == 0; -#endif -} - -typedef struct doall_names_data_st { - int number; - const char **names; - int found; -} DOALL_NAMES_DATA; - -static void do_name(const NAMENUM_ENTRY *namenum, DOALL_NAMES_DATA *data) -{ - if (namenum->number == data->number) - data->names[data->found++] = namenum->name; -} - -IMPLEMENT_LHASH_DOALL_ARG_CONST(NAMENUM_ENTRY, DOALL_NAMES_DATA); - -/* - * Call the callback for all names in the namemap with the given number. - * A return value 1 means that the callback was called for all names. A - * return value of 0 means that the callback was not called for any names. - */ -int ossl_namemap_doall_names(const OSSL_NAMEMAP *namemap, int number, - void (*fn)(const char *name, void *data), - void *data) -{ - DOALL_NAMES_DATA cbdata; - size_t num_names; - int i; - - cbdata.number = number; - cbdata.found = 0; - - /* - * We collect all the names first under a read lock. Subsequently we call - * the user function, so that we're not holding the read lock when in user - * code. This could lead to deadlocks. - */ - if (!CRYPTO_THREAD_read_lock(namemap->lock)) - return 0; - - num_names = lh_NAMENUM_ENTRY_num_items(namemap->namenum); - if (num_names == 0) { - CRYPTO_THREAD_unlock(namemap->lock); - return 0; - } - cbdata.names = OPENSSL_malloc(sizeof(*cbdata.names) * num_names); - if (cbdata.names == NULL) { - CRYPTO_THREAD_unlock(namemap->lock); - return 0; - } - lh_NAMENUM_ENTRY_doall_DOALL_NAMES_DATA(namemap->namenum, do_name, - &cbdata); - CRYPTO_THREAD_unlock(namemap->lock); - - for (i = 0; i < cbdata.found; i++) - fn(cbdata.names[i], data); - - OPENSSL_free(cbdata.names); - return 1; -} - -static int namemap_name2num_n(const OSSL_NAMEMAP *namemap, - const char *name, size_t name_len) -{ - NAMENUM_ENTRY *namenum_entry, namenum_tmpl; - - if ((namenum_tmpl.name = OPENSSL_strndup(name, name_len)) == NULL) - return 0; - namenum_tmpl.number = 0; - namenum_entry = - lh_NAMENUM_ENTRY_retrieve(namemap->namenum, &namenum_tmpl); - OPENSSL_free(namenum_tmpl.name); - return namenum_entry != NULL ? namenum_entry->number : 0; -} - -int ossl_namemap_name2num_n(const OSSL_NAMEMAP *namemap, - const char *name, size_t name_len) -{ - int number; - -#ifndef FIPS_MODULE - if (namemap == NULL) - namemap = ossl_namemap_stored(NULL); -#endif - - if (namemap == NULL) - return 0; - - if (!CRYPTO_THREAD_read_lock(namemap->lock)) - return 0; - number = namemap_name2num_n(namemap, name, name_len); - CRYPTO_THREAD_unlock(namemap->lock); - - return number; -} - -int ossl_namemap_name2num(const OSSL_NAMEMAP *namemap, const char *name) -{ - if (name == NULL) - return 0; - - return ossl_namemap_name2num_n(namemap, name, strlen(name)); -} - -struct num2name_data_st { - size_t idx; /* Countdown */ - const char *name; /* Result */ -}; - -static void do_num2name(const char *name, void *vdata) -{ - struct num2name_data_st *data = vdata; - - if (data->idx > 0) - data->idx--; - else if (data->name == NULL) - data->name = name; -} - -const char *ossl_namemap_num2name(const OSSL_NAMEMAP *namemap, int number, - size_t idx) -{ - struct num2name_data_st data; - - data.idx = idx; - data.name = NULL; - if (!ossl_namemap_doall_names(namemap, number, do_num2name, &data)) - return NULL; - return data.name; -} - -static int namemap_add_name_n(OSSL_NAMEMAP *namemap, int number, - const char *name, size_t name_len) -{ - NAMENUM_ENTRY *namenum = NULL; - int tmp_number; - - /* If it already exists, we don't add it */ - if ((tmp_number = namemap_name2num_n(namemap, name, name_len)) != 0) - return tmp_number; - - if ((namenum = OPENSSL_zalloc(sizeof(*namenum))) == NULL - || (namenum->name = OPENSSL_strndup(name, name_len)) == NULL) - goto err; - - /* The tsan_counter use here is safe since we're under lock */ - namenum->number = - number != 0 ? number : 1 + tsan_counter(&namemap->max_number); - (void)lh_NAMENUM_ENTRY_insert(namemap->namenum, namenum); - - if (lh_NAMENUM_ENTRY_error(namemap->namenum)) - goto err; - return namenum->number; - - err: - namenum_free(namenum); - return 0; -} - -int ossl_namemap_add_name_n(OSSL_NAMEMAP *namemap, int number, - const char *name, size_t name_len) -{ - int tmp_number; - -#ifndef FIPS_MODULE - if (namemap == NULL) - namemap = ossl_namemap_stored(NULL); -#endif - - if (name == NULL || name_len == 0 || namemap == NULL) - return 0; - - if (!CRYPTO_THREAD_write_lock(namemap->lock)) - return 0; - tmp_number = namemap_add_name_n(namemap, number, name, name_len); - CRYPTO_THREAD_unlock(namemap->lock); - return tmp_number; -} - -int ossl_namemap_add_name(OSSL_NAMEMAP *namemap, int number, const char *name) -{ - if (name == NULL) - return 0; - - return ossl_namemap_add_name_n(namemap, number, name, strlen(name)); -} - -int ossl_namemap_add_names(OSSL_NAMEMAP *namemap, int number, - const char *names, const char separator) -{ - const char *p, *q; - size_t l; - - /* Check that we have a namemap */ - if (!ossl_assert(namemap != NULL)) { - ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - - if (!CRYPTO_THREAD_write_lock(namemap->lock)) - return 0; - /* - * Check that no name is an empty string, and that all names have at - * most one numeric identity together. - */ - for (p = names; *p != '\0'; p = (q == NULL ? p + l : q + 1)) { - int this_number; - - if ((q = strchr(p, separator)) == NULL) - l = strlen(p); /* offset to \0 */ - else - l = q - p; /* offset to the next separator */ - - this_number = namemap_name2num_n(namemap, p, l); - - if (*p == '\0' || *p == separator) { - ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_BAD_ALGORITHM_NAME); - goto err; - } - if (number == 0) { - number = this_number; - } else if (this_number != 0 && this_number != number) { - ERR_raise_data(ERR_LIB_CRYPTO, CRYPTO_R_CONFLICTING_NAMES, - "\"%.*s\" has an existing different identity %d (from \"%s\")", - l, p, this_number, names); - goto err; - } - } - - /* Now that we have checked, register all names */ - for (p = names; *p != '\0'; p = (q == NULL ? p + l : q + 1)) { - int this_number; - - if ((q = strchr(p, separator)) == NULL) - l = strlen(p); /* offset to \0 */ - else - l = q - p; /* offset to the next separator */ - - this_number = namemap_add_name_n(namemap, number, p, l); - if (number == 0) { - number = this_number; - } else if (this_number != number) { - ERR_raise_data(ERR_LIB_CRYPTO, ERR_R_INTERNAL_ERROR, - "Got number %d when expecting %d", - this_number, number); - goto err; - } - } - - CRYPTO_THREAD_unlock(namemap->lock); - return number; - - err: - CRYPTO_THREAD_unlock(namemap->lock); - return 0; -} - -/*- - * Pre-population - * ============== - */ - -#ifndef FIPS_MODULE -#include - -/* Creates an initial namemap with names found in the legacy method db */ -static void get_legacy_evp_names(int base_nid, int nid, const char *pem_name, - void *arg) -{ - int num = 0; - ASN1_OBJECT *obj; - - if (base_nid != NID_undef) { - num = ossl_namemap_add_name(arg, num, OBJ_nid2sn(base_nid)); - num = ossl_namemap_add_name(arg, num, OBJ_nid2ln(base_nid)); - } - - if (nid != NID_undef) { - num = ossl_namemap_add_name(arg, num, OBJ_nid2sn(nid)); - num = ossl_namemap_add_name(arg, num, OBJ_nid2ln(nid)); - if ((obj = OBJ_nid2obj(nid)) != NULL) { - char txtoid[OSSL_MAX_NAME_SIZE]; - - if (OBJ_obj2txt(txtoid, sizeof(txtoid), obj, 1) > 0) - num = ossl_namemap_add_name(arg, num, txtoid); - } - } - if (pem_name != NULL) - num = ossl_namemap_add_name(arg, num, pem_name); -} - -static void get_legacy_cipher_names(const OBJ_NAME *on, void *arg) -{ - const EVP_CIPHER *cipher = (void *)OBJ_NAME_get(on->name, on->type); - - if (cipher != NULL) - get_legacy_evp_names(NID_undef, EVP_CIPHER_get_type(cipher), NULL, arg); -} - -static void get_legacy_md_names(const OBJ_NAME *on, void *arg) -{ - const EVP_MD *md = (void *)OBJ_NAME_get(on->name, on->type); - - if (md != NULL) - get_legacy_evp_names(0, EVP_MD_get_type(md), NULL, arg); -} - -static void get_legacy_pkey_meth_names(const EVP_PKEY_ASN1_METHOD *ameth, - void *arg) -{ - int nid = 0, base_nid = 0, flags = 0; - const char *pem_name = NULL; - - EVP_PKEY_asn1_get0_info(&nid, &base_nid, &flags, NULL, &pem_name, ameth); - if (nid != NID_undef) { - if ((flags & ASN1_PKEY_ALIAS) == 0) { - switch (nid) { - case EVP_PKEY_DHX: - /* We know that the name "DHX" is used too */ - get_legacy_evp_names(0, nid, "DHX", arg); - /* FALLTHRU */ - default: - get_legacy_evp_names(0, nid, pem_name, arg); - } - } else { - /* - * Treat aliases carefully, some of them are undesirable, or - * should not be treated as such for providers. - */ - - switch (nid) { - case EVP_PKEY_SM2: - /* - * SM2 is a separate keytype with providers, not an alias for - * EC. - */ - get_legacy_evp_names(0, nid, pem_name, arg); - break; - default: - /* Use the short name of the base nid as the common reference */ - get_legacy_evp_names(base_nid, nid, pem_name, arg); - } - } - } -} -#endif - -/*- - * Constructors / destructors - * ========================== - */ - -OSSL_NAMEMAP *ossl_namemap_stored(OSSL_LIB_CTX *libctx) -{ -#ifndef FIPS_MODULE - int nms; -#endif - OSSL_NAMEMAP *namemap = - ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_NAMEMAP_INDEX, - &stored_namemap_method); - - if (namemap == NULL) - return NULL; - -#ifndef FIPS_MODULE - nms = ossl_namemap_empty(namemap); - if (nms < 0) { - /* - * Could not get lock to make the count, so maybe internal objects - * weren't added. This seems safest. - */ - return NULL; - } - if (nms == 1) { - int i, end; - - /* Before pilfering, we make sure the legacy database is populated */ - OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS - | OPENSSL_INIT_ADD_ALL_DIGESTS, NULL); - - OBJ_NAME_do_all(OBJ_NAME_TYPE_CIPHER_METH, - get_legacy_cipher_names, namemap); - OBJ_NAME_do_all(OBJ_NAME_TYPE_MD_METH, - get_legacy_md_names, namemap); - - /* We also pilfer data from the legacy EVP_PKEY_ASN1_METHODs */ - for (i = 0, end = EVP_PKEY_asn1_get_count(); i < end; i++) - get_legacy_pkey_meth_names(EVP_PKEY_asn1_get0(i), namemap); - } -#endif - - return namemap; -} - -OSSL_NAMEMAP *ossl_namemap_new(void) -{ - OSSL_NAMEMAP *namemap; - - if ((namemap = OPENSSL_zalloc(sizeof(*namemap))) != NULL - && (namemap->lock = CRYPTO_THREAD_lock_new()) != NULL - && (namemap->namenum = - lh_NAMENUM_ENTRY_new(namenum_hash, namenum_cmp)) != NULL) - return namemap; - - ossl_namemap_free(namemap); - return NULL; -} - -void ossl_namemap_free(OSSL_NAMEMAP *namemap) -{ - if (namemap == NULL || namemap->stored) - return; - - lh_NAMENUM_ENTRY_doall(namemap->namenum, namenum_free); - lh_NAMENUM_ENTRY_free(namemap->namenum); - - CRYPTO_THREAD_lock_free(namemap->lock); - OPENSSL_free(namemap); -} diff --git a/crypto/cpt_err.c b/crypto/cpt_err.c deleted file mode 100644 index 8574f31a8124b4512679b33a42630ad9f841d09c..0000000000000000000000000000000000000000 --- a/crypto/cpt_err.c +++ /dev/null @@ -1,70 +0,0 @@ -/* - * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include "crypto/cryptoerr.h" - -#ifndef OPENSSL_NO_ERR - -static const ERR_STRING_DATA CRYPTO_str_reasons[] = { - {ERR_PACK(ERR_LIB_CRYPTO, 0, CRYPTO_R_BAD_ALGORITHM_NAME), - "bad algorithm name"}, - {ERR_PACK(ERR_LIB_CRYPTO, 0, CRYPTO_R_CONFLICTING_NAMES), - "conflicting names"}, - {ERR_PACK(ERR_LIB_CRYPTO, 0, CRYPTO_R_HEX_STRING_TOO_SHORT), - "hex string too short"}, - {ERR_PACK(ERR_LIB_CRYPTO, 0, CRYPTO_R_ILLEGAL_HEX_DIGIT), - "illegal hex digit"}, - {ERR_PACK(ERR_LIB_CRYPTO, 0, CRYPTO_R_INSUFFICIENT_DATA_SPACE), - "insufficient data space"}, - {ERR_PACK(ERR_LIB_CRYPTO, 0, CRYPTO_R_INSUFFICIENT_PARAM_SIZE), - "insufficient param size"}, - {ERR_PACK(ERR_LIB_CRYPTO, 0, CRYPTO_R_INSUFFICIENT_SECURE_DATA_SPACE), - "insufficient secure data space"}, - {ERR_PACK(ERR_LIB_CRYPTO, 0, CRYPTO_R_INVALID_NEGATIVE_VALUE), - "invalid negative value"}, - {ERR_PACK(ERR_LIB_CRYPTO, 0, CRYPTO_R_INVALID_NULL_ARGUMENT), - "invalid null argument"}, - {ERR_PACK(ERR_LIB_CRYPTO, 0, CRYPTO_R_INVALID_OSSL_PARAM_TYPE), - "invalid ossl param type"}, - {ERR_PACK(ERR_LIB_CRYPTO, 0, CRYPTO_R_ODD_NUMBER_OF_DIGITS), - "odd number of digits"}, - {ERR_PACK(ERR_LIB_CRYPTO, 0, CRYPTO_R_PROVIDER_ALREADY_EXISTS), - "provider already exists"}, - {ERR_PACK(ERR_LIB_CRYPTO, 0, CRYPTO_R_PROVIDER_SECTION_ERROR), - "provider section error"}, - {ERR_PACK(ERR_LIB_CRYPTO, 0, CRYPTO_R_RANDOM_SECTION_ERROR), - "random section error"}, - {ERR_PACK(ERR_LIB_CRYPTO, 0, CRYPTO_R_SECURE_MALLOC_FAILURE), - "secure malloc failure"}, - {ERR_PACK(ERR_LIB_CRYPTO, 0, CRYPTO_R_STRING_TOO_LONG), "string too long"}, - {ERR_PACK(ERR_LIB_CRYPTO, 0, CRYPTO_R_TOO_MANY_BYTES), "too many bytes"}, - {ERR_PACK(ERR_LIB_CRYPTO, 0, CRYPTO_R_TOO_MANY_RECORDS), - "too many records"}, - {ERR_PACK(ERR_LIB_CRYPTO, 0, CRYPTO_R_TOO_SMALL_BUFFER), - "too small buffer"}, - {ERR_PACK(ERR_LIB_CRYPTO, 0, CRYPTO_R_UNKNOWN_NAME_IN_RANDOM_SECTION), - "unknown name in random section"}, - {ERR_PACK(ERR_LIB_CRYPTO, 0, CRYPTO_R_ZERO_LENGTH_NUMBER), - "zero length number"}, - {0, NULL} -}; - -#endif - -int ossl_err_load_CRYPTO_strings(void) -{ -#ifndef OPENSSL_NO_ERR - if (ERR_reason_error_string(CRYPTO_str_reasons[0].error) == NULL) - ERR_load_strings_const(CRYPTO_str_reasons); -#endif - return 1; -} diff --git a/crypto/cpuid.c b/crypto/cpuid.c deleted file mode 100644 index 090f6fe03ecc81f1de6f5a4b735d78a1f4bcca53..0000000000000000000000000000000000000000 --- a/crypto/cpuid.c +++ /dev/null @@ -1,214 +0,0 @@ -/* - * Copyright 1998-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include "e_os.h" -#include "crypto/cryptlib.h" - -#if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \ - defined(__x86_64) || defined(__x86_64__) || \ - defined(_M_AMD64) || defined(_M_X64) - -extern unsigned int OPENSSL_ia32cap_P[4]; - -# if defined(OPENSSL_CPUID_OBJ) - -/* - * Purpose of these minimalistic and character-type-agnostic subroutines - * is to break dependency on MSVCRT (on Windows) and locale. This makes - * OPENSSL_cpuid_setup safe to use as "constructor". "Character-type- - * agnostic" means that they work with either wide or 8-bit characters, - * exploiting the fact that first 127 characters can be simply casted - * between the sets, while the rest would be simply rejected by ossl_is* - * subroutines. - */ -# ifdef _WIN32 -typedef WCHAR variant_char; - -static variant_char *ossl_getenv(const char *name) -{ - /* - * Since we pull only one environment variable, it's simpler to - * to just ignore |name| and use equivalent wide-char L-literal. - * As well as to ignore excessively long values... - */ - static WCHAR value[48]; - DWORD len = GetEnvironmentVariableW(L"OPENSSL_ia32cap", value, 48); - - return (len > 0 && len < 48) ? value : NULL; -} -# else -typedef char variant_char; -# define ossl_getenv getenv -# endif - -# include "crypto/ctype.h" - -static int todigit(variant_char c) -{ - if (ossl_isdigit(c)) - return c - '0'; - else if (ossl_isxdigit(c)) - return ossl_tolower(c) - 'a' + 10; - - /* return largest base value to make caller terminate the loop */ - return 16; -} - -static uint64_t ossl_strtouint64(const variant_char *str) -{ - uint64_t ret = 0; - unsigned int digit, base = 10; - - if (*str == '0') { - base = 8, str++; - if (ossl_tolower(*str) == 'x') - base = 16, str++; - } - - while((digit = todigit(*str++)) < base) - ret = ret * base + digit; - - return ret; -} - -static variant_char *ossl_strchr(const variant_char *str, char srch) -{ variant_char c; - - while((c = *str)) { - if (c == srch) - return (variant_char *)str; - str++; - } - - return NULL; -} - -# define OPENSSL_CPUID_SETUP -typedef uint64_t IA32CAP; - -void OPENSSL_cpuid_setup(void) -{ - static int trigger = 0; - IA32CAP OPENSSL_ia32_cpuid(unsigned int *); - IA32CAP vec; - const variant_char *env; - - if (trigger) - return; - - trigger = 1; - if ((env = ossl_getenv("OPENSSL_ia32cap")) != NULL) { - int off = (env[0] == '~') ? 1 : 0; - - vec = ossl_strtouint64(env + off); - - if (off) { - IA32CAP mask = vec; - vec = OPENSSL_ia32_cpuid(OPENSSL_ia32cap_P) & ~mask; - if (mask & (1<<24)) { - /* - * User disables FXSR bit, mask even other capabilities - * that operate exclusively on XMM, so we don't have to - * double-check all the time. We mask PCLMULQDQ, AMD XOP, - * AES-NI and AVX. Formally speaking we don't have to - * do it in x86_64 case, but we can safely assume that - * x86_64 users won't actually flip this flag. - */ - vec &= ~((IA32CAP)(1<<1|1<<11|1<<25|1<<28) << 32); - } - } else if (env[0] == ':') { - vec = OPENSSL_ia32_cpuid(OPENSSL_ia32cap_P); - } - - if ((env = ossl_strchr(env, ':')) != NULL) { - IA32CAP vecx; - - env++; - off = (env[0] == '~') ? 1 : 0; - vecx = ossl_strtouint64(env + off); - if (off) { - OPENSSL_ia32cap_P[2] &= ~(unsigned int)vecx; - OPENSSL_ia32cap_P[3] &= ~(unsigned int)(vecx >> 32); - } else { - OPENSSL_ia32cap_P[2] = (unsigned int)vecx; - OPENSSL_ia32cap_P[3] = (unsigned int)(vecx >> 32); - } - } else { - OPENSSL_ia32cap_P[2] = 0; - OPENSSL_ia32cap_P[3] = 0; - } - } else { - vec = OPENSSL_ia32_cpuid(OPENSSL_ia32cap_P); - } - - /* - * |(1<<10) sets a reserved bit to signal that variable - * was initialized already... This is to avoid interference - * with cpuid snippets in ELF .init segment. - */ - OPENSSL_ia32cap_P[0] = (unsigned int)vec | (1 << 10); - OPENSSL_ia32cap_P[1] = (unsigned int)(vec >> 32); -} -# else -unsigned int OPENSSL_ia32cap_P[4]; -# endif -#endif - -#ifndef OPENSSL_CPUID_OBJ -# ifndef OPENSSL_CPUID_SETUP -void OPENSSL_cpuid_setup(void) -{ -} -# endif - -/* - * The rest are functions that are defined in the same assembler files as - * the CPUID functionality. - */ - -/* - * The volatile is used to to ensure that the compiler generates code that reads - * all values from the array and doesn't try to optimize this away. The standard - * doesn't actually require this behavior if the original data pointed to is - * not volatile, but compilers do this in practice anyway. - * - * There are also assembler versions of this function. - */ -# undef CRYPTO_memcmp -int CRYPTO_memcmp(const void * in_a, const void * in_b, size_t len) -{ - size_t i; - const volatile unsigned char *a = in_a; - const volatile unsigned char *b = in_b; - unsigned char x = 0; - - for (i = 0; i < len; i++) - x |= a[i] ^ b[i]; - - return x; -} - -/* - * For systems that don't provide an instruction counter register or equivalent. - */ -uint32_t OPENSSL_rdtsc(void) -{ - return 0; -} - -size_t OPENSSL_instrument_bus(unsigned int *out, size_t cnt) -{ - return 0; -} - -size_t OPENSSL_instrument_bus2(unsigned int *out, size_t cnt, size_t max) -{ - return 0; -} -#endif diff --git a/crypto/crmf/build.info b/crypto/crmf/build.info deleted file mode 100644 index 7cfa8ec2b0761d0344b355db04105dcb35f1a4ea..0000000000000000000000000000000000000000 --- a/crypto/crmf/build.info +++ /dev/null @@ -1,2 +0,0 @@ -LIBS=../../libcrypto -SOURCE[../../libcrypto]=crmf_asn.c crmf_err.c crmf_lib.c crmf_pbm.c diff --git a/crypto/crmf/crmf_asn.c b/crypto/crmf/crmf_asn.c deleted file mode 100644 index 3354b89736e9b31b465ee1b574da299e8b811d37..0000000000000000000000000000000000000000 --- a/crypto/crmf/crmf_asn.c +++ /dev/null @@ -1,235 +0,0 @@ -/*- - * Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved. - * Copyright Nokia 2007-2019 - * Copyright Siemens AG 2015-2019 - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - * - * CRMF implementation by Martin Peylo, Miikka Viljanen, and David von Oheimb. - */ - -#include - -#include "crmf_local.h" - -/* explicit #includes not strictly needed since implied by the above: */ -#include - -ASN1_SEQUENCE(OSSL_CRMF_PRIVATEKEYINFO) = { - ASN1_SIMPLE(OSSL_CRMF_PRIVATEKEYINFO, version, ASN1_INTEGER), - ASN1_SIMPLE(OSSL_CRMF_PRIVATEKEYINFO, privateKeyAlgorithm, X509_ALGOR), - ASN1_SIMPLE(OSSL_CRMF_PRIVATEKEYINFO, privateKey, ASN1_OCTET_STRING), - ASN1_IMP_SET_OF_OPT(OSSL_CRMF_PRIVATEKEYINFO, attributes, X509_ATTRIBUTE, 0) -} ASN1_SEQUENCE_END(OSSL_CRMF_PRIVATEKEYINFO) -IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_PRIVATEKEYINFO) - - -ASN1_CHOICE(OSSL_CRMF_ENCKEYWITHID_IDENTIFIER) = { - ASN1_SIMPLE(OSSL_CRMF_ENCKEYWITHID_IDENTIFIER, value.string, ASN1_UTF8STRING), - ASN1_SIMPLE(OSSL_CRMF_ENCKEYWITHID_IDENTIFIER, value.generalName, GENERAL_NAME) -} ASN1_CHOICE_END(OSSL_CRMF_ENCKEYWITHID_IDENTIFIER) -IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_ENCKEYWITHID_IDENTIFIER) - - -ASN1_SEQUENCE(OSSL_CRMF_ENCKEYWITHID) = { - ASN1_SIMPLE(OSSL_CRMF_ENCKEYWITHID, privateKey, OSSL_CRMF_PRIVATEKEYINFO), - ASN1_OPT(OSSL_CRMF_ENCKEYWITHID, identifier, - OSSL_CRMF_ENCKEYWITHID_IDENTIFIER) -} ASN1_SEQUENCE_END(OSSL_CRMF_ENCKEYWITHID) -IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_ENCKEYWITHID) - - -ASN1_SEQUENCE(OSSL_CRMF_CERTID) = { - ASN1_SIMPLE(OSSL_CRMF_CERTID, issuer, GENERAL_NAME), - ASN1_SIMPLE(OSSL_CRMF_CERTID, serialNumber, ASN1_INTEGER) -} ASN1_SEQUENCE_END(OSSL_CRMF_CERTID) -IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_CERTID) -IMPLEMENT_ASN1_DUP_FUNCTION(OSSL_CRMF_CERTID) - - -ASN1_SEQUENCE(OSSL_CRMF_ENCRYPTEDVALUE) = { - ASN1_IMP_OPT(OSSL_CRMF_ENCRYPTEDVALUE, intendedAlg, X509_ALGOR, 0), - ASN1_IMP_OPT(OSSL_CRMF_ENCRYPTEDVALUE, symmAlg, X509_ALGOR, 1), - ASN1_IMP_OPT(OSSL_CRMF_ENCRYPTEDVALUE, encSymmKey, ASN1_BIT_STRING, 2), - ASN1_IMP_OPT(OSSL_CRMF_ENCRYPTEDVALUE, keyAlg, X509_ALGOR, 3), - ASN1_IMP_OPT(OSSL_CRMF_ENCRYPTEDVALUE, valueHint, ASN1_OCTET_STRING, 4), - ASN1_SIMPLE(OSSL_CRMF_ENCRYPTEDVALUE, encValue, ASN1_BIT_STRING) -} ASN1_SEQUENCE_END(OSSL_CRMF_ENCRYPTEDVALUE) -IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_ENCRYPTEDVALUE) - -ASN1_SEQUENCE(OSSL_CRMF_SINGLEPUBINFO) = { - ASN1_SIMPLE(OSSL_CRMF_SINGLEPUBINFO, pubMethod, ASN1_INTEGER), - ASN1_SIMPLE(OSSL_CRMF_SINGLEPUBINFO, pubLocation, GENERAL_NAME) -} ASN1_SEQUENCE_END(OSSL_CRMF_SINGLEPUBINFO) -IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_SINGLEPUBINFO) - - -ASN1_SEQUENCE(OSSL_CRMF_PKIPUBLICATIONINFO) = { - ASN1_SIMPLE(OSSL_CRMF_PKIPUBLICATIONINFO, action, ASN1_INTEGER), - ASN1_SEQUENCE_OF_OPT(OSSL_CRMF_PKIPUBLICATIONINFO, pubInfos, - OSSL_CRMF_SINGLEPUBINFO) -} ASN1_SEQUENCE_END(OSSL_CRMF_PKIPUBLICATIONINFO) -IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_PKIPUBLICATIONINFO) -IMPLEMENT_ASN1_DUP_FUNCTION(OSSL_CRMF_PKIPUBLICATIONINFO) - - -ASN1_SEQUENCE(OSSL_CRMF_PKMACVALUE) = { - ASN1_SIMPLE(OSSL_CRMF_PKMACVALUE, algId, X509_ALGOR), - ASN1_SIMPLE(OSSL_CRMF_PKMACVALUE, value, ASN1_BIT_STRING) -} ASN1_SEQUENCE_END(OSSL_CRMF_PKMACVALUE) -IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_PKMACVALUE) - - -ASN1_CHOICE(OSSL_CRMF_POPOPRIVKEY) = { - ASN1_IMP(OSSL_CRMF_POPOPRIVKEY, value.thisMessage, ASN1_BIT_STRING, 0), - ASN1_IMP(OSSL_CRMF_POPOPRIVKEY, value.subsequentMessage, ASN1_INTEGER, 1), - ASN1_IMP(OSSL_CRMF_POPOPRIVKEY, value.dhMAC, ASN1_BIT_STRING, 2), - ASN1_IMP(OSSL_CRMF_POPOPRIVKEY, value.agreeMAC, OSSL_CRMF_PKMACVALUE, 3), - ASN1_IMP(OSSL_CRMF_POPOPRIVKEY, value.encryptedKey, ASN1_NULL, 4), -} ASN1_CHOICE_END(OSSL_CRMF_POPOPRIVKEY) -IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_POPOPRIVKEY) - - -ASN1_SEQUENCE(OSSL_CRMF_PBMPARAMETER) = { - ASN1_SIMPLE(OSSL_CRMF_PBMPARAMETER, salt, ASN1_OCTET_STRING), - ASN1_SIMPLE(OSSL_CRMF_PBMPARAMETER, owf, X509_ALGOR), - ASN1_SIMPLE(OSSL_CRMF_PBMPARAMETER, iterationCount, ASN1_INTEGER), - ASN1_SIMPLE(OSSL_CRMF_PBMPARAMETER, mac, X509_ALGOR) -} ASN1_SEQUENCE_END(OSSL_CRMF_PBMPARAMETER) -IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_PBMPARAMETER) - - -ASN1_CHOICE(OSSL_CRMF_POPOSIGNINGKEYINPUT_AUTHINFO) = { - ASN1_EXP(OSSL_CRMF_POPOSIGNINGKEYINPUT_AUTHINFO, value.sender, - GENERAL_NAME, 0), - ASN1_SIMPLE(OSSL_CRMF_POPOSIGNINGKEYINPUT_AUTHINFO, value.publicKeyMAC, - OSSL_CRMF_PKMACVALUE) -} ASN1_CHOICE_END(OSSL_CRMF_POPOSIGNINGKEYINPUT_AUTHINFO) -IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_POPOSIGNINGKEYINPUT_AUTHINFO) - - -ASN1_SEQUENCE(OSSL_CRMF_POPOSIGNINGKEYINPUT) = { - ASN1_SIMPLE(OSSL_CRMF_POPOSIGNINGKEYINPUT, authInfo, - OSSL_CRMF_POPOSIGNINGKEYINPUT_AUTHINFO), - ASN1_SIMPLE(OSSL_CRMF_POPOSIGNINGKEYINPUT, publicKey, X509_PUBKEY) -} ASN1_SEQUENCE_END(OSSL_CRMF_POPOSIGNINGKEYINPUT) -IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_POPOSIGNINGKEYINPUT) - - -ASN1_SEQUENCE(OSSL_CRMF_POPOSIGNINGKEY) = { - ASN1_IMP_OPT(OSSL_CRMF_POPOSIGNINGKEY, poposkInput, - OSSL_CRMF_POPOSIGNINGKEYINPUT, 0), - ASN1_SIMPLE(OSSL_CRMF_POPOSIGNINGKEY, algorithmIdentifier, X509_ALGOR), - ASN1_SIMPLE(OSSL_CRMF_POPOSIGNINGKEY, signature, ASN1_BIT_STRING) -} ASN1_SEQUENCE_END(OSSL_CRMF_POPOSIGNINGKEY) -IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_POPOSIGNINGKEY) - - -ASN1_CHOICE(OSSL_CRMF_POPO) = { - ASN1_IMP(OSSL_CRMF_POPO, value.raVerified, ASN1_NULL, 0), - ASN1_IMP(OSSL_CRMF_POPO, value.signature, OSSL_CRMF_POPOSIGNINGKEY, 1), - ASN1_EXP(OSSL_CRMF_POPO, value.keyEncipherment, OSSL_CRMF_POPOPRIVKEY, 2), - ASN1_EXP(OSSL_CRMF_POPO, value.keyAgreement, OSSL_CRMF_POPOPRIVKEY, 3) -} ASN1_CHOICE_END(OSSL_CRMF_POPO) -IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_POPO) - - -ASN1_ADB_TEMPLATE(attributetypeandvalue_default) = - ASN1_OPT(OSSL_CRMF_ATTRIBUTETYPEANDVALUE, value.other, ASN1_ANY); -ASN1_ADB(OSSL_CRMF_ATTRIBUTETYPEANDVALUE) = { - ADB_ENTRY(NID_id_regCtrl_regToken, - ASN1_SIMPLE(OSSL_CRMF_ATTRIBUTETYPEANDVALUE, - value.regToken, ASN1_UTF8STRING)), - ADB_ENTRY(NID_id_regCtrl_authenticator, - ASN1_SIMPLE(OSSL_CRMF_ATTRIBUTETYPEANDVALUE, - value.authenticator, ASN1_UTF8STRING)), - ADB_ENTRY(NID_id_regCtrl_pkiPublicationInfo, - ASN1_SIMPLE(OSSL_CRMF_ATTRIBUTETYPEANDVALUE, - value.pkiPublicationInfo, - OSSL_CRMF_PKIPUBLICATIONINFO)), - ADB_ENTRY(NID_id_regCtrl_oldCertID, - ASN1_SIMPLE(OSSL_CRMF_ATTRIBUTETYPEANDVALUE, - value.oldCertID, OSSL_CRMF_CERTID)), - ADB_ENTRY(NID_id_regCtrl_protocolEncrKey, - ASN1_SIMPLE(OSSL_CRMF_ATTRIBUTETYPEANDVALUE, - value.protocolEncrKey, X509_PUBKEY)), - ADB_ENTRY(NID_id_regInfo_utf8Pairs, - ASN1_SIMPLE(OSSL_CRMF_ATTRIBUTETYPEANDVALUE, - value.utf8Pairs, ASN1_UTF8STRING)), - ADB_ENTRY(NID_id_regInfo_certReq, - ASN1_SIMPLE(OSSL_CRMF_ATTRIBUTETYPEANDVALUE, - value.certReq, OSSL_CRMF_CERTREQUEST)), -} ASN1_ADB_END(OSSL_CRMF_ATTRIBUTETYPEANDVALUE, 0, type, 0, - &attributetypeandvalue_default_tt, NULL); - - -ASN1_SEQUENCE(OSSL_CRMF_ATTRIBUTETYPEANDVALUE) = { - ASN1_SIMPLE(OSSL_CRMF_ATTRIBUTETYPEANDVALUE, type, ASN1_OBJECT), - ASN1_ADB_OBJECT(OSSL_CRMF_ATTRIBUTETYPEANDVALUE) -} ASN1_SEQUENCE_END(OSSL_CRMF_ATTRIBUTETYPEANDVALUE) - -IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_ATTRIBUTETYPEANDVALUE) -IMPLEMENT_ASN1_DUP_FUNCTION(OSSL_CRMF_ATTRIBUTETYPEANDVALUE) - - -ASN1_SEQUENCE(OSSL_CRMF_OPTIONALVALIDITY) = { - ASN1_EXP_OPT(OSSL_CRMF_OPTIONALVALIDITY, notBefore, ASN1_TIME, 0), - ASN1_EXP_OPT(OSSL_CRMF_OPTIONALVALIDITY, notAfter, ASN1_TIME, 1) -} ASN1_SEQUENCE_END(OSSL_CRMF_OPTIONALVALIDITY) -IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_OPTIONALVALIDITY) - - -ASN1_SEQUENCE(OSSL_CRMF_CERTTEMPLATE) = { - ASN1_IMP_OPT(OSSL_CRMF_CERTTEMPLATE, version, ASN1_INTEGER, 0), - /* - * serialNumber MUST be omitted. This field is assigned by the CA - * during certificate creation. - */ - ASN1_IMP_OPT(OSSL_CRMF_CERTTEMPLATE, serialNumber, ASN1_INTEGER, 1), - /* - * signingAlg MUST be omitted. This field is assigned by the CA - * during certificate creation. - */ - ASN1_IMP_OPT(OSSL_CRMF_CERTTEMPLATE, signingAlg, X509_ALGOR, 2), - ASN1_EXP_OPT(OSSL_CRMF_CERTTEMPLATE, issuer, X509_NAME, 3), - ASN1_IMP_OPT(OSSL_CRMF_CERTTEMPLATE, validity, - OSSL_CRMF_OPTIONALVALIDITY, 4), - ASN1_EXP_OPT(OSSL_CRMF_CERTTEMPLATE, subject, X509_NAME, 5), - ASN1_IMP_OPT(OSSL_CRMF_CERTTEMPLATE, publicKey, X509_PUBKEY, 6), - /* issuerUID is deprecated in version 2 */ - ASN1_IMP_OPT(OSSL_CRMF_CERTTEMPLATE, issuerUID, ASN1_BIT_STRING, 7), - /* subjectUID is deprecated in version 2 */ - ASN1_IMP_OPT(OSSL_CRMF_CERTTEMPLATE, subjectUID, ASN1_BIT_STRING, 8), - ASN1_IMP_SEQUENCE_OF_OPT(OSSL_CRMF_CERTTEMPLATE, extensions, - X509_EXTENSION, 9), -} ASN1_SEQUENCE_END(OSSL_CRMF_CERTTEMPLATE) -IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_CERTTEMPLATE) - - -ASN1_SEQUENCE(OSSL_CRMF_CERTREQUEST) = { - ASN1_SIMPLE(OSSL_CRMF_CERTREQUEST, certReqId, ASN1_INTEGER), - ASN1_SIMPLE(OSSL_CRMF_CERTREQUEST, certTemplate, OSSL_CRMF_CERTTEMPLATE), - ASN1_SEQUENCE_OF_OPT(OSSL_CRMF_CERTREQUEST, controls, - OSSL_CRMF_ATTRIBUTETYPEANDVALUE) -} ASN1_SEQUENCE_END(OSSL_CRMF_CERTREQUEST) -IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_CERTREQUEST) -IMPLEMENT_ASN1_DUP_FUNCTION(OSSL_CRMF_CERTREQUEST) - - -ASN1_SEQUENCE(OSSL_CRMF_MSG) = { - ASN1_SIMPLE(OSSL_CRMF_MSG, certReq, OSSL_CRMF_CERTREQUEST), - ASN1_OPT(OSSL_CRMF_MSG, popo, OSSL_CRMF_POPO), - ASN1_SEQUENCE_OF_OPT(OSSL_CRMF_MSG, regInfo, - OSSL_CRMF_ATTRIBUTETYPEANDVALUE) -} ASN1_SEQUENCE_END(OSSL_CRMF_MSG) -IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_MSG) -IMPLEMENT_ASN1_DUP_FUNCTION(OSSL_CRMF_MSG) - -ASN1_ITEM_TEMPLATE(OSSL_CRMF_MSGS) = - ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, - OSSL_CRMF_MSGS, OSSL_CRMF_MSG) -ASN1_ITEM_TEMPLATE_END(OSSL_CRMF_MSGS) -IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_MSGS) diff --git a/crypto/crmf/crmf_err.c b/crypto/crmf/crmf_err.c deleted file mode 100644 index 44b2f2757d2c2614c4042372f32d3380797b8ddd..0000000000000000000000000000000000000000 --- a/crypto/crmf/crmf_err.c +++ /dev/null @@ -1,74 +0,0 @@ -/* - * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include "crypto/crmferr.h" - -#ifndef OPENSSL_NO_CRMF - -# ifndef OPENSSL_NO_ERR - -static const ERR_STRING_DATA CRMF_str_reasons[] = { - {ERR_PACK(ERR_LIB_CRMF, 0, CRMF_R_BAD_PBM_ITERATIONCOUNT), - "bad pbm iterationcount"}, - {ERR_PACK(ERR_LIB_CRMF, 0, CRMF_R_CRMFERROR), "crmferror"}, - {ERR_PACK(ERR_LIB_CRMF, 0, CRMF_R_ERROR), "error"}, - {ERR_PACK(ERR_LIB_CRMF, 0, CRMF_R_ERROR_DECODING_CERTIFICATE), - "error decoding certificate"}, - {ERR_PACK(ERR_LIB_CRMF, 0, CRMF_R_ERROR_DECRYPTING_CERTIFICATE), - "error decrypting certificate"}, - {ERR_PACK(ERR_LIB_CRMF, 0, CRMF_R_ERROR_DECRYPTING_SYMMETRIC_KEY), - "error decrypting symmetric key"}, - {ERR_PACK(ERR_LIB_CRMF, 0, CRMF_R_FAILURE_OBTAINING_RANDOM), - "failure obtaining random"}, - {ERR_PACK(ERR_LIB_CRMF, 0, CRMF_R_ITERATIONCOUNT_BELOW_100), - "iterationcount below 100"}, - {ERR_PACK(ERR_LIB_CRMF, 0, CRMF_R_MALFORMED_IV), "malformed iv"}, - {ERR_PACK(ERR_LIB_CRMF, 0, CRMF_R_NULL_ARGUMENT), "null argument"}, - {ERR_PACK(ERR_LIB_CRMF, 0, CRMF_R_POPOSKINPUT_NOT_SUPPORTED), - "poposkinput not supported"}, - {ERR_PACK(ERR_LIB_CRMF, 0, CRMF_R_POPO_INCONSISTENT_PUBLIC_KEY), - "popo inconsistent public key"}, - {ERR_PACK(ERR_LIB_CRMF, 0, CRMF_R_POPO_MISSING), "popo missing"}, - {ERR_PACK(ERR_LIB_CRMF, 0, CRMF_R_POPO_MISSING_PUBLIC_KEY), - "popo missing public key"}, - {ERR_PACK(ERR_LIB_CRMF, 0, CRMF_R_POPO_MISSING_SUBJECT), - "popo missing subject"}, - {ERR_PACK(ERR_LIB_CRMF, 0, CRMF_R_POPO_RAVERIFIED_NOT_ACCEPTED), - "popo raverified not accepted"}, - {ERR_PACK(ERR_LIB_CRMF, 0, CRMF_R_SETTING_MAC_ALGOR_FAILURE), - "setting mac algor failure"}, - {ERR_PACK(ERR_LIB_CRMF, 0, CRMF_R_SETTING_OWF_ALGOR_FAILURE), - "setting owf algor failure"}, - {ERR_PACK(ERR_LIB_CRMF, 0, CRMF_R_UNSUPPORTED_ALGORITHM), - "unsupported algorithm"}, - {ERR_PACK(ERR_LIB_CRMF, 0, CRMF_R_UNSUPPORTED_CIPHER), - "unsupported cipher"}, - {ERR_PACK(ERR_LIB_CRMF, 0, CRMF_R_UNSUPPORTED_METHOD_FOR_CREATING_POPO), - "unsupported method for creating popo"}, - {ERR_PACK(ERR_LIB_CRMF, 0, CRMF_R_UNSUPPORTED_POPO_METHOD), - "unsupported popo method"}, - {0, NULL} -}; - -# endif - -int ossl_err_load_CRMF_strings(void) -{ -# ifndef OPENSSL_NO_ERR - if (ERR_reason_error_string(CRMF_str_reasons[0].error) == NULL) - ERR_load_strings_const(CRMF_str_reasons); -# endif - return 1; -} -#else -NON_EMPTY_TRANSLATION_UNIT -#endif diff --git a/crypto/crmf/crmf_lib.c b/crypto/crmf/crmf_lib.c deleted file mode 100644 index 8b42e4392e7018dd7914c27c3d44156b8d6eeb07..0000000000000000000000000000000000000000 --- a/crypto/crmf/crmf_lib.c +++ /dev/null @@ -1,715 +0,0 @@ -/*- - * Copyright 2007-2022 The OpenSSL Project Authors. All Rights Reserved. - * Copyright Nokia 2007-2018 - * Copyright Siemens AG 2015-2019 - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - * - * CRMF implementation by Martin Peylo, Miikka Viljanen, and David von Oheimb. - */ - -/* - * This file contains the functions that handle the individual items inside - * the CRMF structures - */ - -/* - * NAMING - * - * The 0 functions use the supplied structure pointer directly in the parent and - * it will be freed up when the parent is freed. - * - * The 1 functions use a copy of the supplied structure pointer (or in some - * cases increases its link count) in the parent and so both should be freed up. - */ - -#include - -#include "crmf_local.h" -#include "internal/constant_time.h" -#include "internal/sizes.h" - -/* explicit #includes not strictly needed since implied by the above: */ -#include -#include -#include - -/*- - * atyp = Attribute Type - * valt = Value Type - * ctrlinf = "regCtrl" or "regInfo" - */ -#define IMPLEMENT_CRMF_CTRL_FUNC(atyp, valt, ctrlinf) \ -valt *OSSL_CRMF_MSG_get0_##ctrlinf##_##atyp(const OSSL_CRMF_MSG *msg) \ -{ \ - int i; \ - STACK_OF(OSSL_CRMF_ATTRIBUTETYPEANDVALUE) *controls; \ - OSSL_CRMF_ATTRIBUTETYPEANDVALUE *atav = NULL; \ - \ - if (msg == NULL || msg->certReq == NULL) \ - return NULL; \ - controls = msg->certReq->controls; \ - for (i = 0; i < sk_OSSL_CRMF_ATTRIBUTETYPEANDVALUE_num(controls); i++) { \ - atav = sk_OSSL_CRMF_ATTRIBUTETYPEANDVALUE_value(controls, i); \ - if (OBJ_obj2nid(atav->type) == NID_id_##ctrlinf##_##atyp) \ - return atav->value.atyp; \ - } \ - return NULL; \ -} \ - \ -int OSSL_CRMF_MSG_set1_##ctrlinf##_##atyp(OSSL_CRMF_MSG *msg, const valt *in) \ -{ \ - OSSL_CRMF_ATTRIBUTETYPEANDVALUE *atav = NULL; \ - \ - if (msg == NULL || in == NULL) \ - goto err; \ - if ((atav = OSSL_CRMF_ATTRIBUTETYPEANDVALUE_new()) == NULL) \ - goto err; \ - if ((atav->type = OBJ_nid2obj(NID_id_##ctrlinf##_##atyp)) == NULL) \ - goto err; \ - if ((atav->value.atyp = valt##_dup(in)) == NULL) \ - goto err; \ - if (!OSSL_CRMF_MSG_push0_##ctrlinf(msg, atav)) \ - goto err; \ - return 1; \ - err: \ - OSSL_CRMF_ATTRIBUTETYPEANDVALUE_free(atav); \ - return 0; \ -} - - -/*- - * Pushes the given control attribute into the controls stack of a CertRequest - * (section 6) - * returns 1 on success, 0 on error - */ -static int OSSL_CRMF_MSG_push0_regCtrl(OSSL_CRMF_MSG *crm, - OSSL_CRMF_ATTRIBUTETYPEANDVALUE *ctrl) -{ - int new = 0; - - if (crm == NULL || crm->certReq == NULL || ctrl == NULL) { - ERR_raise(ERR_LIB_CRMF, CRMF_R_NULL_ARGUMENT); - return 0; - } - - if (crm->certReq->controls == NULL) { - crm->certReq->controls = sk_OSSL_CRMF_ATTRIBUTETYPEANDVALUE_new_null(); - if (crm->certReq->controls == NULL) - goto err; - new = 1; - } - if (!sk_OSSL_CRMF_ATTRIBUTETYPEANDVALUE_push(crm->certReq->controls, ctrl)) - goto err; - - return 1; - err: - if (new != 0) { - sk_OSSL_CRMF_ATTRIBUTETYPEANDVALUE_free(crm->certReq->controls); - crm->certReq->controls = NULL; - } - return 0; -} - -/* id-regCtrl-regToken Control (section 6.1) */ -IMPLEMENT_CRMF_CTRL_FUNC(regToken, ASN1_STRING, regCtrl) - -/* id-regCtrl-authenticator Control (section 6.2) */ -#define ASN1_UTF8STRING_dup ASN1_STRING_dup -IMPLEMENT_CRMF_CTRL_FUNC(authenticator, ASN1_UTF8STRING, regCtrl) - -int OSSL_CRMF_MSG_set0_SinglePubInfo(OSSL_CRMF_SINGLEPUBINFO *spi, - int method, GENERAL_NAME *nm) -{ - if (spi == NULL - || method < OSSL_CRMF_PUB_METHOD_DONTCARE - || method > OSSL_CRMF_PUB_METHOD_LDAP) { - ERR_raise(ERR_LIB_CRMF, ERR_R_PASSED_INVALID_ARGUMENT); - return 0; - } - - if (!ASN1_INTEGER_set(spi->pubMethod, method)) - return 0; - GENERAL_NAME_free(spi->pubLocation); - spi->pubLocation = nm; - return 1; -} - -int -OSSL_CRMF_MSG_PKIPublicationInfo_push0_SinglePubInfo(OSSL_CRMF_PKIPUBLICATIONINFO *pi, - OSSL_CRMF_SINGLEPUBINFO *spi) -{ - if (pi == NULL || spi == NULL) { - ERR_raise(ERR_LIB_CRMF, CRMF_R_NULL_ARGUMENT); - return 0; - } - if (pi->pubInfos == NULL) - pi->pubInfos = sk_OSSL_CRMF_SINGLEPUBINFO_new_null(); - if (pi->pubInfos == NULL) - return 0; - - return sk_OSSL_CRMF_SINGLEPUBINFO_push(pi->pubInfos, spi); -} - -int OSSL_CRMF_MSG_set_PKIPublicationInfo_action(OSSL_CRMF_PKIPUBLICATIONINFO *pi, - int action) -{ - if (pi == NULL - || action < OSSL_CRMF_PUB_ACTION_DONTPUBLISH - || action > OSSL_CRMF_PUB_ACTION_PLEASEPUBLISH) { - ERR_raise(ERR_LIB_CRMF, ERR_R_PASSED_INVALID_ARGUMENT); - return 0; - } - - return ASN1_INTEGER_set(pi->action, action); -} - -/* id-regCtrl-pkiPublicationInfo Control (section 6.3) */ -IMPLEMENT_CRMF_CTRL_FUNC(pkiPublicationInfo, OSSL_CRMF_PKIPUBLICATIONINFO, - regCtrl) - -/* id-regCtrl-oldCertID Control (section 6.5) from the given */ -IMPLEMENT_CRMF_CTRL_FUNC(oldCertID, OSSL_CRMF_CERTID, regCtrl) - -OSSL_CRMF_CERTID *OSSL_CRMF_CERTID_gen(const X509_NAME *issuer, - const ASN1_INTEGER *serial) -{ - OSSL_CRMF_CERTID *cid = NULL; - - if (issuer == NULL || serial == NULL) { - ERR_raise(ERR_LIB_CRMF, CRMF_R_NULL_ARGUMENT); - return NULL; - } - - if ((cid = OSSL_CRMF_CERTID_new()) == NULL) - goto err; - - if (!X509_NAME_set(&cid->issuer->d.directoryName, issuer)) - goto err; - cid->issuer->type = GEN_DIRNAME; - - ASN1_INTEGER_free(cid->serialNumber); - if ((cid->serialNumber = ASN1_INTEGER_dup(serial)) == NULL) - goto err; - - return cid; - - err: - OSSL_CRMF_CERTID_free(cid); - return NULL; -} - -/* - * id-regCtrl-protocolEncrKey Control (section 6.6) - */ -IMPLEMENT_CRMF_CTRL_FUNC(protocolEncrKey, X509_PUBKEY, regCtrl) - -/*- - * Pushes the attribute given in regInfo in to the CertReqMsg->regInfo stack. - * (section 7) - * returns 1 on success, 0 on error - */ -static int OSSL_CRMF_MSG_push0_regInfo(OSSL_CRMF_MSG *crm, - OSSL_CRMF_ATTRIBUTETYPEANDVALUE *ri) -{ - STACK_OF(OSSL_CRMF_ATTRIBUTETYPEANDVALUE) *info = NULL; - - if (crm == NULL || ri == NULL) { - ERR_raise(ERR_LIB_CRMF, CRMF_R_NULL_ARGUMENT); - return 0; - } - - if (crm->regInfo == NULL) - crm->regInfo = info = sk_OSSL_CRMF_ATTRIBUTETYPEANDVALUE_new_null(); - if (crm->regInfo == NULL) - goto err; - if (!sk_OSSL_CRMF_ATTRIBUTETYPEANDVALUE_push(crm->regInfo, ri)) - goto err; - return 1; - - err: - if (info != NULL) - crm->regInfo = NULL; - sk_OSSL_CRMF_ATTRIBUTETYPEANDVALUE_free(info); - return 0; -} - -/* id-regInfo-utf8Pairs to regInfo (section 7.1) */ -IMPLEMENT_CRMF_CTRL_FUNC(utf8Pairs, ASN1_UTF8STRING, regInfo) - -/* id-regInfo-certReq to regInfo (section 7.2) */ -IMPLEMENT_CRMF_CTRL_FUNC(certReq, OSSL_CRMF_CERTREQUEST, regInfo) - - -/* retrieves the certificate template of crm */ -OSSL_CRMF_CERTTEMPLATE *OSSL_CRMF_MSG_get0_tmpl(const OSSL_CRMF_MSG *crm) -{ - if (crm == NULL || crm->certReq == NULL) { - ERR_raise(ERR_LIB_CRMF, CRMF_R_NULL_ARGUMENT); - return NULL; - } - return crm->certReq->certTemplate; -} - - -int OSSL_CRMF_MSG_set0_validity(OSSL_CRMF_MSG *crm, - ASN1_TIME *notBefore, ASN1_TIME *notAfter) -{ - OSSL_CRMF_OPTIONALVALIDITY *vld; - OSSL_CRMF_CERTTEMPLATE *tmpl = OSSL_CRMF_MSG_get0_tmpl(crm); - - if (tmpl == NULL) { /* also crm == NULL implies this */ - ERR_raise(ERR_LIB_CRMF, CRMF_R_NULL_ARGUMENT); - return 0; - } - - if ((vld = OSSL_CRMF_OPTIONALVALIDITY_new()) == NULL) - return 0; - vld->notBefore = notBefore; - vld->notAfter = notAfter; - tmpl->validity = vld; - return 1; -} - - -int OSSL_CRMF_MSG_set_certReqId(OSSL_CRMF_MSG *crm, int rid) -{ - if (crm == NULL || crm->certReq == NULL || crm->certReq->certReqId == NULL) { - ERR_raise(ERR_LIB_CRMF, CRMF_R_NULL_ARGUMENT); - return 0; - } - - return ASN1_INTEGER_set(crm->certReq->certReqId, rid); -} - -/* get ASN.1 encoded integer, return -1 on error */ -static int crmf_asn1_get_int(const ASN1_INTEGER *a) -{ - int64_t res; - - if (!ASN1_INTEGER_get_int64(&res, a)) { - ERR_raise(ERR_LIB_CRMF, ASN1_R_INVALID_NUMBER); - return -1; - } - if (res < INT_MIN) { - ERR_raise(ERR_LIB_CRMF, ASN1_R_TOO_SMALL); - return -1; - } - if (res > INT_MAX) { - ERR_raise(ERR_LIB_CRMF, ASN1_R_TOO_LARGE); - return -1; - } - return (int)res; -} - -int OSSL_CRMF_MSG_get_certReqId(const OSSL_CRMF_MSG *crm) -{ - if (crm == NULL || /* not really needed: */ crm->certReq == NULL) { - ERR_raise(ERR_LIB_CRMF, CRMF_R_NULL_ARGUMENT); - return -1; - } - return crmf_asn1_get_int(crm->certReq->certReqId); -} - - -int OSSL_CRMF_MSG_set0_extensions(OSSL_CRMF_MSG *crm, - X509_EXTENSIONS *exts) -{ - OSSL_CRMF_CERTTEMPLATE *tmpl = OSSL_CRMF_MSG_get0_tmpl(crm); - - if (tmpl == NULL) { /* also crm == NULL implies this */ - ERR_raise(ERR_LIB_CRMF, CRMF_R_NULL_ARGUMENT); - return 0; - } - - if (sk_X509_EXTENSION_num(exts) == 0) { - sk_X509_EXTENSION_free(exts); - exts = NULL; /* do not include empty extensions list */ - } - - sk_X509_EXTENSION_pop_free(tmpl->extensions, X509_EXTENSION_free); - tmpl->extensions = exts; - return 1; -} - - -int OSSL_CRMF_MSG_push0_extension(OSSL_CRMF_MSG *crm, - X509_EXTENSION *ext) -{ - int new = 0; - OSSL_CRMF_CERTTEMPLATE *tmpl = OSSL_CRMF_MSG_get0_tmpl(crm); - - if (tmpl == NULL || ext == NULL) { /* also crm == NULL implies this */ - ERR_raise(ERR_LIB_CRMF, CRMF_R_NULL_ARGUMENT); - return 0; - } - - if (tmpl->extensions == NULL) { - if ((tmpl->extensions = sk_X509_EXTENSION_new_null()) == NULL) - goto err; - new = 1; - } - - if (!sk_X509_EXTENSION_push(tmpl->extensions, ext)) - goto err; - return 1; - err: - if (new != 0) { - sk_X509_EXTENSION_free(tmpl->extensions); - tmpl->extensions = NULL; - } - return 0; -} - -static int create_popo_signature(OSSL_CRMF_POPOSIGNINGKEY *ps, - const OSSL_CRMF_CERTREQUEST *cr, - EVP_PKEY *pkey, const EVP_MD *digest, - OSSL_LIB_CTX *libctx, const char *propq) -{ - char name[80] = ""; - - if (ps == NULL || cr == NULL || pkey == NULL) { - ERR_raise(ERR_LIB_CRMF, CRMF_R_NULL_ARGUMENT); - return 0; - } - if (ps->poposkInput != NULL) { - /* We do not support cases 1+2 defined in RFC 4211, section 4.1 */ - ERR_raise(ERR_LIB_CRMF, CRMF_R_POPOSKINPUT_NOT_SUPPORTED); - return 0; - } - - if (EVP_PKEY_get_default_digest_name(pkey, name, sizeof(name)) > 0 - && strcmp(name, "UNDEF") == 0) /* at least for Ed25519, Ed448 */ - digest = NULL; - - return ASN1_item_sign_ex(ASN1_ITEM_rptr(OSSL_CRMF_CERTREQUEST), - ps->algorithmIdentifier, NULL, ps->signature, cr, - NULL, pkey, digest, libctx, propq); -} - - -int OSSL_CRMF_MSG_create_popo(int meth, OSSL_CRMF_MSG *crm, - EVP_PKEY *pkey, const EVP_MD *digest, - OSSL_LIB_CTX *libctx, const char *propq) -{ - OSSL_CRMF_POPO *pp = NULL; - ASN1_INTEGER *tag = NULL; - - if (crm == NULL || (meth == OSSL_CRMF_POPO_SIGNATURE && pkey == NULL)) { - ERR_raise(ERR_LIB_CRMF, CRMF_R_NULL_ARGUMENT); - return 0; - } - - if (meth == OSSL_CRMF_POPO_NONE) - goto end; - if ((pp = OSSL_CRMF_POPO_new()) == NULL) - goto err; - pp->type = meth; - - switch (meth) { - case OSSL_CRMF_POPO_RAVERIFIED: - if ((pp->value.raVerified = ASN1_NULL_new()) == NULL) - goto err; - break; - - case OSSL_CRMF_POPO_SIGNATURE: - { - OSSL_CRMF_POPOSIGNINGKEY *ps = OSSL_CRMF_POPOSIGNINGKEY_new(); - - if (ps == NULL) - goto err; - if (!create_popo_signature(ps, crm->certReq, pkey, digest, - libctx, propq)) { - OSSL_CRMF_POPOSIGNINGKEY_free(ps); - goto err; - } - pp->value.signature = ps; - } - break; - - case OSSL_CRMF_POPO_KEYENC: - if ((pp->value.keyEncipherment = OSSL_CRMF_POPOPRIVKEY_new()) == NULL) - goto err; - tag = ASN1_INTEGER_new(); - pp->value.keyEncipherment->type = - OSSL_CRMF_POPOPRIVKEY_SUBSEQUENTMESSAGE; - pp->value.keyEncipherment->value.subsequentMessage = tag; - if (tag == NULL - || !ASN1_INTEGER_set(tag, OSSL_CRMF_SUBSEQUENTMESSAGE_ENCRCERT)) - goto err; - break; - - default: - ERR_raise(ERR_LIB_CRMF, CRMF_R_UNSUPPORTED_METHOD_FOR_CREATING_POPO); - goto err; - } - - end: - OSSL_CRMF_POPO_free(crm->popo); - crm->popo = pp; - - return 1; - err: - OSSL_CRMF_POPO_free(pp); - return 0; -} - -/* verifies the Proof-of-Possession of the request with the given rid in reqs */ -int OSSL_CRMF_MSGS_verify_popo(const OSSL_CRMF_MSGS *reqs, - int rid, int acceptRAVerified, - OSSL_LIB_CTX *libctx, const char *propq) -{ - OSSL_CRMF_MSG *req = NULL; - X509_PUBKEY *pubkey = NULL; - OSSL_CRMF_POPOSIGNINGKEY *sig = NULL; - const ASN1_ITEM *it; - void *asn; - - if (reqs == NULL || (req = sk_OSSL_CRMF_MSG_value(reqs, rid)) == NULL) { - ERR_raise(ERR_LIB_CRMF, CRMF_R_NULL_ARGUMENT); - return 0; - } - - if (req->popo == NULL) { - ERR_raise(ERR_LIB_CRMF, CRMF_R_POPO_MISSING); - return 0; - } - - switch (req->popo->type) { - case OSSL_CRMF_POPO_RAVERIFIED: - if (!acceptRAVerified) { - ERR_raise(ERR_LIB_CRMF, CRMF_R_POPO_RAVERIFIED_NOT_ACCEPTED); - return 0; - } - break; - case OSSL_CRMF_POPO_SIGNATURE: - pubkey = req->certReq->certTemplate->publicKey; - if (pubkey == NULL) { - ERR_raise(ERR_LIB_CRMF, CRMF_R_POPO_MISSING_PUBLIC_KEY); - return 0; - } - sig = req->popo->value.signature; - if (sig->poposkInput != NULL) { - /* - * According to RFC 4211: publicKey contains a copy of - * the public key from the certificate template. This MUST be - * exactly the same value as contained in the certificate template. - */ - if (sig->poposkInput->publicKey == NULL) { - ERR_raise(ERR_LIB_CRMF, CRMF_R_POPO_MISSING_PUBLIC_KEY); - return 0; - } - if (X509_PUBKEY_eq(pubkey, sig->poposkInput->publicKey) != 1) { - ERR_raise(ERR_LIB_CRMF, CRMF_R_POPO_INCONSISTENT_PUBLIC_KEY); - return 0; - } - it = ASN1_ITEM_rptr(OSSL_CRMF_POPOSIGNINGKEYINPUT); - asn = sig->poposkInput; - } else { - if (req->certReq->certTemplate->subject == NULL) { - ERR_raise(ERR_LIB_CRMF, CRMF_R_POPO_MISSING_SUBJECT); - return 0; - } - it = ASN1_ITEM_rptr(OSSL_CRMF_CERTREQUEST); - asn = req->certReq; - } - if (ASN1_item_verify_ex(it, sig->algorithmIdentifier, sig->signature, - asn, NULL, X509_PUBKEY_get0(pubkey), libctx, - propq) < 1) - return 0; - break; - case OSSL_CRMF_POPO_KEYENC: - case OSSL_CRMF_POPO_KEYAGREE: - default: - ERR_raise(ERR_LIB_CRMF, CRMF_R_UNSUPPORTED_POPO_METHOD); - return 0; - } - return 1; -} - -/* retrieves the serialNumber of the given cert template or NULL on error */ -const ASN1_INTEGER -*OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(const OSSL_CRMF_CERTTEMPLATE *tmpl) -{ - return tmpl != NULL ? tmpl->serialNumber : NULL; -} - -const X509_NAME - *OSSL_CRMF_CERTTEMPLATE_get0_subject(const OSSL_CRMF_CERTTEMPLATE *tmpl) -{ - return tmpl != NULL ? tmpl->subject : NULL; -} - -/* retrieves the issuer name of the given cert template or NULL on error */ -const X509_NAME - *OSSL_CRMF_CERTTEMPLATE_get0_issuer(const OSSL_CRMF_CERTTEMPLATE *tmpl) -{ - return tmpl != NULL ? tmpl->issuer : NULL; -} - -X509_EXTENSIONS - *OSSL_CRMF_CERTTEMPLATE_get0_extensions(const OSSL_CRMF_CERTTEMPLATE *tmpl) -{ - return tmpl != NULL ? tmpl->extensions : NULL; -} - -/* retrieves the issuer name of the given CertId or NULL on error */ -const X509_NAME *OSSL_CRMF_CERTID_get0_issuer(const OSSL_CRMF_CERTID *cid) -{ - return cid != NULL && cid->issuer->type == GEN_DIRNAME ? - cid->issuer->d.directoryName : NULL; -} - -/* retrieves the serialNumber of the given CertId or NULL on error */ -const ASN1_INTEGER *OSSL_CRMF_CERTID_get0_serialNumber(const OSSL_CRMF_CERTID *cid) -{ - return cid != NULL ? cid->serialNumber : NULL; -} - -/*- - * fill in certificate template. - * Any value argument that is NULL will leave the respective field unchanged. - */ -int OSSL_CRMF_CERTTEMPLATE_fill(OSSL_CRMF_CERTTEMPLATE *tmpl, - EVP_PKEY *pubkey, - const X509_NAME *subject, - const X509_NAME *issuer, - const ASN1_INTEGER *serial) -{ - if (tmpl == NULL) { - ERR_raise(ERR_LIB_CRMF, CRMF_R_NULL_ARGUMENT); - return 0; - } - if (subject != NULL && !X509_NAME_set((X509_NAME **)&tmpl->subject, subject)) - return 0; - if (issuer != NULL && !X509_NAME_set((X509_NAME **)&tmpl->issuer, issuer)) - return 0; - if (serial != NULL) { - ASN1_INTEGER_free(tmpl->serialNumber); - if ((tmpl->serialNumber = ASN1_INTEGER_dup(serial)) == NULL) - return 0; - } - if (pubkey != NULL && !X509_PUBKEY_set(&tmpl->publicKey, pubkey)) - return 0; - return 1; -} - - -/*- - * Decrypts the certificate in the given encryptedValue using private key pkey. - * This is needed for the indirect PoP method as in RFC 4210 section 5.2.8.2. - * - * returns a pointer to the decrypted certificate - * returns NULL on error or if no certificate available - */ -X509 -*OSSL_CRMF_ENCRYPTEDVALUE_get1_encCert(const OSSL_CRMF_ENCRYPTEDVALUE *ecert, - OSSL_LIB_CTX *libctx, const char *propq, - EVP_PKEY *pkey) -{ - X509 *cert = NULL; /* decrypted certificate */ - EVP_CIPHER_CTX *evp_ctx = NULL; /* context for symmetric encryption */ - unsigned char *ek = NULL; /* decrypted symmetric encryption key */ - size_t eksize = 0; /* size of decrypted symmetric encryption key */ - EVP_CIPHER *cipher = NULL; /* used cipher */ - int cikeysize = 0; /* key size from cipher */ - unsigned char *iv = NULL; /* initial vector for symmetric encryption */ - unsigned char *outbuf = NULL; /* decryption output buffer */ - const unsigned char *p = NULL; /* needed for decoding ASN1 */ - int n, outlen = 0; - EVP_PKEY_CTX *pkctx = NULL; /* private key context */ - char name[OSSL_MAX_NAME_SIZE]; - - if (ecert == NULL || ecert->symmAlg == NULL || ecert->encSymmKey == NULL - || ecert->encValue == NULL || pkey == NULL) { - ERR_raise(ERR_LIB_CRMF, CRMF_R_NULL_ARGUMENT); - return NULL; - } - - /* select symmetric cipher based on algorithm given in message */ - OBJ_obj2txt(name, sizeof(name), ecert->symmAlg->algorithm, 0); - - (void)ERR_set_mark(); - cipher = EVP_CIPHER_fetch(NULL, name, NULL); - - if (cipher == NULL) - cipher = (EVP_CIPHER *)EVP_get_cipherbyname(name); - - if (cipher == NULL) { - (void)ERR_clear_last_mark(); - ERR_raise(ERR_LIB_CRMF, CRMF_R_UNSUPPORTED_CIPHER); - goto end; - } - (void)ERR_pop_to_mark(); - - cikeysize = EVP_CIPHER_get_key_length(cipher); - /* first the symmetric key needs to be decrypted */ - pkctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, propq); - if (pkctx != NULL && EVP_PKEY_decrypt_init(pkctx)) { - ASN1_BIT_STRING *encKey = ecert->encSymmKey; - size_t failure; - int retval; - - if (EVP_PKEY_decrypt(pkctx, NULL, &eksize, - encKey->data, encKey->length) <= 0 - || (ek = OPENSSL_malloc(eksize)) == NULL) - goto end; - retval = EVP_PKEY_decrypt(pkctx, ek, &eksize, - encKey->data, encKey->length); - ERR_clear_error(); /* error state may have sensitive information */ - failure = ~constant_time_is_zero_s(constant_time_msb(retval) - | constant_time_is_zero(retval)); - failure |= ~constant_time_eq_s(eksize, (size_t)cikeysize); - if (failure) { - ERR_raise(ERR_LIB_CRMF, CRMF_R_ERROR_DECRYPTING_SYMMETRIC_KEY); - goto end; - } - } else { - goto end; - } - if ((iv = OPENSSL_malloc(EVP_CIPHER_get_iv_length(cipher))) == NULL) - goto end; - if (ASN1_TYPE_get_octetstring(ecert->symmAlg->parameter, iv, - EVP_CIPHER_get_iv_length(cipher)) - != EVP_CIPHER_get_iv_length(cipher)) { - ERR_raise(ERR_LIB_CRMF, CRMF_R_MALFORMED_IV); - goto end; - } - - /* - * d2i_X509 changes the given pointer, so use p for decoding the message and - * keep the original pointer in outbuf so the memory can be freed later - */ - if ((p = outbuf = OPENSSL_malloc(ecert->encValue->length + - EVP_CIPHER_get_block_size(cipher))) == NULL - || (evp_ctx = EVP_CIPHER_CTX_new()) == NULL) - goto end; - EVP_CIPHER_CTX_set_padding(evp_ctx, 0); - - if (!EVP_DecryptInit(evp_ctx, cipher, ek, iv) - || !EVP_DecryptUpdate(evp_ctx, outbuf, &outlen, - ecert->encValue->data, - ecert->encValue->length) - || !EVP_DecryptFinal(evp_ctx, outbuf + outlen, &n)) { - ERR_raise(ERR_LIB_CRMF, CRMF_R_ERROR_DECRYPTING_CERTIFICATE); - goto end; - } - outlen += n; - - /* convert decrypted certificate from DER to internal ASN.1 structure */ - if ((cert = X509_new_ex(libctx, propq)) == NULL) - goto end; - if (d2i_X509(&cert, &p, outlen) == NULL) - ERR_raise(ERR_LIB_CRMF, CRMF_R_ERROR_DECODING_CERTIFICATE); - end: - EVP_PKEY_CTX_free(pkctx); - OPENSSL_free(outbuf); - EVP_CIPHER_CTX_free(evp_ctx); - EVP_CIPHER_free(cipher); - OPENSSL_clear_free(ek, eksize); - OPENSSL_free(iv); - return cert; -} diff --git a/crypto/crmf/crmf_local.h b/crypto/crmf/crmf_local.h deleted file mode 100644 index 3b8c3701b54d8fe687e65d1137a67e3af31b9d19..0000000000000000000000000000000000000000 --- a/crypto/crmf/crmf_local.h +++ /dev/null @@ -1,385 +0,0 @@ -/*- - * Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved. - * Copyright Nokia 2007-2019 - * Copyright Siemens AG 2015-2019 - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - * - * CRMF implementation by Martin Peylo, Miikka Viljanen, and David von Oheimb. - */ - -#ifndef OSSL_CRYPTO_CRMF_LOCAL_H -# define OSSL_CRYPTO_CRMF_LOCAL_H - -# include -# include - -/* explicit #includes not strictly needed since implied by the above: */ -# include -# include -# include -# include - -/*- - * EncryptedValue ::= SEQUENCE { - * intendedAlg [0] AlgorithmIdentifier OPTIONAL, - * -- the intended algorithm for which the value will be used - * symmAlg [1] AlgorithmIdentifier OPTIONAL, - * -- the symmetric algorithm used to encrypt the value - * encSymmKey [2] BIT STRING OPTIONAL, - * -- the (encrypted) symmetric key used to encrypt the value - * keyAlg [3] AlgorithmIdentifier OPTIONAL, - * -- algorithm used to encrypt the symmetric key - * valueHint [4] OCTET STRING OPTIONAL, - * -- a brief description or identifier of the encValue content - * -- (may be meaningful only to the sending entity, and - * -- used only if EncryptedValue might be re-examined - * -- by the sending entity in the future) - * encValue BIT STRING - * -- the encrypted value itself - * } - */ -struct ossl_crmf_encryptedvalue_st { - X509_ALGOR *intendedAlg; /* 0 */ - X509_ALGOR *symmAlg; /* 1 */ - ASN1_BIT_STRING *encSymmKey; /* 2 */ - X509_ALGOR *keyAlg; /* 3 */ - ASN1_OCTET_STRING *valueHint; /* 4 */ - ASN1_BIT_STRING *encValue; -} /* OSSL_CRMF_ENCRYPTEDVALUE */; - -/*- - * Attributes ::= SET OF Attribute - * => X509_ATTRIBUTE - * - * PrivateKeyInfo ::= SEQUENCE { - * version INTEGER, - * privateKeyAlgorithm AlgorithmIdentifier, - * privateKey OCTET STRING, - * attributes [0] IMPLICIT Attributes OPTIONAL - * } - */ -typedef struct ossl_crmf_privatekeyinfo_st { - ASN1_INTEGER *version; - X509_ALGOR *privateKeyAlgorithm; - ASN1_OCTET_STRING *privateKey; - STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */ -} OSSL_CRMF_PRIVATEKEYINFO; -DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_PRIVATEKEYINFO) - -/*- - * section 4.2.1 Private Key Info Content Type - * id-ct-encKeyWithID OBJECT IDENTIFIER ::= {id-ct 21} - * - * EncKeyWithID ::= SEQUENCE { - * privateKey PrivateKeyInfo, - * identifier CHOICE { - * string UTF8String, - * generalName GeneralName - * } OPTIONAL - * } - */ -typedef struct ossl_crmf_enckeywithid_identifier_st { - int type; - union { - ASN1_UTF8STRING *string; - GENERAL_NAME *generalName; - } value; -} OSSL_CRMF_ENCKEYWITHID_IDENTIFIER; -DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_ENCKEYWITHID_IDENTIFIER) - -typedef struct ossl_crmf_enckeywithid_st { - OSSL_CRMF_PRIVATEKEYINFO *privateKey; - /* [0] */ - OSSL_CRMF_ENCKEYWITHID_IDENTIFIER *identifier; -} OSSL_CRMF_ENCKEYWITHID; -DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_ENCKEYWITHID) - -/*- - * CertId ::= SEQUENCE { - * issuer GeneralName, - * serialNumber INTEGER - * } - */ -struct ossl_crmf_certid_st { - GENERAL_NAME *issuer; - ASN1_INTEGER *serialNumber; -} /* OSSL_CRMF_CERTID */; - -/*- - * SinglePubInfo ::= SEQUENCE { - * pubMethod INTEGER { - * dontCare (0), - * x500 (1), - * web (2), - * ldap (3) }, - * pubLocation GeneralName OPTIONAL - * } - */ -struct ossl_crmf_singlepubinfo_st { - ASN1_INTEGER *pubMethod; - GENERAL_NAME *pubLocation; -} /* OSSL_CRMF_SINGLEPUBINFO */; -DEFINE_STACK_OF(OSSL_CRMF_SINGLEPUBINFO) -typedef STACK_OF(OSSL_CRMF_SINGLEPUBINFO) OSSL_CRMF_PUBINFOS; - - -/*- - * PKIPublicationInfo ::= SEQUENCE { - * action INTEGER { - * dontPublish (0), - * pleasePublish (1) }, - * pubInfos SEQUENCE SIZE (1..MAX) OF SinglePubInfo OPTIONAL - * -- pubInfos MUST NOT be present if action is "dontPublish" - * -- (if action is "pleasePublish" and pubInfos is omitted, - * -- "dontCare" is assumed) - * } - */ -struct ossl_crmf_pkipublicationinfo_st { - ASN1_INTEGER *action; - OSSL_CRMF_PUBINFOS *pubInfos; -} /* OSSL_CRMF_PKIPUBLICATIONINFO */; -DECLARE_ASN1_DUP_FUNCTION(OSSL_CRMF_PKIPUBLICATIONINFO) - -/*- - * PKMACValue ::= SEQUENCE { - * algId AlgorithmIdentifier, - * -- algorithm value shall be PasswordBasedMac {1 2 840 113533 7 66 13} - * -- parameter value is PBMParameter - * value BIT STRING - * } - */ -typedef struct ossl_crmf_pkmacvalue_st { - X509_ALGOR *algId; - ASN1_BIT_STRING *value; -} OSSL_CRMF_PKMACVALUE; -DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_PKMACVALUE) - -/*- - * SubsequentMessage ::= INTEGER { - * encrCert (0), - * -- requests that resulting certificate be encrypted for the - * -- end entity (following which, POP will be proven in a - * -- confirmation message) - * challengeResp (1) - * -- requests that CA engage in challenge-response exchange with - * -- end entity in order to prove private key possession - * } - * - * POPOPrivKey ::= CHOICE { - * thisMessage [0] BIT STRING, -- Deprecated - * -- possession is proven in this message (which contains the private - * -- key itself (encrypted for the CA)) - * subsequentMessage [1] SubsequentMessage, - * -- possession will be proven in a subsequent message - * dhMAC [2] BIT STRING, -- Deprecated - * agreeMAC [3] PKMACValue, - * encryptedKey [4] EnvelopedData - * } - */ - -typedef struct ossl_crmf_popoprivkey_st { - int type; - union { - ASN1_BIT_STRING *thisMessage; /* 0 */ /* Deprecated */ - ASN1_INTEGER *subsequentMessage; /* 1 */ - ASN1_BIT_STRING *dhMAC; /* 2 */ /* Deprecated */ - OSSL_CRMF_PKMACVALUE *agreeMAC; /* 3 */ - ASN1_NULL *encryptedKey; /* 4 */ - } value; -} OSSL_CRMF_POPOPRIVKEY; -DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_POPOPRIVKEY) - -/*- - * PBMParameter ::= SEQUENCE { - * salt OCTET STRING, - * owf AlgorithmIdentifier, - * -- AlgId for a One-Way Function (SHA-1 recommended) - * iterationCount INTEGER, - * -- number of times the OWF is applied - * mac AlgorithmIdentifier - * -- the MAC AlgId (e.g., DES-MAC, Triple-DES-MAC [PKCS11], - * -- or HMAC [HMAC, RFC2202]) - * } - */ -struct ossl_crmf_pbmparameter_st { - ASN1_OCTET_STRING *salt; - X509_ALGOR *owf; - ASN1_INTEGER *iterationCount; - X509_ALGOR *mac; -} /* OSSL_CRMF_PBMPARAMETER */; -# define OSSL_CRMF_PBM_MAX_ITERATION_COUNT 100000 /* if too large allows DoS */ - -/*- - * POPOSigningKeyInput ::= SEQUENCE { - * authInfo CHOICE { - * sender [0] GeneralName, - * -- used only if an authenticated identity has been - * -- established for the sender (e.g., a DN from a - * -- previously-issued and currently-valid certificate) - * publicKeyMAC PKMACValue }, - * -- used if no authenticated GeneralName currently exists for - * -- the sender; publicKeyMAC contains a password-based MAC - * -- on the DER-encoded value of publicKey - * publicKey SubjectPublicKeyInfo -- from CertTemplate - * } - */ -typedef struct ossl_crmf_poposigningkeyinput_authinfo_st { - int type; - union { - /* 0 */ GENERAL_NAME *sender; - /* 1 */ OSSL_CRMF_PKMACVALUE *publicKeyMAC; - } value; -} OSSL_CRMF_POPOSIGNINGKEYINPUT_AUTHINFO; -DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_POPOSIGNINGKEYINPUT_AUTHINFO) - -typedef struct ossl_crmf_poposigningkeyinput_st { - OSSL_CRMF_POPOSIGNINGKEYINPUT_AUTHINFO *authInfo; - X509_PUBKEY *publicKey; -} OSSL_CRMF_POPOSIGNINGKEYINPUT; -DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_POPOSIGNINGKEYINPUT) - -/*- - * POPOSigningKey ::= SEQUENCE { - * poposkInput [0] POPOSigningKeyInput OPTIONAL, - * algorithmIdentifier AlgorithmIdentifier, - * signature BIT STRING - * } - */ -struct ossl_crmf_poposigningkey_st { - OSSL_CRMF_POPOSIGNINGKEYINPUT *poposkInput; - X509_ALGOR *algorithmIdentifier; - ASN1_BIT_STRING *signature; -} /* OSSL_CRMF_POPOSIGNINGKEY */; -DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_POPOSIGNINGKEY) - -/*- - * ProofOfPossession ::= CHOICE { - * raVerified [0] NULL, - * -- used if the RA has already verified that the requester is in - * -- possession of the private key - * signature [1] POPOSigningKey, - * keyEncipherment [2] POPOPrivKey, - * keyAgreement [3] POPOPrivKey - * } - */ -typedef struct ossl_crmf_popo_st { - int type; - union { - ASN1_NULL *raVerified; /* 0 */ - OSSL_CRMF_POPOSIGNINGKEY *signature; /* 1 */ - OSSL_CRMF_POPOPRIVKEY *keyEncipherment; /* 2 */ - OSSL_CRMF_POPOPRIVKEY *keyAgreement; /* 3 */ - } value; -} OSSL_CRMF_POPO; -DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_POPO) - -/*- - * OptionalValidity ::= SEQUENCE { - * notBefore [0] Time OPTIONAL, - * notAfter [1] Time OPTIONAL -- at least one MUST be present - * } - */ -struct ossl_crmf_optionalvalidity_st { - /* 0 */ ASN1_TIME *notBefore; - /* 1 */ ASN1_TIME *notAfter; -} /* OSSL_CRMF_OPTIONALVALIDITY */; -DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_OPTIONALVALIDITY) - -/*- - * CertTemplate ::= SEQUENCE { - * version [0] Version OPTIONAL, - * serialNumber [1] INTEGER OPTIONAL, - * signingAlg [2] AlgorithmIdentifier OPTIONAL, - * issuer [3] Name OPTIONAL, - * validity [4] OptionalValidity OPTIONAL, - * subject [5] Name OPTIONAL, - * publicKey [6] SubjectPublicKeyInfo OPTIONAL, - * issuerUID [7] UniqueIdentifier OPTIONAL, - * subjectUID [8] UniqueIdentifier OPTIONAL, - * extensions [9] Extensions OPTIONAL - * } - */ -struct ossl_crmf_certtemplate_st { - ASN1_INTEGER *version; - ASN1_INTEGER *serialNumber; /* serialNumber MUST be omitted */ - /* This field is assigned by the CA during certificate creation */ - X509_ALGOR *signingAlg; /* signingAlg MUST be omitted */ - /* This field is assigned by the CA during certificate creation */ - const X509_NAME *issuer; - OSSL_CRMF_OPTIONALVALIDITY *validity; - const X509_NAME *subject; - X509_PUBKEY *publicKey; - ASN1_BIT_STRING *issuerUID; /* deprecated in version 2 */ - /* According to rfc 3280: UniqueIdentifier ::= BIT STRING */ - ASN1_BIT_STRING *subjectUID; /* deprecated in version 2 */ - /* Could be X509_EXTENSION*S*, but that's only cosmetic */ - STACK_OF(X509_EXTENSION) *extensions; -} /* OSSL_CRMF_CERTTEMPLATE */; - -/*- - * CertRequest ::= SEQUENCE { - * certReqId INTEGER, -- ID for matching request and reply - * certTemplate CertTemplate, -- Selected fields of cert to be issued - * controls Controls OPTIONAL -- Attributes affecting issuance - * } - */ -struct ossl_crmf_certrequest_st { - ASN1_INTEGER *certReqId; - OSSL_CRMF_CERTTEMPLATE *certTemplate; - STACK_OF(OSSL_CRMF_ATTRIBUTETYPEANDVALUE) *controls; -} /* OSSL_CRMF_CERTREQUEST */; -DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_CERTREQUEST) -DECLARE_ASN1_DUP_FUNCTION(OSSL_CRMF_CERTREQUEST) - -struct ossl_crmf_attributetypeandvalue_st { - ASN1_OBJECT *type; - union { - /* NID_id_regCtrl_regToken */ - ASN1_UTF8STRING *regToken; - - /* NID_id_regCtrl_authenticator */ - ASN1_UTF8STRING *authenticator; - - /* NID_id_regCtrl_pkiPublicationInfo */ - OSSL_CRMF_PKIPUBLICATIONINFO *pkiPublicationInfo; - - /* NID_id_regCtrl_oldCertID */ - OSSL_CRMF_CERTID *oldCertID; - - /* NID_id_regCtrl_protocolEncrKey */ - X509_PUBKEY *protocolEncrKey; - - /* NID_id_regInfo_utf8Pairs */ - ASN1_UTF8STRING *utf8Pairs; - - /* NID_id_regInfo_certReq */ - OSSL_CRMF_CERTREQUEST *certReq; - - ASN1_TYPE *other; - } value; -} /* OSSL_CRMF_ATTRIBUTETYPEANDVALUE */; -DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_ATTRIBUTETYPEANDVALUE) -DEFINE_STACK_OF(OSSL_CRMF_ATTRIBUTETYPEANDVALUE) -DECLARE_ASN1_DUP_FUNCTION(OSSL_CRMF_ATTRIBUTETYPEANDVALUE) - -/*- - * CertReqMessages ::= SEQUENCE SIZE (1..MAX) OF CertReqMsg - * CertReqMsg ::= SEQUENCE { - * certReq CertRequest, - * popo ProofOfPossession OPTIONAL, - * -- content depends upon key type - * regInfo SEQUENCE SIZE(1..MAX) OF AttributeTypeAndValue OPTIONAL - * } - */ -struct ossl_crmf_msg_st { - OSSL_CRMF_CERTREQUEST *certReq; - /* 0 */ - OSSL_CRMF_POPO *popo; - /* 1 */ - STACK_OF(OSSL_CRMF_ATTRIBUTETYPEANDVALUE) *regInfo; -} /* OSSL_CRMF_MSG */; -#endif diff --git a/crypto/crmf/crmf_pbm.c b/crypto/crmf/crmf_pbm.c deleted file mode 100644 index 88a8480cf73a338b6805a0106e0aec77edce51c7..0000000000000000000000000000000000000000 --- a/crypto/crmf/crmf_pbm.c +++ /dev/null @@ -1,233 +0,0 @@ -/*- - * Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved. - * Copyright Nokia 2007-2019 - * Copyright Siemens AG 2015-2019 - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - * - * CRMF implementation by Martin Peylo, Miikka Viljanen, and David von Oheimb. - */ - - -#include - -#include -#include -#include - -/* explicit #includes not strictly needed since implied by the above: */ -#include -#include -#include -#include -#include -#include - -#include "internal/sizes.h" - -#include "crmf_local.h" - -/*- - * creates and initializes OSSL_CRMF_PBMPARAMETER (section 4.4) - * |slen| SHOULD be at least 8 (16 is common) - * |owfnid| e.g., NID_sha256 - * |itercnt| MUST be >= 100 (e.g., 500) and <= OSSL_CRMF_PBM_MAX_ITERATION_COUNT - * |macnid| e.g., NID_hmac_sha1 - * returns pointer to OSSL_CRMF_PBMPARAMETER on success, NULL on error - */ -OSSL_CRMF_PBMPARAMETER *OSSL_CRMF_pbmp_new(OSSL_LIB_CTX *libctx, size_t slen, - int owfnid, size_t itercnt, - int macnid) -{ - OSSL_CRMF_PBMPARAMETER *pbm = NULL; - unsigned char *salt = NULL; - - if ((pbm = OSSL_CRMF_PBMPARAMETER_new()) == NULL) - goto err; - - /* - * salt contains a randomly generated value used in computing the key - * of the MAC process. The salt SHOULD be at least 8 octets (64 - * bits) long. - */ - if ((salt = OPENSSL_malloc(slen)) == NULL) - goto err; - if (RAND_bytes_ex(libctx, salt, slen, 0) <= 0) { - ERR_raise(ERR_LIB_CRMF, CRMF_R_FAILURE_OBTAINING_RANDOM); - goto err; - } - if (!ASN1_OCTET_STRING_set(pbm->salt, salt, (int)slen)) - goto err; - - /* - * owf identifies the hash algorithm and associated parameters used to - * compute the key used in the MAC process. All implementations MUST - * support SHA-1. - */ - if (!X509_ALGOR_set0(pbm->owf, OBJ_nid2obj(owfnid), V_ASN1_UNDEF, NULL)) { - ERR_raise(ERR_LIB_CRMF, CRMF_R_SETTING_OWF_ALGOR_FAILURE); - goto err; - } - - /* - * iterationCount identifies the number of times the hash is applied - * during the key computation process. The iterationCount MUST be a - * minimum of 100. Many people suggest using values as high as 1000 - * iterations as the minimum value. The trade off here is between - * protection of the password from attacks and the time spent by the - * server processing all of the different iterations in deriving - * passwords. Hashing is generally considered a cheap operation but - * this may not be true with all hash functions in the future. - */ - if (itercnt < 100) { - ERR_raise(ERR_LIB_CRMF, CRMF_R_ITERATIONCOUNT_BELOW_100); - goto err; - } - if (itercnt > OSSL_CRMF_PBM_MAX_ITERATION_COUNT) { - ERR_raise(ERR_LIB_CRMF, CRMF_R_BAD_PBM_ITERATIONCOUNT); - goto err; - } - - if (!ASN1_INTEGER_set(pbm->iterationCount, itercnt)) { - ERR_raise(ERR_LIB_CRMF, CRMF_R_CRMFERROR); - goto err; - } - - /* - * mac identifies the algorithm and associated parameters of the MAC - * function to be used. All implementations MUST support HMAC-SHA1 [HMAC]. - * All implementations SHOULD support DES-MAC and Triple-DES-MAC [PKCS11]. - */ - if (!X509_ALGOR_set0(pbm->mac, OBJ_nid2obj(macnid), V_ASN1_UNDEF, NULL)) { - ERR_raise(ERR_LIB_CRMF, CRMF_R_SETTING_MAC_ALGOR_FAILURE); - goto err; - } - - OPENSSL_free(salt); - return pbm; - err: - OPENSSL_free(salt); - OSSL_CRMF_PBMPARAMETER_free(pbm); - return NULL; -} - -/*- - * calculates the PBM based on the settings of the given OSSL_CRMF_PBMPARAMETER - * |pbmp| identifies the algorithms, salt to use - * |msg| message to apply the PBM for - * |msglen| length of the message - * |sec| key to use - * |seclen| length of the key - * |out| pointer to the computed mac, will be set on success - * |outlen| if not NULL, will set variable to the length of the mac on success - * returns 1 on success, 0 on error - */ -int OSSL_CRMF_pbm_new(OSSL_LIB_CTX *libctx, const char *propq, - const OSSL_CRMF_PBMPARAMETER *pbmp, - const unsigned char *msg, size_t msglen, - const unsigned char *sec, size_t seclen, - unsigned char **out, size_t *outlen) -{ - int mac_nid, hmac_md_nid = NID_undef; - char mdname[OSSL_MAX_NAME_SIZE]; - char hmac_mdname[OSSL_MAX_NAME_SIZE]; - EVP_MD *owf = NULL; - EVP_MD_CTX *ctx = NULL; - unsigned char basekey[EVP_MAX_MD_SIZE]; - unsigned int bklen = EVP_MAX_MD_SIZE; - int64_t iterations; - unsigned char *mac_res = 0; - int ok = 0; - - if (out == NULL || pbmp == NULL || pbmp->mac == NULL - || pbmp->mac->algorithm == NULL || msg == NULL || sec == NULL) { - ERR_raise(ERR_LIB_CRMF, CRMF_R_NULL_ARGUMENT); - goto err; - } - if ((mac_res = OPENSSL_malloc(EVP_MAX_MD_SIZE)) == NULL) - goto err; - - /* - * owf identifies the hash algorithm and associated parameters used to - * compute the key used in the MAC process. All implementations MUST - * support SHA-1. - */ - OBJ_obj2txt(mdname, sizeof(mdname), pbmp->owf->algorithm, 0); - if ((owf = EVP_MD_fetch(libctx, mdname, propq)) == NULL) { - ERR_raise(ERR_LIB_CRMF, CRMF_R_UNSUPPORTED_ALGORITHM); - goto err; - } - - if ((ctx = EVP_MD_CTX_new()) == NULL) - goto err; - - /* compute the basekey of the salted secret */ - if (!EVP_DigestInit_ex(ctx, owf, NULL)) - goto err; - /* first the secret */ - if (!EVP_DigestUpdate(ctx, sec, seclen)) - goto err; - /* then the salt */ - if (!EVP_DigestUpdate(ctx, pbmp->salt->data, pbmp->salt->length)) - goto err; - if (!EVP_DigestFinal_ex(ctx, basekey, &bklen)) - goto err; - if (!ASN1_INTEGER_get_int64(&iterations, pbmp->iterationCount) - || iterations < 100 /* min from RFC */ - || iterations > OSSL_CRMF_PBM_MAX_ITERATION_COUNT) { - ERR_raise(ERR_LIB_CRMF, CRMF_R_BAD_PBM_ITERATIONCOUNT); - goto err; - } - - /* the first iteration was already done above */ - while (--iterations > 0) { - if (!EVP_DigestInit_ex(ctx, owf, NULL)) - goto err; - if (!EVP_DigestUpdate(ctx, basekey, bklen)) - goto err; - if (!EVP_DigestFinal_ex(ctx, basekey, &bklen)) - goto err; - } - - /* - * mac identifies the algorithm and associated parameters of the MAC - * function to be used. All implementations MUST support HMAC-SHA1 [HMAC]. - * All implementations SHOULD support DES-MAC and Triple-DES-MAC [PKCS11]. - */ - mac_nid = OBJ_obj2nid(pbmp->mac->algorithm); - - if (!EVP_PBE_find(EVP_PBE_TYPE_PRF, mac_nid, NULL, &hmac_md_nid, NULL) - || OBJ_obj2txt(hmac_mdname, sizeof(hmac_mdname), - OBJ_nid2obj(hmac_md_nid), 0) <= 0) { - ERR_raise(ERR_LIB_CRMF, CRMF_R_UNSUPPORTED_ALGORITHM); - goto err; - } - if (EVP_Q_mac(libctx, "HMAC", propq, hmac_mdname, NULL, basekey, bklen, - msg, msglen, mac_res, EVP_MAX_MD_SIZE, outlen) == NULL) - goto err; - - ok = 1; - - err: - OPENSSL_cleanse(basekey, bklen); - EVP_MD_free(owf); - EVP_MD_CTX_free(ctx); - - if (ok == 1) { - *out = mac_res; - return 1; - } - - OPENSSL_free(mac_res); - - if (pbmp != NULL && pbmp->mac != NULL) { - char buf[128]; - - if (OBJ_obj2txt(buf, sizeof(buf), pbmp->mac->algorithm, 0)) - ERR_add_error_data(1, buf); - } - return 0; -} diff --git a/crypto/cryptlib.c b/crypto/cryptlib.c deleted file mode 100644 index 6e73b8352caceb18f5d0ded0667cde51cb3ea3de..0000000000000000000000000000000000000000 --- a/crypto/cryptlib.c +++ /dev/null @@ -1,282 +0,0 @@ -/* - * Copyright 1998-2021 The OpenSSL Project Authors. All Rights Reserved. - * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include "e_os.h" -#include "crypto/cryptlib.h" -#include - -#if defined(_WIN32) -# include -# include -# ifdef __WATCOMC__ -# if defined(_UNICODE) || defined(__UNICODE__) -# define _vsntprintf _vsnwprintf -# else -# define _vsntprintf _vsnprintf -# endif -# endif -# ifdef _MSC_VER -# define alloca _alloca -# endif - -# if defined(_WIN32_WINNT) && _WIN32_WINNT>=0x0333 -# ifdef OPENSSL_SYS_WIN_CORE - -int OPENSSL_isservice(void) -{ - /* OneCore API cannot interact with GUI */ - return 1; -} -# else -int OPENSSL_isservice(void) -{ - HWINSTA h; - DWORD len; - WCHAR *name; - static union { - void *p; - FARPROC f; - } _OPENSSL_isservice = { - NULL - }; - - if (_OPENSSL_isservice.p == NULL) { - HANDLE mod = GetModuleHandle(NULL); - FARPROC f = NULL; - - if (mod != NULL) - f = GetProcAddress(mod, "_OPENSSL_isservice"); - if (f == NULL) - _OPENSSL_isservice.p = (void *)-1; - else - _OPENSSL_isservice.f = f; - } - - if (_OPENSSL_isservice.p != (void *)-1) - return (*_OPENSSL_isservice.f) (); - - h = GetProcessWindowStation(); - if (h == NULL) - return -1; - - if (GetUserObjectInformationW(h, UOI_NAME, NULL, 0, &len) || - GetLastError() != ERROR_INSUFFICIENT_BUFFER) - return -1; - - if (len > 512) - return -1; /* paranoia */ - len++, len &= ~1; /* paranoia */ - name = (WCHAR *)alloca(len + sizeof(WCHAR)); - if (!GetUserObjectInformationW(h, UOI_NAME, name, len, &len)) - return -1; - - len++, len &= ~1; /* paranoia */ - name[len / sizeof(WCHAR)] = L'\0'; /* paranoia */ -# if 1 - /* - * This doesn't cover "interactive" services [working with real - * WinSta0's] nor programs started non-interactively by Task Scheduler - * [those are working with SAWinSta]. - */ - if (wcsstr(name, L"Service-0x")) - return 1; -# else - /* This covers all non-interactive programs such as services. */ - if (!wcsstr(name, L"WinSta0")) - return 1; -# endif - else - return 0; -} -# endif -# else -int OPENSSL_isservice(void) -{ - return 0; -} -# endif - -void OPENSSL_showfatal(const char *fmta, ...) -{ - va_list ap; - TCHAR buf[256]; - const TCHAR *fmt; - /* - * First check if it's a console application, in which case the - * error message would be printed to standard error. - * Windows CE does not have a concept of a console application, - * so we need to guard the check. - */ -# ifdef STD_ERROR_HANDLE - HANDLE h; - - if ((h = GetStdHandle(STD_ERROR_HANDLE)) != NULL && - GetFileType(h) != FILE_TYPE_UNKNOWN) { - /* must be console application */ - int len; - DWORD out; - - va_start(ap, fmta); - len = _vsnprintf((char *)buf, sizeof(buf), fmta, ap); - WriteFile(h, buf, len < 0 ? sizeof(buf) : (DWORD) len, &out, NULL); - va_end(ap); - return; - } -# endif - - if (sizeof(TCHAR) == sizeof(char)) - fmt = (const TCHAR *)fmta; - else - do { - int keepgoing; - size_t len_0 = strlen(fmta) + 1, i; - WCHAR *fmtw; - - fmtw = (WCHAR *)alloca(len_0 * sizeof(WCHAR)); - if (fmtw == NULL) { - fmt = (const TCHAR *)L"no stack?"; - break; - } - if (!MultiByteToWideChar(CP_ACP, 0, fmta, len_0, fmtw, len_0)) - for (i = 0; i < len_0; i++) - fmtw[i] = (WCHAR)fmta[i]; - for (i = 0; i < len_0; i++) { - if (fmtw[i] == L'%') - do { - keepgoing = 0; - switch (fmtw[i + 1]) { - case L'0': - case L'1': - case L'2': - case L'3': - case L'4': - case L'5': - case L'6': - case L'7': - case L'8': - case L'9': - case L'.': - case L'*': - case L'-': - i++; - keepgoing = 1; - break; - case L's': - fmtw[i + 1] = L'S'; - break; - case L'S': - fmtw[i + 1] = L's'; - break; - case L'c': - fmtw[i + 1] = L'C'; - break; - case L'C': - fmtw[i + 1] = L'c'; - break; - } - } while (keepgoing); - } - fmt = (const TCHAR *)fmtw; - } while (0); - - va_start(ap, fmta); - _vsntprintf(buf, OSSL_NELEM(buf) - 1, fmt, ap); - buf[OSSL_NELEM(buf) - 1] = _T('\0'); - va_end(ap); - -# if defined(_WIN32_WINNT) && _WIN32_WINNT>=0x0333 -# ifdef OPENSSL_SYS_WIN_CORE - /* ONECORE is always NONGUI and NT >= 0x0601 */ -# if !defined(NDEBUG) - /* - * We are in a situation where we tried to report a critical - * error and this failed for some reason. As a last resort, - * in debug builds, send output to the debugger or any other - * tool like DebugView which can monitor the output. - */ - OutputDebugString(buf); -# endif -# else - /* this -------------v--- guards NT-specific calls */ - if (check_winnt() && OPENSSL_isservice() > 0) { - HANDLE hEventLog = RegisterEventSource(NULL, _T("OpenSSL")); - - if (hEventLog != NULL) { - const TCHAR *pmsg = buf; - - if (!ReportEvent(hEventLog, EVENTLOG_ERROR_TYPE, 0, 0, NULL, - 1, 0, &pmsg, NULL)) { -# if !defined(NDEBUG) - /* - * We are in a situation where we tried to report a critical - * error and this failed for some reason. As a last resort, - * in debug builds, send output to the debugger or any other - * tool like DebugView which can monitor the output. - */ - OutputDebugString(pmsg); -# endif - } - - (void)DeregisterEventSource(hEventLog); - } - } else { - MessageBox(NULL, buf, _T("OpenSSL: FATAL"), MB_OK | MB_ICONERROR); - } -# endif -# else - MessageBox(NULL, buf, _T("OpenSSL: FATAL"), MB_OK | MB_ICONERROR); -# endif -} -#else -void OPENSSL_showfatal(const char *fmta, ...) -{ -#ifndef OPENSSL_NO_STDIO - va_list ap; - - va_start(ap, fmta); - vfprintf(stderr, fmta, ap); - va_end(ap); -#endif -} - -int OPENSSL_isservice(void) -{ - return 0; -} -#endif - -void OPENSSL_die(const char *message, const char *file, int line) -{ - OPENSSL_showfatal("%s:%d: OpenSSL internal error: %s\n", - file, line, message); -#if !defined(_WIN32) - abort(); -#else - /* - * Win32 abort() customarily shows a dialog, but we just did that... - */ -# if !defined(_WIN32_WCE) - raise(SIGABRT); -# endif - _exit(3); -#endif -} - -#if defined(__TANDEM) && defined(OPENSSL_VPROC) -/* - * Define a VPROC function for HP NonStop build crypto library. - * This is used by platform version identification tools. - * Do not inline this procedure or make it static. - */ -# define OPENSSL_VPROC_STRING_(x) x##_CRYPTO -# define OPENSSL_VPROC_STRING(x) OPENSSL_VPROC_STRING_(x) -# define OPENSSL_VPROC_FUNC OPENSSL_VPROC_STRING(OPENSSL_VPROC) -void OPENSSL_VPROC_FUNC(void) {} -#endif /* __TANDEM */ diff --git a/crypto/ct/ct_b64.c b/crypto/ct/ct_b64.c deleted file mode 100644 index d3f783962aecfc967d83a6e06e3b9f77fc1e4471..0000000000000000000000000000000000000000 --- a/crypto/ct/ct_b64.c +++ /dev/null @@ -1,176 +0,0 @@ -/* - * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include - -#include -#include -#include - -#include "ct_local.h" - -/* - * Decodes the base64 string |in| into |out|. - * A new string will be malloc'd and assigned to |out|. This will be owned by - * the caller. Do not provide a pre-allocated string in |out|. - */ -static int ct_base64_decode(const char *in, unsigned char **out) -{ - size_t inlen = strlen(in); - int outlen, i; - unsigned char *outbuf = NULL; - - if (inlen == 0) { - *out = NULL; - return 0; - } - - outlen = (inlen / 4) * 3; - outbuf = OPENSSL_malloc(outlen); - if (outbuf == NULL) { - ERR_raise(ERR_LIB_CT, ERR_R_MALLOC_FAILURE); - goto err; - } - - outlen = EVP_DecodeBlock(outbuf, (unsigned char *)in, inlen); - if (outlen < 0) { - ERR_raise(ERR_LIB_CT, CT_R_BASE64_DECODE_ERROR); - goto err; - } - - /* Subtract padding bytes from |outlen|. Any more than 2 is malformed. */ - i = 0; - while (in[--inlen] == '=') { - --outlen; - if (++i > 2) - goto err; - } - - *out = outbuf; - return outlen; -err: - OPENSSL_free(outbuf); - return -1; -} - -SCT *SCT_new_from_base64(unsigned char version, const char *logid_base64, - ct_log_entry_type_t entry_type, uint64_t timestamp, - const char *extensions_base64, - const char *signature_base64) -{ - SCT *sct = SCT_new(); - unsigned char *dec = NULL; - const unsigned char* p = NULL; - int declen; - - if (sct == NULL) { - ERR_raise(ERR_LIB_CT, ERR_R_MALLOC_FAILURE); - return NULL; - } - - /* - * RFC6962 section 4.1 says we "MUST NOT expect this to be 0", but we - * can only construct SCT versions that have been defined. - */ - if (!SCT_set_version(sct, version)) { - ERR_raise(ERR_LIB_CT, CT_R_SCT_UNSUPPORTED_VERSION); - goto err; - } - - declen = ct_base64_decode(logid_base64, &dec); - if (declen < 0) { - ERR_raise(ERR_LIB_CT, X509_R_BASE64_DECODE_ERROR); - goto err; - } - if (!SCT_set0_log_id(sct, dec, declen)) - goto err; - dec = NULL; - - declen = ct_base64_decode(extensions_base64, &dec); - if (declen < 0) { - ERR_raise(ERR_LIB_CT, X509_R_BASE64_DECODE_ERROR); - goto err; - } - SCT_set0_extensions(sct, dec, declen); - dec = NULL; - - declen = ct_base64_decode(signature_base64, &dec); - if (declen < 0) { - ERR_raise(ERR_LIB_CT, X509_R_BASE64_DECODE_ERROR); - goto err; - } - - p = dec; - if (o2i_SCT_signature(sct, &p, declen) <= 0) - goto err; - OPENSSL_free(dec); - dec = NULL; - - SCT_set_timestamp(sct, timestamp); - - if (!SCT_set_log_entry_type(sct, entry_type)) - goto err; - - return sct; - - err: - OPENSSL_free(dec); - SCT_free(sct); - return NULL; -} - -/* - * Allocate, build and returns a new |ct_log| from input |pkey_base64| - * It returns 1 on success, - * 0 on decoding failure, or invalid parameter if any - * -1 on internal (malloc) failure - */ -int CTLOG_new_from_base64_ex(CTLOG **ct_log, const char *pkey_base64, - const char *name, OSSL_LIB_CTX *libctx, - const char *propq) -{ - unsigned char *pkey_der = NULL; - int pkey_der_len; - const unsigned char *p; - EVP_PKEY *pkey = NULL; - - if (ct_log == NULL) { - ERR_raise(ERR_LIB_CT, ERR_R_PASSED_INVALID_ARGUMENT); - return 0; - } - - pkey_der_len = ct_base64_decode(pkey_base64, &pkey_der); - if (pkey_der_len < 0) { - ERR_raise(ERR_LIB_CT, CT_R_LOG_CONF_INVALID_KEY); - return 0; - } - - p = pkey_der; - pkey = d2i_PUBKEY_ex(NULL, &p, pkey_der_len, libctx, propq); - OPENSSL_free(pkey_der); - if (pkey == NULL) { - ERR_raise(ERR_LIB_CT, CT_R_LOG_CONF_INVALID_KEY); - return 0; - } - - *ct_log = CTLOG_new_ex(pkey, name, libctx, propq); - if (*ct_log == NULL) { - EVP_PKEY_free(pkey); - return 0; - } - - return 1; -} - -int CTLOG_new_from_base64(CTLOG **ct_log, const char *pkey_base64, - const char *name) -{ - return CTLOG_new_from_base64_ex(ct_log, pkey_base64, name, NULL, NULL); -} diff --git a/crypto/ct/ct_err.c b/crypto/ct/ct_err.c deleted file mode 100644 index c4dd05119ebabd9c0d5d8fe3e16827390633d527..0000000000000000000000000000000000000000 --- a/crypto/ct/ct_err.c +++ /dev/null @@ -1,61 +0,0 @@ -/* - * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include "crypto/cterr.h" - -#ifndef OPENSSL_NO_CT - -# ifndef OPENSSL_NO_ERR - -static const ERR_STRING_DATA CT_str_reasons[] = { - {ERR_PACK(ERR_LIB_CT, 0, CT_R_BASE64_DECODE_ERROR), "base64 decode error"}, - {ERR_PACK(ERR_LIB_CT, 0, CT_R_INVALID_LOG_ID_LENGTH), - "invalid log id length"}, - {ERR_PACK(ERR_LIB_CT, 0, CT_R_LOG_CONF_INVALID), "log conf invalid"}, - {ERR_PACK(ERR_LIB_CT, 0, CT_R_LOG_CONF_INVALID_KEY), - "log conf invalid key"}, - {ERR_PACK(ERR_LIB_CT, 0, CT_R_LOG_CONF_MISSING_DESCRIPTION), - "log conf missing description"}, - {ERR_PACK(ERR_LIB_CT, 0, CT_R_LOG_CONF_MISSING_KEY), - "log conf missing key"}, - {ERR_PACK(ERR_LIB_CT, 0, CT_R_LOG_KEY_INVALID), "log key invalid"}, - {ERR_PACK(ERR_LIB_CT, 0, CT_R_SCT_FUTURE_TIMESTAMP), - "sct future timestamp"}, - {ERR_PACK(ERR_LIB_CT, 0, CT_R_SCT_INVALID), "sct invalid"}, - {ERR_PACK(ERR_LIB_CT, 0, CT_R_SCT_INVALID_SIGNATURE), - "sct invalid signature"}, - {ERR_PACK(ERR_LIB_CT, 0, CT_R_SCT_LIST_INVALID), "sct list invalid"}, - {ERR_PACK(ERR_LIB_CT, 0, CT_R_SCT_LOG_ID_MISMATCH), "sct log id mismatch"}, - {ERR_PACK(ERR_LIB_CT, 0, CT_R_SCT_NOT_SET), "sct not set"}, - {ERR_PACK(ERR_LIB_CT, 0, CT_R_SCT_UNSUPPORTED_VERSION), - "sct unsupported version"}, - {ERR_PACK(ERR_LIB_CT, 0, CT_R_UNRECOGNIZED_SIGNATURE_NID), - "unrecognized signature nid"}, - {ERR_PACK(ERR_LIB_CT, 0, CT_R_UNSUPPORTED_ENTRY_TYPE), - "unsupported entry type"}, - {ERR_PACK(ERR_LIB_CT, 0, CT_R_UNSUPPORTED_VERSION), "unsupported version"}, - {0, NULL} -}; - -# endif - -int ossl_err_load_CT_strings(void) -{ -# ifndef OPENSSL_NO_ERR - if (ERR_reason_error_string(CT_str_reasons[0].error) == NULL) - ERR_load_strings_const(CT_str_reasons); -# endif - return 1; -} -#else -NON_EMPTY_TRANSLATION_UNIT -#endif diff --git a/crypto/ct/ct_local.h b/crypto/ct/ct_local.h deleted file mode 100644 index e5614ddf5eb4a50e60a4690a8e9a02b994027398..0000000000000000000000000000000000000000 --- a/crypto/ct/ct_local.h +++ /dev/null @@ -1,217 +0,0 @@ -/* - * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include -#include -#include - -/* - * From RFC6962: opaque SerializedSCT<1..2^16-1>; struct { SerializedSCT - * sct_list <1..2^16-1>; } SignedCertificateTimestampList; - */ -# define MAX_SCT_SIZE 65535 -# define MAX_SCT_LIST_SIZE MAX_SCT_SIZE - -/* - * Macros to read and write integers in network-byte order. - */ - -#define n2s(c,s) ((s=(((unsigned int)((c)[0]))<< 8)| \ - (((unsigned int)((c)[1])) )),c+=2) - -#define s2n(s,c) ((c[0]=(unsigned char)(((s)>> 8)&0xff), \ - c[1]=(unsigned char)(((s) )&0xff)),c+=2) - -#define l2n3(l,c) ((c[0]=(unsigned char)(((l)>>16)&0xff), \ - c[1]=(unsigned char)(((l)>> 8)&0xff), \ - c[2]=(unsigned char)(((l) )&0xff)),c+=3) - -#define n2l8(c,l) (l =((uint64_t)(*((c)++)))<<56, \ - l|=((uint64_t)(*((c)++)))<<48, \ - l|=((uint64_t)(*((c)++)))<<40, \ - l|=((uint64_t)(*((c)++)))<<32, \ - l|=((uint64_t)(*((c)++)))<<24, \ - l|=((uint64_t)(*((c)++)))<<16, \ - l|=((uint64_t)(*((c)++)))<< 8, \ - l|=((uint64_t)(*((c)++)))) - -#define l2n8(l,c) (*((c)++)=(unsigned char)(((l)>>56)&0xff), \ - *((c)++)=(unsigned char)(((l)>>48)&0xff), \ - *((c)++)=(unsigned char)(((l)>>40)&0xff), \ - *((c)++)=(unsigned char)(((l)>>32)&0xff), \ - *((c)++)=(unsigned char)(((l)>>24)&0xff), \ - *((c)++)=(unsigned char)(((l)>>16)&0xff), \ - *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ - *((c)++)=(unsigned char)(((l) )&0xff)) - -/* Signed Certificate Timestamp */ -struct sct_st { - sct_version_t version; - /* If version is not SCT_VERSION_V1, this contains the encoded SCT */ - unsigned char *sct; - size_t sct_len; - /* If version is SCT_VERSION_V1, fields below contain components of the SCT */ - unsigned char *log_id; - size_t log_id_len; - /* - * Note, we cannot distinguish between an unset timestamp, and one - * that is set to 0. However since CT didn't exist in 1970, no real - * SCT should ever be set as such. - */ - uint64_t timestamp; - unsigned char *ext; - size_t ext_len; - unsigned char hash_alg; - unsigned char sig_alg; - unsigned char *sig; - size_t sig_len; - /* Log entry type */ - ct_log_entry_type_t entry_type; - /* Where this SCT was found, e.g. certificate, OCSP response, etc. */ - sct_source_t source; - /* The result of the last attempt to validate this SCT. */ - sct_validation_status_t validation_status; -}; - -/* Miscellaneous data that is useful when verifying an SCT */ -struct sct_ctx_st { - /* Public key */ - EVP_PKEY *pkey; - /* Hash of public key */ - unsigned char *pkeyhash; - size_t pkeyhashlen; - /* For pre-certificate: issuer public key hash */ - unsigned char *ihash; - size_t ihashlen; - /* certificate encoding */ - unsigned char *certder; - size_t certderlen; - /* pre-certificate encoding */ - unsigned char *preder; - size_t prederlen; - /* milliseconds since epoch (to check that the SCT isn't from the future) */ - uint64_t epoch_time_in_ms; - - OSSL_LIB_CTX *libctx; - char *propq; -}; - -/* Context when evaluating whether a Certificate Transparency policy is met */ -struct ct_policy_eval_ctx_st { - X509 *cert; - X509 *issuer; - CTLOG_STORE *log_store; - /* milliseconds since epoch (to check that SCTs aren't from the future) */ - uint64_t epoch_time_in_ms; - - OSSL_LIB_CTX *libctx; - char *propq; -}; - -/* - * Creates a new context for verifying an SCT. - */ -SCT_CTX *SCT_CTX_new(OSSL_LIB_CTX *ctx, const char *propq); -/* - * Deletes an SCT verification context. - */ -void SCT_CTX_free(SCT_CTX *sctx); - -/* - * Sets the certificate that the SCT was created for. - * If *cert does not have a poison extension, presigner must be NULL. - * If *cert does not have a poison extension, it may have a single SCT - * (NID_ct_precert_scts) extension. - * If either *cert or *presigner have an AKID (NID_authority_key_identifier) - * extension, both must have one. - * Returns 1 on success, 0 on failure. - */ -__owur int SCT_CTX_set1_cert(SCT_CTX *sctx, X509 *cert, X509 *presigner); - -/* - * Sets the issuer of the certificate that the SCT was created for. - * This is just a convenience method to save extracting the public key and - * calling SCT_CTX_set1_issuer_pubkey(). - * Issuer must not be NULL. - * Returns 1 on success, 0 on failure. - */ -__owur int SCT_CTX_set1_issuer(SCT_CTX *sctx, const X509 *issuer); - -/* - * Sets the public key of the issuer of the certificate that the SCT was created - * for. - * The public key must not be NULL. - * Returns 1 on success, 0 on failure. - */ -__owur int SCT_CTX_set1_issuer_pubkey(SCT_CTX *sctx, X509_PUBKEY *pubkey); - -/* - * Sets the public key of the CT log that the SCT is from. - * Returns 1 on success, 0 on failure. - */ -__owur int SCT_CTX_set1_pubkey(SCT_CTX *sctx, X509_PUBKEY *pubkey); - -/* - * Sets the time to evaluate the SCT against, in milliseconds since the Unix - * epoch. If the SCT's timestamp is after this time, it will be interpreted as - * having been issued in the future. RFC6962 states that "TLS clients MUST - * reject SCTs whose timestamp is in the future", so an SCT will not validate - * in this case. - */ -void SCT_CTX_set_time(SCT_CTX *sctx, uint64_t time_in_ms); - -/* - * Verifies an SCT with the given context. - * Returns 1 if the SCT verifies successfully; any other value indicates - * failure. See EVP_DigestVerifyFinal() for the meaning of those values. - */ -__owur int SCT_CTX_verify(const SCT_CTX *sctx, const SCT *sct); - -/* - * Does this SCT have the minimum fields populated to be usable? - * Returns 1 if so, 0 otherwise. - */ -__owur int SCT_is_complete(const SCT *sct); - -/* - * Does this SCT have the signature-related fields populated? - * Returns 1 if so, 0 otherwise. - * This checks that the signature and hash algorithms are set to supported - * values and that the signature field is set. - */ -__owur int SCT_signature_is_complete(const SCT *sct); - -/* -* Serialize (to TLS format) an |sct| signature and write it to |out|. -* If |out| is null, no signature will be output but the length will be returned. -* If |out| points to a null pointer, a string will be allocated to hold the -* TLS-format signature. It is the responsibility of the caller to free it. -* If |out| points to an allocated string, the signature will be written to it. -* The length of the signature in TLS format will be returned. -*/ -__owur int i2o_SCT_signature(const SCT *sct, unsigned char **out); - -/* -* Parses an SCT signature in TLS format and populates the |sct| with it. -* |in| should be a pointer to a string containing the TLS-format signature. -* |in| will be advanced to the end of the signature if parsing succeeds. -* |len| should be the length of the signature in |in|. -* Returns the number of bytes parsed, or a negative integer if an error occurs. -* If an error occurs, the SCT's signature NID may be updated whilst the -* signature field itself remains unset. -*/ -__owur int o2i_SCT_signature(SCT *sct, const unsigned char **in, size_t len); - -/* - * Handlers for Certificate Transparency X509v3/OCSP extensions - */ -extern const X509V3_EXT_METHOD ossl_v3_ct_scts[3]; diff --git a/crypto/ct/ct_log.c b/crypto/ct/ct_log.c deleted file mode 100644 index d19dda2cd2f2a28d061f6ca2035fc572650932b6..0000000000000000000000000000000000000000 --- a/crypto/ct/ct_log.c +++ /dev/null @@ -1,352 +0,0 @@ -/* - * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include - -#include -#include -#include -#include -#include - -#include "internal/cryptlib.h" - -/* - * Information about a CT log server. - */ -struct ctlog_st { - OSSL_LIB_CTX *libctx; - char *propq; - char *name; - uint8_t log_id[CT_V1_HASHLEN]; - EVP_PKEY *public_key; -}; - -/* - * A store for multiple CTLOG instances. - * It takes ownership of any CTLOG instances added to it. - */ -struct ctlog_store_st { - OSSL_LIB_CTX *libctx; - char *propq; - STACK_OF(CTLOG) *logs; -}; - -/* The context when loading a CT log list from a CONF file. */ -typedef struct ctlog_store_load_ctx_st { - CTLOG_STORE *log_store; - CONF *conf; - size_t invalid_log_entries; -} CTLOG_STORE_LOAD_CTX; - -/* - * Creates an empty context for loading a CT log store. - * It should be populated before use. - */ -static CTLOG_STORE_LOAD_CTX *ctlog_store_load_ctx_new(void); - -/* - * Deletes a CT log store load context. - * Does not delete any of the fields. - */ -static void ctlog_store_load_ctx_free(CTLOG_STORE_LOAD_CTX* ctx); - -static CTLOG_STORE_LOAD_CTX *ctlog_store_load_ctx_new(void) -{ - CTLOG_STORE_LOAD_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx)); - - if (ctx == NULL) - ERR_raise(ERR_LIB_CT, ERR_R_MALLOC_FAILURE); - - return ctx; -} - -static void ctlog_store_load_ctx_free(CTLOG_STORE_LOAD_CTX* ctx) -{ - OPENSSL_free(ctx); -} - -/* Converts a log's public key into a SHA256 log ID */ -static int ct_v1_log_id_from_pkey(CTLOG *log, EVP_PKEY *pkey) -{ - int ret = 0; - unsigned char *pkey_der = NULL; - int pkey_der_len = i2d_PUBKEY(pkey, &pkey_der); - unsigned int len; - EVP_MD *sha256 = NULL; - - if (pkey_der_len <= 0) { - ERR_raise(ERR_LIB_CT, CT_R_LOG_KEY_INVALID); - goto err; - } - sha256 = EVP_MD_fetch(log->libctx, "SHA2-256", log->propq); - if (sha256 == NULL) { - ERR_raise(ERR_LIB_CT, ERR_R_EVP_LIB); - goto err; - } - - ret = EVP_Digest(pkey_der, pkey_der_len, log->log_id, &len, sha256, - NULL); -err: - EVP_MD_free(sha256); - OPENSSL_free(pkey_der); - return ret; -} - -CTLOG_STORE *CTLOG_STORE_new_ex(OSSL_LIB_CTX *libctx, const char *propq) -{ - CTLOG_STORE *ret = OPENSSL_zalloc(sizeof(*ret)); - - if (ret == NULL) { - ERR_raise(ERR_LIB_CT, ERR_R_MALLOC_FAILURE); - return NULL; - } - - ret->libctx = libctx; - if (propq != NULL) { - ret->propq = OPENSSL_strdup(propq); - if (ret->propq == NULL) { - ERR_raise(ERR_LIB_CT, ERR_R_MALLOC_FAILURE); - goto err; - } - } - - ret->logs = sk_CTLOG_new_null(); - if (ret->logs == NULL) { - ERR_raise(ERR_LIB_CT, ERR_R_MALLOC_FAILURE); - goto err; - } - - return ret; -err: - CTLOG_STORE_free(ret); - return NULL; -} - -CTLOG_STORE *CTLOG_STORE_new(void) -{ - return CTLOG_STORE_new_ex(NULL, NULL); -} - -void CTLOG_STORE_free(CTLOG_STORE *store) -{ - if (store != NULL) { - OPENSSL_free(store->propq); - sk_CTLOG_pop_free(store->logs, CTLOG_free); - OPENSSL_free(store); - } -} - -static int ctlog_new_from_conf(CTLOG_STORE *store, CTLOG **ct_log, - const CONF *conf, const char *section) -{ - const char *description = NCONF_get_string(conf, section, "description"); - char *pkey_base64; - - if (description == NULL) { - ERR_raise(ERR_LIB_CT, CT_R_LOG_CONF_MISSING_DESCRIPTION); - return 0; - } - - pkey_base64 = NCONF_get_string(conf, section, "key"); - if (pkey_base64 == NULL) { - ERR_raise(ERR_LIB_CT, CT_R_LOG_CONF_MISSING_KEY); - return 0; - } - - return CTLOG_new_from_base64_ex(ct_log, pkey_base64, description, - store->libctx, store->propq); -} - -int CTLOG_STORE_load_default_file(CTLOG_STORE *store) -{ - const char *fpath = ossl_safe_getenv(CTLOG_FILE_EVP); - - if (fpath == NULL) - fpath = CTLOG_FILE; - - return CTLOG_STORE_load_file(store, fpath); -} - -/* - * Called by CONF_parse_list, which stops if this returns <= 0, - * Otherwise, one bad log entry would stop loading of any of - * the following log entries. - * It may stop parsing and returns -1 on any internal (malloc) error. - */ -static int ctlog_store_load_log(const char *log_name, int log_name_len, - void *arg) -{ - CTLOG_STORE_LOAD_CTX *load_ctx = arg; - CTLOG *ct_log = NULL; - /* log_name may not be null-terminated, so fix that before using it */ - char *tmp; - int ret = 0; - - /* log_name will be NULL for empty list entries */ - if (log_name == NULL) - return 1; - - tmp = OPENSSL_strndup(log_name, log_name_len); - if (tmp == NULL) - goto mem_err; - - ret = ctlog_new_from_conf(load_ctx->log_store, &ct_log, load_ctx->conf, tmp); - OPENSSL_free(tmp); - - if (ret < 0) { - /* Propagate any internal error */ - return ret; - } - if (ret == 0) { - /* If we can't load this log, record that fact and skip it */ - ++load_ctx->invalid_log_entries; - return 1; - } - - if (!sk_CTLOG_push(load_ctx->log_store->logs, ct_log)) { - goto mem_err; - } - return 1; - -mem_err: - CTLOG_free(ct_log); - ERR_raise(ERR_LIB_CT, ERR_R_MALLOC_FAILURE); - return -1; -} - -int CTLOG_STORE_load_file(CTLOG_STORE *store, const char *file) -{ - int ret = 0; - char *enabled_logs; - CTLOG_STORE_LOAD_CTX* load_ctx = ctlog_store_load_ctx_new(); - - if (load_ctx == NULL) - return 0; - load_ctx->log_store = store; - load_ctx->conf = NCONF_new(NULL); - if (load_ctx->conf == NULL) - goto end; - - if (NCONF_load(load_ctx->conf, file, NULL) <= 0) { - ERR_raise(ERR_LIB_CT, CT_R_LOG_CONF_INVALID); - goto end; - } - - enabled_logs = NCONF_get_string(load_ctx->conf, NULL, "enabled_logs"); - if (enabled_logs == NULL) { - ERR_raise(ERR_LIB_CT, CT_R_LOG_CONF_INVALID); - goto end; - } - - if (!CONF_parse_list(enabled_logs, ',', 1, ctlog_store_load_log, load_ctx) || - load_ctx->invalid_log_entries > 0) { - ERR_raise(ERR_LIB_CT, CT_R_LOG_CONF_INVALID); - goto end; - } - - ret = 1; -end: - NCONF_free(load_ctx->conf); - ctlog_store_load_ctx_free(load_ctx); - return ret; -} - -/* - * Initialize a new CTLOG object. - * Takes ownership of the public key. - * Copies the name. - */ -CTLOG *CTLOG_new_ex(EVP_PKEY *public_key, const char *name, OSSL_LIB_CTX *libctx, - const char *propq) -{ - CTLOG *ret = OPENSSL_zalloc(sizeof(*ret)); - - if (ret == NULL) { - ERR_raise(ERR_LIB_CT, ERR_R_MALLOC_FAILURE); - return NULL; - } - - ret->libctx = libctx; - if (propq != NULL) { - ret->propq = OPENSSL_strdup(propq); - if (ret->propq == NULL) { - ERR_raise(ERR_LIB_CT, ERR_R_MALLOC_FAILURE); - goto err; - } - } - - ret->name = OPENSSL_strdup(name); - if (ret->name == NULL) { - ERR_raise(ERR_LIB_CT, ERR_R_MALLOC_FAILURE); - goto err; - } - - if (ct_v1_log_id_from_pkey(ret, public_key) != 1) - goto err; - - ret->public_key = public_key; - return ret; -err: - CTLOG_free(ret); - return NULL; -} - -CTLOG *CTLOG_new(EVP_PKEY *public_key, const char *name) -{ - return CTLOG_new_ex(public_key, name, NULL, NULL); -} - -/* Frees CT log and associated structures */ -void CTLOG_free(CTLOG *log) -{ - if (log != NULL) { - OPENSSL_free(log->name); - EVP_PKEY_free(log->public_key); - OPENSSL_free(log->propq); - OPENSSL_free(log); - } -} - -const char *CTLOG_get0_name(const CTLOG *log) -{ - return log->name; -} - -void CTLOG_get0_log_id(const CTLOG *log, const uint8_t **log_id, - size_t *log_id_len) -{ - *log_id = log->log_id; - *log_id_len = CT_V1_HASHLEN; -} - -EVP_PKEY *CTLOG_get0_public_key(const CTLOG *log) -{ - return log->public_key; -} - -/* - * Given a log ID, finds the matching log. - * Returns NULL if no match found. - */ -const CTLOG *CTLOG_STORE_get0_log_by_id(const CTLOG_STORE *store, - const uint8_t *log_id, - size_t log_id_len) -{ - int i; - - for (i = 0; i < sk_CTLOG_num(store->logs); ++i) { - const CTLOG *log = sk_CTLOG_value(store->logs, i); - if (memcmp(log->log_id, log_id, log_id_len) == 0) - return log; - } - - return NULL; -} diff --git a/crypto/ct/ct_oct.c b/crypto/ct/ct_oct.c deleted file mode 100644 index 72a43374797c8b915d00fb31794236e30afa32a6..0000000000000000000000000000000000000000 --- a/crypto/ct/ct_oct.c +++ /dev/null @@ -1,407 +0,0 @@ -/* - * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#ifdef OPENSSL_NO_CT -# error "CT is disabled" -#endif - -#include -#include - -#include -#include -#include -#include - -#include "ct_local.h" - -int o2i_SCT_signature(SCT *sct, const unsigned char **in, size_t len) -{ - size_t siglen; - size_t len_remaining = len; - const unsigned char *p; - - if (sct->version != SCT_VERSION_V1) { - ERR_raise(ERR_LIB_CT, CT_R_UNSUPPORTED_VERSION); - return -1; - } - /* - * digitally-signed struct header: (1 byte) Hash algorithm (1 byte) - * Signature algorithm (2 bytes + ?) Signature - * - * This explicitly rejects empty signatures: they're invalid for - * all supported algorithms. - */ - if (len <= 4) { - ERR_raise(ERR_LIB_CT, CT_R_SCT_INVALID_SIGNATURE); - return -1; - } - - p = *in; - /* Get hash and signature algorithm */ - sct->hash_alg = *p++; - sct->sig_alg = *p++; - if (SCT_get_signature_nid(sct) == NID_undef) { - ERR_raise(ERR_LIB_CT, CT_R_SCT_INVALID_SIGNATURE); - return -1; - } - /* Retrieve signature and check it is consistent with the buffer length */ - n2s(p, siglen); - len_remaining -= (p - *in); - if (siglen > len_remaining) { - ERR_raise(ERR_LIB_CT, CT_R_SCT_INVALID_SIGNATURE); - return -1; - } - - if (SCT_set1_signature(sct, p, siglen) != 1) - return -1; - len_remaining -= siglen; - *in = p + siglen; - - return len - len_remaining; -} - -SCT *o2i_SCT(SCT **psct, const unsigned char **in, size_t len) -{ - SCT *sct = NULL; - const unsigned char *p; - - if (len == 0 || len > MAX_SCT_SIZE) { - ERR_raise(ERR_LIB_CT, CT_R_SCT_INVALID); - goto err; - } - - if ((sct = SCT_new()) == NULL) - goto err; - - p = *in; - - sct->version = *p; - if (sct->version == SCT_VERSION_V1) { - int sig_len; - size_t len2; - /*- - * Fixed-length header: - * struct { - * Version sct_version; (1 byte) - * log_id id; (32 bytes) - * uint64 timestamp; (8 bytes) - * CtExtensions extensions; (2 bytes + ?) - * } - */ - if (len < 43) { - ERR_raise(ERR_LIB_CT, CT_R_SCT_INVALID); - goto err; - } - len -= 43; - p++; - sct->log_id = OPENSSL_memdup(p, CT_V1_HASHLEN); - if (sct->log_id == NULL) - goto err; - sct->log_id_len = CT_V1_HASHLEN; - p += CT_V1_HASHLEN; - - n2l8(p, sct->timestamp); - - n2s(p, len2); - if (len < len2) { - ERR_raise(ERR_LIB_CT, CT_R_SCT_INVALID); - goto err; - } - if (len2 > 0) { - sct->ext = OPENSSL_memdup(p, len2); - if (sct->ext == NULL) - goto err; - } - sct->ext_len = len2; - p += len2; - len -= len2; - - sig_len = o2i_SCT_signature(sct, &p, len); - if (sig_len <= 0) { - ERR_raise(ERR_LIB_CT, CT_R_SCT_INVALID); - goto err; - } - len -= sig_len; - *in = p + len; - } else { - /* If not V1 just cache encoding */ - sct->sct = OPENSSL_memdup(p, len); - if (sct->sct == NULL) - goto err; - sct->sct_len = len; - *in = p + len; - } - - if (psct != NULL) { - SCT_free(*psct); - *psct = sct; - } - - return sct; -err: - SCT_free(sct); - return NULL; -} - -int i2o_SCT_signature(const SCT *sct, unsigned char **out) -{ - size_t len; - unsigned char *p = NULL, *pstart = NULL; - - if (!SCT_signature_is_complete(sct)) { - ERR_raise(ERR_LIB_CT, CT_R_SCT_INVALID_SIGNATURE); - goto err; - } - - if (sct->version != SCT_VERSION_V1) { - ERR_raise(ERR_LIB_CT, CT_R_UNSUPPORTED_VERSION); - goto err; - } - - /* - * (1 byte) Hash algorithm - * (1 byte) Signature algorithm - * (2 bytes + ?) Signature - */ - len = 4 + sct->sig_len; - - if (out != NULL) { - if (*out != NULL) { - p = *out; - *out += len; - } else { - pstart = p = OPENSSL_malloc(len); - if (p == NULL) { - ERR_raise(ERR_LIB_CT, ERR_R_MALLOC_FAILURE); - goto err; - } - *out = p; - } - - *p++ = sct->hash_alg; - *p++ = sct->sig_alg; - s2n(sct->sig_len, p); - memcpy(p, sct->sig, sct->sig_len); - } - - return len; -err: - OPENSSL_free(pstart); - return -1; -} - -int i2o_SCT(const SCT *sct, unsigned char **out) -{ - size_t len; - unsigned char *p = NULL, *pstart = NULL; - - if (!SCT_is_complete(sct)) { - ERR_raise(ERR_LIB_CT, CT_R_SCT_NOT_SET); - goto err; - } - /* - * Fixed-length header: struct { (1 byte) Version sct_version; (32 bytes) - * log_id id; (8 bytes) uint64 timestamp; (2 bytes + ?) CtExtensions - * extensions; (1 byte) Hash algorithm (1 byte) Signature algorithm (2 - * bytes + ?) Signature - */ - if (sct->version == SCT_VERSION_V1) - len = 43 + sct->ext_len + 4 + sct->sig_len; - else - len = sct->sct_len; - - if (out == NULL) - return len; - - if (*out != NULL) { - p = *out; - *out += len; - } else { - pstart = p = OPENSSL_malloc(len); - if (p == NULL) { - ERR_raise(ERR_LIB_CT, ERR_R_MALLOC_FAILURE); - goto err; - } - *out = p; - } - - if (sct->version == SCT_VERSION_V1) { - *p++ = sct->version; - memcpy(p, sct->log_id, CT_V1_HASHLEN); - p += CT_V1_HASHLEN; - l2n8(sct->timestamp, p); - s2n(sct->ext_len, p); - if (sct->ext_len > 0) { - memcpy(p, sct->ext, sct->ext_len); - p += sct->ext_len; - } - if (i2o_SCT_signature(sct, &p) <= 0) - goto err; - } else { - memcpy(p, sct->sct, len); - } - - return len; -err: - OPENSSL_free(pstart); - return -1; -} - -STACK_OF(SCT) *o2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp, - size_t len) -{ - STACK_OF(SCT) *sk = NULL; - size_t list_len, sct_len; - - if (len < 2 || len > MAX_SCT_LIST_SIZE) { - ERR_raise(ERR_LIB_CT, CT_R_SCT_LIST_INVALID); - return NULL; - } - - n2s(*pp, list_len); - if (list_len != len - 2) { - ERR_raise(ERR_LIB_CT, CT_R_SCT_LIST_INVALID); - return NULL; - } - - if (a == NULL || *a == NULL) { - sk = sk_SCT_new_null(); - if (sk == NULL) - return NULL; - } else { - SCT *sct; - - /* Use the given stack, but empty it first. */ - sk = *a; - while ((sct = sk_SCT_pop(sk)) != NULL) - SCT_free(sct); - } - - while (list_len > 0) { - SCT *sct; - - if (list_len < 2) { - ERR_raise(ERR_LIB_CT, CT_R_SCT_LIST_INVALID); - goto err; - } - n2s(*pp, sct_len); - list_len -= 2; - - if (sct_len == 0 || sct_len > list_len) { - ERR_raise(ERR_LIB_CT, CT_R_SCT_LIST_INVALID); - goto err; - } - list_len -= sct_len; - - if ((sct = o2i_SCT(NULL, pp, sct_len)) == NULL) - goto err; - if (!sk_SCT_push(sk, sct)) { - SCT_free(sct); - goto err; - } - } - - if (a != NULL && *a == NULL) - *a = sk; - return sk; - - err: - if (a == NULL || *a == NULL) - SCT_LIST_free(sk); - return NULL; -} - -int i2o_SCT_LIST(const STACK_OF(SCT) *a, unsigned char **pp) -{ - int len, sct_len, i, is_pp_new = 0; - size_t len2; - unsigned char *p = NULL, *p2; - - if (pp != NULL) { - if (*pp == NULL) { - if ((len = i2o_SCT_LIST(a, NULL)) == -1) { - ERR_raise(ERR_LIB_CT, CT_R_SCT_LIST_INVALID); - return -1; - } - if ((*pp = OPENSSL_malloc(len)) == NULL) { - ERR_raise(ERR_LIB_CT, ERR_R_MALLOC_FAILURE); - return -1; - } - is_pp_new = 1; - } - p = *pp + 2; - } - - len2 = 2; - for (i = 0; i < sk_SCT_num(a); i++) { - if (pp != NULL) { - p2 = p; - p += 2; - if ((sct_len = i2o_SCT(sk_SCT_value(a, i), &p)) == -1) - goto err; - s2n(sct_len, p2); - } else { - if ((sct_len = i2o_SCT(sk_SCT_value(a, i), NULL)) == -1) - goto err; - } - len2 += 2 + sct_len; - } - - if (len2 > MAX_SCT_LIST_SIZE) - goto err; - - if (pp != NULL) { - p = *pp; - s2n(len2 - 2, p); - if (!is_pp_new) - *pp += len2; - } - return len2; - - err: - if (is_pp_new) { - OPENSSL_free(*pp); - *pp = NULL; - } - return -1; -} - -STACK_OF(SCT) *d2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp, - long len) -{ - ASN1_OCTET_STRING *oct = NULL; - STACK_OF(SCT) *sk = NULL; - const unsigned char *p; - - p = *pp; - if (d2i_ASN1_OCTET_STRING(&oct, &p, len) == NULL) - return NULL; - - p = oct->data; - if ((sk = o2i_SCT_LIST(a, &p, oct->length)) != NULL) - *pp += len; - - ASN1_OCTET_STRING_free(oct); - return sk; -} - -int i2d_SCT_LIST(const STACK_OF(SCT) *a, unsigned char **out) -{ - ASN1_OCTET_STRING oct; - int len; - - oct.data = NULL; - if ((oct.length = i2o_SCT_LIST(a, &oct.data)) == -1) - return -1; - - len = i2d_ASN1_OCTET_STRING(&oct, out); - OPENSSL_free(oct.data); - return len; -} diff --git a/crypto/ct/ct_policy.c b/crypto/ct/ct_policy.c deleted file mode 100644 index 80a8baabe163d3b1739615e91b8bc7190678c127..0000000000000000000000000000000000000000 --- a/crypto/ct/ct_policy.c +++ /dev/null @@ -1,115 +0,0 @@ -/* - * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#ifdef OPENSSL_NO_CT -# error "CT is disabled" -#endif - -#include -#include -#include - -#include "ct_local.h" - -/* - * Number of seconds in the future that an SCT timestamp can be, by default, - * without being considered invalid. This is added to time() when setting a - * default value for CT_POLICY_EVAL_CTX.epoch_time_in_ms. - * It can be overridden by calling CT_POLICY_EVAL_CTX_set_time(). - */ -static const time_t SCT_CLOCK_DRIFT_TOLERANCE = 300; - -CT_POLICY_EVAL_CTX *CT_POLICY_EVAL_CTX_new_ex(OSSL_LIB_CTX *libctx, - const char *propq) -{ - CT_POLICY_EVAL_CTX *ctx = OPENSSL_zalloc(sizeof(CT_POLICY_EVAL_CTX)); - - if (ctx == NULL) { - ERR_raise(ERR_LIB_CT, ERR_R_MALLOC_FAILURE); - return NULL; - } - - ctx->libctx = libctx; - if (propq != NULL) { - ctx->propq = OPENSSL_strdup(propq); - if (ctx->propq == NULL) { - ERR_raise(ERR_LIB_CT, ERR_R_MALLOC_FAILURE); - OPENSSL_free(ctx); - return NULL; - } - } - - /* time(NULL) shouldn't ever fail, so don't bother checking for -1. */ - ctx->epoch_time_in_ms = (uint64_t)(time(NULL) + SCT_CLOCK_DRIFT_TOLERANCE) * - 1000; - - return ctx; -} - -CT_POLICY_EVAL_CTX *CT_POLICY_EVAL_CTX_new(void) -{ - return CT_POLICY_EVAL_CTX_new_ex(NULL, NULL); -} - -void CT_POLICY_EVAL_CTX_free(CT_POLICY_EVAL_CTX *ctx) -{ - if (ctx == NULL) - return; - X509_free(ctx->cert); - X509_free(ctx->issuer); - OPENSSL_free(ctx->propq); - OPENSSL_free(ctx); -} - -int CT_POLICY_EVAL_CTX_set1_cert(CT_POLICY_EVAL_CTX *ctx, X509 *cert) -{ - if (!X509_up_ref(cert)) - return 0; - ctx->cert = cert; - return 1; -} - -int CT_POLICY_EVAL_CTX_set1_issuer(CT_POLICY_EVAL_CTX *ctx, X509 *issuer) -{ - if (!X509_up_ref(issuer)) - return 0; - ctx->issuer = issuer; - return 1; -} - -void CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE(CT_POLICY_EVAL_CTX *ctx, - CTLOG_STORE *log_store) -{ - ctx->log_store = log_store; -} - -void CT_POLICY_EVAL_CTX_set_time(CT_POLICY_EVAL_CTX *ctx, uint64_t time_in_ms) -{ - ctx->epoch_time_in_ms = time_in_ms; -} - -X509* CT_POLICY_EVAL_CTX_get0_cert(const CT_POLICY_EVAL_CTX *ctx) -{ - return ctx->cert; -} - -X509* CT_POLICY_EVAL_CTX_get0_issuer(const CT_POLICY_EVAL_CTX *ctx) -{ - return ctx->issuer; -} - -const CTLOG_STORE *CT_POLICY_EVAL_CTX_get0_log_store(const CT_POLICY_EVAL_CTX *ctx) -{ - return ctx->log_store; -} - -uint64_t CT_POLICY_EVAL_CTX_get_time(const CT_POLICY_EVAL_CTX *ctx) -{ - return ctx->epoch_time_in_ms; -} diff --git a/crypto/ct/ct_prn.c b/crypto/ct/ct_prn.c deleted file mode 100644 index 374235b7ec57eb7ba872228e6e9d7fe920d0c1b4..0000000000000000000000000000000000000000 --- a/crypto/ct/ct_prn.c +++ /dev/null @@ -1,127 +0,0 @@ -/* - * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#ifdef OPENSSL_NO_CT -# error "CT is disabled" -#endif - -#include -#include - -#include "ct_local.h" - -static void SCT_signature_algorithms_print(const SCT *sct, BIO *out) -{ - int nid = SCT_get_signature_nid(sct); - - if (nid == NID_undef) - BIO_printf(out, "%02X%02X", sct->hash_alg, sct->sig_alg); - else - BIO_printf(out, "%s", OBJ_nid2ln(nid)); -} - -static void timestamp_print(uint64_t timestamp, BIO *out) -{ - ASN1_GENERALIZEDTIME *gen = ASN1_GENERALIZEDTIME_new(); - char genstr[20]; - - if (gen == NULL) - return; - ASN1_GENERALIZEDTIME_adj(gen, (time_t)0, - (int)(timestamp / 86400000), - (timestamp % 86400000) / 1000); - /* - * Note GeneralizedTime from ASN1_GENERALIZETIME_adj is always 15 - * characters long with a final Z. Update it with fractional seconds. - */ - BIO_snprintf(genstr, sizeof(genstr), "%.14s.%03dZ", - ASN1_STRING_get0_data(gen), (unsigned int)(timestamp % 1000)); - if (ASN1_GENERALIZEDTIME_set_string(gen, genstr)) - ASN1_GENERALIZEDTIME_print(out, gen); - ASN1_GENERALIZEDTIME_free(gen); -} - -const char *SCT_validation_status_string(const SCT *sct) -{ - - switch (SCT_get_validation_status(sct)) { - case SCT_VALIDATION_STATUS_NOT_SET: - return "not set"; - case SCT_VALIDATION_STATUS_UNKNOWN_VERSION: - return "unknown version"; - case SCT_VALIDATION_STATUS_UNKNOWN_LOG: - return "unknown log"; - case SCT_VALIDATION_STATUS_UNVERIFIED: - return "unverified"; - case SCT_VALIDATION_STATUS_INVALID: - return "invalid"; - case SCT_VALIDATION_STATUS_VALID: - return "valid"; - } - return "unknown status"; -} - -void SCT_print(const SCT *sct, BIO *out, int indent, - const CTLOG_STORE *log_store) -{ - const CTLOG *log = NULL; - - if (log_store != NULL) { - log = CTLOG_STORE_get0_log_by_id(log_store, sct->log_id, - sct->log_id_len); - } - - BIO_printf(out, "%*sSigned Certificate Timestamp:", indent, ""); - BIO_printf(out, "\n%*sVersion : ", indent + 4, ""); - - if (sct->version != SCT_VERSION_V1) { - BIO_printf(out, "unknown\n%*s", indent + 16, ""); - BIO_hex_string(out, indent + 16, 16, sct->sct, sct->sct_len); - return; - } - - BIO_printf(out, "v1 (0x0)"); - - if (log != NULL) { - BIO_printf(out, "\n%*sLog : %s", indent + 4, "", - CTLOG_get0_name(log)); - } - - BIO_printf(out, "\n%*sLog ID : ", indent + 4, ""); - BIO_hex_string(out, indent + 16, 16, sct->log_id, sct->log_id_len); - - BIO_printf(out, "\n%*sTimestamp : ", indent + 4, ""); - timestamp_print(sct->timestamp, out); - - BIO_printf(out, "\n%*sExtensions: ", indent + 4, ""); - if (sct->ext_len == 0) - BIO_printf(out, "none"); - else - BIO_hex_string(out, indent + 16, 16, sct->ext, sct->ext_len); - - BIO_printf(out, "\n%*sSignature : ", indent + 4, ""); - SCT_signature_algorithms_print(sct, out); - BIO_printf(out, "\n%*s ", indent + 4, ""); - BIO_hex_string(out, indent + 16, 16, sct->sig, sct->sig_len); -} - -void SCT_LIST_print(const STACK_OF(SCT) *sct_list, BIO *out, int indent, - const char *separator, const CTLOG_STORE *log_store) -{ - int sct_count = sk_SCT_num(sct_list); - int i; - - for (i = 0; i < sct_count; ++i) { - SCT *sct = sk_SCT_value(sct_list, i); - - SCT_print(sct, out, indent, log_store); - if (i < sk_SCT_num(sct_list) - 1) - BIO_printf(out, "%s", separator); - } -} diff --git a/crypto/ct/ct_sct.c b/crypto/ct/ct_sct.c deleted file mode 100644 index 10a67ed6d68d386651780fc82d6bd931cfeaf873..0000000000000000000000000000000000000000 --- a/crypto/ct/ct_sct.c +++ /dev/null @@ -1,396 +0,0 @@ -/* - * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#ifdef OPENSSL_NO_CT -# error "CT disabled" -#endif - -#include -#include -#include -#include -#include - -#include "ct_local.h" - -SCT *SCT_new(void) -{ - SCT *sct = OPENSSL_zalloc(sizeof(*sct)); - - if (sct == NULL) { - ERR_raise(ERR_LIB_CT, ERR_R_MALLOC_FAILURE); - return NULL; - } - - sct->entry_type = CT_LOG_ENTRY_TYPE_NOT_SET; - sct->version = SCT_VERSION_NOT_SET; - return sct; -} - -void SCT_free(SCT *sct) -{ - if (sct == NULL) - return; - - OPENSSL_free(sct->log_id); - OPENSSL_free(sct->ext); - OPENSSL_free(sct->sig); - OPENSSL_free(sct->sct); - OPENSSL_free(sct); -} - -void SCT_LIST_free(STACK_OF(SCT) *a) -{ - sk_SCT_pop_free(a, SCT_free); -} - -int SCT_set_version(SCT *sct, sct_version_t version) -{ - if (version != SCT_VERSION_V1) { - ERR_raise(ERR_LIB_CT, CT_R_UNSUPPORTED_VERSION); - return 0; - } - sct->version = version; - sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET; - return 1; -} - -int SCT_set_log_entry_type(SCT *sct, ct_log_entry_type_t entry_type) -{ - sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET; - - switch (entry_type) { - case CT_LOG_ENTRY_TYPE_X509: - case CT_LOG_ENTRY_TYPE_PRECERT: - sct->entry_type = entry_type; - return 1; - case CT_LOG_ENTRY_TYPE_NOT_SET: - break; - } - ERR_raise(ERR_LIB_CT, CT_R_UNSUPPORTED_ENTRY_TYPE); - return 0; -} - -int SCT_set0_log_id(SCT *sct, unsigned char *log_id, size_t log_id_len) -{ - if (sct->version == SCT_VERSION_V1 && log_id_len != CT_V1_HASHLEN) { - ERR_raise(ERR_LIB_CT, CT_R_INVALID_LOG_ID_LENGTH); - return 0; - } - - OPENSSL_free(sct->log_id); - sct->log_id = log_id; - sct->log_id_len = log_id_len; - sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET; - return 1; -} - -int SCT_set1_log_id(SCT *sct, const unsigned char *log_id, size_t log_id_len) -{ - if (sct->version == SCT_VERSION_V1 && log_id_len != CT_V1_HASHLEN) { - ERR_raise(ERR_LIB_CT, CT_R_INVALID_LOG_ID_LENGTH); - return 0; - } - - OPENSSL_free(sct->log_id); - sct->log_id = NULL; - sct->log_id_len = 0; - sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET; - - if (log_id != NULL && log_id_len > 0) { - sct->log_id = OPENSSL_memdup(log_id, log_id_len); - if (sct->log_id == NULL) { - ERR_raise(ERR_LIB_CT, ERR_R_MALLOC_FAILURE); - return 0; - } - sct->log_id_len = log_id_len; - } - return 1; -} - - -void SCT_set_timestamp(SCT *sct, uint64_t timestamp) -{ - sct->timestamp = timestamp; - sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET; -} - -int SCT_set_signature_nid(SCT *sct, int nid) -{ - switch (nid) { - case NID_sha256WithRSAEncryption: - sct->hash_alg = TLSEXT_hash_sha256; - sct->sig_alg = TLSEXT_signature_rsa; - sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET; - return 1; - case NID_ecdsa_with_SHA256: - sct->hash_alg = TLSEXT_hash_sha256; - sct->sig_alg = TLSEXT_signature_ecdsa; - sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET; - return 1; - default: - ERR_raise(ERR_LIB_CT, CT_R_UNRECOGNIZED_SIGNATURE_NID); - return 0; - } -} - -void SCT_set0_extensions(SCT *sct, unsigned char *ext, size_t ext_len) -{ - OPENSSL_free(sct->ext); - sct->ext = ext; - sct->ext_len = ext_len; - sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET; -} - -int SCT_set1_extensions(SCT *sct, const unsigned char *ext, size_t ext_len) -{ - OPENSSL_free(sct->ext); - sct->ext = NULL; - sct->ext_len = 0; - sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET; - - if (ext != NULL && ext_len > 0) { - sct->ext = OPENSSL_memdup(ext, ext_len); - if (sct->ext == NULL) { - ERR_raise(ERR_LIB_CT, ERR_R_MALLOC_FAILURE); - return 0; - } - sct->ext_len = ext_len; - } - return 1; -} - -void SCT_set0_signature(SCT *sct, unsigned char *sig, size_t sig_len) -{ - OPENSSL_free(sct->sig); - sct->sig = sig; - sct->sig_len = sig_len; - sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET; -} - -int SCT_set1_signature(SCT *sct, const unsigned char *sig, size_t sig_len) -{ - OPENSSL_free(sct->sig); - sct->sig = NULL; - sct->sig_len = 0; - sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET; - - if (sig != NULL && sig_len > 0) { - sct->sig = OPENSSL_memdup(sig, sig_len); - if (sct->sig == NULL) { - ERR_raise(ERR_LIB_CT, ERR_R_MALLOC_FAILURE); - return 0; - } - sct->sig_len = sig_len; - } - return 1; -} - -sct_version_t SCT_get_version(const SCT *sct) -{ - return sct->version; -} - -ct_log_entry_type_t SCT_get_log_entry_type(const SCT *sct) -{ - return sct->entry_type; -} - -size_t SCT_get0_log_id(const SCT *sct, unsigned char **log_id) -{ - *log_id = sct->log_id; - return sct->log_id_len; -} - -uint64_t SCT_get_timestamp(const SCT *sct) -{ - return sct->timestamp; -} - -int SCT_get_signature_nid(const SCT *sct) -{ - if (sct->version == SCT_VERSION_V1) { - if (sct->hash_alg == TLSEXT_hash_sha256) { - switch (sct->sig_alg) { - case TLSEXT_signature_ecdsa: - return NID_ecdsa_with_SHA256; - case TLSEXT_signature_rsa: - return NID_sha256WithRSAEncryption; - default: - return NID_undef; - } - } - } - return NID_undef; -} - -size_t SCT_get0_extensions(const SCT *sct, unsigned char **ext) -{ - *ext = sct->ext; - return sct->ext_len; -} - -size_t SCT_get0_signature(const SCT *sct, unsigned char **sig) -{ - *sig = sct->sig; - return sct->sig_len; -} - -int SCT_is_complete(const SCT *sct) -{ - switch (sct->version) { - case SCT_VERSION_NOT_SET: - return 0; - case SCT_VERSION_V1: - return sct->log_id != NULL && SCT_signature_is_complete(sct); - default: - return sct->sct != NULL; /* Just need cached encoding */ - } -} - -int SCT_signature_is_complete(const SCT *sct) -{ - return SCT_get_signature_nid(sct) != NID_undef && - sct->sig != NULL && sct->sig_len > 0; -} - -sct_source_t SCT_get_source(const SCT *sct) -{ - return sct->source; -} - -int SCT_set_source(SCT *sct, sct_source_t source) -{ - sct->source = source; - sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET; - switch (source) { - case SCT_SOURCE_TLS_EXTENSION: - case SCT_SOURCE_OCSP_STAPLED_RESPONSE: - return SCT_set_log_entry_type(sct, CT_LOG_ENTRY_TYPE_X509); - case SCT_SOURCE_X509V3_EXTENSION: - return SCT_set_log_entry_type(sct, CT_LOG_ENTRY_TYPE_PRECERT); - case SCT_SOURCE_UNKNOWN: - break; - } - /* if we aren't sure, leave the log entry type alone */ - return 1; -} - -sct_validation_status_t SCT_get_validation_status(const SCT *sct) -{ - return sct->validation_status; -} - -int SCT_validate(SCT *sct, const CT_POLICY_EVAL_CTX *ctx) -{ - int is_sct_valid = -1; - SCT_CTX *sctx = NULL; - X509_PUBKEY *pub = NULL, *log_pkey = NULL; - const CTLOG *log; - - /* - * With an unrecognized SCT version we don't know what such an SCT means, - * let alone validate one. So we return validation failure (0). - */ - if (sct->version != SCT_VERSION_V1) { - sct->validation_status = SCT_VALIDATION_STATUS_UNKNOWN_VERSION; - return 0; - } - - log = CTLOG_STORE_get0_log_by_id(ctx->log_store, - sct->log_id, sct->log_id_len); - - /* Similarly, an SCT from an unknown log also cannot be validated. */ - if (log == NULL) { - sct->validation_status = SCT_VALIDATION_STATUS_UNKNOWN_LOG; - return 0; - } - - sctx = SCT_CTX_new(ctx->libctx, ctx->propq); - if (sctx == NULL) - goto err; - - if (X509_PUBKEY_set(&log_pkey, CTLOG_get0_public_key(log)) != 1) - goto err; - if (SCT_CTX_set1_pubkey(sctx, log_pkey) != 1) - goto err; - - if (SCT_get_log_entry_type(sct) == CT_LOG_ENTRY_TYPE_PRECERT) { - EVP_PKEY *issuer_pkey; - - if (ctx->issuer == NULL) { - sct->validation_status = SCT_VALIDATION_STATUS_UNVERIFIED; - goto end; - } - - issuer_pkey = X509_get0_pubkey(ctx->issuer); - - if (X509_PUBKEY_set(&pub, issuer_pkey) != 1) - goto err; - if (SCT_CTX_set1_issuer_pubkey(sctx, pub) != 1) - goto err; - } - - SCT_CTX_set_time(sctx, ctx->epoch_time_in_ms); - - /* - * XXX: Potential for optimization. This repeats some idempotent heavy - * lifting on the certificate for each candidate SCT, and appears to not - * use any information in the SCT itself, only the certificate is - * processed. So it may make more sense to do this just once, perhaps - * associated with the shared (by all SCTs) policy eval ctx. - * - * XXX: Failure here is global (SCT independent) and represents either an - * issue with the certificate (e.g. duplicate extensions) or an out of - * memory condition. When the certificate is incompatible with CT, we just - * mark the SCTs invalid, rather than report a failure to determine the - * validation status. That way, callbacks that want to do "soft" SCT - * processing will not abort handshakes with false positive internal - * errors. Since the function does not distinguish between certificate - * issues (peer's fault) and internal problems (out fault) the safe thing - * to do is to report a validation failure and let the callback or - * application decide what to do. - */ - if (SCT_CTX_set1_cert(sctx, ctx->cert, NULL) != 1) - sct->validation_status = SCT_VALIDATION_STATUS_UNVERIFIED; - else - sct->validation_status = SCT_CTX_verify(sctx, sct) == 1 ? - SCT_VALIDATION_STATUS_VALID : SCT_VALIDATION_STATUS_INVALID; - -end: - is_sct_valid = sct->validation_status == SCT_VALIDATION_STATUS_VALID; -err: - X509_PUBKEY_free(pub); - X509_PUBKEY_free(log_pkey); - SCT_CTX_free(sctx); - - return is_sct_valid; -} - -int SCT_LIST_validate(const STACK_OF(SCT) *scts, CT_POLICY_EVAL_CTX *ctx) -{ - int are_scts_valid = 1; - int sct_count = scts != NULL ? sk_SCT_num(scts) : 0; - int i; - - for (i = 0; i < sct_count; ++i) { - int is_sct_valid = -1; - SCT *sct = sk_SCT_value(scts, i); - - if (sct == NULL) - continue; - - is_sct_valid = SCT_validate(sct, ctx); - if (is_sct_valid < 0) - return is_sct_valid; - are_scts_valid &= is_sct_valid; - } - - return are_scts_valid; -} diff --git a/crypto/ct/ct_sct_ctx.c b/crypto/ct/ct_sct_ctx.c deleted file mode 100644 index 8653684814eeb3d3df2e40be260da13eb44f65f2..0000000000000000000000000000000000000000 --- a/crypto/ct/ct_sct_ctx.c +++ /dev/null @@ -1,278 +0,0 @@ -/* - * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#ifdef OPENSSL_NO_CT -# error "CT is disabled" -#endif - -#include -#include - -#include -#include -#include - -#include "ct_local.h" - -SCT_CTX *SCT_CTX_new(OSSL_LIB_CTX *libctx, const char *propq) -{ - SCT_CTX *sctx = OPENSSL_zalloc(sizeof(*sctx)); - - if (sctx == NULL) { - ERR_raise(ERR_LIB_CT, ERR_R_MALLOC_FAILURE); - return NULL; - } - - sctx->libctx = libctx; - if (propq != NULL) { - sctx->propq = OPENSSL_strdup(propq); - if (sctx->propq == NULL) { - ERR_raise(ERR_LIB_CT, ERR_R_MALLOC_FAILURE); - OPENSSL_free(sctx); - return NULL; - } - } - - return sctx; -} - -void SCT_CTX_free(SCT_CTX *sctx) -{ - if (sctx == NULL) - return; - EVP_PKEY_free(sctx->pkey); - OPENSSL_free(sctx->pkeyhash); - OPENSSL_free(sctx->ihash); - OPENSSL_free(sctx->certder); - OPENSSL_free(sctx->preder); - OPENSSL_free(sctx->propq); - OPENSSL_free(sctx); -} - -/* - * Finds the index of the first extension with the given NID in cert. - * If there is more than one extension with that NID, *is_duplicated is set to - * 1, otherwise 0 (unless it is NULL). - */ -static int ct_x509_get_ext(X509 *cert, int nid, int *is_duplicated) -{ - int ret = X509_get_ext_by_NID(cert, nid, -1); - - if (is_duplicated != NULL) - *is_duplicated = ret >= 0 && X509_get_ext_by_NID(cert, nid, ret) >= 0; - - return ret; -} - -/* - * Modifies a certificate by deleting extensions and copying the issuer and - * AKID from the presigner certificate, if necessary. - * Returns 1 on success, 0 otherwise. - */ -__owur static int ct_x509_cert_fixup(X509 *cert, X509 *presigner) -{ - int preidx, certidx; - int pre_akid_ext_is_dup, cert_akid_ext_is_dup; - - if (presigner == NULL) - return 1; - - preidx = ct_x509_get_ext(presigner, NID_authority_key_identifier, - &pre_akid_ext_is_dup); - certidx = ct_x509_get_ext(cert, NID_authority_key_identifier, - &cert_akid_ext_is_dup); - - /* An error occurred whilst searching for the extension */ - if (preidx < -1 || certidx < -1) - return 0; - /* Invalid certificate if they contain duplicate extensions */ - if (pre_akid_ext_is_dup || cert_akid_ext_is_dup) - return 0; - /* AKID must be present in both certificate or absent in both */ - if (preidx >= 0 && certidx == -1) - return 0; - if (preidx == -1 && certidx >= 0) - return 0; - /* Copy issuer name */ - if (!X509_set_issuer_name(cert, X509_get_issuer_name(presigner))) - return 0; - if (preidx != -1) { - /* Retrieve and copy AKID encoding */ - X509_EXTENSION *preext = X509_get_ext(presigner, preidx); - X509_EXTENSION *certext = X509_get_ext(cert, certidx); - ASN1_OCTET_STRING *preextdata; - - /* Should never happen */ - if (preext == NULL || certext == NULL) - return 0; - preextdata = X509_EXTENSION_get_data(preext); - if (preextdata == NULL || - !X509_EXTENSION_set_data(certext, preextdata)) - return 0; - } - return 1; -} - -int SCT_CTX_set1_cert(SCT_CTX *sctx, X509 *cert, X509 *presigner) -{ - unsigned char *certder = NULL, *preder = NULL; - X509 *pretmp = NULL; - int certderlen = 0, prederlen = 0; - int idx = -1; - int poison_ext_is_dup, sct_ext_is_dup; - int poison_idx = ct_x509_get_ext(cert, NID_ct_precert_poison, &poison_ext_is_dup); - - /* Duplicate poison extensions are present - error */ - if (poison_ext_is_dup) - goto err; - - /* If *cert doesn't have a poison extension, it isn't a precert */ - if (poison_idx == -1) { - /* cert isn't a precert, so we shouldn't have a presigner */ - if (presigner != NULL) - goto err; - - certderlen = i2d_X509(cert, &certder); - if (certderlen < 0) - goto err; - } - - /* See if cert has a precert SCTs extension */ - idx = ct_x509_get_ext(cert, NID_ct_precert_scts, &sct_ext_is_dup); - /* Duplicate SCT extensions are present - error */ - if (sct_ext_is_dup) - goto err; - - if (idx >= 0 && poison_idx >= 0) { - /* - * cert can't both contain SCTs (i.e. have an SCT extension) and be a - * precert (i.e. have a poison extension). - */ - goto err; - } - - if (idx == -1) { - idx = poison_idx; - } - - /* - * If either a poison or SCT extension is present, remove it before encoding - * cert. This, along with ct_x509_cert_fixup(), gets a TBSCertificate (see - * RFC5280) from cert, which is what the CT log signed when it produced the - * SCT. - */ - if (idx >= 0) { - /* Take a copy of certificate so we don't modify passed version */ - pretmp = X509_dup(cert); - if (pretmp == NULL) - goto err; - - X509_EXTENSION_free(X509_delete_ext(pretmp, idx)); - - if (!ct_x509_cert_fixup(pretmp, presigner)) - goto err; - - prederlen = i2d_re_X509_tbs(pretmp, &preder); - if (prederlen <= 0) - goto err; - } - - X509_free(pretmp); - - OPENSSL_free(sctx->certder); - sctx->certder = certder; - sctx->certderlen = certderlen; - - OPENSSL_free(sctx->preder); - sctx->preder = preder; - sctx->prederlen = prederlen; - - return 1; -err: - OPENSSL_free(certder); - OPENSSL_free(preder); - X509_free(pretmp); - return 0; -} - -__owur static int ct_public_key_hash(SCT_CTX *sctx, X509_PUBKEY *pkey, - unsigned char **hash, size_t *hash_len) -{ - int ret = 0; - unsigned char *md = NULL, *der = NULL; - int der_len; - unsigned int md_len; - EVP_MD *sha256 = EVP_MD_fetch(sctx->libctx, "SHA2-256", sctx->propq); - - if (sha256 == NULL) - goto err; - - /* Reuse buffer if possible */ - if (*hash != NULL && *hash_len >= SHA256_DIGEST_LENGTH) { - md = *hash; - } else { - md = OPENSSL_malloc(SHA256_DIGEST_LENGTH); - if (md == NULL) - goto err; - } - - /* Calculate key hash */ - der_len = i2d_X509_PUBKEY(pkey, &der); - if (der_len <= 0) - goto err; - - if (!EVP_Digest(der, der_len, md, &md_len, sha256, NULL)) - goto err; - - if (md != *hash) { - OPENSSL_free(*hash); - *hash = md; - *hash_len = SHA256_DIGEST_LENGTH; - } - - md = NULL; - ret = 1; - err: - EVP_MD_free(sha256); - OPENSSL_free(md); - OPENSSL_free(der); - return ret; -} - -int SCT_CTX_set1_issuer(SCT_CTX *sctx, const X509 *issuer) -{ - return SCT_CTX_set1_issuer_pubkey(sctx, X509_get_X509_PUBKEY(issuer)); -} - -int SCT_CTX_set1_issuer_pubkey(SCT_CTX *sctx, X509_PUBKEY *pubkey) -{ - return ct_public_key_hash(sctx, pubkey, &sctx->ihash, &sctx->ihashlen); -} - -int SCT_CTX_set1_pubkey(SCT_CTX *sctx, X509_PUBKEY *pubkey) -{ - EVP_PKEY *pkey = X509_PUBKEY_get(pubkey); - - if (pkey == NULL) - return 0; - - if (!ct_public_key_hash(sctx, pubkey, &sctx->pkeyhash, &sctx->pkeyhashlen)) { - EVP_PKEY_free(pkey); - return 0; - } - - EVP_PKEY_free(sctx->pkey); - sctx->pkey = pkey; - return 1; -} - -void SCT_CTX_set_time(SCT_CTX *sctx, uint64_t time_in_ms) -{ - sctx->epoch_time_in_ms = time_in_ms; -} diff --git a/crypto/ct/ct_vfy.c b/crypto/ct/ct_vfy.c deleted file mode 100644 index 27fb79f4038332345e530392d2572f30a7ed8c1c..0000000000000000000000000000000000000000 --- a/crypto/ct/ct_vfy.c +++ /dev/null @@ -1,141 +0,0 @@ -/* - * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include - -#include -#include -#include -#include - -#include "ct_local.h" - -typedef enum sct_signature_type_t { - SIGNATURE_TYPE_NOT_SET = -1, - SIGNATURE_TYPE_CERT_TIMESTAMP, - SIGNATURE_TYPE_TREE_HASH -} SCT_SIGNATURE_TYPE; - -/* - * Update encoding for SCT signature verification/generation to supplied - * EVP_MD_CTX. - */ -static int sct_ctx_update(EVP_MD_CTX *ctx, const SCT_CTX *sctx, const SCT *sct) -{ - unsigned char tmpbuf[12]; - unsigned char *p, *der; - size_t derlen; - /*+ - * digitally-signed struct { - * (1 byte) Version sct_version; - * (1 byte) SignatureType signature_type = certificate_timestamp; - * (8 bytes) uint64 timestamp; - * (2 bytes) LogEntryType entry_type; - * (? bytes) select(entry_type) { - * case x509_entry: ASN.1Cert; - * case precert_entry: PreCert; - * } signed_entry; - * (2 bytes + sct->ext_len) CtExtensions extensions; - * } - */ - if (sct->entry_type == CT_LOG_ENTRY_TYPE_NOT_SET) - return 0; - if (sct->entry_type == CT_LOG_ENTRY_TYPE_PRECERT && sctx->ihash == NULL) - return 0; - - p = tmpbuf; - *p++ = sct->version; - *p++ = SIGNATURE_TYPE_CERT_TIMESTAMP; - l2n8(sct->timestamp, p); - s2n(sct->entry_type, p); - - if (!EVP_DigestUpdate(ctx, tmpbuf, p - tmpbuf)) - return 0; - - if (sct->entry_type == CT_LOG_ENTRY_TYPE_X509) { - der = sctx->certder; - derlen = sctx->certderlen; - } else { - if (!EVP_DigestUpdate(ctx, sctx->ihash, sctx->ihashlen)) - return 0; - der = sctx->preder; - derlen = sctx->prederlen; - } - - /* If no encoding available, fatal error */ - if (der == NULL) - return 0; - - /* Include length first */ - p = tmpbuf; - l2n3(derlen, p); - - if (!EVP_DigestUpdate(ctx, tmpbuf, 3)) - return 0; - if (!EVP_DigestUpdate(ctx, der, derlen)) - return 0; - - /* Add any extensions */ - p = tmpbuf; - s2n(sct->ext_len, p); - if (!EVP_DigestUpdate(ctx, tmpbuf, 2)) - return 0; - - if (sct->ext_len && !EVP_DigestUpdate(ctx, sct->ext, sct->ext_len)) - return 0; - - return 1; -} - -int SCT_CTX_verify(const SCT_CTX *sctx, const SCT *sct) -{ - EVP_MD_CTX *ctx = NULL; - int ret = 0; - - if (!SCT_is_complete(sct) || sctx->pkey == NULL || - sct->entry_type == CT_LOG_ENTRY_TYPE_NOT_SET || - (sct->entry_type == CT_LOG_ENTRY_TYPE_PRECERT && sctx->ihash == NULL)) { - ERR_raise(ERR_LIB_CT, CT_R_SCT_NOT_SET); - return 0; - } - if (sct->version != SCT_VERSION_V1) { - ERR_raise(ERR_LIB_CT, CT_R_SCT_UNSUPPORTED_VERSION); - return 0; - } - if (sct->log_id_len != sctx->pkeyhashlen || - memcmp(sct->log_id, sctx->pkeyhash, sctx->pkeyhashlen) != 0) { - ERR_raise(ERR_LIB_CT, CT_R_SCT_LOG_ID_MISMATCH); - return 0; - } - if (sct->timestamp > sctx->epoch_time_in_ms) { - ERR_raise(ERR_LIB_CT, CT_R_SCT_FUTURE_TIMESTAMP); - return 0; - } - - ctx = EVP_MD_CTX_new(); - if (ctx == NULL) - goto end; - - if (!EVP_DigestVerifyInit_ex(ctx, NULL, "SHA2-256", sctx->libctx, - sctx->propq, sctx->pkey, NULL)) - goto end; - - if (!sct_ctx_update(ctx, sctx, sct)) - goto end; - - /* Verify signature */ - ret = EVP_DigestVerifyFinal(ctx, sct->sig, sct->sig_len); - /* If ret < 0 some other error: fall through without setting error */ - if (ret == 0) - ERR_raise(ERR_LIB_CT, CT_R_SCT_INVALID_SIGNATURE); - -end: - EVP_MD_CTX_free(ctx); - return ret; -} diff --git a/crypto/ct/ct_x509v3.c b/crypto/ct/ct_x509v3.c deleted file mode 100644 index 1284ec711db9311d2abf8e464a1119d1475386d8..0000000000000000000000000000000000000000 --- a/crypto/ct/ct_x509v3.c +++ /dev/null @@ -1,104 +0,0 @@ -/* - * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#ifdef OPENSSL_NO_CT -# error "CT is disabled" -#endif - -#include "ct_local.h" - -static char *i2s_poison(const X509V3_EXT_METHOD *method, void *val) -{ - return OPENSSL_strdup("NULL"); -} - -static void *s2i_poison(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, const char *str) -{ - return ASN1_NULL_new(); -} - -static int i2r_SCT_LIST(X509V3_EXT_METHOD *method, STACK_OF(SCT) *sct_list, - BIO *out, int indent) -{ - SCT_LIST_print(sct_list, out, indent, "\n", NULL); - return 1; -} - -static int set_sct_list_source(STACK_OF(SCT) *s, sct_source_t source) -{ - if (s != NULL) { - int i; - - for (i = 0; i < sk_SCT_num(s); i++) { - int res = SCT_set_source(sk_SCT_value(s, i), source); - - if (res != 1) { - return 0; - } - } - } - return 1; -} - -static STACK_OF(SCT) *x509_ext_d2i_SCT_LIST(STACK_OF(SCT) **a, - const unsigned char **pp, - long len) -{ - STACK_OF(SCT) *s = d2i_SCT_LIST(a, pp, len); - - if (set_sct_list_source(s, SCT_SOURCE_X509V3_EXTENSION) != 1) { - SCT_LIST_free(s); - *a = NULL; - return NULL; - } - return s; -} - -static STACK_OF(SCT) *ocsp_ext_d2i_SCT_LIST(STACK_OF(SCT) **a, - const unsigned char **pp, - long len) -{ - STACK_OF(SCT) *s = d2i_SCT_LIST(a, pp, len); - - if (set_sct_list_source(s, SCT_SOURCE_OCSP_STAPLED_RESPONSE) != 1) { - SCT_LIST_free(s); - *a = NULL; - return NULL; - } - return s; -} - -/* Handlers for X509v3/OCSP Certificate Transparency extensions */ -const X509V3_EXT_METHOD ossl_v3_ct_scts[3] = { - /* X509v3 extension in certificates that contains SCTs */ - { NID_ct_precert_scts, 0, NULL, - NULL, (X509V3_EXT_FREE)SCT_LIST_free, - (X509V3_EXT_D2I)x509_ext_d2i_SCT_LIST, (X509V3_EXT_I2D)i2d_SCT_LIST, - NULL, NULL, - NULL, NULL, - (X509V3_EXT_I2R)i2r_SCT_LIST, NULL, - NULL }, - - /* X509v3 extension to mark a certificate as a pre-certificate */ - { NID_ct_precert_poison, 0, ASN1_ITEM_ref(ASN1_NULL), - NULL, NULL, NULL, NULL, - i2s_poison, s2i_poison, - NULL, NULL, - NULL, NULL, - NULL }, - - /* OCSP extension that contains SCTs */ - { NID_ct_cert_scts, 0, NULL, - 0, (X509V3_EXT_FREE)SCT_LIST_free, - (X509V3_EXT_D2I)ocsp_ext_d2i_SCT_LIST, (X509V3_EXT_I2D)i2d_SCT_LIST, - NULL, NULL, - NULL, NULL, - (X509V3_EXT_I2R)i2r_SCT_LIST, NULL, - NULL }, -}; diff --git a/crypto/ctype.c b/crypto/ctype.c deleted file mode 100644 index de2e836ff7837d32f65e0ac4d4cb06566df7c295..0000000000000000000000000000000000000000 --- a/crypto/ctype.c +++ /dev/null @@ -1,313 +0,0 @@ -/* - * Copyright 2017-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include "crypto/ctype.h" -#include - -/* - * Define the character classes for each character in the seven bit ASCII - * character set. This is independent of the host's character set, characters - * are converted to ASCII before being used as an index in to this table. - * Characters outside of the seven bit ASCII range are detected before indexing. - */ -static const unsigned short ctype_char_map[128] = { - /* 00 nul */ CTYPE_MASK_cntrl, - /* 01 soh */ CTYPE_MASK_cntrl, - /* 02 stx */ CTYPE_MASK_cntrl, - /* 03 etx */ CTYPE_MASK_cntrl, - /* 04 eot */ CTYPE_MASK_cntrl, - /* 05 enq */ CTYPE_MASK_cntrl, - /* 06 ack */ CTYPE_MASK_cntrl, - /* 07 \a */ CTYPE_MASK_cntrl, - /* 08 \b */ CTYPE_MASK_cntrl, - /* 09 \t */ CTYPE_MASK_blank | CTYPE_MASK_cntrl | CTYPE_MASK_space, - /* 0A \n */ CTYPE_MASK_cntrl | CTYPE_MASK_space, - /* 0B \v */ CTYPE_MASK_cntrl | CTYPE_MASK_space, - /* 0C \f */ CTYPE_MASK_cntrl | CTYPE_MASK_space, - /* 0D \r */ CTYPE_MASK_cntrl | CTYPE_MASK_space, - /* 0E so */ CTYPE_MASK_cntrl, - /* 0F si */ CTYPE_MASK_cntrl, - /* 10 dle */ CTYPE_MASK_cntrl, - /* 11 dc1 */ CTYPE_MASK_cntrl, - /* 12 dc2 */ CTYPE_MASK_cntrl, - /* 13 dc3 */ CTYPE_MASK_cntrl, - /* 14 dc4 */ CTYPE_MASK_cntrl, - /* 15 nak */ CTYPE_MASK_cntrl, - /* 16 syn */ CTYPE_MASK_cntrl, - /* 17 etb */ CTYPE_MASK_cntrl, - /* 18 can */ CTYPE_MASK_cntrl, - /* 19 em */ CTYPE_MASK_cntrl, - /* 1A sub */ CTYPE_MASK_cntrl, - /* 1B esc */ CTYPE_MASK_cntrl, - /* 1C fs */ CTYPE_MASK_cntrl, - /* 1D gs */ CTYPE_MASK_cntrl, - /* 1E rs */ CTYPE_MASK_cntrl, - /* 1F us */ CTYPE_MASK_cntrl, - /* 20 */ CTYPE_MASK_blank | CTYPE_MASK_print | CTYPE_MASK_space - | CTYPE_MASK_asn1print, - /* 21 ! */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct, - /* 22 " */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct, - /* 23 # */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct, - /* 24 $ */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct, - /* 25 % */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct, - /* 26 & */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct, - /* 27 ' */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct - | CTYPE_MASK_asn1print, - /* 28 ( */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct - | CTYPE_MASK_asn1print, - /* 29 ) */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct - | CTYPE_MASK_asn1print, - /* 2A * */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct, - /* 2B + */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct - | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, - /* 2C , */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct - | CTYPE_MASK_asn1print, - /* 2D - */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct - | CTYPE_MASK_asn1print, - /* 2E . */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct - | CTYPE_MASK_asn1print, - /* 2F / */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct - | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, - /* 30 0 */ CTYPE_MASK_digit | CTYPE_MASK_graph | CTYPE_MASK_print - | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, - /* 31 1 */ CTYPE_MASK_digit | CTYPE_MASK_graph | CTYPE_MASK_print - | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, - /* 32 2 */ CTYPE_MASK_digit | CTYPE_MASK_graph | CTYPE_MASK_print - | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, - /* 33 3 */ CTYPE_MASK_digit | CTYPE_MASK_graph | CTYPE_MASK_print - | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, - /* 34 4 */ CTYPE_MASK_digit | CTYPE_MASK_graph | CTYPE_MASK_print - | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, - /* 35 5 */ CTYPE_MASK_digit | CTYPE_MASK_graph | CTYPE_MASK_print - | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, - /* 36 6 */ CTYPE_MASK_digit | CTYPE_MASK_graph | CTYPE_MASK_print - | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, - /* 37 7 */ CTYPE_MASK_digit | CTYPE_MASK_graph | CTYPE_MASK_print - | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, - /* 38 8 */ CTYPE_MASK_digit | CTYPE_MASK_graph | CTYPE_MASK_print - | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, - /* 39 9 */ CTYPE_MASK_digit | CTYPE_MASK_graph | CTYPE_MASK_print - | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, - /* 3A : */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct - | CTYPE_MASK_asn1print, - /* 3B ; */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct, - /* 3C < */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct, - /* 3D = */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct - | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, - /* 3E > */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct, - /* 3F ? */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct - | CTYPE_MASK_asn1print, - /* 40 @ */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct, - /* 41 A */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper - | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, - /* 42 B */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper - | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, - /* 43 C */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper - | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, - /* 44 D */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper - | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, - /* 45 E */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper - | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, - /* 46 F */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper - | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, - /* 47 G */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper - | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, - /* 48 H */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper - | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, - /* 49 I */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper - | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, - /* 4A J */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper - | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, - /* 4B K */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper - | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, - /* 4C L */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper - | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, - /* 4D M */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper - | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, - /* 4E N */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper - | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, - /* 4F O */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper - | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, - /* 50 P */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper - | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, - /* 51 Q */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper - | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, - /* 52 R */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper - | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, - /* 53 S */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper - | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, - /* 54 T */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper - | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, - /* 55 U */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper - | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, - /* 56 V */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper - | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, - /* 57 W */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper - | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, - /* 58 X */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper - | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, - /* 59 Y */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper - | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, - /* 5A Z */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper - | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, - /* 5B [ */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct, - /* 5C \ */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct, - /* 5D ] */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct, - /* 5E ^ */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct, - /* 5F _ */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct, - /* 60 ` */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct, - /* 61 a */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print - | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, - /* 62 b */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print - | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, - /* 63 c */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print - | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, - /* 64 d */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print - | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, - /* 65 e */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print - | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, - /* 66 f */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print - | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, - /* 67 g */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print - | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, - /* 68 h */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print - | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, - /* 69 i */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print - | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, - /* 6A j */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print - | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, - /* 6B k */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print - | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, - /* 6C l */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print - | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, - /* 6D m */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print - | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, - /* 6E n */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print - | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, - /* 6F o */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print - | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, - /* 70 p */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print - | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, - /* 71 q */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print - | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, - /* 72 r */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print - | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, - /* 73 s */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print - | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, - /* 74 t */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print - | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, - /* 75 u */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print - | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, - /* 76 v */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print - | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, - /* 77 w */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print - | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, - /* 78 x */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print - | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, - /* 79 y */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print - | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, - /* 7A z */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print - | CTYPE_MASK_base64 | CTYPE_MASK_asn1print, - /* 7B { */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct, - /* 7C | */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct, - /* 7D } */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct, - /* 7E ~ */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct, - /* 7F del */ CTYPE_MASK_cntrl -}; - -#ifdef CHARSET_EBCDIC -int ossl_toascii(int c) -{ - if (c < -128 || c > 256 || c == EOF) - return c; - /* - * Adjust negatively signed characters. - * This is not required for ASCII because any character that sign extends - * is not seven bit and all of the checks are on the seven bit characters. - * I.e. any check must fail on sign extension. - */ - if (c < 0) - c += 256; - return os_toascii[c]; -} - -int ossl_fromascii(int c) -{ - if (c < -128 || c > 256 || c == EOF) - return c; - if (c < 0) - c += 256; - return os_toebcdic[c]; -} -#endif - -int ossl_ctype_check(int c, unsigned int mask) -{ - const int max = sizeof(ctype_char_map) / sizeof(*ctype_char_map); - const int a = ossl_toascii(c); - - return a >= 0 && a < max && (ctype_char_map[a] & mask) != 0; -} - -/* - * Implement some of the simplier functions directly to avoid the overhead of - * accessing memory via ctype_char_map[]. - */ - -#define ASCII_IS_DIGIT(c) (c >= 0x30 && c <= 0x39) -#define ASCII_IS_UPPER(c) (c >= 0x41 && c <= 0x5A) -#define ASCII_IS_LOWER(c) (c >= 0x61 && c <= 0x7A) - -int ossl_isdigit(int c) -{ - int a = ossl_toascii(c); - - return ASCII_IS_DIGIT(a); -} - -int ossl_isupper(int c) -{ - int a = ossl_toascii(c); - - return ASCII_IS_UPPER(a); -} - -int ossl_islower(int c) -{ - int a = ossl_toascii(c); - - return ASCII_IS_LOWER(a); -} - -#if defined(CHARSET_EBCDIC) && !defined(CHARSET_EBCDIC_TEST) -static const int case_change = 0x40; -#else -static const int case_change = 0x20; -#endif - -int ossl_tolower(int c) -{ - int a = ossl_toascii(c); - - return ASCII_IS_UPPER(a) ? c ^ case_change : c; -} - -int ossl_toupper(int c) -{ - int a = ossl_toascii(c); - - return ASCII_IS_LOWER(a) ? c ^ case_change : c; -} - -int ossl_ascii_isdigit(int c) -{ - return ASCII_IS_DIGIT(c); -} diff --git a/crypto/cversion.c b/crypto/cversion.c deleted file mode 100644 index 530b0e805e8dd605c68b88adef3ebf9d5aea735e..0000000000000000000000000000000000000000 --- a/crypto/cversion.c +++ /dev/null @@ -1,86 +0,0 @@ -/* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include "internal/cryptlib.h" - -#include "buildinf.h" - -unsigned long OpenSSL_version_num(void) -{ - return OPENSSL_VERSION_NUMBER; -} - -unsigned int OPENSSL_version_major(void) -{ - return OPENSSL_VERSION_MAJOR; -} - -unsigned int OPENSSL_version_minor(void) -{ - return OPENSSL_VERSION_MINOR; -} - -unsigned int OPENSSL_version_patch(void) -{ - return OPENSSL_VERSION_PATCH; -} - -const char *OPENSSL_version_pre_release(void) -{ - return OPENSSL_VERSION_PRE_RELEASE; -} - -const char *OPENSSL_version_build_metadata(void) -{ - return OPENSSL_VERSION_BUILD_METADATA; -} - -extern char ossl_cpu_info_str[]; - -const char *OpenSSL_version(int t) -{ - switch (t) { - case OPENSSL_VERSION: - return OPENSSL_VERSION_TEXT; - case OPENSSL_VERSION_STRING: - return OPENSSL_VERSION_STR; - case OPENSSL_FULL_VERSION_STRING: - return OPENSSL_FULL_VERSION_STR; - case OPENSSL_BUILT_ON: - return DATE; - case OPENSSL_CFLAGS: - return compiler_flags; - case OPENSSL_PLATFORM: - return PLATFORM; - case OPENSSL_DIR: -#ifdef OPENSSLDIR - return "OPENSSLDIR: \"" OPENSSLDIR "\""; -#else - return "OPENSSLDIR: N/A"; -#endif - case OPENSSL_ENGINES_DIR: -#ifdef ENGINESDIR - return "ENGINESDIR: \"" ENGINESDIR "\""; -#else - return "ENGINESDIR: N/A"; -#endif - case OPENSSL_MODULES_DIR: -#ifdef MODULESDIR - return "MODULESDIR: \"" MODULESDIR "\""; -#else - return "MODULESDIR: N/A"; -#endif - case OPENSSL_CPU_INFO: - if (OPENSSL_info(OPENSSL_INFO_CPU_SETTINGS) != NULL) - return ossl_cpu_info_str; - else - return "CPUINFO: N/A"; - } - return "not available"; -} diff --git a/crypto/der_writer.c b/crypto/der_writer.c deleted file mode 100644 index 2ab7480a6749e8c895b6ec8c003f5ebe94714f96..0000000000000000000000000000000000000000 --- a/crypto/der_writer.c +++ /dev/null @@ -1,199 +0,0 @@ -/* - * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include "internal/cryptlib.h" -#include "internal/der.h" -#include "crypto/bn.h" - -static int int_start_context(WPACKET *pkt, int tag) -{ - if (tag < 0) - return 1; - if (!ossl_assert(tag <= 30)) - return 0; - return WPACKET_start_sub_packet(pkt); -} - -static int int_end_context(WPACKET *pkt, int tag) -{ - /* - * If someone set the flag WPACKET_FLAGS_ABANDON_ON_ZERO_LENGTH on this - * sub-packet and this sub-packet has nothing written to it, the DER length - * will not be written, and the total written size will be unchanged before - * and after WPACKET_close(). We use size1 and size2 to determine if - * anything was written, and only write our tag if it has. - * - */ - size_t size1, size2; - - if (tag < 0) - return 1; - if (!ossl_assert(tag <= 30)) - return 0; - - /* Context specific are normally (?) constructed */ - tag |= DER_F_CONSTRUCTED | DER_C_CONTEXT; - - return WPACKET_get_total_written(pkt, &size1) - && WPACKET_close(pkt) - && WPACKET_get_total_written(pkt, &size2) - && (size1 == size2 || WPACKET_put_bytes_u8(pkt, tag)); -} - -int ossl_DER_w_precompiled(WPACKET *pkt, int tag, - const unsigned char *precompiled, - size_t precompiled_n) -{ - return int_start_context(pkt, tag) - && WPACKET_memcpy(pkt, precompiled, precompiled_n) - && int_end_context(pkt, tag); -} - -int ossl_DER_w_boolean(WPACKET *pkt, int tag, int b) -{ - return int_start_context(pkt, tag) - && WPACKET_start_sub_packet(pkt) - && (!b || WPACKET_put_bytes_u8(pkt, 0xFF)) - && !WPACKET_close(pkt) - && !WPACKET_put_bytes_u8(pkt, DER_P_BOOLEAN) - && int_end_context(pkt, tag); -} - -int ossl_DER_w_octet_string(WPACKET *pkt, int tag, - const unsigned char *data, size_t data_n) -{ - return int_start_context(pkt, tag) - && WPACKET_start_sub_packet(pkt) - && WPACKET_memcpy(pkt, data, data_n) - && WPACKET_close(pkt) - && WPACKET_put_bytes_u8(pkt, DER_P_OCTET_STRING) - && int_end_context(pkt, tag); -} - -int ossl_DER_w_octet_string_uint32(WPACKET *pkt, int tag, uint32_t value) -{ - unsigned char tmp[4] = { 0, 0, 0, 0 }; - unsigned char *pbuf = tmp + (sizeof(tmp) - 1); - - while (value > 0) { - *pbuf-- = (value & 0xFF); - value >>= 8; - } - return ossl_DER_w_octet_string(pkt, tag, tmp, sizeof(tmp)); -} - -static int int_der_w_integer(WPACKET *pkt, int tag, - int (*put_bytes)(WPACKET *pkt, const void *v, - unsigned int *top_byte), - const void *v) -{ - unsigned int top_byte = 0; - - return int_start_context(pkt, tag) - && WPACKET_start_sub_packet(pkt) - && put_bytes(pkt, v, &top_byte) - && ((top_byte & 0x80) == 0 || WPACKET_put_bytes_u8(pkt, 0)) - && WPACKET_close(pkt) - && WPACKET_put_bytes_u8(pkt, DER_P_INTEGER) - && int_end_context(pkt, tag); -} - -static int int_put_bytes_uint32(WPACKET *pkt, const void *v, - unsigned int *top_byte) -{ - const uint32_t *value = v; - uint32_t tmp = *value; - size_t n = 0; - - while (tmp != 0) { - n++; - *top_byte = (tmp & 0xFF); - tmp >>= 8; - } - if (n == 0) - n = 1; - - return WPACKET_put_bytes__(pkt, *value, n); -} - -/* For integers, we only support unsigned values for now */ -int ossl_DER_w_uint32(WPACKET *pkt, int tag, uint32_t v) -{ - return int_der_w_integer(pkt, tag, int_put_bytes_uint32, &v); -} - -static int int_put_bytes_bn(WPACKET *pkt, const void *v, - unsigned int *top_byte) -{ - unsigned char *p = NULL; - size_t n = BN_num_bytes(v); - - /* The BIGNUM limbs are in LE order */ - *top_byte = - ((bn_get_words(v) [(n - 1) / BN_BYTES]) >> (8 * ((n - 1) % BN_BYTES))) - & 0xFF; - - if (!WPACKET_allocate_bytes(pkt, n, &p)) - return 0; - if (p != NULL) - BN_bn2bin(v, p); - return 1; -} - -int ossl_DER_w_bn(WPACKET *pkt, int tag, const BIGNUM *v) -{ - if (v == NULL || BN_is_negative(v)) - return 0; - if (BN_is_zero(v)) - return ossl_DER_w_uint32(pkt, tag, 0); - - return int_der_w_integer(pkt, tag, int_put_bytes_bn, v); -} - -int ossl_DER_w_null(WPACKET *pkt, int tag) -{ - return int_start_context(pkt, tag) - && WPACKET_start_sub_packet(pkt) - && WPACKET_close(pkt) - && WPACKET_put_bytes_u8(pkt, DER_P_NULL) - && int_end_context(pkt, tag); -} - -/* Constructed things need a start and an end */ -int ossl_DER_w_begin_sequence(WPACKET *pkt, int tag) -{ - return int_start_context(pkt, tag) - && WPACKET_start_sub_packet(pkt); -} - -int ossl_DER_w_end_sequence(WPACKET *pkt, int tag) -{ - /* - * If someone set the flag WPACKET_FLAGS_ABANDON_ON_ZERO_LENGTH on this - * sub-packet and this sub-packet has nothing written to it, the DER length - * will not be written, and the total written size will be unchanged before - * and after WPACKET_close(). We use size1 and size2 to determine if - * anything was written, and only write our tag if it has. - * - * Because we know that int_end_context() needs to do the same check, - * we reproduce this flag if the written length was unchanged, or we will - * have an erroneous context tag. - */ - size_t size1, size2; - - return WPACKET_get_total_written(pkt, &size1) - && WPACKET_close(pkt) - && WPACKET_get_total_written(pkt, &size2) - && (size1 == size2 - ? WPACKET_set_flags(pkt, WPACKET_FLAGS_ABANDON_ON_ZERO_LENGTH) - : WPACKET_put_bytes_u8(pkt, DER_F_CONSTRUCTED | DER_P_SEQUENCE)) - && int_end_context(pkt, tag); -} diff --git a/crypto/des/asm/crypt586.pl b/crypto/des/asm/crypt586.pl deleted file mode 100644 index e175b4f5515b294043ce4eca1bef97d60bf2baff..0000000000000000000000000000000000000000 --- a/crypto/des/asm/crypt586.pl +++ /dev/null @@ -1,216 +0,0 @@ -#! /usr/bin/env perl -# Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - -# The inner loop instruction sequence and the IP/FP modifications are from -# Svend Olaf Mikkelsen - -$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; -push(@INC,"${dir}","${dir}../../perlasm"); -require "x86asm.pl"; - -$output=pop and open STDOUT,">$output"; - -&asm_init($ARGV[0]); - -$L="edi"; -$R="esi"; - -&external_label("DES_SPtrans"); -&fcrypt_body("fcrypt_body"); -&asm_finish(); - -close STDOUT or die "error closing STDOUT: $!"; - -sub fcrypt_body - { - local($name,$do_ip)=@_; - - &function_begin($name); - - &comment(""); - &comment("Load the 2 words"); - $trans="ebp"; - - &xor( $L, $L); - &xor( $R, $R); - - # PIC-ification:-) - &picmeup("edx","DES_SPtrans"); - #if ($cpp) { &picmeup("edx","DES_SPtrans"); } - #else { &lea("edx",&DWP("DES_SPtrans")); } - &push("edx"); # becomes &swtmp(1) - # - &mov($trans,&wparam(1)); # reloaded with DES_SPtrans in D_ENCRYPT - - &push(&DWC(25)); # add a variable - - &set_label("start"); - for ($i=0; $i<16; $i+=2) - { - &comment(""); - &comment("Round $i"); - &D_ENCRYPT($i,$L,$R,$i*2,$trans,"eax","ebx","ecx","edx"); - - &comment(""); - &comment("Round ".sprintf("%d",$i+1)); - &D_ENCRYPT($i+1,$R,$L,($i+1)*2,$trans,"eax","ebx","ecx","edx"); - } - &mov("ebx", &swtmp(0)); - &mov("eax", $L); - &dec("ebx"); - &mov($L, $R); - &mov($R, "eax"); - &mov(&swtmp(0), "ebx"); - &jnz(&label("start")); - - &comment(""); - &comment("FP"); - &mov("edx",&wparam(0)); - - &FP_new($R,$L,"eax",3); - &mov(&DWP(0,"edx","",0),"eax"); - &mov(&DWP(4,"edx","",0),$L); - - &add("esp",8); # remove variables - - &function_end($name); - } - -sub D_ENCRYPT - { - local($r,$L,$R,$S,$trans,$u,$tmp1,$tmp2,$t)=@_; - - &mov( $u, &wparam(2)); # 2 - &mov( $t, $R); - &shr( $t, 16); # 1 - &mov( $tmp2, &wparam(3)); # 2 - &xor( $t, $R); # 1 - - &and( $u, $t); # 2 - &and( $t, $tmp2); # 2 - - &mov( $tmp1, $u); - &shl( $tmp1, 16); # 1 - &mov( $tmp2, $t); - &shl( $tmp2, 16); # 1 - &xor( $u, $tmp1); # 2 - &xor( $t, $tmp2); # 2 - &mov( $tmp1, &DWP(&n2a($S*4),$trans,"",0)); # 2 - &xor( $u, $tmp1); - &mov( $tmp2, &DWP(&n2a(($S+1)*4),$trans,"",0)); # 2 - &xor( $u, $R); - &xor( $t, $R); - &xor( $t, $tmp2); - - &and( $u, "0xfcfcfcfc" ); # 2 - &xor( $tmp1, $tmp1); # 1 - &and( $t, "0xcfcfcfcf" ); # 2 - &xor( $tmp2, $tmp2); - &movb( &LB($tmp1), &LB($u) ); - &movb( &LB($tmp2), &HB($u) ); - &rotr( $t, 4 ); - &mov( $trans, &swtmp(1)); - &xor( $L, &DWP(" ",$trans,$tmp1,0)); - &movb( &LB($tmp1), &LB($t) ); - &xor( $L, &DWP("0x200",$trans,$tmp2,0)); - &movb( &LB($tmp2), &HB($t) ); - &shr( $u, 16); - &xor( $L, &DWP("0x100",$trans,$tmp1,0)); - &movb( &LB($tmp1), &HB($u) ); - &shr( $t, 16); - &xor( $L, &DWP("0x300",$trans,$tmp2,0)); - &movb( &LB($tmp2), &HB($t) ); - &and( $u, "0xff" ); - &and( $t, "0xff" ); - &mov( $tmp1, &DWP("0x600",$trans,$tmp1,0)); - &xor( $L, $tmp1); - &mov( $tmp1, &DWP("0x700",$trans,$tmp2,0)); - &xor( $L, $tmp1); - &mov( $tmp1, &DWP("0x400",$trans,$u,0)); - &xor( $L, $tmp1); - &mov( $tmp1, &DWP("0x500",$trans,$t,0)); - &xor( $L, $tmp1); - &mov( $trans, &wparam(1)); - } - -sub n2a - { - sprintf("%d",$_[0]); - } - -# now has a side affect of rotating $a by $shift -sub R_PERM_OP - { - local($a,$b,$tt,$shift,$mask,$last)=@_; - - &rotl( $a, $shift ) if ($shift != 0); - &mov( $tt, $a ); - &xor( $a, $b ); - &and( $a, $mask ); - if ($notlast eq $b) - { - &xor( $b, $a ); - &xor( $tt, $a ); - } - else - { - &xor( $tt, $a ); - &xor( $b, $a ); - } - &comment(""); - } - -sub IP_new - { - local($l,$r,$tt,$lr)=@_; - - &R_PERM_OP($l,$r,$tt, 4,"0xf0f0f0f0",$l); - &R_PERM_OP($r,$tt,$l,20,"0xfff0000f",$l); - &R_PERM_OP($l,$tt,$r,14,"0x33333333",$r); - &R_PERM_OP($tt,$r,$l,22,"0x03fc03fc",$r); - &R_PERM_OP($l,$r,$tt, 9,"0xaaaaaaaa",$r); - - if ($lr != 3) - { - if (($lr-3) < 0) - { &rotr($tt, 3-$lr); } - else { &rotl($tt, $lr-3); } - } - if ($lr != 2) - { - if (($lr-2) < 0) - { &rotr($r, 2-$lr); } - else { &rotl($r, $lr-2); } - } - } - -sub FP_new - { - local($l,$r,$tt,$lr)=@_; - - if ($lr != 2) - { - if (($lr-2) < 0) - { &rotl($r, 2-$lr); } - else { &rotr($r, $lr-2); } - } - if ($lr != 3) - { - if (($lr-3) < 0) - { &rotl($l, 3-$lr); } - else { &rotr($l, $lr-3); } - } - - &R_PERM_OP($l,$r,$tt, 0,"0xaaaaaaaa",$r); - &R_PERM_OP($tt,$r,$l,23,"0x03fc03fc",$r); - &R_PERM_OP($l,$r,$tt,10,"0x33333333",$l); - &R_PERM_OP($r,$tt,$l,18,"0xfff0000f",$l); - &R_PERM_OP($l,$tt,$r,12,"0xf0f0f0f0",$r); - &rotr($tt , 4); - } - diff --git a/crypto/des/asm/des-586.pl b/crypto/des/asm/des-586.pl deleted file mode 100644 index fe51a227ca57f4f48a8967f4ef85c27920f5f042..0000000000000000000000000000000000000000 --- a/crypto/des/asm/des-586.pl +++ /dev/null @@ -1,464 +0,0 @@ -#! /usr/bin/env perl -# Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - -# The inner loop instruction sequence and the IP/FP modifications are from -# Svend Olaf Mikkelsen. - -$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; -push(@INC,"${dir}","${dir}../../perlasm"); -require "x86asm.pl"; -require "cbc.pl"; -require "desboth.pl"; - -# base code is in Microsoft -# op dest, source -# format. -# - -$output=pop and open STDOUT,">$output"; - -&asm_init($ARGV[0]); - -$L="edi"; -$R="esi"; -$trans="ebp"; -$small_footprint=1 if (grep(/\-DOPENSSL_SMALL_FOOTPRINT/,@ARGV)); -# one can discuss setting this variable to 1 unconditionally, as -# the folded loop is only 3% slower than unrolled, but >7 times smaller - -&public_label("DES_SPtrans"); -&static_label("des_sptrans"); - -&DES_encrypt_internal(); -&DES_decrypt_internal(); -&DES_encrypt("DES_encrypt1",1); -&DES_encrypt("DES_encrypt2",0); -&DES_encrypt3("DES_encrypt3",1); -&DES_encrypt3("DES_decrypt3",0); -&cbc("DES_ncbc_encrypt","DES_encrypt1","DES_encrypt1",0,4,5,3,5,-1); -&cbc("DES_ede3_cbc_encrypt","DES_encrypt3","DES_decrypt3",0,6,7,3,4,5); -&DES_SPtrans(); - -&asm_finish(); - -close STDOUT or die "error closing STDOUT: $!"; - -sub DES_encrypt_internal() - { - &function_begin_B("_x86_DES_encrypt"); - - if ($small_footprint) - { - &lea("edx",&DWP(128,"ecx")); - &push("edx"); - &push("ecx"); - &set_label("eloop"); - &D_ENCRYPT(0,$L,$R,0,$trans,"eax","ebx","ecx","edx",&swtmp(0)); - &comment(""); - &D_ENCRYPT(1,$R,$L,2,$trans,"eax","ebx","ecx","edx",&swtmp(0)); - &comment(""); - &add("ecx",16); - &cmp("ecx",&swtmp(1)); - &mov(&swtmp(0),"ecx"); - &jb(&label("eloop")); - &add("esp",8); - } - else - { - &push("ecx"); - for ($i=0; $i<16; $i+=2) - { - &comment("Round $i"); - &D_ENCRYPT($i,$L,$R,$i*2,$trans,"eax","ebx","ecx","edx",&swtmp(0)); - &comment("Round ".sprintf("%d",$i+1)); - &D_ENCRYPT($i+1,$R,$L,($i+1)*2,$trans,"eax","ebx","ecx","edx",&swtmp(0)); - } - &add("esp",4); - } - &ret(); - - &function_end_B("_x86_DES_encrypt"); - } - -sub DES_decrypt_internal() - { - &function_begin_B("_x86_DES_decrypt"); - - if ($small_footprint) - { - &push("ecx"); - &lea("ecx",&DWP(128,"ecx")); - &push("ecx"); - &set_label("dloop"); - &D_ENCRYPT(0,$L,$R,-2,$trans,"eax","ebx","ecx","edx",&swtmp(0)); - &comment(""); - &D_ENCRYPT(1,$R,$L,-4,$trans,"eax","ebx","ecx","edx",&swtmp(0)); - &comment(""); - &sub("ecx",16); - &cmp("ecx",&swtmp(1)); - &mov(&swtmp(0),"ecx"); - &ja(&label("dloop")); - &add("esp",8); - } - else - { - &push("ecx"); - for ($i=15; $i>0; $i-=2) - { - &comment("Round $i"); - &D_ENCRYPT(15-$i,$L,$R,$i*2,$trans,"eax","ebx","ecx","edx",&swtmp(0)); - &comment("Round ".sprintf("%d",$i-1)); - &D_ENCRYPT(15-$i+1,$R,$L,($i-1)*2,$trans,"eax","ebx","ecx","edx",&swtmp(0)); - } - &add("esp",4); - } - &ret(); - - &function_end_B("_x86_DES_decrypt"); - } - -sub DES_encrypt - { - local($name,$do_ip)=@_; - - &function_begin_B($name); - - &push("esi"); - &push("edi"); - - &comment(""); - &comment("Load the 2 words"); - - if ($do_ip) - { - &mov($R,&wparam(0)); - &xor( "ecx", "ecx" ); - - &push("ebx"); - &push("ebp"); - - &mov("eax",&DWP(0,$R,"",0)); - &mov("ebx",&wparam(2)); # get encrypt flag - &mov($L,&DWP(4,$R,"",0)); - &comment(""); - &comment("IP"); - &IP_new("eax",$L,$R,3); - } - else - { - &mov("eax",&wparam(0)); - &xor( "ecx", "ecx" ); - - &push("ebx"); - &push("ebp"); - - &mov($R,&DWP(0,"eax","",0)); - &mov("ebx",&wparam(2)); # get encrypt flag - &rotl($R,3); - &mov($L,&DWP(4,"eax","",0)); - &rotl($L,3); - } - - # PIC-ification:-) - &call (&label("pic_point")); - &set_label("pic_point"); - &blindpop($trans); - &lea ($trans,&DWP(&label("des_sptrans")."-".&label("pic_point"),$trans)); - - &mov( "ecx", &wparam(1) ); - - &cmp("ebx","0"); - &je(&label("decrypt")); - &call("_x86_DES_encrypt"); - &jmp(&label("done")); - &set_label("decrypt"); - &call("_x86_DES_decrypt"); - &set_label("done"); - - if ($do_ip) - { - &comment(""); - &comment("FP"); - &mov("edx",&wparam(0)); - &FP_new($L,$R,"eax",3); - - &mov(&DWP(0,"edx","",0),"eax"); - &mov(&DWP(4,"edx","",0),$R); - } - else - { - &comment(""); - &comment("Fixup"); - &rotr($L,3); # r - &mov("eax",&wparam(0)); - &rotr($R,3); # l - &mov(&DWP(0,"eax","",0),$L); - &mov(&DWP(4,"eax","",0),$R); - } - - &pop("ebp"); - &pop("ebx"); - &pop("edi"); - &pop("esi"); - &ret(); - - &function_end_B($name); - } - -sub D_ENCRYPT - { - local($r,$L,$R,$S,$trans,$u,$tmp1,$tmp2,$t,$wp1)=@_; - - &mov( $u, &DWP(&n2a($S*4),$tmp2,"",0)); - &xor( $tmp1, $tmp1); - &mov( $t, &DWP(&n2a(($S+1)*4),$tmp2,"",0)); - &xor( $u, $R); - &xor( $tmp2, $tmp2); - &xor( $t, $R); - &and( $u, "0xfcfcfcfc" ); - &and( $t, "0xcfcfcfcf" ); - &movb( &LB($tmp1), &LB($u) ); - &movb( &LB($tmp2), &HB($u) ); - &rotr( $t, 4 ); - &xor( $L, &DWP(" ",$trans,$tmp1,0)); - &movb( &LB($tmp1), &LB($t) ); - &xor( $L, &DWP("0x200",$trans,$tmp2,0)); - &movb( &LB($tmp2), &HB($t) ); - &shr( $u, 16); - &xor( $L, &DWP("0x100",$trans,$tmp1,0)); - &movb( &LB($tmp1), &HB($u) ); - &shr( $t, 16); - &xor( $L, &DWP("0x300",$trans,$tmp2,0)); - &movb( &LB($tmp2), &HB($t) ); - &and( $u, "0xff" ); - &and( $t, "0xff" ); - &xor( $L, &DWP("0x600",$trans,$tmp1,0)); - &xor( $L, &DWP("0x700",$trans,$tmp2,0)); - &mov( $tmp2, $wp1 ); - &xor( $L, &DWP("0x400",$trans,$u,0)); - &xor( $L, &DWP("0x500",$trans,$t,0)); - } - -sub n2a - { - sprintf("%d",$_[0]); - } - -# now has a side affect of rotating $a by $shift -sub R_PERM_OP - { - local($a,$b,$tt,$shift,$mask,$last)=@_; - - &rotl( $a, $shift ) if ($shift != 0); - &mov( $tt, $a ); - &xor( $a, $b ); - &and( $a, $mask ); - # This can never succeed, and besides it is difficult to see what the - # idea was - Ben 13 Feb 99 - if (!$last eq $b) - { - &xor( $b, $a ); - &xor( $tt, $a ); - } - else - { - &xor( $tt, $a ); - &xor( $b, $a ); - } - &comment(""); - } - -sub IP_new - { - local($l,$r,$tt,$lr)=@_; - - &R_PERM_OP($l,$r,$tt, 4,"0xf0f0f0f0",$l); - &R_PERM_OP($r,$tt,$l,20,"0xfff0000f",$l); - &R_PERM_OP($l,$tt,$r,14,"0x33333333",$r); - &R_PERM_OP($tt,$r,$l,22,"0x03fc03fc",$r); - &R_PERM_OP($l,$r,$tt, 9,"0xaaaaaaaa",$r); - - if ($lr != 3) - { - if (($lr-3) < 0) - { &rotr($tt, 3-$lr); } - else { &rotl($tt, $lr-3); } - } - if ($lr != 2) - { - if (($lr-2) < 0) - { &rotr($r, 2-$lr); } - else { &rotl($r, $lr-2); } - } - } - -sub FP_new - { - local($l,$r,$tt,$lr)=@_; - - if ($lr != 2) - { - if (($lr-2) < 0) - { &rotl($r, 2-$lr); } - else { &rotr($r, $lr-2); } - } - if ($lr != 3) - { - if (($lr-3) < 0) - { &rotl($l, 3-$lr); } - else { &rotr($l, $lr-3); } - } - - &R_PERM_OP($l,$r,$tt, 0,"0xaaaaaaaa",$r); - &R_PERM_OP($tt,$r,$l,23,"0x03fc03fc",$r); - &R_PERM_OP($l,$r,$tt,10,"0x33333333",$l); - &R_PERM_OP($r,$tt,$l,18,"0xfff0000f",$l); - &R_PERM_OP($l,$tt,$r,12,"0xf0f0f0f0",$r); - &rotr($tt , 4); - } - -sub DES_SPtrans - { - &set_label("DES_SPtrans",64); - &set_label("des_sptrans"); - &data_word(0x02080800, 0x00080000, 0x02000002, 0x02080802); - &data_word(0x02000000, 0x00080802, 0x00080002, 0x02000002); - &data_word(0x00080802, 0x02080800, 0x02080000, 0x00000802); - &data_word(0x02000802, 0x02000000, 0x00000000, 0x00080002); - &data_word(0x00080000, 0x00000002, 0x02000800, 0x00080800); - &data_word(0x02080802, 0x02080000, 0x00000802, 0x02000800); - &data_word(0x00000002, 0x00000800, 0x00080800, 0x02080002); - &data_word(0x00000800, 0x02000802, 0x02080002, 0x00000000); - &data_word(0x00000000, 0x02080802, 0x02000800, 0x00080002); - &data_word(0x02080800, 0x00080000, 0x00000802, 0x02000800); - &data_word(0x02080002, 0x00000800, 0x00080800, 0x02000002); - &data_word(0x00080802, 0x00000002, 0x02000002, 0x02080000); - &data_word(0x02080802, 0x00080800, 0x02080000, 0x02000802); - &data_word(0x02000000, 0x00000802, 0x00080002, 0x00000000); - &data_word(0x00080000, 0x02000000, 0x02000802, 0x02080800); - &data_word(0x00000002, 0x02080002, 0x00000800, 0x00080802); - # nibble 1 - &data_word(0x40108010, 0x00000000, 0x00108000, 0x40100000); - &data_word(0x40000010, 0x00008010, 0x40008000, 0x00108000); - &data_word(0x00008000, 0x40100010, 0x00000010, 0x40008000); - &data_word(0x00100010, 0x40108000, 0x40100000, 0x00000010); - &data_word(0x00100000, 0x40008010, 0x40100010, 0x00008000); - &data_word(0x00108010, 0x40000000, 0x00000000, 0x00100010); - &data_word(0x40008010, 0x00108010, 0x40108000, 0x40000010); - &data_word(0x40000000, 0x00100000, 0x00008010, 0x40108010); - &data_word(0x00100010, 0x40108000, 0x40008000, 0x00108010); - &data_word(0x40108010, 0x00100010, 0x40000010, 0x00000000); - &data_word(0x40000000, 0x00008010, 0x00100000, 0x40100010); - &data_word(0x00008000, 0x40000000, 0x00108010, 0x40008010); - &data_word(0x40108000, 0x00008000, 0x00000000, 0x40000010); - &data_word(0x00000010, 0x40108010, 0x00108000, 0x40100000); - &data_word(0x40100010, 0x00100000, 0x00008010, 0x40008000); - &data_word(0x40008010, 0x00000010, 0x40100000, 0x00108000); - # nibble 2 - &data_word(0x04000001, 0x04040100, 0x00000100, 0x04000101); - &data_word(0x00040001, 0x04000000, 0x04000101, 0x00040100); - &data_word(0x04000100, 0x00040000, 0x04040000, 0x00000001); - &data_word(0x04040101, 0x00000101, 0x00000001, 0x04040001); - &data_word(0x00000000, 0x00040001, 0x04040100, 0x00000100); - &data_word(0x00000101, 0x04040101, 0x00040000, 0x04000001); - &data_word(0x04040001, 0x04000100, 0x00040101, 0x04040000); - &data_word(0x00040100, 0x00000000, 0x04000000, 0x00040101); - &data_word(0x04040100, 0x00000100, 0x00000001, 0x00040000); - &data_word(0x00000101, 0x00040001, 0x04040000, 0x04000101); - &data_word(0x00000000, 0x04040100, 0x00040100, 0x04040001); - &data_word(0x00040001, 0x04000000, 0x04040101, 0x00000001); - &data_word(0x00040101, 0x04000001, 0x04000000, 0x04040101); - &data_word(0x00040000, 0x04000100, 0x04000101, 0x00040100); - &data_word(0x04000100, 0x00000000, 0x04040001, 0x00000101); - &data_word(0x04000001, 0x00040101, 0x00000100, 0x04040000); - # nibble 3 - &data_word(0x00401008, 0x10001000, 0x00000008, 0x10401008); - &data_word(0x00000000, 0x10400000, 0x10001008, 0x00400008); - &data_word(0x10401000, 0x10000008, 0x10000000, 0x00001008); - &data_word(0x10000008, 0x00401008, 0x00400000, 0x10000000); - &data_word(0x10400008, 0x00401000, 0x00001000, 0x00000008); - &data_word(0x00401000, 0x10001008, 0x10400000, 0x00001000); - &data_word(0x00001008, 0x00000000, 0x00400008, 0x10401000); - &data_word(0x10001000, 0x10400008, 0x10401008, 0x00400000); - &data_word(0x10400008, 0x00001008, 0x00400000, 0x10000008); - &data_word(0x00401000, 0x10001000, 0x00000008, 0x10400000); - &data_word(0x10001008, 0x00000000, 0x00001000, 0x00400008); - &data_word(0x00000000, 0x10400008, 0x10401000, 0x00001000); - &data_word(0x10000000, 0x10401008, 0x00401008, 0x00400000); - &data_word(0x10401008, 0x00000008, 0x10001000, 0x00401008); - &data_word(0x00400008, 0x00401000, 0x10400000, 0x10001008); - &data_word(0x00001008, 0x10000000, 0x10000008, 0x10401000); - # nibble 4 - &data_word(0x08000000, 0x00010000, 0x00000400, 0x08010420); - &data_word(0x08010020, 0x08000400, 0x00010420, 0x08010000); - &data_word(0x00010000, 0x00000020, 0x08000020, 0x00010400); - &data_word(0x08000420, 0x08010020, 0x08010400, 0x00000000); - &data_word(0x00010400, 0x08000000, 0x00010020, 0x00000420); - &data_word(0x08000400, 0x00010420, 0x00000000, 0x08000020); - &data_word(0x00000020, 0x08000420, 0x08010420, 0x00010020); - &data_word(0x08010000, 0x00000400, 0x00000420, 0x08010400); - &data_word(0x08010400, 0x08000420, 0x00010020, 0x08010000); - &data_word(0x00010000, 0x00000020, 0x08000020, 0x08000400); - &data_word(0x08000000, 0x00010400, 0x08010420, 0x00000000); - &data_word(0x00010420, 0x08000000, 0x00000400, 0x00010020); - &data_word(0x08000420, 0x00000400, 0x00000000, 0x08010420); - &data_word(0x08010020, 0x08010400, 0x00000420, 0x00010000); - &data_word(0x00010400, 0x08010020, 0x08000400, 0x00000420); - &data_word(0x00000020, 0x00010420, 0x08010000, 0x08000020); - # nibble 5 - &data_word(0x80000040, 0x00200040, 0x00000000, 0x80202000); - &data_word(0x00200040, 0x00002000, 0x80002040, 0x00200000); - &data_word(0x00002040, 0x80202040, 0x00202000, 0x80000000); - &data_word(0x80002000, 0x80000040, 0x80200000, 0x00202040); - &data_word(0x00200000, 0x80002040, 0x80200040, 0x00000000); - &data_word(0x00002000, 0x00000040, 0x80202000, 0x80200040); - &data_word(0x80202040, 0x80200000, 0x80000000, 0x00002040); - &data_word(0x00000040, 0x00202000, 0x00202040, 0x80002000); - &data_word(0x00002040, 0x80000000, 0x80002000, 0x00202040); - &data_word(0x80202000, 0x00200040, 0x00000000, 0x80002000); - &data_word(0x80000000, 0x00002000, 0x80200040, 0x00200000); - &data_word(0x00200040, 0x80202040, 0x00202000, 0x00000040); - &data_word(0x80202040, 0x00202000, 0x00200000, 0x80002040); - &data_word(0x80000040, 0x80200000, 0x00202040, 0x00000000); - &data_word(0x00002000, 0x80000040, 0x80002040, 0x80202000); - &data_word(0x80200000, 0x00002040, 0x00000040, 0x80200040); - # nibble 6 - &data_word(0x00004000, 0x00000200, 0x01000200, 0x01000004); - &data_word(0x01004204, 0x00004004, 0x00004200, 0x00000000); - &data_word(0x01000000, 0x01000204, 0x00000204, 0x01004000); - &data_word(0x00000004, 0x01004200, 0x01004000, 0x00000204); - &data_word(0x01000204, 0x00004000, 0x00004004, 0x01004204); - &data_word(0x00000000, 0x01000200, 0x01000004, 0x00004200); - &data_word(0x01004004, 0x00004204, 0x01004200, 0x00000004); - &data_word(0x00004204, 0x01004004, 0x00000200, 0x01000000); - &data_word(0x00004204, 0x01004000, 0x01004004, 0x00000204); - &data_word(0x00004000, 0x00000200, 0x01000000, 0x01004004); - &data_word(0x01000204, 0x00004204, 0x00004200, 0x00000000); - &data_word(0x00000200, 0x01000004, 0x00000004, 0x01000200); - &data_word(0x00000000, 0x01000204, 0x01000200, 0x00004200); - &data_word(0x00000204, 0x00004000, 0x01004204, 0x01000000); - &data_word(0x01004200, 0x00000004, 0x00004004, 0x01004204); - &data_word(0x01000004, 0x01004200, 0x01004000, 0x00004004); - # nibble 7 - &data_word(0x20800080, 0x20820000, 0x00020080, 0x00000000); - &data_word(0x20020000, 0x00800080, 0x20800000, 0x20820080); - &data_word(0x00000080, 0x20000000, 0x00820000, 0x00020080); - &data_word(0x00820080, 0x20020080, 0x20000080, 0x20800000); - &data_word(0x00020000, 0x00820080, 0x00800080, 0x20020000); - &data_word(0x20820080, 0x20000080, 0x00000000, 0x00820000); - &data_word(0x20000000, 0x00800000, 0x20020080, 0x20800080); - &data_word(0x00800000, 0x00020000, 0x20820000, 0x00000080); - &data_word(0x00800000, 0x00020000, 0x20000080, 0x20820080); - &data_word(0x00020080, 0x20000000, 0x00000000, 0x00820000); - &data_word(0x20800080, 0x20020080, 0x20020000, 0x00800080); - &data_word(0x20820000, 0x00000080, 0x00800080, 0x20020000); - &data_word(0x20820080, 0x00800000, 0x20800000, 0x20000080); - &data_word(0x00820000, 0x00020080, 0x20020080, 0x20800000); - &data_word(0x00000080, 0x20820000, 0x00820080, 0x00000000); - &data_word(0x20000000, 0x20800080, 0x00020000, 0x00820080); - } diff --git a/crypto/des/asm/des_enc.m4 b/crypto/des/asm/des_enc.m4 deleted file mode 100644 index c00ac6184d132ccc3703de8496e1d74bb1522d57..0000000000000000000000000000000000000000 --- a/crypto/des/asm/des_enc.m4 +++ /dev/null @@ -1,1966 +0,0 @@ -! Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. -! -! Licensed under the Apache License 2.0 (the "License"). You may not use -! this file except in compliance with the License. You can obtain a copy -! in the file LICENSE in the source distribution or at -! https://www.openssl.org/source/license.html -! -! To expand the m4 macros: m4 -B 8192 des_enc.m4 > des_enc.S -! -! Global registers 1 to 5 are used. This is the same as done by the -! cc compiler. The UltraSPARC load/store little endian feature is used. -! -! Instruction grouping often refers to one CPU cycle. -! -! Assemble through gcc: gcc -c -mcpu=ultrasparc -o des_enc.o des_enc.S -! -! Assemble through cc: cc -c -xarch=v8plusa -o des_enc.o des_enc.S -! -! Performance improvement according to './apps/openssl speed des' -! -! 32-bit build: -! 23% faster than cc-5.2 -xarch=v8plus -xO5 -! 115% faster than gcc-3.2.1 -m32 -mcpu=ultrasparc -O5 -! 64-bit build: -! 50% faster than cc-5.2 -xarch=v9 -xO5 -! 100% faster than gcc-3.2.1 -m64 -mcpu=ultrasparc -O5 -! - -.ident "des_enc.m4 2.1" -.file "des_enc-sparc.S" - -#if defined(__SUNPRO_C) && defined(__sparcv9) -# define ABI64 /* They've said -xarch=v9 at command line */ -#elif defined(__GNUC__) && defined(__arch64__) -# define ABI64 /* They've said -m64 at command line */ -#endif - -#ifdef ABI64 - .register %g2,#scratch - .register %g3,#scratch -# define FRAME -192 -# define BIAS 2047 -# define LDPTR ldx -# define STPTR stx -# define ARG0 128 -# define ARGSZ 8 -#else -# define FRAME -96 -# define BIAS 0 -# define LDPTR ld -# define STPTR st -# define ARG0 68 -# define ARGSZ 4 -#endif - -#define LOOPS 7 - -#define global0 %g0 -#define global1 %g1 -#define global2 %g2 -#define global3 %g3 -#define global4 %g4 -#define global5 %g5 - -#define local0 %l0 -#define local1 %l1 -#define local2 %l2 -#define local3 %l3 -#define local4 %l4 -#define local5 %l5 -#define local7 %l6 -#define local6 %l7 - -#define in0 %i0 -#define in1 %i1 -#define in2 %i2 -#define in3 %i3 -#define in4 %i4 -#define in5 %i5 -#define in6 %i6 -#define in7 %i7 - -#define out0 %o0 -#define out1 %o1 -#define out2 %o2 -#define out3 %o3 -#define out4 %o4 -#define out5 %o5 -#define out6 %o6 -#define out7 %o7 - -#define stub stb - -changequote({,}) - - -! Macro definitions: - - -! {ip_macro} -! -! The logic used in initial and final permutations is the same as in -! the C code. The permutations are done with a clever shift, xor, and -! technique. -! -! The macro also loads address sbox 1 to 5 to global 1 to 5, address -! sbox 6 to local6, and address sbox 8 to out3. -! -! Rotates the halves 3 left to bring the sbox bits in convenient positions. -! -! Loads key first round from address in parameter 5 to out0, out1. -! -! After the original LibDES initial permutation, the resulting left -! is in the variable initially used for right and vice versa. The macro -! implements the possibility to keep the halves in the original registers. -! -! parameter 1 left -! parameter 2 right -! parameter 3 result left (modify in first round) -! parameter 4 result right (use in first round) -! parameter 5 key address -! parameter 6 1/2 for include encryption/decryption -! parameter 7 1 for move in1 to in3 -! parameter 8 1 for move in3 to in4, 2 for move in4 to in3 -! parameter 9 1 for load ks3 and ks2 to in4 and in3 - -define(ip_macro, { - -! {ip_macro} -! $1 $2 $4 $3 $5 $6 $7 $8 $9 - - ld [out2+256], local1 - srl $2, 4, local4 - - xor local4, $1, local4 - ifelse($7,1,{mov in1, in3},{nop}) - - ld [out2+260], local2 - and local4, local1, local4 - ifelse($8,1,{mov in3, in4},{}) - ifelse($8,2,{mov in4, in3},{}) - - ld [out2+280], out4 ! loop counter - sll local4, 4, local1 - xor $1, local4, $1 - - ld [out2+264], local3 - srl $1, 16, local4 - xor $2, local1, $2 - - ifelse($9,1,{LDPTR KS3, in4},{}) - xor local4, $2, local4 - nop !sethi %hi(DES_SPtrans), global1 ! sbox addr - - ifelse($9,1,{LDPTR KS2, in3},{}) - and local4, local2, local4 - nop !or global1, %lo(DES_SPtrans), global1 ! sbox addr - - sll local4, 16, local1 - xor $2, local4, $2 - - srl $2, 2, local4 - xor $1, local1, $1 - - sethi %hi(16711680), local5 - xor local4, $1, local4 - - and local4, local3, local4 - or local5, 255, local5 - - sll local4, 2, local2 - xor $1, local4, $1 - - srl $1, 8, local4 - xor $2, local2, $2 - - xor local4, $2, local4 - add global1, 768, global4 - - and local4, local5, local4 - add global1, 1024, global5 - - ld [out2+272], local7 - sll local4, 8, local1 - xor $2, local4, $2 - - srl $2, 1, local4 - xor $1, local1, $1 - - ld [$5], out0 ! key 7531 - xor local4, $1, local4 - add global1, 256, global2 - - ld [$5+4], out1 ! key 8642 - and local4, local7, local4 - add global1, 512, global3 - - sll local4, 1, local1 - xor $1, local4, $1 - - sll $1, 3, local3 - xor $2, local1, $2 - - sll $2, 3, local2 - add global1, 1280, local6 ! address sbox 8 - - srl $1, 29, local4 - add global1, 1792, out3 ! address sbox 8 - - srl $2, 29, local1 - or local4, local3, $4 - - or local2, local1, $3 - - ifelse($6, 1, { - - ld [out2+284], local5 ! 0x0000FC00 used in the rounds - or local2, local1, $3 - xor $4, out0, local1 - - call .des_enc.1 - and local1, 252, local1 - - },{}) - - ifelse($6, 2, { - - ld [out2+284], local5 ! 0x0000FC00 used in the rounds - or local2, local1, $3 - xor $4, out0, local1 - - call .des_dec.1 - and local1, 252, local1 - - },{}) -}) - - -! {rounds_macro} -! -! The logic used in the DES rounds is the same as in the C code, -! except that calculations for sbox 1 and sbox 5 begin before -! the previous round is finished. -! -! In each round one half (work) is modified based on key and the -! other half (use). -! -! In this version we do two rounds in a loop repeated 7 times -! and two rounds separately. -! -! One half has the bits for the sboxes in the following positions: -! -! 777777xx555555xx333333xx111111xx -! -! 88xx666666xx444444xx222222xx8888 -! -! The bits for each sbox are xor-ed with the key bits for that box. -! The above xx bits are cleared, and the result used for lookup in -! the sbox table. Each sbox entry contains the 4 output bits permuted -! into 32 bits according to the P permutation. -! -! In the description of DES, left and right are switched after -! each round, except after last round. In this code the original -! left and right are kept in the same register in all rounds, meaning -! that after the 16 rounds the result for right is in the register -! originally used for left. -! -! parameter 1 first work (left in first round) -! parameter 2 first use (right in first round) -! parameter 3 enc/dec 1/-1 -! parameter 4 loop label -! parameter 5 key address register -! parameter 6 optional address for key next encryption/decryption -! parameter 7 not empty for include retl -! -! also compares in2 to 8 - -define(rounds_macro, { - -! {rounds_macro} -! $1 $2 $3 $4 $5 $6 $7 $8 $9 - - xor $2, out0, local1 - - ld [out2+284], local5 ! 0x0000FC00 - ba $4 - and local1, 252, local1 - - .align 32 - -$4: - ! local6 is address sbox 6 - ! out3 is address sbox 8 - ! out4 is loop counter - - ld [global1+local1], local1 - xor $2, out1, out1 ! 8642 - xor $2, out0, out0 ! 7531 - ! fmovs %f0, %f0 ! fxor used for alignment - - srl out1, 4, local0 ! rotate 4 right - and out0, local5, local3 ! 3 - ! fmovs %f0, %f0 - - ld [$5+$3*8], local7 ! key 7531 next round - srl local3, 8, local3 ! 3 - and local0, 252, local2 ! 2 - ! fmovs %f0, %f0 - - ld [global3+local3],local3 ! 3 - sll out1, 28, out1 ! rotate - xor $1, local1, $1 ! 1 finished, local1 now sbox 7 - - ld [global2+local2], local2 ! 2 - srl out0, 24, local1 ! 7 - or out1, local0, out1 ! rotate - - ldub [out2+local1], local1 ! 7 (and 0xFC) - srl out1, 24, local0 ! 8 - and out1, local5, local4 ! 4 - - ldub [out2+local0], local0 ! 8 (and 0xFC) - srl local4, 8, local4 ! 4 - xor $1, local2, $1 ! 2 finished local2 now sbox 6 - - ld [global4+local4],local4 ! 4 - srl out1, 16, local2 ! 6 - xor $1, local3, $1 ! 3 finished local3 now sbox 5 - - ld [out3+local0],local0 ! 8 - and local2, 252, local2 ! 6 - add global1, 1536, local5 ! address sbox 7 - - ld [local6+local2], local2 ! 6 - srl out0, 16, local3 ! 5 - xor $1, local4, $1 ! 4 finished - - ld [local5+local1],local1 ! 7 - and local3, 252, local3 ! 5 - xor $1, local0, $1 ! 8 finished - - ld [global5+local3],local3 ! 5 - xor $1, local2, $1 ! 6 finished - subcc out4, 1, out4 - - ld [$5+$3*8+4], out0 ! key 8642 next round - xor $1, local7, local2 ! sbox 5 next round - xor $1, local1, $1 ! 7 finished - - srl local2, 16, local2 ! sbox 5 next round - xor $1, local3, $1 ! 5 finished - - ld [$5+$3*16+4], out1 ! key 8642 next round again - and local2, 252, local2 ! sbox5 next round -! next round - xor $1, local7, local7 ! 7531 - - ld [global5+local2], local2 ! 5 - srl local7, 24, local3 ! 7 - xor $1, out0, out0 ! 8642 - - ldub [out2+local3], local3 ! 7 (and 0xFC) - srl out0, 4, local0 ! rotate 4 right - and local7, 252, local1 ! 1 - - sll out0, 28, out0 ! rotate - xor $2, local2, $2 ! 5 finished local2 used - - srl local0, 8, local4 ! 4 - and local0, 252, local2 ! 2 - ld [local5+local3], local3 ! 7 - - srl local0, 16, local5 ! 6 - or out0, local0, out0 ! rotate - ld [global2+local2], local2 ! 2 - - srl out0, 24, local0 - ld [$5+$3*16], out0 ! key 7531 next round - and local4, 252, local4 ! 4 - - and local5, 252, local5 ! 6 - ld [global4+local4], local4 ! 4 - xor $2, local3, $2 ! 7 finished local3 used - - and local0, 252, local0 ! 8 - ld [local6+local5], local5 ! 6 - xor $2, local2, $2 ! 2 finished local2 now sbox 3 - - srl local7, 8, local2 ! 3 start - ld [out3+local0], local0 ! 8 - xor $2, local4, $2 ! 4 finished - - and local2, 252, local2 ! 3 - ld [global1+local1], local1 ! 1 - xor $2, local5, $2 ! 6 finished local5 used - - ld [global3+local2], local2 ! 3 - xor $2, local0, $2 ! 8 finished - add $5, $3*16, $5 ! enc add 8, dec add -8 to key pointer - - ld [out2+284], local5 ! 0x0000FC00 - xor $2, out0, local4 ! sbox 1 next round - xor $2, local1, $2 ! 1 finished - - xor $2, local2, $2 ! 3 finished - bne $4 - and local4, 252, local1 ! sbox 1 next round - -! two rounds more: - - ld [global1+local1], local1 - xor $2, out1, out1 - xor $2, out0, out0 - - srl out1, 4, local0 ! rotate - and out0, local5, local3 - - ld [$5+$3*8], local7 ! key 7531 - srl local3, 8, local3 - and local0, 252, local2 - - ld [global3+local3],local3 - sll out1, 28, out1 ! rotate - xor $1, local1, $1 ! 1 finished, local1 now sbox 7 - - ld [global2+local2], local2 - srl out0, 24, local1 - or out1, local0, out1 ! rotate - - ldub [out2+local1], local1 - srl out1, 24, local0 - and out1, local5, local4 - - ldub [out2+local0], local0 - srl local4, 8, local4 - xor $1, local2, $1 ! 2 finished local2 now sbox 6 - - ld [global4+local4],local4 - srl out1, 16, local2 - xor $1, local3, $1 ! 3 finished local3 now sbox 5 - - ld [out3+local0],local0 - and local2, 252, local2 - add global1, 1536, local5 ! address sbox 7 - - ld [local6+local2], local2 - srl out0, 16, local3 - xor $1, local4, $1 ! 4 finished - - ld [local5+local1],local1 - and local3, 252, local3 - xor $1, local0, $1 - - ld [global5+local3],local3 - xor $1, local2, $1 ! 6 finished - cmp in2, 8 - - ifelse($6,{}, {}, {ld [out2+280], out4}) ! loop counter - xor $1, local7, local2 ! sbox 5 next round - xor $1, local1, $1 ! 7 finished - - ld [$5+$3*8+4], out0 - srl local2, 16, local2 ! sbox 5 next round - xor $1, local3, $1 ! 5 finished - - and local2, 252, local2 -! next round (two rounds more) - xor $1, local7, local7 ! 7531 - - ld [global5+local2], local2 - srl local7, 24, local3 - xor $1, out0, out0 ! 8642 - - ldub [out2+local3], local3 - srl out0, 4, local0 ! rotate - and local7, 252, local1 - - sll out0, 28, out0 ! rotate - xor $2, local2, $2 ! 5 finished local2 used - - srl local0, 8, local4 - and local0, 252, local2 - ld [local5+local3], local3 - - srl local0, 16, local5 - or out0, local0, out0 ! rotate - ld [global2+local2], local2 - - srl out0, 24, local0 - ifelse($6,{}, {}, {ld [$6], out0}) ! key next encryption/decryption - and local4, 252, local4 - - and local5, 252, local5 - ld [global4+local4], local4 - xor $2, local3, $2 ! 7 finished local3 used - - and local0, 252, local0 - ld [local6+local5], local5 - xor $2, local2, $2 ! 2 finished local2 now sbox 3 - - srl local7, 8, local2 ! 3 start - ld [out3+local0], local0 - xor $2, local4, $2 - - and local2, 252, local2 - ld [global1+local1], local1 - xor $2, local5, $2 ! 6 finished local5 used - - ld [global3+local2], local2 - srl $1, 3, local3 - xor $2, local0, $2 - - ifelse($6,{}, {}, {ld [$6+4], out1}) ! key next encryption/decryption - sll $1, 29, local4 - xor $2, local1, $2 - - ifelse($7,{}, {}, {retl}) - xor $2, local2, $2 -}) - - -! {fp_macro} -! -! parameter 1 right (original left) -! parameter 2 left (original right) -! parameter 3 1 for optional store to [in0] -! parameter 4 1 for load input/output address to local5/7 -! -! The final permutation logic switches the halves, meaning that -! left and right ends up the registers originally used. - -define(fp_macro, { - -! {fp_macro} -! $1 $2 $3 $4 $5 $6 $7 $8 $9 - - ! initially undo the rotate 3 left done after initial permutation - ! original left is received shifted 3 right and 29 left in local3/4 - - sll $2, 29, local1 - or local3, local4, $1 - - srl $2, 3, $2 - sethi %hi(0x55555555), local2 - - or $2, local1, $2 - or local2, %lo(0x55555555), local2 - - srl $2, 1, local3 - sethi %hi(0x00ff00ff), local1 - xor local3, $1, local3 - or local1, %lo(0x00ff00ff), local1 - and local3, local2, local3 - sethi %hi(0x33333333), local4 - sll local3, 1, local2 - - xor $1, local3, $1 - - srl $1, 8, local3 - xor $2, local2, $2 - xor local3, $2, local3 - or local4, %lo(0x33333333), local4 - and local3, local1, local3 - sethi %hi(0x0000ffff), local1 - sll local3, 8, local2 - - xor $2, local3, $2 - - srl $2, 2, local3 - xor $1, local2, $1 - xor local3, $1, local3 - or local1, %lo(0x0000ffff), local1 - and local3, local4, local3 - sethi %hi(0x0f0f0f0f), local4 - sll local3, 2, local2 - - ifelse($4,1, {LDPTR INPUT, local5}) - xor $1, local3, $1 - - ifelse($4,1, {LDPTR OUTPUT, local7}) - srl $1, 16, local3 - xor $2, local2, $2 - xor local3, $2, local3 - or local4, %lo(0x0f0f0f0f), local4 - and local3, local1, local3 - sll local3, 16, local2 - - xor $2, local3, local1 - - srl local1, 4, local3 - xor $1, local2, $1 - xor local3, $1, local3 - and local3, local4, local3 - sll local3, 4, local2 - - xor $1, local3, $1 - - ! optional store: - - ifelse($3,1, {st $1, [in0]}) - - xor local1, local2, $2 - - ifelse($3,1, {st $2, [in0+4]}) - -}) - - -! {fp_ip_macro} -! -! Does initial permutation for next block mixed with -! final permutation for current block. -! -! parameter 1 original left -! parameter 2 original right -! parameter 3 left ip -! parameter 4 right ip -! parameter 5 1: load ks1/ks2 to in3/in4, add 120 to in4 -! 2: mov in4 to in3 -! -! also adds -8 to length in2 and loads loop counter to out4 - -define(fp_ip_macro, { - -! {fp_ip_macro} -! $1 $2 $3 $4 $5 $6 $7 $8 $9 - - define({temp1},{out4}) - define({temp2},{local3}) - - define({ip1},{local1}) - define({ip2},{local2}) - define({ip4},{local4}) - define({ip5},{local5}) - - ! $1 in local3, local4 - - ld [out2+256], ip1 - sll out5, 29, temp1 - or local3, local4, $1 - - srl out5, 3, $2 - ifelse($5,2,{mov in4, in3}) - - ld [out2+272], ip5 - srl $4, 4, local0 - or $2, temp1, $2 - - srl $2, 1, temp1 - xor temp1, $1, temp1 - - and temp1, ip5, temp1 - xor local0, $3, local0 - - sll temp1, 1, temp2 - xor $1, temp1, $1 - - and local0, ip1, local0 - add in2, -8, in2 - - sll local0, 4, local7 - xor $3, local0, $3 - - ld [out2+268], ip4 - srl $1, 8, temp1 - xor $2, temp2, $2 - ld [out2+260], ip2 - srl $3, 16, local0 - xor $4, local7, $4 - xor temp1, $2, temp1 - xor local0, $4, local0 - and temp1, ip4, temp1 - and local0, ip2, local0 - sll temp1, 8, temp2 - xor $2, temp1, $2 - sll local0, 16, local7 - xor $4, local0, $4 - - srl $2, 2, temp1 - xor $1, temp2, $1 - - ld [out2+264], temp2 ! ip3 - srl $4, 2, local0 - xor $3, local7, $3 - xor temp1, $1, temp1 - xor local0, $3, local0 - and temp1, temp2, temp1 - and local0, temp2, local0 - sll temp1, 2, temp2 - xor $1, temp1, $1 - sll local0, 2, local7 - xor $3, local0, $3 - - srl $1, 16, temp1 - xor $2, temp2, $2 - srl $3, 8, local0 - xor $4, local7, $4 - xor temp1, $2, temp1 - xor local0, $4, local0 - and temp1, ip2, temp1 - and local0, ip4, local0 - sll temp1, 16, temp2 - xor $2, temp1, local4 - sll local0, 8, local7 - xor $4, local0, $4 - - srl $4, 1, local0 - xor $3, local7, $3 - - srl local4, 4, temp1 - xor local0, $3, local0 - - xor $1, temp2, $1 - and local0, ip5, local0 - - sll local0, 1, local7 - xor temp1, $1, temp1 - - xor $3, local0, $3 - xor $4, local7, $4 - - sll $3, 3, local5 - and temp1, ip1, temp1 - - sll temp1, 4, temp2 - xor $1, temp1, $1 - - ifelse($5,1,{LDPTR KS2, in4}) - sll $4, 3, local2 - xor local4, temp2, $2 - - ! reload since used as temporary: - - ld [out2+280], out4 ! loop counter - - srl $3, 29, local0 - ifelse($5,1,{add in4, 120, in4}) - - ifelse($5,1,{LDPTR KS1, in3}) - srl $4, 29, local7 - - or local0, local5, $4 - or local2, local7, $3 - -}) - - - -! {load_little_endian} -! -! parameter 1 address -! parameter 2 destination left -! parameter 3 destination right -! parameter 4 temporary -! parameter 5 label - -define(load_little_endian, { - -! {load_little_endian} -! $1 $2 $3 $4 $5 $6 $7 $8 $9 - - ! first in memory to rightmost in register - -$5: - ldub [$1+3], $2 - - ldub [$1+2], $4 - sll $2, 8, $2 - or $2, $4, $2 - - ldub [$1+1], $4 - sll $2, 8, $2 - or $2, $4, $2 - - ldub [$1+0], $4 - sll $2, 8, $2 - or $2, $4, $2 - - - ldub [$1+3+4], $3 - - ldub [$1+2+4], $4 - sll $3, 8, $3 - or $3, $4, $3 - - ldub [$1+1+4], $4 - sll $3, 8, $3 - or $3, $4, $3 - - ldub [$1+0+4], $4 - sll $3, 8, $3 - or $3, $4, $3 -$5a: - -}) - - -! {load_little_endian_inc} -! -! parameter 1 address -! parameter 2 destination left -! parameter 3 destination right -! parameter 4 temporary -! parameter 4 label -! -! adds 8 to address - -define(load_little_endian_inc, { - -! {load_little_endian_inc} -! $1 $2 $3 $4 $5 $6 $7 $8 $9 - - ! first in memory to rightmost in register - -$5: - ldub [$1+3], $2 - - ldub [$1+2], $4 - sll $2, 8, $2 - or $2, $4, $2 - - ldub [$1+1], $4 - sll $2, 8, $2 - or $2, $4, $2 - - ldub [$1+0], $4 - sll $2, 8, $2 - or $2, $4, $2 - - ldub [$1+3+4], $3 - add $1, 8, $1 - - ldub [$1+2+4-8], $4 - sll $3, 8, $3 - or $3, $4, $3 - - ldub [$1+1+4-8], $4 - sll $3, 8, $3 - or $3, $4, $3 - - ldub [$1+0+4-8], $4 - sll $3, 8, $3 - or $3, $4, $3 -$5a: - -}) - - -! {load_n_bytes} -! -! Loads 1 to 7 bytes little endian -! Remaining bytes are zeroed. -! -! parameter 1 address -! parameter 2 length -! parameter 3 destination register left -! parameter 4 destination register right -! parameter 5 temp -! parameter 6 temp2 -! parameter 7 label -! parameter 8 return label - -define(load_n_bytes, { - -! {load_n_bytes} -! $1 $2 $5 $6 $7 $8 $7 $8 $9 - -$7.0: call .+8 - sll $2, 2, $6 - - add %o7,$7.jmp.table-$7.0,$5 - - add $5, $6, $5 - mov 0, $4 - - ld [$5], $5 - - jmp %o7+$5 - mov 0, $3 - -$7.7: - ldub [$1+6], $5 - sll $5, 16, $5 - or $3, $5, $3 -$7.6: - ldub [$1+5], $5 - sll $5, 8, $5 - or $3, $5, $3 -$7.5: - ldub [$1+4], $5 - or $3, $5, $3 -$7.4: - ldub [$1+3], $5 - sll $5, 24, $5 - or $4, $5, $4 -$7.3: - ldub [$1+2], $5 - sll $5, 16, $5 - or $4, $5, $4 -$7.2: - ldub [$1+1], $5 - sll $5, 8, $5 - or $4, $5, $4 -$7.1: - ldub [$1+0], $5 - ba $8 - or $4, $5, $4 - - .align 4 - -$7.jmp.table: - .word 0 - .word $7.1-$7.0 - .word $7.2-$7.0 - .word $7.3-$7.0 - .word $7.4-$7.0 - .word $7.5-$7.0 - .word $7.6-$7.0 - .word $7.7-$7.0 -}) - - -! {store_little_endian} -! -! parameter 1 address -! parameter 2 source left -! parameter 3 source right -! parameter 4 temporary - -define(store_little_endian, { - -! {store_little_endian} -! $1 $2 $3 $4 $5 $6 $7 $8 $9 - - ! rightmost in register to first in memory - -$5: - and $2, 255, $4 - stub $4, [$1+0] - - srl $2, 8, $4 - and $4, 255, $4 - stub $4, [$1+1] - - srl $2, 16, $4 - and $4, 255, $4 - stub $4, [$1+2] - - srl $2, 24, $4 - stub $4, [$1+3] - - - and $3, 255, $4 - stub $4, [$1+0+4] - - srl $3, 8, $4 - and $4, 255, $4 - stub $4, [$1+1+4] - - srl $3, 16, $4 - and $4, 255, $4 - stub $4, [$1+2+4] - - srl $3, 24, $4 - stub $4, [$1+3+4] - -$5a: - -}) - - -! {store_n_bytes} -! -! Stores 1 to 7 bytes little endian -! -! parameter 1 address -! parameter 2 length -! parameter 3 source register left -! parameter 4 source register right -! parameter 5 temp -! parameter 6 temp2 -! parameter 7 label -! parameter 8 return label - -define(store_n_bytes, { - -! {store_n_bytes} -! $1 $2 $5 $6 $7 $8 $7 $8 $9 - -$7.0: call .+8 - sll $2, 2, $6 - - add %o7,$7.jmp.table-$7.0,$5 - - add $5, $6, $5 - - ld [$5], $5 - - jmp %o7+$5 - nop - -$7.7: - srl $3, 16, $5 - and $5, 0xff, $5 - stub $5, [$1+6] -$7.6: - srl $3, 8, $5 - and $5, 0xff, $5 - stub $5, [$1+5] -$7.5: - and $3, 0xff, $5 - stub $5, [$1+4] -$7.4: - srl $4, 24, $5 - stub $5, [$1+3] -$7.3: - srl $4, 16, $5 - and $5, 0xff, $5 - stub $5, [$1+2] -$7.2: - srl $4, 8, $5 - and $5, 0xff, $5 - stub $5, [$1+1] -$7.1: - and $4, 0xff, $5 - - - ba $8 - stub $5, [$1] - - .align 4 - -$7.jmp.table: - - .word 0 - .word $7.1-$7.0 - .word $7.2-$7.0 - .word $7.3-$7.0 - .word $7.4-$7.0 - .word $7.5-$7.0 - .word $7.6-$7.0 - .word $7.7-$7.0 -}) - - -define(testvalue,{1}) - -define(register_init, { - -! For test purposes: - - sethi %hi(testvalue), local0 - or local0, %lo(testvalue), local0 - - ifelse($1,{},{}, {mov local0, $1}) - ifelse($2,{},{}, {mov local0, $2}) - ifelse($3,{},{}, {mov local0, $3}) - ifelse($4,{},{}, {mov local0, $4}) - ifelse($5,{},{}, {mov local0, $5}) - ifelse($6,{},{}, {mov local0, $6}) - ifelse($7,{},{}, {mov local0, $7}) - ifelse($8,{},{}, {mov local0, $8}) - - mov local0, local1 - mov local0, local2 - mov local0, local3 - mov local0, local4 - mov local0, local5 - mov local0, local7 - mov local0, local6 - mov local0, out0 - mov local0, out1 - mov local0, out2 - mov local0, out3 - mov local0, out4 - mov local0, out5 - mov local0, global1 - mov local0, global2 - mov local0, global3 - mov local0, global4 - mov local0, global5 - -}) - -.section ".text" - - .align 32 - -.des_enc: - - ! key address in3 - ! loads key next encryption/decryption first round from [in4] - - rounds_macro(in5, out5, 1, .des_enc.1, in3, in4, retl) - - - .align 32 - -.des_dec: - - ! implemented with out5 as first parameter to avoid - ! register exchange in ede modes - - ! key address in4 - ! loads key next encryption/decryption first round from [in3] - - rounds_macro(out5, in5, -1, .des_dec.1, in4, in3, retl) - - - -! void DES_encrypt1(data, ks, enc) -! ******************************* - - .align 32 - .global DES_encrypt1 - .type DES_encrypt1,#function - -DES_encrypt1: - - save %sp, FRAME, %sp - - sethi %hi(.PIC.DES_SPtrans-1f),global1 - or global1,%lo(.PIC.DES_SPtrans-1f),global1 -1: call .+8 - add %o7,global1,global1 - sub global1,.PIC.DES_SPtrans-.des_and,out2 - - ld [in0], in5 ! left - cmp in2, 0 ! enc - - be .encrypt.dec - ld [in0+4], out5 ! right - - ! parameter 6 1/2 for include encryption/decryption - ! parameter 7 1 for move in1 to in3 - ! parameter 8 1 for move in3 to in4, 2 for move in4 to in3 - - ip_macro(in5, out5, in5, out5, in3, 0, 1, 1) - - rounds_macro(in5, out5, 1, .des_encrypt1.1, in3, in4) ! in4 not used - - fp_macro(in5, out5, 1) ! 1 for store to [in0] - - ret - restore - -.encrypt.dec: - - add in1, 120, in3 ! use last subkey for first round - - ! parameter 6 1/2 for include encryption/decryption - ! parameter 7 1 for move in1 to in3 - ! parameter 8 1 for move in3 to in4, 2 for move in4 to in3 - - ip_macro(in5, out5, out5, in5, in4, 2, 0, 1) ! include dec, ks in4 - - fp_macro(out5, in5, 1) ! 1 for store to [in0] - - ret - restore - -.DES_encrypt1.end: - .size DES_encrypt1,.DES_encrypt1.end-DES_encrypt1 - - -! void DES_encrypt2(data, ks, enc) -!********************************* - - ! encrypts/decrypts without initial/final permutation - - .align 32 - .global DES_encrypt2 - .type DES_encrypt2,#function - -DES_encrypt2: - - save %sp, FRAME, %sp - - sethi %hi(.PIC.DES_SPtrans-1f),global1 - or global1,%lo(.PIC.DES_SPtrans-1f),global1 -1: call .+8 - add %o7,global1,global1 - sub global1,.PIC.DES_SPtrans-.des_and,out2 - - ! Set sbox address 1 to 6 and rotate halves 3 left - ! Errors caught by destest? Yes. Still? *NO* - - !sethi %hi(DES_SPtrans), global1 ! address sbox 1 - - !or global1, %lo(DES_SPtrans), global1 ! sbox 1 - - add global1, 256, global2 ! sbox 2 - add global1, 512, global3 ! sbox 3 - - ld [in0], out5 ! right - add global1, 768, global4 ! sbox 4 - add global1, 1024, global5 ! sbox 5 - - ld [in0+4], in5 ! left - add global1, 1280, local6 ! sbox 6 - add global1, 1792, out3 ! sbox 8 - - ! rotate - - sll in5, 3, local5 - mov in1, in3 ! key address to in3 - - sll out5, 3, local7 - srl in5, 29, in5 - - srl out5, 29, out5 - add in5, local5, in5 - - add out5, local7, out5 - cmp in2, 0 - - ! we use our own stackframe - - be .encrypt2.dec - STPTR in0, [%sp+BIAS+ARG0+0*ARGSZ] - - ld [in3], out0 ! key 7531 first round - mov LOOPS, out4 ! loop counter - - ld [in3+4], out1 ! key 8642 first round - sethi %hi(0x0000FC00), local5 - - call .des_enc - mov in3, in4 - - ! rotate - sll in5, 29, in0 - srl in5, 3, in5 - sll out5, 29, in1 - add in5, in0, in5 - srl out5, 3, out5 - LDPTR [%sp+BIAS+ARG0+0*ARGSZ], in0 - add out5, in1, out5 - st in5, [in0] - st out5, [in0+4] - - ret - restore - - -.encrypt2.dec: - - add in3, 120, in4 - - ld [in4], out0 ! key 7531 first round - mov LOOPS, out4 ! loop counter - - ld [in4+4], out1 ! key 8642 first round - sethi %hi(0x0000FC00), local5 - - mov in5, local1 ! left expected in out5 - mov out5, in5 - - call .des_dec - mov local1, out5 - -.encrypt2.finish: - - ! rotate - sll in5, 29, in0 - srl in5, 3, in5 - sll out5, 29, in1 - add in5, in0, in5 - srl out5, 3, out5 - LDPTR [%sp+BIAS+ARG0+0*ARGSZ], in0 - add out5, in1, out5 - st out5, [in0] - st in5, [in0+4] - - ret - restore - -.DES_encrypt2.end: - .size DES_encrypt2, .DES_encrypt2.end-DES_encrypt2 - - -! void DES_encrypt3(data, ks1, ks2, ks3) -! ************************************** - - .align 32 - .global DES_encrypt3 - .type DES_encrypt3,#function - -DES_encrypt3: - - save %sp, FRAME, %sp - - sethi %hi(.PIC.DES_SPtrans-1f),global1 - or global1,%lo(.PIC.DES_SPtrans-1f),global1 -1: call .+8 - add %o7,global1,global1 - sub global1,.PIC.DES_SPtrans-.des_and,out2 - - ld [in0], in5 ! left - add in2, 120, in4 ! ks2 - - ld [in0+4], out5 ! right - mov in3, in2 ! save ks3 - - ! parameter 6 1/2 for include encryption/decryption - ! parameter 7 1 for mov in1 to in3 - ! parameter 8 1 for mov in3 to in4 - ! parameter 9 1 for load ks3 and ks2 to in4 and in3 - - ip_macro(in5, out5, in5, out5, in3, 1, 1, 0, 0) - - call .des_dec - mov in2, in3 ! preload ks3 - - call .des_enc - nop - - fp_macro(in5, out5, 1) - - ret - restore - -.DES_encrypt3.end: - .size DES_encrypt3,.DES_encrypt3.end-DES_encrypt3 - - -! void DES_decrypt3(data, ks1, ks2, ks3) -! ************************************** - - .align 32 - .global DES_decrypt3 - .type DES_decrypt3,#function - -DES_decrypt3: - - save %sp, FRAME, %sp - - sethi %hi(.PIC.DES_SPtrans-1f),global1 - or global1,%lo(.PIC.DES_SPtrans-1f),global1 -1: call .+8 - add %o7,global1,global1 - sub global1,.PIC.DES_SPtrans-.des_and,out2 - - ld [in0], in5 ! left - add in3, 120, in4 ! ks3 - - ld [in0+4], out5 ! right - mov in2, in3 ! ks2 - - ! parameter 6 1/2 for include encryption/decryption - ! parameter 7 1 for mov in1 to in3 - ! parameter 8 1 for mov in3 to in4 - ! parameter 9 1 for load ks3 and ks2 to in4 and in3 - - ip_macro(in5, out5, out5, in5, in4, 2, 0, 0, 0) - - call .des_enc - add in1, 120, in4 ! preload ks1 - - call .des_dec - nop - - fp_macro(out5, in5, 1) - - ret - restore - -.DES_decrypt3.end: - .size DES_decrypt3,.DES_decrypt3.end-DES_decrypt3 - -! void DES_ncbc_encrypt(input, output, length, schedule, ivec, enc) -! ***************************************************************** - - - .align 32 - .global DES_ncbc_encrypt - .type DES_ncbc_encrypt,#function - -DES_ncbc_encrypt: - - save %sp, FRAME, %sp - - define({INPUT}, { [%sp+BIAS+ARG0+0*ARGSZ] }) - define({OUTPUT}, { [%sp+BIAS+ARG0+1*ARGSZ] }) - define({IVEC}, { [%sp+BIAS+ARG0+4*ARGSZ] }) - - sethi %hi(.PIC.DES_SPtrans-1f),global1 - or global1,%lo(.PIC.DES_SPtrans-1f),global1 -1: call .+8 - add %o7,global1,global1 - sub global1,.PIC.DES_SPtrans-.des_and,out2 - - cmp in5, 0 ! enc - - be .ncbc.dec - STPTR in4, IVEC - - ! addr left right temp label - load_little_endian(in4, in5, out5, local3, .LLE1) ! iv - - addcc in2, -8, in2 ! bytes missing when first block done - - bl .ncbc.enc.seven.or.less - mov in3, in4 ! schedule - -.ncbc.enc.next.block: - - load_little_endian(in0, out4, global4, local3, .LLE2) ! block - -.ncbc.enc.next.block_1: - - xor in5, out4, in5 ! iv xor - xor out5, global4, out5 ! iv xor - - ! parameter 8 1 for move in3 to in4, 2 for move in4 to in3 - ip_macro(in5, out5, in5, out5, in3, 0, 0, 2) - -.ncbc.enc.next.block_2: - -!// call .des_enc ! compares in2 to 8 -! rounds inlined for alignment purposes - - add global1, 768, global4 ! address sbox 4 since register used below - - rounds_macro(in5, out5, 1, .ncbc.enc.1, in3, in4) ! include encryption ks in3 - - bl .ncbc.enc.next.block_fp - add in0, 8, in0 ! input address - - ! If 8 or more bytes are to be encrypted after this block, - ! we combine final permutation for this block with initial - ! permutation for next block. Load next block: - - load_little_endian(in0, global3, global4, local5, .LLE12) - - ! parameter 1 original left - ! parameter 2 original right - ! parameter 3 left ip - ! parameter 4 right ip - ! parameter 5 1: load ks1/ks2 to in3/in4, add 120 to in4 - ! 2: mov in4 to in3 - ! - ! also adds -8 to length in2 and loads loop counter to out4 - - fp_ip_macro(out0, out1, global3, global4, 2) - - store_little_endian(in1, out0, out1, local3, .SLE10) ! block - - ld [in3], out0 ! key 7531 first round next block - mov in5, local1 - xor global3, out5, in5 ! iv xor next block - - ld [in3+4], out1 ! key 8642 - add global1, 512, global3 ! address sbox 3 since register used - xor global4, local1, out5 ! iv xor next block - - ba .ncbc.enc.next.block_2 - add in1, 8, in1 ! output address - -.ncbc.enc.next.block_fp: - - fp_macro(in5, out5) - - store_little_endian(in1, in5, out5, local3, .SLE1) ! block - - addcc in2, -8, in2 ! bytes missing when next block done - - bpos .ncbc.enc.next.block - add in1, 8, in1 - -.ncbc.enc.seven.or.less: - - cmp in2, -8 - - ble .ncbc.enc.finish - nop - - add in2, 8, local1 ! bytes to load - - ! addr, length, dest left, dest right, temp, temp2, label, ret label - load_n_bytes(in0, local1, global4, out4, local2, local3, .LNB1, .ncbc.enc.next.block_1) - - ! Loads 1 to 7 bytes little endian to global4, out4 - - -.ncbc.enc.finish: - - LDPTR IVEC, local4 - store_little_endian(local4, in5, out5, local5, .SLE2) ! ivec - - ret - restore - - -.ncbc.dec: - - STPTR in0, INPUT - cmp in2, 0 ! length - add in3, 120, in3 - - LDPTR IVEC, local7 ! ivec - ble .ncbc.dec.finish - mov in3, in4 ! schedule - - STPTR in1, OUTPUT - mov in0, local5 ! input - - load_little_endian(local7, in0, in1, local3, .LLE3) ! ivec - -.ncbc.dec.next.block: - - load_little_endian(local5, in5, out5, local3, .LLE4) ! block - - ! parameter 6 1/2 for include encryption/decryption - ! parameter 7 1 for mov in1 to in3 - ! parameter 8 1 for mov in3 to in4 - - ip_macro(in5, out5, out5, in5, in4, 2, 0, 1) ! include decryption ks in4 - - fp_macro(out5, in5, 0, 1) ! 1 for input and output address to local5/7 - - ! in2 is bytes left to be stored - ! in2 is compared to 8 in the rounds - - xor out5, in0, out4 ! iv xor - bl .ncbc.dec.seven.or.less - xor in5, in1, global4 ! iv xor - - ! Load ivec next block now, since input and output address might be the same. - - load_little_endian_inc(local5, in0, in1, local3, .LLE5) ! iv - - store_little_endian(local7, out4, global4, local3, .SLE3) - - STPTR local5, INPUT - add local7, 8, local7 - addcc in2, -8, in2 - - bg .ncbc.dec.next.block - STPTR local7, OUTPUT - - -.ncbc.dec.store.iv: - - LDPTR IVEC, local4 ! ivec - store_little_endian(local4, in0, in1, local5, .SLE4) - -.ncbc.dec.finish: - - ret - restore - -.ncbc.dec.seven.or.less: - - load_little_endian_inc(local5, in0, in1, local3, .LLE13) ! ivec - - store_n_bytes(local7, in2, global4, out4, local3, local4, .SNB1, .ncbc.dec.store.iv) - - -.DES_ncbc_encrypt.end: - .size DES_ncbc_encrypt, .DES_ncbc_encrypt.end-DES_ncbc_encrypt - - -! void DES_ede3_cbc_encrypt(input, output, length, ks1, ks2, ks3, ivec, enc) -! ************************************************************************** - - - .align 32 - .global DES_ede3_cbc_encrypt - .type DES_ede3_cbc_encrypt,#function - -DES_ede3_cbc_encrypt: - - save %sp, FRAME, %sp - - define({KS1}, { [%sp+BIAS+ARG0+3*ARGSZ] }) - define({KS2}, { [%sp+BIAS+ARG0+4*ARGSZ] }) - define({KS3}, { [%sp+BIAS+ARG0+5*ARGSZ] }) - - sethi %hi(.PIC.DES_SPtrans-1f),global1 - or global1,%lo(.PIC.DES_SPtrans-1f),global1 -1: call .+8 - add %o7,global1,global1 - sub global1,.PIC.DES_SPtrans-.des_and,out2 - - LDPTR [%fp+BIAS+ARG0+7*ARGSZ], local3 ! enc - LDPTR [%fp+BIAS+ARG0+6*ARGSZ], local4 ! ivec - cmp local3, 0 ! enc - - be .ede3.dec - STPTR in4, KS2 - - STPTR in5, KS3 - - load_little_endian(local4, in5, out5, local3, .LLE6) ! ivec - - addcc in2, -8, in2 ! bytes missing after next block - - bl .ede3.enc.seven.or.less - STPTR in3, KS1 - -.ede3.enc.next.block: - - load_little_endian(in0, out4, global4, local3, .LLE7) - -.ede3.enc.next.block_1: - - LDPTR KS2, in4 - xor in5, out4, in5 ! iv xor - xor out5, global4, out5 ! iv xor - - LDPTR KS1, in3 - add in4, 120, in4 ! for decryption we use last subkey first - nop - - ip_macro(in5, out5, in5, out5, in3) - -.ede3.enc.next.block_2: - - call .des_enc ! ks1 in3 - nop - - call .des_dec ! ks2 in4 - LDPTR KS3, in3 - - call .des_enc ! ks3 in3 compares in2 to 8 - nop - - bl .ede3.enc.next.block_fp - add in0, 8, in0 - - ! If 8 or more bytes are to be encrypted after this block, - ! we combine final permutation for this block with initial - ! permutation for next block. Load next block: - - load_little_endian(in0, global3, global4, local5, .LLE11) - - ! parameter 1 original left - ! parameter 2 original right - ! parameter 3 left ip - ! parameter 4 right ip - ! parameter 5 1: load ks1/ks2 to in3/in4, add 120 to in4 - ! 2: mov in4 to in3 - ! - ! also adds -8 to length in2 and loads loop counter to out4 - - fp_ip_macro(out0, out1, global3, global4, 1) - - store_little_endian(in1, out0, out1, local3, .SLE9) ! block - - mov in5, local1 - xor global3, out5, in5 ! iv xor next block - - ld [in3], out0 ! key 7531 - add global1, 512, global3 ! address sbox 3 - xor global4, local1, out5 ! iv xor next block - - ld [in3+4], out1 ! key 8642 - add global1, 768, global4 ! address sbox 4 - ba .ede3.enc.next.block_2 - add in1, 8, in1 - -.ede3.enc.next.block_fp: - - fp_macro(in5, out5) - - store_little_endian(in1, in5, out5, local3, .SLE5) ! block - - addcc in2, -8, in2 ! bytes missing when next block done - - bpos .ede3.enc.next.block - add in1, 8, in1 - -.ede3.enc.seven.or.less: - - cmp in2, -8 - - ble .ede3.enc.finish - nop - - add in2, 8, local1 ! bytes to load - - ! addr, length, dest left, dest right, temp, temp2, label, ret label - load_n_bytes(in0, local1, global4, out4, local2, local3, .LNB2, .ede3.enc.next.block_1) - -.ede3.enc.finish: - - LDPTR [%fp+BIAS+ARG0+6*ARGSZ], local4 ! ivec - store_little_endian(local4, in5, out5, local5, .SLE6) ! ivec - - ret - restore - -.ede3.dec: - - STPTR in0, INPUT - add in5, 120, in5 - - STPTR in1, OUTPUT - mov in0, local5 - add in3, 120, in3 - - STPTR in3, KS1 - cmp in2, 0 - - ble .ede3.dec.finish - STPTR in5, KS3 - - LDPTR [%fp+BIAS+ARG0+6*ARGSZ], local7 ! iv - load_little_endian(local7, in0, in1, local3, .LLE8) - -.ede3.dec.next.block: - - load_little_endian(local5, in5, out5, local3, .LLE9) - - ! parameter 6 1/2 for include encryption/decryption - ! parameter 7 1 for mov in1 to in3 - ! parameter 8 1 for mov in3 to in4 - ! parameter 9 1 for load ks3 and ks2 to in4 and in3 - - ip_macro(in5, out5, out5, in5, in4, 2, 0, 0, 1) ! inc .des_dec ks3 in4 - - call .des_enc ! ks2 in3 - LDPTR KS1, in4 - - call .des_dec ! ks1 in4 - nop - - fp_macro(out5, in5, 0, 1) ! 1 for input and output address local5/7 - - ! in2 is bytes left to be stored - ! in2 is compared to 8 in the rounds - - xor out5, in0, out4 - bl .ede3.dec.seven.or.less - xor in5, in1, global4 - - load_little_endian_inc(local5, in0, in1, local3, .LLE10) ! iv next block - - store_little_endian(local7, out4, global4, local3, .SLE7) ! block - - STPTR local5, INPUT - addcc in2, -8, in2 - add local7, 8, local7 - - bg .ede3.dec.next.block - STPTR local7, OUTPUT - -.ede3.dec.store.iv: - - LDPTR [%fp+BIAS+ARG0+6*ARGSZ], local4 ! ivec - store_little_endian(local4, in0, in1, local5, .SLE8) ! ivec - -.ede3.dec.finish: - - ret - restore - -.ede3.dec.seven.or.less: - - load_little_endian_inc(local5, in0, in1, local3, .LLE14) ! iv - - store_n_bytes(local7, in2, global4, out4, local3, local4, .SNB2, .ede3.dec.store.iv) - - -.DES_ede3_cbc_encrypt.end: - .size DES_ede3_cbc_encrypt,.DES_ede3_cbc_encrypt.end-DES_ede3_cbc_encrypt - - .align 256 - .type .des_and,#object - .size .des_and,284 - -.des_and: - -! This table is used for AND 0xFC when it is known that register -! bits 8-31 are zero. Makes it possible to do three arithmetic -! operations in one cycle. - - .byte 0, 0, 0, 0, 4, 4, 4, 4 - .byte 8, 8, 8, 8, 12, 12, 12, 12 - .byte 16, 16, 16, 16, 20, 20, 20, 20 - .byte 24, 24, 24, 24, 28, 28, 28, 28 - .byte 32, 32, 32, 32, 36, 36, 36, 36 - .byte 40, 40, 40, 40, 44, 44, 44, 44 - .byte 48, 48, 48, 48, 52, 52, 52, 52 - .byte 56, 56, 56, 56, 60, 60, 60, 60 - .byte 64, 64, 64, 64, 68, 68, 68, 68 - .byte 72, 72, 72, 72, 76, 76, 76, 76 - .byte 80, 80, 80, 80, 84, 84, 84, 84 - .byte 88, 88, 88, 88, 92, 92, 92, 92 - .byte 96, 96, 96, 96, 100, 100, 100, 100 - .byte 104, 104, 104, 104, 108, 108, 108, 108 - .byte 112, 112, 112, 112, 116, 116, 116, 116 - .byte 120, 120, 120, 120, 124, 124, 124, 124 - .byte 128, 128, 128, 128, 132, 132, 132, 132 - .byte 136, 136, 136, 136, 140, 140, 140, 140 - .byte 144, 144, 144, 144, 148, 148, 148, 148 - .byte 152, 152, 152, 152, 156, 156, 156, 156 - .byte 160, 160, 160, 160, 164, 164, 164, 164 - .byte 168, 168, 168, 168, 172, 172, 172, 172 - .byte 176, 176, 176, 176, 180, 180, 180, 180 - .byte 184, 184, 184, 184, 188, 188, 188, 188 - .byte 192, 192, 192, 192, 196, 196, 196, 196 - .byte 200, 200, 200, 200, 204, 204, 204, 204 - .byte 208, 208, 208, 208, 212, 212, 212, 212 - .byte 216, 216, 216, 216, 220, 220, 220, 220 - .byte 224, 224, 224, 224, 228, 228, 228, 228 - .byte 232, 232, 232, 232, 236, 236, 236, 236 - .byte 240, 240, 240, 240, 244, 244, 244, 244 - .byte 248, 248, 248, 248, 252, 252, 252, 252 - - ! 5 numbers for initial/final permutation - - .word 0x0f0f0f0f ! offset 256 - .word 0x0000ffff ! 260 - .word 0x33333333 ! 264 - .word 0x00ff00ff ! 268 - .word 0x55555555 ! 272 - - .word 0 ! 276 - .word LOOPS ! 280 - .word 0x0000FC00 ! 284 - - .global DES_SPtrans - .type DES_SPtrans,#object - .size DES_SPtrans,2048 -.align 64 -DES_SPtrans: -.PIC.DES_SPtrans: - ! nibble 0 - .word 0x02080800, 0x00080000, 0x02000002, 0x02080802 - .word 0x02000000, 0x00080802, 0x00080002, 0x02000002 - .word 0x00080802, 0x02080800, 0x02080000, 0x00000802 - .word 0x02000802, 0x02000000, 0x00000000, 0x00080002 - .word 0x00080000, 0x00000002, 0x02000800, 0x00080800 - .word 0x02080802, 0x02080000, 0x00000802, 0x02000800 - .word 0x00000002, 0x00000800, 0x00080800, 0x02080002 - .word 0x00000800, 0x02000802, 0x02080002, 0x00000000 - .word 0x00000000, 0x02080802, 0x02000800, 0x00080002 - .word 0x02080800, 0x00080000, 0x00000802, 0x02000800 - .word 0x02080002, 0x00000800, 0x00080800, 0x02000002 - .word 0x00080802, 0x00000002, 0x02000002, 0x02080000 - .word 0x02080802, 0x00080800, 0x02080000, 0x02000802 - .word 0x02000000, 0x00000802, 0x00080002, 0x00000000 - .word 0x00080000, 0x02000000, 0x02000802, 0x02080800 - .word 0x00000002, 0x02080002, 0x00000800, 0x00080802 - ! nibble 1 - .word 0x40108010, 0x00000000, 0x00108000, 0x40100000 - .word 0x40000010, 0x00008010, 0x40008000, 0x00108000 - .word 0x00008000, 0x40100010, 0x00000010, 0x40008000 - .word 0x00100010, 0x40108000, 0x40100000, 0x00000010 - .word 0x00100000, 0x40008010, 0x40100010, 0x00008000 - .word 0x00108010, 0x40000000, 0x00000000, 0x00100010 - .word 0x40008010, 0x00108010, 0x40108000, 0x40000010 - .word 0x40000000, 0x00100000, 0x00008010, 0x40108010 - .word 0x00100010, 0x40108000, 0x40008000, 0x00108010 - .word 0x40108010, 0x00100010, 0x40000010, 0x00000000 - .word 0x40000000, 0x00008010, 0x00100000, 0x40100010 - .word 0x00008000, 0x40000000, 0x00108010, 0x40008010 - .word 0x40108000, 0x00008000, 0x00000000, 0x40000010 - .word 0x00000010, 0x40108010, 0x00108000, 0x40100000 - .word 0x40100010, 0x00100000, 0x00008010, 0x40008000 - .word 0x40008010, 0x00000010, 0x40100000, 0x00108000 - ! nibble 2 - .word 0x04000001, 0x04040100, 0x00000100, 0x04000101 - .word 0x00040001, 0x04000000, 0x04000101, 0x00040100 - .word 0x04000100, 0x00040000, 0x04040000, 0x00000001 - .word 0x04040101, 0x00000101, 0x00000001, 0x04040001 - .word 0x00000000, 0x00040001, 0x04040100, 0x00000100 - .word 0x00000101, 0x04040101, 0x00040000, 0x04000001 - .word 0x04040001, 0x04000100, 0x00040101, 0x04040000 - .word 0x00040100, 0x00000000, 0x04000000, 0x00040101 - .word 0x04040100, 0x00000100, 0x00000001, 0x00040000 - .word 0x00000101, 0x00040001, 0x04040000, 0x04000101 - .word 0x00000000, 0x04040100, 0x00040100, 0x04040001 - .word 0x00040001, 0x04000000, 0x04040101, 0x00000001 - .word 0x00040101, 0x04000001, 0x04000000, 0x04040101 - .word 0x00040000, 0x04000100, 0x04000101, 0x00040100 - .word 0x04000100, 0x00000000, 0x04040001, 0x00000101 - .word 0x04000001, 0x00040101, 0x00000100, 0x04040000 - ! nibble 3 - .word 0x00401008, 0x10001000, 0x00000008, 0x10401008 - .word 0x00000000, 0x10400000, 0x10001008, 0x00400008 - .word 0x10401000, 0x10000008, 0x10000000, 0x00001008 - .word 0x10000008, 0x00401008, 0x00400000, 0x10000000 - .word 0x10400008, 0x00401000, 0x00001000, 0x00000008 - .word 0x00401000, 0x10001008, 0x10400000, 0x00001000 - .word 0x00001008, 0x00000000, 0x00400008, 0x10401000 - .word 0x10001000, 0x10400008, 0x10401008, 0x00400000 - .word 0x10400008, 0x00001008, 0x00400000, 0x10000008 - .word 0x00401000, 0x10001000, 0x00000008, 0x10400000 - .word 0x10001008, 0x00000000, 0x00001000, 0x00400008 - .word 0x00000000, 0x10400008, 0x10401000, 0x00001000 - .word 0x10000000, 0x10401008, 0x00401008, 0x00400000 - .word 0x10401008, 0x00000008, 0x10001000, 0x00401008 - .word 0x00400008, 0x00401000, 0x10400000, 0x10001008 - .word 0x00001008, 0x10000000, 0x10000008, 0x10401000 - ! nibble 4 - .word 0x08000000, 0x00010000, 0x00000400, 0x08010420 - .word 0x08010020, 0x08000400, 0x00010420, 0x08010000 - .word 0x00010000, 0x00000020, 0x08000020, 0x00010400 - .word 0x08000420, 0x08010020, 0x08010400, 0x00000000 - .word 0x00010400, 0x08000000, 0x00010020, 0x00000420 - .word 0x08000400, 0x00010420, 0x00000000, 0x08000020 - .word 0x00000020, 0x08000420, 0x08010420, 0x00010020 - .word 0x08010000, 0x00000400, 0x00000420, 0x08010400 - .word 0x08010400, 0x08000420, 0x00010020, 0x08010000 - .word 0x00010000, 0x00000020, 0x08000020, 0x08000400 - .word 0x08000000, 0x00010400, 0x08010420, 0x00000000 - .word 0x00010420, 0x08000000, 0x00000400, 0x00010020 - .word 0x08000420, 0x00000400, 0x00000000, 0x08010420 - .word 0x08010020, 0x08010400, 0x00000420, 0x00010000 - .word 0x00010400, 0x08010020, 0x08000400, 0x00000420 - .word 0x00000020, 0x00010420, 0x08010000, 0x08000020 - ! nibble 5 - .word 0x80000040, 0x00200040, 0x00000000, 0x80202000 - .word 0x00200040, 0x00002000, 0x80002040, 0x00200000 - .word 0x00002040, 0x80202040, 0x00202000, 0x80000000 - .word 0x80002000, 0x80000040, 0x80200000, 0x00202040 - .word 0x00200000, 0x80002040, 0x80200040, 0x00000000 - .word 0x00002000, 0x00000040, 0x80202000, 0x80200040 - .word 0x80202040, 0x80200000, 0x80000000, 0x00002040 - .word 0x00000040, 0x00202000, 0x00202040, 0x80002000 - .word 0x00002040, 0x80000000, 0x80002000, 0x00202040 - .word 0x80202000, 0x00200040, 0x00000000, 0x80002000 - .word 0x80000000, 0x00002000, 0x80200040, 0x00200000 - .word 0x00200040, 0x80202040, 0x00202000, 0x00000040 - .word 0x80202040, 0x00202000, 0x00200000, 0x80002040 - .word 0x80000040, 0x80200000, 0x00202040, 0x00000000 - .word 0x00002000, 0x80000040, 0x80002040, 0x80202000 - .word 0x80200000, 0x00002040, 0x00000040, 0x80200040 - ! nibble 6 - .word 0x00004000, 0x00000200, 0x01000200, 0x01000004 - .word 0x01004204, 0x00004004, 0x00004200, 0x00000000 - .word 0x01000000, 0x01000204, 0x00000204, 0x01004000 - .word 0x00000004, 0x01004200, 0x01004000, 0x00000204 - .word 0x01000204, 0x00004000, 0x00004004, 0x01004204 - .word 0x00000000, 0x01000200, 0x01000004, 0x00004200 - .word 0x01004004, 0x00004204, 0x01004200, 0x00000004 - .word 0x00004204, 0x01004004, 0x00000200, 0x01000000 - .word 0x00004204, 0x01004000, 0x01004004, 0x00000204 - .word 0x00004000, 0x00000200, 0x01000000, 0x01004004 - .word 0x01000204, 0x00004204, 0x00004200, 0x00000000 - .word 0x00000200, 0x01000004, 0x00000004, 0x01000200 - .word 0x00000000, 0x01000204, 0x01000200, 0x00004200 - .word 0x00000204, 0x00004000, 0x01004204, 0x01000000 - .word 0x01004200, 0x00000004, 0x00004004, 0x01004204 - .word 0x01000004, 0x01004200, 0x01004000, 0x00004004 - ! nibble 7 - .word 0x20800080, 0x20820000, 0x00020080, 0x00000000 - .word 0x20020000, 0x00800080, 0x20800000, 0x20820080 - .word 0x00000080, 0x20000000, 0x00820000, 0x00020080 - .word 0x00820080, 0x20020080, 0x20000080, 0x20800000 - .word 0x00020000, 0x00820080, 0x00800080, 0x20020000 - .word 0x20820080, 0x20000080, 0x00000000, 0x00820000 - .word 0x20000000, 0x00800000, 0x20020080, 0x20800080 - .word 0x00800000, 0x00020000, 0x20820000, 0x00000080 - .word 0x00800000, 0x00020000, 0x20000080, 0x20820080 - .word 0x00020080, 0x20000000, 0x00000000, 0x00820000 - .word 0x20800080, 0x20020080, 0x20020000, 0x00800080 - .word 0x20820000, 0x00000080, 0x00800080, 0x20020000 - .word 0x20820080, 0x00800000, 0x20800000, 0x20000080 - .word 0x00820000, 0x00020080, 0x20020080, 0x20800000 - .word 0x00000080, 0x20820000, 0x00820080, 0x00000000 - .word 0x20000000, 0x20800080, 0x00020000, 0x00820080 - diff --git a/crypto/des/asm/desboth.pl b/crypto/des/asm/desboth.pl deleted file mode 100644 index afffd20d84cd5428cf4017cd1d369c18a9651f62..0000000000000000000000000000000000000000 --- a/crypto/des/asm/desboth.pl +++ /dev/null @@ -1,86 +0,0 @@ -#! /usr/bin/env perl -# Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - - -$L="edi"; -$R="esi"; - -sub DES_encrypt3 - { - local($name,$enc)=@_; - - &function_begin_B($name,""); - &push("ebx"); - &mov("ebx",&wparam(0)); - - &push("ebp"); - &push("esi"); - - &push("edi"); - - &comment(""); - &comment("Load the data words"); - &mov($L,&DWP(0,"ebx","",0)); - &mov($R,&DWP(4,"ebx","",0)); - &stack_push(3); - - &comment(""); - &comment("IP"); - &IP_new($L,$R,"edx",0); - - # put them back - - if ($enc) - { - &mov(&DWP(4,"ebx","",0),$R); - &mov("eax",&wparam(1)); - &mov(&DWP(0,"ebx","",0),"edx"); - &mov("edi",&wparam(2)); - &mov("esi",&wparam(3)); - } - else - { - &mov(&DWP(4,"ebx","",0),$R); - &mov("esi",&wparam(1)); - &mov(&DWP(0,"ebx","",0),"edx"); - &mov("edi",&wparam(2)); - &mov("eax",&wparam(3)); - } - &mov(&swtmp(2), (DWC(($enc)?"1":"0"))); - &mov(&swtmp(1), "eax"); - &mov(&swtmp(0), "ebx"); - &call("DES_encrypt2"); - &mov(&swtmp(2), (DWC(($enc)?"0":"1"))); - &mov(&swtmp(1), "edi"); - &mov(&swtmp(0), "ebx"); - &call("DES_encrypt2"); - &mov(&swtmp(2), (DWC(($enc)?"1":"0"))); - &mov(&swtmp(1), "esi"); - &mov(&swtmp(0), "ebx"); - &call("DES_encrypt2"); - - &stack_pop(3); - &mov($L,&DWP(0,"ebx","",0)); - &mov($R,&DWP(4,"ebx","",0)); - - &comment(""); - &comment("FP"); - &FP_new($L,$R,"eax",0); - - &mov(&DWP(0,"ebx","",0),"eax"); - &mov(&DWP(4,"ebx","",0),$R); - - &pop("edi"); - &pop("esi"); - &pop("ebp"); - &pop("ebx"); - &ret(); - &function_end_B($name); - } - - diff --git a/crypto/des/asm/dest4-sparcv9.pl b/crypto/des/asm/dest4-sparcv9.pl deleted file mode 100644 index afa15860f0a0a0cadce9539a7a23c24f35f8cb39..0000000000000000000000000000000000000000 --- a/crypto/des/asm/dest4-sparcv9.pl +++ /dev/null @@ -1,629 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2013-2021 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - - -# ==================================================================== -# Written by David S. Miller and Andy Polyakov. -# The module is licensed under 2-clause BSD -# license. March 2013. All rights reserved. -# ==================================================================== - -###################################################################### -# DES for SPARC T4. -# -# As with other hardware-assisted ciphers CBC encrypt results [for -# aligned data] are virtually identical to critical path lengths: -# -# DES Triple-DES -# CBC encrypt 4.14/4.15(*) 11.7/11.7 -# CBC decrypt 1.77/4.11(**) 6.42/7.47 -# -# (*) numbers after slash are for -# misaligned data; -# (**) this is result for largest -# block size, unlike all other -# cases smaller blocks results -# are better[?]; - -$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; -push(@INC,"${dir}","${dir}../../perlasm"); -require "sparcv9_modes.pl"; - -$output=pop and open STDOUT,">$output"; - -$code.=<<___; -#ifndef __ASSEMBLER__ -# define __ASSEMBLER__ 1 -#endif -#include "crypto/sparc_arch.h" - -#ifdef __arch64__ -.register %g2,#scratch -.register %g3,#scratch -#endif - -.text -___ - -{ my ($inp,$out)=("%o0","%o1"); - -$code.=<<___; -.align 32 -.globl des_t4_key_expand -.type des_t4_key_expand,#function -des_t4_key_expand: - andcc $inp, 0x7, %g0 - alignaddr $inp, %g0, $inp - bz,pt %icc, 1f - ldd [$inp + 0x00], %f0 - ldd [$inp + 0x08], %f2 - faligndata %f0, %f2, %f0 -1: des_kexpand %f0, 0, %f0 - des_kexpand %f0, 1, %f2 - std %f0, [$out + 0x00] - des_kexpand %f2, 3, %f6 - std %f2, [$out + 0x08] - des_kexpand %f2, 2, %f4 - des_kexpand %f6, 3, %f10 - std %f6, [$out + 0x18] - des_kexpand %f6, 2, %f8 - std %f4, [$out + 0x10] - des_kexpand %f10, 3, %f14 - std %f10, [$out + 0x28] - des_kexpand %f10, 2, %f12 - std %f8, [$out + 0x20] - des_kexpand %f14, 1, %f16 - std %f14, [$out + 0x38] - des_kexpand %f16, 3, %f20 - std %f12, [$out + 0x30] - des_kexpand %f16, 2, %f18 - std %f16, [$out + 0x40] - des_kexpand %f20, 3, %f24 - std %f20, [$out + 0x50] - des_kexpand %f20, 2, %f22 - std %f18, [$out + 0x48] - des_kexpand %f24, 3, %f28 - std %f24, [$out + 0x60] - des_kexpand %f24, 2, %f26 - std %f22, [$out + 0x58] - des_kexpand %f28, 1, %f30 - std %f28, [$out + 0x70] - std %f26, [$out + 0x68] - retl - std %f30, [$out + 0x78] -.size des_t4_key_expand,.-des_t4_key_expand -___ -} -{ my ($inp,$out,$len,$key,$ivec) = map("%o$_",(0..4)); - my ($ileft,$iright,$omask) = map("%g$_",(1..3)); - -$code.=<<___; -.globl des_t4_cbc_encrypt -.align 32 -des_t4_cbc_encrypt: - cmp $len, 0 - be,pn $::size_t_cc, .Lcbc_abort - srln $len, 0, $len ! needed on v8+, "nop" on v9 - ld [$ivec + 0], %f0 ! load ivec - ld [$ivec + 4], %f1 - - and $inp, 7, $ileft - andn $inp, 7, $inp - sll $ileft, 3, $ileft - mov 0xff, $omask - prefetch [$inp], 20 - prefetch [$inp + 63], 20 - sub %g0, $ileft, $iright - and $out, 7, %g4 - alignaddrl $out, %g0, $out - srl $omask, %g4, $omask - srlx $len, 3, $len - movrz %g4, 0, $omask - prefetch [$out], 22 - - ldd [$key + 0x00], %f4 ! load key schedule - ldd [$key + 0x08], %f6 - ldd [$key + 0x10], %f8 - ldd [$key + 0x18], %f10 - ldd [$key + 0x20], %f12 - ldd [$key + 0x28], %f14 - ldd [$key + 0x30], %f16 - ldd [$key + 0x38], %f18 - ldd [$key + 0x40], %f20 - ldd [$key + 0x48], %f22 - ldd [$key + 0x50], %f24 - ldd [$key + 0x58], %f26 - ldd [$key + 0x60], %f28 - ldd [$key + 0x68], %f30 - ldd [$key + 0x70], %f32 - ldd [$key + 0x78], %f34 - -.Ldes_cbc_enc_loop: - ldx [$inp + 0], %g4 - brz,pt $ileft, 4f - nop - - ldx [$inp + 8], %g5 - sllx %g4, $ileft, %g4 - srlx %g5, $iright, %g5 - or %g5, %g4, %g4 -4: - movxtod %g4, %f2 - prefetch [$inp + 8+63], 20 - add $inp, 8, $inp - fxor %f2, %f0, %f0 ! ^= ivec - prefetch [$out + 63], 22 - - des_ip %f0, %f0 - des_round %f4, %f6, %f0, %f0 - des_round %f8, %f10, %f0, %f0 - des_round %f12, %f14, %f0, %f0 - des_round %f16, %f18, %f0, %f0 - des_round %f20, %f22, %f0, %f0 - des_round %f24, %f26, %f0, %f0 - des_round %f28, %f30, %f0, %f0 - des_round %f32, %f34, %f0, %f0 - des_iip %f0, %f0 - - brnz,pn $omask, 2f - sub $len, 1, $len - - std %f0, [$out + 0] - brnz,pt $len, .Ldes_cbc_enc_loop - add $out, 8, $out - - st %f0, [$ivec + 0] ! write out ivec - retl - st %f1, [$ivec + 4] -.Lcbc_abort: - retl - nop - -.align 16 -2: ldxa [$inp]0x82, %g4 ! avoid read-after-write hazard - ! and ~4x deterioration - ! in inp==out case - faligndata %f0, %f0, %f2 ! handle unaligned output - - stda %f2, [$out + $omask]0xc0 ! partial store - add $out, 8, $out - orn %g0, $omask, $omask - stda %f2, [$out + $omask]0xc0 ! partial store - - brnz,pt $len, .Ldes_cbc_enc_loop+4 - orn %g0, $omask, $omask - - st %f0, [$ivec + 0] ! write out ivec - retl - st %f1, [$ivec + 4] -.type des_t4_cbc_encrypt,#function -.size des_t4_cbc_encrypt,.-des_t4_cbc_encrypt - -.globl des_t4_cbc_decrypt -.align 32 -des_t4_cbc_decrypt: - cmp $len, 0 - be,pn $::size_t_cc, .Lcbc_abort - srln $len, 0, $len ! needed on v8+, "nop" on v9 - ld [$ivec + 0], %f2 ! load ivec - ld [$ivec + 4], %f3 - - and $inp, 7, $ileft - andn $inp, 7, $inp - sll $ileft, 3, $ileft - mov 0xff, $omask - prefetch [$inp], 20 - prefetch [$inp + 63], 20 - sub %g0, $ileft, $iright - and $out, 7, %g4 - alignaddrl $out, %g0, $out - srl $omask, %g4, $omask - srlx $len, 3, $len - movrz %g4, 0, $omask - prefetch [$out], 22 - - ldd [$key + 0x78], %f4 ! load key schedule - ldd [$key + 0x70], %f6 - ldd [$key + 0x68], %f8 - ldd [$key + 0x60], %f10 - ldd [$key + 0x58], %f12 - ldd [$key + 0x50], %f14 - ldd [$key + 0x48], %f16 - ldd [$key + 0x40], %f18 - ldd [$key + 0x38], %f20 - ldd [$key + 0x30], %f22 - ldd [$key + 0x28], %f24 - ldd [$key + 0x20], %f26 - ldd [$key + 0x18], %f28 - ldd [$key + 0x10], %f30 - ldd [$key + 0x08], %f32 - ldd [$key + 0x00], %f34 - -.Ldes_cbc_dec_loop: - ldx [$inp + 0], %g4 - brz,pt $ileft, 4f - nop - - ldx [$inp + 8], %g5 - sllx %g4, $ileft, %g4 - srlx %g5, $iright, %g5 - or %g5, %g4, %g4 -4: - movxtod %g4, %f0 - prefetch [$inp + 8+63], 20 - add $inp, 8, $inp - prefetch [$out + 63], 22 - - des_ip %f0, %f0 - des_round %f4, %f6, %f0, %f0 - des_round %f8, %f10, %f0, %f0 - des_round %f12, %f14, %f0, %f0 - des_round %f16, %f18, %f0, %f0 - des_round %f20, %f22, %f0, %f0 - des_round %f24, %f26, %f0, %f0 - des_round %f28, %f30, %f0, %f0 - des_round %f32, %f34, %f0, %f0 - des_iip %f0, %f0 - - fxor %f2, %f0, %f0 ! ^= ivec - movxtod %g4, %f2 - - brnz,pn $omask, 2f - sub $len, 1, $len - - std %f0, [$out + 0] - brnz,pt $len, .Ldes_cbc_dec_loop - add $out, 8, $out - - st %f2, [$ivec + 0] ! write out ivec - retl - st %f3, [$ivec + 4] - -.align 16 -2: ldxa [$inp]0x82, %g4 ! avoid read-after-write hazard - ! and ~4x deterioration - ! in inp==out case - faligndata %f0, %f0, %f0 ! handle unaligned output - - stda %f0, [$out + $omask]0xc0 ! partial store - add $out, 8, $out - orn %g0, $omask, $omask - stda %f0, [$out + $omask]0xc0 ! partial store - - brnz,pt $len, .Ldes_cbc_dec_loop+4 - orn %g0, $omask, $omask - - st %f2, [$ivec + 0] ! write out ivec - retl - st %f3, [$ivec + 4] -.type des_t4_cbc_decrypt,#function -.size des_t4_cbc_decrypt,.-des_t4_cbc_decrypt -___ - -# One might wonder why does one have back-to-back des_iip/des_ip -# pairs between EDE passes. Indeed, aren't they inverse of each other? -# They almost are. Outcome of the pair is 32-bit words being swapped -# in target register. Consider pair of des_iip/des_ip as a way to -# perform the due swap, it's actually fastest way in this case. - -$code.=<<___; -.globl des_t4_ede3_cbc_encrypt -.align 32 -des_t4_ede3_cbc_encrypt: - cmp $len, 0 - be,pn $::size_t_cc, .Lcbc_abort - srln $len, 0, $len ! needed on v8+, "nop" on v9 - ld [$ivec + 0], %f0 ! load ivec - ld [$ivec + 4], %f1 - - and $inp, 7, $ileft - andn $inp, 7, $inp - sll $ileft, 3, $ileft - mov 0xff, $omask - prefetch [$inp], 20 - prefetch [$inp + 63], 20 - sub %g0, $ileft, $iright - and $out, 7, %g4 - alignaddrl $out, %g0, $out - srl $omask, %g4, $omask - srlx $len, 3, $len - movrz %g4, 0, $omask - prefetch [$out], 22 - - ldd [$key + 0x00], %f4 ! load key schedule - ldd [$key + 0x08], %f6 - ldd [$key + 0x10], %f8 - ldd [$key + 0x18], %f10 - ldd [$key + 0x20], %f12 - ldd [$key + 0x28], %f14 - ldd [$key + 0x30], %f16 - ldd [$key + 0x38], %f18 - ldd [$key + 0x40], %f20 - ldd [$key + 0x48], %f22 - ldd [$key + 0x50], %f24 - ldd [$key + 0x58], %f26 - ldd [$key + 0x60], %f28 - ldd [$key + 0x68], %f30 - ldd [$key + 0x70], %f32 - ldd [$key + 0x78], %f34 - -.Ldes_ede3_cbc_enc_loop: - ldx [$inp + 0], %g4 - brz,pt $ileft, 4f - nop - - ldx [$inp + 8], %g5 - sllx %g4, $ileft, %g4 - srlx %g5, $iright, %g5 - or %g5, %g4, %g4 -4: - movxtod %g4, %f2 - prefetch [$inp + 8+63], 20 - add $inp, 8, $inp - fxor %f2, %f0, %f0 ! ^= ivec - prefetch [$out + 63], 22 - - des_ip %f0, %f0 - des_round %f4, %f6, %f0, %f0 - des_round %f8, %f10, %f0, %f0 - des_round %f12, %f14, %f0, %f0 - des_round %f16, %f18, %f0, %f0 - ldd [$key + 0x100-0x08], %f36 - ldd [$key + 0x100-0x10], %f38 - des_round %f20, %f22, %f0, %f0 - ldd [$key + 0x100-0x18], %f40 - ldd [$key + 0x100-0x20], %f42 - des_round %f24, %f26, %f0, %f0 - ldd [$key + 0x100-0x28], %f44 - ldd [$key + 0x100-0x30], %f46 - des_round %f28, %f30, %f0, %f0 - ldd [$key + 0x100-0x38], %f48 - ldd [$key + 0x100-0x40], %f50 - des_round %f32, %f34, %f0, %f0 - ldd [$key + 0x100-0x48], %f52 - ldd [$key + 0x100-0x50], %f54 - des_iip %f0, %f0 - - ldd [$key + 0x100-0x58], %f56 - ldd [$key + 0x100-0x60], %f58 - des_ip %f0, %f0 - ldd [$key + 0x100-0x68], %f60 - ldd [$key + 0x100-0x70], %f62 - des_round %f36, %f38, %f0, %f0 - ldd [$key + 0x100-0x78], %f36 - ldd [$key + 0x100-0x80], %f38 - des_round %f40, %f42, %f0, %f0 - des_round %f44, %f46, %f0, %f0 - des_round %f48, %f50, %f0, %f0 - ldd [$key + 0x100+0x00], %f40 - ldd [$key + 0x100+0x08], %f42 - des_round %f52, %f54, %f0, %f0 - ldd [$key + 0x100+0x10], %f44 - ldd [$key + 0x100+0x18], %f46 - des_round %f56, %f58, %f0, %f0 - ldd [$key + 0x100+0x20], %f48 - ldd [$key + 0x100+0x28], %f50 - des_round %f60, %f62, %f0, %f0 - ldd [$key + 0x100+0x30], %f52 - ldd [$key + 0x100+0x38], %f54 - des_round %f36, %f38, %f0, %f0 - ldd [$key + 0x100+0x40], %f56 - ldd [$key + 0x100+0x48], %f58 - des_iip %f0, %f0 - - ldd [$key + 0x100+0x50], %f60 - ldd [$key + 0x100+0x58], %f62 - des_ip %f0, %f0 - ldd [$key + 0x100+0x60], %f36 - ldd [$key + 0x100+0x68], %f38 - des_round %f40, %f42, %f0, %f0 - ldd [$key + 0x100+0x70], %f40 - ldd [$key + 0x100+0x78], %f42 - des_round %f44, %f46, %f0, %f0 - des_round %f48, %f50, %f0, %f0 - des_round %f52, %f54, %f0, %f0 - des_round %f56, %f58, %f0, %f0 - des_round %f60, %f62, %f0, %f0 - des_round %f36, %f38, %f0, %f0 - des_round %f40, %f42, %f0, %f0 - des_iip %f0, %f0 - - brnz,pn $omask, 2f - sub $len, 1, $len - - std %f0, [$out + 0] - brnz,pt $len, .Ldes_ede3_cbc_enc_loop - add $out, 8, $out - - st %f0, [$ivec + 0] ! write out ivec - retl - st %f1, [$ivec + 4] - -.align 16 -2: ldxa [$inp]0x82, %g4 ! avoid read-after-write hazard - ! and ~2x deterioration - ! in inp==out case - faligndata %f0, %f0, %f2 ! handle unaligned output - - stda %f2, [$out + $omask]0xc0 ! partial store - add $out, 8, $out - orn %g0, $omask, $omask - stda %f2, [$out + $omask]0xc0 ! partial store - - brnz,pt $len, .Ldes_ede3_cbc_enc_loop+4 - orn %g0, $omask, $omask - - st %f0, [$ivec + 0] ! write out ivec - retl - st %f1, [$ivec + 4] -.type des_t4_ede3_cbc_encrypt,#function -.size des_t4_ede3_cbc_encrypt,.-des_t4_ede3_cbc_encrypt - -.globl des_t4_ede3_cbc_decrypt -.align 32 -des_t4_ede3_cbc_decrypt: - cmp $len, 0 - be,pn $::size_t_cc, .Lcbc_abort - srln $len, 0, $len ! needed on v8+, "nop" on v9 - ld [$ivec + 0], %f2 ! load ivec - ld [$ivec + 4], %f3 - - and $inp, 7, $ileft - andn $inp, 7, $inp - sll $ileft, 3, $ileft - mov 0xff, $omask - prefetch [$inp], 20 - prefetch [$inp + 63], 20 - sub %g0, $ileft, $iright - and $out, 7, %g4 - alignaddrl $out, %g0, $out - srl $omask, %g4, $omask - srlx $len, 3, $len - movrz %g4, 0, $omask - prefetch [$out], 22 - - ldd [$key + 0x100+0x78], %f4 ! load key schedule - ldd [$key + 0x100+0x70], %f6 - ldd [$key + 0x100+0x68], %f8 - ldd [$key + 0x100+0x60], %f10 - ldd [$key + 0x100+0x58], %f12 - ldd [$key + 0x100+0x50], %f14 - ldd [$key + 0x100+0x48], %f16 - ldd [$key + 0x100+0x40], %f18 - ldd [$key + 0x100+0x38], %f20 - ldd [$key + 0x100+0x30], %f22 - ldd [$key + 0x100+0x28], %f24 - ldd [$key + 0x100+0x20], %f26 - ldd [$key + 0x100+0x18], %f28 - ldd [$key + 0x100+0x10], %f30 - ldd [$key + 0x100+0x08], %f32 - ldd [$key + 0x100+0x00], %f34 - -.Ldes_ede3_cbc_dec_loop: - ldx [$inp + 0], %g4 - brz,pt $ileft, 4f - nop - - ldx [$inp + 8], %g5 - sllx %g4, $ileft, %g4 - srlx %g5, $iright, %g5 - or %g5, %g4, %g4 -4: - movxtod %g4, %f0 - prefetch [$inp + 8+63], 20 - add $inp, 8, $inp - prefetch [$out + 63], 22 - - des_ip %f0, %f0 - des_round %f4, %f6, %f0, %f0 - des_round %f8, %f10, %f0, %f0 - des_round %f12, %f14, %f0, %f0 - des_round %f16, %f18, %f0, %f0 - ldd [$key + 0x80+0x00], %f36 - ldd [$key + 0x80+0x08], %f38 - des_round %f20, %f22, %f0, %f0 - ldd [$key + 0x80+0x10], %f40 - ldd [$key + 0x80+0x18], %f42 - des_round %f24, %f26, %f0, %f0 - ldd [$key + 0x80+0x20], %f44 - ldd [$key + 0x80+0x28], %f46 - des_round %f28, %f30, %f0, %f0 - ldd [$key + 0x80+0x30], %f48 - ldd [$key + 0x80+0x38], %f50 - des_round %f32, %f34, %f0, %f0 - ldd [$key + 0x80+0x40], %f52 - ldd [$key + 0x80+0x48], %f54 - des_iip %f0, %f0 - - ldd [$key + 0x80+0x50], %f56 - ldd [$key + 0x80+0x58], %f58 - des_ip %f0, %f0 - ldd [$key + 0x80+0x60], %f60 - ldd [$key + 0x80+0x68], %f62 - des_round %f36, %f38, %f0, %f0 - ldd [$key + 0x80+0x70], %f36 - ldd [$key + 0x80+0x78], %f38 - des_round %f40, %f42, %f0, %f0 - des_round %f44, %f46, %f0, %f0 - des_round %f48, %f50, %f0, %f0 - ldd [$key + 0x80-0x08], %f40 - ldd [$key + 0x80-0x10], %f42 - des_round %f52, %f54, %f0, %f0 - ldd [$key + 0x80-0x18], %f44 - ldd [$key + 0x80-0x20], %f46 - des_round %f56, %f58, %f0, %f0 - ldd [$key + 0x80-0x28], %f48 - ldd [$key + 0x80-0x30], %f50 - des_round %f60, %f62, %f0, %f0 - ldd [$key + 0x80-0x38], %f52 - ldd [$key + 0x80-0x40], %f54 - des_round %f36, %f38, %f0, %f0 - ldd [$key + 0x80-0x48], %f56 - ldd [$key + 0x80-0x50], %f58 - des_iip %f0, %f0 - - ldd [$key + 0x80-0x58], %f60 - ldd [$key + 0x80-0x60], %f62 - des_ip %f0, %f0 - ldd [$key + 0x80-0x68], %f36 - ldd [$key + 0x80-0x70], %f38 - des_round %f40, %f42, %f0, %f0 - ldd [$key + 0x80-0x78], %f40 - ldd [$key + 0x80-0x80], %f42 - des_round %f44, %f46, %f0, %f0 - des_round %f48, %f50, %f0, %f0 - des_round %f52, %f54, %f0, %f0 - des_round %f56, %f58, %f0, %f0 - des_round %f60, %f62, %f0, %f0 - des_round %f36, %f38, %f0, %f0 - des_round %f40, %f42, %f0, %f0 - des_iip %f0, %f0 - - fxor %f2, %f0, %f0 ! ^= ivec - movxtod %g4, %f2 - - brnz,pn $omask, 2f - sub $len, 1, $len - - std %f0, [$out + 0] - brnz,pt $len, .Ldes_ede3_cbc_dec_loop - add $out, 8, $out - - st %f2, [$ivec + 0] ! write out ivec - retl - st %f3, [$ivec + 4] - -.align 16 -2: ldxa [$inp]0x82, %g4 ! avoid read-after-write hazard - ! and ~3x deterioration - ! in inp==out case - faligndata %f0, %f0, %f0 ! handle unaligned output - - stda %f0, [$out + $omask]0xc0 ! partial store - add $out, 8, $out - orn %g0, $omask, $omask - stda %f0, [$out + $omask]0xc0 ! partial store - - brnz,pt $len, .Ldes_ede3_cbc_dec_loop+4 - orn %g0, $omask, $omask - - st %f2, [$ivec + 0] ! write out ivec - retl - st %f3, [$ivec + 4] -.type des_t4_ede3_cbc_decrypt,#function -.size des_t4_ede3_cbc_decrypt,.-des_t4_ede3_cbc_decrypt -___ -} -$code.=<<___; -.asciz "DES for SPARC T4, David S. Miller, Andy Polyakov" -.align 4 -___ - -&emit_assembler(); - -close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/des/build.info b/crypto/des/build.info deleted file mode 100644 index 4284272cfa80d4ec4a30053d51ec3fb7d4be2588..0000000000000000000000000000000000000000 --- a/crypto/des/build.info +++ /dev/null @@ -1,46 +0,0 @@ -$DESASM=des_enc.c fcrypt_b.c -IF[{- !$disabled{asm} -}] - $DESASM_x86=des-586.S crypt586.S - $DESASM_sparcv9=des_enc-sparc.S fcrypt_b.c dest4-sparcv9.S - $DESASM_sparcv8=des_enc-sparc.S fcrypt_b.c - - # Now that we have defined all the arch specific variables, use the - # appropriate one - IF[$DESASM_{- $target{asm_arch} -}] - $DESASM=$DESASM_{- $target{asm_arch} -} - $DESDEF=DES_ASM - ENDIF -ENDIF - -LIBS=../../libcrypto -$COMMON=set_key.c ecb3_enc.c -$ALL=$COMMON\ - ecb_enc.c cbc_enc.c \ - cfb64enc.c cfb64ede.c cfb_enc.c \ - ofb64ede.c ofb64enc.c ofb_enc.c \ - str2key.c pcbc_enc.c qud_cksm.c rand_key.c \ - fcrypt.c xcbc_enc.c cbc_cksm.c - -SOURCE[../../libcrypto]=$ALL $DESASM -SOURCE[../../providers/libfips.a]=$COMMON $DESASM -SOURCE[../../providers/liblegacy.a]=$DESASM - -DEFINE[../../libcrypto]=$DESDEF -DEFINE[../../providers/libfips.a]=$DESDEF -DEFINE[../../providers/liblegacy.a]=$DESDEF - -# When all deprecated symbols are removed, libcrypto doesn't export the -# DES functions, so we must include them directly in liblegacy.a -IF[{- $disabled{'deprecated-3.0'} && !$disabled{des} -}] - SOURCE[../../providers/liblegacy.a]=$ALL - DEFINE[../../providers/liblegacy.a]=$DESDEF -ENDIF - -GENERATE[des_enc-sparc.S]=asm/des_enc.m4 -GENERATE[dest4-sparcv9.S]=asm/dest4-sparcv9.pl -INCLUDE[dest4-sparcv9.o]=.. - -GENERATE[des-586.S]=asm/des-586.pl -DEPEND[des-586.S]=../perlasm/x86asm.pl ../perlasm/cbc.pl -GENERATE[crypt586.S]=asm/crypt586.pl -DEPEND[crypt586.S]=../perlasm/x86asm.pl ../perlasm/cbc.pl diff --git a/crypto/des/cbc_cksm.c b/crypto/des/cbc_cksm.c deleted file mode 100644 index d8ab38bf23777cf1b5995d612c6248cc18afe1be..0000000000000000000000000000000000000000 --- a/crypto/des/cbc_cksm.c +++ /dev/null @@ -1,59 +0,0 @@ -/* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * DES low level APIs are deprecated for public use, but still ok for internal - * use. - */ -#include "internal/deprecated.h" - -#include "des_local.h" - -DES_LONG DES_cbc_cksum(const unsigned char *in, DES_cblock *output, - long length, DES_key_schedule *schedule, - const_DES_cblock *ivec) -{ - register DES_LONG tout0, tout1, tin0, tin1; - register long l = length; - DES_LONG tin[2]; - unsigned char *out = &(*output)[0]; - const unsigned char *iv = &(*ivec)[0]; - - c2l(iv, tout0); - c2l(iv, tout1); - for (; l > 0; l -= 8) { - if (l >= 8) { - c2l(in, tin0); - c2l(in, tin1); - } else - c2ln(in, tin0, tin1, l); - - tin0 ^= tout0; - tin[0] = tin0; - tin1 ^= tout1; - tin[1] = tin1; - DES_encrypt1((DES_LONG *)tin, schedule, DES_ENCRYPT); - tout0 = tin[0]; - tout1 = tin[1]; - } - if (out != NULL) { - l2c(tout0, out); - l2c(tout1, out); - } - tout0 = tin0 = tin1 = tin[0] = tin[1] = 0; - /* - * Transform the data in tout1 so that it will match the return value - * that the MIT Kerberos mit_des_cbc_cksum API returns. - */ - tout1 = ((tout1 >> 24L) & 0x000000FF) - | ((tout1 >> 8L) & 0x0000FF00) - | ((tout1 << 8L) & 0x00FF0000) - | ((tout1 << 24L) & 0xFF000000); - return tout1; -} diff --git a/crypto/des/cbc_enc.c b/crypto/des/cbc_enc.c deleted file mode 100644 index aa8ac1a5c339fcdc3520fc16e7a958075b8eb35e..0000000000000000000000000000000000000000 --- a/crypto/des/cbc_enc.c +++ /dev/null @@ -1,18 +0,0 @@ -/* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * DES low level APIs are deprecated for public use, but still ok for internal - * use. - */ -#include "internal/deprecated.h" - -#define CBC_ENC_C__DONT_UPDATE_IV - -#include "ncbc_enc.c" /* des_cbc_encrypt */ diff --git a/crypto/des/cfb64ede.c b/crypto/des/cfb64ede.c deleted file mode 100644 index c8e4e5cd2d933fb71ec533bab11117329454673e..0000000000000000000000000000000000000000 --- a/crypto/des/cfb64ede.c +++ /dev/null @@ -1,195 +0,0 @@ -/* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * DES low level APIs are deprecated for public use, but still ok for internal - * use. - */ -#include "internal/deprecated.h" - -#include "des_local.h" - -/* - * The input and output encrypted as though 64bit cfb mode is being used. - * The extra state information to record how much of the 64bit block we have - * used is contained in *num; - */ - -void DES_ede3_cfb64_encrypt(const unsigned char *in, unsigned char *out, - long length, DES_key_schedule *ks1, - DES_key_schedule *ks2, DES_key_schedule *ks3, - DES_cblock *ivec, int *num, int enc) -{ - register DES_LONG v0, v1; - register long l = length; - register int n = *num; - DES_LONG ti[2]; - unsigned char *iv, c, cc; - - iv = &(*ivec)[0]; - if (enc) { - while (l--) { - if (n == 0) { - c2l(iv, v0); - c2l(iv, v1); - - ti[0] = v0; - ti[1] = v1; - DES_encrypt3(ti, ks1, ks2, ks3); - v0 = ti[0]; - v1 = ti[1]; - - iv = &(*ivec)[0]; - l2c(v0, iv); - l2c(v1, iv); - iv = &(*ivec)[0]; - } - c = *(in++) ^ iv[n]; - *(out++) = c; - iv[n] = c; - n = (n + 1) & 0x07; - } - } else { - while (l--) { - if (n == 0) { - c2l(iv, v0); - c2l(iv, v1); - - ti[0] = v0; - ti[1] = v1; - DES_encrypt3(ti, ks1, ks2, ks3); - v0 = ti[0]; - v1 = ti[1]; - - iv = &(*ivec)[0]; - l2c(v0, iv); - l2c(v1, iv); - iv = &(*ivec)[0]; - } - cc = *(in++); - c = iv[n]; - iv[n] = cc; - *(out++) = c ^ cc; - n = (n + 1) & 0x07; - } - } - v0 = v1 = ti[0] = ti[1] = c = cc = 0; - *num = n; -} - -/* - * This is compatible with the single key CFB-r for DES, even thought that's - * not what EVP needs. - */ - -void DES_ede3_cfb_encrypt(const unsigned char *in, unsigned char *out, - int numbits, long length, DES_key_schedule *ks1, - DES_key_schedule *ks2, DES_key_schedule *ks3, - DES_cblock *ivec, int enc) -{ - register DES_LONG d0, d1, v0, v1; - register unsigned long l = length, n = ((unsigned int)numbits + 7) / 8; - register int num = numbits, i; - DES_LONG ti[2]; - unsigned char *iv; - unsigned char ovec[16]; - - if (num > 64) - return; - iv = &(*ivec)[0]; - c2l(iv, v0); - c2l(iv, v1); - if (enc) { - while (l >= n) { - l -= n; - ti[0] = v0; - ti[1] = v1; - DES_encrypt3(ti, ks1, ks2, ks3); - c2ln(in, d0, d1, n); - in += n; - d0 ^= ti[0]; - d1 ^= ti[1]; - l2cn(d0, d1, out, n); - out += n; - /* - * 30-08-94 - eay - changed because l>>32 and l<<32 are bad under - * gcc :-( - */ - if (num == 32) { - v0 = v1; - v1 = d0; - } else if (num == 64) { - v0 = d0; - v1 = d1; - } else { - iv = &ovec[0]; - l2c(v0, iv); - l2c(v1, iv); - l2c(d0, iv); - l2c(d1, iv); - /* shift ovec left most of the bits... */ - memmove(ovec, ovec + num / 8, 8 + (num % 8 ? 1 : 0)); - /* now the remaining bits */ - if (num % 8 != 0) - for (i = 0; i < 8; ++i) { - ovec[i] <<= num % 8; - ovec[i] |= ovec[i + 1] >> (8 - num % 8); - } - iv = &ovec[0]; - c2l(iv, v0); - c2l(iv, v1); - } - } - } else { - while (l >= n) { - l -= n; - ti[0] = v0; - ti[1] = v1; - DES_encrypt3(ti, ks1, ks2, ks3); - c2ln(in, d0, d1, n); - in += n; - /* - * 30-08-94 - eay - changed because l>>32 and l<<32 are bad under - * gcc :-( - */ - if (num == 32) { - v0 = v1; - v1 = d0; - } else if (num == 64) { - v0 = d0; - v1 = d1; - } else { - iv = &ovec[0]; - l2c(v0, iv); - l2c(v1, iv); - l2c(d0, iv); - l2c(d1, iv); - /* shift ovec left most of the bits... */ - memmove(ovec, ovec + num / 8, 8 + (num % 8 ? 1 : 0)); - /* now the remaining bits */ - if (num % 8 != 0) - for (i = 0; i < 8; ++i) { - ovec[i] <<= num % 8; - ovec[i] |= ovec[i + 1] >> (8 - num % 8); - } - iv = &ovec[0]; - c2l(iv, v0); - c2l(iv, v1); - } - d0 ^= ti[0]; - d1 ^= ti[1]; - l2cn(d0, d1, out, n); - out += n; - } - } - iv = &(*ivec)[0]; - l2c(v0, iv); - l2c(v1, iv); - v0 = v1 = d0 = d1 = ti[0] = ti[1] = 0; -} diff --git a/crypto/des/cfb64enc.c b/crypto/des/cfb64enc.c deleted file mode 100644 index 93ebf76825c9841321832ce2051147d929996a27..0000000000000000000000000000000000000000 --- a/crypto/des/cfb64enc.c +++ /dev/null @@ -1,79 +0,0 @@ -/* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * DES low level APIs are deprecated for public use, but still ok for internal - * use. - */ -#include "internal/deprecated.h" - -#include "des_local.h" - -/* - * The input and output encrypted as though 64bit cfb mode is being used. - * The extra state information to record how much of the 64bit block we have - * used is contained in *num; - */ - -void DES_cfb64_encrypt(const unsigned char *in, unsigned char *out, - long length, DES_key_schedule *schedule, - DES_cblock *ivec, int *num, int enc) -{ - register DES_LONG v0, v1; - register long l = length; - register int n = *num; - DES_LONG ti[2]; - unsigned char *iv, c, cc; - - iv = &(*ivec)[0]; - if (enc) { - while (l--) { - if (n == 0) { - c2l(iv, v0); - ti[0] = v0; - c2l(iv, v1); - ti[1] = v1; - DES_encrypt1(ti, schedule, DES_ENCRYPT); - iv = &(*ivec)[0]; - v0 = ti[0]; - l2c(v0, iv); - v0 = ti[1]; - l2c(v0, iv); - iv = &(*ivec)[0]; - } - c = *(in++) ^ iv[n]; - *(out++) = c; - iv[n] = c; - n = (n + 1) & 0x07; - } - } else { - while (l--) { - if (n == 0) { - c2l(iv, v0); - ti[0] = v0; - c2l(iv, v1); - ti[1] = v1; - DES_encrypt1(ti, schedule, DES_ENCRYPT); - iv = &(*ivec)[0]; - v0 = ti[0]; - l2c(v0, iv); - v0 = ti[1]; - l2c(v0, iv); - iv = &(*ivec)[0]; - } - cc = *(in++); - c = iv[n]; - iv[n] = cc; - *(out++) = c ^ cc; - n = (n + 1) & 0x07; - } - } - v0 = v1 = ti[0] = ti[1] = c = cc = 0; - *num = n; -} diff --git a/crypto/des/cfb_enc.c b/crypto/des/cfb_enc.c deleted file mode 100644 index 30458d50a12a4687d42602622b1f95f8530b8381..0000000000000000000000000000000000000000 --- a/crypto/des/cfb_enc.c +++ /dev/null @@ -1,156 +0,0 @@ -/* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * DES low level APIs are deprecated for public use, but still ok for internal - * use. - */ -#include "internal/deprecated.h" - -#include "e_os.h" -#include "des_local.h" -#include - -/* - * The input and output are loaded in multiples of 8 bits. What this means is - * that if you hame numbits=12 and length=2 the first 12 bits will be - * retrieved from the first byte and half the second. The second 12 bits - * will come from the 3rd and half the 4th byte. - */ -/* - * Until Aug 1 2003 this function did not correctly implement CFB-r, so it - * will not be compatible with any encryption prior to that date. Ben. - */ -void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits, - long length, DES_key_schedule *schedule, - DES_cblock *ivec, int enc) -{ - register DES_LONG d0, d1, v0, v1; - register unsigned long l = length; - register int num = numbits / 8, n = (numbits + 7) / 8, i, rem = - numbits % 8; - DES_LONG ti[2]; - unsigned char *iv; -#ifndef L_ENDIAN - unsigned char ovec[16]; -#else - unsigned int sh[4]; - unsigned char *ovec = (unsigned char *)sh; - - /* I kind of count that compiler optimizes away this assertion, */ - assert(sizeof(sh[0]) == 4); /* as this holds true for all, */ - /* but 16-bit platforms... */ - -#endif - - if (numbits <= 0 || numbits > 64) - return; - iv = &(*ivec)[0]; - c2l(iv, v0); - c2l(iv, v1); - if (enc) { - while (l >= (unsigned long)n) { - l -= n; - ti[0] = v0; - ti[1] = v1; - DES_encrypt1((DES_LONG *)ti, schedule, DES_ENCRYPT); - c2ln(in, d0, d1, n); - in += n; - d0 ^= ti[0]; - d1 ^= ti[1]; - l2cn(d0, d1, out, n); - out += n; - /* - * 30-08-94 - eay - changed because l>>32 and l<<32 are bad under - * gcc :-( - */ - if (numbits == 32) { - v0 = v1; - v1 = d0; - } else if (numbits == 64) { - v0 = d0; - v1 = d1; - } else { -#ifndef L_ENDIAN - iv = &ovec[0]; - l2c(v0, iv); - l2c(v1, iv); - l2c(d0, iv); - l2c(d1, iv); -#else - sh[0] = v0, sh[1] = v1, sh[2] = d0, sh[3] = d1; -#endif - if (rem == 0) - memmove(ovec, ovec + num, 8); - else - for (i = 0; i < 8; ++i) - ovec[i] = ovec[i + num] << rem | - ovec[i + num + 1] >> (8 - rem); -#ifdef L_ENDIAN - v0 = sh[0], v1 = sh[1]; -#else - iv = &ovec[0]; - c2l(iv, v0); - c2l(iv, v1); -#endif - } - } - } else { - while (l >= (unsigned long)n) { - l -= n; - ti[0] = v0; - ti[1] = v1; - DES_encrypt1((DES_LONG *)ti, schedule, DES_ENCRYPT); - c2ln(in, d0, d1, n); - in += n; - /* - * 30-08-94 - eay - changed because l>>32 and l<<32 are bad under - * gcc :-( - */ - if (numbits == 32) { - v0 = v1; - v1 = d0; - } else if (numbits == 64) { - v0 = d0; - v1 = d1; - } else { -#ifndef L_ENDIAN - iv = &ovec[0]; - l2c(v0, iv); - l2c(v1, iv); - l2c(d0, iv); - l2c(d1, iv); -#else - sh[0] = v0, sh[1] = v1, sh[2] = d0, sh[3] = d1; -#endif - if (rem == 0) - memmove(ovec, ovec + num, 8); - else - for (i = 0; i < 8; ++i) - ovec[i] = ovec[i + num] << rem | - ovec[i + num + 1] >> (8 - rem); -#ifdef L_ENDIAN - v0 = sh[0], v1 = sh[1]; -#else - iv = &ovec[0]; - c2l(iv, v0); - c2l(iv, v1); -#endif - } - d0 ^= ti[0]; - d1 ^= ti[1]; - l2cn(d0, d1, out, n); - out += n; - } - } - iv = &(*ivec)[0]; - l2c(v0, iv); - l2c(v1, iv); - v0 = v1 = d0 = d1 = ti[0] = ti[1] = 0; -} diff --git a/crypto/des/des_enc.c b/crypto/des/des_enc.c deleted file mode 100644 index 0041f21b8d3ba9393a24a5204c2f568ebd87a32d..0000000000000000000000000000000000000000 --- a/crypto/des/des_enc.c +++ /dev/null @@ -1,305 +0,0 @@ -/* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * DES low level APIs are deprecated for public use, but still ok for internal - * use. - */ -#include "internal/deprecated.h" - -#include -#include "des_local.h" -#include "spr.h" - -void DES_encrypt1(DES_LONG *data, DES_key_schedule *ks, int enc) -{ - register DES_LONG l, r, t, u; - register DES_LONG *s; - - r = data[0]; - l = data[1]; - - IP(r, l); - /* - * Things have been modified so that the initial rotate is done outside - * the loop. This required the DES_SPtrans values in sp.h to be rotated - * 1 bit to the right. One perl script later and things have a 5% speed - * up on a sparc2. Thanks to Richard Outerbridge for pointing this out. - */ - /* clear the top bits on machines with 8byte longs */ - /* shift left by 2 */ - r = ROTATE(r, 29) & 0xffffffffL; - l = ROTATE(l, 29) & 0xffffffffL; - - s = ks->ks->deslong; - /* - * I don't know if it is worth the effort of loop unrolling the inner - * loop - */ - if (enc) { - D_ENCRYPT(l, r, 0); /* 1 */ - D_ENCRYPT(r, l, 2); /* 2 */ - D_ENCRYPT(l, r, 4); /* 3 */ - D_ENCRYPT(r, l, 6); /* 4 */ - D_ENCRYPT(l, r, 8); /* 5 */ - D_ENCRYPT(r, l, 10); /* 6 */ - D_ENCRYPT(l, r, 12); /* 7 */ - D_ENCRYPT(r, l, 14); /* 8 */ - D_ENCRYPT(l, r, 16); /* 9 */ - D_ENCRYPT(r, l, 18); /* 10 */ - D_ENCRYPT(l, r, 20); /* 11 */ - D_ENCRYPT(r, l, 22); /* 12 */ - D_ENCRYPT(l, r, 24); /* 13 */ - D_ENCRYPT(r, l, 26); /* 14 */ - D_ENCRYPT(l, r, 28); /* 15 */ - D_ENCRYPT(r, l, 30); /* 16 */ - } else { - D_ENCRYPT(l, r, 30); /* 16 */ - D_ENCRYPT(r, l, 28); /* 15 */ - D_ENCRYPT(l, r, 26); /* 14 */ - D_ENCRYPT(r, l, 24); /* 13 */ - D_ENCRYPT(l, r, 22); /* 12 */ - D_ENCRYPT(r, l, 20); /* 11 */ - D_ENCRYPT(l, r, 18); /* 10 */ - D_ENCRYPT(r, l, 16); /* 9 */ - D_ENCRYPT(l, r, 14); /* 8 */ - D_ENCRYPT(r, l, 12); /* 7 */ - D_ENCRYPT(l, r, 10); /* 6 */ - D_ENCRYPT(r, l, 8); /* 5 */ - D_ENCRYPT(l, r, 6); /* 4 */ - D_ENCRYPT(r, l, 4); /* 3 */ - D_ENCRYPT(l, r, 2); /* 2 */ - D_ENCRYPT(r, l, 0); /* 1 */ - } - - /* rotate and clear the top bits on machines with 8byte longs */ - l = ROTATE(l, 3) & 0xffffffffL; - r = ROTATE(r, 3) & 0xffffffffL; - - FP(r, l); - data[0] = l; - data[1] = r; - l = r = t = u = 0; -} - -void DES_encrypt2(DES_LONG *data, DES_key_schedule *ks, int enc) -{ - register DES_LONG l, r, t, u; - register DES_LONG *s; - - r = data[0]; - l = data[1]; - - /* - * Things have been modified so that the initial rotate is done outside - * the loop. This required the DES_SPtrans values in sp.h to be rotated - * 1 bit to the right. One perl script later and things have a 5% speed - * up on a sparc2. Thanks to Richard Outerbridge for pointing this out. - */ - /* clear the top bits on machines with 8byte longs */ - r = ROTATE(r, 29) & 0xffffffffL; - l = ROTATE(l, 29) & 0xffffffffL; - - s = ks->ks->deslong; - /* - * I don't know if it is worth the effort of loop unrolling the inner - * loop - */ - if (enc) { - D_ENCRYPT(l, r, 0); /* 1 */ - D_ENCRYPT(r, l, 2); /* 2 */ - D_ENCRYPT(l, r, 4); /* 3 */ - D_ENCRYPT(r, l, 6); /* 4 */ - D_ENCRYPT(l, r, 8); /* 5 */ - D_ENCRYPT(r, l, 10); /* 6 */ - D_ENCRYPT(l, r, 12); /* 7 */ - D_ENCRYPT(r, l, 14); /* 8 */ - D_ENCRYPT(l, r, 16); /* 9 */ - D_ENCRYPT(r, l, 18); /* 10 */ - D_ENCRYPT(l, r, 20); /* 11 */ - D_ENCRYPT(r, l, 22); /* 12 */ - D_ENCRYPT(l, r, 24); /* 13 */ - D_ENCRYPT(r, l, 26); /* 14 */ - D_ENCRYPT(l, r, 28); /* 15 */ - D_ENCRYPT(r, l, 30); /* 16 */ - } else { - D_ENCRYPT(l, r, 30); /* 16 */ - D_ENCRYPT(r, l, 28); /* 15 */ - D_ENCRYPT(l, r, 26); /* 14 */ - D_ENCRYPT(r, l, 24); /* 13 */ - D_ENCRYPT(l, r, 22); /* 12 */ - D_ENCRYPT(r, l, 20); /* 11 */ - D_ENCRYPT(l, r, 18); /* 10 */ - D_ENCRYPT(r, l, 16); /* 9 */ - D_ENCRYPT(l, r, 14); /* 8 */ - D_ENCRYPT(r, l, 12); /* 7 */ - D_ENCRYPT(l, r, 10); /* 6 */ - D_ENCRYPT(r, l, 8); /* 5 */ - D_ENCRYPT(l, r, 6); /* 4 */ - D_ENCRYPT(r, l, 4); /* 3 */ - D_ENCRYPT(l, r, 2); /* 2 */ - D_ENCRYPT(r, l, 0); /* 1 */ - } - /* rotate and clear the top bits on machines with 8byte longs */ - data[0] = ROTATE(l, 3) & 0xffffffffL; - data[1] = ROTATE(r, 3) & 0xffffffffL; - l = r = t = u = 0; -} - -void DES_encrypt3(DES_LONG *data, DES_key_schedule *ks1, - DES_key_schedule *ks2, DES_key_schedule *ks3) -{ - register DES_LONG l, r; - - l = data[0]; - r = data[1]; - IP(l, r); - data[0] = l; - data[1] = r; - DES_encrypt2((DES_LONG *)data, ks1, DES_ENCRYPT); - DES_encrypt2((DES_LONG *)data, ks2, DES_DECRYPT); - DES_encrypt2((DES_LONG *)data, ks3, DES_ENCRYPT); - l = data[0]; - r = data[1]; - FP(r, l); - data[0] = l; - data[1] = r; -} - -void DES_decrypt3(DES_LONG *data, DES_key_schedule *ks1, - DES_key_schedule *ks2, DES_key_schedule *ks3) -{ - register DES_LONG l, r; - - l = data[0]; - r = data[1]; - IP(l, r); - data[0] = l; - data[1] = r; - DES_encrypt2((DES_LONG *)data, ks3, DES_DECRYPT); - DES_encrypt2((DES_LONG *)data, ks2, DES_ENCRYPT); - DES_encrypt2((DES_LONG *)data, ks1, DES_DECRYPT); - l = data[0]; - r = data[1]; - FP(r, l); - data[0] = l; - data[1] = r; -} - -#ifndef DES_DEFAULT_OPTIONS - -# undef CBC_ENC_C__DONT_UPDATE_IV -# include "ncbc_enc.c" /* DES_ncbc_encrypt */ - -void DES_ede3_cbc_encrypt(const unsigned char *input, unsigned char *output, - long length, DES_key_schedule *ks1, - DES_key_schedule *ks2, DES_key_schedule *ks3, - DES_cblock *ivec, int enc) -{ - register DES_LONG tin0, tin1; - register DES_LONG tout0, tout1, xor0, xor1; - register const unsigned char *in; - unsigned char *out; - register long l = length; - DES_LONG tin[2]; - unsigned char *iv; - - in = input; - out = output; - iv = &(*ivec)[0]; - - if (enc) { - c2l(iv, tout0); - c2l(iv, tout1); - for (l -= 8; l >= 0; l -= 8) { - c2l(in, tin0); - c2l(in, tin1); - tin0 ^= tout0; - tin1 ^= tout1; - - tin[0] = tin0; - tin[1] = tin1; - DES_encrypt3((DES_LONG *)tin, ks1, ks2, ks3); - tout0 = tin[0]; - tout1 = tin[1]; - - l2c(tout0, out); - l2c(tout1, out); - } - if (l != -8) { - c2ln(in, tin0, tin1, l + 8); - tin0 ^= tout0; - tin1 ^= tout1; - - tin[0] = tin0; - tin[1] = tin1; - DES_encrypt3((DES_LONG *)tin, ks1, ks2, ks3); - tout0 = tin[0]; - tout1 = tin[1]; - - l2c(tout0, out); - l2c(tout1, out); - } - iv = &(*ivec)[0]; - l2c(tout0, iv); - l2c(tout1, iv); - } else { - register DES_LONG t0, t1; - - c2l(iv, xor0); - c2l(iv, xor1); - for (l -= 8; l >= 0; l -= 8) { - c2l(in, tin0); - c2l(in, tin1); - - t0 = tin0; - t1 = tin1; - - tin[0] = tin0; - tin[1] = tin1; - DES_decrypt3((DES_LONG *)tin, ks1, ks2, ks3); - tout0 = tin[0]; - tout1 = tin[1]; - - tout0 ^= xor0; - tout1 ^= xor1; - l2c(tout0, out); - l2c(tout1, out); - xor0 = t0; - xor1 = t1; - } - if (l != -8) { - c2l(in, tin0); - c2l(in, tin1); - - t0 = tin0; - t1 = tin1; - - tin[0] = tin0; - tin[1] = tin1; - DES_decrypt3((DES_LONG *)tin, ks1, ks2, ks3); - tout0 = tin[0]; - tout1 = tin[1]; - - tout0 ^= xor0; - tout1 ^= xor1; - l2cn(tout0, tout1, out, l + 8); - xor0 = t0; - xor1 = t1; - } - - iv = &(*ivec)[0]; - l2c(xor0, iv); - l2c(xor1, iv); - } - tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0; - tin[0] = tin[1] = 0; -} - -#endif /* DES_DEFAULT_OPTIONS */ diff --git a/crypto/des/des_local.h b/crypto/des/des_local.h deleted file mode 100644 index f888cb800169347094ddc9b413f78e58385cdfd4..0000000000000000000000000000000000000000 --- a/crypto/des/des_local.h +++ /dev/null @@ -1,226 +0,0 @@ -/* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#ifndef OSSL_CRYPTO_DES_LOCAL_H -# define OSSL_CRYPTO_DES_LOCAL_H - -# include - -# include -# include -# include - -# include - -# ifdef OPENSSL_BUILD_SHLIBCRYPTO -# undef OPENSSL_EXTERN -# define OPENSSL_EXTERN OPENSSL_EXPORT -# endif - -# define ITERATIONS 16 -# define HALF_ITERATIONS 8 - -# define c2l(c,l) (l =((DES_LONG)(*((c)++))) , \ - l|=((DES_LONG)(*((c)++)))<< 8L, \ - l|=((DES_LONG)(*((c)++)))<<16L, \ - l|=((DES_LONG)(*((c)++)))<<24L) - -/* NOTE - c is not incremented as per c2l */ -# define c2ln(c,l1,l2,n) { \ - c+=n; \ - l1=l2=0; \ - switch (n) { \ - case 8: l2 =((DES_LONG)(*(--(c))))<<24L; \ - /* fall thru */ \ - case 7: l2|=((DES_LONG)(*(--(c))))<<16L; \ - /* fall thru */ \ - case 6: l2|=((DES_LONG)(*(--(c))))<< 8L; \ - /* fall thru */ \ - case 5: l2|=((DES_LONG)(*(--(c)))); \ - /* fall thru */ \ - case 4: l1 =((DES_LONG)(*(--(c))))<<24L; \ - /* fall thru */ \ - case 3: l1|=((DES_LONG)(*(--(c))))<<16L; \ - /* fall thru */ \ - case 2: l1|=((DES_LONG)(*(--(c))))<< 8L; \ - /* fall thru */ \ - case 1: l1|=((DES_LONG)(*(--(c)))); \ - } \ - } - -# define l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \ - *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \ - *((c)++)=(unsigned char)(((l)>>16L)&0xff), \ - *((c)++)=(unsigned char)(((l)>>24L)&0xff)) - -/* - * replacements for htonl and ntohl since I have no idea what to do when - * faced with machines with 8 byte longs. - */ - -# define n2l(c,l) (l =((DES_LONG)(*((c)++)))<<24L, \ - l|=((DES_LONG)(*((c)++)))<<16L, \ - l|=((DES_LONG)(*((c)++)))<< 8L, \ - l|=((DES_LONG)(*((c)++)))) - -# define l2n(l,c) (*((c)++)=(unsigned char)(((l)>>24L)&0xff), \ - *((c)++)=(unsigned char)(((l)>>16L)&0xff), \ - *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \ - *((c)++)=(unsigned char)(((l) )&0xff)) - -/* NOTE - c is not incremented as per l2c */ -# define l2cn(l1,l2,c,n) { \ - c+=n; \ - switch (n) { \ - case 8: *(--(c))=(unsigned char)(((l2)>>24L)&0xff); \ - /* fall thru */ \ - case 7: *(--(c))=(unsigned char)(((l2)>>16L)&0xff); \ - /* fall thru */ \ - case 6: *(--(c))=(unsigned char)(((l2)>> 8L)&0xff); \ - /* fall thru */ \ - case 5: *(--(c))=(unsigned char)(((l2) )&0xff); \ - /* fall thru */ \ - case 4: *(--(c))=(unsigned char)(((l1)>>24L)&0xff); \ - /* fall thru */ \ - case 3: *(--(c))=(unsigned char)(((l1)>>16L)&0xff); \ - /* fall thru */ \ - case 2: *(--(c))=(unsigned char)(((l1)>> 8L)&0xff); \ - /* fall thru */ \ - case 1: *(--(c))=(unsigned char)(((l1) )&0xff); \ - } \ - } - -# if defined(_MSC_VER) -# define ROTATE(a,n) (_lrotr(a,n)) -# elif defined(__ICC) -# define ROTATE(a,n) (_rotr(a,n)) -# elif defined(__GNUC__) && __GNUC__>=2 && !defined(__STRICT_ANSI__) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) && !defined(PEDANTIC) -# if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__) -# define ROTATE(a,n) ({ register unsigned int ret; \ - asm ("rorl %1,%0" \ - : "=r"(ret) \ - : "I"(n),"0"(a) \ - : "cc"); \ - ret; \ - }) -# endif -# endif -# ifndef ROTATE -# define ROTATE(a,n) (((a)>>(n))+((a)<<(32-(n)))) -# endif - -/* - * Don't worry about the LOAD_DATA() stuff, that is used by fcrypt() to add - * it's little bit to the front - */ - -# ifdef DES_FCRYPT - -# define LOAD_DATA_tmp(R,S,u,t,E0,E1) \ - { DES_LONG tmp; LOAD_DATA(R,S,u,t,E0,E1,tmp); } - -# define LOAD_DATA(R,S,u,t,E0,E1,tmp) \ - t=R^(R>>16L); \ - u=t&E0; t&=E1; \ - tmp=(u<<16); u^=R^s[S ]; u^=tmp; \ - tmp=(t<<16); t^=R^s[S+1]; t^=tmp -# else -# define LOAD_DATA_tmp(a,b,c,d,e,f) LOAD_DATA(a,b,c,d,e,f,g) -# define LOAD_DATA(R,S,u,t,E0,E1,tmp) \ - u=R^s[S ]; \ - t=R^s[S+1] -# endif - -/* - * It recently occurred to me that 0^0^0^0^0^0^0 == 0, so there is no reason - * to not xor all the sub items together. This potentially saves a register - * since things can be xored directly into L - */ - -# define D_ENCRYPT(LL,R,S) { \ - LOAD_DATA_tmp(R,S,u,t,E0,E1); \ - t=ROTATE(t,4); \ - LL^= \ - DES_SPtrans[0][(u>> 2L)&0x3f]^ \ - DES_SPtrans[2][(u>>10L)&0x3f]^ \ - DES_SPtrans[4][(u>>18L)&0x3f]^ \ - DES_SPtrans[6][(u>>26L)&0x3f]^ \ - DES_SPtrans[1][(t>> 2L)&0x3f]^ \ - DES_SPtrans[3][(t>>10L)&0x3f]^ \ - DES_SPtrans[5][(t>>18L)&0x3f]^ \ - DES_SPtrans[7][(t>>26L)&0x3f]; } - - /*- - * IP and FP - * The problem is more of a geometric problem that random bit fiddling. - 0 1 2 3 4 5 6 7 62 54 46 38 30 22 14 6 - 8 9 10 11 12 13 14 15 60 52 44 36 28 20 12 4 - 16 17 18 19 20 21 22 23 58 50 42 34 26 18 10 2 - 24 25 26 27 28 29 30 31 to 56 48 40 32 24 16 8 0 - - 32 33 34 35 36 37 38 39 63 55 47 39 31 23 15 7 - 40 41 42 43 44 45 46 47 61 53 45 37 29 21 13 5 - 48 49 50 51 52 53 54 55 59 51 43 35 27 19 11 3 - 56 57 58 59 60 61 62 63 57 49 41 33 25 17 9 1 - - The output has been subject to swaps of the form - 0 1 -> 3 1 but the odd and even bits have been put into - 2 3 2 0 - different words. The main trick is to remember that - t=((l>>size)^r)&(mask); - r^=t; - l^=(t<>(n))^(b))&(m)),\ - (b)^=(t),\ - (a)^=((t)<<(n))) - -# define IP(l,r) \ - { \ - register DES_LONG tt; \ - PERM_OP(r,l,tt, 4,0x0f0f0f0fL); \ - PERM_OP(l,r,tt,16,0x0000ffffL); \ - PERM_OP(r,l,tt, 2,0x33333333L); \ - PERM_OP(l,r,tt, 8,0x00ff00ffL); \ - PERM_OP(r,l,tt, 1,0x55555555L); \ - } - -# define FP(l,r) \ - { \ - register DES_LONG tt; \ - PERM_OP(l,r,tt, 1,0x55555555L); \ - PERM_OP(r,l,tt, 8,0x00ff00ffL); \ - PERM_OP(l,r,tt, 2,0x33333333L); \ - PERM_OP(r,l,tt,16,0x0000ffffL); \ - PERM_OP(l,r,tt, 4,0x0f0f0f0fL); \ - } - -extern const DES_LONG DES_SPtrans[8][64]; - -void fcrypt_body(DES_LONG *out, DES_key_schedule *ks, - DES_LONG Eswap0, DES_LONG Eswap1); - -#endif diff --git a/crypto/des/ecb3_enc.c b/crypto/des/ecb3_enc.c deleted file mode 100644 index 48e524dc36662a60c08f9866825cd0697d63f365..0000000000000000000000000000000000000000 --- a/crypto/des/ecb3_enc.c +++ /dev/null @@ -1,39 +0,0 @@ -/* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * DES low level APIs are deprecated for public use, but still ok for internal - * use. - */ -#include "internal/deprecated.h" - -#include "des_local.h" - -void DES_ecb3_encrypt(const_DES_cblock *input, DES_cblock *output, - DES_key_schedule *ks1, DES_key_schedule *ks2, - DES_key_schedule *ks3, int enc) -{ - register DES_LONG l0, l1; - DES_LONG ll[2]; - const unsigned char *in = &(*input)[0]; - unsigned char *out = &(*output)[0]; - - c2l(in, l0); - c2l(in, l1); - ll[0] = l0; - ll[1] = l1; - if (enc) - DES_encrypt3(ll, ks1, ks2, ks3); - else - DES_decrypt3(ll, ks1, ks2, ks3); - l0 = ll[0]; - l1 = ll[1]; - l2c(l0, out); - l2c(l1, out); -} diff --git a/crypto/des/ecb_enc.c b/crypto/des/ecb_enc.c deleted file mode 100644 index c230a3737ce866188d31d0366c07e9c2d3c42779..0000000000000000000000000000000000000000 --- a/crypto/des/ecb_enc.c +++ /dev/null @@ -1,54 +0,0 @@ -/* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * DES low level APIs are deprecated for public use, but still ok for internal - * use. - */ -#include "internal/deprecated.h" - -#include "des_local.h" -#include -#include - - -const char *DES_options(void) -{ - static int init = 1; - static char buf[12]; - - if (init) { - if (sizeof(DES_LONG) != sizeof(long)) - OPENSSL_strlcpy(buf, "des(int)", sizeof(buf)); - else - OPENSSL_strlcpy(buf, "des(long)", sizeof(buf)); - init = 0; - } - return buf; -} - -void DES_ecb_encrypt(const_DES_cblock *input, DES_cblock *output, - DES_key_schedule *ks, int enc) -{ - register DES_LONG l; - DES_LONG ll[2]; - const unsigned char *in = &(*input)[0]; - unsigned char *out = &(*output)[0]; - - c2l(in, l); - ll[0] = l; - c2l(in, l); - ll[1] = l; - DES_encrypt1(ll, ks, enc); - l = ll[0]; - l2c(l, out); - l = ll[1]; - l2c(l, out); - l = ll[0] = ll[1] = 0; -} diff --git a/crypto/des/fcrypt.c b/crypto/des/fcrypt.c deleted file mode 100644 index c3827a61c9bda01b8688d5d0f6a7290dec90a40d..0000000000000000000000000000000000000000 --- a/crypto/des/fcrypt.c +++ /dev/null @@ -1,155 +0,0 @@ -/* - * Copyright 1998-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * DES low level APIs are deprecated for public use, but still ok for internal - * use. - */ -#include "internal/deprecated.h" - -/* NOCW */ -#include -#ifdef _OSD_POSIX -# ifndef CHARSET_EBCDIC -# define CHARSET_EBCDIC 1 -# endif -#endif -#ifdef CHARSET_EBCDIC -# include -#endif - -#include -#include "des_local.h" - -/* - * Added more values to handle illegal salt values the way normal crypt() - * implementations do. - */ -static const unsigned char con_salt[128] = { - 0xD2, 0xD3, 0xD4, 0xD5, 0xD6, 0xD7, 0xD8, 0xD9, - 0xDA, 0xDB, 0xDC, 0xDD, 0xDE, 0xDF, 0xE0, 0xE1, - 0xE2, 0xE3, 0xE4, 0xE5, 0xE6, 0xE7, 0xE8, 0xE9, - 0xEA, 0xEB, 0xEC, 0xED, 0xEE, 0xEF, 0xF0, 0xF1, - 0xF2, 0xF3, 0xF4, 0xF5, 0xF6, 0xF7, 0xF8, 0xF9, - 0xFA, 0xFB, 0xFC, 0xFD, 0xFE, 0xFF, 0x00, 0x01, - 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, - 0x0A, 0x0B, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, - 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, - 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, - 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, - 0x23, 0x24, 0x25, 0x20, 0x21, 0x22, 0x23, 0x24, - 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, - 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, - 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x3B, 0x3C, - 0x3D, 0x3E, 0x3F, 0x40, 0x41, 0x42, 0x43, 0x44, -}; - -static const unsigned char cov_2char[64] = { - 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, - 0x36, 0x37, 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, - 0x45, 0x46, 0x47, 0x48, 0x49, 0x4A, 0x4B, 0x4C, - 0x4D, 0x4E, 0x4F, 0x50, 0x51, 0x52, 0x53, 0x54, - 0x55, 0x56, 0x57, 0x58, 0x59, 0x5A, 0x61, 0x62, - 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6A, - 0x6B, 0x6C, 0x6D, 0x6E, 0x6F, 0x70, 0x71, 0x72, - 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7A -}; - -char *DES_crypt(const char *buf, const char *salt) -{ - static char buff[14]; - -#ifndef CHARSET_EBCDIC - return DES_fcrypt(buf, salt, buff); -#else - char e_salt[2 + 1]; - char e_buf[32 + 1]; /* replace 32 by 8 ? */ - char *ret; - - if (salt[0] == '\0' || salt[1] == '\0') - return NULL; - - /* Copy salt, convert to ASCII. */ - e_salt[0] = salt[0]; - e_salt[1] = salt[1]; - e_salt[2] = '\0'; - ebcdic2ascii(e_salt, e_salt, sizeof(e_salt)); - - /* Convert password to ASCII. */ - OPENSSL_strlcpy(e_buf, buf, sizeof(e_buf)); - ebcdic2ascii(e_buf, e_buf, sizeof(e_buf)); - - /* Encrypt it (from/to ASCII); if it worked, convert back. */ - ret = DES_fcrypt(e_buf, e_salt, buff); - if (ret != NULL) - ascii2ebcdic(ret, ret, strlen(ret)); - - return ret; -#endif -} - -char *DES_fcrypt(const char *buf, const char *salt, char *ret) -{ - unsigned int i, j, x, y; - DES_LONG Eswap0, Eswap1; - DES_LONG out[2], ll; - DES_cblock key; - DES_key_schedule ks; - unsigned char bb[9]; - unsigned char *b = bb; - unsigned char c, u; - - x = ret[0] = salt[0]; - if (x == 0 || x >= sizeof(con_salt)) - return NULL; - Eswap0 = con_salt[x] << 2; - x = ret[1] = salt[1]; - if (x == 0 || x >= sizeof(con_salt)) - return NULL; - Eswap1 = con_salt[x] << 6; - - /* - * EAY r=strlen(buf); r=(r+7)/8; - */ - for (i = 0; i < 8; i++) { - c = *(buf++); - if (!c) - break; - key[i] = (c << 1); - } - for (; i < 8; i++) - key[i] = 0; - - DES_set_key_unchecked(&key, &ks); - fcrypt_body(&(out[0]), &ks, Eswap0, Eswap1); - - ll = out[0]; - l2c(ll, b); - ll = out[1]; - l2c(ll, b); - y = 0; - u = 0x80; - bb[8] = 0; - for (i = 2; i < 13; i++) { - c = 0; - for (j = 0; j < 6; j++) { - c <<= 1; - if (bb[y] & u) - c |= 1; - u >>= 1; - if (!u) { - y++; - u = 0x80; - } - } - ret[i] = cov_2char[c]; - } - ret[13] = '\0'; - return ret; -} diff --git a/crypto/des/fcrypt_b.c b/crypto/des/fcrypt_b.c deleted file mode 100644 index e843e0e643972bd431f941a0f7ed950d19831be6..0000000000000000000000000000000000000000 --- a/crypto/des/fcrypt_b.c +++ /dev/null @@ -1,78 +0,0 @@ -/* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * DES low level APIs are deprecated for public use, but still ok for internal - * use. - */ -#include "internal/deprecated.h" - -#include - -#define DES_FCRYPT -#include "des_local.h" -#undef DES_FCRYPT - -#undef PERM_OP -#define PERM_OP(a,b,t,n,m) ((t)=((((a)>>(n))^(b))&(m)),\ - (b)^=(t),\ - (a)^=((t)<<(n))) - -#undef HPERM_OP -#define HPERM_OP(a,t,n,m) ((t)=((((a)<<(16-(n)))^(a))&(m)),\ - (a)=(a)^(t)^(t>>(16-(n))))\ - -void fcrypt_body(DES_LONG *out, DES_key_schedule *ks, DES_LONG Eswap0, - DES_LONG Eswap1) -{ - register DES_LONG l, r, t, u; - register DES_LONG *s; - register int j; - register DES_LONG E0, E1; - - l = 0; - r = 0; - - s = (DES_LONG *)ks; - E0 = Eswap0; - E1 = Eswap1; - - for (j = 0; j < 25; j++) { - D_ENCRYPT(l, r, 0); /* 1 */ - D_ENCRYPT(r, l, 2); /* 2 */ - D_ENCRYPT(l, r, 4); /* 3 */ - D_ENCRYPT(r, l, 6); /* 4 */ - D_ENCRYPT(l, r, 8); /* 5 */ - D_ENCRYPT(r, l, 10); /* 6 */ - D_ENCRYPT(l, r, 12); /* 7 */ - D_ENCRYPT(r, l, 14); /* 8 */ - D_ENCRYPT(l, r, 16); /* 9 */ - D_ENCRYPT(r, l, 18); /* 10 */ - D_ENCRYPT(l, r, 20); /* 11 */ - D_ENCRYPT(r, l, 22); /* 12 */ - D_ENCRYPT(l, r, 24); /* 13 */ - D_ENCRYPT(r, l, 26); /* 14 */ - D_ENCRYPT(l, r, 28); /* 15 */ - D_ENCRYPT(r, l, 30); /* 16 */ - t = l; - l = r; - r = t; - } - l = ROTATE(l, 3) & 0xffffffffL; - r = ROTATE(r, 3) & 0xffffffffL; - - PERM_OP(l, r, t, 1, 0x55555555L); - PERM_OP(r, l, t, 8, 0x00ff00ffL); - PERM_OP(l, r, t, 2, 0x33333333L); - PERM_OP(r, l, t, 16, 0x0000ffffL); - PERM_OP(l, r, t, 4, 0x0f0f0f0fL); - - out[0] = r; - out[1] = l; -} diff --git a/crypto/des/ncbc_enc.c b/crypto/des/ncbc_enc.c deleted file mode 100644 index e8decf1fbee004c91048e174ac612a505db896b3..0000000000000000000000000000000000000000 --- a/crypto/des/ncbc_enc.c +++ /dev/null @@ -1,106 +0,0 @@ -/* - * Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/*- - * #included by: - * cbc_enc.c (DES_cbc_encrypt) - * des_enc.c (DES_ncbc_encrypt) - */ - -#include "des_local.h" - -#ifdef CBC_ENC_C__DONT_UPDATE_IV -void DES_cbc_encrypt(const unsigned char *in, unsigned char *out, long length, - DES_key_schedule *_schedule, DES_cblock *ivec, int enc) -#else -void DES_ncbc_encrypt(const unsigned char *in, unsigned char *out, - long length, DES_key_schedule *_schedule, - DES_cblock *ivec, int enc) -#endif -{ - register DES_LONG tin0, tin1; - register DES_LONG tout0, tout1, xor0, xor1; - register long l = length; - DES_LONG tin[2]; - unsigned char *iv; - - iv = &(*ivec)[0]; - - if (enc) { - c2l(iv, tout0); - c2l(iv, tout1); - for (l -= 8; l >= 0; l -= 8) { - c2l(in, tin0); - c2l(in, tin1); - tin0 ^= tout0; - tin[0] = tin0; - tin1 ^= tout1; - tin[1] = tin1; - DES_encrypt1((DES_LONG *)tin, _schedule, DES_ENCRYPT); - tout0 = tin[0]; - l2c(tout0, out); - tout1 = tin[1]; - l2c(tout1, out); - } - if (l != -8) { - c2ln(in, tin0, tin1, l + 8); - tin0 ^= tout0; - tin[0] = tin0; - tin1 ^= tout1; - tin[1] = tin1; - DES_encrypt1((DES_LONG *)tin, _schedule, DES_ENCRYPT); - tout0 = tin[0]; - l2c(tout0, out); - tout1 = tin[1]; - l2c(tout1, out); - } -#ifndef CBC_ENC_C__DONT_UPDATE_IV - iv = &(*ivec)[0]; - l2c(tout0, iv); - l2c(tout1, iv); -#endif - } else { - c2l(iv, xor0); - c2l(iv, xor1); - for (l -= 8; l >= 0; l -= 8) { - c2l(in, tin0); - tin[0] = tin0; - c2l(in, tin1); - tin[1] = tin1; - DES_encrypt1((DES_LONG *)tin, _schedule, DES_DECRYPT); - tout0 = tin[0] ^ xor0; - tout1 = tin[1] ^ xor1; - l2c(tout0, out); - l2c(tout1, out); - xor0 = tin0; - xor1 = tin1; - } - if (l != -8) { - c2l(in, tin0); - tin[0] = tin0; - c2l(in, tin1); - tin[1] = tin1; - DES_encrypt1((DES_LONG *)tin, _schedule, DES_DECRYPT); - tout0 = tin[0] ^ xor0; - tout1 = tin[1] ^ xor1; - l2cn(tout0, tout1, out, l + 8); -#ifndef CBC_ENC_C__DONT_UPDATE_IV - xor0 = tin0; - xor1 = tin1; -#endif - } -#ifndef CBC_ENC_C__DONT_UPDATE_IV - iv = &(*ivec)[0]; - l2c(xor0, iv); - l2c(xor1, iv); -#endif - } - tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0; - tin[0] = tin[1] = 0; -} diff --git a/crypto/des/ofb64ede.c b/crypto/des/ofb64ede.c deleted file mode 100644 index edcfac853011bf7de13342e1ba1133348ec394fc..0000000000000000000000000000000000000000 --- a/crypto/des/ofb64ede.c +++ /dev/null @@ -1,68 +0,0 @@ -/* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * DES low level APIs are deprecated for public use, but still ok for internal - * use. - */ -#include "internal/deprecated.h" - -#include "des_local.h" - -/* - * The input and output encrypted as though 64bit ofb mode is being used. - * The extra state information to record how much of the 64bit block we have - * used is contained in *num; - */ -void DES_ede3_ofb64_encrypt(register const unsigned char *in, - register unsigned char *out, long length, - DES_key_schedule *k1, DES_key_schedule *k2, - DES_key_schedule *k3, DES_cblock *ivec, int *num) -{ - register DES_LONG v0, v1; - register int n = *num; - register long l = length; - DES_cblock d; - register char *dp; - DES_LONG ti[2]; - unsigned char *iv; - int save = 0; - - iv = &(*ivec)[0]; - c2l(iv, v0); - c2l(iv, v1); - ti[0] = v0; - ti[1] = v1; - dp = (char *)d; - l2c(v0, dp); - l2c(v1, dp); - while (l--) { - if (n == 0) { - /* ti[0]=v0; */ - /* ti[1]=v1; */ - DES_encrypt3(ti, k1, k2, k3); - v0 = ti[0]; - v1 = ti[1]; - - dp = (char *)d; - l2c(v0, dp); - l2c(v1, dp); - save++; - } - *(out++) = *(in++) ^ d[n]; - n = (n + 1) & 0x07; - } - if (save) { - iv = &(*ivec)[0]; - l2c(v0, iv); - l2c(v1, iv); - } - v0 = v1 = ti[0] = ti[1] = 0; - *num = n; -} diff --git a/crypto/des/ofb64enc.c b/crypto/des/ofb64enc.c deleted file mode 100644 index 73d4e21d2f9bb4ad371ee36a50766a182ac864bd..0000000000000000000000000000000000000000 --- a/crypto/des/ofb64enc.c +++ /dev/null @@ -1,66 +0,0 @@ -/* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * DES low level APIs are deprecated for public use, but still ok for internal - * use. - */ -#include "internal/deprecated.h" - -#include "des_local.h" - -/* - * The input and output encrypted as though 64bit ofb mode is being used. - * The extra state information to record how much of the 64bit block we have - * used is contained in *num; - */ -void DES_ofb64_encrypt(register const unsigned char *in, - register unsigned char *out, long length, - DES_key_schedule *schedule, DES_cblock *ivec, int *num) -{ - register DES_LONG v0, v1, t; - register int n = *num; - register long l = length; - DES_cblock d; - register unsigned char *dp; - DES_LONG ti[2]; - unsigned char *iv; - int save = 0; - - iv = &(*ivec)[0]; - c2l(iv, v0); - c2l(iv, v1); - ti[0] = v0; - ti[1] = v1; - dp = d; - l2c(v0, dp); - l2c(v1, dp); - while (l--) { - if (n == 0) { - DES_encrypt1(ti, schedule, DES_ENCRYPT); - dp = d; - t = ti[0]; - l2c(t, dp); - t = ti[1]; - l2c(t, dp); - save++; - } - *(out++) = *(in++) ^ d[n]; - n = (n + 1) & 0x07; - } - if (save) { - v0 = ti[0]; - v1 = ti[1]; - iv = &(*ivec)[0]; - l2c(v0, iv); - l2c(v1, iv); - } - t = v0 = v1 = ti[0] = ti[1] = 0; - *num = n; -} diff --git a/crypto/des/ofb_enc.c b/crypto/des/ofb_enc.c deleted file mode 100644 index 50c7f4c43213df8706457c24622d0557bc36da8d..0000000000000000000000000000000000000000 --- a/crypto/des/ofb_enc.c +++ /dev/null @@ -1,88 +0,0 @@ -/* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * DES low level APIs are deprecated for public use, but still ok for internal - * use. - */ -#include "internal/deprecated.h" - -#include "des_local.h" - -/* - * The input and output are loaded in multiples of 8 bits. What this means is - * that if you have numbits=12 and length=2 the first 12 bits will be - * retrieved from the first byte and half the second. The second 12 bits - * will come from the 3rd and half the 4th byte. - */ -void DES_ofb_encrypt(const unsigned char *in, unsigned char *out, int numbits, - long length, DES_key_schedule *schedule, - DES_cblock *ivec) -{ - register DES_LONG d0, d1, vv0, vv1, v0, v1, n = (numbits + 7) / 8; - register DES_LONG mask0, mask1; - register long l = length; - register int num = numbits; - DES_LONG ti[2]; - unsigned char *iv; - - if (num > 64) - return; - if (num > 32) { - mask0 = 0xffffffffL; - if (num >= 64) - mask1 = mask0; - else - mask1 = (1L << (num - 32)) - 1; - } else { - if (num == 32) - mask0 = 0xffffffffL; - else - mask0 = (1L << num) - 1; - mask1 = 0x00000000L; - } - - iv = &(*ivec)[0]; - c2l(iv, v0); - c2l(iv, v1); - ti[0] = v0; - ti[1] = v1; - while (l-- > 0) { - ti[0] = v0; - ti[1] = v1; - DES_encrypt1((DES_LONG *)ti, schedule, DES_ENCRYPT); - vv0 = ti[0]; - vv1 = ti[1]; - c2ln(in, d0, d1, n); - in += n; - d0 = (d0 ^ vv0) & mask0; - d1 = (d1 ^ vv1) & mask1; - l2cn(d0, d1, out, n); - out += n; - - if (num == 32) { - v0 = v1; - v1 = vv0; - } else if (num == 64) { - v0 = vv0; - v1 = vv1; - } else if (num > 32) { /* && num != 64 */ - v0 = ((v1 >> (num - 32)) | (vv0 << (64 - num))) & 0xffffffffL; - v1 = ((vv0 >> (num - 32)) | (vv1 << (64 - num))) & 0xffffffffL; - } else { /* num < 32 */ - - v0 = ((v0 >> num) | (v1 << (32 - num))) & 0xffffffffL; - v1 = ((v1 >> num) | (vv0 << (32 - num))) & 0xffffffffL; - } - } - iv = &(*ivec)[0]; - l2c(v0, iv); - l2c(v1, iv); - v0 = v1 = d0 = d1 = ti[0] = ti[1] = vv0 = vv1 = 0; -} diff --git a/crypto/des/pcbc_enc.c b/crypto/des/pcbc_enc.c deleted file mode 100644 index dd9eb1a92774e20b4ec6f01db1672cf3a68a6a49..0000000000000000000000000000000000000000 --- a/crypto/des/pcbc_enc.c +++ /dev/null @@ -1,72 +0,0 @@ -/* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * DES low level APIs are deprecated for public use, but still ok for internal - * use. - */ -#include "internal/deprecated.h" - -#include "des_local.h" - -void DES_pcbc_encrypt(const unsigned char *input, unsigned char *output, - long length, DES_key_schedule *schedule, - DES_cblock *ivec, int enc) -{ - register DES_LONG sin0, sin1, xor0, xor1, tout0, tout1; - DES_LONG tin[2]; - const unsigned char *in; - unsigned char *out, *iv; - - in = input; - out = output; - iv = &(*ivec)[0]; - - if (enc) { - c2l(iv, xor0); - c2l(iv, xor1); - for (; length > 0; length -= 8) { - if (length >= 8) { - c2l(in, sin0); - c2l(in, sin1); - } else - c2ln(in, sin0, sin1, length); - tin[0] = sin0 ^ xor0; - tin[1] = sin1 ^ xor1; - DES_encrypt1((DES_LONG *)tin, schedule, DES_ENCRYPT); - tout0 = tin[0]; - tout1 = tin[1]; - xor0 = sin0 ^ tout0; - xor1 = sin1 ^ tout1; - l2c(tout0, out); - l2c(tout1, out); - } - } else { - c2l(iv, xor0); - c2l(iv, xor1); - for (; length > 0; length -= 8) { - c2l(in, sin0); - c2l(in, sin1); - tin[0] = sin0; - tin[1] = sin1; - DES_encrypt1((DES_LONG *)tin, schedule, DES_DECRYPT); - tout0 = tin[0] ^ xor0; - tout1 = tin[1] ^ xor1; - if (length >= 8) { - l2c(tout0, out); - l2c(tout1, out); - } else - l2cn(tout0, tout1, out, length); - xor0 = tout0 ^ sin0; - xor1 = tout1 ^ sin1; - } - } - tin[0] = tin[1] = 0; - sin0 = sin1 = xor0 = xor1 = tout0 = tout1 = 0; -} diff --git a/crypto/des/qud_cksm.c b/crypto/des/qud_cksm.c deleted file mode 100644 index 9f683990779730048af53382f18f0bea2a8234bc..0000000000000000000000000000000000000000 --- a/crypto/des/qud_cksm.c +++ /dev/null @@ -1,83 +0,0 @@ -/* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * From "Message Authentication" R.R. Jueneman, S.M. Matyas, C.H. Meyer IEEE - * Communications Magazine Sept 1985 Vol. 23 No. 9 p 29-40 This module in - * only based on the code in this paper and is almost definitely not the same - * as the MIT implementation. - */ - -/* - * DES low level APIs are deprecated for public use, but still ok for internal - * use. - */ -#include "internal/deprecated.h" - -#include "des_local.h" - -#define Q_B0(a) (((DES_LONG)(a))) -#define Q_B1(a) (((DES_LONG)(a))<<8) -#define Q_B2(a) (((DES_LONG)(a))<<16) -#define Q_B3(a) (((DES_LONG)(a))<<24) - -/* used to scramble things a bit */ -/* Got the value MIT uses via brute force :-) 2/10/90 eay */ -#define NOISE ((DES_LONG)83653421L) - -DES_LONG DES_quad_cksum(const unsigned char *input, DES_cblock output[], - long length, int out_count, DES_cblock *seed) -{ - DES_LONG z0, z1, t0, t1; - int i; - long l; - const unsigned char *cp; - DES_LONG *lp; - - if (out_count < 1) - out_count = 1; - lp = (DES_LONG *)&(output[0])[0]; - - z0 = Q_B0((*seed)[0]) | Q_B1((*seed)[1]) | Q_B2((*seed)[2]) | - Q_B3((*seed)[3]); - z1 = Q_B0((*seed)[4]) | Q_B1((*seed)[5]) | Q_B2((*seed)[6]) | - Q_B3((*seed)[7]); - - for (i = 0; ((i < 4) && (i < out_count)); i++) { - cp = input; - l = length; - while (l > 0) { - if (l > 1) { - t0 = (DES_LONG)(*(cp++)); - t0 |= (DES_LONG)Q_B1(*(cp++)); - l--; - } else - t0 = (DES_LONG)(*(cp++)); - l--; - /* add */ - t0 += z0; - t0 &= 0xffffffffL; - t1 = z1; - /* square, well sort of square */ - z0 = ((((t0 * t0) & 0xffffffffL) + ((t1 * t1) & 0xffffffffL)) - & 0xffffffffL) % 0x7fffffffL; - z1 = ((t0 * ((t1 + NOISE) & 0xffffffffL)) & 0xffffffffL) % - 0x7fffffffL; - } - if (lp != NULL) { - /* - * The MIT library assumes that the checksum is composed of - * 2*out_count 32 bit ints - */ - *lp++ = z0; - *lp++ = z1; - } - } - return z0; -} diff --git a/crypto/des/rand_key.c b/crypto/des/rand_key.c deleted file mode 100644 index 4c6588787126912a2adf84d3dc780b7f27bfbea4..0000000000000000000000000000000000000000 --- a/crypto/des/rand_key.c +++ /dev/null @@ -1,27 +0,0 @@ -/* - * Copyright 1998-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * DES low level APIs are deprecated for public use, but still ok for internal - * use. - */ -#include "internal/deprecated.h" - -#include -#include - -int DES_random_key(DES_cblock *ret) -{ - do { - if (RAND_priv_bytes((unsigned char *)ret, sizeof(DES_cblock)) != 1) - return 0; - } while (DES_is_weak_key(ret)); - DES_set_odd_parity(ret); - return 1; -} diff --git a/crypto/des/set_key.c b/crypto/des/set_key.c deleted file mode 100644 index adcfb7f12451c4950b8de1547f1b3d5263393456..0000000000000000000000000000000000000000 --- a/crypto/des/set_key.c +++ /dev/null @@ -1,394 +0,0 @@ -/* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/*- - * set_key.c v 1.4 eay 24/9/91 - * 1.4 Speed up by 400% :-) - * 1.3 added register declarations. - * 1.2 unrolled make_key_sched a bit more - * 1.1 added norm_expand_bits - * 1.0 First working version - */ - -/* - * DES low level APIs are deprecated for public use, but still ok for internal - * use. - */ -#include "internal/deprecated.h" - -#include -#include "internal/constant_time.h" -#include "internal/nelem.h" -#include "des_local.h" - -static const unsigned char odd_parity[256] = { - 1, 1, 2, 2, 4, 4, 7, 7, 8, 8, 11, 11, 13, 13, 14, 14, - 16, 16, 19, 19, 21, 21, 22, 22, 25, 25, 26, 26, 28, 28, 31, 31, - 32, 32, 35, 35, 37, 37, 38, 38, 41, 41, 42, 42, 44, 44, 47, 47, - 49, 49, 50, 50, 52, 52, 55, 55, 56, 56, 59, 59, 61, 61, 62, 62, - 64, 64, 67, 67, 69, 69, 70, 70, 73, 73, 74, 74, 76, 76, 79, 79, - 81, 81, 82, 82, 84, 84, 87, 87, 88, 88, 91, 91, 93, 93, 94, 94, - 97, 97, 98, 98, 100, 100, 103, 103, 104, 104, 107, 107, 109, 109, 110, - 110, - 112, 112, 115, 115, 117, 117, 118, 118, 121, 121, 122, 122, 124, 124, 127, - 127, - 128, 128, 131, 131, 133, 133, 134, 134, 137, 137, 138, 138, 140, 140, 143, - 143, - 145, 145, 146, 146, 148, 148, 151, 151, 152, 152, 155, 155, 157, 157, 158, - 158, - 161, 161, 162, 162, 164, 164, 167, 167, 168, 168, 171, 171, 173, 173, 174, - 174, - 176, 176, 179, 179, 181, 181, 182, 182, 185, 185, 186, 186, 188, 188, 191, - 191, - 193, 193, 194, 194, 196, 196, 199, 199, 200, 200, 203, 203, 205, 205, 206, - 206, - 208, 208, 211, 211, 213, 213, 214, 214, 217, 217, 218, 218, 220, 220, 223, - 223, - 224, 224, 227, 227, 229, 229, 230, 230, 233, 233, 234, 234, 236, 236, 239, - 239, - 241, 241, 242, 242, 244, 244, 247, 247, 248, 248, 251, 251, 253, 253, 254, - 254 -}; - -void DES_set_odd_parity(DES_cblock *key) -{ - unsigned int i; - - for (i = 0; i < DES_KEY_SZ; i++) - (*key)[i] = odd_parity[(*key)[i]]; -} - -/* - * Check that a key has the correct parity. - * Return 1 if parity is okay and 0 if not. - */ -int DES_check_key_parity(const_DES_cblock *key) -{ - unsigned int i; - unsigned char res = 0377, b; - - for (i = 0; i < DES_KEY_SZ; i++) { - b = (*key)[i]; - b ^= b >> 4; - b ^= b >> 2; - b ^= b >> 1; - res &= constant_time_eq_8(b & 1, 1); - } - return (int)(res & 1); -} - -/*- - * Weak and semi weak keys as taken from - * %A D.W. Davies - * %A W.L. Price - * %T Security for Computer Networks - * %I John Wiley & Sons - * %D 1984 - */ -static const DES_cblock weak_keys[] = { - /* weak keys */ - {0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01}, - {0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE}, - {0x1F, 0x1F, 0x1F, 0x1F, 0x0E, 0x0E, 0x0E, 0x0E}, - {0xE0, 0xE0, 0xE0, 0xE0, 0xF1, 0xF1, 0xF1, 0xF1}, - /* semi-weak keys */ - {0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE}, - {0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01}, - {0x1F, 0xE0, 0x1F, 0xE0, 0x0E, 0xF1, 0x0E, 0xF1}, - {0xE0, 0x1F, 0xE0, 0x1F, 0xF1, 0x0E, 0xF1, 0x0E}, - {0x01, 0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1}, - {0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1, 0x01}, - {0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E, 0xFE}, - {0xFE, 0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E}, - {0x01, 0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E}, - {0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E, 0x01}, - {0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1, 0xFE}, - {0xFE, 0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1} -}; - -/* - * Check for weak keys. - * Return 1 if the key is weak and 0 otherwise. - */ -int DES_is_weak_key(const_DES_cblock *key) -{ - unsigned int i, res = 0; - int j; - - for (i = 0; i < OSSL_NELEM(weak_keys); i++) { - j = CRYPTO_memcmp(weak_keys[i], key, sizeof(DES_cblock)); - res |= constant_time_is_zero((unsigned int)j); - } - return (int)(res & 1); -} - -/*- - * NOW DEFINED IN des_local.h - * See ecb_encrypt.c for a pseudo description of these macros. - * #define PERM_OP(a,b,t,n,m) ((t)=((((a)>>(n))^(b))&(m)),\ - * (b)^=(t),\ - * (a)=((a)^((t)<<(n)))) - */ - -#define HPERM_OP(a,t,n,m) ((t)=((((a)<<(16-(n)))^(a))&(m)),\ - (a)=(a)^(t)^(t>>(16-(n)))) - -static const DES_LONG des_skb[8][64] = { - { - /* for C bits (numbered as per FIPS 46) 1 2 3 4 5 6 */ - 0x00000000L, 0x00000010L, 0x20000000L, 0x20000010L, - 0x00010000L, 0x00010010L, 0x20010000L, 0x20010010L, - 0x00000800L, 0x00000810L, 0x20000800L, 0x20000810L, - 0x00010800L, 0x00010810L, 0x20010800L, 0x20010810L, - 0x00000020L, 0x00000030L, 0x20000020L, 0x20000030L, - 0x00010020L, 0x00010030L, 0x20010020L, 0x20010030L, - 0x00000820L, 0x00000830L, 0x20000820L, 0x20000830L, - 0x00010820L, 0x00010830L, 0x20010820L, 0x20010830L, - 0x00080000L, 0x00080010L, 0x20080000L, 0x20080010L, - 0x00090000L, 0x00090010L, 0x20090000L, 0x20090010L, - 0x00080800L, 0x00080810L, 0x20080800L, 0x20080810L, - 0x00090800L, 0x00090810L, 0x20090800L, 0x20090810L, - 0x00080020L, 0x00080030L, 0x20080020L, 0x20080030L, - 0x00090020L, 0x00090030L, 0x20090020L, 0x20090030L, - 0x00080820L, 0x00080830L, 0x20080820L, 0x20080830L, - 0x00090820L, 0x00090830L, 0x20090820L, 0x20090830L, - }, - { - /* for C bits (numbered as per FIPS 46) 7 8 10 11 12 13 */ - 0x00000000L, 0x02000000L, 0x00002000L, 0x02002000L, - 0x00200000L, 0x02200000L, 0x00202000L, 0x02202000L, - 0x00000004L, 0x02000004L, 0x00002004L, 0x02002004L, - 0x00200004L, 0x02200004L, 0x00202004L, 0x02202004L, - 0x00000400L, 0x02000400L, 0x00002400L, 0x02002400L, - 0x00200400L, 0x02200400L, 0x00202400L, 0x02202400L, - 0x00000404L, 0x02000404L, 0x00002404L, 0x02002404L, - 0x00200404L, 0x02200404L, 0x00202404L, 0x02202404L, - 0x10000000L, 0x12000000L, 0x10002000L, 0x12002000L, - 0x10200000L, 0x12200000L, 0x10202000L, 0x12202000L, - 0x10000004L, 0x12000004L, 0x10002004L, 0x12002004L, - 0x10200004L, 0x12200004L, 0x10202004L, 0x12202004L, - 0x10000400L, 0x12000400L, 0x10002400L, 0x12002400L, - 0x10200400L, 0x12200400L, 0x10202400L, 0x12202400L, - 0x10000404L, 0x12000404L, 0x10002404L, 0x12002404L, - 0x10200404L, 0x12200404L, 0x10202404L, 0x12202404L, - }, - { - /* for C bits (numbered as per FIPS 46) 14 15 16 17 19 20 */ - 0x00000000L, 0x00000001L, 0x00040000L, 0x00040001L, - 0x01000000L, 0x01000001L, 0x01040000L, 0x01040001L, - 0x00000002L, 0x00000003L, 0x00040002L, 0x00040003L, - 0x01000002L, 0x01000003L, 0x01040002L, 0x01040003L, - 0x00000200L, 0x00000201L, 0x00040200L, 0x00040201L, - 0x01000200L, 0x01000201L, 0x01040200L, 0x01040201L, - 0x00000202L, 0x00000203L, 0x00040202L, 0x00040203L, - 0x01000202L, 0x01000203L, 0x01040202L, 0x01040203L, - 0x08000000L, 0x08000001L, 0x08040000L, 0x08040001L, - 0x09000000L, 0x09000001L, 0x09040000L, 0x09040001L, - 0x08000002L, 0x08000003L, 0x08040002L, 0x08040003L, - 0x09000002L, 0x09000003L, 0x09040002L, 0x09040003L, - 0x08000200L, 0x08000201L, 0x08040200L, 0x08040201L, - 0x09000200L, 0x09000201L, 0x09040200L, 0x09040201L, - 0x08000202L, 0x08000203L, 0x08040202L, 0x08040203L, - 0x09000202L, 0x09000203L, 0x09040202L, 0x09040203L, - }, - { - /* for C bits (numbered as per FIPS 46) 21 23 24 26 27 28 */ - 0x00000000L, 0x00100000L, 0x00000100L, 0x00100100L, - 0x00000008L, 0x00100008L, 0x00000108L, 0x00100108L, - 0x00001000L, 0x00101000L, 0x00001100L, 0x00101100L, - 0x00001008L, 0x00101008L, 0x00001108L, 0x00101108L, - 0x04000000L, 0x04100000L, 0x04000100L, 0x04100100L, - 0x04000008L, 0x04100008L, 0x04000108L, 0x04100108L, - 0x04001000L, 0x04101000L, 0x04001100L, 0x04101100L, - 0x04001008L, 0x04101008L, 0x04001108L, 0x04101108L, - 0x00020000L, 0x00120000L, 0x00020100L, 0x00120100L, - 0x00020008L, 0x00120008L, 0x00020108L, 0x00120108L, - 0x00021000L, 0x00121000L, 0x00021100L, 0x00121100L, - 0x00021008L, 0x00121008L, 0x00021108L, 0x00121108L, - 0x04020000L, 0x04120000L, 0x04020100L, 0x04120100L, - 0x04020008L, 0x04120008L, 0x04020108L, 0x04120108L, - 0x04021000L, 0x04121000L, 0x04021100L, 0x04121100L, - 0x04021008L, 0x04121008L, 0x04021108L, 0x04121108L, - }, - { - /* for D bits (numbered as per FIPS 46) 1 2 3 4 5 6 */ - 0x00000000L, 0x10000000L, 0x00010000L, 0x10010000L, - 0x00000004L, 0x10000004L, 0x00010004L, 0x10010004L, - 0x20000000L, 0x30000000L, 0x20010000L, 0x30010000L, - 0x20000004L, 0x30000004L, 0x20010004L, 0x30010004L, - 0x00100000L, 0x10100000L, 0x00110000L, 0x10110000L, - 0x00100004L, 0x10100004L, 0x00110004L, 0x10110004L, - 0x20100000L, 0x30100000L, 0x20110000L, 0x30110000L, - 0x20100004L, 0x30100004L, 0x20110004L, 0x30110004L, - 0x00001000L, 0x10001000L, 0x00011000L, 0x10011000L, - 0x00001004L, 0x10001004L, 0x00011004L, 0x10011004L, - 0x20001000L, 0x30001000L, 0x20011000L, 0x30011000L, - 0x20001004L, 0x30001004L, 0x20011004L, 0x30011004L, - 0x00101000L, 0x10101000L, 0x00111000L, 0x10111000L, - 0x00101004L, 0x10101004L, 0x00111004L, 0x10111004L, - 0x20101000L, 0x30101000L, 0x20111000L, 0x30111000L, - 0x20101004L, 0x30101004L, 0x20111004L, 0x30111004L, - }, - { - /* for D bits (numbered as per FIPS 46) 8 9 11 12 13 14 */ - 0x00000000L, 0x08000000L, 0x00000008L, 0x08000008L, - 0x00000400L, 0x08000400L, 0x00000408L, 0x08000408L, - 0x00020000L, 0x08020000L, 0x00020008L, 0x08020008L, - 0x00020400L, 0x08020400L, 0x00020408L, 0x08020408L, - 0x00000001L, 0x08000001L, 0x00000009L, 0x08000009L, - 0x00000401L, 0x08000401L, 0x00000409L, 0x08000409L, - 0x00020001L, 0x08020001L, 0x00020009L, 0x08020009L, - 0x00020401L, 0x08020401L, 0x00020409L, 0x08020409L, - 0x02000000L, 0x0A000000L, 0x02000008L, 0x0A000008L, - 0x02000400L, 0x0A000400L, 0x02000408L, 0x0A000408L, - 0x02020000L, 0x0A020000L, 0x02020008L, 0x0A020008L, - 0x02020400L, 0x0A020400L, 0x02020408L, 0x0A020408L, - 0x02000001L, 0x0A000001L, 0x02000009L, 0x0A000009L, - 0x02000401L, 0x0A000401L, 0x02000409L, 0x0A000409L, - 0x02020001L, 0x0A020001L, 0x02020009L, 0x0A020009L, - 0x02020401L, 0x0A020401L, 0x02020409L, 0x0A020409L, - }, - { - /* for D bits (numbered as per FIPS 46) 16 17 18 19 20 21 */ - 0x00000000L, 0x00000100L, 0x00080000L, 0x00080100L, - 0x01000000L, 0x01000100L, 0x01080000L, 0x01080100L, - 0x00000010L, 0x00000110L, 0x00080010L, 0x00080110L, - 0x01000010L, 0x01000110L, 0x01080010L, 0x01080110L, - 0x00200000L, 0x00200100L, 0x00280000L, 0x00280100L, - 0x01200000L, 0x01200100L, 0x01280000L, 0x01280100L, - 0x00200010L, 0x00200110L, 0x00280010L, 0x00280110L, - 0x01200010L, 0x01200110L, 0x01280010L, 0x01280110L, - 0x00000200L, 0x00000300L, 0x00080200L, 0x00080300L, - 0x01000200L, 0x01000300L, 0x01080200L, 0x01080300L, - 0x00000210L, 0x00000310L, 0x00080210L, 0x00080310L, - 0x01000210L, 0x01000310L, 0x01080210L, 0x01080310L, - 0x00200200L, 0x00200300L, 0x00280200L, 0x00280300L, - 0x01200200L, 0x01200300L, 0x01280200L, 0x01280300L, - 0x00200210L, 0x00200310L, 0x00280210L, 0x00280310L, - 0x01200210L, 0x01200310L, 0x01280210L, 0x01280310L, - }, - { - /* for D bits (numbered as per FIPS 46) 22 23 24 25 27 28 */ - 0x00000000L, 0x04000000L, 0x00040000L, 0x04040000L, - 0x00000002L, 0x04000002L, 0x00040002L, 0x04040002L, - 0x00002000L, 0x04002000L, 0x00042000L, 0x04042000L, - 0x00002002L, 0x04002002L, 0x00042002L, 0x04042002L, - 0x00000020L, 0x04000020L, 0x00040020L, 0x04040020L, - 0x00000022L, 0x04000022L, 0x00040022L, 0x04040022L, - 0x00002020L, 0x04002020L, 0x00042020L, 0x04042020L, - 0x00002022L, 0x04002022L, 0x00042022L, 0x04042022L, - 0x00000800L, 0x04000800L, 0x00040800L, 0x04040800L, - 0x00000802L, 0x04000802L, 0x00040802L, 0x04040802L, - 0x00002800L, 0x04002800L, 0x00042800L, 0x04042800L, - 0x00002802L, 0x04002802L, 0x00042802L, 0x04042802L, - 0x00000820L, 0x04000820L, 0x00040820L, 0x04040820L, - 0x00000822L, 0x04000822L, 0x00040822L, 0x04040822L, - 0x00002820L, 0x04002820L, 0x00042820L, 0x04042820L, - 0x00002822L, 0x04002822L, 0x00042822L, 0x04042822L, - } -}; - -/* Return values as DES_set_key_checked() but always set the key */ -int DES_set_key(const_DES_cblock *key, DES_key_schedule *schedule) -{ - int ret = 0; - - if (!DES_check_key_parity(key)) - ret = -1; - if (DES_is_weak_key(key)) - ret = -2; - DES_set_key_unchecked(key, schedule); - return ret; -} - -/*- - * return 0 if key parity is odd (correct), - * return -1 if key parity error, - * return -2 if illegal weak key. - */ -int DES_set_key_checked(const_DES_cblock *key, DES_key_schedule *schedule) -{ - if (!DES_check_key_parity(key)) - return -1; - if (DES_is_weak_key(key)) - return -2; - DES_set_key_unchecked(key, schedule); - return 0; -} - -void DES_set_key_unchecked(const_DES_cblock *key, DES_key_schedule *schedule) -{ - static const int shifts2[16] = - { 0, 0, 1, 1, 1, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, 0 }; - register DES_LONG c, d, t, s, t2; - register const unsigned char *in; - register DES_LONG *k; - register int i; - -#ifdef OPENBSD_DEV_CRYPTO - memcpy(schedule->key, key, sizeof(schedule->key)); - schedule->session = NULL; -#endif - k = &schedule->ks->deslong[0]; - in = &(*key)[0]; - - c2l(in, c); - c2l(in, d); - - /* - * do PC1 in 47 simple operations. Thanks to John Fletcher - * for the inspiration. - */ - PERM_OP(d, c, t, 4, 0x0f0f0f0fL); - HPERM_OP(c, t, -2, 0xcccc0000L); - HPERM_OP(d, t, -2, 0xcccc0000L); - PERM_OP(d, c, t, 1, 0x55555555L); - PERM_OP(c, d, t, 8, 0x00ff00ffL); - PERM_OP(d, c, t, 1, 0x55555555L); - d = (((d & 0x000000ffL) << 16L) | (d & 0x0000ff00L) | - ((d & 0x00ff0000L) >> 16L) | ((c & 0xf0000000L) >> 4L)); - c &= 0x0fffffffL; - - for (i = 0; i < ITERATIONS; i++) { - if (shifts2[i]) { - c = ((c >> 2L) | (c << 26L)); - d = ((d >> 2L) | (d << 26L)); - } else { - c = ((c >> 1L) | (c << 27L)); - d = ((d >> 1L) | (d << 27L)); - } - c &= 0x0fffffffL; - d &= 0x0fffffffL; - /* - * could be a few less shifts but I am to lazy at this point in time - * to investigate - */ - s = des_skb[0][(c) & 0x3f] | - des_skb[1][((c >> 6L) & 0x03) | ((c >> 7L) & 0x3c)] | - des_skb[2][((c >> 13L) & 0x0f) | ((c >> 14L) & 0x30)] | - des_skb[3][((c >> 20L) & 0x01) | ((c >> 21L) & 0x06) | - ((c >> 22L) & 0x38)]; - t = des_skb[4][(d) & 0x3f] | - des_skb[5][((d >> 7L) & 0x03) | ((d >> 8L) & 0x3c)] | - des_skb[6][(d >> 15L) & 0x3f] | - des_skb[7][((d >> 21L) & 0x0f) | ((d >> 22L) & 0x30)]; - - /* table contained 0213 4657 */ - t2 = ((t << 16L) | (s & 0x0000ffffL)) & 0xffffffffL; - *(k++) = ROTATE(t2, 30) & 0xffffffffL; - - t2 = ((s >> 16L) | (t & 0xffff0000L)); - *(k++) = ROTATE(t2, 26) & 0xffffffffL; - } -} - -int DES_key_sched(const_DES_cblock *key, DES_key_schedule *schedule) -{ - return DES_set_key(key, schedule); -} diff --git a/crypto/des/spr.h b/crypto/des/spr.h deleted file mode 100644 index 1fe3394ba0dc118cbc0f3c605ac9b5ed63c4626a..0000000000000000000000000000000000000000 --- a/crypto/des/spr.h +++ /dev/null @@ -1,163 +0,0 @@ -/* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -const DES_LONG DES_SPtrans[8][64] = { - { - /* nibble 0 */ - 0x02080800L, 0x00080000L, 0x02000002L, 0x02080802L, - 0x02000000L, 0x00080802L, 0x00080002L, 0x02000002L, - 0x00080802L, 0x02080800L, 0x02080000L, 0x00000802L, - 0x02000802L, 0x02000000L, 0x00000000L, 0x00080002L, - 0x00080000L, 0x00000002L, 0x02000800L, 0x00080800L, - 0x02080802L, 0x02080000L, 0x00000802L, 0x02000800L, - 0x00000002L, 0x00000800L, 0x00080800L, 0x02080002L, - 0x00000800L, 0x02000802L, 0x02080002L, 0x00000000L, - 0x00000000L, 0x02080802L, 0x02000800L, 0x00080002L, - 0x02080800L, 0x00080000L, 0x00000802L, 0x02000800L, - 0x02080002L, 0x00000800L, 0x00080800L, 0x02000002L, - 0x00080802L, 0x00000002L, 0x02000002L, 0x02080000L, - 0x02080802L, 0x00080800L, 0x02080000L, 0x02000802L, - 0x02000000L, 0x00000802L, 0x00080002L, 0x00000000L, - 0x00080000L, 0x02000000L, 0x02000802L, 0x02080800L, - 0x00000002L, 0x02080002L, 0x00000800L, 0x00080802L, - }, - { - /* nibble 1 */ - 0x40108010L, 0x00000000L, 0x00108000L, 0x40100000L, - 0x40000010L, 0x00008010L, 0x40008000L, 0x00108000L, - 0x00008000L, 0x40100010L, 0x00000010L, 0x40008000L, - 0x00100010L, 0x40108000L, 0x40100000L, 0x00000010L, - 0x00100000L, 0x40008010L, 0x40100010L, 0x00008000L, - 0x00108010L, 0x40000000L, 0x00000000L, 0x00100010L, - 0x40008010L, 0x00108010L, 0x40108000L, 0x40000010L, - 0x40000000L, 0x00100000L, 0x00008010L, 0x40108010L, - 0x00100010L, 0x40108000L, 0x40008000L, 0x00108010L, - 0x40108010L, 0x00100010L, 0x40000010L, 0x00000000L, - 0x40000000L, 0x00008010L, 0x00100000L, 0x40100010L, - 0x00008000L, 0x40000000L, 0x00108010L, 0x40008010L, - 0x40108000L, 0x00008000L, 0x00000000L, 0x40000010L, - 0x00000010L, 0x40108010L, 0x00108000L, 0x40100000L, - 0x40100010L, 0x00100000L, 0x00008010L, 0x40008000L, - 0x40008010L, 0x00000010L, 0x40100000L, 0x00108000L, - }, - { - /* nibble 2 */ - 0x04000001L, 0x04040100L, 0x00000100L, 0x04000101L, - 0x00040001L, 0x04000000L, 0x04000101L, 0x00040100L, - 0x04000100L, 0x00040000L, 0x04040000L, 0x00000001L, - 0x04040101L, 0x00000101L, 0x00000001L, 0x04040001L, - 0x00000000L, 0x00040001L, 0x04040100L, 0x00000100L, - 0x00000101L, 0x04040101L, 0x00040000L, 0x04000001L, - 0x04040001L, 0x04000100L, 0x00040101L, 0x04040000L, - 0x00040100L, 0x00000000L, 0x04000000L, 0x00040101L, - 0x04040100L, 0x00000100L, 0x00000001L, 0x00040000L, - 0x00000101L, 0x00040001L, 0x04040000L, 0x04000101L, - 0x00000000L, 0x04040100L, 0x00040100L, 0x04040001L, - 0x00040001L, 0x04000000L, 0x04040101L, 0x00000001L, - 0x00040101L, 0x04000001L, 0x04000000L, 0x04040101L, - 0x00040000L, 0x04000100L, 0x04000101L, 0x00040100L, - 0x04000100L, 0x00000000L, 0x04040001L, 0x00000101L, - 0x04000001L, 0x00040101L, 0x00000100L, 0x04040000L, - }, - { - /* nibble 3 */ - 0x00401008L, 0x10001000L, 0x00000008L, 0x10401008L, - 0x00000000L, 0x10400000L, 0x10001008L, 0x00400008L, - 0x10401000L, 0x10000008L, 0x10000000L, 0x00001008L, - 0x10000008L, 0x00401008L, 0x00400000L, 0x10000000L, - 0x10400008L, 0x00401000L, 0x00001000L, 0x00000008L, - 0x00401000L, 0x10001008L, 0x10400000L, 0x00001000L, - 0x00001008L, 0x00000000L, 0x00400008L, 0x10401000L, - 0x10001000L, 0x10400008L, 0x10401008L, 0x00400000L, - 0x10400008L, 0x00001008L, 0x00400000L, 0x10000008L, - 0x00401000L, 0x10001000L, 0x00000008L, 0x10400000L, - 0x10001008L, 0x00000000L, 0x00001000L, 0x00400008L, - 0x00000000L, 0x10400008L, 0x10401000L, 0x00001000L, - 0x10000000L, 0x10401008L, 0x00401008L, 0x00400000L, - 0x10401008L, 0x00000008L, 0x10001000L, 0x00401008L, - 0x00400008L, 0x00401000L, 0x10400000L, 0x10001008L, - 0x00001008L, 0x10000000L, 0x10000008L, 0x10401000L, - }, - { - /* nibble 4 */ - 0x08000000L, 0x00010000L, 0x00000400L, 0x08010420L, - 0x08010020L, 0x08000400L, 0x00010420L, 0x08010000L, - 0x00010000L, 0x00000020L, 0x08000020L, 0x00010400L, - 0x08000420L, 0x08010020L, 0x08010400L, 0x00000000L, - 0x00010400L, 0x08000000L, 0x00010020L, 0x00000420L, - 0x08000400L, 0x00010420L, 0x00000000L, 0x08000020L, - 0x00000020L, 0x08000420L, 0x08010420L, 0x00010020L, - 0x08010000L, 0x00000400L, 0x00000420L, 0x08010400L, - 0x08010400L, 0x08000420L, 0x00010020L, 0x08010000L, - 0x00010000L, 0x00000020L, 0x08000020L, 0x08000400L, - 0x08000000L, 0x00010400L, 0x08010420L, 0x00000000L, - 0x00010420L, 0x08000000L, 0x00000400L, 0x00010020L, - 0x08000420L, 0x00000400L, 0x00000000L, 0x08010420L, - 0x08010020L, 0x08010400L, 0x00000420L, 0x00010000L, - 0x00010400L, 0x08010020L, 0x08000400L, 0x00000420L, - 0x00000020L, 0x00010420L, 0x08010000L, 0x08000020L, - }, - { - /* nibble 5 */ - 0x80000040L, 0x00200040L, 0x00000000L, 0x80202000L, - 0x00200040L, 0x00002000L, 0x80002040L, 0x00200000L, - 0x00002040L, 0x80202040L, 0x00202000L, 0x80000000L, - 0x80002000L, 0x80000040L, 0x80200000L, 0x00202040L, - 0x00200000L, 0x80002040L, 0x80200040L, 0x00000000L, - 0x00002000L, 0x00000040L, 0x80202000L, 0x80200040L, - 0x80202040L, 0x80200000L, 0x80000000L, 0x00002040L, - 0x00000040L, 0x00202000L, 0x00202040L, 0x80002000L, - 0x00002040L, 0x80000000L, 0x80002000L, 0x00202040L, - 0x80202000L, 0x00200040L, 0x00000000L, 0x80002000L, - 0x80000000L, 0x00002000L, 0x80200040L, 0x00200000L, - 0x00200040L, 0x80202040L, 0x00202000L, 0x00000040L, - 0x80202040L, 0x00202000L, 0x00200000L, 0x80002040L, - 0x80000040L, 0x80200000L, 0x00202040L, 0x00000000L, - 0x00002000L, 0x80000040L, 0x80002040L, 0x80202000L, - 0x80200000L, 0x00002040L, 0x00000040L, 0x80200040L, - }, - { - /* nibble 6 */ - 0x00004000L, 0x00000200L, 0x01000200L, 0x01000004L, - 0x01004204L, 0x00004004L, 0x00004200L, 0x00000000L, - 0x01000000L, 0x01000204L, 0x00000204L, 0x01004000L, - 0x00000004L, 0x01004200L, 0x01004000L, 0x00000204L, - 0x01000204L, 0x00004000L, 0x00004004L, 0x01004204L, - 0x00000000L, 0x01000200L, 0x01000004L, 0x00004200L, - 0x01004004L, 0x00004204L, 0x01004200L, 0x00000004L, - 0x00004204L, 0x01004004L, 0x00000200L, 0x01000000L, - 0x00004204L, 0x01004000L, 0x01004004L, 0x00000204L, - 0x00004000L, 0x00000200L, 0x01000000L, 0x01004004L, - 0x01000204L, 0x00004204L, 0x00004200L, 0x00000000L, - 0x00000200L, 0x01000004L, 0x00000004L, 0x01000200L, - 0x00000000L, 0x01000204L, 0x01000200L, 0x00004200L, - 0x00000204L, 0x00004000L, 0x01004204L, 0x01000000L, - 0x01004200L, 0x00000004L, 0x00004004L, 0x01004204L, - 0x01000004L, 0x01004200L, 0x01004000L, 0x00004004L, - }, - { - /* nibble 7 */ - 0x20800080L, 0x20820000L, 0x00020080L, 0x00000000L, - 0x20020000L, 0x00800080L, 0x20800000L, 0x20820080L, - 0x00000080L, 0x20000000L, 0x00820000L, 0x00020080L, - 0x00820080L, 0x20020080L, 0x20000080L, 0x20800000L, - 0x00020000L, 0x00820080L, 0x00800080L, 0x20020000L, - 0x20820080L, 0x20000080L, 0x00000000L, 0x00820000L, - 0x20000000L, 0x00800000L, 0x20020080L, 0x20800080L, - 0x00800000L, 0x00020000L, 0x20820000L, 0x00000080L, - 0x00800000L, 0x00020000L, 0x20000080L, 0x20820080L, - 0x00020080L, 0x20000000L, 0x00000000L, 0x00820000L, - 0x20800080L, 0x20020080L, 0x20020000L, 0x00800080L, - 0x20820000L, 0x00000080L, 0x00800080L, 0x20020000L, - 0x20820080L, 0x00800000L, 0x20800000L, 0x20000080L, - 0x00820000L, 0x00020080L, 0x20020080L, 0x20800000L, - 0x00000080L, 0x20820000L, 0x00820080L, 0x00000000L, - 0x20000000L, 0x20800080L, 0x00020000L, 0x00820080L, - } -}; diff --git a/crypto/des/str2key.c b/crypto/des/str2key.c deleted file mode 100644 index f6687fe524f00c527eb97c5f0ed4e05acc30b34b..0000000000000000000000000000000000000000 --- a/crypto/des/str2key.c +++ /dev/null @@ -1,83 +0,0 @@ -/* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * DES low level APIs are deprecated for public use, but still ok for internal - * use. - */ -#include "internal/deprecated.h" - -#include -#include "des_local.h" - -void DES_string_to_key(const char *str, DES_cblock *key) -{ - DES_key_schedule ks; - int i, length; - - memset(key, 0, 8); - length = strlen(str); - for (i = 0; i < length; i++) { - register unsigned char j = str[i]; - - if ((i % 16) < 8) - (*key)[i % 8] ^= (j << 1); - else { - /* Reverse the bit order 05/05/92 eay */ - j = ((j << 4) & 0xf0) | ((j >> 4) & 0x0f); - j = ((j << 2) & 0xcc) | ((j >> 2) & 0x33); - j = ((j << 1) & 0xaa) | ((j >> 1) & 0x55); - (*key)[7 - (i % 8)] ^= j; - } - } - DES_set_odd_parity(key); - DES_set_key_unchecked(key, &ks); - DES_cbc_cksum((const unsigned char *)str, key, length, &ks, key); - OPENSSL_cleanse(&ks, sizeof(ks)); - DES_set_odd_parity(key); -} - -void DES_string_to_2keys(const char *str, DES_cblock *key1, DES_cblock *key2) -{ - DES_key_schedule ks; - int i, length; - - memset(key1, 0, 8); - memset(key2, 0, 8); - length = strlen(str); - for (i = 0; i < length; i++) { - register unsigned char j = str[i]; - - if ((i % 32) < 16) { - if ((i % 16) < 8) - (*key1)[i % 8] ^= (j << 1); - else - (*key2)[i % 8] ^= (j << 1); - } else { - j = ((j << 4) & 0xf0) | ((j >> 4) & 0x0f); - j = ((j << 2) & 0xcc) | ((j >> 2) & 0x33); - j = ((j << 1) & 0xaa) | ((j >> 1) & 0x55); - if ((i % 16) < 8) - (*key1)[7 - (i % 8)] ^= j; - else - (*key2)[7 - (i % 8)] ^= j; - } - } - if (length <= 8) - memcpy(key2, key1, 8); - DES_set_odd_parity(key1); - DES_set_odd_parity(key2); - DES_set_key_unchecked(key1, &ks); - DES_cbc_cksum((const unsigned char *)str, key1, length, &ks, key1); - DES_set_key_unchecked(key2, &ks); - DES_cbc_cksum((const unsigned char *)str, key2, length, &ks, key2); - OPENSSL_cleanse(&ks, sizeof(ks)); - DES_set_odd_parity(key1); - DES_set_odd_parity(key2); -} diff --git a/crypto/des/xcbc_enc.c b/crypto/des/xcbc_enc.c deleted file mode 100644 index 8ad1f1db6dc3dac85d684134797ea1cf1eec81cb..0000000000000000000000000000000000000000 --- a/crypto/des/xcbc_enc.c +++ /dev/null @@ -1,109 +0,0 @@ -/* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * DES low level APIs are deprecated for public use, but still ok for internal - * use. - */ -#include "internal/deprecated.h" - -#include "des_local.h" - -/* RSA's DESX */ - -void DES_xcbc_encrypt(const unsigned char *in, unsigned char *out, - long length, DES_key_schedule *schedule, - DES_cblock *ivec, const_DES_cblock *inw, - const_DES_cblock *outw, int enc) -{ - register DES_LONG tin0, tin1; - register DES_LONG tout0, tout1, xor0, xor1; - register DES_LONG inW0, inW1, outW0, outW1; - register const unsigned char *in2; - register long l = length; - DES_LONG tin[2]; - unsigned char *iv; - - in2 = &(*inw)[0]; - c2l(in2, inW0); - c2l(in2, inW1); - in2 = &(*outw)[0]; - c2l(in2, outW0); - c2l(in2, outW1); - - iv = &(*ivec)[0]; - - if (enc) { - c2l(iv, tout0); - c2l(iv, tout1); - for (l -= 8; l >= 0; l -= 8) { - c2l(in, tin0); - c2l(in, tin1); - tin0 ^= tout0 ^ inW0; - tin[0] = tin0; - tin1 ^= tout1 ^ inW1; - tin[1] = tin1; - DES_encrypt1(tin, schedule, DES_ENCRYPT); - tout0 = tin[0] ^ outW0; - l2c(tout0, out); - tout1 = tin[1] ^ outW1; - l2c(tout1, out); - } - if (l != -8) { - c2ln(in, tin0, tin1, l + 8); - tin0 ^= tout0 ^ inW0; - tin[0] = tin0; - tin1 ^= tout1 ^ inW1; - tin[1] = tin1; - DES_encrypt1(tin, schedule, DES_ENCRYPT); - tout0 = tin[0] ^ outW0; - l2c(tout0, out); - tout1 = tin[1] ^ outW1; - l2c(tout1, out); - } - iv = &(*ivec)[0]; - l2c(tout0, iv); - l2c(tout1, iv); - } else { - c2l(iv, xor0); - c2l(iv, xor1); - for (l -= 8; l > 0; l -= 8) { - c2l(in, tin0); - tin[0] = tin0 ^ outW0; - c2l(in, tin1); - tin[1] = tin1 ^ outW1; - DES_encrypt1(tin, schedule, DES_DECRYPT); - tout0 = tin[0] ^ xor0 ^ inW0; - tout1 = tin[1] ^ xor1 ^ inW1; - l2c(tout0, out); - l2c(tout1, out); - xor0 = tin0; - xor1 = tin1; - } - if (l != -8) { - c2l(in, tin0); - tin[0] = tin0 ^ outW0; - c2l(in, tin1); - tin[1] = tin1 ^ outW1; - DES_encrypt1(tin, schedule, DES_DECRYPT); - tout0 = tin[0] ^ xor0 ^ inW0; - tout1 = tin[1] ^ xor1 ^ inW1; - l2cn(tout0, tout1, out, l + 8); - xor0 = tin0; - xor1 = tin1; - } - - iv = &(*ivec)[0]; - l2c(xor0, iv); - l2c(xor1, iv); - } - tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0; - inW0 = inW1 = outW0 = outW1 = 0; - tin[0] = tin[1] = 0; -} diff --git a/crypto/dh/build.info b/crypto/dh/build.info deleted file mode 100644 index b413567271857b94b22250b8af841f44fba31cca..0000000000000000000000000000000000000000 --- a/crypto/dh/build.info +++ /dev/null @@ -1,13 +0,0 @@ -LIBS=../../libcrypto - -$COMMON=dh_lib.c dh_key.c dh_group_params.c dh_check.c dh_backend.c dh_gen.c \ - dh_kdf.c - -SOURCE[../../libcrypto]=$COMMON\ - dh_asn1.c dh_err.c \ - dh_ameth.c dh_pmeth.c dh_prn.c dh_rfc5114.c dh_meth.c -IF[{- !$disabled{'deprecated-0.9.8'} -}] - SOURCE[../../libcrypto]=dh_depr.c -ENDIF - -SOURCE[../../providers/libfips.a]=$COMMON diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c deleted file mode 100644 index 8430872a9ab6b257c91794f04ee841e2c2ddd6cc..0000000000000000000000000000000000000000 --- a/crypto/dh/dh_ameth.c +++ /dev/null @@ -1,648 +0,0 @@ -/* - * Copyright 2006-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * DH low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include -#include -#include -#include -#include -#include -#include "internal/ffc.h" -#include "internal/cryptlib.h" -#include "crypto/asn1.h" -#include "crypto/dh.h" -#include "crypto/evp.h" -#include "dh_local.h" - -/* - * i2d/d2i like DH parameter functions which use the appropriate routine for - * PKCS#3 DH or X9.42 DH. - */ - -static DH *d2i_dhp(const EVP_PKEY *pkey, const unsigned char **pp, - long length) -{ - DH *dh = NULL; - int is_dhx = (pkey->ameth == &ossl_dhx_asn1_meth); - - if (is_dhx) - dh = d2i_DHxparams(NULL, pp, length); - else - dh = d2i_DHparams(NULL, pp, length); - - return dh; -} - -static int i2d_dhp(const EVP_PKEY *pkey, const DH *a, unsigned char **pp) -{ - if (pkey->ameth == &ossl_dhx_asn1_meth) - return i2d_DHxparams(a, pp); - return i2d_DHparams(a, pp); -} - -static void int_dh_free(EVP_PKEY *pkey) -{ - DH_free(pkey->pkey.dh); -} - -static int dh_pub_decode(EVP_PKEY *pkey, const X509_PUBKEY *pubkey) -{ - const unsigned char *p, *pm; - int pklen, pmlen; - int ptype; - const void *pval; - const ASN1_STRING *pstr; - X509_ALGOR *palg; - ASN1_INTEGER *public_key = NULL; - - DH *dh = NULL; - - if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, &palg, pubkey)) - return 0; - X509_ALGOR_get0(NULL, &ptype, &pval, palg); - - if (ptype != V_ASN1_SEQUENCE) { - ERR_raise(ERR_LIB_DH, DH_R_PARAMETER_ENCODING_ERROR); - goto err; - } - - pstr = pval; - pm = pstr->data; - pmlen = pstr->length; - - if ((dh = d2i_dhp(pkey, &pm, pmlen)) == NULL) { - ERR_raise(ERR_LIB_DH, DH_R_DECODE_ERROR); - goto err; - } - - if ((public_key = d2i_ASN1_INTEGER(NULL, &p, pklen)) == NULL) { - ERR_raise(ERR_LIB_DH, DH_R_DECODE_ERROR); - goto err; - } - - /* We have parameters now set public key */ - if ((dh->pub_key = ASN1_INTEGER_to_BN(public_key, NULL)) == NULL) { - ERR_raise(ERR_LIB_DH, DH_R_BN_DECODE_ERROR); - goto err; - } - - ASN1_INTEGER_free(public_key); - EVP_PKEY_assign(pkey, pkey->ameth->pkey_id, dh); - return 1; - - err: - ASN1_INTEGER_free(public_key); - DH_free(dh); - return 0; -} - -static int dh_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) -{ - DH *dh; - int ptype; - unsigned char *penc = NULL; - int penclen; - ASN1_STRING *str; - ASN1_INTEGER *pub_key = NULL; - - dh = pkey->pkey.dh; - - str = ASN1_STRING_new(); - if (str == NULL) { - ERR_raise(ERR_LIB_DH, ERR_R_MALLOC_FAILURE); - goto err; - } - str->length = i2d_dhp(pkey, dh, &str->data); - if (str->length <= 0) { - ERR_raise(ERR_LIB_DH, ERR_R_MALLOC_FAILURE); - goto err; - } - ptype = V_ASN1_SEQUENCE; - - pub_key = BN_to_ASN1_INTEGER(dh->pub_key, NULL); - if (pub_key == NULL) - goto err; - - penclen = i2d_ASN1_INTEGER(pub_key, &penc); - - ASN1_INTEGER_free(pub_key); - - if (penclen <= 0) { - ERR_raise(ERR_LIB_DH, ERR_R_MALLOC_FAILURE); - goto err; - } - - if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(pkey->ameth->pkey_id), - ptype, str, penc, penclen)) - return 1; - - err: - OPENSSL_free(penc); - ASN1_STRING_free(str); - - return 0; -} - -/* - * PKCS#8 DH is defined in PKCS#11 of all places. It is similar to DH in that - * the AlgorithmIdentifier contains the parameters, the private key is - * explicitly included and the pubkey must be recalculated. - */ - -static int dh_priv_decode(EVP_PKEY *pkey, const PKCS8_PRIV_KEY_INFO *p8) -{ - int ret = 0; - DH *dh = ossl_dh_key_from_pkcs8(p8, NULL, NULL); - - if (dh != NULL) { - ret = 1; - EVP_PKEY_assign(pkey, pkey->ameth->pkey_id, dh); - } - - return ret; -} - -static int dh_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) -{ - ASN1_STRING *params = NULL; - ASN1_INTEGER *prkey = NULL; - unsigned char *dp = NULL; - int dplen; - - params = ASN1_STRING_new(); - - if (params == NULL) { - ERR_raise(ERR_LIB_DH, ERR_R_MALLOC_FAILURE); - goto err; - } - - params->length = i2d_dhp(pkey, pkey->pkey.dh, ¶ms->data); - if (params->length <= 0) { - ERR_raise(ERR_LIB_DH, ERR_R_MALLOC_FAILURE); - goto err; - } - params->type = V_ASN1_SEQUENCE; - - /* Get private key into integer */ - prkey = BN_to_ASN1_INTEGER(pkey->pkey.dh->priv_key, NULL); - - if (prkey == NULL) { - ERR_raise(ERR_LIB_DH, DH_R_BN_ERROR); - goto err; - } - - dplen = i2d_ASN1_INTEGER(prkey, &dp); - - ASN1_STRING_clear_free(prkey); - - if (dplen <= 0) { - ERR_raise(ERR_LIB_DH, DH_R_BN_ERROR); - goto err; - } - - if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(pkey->ameth->pkey_id), 0, - V_ASN1_SEQUENCE, params, dp, dplen)) { - OPENSSL_clear_free(dp, dplen); - goto err; - } - return 1; - - err: - ASN1_STRING_free(params); - return 0; -} - -static int dh_param_decode(EVP_PKEY *pkey, - const unsigned char **pder, int derlen) -{ - DH *dh; - - if ((dh = d2i_dhp(pkey, pder, derlen)) == NULL) - return 0; - dh->dirty_cnt++; - EVP_PKEY_assign(pkey, pkey->ameth->pkey_id, dh); - return 1; -} - -static int dh_param_encode(const EVP_PKEY *pkey, unsigned char **pder) -{ - return i2d_dhp(pkey, pkey->pkey.dh, pder); -} - -static int do_dh_print(BIO *bp, const DH *x, int indent, int ptype) -{ - int reason = ERR_R_BUF_LIB; - const char *ktype = NULL; - BIGNUM *priv_key, *pub_key; - - if (ptype == 2) - priv_key = x->priv_key; - else - priv_key = NULL; - - if (ptype > 0) - pub_key = x->pub_key; - else - pub_key = NULL; - - if (x->params.p == NULL || (ptype == 2 && priv_key == NULL) - || (ptype > 0 && pub_key == NULL)) { - reason = ERR_R_PASSED_NULL_PARAMETER; - goto err; - } - - if (ptype == 2) - ktype = "DH Private-Key"; - else if (ptype == 1) - ktype = "DH Public-Key"; - else - ktype = "DH Parameters"; - - if (!BIO_indent(bp, indent, 128) - || BIO_printf(bp, "%s: (%d bit)\n", ktype, DH_bits(x)) <= 0) - goto err; - indent += 4; - - if (!ASN1_bn_print(bp, "private-key:", priv_key, NULL, indent)) - goto err; - if (!ASN1_bn_print(bp, "public-key:", pub_key, NULL, indent)) - goto err; - - if (!ossl_ffc_params_print(bp, &x->params, indent)) - goto err; - - if (x->length != 0) { - if (!BIO_indent(bp, indent, 128) - || BIO_printf(bp, "recommended-private-length: %d bits\n", - (int)x->length) <= 0) - goto err; - } - - return 1; - - err: - ERR_raise(ERR_LIB_DH, reason); - return 0; -} - -static int int_dh_size(const EVP_PKEY *pkey) -{ - return DH_size(pkey->pkey.dh); -} - -static int dh_bits(const EVP_PKEY *pkey) -{ - return DH_bits(pkey->pkey.dh); -} - -static int dh_security_bits(const EVP_PKEY *pkey) -{ - return DH_security_bits(pkey->pkey.dh); -} - -static int dh_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b) -{ - return ossl_ffc_params_cmp(&a->pkey.dh->params, &b->pkey.dh->params, - a->ameth != &ossl_dhx_asn1_meth); -} - -static int int_dh_param_copy(DH *to, const DH *from, int is_x942) -{ - if (is_x942 == -1) - is_x942 = (from->params.q != NULL); - if (!ossl_ffc_params_copy(&to->params, &from->params)) - return 0; - if (!is_x942) - to->length = from->length; - to->dirty_cnt++; - return 1; -} - -DH *DHparams_dup(const DH *dh) -{ - DH *ret; - ret = DH_new(); - if (ret == NULL) - return NULL; - if (!int_dh_param_copy(ret, dh, -1)) { - DH_free(ret); - return NULL; - } - return ret; -} - -static int dh_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from) -{ - if (to->pkey.dh == NULL) { - to->pkey.dh = DH_new(); - if (to->pkey.dh == NULL) - return 0; - } - return int_dh_param_copy(to->pkey.dh, from->pkey.dh, - from->ameth == &ossl_dhx_asn1_meth); -} - -static int dh_missing_parameters(const EVP_PKEY *a) -{ - return a->pkey.dh == NULL - || a->pkey.dh->params.p == NULL - || a->pkey.dh->params.g == NULL; -} - -static int dh_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b) -{ - if (dh_cmp_parameters(a, b) == 0) - return 0; - if (BN_cmp(b->pkey.dh->pub_key, a->pkey.dh->pub_key) != 0) - return 0; - else - return 1; -} - -static int dh_param_print(BIO *bp, const EVP_PKEY *pkey, int indent, - ASN1_PCTX *ctx) -{ - return do_dh_print(bp, pkey->pkey.dh, indent, 0); -} - -static int dh_public_print(BIO *bp, const EVP_PKEY *pkey, int indent, - ASN1_PCTX *ctx) -{ - return do_dh_print(bp, pkey->pkey.dh, indent, 1); -} - -static int dh_private_print(BIO *bp, const EVP_PKEY *pkey, int indent, - ASN1_PCTX *ctx) -{ - return do_dh_print(bp, pkey->pkey.dh, indent, 2); -} - -int DHparams_print(BIO *bp, const DH *x) -{ - return do_dh_print(bp, x, 4, 0); -} - -static int dh_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2) -{ - DH *dh; - switch (op) { - case ASN1_PKEY_CTRL_SET1_TLS_ENCPT: - /* We should only be here if we have a legacy key */ - if (!ossl_assert(evp_pkey_is_legacy(pkey))) - return 0; - dh = (DH *) evp_pkey_get0_DH_int(pkey); - if (dh == NULL) - return 0; - return ossl_dh_buf2key(dh, arg2, arg1); - case ASN1_PKEY_CTRL_GET1_TLS_ENCPT: - dh = (DH *) EVP_PKEY_get0_DH(pkey); - if (dh == NULL) - return 0; - return ossl_dh_key2buf(dh, arg2, 0, 1); - default: - return -2; - } -} - -static int dhx_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2) -{ - switch (op) { - default: - return -2; - } - -} - -static int dh_pkey_public_check(const EVP_PKEY *pkey) -{ - DH *dh = pkey->pkey.dh; - - if (dh->pub_key == NULL) { - ERR_raise(ERR_LIB_DH, DH_R_MISSING_PUBKEY); - return 0; - } - - return DH_check_pub_key_ex(dh, dh->pub_key); -} - -static int dh_pkey_param_check(const EVP_PKEY *pkey) -{ - DH *dh = pkey->pkey.dh; - - return DH_check_ex(dh); -} - -static size_t dh_pkey_dirty_cnt(const EVP_PKEY *pkey) -{ - return pkey->pkey.dh->dirty_cnt; -} - -static int dh_pkey_export_to(const EVP_PKEY *from, void *to_keydata, - OSSL_FUNC_keymgmt_import_fn *importer, - OSSL_LIB_CTX *libctx, const char *propq) -{ - DH *dh = from->pkey.dh; - OSSL_PARAM_BLD *tmpl; - const BIGNUM *p = DH_get0_p(dh), *g = DH_get0_g(dh), *q = DH_get0_q(dh); - long l = DH_get_length(dh); - const BIGNUM *pub_key = DH_get0_pub_key(dh); - const BIGNUM *priv_key = DH_get0_priv_key(dh); - OSSL_PARAM *params = NULL; - int selection = 0; - int rv = 0; - - if (p == NULL || g == NULL) - return 0; - - tmpl = OSSL_PARAM_BLD_new(); - if (tmpl == NULL) - return 0; - if (!OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_FFC_P, p) - || !OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_FFC_G, g)) - goto err; - if (q != NULL) { - if (!OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_FFC_Q, q)) - goto err; - } - selection |= OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS; - if (l > 0) { - if (!OSSL_PARAM_BLD_push_long(tmpl, OSSL_PKEY_PARAM_DH_PRIV_LEN, l)) - goto err; - selection |= OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS; - } - if (pub_key != NULL) { - if (!OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_PUB_KEY, pub_key)) - goto err; - selection |= OSSL_KEYMGMT_SELECT_PUBLIC_KEY; - } - if (priv_key != NULL) { - if (!OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_PRIV_KEY, - priv_key)) - goto err; - selection |= OSSL_KEYMGMT_SELECT_PRIVATE_KEY; - } - - if ((params = OSSL_PARAM_BLD_to_param(tmpl)) == NULL) - goto err; - - /* We export, the provider imports */ - rv = importer(to_keydata, selection, params); - - OSSL_PARAM_free(params); -err: - OSSL_PARAM_BLD_free(tmpl); - return rv; -} - -static int dh_pkey_import_from_type(const OSSL_PARAM params[], void *vpctx, - int type) -{ - EVP_PKEY_CTX *pctx = vpctx; - EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(pctx); - DH *dh = ossl_dh_new_ex(pctx->libctx); - - if (dh == NULL) { - ERR_raise(ERR_LIB_DH, ERR_R_MALLOC_FAILURE); - return 0; - } - DH_clear_flags(dh, DH_FLAG_TYPE_MASK); - DH_set_flags(dh, type == EVP_PKEY_DH ? DH_FLAG_TYPE_DH : DH_FLAG_TYPE_DHX); - - if (!ossl_dh_params_fromdata(dh, params) - || !ossl_dh_key_fromdata(dh, params, 1) - || !EVP_PKEY_assign(pkey, type, dh)) { - DH_free(dh); - return 0; - } - return 1; -} - -static int dh_pkey_import_from(const OSSL_PARAM params[], void *vpctx) -{ - return dh_pkey_import_from_type(params, vpctx, EVP_PKEY_DH); -} - -static int dhx_pkey_import_from(const OSSL_PARAM params[], void *vpctx) -{ - return dh_pkey_import_from_type(params, vpctx, EVP_PKEY_DHX); -} - -static int dh_pkey_copy(EVP_PKEY *to, EVP_PKEY *from) -{ - DH *dh = from->pkey.dh; - DH *dupkey = NULL; - int ret; - - if (dh != NULL) { - dupkey = ossl_dh_dup(dh, OSSL_KEYMGMT_SELECT_ALL); - if (dupkey == NULL) - return 0; - } - - ret = EVP_PKEY_assign(to, from->type, dupkey); - if (!ret) - DH_free(dupkey); - return ret; -} - -const EVP_PKEY_ASN1_METHOD ossl_dh_asn1_meth = { - EVP_PKEY_DH, - EVP_PKEY_DH, - 0, - - "DH", - "OpenSSL PKCS#3 DH method", - - dh_pub_decode, - dh_pub_encode, - dh_pub_cmp, - dh_public_print, - - dh_priv_decode, - dh_priv_encode, - dh_private_print, - - int_dh_size, - dh_bits, - dh_security_bits, - - dh_param_decode, - dh_param_encode, - dh_missing_parameters, - dh_copy_parameters, - dh_cmp_parameters, - dh_param_print, - 0, - - int_dh_free, - dh_pkey_ctrl, - - 0, 0, 0, 0, 0, - - 0, - dh_pkey_public_check, - dh_pkey_param_check, - - 0, 0, 0, 0, - - dh_pkey_dirty_cnt, - dh_pkey_export_to, - dh_pkey_import_from, - dh_pkey_copy -}; - -const EVP_PKEY_ASN1_METHOD ossl_dhx_asn1_meth = { - EVP_PKEY_DHX, - EVP_PKEY_DHX, - 0, - - "X9.42 DH", - "OpenSSL X9.42 DH method", - - dh_pub_decode, - dh_pub_encode, - dh_pub_cmp, - dh_public_print, - - dh_priv_decode, - dh_priv_encode, - dh_private_print, - - int_dh_size, - dh_bits, - dh_security_bits, - - dh_param_decode, - dh_param_encode, - dh_missing_parameters, - dh_copy_parameters, - dh_cmp_parameters, - dh_param_print, - 0, - - int_dh_free, - dhx_pkey_ctrl, - - 0, 0, 0, 0, 0, - - 0, - dh_pkey_public_check, - dh_pkey_param_check, - 0, 0, 0, 0, - dh_pkey_dirty_cnt, - dh_pkey_export_to, - dhx_pkey_import_from, - dh_pkey_copy -}; diff --git a/crypto/dh/dh_asn1.c b/crypto/dh/dh_asn1.c deleted file mode 100644 index 5fa91a8ec7dcd048a6ffaf9a4c794a8e96766332..0000000000000000000000000000000000000000 --- a/crypto/dh/dh_asn1.c +++ /dev/null @@ -1,167 +0,0 @@ -/* - * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * DH low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include -#include "internal/cryptlib.h" -#include -#include "dh_local.h" -#include -#include -#include "crypto/dh.h" - -/* Override the default free and new methods */ -static int dh_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, - void *exarg) -{ - if (operation == ASN1_OP_NEW_PRE) { - *pval = (ASN1_VALUE *)DH_new(); - if (*pval != NULL) - return 2; - return 0; - } else if (operation == ASN1_OP_FREE_PRE) { - DH_free((DH *)*pval); - *pval = NULL; - return 2; - } else if (operation == ASN1_OP_D2I_POST) { - DH *dh = (DH *)*pval; - - DH_clear_flags(dh, DH_FLAG_TYPE_MASK); - DH_set_flags(dh, DH_FLAG_TYPE_DH); - ossl_dh_cache_named_group(dh); - dh->dirty_cnt++; - } - return 1; -} - -ASN1_SEQUENCE_cb(DHparams, dh_cb) = { - ASN1_SIMPLE(DH, params.p, BIGNUM), - ASN1_SIMPLE(DH, params.g, BIGNUM), - ASN1_OPT_EMBED(DH, length, ZINT32), -} ASN1_SEQUENCE_END_cb(DH, DHparams) - -IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(DH, DHparams, DHparams) - -/* - * Internal only structures for handling X9.42 DH: this gets translated to or - * from a DH structure straight away. - */ - -typedef struct { - ASN1_BIT_STRING *seed; - BIGNUM *counter; -} int_dhvparams; - -typedef struct { - BIGNUM *p; - BIGNUM *q; - BIGNUM *g; - BIGNUM *j; - int_dhvparams *vparams; -} int_dhx942_dh; - -ASN1_SEQUENCE(DHvparams) = { - ASN1_SIMPLE(int_dhvparams, seed, ASN1_BIT_STRING), - ASN1_SIMPLE(int_dhvparams, counter, BIGNUM) -} static_ASN1_SEQUENCE_END_name(int_dhvparams, DHvparams) - -ASN1_SEQUENCE(DHxparams) = { - ASN1_SIMPLE(int_dhx942_dh, p, BIGNUM), - ASN1_SIMPLE(int_dhx942_dh, g, BIGNUM), - ASN1_SIMPLE(int_dhx942_dh, q, BIGNUM), - ASN1_OPT(int_dhx942_dh, j, BIGNUM), - ASN1_OPT(int_dhx942_dh, vparams, DHvparams), -} static_ASN1_SEQUENCE_END_name(int_dhx942_dh, DHxparams) - -int_dhx942_dh *d2i_int_dhx(int_dhx942_dh **a, - const unsigned char **pp, long length); -int i2d_int_dhx(const int_dhx942_dh *a, unsigned char **pp); - -IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(int_dhx942_dh, DHxparams, int_dhx) - -DH *d2i_DHxparams(DH **a, const unsigned char **pp, long length) -{ - FFC_PARAMS *params; - int_dhx942_dh *dhx = NULL; - DH *dh = NULL; - - dh = DH_new(); - if (dh == NULL) - return NULL; - dhx = d2i_int_dhx(NULL, pp, length); - if (dhx == NULL) { - DH_free(dh); - return NULL; - } - - if (a != NULL) { - DH_free(*a); - *a = dh; - } - - params = &dh->params; - DH_set0_pqg(dh, dhx->p, dhx->q, dhx->g); - ossl_ffc_params_set0_j(params, dhx->j); - - if (dhx->vparams != NULL) { - /* The counter has a maximum value of 4 * numbits(p) - 1 */ - size_t counter = (size_t)BN_get_word(dhx->vparams->counter); - ossl_ffc_params_set_validate_params(params, dhx->vparams->seed->data, - dhx->vparams->seed->length, - counter); - ASN1_BIT_STRING_free(dhx->vparams->seed); - BN_free(dhx->vparams->counter); - OPENSSL_free(dhx->vparams); - dhx->vparams = NULL; - } - - OPENSSL_free(dhx); - DH_clear_flags(dh, DH_FLAG_TYPE_MASK); - DH_set_flags(dh, DH_FLAG_TYPE_DHX); - return dh; -} - -int i2d_DHxparams(const DH *dh, unsigned char **pp) -{ - int ret = 0; - int_dhx942_dh dhx; - int_dhvparams dhv = { NULL, NULL }; - ASN1_BIT_STRING seed; - size_t seedlen = 0; - const FFC_PARAMS *params = &dh->params; - int counter; - - ossl_ffc_params_get0_pqg(params, (const BIGNUM **)&dhx.p, - (const BIGNUM **)&dhx.q, (const BIGNUM **)&dhx.g); - dhx.j = params->j; - ossl_ffc_params_get_validate_params(params, &seed.data, &seedlen, &counter); - seed.length = (int)seedlen; - - if (counter != -1 && seed.data != NULL && seed.length > 0) { - seed.flags = ASN1_STRING_FLAG_BITS_LEFT; - dhv.seed = &seed; - dhv.counter = BN_new(); - if (dhv.counter == NULL) - return 0; - if (!BN_set_word(dhv.counter, (BN_ULONG)counter)) - goto err; - dhx.vparams = &dhv; - } else { - dhx.vparams = NULL; - } - ret = i2d_int_dhx(&dhx, pp); -err: - BN_free(dhv.counter); - return ret; -} diff --git a/crypto/dh/dh_backend.c b/crypto/dh/dh_backend.c deleted file mode 100644 index 726843fd30cd64d19dcb503b70b911baef82e961..0000000000000000000000000000000000000000 --- a/crypto/dh/dh_backend.c +++ /dev/null @@ -1,250 +0,0 @@ -/* - * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * DH low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include -#include -#ifndef FIPS_MODULE -# include -#endif -#include "internal/param_build_set.h" -#include "crypto/dh.h" -#include "dh_local.h" - -/* - * The intention with the "backend" source file is to offer backend functions - * for legacy backends (EVP_PKEY_ASN1_METHOD and EVP_PKEY_METHOD) and provider - * implementations alike. - */ - -static int dh_ffc_params_fromdata(DH *dh, const OSSL_PARAM params[]) -{ - int ret; - FFC_PARAMS *ffc; - - if (dh == NULL) - return 0; - ffc = ossl_dh_get0_params(dh); - if (ffc == NULL) - return 0; - - ret = ossl_ffc_params_fromdata(ffc, params); - if (ret) - ossl_dh_cache_named_group(dh); /* This increments dh->dirty_cnt */ - return ret; -} - -int ossl_dh_params_fromdata(DH *dh, const OSSL_PARAM params[]) -{ - const OSSL_PARAM *param_priv_len; - long priv_len; - - if (!dh_ffc_params_fromdata(dh, params)) - return 0; - - param_priv_len = - OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_DH_PRIV_LEN); - if (param_priv_len != NULL - && (!OSSL_PARAM_get_long(param_priv_len, &priv_len) - || !DH_set_length(dh, priv_len))) - return 0; - - return 1; -} - -int ossl_dh_key_fromdata(DH *dh, const OSSL_PARAM params[], int include_private) -{ - const OSSL_PARAM *param_priv_key, *param_pub_key; - BIGNUM *priv_key = NULL, *pub_key = NULL; - - if (dh == NULL) - return 0; - - param_priv_key = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PRIV_KEY); - param_pub_key = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PUB_KEY); - - if (include_private - && param_priv_key != NULL - && !OSSL_PARAM_get_BN(param_priv_key, &priv_key)) - goto err; - - if (param_pub_key != NULL - && !OSSL_PARAM_get_BN(param_pub_key, &pub_key)) - goto err; - - if (!DH_set0_key(dh, pub_key, priv_key)) - goto err; - - return 1; - - err: - BN_clear_free(priv_key); - BN_free(pub_key); - return 0; -} - -int ossl_dh_params_todata(DH *dh, OSSL_PARAM_BLD *bld, OSSL_PARAM params[]) -{ - long l = DH_get_length(dh); - - if (!ossl_ffc_params_todata(ossl_dh_get0_params(dh), bld, params)) - return 0; - if (l > 0 - && !ossl_param_build_set_long(bld, params, OSSL_PKEY_PARAM_DH_PRIV_LEN, l)) - return 0; - return 1; -} - -int ossl_dh_key_todata(DH *dh, OSSL_PARAM_BLD *bld, OSSL_PARAM params[], - int include_private) -{ - const BIGNUM *priv = NULL, *pub = NULL; - - if (dh == NULL) - return 0; - - DH_get0_key(dh, &pub, &priv); - if (priv != NULL - && include_private - && !ossl_param_build_set_bn(bld, params, OSSL_PKEY_PARAM_PRIV_KEY, priv)) - return 0; - if (pub != NULL - && !ossl_param_build_set_bn(bld, params, OSSL_PKEY_PARAM_PUB_KEY, pub)) - return 0; - - return 1; -} - -int ossl_dh_is_foreign(const DH *dh) -{ -#ifndef FIPS_MODULE - if (dh->engine != NULL || ossl_dh_get_method(dh) != DH_OpenSSL()) - return 1; -#endif - return 0; -} - -static ossl_inline int dh_bn_dup_check(BIGNUM **out, const BIGNUM *f) -{ - if (f != NULL && (*out = BN_dup(f)) == NULL) - return 0; - return 1; -} - -DH *ossl_dh_dup(const DH *dh, int selection) -{ - DH *dupkey = NULL; - - /* Do not try to duplicate foreign DH keys */ - if (ossl_dh_is_foreign(dh)) - return NULL; - - if ((dupkey = ossl_dh_new_ex(dh->libctx)) == NULL) - return NULL; - - dupkey->length = DH_get_length(dh); - if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0 - && !ossl_ffc_params_copy(&dupkey->params, &dh->params)) - goto err; - - dupkey->flags = dh->flags; - - if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0 - && ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) == 0 - || !dh_bn_dup_check(&dupkey->pub_key, dh->pub_key))) - goto err; - - if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0 - && ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) == 0 - || !dh_bn_dup_check(&dupkey->priv_key, dh->priv_key))) - goto err; - -#ifndef FIPS_MODULE - if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_DH, - &dupkey->ex_data, &dh->ex_data)) - goto err; -#endif - - return dupkey; - - err: - DH_free(dupkey); - return NULL; -} - -#ifndef FIPS_MODULE -DH *ossl_dh_key_from_pkcs8(const PKCS8_PRIV_KEY_INFO *p8inf, - OSSL_LIB_CTX *libctx, const char *propq) -{ - const unsigned char *p, *pm; - int pklen, pmlen; - int ptype; - const void *pval; - const ASN1_STRING *pstr; - const X509_ALGOR *palg; - BIGNUM *privkey_bn = NULL; - ASN1_INTEGER *privkey = NULL; - DH *dh = NULL; - - if (!PKCS8_pkey_get0(NULL, &p, &pklen, &palg, p8inf)) - return 0; - - X509_ALGOR_get0(NULL, &ptype, &pval, palg); - - if (ptype != V_ASN1_SEQUENCE) - goto decerr; - if ((privkey = d2i_ASN1_INTEGER(NULL, &p, pklen)) == NULL) - goto decerr; - - pstr = pval; - pm = pstr->data; - pmlen = pstr->length; - switch (OBJ_obj2nid(palg->algorithm)) { - case NID_dhKeyAgreement: - dh = d2i_DHparams(NULL, &pm, pmlen); - break; - case NID_dhpublicnumber: - dh = d2i_DHxparams(NULL, &pm, pmlen); - break; - default: - goto decerr; - } - if (dh == NULL) - goto decerr; - - /* We have parameters now set private key */ - if ((privkey_bn = BN_secure_new()) == NULL - || !ASN1_INTEGER_to_BN(privkey, privkey_bn)) { - ERR_raise(ERR_LIB_DH, DH_R_BN_ERROR); - BN_clear_free(privkey_bn); - goto dherr; - } - if (!DH_set0_key(dh, NULL, privkey_bn)) - goto dherr; - /* Calculate public key, increments dirty_cnt */ - if (!DH_generate_key(dh)) - goto dherr; - - goto done; - - decerr: - ERR_raise(ERR_LIB_DH, EVP_R_DECODE_ERROR); - dherr: - DH_free(dh); - dh = NULL; - done: - ASN1_STRING_clear_free(privkey); - return dh; -} -#endif diff --git a/crypto/dh/dh_depr.c b/crypto/dh/dh_depr.c deleted file mode 100644 index 5822d511d958acdec63842a33071ff9e134c0b93..0000000000000000000000000000000000000000 --- a/crypto/dh/dh_depr.c +++ /dev/null @@ -1,48 +0,0 @@ -/* - * Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* This file contains deprecated functions as wrappers to the new ones */ - -/* - * DH low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include - -#include -#include "internal/cryptlib.h" -#include -#include - -DH *DH_generate_parameters(int prime_len, int generator, - void (*callback) (int, int, void *), void *cb_arg) -{ - BN_GENCB *cb; - DH *ret = NULL; - - if ((ret = DH_new()) == NULL) - return NULL; - cb = BN_GENCB_new(); - if (cb == NULL) { - DH_free(ret); - return NULL; - } - - BN_GENCB_set_old(cb, callback, cb_arg); - - if (DH_generate_parameters_ex(ret, prime_len, generator, cb)) { - BN_GENCB_free(cb); - return ret; - } - BN_GENCB_free(cb); - DH_free(ret); - return NULL; -} diff --git a/crypto/dh/dh_err.c b/crypto/dh/dh_err.c deleted file mode 100644 index 4152397426cc939ca7214fc4db808835a7dcdb1c..0000000000000000000000000000000000000000 --- a/crypto/dh/dh_err.c +++ /dev/null @@ -1,75 +0,0 @@ -/* - * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include "crypto/dherr.h" - -#ifndef OPENSSL_NO_DH - -# ifndef OPENSSL_NO_ERR - -static const ERR_STRING_DATA DH_str_reasons[] = { - {ERR_PACK(ERR_LIB_DH, 0, DH_R_BAD_FFC_PARAMETERS), "bad ffc parameters"}, - {ERR_PACK(ERR_LIB_DH, 0, DH_R_BAD_GENERATOR), "bad generator"}, - {ERR_PACK(ERR_LIB_DH, 0, DH_R_BN_DECODE_ERROR), "bn decode error"}, - {ERR_PACK(ERR_LIB_DH, 0, DH_R_BN_ERROR), "bn error"}, - {ERR_PACK(ERR_LIB_DH, 0, DH_R_CHECK_INVALID_J_VALUE), - "check invalid j value"}, - {ERR_PACK(ERR_LIB_DH, 0, DH_R_CHECK_INVALID_Q_VALUE), - "check invalid q value"}, - {ERR_PACK(ERR_LIB_DH, 0, DH_R_CHECK_PUBKEY_INVALID), - "check pubkey invalid"}, - {ERR_PACK(ERR_LIB_DH, 0, DH_R_CHECK_PUBKEY_TOO_LARGE), - "check pubkey too large"}, - {ERR_PACK(ERR_LIB_DH, 0, DH_R_CHECK_PUBKEY_TOO_SMALL), - "check pubkey too small"}, - {ERR_PACK(ERR_LIB_DH, 0, DH_R_CHECK_P_NOT_PRIME), "check p not prime"}, - {ERR_PACK(ERR_LIB_DH, 0, DH_R_CHECK_P_NOT_SAFE_PRIME), - "check p not safe prime"}, - {ERR_PACK(ERR_LIB_DH, 0, DH_R_CHECK_Q_NOT_PRIME), "check q not prime"}, - {ERR_PACK(ERR_LIB_DH, 0, DH_R_DECODE_ERROR), "decode error"}, - {ERR_PACK(ERR_LIB_DH, 0, DH_R_INVALID_PARAMETER_NAME), - "invalid parameter name"}, - {ERR_PACK(ERR_LIB_DH, 0, DH_R_INVALID_PARAMETER_NID), - "invalid parameter nid"}, - {ERR_PACK(ERR_LIB_DH, 0, DH_R_INVALID_PUBKEY), "invalid public key"}, - {ERR_PACK(ERR_LIB_DH, 0, DH_R_INVALID_SECRET), "invalid secret"}, - {ERR_PACK(ERR_LIB_DH, 0, DH_R_KDF_PARAMETER_ERROR), "kdf parameter error"}, - {ERR_PACK(ERR_LIB_DH, 0, DH_R_KEYS_NOT_SET), "keys not set"}, - {ERR_PACK(ERR_LIB_DH, 0, DH_R_MISSING_PUBKEY), "missing pubkey"}, - {ERR_PACK(ERR_LIB_DH, 0, DH_R_MODULUS_TOO_LARGE), "modulus too large"}, - {ERR_PACK(ERR_LIB_DH, 0, DH_R_MODULUS_TOO_SMALL), "modulus too small"}, - {ERR_PACK(ERR_LIB_DH, 0, DH_R_NOT_SUITABLE_GENERATOR), - "not suitable generator"}, - {ERR_PACK(ERR_LIB_DH, 0, DH_R_NO_PARAMETERS_SET), "no parameters set"}, - {ERR_PACK(ERR_LIB_DH, 0, DH_R_NO_PRIVATE_VALUE), "no private value"}, - {ERR_PACK(ERR_LIB_DH, 0, DH_R_PARAMETER_ENCODING_ERROR), - "parameter encoding error"}, - {ERR_PACK(ERR_LIB_DH, 0, DH_R_PEER_KEY_ERROR), "peer key error"}, - {ERR_PACK(ERR_LIB_DH, 0, DH_R_SHARED_INFO_ERROR), "shared info error"}, - {ERR_PACK(ERR_LIB_DH, 0, DH_R_UNABLE_TO_CHECK_GENERATOR), - "unable to check generator"}, - {0, NULL} -}; - -# endif - -int ossl_err_load_DH_strings(void) -{ -# ifndef OPENSSL_NO_ERR - if (ERR_reason_error_string(DH_str_reasons[0].error) == NULL) - ERR_load_strings_const(DH_str_reasons); -# endif - return 1; -} -#else -NON_EMPTY_TRANSLATION_UNIT -#endif diff --git a/crypto/dh/dh_gen.c b/crypto/dh/dh_gen.c deleted file mode 100644 index 66d1f94bc005b652e5f306ce3eed46b3b203e423..0000000000000000000000000000000000000000 --- a/crypto/dh/dh_gen.c +++ /dev/null @@ -1,234 +0,0 @@ -/* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * NB: These functions have been upgraded - the previous prototypes are in - * dh_depr.c as wrappers to these ones. - Geoff - */ - -/* - * DH low level APIs are deprecated for public use, but still ok for - * internal use. - * - * NOTE: When generating keys for key-agreement schemes - FIPS 140-2 IG 9.9 - * states that no additional pairwise tests are required (apart from the tests - * specified in SP800-56A) when generating keys. Hence DH pairwise tests are - * omitted here. - */ -#include "internal/deprecated.h" - -#include -#include "internal/cryptlib.h" -#include -#include -#include "crypto/dh.h" -#include "dh_local.h" - -#ifndef FIPS_MODULE -static int dh_builtin_genparams(DH *ret, int prime_len, int generator, - BN_GENCB *cb); -#endif /* FIPS_MODULE */ - -int ossl_dh_generate_ffc_parameters(DH *dh, int type, int pbits, int qbits, - BN_GENCB *cb) -{ - int ret, res; - -#ifndef FIPS_MODULE - if (type == DH_PARAMGEN_TYPE_FIPS_186_2) - ret = ossl_ffc_params_FIPS186_2_generate(dh->libctx, &dh->params, - FFC_PARAM_TYPE_DH, - pbits, qbits, &res, cb); - else -#endif - ret = ossl_ffc_params_FIPS186_4_generate(dh->libctx, &dh->params, - FFC_PARAM_TYPE_DH, - pbits, qbits, &res, cb); - if (ret > 0) - dh->dirty_cnt++; - return ret; -} - -int ossl_dh_get_named_group_uid_from_size(int pbits) -{ - /* - * Just choose an approved safe prime group. - * The alternative to this is to generate FIPS186-4 domain parameters i.e. - * return dh_generate_ffc_parameters(ret, prime_len, 0, NULL, cb); - * As the FIPS186-4 generated params are for backwards compatibility, - * the safe prime group should be used as the default. - */ - int nid; - - switch (pbits) { - case 2048: - nid = NID_ffdhe2048; - break; - case 3072: - nid = NID_ffdhe3072; - break; - case 4096: - nid = NID_ffdhe4096; - break; - case 6144: - nid = NID_ffdhe6144; - break; - case 8192: - nid = NID_ffdhe8192; - break; - /* unsupported prime_len */ - default: - return NID_undef; - } - return nid; -} - -#ifdef FIPS_MODULE - -static int dh_gen_named_group(OSSL_LIB_CTX *libctx, DH *ret, int prime_len) -{ - DH *dh; - int ok = 0; - int nid = ossl_dh_get_named_group_uid_from_size(prime_len); - - if (nid == NID_undef) - return 0; - - dh = ossl_dh_new_by_nid_ex(libctx, nid); - if (dh != NULL - && ossl_ffc_params_copy(&ret->params, &dh->params)) { - ok = 1; - ret->dirty_cnt++; - } - DH_free(dh); - return ok; -} -#endif /* FIPS_MODULE */ - -int DH_generate_parameters_ex(DH *ret, int prime_len, int generator, - BN_GENCB *cb) -{ -#ifdef FIPS_MODULE - if (generator != 2) - return 0; - return dh_gen_named_group(ret->libctx, ret, prime_len); -#else - if (ret->meth->generate_params) - return ret->meth->generate_params(ret, prime_len, generator, cb); - return dh_builtin_genparams(ret, prime_len, generator, cb); -#endif /* FIPS_MODULE */ -} - -#ifndef FIPS_MODULE -/*- - * We generate DH parameters as follows - * find a prime p which is prime_len bits long, - * where q=(p-1)/2 is also prime. - * In the following we assume that g is not 0, 1 or p-1, since it - * would generate only trivial subgroups. - * For this case, g is a generator of the order-q subgroup if - * g^q mod p == 1. - * Or in terms of the Legendre symbol: (g/p) == 1. - * - * Having said all that, - * there is another special case method for the generators 2, 3 and 5. - * Using the quadratic reciprocity law it is possible to solve - * (g/p) == 1 for the special values 2, 3, 5: - * (2/p) == 1 if p mod 8 == 1 or 7. - * (3/p) == 1 if p mod 12 == 1 or 11. - * (5/p) == 1 if p mod 5 == 1 or 4. - * See for instance: https://en.wikipedia.org/wiki/Legendre_symbol - * - * Since all safe primes > 7 must satisfy p mod 12 == 11 - * and all safe primes > 11 must satisfy p mod 5 != 1 - * we can further improve the condition for g = 2, 3 and 5: - * for 2, p mod 24 == 23 - * for 3, p mod 12 == 11 - * for 5, p mod 60 == 59 - */ -static int dh_builtin_genparams(DH *ret, int prime_len, int generator, - BN_GENCB *cb) -{ - BIGNUM *t1, *t2; - int g, ok = -1; - BN_CTX *ctx = NULL; - - if (prime_len > OPENSSL_DH_MAX_MODULUS_BITS) { - ERR_raise(ERR_LIB_DH, DH_R_MODULUS_TOO_LARGE); - return 0; - } - - if (prime_len < DH_MIN_MODULUS_BITS) { - ERR_raise(ERR_LIB_DH, DH_R_MODULUS_TOO_SMALL); - return 0; - } - - ctx = BN_CTX_new(); - if (ctx == NULL) - goto err; - BN_CTX_start(ctx); - t1 = BN_CTX_get(ctx); - t2 = BN_CTX_get(ctx); - if (t2 == NULL) - goto err; - - /* Make sure 'ret' has the necessary elements */ - if (ret->params.p == NULL && ((ret->params.p = BN_new()) == NULL)) - goto err; - if (ret->params.g == NULL && ((ret->params.g = BN_new()) == NULL)) - goto err; - - if (generator <= 1) { - ERR_raise(ERR_LIB_DH, DH_R_BAD_GENERATOR); - goto err; - } - if (generator == DH_GENERATOR_2) { - if (!BN_set_word(t1, 24)) - goto err; - if (!BN_set_word(t2, 23)) - goto err; - g = 2; - } else if (generator == DH_GENERATOR_5) { - if (!BN_set_word(t1, 60)) - goto err; - if (!BN_set_word(t2, 59)) - goto err; - g = 5; - } else { - /* - * in the general case, don't worry if 'generator' is a generator or - * not: since we are using safe primes, it will generate either an - * order-q or an order-2q group, which both is OK - */ - if (!BN_set_word(t1, 12)) - goto err; - if (!BN_set_word(t2, 11)) - goto err; - g = generator; - } - - if (!BN_generate_prime_ex(ret->params.p, prime_len, 1, t1, t2, cb)) - goto err; - if (!BN_GENCB_call(cb, 3, 0)) - goto err; - if (!BN_set_word(ret->params.g, g)) - goto err; - ret->dirty_cnt++; - ok = 1; - err: - if (ok == -1) { - ERR_raise(ERR_LIB_DH, ERR_R_BN_LIB); - ok = 0; - } - - BN_CTX_end(ctx); - BN_CTX_free(ctx); - return ok; -} -#endif /* FIPS_MODULE */ diff --git a/crypto/dh/dh_group_params.c b/crypto/dh/dh_group_params.c deleted file mode 100644 index 460bd8f009894dc3cde7d17a13d4895470a42ad5..0000000000000000000000000000000000000000 --- a/crypto/dh/dh_group_params.c +++ /dev/null @@ -1,99 +0,0 @@ -/* - * Copyright 2017-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* DH parameters from RFC7919 and RFC3526 */ - -/* - * DH low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include -#include "internal/cryptlib.h" -#include "internal/ffc.h" -#include "dh_local.h" -#include -#include -#include "internal/nelem.h" -#include "crypto/dh.h" - -static DH *dh_param_init(OSSL_LIB_CTX *libctx, const DH_NAMED_GROUP *group) -{ - DH *dh = ossl_dh_new_ex(libctx); - - if (dh == NULL) - return NULL; - - ossl_ffc_named_group_set(&dh->params, group); - dh->params.nid = ossl_ffc_named_group_get_uid(group); - dh->dirty_cnt++; - return dh; -} - -DH *ossl_dh_new_by_nid_ex(OSSL_LIB_CTX *libctx, int nid) -{ - const DH_NAMED_GROUP *group; - - if ((group = ossl_ffc_uid_to_dh_named_group(nid)) != NULL) - return dh_param_init(libctx, group); - - ERR_raise(ERR_LIB_DH, DH_R_INVALID_PARAMETER_NID); - return NULL; -} - -DH *DH_new_by_nid(int nid) -{ - return ossl_dh_new_by_nid_ex(NULL, nid); -} - -void ossl_dh_cache_named_group(DH *dh) -{ - const DH_NAMED_GROUP *group; - - if (dh == NULL) - return; - - dh->params.nid = NID_undef; /* flush cached value */ - - /* Exit if p or g is not set */ - if (dh->params.p == NULL - || dh->params.g == NULL) - return; - - if ((group = ossl_ffc_numbers_to_dh_named_group(dh->params.p, - dh->params.q, - dh->params.g)) != NULL) { - if (dh->params.q == NULL) - dh->params.q = (BIGNUM *)ossl_ffc_named_group_get_q(group); - /* cache the nid and default key length */ - dh->params.nid = ossl_ffc_named_group_get_uid(group); - dh->params.keylength = ossl_ffc_named_group_get_keylength(group); - dh->dirty_cnt++; - } -} - -int ossl_dh_is_named_safe_prime_group(const DH *dh) -{ - int id = DH_get_nid(dh); - - /* - * Exclude RFC5114 groups (id = 1..3) since they do not have - * q = (p - 1) / 2 - */ - return (id > 3); -} - -int DH_get_nid(const DH *dh) -{ - if (dh == NULL) - return NID_undef; - - return dh->params.nid; -} diff --git a/crypto/dh/dh_kdf.c b/crypto/dh/dh_kdf.c deleted file mode 100644 index 6e99466e60b30661cf4ec107f4fe8c269f340ad4..0000000000000000000000000000000000000000 --- a/crypto/dh/dh_kdf.c +++ /dev/null @@ -1,81 +0,0 @@ -/* - * Copyright 2013-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * DH low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include "e_os.h" -#include "e_os.h" -#include -#include -#include -#include -#include -#include -#include "internal/provider.h" -#include "crypto/dh.h" - -/* Key derivation function from X9.63/SECG */ -int ossl_dh_kdf_X9_42_asn1(unsigned char *out, size_t outlen, - const unsigned char *Z, size_t Zlen, - const char *cek_alg, - const unsigned char *ukm, size_t ukmlen, - const EVP_MD *md, - OSSL_LIB_CTX *libctx, const char *propq) -{ - int ret = 0; - EVP_KDF_CTX *kctx = NULL; - EVP_KDF *kdf = NULL; - OSSL_PARAM params[5], *p = params; - const char *mdname = EVP_MD_get0_name(md); - - kdf = EVP_KDF_fetch(libctx, OSSL_KDF_NAME_X942KDF_ASN1, propq); - if (kdf == NULL) - return 0; - kctx = EVP_KDF_CTX_new(kdf); - if (kctx == NULL) - goto err; - - *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, - (char *)mdname, 0); - *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, - (unsigned char *)Z, Zlen); - if (ukm != NULL) - *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_UKM, - (unsigned char *)ukm, ukmlen); - *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_CEK_ALG, - (char *)cek_alg, 0); - *p = OSSL_PARAM_construct_end(); - ret = EVP_KDF_derive(kctx, out, outlen, params) > 0; -err: - EVP_KDF_CTX_free(kctx); - EVP_KDF_free(kdf); - return ret; -} - -#if !defined(FIPS_MODULE) -int DH_KDF_X9_42(unsigned char *out, size_t outlen, - const unsigned char *Z, size_t Zlen, - ASN1_OBJECT *key_oid, - const unsigned char *ukm, size_t ukmlen, const EVP_MD *md) -{ - char key_alg[OSSL_MAX_NAME_SIZE]; - const OSSL_PROVIDER *prov = EVP_MD_get0_provider(md); - OSSL_LIB_CTX *libctx = ossl_provider_libctx(prov); - - if (OBJ_obj2txt(key_alg, sizeof(key_alg), key_oid, 0) <= 0) - return 0; - - return ossl_dh_kdf_X9_42_asn1(out, outlen, Z, Zlen, key_alg, - ukm, ukmlen, md, libctx, NULL); -} -#endif /* !defined(FIPS_MODULE) */ diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c deleted file mode 100644 index 4e9705beef733be699a249432217baefcc846ff1..0000000000000000000000000000000000000000 --- a/crypto/dh/dh_key.c +++ /dev/null @@ -1,442 +0,0 @@ -/* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * DH low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include -#include "internal/cryptlib.h" -#include "dh_local.h" -#include "crypto/bn.h" -#include "crypto/dh.h" -#include "crypto/security_bits.h" - -#ifdef FIPS_MODULE -# define MIN_STRENGTH 112 -#else -# define MIN_STRENGTH 80 -#endif - -static int generate_key(DH *dh); -static int dh_bn_mod_exp(const DH *dh, BIGNUM *r, - const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); -static int dh_init(DH *dh); -static int dh_finish(DH *dh); - -/* - * See SP800-56Ar3 Section 5.7.1.1 - * Finite Field Cryptography Diffie-Hellman (FFC DH) Primitive - */ -int ossl_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) -{ - BN_CTX *ctx = NULL; - BN_MONT_CTX *mont = NULL; - BIGNUM *z = NULL, *pminus1; - int ret = -1; - - if (BN_num_bits(dh->params.p) > OPENSSL_DH_MAX_MODULUS_BITS) { - ERR_raise(ERR_LIB_DH, DH_R_MODULUS_TOO_LARGE); - goto err; - } - - if (BN_num_bits(dh->params.p) < DH_MIN_MODULUS_BITS) { - ERR_raise(ERR_LIB_DH, DH_R_MODULUS_TOO_SMALL); - return 0; - } - - ctx = BN_CTX_new_ex(dh->libctx); - if (ctx == NULL) - goto err; - BN_CTX_start(ctx); - pminus1 = BN_CTX_get(ctx); - z = BN_CTX_get(ctx); - if (z == NULL) - goto err; - - if (dh->priv_key == NULL) { - ERR_raise(ERR_LIB_DH, DH_R_NO_PRIVATE_VALUE); - goto err; - } - - if (dh->flags & DH_FLAG_CACHE_MONT_P) { - mont = BN_MONT_CTX_set_locked(&dh->method_mont_p, - dh->lock, dh->params.p, ctx); - BN_set_flags(dh->priv_key, BN_FLG_CONSTTIME); - if (!mont) - goto err; - } - - /* (Step 1) Z = pub_key^priv_key mod p */ - if (!dh->meth->bn_mod_exp(dh, z, pub_key, dh->priv_key, dh->params.p, ctx, - mont)) { - ERR_raise(ERR_LIB_DH, ERR_R_BN_LIB); - goto err; - } - - /* (Step 2) Error if z <= 1 or z = p - 1 */ - if (BN_copy(pminus1, dh->params.p) == NULL - || !BN_sub_word(pminus1, 1) - || BN_cmp(z, BN_value_one()) <= 0 - || BN_cmp(z, pminus1) == 0) { - ERR_raise(ERR_LIB_DH, DH_R_INVALID_SECRET); - goto err; - } - - /* return the padded key, i.e. same number of bytes as the modulus */ - ret = BN_bn2binpad(z, key, BN_num_bytes(dh->params.p)); - err: - BN_clear(z); /* (Step 2) destroy intermediate values */ - BN_CTX_end(ctx); - BN_CTX_free(ctx); - return ret; -} - -/*- - * NB: This function is inherently not constant time due to the - * RFC 5246 (8.1.2) padding style that strips leading zero bytes. - */ -int DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) -{ - int ret = 0, i; - volatile size_t npad = 0, mask = 1; - - /* compute the key; ret is constant unless compute_key is external */ -#ifdef FIPS_MODULE - ret = ossl_dh_compute_key(key, pub_key, dh); -#else - ret = dh->meth->compute_key(key, pub_key, dh); -#endif - if (ret <= 0) - return ret; - - /* count leading zero bytes, yet still touch all bytes */ - for (i = 0; i < ret; i++) { - mask &= !key[i]; - npad += mask; - } - - /* unpad key */ - ret -= npad; - /* key-dependent memory access, potentially leaking npad / ret */ - memmove(key, key + npad, ret); - /* key-dependent memory access, potentially leaking npad / ret */ - memset(key + ret, 0, npad); - - return ret; -} - -int DH_compute_key_padded(unsigned char *key, const BIGNUM *pub_key, DH *dh) -{ - int rv, pad; - - /* rv is constant unless compute_key is external */ -#ifdef FIPS_MODULE - rv = ossl_dh_compute_key(key, pub_key, dh); -#else - rv = dh->meth->compute_key(key, pub_key, dh); -#endif - if (rv <= 0) - return rv; - pad = BN_num_bytes(dh->params.p) - rv; - /* pad is constant (zero) unless compute_key is external */ - if (pad > 0) { - memmove(key + pad, key, rv); - memset(key, 0, pad); - } - return rv + pad; -} - -static DH_METHOD dh_ossl = { - "OpenSSL DH Method", - generate_key, - ossl_dh_compute_key, - dh_bn_mod_exp, - dh_init, - dh_finish, - DH_FLAG_FIPS_METHOD, - NULL, - NULL -}; - -static const DH_METHOD *default_DH_method = &dh_ossl; - -const DH_METHOD *DH_OpenSSL(void) -{ - return &dh_ossl; -} - -const DH_METHOD *DH_get_default_method(void) -{ - return default_DH_method; -} - -static int dh_bn_mod_exp(const DH *dh, BIGNUM *r, - const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx) -{ - return BN_mod_exp_mont(r, a, p, m, ctx, m_ctx); -} - -static int dh_init(DH *dh) -{ - dh->flags |= DH_FLAG_CACHE_MONT_P; - ossl_ffc_params_init(&dh->params); - dh->dirty_cnt++; - return 1; -} - -static int dh_finish(DH *dh) -{ - BN_MONT_CTX_free(dh->method_mont_p); - return 1; -} - -#ifndef FIPS_MODULE -void DH_set_default_method(const DH_METHOD *meth) -{ - default_DH_method = meth; -} -#endif /* FIPS_MODULE */ - -int DH_generate_key(DH *dh) -{ -#ifdef FIPS_MODULE - return generate_key(dh); -#else - return dh->meth->generate_key(dh); -#endif -} - -int ossl_dh_generate_public_key(BN_CTX *ctx, const DH *dh, - const BIGNUM *priv_key, BIGNUM *pub_key) -{ - int ret = 0; - BIGNUM *prk = BN_new(); - BN_MONT_CTX *mont = NULL; - - if (prk == NULL) - return 0; - - if (dh->flags & DH_FLAG_CACHE_MONT_P) { - /* - * We take the input DH as const, but we lie, because in some cases we - * want to get a hold of its Montgomery context. - * - * We cast to remove the const qualifier in this case, it should be - * fine... - */ - BN_MONT_CTX **pmont = (BN_MONT_CTX **)&dh->method_mont_p; - - mont = BN_MONT_CTX_set_locked(pmont, dh->lock, dh->params.p, ctx); - if (mont == NULL) - goto err; - } - BN_with_flags(prk, priv_key, BN_FLG_CONSTTIME); - - /* pub_key = g^priv_key mod p */ - if (!dh->meth->bn_mod_exp(dh, pub_key, dh->params.g, prk, dh->params.p, - ctx, mont)) - goto err; - ret = 1; -err: - BN_clear_free(prk); - return ret; -} - -static int generate_key(DH *dh) -{ - int ok = 0; - int generate_new_key = 0; -#ifndef FIPS_MODULE - unsigned l; -#endif - BN_CTX *ctx = NULL; - BIGNUM *pub_key = NULL, *priv_key = NULL; - - if (BN_num_bits(dh->params.p) > OPENSSL_DH_MAX_MODULUS_BITS) { - ERR_raise(ERR_LIB_DH, DH_R_MODULUS_TOO_LARGE); - return 0; - } - - if (BN_num_bits(dh->params.p) < DH_MIN_MODULUS_BITS) { - ERR_raise(ERR_LIB_DH, DH_R_MODULUS_TOO_SMALL); - return 0; - } - - ctx = BN_CTX_new_ex(dh->libctx); - if (ctx == NULL) - goto err; - - if (dh->priv_key == NULL) { - priv_key = BN_secure_new(); - if (priv_key == NULL) - goto err; - generate_new_key = 1; - } else { - priv_key = dh->priv_key; - } - - if (dh->pub_key == NULL) { - pub_key = BN_new(); - if (pub_key == NULL) - goto err; - } else { - pub_key = dh->pub_key; - } - if (generate_new_key) { - /* Is it an approved safe prime ?*/ - if (DH_get_nid(dh) != NID_undef) { - int max_strength = - ossl_ifc_ffc_compute_security_bits(BN_num_bits(dh->params.p)); - - if (dh->params.q == NULL - || dh->length > BN_num_bits(dh->params.q)) - goto err; - /* dh->length = maximum bit length of generated private key */ - if (!ossl_ffc_generate_private_key(ctx, &dh->params, dh->length, - max_strength, priv_key)) - goto err; - } else { -#ifdef FIPS_MODULE - if (dh->params.q == NULL) - goto err; -#else - if (dh->params.q == NULL) { - /* secret exponent length, must satisfy 2^(l-1) <= p */ - if (dh->length != 0 - && dh->length >= BN_num_bits(dh->params.p)) - goto err; - l = dh->length ? dh->length : BN_num_bits(dh->params.p) - 1; - if (!BN_priv_rand_ex(priv_key, l, BN_RAND_TOP_ONE, - BN_RAND_BOTTOM_ANY, 0, ctx)) - goto err; - /* - * We handle just one known case where g is a quadratic non-residue: - * for g = 2: p % 8 == 3 - */ - if (BN_is_word(dh->params.g, DH_GENERATOR_2) - && !BN_is_bit_set(dh->params.p, 2)) { - /* clear bit 0, since it won't be a secret anyway */ - if (!BN_clear_bit(priv_key, 0)) - goto err; - } - } else -#endif - { - /* Do a partial check for invalid p, q, g */ - if (!ossl_ffc_params_simple_validate(dh->libctx, &dh->params, - FFC_PARAM_TYPE_DH, NULL)) - goto err; - /* - * For FFC FIPS 186-4 keygen - * security strength s = 112, - * Max Private key size N = len(q) - */ - if (!ossl_ffc_generate_private_key(ctx, &dh->params, - BN_num_bits(dh->params.q), - MIN_STRENGTH, - priv_key)) - goto err; - } - } - } - - if (!ossl_dh_generate_public_key(ctx, dh, priv_key, pub_key)) - goto err; - - dh->pub_key = pub_key; - dh->priv_key = priv_key; - dh->dirty_cnt++; - ok = 1; - err: - if (ok != 1) - ERR_raise(ERR_LIB_DH, ERR_R_BN_LIB); - - if (pub_key != dh->pub_key) - BN_free(pub_key); - if (priv_key != dh->priv_key) - BN_free(priv_key); - BN_CTX_free(ctx); - return ok; -} - -int ossl_dh_buf2key(DH *dh, const unsigned char *buf, size_t len) -{ - int err_reason = DH_R_BN_ERROR; - BIGNUM *pubkey = NULL; - const BIGNUM *p; - int ret; - - if ((pubkey = BN_bin2bn(buf, len, NULL)) == NULL) - goto err; - DH_get0_pqg(dh, &p, NULL, NULL); - if (p == NULL || BN_num_bytes(p) == 0) { - err_reason = DH_R_NO_PARAMETERS_SET; - goto err; - } - /* Prevent small subgroup attacks per RFC 8446 Section 4.2.8.1 */ - if (!ossl_dh_check_pub_key_partial(dh, pubkey, &ret)) { - err_reason = DH_R_INVALID_PUBKEY; - goto err; - } - if (DH_set0_key(dh, pubkey, NULL) != 1) - goto err; - return 1; -err: - ERR_raise(ERR_LIB_DH, err_reason); - BN_free(pubkey); - return 0; -} - -size_t ossl_dh_key2buf(const DH *dh, unsigned char **pbuf_out, size_t size, - int alloc) -{ - const BIGNUM *pubkey; - unsigned char *pbuf = NULL; - const BIGNUM *p; - int p_size; - - DH_get0_pqg(dh, &p, NULL, NULL); - DH_get0_key(dh, &pubkey, NULL); - if (p == NULL || pubkey == NULL - || (p_size = BN_num_bytes(p)) == 0 - || BN_num_bytes(pubkey) == 0) { - ERR_raise(ERR_LIB_DH, DH_R_INVALID_PUBKEY); - return 0; - } - if (pbuf_out != NULL && (alloc || *pbuf_out != NULL)) { - if (!alloc) { - if (size >= (size_t)p_size) - pbuf = *pbuf_out; - } else { - pbuf = OPENSSL_malloc(p_size); - } - - if (pbuf == NULL) { - ERR_raise(ERR_LIB_DH, ERR_R_MALLOC_FAILURE); - return 0; - } - /* - * As per Section 4.2.8.1 of RFC 8446 left pad public - * key with zeros to the size of p - */ - if (BN_bn2binpad(pubkey, pbuf, p_size) < 0) { - if (alloc) - OPENSSL_free(pbuf); - ERR_raise(ERR_LIB_DH, DH_R_BN_ERROR); - return 0; - } - *pbuf_out = pbuf; - } - return p_size; -} diff --git a/crypto/dh/dh_lib.c b/crypto/dh/dh_lib.c deleted file mode 100644 index 29cda5d7bfa845272f45aaa71d55321e28146ea6..0000000000000000000000000000000000000000 --- a/crypto/dh/dh_lib.c +++ /dev/null @@ -1,330 +0,0 @@ -/* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * DH low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include -#include -#ifndef FIPS_MODULE -# include -#endif -#include -#include -#include "internal/cryptlib.h" -#include "internal/refcount.h" -#include "crypto/evp.h" -#include "crypto/dh.h" -#include "dh_local.h" - -static DH *dh_new_intern(ENGINE *engine, OSSL_LIB_CTX *libctx); - -#ifndef FIPS_MODULE -int DH_set_method(DH *dh, const DH_METHOD *meth) -{ - /* - * NB: The caller is specifically setting a method, so it's not up to us - * to deal with which ENGINE it comes from. - */ - const DH_METHOD *mtmp; - mtmp = dh->meth; - if (mtmp->finish) - mtmp->finish(dh); -#ifndef OPENSSL_NO_ENGINE - ENGINE_finish(dh->engine); - dh->engine = NULL; -#endif - dh->meth = meth; - if (meth->init) - meth->init(dh); - return 1; -} - -const DH_METHOD *ossl_dh_get_method(const DH *dh) -{ - return dh->meth; -} -# ifndef OPENSSL_NO_DEPRECATED_3_0 -DH *DH_new(void) -{ - return dh_new_intern(NULL, NULL); -} -# endif - -DH *DH_new_method(ENGINE *engine) -{ - return dh_new_intern(engine, NULL); -} -#endif /* !FIPS_MODULE */ - -DH *ossl_dh_new_ex(OSSL_LIB_CTX *libctx) -{ - return dh_new_intern(NULL, libctx); -} - -static DH *dh_new_intern(ENGINE *engine, OSSL_LIB_CTX *libctx) -{ - DH *ret = OPENSSL_zalloc(sizeof(*ret)); - - if (ret == NULL) { - ERR_raise(ERR_LIB_DH, ERR_R_MALLOC_FAILURE); - return NULL; - } - - ret->references = 1; - ret->lock = CRYPTO_THREAD_lock_new(); - if (ret->lock == NULL) { - ERR_raise(ERR_LIB_DH, ERR_R_MALLOC_FAILURE); - OPENSSL_free(ret); - return NULL; - } - - ret->libctx = libctx; - ret->meth = DH_get_default_method(); -#if !defined(FIPS_MODULE) && !defined(OPENSSL_NO_ENGINE) - ret->flags = ret->meth->flags; /* early default init */ - if (engine) { - if (!ENGINE_init(engine)) { - ERR_raise(ERR_LIB_DH, ERR_R_ENGINE_LIB); - goto err; - } - ret->engine = engine; - } else - ret->engine = ENGINE_get_default_DH(); - if (ret->engine) { - ret->meth = ENGINE_get_DH(ret->engine); - if (ret->meth == NULL) { - ERR_raise(ERR_LIB_DH, ERR_R_ENGINE_LIB); - goto err; - } - } -#endif - - ret->flags = ret->meth->flags; - -#ifndef FIPS_MODULE - if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data)) - goto err; -#endif /* FIPS_MODULE */ - - if ((ret->meth->init != NULL) && !ret->meth->init(ret)) { - ERR_raise(ERR_LIB_DH, ERR_R_INIT_FAIL); - goto err; - } - - return ret; - - err: - DH_free(ret); - return NULL; -} - -void DH_free(DH *r) -{ - int i; - - if (r == NULL) - return; - - CRYPTO_DOWN_REF(&r->references, &i, r->lock); - REF_PRINT_COUNT("DH", r); - if (i > 0) - return; - REF_ASSERT_ISNT(i < 0); - - if (r->meth != NULL && r->meth->finish != NULL) - r->meth->finish(r); -#if !defined(FIPS_MODULE) -# if !defined(OPENSSL_NO_ENGINE) - ENGINE_finish(r->engine); -# endif - CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DH, r, &r->ex_data); -#endif - - CRYPTO_THREAD_lock_free(r->lock); - - ossl_ffc_params_cleanup(&r->params); - BN_clear_free(r->pub_key); - BN_clear_free(r->priv_key); - OPENSSL_free(r); -} - -int DH_up_ref(DH *r) -{ - int i; - - if (CRYPTO_UP_REF(&r->references, &i, r->lock) <= 0) - return 0; - - REF_PRINT_COUNT("DH", r); - REF_ASSERT_ISNT(i < 2); - return ((i > 1) ? 1 : 0); -} - -void ossl_dh_set0_libctx(DH *d, OSSL_LIB_CTX *libctx) -{ - d->libctx = libctx; -} - -#ifndef FIPS_MODULE -int DH_set_ex_data(DH *d, int idx, void *arg) -{ - return CRYPTO_set_ex_data(&d->ex_data, idx, arg); -} - -void *DH_get_ex_data(const DH *d, int idx) -{ - return CRYPTO_get_ex_data(&d->ex_data, idx); -} -#endif - -int DH_bits(const DH *dh) -{ - if (dh->params.p != NULL) - return BN_num_bits(dh->params.p); - return -1; -} - -int DH_size(const DH *dh) -{ - if (dh->params.p != NULL) - return BN_num_bytes(dh->params.p); - return -1; -} - -int DH_security_bits(const DH *dh) -{ - int N; - - if (dh->params.q != NULL) - N = BN_num_bits(dh->params.q); - else if (dh->length) - N = dh->length; - else - N = -1; - if (dh->params.p != NULL) - return BN_security_bits(BN_num_bits(dh->params.p), N); - return -1; -} - -void DH_get0_pqg(const DH *dh, - const BIGNUM **p, const BIGNUM **q, const BIGNUM **g) -{ - ossl_ffc_params_get0_pqg(&dh->params, p, q, g); -} - -int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g) -{ - /* - * If the fields p and g in dh are NULL, the corresponding input - * parameters MUST be non-NULL. q may remain NULL. - */ - if ((dh->params.p == NULL && p == NULL) - || (dh->params.g == NULL && g == NULL)) - return 0; - - ossl_ffc_params_set0_pqg(&dh->params, p, q, g); - ossl_dh_cache_named_group(dh); - dh->dirty_cnt++; - return 1; -} - -long DH_get_length(const DH *dh) -{ - return dh->length; -} - -int DH_set_length(DH *dh, long length) -{ - dh->length = length; - dh->dirty_cnt++; - return 1; -} - -void DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key) -{ - if (pub_key != NULL) - *pub_key = dh->pub_key; - if (priv_key != NULL) - *priv_key = dh->priv_key; -} - -int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key) -{ - if (pub_key != NULL) { - BN_clear_free(dh->pub_key); - dh->pub_key = pub_key; - } - if (priv_key != NULL) { - BN_clear_free(dh->priv_key); - dh->priv_key = priv_key; - } - - dh->dirty_cnt++; - return 1; -} - -const BIGNUM *DH_get0_p(const DH *dh) -{ - return dh->params.p; -} - -const BIGNUM *DH_get0_q(const DH *dh) -{ - return dh->params.q; -} - -const BIGNUM *DH_get0_g(const DH *dh) -{ - return dh->params.g; -} - -const BIGNUM *DH_get0_priv_key(const DH *dh) -{ - return dh->priv_key; -} - -const BIGNUM *DH_get0_pub_key(const DH *dh) -{ - return dh->pub_key; -} - -void DH_clear_flags(DH *dh, int flags) -{ - dh->flags &= ~flags; -} - -int DH_test_flags(const DH *dh, int flags) -{ - return dh->flags & flags; -} - -void DH_set_flags(DH *dh, int flags) -{ - dh->flags |= flags; -} - -#ifndef FIPS_MODULE -ENGINE *DH_get0_engine(DH *dh) -{ - return dh->engine; -} -#endif /*FIPS_MODULE */ - -FFC_PARAMS *ossl_dh_get0_params(DH *dh) -{ - return &dh->params; -} -int ossl_dh_get0_nid(const DH *dh) -{ - return dh->params.nid; -} diff --git a/crypto/dh/dh_local.h b/crypto/dh/dh_local.h deleted file mode 100644 index 1ff075e3dc1df55fb2e3f36564897ea4fc187b08..0000000000000000000000000000000000000000 --- a/crypto/dh/dh_local.h +++ /dev/null @@ -1,60 +0,0 @@ -/* - * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/refcount.h" -#include "internal/ffc.h" - -#define DH_MIN_MODULUS_BITS 512 - -struct dh_st { - /* - * This first argument is used to pick up errors when a DH is passed - * instead of a EVP_PKEY - */ - int pad; - int version; - FFC_PARAMS params; - /* max generated private key length (can be less than len(q)) */ - int32_t length; - BIGNUM *pub_key; /* g^x % p */ - BIGNUM *priv_key; /* x */ - int flags; - BN_MONT_CTX *method_mont_p; - CRYPTO_REF_COUNT references; -#ifndef FIPS_MODULE - CRYPTO_EX_DATA ex_data; - ENGINE *engine; -#endif - OSSL_LIB_CTX *libctx; - const DH_METHOD *meth; - CRYPTO_RWLOCK *lock; - - /* Provider data */ - size_t dirty_cnt; /* If any key material changes, increment this */ -}; - -struct dh_method { - char *name; - /* Methods here */ - int (*generate_key) (DH *dh); - int (*compute_key) (unsigned char *key, const BIGNUM *pub_key, DH *dh); - - /* Can be null */ - int (*bn_mod_exp) (const DH *dh, BIGNUM *r, const BIGNUM *a, - const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, - BN_MONT_CTX *m_ctx); - int (*init) (DH *dh); - int (*finish) (DH *dh); - int flags; - char *app_data; - /* If this is non-NULL, it will be used to generate parameters */ - int (*generate_params) (DH *dh, int prime_len, int generator, - BN_GENCB *cb); -}; diff --git a/crypto/dh/dh_meth.c b/crypto/dh/dh_meth.c deleted file mode 100644 index 5c15cd2b8cc2459ccdf39ae75300b3fc526dc97c..0000000000000000000000000000000000000000 --- a/crypto/dh/dh_meth.c +++ /dev/null @@ -1,179 +0,0 @@ -/* - * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * DH low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include "dh_local.h" -#include -#include - -DH_METHOD *DH_meth_new(const char *name, int flags) -{ - DH_METHOD *dhm = OPENSSL_zalloc(sizeof(*dhm)); - - if (dhm != NULL) { - dhm->flags = flags; - - dhm->name = OPENSSL_strdup(name); - if (dhm->name != NULL) - return dhm; - - OPENSSL_free(dhm); - } - - ERR_raise(ERR_LIB_DH, ERR_R_MALLOC_FAILURE); - return NULL; -} - -void DH_meth_free(DH_METHOD *dhm) -{ - if (dhm != NULL) { - OPENSSL_free(dhm->name); - OPENSSL_free(dhm); - } -} - -DH_METHOD *DH_meth_dup(const DH_METHOD *dhm) -{ - DH_METHOD *ret = OPENSSL_malloc(sizeof(*ret)); - - if (ret != NULL) { - memcpy(ret, dhm, sizeof(*dhm)); - - ret->name = OPENSSL_strdup(dhm->name); - if (ret->name != NULL) - return ret; - - OPENSSL_free(ret); - } - - ERR_raise(ERR_LIB_DH, ERR_R_MALLOC_FAILURE); - return NULL; -} - -const char *DH_meth_get0_name(const DH_METHOD *dhm) -{ - return dhm->name; -} - -int DH_meth_set1_name(DH_METHOD *dhm, const char *name) -{ - char *tmpname = OPENSSL_strdup(name); - - if (tmpname == NULL) { - ERR_raise(ERR_LIB_DH, ERR_R_MALLOC_FAILURE); - return 0; - } - - OPENSSL_free(dhm->name); - dhm->name = tmpname; - - return 1; -} - -int DH_meth_get_flags(const DH_METHOD *dhm) -{ - return dhm->flags; -} - -int DH_meth_set_flags(DH_METHOD *dhm, int flags) -{ - dhm->flags = flags; - return 1; -} - -void *DH_meth_get0_app_data(const DH_METHOD *dhm) -{ - return dhm->app_data; -} - -int DH_meth_set0_app_data(DH_METHOD *dhm, void *app_data) -{ - dhm->app_data = app_data; - return 1; -} - -int (*DH_meth_get_generate_key(const DH_METHOD *dhm)) (DH *) -{ - return dhm->generate_key; -} - -int DH_meth_set_generate_key(DH_METHOD *dhm, int (*generate_key) (DH *)) -{ - dhm->generate_key = generate_key; - return 1; -} - -int (*DH_meth_get_compute_key(const DH_METHOD *dhm)) - (unsigned char *key, const BIGNUM *pub_key, DH *dh) -{ - return dhm->compute_key; -} - -int DH_meth_set_compute_key(DH_METHOD *dhm, - int (*compute_key) (unsigned char *key, const BIGNUM *pub_key, DH *dh)) -{ - dhm->compute_key = compute_key; - return 1; -} - - -int (*DH_meth_get_bn_mod_exp(const DH_METHOD *dhm)) - (const DH *, BIGNUM *, const BIGNUM *, const BIGNUM *, const BIGNUM *, - BN_CTX *, BN_MONT_CTX *) -{ - return dhm->bn_mod_exp; -} - -int DH_meth_set_bn_mod_exp(DH_METHOD *dhm, - int (*bn_mod_exp) (const DH *, BIGNUM *, const BIGNUM *, const BIGNUM *, - const BIGNUM *, BN_CTX *, BN_MONT_CTX *)) -{ - dhm->bn_mod_exp = bn_mod_exp; - return 1; -} - -int (*DH_meth_get_init(const DH_METHOD *dhm))(DH *) -{ - return dhm->init; -} - -int DH_meth_set_init(DH_METHOD *dhm, int (*init)(DH *)) -{ - dhm->init = init; - return 1; -} - -int (*DH_meth_get_finish(const DH_METHOD *dhm)) (DH *) -{ - return dhm->finish; -} - -int DH_meth_set_finish(DH_METHOD *dhm, int (*finish) (DH *)) -{ - dhm->finish = finish; - return 1; -} - -int (*DH_meth_get_generate_params(const DH_METHOD *dhm)) - (DH *, int, int, BN_GENCB *) -{ - return dhm->generate_params; -} - -int DH_meth_set_generate_params(DH_METHOD *dhm, - int (*generate_params) (DH *, int, int, BN_GENCB *)) -{ - dhm->generate_params = generate_params; - return 1; -} diff --git a/crypto/dh/dh_pmeth.c b/crypto/dh/dh_pmeth.c deleted file mode 100644 index f201eede0df4f376ea6672487c34618617ebc324..0000000000000000000000000000000000000000 --- a/crypto/dh/dh_pmeth.c +++ /dev/null @@ -1,542 +0,0 @@ -/* - * Copyright 2006-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * DH & DSA low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include -#include "internal/cryptlib.h" -#include -#include -#include -#include "dh_local.h" -#include -#include -#include -#include "crypto/evp.h" - -/* DH pkey context structure */ - -typedef struct { - /* Parameter gen parameters */ - int prime_len; - int generator; - int paramgen_type; - int subprime_len; - int pad; - /* message digest used for parameter generation */ - const EVP_MD *md; - int param_nid; - /* Keygen callback info */ - int gentmp[2]; - /* KDF (if any) to use for DH */ - char kdf_type; - /* OID to use for KDF */ - ASN1_OBJECT *kdf_oid; - /* Message digest to use for key derivation */ - const EVP_MD *kdf_md; - /* User key material */ - unsigned char *kdf_ukm; - size_t kdf_ukmlen; - /* KDF output length */ - size_t kdf_outlen; -} DH_PKEY_CTX; - -static int pkey_dh_init(EVP_PKEY_CTX *ctx) -{ - DH_PKEY_CTX *dctx; - - if ((dctx = OPENSSL_zalloc(sizeof(*dctx))) == NULL) { - ERR_raise(ERR_LIB_DH, ERR_R_MALLOC_FAILURE); - return 0; - } - dctx->prime_len = 2048; - dctx->subprime_len = -1; - dctx->generator = 2; - dctx->kdf_type = EVP_PKEY_DH_KDF_NONE; - - ctx->data = dctx; - ctx->keygen_info = dctx->gentmp; - ctx->keygen_info_count = 2; - - return 1; -} - -static void pkey_dh_cleanup(EVP_PKEY_CTX *ctx) -{ - DH_PKEY_CTX *dctx = ctx->data; - - if (dctx != NULL) { - OPENSSL_free(dctx->kdf_ukm); - ASN1_OBJECT_free(dctx->kdf_oid); - OPENSSL_free(dctx); - } -} - - -static int pkey_dh_copy(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src) -{ - DH_PKEY_CTX *dctx, *sctx; - - if (!pkey_dh_init(dst)) - return 0; - sctx = src->data; - dctx = dst->data; - dctx->prime_len = sctx->prime_len; - dctx->subprime_len = sctx->subprime_len; - dctx->generator = sctx->generator; - dctx->paramgen_type = sctx->paramgen_type; - dctx->pad = sctx->pad; - dctx->md = sctx->md; - dctx->param_nid = sctx->param_nid; - - dctx->kdf_type = sctx->kdf_type; - dctx->kdf_oid = OBJ_dup(sctx->kdf_oid); - if (dctx->kdf_oid == NULL) - return 0; - dctx->kdf_md = sctx->kdf_md; - if (sctx->kdf_ukm != NULL) { - dctx->kdf_ukm = OPENSSL_memdup(sctx->kdf_ukm, sctx->kdf_ukmlen); - if (dctx->kdf_ukm == NULL) - return 0; - dctx->kdf_ukmlen = sctx->kdf_ukmlen; - } - dctx->kdf_outlen = sctx->kdf_outlen; - return 1; -} - -static int pkey_dh_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) -{ - DH_PKEY_CTX *dctx = ctx->data; - switch (type) { - case EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN: - if (p1 < 256) - return -2; - dctx->prime_len = p1; - return 1; - - case EVP_PKEY_CTRL_DH_PARAMGEN_SUBPRIME_LEN: - if (dctx->paramgen_type == DH_PARAMGEN_TYPE_GENERATOR) - return -2; - dctx->subprime_len = p1; - return 1; - - case EVP_PKEY_CTRL_DH_PAD: - dctx->pad = p1; - return 1; - - case EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR: - if (dctx->paramgen_type != DH_PARAMGEN_TYPE_GENERATOR) - return -2; - dctx->generator = p1; - return 1; - - case EVP_PKEY_CTRL_DH_PARAMGEN_TYPE: -#ifdef OPENSSL_NO_DSA - if (p1 != DH_PARAMGEN_TYPE_GENERATOR) - return -2; -#else - if (p1 < 0 || p1 > 2) - return -2; -#endif - dctx->paramgen_type = p1; - return 1; - - case EVP_PKEY_CTRL_DH_RFC5114: - if (p1 < 1 || p1 > 3 || dctx->param_nid != NID_undef) - return -2; - dctx->param_nid = p1; - return 1; - - case EVP_PKEY_CTRL_DH_NID: - if (p1 <= 0 || dctx->param_nid != NID_undef) - return -2; - dctx->param_nid = p1; - return 1; - - case EVP_PKEY_CTRL_PEER_KEY: - /* Default behaviour is OK */ - return 1; - - case EVP_PKEY_CTRL_DH_KDF_TYPE: - if (p1 == -2) - return dctx->kdf_type; - if (p1 != EVP_PKEY_DH_KDF_NONE && p1 != EVP_PKEY_DH_KDF_X9_42) - return -2; - dctx->kdf_type = p1; - return 1; - - case EVP_PKEY_CTRL_DH_KDF_MD: - dctx->kdf_md = p2; - return 1; - - case EVP_PKEY_CTRL_GET_DH_KDF_MD: - *(const EVP_MD **)p2 = dctx->kdf_md; - return 1; - - case EVP_PKEY_CTRL_DH_KDF_OUTLEN: - if (p1 <= 0) - return -2; - dctx->kdf_outlen = (size_t)p1; - return 1; - - case EVP_PKEY_CTRL_GET_DH_KDF_OUTLEN: - *(int *)p2 = dctx->kdf_outlen; - return 1; - - case EVP_PKEY_CTRL_DH_KDF_UKM: - OPENSSL_free(dctx->kdf_ukm); - dctx->kdf_ukm = p2; - if (p2) - dctx->kdf_ukmlen = p1; - else - dctx->kdf_ukmlen = 0; - return 1; - - case EVP_PKEY_CTRL_GET_DH_KDF_UKM: - *(unsigned char **)p2 = dctx->kdf_ukm; - return dctx->kdf_ukmlen; - - case EVP_PKEY_CTRL_DH_KDF_OID: - ASN1_OBJECT_free(dctx->kdf_oid); - dctx->kdf_oid = p2; - return 1; - - case EVP_PKEY_CTRL_GET_DH_KDF_OID: - *(ASN1_OBJECT **)p2 = dctx->kdf_oid; - return 1; - - default: - return -2; - - } -} - -static int pkey_dh_ctrl_str(EVP_PKEY_CTX *ctx, - const char *type, const char *value) -{ - if (strcmp(type, "dh_paramgen_prime_len") == 0) { - int len; - len = atoi(value); - return EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, len); - } - if (strcmp(type, "dh_rfc5114") == 0) { - DH_PKEY_CTX *dctx = ctx->data; - int id; - - id = atoi(value); - if (id < 0 || id > 3) - return -2; - dctx->param_nid = id; - return 1; - } - if (strcmp(type, "dh_param") == 0) { - DH_PKEY_CTX *dctx = ctx->data; - int nid = OBJ_sn2nid(value); - - if (nid == NID_undef) { - ERR_raise(ERR_LIB_DH, DH_R_INVALID_PARAMETER_NAME); - return -2; - } - dctx->param_nid = nid; - return 1; - } - if (strcmp(type, "dh_paramgen_generator") == 0) { - int len; - len = atoi(value); - return EVP_PKEY_CTX_set_dh_paramgen_generator(ctx, len); - } - if (strcmp(type, "dh_paramgen_subprime_len") == 0) { - int len; - len = atoi(value); - return EVP_PKEY_CTX_set_dh_paramgen_subprime_len(ctx, len); - } - if (strcmp(type, "dh_paramgen_type") == 0) { - int typ; - typ = atoi(value); - return EVP_PKEY_CTX_set_dh_paramgen_type(ctx, typ); - } - if (strcmp(type, "dh_pad") == 0) { - int pad; - pad = atoi(value); - return EVP_PKEY_CTX_set_dh_pad(ctx, pad); - } - return -2; -} - -static DH *ffc_params_generate(OSSL_LIB_CTX *libctx, DH_PKEY_CTX *dctx, - BN_GENCB *pcb) -{ - DH *ret; - int rv = 0; - int res; - int prime_len = dctx->prime_len; - int subprime_len = dctx->subprime_len; - - if (dctx->paramgen_type > DH_PARAMGEN_TYPE_FIPS_186_4) - return NULL; - ret = DH_new(); - if (ret == NULL) - return NULL; - - if (subprime_len == -1) { - if (prime_len >= 2048) - subprime_len = 256; - else - subprime_len = 160; - } - - if (dctx->md != NULL) - ossl_ffc_set_digest(&ret->params, EVP_MD_get0_name(dctx->md), NULL); - -# ifndef FIPS_MODULE - if (dctx->paramgen_type == DH_PARAMGEN_TYPE_FIPS_186_2) - rv = ossl_ffc_params_FIPS186_2_generate(libctx, &ret->params, - FFC_PARAM_TYPE_DH, - prime_len, subprime_len, &res, - pcb); - else -# endif - /* For FIPS we always use the DH_PARAMGEN_TYPE_FIPS_186_4 generator */ - if (dctx->paramgen_type >= DH_PARAMGEN_TYPE_FIPS_186_2) - rv = ossl_ffc_params_FIPS186_4_generate(libctx, &ret->params, - FFC_PARAM_TYPE_DH, - prime_len, subprime_len, &res, - pcb); - if (rv <= 0) { - DH_free(ret); - return NULL; - } - return ret; -} - -static int pkey_dh_paramgen(EVP_PKEY_CTX *ctx, - EVP_PKEY *pkey) -{ - DH *dh = NULL; - DH_PKEY_CTX *dctx = ctx->data; - BN_GENCB *pcb = NULL; - int ret; - - /* - * Look for a safe prime group for key establishment. Which uses - * either RFC_3526 (modp_XXXX) or RFC_7919 (ffdheXXXX). - * RFC_5114 is also handled here for param_nid = (1..3) - */ - if (dctx->param_nid != NID_undef) { - int type = dctx->param_nid <= 3 ? EVP_PKEY_DHX : EVP_PKEY_DH; - - if ((dh = DH_new_by_nid(dctx->param_nid)) == NULL) - return 0; - EVP_PKEY_assign(pkey, type, dh); - return 1; - } - - if (ctx->pkey_gencb != NULL) { - pcb = BN_GENCB_new(); - if (pcb == NULL) - return 0; - evp_pkey_set_cb_translate(pcb, ctx); - } -# ifdef FIPS_MODULE - dctx->paramgen_type = DH_PARAMGEN_TYPE_FIPS_186_4; -# endif /* FIPS_MODULE */ - if (dctx->paramgen_type >= DH_PARAMGEN_TYPE_FIPS_186_2) { - dh = ffc_params_generate(NULL, dctx, pcb); - BN_GENCB_free(pcb); - if (dh == NULL) - return 0; - EVP_PKEY_assign(pkey, EVP_PKEY_DHX, dh); - return 1; - } - dh = DH_new(); - if (dh == NULL) { - BN_GENCB_free(pcb); - return 0; - } - ret = DH_generate_parameters_ex(dh, - dctx->prime_len, dctx->generator, pcb); - BN_GENCB_free(pcb); - if (ret) - EVP_PKEY_assign_DH(pkey, dh); - else - DH_free(dh); - return ret; -} - -static int pkey_dh_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) -{ - DH_PKEY_CTX *dctx = ctx->data; - DH *dh = NULL; - - if (ctx->pkey == NULL && dctx->param_nid == NID_undef) { - ERR_raise(ERR_LIB_DH, DH_R_NO_PARAMETERS_SET); - return 0; - } - if (dctx->param_nid != NID_undef) - dh = DH_new_by_nid(dctx->param_nid); - else - dh = DH_new(); - if (dh == NULL) - return 0; - EVP_PKEY_assign(pkey, ctx->pmeth->pkey_id, dh); - /* Note: if error return, pkey is freed by parent routine */ - if (ctx->pkey != NULL && !EVP_PKEY_copy_parameters(pkey, ctx->pkey)) - return 0; - return DH_generate_key((DH *)EVP_PKEY_get0_DH(pkey)); -} - -static int pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned char *key, - size_t *keylen) -{ - int ret; - DH *dh; - const DH *dhpub; - DH_PKEY_CTX *dctx = ctx->data; - BIGNUM *dhpubbn; - - if (ctx->pkey == NULL || ctx->peerkey == NULL) { - ERR_raise(ERR_LIB_DH, DH_R_KEYS_NOT_SET); - return 0; - } - dh = (DH *)EVP_PKEY_get0_DH(ctx->pkey); - dhpub = EVP_PKEY_get0_DH(ctx->peerkey); - if (dhpub == NULL) { - ERR_raise(ERR_LIB_DH, DH_R_KEYS_NOT_SET); - return 0; - } - dhpubbn = dhpub->pub_key; - if (dctx->kdf_type == EVP_PKEY_DH_KDF_NONE) { - if (key == NULL) { - *keylen = DH_size(dh); - return 1; - } - if (dctx->pad) - ret = DH_compute_key_padded(key, dhpubbn, dh); - else - ret = DH_compute_key(key, dhpubbn, dh); - if (ret < 0) - return ret; - *keylen = ret; - return 1; - } - else if (dctx->kdf_type == EVP_PKEY_DH_KDF_X9_42) { - - unsigned char *Z = NULL; - int Zlen = 0; - - if (!dctx->kdf_outlen || !dctx->kdf_oid) - return 0; - if (key == NULL) { - *keylen = dctx->kdf_outlen; - return 1; - } - if (*keylen != dctx->kdf_outlen) - return 0; - ret = 0; - if ((Zlen = DH_size(dh)) <= 0) - return 0; - if ((Z = OPENSSL_malloc(Zlen)) == NULL) { - ERR_raise(ERR_LIB_DH, ERR_R_MALLOC_FAILURE); - return 0; - } - if (DH_compute_key_padded(Z, dhpubbn, dh) <= 0) - goto err; - if (!DH_KDF_X9_42(key, *keylen, Z, Zlen, dctx->kdf_oid, - dctx->kdf_ukm, dctx->kdf_ukmlen, dctx->kdf_md)) - goto err; - *keylen = dctx->kdf_outlen; - ret = 1; - err: - OPENSSL_clear_free(Z, Zlen); - return ret; - } - return 0; -} - -static const EVP_PKEY_METHOD dh_pkey_meth = { - EVP_PKEY_DH, - 0, - pkey_dh_init, - pkey_dh_copy, - pkey_dh_cleanup, - - 0, - pkey_dh_paramgen, - - 0, - pkey_dh_keygen, - - 0, - 0, - - 0, - 0, - - 0, 0, - - 0, 0, 0, 0, - - 0, 0, - - 0, 0, - - 0, - pkey_dh_derive, - - pkey_dh_ctrl, - pkey_dh_ctrl_str -}; - -const EVP_PKEY_METHOD *ossl_dh_pkey_method(void) -{ - return &dh_pkey_meth; -} - -static const EVP_PKEY_METHOD dhx_pkey_meth = { - EVP_PKEY_DHX, - 0, - pkey_dh_init, - pkey_dh_copy, - pkey_dh_cleanup, - - 0, - pkey_dh_paramgen, - - 0, - pkey_dh_keygen, - - 0, - 0, - - 0, - 0, - - 0, 0, - - 0, 0, 0, 0, - - 0, 0, - - 0, 0, - - 0, - pkey_dh_derive, - - pkey_dh_ctrl, - pkey_dh_ctrl_str -}; - -const EVP_PKEY_METHOD *ossl_dhx_pkey_method(void) -{ - return &dhx_pkey_meth; -} diff --git a/crypto/dh/dh_prn.c b/crypto/dh/dh_prn.c deleted file mode 100644 index 5d31254dcbc619637f3e8c36140956eabff919c1..0000000000000000000000000000000000000000 --- a/crypto/dh/dh_prn.c +++ /dev/null @@ -1,36 +0,0 @@ -/* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * DH low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include -#include "internal/cryptlib.h" -#include -#include - -#ifndef OPENSSL_NO_STDIO -int DHparams_print_fp(FILE *fp, const DH *x) -{ - BIO *b; - int ret; - - if ((b = BIO_new(BIO_s_file())) == NULL) { - ERR_raise(ERR_LIB_DH, ERR_R_BUF_LIB); - return 0; - } - BIO_set_fp(b, fp, BIO_NOCLOSE); - ret = DHparams_print(b, x); - BIO_free(b); - return ret; -} -#endif diff --git a/crypto/dh/dh_rfc5114.c b/crypto/dh/dh_rfc5114.c deleted file mode 100644 index 7b1e0610bd71118a64cd8398f17dbb8d9f481c50..0000000000000000000000000000000000000000 --- a/crypto/dh/dh_rfc5114.c +++ /dev/null @@ -1,47 +0,0 @@ -/* - * Copyright 2011-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * DH low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include -#include "internal/cryptlib.h" -#include "dh_local.h" -#include -#include "crypto/bn_dh.h" - -/* - * Macro to make a DH structure from BIGNUM data. NB: although just copying - * the BIGNUM static pointers would be more efficient, we can't do that - * because they get wiped using BN_clear_free() when DH_free() is called. - */ - -#define make_dh(x) \ -DH *DH_get_##x(void) \ -{ \ - DH *dh = DH_new(); \ -\ - if (dh == NULL) \ - return NULL; \ - dh->params.p = BN_dup(&ossl_bignum_dh##x##_p); \ - dh->params.g = BN_dup(&ossl_bignum_dh##x##_g); \ - dh->params.q = BN_dup(&ossl_bignum_dh##x##_q); \ - if (dh->params.p == NULL || dh->params.q == NULL || dh->params.g == NULL) {\ - DH_free(dh); \ - return NULL; \ - } \ - return dh; \ -} - -make_dh(1024_160) -make_dh(2048_224) -make_dh(2048_256) diff --git a/crypto/dllmain.c b/crypto/dllmain.c deleted file mode 100644 index 48c0cd31227a4107aab0cdd0d2b3763a1a59630f..0000000000000000000000000000000000000000 --- a/crypto/dllmain.c +++ /dev/null @@ -1,46 +0,0 @@ -/* - * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include "e_os.h" -#include "crypto/cryptlib.h" - -#if defined(_WIN32) || defined(__CYGWIN__) -# ifdef __CYGWIN__ -/* pick DLL_[PROCESS|THREAD]_[ATTACH|DETACH] definitions */ -# include -/* - * this has side-effect of _WIN32 getting defined, which otherwise is - * mutually exclusive with __CYGWIN__... - */ -# endif - -/* - * All we really need to do is remove the 'error' state when a thread - * detaches - */ - -BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved); -BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved) -{ - switch (fdwReason) { - case DLL_PROCESS_ATTACH: - OPENSSL_cpuid_setup(); - break; - case DLL_THREAD_ATTACH: - break; - case DLL_THREAD_DETACH: - OPENSSL_thread_stop(); - break; - case DLL_PROCESS_DETACH: - break; - } - return TRUE; -} -#endif - diff --git a/crypto/dsa/build.info b/crypto/dsa/build.info deleted file mode 100644 index 9a7d275c3500c63358c47e7e296d4c7014460703..0000000000000000000000000000000000000000 --- a/crypto/dsa/build.info +++ /dev/null @@ -1,12 +0,0 @@ -LIBS=../../libcrypto - -$COMMON=dsa_sign.c dsa_vrf.c dsa_lib.c dsa_ossl.c dsa_check.c \ - dsa_key.c dsa_backend.c dsa_gen.c - -SOURCE[../../libcrypto]=$COMMON\ - dsa_asn1.c dsa_err.c dsa_ameth.c dsa_pmeth.c dsa_prn.c \ - dsa_meth.c -IF[{- !$disabled{'deprecated-0.9.8'} -}] - SOURCE[../../libcrypto]=dsa_depr.c -ENDIF -SOURCE[../../providers/libfips.a]=$COMMON diff --git a/crypto/dsa/dsa_ameth.c b/crypto/dsa/dsa_ameth.c deleted file mode 100644 index 482b9e1e0aa72ff5fc6e28595e3829842e43ff6d..0000000000000000000000000000000000000000 --- a/crypto/dsa/dsa_ameth.c +++ /dev/null @@ -1,584 +0,0 @@ -/* - * Copyright 2006-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * DSA low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include -#include -#include -#include -#include -#include -#include "internal/cryptlib.h" -#include "crypto/asn1.h" -#include "crypto/dsa.h" -#include "crypto/evp.h" -#include "internal/ffc.h" -#include "dsa_local.h" - -static int dsa_pub_decode(EVP_PKEY *pkey, const X509_PUBKEY *pubkey) -{ - const unsigned char *p, *pm; - int pklen, pmlen; - int ptype; - const void *pval; - const ASN1_STRING *pstr; - X509_ALGOR *palg; - ASN1_INTEGER *public_key = NULL; - - DSA *dsa = NULL; - - if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, &palg, pubkey)) - return 0; - X509_ALGOR_get0(NULL, &ptype, &pval, palg); - - if (ptype == V_ASN1_SEQUENCE) { - pstr = pval; - pm = pstr->data; - pmlen = pstr->length; - - if ((dsa = d2i_DSAparams(NULL, &pm, pmlen)) == NULL) { - ERR_raise(ERR_LIB_DSA, DSA_R_DECODE_ERROR); - goto err; - } - - } else if ((ptype == V_ASN1_NULL) || (ptype == V_ASN1_UNDEF)) { - if ((dsa = DSA_new()) == NULL) { - ERR_raise(ERR_LIB_DSA, ERR_R_MALLOC_FAILURE); - goto err; - } - } else { - ERR_raise(ERR_LIB_DSA, DSA_R_PARAMETER_ENCODING_ERROR); - goto err; - } - - if ((public_key = d2i_ASN1_INTEGER(NULL, &p, pklen)) == NULL) { - ERR_raise(ERR_LIB_DSA, DSA_R_DECODE_ERROR); - goto err; - } - - if ((dsa->pub_key = ASN1_INTEGER_to_BN(public_key, NULL)) == NULL) { - ERR_raise(ERR_LIB_DSA, DSA_R_BN_DECODE_ERROR); - goto err; - } - - dsa->dirty_cnt++; - ASN1_INTEGER_free(public_key); - EVP_PKEY_assign_DSA(pkey, dsa); - return 1; - - err: - ASN1_INTEGER_free(public_key); - DSA_free(dsa); - return 0; - -} - -static int dsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) -{ - DSA *dsa; - int ptype; - unsigned char *penc = NULL; - int penclen; - ASN1_STRING *str = NULL; - ASN1_INTEGER *pubint = NULL; - ASN1_OBJECT *aobj; - - dsa = pkey->pkey.dsa; - if (pkey->save_parameters - && dsa->params.p != NULL - && dsa->params.q != NULL - && dsa->params.g != NULL) { - str = ASN1_STRING_new(); - if (str == NULL) { - ERR_raise(ERR_LIB_DSA, ERR_R_MALLOC_FAILURE); - goto err; - } - str->length = i2d_DSAparams(dsa, &str->data); - if (str->length <= 0) { - ERR_raise(ERR_LIB_DSA, ERR_R_MALLOC_FAILURE); - goto err; - } - ptype = V_ASN1_SEQUENCE; - } else - ptype = V_ASN1_UNDEF; - - pubint = BN_to_ASN1_INTEGER(dsa->pub_key, NULL); - - if (pubint == NULL) { - ERR_raise(ERR_LIB_DSA, ERR_R_MALLOC_FAILURE); - goto err; - } - - penclen = i2d_ASN1_INTEGER(pubint, &penc); - ASN1_INTEGER_free(pubint); - - if (penclen <= 0) { - ERR_raise(ERR_LIB_DSA, ERR_R_MALLOC_FAILURE); - goto err; - } - - aobj = OBJ_nid2obj(EVP_PKEY_DSA); - if (aobj == NULL) - goto err; - - if (X509_PUBKEY_set0_param(pk, aobj, ptype, str, penc, penclen)) - return 1; - - err: - OPENSSL_free(penc); - ASN1_STRING_free(str); - - return 0; -} - -/* - * In PKCS#8 DSA: you just get a private key integer and parameters in the - * AlgorithmIdentifier the pubkey must be recalculated. - */ - -static int dsa_priv_decode(EVP_PKEY *pkey, const PKCS8_PRIV_KEY_INFO *p8) -{ - int ret = 0; - DSA *dsa = ossl_dsa_key_from_pkcs8(p8, NULL, NULL); - - if (dsa != NULL) { - ret = 1; - EVP_PKEY_assign_DSA(pkey, dsa); - } - - return ret; -} - -static int dsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) -{ - ASN1_STRING *params = NULL; - ASN1_INTEGER *prkey = NULL; - unsigned char *dp = NULL; - int dplen; - - if (pkey->pkey.dsa == NULL|| pkey->pkey.dsa->priv_key == NULL) { - ERR_raise(ERR_LIB_DSA, DSA_R_MISSING_PARAMETERS); - goto err; - } - - params = ASN1_STRING_new(); - - if (params == NULL) { - ERR_raise(ERR_LIB_DSA, ERR_R_MALLOC_FAILURE); - goto err; - } - - params->length = i2d_DSAparams(pkey->pkey.dsa, ¶ms->data); - if (params->length <= 0) { - ERR_raise(ERR_LIB_DSA, ERR_R_MALLOC_FAILURE); - goto err; - } - params->type = V_ASN1_SEQUENCE; - - /* Get private key into integer */ - prkey = BN_to_ASN1_INTEGER(pkey->pkey.dsa->priv_key, NULL); - - if (prkey == NULL) { - ERR_raise(ERR_LIB_DSA, DSA_R_BN_ERROR); - goto err; - } - - dplen = i2d_ASN1_INTEGER(prkey, &dp); - - ASN1_STRING_clear_free(prkey); - - if (dplen <= 0) { - ERR_raise(ERR_LIB_DSA, DSA_R_BN_ERROR); - goto err; - } - - if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_dsa), 0, - V_ASN1_SEQUENCE, params, dp, dplen)) { - OPENSSL_clear_free(dp, dplen); - goto err; - } - return 1; - - err: - ASN1_STRING_free(params); - return 0; -} - -static int int_dsa_size(const EVP_PKEY *pkey) -{ - return DSA_size(pkey->pkey.dsa); -} - -static int dsa_bits(const EVP_PKEY *pkey) -{ - return DSA_bits(pkey->pkey.dsa); -} - -static int dsa_security_bits(const EVP_PKEY *pkey) -{ - return DSA_security_bits(pkey->pkey.dsa); -} - -static int dsa_missing_parameters(const EVP_PKEY *pkey) -{ - DSA *dsa; - dsa = pkey->pkey.dsa; - return dsa == NULL - || dsa->params.p == NULL - || dsa->params.q == NULL - || dsa->params.g == NULL; -} - -static int dsa_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from) -{ - if (to->pkey.dsa == NULL) { - to->pkey.dsa = DSA_new(); - if (to->pkey.dsa == NULL) - return 0; - } - if (!ossl_ffc_params_copy(&to->pkey.dsa->params, &from->pkey.dsa->params)) - return 0; - - to->pkey.dsa->dirty_cnt++; - return 1; -} - -static int dsa_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b) -{ - return ossl_ffc_params_cmp(&a->pkey.dsa->params, &b->pkey.dsa->params, 1); -} - -static int dsa_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b) -{ - return BN_cmp(b->pkey.dsa->pub_key, a->pkey.dsa->pub_key) == 0; -} - -static void int_dsa_free(EVP_PKEY *pkey) -{ - DSA_free(pkey->pkey.dsa); -} - -static int do_dsa_print(BIO *bp, const DSA *x, int off, int ptype) -{ - int ret = 0; - const char *ktype = NULL; - const BIGNUM *priv_key, *pub_key; - int mod_len = 0; - - if (x->params.p != NULL) - mod_len = DSA_bits(x); - - if (ptype == 2) - priv_key = x->priv_key; - else - priv_key = NULL; - - if (ptype > 0) - pub_key = x->pub_key; - else - pub_key = NULL; - - if (ptype == 2) - ktype = "Private-Key"; - else if (ptype == 1) - ktype = "Public-Key"; - else - ktype = "DSA-Parameters"; - - if (priv_key != NULL) { - if (!BIO_indent(bp, off, 128)) - goto err; - if (BIO_printf(bp, "%s: (%d bit)\n", ktype, mod_len) <= 0) - goto err; - } else { - if (BIO_printf(bp, "Public-Key: (%d bit)\n", mod_len) <= 0) - goto err; - } - - if (!ASN1_bn_print(bp, "priv:", priv_key, NULL, off)) - goto err; - if (!ASN1_bn_print(bp, "pub: ", pub_key, NULL, off)) - goto err; - if (!ossl_ffc_params_print(bp, &x->params, off)) - goto err; - ret = 1; - err: - return ret; -} - -static int dsa_param_decode(EVP_PKEY *pkey, - const unsigned char **pder, int derlen) -{ - DSA *dsa; - - if ((dsa = d2i_DSAparams(NULL, pder, derlen)) == NULL) - return 0; - - dsa->dirty_cnt++; - EVP_PKEY_assign_DSA(pkey, dsa); - return 1; -} - -static int dsa_param_encode(const EVP_PKEY *pkey, unsigned char **pder) -{ - return i2d_DSAparams(pkey->pkey.dsa, pder); -} - -static int dsa_param_print(BIO *bp, const EVP_PKEY *pkey, int indent, - ASN1_PCTX *ctx) -{ - return do_dsa_print(bp, pkey->pkey.dsa, indent, 0); -} - -static int dsa_pub_print(BIO *bp, const EVP_PKEY *pkey, int indent, - ASN1_PCTX *ctx) -{ - return do_dsa_print(bp, pkey->pkey.dsa, indent, 1); -} - -static int dsa_priv_print(BIO *bp, const EVP_PKEY *pkey, int indent, - ASN1_PCTX *ctx) -{ - return do_dsa_print(bp, pkey->pkey.dsa, indent, 2); -} - -static int old_dsa_priv_decode(EVP_PKEY *pkey, - const unsigned char **pder, int derlen) -{ - DSA *dsa; - - if ((dsa = d2i_DSAPrivateKey(NULL, pder, derlen)) == NULL) { - ERR_raise(ERR_LIB_DSA, ERR_R_DSA_LIB); - return 0; - } - dsa->dirty_cnt++; - EVP_PKEY_assign_DSA(pkey, dsa); - return 1; -} - -static int old_dsa_priv_encode(const EVP_PKEY *pkey, unsigned char **pder) -{ - return i2d_DSAPrivateKey(pkey->pkey.dsa, pder); -} - -static int dsa_sig_print(BIO *bp, const X509_ALGOR *sigalg, - const ASN1_STRING *sig, int indent, ASN1_PCTX *pctx) -{ - DSA_SIG *dsa_sig; - const unsigned char *p; - - if (sig == NULL) { - if (BIO_puts(bp, "\n") <= 0) - return 0; - else - return 1; - } - p = sig->data; - dsa_sig = d2i_DSA_SIG(NULL, &p, sig->length); - if (dsa_sig != NULL) { - int rv = 0; - const BIGNUM *r, *s; - - DSA_SIG_get0(dsa_sig, &r, &s); - - if (BIO_write(bp, "\n", 1) != 1) - goto err; - - if (!ASN1_bn_print(bp, "r: ", r, NULL, indent)) - goto err; - if (!ASN1_bn_print(bp, "s: ", s, NULL, indent)) - goto err; - rv = 1; - err: - DSA_SIG_free(dsa_sig); - return rv; - } - if (BIO_puts(bp, "\n") <= 0) - return 0; - return X509_signature_dump(bp, sig, indent); -} - -static int dsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2) -{ - switch (op) { - case ASN1_PKEY_CTRL_DEFAULT_MD_NID: - *(int *)arg2 = NID_sha256; - return 1; - - default: - return -2; - } -} - -static size_t dsa_pkey_dirty_cnt(const EVP_PKEY *pkey) -{ - return pkey->pkey.dsa->dirty_cnt; -} - -static int dsa_pkey_export_to(const EVP_PKEY *from, void *to_keydata, - OSSL_FUNC_keymgmt_import_fn *importer, - OSSL_LIB_CTX *libctx, const char *propq) -{ - DSA *dsa = from->pkey.dsa; - OSSL_PARAM_BLD *tmpl; - const BIGNUM *p = DSA_get0_p(dsa), *g = DSA_get0_g(dsa); - const BIGNUM *q = DSA_get0_q(dsa), *pub_key = DSA_get0_pub_key(dsa); - const BIGNUM *priv_key = DSA_get0_priv_key(dsa); - OSSL_PARAM *params; - int selection = 0; - int rv = 0; - - if (p == NULL || q == NULL || g == NULL) - return 0; - - tmpl = OSSL_PARAM_BLD_new(); - if (tmpl == NULL) - return 0; - - if (!OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_FFC_P, p) - || !OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_FFC_Q, q) - || !OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_FFC_G, g)) - goto err; - selection |= OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS; - if (pub_key != NULL) { - if (!OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_PUB_KEY, - pub_key)) - goto err; - selection |= OSSL_KEYMGMT_SELECT_PUBLIC_KEY; - } - if (priv_key != NULL) { - if (!OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_PRIV_KEY, - priv_key)) - goto err; - selection |= OSSL_KEYMGMT_SELECT_PRIVATE_KEY; - } - - if ((params = OSSL_PARAM_BLD_to_param(tmpl)) == NULL) - goto err; - - /* We export, the provider imports */ - rv = importer(to_keydata, selection, params); - - OSSL_PARAM_free(params); - err: - OSSL_PARAM_BLD_free(tmpl); - return rv; -} - -static int dsa_pkey_import_from(const OSSL_PARAM params[], void *vpctx) -{ - EVP_PKEY_CTX *pctx = vpctx; - EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(pctx); - DSA *dsa = ossl_dsa_new(pctx->libctx); - - if (dsa == NULL) { - ERR_raise(ERR_LIB_DSA, ERR_R_MALLOC_FAILURE); - return 0; - } - - if (!ossl_dsa_ffc_params_fromdata(dsa, params) - || !ossl_dsa_key_fromdata(dsa, params, 1) - || !EVP_PKEY_assign_DSA(pkey, dsa)) { - DSA_free(dsa); - return 0; - } - return 1; -} - -static int dsa_pkey_copy(EVP_PKEY *to, EVP_PKEY *from) -{ - DSA *dsa = from->pkey.dsa; - DSA *dupkey = NULL; - int ret; - - if (dsa != NULL) { - dupkey = ossl_dsa_dup(dsa, OSSL_KEYMGMT_SELECT_ALL); - if (dupkey == NULL) - return 0; - } - - ret = EVP_PKEY_assign_DSA(to, dupkey); - if (!ret) - DSA_free(dupkey); - return ret; -} - -/* NB these are sorted in pkey_id order, lowest first */ - -const EVP_PKEY_ASN1_METHOD ossl_dsa_asn1_meths[5] = { - - { - EVP_PKEY_DSA2, - EVP_PKEY_DSA, - ASN1_PKEY_ALIAS}, - - { - EVP_PKEY_DSA1, - EVP_PKEY_DSA, - ASN1_PKEY_ALIAS}, - - { - EVP_PKEY_DSA4, - EVP_PKEY_DSA, - ASN1_PKEY_ALIAS}, - - { - EVP_PKEY_DSA3, - EVP_PKEY_DSA, - ASN1_PKEY_ALIAS}, - - { - EVP_PKEY_DSA, - EVP_PKEY_DSA, - 0, - - "DSA", - "OpenSSL DSA method", - - dsa_pub_decode, - dsa_pub_encode, - dsa_pub_cmp, - dsa_pub_print, - - dsa_priv_decode, - dsa_priv_encode, - dsa_priv_print, - - int_dsa_size, - dsa_bits, - dsa_security_bits, - - dsa_param_decode, - dsa_param_encode, - dsa_missing_parameters, - dsa_copy_parameters, - dsa_cmp_parameters, - dsa_param_print, - dsa_sig_print, - - int_dsa_free, - dsa_pkey_ctrl, - old_dsa_priv_decode, - old_dsa_priv_encode, - - NULL, NULL, NULL, - NULL, NULL, NULL, - NULL, NULL, NULL, NULL, - - dsa_pkey_dirty_cnt, - dsa_pkey_export_to, - dsa_pkey_import_from, - dsa_pkey_copy - } -}; diff --git a/crypto/dsa/dsa_asn1.c b/crypto/dsa/dsa_asn1.c deleted file mode 100644 index 300ce6806df58bcd7b5e3f2ec2f30c9732e03f1b..0000000000000000000000000000000000000000 --- a/crypto/dsa/dsa_asn1.c +++ /dev/null @@ -1,72 +0,0 @@ -/* - * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * DSA low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include -#include "internal/cryptlib.h" -#include "dsa_local.h" -#include -#include -#include -#include "crypto/asn1_dsa.h" - -/* Override the default free and new methods */ -static int dsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, - void *exarg) -{ - if (operation == ASN1_OP_NEW_PRE) { - *pval = (ASN1_VALUE *)DSA_new(); - if (*pval != NULL) - return 2; - return 0; - } else if (operation == ASN1_OP_FREE_PRE) { - DSA_free((DSA *)*pval); - *pval = NULL; - return 2; - } - return 1; -} - -ASN1_SEQUENCE_cb(DSAPrivateKey, dsa_cb) = { - ASN1_EMBED(DSA, version, INT32), - ASN1_SIMPLE(DSA, params.p, BIGNUM), - ASN1_SIMPLE(DSA, params.q, BIGNUM), - ASN1_SIMPLE(DSA, params.g, BIGNUM), - ASN1_SIMPLE(DSA, pub_key, BIGNUM), - ASN1_SIMPLE(DSA, priv_key, CBIGNUM) -} static_ASN1_SEQUENCE_END_cb(DSA, DSAPrivateKey) - -IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(DSA, DSAPrivateKey, DSAPrivateKey) - -ASN1_SEQUENCE_cb(DSAparams, dsa_cb) = { - ASN1_SIMPLE(DSA, params.p, BIGNUM), - ASN1_SIMPLE(DSA, params.q, BIGNUM), - ASN1_SIMPLE(DSA, params.g, BIGNUM), -} static_ASN1_SEQUENCE_END_cb(DSA, DSAparams) - -IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(DSA, DSAparams, DSAparams) - -ASN1_SEQUENCE_cb(DSAPublicKey, dsa_cb) = { - ASN1_SIMPLE(DSA, pub_key, BIGNUM), - ASN1_SIMPLE(DSA, params.p, BIGNUM), - ASN1_SIMPLE(DSA, params.q, BIGNUM), - ASN1_SIMPLE(DSA, params.g, BIGNUM) -} static_ASN1_SEQUENCE_END_cb(DSA, DSAPublicKey) - -IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(DSA, DSAPublicKey, DSAPublicKey) - -DSA *DSAparams_dup(const DSA *dsa) -{ - return ASN1_item_dup(ASN1_ITEM_rptr(DSAparams), dsa); -} diff --git a/crypto/dsa/dsa_backend.c b/crypto/dsa/dsa_backend.c deleted file mode 100644 index f9a71bdc9e0bb698c267d04031e61cb53d6d9b8d..0000000000000000000000000000000000000000 --- a/crypto/dsa/dsa_backend.c +++ /dev/null @@ -1,192 +0,0 @@ -/* - * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * DSA low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include -#include -#ifndef FIPS_MODULE -# include -#endif -#include "crypto/dsa.h" -#include "dsa_local.h" - -/* - * The intention with the "backend" source file is to offer backend support - * for legacy backends (EVP_PKEY_ASN1_METHOD and EVP_PKEY_METHOD) and provider - * implementations alike. - */ - -int ossl_dsa_key_fromdata(DSA *dsa, const OSSL_PARAM params[], - int include_private) -{ - const OSSL_PARAM *param_priv_key = NULL, *param_pub_key; - BIGNUM *priv_key = NULL, *pub_key = NULL; - - if (dsa == NULL) - return 0; - - if (include_private) { - param_priv_key = - OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PRIV_KEY); - } - param_pub_key = - OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PUB_KEY); - - /* It's ok if neither half is present */ - if (param_priv_key == NULL && param_pub_key == NULL) - return 1; - - if (param_pub_key != NULL && !OSSL_PARAM_get_BN(param_pub_key, &pub_key)) - goto err; - if (param_priv_key != NULL && !OSSL_PARAM_get_BN(param_priv_key, &priv_key)) - goto err; - - if (!DSA_set0_key(dsa, pub_key, priv_key)) - goto err; - - return 1; - - err: - BN_clear_free(priv_key); - BN_free(pub_key); - return 0; -} - -int ossl_dsa_is_foreign(const DSA *dsa) -{ -#ifndef FIPS_MODULE - if (dsa->engine != NULL || DSA_get_method((DSA *)dsa) != DSA_OpenSSL()) - return 1; -#endif - return 0; -} - -static ossl_inline int dsa_bn_dup_check(BIGNUM **out, const BIGNUM *f) -{ - if (f != NULL && (*out = BN_dup(f)) == NULL) - return 0; - return 1; -} - -DSA *ossl_dsa_dup(const DSA *dsa, int selection) -{ - DSA *dupkey = NULL; - - /* Do not try to duplicate foreign DSA keys */ - if (ossl_dsa_is_foreign(dsa)) - return NULL; - - if ((dupkey = ossl_dsa_new(dsa->libctx)) == NULL) - return NULL; - - if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0 - && !ossl_ffc_params_copy(&dupkey->params, &dsa->params)) - goto err; - - dupkey->flags = dsa->flags; - - if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0 - && ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) == 0 - || !dsa_bn_dup_check(&dupkey->pub_key, dsa->pub_key))) - goto err; - - if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0 - && ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) == 0 - || !dsa_bn_dup_check(&dupkey->priv_key, dsa->priv_key))) - goto err; - -#ifndef FIPS_MODULE - if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_DSA, - &dupkey->ex_data, &dsa->ex_data)) - goto err; -#endif - - return dupkey; - - err: - DSA_free(dupkey); - return NULL; -} - -#ifndef FIPS_MODULE -DSA *ossl_dsa_key_from_pkcs8(const PKCS8_PRIV_KEY_INFO *p8inf, - OSSL_LIB_CTX *libctx, const char *propq) -{ - const unsigned char *p, *pm; - int pklen, pmlen; - int ptype; - const void *pval; - const ASN1_STRING *pstr; - const X509_ALGOR *palg; - ASN1_INTEGER *privkey = NULL; - const BIGNUM *dsa_p, *dsa_g; - BIGNUM *dsa_pubkey = NULL, *dsa_privkey = NULL; - BN_CTX *ctx = NULL; - - DSA *dsa = NULL; - - if (!PKCS8_pkey_get0(NULL, &p, &pklen, &palg, p8inf)) - return 0; - X509_ALGOR_get0(NULL, &ptype, &pval, palg); - - if ((privkey = d2i_ASN1_INTEGER(NULL, &p, pklen)) == NULL) - goto decerr; - if (privkey->type == V_ASN1_NEG_INTEGER || ptype != V_ASN1_SEQUENCE) - goto decerr; - - pstr = pval; - pm = pstr->data; - pmlen = pstr->length; - if ((dsa = d2i_DSAparams(NULL, &pm, pmlen)) == NULL) - goto decerr; - /* We have parameters now set private key */ - if ((dsa_privkey = BN_secure_new()) == NULL - || !ASN1_INTEGER_to_BN(privkey, dsa_privkey)) { - ERR_raise(ERR_LIB_DSA, DSA_R_BN_ERROR); - goto dsaerr; - } - /* Calculate public key */ - if ((dsa_pubkey = BN_new()) == NULL) { - ERR_raise(ERR_LIB_DSA, ERR_R_MALLOC_FAILURE); - goto dsaerr; - } - if ((ctx = BN_CTX_new()) == NULL) { - ERR_raise(ERR_LIB_DSA, ERR_R_MALLOC_FAILURE); - goto dsaerr; - } - - dsa_p = DSA_get0_p(dsa); - dsa_g = DSA_get0_g(dsa); - BN_set_flags(dsa_privkey, BN_FLG_CONSTTIME); - if (!BN_mod_exp(dsa_pubkey, dsa_g, dsa_privkey, dsa_p, ctx)) { - ERR_raise(ERR_LIB_DSA, DSA_R_BN_ERROR); - goto dsaerr; - } - DSA_set0_key(dsa, dsa_pubkey, dsa_privkey); - - goto done; - - decerr: - ERR_raise(ERR_LIB_DSA, DSA_R_DECODE_ERROR); - dsaerr: - BN_free(dsa_privkey); - BN_free(dsa_pubkey); - DSA_free(dsa); - dsa = NULL; - done: - BN_CTX_free(ctx); - ASN1_STRING_clear_free(privkey); - return dsa; -} -#endif diff --git a/crypto/dsa/dsa_check.c b/crypto/dsa/dsa_check.c deleted file mode 100644 index 7ee914a477ecea60ffa548e20bcea00b83589a29..0000000000000000000000000000000000000000 --- a/crypto/dsa/dsa_check.c +++ /dev/null @@ -1,95 +0,0 @@ -/* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * DSA low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include -#include "internal/cryptlib.h" -#include -#include "dsa_local.h" -#include "crypto/dsa.h" - -int ossl_dsa_check_params(const DSA *dsa, int checktype, int *ret) -{ - if (checktype == OSSL_KEYMGMT_VALIDATE_QUICK_CHECK) - return ossl_ffc_params_simple_validate(dsa->libctx, &dsa->params, - FFC_PARAM_TYPE_DSA, ret); - else - /* - * Do full FFC domain params validation according to FIPS-186-4 - * - always in FIPS_MODULE - * - only if possible (i.e., seed is set) in default provider - */ - return ossl_ffc_params_full_validate(dsa->libctx, &dsa->params, - FFC_PARAM_TYPE_DSA, ret); -} - -/* - * See SP800-56Ar3 Section 5.6.2.3.1 : FFC Full public key validation. - */ -int ossl_dsa_check_pub_key(const DSA *dsa, const BIGNUM *pub_key, int *ret) -{ - return ossl_ffc_validate_public_key(&dsa->params, pub_key, ret); -} - -/* - * See SP800-56Ar3 Section 5.6.2.3.1 : FFC Partial public key validation. - * To only be used with ephemeral FFC public keys generated using the approved - * safe-prime groups. - */ -int ossl_dsa_check_pub_key_partial(const DSA *dsa, const BIGNUM *pub_key, int *ret) -{ - return ossl_ffc_validate_public_key_partial(&dsa->params, pub_key, ret); -} - -int ossl_dsa_check_priv_key(const DSA *dsa, const BIGNUM *priv_key, int *ret) -{ - *ret = 0; - - return (dsa->params.q != NULL - && ossl_ffc_validate_private_key(dsa->params.q, priv_key, ret)); -} - -/* - * FFC pairwise check from SP800-56A R3. - * Section 5.6.2.1.4 Owner Assurance of Pair-wise Consistency - */ -int ossl_dsa_check_pairwise(const DSA *dsa) -{ - int ret = 0; - BN_CTX *ctx = NULL; - BIGNUM *pub_key = NULL; - - if (dsa->params.p == NULL - || dsa->params.g == NULL - || dsa->priv_key == NULL - || dsa->pub_key == NULL) - return 0; - - ctx = BN_CTX_new_ex(dsa->libctx); - if (ctx == NULL) - goto err; - pub_key = BN_new(); - if (pub_key == NULL) - goto err; - - /* recalculate the public key = (g ^ priv) mod p */ - if (!ossl_dsa_generate_public_key(ctx, dsa, dsa->priv_key, pub_key)) - goto err; - /* check it matches the existing pubic_key */ - ret = BN_cmp(pub_key, dsa->pub_key) == 0; -err: - BN_free(pub_key); - BN_CTX_free(ctx); - return ret; -} diff --git a/crypto/dsa/dsa_depr.c b/crypto/dsa/dsa_depr.c deleted file mode 100644 index 95f8d1f3a9cb2bc62b8251c949db59cfe2669556..0000000000000000000000000000000000000000 --- a/crypto/dsa/dsa_depr.c +++ /dev/null @@ -1,57 +0,0 @@ -/* - * Copyright 2002-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * This file contains deprecated function(s) that are now wrappers to the new - * version(s). - */ - -/* - * DSA low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include - -#include -#include -#include "internal/cryptlib.h" -#include -#include -#include -#include - -DSA *DSA_generate_parameters(int bits, - unsigned char *seed_in, int seed_len, - int *counter_ret, unsigned long *h_ret, - void (*callback) (int, int, void *), - void *cb_arg) -{ - BN_GENCB *cb; - DSA *ret; - - if ((ret = DSA_new()) == NULL) - return NULL; - cb = BN_GENCB_new(); - if (cb == NULL) - goto err; - - BN_GENCB_set_old(cb, callback, cb_arg); - - if (DSA_generate_parameters_ex(ret, bits, seed_in, seed_len, - counter_ret, h_ret, cb)) { - BN_GENCB_free(cb); - return ret; - } - BN_GENCB_free(cb); -err: - DSA_free(ret); - return NULL; -} diff --git a/crypto/dsa/dsa_err.c b/crypto/dsa/dsa_err.c deleted file mode 100644 index 5685d5e83eb32c3626b6ee4defae389bcdcf9555..0000000000000000000000000000000000000000 --- a/crypto/dsa/dsa_err.c +++ /dev/null @@ -1,54 +0,0 @@ -/* - * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include "crypto/dsaerr.h" - -#ifndef OPENSSL_NO_DSA - -# ifndef OPENSSL_NO_ERR - -static const ERR_STRING_DATA DSA_str_reasons[] = { - {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_BAD_FFC_PARAMETERS), "bad ffc parameters"}, - {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_BAD_Q_VALUE), "bad q value"}, - {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_BN_DECODE_ERROR), "bn decode error"}, - {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_BN_ERROR), "bn error"}, - {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_DECODE_ERROR), "decode error"}, - {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_INVALID_DIGEST_TYPE), - "invalid digest type"}, - {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_INVALID_PARAMETERS), "invalid parameters"}, - {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_MISSING_PARAMETERS), "missing parameters"}, - {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_MISSING_PRIVATE_KEY), - "missing private key"}, - {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_MODULUS_TOO_LARGE), "modulus too large"}, - {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_NO_PARAMETERS_SET), "no parameters set"}, - {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_PARAMETER_ENCODING_ERROR), - "parameter encoding error"}, - {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_P_NOT_PRIME), "p not prime"}, - {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_Q_NOT_PRIME), "q not prime"}, - {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_SEED_LEN_SMALL), - "seed_len is less than the length of q"}, - {0, NULL} -}; - -# endif - -int ossl_err_load_DSA_strings(void) -{ -# ifndef OPENSSL_NO_ERR - if (ERR_reason_error_string(DSA_str_reasons[0].error) == NULL) - ERR_load_strings_const(DSA_str_reasons); -# endif - return 1; -} -#else -NON_EMPTY_TRANSLATION_UNIT -#endif diff --git a/crypto/dsa/dsa_gen.c b/crypto/dsa/dsa_gen.c deleted file mode 100644 index a450921412811e4caa260e42ebcebc29415149c0..0000000000000000000000000000000000000000 --- a/crypto/dsa/dsa_gen.c +++ /dev/null @@ -1,77 +0,0 @@ -/* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * DSA low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include -#include -#include "internal/cryptlib.h" -#include -#include -#include -#include -#include "crypto/dsa.h" -#include "dsa_local.h" - -int ossl_dsa_generate_ffc_parameters(DSA *dsa, int type, int pbits, int qbits, - BN_GENCB *cb) -{ - int ret = 0, res; - -#ifndef FIPS_MODULE - if (type == DSA_PARAMGEN_TYPE_FIPS_186_2) - ret = ossl_ffc_params_FIPS186_2_generate(dsa->libctx, &dsa->params, - FFC_PARAM_TYPE_DSA, - pbits, qbits, &res, cb); - else -#endif - ret = ossl_ffc_params_FIPS186_4_generate(dsa->libctx, &dsa->params, - FFC_PARAM_TYPE_DSA, - pbits, qbits, &res, cb); - if (ret > 0) - dsa->dirty_cnt++; - return ret; -} - -#ifndef FIPS_MODULE -int DSA_generate_parameters_ex(DSA *dsa, int bits, - const unsigned char *seed_in, int seed_len, - int *counter_ret, unsigned long *h_ret, - BN_GENCB *cb) -{ - if (dsa->meth->dsa_paramgen) - return dsa->meth->dsa_paramgen(dsa, bits, seed_in, seed_len, - counter_ret, h_ret, cb); - if (seed_in != NULL - && !ossl_ffc_params_set_validate_params(&dsa->params, seed_in, seed_len, - -1)) - return 0; - - /* The old code used FIPS 186-2 DSA Parameter generation */ - if (bits < 2048 && seed_len <= 20) { - if (!ossl_dsa_generate_ffc_parameters(dsa, DSA_PARAMGEN_TYPE_FIPS_186_2, - bits, 160, cb)) - return 0; - } else { - if (!ossl_dsa_generate_ffc_parameters(dsa, DSA_PARAMGEN_TYPE_FIPS_186_4, - bits, 0, cb)) - return 0; - } - - if (counter_ret != NULL) - *counter_ret = dsa->params.pcounter; - if (h_ret != NULL) - *h_ret = dsa->params.h; - return 1; -} -#endif diff --git a/crypto/dsa/dsa_key.c b/crypto/dsa/dsa_key.c deleted file mode 100644 index 1f951a9d36a91757f86be2b4f39619eb90c79504..0000000000000000000000000000000000000000 --- a/crypto/dsa/dsa_key.c +++ /dev/null @@ -1,173 +0,0 @@ -/* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * DSA low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include -#include -#include "internal/cryptlib.h" -#include -#include -#include "prov/providercommon.h" -#include "crypto/dsa.h" -#include "dsa_local.h" - -#ifdef FIPS_MODULE -# define MIN_STRENGTH 112 -#else -# define MIN_STRENGTH 80 -#endif - -static int dsa_keygen(DSA *dsa, int pairwise_test); -static int dsa_keygen_pairwise_test(DSA *dsa, OSSL_CALLBACK *cb, void *cbarg); - -int DSA_generate_key(DSA *dsa) -{ -#ifndef FIPS_MODULE - if (dsa->meth->dsa_keygen != NULL) - return dsa->meth->dsa_keygen(dsa); -#endif - return dsa_keygen(dsa, 0); -} - -int ossl_dsa_generate_public_key(BN_CTX *ctx, const DSA *dsa, - const BIGNUM *priv_key, BIGNUM *pub_key) -{ - int ret = 0; - BIGNUM *prk = BN_new(); - - if (prk == NULL) - return 0; - BN_with_flags(prk, priv_key, BN_FLG_CONSTTIME); - - /* pub_key = g ^ priv_key mod p */ - if (!BN_mod_exp(pub_key, dsa->params.g, prk, dsa->params.p, ctx)) - goto err; - ret = 1; -err: - BN_clear_free(prk); - return ret; -} - -static int dsa_keygen(DSA *dsa, int pairwise_test) -{ - int ok = 0; - BN_CTX *ctx = NULL; - BIGNUM *pub_key = NULL, *priv_key = NULL; - - if ((ctx = BN_CTX_new_ex(dsa->libctx)) == NULL) - goto err; - - if (dsa->priv_key == NULL) { - if ((priv_key = BN_secure_new()) == NULL) - goto err; - } else { - priv_key = dsa->priv_key; - } - - /* Do a partial check for invalid p, q, g */ - if (!ossl_ffc_params_simple_validate(dsa->libctx, &dsa->params, - FFC_PARAM_TYPE_DSA, NULL)) - goto err; - - /* - * For FFC FIPS 186-4 keygen - * security strength s = 112, - * Max Private key size N = len(q) - */ - if (!ossl_ffc_generate_private_key(ctx, &dsa->params, - BN_num_bits(dsa->params.q), - MIN_STRENGTH, priv_key)) - goto err; - - if (dsa->pub_key == NULL) { - if ((pub_key = BN_new()) == NULL) - goto err; - } else { - pub_key = dsa->pub_key; - } - - if (!ossl_dsa_generate_public_key(ctx, dsa, priv_key, pub_key)) - goto err; - - dsa->priv_key = priv_key; - dsa->pub_key = pub_key; - -#ifdef FIPS_MODULE - pairwise_test = 1; -#endif /* FIPS_MODULE */ - - ok = 1; - if (pairwise_test) { - OSSL_CALLBACK *cb = NULL; - void *cbarg = NULL; - - OSSL_SELF_TEST_get_callback(dsa->libctx, &cb, &cbarg); - ok = dsa_keygen_pairwise_test(dsa, cb, cbarg); - if (!ok) { - ossl_set_error_state(OSSL_SELF_TEST_TYPE_PCT); - BN_free(dsa->pub_key); - BN_clear_free(dsa->priv_key); - dsa->pub_key = NULL; - dsa->priv_key = NULL; - BN_CTX_free(ctx); - return ok; - } - } - dsa->dirty_cnt++; - - err: - if (pub_key != dsa->pub_key) - BN_free(pub_key); - if (priv_key != dsa->priv_key) - BN_free(priv_key); - BN_CTX_free(ctx); - - return ok; -} - -/* - * FIPS 140-2 IG 9.9 AS09.33 - * Perform a sign/verify operation. - */ -static int dsa_keygen_pairwise_test(DSA *dsa, OSSL_CALLBACK *cb, void *cbarg) -{ - int ret = 0; - unsigned char dgst[16] = {0}; - unsigned int dgst_len = (unsigned int)sizeof(dgst); - DSA_SIG *sig = NULL; - OSSL_SELF_TEST *st = NULL; - - st = OSSL_SELF_TEST_new(cb, cbarg); - if (st == NULL) - goto err; - - OSSL_SELF_TEST_onbegin(st, OSSL_SELF_TEST_TYPE_PCT, - OSSL_SELF_TEST_DESC_PCT_DSA); - - sig = DSA_do_sign(dgst, (int)dgst_len, dsa); - if (sig == NULL) - goto err; - - OSSL_SELF_TEST_oncorrupt_byte(st, dgst); - - if (DSA_do_verify(dgst, dgst_len, sig, dsa) != 1) - goto err; - - ret = 1; -err: - OSSL_SELF_TEST_onend(st, ret); - OSSL_SELF_TEST_free(st); - DSA_SIG_free(sig); - return ret; -} diff --git a/crypto/dsa/dsa_lib.c b/crypto/dsa/dsa_lib.c deleted file mode 100644 index ccc70165921764f6d34a4fafa93a4242b4d68934..0000000000000000000000000000000000000000 --- a/crypto/dsa/dsa_lib.c +++ /dev/null @@ -1,362 +0,0 @@ -/* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * DSA low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include -#ifndef FIPS_MODULE -# include -#endif -#include "internal/cryptlib.h" -#include "internal/refcount.h" -#include "crypto/dsa.h" -#include "crypto/dh.h" /* required by DSA_dup_DH() */ -#include "dsa_local.h" - -static DSA *dsa_new_intern(ENGINE *engine, OSSL_LIB_CTX *libctx); - -#ifndef FIPS_MODULE - -int DSA_set_ex_data(DSA *d, int idx, void *arg) -{ - return CRYPTO_set_ex_data(&d->ex_data, idx, arg); -} - -void *DSA_get_ex_data(const DSA *d, int idx) -{ - return CRYPTO_get_ex_data(&d->ex_data, idx); -} - -# ifndef OPENSSL_NO_DH -DH *DSA_dup_DH(const DSA *r) -{ - /* - * DSA has p, q, g, optional pub_key, optional priv_key. - * DH has p, optional length, g, optional pub_key, - * optional priv_key, optional q. - */ - DH *ret = NULL; - BIGNUM *pub_key = NULL, *priv_key = NULL; - - if (r == NULL) - goto err; - ret = DH_new(); - if (ret == NULL) - goto err; - - if (!ossl_ffc_params_copy(ossl_dh_get0_params(ret), &r->params)) - goto err; - - if (r->pub_key != NULL) { - pub_key = BN_dup(r->pub_key); - if (pub_key == NULL) - goto err; - if (r->priv_key != NULL) { - priv_key = BN_dup(r->priv_key); - if (priv_key == NULL) - goto err; - } - if (!DH_set0_key(ret, pub_key, priv_key)) - goto err; - } else if (r->priv_key != NULL) { - /* Shouldn't happen */ - goto err; - } - - return ret; - - err: - BN_free(pub_key); - BN_free(priv_key); - DH_free(ret); - return NULL; -} -# endif /* OPENSSL_NO_DH */ - -void DSA_clear_flags(DSA *d, int flags) -{ - d->flags &= ~flags; -} - -int DSA_test_flags(const DSA *d, int flags) -{ - return d->flags & flags; -} - -void DSA_set_flags(DSA *d, int flags) -{ - d->flags |= flags; -} - -ENGINE *DSA_get0_engine(DSA *d) -{ - return d->engine; -} - -int DSA_set_method(DSA *dsa, const DSA_METHOD *meth) -{ - /* - * NB: The caller is specifically setting a method, so it's not up to us - * to deal with which ENGINE it comes from. - */ - const DSA_METHOD *mtmp; - mtmp = dsa->meth; - if (mtmp->finish) - mtmp->finish(dsa); -#ifndef OPENSSL_NO_ENGINE - ENGINE_finish(dsa->engine); - dsa->engine = NULL; -#endif - dsa->meth = meth; - if (meth->init) - meth->init(dsa); - return 1; -} -#endif /* FIPS_MODULE */ - - -const DSA_METHOD *DSA_get_method(DSA *d) -{ - return d->meth; -} - -static DSA *dsa_new_intern(ENGINE *engine, OSSL_LIB_CTX *libctx) -{ - DSA *ret = OPENSSL_zalloc(sizeof(*ret)); - - if (ret == NULL) { - ERR_raise(ERR_LIB_DSA, ERR_R_MALLOC_FAILURE); - return NULL; - } - - ret->references = 1; - ret->lock = CRYPTO_THREAD_lock_new(); - if (ret->lock == NULL) { - ERR_raise(ERR_LIB_DSA, ERR_R_MALLOC_FAILURE); - OPENSSL_free(ret); - return NULL; - } - - ret->libctx = libctx; - ret->meth = DSA_get_default_method(); -#if !defined(FIPS_MODULE) && !defined(OPENSSL_NO_ENGINE) - ret->flags = ret->meth->flags & ~DSA_FLAG_NON_FIPS_ALLOW; /* early default init */ - if (engine) { - if (!ENGINE_init(engine)) { - ERR_raise(ERR_LIB_DSA, ERR_R_ENGINE_LIB); - goto err; - } - ret->engine = engine; - } else - ret->engine = ENGINE_get_default_DSA(); - if (ret->engine) { - ret->meth = ENGINE_get_DSA(ret->engine); - if (ret->meth == NULL) { - ERR_raise(ERR_LIB_DSA, ERR_R_ENGINE_LIB); - goto err; - } - } -#endif - - ret->flags = ret->meth->flags & ~DSA_FLAG_NON_FIPS_ALLOW; - -#ifndef FIPS_MODULE - if (!ossl_crypto_new_ex_data_ex(libctx, CRYPTO_EX_INDEX_DSA, ret, - &ret->ex_data)) - goto err; -#endif - - if ((ret->meth->init != NULL) && !ret->meth->init(ret)) { - ERR_raise(ERR_LIB_DSA, ERR_R_INIT_FAIL); - goto err; - } - - return ret; - - err: - DSA_free(ret); - return NULL; -} - -DSA *DSA_new_method(ENGINE *engine) -{ - return dsa_new_intern(engine, NULL); -} - -DSA *ossl_dsa_new(OSSL_LIB_CTX *libctx) -{ - return dsa_new_intern(NULL, libctx); -} - -#ifndef FIPS_MODULE -DSA *DSA_new(void) -{ - return dsa_new_intern(NULL, NULL); -} -#endif - -void DSA_free(DSA *r) -{ - int i; - - if (r == NULL) - return; - - CRYPTO_DOWN_REF(&r->references, &i, r->lock); - REF_PRINT_COUNT("DSA", r); - if (i > 0) - return; - REF_ASSERT_ISNT(i < 0); - - if (r->meth != NULL && r->meth->finish != NULL) - r->meth->finish(r); -#if !defined(FIPS_MODULE) && !defined(OPENSSL_NO_ENGINE) - ENGINE_finish(r->engine); -#endif - -#ifndef FIPS_MODULE - CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, r, &r->ex_data); -#endif - - CRYPTO_THREAD_lock_free(r->lock); - - ossl_ffc_params_cleanup(&r->params); - BN_clear_free(r->pub_key); - BN_clear_free(r->priv_key); - OPENSSL_free(r); -} - -int DSA_up_ref(DSA *r) -{ - int i; - - if (CRYPTO_UP_REF(&r->references, &i, r->lock) <= 0) - return 0; - - REF_PRINT_COUNT("DSA", r); - REF_ASSERT_ISNT(i < 2); - return ((i > 1) ? 1 : 0); -} - -void ossl_dsa_set0_libctx(DSA *d, OSSL_LIB_CTX *libctx) -{ - d->libctx = libctx; -} - -void DSA_get0_pqg(const DSA *d, - const BIGNUM **p, const BIGNUM **q, const BIGNUM **g) -{ - ossl_ffc_params_get0_pqg(&d->params, p, q, g); -} - -int DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g) -{ - /* If the fields p, q and g in d are NULL, the corresponding input - * parameters MUST be non-NULL. - */ - if ((d->params.p == NULL && p == NULL) - || (d->params.q == NULL && q == NULL) - || (d->params.g == NULL && g == NULL)) - return 0; - - ossl_ffc_params_set0_pqg(&d->params, p, q, g); - d->dirty_cnt++; - - return 1; -} - -const BIGNUM *DSA_get0_p(const DSA *d) -{ - return d->params.p; -} - -const BIGNUM *DSA_get0_q(const DSA *d) -{ - return d->params.q; -} - -const BIGNUM *DSA_get0_g(const DSA *d) -{ - return d->params.g; -} - -const BIGNUM *DSA_get0_pub_key(const DSA *d) -{ - return d->pub_key; -} - -const BIGNUM *DSA_get0_priv_key(const DSA *d) -{ - return d->priv_key; -} - -void DSA_get0_key(const DSA *d, - const BIGNUM **pub_key, const BIGNUM **priv_key) -{ - if (pub_key != NULL) - *pub_key = d->pub_key; - if (priv_key != NULL) - *priv_key = d->priv_key; -} - -int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key) -{ - if (pub_key != NULL) { - BN_free(d->pub_key); - d->pub_key = pub_key; - } - if (priv_key != NULL) { - BN_free(d->priv_key); - d->priv_key = priv_key; - } - d->dirty_cnt++; - - return 1; -} - -int DSA_security_bits(const DSA *d) -{ - if (d->params.p != NULL && d->params.q != NULL) - return BN_security_bits(BN_num_bits(d->params.p), - BN_num_bits(d->params.q)); - return -1; -} - -int DSA_bits(const DSA *dsa) -{ - if (dsa->params.p != NULL) - return BN_num_bits(dsa->params.p); - return -1; -} - -FFC_PARAMS *ossl_dsa_get0_params(DSA *dsa) -{ - return &dsa->params; -} - -int ossl_dsa_ffc_params_fromdata(DSA *dsa, const OSSL_PARAM params[]) -{ - int ret; - FFC_PARAMS *ffc; - - if (dsa == NULL) - return 0; - ffc = ossl_dsa_get0_params(dsa); - if (ffc == NULL) - return 0; - - ret = ossl_ffc_params_fromdata(ffc, params); - if (ret) - dsa->dirty_cnt++; - return ret; -} diff --git a/crypto/dsa/dsa_local.h b/crypto/dsa/dsa_local.h deleted file mode 100644 index 9e33fae131ea64aa7d18aeac5c4dbcfc3c7129e5..0000000000000000000000000000000000000000 --- a/crypto/dsa/dsa_local.h +++ /dev/null @@ -1,72 +0,0 @@ -/* - * Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/refcount.h" -#include "internal/ffc.h" - -struct dsa_st { - /* - * This first variable is used to pick up errors where a DSA is passed - * instead of of a EVP_PKEY - */ - int pad; - int32_t version; - FFC_PARAMS params; - BIGNUM *pub_key; /* y public key */ - BIGNUM *priv_key; /* x private key */ - int flags; - /* Normally used to cache montgomery values */ - BN_MONT_CTX *method_mont_p; - CRYPTO_REF_COUNT references; -#ifndef FIPS_MODULE - CRYPTO_EX_DATA ex_data; -#endif - const DSA_METHOD *meth; - /* functional reference if 'meth' is ENGINE-provided */ - ENGINE *engine; - CRYPTO_RWLOCK *lock; - OSSL_LIB_CTX *libctx; - - /* Provider data */ - size_t dirty_cnt; /* If any key material changes, increment this */ -}; - -struct DSA_SIG_st { - BIGNUM *r; - BIGNUM *s; -}; - -struct dsa_method { - char *name; - DSA_SIG *(*dsa_do_sign) (const unsigned char *dgst, int dlen, DSA *dsa); - int (*dsa_sign_setup) (DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, - BIGNUM **rp); - int (*dsa_do_verify) (const unsigned char *dgst, int dgst_len, - DSA_SIG *sig, DSA *dsa); - int (*dsa_mod_exp) (DSA *dsa, BIGNUM *rr, const BIGNUM *a1, - const BIGNUM *p1, const BIGNUM *a2, const BIGNUM *p2, - const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont); - /* Can be null */ - int (*bn_mod_exp) (DSA *dsa, BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); - int (*init) (DSA *dsa); - int (*finish) (DSA *dsa); - int flags; - void *app_data; - /* If this is non-NULL, it is used to generate DSA parameters */ - int (*dsa_paramgen) (DSA *dsa, int bits, - const unsigned char *seed, int seed_len, - int *counter_ret, unsigned long *h_ret, - BN_GENCB *cb); - /* If this is non-NULL, it is used to generate DSA keys */ - int (*dsa_keygen) (DSA *dsa); -}; - -DSA_SIG *ossl_dsa_do_sign_int(const unsigned char *dgst, int dlen, DSA *dsa); diff --git a/crypto/dsa/dsa_meth.c b/crypto/dsa/dsa_meth.c deleted file mode 100644 index 2f0a0bf4608e54b007eaa575b48d517d3881992d..0000000000000000000000000000000000000000 --- a/crypto/dsa/dsa_meth.c +++ /dev/null @@ -1,224 +0,0 @@ -/* - * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * DSA low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include "dsa_local.h" -#include -#include - -#ifndef OPENSSL_NO_DEPRECATED_3_0 -DSA_METHOD *DSA_meth_new(const char *name, int flags) -{ - DSA_METHOD *dsam = OPENSSL_zalloc(sizeof(*dsam)); - - if (dsam != NULL) { - dsam->flags = flags; - - dsam->name = OPENSSL_strdup(name); - if (dsam->name != NULL) - return dsam; - - OPENSSL_free(dsam); - } - - ERR_raise(ERR_LIB_DSA, ERR_R_MALLOC_FAILURE); - return NULL; -} - -void DSA_meth_free(DSA_METHOD *dsam) -{ - if (dsam != NULL) { - OPENSSL_free(dsam->name); - OPENSSL_free(dsam); - } -} - -DSA_METHOD *DSA_meth_dup(const DSA_METHOD *dsam) -{ - DSA_METHOD *ret = OPENSSL_malloc(sizeof(*ret)); - - if (ret != NULL) { - memcpy(ret, dsam, sizeof(*dsam)); - - ret->name = OPENSSL_strdup(dsam->name); - if (ret->name != NULL) - return ret; - - OPENSSL_free(ret); - } - - ERR_raise(ERR_LIB_DSA, ERR_R_MALLOC_FAILURE); - return NULL; -} - -const char *DSA_meth_get0_name(const DSA_METHOD *dsam) -{ - return dsam->name; -} - -int DSA_meth_set1_name(DSA_METHOD *dsam, const char *name) -{ - char *tmpname = OPENSSL_strdup(name); - - if (tmpname == NULL) { - ERR_raise(ERR_LIB_DSA, ERR_R_MALLOC_FAILURE); - return 0; - } - - OPENSSL_free(dsam->name); - dsam->name = tmpname; - - return 1; -} - -int DSA_meth_get_flags(const DSA_METHOD *dsam) -{ - return dsam->flags; -} - -int DSA_meth_set_flags(DSA_METHOD *dsam, int flags) -{ - dsam->flags = flags; - return 1; -} - -void *DSA_meth_get0_app_data(const DSA_METHOD *dsam) -{ - return dsam->app_data; -} - -int DSA_meth_set0_app_data(DSA_METHOD *dsam, void *app_data) -{ - dsam->app_data = app_data; - return 1; -} - -DSA_SIG *(*DSA_meth_get_sign(const DSA_METHOD *dsam)) - (const unsigned char *, int, DSA *) -{ - return dsam->dsa_do_sign; -} - -int DSA_meth_set_sign(DSA_METHOD *dsam, - DSA_SIG *(*sign) (const unsigned char *, int, DSA *)) -{ - dsam->dsa_do_sign = sign; - return 1; -} - -int (*DSA_meth_get_sign_setup(const DSA_METHOD *dsam)) - (DSA *, BN_CTX *, BIGNUM **, BIGNUM **) -{ - return dsam->dsa_sign_setup; -} - -int DSA_meth_set_sign_setup(DSA_METHOD *dsam, - int (*sign_setup) (DSA *, BN_CTX *, BIGNUM **, BIGNUM **)) -{ - dsam->dsa_sign_setup = sign_setup; - return 1; -} - -int (*DSA_meth_get_verify(const DSA_METHOD *dsam)) - (const unsigned char *, int, DSA_SIG *, DSA *) -{ - return dsam->dsa_do_verify; -} - -int DSA_meth_set_verify(DSA_METHOD *dsam, - int (*verify) (const unsigned char *, int, DSA_SIG *, DSA *)) -{ - dsam->dsa_do_verify = verify; - return 1; -} - -int (*DSA_meth_get_mod_exp(const DSA_METHOD *dsam)) - (DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *, const BIGNUM *, - const BIGNUM *, const BIGNUM *, BN_CTX *, BN_MONT_CTX *) -{ - return dsam->dsa_mod_exp; -} - -int DSA_meth_set_mod_exp(DSA_METHOD *dsam, - int (*mod_exp) (DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *, - const BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *, - BN_MONT_CTX *)) -{ - dsam->dsa_mod_exp = mod_exp; - return 1; -} - -int (*DSA_meth_get_bn_mod_exp(const DSA_METHOD *dsam)) - (DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *, - BN_MONT_CTX *) -{ - return dsam->bn_mod_exp; -} - -int DSA_meth_set_bn_mod_exp(DSA_METHOD *dsam, - int (*bn_mod_exp) (DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *, - const BIGNUM *, BN_CTX *, BN_MONT_CTX *)) -{ - dsam->bn_mod_exp = bn_mod_exp; - return 1; -} - -int (*DSA_meth_get_init(const DSA_METHOD *dsam))(DSA *) -{ - return dsam->init; -} - -int DSA_meth_set_init(DSA_METHOD *dsam, int (*init)(DSA *)) -{ - dsam->init = init; - return 1; -} - -int (*DSA_meth_get_finish(const DSA_METHOD *dsam)) (DSA *) -{ - return dsam->finish; -} - -int DSA_meth_set_finish(DSA_METHOD *dsam, int (*finish) (DSA *)) -{ - dsam->finish = finish; - return 1; -} - -int (*DSA_meth_get_paramgen(const DSA_METHOD *dsam)) - (DSA *, int, const unsigned char *, int, int *, unsigned long *, - BN_GENCB *) -{ - return dsam->dsa_paramgen; -} - -int DSA_meth_set_paramgen(DSA_METHOD *dsam, - int (*paramgen) (DSA *, int, const unsigned char *, int, int *, - unsigned long *, BN_GENCB *)) -{ - dsam->dsa_paramgen = paramgen; - return 1; -} - -int (*DSA_meth_get_keygen(const DSA_METHOD *dsam)) (DSA *) -{ - return dsam->dsa_keygen; -} - -int DSA_meth_set_keygen(DSA_METHOD *dsam, int (*keygen) (DSA *)) -{ - dsam->dsa_keygen = keygen; - return 1; -} -#endif diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c deleted file mode 100644 index 86d89f4c724f3aa9b3335a0e45f06451560f4115..0000000000000000000000000000000000000000 --- a/crypto/dsa/dsa_ossl.c +++ /dev/null @@ -1,466 +0,0 @@ -/* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * DSA low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include -#include "internal/cryptlib.h" -#include "crypto/bn.h" -#include -#include -#include "dsa_local.h" -#include - -static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa); -static int dsa_sign_setup_no_digest(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, - BIGNUM **rp); -static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, - BIGNUM **rp, const unsigned char *dgst, int dlen); -static int dsa_do_verify(const unsigned char *dgst, int dgst_len, - DSA_SIG *sig, DSA *dsa); -static int dsa_init(DSA *dsa); -static int dsa_finish(DSA *dsa); -static BIGNUM *dsa_mod_inverse_fermat(const BIGNUM *k, const BIGNUM *q, - BN_CTX *ctx); - -static DSA_METHOD openssl_dsa_meth = { - "OpenSSL DSA method", - dsa_do_sign, - dsa_sign_setup_no_digest, - dsa_do_verify, - NULL, /* dsa_mod_exp, */ - NULL, /* dsa_bn_mod_exp, */ - dsa_init, - dsa_finish, - DSA_FLAG_FIPS_METHOD, - NULL, - NULL, - NULL -}; - -static const DSA_METHOD *default_DSA_method = &openssl_dsa_meth; - -#ifndef FIPS_MODULE -void DSA_set_default_method(const DSA_METHOD *meth) -{ - default_DSA_method = meth; -} -#endif /* FIPS_MODULE */ - -const DSA_METHOD *DSA_get_default_method(void) -{ - return default_DSA_method; -} - -const DSA_METHOD *DSA_OpenSSL(void) -{ - return &openssl_dsa_meth; -} - -DSA_SIG *ossl_dsa_do_sign_int(const unsigned char *dgst, int dlen, DSA *dsa) -{ - BIGNUM *kinv = NULL; - BIGNUM *m, *blind, *blindm, *tmp; - BN_CTX *ctx = NULL; - int reason = ERR_R_BN_LIB; - DSA_SIG *ret = NULL; - int rv = 0; - - if (dsa->params.p == NULL - || dsa->params.q == NULL - || dsa->params.g == NULL) { - reason = DSA_R_MISSING_PARAMETERS; - goto err; - } - if (dsa->priv_key == NULL) { - reason = DSA_R_MISSING_PRIVATE_KEY; - goto err; - } - - ret = DSA_SIG_new(); - if (ret == NULL) - goto err; - ret->r = BN_new(); - ret->s = BN_new(); - if (ret->r == NULL || ret->s == NULL) - goto err; - - ctx = BN_CTX_new_ex(dsa->libctx); - if (ctx == NULL) - goto err; - m = BN_CTX_get(ctx); - blind = BN_CTX_get(ctx); - blindm = BN_CTX_get(ctx); - tmp = BN_CTX_get(ctx); - if (tmp == NULL) - goto err; - - redo: - if (!dsa_sign_setup(dsa, ctx, &kinv, &ret->r, dgst, dlen)) - goto err; - - if (dlen > BN_num_bytes(dsa->params.q)) - /* - * if the digest length is greater than the size of q use the - * BN_num_bits(dsa->q) leftmost bits of the digest, see fips 186-3, - * 4.2 - */ - dlen = BN_num_bytes(dsa->params.q); - if (BN_bin2bn(dgst, dlen, m) == NULL) - goto err; - - /* - * The normal signature calculation is: - * - * s := k^-1 * (m + r * priv_key) mod q - * - * We will blind this to protect against side channel attacks - * - * s := blind^-1 * k^-1 * (blind * m + blind * r * priv_key) mod q - */ - - /* Generate a blinding value */ - do { - if (!BN_priv_rand_ex(blind, BN_num_bits(dsa->params.q) - 1, - BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY, 0, ctx)) - goto err; - } while (BN_is_zero(blind)); - BN_set_flags(blind, BN_FLG_CONSTTIME); - BN_set_flags(blindm, BN_FLG_CONSTTIME); - BN_set_flags(tmp, BN_FLG_CONSTTIME); - - /* tmp := blind * priv_key * r mod q */ - if (!BN_mod_mul(tmp, blind, dsa->priv_key, dsa->params.q, ctx)) - goto err; - if (!BN_mod_mul(tmp, tmp, ret->r, dsa->params.q, ctx)) - goto err; - - /* blindm := blind * m mod q */ - if (!BN_mod_mul(blindm, blind, m, dsa->params.q, ctx)) - goto err; - - /* s : = (blind * priv_key * r) + (blind * m) mod q */ - if (!BN_mod_add_quick(ret->s, tmp, blindm, dsa->params.q)) - goto err; - - /* s := s * k^-1 mod q */ - if (!BN_mod_mul(ret->s, ret->s, kinv, dsa->params.q, ctx)) - goto err; - - /* s:= s * blind^-1 mod q */ - if (BN_mod_inverse(blind, blind, dsa->params.q, ctx) == NULL) - goto err; - if (!BN_mod_mul(ret->s, ret->s, blind, dsa->params.q, ctx)) - goto err; - - /* - * Redo if r or s is zero as required by FIPS 186-3: this is very - * unlikely. - */ - if (BN_is_zero(ret->r) || BN_is_zero(ret->s)) - goto redo; - - rv = 1; - - err: - if (rv == 0) { - ERR_raise(ERR_LIB_DSA, reason); - DSA_SIG_free(ret); - ret = NULL; - } - BN_CTX_free(ctx); - BN_clear_free(kinv); - return ret; -} - -static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) -{ - return ossl_dsa_do_sign_int(dgst, dlen, dsa); -} - -static int dsa_sign_setup_no_digest(DSA *dsa, BN_CTX *ctx_in, - BIGNUM **kinvp, BIGNUM **rp) -{ - return dsa_sign_setup(dsa, ctx_in, kinvp, rp, NULL, 0); -} - -static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, - BIGNUM **kinvp, BIGNUM **rp, - const unsigned char *dgst, int dlen) -{ - BN_CTX *ctx = NULL; - BIGNUM *k, *kinv = NULL, *r = *rp; - BIGNUM *l; - int ret = 0; - int q_bits, q_words; - - if (!dsa->params.p || !dsa->params.q || !dsa->params.g) { - ERR_raise(ERR_LIB_DSA, DSA_R_MISSING_PARAMETERS); - return 0; - } - - /* Reject obviously invalid parameters */ - if (BN_is_zero(dsa->params.p) - || BN_is_zero(dsa->params.q) - || BN_is_zero(dsa->params.g)) { - ERR_raise(ERR_LIB_DSA, DSA_R_INVALID_PARAMETERS); - return 0; - } - if (dsa->priv_key == NULL) { - ERR_raise(ERR_LIB_DSA, DSA_R_MISSING_PRIVATE_KEY); - return 0; - } - - k = BN_new(); - l = BN_new(); - if (k == NULL || l == NULL) - goto err; - - if (ctx_in == NULL) { - /* if you don't pass in ctx_in you get a default libctx */ - if ((ctx = BN_CTX_new_ex(NULL)) == NULL) - goto err; - } else - ctx = ctx_in; - - /* Preallocate space */ - q_bits = BN_num_bits(dsa->params.q); - q_words = bn_get_top(dsa->params.q); - if (!bn_wexpand(k, q_words + 2) - || !bn_wexpand(l, q_words + 2)) - goto err; - - /* Get random k */ - do { - if (dgst != NULL) { - /* - * We calculate k from SHA512(private_key + H(message) + random). - * This protects the private key from a weak PRNG. - */ - if (!BN_generate_dsa_nonce(k, dsa->params.q, dsa->priv_key, dgst, - dlen, ctx)) - goto err; - } else if (!BN_priv_rand_range_ex(k, dsa->params.q, 0, ctx)) - goto err; - } while (BN_is_zero(k)); - - BN_set_flags(k, BN_FLG_CONSTTIME); - BN_set_flags(l, BN_FLG_CONSTTIME); - - if (dsa->flags & DSA_FLAG_CACHE_MONT_P) { - if (!BN_MONT_CTX_set_locked(&dsa->method_mont_p, - dsa->lock, dsa->params.p, ctx)) - goto err; - } - - /* Compute r = (g^k mod p) mod q */ - - /* - * We do not want timing information to leak the length of k, so we - * compute G^k using an equivalent scalar of fixed bit-length. - * - * We unconditionally perform both of these additions to prevent a - * small timing information leakage. We then choose the sum that is - * one bit longer than the modulus. - * - * There are some concerns about the efficacy of doing this. More - * specifically refer to the discussion starting with: - * https://github.com/openssl/openssl/pull/7486#discussion_r228323705 - * The fix is to rework BN so these gymnastics aren't required. - */ - if (!BN_add(l, k, dsa->params.q) - || !BN_add(k, l, dsa->params.q)) - goto err; - - BN_consttime_swap(BN_is_bit_set(l, q_bits), k, l, q_words + 2); - - if ((dsa)->meth->bn_mod_exp != NULL) { - if (!dsa->meth->bn_mod_exp(dsa, r, dsa->params.g, k, dsa->params.p, - ctx, dsa->method_mont_p)) - goto err; - } else { - if (!BN_mod_exp_mont(r, dsa->params.g, k, dsa->params.p, ctx, - dsa->method_mont_p)) - goto err; - } - - if (!BN_mod(r, r, dsa->params.q, ctx)) - goto err; - - /* Compute part of 's = inv(k) (m + xr) mod q' */ - if ((kinv = dsa_mod_inverse_fermat(k, dsa->params.q, ctx)) == NULL) - goto err; - - BN_clear_free(*kinvp); - *kinvp = kinv; - kinv = NULL; - ret = 1; - err: - if (!ret) - ERR_raise(ERR_LIB_DSA, ERR_R_BN_LIB); - if (ctx != ctx_in) - BN_CTX_free(ctx); - BN_clear_free(k); - BN_clear_free(l); - return ret; -} - -static int dsa_do_verify(const unsigned char *dgst, int dgst_len, - DSA_SIG *sig, DSA *dsa) -{ - BN_CTX *ctx; - BIGNUM *u1, *u2, *t1; - BN_MONT_CTX *mont = NULL; - const BIGNUM *r, *s; - int ret = -1, i; - - if (dsa->params.p == NULL - || dsa->params.q == NULL - || dsa->params.g == NULL) { - ERR_raise(ERR_LIB_DSA, DSA_R_MISSING_PARAMETERS); - return -1; - } - - i = BN_num_bits(dsa->params.q); - /* fips 186-3 allows only different sizes for q */ - if (i != 160 && i != 224 && i != 256) { - ERR_raise(ERR_LIB_DSA, DSA_R_BAD_Q_VALUE); - return -1; - } - - if (BN_num_bits(dsa->params.p) > OPENSSL_DSA_MAX_MODULUS_BITS) { - ERR_raise(ERR_LIB_DSA, DSA_R_MODULUS_TOO_LARGE); - return -1; - } - u1 = BN_new(); - u2 = BN_new(); - t1 = BN_new(); - ctx = BN_CTX_new_ex(NULL); /* verify does not need a libctx */ - if (u1 == NULL || u2 == NULL || t1 == NULL || ctx == NULL) - goto err; - - DSA_SIG_get0(sig, &r, &s); - - if (BN_is_zero(r) || BN_is_negative(r) || - BN_ucmp(r, dsa->params.q) >= 0) { - ret = 0; - goto err; - } - if (BN_is_zero(s) || BN_is_negative(s) || - BN_ucmp(s, dsa->params.q) >= 0) { - ret = 0; - goto err; - } - - /* - * Calculate W = inv(S) mod Q save W in u2 - */ - if ((BN_mod_inverse(u2, s, dsa->params.q, ctx)) == NULL) - goto err; - - /* save M in u1 */ - if (dgst_len > (i >> 3)) - /* - * if the digest length is greater than the size of q use the - * BN_num_bits(dsa->q) leftmost bits of the digest, see fips 186-3, - * 4.2 - */ - dgst_len = (i >> 3); - if (BN_bin2bn(dgst, dgst_len, u1) == NULL) - goto err; - - /* u1 = M * w mod q */ - if (!BN_mod_mul(u1, u1, u2, dsa->params.q, ctx)) - goto err; - - /* u2 = r * w mod q */ - if (!BN_mod_mul(u2, r, u2, dsa->params.q, ctx)) - goto err; - - if (dsa->flags & DSA_FLAG_CACHE_MONT_P) { - mont = BN_MONT_CTX_set_locked(&dsa->method_mont_p, - dsa->lock, dsa->params.p, ctx); - if (!mont) - goto err; - } - - if (dsa->meth->dsa_mod_exp != NULL) { - if (!dsa->meth->dsa_mod_exp(dsa, t1, dsa->params.g, u1, dsa->pub_key, u2, - dsa->params.p, ctx, mont)) - goto err; - } else { - if (!BN_mod_exp2_mont(t1, dsa->params.g, u1, dsa->pub_key, u2, - dsa->params.p, ctx, mont)) - goto err; - } - - /* let u1 = u1 mod q */ - if (!BN_mod(u1, t1, dsa->params.q, ctx)) - goto err; - - /* - * V is now in u1. If the signature is correct, it will be equal to R. - */ - ret = (BN_ucmp(u1, r) == 0); - - err: - if (ret < 0) - ERR_raise(ERR_LIB_DSA, ERR_R_BN_LIB); - BN_CTX_free(ctx); - BN_free(u1); - BN_free(u2); - BN_free(t1); - return ret; -} - -static int dsa_init(DSA *dsa) -{ - dsa->flags |= DSA_FLAG_CACHE_MONT_P; - ossl_ffc_params_init(&dsa->params); - dsa->dirty_cnt++; - return 1; -} - -static int dsa_finish(DSA *dsa) -{ - BN_MONT_CTX_free(dsa->method_mont_p); - return 1; -} - -/* - * Compute the inverse of k modulo q. - * Since q is prime, Fermat's Little Theorem applies, which reduces this to - * mod-exp operation. Both the exponent and modulus are public information - * so a mod-exp that doesn't leak the base is sufficient. A newly allocated - * BIGNUM is returned which the caller must free. - */ -static BIGNUM *dsa_mod_inverse_fermat(const BIGNUM *k, const BIGNUM *q, - BN_CTX *ctx) -{ - BIGNUM *res = NULL; - BIGNUM *r, *e; - - if ((r = BN_new()) == NULL) - return NULL; - - BN_CTX_start(ctx); - if ((e = BN_CTX_get(ctx)) != NULL - && BN_set_word(r, 2) - && BN_sub(e, q, r) - && BN_mod_exp_mont(r, k, e, q, ctx, NULL)) - res = r; - else - BN_free(r); - BN_CTX_end(ctx); - return res; -} diff --git a/crypto/dsa/dsa_pmeth.c b/crypto/dsa/dsa_pmeth.c deleted file mode 100644 index ba6be720a296d5d5a27ab5e2a265911a9498be67..0000000000000000000000000000000000000000 --- a/crypto/dsa/dsa_pmeth.c +++ /dev/null @@ -1,297 +0,0 @@ -/* - * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * DSA low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include -#include "internal/cryptlib.h" -#include -#include -#include -#include -#include "crypto/evp.h" -#include "dsa_local.h" - -/* DSA pkey context structure */ - -typedef struct { - /* Parameter gen parameters */ - int nbits; /* size of p in bits (default: 2048) */ - int qbits; /* size of q in bits (default: 224) */ - const EVP_MD *pmd; /* MD for parameter generation */ - /* Keygen callback info */ - int gentmp[2]; - /* message digest */ - const EVP_MD *md; /* MD for the signature */ -} DSA_PKEY_CTX; - -static int pkey_dsa_init(EVP_PKEY_CTX *ctx) -{ - DSA_PKEY_CTX *dctx = OPENSSL_malloc(sizeof(*dctx)); - - if (dctx == NULL) - return 0; - dctx->nbits = 2048; - dctx->qbits = 224; - dctx->pmd = NULL; - dctx->md = NULL; - - ctx->data = dctx; - ctx->keygen_info = dctx->gentmp; - ctx->keygen_info_count = 2; - - return 1; -} - -static int pkey_dsa_copy(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src) -{ - DSA_PKEY_CTX *dctx, *sctx; - - if (!pkey_dsa_init(dst)) - return 0; - sctx = src->data; - dctx = dst->data; - dctx->nbits = sctx->nbits; - dctx->qbits = sctx->qbits; - dctx->pmd = sctx->pmd; - dctx->md = sctx->md; - return 1; -} - -static void pkey_dsa_cleanup(EVP_PKEY_CTX *ctx) -{ - DSA_PKEY_CTX *dctx = ctx->data; - OPENSSL_free(dctx); -} - -static int pkey_dsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, - size_t *siglen, const unsigned char *tbs, - size_t tbslen) -{ - int ret; - unsigned int sltmp; - DSA_PKEY_CTX *dctx = ctx->data; - /* - * Discard const. Its marked as const because this may be a cached copy of - * the "real" key. These calls don't make any modifications that need to - * be reflected back in the "original" key. - */ - DSA *dsa = (DSA *)EVP_PKEY_get0_DSA(ctx->pkey); - - if (dctx->md != NULL && tbslen != (size_t)EVP_MD_get_size(dctx->md)) - return 0; - - ret = DSA_sign(0, tbs, tbslen, sig, &sltmp, dsa); - - if (ret <= 0) - return ret; - *siglen = sltmp; - return 1; -} - -static int pkey_dsa_verify(EVP_PKEY_CTX *ctx, - const unsigned char *sig, size_t siglen, - const unsigned char *tbs, size_t tbslen) -{ - int ret; - DSA_PKEY_CTX *dctx = ctx->data; - /* - * Discard const. Its marked as const because this may be a cached copy of - * the "real" key. These calls don't make any modifications that need to - * be reflected back in the "original" key. - */ - DSA *dsa = (DSA *)EVP_PKEY_get0_DSA(ctx->pkey); - - if (dctx->md != NULL && tbslen != (size_t)EVP_MD_get_size(dctx->md)) - return 0; - - ret = DSA_verify(0, tbs, tbslen, sig, siglen, dsa); - - return ret; -} - -static int pkey_dsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) -{ - DSA_PKEY_CTX *dctx = ctx->data; - - switch (type) { - case EVP_PKEY_CTRL_DSA_PARAMGEN_BITS: - if (p1 < 256) - return -2; - dctx->nbits = p1; - return 1; - - case EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS: - if (p1 != 160 && p1 != 224 && p1 && p1 != 256) - return -2; - dctx->qbits = p1; - return 1; - - case EVP_PKEY_CTRL_DSA_PARAMGEN_MD: - if (EVP_MD_get_type((const EVP_MD *)p2) != NID_sha1 && - EVP_MD_get_type((const EVP_MD *)p2) != NID_sha224 && - EVP_MD_get_type((const EVP_MD *)p2) != NID_sha256) { - ERR_raise(ERR_LIB_DSA, DSA_R_INVALID_DIGEST_TYPE); - return 0; - } - dctx->pmd = p2; - return 1; - - case EVP_PKEY_CTRL_MD: - if (EVP_MD_get_type((const EVP_MD *)p2) != NID_sha1 && - EVP_MD_get_type((const EVP_MD *)p2) != NID_dsa && - EVP_MD_get_type((const EVP_MD *)p2) != NID_dsaWithSHA && - EVP_MD_get_type((const EVP_MD *)p2) != NID_sha224 && - EVP_MD_get_type((const EVP_MD *)p2) != NID_sha256 && - EVP_MD_get_type((const EVP_MD *)p2) != NID_sha384 && - EVP_MD_get_type((const EVP_MD *)p2) != NID_sha512 && - EVP_MD_get_type((const EVP_MD *)p2) != NID_sha3_224 && - EVP_MD_get_type((const EVP_MD *)p2) != NID_sha3_256 && - EVP_MD_get_type((const EVP_MD *)p2) != NID_sha3_384 && - EVP_MD_get_type((const EVP_MD *)p2) != NID_sha3_512) { - ERR_raise(ERR_LIB_DSA, DSA_R_INVALID_DIGEST_TYPE); - return 0; - } - dctx->md = p2; - return 1; - - case EVP_PKEY_CTRL_GET_MD: - *(const EVP_MD **)p2 = dctx->md; - return 1; - - case EVP_PKEY_CTRL_DIGESTINIT: - case EVP_PKEY_CTRL_PKCS7_SIGN: - case EVP_PKEY_CTRL_CMS_SIGN: - return 1; - - case EVP_PKEY_CTRL_PEER_KEY: - ERR_raise(ERR_LIB_DSA, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); - return -2; - default: - return -2; - - } -} - -static int pkey_dsa_ctrl_str(EVP_PKEY_CTX *ctx, - const char *type, const char *value) -{ - if (strcmp(type, "dsa_paramgen_bits") == 0) { - int nbits; - nbits = atoi(value); - return EVP_PKEY_CTX_set_dsa_paramgen_bits(ctx, nbits); - } - if (strcmp(type, "dsa_paramgen_q_bits") == 0) { - int qbits = atoi(value); - return EVP_PKEY_CTX_set_dsa_paramgen_q_bits(ctx, qbits); - } - if (strcmp(type, "dsa_paramgen_md") == 0) { - const EVP_MD *md = EVP_get_digestbyname(value); - - if (md == NULL) { - ERR_raise(ERR_LIB_DSA, DSA_R_INVALID_DIGEST_TYPE); - return 0; - } - return EVP_PKEY_CTX_set_dsa_paramgen_md(ctx, md); - } - return -2; -} - -static int pkey_dsa_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) -{ - DSA *dsa = NULL; - DSA_PKEY_CTX *dctx = ctx->data; - BN_GENCB *pcb; - int ret, res; - - if (ctx->pkey_gencb) { - pcb = BN_GENCB_new(); - if (pcb == NULL) - return 0; - evp_pkey_set_cb_translate(pcb, ctx); - } else - pcb = NULL; - dsa = DSA_new(); - if (dsa == NULL) { - BN_GENCB_free(pcb); - return 0; - } - if (dctx->md != NULL) - ossl_ffc_set_digest(&dsa->params, EVP_MD_get0_name(dctx->md), NULL); - - ret = ossl_ffc_params_FIPS186_4_generate(NULL, &dsa->params, - FFC_PARAM_TYPE_DSA, dctx->nbits, - dctx->qbits, &res, pcb); - BN_GENCB_free(pcb); - if (ret > 0) - EVP_PKEY_assign_DSA(pkey, dsa); - else - DSA_free(dsa); - return ret; -} - -static int pkey_dsa_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) -{ - DSA *dsa = NULL; - - if (ctx->pkey == NULL) { - ERR_raise(ERR_LIB_DSA, DSA_R_NO_PARAMETERS_SET); - return 0; - } - dsa = DSA_new(); - if (dsa == NULL) - return 0; - EVP_PKEY_assign_DSA(pkey, dsa); - /* Note: if error return, pkey is freed by parent routine */ - if (!EVP_PKEY_copy_parameters(pkey, ctx->pkey)) - return 0; - return DSA_generate_key((DSA *)EVP_PKEY_get0_DSA(pkey)); -} - -static const EVP_PKEY_METHOD dsa_pkey_meth = { - EVP_PKEY_DSA, - EVP_PKEY_FLAG_AUTOARGLEN, - pkey_dsa_init, - pkey_dsa_copy, - pkey_dsa_cleanup, - - 0, - pkey_dsa_paramgen, - - 0, - pkey_dsa_keygen, - - 0, - pkey_dsa_sign, - - 0, - pkey_dsa_verify, - - 0, 0, - - 0, 0, 0, 0, - - 0, 0, - - 0, 0, - - 0, 0, - - pkey_dsa_ctrl, - pkey_dsa_ctrl_str -}; - -const EVP_PKEY_METHOD *ossl_dsa_pkey_method(void) -{ - return &dsa_pkey_meth; -} diff --git a/crypto/dsa/dsa_prn.c b/crypto/dsa/dsa_prn.c deleted file mode 100644 index 1164e0f5cbff77d19c1e6009f759144591173bf6..0000000000000000000000000000000000000000 --- a/crypto/dsa/dsa_prn.c +++ /dev/null @@ -1,79 +0,0 @@ -/* - * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * DSA low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include -#include "internal/cryptlib.h" -#include -#include - -#ifndef OPENSSL_NO_STDIO -int DSA_print_fp(FILE *fp, const DSA *x, int off) -{ - BIO *b; - int ret; - - if ((b = BIO_new(BIO_s_file())) == NULL) { - ERR_raise(ERR_LIB_DSA, ERR_R_BUF_LIB); - return 0; - } - BIO_set_fp(b, fp, BIO_NOCLOSE); - ret = DSA_print(b, x, off); - BIO_free(b); - return ret; -} - -int DSAparams_print_fp(FILE *fp, const DSA *x) -{ - BIO *b; - int ret; - - if ((b = BIO_new(BIO_s_file())) == NULL) { - ERR_raise(ERR_LIB_DSA, ERR_R_BUF_LIB); - return 0; - } - BIO_set_fp(b, fp, BIO_NOCLOSE); - ret = DSAparams_print(b, x); - BIO_free(b); - return ret; -} -#endif - -int DSA_print(BIO *bp, const DSA *x, int off) -{ - EVP_PKEY *pk; - int ret; - pk = EVP_PKEY_new(); - if (pk == NULL) - return 0; - ret = EVP_PKEY_set1_DSA(pk, (DSA *)x); - if (ret) - ret = EVP_PKEY_print_private(bp, pk, off, NULL); - EVP_PKEY_free(pk); - return ret; -} - -int DSAparams_print(BIO *bp, const DSA *x) -{ - EVP_PKEY *pk; - int ret; - pk = EVP_PKEY_new(); - if (pk == NULL) - return 0; - ret = EVP_PKEY_set1_DSA(pk, (DSA *)x); - if (ret) - ret = EVP_PKEY_print_params(bp, pk, 4, NULL); - EVP_PKEY_free(pk); - return ret; -} diff --git a/crypto/dsa/dsa_sign.c b/crypto/dsa/dsa_sign.c deleted file mode 100644 index 21b0cbd5fbefac89f75303b395761afeba30dcb0..0000000000000000000000000000000000000000 --- a/crypto/dsa/dsa_sign.c +++ /dev/null @@ -1,209 +0,0 @@ -/* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * DSA low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include -#include "internal/cryptlib.h" -#include "dsa_local.h" -#include "crypto/asn1_dsa.h" -#include "crypto/dsa.h" - -DSA_SIG *DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) -{ - return dsa->meth->dsa_do_sign(dgst, dlen, dsa); -} - -#ifndef OPENSSL_NO_DEPRECATED_3_0 -int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) -{ - return dsa->meth->dsa_sign_setup(dsa, ctx_in, kinvp, rp); -} -#endif - -DSA_SIG *DSA_SIG_new(void) -{ - DSA_SIG *sig = OPENSSL_zalloc(sizeof(*sig)); - if (sig == NULL) - ERR_raise(ERR_LIB_DSA, ERR_R_MALLOC_FAILURE); - return sig; -} - -void DSA_SIG_free(DSA_SIG *sig) -{ - if (sig == NULL) - return; - BN_clear_free(sig->r); - BN_clear_free(sig->s); - OPENSSL_free(sig); -} - -DSA_SIG *d2i_DSA_SIG(DSA_SIG **psig, const unsigned char **ppin, long len) -{ - DSA_SIG *sig; - - if (len < 0) - return NULL; - if (psig != NULL && *psig != NULL) { - sig = *psig; - } else { - sig = DSA_SIG_new(); - if (sig == NULL) - return NULL; - } - if (sig->r == NULL) - sig->r = BN_new(); - if (sig->s == NULL) - sig->s = BN_new(); - if (sig->r == NULL || sig->s == NULL - || ossl_decode_der_dsa_sig(sig->r, sig->s, ppin, (size_t)len) == 0) { - if (psig == NULL || *psig == NULL) - DSA_SIG_free(sig); - return NULL; - } - if (psig != NULL && *psig == NULL) - *psig = sig; - return sig; -} - -int i2d_DSA_SIG(const DSA_SIG *sig, unsigned char **ppout) -{ - BUF_MEM *buf = NULL; - size_t encoded_len; - WPACKET pkt; - - if (ppout == NULL) { - if (!WPACKET_init_null(&pkt, 0)) - return -1; - } else if (*ppout == NULL) { - if ((buf = BUF_MEM_new()) == NULL - || !WPACKET_init_len(&pkt, buf, 0)) { - BUF_MEM_free(buf); - return -1; - } - } else { - if (!WPACKET_init_static_len(&pkt, *ppout, SIZE_MAX, 0)) - return -1; - } - - if (!ossl_encode_der_dsa_sig(&pkt, sig->r, sig->s) - || !WPACKET_get_total_written(&pkt, &encoded_len) - || !WPACKET_finish(&pkt)) { - BUF_MEM_free(buf); - WPACKET_cleanup(&pkt); - return -1; - } - - if (ppout != NULL) { - if (*ppout == NULL) { - *ppout = (unsigned char *)buf->data; - buf->data = NULL; - BUF_MEM_free(buf); - } else { - *ppout += encoded_len; - } - } - - return (int)encoded_len; -} - -int DSA_size(const DSA *dsa) -{ - int ret = -1; - DSA_SIG sig; - - if (dsa->params.q != NULL) { - sig.r = sig.s = dsa->params.q; - ret = i2d_DSA_SIG(&sig, NULL); - - if (ret < 0) - ret = 0; - } - return ret; -} - -void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps) -{ - if (pr != NULL) - *pr = sig->r; - if (ps != NULL) - *ps = sig->s; -} - -int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s) -{ - if (r == NULL || s == NULL) - return 0; - BN_clear_free(sig->r); - BN_clear_free(sig->s); - sig->r = r; - sig->s = s; - return 1; -} - -int ossl_dsa_sign_int(int type, const unsigned char *dgst, int dlen, - unsigned char *sig, unsigned int *siglen, DSA *dsa) -{ - DSA_SIG *s; - - /* legacy case uses the method table */ - if (dsa->libctx == NULL || dsa->meth != DSA_get_default_method()) - s = DSA_do_sign(dgst, dlen, dsa); - else - s = ossl_dsa_do_sign_int(dgst, dlen, dsa); - if (s == NULL) { - *siglen = 0; - return 0; - } - *siglen = i2d_DSA_SIG(s, &sig); - DSA_SIG_free(s); - return 1; -} - -int DSA_sign(int type, const unsigned char *dgst, int dlen, - unsigned char *sig, unsigned int *siglen, DSA *dsa) -{ - return ossl_dsa_sign_int(type, dgst, dlen, sig, siglen, dsa); -} - -/* data has already been hashed (probably with SHA or SHA-1). */ -/*- - * returns - * 1: correct signature - * 0: incorrect signature - * -1: error - */ -int DSA_verify(int type, const unsigned char *dgst, int dgst_len, - const unsigned char *sigbuf, int siglen, DSA *dsa) -{ - DSA_SIG *s; - const unsigned char *p = sigbuf; - unsigned char *der = NULL; - int derlen = -1; - int ret = -1; - - s = DSA_SIG_new(); - if (s == NULL) - return ret; - if (d2i_DSA_SIG(&s, &p, siglen) == NULL) - goto err; - /* Ensure signature uses DER and doesn't have trailing garbage */ - derlen = i2d_DSA_SIG(s, &der); - if (derlen != siglen || memcmp(sigbuf, der, derlen)) - goto err; - ret = DSA_do_verify(dgst, dgst_len, s, dsa); - err: - OPENSSL_clear_free(der, derlen); - DSA_SIG_free(s); - return ret; -} diff --git a/crypto/dsa/dsa_vrf.c b/crypto/dsa/dsa_vrf.c deleted file mode 100644 index b0a9d965d95923630f5ef41a5eb69498b953033b..0000000000000000000000000000000000000000 --- a/crypto/dsa/dsa_vrf.c +++ /dev/null @@ -1,23 +0,0 @@ -/* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * DSA low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include "internal/cryptlib.h" -#include "dsa_local.h" - -int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, - DSA *dsa) -{ - return dsa->meth->dsa_do_verify(dgst, dgst_len, sig, dsa); -} diff --git a/crypto/dso/dso_dl.c b/crypto/dso/dso_dl.c deleted file mode 100644 index f4e6e5f4573f66fe7b81eecc600a9bcdc6c82a3d..0000000000000000000000000000000000000000 --- a/crypto/dso/dso_dl.c +++ /dev/null @@ -1,287 +0,0 @@ -/* - * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include "dso_local.h" - -#ifdef DSO_DL - -# include - -/* Part of the hack in "dl_load" ... */ -# define DSO_MAX_TRANSLATED_SIZE 256 - -static int dl_load(DSO *dso); -static int dl_unload(DSO *dso); -static DSO_FUNC_TYPE dl_bind_func(DSO *dso, const char *symname); -static char *dl_name_converter(DSO *dso, const char *filename); -static char *dl_merger(DSO *dso, const char *filespec1, - const char *filespec2); -static int dl_pathbyaddr(void *addr, char *path, int sz); -static void *dl_globallookup(const char *name); - -static DSO_METHOD dso_meth_dl = { - "OpenSSL 'dl' shared library method", - dl_load, - dl_unload, - dl_bind_func, - NULL, /* ctrl */ - dl_name_converter, - dl_merger, - NULL, /* init */ - NULL, /* finish */ - dl_pathbyaddr, - dl_globallookup -}; - -DSO_METHOD *DSO_METHOD_openssl(void) -{ - return &dso_meth_dl; -} - -/* - * For this DSO_METHOD, our meth_data STACK will contain; (i) the handle - * (shl_t) returned from shl_load(). NB: I checked on HPUX11 and shl_t is - * itself a pointer type so the cast is safe. - */ - -static int dl_load(DSO *dso) -{ - shl_t ptr = NULL; - /* - * We don't do any fancy retries or anything, just take the method's (or - * DSO's if it has the callback set) best translation of the - * platform-independent filename and try once with that. - */ - char *filename = DSO_convert_filename(dso, NULL); - - if (filename == NULL) { - ERR_raise(ERR_LIB_DSO, DSO_R_NO_FILENAME); - goto err; - } - ptr = shl_load(filename, BIND_IMMEDIATE | - (dso->flags & DSO_FLAG_NO_NAME_TRANSLATION ? 0 : - DYNAMIC_PATH), 0L); - if (ptr == NULL) { - char errbuf[160]; - - if (openssl_strerror_r(errno, errbuf, sizeof(errbuf))) - ERR_raise_data(ERR_LIB_DSO, DSO_R_LOAD_FAILED, - "filename(%s): %s", filename, errbuf); - else - ERR_raise_data(ERR_LIB_DSO, DSO_R_LOAD_FAILED, - "filename(%s): errno %d", filename, errno); - goto err; - } - if (!sk_push(dso->meth_data, (char *)ptr)) { - ERR_raise(ERR_LIB_DSO, DSO_R_STACK_ERROR); - goto err; - } - /* - * Success, stick the converted filename we've loaded under into the DSO - * (it also serves as the indicator that we are currently loaded). - */ - dso->loaded_filename = filename; - return 1; - err: - /* Cleanup! */ - OPENSSL_free(filename); - if (ptr != NULL) - shl_unload(ptr); - return 0; -} - -static int dl_unload(DSO *dso) -{ - shl_t ptr; - if (dso == NULL) { - ERR_raise(ERR_LIB_DSO, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - if (sk_num(dso->meth_data) < 1) - return 1; - /* Is this statement legal? */ - ptr = (shl_t) sk_pop(dso->meth_data); - if (ptr == NULL) { - ERR_raise(ERR_LIB_DSO, DSO_R_NULL_HANDLE); - /* - * Should push the value back onto the stack in case of a retry. - */ - sk_push(dso->meth_data, (char *)ptr); - return 0; - } - shl_unload(ptr); - return 1; -} - -static DSO_FUNC_TYPE dl_bind_func(DSO *dso, const char *symname) -{ - shl_t ptr; - void *sym; - - if ((dso == NULL) || (symname == NULL)) { - ERR_raise(ERR_LIB_DSO, ERR_R_PASSED_NULL_PARAMETER); - return NULL; - } - if (sk_num(dso->meth_data) < 1) { - ERR_raise(ERR_LIB_DSO, DSO_R_STACK_ERROR); - return NULL; - } - ptr = (shl_t) sk_value(dso->meth_data, sk_num(dso->meth_data) - 1); - if (ptr == NULL) { - ERR_raise(ERR_LIB_DSO, DSO_R_NULL_HANDLE); - return NULL; - } - if (shl_findsym(&ptr, symname, TYPE_UNDEFINED, &sym) < 0) { - char errbuf[160]; - - if (openssl_strerror_r(errno, errbuf, sizeof(errbuf))) - ERR_raise_data(ERR_LIB_DSO, DSO_R_SYM_FAILURE, - "symname(%s): %s", symname, errbuf); - else - ERR_raise_data(ERR_LIB_DSO, DSO_R_SYM_FAILURE, - "symname(%s): errno %d", symname, errno); - return NULL; - } - return (DSO_FUNC_TYPE)sym; -} - -static char *dl_merger(DSO *dso, const char *filespec1, const char *filespec2) -{ - char *merged; - - if (!filespec1 && !filespec2) { - ERR_raise(ERR_LIB_DSO, ERR_R_PASSED_NULL_PARAMETER); - return NULL; - } - /* - * If the first file specification is a rooted path, it rules. same goes - * if the second file specification is missing. - */ - if (!filespec2 || filespec1[0] == '/') { - merged = OPENSSL_strdup(filespec1); - if (merged == NULL) { - ERR_raise(ERR_LIB_DSO, ERR_R_MALLOC_FAILURE); - return NULL; - } - } - /* - * If the first file specification is missing, the second one rules. - */ - else if (!filespec1) { - merged = OPENSSL_strdup(filespec2); - if (merged == NULL) { - ERR_raise(ERR_LIB_DSO, ERR_R_MALLOC_FAILURE); - return NULL; - } - } else - /* - * This part isn't as trivial as it looks. It assumes that the - * second file specification really is a directory, and makes no - * checks whatsoever. Therefore, the result becomes the - * concatenation of filespec2 followed by a slash followed by - * filespec1. - */ - { - int spec2len, len; - - spec2len = (filespec2 ? strlen(filespec2) : 0); - len = spec2len + (filespec1 ? strlen(filespec1) : 0); - - if (spec2len && filespec2[spec2len - 1] == '/') { - spec2len--; - len--; - } - merged = OPENSSL_malloc(len + 2); - if (merged == NULL) { - ERR_raise(ERR_LIB_DSO, ERR_R_MALLOC_FAILURE); - return NULL; - } - strcpy(merged, filespec2); - merged[spec2len] = '/'; - strcpy(&merged[spec2len + 1], filespec1); - } - return merged; -} - -/* - * This function is identical to the one in dso_dlfcn.c, but as it is highly - * unlikely that both the "dl" *and* "dlfcn" variants are being compiled at - * the same time, there's no great duplicating the code. Figuring out an - * elegant way to share one copy of the code would be more difficult and - * would not leave the implementations independent. - */ -static char *dl_name_converter(DSO *dso, const char *filename) -{ - char *translated; - int len, rsize, transform; - - len = strlen(filename); - rsize = len + 1; - transform = (strstr(filename, "/") == NULL); - if (transform) { - /* We will convert this to "%s.s?" or "lib%s.s?" */ - rsize += strlen(DSO_EXTENSION); /* The length of ".s?" */ - if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0) - rsize += 3; /* The length of "lib" */ - } - translated = OPENSSL_malloc(rsize); - if (translated == NULL) { - ERR_raise(ERR_LIB_DSO, DSO_R_NAME_TRANSLATION_FAILED); - return NULL; - } - if (transform) { - if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0) - sprintf(translated, "lib%s%s", filename, DSO_EXTENSION); - else - sprintf(translated, "%s%s", filename, DSO_EXTENSION); - } else - sprintf(translated, "%s", filename); - return translated; -} - -static int dl_pathbyaddr(void *addr, char *path, int sz) -{ - struct shl_descriptor inf; - int i, len; - - if (addr == NULL) { - union { - int (*f) (void *, char *, int); - void *p; - } t = { - dl_pathbyaddr - }; - addr = t.p; - } - - for (i = -1; shl_get_r(i, &inf) == 0; i++) { - if (((size_t)addr >= inf.tstart && (size_t)addr < inf.tend) || - ((size_t)addr >= inf.dstart && (size_t)addr < inf.dend)) { - len = (int)strlen(inf.filename); - if (sz <= 0) - return len + 1; - if (len >= sz) - len = sz - 1; - memcpy(path, inf.filename, len); - path[len++] = 0; - return len; - } - } - - return -1; -} - -static void *dl_globallookup(const char *name) -{ - void *ret; - shl_t h = NULL; - - return shl_findsym(&h, name, TYPE_UNDEFINED, &ret) ? NULL : ret; -} -#endif /* DSO_DL */ diff --git a/crypto/dso/dso_dlfcn.c b/crypto/dso/dso_dlfcn.c deleted file mode 100644 index 6a988cc727913e6d84da8da99ab8ef407e0f3ff7..0000000000000000000000000000000000000000 --- a/crypto/dso/dso_dlfcn.c +++ /dev/null @@ -1,456 +0,0 @@ -/* - * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * We need to do this early, because stdio.h includes the header files that - * handle _GNU_SOURCE and other similar macros. Defining it later is simply - * too late, because those headers are protected from re- inclusion. - */ -#ifndef _GNU_SOURCE -# define _GNU_SOURCE /* make sure dladdr is declared */ -#endif - -#include "dso_local.h" -#include "e_os.h" - -#ifdef DSO_DLFCN - -# ifdef HAVE_DLFCN_H -# ifdef __osf__ -# define __EXTENSIONS__ -# endif -# include -# define HAVE_DLINFO 1 -# if defined(__SCO_VERSION__) || defined(_SCO_ELF) || \ - (defined(__osf__) && !defined(RTLD_NEXT)) || \ - (defined(__OpenBSD__) && !defined(RTLD_SELF)) || \ - defined(__ANDROID__) || defined(__TANDEM) -# undef HAVE_DLINFO -# endif -# endif - -/* Part of the hack in "dlfcn_load" ... */ -# define DSO_MAX_TRANSLATED_SIZE 256 - -static int dlfcn_load(DSO *dso); -static int dlfcn_unload(DSO *dso); -static DSO_FUNC_TYPE dlfcn_bind_func(DSO *dso, const char *symname); -static char *dlfcn_name_converter(DSO *dso, const char *filename); -static char *dlfcn_merger(DSO *dso, const char *filespec1, - const char *filespec2); -static int dlfcn_pathbyaddr(void *addr, char *path, int sz); -static void *dlfcn_globallookup(const char *name); - -static DSO_METHOD dso_meth_dlfcn = { - "OpenSSL 'dlfcn' shared library method", - dlfcn_load, - dlfcn_unload, - dlfcn_bind_func, - NULL, /* ctrl */ - dlfcn_name_converter, - dlfcn_merger, - NULL, /* init */ - NULL, /* finish */ - dlfcn_pathbyaddr, - dlfcn_globallookup -}; - -DSO_METHOD *DSO_METHOD_openssl(void) -{ - return &dso_meth_dlfcn; -} - -/* - * Prior to using the dlopen() function, we should decide on the flag we - * send. There's a few different ways of doing this and it's a messy - * venn-diagram to match up which platforms support what. So as we don't have - * autoconf yet, I'm implementing a hack that could be hacked further - * relatively easily to deal with cases as we find them. Initially this is to - * cope with OpenBSD. - */ -# if defined(__OpenBSD__) || defined(__NetBSD__) -# ifdef DL_LAZY -# define DLOPEN_FLAG DL_LAZY -# else -# ifdef RTLD_NOW -# define DLOPEN_FLAG RTLD_NOW -# else -# define DLOPEN_FLAG 0 -# endif -# endif -# else -# define DLOPEN_FLAG RTLD_NOW /* Hope this works everywhere else */ -# endif - -/* - * For this DSO_METHOD, our meth_data STACK will contain; (i) the handle - * (void*) returned from dlopen(). - */ - -static int dlfcn_load(DSO *dso) -{ - void *ptr = NULL; - /* See applicable comments in dso_dl.c */ - char *filename = DSO_convert_filename(dso, NULL); - int flags = DLOPEN_FLAG; - int saveerrno = get_last_sys_error(); - - if (filename == NULL) { - ERR_raise(ERR_LIB_DSO, DSO_R_NO_FILENAME); - goto err; - } -# ifdef RTLD_GLOBAL - if (dso->flags & DSO_FLAG_GLOBAL_SYMBOLS) - flags |= RTLD_GLOBAL; -# endif -# ifdef _AIX - if (filename[strlen(filename) - 1] == ')') - flags |= RTLD_MEMBER; -# endif - ptr = dlopen(filename, flags); - if (ptr == NULL) { - ERR_raise_data(ERR_LIB_DSO, DSO_R_LOAD_FAILED, - "filename(%s): %s", filename, dlerror()); - goto err; - } - /* - * Some dlopen() implementations (e.g. solaris) do no preserve errno, even - * on a successful call. - */ - set_sys_error(saveerrno); - if (!sk_void_push(dso->meth_data, (char *)ptr)) { - ERR_raise(ERR_LIB_DSO, DSO_R_STACK_ERROR); - goto err; - } - /* Success */ - dso->loaded_filename = filename; - return 1; - err: - /* Cleanup! */ - OPENSSL_free(filename); - if (ptr != NULL) - dlclose(ptr); - return 0; -} - -static int dlfcn_unload(DSO *dso) -{ - void *ptr; - if (dso == NULL) { - ERR_raise(ERR_LIB_DSO, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - if (sk_void_num(dso->meth_data) < 1) - return 1; - ptr = sk_void_pop(dso->meth_data); - if (ptr == NULL) { - ERR_raise(ERR_LIB_DSO, DSO_R_NULL_HANDLE); - /* - * Should push the value back onto the stack in case of a retry. - */ - sk_void_push(dso->meth_data, ptr); - return 0; - } - /* For now I'm not aware of any errors associated with dlclose() */ - dlclose(ptr); - return 1; -} - -static DSO_FUNC_TYPE dlfcn_bind_func(DSO *dso, const char *symname) -{ - void *ptr; - union { - DSO_FUNC_TYPE sym; - void *dlret; - } u; - - if ((dso == NULL) || (symname == NULL)) { - ERR_raise(ERR_LIB_DSO, ERR_R_PASSED_NULL_PARAMETER); - return NULL; - } - if (sk_void_num(dso->meth_data) < 1) { - ERR_raise(ERR_LIB_DSO, DSO_R_STACK_ERROR); - return NULL; - } - ptr = sk_void_value(dso->meth_data, sk_void_num(dso->meth_data) - 1); - if (ptr == NULL) { - ERR_raise(ERR_LIB_DSO, DSO_R_NULL_HANDLE); - return NULL; - } - u.dlret = dlsym(ptr, symname); - if (u.dlret == NULL) { - ERR_raise_data(ERR_LIB_DSO, DSO_R_SYM_FAILURE, - "symname(%s): %s", symname, dlerror()); - return NULL; - } - return u.sym; -} - -static char *dlfcn_merger(DSO *dso, const char *filespec1, - const char *filespec2) -{ - char *merged; - - if (!filespec1 && !filespec2) { - ERR_raise(ERR_LIB_DSO, ERR_R_PASSED_NULL_PARAMETER); - return NULL; - } - /* - * If the first file specification is a rooted path, it rules. same goes - * if the second file specification is missing. - */ - if (!filespec2 || (filespec1 != NULL && filespec1[0] == '/')) { - merged = OPENSSL_strdup(filespec1); - if (merged == NULL) { - ERR_raise(ERR_LIB_DSO, ERR_R_MALLOC_FAILURE); - return NULL; - } - } - /* - * If the first file specification is missing, the second one rules. - */ - else if (!filespec1) { - merged = OPENSSL_strdup(filespec2); - if (merged == NULL) { - ERR_raise(ERR_LIB_DSO, ERR_R_MALLOC_FAILURE); - return NULL; - } - } else { - /* - * This part isn't as trivial as it looks. It assumes that the - * second file specification really is a directory, and makes no - * checks whatsoever. Therefore, the result becomes the - * concatenation of filespec2 followed by a slash followed by - * filespec1. - */ - int spec2len, len; - - spec2len = strlen(filespec2); - len = spec2len + strlen(filespec1); - - if (spec2len && filespec2[spec2len - 1] == '/') { - spec2len--; - len--; - } - merged = OPENSSL_malloc(len + 2); - if (merged == NULL) { - ERR_raise(ERR_LIB_DSO, ERR_R_MALLOC_FAILURE); - return NULL; - } - strcpy(merged, filespec2); - merged[spec2len] = '/'; - strcpy(&merged[spec2len + 1], filespec1); - } - return merged; -} - -static char *dlfcn_name_converter(DSO *dso, const char *filename) -{ - char *translated; - int len, rsize, transform; - - len = strlen(filename); - rsize = len + 1; - transform = (strstr(filename, "/") == NULL); - if (transform) { - /* We will convert this to "%s.so" or "lib%s.so" etc */ - rsize += strlen(DSO_EXTENSION); /* The length of ".so" */ - if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0) - rsize += 3; /* The length of "lib" */ - } - translated = OPENSSL_malloc(rsize); - if (translated == NULL) { - ERR_raise(ERR_LIB_DSO, DSO_R_NAME_TRANSLATION_FAILED); - return NULL; - } - if (transform) { - if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0) - sprintf(translated, "lib%s" DSO_EXTENSION, filename); - else - sprintf(translated, "%s" DSO_EXTENSION, filename); - } else - sprintf(translated, "%s", filename); - return translated; -} - -# ifdef __sgi -/*- -This is a quote from IRIX manual for dladdr(3c): - - does not contain a prototype for dladdr or definition of - Dl_info. The #include in the SYNOPSIS line is traditional, - but contains no dladdr prototype and no IRIX library contains an - implementation. Write your own declaration based on the code below. - - The following code is dependent on internal interfaces that are not - part of the IRIX compatibility guarantee; however, there is no future - intention to change this interface, so on a practical level, the code - below is safe to use on IRIX. -*/ -# include -# ifndef _RLD_INTERFACE_DLFCN_H_DLADDR -# define _RLD_INTERFACE_DLFCN_H_DLADDR -typedef struct Dl_info { - const char *dli_fname; - void *dli_fbase; - const char *dli_sname; - void *dli_saddr; - int dli_version; - int dli_reserved1; - long dli_reserved[4]; -} Dl_info; -# else -typedef struct Dl_info Dl_info; -# endif -# define _RLD_DLADDR 14 - -static int dladdr(void *address, Dl_info *dl) -{ - void *v; - v = _rld_new_interface(_RLD_DLADDR, address, dl); - return (int)v; -} -# endif /* __sgi */ - -# ifdef _AIX -/*- - * See IBM's AIX Version 7.2, Technical Reference: - * Base Operating System and Extensions, Volume 1 and 2 - * https://www.ibm.com/support/knowledgecenter/ssw_aix_72/com.ibm.aix.base/technicalreferences.htm - */ -# include -# include -/* ~ 64 * (sizeof(struct ld_info) + _XOPEN_PATH_MAX + _XOPEN_NAME_MAX) */ -# define DLFCN_LDINFO_SIZE 86976 -typedef struct Dl_info { - const char *dli_fname; -} Dl_info; -/* - * This dladdr()-implementation will also find the ptrgl (Pointer Glue) virtual - * address of a function, which is just located in the DATA segment instead of - * the TEXT segment. - */ -static int dladdr(void *ptr, Dl_info *dl) -{ - uintptr_t addr = (uintptr_t)ptr; - unsigned int found = 0; - struct ld_info *ldinfos, *next_ldi, *this_ldi; - - if ((ldinfos = OPENSSL_malloc(DLFCN_LDINFO_SIZE)) == NULL) { - errno = ENOMEM; - dl->dli_fname = NULL; - return 0; - } - - if ((loadquery(L_GETINFO, (void *)ldinfos, DLFCN_LDINFO_SIZE)) < 0) { - /*- - * Error handling is done through errno and dlerror() reading errno: - * ENOMEM (ldinfos buffer is too small), - * EINVAL (invalid flags), - * EFAULT (invalid ldinfos ptr) - */ - OPENSSL_free((void *)ldinfos); - dl->dli_fname = NULL; - return 0; - } - next_ldi = ldinfos; - - do { - this_ldi = next_ldi; - if (((addr >= (uintptr_t)this_ldi->ldinfo_textorg) - && (addr < ((uintptr_t)this_ldi->ldinfo_textorg + - this_ldi->ldinfo_textsize))) - || ((addr >= (uintptr_t)this_ldi->ldinfo_dataorg) - && (addr < ((uintptr_t)this_ldi->ldinfo_dataorg + - this_ldi->ldinfo_datasize)))) { - char *buffer, *member; - size_t buffer_sz, member_len; - - buffer_sz = strlen(this_ldi->ldinfo_filename) + 1; - member = this_ldi->ldinfo_filename + buffer_sz; - if ((member_len = strlen(member)) > 0) - buffer_sz += 1 + member_len + 1; - found = 1; - if ((buffer = OPENSSL_malloc(buffer_sz)) != NULL) { - OPENSSL_strlcpy(buffer, this_ldi->ldinfo_filename, buffer_sz); - if (member_len > 0) { - /* - * Need to respect a possible member name and not just - * returning the path name in this case. See docs: - * sys/ldr.h, loadquery() and dlopen()/RTLD_MEMBER. - */ - OPENSSL_strlcat(buffer, "(", buffer_sz); - OPENSSL_strlcat(buffer, member, buffer_sz); - OPENSSL_strlcat(buffer, ")", buffer_sz); - } - dl->dli_fname = buffer; - } else { - errno = ENOMEM; - } - } else { - next_ldi = (struct ld_info *)((uintptr_t)this_ldi + - this_ldi->ldinfo_next); - } - } while (this_ldi->ldinfo_next && !found); - OPENSSL_free((void *)ldinfos); - return (found && dl->dli_fname != NULL); -} -# endif /* _AIX */ - -static int dlfcn_pathbyaddr(void *addr, char *path, int sz) -{ -# ifdef HAVE_DLINFO - Dl_info dli; - int len; - - if (addr == NULL) { - union { - int (*f) (void *, char *, int); - void *p; - } t = { - dlfcn_pathbyaddr - }; - addr = t.p; - } - - if (dladdr(addr, &dli)) { - len = (int)strlen(dli.dli_fname); - if (sz <= 0) { -# ifdef _AIX - OPENSSL_free((void *)dli.dli_fname); -# endif - return len + 1; - } - if (len >= sz) - len = sz - 1; - memcpy(path, dli.dli_fname, len); - path[len++] = 0; -# ifdef _AIX - OPENSSL_free((void *)dli.dli_fname); -# endif - return len; - } - - ERR_add_error_data(2, "dlfcn_pathbyaddr(): ", dlerror()); -# endif - return -1; -} - -static void *dlfcn_globallookup(const char *name) -{ - void *ret = NULL, *handle = dlopen(NULL, RTLD_LAZY); - - if (handle) { - ret = dlsym(handle, name); - dlclose(handle); - } - - return ret; -} -#endif /* DSO_DLFCN */ diff --git a/crypto/dso/dso_err.c b/crypto/dso/dso_err.c deleted file mode 100644 index 6934a1b364bc8012435fd96616f7e7f5dbdea6cc..0000000000000000000000000000000000000000 --- a/crypto/dso/dso_err.c +++ /dev/null @@ -1,56 +0,0 @@ -/* - * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/dsoerr.h" - -#ifndef OPENSSL_NO_ERR - -static const ERR_STRING_DATA DSO_str_reasons[] = { - {ERR_PACK(ERR_LIB_DSO, 0, DSO_R_CTRL_FAILED), "control command failed"}, - {ERR_PACK(ERR_LIB_DSO, 0, DSO_R_DSO_ALREADY_LOADED), "dso already loaded"}, - {ERR_PACK(ERR_LIB_DSO, 0, DSO_R_EMPTY_FILE_STRUCTURE), - "empty file structure"}, - {ERR_PACK(ERR_LIB_DSO, 0, DSO_R_FAILURE), "failure"}, - {ERR_PACK(ERR_LIB_DSO, 0, DSO_R_FILENAME_TOO_BIG), "filename too big"}, - {ERR_PACK(ERR_LIB_DSO, 0, DSO_R_FINISH_FAILED), - "cleanup method function failed"}, - {ERR_PACK(ERR_LIB_DSO, 0, DSO_R_INCORRECT_FILE_SYNTAX), - "incorrect file syntax"}, - {ERR_PACK(ERR_LIB_DSO, 0, DSO_R_LOAD_FAILED), - "could not load the shared library"}, - {ERR_PACK(ERR_LIB_DSO, 0, DSO_R_NAME_TRANSLATION_FAILED), - "name translation failed"}, - {ERR_PACK(ERR_LIB_DSO, 0, DSO_R_NO_FILENAME), "no filename"}, - {ERR_PACK(ERR_LIB_DSO, 0, DSO_R_NULL_HANDLE), - "a null shared library handle was used"}, - {ERR_PACK(ERR_LIB_DSO, 0, DSO_R_SET_FILENAME_FAILED), - "set filename failed"}, - {ERR_PACK(ERR_LIB_DSO, 0, DSO_R_STACK_ERROR), - "the meth_data stack is corrupt"}, - {ERR_PACK(ERR_LIB_DSO, 0, DSO_R_SYM_FAILURE), - "could not bind to the requested symbol name"}, - {ERR_PACK(ERR_LIB_DSO, 0, DSO_R_UNLOAD_FAILED), - "could not unload the shared library"}, - {ERR_PACK(ERR_LIB_DSO, 0, DSO_R_UNSUPPORTED), - "functionality not supported"}, - {0, NULL} -}; - -#endif - -int ossl_err_load_DSO_strings(void) -{ -#ifndef OPENSSL_NO_ERR - if (ERR_reason_error_string(DSO_str_reasons[0].error) == NULL) - ERR_load_strings_const(DSO_str_reasons); -#endif - return 1; -} diff --git a/crypto/dso/dso_lib.c b/crypto/dso/dso_lib.c deleted file mode 100644 index 9d755986d755ef55558a30349622f4e84298395b..0000000000000000000000000000000000000000 --- a/crypto/dso/dso_lib.c +++ /dev/null @@ -1,338 +0,0 @@ -/* - * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include "dso_local.h" -#include "internal/refcount.h" - -static DSO *DSO_new_method(DSO_METHOD *meth) -{ - DSO *ret; - - ret = OPENSSL_zalloc(sizeof(*ret)); - if (ret == NULL) { - ERR_raise(ERR_LIB_DSO, ERR_R_MALLOC_FAILURE); - return NULL; - } - ret->meth_data = sk_void_new_null(); - if (ret->meth_data == NULL) { - /* sk_new doesn't generate any errors so we do */ - ERR_raise(ERR_LIB_DSO, ERR_R_MALLOC_FAILURE); - OPENSSL_free(ret); - return NULL; - } - ret->meth = DSO_METHOD_openssl(); - ret->references = 1; - ret->lock = CRYPTO_THREAD_lock_new(); - if (ret->lock == NULL) { - ERR_raise(ERR_LIB_DSO, ERR_R_MALLOC_FAILURE); - sk_void_free(ret->meth_data); - OPENSSL_free(ret); - return NULL; - } - - if ((ret->meth->init != NULL) && !ret->meth->init(ret)) { - DSO_free(ret); - ret = NULL; - } - - return ret; -} - -DSO *DSO_new(void) -{ - return DSO_new_method(NULL); -} - -int DSO_free(DSO *dso) -{ - int i; - - if (dso == NULL) - return 1; - - if (CRYPTO_DOWN_REF(&dso->references, &i, dso->lock) <= 0) - return 0; - - REF_PRINT_COUNT("DSO", dso); - if (i > 0) - return 1; - REF_ASSERT_ISNT(i < 0); - - if ((dso->flags & DSO_FLAG_NO_UNLOAD_ON_FREE) == 0) { - if ((dso->meth->dso_unload != NULL) && !dso->meth->dso_unload(dso)) { - ERR_raise(ERR_LIB_DSO, DSO_R_UNLOAD_FAILED); - return 0; - } - } - - if ((dso->meth->finish != NULL) && !dso->meth->finish(dso)) { - ERR_raise(ERR_LIB_DSO, DSO_R_FINISH_FAILED); - return 0; - } - - sk_void_free(dso->meth_data); - OPENSSL_free(dso->filename); - OPENSSL_free(dso->loaded_filename); - CRYPTO_THREAD_lock_free(dso->lock); - OPENSSL_free(dso); - return 1; -} - -int DSO_flags(DSO *dso) -{ - return ((dso == NULL) ? 0 : dso->flags); -} - -int DSO_up_ref(DSO *dso) -{ - int i; - - if (dso == NULL) { - ERR_raise(ERR_LIB_DSO, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - - if (CRYPTO_UP_REF(&dso->references, &i, dso->lock) <= 0) - return 0; - - REF_PRINT_COUNT("DSO", dso); - REF_ASSERT_ISNT(i < 2); - return ((i > 1) ? 1 : 0); -} - -DSO *DSO_load(DSO *dso, const char *filename, DSO_METHOD *meth, int flags) -{ - DSO *ret; - int allocated = 0; - - if (dso == NULL) { - ret = DSO_new_method(meth); - if (ret == NULL) { - ERR_raise(ERR_LIB_DSO, ERR_R_MALLOC_FAILURE); - goto err; - } - allocated = 1; - /* Pass the provided flags to the new DSO object */ - if (DSO_ctrl(ret, DSO_CTRL_SET_FLAGS, flags, NULL) < 0) { - ERR_raise(ERR_LIB_DSO, DSO_R_CTRL_FAILED); - goto err; - } - } else - ret = dso; - /* Don't load if we're currently already loaded */ - if (ret->filename != NULL) { - ERR_raise(ERR_LIB_DSO, DSO_R_DSO_ALREADY_LOADED); - goto err; - } - /* - * filename can only be NULL if we were passed a dso that already has one - * set. - */ - if (filename != NULL) - if (!DSO_set_filename(ret, filename)) { - ERR_raise(ERR_LIB_DSO, DSO_R_SET_FILENAME_FAILED); - goto err; - } - filename = ret->filename; - if (filename == NULL) { - ERR_raise(ERR_LIB_DSO, DSO_R_NO_FILENAME); - goto err; - } - if (ret->meth->dso_load == NULL) { - ERR_raise(ERR_LIB_DSO, DSO_R_UNSUPPORTED); - goto err; - } - if (!ret->meth->dso_load(ret)) { - ERR_raise(ERR_LIB_DSO, DSO_R_LOAD_FAILED); - goto err; - } - /* Load succeeded */ - return ret; - err: - if (allocated) - DSO_free(ret); - return NULL; -} - -DSO_FUNC_TYPE DSO_bind_func(DSO *dso, const char *symname) -{ - DSO_FUNC_TYPE ret = NULL; - - if ((dso == NULL) || (symname == NULL)) { - ERR_raise(ERR_LIB_DSO, ERR_R_PASSED_NULL_PARAMETER); - return NULL; - } - if (dso->meth->dso_bind_func == NULL) { - ERR_raise(ERR_LIB_DSO, DSO_R_UNSUPPORTED); - return NULL; - } - if ((ret = dso->meth->dso_bind_func(dso, symname)) == NULL) { - ERR_raise(ERR_LIB_DSO, DSO_R_SYM_FAILURE); - return NULL; - } - /* Success */ - return ret; -} - -/* - * I don't really like these *_ctrl functions very much to be perfectly - * honest. For one thing, I think I have to return a negative value for any - * error because possible DSO_ctrl() commands may return values such as - * "size"s that can legitimately be zero (making the standard - * "if (DSO_cmd(...))" form that works almost everywhere else fail at odd - * times. I'd prefer "output" values to be passed by reference and the return - * value as success/failure like usual ... but we conform when we must... :-) - */ -long DSO_ctrl(DSO *dso, int cmd, long larg, void *parg) -{ - if (dso == NULL) { - ERR_raise(ERR_LIB_DSO, ERR_R_PASSED_NULL_PARAMETER); - return -1; - } - /* - * We should intercept certain generic commands and only pass control to - * the method-specific ctrl() function if it's something we don't handle. - */ - switch (cmd) { - case DSO_CTRL_GET_FLAGS: - return dso->flags; - case DSO_CTRL_SET_FLAGS: - dso->flags = (int)larg; - return 0; - case DSO_CTRL_OR_FLAGS: - dso->flags |= (int)larg; - return 0; - default: - break; - } - if ((dso->meth == NULL) || (dso->meth->dso_ctrl == NULL)) { - ERR_raise(ERR_LIB_DSO, DSO_R_UNSUPPORTED); - return -1; - } - return dso->meth->dso_ctrl(dso, cmd, larg, parg); -} - -const char *DSO_get_filename(DSO *dso) -{ - if (dso == NULL) { - ERR_raise(ERR_LIB_DSO, ERR_R_PASSED_NULL_PARAMETER); - return NULL; - } - return dso->filename; -} - -int DSO_set_filename(DSO *dso, const char *filename) -{ - char *copied; - - if ((dso == NULL) || (filename == NULL)) { - ERR_raise(ERR_LIB_DSO, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - if (dso->loaded_filename) { - ERR_raise(ERR_LIB_DSO, DSO_R_DSO_ALREADY_LOADED); - return 0; - } - /* We'll duplicate filename */ - copied = OPENSSL_strdup(filename); - if (copied == NULL) { - ERR_raise(ERR_LIB_DSO, ERR_R_MALLOC_FAILURE); - return 0; - } - OPENSSL_free(dso->filename); - dso->filename = copied; - return 1; -} - -char *DSO_merge(DSO *dso, const char *filespec1, const char *filespec2) -{ - char *result = NULL; - - if (dso == NULL || filespec1 == NULL) { - ERR_raise(ERR_LIB_DSO, ERR_R_PASSED_NULL_PARAMETER); - return NULL; - } - if ((dso->flags & DSO_FLAG_NO_NAME_TRANSLATION) == 0) { - if (dso->merger != NULL) - result = dso->merger(dso, filespec1, filespec2); - else if (dso->meth->dso_merger != NULL) - result = dso->meth->dso_merger(dso, filespec1, filespec2); - } - return result; -} - -char *DSO_convert_filename(DSO *dso, const char *filename) -{ - char *result = NULL; - - if (dso == NULL) { - ERR_raise(ERR_LIB_DSO, ERR_R_PASSED_NULL_PARAMETER); - return NULL; - } - if (filename == NULL) - filename = dso->filename; - if (filename == NULL) { - ERR_raise(ERR_LIB_DSO, DSO_R_NO_FILENAME); - return NULL; - } - if ((dso->flags & DSO_FLAG_NO_NAME_TRANSLATION) == 0) { - if (dso->name_converter != NULL) - result = dso->name_converter(dso, filename); - else if (dso->meth->dso_name_converter != NULL) - result = dso->meth->dso_name_converter(dso, filename); - } - if (result == NULL) { - result = OPENSSL_strdup(filename); - if (result == NULL) { - ERR_raise(ERR_LIB_DSO, ERR_R_MALLOC_FAILURE); - return NULL; - } - } - return result; -} - -int DSO_pathbyaddr(void *addr, char *path, int sz) -{ - DSO_METHOD *meth = DSO_METHOD_openssl(); - - if (meth->pathbyaddr == NULL) { - ERR_raise(ERR_LIB_DSO, DSO_R_UNSUPPORTED); - return -1; - } - return (*meth->pathbyaddr) (addr, path, sz); -} - -DSO *DSO_dsobyaddr(void *addr, int flags) -{ - DSO *ret = NULL; - char *filename = NULL; - int len = DSO_pathbyaddr(addr, NULL, 0); - - if (len < 0) - return NULL; - - filename = OPENSSL_malloc(len); - if (filename != NULL - && DSO_pathbyaddr(addr, filename, len) == len) - ret = DSO_load(NULL, filename, NULL, flags); - - OPENSSL_free(filename); - return ret; -} - -void *DSO_global_lookup(const char *name) -{ - DSO_METHOD *meth = DSO_METHOD_openssl(); - - if (meth->globallookup == NULL) { - ERR_raise(ERR_LIB_DSO, DSO_R_UNSUPPORTED); - return NULL; - } - return (*meth->globallookup) (name); -} diff --git a/crypto/dso/dso_local.h b/crypto/dso/dso_local.h deleted file mode 100644 index 8aa29c1826fec97e2c29cb7869e674ffac2f4825..0000000000000000000000000000000000000000 --- a/crypto/dso/dso_local.h +++ /dev/null @@ -1,107 +0,0 @@ -/* - * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/cryptlib.h" -#include "internal/dso.h" -#include "crypto/dso_conf.h" -#include "internal/refcount.h" - -/**********************************************************************/ -/* The low-level handle type used to refer to a loaded shared library */ - -struct dso_st { - DSO_METHOD *meth; - /* - * Standard dlopen uses a (void *). Win32 uses a HANDLE. VMS doesn't use - * anything but will need to cache the filename for use in the dso_bind - * handler. All in all, let each method control its own destiny. - * "Handles" and such go in a STACK. - */ - STACK_OF(void) *meth_data; - CRYPTO_REF_COUNT references; - int flags; - /* - * For use by applications etc ... use this for your bits'n'pieces, don't - * touch meth_data! - */ - CRYPTO_EX_DATA ex_data; - /* - * If this callback function pointer is set to non-NULL, then it will be - * used in DSO_load() in place of meth->dso_name_converter. NB: This - * should normally set using DSO_set_name_converter(). - */ - DSO_NAME_CONVERTER_FUNC name_converter; - /* - * If this callback function pointer is set to non-NULL, then it will be - * used in DSO_load() in place of meth->dso_merger. NB: This should - * normally set using DSO_set_merger(). - */ - DSO_MERGER_FUNC merger; - /* - * This is populated with (a copy of) the platform-independent filename - * used for this DSO. - */ - char *filename; - /* - * This is populated with (a copy of) the translated filename by which - * the DSO was actually loaded. It is NULL iff the DSO is not currently - * loaded. NB: This is here because the filename translation process may - * involve a callback being invoked more than once not only to convert to - * a platform-specific form, but also to try different filenames in the - * process of trying to perform a load. As such, this variable can be - * used to indicate (a) whether this DSO structure corresponds to a - * loaded library or not, and (b) the filename with which it was actually - * loaded. - */ - char *loaded_filename; - CRYPTO_RWLOCK *lock; -}; - -struct dso_meth_st { - const char *name; - /* - * Loads a shared library, NB: new DSO_METHODs must ensure that a - * successful load populates the loaded_filename field, and likewise a - * successful unload OPENSSL_frees and NULLs it out. - */ - int (*dso_load) (DSO *dso); - /* Unloads a shared library */ - int (*dso_unload) (DSO *dso); - /* - * Binds a function - assumes a return type of DSO_FUNC_TYPE. This should - * be cast to the real function prototype by the caller. Platforms that - * don't have compatible representations for different prototypes (this - * is possible within ANSI C) are highly unlikely to have shared - * libraries at all, let alone a DSO_METHOD implemented for them. - */ - DSO_FUNC_TYPE (*dso_bind_func) (DSO *dso, const char *symname); - /* - * The generic (yuck) "ctrl()" function. NB: Negative return values - * (rather than zero) indicate errors. - */ - long (*dso_ctrl) (DSO *dso, int cmd, long larg, void *parg); - /* - * The default DSO_METHOD-specific function for converting filenames to a - * canonical native form. - */ - DSO_NAME_CONVERTER_FUNC dso_name_converter; - /* - * The default DSO_METHOD-specific function for converting filenames to a - * canonical native form. - */ - DSO_MERGER_FUNC dso_merger; - /* [De]Initialisation handlers. */ - int (*init) (DSO *dso); - int (*finish) (DSO *dso); - /* Return pathname of the module containing location */ - int (*pathbyaddr) (void *addr, char *path, int sz); - /* Perform global symbol lookup, i.e. among *all* modules */ - void *(*globallookup) (const char *symname); -}; diff --git a/crypto/dso/dso_openssl.c b/crypto/dso/dso_openssl.c deleted file mode 100644 index 3f264a6c658b717510c74e6603334bc98e3545ac..0000000000000000000000000000000000000000 --- a/crypto/dso/dso_openssl.c +++ /dev/null @@ -1,22 +0,0 @@ -/* - * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include "dso_local.h" - -#ifdef DSO_NONE - -static DSO_METHOD dso_meth_null = { - "NULL shared library method" -}; - -DSO_METHOD *DSO_METHOD_openssl(void) -{ - return &dso_meth_null; -} -#endif diff --git a/crypto/dso/dso_vms.c b/crypto/dso/dso_vms.c deleted file mode 100644 index aa2dfaa4d15fdb2642b15c0bd6cf08ab179696a5..0000000000000000000000000000000000000000 --- a/crypto/dso/dso_vms.c +++ /dev/null @@ -1,489 +0,0 @@ -/* - * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include "dso_local.h" - -#ifdef OPENSSL_SYS_VMS - -# pragma message disable DOLLARID -# include -# include -# include -# include -# include -# include -# include -# include "../vms_rms.h" - -/* Some compiler options may mask the declaration of "_malloc32". */ -# if __INITIAL_POINTER_SIZE && defined _ANSI_C_SOURCE -# if __INITIAL_POINTER_SIZE == 64 -# pragma pointer_size save -# pragma pointer_size 32 -void *_malloc32(__size_t); -# pragma pointer_size restore -# endif /* __INITIAL_POINTER_SIZE == 64 */ -# endif /* __INITIAL_POINTER_SIZE && defined - * _ANSI_C_SOURCE */ - -# pragma message disable DOLLARID - -static int vms_load(DSO *dso); -static int vms_unload(DSO *dso); -static DSO_FUNC_TYPE vms_bind_func(DSO *dso, const char *symname); -static char *vms_name_converter(DSO *dso, const char *filename); -static char *vms_merger(DSO *dso, const char *filespec1, - const char *filespec2); - -static DSO_METHOD dso_meth_vms = { - "OpenSSL 'VMS' shared library method", - vms_load, - NULL, /* unload */ - vms_bind_func, - NULL, /* ctrl */ - vms_name_converter, - vms_merger, - NULL, /* init */ - NULL, /* finish */ - NULL, /* pathbyaddr */ - NULL /* globallookup */ -}; - -/* - * On VMS, the only "handle" is the file name. LIB$FIND_IMAGE_SYMBOL depends - * on the reference to the file name being the same for all calls regarding - * one shared image, so we'll just store it in an instance of the following - * structure and put a pointer to that instance in the meth_data stack. - */ -typedef struct dso_internal_st { - /* - * This should contain the name only, no directory, no extension, nothing - * but a name. - */ - struct dsc$descriptor_s filename_dsc; - char filename[NAMX_MAXRSS + 1]; - /* - * This contains whatever is not in filename, if needed. Normally not - * defined. - */ - struct dsc$descriptor_s imagename_dsc; - char imagename[NAMX_MAXRSS + 1]; -} DSO_VMS_INTERNAL; - -DSO_METHOD *DSO_METHOD_openssl(void) -{ - return &dso_meth_vms; -} - -static int vms_load(DSO *dso) -{ - void *ptr = NULL; - /* See applicable comments in dso_dl.c */ - char *filename = DSO_convert_filename(dso, NULL); - -/* Ensure 32-bit pointer for "p", and appropriate malloc() function. */ -# if __INITIAL_POINTER_SIZE == 64 -# define DSO_MALLOC _malloc32 -# pragma pointer_size save -# pragma pointer_size 32 -# else /* __INITIAL_POINTER_SIZE == 64 */ -# define DSO_MALLOC OPENSSL_malloc -# endif /* __INITIAL_POINTER_SIZE == 64 [else] */ - - DSO_VMS_INTERNAL *p = NULL; - -# if __INITIAL_POINTER_SIZE == 64 -# pragma pointer_size restore -# endif /* __INITIAL_POINTER_SIZE == 64 */ - - const char *sp1, *sp2; /* Search result */ - const char *ext = NULL; /* possible extension to add */ - - if (filename == NULL) { - ERR_raise(ERR_LIB_DSO, DSO_R_NO_FILENAME); - goto err; - } - - /*- - * A file specification may look like this: - * - * node::dev:[dir-spec]name.type;ver - * - * or (for compatibility with TOPS-20): - * - * node::dev:name.type;ver - * - * and the dir-spec uses '.' as separator. Also, a dir-spec - * may consist of several parts, with mixed use of [] and <>: - * - * [dir1.] - * - * We need to split the file specification into the name and - * the rest (both before and after the name itself). - */ - /* - * Start with trying to find the end of a dir-spec, and save the position - * of the byte after in sp1 - */ - sp1 = strrchr(filename, ']'); - sp2 = strrchr(filename, '>'); - if (sp1 == NULL) - sp1 = sp2; - if (sp2 != NULL && sp2 > sp1) - sp1 = sp2; - if (sp1 == NULL) - sp1 = strrchr(filename, ':'); - if (sp1 == NULL) - sp1 = filename; - else - sp1++; /* The byte after the found character */ - /* Now, let's see if there's a type, and save the position in sp2 */ - sp2 = strchr(sp1, '.'); - /* - * If there is a period and the next character is a semi-colon, - * we need to add an extension - */ - if (sp2 != NULL && sp2[1] == ';') - ext = ".EXE"; - /* - * If we found it, that's where we'll cut. Otherwise, look for a version - * number and save the position in sp2 - */ - if (sp2 == NULL) { - sp2 = strchr(sp1, ';'); - ext = ".EXE"; - } - /* - * If there was still nothing to find, set sp2 to point at the end of the - * string - */ - if (sp2 == NULL) - sp2 = sp1 + strlen(sp1); - - /* Check that we won't get buffer overflows */ - if (sp2 - sp1 > FILENAME_MAX - || (sp1 - filename) + strlen(sp2) > FILENAME_MAX) { - ERR_raise(ERR_LIB_DSO, DSO_R_FILENAME_TOO_BIG); - goto err; - } - - p = DSO_MALLOC(sizeof(*p)); - if (p == NULL) { - ERR_raise(ERR_LIB_DSO, ERR_R_MALLOC_FAILURE); - goto err; - } - - strncpy(p->filename, sp1, sp2 - sp1); - p->filename[sp2 - sp1] = '\0'; - - strncpy(p->imagename, filename, sp1 - filename); - p->imagename[sp1 - filename] = '\0'; - if (ext) { - strcat(p->imagename, ext); - if (*sp2 == '.') - sp2++; - } - strcat(p->imagename, sp2); - - p->filename_dsc.dsc$w_length = strlen(p->filename); - p->filename_dsc.dsc$b_dtype = DSC$K_DTYPE_T; - p->filename_dsc.dsc$b_class = DSC$K_CLASS_S; - p->filename_dsc.dsc$a_pointer = p->filename; - p->imagename_dsc.dsc$w_length = strlen(p->imagename); - p->imagename_dsc.dsc$b_dtype = DSC$K_DTYPE_T; - p->imagename_dsc.dsc$b_class = DSC$K_CLASS_S; - p->imagename_dsc.dsc$a_pointer = p->imagename; - - if (!sk_void_push(dso->meth_data, (char *)p)) { - ERR_raise(ERR_LIB_DSO, DSO_R_STACK_ERROR); - goto err; - } - - /* Success (for now, we lie. We actually do not know...) */ - dso->loaded_filename = filename; - return 1; - err: - /* Cleanup! */ - OPENSSL_free(p); - OPENSSL_free(filename); - return 0; -} - -/* - * Note that this doesn't actually unload the shared image, as there is no - * such thing in VMS. Next time it get loaded again, a new copy will - * actually be loaded. - */ -static int vms_unload(DSO *dso) -{ - DSO_VMS_INTERNAL *p; - if (dso == NULL) { - ERR_raise(ERR_LIB_DSO, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - if (sk_void_num(dso->meth_data) < 1) - return 1; - p = (DSO_VMS_INTERNAL *)sk_void_pop(dso->meth_data); - if (p == NULL) { - ERR_raise(ERR_LIB_DSO, DSO_R_NULL_HANDLE); - return 0; - } - /* Cleanup */ - OPENSSL_free(p); - return 1; -} - -/* - * We must do this in a separate function because of the way the exception - * handler works (it makes this function return - */ -static int do_find_symbol(DSO_VMS_INTERNAL *ptr, - struct dsc$descriptor_s *symname_dsc, void **sym, - unsigned long flags) -{ - /* - * Make sure that signals are caught and returned instead of aborting the - * program. The exception handler gets unestablished automatically on - * return from this function. - */ - lib$establish(lib$sig_to_ret); - - if (ptr->imagename_dsc.dsc$w_length) - return lib$find_image_symbol(&ptr->filename_dsc, - symname_dsc, sym, - &ptr->imagename_dsc, flags); - else - return lib$find_image_symbol(&ptr->filename_dsc, - symname_dsc, sym, 0, flags); -} - -# ifndef LIB$M_FIS_MIXEDCASE -# define LIB$M_FIS_MIXEDCASE (1 << 4); -# endif -void vms_bind_sym(DSO *dso, const char *symname, void **sym) -{ - DSO_VMS_INTERNAL *ptr; - int status = 0; - struct dsc$descriptor_s symname_dsc; - -/* Arrange 32-bit pointer to (copied) string storage, if needed. */ -# if __INITIAL_POINTER_SIZE == 64 -# define SYMNAME symname_32p -# pragma pointer_size save -# pragma pointer_size 32 - char *symname_32p; -# pragma pointer_size restore - char symname_32[NAMX_MAXRSS + 1]; -# else /* __INITIAL_POINTER_SIZE == 64 */ -# define SYMNAME ((char *) symname) -# endif /* __INITIAL_POINTER_SIZE == 64 [else] */ - - *sym = NULL; - - if ((dso == NULL) || (symname == NULL)) { - ERR_raise(ERR_LIB_DSO, ERR_R_PASSED_NULL_PARAMETER); - return; - } -# if __INITIAL_POINTER_SIZE == 64 - /* Copy the symbol name to storage with a 32-bit pointer. */ - symname_32p = symname_32; - strcpy(symname_32p, symname); -# endif /* __INITIAL_POINTER_SIZE == 64 [else] */ - - symname_dsc.dsc$w_length = strlen(SYMNAME); - symname_dsc.dsc$b_dtype = DSC$K_DTYPE_T; - symname_dsc.dsc$b_class = DSC$K_CLASS_S; - symname_dsc.dsc$a_pointer = SYMNAME; - - if (sk_void_num(dso->meth_data) < 1) { - ERR_raise(ERR_LIB_DSO, DSO_R_STACK_ERROR); - return; - } - ptr = (DSO_VMS_INTERNAL *)sk_void_value(dso->meth_data, - sk_void_num(dso->meth_data) - 1); - if (ptr == NULL) { - ERR_raise(ERR_LIB_DSO, DSO_R_NULL_HANDLE); - return; - } - - status = do_find_symbol(ptr, &symname_dsc, sym, LIB$M_FIS_MIXEDCASE); - - if (!$VMS_STATUS_SUCCESS(status)) - status = do_find_symbol(ptr, &symname_dsc, sym, 0); - - if (!$VMS_STATUS_SUCCESS(status)) { - unsigned short length; - char errstring[257]; - struct dsc$descriptor_s errstring_dsc; - - errstring_dsc.dsc$w_length = sizeof(errstring); - errstring_dsc.dsc$b_dtype = DSC$K_DTYPE_T; - errstring_dsc.dsc$b_class = DSC$K_CLASS_S; - errstring_dsc.dsc$a_pointer = errstring; - - *sym = NULL; - - status = sys$getmsg(status, &length, &errstring_dsc, 1, 0); - - if (!$VMS_STATUS_SUCCESS(status)) - lib$signal(status); /* This is really bad. Abort! */ - else { - errstring[length] = '\0'; - - if (ptr->imagename_dsc.dsc$w_length) - ERR_raise_data(ERR_LIB_DSO, DSO_R_SYM_FAILURE, - "Symbol %s in %s (%s): %s", - symname, ptr->filename, ptr->imagename, - errstring); - else - ERR_raise_data(ERR_LIB_DSO, DSO_R_SYM_FAILURE, - "Symbol %s in %s: %s", - symname, ptr->filename, errstring); - } - return; - } - return; -} - -static DSO_FUNC_TYPE vms_bind_func(DSO *dso, const char *symname) -{ - DSO_FUNC_TYPE sym = 0; - vms_bind_sym(dso, symname, (void **)&sym); - return sym; -} - -static char *vms_merger(DSO *dso, const char *filespec1, - const char *filespec2) -{ - int status; - int filespec1len, filespec2len; - struct FAB fab; - struct NAMX_STRUCT nam; - char esa[NAMX_MAXRSS + 1]; - char *merged; - -/* Arrange 32-bit pointer to (copied) string storage, if needed. */ -# if __INITIAL_POINTER_SIZE == 64 -# define FILESPEC1 filespec1_32p; -# define FILESPEC2 filespec2_32p; -# pragma pointer_size save -# pragma pointer_size 32 - char *filespec1_32p; - char *filespec2_32p; -# pragma pointer_size restore - char filespec1_32[NAMX_MAXRSS + 1]; - char filespec2_32[NAMX_MAXRSS + 1]; -# else /* __INITIAL_POINTER_SIZE == 64 */ -# define FILESPEC1 ((char *) filespec1) -# define FILESPEC2 ((char *) filespec2) -# endif /* __INITIAL_POINTER_SIZE == 64 [else] */ - - if (!filespec1) - filespec1 = ""; - if (!filespec2) - filespec2 = ""; - filespec1len = strlen(filespec1); - filespec2len = strlen(filespec2); - -# if __INITIAL_POINTER_SIZE == 64 - /* Copy the file names to storage with a 32-bit pointer. */ - filespec1_32p = filespec1_32; - filespec2_32p = filespec2_32; - strcpy(filespec1_32p, filespec1); - strcpy(filespec2_32p, filespec2); -# endif /* __INITIAL_POINTER_SIZE == 64 [else] */ - - fab = cc$rms_fab; - nam = CC_RMS_NAMX; - - FAB_OR_NAML(fab, nam).FAB_OR_NAML_FNA = FILESPEC1; - FAB_OR_NAML(fab, nam).FAB_OR_NAML_FNS = filespec1len; - FAB_OR_NAML(fab, nam).FAB_OR_NAML_DNA = FILESPEC2; - FAB_OR_NAML(fab, nam).FAB_OR_NAML_DNS = filespec2len; - NAMX_DNA_FNA_SET(fab) - - nam.NAMX_ESA = esa; - nam.NAMX_ESS = NAMX_MAXRSS; - nam.NAMX_NOP = NAM$M_SYNCHK | NAM$M_PWD; - SET_NAMX_NO_SHORT_UPCASE(nam); - - fab.FAB_NAMX = &nam; - - status = sys$parse(&fab, 0, 0); - - if (!$VMS_STATUS_SUCCESS(status)) { - unsigned short length; - char errstring[257]; - struct dsc$descriptor_s errstring_dsc; - - errstring_dsc.dsc$w_length = sizeof(errstring); - errstring_dsc.dsc$b_dtype = DSC$K_DTYPE_T; - errstring_dsc.dsc$b_class = DSC$K_CLASS_S; - errstring_dsc.dsc$a_pointer = errstring; - - status = sys$getmsg(status, &length, &errstring_dsc, 1, 0); - - if (!$VMS_STATUS_SUCCESS(status)) - lib$signal(status); /* This is really bad. Abort! */ - else { - errstring[length] = '\0'; - - ERR_raise_data(ERR_LIB_DSO, DSO_R_FAILURE, - "filespec \"%s\", default \"%s\": %s", - filespec1, filespec2, errstring); - } - return NULL; - } - - merged = OPENSSL_malloc(nam.NAMX_ESL + 1); - if (merged == NULL) - goto malloc_err; - strncpy(merged, nam.NAMX_ESA, nam.NAMX_ESL); - merged[nam.NAMX_ESL] = '\0'; - return merged; - malloc_err: - ERR_raise(ERR_LIB_DSO, ERR_R_MALLOC_FAILURE); -} - -static char *vms_name_converter(DSO *dso, const char *filename) -{ - char *translated; - int len, transform; - const char *p; - - len = strlen(filename); - - p = strchr(filename, ':'); - if (p != NULL) { - transform = 0; - } else { - p = filename; - transform = (strrchr(p, '>') == NULL && strrchr(p, ']') == NULL); - } - - if (transform) { - int rsize = len + sizeof(DSO_EXTENSION); - - if ((translated = OPENSSL_malloc(rsize)) != NULL) { - p = strrchr(filename, ';'); - if (p != NULL) - len = p - filename; - strncpy(translated, filename, len); - translated[len] = '\0'; - strcat(translated, DSO_EXTENSION); - if (p != NULL) - strcat(translated, p); - } - } else { - translated = OPENSSL_strdup(filename); - } - return translated; -} - -#endif /* OPENSSL_SYS_VMS */ diff --git a/crypto/dso/dso_win32.c b/crypto/dso/dso_win32.c deleted file mode 100644 index 4d3059d43879f8e9108ebdff32ba04aa600aa775..0000000000000000000000000000000000000000 --- a/crypto/dso/dso_win32.c +++ /dev/null @@ -1,671 +0,0 @@ -/* - * Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include "e_os.h" -#include "dso_local.h" - -#if defined(DSO_WIN32) - -# ifdef _WIN32_WCE -# if _WIN32_WCE < 300 -static FARPROC GetProcAddressA(HMODULE hModule, LPCSTR lpProcName) -{ - WCHAR lpProcNameW[64]; - int i; - - for (i = 0; lpProcName[i] && i < 64; i++) - lpProcNameW[i] = (WCHAR)lpProcName[i]; - if (i == 64) - return NULL; - lpProcNameW[i] = 0; - - return GetProcAddressW(hModule, lpProcNameW); -} -# endif -# undef GetProcAddress -# define GetProcAddress GetProcAddressA - -static HINSTANCE LoadLibraryA(LPCSTR lpLibFileName) -{ - WCHAR *fnamw; - size_t len_0 = strlen(lpLibFileName) + 1, i; - -# ifdef _MSC_VER - fnamw = (WCHAR *)_alloca(len_0 * sizeof(WCHAR)); -# else - fnamw = (WCHAR *)alloca(len_0 * sizeof(WCHAR)); -# endif - if (fnamw == NULL) { - SetLastError(ERROR_NOT_ENOUGH_MEMORY); - return NULL; - } -# if defined(_WIN32_WCE) && _WIN32_WCE>=101 - if (!MultiByteToWideChar(CP_ACP, 0, lpLibFileName, len_0, fnamw, len_0)) -# endif - for (i = 0; i < len_0; i++) - fnamw[i] = (WCHAR)lpLibFileName[i]; - - return LoadLibraryW(fnamw); -} -# endif - -/* Part of the hack in "win32_load" ... */ -# define DSO_MAX_TRANSLATED_SIZE 256 - -static int win32_load(DSO *dso); -static int win32_unload(DSO *dso); -static DSO_FUNC_TYPE win32_bind_func(DSO *dso, const char *symname); -static char *win32_name_converter(DSO *dso, const char *filename); -static char *win32_merger(DSO *dso, const char *filespec1, - const char *filespec2); -static int win32_pathbyaddr(void *addr, char *path, int sz); -static void *win32_globallookup(const char *name); - -static const char *openssl_strnchr(const char *string, int c, size_t len); - -static DSO_METHOD dso_meth_win32 = { - "OpenSSL 'win32' shared library method", - win32_load, - win32_unload, - win32_bind_func, - NULL, /* ctrl */ - win32_name_converter, - win32_merger, - NULL, /* init */ - NULL, /* finish */ - win32_pathbyaddr, /* pathbyaddr */ - win32_globallookup -}; - -DSO_METHOD *DSO_METHOD_openssl(void) -{ - return &dso_meth_win32; -} - -/* - * For this DSO_METHOD, our meth_data STACK will contain; (i) a pointer to - * the handle (HINSTANCE) returned from LoadLibrary(), and copied. - */ - -static int win32_load(DSO *dso) -{ - HINSTANCE h = NULL, *p = NULL; - /* See applicable comments from dso_dl.c */ - char *filename = DSO_convert_filename(dso, NULL); - - if (filename == NULL) { - ERR_raise(ERR_LIB_DSO, DSO_R_NO_FILENAME); - goto err; - } - h = LoadLibraryA(filename); - if (h == NULL) { - ERR_raise_data(ERR_LIB_DSO, DSO_R_LOAD_FAILED, - "filename(%s)", filename); - goto err; - } - p = OPENSSL_malloc(sizeof(*p)); - if (p == NULL) { - ERR_raise(ERR_LIB_DSO, ERR_R_MALLOC_FAILURE); - goto err; - } - *p = h; - if (!sk_void_push(dso->meth_data, p)) { - ERR_raise(ERR_LIB_DSO, DSO_R_STACK_ERROR); - goto err; - } - /* Success */ - dso->loaded_filename = filename; - return 1; - err: - /* Cleanup ! */ - OPENSSL_free(filename); - OPENSSL_free(p); - if (h != NULL) - FreeLibrary(h); - return 0; -} - -static int win32_unload(DSO *dso) -{ - HINSTANCE *p; - if (dso == NULL) { - ERR_raise(ERR_LIB_DSO, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - if (sk_void_num(dso->meth_data) < 1) - return 1; - p = sk_void_pop(dso->meth_data); - if (p == NULL) { - ERR_raise(ERR_LIB_DSO, DSO_R_NULL_HANDLE); - return 0; - } - if (!FreeLibrary(*p)) { - ERR_raise(ERR_LIB_DSO, DSO_R_UNLOAD_FAILED); - /* - * We should push the value back onto the stack in case of a retry. - */ - sk_void_push(dso->meth_data, p); - return 0; - } - /* Cleanup */ - OPENSSL_free(p); - return 1; -} - -static DSO_FUNC_TYPE win32_bind_func(DSO *dso, const char *symname) -{ - HINSTANCE *ptr; - union { - void *p; - FARPROC f; - } sym; - - if ((dso == NULL) || (symname == NULL)) { - ERR_raise(ERR_LIB_DSO, ERR_R_PASSED_NULL_PARAMETER); - return NULL; - } - if (sk_void_num(dso->meth_data) < 1) { - ERR_raise(ERR_LIB_DSO, DSO_R_STACK_ERROR); - return NULL; - } - ptr = sk_void_value(dso->meth_data, sk_void_num(dso->meth_data) - 1); - if (ptr == NULL) { - ERR_raise(ERR_LIB_DSO, DSO_R_NULL_HANDLE); - return NULL; - } - sym.f = GetProcAddress(*ptr, symname); - if (sym.p == NULL) { - ERR_raise_data(ERR_LIB_DSO, DSO_R_SYM_FAILURE, "symname(%s)", symname); - return NULL; - } - return (DSO_FUNC_TYPE)sym.f; -} - -struct file_st { - const char *node; - int nodelen; - const char *device; - int devicelen; - const char *predir; - int predirlen; - const char *dir; - int dirlen; - const char *file; - int filelen; -}; - -static struct file_st *win32_splitter(DSO *dso, const char *filename, - int assume_last_is_dir) -{ - struct file_st *result = NULL; - enum { IN_NODE, IN_DEVICE, IN_FILE } position; - const char *start = filename; - char last; - - if (!filename) { - ERR_raise(ERR_LIB_DSO, DSO_R_NO_FILENAME); - return NULL; - } - - result = OPENSSL_zalloc(sizeof(*result)); - if (result == NULL) { - ERR_raise(ERR_LIB_DSO, ERR_R_MALLOC_FAILURE); - return NULL; - } - - position = IN_DEVICE; - - if ((filename[0] == '\\' && filename[1] == '\\') - || (filename[0] == '/' && filename[1] == '/')) { - position = IN_NODE; - filename += 2; - start = filename; - result->node = start; - } - - do { - last = filename[0]; - switch (last) { - case ':': - if (position != IN_DEVICE) { - ERR_raise(ERR_LIB_DSO, DSO_R_INCORRECT_FILE_SYNTAX); - OPENSSL_free(result); - return NULL; - } - result->device = start; - result->devicelen = (int)(filename - start); - position = IN_FILE; - start = ++filename; - result->dir = start; - break; - case '\\': - case '/': - if (position == IN_NODE) { - result->nodelen = (int)(filename - start); - position = IN_FILE; - start = ++filename; - result->dir = start; - } else if (position == IN_DEVICE) { - position = IN_FILE; - filename++; - result->dir = start; - result->dirlen = (int)(filename - start); - start = filename; - } else { - filename++; - result->dirlen += (int)(filename - start); - start = filename; - } - break; - case '\0': - if (position == IN_NODE) { - result->nodelen = (int)(filename - start); - } else { - if (filename - start > 0) { - if (assume_last_is_dir) { - if (position == IN_DEVICE) { - result->dir = start; - result->dirlen = 0; - } - result->dirlen += (int)(filename - start); - } else { - result->file = start; - result->filelen = (int)(filename - start); - } - } - } - break; - default: - filename++; - break; - } - } - while (last); - - if (!result->nodelen) - result->node = NULL; - if (!result->devicelen) - result->device = NULL; - if (!result->dirlen) - result->dir = NULL; - if (!result->filelen) - result->file = NULL; - - return result; -} - -static char *win32_joiner(DSO *dso, const struct file_st *file_split) -{ - int len = 0, offset = 0; - char *result = NULL; - const char *start; - - if (!file_split) { - ERR_raise(ERR_LIB_DSO, ERR_R_PASSED_NULL_PARAMETER); - return NULL; - } - if (file_split->node) { - len += 2 + file_split->nodelen; /* 2 for starting \\ */ - if (file_split->predir || file_split->dir || file_split->file) - len++; /* 1 for ending \ */ - } else if (file_split->device) { - len += file_split->devicelen + 1; /* 1 for ending : */ - } - len += file_split->predirlen; - if (file_split->predir && (file_split->dir || file_split->file)) { - len++; /* 1 for ending \ */ - } - len += file_split->dirlen; - if (file_split->dir && file_split->file) { - len++; /* 1 for ending \ */ - } - len += file_split->filelen; - - if (!len) { - ERR_raise(ERR_LIB_DSO, DSO_R_EMPTY_FILE_STRUCTURE); - return NULL; - } - - result = OPENSSL_malloc(len + 1); - if (result == NULL) { - ERR_raise(ERR_LIB_DSO, ERR_R_MALLOC_FAILURE); - return NULL; - } - - if (file_split->node) { - strcpy(&result[offset], "\\\\"); - offset += 2; - strncpy(&result[offset], file_split->node, file_split->nodelen); - offset += file_split->nodelen; - if (file_split->predir || file_split->dir || file_split->file) { - result[offset] = '\\'; - offset++; - } - } else if (file_split->device) { - strncpy(&result[offset], file_split->device, file_split->devicelen); - offset += file_split->devicelen; - result[offset] = ':'; - offset++; - } - start = file_split->predir; - while (file_split->predirlen > (start - file_split->predir)) { - const char *end = openssl_strnchr(start, '/', - file_split->predirlen - (start - - file_split->predir)); - if (!end) - end = start - + file_split->predirlen - (start - file_split->predir); - strncpy(&result[offset], start, end - start); - offset += (int)(end - start); - result[offset] = '\\'; - offset++; - start = end + 1; - } - start = file_split->dir; - while (file_split->dirlen > (start - file_split->dir)) { - const char *end = openssl_strnchr(start, '/', - file_split->dirlen - (start - - file_split->dir)); - if (!end) - end = start + file_split->dirlen - (start - file_split->dir); - strncpy(&result[offset], start, end - start); - offset += (int)(end - start); - result[offset] = '\\'; - offset++; - start = end + 1; - } - strncpy(&result[offset], file_split->file, file_split->filelen); - offset += file_split->filelen; - result[offset] = '\0'; - return result; -} - -static char *win32_merger(DSO *dso, const char *filespec1, - const char *filespec2) -{ - char *merged = NULL; - struct file_st *filespec1_split = NULL; - struct file_st *filespec2_split = NULL; - - if (!filespec1 && !filespec2) { - ERR_raise(ERR_LIB_DSO, ERR_R_PASSED_NULL_PARAMETER); - return NULL; - } - if (!filespec2) { - merged = OPENSSL_strdup(filespec1); - if (merged == NULL) { - ERR_raise(ERR_LIB_DSO, ERR_R_MALLOC_FAILURE); - return NULL; - } - } else if (!filespec1) { - merged = OPENSSL_strdup(filespec2); - if (merged == NULL) { - ERR_raise(ERR_LIB_DSO, ERR_R_MALLOC_FAILURE); - return NULL; - } - } else { - filespec1_split = win32_splitter(dso, filespec1, 0); - if (!filespec1_split) { - ERR_raise(ERR_LIB_DSO, ERR_R_MALLOC_FAILURE); - return NULL; - } - filespec2_split = win32_splitter(dso, filespec2, 1); - if (!filespec2_split) { - ERR_raise(ERR_LIB_DSO, ERR_R_MALLOC_FAILURE); - OPENSSL_free(filespec1_split); - return NULL; - } - - /* Fill in into filespec1_split */ - if (!filespec1_split->node && !filespec1_split->device) { - filespec1_split->node = filespec2_split->node; - filespec1_split->nodelen = filespec2_split->nodelen; - filespec1_split->device = filespec2_split->device; - filespec1_split->devicelen = filespec2_split->devicelen; - } - if (!filespec1_split->dir) { - filespec1_split->dir = filespec2_split->dir; - filespec1_split->dirlen = filespec2_split->dirlen; - } else if (filespec1_split->dir[0] != '\\' - && filespec1_split->dir[0] != '/') { - filespec1_split->predir = filespec2_split->dir; - filespec1_split->predirlen = filespec2_split->dirlen; - } - if (!filespec1_split->file) { - filespec1_split->file = filespec2_split->file; - filespec1_split->filelen = filespec2_split->filelen; - } - - merged = win32_joiner(dso, filespec1_split); - } - OPENSSL_free(filespec1_split); - OPENSSL_free(filespec2_split); - return merged; -} - -static char *win32_name_converter(DSO *dso, const char *filename) -{ - char *translated; - int len, transform; - - len = strlen(filename); - transform = ((strstr(filename, "/") == NULL) && - (strstr(filename, "\\") == NULL) && - (strstr(filename, ":") == NULL)); - if (transform) - /* We will convert this to "%s.dll" */ - translated = OPENSSL_malloc(len + 5); - else - /* We will simply duplicate filename */ - translated = OPENSSL_malloc(len + 1); - if (translated == NULL) { - ERR_raise(ERR_LIB_DSO, DSO_R_NAME_TRANSLATION_FAILED); - return NULL; - } - if (transform) - sprintf(translated, "%s.dll", filename); - else - sprintf(translated, "%s", filename); - return translated; -} - -static const char *openssl_strnchr(const char *string, int c, size_t len) -{ - size_t i; - const char *p; - for (i = 0, p = string; i < len && *p; i++, p++) { - if (*p == c) - return p; - } - return NULL; -} - -# include -# ifdef _WIN32_WCE -# define DLLNAME "TOOLHELP.DLL" -# else -# ifdef MODULEENTRY32 -# undef MODULEENTRY32 /* unmask the ASCII version! */ -# endif -# define DLLNAME "KERNEL32.DLL" -# endif - -typedef HANDLE(WINAPI *CREATETOOLHELP32SNAPSHOT) (DWORD, DWORD); -typedef BOOL(WINAPI *CLOSETOOLHELP32SNAPSHOT) (HANDLE); -typedef BOOL(WINAPI *MODULE32) (HANDLE, MODULEENTRY32 *); - -static int win32_pathbyaddr(void *addr, char *path, int sz) -{ - HMODULE dll; - HANDLE hModuleSnap = INVALID_HANDLE_VALUE; - MODULEENTRY32 me32; - CREATETOOLHELP32SNAPSHOT create_snap; - CLOSETOOLHELP32SNAPSHOT close_snap; - MODULE32 module_first, module_next; - - if (addr == NULL) { - union { - int (*f) (void *, char *, int); - void *p; - } t = { - win32_pathbyaddr - }; - addr = t.p; - } - - dll = LoadLibrary(TEXT(DLLNAME)); - if (dll == NULL) { - ERR_raise(ERR_LIB_DSO, DSO_R_UNSUPPORTED); - return -1; - } - - create_snap = (CREATETOOLHELP32SNAPSHOT) - GetProcAddress(dll, "CreateToolhelp32Snapshot"); - if (create_snap == NULL) { - FreeLibrary(dll); - ERR_raise(ERR_LIB_DSO, DSO_R_UNSUPPORTED); - return -1; - } - /* We take the rest for granted... */ -# ifdef _WIN32_WCE - close_snap = (CLOSETOOLHELP32SNAPSHOT) - GetProcAddress(dll, "CloseToolhelp32Snapshot"); -# else - close_snap = (CLOSETOOLHELP32SNAPSHOT) CloseHandle; -# endif - module_first = (MODULE32) GetProcAddress(dll, "Module32First"); - module_next = (MODULE32) GetProcAddress(dll, "Module32Next"); - - /* - * Take a snapshot of current process which includes - * list of all involved modules. - */ - hModuleSnap = (*create_snap) (TH32CS_SNAPMODULE, 0); - if (hModuleSnap == INVALID_HANDLE_VALUE) { - FreeLibrary(dll); - ERR_raise(ERR_LIB_DSO, DSO_R_UNSUPPORTED); - return -1; - } - - me32.dwSize = sizeof(me32); - - if (!(*module_first) (hModuleSnap, &me32)) { - (*close_snap) (hModuleSnap); - FreeLibrary(dll); - ERR_raise(ERR_LIB_DSO, DSO_R_FAILURE); - return -1; - } - - /* Enumerate the modules to find one which includes me. */ - do { - if ((size_t) addr >= (size_t) me32.modBaseAddr && - (size_t) addr < (size_t) (me32.modBaseAddr + me32.modBaseSize)) { - (*close_snap) (hModuleSnap); - FreeLibrary(dll); -# ifdef _WIN32_WCE -# if _WIN32_WCE >= 101 - return WideCharToMultiByte(CP_ACP, 0, me32.szExePath, -1, - path, sz, NULL, NULL); -# else - { - int i, len = (int)wcslen(me32.szExePath); - if (sz <= 0) - return len + 1; - if (len >= sz) - len = sz - 1; - for (i = 0; i < len; i++) - path[i] = (char)me32.szExePath[i]; - path[len++] = '\0'; - return len; - } -# endif -# else - { - int len = (int)strlen(me32.szExePath); - if (sz <= 0) - return len + 1; - if (len >= sz) - len = sz - 1; - memcpy(path, me32.szExePath, len); - path[len++] = '\0'; - return len; - } -# endif - } - } while ((*module_next) (hModuleSnap, &me32)); - - (*close_snap) (hModuleSnap); - FreeLibrary(dll); - return 0; -} - -static void *win32_globallookup(const char *name) -{ - HMODULE dll; - HANDLE hModuleSnap = INVALID_HANDLE_VALUE; - MODULEENTRY32 me32; - CREATETOOLHELP32SNAPSHOT create_snap; - CLOSETOOLHELP32SNAPSHOT close_snap; - MODULE32 module_first, module_next; - union { - void *p; - FARPROC f; - } ret = { NULL }; - - dll = LoadLibrary(TEXT(DLLNAME)); - if (dll == NULL) { - ERR_raise(ERR_LIB_DSO, DSO_R_UNSUPPORTED); - return NULL; - } - - create_snap = (CREATETOOLHELP32SNAPSHOT) - GetProcAddress(dll, "CreateToolhelp32Snapshot"); - if (create_snap == NULL) { - FreeLibrary(dll); - ERR_raise(ERR_LIB_DSO, DSO_R_UNSUPPORTED); - return NULL; - } - /* We take the rest for granted... */ -# ifdef _WIN32_WCE - close_snap = (CLOSETOOLHELP32SNAPSHOT) - GetProcAddress(dll, "CloseToolhelp32Snapshot"); -# else - close_snap = (CLOSETOOLHELP32SNAPSHOT) CloseHandle; -# endif - module_first = (MODULE32) GetProcAddress(dll, "Module32First"); - module_next = (MODULE32) GetProcAddress(dll, "Module32Next"); - - hModuleSnap = (*create_snap) (TH32CS_SNAPMODULE, 0); - if (hModuleSnap == INVALID_HANDLE_VALUE) { - FreeLibrary(dll); - ERR_raise(ERR_LIB_DSO, DSO_R_UNSUPPORTED); - return NULL; - } - - me32.dwSize = sizeof(me32); - - if (!(*module_first) (hModuleSnap, &me32)) { - (*close_snap) (hModuleSnap); - FreeLibrary(dll); - return NULL; - } - - do { - if ((ret.f = GetProcAddress(me32.hModule, name))) { - (*close_snap) (hModuleSnap); - FreeLibrary(dll); - return ret.p; - } - } while ((*module_next) (hModuleSnap, &me32)); - - (*close_snap) (hModuleSnap); - FreeLibrary(dll); - return NULL; -} -#endif /* DSO_WIN32 */ diff --git a/crypto/ebcdic.c b/crypto/ebcdic.c deleted file mode 100644 index 970ffc015c9d8d757d24d38a5c85a095cdaaf50b..0000000000000000000000000000000000000000 --- a/crypto/ebcdic.c +++ /dev/null @@ -1,361 +0,0 @@ -/* - * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -# include -#ifndef CHARSET_EBCDIC -NON_EMPTY_TRANSLATION_UNIT -#else - -# include - -# ifdef CHARSET_EBCDIC_TEST -/* - * Here we're looking to test the EBCDIC code on an ASCII system so we don't do - * any translation in these tables at all. - */ - -/* The ebcdic-to-ascii table: */ -const unsigned char os_toascii[256] = { - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, - 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, - 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, - 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, - 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, - 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, - 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, - 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, - 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, - 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, - 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f, - 0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, - 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, - 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, - 0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f, - 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, - 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, - 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, - 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f, - 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7, - 0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf, - 0xb0, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6, 0xb7, - 0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf, - 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7, - 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf, - 0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7, - 0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf, - 0xe0, 0xe1, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7, - 0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef, - 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, - 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff -}; - -/* The ascii-to-ebcdic table: */ -const unsigned char os_toebcdic[256] = { - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, - 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, - 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, - 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, - 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, - 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, - 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, - 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, - 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, - 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, - 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f, - 0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, - 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, - 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, - 0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f, - 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, - 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, - 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, - 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f, - 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7, - 0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf, - 0xb0, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6, 0xb7, - 0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf, - 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7, - 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf, - 0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7, - 0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf, - 0xe0, 0xe1, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7, - 0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef, - 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, - 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff -}; - -# elif defined(_OSD_POSIX) -/* - * "BS2000 OSD" is a POSIX subsystem on a main frame. It is made by Siemens - * AG, Germany, for their BS2000 mainframe machines. Within the POSIX - * subsystem, the same character set was chosen as in "native BS2000", namely - * EBCDIC. (EDF04) - * - * The name "ASCII" in these routines is misleading: actually, conversion is - * not between EBCDIC and ASCII, but EBCDIC(EDF04) and ISO-8859.1; that means - * that (western european) national characters are preserved. - * - * This table is identical to the one used by rsh/rcp/ftp and other POSIX - * tools. - */ - -/* Here's the bijective ebcdic-to-ascii table: */ -const unsigned char os_toascii[256] = { - /* - * 00 - */ 0x00, 0x01, 0x02, 0x03, 0x85, 0x09, 0x86, 0x7f, - 0x87, 0x8d, 0x8e, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, /* ................ */ - /* - * 10 - */ 0x10, 0x11, 0x12, 0x13, 0x8f, 0x0a, 0x08, 0x97, - 0x18, 0x19, 0x9c, 0x9d, 0x1c, 0x1d, 0x1e, 0x1f, /* ................ */ - /* - * 20 - */ 0x80, 0x81, 0x82, 0x83, 0x84, 0x92, 0x17, 0x1b, - 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x05, 0x06, 0x07, /* ................ */ - /* - * 30 - */ 0x90, 0x91, 0x16, 0x93, 0x94, 0x95, 0x96, 0x04, - 0x98, 0x99, 0x9a, 0x9b, 0x14, 0x15, 0x9e, 0x1a, /* ................ */ - /* - * 40 - */ 0x20, 0xa0, 0xe2, 0xe4, 0xe0, 0xe1, 0xe3, 0xe5, - 0xe7, 0xf1, 0x60, 0x2e, 0x3c, 0x28, 0x2b, 0x7c, /* .........`.<(+| */ - /* - * 50 - */ 0x26, 0xe9, 0xea, 0xeb, 0xe8, 0xed, 0xee, 0xef, - 0xec, 0xdf, 0x21, 0x24, 0x2a, 0x29, 0x3b, 0x9f, /* &.........!$*);. */ - /* - * 60 - */ 0x2d, 0x2f, 0xc2, 0xc4, 0xc0, 0xc1, 0xc3, 0xc5, - 0xc7, 0xd1, 0x5e, 0x2c, 0x25, 0x5f, 0x3e, 0x3f, /*-/........^,%_>?*/ - /* - * 70 - */ 0xf8, 0xc9, 0xca, 0xcb, 0xc8, 0xcd, 0xce, 0xcf, - 0xcc, 0xa8, 0x3a, 0x23, 0x40, 0x27, 0x3d, 0x22, /* ..........:#@'=" */ - /* - * 80 - */ 0xd8, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, - 0x68, 0x69, 0xab, 0xbb, 0xf0, 0xfd, 0xfe, 0xb1, /* .abcdefghi...... */ - /* - * 90 - */ 0xb0, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70, - 0x71, 0x72, 0xaa, 0xba, 0xe6, 0xb8, 0xc6, 0xa4, /* .jklmnopqr...... */ - /* - * a0 - */ 0xb5, 0xaf, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, - 0x79, 0x7a, 0xa1, 0xbf, 0xd0, 0xdd, 0xde, 0xae, /* ..stuvwxyz...... */ - /* - * b0 - */ 0xa2, 0xa3, 0xa5, 0xb7, 0xa9, 0xa7, 0xb6, 0xbc, - 0xbd, 0xbe, 0xac, 0x5b, 0x5c, 0x5d, 0xb4, 0xd7, /* ...........[\].. */ - /* - * c0 - */ 0xf9, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, - 0x48, 0x49, 0xad, 0xf4, 0xf6, 0xf2, 0xf3, 0xf5, /* .ABCDEFGHI...... */ - /* - * d0 - */ 0xa6, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, 0x50, - 0x51, 0x52, 0xb9, 0xfb, 0xfc, 0xdb, 0xfa, 0xff, /* .JKLMNOPQR...... */ - /* - * e0 - */ 0xd9, 0xf7, 0x53, 0x54, 0x55, 0x56, 0x57, 0x58, - 0x59, 0x5a, 0xb2, 0xd4, 0xd6, 0xd2, 0xd3, 0xd5, /* ..STUVWXYZ...... */ - /* - * f0 - */ 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, - 0x38, 0x39, 0xb3, 0x7b, 0xdc, 0x7d, 0xda, 0x7e /* 0123456789.{.}.~ */ -}; - -/* The ascii-to-ebcdic table: */ -const unsigned char os_toebcdic[256] = { - /* - * 00 - */ 0x00, 0x01, 0x02, 0x03, 0x37, 0x2d, 0x2e, 0x2f, - 0x16, 0x05, 0x15, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, /* ................ */ - /* - * 10 - */ 0x10, 0x11, 0x12, 0x13, 0x3c, 0x3d, 0x32, 0x26, - 0x18, 0x19, 0x3f, 0x27, 0x1c, 0x1d, 0x1e, 0x1f, /* ................ */ - /* - * 20 - */ 0x40, 0x5a, 0x7f, 0x7b, 0x5b, 0x6c, 0x50, 0x7d, - 0x4d, 0x5d, 0x5c, 0x4e, 0x6b, 0x60, 0x4b, 0x61, /* !"#$%&'()*+,-./ */ - /* - * 30 - */ 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, - 0xf8, 0xf9, 0x7a, 0x5e, 0x4c, 0x7e, 0x6e, 0x6f, /* 0123456789:;<=>? */ - /* - * 40 - */ 0x7c, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7, - 0xc8, 0xc9, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, /* @ABCDEFGHIJKLMNO */ - /* - * 50 - */ 0xd7, 0xd8, 0xd9, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, - 0xe7, 0xe8, 0xe9, 0xbb, 0xbc, 0xbd, 0x6a, 0x6d, /* PQRSTUVWXYZ[\]^_ */ - /* - * 60 - */ 0x4a, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, - 0x88, 0x89, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, /* `abcdefghijklmno */ - /* - * 70 - */ 0x97, 0x98, 0x99, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, - 0xa7, 0xa8, 0xa9, 0xfb, 0x4f, 0xfd, 0xff, 0x07, /* pqrstuvwxyz{|}~. */ - /* - * 80 - */ 0x20, 0x21, 0x22, 0x23, 0x24, 0x04, 0x06, 0x08, - 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x09, 0x0a, 0x14, /* ................ */ - /* - * 90 - */ 0x30, 0x31, 0x25, 0x33, 0x34, 0x35, 0x36, 0x17, - 0x38, 0x39, 0x3a, 0x3b, 0x1a, 0x1b, 0x3e, 0x5f, /* ................ */ - /* - * a0 - */ 0x41, 0xaa, 0xb0, 0xb1, 0x9f, 0xb2, 0xd0, 0xb5, - 0x79, 0xb4, 0x9a, 0x8a, 0xba, 0xca, 0xaf, 0xa1, /* ................ */ - /* - * b0 - */ 0x90, 0x8f, 0xea, 0xfa, 0xbe, 0xa0, 0xb6, 0xb3, - 0x9d, 0xda, 0x9b, 0x8b, 0xb7, 0xb8, 0xb9, 0xab, /* ................ */ - /* - * c0 - */ 0x64, 0x65, 0x62, 0x66, 0x63, 0x67, 0x9e, 0x68, - 0x74, 0x71, 0x72, 0x73, 0x78, 0x75, 0x76, 0x77, /* ................ */ - /* - * d0 - */ 0xac, 0x69, 0xed, 0xee, 0xeb, 0xef, 0xec, 0xbf, - 0x80, 0xe0, 0xfe, 0xdd, 0xfc, 0xad, 0xae, 0x59, /* ................ */ - /* - * e0 - */ 0x44, 0x45, 0x42, 0x46, 0x43, 0x47, 0x9c, 0x48, - 0x54, 0x51, 0x52, 0x53, 0x58, 0x55, 0x56, 0x57, /* ................ */ - /* - * f0 - */ 0x8c, 0x49, 0xcd, 0xce, 0xcb, 0xcf, 0xcc, 0xe1, - 0x70, 0xc0, 0xde, 0xdb, 0xdc, 0x8d, 0x8e, 0xdf /* ................ */ -}; - -# else /*_OSD_POSIX*/ - -/* - * This code does basic character mapping for IBM's TPF and OS/390 operating - * systems. It is a modified version of the BS2000 table. - * - * Bijective EBCDIC (character set IBM-1047) to US-ASCII table: This table is - * bijective - there are no ambiguous or duplicate characters. - */ -const unsigned char os_toascii[256] = { - 0x00, 0x01, 0x02, 0x03, 0x85, 0x09, 0x86, 0x7f, /* 00-0f: */ - 0x87, 0x8d, 0x8e, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, /* ................ */ - 0x10, 0x11, 0x12, 0x13, 0x8f, 0x0a, 0x08, 0x97, /* 10-1f: */ - 0x18, 0x19, 0x9c, 0x9d, 0x1c, 0x1d, 0x1e, 0x1f, /* ................ */ - 0x80, 0x81, 0x82, 0x83, 0x84, 0x92, 0x17, 0x1b, /* 20-2f: */ - 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x05, 0x06, 0x07, /* ................ */ - 0x90, 0x91, 0x16, 0x93, 0x94, 0x95, 0x96, 0x04, /* 30-3f: */ - 0x98, 0x99, 0x9a, 0x9b, 0x14, 0x15, 0x9e, 0x1a, /* ................ */ - 0x20, 0xa0, 0xe2, 0xe4, 0xe0, 0xe1, 0xe3, 0xe5, /* 40-4f: */ - 0xe7, 0xf1, 0xa2, 0x2e, 0x3c, 0x28, 0x2b, 0x7c, /* ...........<(+| */ - 0x26, 0xe9, 0xea, 0xeb, 0xe8, 0xed, 0xee, 0xef, /* 50-5f: */ - 0xec, 0xdf, 0x21, 0x24, 0x2a, 0x29, 0x3b, 0x5e, /* &.........!$*);^ */ - 0x2d, 0x2f, 0xc2, 0xc4, 0xc0, 0xc1, 0xc3, 0xc5, /* 60-6f: */ - 0xc7, 0xd1, 0xa6, 0x2c, 0x25, 0x5f, 0x3e, 0x3f, /* -/.........,%_>? */ - 0xf8, 0xc9, 0xca, 0xcb, 0xc8, 0xcd, 0xce, 0xcf, /* 70-7f: */ - 0xcc, 0x60, 0x3a, 0x23, 0x40, 0x27, 0x3d, 0x22, /* .........`:#@'=" */ - 0xd8, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, /* 80-8f: */ - 0x68, 0x69, 0xab, 0xbb, 0xf0, 0xfd, 0xfe, 0xb1, /* .abcdefghi...... */ - 0xb0, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70, /* 90-9f: */ - 0x71, 0x72, 0xaa, 0xba, 0xe6, 0xb8, 0xc6, 0xa4, /* .jklmnopqr...... */ - 0xb5, 0x7e, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, /* a0-af: */ - 0x79, 0x7a, 0xa1, 0xbf, 0xd0, 0x5b, 0xde, 0xae, /* .~stuvwxyz...[.. */ - 0xac, 0xa3, 0xa5, 0xb7, 0xa9, 0xa7, 0xb6, 0xbc, /* b0-bf: */ - 0xbd, 0xbe, 0xdd, 0xa8, 0xaf, 0x5d, 0xb4, 0xd7, /* .............].. */ - 0x7b, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, /* c0-cf: */ - 0x48, 0x49, 0xad, 0xf4, 0xf6, 0xf2, 0xf3, 0xf5, /* {ABCDEFGHI...... */ - 0x7d, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, 0x50, /* d0-df: */ - 0x51, 0x52, 0xb9, 0xfb, 0xfc, 0xf9, 0xfa, 0xff, /* }JKLMNOPQR...... */ - 0x5c, 0xf7, 0x53, 0x54, 0x55, 0x56, 0x57, 0x58, /* e0-ef: */ - 0x59, 0x5a, 0xb2, 0xd4, 0xd6, 0xd2, 0xd3, 0xd5, /* \.STUVWXYZ...... */ - 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, /* f0-ff: */ - 0x38, 0x39, 0xb3, 0xdb, 0xdc, 0xd9, 0xda, 0x9f /* 0123456789...... */ -}; - -/* - * The US-ASCII to EBCDIC (character set IBM-1047) table: This table is - * bijective (no ambiguous or duplicate characters) - */ -const unsigned char os_toebcdic[256] = { - 0x00, 0x01, 0x02, 0x03, 0x37, 0x2d, 0x2e, 0x2f, /* 00-0f: */ - 0x16, 0x05, 0x15, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, /* ................ */ - 0x10, 0x11, 0x12, 0x13, 0x3c, 0x3d, 0x32, 0x26, /* 10-1f: */ - 0x18, 0x19, 0x3f, 0x27, 0x1c, 0x1d, 0x1e, 0x1f, /* ................ */ - 0x40, 0x5a, 0x7f, 0x7b, 0x5b, 0x6c, 0x50, 0x7d, /* 20-2f: */ - 0x4d, 0x5d, 0x5c, 0x4e, 0x6b, 0x60, 0x4b, 0x61, /* !"#$%&'()*+,-./ */ - 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, /* 30-3f: */ - 0xf8, 0xf9, 0x7a, 0x5e, 0x4c, 0x7e, 0x6e, 0x6f, /* 0123456789:;<=>? */ - 0x7c, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7, /* 40-4f: */ - 0xc8, 0xc9, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, /* @ABCDEFGHIJKLMNO */ - 0xd7, 0xd8, 0xd9, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, /* 50-5f: */ - 0xe7, 0xe8, 0xe9, 0xad, 0xe0, 0xbd, 0x5f, 0x6d, /* PQRSTUVWXYZ[\]^_ */ - 0x79, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, /* 60-6f: */ - 0x88, 0x89, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, /* `abcdefghijklmno */ - 0x97, 0x98, 0x99, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, /* 70-7f: */ - 0xa7, 0xa8, 0xa9, 0xc0, 0x4f, 0xd0, 0xa1, 0x07, /* pqrstuvwxyz{|}~. */ - 0x20, 0x21, 0x22, 0x23, 0x24, 0x04, 0x06, 0x08, /* 80-8f: */ - 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x09, 0x0a, 0x14, /* ................ */ - 0x30, 0x31, 0x25, 0x33, 0x34, 0x35, 0x36, 0x17, /* 90-9f: */ - 0x38, 0x39, 0x3a, 0x3b, 0x1a, 0x1b, 0x3e, 0xff, /* ................ */ - 0x41, 0xaa, 0x4a, 0xb1, 0x9f, 0xb2, 0x6a, 0xb5, /* a0-af: */ - 0xbb, 0xb4, 0x9a, 0x8a, 0xb0, 0xca, 0xaf, 0xbc, /* ................ */ - 0x90, 0x8f, 0xea, 0xfa, 0xbe, 0xa0, 0xb6, 0xb3, /* b0-bf: */ - 0x9d, 0xda, 0x9b, 0x8b, 0xb7, 0xb8, 0xb9, 0xab, /* ................ */ - 0x64, 0x65, 0x62, 0x66, 0x63, 0x67, 0x9e, 0x68, /* c0-cf: */ - 0x74, 0x71, 0x72, 0x73, 0x78, 0x75, 0x76, 0x77, /* ................ */ - 0xac, 0x69, 0xed, 0xee, 0xeb, 0xef, 0xec, 0xbf, /* d0-df: */ - 0x80, 0xfd, 0xfe, 0xfb, 0xfc, 0xba, 0xae, 0x59, /* ................ */ - 0x44, 0x45, 0x42, 0x46, 0x43, 0x47, 0x9c, 0x48, /* e0-ef: */ - 0x54, 0x51, 0x52, 0x53, 0x58, 0x55, 0x56, 0x57, /* ................ */ - 0x8c, 0x49, 0xcd, 0xce, 0xcb, 0xcf, 0xcc, 0xe1, /* f0-ff: */ - 0x70, 0xdd, 0xde, 0xdb, 0xdc, 0x8d, 0x8e, 0xdf /* ................ */ -}; -# endif/*_OSD_POSIX*/ - -/* - * Translate a memory block from EBCDIC (host charset) to ASCII (net charset) - * dest and srce may be identical, or separate memory blocks, but should not - * overlap. These functions intentionally have an interface compatible to - * memcpy(3). - */ - -void *ebcdic2ascii(void *dest, const void *srce, size_t count) -{ - unsigned char *udest = dest; - const unsigned char *usrce = srce; - - while (count-- != 0) { - *udest++ = os_toascii[*usrce++]; - } - - return dest; -} - -void *ascii2ebcdic(void *dest, const void *srce, size_t count) -{ - unsigned char *udest = dest; - const unsigned char *usrce = srce; - - while (count-- != 0) { - *udest++ = os_toebcdic[*usrce++]; - } - - return dest; -} - -#endif diff --git a/crypto/ec/asm/ecp_nistp521-ppc64.pl b/crypto/ec/asm/ecp_nistp521-ppc64.pl deleted file mode 100755 index 4260e24a1f577de64eb6ffbe77bab55d0aa8f7a0..0000000000000000000000000000000000000000 --- a/crypto/ec/asm/ecp_nistp521-ppc64.pl +++ /dev/null @@ -1,435 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2021-2022 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html -# -# ==================================================================== -# Written by Amitay Isaacs and Martin Schwenke -# for the OpenSSL project. -# ==================================================================== -# -# p521 lower-level primitives for PPC64 using vector instructions. -# - -use strict; -use warnings; - -my $flavour = shift; -my $output = ""; -while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {} -if (!$output) { - $output = "-"; -} - -my ($xlate, $dir); -$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; -( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or -( $xlate="${dir}../../perlasm/ppc-xlate.pl" and -f $xlate) or -die "can't locate ppc-xlate.pl"; - -open OUT,"| \"$^X\" $xlate $flavour $output"; -*STDOUT=*OUT; - -my $code = ""; - -my ($sp, $outp, $savelr, $savesp) = ("r1", "r3", "r10", "r12"); - -my $vzero = "v32"; - -sub startproc($) -{ - my ($name) = @_; - - $code.=<<___; - .globl ${name} - .align 5 -${name}: - -___ -} - -sub endproc($) -{ - my ($name) = @_; - - $code.=<<___; - blr - .size ${name},.-${name} - -___ -} - - -sub push_vrs($$) -{ - my ($min, $max) = @_; - - my $count = $max - $min + 1; - - $code.=<<___; - mr $savesp,$sp - stdu $sp,-16*`$count+1`($sp) - -___ - for (my $i = $min; $i <= $max; $i++) { - my $mult = $max - $i + 1; - $code.=<<___; - stxv $i,-16*$mult($savesp) -___ - - } - - $code.=<<___; - -___ -} - -sub pop_vrs($$) -{ - my ($min, $max) = @_; - - $code.=<<___; - ld $savesp,0($sp) -___ - for (my $i = $min; $i <= $max; $i++) { - my $mult = $max - $i + 1; - $code.=<<___; - lxv $i,-16*$mult($savesp) -___ - } - - $code.=<<___; - mr $sp,$savesp - -___ -} - -sub load_vrs($$) -{ - my ($pointer, $reg_list) = @_; - - for (my $i = 0; $i <= 8; $i++) { - my $offset = $i * 8; - $code.=<<___; - lxsd $reg_list->[$i],$offset($pointer) -___ - } - - $code.=<<___; - -___ -} - -sub store_vrs($$) -{ - my ($pointer, $reg_list) = @_; - - for (my $i = 0; $i <= 8; $i++) { - my $offset = $i * 16; - $code.=<<___; - stxv $reg_list->[$i],$offset($pointer) -___ - } - - $code.=<<___; - -___ -} - -$code.=<<___; -.text - -___ - -{ - # mul/square common - my ($t1, $t2, $t3, $t4) = ("v33", "v34", "v44", "v54"); - my ($zero, $one) = ("r8", "r9"); - my @out = map("v$_",(55..63)); - - { - # - # p521_felem_mul - # - - my ($in1p, $in2p) = ("r4", "r5"); - my @in1 = map("v$_",(45..53)); - my @in2 = map("v$_",(35..43)); - - startproc("p521_felem_mul"); - - push_vrs(52, 63); - - $code.=<<___; - vspltisw $vzero,0 - -___ - - load_vrs($in1p, \@in1); - load_vrs($in2p, \@in2); - - $code.=<<___; - vmsumudm $out[0],$in1[0],$in2[0],$vzero - - xxpermdi $t1,$in1[0],$in1[1],0b00 - xxpermdi $t2,$in2[1],$in2[0],0b00 - vmsumudm $out[1],$t1,$t2,$vzero - - xxpermdi $t2,$in2[2],$in2[1],0b00 - vmsumudm $out[2],$t1,$t2,$vzero - vmsumudm $out[2],$in1[2],$in2[0],$out[2] - - xxpermdi $t2,$in2[3],$in2[2],0b00 - vmsumudm $out[3],$t1,$t2,$vzero - xxpermdi $t3,$in1[2],$in1[3],0b00 - xxpermdi $t4,$in2[1],$in2[0],0b00 - vmsumudm $out[3],$t3,$t4,$out[3] - - xxpermdi $t2,$in2[4],$in2[3],0b00 - vmsumudm $out[4],$t1,$t2,$vzero - xxpermdi $t4,$in2[2],$in2[1],0b00 - vmsumudm $out[4],$t3,$t4,$out[4] - vmsumudm $out[4],$in1[4],$in2[0],$out[4] - - xxpermdi $t2,$in2[5],$in2[4],0b00 - vmsumudm $out[5],$t1,$t2,$vzero - xxpermdi $t4,$in2[3],$in2[2],0b00 - vmsumudm $out[5],$t3,$t4,$out[5] - - xxpermdi $t2,$in2[6],$in2[5],0b00 - vmsumudm $out[6],$t1,$t2,$vzero - xxpermdi $t4,$in2[4],$in2[3],0b00 - vmsumudm $out[6],$t3,$t4,$out[6] - - xxpermdi $t2,$in2[7],$in2[6],0b00 - vmsumudm $out[7],$t1,$t2,$vzero - xxpermdi $t4,$in2[5],$in2[4],0b00 - vmsumudm $out[7],$t3,$t4,$out[7] - - xxpermdi $t2,$in2[8],$in2[7],0b00 - vmsumudm $out[8],$t1,$t2,$vzero - xxpermdi $t4,$in2[6],$in2[5],0b00 - vmsumudm $out[8],$t3,$t4,$out[8] - - xxpermdi $t1,$in1[4],$in1[5],0b00 - xxpermdi $t2,$in2[1],$in2[0],0b00 - vmsumudm $out[5],$t1,$t2,$out[5] - - xxpermdi $t2,$in2[2],$in2[1],0b00 - vmsumudm $out[6],$t1,$t2,$out[6] - vmsumudm $out[6],$in1[6],$in2[0],$out[6] - - xxpermdi $t2,$in2[3],$in2[2],0b00 - vmsumudm $out[7],$t1,$t2,$out[7] - xxpermdi $t3,$in1[6],$in1[7],0b00 - xxpermdi $t4,$in2[1],$in2[0],0b00 - vmsumudm $out[7],$t3,$t4,$out[7] - - xxpermdi $t2,$in2[4],$in2[3],0b00 - vmsumudm $out[8],$t1,$t2,$out[8] - xxpermdi $t4,$in2[2],$in2[1],0b00 - vmsumudm $out[8],$t3,$t4,$out[8] - vmsumudm $out[8],$in1[8],$in2[0],$out[8] - - li $zero,0 - li $one,1 - mtvsrdd $t1,$one,$zero -___ - - for (my $i = 0; $i <= 8; $i++) { - $code.=<<___; - vsld $in2[$i],$in2[$i],$t1 -___ - } - - $code.=<<___; - - vmsumudm $out[7],$in1[8],$in2[8],$out[7] - - xxpermdi $t2,$in2[8],$in2[7],0b00 - xxpermdi $t1,$in1[7],$in1[8],0b00 - vmsumudm $out[6],$t1,$t2,$out[6] - - xxpermdi $t1,$in1[6],$in1[7],0b00 - vmsumudm $out[5],$t1,$t2,$out[5] - vmsumudm $out[5],$in1[8],$in2[6],$out[5] - - xxpermdi $t1,$in1[5],$in1[6],0b00 - vmsumudm $out[4],$t1,$t2,$out[4] - xxpermdi $t4,$in2[6],$in2[5],0b00 - xxpermdi $t3,$in1[7],$in1[8],0b00 - vmsumudm $out[4],$t3,$t4,$out[4] - - xxpermdi $t1,$in1[4],$in1[5],0b00 - vmsumudm $out[3],$t1,$t2,$out[3] - xxpermdi $t3,$in1[6],$in1[7],0b00 - vmsumudm $out[3],$t3,$t4,$out[3] - vmsumudm $out[3],$in1[8],$in2[4],$out[3] - - xxpermdi $t1,$in1[3],$in1[4],0b00 - vmsumudm $out[2],$t1,$t2,$out[2] - xxpermdi $t3,$in1[5],$in1[6],0b00 - vmsumudm $out[2],$t3,$t4,$out[2] - - xxpermdi $t1,$in1[2],$in1[3],0b00 - vmsumudm $out[1],$t1,$t2,$out[1] - xxpermdi $t3,$in1[4],$in1[5],0b00 - vmsumudm $out[1],$t3,$t4,$out[1] - - xxpermdi $t1,$in1[1],$in1[2],0b00 - vmsumudm $out[0],$t1,$t2,$out[0] - xxpermdi $t3,$in1[3],$in1[4],0b00 - vmsumudm $out[0],$t3,$t4,$out[0] - - xxpermdi $t2,$in2[4],$in2[3],0b00 - xxpermdi $t1,$in1[7],$in1[8],0b00 - vmsumudm $out[2],$t1,$t2,$out[2] - - xxpermdi $t1,$in1[6],$in1[7],0b00 - vmsumudm $out[1],$t1,$t2,$out[1] - vmsumudm $out[1],$in1[8],$in2[2],$out[1] - - xxpermdi $t1,$in1[5],$in1[6],0b00 - vmsumudm $out[0],$t1,$t2,$out[0] - xxpermdi $t4,$in2[2],$in2[1],0b00 - xxpermdi $t3,$in1[7],$in1[8],0b00 - vmsumudm $out[0],$t3,$t4,$out[0] - -___ - - store_vrs($outp, \@out); - - pop_vrs(52, 63); - - endproc("p521_felem_mul"); - } - - { - # - # p51_felem_square - # - - my ($inp) = ("r4"); - my @in = map("v$_",(45..53)); - my @inx2 = map("v$_",(35..43)); - - startproc("p521_felem_square"); - - push_vrs(52, 63); - - $code.=<<___; - vspltisw $vzero,0 - -___ - - load_vrs($inp, \@in); - - $code.=<<___; - li $zero,0 - li $one,1 - mtvsrdd $t1,$one,$zero -___ - - for (my $i = 0; $i <= 8; $i++) { - $code.=<<___; - vsld $inx2[$i],$in[$i],$t1 -___ - } - - $code.=<<___; - vmsumudm $out[0],$in[0],$in[0],$vzero - - vmsumudm $out[1],$in[0],$inx2[1],$vzero - - xxpermdi $t1,$in[0],$in[1],0b00 - xxpermdi $t2,$inx2[2],$in[1],0b00 - vmsumudm $out[2],$t1,$t2,$vzero - - xxpermdi $t2,$inx2[3],$inx2[2],0b00 - vmsumudm $out[3],$t1,$t2,$vzero - - xxpermdi $t2,$inx2[4],$inx2[3],0b00 - vmsumudm $out[4],$t1,$t2,$vzero - vmsumudm $out[4],$in[2],$in[2],$out[4] - - xxpermdi $t2,$inx2[5],$inx2[4],0b00 - vmsumudm $out[5],$t1,$t2,$vzero - vmsumudm $out[5],$in[2],$inx2[3],$out[5] - - xxpermdi $t2,$inx2[6],$inx2[5],0b00 - vmsumudm $out[6],$t1,$t2,$vzero - xxpermdi $t3,$in[2],$in[3],0b00 - xxpermdi $t4,$inx2[4],$in[3],0b00 - vmsumudm $out[6],$t3,$t4,$out[6] - - xxpermdi $t2,$inx2[7],$inx2[6],0b00 - vmsumudm $out[7],$t1,$t2,$vzero - xxpermdi $t4,$inx2[5],$inx2[4],0b00 - vmsumudm $out[7],$t3,$t4,$out[7] - - xxpermdi $t2,$inx2[8],$inx2[7],0b00 - vmsumudm $out[8],$t1,$t2,$vzero - xxpermdi $t4,$inx2[6],$inx2[5],0b00 - vmsumudm $out[8],$t3,$t4,$out[8] - vmsumudm $out[8],$in[4],$in[4],$out[8] - - vmsumudm $out[1],$in[5],$inx2[5],$out[1] - - vmsumudm $out[3],$in[6],$inx2[6],$out[3] - - vmsumudm $out[5],$in[7],$inx2[7],$out[5] - - vmsumudm $out[7],$in[8],$inx2[8],$out[7] - - mtvsrdd $t1,$one,$zero -___ - - for (my $i = 5; $i <= 8; $i++) { - $code.=<<___; - vsld $inx2[$i],$inx2[$i],$t1 -___ - } - - $code.=<<___; - - vmsumudm $out[6],$in[7],$inx2[8],$out[6] - - vmsumudm $out[5],$in[6],$inx2[8],$out[5] - - xxpermdi $t2,$inx2[8],$inx2[7],0b00 - xxpermdi $t1,$in[5],$in[6],0b00 - vmsumudm $out[4],$t1,$t2,$out[4] - - xxpermdi $t1,$in[4],$in[5],0b00 - vmsumudm $out[3],$t1,$t2,$out[3] - - xxpermdi $t1,$in[3],$in[4],0b00 - vmsumudm $out[2],$t1,$t2,$out[2] - vmsumudm $out[2],$in[5],$inx2[6],$out[2] - - xxpermdi $t1,$in[2],$in[3],0b00 - vmsumudm $out[1],$t1,$t2,$out[1] - vmsumudm $out[1],$in[4],$inx2[6],$out[1] - - xxpermdi $t1,$in[1],$in[2],0b00 - vmsumudm $out[0],$t1,$t2,$out[0] - xxpermdi $t2,$inx2[6],$inx2[5],0b00 - xxpermdi $t1,$in[3],$in[4],0b00 - vmsumudm $out[0],$t1,$t2,$out[0] - -___ - - store_vrs($outp, \@out); - - pop_vrs(52, 63); - - endproc("p521_felem_square"); - } -} - -$code =~ s/\`([^\`]*)\`/eval $1/gem; -print $code; -close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/ec/asm/ecp_nistz256-armv4.pl b/crypto/ec/asm/ecp_nistz256-armv4.pl deleted file mode 100755 index 0adad26cb11fa870fbccad9bce3be06c733edae4..0000000000000000000000000000000000000000 --- a/crypto/ec/asm/ecp_nistz256-armv4.pl +++ /dev/null @@ -1,1856 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - - -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# ==================================================================== -# -# ECP_NISTZ256 module for ARMv4. -# -# October 2014. -# -# Original ECP_NISTZ256 submission targeting x86_64 is detailed in -# http://eprint.iacr.org/2013/816. In the process of adaptation -# original .c module was made 32-bit savvy in order to make this -# implementation possible. -# -# with/without -DECP_NISTZ256_ASM -# Cortex-A8 +53-170% -# Cortex-A9 +76-205% -# Cortex-A15 +100-316% -# Snapdragon S4 +66-187% -# -# Ranges denote minimum and maximum improvement coefficients depending -# on benchmark. Lower coefficients are for ECDSA sign, server-side -# operation. Keep in mind that +200% means 3x improvement. - -# $output is the last argument if it looks like a file (it has an extension) -# $flavour is the first argument if it doesn't look like a file -$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; -$flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef; - -if ($flavour && $flavour ne "void") { - $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; - ( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or - ( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or - die "can't locate arm-xlate.pl"; - - open STDOUT,"| \"$^X\" $xlate $flavour \"$output\"" - or die "can't call $xlate: $!"; -} else { - $output and open STDOUT,">$output"; -} - -$code.=<<___; -#include "arm_arch.h" - -#if defined(__thumb2__) -.syntax unified -.thumb -#else -.code 32 -#endif -___ -######################################################################## -# Convert ecp_nistz256_table.c to layout expected by ecp_nistz_gather_w7 -# -$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; -open TABLE,") { - s/TOBN\(\s*(0x[0-9a-f]+),\s*(0x[0-9a-f]+)\s*\)/push @arr,hex($2),hex($1)/geo; -} -close TABLE; - -# See ecp_nistz256_table.c for explanation for why it's 64*16*37. -# 64*16*37-1 is because $#arr returns last valid index or @arr, not -# amount of elements. -die "insane number of elements" if ($#arr != 64*16*37-1); - -$code.=<<___; -.rodata -.globl ecp_nistz256_precomputed -.type ecp_nistz256_precomputed,%object -.align 12 -ecp_nistz256_precomputed: -___ -######################################################################## -# this conversion smashes P256_POINT_AFFINE by individual bytes with -# 64 byte interval, similar to -# 1111222233334444 -# 1234123412341234 -for(1..37) { - @tbl = splice(@arr,0,64*16); - for($i=0;$i<64;$i++) { - undef @line; - for($j=0;$j<64;$j++) { - push @line,(@tbl[$j*16+$i/4]>>(($i%4)*8))&0xff; - } - $code.=".byte\t"; - $code.=join(',',map { sprintf "0x%02x",$_} @line); - $code.="\n"; - } -} -$code.=<<___; -.size ecp_nistz256_precomputed,.-ecp_nistz256_precomputed - -.text -.align 5 -.LRR: @ 2^512 mod P precomputed for NIST P256 polynomial -.long 0x00000003, 0x00000000, 0xffffffff, 0xfffffffb -.long 0xfffffffe, 0xffffffff, 0xfffffffd, 0x00000004 -.Lone: -.long 1,0,0,0,0,0,0,0 -.asciz "ECP_NISTZ256 for ARMv4, CRYPTOGAMS by " -.align 6 -___ - -######################################################################## -# common register layout, note that $t2 is link register, so that if -# internal subroutine uses $t2, then it has to offload lr... - -($r_ptr,$a_ptr,$b_ptr,$ff,$a0,$a1,$a2,$a3,$a4,$a5,$a6,$a7,$t1,$t2)= - map("r$_",(0..12,14)); -($t0,$t3)=($ff,$a_ptr); - -$code.=<<___; -@ void ecp_nistz256_to_mont(BN_ULONG r0[8],const BN_ULONG r1[8]); -.globl ecp_nistz256_to_mont -.type ecp_nistz256_to_mont,%function -ecp_nistz256_to_mont: - adr $b_ptr,.LRR - b .Lecp_nistz256_mul_mont -.size ecp_nistz256_to_mont,.-ecp_nistz256_to_mont - -@ void ecp_nistz256_from_mont(BN_ULONG r0[8],const BN_ULONG r1[8]); -.globl ecp_nistz256_from_mont -.type ecp_nistz256_from_mont,%function -ecp_nistz256_from_mont: - adr $b_ptr,.Lone - b .Lecp_nistz256_mul_mont -.size ecp_nistz256_from_mont,.-ecp_nistz256_from_mont - -@ void ecp_nistz256_mul_by_2(BN_ULONG r0[8],const BN_ULONG r1[8]); -.globl ecp_nistz256_mul_by_2 -.type ecp_nistz256_mul_by_2,%function -.align 4 -ecp_nistz256_mul_by_2: - stmdb sp!,{r4-r12,lr} - bl __ecp_nistz256_mul_by_2 -#if __ARM_ARCH__>=5 || !defined(__thumb__) - ldmia sp!,{r4-r12,pc} -#else - ldmia sp!,{r4-r12,lr} - bx lr @ interoperable with Thumb ISA:-) -#endif -.size ecp_nistz256_mul_by_2,.-ecp_nistz256_mul_by_2 - -.type __ecp_nistz256_mul_by_2,%function -.align 4 -__ecp_nistz256_mul_by_2: - ldr $a0,[$a_ptr,#0] - ldr $a1,[$a_ptr,#4] - ldr $a2,[$a_ptr,#8] - adds $a0,$a0,$a0 @ a[0:7]+=a[0:7], i.e. add with itself - ldr $a3,[$a_ptr,#12] - adcs $a1,$a1,$a1 - ldr $a4,[$a_ptr,#16] - adcs $a2,$a2,$a2 - ldr $a5,[$a_ptr,#20] - adcs $a3,$a3,$a3 - ldr $a6,[$a_ptr,#24] - adcs $a4,$a4,$a4 - ldr $a7,[$a_ptr,#28] - adcs $a5,$a5,$a5 - adcs $a6,$a6,$a6 - mov $ff,#0 - adcs $a7,$a7,$a7 - adc $ff,$ff,#0 - - b .Lreduce_by_sub -.size __ecp_nistz256_mul_by_2,.-__ecp_nistz256_mul_by_2 - -@ void ecp_nistz256_add(BN_ULONG r0[8],const BN_ULONG r1[8], -@ const BN_ULONG r2[8]); -.globl ecp_nistz256_add -.type ecp_nistz256_add,%function -.align 4 -ecp_nistz256_add: - stmdb sp!,{r4-r12,lr} - bl __ecp_nistz256_add -#if __ARM_ARCH__>=5 || !defined(__thumb__) - ldmia sp!,{r4-r12,pc} -#else - ldmia sp!,{r4-r12,lr} - bx lr @ interoperable with Thumb ISA:-) -#endif -.size ecp_nistz256_add,.-ecp_nistz256_add - -.type __ecp_nistz256_add,%function -.align 4 -__ecp_nistz256_add: - str lr,[sp,#-4]! @ push lr - - ldr $a0,[$a_ptr,#0] - ldr $a1,[$a_ptr,#4] - ldr $a2,[$a_ptr,#8] - ldr $a3,[$a_ptr,#12] - ldr $a4,[$a_ptr,#16] - ldr $t0,[$b_ptr,#0] - ldr $a5,[$a_ptr,#20] - ldr $t1,[$b_ptr,#4] - ldr $a6,[$a_ptr,#24] - ldr $t2,[$b_ptr,#8] - ldr $a7,[$a_ptr,#28] - ldr $t3,[$b_ptr,#12] - adds $a0,$a0,$t0 - ldr $t0,[$b_ptr,#16] - adcs $a1,$a1,$t1 - ldr $t1,[$b_ptr,#20] - adcs $a2,$a2,$t2 - ldr $t2,[$b_ptr,#24] - adcs $a3,$a3,$t3 - ldr $t3,[$b_ptr,#28] - adcs $a4,$a4,$t0 - adcs $a5,$a5,$t1 - adcs $a6,$a6,$t2 - mov $ff,#0 - adcs $a7,$a7,$t3 - adc $ff,$ff,#0 - ldr lr,[sp],#4 @ pop lr - -.Lreduce_by_sub: - - @ if a+b >= modulus, subtract modulus. - @ - @ But since comparison implies subtraction, we subtract - @ modulus and then add it back if subtraction borrowed. - - subs $a0,$a0,#-1 - sbcs $a1,$a1,#-1 - sbcs $a2,$a2,#-1 - sbcs $a3,$a3,#0 - sbcs $a4,$a4,#0 - sbcs $a5,$a5,#0 - sbcs $a6,$a6,#1 - sbcs $a7,$a7,#-1 - sbc $ff,$ff,#0 - - @ Note that because mod has special form, i.e. consists of - @ 0xffffffff, 1 and 0s, we can conditionally synthesize it by - @ using value of borrow as a whole or extracting single bit. - @ Follow $ff register... - - adds $a0,$a0,$ff @ add synthesized modulus - adcs $a1,$a1,$ff - str $a0,[$r_ptr,#0] - adcs $a2,$a2,$ff - str $a1,[$r_ptr,#4] - adcs $a3,$a3,#0 - str $a2,[$r_ptr,#8] - adcs $a4,$a4,#0 - str $a3,[$r_ptr,#12] - adcs $a5,$a5,#0 - str $a4,[$r_ptr,#16] - adcs $a6,$a6,$ff,lsr#31 - str $a5,[$r_ptr,#20] - adcs $a7,$a7,$ff - str $a6,[$r_ptr,#24] - str $a7,[$r_ptr,#28] - - mov pc,lr -.size __ecp_nistz256_add,.-__ecp_nistz256_add - -@ void ecp_nistz256_mul_by_3(BN_ULONG r0[8],const BN_ULONG r1[8]); -.globl ecp_nistz256_mul_by_3 -.type ecp_nistz256_mul_by_3,%function -.align 4 -ecp_nistz256_mul_by_3: - stmdb sp!,{r4-r12,lr} - bl __ecp_nistz256_mul_by_3 -#if __ARM_ARCH__>=5 || !defined(__thumb__) - ldmia sp!,{r4-r12,pc} -#else - ldmia sp!,{r4-r12,lr} - bx lr @ interoperable with Thumb ISA:-) -#endif -.size ecp_nistz256_mul_by_3,.-ecp_nistz256_mul_by_3 - -.type __ecp_nistz256_mul_by_3,%function -.align 4 -__ecp_nistz256_mul_by_3: - str lr,[sp,#-4]! @ push lr - - @ As multiplication by 3 is performed as 2*n+n, below are inline - @ copies of __ecp_nistz256_mul_by_2 and __ecp_nistz256_add, see - @ corresponding subroutines for details. - - ldr $a0,[$a_ptr,#0] - ldr $a1,[$a_ptr,#4] - ldr $a2,[$a_ptr,#8] - adds $a0,$a0,$a0 @ a[0:7]+=a[0:7] - ldr $a3,[$a_ptr,#12] - adcs $a1,$a1,$a1 - ldr $a4,[$a_ptr,#16] - adcs $a2,$a2,$a2 - ldr $a5,[$a_ptr,#20] - adcs $a3,$a3,$a3 - ldr $a6,[$a_ptr,#24] - adcs $a4,$a4,$a4 - ldr $a7,[$a_ptr,#28] - adcs $a5,$a5,$a5 - adcs $a6,$a6,$a6 - mov $ff,#0 - adcs $a7,$a7,$a7 - adc $ff,$ff,#0 - - subs $a0,$a0,#-1 @ .Lreduce_by_sub but without stores - sbcs $a1,$a1,#-1 - sbcs $a2,$a2,#-1 - sbcs $a3,$a3,#0 - sbcs $a4,$a4,#0 - sbcs $a5,$a5,#0 - sbcs $a6,$a6,#1 - sbcs $a7,$a7,#-1 - sbc $ff,$ff,#0 - - adds $a0,$a0,$ff @ add synthesized modulus - adcs $a1,$a1,$ff - adcs $a2,$a2,$ff - adcs $a3,$a3,#0 - adcs $a4,$a4,#0 - ldr $b_ptr,[$a_ptr,#0] - adcs $a5,$a5,#0 - ldr $t1,[$a_ptr,#4] - adcs $a6,$a6,$ff,lsr#31 - ldr $t2,[$a_ptr,#8] - adc $a7,$a7,$ff - - ldr $t0,[$a_ptr,#12] - adds $a0,$a0,$b_ptr @ 2*a[0:7]+=a[0:7] - ldr $b_ptr,[$a_ptr,#16] - adcs $a1,$a1,$t1 - ldr $t1,[$a_ptr,#20] - adcs $a2,$a2,$t2 - ldr $t2,[$a_ptr,#24] - adcs $a3,$a3,$t0 - ldr $t3,[$a_ptr,#28] - adcs $a4,$a4,$b_ptr - adcs $a5,$a5,$t1 - adcs $a6,$a6,$t2 - mov $ff,#0 - adcs $a7,$a7,$t3 - adc $ff,$ff,#0 - ldr lr,[sp],#4 @ pop lr - - b .Lreduce_by_sub -.size ecp_nistz256_mul_by_3,.-ecp_nistz256_mul_by_3 - -@ void ecp_nistz256_div_by_2(BN_ULONG r0[8],const BN_ULONG r1[8]); -.globl ecp_nistz256_div_by_2 -.type ecp_nistz256_div_by_2,%function -.align 4 -ecp_nistz256_div_by_2: - stmdb sp!,{r4-r12,lr} - bl __ecp_nistz256_div_by_2 -#if __ARM_ARCH__>=5 || !defined(__thumb__) - ldmia sp!,{r4-r12,pc} -#else - ldmia sp!,{r4-r12,lr} - bx lr @ interoperable with Thumb ISA:-) -#endif -.size ecp_nistz256_div_by_2,.-ecp_nistz256_div_by_2 - -.type __ecp_nistz256_div_by_2,%function -.align 4 -__ecp_nistz256_div_by_2: - @ ret = (a is odd ? a+mod : a) >> 1 - - ldr $a0,[$a_ptr,#0] - ldr $a1,[$a_ptr,#4] - ldr $a2,[$a_ptr,#8] - mov $ff,$a0,lsl#31 @ place least significant bit to most - @ significant position, now arithmetic - @ right shift by 31 will produce -1 or - @ 0, while logical right shift 1 or 0, - @ this is how modulus is conditionally - @ synthesized in this case... - ldr $a3,[$a_ptr,#12] - adds $a0,$a0,$ff,asr#31 - ldr $a4,[$a_ptr,#16] - adcs $a1,$a1,$ff,asr#31 - ldr $a5,[$a_ptr,#20] - adcs $a2,$a2,$ff,asr#31 - ldr $a6,[$a_ptr,#24] - adcs $a3,$a3,#0 - ldr $a7,[$a_ptr,#28] - adcs $a4,$a4,#0 - mov $a0,$a0,lsr#1 @ a[0:7]>>=1, we can start early - @ because it doesn't affect flags - adcs $a5,$a5,#0 - orr $a0,$a0,$a1,lsl#31 - adcs $a6,$a6,$ff,lsr#31 - mov $b_ptr,#0 - adcs $a7,$a7,$ff,asr#31 - mov $a1,$a1,lsr#1 - adc $b_ptr,$b_ptr,#0 @ top-most carry bit from addition - - orr $a1,$a1,$a2,lsl#31 - mov $a2,$a2,lsr#1 - str $a0,[$r_ptr,#0] - orr $a2,$a2,$a3,lsl#31 - mov $a3,$a3,lsr#1 - str $a1,[$r_ptr,#4] - orr $a3,$a3,$a4,lsl#31 - mov $a4,$a4,lsr#1 - str $a2,[$r_ptr,#8] - orr $a4,$a4,$a5,lsl#31 - mov $a5,$a5,lsr#1 - str $a3,[$r_ptr,#12] - orr $a5,$a5,$a6,lsl#31 - mov $a6,$a6,lsr#1 - str $a4,[$r_ptr,#16] - orr $a6,$a6,$a7,lsl#31 - mov $a7,$a7,lsr#1 - str $a5,[$r_ptr,#20] - orr $a7,$a7,$b_ptr,lsl#31 @ don't forget the top-most carry bit - str $a6,[$r_ptr,#24] - str $a7,[$r_ptr,#28] - - mov pc,lr -.size __ecp_nistz256_div_by_2,.-__ecp_nistz256_div_by_2 - -@ void ecp_nistz256_sub(BN_ULONG r0[8],const BN_ULONG r1[8], -@ const BN_ULONG r2[8]); -.globl ecp_nistz256_sub -.type ecp_nistz256_sub,%function -.align 4 -ecp_nistz256_sub: - stmdb sp!,{r4-r12,lr} - bl __ecp_nistz256_sub -#if __ARM_ARCH__>=5 || !defined(__thumb__) - ldmia sp!,{r4-r12,pc} -#else - ldmia sp!,{r4-r12,lr} - bx lr @ interoperable with Thumb ISA:-) -#endif -.size ecp_nistz256_sub,.-ecp_nistz256_sub - -.type __ecp_nistz256_sub,%function -.align 4 -__ecp_nistz256_sub: - str lr,[sp,#-4]! @ push lr - - ldr $a0,[$a_ptr,#0] - ldr $a1,[$a_ptr,#4] - ldr $a2,[$a_ptr,#8] - ldr $a3,[$a_ptr,#12] - ldr $a4,[$a_ptr,#16] - ldr $t0,[$b_ptr,#0] - ldr $a5,[$a_ptr,#20] - ldr $t1,[$b_ptr,#4] - ldr $a6,[$a_ptr,#24] - ldr $t2,[$b_ptr,#8] - ldr $a7,[$a_ptr,#28] - ldr $t3,[$b_ptr,#12] - subs $a0,$a0,$t0 - ldr $t0,[$b_ptr,#16] - sbcs $a1,$a1,$t1 - ldr $t1,[$b_ptr,#20] - sbcs $a2,$a2,$t2 - ldr $t2,[$b_ptr,#24] - sbcs $a3,$a3,$t3 - ldr $t3,[$b_ptr,#28] - sbcs $a4,$a4,$t0 - sbcs $a5,$a5,$t1 - sbcs $a6,$a6,$t2 - sbcs $a7,$a7,$t3 - sbc $ff,$ff,$ff @ broadcast borrow bit - ldr lr,[sp],#4 @ pop lr - -.Lreduce_by_add: - - @ if a-b borrows, add modulus. - @ - @ Note that because mod has special form, i.e. consists of - @ 0xffffffff, 1 and 0s, we can conditionally synthesize it by - @ broadcasting borrow bit to a register, $ff, and using it as - @ a whole or extracting single bit. - - adds $a0,$a0,$ff @ add synthesized modulus - adcs $a1,$a1,$ff - str $a0,[$r_ptr,#0] - adcs $a2,$a2,$ff - str $a1,[$r_ptr,#4] - adcs $a3,$a3,#0 - str $a2,[$r_ptr,#8] - adcs $a4,$a4,#0 - str $a3,[$r_ptr,#12] - adcs $a5,$a5,#0 - str $a4,[$r_ptr,#16] - adcs $a6,$a6,$ff,lsr#31 - str $a5,[$r_ptr,#20] - adcs $a7,$a7,$ff - str $a6,[$r_ptr,#24] - str $a7,[$r_ptr,#28] - - mov pc,lr -.size __ecp_nistz256_sub,.-__ecp_nistz256_sub - -@ void ecp_nistz256_neg(BN_ULONG r0[8],const BN_ULONG r1[8]); -.globl ecp_nistz256_neg -.type ecp_nistz256_neg,%function -.align 4 -ecp_nistz256_neg: - stmdb sp!,{r4-r12,lr} - bl __ecp_nistz256_neg -#if __ARM_ARCH__>=5 || !defined(__thumb__) - ldmia sp!,{r4-r12,pc} -#else - ldmia sp!,{r4-r12,lr} - bx lr @ interoperable with Thumb ISA:-) -#endif -.size ecp_nistz256_neg,.-ecp_nistz256_neg - -.type __ecp_nistz256_neg,%function -.align 4 -__ecp_nistz256_neg: - ldr $a0,[$a_ptr,#0] - eor $ff,$ff,$ff - ldr $a1,[$a_ptr,#4] - ldr $a2,[$a_ptr,#8] - subs $a0,$ff,$a0 - ldr $a3,[$a_ptr,#12] - sbcs $a1,$ff,$a1 - ldr $a4,[$a_ptr,#16] - sbcs $a2,$ff,$a2 - ldr $a5,[$a_ptr,#20] - sbcs $a3,$ff,$a3 - ldr $a6,[$a_ptr,#24] - sbcs $a4,$ff,$a4 - ldr $a7,[$a_ptr,#28] - sbcs $a5,$ff,$a5 - sbcs $a6,$ff,$a6 - sbcs $a7,$ff,$a7 - sbc $ff,$ff,$ff - - b .Lreduce_by_add -.size __ecp_nistz256_neg,.-__ecp_nistz256_neg -___ -{ -my @acc=map("r$_",(3..11)); -my ($t0,$t1,$bj,$t2,$t3)=map("r$_",(0,1,2,12,14)); - -$code.=<<___; -@ void ecp_nistz256_sqr_mont(BN_ULONG r0[8],const BN_ULONG r1[8]); -.globl ecp_nistz256_sqr_mont -.type ecp_nistz256_sqr_mont,%function -.align 4 -ecp_nistz256_sqr_mont: - mov $b_ptr,$a_ptr - b .Lecp_nistz256_mul_mont -.size ecp_nistz256_sqr_mont,.-ecp_nistz256_sqr_mont - -@ void ecp_nistz256_mul_mont(BN_ULONG r0[8],const BN_ULONG r1[8], -@ const BN_ULONG r2[8]); -.globl ecp_nistz256_mul_mont -.type ecp_nistz256_mul_mont,%function -.align 4 -ecp_nistz256_mul_mont: -.Lecp_nistz256_mul_mont: - stmdb sp!,{r4-r12,lr} - bl __ecp_nistz256_mul_mont -#if __ARM_ARCH__>=5 || !defined(__thumb__) - ldmia sp!,{r4-r12,pc} -#else - ldmia sp!,{r4-r12,lr} - bx lr @ interoperable with Thumb ISA:-) -#endif -.size ecp_nistz256_mul_mont,.-ecp_nistz256_mul_mont - -.type __ecp_nistz256_mul_mont,%function -.align 4 -__ecp_nistz256_mul_mont: - stmdb sp!,{r0-r2,lr} @ make a copy of arguments too - - ldr $bj,[$b_ptr,#0] @ b[0] - ldmia $a_ptr,{@acc[1]-@acc[8]} - - umull @acc[0],$t3,@acc[1],$bj @ r[0]=a[0]*b[0] - stmdb sp!,{$acc[1]-@acc[8]} @ copy a[0-7] to stack, so - @ that it can be addressed - @ without spending register - @ on address - umull @acc[1],$t0,@acc[2],$bj @ r[1]=a[1]*b[0] - umull @acc[2],$t1,@acc[3],$bj - adds @acc[1],@acc[1],$t3 @ accumulate high part of mult - umull @acc[3],$t2,@acc[4],$bj - adcs @acc[2],@acc[2],$t0 - umull @acc[4],$t3,@acc[5],$bj - adcs @acc[3],@acc[3],$t1 - umull @acc[5],$t0,@acc[6],$bj - adcs @acc[4],@acc[4],$t2 - umull @acc[6],$t1,@acc[7],$bj - adcs @acc[5],@acc[5],$t3 - umull @acc[7],$t2,@acc[8],$bj - adcs @acc[6],@acc[6],$t0 - adcs @acc[7],@acc[7],$t1 - eor $t3,$t3,$t3 @ first overflow bit is zero - adc @acc[8],$t2,#0 -___ -for(my $i=1;$i<8;$i++) { -my $t4=@acc[0]; - - # Reduction iteration is normally performed by accumulating - # result of multiplication of modulus by "magic" digit [and - # omitting least significant word, which is guaranteed to - # be 0], but thanks to special form of modulus and "magic" - # digit being equal to least significant word, it can be - # performed with additions and subtractions alone. Indeed: - # - # ffff.0001.0000.0000.0000.ffff.ffff.ffff - # * abcd - # + xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.abcd - # - # Now observing that ff..ff*x = (2^n-1)*x = 2^n*x-x, we - # rewrite above as: - # - # xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.abcd - # + abcd.0000.abcd.0000.0000.abcd.0000.0000.0000 - # - abcd.0000.0000.0000.0000.0000.0000.abcd - # - # or marking redundant operations: - # - # xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.---- - # + abcd.0000.abcd.0000.0000.abcd.----.----.---- - # - abcd.----.----.----.----.----.----.---- - -$code.=<<___; - @ multiplication-less reduction $i - adds @acc[3],@acc[3],@acc[0] @ r[3]+=r[0] - ldr $bj,[sp,#40] @ restore b_ptr - adcs @acc[4],@acc[4],#0 @ r[4]+=0 - adcs @acc[5],@acc[5],#0 @ r[5]+=0 - adcs @acc[6],@acc[6],@acc[0] @ r[6]+=r[0] - ldr $t1,[sp,#0] @ load a[0] - adcs @acc[7],@acc[7],#0 @ r[7]+=0 - ldr $bj,[$bj,#4*$i] @ load b[i] - adcs @acc[8],@acc[8],@acc[0] @ r[8]+=r[0] - eor $t0,$t0,$t0 - adc $t3,$t3,#0 @ overflow bit - subs @acc[7],@acc[7],@acc[0] @ r[7]-=r[0] - ldr $t2,[sp,#4] @ a[1] - sbcs @acc[8],@acc[8],#0 @ r[8]-=0 - umlal @acc[1],$t0,$t1,$bj @ "r[0]"+=a[0]*b[i] - eor $t1,$t1,$t1 - sbc @acc[0],$t3,#0 @ overflow bit, keep in mind - @ that netto result is - @ addition of a value which - @ makes underflow impossible - - ldr $t3,[sp,#8] @ a[2] - umlal @acc[2],$t1,$t2,$bj @ "r[1]"+=a[1]*b[i] - str @acc[0],[sp,#36] @ temporarily offload overflow - eor $t2,$t2,$t2 - ldr $t4,[sp,#12] @ a[3], $t4 is alias @acc[0] - umlal @acc[3],$t2,$t3,$bj @ "r[2]"+=a[2]*b[i] - eor $t3,$t3,$t3 - adds @acc[2],@acc[2],$t0 @ accumulate high part of mult - ldr $t0,[sp,#16] @ a[4] - umlal @acc[4],$t3,$t4,$bj @ "r[3]"+=a[3]*b[i] - eor $t4,$t4,$t4 - adcs @acc[3],@acc[3],$t1 - ldr $t1,[sp,#20] @ a[5] - umlal @acc[5],$t4,$t0,$bj @ "r[4]"+=a[4]*b[i] - eor $t0,$t0,$t0 - adcs @acc[4],@acc[4],$t2 - ldr $t2,[sp,#24] @ a[6] - umlal @acc[6],$t0,$t1,$bj @ "r[5]"+=a[5]*b[i] - eor $t1,$t1,$t1 - adcs @acc[5],@acc[5],$t3 - ldr $t3,[sp,#28] @ a[7] - umlal @acc[7],$t1,$t2,$bj @ "r[6]"+=a[6]*b[i] - eor $t2,$t2,$t2 - adcs @acc[6],@acc[6],$t4 - ldr @acc[0],[sp,#36] @ restore overflow bit - umlal @acc[8],$t2,$t3,$bj @ "r[7]"+=a[7]*b[i] - eor $t3,$t3,$t3 - adcs @acc[7],@acc[7],$t0 - adcs @acc[8],@acc[8],$t1 - adcs @acc[0],$acc[0],$t2 - adc $t3,$t3,#0 @ new overflow bit -___ - push(@acc,shift(@acc)); # rotate registers, so that - # "r[i]" becomes r[i] -} -$code.=<<___; - @ last multiplication-less reduction - adds @acc[3],@acc[3],@acc[0] - ldr $r_ptr,[sp,#32] @ restore r_ptr - adcs @acc[4],@acc[4],#0 - adcs @acc[5],@acc[5],#0 - adcs @acc[6],@acc[6],@acc[0] - adcs @acc[7],@acc[7],#0 - adcs @acc[8],@acc[8],@acc[0] - adc $t3,$t3,#0 - subs @acc[7],@acc[7],@acc[0] - sbcs @acc[8],@acc[8],#0 - sbc @acc[0],$t3,#0 @ overflow bit - - @ Final step is "if result > mod, subtract mod", but we do it - @ "other way around", namely subtract modulus from result - @ and if it borrowed, add modulus back. - - adds @acc[1],@acc[1],#1 @ subs @acc[1],@acc[1],#-1 - adcs @acc[2],@acc[2],#0 @ sbcs @acc[2],@acc[2],#-1 - adcs @acc[3],@acc[3],#0 @ sbcs @acc[3],@acc[3],#-1 - sbcs @acc[4],@acc[4],#0 - sbcs @acc[5],@acc[5],#0 - sbcs @acc[6],@acc[6],#0 - sbcs @acc[7],@acc[7],#1 - adcs @acc[8],@acc[8],#0 @ sbcs @acc[8],@acc[8],#-1 - ldr lr,[sp,#44] @ restore lr - sbc @acc[0],@acc[0],#0 @ broadcast borrow bit - add sp,sp,#48 - - @ Note that because mod has special form, i.e. consists of - @ 0xffffffff, 1 and 0s, we can conditionally synthesize it by - @ broadcasting borrow bit to a register, @acc[0], and using it as - @ a whole or extracting single bit. - - adds @acc[1],@acc[1],@acc[0] @ add modulus or zero - adcs @acc[2],@acc[2],@acc[0] - str @acc[1],[$r_ptr,#0] - adcs @acc[3],@acc[3],@acc[0] - str @acc[2],[$r_ptr,#4] - adcs @acc[4],@acc[4],#0 - str @acc[3],[$r_ptr,#8] - adcs @acc[5],@acc[5],#0 - str @acc[4],[$r_ptr,#12] - adcs @acc[6],@acc[6],#0 - str @acc[5],[$r_ptr,#16] - adcs @acc[7],@acc[7],@acc[0],lsr#31 - str @acc[6],[$r_ptr,#20] - adc @acc[8],@acc[8],@acc[0] - str @acc[7],[$r_ptr,#24] - str @acc[8],[$r_ptr,#28] - - mov pc,lr -.size __ecp_nistz256_mul_mont,.-__ecp_nistz256_mul_mont -___ -} - -{ -my ($out,$inp,$index,$mask)=map("r$_",(0..3)); -$code.=<<___; -@ void ecp_nistz256_scatter_w5(void *r0,const P256_POINT *r1, -@ int r2); -.globl ecp_nistz256_scatter_w5 -.type ecp_nistz256_scatter_w5,%function -.align 5 -ecp_nistz256_scatter_w5: - stmdb sp!,{r4-r11} - - add $out,$out,$index,lsl#2 - - ldmia $inp!,{r4-r11} @ X - str r4,[$out,#64*0-4] - str r5,[$out,#64*1-4] - str r6,[$out,#64*2-4] - str r7,[$out,#64*3-4] - str r8,[$out,#64*4-4] - str r9,[$out,#64*5-4] - str r10,[$out,#64*6-4] - str r11,[$out,#64*7-4] - add $out,$out,#64*8 - - ldmia $inp!,{r4-r11} @ Y - str r4,[$out,#64*0-4] - str r5,[$out,#64*1-4] - str r6,[$out,#64*2-4] - str r7,[$out,#64*3-4] - str r8,[$out,#64*4-4] - str r9,[$out,#64*5-4] - str r10,[$out,#64*6-4] - str r11,[$out,#64*7-4] - add $out,$out,#64*8 - - ldmia $inp,{r4-r11} @ Z - str r4,[$out,#64*0-4] - str r5,[$out,#64*1-4] - str r6,[$out,#64*2-4] - str r7,[$out,#64*3-4] - str r8,[$out,#64*4-4] - str r9,[$out,#64*5-4] - str r10,[$out,#64*6-4] - str r11,[$out,#64*7-4] - - ldmia sp!,{r4-r11} -#if __ARM_ARCH__>=5 || defined(__thumb__) - bx lr -#else - mov pc,lr -#endif -.size ecp_nistz256_scatter_w5,.-ecp_nistz256_scatter_w5 - -@ void ecp_nistz256_gather_w5(P256_POINT *r0,const void *r1, -@ int r2); -.globl ecp_nistz256_gather_w5 -.type ecp_nistz256_gather_w5,%function -.align 5 -ecp_nistz256_gather_w5: - stmdb sp!,{r4-r11} - - cmp $index,#0 - mov $mask,#0 -#ifdef __thumb2__ - itt ne -#endif - subne $index,$index,#1 - movne $mask,#-1 - add $inp,$inp,$index,lsl#2 - - ldr r4,[$inp,#64*0] - ldr r5,[$inp,#64*1] - ldr r6,[$inp,#64*2] - and r4,r4,$mask - ldr r7,[$inp,#64*3] - and r5,r5,$mask - ldr r8,[$inp,#64*4] - and r6,r6,$mask - ldr r9,[$inp,#64*5] - and r7,r7,$mask - ldr r10,[$inp,#64*6] - and r8,r8,$mask - ldr r11,[$inp,#64*7] - add $inp,$inp,#64*8 - and r9,r9,$mask - and r10,r10,$mask - and r11,r11,$mask - stmia $out!,{r4-r11} @ X - - ldr r4,[$inp,#64*0] - ldr r5,[$inp,#64*1] - ldr r6,[$inp,#64*2] - and r4,r4,$mask - ldr r7,[$inp,#64*3] - and r5,r5,$mask - ldr r8,[$inp,#64*4] - and r6,r6,$mask - ldr r9,[$inp,#64*5] - and r7,r7,$mask - ldr r10,[$inp,#64*6] - and r8,r8,$mask - ldr r11,[$inp,#64*7] - add $inp,$inp,#64*8 - and r9,r9,$mask - and r10,r10,$mask - and r11,r11,$mask - stmia $out!,{r4-r11} @ Y - - ldr r4,[$inp,#64*0] - ldr r5,[$inp,#64*1] - ldr r6,[$inp,#64*2] - and r4,r4,$mask - ldr r7,[$inp,#64*3] - and r5,r5,$mask - ldr r8,[$inp,#64*4] - and r6,r6,$mask - ldr r9,[$inp,#64*5] - and r7,r7,$mask - ldr r10,[$inp,#64*6] - and r8,r8,$mask - ldr r11,[$inp,#64*7] - and r9,r9,$mask - and r10,r10,$mask - and r11,r11,$mask - stmia $out,{r4-r11} @ Z - - ldmia sp!,{r4-r11} -#if __ARM_ARCH__>=5 || defined(__thumb__) - bx lr -#else - mov pc,lr -#endif -.size ecp_nistz256_gather_w5,.-ecp_nistz256_gather_w5 - -@ void ecp_nistz256_scatter_w7(void *r0,const P256_POINT_AFFINE *r1, -@ int r2); -.globl ecp_nistz256_scatter_w7 -.type ecp_nistz256_scatter_w7,%function -.align 5 -ecp_nistz256_scatter_w7: - add $out,$out,$index - mov $index,#64/4 -.Loop_scatter_w7: - ldr $mask,[$inp],#4 - subs $index,$index,#1 - strb $mask,[$out,#64*0] - mov $mask,$mask,lsr#8 - strb $mask,[$out,#64*1] - mov $mask,$mask,lsr#8 - strb $mask,[$out,#64*2] - mov $mask,$mask,lsr#8 - strb $mask,[$out,#64*3] - add $out,$out,#64*4 - bne .Loop_scatter_w7 - -#if __ARM_ARCH__>=5 || defined(__thumb__) - bx lr -#else - mov pc,lr -#endif -.size ecp_nistz256_scatter_w7,.-ecp_nistz256_scatter_w7 - -@ void ecp_nistz256_gather_w7(P256_POINT_AFFINE *r0,const void *r1, -@ int r2); -.globl ecp_nistz256_gather_w7 -.type ecp_nistz256_gather_w7,%function -.align 5 -ecp_nistz256_gather_w7: - stmdb sp!,{r4-r7} - - cmp $index,#0 - mov $mask,#0 -#ifdef __thumb2__ - itt ne -#endif - subne $index,$index,#1 - movne $mask,#-1 - add $inp,$inp,$index - mov $index,#64/4 - nop -.Loop_gather_w7: - ldrb r4,[$inp,#64*0] - subs $index,$index,#1 - ldrb r5,[$inp,#64*1] - ldrb r6,[$inp,#64*2] - ldrb r7,[$inp,#64*3] - add $inp,$inp,#64*4 - orr r4,r4,r5,lsl#8 - orr r4,r4,r6,lsl#16 - orr r4,r4,r7,lsl#24 - and r4,r4,$mask - str r4,[$out],#4 - bne .Loop_gather_w7 - - ldmia sp!,{r4-r7} -#if __ARM_ARCH__>=5 || defined(__thumb__) - bx lr -#else - mov pc,lr -#endif -.size ecp_nistz256_gather_w7,.-ecp_nistz256_gather_w7 -___ -} -if (0) { -# In comparison to integer-only equivalent of below subroutine: -# -# Cortex-A8 +10% -# Cortex-A9 -10% -# Snapdragon S4 +5% -# -# As not all time is spent in multiplication, overall impact is deemed -# too low to care about. - -my ($A0,$A1,$A2,$A3,$Bi,$zero,$temp)=map("d$_",(0..7)); -my $mask="q4"; -my $mult="q5"; -my @AxB=map("q$_",(8..15)); - -my ($rptr,$aptr,$bptr,$toutptr)=map("r$_",(0..3)); - -$code.=<<___; -#if __ARM_ARCH__>=7 -.fpu neon - -.globl ecp_nistz256_mul_mont_neon -.type ecp_nistz256_mul_mont_neon,%function -.align 5 -ecp_nistz256_mul_mont_neon: - mov ip,sp - stmdb sp!,{r4-r9} - vstmdb sp!,{q4-q5} @ ABI specification says so - - sub $toutptr,sp,#40 - vld1.32 {${Bi}[0]},[$bptr,:32]! - veor $zero,$zero,$zero - vld1.32 {$A0-$A3}, [$aptr] @ can't specify :32 :-( - vzip.16 $Bi,$zero - mov sp,$toutptr @ alloca - vmov.i64 $mask,#0xffff - - vmull.u32 @AxB[0],$Bi,${A0}[0] - vmull.u32 @AxB[1],$Bi,${A0}[1] - vmull.u32 @AxB[2],$Bi,${A1}[0] - vmull.u32 @AxB[3],$Bi,${A1}[1] - vshr.u64 $temp,@AxB[0]#lo,#16 - vmull.u32 @AxB[4],$Bi,${A2}[0] - vadd.u64 @AxB[0]#hi,@AxB[0]#hi,$temp - vmull.u32 @AxB[5],$Bi,${A2}[1] - vshr.u64 $temp,@AxB[0]#hi,#16 @ upper 32 bits of a[0]*b[0] - vmull.u32 @AxB[6],$Bi,${A3}[0] - vand.u64 @AxB[0],@AxB[0],$mask @ lower 32 bits of a[0]*b[0] - vmull.u32 @AxB[7],$Bi,${A3}[1] -___ -for($i=1;$i<8;$i++) { -$code.=<<___; - vld1.32 {${Bi}[0]},[$bptr,:32]! - veor $zero,$zero,$zero - vadd.u64 @AxB[1]#lo,@AxB[1]#lo,$temp @ reduction - vshl.u64 $mult,@AxB[0],#32 - vadd.u64 @AxB[3],@AxB[3],@AxB[0] - vsub.u64 $mult,$mult,@AxB[0] - vzip.16 $Bi,$zero - vadd.u64 @AxB[6],@AxB[6],@AxB[0] - vadd.u64 @AxB[7],@AxB[7],$mult -___ - push(@AxB,shift(@AxB)); -$code.=<<___; - vmlal.u32 @AxB[0],$Bi,${A0}[0] - vmlal.u32 @AxB[1],$Bi,${A0}[1] - vmlal.u32 @AxB[2],$Bi,${A1}[0] - vmlal.u32 @AxB[3],$Bi,${A1}[1] - vshr.u64 $temp,@AxB[0]#lo,#16 - vmlal.u32 @AxB[4],$Bi,${A2}[0] - vadd.u64 @AxB[0]#hi,@AxB[0]#hi,$temp - vmlal.u32 @AxB[5],$Bi,${A2}[1] - vshr.u64 $temp,@AxB[0]#hi,#16 @ upper 33 bits of a[0]*b[i]+t[0] - vmlal.u32 @AxB[6],$Bi,${A3}[0] - vand.u64 @AxB[0],@AxB[0],$mask @ lower 32 bits of a[0]*b[0] - vmull.u32 @AxB[7],$Bi,${A3}[1] -___ -} -$code.=<<___; - vadd.u64 @AxB[1]#lo,@AxB[1]#lo,$temp @ last reduction - vshl.u64 $mult,@AxB[0],#32 - vadd.u64 @AxB[3],@AxB[3],@AxB[0] - vsub.u64 $mult,$mult,@AxB[0] - vadd.u64 @AxB[6],@AxB[6],@AxB[0] - vadd.u64 @AxB[7],@AxB[7],$mult - - vshr.u64 $temp,@AxB[1]#lo,#16 @ convert - vadd.u64 @AxB[1]#hi,@AxB[1]#hi,$temp - vshr.u64 $temp,@AxB[1]#hi,#16 - vzip.16 @AxB[1]#lo,@AxB[1]#hi -___ -foreach (2..7) { -$code.=<<___; - vadd.u64 @AxB[$_]#lo,@AxB[$_]#lo,$temp - vst1.32 {@AxB[$_-1]#lo[0]},[$toutptr,:32]! - vshr.u64 $temp,@AxB[$_]#lo,#16 - vadd.u64 @AxB[$_]#hi,@AxB[$_]#hi,$temp - vshr.u64 $temp,@AxB[$_]#hi,#16 - vzip.16 @AxB[$_]#lo,@AxB[$_]#hi -___ -} -$code.=<<___; - vst1.32 {@AxB[7]#lo[0]},[$toutptr,:32]! - vst1.32 {$temp},[$toutptr] @ upper 33 bits - - ldr r1,[sp,#0] - ldr r2,[sp,#4] - ldr r3,[sp,#8] - subs r1,r1,#-1 - ldr r4,[sp,#12] - sbcs r2,r2,#-1 - ldr r5,[sp,#16] - sbcs r3,r3,#-1 - ldr r6,[sp,#20] - sbcs r4,r4,#0 - ldr r7,[sp,#24] - sbcs r5,r5,#0 - ldr r8,[sp,#28] - sbcs r6,r6,#0 - ldr r9,[sp,#32] @ top-most bit - sbcs r7,r7,#1 - sub sp,ip,#40+16 - sbcs r8,r8,#-1 - sbc r9,r9,#0 - vldmia sp!,{q4-q5} - - adds r1,r1,r9 - adcs r2,r2,r9 - str r1,[$rptr,#0] - adcs r3,r3,r9 - str r2,[$rptr,#4] - adcs r4,r4,#0 - str r3,[$rptr,#8] - adcs r5,r5,#0 - str r4,[$rptr,#12] - adcs r6,r6,#0 - str r5,[$rptr,#16] - adcs r7,r7,r9,lsr#31 - str r6,[$rptr,#20] - adcs r8,r8,r9 - str r7,[$rptr,#24] - str r8,[$rptr,#28] - - ldmia sp!,{r4-r9} - bx lr -.size ecp_nistz256_mul_mont_neon,.-ecp_nistz256_mul_mont_neon -#endif -___ -} - -{{{ -######################################################################## -# Below $aN assignment matches order in which 256-bit result appears in -# register bank at return from __ecp_nistz256_mul_mont, so that we can -# skip over reloading it from memory. This means that below functions -# use custom calling sequence accepting 256-bit input in registers, -# output pointer in r0, $r_ptr, and optional pointer in r2, $b_ptr. -# -# See their "normal" counterparts for insights on calculations. - -my ($a0,$a1,$a2,$a3,$a4,$a5,$a6,$a7, - $t0,$t1,$t2,$t3)=map("r$_",(11,3..10,12,14,1)); -my $ff=$b_ptr; - -$code.=<<___; -.type __ecp_nistz256_sub_from,%function -.align 5 -__ecp_nistz256_sub_from: - str lr,[sp,#-4]! @ push lr - - ldr $t0,[$b_ptr,#0] - ldr $t1,[$b_ptr,#4] - ldr $t2,[$b_ptr,#8] - ldr $t3,[$b_ptr,#12] - subs $a0,$a0,$t0 - ldr $t0,[$b_ptr,#16] - sbcs $a1,$a1,$t1 - ldr $t1,[$b_ptr,#20] - sbcs $a2,$a2,$t2 - ldr $t2,[$b_ptr,#24] - sbcs $a3,$a3,$t3 - ldr $t3,[$b_ptr,#28] - sbcs $a4,$a4,$t0 - sbcs $a5,$a5,$t1 - sbcs $a6,$a6,$t2 - sbcs $a7,$a7,$t3 - sbc $ff,$ff,$ff @ broadcast borrow bit - ldr lr,[sp],#4 @ pop lr - - adds $a0,$a0,$ff @ add synthesized modulus - adcs $a1,$a1,$ff - str $a0,[$r_ptr,#0] - adcs $a2,$a2,$ff - str $a1,[$r_ptr,#4] - adcs $a3,$a3,#0 - str $a2,[$r_ptr,#8] - adcs $a4,$a4,#0 - str $a3,[$r_ptr,#12] - adcs $a5,$a5,#0 - str $a4,[$r_ptr,#16] - adcs $a6,$a6,$ff,lsr#31 - str $a5,[$r_ptr,#20] - adcs $a7,$a7,$ff - str $a6,[$r_ptr,#24] - str $a7,[$r_ptr,#28] - - mov pc,lr -.size __ecp_nistz256_sub_from,.-__ecp_nistz256_sub_from - -.type __ecp_nistz256_sub_morf,%function -.align 5 -__ecp_nistz256_sub_morf: - str lr,[sp,#-4]! @ push lr - - ldr $t0,[$b_ptr,#0] - ldr $t1,[$b_ptr,#4] - ldr $t2,[$b_ptr,#8] - ldr $t3,[$b_ptr,#12] - subs $a0,$t0,$a0 - ldr $t0,[$b_ptr,#16] - sbcs $a1,$t1,$a1 - ldr $t1,[$b_ptr,#20] - sbcs $a2,$t2,$a2 - ldr $t2,[$b_ptr,#24] - sbcs $a3,$t3,$a3 - ldr $t3,[$b_ptr,#28] - sbcs $a4,$t0,$a4 - sbcs $a5,$t1,$a5 - sbcs $a6,$t2,$a6 - sbcs $a7,$t3,$a7 - sbc $ff,$ff,$ff @ broadcast borrow bit - ldr lr,[sp],#4 @ pop lr - - adds $a0,$a0,$ff @ add synthesized modulus - adcs $a1,$a1,$ff - str $a0,[$r_ptr,#0] - adcs $a2,$a2,$ff - str $a1,[$r_ptr,#4] - adcs $a3,$a3,#0 - str $a2,[$r_ptr,#8] - adcs $a4,$a4,#0 - str $a3,[$r_ptr,#12] - adcs $a5,$a5,#0 - str $a4,[$r_ptr,#16] - adcs $a6,$a6,$ff,lsr#31 - str $a5,[$r_ptr,#20] - adcs $a7,$a7,$ff - str $a6,[$r_ptr,#24] - str $a7,[$r_ptr,#28] - - mov pc,lr -.size __ecp_nistz256_sub_morf,.-__ecp_nistz256_sub_morf - -.type __ecp_nistz256_add_self,%function -.align 4 -__ecp_nistz256_add_self: - adds $a0,$a0,$a0 @ a[0:7]+=a[0:7] - adcs $a1,$a1,$a1 - adcs $a2,$a2,$a2 - adcs $a3,$a3,$a3 - adcs $a4,$a4,$a4 - adcs $a5,$a5,$a5 - adcs $a6,$a6,$a6 - mov $ff,#0 - adcs $a7,$a7,$a7 - adc $ff,$ff,#0 - - @ if a+b >= modulus, subtract modulus. - @ - @ But since comparison implies subtraction, we subtract - @ modulus and then add it back if subtraction borrowed. - - subs $a0,$a0,#-1 - sbcs $a1,$a1,#-1 - sbcs $a2,$a2,#-1 - sbcs $a3,$a3,#0 - sbcs $a4,$a4,#0 - sbcs $a5,$a5,#0 - sbcs $a6,$a6,#1 - sbcs $a7,$a7,#-1 - sbc $ff,$ff,#0 - - @ Note that because mod has special form, i.e. consists of - @ 0xffffffff, 1 and 0s, we can conditionally synthesize it by - @ using value of borrow as a whole or extracting single bit. - @ Follow $ff register... - - adds $a0,$a0,$ff @ add synthesized modulus - adcs $a1,$a1,$ff - str $a0,[$r_ptr,#0] - adcs $a2,$a2,$ff - str $a1,[$r_ptr,#4] - adcs $a3,$a3,#0 - str $a2,[$r_ptr,#8] - adcs $a4,$a4,#0 - str $a3,[$r_ptr,#12] - adcs $a5,$a5,#0 - str $a4,[$r_ptr,#16] - adcs $a6,$a6,$ff,lsr#31 - str $a5,[$r_ptr,#20] - adcs $a7,$a7,$ff - str $a6,[$r_ptr,#24] - str $a7,[$r_ptr,#28] - - mov pc,lr -.size __ecp_nistz256_add_self,.-__ecp_nistz256_add_self - -___ - -######################################################################## -# following subroutines are "literal" implementation of those found in -# ecp_nistz256.c -# -######################################################################## -# void ecp_nistz256_point_double(P256_POINT *out,const P256_POINT *inp); -# -{ -my ($S,$M,$Zsqr,$in_x,$tmp0)=map(32*$_,(0..4)); -# above map() describes stack layout with 5 temporary -# 256-bit vectors on top. Then note that we push -# starting from r0, which means that we have copy of -# input arguments just below these temporary vectors. - -$code.=<<___; -.globl ecp_nistz256_point_double -.type ecp_nistz256_point_double,%function -.align 5 -ecp_nistz256_point_double: - stmdb sp!,{r0-r12,lr} @ push from r0, unusual, but intentional - sub sp,sp,#32*5 - -.Lpoint_double_shortcut: - add r3,sp,#$in_x - ldmia $a_ptr!,{r4-r11} @ copy in_x - stmia r3,{r4-r11} - - add $r_ptr,sp,#$S - bl __ecp_nistz256_mul_by_2 @ p256_mul_by_2(S, in_y); - - add $b_ptr,$a_ptr,#32 - add $a_ptr,$a_ptr,#32 - add $r_ptr,sp,#$Zsqr - bl __ecp_nistz256_mul_mont @ p256_sqr_mont(Zsqr, in_z); - - add $a_ptr,sp,#$S - add $b_ptr,sp,#$S - add $r_ptr,sp,#$S - bl __ecp_nistz256_mul_mont @ p256_sqr_mont(S, S); - - ldr $b_ptr,[sp,#32*5+4] - add $a_ptr,$b_ptr,#32 - add $b_ptr,$b_ptr,#64 - add $r_ptr,sp,#$tmp0 - bl __ecp_nistz256_mul_mont @ p256_mul_mont(tmp0, in_z, in_y); - - ldr $r_ptr,[sp,#32*5] - add $r_ptr,$r_ptr,#64 - bl __ecp_nistz256_add_self @ p256_mul_by_2(res_z, tmp0); - - add $a_ptr,sp,#$in_x - add $b_ptr,sp,#$Zsqr - add $r_ptr,sp,#$M - bl __ecp_nistz256_add @ p256_add(M, in_x, Zsqr); - - add $a_ptr,sp,#$in_x - add $b_ptr,sp,#$Zsqr - add $r_ptr,sp,#$Zsqr - bl __ecp_nistz256_sub @ p256_sub(Zsqr, in_x, Zsqr); - - add $a_ptr,sp,#$S - add $b_ptr,sp,#$S - add $r_ptr,sp,#$tmp0 - bl __ecp_nistz256_mul_mont @ p256_sqr_mont(tmp0, S); - - add $a_ptr,sp,#$Zsqr - add $b_ptr,sp,#$M - add $r_ptr,sp,#$M - bl __ecp_nistz256_mul_mont @ p256_mul_mont(M, M, Zsqr); - - ldr $r_ptr,[sp,#32*5] - add $a_ptr,sp,#$tmp0 - add $r_ptr,$r_ptr,#32 - bl __ecp_nistz256_div_by_2 @ p256_div_by_2(res_y, tmp0); - - add $a_ptr,sp,#$M - add $r_ptr,sp,#$M - bl __ecp_nistz256_mul_by_3 @ p256_mul_by_3(M, M); - - add $a_ptr,sp,#$in_x - add $b_ptr,sp,#$S - add $r_ptr,sp,#$S - bl __ecp_nistz256_mul_mont @ p256_mul_mont(S, S, in_x); - - add $r_ptr,sp,#$tmp0 - bl __ecp_nistz256_add_self @ p256_mul_by_2(tmp0, S); - - ldr $r_ptr,[sp,#32*5] - add $a_ptr,sp,#$M - add $b_ptr,sp,#$M - bl __ecp_nistz256_mul_mont @ p256_sqr_mont(res_x, M); - - add $b_ptr,sp,#$tmp0 - bl __ecp_nistz256_sub_from @ p256_sub(res_x, res_x, tmp0); - - add $b_ptr,sp,#$S - add $r_ptr,sp,#$S - bl __ecp_nistz256_sub_morf @ p256_sub(S, S, res_x); - - add $a_ptr,sp,#$M - add $b_ptr,sp,#$S - bl __ecp_nistz256_mul_mont @ p256_mul_mont(S, S, M); - - ldr $r_ptr,[sp,#32*5] - add $b_ptr,$r_ptr,#32 - add $r_ptr,$r_ptr,#32 - bl __ecp_nistz256_sub_from @ p256_sub(res_y, S, res_y); - - add sp,sp,#32*5+16 @ +16 means "skip even over saved r0-r3" -#if __ARM_ARCH__>=5 || !defined(__thumb__) - ldmia sp!,{r4-r12,pc} -#else - ldmia sp!,{r4-r12,lr} - bx lr @ interoperable with Thumb ISA:-) -#endif -.size ecp_nistz256_point_double,.-ecp_nistz256_point_double -___ -} - -######################################################################## -# void ecp_nistz256_point_add(P256_POINT *out,const P256_POINT *in1, -# const P256_POINT *in2); -{ -my ($res_x,$res_y,$res_z, - $in1_x,$in1_y,$in1_z, - $in2_x,$in2_y,$in2_z, - $H,$Hsqr,$R,$Rsqr,$Hcub, - $U1,$U2,$S1,$S2)=map(32*$_,(0..17)); -my ($Z1sqr, $Z2sqr) = ($Hsqr, $Rsqr); -# above map() describes stack layout with 18 temporary -# 256-bit vectors on top. Then note that we push -# starting from r0, which means that we have copy of -# input arguments just below these temporary vectors. -# We use three of them for ~in1infty, ~in2infty and -# result of check for zero. - -$code.=<<___; -.globl ecp_nistz256_point_add -.type ecp_nistz256_point_add,%function -.align 5 -ecp_nistz256_point_add: - stmdb sp!,{r0-r12,lr} @ push from r0, unusual, but intentional - sub sp,sp,#32*18+16 - - ldmia $b_ptr!,{r4-r11} @ copy in2_x - add r3,sp,#$in2_x - stmia r3!,{r4-r11} - ldmia $b_ptr!,{r4-r11} @ copy in2_y - stmia r3!,{r4-r11} - ldmia $b_ptr,{r4-r11} @ copy in2_z - orr r12,r4,r5 - orr r12,r12,r6 - orr r12,r12,r7 - orr r12,r12,r8 - orr r12,r12,r9 - orr r12,r12,r10 - orr r12,r12,r11 - cmp r12,#0 -#ifdef __thumb2__ - it ne -#endif - movne r12,#-1 - stmia r3,{r4-r11} - str r12,[sp,#32*18+8] @ ~in2infty - - ldmia $a_ptr!,{r4-r11} @ copy in1_x - add r3,sp,#$in1_x - stmia r3!,{r4-r11} - ldmia $a_ptr!,{r4-r11} @ copy in1_y - stmia r3!,{r4-r11} - ldmia $a_ptr,{r4-r11} @ copy in1_z - orr r12,r4,r5 - orr r12,r12,r6 - orr r12,r12,r7 - orr r12,r12,r8 - orr r12,r12,r9 - orr r12,r12,r10 - orr r12,r12,r11 - cmp r12,#0 -#ifdef __thumb2__ - it ne -#endif - movne r12,#-1 - stmia r3,{r4-r11} - str r12,[sp,#32*18+4] @ ~in1infty - - add $a_ptr,sp,#$in2_z - add $b_ptr,sp,#$in2_z - add $r_ptr,sp,#$Z2sqr - bl __ecp_nistz256_mul_mont @ p256_sqr_mont(Z2sqr, in2_z); - - add $a_ptr,sp,#$in1_z - add $b_ptr,sp,#$in1_z - add $r_ptr,sp,#$Z1sqr - bl __ecp_nistz256_mul_mont @ p256_sqr_mont(Z1sqr, in1_z); - - add $a_ptr,sp,#$in2_z - add $b_ptr,sp,#$Z2sqr - add $r_ptr,sp,#$S1 - bl __ecp_nistz256_mul_mont @ p256_mul_mont(S1, Z2sqr, in2_z); - - add $a_ptr,sp,#$in1_z - add $b_ptr,sp,#$Z1sqr - add $r_ptr,sp,#$S2 - bl __ecp_nistz256_mul_mont @ p256_mul_mont(S2, Z1sqr, in1_z); - - add $a_ptr,sp,#$in1_y - add $b_ptr,sp,#$S1 - add $r_ptr,sp,#$S1 - bl __ecp_nistz256_mul_mont @ p256_mul_mont(S1, S1, in1_y); - - add $a_ptr,sp,#$in2_y - add $b_ptr,sp,#$S2 - add $r_ptr,sp,#$S2 - bl __ecp_nistz256_mul_mont @ p256_mul_mont(S2, S2, in2_y); - - add $b_ptr,sp,#$S1 - add $r_ptr,sp,#$R - bl __ecp_nistz256_sub_from @ p256_sub(R, S2, S1); - - orr $a0,$a0,$a1 @ see if result is zero - orr $a2,$a2,$a3 - orr $a4,$a4,$a5 - orr $a0,$a0,$a2 - orr $a4,$a4,$a6 - orr $a0,$a0,$a7 - add $a_ptr,sp,#$in1_x - orr $a0,$a0,$a4 - add $b_ptr,sp,#$Z2sqr - str $a0,[sp,#32*18+12] - - add $r_ptr,sp,#$U1 - bl __ecp_nistz256_mul_mont @ p256_mul_mont(U1, in1_x, Z2sqr); - - add $a_ptr,sp,#$in2_x - add $b_ptr,sp,#$Z1sqr - add $r_ptr,sp,#$U2 - bl __ecp_nistz256_mul_mont @ p256_mul_mont(U2, in2_x, Z1sqr); - - add $b_ptr,sp,#$U1 - add $r_ptr,sp,#$H - bl __ecp_nistz256_sub_from @ p256_sub(H, U2, U1); - - orr $a0,$a0,$a1 @ see if result is zero - orr $a2,$a2,$a3 - orr $a4,$a4,$a5 - orr $a0,$a0,$a2 - orr $a4,$a4,$a6 - orr $a0,$a0,$a7 - orr $a0,$a0,$a4 @ ~is_equal(U1,U2) - - ldr $t0,[sp,#32*18+4] @ ~in1infty - ldr $t1,[sp,#32*18+8] @ ~in2infty - ldr $t2,[sp,#32*18+12] @ ~is_equal(S1,S2) - mvn $t0,$t0 @ -1/0 -> 0/-1 - mvn $t1,$t1 @ -1/0 -> 0/-1 - orr $a0,$a0,$t0 - orr $a0,$a0,$t1 - orrs $a0,$a0,$t2 @ set flags - - @ if(~is_equal(U1,U2) | in1infty | in2infty | ~is_equal(S1,S2)) - bne .Ladd_proceed - -.Ladd_double: - ldr $a_ptr,[sp,#32*18+20] - add sp,sp,#32*(18-5)+16 @ difference in frame sizes - b .Lpoint_double_shortcut - -.align 4 -.Ladd_proceed: - add $a_ptr,sp,#$R - add $b_ptr,sp,#$R - add $r_ptr,sp,#$Rsqr - bl __ecp_nistz256_mul_mont @ p256_sqr_mont(Rsqr, R); - - add $a_ptr,sp,#$H - add $b_ptr,sp,#$in1_z - add $r_ptr,sp,#$res_z - bl __ecp_nistz256_mul_mont @ p256_mul_mont(res_z, H, in1_z); - - add $a_ptr,sp,#$H - add $b_ptr,sp,#$H - add $r_ptr,sp,#$Hsqr - bl __ecp_nistz256_mul_mont @ p256_sqr_mont(Hsqr, H); - - add $a_ptr,sp,#$in2_z - add $b_ptr,sp,#$res_z - add $r_ptr,sp,#$res_z - bl __ecp_nistz256_mul_mont @ p256_mul_mont(res_z, res_z, in2_z); - - add $a_ptr,sp,#$H - add $b_ptr,sp,#$Hsqr - add $r_ptr,sp,#$Hcub - bl __ecp_nistz256_mul_mont @ p256_mul_mont(Hcub, Hsqr, H); - - add $a_ptr,sp,#$Hsqr - add $b_ptr,sp,#$U1 - add $r_ptr,sp,#$U2 - bl __ecp_nistz256_mul_mont @ p256_mul_mont(U2, U1, Hsqr); - - add $r_ptr,sp,#$Hsqr - bl __ecp_nistz256_add_self @ p256_mul_by_2(Hsqr, U2); - - add $b_ptr,sp,#$Rsqr - add $r_ptr,sp,#$res_x - bl __ecp_nistz256_sub_morf @ p256_sub(res_x, Rsqr, Hsqr); - - add $b_ptr,sp,#$Hcub - bl __ecp_nistz256_sub_from @ p256_sub(res_x, res_x, Hcub); - - add $b_ptr,sp,#$U2 - add $r_ptr,sp,#$res_y - bl __ecp_nistz256_sub_morf @ p256_sub(res_y, U2, res_x); - - add $a_ptr,sp,#$Hcub - add $b_ptr,sp,#$S1 - add $r_ptr,sp,#$S2 - bl __ecp_nistz256_mul_mont @ p256_mul_mont(S2, S1, Hcub); - - add $a_ptr,sp,#$R - add $b_ptr,sp,#$res_y - add $r_ptr,sp,#$res_y - bl __ecp_nistz256_mul_mont @ p256_mul_mont(res_y, res_y, R); - - add $b_ptr,sp,#$S2 - bl __ecp_nistz256_sub_from @ p256_sub(res_y, res_y, S2); - - ldr r11,[sp,#32*18+4] @ ~in1infty - ldr r12,[sp,#32*18+8] @ ~in2infty - add r1,sp,#$res_x - add r2,sp,#$in2_x - and r10,r11,r12 @ ~in1infty & ~in2infty - mvn r11,r11 - add r3,sp,#$in1_x - and r11,r11,r12 @ in1infty & ~in2infty - mvn r12,r12 @ in2infty - ldr $r_ptr,[sp,#32*18+16] -___ -for($i=0;$i<96;$i+=8) { # conditional moves -$code.=<<___; - ldmia r1!,{r4-r5} @ res_x - ldmia r2!,{r6-r7} @ in2_x - ldmia r3!,{r8-r9} @ in1_x - and r4,r4,r10 @ ~in1infty & ~in2infty - and r5,r5,r10 - and r6,r6,r11 @ in1infty & ~in2infty - and r7,r7,r11 - and r8,r8,r12 @ in2infty - and r9,r9,r12 - orr r4,r4,r6 - orr r5,r5,r7 - orr r4,r4,r8 - orr r5,r5,r9 - stmia $r_ptr!,{r4-r5} -___ -} -$code.=<<___; -.Ladd_done: - add sp,sp,#32*18+16+16 @ +16 means "skip even over saved r0-r3" -#if __ARM_ARCH__>=5 || !defined(__thumb__) - ldmia sp!,{r4-r12,pc} -#else - ldmia sp!,{r4-r12,lr} - bx lr @ interoperable with Thumb ISA:-) -#endif -.size ecp_nistz256_point_add,.-ecp_nistz256_point_add -___ -} - -######################################################################## -# void ecp_nistz256_point_add_affine(P256_POINT *out,const P256_POINT *in1, -# const P256_POINT_AFFINE *in2); -{ -my ($res_x,$res_y,$res_z, - $in1_x,$in1_y,$in1_z, - $in2_x,$in2_y, - $U2,$S2,$H,$R,$Hsqr,$Hcub,$Rsqr)=map(32*$_,(0..14)); -my $Z1sqr = $S2; -# above map() describes stack layout with 18 temporary -# 256-bit vectors on top. Then note that we push -# starting from r0, which means that we have copy of -# input arguments just below these temporary vectors. -# We use two of them for ~in1infty, ~in2infty. - -my @ONE_mont=(1,0,0,-1,-1,-1,-2,0); - -$code.=<<___; -.globl ecp_nistz256_point_add_affine -.type ecp_nistz256_point_add_affine,%function -.align 5 -ecp_nistz256_point_add_affine: - stmdb sp!,{r0-r12,lr} @ push from r0, unusual, but intentional - sub sp,sp,#32*15 - - ldmia $a_ptr!,{r4-r11} @ copy in1_x - add r3,sp,#$in1_x - stmia r3!,{r4-r11} - ldmia $a_ptr!,{r4-r11} @ copy in1_y - stmia r3!,{r4-r11} - ldmia $a_ptr,{r4-r11} @ copy in1_z - orr r12,r4,r5 - orr r12,r12,r6 - orr r12,r12,r7 - orr r12,r12,r8 - orr r12,r12,r9 - orr r12,r12,r10 - orr r12,r12,r11 - cmp r12,#0 -#ifdef __thumb2__ - it ne -#endif - movne r12,#-1 - stmia r3,{r4-r11} - str r12,[sp,#32*15+4] @ ~in1infty - - ldmia $b_ptr!,{r4-r11} @ copy in2_x - add r3,sp,#$in2_x - orr r12,r4,r5 - orr r12,r12,r6 - orr r12,r12,r7 - orr r12,r12,r8 - orr r12,r12,r9 - orr r12,r12,r10 - orr r12,r12,r11 - stmia r3!,{r4-r11} - ldmia $b_ptr!,{r4-r11} @ copy in2_y - orr r12,r12,r4 - orr r12,r12,r5 - orr r12,r12,r6 - orr r12,r12,r7 - orr r12,r12,r8 - orr r12,r12,r9 - orr r12,r12,r10 - orr r12,r12,r11 - stmia r3!,{r4-r11} - cmp r12,#0 -#ifdef __thumb2__ - it ne -#endif - movne r12,#-1 - str r12,[sp,#32*15+8] @ ~in2infty - - add $a_ptr,sp,#$in1_z - add $b_ptr,sp,#$in1_z - add $r_ptr,sp,#$Z1sqr - bl __ecp_nistz256_mul_mont @ p256_sqr_mont(Z1sqr, in1_z); - - add $a_ptr,sp,#$Z1sqr - add $b_ptr,sp,#$in2_x - add $r_ptr,sp,#$U2 - bl __ecp_nistz256_mul_mont @ p256_mul_mont(U2, Z1sqr, in2_x); - - add $b_ptr,sp,#$in1_x - add $r_ptr,sp,#$H - bl __ecp_nistz256_sub_from @ p256_sub(H, U2, in1_x); - - add $a_ptr,sp,#$Z1sqr - add $b_ptr,sp,#$in1_z - add $r_ptr,sp,#$S2 - bl __ecp_nistz256_mul_mont @ p256_mul_mont(S2, Z1sqr, in1_z); - - add $a_ptr,sp,#$H - add $b_ptr,sp,#$in1_z - add $r_ptr,sp,#$res_z - bl __ecp_nistz256_mul_mont @ p256_mul_mont(res_z, H, in1_z); - - add $a_ptr,sp,#$in2_y - add $b_ptr,sp,#$S2 - add $r_ptr,sp,#$S2 - bl __ecp_nistz256_mul_mont @ p256_mul_mont(S2, S2, in2_y); - - add $b_ptr,sp,#$in1_y - add $r_ptr,sp,#$R - bl __ecp_nistz256_sub_from @ p256_sub(R, S2, in1_y); - - add $a_ptr,sp,#$H - add $b_ptr,sp,#$H - add $r_ptr,sp,#$Hsqr - bl __ecp_nistz256_mul_mont @ p256_sqr_mont(Hsqr, H); - - add $a_ptr,sp,#$R - add $b_ptr,sp,#$R - add $r_ptr,sp,#$Rsqr - bl __ecp_nistz256_mul_mont @ p256_sqr_mont(Rsqr, R); - - add $a_ptr,sp,#$H - add $b_ptr,sp,#$Hsqr - add $r_ptr,sp,#$Hcub - bl __ecp_nistz256_mul_mont @ p256_mul_mont(Hcub, Hsqr, H); - - add $a_ptr,sp,#$Hsqr - add $b_ptr,sp,#$in1_x - add $r_ptr,sp,#$U2 - bl __ecp_nistz256_mul_mont @ p256_mul_mont(U2, in1_x, Hsqr); - - add $r_ptr,sp,#$Hsqr - bl __ecp_nistz256_add_self @ p256_mul_by_2(Hsqr, U2); - - add $b_ptr,sp,#$Rsqr - add $r_ptr,sp,#$res_x - bl __ecp_nistz256_sub_morf @ p256_sub(res_x, Rsqr, Hsqr); - - add $b_ptr,sp,#$Hcub - bl __ecp_nistz256_sub_from @ p256_sub(res_x, res_x, Hcub); - - add $b_ptr,sp,#$U2 - add $r_ptr,sp,#$res_y - bl __ecp_nistz256_sub_morf @ p256_sub(res_y, U2, res_x); - - add $a_ptr,sp,#$Hcub - add $b_ptr,sp,#$in1_y - add $r_ptr,sp,#$S2 - bl __ecp_nistz256_mul_mont @ p256_mul_mont(S2, in1_y, Hcub); - - add $a_ptr,sp,#$R - add $b_ptr,sp,#$res_y - add $r_ptr,sp,#$res_y - bl __ecp_nistz256_mul_mont @ p256_mul_mont(res_y, res_y, R); - - add $b_ptr,sp,#$S2 - bl __ecp_nistz256_sub_from @ p256_sub(res_y, res_y, S2); - - ldr r11,[sp,#32*15+4] @ ~in1infty - ldr r12,[sp,#32*15+8] @ ~in2infty - add r1,sp,#$res_x - add r2,sp,#$in2_x - and r10,r11,r12 @ ~in1infty & ~in2infty - mvn r11,r11 - add r3,sp,#$in1_x - and r11,r11,r12 @ in1infty & ~in2infty - mvn r12,r12 @ in2infty - ldr $r_ptr,[sp,#32*15] -___ -for($i=0;$i<64;$i+=8) { # conditional moves -$code.=<<___; - ldmia r1!,{r4-r5} @ res_x - ldmia r2!,{r6-r7} @ in2_x - ldmia r3!,{r8-r9} @ in1_x - and r4,r4,r10 @ ~in1infty & ~in2infty - and r5,r5,r10 - and r6,r6,r11 @ in1infty & ~in2infty - and r7,r7,r11 - and r8,r8,r12 @ in2infty - and r9,r9,r12 - orr r4,r4,r6 - orr r5,r5,r7 - orr r4,r4,r8 - orr r5,r5,r9 - stmia $r_ptr!,{r4-r5} -___ -} -for(;$i<96;$i+=8) { -my $j=($i-64)/4; -$code.=<<___; - ldmia r1!,{r4-r5} @ res_z - ldmia r3!,{r8-r9} @ in1_z - and r4,r4,r10 - and r5,r5,r10 - and r6,r11,#@ONE_mont[$j] - and r7,r11,#@ONE_mont[$j+1] - and r8,r8,r12 - and r9,r9,r12 - orr r4,r4,r6 - orr r5,r5,r7 - orr r4,r4,r8 - orr r5,r5,r9 - stmia $r_ptr!,{r4-r5} -___ -} -$code.=<<___; - add sp,sp,#32*15+16 @ +16 means "skip even over saved r0-r3" -#if __ARM_ARCH__>=5 || !defined(__thumb__) - ldmia sp!,{r4-r12,pc} -#else - ldmia sp!,{r4-r12,lr} - bx lr @ interoperable with Thumb ISA:-) -#endif -.size ecp_nistz256_point_add_affine,.-ecp_nistz256_point_add_affine -___ -} }}} - -foreach (split("\n",$code)) { - s/\`([^\`]*)\`/eval $1/geo; - - s/\bq([0-9]+)#(lo|hi)/sprintf "d%d",2*$1+($2 eq "hi")/geo; - - print $_,"\n"; -} -close STDOUT or die "error closing STDOUT: $!"; # enforce flush diff --git a/crypto/ec/asm/ecp_nistz256-armv8.pl b/crypto/ec/asm/ecp_nistz256-armv8.pl deleted file mode 100644 index 81ee3947d7e44adb5102563903d68bfdaf6a5669..0000000000000000000000000000000000000000 --- a/crypto/ec/asm/ecp_nistz256-armv8.pl +++ /dev/null @@ -1,1877 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - - -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# ==================================================================== -# -# ECP_NISTZ256 module for ARMv8. -# -# February 2015. -# -# Original ECP_NISTZ256 submission targeting x86_64 is detailed in -# http://eprint.iacr.org/2013/816. -# -# with/without -DECP_NISTZ256_ASM -# Apple A7 +190-360% -# Cortex-A53 +190-400% -# Cortex-A57 +190-350% -# Denver +230-400% -# -# Ranges denote minimum and maximum improvement coefficients depending -# on benchmark. Lower coefficients are for ECDSA sign, server-side -# operation. Keep in mind that +400% means 5x improvement. - -# $output is the last argument if it looks like a file (it has an extension) -# $flavour is the first argument if it doesn't look like a file -$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; -$flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef; - -$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; -( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or -( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or -die "can't locate arm-xlate.pl"; - -open OUT,"| \"$^X\" $xlate $flavour \"$output\"" - or die "can't call $xlate: $!"; -*STDOUT=*OUT; - -{ -my ($rp,$ap,$bp,$bi,$a0,$a1,$a2,$a3,$t0,$t1,$t2,$t3,$poly1,$poly3, - $acc0,$acc1,$acc2,$acc3,$acc4,$acc5) = - map("x$_",(0..17,19,20)); - -my ($acc6,$acc7)=($ap,$bp); # used in __ecp_nistz256_sqr_mont - -$code.=<<___; -#include "arm_arch.h" - -.text -___ -######################################################################## -# Convert ecp_nistz256_table.c to layout expected by ecp_nistz_gather_w7 -# -$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; -open TABLE,") { - s/TOBN\(\s*(0x[0-9a-f]+),\s*(0x[0-9a-f]+)\s*\)/push @arr,hex($2),hex($1)/geo; -} -close TABLE; - -# See ecp_nistz256_table.c for explanation for why it's 64*16*37. -# 64*16*37-1 is because $#arr returns last valid index or @arr, not -# amount of elements. -die "insane number of elements" if ($#arr != 64*16*37-1); - -$code.=<<___; -.globl ecp_nistz256_precomputed -.type ecp_nistz256_precomputed,%object -.align 12 -ecp_nistz256_precomputed: -___ -######################################################################## -# this conversion smashes P256_POINT_AFFINE by individual bytes with -# 64 byte interval, similar to -# 1111222233334444 -# 1234123412341234 -for(1..37) { - @tbl = splice(@arr,0,64*16); - for($i=0;$i<64;$i++) { - undef @line; - for($j=0;$j<64;$j++) { - push @line,(@tbl[$j*16+$i/4]>>(($i%4)*8))&0xff; - } - $code.=".byte\t"; - $code.=join(',',map { sprintf "0x%02x",$_} @line); - $code.="\n"; - } -} -$code.=<<___; -.size ecp_nistz256_precomputed,.-ecp_nistz256_precomputed -.align 5 -.Lpoly: -.quad 0xffffffffffffffff,0x00000000ffffffff,0x0000000000000000,0xffffffff00000001 -.LRR: // 2^512 mod P precomputed for NIST P256 polynomial -.quad 0x0000000000000003,0xfffffffbffffffff,0xfffffffffffffffe,0x00000004fffffffd -.Lone_mont: -.quad 0x0000000000000001,0xffffffff00000000,0xffffffffffffffff,0x00000000fffffffe -.Lone: -.quad 1,0,0,0 -.Lord: -.quad 0xf3b9cac2fc632551,0xbce6faada7179e84,0xffffffffffffffff,0xffffffff00000000 -.LordK: -.quad 0xccd1c8aaee00bc4f -.asciz "ECP_NISTZ256 for ARMv8, CRYPTOGAMS by " - -// void ecp_nistz256_to_mont(BN_ULONG x0[4],const BN_ULONG x1[4]); -.globl ecp_nistz256_to_mont -.type ecp_nistz256_to_mont,%function -.align 6 -ecp_nistz256_to_mont: - .inst 0xd503233f // paciasp - stp x29,x30,[sp,#-32]! - add x29,sp,#0 - stp x19,x20,[sp,#16] - - ldr $bi,.LRR // bp[0] - ldp $a0,$a1,[$ap] - ldp $a2,$a3,[$ap,#16] - ldr $poly1,.Lpoly+8 - ldr $poly3,.Lpoly+24 - adr $bp,.LRR // &bp[0] - - bl __ecp_nistz256_mul_mont - - ldp x19,x20,[sp,#16] - ldp x29,x30,[sp],#32 - .inst 0xd50323bf // autiasp - ret -.size ecp_nistz256_to_mont,.-ecp_nistz256_to_mont - -// void ecp_nistz256_from_mont(BN_ULONG x0[4],const BN_ULONG x1[4]); -.globl ecp_nistz256_from_mont -.type ecp_nistz256_from_mont,%function -.align 4 -ecp_nistz256_from_mont: - .inst 0xd503233f // paciasp - stp x29,x30,[sp,#-32]! - add x29,sp,#0 - stp x19,x20,[sp,#16] - - mov $bi,#1 // bp[0] - ldp $a0,$a1,[$ap] - ldp $a2,$a3,[$ap,#16] - ldr $poly1,.Lpoly+8 - ldr $poly3,.Lpoly+24 - adr $bp,.Lone // &bp[0] - - bl __ecp_nistz256_mul_mont - - ldp x19,x20,[sp,#16] - ldp x29,x30,[sp],#32 - .inst 0xd50323bf // autiasp - ret -.size ecp_nistz256_from_mont,.-ecp_nistz256_from_mont - -// void ecp_nistz256_mul_mont(BN_ULONG x0[4],const BN_ULONG x1[4], -// const BN_ULONG x2[4]); -.globl ecp_nistz256_mul_mont -.type ecp_nistz256_mul_mont,%function -.align 4 -ecp_nistz256_mul_mont: - .inst 0xd503233f // paciasp - stp x29,x30,[sp,#-32]! - add x29,sp,#0 - stp x19,x20,[sp,#16] - - ldr $bi,[$bp] // bp[0] - ldp $a0,$a1,[$ap] - ldp $a2,$a3,[$ap,#16] - ldr $poly1,.Lpoly+8 - ldr $poly3,.Lpoly+24 - - bl __ecp_nistz256_mul_mont - - ldp x19,x20,[sp,#16] - ldp x29,x30,[sp],#32 - .inst 0xd50323bf // autiasp - ret -.size ecp_nistz256_mul_mont,.-ecp_nistz256_mul_mont - -// void ecp_nistz256_sqr_mont(BN_ULONG x0[4],const BN_ULONG x1[4]); -.globl ecp_nistz256_sqr_mont -.type ecp_nistz256_sqr_mont,%function -.align 4 -ecp_nistz256_sqr_mont: - .inst 0xd503233f // paciasp - stp x29,x30,[sp,#-32]! - add x29,sp,#0 - stp x19,x20,[sp,#16] - - ldp $a0,$a1,[$ap] - ldp $a2,$a3,[$ap,#16] - ldr $poly1,.Lpoly+8 - ldr $poly3,.Lpoly+24 - - bl __ecp_nistz256_sqr_mont - - ldp x19,x20,[sp,#16] - ldp x29,x30,[sp],#32 - .inst 0xd50323bf // autiasp - ret -.size ecp_nistz256_sqr_mont,.-ecp_nistz256_sqr_mont - -// void ecp_nistz256_add(BN_ULONG x0[4],const BN_ULONG x1[4], -// const BN_ULONG x2[4]); -.globl ecp_nistz256_add -.type ecp_nistz256_add,%function -.align 4 -ecp_nistz256_add: - .inst 0xd503233f // paciasp - stp x29,x30,[sp,#-16]! - add x29,sp,#0 - - ldp $acc0,$acc1,[$ap] - ldp $t0,$t1,[$bp] - ldp $acc2,$acc3,[$ap,#16] - ldp $t2,$t3,[$bp,#16] - ldr $poly1,.Lpoly+8 - ldr $poly3,.Lpoly+24 - - bl __ecp_nistz256_add - - ldp x29,x30,[sp],#16 - .inst 0xd50323bf // autiasp - ret -.size ecp_nistz256_add,.-ecp_nistz256_add - -// void ecp_nistz256_div_by_2(BN_ULONG x0[4],const BN_ULONG x1[4]); -.globl ecp_nistz256_div_by_2 -.type ecp_nistz256_div_by_2,%function -.align 4 -ecp_nistz256_div_by_2: - .inst 0xd503233f // paciasp - stp x29,x30,[sp,#-16]! - add x29,sp,#0 - - ldp $acc0,$acc1,[$ap] - ldp $acc2,$acc3,[$ap,#16] - ldr $poly1,.Lpoly+8 - ldr $poly3,.Lpoly+24 - - bl __ecp_nistz256_div_by_2 - - ldp x29,x30,[sp],#16 - .inst 0xd50323bf // autiasp - ret -.size ecp_nistz256_div_by_2,.-ecp_nistz256_div_by_2 - -// void ecp_nistz256_mul_by_2(BN_ULONG x0[4],const BN_ULONG x1[4]); -.globl ecp_nistz256_mul_by_2 -.type ecp_nistz256_mul_by_2,%function -.align 4 -ecp_nistz256_mul_by_2: - .inst 0xd503233f // paciasp - stp x29,x30,[sp,#-16]! - add x29,sp,#0 - - ldp $acc0,$acc1,[$ap] - ldp $acc2,$acc3,[$ap,#16] - ldr $poly1,.Lpoly+8 - ldr $poly3,.Lpoly+24 - mov $t0,$acc0 - mov $t1,$acc1 - mov $t2,$acc2 - mov $t3,$acc3 - - bl __ecp_nistz256_add // ret = a+a // 2*a - - ldp x29,x30,[sp],#16 - .inst 0xd50323bf // autiasp - ret -.size ecp_nistz256_mul_by_2,.-ecp_nistz256_mul_by_2 - -// void ecp_nistz256_mul_by_3(BN_ULONG x0[4],const BN_ULONG x1[4]); -.globl ecp_nistz256_mul_by_3 -.type ecp_nistz256_mul_by_3,%function -.align 4 -ecp_nistz256_mul_by_3: - .inst 0xd503233f // paciasp - stp x29,x30,[sp,#-16]! - add x29,sp,#0 - - ldp $acc0,$acc1,[$ap] - ldp $acc2,$acc3,[$ap,#16] - ldr $poly1,.Lpoly+8 - ldr $poly3,.Lpoly+24 - mov $t0,$acc0 - mov $t1,$acc1 - mov $t2,$acc2 - mov $t3,$acc3 - mov $a0,$acc0 - mov $a1,$acc1 - mov $a2,$acc2 - mov $a3,$acc3 - - bl __ecp_nistz256_add // ret = a+a // 2*a - - mov $t0,$a0 - mov $t1,$a1 - mov $t2,$a2 - mov $t3,$a3 - - bl __ecp_nistz256_add // ret += a // 2*a+a=3*a - - ldp x29,x30,[sp],#16 - .inst 0xd50323bf // autiasp - ret -.size ecp_nistz256_mul_by_3,.-ecp_nistz256_mul_by_3 - -// void ecp_nistz256_sub(BN_ULONG x0[4],const BN_ULONG x1[4], -// const BN_ULONG x2[4]); -.globl ecp_nistz256_sub -.type ecp_nistz256_sub,%function -.align 4 -ecp_nistz256_sub: - .inst 0xd503233f // paciasp - stp x29,x30,[sp,#-16]! - add x29,sp,#0 - - ldp $acc0,$acc1,[$ap] - ldp $acc2,$acc3,[$ap,#16] - ldr $poly1,.Lpoly+8 - ldr $poly3,.Lpoly+24 - - bl __ecp_nistz256_sub_from - - ldp x29,x30,[sp],#16 - .inst 0xd50323bf // autiasp - ret -.size ecp_nistz256_sub,.-ecp_nistz256_sub - -// void ecp_nistz256_neg(BN_ULONG x0[4],const BN_ULONG x1[4]); -.globl ecp_nistz256_neg -.type ecp_nistz256_neg,%function -.align 4 -ecp_nistz256_neg: - .inst 0xd503233f // paciasp - stp x29,x30,[sp,#-16]! - add x29,sp,#0 - - mov $bp,$ap - mov $acc0,xzr // a = 0 - mov $acc1,xzr - mov $acc2,xzr - mov $acc3,xzr - ldr $poly1,.Lpoly+8 - ldr $poly3,.Lpoly+24 - - bl __ecp_nistz256_sub_from - - ldp x29,x30,[sp],#16 - .inst 0xd50323bf // autiasp - ret -.size ecp_nistz256_neg,.-ecp_nistz256_neg - -// note that __ecp_nistz256_mul_mont expects a[0-3] input pre-loaded -// to $a0-$a3 and b[0] - to $bi -.type __ecp_nistz256_mul_mont,%function -.align 4 -__ecp_nistz256_mul_mont: - mul $acc0,$a0,$bi // a[0]*b[0] - umulh $t0,$a0,$bi - - mul $acc1,$a1,$bi // a[1]*b[0] - umulh $t1,$a1,$bi - - mul $acc2,$a2,$bi // a[2]*b[0] - umulh $t2,$a2,$bi - - mul $acc3,$a3,$bi // a[3]*b[0] - umulh $t3,$a3,$bi - ldr $bi,[$bp,#8] // b[1] - - adds $acc1,$acc1,$t0 // accumulate high parts of multiplication - lsl $t0,$acc0,#32 - adcs $acc2,$acc2,$t1 - lsr $t1,$acc0,#32 - adcs $acc3,$acc3,$t2 - adc $acc4,xzr,$t3 - mov $acc5,xzr -___ -for($i=1;$i<4;$i++) { - # Reduction iteration is normally performed by accumulating - # result of multiplication of modulus by "magic" digit [and - # omitting least significant word, which is guaranteed to - # be 0], but thanks to special form of modulus and "magic" - # digit being equal to least significant word, it can be - # performed with additions and subtractions alone. Indeed: - # - # ffff0001.00000000.0000ffff.ffffffff - # * abcdefgh - # + xxxxxxxx.xxxxxxxx.xxxxxxxx.xxxxxxxx.abcdefgh - # - # Now observing that ff..ff*x = (2^n-1)*x = 2^n*x-x, we - # rewrite above as: - # - # xxxxxxxx.xxxxxxxx.xxxxxxxx.xxxxxxxx.abcdefgh - # + abcdefgh.abcdefgh.0000abcd.efgh0000.00000000 - # - 0000abcd.efgh0000.00000000.00000000.abcdefgh - # - # or marking redundant operations: - # - # xxxxxxxx.xxxxxxxx.xxxxxxxx.xxxxxxxx.-------- - # + abcdefgh.abcdefgh.0000abcd.efgh0000.-------- - # - 0000abcd.efgh0000.--------.--------.-------- - -$code.=<<___; - subs $t2,$acc0,$t0 // "*0xffff0001" - sbc $t3,$acc0,$t1 - adds $acc0,$acc1,$t0 // +=acc[0]<<96 and omit acc[0] - mul $t0,$a0,$bi // lo(a[0]*b[i]) - adcs $acc1,$acc2,$t1 - mul $t1,$a1,$bi // lo(a[1]*b[i]) - adcs $acc2,$acc3,$t2 // +=acc[0]*0xffff0001 - mul $t2,$a2,$bi // lo(a[2]*b[i]) - adcs $acc3,$acc4,$t3 - mul $t3,$a3,$bi // lo(a[3]*b[i]) - adc $acc4,$acc5,xzr - - adds $acc0,$acc0,$t0 // accumulate low parts of multiplication - umulh $t0,$a0,$bi // hi(a[0]*b[i]) - adcs $acc1,$acc1,$t1 - umulh $t1,$a1,$bi // hi(a[1]*b[i]) - adcs $acc2,$acc2,$t2 - umulh $t2,$a2,$bi // hi(a[2]*b[i]) - adcs $acc3,$acc3,$t3 - umulh $t3,$a3,$bi // hi(a[3]*b[i]) - adc $acc4,$acc4,xzr -___ -$code.=<<___ if ($i<3); - ldr $bi,[$bp,#8*($i+1)] // b[$i+1] -___ -$code.=<<___; - adds $acc1,$acc1,$t0 // accumulate high parts of multiplication - lsl $t0,$acc0,#32 - adcs $acc2,$acc2,$t1 - lsr $t1,$acc0,#32 - adcs $acc3,$acc3,$t2 - adcs $acc4,$acc4,$t3 - adc $acc5,xzr,xzr -___ -} -$code.=<<___; - // last reduction - subs $t2,$acc0,$t0 // "*0xffff0001" - sbc $t3,$acc0,$t1 - adds $acc0,$acc1,$t0 // +=acc[0]<<96 and omit acc[0] - adcs $acc1,$acc2,$t1 - adcs $acc2,$acc3,$t2 // +=acc[0]*0xffff0001 - adcs $acc3,$acc4,$t3 - adc $acc4,$acc5,xzr - - adds $t0,$acc0,#1 // subs $t0,$acc0,#-1 // tmp = ret-modulus - sbcs $t1,$acc1,$poly1 - sbcs $t2,$acc2,xzr - sbcs $t3,$acc3,$poly3 - sbcs xzr,$acc4,xzr // did it borrow? - - csel $acc0,$acc0,$t0,lo // ret = borrow ? ret : ret-modulus - csel $acc1,$acc1,$t1,lo - csel $acc2,$acc2,$t2,lo - stp $acc0,$acc1,[$rp] - csel $acc3,$acc3,$t3,lo - stp $acc2,$acc3,[$rp,#16] - - ret -.size __ecp_nistz256_mul_mont,.-__ecp_nistz256_mul_mont - -// note that __ecp_nistz256_sqr_mont expects a[0-3] input pre-loaded -// to $a0-$a3 -.type __ecp_nistz256_sqr_mont,%function -.align 4 -__ecp_nistz256_sqr_mont: - // | | | | | |a1*a0| | - // | | | | |a2*a0| | | - // | |a3*a2|a3*a0| | | | - // | | | |a2*a1| | | | - // | | |a3*a1| | | | | - // *| | | | | | | | 2| - // +|a3*a3|a2*a2|a1*a1|a0*a0| - // |--+--+--+--+--+--+--+--| - // |A7|A6|A5|A4|A3|A2|A1|A0|, where Ax is $accx, i.e. follow $accx - // - // "can't overflow" below mark carrying into high part of - // multiplication result, which can't overflow, because it - // can never be all ones. - - mul $acc1,$a1,$a0 // a[1]*a[0] - umulh $t1,$a1,$a0 - mul $acc2,$a2,$a0 // a[2]*a[0] - umulh $t2,$a2,$a0 - mul $acc3,$a3,$a0 // a[3]*a[0] - umulh $acc4,$a3,$a0 - - adds $acc2,$acc2,$t1 // accumulate high parts of multiplication - mul $t0,$a2,$a1 // a[2]*a[1] - umulh $t1,$a2,$a1 - adcs $acc3,$acc3,$t2 - mul $t2,$a3,$a1 // a[3]*a[1] - umulh $t3,$a3,$a1 - adc $acc4,$acc4,xzr // can't overflow - - mul $acc5,$a3,$a2 // a[3]*a[2] - umulh $acc6,$a3,$a2 - - adds $t1,$t1,$t2 // accumulate high parts of multiplication - mul $acc0,$a0,$a0 // a[0]*a[0] - adc $t2,$t3,xzr // can't overflow - - adds $acc3,$acc3,$t0 // accumulate low parts of multiplication - umulh $a0,$a0,$a0 - adcs $acc4,$acc4,$t1 - mul $t1,$a1,$a1 // a[1]*a[1] - adcs $acc5,$acc5,$t2 - umulh $a1,$a1,$a1 - adc $acc6,$acc6,xzr // can't overflow - - adds $acc1,$acc1,$acc1 // acc[1-6]*=2 - mul $t2,$a2,$a2 // a[2]*a[2] - adcs $acc2,$acc2,$acc2 - umulh $a2,$a2,$a2 - adcs $acc3,$acc3,$acc3 - mul $t3,$a3,$a3 // a[3]*a[3] - adcs $acc4,$acc4,$acc4 - umulh $a3,$a3,$a3 - adcs $acc5,$acc5,$acc5 - adcs $acc6,$acc6,$acc6 - adc $acc7,xzr,xzr - - adds $acc1,$acc1,$a0 // +a[i]*a[i] - adcs $acc2,$acc2,$t1 - adcs $acc3,$acc3,$a1 - adcs $acc4,$acc4,$t2 - adcs $acc5,$acc5,$a2 - lsl $t0,$acc0,#32 - adcs $acc6,$acc6,$t3 - lsr $t1,$acc0,#32 - adc $acc7,$acc7,$a3 -___ -for($i=0;$i<3;$i++) { # reductions, see commentary in - # multiplication for details -$code.=<<___; - subs $t2,$acc0,$t0 // "*0xffff0001" - sbc $t3,$acc0,$t1 - adds $acc0,$acc1,$t0 // +=acc[0]<<96 and omit acc[0] - adcs $acc1,$acc2,$t1 - lsl $t0,$acc0,#32 - adcs $acc2,$acc3,$t2 // +=acc[0]*0xffff0001 - lsr $t1,$acc0,#32 - adc $acc3,$t3,xzr // can't overflow -___ -} -$code.=<<___; - subs $t2,$acc0,$t0 // "*0xffff0001" - sbc $t3,$acc0,$t1 - adds $acc0,$acc1,$t0 // +=acc[0]<<96 and omit acc[0] - adcs $acc1,$acc2,$t1 - adcs $acc2,$acc3,$t2 // +=acc[0]*0xffff0001 - adc $acc3,$t3,xzr // can't overflow - - adds $acc0,$acc0,$acc4 // accumulate upper half - adcs $acc1,$acc1,$acc5 - adcs $acc2,$acc2,$acc6 - adcs $acc3,$acc3,$acc7 - adc $acc4,xzr,xzr - - adds $t0,$acc0,#1 // subs $t0,$acc0,#-1 // tmp = ret-modulus - sbcs $t1,$acc1,$poly1 - sbcs $t2,$acc2,xzr - sbcs $t3,$acc3,$poly3 - sbcs xzr,$acc4,xzr // did it borrow? - - csel $acc0,$acc0,$t0,lo // ret = borrow ? ret : ret-modulus - csel $acc1,$acc1,$t1,lo - csel $acc2,$acc2,$t2,lo - stp $acc0,$acc1,[$rp] - csel $acc3,$acc3,$t3,lo - stp $acc2,$acc3,[$rp,#16] - - ret -.size __ecp_nistz256_sqr_mont,.-__ecp_nistz256_sqr_mont - -// Note that __ecp_nistz256_add expects both input vectors pre-loaded to -// $a0-$a3 and $t0-$t3. This is done because it's used in multiple -// contexts, e.g. in multiplication by 2 and 3... -.type __ecp_nistz256_add,%function -.align 4 -__ecp_nistz256_add: - adds $acc0,$acc0,$t0 // ret = a+b - adcs $acc1,$acc1,$t1 - adcs $acc2,$acc2,$t2 - adcs $acc3,$acc3,$t3 - adc $ap,xzr,xzr // zap $ap - - adds $t0,$acc0,#1 // subs $t0,$a0,#-1 // tmp = ret-modulus - sbcs $t1,$acc1,$poly1 - sbcs $t2,$acc2,xzr - sbcs $t3,$acc3,$poly3 - sbcs xzr,$ap,xzr // did subtraction borrow? - - csel $acc0,$acc0,$t0,lo // ret = borrow ? ret : ret-modulus - csel $acc1,$acc1,$t1,lo - csel $acc2,$acc2,$t2,lo - stp $acc0,$acc1,[$rp] - csel $acc3,$acc3,$t3,lo - stp $acc2,$acc3,[$rp,#16] - - ret -.size __ecp_nistz256_add,.-__ecp_nistz256_add - -.type __ecp_nistz256_sub_from,%function -.align 4 -__ecp_nistz256_sub_from: - ldp $t0,$t1,[$bp] - ldp $t2,$t3,[$bp,#16] - subs $acc0,$acc0,$t0 // ret = a-b - sbcs $acc1,$acc1,$t1 - sbcs $acc2,$acc2,$t2 - sbcs $acc3,$acc3,$t3 - sbc $ap,xzr,xzr // zap $ap - - subs $t0,$acc0,#1 // adds $t0,$a0,#-1 // tmp = ret+modulus - adcs $t1,$acc1,$poly1 - adcs $t2,$acc2,xzr - adc $t3,$acc3,$poly3 - cmp $ap,xzr // did subtraction borrow? - - csel $acc0,$acc0,$t0,eq // ret = borrow ? ret+modulus : ret - csel $acc1,$acc1,$t1,eq - csel $acc2,$acc2,$t2,eq - stp $acc0,$acc1,[$rp] - csel $acc3,$acc3,$t3,eq - stp $acc2,$acc3,[$rp,#16] - - ret -.size __ecp_nistz256_sub_from,.-__ecp_nistz256_sub_from - -.type __ecp_nistz256_sub_morf,%function -.align 4 -__ecp_nistz256_sub_morf: - ldp $t0,$t1,[$bp] - ldp $t2,$t3,[$bp,#16] - subs $acc0,$t0,$acc0 // ret = b-a - sbcs $acc1,$t1,$acc1 - sbcs $acc2,$t2,$acc2 - sbcs $acc3,$t3,$acc3 - sbc $ap,xzr,xzr // zap $ap - - subs $t0,$acc0,#1 // adds $t0,$a0,#-1 // tmp = ret+modulus - adcs $t1,$acc1,$poly1 - adcs $t2,$acc2,xzr - adc $t3,$acc3,$poly3 - cmp $ap,xzr // did subtraction borrow? - - csel $acc0,$acc0,$t0,eq // ret = borrow ? ret+modulus : ret - csel $acc1,$acc1,$t1,eq - csel $acc2,$acc2,$t2,eq - stp $acc0,$acc1,[$rp] - csel $acc3,$acc3,$t3,eq - stp $acc2,$acc3,[$rp,#16] - - ret -.size __ecp_nistz256_sub_morf,.-__ecp_nistz256_sub_morf - -.type __ecp_nistz256_div_by_2,%function -.align 4 -__ecp_nistz256_div_by_2: - subs $t0,$acc0,#1 // adds $t0,$a0,#-1 // tmp = a+modulus - adcs $t1,$acc1,$poly1 - adcs $t2,$acc2,xzr - adcs $t3,$acc3,$poly3 - adc $ap,xzr,xzr // zap $ap - tst $acc0,#1 // is a even? - - csel $acc0,$acc0,$t0,eq // ret = even ? a : a+modulus - csel $acc1,$acc1,$t1,eq - csel $acc2,$acc2,$t2,eq - csel $acc3,$acc3,$t3,eq - csel $ap,xzr,$ap,eq - - lsr $acc0,$acc0,#1 // ret >>= 1 - orr $acc0,$acc0,$acc1,lsl#63 - lsr $acc1,$acc1,#1 - orr $acc1,$acc1,$acc2,lsl#63 - lsr $acc2,$acc2,#1 - orr $acc2,$acc2,$acc3,lsl#63 - lsr $acc3,$acc3,#1 - stp $acc0,$acc1,[$rp] - orr $acc3,$acc3,$ap,lsl#63 - stp $acc2,$acc3,[$rp,#16] - - ret -.size __ecp_nistz256_div_by_2,.-__ecp_nistz256_div_by_2 -___ -######################################################################## -# following subroutines are "literal" implementation of those found in -# ecp_nistz256.c -# -######################################################################## -# void ecp_nistz256_point_double(P256_POINT *out,const P256_POINT *inp); -# -{ -my ($S,$M,$Zsqr,$tmp0)=map(32*$_,(0..3)); -# above map() describes stack layout with 4 temporary -# 256-bit vectors on top. -my ($rp_real,$ap_real) = map("x$_",(21,22)); - -$code.=<<___; -.globl ecp_nistz256_point_double -.type ecp_nistz256_point_double,%function -.align 5 -ecp_nistz256_point_double: - .inst 0xd503233f // paciasp - stp x29,x30,[sp,#-96]! - add x29,sp,#0 - stp x19,x20,[sp,#16] - stp x21,x22,[sp,#32] - sub sp,sp,#32*4 - -.Ldouble_shortcut: - ldp $acc0,$acc1,[$ap,#32] - mov $rp_real,$rp - ldp $acc2,$acc3,[$ap,#48] - mov $ap_real,$ap - ldr $poly1,.Lpoly+8 - mov $t0,$acc0 - ldr $poly3,.Lpoly+24 - mov $t1,$acc1 - ldp $a0,$a1,[$ap_real,#64] // forward load for p256_sqr_mont - mov $t2,$acc2 - mov $t3,$acc3 - ldp $a2,$a3,[$ap_real,#64+16] - add $rp,sp,#$S - bl __ecp_nistz256_add // p256_mul_by_2(S, in_y); - - add $rp,sp,#$Zsqr - bl __ecp_nistz256_sqr_mont // p256_sqr_mont(Zsqr, in_z); - - ldp $t0,$t1,[$ap_real] - ldp $t2,$t3,[$ap_real,#16] - mov $a0,$acc0 // put Zsqr aside for p256_sub - mov $a1,$acc1 - mov $a2,$acc2 - mov $a3,$acc3 - add $rp,sp,#$M - bl __ecp_nistz256_add // p256_add(M, Zsqr, in_x); - - add $bp,$ap_real,#0 - mov $acc0,$a0 // restore Zsqr - mov $acc1,$a1 - ldp $a0,$a1,[sp,#$S] // forward load for p256_sqr_mont - mov $acc2,$a2 - mov $acc3,$a3 - ldp $a2,$a3,[sp,#$S+16] - add $rp,sp,#$Zsqr - bl __ecp_nistz256_sub_morf // p256_sub(Zsqr, in_x, Zsqr); - - add $rp,sp,#$S - bl __ecp_nistz256_sqr_mont // p256_sqr_mont(S, S); - - ldr $bi,[$ap_real,#32] - ldp $a0,$a1,[$ap_real,#64] - ldp $a2,$a3,[$ap_real,#64+16] - add $bp,$ap_real,#32 - add $rp,sp,#$tmp0 - bl __ecp_nistz256_mul_mont // p256_mul_mont(tmp0, in_z, in_y); - - mov $t0,$acc0 - mov $t1,$acc1 - ldp $a0,$a1,[sp,#$S] // forward load for p256_sqr_mont - mov $t2,$acc2 - mov $t3,$acc3 - ldp $a2,$a3,[sp,#$S+16] - add $rp,$rp_real,#64 - bl __ecp_nistz256_add // p256_mul_by_2(res_z, tmp0); - - add $rp,sp,#$tmp0 - bl __ecp_nistz256_sqr_mont // p256_sqr_mont(tmp0, S); - - ldr $bi,[sp,#$Zsqr] // forward load for p256_mul_mont - ldp $a0,$a1,[sp,#$M] - ldp $a2,$a3,[sp,#$M+16] - add $rp,$rp_real,#32 - bl __ecp_nistz256_div_by_2 // p256_div_by_2(res_y, tmp0); - - add $bp,sp,#$Zsqr - add $rp,sp,#$M - bl __ecp_nistz256_mul_mont // p256_mul_mont(M, M, Zsqr); - - mov $t0,$acc0 // duplicate M - mov $t1,$acc1 - mov $t2,$acc2 - mov $t3,$acc3 - mov $a0,$acc0 // put M aside - mov $a1,$acc1 - mov $a2,$acc2 - mov $a3,$acc3 - add $rp,sp,#$M - bl __ecp_nistz256_add - mov $t0,$a0 // restore M - mov $t1,$a1 - ldr $bi,[$ap_real] // forward load for p256_mul_mont - mov $t2,$a2 - ldp $a0,$a1,[sp,#$S] - mov $t3,$a3 - ldp $a2,$a3,[sp,#$S+16] - bl __ecp_nistz256_add // p256_mul_by_3(M, M); - - add $bp,$ap_real,#0 - add $rp,sp,#$S - bl __ecp_nistz256_mul_mont // p256_mul_mont(S, S, in_x); - - mov $t0,$acc0 - mov $t1,$acc1 - ldp $a0,$a1,[sp,#$M] // forward load for p256_sqr_mont - mov $t2,$acc2 - mov $t3,$acc3 - ldp $a2,$a3,[sp,#$M+16] - add $rp,sp,#$tmp0 - bl __ecp_nistz256_add // p256_mul_by_2(tmp0, S); - - add $rp,$rp_real,#0 - bl __ecp_nistz256_sqr_mont // p256_sqr_mont(res_x, M); - - add $bp,sp,#$tmp0 - bl __ecp_nistz256_sub_from // p256_sub(res_x, res_x, tmp0); - - add $bp,sp,#$S - add $rp,sp,#$S - bl __ecp_nistz256_sub_morf // p256_sub(S, S, res_x); - - ldr $bi,[sp,#$M] - mov $a0,$acc0 // copy S - mov $a1,$acc1 - mov $a2,$acc2 - mov $a3,$acc3 - add $bp,sp,#$M - bl __ecp_nistz256_mul_mont // p256_mul_mont(S, S, M); - - add $bp,$rp_real,#32 - add $rp,$rp_real,#32 - bl __ecp_nistz256_sub_from // p256_sub(res_y, S, res_y); - - add sp,x29,#0 // destroy frame - ldp x19,x20,[x29,#16] - ldp x21,x22,[x29,#32] - ldp x29,x30,[sp],#96 - .inst 0xd50323bf // autiasp - ret -.size ecp_nistz256_point_double,.-ecp_nistz256_point_double -___ -} - -######################################################################## -# void ecp_nistz256_point_add(P256_POINT *out,const P256_POINT *in1, -# const P256_POINT *in2); -{ -my ($res_x,$res_y,$res_z, - $H,$Hsqr,$R,$Rsqr,$Hcub, - $U1,$U2,$S1,$S2)=map(32*$_,(0..11)); -my ($Z1sqr, $Z2sqr) = ($Hsqr, $Rsqr); -# above map() describes stack layout with 12 temporary -# 256-bit vectors on top. -my ($rp_real,$ap_real,$bp_real,$in1infty,$in2infty,$temp0,$temp1,$temp2)=map("x$_",(21..28)); - -$code.=<<___; -.globl ecp_nistz256_point_add -.type ecp_nistz256_point_add,%function -.align 5 -ecp_nistz256_point_add: - .inst 0xd503233f // paciasp - stp x29,x30,[sp,#-96]! - add x29,sp,#0 - stp x19,x20,[sp,#16] - stp x21,x22,[sp,#32] - stp x23,x24,[sp,#48] - stp x25,x26,[sp,#64] - stp x27,x28,[sp,#80] - sub sp,sp,#32*12 - - ldp $a0,$a1,[$bp,#64] // in2_z - ldp $a2,$a3,[$bp,#64+16] - mov $rp_real,$rp - mov $ap_real,$ap - mov $bp_real,$bp - ldr $poly1,.Lpoly+8 - ldr $poly3,.Lpoly+24 - orr $t0,$a0,$a1 - orr $t2,$a2,$a3 - orr $in2infty,$t0,$t2 - cmp $in2infty,#0 - csetm $in2infty,ne // ~in2infty - add $rp,sp,#$Z2sqr - bl __ecp_nistz256_sqr_mont // p256_sqr_mont(Z2sqr, in2_z); - - ldp $a0,$a1,[$ap_real,#64] // in1_z - ldp $a2,$a3,[$ap_real,#64+16] - orr $t0,$a0,$a1 - orr $t2,$a2,$a3 - orr $in1infty,$t0,$t2 - cmp $in1infty,#0 - csetm $in1infty,ne // ~in1infty - add $rp,sp,#$Z1sqr - bl __ecp_nistz256_sqr_mont // p256_sqr_mont(Z1sqr, in1_z); - - ldr $bi,[$bp_real,#64] - ldp $a0,$a1,[sp,#$Z2sqr] - ldp $a2,$a3,[sp,#$Z2sqr+16] - add $bp,$bp_real,#64 - add $rp,sp,#$S1 - bl __ecp_nistz256_mul_mont // p256_mul_mont(S1, Z2sqr, in2_z); - - ldr $bi,[$ap_real,#64] - ldp $a0,$a1,[sp,#$Z1sqr] - ldp $a2,$a3,[sp,#$Z1sqr+16] - add $bp,$ap_real,#64 - add $rp,sp,#$S2 - bl __ecp_nistz256_mul_mont // p256_mul_mont(S2, Z1sqr, in1_z); - - ldr $bi,[$ap_real,#32] - ldp $a0,$a1,[sp,#$S1] - ldp $a2,$a3,[sp,#$S1+16] - add $bp,$ap_real,#32 - add $rp,sp,#$S1 - bl __ecp_nistz256_mul_mont // p256_mul_mont(S1, S1, in1_y); - - ldr $bi,[$bp_real,#32] - ldp $a0,$a1,[sp,#$S2] - ldp $a2,$a3,[sp,#$S2+16] - add $bp,$bp_real,#32 - add $rp,sp,#$S2 - bl __ecp_nistz256_mul_mont // p256_mul_mont(S2, S2, in2_y); - - add $bp,sp,#$S1 - ldr $bi,[sp,#$Z2sqr] // forward load for p256_mul_mont - ldp $a0,$a1,[$ap_real] - ldp $a2,$a3,[$ap_real,#16] - add $rp,sp,#$R - bl __ecp_nistz256_sub_from // p256_sub(R, S2, S1); - - orr $acc0,$acc0,$acc1 // see if result is zero - orr $acc2,$acc2,$acc3 - orr $temp0,$acc0,$acc2 // ~is_equal(S1,S2) - - add $bp,sp,#$Z2sqr - add $rp,sp,#$U1 - bl __ecp_nistz256_mul_mont // p256_mul_mont(U1, in1_x, Z2sqr); - - ldr $bi,[sp,#$Z1sqr] - ldp $a0,$a1,[$bp_real] - ldp $a2,$a3,[$bp_real,#16] - add $bp,sp,#$Z1sqr - add $rp,sp,#$U2 - bl __ecp_nistz256_mul_mont // p256_mul_mont(U2, in2_x, Z1sqr); - - add $bp,sp,#$U1 - ldp $a0,$a1,[sp,#$R] // forward load for p256_sqr_mont - ldp $a2,$a3,[sp,#$R+16] - add $rp,sp,#$H - bl __ecp_nistz256_sub_from // p256_sub(H, U2, U1); - - orr $acc0,$acc0,$acc1 // see if result is zero - orr $acc2,$acc2,$acc3 - orr $acc0,$acc0,$acc2 // ~is_equal(U1,U2) - - mvn $temp1,$in1infty // -1/0 -> 0/-1 - mvn $temp2,$in2infty // -1/0 -> 0/-1 - orr $acc0,$acc0,$temp1 - orr $acc0,$acc0,$temp2 - orr $acc0,$acc0,$temp0 - cbnz $acc0,.Ladd_proceed // if(~is_equal(U1,U2) | in1infty | in2infty | ~is_equal(S1,S2)) - -.Ladd_double: - mov $ap,$ap_real - mov $rp,$rp_real - ldp x23,x24,[x29,#48] - ldp x25,x26,[x29,#64] - ldp x27,x28,[x29,#80] - add sp,sp,#32*(12-4) // difference in stack frames - b .Ldouble_shortcut - -.align 4 -.Ladd_proceed: - add $rp,sp,#$Rsqr - bl __ecp_nistz256_sqr_mont // p256_sqr_mont(Rsqr, R); - - ldr $bi,[$ap_real,#64] - ldp $a0,$a1,[sp,#$H] - ldp $a2,$a3,[sp,#$H+16] - add $bp,$ap_real,#64 - add $rp,sp,#$res_z - bl __ecp_nistz256_mul_mont // p256_mul_mont(res_z, H, in1_z); - - ldp $a0,$a1,[sp,#$H] - ldp $a2,$a3,[sp,#$H+16] - add $rp,sp,#$Hsqr - bl __ecp_nistz256_sqr_mont // p256_sqr_mont(Hsqr, H); - - ldr $bi,[$bp_real,#64] - ldp $a0,$a1,[sp,#$res_z] - ldp $a2,$a3,[sp,#$res_z+16] - add $bp,$bp_real,#64 - add $rp,sp,#$res_z - bl __ecp_nistz256_mul_mont // p256_mul_mont(res_z, res_z, in2_z); - - ldr $bi,[sp,#$H] - ldp $a0,$a1,[sp,#$Hsqr] - ldp $a2,$a3,[sp,#$Hsqr+16] - add $bp,sp,#$H - add $rp,sp,#$Hcub - bl __ecp_nistz256_mul_mont // p256_mul_mont(Hcub, Hsqr, H); - - ldr $bi,[sp,#$Hsqr] - ldp $a0,$a1,[sp,#$U1] - ldp $a2,$a3,[sp,#$U1+16] - add $bp,sp,#$Hsqr - add $rp,sp,#$U2 - bl __ecp_nistz256_mul_mont // p256_mul_mont(U2, U1, Hsqr); - - mov $t0,$acc0 - mov $t1,$acc1 - mov $t2,$acc2 - mov $t3,$acc3 - add $rp,sp,#$Hsqr - bl __ecp_nistz256_add // p256_mul_by_2(Hsqr, U2); - - add $bp,sp,#$Rsqr - add $rp,sp,#$res_x - bl __ecp_nistz256_sub_morf // p256_sub(res_x, Rsqr, Hsqr); - - add $bp,sp,#$Hcub - bl __ecp_nistz256_sub_from // p256_sub(res_x, res_x, Hcub); - - add $bp,sp,#$U2 - ldr $bi,[sp,#$Hcub] // forward load for p256_mul_mont - ldp $a0,$a1,[sp,#$S1] - ldp $a2,$a3,[sp,#$S1+16] - add $rp,sp,#$res_y - bl __ecp_nistz256_sub_morf // p256_sub(res_y, U2, res_x); - - add $bp,sp,#$Hcub - add $rp,sp,#$S2 - bl __ecp_nistz256_mul_mont // p256_mul_mont(S2, S1, Hcub); - - ldr $bi,[sp,#$R] - ldp $a0,$a1,[sp,#$res_y] - ldp $a2,$a3,[sp,#$res_y+16] - add $bp,sp,#$R - add $rp,sp,#$res_y - bl __ecp_nistz256_mul_mont // p256_mul_mont(res_y, res_y, R); - - add $bp,sp,#$S2 - bl __ecp_nistz256_sub_from // p256_sub(res_y, res_y, S2); - - ldp $a0,$a1,[sp,#$res_x] // res - ldp $a2,$a3,[sp,#$res_x+16] - ldp $t0,$t1,[$bp_real] // in2 - ldp $t2,$t3,[$bp_real,#16] -___ -for($i=0;$i<64;$i+=32) { # conditional moves -$code.=<<___; - ldp $acc0,$acc1,[$ap_real,#$i] // in1 - cmp $in1infty,#0 // ~$in1intfy, remember? - ldp $acc2,$acc3,[$ap_real,#$i+16] - csel $t0,$a0,$t0,ne - csel $t1,$a1,$t1,ne - ldp $a0,$a1,[sp,#$res_x+$i+32] // res - csel $t2,$a2,$t2,ne - csel $t3,$a3,$t3,ne - cmp $in2infty,#0 // ~$in2intfy, remember? - ldp $a2,$a3,[sp,#$res_x+$i+48] - csel $acc0,$t0,$acc0,ne - csel $acc1,$t1,$acc1,ne - ldp $t0,$t1,[$bp_real,#$i+32] // in2 - csel $acc2,$t2,$acc2,ne - csel $acc3,$t3,$acc3,ne - ldp $t2,$t3,[$bp_real,#$i+48] - stp $acc0,$acc1,[$rp_real,#$i] - stp $acc2,$acc3,[$rp_real,#$i+16] -___ -} -$code.=<<___; - ldp $acc0,$acc1,[$ap_real,#$i] // in1 - cmp $in1infty,#0 // ~$in1intfy, remember? - ldp $acc2,$acc3,[$ap_real,#$i+16] - csel $t0,$a0,$t0,ne - csel $t1,$a1,$t1,ne - csel $t2,$a2,$t2,ne - csel $t3,$a3,$t3,ne - cmp $in2infty,#0 // ~$in2intfy, remember? - csel $acc0,$t0,$acc0,ne - csel $acc1,$t1,$acc1,ne - csel $acc2,$t2,$acc2,ne - csel $acc3,$t3,$acc3,ne - stp $acc0,$acc1,[$rp_real,#$i] - stp $acc2,$acc3,[$rp_real,#$i+16] - -.Ladd_done: - add sp,x29,#0 // destroy frame - ldp x19,x20,[x29,#16] - ldp x21,x22,[x29,#32] - ldp x23,x24,[x29,#48] - ldp x25,x26,[x29,#64] - ldp x27,x28,[x29,#80] - ldp x29,x30,[sp],#96 - .inst 0xd50323bf // autiasp - ret -.size ecp_nistz256_point_add,.-ecp_nistz256_point_add -___ -} - -######################################################################## -# void ecp_nistz256_point_add_affine(P256_POINT *out,const P256_POINT *in1, -# const P256_POINT_AFFINE *in2); -{ -my ($res_x,$res_y,$res_z, - $U2,$S2,$H,$R,$Hsqr,$Hcub,$Rsqr)=map(32*$_,(0..9)); -my $Z1sqr = $S2; -# above map() describes stack layout with 10 temporary -# 256-bit vectors on top. -my ($rp_real,$ap_real,$bp_real,$in1infty,$in2infty,$temp)=map("x$_",(21..26)); - -$code.=<<___; -.globl ecp_nistz256_point_add_affine -.type ecp_nistz256_point_add_affine,%function -.align 5 -ecp_nistz256_point_add_affine: - .inst 0xd503233f // paciasp - stp x29,x30,[sp,#-80]! - add x29,sp,#0 - stp x19,x20,[sp,#16] - stp x21,x22,[sp,#32] - stp x23,x24,[sp,#48] - stp x25,x26,[sp,#64] - sub sp,sp,#32*10 - - mov $rp_real,$rp - mov $ap_real,$ap - mov $bp_real,$bp - ldr $poly1,.Lpoly+8 - ldr $poly3,.Lpoly+24 - - ldp $a0,$a1,[$ap,#64] // in1_z - ldp $a2,$a3,[$ap,#64+16] - orr $t0,$a0,$a1 - orr $t2,$a2,$a3 - orr $in1infty,$t0,$t2 - cmp $in1infty,#0 - csetm $in1infty,ne // ~in1infty - - ldp $acc0,$acc1,[$bp] // in2_x - ldp $acc2,$acc3,[$bp,#16] - ldp $t0,$t1,[$bp,#32] // in2_y - ldp $t2,$t3,[$bp,#48] - orr $acc0,$acc0,$acc1 - orr $acc2,$acc2,$acc3 - orr $t0,$t0,$t1 - orr $t2,$t2,$t3 - orr $acc0,$acc0,$acc2 - orr $t0,$t0,$t2 - orr $in2infty,$acc0,$t0 - cmp $in2infty,#0 - csetm $in2infty,ne // ~in2infty - - add $rp,sp,#$Z1sqr - bl __ecp_nistz256_sqr_mont // p256_sqr_mont(Z1sqr, in1_z); - - mov $a0,$acc0 - mov $a1,$acc1 - mov $a2,$acc2 - mov $a3,$acc3 - ldr $bi,[$bp_real] - add $bp,$bp_real,#0 - add $rp,sp,#$U2 - bl __ecp_nistz256_mul_mont // p256_mul_mont(U2, Z1sqr, in2_x); - - add $bp,$ap_real,#0 - ldr $bi,[$ap_real,#64] // forward load for p256_mul_mont - ldp $a0,$a1,[sp,#$Z1sqr] - ldp $a2,$a3,[sp,#$Z1sqr+16] - add $rp,sp,#$H - bl __ecp_nistz256_sub_from // p256_sub(H, U2, in1_x); - - add $bp,$ap_real,#64 - add $rp,sp,#$S2 - bl __ecp_nistz256_mul_mont // p256_mul_mont(S2, Z1sqr, in1_z); - - ldr $bi,[$ap_real,#64] - ldp $a0,$a1,[sp,#$H] - ldp $a2,$a3,[sp,#$H+16] - add $bp,$ap_real,#64 - add $rp,sp,#$res_z - bl __ecp_nistz256_mul_mont // p256_mul_mont(res_z, H, in1_z); - - ldr $bi,[$bp_real,#32] - ldp $a0,$a1,[sp,#$S2] - ldp $a2,$a3,[sp,#$S2+16] - add $bp,$bp_real,#32 - add $rp,sp,#$S2 - bl __ecp_nistz256_mul_mont // p256_mul_mont(S2, S2, in2_y); - - add $bp,$ap_real,#32 - ldp $a0,$a1,[sp,#$H] // forward load for p256_sqr_mont - ldp $a2,$a3,[sp,#$H+16] - add $rp,sp,#$R - bl __ecp_nistz256_sub_from // p256_sub(R, S2, in1_y); - - add $rp,sp,#$Hsqr - bl __ecp_nistz256_sqr_mont // p256_sqr_mont(Hsqr, H); - - ldp $a0,$a1,[sp,#$R] - ldp $a2,$a3,[sp,#$R+16] - add $rp,sp,#$Rsqr - bl __ecp_nistz256_sqr_mont // p256_sqr_mont(Rsqr, R); - - ldr $bi,[sp,#$H] - ldp $a0,$a1,[sp,#$Hsqr] - ldp $a2,$a3,[sp,#$Hsqr+16] - add $bp,sp,#$H - add $rp,sp,#$Hcub - bl __ecp_nistz256_mul_mont // p256_mul_mont(Hcub, Hsqr, H); - - ldr $bi,[$ap_real] - ldp $a0,$a1,[sp,#$Hsqr] - ldp $a2,$a3,[sp,#$Hsqr+16] - add $bp,$ap_real,#0 - add $rp,sp,#$U2 - bl __ecp_nistz256_mul_mont // p256_mul_mont(U2, in1_x, Hsqr); - - mov $t0,$acc0 - mov $t1,$acc1 - mov $t2,$acc2 - mov $t3,$acc3 - add $rp,sp,#$Hsqr - bl __ecp_nistz256_add // p256_mul_by_2(Hsqr, U2); - - add $bp,sp,#$Rsqr - add $rp,sp,#$res_x - bl __ecp_nistz256_sub_morf // p256_sub(res_x, Rsqr, Hsqr); - - add $bp,sp,#$Hcub - bl __ecp_nistz256_sub_from // p256_sub(res_x, res_x, Hcub); - - add $bp,sp,#$U2 - ldr $bi,[$ap_real,#32] // forward load for p256_mul_mont - ldp $a0,$a1,[sp,#$Hcub] - ldp $a2,$a3,[sp,#$Hcub+16] - add $rp,sp,#$res_y - bl __ecp_nistz256_sub_morf // p256_sub(res_y, U2, res_x); - - add $bp,$ap_real,#32 - add $rp,sp,#$S2 - bl __ecp_nistz256_mul_mont // p256_mul_mont(S2, in1_y, Hcub); - - ldr $bi,[sp,#$R] - ldp $a0,$a1,[sp,#$res_y] - ldp $a2,$a3,[sp,#$res_y+16] - add $bp,sp,#$R - add $rp,sp,#$res_y - bl __ecp_nistz256_mul_mont // p256_mul_mont(res_y, res_y, R); - - add $bp,sp,#$S2 - bl __ecp_nistz256_sub_from // p256_sub(res_y, res_y, S2); - - ldp $a0,$a1,[sp,#$res_x] // res - ldp $a2,$a3,[sp,#$res_x+16] - ldp $t0,$t1,[$bp_real] // in2 - ldp $t2,$t3,[$bp_real,#16] -___ -for($i=0;$i<64;$i+=32) { # conditional moves -$code.=<<___; - ldp $acc0,$acc1,[$ap_real,#$i] // in1 - cmp $in1infty,#0 // ~$in1intfy, remember? - ldp $acc2,$acc3,[$ap_real,#$i+16] - csel $t0,$a0,$t0,ne - csel $t1,$a1,$t1,ne - ldp $a0,$a1,[sp,#$res_x+$i+32] // res - csel $t2,$a2,$t2,ne - csel $t3,$a3,$t3,ne - cmp $in2infty,#0 // ~$in2intfy, remember? - ldp $a2,$a3,[sp,#$res_x+$i+48] - csel $acc0,$t0,$acc0,ne - csel $acc1,$t1,$acc1,ne - ldp $t0,$t1,[$bp_real,#$i+32] // in2 - csel $acc2,$t2,$acc2,ne - csel $acc3,$t3,$acc3,ne - ldp $t2,$t3,[$bp_real,#$i+48] - stp $acc0,$acc1,[$rp_real,#$i] - stp $acc2,$acc3,[$rp_real,#$i+16] -___ -$code.=<<___ if ($i == 0); - adr $bp_real,.Lone_mont-64 -___ -} -$code.=<<___; - ldp $acc0,$acc1,[$ap_real,#$i] // in1 - cmp $in1infty,#0 // ~$in1intfy, remember? - ldp $acc2,$acc3,[$ap_real,#$i+16] - csel $t0,$a0,$t0,ne - csel $t1,$a1,$t1,ne - csel $t2,$a2,$t2,ne - csel $t3,$a3,$t3,ne - cmp $in2infty,#0 // ~$in2intfy, remember? - csel $acc0,$t0,$acc0,ne - csel $acc1,$t1,$acc1,ne - csel $acc2,$t2,$acc2,ne - csel $acc3,$t3,$acc3,ne - stp $acc0,$acc1,[$rp_real,#$i] - stp $acc2,$acc3,[$rp_real,#$i+16] - - add sp,x29,#0 // destroy frame - ldp x19,x20,[x29,#16] - ldp x21,x22,[x29,#32] - ldp x23,x24,[x29,#48] - ldp x25,x26,[x29,#64] - ldp x29,x30,[sp],#80 - .inst 0xd50323bf // autiasp - ret -.size ecp_nistz256_point_add_affine,.-ecp_nistz256_point_add_affine -___ -} -if (1) { -my ($ord0,$ord1) = ($poly1,$poly3); -my ($ord2,$ord3,$ordk,$t4) = map("x$_",(21..24)); -my $acc7 = $bi; - -$code.=<<___; -//////////////////////////////////////////////////////////////////////// -// void ecp_nistz256_ord_mul_mont(uint64_t res[4], uint64_t a[4], -// uint64_t b[4]); -.globl ecp_nistz256_ord_mul_mont -.type ecp_nistz256_ord_mul_mont,%function -.align 4 -ecp_nistz256_ord_mul_mont: - stp x29,x30,[sp,#-64]! - add x29,sp,#0 - stp x19,x20,[sp,#16] - stp x21,x22,[sp,#32] - stp x23,x24,[sp,#48] - - adr $ordk,.Lord - ldr $bi,[$bp] // bp[0] - ldp $a0,$a1,[$ap] - ldp $a2,$a3,[$ap,#16] - - ldp $ord0,$ord1,[$ordk,#0] - ldp $ord2,$ord3,[$ordk,#16] - ldr $ordk,[$ordk,#32] - - mul $acc0,$a0,$bi // a[0]*b[0] - umulh $t0,$a0,$bi - - mul $acc1,$a1,$bi // a[1]*b[0] - umulh $t1,$a1,$bi - - mul $acc2,$a2,$bi // a[2]*b[0] - umulh $t2,$a2,$bi - - mul $acc3,$a3,$bi // a[3]*b[0] - umulh $acc4,$a3,$bi - - mul $t4,$acc0,$ordk - - adds $acc1,$acc1,$t0 // accumulate high parts of multiplication - adcs $acc2,$acc2,$t1 - adcs $acc3,$acc3,$t2 - adc $acc4,$acc4,xzr - mov $acc5,xzr -___ -for ($i=1;$i<4;$i++) { - ################################################################ - # ffff0000.ffffffff.yyyyyyyy.zzzzzzzz - # * abcdefgh - # + xxxxxxxx.xxxxxxxx.xxxxxxxx.xxxxxxxx.xxxxxxxx - # - # Now observing that ff..ff*x = (2^n-1)*x = 2^n*x-x, we - # rewrite above as: - # - # xxxxxxxx.xxxxxxxx.xxxxxxxx.xxxxxxxx.xxxxxxxx - # - 0000abcd.efgh0000.abcdefgh.00000000.00000000 - # + abcdefgh.abcdefgh.yzayzbyz.cyzdyzey.zfyzgyzh -$code.=<<___; - ldr $bi,[$bp,#8*$i] // b[i] - - lsl $t0,$t4,#32 - subs $acc2,$acc2,$t4 - lsr $t1,$t4,#32 - sbcs $acc3,$acc3,$t0 - sbcs $acc4,$acc4,$t1 - sbc $acc5,$acc5,xzr - - subs xzr,$acc0,#1 - umulh $t1,$ord0,$t4 - mul $t2,$ord1,$t4 - umulh $t3,$ord1,$t4 - - adcs $t2,$t2,$t1 - mul $t0,$a0,$bi - adc $t3,$t3,xzr - mul $t1,$a1,$bi - - adds $acc0,$acc1,$t2 - mul $t2,$a2,$bi - adcs $acc1,$acc2,$t3 - mul $t3,$a3,$bi - adcs $acc2,$acc3,$t4 - adcs $acc3,$acc4,$t4 - adc $acc4,$acc5,xzr - - adds $acc0,$acc0,$t0 // accumulate low parts - umulh $t0,$a0,$bi - adcs $acc1,$acc1,$t1 - umulh $t1,$a1,$bi - adcs $acc2,$acc2,$t2 - umulh $t2,$a2,$bi - adcs $acc3,$acc3,$t3 - umulh $t3,$a3,$bi - adc $acc4,$acc4,xzr - mul $t4,$acc0,$ordk - adds $acc1,$acc1,$t0 // accumulate high parts - adcs $acc2,$acc2,$t1 - adcs $acc3,$acc3,$t2 - adcs $acc4,$acc4,$t3 - adc $acc5,xzr,xzr -___ -} -$code.=<<___; - lsl $t0,$t4,#32 // last reduction - subs $acc2,$acc2,$t4 - lsr $t1,$t4,#32 - sbcs $acc3,$acc3,$t0 - sbcs $acc4,$acc4,$t1 - sbc $acc5,$acc5,xzr - - subs xzr,$acc0,#1 - umulh $t1,$ord0,$t4 - mul $t2,$ord1,$t4 - umulh $t3,$ord1,$t4 - - adcs $t2,$t2,$t1 - adc $t3,$t3,xzr - - adds $acc0,$acc1,$t2 - adcs $acc1,$acc2,$t3 - adcs $acc2,$acc3,$t4 - adcs $acc3,$acc4,$t4 - adc $acc4,$acc5,xzr - - subs $t0,$acc0,$ord0 // ret -= modulus - sbcs $t1,$acc1,$ord1 - sbcs $t2,$acc2,$ord2 - sbcs $t3,$acc3,$ord3 - sbcs xzr,$acc4,xzr - - csel $acc0,$acc0,$t0,lo // ret = borrow ? ret : ret-modulus - csel $acc1,$acc1,$t1,lo - csel $acc2,$acc2,$t2,lo - stp $acc0,$acc1,[$rp] - csel $acc3,$acc3,$t3,lo - stp $acc2,$acc3,[$rp,#16] - - ldp x19,x20,[sp,#16] - ldp x21,x22,[sp,#32] - ldp x23,x24,[sp,#48] - ldr x29,[sp],#64 - ret -.size ecp_nistz256_ord_mul_mont,.-ecp_nistz256_ord_mul_mont - -//////////////////////////////////////////////////////////////////////// -// void ecp_nistz256_ord_sqr_mont(uint64_t res[4], uint64_t a[4], -// uint64_t rep); -.globl ecp_nistz256_ord_sqr_mont -.type ecp_nistz256_ord_sqr_mont,%function -.align 4 -ecp_nistz256_ord_sqr_mont: - stp x29,x30,[sp,#-64]! - add x29,sp,#0 - stp x19,x20,[sp,#16] - stp x21,x22,[sp,#32] - stp x23,x24,[sp,#48] - - adr $ordk,.Lord - ldp $a0,$a1,[$ap] - ldp $a2,$a3,[$ap,#16] - - ldp $ord0,$ord1,[$ordk,#0] - ldp $ord2,$ord3,[$ordk,#16] - ldr $ordk,[$ordk,#32] - b .Loop_ord_sqr - -.align 4 -.Loop_ord_sqr: - sub $bp,$bp,#1 - //////////////////////////////////////////////////////////////// - // | | | | | |a1*a0| | - // | | | | |a2*a0| | | - // | |a3*a2|a3*a0| | | | - // | | | |a2*a1| | | | - // | | |a3*a1| | | | | - // *| | | | | | | | 2| - // +|a3*a3|a2*a2|a1*a1|a0*a0| - // |--+--+--+--+--+--+--+--| - // |A7|A6|A5|A4|A3|A2|A1|A0|, where Ax is $accx, i.e. follow $accx - // - // "can't overflow" below mark carrying into high part of - // multiplication result, which can't overflow, because it - // can never be all ones. - - mul $acc1,$a1,$a0 // a[1]*a[0] - umulh $t1,$a1,$a0 - mul $acc2,$a2,$a0 // a[2]*a[0] - umulh $t2,$a2,$a0 - mul $acc3,$a3,$a0 // a[3]*a[0] - umulh $acc4,$a3,$a0 - - adds $acc2,$acc2,$t1 // accumulate high parts of multiplication - mul $t0,$a2,$a1 // a[2]*a[1] - umulh $t1,$a2,$a1 - adcs $acc3,$acc3,$t2 - mul $t2,$a3,$a1 // a[3]*a[1] - umulh $t3,$a3,$a1 - adc $acc4,$acc4,xzr // can't overflow - - mul $acc5,$a3,$a2 // a[3]*a[2] - umulh $acc6,$a3,$a2 - - adds $t1,$t1,$t2 // accumulate high parts of multiplication - mul $acc0,$a0,$a0 // a[0]*a[0] - adc $t2,$t3,xzr // can't overflow - - adds $acc3,$acc3,$t0 // accumulate low parts of multiplication - umulh $a0,$a0,$a0 - adcs $acc4,$acc4,$t1 - mul $t1,$a1,$a1 // a[1]*a[1] - adcs $acc5,$acc5,$t2 - umulh $a1,$a1,$a1 - adc $acc6,$acc6,xzr // can't overflow - - adds $acc1,$acc1,$acc1 // acc[1-6]*=2 - mul $t2,$a2,$a2 // a[2]*a[2] - adcs $acc2,$acc2,$acc2 - umulh $a2,$a2,$a2 - adcs $acc3,$acc3,$acc3 - mul $t3,$a3,$a3 // a[3]*a[3] - adcs $acc4,$acc4,$acc4 - umulh $a3,$a3,$a3 - adcs $acc5,$acc5,$acc5 - adcs $acc6,$acc6,$acc6 - adc $acc7,xzr,xzr - - adds $acc1,$acc1,$a0 // +a[i]*a[i] - mul $t4,$acc0,$ordk - adcs $acc2,$acc2,$t1 - adcs $acc3,$acc3,$a1 - adcs $acc4,$acc4,$t2 - adcs $acc5,$acc5,$a2 - adcs $acc6,$acc6,$t3 - adc $acc7,$acc7,$a3 -___ -for($i=0; $i<4; $i++) { # reductions -$code.=<<___; - subs xzr,$acc0,#1 - umulh $t1,$ord0,$t4 - mul $t2,$ord1,$t4 - umulh $t3,$ord1,$t4 - - adcs $t2,$t2,$t1 - adc $t3,$t3,xzr - - adds $acc0,$acc1,$t2 - adcs $acc1,$acc2,$t3 - adcs $acc2,$acc3,$t4 - adc $acc3,xzr,$t4 // can't overflow -___ -$code.=<<___ if ($i<3); - mul $t3,$acc0,$ordk -___ -$code.=<<___; - lsl $t0,$t4,#32 - subs $acc1,$acc1,$t4 - lsr $t1,$t4,#32 - sbcs $acc2,$acc2,$t0 - sbc $acc3,$acc3,$t1 // can't borrow -___ - ($t3,$t4) = ($t4,$t3); -} -$code.=<<___; - adds $acc0,$acc0,$acc4 // accumulate upper half - adcs $acc1,$acc1,$acc5 - adcs $acc2,$acc2,$acc6 - adcs $acc3,$acc3,$acc7 - adc $acc4,xzr,xzr - - subs $t0,$acc0,$ord0 // ret -= modulus - sbcs $t1,$acc1,$ord1 - sbcs $t2,$acc2,$ord2 - sbcs $t3,$acc3,$ord3 - sbcs xzr,$acc4,xzr - - csel $a0,$acc0,$t0,lo // ret = borrow ? ret : ret-modulus - csel $a1,$acc1,$t1,lo - csel $a2,$acc2,$t2,lo - csel $a3,$acc3,$t3,lo - - cbnz $bp,.Loop_ord_sqr - - stp $a0,$a1,[$rp] - stp $a2,$a3,[$rp,#16] - - ldp x19,x20,[sp,#16] - ldp x21,x22,[sp,#32] - ldp x23,x24,[sp,#48] - ldr x29,[sp],#64 - ret -.size ecp_nistz256_ord_sqr_mont,.-ecp_nistz256_ord_sqr_mont -___ -} } - -######################################################################## -# scatter-gather subroutines -{ -my ($out,$inp,$index,$mask)=map("x$_",(0..3)); -$code.=<<___; -// void ecp_nistz256_scatter_w5(void *x0,const P256_POINT *x1, -// int x2); -.globl ecp_nistz256_scatter_w5 -.type ecp_nistz256_scatter_w5,%function -.align 4 -ecp_nistz256_scatter_w5: - stp x29,x30,[sp,#-16]! - add x29,sp,#0 - - add $out,$out,$index,lsl#2 - - ldp x4,x5,[$inp] // X - ldp x6,x7,[$inp,#16] - stur w4,[$out,#64*0-4] - lsr x4,x4,#32 - str w5,[$out,#64*1-4] - lsr x5,x5,#32 - str w6,[$out,#64*2-4] - lsr x6,x6,#32 - str w7,[$out,#64*3-4] - lsr x7,x7,#32 - str w4,[$out,#64*4-4] - str w5,[$out,#64*5-4] - str w6,[$out,#64*6-4] - str w7,[$out,#64*7-4] - add $out,$out,#64*8 - - ldp x4,x5,[$inp,#32] // Y - ldp x6,x7,[$inp,#48] - stur w4,[$out,#64*0-4] - lsr x4,x4,#32 - str w5,[$out,#64*1-4] - lsr x5,x5,#32 - str w6,[$out,#64*2-4] - lsr x6,x6,#32 - str w7,[$out,#64*3-4] - lsr x7,x7,#32 - str w4,[$out,#64*4-4] - str w5,[$out,#64*5-4] - str w6,[$out,#64*6-4] - str w7,[$out,#64*7-4] - add $out,$out,#64*8 - - ldp x4,x5,[$inp,#64] // Z - ldp x6,x7,[$inp,#80] - stur w4,[$out,#64*0-4] - lsr x4,x4,#32 - str w5,[$out,#64*1-4] - lsr x5,x5,#32 - str w6,[$out,#64*2-4] - lsr x6,x6,#32 - str w7,[$out,#64*3-4] - lsr x7,x7,#32 - str w4,[$out,#64*4-4] - str w5,[$out,#64*5-4] - str w6,[$out,#64*6-4] - str w7,[$out,#64*7-4] - - ldr x29,[sp],#16 - ret -.size ecp_nistz256_scatter_w5,.-ecp_nistz256_scatter_w5 - -// void ecp_nistz256_gather_w5(P256_POINT *x0,const void *x1, -// int x2); -.globl ecp_nistz256_gather_w5 -.type ecp_nistz256_gather_w5,%function -.align 4 -ecp_nistz256_gather_w5: - stp x29,x30,[sp,#-16]! - add x29,sp,#0 - - cmp $index,xzr - csetm x3,ne - add $index,$index,x3 - add $inp,$inp,$index,lsl#2 - - ldr w4,[$inp,#64*0] - ldr w5,[$inp,#64*1] - ldr w6,[$inp,#64*2] - ldr w7,[$inp,#64*3] - ldr w8,[$inp,#64*4] - ldr w9,[$inp,#64*5] - ldr w10,[$inp,#64*6] - ldr w11,[$inp,#64*7] - add $inp,$inp,#64*8 - orr x4,x4,x8,lsl#32 - orr x5,x5,x9,lsl#32 - orr x6,x6,x10,lsl#32 - orr x7,x7,x11,lsl#32 - csel x4,x4,xzr,ne - csel x5,x5,xzr,ne - csel x6,x6,xzr,ne - csel x7,x7,xzr,ne - stp x4,x5,[$out] // X - stp x6,x7,[$out,#16] - - ldr w4,[$inp,#64*0] - ldr w5,[$inp,#64*1] - ldr w6,[$inp,#64*2] - ldr w7,[$inp,#64*3] - ldr w8,[$inp,#64*4] - ldr w9,[$inp,#64*5] - ldr w10,[$inp,#64*6] - ldr w11,[$inp,#64*7] - add $inp,$inp,#64*8 - orr x4,x4,x8,lsl#32 - orr x5,x5,x9,lsl#32 - orr x6,x6,x10,lsl#32 - orr x7,x7,x11,lsl#32 - csel x4,x4,xzr,ne - csel x5,x5,xzr,ne - csel x6,x6,xzr,ne - csel x7,x7,xzr,ne - stp x4,x5,[$out,#32] // Y - stp x6,x7,[$out,#48] - - ldr w4,[$inp,#64*0] - ldr w5,[$inp,#64*1] - ldr w6,[$inp,#64*2] - ldr w7,[$inp,#64*3] - ldr w8,[$inp,#64*4] - ldr w9,[$inp,#64*5] - ldr w10,[$inp,#64*6] - ldr w11,[$inp,#64*7] - orr x4,x4,x8,lsl#32 - orr x5,x5,x9,lsl#32 - orr x6,x6,x10,lsl#32 - orr x7,x7,x11,lsl#32 - csel x4,x4,xzr,ne - csel x5,x5,xzr,ne - csel x6,x6,xzr,ne - csel x7,x7,xzr,ne - stp x4,x5,[$out,#64] // Z - stp x6,x7,[$out,#80] - - ldr x29,[sp],#16 - ret -.size ecp_nistz256_gather_w5,.-ecp_nistz256_gather_w5 - -// void ecp_nistz256_scatter_w7(void *x0,const P256_POINT_AFFINE *x1, -// int x2); -.globl ecp_nistz256_scatter_w7 -.type ecp_nistz256_scatter_w7,%function -.align 4 -ecp_nistz256_scatter_w7: - stp x29,x30,[sp,#-16]! - add x29,sp,#0 - - add $out,$out,$index - mov $index,#64/8 -.Loop_scatter_w7: - ldr x3,[$inp],#8 - subs $index,$index,#1 - prfm pstl1strm,[$out,#4096+64*0] - prfm pstl1strm,[$out,#4096+64*1] - prfm pstl1strm,[$out,#4096+64*2] - prfm pstl1strm,[$out,#4096+64*3] - prfm pstl1strm,[$out,#4096+64*4] - prfm pstl1strm,[$out,#4096+64*5] - prfm pstl1strm,[$out,#4096+64*6] - prfm pstl1strm,[$out,#4096+64*7] - strb w3,[$out,#64*0] - lsr x3,x3,#8 - strb w3,[$out,#64*1] - lsr x3,x3,#8 - strb w3,[$out,#64*2] - lsr x3,x3,#8 - strb w3,[$out,#64*3] - lsr x3,x3,#8 - strb w3,[$out,#64*4] - lsr x3,x3,#8 - strb w3,[$out,#64*5] - lsr x3,x3,#8 - strb w3,[$out,#64*6] - lsr x3,x3,#8 - strb w3,[$out,#64*7] - add $out,$out,#64*8 - b.ne .Loop_scatter_w7 - - ldr x29,[sp],#16 - ret -.size ecp_nistz256_scatter_w7,.-ecp_nistz256_scatter_w7 - -// void ecp_nistz256_gather_w7(P256_POINT_AFFINE *x0,const void *x1, -// int x2); -.globl ecp_nistz256_gather_w7 -.type ecp_nistz256_gather_w7,%function -.align 4 -ecp_nistz256_gather_w7: - stp x29,x30,[sp,#-16]! - add x29,sp,#0 - - cmp $index,xzr - csetm x3,ne - add $index,$index,x3 - add $inp,$inp,$index - mov $index,#64/8 - nop -.Loop_gather_w7: - ldrb w4,[$inp,#64*0] - prfm pldl1strm,[$inp,#4096+64*0] - subs $index,$index,#1 - ldrb w5,[$inp,#64*1] - prfm pldl1strm,[$inp,#4096+64*1] - ldrb w6,[$inp,#64*2] - prfm pldl1strm,[$inp,#4096+64*2] - ldrb w7,[$inp,#64*3] - prfm pldl1strm,[$inp,#4096+64*3] - ldrb w8,[$inp,#64*4] - prfm pldl1strm,[$inp,#4096+64*4] - ldrb w9,[$inp,#64*5] - prfm pldl1strm,[$inp,#4096+64*5] - ldrb w10,[$inp,#64*6] - prfm pldl1strm,[$inp,#4096+64*6] - ldrb w11,[$inp,#64*7] - prfm pldl1strm,[$inp,#4096+64*7] - add $inp,$inp,#64*8 - orr x4,x4,x5,lsl#8 - orr x6,x6,x7,lsl#8 - orr x8,x8,x9,lsl#8 - orr x4,x4,x6,lsl#16 - orr x10,x10,x11,lsl#8 - orr x4,x4,x8,lsl#32 - orr x4,x4,x10,lsl#48 - and x4,x4,x3 - str x4,[$out],#8 - b.ne .Loop_gather_w7 - - ldr x29,[sp],#16 - ret -.size ecp_nistz256_gather_w7,.-ecp_nistz256_gather_w7 -___ -} - -foreach (split("\n",$code)) { - s/\`([^\`]*)\`/eval $1/ge; - - print $_,"\n"; -} -close STDOUT or die "error closing STDOUT: $!"; # enforce flush diff --git a/crypto/ec/asm/ecp_nistz256-ppc64.pl b/crypto/ec/asm/ecp_nistz256-ppc64.pl deleted file mode 100755 index 7f600cece9d73cd29814dcde82b6a910061962dd..0000000000000000000000000000000000000000 --- a/crypto/ec/asm/ecp_nistz256-ppc64.pl +++ /dev/null @@ -1,2385 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - -# -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# ==================================================================== -# -# ECP_NISTZ256 module for PPC64. -# -# August 2016. -# -# Original ECP_NISTZ256 submission targeting x86_64 is detailed in -# http://eprint.iacr.org/2013/816. -# -# with/without -DECP_NISTZ256_ASM -# POWER7 +260-530% -# POWER8 +220-340% - -# $output is the last argument if it looks like a file (it has an extension) -# $flavour is the first argument if it doesn't look like a file -$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; -$flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef; - -$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; -( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or -( $xlate="${dir}../../perlasm/ppc-xlate.pl" and -f $xlate) or -die "can't locate ppc-xlate.pl"; - -open OUT,"| \"$^X\" $xlate $flavour \"$output\"" - or die "can't call $xlate: $!"; -*STDOUT=*OUT; - -my $sp="r1"; - -{ -my ($rp,$ap,$bp,$bi,$acc0,$acc1,$acc2,$acc3,$poly1,$poly3, - $acc4,$acc5,$a0,$a1,$a2,$a3,$t0,$t1,$t2,$t3) = - map("r$_",(3..12,22..31)); - -my ($acc6,$acc7)=($bp,$bi); # used in __ecp_nistz256_sqr_mont - -$code.=<<___; -.machine "any" -.text -___ -######################################################################## -# Convert ecp_nistz256_table.c to layout expected by ecp_nistz_gather_w7 -# -$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; -open TABLE,") { - s/TOBN\(\s*(0x[0-9a-f]+),\s*(0x[0-9a-f]+)\s*\)/push @arr,hex($2),hex($1)/geo; -} -close TABLE; - -# See ecp_nistz256_table.c for explanation for why it's 64*16*37. -# 64*16*37-1 is because $#arr returns last valid index or @arr, not -# amount of elements. -die "insane number of elements" if ($#arr != 64*16*37-1); - -$code.=<<___; -.type ecp_nistz256_precomputed,\@object -.globl ecp_nistz256_precomputed -.align 12 -ecp_nistz256_precomputed: -___ -######################################################################## -# this conversion smashes P256_POINT_AFFINE by individual bytes with -# 64 byte interval, similar to -# 1111222233334444 -# 1234123412341234 -for(1..37) { - @tbl = splice(@arr,0,64*16); - for($i=0;$i<64;$i++) { - undef @line; - for($j=0;$j<64;$j++) { - push @line,(@tbl[$j*16+$i/4]>>(($i%4)*8))&0xff; - } - $code.=".byte\t"; - $code.=join(',',map { sprintf "0x%02x",$_} @line); - $code.="\n"; - } -} - -$code.=<<___; -.size ecp_nistz256_precomputed,.-ecp_nistz256_precomputed -.asciz "ECP_NISTZ256 for PPC64, CRYPTOGAMS by " - -# void ecp_nistz256_mul_mont(BN_ULONG x0[4],const BN_ULONG x1[4], -# const BN_ULONG x2[4]); -.globl ecp_nistz256_mul_mont -.align 5 -ecp_nistz256_mul_mont: - stdu $sp,-128($sp) - mflr r0 - std r22,48($sp) - std r23,56($sp) - std r24,64($sp) - std r25,72($sp) - std r26,80($sp) - std r27,88($sp) - std r28,96($sp) - std r29,104($sp) - std r30,112($sp) - std r31,120($sp) - - ld $a0,0($ap) - ld $bi,0($bp) - ld $a1,8($ap) - ld $a2,16($ap) - ld $a3,24($ap) - - li $poly1,-1 - srdi $poly1,$poly1,32 # 0x00000000ffffffff - li $poly3,1 - orc $poly3,$poly3,$poly1 # 0xffffffff00000001 - - bl __ecp_nistz256_mul_mont - - mtlr r0 - ld r22,48($sp) - ld r23,56($sp) - ld r24,64($sp) - ld r25,72($sp) - ld r26,80($sp) - ld r27,88($sp) - ld r28,96($sp) - ld r29,104($sp) - ld r30,112($sp) - ld r31,120($sp) - addi $sp,$sp,128 - blr - .long 0 - .byte 0,12,4,0,0x80,10,3,0 - .long 0 -.size ecp_nistz256_mul_mont,.-ecp_nistz256_mul_mont - -# void ecp_nistz256_sqr_mont(BN_ULONG x0[4],const BN_ULONG x1[4]); -.globl ecp_nistz256_sqr_mont -.align 4 -ecp_nistz256_sqr_mont: - stdu $sp,-128($sp) - mflr r0 - std r22,48($sp) - std r23,56($sp) - std r24,64($sp) - std r25,72($sp) - std r26,80($sp) - std r27,88($sp) - std r28,96($sp) - std r29,104($sp) - std r30,112($sp) - std r31,120($sp) - - ld $a0,0($ap) - ld $a1,8($ap) - ld $a2,16($ap) - ld $a3,24($ap) - - li $poly1,-1 - srdi $poly1,$poly1,32 # 0x00000000ffffffff - li $poly3,1 - orc $poly3,$poly3,$poly1 # 0xffffffff00000001 - - bl __ecp_nistz256_sqr_mont - - mtlr r0 - ld r22,48($sp) - ld r23,56($sp) - ld r24,64($sp) - ld r25,72($sp) - ld r26,80($sp) - ld r27,88($sp) - ld r28,96($sp) - ld r29,104($sp) - ld r30,112($sp) - ld r31,120($sp) - addi $sp,$sp,128 - blr - .long 0 - .byte 0,12,4,0,0x80,10,2,0 - .long 0 -.size ecp_nistz256_sqr_mont,.-ecp_nistz256_sqr_mont - -# void ecp_nistz256_add(BN_ULONG x0[4],const BN_ULONG x1[4], -# const BN_ULONG x2[4]); -.globl ecp_nistz256_add -.align 4 -ecp_nistz256_add: - stdu $sp,-128($sp) - mflr r0 - std r28,96($sp) - std r29,104($sp) - std r30,112($sp) - std r31,120($sp) - - ld $acc0,0($ap) - ld $t0, 0($bp) - ld $acc1,8($ap) - ld $t1, 8($bp) - ld $acc2,16($ap) - ld $t2, 16($bp) - ld $acc3,24($ap) - ld $t3, 24($bp) - - li $poly1,-1 - srdi $poly1,$poly1,32 # 0x00000000ffffffff - li $poly3,1 - orc $poly3,$poly3,$poly1 # 0xffffffff00000001 - - bl __ecp_nistz256_add - - mtlr r0 - ld r28,96($sp) - ld r29,104($sp) - ld r30,112($sp) - ld r31,120($sp) - addi $sp,$sp,128 - blr - .long 0 - .byte 0,12,4,0,0x80,4,3,0 - .long 0 -.size ecp_nistz256_add,.-ecp_nistz256_add - -# void ecp_nistz256_div_by_2(BN_ULONG x0[4],const BN_ULONG x1[4]); -.globl ecp_nistz256_div_by_2 -.align 4 -ecp_nistz256_div_by_2: - stdu $sp,-128($sp) - mflr r0 - std r28,96($sp) - std r29,104($sp) - std r30,112($sp) - std r31,120($sp) - - ld $acc0,0($ap) - ld $acc1,8($ap) - ld $acc2,16($ap) - ld $acc3,24($ap) - - li $poly1,-1 - srdi $poly1,$poly1,32 # 0x00000000ffffffff - li $poly3,1 - orc $poly3,$poly3,$poly1 # 0xffffffff00000001 - - bl __ecp_nistz256_div_by_2 - - mtlr r0 - ld r28,96($sp) - ld r29,104($sp) - ld r30,112($sp) - ld r31,120($sp) - addi $sp,$sp,128 - blr - .long 0 - .byte 0,12,4,0,0x80,4,2,0 - .long 0 -.size ecp_nistz256_div_by_2,.-ecp_nistz256_div_by_2 - -# void ecp_nistz256_mul_by_2(BN_ULONG x0[4],const BN_ULONG x1[4]); -.globl ecp_nistz256_mul_by_2 -.align 4 -ecp_nistz256_mul_by_2: - stdu $sp,-128($sp) - mflr r0 - std r28,96($sp) - std r29,104($sp) - std r30,112($sp) - std r31,120($sp) - - ld $acc0,0($ap) - ld $acc1,8($ap) - ld $acc2,16($ap) - ld $acc3,24($ap) - - mr $t0,$acc0 - mr $t1,$acc1 - mr $t2,$acc2 - mr $t3,$acc3 - - li $poly1,-1 - srdi $poly1,$poly1,32 # 0x00000000ffffffff - li $poly3,1 - orc $poly3,$poly3,$poly1 # 0xffffffff00000001 - - bl __ecp_nistz256_add # ret = a+a // 2*a - - mtlr r0 - ld r28,96($sp) - ld r29,104($sp) - ld r30,112($sp) - ld r31,120($sp) - addi $sp,$sp,128 - blr - .long 0 - .byte 0,12,4,0,0x80,4,3,0 - .long 0 -.size ecp_nistz256_mul_by_2,.-ecp_nistz256_mul_by_2 - -# void ecp_nistz256_mul_by_3(BN_ULONG x0[4],const BN_ULONG x1[4]); -.globl ecp_nistz256_mul_by_3 -.align 4 -ecp_nistz256_mul_by_3: - stdu $sp,-128($sp) - mflr r0 - std r28,96($sp) - std r29,104($sp) - std r30,112($sp) - std r31,120($sp) - - ld $acc0,0($ap) - ld $acc1,8($ap) - ld $acc2,16($ap) - ld $acc3,24($ap) - - mr $t0,$acc0 - std $acc0,64($sp) - mr $t1,$acc1 - std $acc1,72($sp) - mr $t2,$acc2 - std $acc2,80($sp) - mr $t3,$acc3 - std $acc3,88($sp) - - li $poly1,-1 - srdi $poly1,$poly1,32 # 0x00000000ffffffff - li $poly3,1 - orc $poly3,$poly3,$poly1 # 0xffffffff00000001 - - bl __ecp_nistz256_add # ret = a+a // 2*a - - ld $t0,64($sp) - ld $t1,72($sp) - ld $t2,80($sp) - ld $t3,88($sp) - - bl __ecp_nistz256_add # ret += a // 2*a+a=3*a - - mtlr r0 - ld r28,96($sp) - ld r29,104($sp) - ld r30,112($sp) - ld r31,120($sp) - addi $sp,$sp,128 - blr - .long 0 - .byte 0,12,4,0,0x80,4,2,0 - .long 0 -.size ecp_nistz256_mul_by_3,.-ecp_nistz256_mul_by_3 - -# void ecp_nistz256_sub(BN_ULONG x0[4],const BN_ULONG x1[4], -# const BN_ULONG x2[4]); -.globl ecp_nistz256_sub -.align 4 -ecp_nistz256_sub: - stdu $sp,-128($sp) - mflr r0 - std r28,96($sp) - std r29,104($sp) - std r30,112($sp) - std r31,120($sp) - - ld $acc0,0($ap) - ld $acc1,8($ap) - ld $acc2,16($ap) - ld $acc3,24($ap) - - li $poly1,-1 - srdi $poly1,$poly1,32 # 0x00000000ffffffff - li $poly3,1 - orc $poly3,$poly3,$poly1 # 0xffffffff00000001 - - bl __ecp_nistz256_sub_from - - mtlr r0 - ld r28,96($sp) - ld r29,104($sp) - ld r30,112($sp) - ld r31,120($sp) - addi $sp,$sp,128 - blr - .long 0 - .byte 0,12,4,0,0x80,4,3,0 - .long 0 -.size ecp_nistz256_sub,.-ecp_nistz256_sub - -# void ecp_nistz256_neg(BN_ULONG x0[4],const BN_ULONG x1[4]); -.globl ecp_nistz256_neg -.align 4 -ecp_nistz256_neg: - stdu $sp,-128($sp) - mflr r0 - std r28,96($sp) - std r29,104($sp) - std r30,112($sp) - std r31,120($sp) - - mr $bp,$ap - li $acc0,0 - li $acc1,0 - li $acc2,0 - li $acc3,0 - - li $poly1,-1 - srdi $poly1,$poly1,32 # 0x00000000ffffffff - li $poly3,1 - orc $poly3,$poly3,$poly1 # 0xffffffff00000001 - - bl __ecp_nistz256_sub_from - - mtlr r0 - ld r28,96($sp) - ld r29,104($sp) - ld r30,112($sp) - ld r31,120($sp) - addi $sp,$sp,128 - blr - .long 0 - .byte 0,12,4,0,0x80,4,2,0 - .long 0 -.size ecp_nistz256_neg,.-ecp_nistz256_neg - -# note that __ecp_nistz256_mul_mont expects a[0-3] input pre-loaded -# to $a0-$a3 and b[0] - to $bi -.type __ecp_nistz256_mul_mont,\@function -.align 4 -__ecp_nistz256_mul_mont: - mulld $acc0,$a0,$bi # a[0]*b[0] - mulhdu $t0,$a0,$bi - - mulld $acc1,$a1,$bi # a[1]*b[0] - mulhdu $t1,$a1,$bi - - mulld $acc2,$a2,$bi # a[2]*b[0] - mulhdu $t2,$a2,$bi - - mulld $acc3,$a3,$bi # a[3]*b[0] - mulhdu $t3,$a3,$bi - ld $bi,8($bp) # b[1] - - addc $acc1,$acc1,$t0 # accumulate high parts of multiplication - sldi $t0,$acc0,32 - adde $acc2,$acc2,$t1 - srdi $t1,$acc0,32 - adde $acc3,$acc3,$t2 - addze $acc4,$t3 - li $acc5,0 -___ -for($i=1;$i<4;$i++) { - ################################################################ - # Reduction iteration is normally performed by accumulating - # result of multiplication of modulus by "magic" digit [and - # omitting least significant word, which is guaranteed to - # be 0], but thanks to special form of modulus and "magic" - # digit being equal to least significant word, it can be - # performed with additions and subtractions alone. Indeed: - # - # ffff0001.00000000.0000ffff.ffffffff - # * abcdefgh - # + xxxxxxxx.xxxxxxxx.xxxxxxxx.xxxxxxxx.abcdefgh - # - # Now observing that ff..ff*x = (2^n-1)*x = 2^n*x-x, we - # rewrite above as: - # - # xxxxxxxx.xxxxxxxx.xxxxxxxx.xxxxxxxx.abcdefgh - # + abcdefgh.abcdefgh.0000abcd.efgh0000.00000000 - # - 0000abcd.efgh0000.00000000.00000000.abcdefgh - # - # or marking redundant operations: - # - # xxxxxxxx.xxxxxxxx.xxxxxxxx.xxxxxxxx.-------- - # + abcdefgh.abcdefgh.0000abcd.efgh0000.-------- - # - 0000abcd.efgh0000.--------.--------.-------- - -$code.=<<___; - subfc $t2,$t0,$acc0 # "*0xffff0001" - subfe $t3,$t1,$acc0 - addc $acc0,$acc1,$t0 # +=acc[0]<<96 and omit acc[0] - adde $acc1,$acc2,$t1 - adde $acc2,$acc3,$t2 # +=acc[0]*0xffff0001 - adde $acc3,$acc4,$t3 - addze $acc4,$acc5 - - mulld $t0,$a0,$bi # lo(a[0]*b[i]) - mulld $t1,$a1,$bi # lo(a[1]*b[i]) - mulld $t2,$a2,$bi # lo(a[2]*b[i]) - mulld $t3,$a3,$bi # lo(a[3]*b[i]) - addc $acc0,$acc0,$t0 # accumulate low parts of multiplication - mulhdu $t0,$a0,$bi # hi(a[0]*b[i]) - adde $acc1,$acc1,$t1 - mulhdu $t1,$a1,$bi # hi(a[1]*b[i]) - adde $acc2,$acc2,$t2 - mulhdu $t2,$a2,$bi # hi(a[2]*b[i]) - adde $acc3,$acc3,$t3 - mulhdu $t3,$a3,$bi # hi(a[3]*b[i]) - addze $acc4,$acc4 -___ -$code.=<<___ if ($i<3); - ld $bi,8*($i+1)($bp) # b[$i+1] -___ -$code.=<<___; - addc $acc1,$acc1,$t0 # accumulate high parts of multiplication - sldi $t0,$acc0,32 - adde $acc2,$acc2,$t1 - srdi $t1,$acc0,32 - adde $acc3,$acc3,$t2 - adde $acc4,$acc4,$t3 - li $acc5,0 - addze $acc5,$acc5 -___ -} -$code.=<<___; - # last reduction - subfc $t2,$t0,$acc0 # "*0xffff0001" - subfe $t3,$t1,$acc0 - addc $acc0,$acc1,$t0 # +=acc[0]<<96 and omit acc[0] - adde $acc1,$acc2,$t1 - adde $acc2,$acc3,$t2 # +=acc[0]*0xffff0001 - adde $acc3,$acc4,$t3 - addze $acc4,$acc5 - - li $t2,0 - addic $acc0,$acc0,1 # ret -= modulus - subfe $acc1,$poly1,$acc1 - subfe $acc2,$t2,$acc2 - subfe $acc3,$poly3,$acc3 - subfe $acc4,$t2,$acc4 - - addc $acc0,$acc0,$acc4 # ret += modulus if borrow - and $t1,$poly1,$acc4 - and $t3,$poly3,$acc4 - adde $acc1,$acc1,$t1 - addze $acc2,$acc2 - adde $acc3,$acc3,$t3 - - std $acc0,0($rp) - std $acc1,8($rp) - std $acc2,16($rp) - std $acc3,24($rp) - - blr - .long 0 - .byte 0,12,0x14,0,0,0,1,0 - .long 0 -.size __ecp_nistz256_mul_mont,.-__ecp_nistz256_mul_mont - -# note that __ecp_nistz256_sqr_mont expects a[0-3] input pre-loaded -# to $a0-$a3 -.type __ecp_nistz256_sqr_mont,\@function -.align 4 -__ecp_nistz256_sqr_mont: - ################################################################ - # | | | | | |a1*a0| | - # | | | | |a2*a0| | | - # | |a3*a2|a3*a0| | | | - # | | | |a2*a1| | | | - # | | |a3*a1| | | | | - # *| | | | | | | | 2| - # +|a3*a3|a2*a2|a1*a1|a0*a0| - # |--+--+--+--+--+--+--+--| - # |A7|A6|A5|A4|A3|A2|A1|A0|, where Ax is $accx, i.e. follow $accx - # - # "can't overflow" below mark carrying into high part of - # multiplication result, which can't overflow, because it - # can never be all ones. - - mulld $acc1,$a1,$a0 # a[1]*a[0] - mulhdu $t1,$a1,$a0 - mulld $acc2,$a2,$a0 # a[2]*a[0] - mulhdu $t2,$a2,$a0 - mulld $acc3,$a3,$a0 # a[3]*a[0] - mulhdu $acc4,$a3,$a0 - - addc $acc2,$acc2,$t1 # accumulate high parts of multiplication - mulld $t0,$a2,$a1 # a[2]*a[1] - mulhdu $t1,$a2,$a1 - adde $acc3,$acc3,$t2 - mulld $t2,$a3,$a1 # a[3]*a[1] - mulhdu $t3,$a3,$a1 - addze $acc4,$acc4 # can't overflow - - mulld $acc5,$a3,$a2 # a[3]*a[2] - mulhdu $acc6,$a3,$a2 - - addc $t1,$t1,$t2 # accumulate high parts of multiplication - addze $t2,$t3 # can't overflow - - addc $acc3,$acc3,$t0 # accumulate low parts of multiplication - adde $acc4,$acc4,$t1 - adde $acc5,$acc5,$t2 - addze $acc6,$acc6 # can't overflow - - addc $acc1,$acc1,$acc1 # acc[1-6]*=2 - adde $acc2,$acc2,$acc2 - adde $acc3,$acc3,$acc3 - adde $acc4,$acc4,$acc4 - adde $acc5,$acc5,$acc5 - adde $acc6,$acc6,$acc6 - li $acc7,0 - addze $acc7,$acc7 - - mulld $acc0,$a0,$a0 # a[0]*a[0] - mulhdu $a0,$a0,$a0 - mulld $t1,$a1,$a1 # a[1]*a[1] - mulhdu $a1,$a1,$a1 - mulld $t2,$a2,$a2 # a[2]*a[2] - mulhdu $a2,$a2,$a2 - mulld $t3,$a3,$a3 # a[3]*a[3] - mulhdu $a3,$a3,$a3 - addc $acc1,$acc1,$a0 # +a[i]*a[i] - sldi $t0,$acc0,32 - adde $acc2,$acc2,$t1 - srdi $t1,$acc0,32 - adde $acc3,$acc3,$a1 - adde $acc4,$acc4,$t2 - adde $acc5,$acc5,$a2 - adde $acc6,$acc6,$t3 - adde $acc7,$acc7,$a3 -___ -for($i=0;$i<3;$i++) { # reductions, see commentary in - # multiplication for details -$code.=<<___; - subfc $t2,$t0,$acc0 # "*0xffff0001" - subfe $t3,$t1,$acc0 - addc $acc0,$acc1,$t0 # +=acc[0]<<96 and omit acc[0] - sldi $t0,$acc0,32 - adde $acc1,$acc2,$t1 - srdi $t1,$acc0,32 - adde $acc2,$acc3,$t2 # +=acc[0]*0xffff0001 - addze $acc3,$t3 # can't overflow -___ -} -$code.=<<___; - subfc $t2,$t0,$acc0 # "*0xffff0001" - subfe $t3,$t1,$acc0 - addc $acc0,$acc1,$t0 # +=acc[0]<<96 and omit acc[0] - adde $acc1,$acc2,$t1 - adde $acc2,$acc3,$t2 # +=acc[0]*0xffff0001 - addze $acc3,$t3 # can't overflow - - addc $acc0,$acc0,$acc4 # accumulate upper half - adde $acc1,$acc1,$acc5 - adde $acc2,$acc2,$acc6 - adde $acc3,$acc3,$acc7 - li $t2,0 - addze $acc4,$t2 - - addic $acc0,$acc0,1 # ret -= modulus - subfe $acc1,$poly1,$acc1 - subfe $acc2,$t2,$acc2 - subfe $acc3,$poly3,$acc3 - subfe $acc4,$t2,$acc4 - - addc $acc0,$acc0,$acc4 # ret += modulus if borrow - and $t1,$poly1,$acc4 - and $t3,$poly3,$acc4 - adde $acc1,$acc1,$t1 - addze $acc2,$acc2 - adde $acc3,$acc3,$t3 - - std $acc0,0($rp) - std $acc1,8($rp) - std $acc2,16($rp) - std $acc3,24($rp) - - blr - .long 0 - .byte 0,12,0x14,0,0,0,1,0 - .long 0 -.size __ecp_nistz256_sqr_mont,.-__ecp_nistz256_sqr_mont - -# Note that __ecp_nistz256_add expects both input vectors pre-loaded to -# $a0-$a3 and $t0-$t3. This is done because it's used in multiple -# contexts, e.g. in multiplication by 2 and 3... -.type __ecp_nistz256_add,\@function -.align 4 -__ecp_nistz256_add: - addc $acc0,$acc0,$t0 # ret = a+b - adde $acc1,$acc1,$t1 - adde $acc2,$acc2,$t2 - li $t2,0 - adde $acc3,$acc3,$t3 - addze $t0,$t2 - - # if a+b >= modulus, subtract modulus - # - # But since comparison implies subtraction, we subtract - # modulus and then add it back if subtraction borrowed. - - subic $acc0,$acc0,-1 - subfe $acc1,$poly1,$acc1 - subfe $acc2,$t2,$acc2 - subfe $acc3,$poly3,$acc3 - subfe $t0,$t2,$t0 - - addc $acc0,$acc0,$t0 - and $t1,$poly1,$t0 - and $t3,$poly3,$t0 - adde $acc1,$acc1,$t1 - addze $acc2,$acc2 - adde $acc3,$acc3,$t3 - - std $acc0,0($rp) - std $acc1,8($rp) - std $acc2,16($rp) - std $acc3,24($rp) - - blr - .long 0 - .byte 0,12,0x14,0,0,0,3,0 - .long 0 -.size __ecp_nistz256_add,.-__ecp_nistz256_add - -.type __ecp_nistz256_sub_from,\@function -.align 4 -__ecp_nistz256_sub_from: - ld $t0,0($bp) - ld $t1,8($bp) - ld $t2,16($bp) - ld $t3,24($bp) - subfc $acc0,$t0,$acc0 # ret = a-b - subfe $acc1,$t1,$acc1 - subfe $acc2,$t2,$acc2 - subfe $acc3,$t3,$acc3 - subfe $t0,$t0,$t0 # t0 = borrow ? -1 : 0 - - # if a-b borrowed, add modulus - - addc $acc0,$acc0,$t0 # ret -= modulus & t0 - and $t1,$poly1,$t0 - and $t3,$poly3,$t0 - adde $acc1,$acc1,$t1 - addze $acc2,$acc2 - adde $acc3,$acc3,$t3 - - std $acc0,0($rp) - std $acc1,8($rp) - std $acc2,16($rp) - std $acc3,24($rp) - - blr - .long 0 - .byte 0,12,0x14,0,0,0,3,0 - .long 0 -.size __ecp_nistz256_sub_from,.-__ecp_nistz256_sub_from - -.type __ecp_nistz256_sub_morf,\@function -.align 4 -__ecp_nistz256_sub_morf: - ld $t0,0($bp) - ld $t1,8($bp) - ld $t2,16($bp) - ld $t3,24($bp) - subfc $acc0,$acc0,$t0 # ret = b-a - subfe $acc1,$acc1,$t1 - subfe $acc2,$acc2,$t2 - subfe $acc3,$acc3,$t3 - subfe $t0,$t0,$t0 # t0 = borrow ? -1 : 0 - - # if b-a borrowed, add modulus - - addc $acc0,$acc0,$t0 # ret -= modulus & t0 - and $t1,$poly1,$t0 - and $t3,$poly3,$t0 - adde $acc1,$acc1,$t1 - addze $acc2,$acc2 - adde $acc3,$acc3,$t3 - - std $acc0,0($rp) - std $acc1,8($rp) - std $acc2,16($rp) - std $acc3,24($rp) - - blr - .long 0 - .byte 0,12,0x14,0,0,0,3,0 - .long 0 -.size __ecp_nistz256_sub_morf,.-__ecp_nistz256_sub_morf - -.type __ecp_nistz256_div_by_2,\@function -.align 4 -__ecp_nistz256_div_by_2: - andi. $t0,$acc0,1 - addic $acc0,$acc0,-1 # a += modulus - neg $t0,$t0 - adde $acc1,$acc1,$poly1 - not $t0,$t0 - addze $acc2,$acc2 - li $t2,0 - adde $acc3,$acc3,$poly3 - and $t1,$poly1,$t0 - addze $ap,$t2 # ap = carry - and $t3,$poly3,$t0 - - subfc $acc0,$t0,$acc0 # a -= modulus if a was even - subfe $acc1,$t1,$acc1 - subfe $acc2,$t2,$acc2 - subfe $acc3,$t3,$acc3 - subfe $ap, $t2,$ap - - srdi $acc0,$acc0,1 - sldi $t0,$acc1,63 - srdi $acc1,$acc1,1 - sldi $t1,$acc2,63 - srdi $acc2,$acc2,1 - sldi $t2,$acc3,63 - srdi $acc3,$acc3,1 - sldi $t3,$ap,63 - or $acc0,$acc0,$t0 - or $acc1,$acc1,$t1 - or $acc2,$acc2,$t2 - or $acc3,$acc3,$t3 - - std $acc0,0($rp) - std $acc1,8($rp) - std $acc2,16($rp) - std $acc3,24($rp) - - blr - .long 0 - .byte 0,12,0x14,0,0,0,1,0 - .long 0 -.size __ecp_nistz256_div_by_2,.-__ecp_nistz256_div_by_2 -___ -######################################################################## -# following subroutines are "literal" implementation of those found in -# ecp_nistz256.c -# -######################################################################## -# void ecp_nistz256_point_double(P256_POINT *out,const P256_POINT *inp); -# -if (1) { -my $FRAME=64+32*4+12*8; -my ($S,$M,$Zsqr,$tmp0)=map(64+32*$_,(0..3)); -# above map() describes stack layout with 4 temporary -# 256-bit vectors on top. -my ($rp_real,$ap_real) = map("r$_",(20,21)); - -$code.=<<___; -.globl ecp_nistz256_point_double -.align 5 -ecp_nistz256_point_double: - stdu $sp,-$FRAME($sp) - mflr r0 - std r20,$FRAME-8*12($sp) - std r21,$FRAME-8*11($sp) - std r22,$FRAME-8*10($sp) - std r23,$FRAME-8*9($sp) - std r24,$FRAME-8*8($sp) - std r25,$FRAME-8*7($sp) - std r26,$FRAME-8*6($sp) - std r27,$FRAME-8*5($sp) - std r28,$FRAME-8*4($sp) - std r29,$FRAME-8*3($sp) - std r30,$FRAME-8*2($sp) - std r31,$FRAME-8*1($sp) - - li $poly1,-1 - srdi $poly1,$poly1,32 # 0x00000000ffffffff - li $poly3,1 - orc $poly3,$poly3,$poly1 # 0xffffffff00000001 -.Ldouble_shortcut: - ld $acc0,32($ap) - ld $acc1,40($ap) - ld $acc2,48($ap) - ld $acc3,56($ap) - mr $t0,$acc0 - mr $t1,$acc1 - mr $t2,$acc2 - mr $t3,$acc3 - ld $a0,64($ap) # forward load for p256_sqr_mont - ld $a1,72($ap) - ld $a2,80($ap) - ld $a3,88($ap) - mr $rp_real,$rp - mr $ap_real,$ap - addi $rp,$sp,$S - bl __ecp_nistz256_add # p256_mul_by_2(S, in_y); - - addi $rp,$sp,$Zsqr - bl __ecp_nistz256_sqr_mont # p256_sqr_mont(Zsqr, in_z); - - ld $t0,0($ap_real) - ld $t1,8($ap_real) - ld $t2,16($ap_real) - ld $t3,24($ap_real) - mr $a0,$acc0 # put Zsqr aside for p256_sub - mr $a1,$acc1 - mr $a2,$acc2 - mr $a3,$acc3 - addi $rp,$sp,$M - bl __ecp_nistz256_add # p256_add(M, Zsqr, in_x); - - addi $bp,$ap_real,0 - mr $acc0,$a0 # restore Zsqr - mr $acc1,$a1 - mr $acc2,$a2 - mr $acc3,$a3 - ld $a0,$S+0($sp) # forward load for p256_sqr_mont - ld $a1,$S+8($sp) - ld $a2,$S+16($sp) - ld $a3,$S+24($sp) - addi $rp,$sp,$Zsqr - bl __ecp_nistz256_sub_morf # p256_sub(Zsqr, in_x, Zsqr); - - addi $rp,$sp,$S - bl __ecp_nistz256_sqr_mont # p256_sqr_mont(S, S); - - ld $bi,32($ap_real) - ld $a0,64($ap_real) - ld $a1,72($ap_real) - ld $a2,80($ap_real) - ld $a3,88($ap_real) - addi $bp,$ap_real,32 - addi $rp,$sp,$tmp0 - bl __ecp_nistz256_mul_mont # p256_mul_mont(tmp0, in_z, in_y); - - mr $t0,$acc0 - mr $t1,$acc1 - mr $t2,$acc2 - mr $t3,$acc3 - ld $a0,$S+0($sp) # forward load for p256_sqr_mont - ld $a1,$S+8($sp) - ld $a2,$S+16($sp) - ld $a3,$S+24($sp) - addi $rp,$rp_real,64 - bl __ecp_nistz256_add # p256_mul_by_2(res_z, tmp0); - - addi $rp,$sp,$tmp0 - bl __ecp_nistz256_sqr_mont # p256_sqr_mont(tmp0, S); - - ld $bi,$Zsqr($sp) # forward load for p256_mul_mont - ld $a0,$M+0($sp) - ld $a1,$M+8($sp) - ld $a2,$M+16($sp) - ld $a3,$M+24($sp) - addi $rp,$rp_real,32 - bl __ecp_nistz256_div_by_2 # p256_div_by_2(res_y, tmp0); - - addi $bp,$sp,$Zsqr - addi $rp,$sp,$M - bl __ecp_nistz256_mul_mont # p256_mul_mont(M, M, Zsqr); - - mr $t0,$acc0 # duplicate M - mr $t1,$acc1 - mr $t2,$acc2 - mr $t3,$acc3 - mr $a0,$acc0 # put M aside - mr $a1,$acc1 - mr $a2,$acc2 - mr $a3,$acc3 - addi $rp,$sp,$M - bl __ecp_nistz256_add - mr $t0,$a0 # restore M - mr $t1,$a1 - mr $t2,$a2 - mr $t3,$a3 - ld $bi,0($ap_real) # forward load for p256_mul_mont - ld $a0,$S+0($sp) - ld $a1,$S+8($sp) - ld $a2,$S+16($sp) - ld $a3,$S+24($sp) - bl __ecp_nistz256_add # p256_mul_by_3(M, M); - - addi $bp,$ap_real,0 - addi $rp,$sp,$S - bl __ecp_nistz256_mul_mont # p256_mul_mont(S, S, in_x); - - mr $t0,$acc0 - mr $t1,$acc1 - mr $t2,$acc2 - mr $t3,$acc3 - ld $a0,$M+0($sp) # forward load for p256_sqr_mont - ld $a1,$M+8($sp) - ld $a2,$M+16($sp) - ld $a3,$M+24($sp) - addi $rp,$sp,$tmp0 - bl __ecp_nistz256_add # p256_mul_by_2(tmp0, S); - - addi $rp,$rp_real,0 - bl __ecp_nistz256_sqr_mont # p256_sqr_mont(res_x, M); - - addi $bp,$sp,$tmp0 - bl __ecp_nistz256_sub_from # p256_sub(res_x, res_x, tmp0); - - addi $bp,$sp,$S - addi $rp,$sp,$S - bl __ecp_nistz256_sub_morf # p256_sub(S, S, res_x); - - ld $bi,$M($sp) - mr $a0,$acc0 # copy S - mr $a1,$acc1 - mr $a2,$acc2 - mr $a3,$acc3 - addi $bp,$sp,$M - bl __ecp_nistz256_mul_mont # p256_mul_mont(S, S, M); - - addi $bp,$rp_real,32 - addi $rp,$rp_real,32 - bl __ecp_nistz256_sub_from # p256_sub(res_y, S, res_y); - - mtlr r0 - ld r20,$FRAME-8*12($sp) - ld r21,$FRAME-8*11($sp) - ld r22,$FRAME-8*10($sp) - ld r23,$FRAME-8*9($sp) - ld r24,$FRAME-8*8($sp) - ld r25,$FRAME-8*7($sp) - ld r26,$FRAME-8*6($sp) - ld r27,$FRAME-8*5($sp) - ld r28,$FRAME-8*4($sp) - ld r29,$FRAME-8*3($sp) - ld r30,$FRAME-8*2($sp) - ld r31,$FRAME-8*1($sp) - addi $sp,$sp,$FRAME - blr - .long 0 - .byte 0,12,4,0,0x80,12,2,0 - .long 0 -.size ecp_nistz256_point_double,.-ecp_nistz256_point_double -___ -} - -######################################################################## -# void ecp_nistz256_point_add(P256_POINT *out,const P256_POINT *in1, -# const P256_POINT *in2); -if (1) { -my $FRAME = 64 + 32*12 + 16*8; -my ($res_x,$res_y,$res_z, - $H,$Hsqr,$R,$Rsqr,$Hcub, - $U1,$U2,$S1,$S2)=map(64+32*$_,(0..11)); -my ($Z1sqr, $Z2sqr) = ($Hsqr, $Rsqr); -# above map() describes stack layout with 12 temporary -# 256-bit vectors on top. -my ($rp_real,$ap_real,$bp_real,$in1infty,$in2infty,$temp)=map("r$_",(16..21)); - -$code.=<<___; -.globl ecp_nistz256_point_add -.align 5 -ecp_nistz256_point_add: - stdu $sp,-$FRAME($sp) - mflr r0 - std r16,$FRAME-8*16($sp) - std r17,$FRAME-8*15($sp) - std r18,$FRAME-8*14($sp) - std r19,$FRAME-8*13($sp) - std r20,$FRAME-8*12($sp) - std r21,$FRAME-8*11($sp) - std r22,$FRAME-8*10($sp) - std r23,$FRAME-8*9($sp) - std r24,$FRAME-8*8($sp) - std r25,$FRAME-8*7($sp) - std r26,$FRAME-8*6($sp) - std r27,$FRAME-8*5($sp) - std r28,$FRAME-8*4($sp) - std r29,$FRAME-8*3($sp) - std r30,$FRAME-8*2($sp) - std r31,$FRAME-8*1($sp) - - li $poly1,-1 - srdi $poly1,$poly1,32 # 0x00000000ffffffff - li $poly3,1 - orc $poly3,$poly3,$poly1 # 0xffffffff00000001 - - ld $a0,64($bp) # in2_z - ld $a1,72($bp) - ld $a2,80($bp) - ld $a3,88($bp) - mr $rp_real,$rp - mr $ap_real,$ap - mr $bp_real,$bp - or $t0,$a0,$a1 - or $t2,$a2,$a3 - or $in2infty,$t0,$t2 - neg $t0,$in2infty - or $in2infty,$in2infty,$t0 - sradi $in2infty,$in2infty,63 # !in2infty - addi $rp,$sp,$Z2sqr - bl __ecp_nistz256_sqr_mont # p256_sqr_mont(Z2sqr, in2_z); - - ld $a0,64($ap_real) # in1_z - ld $a1,72($ap_real) - ld $a2,80($ap_real) - ld $a3,88($ap_real) - or $t0,$a0,$a1 - or $t2,$a2,$a3 - or $in1infty,$t0,$t2 - neg $t0,$in1infty - or $in1infty,$in1infty,$t0 - sradi $in1infty,$in1infty,63 # !in1infty - addi $rp,$sp,$Z1sqr - bl __ecp_nistz256_sqr_mont # p256_sqr_mont(Z1sqr, in1_z); - - ld $bi,64($bp_real) - ld $a0,$Z2sqr+0($sp) - ld $a1,$Z2sqr+8($sp) - ld $a2,$Z2sqr+16($sp) - ld $a3,$Z2sqr+24($sp) - addi $bp,$bp_real,64 - addi $rp,$sp,$S1 - bl __ecp_nistz256_mul_mont # p256_mul_mont(S1, Z2sqr, in2_z); - - ld $bi,64($ap_real) - ld $a0,$Z1sqr+0($sp) - ld $a1,$Z1sqr+8($sp) - ld $a2,$Z1sqr+16($sp) - ld $a3,$Z1sqr+24($sp) - addi $bp,$ap_real,64 - addi $rp,$sp,$S2 - bl __ecp_nistz256_mul_mont # p256_mul_mont(S2, Z1sqr, in1_z); - - ld $bi,32($ap_real) - ld $a0,$S1+0($sp) - ld $a1,$S1+8($sp) - ld $a2,$S1+16($sp) - ld $a3,$S1+24($sp) - addi $bp,$ap_real,32 - addi $rp,$sp,$S1 - bl __ecp_nistz256_mul_mont # p256_mul_mont(S1, S1, in1_y); - - ld $bi,32($bp_real) - ld $a0,$S2+0($sp) - ld $a1,$S2+8($sp) - ld $a2,$S2+16($sp) - ld $a3,$S2+24($sp) - addi $bp,$bp_real,32 - addi $rp,$sp,$S2 - bl __ecp_nistz256_mul_mont # p256_mul_mont(S2, S2, in2_y); - - addi $bp,$sp,$S1 - ld $bi,$Z2sqr($sp) # forward load for p256_mul_mont - ld $a0,0($ap_real) - ld $a1,8($ap_real) - ld $a2,16($ap_real) - ld $a3,24($ap_real) - addi $rp,$sp,$R - bl __ecp_nistz256_sub_from # p256_sub(R, S2, S1); - - or $acc0,$acc0,$acc1 # see if result is zero - or $acc2,$acc2,$acc3 - or $temp,$acc0,$acc2 - - addi $bp,$sp,$Z2sqr - addi $rp,$sp,$U1 - bl __ecp_nistz256_mul_mont # p256_mul_mont(U1, in1_x, Z2sqr); - - ld $bi,$Z1sqr($sp) - ld $a0,0($bp_real) - ld $a1,8($bp_real) - ld $a2,16($bp_real) - ld $a3,24($bp_real) - addi $bp,$sp,$Z1sqr - addi $rp,$sp,$U2 - bl __ecp_nistz256_mul_mont # p256_mul_mont(U2, in2_x, Z1sqr); - - addi $bp,$sp,$U1 - ld $a0,$R+0($sp) # forward load for p256_sqr_mont - ld $a1,$R+8($sp) - ld $a2,$R+16($sp) - ld $a3,$R+24($sp) - addi $rp,$sp,$H - bl __ecp_nistz256_sub_from # p256_sub(H, U2, U1); - - or $acc0,$acc0,$acc1 # see if result is zero - or $acc2,$acc2,$acc3 - or. $acc0,$acc0,$acc2 - bne .Ladd_proceed # is_equal(U1,U2)? - - and. $t0,$in1infty,$in2infty - beq .Ladd_proceed # (in1infty || in2infty)? - - cmpldi $temp,0 - beq .Ladd_double # is_equal(S1,S2)? - - xor $a0,$a0,$a0 - std $a0,0($rp_real) - std $a0,8($rp_real) - std $a0,16($rp_real) - std $a0,24($rp_real) - std $a0,32($rp_real) - std $a0,40($rp_real) - std $a0,48($rp_real) - std $a0,56($rp_real) - std $a0,64($rp_real) - std $a0,72($rp_real) - std $a0,80($rp_real) - std $a0,88($rp_real) - b .Ladd_done - -.align 4 -.Ladd_double: - ld $bp,0($sp) # back-link - mr $ap,$ap_real - mr $rp,$rp_real - ld r16,$FRAME-8*16($sp) - ld r17,$FRAME-8*15($sp) - ld r18,$FRAME-8*14($sp) - ld r19,$FRAME-8*13($sp) - stdu $bp,$FRAME-288($sp) # difference in stack frame sizes - b .Ldouble_shortcut - -.align 4 -.Ladd_proceed: - addi $rp,$sp,$Rsqr - bl __ecp_nistz256_sqr_mont # p256_sqr_mont(Rsqr, R); - - ld $bi,64($ap_real) - ld $a0,$H+0($sp) - ld $a1,$H+8($sp) - ld $a2,$H+16($sp) - ld $a3,$H+24($sp) - addi $bp,$ap_real,64 - addi $rp,$sp,$res_z - bl __ecp_nistz256_mul_mont # p256_mul_mont(res_z, H, in1_z); - - ld $a0,$H+0($sp) - ld $a1,$H+8($sp) - ld $a2,$H+16($sp) - ld $a3,$H+24($sp) - addi $rp,$sp,$Hsqr - bl __ecp_nistz256_sqr_mont # p256_sqr_mont(Hsqr, H); - - ld $bi,64($bp_real) - ld $a0,$res_z+0($sp) - ld $a1,$res_z+8($sp) - ld $a2,$res_z+16($sp) - ld $a3,$res_z+24($sp) - addi $bp,$bp_real,64 - addi $rp,$sp,$res_z - bl __ecp_nistz256_mul_mont # p256_mul_mont(res_z, res_z, in2_z); - - ld $bi,$H($sp) - ld $a0,$Hsqr+0($sp) - ld $a1,$Hsqr+8($sp) - ld $a2,$Hsqr+16($sp) - ld $a3,$Hsqr+24($sp) - addi $bp,$sp,$H - addi $rp,$sp,$Hcub - bl __ecp_nistz256_mul_mont # p256_mul_mont(Hcub, Hsqr, H); - - ld $bi,$Hsqr($sp) - ld $a0,$U1+0($sp) - ld $a1,$U1+8($sp) - ld $a2,$U1+16($sp) - ld $a3,$U1+24($sp) - addi $bp,$sp,$Hsqr - addi $rp,$sp,$U2 - bl __ecp_nistz256_mul_mont # p256_mul_mont(U2, U1, Hsqr); - - mr $t0,$acc0 - mr $t1,$acc1 - mr $t2,$acc2 - mr $t3,$acc3 - addi $rp,$sp,$Hsqr - bl __ecp_nistz256_add # p256_mul_by_2(Hsqr, U2); - - addi $bp,$sp,$Rsqr - addi $rp,$sp,$res_x - bl __ecp_nistz256_sub_morf # p256_sub(res_x, Rsqr, Hsqr); - - addi $bp,$sp,$Hcub - bl __ecp_nistz256_sub_from # p256_sub(res_x, res_x, Hcub); - - addi $bp,$sp,$U2 - ld $bi,$Hcub($sp) # forward load for p256_mul_mont - ld $a0,$S1+0($sp) - ld $a1,$S1+8($sp) - ld $a2,$S1+16($sp) - ld $a3,$S1+24($sp) - addi $rp,$sp,$res_y - bl __ecp_nistz256_sub_morf # p256_sub(res_y, U2, res_x); - - addi $bp,$sp,$Hcub - addi $rp,$sp,$S2 - bl __ecp_nistz256_mul_mont # p256_mul_mont(S2, S1, Hcub); - - ld $bi,$R($sp) - ld $a0,$res_y+0($sp) - ld $a1,$res_y+8($sp) - ld $a2,$res_y+16($sp) - ld $a3,$res_y+24($sp) - addi $bp,$sp,$R - addi $rp,$sp,$res_y - bl __ecp_nistz256_mul_mont # p256_mul_mont(res_y, res_y, R); - - addi $bp,$sp,$S2 - bl __ecp_nistz256_sub_from # p256_sub(res_y, res_y, S2); - - ld $t0,0($bp_real) # in2 - ld $t1,8($bp_real) - ld $t2,16($bp_real) - ld $t3,24($bp_real) - ld $a0,$res_x+0($sp) # res - ld $a1,$res_x+8($sp) - ld $a2,$res_x+16($sp) - ld $a3,$res_x+24($sp) -___ -for($i=0;$i<64;$i+=32) { # conditional moves -$code.=<<___; - ld $acc0,$i+0($ap_real) # in1 - ld $acc1,$i+8($ap_real) - ld $acc2,$i+16($ap_real) - ld $acc3,$i+24($ap_real) - andc $t0,$t0,$in1infty - andc $t1,$t1,$in1infty - andc $t2,$t2,$in1infty - andc $t3,$t3,$in1infty - and $a0,$a0,$in1infty - and $a1,$a1,$in1infty - and $a2,$a2,$in1infty - and $a3,$a3,$in1infty - or $t0,$t0,$a0 - or $t1,$t1,$a1 - or $t2,$t2,$a2 - or $t3,$t3,$a3 - andc $acc0,$acc0,$in2infty - andc $acc1,$acc1,$in2infty - andc $acc2,$acc2,$in2infty - andc $acc3,$acc3,$in2infty - and $t0,$t0,$in2infty - and $t1,$t1,$in2infty - and $t2,$t2,$in2infty - and $t3,$t3,$in2infty - or $acc0,$acc0,$t0 - or $acc1,$acc1,$t1 - or $acc2,$acc2,$t2 - or $acc3,$acc3,$t3 - - ld $t0,$i+32($bp_real) # in2 - ld $t1,$i+40($bp_real) - ld $t2,$i+48($bp_real) - ld $t3,$i+56($bp_real) - ld $a0,$res_x+$i+32($sp) - ld $a1,$res_x+$i+40($sp) - ld $a2,$res_x+$i+48($sp) - ld $a3,$res_x+$i+56($sp) - std $acc0,$i+0($rp_real) - std $acc1,$i+8($rp_real) - std $acc2,$i+16($rp_real) - std $acc3,$i+24($rp_real) -___ -} -$code.=<<___; - ld $acc0,$i+0($ap_real) # in1 - ld $acc1,$i+8($ap_real) - ld $acc2,$i+16($ap_real) - ld $acc3,$i+24($ap_real) - andc $t0,$t0,$in1infty - andc $t1,$t1,$in1infty - andc $t2,$t2,$in1infty - andc $t3,$t3,$in1infty - and $a0,$a0,$in1infty - and $a1,$a1,$in1infty - and $a2,$a2,$in1infty - and $a3,$a3,$in1infty - or $t0,$t0,$a0 - or $t1,$t1,$a1 - or $t2,$t2,$a2 - or $t3,$t3,$a3 - andc $acc0,$acc0,$in2infty - andc $acc1,$acc1,$in2infty - andc $acc2,$acc2,$in2infty - andc $acc3,$acc3,$in2infty - and $t0,$t0,$in2infty - and $t1,$t1,$in2infty - and $t2,$t2,$in2infty - and $t3,$t3,$in2infty - or $acc0,$acc0,$t0 - or $acc1,$acc1,$t1 - or $acc2,$acc2,$t2 - or $acc3,$acc3,$t3 - std $acc0,$i+0($rp_real) - std $acc1,$i+8($rp_real) - std $acc2,$i+16($rp_real) - std $acc3,$i+24($rp_real) - -.Ladd_done: - mtlr r0 - ld r16,$FRAME-8*16($sp) - ld r17,$FRAME-8*15($sp) - ld r18,$FRAME-8*14($sp) - ld r19,$FRAME-8*13($sp) - ld r20,$FRAME-8*12($sp) - ld r21,$FRAME-8*11($sp) - ld r22,$FRAME-8*10($sp) - ld r23,$FRAME-8*9($sp) - ld r24,$FRAME-8*8($sp) - ld r25,$FRAME-8*7($sp) - ld r26,$FRAME-8*6($sp) - ld r27,$FRAME-8*5($sp) - ld r28,$FRAME-8*4($sp) - ld r29,$FRAME-8*3($sp) - ld r30,$FRAME-8*2($sp) - ld r31,$FRAME-8*1($sp) - addi $sp,$sp,$FRAME - blr - .long 0 - .byte 0,12,4,0,0x80,16,3,0 - .long 0 -.size ecp_nistz256_point_add,.-ecp_nistz256_point_add -___ -} - -######################################################################## -# void ecp_nistz256_point_add_affine(P256_POINT *out,const P256_POINT *in1, -# const P256_POINT_AFFINE *in2); -if (1) { -my $FRAME = 64 + 32*10 + 16*8; -my ($res_x,$res_y,$res_z, - $U2,$S2,$H,$R,$Hsqr,$Hcub,$Rsqr)=map(64+32*$_,(0..9)); -my $Z1sqr = $S2; -# above map() describes stack layout with 10 temporary -# 256-bit vectors on top. -my ($rp_real,$ap_real,$bp_real,$in1infty,$in2infty,$temp)=map("r$_",(16..21)); - -$code.=<<___; -.globl ecp_nistz256_point_add_affine -.align 5 -ecp_nistz256_point_add_affine: - stdu $sp,-$FRAME($sp) - mflr r0 - std r16,$FRAME-8*16($sp) - std r17,$FRAME-8*15($sp) - std r18,$FRAME-8*14($sp) - std r19,$FRAME-8*13($sp) - std r20,$FRAME-8*12($sp) - std r21,$FRAME-8*11($sp) - std r22,$FRAME-8*10($sp) - std r23,$FRAME-8*9($sp) - std r24,$FRAME-8*8($sp) - std r25,$FRAME-8*7($sp) - std r26,$FRAME-8*6($sp) - std r27,$FRAME-8*5($sp) - std r28,$FRAME-8*4($sp) - std r29,$FRAME-8*3($sp) - std r30,$FRAME-8*2($sp) - std r31,$FRAME-8*1($sp) - - li $poly1,-1 - srdi $poly1,$poly1,32 # 0x00000000ffffffff - li $poly3,1 - orc $poly3,$poly3,$poly1 # 0xffffffff00000001 - - mr $rp_real,$rp - mr $ap_real,$ap - mr $bp_real,$bp - - ld $a0,64($ap) # in1_z - ld $a1,72($ap) - ld $a2,80($ap) - ld $a3,88($ap) - or $t0,$a0,$a1 - or $t2,$a2,$a3 - or $in1infty,$t0,$t2 - neg $t0,$in1infty - or $in1infty,$in1infty,$t0 - sradi $in1infty,$in1infty,63 # !in1infty - - ld $acc0,0($bp) # in2_x - ld $acc1,8($bp) - ld $acc2,16($bp) - ld $acc3,24($bp) - ld $t0,32($bp) # in2_y - ld $t1,40($bp) - ld $t2,48($bp) - ld $t3,56($bp) - or $acc0,$acc0,$acc1 - or $acc2,$acc2,$acc3 - or $acc0,$acc0,$acc2 - or $t0,$t0,$t1 - or $t2,$t2,$t3 - or $t0,$t0,$t2 - or $in2infty,$acc0,$t0 - neg $t0,$in2infty - or $in2infty,$in2infty,$t0 - sradi $in2infty,$in2infty,63 # !in2infty - - addi $rp,$sp,$Z1sqr - bl __ecp_nistz256_sqr_mont # p256_sqr_mont(Z1sqr, in1_z); - - mr $a0,$acc0 - mr $a1,$acc1 - mr $a2,$acc2 - mr $a3,$acc3 - ld $bi,0($bp_real) - addi $bp,$bp_real,0 - addi $rp,$sp,$U2 - bl __ecp_nistz256_mul_mont # p256_mul_mont(U2, Z1sqr, in2_x); - - addi $bp,$ap_real,0 - ld $bi,64($ap_real) # forward load for p256_mul_mont - ld $a0,$Z1sqr+0($sp) - ld $a1,$Z1sqr+8($sp) - ld $a2,$Z1sqr+16($sp) - ld $a3,$Z1sqr+24($sp) - addi $rp,$sp,$H - bl __ecp_nistz256_sub_from # p256_sub(H, U2, in1_x); - - addi $bp,$ap_real,64 - addi $rp,$sp,$S2 - bl __ecp_nistz256_mul_mont # p256_mul_mont(S2, Z1sqr, in1_z); - - ld $bi,64($ap_real) - ld $a0,$H+0($sp) - ld $a1,$H+8($sp) - ld $a2,$H+16($sp) - ld $a3,$H+24($sp) - addi $bp,$ap_real,64 - addi $rp,$sp,$res_z - bl __ecp_nistz256_mul_mont # p256_mul_mont(res_z, H, in1_z); - - ld $bi,32($bp_real) - ld $a0,$S2+0($sp) - ld $a1,$S2+8($sp) - ld $a2,$S2+16($sp) - ld $a3,$S2+24($sp) - addi $bp,$bp_real,32 - addi $rp,$sp,$S2 - bl __ecp_nistz256_mul_mont # p256_mul_mont(S2, S2, in2_y); - - addi $bp,$ap_real,32 - ld $a0,$H+0($sp) # forward load for p256_sqr_mont - ld $a1,$H+8($sp) - ld $a2,$H+16($sp) - ld $a3,$H+24($sp) - addi $rp,$sp,$R - bl __ecp_nistz256_sub_from # p256_sub(R, S2, in1_y); - - addi $rp,$sp,$Hsqr - bl __ecp_nistz256_sqr_mont # p256_sqr_mont(Hsqr, H); - - ld $a0,$R+0($sp) - ld $a1,$R+8($sp) - ld $a2,$R+16($sp) - ld $a3,$R+24($sp) - addi $rp,$sp,$Rsqr - bl __ecp_nistz256_sqr_mont # p256_sqr_mont(Rsqr, R); - - ld $bi,$H($sp) - ld $a0,$Hsqr+0($sp) - ld $a1,$Hsqr+8($sp) - ld $a2,$Hsqr+16($sp) - ld $a3,$Hsqr+24($sp) - addi $bp,$sp,$H - addi $rp,$sp,$Hcub - bl __ecp_nistz256_mul_mont # p256_mul_mont(Hcub, Hsqr, H); - - ld $bi,0($ap_real) - ld $a0,$Hsqr+0($sp) - ld $a1,$Hsqr+8($sp) - ld $a2,$Hsqr+16($sp) - ld $a3,$Hsqr+24($sp) - addi $bp,$ap_real,0 - addi $rp,$sp,$U2 - bl __ecp_nistz256_mul_mont # p256_mul_mont(U2, in1_x, Hsqr); - - mr $t0,$acc0 - mr $t1,$acc1 - mr $t2,$acc2 - mr $t3,$acc3 - addi $rp,$sp,$Hsqr - bl __ecp_nistz256_add # p256_mul_by_2(Hsqr, U2); - - addi $bp,$sp,$Rsqr - addi $rp,$sp,$res_x - bl __ecp_nistz256_sub_morf # p256_sub(res_x, Rsqr, Hsqr); - - addi $bp,$sp,$Hcub - bl __ecp_nistz256_sub_from # p256_sub(res_x, res_x, Hcub); - - addi $bp,$sp,$U2 - ld $bi,32($ap_real) # forward load for p256_mul_mont - ld $a0,$Hcub+0($sp) - ld $a1,$Hcub+8($sp) - ld $a2,$Hcub+16($sp) - ld $a3,$Hcub+24($sp) - addi $rp,$sp,$res_y - bl __ecp_nistz256_sub_morf # p256_sub(res_y, U2, res_x); - - addi $bp,$ap_real,32 - addi $rp,$sp,$S2 - bl __ecp_nistz256_mul_mont # p256_mul_mont(S2, in1_y, Hcub); - - ld $bi,$R($sp) - ld $a0,$res_y+0($sp) - ld $a1,$res_y+8($sp) - ld $a2,$res_y+16($sp) - ld $a3,$res_y+24($sp) - addi $bp,$sp,$R - addi $rp,$sp,$res_y - bl __ecp_nistz256_mul_mont # p256_mul_mont(res_y, res_y, R); - - addi $bp,$sp,$S2 - bl __ecp_nistz256_sub_from # p256_sub(res_y, res_y, S2); - - ld $t0,0($bp_real) # in2 - ld $t1,8($bp_real) - ld $t2,16($bp_real) - ld $t3,24($bp_real) - ld $a0,$res_x+0($sp) # res - ld $a1,$res_x+8($sp) - ld $a2,$res_x+16($sp) - ld $a3,$res_x+24($sp) -___ -for($i=0;$i<64;$i+=32) { # conditional moves -$code.=<<___; - ld $acc0,$i+0($ap_real) # in1 - ld $acc1,$i+8($ap_real) - ld $acc2,$i+16($ap_real) - ld $acc3,$i+24($ap_real) - andc $t0,$t0,$in1infty - andc $t1,$t1,$in1infty - andc $t2,$t2,$in1infty - andc $t3,$t3,$in1infty - and $a0,$a0,$in1infty - and $a1,$a1,$in1infty - and $a2,$a2,$in1infty - and $a3,$a3,$in1infty - or $t0,$t0,$a0 - or $t1,$t1,$a1 - or $t2,$t2,$a2 - or $t3,$t3,$a3 - andc $acc0,$acc0,$in2infty - andc $acc1,$acc1,$in2infty - andc $acc2,$acc2,$in2infty - andc $acc3,$acc3,$in2infty - and $t0,$t0,$in2infty - and $t1,$t1,$in2infty - and $t2,$t2,$in2infty - and $t3,$t3,$in2infty - or $acc0,$acc0,$t0 - or $acc1,$acc1,$t1 - or $acc2,$acc2,$t2 - or $acc3,$acc3,$t3 -___ -$code.=<<___ if ($i==0); - ld $t0,32($bp_real) # in2 - ld $t1,40($bp_real) - ld $t2,48($bp_real) - ld $t3,56($bp_real) -___ -$code.=<<___ if ($i==32); - li $t0,1 # Lone_mont - not $t1,$poly1 - li $t2,-1 - not $t3,$poly3 -___ -$code.=<<___; - ld $a0,$res_x+$i+32($sp) - ld $a1,$res_x+$i+40($sp) - ld $a2,$res_x+$i+48($sp) - ld $a3,$res_x+$i+56($sp) - std $acc0,$i+0($rp_real) - std $acc1,$i+8($rp_real) - std $acc2,$i+16($rp_real) - std $acc3,$i+24($rp_real) -___ -} -$code.=<<___; - ld $acc0,$i+0($ap_real) # in1 - ld $acc1,$i+8($ap_real) - ld $acc2,$i+16($ap_real) - ld $acc3,$i+24($ap_real) - andc $t0,$t0,$in1infty - andc $t1,$t1,$in1infty - andc $t2,$t2,$in1infty - andc $t3,$t3,$in1infty - and $a0,$a0,$in1infty - and $a1,$a1,$in1infty - and $a2,$a2,$in1infty - and $a3,$a3,$in1infty - or $t0,$t0,$a0 - or $t1,$t1,$a1 - or $t2,$t2,$a2 - or $t3,$t3,$a3 - andc $acc0,$acc0,$in2infty - andc $acc1,$acc1,$in2infty - andc $acc2,$acc2,$in2infty - andc $acc3,$acc3,$in2infty - and $t0,$t0,$in2infty - and $t1,$t1,$in2infty - and $t2,$t2,$in2infty - and $t3,$t3,$in2infty - or $acc0,$acc0,$t0 - or $acc1,$acc1,$t1 - or $acc2,$acc2,$t2 - or $acc3,$acc3,$t3 - std $acc0,$i+0($rp_real) - std $acc1,$i+8($rp_real) - std $acc2,$i+16($rp_real) - std $acc3,$i+24($rp_real) - - mtlr r0 - ld r16,$FRAME-8*16($sp) - ld r17,$FRAME-8*15($sp) - ld r18,$FRAME-8*14($sp) - ld r19,$FRAME-8*13($sp) - ld r20,$FRAME-8*12($sp) - ld r21,$FRAME-8*11($sp) - ld r22,$FRAME-8*10($sp) - ld r23,$FRAME-8*9($sp) - ld r24,$FRAME-8*8($sp) - ld r25,$FRAME-8*7($sp) - ld r26,$FRAME-8*6($sp) - ld r27,$FRAME-8*5($sp) - ld r28,$FRAME-8*4($sp) - ld r29,$FRAME-8*3($sp) - ld r30,$FRAME-8*2($sp) - ld r31,$FRAME-8*1($sp) - addi $sp,$sp,$FRAME - blr - .long 0 - .byte 0,12,4,0,0x80,16,3,0 - .long 0 -.size ecp_nistz256_point_add_affine,.-ecp_nistz256_point_add_affine -___ -} -if (1) { -my ($ordk,$ord0,$ord1,$t4) = map("r$_",(18..21)); -my ($ord2,$ord3,$zr) = ($poly1,$poly3,"r0"); - -$code.=<<___; -######################################################################## -# void ecp_nistz256_ord_mul_mont(uint64_t res[4], uint64_t a[4], -# uint64_t b[4]); -.globl ecp_nistz256_ord_mul_mont -.align 5 -ecp_nistz256_ord_mul_mont: - stdu $sp,-160($sp) - std r18,48($sp) - std r19,56($sp) - std r20,64($sp) - std r21,72($sp) - std r22,80($sp) - std r23,88($sp) - std r24,96($sp) - std r25,104($sp) - std r26,112($sp) - std r27,120($sp) - std r28,128($sp) - std r29,136($sp) - std r30,144($sp) - std r31,152($sp) - - ld $a0,0($ap) - ld $bi,0($bp) - ld $a1,8($ap) - ld $a2,16($ap) - ld $a3,24($ap) - - lis $ordk,0xccd1 - lis $ord0,0xf3b9 - lis $ord1,0xbce6 - ori $ordk,$ordk,0xc8aa - ori $ord0,$ord0,0xcac2 - ori $ord1,$ord1,0xfaad - sldi $ordk,$ordk,32 - sldi $ord0,$ord0,32 - sldi $ord1,$ord1,32 - oris $ordk,$ordk,0xee00 - oris $ord0,$ord0,0xfc63 - oris $ord1,$ord1,0xa717 - ori $ordk,$ordk,0xbc4f # 0xccd1c8aaee00bc4f - ori $ord0,$ord0,0x2551 # 0xf3b9cac2fc632551 - ori $ord1,$ord1,0x9e84 # 0xbce6faada7179e84 - li $ord2,-1 # 0xffffffffffffffff - sldi $ord3,$ord2,32 # 0xffffffff00000000 - li $zr,0 - - mulld $acc0,$a0,$bi # a[0]*b[0] - mulhdu $t0,$a0,$bi - - mulld $acc1,$a1,$bi # a[1]*b[0] - mulhdu $t1,$a1,$bi - - mulld $acc2,$a2,$bi # a[2]*b[0] - mulhdu $t2,$a2,$bi - - mulld $acc3,$a3,$bi # a[3]*b[0] - mulhdu $acc4,$a3,$bi - - mulld $t4,$acc0,$ordk - - addc $acc1,$acc1,$t0 # accumulate high parts of multiplication - adde $acc2,$acc2,$t1 - adde $acc3,$acc3,$t2 - addze $acc4,$acc4 - li $acc5,0 -___ -for ($i=1;$i<4;$i++) { - ################################################################ - # ffff0000.ffffffff.yyyyyyyy.zzzzzzzz - # * abcdefgh - # + xxxxxxxx.xxxxxxxx.xxxxxxxx.xxxxxxxx.xxxxxxxx - # - # Now observing that ff..ff*x = (2^n-1)*x = 2^n*x-x, we - # rewrite above as: - # - # xxxxxxxx.xxxxxxxx.xxxxxxxx.xxxxxxxx.xxxxxxxx - # - 0000abcd.efgh0000.abcdefgh.00000000.00000000 - # + abcdefgh.abcdefgh.yzayzbyz.cyzdyzey.zfyzgyzh -$code.=<<___; - ld $bi,8*$i($bp) # b[i] - - sldi $t0,$t4,32 - subfc $acc2,$t4,$acc2 - srdi $t1,$t4,32 - subfe $acc3,$t0,$acc3 - subfe $acc4,$t1,$acc4 - subfe $acc5,$zr,$acc5 - - addic $t0,$acc0,-1 # discarded - mulhdu $t1,$ord0,$t4 - mulld $t2,$ord1,$t4 - mulhdu $t3,$ord1,$t4 - - adde $t2,$t2,$t1 - mulld $t0,$a0,$bi - addze $t3,$t3 - mulld $t1,$a1,$bi - - addc $acc0,$acc1,$t2 - mulld $t2,$a2,$bi - adde $acc1,$acc2,$t3 - mulld $t3,$a3,$bi - adde $acc2,$acc3,$t4 - adde $acc3,$acc4,$t4 - addze $acc4,$acc5 - - addc $acc0,$acc0,$t0 # accumulate low parts - mulhdu $t0,$a0,$bi - adde $acc1,$acc1,$t1 - mulhdu $t1,$a1,$bi - adde $acc2,$acc2,$t2 - mulhdu $t2,$a2,$bi - adde $acc3,$acc3,$t3 - mulhdu $t3,$a3,$bi - addze $acc4,$acc4 - mulld $t4,$acc0,$ordk - addc $acc1,$acc1,$t0 # accumulate high parts - adde $acc2,$acc2,$t1 - adde $acc3,$acc3,$t2 - adde $acc4,$acc4,$t3 - addze $acc5,$zr -___ -} -$code.=<<___; - sldi $t0,$t4,32 # last reduction - subfc $acc2,$t4,$acc2 - srdi $t1,$t4,32 - subfe $acc3,$t0,$acc3 - subfe $acc4,$t1,$acc4 - subfe $acc5,$zr,$acc5 - - addic $t0,$acc0,-1 # discarded - mulhdu $t1,$ord0,$t4 - mulld $t2,$ord1,$t4 - mulhdu $t3,$ord1,$t4 - - adde $t2,$t2,$t1 - addze $t3,$t3 - - addc $acc0,$acc1,$t2 - adde $acc1,$acc2,$t3 - adde $acc2,$acc3,$t4 - adde $acc3,$acc4,$t4 - addze $acc4,$acc5 - - subfc $acc0,$ord0,$acc0 # ret -= modulus - subfe $acc1,$ord1,$acc1 - subfe $acc2,$ord2,$acc2 - subfe $acc3,$ord3,$acc3 - subfe $acc4,$zr,$acc4 - - and $t0,$ord0,$acc4 - and $t1,$ord1,$acc4 - addc $acc0,$acc0,$t0 # ret += modulus if borrow - and $t3,$ord3,$acc4 - adde $acc1,$acc1,$t1 - adde $acc2,$acc2,$acc4 - adde $acc3,$acc3,$t3 - - std $acc0,0($rp) - std $acc1,8($rp) - std $acc2,16($rp) - std $acc3,24($rp) - - ld r18,48($sp) - ld r19,56($sp) - ld r20,64($sp) - ld r21,72($sp) - ld r22,80($sp) - ld r23,88($sp) - ld r24,96($sp) - ld r25,104($sp) - ld r26,112($sp) - ld r27,120($sp) - ld r28,128($sp) - ld r29,136($sp) - ld r30,144($sp) - ld r31,152($sp) - addi $sp,$sp,160 - blr - .long 0 - .byte 0,12,4,0,0x80,14,3,0 - .long 0 -.size ecp_nistz256_ord_mul_mont,.-ecp_nistz256_ord_mul_mont - -################################################################################ -# void ecp_nistz256_ord_sqr_mont(uint64_t res[4], uint64_t a[4], -# uint64_t rep); -.globl ecp_nistz256_ord_sqr_mont -.align 5 -ecp_nistz256_ord_sqr_mont: - stdu $sp,-160($sp) - std r18,48($sp) - std r19,56($sp) - std r20,64($sp) - std r21,72($sp) - std r22,80($sp) - std r23,88($sp) - std r24,96($sp) - std r25,104($sp) - std r26,112($sp) - std r27,120($sp) - std r28,128($sp) - std r29,136($sp) - std r30,144($sp) - std r31,152($sp) - - mtctr $bp - - ld $a0,0($ap) - ld $a1,8($ap) - ld $a2,16($ap) - ld $a3,24($ap) - - lis $ordk,0xccd1 - lis $ord0,0xf3b9 - lis $ord1,0xbce6 - ori $ordk,$ordk,0xc8aa - ori $ord0,$ord0,0xcac2 - ori $ord1,$ord1,0xfaad - sldi $ordk,$ordk,32 - sldi $ord0,$ord0,32 - sldi $ord1,$ord1,32 - oris $ordk,$ordk,0xee00 - oris $ord0,$ord0,0xfc63 - oris $ord1,$ord1,0xa717 - ori $ordk,$ordk,0xbc4f # 0xccd1c8aaee00bc4f - ori $ord0,$ord0,0x2551 # 0xf3b9cac2fc632551 - ori $ord1,$ord1,0x9e84 # 0xbce6faada7179e84 - li $ord2,-1 # 0xffffffffffffffff - sldi $ord3,$ord2,32 # 0xffffffff00000000 - li $zr,0 - b .Loop_ord_sqr - -.align 5 -.Loop_ord_sqr: - ################################################################ - # | | | | | |a1*a0| | - # | | | | |a2*a0| | | - # | |a3*a2|a3*a0| | | | - # | | | |a2*a1| | | | - # | | |a3*a1| | | | | - # *| | | | | | | | 2| - # +|a3*a3|a2*a2|a1*a1|a0*a0| - # |--+--+--+--+--+--+--+--| - # |A7|A6|A5|A4|A3|A2|A1|A0|, where Ax is $accx, i.e. follow $accx - # - # "can't overflow" below mark carrying into high part of - # multiplication result, which can't overflow, because it - # can never be all ones. - - mulld $acc1,$a1,$a0 # a[1]*a[0] - mulhdu $t1,$a1,$a0 - mulld $acc2,$a2,$a0 # a[2]*a[0] - mulhdu $t2,$a2,$a0 - mulld $acc3,$a3,$a0 # a[3]*a[0] - mulhdu $acc4,$a3,$a0 - - addc $acc2,$acc2,$t1 # accumulate high parts of multiplication - mulld $t0,$a2,$a1 # a[2]*a[1] - mulhdu $t1,$a2,$a1 - adde $acc3,$acc3,$t2 - mulld $t2,$a3,$a1 # a[3]*a[1] - mulhdu $t3,$a3,$a1 - addze $acc4,$acc4 # can't overflow - - mulld $acc5,$a3,$a2 # a[3]*a[2] - mulhdu $acc6,$a3,$a2 - - addc $t1,$t1,$t2 # accumulate high parts of multiplication - mulld $acc0,$a0,$a0 # a[0]*a[0] - addze $t2,$t3 # can't overflow - - addc $acc3,$acc3,$t0 # accumulate low parts of multiplication - mulhdu $a0,$a0,$a0 - adde $acc4,$acc4,$t1 - mulld $t1,$a1,$a1 # a[1]*a[1] - adde $acc5,$acc5,$t2 - mulhdu $a1,$a1,$a1 - addze $acc6,$acc6 # can't overflow - - addc $acc1,$acc1,$acc1 # acc[1-6]*=2 - mulld $t2,$a2,$a2 # a[2]*a[2] - adde $acc2,$acc2,$acc2 - mulhdu $a2,$a2,$a2 - adde $acc3,$acc3,$acc3 - mulld $t3,$a3,$a3 # a[3]*a[3] - adde $acc4,$acc4,$acc4 - mulhdu $a3,$a3,$a3 - adde $acc5,$acc5,$acc5 - adde $acc6,$acc6,$acc6 - addze $acc7,$zr - - addc $acc1,$acc1,$a0 # +a[i]*a[i] - mulld $t4,$acc0,$ordk - adde $acc2,$acc2,$t1 - adde $acc3,$acc3,$a1 - adde $acc4,$acc4,$t2 - adde $acc5,$acc5,$a2 - adde $acc6,$acc6,$t3 - adde $acc7,$acc7,$a3 -___ -for($i=0; $i<4; $i++) { # reductions -$code.=<<___; - addic $t0,$acc0,-1 # discarded - mulhdu $t1,$ord0,$t4 - mulld $t2,$ord1,$t4 - mulhdu $t3,$ord1,$t4 - - adde $t2,$t2,$t1 - addze $t3,$t3 - - addc $acc0,$acc1,$t2 - adde $acc1,$acc2,$t3 - adde $acc2,$acc3,$t4 - adde $acc3,$zr,$t4 # can't overflow -___ -$code.=<<___ if ($i<3); - mulld $t3,$acc0,$ordk -___ -$code.=<<___; - sldi $t0,$t4,32 - subfc $acc1,$t4,$acc1 - srdi $t1,$t4,32 - subfe $acc2,$t0,$acc2 - subfe $acc3,$t1,$acc3 # can't borrow -___ - ($t3,$t4) = ($t4,$t3); -} -$code.=<<___; - addc $acc0,$acc0,$acc4 # accumulate upper half - adde $acc1,$acc1,$acc5 - adde $acc2,$acc2,$acc6 - adde $acc3,$acc3,$acc7 - addze $acc4,$zr - - subfc $acc0,$ord0,$acc0 # ret -= modulus - subfe $acc1,$ord1,$acc1 - subfe $acc2,$ord2,$acc2 - subfe $acc3,$ord3,$acc3 - subfe $acc4,$zr,$acc4 - - and $t0,$ord0,$acc4 - and $t1,$ord1,$acc4 - addc $a0,$acc0,$t0 # ret += modulus if borrow - and $t3,$ord3,$acc4 - adde $a1,$acc1,$t1 - adde $a2,$acc2,$acc4 - adde $a3,$acc3,$t3 - - bdnz .Loop_ord_sqr - - std $a0,0($rp) - std $a1,8($rp) - std $a2,16($rp) - std $a3,24($rp) - - ld r18,48($sp) - ld r19,56($sp) - ld r20,64($sp) - ld r21,72($sp) - ld r22,80($sp) - ld r23,88($sp) - ld r24,96($sp) - ld r25,104($sp) - ld r26,112($sp) - ld r27,120($sp) - ld r28,128($sp) - ld r29,136($sp) - ld r30,144($sp) - ld r31,152($sp) - addi $sp,$sp,160 - blr - .long 0 - .byte 0,12,4,0,0x80,14,3,0 - .long 0 -.size ecp_nistz256_ord_sqr_mont,.-ecp_nistz256_ord_sqr_mont -___ -} } - -######################################################################## -# scatter-gather subroutines -{ -my ($out,$inp,$index,$mask)=map("r$_",(3..7)); -$code.=<<___; -######################################################################## -# void ecp_nistz256_scatter_w5(void *out, const P256_POINT *inp, -# int index); -.globl ecp_nistz256_scatter_w5 -.align 4 -ecp_nistz256_scatter_w5: - slwi $index,$index,2 - add $out,$out,$index - - ld r8, 0($inp) # X - ld r9, 8($inp) - ld r10,16($inp) - ld r11,24($inp) - - stw r8, 64*0-4($out) - srdi r8, r8, 32 - stw r9, 64*1-4($out) - srdi r9, r9, 32 - stw r10,64*2-4($out) - srdi r10,r10,32 - stw r11,64*3-4($out) - srdi r11,r11,32 - stw r8, 64*4-4($out) - stw r9, 64*5-4($out) - stw r10,64*6-4($out) - stw r11,64*7-4($out) - addi $out,$out,64*8 - - ld r8, 32($inp) # Y - ld r9, 40($inp) - ld r10,48($inp) - ld r11,56($inp) - - stw r8, 64*0-4($out) - srdi r8, r8, 32 - stw r9, 64*1-4($out) - srdi r9, r9, 32 - stw r10,64*2-4($out) - srdi r10,r10,32 - stw r11,64*3-4($out) - srdi r11,r11,32 - stw r8, 64*4-4($out) - stw r9, 64*5-4($out) - stw r10,64*6-4($out) - stw r11,64*7-4($out) - addi $out,$out,64*8 - - ld r8, 64($inp) # Z - ld r9, 72($inp) - ld r10,80($inp) - ld r11,88($inp) - - stw r8, 64*0-4($out) - srdi r8, r8, 32 - stw r9, 64*1-4($out) - srdi r9, r9, 32 - stw r10,64*2-4($out) - srdi r10,r10,32 - stw r11,64*3-4($out) - srdi r11,r11,32 - stw r8, 64*4-4($out) - stw r9, 64*5-4($out) - stw r10,64*6-4($out) - stw r11,64*7-4($out) - - blr - .long 0 - .byte 0,12,0x14,0,0,0,3,0 - .long 0 -.size ecp_nistz256_scatter_w5,.-ecp_nistz256_scatter_w5 - -######################################################################## -# void ecp_nistz256_gather_w5(P256_POINT *out, const void *inp, -# int index); -.globl ecp_nistz256_gather_w5 -.align 4 -ecp_nistz256_gather_w5: - neg r0,$index - sradi r0,r0,63 - - add $index,$index,r0 - slwi $index,$index,2 - add $inp,$inp,$index - - lwz r5, 64*0($inp) - lwz r6, 64*1($inp) - lwz r7, 64*2($inp) - lwz r8, 64*3($inp) - lwz r9, 64*4($inp) - lwz r10,64*5($inp) - lwz r11,64*6($inp) - lwz r12,64*7($inp) - addi $inp,$inp,64*8 - sldi r9, r9, 32 - sldi r10,r10,32 - sldi r11,r11,32 - sldi r12,r12,32 - or r5,r5,r9 - or r6,r6,r10 - or r7,r7,r11 - or r8,r8,r12 - and r5,r5,r0 - and r6,r6,r0 - and r7,r7,r0 - and r8,r8,r0 - std r5,0($out) # X - std r6,8($out) - std r7,16($out) - std r8,24($out) - - lwz r5, 64*0($inp) - lwz r6, 64*1($inp) - lwz r7, 64*2($inp) - lwz r8, 64*3($inp) - lwz r9, 64*4($inp) - lwz r10,64*5($inp) - lwz r11,64*6($inp) - lwz r12,64*7($inp) - addi $inp,$inp,64*8 - sldi r9, r9, 32 - sldi r10,r10,32 - sldi r11,r11,32 - sldi r12,r12,32 - or r5,r5,r9 - or r6,r6,r10 - or r7,r7,r11 - or r8,r8,r12 - and r5,r5,r0 - and r6,r6,r0 - and r7,r7,r0 - and r8,r8,r0 - std r5,32($out) # Y - std r6,40($out) - std r7,48($out) - std r8,56($out) - - lwz r5, 64*0($inp) - lwz r6, 64*1($inp) - lwz r7, 64*2($inp) - lwz r8, 64*3($inp) - lwz r9, 64*4($inp) - lwz r10,64*5($inp) - lwz r11,64*6($inp) - lwz r12,64*7($inp) - sldi r9, r9, 32 - sldi r10,r10,32 - sldi r11,r11,32 - sldi r12,r12,32 - or r5,r5,r9 - or r6,r6,r10 - or r7,r7,r11 - or r8,r8,r12 - and r5,r5,r0 - and r6,r6,r0 - and r7,r7,r0 - and r8,r8,r0 - std r5,64($out) # Z - std r6,72($out) - std r7,80($out) - std r8,88($out) - - blr - .long 0 - .byte 0,12,0x14,0,0,0,3,0 - .long 0 -.size ecp_nistz256_gather_w5,.-ecp_nistz256_gather_w5 - -######################################################################## -# void ecp_nistz256_scatter_w7(void *out, const P256_POINT_AFFINE *inp, -# int index); -.globl ecp_nistz256_scatter_w7 -.align 4 -ecp_nistz256_scatter_w7: - li r0,8 - mtctr r0 - add $out,$out,$index - subi $inp,$inp,8 - -.Loop_scatter_w7: - ldu r0,8($inp) - stb r0,64*0($out) - srdi r0,r0,8 - stb r0,64*1($out) - srdi r0,r0,8 - stb r0,64*2($out) - srdi r0,r0,8 - stb r0,64*3($out) - srdi r0,r0,8 - stb r0,64*4($out) - srdi r0,r0,8 - stb r0,64*5($out) - srdi r0,r0,8 - stb r0,64*6($out) - srdi r0,r0,8 - stb r0,64*7($out) - addi $out,$out,64*8 - bdnz .Loop_scatter_w7 - - blr - .long 0 - .byte 0,12,0x14,0,0,0,3,0 - .long 0 -.size ecp_nistz256_scatter_w7,.-ecp_nistz256_scatter_w7 - -######################################################################## -# void ecp_nistz256_gather_w7(P256_POINT_AFFINE *out, const void *inp, -# int index); -.globl ecp_nistz256_gather_w7 -.align 4 -ecp_nistz256_gather_w7: - li r0,8 - mtctr r0 - neg r0,$index - sradi r0,r0,63 - - add $index,$index,r0 - add $inp,$inp,$index - subi $out,$out,8 - -.Loop_gather_w7: - lbz r5, 64*0($inp) - lbz r6, 64*1($inp) - lbz r7, 64*2($inp) - lbz r8, 64*3($inp) - lbz r9, 64*4($inp) - lbz r10,64*5($inp) - lbz r11,64*6($inp) - lbz r12,64*7($inp) - addi $inp,$inp,64*8 - - sldi r6, r6, 8 - sldi r7, r7, 16 - sldi r8, r8, 24 - sldi r9, r9, 32 - sldi r10,r10,40 - sldi r11,r11,48 - sldi r12,r12,56 - - or r5,r5,r6 - or r7,r7,r8 - or r9,r9,r10 - or r11,r11,r12 - or r5,r5,r7 - or r9,r9,r11 - or r5,r5,r9 - and r5,r5,r0 - stdu r5,8($out) - bdnz .Loop_gather_w7 - - blr - .long 0 - .byte 0,12,0x14,0,0,0,3,0 - .long 0 -.size ecp_nistz256_gather_w7,.-ecp_nistz256_gather_w7 -___ -} - -foreach (split("\n",$code)) { - s/\`([^\`]*)\`/eval $1/ge; - - print $_,"\n"; -} -close STDOUT or die "error closing STDOUT: $!"; # enforce flush diff --git a/crypto/ec/asm/ecp_nistz256-sparcv9.pl b/crypto/ec/asm/ecp_nistz256-sparcv9.pl deleted file mode 100755 index 986e002cc94d2fbda62f095135643f01fe56f13c..0000000000000000000000000000000000000000 --- a/crypto/ec/asm/ecp_nistz256-sparcv9.pl +++ /dev/null @@ -1,3062 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - - -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# ==================================================================== -# -# ECP_NISTZ256 module for SPARCv9. -# -# February 2015. -# -# Original ECP_NISTZ256 submission targeting x86_64 is detailed in -# http://eprint.iacr.org/2013/816. In the process of adaptation -# original .c module was made 32-bit savvy in order to make this -# implementation possible. -# -# with/without -DECP_NISTZ256_ASM -# UltraSPARC III +12-18% -# SPARC T4 +99-550% (+66-150% on 32-bit Solaris) -# -# Ranges denote minimum and maximum improvement coefficients depending -# on benchmark. Lower coefficients are for ECDSA sign, server-side -# operation. Keep in mind that +200% means 3x improvement. - -$output = pop and open STDOUT,">$output"; - -$code.=<<___; -#ifndef __ASSEMBLER__ -# define __ASSEMBLER__ 1 -#endif -#include "crypto/sparc_arch.h" - -#define LOCALS (STACK_BIAS+STACK_FRAME) -#ifdef __arch64__ -.register %g2,#scratch -.register %g3,#scratch -# define STACK64_FRAME STACK_FRAME -# define LOCALS64 LOCALS -#else -# define STACK64_FRAME (2047+192) -# define LOCALS64 STACK64_FRAME -#endif - -.section ".text",#alloc,#execinstr -___ -######################################################################## -# Convert ecp_nistz256_table.c to layout expected by ecp_nistz_gather_w7 -# -$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; -open TABLE,") { - s/TOBN\(\s*(0x[0-9a-f]+),\s*(0x[0-9a-f]+)\s*\)/push @arr,hex($2),hex($1)/geo; -} -close TABLE; - -# See ecp_nistz256_table.c for explanation for why it's 64*16*37. -# 64*16*37-1 is because $#arr returns last valid index or @arr, not -# amount of elements. -die "insane number of elements" if ($#arr != 64*16*37-1); - -$code.=<<___; -.globl ecp_nistz256_precomputed -.align 4096 -ecp_nistz256_precomputed: -___ -######################################################################## -# this conversion smashes P256_POINT_AFFINE by individual bytes with -# 64 byte interval, similar to -# 1111222233334444 -# 1234123412341234 -for(1..37) { - @tbl = splice(@arr,0,64*16); - for($i=0;$i<64;$i++) { - undef @line; - for($j=0;$j<64;$j++) { - push @line,(@tbl[$j*16+$i/4]>>(($i%4)*8))&0xff; - } - $code.=".byte\t"; - $code.=join(',',map { sprintf "0x%02x",$_} @line); - $code.="\n"; - } -} - -{{{ -my ($rp,$ap,$bp)=map("%i$_",(0..2)); -my @acc=map("%l$_",(0..7)); -my ($t0,$t1,$t2,$t3,$t4,$t5,$t6,$t7)=(map("%o$_",(0..5)),"%g4","%g5"); -my ($bi,$a0,$mask,$carry)=(map("%i$_",(3..5)),"%g1"); -my ($rp_real,$ap_real)=("%g2","%g3"); - -$code.=<<___; -.type ecp_nistz256_precomputed,#object -.size ecp_nistz256_precomputed,.-ecp_nistz256_precomputed -.align 64 -.LRR: ! 2^512 mod P precomputed for NIST P256 polynomial -.long 0x00000003, 0x00000000, 0xffffffff, 0xfffffffb -.long 0xfffffffe, 0xffffffff, 0xfffffffd, 0x00000004 -.Lone: -.long 1,0,0,0,0,0,0,0 -.asciz "ECP_NISTZ256 for SPARCv9, CRYPTOGAMS by " - -! void ecp_nistz256_to_mont(BN_ULONG %i0[8],const BN_ULONG %i1[8]); -.globl ecp_nistz256_to_mont -.align 64 -ecp_nistz256_to_mont: - save %sp,-STACK_FRAME,%sp - nop -1: call .+8 - add %o7,.LRR-1b,$bp - call __ecp_nistz256_mul_mont - nop - ret - restore -.type ecp_nistz256_to_mont,#function -.size ecp_nistz256_to_mont,.-ecp_nistz256_to_mont - -! void ecp_nistz256_from_mont(BN_ULONG %i0[8],const BN_ULONG %i1[8]); -.globl ecp_nistz256_from_mont -.align 32 -ecp_nistz256_from_mont: - save %sp,-STACK_FRAME,%sp - nop -1: call .+8 - add %o7,.Lone-1b,$bp - call __ecp_nistz256_mul_mont - nop - ret - restore -.type ecp_nistz256_from_mont,#function -.size ecp_nistz256_from_mont,.-ecp_nistz256_from_mont - -! void ecp_nistz256_mul_mont(BN_ULONG %i0[8],const BN_ULONG %i1[8], -! const BN_ULONG %i2[8]); -.globl ecp_nistz256_mul_mont -.align 32 -ecp_nistz256_mul_mont: - save %sp,-STACK_FRAME,%sp - nop - call __ecp_nistz256_mul_mont - nop - ret - restore -.type ecp_nistz256_mul_mont,#function -.size ecp_nistz256_mul_mont,.-ecp_nistz256_mul_mont - -! void ecp_nistz256_sqr_mont(BN_ULONG %i0[8],const BN_ULONG %i2[8]); -.globl ecp_nistz256_sqr_mont -.align 32 -ecp_nistz256_sqr_mont: - save %sp,-STACK_FRAME,%sp - mov $ap,$bp - call __ecp_nistz256_mul_mont - nop - ret - restore -.type ecp_nistz256_sqr_mont,#function -.size ecp_nistz256_sqr_mont,.-ecp_nistz256_sqr_mont -___ - -######################################################################## -# Special thing to keep in mind is that $t0-$t7 hold 64-bit values, -# while all others are meant to keep 32. "Meant to" means that additions -# to @acc[0-7] do "contaminate" upper bits, but they are cleared before -# they can affect outcome (follow 'and' with $mask). Also keep in mind -# that addition with carry is addition with 32-bit carry, even though -# CPU is 64-bit. [Addition with 64-bit carry was introduced in T3, see -# below for VIS3 code paths.] - -$code.=<<___; -.align 32 -__ecp_nistz256_mul_mont: - ld [$bp+0],$bi ! b[0] - mov -1,$mask - ld [$ap+0],$a0 - srl $mask,0,$mask ! 0xffffffff - ld [$ap+4],$t1 - ld [$ap+8],$t2 - ld [$ap+12],$t3 - ld [$ap+16],$t4 - ld [$ap+20],$t5 - ld [$ap+24],$t6 - ld [$ap+28],$t7 - mulx $a0,$bi,$t0 ! a[0-7]*b[0], 64-bit results - mulx $t1,$bi,$t1 - mulx $t2,$bi,$t2 - mulx $t3,$bi,$t3 - mulx $t4,$bi,$t4 - mulx $t5,$bi,$t5 - mulx $t6,$bi,$t6 - mulx $t7,$bi,$t7 - srlx $t0,32,@acc[1] ! extract high parts - srlx $t1,32,@acc[2] - srlx $t2,32,@acc[3] - srlx $t3,32,@acc[4] - srlx $t4,32,@acc[5] - srlx $t5,32,@acc[6] - srlx $t6,32,@acc[7] - srlx $t7,32,@acc[0] ! "@acc[8]" - mov 0,$carry -___ -for($i=1;$i<8;$i++) { -$code.=<<___; - addcc @acc[1],$t1,@acc[1] ! accumulate high parts - ld [$bp+4*$i],$bi ! b[$i] - ld [$ap+4],$t1 ! re-load a[1-7] - addccc @acc[2],$t2,@acc[2] - addccc @acc[3],$t3,@acc[3] - ld [$ap+8],$t2 - ld [$ap+12],$t3 - addccc @acc[4],$t4,@acc[4] - addccc @acc[5],$t5,@acc[5] - ld [$ap+16],$t4 - ld [$ap+20],$t5 - addccc @acc[6],$t6,@acc[6] - addccc @acc[7],$t7,@acc[7] - ld [$ap+24],$t6 - ld [$ap+28],$t7 - addccc @acc[0],$carry,@acc[0] ! "@acc[8]" - addc %g0,%g0,$carry -___ - # Reduction iteration is normally performed by accumulating - # result of multiplication of modulus by "magic" digit [and - # omitting least significant word, which is guaranteed to - # be 0], but thanks to special form of modulus and "magic" - # digit being equal to least significant word, it can be - # performed with additions and subtractions alone. Indeed: - # - # ffff.0001.0000.0000.0000.ffff.ffff.ffff - # * abcd - # + xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.abcd - # - # Now observing that ff..ff*x = (2^n-1)*x = 2^n*x-x, we - # rewrite above as: - # - # xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.abcd - # + abcd.0000.abcd.0000.0000.abcd.0000.0000.0000 - # - abcd.0000.0000.0000.0000.0000.0000.abcd - # - # or marking redundant operations: - # - # xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.---- - # + abcd.0000.abcd.0000.0000.abcd.----.----.---- - # - abcd.----.----.----.----.----.----.---- - -$code.=<<___; - ! multiplication-less reduction - addcc @acc[3],$t0,@acc[3] ! r[3]+=r[0] - addccc @acc[4],%g0,@acc[4] ! r[4]+=0 - and @acc[1],$mask,@acc[1] - and @acc[2],$mask,@acc[2] - addccc @acc[5],%g0,@acc[5] ! r[5]+=0 - addccc @acc[6],$t0,@acc[6] ! r[6]+=r[0] - and @acc[3],$mask,@acc[3] - and @acc[4],$mask,@acc[4] - addccc @acc[7],%g0,@acc[7] ! r[7]+=0 - addccc @acc[0],$t0,@acc[0] ! r[8]+=r[0] "@acc[8]" - and @acc[5],$mask,@acc[5] - and @acc[6],$mask,@acc[6] - addc $carry,%g0,$carry ! top-most carry - subcc @acc[7],$t0,@acc[7] ! r[7]-=r[0] - subccc @acc[0],%g0,@acc[0] ! r[8]-=0 "@acc[8]" - subc $carry,%g0,$carry ! top-most carry - and @acc[7],$mask,@acc[7] - and @acc[0],$mask,@acc[0] ! "@acc[8]" -___ - push(@acc,shift(@acc)); # rotate registers to "omit" acc[0] -$code.=<<___; - mulx $a0,$bi,$t0 ! a[0-7]*b[$i], 64-bit results - mulx $t1,$bi,$t1 - mulx $t2,$bi,$t2 - mulx $t3,$bi,$t3 - mulx $t4,$bi,$t4 - mulx $t5,$bi,$t5 - mulx $t6,$bi,$t6 - mulx $t7,$bi,$t7 - add @acc[0],$t0,$t0 ! accumulate low parts, can't overflow - add @acc[1],$t1,$t1 - srlx $t0,32,@acc[1] ! extract high parts - add @acc[2],$t2,$t2 - srlx $t1,32,@acc[2] - add @acc[3],$t3,$t3 - srlx $t2,32,@acc[3] - add @acc[4],$t4,$t4 - srlx $t3,32,@acc[4] - add @acc[5],$t5,$t5 - srlx $t4,32,@acc[5] - add @acc[6],$t6,$t6 - srlx $t5,32,@acc[6] - add @acc[7],$t7,$t7 - srlx $t6,32,@acc[7] - srlx $t7,32,@acc[0] ! "@acc[8]" -___ -} -$code.=<<___; - addcc @acc[1],$t1,@acc[1] ! accumulate high parts - addccc @acc[2],$t2,@acc[2] - addccc @acc[3],$t3,@acc[3] - addccc @acc[4],$t4,@acc[4] - addccc @acc[5],$t5,@acc[5] - addccc @acc[6],$t6,@acc[6] - addccc @acc[7],$t7,@acc[7] - addccc @acc[0],$carry,@acc[0] ! "@acc[8]" - addc %g0,%g0,$carry - - addcc @acc[3],$t0,@acc[3] ! multiplication-less reduction - addccc @acc[4],%g0,@acc[4] - addccc @acc[5],%g0,@acc[5] - addccc @acc[6],$t0,@acc[6] - addccc @acc[7],%g0,@acc[7] - addccc @acc[0],$t0,@acc[0] ! "@acc[8]" - addc $carry,%g0,$carry - subcc @acc[7],$t0,@acc[7] - subccc @acc[0],%g0,@acc[0] ! "@acc[8]" - subc $carry,%g0,$carry ! top-most carry -___ - push(@acc,shift(@acc)); # rotate registers to omit acc[0] -$code.=<<___; - ! Final step is "if result > mod, subtract mod", but we do it - ! "other way around", namely subtract modulus from result - ! and if it borrowed, add modulus back. - - subcc @acc[0],-1,@acc[0] ! subtract modulus - subccc @acc[1],-1,@acc[1] - subccc @acc[2],-1,@acc[2] - subccc @acc[3],0,@acc[3] - subccc @acc[4],0,@acc[4] - subccc @acc[5],0,@acc[5] - subccc @acc[6],1,@acc[6] - subccc @acc[7],-1,@acc[7] - subc $carry,0,$carry ! broadcast borrow bit - - ! Note that because mod has special form, i.e. consists of - ! 0xffffffff, 1 and 0s, we can conditionally synthesize it by - ! using value of broadcasted borrow and the borrow bit itself. - ! To minimize dependency chain we first broadcast and then - ! extract the bit by negating (follow $bi). - - addcc @acc[0],$carry,@acc[0] ! add modulus or zero - addccc @acc[1],$carry,@acc[1] - neg $carry,$bi - st @acc[0],[$rp] - addccc @acc[2],$carry,@acc[2] - st @acc[1],[$rp+4] - addccc @acc[3],0,@acc[3] - st @acc[2],[$rp+8] - addccc @acc[4],0,@acc[4] - st @acc[3],[$rp+12] - addccc @acc[5],0,@acc[5] - st @acc[4],[$rp+16] - addccc @acc[6],$bi,@acc[6] - st @acc[5],[$rp+20] - addc @acc[7],$carry,@acc[7] - st @acc[6],[$rp+24] - retl - st @acc[7],[$rp+28] -.type __ecp_nistz256_mul_mont,#function -.size __ecp_nistz256_mul_mont,.-__ecp_nistz256_mul_mont - -! void ecp_nistz256_add(BN_ULONG %i0[8],const BN_ULONG %i1[8], -! const BN_ULONG %i2[8]); -.globl ecp_nistz256_add -.align 32 -ecp_nistz256_add: - save %sp,-STACK_FRAME,%sp - ld [$ap],@acc[0] - ld [$ap+4],@acc[1] - ld [$ap+8],@acc[2] - ld [$ap+12],@acc[3] - ld [$ap+16],@acc[4] - ld [$ap+20],@acc[5] - ld [$ap+24],@acc[6] - call __ecp_nistz256_add - ld [$ap+28],@acc[7] - ret - restore -.type ecp_nistz256_add,#function -.size ecp_nistz256_add,.-ecp_nistz256_add - -.align 32 -__ecp_nistz256_add: - ld [$bp+0],$t0 ! b[0] - ld [$bp+4],$t1 - ld [$bp+8],$t2 - ld [$bp+12],$t3 - addcc @acc[0],$t0,@acc[0] - ld [$bp+16],$t4 - ld [$bp+20],$t5 - addccc @acc[1],$t1,@acc[1] - ld [$bp+24],$t6 - ld [$bp+28],$t7 - addccc @acc[2],$t2,@acc[2] - addccc @acc[3],$t3,@acc[3] - addccc @acc[4],$t4,@acc[4] - addccc @acc[5],$t5,@acc[5] - addccc @acc[6],$t6,@acc[6] - addccc @acc[7],$t7,@acc[7] - addc %g0,%g0,$carry - -.Lreduce_by_sub: - - ! if a+b >= modulus, subtract modulus. - ! - ! But since comparison implies subtraction, we subtract - ! modulus and then add it back if subtraction borrowed. - - subcc @acc[0],-1,@acc[0] - subccc @acc[1],-1,@acc[1] - subccc @acc[2],-1,@acc[2] - subccc @acc[3], 0,@acc[3] - subccc @acc[4], 0,@acc[4] - subccc @acc[5], 0,@acc[5] - subccc @acc[6], 1,@acc[6] - subccc @acc[7],-1,@acc[7] - subc $carry,0,$carry - - ! Note that because mod has special form, i.e. consists of - ! 0xffffffff, 1 and 0s, we can conditionally synthesize it by - ! using value of borrow and its negative. - - addcc @acc[0],$carry,@acc[0] ! add synthesized modulus - addccc @acc[1],$carry,@acc[1] - neg $carry,$bi - st @acc[0],[$rp] - addccc @acc[2],$carry,@acc[2] - st @acc[1],[$rp+4] - addccc @acc[3],0,@acc[3] - st @acc[2],[$rp+8] - addccc @acc[4],0,@acc[4] - st @acc[3],[$rp+12] - addccc @acc[5],0,@acc[5] - st @acc[4],[$rp+16] - addccc @acc[6],$bi,@acc[6] - st @acc[5],[$rp+20] - addc @acc[7],$carry,@acc[7] - st @acc[6],[$rp+24] - retl - st @acc[7],[$rp+28] -.type __ecp_nistz256_add,#function -.size __ecp_nistz256_add,.-__ecp_nistz256_add - -! void ecp_nistz256_mul_by_2(BN_ULONG %i0[8],const BN_ULONG %i1[8]); -.globl ecp_nistz256_mul_by_2 -.align 32 -ecp_nistz256_mul_by_2: - save %sp,-STACK_FRAME,%sp - ld [$ap],@acc[0] - ld [$ap+4],@acc[1] - ld [$ap+8],@acc[2] - ld [$ap+12],@acc[3] - ld [$ap+16],@acc[4] - ld [$ap+20],@acc[5] - ld [$ap+24],@acc[6] - call __ecp_nistz256_mul_by_2 - ld [$ap+28],@acc[7] - ret - restore -.type ecp_nistz256_mul_by_2,#function -.size ecp_nistz256_mul_by_2,.-ecp_nistz256_mul_by_2 - -.align 32 -__ecp_nistz256_mul_by_2: - addcc @acc[0],@acc[0],@acc[0] ! a+a=2*a - addccc @acc[1],@acc[1],@acc[1] - addccc @acc[2],@acc[2],@acc[2] - addccc @acc[3],@acc[3],@acc[3] - addccc @acc[4],@acc[4],@acc[4] - addccc @acc[5],@acc[5],@acc[5] - addccc @acc[6],@acc[6],@acc[6] - addccc @acc[7],@acc[7],@acc[7] - b .Lreduce_by_sub - addc %g0,%g0,$carry -.type __ecp_nistz256_mul_by_2,#function -.size __ecp_nistz256_mul_by_2,.-__ecp_nistz256_mul_by_2 - -! void ecp_nistz256_mul_by_3(BN_ULONG %i0[8],const BN_ULONG %i1[8]); -.globl ecp_nistz256_mul_by_3 -.align 32 -ecp_nistz256_mul_by_3: - save %sp,-STACK_FRAME,%sp - ld [$ap],@acc[0] - ld [$ap+4],@acc[1] - ld [$ap+8],@acc[2] - ld [$ap+12],@acc[3] - ld [$ap+16],@acc[4] - ld [$ap+20],@acc[5] - ld [$ap+24],@acc[6] - call __ecp_nistz256_mul_by_3 - ld [$ap+28],@acc[7] - ret - restore -.type ecp_nistz256_mul_by_3,#function -.size ecp_nistz256_mul_by_3,.-ecp_nistz256_mul_by_3 - -.align 32 -__ecp_nistz256_mul_by_3: - addcc @acc[0],@acc[0],$t0 ! a+a=2*a - addccc @acc[1],@acc[1],$t1 - addccc @acc[2],@acc[2],$t2 - addccc @acc[3],@acc[3],$t3 - addccc @acc[4],@acc[4],$t4 - addccc @acc[5],@acc[5],$t5 - addccc @acc[6],@acc[6],$t6 - addccc @acc[7],@acc[7],$t7 - addc %g0,%g0,$carry - - subcc $t0,-1,$t0 ! .Lreduce_by_sub but without stores - subccc $t1,-1,$t1 - subccc $t2,-1,$t2 - subccc $t3, 0,$t3 - subccc $t4, 0,$t4 - subccc $t5, 0,$t5 - subccc $t6, 1,$t6 - subccc $t7,-1,$t7 - subc $carry,0,$carry - - addcc $t0,$carry,$t0 ! add synthesized modulus - addccc $t1,$carry,$t1 - neg $carry,$bi - addccc $t2,$carry,$t2 - addccc $t3,0,$t3 - addccc $t4,0,$t4 - addccc $t5,0,$t5 - addccc $t6,$bi,$t6 - addc $t7,$carry,$t7 - - addcc $t0,@acc[0],@acc[0] ! 2*a+a=3*a - addccc $t1,@acc[1],@acc[1] - addccc $t2,@acc[2],@acc[2] - addccc $t3,@acc[3],@acc[3] - addccc $t4,@acc[4],@acc[4] - addccc $t5,@acc[5],@acc[5] - addccc $t6,@acc[6],@acc[6] - addccc $t7,@acc[7],@acc[7] - b .Lreduce_by_sub - addc %g0,%g0,$carry -.type __ecp_nistz256_mul_by_3,#function -.size __ecp_nistz256_mul_by_3,.-__ecp_nistz256_mul_by_3 - -! void ecp_nistz256_sub(BN_ULONG %i0[8],const BN_ULONG %i1[8], -! const BN_ULONG %i2[8]); -.globl ecp_nistz256_sub -.align 32 -ecp_nistz256_sub: - save %sp,-STACK_FRAME,%sp - ld [$ap],@acc[0] - ld [$ap+4],@acc[1] - ld [$ap+8],@acc[2] - ld [$ap+12],@acc[3] - ld [$ap+16],@acc[4] - ld [$ap+20],@acc[5] - ld [$ap+24],@acc[6] - call __ecp_nistz256_sub_from - ld [$ap+28],@acc[7] - ret - restore -.type ecp_nistz256_sub,#function -.size ecp_nistz256_sub,.-ecp_nistz256_sub - -! void ecp_nistz256_neg(BN_ULONG %i0[8],const BN_ULONG %i1[8]); -.globl ecp_nistz256_neg -.align 32 -ecp_nistz256_neg: - save %sp,-STACK_FRAME,%sp - mov $ap,$bp - mov 0,@acc[0] - mov 0,@acc[1] - mov 0,@acc[2] - mov 0,@acc[3] - mov 0,@acc[4] - mov 0,@acc[5] - mov 0,@acc[6] - call __ecp_nistz256_sub_from - mov 0,@acc[7] - ret - restore -.type ecp_nistz256_neg,#function -.size ecp_nistz256_neg,.-ecp_nistz256_neg - -.align 32 -__ecp_nistz256_sub_from: - ld [$bp+0],$t0 ! b[0] - ld [$bp+4],$t1 - ld [$bp+8],$t2 - ld [$bp+12],$t3 - subcc @acc[0],$t0,@acc[0] - ld [$bp+16],$t4 - ld [$bp+20],$t5 - subccc @acc[1],$t1,@acc[1] - subccc @acc[2],$t2,@acc[2] - ld [$bp+24],$t6 - ld [$bp+28],$t7 - subccc @acc[3],$t3,@acc[3] - subccc @acc[4],$t4,@acc[4] - subccc @acc[5],$t5,@acc[5] - subccc @acc[6],$t6,@acc[6] - subccc @acc[7],$t7,@acc[7] - subc %g0,%g0,$carry ! broadcast borrow bit - -.Lreduce_by_add: - - ! if a-b borrows, add modulus. - ! - ! Note that because mod has special form, i.e. consists of - ! 0xffffffff, 1 and 0s, we can conditionally synthesize it by - ! using value of broadcasted borrow and the borrow bit itself. - ! To minimize dependency chain we first broadcast and then - ! extract the bit by negating (follow $bi). - - addcc @acc[0],$carry,@acc[0] ! add synthesized modulus - addccc @acc[1],$carry,@acc[1] - neg $carry,$bi - st @acc[0],[$rp] - addccc @acc[2],$carry,@acc[2] - st @acc[1],[$rp+4] - addccc @acc[3],0,@acc[3] - st @acc[2],[$rp+8] - addccc @acc[4],0,@acc[4] - st @acc[3],[$rp+12] - addccc @acc[5],0,@acc[5] - st @acc[4],[$rp+16] - addccc @acc[6],$bi,@acc[6] - st @acc[5],[$rp+20] - addc @acc[7],$carry,@acc[7] - st @acc[6],[$rp+24] - retl - st @acc[7],[$rp+28] -.type __ecp_nistz256_sub_from,#function -.size __ecp_nistz256_sub_from,.-__ecp_nistz256_sub_from - -.align 32 -__ecp_nistz256_sub_morf: - ld [$bp+0],$t0 ! b[0] - ld [$bp+4],$t1 - ld [$bp+8],$t2 - ld [$bp+12],$t3 - subcc $t0,@acc[0],@acc[0] - ld [$bp+16],$t4 - ld [$bp+20],$t5 - subccc $t1,@acc[1],@acc[1] - subccc $t2,@acc[2],@acc[2] - ld [$bp+24],$t6 - ld [$bp+28],$t7 - subccc $t3,@acc[3],@acc[3] - subccc $t4,@acc[4],@acc[4] - subccc $t5,@acc[5],@acc[5] - subccc $t6,@acc[6],@acc[6] - subccc $t7,@acc[7],@acc[7] - b .Lreduce_by_add - subc %g0,%g0,$carry ! broadcast borrow bit -.type __ecp_nistz256_sub_morf,#function -.size __ecp_nistz256_sub_morf,.-__ecp_nistz256_sub_morf - -! void ecp_nistz256_div_by_2(BN_ULONG %i0[8],const BN_ULONG %i1[8]); -.globl ecp_nistz256_div_by_2 -.align 32 -ecp_nistz256_div_by_2: - save %sp,-STACK_FRAME,%sp - ld [$ap],@acc[0] - ld [$ap+4],@acc[1] - ld [$ap+8],@acc[2] - ld [$ap+12],@acc[3] - ld [$ap+16],@acc[4] - ld [$ap+20],@acc[5] - ld [$ap+24],@acc[6] - call __ecp_nistz256_div_by_2 - ld [$ap+28],@acc[7] - ret - restore -.type ecp_nistz256_div_by_2,#function -.size ecp_nistz256_div_by_2,.-ecp_nistz256_div_by_2 - -.align 32 -__ecp_nistz256_div_by_2: - ! ret = (a is odd ? a+mod : a) >> 1 - - and @acc[0],1,$bi - neg $bi,$carry - addcc @acc[0],$carry,@acc[0] - addccc @acc[1],$carry,@acc[1] - addccc @acc[2],$carry,@acc[2] - addccc @acc[3],0,@acc[3] - addccc @acc[4],0,@acc[4] - addccc @acc[5],0,@acc[5] - addccc @acc[6],$bi,@acc[6] - addccc @acc[7],$carry,@acc[7] - addc %g0,%g0,$carry - - ! ret >>= 1 - - srl @acc[0],1,@acc[0] - sll @acc[1],31,$t0 - srl @acc[1],1,@acc[1] - or @acc[0],$t0,@acc[0] - sll @acc[2],31,$t1 - srl @acc[2],1,@acc[2] - or @acc[1],$t1,@acc[1] - sll @acc[3],31,$t2 - st @acc[0],[$rp] - srl @acc[3],1,@acc[3] - or @acc[2],$t2,@acc[2] - sll @acc[4],31,$t3 - st @acc[1],[$rp+4] - srl @acc[4],1,@acc[4] - or @acc[3],$t3,@acc[3] - sll @acc[5],31,$t4 - st @acc[2],[$rp+8] - srl @acc[5],1,@acc[5] - or @acc[4],$t4,@acc[4] - sll @acc[6],31,$t5 - st @acc[3],[$rp+12] - srl @acc[6],1,@acc[6] - or @acc[5],$t5,@acc[5] - sll @acc[7],31,$t6 - st @acc[4],[$rp+16] - srl @acc[7],1,@acc[7] - or @acc[6],$t6,@acc[6] - sll $carry,31,$t7 - st @acc[5],[$rp+20] - or @acc[7],$t7,@acc[7] - st @acc[6],[$rp+24] - retl - st @acc[7],[$rp+28] -.type __ecp_nistz256_div_by_2,#function -.size __ecp_nistz256_div_by_2,.-__ecp_nistz256_div_by_2 -___ - -######################################################################## -# following subroutines are "literal" implementation of those found in -# ecp_nistz256.c -# -######################################################################## -# void ecp_nistz256_point_double(P256_POINT *out,const P256_POINT *inp); -# -{ -my ($S,$M,$Zsqr,$tmp0)=map(32*$_,(0..3)); -# above map() describes stack layout with 4 temporary -# 256-bit vectors on top. - -$code.=<<___; -#ifdef __PIC__ -SPARC_PIC_THUNK(%g1) -#endif - -.globl ecp_nistz256_point_double -.align 32 -ecp_nistz256_point_double: - SPARC_LOAD_ADDRESS_LEAF(OPENSSL_sparcv9cap_P,%g1,%g5) - ld [%g1],%g1 ! OPENSSL_sparcv9cap_P[0] - and %g1,(SPARCV9_VIS3|SPARCV9_64BIT_STACK),%g1 - cmp %g1,(SPARCV9_VIS3|SPARCV9_64BIT_STACK) - be ecp_nistz256_point_double_vis3 - nop - - save %sp,-STACK_FRAME-32*4,%sp - - mov $rp,$rp_real - mov $ap,$ap_real - -.Lpoint_double_shortcut: - ld [$ap+32],@acc[0] - ld [$ap+32+4],@acc[1] - ld [$ap+32+8],@acc[2] - ld [$ap+32+12],@acc[3] - ld [$ap+32+16],@acc[4] - ld [$ap+32+20],@acc[5] - ld [$ap+32+24],@acc[6] - ld [$ap+32+28],@acc[7] - call __ecp_nistz256_mul_by_2 ! p256_mul_by_2(S, in_y); - add %sp,LOCALS+$S,$rp - - add $ap_real,64,$bp - add $ap_real,64,$ap - call __ecp_nistz256_mul_mont ! p256_sqr_mont(Zsqr, in_z); - add %sp,LOCALS+$Zsqr,$rp - - add $ap_real,0,$bp - call __ecp_nistz256_add ! p256_add(M, Zsqr, in_x); - add %sp,LOCALS+$M,$rp - - add %sp,LOCALS+$S,$bp - add %sp,LOCALS+$S,$ap - call __ecp_nistz256_mul_mont ! p256_sqr_mont(S, S); - add %sp,LOCALS+$S,$rp - - ld [$ap_real],@acc[0] - add %sp,LOCALS+$Zsqr,$bp - ld [$ap_real+4],@acc[1] - ld [$ap_real+8],@acc[2] - ld [$ap_real+12],@acc[3] - ld [$ap_real+16],@acc[4] - ld [$ap_real+20],@acc[5] - ld [$ap_real+24],@acc[6] - ld [$ap_real+28],@acc[7] - call __ecp_nistz256_sub_from ! p256_sub(Zsqr, in_x, Zsqr); - add %sp,LOCALS+$Zsqr,$rp - - add $ap_real,32,$bp - add $ap_real,64,$ap - call __ecp_nistz256_mul_mont ! p256_mul_mont(tmp0, in_z, in_y); - add %sp,LOCALS+$tmp0,$rp - - call __ecp_nistz256_mul_by_2 ! p256_mul_by_2(res_z, tmp0); - add $rp_real,64,$rp - - add %sp,LOCALS+$Zsqr,$bp - add %sp,LOCALS+$M,$ap - call __ecp_nistz256_mul_mont ! p256_mul_mont(M, M, Zsqr); - add %sp,LOCALS+$M,$rp - - call __ecp_nistz256_mul_by_3 ! p256_mul_by_3(M, M); - add %sp,LOCALS+$M,$rp - - add %sp,LOCALS+$S,$bp - add %sp,LOCALS+$S,$ap - call __ecp_nistz256_mul_mont ! p256_sqr_mont(tmp0, S); - add %sp,LOCALS+$tmp0,$rp - - call __ecp_nistz256_div_by_2 ! p256_div_by_2(res_y, tmp0); - add $rp_real,32,$rp - - add $ap_real,0,$bp - add %sp,LOCALS+$S,$ap - call __ecp_nistz256_mul_mont ! p256_mul_mont(S, S, in_x); - add %sp,LOCALS+$S,$rp - - call __ecp_nistz256_mul_by_2 ! p256_mul_by_2(tmp0, S); - add %sp,LOCALS+$tmp0,$rp - - add %sp,LOCALS+$M,$bp - add %sp,LOCALS+$M,$ap - call __ecp_nistz256_mul_mont ! p256_sqr_mont(res_x, M); - add $rp_real,0,$rp - - add %sp,LOCALS+$tmp0,$bp - call __ecp_nistz256_sub_from ! p256_sub(res_x, res_x, tmp0); - add $rp_real,0,$rp - - add %sp,LOCALS+$S,$bp - call __ecp_nistz256_sub_morf ! p256_sub(S, S, res_x); - add %sp,LOCALS+$S,$rp - - add %sp,LOCALS+$M,$bp - add %sp,LOCALS+$S,$ap - call __ecp_nistz256_mul_mont ! p256_mul_mont(S, S, M); - add %sp,LOCALS+$S,$rp - - add $rp_real,32,$bp - call __ecp_nistz256_sub_from ! p256_sub(res_y, S, res_y); - add $rp_real,32,$rp - - ret - restore -.type ecp_nistz256_point_double,#function -.size ecp_nistz256_point_double,.-ecp_nistz256_point_double -___ -} - -######################################################################## -# void ecp_nistz256_point_add(P256_POINT *out,const P256_POINT *in1, -# const P256_POINT *in2); -{ -my ($res_x,$res_y,$res_z, - $H,$Hsqr,$R,$Rsqr,$Hcub, - $U1,$U2,$S1,$S2)=map(32*$_,(0..11)); -my ($Z1sqr, $Z2sqr) = ($Hsqr, $Rsqr); - -# above map() describes stack layout with 12 temporary -# 256-bit vectors on top. Then we reserve some space for -# !in1infty, !in2infty, result of check for zero and return pointer. - -my $bp_real=$rp_real; - -$code.=<<___; -.globl ecp_nistz256_point_add -.align 32 -ecp_nistz256_point_add: - SPARC_LOAD_ADDRESS_LEAF(OPENSSL_sparcv9cap_P,%g1,%g5) - ld [%g1],%g1 ! OPENSSL_sparcv9cap_P[0] - and %g1,(SPARCV9_VIS3|SPARCV9_64BIT_STACK),%g1 - cmp %g1,(SPARCV9_VIS3|SPARCV9_64BIT_STACK) - be ecp_nistz256_point_add_vis3 - nop - - save %sp,-STACK_FRAME-32*12-32,%sp - - stx $rp,[%fp+STACK_BIAS-8] ! off-load $rp - mov $ap,$ap_real - mov $bp,$bp_real - - ld [$bp+64],$t0 ! in2_z - ld [$bp+64+4],$t1 - ld [$bp+64+8],$t2 - ld [$bp+64+12],$t3 - ld [$bp+64+16],$t4 - ld [$bp+64+20],$t5 - ld [$bp+64+24],$t6 - ld [$bp+64+28],$t7 - or $t1,$t0,$t0 - or $t3,$t2,$t2 - or $t5,$t4,$t4 - or $t7,$t6,$t6 - or $t2,$t0,$t0 - or $t6,$t4,$t4 - or $t4,$t0,$t0 ! !in2infty - movrnz $t0,-1,$t0 - st $t0,[%fp+STACK_BIAS-12] - - ld [$ap+64],$t0 ! in1_z - ld [$ap+64+4],$t1 - ld [$ap+64+8],$t2 - ld [$ap+64+12],$t3 - ld [$ap+64+16],$t4 - ld [$ap+64+20],$t5 - ld [$ap+64+24],$t6 - ld [$ap+64+28],$t7 - or $t1,$t0,$t0 - or $t3,$t2,$t2 - or $t5,$t4,$t4 - or $t7,$t6,$t6 - or $t2,$t0,$t0 - or $t6,$t4,$t4 - or $t4,$t0,$t0 ! !in1infty - movrnz $t0,-1,$t0 - st $t0,[%fp+STACK_BIAS-16] - - add $bp_real,64,$bp - add $bp_real,64,$ap - call __ecp_nistz256_mul_mont ! p256_sqr_mont(Z2sqr, in2_z); - add %sp,LOCALS+$Z2sqr,$rp - - add $ap_real,64,$bp - add $ap_real,64,$ap - call __ecp_nistz256_mul_mont ! p256_sqr_mont(Z1sqr, in1_z); - add %sp,LOCALS+$Z1sqr,$rp - - add $bp_real,64,$bp - add %sp,LOCALS+$Z2sqr,$ap - call __ecp_nistz256_mul_mont ! p256_mul_mont(S1, Z2sqr, in2_z); - add %sp,LOCALS+$S1,$rp - - add $ap_real,64,$bp - add %sp,LOCALS+$Z1sqr,$ap - call __ecp_nistz256_mul_mont ! p256_mul_mont(S2, Z1sqr, in1_z); - add %sp,LOCALS+$S2,$rp - - add $ap_real,32,$bp - add %sp,LOCALS+$S1,$ap - call __ecp_nistz256_mul_mont ! p256_mul_mont(S1, S1, in1_y); - add %sp,LOCALS+$S1,$rp - - add $bp_real,32,$bp - add %sp,LOCALS+$S2,$ap - call __ecp_nistz256_mul_mont ! p256_mul_mont(S2, S2, in2_y); - add %sp,LOCALS+$S2,$rp - - add %sp,LOCALS+$S1,$bp - call __ecp_nistz256_sub_from ! p256_sub(R, S2, S1); - add %sp,LOCALS+$R,$rp - - or @acc[1],@acc[0],@acc[0] ! see if result is zero - or @acc[3],@acc[2],@acc[2] - or @acc[5],@acc[4],@acc[4] - or @acc[7],@acc[6],@acc[6] - or @acc[2],@acc[0],@acc[0] - or @acc[6],@acc[4],@acc[4] - or @acc[4],@acc[0],@acc[0] - st @acc[0],[%fp+STACK_BIAS-20] - - add $ap_real,0,$bp - add %sp,LOCALS+$Z2sqr,$ap - call __ecp_nistz256_mul_mont ! p256_mul_mont(U1, in1_x, Z2sqr); - add %sp,LOCALS+$U1,$rp - - add $bp_real,0,$bp - add %sp,LOCALS+$Z1sqr,$ap - call __ecp_nistz256_mul_mont ! p256_mul_mont(U2, in2_x, Z1sqr); - add %sp,LOCALS+$U2,$rp - - add %sp,LOCALS+$U1,$bp - call __ecp_nistz256_sub_from ! p256_sub(H, U2, U1); - add %sp,LOCALS+$H,$rp - - or @acc[1],@acc[0],@acc[0] ! see if result is zero - or @acc[3],@acc[2],@acc[2] - or @acc[5],@acc[4],@acc[4] - or @acc[7],@acc[6],@acc[6] - or @acc[2],@acc[0],@acc[0] - or @acc[6],@acc[4],@acc[4] - orcc @acc[4],@acc[0],@acc[0] - - bne,pt %icc,.Ladd_proceed ! is_equal(U1,U2)? - nop - - ld [%fp+STACK_BIAS-12],$t0 - ld [%fp+STACK_BIAS-16],$t1 - ld [%fp+STACK_BIAS-20],$t2 - andcc $t0,$t1,%g0 - be,pt %icc,.Ladd_proceed ! (in1infty || in2infty)? - nop - andcc $t2,$t2,%g0 - be,pt %icc,.Ladd_double ! is_equal(S1,S2)? - nop - - ldx [%fp+STACK_BIAS-8],$rp - st %g0,[$rp] - st %g0,[$rp+4] - st %g0,[$rp+8] - st %g0,[$rp+12] - st %g0,[$rp+16] - st %g0,[$rp+20] - st %g0,[$rp+24] - st %g0,[$rp+28] - st %g0,[$rp+32] - st %g0,[$rp+32+4] - st %g0,[$rp+32+8] - st %g0,[$rp+32+12] - st %g0,[$rp+32+16] - st %g0,[$rp+32+20] - st %g0,[$rp+32+24] - st %g0,[$rp+32+28] - st %g0,[$rp+64] - st %g0,[$rp+64+4] - st %g0,[$rp+64+8] - st %g0,[$rp+64+12] - st %g0,[$rp+64+16] - st %g0,[$rp+64+20] - st %g0,[$rp+64+24] - st %g0,[$rp+64+28] - b .Ladd_done - nop - -.align 16 -.Ladd_double: - ldx [%fp+STACK_BIAS-8],$rp_real - mov $ap_real,$ap - b .Lpoint_double_shortcut - add %sp,32*(12-4)+32,%sp ! difference in frame sizes - -.align 16 -.Ladd_proceed: - add %sp,LOCALS+$R,$bp - add %sp,LOCALS+$R,$ap - call __ecp_nistz256_mul_mont ! p256_sqr_mont(Rsqr, R); - add %sp,LOCALS+$Rsqr,$rp - - add $ap_real,64,$bp - add %sp,LOCALS+$H,$ap - call __ecp_nistz256_mul_mont ! p256_mul_mont(res_z, H, in1_z); - add %sp,LOCALS+$res_z,$rp - - add %sp,LOCALS+$H,$bp - add %sp,LOCALS+$H,$ap - call __ecp_nistz256_mul_mont ! p256_sqr_mont(Hsqr, H); - add %sp,LOCALS+$Hsqr,$rp - - add $bp_real,64,$bp - add %sp,LOCALS+$res_z,$ap - call __ecp_nistz256_mul_mont ! p256_mul_mont(res_z, res_z, in2_z); - add %sp,LOCALS+$res_z,$rp - - add %sp,LOCALS+$H,$bp - add %sp,LOCALS+$Hsqr,$ap - call __ecp_nistz256_mul_mont ! p256_mul_mont(Hcub, Hsqr, H); - add %sp,LOCALS+$Hcub,$rp - - add %sp,LOCALS+$U1,$bp - add %sp,LOCALS+$Hsqr,$ap - call __ecp_nistz256_mul_mont ! p256_mul_mont(U2, U1, Hsqr); - add %sp,LOCALS+$U2,$rp - - call __ecp_nistz256_mul_by_2 ! p256_mul_by_2(Hsqr, U2); - add %sp,LOCALS+$Hsqr,$rp - - add %sp,LOCALS+$Rsqr,$bp - call __ecp_nistz256_sub_morf ! p256_sub(res_x, Rsqr, Hsqr); - add %sp,LOCALS+$res_x,$rp - - add %sp,LOCALS+$Hcub,$bp - call __ecp_nistz256_sub_from ! p256_sub(res_x, res_x, Hcub); - add %sp,LOCALS+$res_x,$rp - - add %sp,LOCALS+$U2,$bp - call __ecp_nistz256_sub_morf ! p256_sub(res_y, U2, res_x); - add %sp,LOCALS+$res_y,$rp - - add %sp,LOCALS+$Hcub,$bp - add %sp,LOCALS+$S1,$ap - call __ecp_nistz256_mul_mont ! p256_mul_mont(S2, S1, Hcub); - add %sp,LOCALS+$S2,$rp - - add %sp,LOCALS+$R,$bp - add %sp,LOCALS+$res_y,$ap - call __ecp_nistz256_mul_mont ! p256_mul_mont(res_y, res_y, R); - add %sp,LOCALS+$res_y,$rp - - add %sp,LOCALS+$S2,$bp - call __ecp_nistz256_sub_from ! p256_sub(res_y, res_y, S2); - add %sp,LOCALS+$res_y,$rp - - ld [%fp+STACK_BIAS-16],$t1 ! !in1infty - ld [%fp+STACK_BIAS-12],$t2 ! !in2infty - ldx [%fp+STACK_BIAS-8],$rp -___ -for($i=0;$i<96;$i+=8) { # conditional moves -$code.=<<___; - ld [%sp+LOCALS+$i],@acc[0] ! res - ld [%sp+LOCALS+$i+4],@acc[1] - ld [$bp_real+$i],@acc[2] ! in2 - ld [$bp_real+$i+4],@acc[3] - ld [$ap_real+$i],@acc[4] ! in1 - ld [$ap_real+$i+4],@acc[5] - movrz $t1,@acc[2],@acc[0] - movrz $t1,@acc[3],@acc[1] - movrz $t2,@acc[4],@acc[0] - movrz $t2,@acc[5],@acc[1] - st @acc[0],[$rp+$i] - st @acc[1],[$rp+$i+4] -___ -} -$code.=<<___; -.Ladd_done: - ret - restore -.type ecp_nistz256_point_add,#function -.size ecp_nistz256_point_add,.-ecp_nistz256_point_add -___ -} - -######################################################################## -# void ecp_nistz256_point_add_affine(P256_POINT *out,const P256_POINT *in1, -# const P256_POINT_AFFINE *in2); -{ -my ($res_x,$res_y,$res_z, - $U2,$S2,$H,$R,$Hsqr,$Hcub,$Rsqr)=map(32*$_,(0..9)); -my $Z1sqr = $S2; -# above map() describes stack layout with 10 temporary -# 256-bit vectors on top. Then we reserve some space for -# !in1infty, !in2infty, result of check for zero and return pointer. - -my @ONE_mont=(1,0,0,-1,-1,-1,-2,0); -my $bp_real=$rp_real; - -$code.=<<___; -.globl ecp_nistz256_point_add_affine -.align 32 -ecp_nistz256_point_add_affine: - SPARC_LOAD_ADDRESS_LEAF(OPENSSL_sparcv9cap_P,%g1,%g5) - ld [%g1],%g1 ! OPENSSL_sparcv9cap_P[0] - and %g1,(SPARCV9_VIS3|SPARCV9_64BIT_STACK),%g1 - cmp %g1,(SPARCV9_VIS3|SPARCV9_64BIT_STACK) - be ecp_nistz256_point_add_affine_vis3 - nop - - save %sp,-STACK_FRAME-32*10-32,%sp - - stx $rp,[%fp+STACK_BIAS-8] ! off-load $rp - mov $ap,$ap_real - mov $bp,$bp_real - - ld [$ap+64],$t0 ! in1_z - ld [$ap+64+4],$t1 - ld [$ap+64+8],$t2 - ld [$ap+64+12],$t3 - ld [$ap+64+16],$t4 - ld [$ap+64+20],$t5 - ld [$ap+64+24],$t6 - ld [$ap+64+28],$t7 - or $t1,$t0,$t0 - or $t3,$t2,$t2 - or $t5,$t4,$t4 - or $t7,$t6,$t6 - or $t2,$t0,$t0 - or $t6,$t4,$t4 - or $t4,$t0,$t0 ! !in1infty - movrnz $t0,-1,$t0 - st $t0,[%fp+STACK_BIAS-16] - - ld [$bp],@acc[0] ! in2_x - ld [$bp+4],@acc[1] - ld [$bp+8],@acc[2] - ld [$bp+12],@acc[3] - ld [$bp+16],@acc[4] - ld [$bp+20],@acc[5] - ld [$bp+24],@acc[6] - ld [$bp+28],@acc[7] - ld [$bp+32],$t0 ! in2_y - ld [$bp+32+4],$t1 - ld [$bp+32+8],$t2 - ld [$bp+32+12],$t3 - ld [$bp+32+16],$t4 - ld [$bp+32+20],$t5 - ld [$bp+32+24],$t6 - ld [$bp+32+28],$t7 - or @acc[1],@acc[0],@acc[0] - or @acc[3],@acc[2],@acc[2] - or @acc[5],@acc[4],@acc[4] - or @acc[7],@acc[6],@acc[6] - or @acc[2],@acc[0],@acc[0] - or @acc[6],@acc[4],@acc[4] - or @acc[4],@acc[0],@acc[0] - or $t1,$t0,$t0 - or $t3,$t2,$t2 - or $t5,$t4,$t4 - or $t7,$t6,$t6 - or $t2,$t0,$t0 - or $t6,$t4,$t4 - or $t4,$t0,$t0 - or @acc[0],$t0,$t0 ! !in2infty - movrnz $t0,-1,$t0 - st $t0,[%fp+STACK_BIAS-12] - - add $ap_real,64,$bp - add $ap_real,64,$ap - call __ecp_nistz256_mul_mont ! p256_sqr_mont(Z1sqr, in1_z); - add %sp,LOCALS+$Z1sqr,$rp - - add $bp_real,0,$bp - add %sp,LOCALS+$Z1sqr,$ap - call __ecp_nistz256_mul_mont ! p256_mul_mont(U2, Z1sqr, in2_x); - add %sp,LOCALS+$U2,$rp - - add $ap_real,0,$bp - call __ecp_nistz256_sub_from ! p256_sub(H, U2, in1_x); - add %sp,LOCALS+$H,$rp - - add $ap_real,64,$bp - add %sp,LOCALS+$Z1sqr,$ap - call __ecp_nistz256_mul_mont ! p256_mul_mont(S2, Z1sqr, in1_z); - add %sp,LOCALS+$S2,$rp - - add $ap_real,64,$bp - add %sp,LOCALS+$H,$ap - call __ecp_nistz256_mul_mont ! p256_mul_mont(res_z, H, in1_z); - add %sp,LOCALS+$res_z,$rp - - add $bp_real,32,$bp - add %sp,LOCALS+$S2,$ap - call __ecp_nistz256_mul_mont ! p256_mul_mont(S2, S2, in2_y); - add %sp,LOCALS+$S2,$rp - - add $ap_real,32,$bp - call __ecp_nistz256_sub_from ! p256_sub(R, S2, in1_y); - add %sp,LOCALS+$R,$rp - - add %sp,LOCALS+$H,$bp - add %sp,LOCALS+$H,$ap - call __ecp_nistz256_mul_mont ! p256_sqr_mont(Hsqr, H); - add %sp,LOCALS+$Hsqr,$rp - - add %sp,LOCALS+$R,$bp - add %sp,LOCALS+$R,$ap - call __ecp_nistz256_mul_mont ! p256_sqr_mont(Rsqr, R); - add %sp,LOCALS+$Rsqr,$rp - - add %sp,LOCALS+$H,$bp - add %sp,LOCALS+$Hsqr,$ap - call __ecp_nistz256_mul_mont ! p256_mul_mont(Hcub, Hsqr, H); - add %sp,LOCALS+$Hcub,$rp - - add $ap_real,0,$bp - add %sp,LOCALS+$Hsqr,$ap - call __ecp_nistz256_mul_mont ! p256_mul_mont(U2, in1_x, Hsqr); - add %sp,LOCALS+$U2,$rp - - call __ecp_nistz256_mul_by_2 ! p256_mul_by_2(Hsqr, U2); - add %sp,LOCALS+$Hsqr,$rp - - add %sp,LOCALS+$Rsqr,$bp - call __ecp_nistz256_sub_morf ! p256_sub(res_x, Rsqr, Hsqr); - add %sp,LOCALS+$res_x,$rp - - add %sp,LOCALS+$Hcub,$bp - call __ecp_nistz256_sub_from ! p256_sub(res_x, res_x, Hcub); - add %sp,LOCALS+$res_x,$rp - - add %sp,LOCALS+$U2,$bp - call __ecp_nistz256_sub_morf ! p256_sub(res_y, U2, res_x); - add %sp,LOCALS+$res_y,$rp - - add $ap_real,32,$bp - add %sp,LOCALS+$Hcub,$ap - call __ecp_nistz256_mul_mont ! p256_mul_mont(S2, in1_y, Hcub); - add %sp,LOCALS+$S2,$rp - - add %sp,LOCALS+$R,$bp - add %sp,LOCALS+$res_y,$ap - call __ecp_nistz256_mul_mont ! p256_mul_mont(res_y, res_y, R); - add %sp,LOCALS+$res_y,$rp - - add %sp,LOCALS+$S2,$bp - call __ecp_nistz256_sub_from ! p256_sub(res_y, res_y, S2); - add %sp,LOCALS+$res_y,$rp - - ld [%fp+STACK_BIAS-16],$t1 ! !in1infty - ld [%fp+STACK_BIAS-12],$t2 ! !in2infty - ldx [%fp+STACK_BIAS-8],$rp -___ -for($i=0;$i<64;$i+=8) { # conditional moves -$code.=<<___; - ld [%sp+LOCALS+$i],@acc[0] ! res - ld [%sp+LOCALS+$i+4],@acc[1] - ld [$bp_real+$i],@acc[2] ! in2 - ld [$bp_real+$i+4],@acc[3] - ld [$ap_real+$i],@acc[4] ! in1 - ld [$ap_real+$i+4],@acc[5] - movrz $t1,@acc[2],@acc[0] - movrz $t1,@acc[3],@acc[1] - movrz $t2,@acc[4],@acc[0] - movrz $t2,@acc[5],@acc[1] - st @acc[0],[$rp+$i] - st @acc[1],[$rp+$i+4] -___ -} -for(;$i<96;$i+=8) { -my $j=($i-64)/4; -$code.=<<___; - ld [%sp+LOCALS+$i],@acc[0] ! res - ld [%sp+LOCALS+$i+4],@acc[1] - ld [$ap_real+$i],@acc[4] ! in1 - ld [$ap_real+$i+4],@acc[5] - movrz $t1,@ONE_mont[$j],@acc[0] - movrz $t1,@ONE_mont[$j+1],@acc[1] - movrz $t2,@acc[4],@acc[0] - movrz $t2,@acc[5],@acc[1] - st @acc[0],[$rp+$i] - st @acc[1],[$rp+$i+4] -___ -} -$code.=<<___; - ret - restore -.type ecp_nistz256_point_add_affine,#function -.size ecp_nistz256_point_add_affine,.-ecp_nistz256_point_add_affine -___ -} }}} -{{{ -my ($out,$inp,$index)=map("%i$_",(0..2)); -my $mask="%o0"; - -$code.=<<___; -! void ecp_nistz256_scatter_w5(void *%i0,const P256_POINT *%i1, -! int %i2); -.globl ecp_nistz256_scatter_w5 -.align 32 -ecp_nistz256_scatter_w5: - save %sp,-STACK_FRAME,%sp - - sll $index,2,$index - add $out,$index,$out - - ld [$inp],%l0 ! X - ld [$inp+4],%l1 - ld [$inp+8],%l2 - ld [$inp+12],%l3 - ld [$inp+16],%l4 - ld [$inp+20],%l5 - ld [$inp+24],%l6 - ld [$inp+28],%l7 - add $inp,32,$inp - st %l0,[$out+64*0-4] - st %l1,[$out+64*1-4] - st %l2,[$out+64*2-4] - st %l3,[$out+64*3-4] - st %l4,[$out+64*4-4] - st %l5,[$out+64*5-4] - st %l6,[$out+64*6-4] - st %l7,[$out+64*7-4] - add $out,64*8,$out - - ld [$inp],%l0 ! Y - ld [$inp+4],%l1 - ld [$inp+8],%l2 - ld [$inp+12],%l3 - ld [$inp+16],%l4 - ld [$inp+20],%l5 - ld [$inp+24],%l6 - ld [$inp+28],%l7 - add $inp,32,$inp - st %l0,[$out+64*0-4] - st %l1,[$out+64*1-4] - st %l2,[$out+64*2-4] - st %l3,[$out+64*3-4] - st %l4,[$out+64*4-4] - st %l5,[$out+64*5-4] - st %l6,[$out+64*6-4] - st %l7,[$out+64*7-4] - add $out,64*8,$out - - ld [$inp],%l0 ! Z - ld [$inp+4],%l1 - ld [$inp+8],%l2 - ld [$inp+12],%l3 - ld [$inp+16],%l4 - ld [$inp+20],%l5 - ld [$inp+24],%l6 - ld [$inp+28],%l7 - st %l0,[$out+64*0-4] - st %l1,[$out+64*1-4] - st %l2,[$out+64*2-4] - st %l3,[$out+64*3-4] - st %l4,[$out+64*4-4] - st %l5,[$out+64*5-4] - st %l6,[$out+64*6-4] - st %l7,[$out+64*7-4] - - ret - restore -.type ecp_nistz256_scatter_w5,#function -.size ecp_nistz256_scatter_w5,.-ecp_nistz256_scatter_w5 - -! void ecp_nistz256_gather_w5(P256_POINT *%i0,const void *%i1, -! int %i2); -.globl ecp_nistz256_gather_w5 -.align 32 -ecp_nistz256_gather_w5: - save %sp,-STACK_FRAME,%sp - - neg $index,$mask - srax $mask,63,$mask - - add $index,$mask,$index - sll $index,2,$index - add $inp,$index,$inp - - ld [$inp+64*0],%l0 - ld [$inp+64*1],%l1 - ld [$inp+64*2],%l2 - ld [$inp+64*3],%l3 - ld [$inp+64*4],%l4 - ld [$inp+64*5],%l5 - ld [$inp+64*6],%l6 - ld [$inp+64*7],%l7 - add $inp,64*8,$inp - and %l0,$mask,%l0 - and %l1,$mask,%l1 - st %l0,[$out] ! X - and %l2,$mask,%l2 - st %l1,[$out+4] - and %l3,$mask,%l3 - st %l2,[$out+8] - and %l4,$mask,%l4 - st %l3,[$out+12] - and %l5,$mask,%l5 - st %l4,[$out+16] - and %l6,$mask,%l6 - st %l5,[$out+20] - and %l7,$mask,%l7 - st %l6,[$out+24] - st %l7,[$out+28] - add $out,32,$out - - ld [$inp+64*0],%l0 - ld [$inp+64*1],%l1 - ld [$inp+64*2],%l2 - ld [$inp+64*3],%l3 - ld [$inp+64*4],%l4 - ld [$inp+64*5],%l5 - ld [$inp+64*6],%l6 - ld [$inp+64*7],%l7 - add $inp,64*8,$inp - and %l0,$mask,%l0 - and %l1,$mask,%l1 - st %l0,[$out] ! Y - and %l2,$mask,%l2 - st %l1,[$out+4] - and %l3,$mask,%l3 - st %l2,[$out+8] - and %l4,$mask,%l4 - st %l3,[$out+12] - and %l5,$mask,%l5 - st %l4,[$out+16] - and %l6,$mask,%l6 - st %l5,[$out+20] - and %l7,$mask,%l7 - st %l6,[$out+24] - st %l7,[$out+28] - add $out,32,$out - - ld [$inp+64*0],%l0 - ld [$inp+64*1],%l1 - ld [$inp+64*2],%l2 - ld [$inp+64*3],%l3 - ld [$inp+64*4],%l4 - ld [$inp+64*5],%l5 - ld [$inp+64*6],%l6 - ld [$inp+64*7],%l7 - and %l0,$mask,%l0 - and %l1,$mask,%l1 - st %l0,[$out] ! Z - and %l2,$mask,%l2 - st %l1,[$out+4] - and %l3,$mask,%l3 - st %l2,[$out+8] - and %l4,$mask,%l4 - st %l3,[$out+12] - and %l5,$mask,%l5 - st %l4,[$out+16] - and %l6,$mask,%l6 - st %l5,[$out+20] - and %l7,$mask,%l7 - st %l6,[$out+24] - st %l7,[$out+28] - - ret - restore -.type ecp_nistz256_gather_w5,#function -.size ecp_nistz256_gather_w5,.-ecp_nistz256_gather_w5 - -! void ecp_nistz256_scatter_w7(void *%i0,const P256_POINT_AFFINE *%i1, -! int %i2); -.globl ecp_nistz256_scatter_w7 -.align 32 -ecp_nistz256_scatter_w7: - save %sp,-STACK_FRAME,%sp - nop - add $out,$index,$out - mov 64/4,$index -.Loop_scatter_w7: - ld [$inp],%l0 - add $inp,4,$inp - subcc $index,1,$index - stb %l0,[$out+64*0] - srl %l0,8,%l1 - stb %l1,[$out+64*1] - srl %l0,16,%l2 - stb %l2,[$out+64*2] - srl %l0,24,%l3 - stb %l3,[$out+64*3] - bne .Loop_scatter_w7 - add $out,64*4,$out - - ret - restore -.type ecp_nistz256_scatter_w7,#function -.size ecp_nistz256_scatter_w7,.-ecp_nistz256_scatter_w7 - -! void ecp_nistz256_gather_w7(P256_POINT_AFFINE *%i0,const void *%i1, -! int %i2); -.globl ecp_nistz256_gather_w7 -.align 32 -ecp_nistz256_gather_w7: - save %sp,-STACK_FRAME,%sp - - neg $index,$mask - srax $mask,63,$mask - - add $index,$mask,$index - add $inp,$index,$inp - mov 64/4,$index - -.Loop_gather_w7: - ldub [$inp+64*0],%l0 - prefetch [$inp+3840+64*0],1 - subcc $index,1,$index - ldub [$inp+64*1],%l1 - prefetch [$inp+3840+64*1],1 - ldub [$inp+64*2],%l2 - prefetch [$inp+3840+64*2],1 - ldub [$inp+64*3],%l3 - prefetch [$inp+3840+64*3],1 - add $inp,64*4,$inp - sll %l1,8,%l1 - sll %l2,16,%l2 - or %l0,%l1,%l0 - sll %l3,24,%l3 - or %l0,%l2,%l0 - or %l0,%l3,%l0 - and %l0,$mask,%l0 - st %l0,[$out] - bne .Loop_gather_w7 - add $out,4,$out - - ret - restore -.type ecp_nistz256_gather_w7,#function -.size ecp_nistz256_gather_w7,.-ecp_nistz256_gather_w7 -___ -}}} -{{{ -######################################################################## -# Following subroutines are VIS3 counterparts of those above that -# implement ones found in ecp_nistz256.c. Key difference is that they -# use 128-bit multiplication and addition with 64-bit carry, and in order -# to do that they perform conversion from uin32_t[8] to uint64_t[4] upon -# entry and vice versa on return. -# -my ($rp,$ap,$bp)=map("%i$_",(0..2)); -my ($t0,$t1,$t2,$t3,$a0,$a1,$a2,$a3)=map("%l$_",(0..7)); -my ($acc0,$acc1,$acc2,$acc3,$acc4,$acc5)=map("%o$_",(0..5)); -my ($bi,$poly1,$poly3,$minus1)=(map("%i$_",(3..5)),"%g1"); -my ($rp_real,$ap_real)=("%g2","%g3"); -my ($acc6,$acc7)=($bp,$bi); # used in squaring - -$code.=<<___; -.align 32 -__ecp_nistz256_mul_by_2_vis3: - addcc $acc0,$acc0,$acc0 - addxccc $acc1,$acc1,$acc1 - addxccc $acc2,$acc2,$acc2 - addxccc $acc3,$acc3,$acc3 - b .Lreduce_by_sub_vis3 - addxc %g0,%g0,$acc4 ! did it carry? -.type __ecp_nistz256_mul_by_2_vis3,#function -.size __ecp_nistz256_mul_by_2_vis3,.-__ecp_nistz256_mul_by_2_vis3 - -.align 32 -__ecp_nistz256_add_vis3: - ldx [$bp+0],$t0 - ldx [$bp+8],$t1 - ldx [$bp+16],$t2 - ldx [$bp+24],$t3 - -__ecp_nistz256_add_noload_vis3: - - addcc $t0,$acc0,$acc0 - addxccc $t1,$acc1,$acc1 - addxccc $t2,$acc2,$acc2 - addxccc $t3,$acc3,$acc3 - addxc %g0,%g0,$acc4 ! did it carry? - -.Lreduce_by_sub_vis3: - - addcc $acc0,1,$t0 ! add -modulus, i.e. subtract - addxccc $acc1,$poly1,$t1 - addxccc $acc2,$minus1,$t2 - addxccc $acc3,$poly3,$t3 - addxc $acc4,$minus1,$acc4 - - movrz $acc4,$t0,$acc0 ! ret = borrow ? ret : ret-modulus - movrz $acc4,$t1,$acc1 - stx $acc0,[$rp] - movrz $acc4,$t2,$acc2 - stx $acc1,[$rp+8] - movrz $acc4,$t3,$acc3 - stx $acc2,[$rp+16] - retl - stx $acc3,[$rp+24] -.type __ecp_nistz256_add_vis3,#function -.size __ecp_nistz256_add_vis3,.-__ecp_nistz256_add_vis3 - -! Trouble with subtraction is that there is no subtraction with 64-bit -! borrow, only with 32-bit one. For this reason we "decompose" 64-bit -! $acc0-$acc3 to 32-bit values and pick b[4] in 32-bit pieces. But -! recall that SPARC is big-endian, which is why you'll observe that -! b[4] is accessed as 4-0-12-8-20-16-28-24. And prior reduction we -! "collect" result back to 64-bit $acc0-$acc3. -.align 32 -__ecp_nistz256_sub_from_vis3: - ld [$bp+4],$t0 - ld [$bp+0],$t1 - ld [$bp+12],$t2 - ld [$bp+8],$t3 - - srlx $acc0,32,$acc4 - not $poly1,$poly1 - srlx $acc1,32,$acc5 - subcc $acc0,$t0,$acc0 - ld [$bp+20],$t0 - subccc $acc4,$t1,$acc4 - ld [$bp+16],$t1 - subccc $acc1,$t2,$acc1 - ld [$bp+28],$t2 - and $acc0,$poly1,$acc0 - subccc $acc5,$t3,$acc5 - ld [$bp+24],$t3 - sllx $acc4,32,$acc4 - and $acc1,$poly1,$acc1 - sllx $acc5,32,$acc5 - or $acc0,$acc4,$acc0 - srlx $acc2,32,$acc4 - or $acc1,$acc5,$acc1 - srlx $acc3,32,$acc5 - subccc $acc2,$t0,$acc2 - subccc $acc4,$t1,$acc4 - subccc $acc3,$t2,$acc3 - and $acc2,$poly1,$acc2 - subccc $acc5,$t3,$acc5 - sllx $acc4,32,$acc4 - and $acc3,$poly1,$acc3 - sllx $acc5,32,$acc5 - or $acc2,$acc4,$acc2 - subc %g0,%g0,$acc4 ! did it borrow? - b .Lreduce_by_add_vis3 - or $acc3,$acc5,$acc3 -.type __ecp_nistz256_sub_from_vis3,#function -.size __ecp_nistz256_sub_from_vis3,.-__ecp_nistz256_sub_from_vis3 - -.align 32 -__ecp_nistz256_sub_morf_vis3: - ld [$bp+4],$t0 - ld [$bp+0],$t1 - ld [$bp+12],$t2 - ld [$bp+8],$t3 - - srlx $acc0,32,$acc4 - not $poly1,$poly1 - srlx $acc1,32,$acc5 - subcc $t0,$acc0,$acc0 - ld [$bp+20],$t0 - subccc $t1,$acc4,$acc4 - ld [$bp+16],$t1 - subccc $t2,$acc1,$acc1 - ld [$bp+28],$t2 - and $acc0,$poly1,$acc0 - subccc $t3,$acc5,$acc5 - ld [$bp+24],$t3 - sllx $acc4,32,$acc4 - and $acc1,$poly1,$acc1 - sllx $acc5,32,$acc5 - or $acc0,$acc4,$acc0 - srlx $acc2,32,$acc4 - or $acc1,$acc5,$acc1 - srlx $acc3,32,$acc5 - subccc $t0,$acc2,$acc2 - subccc $t1,$acc4,$acc4 - subccc $t2,$acc3,$acc3 - and $acc2,$poly1,$acc2 - subccc $t3,$acc5,$acc5 - sllx $acc4,32,$acc4 - and $acc3,$poly1,$acc3 - sllx $acc5,32,$acc5 - or $acc2,$acc4,$acc2 - subc %g0,%g0,$acc4 ! did it borrow? - or $acc3,$acc5,$acc3 - -.Lreduce_by_add_vis3: - - addcc $acc0,-1,$t0 ! add modulus - not $poly3,$t3 - addxccc $acc1,$poly1,$t1 - not $poly1,$poly1 ! restore $poly1 - addxccc $acc2,%g0,$t2 - addxc $acc3,$t3,$t3 - - movrnz $acc4,$t0,$acc0 ! if a-b borrowed, ret = ret+mod - movrnz $acc4,$t1,$acc1 - stx $acc0,[$rp] - movrnz $acc4,$t2,$acc2 - stx $acc1,[$rp+8] - movrnz $acc4,$t3,$acc3 - stx $acc2,[$rp+16] - retl - stx $acc3,[$rp+24] -.type __ecp_nistz256_sub_morf_vis3,#function -.size __ecp_nistz256_sub_morf_vis3,.-__ecp_nistz256_sub_morf_vis3 - -.align 32 -__ecp_nistz256_div_by_2_vis3: - ! ret = (a is odd ? a+mod : a) >> 1 - - not $poly1,$t1 - not $poly3,$t3 - and $acc0,1,$acc5 - addcc $acc0,-1,$t0 ! add modulus - addxccc $acc1,$t1,$t1 - addxccc $acc2,%g0,$t2 - addxccc $acc3,$t3,$t3 - addxc %g0,%g0,$acc4 ! carry bit - - movrnz $acc5,$t0,$acc0 - movrnz $acc5,$t1,$acc1 - movrnz $acc5,$t2,$acc2 - movrnz $acc5,$t3,$acc3 - movrz $acc5,%g0,$acc4 - - ! ret >>= 1 - - srlx $acc0,1,$acc0 - sllx $acc1,63,$t0 - srlx $acc1,1,$acc1 - or $acc0,$t0,$acc0 - sllx $acc2,63,$t1 - srlx $acc2,1,$acc2 - or $acc1,$t1,$acc1 - sllx $acc3,63,$t2 - stx $acc0,[$rp] - srlx $acc3,1,$acc3 - or $acc2,$t2,$acc2 - sllx $acc4,63,$t3 ! don't forget carry bit - stx $acc1,[$rp+8] - or $acc3,$t3,$acc3 - stx $acc2,[$rp+16] - retl - stx $acc3,[$rp+24] -.type __ecp_nistz256_div_by_2_vis3,#function -.size __ecp_nistz256_div_by_2_vis3,.-__ecp_nistz256_div_by_2_vis3 - -! compared to __ecp_nistz256_mul_mont it's almost 4x smaller and -! 4x faster [on T4]... -.align 32 -__ecp_nistz256_mul_mont_vis3: - mulx $a0,$bi,$acc0 - not $poly3,$poly3 ! 0xFFFFFFFF00000001 - umulxhi $a0,$bi,$t0 - mulx $a1,$bi,$acc1 - umulxhi $a1,$bi,$t1 - mulx $a2,$bi,$acc2 - umulxhi $a2,$bi,$t2 - mulx $a3,$bi,$acc3 - umulxhi $a3,$bi,$t3 - ldx [$bp+8],$bi ! b[1] - - addcc $acc1,$t0,$acc1 ! accumulate high parts of multiplication - sllx $acc0,32,$t0 - addxccc $acc2,$t1,$acc2 - srlx $acc0,32,$t1 - addxccc $acc3,$t2,$acc3 - addxc %g0,$t3,$acc4 - mov 0,$acc5 -___ -for($i=1;$i<4;$i++) { - # Reduction iteration is normally performed by accumulating - # result of multiplication of modulus by "magic" digit [and - # omitting least significant word, which is guaranteed to - # be 0], but thanks to special form of modulus and "magic" - # digit being equal to least significant word, it can be - # performed with additions and subtractions alone. Indeed: - # - # ffff0001.00000000.0000ffff.ffffffff - # * abcdefgh - # + xxxxxxxx.xxxxxxxx.xxxxxxxx.xxxxxxxx.abcdefgh - # - # Now observing that ff..ff*x = (2^n-1)*x = 2^n*x-x, we - # rewrite above as: - # - # xxxxxxxx.xxxxxxxx.xxxxxxxx.xxxxxxxx.abcdefgh - # + abcdefgh.abcdefgh.0000abcd.efgh0000.00000000 - # - 0000abcd.efgh0000.00000000.00000000.abcdefgh - # - # or marking redundant operations: - # - # xxxxxxxx.xxxxxxxx.xxxxxxxx.xxxxxxxx.-------- - # + abcdefgh.abcdefgh.0000abcd.efgh0000.-------- - # - 0000abcd.efgh0000.--------.--------.-------- - # ^^^^^^^^ but this word is calculated with umulxhi, because - # there is no subtract with 64-bit borrow:-( - -$code.=<<___; - sub $acc0,$t0,$t2 ! acc0*0xFFFFFFFF00000001, low part - umulxhi $acc0,$poly3,$t3 ! acc0*0xFFFFFFFF00000001, high part - addcc $acc1,$t0,$acc0 ! +=acc[0]<<96 and omit acc[0] - mulx $a0,$bi,$t0 - addxccc $acc2,$t1,$acc1 - mulx $a1,$bi,$t1 - addxccc $acc3,$t2,$acc2 ! +=acc[0]*0xFFFFFFFF00000001 - mulx $a2,$bi,$t2 - addxccc $acc4,$t3,$acc3 - mulx $a3,$bi,$t3 - addxc $acc5,%g0,$acc4 - - addcc $acc0,$t0,$acc0 ! accumulate low parts of multiplication - umulxhi $a0,$bi,$t0 - addxccc $acc1,$t1,$acc1 - umulxhi $a1,$bi,$t1 - addxccc $acc2,$t2,$acc2 - umulxhi $a2,$bi,$t2 - addxccc $acc3,$t3,$acc3 - umulxhi $a3,$bi,$t3 - addxc $acc4,%g0,$acc4 -___ -$code.=<<___ if ($i<3); - ldx [$bp+8*($i+1)],$bi ! bp[$i+1] -___ -$code.=<<___; - addcc $acc1,$t0,$acc1 ! accumulate high parts of multiplication - sllx $acc0,32,$t0 - addxccc $acc2,$t1,$acc2 - srlx $acc0,32,$t1 - addxccc $acc3,$t2,$acc3 - addxccc $acc4,$t3,$acc4 - addxc %g0,%g0,$acc5 -___ -} -$code.=<<___; - sub $acc0,$t0,$t2 ! acc0*0xFFFFFFFF00000001, low part - umulxhi $acc0,$poly3,$t3 ! acc0*0xFFFFFFFF00000001, high part - addcc $acc1,$t0,$acc0 ! +=acc[0]<<96 and omit acc[0] - addxccc $acc2,$t1,$acc1 - addxccc $acc3,$t2,$acc2 ! +=acc[0]*0xFFFFFFFF00000001 - addxccc $acc4,$t3,$acc3 - b .Lmul_final_vis3 ! see below - addxc $acc5,%g0,$acc4 -.type __ecp_nistz256_mul_mont_vis3,#function -.size __ecp_nistz256_mul_mont_vis3,.-__ecp_nistz256_mul_mont_vis3 - -! compared to above __ecp_nistz256_mul_mont_vis3 it's 21% less -! instructions, but only 14% faster [on T4]... -.align 32 -__ecp_nistz256_sqr_mont_vis3: - ! | | | | | |a1*a0| | - ! | | | | |a2*a0| | | - ! | |a3*a2|a3*a0| | | | - ! | | | |a2*a1| | | | - ! | | |a3*a1| | | | | - ! *| | | | | | | | 2| - ! +|a3*a3|a2*a2|a1*a1|a0*a0| - ! |--+--+--+--+--+--+--+--| - ! |A7|A6|A5|A4|A3|A2|A1|A0|, where Ax is $accx, i.e. follow $accx - ! - ! "can't overflow" below mark carrying into high part of - ! multiplication result, which can't overflow, because it - ! can never be all ones. - - mulx $a1,$a0,$acc1 ! a[1]*a[0] - umulxhi $a1,$a0,$t1 - mulx $a2,$a0,$acc2 ! a[2]*a[0] - umulxhi $a2,$a0,$t2 - mulx $a3,$a0,$acc3 ! a[3]*a[0] - umulxhi $a3,$a0,$acc4 - - addcc $acc2,$t1,$acc2 ! accumulate high parts of multiplication - mulx $a2,$a1,$t0 ! a[2]*a[1] - umulxhi $a2,$a1,$t1 - addxccc $acc3,$t2,$acc3 - mulx $a3,$a1,$t2 ! a[3]*a[1] - umulxhi $a3,$a1,$t3 - addxc $acc4,%g0,$acc4 ! can't overflow - - mulx $a3,$a2,$acc5 ! a[3]*a[2] - not $poly3,$poly3 ! 0xFFFFFFFF00000001 - umulxhi $a3,$a2,$acc6 - - addcc $t2,$t1,$t1 ! accumulate high parts of multiplication - mulx $a0,$a0,$acc0 ! a[0]*a[0] - addxc $t3,%g0,$t2 ! can't overflow - - addcc $acc3,$t0,$acc3 ! accumulate low parts of multiplication - umulxhi $a0,$a0,$a0 - addxccc $acc4,$t1,$acc4 - mulx $a1,$a1,$t1 ! a[1]*a[1] - addxccc $acc5,$t2,$acc5 - umulxhi $a1,$a1,$a1 - addxc $acc6,%g0,$acc6 ! can't overflow - - addcc $acc1,$acc1,$acc1 ! acc[1-6]*=2 - mulx $a2,$a2,$t2 ! a[2]*a[2] - addxccc $acc2,$acc2,$acc2 - umulxhi $a2,$a2,$a2 - addxccc $acc3,$acc3,$acc3 - mulx $a3,$a3,$t3 ! a[3]*a[3] - addxccc $acc4,$acc4,$acc4 - umulxhi $a3,$a3,$a3 - addxccc $acc5,$acc5,$acc5 - addxccc $acc6,$acc6,$acc6 - addxc %g0,%g0,$acc7 - - addcc $acc1,$a0,$acc1 ! +a[i]*a[i] - addxccc $acc2,$t1,$acc2 - addxccc $acc3,$a1,$acc3 - addxccc $acc4,$t2,$acc4 - sllx $acc0,32,$t0 - addxccc $acc5,$a2,$acc5 - srlx $acc0,32,$t1 - addxccc $acc6,$t3,$acc6 - sub $acc0,$t0,$t2 ! acc0*0xFFFFFFFF00000001, low part - addxc $acc7,$a3,$acc7 -___ -for($i=0;$i<3;$i++) { # reductions, see commentary - # in multiplication for details -$code.=<<___; - umulxhi $acc0,$poly3,$t3 ! acc0*0xFFFFFFFF00000001, high part - addcc $acc1,$t0,$acc0 ! +=acc[0]<<96 and omit acc[0] - sllx $acc0,32,$t0 - addxccc $acc2,$t1,$acc1 - srlx $acc0,32,$t1 - addxccc $acc3,$t2,$acc2 ! +=acc[0]*0xFFFFFFFF00000001 - sub $acc0,$t0,$t2 ! acc0*0xFFFFFFFF00000001, low part - addxc %g0,$t3,$acc3 ! can't overflow -___ -} -$code.=<<___; - umulxhi $acc0,$poly3,$t3 ! acc0*0xFFFFFFFF00000001, high part - addcc $acc1,$t0,$acc0 ! +=acc[0]<<96 and omit acc[0] - addxccc $acc2,$t1,$acc1 - addxccc $acc3,$t2,$acc2 ! +=acc[0]*0xFFFFFFFF00000001 - addxc %g0,$t3,$acc3 ! can't overflow - - addcc $acc0,$acc4,$acc0 ! accumulate upper half - addxccc $acc1,$acc5,$acc1 - addxccc $acc2,$acc6,$acc2 - addxccc $acc3,$acc7,$acc3 - addxc %g0,%g0,$acc4 - -.Lmul_final_vis3: - - ! Final step is "if result > mod, subtract mod", but as comparison - ! means subtraction, we do the subtraction and then copy outcome - ! if it didn't borrow. But note that as we [have to] replace - ! subtraction with addition with negative, carry/borrow logic is - ! inverse. - - addcc $acc0,1,$t0 ! add -modulus, i.e. subtract - not $poly3,$poly3 ! restore 0x00000000FFFFFFFE - addxccc $acc1,$poly1,$t1 - addxccc $acc2,$minus1,$t2 - addxccc $acc3,$poly3,$t3 - addxccc $acc4,$minus1,%g0 ! did it carry? - - movcs %xcc,$t0,$acc0 - movcs %xcc,$t1,$acc1 - stx $acc0,[$rp] - movcs %xcc,$t2,$acc2 - stx $acc1,[$rp+8] - movcs %xcc,$t3,$acc3 - stx $acc2,[$rp+16] - retl - stx $acc3,[$rp+24] -.type __ecp_nistz256_sqr_mont_vis3,#function -.size __ecp_nistz256_sqr_mont_vis3,.-__ecp_nistz256_sqr_mont_vis3 -___ - -######################################################################## -# void ecp_nistz256_point_double(P256_POINT *out,const P256_POINT *inp); -# -{ -my ($res_x,$res_y,$res_z, - $in_x,$in_y,$in_z, - $S,$M,$Zsqr,$tmp0)=map(32*$_,(0..9)); -# above map() describes stack layout with 10 temporary -# 256-bit vectors on top. - -$code.=<<___; -.align 32 -ecp_nistz256_point_double_vis3: - save %sp,-STACK64_FRAME-32*10,%sp - - mov $rp,$rp_real -.Ldouble_shortcut_vis3: - mov -1,$minus1 - mov -2,$poly3 - sllx $minus1,32,$poly1 ! 0xFFFFFFFF00000000 - srl $poly3,0,$poly3 ! 0x00000000FFFFFFFE - - ! convert input to uint64_t[4] - ld [$ap],$a0 ! in_x - ld [$ap+4],$t0 - ld [$ap+8],$a1 - ld [$ap+12],$t1 - ld [$ap+16],$a2 - ld [$ap+20],$t2 - ld [$ap+24],$a3 - ld [$ap+28],$t3 - sllx $t0,32,$t0 - sllx $t1,32,$t1 - ld [$ap+32],$acc0 ! in_y - or $a0,$t0,$a0 - ld [$ap+32+4],$t0 - sllx $t2,32,$t2 - ld [$ap+32+8],$acc1 - or $a1,$t1,$a1 - ld [$ap+32+12],$t1 - sllx $t3,32,$t3 - ld [$ap+32+16],$acc2 - or $a2,$t2,$a2 - ld [$ap+32+20],$t2 - or $a3,$t3,$a3 - ld [$ap+32+24],$acc3 - sllx $t0,32,$t0 - ld [$ap+32+28],$t3 - sllx $t1,32,$t1 - stx $a0,[%sp+LOCALS64+$in_x] - sllx $t2,32,$t2 - stx $a1,[%sp+LOCALS64+$in_x+8] - sllx $t3,32,$t3 - stx $a2,[%sp+LOCALS64+$in_x+16] - or $acc0,$t0,$acc0 - stx $a3,[%sp+LOCALS64+$in_x+24] - or $acc1,$t1,$acc1 - stx $acc0,[%sp+LOCALS64+$in_y] - or $acc2,$t2,$acc2 - stx $acc1,[%sp+LOCALS64+$in_y+8] - or $acc3,$t3,$acc3 - stx $acc2,[%sp+LOCALS64+$in_y+16] - stx $acc3,[%sp+LOCALS64+$in_y+24] - - ld [$ap+64],$a0 ! in_z - ld [$ap+64+4],$t0 - ld [$ap+64+8],$a1 - ld [$ap+64+12],$t1 - ld [$ap+64+16],$a2 - ld [$ap+64+20],$t2 - ld [$ap+64+24],$a3 - ld [$ap+64+28],$t3 - sllx $t0,32,$t0 - sllx $t1,32,$t1 - or $a0,$t0,$a0 - sllx $t2,32,$t2 - or $a1,$t1,$a1 - sllx $t3,32,$t3 - or $a2,$t2,$a2 - or $a3,$t3,$a3 - sllx $t0,32,$t0 - sllx $t1,32,$t1 - stx $a0,[%sp+LOCALS64+$in_z] - sllx $t2,32,$t2 - stx $a1,[%sp+LOCALS64+$in_z+8] - sllx $t3,32,$t3 - stx $a2,[%sp+LOCALS64+$in_z+16] - stx $a3,[%sp+LOCALS64+$in_z+24] - - ! in_y is still in $acc0-$acc3 - call __ecp_nistz256_mul_by_2_vis3 ! p256_mul_by_2(S, in_y); - add %sp,LOCALS64+$S,$rp - - ! in_z is still in $a0-$a3 - call __ecp_nistz256_sqr_mont_vis3 ! p256_sqr_mont(Zsqr, in_z); - add %sp,LOCALS64+$Zsqr,$rp - - mov $acc0,$a0 ! put Zsqr aside - mov $acc1,$a1 - mov $acc2,$a2 - mov $acc3,$a3 - - add %sp,LOCALS64+$in_x,$bp - call __ecp_nistz256_add_vis3 ! p256_add(M, Zsqr, in_x); - add %sp,LOCALS64+$M,$rp - - mov $a0,$acc0 ! restore Zsqr - ldx [%sp+LOCALS64+$S],$a0 ! forward load - mov $a1,$acc1 - ldx [%sp+LOCALS64+$S+8],$a1 - mov $a2,$acc2 - ldx [%sp+LOCALS64+$S+16],$a2 - mov $a3,$acc3 - ldx [%sp+LOCALS64+$S+24],$a3 - - add %sp,LOCALS64+$in_x,$bp - call __ecp_nistz256_sub_morf_vis3 ! p256_sub(Zsqr, in_x, Zsqr); - add %sp,LOCALS64+$Zsqr,$rp - - call __ecp_nistz256_sqr_mont_vis3 ! p256_sqr_mont(S, S); - add %sp,LOCALS64+$S,$rp - - ldx [%sp+LOCALS64+$in_z],$bi - ldx [%sp+LOCALS64+$in_y],$a0 - ldx [%sp+LOCALS64+$in_y+8],$a1 - ldx [%sp+LOCALS64+$in_y+16],$a2 - ldx [%sp+LOCALS64+$in_y+24],$a3 - add %sp,LOCALS64+$in_z,$bp - call __ecp_nistz256_mul_mont_vis3 ! p256_mul_mont(tmp0, in_z, in_y); - add %sp,LOCALS64+$tmp0,$rp - - ldx [%sp+LOCALS64+$M],$bi ! forward load - ldx [%sp+LOCALS64+$Zsqr],$a0 - ldx [%sp+LOCALS64+$Zsqr+8],$a1 - ldx [%sp+LOCALS64+$Zsqr+16],$a2 - ldx [%sp+LOCALS64+$Zsqr+24],$a3 - - call __ecp_nistz256_mul_by_2_vis3 ! p256_mul_by_2(res_z, tmp0); - add %sp,LOCALS64+$res_z,$rp - - add %sp,LOCALS64+$M,$bp - call __ecp_nistz256_mul_mont_vis3 ! p256_mul_mont(M, M, Zsqr); - add %sp,LOCALS64+$M,$rp - - mov $acc0,$a0 ! put aside M - mov $acc1,$a1 - mov $acc2,$a2 - mov $acc3,$a3 - call __ecp_nistz256_mul_by_2_vis3 - add %sp,LOCALS64+$M,$rp - mov $a0,$t0 ! copy M - ldx [%sp+LOCALS64+$S],$a0 ! forward load - mov $a1,$t1 - ldx [%sp+LOCALS64+$S+8],$a1 - mov $a2,$t2 - ldx [%sp+LOCALS64+$S+16],$a2 - mov $a3,$t3 - ldx [%sp+LOCALS64+$S+24],$a3 - call __ecp_nistz256_add_noload_vis3 ! p256_mul_by_3(M, M); - add %sp,LOCALS64+$M,$rp - - call __ecp_nistz256_sqr_mont_vis3 ! p256_sqr_mont(tmp0, S); - add %sp,LOCALS64+$tmp0,$rp - - ldx [%sp+LOCALS64+$S],$bi ! forward load - ldx [%sp+LOCALS64+$in_x],$a0 - ldx [%sp+LOCALS64+$in_x+8],$a1 - ldx [%sp+LOCALS64+$in_x+16],$a2 - ldx [%sp+LOCALS64+$in_x+24],$a3 - - call __ecp_nistz256_div_by_2_vis3 ! p256_div_by_2(res_y, tmp0); - add %sp,LOCALS64+$res_y,$rp - - add %sp,LOCALS64+$S,$bp - call __ecp_nistz256_mul_mont_vis3 ! p256_mul_mont(S, S, in_x); - add %sp,LOCALS64+$S,$rp - - ldx [%sp+LOCALS64+$M],$a0 ! forward load - ldx [%sp+LOCALS64+$M+8],$a1 - ldx [%sp+LOCALS64+$M+16],$a2 - ldx [%sp+LOCALS64+$M+24],$a3 - - call __ecp_nistz256_mul_by_2_vis3 ! p256_mul_by_2(tmp0, S); - add %sp,LOCALS64+$tmp0,$rp - - call __ecp_nistz256_sqr_mont_vis3 ! p256_sqr_mont(res_x, M); - add %sp,LOCALS64+$res_x,$rp - - add %sp,LOCALS64+$tmp0,$bp - call __ecp_nistz256_sub_from_vis3 ! p256_sub(res_x, res_x, tmp0); - add %sp,LOCALS64+$res_x,$rp - - ldx [%sp+LOCALS64+$M],$a0 ! forward load - ldx [%sp+LOCALS64+$M+8],$a1 - ldx [%sp+LOCALS64+$M+16],$a2 - ldx [%sp+LOCALS64+$M+24],$a3 - - add %sp,LOCALS64+$S,$bp - call __ecp_nistz256_sub_morf_vis3 ! p256_sub(S, S, res_x); - add %sp,LOCALS64+$S,$rp - - mov $acc0,$bi - call __ecp_nistz256_mul_mont_vis3 ! p256_mul_mont(S, S, M); - add %sp,LOCALS64+$S,$rp - - ldx [%sp+LOCALS64+$res_x],$a0 ! forward load - ldx [%sp+LOCALS64+$res_x+8],$a1 - ldx [%sp+LOCALS64+$res_x+16],$a2 - ldx [%sp+LOCALS64+$res_x+24],$a3 - - add %sp,LOCALS64+$res_y,$bp - call __ecp_nistz256_sub_from_vis3 ! p256_sub(res_y, S, res_y); - add %sp,LOCALS64+$res_y,$bp - - ! convert output to uint_32[8] - srlx $a0,32,$t0 - srlx $a1,32,$t1 - st $a0,[$rp_real] ! res_x - srlx $a2,32,$t2 - st $t0,[$rp_real+4] - srlx $a3,32,$t3 - st $a1,[$rp_real+8] - st $t1,[$rp_real+12] - st $a2,[$rp_real+16] - st $t2,[$rp_real+20] - st $a3,[$rp_real+24] - st $t3,[$rp_real+28] - - ldx [%sp+LOCALS64+$res_z],$a0 ! forward load - srlx $acc0,32,$t0 - ldx [%sp+LOCALS64+$res_z+8],$a1 - srlx $acc1,32,$t1 - ldx [%sp+LOCALS64+$res_z+16],$a2 - srlx $acc2,32,$t2 - ldx [%sp+LOCALS64+$res_z+24],$a3 - srlx $acc3,32,$t3 - st $acc0,[$rp_real+32] ! res_y - st $t0, [$rp_real+32+4] - st $acc1,[$rp_real+32+8] - st $t1, [$rp_real+32+12] - st $acc2,[$rp_real+32+16] - st $t2, [$rp_real+32+20] - st $acc3,[$rp_real+32+24] - st $t3, [$rp_real+32+28] - - srlx $a0,32,$t0 - srlx $a1,32,$t1 - st $a0,[$rp_real+64] ! res_z - srlx $a2,32,$t2 - st $t0,[$rp_real+64+4] - srlx $a3,32,$t3 - st $a1,[$rp_real+64+8] - st $t1,[$rp_real+64+12] - st $a2,[$rp_real+64+16] - st $t2,[$rp_real+64+20] - st $a3,[$rp_real+64+24] - st $t3,[$rp_real+64+28] - - ret - restore -.type ecp_nistz256_point_double_vis3,#function -.size ecp_nistz256_point_double_vis3,.-ecp_nistz256_point_double_vis3 -___ -} -######################################################################## -# void ecp_nistz256_point_add(P256_POINT *out,const P256_POINT *in1, -# const P256_POINT *in2); -{ -my ($res_x,$res_y,$res_z, - $in1_x,$in1_y,$in1_z, - $in2_x,$in2_y,$in2_z, - $H,$Hsqr,$R,$Rsqr,$Hcub, - $U1,$U2,$S1,$S2)=map(32*$_,(0..17)); -my ($Z1sqr, $Z2sqr) = ($Hsqr, $Rsqr); - -# above map() describes stack layout with 18 temporary -# 256-bit vectors on top. Then we reserve some space for -# !in1infty, !in2infty and result of check for zero. - -$code.=<<___; -.align 32 -ecp_nistz256_point_add_vis3: - save %sp,-STACK64_FRAME-32*18-32,%sp - - mov $rp,$rp_real - mov -1,$minus1 - mov -2,$poly3 - sllx $minus1,32,$poly1 ! 0xFFFFFFFF00000000 - srl $poly3,0,$poly3 ! 0x00000000FFFFFFFE - - ! convert input to uint64_t[4] - ld [$bp],$a0 ! in2_x - ld [$bp+4],$t0 - ld [$bp+8],$a1 - ld [$bp+12],$t1 - ld [$bp+16],$a2 - ld [$bp+20],$t2 - ld [$bp+24],$a3 - ld [$bp+28],$t3 - sllx $t0,32,$t0 - sllx $t1,32,$t1 - ld [$bp+32],$acc0 ! in2_y - or $a0,$t0,$a0 - ld [$bp+32+4],$t0 - sllx $t2,32,$t2 - ld [$bp+32+8],$acc1 - or $a1,$t1,$a1 - ld [$bp+32+12],$t1 - sllx $t3,32,$t3 - ld [$bp+32+16],$acc2 - or $a2,$t2,$a2 - ld [$bp+32+20],$t2 - or $a3,$t3,$a3 - ld [$bp+32+24],$acc3 - sllx $t0,32,$t0 - ld [$bp+32+28],$t3 - sllx $t1,32,$t1 - stx $a0,[%sp+LOCALS64+$in2_x] - sllx $t2,32,$t2 - stx $a1,[%sp+LOCALS64+$in2_x+8] - sllx $t3,32,$t3 - stx $a2,[%sp+LOCALS64+$in2_x+16] - or $acc0,$t0,$acc0 - stx $a3,[%sp+LOCALS64+$in2_x+24] - or $acc1,$t1,$acc1 - stx $acc0,[%sp+LOCALS64+$in2_y] - or $acc2,$t2,$acc2 - stx $acc1,[%sp+LOCALS64+$in2_y+8] - or $acc3,$t3,$acc3 - stx $acc2,[%sp+LOCALS64+$in2_y+16] - stx $acc3,[%sp+LOCALS64+$in2_y+24] - - ld [$bp+64],$acc0 ! in2_z - ld [$bp+64+4],$t0 - ld [$bp+64+8],$acc1 - ld [$bp+64+12],$t1 - ld [$bp+64+16],$acc2 - ld [$bp+64+20],$t2 - ld [$bp+64+24],$acc3 - ld [$bp+64+28],$t3 - sllx $t0,32,$t0 - sllx $t1,32,$t1 - ld [$ap],$a0 ! in1_x - or $acc0,$t0,$acc0 - ld [$ap+4],$t0 - sllx $t2,32,$t2 - ld [$ap+8],$a1 - or $acc1,$t1,$acc1 - ld [$ap+12],$t1 - sllx $t3,32,$t3 - ld [$ap+16],$a2 - or $acc2,$t2,$acc2 - ld [$ap+20],$t2 - or $acc3,$t3,$acc3 - ld [$ap+24],$a3 - sllx $t0,32,$t0 - ld [$ap+28],$t3 - sllx $t1,32,$t1 - stx $acc0,[%sp+LOCALS64+$in2_z] - sllx $t2,32,$t2 - stx $acc1,[%sp+LOCALS64+$in2_z+8] - sllx $t3,32,$t3 - stx $acc2,[%sp+LOCALS64+$in2_z+16] - stx $acc3,[%sp+LOCALS64+$in2_z+24] - - or $acc1,$acc0,$acc0 - or $acc3,$acc2,$acc2 - or $acc2,$acc0,$acc0 - movrnz $acc0,-1,$acc0 ! !in2infty - stx $acc0,[%fp+STACK_BIAS-8] - - or $a0,$t0,$a0 - ld [$ap+32],$acc0 ! in1_y - or $a1,$t1,$a1 - ld [$ap+32+4],$t0 - or $a2,$t2,$a2 - ld [$ap+32+8],$acc1 - or $a3,$t3,$a3 - ld [$ap+32+12],$t1 - ld [$ap+32+16],$acc2 - ld [$ap+32+20],$t2 - ld [$ap+32+24],$acc3 - sllx $t0,32,$t0 - ld [$ap+32+28],$t3 - sllx $t1,32,$t1 - stx $a0,[%sp+LOCALS64+$in1_x] - sllx $t2,32,$t2 - stx $a1,[%sp+LOCALS64+$in1_x+8] - sllx $t3,32,$t3 - stx $a2,[%sp+LOCALS64+$in1_x+16] - or $acc0,$t0,$acc0 - stx $a3,[%sp+LOCALS64+$in1_x+24] - or $acc1,$t1,$acc1 - stx $acc0,[%sp+LOCALS64+$in1_y] - or $acc2,$t2,$acc2 - stx $acc1,[%sp+LOCALS64+$in1_y+8] - or $acc3,$t3,$acc3 - stx $acc2,[%sp+LOCALS64+$in1_y+16] - stx $acc3,[%sp+LOCALS64+$in1_y+24] - - ldx [%sp+LOCALS64+$in2_z],$a0 ! forward load - ldx [%sp+LOCALS64+$in2_z+8],$a1 - ldx [%sp+LOCALS64+$in2_z+16],$a2 - ldx [%sp+LOCALS64+$in2_z+24],$a3 - - ld [$ap+64],$acc0 ! in1_z - ld [$ap+64+4],$t0 - ld [$ap+64+8],$acc1 - ld [$ap+64+12],$t1 - ld [$ap+64+16],$acc2 - ld [$ap+64+20],$t2 - ld [$ap+64+24],$acc3 - ld [$ap+64+28],$t3 - sllx $t0,32,$t0 - sllx $t1,32,$t1 - or $acc0,$t0,$acc0 - sllx $t2,32,$t2 - or $acc1,$t1,$acc1 - sllx $t3,32,$t3 - stx $acc0,[%sp+LOCALS64+$in1_z] - or $acc2,$t2,$acc2 - stx $acc1,[%sp+LOCALS64+$in1_z+8] - or $acc3,$t3,$acc3 - stx $acc2,[%sp+LOCALS64+$in1_z+16] - stx $acc3,[%sp+LOCALS64+$in1_z+24] - - or $acc1,$acc0,$acc0 - or $acc3,$acc2,$acc2 - or $acc2,$acc0,$acc0 - movrnz $acc0,-1,$acc0 ! !in1infty - stx $acc0,[%fp+STACK_BIAS-16] - - call __ecp_nistz256_sqr_mont_vis3 ! p256_sqr_mont(Z2sqr, in2_z); - add %sp,LOCALS64+$Z2sqr,$rp - - ldx [%sp+LOCALS64+$in1_z],$a0 - ldx [%sp+LOCALS64+$in1_z+8],$a1 - ldx [%sp+LOCALS64+$in1_z+16],$a2 - ldx [%sp+LOCALS64+$in1_z+24],$a3 - call __ecp_nistz256_sqr_mont_vis3 ! p256_sqr_mont(Z1sqr, in1_z); - add %sp,LOCALS64+$Z1sqr,$rp - - ldx [%sp+LOCALS64+$Z2sqr],$bi - ldx [%sp+LOCALS64+$in2_z],$a0 - ldx [%sp+LOCALS64+$in2_z+8],$a1 - ldx [%sp+LOCALS64+$in2_z+16],$a2 - ldx [%sp+LOCALS64+$in2_z+24],$a3 - add %sp,LOCALS64+$Z2sqr,$bp - call __ecp_nistz256_mul_mont_vis3 ! p256_mul_mont(S1, Z2sqr, in2_z); - add %sp,LOCALS64+$S1,$rp - - ldx [%sp+LOCALS64+$Z1sqr],$bi - ldx [%sp+LOCALS64+$in1_z],$a0 - ldx [%sp+LOCALS64+$in1_z+8],$a1 - ldx [%sp+LOCALS64+$in1_z+16],$a2 - ldx [%sp+LOCALS64+$in1_z+24],$a3 - add %sp,LOCALS64+$Z1sqr,$bp - call __ecp_nistz256_mul_mont_vis3 ! p256_mul_mont(S2, Z1sqr, in1_z); - add %sp,LOCALS64+$S2,$rp - - ldx [%sp+LOCALS64+$S1],$bi - ldx [%sp+LOCALS64+$in1_y],$a0 - ldx [%sp+LOCALS64+$in1_y+8],$a1 - ldx [%sp+LOCALS64+$in1_y+16],$a2 - ldx [%sp+LOCALS64+$in1_y+24],$a3 - add %sp,LOCALS64+$S1,$bp - call __ecp_nistz256_mul_mont_vis3 ! p256_mul_mont(S1, S1, in1_y); - add %sp,LOCALS64+$S1,$rp - - ldx [%sp+LOCALS64+$S2],$bi - ldx [%sp+LOCALS64+$in2_y],$a0 - ldx [%sp+LOCALS64+$in2_y+8],$a1 - ldx [%sp+LOCALS64+$in2_y+16],$a2 - ldx [%sp+LOCALS64+$in2_y+24],$a3 - add %sp,LOCALS64+$S2,$bp - call __ecp_nistz256_mul_mont_vis3 ! p256_mul_mont(S2, S2, in2_y); - add %sp,LOCALS64+$S2,$rp - - ldx [%sp+LOCALS64+$Z2sqr],$bi ! forward load - ldx [%sp+LOCALS64+$in1_x],$a0 - ldx [%sp+LOCALS64+$in1_x+8],$a1 - ldx [%sp+LOCALS64+$in1_x+16],$a2 - ldx [%sp+LOCALS64+$in1_x+24],$a3 - - add %sp,LOCALS64+$S1,$bp - call __ecp_nistz256_sub_from_vis3 ! p256_sub(R, S2, S1); - add %sp,LOCALS64+$R,$rp - - or $acc1,$acc0,$acc0 ! see if result is zero - or $acc3,$acc2,$acc2 - or $acc2,$acc0,$acc0 - stx $acc0,[%fp+STACK_BIAS-24] - - add %sp,LOCALS64+$Z2sqr,$bp - call __ecp_nistz256_mul_mont_vis3 ! p256_mul_mont(U1, in1_x, Z2sqr); - add %sp,LOCALS64+$U1,$rp - - ldx [%sp+LOCALS64+$Z1sqr],$bi - ldx [%sp+LOCALS64+$in2_x],$a0 - ldx [%sp+LOCALS64+$in2_x+8],$a1 - ldx [%sp+LOCALS64+$in2_x+16],$a2 - ldx [%sp+LOCALS64+$in2_x+24],$a3 - add %sp,LOCALS64+$Z1sqr,$bp - call __ecp_nistz256_mul_mont_vis3 ! p256_mul_mont(U2, in2_x, Z1sqr); - add %sp,LOCALS64+$U2,$rp - - ldx [%sp+LOCALS64+$R],$a0 ! forward load - ldx [%sp+LOCALS64+$R+8],$a1 - ldx [%sp+LOCALS64+$R+16],$a2 - ldx [%sp+LOCALS64+$R+24],$a3 - - add %sp,LOCALS64+$U1,$bp - call __ecp_nistz256_sub_from_vis3 ! p256_sub(H, U2, U1); - add %sp,LOCALS64+$H,$rp - - or $acc1,$acc0,$acc0 ! see if result is zero - or $acc3,$acc2,$acc2 - orcc $acc2,$acc0,$acc0 - - bne,pt %xcc,.Ladd_proceed_vis3 ! is_equal(U1,U2)? - nop - - ldx [%fp+STACK_BIAS-8],$t0 - ldx [%fp+STACK_BIAS-16],$t1 - ldx [%fp+STACK_BIAS-24],$t2 - andcc $t0,$t1,%g0 - be,pt %xcc,.Ladd_proceed_vis3 ! (in1infty || in2infty)? - nop - andcc $t2,$t2,%g0 - be,a,pt %xcc,.Ldouble_shortcut_vis3 ! is_equal(S1,S2)? - add %sp,32*(12-10)+32,%sp ! difference in frame sizes - - st %g0,[$rp_real] - st %g0,[$rp_real+4] - st %g0,[$rp_real+8] - st %g0,[$rp_real+12] - st %g0,[$rp_real+16] - st %g0,[$rp_real+20] - st %g0,[$rp_real+24] - st %g0,[$rp_real+28] - st %g0,[$rp_real+32] - st %g0,[$rp_real+32+4] - st %g0,[$rp_real+32+8] - st %g0,[$rp_real+32+12] - st %g0,[$rp_real+32+16] - st %g0,[$rp_real+32+20] - st %g0,[$rp_real+32+24] - st %g0,[$rp_real+32+28] - st %g0,[$rp_real+64] - st %g0,[$rp_real+64+4] - st %g0,[$rp_real+64+8] - st %g0,[$rp_real+64+12] - st %g0,[$rp_real+64+16] - st %g0,[$rp_real+64+20] - st %g0,[$rp_real+64+24] - st %g0,[$rp_real+64+28] - b .Ladd_done_vis3 - nop - -.align 16 -.Ladd_proceed_vis3: - call __ecp_nistz256_sqr_mont_vis3 ! p256_sqr_mont(Rsqr, R); - add %sp,LOCALS64+$Rsqr,$rp - - ldx [%sp+LOCALS64+$H],$bi - ldx [%sp+LOCALS64+$in1_z],$a0 - ldx [%sp+LOCALS64+$in1_z+8],$a1 - ldx [%sp+LOCALS64+$in1_z+16],$a2 - ldx [%sp+LOCALS64+$in1_z+24],$a3 - add %sp,LOCALS64+$H,$bp - call __ecp_nistz256_mul_mont_vis3 ! p256_mul_mont(res_z, H, in1_z); - add %sp,LOCALS64+$res_z,$rp - - ldx [%sp+LOCALS64+$H],$a0 - ldx [%sp+LOCALS64+$H+8],$a1 - ldx [%sp+LOCALS64+$H+16],$a2 - ldx [%sp+LOCALS64+$H+24],$a3 - call __ecp_nistz256_sqr_mont_vis3 ! p256_sqr_mont(Hsqr, H); - add %sp,LOCALS64+$Hsqr,$rp - - ldx [%sp+LOCALS64+$res_z],$bi - ldx [%sp+LOCALS64+$in2_z],$a0 - ldx [%sp+LOCALS64+$in2_z+8],$a1 - ldx [%sp+LOCALS64+$in2_z+16],$a2 - ldx [%sp+LOCALS64+$in2_z+24],$a3 - add %sp,LOCALS64+$res_z,$bp - call __ecp_nistz256_mul_mont_vis3 ! p256_mul_mont(res_z, res_z, in2_z); - add %sp,LOCALS64+$res_z,$rp - - ldx [%sp+LOCALS64+$H],$bi - ldx [%sp+LOCALS64+$Hsqr],$a0 - ldx [%sp+LOCALS64+$Hsqr+8],$a1 - ldx [%sp+LOCALS64+$Hsqr+16],$a2 - ldx [%sp+LOCALS64+$Hsqr+24],$a3 - add %sp,LOCALS64+$H,$bp - call __ecp_nistz256_mul_mont_vis3 ! p256_mul_mont(Hcub, Hsqr, H); - add %sp,LOCALS64+$Hcub,$rp - - ldx [%sp+LOCALS64+$U1],$bi - ldx [%sp+LOCALS64+$Hsqr],$a0 - ldx [%sp+LOCALS64+$Hsqr+8],$a1 - ldx [%sp+LOCALS64+$Hsqr+16],$a2 - ldx [%sp+LOCALS64+$Hsqr+24],$a3 - add %sp,LOCALS64+$U1,$bp - call __ecp_nistz256_mul_mont_vis3 ! p256_mul_mont(U2, U1, Hsqr); - add %sp,LOCALS64+$U2,$rp - - call __ecp_nistz256_mul_by_2_vis3 ! p256_mul_by_2(Hsqr, U2); - add %sp,LOCALS64+$Hsqr,$rp - - add %sp,LOCALS64+$Rsqr,$bp - call __ecp_nistz256_sub_morf_vis3 ! p256_sub(res_x, Rsqr, Hsqr); - add %sp,LOCALS64+$res_x,$rp - - add %sp,LOCALS64+$Hcub,$bp - call __ecp_nistz256_sub_from_vis3 ! p256_sub(res_x, res_x, Hcub); - add %sp,LOCALS64+$res_x,$rp - - ldx [%sp+LOCALS64+$S1],$bi ! forward load - ldx [%sp+LOCALS64+$Hcub],$a0 - ldx [%sp+LOCALS64+$Hcub+8],$a1 - ldx [%sp+LOCALS64+$Hcub+16],$a2 - ldx [%sp+LOCALS64+$Hcub+24],$a3 - - add %sp,LOCALS64+$U2,$bp - call __ecp_nistz256_sub_morf_vis3 ! p256_sub(res_y, U2, res_x); - add %sp,LOCALS64+$res_y,$rp - - add %sp,LOCALS64+$S1,$bp - call __ecp_nistz256_mul_mont_vis3 ! p256_mul_mont(S2, S1, Hcub); - add %sp,LOCALS64+$S2,$rp - - ldx [%sp+LOCALS64+$R],$bi - ldx [%sp+LOCALS64+$res_y],$a0 - ldx [%sp+LOCALS64+$res_y+8],$a1 - ldx [%sp+LOCALS64+$res_y+16],$a2 - ldx [%sp+LOCALS64+$res_y+24],$a3 - add %sp,LOCALS64+$R,$bp - call __ecp_nistz256_mul_mont_vis3 ! p256_mul_mont(res_y, res_y, R); - add %sp,LOCALS64+$res_y,$rp - - add %sp,LOCALS64+$S2,$bp - call __ecp_nistz256_sub_from_vis3 ! p256_sub(res_y, res_y, S2); - add %sp,LOCALS64+$res_y,$rp - - ldx [%fp+STACK_BIAS-16],$t1 ! !in1infty - ldx [%fp+STACK_BIAS-8],$t2 ! !in2infty -___ -for($i=0;$i<96;$i+=16) { # conditional moves -$code.=<<___; - ldx [%sp+LOCALS64+$res_x+$i],$acc0 ! res - ldx [%sp+LOCALS64+$res_x+$i+8],$acc1 - ldx [%sp+LOCALS64+$in2_x+$i],$acc2 ! in2 - ldx [%sp+LOCALS64+$in2_x+$i+8],$acc3 - ldx [%sp+LOCALS64+$in1_x+$i],$acc4 ! in1 - ldx [%sp+LOCALS64+$in1_x+$i+8],$acc5 - movrz $t1,$acc2,$acc0 - movrz $t1,$acc3,$acc1 - movrz $t2,$acc4,$acc0 - movrz $t2,$acc5,$acc1 - srlx $acc0,32,$acc2 - srlx $acc1,32,$acc3 - st $acc0,[$rp_real+$i] - st $acc2,[$rp_real+$i+4] - st $acc1,[$rp_real+$i+8] - st $acc3,[$rp_real+$i+12] -___ -} -$code.=<<___; -.Ladd_done_vis3: - ret - restore -.type ecp_nistz256_point_add_vis3,#function -.size ecp_nistz256_point_add_vis3,.-ecp_nistz256_point_add_vis3 -___ -} -######################################################################## -# void ecp_nistz256_point_add_affine(P256_POINT *out,const P256_POINT *in1, -# const P256_POINT_AFFINE *in2); -{ -my ($res_x,$res_y,$res_z, - $in1_x,$in1_y,$in1_z, - $in2_x,$in2_y, - $U2,$S2,$H,$R,$Hsqr,$Hcub,$Rsqr)=map(32*$_,(0..14)); -my $Z1sqr = $S2; -# above map() describes stack layout with 15 temporary -# 256-bit vectors on top. Then we reserve some space for -# !in1infty and !in2infty. - -$code.=<<___; -.align 32 -ecp_nistz256_point_add_affine_vis3: - save %sp,-STACK64_FRAME-32*15-32,%sp - - mov $rp,$rp_real - mov -1,$minus1 - mov -2,$poly3 - sllx $minus1,32,$poly1 ! 0xFFFFFFFF00000000 - srl $poly3,0,$poly3 ! 0x00000000FFFFFFFE - - ! convert input to uint64_t[4] - ld [$bp],$a0 ! in2_x - ld [$bp+4],$t0 - ld [$bp+8],$a1 - ld [$bp+12],$t1 - ld [$bp+16],$a2 - ld [$bp+20],$t2 - ld [$bp+24],$a3 - ld [$bp+28],$t3 - sllx $t0,32,$t0 - sllx $t1,32,$t1 - ld [$bp+32],$acc0 ! in2_y - or $a0,$t0,$a0 - ld [$bp+32+4],$t0 - sllx $t2,32,$t2 - ld [$bp+32+8],$acc1 - or $a1,$t1,$a1 - ld [$bp+32+12],$t1 - sllx $t3,32,$t3 - ld [$bp+32+16],$acc2 - or $a2,$t2,$a2 - ld [$bp+32+20],$t2 - or $a3,$t3,$a3 - ld [$bp+32+24],$acc3 - sllx $t0,32,$t0 - ld [$bp+32+28],$t3 - sllx $t1,32,$t1 - stx $a0,[%sp+LOCALS64+$in2_x] - sllx $t2,32,$t2 - stx $a1,[%sp+LOCALS64+$in2_x+8] - sllx $t3,32,$t3 - stx $a2,[%sp+LOCALS64+$in2_x+16] - or $acc0,$t0,$acc0 - stx $a3,[%sp+LOCALS64+$in2_x+24] - or $acc1,$t1,$acc1 - stx $acc0,[%sp+LOCALS64+$in2_y] - or $acc2,$t2,$acc2 - stx $acc1,[%sp+LOCALS64+$in2_y+8] - or $acc3,$t3,$acc3 - stx $acc2,[%sp+LOCALS64+$in2_y+16] - stx $acc3,[%sp+LOCALS64+$in2_y+24] - - or $a1,$a0,$a0 - or $a3,$a2,$a2 - or $acc1,$acc0,$acc0 - or $acc3,$acc2,$acc2 - or $a2,$a0,$a0 - or $acc2,$acc0,$acc0 - or $acc0,$a0,$a0 - movrnz $a0,-1,$a0 ! !in2infty - stx $a0,[%fp+STACK_BIAS-8] - - ld [$ap],$a0 ! in1_x - ld [$ap+4],$t0 - ld [$ap+8],$a1 - ld [$ap+12],$t1 - ld [$ap+16],$a2 - ld [$ap+20],$t2 - ld [$ap+24],$a3 - ld [$ap+28],$t3 - sllx $t0,32,$t0 - sllx $t1,32,$t1 - ld [$ap+32],$acc0 ! in1_y - or $a0,$t0,$a0 - ld [$ap+32+4],$t0 - sllx $t2,32,$t2 - ld [$ap+32+8],$acc1 - or $a1,$t1,$a1 - ld [$ap+32+12],$t1 - sllx $t3,32,$t3 - ld [$ap+32+16],$acc2 - or $a2,$t2,$a2 - ld [$ap+32+20],$t2 - or $a3,$t3,$a3 - ld [$ap+32+24],$acc3 - sllx $t0,32,$t0 - ld [$ap+32+28],$t3 - sllx $t1,32,$t1 - stx $a0,[%sp+LOCALS64+$in1_x] - sllx $t2,32,$t2 - stx $a1,[%sp+LOCALS64+$in1_x+8] - sllx $t3,32,$t3 - stx $a2,[%sp+LOCALS64+$in1_x+16] - or $acc0,$t0,$acc0 - stx $a3,[%sp+LOCALS64+$in1_x+24] - or $acc1,$t1,$acc1 - stx $acc0,[%sp+LOCALS64+$in1_y] - or $acc2,$t2,$acc2 - stx $acc1,[%sp+LOCALS64+$in1_y+8] - or $acc3,$t3,$acc3 - stx $acc2,[%sp+LOCALS64+$in1_y+16] - stx $acc3,[%sp+LOCALS64+$in1_y+24] - - ld [$ap+64],$a0 ! in1_z - ld [$ap+64+4],$t0 - ld [$ap+64+8],$a1 - ld [$ap+64+12],$t1 - ld [$ap+64+16],$a2 - ld [$ap+64+20],$t2 - ld [$ap+64+24],$a3 - ld [$ap+64+28],$t3 - sllx $t0,32,$t0 - sllx $t1,32,$t1 - or $a0,$t0,$a0 - sllx $t2,32,$t2 - or $a1,$t1,$a1 - sllx $t3,32,$t3 - stx $a0,[%sp+LOCALS64+$in1_z] - or $a2,$t2,$a2 - stx $a1,[%sp+LOCALS64+$in1_z+8] - or $a3,$t3,$a3 - stx $a2,[%sp+LOCALS64+$in1_z+16] - stx $a3,[%sp+LOCALS64+$in1_z+24] - - or $a1,$a0,$t0 - or $a3,$a2,$t2 - or $t2,$t0,$t0 - movrnz $t0,-1,$t0 ! !in1infty - stx $t0,[%fp+STACK_BIAS-16] - - call __ecp_nistz256_sqr_mont_vis3 ! p256_sqr_mont(Z1sqr, in1_z); - add %sp,LOCALS64+$Z1sqr,$rp - - ldx [%sp+LOCALS64+$in2_x],$bi - mov $acc0,$a0 - mov $acc1,$a1 - mov $acc2,$a2 - mov $acc3,$a3 - add %sp,LOCALS64+$in2_x,$bp - call __ecp_nistz256_mul_mont_vis3 ! p256_mul_mont(U2, Z1sqr, in2_x); - add %sp,LOCALS64+$U2,$rp - - ldx [%sp+LOCALS64+$Z1sqr],$bi ! forward load - ldx [%sp+LOCALS64+$in1_z],$a0 - ldx [%sp+LOCALS64+$in1_z+8],$a1 - ldx [%sp+LOCALS64+$in1_z+16],$a2 - ldx [%sp+LOCALS64+$in1_z+24],$a3 - - add %sp,LOCALS64+$in1_x,$bp - call __ecp_nistz256_sub_from_vis3 ! p256_sub(H, U2, in1_x); - add %sp,LOCALS64+$H,$rp - - add %sp,LOCALS64+$Z1sqr,$bp - call __ecp_nistz256_mul_mont_vis3 ! p256_mul_mont(S2, Z1sqr, in1_z); - add %sp,LOCALS64+$S2,$rp - - ldx [%sp+LOCALS64+$H],$bi - ldx [%sp+LOCALS64+$in1_z],$a0 - ldx [%sp+LOCALS64+$in1_z+8],$a1 - ldx [%sp+LOCALS64+$in1_z+16],$a2 - ldx [%sp+LOCALS64+$in1_z+24],$a3 - add %sp,LOCALS64+$H,$bp - call __ecp_nistz256_mul_mont_vis3 ! p256_mul_mont(res_z, H, in1_z); - add %sp,LOCALS64+$res_z,$rp - - ldx [%sp+LOCALS64+$S2],$bi - ldx [%sp+LOCALS64+$in2_y],$a0 - ldx [%sp+LOCALS64+$in2_y+8],$a1 - ldx [%sp+LOCALS64+$in2_y+16],$a2 - ldx [%sp+LOCALS64+$in2_y+24],$a3 - add %sp,LOCALS64+$S2,$bp - call __ecp_nistz256_mul_mont_vis3 ! p256_mul_mont(S2, S2, in2_y); - add %sp,LOCALS64+$S2,$rp - - ldx [%sp+LOCALS64+$H],$a0 ! forward load - ldx [%sp+LOCALS64+$H+8],$a1 - ldx [%sp+LOCALS64+$H+16],$a2 - ldx [%sp+LOCALS64+$H+24],$a3 - - add %sp,LOCALS64+$in1_y,$bp - call __ecp_nistz256_sub_from_vis3 ! p256_sub(R, S2, in1_y); - add %sp,LOCALS64+$R,$rp - - call __ecp_nistz256_sqr_mont_vis3 ! p256_sqr_mont(Hsqr, H); - add %sp,LOCALS64+$Hsqr,$rp - - ldx [%sp+LOCALS64+$R],$a0 - ldx [%sp+LOCALS64+$R+8],$a1 - ldx [%sp+LOCALS64+$R+16],$a2 - ldx [%sp+LOCALS64+$R+24],$a3 - call __ecp_nistz256_sqr_mont_vis3 ! p256_sqr_mont(Rsqr, R); - add %sp,LOCALS64+$Rsqr,$rp - - ldx [%sp+LOCALS64+$H],$bi - ldx [%sp+LOCALS64+$Hsqr],$a0 - ldx [%sp+LOCALS64+$Hsqr+8],$a1 - ldx [%sp+LOCALS64+$Hsqr+16],$a2 - ldx [%sp+LOCALS64+$Hsqr+24],$a3 - add %sp,LOCALS64+$H,$bp - call __ecp_nistz256_mul_mont_vis3 ! p256_mul_mont(Hcub, Hsqr, H); - add %sp,LOCALS64+$Hcub,$rp - - ldx [%sp+LOCALS64+$Hsqr],$bi - ldx [%sp+LOCALS64+$in1_x],$a0 - ldx [%sp+LOCALS64+$in1_x+8],$a1 - ldx [%sp+LOCALS64+$in1_x+16],$a2 - ldx [%sp+LOCALS64+$in1_x+24],$a3 - add %sp,LOCALS64+$Hsqr,$bp - call __ecp_nistz256_mul_mont_vis3 ! p256_mul_mont(U2, in1_x, Hsqr); - add %sp,LOCALS64+$U2,$rp - - call __ecp_nistz256_mul_by_2_vis3 ! p256_mul_by_2(Hsqr, U2); - add %sp,LOCALS64+$Hsqr,$rp - - add %sp,LOCALS64+$Rsqr,$bp - call __ecp_nistz256_sub_morf_vis3 ! p256_sub(res_x, Rsqr, Hsqr); - add %sp,LOCALS64+$res_x,$rp - - add %sp,LOCALS64+$Hcub,$bp - call __ecp_nistz256_sub_from_vis3 ! p256_sub(res_x, res_x, Hcub); - add %sp,LOCALS64+$res_x,$rp - - ldx [%sp+LOCALS64+$Hcub],$bi ! forward load - ldx [%sp+LOCALS64+$in1_y],$a0 - ldx [%sp+LOCALS64+$in1_y+8],$a1 - ldx [%sp+LOCALS64+$in1_y+16],$a2 - ldx [%sp+LOCALS64+$in1_y+24],$a3 - - add %sp,LOCALS64+$U2,$bp - call __ecp_nistz256_sub_morf_vis3 ! p256_sub(res_y, U2, res_x); - add %sp,LOCALS64+$res_y,$rp - - add %sp,LOCALS64+$Hcub,$bp - call __ecp_nistz256_mul_mont_vis3 ! p256_mul_mont(S2, in1_y, Hcub); - add %sp,LOCALS64+$S2,$rp - - ldx [%sp+LOCALS64+$R],$bi - ldx [%sp+LOCALS64+$res_y],$a0 - ldx [%sp+LOCALS64+$res_y+8],$a1 - ldx [%sp+LOCALS64+$res_y+16],$a2 - ldx [%sp+LOCALS64+$res_y+24],$a3 - add %sp,LOCALS64+$R,$bp - call __ecp_nistz256_mul_mont_vis3 ! p256_mul_mont(res_y, res_y, R); - add %sp,LOCALS64+$res_y,$rp - - add %sp,LOCALS64+$S2,$bp - call __ecp_nistz256_sub_from_vis3 ! p256_sub(res_y, res_y, S2); - add %sp,LOCALS64+$res_y,$rp - - ldx [%fp+STACK_BIAS-16],$t1 ! !in1infty - ldx [%fp+STACK_BIAS-8],$t2 ! !in2infty -1: call .+8 - add %o7,.Lone_mont_vis3-1b,$bp -___ -for($i=0;$i<64;$i+=16) { # conditional moves -$code.=<<___; - ldx [%sp+LOCALS64+$res_x+$i],$acc0 ! res - ldx [%sp+LOCALS64+$res_x+$i+8],$acc1 - ldx [%sp+LOCALS64+$in2_x+$i],$acc2 ! in2 - ldx [%sp+LOCALS64+$in2_x+$i+8],$acc3 - ldx [%sp+LOCALS64+$in1_x+$i],$acc4 ! in1 - ldx [%sp+LOCALS64+$in1_x+$i+8],$acc5 - movrz $t1,$acc2,$acc0 - movrz $t1,$acc3,$acc1 - movrz $t2,$acc4,$acc0 - movrz $t2,$acc5,$acc1 - srlx $acc0,32,$acc2 - srlx $acc1,32,$acc3 - st $acc0,[$rp_real+$i] - st $acc2,[$rp_real+$i+4] - st $acc1,[$rp_real+$i+8] - st $acc3,[$rp_real+$i+12] -___ -} -for(;$i<96;$i+=16) { -$code.=<<___; - ldx [%sp+LOCALS64+$res_x+$i],$acc0 ! res - ldx [%sp+LOCALS64+$res_x+$i+8],$acc1 - ldx [$bp+$i-64],$acc2 ! "in2" - ldx [$bp+$i-64+8],$acc3 - ldx [%sp+LOCALS64+$in1_x+$i],$acc4 ! in1 - ldx [%sp+LOCALS64+$in1_x+$i+8],$acc5 - movrz $t1,$acc2,$acc0 - movrz $t1,$acc3,$acc1 - movrz $t2,$acc4,$acc0 - movrz $t2,$acc5,$acc1 - srlx $acc0,32,$acc2 - srlx $acc1,32,$acc3 - st $acc0,[$rp_real+$i] - st $acc2,[$rp_real+$i+4] - st $acc1,[$rp_real+$i+8] - st $acc3,[$rp_real+$i+12] -___ -} -$code.=<<___; - ret - restore -.type ecp_nistz256_point_add_affine_vis3,#function -.size ecp_nistz256_point_add_affine_vis3,.-ecp_nistz256_point_add_affine_vis3 -.align 64 -.Lone_mont_vis3: -.long 0x00000000,0x00000001, 0xffffffff,0x00000000 -.long 0xffffffff,0xffffffff, 0x00000000,0xfffffffe -.align 64 -___ -} }}} - -# Purpose of these subroutines is to explicitly encode VIS instructions, -# so that one can compile the module without having to specify VIS -# extensions on compiler command line, e.g. -xarch=v9 vs. -xarch=v9a. -# Idea is to reserve for option to produce "universal" binary and let -# programmer detect if current CPU is VIS capable at run-time. -sub unvis3 { -my ($mnemonic,$rs1,$rs2,$rd)=@_; -my %bias = ( "g" => 0, "o" => 8, "l" => 16, "i" => 24 ); -my ($ref,$opf); -my %visopf = ( "addxc" => 0x011, - "addxccc" => 0x013, - "umulxhi" => 0x016 ); - - $ref = "$mnemonic\t$rs1,$rs2,$rd"; - - if ($opf=$visopf{$mnemonic}) { - foreach ($rs1,$rs2,$rd) { - return $ref if (!/%([goli])([0-9])/); - $_=$bias{$1}+$2; - } - - return sprintf ".word\t0x%08x !%s", - 0x81b00000|$rd<<25|$rs1<<14|$opf<<5|$rs2, - $ref; - } else { - return $ref; - } -} - -foreach (split("\n",$code)) { - s/\`([^\`]*)\`/eval $1/ge; - - s/\b(umulxhi|addxc[c]{0,2})\s+(%[goli][0-7]),\s*(%[goli][0-7]),\s*(%[goli][0-7])/ - &unvis3($1,$2,$3,$4) - /ge; - - print $_,"\n"; -} - -close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/ec/asm/ecp_nistz256-x86.pl b/crypto/ec/asm/ecp_nistz256-x86.pl deleted file mode 100755 index e78f0cd7266ded7073c9f050cf6112e874954324..0000000000000000000000000000000000000000 --- a/crypto/ec/asm/ecp_nistz256-x86.pl +++ /dev/null @@ -1,1861 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - - -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# ==================================================================== -# -# ECP_NISTZ256 module for x86/SSE2. -# -# October 2014. -# -# Original ECP_NISTZ256 submission targeting x86_64 is detailed in -# http://eprint.iacr.org/2013/816. In the process of adaptation -# original .c module was made 32-bit savvy in order to make this -# implementation possible. -# -# with/without -DECP_NISTZ256_ASM -# Pentium +66-163% -# PIII +72-172% -# P4 +65-132% -# Core2 +90-215% -# Sandy Bridge +105-265% (contemporary i[57]-* are all close to this) -# Atom +65-155% -# Opteron +54-110% -# Bulldozer +99-240% -# VIA Nano +93-290% -# -# Ranges denote minimum and maximum improvement coefficients depending -# on benchmark. Lower coefficients are for ECDSA sign, server-side -# operation. Keep in mind that +200% means 3x improvement. - -$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; -push(@INC,"${dir}","${dir}../../perlasm"); -require "x86asm.pl"; - -$output=pop and open STDOUT,">$output"; - -&asm_init($ARGV[0],$ARGV[$#ARGV] eq "386"); - -$sse2=0; -for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); } - -&external_label("OPENSSL_ia32cap_P") if ($sse2); - - -######################################################################## -# Convert ecp_nistz256_table.c to layout expected by ecp_nistz_gather_w7 -# -open TABLE,") { - s/TOBN\(\s*(0x[0-9a-f]+),\s*(0x[0-9a-f]+)\s*\)/push @arr,hex($2),hex($1)/geo; -} -close TABLE; - -# See ecp_nistz256_table.c for explanation for why it's 64*16*37. -# 64*16*37-1 is because $#arr returns last valid index or @arr, not -# amount of elements. -die "insane number of elements" if ($#arr != 64*16*37-1); - -&public_label("ecp_nistz256_precomputed"); -&align(4096); -&set_label("ecp_nistz256_precomputed"); - -######################################################################## -# this conversion smashes P256_POINT_AFFINE by individual bytes with -# 64 byte interval, similar to -# 1111222233334444 -# 1234123412341234 -for(1..37) { - @tbl = splice(@arr,0,64*16); - for($i=0;$i<64;$i++) { - undef @line; - for($j=0;$j<64;$j++) { - push @line,(@tbl[$j*16+$i/4]>>(($i%4)*8))&0xff; - } - &data_byte(join(',',map { sprintf "0x%02x",$_} @line)); - } -} - -######################################################################## -# Keep in mind that constants are stored least to most significant word -&static_label("RR"); -&set_label("RR",64); -&data_word(3,0,-1,-5,-2,-1,-3,4); # 2^512 mod P-256 - -&static_label("ONE_mont"); -&set_label("ONE_mont"); -&data_word(1,0,0,-1,-1,-1,-2,0); - -&static_label("ONE"); -&set_label("ONE"); -&data_word(1,0,0,0,0,0,0,0); -&asciz("ECP_NISZ256 for x86/SSE2, CRYPTOGAMS by "); -&align(64); - -######################################################################## -# void ecp_nistz256_mul_by_2(BN_ULONG edi[8],const BN_ULONG esi[8]); -&function_begin("ecp_nistz256_mul_by_2"); - &mov ("esi",&wparam(1)); - &mov ("edi",&wparam(0)); - &mov ("ebp","esi"); -######################################################################## -# common pattern for internal functions is that %edi is result pointer, -# %esi and %ebp are input ones, %ebp being optional. %edi is preserved. - &call ("_ecp_nistz256_add"); -&function_end("ecp_nistz256_mul_by_2"); - -######################################################################## -# void ecp_nistz256_mul_by_3(BN_ULONG edi[8],const BN_ULONG esi[8]); -&function_begin("ecp_nistz256_mul_by_3"); - &mov ("esi",&wparam(1)); - # multiplication by 3 is performed - # as 2*n+n, but we can't use output - # to store 2*n, because if output - # pointer equals to input, then - # we'll get 2*n+2*n. - &stack_push(8); # therefore we need to allocate - # 256-bit intermediate buffer. - &mov ("edi","esp"); - &mov ("ebp","esi"); - &call ("_ecp_nistz256_add"); - &lea ("esi",&DWP(0,"edi")); - &mov ("ebp",&wparam(1)); - &mov ("edi",&wparam(0)); - &call ("_ecp_nistz256_add"); - &stack_pop(8); -&function_end("ecp_nistz256_mul_by_3"); - -######################################################################## -# void ecp_nistz256_div_by_2(BN_ULONG edi[8],const BN_ULONG esi[8]); -&function_begin("ecp_nistz256_div_by_2"); - &mov ("esi",&wparam(1)); - &mov ("edi",&wparam(0)); - &call ("_ecp_nistz256_div_by_2"); -&function_end("ecp_nistz256_div_by_2"); - -&function_begin_B("_ecp_nistz256_div_by_2"); - # tmp = a is odd ? a+mod : a - # - # note that because mod has special form, i.e. consists of - # 0xffffffff, 1 and 0s, we can conditionally synthesize it by - # assigning least significant bit of input to one register, - # %ebp, and its negative to another, %edx. - - &mov ("ebp",&DWP(0,"esi")); - &xor ("edx","edx"); - &mov ("ebx",&DWP(4,"esi")); - &mov ("eax","ebp"); - &and ("ebp",1); - &mov ("ecx",&DWP(8,"esi")); - &sub ("edx","ebp"); - - &add ("eax","edx"); - &adc ("ebx","edx"); - &mov (&DWP(0,"edi"),"eax"); - &adc ("ecx","edx"); - &mov (&DWP(4,"edi"),"ebx"); - &mov (&DWP(8,"edi"),"ecx"); - - &mov ("eax",&DWP(12,"esi")); - &mov ("ebx",&DWP(16,"esi")); - &adc ("eax",0); - &mov ("ecx",&DWP(20,"esi")); - &adc ("ebx",0); - &mov (&DWP(12,"edi"),"eax"); - &adc ("ecx",0); - &mov (&DWP(16,"edi"),"ebx"); - &mov (&DWP(20,"edi"),"ecx"); - - &mov ("eax",&DWP(24,"esi")); - &mov ("ebx",&DWP(28,"esi")); - &adc ("eax","ebp"); - &adc ("ebx","edx"); - &mov (&DWP(24,"edi"),"eax"); - &sbb ("esi","esi"); # broadcast carry bit - &mov (&DWP(28,"edi"),"ebx"); - - # ret = tmp >> 1 - - &mov ("eax",&DWP(0,"edi")); - &mov ("ebx",&DWP(4,"edi")); - &mov ("ecx",&DWP(8,"edi")); - &mov ("edx",&DWP(12,"edi")); - - &shr ("eax",1); - &mov ("ebp","ebx"); - &shl ("ebx",31); - &or ("eax","ebx"); - - &shr ("ebp",1); - &mov ("ebx","ecx"); - &shl ("ecx",31); - &mov (&DWP(0,"edi"),"eax"); - &or ("ebp","ecx"); - &mov ("eax",&DWP(16,"edi")); - - &shr ("ebx",1); - &mov ("ecx","edx"); - &shl ("edx",31); - &mov (&DWP(4,"edi"),"ebp"); - &or ("ebx","edx"); - &mov ("ebp",&DWP(20,"edi")); - - &shr ("ecx",1); - &mov ("edx","eax"); - &shl ("eax",31); - &mov (&DWP(8,"edi"),"ebx"); - &or ("ecx","eax"); - &mov ("ebx",&DWP(24,"edi")); - - &shr ("edx",1); - &mov ("eax","ebp"); - &shl ("ebp",31); - &mov (&DWP(12,"edi"),"ecx"); - &or ("edx","ebp"); - &mov ("ecx",&DWP(28,"edi")); - - &shr ("eax",1); - &mov ("ebp","ebx"); - &shl ("ebx",31); - &mov (&DWP(16,"edi"),"edx"); - &or ("eax","ebx"); - - &shr ("ebp",1); - &mov ("ebx","ecx"); - &shl ("ecx",31); - &mov (&DWP(20,"edi"),"eax"); - &or ("ebp","ecx"); - - &shr ("ebx",1); - &shl ("esi",31); - &mov (&DWP(24,"edi"),"ebp"); - &or ("ebx","esi"); # handle top-most carry bit - &mov (&DWP(28,"edi"),"ebx"); - - &ret (); -&function_end_B("_ecp_nistz256_div_by_2"); - -######################################################################## -# void ecp_nistz256_add(BN_ULONG edi[8],const BN_ULONG esi[8], -# const BN_ULONG ebp[8]); -&function_begin("ecp_nistz256_add"); - &mov ("esi",&wparam(1)); - &mov ("ebp",&wparam(2)); - &mov ("edi",&wparam(0)); - &call ("_ecp_nistz256_add"); -&function_end("ecp_nistz256_add"); - -&function_begin_B("_ecp_nistz256_add"); - &mov ("eax",&DWP(0,"esi")); - &mov ("ebx",&DWP(4,"esi")); - &mov ("ecx",&DWP(8,"esi")); - &add ("eax",&DWP(0,"ebp")); - &mov ("edx",&DWP(12,"esi")); - &adc ("ebx",&DWP(4,"ebp")); - &mov (&DWP(0,"edi"),"eax"); - &adc ("ecx",&DWP(8,"ebp")); - &mov (&DWP(4,"edi"),"ebx"); - &adc ("edx",&DWP(12,"ebp")); - &mov (&DWP(8,"edi"),"ecx"); - &mov (&DWP(12,"edi"),"edx"); - - &mov ("eax",&DWP(16,"esi")); - &mov ("ebx",&DWP(20,"esi")); - &mov ("ecx",&DWP(24,"esi")); - &adc ("eax",&DWP(16,"ebp")); - &mov ("edx",&DWP(28,"esi")); - &adc ("ebx",&DWP(20,"ebp")); - &mov (&DWP(16,"edi"),"eax"); - &adc ("ecx",&DWP(24,"ebp")); - &mov (&DWP(20,"edi"),"ebx"); - &mov ("esi",0); - &adc ("edx",&DWP(28,"ebp")); - &mov (&DWP(24,"edi"),"ecx"); - &adc ("esi",0); - &mov (&DWP(28,"edi"),"edx"); - - # if a+b >= modulus, subtract modulus. - # - # But since comparison implies subtraction, we subtract modulus - # to see if it borrows, and then subtract it for real if - # subtraction didn't borrow. - - &mov ("eax",&DWP(0,"edi")); - &mov ("ebx",&DWP(4,"edi")); - &mov ("ecx",&DWP(8,"edi")); - &sub ("eax",-1); - &mov ("edx",&DWP(12,"edi")); - &sbb ("ebx",-1); - &mov ("eax",&DWP(16,"edi")); - &sbb ("ecx",-1); - &mov ("ebx",&DWP(20,"edi")); - &sbb ("edx",0); - &mov ("ecx",&DWP(24,"edi")); - &sbb ("eax",0); - &mov ("edx",&DWP(28,"edi")); - &sbb ("ebx",0); - &sbb ("ecx",1); - &sbb ("edx",-1); - &sbb ("esi",0); - - # Note that because mod has special form, i.e. consists of - # 0xffffffff, 1 and 0s, we can conditionally synthesize it by - # by using borrow. - - ¬ ("esi"); - &mov ("eax",&DWP(0,"edi")); - &mov ("ebp","esi"); - &mov ("ebx",&DWP(4,"edi")); - &shr ("ebp",31); - &mov ("ecx",&DWP(8,"edi")); - &sub ("eax","esi"); - &mov ("edx",&DWP(12,"edi")); - &sbb ("ebx","esi"); - &mov (&DWP(0,"edi"),"eax"); - &sbb ("ecx","esi"); - &mov (&DWP(4,"edi"),"ebx"); - &sbb ("edx",0); - &mov (&DWP(8,"edi"),"ecx"); - &mov (&DWP(12,"edi"),"edx"); - - &mov ("eax",&DWP(16,"edi")); - &mov ("ebx",&DWP(20,"edi")); - &mov ("ecx",&DWP(24,"edi")); - &sbb ("eax",0); - &mov ("edx",&DWP(28,"edi")); - &sbb ("ebx",0); - &mov (&DWP(16,"edi"),"eax"); - &sbb ("ecx","ebp"); - &mov (&DWP(20,"edi"),"ebx"); - &sbb ("edx","esi"); - &mov (&DWP(24,"edi"),"ecx"); - &mov (&DWP(28,"edi"),"edx"); - - &ret (); -&function_end_B("_ecp_nistz256_add"); - -######################################################################## -# void ecp_nistz256_sub(BN_ULONG edi[8],const BN_ULONG esi[8], -# const BN_ULONG ebp[8]); -&function_begin("ecp_nistz256_sub"); - &mov ("esi",&wparam(1)); - &mov ("ebp",&wparam(2)); - &mov ("edi",&wparam(0)); - &call ("_ecp_nistz256_sub"); -&function_end("ecp_nistz256_sub"); - -&function_begin_B("_ecp_nistz256_sub"); - &mov ("eax",&DWP(0,"esi")); - &mov ("ebx",&DWP(4,"esi")); - &mov ("ecx",&DWP(8,"esi")); - &sub ("eax",&DWP(0,"ebp")); - &mov ("edx",&DWP(12,"esi")); - &sbb ("ebx",&DWP(4,"ebp")); - &mov (&DWP(0,"edi"),"eax"); - &sbb ("ecx",&DWP(8,"ebp")); - &mov (&DWP(4,"edi"),"ebx"); - &sbb ("edx",&DWP(12,"ebp")); - &mov (&DWP(8,"edi"),"ecx"); - &mov (&DWP(12,"edi"),"edx"); - - &mov ("eax",&DWP(16,"esi")); - &mov ("ebx",&DWP(20,"esi")); - &mov ("ecx",&DWP(24,"esi")); - &sbb ("eax",&DWP(16,"ebp")); - &mov ("edx",&DWP(28,"esi")); - &sbb ("ebx",&DWP(20,"ebp")); - &sbb ("ecx",&DWP(24,"ebp")); - &mov (&DWP(16,"edi"),"eax"); - &sbb ("edx",&DWP(28,"ebp")); - &mov (&DWP(20,"edi"),"ebx"); - &sbb ("esi","esi"); # broadcast borrow bit - &mov (&DWP(24,"edi"),"ecx"); - &mov (&DWP(28,"edi"),"edx"); - - # if a-b borrows, add modulus. - # - # Note that because mod has special form, i.e. consists of - # 0xffffffff, 1 and 0s, we can conditionally synthesize it by - # assigning borrow bit to one register, %ebp, and its negative - # to another, %esi. But we started by calculating %esi... - - &mov ("eax",&DWP(0,"edi")); - &mov ("ebp","esi"); - &mov ("ebx",&DWP(4,"edi")); - &shr ("ebp",31); - &mov ("ecx",&DWP(8,"edi")); - &add ("eax","esi"); - &mov ("edx",&DWP(12,"edi")); - &adc ("ebx","esi"); - &mov (&DWP(0,"edi"),"eax"); - &adc ("ecx","esi"); - &mov (&DWP(4,"edi"),"ebx"); - &adc ("edx",0); - &mov (&DWP(8,"edi"),"ecx"); - &mov (&DWP(12,"edi"),"edx"); - - &mov ("eax",&DWP(16,"edi")); - &mov ("ebx",&DWP(20,"edi")); - &mov ("ecx",&DWP(24,"edi")); - &adc ("eax",0); - &mov ("edx",&DWP(28,"edi")); - &adc ("ebx",0); - &mov (&DWP(16,"edi"),"eax"); - &adc ("ecx","ebp"); - &mov (&DWP(20,"edi"),"ebx"); - &adc ("edx","esi"); - &mov (&DWP(24,"edi"),"ecx"); - &mov (&DWP(28,"edi"),"edx"); - - &ret (); -&function_end_B("_ecp_nistz256_sub"); - -######################################################################## -# void ecp_nistz256_neg(BN_ULONG edi[8],const BN_ULONG esi[8]); -&function_begin("ecp_nistz256_neg"); - &mov ("ebp",&wparam(1)); - &mov ("edi",&wparam(0)); - - &xor ("eax","eax"); - &stack_push(8); - &mov (&DWP(0,"esp"),"eax"); - &mov ("esi","esp"); - &mov (&DWP(4,"esp"),"eax"); - &mov (&DWP(8,"esp"),"eax"); - &mov (&DWP(12,"esp"),"eax"); - &mov (&DWP(16,"esp"),"eax"); - &mov (&DWP(20,"esp"),"eax"); - &mov (&DWP(24,"esp"),"eax"); - &mov (&DWP(28,"esp"),"eax"); - - &call ("_ecp_nistz256_sub"); - - &stack_pop(8); -&function_end("ecp_nistz256_neg"); - -&function_begin_B("_picup_eax"); - &mov ("eax",&DWP(0,"esp")); - &ret (); -&function_end_B("_picup_eax"); - -######################################################################## -# void ecp_nistz256_to_mont(BN_ULONG edi[8],const BN_ULONG esi[8]); -&function_begin("ecp_nistz256_to_mont"); - &mov ("esi",&wparam(1)); - &call ("_picup_eax"); - &set_label("pic"); - &lea ("ebp",&DWP(&label("RR")."-".&label("pic"),"eax")); - if ($sse2) { - &picmeup("eax","OPENSSL_ia32cap_P","eax",&label("pic")); - &mov ("eax",&DWP(0,"eax")); } - &mov ("edi",&wparam(0)); - &call ("_ecp_nistz256_mul_mont"); -&function_end("ecp_nistz256_to_mont"); - -######################################################################## -# void ecp_nistz256_from_mont(BN_ULONG edi[8],const BN_ULONG esi[8]); -&function_begin("ecp_nistz256_from_mont"); - &mov ("esi",&wparam(1)); - &call ("_picup_eax"); - &set_label("pic"); - &lea ("ebp",&DWP(&label("ONE")."-".&label("pic"),"eax")); - if ($sse2) { - &picmeup("eax","OPENSSL_ia32cap_P","eax",&label("pic")); - &mov ("eax",&DWP(0,"eax")); } - &mov ("edi",&wparam(0)); - &call ("_ecp_nistz256_mul_mont"); -&function_end("ecp_nistz256_from_mont"); - -######################################################################## -# void ecp_nistz256_mul_mont(BN_ULONG edi[8],const BN_ULONG esi[8], -# const BN_ULONG ebp[8]); -&function_begin("ecp_nistz256_mul_mont"); - &mov ("esi",&wparam(1)); - &mov ("ebp",&wparam(2)); - if ($sse2) { - &call ("_picup_eax"); - &set_label("pic"); - &picmeup("eax","OPENSSL_ia32cap_P","eax",&label("pic")); - &mov ("eax",&DWP(0,"eax")); } - &mov ("edi",&wparam(0)); - &call ("_ecp_nistz256_mul_mont"); -&function_end("ecp_nistz256_mul_mont"); - -######################################################################## -# void ecp_nistz256_sqr_mont(BN_ULONG edi[8],const BN_ULONG esi[8]); -&function_begin("ecp_nistz256_sqr_mont"); - &mov ("esi",&wparam(1)); - if ($sse2) { - &call ("_picup_eax"); - &set_label("pic"); - &picmeup("eax","OPENSSL_ia32cap_P","eax",&label("pic")); - &mov ("eax",&DWP(0,"eax")); } - &mov ("edi",&wparam(0)); - &mov ("ebp","esi"); - &call ("_ecp_nistz256_mul_mont"); -&function_end("ecp_nistz256_sqr_mont"); - -&function_begin_B("_ecp_nistz256_mul_mont"); - if ($sse2) { - &and ("eax",1<<24|1<<26); - &cmp ("eax",1<<24|1<<26); # see if XMM+SSE2 is on - &jne (&label("mul_mont_ialu")); - - ######################################## - # SSE2 code path featuring 32x16-bit - # multiplications is ~2x faster than - # IALU counterpart (except on Atom)... - ######################################## - # stack layout: - # +------------------------------------+< %esp - # | 7 16-byte temporary XMM words, | - # | "sliding" toward lower address | - # . . - # +------------------------------------+ - # | unused XMM word | - # +------------------------------------+< +128,%ebx - # | 8 16-byte XMM words holding copies | - # | of a[i]<<64|a[i] | - # . . - # . . - # +------------------------------------+< +256 - &mov ("edx","esp"); - &sub ("esp",0x100); - - &movd ("xmm7",&DWP(0,"ebp")); # b[0] -> 0000.00xy - &lea ("ebp",&DWP(4,"ebp")); - &pcmpeqd("xmm6","xmm6"); - &psrlq ("xmm6",48); # compose 0xffff<<64|0xffff - - &pshuflw("xmm7","xmm7",0b11011100); # 0000.00xy -> 0000.0x0y - &and ("esp",-64); - &pshufd ("xmm7","xmm7",0b11011100); # 0000.0x0y -> 000x.000y - &lea ("ebx",&DWP(0x80,"esp")); - - &movd ("xmm0",&DWP(4*0,"esi")); # a[0] -> 0000.00xy - &pshufd ("xmm0","xmm0",0b11001100); # 0000.00xy -> 00xy.00xy - &movd ("xmm1",&DWP(4*1,"esi")); # a[1] -> ... - &movdqa (&QWP(0x00,"ebx"),"xmm0"); # offload converted a[0] - &pmuludq("xmm0","xmm7"); # a[0]*b[0] - - &movd ("xmm2",&DWP(4*2,"esi")); - &pshufd ("xmm1","xmm1",0b11001100); - &movdqa (&QWP(0x10,"ebx"),"xmm1"); - &pmuludq("xmm1","xmm7"); # a[1]*b[0] - - &movq ("xmm4","xmm0"); # clear upper 64 bits - &pslldq("xmm4",6); - &paddq ("xmm4","xmm0"); - &movdqa("xmm5","xmm4"); - &psrldq("xmm4",10); # upper 32 bits of a[0]*b[0] - &pand ("xmm5","xmm6"); # lower 32 bits of a[0]*b[0] - - # Upper half of a[0]*b[i] is carried into next multiplication - # iteration, while lower one "participates" in actual reduction. - # Normally latter is done by accumulating result of multiplication - # of modulus by "magic" digit, but thanks to special form of modulus - # and "magic" digit it can be performed only with additions and - # subtractions (see note in IALU section below). Note that we are - # not bothered with carry bits, they are accumulated in "flatten" - # phase after all multiplications and reductions. - - &movd ("xmm3",&DWP(4*3,"esi")); - &pshufd ("xmm2","xmm2",0b11001100); - &movdqa (&QWP(0x20,"ebx"),"xmm2"); - &pmuludq("xmm2","xmm7"); # a[2]*b[0] - &paddq ("xmm1","xmm4"); # a[1]*b[0]+hw(a[0]*b[0]), carry - &movdqa (&QWP(0x00,"esp"),"xmm1"); # t[0] - - &movd ("xmm0",&DWP(4*4,"esi")); - &pshufd ("xmm3","xmm3",0b11001100); - &movdqa (&QWP(0x30,"ebx"),"xmm3"); - &pmuludq("xmm3","xmm7"); # a[3]*b[0] - &movdqa (&QWP(0x10,"esp"),"xmm2"); - - &movd ("xmm1",&DWP(4*5,"esi")); - &pshufd ("xmm0","xmm0",0b11001100); - &movdqa (&QWP(0x40,"ebx"),"xmm0"); - &pmuludq("xmm0","xmm7"); # a[4]*b[0] - &paddq ("xmm3","xmm5"); # a[3]*b[0]+lw(a[0]*b[0]), reduction step - &movdqa (&QWP(0x20,"esp"),"xmm3"); - - &movd ("xmm2",&DWP(4*6,"esi")); - &pshufd ("xmm1","xmm1",0b11001100); - &movdqa (&QWP(0x50,"ebx"),"xmm1"); - &pmuludq("xmm1","xmm7"); # a[5]*b[0] - &movdqa (&QWP(0x30,"esp"),"xmm0"); - &pshufd("xmm4","xmm5",0b10110001); # xmm4 = xmm5<<32, reduction step - - &movd ("xmm3",&DWP(4*7,"esi")); - &pshufd ("xmm2","xmm2",0b11001100); - &movdqa (&QWP(0x60,"ebx"),"xmm2"); - &pmuludq("xmm2","xmm7"); # a[6]*b[0] - &movdqa (&QWP(0x40,"esp"),"xmm1"); - &psubq ("xmm4","xmm5"); # xmm4 = xmm5*0xffffffff, reduction step - - &movd ("xmm0",&DWP(0,"ebp")); # b[1] -> 0000.00xy - &pshufd ("xmm3","xmm3",0b11001100); - &movdqa (&QWP(0x70,"ebx"),"xmm3"); - &pmuludq("xmm3","xmm7"); # a[7]*b[0] - - &pshuflw("xmm7","xmm0",0b11011100); # 0000.00xy -> 0000.0x0y - &movdqa ("xmm0",&QWP(0x00,"ebx")); # pre-load converted a[0] - &pshufd ("xmm7","xmm7",0b11011100); # 0000.0x0y -> 000x.000y - - &mov ("ecx",6); - &lea ("ebp",&DWP(4,"ebp")); - &jmp (&label("madd_sse2")); - -&set_label("madd_sse2",16); - &paddq ("xmm2","xmm5"); # a[6]*b[i-1]+lw(a[0]*b[i-1]), reduction step [modulo-scheduled] - &paddq ("xmm3","xmm4"); # a[7]*b[i-1]+lw(a[0]*b[i-1])*0xffffffff, reduction step [modulo-scheduled] - &movdqa ("xmm1",&QWP(0x10,"ebx")); - &pmuludq("xmm0","xmm7"); # a[0]*b[i] - &movdqa(&QWP(0x50,"esp"),"xmm2"); - - &movdqa ("xmm2",&QWP(0x20,"ebx")); - &pmuludq("xmm1","xmm7"); # a[1]*b[i] - &movdqa(&QWP(0x60,"esp"),"xmm3"); - &paddq ("xmm0",&QWP(0x00,"esp")); - - &movdqa ("xmm3",&QWP(0x30,"ebx")); - &pmuludq("xmm2","xmm7"); # a[2]*b[i] - &movq ("xmm4","xmm0"); # clear upper 64 bits - &pslldq("xmm4",6); - &paddq ("xmm1",&QWP(0x10,"esp")); - &paddq ("xmm4","xmm0"); - &movdqa("xmm5","xmm4"); - &psrldq("xmm4",10); # upper 33 bits of a[0]*b[i]+t[0] - - &movdqa ("xmm0",&QWP(0x40,"ebx")); - &pmuludq("xmm3","xmm7"); # a[3]*b[i] - &paddq ("xmm1","xmm4"); # a[1]*b[i]+hw(a[0]*b[i]), carry - &paddq ("xmm2",&QWP(0x20,"esp")); - &movdqa (&QWP(0x00,"esp"),"xmm1"); - - &movdqa ("xmm1",&QWP(0x50,"ebx")); - &pmuludq("xmm0","xmm7"); # a[4]*b[i] - &paddq ("xmm3",&QWP(0x30,"esp")); - &movdqa (&QWP(0x10,"esp"),"xmm2"); - &pand ("xmm5","xmm6"); # lower 32 bits of a[0]*b[i] - - &movdqa ("xmm2",&QWP(0x60,"ebx")); - &pmuludq("xmm1","xmm7"); # a[5]*b[i] - &paddq ("xmm3","xmm5"); # a[3]*b[i]+lw(a[0]*b[i]), reduction step - &paddq ("xmm0",&QWP(0x40,"esp")); - &movdqa (&QWP(0x20,"esp"),"xmm3"); - &pshufd("xmm4","xmm5",0b10110001); # xmm4 = xmm5<<32, reduction step - - &movdqa ("xmm3","xmm7"); - &pmuludq("xmm2","xmm7"); # a[6]*b[i] - &movd ("xmm7",&DWP(0,"ebp")); # b[i++] -> 0000.00xy - &lea ("ebp",&DWP(4,"ebp")); - &paddq ("xmm1",&QWP(0x50,"esp")); - &psubq ("xmm4","xmm5"); # xmm4 = xmm5*0xffffffff, reduction step - &movdqa (&QWP(0x30,"esp"),"xmm0"); - &pshuflw("xmm7","xmm7",0b11011100); # 0000.00xy -> 0000.0x0y - - &pmuludq("xmm3",&QWP(0x70,"ebx")); # a[7]*b[i] - &pshufd("xmm7","xmm7",0b11011100); # 0000.0x0y -> 000x.000y - &movdqa("xmm0",&QWP(0x00,"ebx")); # pre-load converted a[0] - &movdqa (&QWP(0x40,"esp"),"xmm1"); - &paddq ("xmm2",&QWP(0x60,"esp")); - - &dec ("ecx"); - &jnz (&label("madd_sse2")); - - &paddq ("xmm2","xmm5"); # a[6]*b[6]+lw(a[0]*b[6]), reduction step [modulo-scheduled] - &paddq ("xmm3","xmm4"); # a[7]*b[6]+lw(a[0]*b[6])*0xffffffff, reduction step [modulo-scheduled] - &movdqa ("xmm1",&QWP(0x10,"ebx")); - &pmuludq("xmm0","xmm7"); # a[0]*b[7] - &movdqa(&QWP(0x50,"esp"),"xmm2"); - - &movdqa ("xmm2",&QWP(0x20,"ebx")); - &pmuludq("xmm1","xmm7"); # a[1]*b[7] - &movdqa(&QWP(0x60,"esp"),"xmm3"); - &paddq ("xmm0",&QWP(0x00,"esp")); - - &movdqa ("xmm3",&QWP(0x30,"ebx")); - &pmuludq("xmm2","xmm7"); # a[2]*b[7] - &movq ("xmm4","xmm0"); # clear upper 64 bits - &pslldq("xmm4",6); - &paddq ("xmm1",&QWP(0x10,"esp")); - &paddq ("xmm4","xmm0"); - &movdqa("xmm5","xmm4"); - &psrldq("xmm4",10); # upper 33 bits of a[0]*b[i]+t[0] - - &movdqa ("xmm0",&QWP(0x40,"ebx")); - &pmuludq("xmm3","xmm7"); # a[3]*b[7] - &paddq ("xmm1","xmm4"); # a[1]*b[7]+hw(a[0]*b[7]), carry - &paddq ("xmm2",&QWP(0x20,"esp")); - &movdqa (&QWP(0x00,"esp"),"xmm1"); - - &movdqa ("xmm1",&QWP(0x50,"ebx")); - &pmuludq("xmm0","xmm7"); # a[4]*b[7] - &paddq ("xmm3",&QWP(0x30,"esp")); - &movdqa (&QWP(0x10,"esp"),"xmm2"); - &pand ("xmm5","xmm6"); # lower 32 bits of a[0]*b[i] - - &movdqa ("xmm2",&QWP(0x60,"ebx")); - &pmuludq("xmm1","xmm7"); # a[5]*b[7] - &paddq ("xmm3","xmm5"); # reduction step - &paddq ("xmm0",&QWP(0x40,"esp")); - &movdqa (&QWP(0x20,"esp"),"xmm3"); - &pshufd("xmm4","xmm5",0b10110001); # xmm4 = xmm5<<32, reduction step - - &movdqa ("xmm3",&QWP(0x70,"ebx")); - &pmuludq("xmm2","xmm7"); # a[6]*b[7] - &paddq ("xmm1",&QWP(0x50,"esp")); - &psubq ("xmm4","xmm5"); # xmm4 = xmm5*0xffffffff, reduction step - &movdqa (&QWP(0x30,"esp"),"xmm0"); - - &pmuludq("xmm3","xmm7"); # a[7]*b[7] - &pcmpeqd("xmm7","xmm7"); - &movdqa ("xmm0",&QWP(0x00,"esp")); - &pslldq ("xmm7",8); - &movdqa (&QWP(0x40,"esp"),"xmm1"); - &paddq ("xmm2",&QWP(0x60,"esp")); - - &paddq ("xmm2","xmm5"); # a[6]*b[7]+lw(a[0]*b[7]), reduction step - &paddq ("xmm3","xmm4"); # a[6]*b[7]+lw(a[0]*b[7])*0xffffffff, reduction step - &movdqa(&QWP(0x50,"esp"),"xmm2"); - &movdqa(&QWP(0x60,"esp"),"xmm3"); - - &movdqa ("xmm1",&QWP(0x10,"esp")); - &movdqa ("xmm2",&QWP(0x20,"esp")); - &movdqa ("xmm3",&QWP(0x30,"esp")); - - &movq ("xmm4","xmm0"); # "flatten" - &pand ("xmm0","xmm7"); - &xor ("ebp","ebp"); - &pslldq ("xmm4",6); - &movq ("xmm5","xmm1"); - &paddq ("xmm0","xmm4"); - &pand ("xmm1","xmm7"); - &psrldq ("xmm0",6); - &movd ("eax","xmm0"); - &psrldq ("xmm0",4); - - &paddq ("xmm5","xmm0"); - &movdqa ("xmm0",&QWP(0x40,"esp")); - &sub ("eax",-1); # start subtracting modulus, - # this is used to determine - # if result is larger/smaller - # than modulus (see below) - &pslldq ("xmm5",6); - &movq ("xmm4","xmm2"); - &paddq ("xmm1","xmm5"); - &pand ("xmm2","xmm7"); - &psrldq ("xmm1",6); - &mov (&DWP(4*0,"edi"),"eax"); - &movd ("eax","xmm1"); - &psrldq ("xmm1",4); - - &paddq ("xmm4","xmm1"); - &movdqa ("xmm1",&QWP(0x50,"esp")); - &sbb ("eax",-1); - &pslldq ("xmm4",6); - &movq ("xmm5","xmm3"); - &paddq ("xmm2","xmm4"); - &pand ("xmm3","xmm7"); - &psrldq ("xmm2",6); - &mov (&DWP(4*1,"edi"),"eax"); - &movd ("eax","xmm2"); - &psrldq ("xmm2",4); - - &paddq ("xmm5","xmm2"); - &movdqa ("xmm2",&QWP(0x60,"esp")); - &sbb ("eax",-1); - &pslldq ("xmm5",6); - &movq ("xmm4","xmm0"); - &paddq ("xmm3","xmm5"); - &pand ("xmm0","xmm7"); - &psrldq ("xmm3",6); - &mov (&DWP(4*2,"edi"),"eax"); - &movd ("eax","xmm3"); - &psrldq ("xmm3",4); - - &paddq ("xmm4","xmm3"); - &sbb ("eax",0); - &pslldq ("xmm4",6); - &movq ("xmm5","xmm1"); - &paddq ("xmm0","xmm4"); - &pand ("xmm1","xmm7"); - &psrldq ("xmm0",6); - &mov (&DWP(4*3,"edi"),"eax"); - &movd ("eax","xmm0"); - &psrldq ("xmm0",4); - - &paddq ("xmm5","xmm0"); - &sbb ("eax",0); - &pslldq ("xmm5",6); - &movq ("xmm4","xmm2"); - &paddq ("xmm1","xmm5"); - &pand ("xmm2","xmm7"); - &psrldq ("xmm1",6); - &movd ("ebx","xmm1"); - &psrldq ("xmm1",4); - &mov ("esp","edx"); - - &paddq ("xmm4","xmm1"); - &pslldq ("xmm4",6); - &paddq ("xmm2","xmm4"); - &psrldq ("xmm2",6); - &movd ("ecx","xmm2"); - &psrldq ("xmm2",4); - &sbb ("ebx",0); - &movd ("edx","xmm2"); - &pextrw ("esi","xmm2",2); # top-most overflow bit - &sbb ("ecx",1); - &sbb ("edx",-1); - &sbb ("esi",0); # borrow from subtraction - - # Final step is "if result > mod, subtract mod", and at this point - # we have result - mod written to output buffer, as well as borrow - # bit from this subtraction, and if borrow bit is set, we add - # modulus back. - # - # Note that because mod has special form, i.e. consists of - # 0xffffffff, 1 and 0s, we can conditionally synthesize it by - # assigning borrow bit to one register, %ebp, and its negative - # to another, %esi. But we started by calculating %esi... - - &sub ("ebp","esi"); - &add (&DWP(4*0,"edi"),"esi"); # add modulus or zero - &adc (&DWP(4*1,"edi"),"esi"); - &adc (&DWP(4*2,"edi"),"esi"); - &adc (&DWP(4*3,"edi"),0); - &adc ("eax",0); - &adc ("ebx",0); - &mov (&DWP(4*4,"edi"),"eax"); - &adc ("ecx","ebp"); - &mov (&DWP(4*5,"edi"),"ebx"); - &adc ("edx","esi"); - &mov (&DWP(4*6,"edi"),"ecx"); - &mov (&DWP(4*7,"edi"),"edx"); - - &ret (); - -&set_label("mul_mont_ialu",16); } - - ######################################## - # IALU code path suitable for all CPUs. - ######################################## - # stack layout: - # +------------------------------------+< %esp - # | 8 32-bit temporary words, accessed | - # | as circular buffer | - # . . - # . . - # +------------------------------------+< +32 - # | offloaded destination pointer | - # +------------------------------------+ - # | unused | - # +------------------------------------+< +40 - &sub ("esp",10*4); - - &mov ("eax",&DWP(0*4,"esi")); # a[0] - &mov ("ebx",&DWP(0*4,"ebp")); # b[0] - &mov (&DWP(8*4,"esp"),"edi"); # off-load dst ptr - - &mul ("ebx"); # a[0]*b[0] - &mov (&DWP(0*4,"esp"),"eax"); # t[0] - &mov ("eax",&DWP(1*4,"esi")); - &mov ("ecx","edx") - - &mul ("ebx"); # a[1]*b[0] - &add ("ecx","eax"); - &mov ("eax",&DWP(2*4,"esi")); - &adc ("edx",0); - &mov (&DWP(1*4,"esp"),"ecx"); # t[1] - &mov ("ecx","edx"); - - &mul ("ebx"); # a[2]*b[0] - &add ("ecx","eax"); - &mov ("eax",&DWP(3*4,"esi")); - &adc ("edx",0); - &mov (&DWP(2*4,"esp"),"ecx"); # t[2] - &mov ("ecx","edx"); - - &mul ("ebx"); # a[3]*b[0] - &add ("ecx","eax"); - &mov ("eax",&DWP(4*4,"esi")); - &adc ("edx",0); - &mov (&DWP(3*4,"esp"),"ecx"); # t[3] - &mov ("ecx","edx"); - - &mul ("ebx"); # a[4]*b[0] - &add ("ecx","eax"); - &mov ("eax",&DWP(5*4,"esi")); - &adc ("edx",0); - &mov (&DWP(4*4,"esp"),"ecx"); # t[4] - &mov ("ecx","edx"); - - &mul ("ebx"); # a[5]*b[0] - &add ("ecx","eax"); - &mov ("eax",&DWP(6*4,"esi")); - &adc ("edx",0); - &mov (&DWP(5*4,"esp"),"ecx"); # t[5] - &mov ("ecx","edx"); - - &mul ("ebx"); # a[6]*b[0] - &add ("ecx","eax"); - &mov ("eax",&DWP(7*4,"esi")); - &adc ("edx",0); - &mov (&DWP(6*4,"esp"),"ecx"); # t[6] - &mov ("ecx","edx"); - - &xor ("edi","edi"); # initial top-most carry - &mul ("ebx"); # a[7]*b[0] - &add ("ecx","eax"); # t[7] - &mov ("eax",&DWP(0*4,"esp")); # t[0] - &adc ("edx",0); # t[8] - -for ($i=0;$i<7;$i++) { - my $j=$i+1; - - # Reduction iteration is normally performed by accumulating - # result of multiplication of modulus by "magic" digit [and - # omitting least significant word, which is guaranteed to - # be 0], but thanks to special form of modulus and "magic" - # digit being equal to least significant word, it can be - # performed with additions and subtractions alone. Indeed: - # - # ffff.0001.0000.0000.0000.ffff.ffff.ffff - # * abcd - # + xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.abcd - # - # Now observing that ff..ff*x = (2^n-1)*x = 2^n*x-x, we - # rewrite above as: - # - # xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.abcd - # + abcd.0000.abcd.0000.0000.abcd.0000.0000.0000 - # - abcd.0000.0000.0000.0000.0000.0000.abcd - # - # or marking redundant operations: - # - # xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.---- - # + abcd.0000.abcd.0000.0000.abcd.----.----.---- - # - abcd.----.----.----.----.----.----.---- - - &add (&DWP((($i+3)%8)*4,"esp"),"eax"); # t[3]+=t[0] - &adc (&DWP((($i+4)%8)*4,"esp"),0); # t[4]+=0 - &adc (&DWP((($i+5)%8)*4,"esp"),0); # t[5]+=0 - &adc (&DWP((($i+6)%8)*4,"esp"),"eax"); # t[6]+=t[0] - &adc ("ecx",0); # t[7]+=0 - &adc ("edx","eax"); # t[8]+=t[0] - &adc ("edi",0); # top-most carry - &mov ("ebx",&DWP($j*4,"ebp")); # b[i] - &sub ("ecx","eax"); # t[7]-=t[0] - &mov ("eax",&DWP(0*4,"esi")); # a[0] - &sbb ("edx",0); # t[8]-=0 - &mov (&DWP((($i+7)%8)*4,"esp"),"ecx"); - &sbb ("edi",0); # top-most carry, - # keep in mind that - # netto result is - # *addition* of value - # with (abcd<<32)-abcd - # on top, so that - # underflow is - # impossible, because - # (abcd<<32)-abcd - # doesn't underflow - &mov (&DWP((($i+8)%8)*4,"esp"),"edx"); - - &mul ("ebx"); # a[0]*b[i] - &add ("eax",&DWP((($j+0)%8)*4,"esp")); - &adc ("edx",0); - &mov (&DWP((($j+0)%8)*4,"esp"),"eax"); - &mov ("eax",&DWP(1*4,"esi")); - &mov ("ecx","edx") - - &mul ("ebx"); # a[1]*b[i] - &add ("ecx",&DWP((($j+1)%8)*4,"esp")); - &adc ("edx",0); - &add ("ecx","eax"); - &adc ("edx",0); - &mov ("eax",&DWP(2*4,"esi")); - &mov (&DWP((($j+1)%8)*4,"esp"),"ecx"); - &mov ("ecx","edx"); - - &mul ("ebx"); # a[2]*b[i] - &add ("ecx",&DWP((($j+2)%8)*4,"esp")); - &adc ("edx",0); - &add ("ecx","eax"); - &adc ("edx",0); - &mov ("eax",&DWP(3*4,"esi")); - &mov (&DWP((($j+2)%8)*4,"esp"),"ecx"); - &mov ("ecx","edx"); - - &mul ("ebx"); # a[3]*b[i] - &add ("ecx",&DWP((($j+3)%8)*4,"esp")); - &adc ("edx",0); - &add ("ecx","eax"); - &adc ("edx",0); - &mov ("eax",&DWP(4*4,"esi")); - &mov (&DWP((($j+3)%8)*4,"esp"),"ecx"); - &mov ("ecx","edx"); - - &mul ("ebx"); # a[4]*b[i] - &add ("ecx",&DWP((($j+4)%8)*4,"esp")); - &adc ("edx",0); - &add ("ecx","eax"); - &adc ("edx",0); - &mov ("eax",&DWP(5*4,"esi")); - &mov (&DWP((($j+4)%8)*4,"esp"),"ecx"); - &mov ("ecx","edx"); - - &mul ("ebx"); # a[5]*b[i] - &add ("ecx",&DWP((($j+5)%8)*4,"esp")); - &adc ("edx",0); - &add ("ecx","eax"); - &adc ("edx",0); - &mov ("eax",&DWP(6*4,"esi")); - &mov (&DWP((($j+5)%8)*4,"esp"),"ecx"); - &mov ("ecx","edx"); - - &mul ("ebx"); # a[6]*b[i] - &add ("ecx",&DWP((($j+6)%8)*4,"esp")); - &adc ("edx",0); - &add ("ecx","eax"); - &adc ("edx",0); - &mov ("eax",&DWP(7*4,"esi")); - &mov (&DWP((($j+6)%8)*4,"esp"),"ecx"); - &mov ("ecx","edx"); - - &mul ("ebx"); # a[7]*b[i] - &add ("ecx",&DWP((($j+7)%8)*4,"esp")); - &adc ("edx",0); - &add ("ecx","eax"); # t[7] - &mov ("eax",&DWP((($j+0)%8)*4,"esp")); # t[0] - &adc ("edx","edi"); # t[8] - &mov ("edi",0); - &adc ("edi",0); # top-most carry -} - &mov ("ebp",&DWP(8*4,"esp")); # restore dst ptr - &xor ("esi","esi"); - my $j=$i+1; - - # last multiplication-less reduction - &add (&DWP((($i+3)%8)*4,"esp"),"eax"); # t[3]+=t[0] - &adc (&DWP((($i+4)%8)*4,"esp"),0); # t[4]+=0 - &adc (&DWP((($i+5)%8)*4,"esp"),0); # t[5]+=0 - &adc (&DWP((($i+6)%8)*4,"esp"),"eax"); # t[6]+=t[0] - &adc ("ecx",0); # t[7]+=0 - &adc ("edx","eax"); # t[8]+=t[0] - &adc ("edi",0); # top-most carry - &mov ("ebx",&DWP((($j+1)%8)*4,"esp")); - &sub ("ecx","eax"); # t[7]-=t[0] - &mov ("eax",&DWP((($j+0)%8)*4,"esp")); - &sbb ("edx",0); # t[8]-=0 - &mov (&DWP((($i+7)%8)*4,"esp"),"ecx"); - &sbb ("edi",0); # top-most carry - &mov (&DWP((($i+8)%8)*4,"esp"),"edx"); - - # Final step is "if result > mod, subtract mod", but we do it - # "other way around", namely write result - mod to output buffer - # and if subtraction borrowed, add modulus back. - - &mov ("ecx",&DWP((($j+2)%8)*4,"esp")); - &sub ("eax",-1); - &mov ("edx",&DWP((($j+3)%8)*4,"esp")); - &sbb ("ebx",-1); - &mov (&DWP(0*4,"ebp"),"eax"); - &sbb ("ecx",-1); - &mov (&DWP(1*4,"ebp"),"ebx"); - &sbb ("edx",0); - &mov (&DWP(2*4,"ebp"),"ecx"); - &mov (&DWP(3*4,"ebp"),"edx"); - - &mov ("eax",&DWP((($j+4)%8)*4,"esp")); - &mov ("ebx",&DWP((($j+5)%8)*4,"esp")); - &mov ("ecx",&DWP((($j+6)%8)*4,"esp")); - &sbb ("eax",0); - &mov ("edx",&DWP((($j+7)%8)*4,"esp")); - &sbb ("ebx",0); - &sbb ("ecx",1); - &sbb ("edx",-1); - &sbb ("edi",0); - - # Note that because mod has special form, i.e. consists of - # 0xffffffff, 1 and 0s, we can conditionally synthesize it by - # assigning borrow bit to one register, %ebp, and its negative - # to another, %esi. But we started by calculating %esi... - - &sub ("esi","edi"); - &add (&DWP(0*4,"ebp"),"edi"); # add modulus or zero - &adc (&DWP(1*4,"ebp"),"edi"); - &adc (&DWP(2*4,"ebp"),"edi"); - &adc (&DWP(3*4,"ebp"),0); - &adc ("eax",0); - &adc ("ebx",0); - &mov (&DWP(4*4,"ebp"),"eax"); - &adc ("ecx","esi"); - &mov (&DWP(5*4,"ebp"),"ebx"); - &adc ("edx","edi"); - &mov (&DWP(6*4,"ebp"),"ecx"); - &mov ("edi","ebp"); # fulfill contract - &mov (&DWP(7*4,"ebp"),"edx"); - - &add ("esp",10*4); - &ret (); -&function_end_B("_ecp_nistz256_mul_mont"); - -######################################################################## -# void ecp_nistz256_scatter_w5(void *edi,const P256_POINT *esi, -# int ebp); -&function_begin("ecp_nistz256_scatter_w5"); - &mov ("edi",&wparam(0)); - &mov ("esi",&wparam(1)); - &mov ("ebp",&wparam(2)); - - &lea ("edi",&DWP(128-4,"edi","ebp",4)); - &mov ("ebp",96/16); -&set_label("scatter_w5_loop"); - &mov ("eax",&DWP(0,"esi")); - &mov ("ebx",&DWP(4,"esi")); - &mov ("ecx",&DWP(8,"esi")); - &mov ("edx",&DWP(12,"esi")); - &lea ("esi",&DWP(16,"esi")); - &mov (&DWP(64*0-128,"edi"),"eax"); - &mov (&DWP(64*1-128,"edi"),"ebx"); - &mov (&DWP(64*2-128,"edi"),"ecx"); - &mov (&DWP(64*3-128,"edi"),"edx"); - &lea ("edi",&DWP(64*4,"edi")); - &dec ("ebp"); - &jnz (&label("scatter_w5_loop")); -&function_end("ecp_nistz256_scatter_w5"); - -######################################################################## -# void ecp_nistz256_gather_w5(P256_POINT *edi,const void *esi, -# int ebp); -&function_begin("ecp_nistz256_gather_w5"); - &mov ("esi",&wparam(1)); - &mov ("ebp",&wparam(2)); - - &lea ("esi",&DWP(0,"esi","ebp",4)); - &neg ("ebp"); - &sar ("ebp",31); - &mov ("edi",&wparam(0)); - &lea ("esi",&DWP(0,"esi","ebp",4)); - - for($i=0;$i<24;$i+=4) { - &mov ("eax",&DWP(64*($i+0),"esi")); - &mov ("ebx",&DWP(64*($i+1),"esi")); - &mov ("ecx",&DWP(64*($i+2),"esi")); - &mov ("edx",&DWP(64*($i+3),"esi")); - &and ("eax","ebp"); - &and ("ebx","ebp"); - &and ("ecx","ebp"); - &and ("edx","ebp"); - &mov (&DWP(4*($i+0),"edi"),"eax"); - &mov (&DWP(4*($i+1),"edi"),"ebx"); - &mov (&DWP(4*($i+2),"edi"),"ecx"); - &mov (&DWP(4*($i+3),"edi"),"edx"); - } -&function_end("ecp_nistz256_gather_w5"); - -######################################################################## -# void ecp_nistz256_scatter_w7(void *edi,const P256_POINT_AFFINE *esi, -# int ebp); -&function_begin("ecp_nistz256_scatter_w7"); - &mov ("edi",&wparam(0)); - &mov ("esi",&wparam(1)); - &mov ("ebp",&wparam(2)); - - &lea ("edi",&DWP(0,"edi","ebp")); - &mov ("ebp",64/4); -&set_label("scatter_w7_loop"); - &mov ("eax",&DWP(0,"esi")); - &lea ("esi",&DWP(4,"esi")); - &mov (&BP(64*0,"edi"),"al"); - &mov (&BP(64*1,"edi"),"ah"); - &shr ("eax",16); - &mov (&BP(64*2,"edi"),"al"); - &mov (&BP(64*3,"edi"),"ah"); - &lea ("edi",&DWP(64*4,"edi")); - &dec ("ebp"); - &jnz (&label("scatter_w7_loop")); -&function_end("ecp_nistz256_scatter_w7"); - -######################################################################## -# void ecp_nistz256_gather_w7(P256_POINT_AFFINE *edi,const void *esi, -# int ebp); -&function_begin("ecp_nistz256_gather_w7"); - &mov ("esi",&wparam(1)); - &mov ("ebp",&wparam(2)); - - &add ("esi","ebp"); - &neg ("ebp"), - &sar ("ebp",31); - &mov ("edi",&wparam(0)); - &lea ("esi",&DWP(0,"esi","ebp")); - - for($i=0;$i<64;$i+=4) { - &movz ("eax",&BP(64*($i+0),"esi")); - &movz ("ebx",&BP(64*($i+1),"esi")); - &movz ("ecx",&BP(64*($i+2),"esi")); - &and ("eax","ebp"); - &movz ("edx",&BP(64*($i+3),"esi")); - &and ("ebx","ebp"); - &mov (&BP($i+0,"edi"),"al"); - &and ("ecx","ebp"); - &mov (&BP($i+1,"edi"),"bl"); - &and ("edx","ebp"); - &mov (&BP($i+2,"edi"),"cl"); - &mov (&BP($i+3,"edi"),"dl"); - } -&function_end("ecp_nistz256_gather_w7"); - -######################################################################## -# following subroutines are "literal" implementation of those found in -# ecp_nistz256.c -# -######################################################################## -# void ecp_nistz256_point_double(P256_POINT *out,const P256_POINT *inp); -# -&static_label("point_double_shortcut"); -&function_begin("ecp_nistz256_point_double"); -{ my ($S,$M,$Zsqr,$in_x,$tmp0)=map(32*$_,(0..4)); - - &mov ("esi",&wparam(1)); - - # above map() describes stack layout with 5 temporary - # 256-bit vectors on top, then we take extra word for - # OPENSSL_ia32cap_P copy. - &stack_push(8*5+1); - if ($sse2) { - &call ("_picup_eax"); - &set_label("pic"); - &picmeup("edx","OPENSSL_ia32cap_P","eax",&label("pic")); - &mov ("ebp",&DWP(0,"edx")); } - -&set_label("point_double_shortcut"); - &mov ("eax",&DWP(0,"esi")); # copy in_x - &mov ("ebx",&DWP(4,"esi")); - &mov ("ecx",&DWP(8,"esi")); - &mov ("edx",&DWP(12,"esi")); - &mov (&DWP($in_x+0,"esp"),"eax"); - &mov (&DWP($in_x+4,"esp"),"ebx"); - &mov (&DWP($in_x+8,"esp"),"ecx"); - &mov (&DWP($in_x+12,"esp"),"edx"); - &mov ("eax",&DWP(16,"esi")); - &mov ("ebx",&DWP(20,"esi")); - &mov ("ecx",&DWP(24,"esi")); - &mov ("edx",&DWP(28,"esi")); - &mov (&DWP($in_x+16,"esp"),"eax"); - &mov (&DWP($in_x+20,"esp"),"ebx"); - &mov (&DWP($in_x+24,"esp"),"ecx"); - &mov (&DWP($in_x+28,"esp"),"edx"); - &mov (&DWP(32*5,"esp"),"ebp"); # OPENSSL_ia32cap_P copy - - &lea ("ebp",&DWP(32,"esi")); - &lea ("esi",&DWP(32,"esi")); - &lea ("edi",&DWP($S,"esp")); - &call ("_ecp_nistz256_add"); # p256_mul_by_2(S, in_y); - - &mov ("eax",&DWP(32*5,"esp")); # OPENSSL_ia32cap_P copy - &mov ("esi",64); - &add ("esi",&wparam(1)); - &lea ("edi",&DWP($Zsqr,"esp")); - &mov ("ebp","esi"); - &call ("_ecp_nistz256_mul_mont"); # p256_sqr_mont(Zsqr, in_z); - - &mov ("eax",&DWP(32*5,"esp")); # OPENSSL_ia32cap_P copy - &lea ("esi",&DWP($S,"esp")); - &lea ("ebp",&DWP($S,"esp")); - &lea ("edi",&DWP($S,"esp")); - &call ("_ecp_nistz256_mul_mont"); # p256_sqr_mont(S, S); - - &mov ("eax",&DWP(32*5,"esp")); # OPENSSL_ia32cap_P copy - &mov ("ebp",&wparam(1)); - &lea ("esi",&DWP(32,"ebp")); - &lea ("ebp",&DWP(64,"ebp")); - &lea ("edi",&DWP($tmp0,"esp")); - &call ("_ecp_nistz256_mul_mont"); # p256_mul_mont(tmp0, in_z, in_y); - - &lea ("esi",&DWP($in_x,"esp")); - &lea ("ebp",&DWP($Zsqr,"esp")); - &lea ("edi",&DWP($M,"esp")); - &call ("_ecp_nistz256_add"); # p256_add(M, in_x, Zsqr); - - &mov ("edi",64); - &lea ("esi",&DWP($tmp0,"esp")); - &lea ("ebp",&DWP($tmp0,"esp")); - &add ("edi",&wparam(0)); - &call ("_ecp_nistz256_add"); # p256_mul_by_2(res_z, tmp0); - - &lea ("esi",&DWP($in_x,"esp")); - &lea ("ebp",&DWP($Zsqr,"esp")); - &lea ("edi",&DWP($Zsqr,"esp")); - &call ("_ecp_nistz256_sub"); # p256_sub(Zsqr, in_x, Zsqr); - - &mov ("eax",&DWP(32*5,"esp")); # OPENSSL_ia32cap_P copy - &lea ("esi",&DWP($S,"esp")); - &lea ("ebp",&DWP($S,"esp")); - &lea ("edi",&DWP($tmp0,"esp")); - &call ("_ecp_nistz256_mul_mont"); # p256_sqr_mont(tmp0, S); - - &mov ("eax",&DWP(32*5,"esp")); # OPENSSL_ia32cap_P copy - &lea ("esi",&DWP($M,"esp")); - &lea ("ebp",&DWP($Zsqr,"esp")); - &lea ("edi",&DWP($M,"esp")); - &call ("_ecp_nistz256_mul_mont"); # p256_mul_mont(M, M, Zsqr); - - &mov ("edi",32); - &lea ("esi",&DWP($tmp0,"esp")); - &add ("edi",&wparam(0)); - &call ("_ecp_nistz256_div_by_2"); # p256_div_by_2(res_y, tmp0); - - &lea ("esi",&DWP($M,"esp")); - &lea ("ebp",&DWP($M,"esp")); - &lea ("edi",&DWP($tmp0,"esp")); - &call ("_ecp_nistz256_add"); # 1/2 p256_mul_by_3(M, M); - - &mov ("eax",&DWP(32*5,"esp")); # OPENSSL_ia32cap_P copy - &lea ("esi",&DWP($in_x,"esp")); - &lea ("ebp",&DWP($S,"esp")); - &lea ("edi",&DWP($S,"esp")); - &call ("_ecp_nistz256_mul_mont"); # p256_mul_mont(S, S, in_x); - - &lea ("esi",&DWP($tmp0,"esp")); - &lea ("ebp",&DWP($M,"esp")); - &lea ("edi",&DWP($M,"esp")); - &call ("_ecp_nistz256_add"); # 2/2 p256_mul_by_3(M, M); - - &lea ("esi",&DWP($S,"esp")); - &lea ("ebp",&DWP($S,"esp")); - &lea ("edi",&DWP($tmp0,"esp")); - &call ("_ecp_nistz256_add"); # p256_mul_by_2(tmp0, S); - - &mov ("eax",&DWP(32*5,"esp")); # OPENSSL_ia32cap_P copy - &lea ("esi",&DWP($M,"esp")); - &lea ("ebp",&DWP($M,"esp")); - &mov ("edi",&wparam(0)); - &call ("_ecp_nistz256_mul_mont"); # p256_sqr_mont(res_x, M); - - &mov ("esi","edi"); # %edi is still res_x here - &lea ("ebp",&DWP($tmp0,"esp")); - &call ("_ecp_nistz256_sub"); # p256_sub(res_x, res_x, tmp0); - - &lea ("esi",&DWP($S,"esp")); - &mov ("ebp","edi"); # %edi is still res_x - &lea ("edi",&DWP($S,"esp")); - &call ("_ecp_nistz256_sub"); # p256_sub(S, S, res_x); - - &mov ("eax",&DWP(32*5,"esp")); # OPENSSL_ia32cap_P copy - &mov ("esi","edi"); # %edi is still &S - &lea ("ebp",&DWP($M,"esp")); - &call ("_ecp_nistz256_mul_mont"); # p256_mul_mont(S, S, M); - - &mov ("ebp",32); - &lea ("esi",&DWP($S,"esp")); - &add ("ebp",&wparam(0)); - &mov ("edi","ebp"); - &call ("_ecp_nistz256_sub"); # p256_sub(res_y, S, res_y); - - &stack_pop(8*5+1); -} &function_end("ecp_nistz256_point_double"); - -######################################################################## -# void ecp_nistz256_point_add(P256_POINT *out,const P256_POINT *in1, -# const P256_POINT *in2); -&function_begin("ecp_nistz256_point_add"); -{ my ($res_x,$res_y,$res_z, - $in1_x,$in1_y,$in1_z, - $in2_x,$in2_y,$in2_z, - $H,$Hsqr,$R,$Rsqr,$Hcub, - $U1,$U2,$S1,$S2)=map(32*$_,(0..17)); - my ($Z1sqr, $Z2sqr) = ($Hsqr, $Rsqr); - - &mov ("esi",&wparam(2)); - - # above map() describes stack layout with 18 temporary - # 256-bit vectors on top, then we take extra words for - # ~in1infty, ~in2infty, result of check for zero and - # OPENSSL_ia32cap_P copy. [one unused word for padding] - &stack_push(8*18+5); - if ($sse2) { - &call ("_picup_eax"); - &set_label("pic"); - &picmeup("edx","OPENSSL_ia32cap_P","eax",&label("pic")); - &mov ("ebp",&DWP(0,"edx")); } - - &lea ("edi",&DWP($in2_x,"esp")); - for($i=0;$i<96;$i+=16) { - &mov ("eax",&DWP($i+0,"esi")); # copy in2 - &mov ("ebx",&DWP($i+4,"esi")); - &mov ("ecx",&DWP($i+8,"esi")); - &mov ("edx",&DWP($i+12,"esi")); - &mov (&DWP($i+0,"edi"),"eax"); - &mov (&DWP(32*18+12,"esp"),"ebp") if ($i==0); - &mov ("ebp","eax") if ($i==64); - &or ("ebp","eax") if ($i>64); - &mov (&DWP($i+4,"edi"),"ebx"); - &or ("ebp","ebx") if ($i>=64); - &mov (&DWP($i+8,"edi"),"ecx"); - &or ("ebp","ecx") if ($i>=64); - &mov (&DWP($i+12,"edi"),"edx"); - &or ("ebp","edx") if ($i>=64); - } - &xor ("eax","eax"); - &mov ("esi",&wparam(1)); - &sub ("eax","ebp"); - &or ("ebp","eax"); - &sar ("ebp",31); - &mov (&DWP(32*18+4,"esp"),"ebp"); # ~in2infty - - &lea ("edi",&DWP($in1_x,"esp")); - for($i=0;$i<96;$i+=16) { - &mov ("eax",&DWP($i+0,"esi")); # copy in1 - &mov ("ebx",&DWP($i+4,"esi")); - &mov ("ecx",&DWP($i+8,"esi")); - &mov ("edx",&DWP($i+12,"esi")); - &mov (&DWP($i+0,"edi"),"eax"); - &mov ("ebp","eax") if ($i==64); - &or ("ebp","eax") if ($i>64); - &mov (&DWP($i+4,"edi"),"ebx"); - &or ("ebp","ebx") if ($i>=64); - &mov (&DWP($i+8,"edi"),"ecx"); - &or ("ebp","ecx") if ($i>=64); - &mov (&DWP($i+12,"edi"),"edx"); - &or ("ebp","edx") if ($i>=64); - } - &xor ("eax","eax"); - &sub ("eax","ebp"); - &or ("ebp","eax"); - &sar ("ebp",31); - &mov (&DWP(32*18+0,"esp"),"ebp"); # ~in1infty - - &mov ("eax",&DWP(32*18+12,"esp")); # OPENSSL_ia32cap_P copy - &lea ("esi",&DWP($in2_z,"esp")); - &lea ("ebp",&DWP($in2_z,"esp")); - &lea ("edi",&DWP($Z2sqr,"esp")); - &call ("_ecp_nistz256_mul_mont"); # p256_sqr_mont(Z2sqr, in2_z); - - &mov ("eax",&DWP(32*18+12,"esp")); # OPENSSL_ia32cap_P copy - &lea ("esi",&DWP($in1_z,"esp")); - &lea ("ebp",&DWP($in1_z,"esp")); - &lea ("edi",&DWP($Z1sqr,"esp")); - &call ("_ecp_nistz256_mul_mont"); # p256_sqr_mont(Z1sqr, in1_z); - - &mov ("eax",&DWP(32*18+12,"esp")); # OPENSSL_ia32cap_P copy - &lea ("esi",&DWP($Z2sqr,"esp")); - &lea ("ebp",&DWP($in2_z,"esp")); - &lea ("edi",&DWP($S1,"esp")); - &call ("_ecp_nistz256_mul_mont"); # p256_mul_mont(S1, Z2sqr, in2_z); - - &mov ("eax",&DWP(32*18+12,"esp")); # OPENSSL_ia32cap_P copy - &lea ("esi",&DWP($Z1sqr,"esp")); - &lea ("ebp",&DWP($in1_z,"esp")); - &lea ("edi",&DWP($S2,"esp")); - &call ("_ecp_nistz256_mul_mont"); # p256_mul_mont(S2, Z1sqr, in1_z); - - &mov ("eax",&DWP(32*18+12,"esp")); # OPENSSL_ia32cap_P copy - &lea ("esi",&DWP($in1_y,"esp")); - &lea ("ebp",&DWP($S1,"esp")); - &lea ("edi",&DWP($S1,"esp")); - &call ("_ecp_nistz256_mul_mont"); # p256_mul_mont(S1, S1, in1_y); - - &mov ("eax",&DWP(32*18+12,"esp")); # OPENSSL_ia32cap_P copy - &lea ("esi",&DWP($in2_y,"esp")); - &lea ("ebp",&DWP($S2,"esp")); - &lea ("edi",&DWP($S2,"esp")); - &call ("_ecp_nistz256_mul_mont"); # p256_mul_mont(S2, S2, in2_y); - - &lea ("esi",&DWP($S2,"esp")); - &lea ("ebp",&DWP($S1,"esp")); - &lea ("edi",&DWP($R,"esp")); - &call ("_ecp_nistz256_sub"); # p256_sub(R, S2, S1); - - &or ("ebx","eax"); # see if result is zero - &mov ("eax",&DWP(32*18+12,"esp")); # OPENSSL_ia32cap_P copy - &or ("ebx","ecx"); - &or ("ebx","edx"); - &or ("ebx",&DWP(0,"edi")); - &or ("ebx",&DWP(4,"edi")); - &lea ("esi",&DWP($in1_x,"esp")); - &or ("ebx",&DWP(8,"edi")); - &lea ("ebp",&DWP($Z2sqr,"esp")); - &or ("ebx",&DWP(12,"edi")); - &lea ("edi",&DWP($U1,"esp")); - &mov (&DWP(32*18+8,"esp"),"ebx"); - - &call ("_ecp_nistz256_mul_mont"); # p256_mul_mont(U1, in1_x, Z2sqr); - - &mov ("eax",&DWP(32*18+12,"esp")); # OPENSSL_ia32cap_P copy - &lea ("esi",&DWP($in2_x,"esp")); - &lea ("ebp",&DWP($Z1sqr,"esp")); - &lea ("edi",&DWP($U2,"esp")); - &call ("_ecp_nistz256_mul_mont"); # p256_mul_mont(U2, in2_x, Z1sqr); - - &lea ("esi",&DWP($U2,"esp")); - &lea ("ebp",&DWP($U1,"esp")); - &lea ("edi",&DWP($H,"esp")); - &call ("_ecp_nistz256_sub"); # p256_sub(H, U2, U1); - - &or ("eax","ebx"); # see if result is zero - &or ("eax","ecx"); - &or ("eax","edx"); - &or ("eax",&DWP(0,"edi")); - &or ("eax",&DWP(4,"edi")); - &or ("eax",&DWP(8,"edi")); - &or ("eax",&DWP(12,"edi")); # ~is_equal(U1,U2) - - &mov ("ebx",&DWP(32*18+0,"esp")); # ~in1infty - ¬ ("ebx"); # -1/0 -> 0/-1 - &or ("eax","ebx"); - &mov ("ebx",&DWP(32*18+4,"esp")); # ~in2infty - ¬ ("ebx"); # -1/0 -> 0/-1 - &or ("eax","ebx"); - &or ("eax",&DWP(32*18+8,"esp")); # ~is_equal(S1,S2) - - # if (~is_equal(U1,U2) | in1infty | in2infty | ~is_equal(S1,S2)) - &data_byte(0x3e); # predict taken - &jnz (&label("add_proceed")); - -&set_label("add_double",16); - &mov ("esi",&wparam(1)); - &mov ("ebp",&DWP(32*18+12,"esp")); # OPENSSL_ia32cap_P copy - &add ("esp",4*((8*18+5)-(8*5+1))); # difference in frame sizes - &jmp (&label("point_double_shortcut")); - -&set_label("add_proceed",16); - &mov ("eax",&DWP(32*18+12,"esp")); # OPENSSL_ia32cap_P copy - &lea ("esi",&DWP($R,"esp")); - &lea ("ebp",&DWP($R,"esp")); - &lea ("edi",&DWP($Rsqr,"esp")); - &call ("_ecp_nistz256_mul_mont"); # p256_sqr_mont(Rsqr, R); - - &mov ("eax",&DWP(32*18+12,"esp")); # OPENSSL_ia32cap_P copy - &lea ("esi",&DWP($H,"esp")); - &lea ("ebp",&DWP($in1_z,"esp")); - &lea ("edi",&DWP($res_z,"esp")); - &call ("_ecp_nistz256_mul_mont"); # p256_mul_mont(res_z, H, in1_z); - - &mov ("eax",&DWP(32*18+12,"esp")); # OPENSSL_ia32cap_P copy - &lea ("esi",&DWP($H,"esp")); - &lea ("ebp",&DWP($H,"esp")); - &lea ("edi",&DWP($Hsqr,"esp")); - &call ("_ecp_nistz256_mul_mont"); # p256_sqr_mont(Hsqr, H); - - &mov ("eax",&DWP(32*18+12,"esp")); # OPENSSL_ia32cap_P copy - &lea ("esi",&DWP($in2_z,"esp")); - &lea ("ebp",&DWP($res_z,"esp")); - &lea ("edi",&DWP($res_z,"esp")); - &call ("_ecp_nistz256_mul_mont"); # p256_mul_mont(res_z, res_z, in2_z); - - &mov ("eax",&DWP(32*18+12,"esp")); # OPENSSL_ia32cap_P copy - &lea ("esi",&DWP($Hsqr,"esp")); - &lea ("ebp",&DWP($U1,"esp")); - &lea ("edi",&DWP($U2,"esp")); - &call ("_ecp_nistz256_mul_mont"); # p256_mul_mont(U2, U1, Hsqr); - - &mov ("eax",&DWP(32*18+12,"esp")); # OPENSSL_ia32cap_P copy - &lea ("esi",&DWP($H,"esp")); - &lea ("ebp",&DWP($Hsqr,"esp")); - &lea ("edi",&DWP($Hcub,"esp")); - &call ("_ecp_nistz256_mul_mont"); # p256_mul_mont(Hcub, Hsqr, H); - - &lea ("esi",&DWP($U2,"esp")); - &lea ("ebp",&DWP($U2,"esp")); - &lea ("edi",&DWP($Hsqr,"esp")); - &call ("_ecp_nistz256_add"); # p256_mul_by_2(Hsqr, U2); - - &lea ("esi",&DWP($Rsqr,"esp")); - &lea ("ebp",&DWP($Hsqr,"esp")); - &lea ("edi",&DWP($res_x,"esp")); - &call ("_ecp_nistz256_sub"); # p256_sub(res_x, Rsqr, Hsqr); - - &lea ("esi",&DWP($res_x,"esp")); - &lea ("ebp",&DWP($Hcub,"esp")); - &lea ("edi",&DWP($res_x,"esp")); - &call ("_ecp_nistz256_sub"); # p256_sub(res_x, res_x, Hcub); - - &lea ("esi",&DWP($U2,"esp")); - &lea ("ebp",&DWP($res_x,"esp")); - &lea ("edi",&DWP($res_y,"esp")); - &call ("_ecp_nistz256_sub"); # p256_sub(res_y, U2, res_x); - - &mov ("eax",&DWP(32*18+12,"esp")); # OPENSSL_ia32cap_P copy - &lea ("esi",&DWP($Hcub,"esp")); - &lea ("ebp",&DWP($S1,"esp")); - &lea ("edi",&DWP($S2,"esp")); - &call ("_ecp_nistz256_mul_mont"); # p256_mul_mont(S2, S1, Hcub); - - &mov ("eax",&DWP(32*18+12,"esp")); # OPENSSL_ia32cap_P copy - &lea ("esi",&DWP($R,"esp")); - &lea ("ebp",&DWP($res_y,"esp")); - &lea ("edi",&DWP($res_y,"esp")); - &call ("_ecp_nistz256_mul_mont"); # p256_mul_mont(res_y, R, res_y); - - &lea ("esi",&DWP($res_y,"esp")); - &lea ("ebp",&DWP($S2,"esp")); - &lea ("edi",&DWP($res_y,"esp")); - &call ("_ecp_nistz256_sub"); # p256_sub(res_y, res_y, S2); - - &mov ("ebp",&DWP(32*18+0,"esp")); # ~in1infty - &mov ("esi",&DWP(32*18+4,"esp")); # ~in2infty - &mov ("edi",&wparam(0)); - &mov ("edx","ebp"); - ¬ ("ebp"); - &and ("edx","esi"); # ~in1infty & ~in2infty - &and ("ebp","esi"); # in1infty & ~in2infty - ¬ ("esi"); # in2infty - - ######################################## - # conditional moves - for($i=64;$i<96;$i+=4) { - &mov ("eax","edx"); # ~in1infty & ~in2infty - &and ("eax",&DWP($res_x+$i,"esp")); - &mov ("ebx","ebp"); # in1infty & ~in2infty - &and ("ebx",&DWP($in2_x+$i,"esp")); - &mov ("ecx","esi"); # in2infty - &and ("ecx",&DWP($in1_x+$i,"esp")); - &or ("eax","ebx"); - &or ("eax","ecx"); - &mov (&DWP($i,"edi"),"eax"); - } - for($i=0;$i<64;$i+=4) { - &mov ("eax","edx"); # ~in1infty & ~in2infty - &and ("eax",&DWP($res_x+$i,"esp")); - &mov ("ebx","ebp"); # in1infty & ~in2infty - &and ("ebx",&DWP($in2_x+$i,"esp")); - &mov ("ecx","esi"); # in2infty - &and ("ecx",&DWP($in1_x+$i,"esp")); - &or ("eax","ebx"); - &or ("eax","ecx"); - &mov (&DWP($i,"edi"),"eax"); - } - &set_label("add_done"); - &stack_pop(8*18+5); -} &function_end("ecp_nistz256_point_add"); - -######################################################################## -# void ecp_nistz256_point_add_affine(P256_POINT *out, -# const P256_POINT *in1, -# const P256_POINT_AFFINE *in2); -&function_begin("ecp_nistz256_point_add_affine"); -{ - my ($res_x,$res_y,$res_z, - $in1_x,$in1_y,$in1_z, - $in2_x,$in2_y, - $U2,$S2,$H,$R,$Hsqr,$Hcub,$Rsqr)=map(32*$_,(0..14)); - my $Z1sqr = $S2; - my @ONE_mont=(1,0,0,-1,-1,-1,-2,0); - - &mov ("esi",&wparam(1)); - - # above map() describes stack layout with 15 temporary - # 256-bit vectors on top, then we take extra words for - # ~in1infty, ~in2infty, and OPENSSL_ia32cap_P copy. - &stack_push(8*15+3); - if ($sse2) { - &call ("_picup_eax"); - &set_label("pic"); - &picmeup("edx","OPENSSL_ia32cap_P","eax",&label("pic")); - &mov ("ebp",&DWP(0,"edx")); } - - &lea ("edi",&DWP($in1_x,"esp")); - for($i=0;$i<96;$i+=16) { - &mov ("eax",&DWP($i+0,"esi")); # copy in1 - &mov ("ebx",&DWP($i+4,"esi")); - &mov ("ecx",&DWP($i+8,"esi")); - &mov ("edx",&DWP($i+12,"esi")); - &mov (&DWP($i+0,"edi"),"eax"); - &mov (&DWP(32*15+8,"esp"),"ebp") if ($i==0); - &mov ("ebp","eax") if ($i==64); - &or ("ebp","eax") if ($i>64); - &mov (&DWP($i+4,"edi"),"ebx"); - &or ("ebp","ebx") if ($i>=64); - &mov (&DWP($i+8,"edi"),"ecx"); - &or ("ebp","ecx") if ($i>=64); - &mov (&DWP($i+12,"edi"),"edx"); - &or ("ebp","edx") if ($i>=64); - } - &xor ("eax","eax"); - &mov ("esi",&wparam(2)); - &sub ("eax","ebp"); - &or ("ebp","eax"); - &sar ("ebp",31); - &mov (&DWP(32*15+0,"esp"),"ebp"); # ~in1infty - - &lea ("edi",&DWP($in2_x,"esp")); - for($i=0;$i<64;$i+=16) { - &mov ("eax",&DWP($i+0,"esi")); # copy in2 - &mov ("ebx",&DWP($i+4,"esi")); - &mov ("ecx",&DWP($i+8,"esi")); - &mov ("edx",&DWP($i+12,"esi")); - &mov (&DWP($i+0,"edi"),"eax"); - &mov ("ebp","eax") if ($i==0); - &or ("ebp","eax") if ($i!=0); - &mov (&DWP($i+4,"edi"),"ebx"); - &or ("ebp","ebx"); - &mov (&DWP($i+8,"edi"),"ecx"); - &or ("ebp","ecx"); - &mov (&DWP($i+12,"edi"),"edx"); - &or ("ebp","edx"); - } - &xor ("ebx","ebx"); - &mov ("eax",&DWP(32*15+8,"esp")); # OPENSSL_ia32cap_P copy - &sub ("ebx","ebp"); - &lea ("esi",&DWP($in1_z,"esp")); - &or ("ebx","ebp"); - &lea ("ebp",&DWP($in1_z,"esp")); - &sar ("ebx",31); - &lea ("edi",&DWP($Z1sqr,"esp")); - &mov (&DWP(32*15+4,"esp"),"ebx"); # ~in2infty - - &call ("_ecp_nistz256_mul_mont"); # p256_sqr_mont(Z1sqr, in1_z); - - &mov ("eax",&DWP(32*15+8,"esp")); # OPENSSL_ia32cap_P copy - &lea ("esi",&DWP($in2_x,"esp")); - &mov ("ebp","edi"); # %esi is stull &Z1sqr - &lea ("edi",&DWP($U2,"esp")); - &call ("_ecp_nistz256_mul_mont"); # p256_mul_mont(U2, Z1sqr, in2_x); - - &mov ("eax",&DWP(32*15+8,"esp")); # OPENSSL_ia32cap_P copy - &lea ("esi",&DWP($in1_z,"esp")); - &lea ("ebp",&DWP($Z1sqr,"esp")); - &lea ("edi",&DWP($S2,"esp")); - &call ("_ecp_nistz256_mul_mont"); # p256_mul_mont(S2, Z1sqr, in1_z); - - &lea ("esi",&DWP($U2,"esp")); - &lea ("ebp",&DWP($in1_x,"esp")); - &lea ("edi",&DWP($H,"esp")); - &call ("_ecp_nistz256_sub"); # p256_sub(H, U2, in1_x); - - &mov ("eax",&DWP(32*15+8,"esp")); # OPENSSL_ia32cap_P copy - &lea ("esi",&DWP($in2_y,"esp")); - &lea ("ebp",&DWP($S2,"esp")); - &lea ("edi",&DWP($S2,"esp")); - &call ("_ecp_nistz256_mul_mont"); # p256_mul_mont(S2, S2, in2_y); - - &mov ("eax",&DWP(32*15+8,"esp")); # OPENSSL_ia32cap_P copy - &lea ("esi",&DWP($in1_z,"esp")); - &lea ("ebp",&DWP($H,"esp")); - &lea ("edi",&DWP($res_z,"esp")); - &call ("_ecp_nistz256_mul_mont"); # p256_mul_mont(res_z, H, in1_z); - - &lea ("esi",&DWP($S2,"esp")); - &lea ("ebp",&DWP($in1_y,"esp")); - &lea ("edi",&DWP($R,"esp")); - &call ("_ecp_nistz256_sub"); # p256_sub(R, S2, in1_y); - - &mov ("eax",&DWP(32*15+8,"esp")); # OPENSSL_ia32cap_P copy - &lea ("esi",&DWP($H,"esp")); - &lea ("ebp",&DWP($H,"esp")); - &lea ("edi",&DWP($Hsqr,"esp")); - &call ("_ecp_nistz256_mul_mont"); # p256_sqr_mont(Hsqr, H); - - &mov ("eax",&DWP(32*15+8,"esp")); # OPENSSL_ia32cap_P copy - &lea ("esi",&DWP($R,"esp")); - &lea ("ebp",&DWP($R,"esp")); - &lea ("edi",&DWP($Rsqr,"esp")); - &call ("_ecp_nistz256_mul_mont"); # p256_sqr_mont(Rsqr, R); - - &mov ("eax",&DWP(32*15+8,"esp")); # OPENSSL_ia32cap_P copy - &lea ("esi",&DWP($in1_x,"esp")); - &lea ("ebp",&DWP($Hsqr,"esp")); - &lea ("edi",&DWP($U2,"esp")); - &call ("_ecp_nistz256_mul_mont"); # p256_mul_mont(U2, in1_x, Hsqr); - - &mov ("eax",&DWP(32*15+8,"esp")); # OPENSSL_ia32cap_P copy - &lea ("esi",&DWP($H,"esp")); - &lea ("ebp",&DWP($Hsqr,"esp")); - &lea ("edi",&DWP($Hcub,"esp")); - &call ("_ecp_nistz256_mul_mont"); # p256_mul_mont(Hcub, Hsqr, H); - - &lea ("esi",&DWP($U2,"esp")); - &lea ("ebp",&DWP($U2,"esp")); - &lea ("edi",&DWP($Hsqr,"esp")); - &call ("_ecp_nistz256_add"); # p256_mul_by_2(Hsqr, U2); - - &lea ("esi",&DWP($Rsqr,"esp")); - &lea ("ebp",&DWP($Hsqr,"esp")); - &lea ("edi",&DWP($res_x,"esp")); - &call ("_ecp_nistz256_sub"); # p256_sub(res_x, Rsqr, Hsqr); - - &lea ("esi",&DWP($res_x,"esp")); - &lea ("ebp",&DWP($Hcub,"esp")); - &lea ("edi",&DWP($res_x,"esp")); - &call ("_ecp_nistz256_sub"); # p256_sub(res_x, res_x, Hcub); - - &lea ("esi",&DWP($U2,"esp")); - &lea ("ebp",&DWP($res_x,"esp")); - &lea ("edi",&DWP($res_y,"esp")); - &call ("_ecp_nistz256_sub"); # p256_sub(res_y, U2, res_x); - - &mov ("eax",&DWP(32*15+8,"esp")); # OPENSSL_ia32cap_P copy - &lea ("esi",&DWP($Hcub,"esp")); - &lea ("ebp",&DWP($in1_y,"esp")); - &lea ("edi",&DWP($S2,"esp")); - &call ("_ecp_nistz256_mul_mont"); # p256_mul_mont(S2, Hcub, in1_y); - - &mov ("eax",&DWP(32*15+8,"esp")); # OPENSSL_ia32cap_P copy - &lea ("esi",&DWP($R,"esp")); - &lea ("ebp",&DWP($res_y,"esp")); - &lea ("edi",&DWP($res_y,"esp")); - &call ("_ecp_nistz256_mul_mont"); # p256_mul_mont(res_y, res_y, R); - - &lea ("esi",&DWP($res_y,"esp")); - &lea ("ebp",&DWP($S2,"esp")); - &lea ("edi",&DWP($res_y,"esp")); - &call ("_ecp_nistz256_sub"); # p256_sub(res_y, res_y, S2); - - &mov ("ebp",&DWP(32*15+0,"esp")); # ~in1infty - &mov ("esi",&DWP(32*15+4,"esp")); # ~in2infty - &mov ("edi",&wparam(0)); - &mov ("edx","ebp"); - ¬ ("ebp"); - &and ("edx","esi"); # ~in1infty & ~in2infty - &and ("ebp","esi"); # in1infty & ~in2infty - ¬ ("esi"); # in2infty - - ######################################## - # conditional moves - for($i=64;$i<96;$i+=4) { - my $one=@ONE_mont[($i-64)/4]; - - &mov ("eax","edx"); - &and ("eax",&DWP($res_x+$i,"esp")); - &mov ("ebx","ebp") if ($one && $one!=-1); - &and ("ebx",$one) if ($one && $one!=-1); - &mov ("ecx","esi"); - &and ("ecx",&DWP($in1_x+$i,"esp")); - &or ("eax",$one==-1?"ebp":"ebx") if ($one); - &or ("eax","ecx"); - &mov (&DWP($i,"edi"),"eax"); - } - for($i=0;$i<64;$i+=4) { - &mov ("eax","edx"); # ~in1infty & ~in2infty - &and ("eax",&DWP($res_x+$i,"esp")); - &mov ("ebx","ebp"); # in1infty & ~in2infty - &and ("ebx",&DWP($in2_x+$i,"esp")); - &mov ("ecx","esi"); # in2infty - &and ("ecx",&DWP($in1_x+$i,"esp")); - &or ("eax","ebx"); - &or ("eax","ecx"); - &mov (&DWP($i,"edi"),"eax"); - } - &stack_pop(8*15+3); -} &function_end("ecp_nistz256_point_add_affine"); - -&asm_finish(); - -close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/ec/asm/ecp_nistz256-x86_64.pl b/crypto/ec/asm/ecp_nistz256-x86_64.pl deleted file mode 100755 index 430b14c86d8dbda02de76270c8bc119bd8a71f06..0000000000000000000000000000000000000000 --- a/crypto/ec/asm/ecp_nistz256-x86_64.pl +++ /dev/null @@ -1,4741 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2014-2020 The OpenSSL Project Authors. All Rights Reserved. -# Copyright (c) 2014, Intel Corporation. All Rights Reserved. -# Copyright (c) 2015 CloudFlare, Inc. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html -# -# Originally written by Shay Gueron (1, 2), and Vlad Krasnov (1, 3) -# (1) Intel Corporation, Israel Development Center, Haifa, Israel -# (2) University of Haifa, Israel -# (3) CloudFlare, Inc. -# -# Reference: -# S.Gueron and V.Krasnov, "Fast Prime Field Elliptic Curve Cryptography with -# 256 Bit Primes" - -# Further optimization by : -# -# this/original with/without -DECP_NISTZ256_ASM(*) -# Opteron +15-49% +150-195% -# Bulldozer +18-45% +175-240% -# P4 +24-46% +100-150% -# Westmere +18-34% +87-160% -# Sandy Bridge +14-35% +120-185% -# Ivy Bridge +11-35% +125-180% -# Haswell +10-37% +160-200% -# Broadwell +24-58% +210-270% -# Atom +20-50% +180-240% -# VIA Nano +50-160% +480-480% -# -# (*) "without -DECP_NISTZ256_ASM" refers to build with -# "enable-ec_nistp_64_gcc_128"; -# -# Ranges denote minimum and maximum improvement coefficients depending -# on benchmark. In "this/original" column lower coefficient is for -# ECDSA sign, while in "with/without" - for ECDH key agreement, and -# higher - for ECDSA sign, relatively fastest server-side operation. -# Keep in mind that +100% means 2x improvement. - -# $output is the last argument if it looks like a file (it has an extension) -# $flavour is the first argument if it doesn't look like a file -$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; -$flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef; - -$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/); - -$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; -( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or -( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or -die "can't locate x86_64-xlate.pl"; - -open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"" - or die "can't call $xlate: $!"; -*STDOUT=*OUT; - -if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1` - =~ /GNU assembler version ([2-9]\.[0-9]+)/) { - $avx = ($1>=2.19) + ($1>=2.22); - $addx = ($1>=2.23); -} - -if (!$addx && $win64 && ($flavour =~ /nasm/ || $ENV{ASM} =~ /nasm/) && - `nasm -v 2>&1` =~ /NASM version ([2-9]\.[0-9]+)/) { - $avx = ($1>=2.09) + ($1>=2.10); - $addx = ($1>=2.10); -} - -if (!$addx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) && - `ml64 2>&1` =~ /Version ([0-9]+)\./) { - $avx = ($1>=10) + ($1>=11); - $addx = ($1>=12); -} - -if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:clang|LLVM) version|.*based on LLVM) ([0-9]+)\.([0-9]+)/) { - my $ver = $2 + $3/100.0; # 3.1->3.01, 3.10->3.10 - $avx = ($ver>=3.0) + ($ver>=3.01); - $addx = ($ver>=3.03); -} - -$code.=<<___; -.text -.extern OPENSSL_ia32cap_P - -# The polynomial -.align 64 -.Lpoly: -.quad 0xffffffffffffffff, 0x00000000ffffffff, 0x0000000000000000, 0xffffffff00000001 - -# 2^512 mod P precomputed for NIST P256 polynomial -.LRR: -.quad 0x0000000000000003, 0xfffffffbffffffff, 0xfffffffffffffffe, 0x00000004fffffffd - -.LOne: -.long 1,1,1,1,1,1,1,1 -.LTwo: -.long 2,2,2,2,2,2,2,2 -.LThree: -.long 3,3,3,3,3,3,3,3 -.LONE_mont: -.quad 0x0000000000000001, 0xffffffff00000000, 0xffffffffffffffff, 0x00000000fffffffe - -# Constants for computations modulo ord(p256) -.Lord: -.quad 0xf3b9cac2fc632551, 0xbce6faada7179e84, 0xffffffffffffffff, 0xffffffff00000000 -.LordK: -.quad 0xccd1c8aaee00bc4f -___ - -{ -################################################################################ -# void ecp_nistz256_mul_by_2(uint64_t res[4], uint64_t a[4]); - -my ($a0,$a1,$a2,$a3)=map("%r$_",(8..11)); -my ($t0,$t1,$t2,$t3,$t4)=("%rax","%rdx","%rcx","%r12","%r13"); -my ($r_ptr,$a_ptr,$b_ptr)=("%rdi","%rsi","%rdx"); - -$code.=<<___; - -.globl ecp_nistz256_mul_by_2 -.type ecp_nistz256_mul_by_2,\@function,2 -.align 64 -ecp_nistz256_mul_by_2: -.cfi_startproc - push %r12 -.cfi_push %r12 - push %r13 -.cfi_push %r13 -.Lmul_by_2_body: - - mov 8*0($a_ptr), $a0 - xor $t4,$t4 - mov 8*1($a_ptr), $a1 - add $a0, $a0 # a0:a3+a0:a3 - mov 8*2($a_ptr), $a2 - adc $a1, $a1 - mov 8*3($a_ptr), $a3 - lea .Lpoly(%rip), $a_ptr - mov $a0, $t0 - adc $a2, $a2 - adc $a3, $a3 - mov $a1, $t1 - adc \$0, $t4 - - sub 8*0($a_ptr), $a0 - mov $a2, $t2 - sbb 8*1($a_ptr), $a1 - sbb 8*2($a_ptr), $a2 - mov $a3, $t3 - sbb 8*3($a_ptr), $a3 - sbb \$0, $t4 - - cmovc $t0, $a0 - cmovc $t1, $a1 - mov $a0, 8*0($r_ptr) - cmovc $t2, $a2 - mov $a1, 8*1($r_ptr) - cmovc $t3, $a3 - mov $a2, 8*2($r_ptr) - mov $a3, 8*3($r_ptr) - - mov 0(%rsp),%r13 -.cfi_restore %r13 - mov 8(%rsp),%r12 -.cfi_restore %r12 - lea 16(%rsp),%rsp -.cfi_adjust_cfa_offset -16 -.Lmul_by_2_epilogue: - ret -.cfi_endproc -.size ecp_nistz256_mul_by_2,.-ecp_nistz256_mul_by_2 - -################################################################################ -# void ecp_nistz256_div_by_2(uint64_t res[4], uint64_t a[4]); -.globl ecp_nistz256_div_by_2 -.type ecp_nistz256_div_by_2,\@function,2 -.align 32 -ecp_nistz256_div_by_2: -.cfi_startproc - push %r12 -.cfi_push %r12 - push %r13 -.cfi_push %r13 -.Ldiv_by_2_body: - - mov 8*0($a_ptr), $a0 - mov 8*1($a_ptr), $a1 - mov 8*2($a_ptr), $a2 - mov $a0, $t0 - mov 8*3($a_ptr), $a3 - lea .Lpoly(%rip), $a_ptr - - mov $a1, $t1 - xor $t4, $t4 - add 8*0($a_ptr), $a0 - mov $a2, $t2 - adc 8*1($a_ptr), $a1 - adc 8*2($a_ptr), $a2 - mov $a3, $t3 - adc 8*3($a_ptr), $a3 - adc \$0, $t4 - xor $a_ptr, $a_ptr # borrow $a_ptr - test \$1, $t0 - - cmovz $t0, $a0 - cmovz $t1, $a1 - cmovz $t2, $a2 - cmovz $t3, $a3 - cmovz $a_ptr, $t4 - - mov $a1, $t0 # a0:a3>>1 - shr \$1, $a0 - shl \$63, $t0 - mov $a2, $t1 - shr \$1, $a1 - or $t0, $a0 - shl \$63, $t1 - mov $a3, $t2 - shr \$1, $a2 - or $t1, $a1 - shl \$63, $t2 - shr \$1, $a3 - shl \$63, $t4 - or $t2, $a2 - or $t4, $a3 - - mov $a0, 8*0($r_ptr) - mov $a1, 8*1($r_ptr) - mov $a2, 8*2($r_ptr) - mov $a3, 8*3($r_ptr) - - mov 0(%rsp),%r13 -.cfi_restore %r13 - mov 8(%rsp),%r12 -.cfi_restore %r12 - lea 16(%rsp),%rsp -.cfi_adjust_cfa_offset -16 -.Ldiv_by_2_epilogue: - ret -.cfi_endproc -.size ecp_nistz256_div_by_2,.-ecp_nistz256_div_by_2 - -################################################################################ -# void ecp_nistz256_mul_by_3(uint64_t res[4], uint64_t a[4]); -.globl ecp_nistz256_mul_by_3 -.type ecp_nistz256_mul_by_3,\@function,2 -.align 32 -ecp_nistz256_mul_by_3: -.cfi_startproc - push %r12 -.cfi_push %r12 - push %r13 -.cfi_push %r13 -.Lmul_by_3_body: - - mov 8*0($a_ptr), $a0 - xor $t4, $t4 - mov 8*1($a_ptr), $a1 - add $a0, $a0 # a0:a3+a0:a3 - mov 8*2($a_ptr), $a2 - adc $a1, $a1 - mov 8*3($a_ptr), $a3 - mov $a0, $t0 - adc $a2, $a2 - adc $a3, $a3 - mov $a1, $t1 - adc \$0, $t4 - - sub \$-1, $a0 - mov $a2, $t2 - sbb .Lpoly+8*1(%rip), $a1 - sbb \$0, $a2 - mov $a3, $t3 - sbb .Lpoly+8*3(%rip), $a3 - sbb \$0, $t4 - - cmovc $t0, $a0 - cmovc $t1, $a1 - cmovc $t2, $a2 - cmovc $t3, $a3 - - xor $t4, $t4 - add 8*0($a_ptr), $a0 # a0:a3+=a_ptr[0:3] - adc 8*1($a_ptr), $a1 - mov $a0, $t0 - adc 8*2($a_ptr), $a2 - adc 8*3($a_ptr), $a3 - mov $a1, $t1 - adc \$0, $t4 - - sub \$-1, $a0 - mov $a2, $t2 - sbb .Lpoly+8*1(%rip), $a1 - sbb \$0, $a2 - mov $a3, $t3 - sbb .Lpoly+8*3(%rip), $a3 - sbb \$0, $t4 - - cmovc $t0, $a0 - cmovc $t1, $a1 - mov $a0, 8*0($r_ptr) - cmovc $t2, $a2 - mov $a1, 8*1($r_ptr) - cmovc $t3, $a3 - mov $a2, 8*2($r_ptr) - mov $a3, 8*3($r_ptr) - - mov 0(%rsp),%r13 -.cfi_restore %r13 - mov 8(%rsp),%r12 -.cfi_restore %r12 - lea 16(%rsp),%rsp -.cfi_adjust_cfa_offset -16 -.Lmul_by_3_epilogue: - ret -.cfi_endproc -.size ecp_nistz256_mul_by_3,.-ecp_nistz256_mul_by_3 - -################################################################################ -# void ecp_nistz256_add(uint64_t res[4], uint64_t a[4], uint64_t b[4]); -.globl ecp_nistz256_add -.type ecp_nistz256_add,\@function,3 -.align 32 -ecp_nistz256_add: -.cfi_startproc - push %r12 -.cfi_push %r12 - push %r13 -.cfi_push %r13 -.Ladd_body: - - mov 8*0($a_ptr), $a0 - xor $t4, $t4 - mov 8*1($a_ptr), $a1 - mov 8*2($a_ptr), $a2 - mov 8*3($a_ptr), $a3 - lea .Lpoly(%rip), $a_ptr - - add 8*0($b_ptr), $a0 - adc 8*1($b_ptr), $a1 - mov $a0, $t0 - adc 8*2($b_ptr), $a2 - adc 8*3($b_ptr), $a3 - mov $a1, $t1 - adc \$0, $t4 - - sub 8*0($a_ptr), $a0 - mov $a2, $t2 - sbb 8*1($a_ptr), $a1 - sbb 8*2($a_ptr), $a2 - mov $a3, $t3 - sbb 8*3($a_ptr), $a3 - sbb \$0, $t4 - - cmovc $t0, $a0 - cmovc $t1, $a1 - mov $a0, 8*0($r_ptr) - cmovc $t2, $a2 - mov $a1, 8*1($r_ptr) - cmovc $t3, $a3 - mov $a2, 8*2($r_ptr) - mov $a3, 8*3($r_ptr) - - mov 0(%rsp),%r13 -.cfi_restore %r13 - mov 8(%rsp),%r12 -.cfi_restore %r12 - lea 16(%rsp),%rsp -.cfi_adjust_cfa_offset -16 -.Ladd_epilogue: - ret -.cfi_endproc -.size ecp_nistz256_add,.-ecp_nistz256_add - -################################################################################ -# void ecp_nistz256_sub(uint64_t res[4], uint64_t a[4], uint64_t b[4]); -.globl ecp_nistz256_sub -.type ecp_nistz256_sub,\@function,3 -.align 32 -ecp_nistz256_sub: -.cfi_startproc - push %r12 -.cfi_push %r12 - push %r13 -.cfi_push %r13 -.Lsub_body: - - mov 8*0($a_ptr), $a0 - xor $t4, $t4 - mov 8*1($a_ptr), $a1 - mov 8*2($a_ptr), $a2 - mov 8*3($a_ptr), $a3 - lea .Lpoly(%rip), $a_ptr - - sub 8*0($b_ptr), $a0 - sbb 8*1($b_ptr), $a1 - mov $a0, $t0 - sbb 8*2($b_ptr), $a2 - sbb 8*3($b_ptr), $a3 - mov $a1, $t1 - sbb \$0, $t4 - - add 8*0($a_ptr), $a0 - mov $a2, $t2 - adc 8*1($a_ptr), $a1 - adc 8*2($a_ptr), $a2 - mov $a3, $t3 - adc 8*3($a_ptr), $a3 - test $t4, $t4 - - cmovz $t0, $a0 - cmovz $t1, $a1 - mov $a0, 8*0($r_ptr) - cmovz $t2, $a2 - mov $a1, 8*1($r_ptr) - cmovz $t3, $a3 - mov $a2, 8*2($r_ptr) - mov $a3, 8*3($r_ptr) - - mov 0(%rsp),%r13 -.cfi_restore %r13 - mov 8(%rsp),%r12 -.cfi_restore %r12 - lea 16(%rsp),%rsp -.cfi_adjust_cfa_offset -16 -.Lsub_epilogue: - ret -.cfi_endproc -.size ecp_nistz256_sub,.-ecp_nistz256_sub - -################################################################################ -# void ecp_nistz256_neg(uint64_t res[4], uint64_t a[4]); -.globl ecp_nistz256_neg -.type ecp_nistz256_neg,\@function,2 -.align 32 -ecp_nistz256_neg: -.cfi_startproc - push %r12 -.cfi_push %r12 - push %r13 -.cfi_push %r13 -.Lneg_body: - - xor $a0, $a0 - xor $a1, $a1 - xor $a2, $a2 - xor $a3, $a3 - xor $t4, $t4 - - sub 8*0($a_ptr), $a0 - sbb 8*1($a_ptr), $a1 - sbb 8*2($a_ptr), $a2 - mov $a0, $t0 - sbb 8*3($a_ptr), $a3 - lea .Lpoly(%rip), $a_ptr - mov $a1, $t1 - sbb \$0, $t4 - - add 8*0($a_ptr), $a0 - mov $a2, $t2 - adc 8*1($a_ptr), $a1 - adc 8*2($a_ptr), $a2 - mov $a3, $t3 - adc 8*3($a_ptr), $a3 - test $t4, $t4 - - cmovz $t0, $a0 - cmovz $t1, $a1 - mov $a0, 8*0($r_ptr) - cmovz $t2, $a2 - mov $a1, 8*1($r_ptr) - cmovz $t3, $a3 - mov $a2, 8*2($r_ptr) - mov $a3, 8*3($r_ptr) - - mov 0(%rsp),%r13 -.cfi_restore %r13 - mov 8(%rsp),%r12 -.cfi_restore %r12 - lea 16(%rsp),%rsp -.cfi_adjust_cfa_offset -16 -.Lneg_epilogue: - ret -.cfi_endproc -.size ecp_nistz256_neg,.-ecp_nistz256_neg -___ -} -{ -my ($r_ptr,$a_ptr,$b_org,$b_ptr)=("%rdi","%rsi","%rdx","%rbx"); -my ($acc0,$acc1,$acc2,$acc3,$acc4,$acc5,$acc6,$acc7)=map("%r$_",(8..15)); -my ($t0,$t1,$t2,$t3,$t4)=("%rcx","%rbp","%rbx","%rdx","%rax"); -my ($poly1,$poly3)=($acc6,$acc7); - -$code.=<<___; -################################################################################ -# void ecp_nistz256_ord_mul_mont( -# uint64_t res[4], -# uint64_t a[4], -# uint64_t b[4]); - -.globl ecp_nistz256_ord_mul_mont -.type ecp_nistz256_ord_mul_mont,\@function,3 -.align 32 -ecp_nistz256_ord_mul_mont: -.cfi_startproc -___ -$code.=<<___ if ($addx); - mov \$0x80100, %ecx - and OPENSSL_ia32cap_P+8(%rip), %ecx - cmp \$0x80100, %ecx - je .Lecp_nistz256_ord_mul_montx -___ -$code.=<<___; - push %rbp -.cfi_push %rbp - push %rbx -.cfi_push %rbx - push %r12 -.cfi_push %r12 - push %r13 -.cfi_push %r13 - push %r14 -.cfi_push %r14 - push %r15 -.cfi_push %r15 -.Lord_mul_body: - - mov 8*0($b_org), %rax - mov $b_org, $b_ptr - lea .Lord(%rip), %r14 - mov .LordK(%rip), %r15 - - ################################# * b[0] - mov %rax, $t0 - mulq 8*0($a_ptr) - mov %rax, $acc0 - mov $t0, %rax - mov %rdx, $acc1 - - mulq 8*1($a_ptr) - add %rax, $acc1 - mov $t0, %rax - adc \$0, %rdx - mov %rdx, $acc2 - - mulq 8*2($a_ptr) - add %rax, $acc2 - mov $t0, %rax - adc \$0, %rdx - - mov $acc0, $acc5 - imulq %r15,$acc0 - - mov %rdx, $acc3 - mulq 8*3($a_ptr) - add %rax, $acc3 - mov $acc0, %rax - adc \$0, %rdx - mov %rdx, $acc4 - - ################################# First reduction step - mulq 8*0(%r14) - mov $acc0, $t1 - add %rax, $acc5 # guaranteed to be zero - mov $acc0, %rax - adc \$0, %rdx - mov %rdx, $t0 - - sub $acc0, $acc2 - sbb \$0, $acc0 # can't borrow - - mulq 8*1(%r14) - add $t0, $acc1 - adc \$0, %rdx - add %rax, $acc1 - mov $t1, %rax - adc %rdx, $acc2 - mov $t1, %rdx - adc \$0, $acc0 # can't overflow - - shl \$32, %rax - shr \$32, %rdx - sub %rax, $acc3 - mov 8*1($b_ptr), %rax - sbb %rdx, $t1 # can't borrow - - add $acc0, $acc3 - adc $t1, $acc4 - adc \$0, $acc5 - - ################################# * b[1] - mov %rax, $t0 - mulq 8*0($a_ptr) - add %rax, $acc1 - mov $t0, %rax - adc \$0, %rdx - mov %rdx, $t1 - - mulq 8*1($a_ptr) - add $t1, $acc2 - adc \$0, %rdx - add %rax, $acc2 - mov $t0, %rax - adc \$0, %rdx - mov %rdx, $t1 - - mulq 8*2($a_ptr) - add $t1, $acc3 - adc \$0, %rdx - add %rax, $acc3 - mov $t0, %rax - adc \$0, %rdx - - mov $acc1, $t0 - imulq %r15, $acc1 - - mov %rdx, $t1 - mulq 8*3($a_ptr) - add $t1, $acc4 - adc \$0, %rdx - xor $acc0, $acc0 - add %rax, $acc4 - mov $acc1, %rax - adc %rdx, $acc5 - adc \$0, $acc0 - - ################################# Second reduction step - mulq 8*0(%r14) - mov $acc1, $t1 - add %rax, $t0 # guaranteed to be zero - mov $acc1, %rax - adc %rdx, $t0 - - sub $acc1, $acc3 - sbb \$0, $acc1 # can't borrow - - mulq 8*1(%r14) - add $t0, $acc2 - adc \$0, %rdx - add %rax, $acc2 - mov $t1, %rax - adc %rdx, $acc3 - mov $t1, %rdx - adc \$0, $acc1 # can't overflow - - shl \$32, %rax - shr \$32, %rdx - sub %rax, $acc4 - mov 8*2($b_ptr), %rax - sbb %rdx, $t1 # can't borrow - - add $acc1, $acc4 - adc $t1, $acc5 - adc \$0, $acc0 - - ################################## * b[2] - mov %rax, $t0 - mulq 8*0($a_ptr) - add %rax, $acc2 - mov $t0, %rax - adc \$0, %rdx - mov %rdx, $t1 - - mulq 8*1($a_ptr) - add $t1, $acc3 - adc \$0, %rdx - add %rax, $acc3 - mov $t0, %rax - adc \$0, %rdx - mov %rdx, $t1 - - mulq 8*2($a_ptr) - add $t1, $acc4 - adc \$0, %rdx - add %rax, $acc4 - mov $t0, %rax - adc \$0, %rdx - - mov $acc2, $t0 - imulq %r15, $acc2 - - mov %rdx, $t1 - mulq 8*3($a_ptr) - add $t1, $acc5 - adc \$0, %rdx - xor $acc1, $acc1 - add %rax, $acc5 - mov $acc2, %rax - adc %rdx, $acc0 - adc \$0, $acc1 - - ################################# Third reduction step - mulq 8*0(%r14) - mov $acc2, $t1 - add %rax, $t0 # guaranteed to be zero - mov $acc2, %rax - adc %rdx, $t0 - - sub $acc2, $acc4 - sbb \$0, $acc2 # can't borrow - - mulq 8*1(%r14) - add $t0, $acc3 - adc \$0, %rdx - add %rax, $acc3 - mov $t1, %rax - adc %rdx, $acc4 - mov $t1, %rdx - adc \$0, $acc2 # can't overflow - - shl \$32, %rax - shr \$32, %rdx - sub %rax, $acc5 - mov 8*3($b_ptr), %rax - sbb %rdx, $t1 # can't borrow - - add $acc2, $acc5 - adc $t1, $acc0 - adc \$0, $acc1 - - ################################# * b[3] - mov %rax, $t0 - mulq 8*0($a_ptr) - add %rax, $acc3 - mov $t0, %rax - adc \$0, %rdx - mov %rdx, $t1 - - mulq 8*1($a_ptr) - add $t1, $acc4 - adc \$0, %rdx - add %rax, $acc4 - mov $t0, %rax - adc \$0, %rdx - mov %rdx, $t1 - - mulq 8*2($a_ptr) - add $t1, $acc5 - adc \$0, %rdx - add %rax, $acc5 - mov $t0, %rax - adc \$0, %rdx - - mov $acc3, $t0 - imulq %r15, $acc3 - - mov %rdx, $t1 - mulq 8*3($a_ptr) - add $t1, $acc0 - adc \$0, %rdx - xor $acc2, $acc2 - add %rax, $acc0 - mov $acc3, %rax - adc %rdx, $acc1 - adc \$0, $acc2 - - ################################# Last reduction step - mulq 8*0(%r14) - mov $acc3, $t1 - add %rax, $t0 # guaranteed to be zero - mov $acc3, %rax - adc %rdx, $t0 - - sub $acc3, $acc5 - sbb \$0, $acc3 # can't borrow - - mulq 8*1(%r14) - add $t0, $acc4 - adc \$0, %rdx - add %rax, $acc4 - mov $t1, %rax - adc %rdx, $acc5 - mov $t1, %rdx - adc \$0, $acc3 # can't overflow - - shl \$32, %rax - shr \$32, %rdx - sub %rax, $acc0 - sbb %rdx, $t1 # can't borrow - - add $acc3, $acc0 - adc $t1, $acc1 - adc \$0, $acc2 - - ################################# Subtract ord - mov $acc4, $a_ptr - sub 8*0(%r14), $acc4 - mov $acc5, $acc3 - sbb 8*1(%r14), $acc5 - mov $acc0, $t0 - sbb 8*2(%r14), $acc0 - mov $acc1, $t1 - sbb 8*3(%r14), $acc1 - sbb \$0, $acc2 - - cmovc $a_ptr, $acc4 - cmovc $acc3, $acc5 - cmovc $t0, $acc0 - cmovc $t1, $acc1 - - mov $acc4, 8*0($r_ptr) - mov $acc5, 8*1($r_ptr) - mov $acc0, 8*2($r_ptr) - mov $acc1, 8*3($r_ptr) - - mov 0(%rsp),%r15 -.cfi_restore %r15 - mov 8(%rsp),%r14 -.cfi_restore %r14 - mov 16(%rsp),%r13 -.cfi_restore %r13 - mov 24(%rsp),%r12 -.cfi_restore %r12 - mov 32(%rsp),%rbx -.cfi_restore %rbx - mov 40(%rsp),%rbp -.cfi_restore %rbp - lea 48(%rsp),%rsp -.cfi_adjust_cfa_offset -48 -.Lord_mul_epilogue: - ret -.cfi_endproc -.size ecp_nistz256_ord_mul_mont,.-ecp_nistz256_ord_mul_mont - -################################################################################ -# void ecp_nistz256_ord_sqr_mont( -# uint64_t res[4], -# uint64_t a[4], -# uint64_t rep); - -.globl ecp_nistz256_ord_sqr_mont -.type ecp_nistz256_ord_sqr_mont,\@function,3 -.align 32 -ecp_nistz256_ord_sqr_mont: -.cfi_startproc -___ -$code.=<<___ if ($addx); - mov \$0x80100, %ecx - and OPENSSL_ia32cap_P+8(%rip), %ecx - cmp \$0x80100, %ecx - je .Lecp_nistz256_ord_sqr_montx -___ -$code.=<<___; - push %rbp -.cfi_push %rbp - push %rbx -.cfi_push %rbx - push %r12 -.cfi_push %r12 - push %r13 -.cfi_push %r13 - push %r14 -.cfi_push %r14 - push %r15 -.cfi_push %r15 -.Lord_sqr_body: - - mov 8*0($a_ptr), $acc0 - mov 8*1($a_ptr), %rax - mov 8*2($a_ptr), $acc6 - mov 8*3($a_ptr), $acc7 - lea .Lord(%rip), $a_ptr # pointer to modulus - mov $b_org, $b_ptr - jmp .Loop_ord_sqr - -.align 32 -.Loop_ord_sqr: - ################################# a[1:] * a[0] - mov %rax, $t1 # put aside a[1] - mul $acc0 # a[1] * a[0] - mov %rax, $acc1 - movq $t1, %xmm1 # offload a[1] - mov $acc6, %rax - mov %rdx, $acc2 - - mul $acc0 # a[2] * a[0] - add %rax, $acc2 - mov $acc7, %rax - movq $acc6, %xmm2 # offload a[2] - adc \$0, %rdx - mov %rdx, $acc3 - - mul $acc0 # a[3] * a[0] - add %rax, $acc3 - mov $acc7, %rax - movq $acc7, %xmm3 # offload a[3] - adc \$0, %rdx - mov %rdx, $acc4 - - ################################# a[3] * a[2] - mul $acc6 # a[3] * a[2] - mov %rax, $acc5 - mov $acc6, %rax - mov %rdx, $acc6 - - ################################# a[2:] * a[1] - mul $t1 # a[2] * a[1] - add %rax, $acc3 - mov $acc7, %rax - adc \$0, %rdx - mov %rdx, $acc7 - - mul $t1 # a[3] * a[1] - add %rax, $acc4 - adc \$0, %rdx - - add $acc7, $acc4 - adc %rdx, $acc5 - adc \$0, $acc6 # can't overflow - - ################################# *2 - xor $acc7, $acc7 - mov $acc0, %rax - add $acc1, $acc1 - adc $acc2, $acc2 - adc $acc3, $acc3 - adc $acc4, $acc4 - adc $acc5, $acc5 - adc $acc6, $acc6 - adc \$0, $acc7 - - ################################# Missing products - mul %rax # a[0] * a[0] - mov %rax, $acc0 - movq %xmm1, %rax - mov %rdx, $t1 - - mul %rax # a[1] * a[1] - add $t1, $acc1 - adc %rax, $acc2 - movq %xmm2, %rax - adc \$0, %rdx - mov %rdx, $t1 - - mul %rax # a[2] * a[2] - add $t1, $acc3 - adc %rax, $acc4 - movq %xmm3, %rax - adc \$0, %rdx - mov %rdx, $t1 - - mov $acc0, $t0 - imulq 8*4($a_ptr), $acc0 # *= .LordK - - mul %rax # a[3] * a[3] - add $t1, $acc5 - adc %rax, $acc6 - mov 8*0($a_ptr), %rax # modulus[0] - adc %rdx, $acc7 # can't overflow - - ################################# First reduction step - mul $acc0 - mov $acc0, $t1 - add %rax, $t0 # guaranteed to be zero - mov 8*1($a_ptr), %rax # modulus[1] - adc %rdx, $t0 - - sub $acc0, $acc2 - sbb \$0, $t1 # can't borrow - - mul $acc0 - add $t0, $acc1 - adc \$0, %rdx - add %rax, $acc1 - mov $acc0, %rax - adc %rdx, $acc2 - mov $acc0, %rdx - adc \$0, $t1 # can't overflow - - mov $acc1, $t0 - imulq 8*4($a_ptr), $acc1 # *= .LordK - - shl \$32, %rax - shr \$32, %rdx - sub %rax, $acc3 - mov 8*0($a_ptr), %rax - sbb %rdx, $acc0 # can't borrow - - add $t1, $acc3 - adc \$0, $acc0 # can't overflow - - ################################# Second reduction step - mul $acc1 - mov $acc1, $t1 - add %rax, $t0 # guaranteed to be zero - mov 8*1($a_ptr), %rax - adc %rdx, $t0 - - sub $acc1, $acc3 - sbb \$0, $t1 # can't borrow - - mul $acc1 - add $t0, $acc2 - adc \$0, %rdx - add %rax, $acc2 - mov $acc1, %rax - adc %rdx, $acc3 - mov $acc1, %rdx - adc \$0, $t1 # can't overflow - - mov $acc2, $t0 - imulq 8*4($a_ptr), $acc2 # *= .LordK - - shl \$32, %rax - shr \$32, %rdx - sub %rax, $acc0 - mov 8*0($a_ptr), %rax - sbb %rdx, $acc1 # can't borrow - - add $t1, $acc0 - adc \$0, $acc1 # can't overflow - - ################################# Third reduction step - mul $acc2 - mov $acc2, $t1 - add %rax, $t0 # guaranteed to be zero - mov 8*1($a_ptr), %rax - adc %rdx, $t0 - - sub $acc2, $acc0 - sbb \$0, $t1 # can't borrow - - mul $acc2 - add $t0, $acc3 - adc \$0, %rdx - add %rax, $acc3 - mov $acc2, %rax - adc %rdx, $acc0 - mov $acc2, %rdx - adc \$0, $t1 # can't overflow - - mov $acc3, $t0 - imulq 8*4($a_ptr), $acc3 # *= .LordK - - shl \$32, %rax - shr \$32, %rdx - sub %rax, $acc1 - mov 8*0($a_ptr), %rax - sbb %rdx, $acc2 # can't borrow - - add $t1, $acc1 - adc \$0, $acc2 # can't overflow - - ################################# Last reduction step - mul $acc3 - mov $acc3, $t1 - add %rax, $t0 # guaranteed to be zero - mov 8*1($a_ptr), %rax - adc %rdx, $t0 - - sub $acc3, $acc1 - sbb \$0, $t1 # can't borrow - - mul $acc3 - add $t0, $acc0 - adc \$0, %rdx - add %rax, $acc0 - mov $acc3, %rax - adc %rdx, $acc1 - mov $acc3, %rdx - adc \$0, $t1 # can't overflow - - shl \$32, %rax - shr \$32, %rdx - sub %rax, $acc2 - sbb %rdx, $acc3 # can't borrow - - add $t1, $acc2 - adc \$0, $acc3 # can't overflow - - ################################# Add bits [511:256] of the sqr result - xor %rdx, %rdx - add $acc4, $acc0 - adc $acc5, $acc1 - mov $acc0, $acc4 - adc $acc6, $acc2 - adc $acc7, $acc3 - mov $acc1, %rax - adc \$0, %rdx - - ################################# Compare to modulus - sub 8*0($a_ptr), $acc0 - mov $acc2, $acc6 - sbb 8*1($a_ptr), $acc1 - sbb 8*2($a_ptr), $acc2 - mov $acc3, $acc7 - sbb 8*3($a_ptr), $acc3 - sbb \$0, %rdx - - cmovc $acc4, $acc0 - cmovnc $acc1, %rax - cmovnc $acc2, $acc6 - cmovnc $acc3, $acc7 - - dec $b_ptr - jnz .Loop_ord_sqr - - mov $acc0, 8*0($r_ptr) - mov %rax, 8*1($r_ptr) - pxor %xmm1, %xmm1 - mov $acc6, 8*2($r_ptr) - pxor %xmm2, %xmm2 - mov $acc7, 8*3($r_ptr) - pxor %xmm3, %xmm3 - - mov 0(%rsp),%r15 -.cfi_restore %r15 - mov 8(%rsp),%r14 -.cfi_restore %r14 - mov 16(%rsp),%r13 -.cfi_restore %r13 - mov 24(%rsp),%r12 -.cfi_restore %r12 - mov 32(%rsp),%rbx -.cfi_restore %rbx - mov 40(%rsp),%rbp -.cfi_restore %rbp - lea 48(%rsp),%rsp -.cfi_adjust_cfa_offset -48 -.Lord_sqr_epilogue: - ret -.cfi_endproc -.size ecp_nistz256_ord_sqr_mont,.-ecp_nistz256_ord_sqr_mont -___ - -$code.=<<___ if ($addx); -################################################################################ -.type ecp_nistz256_ord_mul_montx,\@function,3 -.align 32 -ecp_nistz256_ord_mul_montx: -.cfi_startproc -.Lecp_nistz256_ord_mul_montx: - push %rbp -.cfi_push %rbp - push %rbx -.cfi_push %rbx - push %r12 -.cfi_push %r12 - push %r13 -.cfi_push %r13 - push %r14 -.cfi_push %r14 - push %r15 -.cfi_push %r15 -.Lord_mulx_body: - - mov $b_org, $b_ptr - mov 8*0($b_org), %rdx - mov 8*0($a_ptr), $acc1 - mov 8*1($a_ptr), $acc2 - mov 8*2($a_ptr), $acc3 - mov 8*3($a_ptr), $acc4 - lea -128($a_ptr), $a_ptr # control u-op density - lea .Lord-128(%rip), %r14 - mov .LordK(%rip), %r15 - - ################################# Multiply by b[0] - mulx $acc1, $acc0, $acc1 - mulx $acc2, $t0, $acc2 - mulx $acc3, $t1, $acc3 - add $t0, $acc1 - mulx $acc4, $t0, $acc4 - mov $acc0, %rdx - mulx %r15, %rdx, %rax - adc $t1, $acc2 - adc $t0, $acc3 - adc \$0, $acc4 - - ################################# reduction - xor $acc5, $acc5 # $acc5=0, cf=0, of=0 - mulx 8*0+128(%r14), $t0, $t1 - adcx $t0, $acc0 # guaranteed to be zero - adox $t1, $acc1 - - mulx 8*1+128(%r14), $t0, $t1 - adcx $t0, $acc1 - adox $t1, $acc2 - - mulx 8*2+128(%r14), $t0, $t1 - adcx $t0, $acc2 - adox $t1, $acc3 - - mulx 8*3+128(%r14), $t0, $t1 - mov 8*1($b_ptr), %rdx - adcx $t0, $acc3 - adox $t1, $acc4 - adcx $acc0, $acc4 - adox $acc0, $acc5 - adc \$0, $acc5 # cf=0, of=0 - - ################################# Multiply by b[1] - mulx 8*0+128($a_ptr), $t0, $t1 - adcx $t0, $acc1 - adox $t1, $acc2 - - mulx 8*1+128($a_ptr), $t0, $t1 - adcx $t0, $acc2 - adox $t1, $acc3 - - mulx 8*2+128($a_ptr), $t0, $t1 - adcx $t0, $acc3 - adox $t1, $acc4 - - mulx 8*3+128($a_ptr), $t0, $t1 - mov $acc1, %rdx - mulx %r15, %rdx, %rax - adcx $t0, $acc4 - adox $t1, $acc5 - - adcx $acc0, $acc5 - adox $acc0, $acc0 - adc \$0, $acc0 # cf=0, of=0 - - ################################# reduction - mulx 8*0+128(%r14), $t0, $t1 - adcx $t0, $acc1 # guaranteed to be zero - adox $t1, $acc2 - - mulx 8*1+128(%r14), $t0, $t1 - adcx $t0, $acc2 - adox $t1, $acc3 - - mulx 8*2+128(%r14), $t0, $t1 - adcx $t0, $acc3 - adox $t1, $acc4 - - mulx 8*3+128(%r14), $t0, $t1 - mov 8*2($b_ptr), %rdx - adcx $t0, $acc4 - adox $t1, $acc5 - adcx $acc1, $acc5 - adox $acc1, $acc0 - adc \$0, $acc0 # cf=0, of=0 - - ################################# Multiply by b[2] - mulx 8*0+128($a_ptr), $t0, $t1 - adcx $t0, $acc2 - adox $t1, $acc3 - - mulx 8*1+128($a_ptr), $t0, $t1 - adcx $t0, $acc3 - adox $t1, $acc4 - - mulx 8*2+128($a_ptr), $t0, $t1 - adcx $t0, $acc4 - adox $t1, $acc5 - - mulx 8*3+128($a_ptr), $t0, $t1 - mov $acc2, %rdx - mulx %r15, %rdx, %rax - adcx $t0, $acc5 - adox $t1, $acc0 - - adcx $acc1, $acc0 - adox $acc1, $acc1 - adc \$0, $acc1 # cf=0, of=0 - - ################################# reduction - mulx 8*0+128(%r14), $t0, $t1 - adcx $t0, $acc2 # guaranteed to be zero - adox $t1, $acc3 - - mulx 8*1+128(%r14), $t0, $t1 - adcx $t0, $acc3 - adox $t1, $acc4 - - mulx 8*2+128(%r14), $t0, $t1 - adcx $t0, $acc4 - adox $t1, $acc5 - - mulx 8*3+128(%r14), $t0, $t1 - mov 8*3($b_ptr), %rdx - adcx $t0, $acc5 - adox $t1, $acc0 - adcx $acc2, $acc0 - adox $acc2, $acc1 - adc \$0, $acc1 # cf=0, of=0 - - ################################# Multiply by b[3] - mulx 8*0+128($a_ptr), $t0, $t1 - adcx $t0, $acc3 - adox $t1, $acc4 - - mulx 8*1+128($a_ptr), $t0, $t1 - adcx $t0, $acc4 - adox $t1, $acc5 - - mulx 8*2+128($a_ptr), $t0, $t1 - adcx $t0, $acc5 - adox $t1, $acc0 - - mulx 8*3+128($a_ptr), $t0, $t1 - mov $acc3, %rdx - mulx %r15, %rdx, %rax - adcx $t0, $acc0 - adox $t1, $acc1 - - adcx $acc2, $acc1 - adox $acc2, $acc2 - adc \$0, $acc2 # cf=0, of=0 - - ################################# reduction - mulx 8*0+128(%r14), $t0, $t1 - adcx $t0, $acc3 # guaranteed to be zero - adox $t1, $acc4 - - mulx 8*1+128(%r14), $t0, $t1 - adcx $t0, $acc4 - adox $t1, $acc5 - - mulx 8*2+128(%r14), $t0, $t1 - adcx $t0, $acc5 - adox $t1, $acc0 - - mulx 8*3+128(%r14), $t0, $t1 - lea 128(%r14),%r14 - mov $acc4, $t2 - adcx $t0, $acc0 - adox $t1, $acc1 - mov $acc5, $t3 - adcx $acc3, $acc1 - adox $acc3, $acc2 - adc \$0, $acc2 - - ################################# - # Branch-less conditional subtraction of P - mov $acc0, $t0 - sub 8*0(%r14), $acc4 - sbb 8*1(%r14), $acc5 - sbb 8*2(%r14), $acc0 - mov $acc1, $t1 - sbb 8*3(%r14), $acc1 - sbb \$0, $acc2 - - cmovc $t2, $acc4 - cmovc $t3, $acc5 - cmovc $t0, $acc0 - cmovc $t1, $acc1 - - mov $acc4, 8*0($r_ptr) - mov $acc5, 8*1($r_ptr) - mov $acc0, 8*2($r_ptr) - mov $acc1, 8*3($r_ptr) - - mov 0(%rsp),%r15 -.cfi_restore %r15 - mov 8(%rsp),%r14 -.cfi_restore %r14 - mov 16(%rsp),%r13 -.cfi_restore %r13 - mov 24(%rsp),%r12 -.cfi_restore %r12 - mov 32(%rsp),%rbx -.cfi_restore %rbx - mov 40(%rsp),%rbp -.cfi_restore %rbp - lea 48(%rsp),%rsp -.cfi_adjust_cfa_offset -48 -.Lord_mulx_epilogue: - ret -.cfi_endproc -.size ecp_nistz256_ord_mul_montx,.-ecp_nistz256_ord_mul_montx - -.type ecp_nistz256_ord_sqr_montx,\@function,3 -.align 32 -ecp_nistz256_ord_sqr_montx: -.cfi_startproc -.Lecp_nistz256_ord_sqr_montx: - push %rbp -.cfi_push %rbp - push %rbx -.cfi_push %rbx - push %r12 -.cfi_push %r12 - push %r13 -.cfi_push %r13 - push %r14 -.cfi_push %r14 - push %r15 -.cfi_push %r15 -.Lord_sqrx_body: - - mov $b_org, $b_ptr - mov 8*0($a_ptr), %rdx - mov 8*1($a_ptr), $acc6 - mov 8*2($a_ptr), $acc7 - mov 8*3($a_ptr), $acc0 - lea .Lord(%rip), $a_ptr - jmp .Loop_ord_sqrx - -.align 32 -.Loop_ord_sqrx: - mulx $acc6, $acc1, $acc2 # a[0]*a[1] - mulx $acc7, $t0, $acc3 # a[0]*a[2] - mov %rdx, %rax # offload a[0] - movq $acc6, %xmm1 # offload a[1] - mulx $acc0, $t1, $acc4 # a[0]*a[3] - mov $acc6, %rdx - add $t0, $acc2 - movq $acc7, %xmm2 # offload a[2] - adc $t1, $acc3 - adc \$0, $acc4 - xor $acc5, $acc5 # $acc5=0,cf=0,of=0 - ################################# - mulx $acc7, $t0, $t1 # a[1]*a[2] - adcx $t0, $acc3 - adox $t1, $acc4 - - mulx $acc0, $t0, $t1 # a[1]*a[3] - mov $acc7, %rdx - adcx $t0, $acc4 - adox $t1, $acc5 - adc \$0, $acc5 - ################################# - mulx $acc0, $t0, $acc6 # a[2]*a[3] - mov %rax, %rdx - movq $acc0, %xmm3 # offload a[3] - xor $acc7, $acc7 # $acc7=0,cf=0,of=0 - adcx $acc1, $acc1 # acc1:6<<1 - adox $t0, $acc5 - adcx $acc2, $acc2 - adox $acc7, $acc6 # of=0 - - ################################# a[i]*a[i] - mulx %rdx, $acc0, $t1 - movq %xmm1, %rdx - adcx $acc3, $acc3 - adox $t1, $acc1 - adcx $acc4, $acc4 - mulx %rdx, $t0, $t4 - movq %xmm2, %rdx - adcx $acc5, $acc5 - adox $t0, $acc2 - adcx $acc6, $acc6 - mulx %rdx, $t0, $t1 - .byte 0x67 - movq %xmm3, %rdx - adox $t4, $acc3 - adcx $acc7, $acc7 - adox $t0, $acc4 - adox $t1, $acc5 - mulx %rdx, $t0, $t4 - adox $t0, $acc6 - adox $t4, $acc7 - - ################################# reduction - mov $acc0, %rdx - mulx 8*4($a_ptr), %rdx, $t0 - - xor %rax, %rax # cf=0, of=0 - mulx 8*0($a_ptr), $t0, $t1 - adcx $t0, $acc0 # guaranteed to be zero - adox $t1, $acc1 - mulx 8*1($a_ptr), $t0, $t1 - adcx $t0, $acc1 - adox $t1, $acc2 - mulx 8*2($a_ptr), $t0, $t1 - adcx $t0, $acc2 - adox $t1, $acc3 - mulx 8*3($a_ptr), $t0, $t1 - adcx $t0, $acc3 - adox $t1, $acc0 # of=0 - adcx %rax, $acc0 # cf=0 - - ################################# - mov $acc1, %rdx - mulx 8*4($a_ptr), %rdx, $t0 - - mulx 8*0($a_ptr), $t0, $t1 - adox $t0, $acc1 # guaranteed to be zero - adcx $t1, $acc2 - mulx 8*1($a_ptr), $t0, $t1 - adox $t0, $acc2 - adcx $t1, $acc3 - mulx 8*2($a_ptr), $t0, $t1 - adox $t0, $acc3 - adcx $t1, $acc0 - mulx 8*3($a_ptr), $t0, $t1 - adox $t0, $acc0 - adcx $t1, $acc1 # cf=0 - adox %rax, $acc1 # of=0 - - ################################# - mov $acc2, %rdx - mulx 8*4($a_ptr), %rdx, $t0 - - mulx 8*0($a_ptr), $t0, $t1 - adcx $t0, $acc2 # guaranteed to be zero - adox $t1, $acc3 - mulx 8*1($a_ptr), $t0, $t1 - adcx $t0, $acc3 - adox $t1, $acc0 - mulx 8*2($a_ptr), $t0, $t1 - adcx $t0, $acc0 - adox $t1, $acc1 - mulx 8*3($a_ptr), $t0, $t1 - adcx $t0, $acc1 - adox $t1, $acc2 # of=0 - adcx %rax, $acc2 # cf=0 - - ################################# - mov $acc3, %rdx - mulx 8*4($a_ptr), %rdx, $t0 - - mulx 8*0($a_ptr), $t0, $t1 - adox $t0, $acc3 # guaranteed to be zero - adcx $t1, $acc0 - mulx 8*1($a_ptr), $t0, $t1 - adox $t0, $acc0 - adcx $t1, $acc1 - mulx 8*2($a_ptr), $t0, $t1 - adox $t0, $acc1 - adcx $t1, $acc2 - mulx 8*3($a_ptr), $t0, $t1 - adox $t0, $acc2 - adcx $t1, $acc3 - adox %rax, $acc3 - - ################################# accumulate upper half - add $acc0, $acc4 # add $acc4, $acc0 - adc $acc5, $acc1 - mov $acc4, %rdx - adc $acc6, $acc2 - adc $acc7, $acc3 - mov $acc1, $acc6 - adc \$0, %rax - - ################################# compare to modulus - sub 8*0($a_ptr), $acc4 - mov $acc2, $acc7 - sbb 8*1($a_ptr), $acc1 - sbb 8*2($a_ptr), $acc2 - mov $acc3, $acc0 - sbb 8*3($a_ptr), $acc3 - sbb \$0, %rax - - cmovnc $acc4, %rdx - cmovnc $acc1, $acc6 - cmovnc $acc2, $acc7 - cmovnc $acc3, $acc0 - - dec $b_ptr - jnz .Loop_ord_sqrx - - mov %rdx, 8*0($r_ptr) - mov $acc6, 8*1($r_ptr) - pxor %xmm1, %xmm1 - mov $acc7, 8*2($r_ptr) - pxor %xmm2, %xmm2 - mov $acc0, 8*3($r_ptr) - pxor %xmm3, %xmm3 - - mov 0(%rsp),%r15 -.cfi_restore %r15 - mov 8(%rsp),%r14 -.cfi_restore %r14 - mov 16(%rsp),%r13 -.cfi_restore %r13 - mov 24(%rsp),%r12 -.cfi_restore %r12 - mov 32(%rsp),%rbx -.cfi_restore %rbx - mov 40(%rsp),%rbp -.cfi_restore %rbp - lea 48(%rsp),%rsp -.cfi_adjust_cfa_offset -48 -.Lord_sqrx_epilogue: - ret -.cfi_endproc -.size ecp_nistz256_ord_sqr_montx,.-ecp_nistz256_ord_sqr_montx -___ - -$code.=<<___; -################################################################################ -# void ecp_nistz256_to_mont( -# uint64_t res[4], -# uint64_t in[4]); -.globl ecp_nistz256_to_mont -.type ecp_nistz256_to_mont,\@function,2 -.align 32 -ecp_nistz256_to_mont: -.cfi_startproc -___ -$code.=<<___ if ($addx); - mov \$0x80100, %ecx - and OPENSSL_ia32cap_P+8(%rip), %ecx -___ -$code.=<<___; - lea .LRR(%rip), $b_org - jmp .Lmul_mont -.cfi_endproc -.size ecp_nistz256_to_mont,.-ecp_nistz256_to_mont - -################################################################################ -# void ecp_nistz256_mul_mont( -# uint64_t res[4], -# uint64_t a[4], -# uint64_t b[4]); - -.globl ecp_nistz256_mul_mont -.type ecp_nistz256_mul_mont,\@function,3 -.align 32 -ecp_nistz256_mul_mont: -.cfi_startproc -___ -$code.=<<___ if ($addx); - mov \$0x80100, %ecx - and OPENSSL_ia32cap_P+8(%rip), %ecx -___ -$code.=<<___; -.Lmul_mont: - push %rbp -.cfi_push %rbp - push %rbx -.cfi_push %rbx - push %r12 -.cfi_push %r12 - push %r13 -.cfi_push %r13 - push %r14 -.cfi_push %r14 - push %r15 -.cfi_push %r15 -.Lmul_body: -___ -$code.=<<___ if ($addx); - cmp \$0x80100, %ecx - je .Lmul_montx -___ -$code.=<<___; - mov $b_org, $b_ptr - mov 8*0($b_org), %rax - mov 8*0($a_ptr), $acc1 - mov 8*1($a_ptr), $acc2 - mov 8*2($a_ptr), $acc3 - mov 8*3($a_ptr), $acc4 - - call __ecp_nistz256_mul_montq -___ -$code.=<<___ if ($addx); - jmp .Lmul_mont_done - -.align 32 -.Lmul_montx: - mov $b_org, $b_ptr - mov 8*0($b_org), %rdx - mov 8*0($a_ptr), $acc1 - mov 8*1($a_ptr), $acc2 - mov 8*2($a_ptr), $acc3 - mov 8*3($a_ptr), $acc4 - lea -128($a_ptr), $a_ptr # control u-op density - - call __ecp_nistz256_mul_montx -___ -$code.=<<___; -.Lmul_mont_done: - mov 0(%rsp),%r15 -.cfi_restore %r15 - mov 8(%rsp),%r14 -.cfi_restore %r14 - mov 16(%rsp),%r13 -.cfi_restore %r13 - mov 24(%rsp),%r12 -.cfi_restore %r12 - mov 32(%rsp),%rbx -.cfi_restore %rbx - mov 40(%rsp),%rbp -.cfi_restore %rbp - lea 48(%rsp),%rsp -.cfi_adjust_cfa_offset -48 -.Lmul_epilogue: - ret -.cfi_endproc -.size ecp_nistz256_mul_mont,.-ecp_nistz256_mul_mont - -.type __ecp_nistz256_mul_montq,\@abi-omnipotent -.align 32 -__ecp_nistz256_mul_montq: -.cfi_startproc - ######################################################################## - # Multiply a by b[0] - mov %rax, $t1 - mulq $acc1 - mov .Lpoly+8*1(%rip),$poly1 - mov %rax, $acc0 - mov $t1, %rax - mov %rdx, $acc1 - - mulq $acc2 - mov .Lpoly+8*3(%rip),$poly3 - add %rax, $acc1 - mov $t1, %rax - adc \$0, %rdx - mov %rdx, $acc2 - - mulq $acc3 - add %rax, $acc2 - mov $t1, %rax - adc \$0, %rdx - mov %rdx, $acc3 - - mulq $acc4 - add %rax, $acc3 - mov $acc0, %rax - adc \$0, %rdx - xor $acc5, $acc5 - mov %rdx, $acc4 - - ######################################################################## - # First reduction step - # Basically now we want to multiply acc[0] by p256, - # and add the result to the acc. - # Due to the special form of p256 we do some optimizations - # - # acc[0] x p256[0..1] = acc[0] x 2^96 - acc[0] - # then we add acc[0] and get acc[0] x 2^96 - - mov $acc0, $t1 - shl \$32, $acc0 - mulq $poly3 - shr \$32, $t1 - add $acc0, $acc1 # +=acc[0]<<96 - adc $t1, $acc2 - adc %rax, $acc3 - mov 8*1($b_ptr), %rax - adc %rdx, $acc4 - adc \$0, $acc5 - xor $acc0, $acc0 - - ######################################################################## - # Multiply by b[1] - mov %rax, $t1 - mulq 8*0($a_ptr) - add %rax, $acc1 - mov $t1, %rax - adc \$0, %rdx - mov %rdx, $t0 - - mulq 8*1($a_ptr) - add $t0, $acc2 - adc \$0, %rdx - add %rax, $acc2 - mov $t1, %rax - adc \$0, %rdx - mov %rdx, $t0 - - mulq 8*2($a_ptr) - add $t0, $acc3 - adc \$0, %rdx - add %rax, $acc3 - mov $t1, %rax - adc \$0, %rdx - mov %rdx, $t0 - - mulq 8*3($a_ptr) - add $t0, $acc4 - adc \$0, %rdx - add %rax, $acc4 - mov $acc1, %rax - adc %rdx, $acc5 - adc \$0, $acc0 - - ######################################################################## - # Second reduction step - mov $acc1, $t1 - shl \$32, $acc1 - mulq $poly3 - shr \$32, $t1 - add $acc1, $acc2 - adc $t1, $acc3 - adc %rax, $acc4 - mov 8*2($b_ptr), %rax - adc %rdx, $acc5 - adc \$0, $acc0 - xor $acc1, $acc1 - - ######################################################################## - # Multiply by b[2] - mov %rax, $t1 - mulq 8*0($a_ptr) - add %rax, $acc2 - mov $t1, %rax - adc \$0, %rdx - mov %rdx, $t0 - - mulq 8*1($a_ptr) - add $t0, $acc3 - adc \$0, %rdx - add %rax, $acc3 - mov $t1, %rax - adc \$0, %rdx - mov %rdx, $t0 - - mulq 8*2($a_ptr) - add $t0, $acc4 - adc \$0, %rdx - add %rax, $acc4 - mov $t1, %rax - adc \$0, %rdx - mov %rdx, $t0 - - mulq 8*3($a_ptr) - add $t0, $acc5 - adc \$0, %rdx - add %rax, $acc5 - mov $acc2, %rax - adc %rdx, $acc0 - adc \$0, $acc1 - - ######################################################################## - # Third reduction step - mov $acc2, $t1 - shl \$32, $acc2 - mulq $poly3 - shr \$32, $t1 - add $acc2, $acc3 - adc $t1, $acc4 - adc %rax, $acc5 - mov 8*3($b_ptr), %rax - adc %rdx, $acc0 - adc \$0, $acc1 - xor $acc2, $acc2 - - ######################################################################## - # Multiply by b[3] - mov %rax, $t1 - mulq 8*0($a_ptr) - add %rax, $acc3 - mov $t1, %rax - adc \$0, %rdx - mov %rdx, $t0 - - mulq 8*1($a_ptr) - add $t0, $acc4 - adc \$0, %rdx - add %rax, $acc4 - mov $t1, %rax - adc \$0, %rdx - mov %rdx, $t0 - - mulq 8*2($a_ptr) - add $t0, $acc5 - adc \$0, %rdx - add %rax, $acc5 - mov $t1, %rax - adc \$0, %rdx - mov %rdx, $t0 - - mulq 8*3($a_ptr) - add $t0, $acc0 - adc \$0, %rdx - add %rax, $acc0 - mov $acc3, %rax - adc %rdx, $acc1 - adc \$0, $acc2 - - ######################################################################## - # Final reduction step - mov $acc3, $t1 - shl \$32, $acc3 - mulq $poly3 - shr \$32, $t1 - add $acc3, $acc4 - adc $t1, $acc5 - mov $acc4, $t0 - adc %rax, $acc0 - adc %rdx, $acc1 - mov $acc5, $t1 - adc \$0, $acc2 - - ######################################################################## - # Branch-less conditional subtraction of P - sub \$-1, $acc4 # .Lpoly[0] - mov $acc0, $t2 - sbb $poly1, $acc5 # .Lpoly[1] - sbb \$0, $acc0 # .Lpoly[2] - mov $acc1, $t3 - sbb $poly3, $acc1 # .Lpoly[3] - sbb \$0, $acc2 - - cmovc $t0, $acc4 - cmovc $t1, $acc5 - mov $acc4, 8*0($r_ptr) - cmovc $t2, $acc0 - mov $acc5, 8*1($r_ptr) - cmovc $t3, $acc1 - mov $acc0, 8*2($r_ptr) - mov $acc1, 8*3($r_ptr) - - ret -.cfi_endproc -.size __ecp_nistz256_mul_montq,.-__ecp_nistz256_mul_montq - -################################################################################ -# void ecp_nistz256_sqr_mont( -# uint64_t res[4], -# uint64_t a[4]); - -# we optimize the square according to S.Gueron and V.Krasnov, -# "Speeding up Big-Number Squaring" -.globl ecp_nistz256_sqr_mont -.type ecp_nistz256_sqr_mont,\@function,2 -.align 32 -ecp_nistz256_sqr_mont: -.cfi_startproc -___ -$code.=<<___ if ($addx); - mov \$0x80100, %ecx - and OPENSSL_ia32cap_P+8(%rip), %ecx -___ -$code.=<<___; - push %rbp -.cfi_push %rbp - push %rbx -.cfi_push %rbx - push %r12 -.cfi_push %r12 - push %r13 -.cfi_push %r13 - push %r14 -.cfi_push %r14 - push %r15 -.cfi_push %r15 -.Lsqr_body: -___ -$code.=<<___ if ($addx); - cmp \$0x80100, %ecx - je .Lsqr_montx -___ -$code.=<<___; - mov 8*0($a_ptr), %rax - mov 8*1($a_ptr), $acc6 - mov 8*2($a_ptr), $acc7 - mov 8*3($a_ptr), $acc0 - - call __ecp_nistz256_sqr_montq -___ -$code.=<<___ if ($addx); - jmp .Lsqr_mont_done - -.align 32 -.Lsqr_montx: - mov 8*0($a_ptr), %rdx - mov 8*1($a_ptr), $acc6 - mov 8*2($a_ptr), $acc7 - mov 8*3($a_ptr), $acc0 - lea -128($a_ptr), $a_ptr # control u-op density - - call __ecp_nistz256_sqr_montx -___ -$code.=<<___; -.Lsqr_mont_done: - mov 0(%rsp),%r15 -.cfi_restore %r15 - mov 8(%rsp),%r14 -.cfi_restore %r14 - mov 16(%rsp),%r13 -.cfi_restore %r13 - mov 24(%rsp),%r12 -.cfi_restore %r12 - mov 32(%rsp),%rbx -.cfi_restore %rbx - mov 40(%rsp),%rbp -.cfi_restore %rbp - lea 48(%rsp),%rsp -.cfi_adjust_cfa_offset -48 -.Lsqr_epilogue: - ret -.cfi_endproc -.size ecp_nistz256_sqr_mont,.-ecp_nistz256_sqr_mont - -.type __ecp_nistz256_sqr_montq,\@abi-omnipotent -.align 32 -__ecp_nistz256_sqr_montq: -.cfi_startproc - mov %rax, $acc5 - mulq $acc6 # a[1]*a[0] - mov %rax, $acc1 - mov $acc7, %rax - mov %rdx, $acc2 - - mulq $acc5 # a[0]*a[2] - add %rax, $acc2 - mov $acc0, %rax - adc \$0, %rdx - mov %rdx, $acc3 - - mulq $acc5 # a[0]*a[3] - add %rax, $acc3 - mov $acc7, %rax - adc \$0, %rdx - mov %rdx, $acc4 - - ################################# - mulq $acc6 # a[1]*a[2] - add %rax, $acc3 - mov $acc0, %rax - adc \$0, %rdx - mov %rdx, $t1 - - mulq $acc6 # a[1]*a[3] - add %rax, $acc4 - mov $acc0, %rax - adc \$0, %rdx - add $t1, $acc4 - mov %rdx, $acc5 - adc \$0, $acc5 - - ################################# - mulq $acc7 # a[2]*a[3] - xor $acc7, $acc7 - add %rax, $acc5 - mov 8*0($a_ptr), %rax - mov %rdx, $acc6 - adc \$0, $acc6 - - add $acc1, $acc1 # acc1:6<<1 - adc $acc2, $acc2 - adc $acc3, $acc3 - adc $acc4, $acc4 - adc $acc5, $acc5 - adc $acc6, $acc6 - adc \$0, $acc7 - - mulq %rax - mov %rax, $acc0 - mov 8*1($a_ptr), %rax - mov %rdx, $t0 - - mulq %rax - add $t0, $acc1 - adc %rax, $acc2 - mov 8*2($a_ptr), %rax - adc \$0, %rdx - mov %rdx, $t0 - - mulq %rax - add $t0, $acc3 - adc %rax, $acc4 - mov 8*3($a_ptr), %rax - adc \$0, %rdx - mov %rdx, $t0 - - mulq %rax - add $t0, $acc5 - adc %rax, $acc6 - mov $acc0, %rax - adc %rdx, $acc7 - - mov .Lpoly+8*1(%rip), $a_ptr - mov .Lpoly+8*3(%rip), $t1 - - ########################################## - # Now the reduction - # First iteration - mov $acc0, $t0 - shl \$32, $acc0 - mulq $t1 - shr \$32, $t0 - add $acc0, $acc1 # +=acc[0]<<96 - adc $t0, $acc2 - adc %rax, $acc3 - mov $acc1, %rax - adc \$0, %rdx - - ########################################## - # Second iteration - mov $acc1, $t0 - shl \$32, $acc1 - mov %rdx, $acc0 - mulq $t1 - shr \$32, $t0 - add $acc1, $acc2 - adc $t0, $acc3 - adc %rax, $acc0 - mov $acc2, %rax - adc \$0, %rdx - - ########################################## - # Third iteration - mov $acc2, $t0 - shl \$32, $acc2 - mov %rdx, $acc1 - mulq $t1 - shr \$32, $t0 - add $acc2, $acc3 - adc $t0, $acc0 - adc %rax, $acc1 - mov $acc3, %rax - adc \$0, %rdx - - ########################################### - # Last iteration - mov $acc3, $t0 - shl \$32, $acc3 - mov %rdx, $acc2 - mulq $t1 - shr \$32, $t0 - add $acc3, $acc0 - adc $t0, $acc1 - adc %rax, $acc2 - adc \$0, %rdx - xor $acc3, $acc3 - - ############################################ - # Add the rest of the acc - add $acc0, $acc4 - adc $acc1, $acc5 - mov $acc4, $acc0 - adc $acc2, $acc6 - adc %rdx, $acc7 - mov $acc5, $acc1 - adc \$0, $acc3 - - sub \$-1, $acc4 # .Lpoly[0] - mov $acc6, $acc2 - sbb $a_ptr, $acc5 # .Lpoly[1] - sbb \$0, $acc6 # .Lpoly[2] - mov $acc7, $t0 - sbb $t1, $acc7 # .Lpoly[3] - sbb \$0, $acc3 - - cmovc $acc0, $acc4 - cmovc $acc1, $acc5 - mov $acc4, 8*0($r_ptr) - cmovc $acc2, $acc6 - mov $acc5, 8*1($r_ptr) - cmovc $t0, $acc7 - mov $acc6, 8*2($r_ptr) - mov $acc7, 8*3($r_ptr) - - ret -.cfi_endproc -.size __ecp_nistz256_sqr_montq,.-__ecp_nistz256_sqr_montq -___ - -if ($addx) { -$code.=<<___; -.type __ecp_nistz256_mul_montx,\@abi-omnipotent -.align 32 -__ecp_nistz256_mul_montx: -.cfi_startproc - ######################################################################## - # Multiply by b[0] - mulx $acc1, $acc0, $acc1 - mulx $acc2, $t0, $acc2 - mov \$32, $poly1 - xor $acc5, $acc5 # cf=0 - mulx $acc3, $t1, $acc3 - mov .Lpoly+8*3(%rip), $poly3 - adc $t0, $acc1 - mulx $acc4, $t0, $acc4 - mov $acc0, %rdx - adc $t1, $acc2 - shlx $poly1,$acc0,$t1 - adc $t0, $acc3 - shrx $poly1,$acc0,$t0 - adc \$0, $acc4 - - ######################################################################## - # First reduction step - add $t1, $acc1 - adc $t0, $acc2 - - mulx $poly3, $t0, $t1 - mov 8*1($b_ptr), %rdx - adc $t0, $acc3 - adc $t1, $acc4 - adc \$0, $acc5 - xor $acc0, $acc0 # $acc0=0,cf=0,of=0 - - ######################################################################## - # Multiply by b[1] - mulx 8*0+128($a_ptr), $t0, $t1 - adcx $t0, $acc1 - adox $t1, $acc2 - - mulx 8*1+128($a_ptr), $t0, $t1 - adcx $t0, $acc2 - adox $t1, $acc3 - - mulx 8*2+128($a_ptr), $t0, $t1 - adcx $t0, $acc3 - adox $t1, $acc4 - - mulx 8*3+128($a_ptr), $t0, $t1 - mov $acc1, %rdx - adcx $t0, $acc4 - shlx $poly1, $acc1, $t0 - adox $t1, $acc5 - shrx $poly1, $acc1, $t1 - - adcx $acc0, $acc5 - adox $acc0, $acc0 - adc \$0, $acc0 - - ######################################################################## - # Second reduction step - add $t0, $acc2 - adc $t1, $acc3 - - mulx $poly3, $t0, $t1 - mov 8*2($b_ptr), %rdx - adc $t0, $acc4 - adc $t1, $acc5 - adc \$0, $acc0 - xor $acc1 ,$acc1 # $acc1=0,cf=0,of=0 - - ######################################################################## - # Multiply by b[2] - mulx 8*0+128($a_ptr), $t0, $t1 - adcx $t0, $acc2 - adox $t1, $acc3 - - mulx 8*1+128($a_ptr), $t0, $t1 - adcx $t0, $acc3 - adox $t1, $acc4 - - mulx 8*2+128($a_ptr), $t0, $t1 - adcx $t0, $acc4 - adox $t1, $acc5 - - mulx 8*3+128($a_ptr), $t0, $t1 - mov $acc2, %rdx - adcx $t0, $acc5 - shlx $poly1, $acc2, $t0 - adox $t1, $acc0 - shrx $poly1, $acc2, $t1 - - adcx $acc1, $acc0 - adox $acc1, $acc1 - adc \$0, $acc1 - - ######################################################################## - # Third reduction step - add $t0, $acc3 - adc $t1, $acc4 - - mulx $poly3, $t0, $t1 - mov 8*3($b_ptr), %rdx - adc $t0, $acc5 - adc $t1, $acc0 - adc \$0, $acc1 - xor $acc2, $acc2 # $acc2=0,cf=0,of=0 - - ######################################################################## - # Multiply by b[3] - mulx 8*0+128($a_ptr), $t0, $t1 - adcx $t0, $acc3 - adox $t1, $acc4 - - mulx 8*1+128($a_ptr), $t0, $t1 - adcx $t0, $acc4 - adox $t1, $acc5 - - mulx 8*2+128($a_ptr), $t0, $t1 - adcx $t0, $acc5 - adox $t1, $acc0 - - mulx 8*3+128($a_ptr), $t0, $t1 - mov $acc3, %rdx - adcx $t0, $acc0 - shlx $poly1, $acc3, $t0 - adox $t1, $acc1 - shrx $poly1, $acc3, $t1 - - adcx $acc2, $acc1 - adox $acc2, $acc2 - adc \$0, $acc2 - - ######################################################################## - # Fourth reduction step - add $t0, $acc4 - adc $t1, $acc5 - - mulx $poly3, $t0, $t1 - mov $acc4, $t2 - mov .Lpoly+8*1(%rip), $poly1 - adc $t0, $acc0 - mov $acc5, $t3 - adc $t1, $acc1 - adc \$0, $acc2 - - ######################################################################## - # Branch-less conditional subtraction of P - xor %eax, %eax - mov $acc0, $t0 - sbb \$-1, $acc4 # .Lpoly[0] - sbb $poly1, $acc5 # .Lpoly[1] - sbb \$0, $acc0 # .Lpoly[2] - mov $acc1, $t1 - sbb $poly3, $acc1 # .Lpoly[3] - sbb \$0, $acc2 - - cmovc $t2, $acc4 - cmovc $t3, $acc5 - mov $acc4, 8*0($r_ptr) - cmovc $t0, $acc0 - mov $acc5, 8*1($r_ptr) - cmovc $t1, $acc1 - mov $acc0, 8*2($r_ptr) - mov $acc1, 8*3($r_ptr) - - ret -.cfi_endproc -.size __ecp_nistz256_mul_montx,.-__ecp_nistz256_mul_montx - -.type __ecp_nistz256_sqr_montx,\@abi-omnipotent -.align 32 -__ecp_nistz256_sqr_montx: -.cfi_startproc - mulx $acc6, $acc1, $acc2 # a[0]*a[1] - mulx $acc7, $t0, $acc3 # a[0]*a[2] - xor %eax, %eax - adc $t0, $acc2 - mulx $acc0, $t1, $acc4 # a[0]*a[3] - mov $acc6, %rdx - adc $t1, $acc3 - adc \$0, $acc4 - xor $acc5, $acc5 # $acc5=0,cf=0,of=0 - - ################################# - mulx $acc7, $t0, $t1 # a[1]*a[2] - adcx $t0, $acc3 - adox $t1, $acc4 - - mulx $acc0, $t0, $t1 # a[1]*a[3] - mov $acc7, %rdx - adcx $t0, $acc4 - adox $t1, $acc5 - adc \$0, $acc5 - - ################################# - mulx $acc0, $t0, $acc6 # a[2]*a[3] - mov 8*0+128($a_ptr), %rdx - xor $acc7, $acc7 # $acc7=0,cf=0,of=0 - adcx $acc1, $acc1 # acc1:6<<1 - adox $t0, $acc5 - adcx $acc2, $acc2 - adox $acc7, $acc6 # of=0 - - mulx %rdx, $acc0, $t1 - mov 8*1+128($a_ptr), %rdx - adcx $acc3, $acc3 - adox $t1, $acc1 - adcx $acc4, $acc4 - mulx %rdx, $t0, $t4 - mov 8*2+128($a_ptr), %rdx - adcx $acc5, $acc5 - adox $t0, $acc2 - adcx $acc6, $acc6 - .byte 0x67 - mulx %rdx, $t0, $t1 - mov 8*3+128($a_ptr), %rdx - adox $t4, $acc3 - adcx $acc7, $acc7 - adox $t0, $acc4 - mov \$32, $a_ptr - adox $t1, $acc5 - .byte 0x67,0x67 - mulx %rdx, $t0, $t4 - mov .Lpoly+8*3(%rip), %rdx - adox $t0, $acc6 - shlx $a_ptr, $acc0, $t0 - adox $t4, $acc7 - shrx $a_ptr, $acc0, $t4 - mov %rdx,$t1 - - # reduction step 1 - add $t0, $acc1 - adc $t4, $acc2 - - mulx $acc0, $t0, $acc0 - adc $t0, $acc3 - shlx $a_ptr, $acc1, $t0 - adc \$0, $acc0 - shrx $a_ptr, $acc1, $t4 - - # reduction step 2 - add $t0, $acc2 - adc $t4, $acc3 - - mulx $acc1, $t0, $acc1 - adc $t0, $acc0 - shlx $a_ptr, $acc2, $t0 - adc \$0, $acc1 - shrx $a_ptr, $acc2, $t4 - - # reduction step 3 - add $t0, $acc3 - adc $t4, $acc0 - - mulx $acc2, $t0, $acc2 - adc $t0, $acc1 - shlx $a_ptr, $acc3, $t0 - adc \$0, $acc2 - shrx $a_ptr, $acc3, $t4 - - # reduction step 4 - add $t0, $acc0 - adc $t4, $acc1 - - mulx $acc3, $t0, $acc3 - adc $t0, $acc2 - adc \$0, $acc3 - - xor $t3, $t3 - add $acc0, $acc4 # accumulate upper half - mov .Lpoly+8*1(%rip), $a_ptr - adc $acc1, $acc5 - mov $acc4, $acc0 - adc $acc2, $acc6 - adc $acc3, $acc7 - mov $acc5, $acc1 - adc \$0, $t3 - - sub \$-1, $acc4 # .Lpoly[0] - mov $acc6, $acc2 - sbb $a_ptr, $acc5 # .Lpoly[1] - sbb \$0, $acc6 # .Lpoly[2] - mov $acc7, $acc3 - sbb $t1, $acc7 # .Lpoly[3] - sbb \$0, $t3 - - cmovc $acc0, $acc4 - cmovc $acc1, $acc5 - mov $acc4, 8*0($r_ptr) - cmovc $acc2, $acc6 - mov $acc5, 8*1($r_ptr) - cmovc $acc3, $acc7 - mov $acc6, 8*2($r_ptr) - mov $acc7, 8*3($r_ptr) - - ret -.cfi_endproc -.size __ecp_nistz256_sqr_montx,.-__ecp_nistz256_sqr_montx -___ -} -} -{ -my ($r_ptr,$in_ptr)=("%rdi","%rsi"); -my ($acc0,$acc1,$acc2,$acc3)=map("%r$_",(8..11)); -my ($t0,$t1,$t2)=("%rcx","%r12","%r13"); - -$code.=<<___; -################################################################################ -# void ecp_nistz256_from_mont( -# uint64_t res[4], -# uint64_t in[4]); -# This one performs Montgomery multiplication by 1, so we only need the reduction - -.globl ecp_nistz256_from_mont -.type ecp_nistz256_from_mont,\@function,2 -.align 32 -ecp_nistz256_from_mont: -.cfi_startproc - push %r12 -.cfi_push %r12 - push %r13 -.cfi_push %r13 -.Lfrom_body: - - mov 8*0($in_ptr), %rax - mov .Lpoly+8*3(%rip), $t2 - mov 8*1($in_ptr), $acc1 - mov 8*2($in_ptr), $acc2 - mov 8*3($in_ptr), $acc3 - mov %rax, $acc0 - mov .Lpoly+8*1(%rip), $t1 - - ######################################### - # First iteration - mov %rax, $t0 - shl \$32, $acc0 - mulq $t2 - shr \$32, $t0 - add $acc0, $acc1 - adc $t0, $acc2 - adc %rax, $acc3 - mov $acc1, %rax - adc \$0, %rdx - - ######################################### - # Second iteration - mov $acc1, $t0 - shl \$32, $acc1 - mov %rdx, $acc0 - mulq $t2 - shr \$32, $t0 - add $acc1, $acc2 - adc $t0, $acc3 - adc %rax, $acc0 - mov $acc2, %rax - adc \$0, %rdx - - ########################################## - # Third iteration - mov $acc2, $t0 - shl \$32, $acc2 - mov %rdx, $acc1 - mulq $t2 - shr \$32, $t0 - add $acc2, $acc3 - adc $t0, $acc0 - adc %rax, $acc1 - mov $acc3, %rax - adc \$0, %rdx - - ########################################### - # Last iteration - mov $acc3, $t0 - shl \$32, $acc3 - mov %rdx, $acc2 - mulq $t2 - shr \$32, $t0 - add $acc3, $acc0 - adc $t0, $acc1 - mov $acc0, $t0 - adc %rax, $acc2 - mov $acc1, $in_ptr - adc \$0, %rdx - - ########################################### - # Branch-less conditional subtraction - sub \$-1, $acc0 - mov $acc2, %rax - sbb $t1, $acc1 - sbb \$0, $acc2 - mov %rdx, $acc3 - sbb $t2, %rdx - sbb $t2, $t2 - - cmovnz $t0, $acc0 - cmovnz $in_ptr, $acc1 - mov $acc0, 8*0($r_ptr) - cmovnz %rax, $acc2 - mov $acc1, 8*1($r_ptr) - cmovz %rdx, $acc3 - mov $acc2, 8*2($r_ptr) - mov $acc3, 8*3($r_ptr) - - mov 0(%rsp),%r13 -.cfi_restore %r13 - mov 8(%rsp),%r12 -.cfi_restore %r12 - lea 16(%rsp),%rsp -.cfi_adjust_cfa_offset -16 -.Lfrom_epilogue: - ret -.cfi_endproc -.size ecp_nistz256_from_mont,.-ecp_nistz256_from_mont -___ -} -{ -my ($val,$in_t,$index)=$win64?("%rcx","%rdx","%r8d"):("%rdi","%rsi","%edx"); -my ($ONE,$INDEX,$Ra,$Rb,$Rc,$Rd,$Re,$Rf)=map("%xmm$_",(0..7)); -my ($M0,$T0a,$T0b,$T0c,$T0d,$T0e,$T0f,$TMP0)=map("%xmm$_",(8..15)); -my ($M1,$T2a,$T2b,$TMP2,$M2,$T2a,$T2b,$TMP2)=map("%xmm$_",(8..15)); - -$code.=<<___; -################################################################################ -# void ecp_nistz256_scatter_w5(uint64_t *val, uint64_t *in_t, int index); -.globl ecp_nistz256_scatter_w5 -.type ecp_nistz256_scatter_w5,\@abi-omnipotent -.align 32 -ecp_nistz256_scatter_w5: -.cfi_startproc - lea -3($index,$index,2), $index - movdqa 0x00($in_t), %xmm0 - shl \$5, $index - movdqa 0x10($in_t), %xmm1 - movdqa 0x20($in_t), %xmm2 - movdqa 0x30($in_t), %xmm3 - movdqa 0x40($in_t), %xmm4 - movdqa 0x50($in_t), %xmm5 - movdqa %xmm0, 0x00($val,$index) - movdqa %xmm1, 0x10($val,$index) - movdqa %xmm2, 0x20($val,$index) - movdqa %xmm3, 0x30($val,$index) - movdqa %xmm4, 0x40($val,$index) - movdqa %xmm5, 0x50($val,$index) - - ret -.cfi_endproc -.size ecp_nistz256_scatter_w5,.-ecp_nistz256_scatter_w5 - -################################################################################ -# void ecp_nistz256_gather_w5(uint64_t *val, uint64_t *in_t, int index); -.globl ecp_nistz256_gather_w5 -.type ecp_nistz256_gather_w5,\@abi-omnipotent -.align 32 -ecp_nistz256_gather_w5: -.cfi_startproc -___ -$code.=<<___ if ($avx>1); - mov OPENSSL_ia32cap_P+8(%rip), %eax - test \$`1<<5`, %eax - jnz .Lavx2_gather_w5 -___ -$code.=<<___ if ($win64); - lea -0x88(%rsp), %rax -.LSEH_begin_ecp_nistz256_gather_w5: - .byte 0x48,0x8d,0x60,0xe0 #lea -0x20(%rax), %rsp - .byte 0x0f,0x29,0x70,0xe0 #movaps %xmm6, -0x20(%rax) - .byte 0x0f,0x29,0x78,0xf0 #movaps %xmm7, -0x10(%rax) - .byte 0x44,0x0f,0x29,0x00 #movaps %xmm8, 0(%rax) - .byte 0x44,0x0f,0x29,0x48,0x10 #movaps %xmm9, 0x10(%rax) - .byte 0x44,0x0f,0x29,0x50,0x20 #movaps %xmm10, 0x20(%rax) - .byte 0x44,0x0f,0x29,0x58,0x30 #movaps %xmm11, 0x30(%rax) - .byte 0x44,0x0f,0x29,0x60,0x40 #movaps %xmm12, 0x40(%rax) - .byte 0x44,0x0f,0x29,0x68,0x50 #movaps %xmm13, 0x50(%rax) - .byte 0x44,0x0f,0x29,0x70,0x60 #movaps %xmm14, 0x60(%rax) - .byte 0x44,0x0f,0x29,0x78,0x70 #movaps %xmm15, 0x70(%rax) -___ -$code.=<<___; - movdqa .LOne(%rip), $ONE - movd $index, $INDEX - - pxor $Ra, $Ra - pxor $Rb, $Rb - pxor $Rc, $Rc - pxor $Rd, $Rd - pxor $Re, $Re - pxor $Rf, $Rf - - movdqa $ONE, $M0 - pshufd \$0, $INDEX, $INDEX - - mov \$16, %rax -.Lselect_loop_sse_w5: - - movdqa $M0, $TMP0 - paddd $ONE, $M0 - pcmpeqd $INDEX, $TMP0 - - movdqa 16*0($in_t), $T0a - movdqa 16*1($in_t), $T0b - movdqa 16*2($in_t), $T0c - movdqa 16*3($in_t), $T0d - movdqa 16*4($in_t), $T0e - movdqa 16*5($in_t), $T0f - lea 16*6($in_t), $in_t - - pand $TMP0, $T0a - pand $TMP0, $T0b - por $T0a, $Ra - pand $TMP0, $T0c - por $T0b, $Rb - pand $TMP0, $T0d - por $T0c, $Rc - pand $TMP0, $T0e - por $T0d, $Rd - pand $TMP0, $T0f - por $T0e, $Re - por $T0f, $Rf - - dec %rax - jnz .Lselect_loop_sse_w5 - - movdqu $Ra, 16*0($val) - movdqu $Rb, 16*1($val) - movdqu $Rc, 16*2($val) - movdqu $Rd, 16*3($val) - movdqu $Re, 16*4($val) - movdqu $Rf, 16*5($val) -___ -$code.=<<___ if ($win64); - movaps (%rsp), %xmm6 - movaps 0x10(%rsp), %xmm7 - movaps 0x20(%rsp), %xmm8 - movaps 0x30(%rsp), %xmm9 - movaps 0x40(%rsp), %xmm10 - movaps 0x50(%rsp), %xmm11 - movaps 0x60(%rsp), %xmm12 - movaps 0x70(%rsp), %xmm13 - movaps 0x80(%rsp), %xmm14 - movaps 0x90(%rsp), %xmm15 - lea 0xa8(%rsp), %rsp -___ -$code.=<<___; - ret -.cfi_endproc -.LSEH_end_ecp_nistz256_gather_w5: -.size ecp_nistz256_gather_w5,.-ecp_nistz256_gather_w5 - -################################################################################ -# void ecp_nistz256_scatter_w7(uint64_t *val, uint64_t *in_t, int index); -.globl ecp_nistz256_scatter_w7 -.type ecp_nistz256_scatter_w7,\@abi-omnipotent -.align 32 -ecp_nistz256_scatter_w7: -.cfi_startproc - movdqu 0x00($in_t), %xmm0 - shl \$6, $index - movdqu 0x10($in_t), %xmm1 - movdqu 0x20($in_t), %xmm2 - movdqu 0x30($in_t), %xmm3 - movdqa %xmm0, 0x00($val,$index) - movdqa %xmm1, 0x10($val,$index) - movdqa %xmm2, 0x20($val,$index) - movdqa %xmm3, 0x30($val,$index) - - ret -.cfi_endproc -.size ecp_nistz256_scatter_w7,.-ecp_nistz256_scatter_w7 - -################################################################################ -# void ecp_nistz256_gather_w7(uint64_t *val, uint64_t *in_t, int index); -.globl ecp_nistz256_gather_w7 -.type ecp_nistz256_gather_w7,\@abi-omnipotent -.align 32 -ecp_nistz256_gather_w7: -.cfi_startproc -___ -$code.=<<___ if ($avx>1); - mov OPENSSL_ia32cap_P+8(%rip), %eax - test \$`1<<5`, %eax - jnz .Lavx2_gather_w7 -___ -$code.=<<___ if ($win64); - lea -0x88(%rsp), %rax -.LSEH_begin_ecp_nistz256_gather_w7: - .byte 0x48,0x8d,0x60,0xe0 #lea -0x20(%rax), %rsp - .byte 0x0f,0x29,0x70,0xe0 #movaps %xmm6, -0x20(%rax) - .byte 0x0f,0x29,0x78,0xf0 #movaps %xmm7, -0x10(%rax) - .byte 0x44,0x0f,0x29,0x00 #movaps %xmm8, 0(%rax) - .byte 0x44,0x0f,0x29,0x48,0x10 #movaps %xmm9, 0x10(%rax) - .byte 0x44,0x0f,0x29,0x50,0x20 #movaps %xmm10, 0x20(%rax) - .byte 0x44,0x0f,0x29,0x58,0x30 #movaps %xmm11, 0x30(%rax) - .byte 0x44,0x0f,0x29,0x60,0x40 #movaps %xmm12, 0x40(%rax) - .byte 0x44,0x0f,0x29,0x68,0x50 #movaps %xmm13, 0x50(%rax) - .byte 0x44,0x0f,0x29,0x70,0x60 #movaps %xmm14, 0x60(%rax) - .byte 0x44,0x0f,0x29,0x78,0x70 #movaps %xmm15, 0x70(%rax) -___ -$code.=<<___; - movdqa .LOne(%rip), $M0 - movd $index, $INDEX - - pxor $Ra, $Ra - pxor $Rb, $Rb - pxor $Rc, $Rc - pxor $Rd, $Rd - - movdqa $M0, $ONE - pshufd \$0, $INDEX, $INDEX - mov \$64, %rax - -.Lselect_loop_sse_w7: - movdqa $M0, $TMP0 - paddd $ONE, $M0 - movdqa 16*0($in_t), $T0a - movdqa 16*1($in_t), $T0b - pcmpeqd $INDEX, $TMP0 - movdqa 16*2($in_t), $T0c - movdqa 16*3($in_t), $T0d - lea 16*4($in_t), $in_t - - pand $TMP0, $T0a - pand $TMP0, $T0b - por $T0a, $Ra - pand $TMP0, $T0c - por $T0b, $Rb - pand $TMP0, $T0d - por $T0c, $Rc - prefetcht0 255($in_t) - por $T0d, $Rd - - dec %rax - jnz .Lselect_loop_sse_w7 - - movdqu $Ra, 16*0($val) - movdqu $Rb, 16*1($val) - movdqu $Rc, 16*2($val) - movdqu $Rd, 16*3($val) -___ -$code.=<<___ if ($win64); - movaps (%rsp), %xmm6 - movaps 0x10(%rsp), %xmm7 - movaps 0x20(%rsp), %xmm8 - movaps 0x30(%rsp), %xmm9 - movaps 0x40(%rsp), %xmm10 - movaps 0x50(%rsp), %xmm11 - movaps 0x60(%rsp), %xmm12 - movaps 0x70(%rsp), %xmm13 - movaps 0x80(%rsp), %xmm14 - movaps 0x90(%rsp), %xmm15 - lea 0xa8(%rsp), %rsp -___ -$code.=<<___; - ret -.cfi_endproc -.LSEH_end_ecp_nistz256_gather_w7: -.size ecp_nistz256_gather_w7,.-ecp_nistz256_gather_w7 -___ -} -if ($avx>1) { -my ($val,$in_t,$index)=$win64?("%rcx","%rdx","%r8d"):("%rdi","%rsi","%edx"); -my ($TWO,$INDEX,$Ra,$Rb,$Rc)=map("%ymm$_",(0..4)); -my ($M0,$T0a,$T0b,$T0c,$TMP0)=map("%ymm$_",(5..9)); -my ($M1,$T1a,$T1b,$T1c,$TMP1)=map("%ymm$_",(10..14)); - -$code.=<<___; -################################################################################ -# void ecp_nistz256_avx2_gather_w5(uint64_t *val, uint64_t *in_t, int index); -.type ecp_nistz256_avx2_gather_w5,\@abi-omnipotent -.align 32 -ecp_nistz256_avx2_gather_w5: -.cfi_startproc -.Lavx2_gather_w5: - vzeroupper -___ -$code.=<<___ if ($win64); - lea -0x88(%rsp), %rax - mov %rsp,%r11 -.LSEH_begin_ecp_nistz256_avx2_gather_w5: - .byte 0x48,0x8d,0x60,0xe0 # lea -0x20(%rax), %rsp - .byte 0xc5,0xf8,0x29,0x70,0xe0 # vmovaps %xmm6, -0x20(%rax) - .byte 0xc5,0xf8,0x29,0x78,0xf0 # vmovaps %xmm7, -0x10(%rax) - .byte 0xc5,0x78,0x29,0x40,0x00 # vmovaps %xmm8, 8(%rax) - .byte 0xc5,0x78,0x29,0x48,0x10 # vmovaps %xmm9, 0x10(%rax) - .byte 0xc5,0x78,0x29,0x50,0x20 # vmovaps %xmm10, 0x20(%rax) - .byte 0xc5,0x78,0x29,0x58,0x30 # vmovaps %xmm11, 0x30(%rax) - .byte 0xc5,0x78,0x29,0x60,0x40 # vmovaps %xmm12, 0x40(%rax) - .byte 0xc5,0x78,0x29,0x68,0x50 # vmovaps %xmm13, 0x50(%rax) - .byte 0xc5,0x78,0x29,0x70,0x60 # vmovaps %xmm14, 0x60(%rax) - .byte 0xc5,0x78,0x29,0x78,0x70 # vmovaps %xmm15, 0x70(%rax) -___ -$code.=<<___; - vmovdqa .LTwo(%rip), $TWO - - vpxor $Ra, $Ra, $Ra - vpxor $Rb, $Rb, $Rb - vpxor $Rc, $Rc, $Rc - - vmovdqa .LOne(%rip), $M0 - vmovdqa .LTwo(%rip), $M1 - - vmovd $index, %xmm1 - vpermd $INDEX, $Ra, $INDEX - - mov \$8, %rax -.Lselect_loop_avx2_w5: - - vmovdqa 32*0($in_t), $T0a - vmovdqa 32*1($in_t), $T0b - vmovdqa 32*2($in_t), $T0c - - vmovdqa 32*3($in_t), $T1a - vmovdqa 32*4($in_t), $T1b - vmovdqa 32*5($in_t), $T1c - - vpcmpeqd $INDEX, $M0, $TMP0 - vpcmpeqd $INDEX, $M1, $TMP1 - - vpaddd $TWO, $M0, $M0 - vpaddd $TWO, $M1, $M1 - lea 32*6($in_t), $in_t - - vpand $TMP0, $T0a, $T0a - vpand $TMP0, $T0b, $T0b - vpand $TMP0, $T0c, $T0c - vpand $TMP1, $T1a, $T1a - vpand $TMP1, $T1b, $T1b - vpand $TMP1, $T1c, $T1c - - vpxor $T0a, $Ra, $Ra - vpxor $T0b, $Rb, $Rb - vpxor $T0c, $Rc, $Rc - vpxor $T1a, $Ra, $Ra - vpxor $T1b, $Rb, $Rb - vpxor $T1c, $Rc, $Rc - - dec %rax - jnz .Lselect_loop_avx2_w5 - - vmovdqu $Ra, 32*0($val) - vmovdqu $Rb, 32*1($val) - vmovdqu $Rc, 32*2($val) - vzeroupper -___ -$code.=<<___ if ($win64); - movaps (%rsp), %xmm6 - movaps 0x10(%rsp), %xmm7 - movaps 0x20(%rsp), %xmm8 - movaps 0x30(%rsp), %xmm9 - movaps 0x40(%rsp), %xmm10 - movaps 0x50(%rsp), %xmm11 - movaps 0x60(%rsp), %xmm12 - movaps 0x70(%rsp), %xmm13 - movaps 0x80(%rsp), %xmm14 - movaps 0x90(%rsp), %xmm15 - lea (%r11), %rsp -___ -$code.=<<___; - ret -.cfi_endproc -.LSEH_end_ecp_nistz256_avx2_gather_w5: -.size ecp_nistz256_avx2_gather_w5,.-ecp_nistz256_avx2_gather_w5 -___ -} -if ($avx>1) { -my ($val,$in_t,$index)=$win64?("%rcx","%rdx","%r8d"):("%rdi","%rsi","%edx"); -my ($THREE,$INDEX,$Ra,$Rb)=map("%ymm$_",(0..3)); -my ($M0,$T0a,$T0b,$TMP0)=map("%ymm$_",(4..7)); -my ($M1,$T1a,$T1b,$TMP1)=map("%ymm$_",(8..11)); -my ($M2,$T2a,$T2b,$TMP2)=map("%ymm$_",(12..15)); - -$code.=<<___; - -################################################################################ -# void ecp_nistz256_avx2_gather_w7(uint64_t *val, uint64_t *in_t, int index); -.globl ecp_nistz256_avx2_gather_w7 -.type ecp_nistz256_avx2_gather_w7,\@abi-omnipotent -.align 32 -ecp_nistz256_avx2_gather_w7: -.cfi_startproc -.Lavx2_gather_w7: - vzeroupper -___ -$code.=<<___ if ($win64); - mov %rsp,%r11 - lea -0x88(%rsp), %rax -.LSEH_begin_ecp_nistz256_avx2_gather_w7: - .byte 0x48,0x8d,0x60,0xe0 # lea -0x20(%rax), %rsp - .byte 0xc5,0xf8,0x29,0x70,0xe0 # vmovaps %xmm6, -0x20(%rax) - .byte 0xc5,0xf8,0x29,0x78,0xf0 # vmovaps %xmm7, -0x10(%rax) - .byte 0xc5,0x78,0x29,0x40,0x00 # vmovaps %xmm8, 8(%rax) - .byte 0xc5,0x78,0x29,0x48,0x10 # vmovaps %xmm9, 0x10(%rax) - .byte 0xc5,0x78,0x29,0x50,0x20 # vmovaps %xmm10, 0x20(%rax) - .byte 0xc5,0x78,0x29,0x58,0x30 # vmovaps %xmm11, 0x30(%rax) - .byte 0xc5,0x78,0x29,0x60,0x40 # vmovaps %xmm12, 0x40(%rax) - .byte 0xc5,0x78,0x29,0x68,0x50 # vmovaps %xmm13, 0x50(%rax) - .byte 0xc5,0x78,0x29,0x70,0x60 # vmovaps %xmm14, 0x60(%rax) - .byte 0xc5,0x78,0x29,0x78,0x70 # vmovaps %xmm15, 0x70(%rax) -___ -$code.=<<___; - vmovdqa .LThree(%rip), $THREE - - vpxor $Ra, $Ra, $Ra - vpxor $Rb, $Rb, $Rb - - vmovdqa .LOne(%rip), $M0 - vmovdqa .LTwo(%rip), $M1 - vmovdqa .LThree(%rip), $M2 - - vmovd $index, %xmm1 - vpermd $INDEX, $Ra, $INDEX - # Skip index = 0, because it is implicitly the point at infinity - - mov \$21, %rax -.Lselect_loop_avx2_w7: - - vmovdqa 32*0($in_t), $T0a - vmovdqa 32*1($in_t), $T0b - - vmovdqa 32*2($in_t), $T1a - vmovdqa 32*3($in_t), $T1b - - vmovdqa 32*4($in_t), $T2a - vmovdqa 32*5($in_t), $T2b - - vpcmpeqd $INDEX, $M0, $TMP0 - vpcmpeqd $INDEX, $M1, $TMP1 - vpcmpeqd $INDEX, $M2, $TMP2 - - vpaddd $THREE, $M0, $M0 - vpaddd $THREE, $M1, $M1 - vpaddd $THREE, $M2, $M2 - lea 32*6($in_t), $in_t - - vpand $TMP0, $T0a, $T0a - vpand $TMP0, $T0b, $T0b - vpand $TMP1, $T1a, $T1a - vpand $TMP1, $T1b, $T1b - vpand $TMP2, $T2a, $T2a - vpand $TMP2, $T2b, $T2b - - vpxor $T0a, $Ra, $Ra - vpxor $T0b, $Rb, $Rb - vpxor $T1a, $Ra, $Ra - vpxor $T1b, $Rb, $Rb - vpxor $T2a, $Ra, $Ra - vpxor $T2b, $Rb, $Rb - - dec %rax - jnz .Lselect_loop_avx2_w7 - - - vmovdqa 32*0($in_t), $T0a - vmovdqa 32*1($in_t), $T0b - - vpcmpeqd $INDEX, $M0, $TMP0 - - vpand $TMP0, $T0a, $T0a - vpand $TMP0, $T0b, $T0b - - vpxor $T0a, $Ra, $Ra - vpxor $T0b, $Rb, $Rb - - vmovdqu $Ra, 32*0($val) - vmovdqu $Rb, 32*1($val) - vzeroupper -___ -$code.=<<___ if ($win64); - movaps (%rsp), %xmm6 - movaps 0x10(%rsp), %xmm7 - movaps 0x20(%rsp), %xmm8 - movaps 0x30(%rsp), %xmm9 - movaps 0x40(%rsp), %xmm10 - movaps 0x50(%rsp), %xmm11 - movaps 0x60(%rsp), %xmm12 - movaps 0x70(%rsp), %xmm13 - movaps 0x80(%rsp), %xmm14 - movaps 0x90(%rsp), %xmm15 - lea (%r11), %rsp -___ -$code.=<<___; - ret -.cfi_endproc -.LSEH_end_ecp_nistz256_avx2_gather_w7: -.size ecp_nistz256_avx2_gather_w7,.-ecp_nistz256_avx2_gather_w7 -___ -} else { -$code.=<<___; -.globl ecp_nistz256_avx2_gather_w7 -.type ecp_nistz256_avx2_gather_w7,\@function,3 -.align 32 -ecp_nistz256_avx2_gather_w7: -.cfi_startproc - .byte 0x0f,0x0b # ud2 - ret -.cfi_endproc -.size ecp_nistz256_avx2_gather_w7,.-ecp_nistz256_avx2_gather_w7 -___ -} -{{{ -######################################################################## -# This block implements higher level point_double, point_add and -# point_add_affine. The key to performance in this case is to allow -# out-of-order execution logic to overlap computations from next step -# with tail processing from current step. By using tailored calling -# sequence we minimize inter-step overhead to give processor better -# shot at overlapping operations... -# -# You will notice that input data is copied to stack. Trouble is that -# there are no registers to spare for holding original pointers and -# reloading them, pointers, would create undesired dependencies on -# effective addresses calculation paths. In other words it's too done -# to favour out-of-order execution logic. -# - -my ($r_ptr,$a_ptr,$b_org,$b_ptr)=("%rdi","%rsi","%rdx","%rbx"); -my ($acc0,$acc1,$acc2,$acc3,$acc4,$acc5,$acc6,$acc7)=map("%r$_",(8..15)); -my ($t0,$t1,$t2,$t3,$t4)=("%rax","%rbp","%rcx",$acc4,$acc4); -my ($poly1,$poly3)=($acc6,$acc7); - -sub load_for_mul () { -my ($a,$b,$src0) = @_; -my $bias = $src0 eq "%rax" ? 0 : -128; - -" mov $b, $src0 - lea $b, $b_ptr - mov 8*0+$a, $acc1 - mov 8*1+$a, $acc2 - lea $bias+$a, $a_ptr - mov 8*2+$a, $acc3 - mov 8*3+$a, $acc4" -} - -sub load_for_sqr () { -my ($a,$src0) = @_; -my $bias = $src0 eq "%rax" ? 0 : -128; - -" mov 8*0+$a, $src0 - mov 8*1+$a, $acc6 - lea $bias+$a, $a_ptr - mov 8*2+$a, $acc7 - mov 8*3+$a, $acc0" -} - - { -######################################################################## -# operate in 4-5-0-1 "name space" that matches multiplication output -# -my ($a0,$a1,$a2,$a3,$t3,$t4)=($acc4,$acc5,$acc0,$acc1,$acc2,$acc3); - -$code.=<<___; -.type __ecp_nistz256_add_toq,\@abi-omnipotent -.align 32 -__ecp_nistz256_add_toq: -.cfi_startproc - xor $t4,$t4 - add 8*0($b_ptr), $a0 - adc 8*1($b_ptr), $a1 - mov $a0, $t0 - adc 8*2($b_ptr), $a2 - adc 8*3($b_ptr), $a3 - mov $a1, $t1 - adc \$0, $t4 - - sub \$-1, $a0 - mov $a2, $t2 - sbb $poly1, $a1 - sbb \$0, $a2 - mov $a3, $t3 - sbb $poly3, $a3 - sbb \$0, $t4 - - cmovc $t0, $a0 - cmovc $t1, $a1 - mov $a0, 8*0($r_ptr) - cmovc $t2, $a2 - mov $a1, 8*1($r_ptr) - cmovc $t3, $a3 - mov $a2, 8*2($r_ptr) - mov $a3, 8*3($r_ptr) - - ret -.cfi_endproc -.size __ecp_nistz256_add_toq,.-__ecp_nistz256_add_toq - -.type __ecp_nistz256_sub_fromq,\@abi-omnipotent -.align 32 -__ecp_nistz256_sub_fromq: -.cfi_startproc - sub 8*0($b_ptr), $a0 - sbb 8*1($b_ptr), $a1 - mov $a0, $t0 - sbb 8*2($b_ptr), $a2 - sbb 8*3($b_ptr), $a3 - mov $a1, $t1 - sbb $t4, $t4 - - add \$-1, $a0 - mov $a2, $t2 - adc $poly1, $a1 - adc \$0, $a2 - mov $a3, $t3 - adc $poly3, $a3 - test $t4, $t4 - - cmovz $t0, $a0 - cmovz $t1, $a1 - mov $a0, 8*0($r_ptr) - cmovz $t2, $a2 - mov $a1, 8*1($r_ptr) - cmovz $t3, $a3 - mov $a2, 8*2($r_ptr) - mov $a3, 8*3($r_ptr) - - ret -.cfi_endproc -.size __ecp_nistz256_sub_fromq,.-__ecp_nistz256_sub_fromq - -.type __ecp_nistz256_subq,\@abi-omnipotent -.align 32 -__ecp_nistz256_subq: -.cfi_startproc - sub $a0, $t0 - sbb $a1, $t1 - mov $t0, $a0 - sbb $a2, $t2 - sbb $a3, $t3 - mov $t1, $a1 - sbb $t4, $t4 - - add \$-1, $t0 - mov $t2, $a2 - adc $poly1, $t1 - adc \$0, $t2 - mov $t3, $a3 - adc $poly3, $t3 - test $t4, $t4 - - cmovnz $t0, $a0 - cmovnz $t1, $a1 - cmovnz $t2, $a2 - cmovnz $t3, $a3 - - ret -.cfi_endproc -.size __ecp_nistz256_subq,.-__ecp_nistz256_subq - -.type __ecp_nistz256_mul_by_2q,\@abi-omnipotent -.align 32 -__ecp_nistz256_mul_by_2q: -.cfi_startproc - xor $t4, $t4 - add $a0, $a0 # a0:a3+a0:a3 - adc $a1, $a1 - mov $a0, $t0 - adc $a2, $a2 - adc $a3, $a3 - mov $a1, $t1 - adc \$0, $t4 - - sub \$-1, $a0 - mov $a2, $t2 - sbb $poly1, $a1 - sbb \$0, $a2 - mov $a3, $t3 - sbb $poly3, $a3 - sbb \$0, $t4 - - cmovc $t0, $a0 - cmovc $t1, $a1 - mov $a0, 8*0($r_ptr) - cmovc $t2, $a2 - mov $a1, 8*1($r_ptr) - cmovc $t3, $a3 - mov $a2, 8*2($r_ptr) - mov $a3, 8*3($r_ptr) - - ret -.cfi_endproc -.size __ecp_nistz256_mul_by_2q,.-__ecp_nistz256_mul_by_2q -___ - } -sub gen_double () { - my $x = shift; - my ($src0,$sfx,$bias); - my ($S,$M,$Zsqr,$in_x,$tmp0)=map(32*$_,(0..4)); - - if ($x ne "x") { - $src0 = "%rax"; - $sfx = ""; - $bias = 0; - -$code.=<<___; -.globl ecp_nistz256_point_double -.type ecp_nistz256_point_double,\@function,2 -.align 32 -ecp_nistz256_point_double: -.cfi_startproc -___ -$code.=<<___ if ($addx); - mov \$0x80100, %ecx - and OPENSSL_ia32cap_P+8(%rip), %ecx - cmp \$0x80100, %ecx - je .Lpoint_doublex -___ - } else { - $src0 = "%rdx"; - $sfx = "x"; - $bias = 128; - -$code.=<<___; -.type ecp_nistz256_point_doublex,\@function,2 -.align 32 -ecp_nistz256_point_doublex: -.cfi_startproc -.Lpoint_doublex: -___ - } -$code.=<<___; - push %rbp -.cfi_push %rbp - push %rbx -.cfi_push %rbx - push %r12 -.cfi_push %r12 - push %r13 -.cfi_push %r13 - push %r14 -.cfi_push %r14 - push %r15 -.cfi_push %r15 - sub \$32*5+8, %rsp -.cfi_adjust_cfa_offset 32*5+8 -.Lpoint_double${x}_body: - -.Lpoint_double_shortcut$x: - movdqu 0x00($a_ptr), %xmm0 # copy *(P256_POINT *)$a_ptr.x - mov $a_ptr, $b_ptr # backup copy - movdqu 0x10($a_ptr), %xmm1 - mov 0x20+8*0($a_ptr), $acc4 # load in_y in "5-4-0-1" order - mov 0x20+8*1($a_ptr), $acc5 - mov 0x20+8*2($a_ptr), $acc0 - mov 0x20+8*3($a_ptr), $acc1 - mov .Lpoly+8*1(%rip), $poly1 - mov .Lpoly+8*3(%rip), $poly3 - movdqa %xmm0, $in_x(%rsp) - movdqa %xmm1, $in_x+0x10(%rsp) - lea 0x20($r_ptr), $acc2 - lea 0x40($r_ptr), $acc3 - movq $r_ptr, %xmm0 - movq $acc2, %xmm1 - movq $acc3, %xmm2 - - lea $S(%rsp), $r_ptr - call __ecp_nistz256_mul_by_2$x # p256_mul_by_2(S, in_y); - - mov 0x40+8*0($a_ptr), $src0 - mov 0x40+8*1($a_ptr), $acc6 - mov 0x40+8*2($a_ptr), $acc7 - mov 0x40+8*3($a_ptr), $acc0 - lea 0x40-$bias($a_ptr), $a_ptr - lea $Zsqr(%rsp), $r_ptr - call __ecp_nistz256_sqr_mont$x # p256_sqr_mont(Zsqr, in_z); - - `&load_for_sqr("$S(%rsp)", "$src0")` - lea $S(%rsp), $r_ptr - call __ecp_nistz256_sqr_mont$x # p256_sqr_mont(S, S); - - mov 0x20($b_ptr), $src0 # $b_ptr is still valid - mov 0x40+8*0($b_ptr), $acc1 - mov 0x40+8*1($b_ptr), $acc2 - mov 0x40+8*2($b_ptr), $acc3 - mov 0x40+8*3($b_ptr), $acc4 - lea 0x40-$bias($b_ptr), $a_ptr - lea 0x20($b_ptr), $b_ptr - movq %xmm2, $r_ptr - call __ecp_nistz256_mul_mont$x # p256_mul_mont(res_z, in_z, in_y); - call __ecp_nistz256_mul_by_2$x # p256_mul_by_2(res_z, res_z); - - mov $in_x+8*0(%rsp), $acc4 # "5-4-0-1" order - mov $in_x+8*1(%rsp), $acc5 - lea $Zsqr(%rsp), $b_ptr - mov $in_x+8*2(%rsp), $acc0 - mov $in_x+8*3(%rsp), $acc1 - lea $M(%rsp), $r_ptr - call __ecp_nistz256_add_to$x # p256_add(M, in_x, Zsqr); - - mov $in_x+8*0(%rsp), $acc4 # "5-4-0-1" order - mov $in_x+8*1(%rsp), $acc5 - lea $Zsqr(%rsp), $b_ptr - mov $in_x+8*2(%rsp), $acc0 - mov $in_x+8*3(%rsp), $acc1 - lea $Zsqr(%rsp), $r_ptr - call __ecp_nistz256_sub_from$x # p256_sub(Zsqr, in_x, Zsqr); - - `&load_for_sqr("$S(%rsp)", "$src0")` - movq %xmm1, $r_ptr - call __ecp_nistz256_sqr_mont$x # p256_sqr_mont(res_y, S); -___ -{ -######## ecp_nistz256_div_by_2(res_y, res_y); ########################## -# operate in 4-5-6-7 "name space" that matches squaring output -# -my ($poly1,$poly3)=($a_ptr,$t1); -my ($a0,$a1,$a2,$a3,$t3,$t4,$t1)=($acc4,$acc5,$acc6,$acc7,$acc0,$acc1,$acc2); - -$code.=<<___; - xor $t4, $t4 - mov $a0, $t0 - add \$-1, $a0 - mov $a1, $t1 - adc $poly1, $a1 - mov $a2, $t2 - adc \$0, $a2 - mov $a3, $t3 - adc $poly3, $a3 - adc \$0, $t4 - xor $a_ptr, $a_ptr # borrow $a_ptr - test \$1, $t0 - - cmovz $t0, $a0 - cmovz $t1, $a1 - cmovz $t2, $a2 - cmovz $t3, $a3 - cmovz $a_ptr, $t4 - - mov $a1, $t0 # a0:a3>>1 - shr \$1, $a0 - shl \$63, $t0 - mov $a2, $t1 - shr \$1, $a1 - or $t0, $a0 - shl \$63, $t1 - mov $a3, $t2 - shr \$1, $a2 - or $t1, $a1 - shl \$63, $t2 - mov $a0, 8*0($r_ptr) - shr \$1, $a3 - mov $a1, 8*1($r_ptr) - shl \$63, $t4 - or $t2, $a2 - or $t4, $a3 - mov $a2, 8*2($r_ptr) - mov $a3, 8*3($r_ptr) -___ -} -$code.=<<___; - `&load_for_mul("$M(%rsp)", "$Zsqr(%rsp)", "$src0")` - lea $M(%rsp), $r_ptr - call __ecp_nistz256_mul_mont$x # p256_mul_mont(M, M, Zsqr); - - lea $tmp0(%rsp), $r_ptr - call __ecp_nistz256_mul_by_2$x - - lea $M(%rsp), $b_ptr - lea $M(%rsp), $r_ptr - call __ecp_nistz256_add_to$x # p256_mul_by_3(M, M); - - `&load_for_mul("$S(%rsp)", "$in_x(%rsp)", "$src0")` - lea $S(%rsp), $r_ptr - call __ecp_nistz256_mul_mont$x # p256_mul_mont(S, S, in_x); - - lea $tmp0(%rsp), $r_ptr - call __ecp_nistz256_mul_by_2$x # p256_mul_by_2(tmp0, S); - - `&load_for_sqr("$M(%rsp)", "$src0")` - movq %xmm0, $r_ptr - call __ecp_nistz256_sqr_mont$x # p256_sqr_mont(res_x, M); - - lea $tmp0(%rsp), $b_ptr - mov $acc6, $acc0 # harmonize sqr output and sub input - mov $acc7, $acc1 - mov $a_ptr, $poly1 - mov $t1, $poly3 - call __ecp_nistz256_sub_from$x # p256_sub(res_x, res_x, tmp0); - - mov $S+8*0(%rsp), $t0 - mov $S+8*1(%rsp), $t1 - mov $S+8*2(%rsp), $t2 - mov $S+8*3(%rsp), $acc2 # "4-5-0-1" order - lea $S(%rsp), $r_ptr - call __ecp_nistz256_sub$x # p256_sub(S, S, res_x); - - mov $M(%rsp), $src0 - lea $M(%rsp), $b_ptr - mov $acc4, $acc6 # harmonize sub output and mul input - xor %ecx, %ecx - mov $acc4, $S+8*0(%rsp) # have to save:-( - mov $acc5, $acc2 - mov $acc5, $S+8*1(%rsp) - cmovz $acc0, $acc3 - mov $acc0, $S+8*2(%rsp) - lea $S-$bias(%rsp), $a_ptr - cmovz $acc1, $acc4 - mov $acc1, $S+8*3(%rsp) - mov $acc6, $acc1 - lea $S(%rsp), $r_ptr - call __ecp_nistz256_mul_mont$x # p256_mul_mont(S, S, M); - - movq %xmm1, $b_ptr - movq %xmm1, $r_ptr - call __ecp_nistz256_sub_from$x # p256_sub(res_y, S, res_y); - - lea 32*5+56(%rsp), %rsi -.cfi_def_cfa %rsi,8 - mov -48(%rsi),%r15 -.cfi_restore %r15 - mov -40(%rsi),%r14 -.cfi_restore %r14 - mov -32(%rsi),%r13 -.cfi_restore %r13 - mov -24(%rsi),%r12 -.cfi_restore %r12 - mov -16(%rsi),%rbx -.cfi_restore %rbx - mov -8(%rsi),%rbp -.cfi_restore %rbp - lea (%rsi),%rsp -.cfi_def_cfa_register %rsp -.Lpoint_double${x}_epilogue: - ret -.cfi_endproc -.size ecp_nistz256_point_double$sfx,.-ecp_nistz256_point_double$sfx -___ -} -&gen_double("q"); - -sub gen_add () { - my $x = shift; - my ($src0,$sfx,$bias); - my ($H,$Hsqr,$R,$Rsqr,$Hcub, - $U1,$U2,$S1,$S2, - $res_x,$res_y,$res_z, - $in1_x,$in1_y,$in1_z, - $in2_x,$in2_y,$in2_z)=map(32*$_,(0..17)); - my ($Z1sqr, $Z2sqr) = ($Hsqr, $Rsqr); - - if ($x ne "x") { - $src0 = "%rax"; - $sfx = ""; - $bias = 0; - -$code.=<<___; -.globl ecp_nistz256_point_add -.type ecp_nistz256_point_add,\@function,3 -.align 32 -ecp_nistz256_point_add: -.cfi_startproc -___ -$code.=<<___ if ($addx); - mov \$0x80100, %ecx - and OPENSSL_ia32cap_P+8(%rip), %ecx - cmp \$0x80100, %ecx - je .Lpoint_addx -___ - } else { - $src0 = "%rdx"; - $sfx = "x"; - $bias = 128; - -$code.=<<___; -.type ecp_nistz256_point_addx,\@function,3 -.align 32 -ecp_nistz256_point_addx: -.cfi_startproc -.Lpoint_addx: -___ - } -$code.=<<___; - push %rbp -.cfi_push %rbp - push %rbx -.cfi_push %rbx - push %r12 -.cfi_push %r12 - push %r13 -.cfi_push %r13 - push %r14 -.cfi_push %r14 - push %r15 -.cfi_push %r15 - sub \$32*18+8, %rsp -.cfi_adjust_cfa_offset 32*18+8 -.Lpoint_add${x}_body: - - movdqu 0x00($a_ptr), %xmm0 # copy *(P256_POINT *)$a_ptr - movdqu 0x10($a_ptr), %xmm1 - movdqu 0x20($a_ptr), %xmm2 - movdqu 0x30($a_ptr), %xmm3 - movdqu 0x40($a_ptr), %xmm4 - movdqu 0x50($a_ptr), %xmm5 - mov $a_ptr, $b_ptr # reassign - mov $b_org, $a_ptr # reassign - movdqa %xmm0, $in1_x(%rsp) - movdqa %xmm1, $in1_x+0x10(%rsp) - movdqa %xmm2, $in1_y(%rsp) - movdqa %xmm3, $in1_y+0x10(%rsp) - movdqa %xmm4, $in1_z(%rsp) - movdqa %xmm5, $in1_z+0x10(%rsp) - por %xmm4, %xmm5 - - movdqu 0x00($a_ptr), %xmm0 # copy *(P256_POINT *)$b_ptr - pshufd \$0xb1, %xmm5, %xmm3 - movdqu 0x10($a_ptr), %xmm1 - movdqu 0x20($a_ptr), %xmm2 - por %xmm3, %xmm5 - movdqu 0x30($a_ptr), %xmm3 - mov 0x40+8*0($a_ptr), $src0 # load original in2_z - mov 0x40+8*1($a_ptr), $acc6 - mov 0x40+8*2($a_ptr), $acc7 - mov 0x40+8*3($a_ptr), $acc0 - movdqa %xmm0, $in2_x(%rsp) - pshufd \$0x1e, %xmm5, %xmm4 - movdqa %xmm1, $in2_x+0x10(%rsp) - movdqu 0x40($a_ptr),%xmm0 # in2_z again - movdqu 0x50($a_ptr),%xmm1 - movdqa %xmm2, $in2_y(%rsp) - movdqa %xmm3, $in2_y+0x10(%rsp) - por %xmm4, %xmm5 - pxor %xmm4, %xmm4 - por %xmm0, %xmm1 - movq $r_ptr, %xmm0 # save $r_ptr - - lea 0x40-$bias($a_ptr), $a_ptr # $a_ptr is still valid - mov $src0, $in2_z+8*0(%rsp) # make in2_z copy - mov $acc6, $in2_z+8*1(%rsp) - mov $acc7, $in2_z+8*2(%rsp) - mov $acc0, $in2_z+8*3(%rsp) - lea $Z2sqr(%rsp), $r_ptr # Z2^2 - call __ecp_nistz256_sqr_mont$x # p256_sqr_mont(Z2sqr, in2_z); - - pcmpeqd %xmm4, %xmm5 - pshufd \$0xb1, %xmm1, %xmm4 - por %xmm1, %xmm4 - pshufd \$0, %xmm5, %xmm5 # in1infty - pshufd \$0x1e, %xmm4, %xmm3 - por %xmm3, %xmm4 - pxor %xmm3, %xmm3 - pcmpeqd %xmm3, %xmm4 - pshufd \$0, %xmm4, %xmm4 # in2infty - mov 0x40+8*0($b_ptr), $src0 # load original in1_z - mov 0x40+8*1($b_ptr), $acc6 - mov 0x40+8*2($b_ptr), $acc7 - mov 0x40+8*3($b_ptr), $acc0 - movq $b_ptr, %xmm1 - - lea 0x40-$bias($b_ptr), $a_ptr - lea $Z1sqr(%rsp), $r_ptr # Z1^2 - call __ecp_nistz256_sqr_mont$x # p256_sqr_mont(Z1sqr, in1_z); - - `&load_for_mul("$Z2sqr(%rsp)", "$in2_z(%rsp)", "$src0")` - lea $S1(%rsp), $r_ptr # S1 = Z2^3 - call __ecp_nistz256_mul_mont$x # p256_mul_mont(S1, Z2sqr, in2_z); - - `&load_for_mul("$Z1sqr(%rsp)", "$in1_z(%rsp)", "$src0")` - lea $S2(%rsp), $r_ptr # S2 = Z1^3 - call __ecp_nistz256_mul_mont$x # p256_mul_mont(S2, Z1sqr, in1_z); - - `&load_for_mul("$S1(%rsp)", "$in1_y(%rsp)", "$src0")` - lea $S1(%rsp), $r_ptr # S1 = Y1*Z2^3 - call __ecp_nistz256_mul_mont$x # p256_mul_mont(S1, S1, in1_y); - - `&load_for_mul("$S2(%rsp)", "$in2_y(%rsp)", "$src0")` - lea $S2(%rsp), $r_ptr # S2 = Y2*Z1^3 - call __ecp_nistz256_mul_mont$x # p256_mul_mont(S2, S2, in2_y); - - lea $S1(%rsp), $b_ptr - lea $R(%rsp), $r_ptr # R = S2 - S1 - call __ecp_nistz256_sub_from$x # p256_sub(R, S2, S1); - - or $acc5, $acc4 # see if result is zero - movdqa %xmm4, %xmm2 - or $acc0, $acc4 - or $acc1, $acc4 - por %xmm5, %xmm2 # in1infty || in2infty - movq $acc4, %xmm3 - - `&load_for_mul("$Z2sqr(%rsp)", "$in1_x(%rsp)", "$src0")` - lea $U1(%rsp), $r_ptr # U1 = X1*Z2^2 - call __ecp_nistz256_mul_mont$x # p256_mul_mont(U1, in1_x, Z2sqr); - - `&load_for_mul("$Z1sqr(%rsp)", "$in2_x(%rsp)", "$src0")` - lea $U2(%rsp), $r_ptr # U2 = X2*Z1^2 - call __ecp_nistz256_mul_mont$x # p256_mul_mont(U2, in2_x, Z1sqr); - - lea $U1(%rsp), $b_ptr - lea $H(%rsp), $r_ptr # H = U2 - U1 - call __ecp_nistz256_sub_from$x # p256_sub(H, U2, U1); - - or $acc5, $acc4 # see if result is zero - or $acc0, $acc4 - or $acc1, $acc4 # !is_equal(U1, U2) - - movq %xmm2, $acc0 # in1infty | in2infty - movq %xmm3, $acc1 # !is_equal(S1, S2) - - or $acc0, $acc4 - or $acc1, $acc4 - - # if (!is_equal(U1, U2) | in1infty | in2infty | !is_equal(S1, S2)) - .byte 0x3e # predict taken - jnz .Ladd_proceed$x - -.Ladd_double$x: - movq %xmm1, $a_ptr # restore $a_ptr - movq %xmm0, $r_ptr # restore $r_ptr - add \$`32*(18-5)`, %rsp # difference in frame sizes -.cfi_adjust_cfa_offset `-32*(18-5)` - jmp .Lpoint_double_shortcut$x -.cfi_adjust_cfa_offset `32*(18-5)` - -.align 32 -.Ladd_proceed$x: - `&load_for_sqr("$R(%rsp)", "$src0")` - lea $Rsqr(%rsp), $r_ptr # R^2 - call __ecp_nistz256_sqr_mont$x # p256_sqr_mont(Rsqr, R); - - `&load_for_mul("$H(%rsp)", "$in1_z(%rsp)", "$src0")` - lea $res_z(%rsp), $r_ptr # Z3 = H*Z1*Z2 - call __ecp_nistz256_mul_mont$x # p256_mul_mont(res_z, H, in1_z); - - `&load_for_sqr("$H(%rsp)", "$src0")` - lea $Hsqr(%rsp), $r_ptr # H^2 - call __ecp_nistz256_sqr_mont$x # p256_sqr_mont(Hsqr, H); - - `&load_for_mul("$res_z(%rsp)", "$in2_z(%rsp)", "$src0")` - lea $res_z(%rsp), $r_ptr # Z3 = H*Z1*Z2 - call __ecp_nistz256_mul_mont$x # p256_mul_mont(res_z, res_z, in2_z); - - `&load_for_mul("$Hsqr(%rsp)", "$H(%rsp)", "$src0")` - lea $Hcub(%rsp), $r_ptr # H^3 - call __ecp_nistz256_mul_mont$x # p256_mul_mont(Hcub, Hsqr, H); - - `&load_for_mul("$Hsqr(%rsp)", "$U1(%rsp)", "$src0")` - lea $U2(%rsp), $r_ptr # U1*H^2 - call __ecp_nistz256_mul_mont$x # p256_mul_mont(U2, U1, Hsqr); -___ -{ -####################################################################### -# operate in 4-5-0-1 "name space" that matches multiplication output -# -my ($acc0,$acc1,$acc2,$acc3,$t3,$t4)=($acc4,$acc5,$acc0,$acc1,$acc2,$acc3); -my ($poly1, $poly3)=($acc6,$acc7); - -$code.=<<___; - #lea $U2(%rsp), $a_ptr - #lea $Hsqr(%rsp), $r_ptr # 2*U1*H^2 - #call __ecp_nistz256_mul_by_2 # ecp_nistz256_mul_by_2(Hsqr, U2); - - xor $t4, $t4 - add $acc0, $acc0 # a0:a3+a0:a3 - lea $Rsqr(%rsp), $a_ptr - adc $acc1, $acc1 - mov $acc0, $t0 - adc $acc2, $acc2 - adc $acc3, $acc3 - mov $acc1, $t1 - adc \$0, $t4 - - sub \$-1, $acc0 - mov $acc2, $t2 - sbb $poly1, $acc1 - sbb \$0, $acc2 - mov $acc3, $t3 - sbb $poly3, $acc3 - sbb \$0, $t4 - - cmovc $t0, $acc0 - mov 8*0($a_ptr), $t0 - cmovc $t1, $acc1 - mov 8*1($a_ptr), $t1 - cmovc $t2, $acc2 - mov 8*2($a_ptr), $t2 - cmovc $t3, $acc3 - mov 8*3($a_ptr), $t3 - - call __ecp_nistz256_sub$x # p256_sub(res_x, Rsqr, Hsqr); - - lea $Hcub(%rsp), $b_ptr - lea $res_x(%rsp), $r_ptr - call __ecp_nistz256_sub_from$x # p256_sub(res_x, res_x, Hcub); - - mov $U2+8*0(%rsp), $t0 - mov $U2+8*1(%rsp), $t1 - mov $U2+8*2(%rsp), $t2 - mov $U2+8*3(%rsp), $t3 - lea $res_y(%rsp), $r_ptr - - call __ecp_nistz256_sub$x # p256_sub(res_y, U2, res_x); - - mov $acc0, 8*0($r_ptr) # save the result, as - mov $acc1, 8*1($r_ptr) # __ecp_nistz256_sub doesn't - mov $acc2, 8*2($r_ptr) - mov $acc3, 8*3($r_ptr) -___ -} -$code.=<<___; - `&load_for_mul("$S1(%rsp)", "$Hcub(%rsp)", "$src0")` - lea $S2(%rsp), $r_ptr - call __ecp_nistz256_mul_mont$x # p256_mul_mont(S2, S1, Hcub); - - `&load_for_mul("$R(%rsp)", "$res_y(%rsp)", "$src0")` - lea $res_y(%rsp), $r_ptr - call __ecp_nistz256_mul_mont$x # p256_mul_mont(res_y, R, res_y); - - lea $S2(%rsp), $b_ptr - lea $res_y(%rsp), $r_ptr - call __ecp_nistz256_sub_from$x # p256_sub(res_y, res_y, S2); - - movq %xmm0, $r_ptr # restore $r_ptr - - movdqa %xmm5, %xmm0 # copy_conditional(res_z, in2_z, in1infty); - movdqa %xmm5, %xmm1 - pandn $res_z(%rsp), %xmm0 - movdqa %xmm5, %xmm2 - pandn $res_z+0x10(%rsp), %xmm1 - movdqa %xmm5, %xmm3 - pand $in2_z(%rsp), %xmm2 - pand $in2_z+0x10(%rsp), %xmm3 - por %xmm0, %xmm2 - por %xmm1, %xmm3 - - movdqa %xmm4, %xmm0 # copy_conditional(res_z, in1_z, in2infty); - movdqa %xmm4, %xmm1 - pandn %xmm2, %xmm0 - movdqa %xmm4, %xmm2 - pandn %xmm3, %xmm1 - movdqa %xmm4, %xmm3 - pand $in1_z(%rsp), %xmm2 - pand $in1_z+0x10(%rsp), %xmm3 - por %xmm0, %xmm2 - por %xmm1, %xmm3 - movdqu %xmm2, 0x40($r_ptr) - movdqu %xmm3, 0x50($r_ptr) - - movdqa %xmm5, %xmm0 # copy_conditional(res_x, in2_x, in1infty); - movdqa %xmm5, %xmm1 - pandn $res_x(%rsp), %xmm0 - movdqa %xmm5, %xmm2 - pandn $res_x+0x10(%rsp), %xmm1 - movdqa %xmm5, %xmm3 - pand $in2_x(%rsp), %xmm2 - pand $in2_x+0x10(%rsp), %xmm3 - por %xmm0, %xmm2 - por %xmm1, %xmm3 - - movdqa %xmm4, %xmm0 # copy_conditional(res_x, in1_x, in2infty); - movdqa %xmm4, %xmm1 - pandn %xmm2, %xmm0 - movdqa %xmm4, %xmm2 - pandn %xmm3, %xmm1 - movdqa %xmm4, %xmm3 - pand $in1_x(%rsp), %xmm2 - pand $in1_x+0x10(%rsp), %xmm3 - por %xmm0, %xmm2 - por %xmm1, %xmm3 - movdqu %xmm2, 0x00($r_ptr) - movdqu %xmm3, 0x10($r_ptr) - - movdqa %xmm5, %xmm0 # copy_conditional(res_y, in2_y, in1infty); - movdqa %xmm5, %xmm1 - pandn $res_y(%rsp), %xmm0 - movdqa %xmm5, %xmm2 - pandn $res_y+0x10(%rsp), %xmm1 - movdqa %xmm5, %xmm3 - pand $in2_y(%rsp), %xmm2 - pand $in2_y+0x10(%rsp), %xmm3 - por %xmm0, %xmm2 - por %xmm1, %xmm3 - - movdqa %xmm4, %xmm0 # copy_conditional(res_y, in1_y, in2infty); - movdqa %xmm4, %xmm1 - pandn %xmm2, %xmm0 - movdqa %xmm4, %xmm2 - pandn %xmm3, %xmm1 - movdqa %xmm4, %xmm3 - pand $in1_y(%rsp), %xmm2 - pand $in1_y+0x10(%rsp), %xmm3 - por %xmm0, %xmm2 - por %xmm1, %xmm3 - movdqu %xmm2, 0x20($r_ptr) - movdqu %xmm3, 0x30($r_ptr) - -.Ladd_done$x: - lea 32*18+56(%rsp), %rsi -.cfi_def_cfa %rsi,8 - mov -48(%rsi),%r15 -.cfi_restore %r15 - mov -40(%rsi),%r14 -.cfi_restore %r14 - mov -32(%rsi),%r13 -.cfi_restore %r13 - mov -24(%rsi),%r12 -.cfi_restore %r12 - mov -16(%rsi),%rbx -.cfi_restore %rbx - mov -8(%rsi),%rbp -.cfi_restore %rbp - lea (%rsi),%rsp -.cfi_def_cfa_register %rsp -.Lpoint_add${x}_epilogue: - ret -.cfi_endproc -.size ecp_nistz256_point_add$sfx,.-ecp_nistz256_point_add$sfx -___ -} -&gen_add("q"); - -sub gen_add_affine () { - my $x = shift; - my ($src0,$sfx,$bias); - my ($U2,$S2,$H,$R,$Hsqr,$Hcub,$Rsqr, - $res_x,$res_y,$res_z, - $in1_x,$in1_y,$in1_z, - $in2_x,$in2_y)=map(32*$_,(0..14)); - my $Z1sqr = $S2; - - if ($x ne "x") { - $src0 = "%rax"; - $sfx = ""; - $bias = 0; - -$code.=<<___; -.globl ecp_nistz256_point_add_affine -.type ecp_nistz256_point_add_affine,\@function,3 -.align 32 -ecp_nistz256_point_add_affine: -.cfi_startproc -___ -$code.=<<___ if ($addx); - mov \$0x80100, %ecx - and OPENSSL_ia32cap_P+8(%rip), %ecx - cmp \$0x80100, %ecx - je .Lpoint_add_affinex -___ - } else { - $src0 = "%rdx"; - $sfx = "x"; - $bias = 128; - -$code.=<<___; -.type ecp_nistz256_point_add_affinex,\@function,3 -.align 32 -ecp_nistz256_point_add_affinex: -.cfi_startproc -.Lpoint_add_affinex: -___ - } -$code.=<<___; - push %rbp -.cfi_push %rbp - push %rbx -.cfi_push %rbx - push %r12 -.cfi_push %r12 - push %r13 -.cfi_push %r13 - push %r14 -.cfi_push %r14 - push %r15 -.cfi_push %r15 - sub \$32*15+8, %rsp -.cfi_adjust_cfa_offset 32*15+8 -.Ladd_affine${x}_body: - - movdqu 0x00($a_ptr), %xmm0 # copy *(P256_POINT *)$a_ptr - mov $b_org, $b_ptr # reassign - movdqu 0x10($a_ptr), %xmm1 - movdqu 0x20($a_ptr), %xmm2 - movdqu 0x30($a_ptr), %xmm3 - movdqu 0x40($a_ptr), %xmm4 - movdqu 0x50($a_ptr), %xmm5 - mov 0x40+8*0($a_ptr), $src0 # load original in1_z - mov 0x40+8*1($a_ptr), $acc6 - mov 0x40+8*2($a_ptr), $acc7 - mov 0x40+8*3($a_ptr), $acc0 - movdqa %xmm0, $in1_x(%rsp) - movdqa %xmm1, $in1_x+0x10(%rsp) - movdqa %xmm2, $in1_y(%rsp) - movdqa %xmm3, $in1_y+0x10(%rsp) - movdqa %xmm4, $in1_z(%rsp) - movdqa %xmm5, $in1_z+0x10(%rsp) - por %xmm4, %xmm5 - - movdqu 0x00($b_ptr), %xmm0 # copy *(P256_POINT_AFFINE *)$b_ptr - pshufd \$0xb1, %xmm5, %xmm3 - movdqu 0x10($b_ptr), %xmm1 - movdqu 0x20($b_ptr), %xmm2 - por %xmm3, %xmm5 - movdqu 0x30($b_ptr), %xmm3 - movdqa %xmm0, $in2_x(%rsp) - pshufd \$0x1e, %xmm5, %xmm4 - movdqa %xmm1, $in2_x+0x10(%rsp) - por %xmm0, %xmm1 - movq $r_ptr, %xmm0 # save $r_ptr - movdqa %xmm2, $in2_y(%rsp) - movdqa %xmm3, $in2_y+0x10(%rsp) - por %xmm2, %xmm3 - por %xmm4, %xmm5 - pxor %xmm4, %xmm4 - por %xmm1, %xmm3 - - lea 0x40-$bias($a_ptr), $a_ptr # $a_ptr is still valid - lea $Z1sqr(%rsp), $r_ptr # Z1^2 - call __ecp_nistz256_sqr_mont$x # p256_sqr_mont(Z1sqr, in1_z); - - pcmpeqd %xmm4, %xmm5 - pshufd \$0xb1, %xmm3, %xmm4 - mov 0x00($b_ptr), $src0 # $b_ptr is still valid - #lea 0x00($b_ptr), $b_ptr - mov $acc4, $acc1 # harmonize sqr output and mul input - por %xmm3, %xmm4 - pshufd \$0, %xmm5, %xmm5 # in1infty - pshufd \$0x1e, %xmm4, %xmm3 - mov $acc5, $acc2 - por %xmm3, %xmm4 - pxor %xmm3, %xmm3 - mov $acc6, $acc3 - pcmpeqd %xmm3, %xmm4 - pshufd \$0, %xmm4, %xmm4 # in2infty - - lea $Z1sqr-$bias(%rsp), $a_ptr - mov $acc7, $acc4 - lea $U2(%rsp), $r_ptr # U2 = X2*Z1^2 - call __ecp_nistz256_mul_mont$x # p256_mul_mont(U2, Z1sqr, in2_x); - - lea $in1_x(%rsp), $b_ptr - lea $H(%rsp), $r_ptr # H = U2 - U1 - call __ecp_nistz256_sub_from$x # p256_sub(H, U2, in1_x); - - `&load_for_mul("$Z1sqr(%rsp)", "$in1_z(%rsp)", "$src0")` - lea $S2(%rsp), $r_ptr # S2 = Z1^3 - call __ecp_nistz256_mul_mont$x # p256_mul_mont(S2, Z1sqr, in1_z); - - `&load_for_mul("$H(%rsp)", "$in1_z(%rsp)", "$src0")` - lea $res_z(%rsp), $r_ptr # Z3 = H*Z1*Z2 - call __ecp_nistz256_mul_mont$x # p256_mul_mont(res_z, H, in1_z); - - `&load_for_mul("$S2(%rsp)", "$in2_y(%rsp)", "$src0")` - lea $S2(%rsp), $r_ptr # S2 = Y2*Z1^3 - call __ecp_nistz256_mul_mont$x # p256_mul_mont(S2, S2, in2_y); - - lea $in1_y(%rsp), $b_ptr - lea $R(%rsp), $r_ptr # R = S2 - S1 - call __ecp_nistz256_sub_from$x # p256_sub(R, S2, in1_y); - - `&load_for_sqr("$H(%rsp)", "$src0")` - lea $Hsqr(%rsp), $r_ptr # H^2 - call __ecp_nistz256_sqr_mont$x # p256_sqr_mont(Hsqr, H); - - `&load_for_sqr("$R(%rsp)", "$src0")` - lea $Rsqr(%rsp), $r_ptr # R^2 - call __ecp_nistz256_sqr_mont$x # p256_sqr_mont(Rsqr, R); - - `&load_for_mul("$H(%rsp)", "$Hsqr(%rsp)", "$src0")` - lea $Hcub(%rsp), $r_ptr # H^3 - call __ecp_nistz256_mul_mont$x # p256_mul_mont(Hcub, Hsqr, H); - - `&load_for_mul("$Hsqr(%rsp)", "$in1_x(%rsp)", "$src0")` - lea $U2(%rsp), $r_ptr # U1*H^2 - call __ecp_nistz256_mul_mont$x # p256_mul_mont(U2, in1_x, Hsqr); -___ -{ -####################################################################### -# operate in 4-5-0-1 "name space" that matches multiplication output -# -my ($acc0,$acc1,$acc2,$acc3,$t3,$t4)=($acc4,$acc5,$acc0,$acc1,$acc2,$acc3); -my ($poly1, $poly3)=($acc6,$acc7); - -$code.=<<___; - #lea $U2(%rsp), $a_ptr - #lea $Hsqr(%rsp), $r_ptr # 2*U1*H^2 - #call __ecp_nistz256_mul_by_2 # ecp_nistz256_mul_by_2(Hsqr, U2); - - xor $t4, $t4 - add $acc0, $acc0 # a0:a3+a0:a3 - lea $Rsqr(%rsp), $a_ptr - adc $acc1, $acc1 - mov $acc0, $t0 - adc $acc2, $acc2 - adc $acc3, $acc3 - mov $acc1, $t1 - adc \$0, $t4 - - sub \$-1, $acc0 - mov $acc2, $t2 - sbb $poly1, $acc1 - sbb \$0, $acc2 - mov $acc3, $t3 - sbb $poly3, $acc3 - sbb \$0, $t4 - - cmovc $t0, $acc0 - mov 8*0($a_ptr), $t0 - cmovc $t1, $acc1 - mov 8*1($a_ptr), $t1 - cmovc $t2, $acc2 - mov 8*2($a_ptr), $t2 - cmovc $t3, $acc3 - mov 8*3($a_ptr), $t3 - - call __ecp_nistz256_sub$x # p256_sub(res_x, Rsqr, Hsqr); - - lea $Hcub(%rsp), $b_ptr - lea $res_x(%rsp), $r_ptr - call __ecp_nistz256_sub_from$x # p256_sub(res_x, res_x, Hcub); - - mov $U2+8*0(%rsp), $t0 - mov $U2+8*1(%rsp), $t1 - mov $U2+8*2(%rsp), $t2 - mov $U2+8*3(%rsp), $t3 - lea $H(%rsp), $r_ptr - - call __ecp_nistz256_sub$x # p256_sub(H, U2, res_x); - - mov $acc0, 8*0($r_ptr) # save the result, as - mov $acc1, 8*1($r_ptr) # __ecp_nistz256_sub doesn't - mov $acc2, 8*2($r_ptr) - mov $acc3, 8*3($r_ptr) -___ -} -$code.=<<___; - `&load_for_mul("$Hcub(%rsp)", "$in1_y(%rsp)", "$src0")` - lea $S2(%rsp), $r_ptr - call __ecp_nistz256_mul_mont$x # p256_mul_mont(S2, Hcub, in1_y); - - `&load_for_mul("$H(%rsp)", "$R(%rsp)", "$src0")` - lea $H(%rsp), $r_ptr - call __ecp_nistz256_mul_mont$x # p256_mul_mont(H, H, R); - - lea $S2(%rsp), $b_ptr - lea $res_y(%rsp), $r_ptr - call __ecp_nistz256_sub_from$x # p256_sub(res_y, H, S2); - - movq %xmm0, $r_ptr # restore $r_ptr - - movdqa %xmm5, %xmm0 # copy_conditional(res_z, ONE, in1infty); - movdqa %xmm5, %xmm1 - pandn $res_z(%rsp), %xmm0 - movdqa %xmm5, %xmm2 - pandn $res_z+0x10(%rsp), %xmm1 - movdqa %xmm5, %xmm3 - pand .LONE_mont(%rip), %xmm2 - pand .LONE_mont+0x10(%rip), %xmm3 - por %xmm0, %xmm2 - por %xmm1, %xmm3 - - movdqa %xmm4, %xmm0 # copy_conditional(res_z, in1_z, in2infty); - movdqa %xmm4, %xmm1 - pandn %xmm2, %xmm0 - movdqa %xmm4, %xmm2 - pandn %xmm3, %xmm1 - movdqa %xmm4, %xmm3 - pand $in1_z(%rsp), %xmm2 - pand $in1_z+0x10(%rsp), %xmm3 - por %xmm0, %xmm2 - por %xmm1, %xmm3 - movdqu %xmm2, 0x40($r_ptr) - movdqu %xmm3, 0x50($r_ptr) - - movdqa %xmm5, %xmm0 # copy_conditional(res_x, in2_x, in1infty); - movdqa %xmm5, %xmm1 - pandn $res_x(%rsp), %xmm0 - movdqa %xmm5, %xmm2 - pandn $res_x+0x10(%rsp), %xmm1 - movdqa %xmm5, %xmm3 - pand $in2_x(%rsp), %xmm2 - pand $in2_x+0x10(%rsp), %xmm3 - por %xmm0, %xmm2 - por %xmm1, %xmm3 - - movdqa %xmm4, %xmm0 # copy_conditional(res_x, in1_x, in2infty); - movdqa %xmm4, %xmm1 - pandn %xmm2, %xmm0 - movdqa %xmm4, %xmm2 - pandn %xmm3, %xmm1 - movdqa %xmm4, %xmm3 - pand $in1_x(%rsp), %xmm2 - pand $in1_x+0x10(%rsp), %xmm3 - por %xmm0, %xmm2 - por %xmm1, %xmm3 - movdqu %xmm2, 0x00($r_ptr) - movdqu %xmm3, 0x10($r_ptr) - - movdqa %xmm5, %xmm0 # copy_conditional(res_y, in2_y, in1infty); - movdqa %xmm5, %xmm1 - pandn $res_y(%rsp), %xmm0 - movdqa %xmm5, %xmm2 - pandn $res_y+0x10(%rsp), %xmm1 - movdqa %xmm5, %xmm3 - pand $in2_y(%rsp), %xmm2 - pand $in2_y+0x10(%rsp), %xmm3 - por %xmm0, %xmm2 - por %xmm1, %xmm3 - - movdqa %xmm4, %xmm0 # copy_conditional(res_y, in1_y, in2infty); - movdqa %xmm4, %xmm1 - pandn %xmm2, %xmm0 - movdqa %xmm4, %xmm2 - pandn %xmm3, %xmm1 - movdqa %xmm4, %xmm3 - pand $in1_y(%rsp), %xmm2 - pand $in1_y+0x10(%rsp), %xmm3 - por %xmm0, %xmm2 - por %xmm1, %xmm3 - movdqu %xmm2, 0x20($r_ptr) - movdqu %xmm3, 0x30($r_ptr) - - lea 32*15+56(%rsp), %rsi -.cfi_def_cfa %rsi,8 - mov -48(%rsi),%r15 -.cfi_restore %r15 - mov -40(%rsi),%r14 -.cfi_restore %r14 - mov -32(%rsi),%r13 -.cfi_restore %r13 - mov -24(%rsi),%r12 -.cfi_restore %r12 - mov -16(%rsi),%rbx -.cfi_restore %rbx - mov -8(%rsi),%rbp -.cfi_restore %rbp - lea (%rsi),%rsp -.cfi_def_cfa_register %rsp -.Ladd_affine${x}_epilogue: - ret -.cfi_endproc -.size ecp_nistz256_point_add_affine$sfx,.-ecp_nistz256_point_add_affine$sfx -___ -} -&gen_add_affine("q"); - -######################################################################## -# AD*X magic -# -if ($addx) { { -######################################################################## -# operate in 4-5-0-1 "name space" that matches multiplication output -# -my ($a0,$a1,$a2,$a3,$t3,$t4)=($acc4,$acc5,$acc0,$acc1,$acc2,$acc3); - -$code.=<<___; -.type __ecp_nistz256_add_tox,\@abi-omnipotent -.align 32 -__ecp_nistz256_add_tox: -.cfi_startproc - xor $t4, $t4 - adc 8*0($b_ptr), $a0 - adc 8*1($b_ptr), $a1 - mov $a0, $t0 - adc 8*2($b_ptr), $a2 - adc 8*3($b_ptr), $a3 - mov $a1, $t1 - adc \$0, $t4 - - xor $t3, $t3 - sbb \$-1, $a0 - mov $a2, $t2 - sbb $poly1, $a1 - sbb \$0, $a2 - mov $a3, $t3 - sbb $poly3, $a3 - sbb \$0, $t4 - - cmovc $t0, $a0 - cmovc $t1, $a1 - mov $a0, 8*0($r_ptr) - cmovc $t2, $a2 - mov $a1, 8*1($r_ptr) - cmovc $t3, $a3 - mov $a2, 8*2($r_ptr) - mov $a3, 8*3($r_ptr) - - ret -.cfi_endproc -.size __ecp_nistz256_add_tox,.-__ecp_nistz256_add_tox - -.type __ecp_nistz256_sub_fromx,\@abi-omnipotent -.align 32 -__ecp_nistz256_sub_fromx: -.cfi_startproc - xor $t4, $t4 - sbb 8*0($b_ptr), $a0 - sbb 8*1($b_ptr), $a1 - mov $a0, $t0 - sbb 8*2($b_ptr), $a2 - sbb 8*3($b_ptr), $a3 - mov $a1, $t1 - sbb \$0, $t4 - - xor $t3, $t3 - adc \$-1, $a0 - mov $a2, $t2 - adc $poly1, $a1 - adc \$0, $a2 - mov $a3, $t3 - adc $poly3, $a3 - - bt \$0, $t4 - cmovnc $t0, $a0 - cmovnc $t1, $a1 - mov $a0, 8*0($r_ptr) - cmovnc $t2, $a2 - mov $a1, 8*1($r_ptr) - cmovnc $t3, $a3 - mov $a2, 8*2($r_ptr) - mov $a3, 8*3($r_ptr) - - ret -.cfi_endproc -.size __ecp_nistz256_sub_fromx,.-__ecp_nistz256_sub_fromx - -.type __ecp_nistz256_subx,\@abi-omnipotent -.align 32 -__ecp_nistz256_subx: -.cfi_startproc - xor $t4, $t4 - sbb $a0, $t0 - sbb $a1, $t1 - mov $t0, $a0 - sbb $a2, $t2 - sbb $a3, $t3 - mov $t1, $a1 - sbb \$0, $t4 - - xor $a3 ,$a3 - adc \$-1, $t0 - mov $t2, $a2 - adc $poly1, $t1 - adc \$0, $t2 - mov $t3, $a3 - adc $poly3, $t3 - - bt \$0, $t4 - cmovc $t0, $a0 - cmovc $t1, $a1 - cmovc $t2, $a2 - cmovc $t3, $a3 - - ret -.cfi_endproc -.size __ecp_nistz256_subx,.-__ecp_nistz256_subx - -.type __ecp_nistz256_mul_by_2x,\@abi-omnipotent -.align 32 -__ecp_nistz256_mul_by_2x: -.cfi_startproc - xor $t4, $t4 - adc $a0, $a0 # a0:a3+a0:a3 - adc $a1, $a1 - mov $a0, $t0 - adc $a2, $a2 - adc $a3, $a3 - mov $a1, $t1 - adc \$0, $t4 - - xor $t3, $t3 - sbb \$-1, $a0 - mov $a2, $t2 - sbb $poly1, $a1 - sbb \$0, $a2 - mov $a3, $t3 - sbb $poly3, $a3 - sbb \$0, $t4 - - cmovc $t0, $a0 - cmovc $t1, $a1 - mov $a0, 8*0($r_ptr) - cmovc $t2, $a2 - mov $a1, 8*1($r_ptr) - cmovc $t3, $a3 - mov $a2, 8*2($r_ptr) - mov $a3, 8*3($r_ptr) - - ret -.cfi_endproc -.size __ecp_nistz256_mul_by_2x,.-__ecp_nistz256_mul_by_2x -___ - } -&gen_double("x"); -&gen_add("x"); -&gen_add_affine("x"); -} -}}} - -# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame, -# CONTEXT *context,DISPATCHER_CONTEXT *disp) -if ($win64) { -$rec="%rcx"; -$frame="%rdx"; -$context="%r8"; -$disp="%r9"; - -$code.=<<___; -.extern __imp_RtlVirtualUnwind - -.type short_handler,\@abi-omnipotent -.align 16 -short_handler: - push %rsi - push %rdi - push %rbx - push %rbp - push %r12 - push %r13 - push %r14 - push %r15 - pushfq - sub \$64,%rsp - - mov 120($context),%rax # pull context->Rax - mov 248($context),%rbx # pull context->Rip - - mov 8($disp),%rsi # disp->ImageBase - mov 56($disp),%r11 # disp->HandlerData - - mov 0(%r11),%r10d # HandlerData[0] - lea (%rsi,%r10),%r10 # end of prologue label - cmp %r10,%rbx # context->RipRsp - - mov 4(%r11),%r10d # HandlerData[1] - lea (%rsi,%r10),%r10 # epilogue label - cmp %r10,%rbx # context->Rip>=epilogue label - jae .Lcommon_seh_tail - - lea 16(%rax),%rax - - mov -8(%rax),%r12 - mov -16(%rax),%r13 - mov %r12,216($context) # restore context->R12 - mov %r13,224($context) # restore context->R13 - - jmp .Lcommon_seh_tail -.size short_handler,.-short_handler - -.type full_handler,\@abi-omnipotent -.align 16 -full_handler: - push %rsi - push %rdi - push %rbx - push %rbp - push %r12 - push %r13 - push %r14 - push %r15 - pushfq - sub \$64,%rsp - - mov 120($context),%rax # pull context->Rax - mov 248($context),%rbx # pull context->Rip - - mov 8($disp),%rsi # disp->ImageBase - mov 56($disp),%r11 # disp->HandlerData - - mov 0(%r11),%r10d # HandlerData[0] - lea (%rsi,%r10),%r10 # end of prologue label - cmp %r10,%rbx # context->RipRsp - - mov 4(%r11),%r10d # HandlerData[1] - lea (%rsi,%r10),%r10 # epilogue label - cmp %r10,%rbx # context->Rip>=epilogue label - jae .Lcommon_seh_tail - - mov 8(%r11),%r10d # HandlerData[2] - lea (%rax,%r10),%rax - - mov -8(%rax),%rbp - mov -16(%rax),%rbx - mov -24(%rax),%r12 - mov -32(%rax),%r13 - mov -40(%rax),%r14 - mov -48(%rax),%r15 - mov %rbx,144($context) # restore context->Rbx - mov %rbp,160($context) # restore context->Rbp - mov %r12,216($context) # restore context->R12 - mov %r13,224($context) # restore context->R13 - mov %r14,232($context) # restore context->R14 - mov %r15,240($context) # restore context->R15 - -.Lcommon_seh_tail: - mov 8(%rax),%rdi - mov 16(%rax),%rsi - mov %rax,152($context) # restore context->Rsp - mov %rsi,168($context) # restore context->Rsi - mov %rdi,176($context) # restore context->Rdi - - mov 40($disp),%rdi # disp->ContextRecord - mov $context,%rsi # context - mov \$154,%ecx # sizeof(CONTEXT) - .long 0xa548f3fc # cld; rep movsq - - mov $disp,%rsi - xor %rcx,%rcx # arg1, UNW_FLAG_NHANDLER - mov 8(%rsi),%rdx # arg2, disp->ImageBase - mov 0(%rsi),%r8 # arg3, disp->ControlPc - mov 16(%rsi),%r9 # arg4, disp->FunctionEntry - mov 40(%rsi),%r10 # disp->ContextRecord - lea 56(%rsi),%r11 # &disp->HandlerData - lea 24(%rsi),%r12 # &disp->EstablisherFrame - mov %r10,32(%rsp) # arg5 - mov %r11,40(%rsp) # arg6 - mov %r12,48(%rsp) # arg7 - mov %rcx,56(%rsp) # arg8, (NULL) - call *__imp_RtlVirtualUnwind(%rip) - - mov \$1,%eax # ExceptionContinueSearch - add \$64,%rsp - popfq - pop %r15 - pop %r14 - pop %r13 - pop %r12 - pop %rbp - pop %rbx - pop %rdi - pop %rsi - ret -.size full_handler,.-full_handler - -.section .pdata -.align 4 - .rva .LSEH_begin_ecp_nistz256_mul_by_2 - .rva .LSEH_end_ecp_nistz256_mul_by_2 - .rva .LSEH_info_ecp_nistz256_mul_by_2 - - .rva .LSEH_begin_ecp_nistz256_div_by_2 - .rva .LSEH_end_ecp_nistz256_div_by_2 - .rva .LSEH_info_ecp_nistz256_div_by_2 - - .rva .LSEH_begin_ecp_nistz256_mul_by_3 - .rva .LSEH_end_ecp_nistz256_mul_by_3 - .rva .LSEH_info_ecp_nistz256_mul_by_3 - - .rva .LSEH_begin_ecp_nistz256_add - .rva .LSEH_end_ecp_nistz256_add - .rva .LSEH_info_ecp_nistz256_add - - .rva .LSEH_begin_ecp_nistz256_sub - .rva .LSEH_end_ecp_nistz256_sub - .rva .LSEH_info_ecp_nistz256_sub - - .rva .LSEH_begin_ecp_nistz256_neg - .rva .LSEH_end_ecp_nistz256_neg - .rva .LSEH_info_ecp_nistz256_neg - - .rva .LSEH_begin_ecp_nistz256_ord_mul_mont - .rva .LSEH_end_ecp_nistz256_ord_mul_mont - .rva .LSEH_info_ecp_nistz256_ord_mul_mont - - .rva .LSEH_begin_ecp_nistz256_ord_sqr_mont - .rva .LSEH_end_ecp_nistz256_ord_sqr_mont - .rva .LSEH_info_ecp_nistz256_ord_sqr_mont -___ -$code.=<<___ if ($addx); - .rva .LSEH_begin_ecp_nistz256_ord_mul_montx - .rva .LSEH_end_ecp_nistz256_ord_mul_montx - .rva .LSEH_info_ecp_nistz256_ord_mul_montx - - .rva .LSEH_begin_ecp_nistz256_ord_sqr_montx - .rva .LSEH_end_ecp_nistz256_ord_sqr_montx - .rva .LSEH_info_ecp_nistz256_ord_sqr_montx -___ -$code.=<<___; - .rva .LSEH_begin_ecp_nistz256_to_mont - .rva .LSEH_end_ecp_nistz256_to_mont - .rva .LSEH_info_ecp_nistz256_to_mont - - .rva .LSEH_begin_ecp_nistz256_mul_mont - .rva .LSEH_end_ecp_nistz256_mul_mont - .rva .LSEH_info_ecp_nistz256_mul_mont - - .rva .LSEH_begin_ecp_nistz256_sqr_mont - .rva .LSEH_end_ecp_nistz256_sqr_mont - .rva .LSEH_info_ecp_nistz256_sqr_mont - - .rva .LSEH_begin_ecp_nistz256_from_mont - .rva .LSEH_end_ecp_nistz256_from_mont - .rva .LSEH_info_ecp_nistz256_from_mont - - .rva .LSEH_begin_ecp_nistz256_gather_w5 - .rva .LSEH_end_ecp_nistz256_gather_w5 - .rva .LSEH_info_ecp_nistz256_gather_wX - - .rva .LSEH_begin_ecp_nistz256_gather_w7 - .rva .LSEH_end_ecp_nistz256_gather_w7 - .rva .LSEH_info_ecp_nistz256_gather_wX -___ -$code.=<<___ if ($avx>1); - .rva .LSEH_begin_ecp_nistz256_avx2_gather_w5 - .rva .LSEH_end_ecp_nistz256_avx2_gather_w5 - .rva .LSEH_info_ecp_nistz256_avx2_gather_wX - - .rva .LSEH_begin_ecp_nistz256_avx2_gather_w7 - .rva .LSEH_end_ecp_nistz256_avx2_gather_w7 - .rva .LSEH_info_ecp_nistz256_avx2_gather_wX -___ -$code.=<<___; - .rva .LSEH_begin_ecp_nistz256_point_double - .rva .LSEH_end_ecp_nistz256_point_double - .rva .LSEH_info_ecp_nistz256_point_double - - .rva .LSEH_begin_ecp_nistz256_point_add - .rva .LSEH_end_ecp_nistz256_point_add - .rva .LSEH_info_ecp_nistz256_point_add - - .rva .LSEH_begin_ecp_nistz256_point_add_affine - .rva .LSEH_end_ecp_nistz256_point_add_affine - .rva .LSEH_info_ecp_nistz256_point_add_affine -___ -$code.=<<___ if ($addx); - .rva .LSEH_begin_ecp_nistz256_point_doublex - .rva .LSEH_end_ecp_nistz256_point_doublex - .rva .LSEH_info_ecp_nistz256_point_doublex - - .rva .LSEH_begin_ecp_nistz256_point_addx - .rva .LSEH_end_ecp_nistz256_point_addx - .rva .LSEH_info_ecp_nistz256_point_addx - - .rva .LSEH_begin_ecp_nistz256_point_add_affinex - .rva .LSEH_end_ecp_nistz256_point_add_affinex - .rva .LSEH_info_ecp_nistz256_point_add_affinex -___ -$code.=<<___; - -.section .xdata -.align 8 -.LSEH_info_ecp_nistz256_mul_by_2: - .byte 9,0,0,0 - .rva short_handler - .rva .Lmul_by_2_body,.Lmul_by_2_epilogue # HandlerData[] -.LSEH_info_ecp_nistz256_div_by_2: - .byte 9,0,0,0 - .rva short_handler - .rva .Ldiv_by_2_body,.Ldiv_by_2_epilogue # HandlerData[] -.LSEH_info_ecp_nistz256_mul_by_3: - .byte 9,0,0,0 - .rva short_handler - .rva .Lmul_by_3_body,.Lmul_by_3_epilogue # HandlerData[] -.LSEH_info_ecp_nistz256_add: - .byte 9,0,0,0 - .rva short_handler - .rva .Ladd_body,.Ladd_epilogue # HandlerData[] -.LSEH_info_ecp_nistz256_sub: - .byte 9,0,0,0 - .rva short_handler - .rva .Lsub_body,.Lsub_epilogue # HandlerData[] -.LSEH_info_ecp_nistz256_neg: - .byte 9,0,0,0 - .rva short_handler - .rva .Lneg_body,.Lneg_epilogue # HandlerData[] -.LSEH_info_ecp_nistz256_ord_mul_mont: - .byte 9,0,0,0 - .rva full_handler - .rva .Lord_mul_body,.Lord_mul_epilogue # HandlerData[] - .long 48,0 -.LSEH_info_ecp_nistz256_ord_sqr_mont: - .byte 9,0,0,0 - .rva full_handler - .rva .Lord_sqr_body,.Lord_sqr_epilogue # HandlerData[] - .long 48,0 -___ -$code.=<<___ if ($addx); -.LSEH_info_ecp_nistz256_ord_mul_montx: - .byte 9,0,0,0 - .rva full_handler - .rva .Lord_mulx_body,.Lord_mulx_epilogue # HandlerData[] - .long 48,0 -.LSEH_info_ecp_nistz256_ord_sqr_montx: - .byte 9,0,0,0 - .rva full_handler - .rva .Lord_sqrx_body,.Lord_sqrx_epilogue # HandlerData[] - .long 48,0 -___ -$code.=<<___; -.LSEH_info_ecp_nistz256_to_mont: - .byte 9,0,0,0 - .rva full_handler - .rva .Lmul_body,.Lmul_epilogue # HandlerData[] - .long 48,0 -.LSEH_info_ecp_nistz256_mul_mont: - .byte 9,0,0,0 - .rva full_handler - .rva .Lmul_body,.Lmul_epilogue # HandlerData[] - .long 48,0 -.LSEH_info_ecp_nistz256_sqr_mont: - .byte 9,0,0,0 - .rva full_handler - .rva .Lsqr_body,.Lsqr_epilogue # HandlerData[] - .long 48,0 -.LSEH_info_ecp_nistz256_from_mont: - .byte 9,0,0,0 - .rva short_handler - .rva .Lfrom_body,.Lfrom_epilogue # HandlerData[] -.LSEH_info_ecp_nistz256_gather_wX: - .byte 0x01,0x33,0x16,0x00 - .byte 0x33,0xf8,0x09,0x00 #movaps 0x90(rsp),xmm15 - .byte 0x2e,0xe8,0x08,0x00 #movaps 0x80(rsp),xmm14 - .byte 0x29,0xd8,0x07,0x00 #movaps 0x70(rsp),xmm13 - .byte 0x24,0xc8,0x06,0x00 #movaps 0x60(rsp),xmm12 - .byte 0x1f,0xb8,0x05,0x00 #movaps 0x50(rsp),xmm11 - .byte 0x1a,0xa8,0x04,0x00 #movaps 0x40(rsp),xmm10 - .byte 0x15,0x98,0x03,0x00 #movaps 0x30(rsp),xmm9 - .byte 0x10,0x88,0x02,0x00 #movaps 0x20(rsp),xmm8 - .byte 0x0c,0x78,0x01,0x00 #movaps 0x10(rsp),xmm7 - .byte 0x08,0x68,0x00,0x00 #movaps 0x00(rsp),xmm6 - .byte 0x04,0x01,0x15,0x00 #sub rsp,0xa8 - .align 8 -___ -$code.=<<___ if ($avx>1); -.LSEH_info_ecp_nistz256_avx2_gather_wX: - .byte 0x01,0x36,0x17,0x0b - .byte 0x36,0xf8,0x09,0x00 # vmovaps 0x90(rsp),xmm15 - .byte 0x31,0xe8,0x08,0x00 # vmovaps 0x80(rsp),xmm14 - .byte 0x2c,0xd8,0x07,0x00 # vmovaps 0x70(rsp),xmm13 - .byte 0x27,0xc8,0x06,0x00 # vmovaps 0x60(rsp),xmm12 - .byte 0x22,0xb8,0x05,0x00 # vmovaps 0x50(rsp),xmm11 - .byte 0x1d,0xa8,0x04,0x00 # vmovaps 0x40(rsp),xmm10 - .byte 0x18,0x98,0x03,0x00 # vmovaps 0x30(rsp),xmm9 - .byte 0x13,0x88,0x02,0x00 # vmovaps 0x20(rsp),xmm8 - .byte 0x0e,0x78,0x01,0x00 # vmovaps 0x10(rsp),xmm7 - .byte 0x09,0x68,0x00,0x00 # vmovaps 0x00(rsp),xmm6 - .byte 0x04,0x01,0x15,0x00 # sub rsp,0xa8 - .byte 0x00,0xb3,0x00,0x00 # set_frame r11 - .align 8 -___ -$code.=<<___; -.LSEH_info_ecp_nistz256_point_double: - .byte 9,0,0,0 - .rva full_handler - .rva .Lpoint_doubleq_body,.Lpoint_doubleq_epilogue # HandlerData[] - .long 32*5+56,0 -.LSEH_info_ecp_nistz256_point_add: - .byte 9,0,0,0 - .rva full_handler - .rva .Lpoint_addq_body,.Lpoint_addq_epilogue # HandlerData[] - .long 32*18+56,0 -.LSEH_info_ecp_nistz256_point_add_affine: - .byte 9,0,0,0 - .rva full_handler - .rva .Ladd_affineq_body,.Ladd_affineq_epilogue # HandlerData[] - .long 32*15+56,0 -___ -$code.=<<___ if ($addx); -.align 8 -.LSEH_info_ecp_nistz256_point_doublex: - .byte 9,0,0,0 - .rva full_handler - .rva .Lpoint_doublex_body,.Lpoint_doublex_epilogue # HandlerData[] - .long 32*5+56,0 -.LSEH_info_ecp_nistz256_point_addx: - .byte 9,0,0,0 - .rva full_handler - .rva .Lpoint_addx_body,.Lpoint_addx_epilogue # HandlerData[] - .long 32*18+56,0 -.LSEH_info_ecp_nistz256_point_add_affinex: - .byte 9,0,0,0 - .rva full_handler - .rva .Ladd_affinex_body,.Ladd_affinex_epilogue # HandlerData[] - .long 32*15+56,0 -___ -} - -######################################################################## -# Convert ecp_nistz256_table.c to layout expected by ecp_nistz_gather_w7 -# -open TABLE,") { - s/TOBN\(\s*(0x[0-9a-f]+),\s*(0x[0-9a-f]+)\s*\)/push @arr,hex($2),hex($1)/geo; -} -close TABLE; - -die "insane number of elements" if ($#arr != 64*16*37-1); - -print <<___; -.text -.globl ecp_nistz256_precomputed -.type ecp_nistz256_precomputed,\@object -.align 4096 -ecp_nistz256_precomputed: -___ -while (@line=splice(@arr,0,16)) { - print ".long\t",join(',',map { sprintf "0x%08x",$_} @line),"\n"; -} -print <<___; -.size ecp_nistz256_precomputed,.-ecp_nistz256_precomputed -___ - -$code =~ s/\`([^\`]*)\`/eval $1/gem; -print $code; -close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/ec/asm/x25519-ppc64.pl b/crypto/ec/asm/x25519-ppc64.pl deleted file mode 100755 index c1d9650c6bfa90159ea89b784c21a14878840781..0000000000000000000000000000000000000000 --- a/crypto/ec/asm/x25519-ppc64.pl +++ /dev/null @@ -1,827 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2018-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html -# -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# ==================================================================== -# -# X25519 lower-level primitives for PPC64. -# -# July 2018. -# -# Base 2^64 is faster than base 2^51 on pre-POWER8, most notably ~15% -# faster on PPC970/G5. POWER8 on the other hand seems to trip on own -# shoelaces when handling longer carry chains. As base 2^51 has just -# single-carry pairs, it's 25% faster than base 2^64. Since PPC970 is -# pretty old, base 2^64 implementation is not engaged. Comparison to -# compiler-generated code is complicated by the fact that not all -# compilers support 128-bit integers. When compiler doesn't, like xlc, -# this module delivers more than 2x improvement, and when it does, -# from 12% to 30% improvement was measured... - -# $output is the last argument if it looks like a file (it has an extension) -# $flavour is the first argument if it doesn't look like a file -$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; -$flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef; - -$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; -( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or -( $xlate="${dir}../../perlasm/ppc-xlate.pl" and -f $xlate) or -die "can't locate ppc-xlate.pl"; - -open OUT,"| \"$^X\" $xlate $flavour \"$output\"" - or die "can't call $xlate: $!"; -*STDOUT=*OUT; - -my $sp = "r1"; -my ($rp,$ap,$bp) = map("r$_",3..5); - -####################################################### base 2^64 -if (0) { -my ($bi,$a0,$a1,$a2,$a3,$t0,$t1, $t2,$t3, - $acc0,$acc1,$acc2,$acc3,$acc4,$acc5,$acc6,$acc7) = - map("r$_",(6..12,22..31)); -my $zero = "r0"; -my $FRAME = 16*8; - -$code.=<<___; -.text - -.globl x25519_fe64_mul -.type x25519_fe64_mul,\@function -.align 5 -x25519_fe64_mul: - stdu $sp,-$FRAME($sp) - std r22,`$FRAME-8*10`($sp) - std r23,`$FRAME-8*9`($sp) - std r24,`$FRAME-8*8`($sp) - std r25,`$FRAME-8*7`($sp) - std r26,`$FRAME-8*6`($sp) - std r27,`$FRAME-8*5`($sp) - std r28,`$FRAME-8*4`($sp) - std r29,`$FRAME-8*3`($sp) - std r30,`$FRAME-8*2`($sp) - std r31,`$FRAME-8*1`($sp) - - ld $bi,0($bp) - ld $a0,0($ap) - xor $zero,$zero,$zero - ld $a1,8($ap) - ld $a2,16($ap) - ld $a3,24($ap) - - mulld $acc0,$a0,$bi # a[0]*b[0] - mulhdu $t0,$a0,$bi - mulld $acc1,$a1,$bi # a[1]*b[0] - mulhdu $t1,$a1,$bi - mulld $acc2,$a2,$bi # a[2]*b[0] - mulhdu $t2,$a2,$bi - mulld $acc3,$a3,$bi # a[3]*b[0] - mulhdu $t3,$a3,$bi -___ -for(my @acc=($acc0,$acc1,$acc2,$acc3,$acc4,$acc5,$acc6,$acc7), - my $i=1; $i<4; shift(@acc), $i++) { -my $acc4 = $i==1? $zero : @acc[4]; - -$code.=<<___; - ld $bi,`8*$i`($bp) - addc @acc[1],@acc[1],$t0 # accumulate high parts - mulld $t0,$a0,$bi - adde @acc[2],@acc[2],$t1 - mulld $t1,$a1,$bi - adde @acc[3],@acc[3],$t2 - mulld $t2,$a2,$bi - adde @acc[4],$acc4,$t3 - mulld $t3,$a3,$bi - addc @acc[1],@acc[1],$t0 # accumulate low parts - mulhdu $t0,$a0,$bi - adde @acc[2],@acc[2],$t1 - mulhdu $t1,$a1,$bi - adde @acc[3],@acc[3],$t2 - mulhdu $t2,$a2,$bi - adde @acc[4],@acc[4],$t3 - mulhdu $t3,$a3,$bi - adde @acc[5],$zero,$zero -___ -} -$code.=<<___; - li $bi,38 - addc $acc4,$acc4,$t0 - mulld $t0,$acc4,$bi - adde $acc5,$acc5,$t1 - mulld $t1,$acc5,$bi - adde $acc6,$acc6,$t2 - mulld $t2,$acc6,$bi - adde $acc7,$acc7,$t3 - mulld $t3,$acc7,$bi - - addc $acc0,$acc0,$t0 - mulhdu $t0,$acc4,$bi - adde $acc1,$acc1,$t1 - mulhdu $t1,$acc5,$bi - adde $acc2,$acc2,$t2 - mulhdu $t2,$acc6,$bi - adde $acc3,$acc3,$t3 - mulhdu $t3,$acc7,$bi - adde $acc4,$zero,$zero - - addc $acc1,$acc1,$t0 - adde $acc2,$acc2,$t1 - adde $acc3,$acc3,$t2 - adde $acc4,$acc4,$t3 - - mulld $acc4,$acc4,$bi - - addc $acc0,$acc0,$acc4 - addze $acc1,$acc1 - addze $acc2,$acc2 - addze $acc3,$acc3 - - subfe $acc4,$acc4,$acc4 # carry -> ~mask - std $acc1,8($rp) - andc $acc4,$bi,$acc4 - std $acc2,16($rp) - add $acc0,$acc0,$acc4 - std $acc3,24($rp) - std $acc0,0($rp) - - ld r22,`$FRAME-8*10`($sp) - ld r23,`$FRAME-8*9`($sp) - ld r24,`$FRAME-8*8`($sp) - ld r25,`$FRAME-8*7`($sp) - ld r26,`$FRAME-8*6`($sp) - ld r27,`$FRAME-8*5`($sp) - ld r28,`$FRAME-8*4`($sp) - ld r29,`$FRAME-8*3`($sp) - ld r30,`$FRAME-8*2`($sp) - ld r31,`$FRAME-8*1`($sp) - addi $sp,$sp,$FRAME - blr - .long 0 - .byte 0,12,4,0,0x80,10,3,0 - .long 0 -.size x25519_fe64_mul,.-x25519_fe64_mul - -.globl x25519_fe64_sqr -.type x25519_fe64_sqr,\@function -.align 5 -x25519_fe64_sqr: - stdu $sp,-$FRAME($sp) - std r22,`$FRAME-8*10`($sp) - std r23,`$FRAME-8*9`($sp) - std r24,`$FRAME-8*8`($sp) - std r25,`$FRAME-8*7`($sp) - std r26,`$FRAME-8*6`($sp) - std r27,`$FRAME-8*5`($sp) - std r28,`$FRAME-8*4`($sp) - std r29,`$FRAME-8*3`($sp) - std r30,`$FRAME-8*2`($sp) - std r31,`$FRAME-8*1`($sp) - - ld $a0,0($ap) - xor $zero,$zero,$zero - ld $a1,8($ap) - ld $a2,16($ap) - ld $a3,24($ap) - - ################################ - # | | | | | |a1*a0| | - # | | | | |a2*a0| | | - # | |a3*a2|a3*a0| | | | - # | | | |a2*a1| | | | - # | | |a3*a1| | | | | - # *| | | | | | | | 2| - # +|a3*a3|a2*a2|a1*a1|a0*a0| - # |--+--+--+--+--+--+--+--| - # |A7|A6|A5|A4|A3|A2|A1|A0|, where Ax is $accx, i.e. follow $accx - # - # "can't overflow" below mark carrying into high part of - # multiplication result, which can't overflow, because it - # can never be all ones. - - mulld $acc1,$a1,$a0 # a[1]*a[0] - mulhdu $t1,$a1,$a0 - mulld $acc2,$a2,$a0 # a[2]*a[0] - mulhdu $t2,$a2,$a0 - mulld $acc3,$a3,$a0 # a[3]*a[0] - mulhdu $acc4,$a3,$a0 - - addc $acc2,$acc2,$t1 # accumulate high parts of multiplication - mulld $t0,$a2,$a1 # a[2]*a[1] - mulhdu $t1,$a2,$a1 - adde $acc3,$acc3,$t2 - mulld $t2,$a3,$a1 # a[3]*a[1] - mulhdu $t3,$a3,$a1 - addze $acc4,$acc4 # can't overflow - - mulld $acc5,$a3,$a2 # a[3]*a[2] - mulhdu $acc6,$a3,$a2 - - addc $t1,$t1,$t2 # accumulate high parts of multiplication - mulld $acc0,$a0,$a0 # a[0]*a[0] - addze $t2,$t3 # can't overflow - - addc $acc3,$acc3,$t0 # accumulate low parts of multiplication - mulhdu $a0,$a0,$a0 - adde $acc4,$acc4,$t1 - mulld $t1,$a1,$a1 # a[1]*a[1] - adde $acc5,$acc5,$t2 - mulhdu $a1,$a1,$a1 - addze $acc6,$acc6 # can't overflow - - addc $acc1,$acc1,$acc1 # acc[1-6]*=2 - mulld $t2,$a2,$a2 # a[2]*a[2] - adde $acc2,$acc2,$acc2 - mulhdu $a2,$a2,$a2 - adde $acc3,$acc3,$acc3 - mulld $t3,$a3,$a3 # a[3]*a[3] - adde $acc4,$acc4,$acc4 - mulhdu $a3,$a3,$a3 - adde $acc5,$acc5,$acc5 - adde $acc6,$acc6,$acc6 - addze $acc7,$zero - - addc $acc1,$acc1,$a0 # +a[i]*a[i] - li $bi,38 - adde $acc2,$acc2,$t1 - adde $acc3,$acc3,$a1 - adde $acc4,$acc4,$t2 - adde $acc5,$acc5,$a2 - adde $acc6,$acc6,$t3 - adde $acc7,$acc7,$a3 - - mulld $t0,$acc4,$bi - mulld $t1,$acc5,$bi - mulld $t2,$acc6,$bi - mulld $t3,$acc7,$bi - - addc $acc0,$acc0,$t0 - mulhdu $t0,$acc4,$bi - adde $acc1,$acc1,$t1 - mulhdu $t1,$acc5,$bi - adde $acc2,$acc2,$t2 - mulhdu $t2,$acc6,$bi - adde $acc3,$acc3,$t3 - mulhdu $t3,$acc7,$bi - addze $acc4,$zero - - addc $acc1,$acc1,$t0 - adde $acc2,$acc2,$t1 - adde $acc3,$acc3,$t2 - adde $acc4,$acc4,$t3 - - mulld $acc4,$acc4,$bi - - addc $acc0,$acc0,$acc4 - addze $acc1,$acc1 - addze $acc2,$acc2 - addze $acc3,$acc3 - - subfe $acc4,$acc4,$acc4 # carry -> ~mask - std $acc1,8($rp) - andc $acc4,$bi,$acc4 - std $acc2,16($rp) - add $acc0,$acc0,$acc4 - std $acc3,24($rp) - std $acc0,0($rp) - - ld r22,`$FRAME-8*10`($sp) - ld r23,`$FRAME-8*9`($sp) - ld r24,`$FRAME-8*8`($sp) - ld r25,`$FRAME-8*7`($sp) - ld r26,`$FRAME-8*6`($sp) - ld r27,`$FRAME-8*5`($sp) - ld r28,`$FRAME-8*4`($sp) - ld r29,`$FRAME-8*3`($sp) - ld r30,`$FRAME-8*2`($sp) - ld r31,`$FRAME-8*1`($sp) - addi $sp,$sp,$FRAME - blr - .long 0 - .byte 0,12,4,0,0x80,10,2,0 - .long 0 -.size x25519_fe64_sqr,.-x25519_fe64_sqr - -.globl x25519_fe64_mul121666 -.type x25519_fe64_mul121666,\@function -.align 5 -x25519_fe64_mul121666: - lis $bi,`65536>>16` - ori $bi,$bi,`121666-65536` - - ld $t0,0($ap) - ld $t1,8($ap) - ld $bp,16($ap) - ld $ap,24($ap) - - mulld $a0,$t0,$bi - mulhdu $t0,$t0,$bi - mulld $a1,$t1,$bi - mulhdu $t1,$t1,$bi - mulld $a2,$bp,$bi - mulhdu $bp,$bp,$bi - mulld $a3,$ap,$bi - mulhdu $ap,$ap,$bi - - addc $a1,$a1,$t0 - adde $a2,$a2,$t1 - adde $a3,$a3,$bp - addze $ap, $ap - - mulli $ap,$ap,38 - - addc $a0,$a0,$ap - addze $a1,$a1 - addze $a2,$a2 - addze $a3,$a3 - - subfe $t1,$t1,$t1 # carry -> ~mask - std $a1,8($rp) - andc $t0,$t0,$t1 - std $a2,16($rp) - add $a0,$a0,$t0 - std $a3,24($rp) - std $a0,0($rp) - - blr - .long 0 - .byte 0,12,0x14,0,0,0,2,0 - .long 0 -.size x25519_fe64_mul121666,.-x25519_fe64_mul121666 - -.globl x25519_fe64_add -.type x25519_fe64_add,\@function -.align 5 -x25519_fe64_add: - ld $a0,0($ap) - ld $t0,0($bp) - ld $a1,8($ap) - ld $t1,8($bp) - ld $a2,16($ap) - ld $bi,16($bp) - ld $a3,24($ap) - ld $bp,24($bp) - - addc $a0,$a0,$t0 - adde $a1,$a1,$t1 - adde $a2,$a2,$bi - adde $a3,$a3,$bp - - li $t0,38 - subfe $t1,$t1,$t1 # carry -> ~mask - andc $t1,$t0,$t1 - - addc $a0,$a0,$t1 - addze $a1,$a1 - addze $a2,$a2 - addze $a3,$a3 - - subfe $t1,$t1,$t1 # carry -> ~mask - std $a1,8($rp) - andc $t0,$t0,$t1 - std $a2,16($rp) - add $a0,$a0,$t0 - std $a3,24($rp) - std $a0,0($rp) - - blr - .long 0 - .byte 0,12,0x14,0,0,0,3,0 - .long 0 -.size x25519_fe64_add,.-x25519_fe64_add - -.globl x25519_fe64_sub -.type x25519_fe64_sub,\@function -.align 5 -x25519_fe64_sub: - ld $a0,0($ap) - ld $t0,0($bp) - ld $a1,8($ap) - ld $t1,8($bp) - ld $a2,16($ap) - ld $bi,16($bp) - ld $a3,24($ap) - ld $bp,24($bp) - - subfc $a0,$t0,$a0 - subfe $a1,$t1,$a1 - subfe $a2,$bi,$a2 - subfe $a3,$bp,$a3 - - li $t0,38 - subfe $t1,$t1,$t1 # borrow -> mask - xor $zero,$zero,$zero - and $t1,$t0,$t1 - - subfc $a0,$t1,$a0 - subfe $a1,$zero,$a1 - subfe $a2,$zero,$a2 - subfe $a3,$zero,$a3 - - subfe $t1,$t1,$t1 # borrow -> mask - std $a1,8($rp) - and $t0,$t0,$t1 - std $a2,16($rp) - subf $a0,$t0,$a0 - std $a3,24($rp) - std $a0,0($rp) - - blr - .long 0 - .byte 0,12,0x14,0,0,0,3,0 - .long 0 -.size x25519_fe64_sub,.-x25519_fe64_sub - -.globl x25519_fe64_tobytes -.type x25519_fe64_tobytes,\@function -.align 5 -x25519_fe64_tobytes: - ld $a3,24($ap) - ld $a0,0($ap) - ld $a1,8($ap) - ld $a2,16($ap) - - sradi $t0,$a3,63 # most significant bit -> mask - li $t1,19 - and $t0,$t0,$t1 - sldi $a3,$a3,1 - add $t0,$t0,$t1 # compare to modulus in the same go - srdi $a3,$a3,1 # most significant bit cleared - - addc $a0,$a0,$t0 - addze $a1,$a1 - addze $a2,$a2 - addze $a3,$a3 - - xor $zero,$zero,$zero - sradi $t0,$a3,63 # most significant bit -> mask - sldi $a3,$a3,1 - andc $t0,$t1,$t0 - srdi $a3,$a3,1 # most significant bit cleared - - subi $rp,$rp,1 - subfc $a0,$t0,$a0 - subfe $a1,$zero,$a1 - subfe $a2,$zero,$a2 - subfe $a3,$zero,$a3 - -___ -for (my @a=($a0,$a1,$a2,$a3), my $i=0; $i<4; shift(@a), $i++) { -$code.=<<___; - srdi $t0,@a[0],8 - stbu @a[0],1($rp) - srdi @a[0],@a[0],16 - stbu $t0,1($rp) - srdi $t0,@a[0],8 - stbu @a[0],1($rp) - srdi @a[0],@a[0],16 - stbu $t0,1($rp) - srdi $t0,@a[0],8 - stbu @a[0],1($rp) - srdi @a[0],@a[0],16 - stbu $t0,1($rp) - srdi $t0,@a[0],8 - stbu @a[0],1($rp) - stbu $t0,1($rp) -___ -} -$code.=<<___; - blr - .long 0 - .byte 0,12,0x14,0,0,0,2,0 - .long 0 -.size x25519_fe64_tobytes,.-x25519_fe64_tobytes -___ -} -####################################################### base 2^51 -{ -my ($bi,$a0,$a1,$a2,$a3,$a4,$t0, $t1, - $h0lo,$h0hi,$h1lo,$h1hi,$h2lo,$h2hi,$h3lo,$h3hi,$h4lo,$h4hi) = - map("r$_",(6..12,21..31)); -my $mask = "r0"; -my $FRAME = 18*8; - -$code.=<<___; -.text - -.globl x25519_fe51_mul -.type x25519_fe51_mul,\@function -.align 5 -x25519_fe51_mul: - stdu $sp,-$FRAME($sp) - std r21,`$FRAME-8*11`($sp) - std r22,`$FRAME-8*10`($sp) - std r23,`$FRAME-8*9`($sp) - std r24,`$FRAME-8*8`($sp) - std r25,`$FRAME-8*7`($sp) - std r26,`$FRAME-8*6`($sp) - std r27,`$FRAME-8*5`($sp) - std r28,`$FRAME-8*4`($sp) - std r29,`$FRAME-8*3`($sp) - std r30,`$FRAME-8*2`($sp) - std r31,`$FRAME-8*1`($sp) - - ld $bi,0($bp) - ld $a0,0($ap) - ld $a1,8($ap) - ld $a2,16($ap) - ld $a3,24($ap) - ld $a4,32($ap) - - mulld $h0lo,$a0,$bi # a[0]*b[0] - mulhdu $h0hi,$a0,$bi - - mulld $h1lo,$a1,$bi # a[1]*b[0] - mulhdu $h1hi,$a1,$bi - - mulld $h4lo,$a4,$bi # a[4]*b[0] - mulhdu $h4hi,$a4,$bi - ld $ap,8($bp) - mulli $a4,$a4,19 - - mulld $h2lo,$a2,$bi # a[2]*b[0] - mulhdu $h2hi,$a2,$bi - - mulld $h3lo,$a3,$bi # a[3]*b[0] - mulhdu $h3hi,$a3,$bi -___ -for(my @a=($a0,$a1,$a2,$a3,$a4), - my $i=1; $i<4; $i++) { - ($ap,$bi) = ($bi,$ap); -$code.=<<___; - mulld $t0,@a[4],$bi - mulhdu $t1,@a[4],$bi - addc $h0lo,$h0lo,$t0 - adde $h0hi,$h0hi,$t1 - - mulld $t0,@a[0],$bi - mulhdu $t1,@a[0],$bi - addc $h1lo,$h1lo,$t0 - adde $h1hi,$h1hi,$t1 - - mulld $t0,@a[3],$bi - mulhdu $t1,@a[3],$bi - ld $ap,`8*($i+1)`($bp) - mulli @a[3],@a[3],19 - addc $h4lo,$h4lo,$t0 - adde $h4hi,$h4hi,$t1 - - mulld $t0,@a[1],$bi - mulhdu $t1,@a[1],$bi - addc $h2lo,$h2lo,$t0 - adde $h2hi,$h2hi,$t1 - - mulld $t0,@a[2],$bi - mulhdu $t1,@a[2],$bi - addc $h3lo,$h3lo,$t0 - adde $h3hi,$h3hi,$t1 -___ - unshift(@a,pop(@a)); -} - ($ap,$bi) = ($bi,$ap); -$code.=<<___; - mulld $t0,$a1,$bi - mulhdu $t1,$a1,$bi - addc $h0lo,$h0lo,$t0 - adde $h0hi,$h0hi,$t1 - - mulld $t0,$a2,$bi - mulhdu $t1,$a2,$bi - addc $h1lo,$h1lo,$t0 - adde $h1hi,$h1hi,$t1 - - mulld $t0,$a3,$bi - mulhdu $t1,$a3,$bi - addc $h2lo,$h2lo,$t0 - adde $h2hi,$h2hi,$t1 - - mulld $t0,$a4,$bi - mulhdu $t1,$a4,$bi - addc $h3lo,$h3lo,$t0 - adde $h3hi,$h3hi,$t1 - - mulld $t0,$a0,$bi - mulhdu $t1,$a0,$bi - addc $h4lo,$h4lo,$t0 - adde $h4hi,$h4hi,$t1 - -.Lfe51_reduce: - li $mask,-1 - srdi $mask,$mask,13 # 0x7ffffffffffff - - srdi $t0,$h2lo,51 - and $a2,$h2lo,$mask - insrdi $t0,$h2hi,51,0 # h2>>51 - srdi $t1,$h0lo,51 - and $a0,$h0lo,$mask - insrdi $t1,$h0hi,51,0 # h0>>51 - addc $h3lo,$h3lo,$t0 - addze $h3hi,$h3hi - addc $h1lo,$h1lo,$t1 - addze $h1hi,$h1hi - - srdi $t0,$h3lo,51 - and $a3,$h3lo,$mask - insrdi $t0,$h3hi,51,0 # h3>>51 - srdi $t1,$h1lo,51 - and $a1,$h1lo,$mask - insrdi $t1,$h1hi,51,0 # h1>>51 - addc $h4lo,$h4lo,$t0 - addze $h4hi,$h4hi - add $a2,$a2,$t1 - - srdi $t0,$h4lo,51 - and $a4,$h4lo,$mask - insrdi $t0,$h4hi,51,0 - mulli $t0,$t0,19 # (h4 >> 51) * 19 - - add $a0,$a0,$t0 - - srdi $t1,$a2,51 - and $a2,$a2,$mask - add $a3,$a3,$t1 - - srdi $t0,$a0,51 - and $a0,$a0,$mask - add $a1,$a1,$t0 - - std $a2,16($rp) - std $a3,24($rp) - std $a4,32($rp) - std $a0,0($rp) - std $a1,8($rp) - - ld r21,`$FRAME-8*11`($sp) - ld r22,`$FRAME-8*10`($sp) - ld r23,`$FRAME-8*9`($sp) - ld r24,`$FRAME-8*8`($sp) - ld r25,`$FRAME-8*7`($sp) - ld r26,`$FRAME-8*6`($sp) - ld r27,`$FRAME-8*5`($sp) - ld r28,`$FRAME-8*4`($sp) - ld r29,`$FRAME-8*3`($sp) - ld r30,`$FRAME-8*2`($sp) - ld r31,`$FRAME-8*1`($sp) - addi $sp,$sp,$FRAME - blr - .long 0 - .byte 0,12,4,0,0x80,11,3,0 - .long 0 -.size x25519_fe51_mul,.-x25519_fe51_mul -___ -{ -my ($a0,$a1,$a2,$a3,$a4,$t0,$t1) = ($a0,$a1,$a2,$a3,$a4,$t0,$t1); -$code.=<<___; -.globl x25519_fe51_sqr -.type x25519_fe51_sqr,\@function -.align 5 -x25519_fe51_sqr: - stdu $sp,-$FRAME($sp) - std r21,`$FRAME-8*11`($sp) - std r22,`$FRAME-8*10`($sp) - std r23,`$FRAME-8*9`($sp) - std r24,`$FRAME-8*8`($sp) - std r25,`$FRAME-8*7`($sp) - std r26,`$FRAME-8*6`($sp) - std r27,`$FRAME-8*5`($sp) - std r28,`$FRAME-8*4`($sp) - std r29,`$FRAME-8*3`($sp) - std r30,`$FRAME-8*2`($sp) - std r31,`$FRAME-8*1`($sp) - - ld $a0,0($ap) - ld $a1,8($ap) - ld $a2,16($ap) - ld $a3,24($ap) - ld $a4,32($ap) - - add $bi,$a0,$a0 # a[0]*2 - mulli $t1,$a4,19 # a[4]*19 - - mulld $h0lo,$a0,$a0 - mulhdu $h0hi,$a0,$a0 - mulld $h1lo,$a1,$bi - mulhdu $h1hi,$a1,$bi - mulld $h2lo,$a2,$bi - mulhdu $h2hi,$a2,$bi - mulld $h3lo,$a3,$bi - mulhdu $h3hi,$a3,$bi - mulld $h4lo,$a4,$bi - mulhdu $h4hi,$a4,$bi - add $bi,$a1,$a1 # a[1]*2 -___ - ($a4,$t1) = ($t1,$a4); -$code.=<<___; - mulld $t0,$t1,$a4 - mulhdu $t1,$t1,$a4 - addc $h3lo,$h3lo,$t0 - adde $h3hi,$h3hi,$t1 - - mulli $bp,$a3,19 # a[3]*19 - - mulld $t0,$a1,$a1 - mulhdu $t1,$a1,$a1 - addc $h2lo,$h2lo,$t0 - adde $h2hi,$h2hi,$t1 - mulld $t0,$a2,$bi - mulhdu $t1,$a2,$bi - addc $h3lo,$h3lo,$t0 - adde $h3hi,$h3hi,$t1 - mulld $t0,$a3,$bi - mulhdu $t1,$a3,$bi - addc $h4lo,$h4lo,$t0 - adde $h4hi,$h4hi,$t1 - mulld $t0,$a4,$bi - mulhdu $t1,$a4,$bi - add $bi,$a3,$a3 # a[3]*2 - addc $h0lo,$h0lo,$t0 - adde $h0hi,$h0hi,$t1 -___ - ($a3,$t1) = ($bp,$a3); -$code.=<<___; - mulld $t0,$t1,$a3 - mulhdu $t1,$t1,$a3 - addc $h1lo,$h1lo,$t0 - adde $h1hi,$h1hi,$t1 - mulld $t0,$bi,$a4 - mulhdu $t1,$bi,$a4 - add $bi,$a2,$a2 # a[2]*2 - addc $h2lo,$h2lo,$t0 - adde $h2hi,$h2hi,$t1 - - mulld $t0,$a2,$a2 - mulhdu $t1,$a2,$a2 - addc $h4lo,$h4lo,$t0 - adde $h4hi,$h4hi,$t1 - mulld $t0,$a3,$bi - mulhdu $t1,$a3,$bi - addc $h0lo,$h0lo,$t0 - adde $h0hi,$h0hi,$t1 - mulld $t0,$a4,$bi - mulhdu $t1,$a4,$bi - addc $h1lo,$h1lo,$t0 - adde $h1hi,$h1hi,$t1 - - b .Lfe51_reduce - .long 0 - .byte 0,12,4,0,0x80,11,2,0 - .long 0 -.size x25519_fe51_sqr,.-x25519_fe51_sqr -___ -} -$code.=<<___; -.globl x25519_fe51_mul121666 -.type x25519_fe51_mul121666,\@function -.align 5 -x25519_fe51_mul121666: - stdu $sp,-$FRAME($sp) - std r21,`$FRAME-8*11`($sp) - std r22,`$FRAME-8*10`($sp) - std r23,`$FRAME-8*9`($sp) - std r24,`$FRAME-8*8`($sp) - std r25,`$FRAME-8*7`($sp) - std r26,`$FRAME-8*6`($sp) - std r27,`$FRAME-8*5`($sp) - std r28,`$FRAME-8*4`($sp) - std r29,`$FRAME-8*3`($sp) - std r30,`$FRAME-8*2`($sp) - std r31,`$FRAME-8*1`($sp) - - lis $bi,`65536>>16` - ori $bi,$bi,`121666-65536` - ld $a0,0($ap) - ld $a1,8($ap) - ld $a2,16($ap) - ld $a3,24($ap) - ld $a4,32($ap) - - mulld $h0lo,$a0,$bi # a[0]*121666 - mulhdu $h0hi,$a0,$bi - mulld $h1lo,$a1,$bi # a[1]*121666 - mulhdu $h1hi,$a1,$bi - mulld $h2lo,$a2,$bi # a[2]*121666 - mulhdu $h2hi,$a2,$bi - mulld $h3lo,$a3,$bi # a[3]*121666 - mulhdu $h3hi,$a3,$bi - mulld $h4lo,$a4,$bi # a[4]*121666 - mulhdu $h4hi,$a4,$bi - - b .Lfe51_reduce - .long 0 - .byte 0,12,4,0,0x80,11,2,0 - .long 0 -.size x25519_fe51_mul121666,.-x25519_fe51_mul121666 -___ -} - -$code =~ s/\`([^\`]*)\`/eval $1/gem; -print $code; -close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/ec/asm/x25519-x86_64.pl b/crypto/ec/asm/x25519-x86_64.pl deleted file mode 100755 index d2285269a308ce796e16139caefdbbccc1e107e8..0000000000000000000000000000000000000000 --- a/crypto/ec/asm/x25519-x86_64.pl +++ /dev/null @@ -1,1133 +0,0 @@ -#!/usr/bin/env perl -# Copyright 2018-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html -# -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# ==================================================================== -# -# X25519 lower-level primitives for x86_64. -# -# February 2018. -# -# This module implements radix 2^51 multiplication and squaring, and -# radix 2^64 multiplication, squaring, addition, subtraction and final -# reduction. Latter radix is used on ADCX/ADOX-capable processors such -# as Broadwell. On related note one should mention that there are -# vector implementations that provide significantly better performance -# on some processors(*), but they are large and overly complex. Which -# in combination with them being effectively processor-specific makes -# the undertaking hard to justify. The goal for this implementation -# is rather versatility and simplicity [and ultimately formal -# verification]. -# -# (*) For example sandy2x should provide ~30% improvement on Sandy -# Bridge, but only nominal ~5% on Haswell [and big loss on -# Broadwell and successors]. -# -###################################################################### -# Improvement coefficients: -# -# amd64-51(*) gcc-5.x(**) -# -# P4 +22% +40% -# Sandy Bridge -3% +11% -# Haswell -1% +13% -# Broadwell(***) +30% +35% -# Skylake(***) +33% +47% -# Silvermont +20% +26% -# Goldmont +40% +50% -# Bulldozer +20% +9% -# Ryzen(***) +43% +40% -# VIA +170% +120% -# -# (*) amd64-51 is popular assembly implementation with 2^51 radix, -# only multiplication and squaring subroutines were linked -# for comparison, but not complete ladder step; gain on most -# processors is because this module refrains from shld, and -# minor regression on others is because this does result in -# higher instruction count; -# (**) compiler is free to inline functions, in assembly one would -# need to implement ladder step to do that, and it will improve -# performance by several percent; -# (***) ADCX/ADOX result for 2^64 radix, there is no corresponding -# C implementation, so that comparison is always against -# 2^51 radix; - -# $output is the last argument if it looks like a file (it has an extension) -# $flavour is the first argument if it doesn't look like a file -$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; -$flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef; - -$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/); - -$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; -( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or -( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or -die "can't locate x86_64-xlate.pl"; - -open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"" - or die "can't call $xlate: $!"; -*STDOUT=*OUT; - -if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1` - =~ /GNU assembler version ([2-9]\.[0-9]+)/) { - $addx = ($1>=2.23); -} - -if (!$addx && $win64 && ($flavour =~ /nasm/ || $ENV{ASM} =~ /nasm/) && - `nasm -v 2>&1` =~ /NASM version ([2-9]\.[0-9]+)/) { - $addx = ($1>=2.10); -} - -if (!$addx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) && - `ml64 2>&1` =~ /Version ([0-9]+)\./) { - $addx = ($1>=12); -} - -if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:clang|LLVM) version|.*based on LLVM) ([0-9]+)\.([0-9]+)/) { - my $ver = $2 + $3/100.0; # 3.1->3.01, 3.10->3.10 - $addx = ($ver>=3.03); -} - -$code.=<<___; -.text - -.globl x25519_fe51_mul -.type x25519_fe51_mul,\@function,3 -.align 32 -x25519_fe51_mul: -.cfi_startproc - push %rbp -.cfi_push %rbp - push %rbx -.cfi_push %rbx - push %r12 -.cfi_push %r12 - push %r13 -.cfi_push %r13 - push %r14 -.cfi_push %r14 - push %r15 -.cfi_push %r15 - lea -8*5(%rsp),%rsp -.cfi_adjust_cfa_offset 40 -.Lfe51_mul_body: - - mov 8*0(%rsi),%rax # f[0] - mov 8*0(%rdx),%r11 # load g[0-4] - mov 8*1(%rdx),%r12 - mov 8*2(%rdx),%r13 - mov 8*3(%rdx),%rbp - mov 8*4(%rdx),%r14 - - mov %rdi,8*4(%rsp) # offload 1st argument - mov %rax,%rdi - mulq %r11 # f[0]*g[0] - mov %r11,8*0(%rsp) # offload g[0] - mov %rax,%rbx # %rbx:%rcx = h0 - mov %rdi,%rax - mov %rdx,%rcx - mulq %r12 # f[0]*g[1] - mov %r12,8*1(%rsp) # offload g[1] - mov %rax,%r8 # %r8:%r9 = h1 - mov %rdi,%rax - lea (%r14,%r14,8),%r15 - mov %rdx,%r9 - mulq %r13 # f[0]*g[2] - mov %r13,8*2(%rsp) # offload g[2] - mov %rax,%r10 # %r10:%r11 = h2 - mov %rdi,%rax - lea (%r14,%r15,2),%rdi # g[4]*19 - mov %rdx,%r11 - mulq %rbp # f[0]*g[3] - mov %rax,%r12 # %r12:%r13 = h3 - mov 8*0(%rsi),%rax # f[0] - mov %rdx,%r13 - mulq %r14 # f[0]*g[4] - mov %rax,%r14 # %r14:%r15 = h4 - mov 8*1(%rsi),%rax # f[1] - mov %rdx,%r15 - - mulq %rdi # f[1]*g[4]*19 - add %rax,%rbx - mov 8*2(%rsi),%rax # f[2] - adc %rdx,%rcx - mulq %rdi # f[2]*g[4]*19 - add %rax,%r8 - mov 8*3(%rsi),%rax # f[3] - adc %rdx,%r9 - mulq %rdi # f[3]*g[4]*19 - add %rax,%r10 - mov 8*4(%rsi),%rax # f[4] - adc %rdx,%r11 - mulq %rdi # f[4]*g[4]*19 - imulq \$19,%rbp,%rdi # g[3]*19 - add %rax,%r12 - mov 8*1(%rsi),%rax # f[1] - adc %rdx,%r13 - mulq %rbp # f[1]*g[3] - mov 8*2(%rsp),%rbp # g[2] - add %rax,%r14 - mov 8*2(%rsi),%rax # f[2] - adc %rdx,%r15 - - mulq %rdi # f[2]*g[3]*19 - add %rax,%rbx - mov 8*3(%rsi),%rax # f[3] - adc %rdx,%rcx - mulq %rdi # f[3]*g[3]*19 - add %rax,%r8 - mov 8*4(%rsi),%rax # f[4] - adc %rdx,%r9 - mulq %rdi # f[4]*g[3]*19 - imulq \$19,%rbp,%rdi # g[2]*19 - add %rax,%r10 - mov 8*1(%rsi),%rax # f[1] - adc %rdx,%r11 - mulq %rbp # f[1]*g[2] - add %rax,%r12 - mov 8*2(%rsi),%rax # f[2] - adc %rdx,%r13 - mulq %rbp # f[2]*g[2] - mov 8*1(%rsp),%rbp # g[1] - add %rax,%r14 - mov 8*3(%rsi),%rax # f[3] - adc %rdx,%r15 - - mulq %rdi # f[3]*g[2]*19 - add %rax,%rbx - mov 8*4(%rsi),%rax # f[3] - adc %rdx,%rcx - mulq %rdi # f[4]*g[2]*19 - add %rax,%r8 - mov 8*1(%rsi),%rax # f[1] - adc %rdx,%r9 - mulq %rbp # f[1]*g[1] - imulq \$19,%rbp,%rdi - add %rax,%r10 - mov 8*2(%rsi),%rax # f[2] - adc %rdx,%r11 - mulq %rbp # f[2]*g[1] - add %rax,%r12 - mov 8*3(%rsi),%rax # f[3] - adc %rdx,%r13 - mulq %rbp # f[3]*g[1] - mov 8*0(%rsp),%rbp # g[0] - add %rax,%r14 - mov 8*4(%rsi),%rax # f[4] - adc %rdx,%r15 - - mulq %rdi # f[4]*g[1]*19 - add %rax,%rbx - mov 8*1(%rsi),%rax # f[1] - adc %rdx,%rcx - mul %rbp # f[1]*g[0] - add %rax,%r8 - mov 8*2(%rsi),%rax # f[2] - adc %rdx,%r9 - mul %rbp # f[2]*g[0] - add %rax,%r10 - mov 8*3(%rsi),%rax # f[3] - adc %rdx,%r11 - mul %rbp # f[3]*g[0] - add %rax,%r12 - mov 8*4(%rsi),%rax # f[4] - adc %rdx,%r13 - mulq %rbp # f[4]*g[0] - add %rax,%r14 - adc %rdx,%r15 - - mov 8*4(%rsp),%rdi # restore 1st argument - jmp .Lreduce51 -.Lfe51_mul_epilogue: -.cfi_endproc -.size x25519_fe51_mul,.-x25519_fe51_mul - -.globl x25519_fe51_sqr -.type x25519_fe51_sqr,\@function,2 -.align 32 -x25519_fe51_sqr: -.cfi_startproc - push %rbp -.cfi_push %rbp - push %rbx -.cfi_push %rbx - push %r12 -.cfi_push %r12 - push %r13 -.cfi_push %r13 - push %r14 -.cfi_push %r14 - push %r15 -.cfi_push %r15 - lea -8*5(%rsp),%rsp -.cfi_adjust_cfa_offset 40 -.Lfe51_sqr_body: - - mov 8*0(%rsi),%rax # g[0] - mov 8*2(%rsi),%r15 # g[2] - mov 8*4(%rsi),%rbp # g[4] - - mov %rdi,8*4(%rsp) # offload 1st argument - lea (%rax,%rax),%r14 - mulq %rax # g[0]*g[0] - mov %rax,%rbx - mov 8*1(%rsi),%rax # g[1] - mov %rdx,%rcx - mulq %r14 # 2*g[0]*g[1] - mov %rax,%r8 - mov %r15,%rax - mov %r15,8*0(%rsp) # offload g[2] - mov %rdx,%r9 - mulq %r14 # 2*g[0]*g[2] - mov %rax,%r10 - mov 8*3(%rsi),%rax - mov %rdx,%r11 - imulq \$19,%rbp,%rdi # g[4]*19 - mulq %r14 # 2*g[0]*g[3] - mov %rax,%r12 - mov %rbp,%rax - mov %rdx,%r13 - mulq %r14 # 2*g[0]*g[4] - mov %rax,%r14 - mov %rbp,%rax - mov %rdx,%r15 - - mulq %rdi # g[4]*g[4]*19 - add %rax,%r12 - mov 8*1(%rsi),%rax # g[1] - adc %rdx,%r13 - - mov 8*3(%rsi),%rsi # g[3] - lea (%rax,%rax),%rbp - mulq %rax # g[1]*g[1] - add %rax,%r10 - mov 8*0(%rsp),%rax # g[2] - adc %rdx,%r11 - mulq %rbp # 2*g[1]*g[2] - add %rax,%r12 - mov %rbp,%rax - adc %rdx,%r13 - mulq %rsi # 2*g[1]*g[3] - add %rax,%r14 - mov %rbp,%rax - adc %rdx,%r15 - imulq \$19,%rsi,%rbp # g[3]*19 - mulq %rdi # 2*g[1]*g[4]*19 - add %rax,%rbx - lea (%rsi,%rsi),%rax - adc %rdx,%rcx - - mulq %rdi # 2*g[3]*g[4]*19 - add %rax,%r10 - mov %rsi,%rax - adc %rdx,%r11 - mulq %rbp # g[3]*g[3]*19 - add %rax,%r8 - mov 8*0(%rsp),%rax # g[2] - adc %rdx,%r9 - - lea (%rax,%rax),%rsi - mulq %rax # g[2]*g[2] - add %rax,%r14 - mov %rbp,%rax - adc %rdx,%r15 - mulq %rsi # 2*g[2]*g[3]*19 - add %rax,%rbx - mov %rsi,%rax - adc %rdx,%rcx - mulq %rdi # 2*g[2]*g[4]*19 - add %rax,%r8 - adc %rdx,%r9 - - mov 8*4(%rsp),%rdi # restore 1st argument - jmp .Lreduce51 - -.align 32 -.Lreduce51: - mov \$0x7ffffffffffff,%rbp - - mov %r10,%rdx - shr \$51,%r10 - shl \$13,%r11 - and %rbp,%rdx # %rdx = g2 = h2 & mask - or %r10,%r11 # h2>>51 - add %r11,%r12 - adc \$0,%r13 # h3 += h2>>51 - - mov %rbx,%rax - shr \$51,%rbx - shl \$13,%rcx - and %rbp,%rax # %rax = g0 = h0 & mask - or %rbx,%rcx # h0>>51 - add %rcx,%r8 # h1 += h0>>51 - adc \$0,%r9 - - mov %r12,%rbx - shr \$51,%r12 - shl \$13,%r13 - and %rbp,%rbx # %rbx = g3 = h3 & mask - or %r12,%r13 # h3>>51 - add %r13,%r14 # h4 += h3>>51 - adc \$0,%r15 - - mov %r8,%rcx - shr \$51,%r8 - shl \$13,%r9 - and %rbp,%rcx # %rcx = g1 = h1 & mask - or %r8,%r9 - add %r9,%rdx # g2 += h1>>51 - - mov %r14,%r10 - shr \$51,%r14 - shl \$13,%r15 - and %rbp,%r10 # %r10 = g4 = h0 & mask - or %r14,%r15 # h0>>51 - - lea (%r15,%r15,8),%r14 - lea (%r15,%r14,2),%r15 - add %r15,%rax # g0 += (h0>>51)*19 - - mov %rdx,%r8 - and %rbp,%rdx # g2 &= mask - shr \$51,%r8 - add %r8,%rbx # g3 += g2>>51 - - mov %rax,%r9 - and %rbp,%rax # g0 &= mask - shr \$51,%r9 - add %r9,%rcx # g1 += g0>>51 - - mov %rax,8*0(%rdi) # save the result - mov %rcx,8*1(%rdi) - mov %rdx,8*2(%rdi) - mov %rbx,8*3(%rdi) - mov %r10,8*4(%rdi) - - mov 8*5(%rsp),%r15 -.cfi_restore %r15 - mov 8*6(%rsp),%r14 -.cfi_restore %r14 - mov 8*7(%rsp),%r13 -.cfi_restore %r13 - mov 8*8(%rsp),%r12 -.cfi_restore %r12 - mov 8*9(%rsp),%rbx -.cfi_restore %rbx - mov 8*10(%rsp),%rbp -.cfi_restore %rbp - lea 8*11(%rsp),%rsp -.cfi_adjust_cfa_offset 88 -.Lfe51_sqr_epilogue: - ret -.cfi_endproc -.size x25519_fe51_sqr,.-x25519_fe51_sqr - -.globl x25519_fe51_mul121666 -.type x25519_fe51_mul121666,\@function,2 -.align 32 -x25519_fe51_mul121666: -.cfi_startproc - push %rbp -.cfi_push %rbp - push %rbx -.cfi_push %rbx - push %r12 -.cfi_push %r12 - push %r13 -.cfi_push %r13 - push %r14 -.cfi_push %r14 - push %r15 -.cfi_push %r15 - lea -8*5(%rsp),%rsp -.cfi_adjust_cfa_offset 40 -.Lfe51_mul121666_body: - mov \$121666,%eax - - mulq 8*0(%rsi) - mov %rax,%rbx # %rbx:%rcx = h0 - mov \$121666,%eax - mov %rdx,%rcx - mulq 8*1(%rsi) - mov %rax,%r8 # %r8:%r9 = h1 - mov \$121666,%eax - mov %rdx,%r9 - mulq 8*2(%rsi) - mov %rax,%r10 # %r10:%r11 = h2 - mov \$121666,%eax - mov %rdx,%r11 - mulq 8*3(%rsi) - mov %rax,%r12 # %r12:%r13 = h3 - mov \$121666,%eax # f[0] - mov %rdx,%r13 - mulq 8*4(%rsi) - mov %rax,%r14 # %r14:%r15 = h4 - mov %rdx,%r15 - - jmp .Lreduce51 -.Lfe51_mul121666_epilogue: -.cfi_endproc -.size x25519_fe51_mul121666,.-x25519_fe51_mul121666 -___ -######################################################################## -# Base 2^64 subroutines modulo 2*(2^255-19) -# -if ($addx) { -my ($acc0,$acc1,$acc2,$acc3,$acc4,$acc5,$acc6,$acc7) = map("%r$_",(8..15)); - -$code.=<<___; -.extern OPENSSL_ia32cap_P -.globl x25519_fe64_eligible -.type x25519_fe64_eligible,\@abi-omnipotent -.align 32 -x25519_fe64_eligible: -.cfi_startproc - mov OPENSSL_ia32cap_P+8(%rip),%ecx - xor %eax,%eax - and \$0x80100,%ecx - cmp \$0x80100,%ecx - cmove %ecx,%eax - ret -.cfi_endproc -.size x25519_fe64_eligible,.-x25519_fe64_eligible - -.globl x25519_fe64_mul -.type x25519_fe64_mul,\@function,3 -.align 32 -x25519_fe64_mul: -.cfi_startproc - push %rbp -.cfi_push %rbp - push %rbx -.cfi_push %rbx - push %r12 -.cfi_push %r12 - push %r13 -.cfi_push %r13 - push %r14 -.cfi_push %r14 - push %r15 -.cfi_push %r15 - push %rdi # offload dst -.cfi_push %rdi - lea -8*2(%rsp),%rsp -.cfi_adjust_cfa_offset 16 -.Lfe64_mul_body: - - mov %rdx,%rax - mov 8*0(%rdx),%rbp # b[0] - mov 8*0(%rsi),%rdx # a[0] - mov 8*1(%rax),%rcx # b[1] - mov 8*2(%rax),$acc6 # b[2] - mov 8*3(%rax),$acc7 # b[3] - - mulx %rbp,$acc0,%rax # a[0]*b[0] - xor %edi,%edi # cf=0,of=0 - mulx %rcx,$acc1,%rbx # a[0]*b[1] - adcx %rax,$acc1 - mulx $acc6,$acc2,%rax # a[0]*b[2] - adcx %rbx,$acc2 - mulx $acc7,$acc3,$acc4 # a[0]*b[3] - mov 8*1(%rsi),%rdx # a[1] - adcx %rax,$acc3 - mov $acc6,(%rsp) # offload b[2] - adcx %rdi,$acc4 # cf=0 - - mulx %rbp,%rax,%rbx # a[1]*b[0] - adox %rax,$acc1 - adcx %rbx,$acc2 - mulx %rcx,%rax,%rbx # a[1]*b[1] - adox %rax,$acc2 - adcx %rbx,$acc3 - mulx $acc6,%rax,%rbx # a[1]*b[2] - adox %rax,$acc3 - adcx %rbx,$acc4 - mulx $acc7,%rax,$acc5 # a[1]*b[3] - mov 8*2(%rsi),%rdx # a[2] - adox %rax,$acc4 - adcx %rdi,$acc5 # cf=0 - adox %rdi,$acc5 # of=0 - - mulx %rbp,%rax,%rbx # a[2]*b[0] - adcx %rax,$acc2 - adox %rbx,$acc3 - mulx %rcx,%rax,%rbx # a[2]*b[1] - adcx %rax,$acc3 - adox %rbx,$acc4 - mulx $acc6,%rax,%rbx # a[2]*b[2] - adcx %rax,$acc4 - adox %rbx,$acc5 - mulx $acc7,%rax,$acc6 # a[2]*b[3] - mov 8*3(%rsi),%rdx # a[3] - adcx %rax,$acc5 - adox %rdi,$acc6 # of=0 - adcx %rdi,$acc6 # cf=0 - - mulx %rbp,%rax,%rbx # a[3]*b[0] - adox %rax,$acc3 - adcx %rbx,$acc4 - mulx %rcx,%rax,%rbx # a[3]*b[1] - adox %rax,$acc4 - adcx %rbx,$acc5 - mulx (%rsp),%rax,%rbx # a[3]*b[2] - adox %rax,$acc5 - adcx %rbx,$acc6 - mulx $acc7,%rax,$acc7 # a[3]*b[3] - mov \$38,%edx - adox %rax,$acc6 - adcx %rdi,$acc7 # cf=0 - adox %rdi,$acc7 # of=0 - - jmp .Lreduce64 -.Lfe64_mul_epilogue: -.cfi_endproc -.size x25519_fe64_mul,.-x25519_fe64_mul - -.globl x25519_fe64_sqr -.type x25519_fe64_sqr,\@function,2 -.align 32 -x25519_fe64_sqr: -.cfi_startproc - push %rbp -.cfi_push %rbp - push %rbx -.cfi_push %rbx - push %r12 -.cfi_push %r12 - push %r13 -.cfi_push %r13 - push %r14 -.cfi_push %r14 - push %r15 -.cfi_push %r15 - push %rdi # offload dst -.cfi_push %rdi - lea -8*2(%rsp),%rsp -.cfi_adjust_cfa_offset 16 -.Lfe64_sqr_body: - - mov 8*0(%rsi),%rdx # a[0] - mov 8*1(%rsi),%rcx # a[1] - mov 8*2(%rsi),%rbp # a[2] - mov 8*3(%rsi),%rsi # a[3] - - ################################################################ - mulx %rdx,$acc0,$acc7 # a[0]*a[0] - mulx %rcx,$acc1,%rax # a[0]*a[1] - xor %edi,%edi # cf=0,of=0 - mulx %rbp,$acc2,%rbx # a[0]*a[2] - adcx %rax,$acc2 - mulx %rsi,$acc3,$acc4 # a[0]*a[3] - mov %rcx,%rdx # a[1] - adcx %rbx,$acc3 - adcx %rdi,$acc4 # cf=0 - - ################################################################ - mulx %rbp,%rax,%rbx # a[1]*a[2] - adox %rax,$acc3 - adcx %rbx,$acc4 - mulx %rsi,%rax,$acc5 # a[1]*a[3] - mov %rbp,%rdx # a[2] - adox %rax,$acc4 - adcx %rdi,$acc5 - - ################################################################ - mulx %rsi,%rax,$acc6 # a[2]*a[3] - mov %rcx,%rdx # a[1] - adox %rax,$acc5 - adcx %rdi,$acc6 # cf=0 - adox %rdi,$acc6 # of=0 - - adcx $acc1,$acc1 # acc1:6<<1 - adox $acc7,$acc1 - adcx $acc2,$acc2 - mulx %rdx,%rax,%rbx # a[1]*a[1] - mov %rbp,%rdx # a[2] - adcx $acc3,$acc3 - adox %rax,$acc2 - adcx $acc4,$acc4 - adox %rbx,$acc3 - mulx %rdx,%rax,%rbx # a[2]*a[2] - mov %rsi,%rdx # a[3] - adcx $acc5,$acc5 - adox %rax,$acc4 - adcx $acc6,$acc6 - adox %rbx,$acc5 - mulx %rdx,%rax,$acc7 # a[3]*a[3] - mov \$38,%edx - adox %rax,$acc6 - adcx %rdi,$acc7 # cf=0 - adox %rdi,$acc7 # of=0 - jmp .Lreduce64 - -.align 32 -.Lreduce64: - mulx $acc4,%rax,%rbx - adcx %rax,$acc0 - adox %rbx,$acc1 - mulx $acc5,%rax,%rbx - adcx %rax,$acc1 - adox %rbx,$acc2 - mulx $acc6,%rax,%rbx - adcx %rax,$acc2 - adox %rbx,$acc3 - mulx $acc7,%rax,$acc4 - adcx %rax,$acc3 - adox %rdi,$acc4 - adcx %rdi,$acc4 - - mov 8*2(%rsp),%rdi # restore dst - imulq %rdx,$acc4 - - add $acc4,$acc0 - adc \$0,$acc1 - adc \$0,$acc2 - adc \$0,$acc3 - - sbb %rax,%rax # cf -> mask - and \$38,%rax - - add %rax,$acc0 - mov $acc1,8*1(%rdi) - mov $acc2,8*2(%rdi) - mov $acc3,8*3(%rdi) - mov $acc0,8*0(%rdi) - - mov 8*3(%rsp),%r15 -.cfi_restore %r15 - mov 8*4(%rsp),%r14 -.cfi_restore %r14 - mov 8*5(%rsp),%r13 -.cfi_restore %r13 - mov 8*6(%rsp),%r12 -.cfi_restore %r12 - mov 8*7(%rsp),%rbx -.cfi_restore %rbx - mov 8*8(%rsp),%rbp -.cfi_restore %rbp - lea 8*9(%rsp),%rsp -.cfi_adjust_cfa_offset 88 -.Lfe64_sqr_epilogue: - ret -.cfi_endproc -.size x25519_fe64_sqr,.-x25519_fe64_sqr - -.globl x25519_fe64_mul121666 -.type x25519_fe64_mul121666,\@function,2 -.align 32 -x25519_fe64_mul121666: -.Lfe64_mul121666_body: -.cfi_startproc - mov \$121666,%edx - mulx 8*0(%rsi),$acc0,%rcx - mulx 8*1(%rsi),$acc1,%rax - add %rcx,$acc1 - mulx 8*2(%rsi),$acc2,%rcx - adc %rax,$acc2 - mulx 8*3(%rsi),$acc3,%rax - adc %rcx,$acc3 - adc \$0,%rax - - imulq \$38,%rax,%rax - - add %rax,$acc0 - adc \$0,$acc1 - adc \$0,$acc2 - adc \$0,$acc3 - - sbb %rax,%rax # cf -> mask - and \$38,%rax - - add %rax,$acc0 - mov $acc1,8*1(%rdi) - mov $acc2,8*2(%rdi) - mov $acc3,8*3(%rdi) - mov $acc0,8*0(%rdi) - -.Lfe64_mul121666_epilogue: - ret -.cfi_endproc -.size x25519_fe64_mul121666,.-x25519_fe64_mul121666 - -.globl x25519_fe64_add -.type x25519_fe64_add,\@function,3 -.align 32 -x25519_fe64_add: -.Lfe64_add_body: -.cfi_startproc - mov 8*0(%rsi),$acc0 - mov 8*1(%rsi),$acc1 - mov 8*2(%rsi),$acc2 - mov 8*3(%rsi),$acc3 - - add 8*0(%rdx),$acc0 - adc 8*1(%rdx),$acc1 - adc 8*2(%rdx),$acc2 - adc 8*3(%rdx),$acc3 - - sbb %rax,%rax # cf -> mask - and \$38,%rax - - add %rax,$acc0 - adc \$0,$acc1 - adc \$0,$acc2 - mov $acc1,8*1(%rdi) - adc \$0,$acc3 - mov $acc2,8*2(%rdi) - sbb %rax,%rax # cf -> mask - mov $acc3,8*3(%rdi) - and \$38,%rax - - add %rax,$acc0 - mov $acc0,8*0(%rdi) - -.Lfe64_add_epilogue: - ret -.cfi_endproc -.size x25519_fe64_add,.-x25519_fe64_add - -.globl x25519_fe64_sub -.type x25519_fe64_sub,\@function,3 -.align 32 -x25519_fe64_sub: -.Lfe64_sub_body: -.cfi_startproc - mov 8*0(%rsi),$acc0 - mov 8*1(%rsi),$acc1 - mov 8*2(%rsi),$acc2 - mov 8*3(%rsi),$acc3 - - sub 8*0(%rdx),$acc0 - sbb 8*1(%rdx),$acc1 - sbb 8*2(%rdx),$acc2 - sbb 8*3(%rdx),$acc3 - - sbb %rax,%rax # cf -> mask - and \$38,%rax - - sub %rax,$acc0 - sbb \$0,$acc1 - sbb \$0,$acc2 - mov $acc1,8*1(%rdi) - sbb \$0,$acc3 - mov $acc2,8*2(%rdi) - sbb %rax,%rax # cf -> mask - mov $acc3,8*3(%rdi) - and \$38,%rax - - sub %rax,$acc0 - mov $acc0,8*0(%rdi) - -.Lfe64_sub_epilogue: - ret -.cfi_endproc -.size x25519_fe64_sub,.-x25519_fe64_sub - -.globl x25519_fe64_tobytes -.type x25519_fe64_tobytes,\@function,2 -.align 32 -x25519_fe64_tobytes: -.Lfe64_to_body: -.cfi_startproc - mov 8*0(%rsi),$acc0 - mov 8*1(%rsi),$acc1 - mov 8*2(%rsi),$acc2 - mov 8*3(%rsi),$acc3 - - ################################# reduction modulo 2^255-19 - lea ($acc3,$acc3),%rax - sar \$63,$acc3 # most significant bit -> mask - shr \$1,%rax # most significant bit cleared - and \$19,$acc3 - add \$19,$acc3 # compare to modulus in the same go - - add $acc3,$acc0 - adc \$0,$acc1 - adc \$0,$acc2 - adc \$0,%rax - - lea (%rax,%rax),$acc3 - sar \$63,%rax # most significant bit -> mask - shr \$1,$acc3 # most significant bit cleared - not %rax - and \$19,%rax - - sub %rax,$acc0 - sbb \$0,$acc1 - sbb \$0,$acc2 - sbb \$0,$acc3 - - mov $acc0,8*0(%rdi) - mov $acc1,8*1(%rdi) - mov $acc2,8*2(%rdi) - mov $acc3,8*3(%rdi) - -.Lfe64_to_epilogue: - ret -.cfi_endproc -.size x25519_fe64_tobytes,.-x25519_fe64_tobytes -___ -} else { -$code.=<<___; -.globl x25519_fe64_eligible -.type x25519_fe64_eligible,\@abi-omnipotent -.align 32 -x25519_fe64_eligible: -.cfi_startproc - xor %eax,%eax - ret -.cfi_endproc -.size x25519_fe64_eligible,.-x25519_fe64_eligible - -.globl x25519_fe64_mul -.type x25519_fe64_mul,\@abi-omnipotent -.globl x25519_fe64_sqr -.globl x25519_fe64_mul121666 -.globl x25519_fe64_add -.globl x25519_fe64_sub -.globl x25519_fe64_tobytes -x25519_fe64_mul: -x25519_fe64_sqr: -x25519_fe64_mul121666: -x25519_fe64_add: -x25519_fe64_sub: -x25519_fe64_tobytes: -.cfi_startproc - .byte 0x0f,0x0b # ud2 - ret -.cfi_endproc -.size x25519_fe64_mul,.-x25519_fe64_mul -___ -} -$code.=<<___; -.asciz "X25519 primitives for x86_64, CRYPTOGAMS by " -___ - -# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame, -# CONTEXT *context,DISPATCHER_CONTEXT *disp) -if ($win64) { -$rec="%rcx"; -$frame="%rdx"; -$context="%r8"; -$disp="%r9"; - -$code.=<<___; -.extern __imp_RtlVirtualUnwind - -.type short_handler,\@abi-omnipotent -.align 16 -short_handler: - push %rsi - push %rdi - push %rbx - push %rbp - push %r12 - push %r13 - push %r14 - push %r15 - pushfq - sub \$64,%rsp - - mov 120($context),%rax # pull context->Rax - mov 248($context),%rbx # pull context->Rip - - mov 8($disp),%rsi # disp->ImageBase - mov 56($disp),%r11 # disp->HandlerData - - mov 0(%r11),%r10d # HandlerData[0] - lea (%rsi,%r10),%r10 # end of prologue label - cmp %r10,%rbx # context->RipRsp - jmp .Lcommon_seh_tail -.size short_handler,.-short_handler - -.type full_handler,\@abi-omnipotent -.align 16 -full_handler: - push %rsi - push %rdi - push %rbx - push %rbp - push %r12 - push %r13 - push %r14 - push %r15 - pushfq - sub \$64,%rsp - - mov 120($context),%rax # pull context->Rax - mov 248($context),%rbx # pull context->Rip - - mov 8($disp),%rsi # disp->ImageBase - mov 56($disp),%r11 # disp->HandlerData - - mov 0(%r11),%r10d # HandlerData[0] - lea (%rsi,%r10),%r10 # end of prologue label - cmp %r10,%rbx # context->RipRsp - - mov 4(%r11),%r10d # HandlerData[1] - lea (%rsi,%r10),%r10 # epilogue label - cmp %r10,%rbx # context->Rip>=epilogue label - jae .Lcommon_seh_tail - - mov 8(%r11),%r10d # HandlerData[2] - lea (%rax,%r10),%rax - - mov -8(%rax),%rbp - mov -16(%rax),%rbx - mov -24(%rax),%r12 - mov -32(%rax),%r13 - mov -40(%rax),%r14 - mov -48(%rax),%r15 - mov %rbx,144($context) # restore context->Rbx - mov %rbp,160($context) # restore context->Rbp - mov %r12,216($context) # restore context->R12 - mov %r13,224($context) # restore context->R13 - mov %r14,232($context) # restore context->R14 - mov %r15,240($context) # restore context->R15 - -.Lcommon_seh_tail: - mov 8(%rax),%rdi - mov 16(%rax),%rsi - mov %rax,152($context) # restore context->Rsp - mov %rsi,168($context) # restore context->Rsi - mov %rdi,176($context) # restore context->Rdi - - mov 40($disp),%rdi # disp->ContextRecord - mov $context,%rsi # context - mov \$154,%ecx # sizeof(CONTEXT) - .long 0xa548f3fc # cld; rep movsq - - mov $disp,%rsi - xor %rcx,%rcx # arg1, UNW_FLAG_NHANDLER - mov 8(%rsi),%rdx # arg2, disp->ImageBase - mov 0(%rsi),%r8 # arg3, disp->ControlPc - mov 16(%rsi),%r9 # arg4, disp->FunctionEntry - mov 40(%rsi),%r10 # disp->ContextRecord - lea 56(%rsi),%r11 # &disp->HandlerData - lea 24(%rsi),%r12 # &disp->EstablisherFrame - mov %r10,32(%rsp) # arg5 - mov %r11,40(%rsp) # arg6 - mov %r12,48(%rsp) # arg7 - mov %rcx,56(%rsp) # arg8, (NULL) - call *__imp_RtlVirtualUnwind(%rip) - - mov \$1,%eax # ExceptionContinueSearch - add \$64,%rsp - popfq - pop %r15 - pop %r14 - pop %r13 - pop %r12 - pop %rbp - pop %rbx - pop %rdi - pop %rsi - ret -.size full_handler,.-full_handler - -.section .pdata -.align 4 - .rva .LSEH_begin_x25519_fe51_mul - .rva .LSEH_end_x25519_fe51_mul - .rva .LSEH_info_x25519_fe51_mul - - .rva .LSEH_begin_x25519_fe51_sqr - .rva .LSEH_end_x25519_fe51_sqr - .rva .LSEH_info_x25519_fe51_sqr - - .rva .LSEH_begin_x25519_fe51_mul121666 - .rva .LSEH_end_x25519_fe51_mul121666 - .rva .LSEH_info_x25519_fe51_mul121666 -___ -$code.=<<___ if ($addx); - .rva .LSEH_begin_x25519_fe64_mul - .rva .LSEH_end_x25519_fe64_mul - .rva .LSEH_info_x25519_fe64_mul - - .rva .LSEH_begin_x25519_fe64_sqr - .rva .LSEH_end_x25519_fe64_sqr - .rva .LSEH_info_x25519_fe64_sqr - - .rva .LSEH_begin_x25519_fe64_mul121666 - .rva .LSEH_end_x25519_fe64_mul121666 - .rva .LSEH_info_x25519_fe64_mul121666 - - .rva .LSEH_begin_x25519_fe64_add - .rva .LSEH_end_x25519_fe64_add - .rva .LSEH_info_x25519_fe64_add - - .rva .LSEH_begin_x25519_fe64_sub - .rva .LSEH_end_x25519_fe64_sub - .rva .LSEH_info_x25519_fe64_sub - - .rva .LSEH_begin_x25519_fe64_tobytes - .rva .LSEH_end_x25519_fe64_tobytes - .rva .LSEH_info_x25519_fe64_tobytes -___ -$code.=<<___; -.section .xdata -.align 8 -.LSEH_info_x25519_fe51_mul: - .byte 9,0,0,0 - .rva full_handler - .rva .Lfe51_mul_body,.Lfe51_mul_epilogue # HandlerData[] - .long 88,0 -.LSEH_info_x25519_fe51_sqr: - .byte 9,0,0,0 - .rva full_handler - .rva .Lfe51_sqr_body,.Lfe51_sqr_epilogue # HandlerData[] - .long 88,0 -.LSEH_info_x25519_fe51_mul121666: - .byte 9,0,0,0 - .rva full_handler - .rva .Lfe51_mul121666_body,.Lfe51_mul121666_epilogue # HandlerData[] - .long 88,0 -___ -$code.=<<___ if ($addx); -.LSEH_info_x25519_fe64_mul: - .byte 9,0,0,0 - .rva full_handler - .rva .Lfe64_mul_body,.Lfe64_mul_epilogue # HandlerData[] - .long 72,0 -.LSEH_info_x25519_fe64_sqr: - .byte 9,0,0,0 - .rva full_handler - .rva .Lfe64_sqr_body,.Lfe64_sqr_epilogue # HandlerData[] - .long 72,0 -.LSEH_info_x25519_fe64_mul121666: - .byte 9,0,0,0 - .rva short_handler - .rva .Lfe64_mul121666_body,.Lfe64_mul121666_epilogue # HandlerData[] -.LSEH_info_x25519_fe64_add: - .byte 9,0,0,0 - .rva short_handler - .rva .Lfe64_add_body,.Lfe64_add_epilogue # HandlerData[] -.LSEH_info_x25519_fe64_sub: - .byte 9,0,0,0 - .rva short_handler - .rva .Lfe64_sub_body,.Lfe64_sub_epilogue # HandlerData[] -.LSEH_info_x25519_fe64_tobytes: - .byte 9,0,0,0 - .rva short_handler - .rva .Lfe64_to_body,.Lfe64_to_epilogue # HandlerData[] -___ -} - -$code =~ s/\`([^\`]*)\`/eval $1/gem; -print $code; -close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/ec/build.info b/crypto/ec/build.info deleted file mode 100644 index a511e887a9ba19a7765264fa1ee55b80e5cce09a..0000000000000000000000000000000000000000 --- a/crypto/ec/build.info +++ /dev/null @@ -1,105 +0,0 @@ -$ECASM= -IF[{- !$disabled{asm} -}] - $ECASM_x86=ecp_nistz256.c ecp_nistz256-x86.S - $ECDEF_x86=ECP_NISTZ256_ASM - - $ECASM_x86_64=ecp_nistz256.c ecp_nistz256-x86_64.s x25519-x86_64.s - $ECDEF_x86_64=ECP_NISTZ256_ASM X25519_ASM - - $ECASM_ia64= - - $ECASM_sparcv9=ecp_nistz256.c ecp_nistz256-sparcv9.S - $ECDEF_sparcv9=ECP_NISTZ256_ASM - - $ECASM_sparcv8= - - $ECASM_alpha= - - $ECASM_mips32= - $ECASM_mips64= - - $ECASM_s390x=ecp_s390x_nistp.c ecx_s390x.c - $ECDEF_s390x=S390X_EC_ASM - - $ECASM_armv4=ecp_nistz256.c ecp_nistz256-armv4.S - $ECDEF_armv4=ECP_NISTZ256_ASM - $ECASM_aarch64=ecp_nistz256.c ecp_nistz256-armv8.S - $ECDEF_aarch64=ECP_NISTZ256_ASM - - $ECASM_parisc11= - $ECASM_parisc20_64= - - $ECASM_ppc32= - $ECASM_ppc64=ecp_nistz256.c ecp_ppc.c ecp_nistz256-ppc64.s x25519-ppc64.s - $ECDEF_ppc64=ECP_NISTZ256_ASM X25519_ASM - IF[{- !$disabled{'ec_nistp_64_gcc_128'} -}] - $ECASM_ppc64=$ECASM_ppc64 ecp_nistp521-ppc64.s - $ECDEF_ppc64=$ECDEF_ppc64 ECP_NISTP521_ASM - INCLUDE[ecp_nistp521.o]=.. - ENDIF - - $ECASM_c64xplus= - - # Now that we have defined all the arch specific variables, use the - # appropriate one, and define the appropriate macros - IF[$ECASM_{- $target{asm_arch} -}] - $ECASM=$ECASM_{- $target{asm_arch} -} - $ECDEF=$ECDEF_{- $target{asm_arch} -} - ENDIF -ENDIF - -$COMMON=ec_lib.c ecp_smpl.c ecp_mont.c ecp_nist.c ec_cvt.c ec_mult.c \ - ec_curve.c ec_check.c ec_key.c ec_kmeth.c ecx_key.c ec_asn1.c \ - ec2_smpl.c \ - ecp_oct.c ec2_oct.c ec_oct.c ecdh_ossl.c \ - ecdsa_ossl.c ecdsa_sign.c ecdsa_vrf.c curve25519.c \ - curve448/f_generic.c curve448/scalar.c \ - curve448/curve448_tables.c curve448/eddsa.c curve448/curve448.c \ - $ECASM ec_backend.c ecx_backend.c ecdh_kdf.c curve448/arch_64/f_impl64.c \ - curve448/arch_32/f_impl32.c - -IF[{- !$disabled{'ec_nistp_64_gcc_128'} -}] - $COMMON=$COMMON ecp_nistp224.c ecp_nistp256.c ecp_nistp521.c ecp_nistputil.c -ENDIF - -SOURCE[../../libcrypto]=$COMMON ec_ameth.c ec_pmeth.c ecx_meth.c \ - ec_err.c eck_prn.c \ - ec_deprecated.c ec_print.c -SOURCE[../../providers/libfips.a]=$COMMON - -# Implementations are now spread across several libraries, so the defines -# need to be applied to all affected libraries and modules. -DEFINE[../../libcrypto]=$ECDEF -DEFINE[../../providers/libfips.a]=$ECDEF -DEFINE[../../providers/libdefault.a]=$ECDEF -# We only need to include the ECDEF stuff in the legacy provider when -# it's a separate module and it's dynamically linked with libcrypto. -# Otherwise, it already gets everything that the static libcrypto.a -# has, and doesn't need it added again. -IF[{- !$disabled{module} && !$disabled{shared} -}] - DEFINE[../providers/liblegacy.a]=$ECDEF -ENDIF - -GENERATE[ecp_nistz256-x86.S]=asm/ecp_nistz256-x86.pl - -GENERATE[ecp_nistz256-x86_64.s]=asm/ecp_nistz256-x86_64.pl - -GENERATE[ecp_nistz256-avx2.s]=asm/ecp_nistz256-avx2.pl - -GENERATE[ecp_nistz256-sparcv9.S]=asm/ecp_nistz256-sparcv9.pl -INCLUDE[ecp_nistz256-sparcv9.o]=.. - -INCLUDE[ecp_s390x_nistp.o]=.. -INCLUDE[ecx_s390x.o]=.. -INCLUDE[ecx_meth.o]=.. - -GENERATE[ecp_nistz256-armv4.S]=asm/ecp_nistz256-armv4.pl -INCLUDE[ecp_nistz256-armv4.o]=.. -GENERATE[ecp_nistz256-armv8.S]=asm/ecp_nistz256-armv8.pl -INCLUDE[ecp_nistz256-armv8.o]=.. -GENERATE[ecp_nistz256-ppc64.s]=asm/ecp_nistz256-ppc64.pl - -GENERATE[ecp_nistp521-ppc64.s]=asm/ecp_nistp521-ppc64.pl - -GENERATE[x25519-x86_64.s]=asm/x25519-x86_64.pl -GENERATE[x25519-ppc64.s]=asm/x25519-ppc64.pl diff --git a/crypto/ec/curve25519.c b/crypto/ec/curve25519.c deleted file mode 100644 index 50a8e6b169d233c23c2f03830a2e84f95a394b79..0000000000000000000000000000000000000000 --- a/crypto/ec/curve25519.c +++ /dev/null @@ -1,5652 +0,0 @@ -/* - * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * ECDSA low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include -#include "crypto/ecx.h" -#include "ec_local.h" -#include -#include - -#include "internal/numbers.h" - -#if defined(X25519_ASM) && (defined(__x86_64) || defined(__x86_64__) || \ - defined(_M_AMD64) || defined(_M_X64)) - -# define BASE_2_64_IMPLEMENTED - -typedef uint64_t fe64[4]; - -int x25519_fe64_eligible(void); - -/* - * Following subroutines perform corresponding operations modulo - * 2^256-38, i.e. double the curve modulus. However, inputs and - * outputs are permitted to be partially reduced, i.e. to remain - * in [0..2^256) range. It's all tied up in final fe64_tobytes - * that performs full reduction modulo 2^255-19. - * - * There are no reference C implementations for these. - */ -void x25519_fe64_mul(fe64 h, const fe64 f, const fe64 g); -void x25519_fe64_sqr(fe64 h, const fe64 f); -void x25519_fe64_mul121666(fe64 h, fe64 f); -void x25519_fe64_add(fe64 h, const fe64 f, const fe64 g); -void x25519_fe64_sub(fe64 h, const fe64 f, const fe64 g); -void x25519_fe64_tobytes(uint8_t *s, const fe64 f); -# define fe64_mul x25519_fe64_mul -# define fe64_sqr x25519_fe64_sqr -# define fe64_mul121666 x25519_fe64_mul121666 -# define fe64_add x25519_fe64_add -# define fe64_sub x25519_fe64_sub -# define fe64_tobytes x25519_fe64_tobytes - -static uint64_t load_8(const uint8_t *in) -{ - uint64_t result; - - result = in[0]; - result |= ((uint64_t)in[1]) << 8; - result |= ((uint64_t)in[2]) << 16; - result |= ((uint64_t)in[3]) << 24; - result |= ((uint64_t)in[4]) << 32; - result |= ((uint64_t)in[5]) << 40; - result |= ((uint64_t)in[6]) << 48; - result |= ((uint64_t)in[7]) << 56; - - return result; -} - -static void fe64_frombytes(fe64 h, const uint8_t *s) -{ - h[0] = load_8(s); - h[1] = load_8(s + 8); - h[2] = load_8(s + 16); - h[3] = load_8(s + 24) & 0x7fffffffffffffff; -} - -static void fe64_0(fe64 h) -{ - h[0] = 0; - h[1] = 0; - h[2] = 0; - h[3] = 0; -} - -static void fe64_1(fe64 h) -{ - h[0] = 1; - h[1] = 0; - h[2] = 0; - h[3] = 0; -} - -static void fe64_copy(fe64 h, const fe64 f) -{ - h[0] = f[0]; - h[1] = f[1]; - h[2] = f[2]; - h[3] = f[3]; -} - -static void fe64_cswap(fe64 f, fe64 g, unsigned int b) -{ - int i; - uint64_t mask = 0 - (uint64_t)b; - - for (i = 0; i < 4; i++) { - uint64_t x = f[i] ^ g[i]; - x &= mask; - f[i] ^= x; - g[i] ^= x; - } -} - -static void fe64_invert(fe64 out, const fe64 z) -{ - fe64 t0; - fe64 t1; - fe64 t2; - fe64 t3; - int i; - - /* - * Compute z ** -1 = z ** (2 ** 255 - 19 - 2) with the exponent as - * 2 ** 255 - 21 = (2 ** 5) * (2 ** 250 - 1) + 11. - */ - - /* t0 = z ** 2 */ - fe64_sqr(t0, z); - - /* t1 = t0 ** (2 ** 2) = z ** 8 */ - fe64_sqr(t1, t0); - fe64_sqr(t1, t1); - - /* t1 = z * t1 = z ** 9 */ - fe64_mul(t1, z, t1); - /* t0 = t0 * t1 = z ** 11 -- stash t0 away for the end. */ - fe64_mul(t0, t0, t1); - - /* t2 = t0 ** 2 = z ** 22 */ - fe64_sqr(t2, t0); - - /* t1 = t1 * t2 = z ** (2 ** 5 - 1) */ - fe64_mul(t1, t1, t2); - - /* t2 = t1 ** (2 ** 5) = z ** ((2 ** 5) * (2 ** 5 - 1)) */ - fe64_sqr(t2, t1); - for (i = 1; i < 5; ++i) - fe64_sqr(t2, t2); - - /* t1 = t1 * t2 = z ** ((2 ** 5 + 1) * (2 ** 5 - 1)) = z ** (2 ** 10 - 1) */ - fe64_mul(t1, t2, t1); - - /* Continuing similarly... */ - - /* t2 = z ** (2 ** 20 - 1) */ - fe64_sqr(t2, t1); - for (i = 1; i < 10; ++i) - fe64_sqr(t2, t2); - - fe64_mul(t2, t2, t1); - - /* t2 = z ** (2 ** 40 - 1) */ - fe64_sqr(t3, t2); - for (i = 1; i < 20; ++i) - fe64_sqr(t3, t3); - - fe64_mul(t2, t3, t2); - - /* t2 = z ** (2 ** 10) * (2 ** 40 - 1) */ - for (i = 0; i < 10; ++i) - fe64_sqr(t2, t2); - - /* t1 = z ** (2 ** 50 - 1) */ - fe64_mul(t1, t2, t1); - - /* t2 = z ** (2 ** 100 - 1) */ - fe64_sqr(t2, t1); - for (i = 1; i < 50; ++i) - fe64_sqr(t2, t2); - - fe64_mul(t2, t2, t1); - - /* t2 = z ** (2 ** 200 - 1) */ - fe64_sqr(t3, t2); - for (i = 1; i < 100; ++i) - fe64_sqr(t3, t3); - - fe64_mul(t2, t3, t2); - - /* t2 = z ** ((2 ** 50) * (2 ** 200 - 1) */ - for (i = 0; i < 50; ++i) - fe64_sqr(t2, t2); - - /* t1 = z ** (2 ** 250 - 1) */ - fe64_mul(t1, t2, t1); - - /* t1 = z ** ((2 ** 5) * (2 ** 250 - 1)) */ - for (i = 0; i < 5; ++i) - fe64_sqr(t1, t1); - - /* Recall t0 = z ** 11; out = z ** (2 ** 255 - 21) */ - fe64_mul(out, t1, t0); -} - -/* - * Duplicate of original x25519_scalar_mult_generic, but using - * fe64_* subroutines. - */ -static void x25519_scalar_mulx(uint8_t out[32], const uint8_t scalar[32], - const uint8_t point[32]) -{ - fe64 x1, x2, z2, x3, z3, tmp0, tmp1; - uint8_t e[32]; - unsigned swap = 0; - int pos; - - memcpy(e, scalar, 32); - e[0] &= 0xf8; - e[31] &= 0x7f; - e[31] |= 0x40; - fe64_frombytes(x1, point); - fe64_1(x2); - fe64_0(z2); - fe64_copy(x3, x1); - fe64_1(z3); - - for (pos = 254; pos >= 0; --pos) { - unsigned int b = 1 & (e[pos / 8] >> (pos & 7)); - - swap ^= b; - fe64_cswap(x2, x3, swap); - fe64_cswap(z2, z3, swap); - swap = b; - fe64_sub(tmp0, x3, z3); - fe64_sub(tmp1, x2, z2); - fe64_add(x2, x2, z2); - fe64_add(z2, x3, z3); - fe64_mul(z3, x2, tmp0); - fe64_mul(z2, z2, tmp1); - fe64_sqr(tmp0, tmp1); - fe64_sqr(tmp1, x2); - fe64_add(x3, z3, z2); - fe64_sub(z2, z3, z2); - fe64_mul(x2, tmp1, tmp0); - fe64_sub(tmp1, tmp1, tmp0); - fe64_sqr(z2, z2); - fe64_mul121666(z3, tmp1); - fe64_sqr(x3, x3); - fe64_add(tmp0, tmp0, z3); - fe64_mul(z3, x1, z2); - fe64_mul(z2, tmp1, tmp0); - } - - fe64_invert(z2, z2); - fe64_mul(x2, x2, z2); - fe64_tobytes(out, x2); - - OPENSSL_cleanse(e, sizeof(e)); -} -#endif - -#if defined(X25519_ASM) \ - || ( defined(INT128_MAX) \ - && !defined(__sparc__) \ - && (!defined(__SIZEOF_LONG__) || (__SIZEOF_LONG__ == 8)) \ - && !(defined(__ANDROID__) && !defined(__clang__)) ) -/* - * Base 2^51 implementation. It's virtually no different from reference - * base 2^25.5 implementation in respect to lax boundary conditions for - * intermediate values and even individual limbs. So that whatever you - * know about the reference, applies even here... - */ -# define BASE_2_51_IMPLEMENTED - -typedef uint64_t fe51[5]; - -static const uint64_t MASK51 = 0x7ffffffffffff; - -static uint64_t load_7(const uint8_t *in) -{ - uint64_t result; - - result = in[0]; - result |= ((uint64_t)in[1]) << 8; - result |= ((uint64_t)in[2]) << 16; - result |= ((uint64_t)in[3]) << 24; - result |= ((uint64_t)in[4]) << 32; - result |= ((uint64_t)in[5]) << 40; - result |= ((uint64_t)in[6]) << 48; - - return result; -} - -static uint64_t load_6(const uint8_t *in) -{ - uint64_t result; - - result = in[0]; - result |= ((uint64_t)in[1]) << 8; - result |= ((uint64_t)in[2]) << 16; - result |= ((uint64_t)in[3]) << 24; - result |= ((uint64_t)in[4]) << 32; - result |= ((uint64_t)in[5]) << 40; - - return result; -} - -static void fe51_frombytes(fe51 h, const uint8_t *s) -{ - uint64_t h0 = load_7(s); /* 56 bits */ - uint64_t h1 = load_6(s + 7) << 5; /* 53 bits */ - uint64_t h2 = load_7(s + 13) << 2; /* 58 bits */ - uint64_t h3 = load_6(s + 20) << 7; /* 55 bits */ - uint64_t h4 = (load_6(s + 26) & 0x7fffffffffff) << 4; /* 51 bits */ - - h1 |= h0 >> 51; h0 &= MASK51; - h2 |= h1 >> 51; h1 &= MASK51; - h3 |= h2 >> 51; h2 &= MASK51; - h4 |= h3 >> 51; h3 &= MASK51; - - h[0] = h0; - h[1] = h1; - h[2] = h2; - h[3] = h3; - h[4] = h4; -} - -static void fe51_tobytes(uint8_t *s, const fe51 h) -{ - uint64_t h0 = h[0]; - uint64_t h1 = h[1]; - uint64_t h2 = h[2]; - uint64_t h3 = h[3]; - uint64_t h4 = h[4]; - uint64_t q; - - /* compare to modulus */ - q = (h0 + 19) >> 51; - q = (h1 + q) >> 51; - q = (h2 + q) >> 51; - q = (h3 + q) >> 51; - q = (h4 + q) >> 51; - - /* full reduce */ - h0 += 19 * q; - h1 += h0 >> 51; h0 &= MASK51; - h2 += h1 >> 51; h1 &= MASK51; - h3 += h2 >> 51; h2 &= MASK51; - h4 += h3 >> 51; h3 &= MASK51; - h4 &= MASK51; - - /* smash */ - s[0] = (uint8_t)(h0 >> 0); - s[1] = (uint8_t)(h0 >> 8); - s[2] = (uint8_t)(h0 >> 16); - s[3] = (uint8_t)(h0 >> 24); - s[4] = (uint8_t)(h0 >> 32); - s[5] = (uint8_t)(h0 >> 40); - s[6] = (uint8_t)((h0 >> 48) | ((uint32_t)h1 << 3)); - s[7] = (uint8_t)(h1 >> 5); - s[8] = (uint8_t)(h1 >> 13); - s[9] = (uint8_t)(h1 >> 21); - s[10] = (uint8_t)(h1 >> 29); - s[11] = (uint8_t)(h1 >> 37); - s[12] = (uint8_t)((h1 >> 45) | ((uint32_t)h2 << 6)); - s[13] = (uint8_t)(h2 >> 2); - s[14] = (uint8_t)(h2 >> 10); - s[15] = (uint8_t)(h2 >> 18); - s[16] = (uint8_t)(h2 >> 26); - s[17] = (uint8_t)(h2 >> 34); - s[18] = (uint8_t)(h2 >> 42); - s[19] = (uint8_t)((h2 >> 50) | ((uint32_t)h3 << 1)); - s[20] = (uint8_t)(h3 >> 7); - s[21] = (uint8_t)(h3 >> 15); - s[22] = (uint8_t)(h3 >> 23); - s[23] = (uint8_t)(h3 >> 31); - s[24] = (uint8_t)(h3 >> 39); - s[25] = (uint8_t)((h3 >> 47) | ((uint32_t)h4 << 4)); - s[26] = (uint8_t)(h4 >> 4); - s[27] = (uint8_t)(h4 >> 12); - s[28] = (uint8_t)(h4 >> 20); - s[29] = (uint8_t)(h4 >> 28); - s[30] = (uint8_t)(h4 >> 36); - s[31] = (uint8_t)(h4 >> 44); -} - -# if defined(X25519_ASM) -void x25519_fe51_mul(fe51 h, const fe51 f, const fe51 g); -void x25519_fe51_sqr(fe51 h, const fe51 f); -void x25519_fe51_mul121666(fe51 h, fe51 f); -# define fe51_mul x25519_fe51_mul -# define fe51_sq x25519_fe51_sqr -# define fe51_mul121666 x25519_fe51_mul121666 -# else - -typedef uint128_t u128; - -static void fe51_mul(fe51 h, const fe51 f, const fe51 g) -{ - u128 h0, h1, h2, h3, h4; - uint64_t f_i, g0, g1, g2, g3, g4; - - f_i = f[0]; - h0 = (u128)f_i * (g0 = g[0]); - h1 = (u128)f_i * (g1 = g[1]); - h2 = (u128)f_i * (g2 = g[2]); - h3 = (u128)f_i * (g3 = g[3]); - h4 = (u128)f_i * (g4 = g[4]); - - f_i = f[1]; - h0 += (u128)f_i * (g4 *= 19); - h1 += (u128)f_i * g0; - h2 += (u128)f_i * g1; - h3 += (u128)f_i * g2; - h4 += (u128)f_i * g3; - - f_i = f[2]; - h0 += (u128)f_i * (g3 *= 19); - h1 += (u128)f_i * g4; - h2 += (u128)f_i * g0; - h3 += (u128)f_i * g1; - h4 += (u128)f_i * g2; - - f_i = f[3]; - h0 += (u128)f_i * (g2 *= 19); - h1 += (u128)f_i * g3; - h2 += (u128)f_i * g4; - h3 += (u128)f_i * g0; - h4 += (u128)f_i * g1; - - f_i = f[4]; - h0 += (u128)f_i * (g1 *= 19); - h1 += (u128)f_i * g2; - h2 += (u128)f_i * g3; - h3 += (u128)f_i * g4; - h4 += (u128)f_i * g0; - - /* partial [lazy] reduction */ - h3 += (uint64_t)(h2 >> 51); g2 = (uint64_t)h2 & MASK51; - h1 += (uint64_t)(h0 >> 51); g0 = (uint64_t)h0 & MASK51; - - h4 += (uint64_t)(h3 >> 51); g3 = (uint64_t)h3 & MASK51; - g2 += (uint64_t)(h1 >> 51); g1 = (uint64_t)h1 & MASK51; - - g0 += (uint64_t)(h4 >> 51) * 19; g4 = (uint64_t)h4 & MASK51; - g3 += g2 >> 51; g2 &= MASK51; - g1 += g0 >> 51; g0 &= MASK51; - - h[0] = g0; - h[1] = g1; - h[2] = g2; - h[3] = g3; - h[4] = g4; -} - -static void fe51_sq(fe51 h, const fe51 f) -{ -# if defined(OPENSSL_SMALL_FOOTPRINT) - fe51_mul(h, f, f); -# else - /* dedicated squaring gives 16-25% overall improvement */ - uint64_t g0 = f[0]; - uint64_t g1 = f[1]; - uint64_t g2 = f[2]; - uint64_t g3 = f[3]; - uint64_t g4 = f[4]; - u128 h0, h1, h2, h3, h4; - - h0 = (u128)g0 * g0; g0 *= 2; - h1 = (u128)g0 * g1; - h2 = (u128)g0 * g2; - h3 = (u128)g0 * g3; - h4 = (u128)g0 * g4; - - g0 = g4; /* borrow g0 */ - h3 += (u128)g0 * (g4 *= 19); - - h2 += (u128)g1 * g1; g1 *= 2; - h3 += (u128)g1 * g2; - h4 += (u128)g1 * g3; - h0 += (u128)g1 * g4; - - g0 = g3; /* borrow g0 */ - h1 += (u128)g0 * (g3 *= 19); - h2 += (u128)(g0 * 2) * g4; - - h4 += (u128)g2 * g2; g2 *= 2; - h0 += (u128)g2 * g3; - h1 += (u128)g2 * g4; - - /* partial [lazy] reduction */ - h3 += (uint64_t)(h2 >> 51); g2 = (uint64_t)h2 & MASK51; - h1 += (uint64_t)(h0 >> 51); g0 = (uint64_t)h0 & MASK51; - - h4 += (uint64_t)(h3 >> 51); g3 = (uint64_t)h3 & MASK51; - g2 += (uint64_t)(h1 >> 51); g1 = (uint64_t)h1 & MASK51; - - g0 += (uint64_t)(h4 >> 51) * 19; g4 = (uint64_t)h4 & MASK51; - g3 += g2 >> 51; g2 &= MASK51; - g1 += g0 >> 51; g0 &= MASK51; - - h[0] = g0; - h[1] = g1; - h[2] = g2; - h[3] = g3; - h[4] = g4; -# endif -} - -static void fe51_mul121666(fe51 h, fe51 f) -{ - u128 h0 = f[0] * (u128)121666; - u128 h1 = f[1] * (u128)121666; - u128 h2 = f[2] * (u128)121666; - u128 h3 = f[3] * (u128)121666; - u128 h4 = f[4] * (u128)121666; - uint64_t g0, g1, g2, g3, g4; - - h3 += (uint64_t)(h2 >> 51); g2 = (uint64_t)h2 & MASK51; - h1 += (uint64_t)(h0 >> 51); g0 = (uint64_t)h0 & MASK51; - - h4 += (uint64_t)(h3 >> 51); g3 = (uint64_t)h3 & MASK51; - g2 += (uint64_t)(h1 >> 51); g1 = (uint64_t)h1 & MASK51; - - g0 += (uint64_t)(h4 >> 51) * 19; g4 = (uint64_t)h4 & MASK51; - g3 += g2 >> 51; g2 &= MASK51; - g1 += g0 >> 51; g0 &= MASK51; - - h[0] = g0; - h[1] = g1; - h[2] = g2; - h[3] = g3; - h[4] = g4; -} -# endif - -static void fe51_add(fe51 h, const fe51 f, const fe51 g) -{ - h[0] = f[0] + g[0]; - h[1] = f[1] + g[1]; - h[2] = f[2] + g[2]; - h[3] = f[3] + g[3]; - h[4] = f[4] + g[4]; -} - -static void fe51_sub(fe51 h, const fe51 f, const fe51 g) -{ - /* - * Add 2*modulus to ensure that result remains positive - * even if subtrahend is partially reduced. - */ - h[0] = (f[0] + 0xfffffffffffda) - g[0]; - h[1] = (f[1] + 0xffffffffffffe) - g[1]; - h[2] = (f[2] + 0xffffffffffffe) - g[2]; - h[3] = (f[3] + 0xffffffffffffe) - g[3]; - h[4] = (f[4] + 0xffffffffffffe) - g[4]; -} - -static void fe51_0(fe51 h) -{ - h[0] = 0; - h[1] = 0; - h[2] = 0; - h[3] = 0; - h[4] = 0; -} - -static void fe51_1(fe51 h) -{ - h[0] = 1; - h[1] = 0; - h[2] = 0; - h[3] = 0; - h[4] = 0; -} - -static void fe51_copy(fe51 h, const fe51 f) -{ - h[0] = f[0]; - h[1] = f[1]; - h[2] = f[2]; - h[3] = f[3]; - h[4] = f[4]; -} - -static void fe51_cswap(fe51 f, fe51 g, unsigned int b) -{ - int i; - uint64_t mask = 0 - (uint64_t)b; - - for (i = 0; i < 5; i++) { - int64_t x = f[i] ^ g[i]; - x &= mask; - f[i] ^= x; - g[i] ^= x; - } -} - -static void fe51_invert(fe51 out, const fe51 z) -{ - fe51 t0; - fe51 t1; - fe51 t2; - fe51 t3; - int i; - - /* - * Compute z ** -1 = z ** (2 ** 255 - 19 - 2) with the exponent as - * 2 ** 255 - 21 = (2 ** 5) * (2 ** 250 - 1) + 11. - */ - - /* t0 = z ** 2 */ - fe51_sq(t0, z); - - /* t1 = t0 ** (2 ** 2) = z ** 8 */ - fe51_sq(t1, t0); - fe51_sq(t1, t1); - - /* t1 = z * t1 = z ** 9 */ - fe51_mul(t1, z, t1); - /* t0 = t0 * t1 = z ** 11 -- stash t0 away for the end. */ - fe51_mul(t0, t0, t1); - - /* t2 = t0 ** 2 = z ** 22 */ - fe51_sq(t2, t0); - - /* t1 = t1 * t2 = z ** (2 ** 5 - 1) */ - fe51_mul(t1, t1, t2); - - /* t2 = t1 ** (2 ** 5) = z ** ((2 ** 5) * (2 ** 5 - 1)) */ - fe51_sq(t2, t1); - for (i = 1; i < 5; ++i) - fe51_sq(t2, t2); - - /* t1 = t1 * t2 = z ** ((2 ** 5 + 1) * (2 ** 5 - 1)) = z ** (2 ** 10 - 1) */ - fe51_mul(t1, t2, t1); - - /* Continuing similarly... */ - - /* t2 = z ** (2 ** 20 - 1) */ - fe51_sq(t2, t1); - for (i = 1; i < 10; ++i) - fe51_sq(t2, t2); - - fe51_mul(t2, t2, t1); - - /* t2 = z ** (2 ** 40 - 1) */ - fe51_sq(t3, t2); - for (i = 1; i < 20; ++i) - fe51_sq(t3, t3); - - fe51_mul(t2, t3, t2); - - /* t2 = z ** (2 ** 10) * (2 ** 40 - 1) */ - for (i = 0; i < 10; ++i) - fe51_sq(t2, t2); - - /* t1 = z ** (2 ** 50 - 1) */ - fe51_mul(t1, t2, t1); - - /* t2 = z ** (2 ** 100 - 1) */ - fe51_sq(t2, t1); - for (i = 1; i < 50; ++i) - fe51_sq(t2, t2); - - fe51_mul(t2, t2, t1); - - /* t2 = z ** (2 ** 200 - 1) */ - fe51_sq(t3, t2); - for (i = 1; i < 100; ++i) - fe51_sq(t3, t3); - - fe51_mul(t2, t3, t2); - - /* t2 = z ** ((2 ** 50) * (2 ** 200 - 1) */ - for (i = 0; i < 50; ++i) - fe51_sq(t2, t2); - - /* t1 = z ** (2 ** 250 - 1) */ - fe51_mul(t1, t2, t1); - - /* t1 = z ** ((2 ** 5) * (2 ** 250 - 1)) */ - for (i = 0; i < 5; ++i) - fe51_sq(t1, t1); - - /* Recall t0 = z ** 11; out = z ** (2 ** 255 - 21) */ - fe51_mul(out, t1, t0); -} - -/* - * Duplicate of original x25519_scalar_mult_generic, but using - * fe51_* subroutines. - */ -static void x25519_scalar_mult(uint8_t out[32], const uint8_t scalar[32], - const uint8_t point[32]) -{ - fe51 x1, x2, z2, x3, z3, tmp0, tmp1; - uint8_t e[32]; - unsigned swap = 0; - int pos; - -# ifdef BASE_2_64_IMPLEMENTED - if (x25519_fe64_eligible()) { - x25519_scalar_mulx(out, scalar, point); - return; - } -# endif - - memcpy(e, scalar, 32); - e[0] &= 0xf8; - e[31] &= 0x7f; - e[31] |= 0x40; - fe51_frombytes(x1, point); - fe51_1(x2); - fe51_0(z2); - fe51_copy(x3, x1); - fe51_1(z3); - - for (pos = 254; pos >= 0; --pos) { - unsigned int b = 1 & (e[pos / 8] >> (pos & 7)); - - swap ^= b; - fe51_cswap(x2, x3, swap); - fe51_cswap(z2, z3, swap); - swap = b; - fe51_sub(tmp0, x3, z3); - fe51_sub(tmp1, x2, z2); - fe51_add(x2, x2, z2); - fe51_add(z2, x3, z3); - fe51_mul(z3, tmp0, x2); - fe51_mul(z2, z2, tmp1); - fe51_sq(tmp0, tmp1); - fe51_sq(tmp1, x2); - fe51_add(x3, z3, z2); - fe51_sub(z2, z3, z2); - fe51_mul(x2, tmp1, tmp0); - fe51_sub(tmp1, tmp1, tmp0); - fe51_sq(z2, z2); - fe51_mul121666(z3, tmp1); - fe51_sq(x3, x3); - fe51_add(tmp0, tmp0, z3); - fe51_mul(z3, x1, z2); - fe51_mul(z2, tmp1, tmp0); - } - - fe51_invert(z2, z2); - fe51_mul(x2, x2, z2); - fe51_tobytes(out, x2); - - OPENSSL_cleanse(e, sizeof(e)); -} -#endif - -/* - * Reference base 2^25.5 implementation. - * - * This code is mostly taken from the ref10 version of Ed25519 in SUPERCOP - * 20141124 (http://bench.cr.yp.to/supercop.html). - * - * The field functions are shared by Ed25519 and X25519 where possible. - */ - -/* - * fe means field element. Here the field is \Z/(2^255-19). An element t, - * entries t[0]...t[9], represents the integer t[0]+2^26 t[1]+2^51 t[2]+2^77 - * t[3]+2^102 t[4]+...+2^230 t[9]. Bounds on each t[i] vary depending on - * context. - */ -typedef int32_t fe[10]; - -static const int64_t kBottom21Bits = 0x1fffffLL; -static const int64_t kBottom25Bits = 0x1ffffffLL; -static const int64_t kBottom26Bits = 0x3ffffffLL; -static const int64_t kTop39Bits = 0xfffffffffe000000LL; -static const int64_t kTop38Bits = 0xfffffffffc000000LL; - -static uint64_t load_3(const uint8_t *in) -{ - uint64_t result; - - result = ((uint64_t)in[0]); - result |= ((uint64_t)in[1]) << 8; - result |= ((uint64_t)in[2]) << 16; - return result; -} - -static uint64_t load_4(const uint8_t *in) -{ - uint64_t result; - - result = ((uint64_t)in[0]); - result |= ((uint64_t)in[1]) << 8; - result |= ((uint64_t)in[2]) << 16; - result |= ((uint64_t)in[3]) << 24; - return result; -} - -static void fe_frombytes(fe h, const uint8_t *s) -{ - /* Ignores top bit of h. */ - int64_t h0 = load_4(s); - int64_t h1 = load_3(s + 4) << 6; - int64_t h2 = load_3(s + 7) << 5; - int64_t h3 = load_3(s + 10) << 3; - int64_t h4 = load_3(s + 13) << 2; - int64_t h5 = load_4(s + 16); - int64_t h6 = load_3(s + 20) << 7; - int64_t h7 = load_3(s + 23) << 5; - int64_t h8 = load_3(s + 26) << 4; - int64_t h9 = (load_3(s + 29) & 0x7fffff) << 2; - int64_t carry0; - int64_t carry1; - int64_t carry2; - int64_t carry3; - int64_t carry4; - int64_t carry5; - int64_t carry6; - int64_t carry7; - int64_t carry8; - int64_t carry9; - - carry9 = h9 + (1 << 24); h0 += (carry9 >> 25) * 19; h9 -= carry9 & kTop39Bits; - carry1 = h1 + (1 << 24); h2 += carry1 >> 25; h1 -= carry1 & kTop39Bits; - carry3 = h3 + (1 << 24); h4 += carry3 >> 25; h3 -= carry3 & kTop39Bits; - carry5 = h5 + (1 << 24); h6 += carry5 >> 25; h5 -= carry5 & kTop39Bits; - carry7 = h7 + (1 << 24); h8 += carry7 >> 25; h7 -= carry7 & kTop39Bits; - - carry0 = h0 + (1 << 25); h1 += carry0 >> 26; h0 -= carry0 & kTop38Bits; - carry2 = h2 + (1 << 25); h3 += carry2 >> 26; h2 -= carry2 & kTop38Bits; - carry4 = h4 + (1 << 25); h5 += carry4 >> 26; h4 -= carry4 & kTop38Bits; - carry6 = h6 + (1 << 25); h7 += carry6 >> 26; h6 -= carry6 & kTop38Bits; - carry8 = h8 + (1 << 25); h9 += carry8 >> 26; h8 -= carry8 & kTop38Bits; - - h[0] = (int32_t)h0; - h[1] = (int32_t)h1; - h[2] = (int32_t)h2; - h[3] = (int32_t)h3; - h[4] = (int32_t)h4; - h[5] = (int32_t)h5; - h[6] = (int32_t)h6; - h[7] = (int32_t)h7; - h[8] = (int32_t)h8; - h[9] = (int32_t)h9; -} - -/* - * Preconditions: - * |h| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc. - * - * Write p=2^255-19; q=floor(h/p). - * Basic claim: q = floor(2^(-255)(h + 19 2^(-25)h9 + 2^(-1))). - * - * Proof: - * Have |h|<=p so |q|<=1 so |19^2 2^(-255) q|<1/4. - * Also have |h-2^230 h9|<2^231 so |19 2^(-255)(h-2^230 h9)|<1/4. - * - * Write y=2^(-1)-19^2 2^(-255)q-19 2^(-255)(h-2^230 h9). - * Then 0> 25; - q = (h0 + q) >> 26; - q = (h1 + q) >> 25; - q = (h2 + q) >> 26; - q = (h3 + q) >> 25; - q = (h4 + q) >> 26; - q = (h5 + q) >> 25; - q = (h6 + q) >> 26; - q = (h7 + q) >> 25; - q = (h8 + q) >> 26; - q = (h9 + q) >> 25; - - /* Goal: Output h-(2^255-19)q, which is between 0 and 2^255-20. */ - h0 += 19 * q; - /* Goal: Output h-2^255 q, which is between 0 and 2^255-20. */ - - h1 += h0 >> 26; h0 &= kBottom26Bits; - h2 += h1 >> 25; h1 &= kBottom25Bits; - h3 += h2 >> 26; h2 &= kBottom26Bits; - h4 += h3 >> 25; h3 &= kBottom25Bits; - h5 += h4 >> 26; h4 &= kBottom26Bits; - h6 += h5 >> 25; h5 &= kBottom25Bits; - h7 += h6 >> 26; h6 &= kBottom26Bits; - h8 += h7 >> 25; h7 &= kBottom25Bits; - h9 += h8 >> 26; h8 &= kBottom26Bits; - h9 &= kBottom25Bits; - /* h10 = carry9 */ - - /* - * Goal: Output h0+...+2^255 h10-2^255 q, which is between 0 and 2^255-20. - * Have h0+...+2^230 h9 between 0 and 2^255-1; - * evidently 2^255 h10-2^255 q = 0. - * Goal: Output h0+...+2^230 h9. - */ - s[ 0] = (uint8_t) (h0 >> 0); - s[ 1] = (uint8_t) (h0 >> 8); - s[ 2] = (uint8_t) (h0 >> 16); - s[ 3] = (uint8_t)((h0 >> 24) | ((uint32_t)(h1) << 2)); - s[ 4] = (uint8_t) (h1 >> 6); - s[ 5] = (uint8_t) (h1 >> 14); - s[ 6] = (uint8_t)((h1 >> 22) | ((uint32_t)(h2) << 3)); - s[ 7] = (uint8_t) (h2 >> 5); - s[ 8] = (uint8_t) (h2 >> 13); - s[ 9] = (uint8_t)((h2 >> 21) | ((uint32_t)(h3) << 5)); - s[10] = (uint8_t) (h3 >> 3); - s[11] = (uint8_t) (h3 >> 11); - s[12] = (uint8_t)((h3 >> 19) | ((uint32_t)(h4) << 6)); - s[13] = (uint8_t) (h4 >> 2); - s[14] = (uint8_t) (h4 >> 10); - s[15] = (uint8_t) (h4 >> 18); - s[16] = (uint8_t) (h5 >> 0); - s[17] = (uint8_t) (h5 >> 8); - s[18] = (uint8_t) (h5 >> 16); - s[19] = (uint8_t)((h5 >> 24) | ((uint32_t)(h6) << 1)); - s[20] = (uint8_t) (h6 >> 7); - s[21] = (uint8_t) (h6 >> 15); - s[22] = (uint8_t)((h6 >> 23) | ((uint32_t)(h7) << 3)); - s[23] = (uint8_t) (h7 >> 5); - s[24] = (uint8_t) (h7 >> 13); - s[25] = (uint8_t)((h7 >> 21) | ((uint32_t)(h8) << 4)); - s[26] = (uint8_t) (h8 >> 4); - s[27] = (uint8_t) (h8 >> 12); - s[28] = (uint8_t)((h8 >> 20) | ((uint32_t)(h9) << 6)); - s[29] = (uint8_t) (h9 >> 2); - s[30] = (uint8_t) (h9 >> 10); - s[31] = (uint8_t) (h9 >> 18); -} - -/* h = f */ -static void fe_copy(fe h, const fe f) -{ - memmove(h, f, sizeof(int32_t) * 10); -} - -/* h = 0 */ -static void fe_0(fe h) -{ - memset(h, 0, sizeof(int32_t) * 10); -} - -/* h = 1 */ -static void fe_1(fe h) -{ - memset(h, 0, sizeof(int32_t) * 10); - h[0] = 1; -} - -/* - * h = f + g - * - * Can overlap h with f or g. - * - * Preconditions: - * |f| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc. - * |g| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc. - * - * Postconditions: - * |h| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc. - */ -static void fe_add(fe h, const fe f, const fe g) -{ - unsigned i; - - for (i = 0; i < 10; i++) { - h[i] = f[i] + g[i]; - } -} - -/* - * h = f - g - * - * Can overlap h with f or g. - * - * Preconditions: - * |f| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc. - * |g| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc. - * - * Postconditions: - * |h| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc. - */ -static void fe_sub(fe h, const fe f, const fe g) -{ - unsigned i; - - for (i = 0; i < 10; i++) { - h[i] = f[i] - g[i]; - } -} - -/* - * h = f * g - * - * Can overlap h with f or g. - * - * Preconditions: - * |f| bounded by 1.65*2^26,1.65*2^25,1.65*2^26,1.65*2^25,etc. - * |g| bounded by 1.65*2^26,1.65*2^25,1.65*2^26,1.65*2^25,etc. - * - * Postconditions: - * |h| bounded by 1.01*2^25,1.01*2^24,1.01*2^25,1.01*2^24,etc. - * - * Notes on implementation strategy: - * - * Using schoolbook multiplication. - * Karatsuba would save a little in some cost models. - * - * Most multiplications by 2 and 19 are 32-bit precomputations; - * cheaper than 64-bit postcomputations. - * - * There is one remaining multiplication by 19 in the carry chain; - * one *19 precomputation can be merged into this, - * but the resulting data flow is considerably less clean. - * - * There are 12 carries below. - * 10 of them are 2-way parallelizable and vectorizable. - * Can get away with 11 carries, but then data flow is much deeper. - * - * With tighter constraints on inputs can squeeze carries into int32. - */ -static void fe_mul(fe h, const fe f, const fe g) -{ - int32_t f0 = f[0]; - int32_t f1 = f[1]; - int32_t f2 = f[2]; - int32_t f3 = f[3]; - int32_t f4 = f[4]; - int32_t f5 = f[5]; - int32_t f6 = f[6]; - int32_t f7 = f[7]; - int32_t f8 = f[8]; - int32_t f9 = f[9]; - int32_t g0 = g[0]; - int32_t g1 = g[1]; - int32_t g2 = g[2]; - int32_t g3 = g[3]; - int32_t g4 = g[4]; - int32_t g5 = g[5]; - int32_t g6 = g[6]; - int32_t g7 = g[7]; - int32_t g8 = g[8]; - int32_t g9 = g[9]; - int32_t g1_19 = 19 * g1; /* 1.959375*2^29 */ - int32_t g2_19 = 19 * g2; /* 1.959375*2^30; still ok */ - int32_t g3_19 = 19 * g3; - int32_t g4_19 = 19 * g4; - int32_t g5_19 = 19 * g5; - int32_t g6_19 = 19 * g6; - int32_t g7_19 = 19 * g7; - int32_t g8_19 = 19 * g8; - int32_t g9_19 = 19 * g9; - int32_t f1_2 = 2 * f1; - int32_t f3_2 = 2 * f3; - int32_t f5_2 = 2 * f5; - int32_t f7_2 = 2 * f7; - int32_t f9_2 = 2 * f9; - int64_t f0g0 = f0 * (int64_t) g0; - int64_t f0g1 = f0 * (int64_t) g1; - int64_t f0g2 = f0 * (int64_t) g2; - int64_t f0g3 = f0 * (int64_t) g3; - int64_t f0g4 = f0 * (int64_t) g4; - int64_t f0g5 = f0 * (int64_t) g5; - int64_t f0g6 = f0 * (int64_t) g6; - int64_t f0g7 = f0 * (int64_t) g7; - int64_t f0g8 = f0 * (int64_t) g8; - int64_t f0g9 = f0 * (int64_t) g9; - int64_t f1g0 = f1 * (int64_t) g0; - int64_t f1g1_2 = f1_2 * (int64_t) g1; - int64_t f1g2 = f1 * (int64_t) g2; - int64_t f1g3_2 = f1_2 * (int64_t) g3; - int64_t f1g4 = f1 * (int64_t) g4; - int64_t f1g5_2 = f1_2 * (int64_t) g5; - int64_t f1g6 = f1 * (int64_t) g6; - int64_t f1g7_2 = f1_2 * (int64_t) g7; - int64_t f1g8 = f1 * (int64_t) g8; - int64_t f1g9_38 = f1_2 * (int64_t) g9_19; - int64_t f2g0 = f2 * (int64_t) g0; - int64_t f2g1 = f2 * (int64_t) g1; - int64_t f2g2 = f2 * (int64_t) g2; - int64_t f2g3 = f2 * (int64_t) g3; - int64_t f2g4 = f2 * (int64_t) g4; - int64_t f2g5 = f2 * (int64_t) g5; - int64_t f2g6 = f2 * (int64_t) g6; - int64_t f2g7 = f2 * (int64_t) g7; - int64_t f2g8_19 = f2 * (int64_t) g8_19; - int64_t f2g9_19 = f2 * (int64_t) g9_19; - int64_t f3g0 = f3 * (int64_t) g0; - int64_t f3g1_2 = f3_2 * (int64_t) g1; - int64_t f3g2 = f3 * (int64_t) g2; - int64_t f3g3_2 = f3_2 * (int64_t) g3; - int64_t f3g4 = f3 * (int64_t) g4; - int64_t f3g5_2 = f3_2 * (int64_t) g5; - int64_t f3g6 = f3 * (int64_t) g6; - int64_t f3g7_38 = f3_2 * (int64_t) g7_19; - int64_t f3g8_19 = f3 * (int64_t) g8_19; - int64_t f3g9_38 = f3_2 * (int64_t) g9_19; - int64_t f4g0 = f4 * (int64_t) g0; - int64_t f4g1 = f4 * (int64_t) g1; - int64_t f4g2 = f4 * (int64_t) g2; - int64_t f4g3 = f4 * (int64_t) g3; - int64_t f4g4 = f4 * (int64_t) g4; - int64_t f4g5 = f4 * (int64_t) g5; - int64_t f4g6_19 = f4 * (int64_t) g6_19; - int64_t f4g7_19 = f4 * (int64_t) g7_19; - int64_t f4g8_19 = f4 * (int64_t) g8_19; - int64_t f4g9_19 = f4 * (int64_t) g9_19; - int64_t f5g0 = f5 * (int64_t) g0; - int64_t f5g1_2 = f5_2 * (int64_t) g1; - int64_t f5g2 = f5 * (int64_t) g2; - int64_t f5g3_2 = f5_2 * (int64_t) g3; - int64_t f5g4 = f5 * (int64_t) g4; - int64_t f5g5_38 = f5_2 * (int64_t) g5_19; - int64_t f5g6_19 = f5 * (int64_t) g6_19; - int64_t f5g7_38 = f5_2 * (int64_t) g7_19; - int64_t f5g8_19 = f5 * (int64_t) g8_19; - int64_t f5g9_38 = f5_2 * (int64_t) g9_19; - int64_t f6g0 = f6 * (int64_t) g0; - int64_t f6g1 = f6 * (int64_t) g1; - int64_t f6g2 = f6 * (int64_t) g2; - int64_t f6g3 = f6 * (int64_t) g3; - int64_t f6g4_19 = f6 * (int64_t) g4_19; - int64_t f6g5_19 = f6 * (int64_t) g5_19; - int64_t f6g6_19 = f6 * (int64_t) g6_19; - int64_t f6g7_19 = f6 * (int64_t) g7_19; - int64_t f6g8_19 = f6 * (int64_t) g8_19; - int64_t f6g9_19 = f6 * (int64_t) g9_19; - int64_t f7g0 = f7 * (int64_t) g0; - int64_t f7g1_2 = f7_2 * (int64_t) g1; - int64_t f7g2 = f7 * (int64_t) g2; - int64_t f7g3_38 = f7_2 * (int64_t) g3_19; - int64_t f7g4_19 = f7 * (int64_t) g4_19; - int64_t f7g5_38 = f7_2 * (int64_t) g5_19; - int64_t f7g6_19 = f7 * (int64_t) g6_19; - int64_t f7g7_38 = f7_2 * (int64_t) g7_19; - int64_t f7g8_19 = f7 * (int64_t) g8_19; - int64_t f7g9_38 = f7_2 * (int64_t) g9_19; - int64_t f8g0 = f8 * (int64_t) g0; - int64_t f8g1 = f8 * (int64_t) g1; - int64_t f8g2_19 = f8 * (int64_t) g2_19; - int64_t f8g3_19 = f8 * (int64_t) g3_19; - int64_t f8g4_19 = f8 * (int64_t) g4_19; - int64_t f8g5_19 = f8 * (int64_t) g5_19; - int64_t f8g6_19 = f8 * (int64_t) g6_19; - int64_t f8g7_19 = f8 * (int64_t) g7_19; - int64_t f8g8_19 = f8 * (int64_t) g8_19; - int64_t f8g9_19 = f8 * (int64_t) g9_19; - int64_t f9g0 = f9 * (int64_t) g0; - int64_t f9g1_38 = f9_2 * (int64_t) g1_19; - int64_t f9g2_19 = f9 * (int64_t) g2_19; - int64_t f9g3_38 = f9_2 * (int64_t) g3_19; - int64_t f9g4_19 = f9 * (int64_t) g4_19; - int64_t f9g5_38 = f9_2 * (int64_t) g5_19; - int64_t f9g6_19 = f9 * (int64_t) g6_19; - int64_t f9g7_38 = f9_2 * (int64_t) g7_19; - int64_t f9g8_19 = f9 * (int64_t) g8_19; - int64_t f9g9_38 = f9_2 * (int64_t) g9_19; - int64_t h0 = f0g0 + f1g9_38 + f2g8_19 + f3g7_38 + f4g6_19 + f5g5_38 + f6g4_19 + f7g3_38 + f8g2_19 + f9g1_38; - int64_t h1 = f0g1 + f1g0 + f2g9_19 + f3g8_19 + f4g7_19 + f5g6_19 + f6g5_19 + f7g4_19 + f8g3_19 + f9g2_19; - int64_t h2 = f0g2 + f1g1_2 + f2g0 + f3g9_38 + f4g8_19 + f5g7_38 + f6g6_19 + f7g5_38 + f8g4_19 + f9g3_38; - int64_t h3 = f0g3 + f1g2 + f2g1 + f3g0 + f4g9_19 + f5g8_19 + f6g7_19 + f7g6_19 + f8g5_19 + f9g4_19; - int64_t h4 = f0g4 + f1g3_2 + f2g2 + f3g1_2 + f4g0 + f5g9_38 + f6g8_19 + f7g7_38 + f8g6_19 + f9g5_38; - int64_t h5 = f0g5 + f1g4 + f2g3 + f3g2 + f4g1 + f5g0 + f6g9_19 + f7g8_19 + f8g7_19 + f9g6_19; - int64_t h6 = f0g6 + f1g5_2 + f2g4 + f3g3_2 + f4g2 + f5g1_2 + f6g0 + f7g9_38 + f8g8_19 + f9g7_38; - int64_t h7 = f0g7 + f1g6 + f2g5 + f3g4 + f4g3 + f5g2 + f6g1 + f7g0 + f8g9_19 + f9g8_19; - int64_t h8 = f0g8 + f1g7_2 + f2g6 + f3g5_2 + f4g4 + f5g3_2 + f6g2 + f7g1_2 + f8g0 + f9g9_38; - int64_t h9 = f0g9 + f1g8 + f2g7 + f3g6 + f4g5 + f5g4 + f6g3 + f7g2 + f8g1 + f9g0 ; - int64_t carry0; - int64_t carry1; - int64_t carry2; - int64_t carry3; - int64_t carry4; - int64_t carry5; - int64_t carry6; - int64_t carry7; - int64_t carry8; - int64_t carry9; - - /* |h0| <= (1.65*1.65*2^52*(1+19+19+19+19)+1.65*1.65*2^50*(38+38+38+38+38)) - * i.e. |h0| <= 1.4*2^60; narrower ranges for h2, h4, h6, h8 - * |h1| <= (1.65*1.65*2^51*(1+1+19+19+19+19+19+19+19+19)) - * i.e. |h1| <= 1.7*2^59; narrower ranges for h3, h5, h7, h9 */ - - carry0 = h0 + (1 << 25); h1 += carry0 >> 26; h0 -= carry0 & kTop38Bits; - carry4 = h4 + (1 << 25); h5 += carry4 >> 26; h4 -= carry4 & kTop38Bits; - /* |h0| <= 2^25 */ - /* |h4| <= 2^25 */ - /* |h1| <= 1.71*2^59 */ - /* |h5| <= 1.71*2^59 */ - - carry1 = h1 + (1 << 24); h2 += carry1 >> 25; h1 -= carry1 & kTop39Bits; - carry5 = h5 + (1 << 24); h6 += carry5 >> 25; h5 -= carry5 & kTop39Bits; - /* |h1| <= 2^24; from now on fits into int32 */ - /* |h5| <= 2^24; from now on fits into int32 */ - /* |h2| <= 1.41*2^60 */ - /* |h6| <= 1.41*2^60 */ - - carry2 = h2 + (1 << 25); h3 += carry2 >> 26; h2 -= carry2 & kTop38Bits; - carry6 = h6 + (1 << 25); h7 += carry6 >> 26; h6 -= carry6 & kTop38Bits; - /* |h2| <= 2^25; from now on fits into int32 unchanged */ - /* |h6| <= 2^25; from now on fits into int32 unchanged */ - /* |h3| <= 1.71*2^59 */ - /* |h7| <= 1.71*2^59 */ - - carry3 = h3 + (1 << 24); h4 += carry3 >> 25; h3 -= carry3 & kTop39Bits; - carry7 = h7 + (1 << 24); h8 += carry7 >> 25; h7 -= carry7 & kTop39Bits; - /* |h3| <= 2^24; from now on fits into int32 unchanged */ - /* |h7| <= 2^24; from now on fits into int32 unchanged */ - /* |h4| <= 1.72*2^34 */ - /* |h8| <= 1.41*2^60 */ - - carry4 = h4 + (1 << 25); h5 += carry4 >> 26; h4 -= carry4 & kTop38Bits; - carry8 = h8 + (1 << 25); h9 += carry8 >> 26; h8 -= carry8 & kTop38Bits; - /* |h4| <= 2^25; from now on fits into int32 unchanged */ - /* |h8| <= 2^25; from now on fits into int32 unchanged */ - /* |h5| <= 1.01*2^24 */ - /* |h9| <= 1.71*2^59 */ - - carry9 = h9 + (1 << 24); h0 += (carry9 >> 25) * 19; h9 -= carry9 & kTop39Bits; - /* |h9| <= 2^24; from now on fits into int32 unchanged */ - /* |h0| <= 1.1*2^39 */ - - carry0 = h0 + (1 << 25); h1 += carry0 >> 26; h0 -= carry0 & kTop38Bits; - /* |h0| <= 2^25; from now on fits into int32 unchanged */ - /* |h1| <= 1.01*2^24 */ - - h[0] = (int32_t)h0; - h[1] = (int32_t)h1; - h[2] = (int32_t)h2; - h[3] = (int32_t)h3; - h[4] = (int32_t)h4; - h[5] = (int32_t)h5; - h[6] = (int32_t)h6; - h[7] = (int32_t)h7; - h[8] = (int32_t)h8; - h[9] = (int32_t)h9; -} - -/* - * h = f * f - * - * Can overlap h with f. - * - * Preconditions: - * |f| bounded by 1.65*2^26,1.65*2^25,1.65*2^26,1.65*2^25,etc. - * - * Postconditions: - * |h| bounded by 1.01*2^25,1.01*2^24,1.01*2^25,1.01*2^24,etc. - * - * See fe_mul.c for discussion of implementation strategy. - */ -static void fe_sq(fe h, const fe f) -{ - int32_t f0 = f[0]; - int32_t f1 = f[1]; - int32_t f2 = f[2]; - int32_t f3 = f[3]; - int32_t f4 = f[4]; - int32_t f5 = f[5]; - int32_t f6 = f[6]; - int32_t f7 = f[7]; - int32_t f8 = f[8]; - int32_t f9 = f[9]; - int32_t f0_2 = 2 * f0; - int32_t f1_2 = 2 * f1; - int32_t f2_2 = 2 * f2; - int32_t f3_2 = 2 * f3; - int32_t f4_2 = 2 * f4; - int32_t f5_2 = 2 * f5; - int32_t f6_2 = 2 * f6; - int32_t f7_2 = 2 * f7; - int32_t f5_38 = 38 * f5; /* 1.959375*2^30 */ - int32_t f6_19 = 19 * f6; /* 1.959375*2^30 */ - int32_t f7_38 = 38 * f7; /* 1.959375*2^30 */ - int32_t f8_19 = 19 * f8; /* 1.959375*2^30 */ - int32_t f9_38 = 38 * f9; /* 1.959375*2^30 */ - int64_t f0f0 = f0 * (int64_t) f0; - int64_t f0f1_2 = f0_2 * (int64_t) f1; - int64_t f0f2_2 = f0_2 * (int64_t) f2; - int64_t f0f3_2 = f0_2 * (int64_t) f3; - int64_t f0f4_2 = f0_2 * (int64_t) f4; - int64_t f0f5_2 = f0_2 * (int64_t) f5; - int64_t f0f6_2 = f0_2 * (int64_t) f6; - int64_t f0f7_2 = f0_2 * (int64_t) f7; - int64_t f0f8_2 = f0_2 * (int64_t) f8; - int64_t f0f9_2 = f0_2 * (int64_t) f9; - int64_t f1f1_2 = f1_2 * (int64_t) f1; - int64_t f1f2_2 = f1_2 * (int64_t) f2; - int64_t f1f3_4 = f1_2 * (int64_t) f3_2; - int64_t f1f4_2 = f1_2 * (int64_t) f4; - int64_t f1f5_4 = f1_2 * (int64_t) f5_2; - int64_t f1f6_2 = f1_2 * (int64_t) f6; - int64_t f1f7_4 = f1_2 * (int64_t) f7_2; - int64_t f1f8_2 = f1_2 * (int64_t) f8; - int64_t f1f9_76 = f1_2 * (int64_t) f9_38; - int64_t f2f2 = f2 * (int64_t) f2; - int64_t f2f3_2 = f2_2 * (int64_t) f3; - int64_t f2f4_2 = f2_2 * (int64_t) f4; - int64_t f2f5_2 = f2_2 * (int64_t) f5; - int64_t f2f6_2 = f2_2 * (int64_t) f6; - int64_t f2f7_2 = f2_2 * (int64_t) f7; - int64_t f2f8_38 = f2_2 * (int64_t) f8_19; - int64_t f2f9_38 = f2 * (int64_t) f9_38; - int64_t f3f3_2 = f3_2 * (int64_t) f3; - int64_t f3f4_2 = f3_2 * (int64_t) f4; - int64_t f3f5_4 = f3_2 * (int64_t) f5_2; - int64_t f3f6_2 = f3_2 * (int64_t) f6; - int64_t f3f7_76 = f3_2 * (int64_t) f7_38; - int64_t f3f8_38 = f3_2 * (int64_t) f8_19; - int64_t f3f9_76 = f3_2 * (int64_t) f9_38; - int64_t f4f4 = f4 * (int64_t) f4; - int64_t f4f5_2 = f4_2 * (int64_t) f5; - int64_t f4f6_38 = f4_2 * (int64_t) f6_19; - int64_t f4f7_38 = f4 * (int64_t) f7_38; - int64_t f4f8_38 = f4_2 * (int64_t) f8_19; - int64_t f4f9_38 = f4 * (int64_t) f9_38; - int64_t f5f5_38 = f5 * (int64_t) f5_38; - int64_t f5f6_38 = f5_2 * (int64_t) f6_19; - int64_t f5f7_76 = f5_2 * (int64_t) f7_38; - int64_t f5f8_38 = f5_2 * (int64_t) f8_19; - int64_t f5f9_76 = f5_2 * (int64_t) f9_38; - int64_t f6f6_19 = f6 * (int64_t) f6_19; - int64_t f6f7_38 = f6 * (int64_t) f7_38; - int64_t f6f8_38 = f6_2 * (int64_t) f8_19; - int64_t f6f9_38 = f6 * (int64_t) f9_38; - int64_t f7f7_38 = f7 * (int64_t) f7_38; - int64_t f7f8_38 = f7_2 * (int64_t) f8_19; - int64_t f7f9_76 = f7_2 * (int64_t) f9_38; - int64_t f8f8_19 = f8 * (int64_t) f8_19; - int64_t f8f9_38 = f8 * (int64_t) f9_38; - int64_t f9f9_38 = f9 * (int64_t) f9_38; - int64_t h0 = f0f0 + f1f9_76 + f2f8_38 + f3f7_76 + f4f6_38 + f5f5_38; - int64_t h1 = f0f1_2 + f2f9_38 + f3f8_38 + f4f7_38 + f5f6_38; - int64_t h2 = f0f2_2 + f1f1_2 + f3f9_76 + f4f8_38 + f5f7_76 + f6f6_19; - int64_t h3 = f0f3_2 + f1f2_2 + f4f9_38 + f5f8_38 + f6f7_38; - int64_t h4 = f0f4_2 + f1f3_4 + f2f2 + f5f9_76 + f6f8_38 + f7f7_38; - int64_t h5 = f0f5_2 + f1f4_2 + f2f3_2 + f6f9_38 + f7f8_38; - int64_t h6 = f0f6_2 + f1f5_4 + f2f4_2 + f3f3_2 + f7f9_76 + f8f8_19; - int64_t h7 = f0f7_2 + f1f6_2 + f2f5_2 + f3f4_2 + f8f9_38; - int64_t h8 = f0f8_2 + f1f7_4 + f2f6_2 + f3f5_4 + f4f4 + f9f9_38; - int64_t h9 = f0f9_2 + f1f8_2 + f2f7_2 + f3f6_2 + f4f5_2; - int64_t carry0; - int64_t carry1; - int64_t carry2; - int64_t carry3; - int64_t carry4; - int64_t carry5; - int64_t carry6; - int64_t carry7; - int64_t carry8; - int64_t carry9; - - carry0 = h0 + (1 << 25); h1 += carry0 >> 26; h0 -= carry0 & kTop38Bits; - carry4 = h4 + (1 << 25); h5 += carry4 >> 26; h4 -= carry4 & kTop38Bits; - - carry1 = h1 + (1 << 24); h2 += carry1 >> 25; h1 -= carry1 & kTop39Bits; - carry5 = h5 + (1 << 24); h6 += carry5 >> 25; h5 -= carry5 & kTop39Bits; - - carry2 = h2 + (1 << 25); h3 += carry2 >> 26; h2 -= carry2 & kTop38Bits; - carry6 = h6 + (1 << 25); h7 += carry6 >> 26; h6 -= carry6 & kTop38Bits; - - carry3 = h3 + (1 << 24); h4 += carry3 >> 25; h3 -= carry3 & kTop39Bits; - carry7 = h7 + (1 << 24); h8 += carry7 >> 25; h7 -= carry7 & kTop39Bits; - - carry4 = h4 + (1 << 25); h5 += carry4 >> 26; h4 -= carry4 & kTop38Bits; - carry8 = h8 + (1 << 25); h9 += carry8 >> 26; h8 -= carry8 & kTop38Bits; - - carry9 = h9 + (1 << 24); h0 += (carry9 >> 25) * 19; h9 -= carry9 & kTop39Bits; - - carry0 = h0 + (1 << 25); h1 += carry0 >> 26; h0 -= carry0 & kTop38Bits; - - h[0] = (int32_t)h0; - h[1] = (int32_t)h1; - h[2] = (int32_t)h2; - h[3] = (int32_t)h3; - h[4] = (int32_t)h4; - h[5] = (int32_t)h5; - h[6] = (int32_t)h6; - h[7] = (int32_t)h7; - h[8] = (int32_t)h8; - h[9] = (int32_t)h9; -} - -static void fe_invert(fe out, const fe z) -{ - fe t0; - fe t1; - fe t2; - fe t3; - int i; - - /* - * Compute z ** -1 = z ** (2 ** 255 - 19 - 2) with the exponent as - * 2 ** 255 - 21 = (2 ** 5) * (2 ** 250 - 1) + 11. - */ - - /* t0 = z ** 2 */ - fe_sq(t0, z); - - /* t1 = t0 ** (2 ** 2) = z ** 8 */ - fe_sq(t1, t0); - fe_sq(t1, t1); - - /* t1 = z * t1 = z ** 9 */ - fe_mul(t1, z, t1); - /* t0 = t0 * t1 = z ** 11 -- stash t0 away for the end. */ - fe_mul(t0, t0, t1); - - /* t2 = t0 ** 2 = z ** 22 */ - fe_sq(t2, t0); - - /* t1 = t1 * t2 = z ** (2 ** 5 - 1) */ - fe_mul(t1, t1, t2); - - /* t2 = t1 ** (2 ** 5) = z ** ((2 ** 5) * (2 ** 5 - 1)) */ - fe_sq(t2, t1); - for (i = 1; i < 5; ++i) { - fe_sq(t2, t2); - } - - /* t1 = t1 * t2 = z ** ((2 ** 5 + 1) * (2 ** 5 - 1)) = z ** (2 ** 10 - 1) */ - fe_mul(t1, t2, t1); - - /* Continuing similarly... */ - - /* t2 = z ** (2 ** 20 - 1) */ - fe_sq(t2, t1); - for (i = 1; i < 10; ++i) { - fe_sq(t2, t2); - } - fe_mul(t2, t2, t1); - - /* t2 = z ** (2 ** 40 - 1) */ - fe_sq(t3, t2); - for (i = 1; i < 20; ++i) { - fe_sq(t3, t3); - } - fe_mul(t2, t3, t2); - - /* t2 = z ** (2 ** 10) * (2 ** 40 - 1) */ - for (i = 0; i < 10; ++i) { - fe_sq(t2, t2); - } - /* t1 = z ** (2 ** 50 - 1) */ - fe_mul(t1, t2, t1); - - /* t2 = z ** (2 ** 100 - 1) */ - fe_sq(t2, t1); - for (i = 1; i < 50; ++i) { - fe_sq(t2, t2); - } - fe_mul(t2, t2, t1); - - /* t2 = z ** (2 ** 200 - 1) */ - fe_sq(t3, t2); - for (i = 1; i < 100; ++i) { - fe_sq(t3, t3); - } - fe_mul(t2, t3, t2); - - /* t2 = z ** ((2 ** 50) * (2 ** 200 - 1) */ - fe_sq(t2, t2); - for (i = 1; i < 50; ++i) { - fe_sq(t2, t2); - } - - /* t1 = z ** (2 ** 250 - 1) */ - fe_mul(t1, t2, t1); - - /* t1 = z ** ((2 ** 5) * (2 ** 250 - 1)) */ - fe_sq(t1, t1); - for (i = 1; i < 5; ++i) { - fe_sq(t1, t1); - } - - /* Recall t0 = z ** 11; out = z ** (2 ** 255 - 21) */ - fe_mul(out, t1, t0); -} - -/* - * h = -f - * - * Preconditions: - * |f| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc. - * - * Postconditions: - * |h| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc. - */ -static void fe_neg(fe h, const fe f) -{ - unsigned i; - - for (i = 0; i < 10; i++) { - h[i] = -f[i]; - } -} - -/* - * Replace (f,g) with (g,g) if b == 1; - * replace (f,g) with (f,g) if b == 0. - * - * Preconditions: b in {0,1}. - */ -static void fe_cmov(fe f, const fe g, unsigned b) -{ - size_t i; - - b = 0-b; - for (i = 0; i < 10; i++) { - int32_t x = f[i] ^ g[i]; - x &= b; - f[i] ^= x; - } -} - -/* - * return 0 if f == 0 - * return 1 if f != 0 - * - * Preconditions: - * |f| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc. - */ -static int fe_isnonzero(const fe f) -{ - uint8_t s[32]; - static const uint8_t zero[32] = {0}; - - fe_tobytes(s, f); - - return CRYPTO_memcmp(s, zero, sizeof(zero)) != 0; -} - -/* - * return 1 if f is in {1,3,5,...,q-2} - * return 0 if f is in {0,2,4,...,q-1} - * - * Preconditions: - * |f| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc. - */ -static int fe_isnegative(const fe f) -{ - uint8_t s[32]; - - fe_tobytes(s, f); - return s[0] & 1; -} - -/* - * h = 2 * f * f - * - * Can overlap h with f. - * - * Preconditions: - * |f| bounded by 1.65*2^26,1.65*2^25,1.65*2^26,1.65*2^25,etc. - * - * Postconditions: - * |h| bounded by 1.01*2^25,1.01*2^24,1.01*2^25,1.01*2^24,etc. - * - * See fe_mul.c for discussion of implementation strategy. - */ -static void fe_sq2(fe h, const fe f) -{ - int32_t f0 = f[0]; - int32_t f1 = f[1]; - int32_t f2 = f[2]; - int32_t f3 = f[3]; - int32_t f4 = f[4]; - int32_t f5 = f[5]; - int32_t f6 = f[6]; - int32_t f7 = f[7]; - int32_t f8 = f[8]; - int32_t f9 = f[9]; - int32_t f0_2 = 2 * f0; - int32_t f1_2 = 2 * f1; - int32_t f2_2 = 2 * f2; - int32_t f3_2 = 2 * f3; - int32_t f4_2 = 2 * f4; - int32_t f5_2 = 2 * f5; - int32_t f6_2 = 2 * f6; - int32_t f7_2 = 2 * f7; - int32_t f5_38 = 38 * f5; /* 1.959375*2^30 */ - int32_t f6_19 = 19 * f6; /* 1.959375*2^30 */ - int32_t f7_38 = 38 * f7; /* 1.959375*2^30 */ - int32_t f8_19 = 19 * f8; /* 1.959375*2^30 */ - int32_t f9_38 = 38 * f9; /* 1.959375*2^30 */ - int64_t f0f0 = f0 * (int64_t) f0; - int64_t f0f1_2 = f0_2 * (int64_t) f1; - int64_t f0f2_2 = f0_2 * (int64_t) f2; - int64_t f0f3_2 = f0_2 * (int64_t) f3; - int64_t f0f4_2 = f0_2 * (int64_t) f4; - int64_t f0f5_2 = f0_2 * (int64_t) f5; - int64_t f0f6_2 = f0_2 * (int64_t) f6; - int64_t f0f7_2 = f0_2 * (int64_t) f7; - int64_t f0f8_2 = f0_2 * (int64_t) f8; - int64_t f0f9_2 = f0_2 * (int64_t) f9; - int64_t f1f1_2 = f1_2 * (int64_t) f1; - int64_t f1f2_2 = f1_2 * (int64_t) f2; - int64_t f1f3_4 = f1_2 * (int64_t) f3_2; - int64_t f1f4_2 = f1_2 * (int64_t) f4; - int64_t f1f5_4 = f1_2 * (int64_t) f5_2; - int64_t f1f6_2 = f1_2 * (int64_t) f6; - int64_t f1f7_4 = f1_2 * (int64_t) f7_2; - int64_t f1f8_2 = f1_2 * (int64_t) f8; - int64_t f1f9_76 = f1_2 * (int64_t) f9_38; - int64_t f2f2 = f2 * (int64_t) f2; - int64_t f2f3_2 = f2_2 * (int64_t) f3; - int64_t f2f4_2 = f2_2 * (int64_t) f4; - int64_t f2f5_2 = f2_2 * (int64_t) f5; - int64_t f2f6_2 = f2_2 * (int64_t) f6; - int64_t f2f7_2 = f2_2 * (int64_t) f7; - int64_t f2f8_38 = f2_2 * (int64_t) f8_19; - int64_t f2f9_38 = f2 * (int64_t) f9_38; - int64_t f3f3_2 = f3_2 * (int64_t) f3; - int64_t f3f4_2 = f3_2 * (int64_t) f4; - int64_t f3f5_4 = f3_2 * (int64_t) f5_2; - int64_t f3f6_2 = f3_2 * (int64_t) f6; - int64_t f3f7_76 = f3_2 * (int64_t) f7_38; - int64_t f3f8_38 = f3_2 * (int64_t) f8_19; - int64_t f3f9_76 = f3_2 * (int64_t) f9_38; - int64_t f4f4 = f4 * (int64_t) f4; - int64_t f4f5_2 = f4_2 * (int64_t) f5; - int64_t f4f6_38 = f4_2 * (int64_t) f6_19; - int64_t f4f7_38 = f4 * (int64_t) f7_38; - int64_t f4f8_38 = f4_2 * (int64_t) f8_19; - int64_t f4f9_38 = f4 * (int64_t) f9_38; - int64_t f5f5_38 = f5 * (int64_t) f5_38; - int64_t f5f6_38 = f5_2 * (int64_t) f6_19; - int64_t f5f7_76 = f5_2 * (int64_t) f7_38; - int64_t f5f8_38 = f5_2 * (int64_t) f8_19; - int64_t f5f9_76 = f5_2 * (int64_t) f9_38; - int64_t f6f6_19 = f6 * (int64_t) f6_19; - int64_t f6f7_38 = f6 * (int64_t) f7_38; - int64_t f6f8_38 = f6_2 * (int64_t) f8_19; - int64_t f6f9_38 = f6 * (int64_t) f9_38; - int64_t f7f7_38 = f7 * (int64_t) f7_38; - int64_t f7f8_38 = f7_2 * (int64_t) f8_19; - int64_t f7f9_76 = f7_2 * (int64_t) f9_38; - int64_t f8f8_19 = f8 * (int64_t) f8_19; - int64_t f8f9_38 = f8 * (int64_t) f9_38; - int64_t f9f9_38 = f9 * (int64_t) f9_38; - int64_t h0 = f0f0 + f1f9_76 + f2f8_38 + f3f7_76 + f4f6_38 + f5f5_38; - int64_t h1 = f0f1_2 + f2f9_38 + f3f8_38 + f4f7_38 + f5f6_38; - int64_t h2 = f0f2_2 + f1f1_2 + f3f9_76 + f4f8_38 + f5f7_76 + f6f6_19; - int64_t h3 = f0f3_2 + f1f2_2 + f4f9_38 + f5f8_38 + f6f7_38; - int64_t h4 = f0f4_2 + f1f3_4 + f2f2 + f5f9_76 + f6f8_38 + f7f7_38; - int64_t h5 = f0f5_2 + f1f4_2 + f2f3_2 + f6f9_38 + f7f8_38; - int64_t h6 = f0f6_2 + f1f5_4 + f2f4_2 + f3f3_2 + f7f9_76 + f8f8_19; - int64_t h7 = f0f7_2 + f1f6_2 + f2f5_2 + f3f4_2 + f8f9_38; - int64_t h8 = f0f8_2 + f1f7_4 + f2f6_2 + f3f5_4 + f4f4 + f9f9_38; - int64_t h9 = f0f9_2 + f1f8_2 + f2f7_2 + f3f6_2 + f4f5_2; - int64_t carry0; - int64_t carry1; - int64_t carry2; - int64_t carry3; - int64_t carry4; - int64_t carry5; - int64_t carry6; - int64_t carry7; - int64_t carry8; - int64_t carry9; - - h0 += h0; - h1 += h1; - h2 += h2; - h3 += h3; - h4 += h4; - h5 += h5; - h6 += h6; - h7 += h7; - h8 += h8; - h9 += h9; - - carry0 = h0 + (1 << 25); h1 += carry0 >> 26; h0 -= carry0 & kTop38Bits; - carry4 = h4 + (1 << 25); h5 += carry4 >> 26; h4 -= carry4 & kTop38Bits; - - carry1 = h1 + (1 << 24); h2 += carry1 >> 25; h1 -= carry1 & kTop39Bits; - carry5 = h5 + (1 << 24); h6 += carry5 >> 25; h5 -= carry5 & kTop39Bits; - - carry2 = h2 + (1 << 25); h3 += carry2 >> 26; h2 -= carry2 & kTop38Bits; - carry6 = h6 + (1 << 25); h7 += carry6 >> 26; h6 -= carry6 & kTop38Bits; - - carry3 = h3 + (1 << 24); h4 += carry3 >> 25; h3 -= carry3 & kTop39Bits; - carry7 = h7 + (1 << 24); h8 += carry7 >> 25; h7 -= carry7 & kTop39Bits; - - carry4 = h4 + (1 << 25); h5 += carry4 >> 26; h4 -= carry4 & kTop38Bits; - carry8 = h8 + (1 << 25); h9 += carry8 >> 26; h8 -= carry8 & kTop38Bits; - - carry9 = h9 + (1 << 24); h0 += (carry9 >> 25) * 19; h9 -= carry9 & kTop39Bits; - - carry0 = h0 + (1 << 25); h1 += carry0 >> 26; h0 -= carry0 & kTop38Bits; - - h[0] = (int32_t)h0; - h[1] = (int32_t)h1; - h[2] = (int32_t)h2; - h[3] = (int32_t)h3; - h[4] = (int32_t)h4; - h[5] = (int32_t)h5; - h[6] = (int32_t)h6; - h[7] = (int32_t)h7; - h[8] = (int32_t)h8; - h[9] = (int32_t)h9; -} - -static void fe_pow22523(fe out, const fe z) -{ - fe t0; - fe t1; - fe t2; - int i; - - fe_sq(t0, z); - fe_sq(t1, t0); - for (i = 1; i < 2; ++i) { - fe_sq(t1, t1); - } - fe_mul(t1, z, t1); - fe_mul(t0, t0, t1); - fe_sq(t0, t0); - fe_mul(t0, t1, t0); - fe_sq(t1, t0); - for (i = 1; i < 5; ++i) { - fe_sq(t1, t1); - } - fe_mul(t0, t1, t0); - fe_sq(t1, t0); - for (i = 1; i < 10; ++i) { - fe_sq(t1, t1); - } - fe_mul(t1, t1, t0); - fe_sq(t2, t1); - for (i = 1; i < 20; ++i) { - fe_sq(t2, t2); - } - fe_mul(t1, t2, t1); - fe_sq(t1, t1); - for (i = 1; i < 10; ++i) { - fe_sq(t1, t1); - } - fe_mul(t0, t1, t0); - fe_sq(t1, t0); - for (i = 1; i < 50; ++i) { - fe_sq(t1, t1); - } - fe_mul(t1, t1, t0); - fe_sq(t2, t1); - for (i = 1; i < 100; ++i) { - fe_sq(t2, t2); - } - fe_mul(t1, t2, t1); - fe_sq(t1, t1); - for (i = 1; i < 50; ++i) { - fe_sq(t1, t1); - } - fe_mul(t0, t1, t0); - fe_sq(t0, t0); - for (i = 1; i < 2; ++i) { - fe_sq(t0, t0); - } - fe_mul(out, t0, z); -} - -/* - * ge means group element. - * - * Here the group is the set of pairs (x,y) of field elements (see fe.h) - * satisfying -x^2 + y^2 = 1 + d x^2y^2 - * where d = -121665/121666. - * - * Representations: - * ge_p2 (projective): (X:Y:Z) satisfying x=X/Z, y=Y/Z - * ge_p3 (extended): (X:Y:Z:T) satisfying x=X/Z, y=Y/Z, XY=ZT - * ge_p1p1 (completed): ((X:Z),(Y:T)) satisfying x=X/Z, y=Y/T - * ge_precomp (Duif): (y+x,y-x,2dxy) - */ -typedef struct { - fe X; - fe Y; - fe Z; -} ge_p2; - -typedef struct { - fe X; - fe Y; - fe Z; - fe T; -} ge_p3; - -typedef struct { - fe X; - fe Y; - fe Z; - fe T; -} ge_p1p1; - -typedef struct { - fe yplusx; - fe yminusx; - fe xy2d; -} ge_precomp; - -typedef struct { - fe YplusX; - fe YminusX; - fe Z; - fe T2d; -} ge_cached; - -static void ge_tobytes(uint8_t *s, const ge_p2 *h) -{ - fe recip; - fe x; - fe y; - - fe_invert(recip, h->Z); - fe_mul(x, h->X, recip); - fe_mul(y, h->Y, recip); - fe_tobytes(s, y); - s[31] ^= fe_isnegative(x) << 7; -} - -static void ge_p3_tobytes(uint8_t *s, const ge_p3 *h) -{ - fe recip; - fe x; - fe y; - - fe_invert(recip, h->Z); - fe_mul(x, h->X, recip); - fe_mul(y, h->Y, recip); - fe_tobytes(s, y); - s[31] ^= fe_isnegative(x) << 7; -} - -static const fe d = { - -10913610, 13857413, -15372611, 6949391, 114729, - -8787816, -6275908, -3247719, -18696448, -12055116 -}; - -static const fe sqrtm1 = { - -32595792, -7943725, 9377950, 3500415, 12389472, - -272473, -25146209, -2005654, 326686, 11406482 -}; - -static int ge_frombytes_vartime(ge_p3 *h, const uint8_t *s) -{ - fe u; - fe v; - fe v3; - fe vxx; - fe check; - - fe_frombytes(h->Y, s); - fe_1(h->Z); - fe_sq(u, h->Y); - fe_mul(v, u, d); - fe_sub(u, u, h->Z); /* u = y^2-1 */ - fe_add(v, v, h->Z); /* v = dy^2+1 */ - - fe_sq(v3, v); - fe_mul(v3, v3, v); /* v3 = v^3 */ - fe_sq(h->X, v3); - fe_mul(h->X, h->X, v); - fe_mul(h->X, h->X, u); /* x = uv^7 */ - - fe_pow22523(h->X, h->X); /* x = (uv^7)^((q-5)/8) */ - fe_mul(h->X, h->X, v3); - fe_mul(h->X, h->X, u); /* x = uv^3(uv^7)^((q-5)/8) */ - - fe_sq(vxx, h->X); - fe_mul(vxx, vxx, v); - fe_sub(check, vxx, u); /* vx^2-u */ - if (fe_isnonzero(check)) { - fe_add(check, vxx, u); /* vx^2+u */ - if (fe_isnonzero(check)) { - return -1; - } - fe_mul(h->X, h->X, sqrtm1); - } - - if (fe_isnegative(h->X) != (s[31] >> 7)) { - fe_neg(h->X, h->X); - } - - fe_mul(h->T, h->X, h->Y); - return 0; -} - -static void ge_p2_0(ge_p2 *h) -{ - fe_0(h->X); - fe_1(h->Y); - fe_1(h->Z); -} - -static void ge_p3_0(ge_p3 *h) -{ - fe_0(h->X); - fe_1(h->Y); - fe_1(h->Z); - fe_0(h->T); -} - -static void ge_precomp_0(ge_precomp *h) -{ - fe_1(h->yplusx); - fe_1(h->yminusx); - fe_0(h->xy2d); -} - -/* r = p */ -static void ge_p3_to_p2(ge_p2 *r, const ge_p3 *p) -{ - fe_copy(r->X, p->X); - fe_copy(r->Y, p->Y); - fe_copy(r->Z, p->Z); -} - -static const fe d2 = { - -21827239, -5839606, -30745221, 13898782, 229458, - 15978800, -12551817, -6495438, 29715968, 9444199 -}; - -/* r = p */ -static void ge_p3_to_cached(ge_cached *r, const ge_p3 *p) -{ - fe_add(r->YplusX, p->Y, p->X); - fe_sub(r->YminusX, p->Y, p->X); - fe_copy(r->Z, p->Z); - fe_mul(r->T2d, p->T, d2); -} - -/* r = p */ -static void ge_p1p1_to_p2(ge_p2 *r, const ge_p1p1 *p) -{ - fe_mul(r->X, p->X, p->T); - fe_mul(r->Y, p->Y, p->Z); - fe_mul(r->Z, p->Z, p->T); -} - -/* r = p */ -static void ge_p1p1_to_p3(ge_p3 *r, const ge_p1p1 *p) -{ - fe_mul(r->X, p->X, p->T); - fe_mul(r->Y, p->Y, p->Z); - fe_mul(r->Z, p->Z, p->T); - fe_mul(r->T, p->X, p->Y); -} - -/* r = 2 * p */ -static void ge_p2_dbl(ge_p1p1 *r, const ge_p2 *p) -{ - fe t0; - - fe_sq(r->X, p->X); - fe_sq(r->Z, p->Y); - fe_sq2(r->T, p->Z); - fe_add(r->Y, p->X, p->Y); - fe_sq(t0, r->Y); - fe_add(r->Y, r->Z, r->X); - fe_sub(r->Z, r->Z, r->X); - fe_sub(r->X, t0, r->Y); - fe_sub(r->T, r->T, r->Z); -} - -/* r = 2 * p */ -static void ge_p3_dbl(ge_p1p1 *r, const ge_p3 *p) -{ - ge_p2 q; - ge_p3_to_p2(&q, p); - ge_p2_dbl(r, &q); -} - -/* r = p + q */ -static void ge_madd(ge_p1p1 *r, const ge_p3 *p, const ge_precomp *q) -{ - fe t0; - - fe_add(r->X, p->Y, p->X); - fe_sub(r->Y, p->Y, p->X); - fe_mul(r->Z, r->X, q->yplusx); - fe_mul(r->Y, r->Y, q->yminusx); - fe_mul(r->T, q->xy2d, p->T); - fe_add(t0, p->Z, p->Z); - fe_sub(r->X, r->Z, r->Y); - fe_add(r->Y, r->Z, r->Y); - fe_add(r->Z, t0, r->T); - fe_sub(r->T, t0, r->T); -} - -/* r = p - q */ -static void ge_msub(ge_p1p1 *r, const ge_p3 *p, const ge_precomp *q) -{ - fe t0; - - fe_add(r->X, p->Y, p->X); - fe_sub(r->Y, p->Y, p->X); - fe_mul(r->Z, r->X, q->yminusx); - fe_mul(r->Y, r->Y, q->yplusx); - fe_mul(r->T, q->xy2d, p->T); - fe_add(t0, p->Z, p->Z); - fe_sub(r->X, r->Z, r->Y); - fe_add(r->Y, r->Z, r->Y); - fe_sub(r->Z, t0, r->T); - fe_add(r->T, t0, r->T); -} - -/* r = p + q */ -static void ge_add(ge_p1p1 *r, const ge_p3 *p, const ge_cached *q) -{ - fe t0; - - fe_add(r->X, p->Y, p->X); - fe_sub(r->Y, p->Y, p->X); - fe_mul(r->Z, r->X, q->YplusX); - fe_mul(r->Y, r->Y, q->YminusX); - fe_mul(r->T, q->T2d, p->T); - fe_mul(r->X, p->Z, q->Z); - fe_add(t0, r->X, r->X); - fe_sub(r->X, r->Z, r->Y); - fe_add(r->Y, r->Z, r->Y); - fe_add(r->Z, t0, r->T); - fe_sub(r->T, t0, r->T); -} - -/* r = p - q */ -static void ge_sub(ge_p1p1 *r, const ge_p3 *p, const ge_cached *q) -{ - fe t0; - - fe_add(r->X, p->Y, p->X); - fe_sub(r->Y, p->Y, p->X); - fe_mul(r->Z, r->X, q->YminusX); - fe_mul(r->Y, r->Y, q->YplusX); - fe_mul(r->T, q->T2d, p->T); - fe_mul(r->X, p->Z, q->Z); - fe_add(t0, r->X, r->X); - fe_sub(r->X, r->Z, r->Y); - fe_add(r->Y, r->Z, r->Y); - fe_sub(r->Z, t0, r->T); - fe_add(r->T, t0, r->T); -} - -static uint8_t equal(signed char b, signed char c) -{ - uint8_t ub = b; - uint8_t uc = c; - uint8_t x = ub ^ uc; /* 0: yes; 1..255: no */ - uint32_t y = x; /* 0: yes; 1..255: no */ - y -= 1; /* 4294967295: yes; 0..254: no */ - y >>= 31; /* 1: yes; 0: no */ - return y; -} - -static void cmov(ge_precomp *t, const ge_precomp *u, uint8_t b) -{ - fe_cmov(t->yplusx, u->yplusx, b); - fe_cmov(t->yminusx, u->yminusx, b); - fe_cmov(t->xy2d, u->xy2d, b); -} - -/* k25519Precomp[i][j] = (j+1)*256^i*B */ -static const ge_precomp k25519Precomp[32][8] = { - { - { - {25967493, -14356035, 29566456, 3660896, -12694345, 4014787, - 27544626, -11754271, -6079156, 2047605}, - {-12545711, 934262, -2722910, 3049990, -727428, 9406986, 12720692, - 5043384, 19500929, -15469378}, - {-8738181, 4489570, 9688441, -14785194, 10184609, -12363380, - 29287919, 11864899, -24514362, -4438546}, - }, - { - {-12815894, -12976347, -21581243, 11784320, -25355658, -2750717, - -11717903, -3814571, -358445, -10211303}, - {-21703237, 6903825, 27185491, 6451973, -29577724, -9554005, - -15616551, 11189268, -26829678, -5319081}, - {26966642, 11152617, 32442495, 15396054, 14353839, -12752335, - -3128826, -9541118, -15472047, -4166697}, - }, - { - {15636291, -9688557, 24204773, -7912398, 616977, -16685262, - 27787600, -14772189, 28944400, -1550024}, - {16568933, 4717097, -11556148, -1102322, 15682896, -11807043, - 16354577, -11775962, 7689662, 11199574}, - {30464156, -5976125, -11779434, -15670865, 23220365, 15915852, - 7512774, 10017326, -17749093, -9920357}, - }, - { - {-17036878, 13921892, 10945806, -6033431, 27105052, -16084379, - -28926210, 15006023, 3284568, -6276540}, - {23599295, -8306047, -11193664, -7687416, 13236774, 10506355, - 7464579, 9656445, 13059162, 10374397}, - {7798556, 16710257, 3033922, 2874086, 28997861, 2835604, 32406664, - -3839045, -641708, -101325}, - }, - { - {10861363, 11473154, 27284546, 1981175, -30064349, 12577861, - 32867885, 14515107, -15438304, 10819380}, - {4708026, 6336745, 20377586, 9066809, -11272109, 6594696, -25653668, - 12483688, -12668491, 5581306}, - {19563160, 16186464, -29386857, 4097519, 10237984, -4348115, - 28542350, 13850243, -23678021, -15815942}, - }, - { - {-15371964, -12862754, 32573250, 4720197, -26436522, 5875511, - -19188627, -15224819, -9818940, -12085777}, - {-8549212, 109983, 15149363, 2178705, 22900618, 4543417, 3044240, - -15689887, 1762328, 14866737}, - {-18199695, -15951423, -10473290, 1707278, -17185920, 3916101, - -28236412, 3959421, 27914454, 4383652}, - }, - { - {5153746, 9909285, 1723747, -2777874, 30523605, 5516873, 19480852, - 5230134, -23952439, -15175766}, - {-30269007, -3463509, 7665486, 10083793, 28475525, 1649722, - 20654025, 16520125, 30598449, 7715701}, - {28881845, 14381568, 9657904, 3680757, -20181635, 7843316, - -31400660, 1370708, 29794553, -1409300}, - }, - { - {14499471, -2729599, -33191113, -4254652, 28494862, 14271267, - 30290735, 10876454, -33154098, 2381726}, - {-7195431, -2655363, -14730155, 462251, -27724326, 3941372, - -6236617, 3696005, -32300832, 15351955}, - {27431194, 8222322, 16448760, -3907995, -18707002, 11938355, - -32961401, -2970515, 29551813, 10109425}, - }, - }, - { - { - {-13657040, -13155431, -31283750, 11777098, 21447386, 6519384, - -2378284, -1627556, 10092783, -4764171}, - {27939166, 14210322, 4677035, 16277044, -22964462, -12398139, - -32508754, 12005538, -17810127, 12803510}, - {17228999, -15661624, -1233527, 300140, -1224870, -11714777, - 30364213, -9038194, 18016357, 4397660}, - }, - { - {-10958843, -7690207, 4776341, -14954238, 27850028, -15602212, - -26619106, 14544525, -17477504, 982639}, - {29253598, 15796703, -2863982, -9908884, 10057023, 3163536, 7332899, - -4120128, -21047696, 9934963}, - {5793303, 16271923, -24131614, -10116404, 29188560, 1206517, - -14747930, 4559895, -30123922, -10897950}, - }, - { - {-27643952, -11493006, 16282657, -11036493, 28414021, -15012264, - 24191034, 4541697, -13338309, 5500568}, - {12650548, -1497113, 9052871, 11355358, -17680037, -8400164, - -17430592, 12264343, 10874051, 13524335}, - {25556948, -3045990, 714651, 2510400, 23394682, -10415330, 33119038, - 5080568, -22528059, 5376628}, - }, - { - {-26088264, -4011052, -17013699, -3537628, -6726793, 1920897, - -22321305, -9447443, 4535768, 1569007}, - {-2255422, 14606630, -21692440, -8039818, 28430649, 8775819, - -30494562, 3044290, 31848280, 12543772}, - {-22028579, 2943893, -31857513, 6777306, 13784462, -4292203, - -27377195, -2062731, 7718482, 14474653}, - }, - { - {2385315, 2454213, -22631320, 46603, -4437935, -15680415, 656965, - -7236665, 24316168, -5253567}, - {13741529, 10911568, -33233417, -8603737, -20177830, -1033297, - 33040651, -13424532, -20729456, 8321686}, - {21060490, -2212744, 15712757, -4336099, 1639040, 10656336, - 23845965, -11874838, -9984458, 608372}, - }, - { - {-13672732, -15087586, -10889693, -7557059, -6036909, 11305547, - 1123968, -6780577, 27229399, 23887}, - {-23244140, -294205, -11744728, 14712571, -29465699, -2029617, - 12797024, -6440308, -1633405, 16678954}, - {-29500620, 4770662, -16054387, 14001338, 7830047, 9564805, - -1508144, -4795045, -17169265, 4904953}, - }, - { - {24059557, 14617003, 19037157, -15039908, 19766093, -14906429, - 5169211, 16191880, 2128236, -4326833}, - {-16981152, 4124966, -8540610, -10653797, 30336522, -14105247, - -29806336, 916033, -6882542, -2986532}, - {-22630907, 12419372, -7134229, -7473371, -16478904, 16739175, - 285431, 2763829, 15736322, 4143876}, - }, - { - {2379352, 11839345, -4110402, -5988665, 11274298, 794957, 212801, - -14594663, 23527084, -16458268}, - {33431127, -11130478, -17838966, -15626900, 8909499, 8376530, - -32625340, 4087881, -15188911, -14416214}, - {1767683, 7197987, -13205226, -2022635, -13091350, 448826, 5799055, - 4357868, -4774191, -16323038}, - }, - }, - { - { - {6721966, 13833823, -23523388, -1551314, 26354293, -11863321, - 23365147, -3949732, 7390890, 2759800}, - {4409041, 2052381, 23373853, 10530217, 7676779, -12885954, 21302353, - -4264057, 1244380, -12919645}, - {-4421239, 7169619, 4982368, -2957590, 30256825, -2777540, 14086413, - 9208236, 15886429, 16489664}, - }, - { - {1996075, 10375649, 14346367, 13311202, -6874135, -16438411, - -13693198, 398369, -30606455, -712933}, - {-25307465, 9795880, -2777414, 14878809, -33531835, 14780363, - 13348553, 12076947, -30836462, 5113182}, - {-17770784, 11797796, 31950843, 13929123, -25888302, 12288344, - -30341101, -7336386, 13847711, 5387222}, - }, - { - {-18582163, -3416217, 17824843, -2340966, 22744343, -10442611, - 8763061, 3617786, -19600662, 10370991}, - {20246567, -14369378, 22358229, -543712, 18507283, -10413996, - 14554437, -8746092, 32232924, 16763880}, - {9648505, 10094563, 26416693, 14745928, -30374318, -6472621, - 11094161, 15689506, 3140038, -16510092}, - }, - { - {-16160072, 5472695, 31895588, 4744994, 8823515, 10365685, - -27224800, 9448613, -28774454, 366295}, - {19153450, 11523972, -11096490, -6503142, -24647631, 5420647, - 28344573, 8041113, 719605, 11671788}, - {8678025, 2694440, -6808014, 2517372, 4964326, 11152271, -15432916, - -15266516, 27000813, -10195553}, - }, - { - {-15157904, 7134312, 8639287, -2814877, -7235688, 10421742, 564065, - 5336097, 6750977, -14521026}, - {11836410, -3979488, 26297894, 16080799, 23455045, 15735944, - 1695823, -8819122, 8169720, 16220347}, - {-18115838, 8653647, 17578566, -6092619, -8025777, -16012763, - -11144307, -2627664, -5990708, -14166033}, - }, - { - {-23308498, -10968312, 15213228, -10081214, -30853605, -11050004, - 27884329, 2847284, 2655861, 1738395}, - {-27537433, -14253021, -25336301, -8002780, -9370762, 8129821, - 21651608, -3239336, -19087449, -11005278}, - {1533110, 3437855, 23735889, 459276, 29970501, 11335377, 26030092, - 5821408, 10478196, 8544890}, - }, - { - {32173121, -16129311, 24896207, 3921497, 22579056, -3410854, - 19270449, 12217473, 17789017, -3395995}, - {-30552961, -2228401, -15578829, -10147201, 13243889, 517024, - 15479401, -3853233, 30460520, 1052596}, - {-11614875, 13323618, 32618793, 8175907, -15230173, 12596687, - 27491595, -4612359, 3179268, -9478891}, - }, - { - {31947069, -14366651, -4640583, -15339921, -15125977, -6039709, - -14756777, -16411740, 19072640, -9511060}, - {11685058, 11822410, 3158003, -13952594, 33402194, -4165066, - 5977896, -5215017, 473099, 5040608}, - {-20290863, 8198642, -27410132, 11602123, 1290375, -2799760, - 28326862, 1721092, -19558642, -3131606}, - }, - }, - { - { - {7881532, 10687937, 7578723, 7738378, -18951012, -2553952, 21820786, - 8076149, -27868496, 11538389}, - {-19935666, 3899861, 18283497, -6801568, -15728660, -11249211, - 8754525, 7446702, -5676054, 5797016}, - {-11295600, -3793569, -15782110, -7964573, 12708869, -8456199, - 2014099, -9050574, -2369172, -5877341}, - }, - { - {-22472376, -11568741, -27682020, 1146375, 18956691, 16640559, - 1192730, -3714199, 15123619, 10811505}, - {14352098, -3419715, -18942044, 10822655, 32750596, 4699007, -70363, - 15776356, -28886779, -11974553}, - {-28241164, -8072475, -4978962, -5315317, 29416931, 1847569, - -20654173, -16484855, 4714547, -9600655}, - }, - { - {15200332, 8368572, 19679101, 15970074, -31872674, 1959451, - 24611599, -4543832, -11745876, 12340220}, - {12876937, -10480056, 33134381, 6590940, -6307776, 14872440, - 9613953, 8241152, 15370987, 9608631}, - {-4143277, -12014408, 8446281, -391603, 4407738, 13629032, -7724868, - 15866074, -28210621, -8814099}, - }, - { - {26660628, -15677655, 8393734, 358047, -7401291, 992988, -23904233, - 858697, 20571223, 8420556}, - {14620715, 13067227, -15447274, 8264467, 14106269, 15080814, - 33531827, 12516406, -21574435, -12476749}, - {236881, 10476226, 57258, -14677024, 6472998, 2466984, 17258519, - 7256740, 8791136, 15069930}, - }, - { - {1276410, -9371918, 22949635, -16322807, -23493039, -5702186, - 14711875, 4874229, -30663140, -2331391}, - {5855666, 4990204, -13711848, 7294284, -7804282, 1924647, -1423175, - -7912378, -33069337, 9234253}, - {20590503, -9018988, 31529744, -7352666, -2706834, 10650548, - 31559055, -11609587, 18979186, 13396066}, - }, - { - {24474287, 4968103, 22267082, 4407354, 24063882, -8325180, - -18816887, 13594782, 33514650, 7021958}, - {-11566906, -6565505, -21365085, 15928892, -26158305, 4315421, - -25948728, -3916677, -21480480, 12868082}, - {-28635013, 13504661, 19988037, -2132761, 21078225, 6443208, - -21446107, 2244500, -12455797, -8089383}, - }, - { - {-30595528, 13793479, -5852820, 319136, -25723172, -6263899, - 33086546, 8957937, -15233648, 5540521}, - {-11630176, -11503902, -8119500, -7643073, 2620056, 1022908, - -23710744, -1568984, -16128528, -14962807}, - {23152971, 775386, 27395463, 14006635, -9701118, 4649512, 1689819, - 892185, -11513277, -15205948}, - }, - { - {9770129, 9586738, 26496094, 4324120, 1556511, -3550024, 27453819, - 4763127, -19179614, 5867134}, - {-32765025, 1927590, 31726409, -4753295, 23962434, -16019500, - 27846559, 5931263, -29749703, -16108455}, - {27461885, -2977536, 22380810, 1815854, -23033753, -3031938, - 7283490, -15148073, -19526700, 7734629}, - }, - }, - { - { - {-8010264, -9590817, -11120403, 6196038, 29344158, -13430885, - 7585295, -3176626, 18549497, 15302069}, - {-32658337, -6171222, -7672793, -11051681, 6258878, 13504381, - 10458790, -6418461, -8872242, 8424746}, - {24687205, 8613276, -30667046, -3233545, 1863892, -1830544, - 19206234, 7134917, -11284482, -828919}, - }, - { - {11334899, -9218022, 8025293, 12707519, 17523892, -10476071, - 10243738, -14685461, -5066034, 16498837}, - {8911542, 6887158, -9584260, -6958590, 11145641, -9543680, 17303925, - -14124238, 6536641, 10543906}, - {-28946384, 15479763, -17466835, 568876, -1497683, 11223454, - -2669190, -16625574, -27235709, 8876771}, - }, - { - {-25742899, -12566864, -15649966, -846607, -33026686, -796288, - -33481822, 15824474, -604426, -9039817}, - {10330056, 70051, 7957388, -9002667, 9764902, 15609756, 27698697, - -4890037, 1657394, 3084098}, - {10477963, -7470260, 12119566, -13250805, 29016247, -5365589, - 31280319, 14396151, -30233575, 15272409}, - }, - { - {-12288309, 3169463, 28813183, 16658753, 25116432, -5630466, - -25173957, -12636138, -25014757, 1950504}, - {-26180358, 9489187, 11053416, -14746161, -31053720, 5825630, - -8384306, -8767532, 15341279, 8373727}, - {28685821, 7759505, -14378516, -12002860, -31971820, 4079242, - 298136, -10232602, -2878207, 15190420}, - }, - { - {-32932876, 13806336, -14337485, -15794431, -24004620, 10940928, - 8669718, 2742393, -26033313, -6875003}, - {-1580388, -11729417, -25979658, -11445023, -17411874, -10912854, - 9291594, -16247779, -12154742, 6048605}, - {-30305315, 14843444, 1539301, 11864366, 20201677, 1900163, - 13934231, 5128323, 11213262, 9168384}, - }, - { - {-26280513, 11007847, 19408960, -940758, -18592965, -4328580, - -5088060, -11105150, 20470157, -16398701}, - {-23136053, 9282192, 14855179, -15390078, -7362815, -14408560, - -22783952, 14461608, 14042978, 5230683}, - {29969567, -2741594, -16711867, -8552442, 9175486, -2468974, - 21556951, 3506042, -5933891, -12449708}, - }, - { - {-3144746, 8744661, 19704003, 4581278, -20430686, 6830683, - -21284170, 8971513, -28539189, 15326563}, - {-19464629, 10110288, -17262528, -3503892, -23500387, 1355669, - -15523050, 15300988, -20514118, 9168260}, - {-5353335, 4488613, -23803248, 16314347, 7780487, -15638939, - -28948358, 9601605, 33087103, -9011387}, - }, - { - {-19443170, -15512900, -20797467, -12445323, -29824447, 10229461, - -27444329, -15000531, -5996870, 15664672}, - {23294591, -16632613, -22650781, -8470978, 27844204, 11461195, - 13099750, -2460356, 18151676, 13417686}, - {-24722913, -4176517, -31150679, 5988919, -26858785, 6685065, - 1661597, -12551441, 15271676, -15452665}, - }, - }, - { - { - {11433042, -13228665, 8239631, -5279517, -1985436, -725718, - -18698764, 2167544, -6921301, -13440182}, - {-31436171, 15575146, 30436815, 12192228, -22463353, 9395379, - -9917708, -8638997, 12215110, 12028277}, - {14098400, 6555944, 23007258, 5757252, -15427832, -12950502, - 30123440, 4617780, -16900089, -655628}, - }, - { - {-4026201, -15240835, 11893168, 13718664, -14809462, 1847385, - -15819999, 10154009, 23973261, -12684474}, - {-26531820, -3695990, -1908898, 2534301, -31870557, -16550355, - 18341390, -11419951, 32013174, -10103539}, - {-25479301, 10876443, -11771086, -14625140, -12369567, 1838104, - 21911214, 6354752, 4425632, -837822}, - }, - { - {-10433389, -14612966, 22229858, -3091047, -13191166, 776729, - -17415375, -12020462, 4725005, 14044970}, - {19268650, -7304421, 1555349, 8692754, -21474059, -9910664, 6347390, - -1411784, -19522291, -16109756}, - {-24864089, 12986008, -10898878, -5558584, -11312371, -148526, - 19541418, 8180106, 9282262, 10282508}, - }, - { - {-26205082, 4428547, -8661196, -13194263, 4098402, -14165257, - 15522535, 8372215, 5542595, -10702683}, - {-10562541, 14895633, 26814552, -16673850, -17480754, -2489360, - -2781891, 6993761, -18093885, 10114655}, - {-20107055, -929418, 31422704, 10427861, -7110749, 6150669, - -29091755, -11529146, 25953725, -106158}, - }, - { - {-4234397, -8039292, -9119125, 3046000, 2101609, -12607294, - 19390020, 6094296, -3315279, 12831125}, - {-15998678, 7578152, 5310217, 14408357, -33548620, -224739, - 31575954, 6326196, 7381791, -2421839}, - {-20902779, 3296811, 24736065, -16328389, 18374254, 7318640, - 6295303, 8082724, -15362489, 12339664}, - }, - { - {27724736, 2291157, 6088201, -14184798, 1792727, 5857634, 13848414, - 15768922, 25091167, 14856294}, - {-18866652, 8331043, 24373479, 8541013, -701998, -9269457, 12927300, - -12695493, -22182473, -9012899}, - {-11423429, -5421590, 11632845, 3405020, 30536730, -11674039, - -27260765, 13866390, 30146206, 9142070}, - }, - { - {3924129, -15307516, -13817122, -10054960, 12291820, -668366, - -27702774, 9326384, -8237858, 4171294}, - {-15921940, 16037937, 6713787, 16606682, -21612135, 2790944, - 26396185, 3731949, 345228, -5462949}, - {-21327538, 13448259, 25284571, 1143661, 20614966, -8849387, - 2031539, -12391231, -16253183, -13582083}, - }, - { - {31016211, -16722429, 26371392, -14451233, -5027349, 14854137, - 17477601, 3842657, 28012650, -16405420}, - {-5075835, 9368966, -8562079, -4600902, -15249953, 6970560, - -9189873, 16292057, -8867157, 3507940}, - {29439664, 3537914, 23333589, 6997794, -17555561, -11018068, - -15209202, -15051267, -9164929, 6580396}, - }, - }, - { - { - {-12185861, -7679788, 16438269, 10826160, -8696817, -6235611, - 17860444, -9273846, -2095802, 9304567}, - {20714564, -4336911, 29088195, 7406487, 11426967, -5095705, - 14792667, -14608617, 5289421, -477127}, - {-16665533, -10650790, -6160345, -13305760, 9192020, -1802462, - 17271490, 12349094, 26939669, -3752294}, - }, - { - {-12889898, 9373458, 31595848, 16374215, 21471720, 13221525, - -27283495, -12348559, -3698806, 117887}, - {22263325, -6560050, 3984570, -11174646, -15114008, -566785, - 28311253, 5358056, -23319780, 541964}, - {16259219, 3261970, 2309254, -15534474, -16885711, -4581916, - 24134070, -16705829, -13337066, -13552195}, - }, - { - {9378160, -13140186, -22845982, -12745264, 28198281, -7244098, - -2399684, -717351, 690426, 14876244}, - {24977353, -314384, -8223969, -13465086, 28432343, -1176353, - -13068804, -12297348, -22380984, 6618999}, - {-1538174, 11685646, 12944378, 13682314, -24389511, -14413193, - 8044829, -13817328, 32239829, -5652762}, - }, - { - {-18603066, 4762990, -926250, 8885304, -28412480, -3187315, 9781647, - -10350059, 32779359, 5095274}, - {-33008130, -5214506, -32264887, -3685216, 9460461, -9327423, - -24601656, 14506724, 21639561, -2630236}, - {-16400943, -13112215, 25239338, 15531969, 3987758, -4499318, - -1289502, -6863535, 17874574, 558605}, - }, - { - {-13600129, 10240081, 9171883, 16131053, -20869254, 9599700, - 33499487, 5080151, 2085892, 5119761}, - {-22205145, -2519528, -16381601, 414691, -25019550, 2170430, - 30634760, -8363614, -31999993, -5759884}, - {-6845704, 15791202, 8550074, -1312654, 29928809, -12092256, - 27534430, -7192145, -22351378, 12961482}, - }, - { - {-24492060, -9570771, 10368194, 11582341, -23397293, -2245287, - 16533930, 8206996, -30194652, -5159638}, - {-11121496, -3382234, 2307366, 6362031, -135455, 8868177, -16835630, - 7031275, 7589640, 8945490}, - {-32152748, 8917967, 6661220, -11677616, -1192060, -15793393, - 7251489, -11182180, 24099109, -14456170}, - }, - { - {5019558, -7907470, 4244127, -14714356, -26933272, 6453165, - -19118182, -13289025, -6231896, -10280736}, - {10853594, 10721687, 26480089, 5861829, -22995819, 1972175, - -1866647, -10557898, -3363451, -6441124}, - {-17002408, 5906790, 221599, -6563147, 7828208, -13248918, 24362661, - -2008168, -13866408, 7421392}, - }, - { - {8139927, -6546497, 32257646, -5890546, 30375719, 1886181, - -21175108, 15441252, 28826358, -4123029}, - {6267086, 9695052, 7709135, -16603597, -32869068, -1886135, - 14795160, -7840124, 13746021, -1742048}, - {28584902, 7787108, -6732942, -15050729, 22846041, -7571236, - -3181936, -363524, 4771362, -8419958}, - }, - }, - { - { - {24949256, 6376279, -27466481, -8174608, -18646154, -9930606, - 33543569, -12141695, 3569627, 11342593}, - {26514989, 4740088, 27912651, 3697550, 19331575, -11472339, 6809886, - 4608608, 7325975, -14801071}, - {-11618399, -14554430, -24321212, 7655128, -1369274, 5214312, - -27400540, 10258390, -17646694, -8186692}, - }, - { - {11431204, 15823007, 26570245, 14329124, 18029990, 4796082, - -31446179, 15580664, 9280358, -3973687}, - {-160783, -10326257, -22855316, -4304997, -20861367, -13621002, - -32810901, -11181622, -15545091, 4387441}, - {-20799378, 12194512, 3937617, -5805892, -27154820, 9340370, - -24513992, 8548137, 20617071, -7482001}, - }, - { - {-938825, -3930586, -8714311, 16124718, 24603125, -6225393, - -13775352, -11875822, 24345683, 10325460}, - {-19855277, -1568885, -22202708, 8714034, 14007766, 6928528, - 16318175, -1010689, 4766743, 3552007}, - {-21751364, -16730916, 1351763, -803421, -4009670, 3950935, 3217514, - 14481909, 10988822, -3994762}, - }, - { - {15564307, -14311570, 3101243, 5684148, 30446780, -8051356, - 12677127, -6505343, -8295852, 13296005}, - {-9442290, 6624296, -30298964, -11913677, -4670981, -2057379, - 31521204, 9614054, -30000824, 12074674}, - {4771191, -135239, 14290749, -13089852, 27992298, 14998318, - -1413936, -1556716, 29832613, -16391035}, - }, - { - {7064884, -7541174, -19161962, -5067537, -18891269, -2912736, - 25825242, 5293297, -27122660, 13101590}, - {-2298563, 2439670, -7466610, 1719965, -27267541, -16328445, - 32512469, -5317593, -30356070, -4190957}, - {-30006540, 10162316, -33180176, 3981723, -16482138, -13070044, - 14413974, 9515896, 19568978, 9628812}, - }, - { - {33053803, 199357, 15894591, 1583059, 27380243, -4580435, -17838894, - -6106839, -6291786, 3437740}, - {-18978877, 3884493, 19469877, 12726490, 15913552, 13614290, - -22961733, 70104, 7463304, 4176122}, - {-27124001, 10659917, 11482427, -16070381, 12771467, -6635117, - -32719404, -5322751, 24216882, 5944158}, - }, - { - {8894125, 7450974, -2664149, -9765752, -28080517, -12389115, - 19345746, 14680796, 11632993, 5847885}, - {26942781, -2315317, 9129564, -4906607, 26024105, 11769399, - -11518837, 6367194, -9727230, 4782140}, - {19916461, -4828410, -22910704, -11414391, 25606324, -5972441, - 33253853, 8220911, 6358847, -1873857}, - }, - { - {801428, -2081702, 16569428, 11065167, 29875704, 96627, 7908388, - -4480480, -13538503, 1387155}, - {19646058, 5720633, -11416706, 12814209, 11607948, 12749789, - 14147075, 15156355, -21866831, 11835260}, - {19299512, 1155910, 28703737, 14890794, 2925026, 7269399, 26121523, - 15467869, -26560550, 5052483}, - }, - }, - { - { - {-3017432, 10058206, 1980837, 3964243, 22160966, 12322533, -6431123, - -12618185, 12228557, -7003677}, - {32944382, 14922211, -22844894, 5188528, 21913450, -8719943, - 4001465, 13238564, -6114803, 8653815}, - {22865569, -4652735, 27603668, -12545395, 14348958, 8234005, - 24808405, 5719875, 28483275, 2841751}, - }, - { - {-16420968, -1113305, -327719, -12107856, 21886282, -15552774, - -1887966, -315658, 19932058, -12739203}, - {-11656086, 10087521, -8864888, -5536143, -19278573, -3055912, - 3999228, 13239134, -4777469, -13910208}, - {1382174, -11694719, 17266790, 9194690, -13324356, 9720081, - 20403944, 11284705, -14013818, 3093230}, - }, - { - {16650921, -11037932, -1064178, 1570629, -8329746, 7352753, -302424, - 16271225, -24049421, -6691850}, - {-21911077, -5927941, -4611316, -5560156, -31744103, -10785293, - 24123614, 15193618, -21652117, -16739389}, - {-9935934, -4289447, -25279823, 4372842, 2087473, 10399484, - 31870908, 14690798, 17361620, 11864968}, - }, - { - {-11307610, 6210372, 13206574, 5806320, -29017692, -13967200, - -12331205, -7486601, -25578460, -16240689}, - {14668462, -12270235, 26039039, 15305210, 25515617, 4542480, - 10453892, 6577524, 9145645, -6443880}, - {5974874, 3053895, -9433049, -10385191, -31865124, 3225009, - -7972642, 3936128, -5652273, -3050304}, - }, - { - {30625386, -4729400, -25555961, -12792866, -20484575, 7695099, - 17097188, -16303496, -27999779, 1803632}, - {-3553091, 9865099, -5228566, 4272701, -5673832, -16689700, - 14911344, 12196514, -21405489, 7047412}, - {20093277, 9920966, -11138194, -5343857, 13161587, 12044805, - -32856851, 4124601, -32343828, -10257566}, - }, - { - {-20788824, 14084654, -13531713, 7842147, 19119038, -13822605, - 4752377, -8714640, -21679658, 2288038}, - {-26819236, -3283715, 29965059, 3039786, -14473765, 2540457, - 29457502, 14625692, -24819617, 12570232}, - {-1063558, -11551823, 16920318, 12494842, 1278292, -5869109, - -21159943, -3498680, -11974704, 4724943}, - }, - { - {17960970, -11775534, -4140968, -9702530, -8876562, -1410617, - -12907383, -8659932, -29576300, 1903856}, - {23134274, -14279132, -10681997, -1611936, 20684485, 15770816, - -12989750, 3190296, 26955097, 14109738}, - {15308788, 5320727, -30113809, -14318877, 22902008, 7767164, - 29425325, -11277562, 31960942, 11934971}, - }, - { - {-27395711, 8435796, 4109644, 12222639, -24627868, 14818669, - 20638173, 4875028, 10491392, 1379718}, - {-13159415, 9197841, 3875503, -8936108, -1383712, -5879801, - 33518459, 16176658, 21432314, 12180697}, - {-11787308, 11500838, 13787581, -13832590, -22430679, 10140205, - 1465425, 12689540, -10301319, -13872883}, - }, - }, - { - { - {5414091, -15386041, -21007664, 9643570, 12834970, 1186149, - -2622916, -1342231, 26128231, 6032912}, - {-26337395, -13766162, 32496025, -13653919, 17847801, -12669156, - 3604025, 8316894, -25875034, -10437358}, - {3296484, 6223048, 24680646, -12246460, -23052020, 5903205, - -8862297, -4639164, 12376617, 3188849}, - }, - { - {29190488, -14659046, 27549113, -1183516, 3520066, -10697301, - 32049515, -7309113, -16109234, -9852307}, - {-14744486, -9309156, 735818, -598978, -20407687, -5057904, - 25246078, -15795669, 18640741, -960977}, - {-6928835, -16430795, 10361374, 5642961, 4910474, 12345252, - -31638386, -494430, 10530747, 1053335}, - }, - { - {-29265967, -14186805, -13538216, -12117373, -19457059, -10655384, - -31462369, -2948985, 24018831, 15026644}, - {-22592535, -3145277, -2289276, 5953843, -13440189, 9425631, - 25310643, 13003497, -2314791, -15145616}, - {-27419985, -603321, -8043984, -1669117, -26092265, 13987819, - -27297622, 187899, -23166419, -2531735}, - }, - { - {-21744398, -13810475, 1844840, 5021428, -10434399, -15911473, - 9716667, 16266922, -5070217, 726099}, - {29370922, -6053998, 7334071, -15342259, 9385287, 2247707, - -13661962, -4839461, 30007388, -15823341}, - {-936379, 16086691, 23751945, -543318, -1167538, -5189036, 9137109, - 730663, 9835848, 4555336}, - }, - { - {-23376435, 1410446, -22253753, -12899614, 30867635, 15826977, - 17693930, 544696, -11985298, 12422646}, - {31117226, -12215734, -13502838, 6561947, -9876867, -12757670, - -5118685, -4096706, 29120153, 13924425}, - {-17400879, -14233209, 19675799, -2734756, -11006962, -5858820, - -9383939, -11317700, 7240931, -237388}, - }, - { - {-31361739, -11346780, -15007447, -5856218, -22453340, -12152771, - 1222336, 4389483, 3293637, -15551743}, - {-16684801, -14444245, 11038544, 11054958, -13801175, -3338533, - -24319580, 7733547, 12796905, -6335822}, - {-8759414, -10817836, -25418864, 10783769, -30615557, -9746811, - -28253339, 3647836, 3222231, -11160462}, - }, - { - {18606113, 1693100, -25448386, -15170272, 4112353, 10045021, - 23603893, -2048234, -7550776, 2484985}, - {9255317, -3131197, -12156162, -1004256, 13098013, -9214866, - 16377220, -2102812, -19802075, -3034702}, - {-22729289, 7496160, -5742199, 11329249, 19991973, -3347502, - -31718148, 9936966, -30097688, -10618797}, - }, - { - {21878590, -5001297, 4338336, 13643897, -3036865, 13160960, - 19708896, 5415497, -7360503, -4109293}, - {27736861, 10103576, 12500508, 8502413, -3413016, -9633558, - 10436918, -1550276, -23659143, -8132100}, - {19492550, -12104365, -29681976, -852630, -3208171, 12403437, - 30066266, 8367329, 13243957, 8709688}, - }, - }, - { - { - {12015105, 2801261, 28198131, 10151021, 24818120, -4743133, - -11194191, -5645734, 5150968, 7274186}, - {2831366, -12492146, 1478975, 6122054, 23825128, -12733586, - 31097299, 6083058, 31021603, -9793610}, - {-2529932, -2229646, 445613, 10720828, -13849527, -11505937, - -23507731, 16354465, 15067285, -14147707}, - }, - { - {7840942, 14037873, -33364863, 15934016, -728213, -3642706, - 21403988, 1057586, -19379462, -12403220}, - {915865, -16469274, 15608285, -8789130, -24357026, 6060030, - -17371319, 8410997, -7220461, 16527025}, - {32922597, -556987, 20336074, -16184568, 10903705, -5384487, - 16957574, 52992, 23834301, 6588044}, - }, - { - {32752030, 11232950, 3381995, -8714866, 22652988, -10744103, - 17159699, 16689107, -20314580, -1305992}, - {-4689649, 9166776, -25710296, -10847306, 11576752, 12733943, - 7924251, -2752281, 1976123, -7249027}, - {21251222, 16309901, -2983015, -6783122, 30810597, 12967303, 156041, - -3371252, 12331345, -8237197}, - }, - { - {8651614, -4477032, -16085636, -4996994, 13002507, 2950805, - 29054427, -5106970, 10008136, -4667901}, - {31486080, 15114593, -14261250, 12951354, 14369431, -7387845, - 16347321, -13662089, 8684155, -10532952}, - {19443825, 11385320, 24468943, -9659068, -23919258, 2187569, - -26263207, -6086921, 31316348, 14219878}, - }, - { - {-28594490, 1193785, 32245219, 11392485, 31092169, 15722801, - 27146014, 6992409, 29126555, 9207390}, - {32382935, 1110093, 18477781, 11028262, -27411763, -7548111, - -4980517, 10843782, -7957600, -14435730}, - {2814918, 7836403, 27519878, -7868156, -20894015, -11553689, - -21494559, 8550130, 28346258, 1994730}, - }, - { - {-19578299, 8085545, -14000519, -3948622, 2785838, -16231307, - -19516951, 7174894, 22628102, 8115180}, - {-30405132, 955511, -11133838, -15078069, -32447087, -13278079, - -25651578, 3317160, -9943017, 930272}, - {-15303681, -6833769, 28856490, 1357446, 23421993, 1057177, - 24091212, -1388970, -22765376, -10650715}, - }, - { - {-22751231, -5303997, -12907607, -12768866, -15811511, -7797053, - -14839018, -16554220, -1867018, 8398970}, - {-31969310, 2106403, -4736360, 1362501, 12813763, 16200670, - 22981545, -6291273, 18009408, -15772772}, - {-17220923, -9545221, -27784654, 14166835, 29815394, 7444469, - 29551787, -3727419, 19288549, 1325865}, - }, - { - {15100157, -15835752, -23923978, -1005098, -26450192, 15509408, - 12376730, -3479146, 33166107, -8042750}, - {20909231, 13023121, -9209752, 16251778, -5778415, -8094914, - 12412151, 10018715, 2213263, -13878373}, - {32529814, -11074689, 30361439, -16689753, -9135940, 1513226, - 22922121, 6382134, -5766928, 8371348}, - }, - }, - { - { - {9923462, 11271500, 12616794, 3544722, -29998368, -1721626, - 12891687, -8193132, -26442943, 10486144}, - {-22597207, -7012665, 8587003, -8257861, 4084309, -12970062, 361726, - 2610596, -23921530, -11455195}, - {5408411, -1136691, -4969122, 10561668, 24145918, 14240566, - 31319731, -4235541, 19985175, -3436086}, - }, - { - {-13994457, 16616821, 14549246, 3341099, 32155958, 13648976, - -17577068, 8849297, 65030, 8370684}, - {-8320926, -12049626, 31204563, 5839400, -20627288, -1057277, - -19442942, 6922164, 12743482, -9800518}, - {-2361371, 12678785, 28815050, 4759974, -23893047, 4884717, - 23783145, 11038569, 18800704, 255233}, - }, - { - {-5269658, -1773886, 13957886, 7990715, 23132995, 728773, 13393847, - 9066957, 19258688, -14753793}, - {-2936654, -10827535, -10432089, 14516793, -3640786, 4372541, - -31934921, 2209390, -1524053, 2055794}, - {580882, 16705327, 5468415, -2683018, -30926419, -14696000, - -7203346, -8994389, -30021019, 7394435}, - }, - { - {23838809, 1822728, -15738443, 15242727, 8318092, -3733104, - -21672180, -3492205, -4821741, 14799921}, - {13345610, 9759151, 3371034, -16137791, 16353039, 8577942, 31129804, - 13496856, -9056018, 7402518}, - {2286874, -4435931, -20042458, -2008336, -13696227, 5038122, - 11006906, -15760352, 8205061, 1607563}, - }, - { - {14414086, -8002132, 3331830, -3208217, 22249151, -5594188, - 18364661, -2906958, 30019587, -9029278}, - {-27688051, 1585953, -10775053, 931069, -29120221, -11002319, - -14410829, 12029093, 9944378, 8024}, - {4368715, -3709630, 29874200, -15022983, -20230386, -11410704, - -16114594, -999085, -8142388, 5640030}, - }, - { - {10299610, 13746483, 11661824, 16234854, 7630238, 5998374, 9809887, - -16694564, 15219798, -14327783}, - {27425505, -5719081, 3055006, 10660664, 23458024, 595578, -15398605, - -1173195, -18342183, 9742717}, - {6744077, 2427284, 26042789, 2720740, -847906, 1118974, 32324614, - 7406442, 12420155, 1994844}, - }, - { - {14012521, -5024720, -18384453, -9578469, -26485342, -3936439, - -13033478, -10909803, 24319929, -6446333}, - {16412690, -4507367, 10772641, 15929391, -17068788, -4658621, - 10555945, -10484049, -30102368, -4739048}, - {22397382, -7767684, -9293161, -12792868, 17166287, -9755136, - -27333065, 6199366, 21880021, -12250760}, - }, - { - {-4283307, 5368523, -31117018, 8163389, -30323063, 3209128, - 16557151, 8890729, 8840445, 4957760}, - {-15447727, 709327, -6919446, -10870178, -29777922, 6522332, - -21720181, 12130072, -14796503, 5005757}, - {-2114751, -14308128, 23019042, 15765735, -25269683, 6002752, - 10183197, -13239326, -16395286, -2176112}, - }, - }, - { - { - {-19025756, 1632005, 13466291, -7995100, -23640451, 16573537, - -32013908, -3057104, 22208662, 2000468}, - {3065073, -1412761, -25598674, -361432, -17683065, -5703415, - -8164212, 11248527, -3691214, -7414184}, - {10379208, -6045554, 8877319, 1473647, -29291284, -12507580, - 16690915, 2553332, -3132688, 16400289}, - }, - { - {15716668, 1254266, -18472690, 7446274, -8448918, 6344164, - -22097271, -7285580, 26894937, 9132066}, - {24158887, 12938817, 11085297, -8177598, -28063478, -4457083, - -30576463, 64452, -6817084, -2692882}, - {13488534, 7794716, 22236231, 5989356, 25426474, -12578208, 2350710, - -3418511, -4688006, 2364226}, - }, - { - {16335052, 9132434, 25640582, 6678888, 1725628, 8517937, -11807024, - -11697457, 15445875, -7798101}, - {29004207, -7867081, 28661402, -640412, -12794003, -7943086, - 31863255, -4135540, -278050, -15759279}, - {-6122061, -14866665, -28614905, 14569919, -10857999, -3591829, - 10343412, -6976290, -29828287, -10815811}, - }, - { - {27081650, 3463984, 14099042, -4517604, 1616303, -6205604, 29542636, - 15372179, 17293797, 960709}, - {20263915, 11434237, -5765435, 11236810, 13505955, -10857102, - -16111345, 6493122, -19384511, 7639714}, - {-2830798, -14839232, 25403038, -8215196, -8317012, -16173699, - 18006287, -16043750, 29994677, -15808121}, - }, - { - {9769828, 5202651, -24157398, -13631392, -28051003, -11561624, - -24613141, -13860782, -31184575, 709464}, - {12286395, 13076066, -21775189, -1176622, -25003198, 4057652, - -32018128, -8890874, 16102007, 13205847}, - {13733362, 5599946, 10557076, 3195751, -5557991, 8536970, -25540170, - 8525972, 10151379, 10394400}, - }, - { - {4024660, -16137551, 22436262, 12276534, -9099015, -2686099, - 19698229, 11743039, -33302334, 8934414}, - {-15879800, -4525240, -8580747, -2934061, 14634845, -698278, - -9449077, 3137094, -11536886, 11721158}, - {17555939, -5013938, 8268606, 2331751, -22738815, 9761013, 9319229, - 8835153, -9205489, -1280045}, - }, - { - {-461409, -7830014, 20614118, 16688288, -7514766, -4807119, - 22300304, 505429, 6108462, -6183415}, - {-5070281, 12367917, -30663534, 3234473, 32617080, -8422642, - 29880583, -13483331, -26898490, -7867459}, - {-31975283, 5726539, 26934134, 10237677, -3173717, -605053, - 24199304, 3795095, 7592688, -14992079}, - }, - { - {21594432, -14964228, 17466408, -4077222, 32537084, 2739898, - 6407723, 12018833, -28256052, 4298412}, - {-20650503, -11961496, -27236275, 570498, 3767144, -1717540, - 13891942, -1569194, 13717174, 10805743}, - {-14676630, -15644296, 15287174, 11927123, 24177847, -8175568, - -796431, 14860609, -26938930, -5863836}, - }, - }, - { - { - {12962541, 5311799, -10060768, 11658280, 18855286, -7954201, - 13286263, -12808704, -4381056, 9882022}, - {18512079, 11319350, -20123124, 15090309, 18818594, 5271736, - -22727904, 3666879, -23967430, -3299429}, - {-6789020, -3146043, 16192429, 13241070, 15898607, -14206114, - -10084880, -6661110, -2403099, 5276065}, - }, - { - {30169808, -5317648, 26306206, -11750859, 27814964, 7069267, - 7152851, 3684982, 1449224, 13082861}, - {10342826, 3098505, 2119311, 193222, 25702612, 12233820, 23697382, - 15056736, -21016438, -8202000}, - {-33150110, 3261608, 22745853, 7948688, 19370557, -15177665, - -26171976, 6482814, -10300080, -11060101}, - }, - { - {32869458, -5408545, 25609743, 15678670, -10687769, -15471071, - 26112421, 2521008, -22664288, 6904815}, - {29506923, 4457497, 3377935, -9796444, -30510046, 12935080, 1561737, - 3841096, -29003639, -6657642}, - {10340844, -6630377, -18656632, -2278430, 12621151, -13339055, - 30878497, -11824370, -25584551, 5181966}, - }, - { - {25940115, -12658025, 17324188, -10307374, -8671468, 15029094, - 24396252, -16450922, -2322852, -12388574}, - {-21765684, 9916823, -1300409, 4079498, -1028346, 11909559, 1782390, - 12641087, 20603771, -6561742}, - {-18882287, -11673380, 24849422, 11501709, 13161720, -4768874, - 1925523, 11914390, 4662781, 7820689}, - }, - { - {12241050, -425982, 8132691, 9393934, 32846760, -1599620, 29749456, - 12172924, 16136752, 15264020}, - {-10349955, -14680563, -8211979, 2330220, -17662549, -14545780, - 10658213, 6671822, 19012087, 3772772}, - {3753511, -3421066, 10617074, 2028709, 14841030, -6721664, 28718732, - -15762884, 20527771, 12988982}, - }, - { - {-14822485, -5797269, -3707987, 12689773, -898983, -10914866, - -24183046, -10564943, 3299665, -12424953}, - {-16777703, -15253301, -9642417, 4978983, 3308785, 8755439, 6943197, - 6461331, -25583147, 8991218}, - {-17226263, 1816362, -1673288, -6086439, 31783888, -8175991, - -32948145, 7417950, -30242287, 1507265}, - }, - { - {29692663, 6829891, -10498800, 4334896, 20945975, -11906496, - -28887608, 8209391, 14606362, -10647073}, - {-3481570, 8707081, 32188102, 5672294, 22096700, 1711240, -33020695, - 9761487, 4170404, -2085325}, - {-11587470, 14855945, -4127778, -1531857, -26649089, 15084046, - 22186522, 16002000, -14276837, -8400798}, - }, - { - {-4811456, 13761029, -31703877, -2483919, -3312471, 7869047, - -7113572, -9620092, 13240845, 10965870}, - {-7742563, -8256762, -14768334, -13656260, -23232383, 12387166, - 4498947, 14147411, 29514390, 4302863}, - {-13413405, -12407859, 20757302, -13801832, 14785143, 8976368, - -5061276, -2144373, 17846988, -13971927}, - }, - }, - { - { - {-2244452, -754728, -4597030, -1066309, -6247172, 1455299, - -21647728, -9214789, -5222701, 12650267}, - {-9906797, -16070310, 21134160, 12198166, -27064575, 708126, 387813, - 13770293, -19134326, 10958663}, - {22470984, 12369526, 23446014, -5441109, -21520802, -9698723, - -11772496, -11574455, -25083830, 4271862}, - }, - { - {-25169565, -10053642, -19909332, 15361595, -5984358, 2159192, - 75375, -4278529, -32526221, 8469673}, - {15854970, 4148314, -8893890, 7259002, 11666551, 13824734, - -30531198, 2697372, 24154791, -9460943}, - {15446137, -15806644, 29759747, 14019369, 30811221, -9610191, - -31582008, 12840104, 24913809, 9815020}, - }, - { - {-4709286, -5614269, -31841498, -12288893, -14443537, 10799414, - -9103676, 13438769, 18735128, 9466238}, - {11933045, 9281483, 5081055, -5183824, -2628162, -4905629, -7727821, - -10896103, -22728655, 16199064}, - {14576810, 379472, -26786533, -8317236, -29426508, -10812974, - -102766, 1876699, 30801119, 2164795}, - }, - { - {15995086, 3199873, 13672555, 13712240, -19378835, -4647646, - -13081610, -15496269, -13492807, 1268052}, - {-10290614, -3659039, -3286592, 10948818, 23037027, 3794475, - -3470338, -12600221, -17055369, 3565904}, - {29210088, -9419337, -5919792, -4952785, 10834811, -13327726, - -16512102, -10820713, -27162222, -14030531}, - }, - { - {-13161890, 15508588, 16663704, -8156150, -28349942, 9019123, - -29183421, -3769423, 2244111, -14001979}, - {-5152875, -3800936, -9306475, -6071583, 16243069, 14684434, - -25673088, -16180800, 13491506, 4641841}, - {10813417, 643330, -19188515, -728916, 30292062, -16600078, - 27548447, -7721242, 14476989, -12767431}, - }, - { - {10292079, 9984945, 6481436, 8279905, -7251514, 7032743, 27282937, - -1644259, -27912810, 12651324}, - {-31185513, -813383, 22271204, 11835308, 10201545, 15351028, - 17099662, 3988035, 21721536, -3148940}, - {10202177, -6545839, -31373232, -9574638, -32150642, -8119683, - -12906320, 3852694, 13216206, 14842320}, - }, - { - {-15815640, -10601066, -6538952, -7258995, -6984659, -6581778, - -31500847, 13765824, -27434397, 9900184}, - {14465505, -13833331, -32133984, -14738873, -27443187, 12990492, - 33046193, 15796406, -7051866, -8040114}, - {30924417, -8279620, 6359016, -12816335, 16508377, 9071735, - -25488601, 15413635, 9524356, -7018878}, - }, - { - {12274201, -13175547, 32627641, -1785326, 6736625, 13267305, - 5237659, -5109483, 15663516, 4035784}, - {-2951309, 8903985, 17349946, 601635, -16432815, -4612556, - -13732739, -15889334, -22258478, 4659091}, - {-16916263, -4952973, -30393711, -15158821, 20774812, 15897498, - 5736189, 15026997, -2178256, -13455585}, - }, - }, - { - { - {-8858980, -2219056, 28571666, -10155518, -474467, -10105698, - -3801496, 278095, 23440562, -290208}, - {10226241, -5928702, 15139956, 120818, -14867693, 5218603, 32937275, - 11551483, -16571960, -7442864}, - {17932739, -12437276, -24039557, 10749060, 11316803, 7535897, - 22503767, 5561594, -3646624, 3898661}, - }, - { - {7749907, -969567, -16339731, -16464, -25018111, 15122143, -1573531, - 7152530, 21831162, 1245233}, - {26958459, -14658026, 4314586, 8346991, -5677764, 11960072, - -32589295, -620035, -30402091, -16716212}, - {-12165896, 9166947, 33491384, 13673479, 29787085, 13096535, - 6280834, 14587357, -22338025, 13987525}, - }, - { - {-24349909, 7778775, 21116000, 15572597, -4833266, -5357778, - -4300898, -5124639, -7469781, -2858068}, - {9681908, -6737123, -31951644, 13591838, -6883821, 386950, 31622781, - 6439245, -14581012, 4091397}, - {-8426427, 1470727, -28109679, -1596990, 3978627, -5123623, - -19622683, 12092163, 29077877, -14741988}, - }, - { - {5269168, -6859726, -13230211, -8020715, 25932563, 1763552, - -5606110, -5505881, -20017847, 2357889}, - {32264008, -15407652, -5387735, -1160093, -2091322, -3946900, - 23104804, -12869908, 5727338, 189038}, - {14609123, -8954470, -6000566, -16622781, -14577387, -7743898, - -26745169, 10942115, -25888931, -14884697}, - }, - { - {20513500, 5557931, -15604613, 7829531, 26413943, -2019404, - -21378968, 7471781, 13913677, -5137875}, - {-25574376, 11967826, 29233242, 12948236, -6754465, 4713227, - -8940970, 14059180, 12878652, 8511905}, - {-25656801, 3393631, -2955415, -7075526, -2250709, 9366908, - -30223418, 6812974, 5568676, -3127656}, - }, - { - {11630004, 12144454, 2116339, 13606037, 27378885, 15676917, - -17408753, -13504373, -14395196, 8070818}, - {27117696, -10007378, -31282771, -5570088, 1127282, 12772488, - -29845906, 10483306, -11552749, -1028714}, - {10637467, -5688064, 5674781, 1072708, -26343588, -6982302, - -1683975, 9177853, -27493162, 15431203}, - }, - { - {20525145, 10892566, -12742472, 12779443, -29493034, 16150075, - -28240519, 14943142, -15056790, -7935931}, - {-30024462, 5626926, -551567, -9981087, 753598, 11981191, 25244767, - -3239766, -3356550, 9594024}, - {-23752644, 2636870, -5163910, -10103818, 585134, 7877383, 11345683, - -6492290, 13352335, -10977084}, - }, - { - {-1931799, -5407458, 3304649, -12884869, 17015806, -4877091, - -29783850, -7752482, -13215537, -319204}, - {20239939, 6607058, 6203985, 3483793, -18386976, -779229, -20723742, - 15077870, -22750759, 14523817}, - {27406042, -6041657, 27423596, -4497394, 4996214, 10002360, - -28842031, -4545494, -30172742, -4805667}, - }, - }, - { - { - {11374242, 12660715, 17861383, -12540833, 10935568, 1099227, - -13886076, -9091740, -27727044, 11358504}, - {-12730809, 10311867, 1510375, 10778093, -2119455, -9145702, - 32676003, 11149336, -26123651, 4985768}, - {-19096303, 341147, -6197485, -239033, 15756973, -8796662, -983043, - 13794114, -19414307, -15621255}, - }, - { - {6490081, 11940286, 25495923, -7726360, 8668373, -8751316, 3367603, - 6970005, -1691065, -9004790}, - {1656497, 13457317, 15370807, 6364910, 13605745, 8362338, -19174622, - -5475723, -16796596, -5031438}, - {-22273315, -13524424, -64685, -4334223, -18605636, -10921968, - -20571065, -7007978, -99853, -10237333}, - }, - { - {17747465, 10039260, 19368299, -4050591, -20630635, -16041286, - 31992683, -15857976, -29260363, -5511971}, - {31932027, -4986141, -19612382, 16366580, 22023614, 88450, 11371999, - -3744247, 4882242, -10626905}, - {29796507, 37186, 19818052, 10115756, -11829032, 3352736, 18551198, - 3272828, -5190932, -4162409}, - }, - { - {12501286, 4044383, -8612957, -13392385, -32430052, 5136599, - -19230378, -3529697, 330070, -3659409}, - {6384877, 2899513, 17807477, 7663917, -2358888, 12363165, 25366522, - -8573892, -271295, 12071499}, - {-8365515, -4042521, 25133448, -4517355, -6211027, 2265927, - -32769618, 1936675, -5159697, 3829363}, - }, - { - {28425966, -5835433, -577090, -4697198, -14217555, 6870930, 7921550, - -6567787, 26333140, 14267664}, - {-11067219, 11871231, 27385719, -10559544, -4585914, -11189312, - 10004786, -8709488, -21761224, 8930324}, - {-21197785, -16396035, 25654216, -1725397, 12282012, 11008919, - 1541940, 4757911, -26491501, -16408940}, - }, - { - {13537262, -7759490, -20604840, 10961927, -5922820, -13218065, - -13156584, 6217254, -15943699, 13814990}, - {-17422573, 15157790, 18705543, 29619, 24409717, -260476, 27361681, - 9257833, -1956526, -1776914}, - {-25045300, -10191966, 15366585, 15166509, -13105086, 8423556, - -29171540, 12361135, -18685978, 4578290}, - }, - { - {24579768, 3711570, 1342322, -11180126, -27005135, 14124956, - -22544529, 14074919, 21964432, 8235257}, - {-6528613, -2411497, 9442966, -5925588, 12025640, -1487420, - -2981514, -1669206, 13006806, 2355433}, - {-16304899, -13605259, -6632427, -5142349, 16974359, -10911083, - 27202044, 1719366, 1141648, -12796236}, - }, - { - {-12863944, -13219986, -8318266, -11018091, -6810145, -4843894, - 13475066, -3133972, 32674895, 13715045}, - {11423335, -5468059, 32344216, 8962751, 24989809, 9241752, - -13265253, 16086212, -28740881, -15642093}, - {-1409668, 12530728, -6368726, 10847387, 19531186, -14132160, - -11709148, 7791794, -27245943, 4383347}, - }, - }, - { - { - {-28970898, 5271447, -1266009, -9736989, -12455236, 16732599, - -4862407, -4906449, 27193557, 6245191}, - {-15193956, 5362278, -1783893, 2695834, 4960227, 12840725, 23061898, - 3260492, 22510453, 8577507}, - {-12632451, 11257346, -32692994, 13548177, -721004, 10879011, - 31168030, 13952092, -29571492, -3635906}, - }, - { - {3877321, -9572739, 32416692, 5405324, -11004407, -13656635, - 3759769, 11935320, 5611860, 8164018}, - {-16275802, 14667797, 15906460, 12155291, -22111149, -9039718, - 32003002, -8832289, 5773085, -8422109}, - {-23788118, -8254300, 1950875, 8937633, 18686727, 16459170, -905725, - 12376320, 31632953, 190926}, - }, - { - {-24593607, -16138885, -8423991, 13378746, 14162407, 6901328, - -8288749, 4508564, -25341555, -3627528}, - {8884438, -5884009, 6023974, 10104341, -6881569, -4941533, 18722941, - -14786005, -1672488, 827625}, - {-32720583, -16289296, -32503547, 7101210, 13354605, 2659080, - -1800575, -14108036, -24878478, 1541286}, - }, - { - {2901347, -1117687, 3880376, -10059388, -17620940, -3612781, - -21802117, -3567481, 20456845, -1885033}, - {27019610, 12299467, -13658288, -1603234, -12861660, -4861471, - -19540150, -5016058, 29439641, 15138866}, - {21536104, -6626420, -32447818, -10690208, -22408077, 5175814, - -5420040, -16361163, 7779328, 109896}, - }, - { - {30279744, 14648750, -8044871, 6425558, 13639621, -743509, 28698390, - 12180118, 23177719, -554075}, - {26572847, 3405927, -31701700, 12890905, -19265668, 5335866, - -6493768, 2378492, 4439158, -13279347}, - {-22716706, 3489070, -9225266, -332753, 18875722, -1140095, - 14819434, -12731527, -17717757, -5461437}, - }, - { - {-5056483, 16566551, 15953661, 3767752, -10436499, 15627060, - -820954, 2177225, 8550082, -15114165}, - {-18473302, 16596775, -381660, 15663611, 22860960, 15585581, - -27844109, -3582739, -23260460, -8428588}, - {-32480551, 15707275, -8205912, -5652081, 29464558, 2713815, - -22725137, 15860482, -21902570, 1494193}, - }, - { - {-19562091, -14087393, -25583872, -9299552, 13127842, 759709, - 21923482, 16529112, 8742704, 12967017}, - {-28464899, 1553205, 32536856, -10473729, -24691605, -406174, - -8914625, -2933896, -29903758, 15553883}, - {21877909, 3230008, 9881174, 10539357, -4797115, 2841332, 11543572, - 14513274, 19375923, -12647961}, - }, - { - {8832269, -14495485, 13253511, 5137575, 5037871, 4078777, 24880818, - -6222716, 2862653, 9455043}, - {29306751, 5123106, 20245049, -14149889, 9592566, 8447059, -2077124, - -2990080, 15511449, 4789663}, - {-20679756, 7004547, 8824831, -9434977, -4045704, -3750736, - -5754762, 108893, 23513200, 16652362}, - }, - }, - { - { - {-33256173, 4144782, -4476029, -6579123, 10770039, -7155542, - -6650416, -12936300, -18319198, 10212860}, - {2756081, 8598110, 7383731, -6859892, 22312759, -1105012, 21179801, - 2600940, -9988298, -12506466}, - {-24645692, 13317462, -30449259, -15653928, 21365574, -10869657, - 11344424, 864440, -2499677, -16710063}, - }, - { - {-26432803, 6148329, -17184412, -14474154, 18782929, -275997, - -22561534, 211300, 2719757, 4940997}, - {-1323882, 3911313, -6948744, 14759765, -30027150, 7851207, - 21690126, 8518463, 26699843, 5276295}, - {-13149873, -6429067, 9396249, 365013, 24703301, -10488939, 1321586, - 149635, -15452774, 7159369}, - }, - { - {9987780, -3404759, 17507962, 9505530, 9731535, -2165514, 22356009, - 8312176, 22477218, -8403385}, - {18155857, -16504990, 19744716, 9006923, 15154154, -10538976, - 24256460, -4864995, -22548173, 9334109}, - {2986088, -4911893, 10776628, -3473844, 10620590, -7083203, - -21413845, 14253545, -22587149, 536906}, - }, - { - {4377756, 8115836, 24567078, 15495314, 11625074, 13064599, 7390551, - 10589625, 10838060, -15420424}, - {-19342404, 867880, 9277171, -3218459, -14431572, -1986443, - 19295826, -15796950, 6378260, 699185}, - {7895026, 4057113, -7081772, -13077756, -17886831, -323126, -716039, - 15693155, -5045064, -13373962}, - }, - { - {-7737563, -5869402, -14566319, -7406919, 11385654, 13201616, - 31730678, -10962840, -3918636, -9669325}, - {10188286, -15770834, -7336361, 13427543, 22223443, 14896287, - 30743455, 7116568, -21786507, 5427593}, - {696102, 13206899, 27047647, -10632082, 15285305, -9853179, - 10798490, -4578720, 19236243, 12477404}, - }, - { - {-11229439, 11243796, -17054270, -8040865, -788228, -8167967, - -3897669, 11180504, -23169516, 7733644}, - {17800790, -14036179, -27000429, -11766671, 23887827, 3149671, - 23466177, -10538171, 10322027, 15313801}, - {26246234, 11968874, 32263343, -5468728, 6830755, -13323031, - -15794704, -101982, -24449242, 10890804}, - }, - { - {-31365647, 10271363, -12660625, -6267268, 16690207, -13062544, - -14982212, 16484931, 25180797, -5334884}, - {-586574, 10376444, -32586414, -11286356, 19801893, 10997610, - 2276632, 9482883, 316878, 13820577}, - {-9882808, -4510367, -2115506, 16457136, -11100081, 11674996, - 30756178, -7515054, 30696930, -3712849}, - }, - { - {32988917, -9603412, 12499366, 7910787, -10617257, -11931514, - -7342816, -9985397, -32349517, 7392473}, - {-8855661, 15927861, 9866406, -3649411, -2396914, -16655781, - -30409476, -9134995, 25112947, -2926644}, - {-2504044, -436966, 25621774, -5678772, 15085042, -5479877, - -24884878, -13526194, 5537438, -13914319}, - }, - }, - { - { - {-11225584, 2320285, -9584280, 10149187, -33444663, 5808648, - -14876251, -1729667, 31234590, 6090599}, - {-9633316, 116426, 26083934, 2897444, -6364437, -2688086, 609721, - 15878753, -6970405, -9034768}, - {-27757857, 247744, -15194774, -9002551, 23288161, -10011936, - -23869595, 6503646, 20650474, 1804084}, - }, - { - {-27589786, 15456424, 8972517, 8469608, 15640622, 4439847, 3121995, - -10329713, 27842616, -202328}, - {-15306973, 2839644, 22530074, 10026331, 4602058, 5048462, 28248656, - 5031932, -11375082, 12714369}, - {20807691, -7270825, 29286141, 11421711, -27876523, -13868230, - -21227475, 1035546, -19733229, 12796920}, - }, - { - {12076899, -14301286, -8785001, -11848922, -25012791, 16400684, - -17591495, -12899438, 3480665, -15182815}, - {-32361549, 5457597, 28548107, 7833186, 7303070, -11953545, - -24363064, -15921875, -33374054, 2771025}, - {-21389266, 421932, 26597266, 6860826, 22486084, -6737172, - -17137485, -4210226, -24552282, 15673397}, - }, - { - {-20184622, 2338216, 19788685, -9620956, -4001265, -8740893, - -20271184, 4733254, 3727144, -12934448}, - {6120119, 814863, -11794402, -622716, 6812205, -15747771, 2019594, - 7975683, 31123697, -10958981}, - {30069250, -11435332, 30434654, 2958439, 18399564, -976289, - 12296869, 9204260, -16432438, 9648165}, - }, - { - {32705432, -1550977, 30705658, 7451065, -11805606, 9631813, 3305266, - 5248604, -26008332, -11377501}, - {17219865, 2375039, -31570947, -5575615, -19459679, 9219903, 294711, - 15298639, 2662509, -16297073}, - {-1172927, -7558695, -4366770, -4287744, -21346413, -8434326, - 32087529, -1222777, 32247248, -14389861}, - }, - { - {14312628, 1221556, 17395390, -8700143, -4945741, -8684635, - -28197744, -9637817, -16027623, -13378845}, - {-1428825, -9678990, -9235681, 6549687, -7383069, -468664, 23046502, - 9803137, 17597934, 2346211}, - {18510800, 15337574, 26171504, 981392, -22241552, 7827556, - -23491134, -11323352, 3059833, -11782870}, - }, - { - {10141598, 6082907, 17829293, -1947643, 9830092, 13613136, - -25556636, -5544586, -33502212, 3592096}, - {33114168, -15889352, -26525686, -13343397, 33076705, 8716171, - 1151462, 1521897, -982665, -6837803}, - {-32939165, -4255815, 23947181, -324178, -33072974, -12305637, - -16637686, 3891704, 26353178, 693168}, - }, - { - {30374239, 1595580, -16884039, 13186931, 4600344, 406904, 9585294, - -400668, 31375464, 14369965}, - {-14370654, -7772529, 1510301, 6434173, -18784789, -6262728, - 32732230, -13108839, 17901441, 16011505}, - {18171223, -11934626, -12500402, 15197122, -11038147, -15230035, - -19172240, -16046376, 8764035, 12309598}, - }, - }, - { - { - {5975908, -5243188, -19459362, -9681747, -11541277, 14015782, - -23665757, 1228319, 17544096, -10593782}, - {5811932, -1715293, 3442887, -2269310, -18367348, -8359541, - -18044043, -15410127, -5565381, 12348900}, - {-31399660, 11407555, 25755363, 6891399, -3256938, 14872274, - -24849353, 8141295, -10632534, -585479}, - }, - { - {-12675304, 694026, -5076145, 13300344, 14015258, -14451394, - -9698672, -11329050, 30944593, 1130208}, - {8247766, -6710942, -26562381, -7709309, -14401939, -14648910, - 4652152, 2488540, 23550156, -271232}, - {17294316, -3788438, 7026748, 15626851, 22990044, 113481, 2267737, - -5908146, -408818, -137719}, - }, - { - {16091085, -16253926, 18599252, 7340678, 2137637, -1221657, - -3364161, 14550936, 3260525, -7166271}, - {-4910104, -13332887, 18550887, 10864893, -16459325, -7291596, - -23028869, -13204905, -12748722, 2701326}, - {-8574695, 16099415, 4629974, -16340524, -20786213, -6005432, - -10018363, 9276971, 11329923, 1862132}, - }, - { - {14763076, -15903608, -30918270, 3689867, 3511892, 10313526, - -21951088, 12219231, -9037963, -940300}, - {8894987, -3446094, 6150753, 3013931, 301220, 15693451, -31981216, - -2909717, -15438168, 11595570}, - {15214962, 3537601, -26238722, -14058872, 4418657, -15230761, - 13947276, 10730794, -13489462, -4363670}, - }, - { - {-2538306, 7682793, 32759013, 263109, -29984731, -7955452, - -22332124, -10188635, 977108, 699994}, - {-12466472, 4195084, -9211532, 550904, -15565337, 12917920, - 19118110, -439841, -30534533, -14337913}, - {31788461, -14507657, 4799989, 7372237, 8808585, -14747943, 9408237, - -10051775, 12493932, -5409317}, - }, - { - {-25680606, 5260744, -19235809, -6284470, -3695942, 16566087, - 27218280, 2607121, 29375955, 6024730}, - {842132, -2794693, -4763381, -8722815, 26332018, -12405641, - 11831880, 6985184, -9940361, 2854096}, - {-4847262, -7969331, 2516242, -5847713, 9695691, -7221186, 16512645, - 960770, 12121869, 16648078}, - }, - { - {-15218652, 14667096, -13336229, 2013717, 30598287, -464137, - -31504922, -7882064, 20237806, 2838411}, - {-19288047, 4453152, 15298546, -16178388, 22115043, -15972604, - 12544294, -13470457, 1068881, -12499905}, - {-9558883, -16518835, 33238498, 13506958, 30505848, -1114596, - -8486907, -2630053, 12521378, 4845654}, - }, - { - {-28198521, 10744108, -2958380, 10199664, 7759311, -13088600, - 3409348, -873400, -6482306, -12885870}, - {-23561822, 6230156, -20382013, 10655314, -24040585, -11621172, - 10477734, -1240216, -3113227, 13974498}, - {12966261, 15550616, -32038948, -1615346, 21025980, -629444, - 5642325, 7188737, 18895762, 12629579}, - }, - }, - { - { - {14741879, -14946887, 22177208, -11721237, 1279741, 8058600, - 11758140, 789443, 32195181, 3895677}, - {10758205, 15755439, -4509950, 9243698, -4879422, 6879879, -2204575, - -3566119, -8982069, 4429647}, - {-2453894, 15725973, -20436342, -10410672, -5803908, -11040220, - -7135870, -11642895, 18047436, -15281743}, - }, - { - {-25173001, -11307165, 29759956, 11776784, -22262383, -15820455, - 10993114, -12850837, -17620701, -9408468}, - {21987233, 700364, -24505048, 14972008, -7774265, -5718395, - 32155026, 2581431, -29958985, 8773375}, - {-25568350, 454463, -13211935, 16126715, 25240068, 8594567, - 20656846, 12017935, -7874389, -13920155}, - }, - { - {6028182, 6263078, -31011806, -11301710, -818919, 2461772, - -31841174, -5468042, -1721788, -2776725}, - {-12278994, 16624277, 987579, -5922598, 32908203, 1248608, 7719845, - -4166698, 28408820, 6816612}, - {-10358094, -8237829, 19549651, -12169222, 22082623, 16147817, - 20613181, 13982702, -10339570, 5067943}, - }, - { - {-30505967, -3821767, 12074681, 13582412, -19877972, 2443951, - -19719286, 12746132, 5331210, -10105944}, - {30528811, 3601899, -1957090, 4619785, -27361822, -15436388, - 24180793, -12570394, 27679908, -1648928}, - {9402404, -13957065, 32834043, 10838634, -26580150, -13237195, - 26653274, -8685565, 22611444, -12715406}, - }, - { - {22190590, 1118029, 22736441, 15130463, -30460692, -5991321, - 19189625, -4648942, 4854859, 6622139}, - {-8310738, -2953450, -8262579, -3388049, -10401731, -271929, - 13424426, -3567227, 26404409, 13001963}, - {-31241838, -15415700, -2994250, 8939346, 11562230, -12840670, - -26064365, -11621720, -15405155, 11020693}, - }, - { - {1866042, -7949489, -7898649, -10301010, 12483315, 13477547, - 3175636, -12424163, 28761762, 1406734}, - {-448555, -1777666, 13018551, 3194501, -9580420, -11161737, - 24760585, -4347088, 25577411, -13378680}, - {-24290378, 4759345, -690653, -1852816, 2066747, 10693769, - -29595790, 9884936, -9368926, 4745410}, - }, - { - {-9141284, 6049714, -19531061, -4341411, -31260798, 9944276, - -15462008, -11311852, 10931924, -11931931}, - {-16561513, 14112680, -8012645, 4817318, -8040464, -11414606, - -22853429, 10856641, -20470770, 13434654}, - {22759489, -10073434, -16766264, -1871422, 13637442, -10168091, - 1765144, -12654326, 28445307, -5364710}, - }, - { - {29875063, 12493613, 2795536, -3786330, 1710620, 15181182, - -10195717, -8788675, 9074234, 1167180}, - {-26205683, 11014233, -9842651, -2635485, -26908120, 7532294, - -18716888, -9535498, 3843903, 9367684}, - {-10969595, -6403711, 9591134, 9582310, 11349256, 108879, 16235123, - 8601684, -139197, 4242895}, - }, - }, - { - { - {22092954, -13191123, -2042793, -11968512, 32186753, -11517388, - -6574341, 2470660, -27417366, 16625501}, - {-11057722, 3042016, 13770083, -9257922, 584236, -544855, -7770857, - 2602725, -27351616, 14247413}, - {6314175, -10264892, -32772502, 15957557, -10157730, 168750, - -8618807, 14290061, 27108877, -1180880}, - }, - { - {-8586597, -7170966, 13241782, 10960156, -32991015, -13794596, - 33547976, -11058889, -27148451, 981874}, - {22833440, 9293594, -32649448, -13618667, -9136966, 14756819, - -22928859, -13970780, -10479804, -16197962}, - {-7768587, 3326786, -28111797, 10783824, 19178761, 14905060, - 22680049, 13906969, -15933690, 3797899}, - }, - { - {21721356, -4212746, -12206123, 9310182, -3882239, -13653110, - 23740224, -2709232, 20491983, -8042152}, - {9209270, -15135055, -13256557, -6167798, -731016, 15289673, - 25947805, 15286587, 30997318, -6703063}, - {7392032, 16618386, 23946583, -8039892, -13265164, -1533858, - -14197445, -2321576, 17649998, -250080}, - }, - { - {-9301088, -14193827, 30609526, -3049543, -25175069, -1283752, - -15241566, -9525724, -2233253, 7662146}, - {-17558673, 1763594, -33114336, 15908610, -30040870, -12174295, - 7335080, -8472199, -3174674, 3440183}, - {-19889700, -5977008, -24111293, -9688870, 10799743, -16571957, - 40450, -4431835, 4862400, 1133}, - }, - { - {-32856209, -7873957, -5422389, 14860950, -16319031, 7956142, - 7258061, 311861, -30594991, -7379421}, - {-3773428, -1565936, 28985340, 7499440, 24445838, 9325937, 29727763, - 16527196, 18278453, 15405622}, - {-4381906, 8508652, -19898366, -3674424, -5984453, 15149970, - -13313598, 843523, -21875062, 13626197}, - }, - { - {2281448, -13487055, -10915418, -2609910, 1879358, 16164207, - -10783882, 3953792, 13340839, 15928663}, - {31727126, -7179855, -18437503, -8283652, 2875793, -16390330, - -25269894, -7014826, -23452306, 5964753}, - {4100420, -5959452, -17179337, 6017714, -18705837, 12227141, - -26684835, 11344144, 2538215, -7570755}, - }, - { - {-9433605, 6123113, 11159803, -2156608, 30016280, 14966241, - -20474983, 1485421, -629256, -15958862}, - {-26804558, 4260919, 11851389, 9658551, -32017107, 16367492, - -20205425, -13191288, 11659922, -11115118}, - {26180396, 10015009, -30844224, -8581293, 5418197, 9480663, 2231568, - -10170080, 33100372, -1306171}, - }, - { - {15121113, -5201871, -10389905, 15427821, -27509937, -15992507, - 21670947, 4486675, -5931810, -14466380}, - {16166486, -9483733, -11104130, 6023908, -31926798, -1364923, - 2340060, -16254968, -10735770, -10039824}, - {28042865, -3557089, -12126526, 12259706, -3717498, -6945899, - 6766453, -8689599, 18036436, 5803270}, - }, - }, - { - { - {-817581, 6763912, 11803561, 1585585, 10958447, -2671165, 23855391, - 4598332, -6159431, -14117438}, - {-31031306, -14256194, 17332029, -2383520, 31312682, -5967183, - 696309, 50292, -20095739, 11763584}, - {-594563, -2514283, -32234153, 12643980, 12650761, 14811489, 665117, - -12613632, -19773211, -10713562}, - }, - { - {30464590, -11262872, -4127476, -12734478, 19835327, -7105613, - -24396175, 2075773, -17020157, 992471}, - {18357185, -6994433, 7766382, 16342475, -29324918, 411174, 14578841, - 8080033, -11574335, -10601610}, - {19598397, 10334610, 12555054, 2555664, 18821899, -10339780, - 21873263, 16014234, 26224780, 16452269}, - }, - { - {-30223925, 5145196, 5944548, 16385966, 3976735, 2009897, -11377804, - -7618186, -20533829, 3698650}, - {14187449, 3448569, -10636236, -10810935, -22663880, -3433596, - 7268410, -10890444, 27394301, 12015369}, - {19695761, 16087646, 28032085, 12999827, 6817792, 11427614, - 20244189, -1312777, -13259127, -3402461}, - }, - { - {30860103, 12735208, -1888245, -4699734, -16974906, 2256940, - -8166013, 12298312, -8550524, -10393462}, - {-5719826, -11245325, -1910649, 15569035, 26642876, -7587760, - -5789354, -15118654, -4976164, 12651793}, - {-2848395, 9953421, 11531313, -5282879, 26895123, -12697089, - -13118820, -16517902, 9768698, -2533218}, - }, - { - {-24719459, 1894651, -287698, -4704085, 15348719, -8156530, - 32767513, 12765450, 4940095, 10678226}, - {18860224, 15980149, -18987240, -1562570, -26233012, -11071856, - -7843882, 13944024, -24372348, 16582019}, - {-15504260, 4970268, -29893044, 4175593, -20993212, -2199756, - -11704054, 15444560, -11003761, 7989037}, - }, - { - {31490452, 5568061, -2412803, 2182383, -32336847, 4531686, - -32078269, 6200206, -19686113, -14800171}, - {-17308668, -15879940, -31522777, -2831, -32887382, 16375549, - 8680158, -16371713, 28550068, -6857132}, - {-28126887, -5688091, 16837845, -1820458, -6850681, 12700016, - -30039981, 4364038, 1155602, 5988841}, - }, - { - {21890435, -13272907, -12624011, 12154349, -7831873, 15300496, - 23148983, -4470481, 24618407, 8283181}, - {-33136107, -10512751, 9975416, 6841041, -31559793, 16356536, - 3070187, -7025928, 1466169, 10740210}, - {-1509399, -15488185, -13503385, -10655916, 32799044, 909394, - -13938903, -5779719, -32164649, -15327040}, - }, - { - {3960823, -14267803, -28026090, -15918051, -19404858, 13146868, - 15567327, 951507, -3260321, -573935}, - {24740841, 5052253, -30094131, 8961361, 25877428, 6165135, - -24368180, 14397372, -7380369, -6144105}, - {-28888365, 3510803, -28103278, -1158478, -11238128, -10631454, - -15441463, -14453128, -1625486, -6494814}, - }, - }, - { - { - {793299, -9230478, 8836302, -6235707, -27360908, -2369593, 33152843, - -4885251, -9906200, -621852}, - {5666233, 525582, 20782575, -8038419, -24538499, 14657740, 16099374, - 1468826, -6171428, -15186581}, - {-4859255, -3779343, -2917758, -6748019, 7778750, 11688288, - -30404353, -9871238, -1558923, -9863646}, - }, - { - {10896332, -7719704, 824275, 472601, -19460308, 3009587, 25248958, - 14783338, -30581476, -15757844}, - {10566929, 12612572, -31944212, 11118703, -12633376, 12362879, - 21752402, 8822496, 24003793, 14264025}, - {27713862, -7355973, -11008240, 9227530, 27050101, 2504721, - 23886875, -13117525, 13958495, -5732453}, - }, - { - {-23481610, 4867226, -27247128, 3900521, 29838369, -8212291, - -31889399, -10041781, 7340521, -15410068}, - {4646514, -8011124, -22766023, -11532654, 23184553, 8566613, - 31366726, -1381061, -15066784, -10375192}, - {-17270517, 12723032, -16993061, 14878794, 21619651, -6197576, - 27584817, 3093888, -8843694, 3849921}, - }, - { - {-9064912, 2103172, 25561640, -15125738, -5239824, 9582958, - 32477045, -9017955, 5002294, -15550259}, - {-12057553, -11177906, 21115585, -13365155, 8808712, -12030708, - 16489530, 13378448, -25845716, 12741426}, - {-5946367, 10645103, -30911586, 15390284, -3286982, -7118677, - 24306472, 15852464, 28834118, -7646072}, - }, - { - {-17335748, -9107057, -24531279, 9434953, -8472084, -583362, - -13090771, 455841, 20461858, 5491305}, - {13669248, -16095482, -12481974, -10203039, -14569770, -11893198, - -24995986, 11293807, -28588204, -9421832}, - {28497928, 6272777, -33022994, 14470570, 8906179, -1225630, - 18504674, -14165166, 29867745, -8795943}, - }, - { - {-16207023, 13517196, -27799630, -13697798, 24009064, -6373891, - -6367600, -13175392, 22853429, -4012011}, - {24191378, 16712145, -13931797, 15217831, 14542237, 1646131, - 18603514, -11037887, 12876623, -2112447}, - {17902668, 4518229, -411702, -2829247, 26878217, 5258055, -12860753, - 608397, 16031844, 3723494}, - }, - { - {-28632773, 12763728, -20446446, 7577504, 33001348, -13017745, - 17558842, -7872890, 23896954, -4314245}, - {-20005381, -12011952, 31520464, 605201, 2543521, 5991821, -2945064, - 7229064, -9919646, -8826859}, - {28816045, 298879, -28165016, -15920938, 19000928, -1665890, - -12680833, -2949325, -18051778, -2082915}, - }, - { - {16000882, -344896, 3493092, -11447198, -29504595, -13159789, - 12577740, 16041268, -19715240, 7847707}, - {10151868, 10572098, 27312476, 7922682, 14825339, 4723128, - -32855931, -6519018, -10020567, 3852848}, - {-11430470, 15697596, -21121557, -4420647, 5386314, 15063598, - 16514493, -15932110, 29330899, -15076224}, - }, - }, - { - { - {-25499735, -4378794, -15222908, -6901211, 16615731, 2051784, - 3303702, 15490, -27548796, 12314391}, - {15683520, -6003043, 18109120, -9980648, 15337968, -5997823, - -16717435, 15921866, 16103996, -3731215}, - {-23169824, -10781249, 13588192, -1628807, -3798557, -1074929, - -19273607, 5402699, -29815713, -9841101}, - }, - { - {23190676, 2384583, -32714340, 3462154, -29903655, -1529132, - -11266856, 8911517, -25205859, 2739713}, - {21374101, -3554250, -33524649, 9874411, 15377179, 11831242, - -33529904, 6134907, 4931255, 11987849}, - {-7732, -2978858, -16223486, 7277597, 105524, -322051, -31480539, - 13861388, -30076310, 10117930}, - }, - { - {-29501170, -10744872, -26163768, 13051539, -25625564, 5089643, - -6325503, 6704079, 12890019, 15728940}, - {-21972360, -11771379, -951059, -4418840, 14704840, 2695116, 903376, - -10428139, 12885167, 8311031}, - {-17516482, 5352194, 10384213, -13811658, 7506451, 13453191, - 26423267, 4384730, 1888765, -5435404}, - }, - { - {-25817338, -3107312, -13494599, -3182506, 30896459, -13921729, - -32251644, -12707869, -19464434, -3340243}, - {-23607977, -2665774, -526091, 4651136, 5765089, 4618330, 6092245, - 14845197, 17151279, -9854116}, - {-24830458, -12733720, -15165978, 10367250, -29530908, -265356, - 22825805, -7087279, -16866484, 16176525}, - }, - { - {-23583256, 6564961, 20063689, 3798228, -4740178, 7359225, 2006182, - -10363426, -28746253, -10197509}, - {-10626600, -4486402, -13320562, -5125317, 3432136, -6393229, - 23632037, -1940610, 32808310, 1099883}, - {15030977, 5768825, -27451236, -2887299, -6427378, -15361371, - -15277896, -6809350, 2051441, -15225865}, - }, - { - {-3362323, -7239372, 7517890, 9824992, 23555850, 295369, 5148398, - -14154188, -22686354, 16633660}, - {4577086, -16752288, 13249841, -15304328, 19958763, -14537274, - 18559670, -10759549, 8402478, -9864273}, - {-28406330, -1051581, -26790155, -907698, -17212414, -11030789, - 9453451, -14980072, 17983010, 9967138}, - }, - { - {-25762494, 6524722, 26585488, 9969270, 24709298, 1220360, -1677990, - 7806337, 17507396, 3651560}, - {-10420457, -4118111, 14584639, 15971087, -15768321, 8861010, - 26556809, -5574557, -18553322, -11357135}, - {2839101, 14284142, 4029895, 3472686, 14402957, 12689363, -26642121, - 8459447, -5605463, -7621941}, - }, - { - {-4839289, -3535444, 9744961, 2871048, 25113978, 3187018, -25110813, - -849066, 17258084, -7977739}, - {18164541, -10595176, -17154882, -1542417, 19237078, -9745295, - 23357533, -15217008, 26908270, 12150756}, - {-30264870, -7647865, 5112249, -7036672, -1499807, -6974257, 43168, - -5537701, -32302074, 16215819}, - }, - }, - { - { - {-6898905, 9824394, -12304779, -4401089, -31397141, -6276835, - 32574489, 12532905, -7503072, -8675347}, - {-27343522, -16515468, -27151524, -10722951, 946346, 16291093, - 254968, 7168080, 21676107, -1943028}, - {21260961, -8424752, -16831886, -11920822, -23677961, 3968121, - -3651949, -6215466, -3556191, -7913075}, - }, - { - {16544754, 13250366, -16804428, 15546242, -4583003, 12757258, - -2462308, -8680336, -18907032, -9662799}, - {-2415239, -15577728, 18312303, 4964443, -15272530, -12653564, - 26820651, 16690659, 25459437, -4564609}, - {-25144690, 11425020, 28423002, -11020557, -6144921, -15826224, - 9142795, -2391602, -6432418, -1644817}, - }, - { - {-23104652, 6253476, 16964147, -3768872, -25113972, -12296437, - -27457225, -16344658, 6335692, 7249989}, - {-30333227, 13979675, 7503222, -12368314, -11956721, -4621693, - -30272269, 2682242, 25993170, -12478523}, - {4364628, 5930691, 32304656, -10044554, -8054781, 15091131, - 22857016, -10598955, 31820368, 15075278}, - }, - { - {31879134, -8918693, 17258761, 90626, -8041836, -4917709, 24162788, - -9650886, -17970238, 12833045}, - {19073683, 14851414, -24403169, -11860168, 7625278, 11091125, - -19619190, 2074449, -9413939, 14905377}, - {24483667, -11935567, -2518866, -11547418, -1553130, 15355506, - -25282080, 9253129, 27628530, -7555480}, - }, - { - {17597607, 8340603, 19355617, 552187, 26198470, -3176583, 4593324, - -9157582, -14110875, 15297016}, - {510886, 14337390, -31785257, 16638632, 6328095, 2713355, -20217417, - -11864220, 8683221, 2921426}, - {18606791, 11874196, 27155355, -5281482, -24031742, 6265446, - -25178240, -1278924, 4674690, 13890525}, - }, - { - {13609624, 13069022, -27372361, -13055908, 24360586, 9592974, - 14977157, 9835105, 4389687, 288396}, - {9922506, -519394, 13613107, 5883594, -18758345, -434263, -12304062, - 8317628, 23388070, 16052080}, - {12720016, 11937594, -31970060, -5028689, 26900120, 8561328, - -20155687, -11632979, -14754271, -10812892}, - }, - { - {15961858, 14150409, 26716931, -665832, -22794328, 13603569, - 11829573, 7467844, -28822128, 929275}, - {11038231, -11582396, -27310482, -7316562, -10498527, -16307831, - -23479533, -9371869, -21393143, 2465074}, - {20017163, -4323226, 27915242, 1529148, 12396362, 15675764, - 13817261, -9658066, 2463391, -4622140}, - }, - { - {-16358878, -12663911, -12065183, 4996454, -1256422, 1073572, - 9583558, 12851107, 4003896, 12673717}, - {-1731589, -15155870, -3262930, 16143082, 19294135, 13385325, - 14741514, -9103726, 7903886, 2348101}, - {24536016, -16515207, 12715592, -3862155, 1511293, 10047386, - -3842346, -7129159, -28377538, 10048127}, - }, - }, - { - { - {-12622226, -6204820, 30718825, 2591312, -10617028, 12192840, - 18873298, -7297090, -32297756, 15221632}, - {-26478122, -11103864, 11546244, -1852483, 9180880, 7656409, - -21343950, 2095755, 29769758, 6593415}, - {-31994208, -2907461, 4176912, 3264766, 12538965, -868111, 26312345, - -6118678, 30958054, 8292160}, - }, - { - {31429822, -13959116, 29173532, 15632448, 12174511, -2760094, - 32808831, 3977186, 26143136, -3148876}, - {22648901, 1402143, -22799984, 13746059, 7936347, 365344, -8668633, - -1674433, -3758243, -2304625}, - {-15491917, 8012313, -2514730, -12702462, -23965846, -10254029, - -1612713, -1535569, -16664475, 8194478}, - }, - { - {27338066, -7507420, -7414224, 10140405, -19026427, -6589889, - 27277191, 8855376, 28572286, 3005164}, - {26287124, 4821776, 25476601, -4145903, -3764513, -15788984, - -18008582, 1182479, -26094821, -13079595}, - {-7171154, 3178080, 23970071, 6201893, -17195577, -4489192, - -21876275, -13982627, 32208683, -1198248}, - }, - { - {-16657702, 2817643, -10286362, 14811298, 6024667, 13349505, - -27315504, -10497842, -27672585, -11539858}, - {15941029, -9405932, -21367050, 8062055, 31876073, -238629, - -15278393, -1444429, 15397331, -4130193}, - {8934485, -13485467, -23286397, -13423241, -32446090, 14047986, - 31170398, -1441021, -27505566, 15087184}, - }, - { - {-18357243, -2156491, 24524913, -16677868, 15520427, -6360776, - -15502406, 11461896, 16788528, -5868942}, - {-1947386, 16013773, 21750665, 3714552, -17401782, -16055433, - -3770287, -10323320, 31322514, -11615635}, - {21426655, -5650218, -13648287, -5347537, -28812189, -4920970, - -18275391, -14621414, 13040862, -12112948}, - }, - { - {11293895, 12478086, -27136401, 15083750, -29307421, 14748872, - 14555558, -13417103, 1613711, 4896935}, - {-25894883, 15323294, -8489791, -8057900, 25967126, -13425460, - 2825960, -4897045, -23971776, -11267415}, - {-15924766, -5229880, -17443532, 6410664, 3622847, 10243618, - 20615400, 12405433, -23753030, -8436416}, - }, - { - {-7091295, 12556208, -20191352, 9025187, -17072479, 4333801, - 4378436, 2432030, 23097949, -566018}, - {4565804, -16025654, 20084412, -7842817, 1724999, 189254, 24767264, - 10103221, -18512313, 2424778}, - {366633, -11976806, 8173090, -6890119, 30788634, 5745705, -7168678, - 1344109, -3642553, 12412659}, - }, - { - {-24001791, 7690286, 14929416, -168257, -32210835, -13412986, - 24162697, -15326504, -3141501, 11179385}, - {18289522, -14724954, 8056945, 16430056, -21729724, 7842514, - -6001441, -1486897, -18684645, -11443503}, - {476239, 6601091, -6152790, -9723375, 17503545, -4863900, 27672959, - 13403813, 11052904, 5219329}, - }, - }, - { - { - {20678546, -8375738, -32671898, 8849123, -5009758, 14574752, - 31186971, -3973730, 9014762, -8579056}, - {-13644050, -10350239, -15962508, 5075808, -1514661, -11534600, - -33102500, 9160280, 8473550, -3256838}, - {24900749, 14435722, 17209120, -15292541, -22592275, 9878983, - -7689309, -16335821, -24568481, 11788948}, - }, - { - {-3118155, -11395194, -13802089, 14797441, 9652448, -6845904, - -20037437, 10410733, -24568470, -1458691}, - {-15659161, 16736706, -22467150, 10215878, -9097177, 7563911, - 11871841, -12505194, -18513325, 8464118}, - {-23400612, 8348507, -14585951, -861714, -3950205, -6373419, - 14325289, 8628612, 33313881, -8370517}, - }, - { - {-20186973, -4967935, 22367356, 5271547, -1097117, -4788838, - -24805667, -10236854, -8940735, -5818269}, - {-6948785, -1795212, -32625683, -16021179, 32635414, -7374245, - 15989197, -12838188, 28358192, -4253904}, - {-23561781, -2799059, -32351682, -1661963, -9147719, 10429267, - -16637684, 4072016, -5351664, 5596589}, - }, - { - {-28236598, -3390048, 12312896, 6213178, 3117142, 16078565, - 29266239, 2557221, 1768301, 15373193}, - {-7243358, -3246960, -4593467, -7553353, -127927, -912245, -1090902, - -4504991, -24660491, 3442910}, - {-30210571, 5124043, 14181784, 8197961, 18964734, -11939093, - 22597931, 7176455, -18585478, 13365930}, - }, - { - {-7877390, -1499958, 8324673, 4690079, 6261860, 890446, 24538107, - -8570186, -9689599, -3031667}, - {25008904, -10771599, -4305031, -9638010, 16265036, 15721635, - 683793, -11823784, 15723479, -15163481}, - {-9660625, 12374379, -27006999, -7026148, -7724114, -12314514, - 11879682, 5400171, 519526, -1235876}, - }, - { - {22258397, -16332233, -7869817, 14613016, -22520255, -2950923, - -20353881, 7315967, 16648397, 7605640}, - {-8081308, -8464597, -8223311, 9719710, 19259459, -15348212, - 23994942, -5281555, -9468848, 4763278}, - {-21699244, 9220969, -15730624, 1084137, -25476107, -2852390, - 31088447, -7764523, -11356529, 728112}, - }, - { - {26047220, -11751471, -6900323, -16521798, 24092068, 9158119, - -4273545, -12555558, -29365436, -5498272}, - {17510331, -322857, 5854289, 8403524, 17133918, -3112612, -28111007, - 12327945, 10750447, 10014012}, - {-10312768, 3936952, 9156313, -8897683, 16498692, -994647, - -27481051, -666732, 3424691, 7540221}, - }, - { - {30322361, -6964110, 11361005, -4143317, 7433304, 4989748, -7071422, - -16317219, -9244265, 15258046}, - {13054562, -2779497, 19155474, 469045, -12482797, 4566042, 5631406, - 2711395, 1062915, -5136345}, - {-19240248, -11254599, -29509029, -7499965, -5835763, 13005411, - -6066489, 12194497, 32960380, 1459310}, - }, - }, - { - { - {19852034, 7027924, 23669353, 10020366, 8586503, -6657907, 394197, - -6101885, 18638003, -11174937}, - {31395534, 15098109, 26581030, 8030562, -16527914, -5007134, - 9012486, -7584354, -6643087, -5442636}, - {-9192165, -2347377, -1997099, 4529534, 25766844, 607986, -13222, - 9677543, -32294889, -6456008}, - }, - { - {-2444496, -149937, 29348902, 8186665, 1873760, 12489863, -30934579, - -7839692, -7852844, -8138429}, - {-15236356, -15433509, 7766470, 746860, 26346930, -10221762, - -27333451, 10754588, -9431476, 5203576}, - {31834314, 14135496, -770007, 5159118, 20917671, -16768096, - -7467973, -7337524, 31809243, 7347066}, - }, - { - {-9606723, -11874240, 20414459, 13033986, 13716524, -11691881, - 19797970, -12211255, 15192876, -2087490}, - {-12663563, -2181719, 1168162, -3804809, 26747877, -14138091, - 10609330, 12694420, 33473243, -13382104}, - {33184999, 11180355, 15832085, -11385430, -1633671, 225884, - 15089336, -11023903, -6135662, 14480053}, - }, - { - {31308717, -5619998, 31030840, -1897099, 15674547, -6582883, - 5496208, 13685227, 27595050, 8737275}, - {-20318852, -15150239, 10933843, -16178022, 8335352, -7546022, - -31008351, -12610604, 26498114, 66511}, - {22644454, -8761729, -16671776, 4884562, -3105614, -13559366, - 30540766, -4286747, -13327787, -7515095}, - }, - { - {-28017847, 9834845, 18617207, -2681312, -3401956, -13307506, - 8205540, 13585437, -17127465, 15115439}, - {23711543, -672915, 31206561, -8362711, 6164647, -9709987, - -33535882, -1426096, 8236921, 16492939}, - {-23910559, -13515526, -26299483, -4503841, 25005590, -7687270, - 19574902, 10071562, 6708380, -6222424}, - }, - { - {2101391, -4930054, 19702731, 2367575, -15427167, 1047675, 5301017, - 9328700, 29955601, -11678310}, - {3096359, 9271816, -21620864, -15521844, -14847996, -7592937, - -25892142, -12635595, -9917575, 6216608}, - {-32615849, 338663, -25195611, 2510422, -29213566, -13820213, - 24822830, -6146567, -26767480, 7525079}, - }, - { - {-23066649, -13985623, 16133487, -7896178, -3389565, 778788, - -910336, -2782495, -19386633, 11994101}, - {21691500, -13624626, -641331, -14367021, 3285881, -3483596, - -25064666, 9718258, -7477437, 13381418}, - {18445390, -4202236, 14979846, 11622458, -1727110, -3582980, - 23111648, -6375247, 28535282, 15779576}, - }, - { - {30098053, 3089662, -9234387, 16662135, -21306940, 11308411, - -14068454, 12021730, 9955285, -16303356}, - {9734894, -14576830, -7473633, -9138735, 2060392, 11313496, - -18426029, 9924399, 20194861, 13380996}, - {-26378102, -7965207, -22167821, 15789297, -18055342, -6168792, - -1984914, 15707771, 26342023, 10146099}, - }, - }, - { - { - {-26016874, -219943, 21339191, -41388, 19745256, -2878700, - -29637280, 2227040, 21612326, -545728}, - {-13077387, 1184228, 23562814, -5970442, -20351244, -6348714, - 25764461, 12243797, -20856566, 11649658}, - {-10031494, 11262626, 27384172, 2271902, 26947504, -15997771, 39944, - 6114064, 33514190, 2333242}, - }, - { - {-21433588, -12421821, 8119782, 7219913, -21830522, -9016134, - -6679750, -12670638, 24350578, -13450001}, - {-4116307, -11271533, -23886186, 4843615, -30088339, 690623, - -31536088, -10406836, 8317860, 12352766}, - {18200138, -14475911, -33087759, -2696619, -23702521, -9102511, - -23552096, -2287550, 20712163, 6719373}, - }, - { - {26656208, 6075253, -7858556, 1886072, -28344043, 4262326, 11117530, - -3763210, 26224235, -3297458}, - {-17168938, -14854097, -3395676, -16369877, -19954045, 14050420, - 21728352, 9493610, 18620611, -16428628}, - {-13323321, 13325349, 11432106, 5964811, 18609221, 6062965, - -5269471, -9725556, -30701573, -16479657}, - }, - { - {-23860538, -11233159, 26961357, 1640861, -32413112, -16737940, - 12248509, -5240639, 13735342, 1934062}, - {25089769, 6742589, 17081145, -13406266, 21909293, -16067981, - -15136294, -3765346, -21277997, 5473616}, - {31883677, -7961101, 1083432, -11572403, 22828471, 13290673, - -7125085, 12469656, 29111212, -5451014}, - }, - { - {24244947, -15050407, -26262976, 2791540, -14997599, 16666678, - 24367466, 6388839, -10295587, 452383}, - {-25640782, -3417841, 5217916, 16224624, 19987036, -4082269, - -24236251, -5915248, 15766062, 8407814}, - {-20406999, 13990231, 15495425, 16395525, 5377168, 15166495, - -8917023, -4388953, -8067909, 2276718}, - }, - { - {30157918, 12924066, -17712050, 9245753, 19895028, 3368142, - -23827587, 5096219, 22740376, -7303417}, - {2041139, -14256350, 7783687, 13876377, -25946985, -13352459, - 24051124, 13742383, -15637599, 13295222}, - {33338237, -8505733, 12532113, 7977527, 9106186, -1715251, - -17720195, -4612972, -4451357, -14669444}, - }, - { - {-20045281, 5454097, -14346548, 6447146, 28862071, 1883651, - -2469266, -4141880, 7770569, 9620597}, - {23208068, 7979712, 33071466, 8149229, 1758231, -10834995, 30945528, - -1694323, -33502340, -14767970}, - {1439958, -16270480, -1079989, -793782, 4625402, 10647766, -5043801, - 1220118, 30494170, -11440799}, - }, - { - {-5037580, -13028295, -2970559, -3061767, 15640974, -6701666, - -26739026, 926050, -1684339, -13333647}, - {13908495, -3549272, 30919928, -6273825, -21521863, 7989039, - 9021034, 9078865, 3353509, 4033511}, - {-29663431, -15113610, 32259991, -344482, 24295849, -12912123, - 23161163, 8839127, 27485041, 7356032}, - }, - }, - { - { - {9661027, 705443, 11980065, -5370154, -1628543, 14661173, -6346142, - 2625015, 28431036, -16771834}, - {-23839233, -8311415, -25945511, 7480958, -17681669, -8354183, - -22545972, 14150565, 15970762, 4099461}, - {29262576, 16756590, 26350592, -8793563, 8529671, -11208050, - 13617293, -9937143, 11465739, 8317062}, - }, - { - {-25493081, -6962928, 32500200, -9419051, -23038724, -2302222, - 14898637, 3848455, 20969334, -5157516}, - {-20384450, -14347713, -18336405, 13884722, -33039454, 2842114, - -21610826, -3649888, 11177095, 14989547}, - {-24496721, -11716016, 16959896, 2278463, 12066309, 10137771, - 13515641, 2581286, -28487508, 9930240}, - }, - { - {-17751622, -2097826, 16544300, -13009300, -15914807, -14949081, - 18345767, -13403753, 16291481, -5314038}, - {-33229194, 2553288, 32678213, 9875984, 8534129, 6889387, -9676774, - 6957617, 4368891, 9788741}, - {16660756, 7281060, -10830758, 12911820, 20108584, -8101676, - -21722536, -8613148, 16250552, -11111103}, - }, - { - {-19765507, 2390526, -16551031, 14161980, 1905286, 6414907, 4689584, - 10604807, -30190403, 4782747}, - {-1354539, 14736941, -7367442, -13292886, 7710542, -14155590, - -9981571, 4383045, 22546403, 437323}, - {31665577, -12180464, -16186830, 1491339, -18368625, 3294682, - 27343084, 2786261, -30633590, -14097016}, - }, - { - {-14467279, -683715, -33374107, 7448552, 19294360, 14334329, - -19690631, 2355319, -19284671, -6114373}, - {15121312, -15796162, 6377020, -6031361, -10798111, -12957845, - 18952177, 15496498, -29380133, 11754228}, - {-2637277, -13483075, 8488727, -14303896, 12728761, -1622493, - 7141596, 11724556, 22761615, -10134141}, - }, - { - {16918416, 11729663, -18083579, 3022987, -31015732, -13339659, - -28741185, -12227393, 32851222, 11717399}, - {11166634, 7338049, -6722523, 4531520, -29468672, -7302055, - 31474879, 3483633, -1193175, -4030831}, - {-185635, 9921305, 31456609, -13536438, -12013818, 13348923, - 33142652, 6546660, -19985279, -3948376}, - }, - { - {-32460596, 11266712, -11197107, -7899103, 31703694, 3855903, - -8537131, -12833048, -30772034, -15486313}, - {-18006477, 12709068, 3991746, -6479188, -21491523, -10550425, - -31135347, -16049879, 10928917, 3011958}, - {-6957757, -15594337, 31696059, 334240, 29576716, 14796075, - -30831056, -12805180, 18008031, 10258577}, - }, - { - {-22448644, 15655569, 7018479, -4410003, -30314266, -1201591, - -1853465, 1367120, 25127874, 6671743}, - {29701166, -14373934, -10878120, 9279288, -17568, 13127210, - 21382910, 11042292, 25838796, 4642684}, - {-20430234, 14955537, -24126347, 8124619, -5369288, -5990470, - 30468147, -13900640, 18423289, 4177476}, - }, - }, -}; - -static uint8_t negative(signed char b) -{ - uint32_t x = b; - - x >>= 31; /* 1: yes; 0: no */ - return x; -} - -static void table_select(ge_precomp *t, int pos, signed char b) -{ - ge_precomp minust; - uint8_t bnegative = negative(b); - uint8_t babs = b - ((uint8_t)((-bnegative) & b) << 1); - - ge_precomp_0(t); - cmov(t, &k25519Precomp[pos][0], equal(babs, 1)); - cmov(t, &k25519Precomp[pos][1], equal(babs, 2)); - cmov(t, &k25519Precomp[pos][2], equal(babs, 3)); - cmov(t, &k25519Precomp[pos][3], equal(babs, 4)); - cmov(t, &k25519Precomp[pos][4], equal(babs, 5)); - cmov(t, &k25519Precomp[pos][5], equal(babs, 6)); - cmov(t, &k25519Precomp[pos][6], equal(babs, 7)); - cmov(t, &k25519Precomp[pos][7], equal(babs, 8)); - fe_copy(minust.yplusx, t->yminusx); - fe_copy(minust.yminusx, t->yplusx); - fe_neg(minust.xy2d, t->xy2d); - cmov(t, &minust, bnegative); -} - -/* - * h = a * B - * - * where a = a[0]+256*a[1]+...+256^31 a[31] - * B is the Ed25519 base point (x,4/5) with x positive. - * - * Preconditions: - * a[31] <= 127 - */ -static void ge_scalarmult_base(ge_p3 *h, const uint8_t *a) -{ - signed char e[64]; - signed char carry; - ge_p1p1 r; - ge_p2 s; - ge_precomp t; - int i; - - for (i = 0; i < 32; ++i) { - e[2 * i + 0] = (a[i] >> 0) & 15; - e[2 * i + 1] = (a[i] >> 4) & 15; - } - /* each e[i] is between 0 and 15 */ - /* e[63] is between 0 and 7 */ - - carry = 0; - for (i = 0; i < 63; ++i) { - e[i] += carry; - carry = e[i] + 8; - carry >>= 4; - e[i] -= carry << 4; - } - e[63] += carry; - /* each e[i] is between -8 and 8 */ - - ge_p3_0(h); - for (i = 1; i < 64; i += 2) { - table_select(&t, i / 2, e[i]); - ge_madd(&r, h, &t); - ge_p1p1_to_p3(h, &r); - } - - ge_p3_dbl(&r, h); - ge_p1p1_to_p2(&s, &r); - ge_p2_dbl(&r, &s); - ge_p1p1_to_p2(&s, &r); - ge_p2_dbl(&r, &s); - ge_p1p1_to_p2(&s, &r); - ge_p2_dbl(&r, &s); - ge_p1p1_to_p3(h, &r); - - for (i = 0; i < 64; i += 2) { - table_select(&t, i / 2, e[i]); - ge_madd(&r, h, &t); - ge_p1p1_to_p3(h, &r); - } - - OPENSSL_cleanse(e, sizeof(e)); -} - -#if !defined(BASE_2_51_IMPLEMENTED) -/* - * Replace (f,g) with (g,f) if b == 1; - * replace (f,g) with (f,g) if b == 0. - * - * Preconditions: b in {0,1}. - */ -static void fe_cswap(fe f, fe g, unsigned int b) -{ - size_t i; - - b = 0-b; - for (i = 0; i < 10; i++) { - int32_t x = f[i] ^ g[i]; - x &= b; - f[i] ^= x; - g[i] ^= x; - } -} - -/* - * h = f * 121666 - * - * Can overlap h with f. - * - * Preconditions: - * |f| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc. - * - * Postconditions: - * |h| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc. - */ -static void fe_mul121666(fe h, fe f) -{ - int32_t f0 = f[0]; - int32_t f1 = f[1]; - int32_t f2 = f[2]; - int32_t f3 = f[3]; - int32_t f4 = f[4]; - int32_t f5 = f[5]; - int32_t f6 = f[6]; - int32_t f7 = f[7]; - int32_t f8 = f[8]; - int32_t f9 = f[9]; - int64_t h0 = f0 * (int64_t) 121666; - int64_t h1 = f1 * (int64_t) 121666; - int64_t h2 = f2 * (int64_t) 121666; - int64_t h3 = f3 * (int64_t) 121666; - int64_t h4 = f4 * (int64_t) 121666; - int64_t h5 = f5 * (int64_t) 121666; - int64_t h6 = f6 * (int64_t) 121666; - int64_t h7 = f7 * (int64_t) 121666; - int64_t h8 = f8 * (int64_t) 121666; - int64_t h9 = f9 * (int64_t) 121666; - int64_t carry0; - int64_t carry1; - int64_t carry2; - int64_t carry3; - int64_t carry4; - int64_t carry5; - int64_t carry6; - int64_t carry7; - int64_t carry8; - int64_t carry9; - - carry9 = h9 + (1 << 24); h0 += (carry9 >> 25) * 19; h9 -= carry9 & kTop39Bits; - carry1 = h1 + (1 << 24); h2 += carry1 >> 25; h1 -= carry1 & kTop39Bits; - carry3 = h3 + (1 << 24); h4 += carry3 >> 25; h3 -= carry3 & kTop39Bits; - carry5 = h5 + (1 << 24); h6 += carry5 >> 25; h5 -= carry5 & kTop39Bits; - carry7 = h7 + (1 << 24); h8 += carry7 >> 25; h7 -= carry7 & kTop39Bits; - - carry0 = h0 + (1 << 25); h1 += carry0 >> 26; h0 -= carry0 & kTop38Bits; - carry2 = h2 + (1 << 25); h3 += carry2 >> 26; h2 -= carry2 & kTop38Bits; - carry4 = h4 + (1 << 25); h5 += carry4 >> 26; h4 -= carry4 & kTop38Bits; - carry6 = h6 + (1 << 25); h7 += carry6 >> 26; h6 -= carry6 & kTop38Bits; - carry8 = h8 + (1 << 25); h9 += carry8 >> 26; h8 -= carry8 & kTop38Bits; - - h[0] = (int32_t)h0; - h[1] = (int32_t)h1; - h[2] = (int32_t)h2; - h[3] = (int32_t)h3; - h[4] = (int32_t)h4; - h[5] = (int32_t)h5; - h[6] = (int32_t)h6; - h[7] = (int32_t)h7; - h[8] = (int32_t)h8; - h[9] = (int32_t)h9; -} - -static void x25519_scalar_mult_generic(uint8_t out[32], - const uint8_t scalar[32], - const uint8_t point[32]) { - fe x1, x2, z2, x3, z3, tmp0, tmp1; - uint8_t e[32]; - unsigned swap = 0; - int pos; - - memcpy(e, scalar, 32); - e[0] &= 248; - e[31] &= 127; - e[31] |= 64; - fe_frombytes(x1, point); - fe_1(x2); - fe_0(z2); - fe_copy(x3, x1); - fe_1(z3); - - for (pos = 254; pos >= 0; --pos) { - unsigned b = 1 & (e[pos / 8] >> (pos & 7)); - swap ^= b; - fe_cswap(x2, x3, swap); - fe_cswap(z2, z3, swap); - swap = b; - fe_sub(tmp0, x3, z3); - fe_sub(tmp1, x2, z2); - fe_add(x2, x2, z2); - fe_add(z2, x3, z3); - fe_mul(z3, tmp0, x2); - fe_mul(z2, z2, tmp1); - fe_sq(tmp0, tmp1); - fe_sq(tmp1, x2); - fe_add(x3, z3, z2); - fe_sub(z2, z3, z2); - fe_mul(x2, tmp1, tmp0); - fe_sub(tmp1, tmp1, tmp0); - fe_sq(z2, z2); - fe_mul121666(z3, tmp1); - fe_sq(x3, x3); - fe_add(tmp0, tmp0, z3); - fe_mul(z3, x1, z2); - fe_mul(z2, tmp1, tmp0); - } - - fe_invert(z2, z2); - fe_mul(x2, x2, z2); - fe_tobytes(out, x2); - - OPENSSL_cleanse(e, sizeof(e)); -} - -static void x25519_scalar_mult(uint8_t out[32], const uint8_t scalar[32], - const uint8_t point[32]) { - x25519_scalar_mult_generic(out, scalar, point); -} -#endif - -static void slide(signed char *r, const uint8_t *a) -{ - int i; - int b; - int k; - - for (i = 0; i < 256; ++i) { - r[i] = 1 & (a[i >> 3] >> (i & 7)); - } - - for (i = 0; i < 256; ++i) { - if (r[i]) { - for (b = 1; b <= 6 && i + b < 256; ++b) { - if (r[i + b]) { - if (r[i] + (r[i + b] << b) <= 15) { - r[i] += r[i + b] << b; - r[i + b] = 0; - } else if (r[i] - (r[i + b] << b) >= -15) { - r[i] -= r[i + b] << b; - for (k = i + b; k < 256; ++k) { - if (!r[k]) { - r[k] = 1; - break; - } - r[k] = 0; - } - } else { - break; - } - } - } - } - } -} - -static const ge_precomp Bi[8] = { - { - {25967493, -14356035, 29566456, 3660896, -12694345, 4014787, 27544626, - -11754271, -6079156, 2047605}, - {-12545711, 934262, -2722910, 3049990, -727428, 9406986, 12720692, - 5043384, 19500929, -15469378}, - {-8738181, 4489570, 9688441, -14785194, 10184609, -12363380, 29287919, - 11864899, -24514362, -4438546}, - }, - { - {15636291, -9688557, 24204773, -7912398, 616977, -16685262, 27787600, - -14772189, 28944400, -1550024}, - {16568933, 4717097, -11556148, -1102322, 15682896, -11807043, 16354577, - -11775962, 7689662, 11199574}, - {30464156, -5976125, -11779434, -15670865, 23220365, 15915852, 7512774, - 10017326, -17749093, -9920357}, - }, - { - {10861363, 11473154, 27284546, 1981175, -30064349, 12577861, 32867885, - 14515107, -15438304, 10819380}, - {4708026, 6336745, 20377586, 9066809, -11272109, 6594696, -25653668, - 12483688, -12668491, 5581306}, - {19563160, 16186464, -29386857, 4097519, 10237984, -4348115, 28542350, - 13850243, -23678021, -15815942}, - }, - { - {5153746, 9909285, 1723747, -2777874, 30523605, 5516873, 19480852, - 5230134, -23952439, -15175766}, - {-30269007, -3463509, 7665486, 10083793, 28475525, 1649722, 20654025, - 16520125, 30598449, 7715701}, - {28881845, 14381568, 9657904, 3680757, -20181635, 7843316, -31400660, - 1370708, 29794553, -1409300}, - }, - { - {-22518993, -6692182, 14201702, -8745502, -23510406, 8844726, 18474211, - -1361450, -13062696, 13821877}, - {-6455177, -7839871, 3374702, -4740862, -27098617, -10571707, 31655028, - -7212327, 18853322, -14220951}, - {4566830, -12963868, -28974889, -12240689, -7602672, -2830569, -8514358, - -10431137, 2207753, -3209784}, - }, - { - {-25154831, -4185821, 29681144, 7868801, -6854661, -9423865, -12437364, - -663000, -31111463, -16132436}, - {25576264, -2703214, 7349804, -11814844, 16472782, 9300885, 3844789, - 15725684, 171356, 6466918}, - {23103977, 13316479, 9739013, -16149481, 817875, -15038942, 8965339, - -14088058, -30714912, 16193877}, - }, - { - {-33521811, 3180713, -2394130, 14003687, -16903474, -16270840, 17238398, - 4729455, -18074513, 9256800}, - {-25182317, -4174131, 32336398, 5036987, -21236817, 11360617, 22616405, - 9761698, -19827198, 630305}, - {-13720693, 2639453, -24237460, -7406481, 9494427, -5774029, -6554551, - -15960994, -2449256, -14291300}, - }, - { - {-3151181, -5046075, 9282714, 6866145, -31907062, -863023, -18940575, - 15033784, 25105118, -7894876}, - {-24326370, 15950226, -31801215, -14592823, -11662737, -5090925, - 1573892, -2625887, 2198790, -15804619}, - {-3099351, 10324967, -2241613, 7453183, -5446979, -2735503, -13812022, - -16236442, -32461234, -12290683}, - }, -}; - -/* - * r = a * A + b * B - * - * where a = a[0]+256*a[1]+...+256^31 a[31]. - * and b = b[0]+256*b[1]+...+256^31 b[31]. - * B is the Ed25519 base point (x,4/5) with x positive. - */ -static void ge_double_scalarmult_vartime(ge_p2 *r, const uint8_t *a, - const ge_p3 *A, const uint8_t *b) -{ - signed char aslide[256]; - signed char bslide[256]; - ge_cached Ai[8]; /* A,3A,5A,7A,9A,11A,13A,15A */ - ge_p1p1 t; - ge_p3 u; - ge_p3 A2; - int i; - - slide(aslide, a); - slide(bslide, b); - - ge_p3_to_cached(&Ai[0], A); - ge_p3_dbl(&t, A); - ge_p1p1_to_p3(&A2, &t); - ge_add(&t, &A2, &Ai[0]); - ge_p1p1_to_p3(&u, &t); - ge_p3_to_cached(&Ai[1], &u); - ge_add(&t, &A2, &Ai[1]); - ge_p1p1_to_p3(&u, &t); - ge_p3_to_cached(&Ai[2], &u); - ge_add(&t, &A2, &Ai[2]); - ge_p1p1_to_p3(&u, &t); - ge_p3_to_cached(&Ai[3], &u); - ge_add(&t, &A2, &Ai[3]); - ge_p1p1_to_p3(&u, &t); - ge_p3_to_cached(&Ai[4], &u); - ge_add(&t, &A2, &Ai[4]); - ge_p1p1_to_p3(&u, &t); - ge_p3_to_cached(&Ai[5], &u); - ge_add(&t, &A2, &Ai[5]); - ge_p1p1_to_p3(&u, &t); - ge_p3_to_cached(&Ai[6], &u); - ge_add(&t, &A2, &Ai[6]); - ge_p1p1_to_p3(&u, &t); - ge_p3_to_cached(&Ai[7], &u); - - ge_p2_0(r); - - for (i = 255; i >= 0; --i) { - if (aslide[i] || bslide[i]) { - break; - } - } - - for (; i >= 0; --i) { - ge_p2_dbl(&t, r); - - if (aslide[i] > 0) { - ge_p1p1_to_p3(&u, &t); - ge_add(&t, &u, &Ai[aslide[i] / 2]); - } else if (aslide[i] < 0) { - ge_p1p1_to_p3(&u, &t); - ge_sub(&t, &u, &Ai[(-aslide[i]) / 2]); - } - - if (bslide[i] > 0) { - ge_p1p1_to_p3(&u, &t); - ge_madd(&t, &u, &Bi[bslide[i] / 2]); - } else if (bslide[i] < 0) { - ge_p1p1_to_p3(&u, &t); - ge_msub(&t, &u, &Bi[(-bslide[i]) / 2]); - } - - ge_p1p1_to_p2(r, &t); - } -} - -/* - * The set of scalars is \Z/l - * where l = 2^252 + 27742317777372353535851937790883648493. - * - * Input: - * s[0]+256*s[1]+...+256^63*s[63] = s - * - * Output: - * s[0]+256*s[1]+...+256^31*s[31] = s mod l - * where l = 2^252 + 27742317777372353535851937790883648493. - * Overwrites s in place. -*/ -static void x25519_sc_reduce(uint8_t *s) -{ - int64_t s0 = kBottom21Bits & load_3(s); - int64_t s1 = kBottom21Bits & (load_4(s + 2) >> 5); - int64_t s2 = kBottom21Bits & (load_3(s + 5) >> 2); - int64_t s3 = kBottom21Bits & (load_4(s + 7) >> 7); - int64_t s4 = kBottom21Bits & (load_4(s + 10) >> 4); - int64_t s5 = kBottom21Bits & (load_3(s + 13) >> 1); - int64_t s6 = kBottom21Bits & (load_4(s + 15) >> 6); - int64_t s7 = kBottom21Bits & (load_3(s + 18) >> 3); - int64_t s8 = kBottom21Bits & load_3(s + 21); - int64_t s9 = kBottom21Bits & (load_4(s + 23) >> 5); - int64_t s10 = kBottom21Bits & (load_3(s + 26) >> 2); - int64_t s11 = kBottom21Bits & (load_4(s + 28) >> 7); - int64_t s12 = kBottom21Bits & (load_4(s + 31) >> 4); - int64_t s13 = kBottom21Bits & (load_3(s + 34) >> 1); - int64_t s14 = kBottom21Bits & (load_4(s + 36) >> 6); - int64_t s15 = kBottom21Bits & (load_3(s + 39) >> 3); - int64_t s16 = kBottom21Bits & load_3(s + 42); - int64_t s17 = kBottom21Bits & (load_4(s + 44) >> 5); - int64_t s18 = kBottom21Bits & (load_3(s + 47) >> 2); - int64_t s19 = kBottom21Bits & (load_4(s + 49) >> 7); - int64_t s20 = kBottom21Bits & (load_4(s + 52) >> 4); - int64_t s21 = kBottom21Bits & (load_3(s + 55) >> 1); - int64_t s22 = kBottom21Bits & (load_4(s + 57) >> 6); - int64_t s23 = (load_4(s + 60) >> 3); - int64_t carry0; - int64_t carry1; - int64_t carry2; - int64_t carry3; - int64_t carry4; - int64_t carry5; - int64_t carry6; - int64_t carry7; - int64_t carry8; - int64_t carry9; - int64_t carry10; - int64_t carry11; - int64_t carry12; - int64_t carry13; - int64_t carry14; - int64_t carry15; - int64_t carry16; - - s11 += s23 * 666643; - s12 += s23 * 470296; - s13 += s23 * 654183; - s14 -= s23 * 997805; - s15 += s23 * 136657; - s16 -= s23 * 683901; - s23 = 0; - - s10 += s22 * 666643; - s11 += s22 * 470296; - s12 += s22 * 654183; - s13 -= s22 * 997805; - s14 += s22 * 136657; - s15 -= s22 * 683901; - s22 = 0; - - s9 += s21 * 666643; - s10 += s21 * 470296; - s11 += s21 * 654183; - s12 -= s21 * 997805; - s13 += s21 * 136657; - s14 -= s21 * 683901; - s21 = 0; - - s8 += s20 * 666643; - s9 += s20 * 470296; - s10 += s20 * 654183; - s11 -= s20 * 997805; - s12 += s20 * 136657; - s13 -= s20 * 683901; - s20 = 0; - - s7 += s19 * 666643; - s8 += s19 * 470296; - s9 += s19 * 654183; - s10 -= s19 * 997805; - s11 += s19 * 136657; - s12 -= s19 * 683901; - s19 = 0; - - s6 += s18 * 666643; - s7 += s18 * 470296; - s8 += s18 * 654183; - s9 -= s18 * 997805; - s10 += s18 * 136657; - s11 -= s18 * 683901; - s18 = 0; - - carry6 = (s6 + (1 << 20)) >> 21; - s7 += carry6; - s6 -= carry6 * (1 << 21); - carry8 = (s8 + (1 << 20)) >> 21; - s9 += carry8; - s8 -= carry8 * (1 << 21); - carry10 = (s10 + (1 << 20)) >> 21; - s11 += carry10; - s10 -= carry10 * (1 << 21); - carry12 = (s12 + (1 << 20)) >> 21; - s13 += carry12; - s12 -= carry12 * (1 << 21); - carry14 = (s14 + (1 << 20)) >> 21; - s15 += carry14; - s14 -= carry14 * (1 << 21); - carry16 = (s16 + (1 << 20)) >> 21; - s17 += carry16; - s16 -= carry16 * (1 << 21); - - carry7 = (s7 + (1 << 20)) >> 21; - s8 += carry7; - s7 -= carry7 * (1 << 21); - carry9 = (s9 + (1 << 20)) >> 21; - s10 += carry9; - s9 -= carry9 * (1 << 21); - carry11 = (s11 + (1 << 20)) >> 21; - s12 += carry11; - s11 -= carry11 * (1 << 21); - carry13 = (s13 + (1 << 20)) >> 21; - s14 += carry13; - s13 -= carry13 * (1 << 21); - carry15 = (s15 + (1 << 20)) >> 21; - s16 += carry15; - s15 -= carry15 * (1 << 21); - - s5 += s17 * 666643; - s6 += s17 * 470296; - s7 += s17 * 654183; - s8 -= s17 * 997805; - s9 += s17 * 136657; - s10 -= s17 * 683901; - s17 = 0; - - s4 += s16 * 666643; - s5 += s16 * 470296; - s6 += s16 * 654183; - s7 -= s16 * 997805; - s8 += s16 * 136657; - s9 -= s16 * 683901; - s16 = 0; - - s3 += s15 * 666643; - s4 += s15 * 470296; - s5 += s15 * 654183; - s6 -= s15 * 997805; - s7 += s15 * 136657; - s8 -= s15 * 683901; - s15 = 0; - - s2 += s14 * 666643; - s3 += s14 * 470296; - s4 += s14 * 654183; - s5 -= s14 * 997805; - s6 += s14 * 136657; - s7 -= s14 * 683901; - s14 = 0; - - s1 += s13 * 666643; - s2 += s13 * 470296; - s3 += s13 * 654183; - s4 -= s13 * 997805; - s5 += s13 * 136657; - s6 -= s13 * 683901; - s13 = 0; - - s0 += s12 * 666643; - s1 += s12 * 470296; - s2 += s12 * 654183; - s3 -= s12 * 997805; - s4 += s12 * 136657; - s5 -= s12 * 683901; - s12 = 0; - - carry0 = (s0 + (1 << 20)) >> 21; - s1 += carry0; - s0 -= carry0 * (1 << 21); - carry2 = (s2 + (1 << 20)) >> 21; - s3 += carry2; - s2 -= carry2 * (1 << 21); - carry4 = (s4 + (1 << 20)) >> 21; - s5 += carry4; - s4 -= carry4 * (1 << 21); - carry6 = (s6 + (1 << 20)) >> 21; - s7 += carry6; - s6 -= carry6 * (1 << 21); - carry8 = (s8 + (1 << 20)) >> 21; - s9 += carry8; - s8 -= carry8 * (1 << 21); - carry10 = (s10 + (1 << 20)) >> 21; - s11 += carry10; - s10 -= carry10 * (1 << 21); - - carry1 = (s1 + (1 << 20)) >> 21; - s2 += carry1; - s1 -= carry1 * (1 << 21); - carry3 = (s3 + (1 << 20)) >> 21; - s4 += carry3; - s3 -= carry3 * (1 << 21); - carry5 = (s5 + (1 << 20)) >> 21; - s6 += carry5; - s5 -= carry5 * (1 << 21); - carry7 = (s7 + (1 << 20)) >> 21; - s8 += carry7; - s7 -= carry7 * (1 << 21); - carry9 = (s9 + (1 << 20)) >> 21; - s10 += carry9; - s9 -= carry9 * (1 << 21); - carry11 = (s11 + (1 << 20)) >> 21; - s12 += carry11; - s11 -= carry11 * (1 << 21); - - s0 += s12 * 666643; - s1 += s12 * 470296; - s2 += s12 * 654183; - s3 -= s12 * 997805; - s4 += s12 * 136657; - s5 -= s12 * 683901; - s12 = 0; - - carry0 = s0 >> 21; - s1 += carry0; - s0 -= carry0 * (1 << 21); - carry1 = s1 >> 21; - s2 += carry1; - s1 -= carry1 * (1 << 21); - carry2 = s2 >> 21; - s3 += carry2; - s2 -= carry2 * (1 << 21); - carry3 = s3 >> 21; - s4 += carry3; - s3 -= carry3 * (1 << 21); - carry4 = s4 >> 21; - s5 += carry4; - s4 -= carry4 * (1 << 21); - carry5 = s5 >> 21; - s6 += carry5; - s5 -= carry5 * (1 << 21); - carry6 = s6 >> 21; - s7 += carry6; - s6 -= carry6 * (1 << 21); - carry7 = s7 >> 21; - s8 += carry7; - s7 -= carry7 * (1 << 21); - carry8 = s8 >> 21; - s9 += carry8; - s8 -= carry8 * (1 << 21); - carry9 = s9 >> 21; - s10 += carry9; - s9 -= carry9 * (1 << 21); - carry10 = s10 >> 21; - s11 += carry10; - s10 -= carry10 * (1 << 21); - carry11 = s11 >> 21; - s12 += carry11; - s11 -= carry11 * (1 << 21); - - s0 += s12 * 666643; - s1 += s12 * 470296; - s2 += s12 * 654183; - s3 -= s12 * 997805; - s4 += s12 * 136657; - s5 -= s12 * 683901; - s12 = 0; - - carry0 = s0 >> 21; - s1 += carry0; - s0 -= carry0 * (1 << 21); - carry1 = s1 >> 21; - s2 += carry1; - s1 -= carry1 * (1 << 21); - carry2 = s2 >> 21; - s3 += carry2; - s2 -= carry2 * (1 << 21); - carry3 = s3 >> 21; - s4 += carry3; - s3 -= carry3 * (1 << 21); - carry4 = s4 >> 21; - s5 += carry4; - s4 -= carry4 * (1 << 21); - carry5 = s5 >> 21; - s6 += carry5; - s5 -= carry5 * (1 << 21); - carry6 = s6 >> 21; - s7 += carry6; - s6 -= carry6 * (1 << 21); - carry7 = s7 >> 21; - s8 += carry7; - s7 -= carry7 * (1 << 21); - carry8 = s8 >> 21; - s9 += carry8; - s8 -= carry8 * (1 << 21); - carry9 = s9 >> 21; - s10 += carry9; - s9 -= carry9 * (1 << 21); - carry10 = s10 >> 21; - s11 += carry10; - s10 -= carry10 * (1 << 21); - - s[ 0] = (uint8_t) (s0 >> 0); - s[ 1] = (uint8_t) (s0 >> 8); - s[ 2] = (uint8_t)((s0 >> 16) | (s1 << 5)); - s[ 3] = (uint8_t) (s1 >> 3); - s[ 4] = (uint8_t) (s1 >> 11); - s[ 5] = (uint8_t)((s1 >> 19) | (s2 << 2)); - s[ 6] = (uint8_t) (s2 >> 6); - s[ 7] = (uint8_t)((s2 >> 14) | (s3 << 7)); - s[ 8] = (uint8_t) (s3 >> 1); - s[ 9] = (uint8_t) (s3 >> 9); - s[10] = (uint8_t)((s3 >> 17) | (s4 << 4)); - s[11] = (uint8_t) (s4 >> 4); - s[12] = (uint8_t) (s4 >> 12); - s[13] = (uint8_t)((s4 >> 20) | (s5 << 1)); - s[14] = (uint8_t) (s5 >> 7); - s[15] = (uint8_t)((s5 >> 15) | (s6 << 6)); - s[16] = (uint8_t) (s6 >> 2); - s[17] = (uint8_t) (s6 >> 10); - s[18] = (uint8_t)((s6 >> 18) | (s7 << 3)); - s[19] = (uint8_t) (s7 >> 5); - s[20] = (uint8_t) (s7 >> 13); - s[21] = (uint8_t) (s8 >> 0); - s[22] = (uint8_t) (s8 >> 8); - s[23] = (uint8_t)((s8 >> 16) | (s9 << 5)); - s[24] = (uint8_t) (s9 >> 3); - s[25] = (uint8_t) (s9 >> 11); - s[26] = (uint8_t)((s9 >> 19) | (s10 << 2)); - s[27] = (uint8_t) (s10 >> 6); - s[28] = (uint8_t)((s10 >> 14) | (s11 << 7)); - s[29] = (uint8_t) (s11 >> 1); - s[30] = (uint8_t) (s11 >> 9); - s[31] = (uint8_t) (s11 >> 17); -} - -/* - * Input: - * a[0]+256*a[1]+...+256^31*a[31] = a - * b[0]+256*b[1]+...+256^31*b[31] = b - * c[0]+256*c[1]+...+256^31*c[31] = c - * - * Output: - * s[0]+256*s[1]+...+256^31*s[31] = (ab+c) mod l - * where l = 2^252 + 27742317777372353535851937790883648493. - */ -static void sc_muladd(uint8_t *s, const uint8_t *a, const uint8_t *b, - const uint8_t *c) -{ - int64_t a0 = kBottom21Bits & load_3(a); - int64_t a1 = kBottom21Bits & (load_4(a + 2) >> 5); - int64_t a2 = kBottom21Bits & (load_3(a + 5) >> 2); - int64_t a3 = kBottom21Bits & (load_4(a + 7) >> 7); - int64_t a4 = kBottom21Bits & (load_4(a + 10) >> 4); - int64_t a5 = kBottom21Bits & (load_3(a + 13) >> 1); - int64_t a6 = kBottom21Bits & (load_4(a + 15) >> 6); - int64_t a7 = kBottom21Bits & (load_3(a + 18) >> 3); - int64_t a8 = kBottom21Bits & load_3(a + 21); - int64_t a9 = kBottom21Bits & (load_4(a + 23) >> 5); - int64_t a10 = kBottom21Bits & (load_3(a + 26) >> 2); - int64_t a11 = (load_4(a + 28) >> 7); - int64_t b0 = kBottom21Bits & load_3(b); - int64_t b1 = kBottom21Bits & (load_4(b + 2) >> 5); - int64_t b2 = kBottom21Bits & (load_3(b + 5) >> 2); - int64_t b3 = kBottom21Bits & (load_4(b + 7) >> 7); - int64_t b4 = kBottom21Bits & (load_4(b + 10) >> 4); - int64_t b5 = kBottom21Bits & (load_3(b + 13) >> 1); - int64_t b6 = kBottom21Bits & (load_4(b + 15) >> 6); - int64_t b7 = kBottom21Bits & (load_3(b + 18) >> 3); - int64_t b8 = kBottom21Bits & load_3(b + 21); - int64_t b9 = kBottom21Bits & (load_4(b + 23) >> 5); - int64_t b10 = kBottom21Bits & (load_3(b + 26) >> 2); - int64_t b11 = (load_4(b + 28) >> 7); - int64_t c0 = kBottom21Bits & load_3(c); - int64_t c1 = kBottom21Bits & (load_4(c + 2) >> 5); - int64_t c2 = kBottom21Bits & (load_3(c + 5) >> 2); - int64_t c3 = kBottom21Bits & (load_4(c + 7) >> 7); - int64_t c4 = kBottom21Bits & (load_4(c + 10) >> 4); - int64_t c5 = kBottom21Bits & (load_3(c + 13) >> 1); - int64_t c6 = kBottom21Bits & (load_4(c + 15) >> 6); - int64_t c7 = kBottom21Bits & (load_3(c + 18) >> 3); - int64_t c8 = kBottom21Bits & load_3(c + 21); - int64_t c9 = kBottom21Bits & (load_4(c + 23) >> 5); - int64_t c10 = kBottom21Bits & (load_3(c + 26) >> 2); - int64_t c11 = (load_4(c + 28) >> 7); - int64_t s0; - int64_t s1; - int64_t s2; - int64_t s3; - int64_t s4; - int64_t s5; - int64_t s6; - int64_t s7; - int64_t s8; - int64_t s9; - int64_t s10; - int64_t s11; - int64_t s12; - int64_t s13; - int64_t s14; - int64_t s15; - int64_t s16; - int64_t s17; - int64_t s18; - int64_t s19; - int64_t s20; - int64_t s21; - int64_t s22; - int64_t s23; - int64_t carry0; - int64_t carry1; - int64_t carry2; - int64_t carry3; - int64_t carry4; - int64_t carry5; - int64_t carry6; - int64_t carry7; - int64_t carry8; - int64_t carry9; - int64_t carry10; - int64_t carry11; - int64_t carry12; - int64_t carry13; - int64_t carry14; - int64_t carry15; - int64_t carry16; - int64_t carry17; - int64_t carry18; - int64_t carry19; - int64_t carry20; - int64_t carry21; - int64_t carry22; - - s0 = c0 + a0 * b0; - s1 = c1 + a0 * b1 + a1 * b0; - s2 = c2 + a0 * b2 + a1 * b1 + a2 * b0; - s3 = c3 + a0 * b3 + a1 * b2 + a2 * b1 + a3 * b0; - s4 = c4 + a0 * b4 + a1 * b3 + a2 * b2 + a3 * b1 + a4 * b0; - s5 = c5 + a0 * b5 + a1 * b4 + a2 * b3 + a3 * b2 + a4 * b1 + a5 * b0; - s6 = c6 + a0 * b6 + a1 * b5 + a2 * b4 + a3 * b3 + a4 * b2 + a5 * b1 + a6 * b0; - s7 = c7 + a0 * b7 + a1 * b6 + a2 * b5 + a3 * b4 + a4 * b3 + a5 * b2 + a6 * b1 + a7 * b0; - s8 = c8 + a0 * b8 + a1 * b7 + a2 * b6 + a3 * b5 + a4 * b4 + a5 * b3 + a6 * b2 + a7 * b1 + a8 * b0; - s9 = c9 + a0 * b9 + a1 * b8 + a2 * b7 + a3 * b6 + a4 * b5 + a5 * b4 + a6 * b3 + a7 * b2 + a8 * b1 + a9 * b0; - s10 = c10 + a0 * b10 + a1 * b9 + a2 * b8 + a3 * b7 + a4 * b6 + a5 * b5 + a6 * b4 + a7 * b3 + a8 * b2 + a9 * b1 + a10 * b0; - s11 = c11 + a0 * b11 + a1 * b10 + a2 * b9 + a3 * b8 + a4 * b7 + a5 * b6 + a6 * b5 + a7 * b4 + a8 * b3 + a9 * b2 + a10 * b1 + a11 * b0; - s12 = a1 * b11 + a2 * b10 + a3 * b9 + a4 * b8 + a5 * b7 + a6 * b6 + a7 * b5 + a8 * b4 + a9 * b3 + a10 * b2 + a11 * b1; - s13 = a2 * b11 + a3 * b10 + a4 * b9 + a5 * b8 + a6 * b7 + a7 * b6 + a8 * b5 + a9 * b4 + a10 * b3 + a11 * b2; - s14 = a3 * b11 + a4 * b10 + a5 * b9 + a6 * b8 + a7 * b7 + a8 * b6 + a9 * b5 + a10 * b4 + a11 * b3; - s15 = a4 * b11 + a5 * b10 + a6 * b9 + a7 * b8 + a8 * b7 + a9 * b6 + a10 * b5 + a11 * b4; - s16 = a5 * b11 + a6 * b10 + a7 * b9 + a8 * b8 + a9 * b7 + a10 * b6 + a11 * b5; - s17 = a6 * b11 + a7 * b10 + a8 * b9 + a9 * b8 + a10 * b7 + a11 * b6; - s18 = a7 * b11 + a8 * b10 + a9 * b9 + a10 * b8 + a11 * b7; - s19 = a8 * b11 + a9 * b10 + a10 * b9 + a11 * b8; - s20 = a9 * b11 + a10 * b10 + a11 * b9; - s21 = a10 * b11 + a11 * b10; - s22 = a11 * b11; - s23 = 0; - - carry0 = (s0 + (1 << 20)) >> 21; - s1 += carry0; - s0 -= carry0 * (1 << 21); - carry2 = (s2 + (1 << 20)) >> 21; - s3 += carry2; - s2 -= carry2 * (1 << 21); - carry4 = (s4 + (1 << 20)) >> 21; - s5 += carry4; - s4 -= carry4 * (1 << 21); - carry6 = (s6 + (1 << 20)) >> 21; - s7 += carry6; - s6 -= carry6 * (1 << 21); - carry8 = (s8 + (1 << 20)) >> 21; - s9 += carry8; - s8 -= carry8 * (1 << 21); - carry10 = (s10 + (1 << 20)) >> 21; - s11 += carry10; - s10 -= carry10 * (1 << 21); - carry12 = (s12 + (1 << 20)) >> 21; - s13 += carry12; - s12 -= carry12 * (1 << 21); - carry14 = (s14 + (1 << 20)) >> 21; - s15 += carry14; - s14 -= carry14 * (1 << 21); - carry16 = (s16 + (1 << 20)) >> 21; - s17 += carry16; - s16 -= carry16 * (1 << 21); - carry18 = (s18 + (1 << 20)) >> 21; - s19 += carry18; - s18 -= carry18 * (1 << 21); - carry20 = (s20 + (1 << 20)) >> 21; - s21 += carry20; - s20 -= carry20 * (1 << 21); - carry22 = (s22 + (1 << 20)) >> 21; - s23 += carry22; - s22 -= carry22 * (1 << 21); - - carry1 = (s1 + (1 << 20)) >> 21; - s2 += carry1; - s1 -= carry1 * (1 << 21); - carry3 = (s3 + (1 << 20)) >> 21; - s4 += carry3; - s3 -= carry3 * (1 << 21); - carry5 = (s5 + (1 << 20)) >> 21; - s6 += carry5; - s5 -= carry5 * (1 << 21); - carry7 = (s7 + (1 << 20)) >> 21; - s8 += carry7; - s7 -= carry7 * (1 << 21); - carry9 = (s9 + (1 << 20)) >> 21; - s10 += carry9; - s9 -= carry9 * (1 << 21); - carry11 = (s11 + (1 << 20)) >> 21; - s12 += carry11; - s11 -= carry11 * (1 << 21); - carry13 = (s13 + (1 << 20)) >> 21; - s14 += carry13; - s13 -= carry13 * (1 << 21); - carry15 = (s15 + (1 << 20)) >> 21; - s16 += carry15; - s15 -= carry15 * (1 << 21); - carry17 = (s17 + (1 << 20)) >> 21; - s18 += carry17; - s17 -= carry17 * (1 << 21); - carry19 = (s19 + (1 << 20)) >> 21; - s20 += carry19; - s19 -= carry19 * (1 << 21); - carry21 = (s21 + (1 << 20)) >> 21; - s22 += carry21; - s21 -= carry21 * (1 << 21); - - s11 += s23 * 666643; - s12 += s23 * 470296; - s13 += s23 * 654183; - s14 -= s23 * 997805; - s15 += s23 * 136657; - s16 -= s23 * 683901; - s23 = 0; - - s10 += s22 * 666643; - s11 += s22 * 470296; - s12 += s22 * 654183; - s13 -= s22 * 997805; - s14 += s22 * 136657; - s15 -= s22 * 683901; - s22 = 0; - - s9 += s21 * 666643; - s10 += s21 * 470296; - s11 += s21 * 654183; - s12 -= s21 * 997805; - s13 += s21 * 136657; - s14 -= s21 * 683901; - s21 = 0; - - s8 += s20 * 666643; - s9 += s20 * 470296; - s10 += s20 * 654183; - s11 -= s20 * 997805; - s12 += s20 * 136657; - s13 -= s20 * 683901; - s20 = 0; - - s7 += s19 * 666643; - s8 += s19 * 470296; - s9 += s19 * 654183; - s10 -= s19 * 997805; - s11 += s19 * 136657; - s12 -= s19 * 683901; - s19 = 0; - - s6 += s18 * 666643; - s7 += s18 * 470296; - s8 += s18 * 654183; - s9 -= s18 * 997805; - s10 += s18 * 136657; - s11 -= s18 * 683901; - s18 = 0; - - carry6 = (s6 + (1 << 20)) >> 21; - s7 += carry6; - s6 -= carry6 * (1 << 21); - carry8 = (s8 + (1 << 20)) >> 21; - s9 += carry8; - s8 -= carry8 * (1 << 21); - carry10 = (s10 + (1 << 20)) >> 21; - s11 += carry10; - s10 -= carry10 * (1 << 21); - carry12 = (s12 + (1 << 20)) >> 21; - s13 += carry12; - s12 -= carry12 * (1 << 21); - carry14 = (s14 + (1 << 20)) >> 21; - s15 += carry14; - s14 -= carry14 * (1 << 21); - carry16 = (s16 + (1 << 20)) >> 21; - s17 += carry16; - s16 -= carry16 * (1 << 21); - - carry7 = (s7 + (1 << 20)) >> 21; - s8 += carry7; - s7 -= carry7 * (1 << 21); - carry9 = (s9 + (1 << 20)) >> 21; - s10 += carry9; - s9 -= carry9 * (1 << 21); - carry11 = (s11 + (1 << 20)) >> 21; - s12 += carry11; - s11 -= carry11 * (1 << 21); - carry13 = (s13 + (1 << 20)) >> 21; - s14 += carry13; - s13 -= carry13 * (1 << 21); - carry15 = (s15 + (1 << 20)) >> 21; - s16 += carry15; - s15 -= carry15 * (1 << 21); - - s5 += s17 * 666643; - s6 += s17 * 470296; - s7 += s17 * 654183; - s8 -= s17 * 997805; - s9 += s17 * 136657; - s10 -= s17 * 683901; - s17 = 0; - - s4 += s16 * 666643; - s5 += s16 * 470296; - s6 += s16 * 654183; - s7 -= s16 * 997805; - s8 += s16 * 136657; - s9 -= s16 * 683901; - s16 = 0; - - s3 += s15 * 666643; - s4 += s15 * 470296; - s5 += s15 * 654183; - s6 -= s15 * 997805; - s7 += s15 * 136657; - s8 -= s15 * 683901; - s15 = 0; - - s2 += s14 * 666643; - s3 += s14 * 470296; - s4 += s14 * 654183; - s5 -= s14 * 997805; - s6 += s14 * 136657; - s7 -= s14 * 683901; - s14 = 0; - - s1 += s13 * 666643; - s2 += s13 * 470296; - s3 += s13 * 654183; - s4 -= s13 * 997805; - s5 += s13 * 136657; - s6 -= s13 * 683901; - s13 = 0; - - s0 += s12 * 666643; - s1 += s12 * 470296; - s2 += s12 * 654183; - s3 -= s12 * 997805; - s4 += s12 * 136657; - s5 -= s12 * 683901; - s12 = 0; - - carry0 = (s0 + (1 << 20)) >> 21; - s1 += carry0; - s0 -= carry0 * (1 << 21); - carry2 = (s2 + (1 << 20)) >> 21; - s3 += carry2; - s2 -= carry2 * (1 << 21); - carry4 = (s4 + (1 << 20)) >> 21; - s5 += carry4; - s4 -= carry4 * (1 << 21); - carry6 = (s6 + (1 << 20)) >> 21; - s7 += carry6; - s6 -= carry6 * (1 << 21); - carry8 = (s8 + (1 << 20)) >> 21; - s9 += carry8; - s8 -= carry8 * (1 << 21); - carry10 = (s10 + (1 << 20)) >> 21; - s11 += carry10; - s10 -= carry10 * (1 << 21); - - carry1 = (s1 + (1 << 20)) >> 21; - s2 += carry1; - s1 -= carry1 * (1 << 21); - carry3 = (s3 + (1 << 20)) >> 21; - s4 += carry3; - s3 -= carry3 * (1 << 21); - carry5 = (s5 + (1 << 20)) >> 21; - s6 += carry5; - s5 -= carry5 * (1 << 21); - carry7 = (s7 + (1 << 20)) >> 21; - s8 += carry7; - s7 -= carry7 * (1 << 21); - carry9 = (s9 + (1 << 20)) >> 21; - s10 += carry9; - s9 -= carry9 * (1 << 21); - carry11 = (s11 + (1 << 20)) >> 21; - s12 += carry11; - s11 -= carry11 * (1 << 21); - - s0 += s12 * 666643; - s1 += s12 * 470296; - s2 += s12 * 654183; - s3 -= s12 * 997805; - s4 += s12 * 136657; - s5 -= s12 * 683901; - s12 = 0; - - carry0 = s0 >> 21; - s1 += carry0; - s0 -= carry0 * (1 << 21); - carry1 = s1 >> 21; - s2 += carry1; - s1 -= carry1 * (1 << 21); - carry2 = s2 >> 21; - s3 += carry2; - s2 -= carry2 * (1 << 21); - carry3 = s3 >> 21; - s4 += carry3; - s3 -= carry3 * (1 << 21); - carry4 = s4 >> 21; - s5 += carry4; - s4 -= carry4 * (1 << 21); - carry5 = s5 >> 21; - s6 += carry5; - s5 -= carry5 * (1 << 21); - carry6 = s6 >> 21; - s7 += carry6; - s6 -= carry6 * (1 << 21); - carry7 = s7 >> 21; - s8 += carry7; - s7 -= carry7 * (1 << 21); - carry8 = s8 >> 21; - s9 += carry8; - s8 -= carry8 * (1 << 21); - carry9 = s9 >> 21; - s10 += carry9; - s9 -= carry9 * (1 << 21); - carry10 = s10 >> 21; - s11 += carry10; - s10 -= carry10 * (1 << 21); - carry11 = s11 >> 21; - s12 += carry11; - s11 -= carry11 * (1 << 21); - - s0 += s12 * 666643; - s1 += s12 * 470296; - s2 += s12 * 654183; - s3 -= s12 * 997805; - s4 += s12 * 136657; - s5 -= s12 * 683901; - s12 = 0; - - carry0 = s0 >> 21; - s1 += carry0; - s0 -= carry0 * (1 << 21); - carry1 = s1 >> 21; - s2 += carry1; - s1 -= carry1 * (1 << 21); - carry2 = s2 >> 21; - s3 += carry2; - s2 -= carry2 * (1 << 21); - carry3 = s3 >> 21; - s4 += carry3; - s3 -= carry3 * (1 << 21); - carry4 = s4 >> 21; - s5 += carry4; - s4 -= carry4 * (1 << 21); - carry5 = s5 >> 21; - s6 += carry5; - s5 -= carry5 * (1 << 21); - carry6 = s6 >> 21; - s7 += carry6; - s6 -= carry6 * (1 << 21); - carry7 = s7 >> 21; - s8 += carry7; - s7 -= carry7 * (1 << 21); - carry8 = s8 >> 21; - s9 += carry8; - s8 -= carry8 * (1 << 21); - carry9 = s9 >> 21; - s10 += carry9; - s9 -= carry9 * (1 << 21); - carry10 = s10 >> 21; - s11 += carry10; - s10 -= carry10 * (1 << 21); - - s[ 0] = (uint8_t) (s0 >> 0); - s[ 1] = (uint8_t) (s0 >> 8); - s[ 2] = (uint8_t)((s0 >> 16) | (s1 << 5)); - s[ 3] = (uint8_t) (s1 >> 3); - s[ 4] = (uint8_t) (s1 >> 11); - s[ 5] = (uint8_t)((s1 >> 19) | (s2 << 2)); - s[ 6] = (uint8_t) (s2 >> 6); - s[ 7] = (uint8_t)((s2 >> 14) | (s3 << 7)); - s[ 8] = (uint8_t) (s3 >> 1); - s[ 9] = (uint8_t) (s3 >> 9); - s[10] = (uint8_t)((s3 >> 17) | (s4 << 4)); - s[11] = (uint8_t) (s4 >> 4); - s[12] = (uint8_t) (s4 >> 12); - s[13] = (uint8_t)((s4 >> 20) | (s5 << 1)); - s[14] = (uint8_t) (s5 >> 7); - s[15] = (uint8_t)((s5 >> 15) | (s6 << 6)); - s[16] = (uint8_t) (s6 >> 2); - s[17] = (uint8_t) (s6 >> 10); - s[18] = (uint8_t)((s6 >> 18) | (s7 << 3)); - s[19] = (uint8_t) (s7 >> 5); - s[20] = (uint8_t) (s7 >> 13); - s[21] = (uint8_t) (s8 >> 0); - s[22] = (uint8_t) (s8 >> 8); - s[23] = (uint8_t)((s8 >> 16) | (s9 << 5)); - s[24] = (uint8_t) (s9 >> 3); - s[25] = (uint8_t) (s9 >> 11); - s[26] = (uint8_t)((s9 >> 19) | (s10 << 2)); - s[27] = (uint8_t) (s10 >> 6); - s[28] = (uint8_t)((s10 >> 14) | (s11 << 7)); - s[29] = (uint8_t) (s11 >> 1); - s[30] = (uint8_t) (s11 >> 9); - s[31] = (uint8_t) (s11 >> 17); -} - -int -ossl_ed25519_sign(uint8_t *out_sig, const uint8_t *message, size_t message_len, - const uint8_t public_key[32], const uint8_t private_key[32], - OSSL_LIB_CTX *libctx, const char *propq) -{ - uint8_t az[SHA512_DIGEST_LENGTH]; - uint8_t nonce[SHA512_DIGEST_LENGTH]; - ge_p3 R; - uint8_t hram[SHA512_DIGEST_LENGTH]; - EVP_MD *sha512 = EVP_MD_fetch(libctx, SN_sha512, propq); - EVP_MD_CTX *hash_ctx = EVP_MD_CTX_new(); - unsigned int sz; - int res = 0; - - if (sha512 == NULL || hash_ctx == NULL) - goto err; - - if (!EVP_DigestInit_ex(hash_ctx, sha512, NULL) - || !EVP_DigestUpdate(hash_ctx, private_key, 32) - || !EVP_DigestFinal_ex(hash_ctx, az, &sz)) - goto err; - - az[0] &= 248; - az[31] &= 63; - az[31] |= 64; - - if (!EVP_DigestInit_ex(hash_ctx, sha512, NULL) - || !EVP_DigestUpdate(hash_ctx, az + 32, 32) - || !EVP_DigestUpdate(hash_ctx, message, message_len) - || !EVP_DigestFinal_ex(hash_ctx, nonce, &sz)) - goto err; - - x25519_sc_reduce(nonce); - ge_scalarmult_base(&R, nonce); - ge_p3_tobytes(out_sig, &R); - - if (!EVP_DigestInit_ex(hash_ctx, sha512, NULL) - || !EVP_DigestUpdate(hash_ctx, out_sig, 32) - || !EVP_DigestUpdate(hash_ctx, public_key, 32) - || !EVP_DigestUpdate(hash_ctx, message, message_len) - || !EVP_DigestFinal_ex(hash_ctx, hram, &sz)) - goto err; - - x25519_sc_reduce(hram); - sc_muladd(out_sig + 32, hram, az, nonce); - - res = 1; -err: - OPENSSL_cleanse(nonce, sizeof(nonce)); - OPENSSL_cleanse(az, sizeof(az)); - EVP_MD_free(sha512); - EVP_MD_CTX_free(hash_ctx); - return res; -} - -static const char allzeroes[15]; - -int -ossl_ed25519_verify(const uint8_t *message, size_t message_len, - const uint8_t signature[64], const uint8_t public_key[32], - OSSL_LIB_CTX *libctx, const char *propq) -{ - int i; - ge_p3 A; - const uint8_t *r, *s; - EVP_MD *sha512; - EVP_MD_CTX *hash_ctx = NULL; - unsigned int sz; - int res = 0; - ge_p2 R; - uint8_t rcheck[32]; - uint8_t h[SHA512_DIGEST_LENGTH]; - /* 27742317777372353535851937790883648493 in little endian format */ - const uint8_t l_low[16] = { - 0xED, 0xD3, 0xF5, 0x5C, 0x1A, 0x63, 0x12, 0x58, 0xD6, 0x9C, 0xF7, 0xA2, - 0xDE, 0xF9, 0xDE, 0x14 - }; - - r = signature; - s = signature + 32; - - /* - * Check 0 <= s < L where L = 2^252 + 27742317777372353535851937790883648493 - * - * If not the signature is publicly invalid. Since it's public we can do the - * check in variable time. - * - * First check the most significant byte - */ - if (s[31] > 0x10) - return 0; - if (s[31] == 0x10) { - /* - * Most significant byte indicates a value close to 2^252 so check the - * rest - */ - if (memcmp(s + 16, allzeroes, sizeof(allzeroes)) != 0) - return 0; - for (i = 15; i >= 0; i--) { - if (s[i] < l_low[i]) - break; - if (s[i] > l_low[i]) - return 0; - } - if (i < 0) - return 0; - } - - if (ge_frombytes_vartime(&A, public_key) != 0) { - return 0; - } - - fe_neg(A.X, A.X); - fe_neg(A.T, A.T); - - sha512 = EVP_MD_fetch(libctx, SN_sha512, propq); - if (sha512 == NULL) - return 0; - hash_ctx = EVP_MD_CTX_new(); - if (hash_ctx == NULL) - goto err; - - if (!EVP_DigestInit_ex(hash_ctx, sha512, NULL) - || !EVP_DigestUpdate(hash_ctx, r, 32) - || !EVP_DigestUpdate(hash_ctx, public_key, 32) - || !EVP_DigestUpdate(hash_ctx, message, message_len) - || !EVP_DigestFinal_ex(hash_ctx, h, &sz)) - goto err; - - x25519_sc_reduce(h); - - ge_double_scalarmult_vartime(&R, h, &A, s); - - ge_tobytes(rcheck, &R); - - res = CRYPTO_memcmp(rcheck, r, sizeof(rcheck)) == 0; -err: - EVP_MD_free(sha512); - EVP_MD_CTX_free(hash_ctx); - return res; -} - -int -ossl_ed25519_public_from_private(OSSL_LIB_CTX *ctx, uint8_t out_public_key[32], - const uint8_t private_key[32], - const char *propq) -{ - uint8_t az[SHA512_DIGEST_LENGTH]; - ge_p3 A; - int r; - EVP_MD *sha512 = NULL; - - sha512 = EVP_MD_fetch(ctx, SN_sha512, propq); - if (sha512 == NULL) - return 0; - r = EVP_Digest(private_key, 32, az, NULL, sha512, NULL); - EVP_MD_free(sha512); - if (!r) { - OPENSSL_cleanse(az, sizeof(az)); - return 0; - } - - az[0] &= 248; - az[31] &= 63; - az[31] |= 64; - - ge_scalarmult_base(&A, az); - ge_p3_tobytes(out_public_key, &A); - - OPENSSL_cleanse(az, sizeof(az)); - return 1; -} - -int -ossl_x25519(uint8_t out_shared_key[32], const uint8_t private_key[32], - const uint8_t peer_public_value[32]) -{ - static const uint8_t kZeros[32] = {0}; - x25519_scalar_mult(out_shared_key, private_key, peer_public_value); - /* The all-zero output results when the input is a point of small order. */ - return CRYPTO_memcmp(kZeros, out_shared_key, 32) != 0; -} - -void -ossl_x25519_public_from_private(uint8_t out_public_value[32], - const uint8_t private_key[32]) -{ - uint8_t e[32]; - ge_p3 A; - fe zplusy, zminusy, zminusy_inv; - - memcpy(e, private_key, 32); - e[0] &= 248; - e[31] &= 127; - e[31] |= 64; - - ge_scalarmult_base(&A, e); - - /* - * We only need the u-coordinate of the curve25519 point. - * The map is u=(y+1)/(1-y). Since y=Y/Z, this gives - * u=(Z+Y)/(Z-Y). - */ - fe_add(zplusy, A.Z, A.Y); - fe_sub(zminusy, A.Z, A.Y); - fe_invert(zminusy_inv, zminusy); - fe_mul(zplusy, zplusy, zminusy_inv); - fe_tobytes(out_public_value, zplusy); - - OPENSSL_cleanse(e, sizeof(e)); -} diff --git a/crypto/ec/curve448/arch_32/arch_intrinsics.h b/crypto/ec/curve448/arch_32/arch_intrinsics.h deleted file mode 100644 index 7a54903ac95aa59e4a01a15714af69b8f943cc41..0000000000000000000000000000000000000000 --- a/crypto/ec/curve448/arch_32/arch_intrinsics.h +++ /dev/null @@ -1,27 +0,0 @@ -/* - * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. - * Copyright 2016 Cryptography Research, Inc. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - * - * Originally written by Mike Hamburg - */ - -#ifndef OSSL_CRYPTO_EC_CURVE448_ARCH_32_INTRINSICS_H -# define OSSL_CRYPTO_EC_CURVE448_ARCH_32_INTRINSICS_H - -#include "internal/constant_time.h" - -# define ARCH_WORD_BITS 32 - -#define word_is_zero(a) constant_time_is_zero_32(a) - -static ossl_inline uint64_t widemul(uint32_t a, uint32_t b) -{ - return ((uint64_t)a) * b; -} - -#endif /* OSSL_CRYPTO_EC_CURVE448_ARCH_32_INTRINSICS_H */ diff --git a/crypto/ec/curve448/arch_32/f_impl.h b/crypto/ec/curve448/arch_32/f_impl.h deleted file mode 100644 index 5cd25c04e1236810e75c9b7e9171a1e6f0371920..0000000000000000000000000000000000000000 --- a/crypto/ec/curve448/arch_32/f_impl.h +++ /dev/null @@ -1,60 +0,0 @@ -/* - * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. - * Copyright 2014-2016 Cryptography Research, Inc. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - * - * Originally written by Mike Hamburg - */ - -#ifndef OSSL_CRYPTO_EC_CURVE448_ARCH_32_F_IMPL_H -# define OSSL_CRYPTO_EC_CURVE448_ARCH_32_F_IMPL_H - -# define GF_HEADROOM 2 -# define LIMB(x) ((x) & ((1 << 28) - 1)), ((x) >> 28) -# define FIELD_LITERAL(a, b, c, d, e, f, g, h) \ - {{LIMB(a), LIMB(b), LIMB(c), LIMB(d), LIMB(e), LIMB(f), LIMB(g), LIMB(h)}} - -# define LIMB_PLACE_VALUE(i) 28 - -void gf_add_RAW(gf out, const gf a, const gf b) -{ - unsigned int i; - - for (i = 0; i < NLIMBS; i++) - out->limb[i] = a->limb[i] + b->limb[i]; -} - -void gf_sub_RAW(gf out, const gf a, const gf b) -{ - unsigned int i; - - for (i = 0; i < NLIMBS; i++) - out->limb[i] = a->limb[i] - b->limb[i]; -} - -void gf_bias(gf a, int amt) -{ - unsigned int i; - uint32_t co1 = ((1 << 28) - 1) * amt, co2 = co1 - amt; - - for (i = 0; i < NLIMBS; i++) - a->limb[i] += (i == NLIMBS / 2) ? co2 : co1; -} - -void gf_weak_reduce(gf a) -{ - uint32_t mask = (1 << 28) - 1; - uint32_t tmp = a->limb[NLIMBS - 1] >> 28; - unsigned int i; - - a->limb[NLIMBS / 2] += tmp; - for (i = NLIMBS - 1; i > 0; i--) - a->limb[i] = (a->limb[i] & mask) + (a->limb[i - 1] >> 28); - a->limb[0] = (a->limb[0] & mask) + tmp; -} - -#endif /* OSSL_CRYPTO_EC_CURVE448_ARCH_32_F_IMPL_H */ diff --git a/crypto/ec/curve448/arch_32/f_impl32.c b/crypto/ec/curve448/arch_32/f_impl32.c deleted file mode 100644 index 8714a51422160d6e9a8fd4d2992c76075fe9901c..0000000000000000000000000000000000000000 --- a/crypto/ec/curve448/arch_32/f_impl32.c +++ /dev/null @@ -1,105 +0,0 @@ -/* - * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. - * Copyright 2014 Cryptography Research, Inc. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - * - * Originally written by Mike Hamburg - */ - -#include "e_os.h" -#include -#include "internal/numbers.h" - -#ifdef UINT128_MAX -/* We have support for 128 bit ints, so do nothing here */ -NON_EMPTY_TRANSLATION_UNIT -#else - -# include "../field.h" - -void gf_mul(gf_s * RESTRICT cs, const gf as, const gf bs) -{ - const uint32_t *a = as->limb, *b = bs->limb; - uint32_t *c = cs->limb; - uint64_t accum0 = 0, accum1 = 0, accum2 = 0; - uint32_t mask = (1 << 28) - 1; - uint32_t aa[8], bb[8]; - int i, j; - - for (i = 0; i < 8; i++) { - aa[i] = a[i] + a[i + 8]; - bb[i] = b[i] + b[i + 8]; - } - - for (j = 0; j < 8; j++) { - accum2 = 0; - for (i = 0; i < j + 1; i++) { - accum2 += widemul(a[j - i], b[i]); - accum1 += widemul(aa[j - i], bb[i]); - accum0 += widemul(a[8 + j - i], b[8 + i]); - } - accum1 -= accum2; - accum0 += accum2; - accum2 = 0; - for (i = j + 1; i < 8; i++) { - accum0 -= widemul(a[8 + j - i], b[i]); - accum2 += widemul(aa[8 + j - i], bb[i]); - accum1 += widemul(a[16 + j - i], b[8 + i]); - } - accum1 += accum2; - accum0 += accum2; - c[j] = ((uint32_t)(accum0)) & mask; - c[j + 8] = ((uint32_t)(accum1)) & mask; - accum0 >>= 28; - accum1 >>= 28; - } - - accum0 += accum1; - accum0 += c[8]; - accum1 += c[0]; - c[8] = ((uint32_t)(accum0)) & mask; - c[0] = ((uint32_t)(accum1)) & mask; - - accum0 >>= 28; - accum1 >>= 28; - c[9] += ((uint32_t)(accum0)); - c[1] += ((uint32_t)(accum1)); -} - -void gf_mulw_unsigned(gf_s * RESTRICT cs, const gf as, uint32_t b) -{ - const uint32_t *a = as->limb; - uint32_t *c = cs->limb; - uint64_t accum0 = 0, accum8 = 0; - uint32_t mask = (1 << 28) - 1; - int i; - - assert(b <= mask); - - for (i = 0; i < 8; i++) { - accum0 += widemul(b, a[i]); - accum8 += widemul(b, a[i + 8]); - c[i] = accum0 & mask; - accum0 >>= 28; - c[i + 8] = accum8 & mask; - accum8 >>= 28; - } - - accum0 += accum8 + c[8]; - c[8] = ((uint32_t)accum0) & mask; - c[9] += (uint32_t)(accum0 >> 28); - - accum8 += c[0]; - c[0] = ((uint32_t)accum8) & mask; - c[1] += (uint32_t)(accum8 >> 28); -} - -void gf_sqr(gf_s * RESTRICT cs, const gf as) -{ - gf_mul(cs, as, as); /* Performs better with a dedicated square */ -} -#endif diff --git a/crypto/ec/curve448/arch_64/arch_intrinsics.h b/crypto/ec/curve448/arch_64/arch_intrinsics.h deleted file mode 100644 index e12b8cf22624025dcb8ec463a00715133c49fa84..0000000000000000000000000000000000000000 --- a/crypto/ec/curve448/arch_64/arch_intrinsics.h +++ /dev/null @@ -1,27 +0,0 @@ -/* - * Copyright 2017-2022 The OpenSSL Project Authors. All Rights Reserved. - * Copyright 2016 Cryptography Research, Inc. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - * - * Originally written by Mike Hamburg - */ - -#ifndef OSSL_CRYPTO_EC_CURVE448_ARCH_64_INTRINSICS_H -# define OSSL_CRYPTO_EC_CURVE448_ARCH_64_INTRINSICS_H - -# include "internal/constant_time.h" - -# define ARCH_WORD_BITS 64 - -# define word_is_zero(a) constant_time_is_zero_64(a) - -static ossl_inline uint128_t widemul(uint64_t a, uint64_t b) -{ - return ((uint128_t) a) * b; -} - -#endif /* OSSL_CRYPTO_EC_CURVE448_ARCH_64_INTRINSICS_H */ diff --git a/crypto/ec/curve448/arch_64/f_impl.h b/crypto/ec/curve448/arch_64/f_impl.h deleted file mode 100644 index faaeb8d9944b53dcb1cd85a13200458cf5b58219..0000000000000000000000000000000000000000 --- a/crypto/ec/curve448/arch_64/f_impl.h +++ /dev/null @@ -1,58 +0,0 @@ -/* - * Copyright 2017-2022 The OpenSSL Project Authors. All Rights Reserved. - * Copyright 2014-2016 Cryptography Research, Inc. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - * - * Originally written by Mike Hamburg - */ - -#ifndef OSSL_CRYPTO_EC_CURVE448_ARCH_64_F_IMPL_H -# define OSSL_CRYPTO_EC_CURVE448_ARCH_64_F_IMPL_H - -# define GF_HEADROOM 9999 /* Everything is reduced anyway */ -# define FIELD_LITERAL(a,b,c,d,e,f,g,h) {{a,b,c,d,e,f,g,h}} - -# define LIMB_PLACE_VALUE(i) 56 - -void gf_add_RAW(gf out, const gf a, const gf b) -{ - unsigned int i; - - for (i = 0; i < NLIMBS; i++) - out->limb[i] = a->limb[i] + b->limb[i]; - - gf_weak_reduce(out); -} - -void gf_sub_RAW(gf out, const gf a, const gf b) -{ - uint64_t co1 = ((1ULL << 56) - 1) * 2, co2 = co1 - 2; - unsigned int i; - - for (i = 0; i < NLIMBS; i++) - out->limb[i] = a->limb[i] - b->limb[i] + ((i == NLIMBS / 2) ? co2 : co1); - - gf_weak_reduce(out); -} - -void gf_bias(gf a, int amt) -{ -} - -void gf_weak_reduce(gf a) -{ - uint64_t mask = (1ULL << 56) - 1; - uint64_t tmp = a->limb[NLIMBS - 1] >> 56; - unsigned int i; - - a->limb[NLIMBS / 2] += tmp; - for (i = NLIMBS - 1; i > 0; i--) - a->limb[i] = (a->limb[i] & mask) + (a->limb[i - 1] >> 56); - a->limb[0] = (a->limb[0] & mask) + tmp; -} - -#endif /* OSSL_CRYPTO_EC_CURVE448_ARCH_64_F_IMPL_H */ diff --git a/crypto/ec/curve448/arch_64/f_impl64.c b/crypto/ec/curve448/arch_64/f_impl64.c deleted file mode 100644 index 8f7a7dd391bd8d6e1b01a36079b01e3e5958efc4..0000000000000000000000000000000000000000 --- a/crypto/ec/curve448/arch_64/f_impl64.c +++ /dev/null @@ -1,210 +0,0 @@ -/* - * Copyright 2017-2022 The OpenSSL Project Authors. All Rights Reserved. - * Copyright 2014 Cryptography Research, Inc. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - * - * Originally written by Mike Hamburg - */ - -#include "e_os.h" -#include -#include "internal/numbers.h" - -#ifndef UINT128_MAX -/* No support for 128 bit ints, so do nothing here */ -NON_EMPTY_TRANSLATION_UNIT -#else - -# include "../field.h" - -void gf_mul(gf_s * RESTRICT cs, const gf as, const gf bs) -{ - const uint64_t *a = as->limb, *b = bs->limb; - uint64_t *c = cs->limb; - uint128_t accum0 = 0, accum1 = 0, accum2; - uint64_t mask = (1ULL << 56) - 1; - uint64_t aa[4], bb[4], bbb[4]; - unsigned int i, j; - - for (i = 0; i < 4; i++) { - aa[i] = a[i] + a[i + 4]; - bb[i] = b[i] + b[i + 4]; - bbb[i] = bb[i] + b[i + 4]; - } - - for (i = 0; i < 4; i++) { - accum2 = 0; - - for (j = 0; j <= i; j++) { - accum2 += widemul(a[j], b[i - j]); - accum1 += widemul(aa[j], bb[i - j]); - accum0 += widemul(a[j + 4], b[i - j + 4]); - } - for (; j < 4; j++) { - accum2 += widemul(a[j], b[i - j + 8]); - accum1 += widemul(aa[j], bbb[i - j + 4]); - accum0 += widemul(a[j + 4], bb[i - j + 4]); - } - - accum1 -= accum2; - accum0 += accum2; - - c[i] = ((uint64_t)(accum0)) & mask; - c[i + 4] = ((uint64_t)(accum1)) & mask; - - accum0 >>= 56; - accum1 >>= 56; - } - - accum0 += accum1; - accum0 += c[4]; - accum1 += c[0]; - c[4] = ((uint64_t)(accum0)) & mask; - c[0] = ((uint64_t)(accum1)) & mask; - - accum0 >>= 56; - accum1 >>= 56; - - c[5] += ((uint64_t)(accum0)); - c[1] += ((uint64_t)(accum1)); -} - -void gf_mulw_unsigned(gf_s * RESTRICT cs, const gf as, uint32_t b) -{ - const uint64_t *a = as->limb; - uint64_t *c = cs->limb; - uint128_t accum0 = 0, accum4 = 0; - uint64_t mask = (1ULL << 56) - 1; - int i; - - for (i = 0; i < 4; i++) { - accum0 += widemul(b, a[i]); - accum4 += widemul(b, a[i + 4]); - c[i] = accum0 & mask; - accum0 >>= 56; - c[i + 4] = accum4 & mask; - accum4 >>= 56; - } - - accum0 += accum4 + c[4]; - c[4] = accum0 & mask; - c[5] += accum0 >> 56; - - accum4 += c[0]; - c[0] = accum4 & mask; - c[1] += accum4 >> 56; -} - -void gf_sqr(gf_s * RESTRICT cs, const gf as) -{ - const uint64_t *a = as->limb; - uint64_t *c = cs->limb; - uint128_t accum0 = 0, accum1 = 0, accum2; - uint64_t mask = (1ULL << 56) - 1; - uint64_t aa[4]; - unsigned int i; - - /* For some reason clang doesn't vectorize this without prompting? */ - for (i = 0; i < 4; i++) - aa[i] = a[i] + a[i + 4]; - - accum2 = widemul(a[0], a[3]); - accum0 = widemul(aa[0], aa[3]); - accum1 = widemul(a[4], a[7]); - - accum2 += widemul(a[1], a[2]); - accum0 += widemul(aa[1], aa[2]); - accum1 += widemul(a[5], a[6]); - - accum0 -= accum2; - accum1 += accum2; - - c[3] = ((uint64_t)(accum1)) << 1 & mask; - c[7] = ((uint64_t)(accum0)) << 1 & mask; - - accum0 >>= 55; - accum1 >>= 55; - - accum0 += widemul(2 * aa[1], aa[3]); - accum1 += widemul(2 * a[5], a[7]); - accum0 += widemul(aa[2], aa[2]); - accum1 += accum0; - - accum0 -= widemul(2 * a[1], a[3]); - accum1 += widemul(a[6], a[6]); - - accum2 = widemul(a[0], a[0]); - accum1 -= accum2; - accum0 += accum2; - - accum0 -= widemul(a[2], a[2]); - accum1 += widemul(aa[0], aa[0]); - accum0 += widemul(a[4], a[4]); - - c[0] = ((uint64_t)(accum0)) & mask; - c[4] = ((uint64_t)(accum1)) & mask; - - accum0 >>= 56; - accum1 >>= 56; - - accum2 = widemul(2 * aa[2], aa[3]); - accum0 -= widemul(2 * a[2], a[3]); - accum1 += widemul(2 * a[6], a[7]); - - accum1 += accum2; - accum0 += accum2; - - accum2 = widemul(2 * a[0], a[1]); - accum1 += widemul(2 * aa[0], aa[1]); - accum0 += widemul(2 * a[4], a[5]); - - accum1 -= accum2; - accum0 += accum2; - - c[1] = ((uint64_t)(accum0)) & mask; - c[5] = ((uint64_t)(accum1)) & mask; - - accum0 >>= 56; - accum1 >>= 56; - - accum2 = widemul(aa[3], aa[3]); - accum0 -= widemul(a[3], a[3]); - accum1 += widemul(a[7], a[7]); - - accum1 += accum2; - accum0 += accum2; - - accum2 = widemul(2 * a[0], a[2]); - accum1 += widemul(2 * aa[0], aa[2]); - accum0 += widemul(2 * a[4], a[6]); - - accum2 += widemul(a[1], a[1]); - accum1 += widemul(aa[1], aa[1]); - accum0 += widemul(a[5], a[5]); - - accum1 -= accum2; - accum0 += accum2; - - c[2] = ((uint64_t)(accum0)) & mask; - c[6] = ((uint64_t)(accum1)) & mask; - - accum0 >>= 56; - accum1 >>= 56; - - accum0 += c[3]; - accum1 += c[7]; - c[3] = ((uint64_t)(accum0)) & mask; - c[7] = ((uint64_t)(accum1)) & mask; - - /* we could almost stop here, but it wouldn't be stable, so... */ - - accum0 >>= 56; - accum1 >>= 56; - c[4] += ((uint64_t)(accum0)) + ((uint64_t)(accum1)); - c[0] += ((uint64_t)(accum1)); -} -#endif diff --git a/crypto/ec/curve448/curve448.c b/crypto/ec/curve448/curve448.c deleted file mode 100644 index 6928d9693ca51417d4962b6a3f617db6b138d2f4..0000000000000000000000000000000000000000 --- a/crypto/ec/curve448/curve448.c +++ /dev/null @@ -1,739 +0,0 @@ -/* - * Copyright 2017-2022 The OpenSSL Project Authors. All Rights Reserved. - * Copyright 2015-2016 Cryptography Research, Inc. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - * - * Originally written by Mike Hamburg - */ -#include -#include "word.h" -#include "field.h" - -#include "point_448.h" -#include "ed448.h" -#include "crypto/ecx.h" -#include "curve448_local.h" - -#define COFACTOR 4 - -#define C448_WNAF_FIXED_TABLE_BITS 5 -#define C448_WNAF_VAR_TABLE_BITS 3 - -#define EDWARDS_D (-39081) - -static const curve448_scalar_t precomputed_scalarmul_adjustment = { - { - { - SC_LIMB(0xc873d6d54a7bb0cfULL), SC_LIMB(0xe933d8d723a70aadULL), - SC_LIMB(0xbb124b65129c96fdULL), SC_LIMB(0x00000008335dc163ULL) - } - } -}; - -#define TWISTED_D (EDWARDS_D - 1) - -#define WBITS C448_WORD_BITS /* NB this may be different from ARCH_WORD_BITS */ - -/* Inverse. */ -static void gf_invert(gf y, const gf x, int assert_nonzero) -{ - mask_t ret; - gf t1, t2; - - gf_sqr(t1, x); /* o^2 */ - ret = gf_isr(t2, t1); /* +-1/sqrt(o^2) = +-1/o */ - (void)ret; - if (assert_nonzero) - assert(ret); - gf_sqr(t1, t2); - gf_mul(t2, t1, x); /* not direct to y in case of alias. */ - gf_copy(y, t2); -} - -/** identity = (0,1) */ -const curve448_point_t ossl_curve448_point_identity = - { {{{{0}}}, {{{1}}}, {{{1}}}, {{{0}}}} }; - -static void point_double_internal(curve448_point_t p, const curve448_point_t q, - int before_double) -{ - gf a, b, c, d; - - gf_sqr(c, q->x); - gf_sqr(a, q->y); - gf_add_nr(d, c, a); /* 2+e */ - gf_add_nr(p->t, q->y, q->x); /* 2+e */ - gf_sqr(b, p->t); - gf_subx_nr(b, b, d, 3); /* 4+e */ - gf_sub_nr(p->t, a, c); /* 3+e */ - gf_sqr(p->x, q->z); - gf_add_nr(p->z, p->x, p->x); /* 2+e */ - gf_subx_nr(a, p->z, p->t, 4); /* 6+e */ - if (GF_HEADROOM == 5) - gf_weak_reduce(a); /* or 1+e */ - gf_mul(p->x, a, b); - gf_mul(p->z, p->t, a); - gf_mul(p->y, p->t, d); - if (!before_double) - gf_mul(p->t, b, d); -} - -void ossl_curve448_point_double(curve448_point_t p, const curve448_point_t q) -{ - point_double_internal(p, q, 0); -} - -/* Operations on [p]niels */ -static ossl_inline void cond_neg_niels(niels_t n, mask_t neg) -{ - gf_cond_swap(n->a, n->b, neg); - gf_cond_neg(n->c, neg); -} - -static void pt_to_pniels(pniels_t b, const curve448_point_t a) -{ - gf_sub(b->n->a, a->y, a->x); - gf_add(b->n->b, a->x, a->y); - gf_mulw(b->n->c, a->t, 2 * TWISTED_D); - gf_add(b->z, a->z, a->z); -} - -static void pniels_to_pt(curve448_point_t e, const pniels_t d) -{ - gf eu; - - gf_add(eu, d->n->b, d->n->a); - gf_sub(e->y, d->n->b, d->n->a); - gf_mul(e->t, e->y, eu); - gf_mul(e->x, d->z, e->y); - gf_mul(e->y, d->z, eu); - gf_sqr(e->z, d->z); -} - -static void niels_to_pt(curve448_point_t e, const niels_t n) -{ - gf_add(e->y, n->b, n->a); - gf_sub(e->x, n->b, n->a); - gf_mul(e->t, e->y, e->x); - gf_copy(e->z, ONE); -} - -static void add_niels_to_pt(curve448_point_t d, const niels_t e, - int before_double) -{ - gf a, b, c; - - gf_sub_nr(b, d->y, d->x); /* 3+e */ - gf_mul(a, e->a, b); - gf_add_nr(b, d->x, d->y); /* 2+e */ - gf_mul(d->y, e->b, b); - gf_mul(d->x, e->c, d->t); - gf_add_nr(c, a, d->y); /* 2+e */ - gf_sub_nr(b, d->y, a); /* 3+e */ - gf_sub_nr(d->y, d->z, d->x); /* 3+e */ - gf_add_nr(a, d->x, d->z); /* 2+e */ - gf_mul(d->z, a, d->y); - gf_mul(d->x, d->y, b); - gf_mul(d->y, a, c); - if (!before_double) - gf_mul(d->t, b, c); -} - -static void sub_niels_from_pt(curve448_point_t d, const niels_t e, - int before_double) -{ - gf a, b, c; - - gf_sub_nr(b, d->y, d->x); /* 3+e */ - gf_mul(a, e->b, b); - gf_add_nr(b, d->x, d->y); /* 2+e */ - gf_mul(d->y, e->a, b); - gf_mul(d->x, e->c, d->t); - gf_add_nr(c, a, d->y); /* 2+e */ - gf_sub_nr(b, d->y, a); /* 3+e */ - gf_add_nr(d->y, d->z, d->x); /* 2+e */ - gf_sub_nr(a, d->z, d->x); /* 3+e */ - gf_mul(d->z, a, d->y); - gf_mul(d->x, d->y, b); - gf_mul(d->y, a, c); - if (!before_double) - gf_mul(d->t, b, c); -} - -static void add_pniels_to_pt(curve448_point_t p, const pniels_t pn, - int before_double) -{ - gf L0; - - gf_mul(L0, p->z, pn->z); - gf_copy(p->z, L0); - add_niels_to_pt(p, pn->n, before_double); -} - -static void sub_pniels_from_pt(curve448_point_t p, const pniels_t pn, - int before_double) -{ - gf L0; - - gf_mul(L0, p->z, pn->z); - gf_copy(p->z, L0); - sub_niels_from_pt(p, pn->n, before_double); -} - -c448_bool_t -ossl_curve448_point_eq(const curve448_point_t p, - const curve448_point_t q) -{ - mask_t succ; - gf a, b; - - /* equality mod 2-torsion compares x/y */ - gf_mul(a, p->y, q->x); - gf_mul(b, q->y, p->x); - succ = gf_eq(a, b); - - return mask_to_bool(succ); -} - -c448_bool_t -ossl_curve448_point_valid(const curve448_point_t p) -{ - mask_t out; - gf a, b, c; - - gf_mul(a, p->x, p->y); - gf_mul(b, p->z, p->t); - out = gf_eq(a, b); - gf_sqr(a, p->x); - gf_sqr(b, p->y); - gf_sub(a, b, a); - gf_sqr(b, p->t); - gf_mulw(c, b, TWISTED_D); - gf_sqr(b, p->z); - gf_add(b, b, c); - out &= gf_eq(a, b); - out &= ~gf_eq(p->z, ZERO); - return mask_to_bool(out); -} - -static ossl_inline void constant_time_lookup_niels(niels_s * RESTRICT ni, - const niels_t * table, - int nelts, int idx) -{ - constant_time_lookup(ni, table, sizeof(niels_s), nelts, idx); -} - -void -ossl_curve448_precomputed_scalarmul(curve448_point_t out, - const curve448_precomputed_s * table, - const curve448_scalar_t scalar) -{ - unsigned int i, j, k; - const unsigned int n = COMBS_N, t = COMBS_T, s = COMBS_S; - niels_t ni; - curve448_scalar_t scalar1x; - - ossl_curve448_scalar_add(scalar1x, scalar, precomputed_scalarmul_adjustment); - ossl_curve448_scalar_halve(scalar1x, scalar1x); - - for (i = s; i > 0; i--) { - if (i != s) - point_double_internal(out, out, 0); - - for (j = 0; j < n; j++) { - int tab = 0; - mask_t invert; - - for (k = 0; k < t; k++) { - unsigned int bit = (i - 1) + s * (k + j * t); - - if (bit < C448_SCALAR_BITS) - tab |= - (scalar1x->limb[bit / WBITS] >> (bit % WBITS) & 1) << k; - } - - invert = (tab >> (t - 1)) - 1; - tab ^= invert; - tab &= (1 << (t - 1)) - 1; - - constant_time_lookup_niels(ni, &table->table[j << (t - 1)], - 1 << (t - 1), tab); - - cond_neg_niels(ni, invert); - if ((i != s) || j != 0) - add_niels_to_pt(out, ni, j == n - 1 && i != 1); - else - niels_to_pt(out, ni); - } - } - - OPENSSL_cleanse(ni, sizeof(ni)); - OPENSSL_cleanse(scalar1x, sizeof(scalar1x)); -} - -void -ossl_curve448_point_mul_by_ratio_and_encode_like_eddsa( - uint8_t enc[EDDSA_448_PUBLIC_BYTES], - const curve448_point_t p) -{ - gf x, y, z, t; - curve448_point_t q; - - /* The point is now on the twisted curve. Move it to untwisted. */ - curve448_point_copy(q, p); - - { - /* 4-isogeny: 2xy/(y^+x^2), (y^2-x^2)/(2z^2-y^2+x^2) */ - gf u; - - gf_sqr(x, q->x); - gf_sqr(t, q->y); - gf_add(u, x, t); - gf_add(z, q->y, q->x); - gf_sqr(y, z); - gf_sub(y, y, u); - gf_sub(z, t, x); - gf_sqr(x, q->z); - gf_add(t, x, x); - gf_sub(t, t, z); - gf_mul(x, t, y); - gf_mul(y, z, u); - gf_mul(z, u, t); - OPENSSL_cleanse(u, sizeof(u)); - } - - /* Affinize */ - gf_invert(z, z, 1); - gf_mul(t, x, z); - gf_mul(x, y, z); - - /* Encode */ - enc[EDDSA_448_PRIVATE_BYTES - 1] = 0; - gf_serialize(enc, x, 1); - enc[EDDSA_448_PRIVATE_BYTES - 1] |= 0x80 & gf_lobit(t); - - OPENSSL_cleanse(x, sizeof(x)); - OPENSSL_cleanse(y, sizeof(y)); - OPENSSL_cleanse(z, sizeof(z)); - OPENSSL_cleanse(t, sizeof(t)); - ossl_curve448_point_destroy(q); -} - -c448_error_t -ossl_curve448_point_decode_like_eddsa_and_mul_by_ratio( - curve448_point_t p, - const uint8_t enc[EDDSA_448_PUBLIC_BYTES]) -{ - uint8_t enc2[EDDSA_448_PUBLIC_BYTES]; - mask_t low; - mask_t succ; - - memcpy(enc2, enc, sizeof(enc2)); - - low = ~word_is_zero(enc2[EDDSA_448_PRIVATE_BYTES - 1] & 0x80); - enc2[EDDSA_448_PRIVATE_BYTES - 1] &= ~0x80; - - succ = gf_deserialize(p->y, enc2, 1, 0); - succ &= word_is_zero(enc2[EDDSA_448_PRIVATE_BYTES - 1]); - - gf_sqr(p->x, p->y); - gf_sub(p->z, ONE, p->x); /* num = 1-y^2 */ - gf_mulw(p->t, p->x, EDWARDS_D); /* dy^2 */ - gf_sub(p->t, ONE, p->t); /* denom = 1-dy^2 or 1-d + dy^2 */ - - gf_mul(p->x, p->z, p->t); - succ &= gf_isr(p->t, p->x); /* 1/sqrt(num * denom) */ - - gf_mul(p->x, p->t, p->z); /* sqrt(num / denom) */ - gf_cond_neg(p->x, gf_lobit(p->x) ^ low); - gf_copy(p->z, ONE); - - { - gf a, b, c, d; - - /* 4-isogeny 2xy/(y^2-ax^2), (y^2+ax^2)/(2-y^2-ax^2) */ - gf_sqr(c, p->x); - gf_sqr(a, p->y); - gf_add(d, c, a); - gf_add(p->t, p->y, p->x); - gf_sqr(b, p->t); - gf_sub(b, b, d); - gf_sub(p->t, a, c); - gf_sqr(p->x, p->z); - gf_add(p->z, p->x, p->x); - gf_sub(a, p->z, d); - gf_mul(p->x, a, b); - gf_mul(p->z, p->t, a); - gf_mul(p->y, p->t, d); - gf_mul(p->t, b, d); - OPENSSL_cleanse(a, sizeof(a)); - OPENSSL_cleanse(b, sizeof(b)); - OPENSSL_cleanse(c, sizeof(c)); - OPENSSL_cleanse(d, sizeof(d)); - } - - OPENSSL_cleanse(enc2, sizeof(enc2)); - assert(ossl_curve448_point_valid(p) || ~succ); - - return c448_succeed_if(mask_to_bool(succ)); -} - -c448_error_t -ossl_x448_int(uint8_t out[X_PUBLIC_BYTES], - const uint8_t base[X_PUBLIC_BYTES], - const uint8_t scalar[X_PRIVATE_BYTES]) -{ - gf x1, x2, z2, x3, z3, t1, t2; - int t; - mask_t swap = 0; - mask_t nz; - - (void)gf_deserialize(x1, base, 1, 0); - gf_copy(x2, ONE); - gf_copy(z2, ZERO); - gf_copy(x3, x1); - gf_copy(z3, ONE); - - for (t = X_PRIVATE_BITS - 1; t >= 0; t--) { - uint8_t sb = scalar[t / 8]; - mask_t k_t; - - /* Scalar conditioning */ - if (t / 8 == 0) - sb &= -(uint8_t)COFACTOR; - else if (t == X_PRIVATE_BITS - 1) - sb = -1; - - k_t = (sb >> (t % 8)) & 1; - k_t = 0 - k_t; /* set to all 0s or all 1s */ - - swap ^= k_t; - gf_cond_swap(x2, x3, swap); - gf_cond_swap(z2, z3, swap); - swap = k_t; - - /* - * The "_nr" below skips coefficient reduction. In the following - * comments, "2+e" is saying that the coefficients are at most 2+epsilon - * times the reduction limit. - */ - gf_add_nr(t1, x2, z2); /* A = x2 + z2 */ /* 2+e */ - gf_sub_nr(t2, x2, z2); /* B = x2 - z2 */ /* 3+e */ - gf_sub_nr(z2, x3, z3); /* D = x3 - z3 */ /* 3+e */ - gf_mul(x2, t1, z2); /* DA */ - gf_add_nr(z2, z3, x3); /* C = x3 + z3 */ /* 2+e */ - gf_mul(x3, t2, z2); /* CB */ - gf_sub_nr(z3, x2, x3); /* DA-CB */ /* 3+e */ - gf_sqr(z2, z3); /* (DA-CB)^2 */ - gf_mul(z3, x1, z2); /* z3 = x1(DA-CB)^2 */ - gf_add_nr(z2, x2, x3); /* (DA+CB) */ /* 2+e */ - gf_sqr(x3, z2); /* x3 = (DA+CB)^2 */ - - gf_sqr(z2, t1); /* AA = A^2 */ - gf_sqr(t1, t2); /* BB = B^2 */ - gf_mul(x2, z2, t1); /* x2 = AA*BB */ - gf_sub_nr(t2, z2, t1); /* E = AA-BB */ /* 3+e */ - - gf_mulw(t1, t2, -EDWARDS_D); /* E*-d = a24*E */ - gf_add_nr(t1, t1, z2); /* AA + a24*E */ /* 2+e */ - gf_mul(z2, t2, t1); /* z2 = E(AA+a24*E) */ - } - - /* Finish */ - gf_cond_swap(x2, x3, swap); - gf_cond_swap(z2, z3, swap); - gf_invert(z2, z2, 0); - gf_mul(x1, x2, z2); - gf_serialize(out, x1, 1); - nz = ~gf_eq(x1, ZERO); - - OPENSSL_cleanse(x1, sizeof(x1)); - OPENSSL_cleanse(x2, sizeof(x2)); - OPENSSL_cleanse(z2, sizeof(z2)); - OPENSSL_cleanse(x3, sizeof(x3)); - OPENSSL_cleanse(z3, sizeof(z3)); - OPENSSL_cleanse(t1, sizeof(t1)); - OPENSSL_cleanse(t2, sizeof(t2)); - - return c448_succeed_if(mask_to_bool(nz)); -} - -void -ossl_curve448_point_mul_by_ratio_and_encode_like_x448(uint8_t - out[X_PUBLIC_BYTES], - const curve448_point_t p) -{ - curve448_point_t q; - - curve448_point_copy(q, p); - gf_invert(q->t, q->x, 0); /* 1/x */ - gf_mul(q->z, q->t, q->y); /* y/x */ - gf_sqr(q->y, q->z); /* (y/x)^2 */ - gf_serialize(out, q->y, 1); - ossl_curve448_point_destroy(q); -} - -void ossl_x448_derive_public_key(uint8_t out[X_PUBLIC_BYTES], - const uint8_t scalar[X_PRIVATE_BYTES]) -{ - /* Scalar conditioning */ - uint8_t scalar2[X_PRIVATE_BYTES]; - curve448_scalar_t the_scalar; - curve448_point_t p; - unsigned int i; - - memcpy(scalar2, scalar, sizeof(scalar2)); - scalar2[0] &= -(uint8_t)COFACTOR; - - scalar2[X_PRIVATE_BYTES - 1] &= ~((0u - 1u) << ((X_PRIVATE_BITS + 7) % 8)); - scalar2[X_PRIVATE_BYTES - 1] |= 1 << ((X_PRIVATE_BITS + 7) % 8); - - ossl_curve448_scalar_decode_long(the_scalar, scalar2, sizeof(scalar2)); - - /* Compensate for the encoding ratio */ - for (i = 1; i < X448_ENCODE_RATIO; i <<= 1) - ossl_curve448_scalar_halve(the_scalar, the_scalar); - - ossl_curve448_precomputed_scalarmul(p, ossl_curve448_precomputed_base, - the_scalar); - ossl_curve448_point_mul_by_ratio_and_encode_like_x448(out, p); - ossl_curve448_point_destroy(p); -} - -/* Control for variable-time scalar multiply algorithms. */ -struct smvt_control { - int power, addend; -}; - -#if defined(__GNUC__) && (__GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ > 3)) -# define NUMTRAILINGZEROS __builtin_ctz -#else -# define NUMTRAILINGZEROS numtrailingzeros -static uint32_t numtrailingzeros(uint32_t i) -{ - uint32_t tmp; - uint32_t num = 31; - - if (i == 0) - return 32; - - tmp = i << 16; - if (tmp != 0) { - i = tmp; - num -= 16; - } - tmp = i << 8; - if (tmp != 0) { - i = tmp; - num -= 8; - } - tmp = i << 4; - if (tmp != 0) { - i = tmp; - num -= 4; - } - tmp = i << 2; - if (tmp != 0) { - i = tmp; - num -= 2; - } - tmp = i << 1; - if (tmp != 0) - num--; - - return num; -} -#endif - -static int recode_wnaf(struct smvt_control *control, - /* [nbits/(table_bits + 1) + 3] */ - const curve448_scalar_t scalar, - unsigned int table_bits) -{ - unsigned int table_size = C448_SCALAR_BITS / (table_bits + 1) + 3; - int position = table_size - 1; /* at the end */ - uint64_t current = scalar->limb[0] & 0xFFFF; - uint32_t mask = (1 << (table_bits + 1)) - 1; - unsigned int w; - const unsigned int B_OVER_16 = sizeof(scalar->limb[0]) / 2; - unsigned int n, i; - - /* place the end marker */ - control[position].power = -1; - control[position].addend = 0; - position--; - - /* - * PERF: Could negate scalar if it's large. But then would need more cases - * in the actual code that uses it, all for an expected reduction of like - * 1/5 op. Probably not worth it. - */ - - for (w = 1; w < (C448_SCALAR_BITS - 1) / 16 + 3; w++) { - if (w < (C448_SCALAR_BITS - 1) / 16 + 1) { - /* Refill the 16 high bits of current */ - current += (uint32_t)((scalar->limb[w / B_OVER_16] - >> (16 * (w % B_OVER_16))) << 16); - } - - while (current & 0xFFFF) { - uint32_t pos = NUMTRAILINGZEROS((uint32_t)current); - uint32_t odd = (uint32_t)current >> pos; - int32_t delta = odd & mask; - - assert(position >= 0); - assert(pos < 32); /* can't fail since current & 0xFFFF != 0 */ - if (odd & (1 << (table_bits + 1))) - delta -= (1 << (table_bits + 1)); - current -= delta * (1 << pos); - control[position].power = pos + 16 * (w - 1); - control[position].addend = delta; - position--; - } - current >>= 16; - } - assert(current == 0); - - position++; - n = table_size - position; - for (i = 0; i < n; i++) - control[i] = control[i + position]; - - return n - 1; -} - -static void prepare_wnaf_table(pniels_t * output, - const curve448_point_t working, - unsigned int tbits) -{ - curve448_point_t tmp; - int i; - pniels_t twop; - - pt_to_pniels(output[0], working); - - if (tbits == 0) - return; - - ossl_curve448_point_double(tmp, working); - pt_to_pniels(twop, tmp); - - add_pniels_to_pt(tmp, output[0], 0); - pt_to_pniels(output[1], tmp); - - for (i = 2; i < 1 << tbits; i++) { - add_pniels_to_pt(tmp, twop, 0); - pt_to_pniels(output[i], tmp); - } - - ossl_curve448_point_destroy(tmp); - OPENSSL_cleanse(twop, sizeof(twop)); -} - -void -ossl_curve448_base_double_scalarmul_non_secret(curve448_point_t combo, - const curve448_scalar_t scalar1, - const curve448_point_t base2, - const curve448_scalar_t scalar2) -{ - const int table_bits_var = C448_WNAF_VAR_TABLE_BITS; - const int table_bits_pre = C448_WNAF_FIXED_TABLE_BITS; - struct smvt_control control_var[C448_SCALAR_BITS / - (C448_WNAF_VAR_TABLE_BITS + 1) + 3]; - struct smvt_control control_pre[C448_SCALAR_BITS / - (C448_WNAF_FIXED_TABLE_BITS + 1) + 3]; - int ncb_pre = recode_wnaf(control_pre, scalar1, table_bits_pre); - int ncb_var = recode_wnaf(control_var, scalar2, table_bits_var); - pniels_t precmp_var[1 << C448_WNAF_VAR_TABLE_BITS]; - int contp = 0, contv = 0, i; - - prepare_wnaf_table(precmp_var, base2, table_bits_var); - i = control_var[0].power; - - if (i < 0) { - curve448_point_copy(combo, ossl_curve448_point_identity); - return; - } - if (i > control_pre[0].power) { - pniels_to_pt(combo, precmp_var[control_var[0].addend >> 1]); - contv++; - } else if (i == control_pre[0].power && i >= 0) { - pniels_to_pt(combo, precmp_var[control_var[0].addend >> 1]); - add_niels_to_pt(combo, - ossl_curve448_wnaf_base[control_pre[0].addend >> 1], - i); - contv++; - contp++; - } else { - i = control_pre[0].power; - niels_to_pt(combo, ossl_curve448_wnaf_base[control_pre[0].addend >> 1]); - contp++; - } - - for (i--; i >= 0; i--) { - int cv = (i == control_var[contv].power); - int cp = (i == control_pre[contp].power); - - point_double_internal(combo, combo, i && !(cv || cp)); - - if (cv) { - assert(control_var[contv].addend); - - if (control_var[contv].addend > 0) - add_pniels_to_pt(combo, - precmp_var[control_var[contv].addend >> 1], - i && !cp); - else - sub_pniels_from_pt(combo, - precmp_var[(-control_var[contv].addend) - >> 1], i && !cp); - contv++; - } - - if (cp) { - assert(control_pre[contp].addend); - - if (control_pre[contp].addend > 0) - add_niels_to_pt(combo, - ossl_curve448_wnaf_base[control_pre[contp].addend - >> 1], i); - else - sub_niels_from_pt(combo, - ossl_curve448_wnaf_base[(-control_pre - [contp].addend) >> 1], i); - contp++; - } - } - - /* This function is non-secret, but whatever this is cheap. */ - OPENSSL_cleanse(control_var, sizeof(control_var)); - OPENSSL_cleanse(control_pre, sizeof(control_pre)); - OPENSSL_cleanse(precmp_var, sizeof(precmp_var)); - - assert(contv == ncb_var); - (void)ncb_var; - assert(contp == ncb_pre); - (void)ncb_pre; -} - -void ossl_curve448_point_destroy(curve448_point_t point) -{ - OPENSSL_cleanse(point, sizeof(curve448_point_t)); -} - -int ossl_x448(uint8_t out_shared_key[56], const uint8_t private_key[56], - const uint8_t peer_public_value[56]) -{ - return ossl_x448_int(out_shared_key, peer_public_value, private_key) - == C448_SUCCESS; -} - -void ossl_x448_public_from_private(uint8_t out_public_value[56], - const uint8_t private_key[56]) -{ - ossl_x448_derive_public_key(out_public_value, private_key); -} diff --git a/crypto/ec/curve448/curve448_local.h b/crypto/ec/curve448/curve448_local.h deleted file mode 100644 index 3410f091a65547be7256c0925dc2347508245c28..0000000000000000000000000000000000000000 --- a/crypto/ec/curve448/curve448_local.h +++ /dev/null @@ -1,24 +0,0 @@ -/* - * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ -#ifndef OSSL_CRYPTO_EC_CURVE448_LOCAL_H -# define OSSL_CRYPTO_EC_CURVE448_LOCAL_H -# include "curve448utils.h" - -int -ossl_ed448ph_sign(OSSL_LIB_CTX *ctx, uint8_t *out_sig, const uint8_t hash[64], - const uint8_t public_key[57], const uint8_t private_key[57], - const uint8_t *context, size_t context_len, const char *propq); - -int -ossl_ed448ph_verify(OSSL_LIB_CTX *ctx, const uint8_t hash[64], - const uint8_t signature[114], const uint8_t public_key[57], - const uint8_t *context, size_t context_len, - const char *propq); - -#endif /* OSSL_CRYPTO_EC_CURVE448_LOCAL_H */ diff --git a/crypto/ec/curve448/curve448_tables.c b/crypto/ec/curve448/curve448_tables.c deleted file mode 100644 index 0c6f626b3e6e8ec9b05268a851877f357c220d2a..0000000000000000000000000000000000000000 --- a/crypto/ec/curve448/curve448_tables.c +++ /dev/null @@ -1,1483 +0,0 @@ -/* - * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. - * Copyright 2015-2016 Cryptography Research, Inc. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - * - * Originally written by Mike Hamburg - */ -#include "field.h" - -#include "point_448.h" - -static const curve448_precomputed_s curve448_precomputed_base_table = { - { - {{ - {FIELD_LITERAL(0x00cc3b062366f4ccULL, 0x003d6e34e314aa3cULL, - 0x00d51c0a7521774dULL, 0x0094e060eec6ab8bULL, - 0x00d21291b4d80082ULL, 0x00befed12b55ef1eULL, - 0x00c3dd2df5c94518ULL, 0x00e0a7b112b8d4e6ULL)}, - {FIELD_LITERAL(0x0019eb5608d8723aULL, 0x00d1bab52fb3aedbULL, - 0x00270a7311ebc90cULL, 0x0037c12b91be7f13ULL, - 0x005be16cd8b5c704ULL, 0x003e181acda888e1ULL, - 0x00bc1f00fc3fc6d0ULL, 0x00d3839bfa319e20ULL)}, - {FIELD_LITERAL(0x003caeb88611909fULL, 0x00ea8b378c4df3d4ULL, - 0x00b3295b95a5a19aULL, 0x00a65f97514bdfb5ULL, - 0x00b39efba743cab1ULL, 0x0016ba98b862fd2dULL, - 0x0001508812ee71d7ULL, 0x000a75740eea114aULL)}, - }}, {{ - {FIELD_LITERAL(0x00ebcf0eb649f823ULL, 0x00166d332e98ea03ULL, - 0x0059ddf64f5cd5f6ULL, 0x0047763123d9471bULL, - 0x00a64065c53ef62fULL, 0x00978e44c480153dULL, - 0x000b5b2a0265f194ULL, 0x0046a24b9f32965aULL)}, - {FIELD_LITERAL(0x00b9eef787034df0ULL, 0x0020bc24de3390cdULL, - 0x000022160bae99bbULL, 0x00ae66e886e97946ULL, - 0x0048d4bbe02cbb8bULL, 0x0072ba97b34e38d4ULL, - 0x00eae7ec8f03e85aULL, 0x005ba92ecf808b2cULL)}, - {FIELD_LITERAL(0x00c9cfbbe74258fdULL, 0x00843a979ea9eaa7ULL, - 0x000cbb4371cfbe90ULL, 0x0059bac8f7f0a628ULL, - 0x004b3dff882ff530ULL, 0x0011869df4d90733ULL, - 0x00595aa71f4abfc2ULL, 0x0070e2d38990c2e6ULL)}, - }}, {{ - {FIELD_LITERAL(0x00de2010c0a01733ULL, 0x00c739a612e24297ULL, - 0x00a7212643141d7cULL, 0x00f88444f6b67c11ULL, - 0x00484b7b16ec28f2ULL, 0x009c1b8856af9c68ULL, - 0x00ff4669591fe9d6ULL, 0x0054974be08a32c8ULL)}, - {FIELD_LITERAL(0x0010de3fd682ceedULL, 0x008c07642d83ca4eULL, - 0x0013bb064e00a1ccULL, 0x009411ae27870e11ULL, - 0x00ea8e5b4d531223ULL, 0x0032fe7d2aaece2eULL, - 0x00d989e243e7bb41ULL, 0x000fe79a508e9b8bULL)}, - {FIELD_LITERAL(0x005e0426b9bfc5b1ULL, 0x0041a5b1d29ee4faULL, - 0x0015b0def7774391ULL, 0x00bc164f1f51af01ULL, - 0x00d543b0942797b9ULL, 0x003c129b6398099cULL, - 0x002b114c6e5adf18ULL, 0x00b4e630e4018a7bULL)}, - }}, {{ - {FIELD_LITERAL(0x00d490afc95f8420ULL, 0x00b096bf50c1d9b9ULL, - 0x00799fd707679866ULL, 0x007c74d9334afbeaULL, - 0x00efaa8be80ff4edULL, 0x0075c4943bb81694ULL, - 0x00c21c2fca161f36ULL, 0x00e77035d492bfeeULL)}, - {FIELD_LITERAL(0x006658a190dd6661ULL, 0x00e0e9bab38609a6ULL, - 0x0028895c802237edULL, 0x006a0229c494f587ULL, - 0x002dcde96c9916b7ULL, 0x00d158822de16218ULL, - 0x00173b917a06856fULL, 0x00ca78a79ae07326ULL)}, - {FIELD_LITERAL(0x00e35bfc79caced4ULL, 0x0087238a3e1fe3bbULL, - 0x00bcbf0ff4ceff5bULL, 0x00a19c1c94099b91ULL, - 0x0071e102b49db976ULL, 0x0059e3d004eada1eULL, - 0x008da78afa58a47eULL, 0x00579c8ebf269187ULL)}, - }}, {{ - {FIELD_LITERAL(0x00a16c2905eee75fULL, 0x009d4bcaea2c7e1dULL, - 0x00d3bd79bfad19dfULL, 0x0050da745193342cULL, - 0x006abdb8f6b29ab1ULL, 0x00a24fe0a4fef7efULL, - 0x0063730da1057dfbULL, 0x00a08c312c8eb108ULL)}, - {FIELD_LITERAL(0x00b583be005375beULL, 0x00a40c8f8a4e3df4ULL, - 0x003fac4a8f5bdbf7ULL, 0x00d4481d872cd718ULL, - 0x004dc8749cdbaefeULL, 0x00cce740d5e5c975ULL, - 0x000b1c1f4241fd21ULL, 0x00a76de1b4e1cd07ULL)}, - {FIELD_LITERAL(0x007a076500d30b62ULL, 0x000a6e117b7f090fULL, - 0x00c8712ae7eebd9aULL, 0x000fbd6c1d5f6ff7ULL, - 0x003a7977246ebf11ULL, 0x00166ed969c6600eULL, - 0x00aa42e469c98becULL, 0x00dc58f307cf0666ULL)}, - }}, {{ - {FIELD_LITERAL(0x004b491f65a9a28bULL, 0x006a10309e8a55b7ULL, - 0x00b67210185187efULL, 0x00cf6497b12d9b8fULL, - 0x0085778c56e2b1baULL, 0x0015b4c07a814d85ULL, - 0x00686479e62da561ULL, 0x008de5d88f114916ULL)}, - {FIELD_LITERAL(0x00e37c88d6bba7b1ULL, 0x003e4577e1b8d433ULL, - 0x0050d8ea5f510ec0ULL, 0x0042fc9f2da9ef59ULL, - 0x003bd074c1141420ULL, 0x00561b8b7b68774eULL, - 0x00232e5e5d1013a3ULL, 0x006b7f2cb3d7e73fULL)}, - {FIELD_LITERAL(0x004bdd0f0b41e6a0ULL, 0x001773057c405d24ULL, - 0x006029f99915bd97ULL, 0x006a5ba70a17fe2fULL, - 0x0046111977df7e08ULL, 0x004d8124c89fb6b7ULL, - 0x00580983b2bb2724ULL, 0x00207bf330d6f3feULL)}, - }}, {{ - {FIELD_LITERAL(0x007efdc93972a48bULL, 0x002f5e50e78d5feeULL, - 0x0080dc11d61c7fe5ULL, 0x0065aa598707245bULL, - 0x009abba2300641beULL, 0x000c68787656543aULL, - 0x00ffe0fef2dc0a17ULL, 0x00007ffbd6cb4f3aULL)}, - {FIELD_LITERAL(0x0036012f2b836efcULL, 0x00458c126d6b5fbcULL, - 0x00a34436d719ad1eULL, 0x0097be6167117deaULL, - 0x0009c219c879cff3ULL, 0x0065564493e60755ULL, - 0x00993ac94a8cdec0ULL, 0x002d4885a4d0dbafULL)}, - {FIELD_LITERAL(0x00598b60b4c068baULL, 0x00c547a0be7f1afdULL, - 0x009582164acf12afULL, 0x00af4acac4fbbe40ULL, - 0x005f6ca7c539121aULL, 0x003b6e752ebf9d66ULL, - 0x00f08a30d5cac5d4ULL, 0x00e399bb5f97c5a9ULL)}, - }}, {{ - {FIELD_LITERAL(0x007445a0409c0a66ULL, 0x00a65c369f3829c0ULL, - 0x0031d248a4f74826ULL, 0x006817f34defbe8eULL, - 0x00649741d95ebf2eULL, 0x00d46466ab16b397ULL, - 0x00fdc35703bee414ULL, 0x00343b43334525f8ULL)}, - {FIELD_LITERAL(0x001796bea93f6401ULL, 0x00090c5a42e85269ULL, - 0x00672412ba1252edULL, 0x001201d47b6de7deULL, - 0x006877bccfe66497ULL, 0x00b554fd97a4c161ULL, - 0x009753f42dbac3cfULL, 0x00e983e3e378270aULL)}, - {FIELD_LITERAL(0x00ac3eff18849872ULL, 0x00f0eea3bff05690ULL, - 0x00a6d72c21dd505dULL, 0x001b832642424169ULL, - 0x00a6813017b540e5ULL, 0x00a744bd71b385cdULL, - 0x0022a7d089130a7bULL, 0x004edeec9a133486ULL)}, - }}, {{ - {FIELD_LITERAL(0x00b2d6729196e8a9ULL, 0x0088a9bb2031cef4ULL, - 0x00579e7787dc1567ULL, 0x0030f49feb059190ULL, - 0x00a0b1d69c7f7d8fULL, 0x0040bdcc6d9d806fULL, - 0x00d76c4037edd095ULL, 0x00bbf24376415dd7ULL)}, - {FIELD_LITERAL(0x00240465ff5a7197ULL, 0x00bb97e76caf27d0ULL, - 0x004b4edbf8116d39ULL, 0x001d8586f708cbaaULL, - 0x000f8ee8ff8e4a50ULL, 0x00dde5a1945dd622ULL, - 0x00e6fc1c0957e07cULL, 0x0041c9cdabfd88a0ULL)}, - {FIELD_LITERAL(0x005344b0bf5b548cULL, 0x002957d0b705cc99ULL, - 0x00f586a70390553dULL, 0x0075b3229f583cc3ULL, - 0x00a1aa78227490e4ULL, 0x001bf09cf7957717ULL, - 0x00cf6bf344325f52ULL, 0x0065bd1c23ca3ecfULL)}, - }}, {{ - {FIELD_LITERAL(0x009bff3b3239363cULL, 0x00e17368796ef7c0ULL, - 0x00528b0fe0971f3aULL, 0x0008014fc8d4a095ULL, - 0x00d09f2e8a521ec4ULL, 0x006713ab5dde5987ULL, - 0x0003015758e0dbb1ULL, 0x00215999f1ba212dULL)}, - {FIELD_LITERAL(0x002c88e93527da0eULL, 0x0077c78f3456aad5ULL, - 0x0071087a0a389d1cULL, 0x00934dac1fb96dbdULL, - 0x008470e801162697ULL, 0x005bc2196cd4ad49ULL, - 0x00e535601d5087c3ULL, 0x00769888700f497fULL)}, - {FIELD_LITERAL(0x00da7a4b557298adULL, 0x0019d2589ea5df76ULL, - 0x00ef3e38be0c6497ULL, 0x00a9644e1312609aULL, - 0x004592f61b2558daULL, 0x0082c1df510d7e46ULL, - 0x0042809a535c0023ULL, 0x00215bcb5afd7757ULL)}, - }}, {{ - {FIELD_LITERAL(0x002b9df55a1a4213ULL, 0x00dcfc3b464a26beULL, - 0x00c4f9e07a8144d5ULL, 0x00c8e0617a92b602ULL, - 0x008e3c93accafae0ULL, 0x00bf1bcb95b2ca60ULL, - 0x004ce2426a613bf3ULL, 0x00266cac58e40921ULL)}, - {FIELD_LITERAL(0x008456d5db76e8f0ULL, 0x0032ca9cab2ce163ULL, - 0x0059f2b8bf91abcfULL, 0x0063c2a021712788ULL, - 0x00f86155af22f72dULL, 0x00db98b2a6c005a0ULL, - 0x00ac6e416a693ac4ULL, 0x007a93572af53226ULL)}, - {FIELD_LITERAL(0x0087767520f0de22ULL, 0x0091f64012279fb5ULL, - 0x001050f1f0644999ULL, 0x004f097a2477ad3cULL, - 0x006b37913a9947bdULL, 0x001a3d78645af241ULL, - 0x0057832bbb3008a7ULL, 0x002c1d902b80dc20ULL)}, - }}, {{ - {FIELD_LITERAL(0x001a6002bf178877ULL, 0x009bce168aa5af50ULL, - 0x005fc318ff04a7f5ULL, 0x0052818f55c36461ULL, - 0x008768f5d4b24afbULL, 0x0037ffbae7b69c85ULL, - 0x0018195a4b61edc0ULL, 0x001e12ea088434b2ULL)}, - {FIELD_LITERAL(0x0047d3f804e7ab07ULL, 0x00a809ab5f905260ULL, - 0x00b3ffc7cdaf306dULL, 0x00746e8ec2d6e509ULL, - 0x00d0dade8887a645ULL, 0x00acceeebde0dd37ULL, - 0x009bc2579054686bULL, 0x0023804f97f1c2bfULL)}, - {FIELD_LITERAL(0x0043e2e2e50b80d7ULL, 0x00143aafe4427e0fULL, - 0x005594aaecab855bULL, 0x008b12ccaaecbc01ULL, - 0x002deeb091082bc3ULL, 0x009cca4be2ae7514ULL, - 0x00142b96e696d047ULL, 0x00ad2a2b1c05256aULL)}, - }}, {{ - {FIELD_LITERAL(0x003914f2f144b78bULL, 0x007a95dd8bee6f68ULL, - 0x00c7f4384d61c8e6ULL, 0x004e51eb60f1bdb2ULL, - 0x00f64be7aa4621d8ULL, 0x006797bfec2f0ac0ULL, - 0x007d17aab3c75900ULL, 0x001893e73cac8bc5ULL)}, - {FIELD_LITERAL(0x00140360b768665bULL, 0x00b68aca4967f977ULL, - 0x0001089b66195ae4ULL, 0x00fe71122185e725ULL, - 0x000bca2618d49637ULL, 0x00a54f0557d7e98aULL, - 0x00cdcd2f91d6f417ULL, 0x00ab8c13741fd793ULL)}, - {FIELD_LITERAL(0x00725ee6b1e549e0ULL, 0x007124a0769777faULL, - 0x000b68fdad07ae42ULL, 0x0085b909cd4952dfULL, - 0x0092d2e3c81606f4ULL, 0x009f22f6cac099a0ULL, - 0x00f59da57f2799a8ULL, 0x00f06c090122f777ULL)}, - }}, {{ - {FIELD_LITERAL(0x00ce0bed0a3532bcULL, 0x001a5048a22df16bULL, - 0x00e31db4cbad8bf1ULL, 0x00e89292120cf00eULL, - 0x007d1dd1a9b00034ULL, 0x00e2a9041ff8f680ULL, - 0x006a4c837ae596e7ULL, 0x00713af1068070b3ULL)}, - {FIELD_LITERAL(0x00c4fe64ce66d04bULL, 0x00b095d52e09b3d7ULL, - 0x00758bbecb1a3a8eULL, 0x00f35cce8d0650c0ULL, - 0x002b878aa5984473ULL, 0x0062e0a3b7544ddcULL, - 0x00b25b290ed116feULL, 0x007b0f6abe0bebf2ULL)}, - {FIELD_LITERAL(0x0081d4e3addae0a8ULL, 0x003410c836c7ffccULL, - 0x00c8129ad89e4314ULL, 0x000e3d5a23922dcdULL, - 0x00d91e46f29c31f3ULL, 0x006c728cde8c5947ULL, - 0x002bc655ba2566c0ULL, 0x002ca94721533108ULL)}, - }}, {{ - {FIELD_LITERAL(0x0051e4b3f764d8a9ULL, 0x0019792d46e904a0ULL, - 0x00853bc13dbc8227ULL, 0x000840208179f12dULL, - 0x0068243474879235ULL, 0x0013856fbfe374d0ULL, - 0x00bda12fe8676424ULL, 0x00bbb43635926eb2ULL)}, - {FIELD_LITERAL(0x0012cdc880a93982ULL, 0x003c495b21cd1b58ULL, - 0x00b7e5c93f22a26eULL, 0x0044aa82dfb99458ULL, - 0x009ba092cdffe9c0ULL, 0x00a14b3ab2083b73ULL, - 0x000271c2f70e1c4bULL, 0x00eea9cac0f66eb8ULL)}, - {FIELD_LITERAL(0x001a1847c4ac5480ULL, 0x00b1b412935bb03aULL, - 0x00f74285983bf2b2ULL, 0x00624138b5b5d0f1ULL, - 0x008820c0b03d38bfULL, 0x00b94e50a18c1572ULL, - 0x0060f6934841798fULL, 0x00c52f5d66d6ebe2ULL)}, - }}, {{ - {FIELD_LITERAL(0x00da23d59f9bcea6ULL, 0x00e0f27007a06a4bULL, - 0x00128b5b43a6758cULL, 0x000cf50190fa8b56ULL, - 0x00fc877aba2b2d72ULL, 0x00623bef52edf53fULL, - 0x00e6af6b819669e2ULL, 0x00e314dc34fcaa4fULL)}, - {FIELD_LITERAL(0x0066e5eddd164d1eULL, 0x00418a7c6fe28238ULL, - 0x0002e2f37e962c25ULL, 0x00f01f56b5975306ULL, - 0x0048842fa503875cULL, 0x0057b0e968078143ULL, - 0x00ff683024f3d134ULL, 0x0082ae28fcad12e4ULL)}, - {FIELD_LITERAL(0x0011ddfd21260e42ULL, 0x00d05b0319a76892ULL, - 0x00183ea4368e9b8fULL, 0x00b0815662affc96ULL, - 0x00b466a5e7ce7c88ULL, 0x00db93b07506e6eeULL, - 0x0033885f82f62401ULL, 0x0086f9090ec9b419ULL)}, - }}, {{ - {FIELD_LITERAL(0x00d95d1c5fcb435aULL, 0x0016d1ed6b5086f9ULL, - 0x00792aa0b7e54d71ULL, 0x0067b65715f1925dULL, - 0x00a219755ec6176bULL, 0x00bc3f026b12c28fULL, - 0x00700c897ffeb93eULL, 0x0089b83f6ec50b46ULL)}, - {FIELD_LITERAL(0x003c97e6384da36eULL, 0x00423d53eac81a09ULL, - 0x00b70d68f3cdce35ULL, 0x00ee7959b354b92cULL, - 0x00f4e9718819c8caULL, 0x009349f12acbffe9ULL, - 0x005aee7b62cb7da6ULL, 0x00d97764154ffc86ULL)}, - {FIELD_LITERAL(0x00526324babb46dcULL, 0x002ee99b38d7bf9eULL, - 0x007ea51794706ef4ULL, 0x00abeb04da6e3c39ULL, - 0x006b457c1d281060ULL, 0x00fe243e9a66c793ULL, - 0x00378de0fb6c6ee4ULL, 0x003e4194b9c3cb93ULL)}, - }}, {{ - {FIELD_LITERAL(0x00fed3cd80ca2292ULL, 0x0015b043a73ca613ULL, - 0x000a9fd7bf9be227ULL, 0x003b5e03de2db983ULL, - 0x005af72d46904ef7ULL, 0x00c0f1b5c49faa99ULL, - 0x00dc86fc3bd305e1ULL, 0x00c92f08c1cb1797ULL)}, - {FIELD_LITERAL(0x0079680ce111ed3bULL, 0x001a1ed82806122cULL, - 0x000c2e7466d15df3ULL, 0x002c407f6f7150fdULL, - 0x00c5e7c96b1b0ce3ULL, 0x009aa44626863ff9ULL, - 0x00887b8b5b80be42ULL, 0x00b6023cec964825ULL)}, - {FIELD_LITERAL(0x00e4a8e1048970c8ULL, 0x0062887b7830a302ULL, - 0x00bcf1c8cd81402bULL, 0x0056dbb81a68f5beULL, - 0x0014eced83f12452ULL, 0x00139e1a510150dfULL, - 0x00bb81140a82d1a3ULL, 0x000febcc1aaf1aa7ULL)}, - }}, {{ - {FIELD_LITERAL(0x00a7527958238159ULL, 0x0013ec9537a84cd6ULL, - 0x001d7fee7d562525ULL, 0x00b9eefa6191d5e5ULL, - 0x00dbc97db70bcb8aULL, 0x00481affc7a4d395ULL, - 0x006f73d3e70c31bbULL, 0x00183f324ed96a61ULL)}, - {FIELD_LITERAL(0x0039dd7ce7fc6860ULL, 0x00d64f6425653da1ULL, - 0x003e037c7f57d0afULL, 0x0063477a06e2bcf2ULL, - 0x001727dbb7ac67e6ULL, 0x0049589f5efafe2eULL, - 0x00fc0fef2e813d54ULL, 0x008baa5d087fb50dULL)}, - {FIELD_LITERAL(0x0024fb59d9b457c7ULL, 0x00a7d4e060223e4cULL, - 0x00c118d1b555fd80ULL, 0x0082e216c732f22aULL, - 0x00cd2a2993089504ULL, 0x003638e836a3e13dULL, - 0x000d855ee89b4729ULL, 0x008ec5b7d4810c91ULL)}, - }}, {{ - {FIELD_LITERAL(0x001bf51f7d65cdfdULL, 0x00d14cdafa16a97dULL, - 0x002c38e60fcd10e7ULL, 0x00a27446e393efbdULL, - 0x000b5d8946a71fddULL, 0x0063df2cde128f2fULL, - 0x006c8679569b1888ULL, 0x0059ffc4925d732dULL)}, - {FIELD_LITERAL(0x00ece96f95f2b66fULL, 0x00ece7952813a27bULL, - 0x0026fc36592e489eULL, 0x007157d1a2de0f66ULL, - 0x00759dc111d86ddfULL, 0x0012881e5780bb0fULL, - 0x00c8ccc83ad29496ULL, 0x0012b9bd1929eb71ULL)}, - {FIELD_LITERAL(0x000fa15a20da5df0ULL, 0x00349ddb1a46cd31ULL, - 0x002c512ad1d8e726ULL, 0x00047611f669318dULL, - 0x009e68fba591e17eULL, 0x004320dffa803906ULL, - 0x00a640874951a3d3ULL, 0x00b6353478baa24fULL)}, - }}, {{ - {FIELD_LITERAL(0x009696510000d333ULL, 0x00ec2f788bc04826ULL, - 0x000e4d02b1f67ba5ULL, 0x00659aa8dace08b6ULL, - 0x00d7a38a3a3ae533ULL, 0x008856defa8c746bULL, - 0x004d7a4402d3da1aULL, 0x00ea82e06229260fULL)}, - {FIELD_LITERAL(0x006a15bb20f75c0cULL, 0x0079a144027a5d0cULL, - 0x00d19116ce0b4d70ULL, 0x0059b83bcb0b268eULL, - 0x005f58f63f16c127ULL, 0x0079958318ee2c37ULL, - 0x00defbb063d07f82ULL, 0x00f1f0b931d2d446ULL)}, - {FIELD_LITERAL(0x00cb5e4c3c35d422ULL, 0x008df885ca43577fULL, - 0x00fa50b16ca3e471ULL, 0x005a0e58e17488c8ULL, - 0x00b2ceccd6d34d19ULL, 0x00f01d5d235e36e9ULL, - 0x00db2e7e4be6ca44ULL, 0x00260ab77f35fccdULL)}, - }}, {{ - {FIELD_LITERAL(0x006f6fd9baac61d5ULL, 0x002a7710a020a895ULL, - 0x009de0db7fc03d4dULL, 0x00cdedcb1875f40bULL, - 0x00050caf9b6b1e22ULL, 0x005e3a6654456ab0ULL, - 0x00775fdf8c4423d4ULL, 0x0028701ea5738b5dULL)}, - {FIELD_LITERAL(0x009ffd90abfeae96ULL, 0x00cba3c2b624a516ULL, - 0x005ef08bcee46c91ULL, 0x00e6fde30afb6185ULL, - 0x00f0b4db4f818ce4ULL, 0x006c54f45d2127f5ULL, - 0x00040125035854c7ULL, 0x00372658a3287e13ULL)}, - {FIELD_LITERAL(0x00d7070fb1beb2abULL, 0x0078fc845a93896bULL, - 0x006894a4b2f224a6ULL, 0x005bdd8192b9dbdeULL, - 0x00b38839874b3a9eULL, 0x00f93618b04b7a57ULL, - 0x003e3ec75fd2c67eULL, 0x00bf5e6bfc29494aULL)}, - }}, {{ - {FIELD_LITERAL(0x00f19224ebba2aa5ULL, 0x0074f89d358e694dULL, - 0x00eea486597135adULL, 0x0081579a4555c7e1ULL, - 0x0010b9b872930a9dULL, 0x00f002e87a30ecc0ULL, - 0x009b9d66b6de56e2ULL, 0x00a3c4f45e8004ebULL)}, - {FIELD_LITERAL(0x0045e8dda9400888ULL, 0x002ff12e5fc05db7ULL, - 0x00a7098d54afe69cULL, 0x00cdbe846a500585ULL, - 0x00879c1593ca1882ULL, 0x003f7a7fea76c8b0ULL, - 0x002cd73dd0c8e0a1ULL, 0x00645d6ce96f51feULL)}, - {FIELD_LITERAL(0x002b7e83e123d6d6ULL, 0x00398346f7419c80ULL, - 0x0042922e55940163ULL, 0x005e7fc5601886a3ULL, - 0x00e88f2cee1d3103ULL, 0x00e7fab135f2e377ULL, - 0x00b059984dbf0dedULL, 0x0009ce080faa5bb8ULL)}, - }}, {{ - {FIELD_LITERAL(0x0085e78af7758979ULL, 0x00275a4ee1631a3aULL, - 0x00d26bc0ed78b683ULL, 0x004f8355ea21064fULL, - 0x00d618e1a32696e5ULL, 0x008d8d7b150e5680ULL, - 0x00a74cd854b278d2ULL, 0x001dd62702203ea0ULL)}, - {FIELD_LITERAL(0x00f89335c2a59286ULL, 0x00a0f5c905d55141ULL, - 0x00b41fb836ee9382ULL, 0x00e235d51730ca43ULL, - 0x00a5cb37b5c0a69aULL, 0x009b966ffe136c45ULL, - 0x00cb2ea10bf80ed1ULL, 0x00fb2b370b40dc35ULL)}, - {FIELD_LITERAL(0x00d687d16d4ee8baULL, 0x0071520bdd069dffULL, - 0x00de85c60d32355dULL, 0x0087d2e3565102f4ULL, - 0x00cde391b8dfc9aaULL, 0x00e18d69efdfefe5ULL, - 0x004a9d0591954e91ULL, 0x00fa36dd8b50eee5ULL)}, - }}, {{ - {FIELD_LITERAL(0x002e788749a865f7ULL, 0x006e4dc3116861eaULL, - 0x009f1428c37276e6ULL, 0x00e7d2e0fc1e1226ULL, - 0x003aeebc6b6c45f6ULL, 0x0071a8073bf500c9ULL, - 0x004b22ad986b530cULL, 0x00f439e63c0d79d4ULL)}, - {FIELD_LITERAL(0x006bc3d53011f470ULL, 0x00032d6e692b83e8ULL, - 0x00059722f497cd0bULL, 0x0009b4e6f0c497ccULL, - 0x0058a804b7cce6c0ULL, 0x002b71d3302bbd5dULL, - 0x00e2f82a36765fceULL, 0x008dded99524c703ULL)}, - {FIELD_LITERAL(0x004d058953747d64ULL, 0x00701940fe79aa6fULL, - 0x00a620ac71c760bfULL, 0x009532b611158b75ULL, - 0x00547ed7f466f300ULL, 0x003cb5ab53a8401aULL, - 0x00c7763168ce3120ULL, 0x007e48e33e4b9ab2ULL)}, - }}, {{ - {FIELD_LITERAL(0x001b2fc57bf3c738ULL, 0x006a3f918993fb80ULL, - 0x0026f7a14fdec288ULL, 0x0075a2cdccef08dbULL, - 0x00d3ecbc9eecdbf1ULL, 0x0048c40f06e5bf7fULL, - 0x00d63e423009896bULL, 0x000598bc99c056a8ULL)}, - {FIELD_LITERAL(0x002f194eaafa46dcULL, 0x008e38f57fe87613ULL, - 0x00dc8e5ae25f4ab2ULL, 0x000a17809575e6bdULL, - 0x00d3ec7923ba366aULL, 0x003a7e72e0ad75e3ULL, - 0x0010024b88436e0aULL, 0x00ed3c5444b64051ULL)}, - {FIELD_LITERAL(0x00831fc1340af342ULL, 0x00c9645669466d35ULL, - 0x007692b4cc5a080fULL, 0x009fd4a47ac9259fULL, - 0x001eeddf7d45928bULL, 0x003c0446fc45f28bULL, - 0x002c0713aa3e2507ULL, 0x0095706935f0f41eULL)}, - }}, {{ - {FIELD_LITERAL(0x00766ae4190ec6d8ULL, 0x0065768cabc71380ULL, - 0x00b902598416cdc2ULL, 0x00380021ad38df52ULL, - 0x008f0b89d6551134ULL, 0x004254d4cc62c5a5ULL, - 0x000d79f4484b9b94ULL, 0x00b516732ae3c50eULL)}, - {FIELD_LITERAL(0x001fb73475c45509ULL, 0x00d2b2e5ea43345aULL, - 0x00cb3c3842077bd1ULL, 0x0029f90ad820946eULL, - 0x007c11b2380778aaULL, 0x009e54ece62c1704ULL, - 0x004bc60c41ca01c3ULL, 0x004525679a5a0b03ULL)}, - {FIELD_LITERAL(0x00c64fbddbed87b3ULL, 0x0040601d11731faaULL, - 0x009c22475b6f9d67ULL, 0x0024b79dae875f15ULL, - 0x00616fed3f02c3b0ULL, 0x0000cf39f6af2d3bULL, - 0x00c46bac0aa9a688ULL, 0x00ab23e2800da204ULL)}, - }}, {{ - {FIELD_LITERAL(0x000b3a37617632b0ULL, 0x00597199fe1cfb6cULL, - 0x0042a7ccdfeafdd6ULL, 0x004cc9f15ebcea17ULL, - 0x00f436e596a6b4a4ULL, 0x00168861142df0d8ULL, - 0x000753edfec26af5ULL, 0x000c495d7e388116ULL)}, - {FIELD_LITERAL(0x0017085f4a346148ULL, 0x00c7cf7a37f62272ULL, - 0x001776e129bc5c30ULL, 0x009955134c9eef2aULL, - 0x001ba5bdf1df07beULL, 0x00ec39497103a55cULL, - 0x006578354fda6cfbULL, 0x005f02719d4f15eeULL)}, - {FIELD_LITERAL(0x0052b9d9b5d9655dULL, 0x00d4ec7ba1b461c3ULL, - 0x00f95df4974f280bULL, 0x003d8e5ca11aeb51ULL, - 0x00d4981eb5a70b26ULL, 0x000af9a4f6659f29ULL, - 0x004598c846faeb43ULL, 0x0049d9a183a47670ULL)}, - }}, {{ - {FIELD_LITERAL(0x000a72d23dcb3f1fULL, 0x00a3737f84011727ULL, - 0x00f870c0fbbf4a47ULL, 0x00a7aadd04b5c9caULL, - 0x000c7715c67bd072ULL, 0x00015a136afcd74eULL, - 0x0080d5caea499634ULL, 0x0026b448ec7514b7ULL)}, - {FIELD_LITERAL(0x00b60167d9e7d065ULL, 0x00e60ba0d07381e8ULL, - 0x003a4f17b725c2d4ULL, 0x006c19fe176b64faULL, - 0x003b57b31af86ccbULL, 0x0021047c286180fdULL, - 0x00bdc8fb00c6dbb6ULL, 0x00fe4a9f4bab4f3fULL)}, - {FIELD_LITERAL(0x0088ffc3a16111f7ULL, 0x009155e4245d0bc8ULL, - 0x00851d68220572d5ULL, 0x00557ace1e514d29ULL, - 0x0031d7c339d91022ULL, 0x00101d0ae2eaceeaULL, - 0x00246ab3f837b66aULL, 0x00d5216d381ff530ULL)}, - }}, {{ - {FIELD_LITERAL(0x0057e7ea35f36daeULL, 0x00f47d7ad15de22eULL, - 0x00d757ea4b105115ULL, 0x008311457d579d7eULL, - 0x00b49b75b1edd4ebULL, 0x0081c7ff742fd63aULL, - 0x00ddda3187433df6ULL, 0x00475727d55f9c66ULL)}, - {FIELD_LITERAL(0x00a6295218dc136aULL, 0x00563b3af0e9c012ULL, - 0x00d3753b0145db1bULL, 0x004550389c043dc1ULL, - 0x00ea94ae27401bdfULL, 0x002b0b949f2b7956ULL, - 0x00c63f780ad8e23cULL, 0x00e591c47d6bab15ULL)}, - {FIELD_LITERAL(0x00416c582b058eb6ULL, 0x004107da5b2cc695ULL, - 0x00b3cd2556aeec64ULL, 0x00c0b418267e57a1ULL, - 0x001799293579bd2eULL, 0x0046ed44590e4d07ULL, - 0x001d7459b3630a1eULL, 0x00c6afba8b6696aaULL)}, - }}, {{ - {FIELD_LITERAL(0x008d6009b26da3f8ULL, 0x00898e88ca06b1caULL, - 0x00edb22b2ed7fe62ULL, 0x00fbc93516aabe80ULL, - 0x008b4b470c42ce0dULL, 0x00e0032ba7d0dcbbULL, - 0x00d76da3a956ecc8ULL, 0x007f20fe74e3852aULL)}, - {FIELD_LITERAL(0x002419222c607674ULL, 0x00a7f23af89188b3ULL, - 0x00ad127284e73d1cULL, 0x008bba582fae1c51ULL, - 0x00fc6aa7ca9ecab1ULL, 0x003df5319eb6c2baULL, - 0x002a05af8a8b199aULL, 0x004bf8354558407cULL)}, - {FIELD_LITERAL(0x00ce7d4a30f0fcbfULL, 0x00d02c272629f03dULL, - 0x0048c001f7400bc2ULL, 0x002c21368011958dULL, - 0x0098a550391e96b5ULL, 0x002d80b66390f379ULL, - 0x001fa878760cc785ULL, 0x001adfce54b613d5ULL)}, - }}, {{ - {FIELD_LITERAL(0x001ed4dc71fa2523ULL, 0x005d0bff19bf9b5cULL, - 0x00c3801cee065a64ULL, 0x001ed0b504323fbfULL, - 0x0003ab9fdcbbc593ULL, 0x00df82070178b8d2ULL, - 0x00a2bcaa9c251f85ULL, 0x00c628a3674bd02eULL)}, - {FIELD_LITERAL(0x006b7a0674f9f8deULL, 0x00a742414e5c7cffULL, - 0x0041cbf3c6e13221ULL, 0x00e3a64fd207af24ULL, - 0x0087c05f15fbe8d1ULL, 0x004c50936d9e8a33ULL, - 0x001306ec21042b6dULL, 0x00a4f4137d1141c2ULL)}, - {FIELD_LITERAL(0x0009e6fb921568b0ULL, 0x00b3c60120219118ULL, - 0x002a6c3460dd503aULL, 0x009db1ef11654b54ULL, - 0x0063e4bf0be79601ULL, 0x00670d34bb2592b9ULL, - 0x00dcee2f6c4130ceULL, 0x00b2682e88e77f54ULL)}, - }}, {{ - {FIELD_LITERAL(0x000d5b4b3da135abULL, 0x00838f3e5064d81dULL, - 0x00d44eb50f6d94edULL, 0x0008931ab502ac6dULL, - 0x00debe01ca3d3586ULL, 0x0025c206775f0641ULL, - 0x005ad4b6ae912763ULL, 0x007e2c318ad8f247ULL)}, - {FIELD_LITERAL(0x00ddbe0750dd1addULL, 0x004b3c7b885844b8ULL, - 0x00363e7ecf12f1aeULL, 0x0062e953e6438f9dULL, - 0x0023cc73b076afe9ULL, 0x00b09fa083b4da32ULL, - 0x00c7c3d2456c541dULL, 0x005b591ec6b694d4ULL)}, - {FIELD_LITERAL(0x0028656e19d62fcfULL, 0x0052a4af03df148dULL, - 0x00122765ddd14e42ULL, 0x00f2252904f67157ULL, - 0x004741965b636f3aULL, 0x006441d296132cb9ULL, - 0x005e2106f956a5b7ULL, 0x00247029592d335cULL)}, - }}, {{ - {FIELD_LITERAL(0x003fe038eb92f894ULL, 0x000e6da1b72e8e32ULL, - 0x003a1411bfcbe0faULL, 0x00b55d473164a9e4ULL, - 0x00b9a775ac2df48dULL, 0x0002ddf350659e21ULL, - 0x00a279a69eb19cb3ULL, 0x00f844eab25cba44ULL)}, - {FIELD_LITERAL(0x00c41d1f9c1f1ac1ULL, 0x007b2df4e9f19146ULL, - 0x00b469355fd5ba7aULL, 0x00b5e1965afc852aULL, - 0x00388d5f1e2d8217ULL, 0x0022079e4c09ae93ULL, - 0x0014268acd4ef518ULL, 0x00c1dd8d9640464cULL)}, - {FIELD_LITERAL(0x0038526adeed0c55ULL, 0x00dd68c607e3fe85ULL, - 0x00f746ddd48a5d57ULL, 0x0042f2952b963b7cULL, - 0x001cbbd6876d5ec2ULL, 0x005e341470bca5c2ULL, - 0x00871d41e085f413ULL, 0x00e53ab098f45732ULL)}, - }}, {{ - {FIELD_LITERAL(0x004d51124797c831ULL, 0x008f5ae3750347adULL, - 0x0070ced94c1a0c8eULL, 0x00f6db2043898e64ULL, - 0x000d00c9a5750cd0ULL, 0x000741ec59bad712ULL, - 0x003c9d11aab37b7fULL, 0x00a67ba169807714ULL)}, - {FIELD_LITERAL(0x00adb2c1566e8b8fULL, 0x0096c68a35771a9aULL, - 0x00869933356f334aULL, 0x00ba9c93459f5962ULL, - 0x009ec73fb6e8ca4bULL, 0x003c3802c27202e1ULL, - 0x0031f5b733e0c008ULL, 0x00f9058c19611fa9ULL)}, - {FIELD_LITERAL(0x00238f01814a3421ULL, 0x00c325a44b6cce28ULL, - 0x002136f97aeb0e73ULL, 0x000cac8268a4afe2ULL, - 0x0022fd218da471b3ULL, 0x009dcd8dfff8def9ULL, - 0x00cb9f8181d999bbULL, 0x00143ae56edea349ULL)}, - }}, {{ - {FIELD_LITERAL(0x0000623bf87622c5ULL, 0x00a1966fdd069496ULL, - 0x00c315b7b812f9fcULL, 0x00bdf5efcd128b97ULL, - 0x001d464f532e3e16ULL, 0x003cd94f081bfd7eULL, - 0x00ed9dae12ce4009ULL, 0x002756f5736eee70ULL)}, - {FIELD_LITERAL(0x00a5187e6ee7341bULL, 0x00e6d52e82d83b6eULL, - 0x00df3c41323094a7ULL, 0x00b3324f444e9de9ULL, - 0x00689eb21a35bfe5ULL, 0x00f16363becd548dULL, - 0x00e187cc98e7f60fULL, 0x00127d9062f0ccabULL)}, - {FIELD_LITERAL(0x004ad71b31c29e40ULL, 0x00a5fcace12fae29ULL, - 0x004425b5597280edULL, 0x00e7ef5d716c3346ULL, - 0x0010b53ada410ac8ULL, 0x0092310226060c9bULL, - 0x0091c26128729c7eULL, 0x0088b42900f8ec3bULL)}, - }}, {{ - {FIELD_LITERAL(0x00f1e26e9762d4a8ULL, 0x00d9d74082183414ULL, - 0x00ffec9bd57a0282ULL, 0x000919e128fd497aULL, - 0x00ab7ae7d00fe5f8ULL, 0x0054dc442851ff68ULL, - 0x00c9ebeb3b861687ULL, 0x00507f7cab8b698fULL)}, - {FIELD_LITERAL(0x00c13c5aae3ae341ULL, 0x009c6c9ed98373e7ULL, - 0x00098f26864577a8ULL, 0x0015b886e9488b45ULL, - 0x0037692c42aadba5ULL, 0x00b83170b8e7791cULL, - 0x001670952ece1b44ULL, 0x00fd932a39276da2ULL)}, - {FIELD_LITERAL(0x0081a3259bef3398ULL, 0x005480fff416107bULL, - 0x00ce4f607d21be98ULL, 0x003ffc084b41df9bULL, - 0x0043d0bb100502d1ULL, 0x00ec35f575ba3261ULL, - 0x00ca18f677300ef3ULL, 0x00e8bb0a827d8548ULL)}, - }}, {{ - {FIELD_LITERAL(0x00df76b3328ada72ULL, 0x002e20621604a7c2ULL, - 0x00f910638a105b09ULL, 0x00ef4724d96ef2cdULL, - 0x00377d83d6b8a2f7ULL, 0x00b4f48805ade324ULL, - 0x001cd5da8b152018ULL, 0x0045af671a20ca7fULL)}, - {FIELD_LITERAL(0x009ae3b93a56c404ULL, 0x004a410b7a456699ULL, - 0x00023a619355e6b2ULL, 0x009cdc7297387257ULL, - 0x0055b94d4ae70d04ULL, 0x002cbd607f65b005ULL, - 0x003208b489697166ULL, 0x00ea2aa058867370ULL)}, - {FIELD_LITERAL(0x00f29d2598ee3f32ULL, 0x00b4ac5385d82adcULL, - 0x007633eaf04df19bULL, 0x00aa2d3d77ceab01ULL, - 0x004a2302fcbb778aULL, 0x00927f225d5afa34ULL, - 0x004a8e9d5047f237ULL, 0x008224ae9dbce530ULL)}, - }}, {{ - {FIELD_LITERAL(0x001cf640859b02f8ULL, 0x00758d1d5d5ce427ULL, - 0x00763c784ef4604cULL, 0x005fa81aee205270ULL, - 0x00ac537bfdfc44cbULL, 0x004b919bd342d670ULL, - 0x00238508d9bf4b7aULL, 0x00154888795644f3ULL)}, - {FIELD_LITERAL(0x00c845923c084294ULL, 0x00072419a201bc25ULL, - 0x0045f408b5f8e669ULL, 0x00e9d6a186b74dfeULL, - 0x00e19108c68fa075ULL, 0x0017b91d874177b7ULL, - 0x002f0ca2c7912c5aULL, 0x009400aa385a90a2ULL)}, - {FIELD_LITERAL(0x0071110b01482184ULL, 0x00cfed0044f2bef8ULL, - 0x0034f2901cf4662eULL, 0x003b4ae2a67f9834ULL, - 0x00cca9b96fe94810ULL, 0x00522507ae77abd0ULL, - 0x00bac7422721e73eULL, 0x0066622b0f3a62b0ULL)}, - }}, {{ - {FIELD_LITERAL(0x00f8ac5cf4705b6aULL, 0x00867d82dcb457e3ULL, - 0x007e13ab2ccc2ce9ULL, 0x009ee9a018d3930eULL, - 0x008370f8ecb42df8ULL, 0x002d9f019add263eULL, - 0x003302385b92d196ULL, 0x00a15654536e2c0cULL)}, - {FIELD_LITERAL(0x0026ef1614e160afULL, 0x00c023f9edfc9c76ULL, - 0x00cff090da5f57baULL, 0x0076db7a66643ae9ULL, - 0x0019462f8c646999ULL, 0x008fec00b3854b22ULL, - 0x00d55041692a0a1cULL, 0x0065db894215ca00ULL)}, - {FIELD_LITERAL(0x00a925036e0a451cULL, 0x002a0390c36b6cc1ULL, - 0x00f27020d90894f4ULL, 0x008d90d52cbd3d7fULL, - 0x00e1d0137392f3b8ULL, 0x00f017c158b51a8fULL, - 0x00cac313d3ed7dbcULL, 0x00b99a81e3eb42d3ULL)}, - }}, {{ - {FIELD_LITERAL(0x00b54850275fe626ULL, 0x0053a3fd1ec71140ULL, - 0x00e3d2d7dbe096faULL, 0x00e4ac7b595cce4cULL, - 0x0077bad449c0a494ULL, 0x00b7c98814afd5b3ULL, - 0x0057226f58486cf9ULL, 0x00b1557154f0cc57ULL)}, - {FIELD_LITERAL(0x008cc9cd236315c0ULL, 0x0031d9c5b39fda54ULL, - 0x00a5713ef37e1171ULL, 0x00293d5ae2886325ULL, - 0x00c4aba3e05015e1ULL, 0x0003f35ef78e4fc6ULL, - 0x0039d6bd3ac1527bULL, 0x0019d7c3afb77106ULL)}, - {FIELD_LITERAL(0x007b162931a985afULL, 0x00ad40a2e0daa713ULL, - 0x006df27c4009f118ULL, 0x00503e9f4e2e8becULL, - 0x00751a77c82c182dULL, 0x000298937769245bULL, - 0x00ffb1e8fabf9ee5ULL, 0x0008334706e09abeULL)}, - }}, {{ - {FIELD_LITERAL(0x00dbca4e98a7dcd9ULL, 0x00ee29cfc78bde99ULL, - 0x00e4a3b6995f52e9ULL, 0x0045d70189ae8096ULL, - 0x00fd2a8a3b9b0d1bULL, 0x00af1793b107d8e1ULL, - 0x00dbf92cbe4afa20ULL, 0x00da60f798e3681dULL)}, - {FIELD_LITERAL(0x004246bfcecc627aULL, 0x004ba431246c03a4ULL, - 0x00bd1d101872d497ULL, 0x003b73d3f185ee16ULL, - 0x001feb2e2678c0e3ULL, 0x00ff13c5a89dec76ULL, - 0x00ed06042e771d8fULL, 0x00a4fd2a897a83ddULL)}, - {FIELD_LITERAL(0x009a4a3be50d6597ULL, 0x00de3165fc5a1096ULL, - 0x004f3f56e345b0c7ULL, 0x00f7bf721d5ab8bcULL, - 0x004313e47b098c50ULL, 0x00e4c7d5c0e1adbbULL, - 0x002e3e3db365051eULL, 0x00a480c2cd6a96fbULL)}, - }}, {{ - {FIELD_LITERAL(0x00417fa30a7119edULL, 0x00af257758419751ULL, - 0x00d358a487b463d4ULL, 0x0089703cc720b00dULL, - 0x00ce56314ff7f271ULL, 0x0064db171ade62c1ULL, - 0x00640b36d4a22fedULL, 0x00424eb88696d23fULL)}, - {FIELD_LITERAL(0x004ede34af2813f3ULL, 0x00d4a8e11c9e8216ULL, - 0x004796d5041de8a5ULL, 0x00c4c6b4d21cc987ULL, - 0x00e8a433ee07fa1eULL, 0x0055720b5abcc5a1ULL, - 0x008873ea9c74b080ULL, 0x005b3fec1ab65d48ULL)}, - {FIELD_LITERAL(0x0047e5277db70ec5ULL, 0x000a096c66db7d6bULL, - 0x00b4164cc1730159ULL, 0x004a9f783fe720feULL, - 0x00a8177b94449dbcULL, 0x0095a24ff49a599fULL, - 0x0069c1c578250cbcULL, 0x00452019213debf4ULL)}, - }}, {{ - {FIELD_LITERAL(0x0021ce99e09ebda3ULL, 0x00fcbd9f91875ad0ULL, - 0x009bbf6b7b7a0b5fULL, 0x00388886a69b1940ULL, - 0x00926a56d0f81f12ULL, 0x00e12903c3358d46ULL, - 0x005dfce4e8e1ce9dULL, 0x0044cfa94e2f7e23ULL)}, - {FIELD_LITERAL(0x001bd59c09e982eaULL, 0x00f72daeb937b289ULL, - 0x0018b76dca908e0eULL, 0x00edb498512384adULL, - 0x00ce0243b6cc9538ULL, 0x00f96ff690cb4e70ULL, - 0x007c77bf9f673c8dULL, 0x005bf704c088a528ULL)}, - {FIELD_LITERAL(0x0093d4628dcb33beULL, 0x0095263d51d42582ULL, - 0x0049b3222458fe06ULL, 0x00e7fce73b653a7fULL, - 0x003ca2ebce60b369ULL, 0x00c5de239a32bea4ULL, - 0x0063b8b3d71fb6bfULL, 0x0039aeeb78a1a839ULL)}, - }}, {{ - {FIELD_LITERAL(0x007dc52da400336cULL, 0x001fded1e15b9457ULL, - 0x00902e00f5568e3aULL, 0x00219bef40456d2dULL, - 0x005684161fb3dbc9ULL, 0x004a4e9be49a76eaULL, - 0x006e685ae88b78ffULL, 0x0021c42f13042d3cULL)}, - {FIELD_LITERAL(0x00fb22bb5fd3ce50ULL, 0x0017b48aada7ae54ULL, - 0x00fd5c44ad19a536ULL, 0x000ccc4e4e55e45cULL, - 0x00fd637d45b4c3f5ULL, 0x0038914e023c37cfULL, - 0x00ac1881d6a8d898ULL, 0x00611ed8d3d943a8ULL)}, - {FIELD_LITERAL(0x0056e2259d113d2bULL, 0x00594819b284ec16ULL, - 0x00c7bf794bb36696ULL, 0x00721ee75097cdc6ULL, - 0x00f71be9047a2892ULL, 0x00df6ba142564edfULL, - 0x0069580b7a184e8dULL, 0x00f056e38fca0feeULL)}, - }}, {{ - {FIELD_LITERAL(0x009df98566a18c6dULL, 0x00cf3a200968f219ULL, - 0x0044ba60da6d9086ULL, 0x00dbc9c0e344da03ULL, - 0x000f9401c4466855ULL, 0x00d46a57c5b0a8d1ULL, - 0x00875a635d7ac7c6ULL, 0x00ef4a933b7e0ae6ULL)}, - {FIELD_LITERAL(0x005e8694077a1535ULL, 0x008bef75f71c8f1dULL, - 0x000a7c1316423511ULL, 0x00906e1d70604320ULL, - 0x003fc46c1a2ffbd6ULL, 0x00d1d5022e68f360ULL, - 0x002515fba37bbf46ULL, 0x00ca16234e023b44ULL)}, - {FIELD_LITERAL(0x00787c99561f4690ULL, 0x00a857a8c1561f27ULL, - 0x00a10df9223c09feULL, 0x00b98a9562e3b154ULL, - 0x004330b8744c3ed2ULL, 0x00e06812807ec5c4ULL, - 0x00e4cf6a7db9f1e3ULL, 0x00d95b089f132a34ULL)}, - }}, {{ - {FIELD_LITERAL(0x002922b39ca33eecULL, 0x0090d12a5f3ab194ULL, - 0x00ab60c02fb5f8edULL, 0x00188d292abba1cfULL, - 0x00e10edec9698f6eULL, 0x0069a4d9934133c8ULL, - 0x0024aac40e6d3d06ULL, 0x001702c2177661b0ULL)}, - {FIELD_LITERAL(0x00139078397030bdULL, 0x000e3c447e859a00ULL, - 0x0064a5b334c82393ULL, 0x00b8aabeb7358093ULL, - 0x00020778bb9ae73bULL, 0x0032ee94c7892a18ULL, - 0x008215253cb41bdaULL, 0x005e2797593517aeULL)}, - {FIELD_LITERAL(0x0083765a5f855d4aULL, 0x0051b6d1351b8ee2ULL, - 0x00116de548b0f7bbULL, 0x0087bd88703affa0ULL, - 0x0095b2cc34d7fdd2ULL, 0x0084cd81b53f0bc8ULL, - 0x008562fc995350edULL, 0x00a39abb193651e3ULL)}, - }}, {{ - {FIELD_LITERAL(0x0019e23f0474b114ULL, 0x00eb94c2ad3b437eULL, - 0x006ddb34683b75acULL, 0x00391f9209b564c6ULL, - 0x00083b3bb3bff7aaULL, 0x00eedcd0f6dceefcULL, - 0x00b50817f794fe01ULL, 0x0036474deaaa75c9ULL)}, - {FIELD_LITERAL(0x0091868594265aa2ULL, 0x00797accae98ca6dULL, - 0x0008d8c5f0f8a184ULL, 0x00d1f4f1c2b2fe6eULL, - 0x0036783dfb48a006ULL, 0x008c165120503527ULL, - 0x0025fd780058ce9bULL, 0x0068beb007be7d27ULL)}, - {FIELD_LITERAL(0x00d0ff88aa7c90c2ULL, 0x00b2c60dacf53394ULL, - 0x0094a7284d9666d6ULL, 0x00bed9022ce7a19dULL, - 0x00c51553f0cd7682ULL, 0x00c3fb870b124992ULL, - 0x008d0bc539956c9bULL, 0x00fc8cf258bb8885ULL)}, - }}, {{ - {FIELD_LITERAL(0x003667bf998406f8ULL, 0x0000115c43a12975ULL, - 0x001e662f3b20e8fdULL, 0x0019ffa534cb24ebULL, - 0x00016be0dc8efb45ULL, 0x00ff76a8b26243f5ULL, - 0x00ae20d241a541e3ULL, 0x0069bd6af13cd430ULL)}, - {FIELD_LITERAL(0x0045fdc16487cda3ULL, 0x00b2d8e844cf2ed7ULL, - 0x00612c50e88c1607ULL, 0x00a08aabc66c1672ULL, - 0x006031fdcbb24d97ULL, 0x001b639525744b93ULL, - 0x004409d62639ab17ULL, 0x00a1853d0347ab1dULL)}, - {FIELD_LITERAL(0x0075a1a56ebf5c21ULL, 0x00a3e72be9ac53edULL, - 0x00efcde1629170c2ULL, 0x0004225fe91ef535ULL, - 0x0088049fc73dfda7ULL, 0x004abc74857e1288ULL, - 0x0024e2434657317cULL, 0x00d98cb3d3e5543cULL)}, - }}, {{ - {FIELD_LITERAL(0x00b4b53eab6bdb19ULL, 0x009b22d8b43711d0ULL, - 0x00d948b9d961785dULL, 0x00cb167b6f279eadULL, - 0x00191de3a678e1c9ULL, 0x00d9dd9511095c2eULL, - 0x00f284324cd43067ULL, 0x00ed74fa535151ddULL)}, - {FIELD_LITERAL(0x007e32c049b5c477ULL, 0x009d2bfdbd9bcfd8ULL, - 0x00636e93045938c6ULL, 0x007fde4af7687298ULL, - 0x0046a5184fafa5d3ULL, 0x0079b1e7f13a359bULL, - 0x00875adf1fb927d6ULL, 0x00333e21c61bcad2ULL)}, - {FIELD_LITERAL(0x00048014f73d8b8dULL, 0x0075684aa0966388ULL, - 0x0092be7df06dc47cULL, 0x0097cebcd0f5568aULL, - 0x005a7004d9c4c6a9ULL, 0x00b0ecbb659924c7ULL, - 0x00d90332dd492a7cULL, 0x0057fc14df11493dULL)}, - }}, {{ - {FIELD_LITERAL(0x0008ed8ea0ad95beULL, 0x0041d324b9709645ULL, - 0x00e25412257a19b4ULL, 0x0058df9f3423d8d2ULL, - 0x00a9ab20def71304ULL, 0x009ae0dbf8ac4a81ULL, - 0x00c9565977e4392aULL, 0x003c9269444baf55ULL)}, - {FIELD_LITERAL(0x007df6cbb926830bULL, 0x00d336058ae37865ULL, - 0x007af47dac696423ULL, 0x0048d3011ec64ac8ULL, - 0x006b87666e40049fULL, 0x0036a2e0e51303d7ULL, - 0x00ba319bd79dbc55ULL, 0x003e2737ecc94f53ULL)}, - {FIELD_LITERAL(0x00d296ff726272d9ULL, 0x00f6d097928fcf57ULL, - 0x00e0e616a55d7013ULL, 0x00deaf454ed9eac7ULL, - 0x0073a56bedef4d92ULL, 0x006ccfdf6fc92e19ULL, - 0x009d1ee1371a7218ULL, 0x00ee3c2ee4462d80ULL)}, - }}, {{ - {FIELD_LITERAL(0x00437bce9bccdf9dULL, 0x00e0c8e2f85dc0a3ULL, - 0x00c91a7073995a19ULL, 0x00856ec9fe294559ULL, - 0x009e4b33394b156eULL, 0x00e245b0dc497e5cULL, - 0x006a54e687eeaeffULL, 0x00f1cd1cd00fdb7cULL)}, - {FIELD_LITERAL(0x008132ae5c5d8cd1ULL, 0x00121d68324a1d9fULL, - 0x00d6be9dafcb8c76ULL, 0x00684d9070edf745ULL, - 0x00519fbc96d7448eULL, 0x00388182fdc1f27eULL, - 0x000235baed41f158ULL, 0x00bf6cf6f1a1796aULL)}, - {FIELD_LITERAL(0x002adc4b4d148219ULL, 0x003084ada0d3a90aULL, - 0x0046de8aab0f2e4eULL, 0x00452d342a67b5fdULL, - 0x00d4b50f01d4de21ULL, 0x00db6d9fc0cefb79ULL, - 0x008c184c86a462cdULL, 0x00e17c83764d42daULL)}, - }}, {{ - {FIELD_LITERAL(0x007b2743b9a1e01aULL, 0x007847ffd42688c4ULL, - 0x006c7844d610a316ULL, 0x00f0cb8b250aa4b0ULL, - 0x00a19060143b3ae6ULL, 0x0014eb10b77cfd80ULL, - 0x000170905729dd06ULL, 0x00063b5b9cd72477ULL)}, - {FIELD_LITERAL(0x00ce382dc7993d92ULL, 0x00021153e938b4c8ULL, - 0x00096f7567f48f51ULL, 0x0058f81ddfe4b0d5ULL, - 0x00cc379a56b355c7ULL, 0x002c760770d3e819ULL, - 0x00ee22d1d26e5a40ULL, 0x00de6d93d5b082d7ULL)}, - {FIELD_LITERAL(0x000a91a42c52e056ULL, 0x00185f6b77fce7eaULL, - 0x000803c51962f6b5ULL, 0x0022528582ba563dULL, - 0x0043f8040e9856d6ULL, 0x0085a29ec81fb860ULL, - 0x005f9a611549f5ffULL, 0x00c1f974ecbd4b06ULL)}, - }}, {{ - {FIELD_LITERAL(0x005b64c6fd65ec97ULL, 0x00c1fdd7f877bc7fULL, - 0x000d9cc6c89f841cULL, 0x005c97b7f1aff9adULL, - 0x0075e3c61475d47eULL, 0x001ecb1ba8153011ULL, - 0x00fe7f1c8d71d40dULL, 0x003fa9757a229832ULL)}, - {FIELD_LITERAL(0x00ffc5c89d2b0cbaULL, 0x00d363d42e3e6fc3ULL, - 0x0019a1a0118e2e8aULL, 0x00f7baeff48882e1ULL, - 0x001bd5af28c6b514ULL, 0x0055476ca2253cb2ULL, - 0x00d8eb1977e2ddf3ULL, 0x00b173b1adb228a1ULL)}, - {FIELD_LITERAL(0x00f2cb99dd0ad707ULL, 0x00e1e08b6859ddd8ULL, - 0x000008f2d0650bccULL, 0x00d7ed392f8615c3ULL, - 0x00976750a94da27fULL, 0x003e83bb0ecb69baULL, - 0x00df8e8d15c14ac6ULL, 0x00f9f7174295d9c2ULL)}, - }}, {{ - {FIELD_LITERAL(0x00f11cc8e0e70bcbULL, 0x00e5dc689974e7ddULL, - 0x0014e409f9ee5870ULL, 0x00826e6689acbd63ULL, - 0x008a6f4e3d895d88ULL, 0x00b26a8da41fd4adULL, - 0x000fb7723f83efd7ULL, 0x009c749db0a5f6c3ULL)}, - {FIELD_LITERAL(0x002389319450f9baULL, 0x003677f31aa1250aULL, - 0x0092c3db642f38cbULL, 0x00f8b64c0dfc9773ULL, - 0x00cd49fe3505b795ULL, 0x0068105a4090a510ULL, - 0x00df0ba2072a8bb6ULL, 0x00eb396143afd8beULL)}, - {FIELD_LITERAL(0x00a0d4ecfb24cdffULL, 0x00ddaf8008ba6479ULL, - 0x00f0b3e36d4b0f44ULL, 0x003734bd3af1f146ULL, - 0x00b87e2efc75527eULL, 0x00d230df55ddab50ULL, - 0x002613257ae56c1dULL, 0x00bc0946d135934dULL)}, - }}, {{ - {FIELD_LITERAL(0x00468711bd994651ULL, 0x0033108fa67561bfULL, - 0x0089d760192a54b4ULL, 0x00adc433de9f1871ULL, - 0x000467d05f36e050ULL, 0x007847e0f0579f7fULL, - 0x00a2314ad320052dULL, 0x00b3a93649f0b243ULL)}, - {FIELD_LITERAL(0x0067f8f0c4fe26c9ULL, 0x0079c4a3cc8f67b9ULL, - 0x0082b1e62f23550dULL, 0x00f2d409caefd7f5ULL, - 0x0080e67dcdb26e81ULL, 0x0087ae993ea1f98aULL, - 0x00aa108becf61d03ULL, 0x001acf11efb608a3ULL)}, - {FIELD_LITERAL(0x008225febbab50d9ULL, 0x00f3b605e4dd2083ULL, - 0x00a32b28189e23d2ULL, 0x00d507e5e5eb4c97ULL, - 0x005a1a84e302821fULL, 0x0006f54c1c5f08c7ULL, - 0x00a347c8cb2843f0ULL, 0x0009f73e9544bfa5ULL)}, - }}, {{ - {FIELD_LITERAL(0x006c59c9ae744185ULL, 0x009fc32f1b4282cdULL, - 0x004d6348ca59b1acULL, 0x00105376881be067ULL, - 0x00af4096013147dcULL, 0x004abfb5a5cb3124ULL, - 0x000d2a7f8626c354ULL, 0x009c6ed568e07431ULL)}, - {FIELD_LITERAL(0x00e828333c297f8bULL, 0x009ef3cf8c3f7e1fULL, - 0x00ab45f8fff31cb9ULL, 0x00c8b4178cb0b013ULL, - 0x00d0c50dd3260a3fULL, 0x0097126ac257f5bcULL, - 0x0042376cc90c705aULL, 0x001d96fdb4a1071eULL)}, - {FIELD_LITERAL(0x00542d44d89ee1a8ULL, 0x00306642e0442d98ULL, - 0x0090853872b87338ULL, 0x002362cbf22dc044ULL, - 0x002c222adff663b8ULL, 0x0067c924495fcb79ULL, - 0x000e621d983c977cULL, 0x00df77a9eccb66fbULL)}, - }}, {{ - {FIELD_LITERAL(0x002809e4bbf1814aULL, 0x00b9e854f9fafb32ULL, - 0x00d35e67c10f7a67ULL, 0x008f1bcb76e748cfULL, - 0x004224d9515687d2ULL, 0x005ba0b774e620c4ULL, - 0x00b5e57db5d54119ULL, 0x00e15babe5683282ULL)}, - {FIELD_LITERAL(0x00832d02369b482cULL, 0x00cba52ff0d93450ULL, - 0x003fa9c908d554dbULL, 0x008d1e357b54122fULL, - 0x00abd91c2dc950c6ULL, 0x007eff1df4c0ec69ULL, - 0x003f6aeb13fb2d31ULL, 0x00002d6179fc5b2cULL)}, - {FIELD_LITERAL(0x0046c9eda81c9c89ULL, 0x00b60cb71c8f62fcULL, - 0x0022f5a683baa558ULL, 0x00f87319fccdf997ULL, - 0x009ca09b51ce6a22ULL, 0x005b12baf4af7d77ULL, - 0x008a46524a1e33e2ULL, 0x00035a77e988be0dULL)}, - }}, {{ - {FIELD_LITERAL(0x00a7efe46a7dbe2fULL, 0x002f66fd55014fe7ULL, - 0x006a428afa1ff026ULL, 0x0056caaa9604ab72ULL, - 0x0033f3bcd7fac8aeULL, 0x00ccb1aa01c86764ULL, - 0x00158d1edf13bf40ULL, 0x009848ee76fcf3b4ULL)}, - {FIELD_LITERAL(0x00a9e7730a819691ULL, 0x00d9cc73c4992b70ULL, - 0x00e299bde067de5aULL, 0x008c314eb705192aULL, - 0x00e7226f17e8a3ccULL, 0x0029dfd956e65a47ULL, - 0x0053a8e839073b12ULL, 0x006f942b2ab1597eULL)}, - {FIELD_LITERAL(0x001c3d780ecd5e39ULL, 0x0094f247fbdcc5feULL, - 0x00d5c786fd527764ULL, 0x00b6f4da74f0db2aULL, - 0x0080f1f8badcd5fcULL, 0x00f36a373ad2e23bULL, - 0x00f804f9f4343bf2ULL, 0x00d1af40ec623982ULL)}, - }}, {{ - {FIELD_LITERAL(0x0082aeace5f1b144ULL, 0x00f68b3108cf4dd3ULL, - 0x00634af01dde3020ULL, 0x000beab5df5c2355ULL, - 0x00e8b790d1b49b0bULL, 0x00e48d15854e36f4ULL, - 0x0040ab2d95f3db9fULL, 0x002711c4ed9e899aULL)}, - {FIELD_LITERAL(0x0039343746531ebeULL, 0x00c8509d835d429dULL, - 0x00e79eceff6b0018ULL, 0x004abfd31e8efce5ULL, - 0x007bbfaaa1e20210ULL, 0x00e3be89c193e179ULL, - 0x001c420f4c31d585ULL, 0x00f414a315bef5aeULL)}, - {FIELD_LITERAL(0x007c296a24990df8ULL, 0x00d5d07525a75588ULL, - 0x00dd8e113e94b7e7ULL, 0x007bbc58febe0cc8ULL, - 0x0029f51af9bfcad3ULL, 0x007e9311ec7ab6f3ULL, - 0x009a884de1676343ULL, 0x0050d5f2dce84be9ULL)}, - }}, {{ - {FIELD_LITERAL(0x005fa020cca2450aULL, 0x00491c29db6416d8ULL, - 0x0037cefe3f9f9a85ULL, 0x003d405230647066ULL, - 0x0049e835f0fdbe89ULL, 0x00feb78ac1a0815cULL, - 0x00828e4b32dc9724ULL, 0x00db84f2dc8d6fd4ULL)}, - {FIELD_LITERAL(0x0098cddc8b39549aULL, 0x006da37e3b05d22cULL, - 0x00ce633cfd4eb3cbULL, 0x00fda288ef526acdULL, - 0x0025338878c5d30aULL, 0x00f34438c4e5a1b4ULL, - 0x00584efea7c310f1ULL, 0x0041a551f1b660adULL)}, - {FIELD_LITERAL(0x00d7f7a8fbd6437aULL, 0x0062872413bf3753ULL, - 0x00ad4bbcb43c584bULL, 0x007fe49be601d7e3ULL, - 0x0077c659789babf4ULL, 0x00eb45fcb06a741bULL, - 0x005ce244913f9708ULL, 0x0088426401736326ULL)}, - }}, {{ - {FIELD_LITERAL(0x007bf562ca768d7cULL, 0x006c1f3a174e387cULL, - 0x00f024b447fee939ULL, 0x007e7af75f01143fULL, - 0x003adb70b4eed89dULL, 0x00e43544021ad79aULL, - 0x0091f7f7042011f6ULL, 0x0093c1a1ee3a0ddcULL)}, - {FIELD_LITERAL(0x00a0b68ec1eb72d2ULL, 0x002c03235c0d45a0ULL, - 0x00553627323fe8c5ULL, 0x006186e94b17af94ULL, - 0x00a9906196e29f14ULL, 0x0025b3aee6567733ULL, - 0x007e0dd840080517ULL, 0x0018eb5801a4ba93ULL)}, - {FIELD_LITERAL(0x00d7fe7017bf6a40ULL, 0x006e3f0624be0c42ULL, - 0x00ffbba205358245ULL, 0x00f9fc2cf8194239ULL, - 0x008d93b37bf15b4eULL, 0x006ddf2e38be8e95ULL, - 0x002b6e79bf5fcff9ULL, 0x00ab355da425e2deULL)}, - }}, {{ - {FIELD_LITERAL(0x00938f97e20be973ULL, 0x0099141a36aaf306ULL, - 0x0057b0ca29e545a1ULL, 0x0085db571f9fbc13ULL, - 0x008b333c554b4693ULL, 0x0043ab6ef3e241cbULL, - 0x0054fb20aa1e5c70ULL, 0x00be0ff852760adfULL)}, - {FIELD_LITERAL(0x003973d8938971d6ULL, 0x002aca26fa80c1f5ULL, - 0x00108af1faa6b513ULL, 0x00daae275d7924e6ULL, - 0x0053634ced721308ULL, 0x00d2355fe0bbd443ULL, - 0x00357612b2d22095ULL, 0x00f9bb9dd4136cf3ULL)}, - {FIELD_LITERAL(0x002bff12cf5e03a5ULL, 0x001bdb1fa8a19cf8ULL, - 0x00c91c6793f84d39ULL, 0x00f869f1b2eba9afULL, - 0x0059bc547dc3236bULL, 0x00d91611d6d38689ULL, - 0x00e062daaa2c0214ULL, 0x00ed3c047cc2bc82ULL)}, - }}, {{ - {FIELD_LITERAL(0x000050d70c32b31aULL, 0x001939d576d437b3ULL, - 0x00d709e598bf9fe6ULL, 0x00a885b34bd2ee9eULL, - 0x00dd4b5c08ab1a50ULL, 0x0091bebd50b55639ULL, - 0x00cf79ff64acdbc6ULL, 0x006067a39d826336ULL)}, - {FIELD_LITERAL(0x0062dd0fb31be374ULL, 0x00fcc96b84c8e727ULL, - 0x003f64f1375e6ae3ULL, 0x0057d9b6dd1af004ULL, - 0x00d6a167b1103c7bULL, 0x00dd28f3180fb537ULL, - 0x004ff27ad7167128ULL, 0x008934c33461f2acULL)}, - {FIELD_LITERAL(0x0065b472b7900043ULL, 0x00ba7efd2ff1064bULL, - 0x000b67d6c4c3020fULL, 0x0012d28469f4e46dULL, - 0x0031c32939703ec7ULL, 0x00b49f0bce133066ULL, - 0x00f7e10416181d47ULL, 0x005c90f51867eeccULL)}, - }}, {{ - {FIELD_LITERAL(0x0051207abd179101ULL, 0x00fc2a5c20d9c5daULL, - 0x00fb9d5f2701b6dfULL, 0x002dd040fdea82b8ULL, - 0x00f163b0738442ffULL, 0x00d9736bd68855b8ULL, - 0x00e0d8e93005e61cULL, 0x00df5a40b3988570ULL)}, - {FIELD_LITERAL(0x0006918f5dfce6dcULL, 0x00d4bf1c793c57fbULL, - 0x0069a3f649435364ULL, 0x00e89a50e5b0cd6eULL, - 0x00b9f6a237e973afULL, 0x006d4ed8b104e41dULL, - 0x00498946a3924cd2ULL, 0x00c136ec5ac9d4f7ULL)}, - {FIELD_LITERAL(0x0011a9c290ac5336ULL, 0x002b9a2d4a6a6533ULL, - 0x009a8a68c445d937ULL, 0x00361b27b07e5e5cULL, - 0x003c043b1755b974ULL, 0x00b7eb66cf1155eeULL, - 0x0077af5909eefff2ULL, 0x0098f609877cc806ULL)}, - }}, {{ - {FIELD_LITERAL(0x00ab13af436bf8f4ULL, 0x000bcf0a0dac8574ULL, - 0x00d50c864f705045ULL, 0x00c40e611debc842ULL, - 0x0085010489bd5caaULL, 0x007c5050acec026fULL, - 0x00f67d943c8da6d1ULL, 0x00de1da0278074c6ULL)}, - {FIELD_LITERAL(0x00b373076597455fULL, 0x00e83f1af53ac0f5ULL, - 0x0041f63c01dc6840ULL, 0x0097dea19b0c6f4bULL, - 0x007f9d63b4c1572cULL, 0x00e692d492d0f5f0ULL, - 0x00cbcb392e83b4adULL, 0x0069c0f39ed9b1a8ULL)}, - {FIELD_LITERAL(0x00861030012707c9ULL, 0x009fbbdc7fd4aafbULL, - 0x008f591d6b554822ULL, 0x00df08a41ea18adeULL, - 0x009d7d83e642abeaULL, 0x0098c71bda3b78ffULL, - 0x0022c89e7021f005ULL, 0x0044d29a3fe1e3c4ULL)}, - }}, {{ - {FIELD_LITERAL(0x00e748cd7b5c52f2ULL, 0x00ea9df883f89cc3ULL, - 0x0018970df156b6c7ULL, 0x00c5a46c2a33a847ULL, - 0x00cbde395e32aa09ULL, 0x0072474ebb423140ULL, - 0x00fb00053086a23dULL, 0x001dafcfe22d4e1fULL)}, - {FIELD_LITERAL(0x00c903ee6d825540ULL, 0x00add6c4cf98473eULL, - 0x007636efed4227f1ULL, 0x00905124ae55e772ULL, - 0x00e6b38fab12ed53ULL, 0x0045e132b863fe55ULL, - 0x003974662edb366aULL, 0x00b1787052be8208ULL)}, - {FIELD_LITERAL(0x00a614b00d775c7cULL, 0x00d7c78941cc7754ULL, - 0x00422dd68b5dabc4ULL, 0x00a6110f0167d28bULL, - 0x00685a309c252886ULL, 0x00b439ffd5143660ULL, - 0x003656e29ee7396fULL, 0x00c7c9b9ed5ad854ULL)}, - }}, {{ - {FIELD_LITERAL(0x0040f7e7c5b37bf2ULL, 0x0064e4dc81181bbaULL, - 0x00a8767ae2a366b6ULL, 0x001496b4f90546f2ULL, - 0x002a28493f860441ULL, 0x0021f59513049a3aULL, - 0x00852d369a8b7ee3ULL, 0x00dd2e7d8b7d30a9ULL)}, - {FIELD_LITERAL(0x00006e34a35d9fbcULL, 0x00eee4e48b2f019aULL, - 0x006b344743003a5fULL, 0x00541d514f04a7e3ULL, - 0x00e81f9ee7647455ULL, 0x005e2b916c438f81ULL, - 0x00116f8137b7eff0ULL, 0x009bd3decc7039d1ULL)}, - {FIELD_LITERAL(0x0005d226f434110dULL, 0x00af8288b8ef21d5ULL, - 0x004a7a52ef181c8cULL, 0x00be0b781b4b06deULL, - 0x00e6e3627ded07e1ULL, 0x00e43aa342272b8bULL, - 0x00e86ab424577d84ULL, 0x00fb292c566e35bbULL)}, - }}, {{ - {FIELD_LITERAL(0x00334f5303ea1222ULL, 0x00dfb3dbeb0a5d3eULL, - 0x002940d9592335c1ULL, 0x00706a7a63e8938aULL, - 0x005a533558bc4cafULL, 0x00558e33192022a9ULL, - 0x00970d9faf74c133ULL, 0x002979fcb63493caULL)}, - {FIELD_LITERAL(0x00e38abece3c82abULL, 0x005a51f18a2c7a86ULL, - 0x009dafa2e86d592eULL, 0x00495a62eb688678ULL, - 0x00b79df74c0eb212ULL, 0x0023e8cc78b75982ULL, - 0x005998cb91075e13ULL, 0x00735aa9ba61bc76ULL)}, - {FIELD_LITERAL(0x00d9f7a82ddbe628ULL, 0x00a1fc782889ae0fULL, - 0x0071ffda12d14b66ULL, 0x0037cf4eca7fb3d5ULL, - 0x00c80bc242c58808ULL, 0x0075bf8c2d08c863ULL, - 0x008d41f31afc52a7ULL, 0x00197962ecf38741ULL)}, - }}, {{ - {FIELD_LITERAL(0x006e9f475cccf2eeULL, 0x00454b9cd506430cULL, - 0x00224a4fb79ee479ULL, 0x0062e3347ef0b5e2ULL, - 0x0034fd2a3512232aULL, 0x00b8b3cb0f457046ULL, - 0x00eb20165daa38ecULL, 0x00128eebc2d9c0f7ULL)}, - {FIELD_LITERAL(0x00bfc5fa1e4ea21fULL, 0x00c21d7b6bb892e6ULL, - 0x00cf043f3acf0291ULL, 0x00c13f2f849b3c90ULL, - 0x00d1a97ebef10891ULL, 0x0061e130a445e7feULL, - 0x0019513fdedbf22bULL, 0x001d60c813bff841ULL)}, - {FIELD_LITERAL(0x0019561c7fcf0213ULL, 0x00e3dca6843ebd77ULL, - 0x0068ea95b9ca920eULL, 0x009bdfb70f253595ULL, - 0x00c68f59186aa02aULL, 0x005aee1cca1c3039ULL, - 0x00ab79a8a937a1ceULL, 0x00b9a0e549959e6fULL)}, - }}, {{ - {FIELD_LITERAL(0x00c79e0b6d97dfbdULL, 0x00917c71fd2bc6e8ULL, - 0x00db7529ccfb63d8ULL, 0x00be5be957f17866ULL, - 0x00a9e11fdc2cdac1ULL, 0x007b91a8e1f44443ULL, - 0x00a3065e4057d80fULL, 0x004825f5b8d5f6d4ULL)}, - {FIELD_LITERAL(0x003e4964fa8a8fc8ULL, 0x00f6a1cdbcf41689ULL, - 0x00943cb18fe7fda7ULL, 0x00606dafbf34440aULL, - 0x005d37a86399c789ULL, 0x00e79a2a69417403ULL, - 0x00fe34f7e68b8866ULL, 0x0011f448ed2df10eULL)}, - {FIELD_LITERAL(0x00f1f57efcc1fcc4ULL, 0x00513679117de154ULL, - 0x002e5b5b7c86d8c3ULL, 0x009f6486561f9cfbULL, - 0x00169e74b0170cf7ULL, 0x00900205af4af696ULL, - 0x006acfddb77853f3ULL, 0x00df184c90f31068ULL)}, - }}, {{ - {FIELD_LITERAL(0x00b37396c3320791ULL, 0x00fc7b67175c5783ULL, - 0x00c36d2cd73ecc38ULL, 0x0080ebcc0b328fc5ULL, - 0x0043a5b22b35d35dULL, 0x00466c9f1713c9daULL, - 0x0026ad346dcaa8daULL, 0x007c684e701183a6ULL)}, - {FIELD_LITERAL(0x00fd579ffb691713ULL, 0x00b76af4f81c412dULL, - 0x00f239de96110f82ULL, 0x00e965fb437f0306ULL, - 0x00ca7e9436900921ULL, 0x00e487f1325fa24aULL, - 0x00633907de476380ULL, 0x00721c62ac5b8ea0ULL)}, - {FIELD_LITERAL(0x00c0d54e542eb4f9ULL, 0x004ed657171c8dcfULL, - 0x00b743a4f7c2a39bULL, 0x00fd9f93ed6cc567ULL, - 0x00307fae3113e58bULL, 0x0058aa577c93c319ULL, - 0x00d254556f35b346ULL, 0x00491aada2203f0dULL)}, - }}, {{ - {FIELD_LITERAL(0x00dff3103786ff34ULL, 0x000144553b1f20c3ULL, - 0x0095613baeb930e4ULL, 0x00098058275ea5d4ULL, - 0x007cd1402b046756ULL, 0x0074d74e4d58aee3ULL, - 0x005f93fc343ff69bULL, 0x00873df17296b3b0ULL)}, - {FIELD_LITERAL(0x00c4a1fb48635413ULL, 0x00b5dd54423ad59fULL, - 0x009ff5d53fd24a88ULL, 0x003c98d267fc06a7ULL, - 0x002db7cb20013641ULL, 0x00bd1d6716e191f2ULL, - 0x006dbc8b29094241ULL, 0x0044bbf233dafa2cULL)}, - {FIELD_LITERAL(0x0055838d41f531e6ULL, 0x00bf6a2dd03c81b2ULL, - 0x005827a061c4839eULL, 0x0000de2cbb36aac3ULL, - 0x002efa29d9717478ULL, 0x00f9e928cc8a77baULL, - 0x00c134b458def9efULL, 0x00958a182223fc48ULL)}, - }}, {{ - {FIELD_LITERAL(0x000a9ee23c06881fULL, 0x002c727d3d871945ULL, - 0x00f47d971512d24aULL, 0x00671e816f9ef31aULL, - 0x00883af2cfaad673ULL, 0x00601f98583d6c9aULL, - 0x00b435f5adc79655ULL, 0x00ad87b71c04bff2ULL)}, - {FIELD_LITERAL(0x007860d99db787cfULL, 0x00fda8983018f4a8ULL, - 0x008c8866bac4743cULL, 0x00ef471f84c82a3fULL, - 0x00abea5976d3b8e7ULL, 0x00714882896cd015ULL, - 0x00b49fae584ddac5ULL, 0x008e33a1a0b69c81ULL)}, - {FIELD_LITERAL(0x007b6ee2c9e8a9ecULL, 0x002455dbbd89d622ULL, - 0x006490cf4eaab038ULL, 0x00d925f6c3081561ULL, - 0x00153b3047de7382ULL, 0x003b421f8bdceb6fULL, - 0x00761a4a5049da78ULL, 0x00980348c5202433ULL)}, - }}, {{ - {FIELD_LITERAL(0x007f8a43da97dd5cULL, 0x00058539c800fc7bULL, - 0x0040f3cf5a28414aULL, 0x00d68dd0d95283d6ULL, - 0x004adce9da90146eULL, 0x00befa41c7d4f908ULL, - 0x007603bc2e3c3060ULL, 0x00bdf360ab3545dbULL)}, - {FIELD_LITERAL(0x00eebfd4e2312cc3ULL, 0x00474b2564e4fc8cULL, - 0x003303ef14b1da9bULL, 0x003c93e0e66beb1dULL, - 0x0013619b0566925aULL, 0x008817c24d901bf3ULL, - 0x00b62bd8898d218bULL, 0x0075a7716f1e88a2ULL)}, - {FIELD_LITERAL(0x0009218da1e6890fULL, 0x0026907f5fd02575ULL, - 0x004dabed5f19d605ULL, 0x003abf181870249dULL, - 0x00b52fd048cc92c4ULL, 0x00b6dd51e415a5c5ULL, - 0x00d9eb82bd2b4014ULL, 0x002c865a43b46b43ULL)}, - }}, {{ - {FIELD_LITERAL(0x0070047189452f4cULL, 0x00f7ad12e1ce78d5ULL, - 0x00af1ba51ec44a8bULL, 0x005f39f63e667cd6ULL, - 0x00058eac4648425eULL, 0x00d7fdab42bea03bULL, - 0x0028576a5688de15ULL, 0x00af973209e77c10ULL)}, - {FIELD_LITERAL(0x00c338b915d8fef0ULL, 0x00a893292045c39aULL, - 0x0028ab4f2eba6887ULL, 0x0060743cb519fd61ULL, - 0x0006213964093ac0ULL, 0x007c0b7a43f6266dULL, - 0x008e3557c4fa5bdaULL, 0x002da976de7b8d9dULL)}, - {FIELD_LITERAL(0x0048729f8a8b6dcdULL, 0x00fe23b85cc4d323ULL, - 0x00e7384d16e4db0eULL, 0x004a423970678942ULL, - 0x00ec0b763345d4baULL, 0x00c477b9f99ed721ULL, - 0x00c29dad3777b230ULL, 0x001c517b466f7df6ULL)}, - }}, {{ - {FIELD_LITERAL(0x006366c380f7b574ULL, 0x001c7d1f09ff0438ULL, - 0x003e20a7301f5b22ULL, 0x00d3efb1916d28f6ULL, - 0x0049f4f81060ce83ULL, 0x00c69d91ea43ced1ULL, - 0x002b6f3e5cd269edULL, 0x005b0fb22ce9ec65ULL)}, - {FIELD_LITERAL(0x00aa2261022d883fULL, 0x00ebcca4548010acULL, - 0x002528512e28a437ULL, 0x0070ca7676b66082ULL, - 0x0084bda170f7c6d3ULL, 0x00581b4747c9b8bbULL, - 0x005c96a01061c7e2ULL, 0x00fb7c4a362b5273ULL)}, - {FIELD_LITERAL(0x00c30020eb512d02ULL, 0x0060f288283a4d26ULL, - 0x00b7ed13becde260ULL, 0x0075ebb74220f6e9ULL, - 0x00701079fcfe8a1fULL, 0x001c28fcdff58938ULL, - 0x002e4544b8f4df6bULL, 0x0060c5bc4f1a7d73ULL)}, - }}, {{ - {FIELD_LITERAL(0x00ae307cf069f701ULL, 0x005859f222dd618bULL, - 0x00212d6c46ec0b0dULL, 0x00a0fe4642afb62dULL, - 0x00420d8e4a0a8903ULL, 0x00a80ff639bdf7b0ULL, - 0x0019bee1490b5d8eULL, 0x007439e4b9c27a86ULL)}, - {FIELD_LITERAL(0x00a94700032a093fULL, 0x0076e96c225216e7ULL, - 0x00a63a4316e45f91ULL, 0x007d8bbb4645d3b2ULL, - 0x00340a6ff22793ebULL, 0x006f935d4572aeb7ULL, - 0x00b1fb69f00afa28ULL, 0x009e8f3423161ed3ULL)}, - {FIELD_LITERAL(0x009ef49c6b5ced17ULL, 0x00a555e6269e9f0aULL, - 0x007e6f1d79ec73b5ULL, 0x009ac78695a32ac4ULL, - 0x0001d77fbbcd5682ULL, 0x008cea1fee0aaeedULL, - 0x00f42bea82a53462ULL, 0x002e46ab96cafcc9ULL)}, - }}, {{ - {FIELD_LITERAL(0x0051cfcc5885377aULL, 0x00dce566cb1803caULL, - 0x00430c7643f2c7d4ULL, 0x00dce1a1337bdcc0ULL, - 0x0010d5bd7283c128ULL, 0x003b1b547f9b46feULL, - 0x000f245e37e770abULL, 0x007b72511f022b37ULL)}, - {FIELD_LITERAL(0x0060db815bc4786cULL, 0x006fab25beedc434ULL, - 0x00c610d06084797cULL, 0x000c48f08537bec0ULL, - 0x0031aba51c5b93daULL, 0x007968fa6e01f347ULL, - 0x0030070da52840c6ULL, 0x00c043c225a4837fULL)}, - {FIELD_LITERAL(0x001bcfd00649ee93ULL, 0x006dceb47e2a0fd5ULL, - 0x00f2cebda0cf8fd0ULL, 0x00b6b9d9d1fbdec3ULL, - 0x00815262e6490611ULL, 0x00ef7f5ce3176760ULL, - 0x00e49cd0c998d58bULL, 0x005fc6cc269ba57cULL)}, - }}, {{ - {FIELD_LITERAL(0x008940211aa0d633ULL, 0x00addae28136571dULL, - 0x00d68fdbba20d673ULL, 0x003bc6129bc9e21aULL, - 0x000346cf184ebe9aULL, 0x0068774d741ebc7fULL, - 0x0019d5e9e6966557ULL, 0x0003cbd7f981b651ULL)}, - {FIELD_LITERAL(0x004a2902926f8d3fULL, 0x00ad79b42637ab75ULL, - 0x0088f60b90f2d4e8ULL, 0x0030f54ef0e398c4ULL, - 0x00021dc9bf99681eULL, 0x007ebf66fde74ee3ULL, - 0x004ade654386e9a4ULL, 0x00e7485066be4c27ULL)}, - {FIELD_LITERAL(0x00445f1263983be0ULL, 0x004cf371dda45e6aULL, - 0x00744a89d5a310e7ULL, 0x001f20ce4f904833ULL, - 0x00e746edebe66e29ULL, 0x000912ab1f6c153dULL, - 0x00f61d77d9b2444cULL, 0x0001499cd6647610ULL)}, - }} - } -}; -const struct curve448_precomputed_s *ossl_curve448_precomputed_base - = &curve448_precomputed_base_table; - -static const niels_t curve448_wnaf_base_table[32] = { - {{ - {FIELD_LITERAL(0x00303cda6feea532ULL, 0x00860f1d5a3850e4ULL, - 0x00226b9fa4728ccdULL, 0x00e822938a0a0c0cULL, - 0x00263a61c9ea9216ULL, 0x001204029321b828ULL, - 0x006a468360983c65ULL, 0x0002846f0a782143ULL)}, - {FIELD_LITERAL(0x00303cda6feea532ULL, 0x00860f1d5a3850e4ULL, - 0x00226b9fa4728ccdULL, 0x006822938a0a0c0cULL, - 0x00263a61c9ea9215ULL, 0x001204029321b828ULL, - 0x006a468360983c65ULL, 0x0082846f0a782143ULL)}, - {FIELD_LITERAL(0x00ef8e22b275198dULL, 0x00b0eb141a0b0e8bULL, - 0x001f6789da3cb38cULL, 0x006d2ff8ed39073eULL, - 0x00610bdb69a167f3ULL, 0x00571f306c9689b4ULL, - 0x00f557e6f84b2df8ULL, 0x002affd38b2c86dbULL)}, - }}, {{ - {FIELD_LITERAL(0x00cea0fc8d2e88b5ULL, 0x00821612d69f1862ULL, - 0x0074c283b3e67522ULL, 0x005a195ba05a876dULL, - 0x000cddfe557feea4ULL, 0x008046c795bcc5e5ULL, - 0x00540969f4d6e119ULL, 0x00d27f96d6b143d5ULL)}, - {FIELD_LITERAL(0x000c3b1019d474e8ULL, 0x00e19533e4952284ULL, - 0x00cc9810ba7c920aULL, 0x00f103d2785945acULL, - 0x00bfa5696cc69b34ULL, 0x00a8d3d51e9ca839ULL, - 0x005623cb459586b9ULL, 0x00eae7ce1cd52e9eULL)}, - {FIELD_LITERAL(0x0005a178751dd7d8ULL, 0x002cc3844c69c42fULL, - 0x00acbfe5efe10539ULL, 0x009c20f43431a65aULL, - 0x008435d96374a7b3ULL, 0x009ee57566877bd3ULL, - 0x0044691725ed4757ULL, 0x001e87bb2fe2c6b2ULL)}, - }}, {{ - {FIELD_LITERAL(0x000cedc4debf7a04ULL, 0x002ffa45000470acULL, - 0x002e9f9678201915ULL, 0x0017da1208c4fe72ULL, - 0x007d558cc7d656cbULL, 0x0037a827287cf289ULL, - 0x00142472d3441819ULL, 0x009c21f166cf8dd1ULL)}, - {FIELD_LITERAL(0x003ef83af164b2f2ULL, 0x000949a5a0525d0dULL, - 0x00f4498186cac051ULL, 0x00e77ac09ef126d2ULL, - 0x0073ae0b2c9296e9ULL, 0x001c163f6922e3edULL, - 0x0062946159321beaULL, 0x00cfb79b22990b39ULL)}, - {FIELD_LITERAL(0x00b001431ca9e654ULL, 0x002d7e5eabcc9a3aULL, - 0x0052e8114c2f6747ULL, 0x0079ac4f94487f92ULL, - 0x00bffd919b5d749cULL, 0x00261f92ad15e620ULL, - 0x00718397b7a97895ULL, 0x00c1443e6ebbc0c4ULL)}, - }}, {{ - {FIELD_LITERAL(0x00eacd90c1e0a049ULL, 0x008977935b149fbeULL, - 0x0004cb9ba11c93dcULL, 0x009fbd5b3470844dULL, - 0x004bc18c9bfc22cfULL, 0x0057679a991839f3ULL, - 0x00ef15b76fb4092eULL, 0x0074a5173a225041ULL)}, - {FIELD_LITERAL(0x003f5f9d7ec4777bULL, 0x00ab2e733c919c94ULL, - 0x001bb6c035245ae5ULL, 0x00a325a49a883630ULL, - 0x0033e9a9ea3cea2fULL, 0x00e442a1eaa0e844ULL, - 0x00b2116d5b0e71b8ULL, 0x00c16abed6d64047ULL)}, - {FIELD_LITERAL(0x00c560b5ed051165ULL, 0x001945adc5d65094ULL, - 0x00e221865710f910ULL, 0x00cc12bc9e9b8cebULL, - 0x004faa9518914e35ULL, 0x0017476d89d42f6dULL, - 0x00b8f637c8fa1c8bULL, 0x0088c7d2790864b8ULL)}, - }}, {{ - {FIELD_LITERAL(0x00ef7eafc1c69be6ULL, 0x0085d3855778fbeaULL, - 0x002c8d5b450cb6f5ULL, 0x004e77de5e1e7fecULL, - 0x0047c057893abdedULL, 0x001b430b85d51e16ULL, - 0x00965c7b45640c3cULL, 0x00487b2bb1162b97ULL)}, - {FIELD_LITERAL(0x0099c73a311beec2ULL, 0x00a3eff38d8912adULL, - 0x002efa9d1d7e8972ULL, 0x00f717ae1e14d126ULL, - 0x002833f795850c8bULL, 0x0066c12ad71486bdULL, - 0x00ae9889da4820ebULL, 0x00d6044309555c08ULL)}, - {FIELD_LITERAL(0x004b1c5283d15e41ULL, 0x00669d8ea308ff75ULL, - 0x0004390233f762a1ULL, 0x00e1d67b83cb6cecULL, - 0x003eebaa964c78b1ULL, 0x006b0aff965eb664ULL, - 0x00b313d4470bdc37ULL, 0x008814ffcb3cb9d8ULL)}, - }}, {{ - {FIELD_LITERAL(0x009724b8ce68db70ULL, 0x007678b5ed006f3dULL, - 0x00bdf4b89c0abd73ULL, 0x00299748e04c7c6dULL, - 0x00ddd86492c3c977ULL, 0x00c5a7febfa30a99ULL, - 0x00ed84715b4b02bbULL, 0x00319568adf70486ULL)}, - {FIELD_LITERAL(0x0070ff2d864de5bbULL, 0x005a37eeb637ee95ULL, - 0x0033741c258de160ULL, 0x00e6ca5cb1988f46ULL, - 0x001ceabd92a24661ULL, 0x0030957bd500fe40ULL, - 0x001c3362afe912c5ULL, 0x005187889f678bd2ULL)}, - {FIELD_LITERAL(0x0086835fc62bbdc7ULL, 0x009c3516ca4910a1ULL, - 0x00956c71f8d00783ULL, 0x0095c78fcf63235fULL, - 0x00fc7ff6ba05c222ULL, 0x00cdd8b3f8d74a52ULL, - 0x00ac5ae16de8256eULL, 0x00e9d4be8ed48624ULL)}, - }}, {{ - {FIELD_LITERAL(0x00c0ce11405df2d8ULL, 0x004e3f37b293d7b6ULL, - 0x002410172e1ac6dbULL, 0x00b8dbff4bf8143dULL, - 0x003a7b409d56eb66ULL, 0x003e0f6a0dfef9afULL, - 0x0081c4e4d3645be1ULL, 0x00ce76076b127623ULL)}, - {FIELD_LITERAL(0x00f6ee0f98974239ULL, 0x0042d89af07d3a4fULL, - 0x00846b7fe84346b5ULL, 0x006a21fc6a8d39a1ULL, - 0x00ac8bc2541ff2d9ULL, 0x006d4e2a77732732ULL, - 0x009a39b694cc3f2fULL, 0x0085c0aa2a404c8fULL)}, - {FIELD_LITERAL(0x00b261101a218548ULL, 0x00c1cae96424277bULL, - 0x00869da0a77dd268ULL, 0x00bc0b09f8ec83eaULL, - 0x00d61027f8e82ba9ULL, 0x00aa4c85999dce67ULL, - 0x00eac3132b9f3fe1ULL, 0x00fb9b0cf1c695d2ULL)}, - }}, {{ - {FIELD_LITERAL(0x0043079295512f0dULL, 0x0046a009861758e0ULL, - 0x003ee2842a807378ULL, 0x0034cc9d1298e4faULL, - 0x009744eb4d31b3eeULL, 0x00afacec96650cd0ULL, - 0x00ac891b313761aeULL, 0x00e864d6d26e708aULL)}, - {FIELD_LITERAL(0x00a84d7c8a23b491ULL, 0x0088e19aa868b27fULL, - 0x0005986d43e78ce9ULL, 0x00f28012f0606d28ULL, - 0x0017ded7e10249b3ULL, 0x005ed4084b23af9bULL, - 0x00b9b0a940564472ULL, 0x00ad9056cceeb1f4ULL)}, - {FIELD_LITERAL(0x00db91b357fe755eULL, 0x00a1aa544b15359cULL, - 0x00af4931a0195574ULL, 0x007686124fe11aefULL, - 0x00d1ead3c7b9ef7eULL, 0x00aaf5fc580f8c15ULL, - 0x00e727be147ee1ecULL, 0x003c61c1e1577b86ULL)}, - }}, {{ - {FIELD_LITERAL(0x009d3fca983220cfULL, 0x00cd11acbc853dc4ULL, - 0x0017590409d27f1dULL, 0x00d2176698082802ULL, - 0x00fa01251b2838c8ULL, 0x00dd297a0d9b51c6ULL, - 0x00d76c92c045820aULL, 0x00534bc7c46c9033ULL)}, - {FIELD_LITERAL(0x0080ed9bc9b07338ULL, 0x00fceac7745d2652ULL, - 0x008a9d55f5f2cc69ULL, 0x0096ce72df301ac5ULL, - 0x00f53232e7974d87ULL, 0x0071728c7ae73947ULL, - 0x0090507602570778ULL, 0x00cb81cfd883b1b2ULL)}, - {FIELD_LITERAL(0x005011aadea373daULL, 0x003a8578ec896034ULL, - 0x00f20a6535fa6d71ULL, 0x005152d31e5a87cfULL, - 0x002bac1c8e68ca31ULL, 0x00b0e323db4c1381ULL, - 0x00f1d596b7d5ae25ULL, 0x00eae458097cb4e0ULL)}, - }}, {{ - {FIELD_LITERAL(0x00920ac80f9b0d21ULL, 0x00f80f7f73401246ULL, - 0x0086d37849b557d6ULL, 0x0002bd4b317b752eULL, - 0x00b26463993a42bbULL, 0x002070422a73b129ULL, - 0x00341acaa0380cb3ULL, 0x00541914dd66a1b2ULL)}, - {FIELD_LITERAL(0x00c1513cd66abe8cULL, 0x000139e01118944dULL, - 0x0064abbcb8080bbbULL, 0x00b3b08202473142ULL, - 0x00c629ef25da2403ULL, 0x00f0aec3310d9b7fULL, - 0x0050b2227472d8cdULL, 0x00f6c8a922d41fb4ULL)}, - {FIELD_LITERAL(0x001075ccf26b7b1fULL, 0x00bb6bb213170433ULL, - 0x00e9491ad262da79ULL, 0x009ef4f48d2d384cULL, - 0x008992770766f09dULL, 0x001584396b6b1101ULL, - 0x00af3f8676c9feefULL, 0x0024603c40269118ULL)}, - }}, {{ - {FIELD_LITERAL(0x009dd7b31319527cULL, 0x001e7ac948d873a9ULL, - 0x00fa54b46ef9673aULL, 0x0066efb8d5b02fe6ULL, - 0x00754b1d3928aeaeULL, 0x0004262ac72a6f6bULL, - 0x0079b7d49a6eb026ULL, 0x003126a753540102ULL)}, - {FIELD_LITERAL(0x009666e24f693947ULL, 0x00f714311269d45fULL, - 0x0010ffac1d0c851cULL, 0x0066e80c37363497ULL, - 0x00f1f4ad010c60b0ULL, 0x0015c87408470ff7ULL, - 0x00651d5e9c7766a4ULL, 0x008138819d7116deULL)}, - {FIELD_LITERAL(0x003934b11c57253bULL, 0x00ef308edf21f46eULL, - 0x00e54e99c7a16198ULL, 0x0080d57135764e63ULL, - 0x00751c27b946bc24ULL, 0x00dd389ce4e9e129ULL, - 0x00a1a2bfd1cd84dcULL, 0x002fae73e5149b32ULL)}, - }}, {{ - {FIELD_LITERAL(0x00911657dffb4cddULL, 0x00c100b7cc553d06ULL, - 0x00449d075ec467ccULL, 0x007062100bc64e70ULL, - 0x0043cf86f7bd21e7ULL, 0x00f401dc4b797deaULL, - 0x005224afb2f62e65ULL, 0x00d1ede3fb5a42beULL)}, - {FIELD_LITERAL(0x00f2ba36a41aa144ULL, 0x00a0c22d946ee18fULL, - 0x008aae8ef9a14f99ULL, 0x00eef4d79b19bb36ULL, - 0x008e75ce3d27b1fcULL, 0x00a65daa03b29a27ULL, - 0x00d9cc83684eb145ULL, 0x009e1ed80cc2ed74ULL)}, - {FIELD_LITERAL(0x00bed953d1997988ULL, 0x00b93ed175a24128ULL, - 0x00871c5963fb6365ULL, 0x00ca2df20014a787ULL, - 0x00f5d9c1d0b34322ULL, 0x00f6f5942818db0aULL, - 0x004cc091f49c9906ULL, 0x00e8a188a60bff9fULL)}, - }}, {{ - {FIELD_LITERAL(0x0032c7762032fae8ULL, 0x00e4087232e0bc21ULL, - 0x00f767344b6e8d85ULL, 0x00bbf369b76c2aa2ULL, - 0x008a1f46c6e1570cULL, 0x001368cd9780369fULL, - 0x007359a39d079430ULL, 0x0003646512921434ULL)}, - {FIELD_LITERAL(0x007c4b47ca7c73e7ULL, 0x005396221039734bULL, - 0x008b64ddf0e45d7eULL, 0x00bfad5af285e6c2ULL, - 0x008ec711c5b1a1a8ULL, 0x00cf663301237f98ULL, - 0x00917ee3f1655126ULL, 0x004152f337efedd8ULL)}, - {FIELD_LITERAL(0x0007c7edc9305daaULL, 0x000a6664f273701cULL, - 0x00f6e78795e200b1ULL, 0x005d05b9ecd2473eULL, - 0x0014f5f17c865786ULL, 0x00c7fd2d166fa995ULL, - 0x004939a2d8eb80e0ULL, 0x002244ba0942c199ULL)}, - }}, {{ - {FIELD_LITERAL(0x00321e767f0262cfULL, 0x002e57d776caf68eULL, - 0x00bf2c94814f0437ULL, 0x00c339196acd622fULL, - 0x001db4cce71e2770ULL, 0x001ded5ddba6eee2ULL, - 0x0078608ab1554c8dULL, 0x00067fe0ab76365bULL)}, - {FIELD_LITERAL(0x00f09758e11e3985ULL, 0x00169efdbd64fad3ULL, - 0x00e8889b7d6dacd6ULL, 0x0035cdd58ea88209ULL, - 0x00bcda47586d7f49ULL, 0x003cdddcb2879088ULL, - 0x0016da70187e954bULL, 0x009556ea2e92aacdULL)}, - {FIELD_LITERAL(0x008cab16bd1ff897ULL, 0x00b389972cdf753fULL, - 0x00ea8ed1e46dfdc0ULL, 0x004fe7ef94c589f4ULL, - 0x002b8ae9b805ecf3ULL, 0x0025c08d892874a5ULL, - 0x0023938e98d44c4cULL, 0x00f759134cabf69cULL)}, - }}, {{ - {FIELD_LITERAL(0x006c2a84678e4b3bULL, 0x007a194aacd1868fULL, - 0x00ed0225af424761ULL, 0x00da0a6f293c64b8ULL, - 0x001062ac5c6a7a18ULL, 0x0030f5775a8aeef4ULL, - 0x0002acaad76b7af0ULL, 0x00410b8fd63a579fULL)}, - {FIELD_LITERAL(0x001ec59db3d9590eULL, 0x001e9e3f1c3f182dULL, - 0x0045a9c3ec2cab14ULL, 0x0008198572aeb673ULL, - 0x00773b74068bd167ULL, 0x0012535eaa395434ULL, - 0x0044dba9e3bbb74aULL, 0x002fba4d3c74bd0eULL)}, - {FIELD_LITERAL(0x0042bf08fe66922cULL, 0x003318b8fbb49e8cULL, - 0x00d75946004aa14cULL, 0x00f601586b42bf1cULL, - 0x00c74cf1d912fe66ULL, 0x00abcb36974b30adULL, - 0x007eb78720c9d2b8ULL, 0x009f54ab7bd4df85ULL)}, - }}, {{ - {FIELD_LITERAL(0x00db9fc948f73826ULL, 0x00fa8b3746ed8ee9ULL, - 0x00132cb65aafbeb2ULL, 0x00c36ff3fe7925b8ULL, - 0x00837daed353d2feULL, 0x00ec661be0667cf4ULL, - 0x005beb8ed2e90204ULL, 0x00d77dd69e564967ULL)}, - {FIELD_LITERAL(0x0042e6268b861751ULL, 0x0008dd0469500c16ULL, - 0x00b51b57c338a3fdULL, 0x00cc4497d85cff6bULL, - 0x002f13d6b57c34a4ULL, 0x0083652eaf301105ULL, - 0x00cc344294cc93a8ULL, 0x0060f4d02810e270ULL)}, - {FIELD_LITERAL(0x00a8954363cd518bULL, 0x00ad171124bccb7bULL, - 0x0065f46a4adaae00ULL, 0x001b1a5b2a96e500ULL, - 0x0043fe24f8233285ULL, 0x0066996d8ae1f2c3ULL, - 0x00c530f3264169f9ULL, 0x00c0f92d07cf6a57ULL)}, - }}, {{ - {FIELD_LITERAL(0x0036a55c6815d943ULL, 0x008c8d1def993db3ULL, - 0x002e0e1e8ff7318fULL, 0x00d883a4b92db00aULL, - 0x002f5e781ae33906ULL, 0x001a72adb235c06dULL, - 0x00f2e59e736e9caaULL, 0x001a4b58e3031914ULL)}, - {FIELD_LITERAL(0x00d73bfae5e00844ULL, 0x00bf459766fb5f52ULL, - 0x0061b4f5a5313cdeULL, 0x004392d4c3b95514ULL, - 0x000d3551b1077523ULL, 0x0000998840ee5d71ULL, - 0x006de6e340448b7bULL, 0x00251aa504875d6eULL)}, - {FIELD_LITERAL(0x003bf343427ac342ULL, 0x00adc0a78642b8c5ULL, - 0x0003b893175a8314ULL, 0x0061a34ade5703bcULL, - 0x00ea3ea8bb71d632ULL, 0x00be0df9a1f198c2ULL, - 0x0046dd8e7c1635fbULL, 0x00f1523fdd25d5e5ULL)}, - }}, {{ - {FIELD_LITERAL(0x00633f63fc9dd406ULL, 0x00e713ff80e04a43ULL, - 0x0060c6e970f2d621ULL, 0x00a57cd7f0df1891ULL, - 0x00f2406a550650bbULL, 0x00b064290efdc684ULL, - 0x001eab0144d17916ULL, 0x00cd15f863c293abULL)}, - {FIELD_LITERAL(0x0029cec55273f70dULL, 0x007044ee275c6340ULL, - 0x0040f637a93015e2ULL, 0x00338bb78db5aae9ULL, - 0x001491b2a6132147ULL, 0x00a125d6cfe6bde3ULL, - 0x005f7ac561ba8669ULL, 0x001d5eaea3fbaacfULL)}, - {FIELD_LITERAL(0x00054e9635e3be31ULL, 0x000e43f31e2872beULL, - 0x00d05b1c9e339841ULL, 0x006fac50bd81fd98ULL, - 0x00cdc7852eaebb09ULL, 0x004ff519b061991bULL, - 0x009099e8107d4c85ULL, 0x00273e24c36a4a61ULL)}, - }}, {{ - {FIELD_LITERAL(0x00070b4441ef2c46ULL, 0x00efa5b02801a109ULL, - 0x00bf0b8c3ee64adfULL, 0x008a67e0b3452e98ULL, - 0x001916b1f2fa7a74ULL, 0x00d781a78ff6cdc3ULL, - 0x008682ce57e5c919ULL, 0x00cc1109dd210da3ULL)}, - {FIELD_LITERAL(0x00cae8aaff388663ULL, 0x005e983a35dda1c7ULL, - 0x007ab1030d8e37f4ULL, 0x00e48940f5d032feULL, - 0x006a36f9ef30b331ULL, 0x009be6f03958c757ULL, - 0x0086231ceba91400ULL, 0x008bd0f7b823e7aaULL)}, - {FIELD_LITERAL(0x00cf881ebef5a45aULL, 0x004ebea78e7c6f2cULL, - 0x0090da9209cf26a0ULL, 0x00de2b2e4c775b84ULL, - 0x0071d6031c3c15aeULL, 0x00d9e927ef177d70ULL, - 0x00894ee8c23896fdULL, 0x00e3b3b401e41aadULL)}, - }}, {{ - {FIELD_LITERAL(0x00204fef26864170ULL, 0x00819269c5dee0f8ULL, - 0x00bfb4713ec97966ULL, 0x0026339a6f34df78ULL, - 0x001f26e64c761dc2ULL, 0x00effe3af313cb60ULL, - 0x00e17b70138f601bULL, 0x00f16e1ccd9ede5eULL)}, - {FIELD_LITERAL(0x005d9a8353fdb2dbULL, 0x0055cc2048c698f0ULL, - 0x00f6c4ac89657218ULL, 0x00525034d73faeb2ULL, - 0x00435776fbda3c7dULL, 0x0070ea5312323cbcULL, - 0x007a105d44d069fbULL, 0x006dbc8d6dc786aaULL)}, - {FIELD_LITERAL(0x0017cff19cd394ecULL, 0x00fef7b810922587ULL, - 0x00e6483970dff548ULL, 0x00ddf36ad6874264ULL, - 0x00e61778523fcce2ULL, 0x0093a66c0c93b24aULL, - 0x00fd367114db7f86ULL, 0x007652d7ddce26ddULL)}, - }}, {{ - {FIELD_LITERAL(0x00d92ced7ba12843ULL, 0x00aea9c7771e86e7ULL, - 0x0046639693354f7bULL, 0x00a628dbb6a80c47ULL, - 0x003a0b0507372953ULL, 0x00421113ab45c0d9ULL, - 0x00e545f08362ab7aULL, 0x0028ce087b4d6d96ULL)}, - {FIELD_LITERAL(0x00a67ee7cf9f99ebULL, 0x005713b275f2ff68ULL, - 0x00f1d536a841513dULL, 0x00823b59b024712eULL, - 0x009c46b9d0d38cecULL, 0x00cdb1595aa2d7d4ULL, - 0x008375b3423d9af8ULL, 0x000ab0b516d978f7ULL)}, - {FIELD_LITERAL(0x00428dcb3c510b0fULL, 0x00585607ea24bb4eULL, - 0x003736bf1603687aULL, 0x00c47e568c4fe3c7ULL, - 0x003cd00282848605ULL, 0x0043a487c3b91939ULL, - 0x004ffc04e1095a06ULL, 0x00a4c989a3d4b918ULL)}, - }}, {{ - {FIELD_LITERAL(0x00a8778d0e429f7aULL, 0x004c02b059105a68ULL, - 0x0016653b609da3ffULL, 0x00d5107bd1a12d27ULL, - 0x00b4708f9a771cabULL, 0x00bb63b662033f69ULL, - 0x0072f322240e7215ULL, 0x0019445b59c69222ULL)}, - {FIELD_LITERAL(0x00cf4f6069a658e6ULL, 0x0053ca52859436a6ULL, - 0x0064b994d7e3e117ULL, 0x00cb469b9a07f534ULL, - 0x00cfb68f399e9d47ULL, 0x00f0dcb8dac1c6e7ULL, - 0x00f2ab67f538b3a5ULL, 0x0055544f178ab975ULL)}, - {FIELD_LITERAL(0x0099b7a2685d538cULL, 0x00e2f1897b7c0018ULL, - 0x003adac8ce48dae3ULL, 0x00089276d5c50c0cULL, - 0x00172fca07ad6717ULL, 0x00cb1a72f54069e5ULL, - 0x004ee42f133545b3ULL, 0x00785f8651362f16ULL)}, - }}, {{ - {FIELD_LITERAL(0x0049cbac38509e11ULL, 0x0015234505d42cdfULL, - 0x00794fb0b5840f1cULL, 0x00496437344045a5ULL, - 0x0031b6d944e4f9b0ULL, 0x00b207318ac1f5d8ULL, - 0x0000c840da7f5c5dULL, 0x00526f373a5c8814ULL)}, - {FIELD_LITERAL(0x002c7b7742d1dfd9ULL, 0x002cabeb18623c01ULL, - 0x00055f5e3e044446ULL, 0x006c20f3b4ef54baULL, - 0x00c600141ec6b35fULL, 0x00354f437f1a32a3ULL, - 0x00bac4624a3520f9ULL, 0x00c483f734a90691ULL)}, - {FIELD_LITERAL(0x0053a737d422918dULL, 0x00f7fca1d8758625ULL, - 0x00c360336dadb04cULL, 0x00f38e3d9158a1b8ULL, - 0x0069ce3b418e84c6ULL, 0x005d1697eca16eadULL, - 0x00f8bd6a35ece13dULL, 0x007885dfc2b5afeaULL)}, - }}, {{ - {FIELD_LITERAL(0x00c3617ae260776cULL, 0x00b20dc3e96922d7ULL, - 0x00a1a7802246706aULL, 0x00ca6505a5240244ULL, - 0x002246b62d919782ULL, 0x001439102d7aa9b3ULL, - 0x00e8af1139e6422cULL, 0x00c888d1b52f2b05ULL)}, - {FIELD_LITERAL(0x005b67690ffd41d9ULL, 0x005294f28df516f9ULL, - 0x00a879272412fcb9ULL, 0x00098b629a6d1c8dULL, - 0x00fabd3c8050865aULL, 0x00cd7e5b0a3879c5ULL, - 0x00153238210f3423ULL, 0x00357cac101e9f42ULL)}, - {FIELD_LITERAL(0x008917b454444fb7ULL, 0x00f59247c97e441bULL, - 0x00a6200a6815152dULL, 0x0009a4228601d254ULL, - 0x001c0360559bd374ULL, 0x007563362039cb36ULL, - 0x00bd75b48d74e32bULL, 0x0017f515ac3499e8ULL)}, - }}, {{ - {FIELD_LITERAL(0x001532a7ffe41c5aULL, 0x00eb1edce358d6bfULL, - 0x00ddbacc7b678a7bULL, 0x008a7b70f3c841a3ULL, - 0x00f1923bf27d3f4cULL, 0x000b2713ed8f7873ULL, - 0x00aaf67e29047902ULL, 0x0044994a70b3976dULL)}, - {FIELD_LITERAL(0x00d54e802082d42cULL, 0x00a55aa0dce7cc6cULL, - 0x006477b96073f146ULL, 0x0082efe4ceb43594ULL, - 0x00a922bcba026845ULL, 0x0077f19d1ab75182ULL, - 0x00c2bb2737846e59ULL, 0x0004d7eec791dd33ULL)}, - {FIELD_LITERAL(0x0044588d1a81d680ULL, 0x00b0a9097208e4f8ULL, - 0x00212605350dc57eULL, 0x0028717cd2871123ULL, - 0x00fb083c100fd979ULL, 0x0045a056ce063fdfULL, - 0x00a5d604b4dd6a41ULL, 0x001dabc08ba4e236ULL)}, - }}, {{ - {FIELD_LITERAL(0x00c4887198d7a7faULL, 0x00244f98fb45784aULL, - 0x0045911e15a15d01ULL, 0x001d323d374c0966ULL, - 0x00967c3915196562ULL, 0x0039373abd2f3c67ULL, - 0x000d2c5614312423ULL, 0x0041cf2215442ce3ULL)}, - {FIELD_LITERAL(0x008ede889ada7f06ULL, 0x001611e91de2e135ULL, - 0x00fdb9a458a471b9ULL, 0x00563484e03710d1ULL, - 0x0031cc81925e3070ULL, 0x0062c97b3af80005ULL, - 0x00fa733eea28edebULL, 0x00e82457e1ebbc88ULL)}, - {FIELD_LITERAL(0x006a0df5fe9b6f59ULL, 0x00a0d4ff46040d92ULL, - 0x004a7cedb6f93250ULL, 0x00d1df8855b8c357ULL, - 0x00e73a46086fd058ULL, 0x0048fb0add6dfe59ULL, - 0x001e03a28f1b4e3dULL, 0x00a871c993308d76ULL)}, - }}, {{ - {FIELD_LITERAL(0x0030dbb2d1766ec8ULL, 0x00586c0ad138555eULL, - 0x00d1a34f9e91c77cULL, 0x0063408ad0e89014ULL, - 0x00d61231b05f6f5bULL, 0x0009abf569f5fd8aULL, - 0x00aec67a110f1c43ULL, 0x0031d1a790938dd7ULL)}, - {FIELD_LITERAL(0x006cded841e2a862ULL, 0x00198d60af0ab6fbULL, - 0x0018f09db809e750ULL, 0x004e6ac676016263ULL, - 0x00eafcd1620969cbULL, 0x002c9784ca34917dULL, - 0x0054f00079796de7ULL, 0x00d9fab5c5972204ULL)}, - {FIELD_LITERAL(0x004bd0fee2438a83ULL, 0x00b571e62b0f83bdULL, - 0x0059287d7ce74800ULL, 0x00fb3631b645c3f0ULL, - 0x00a018e977f78494ULL, 0x0091e27065c27b12ULL, - 0x007696c1817165e0ULL, 0x008c40be7c45ba3aULL)}, - }}, {{ - {FIELD_LITERAL(0x00a0f326327cb684ULL, 0x001c7d0f672680ffULL, - 0x008c1c81ffb112d1ULL, 0x00f8f801674eddc8ULL, - 0x00e926d5d48c2a9dULL, 0x005bd6d954c6fe9aULL, - 0x004c6b24b4e33703ULL, 0x00d05eb5c09105ccULL)}, - {FIELD_LITERAL(0x00d61731caacf2cfULL, 0x002df0c7609e01c5ULL, - 0x00306172208b1e2bULL, 0x00b413fe4fb2b686ULL, - 0x00826d360902a221ULL, 0x003f8d056e67e7f7ULL, - 0x0065025b0175e989ULL, 0x00369add117865ebULL)}, - {FIELD_LITERAL(0x00aaf895aec2fa11ULL, 0x000f892bc313eb52ULL, - 0x005b1c794dad050bULL, 0x003f8ec4864cec14ULL, - 0x00af81058d0b90e5ULL, 0x00ebe43e183997bbULL, - 0x00a9d610f9f3e615ULL, 0x007acd8eec2e88d3ULL)}, - }}, {{ - {FIELD_LITERAL(0x0049b2fab13812a3ULL, 0x00846db32cd60431ULL, - 0x000177fa578c8d6cULL, 0x00047d0e2ad4bc51ULL, - 0x00b158ba38d1e588ULL, 0x006a45daad79e3f3ULL, - 0x000997b93cab887bULL, 0x00c47ea42fa23dc3ULL)}, - {FIELD_LITERAL(0x0012b6fef7aeb1caULL, 0x009412768194b6a7ULL, - 0x00ff0d351f23ab93ULL, 0x007e8a14c1aff71bULL, - 0x006c1c0170c512bcULL, 0x0016243ea02ab2e5ULL, - 0x007bb6865b303f3eULL, 0x0015ce6b29b159f4ULL)}, - {FIELD_LITERAL(0x009961cd02e68108ULL, 0x00e2035d3a1d0836ULL, - 0x005d51f69b5e1a1dULL, 0x004bccb4ea36edcdULL, - 0x0069be6a7aeef268ULL, 0x0063f4dd9de8d5a7ULL, - 0x006283783092ca35ULL, 0x0075a31af2c35409ULL)}, - }}, {{ - {FIELD_LITERAL(0x00c412365162e8cfULL, 0x00012283fb34388aULL, - 0x003e6543babf39e2ULL, 0x00eead6b3a804978ULL, - 0x0099c0314e8b326fULL, 0x00e98e0a8d477a4fULL, - 0x00d2eb96b127a687ULL, 0x00ed8d7df87571bbULL)}, - {FIELD_LITERAL(0x00777463e308cacfULL, 0x00c8acb93950132dULL, - 0x00ebddbf4ca48b2cULL, 0x0026ad7ca0795a0aULL, - 0x00f99a3d9a715064ULL, 0x000d60bcf9d4dfccULL, - 0x005e65a73a437a06ULL, 0x0019d536a8db56c8ULL)}, - {FIELD_LITERAL(0x00192d7dd558d135ULL, 0x0027cd6a8323ffa7ULL, - 0x00239f1a412dc1e7ULL, 0x0046b4b3be74fc5cULL, - 0x0020c47a2bef5bceULL, 0x00aa17e48f43862bULL, - 0x00f7e26c96342e5fULL, 0x0008011c530f39a9ULL)}, - }}, {{ - {FIELD_LITERAL(0x00aad4ac569bf0f1ULL, 0x00a67adc90b27740ULL, - 0x0048551369a5751aULL, 0x0031252584a3306aULL, - 0x0084e15df770e6fcULL, 0x00d7bba1c74b5805ULL, - 0x00a80ef223af1012ULL, 0x0089c85ceb843a34ULL)}, - {FIELD_LITERAL(0x00c4545be4a54004ULL, 0x0099e11f60357e6cULL, - 0x001f3936d19515a6ULL, 0x007793df84341a6eULL, - 0x0051061886717ffaULL, 0x00e9b0a660b28f85ULL, - 0x0044ea685892de0dULL, 0x000257d2a1fda9d9ULL)}, - {FIELD_LITERAL(0x007e8b01b24ac8a8ULL, 0x006cf3b0b5ca1337ULL, - 0x00f1607d3e36a570ULL, 0x0039b7fab82991a1ULL, - 0x00231777065840c5ULL, 0x00998e5afdd346f9ULL, - 0x00b7dc3e64acc85fULL, 0x00baacc748013ad6ULL)}, - }}, {{ - {FIELD_LITERAL(0x008ea6a4177580bfULL, 0x005fa1953e3f0378ULL, - 0x005fe409ac74d614ULL, 0x00452327f477e047ULL, - 0x00a4018507fb6073ULL, 0x007b6e71951caac8ULL, - 0x0012b42ab8a6ce91ULL, 0x0080eca677294ab7ULL)}, - {FIELD_LITERAL(0x00a53edc023ba69bULL, 0x00c6afa83ddde2e8ULL, - 0x00c3f638b307b14eULL, 0x004a357a64414062ULL, - 0x00e4d94d8b582dc9ULL, 0x001739caf71695b7ULL, - 0x0012431b2ae28de1ULL, 0x003b6bc98682907cULL)}, - {FIELD_LITERAL(0x008a9a93be1f99d6ULL, 0x0079fa627cc699c8ULL, - 0x00b0cfb134ba84c8ULL, 0x001c4b778249419aULL, - 0x00df4ab3d9c44f40ULL, 0x009f596e6c1a9e3cULL, - 0x001979c0df237316ULL, 0x00501e953a919b87ULL)}, - }} -}; -const niels_t *ossl_curve448_wnaf_base = curve448_wnaf_base_table; diff --git a/crypto/ec/curve448/curve448utils.h b/crypto/ec/curve448/curve448utils.h deleted file mode 100644 index 664c6e6ff306d5f370799536f31171c211bbde76..0000000000000000000000000000000000000000 --- a/crypto/ec/curve448/curve448utils.h +++ /dev/null @@ -1,82 +0,0 @@ -/* - * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. - * Copyright 2015 Cryptography Research, Inc. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - * - * Originally written by Mike Hamburg - */ - -#ifndef OSSL_CRYPTO_EC_CURVE448UTILS_H -# define OSSL_CRYPTO_EC_CURVE448UTILS_H - -# include - -# include "internal/numbers.h" - -/* - * Internal word types. Somewhat tricky. This could be decided separately per - * platform. However, the structs do need to be all the same size and - * alignment on a given platform to support dynamic linking, since even if you - * header was built with eg arch_neon, you might end up linking a library built - * with arch_arm32. - */ -# ifndef C448_WORD_BITS -# if (defined(__SIZEOF_INT128__) && (__SIZEOF_INT128__ == 16)) \ - && !defined(__sparc__) \ - && (!defined(__SIZEOF_LONG__) || (__SIZEOF_LONG__ == 8)) - -# define C448_WORD_BITS 64 /* The number of bits in a word */ -# else -# define C448_WORD_BITS 32 /* The number of bits in a word */ -# endif -# endif - -# if C448_WORD_BITS == 64 -/* Word size for internal computations */ -typedef uint64_t c448_word_t; -/* Signed word size for internal computations */ -typedef int64_t c448_sword_t; -/* "Boolean" type, will be set to all-zero or all-one (i.e. -1u) */ -typedef uint64_t c448_bool_t; -/* Double-word size for internal computations */ -typedef uint128_t c448_dword_t; -/* Signed double-word size for internal computations */ -typedef int128_t c448_dsword_t; -# elif C448_WORD_BITS == 32 -/* Word size for internal computations */ -typedef uint32_t c448_word_t; -/* Signed word size for internal computations */ -typedef int32_t c448_sword_t; -/* "Boolean" type, will be set to all-zero or all-one (i.e. -1u) */ -typedef uint32_t c448_bool_t; -/* Double-word size for internal computations */ -typedef uint64_t c448_dword_t; -/* Signed double-word size for internal computations */ -typedef int64_t c448_dsword_t; -# else -# error "Only supporting C448_WORD_BITS = 32 or 64 for now" -# endif - -/* C448_TRUE = -1 so that C448_TRUE & x = x */ -# define C448_TRUE (0 - (c448_bool_t)1) - -/* C448_FALSE = 0 so that C448_FALSE & x = 0 */ -# define C448_FALSE 0 - -/* Another boolean type used to indicate success or failure. */ -typedef enum { - C448_SUCCESS = -1, /**< The operation succeeded. */ - C448_FAILURE = 0 /**< The operation failed. */ -} c448_error_t; - -/* Return success if x is true */ -static ossl_inline c448_error_t c448_succeed_if(c448_bool_t x) -{ - return (c448_error_t) x; -} - -#endif /* __C448_COMMON_H__ */ diff --git a/crypto/ec/curve448/ed448.h b/crypto/ec/curve448/ed448.h deleted file mode 100644 index 00b2bae580bad9111e4afac9d522dba72951f1f9..0000000000000000000000000000000000000000 --- a/crypto/ec/curve448/ed448.h +++ /dev/null @@ -1,213 +0,0 @@ -/* - * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. - * Copyright 2015-2016 Cryptography Research, Inc. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - * - * Originally written by Mike Hamburg - */ - -#ifndef OSSL_CRYPTO_EC_CURVE448_ED448_H -# define OSSL_CRYPTO_EC_CURVE448_ED448_H - -# include "point_448.h" - -/* Number of bytes in an EdDSA public key. */ -# define EDDSA_448_PUBLIC_BYTES 57 - -/* Number of bytes in an EdDSA private key. */ -# define EDDSA_448_PRIVATE_BYTES EDDSA_448_PUBLIC_BYTES - -/* Number of bytes in an EdDSA private key. */ -# define EDDSA_448_SIGNATURE_BYTES (EDDSA_448_PUBLIC_BYTES + \ - EDDSA_448_PRIVATE_BYTES) - -/* EdDSA encoding ratio. */ -# define C448_EDDSA_ENCODE_RATIO 4 - -/* EdDSA decoding ratio. */ -# define C448_EDDSA_DECODE_RATIO (4 / 4) - -/* - * EdDSA key generation. This function uses a different (non-Decaf) encoding. - * - * pubkey (out): The public key. - * privkey (in): The private key. - */ -c448_error_t -ossl_c448_ed448_derive_public_key( - OSSL_LIB_CTX *ctx, - uint8_t pubkey [EDDSA_448_PUBLIC_BYTES], - const uint8_t privkey [EDDSA_448_PRIVATE_BYTES], - const char *propq); - -/* - * EdDSA signing. - * - * signature (out): The signature. - * privkey (in): The private key. - * pubkey (in): The public key. - * message (in): The message to sign. - * message_len (in): The length of the message. - * prehashed (in): Nonzero if the message is actually the hash of something - * you want to sign. - * context (in): A "context" for this signature of up to 255 bytes. - * context_len (in): Length of the context. - * - * For Ed25519, it is unsafe to use the same key for both prehashed and - * non-prehashed messages, at least without some very careful protocol-level - * disambiguation. For Ed448 it is safe. - */ -c448_error_t -ossl_c448_ed448_sign(OSSL_LIB_CTX *ctx, - uint8_t signature[EDDSA_448_SIGNATURE_BYTES], - const uint8_t privkey[EDDSA_448_PRIVATE_BYTES], - const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES], - const uint8_t *message, size_t message_len, - uint8_t prehashed, const uint8_t *context, - size_t context_len, - const char *propq); - -/* - * EdDSA signing with prehash. - * - * signature (out): The signature. - * privkey (in): The private key. - * pubkey (in): The public key. - * hash (in): The hash of the message. This object will not be modified by the - * call. - * context (in): A "context" for this signature of up to 255 bytes. Must be the - * same as what was used for the prehash. - * context_len (in): Length of the context. - * - * For Ed25519, it is unsafe to use the same key for both prehashed and - * non-prehashed messages, at least without some very careful protocol-level - * disambiguation. For Ed448 it is safe. - */ -c448_error_t -ossl_c448_ed448_sign_prehash(OSSL_LIB_CTX *ctx, - uint8_t signature[EDDSA_448_SIGNATURE_BYTES], - const uint8_t privkey[EDDSA_448_PRIVATE_BYTES], - const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES], - const uint8_t hash[64], - const uint8_t *context, - size_t context_len, - const char *propq); - -/* - * EdDSA signature verification. - * - * Uses the standard (i.e. less-strict) verification formula. - * - * signature (in): The signature. - * pubkey (in): The public key. - * message (in): The message to verify. - * message_len (in): The length of the message. - * prehashed (in): Nonzero if the message is actually the hash of something you - * want to verify. - * context (in): A "context" for this signature of up to 255 bytes. - * context_len (in): Length of the context. - * - * For Ed25519, it is unsafe to use the same key for both prehashed and - * non-prehashed messages, at least without some very careful protocol-level - * disambiguation. For Ed448 it is safe. - */ -c448_error_t -ossl_c448_ed448_verify(OSSL_LIB_CTX *ctx, - const uint8_t - signature[EDDSA_448_SIGNATURE_BYTES], - const uint8_t - pubkey[EDDSA_448_PUBLIC_BYTES], - const uint8_t *message, size_t message_len, - uint8_t prehashed, const uint8_t *context, - uint8_t context_len, - const char *propq); - -/* - * EdDSA signature verification. - * - * Uses the standard (i.e. less-strict) verification formula. - * - * signature (in): The signature. - * pubkey (in): The public key. - * hash (in): The hash of the message. This object will not be modified by the - * call. - * context (in): A "context" for this signature of up to 255 bytes. Must be the - * same as what was used for the prehash. - * context_len (in): Length of the context. - * - * For Ed25519, it is unsafe to use the same key for both prehashed and - * non-prehashed messages, at least without some very careful protocol-level - * disambiguation. For Ed448 it is safe. - */ -c448_error_t -ossl_c448_ed448_verify_prehash( - OSSL_LIB_CTX *ctx, - const uint8_t signature[EDDSA_448_SIGNATURE_BYTES], - const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES], - const uint8_t hash[64], - const uint8_t *context, - uint8_t context_len, - const char *propq); - -/* - * EdDSA point encoding. Used internally, exposed externally. - * Multiplies by C448_EDDSA_ENCODE_RATIO first. - * - * The multiplication is required because the EdDSA encoding represents - * the cofactor information, but the Decaf encoding ignores it (which - * is the whole point). So if you decode from EdDSA and re-encode to - * EdDSA, the cofactor info must get cleared, because the intermediate - * representation doesn't track it. - * - * The way we handle this is to multiply by C448_EDDSA_DECODE_RATIO when - * decoding, and by C448_EDDSA_ENCODE_RATIO when encoding. The product of - * these ratios is always exactly the cofactor 4, so the cofactor ends up - * cleared one way or another. But exactly how that shakes out depends on the - * base points specified in RFC 8032. - * - * The upshot is that if you pass the Decaf/Ristretto base point to - * this function, you will get C448_EDDSA_ENCODE_RATIO times the - * EdDSA base point. - * - * enc (out): The encoded point. - * p (in): The point. - */ -void -ossl_curve448_point_mul_by_ratio_and_encode_like_eddsa( - uint8_t enc [EDDSA_448_PUBLIC_BYTES], - const curve448_point_t p); - -/* - * EdDSA point decoding. Multiplies by C448_EDDSA_DECODE_RATIO, and - * ignores cofactor information. - * - * See notes on curve448_point_mul_by_ratio_and_encode_like_eddsa - * - * enc (out): The encoded point. - * p (in): The point. - */ -c448_error_t -ossl_curve448_point_decode_like_eddsa_and_mul_by_ratio( - curve448_point_t p, - const uint8_t enc[EDDSA_448_PUBLIC_BYTES]); - -/* - * EdDSA to ECDH private key conversion - * Using the appropriate hash function, hash the EdDSA private key - * and keep only the lower bytes to get the ECDH private key - * - * x (out): The ECDH private key as in RFC7748 - * ed (in): The EdDSA private key - */ -c448_error_t -ossl_c448_ed448_convert_private_key_to_x448( - OSSL_LIB_CTX *ctx, - uint8_t x[X448_PRIVATE_BYTES], - const uint8_t ed[EDDSA_448_PRIVATE_BYTES], - const char *propq); - -#endif /* OSSL_CRYPTO_EC_CURVE448_ED448_H */ diff --git a/crypto/ec/curve448/eddsa.c b/crypto/ec/curve448/eddsa.c deleted file mode 100644 index 6648692ff39531a82fb956fe109c08f9d0b51c53..0000000000000000000000000000000000000000 --- a/crypto/ec/curve448/eddsa.c +++ /dev/null @@ -1,423 +0,0 @@ -/* - * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. - * Copyright 2015-2016 Cryptography Research, Inc. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - * - * Originally written by Mike Hamburg - */ -#include -#include -#include -#include "crypto/ecx.h" -#include "curve448_local.h" -#include "word.h" -#include "ed448.h" -#include "internal/numbers.h" - -#define COFACTOR 4 - -static c448_error_t oneshot_hash(OSSL_LIB_CTX *ctx, uint8_t *out, size_t outlen, - const uint8_t *in, size_t inlen, - const char *propq) -{ - EVP_MD_CTX *hashctx = EVP_MD_CTX_new(); - EVP_MD *shake256 = NULL; - c448_error_t ret = C448_FAILURE; - - if (hashctx == NULL) - return C448_FAILURE; - - shake256 = EVP_MD_fetch(ctx, "SHAKE256", propq); - if (shake256 == NULL) - goto err; - - if (!EVP_DigestInit_ex(hashctx, shake256, NULL) - || !EVP_DigestUpdate(hashctx, in, inlen) - || !EVP_DigestFinalXOF(hashctx, out, outlen)) - goto err; - - ret = C448_SUCCESS; - err: - EVP_MD_CTX_free(hashctx); - EVP_MD_free(shake256); - return ret; -} - -static void clamp(uint8_t secret_scalar_ser[EDDSA_448_PRIVATE_BYTES]) -{ - secret_scalar_ser[0] &= -COFACTOR; - secret_scalar_ser[EDDSA_448_PRIVATE_BYTES - 1] = 0; - secret_scalar_ser[EDDSA_448_PRIVATE_BYTES - 2] |= 0x80; -} - -static c448_error_t hash_init_with_dom(OSSL_LIB_CTX *ctx, EVP_MD_CTX *hashctx, - uint8_t prehashed, - uint8_t for_prehash, - const uint8_t *context, - size_t context_len, - const char *propq) -{ -#ifdef CHARSET_EBCDIC - const char dom_s[] = {0x53, 0x69, 0x67, 0x45, - 0x64, 0x34, 0x34, 0x38, 0x00}; -#else - const char dom_s[] = "SigEd448"; -#endif - uint8_t dom[2]; - EVP_MD *shake256 = NULL; - - if (context_len > UINT8_MAX) - return C448_FAILURE; - - dom[0] = (uint8_t)(2 - (prehashed == 0 ? 1 : 0) - - (for_prehash == 0 ? 1 : 0)); - dom[1] = (uint8_t)context_len; - - shake256 = EVP_MD_fetch(ctx, "SHAKE256", propq); - if (shake256 == NULL) - return C448_FAILURE; - - if (!EVP_DigestInit_ex(hashctx, shake256, NULL) - || !EVP_DigestUpdate(hashctx, dom_s, strlen(dom_s)) - || !EVP_DigestUpdate(hashctx, dom, sizeof(dom)) - || !EVP_DigestUpdate(hashctx, context, context_len)) { - EVP_MD_free(shake256); - return C448_FAILURE; - } - - EVP_MD_free(shake256); - return C448_SUCCESS; -} - -/* In this file because it uses the hash */ -c448_error_t -ossl_c448_ed448_convert_private_key_to_x448( - OSSL_LIB_CTX *ctx, - uint8_t x[X448_PRIVATE_BYTES], - const uint8_t ed [EDDSA_448_PRIVATE_BYTES], - const char *propq) -{ - /* pass the private key through oneshot_hash function */ - /* and keep the first X448_PRIVATE_BYTES bytes */ - return oneshot_hash(ctx, x, X448_PRIVATE_BYTES, ed, - EDDSA_448_PRIVATE_BYTES, propq); -} - -c448_error_t -ossl_c448_ed448_derive_public_key( - OSSL_LIB_CTX *ctx, - uint8_t pubkey[EDDSA_448_PUBLIC_BYTES], - const uint8_t privkey[EDDSA_448_PRIVATE_BYTES], - const char *propq) -{ - /* only this much used for keygen */ - uint8_t secret_scalar_ser[EDDSA_448_PRIVATE_BYTES]; - curve448_scalar_t secret_scalar; - unsigned int c; - curve448_point_t p; - - if (!oneshot_hash(ctx, secret_scalar_ser, sizeof(secret_scalar_ser), - privkey, - EDDSA_448_PRIVATE_BYTES, - propq)) - return C448_FAILURE; - - clamp(secret_scalar_ser); - - ossl_curve448_scalar_decode_long(secret_scalar, secret_scalar_ser, - sizeof(secret_scalar_ser)); - - /* - * Since we are going to mul_by_cofactor during encoding, divide by it - * here. However, the EdDSA base point is not the same as the decaf base - * point if the sigma isogeny is in use: the EdDSA base point is on - * Etwist_d/(1-d) and the decaf base point is on Etwist_d, and when - * converted it effectively picks up a factor of 2 from the isogenies. So - * we might start at 2 instead of 1. - */ - for (c = 1; c < C448_EDDSA_ENCODE_RATIO; c <<= 1) - ossl_curve448_scalar_halve(secret_scalar, secret_scalar); - - ossl_curve448_precomputed_scalarmul(p, ossl_curve448_precomputed_base, - secret_scalar); - - ossl_curve448_point_mul_by_ratio_and_encode_like_eddsa(pubkey, p); - - /* Cleanup */ - ossl_curve448_scalar_destroy(secret_scalar); - ossl_curve448_point_destroy(p); - OPENSSL_cleanse(secret_scalar_ser, sizeof(secret_scalar_ser)); - - return C448_SUCCESS; -} - -c448_error_t -ossl_c448_ed448_sign(OSSL_LIB_CTX *ctx, - uint8_t signature[EDDSA_448_SIGNATURE_BYTES], - const uint8_t privkey[EDDSA_448_PRIVATE_BYTES], - const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES], - const uint8_t *message, size_t message_len, - uint8_t prehashed, const uint8_t *context, - size_t context_len, const char *propq) -{ - curve448_scalar_t secret_scalar; - EVP_MD_CTX *hashctx = EVP_MD_CTX_new(); - c448_error_t ret = C448_FAILURE; - curve448_scalar_t nonce_scalar; - uint8_t nonce_point[EDDSA_448_PUBLIC_BYTES] = { 0 }; - unsigned int c; - curve448_scalar_t challenge_scalar; - - if (hashctx == NULL) - return C448_FAILURE; - - { - /* - * Schedule the secret key, First EDDSA_448_PRIVATE_BYTES is serialized - * secret scalar,next EDDSA_448_PRIVATE_BYTES bytes is the seed. - */ - uint8_t expanded[EDDSA_448_PRIVATE_BYTES * 2]; - - if (!oneshot_hash(ctx, expanded, sizeof(expanded), privkey, - EDDSA_448_PRIVATE_BYTES, propq)) - goto err; - clamp(expanded); - ossl_curve448_scalar_decode_long(secret_scalar, expanded, - EDDSA_448_PRIVATE_BYTES); - - /* Hash to create the nonce */ - if (!hash_init_with_dom(ctx, hashctx, prehashed, 0, context, - context_len, propq) - || !EVP_DigestUpdate(hashctx, - expanded + EDDSA_448_PRIVATE_BYTES, - EDDSA_448_PRIVATE_BYTES) - || !EVP_DigestUpdate(hashctx, message, message_len)) { - OPENSSL_cleanse(expanded, sizeof(expanded)); - goto err; - } - OPENSSL_cleanse(expanded, sizeof(expanded)); - } - - /* Decode the nonce */ - { - uint8_t nonce[2 * EDDSA_448_PRIVATE_BYTES]; - - if (!EVP_DigestFinalXOF(hashctx, nonce, sizeof(nonce))) - goto err; - ossl_curve448_scalar_decode_long(nonce_scalar, nonce, sizeof(nonce)); - OPENSSL_cleanse(nonce, sizeof(nonce)); - } - - { - /* Scalarmul to create the nonce-point */ - curve448_scalar_t nonce_scalar_2; - curve448_point_t p; - - ossl_curve448_scalar_halve(nonce_scalar_2, nonce_scalar); - for (c = 2; c < C448_EDDSA_ENCODE_RATIO; c <<= 1) - ossl_curve448_scalar_halve(nonce_scalar_2, nonce_scalar_2); - - ossl_curve448_precomputed_scalarmul(p, ossl_curve448_precomputed_base, - nonce_scalar_2); - ossl_curve448_point_mul_by_ratio_and_encode_like_eddsa(nonce_point, p); - ossl_curve448_point_destroy(p); - ossl_curve448_scalar_destroy(nonce_scalar_2); - } - - { - uint8_t challenge[2 * EDDSA_448_PRIVATE_BYTES]; - - /* Compute the challenge */ - if (!hash_init_with_dom(ctx, hashctx, prehashed, 0, context, context_len, - propq) - || !EVP_DigestUpdate(hashctx, nonce_point, sizeof(nonce_point)) - || !EVP_DigestUpdate(hashctx, pubkey, EDDSA_448_PUBLIC_BYTES) - || !EVP_DigestUpdate(hashctx, message, message_len) - || !EVP_DigestFinalXOF(hashctx, challenge, sizeof(challenge))) - goto err; - - ossl_curve448_scalar_decode_long(challenge_scalar, challenge, - sizeof(challenge)); - OPENSSL_cleanse(challenge, sizeof(challenge)); - } - - ossl_curve448_scalar_mul(challenge_scalar, challenge_scalar, secret_scalar); - ossl_curve448_scalar_add(challenge_scalar, challenge_scalar, nonce_scalar); - - OPENSSL_cleanse(signature, EDDSA_448_SIGNATURE_BYTES); - memcpy(signature, nonce_point, sizeof(nonce_point)); - ossl_curve448_scalar_encode(&signature[EDDSA_448_PUBLIC_BYTES], - challenge_scalar); - - ossl_curve448_scalar_destroy(secret_scalar); - ossl_curve448_scalar_destroy(nonce_scalar); - ossl_curve448_scalar_destroy(challenge_scalar); - - ret = C448_SUCCESS; - err: - EVP_MD_CTX_free(hashctx); - return ret; -} - -c448_error_t -ossl_c448_ed448_sign_prehash( - OSSL_LIB_CTX *ctx, - uint8_t signature[EDDSA_448_SIGNATURE_BYTES], - const uint8_t privkey[EDDSA_448_PRIVATE_BYTES], - const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES], - const uint8_t hash[64], const uint8_t *context, - size_t context_len, const char *propq) -{ - return ossl_c448_ed448_sign(ctx, signature, privkey, pubkey, hash, 64, 1, - context, context_len, propq); -} - -c448_error_t -ossl_c448_ed448_verify( - OSSL_LIB_CTX *ctx, - const uint8_t signature[EDDSA_448_SIGNATURE_BYTES], - const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES], - const uint8_t *message, size_t message_len, - uint8_t prehashed, const uint8_t *context, - uint8_t context_len, const char *propq) -{ - curve448_point_t pk_point, r_point; - c448_error_t error; - curve448_scalar_t challenge_scalar; - curve448_scalar_t response_scalar; - /* Order in little endian format */ - static const uint8_t order[] = { - 0xF3, 0x44, 0x58, 0xAB, 0x92, 0xC2, 0x78, 0x23, 0x55, 0x8F, 0xC5, 0x8D, - 0x72, 0xC2, 0x6C, 0x21, 0x90, 0x36, 0xD6, 0xAE, 0x49, 0xDB, 0x4E, 0xC4, - 0xE9, 0x23, 0xCA, 0x7C, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x3F, 0x00 - }; - int i; - - /* - * Check that s (second 57 bytes of the sig) is less than the order. Both - * s and the order are in little-endian format. This can be done in - * variable time, since if this is not the case the signature if publicly - * invalid. - */ - for (i = EDDSA_448_PUBLIC_BYTES - 1; i >= 0; i--) { - if (signature[i + EDDSA_448_PUBLIC_BYTES] > order[i]) - return C448_FAILURE; - if (signature[i + EDDSA_448_PUBLIC_BYTES] < order[i]) - break; - } - if (i < 0) - return C448_FAILURE; - - error = - ossl_curve448_point_decode_like_eddsa_and_mul_by_ratio(pk_point, pubkey); - - if (C448_SUCCESS != error) - return error; - - error = - ossl_curve448_point_decode_like_eddsa_and_mul_by_ratio(r_point, signature); - if (C448_SUCCESS != error) - return error; - - { - /* Compute the challenge */ - EVP_MD_CTX *hashctx = EVP_MD_CTX_new(); - uint8_t challenge[2 * EDDSA_448_PRIVATE_BYTES]; - - if (hashctx == NULL - || !hash_init_with_dom(ctx, hashctx, prehashed, 0, context, - context_len, propq) - || !EVP_DigestUpdate(hashctx, signature, EDDSA_448_PUBLIC_BYTES) - || !EVP_DigestUpdate(hashctx, pubkey, EDDSA_448_PUBLIC_BYTES) - || !EVP_DigestUpdate(hashctx, message, message_len) - || !EVP_DigestFinalXOF(hashctx, challenge, sizeof(challenge))) { - EVP_MD_CTX_free(hashctx); - return C448_FAILURE; - } - - EVP_MD_CTX_free(hashctx); - ossl_curve448_scalar_decode_long(challenge_scalar, challenge, - sizeof(challenge)); - OPENSSL_cleanse(challenge, sizeof(challenge)); - } - ossl_curve448_scalar_sub(challenge_scalar, ossl_curve448_scalar_zero, - challenge_scalar); - - ossl_curve448_scalar_decode_long(response_scalar, - &signature[EDDSA_448_PUBLIC_BYTES], - EDDSA_448_PRIVATE_BYTES); - - /* pk_point = -c(x(P)) + (cx + k)G = kG */ - ossl_curve448_base_double_scalarmul_non_secret(pk_point, - response_scalar, - pk_point, challenge_scalar); - return c448_succeed_if(ossl_curve448_point_eq(pk_point, r_point)); -} - -c448_error_t -ossl_c448_ed448_verify_prehash( - OSSL_LIB_CTX *ctx, - const uint8_t signature[EDDSA_448_SIGNATURE_BYTES], - const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES], - const uint8_t hash[64], const uint8_t *context, - uint8_t context_len, const char *propq) -{ - return ossl_c448_ed448_verify(ctx, signature, pubkey, hash, 64, 1, context, - context_len, propq); -} - -int -ossl_ed448_sign(OSSL_LIB_CTX *ctx, uint8_t *out_sig, const uint8_t *message, - size_t message_len, const uint8_t public_key[57], - const uint8_t private_key[57], const uint8_t *context, - size_t context_len, const char *propq) -{ - return ossl_c448_ed448_sign(ctx, out_sig, private_key, public_key, message, - message_len, 0, context, context_len, - propq) == C448_SUCCESS; -} - -int -ossl_ed448_verify(OSSL_LIB_CTX *ctx, const uint8_t *message, size_t message_len, - const uint8_t signature[114], const uint8_t public_key[57], - const uint8_t *context, size_t context_len, const char *propq) -{ - return ossl_c448_ed448_verify(ctx, signature, public_key, message, - message_len, 0, context, (uint8_t)context_len, - propq) == C448_SUCCESS; -} - -int -ossl_ed448ph_sign(OSSL_LIB_CTX *ctx, uint8_t *out_sig, const uint8_t hash[64], - const uint8_t public_key[57], const uint8_t private_key[57], - const uint8_t *context, size_t context_len, const char *propq) -{ - return ossl_c448_ed448_sign_prehash(ctx, out_sig, private_key, public_key, - hash, context, context_len, - propq) == C448_SUCCESS; -} - -int -ossl_ed448ph_verify(OSSL_LIB_CTX *ctx, const uint8_t hash[64], - const uint8_t signature[114], const uint8_t public_key[57], - const uint8_t *context, size_t context_len, - const char *propq) -{ - return ossl_c448_ed448_verify_prehash(ctx, signature, public_key, hash, - context, (uint8_t)context_len, - propq) == C448_SUCCESS; -} - -int -ossl_ed448_public_from_private(OSSL_LIB_CTX *ctx, uint8_t out_public_key[57], - const uint8_t private_key[57], const char *propq) -{ - return ossl_c448_ed448_derive_public_key(ctx, out_public_key, private_key, - propq) == C448_SUCCESS; -} diff --git a/crypto/ec/curve448/f_generic.c b/crypto/ec/curve448/f_generic.c deleted file mode 100644 index 4c571810d3afcf71a554cfbf115b3c8c579e00b7..0000000000000000000000000000000000000000 --- a/crypto/ec/curve448/f_generic.c +++ /dev/null @@ -1,204 +0,0 @@ -/* - * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. - * Copyright 2015-2016 Cryptography Research, Inc. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - * - * Originally written by Mike Hamburg - */ -#include "field.h" - -static const gf MODULUS = { - FIELD_LITERAL(0xffffffffffffffULL, 0xffffffffffffffULL, 0xffffffffffffffULL, - 0xffffffffffffffULL, 0xfffffffffffffeULL, 0xffffffffffffffULL, - 0xffffffffffffffULL, 0xffffffffffffffULL) -}; - -/* Serialize to wire format. */ -void gf_serialize(uint8_t *serial, const gf x, int with_hibit) -{ - unsigned int j = 0, fill = 0; - dword_t buffer = 0; - int i; - gf red; - - gf_copy(red, x); - gf_strong_reduce(red); - if (!with_hibit) - assert(gf_hibit(red) == 0); - - for (i = 0; i < (with_hibit ? X_SER_BYTES : SER_BYTES); i++) { - if (fill < 8 && j < NLIMBS) { - buffer |= ((dword_t) red->limb[LIMBPERM(j)]) << fill; - fill += LIMB_PLACE_VALUE(LIMBPERM(j)); - j++; - } - serial[i] = (uint8_t)buffer; - fill -= 8; - buffer >>= 8; - } -} - -/* Return high bit of x = low bit of 2x mod p */ -mask_t gf_hibit(const gf x) -{ - gf y; - - gf_add(y, x, x); - gf_strong_reduce(y); - return 0 - (y->limb[0] & 1); -} - -/* Return high bit of x = low bit of 2x mod p */ -mask_t gf_lobit(const gf x) -{ - gf y; - - gf_copy(y, x); - gf_strong_reduce(y); - return 0 - (y->limb[0] & 1); -} - -/* Deserialize from wire format; return -1 on success and 0 on failure. */ -mask_t gf_deserialize(gf x, const uint8_t serial[SER_BYTES], int with_hibit, - uint8_t hi_nmask) -{ - unsigned int j = 0, fill = 0; - dword_t buffer = 0; - dsword_t scarry = 0; - const unsigned nbytes = with_hibit ? X_SER_BYTES : SER_BYTES; - unsigned int i; - mask_t succ; - - for (i = 0; i < NLIMBS; i++) { - while (fill < LIMB_PLACE_VALUE(LIMBPERM(i)) && j < nbytes) { - uint8_t sj; - - sj = serial[j]; - if (j == nbytes - 1) - sj &= ~hi_nmask; - buffer |= ((dword_t) sj) << fill; - fill += 8; - j++; - } - x->limb[LIMBPERM(i)] = (word_t) - ((i < NLIMBS - 1) ? buffer & LIMB_MASK(LIMBPERM(i)) : buffer); - fill -= LIMB_PLACE_VALUE(LIMBPERM(i)); - buffer >>= LIMB_PLACE_VALUE(LIMBPERM(i)); - scarry = - (scarry + x->limb[LIMBPERM(i)] - - MODULUS->limb[LIMBPERM(i)]) >> (8 * sizeof(word_t)); - } - succ = with_hibit ? 0 - (mask_t) 1 : ~gf_hibit(x); - return succ & word_is_zero((word_t)buffer) & ~word_is_zero((word_t)scarry); -} - -/* Reduce to canonical form. */ -void gf_strong_reduce(gf a) -{ - dsword_t scarry; - word_t scarry_0; - dword_t carry = 0; - unsigned int i; - - /* first, clear high */ - gf_weak_reduce(a); /* Determined to have negligible perf impact. */ - - /* now the total is less than 2p */ - - /* compute total_value - p. No need to reduce mod p. */ - scarry = 0; - for (i = 0; i < NLIMBS; i++) { - scarry = scarry + a->limb[LIMBPERM(i)] - MODULUS->limb[LIMBPERM(i)]; - a->limb[LIMBPERM(i)] = scarry & LIMB_MASK(LIMBPERM(i)); - scarry >>= LIMB_PLACE_VALUE(LIMBPERM(i)); - } - - /* - * uncommon case: it was >= p, so now scarry = 0 and this = x common case: - * it was < p, so now scarry = -1 and this = x - p + 2^255 so let's add - * back in p. will carry back off the top for 2^255. - */ - assert(scarry == 0 || scarry == -1); - - scarry_0 = (word_t)scarry; - - /* add it back */ - for (i = 0; i < NLIMBS; i++) { - carry = - carry + a->limb[LIMBPERM(i)] + - (scarry_0 & MODULUS->limb[LIMBPERM(i)]); - a->limb[LIMBPERM(i)] = carry & LIMB_MASK(LIMBPERM(i)); - carry >>= LIMB_PLACE_VALUE(LIMBPERM(i)); - } - - assert(carry < 2 && ((word_t)carry + scarry_0) == 0); -} - -/* Subtract two gf elements d=a-b */ -void gf_sub(gf d, const gf a, const gf b) -{ - gf_sub_RAW(d, a, b); - gf_bias(d, 2); - gf_weak_reduce(d); -} - -/* Add two field elements d = a+b */ -void gf_add(gf d, const gf a, const gf b) -{ - gf_add_RAW(d, a, b); - gf_weak_reduce(d); -} - -/* Compare a==b */ -mask_t gf_eq(const gf a, const gf b) -{ - gf c; - mask_t ret = 0; - unsigned int i; - - gf_sub(c, a, b); - gf_strong_reduce(c); - - for (i = 0; i < NLIMBS; i++) - ret |= c->limb[LIMBPERM(i)]; - - return word_is_zero(ret); -} - -mask_t gf_isr(gf a, const gf x) -{ - gf L0, L1, L2; - - gf_sqr(L1, x); - gf_mul(L2, x, L1); - gf_sqr(L1, L2); - gf_mul(L2, x, L1); - gf_sqrn(L1, L2, 3); - gf_mul(L0, L2, L1); - gf_sqrn(L1, L0, 3); - gf_mul(L0, L2, L1); - gf_sqrn(L2, L0, 9); - gf_mul(L1, L0, L2); - gf_sqr(L0, L1); - gf_mul(L2, x, L0); - gf_sqrn(L0, L2, 18); - gf_mul(L2, L1, L0); - gf_sqrn(L0, L2, 37); - gf_mul(L1, L2, L0); - gf_sqrn(L0, L1, 37); - gf_mul(L1, L2, L0); - gf_sqrn(L0, L1, 111); - gf_mul(L2, L1, L0); - gf_sqr(L0, L2); - gf_mul(L1, x, L0); - gf_sqrn(L0, L1, 223); - gf_mul(L1, L2, L0); - gf_sqr(L2, L1); - gf_mul(L0, L2, x); - gf_copy(a, L1); - return gf_eq(L0, ONE); -} diff --git a/crypto/ec/curve448/field.h b/crypto/ec/curve448/field.h deleted file mode 100644 index e1c633378950db1ea5064c00b4cd34f917fcdd80..0000000000000000000000000000000000000000 --- a/crypto/ec/curve448/field.h +++ /dev/null @@ -1,173 +0,0 @@ -/* - * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. - * Copyright 2014 Cryptography Research, Inc. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - * - * Originally written by Mike Hamburg - */ - -#ifndef OSSL_CRYPTO_EC_CURVE448_FIELD_H -# define OSSL_CRYPTO_EC_CURVE448_FIELD_H - -# include "internal/constant_time.h" -# include -# include -# include "word.h" - -# define NLIMBS (64/sizeof(word_t)) -# define X_SER_BYTES 56 -# define SER_BYTES 56 - -# if defined(__GNUC__) || defined(__clang__) -# define INLINE_UNUSED __inline__ __attribute__((__unused__,__always_inline__)) -# define RESTRICT __restrict__ -# define ALIGNED __attribute__((__aligned__(16))) -# else -# define INLINE_UNUSED ossl_inline -# define RESTRICT -# define ALIGNED -# endif - -typedef struct gf_s { - word_t limb[NLIMBS]; -} ALIGNED gf_s, gf[1]; - -/* RFC 7748 support */ -# define X_PUBLIC_BYTES X_SER_BYTES -# define X_PRIVATE_BYTES X_PUBLIC_BYTES -# define X_PRIVATE_BITS 448 - -static INLINE_UNUSED void gf_copy(gf out, const gf a) -{ - *out = *a; -} - -static INLINE_UNUSED void gf_add_RAW(gf out, const gf a, const gf b); -static INLINE_UNUSED void gf_sub_RAW(gf out, const gf a, const gf b); -static INLINE_UNUSED void gf_bias(gf inout, int amount); -static INLINE_UNUSED void gf_weak_reduce(gf inout); - -void gf_strong_reduce(gf inout); -void gf_add(gf out, const gf a, const gf b); -void gf_sub(gf out, const gf a, const gf b); -void gf_mul(gf_s * RESTRICT out, const gf a, const gf b); -void gf_mulw_unsigned(gf_s * RESTRICT out, const gf a, uint32_t b); -void gf_sqr(gf_s * RESTRICT out, const gf a); -mask_t gf_isr(gf a, const gf x); /** a^2 x = 1, QNR, or 0 if x=0. Return true if successful */ -mask_t gf_eq(const gf x, const gf y); -mask_t gf_lobit(const gf x); -mask_t gf_hibit(const gf x); - -void gf_serialize(uint8_t *serial, const gf x, int with_highbit); -mask_t gf_deserialize(gf x, const uint8_t serial[SER_BYTES], int with_hibit, - uint8_t hi_nmask); - - -# define LIMBPERM(i) (i) -# if (ARCH_WORD_BITS == 32) -# include "arch_32/f_impl.h" /* Bring in the inline implementations */ -# define LIMB_MASK(i) (((1)< 0); - if (n & 1) { - gf_sqr(y, x); - n--; - } else { - gf_sqr(tmp, x); - gf_sqr(y, tmp); - n -= 2; - } - for (; n; n -= 2) { - gf_sqr(tmp, y); - gf_sqr(y, tmp); - } -} - -# define gf_add_nr gf_add_RAW - -/* Subtract mod p. Bias by 2 and don't reduce */ -static ossl_inline void gf_sub_nr(gf c, const gf a, const gf b) -{ - gf_sub_RAW(c, a, b); - gf_bias(c, 2); - if (GF_HEADROOM < 3) - gf_weak_reduce(c); -} - -/* Subtract mod p. Bias by amt but don't reduce. */ -static ossl_inline void gf_subx_nr(gf c, const gf a, const gf b, int amt) -{ - gf_sub_RAW(c, a, b); - gf_bias(c, amt); - if (GF_HEADROOM < amt + 1) - gf_weak_reduce(c); -} - -/* Mul by signed int. Not constant-time WRT the sign of that int. */ -static ossl_inline void gf_mulw(gf c, const gf a, int32_t w) -{ - if (w > 0) { - gf_mulw_unsigned(c, a, w); - } else { - gf_mulw_unsigned(c, a, -w); - gf_sub(c, ZERO, c); - } -} - -/* Constant time, x = is_z ? z : y */ -static ossl_inline void gf_cond_sel(gf x, const gf y, const gf z, mask_t is_z) -{ - size_t i; - - for (i = 0; i < NLIMBS; i++) { -#if ARCH_WORD_BITS == 32 - x[0].limb[i] = constant_time_select_32(is_z, z[0].limb[i], - y[0].limb[i]); -#else - /* Must be 64 bit */ - x[0].limb[i] = constant_time_select_64(is_z, z[0].limb[i], - y[0].limb[i]); -#endif - } -} - -/* Constant time, if (neg) x=-x; */ -static ossl_inline void gf_cond_neg(gf x, mask_t neg) -{ - gf y; - - gf_sub(y, ZERO, x); - gf_cond_sel(x, x, y, neg); -} - -/* Constant time, if (swap) (x,y) = (y,x); */ -static ossl_inline void gf_cond_swap(gf x, gf_s * RESTRICT y, mask_t swap) -{ - size_t i; - - for (i = 0; i < NLIMBS; i++) { -#if ARCH_WORD_BITS == 32 - constant_time_cond_swap_32(swap, &(x[0].limb[i]), &(y->limb[i])); -#else - /* Must be 64 bit */ - constant_time_cond_swap_64(swap, &(x[0].limb[i]), &(y->limb[i])); -#endif - } -} - -#endif /* OSSL_CRYPTO_EC_CURVE448_FIELD_H */ diff --git a/crypto/ec/curve448/point_448.h b/crypto/ec/curve448/point_448.h deleted file mode 100644 index e67ea68044ebad8c7ce00b68cbaddc5eb89b353d..0000000000000000000000000000000000000000 --- a/crypto/ec/curve448/point_448.h +++ /dev/null @@ -1,316 +0,0 @@ -/* - * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. - * Copyright 2015-2016 Cryptography Research, Inc. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - * - * Originally written by Mike Hamburg - */ - -#ifndef OSSL_CRYPTO_EC_CURVE448_POINT_448_H -# define OSSL_CRYPTO_EC_CURVE448_POINT_448_H - -# include "curve448utils.h" -# include "field.h" - -/* Comb config: number of combs, n, t, s. */ -#define COMBS_N 5 -#define COMBS_T 5 -#define COMBS_S 18 - -/* Projective Niels coordinates */ -typedef struct { - gf a, b, c; -} niels_s, niels_t[1]; -typedef struct { - niels_t n; - gf z; -} pniels_t[1]; - -/* Precomputed base */ -struct curve448_precomputed_s { - niels_t table[COMBS_N << (COMBS_T - 1)]; -}; - -# define C448_SCALAR_LIMBS ((446-1)/C448_WORD_BITS+1) - -/* The number of bits in a scalar */ -# define C448_SCALAR_BITS 446 - -/* Number of bytes in a serialized scalar. */ -# define C448_SCALAR_BYTES 56 - -/* X448 encoding ratio. */ -# define X448_ENCODE_RATIO 2 - -/* Number of bytes in an x448 public key */ -# define X448_PUBLIC_BYTES 56 - -/* Number of bytes in an x448 private key */ -# define X448_PRIVATE_BYTES 56 - -/* Twisted Edwards extended homogeneous coordinates */ -typedef struct curve448_point_s { - gf x, y, z, t; -} curve448_point_t[1]; - -/* Precomputed table based on a point. Can be trivial implementation. */ -struct curve448_precomputed_s; - -/* Precomputed table based on a point. Can be trivial implementation. */ -typedef struct curve448_precomputed_s curve448_precomputed_s; - -/* Scalar is stored packed, because we don't need the speed. */ -typedef struct curve448_scalar_s { - c448_word_t limb[C448_SCALAR_LIMBS]; -} curve448_scalar_t[1]; - -/* A scalar equal to 1. */ -extern const curve448_scalar_t ossl_curve448_scalar_one; - -/* A scalar equal to 0. */ -extern const curve448_scalar_t ossl_curve448_scalar_zero; - -/* The identity point on the curve. */ -extern const curve448_point_t ossl_curve448_point_identity; - -/* Precomputed table for the base point on the curve. */ -extern const struct curve448_precomputed_s *ossl_curve448_precomputed_base; -extern const niels_t *ossl_curve448_wnaf_base; - -/* - * Read a scalar from wire format or from bytes. - * - * ser (in): Serialized form of a scalar. - * out (out): Deserialized form. - * - * Returns: - * C448_SUCCESS: The scalar was correctly encoded. - * C448_FAILURE: The scalar was greater than the modulus, and has been reduced - * modulo that modulus. - */ -c448_error_t -ossl_curve448_scalar_decode(curve448_scalar_t out, - const unsigned char ser[C448_SCALAR_BYTES]); - -/* - * Read a scalar from wire format or from bytes. Reduces mod scalar prime. - * - * ser (in): Serialized form of a scalar. - * ser_len (in): Length of serialized form. - * out (out): Deserialized form. - */ -void -ossl_curve448_scalar_decode_long(curve448_scalar_t out, - const unsigned char *ser, size_t ser_len); - -/* - * Serialize a scalar to wire format. - * - * ser (out): Serialized form of a scalar. - * s (in): Deserialized scalar. - */ -void -ossl_curve448_scalar_encode(unsigned char ser[C448_SCALAR_BYTES], - const curve448_scalar_t s); - -/* - * Add two scalars. |a|, |b| and |out| may alias each other. - * - * a (in): One scalar. - * b (in): Another scalar. - * out (out): a+b. - */ -void -ossl_curve448_scalar_add(curve448_scalar_t out, - const curve448_scalar_t a, const curve448_scalar_t b); - -/* - * Subtract two scalars. |a|, |b| and |out| may alias each other. - * a (in): One scalar. - * b (in): Another scalar. - * out (out): a-b. - */ -void -ossl_curve448_scalar_sub(curve448_scalar_t out, - const curve448_scalar_t a, const curve448_scalar_t b); - -/* - * Multiply two scalars. |a|, |b| and |out| may alias each other. - * - * a (in): One scalar. - * b (in): Another scalar. - * out (out): a*b. - */ -void -ossl_curve448_scalar_mul(curve448_scalar_t out, - const curve448_scalar_t a, const curve448_scalar_t b); - -/* -* Halve a scalar. |a| and |out| may alias each other. -* -* a (in): A scalar. -* out (out): a/2. -*/ -void -ossl_curve448_scalar_halve(curve448_scalar_t out, const curve448_scalar_t a); - -/* - * Copy a scalar. The scalars may alias each other, in which case this - * function does nothing. - * - * a (in): A scalar. - * out (out): Will become a copy of a. - */ -static ossl_inline void curve448_scalar_copy(curve448_scalar_t out, - const curve448_scalar_t a) -{ - *out = *a; -} - -/* - * Copy a point. The input and output may alias, in which case this function - * does nothing. - * - * a (out): A copy of the point. - * b (in): Any point. - */ -static ossl_inline void curve448_point_copy(curve448_point_t a, - const curve448_point_t b) -{ - *a = *b; -} - -/* - * Test whether two points are equal. If yes, return C448_TRUE, else return - * C448_FALSE. - * - * a (in): A point. - * b (in): Another point. - * - * Returns: - * C448_TRUE: The points are equal. - * C448_FALSE: The points are not equal. - */ -__owur c448_bool_t -ossl_curve448_point_eq(const curve448_point_t a, - const curve448_point_t b); - -/* - * Double a point. Equivalent to curve448_point_add(two_a,a,a), but potentially - * faster. - * - * two_a (out): The sum a+a. - * a (in): A point. - */ -void -ossl_curve448_point_double(curve448_point_t two_a, const curve448_point_t a); - -/* - * RFC 7748 Diffie-Hellman scalarmul. This function uses a different - * (non-Decaf) encoding. - * - * out (out): The scaled point base*scalar - * base (in): The point to be scaled. - * scalar (in): The scalar to multiply by. - * - * Returns: - * C448_SUCCESS: The scalarmul succeeded. - * C448_FAILURE: The scalarmul didn't succeed, because the base point is in a - * small subgroup. - */ -__owur c448_error_t -ossl_x448_int(uint8_t out[X448_PUBLIC_BYTES], - const uint8_t base[X448_PUBLIC_BYTES], - const uint8_t scalar[X448_PRIVATE_BYTES]); - -/* - * Multiply a point by X448_ENCODE_RATIO, then encode it like RFC 7748. - * - * This function is mainly used internally, but is exported in case - * it will be useful. - * - * The ratio is necessary because the internal representation doesn't - * track the cofactor information, so on output we must clear the cofactor. - * This would multiply by the cofactor, but in fact internally points are always - * even, so it multiplies by half the cofactor instead. - * - * As it happens, this aligns with the base point definitions; that is, - * if you pass the Decaf/Ristretto base point to this function, the result - * will be X448_ENCODE_RATIO times the X448 - * base point. - * - * out (out): The scaled and encoded point. - * p (in): The point to be scaled and encoded. - */ -void -ossl_curve448_point_mul_by_ratio_and_encode_like_x448( - uint8_t out[X448_PUBLIC_BYTES], - const curve448_point_t p); - -/* - * RFC 7748 Diffie-Hellman base point scalarmul. This function uses a different - * (non-Decaf) encoding. - * - * out (out): The scaled point base*scalar - * scalar (in): The scalar to multiply by. - */ -void -ossl_x448_derive_public_key(uint8_t out[X448_PUBLIC_BYTES], - const uint8_t scalar[X448_PRIVATE_BYTES]); - -/* - * Multiply a precomputed base point by a scalar: out = scalar*base. - * - * scaled (out): The scaled point base*scalar - * base (in): The point to be scaled. - * scalar (in): The scalar to multiply by. - */ -void -ossl_curve448_precomputed_scalarmul(curve448_point_t scaled, - const curve448_precomputed_s * base, - const curve448_scalar_t scalar); - -/* - * Multiply two base points by two scalars: - * combo = scalar1*curve448_point_base + scalar2*base2. - * - * Otherwise equivalent to curve448_point_double_scalarmul, but may be - * faster at the expense of being variable time. - * - * combo (out): The linear combination scalar1*base + scalar2*base2. - * scalar1 (in): A first scalar to multiply by. - * base2 (in): A second point to be scaled. - * scalar2 (in) A second scalar to multiply by. - * - * Warning: This function takes variable time, and may leak the scalars used. - * It is designed for signature verification. - */ -void -ossl_curve448_base_double_scalarmul_non_secret(curve448_point_t combo, - const curve448_scalar_t scalar1, - const curve448_point_t base2, - const curve448_scalar_t scalar2); - -/* - * Test that a point is valid, for debugging purposes. - * - * to_test (in): The point to test. - * - * Returns: - * C448_TRUE The point is valid. - * C448_FALSE The point is invalid. - */ -__owur c448_bool_t -ossl_curve448_point_valid(const curve448_point_t to_test); - -/* Overwrite scalar with zeros. */ -void ossl_curve448_scalar_destroy(curve448_scalar_t scalar); - -/* Overwrite point with zeros. */ -void ossl_curve448_point_destroy(curve448_point_t point); - -#endif /* OSSL_CRYPTO_EC_CURVE448_POINT_448_H */ diff --git a/crypto/ec/curve448/scalar.c b/crypto/ec/curve448/scalar.c deleted file mode 100644 index 99c0d83db13ba7b822b4ea29c147d410f9aa60c4..0000000000000000000000000000000000000000 --- a/crypto/ec/curve448/scalar.c +++ /dev/null @@ -1,240 +0,0 @@ -/* - * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. - * Copyright 2015-2016 Cryptography Research, Inc. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - * - * Originally written by Mike Hamburg - */ -#include - -#include "word.h" -#include "point_448.h" - -static const c448_word_t MONTGOMERY_FACTOR = (c448_word_t) 0x3bd440fae918bc5ULL; -static const curve448_scalar_t sc_p = { - { - { - SC_LIMB(0x2378c292ab5844f3ULL), SC_LIMB(0x216cc2728dc58f55ULL), - SC_LIMB(0xc44edb49aed63690ULL), SC_LIMB(0xffffffff7cca23e9ULL), - SC_LIMB(0xffffffffffffffffULL), SC_LIMB(0xffffffffffffffffULL), - SC_LIMB(0x3fffffffffffffffULL) - } - } -}, sc_r2 = { - { - { - - SC_LIMB(0xe3539257049b9b60ULL), SC_LIMB(0x7af32c4bc1b195d9ULL), - SC_LIMB(0x0d66de2388ea1859ULL), SC_LIMB(0xae17cf725ee4d838ULL), - SC_LIMB(0x1a9cc14ba3c47c44ULL), SC_LIMB(0x2052bcb7e4d070afULL), - SC_LIMB(0x3402a939f823b729ULL) - } - } -}; - -#define WBITS C448_WORD_BITS /* NB this may be different from ARCH_WORD_BITS */ - -const curve448_scalar_t ossl_curve448_scalar_one = {{{1}}}; -const curve448_scalar_t ossl_curve448_scalar_zero = {{{0}}}; - -/* - * {extra,accum} - sub +? p - * Must have extra <= 1 - */ -static void sc_subx(curve448_scalar_t out, - const c448_word_t accum[C448_SCALAR_LIMBS], - const curve448_scalar_t sub, - const curve448_scalar_t p, c448_word_t extra) -{ - c448_dsword_t chain = 0; - unsigned int i; - c448_word_t borrow; - - for (i = 0; i < C448_SCALAR_LIMBS; i++) { - chain = (chain + accum[i]) - sub->limb[i]; - out->limb[i] = (c448_word_t)chain; - chain >>= WBITS; - } - borrow = (c448_word_t)chain + extra; /* = 0 or -1 */ - - chain = 0; - for (i = 0; i < C448_SCALAR_LIMBS; i++) { - chain = (chain + out->limb[i]) + (p->limb[i] & borrow); - out->limb[i] = (c448_word_t)chain; - chain >>= WBITS; - } -} - -static void sc_montmul(curve448_scalar_t out, const curve448_scalar_t a, - const curve448_scalar_t b) -{ - unsigned int i, j; - c448_word_t accum[C448_SCALAR_LIMBS + 1] = { 0 }; - c448_word_t hi_carry = 0; - - for (i = 0; i < C448_SCALAR_LIMBS; i++) { - c448_word_t mand = a->limb[i]; - const c448_word_t *mier = b->limb; - - c448_dword_t chain = 0; - for (j = 0; j < C448_SCALAR_LIMBS; j++) { - chain += ((c448_dword_t) mand) * mier[j] + accum[j]; - accum[j] = (c448_word_t)chain; - chain >>= WBITS; - } - accum[j] = (c448_word_t)chain; - - mand = accum[0] * MONTGOMERY_FACTOR; - chain = 0; - mier = sc_p->limb; - for (j = 0; j < C448_SCALAR_LIMBS; j++) { - chain += (c448_dword_t) mand *mier[j] + accum[j]; - if (j) - accum[j - 1] = (c448_word_t)chain; - chain >>= WBITS; - } - chain += accum[j]; - chain += hi_carry; - accum[j - 1] = (c448_word_t)chain; - hi_carry = chain >> WBITS; - } - - sc_subx(out, accum, sc_p, sc_p, hi_carry); -} - -void ossl_curve448_scalar_mul(curve448_scalar_t out, const curve448_scalar_t a, - const curve448_scalar_t b) -{ - sc_montmul(out, a, b); - sc_montmul(out, out, sc_r2); -} - -void -ossl_curve448_scalar_sub(curve448_scalar_t out, const curve448_scalar_t a, - const curve448_scalar_t b) -{ - sc_subx(out, a->limb, b, sc_p, 0); -} - -void -ossl_curve448_scalar_add(curve448_scalar_t out, const curve448_scalar_t a, - const curve448_scalar_t b) -{ - c448_dword_t chain = 0; - unsigned int i; - - for (i = 0; i < C448_SCALAR_LIMBS; i++) { - chain = (chain + a->limb[i]) + b->limb[i]; - out->limb[i] = (c448_word_t)chain; - chain >>= WBITS; - } - sc_subx(out, out->limb, sc_p, sc_p, (c448_word_t)chain); -} - -static ossl_inline void scalar_decode_short(curve448_scalar_t s, - const unsigned char *ser, - size_t nbytes) -{ - size_t i, j, k = 0; - - for (i = 0; i < C448_SCALAR_LIMBS; i++) { - c448_word_t out = 0; - - for (j = 0; j < sizeof(c448_word_t) && k < nbytes; j++, k++) - out |= ((c448_word_t) ser[k]) << (8 * j); - s->limb[i] = out; - } -} - -c448_error_t -ossl_curve448_scalar_decode(curve448_scalar_t s, - const unsigned char ser[C448_SCALAR_BYTES]) -{ - unsigned int i; - c448_dsword_t accum = 0; - - scalar_decode_short(s, ser, C448_SCALAR_BYTES); - for (i = 0; i < C448_SCALAR_LIMBS; i++) - accum = (accum + s->limb[i] - sc_p->limb[i]) >> WBITS; - /* Here accum == 0 or -1 */ - - ossl_curve448_scalar_mul(s, s, ossl_curve448_scalar_one); /* ham-handed reduce */ - - return c448_succeed_if(~word_is_zero((uint32_t)accum)); -} - -void ossl_curve448_scalar_destroy(curve448_scalar_t scalar) -{ - OPENSSL_cleanse(scalar, sizeof(curve448_scalar_t)); -} - -void -ossl_curve448_scalar_decode_long(curve448_scalar_t s, - const unsigned char *ser, size_t ser_len) -{ - size_t i; - curve448_scalar_t t1, t2; - - if (ser_len == 0) { - curve448_scalar_copy(s, ossl_curve448_scalar_zero); - return; - } - - i = ser_len - (ser_len % C448_SCALAR_BYTES); - if (i == ser_len) - i -= C448_SCALAR_BYTES; - - scalar_decode_short(t1, &ser[i], ser_len - i); - - if (ser_len == sizeof(curve448_scalar_t)) { - assert(i == 0); - /* ham-handed reduce */ - ossl_curve448_scalar_mul(s, t1, ossl_curve448_scalar_one); - ossl_curve448_scalar_destroy(t1); - return; - } - - while (i) { - i -= C448_SCALAR_BYTES; - sc_montmul(t1, t1, sc_r2); - (void)ossl_curve448_scalar_decode(t2, ser + i); - ossl_curve448_scalar_add(t1, t1, t2); - } - - curve448_scalar_copy(s, t1); - ossl_curve448_scalar_destroy(t1); - ossl_curve448_scalar_destroy(t2); -} - -void -ossl_curve448_scalar_encode(unsigned char ser[C448_SCALAR_BYTES], - const curve448_scalar_t s) -{ - unsigned int i, j, k = 0; - - for (i = 0; i < C448_SCALAR_LIMBS; i++) { - for (j = 0; j < sizeof(c448_word_t); j++, k++) - ser[k] = s->limb[i] >> (8 * j); - } -} - -void -ossl_curve448_scalar_halve(curve448_scalar_t out, const curve448_scalar_t a) -{ - c448_word_t mask = 0 - (a->limb[0] & 1); - c448_dword_t chain = 0; - unsigned int i; - - for (i = 0; i < C448_SCALAR_LIMBS; i++) { - chain = (chain + a->limb[i]) + (sc_p->limb[i] & mask); - out->limb[i] = (c448_word_t)chain; - chain >>= C448_WORD_BITS; - } - for (i = 0; i < C448_SCALAR_LIMBS - 1; i++) - out->limb[i] = out->limb[i] >> 1 | out->limb[i + 1] << (WBITS - 1); - out->limb[i] = out->limb[i] >> 1 | (c448_word_t)(chain << (WBITS - 1)); -} diff --git a/crypto/ec/curve448/word.h b/crypto/ec/curve448/word.h deleted file mode 100644 index f8292eef88f29113d6cfe4dc9212a2664a28b95f..0000000000000000000000000000000000000000 --- a/crypto/ec/curve448/word.h +++ /dev/null @@ -1,86 +0,0 @@ -/* - * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. - * Copyright 2014 Cryptography Research, Inc. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - * - * Originally written by Mike Hamburg - */ - -#ifndef OSSL_CRYPTO_EC_CURVE448_WORD_H -# define OSSL_CRYPTO_EC_CURVE448_WORD_H - -# include -# include -# include -# include -# include "curve448utils.h" - -# ifdef INT128_MAX -# include "arch_64/arch_intrinsics.h" -# else -# include "arch_32/arch_intrinsics.h" -# endif - -# if (ARCH_WORD_BITS == 64) -typedef uint64_t word_t, mask_t; -typedef uint128_t dword_t; -typedef int32_t hsword_t; -typedef int64_t sword_t; -typedef int128_t dsword_t; -# elif (ARCH_WORD_BITS == 32) -typedef uint32_t word_t, mask_t; -typedef uint64_t dword_t; -typedef int16_t hsword_t; -typedef int32_t sword_t; -typedef int64_t dsword_t; -# else -# error "For now, we only support 32- and 64-bit architectures." -# endif - -/* - * Scalar limbs are keyed off of the API word size instead of the arch word - * size. - */ -# if C448_WORD_BITS == 64 -# define SC_LIMB(x) (x) -# elif C448_WORD_BITS == 32 -# define SC_LIMB(x) ((uint32_t)(x)),((x) >> 32) -# else -# error "For now we only support 32- and 64-bit architectures." -# endif - -/* - * The plan on booleans: The external interface uses c448_bool_t, but this - * might be a different size than our particular arch's word_t (and thus - * mask_t). Also, the caller isn't guaranteed to pass it as nonzero. So - * bool_to_mask converts word sizes and checks nonzero. On the flip side, - * mask_t is always -1 or 0, but it might be a different size than - * c448_bool_t. On the third hand, we have success vs boolean types, but - * that's handled in common.h: it converts between c448_bool_t and - * c448_error_t. - */ -static ossl_inline c448_bool_t mask_to_bool(mask_t m) -{ - return (c448_sword_t)(sword_t)m; -} - -static ossl_inline mask_t bool_to_mask(c448_bool_t m) -{ - /* On most arches this will be optimized to a simple cast. */ - mask_t ret = 0; - unsigned int i; - unsigned int limit = sizeof(c448_bool_t) / sizeof(mask_t); - - if (limit < 1) - limit = 1; - for (i = 0; i < limit; i++) - ret |= ~word_is_zero(m >> (i * 8 * sizeof(word_t))); - - return ret; -} - -#endif /* OSSL_CRYPTO_EC_CURVE448_WORD_H */ diff --git a/crypto/ec/ec2_oct.c b/crypto/ec/ec2_oct.c deleted file mode 100644 index 10a4932591d6c8718ba93534decde8495f1838fc..0000000000000000000000000000000000000000 --- a/crypto/ec/ec2_oct.c +++ /dev/null @@ -1,390 +0,0 @@ -/* - * Copyright 2011-2021 The OpenSSL Project Authors. All Rights Reserved. - * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * ECDSA low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include - -#include "ec_local.h" - -#ifndef OPENSSL_NO_EC2M - -/*- - * Calculates and sets the affine coordinates of an EC_POINT from the given - * compressed coordinates. Uses algorithm 2.3.4 of SEC 1. - * Note that the simple implementation only uses affine coordinates. - * - * The method is from the following publication: - * - * Harper, Menezes, Vanstone: - * "Public-Key Cryptosystems with Very Small Key Lengths", - * EUROCRYPT '92, Springer-Verlag LNCS 658, - * published February 1993 - * - * US Patents 6,141,420 and 6,618,483 (Vanstone, Mullin, Agnew) describe - * the same method, but claim no priority date earlier than July 29, 1994 - * (and additionally fail to cite the EUROCRYPT '92 publication as prior art). - */ -int ossl_ec_GF2m_simple_set_compressed_coordinates(const EC_GROUP *group, - EC_POINT *point, - const BIGNUM *x_, int y_bit, - BN_CTX *ctx) -{ - BIGNUM *tmp, *x, *y, *z; - int ret = 0, z0; -#ifndef FIPS_MODULE - BN_CTX *new_ctx = NULL; - - if (ctx == NULL) { - ctx = new_ctx = BN_CTX_new(); - if (ctx == NULL) - return 0; - } -#endif - - y_bit = (y_bit != 0) ? 1 : 0; - - BN_CTX_start(ctx); - tmp = BN_CTX_get(ctx); - x = BN_CTX_get(ctx); - y = BN_CTX_get(ctx); - z = BN_CTX_get(ctx); - if (z == NULL) - goto err; - - if (!BN_GF2m_mod_arr(x, x_, group->poly)) - goto err; - if (BN_is_zero(x)) { - if (!BN_GF2m_mod_sqrt_arr(y, group->b, group->poly, ctx)) - goto err; - } else { - if (!group->meth->field_sqr(group, tmp, x, ctx)) - goto err; - if (!group->meth->field_div(group, tmp, group->b, tmp, ctx)) - goto err; - if (!BN_GF2m_add(tmp, group->a, tmp)) - goto err; - if (!BN_GF2m_add(tmp, x, tmp)) - goto err; - ERR_set_mark(); - if (!BN_GF2m_mod_solve_quad_arr(z, tmp, group->poly, ctx)) { -#ifndef FIPS_MODULE - unsigned long err = ERR_peek_last_error(); - - if (ERR_GET_LIB(err) == ERR_LIB_BN - && ERR_GET_REASON(err) == BN_R_NO_SOLUTION) { - ERR_pop_to_mark(); - ERR_raise(ERR_LIB_EC, EC_R_INVALID_COMPRESSED_POINT); - } else -#endif - { - ERR_clear_last_mark(); - ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); - } - goto err; - } - ERR_clear_last_mark(); - z0 = (BN_is_odd(z)) ? 1 : 0; - if (!group->meth->field_mul(group, y, x, z, ctx)) - goto err; - if (z0 != y_bit) { - if (!BN_GF2m_add(y, y, x)) - goto err; - } - } - - if (!EC_POINT_set_affine_coordinates(group, point, x, y, ctx)) - goto err; - - ret = 1; - - err: - BN_CTX_end(ctx); -#ifndef FIPS_MODULE - BN_CTX_free(new_ctx); -#endif - return ret; -} - -/* - * Converts an EC_POINT to an octet string. If buf is NULL, the encoded - * length will be returned. If the length len of buf is smaller than required - * an error will be returned. - */ -size_t ossl_ec_GF2m_simple_point2oct(const EC_GROUP *group, - const EC_POINT *point, - point_conversion_form_t form, - unsigned char *buf, size_t len, BN_CTX *ctx) -{ - size_t ret; - int used_ctx = 0; - BIGNUM *x, *y, *yxi; - size_t field_len, i, skip; -#ifndef FIPS_MODULE - BN_CTX *new_ctx = NULL; -#endif - - if ((form != POINT_CONVERSION_COMPRESSED) - && (form != POINT_CONVERSION_UNCOMPRESSED) - && (form != POINT_CONVERSION_HYBRID)) { - ERR_raise(ERR_LIB_EC, EC_R_INVALID_FORM); - goto err; - } - - if (EC_POINT_is_at_infinity(group, point)) { - /* encodes to a single 0 octet */ - if (buf != NULL) { - if (len < 1) { - ERR_raise(ERR_LIB_EC, EC_R_BUFFER_TOO_SMALL); - return 0; - } - buf[0] = 0; - } - return 1; - } - - /* ret := required output buffer length */ - field_len = (EC_GROUP_get_degree(group) + 7) / 8; - ret = - (form == - POINT_CONVERSION_COMPRESSED) ? 1 + field_len : 1 + 2 * field_len; - - /* if 'buf' is NULL, just return required length */ - if (buf != NULL) { - if (len < ret) { - ERR_raise(ERR_LIB_EC, EC_R_BUFFER_TOO_SMALL); - goto err; - } - -#ifndef FIPS_MODULE - if (ctx == NULL) { - ctx = new_ctx = BN_CTX_new(); - if (ctx == NULL) - return 0; - } -#endif - - BN_CTX_start(ctx); - used_ctx = 1; - x = BN_CTX_get(ctx); - y = BN_CTX_get(ctx); - yxi = BN_CTX_get(ctx); - if (yxi == NULL) - goto err; - - if (!EC_POINT_get_affine_coordinates(group, point, x, y, ctx)) - goto err; - - buf[0] = form; - if ((form != POINT_CONVERSION_UNCOMPRESSED) && !BN_is_zero(x)) { - if (!group->meth->field_div(group, yxi, y, x, ctx)) - goto err; - if (BN_is_odd(yxi)) - buf[0]++; - } - - i = 1; - - skip = field_len - BN_num_bytes(x); - if (skip > field_len) { - ERR_raise(ERR_LIB_EC, ERR_R_INTERNAL_ERROR); - goto err; - } - while (skip > 0) { - buf[i++] = 0; - skip--; - } - skip = BN_bn2bin(x, buf + i); - i += skip; - if (i != 1 + field_len) { - ERR_raise(ERR_LIB_EC, ERR_R_INTERNAL_ERROR); - goto err; - } - - if (form == POINT_CONVERSION_UNCOMPRESSED - || form == POINT_CONVERSION_HYBRID) { - skip = field_len - BN_num_bytes(y); - if (skip > field_len) { - ERR_raise(ERR_LIB_EC, ERR_R_INTERNAL_ERROR); - goto err; - } - while (skip > 0) { - buf[i++] = 0; - skip--; - } - skip = BN_bn2bin(y, buf + i); - i += skip; - } - - if (i != ret) { - ERR_raise(ERR_LIB_EC, ERR_R_INTERNAL_ERROR); - goto err; - } - } - - if (used_ctx) - BN_CTX_end(ctx); -#ifndef FIPS_MODULE - BN_CTX_free(new_ctx); -#endif - return ret; - - err: - if (used_ctx) - BN_CTX_end(ctx); -#ifndef FIPS_MODULE - BN_CTX_free(new_ctx); -#endif - return 0; -} - -/* - * Converts an octet string representation to an EC_POINT. Note that the - * simple implementation only uses affine coordinates. - */ -int ossl_ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point, - const unsigned char *buf, size_t len, - BN_CTX *ctx) -{ - point_conversion_form_t form; - int y_bit, m; - BIGNUM *x, *y, *yxi; - size_t field_len, enc_len; - int ret = 0; -#ifndef FIPS_MODULE - BN_CTX *new_ctx = NULL; -#endif - - if (len == 0) { - ERR_raise(ERR_LIB_EC, EC_R_BUFFER_TOO_SMALL); - return 0; - } - - /* - * The first octet is the point converison octet PC, see X9.62, page 4 - * and section 4.4.2. It must be: - * 0x00 for the point at infinity - * 0x02 or 0x03 for compressed form - * 0x04 for uncompressed form - * 0x06 or 0x07 for hybrid form. - * For compressed or hybrid forms, we store the last bit of buf[0] as - * y_bit and clear it from buf[0] so as to obtain a POINT_CONVERSION_*. - * We error if buf[0] contains any but the above values. - */ - y_bit = buf[0] & 1; - form = buf[0] & ~1U; - - if ((form != 0) && (form != POINT_CONVERSION_COMPRESSED) - && (form != POINT_CONVERSION_UNCOMPRESSED) - && (form != POINT_CONVERSION_HYBRID)) { - ERR_raise(ERR_LIB_EC, EC_R_INVALID_ENCODING); - return 0; - } - if ((form == 0 || form == POINT_CONVERSION_UNCOMPRESSED) && y_bit) { - ERR_raise(ERR_LIB_EC, EC_R_INVALID_ENCODING); - return 0; - } - - /* The point at infinity is represented by a single zero octet. */ - if (form == 0) { - if (len != 1) { - ERR_raise(ERR_LIB_EC, EC_R_INVALID_ENCODING); - return 0; - } - - return EC_POINT_set_to_infinity(group, point); - } - - m = EC_GROUP_get_degree(group); - field_len = (m + 7) / 8; - enc_len = - (form == - POINT_CONVERSION_COMPRESSED) ? 1 + field_len : 1 + 2 * field_len; - - if (len != enc_len) { - ERR_raise(ERR_LIB_EC, EC_R_INVALID_ENCODING); - return 0; - } - -#ifndef FIPS_MODULE - if (ctx == NULL) { - ctx = new_ctx = BN_CTX_new(); - if (ctx == NULL) - return 0; - } -#endif - - BN_CTX_start(ctx); - x = BN_CTX_get(ctx); - y = BN_CTX_get(ctx); - yxi = BN_CTX_get(ctx); - if (yxi == NULL) - goto err; - - if (!BN_bin2bn(buf + 1, field_len, x)) - goto err; - if (BN_num_bits(x) > m) { - ERR_raise(ERR_LIB_EC, EC_R_INVALID_ENCODING); - goto err; - } - - if (form == POINT_CONVERSION_COMPRESSED) { - if (!EC_POINT_set_compressed_coordinates(group, point, x, y_bit, ctx)) - goto err; - } else { - if (!BN_bin2bn(buf + 1 + field_len, field_len, y)) - goto err; - if (BN_num_bits(y) > m) { - ERR_raise(ERR_LIB_EC, EC_R_INVALID_ENCODING); - goto err; - } - if (form == POINT_CONVERSION_HYBRID) { - /* - * Check that the form in the encoding was set correctly - * according to X9.62 4.4.2.a, 4(c), see also first paragraph - * of X9.62, 4.4.1.b. - */ - if (BN_is_zero(x)) { - if (y_bit != 0) { - ERR_raise(ERR_LIB_EC, EC_R_INVALID_ENCODING); - goto err; - } - } else { - if (!group->meth->field_div(group, yxi, y, x, ctx)) - goto err; - if (y_bit != BN_is_odd(yxi)) { - ERR_raise(ERR_LIB_EC, EC_R_INVALID_ENCODING); - goto err; - } - } - } - - /* - * EC_POINT_set_affine_coordinates is responsible for checking that - * the point is on the curve. - */ - if (!EC_POINT_set_affine_coordinates(group, point, x, y, ctx)) - goto err; - } - - ret = 1; - - err: - BN_CTX_end(ctx); -#ifndef FIPS_MODULE - BN_CTX_free(new_ctx); -#endif - return ret; -} -#endif diff --git a/crypto/ec/ec2_smpl.c b/crypto/ec/ec2_smpl.c deleted file mode 100644 index 3a59544c8b2f05ed707ff8529a116a02a9f21a61..0000000000000000000000000000000000000000 --- a/crypto/ec/ec2_smpl.c +++ /dev/null @@ -1,1003 +0,0 @@ -/* - * Copyright 2002-2021 The OpenSSL Project Authors. All Rights Reserved. - * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * ECDSA low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include - -#include "crypto/bn.h" -#include "ec_local.h" - -#ifndef OPENSSL_NO_EC2M - -/* - * Initialize a GF(2^m)-based EC_GROUP structure. Note that all other members - * are handled by EC_GROUP_new. - */ -int ossl_ec_GF2m_simple_group_init(EC_GROUP *group) -{ - group->field = BN_new(); - group->a = BN_new(); - group->b = BN_new(); - - if (group->field == NULL || group->a == NULL || group->b == NULL) { - BN_free(group->field); - BN_free(group->a); - BN_free(group->b); - return 0; - } - return 1; -} - -/* - * Free a GF(2^m)-based EC_GROUP structure. Note that all other members are - * handled by EC_GROUP_free. - */ -void ossl_ec_GF2m_simple_group_finish(EC_GROUP *group) -{ - BN_free(group->field); - BN_free(group->a); - BN_free(group->b); -} - -/* - * Clear and free a GF(2^m)-based EC_GROUP structure. Note that all other - * members are handled by EC_GROUP_clear_free. - */ -void ossl_ec_GF2m_simple_group_clear_finish(EC_GROUP *group) -{ - BN_clear_free(group->field); - BN_clear_free(group->a); - BN_clear_free(group->b); - group->poly[0] = 0; - group->poly[1] = 0; - group->poly[2] = 0; - group->poly[3] = 0; - group->poly[4] = 0; - group->poly[5] = -1; -} - -/* - * Copy a GF(2^m)-based EC_GROUP structure. Note that all other members are - * handled by EC_GROUP_copy. - */ -int ossl_ec_GF2m_simple_group_copy(EC_GROUP *dest, const EC_GROUP *src) -{ - if (!BN_copy(dest->field, src->field)) - return 0; - if (!BN_copy(dest->a, src->a)) - return 0; - if (!BN_copy(dest->b, src->b)) - return 0; - dest->poly[0] = src->poly[0]; - dest->poly[1] = src->poly[1]; - dest->poly[2] = src->poly[2]; - dest->poly[3] = src->poly[3]; - dest->poly[4] = src->poly[4]; - dest->poly[5] = src->poly[5]; - if (bn_wexpand(dest->a, (int)(dest->poly[0] + BN_BITS2 - 1) / BN_BITS2) == - NULL) - return 0; - if (bn_wexpand(dest->b, (int)(dest->poly[0] + BN_BITS2 - 1) / BN_BITS2) == - NULL) - return 0; - bn_set_all_zero(dest->a); - bn_set_all_zero(dest->b); - return 1; -} - -/* Set the curve parameters of an EC_GROUP structure. */ -int ossl_ec_GF2m_simple_group_set_curve(EC_GROUP *group, - const BIGNUM *p, const BIGNUM *a, - const BIGNUM *b, BN_CTX *ctx) -{ - int ret = 0, i; - - /* group->field */ - if (!BN_copy(group->field, p)) - goto err; - i = BN_GF2m_poly2arr(group->field, group->poly, 6) - 1; - if ((i != 5) && (i != 3)) { - ERR_raise(ERR_LIB_EC, EC_R_UNSUPPORTED_FIELD); - goto err; - } - - /* group->a */ - if (!BN_GF2m_mod_arr(group->a, a, group->poly)) - goto err; - if (bn_wexpand(group->a, (int)(group->poly[0] + BN_BITS2 - 1) / BN_BITS2) - == NULL) - goto err; - bn_set_all_zero(group->a); - - /* group->b */ - if (!BN_GF2m_mod_arr(group->b, b, group->poly)) - goto err; - if (bn_wexpand(group->b, (int)(group->poly[0] + BN_BITS2 - 1) / BN_BITS2) - == NULL) - goto err; - bn_set_all_zero(group->b); - - ret = 1; - err: - return ret; -} - -/* - * Get the curve parameters of an EC_GROUP structure. If p, a, or b are NULL - * then there values will not be set but the method will return with success. - */ -int ossl_ec_GF2m_simple_group_get_curve(const EC_GROUP *group, BIGNUM *p, - BIGNUM *a, BIGNUM *b, BN_CTX *ctx) -{ - int ret = 0; - - if (p != NULL) { - if (!BN_copy(p, group->field)) - return 0; - } - - if (a != NULL) { - if (!BN_copy(a, group->a)) - goto err; - } - - if (b != NULL) { - if (!BN_copy(b, group->b)) - goto err; - } - - ret = 1; - - err: - return ret; -} - -/* - * Gets the degree of the field. For a curve over GF(2^m) this is the value - * m. - */ -int ossl_ec_GF2m_simple_group_get_degree(const EC_GROUP *group) -{ - return BN_num_bits(group->field) - 1; -} - -/* - * Checks the discriminant of the curve. y^2 + x*y = x^3 + a*x^2 + b is an - * elliptic curve <=> b != 0 (mod p) - */ -int ossl_ec_GF2m_simple_group_check_discriminant(const EC_GROUP *group, - BN_CTX *ctx) -{ - int ret = 0; - BIGNUM *b; -#ifndef FIPS_MODULE - BN_CTX *new_ctx = NULL; - - if (ctx == NULL) { - ctx = new_ctx = BN_CTX_new(); - if (ctx == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); - goto err; - } - } -#endif - BN_CTX_start(ctx); - b = BN_CTX_get(ctx); - if (b == NULL) - goto err; - - if (!BN_GF2m_mod_arr(b, group->b, group->poly)) - goto err; - - /* - * check the discriminant: y^2 + x*y = x^3 + a*x^2 + b is an elliptic - * curve <=> b != 0 (mod p) - */ - if (BN_is_zero(b)) - goto err; - - ret = 1; - - err: - BN_CTX_end(ctx); -#ifndef FIPS_MODULE - BN_CTX_free(new_ctx); -#endif - return ret; -} - -/* Initializes an EC_POINT. */ -int ossl_ec_GF2m_simple_point_init(EC_POINT *point) -{ - point->X = BN_new(); - point->Y = BN_new(); - point->Z = BN_new(); - - if (point->X == NULL || point->Y == NULL || point->Z == NULL) { - BN_free(point->X); - BN_free(point->Y); - BN_free(point->Z); - return 0; - } - return 1; -} - -/* Frees an EC_POINT. */ -void ossl_ec_GF2m_simple_point_finish(EC_POINT *point) -{ - BN_free(point->X); - BN_free(point->Y); - BN_free(point->Z); -} - -/* Clears and frees an EC_POINT. */ -void ossl_ec_GF2m_simple_point_clear_finish(EC_POINT *point) -{ - BN_clear_free(point->X); - BN_clear_free(point->Y); - BN_clear_free(point->Z); - point->Z_is_one = 0; -} - -/* - * Copy the contents of one EC_POINT into another. Assumes dest is - * initialized. - */ -int ossl_ec_GF2m_simple_point_copy(EC_POINT *dest, const EC_POINT *src) -{ - if (!BN_copy(dest->X, src->X)) - return 0; - if (!BN_copy(dest->Y, src->Y)) - return 0; - if (!BN_copy(dest->Z, src->Z)) - return 0; - dest->Z_is_one = src->Z_is_one; - dest->curve_name = src->curve_name; - - return 1; -} - -/* - * Set an EC_POINT to the point at infinity. A point at infinity is - * represented by having Z=0. - */ -int ossl_ec_GF2m_simple_point_set_to_infinity(const EC_GROUP *group, - EC_POINT *point) -{ - point->Z_is_one = 0; - BN_zero(point->Z); - return 1; -} - -/* - * Set the coordinates of an EC_POINT using affine coordinates. Note that - * the simple implementation only uses affine coordinates. - */ -int ossl_ec_GF2m_simple_point_set_affine_coordinates(const EC_GROUP *group, - EC_POINT *point, - const BIGNUM *x, - const BIGNUM *y, - BN_CTX *ctx) -{ - int ret = 0; - if (x == NULL || y == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - - if (!BN_copy(point->X, x)) - goto err; - BN_set_negative(point->X, 0); - if (!BN_copy(point->Y, y)) - goto err; - BN_set_negative(point->Y, 0); - if (!BN_copy(point->Z, BN_value_one())) - goto err; - BN_set_negative(point->Z, 0); - point->Z_is_one = 1; - ret = 1; - - err: - return ret; -} - -/* - * Gets the affine coordinates of an EC_POINT. Note that the simple - * implementation only uses affine coordinates. - */ -int ossl_ec_GF2m_simple_point_get_affine_coordinates(const EC_GROUP *group, - const EC_POINT *point, - BIGNUM *x, BIGNUM *y, - BN_CTX *ctx) -{ - int ret = 0; - - if (EC_POINT_is_at_infinity(group, point)) { - ERR_raise(ERR_LIB_EC, EC_R_POINT_AT_INFINITY); - return 0; - } - - if (BN_cmp(point->Z, BN_value_one())) { - ERR_raise(ERR_LIB_EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return 0; - } - if (x != NULL) { - if (!BN_copy(x, point->X)) - goto err; - BN_set_negative(x, 0); - } - if (y != NULL) { - if (!BN_copy(y, point->Y)) - goto err; - BN_set_negative(y, 0); - } - ret = 1; - - err: - return ret; -} - -/* - * Computes a + b and stores the result in r. r could be a or b, a could be - * b. Uses algorithm A.10.2 of IEEE P1363. - */ -int ossl_ec_GF2m_simple_add(const EC_GROUP *group, EC_POINT *r, - const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx) -{ - BIGNUM *x0, *y0, *x1, *y1, *x2, *y2, *s, *t; - int ret = 0; -#ifndef FIPS_MODULE - BN_CTX *new_ctx = NULL; -#endif - - if (EC_POINT_is_at_infinity(group, a)) { - if (!EC_POINT_copy(r, b)) - return 0; - return 1; - } - - if (EC_POINT_is_at_infinity(group, b)) { - if (!EC_POINT_copy(r, a)) - return 0; - return 1; - } - -#ifndef FIPS_MODULE - if (ctx == NULL) { - ctx = new_ctx = BN_CTX_new(); - if (ctx == NULL) - return 0; - } -#endif - - BN_CTX_start(ctx); - x0 = BN_CTX_get(ctx); - y0 = BN_CTX_get(ctx); - x1 = BN_CTX_get(ctx); - y1 = BN_CTX_get(ctx); - x2 = BN_CTX_get(ctx); - y2 = BN_CTX_get(ctx); - s = BN_CTX_get(ctx); - t = BN_CTX_get(ctx); - if (t == NULL) - goto err; - - if (a->Z_is_one) { - if (!BN_copy(x0, a->X)) - goto err; - if (!BN_copy(y0, a->Y)) - goto err; - } else { - if (!EC_POINT_get_affine_coordinates(group, a, x0, y0, ctx)) - goto err; - } - if (b->Z_is_one) { - if (!BN_copy(x1, b->X)) - goto err; - if (!BN_copy(y1, b->Y)) - goto err; - } else { - if (!EC_POINT_get_affine_coordinates(group, b, x1, y1, ctx)) - goto err; - } - - if (BN_GF2m_cmp(x0, x1)) { - if (!BN_GF2m_add(t, x0, x1)) - goto err; - if (!BN_GF2m_add(s, y0, y1)) - goto err; - if (!group->meth->field_div(group, s, s, t, ctx)) - goto err; - if (!group->meth->field_sqr(group, x2, s, ctx)) - goto err; - if (!BN_GF2m_add(x2, x2, group->a)) - goto err; - if (!BN_GF2m_add(x2, x2, s)) - goto err; - if (!BN_GF2m_add(x2, x2, t)) - goto err; - } else { - if (BN_GF2m_cmp(y0, y1) || BN_is_zero(x1)) { - if (!EC_POINT_set_to_infinity(group, r)) - goto err; - ret = 1; - goto err; - } - if (!group->meth->field_div(group, s, y1, x1, ctx)) - goto err; - if (!BN_GF2m_add(s, s, x1)) - goto err; - - if (!group->meth->field_sqr(group, x2, s, ctx)) - goto err; - if (!BN_GF2m_add(x2, x2, s)) - goto err; - if (!BN_GF2m_add(x2, x2, group->a)) - goto err; - } - - if (!BN_GF2m_add(y2, x1, x2)) - goto err; - if (!group->meth->field_mul(group, y2, y2, s, ctx)) - goto err; - if (!BN_GF2m_add(y2, y2, x2)) - goto err; - if (!BN_GF2m_add(y2, y2, y1)) - goto err; - - if (!EC_POINT_set_affine_coordinates(group, r, x2, y2, ctx)) - goto err; - - ret = 1; - - err: - BN_CTX_end(ctx); -#ifndef FIPS_MODULE - BN_CTX_free(new_ctx); -#endif - return ret; -} - -/* - * Computes 2 * a and stores the result in r. r could be a. Uses algorithm - * A.10.2 of IEEE P1363. - */ -int ossl_ec_GF2m_simple_dbl(const EC_GROUP *group, EC_POINT *r, - const EC_POINT *a, BN_CTX *ctx) -{ - return ossl_ec_GF2m_simple_add(group, r, a, a, ctx); -} - -int ossl_ec_GF2m_simple_invert(const EC_GROUP *group, EC_POINT *point, - BN_CTX *ctx) -{ - if (EC_POINT_is_at_infinity(group, point) || BN_is_zero(point->Y)) - /* point is its own inverse */ - return 1; - - if (group->meth->make_affine == NULL - || !group->meth->make_affine(group, point, ctx)) - return 0; - return BN_GF2m_add(point->Y, point->X, point->Y); -} - -/* Indicates whether the given point is the point at infinity. */ -int ossl_ec_GF2m_simple_is_at_infinity(const EC_GROUP *group, - const EC_POINT *point) -{ - return BN_is_zero(point->Z); -} - -/*- - * Determines whether the given EC_POINT is an actual point on the curve defined - * in the EC_GROUP. A point is valid if it satisfies the Weierstrass equation: - * y^2 + x*y = x^3 + a*x^2 + b. - */ -int ossl_ec_GF2m_simple_is_on_curve(const EC_GROUP *group, const EC_POINT *point, - BN_CTX *ctx) -{ - int ret = -1; - BIGNUM *lh, *y2; - int (*field_mul) (const EC_GROUP *, BIGNUM *, const BIGNUM *, - const BIGNUM *, BN_CTX *); - int (*field_sqr) (const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *); -#ifndef FIPS_MODULE - BN_CTX *new_ctx = NULL; -#endif - - if (EC_POINT_is_at_infinity(group, point)) - return 1; - - field_mul = group->meth->field_mul; - field_sqr = group->meth->field_sqr; - - /* only support affine coordinates */ - if (!point->Z_is_one) - return -1; - -#ifndef FIPS_MODULE - if (ctx == NULL) { - ctx = new_ctx = BN_CTX_new(); - if (ctx == NULL) - return -1; - } -#endif - - BN_CTX_start(ctx); - y2 = BN_CTX_get(ctx); - lh = BN_CTX_get(ctx); - if (lh == NULL) - goto err; - - /*- - * We have a curve defined by a Weierstrass equation - * y^2 + x*y = x^3 + a*x^2 + b. - * <=> x^3 + a*x^2 + x*y + b + y^2 = 0 - * <=> ((x + a) * x + y ) * x + b + y^2 = 0 - */ - if (!BN_GF2m_add(lh, point->X, group->a)) - goto err; - if (!field_mul(group, lh, lh, point->X, ctx)) - goto err; - if (!BN_GF2m_add(lh, lh, point->Y)) - goto err; - if (!field_mul(group, lh, lh, point->X, ctx)) - goto err; - if (!BN_GF2m_add(lh, lh, group->b)) - goto err; - if (!field_sqr(group, y2, point->Y, ctx)) - goto err; - if (!BN_GF2m_add(lh, lh, y2)) - goto err; - ret = BN_is_zero(lh); - - err: - BN_CTX_end(ctx); -#ifndef FIPS_MODULE - BN_CTX_free(new_ctx); -#endif - return ret; -} - -/*- - * Indicates whether two points are equal. - * Return values: - * -1 error - * 0 equal (in affine coordinates) - * 1 not equal - */ -int ossl_ec_GF2m_simple_cmp(const EC_GROUP *group, const EC_POINT *a, - const EC_POINT *b, BN_CTX *ctx) -{ - BIGNUM *aX, *aY, *bX, *bY; - int ret = -1; -#ifndef FIPS_MODULE - BN_CTX *new_ctx = NULL; -#endif - - if (EC_POINT_is_at_infinity(group, a)) { - return EC_POINT_is_at_infinity(group, b) ? 0 : 1; - } - - if (EC_POINT_is_at_infinity(group, b)) - return 1; - - if (a->Z_is_one && b->Z_is_one) { - return ((BN_cmp(a->X, b->X) == 0) && BN_cmp(a->Y, b->Y) == 0) ? 0 : 1; - } - -#ifndef FIPS_MODULE - if (ctx == NULL) { - ctx = new_ctx = BN_CTX_new(); - if (ctx == NULL) - return -1; - } -#endif - - BN_CTX_start(ctx); - aX = BN_CTX_get(ctx); - aY = BN_CTX_get(ctx); - bX = BN_CTX_get(ctx); - bY = BN_CTX_get(ctx); - if (bY == NULL) - goto err; - - if (!EC_POINT_get_affine_coordinates(group, a, aX, aY, ctx)) - goto err; - if (!EC_POINT_get_affine_coordinates(group, b, bX, bY, ctx)) - goto err; - ret = ((BN_cmp(aX, bX) == 0) && BN_cmp(aY, bY) == 0) ? 0 : 1; - - err: - BN_CTX_end(ctx); -#ifndef FIPS_MODULE - BN_CTX_free(new_ctx); -#endif - return ret; -} - -/* Forces the given EC_POINT to internally use affine coordinates. */ -int ossl_ec_GF2m_simple_make_affine(const EC_GROUP *group, EC_POINT *point, - BN_CTX *ctx) -{ - BIGNUM *x, *y; - int ret = 0; -#ifndef FIPS_MODULE - BN_CTX *new_ctx = NULL; -#endif - - if (point->Z_is_one || EC_POINT_is_at_infinity(group, point)) - return 1; - -#ifndef FIPS_MODULE - if (ctx == NULL) { - ctx = new_ctx = BN_CTX_new(); - if (ctx == NULL) - return 0; - } -#endif - - BN_CTX_start(ctx); - x = BN_CTX_get(ctx); - y = BN_CTX_get(ctx); - if (y == NULL) - goto err; - - if (!EC_POINT_get_affine_coordinates(group, point, x, y, ctx)) - goto err; - if (!BN_copy(point->X, x)) - goto err; - if (!BN_copy(point->Y, y)) - goto err; - if (!BN_one(point->Z)) - goto err; - point->Z_is_one = 1; - - ret = 1; - - err: - BN_CTX_end(ctx); -#ifndef FIPS_MODULE - BN_CTX_free(new_ctx); -#endif - return ret; -} - -/* - * Forces each of the EC_POINTs in the given array to use affine coordinates. - */ -int ossl_ec_GF2m_simple_points_make_affine(const EC_GROUP *group, size_t num, - EC_POINT *points[], BN_CTX *ctx) -{ - size_t i; - - for (i = 0; i < num; i++) { - if (!group->meth->make_affine(group, points[i], ctx)) - return 0; - } - - return 1; -} - -/* Wrapper to simple binary polynomial field multiplication implementation. */ -int ossl_ec_GF2m_simple_field_mul(const EC_GROUP *group, BIGNUM *r, - const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) -{ - return BN_GF2m_mod_mul_arr(r, a, b, group->poly, ctx); -} - -/* Wrapper to simple binary polynomial field squaring implementation. */ -int ossl_ec_GF2m_simple_field_sqr(const EC_GROUP *group, BIGNUM *r, - const BIGNUM *a, BN_CTX *ctx) -{ - return BN_GF2m_mod_sqr_arr(r, a, group->poly, ctx); -} - -/* Wrapper to simple binary polynomial field division implementation. */ -int ossl_ec_GF2m_simple_field_div(const EC_GROUP *group, BIGNUM *r, - const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) -{ - return BN_GF2m_mod_div(r, a, b, group->field, ctx); -} - -/*- - * Lopez-Dahab ladder, pre step. - * See e.g. "Guide to ECC" Alg 3.40. - * Modified to blind s and r independently. - * s:= p, r := 2p - */ -static -int ec_GF2m_simple_ladder_pre(const EC_GROUP *group, - EC_POINT *r, EC_POINT *s, - EC_POINT *p, BN_CTX *ctx) -{ - /* if p is not affine, something is wrong */ - if (p->Z_is_one == 0) - return 0; - - /* s blinding: make sure lambda (s->Z here) is not zero */ - do { - if (!BN_priv_rand_ex(s->Z, BN_num_bits(group->field) - 1, - BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY, 0, ctx)) { - ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); - return 0; - } - } while (BN_is_zero(s->Z)); - - /* if field_encode defined convert between representations */ - if ((group->meth->field_encode != NULL - && !group->meth->field_encode(group, s->Z, s->Z, ctx)) - || !group->meth->field_mul(group, s->X, p->X, s->Z, ctx)) - return 0; - - /* r blinding: make sure lambda (r->Y here for storage) is not zero */ - do { - if (!BN_priv_rand_ex(r->Y, BN_num_bits(group->field) - 1, - BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY, 0, ctx)) { - ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); - return 0; - } - } while (BN_is_zero(r->Y)); - - if ((group->meth->field_encode != NULL - && !group->meth->field_encode(group, r->Y, r->Y, ctx)) - || !group->meth->field_sqr(group, r->Z, p->X, ctx) - || !group->meth->field_sqr(group, r->X, r->Z, ctx) - || !BN_GF2m_add(r->X, r->X, group->b) - || !group->meth->field_mul(group, r->Z, r->Z, r->Y, ctx) - || !group->meth->field_mul(group, r->X, r->X, r->Y, ctx)) - return 0; - - s->Z_is_one = 0; - r->Z_is_one = 0; - - return 1; -} - -/*- - * Ladder step: differential addition-and-doubling, mixed Lopez-Dahab coords. - * http://www.hyperelliptic.org/EFD/g12o/auto-code/shortw/xz/ladder/mladd-2003-s.op3 - * s := r + s, r := 2r - */ -static -int ec_GF2m_simple_ladder_step(const EC_GROUP *group, - EC_POINT *r, EC_POINT *s, - EC_POINT *p, BN_CTX *ctx) -{ - if (!group->meth->field_mul(group, r->Y, r->Z, s->X, ctx) - || !group->meth->field_mul(group, s->X, r->X, s->Z, ctx) - || !group->meth->field_sqr(group, s->Y, r->Z, ctx) - || !group->meth->field_sqr(group, r->Z, r->X, ctx) - || !BN_GF2m_add(s->Z, r->Y, s->X) - || !group->meth->field_sqr(group, s->Z, s->Z, ctx) - || !group->meth->field_mul(group, s->X, r->Y, s->X, ctx) - || !group->meth->field_mul(group, r->Y, s->Z, p->X, ctx) - || !BN_GF2m_add(s->X, s->X, r->Y) - || !group->meth->field_sqr(group, r->Y, r->Z, ctx) - || !group->meth->field_mul(group, r->Z, r->Z, s->Y, ctx) - || !group->meth->field_sqr(group, s->Y, s->Y, ctx) - || !group->meth->field_mul(group, s->Y, s->Y, group->b, ctx) - || !BN_GF2m_add(r->X, r->Y, s->Y)) - return 0; - - return 1; -} - -/*- - * Recover affine (x,y) result from Lopez-Dahab r and s, affine p. - * See e.g. "Fast Multiplication on Elliptic Curves over GF(2**m) - * without Precomputation" (Lopez and Dahab, CHES 1999), - * Appendix Alg Mxy. - */ -static -int ec_GF2m_simple_ladder_post(const EC_GROUP *group, - EC_POINT *r, EC_POINT *s, - EC_POINT *p, BN_CTX *ctx) -{ - int ret = 0; - BIGNUM *t0, *t1, *t2 = NULL; - - if (BN_is_zero(r->Z)) - return EC_POINT_set_to_infinity(group, r); - - if (BN_is_zero(s->Z)) { - if (!EC_POINT_copy(r, p) - || !EC_POINT_invert(group, r, ctx)) { - ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); - return 0; - } - return 1; - } - - BN_CTX_start(ctx); - t0 = BN_CTX_get(ctx); - t1 = BN_CTX_get(ctx); - t2 = BN_CTX_get(ctx); - if (t2 == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); - goto err; - } - - if (!group->meth->field_mul(group, t0, r->Z, s->Z, ctx) - || !group->meth->field_mul(group, t1, p->X, r->Z, ctx) - || !BN_GF2m_add(t1, r->X, t1) - || !group->meth->field_mul(group, t2, p->X, s->Z, ctx) - || !group->meth->field_mul(group, r->Z, r->X, t2, ctx) - || !BN_GF2m_add(t2, t2, s->X) - || !group->meth->field_mul(group, t1, t1, t2, ctx) - || !group->meth->field_sqr(group, t2, p->X, ctx) - || !BN_GF2m_add(t2, p->Y, t2) - || !group->meth->field_mul(group, t2, t2, t0, ctx) - || !BN_GF2m_add(t1, t2, t1) - || !group->meth->field_mul(group, t2, p->X, t0, ctx) - || !group->meth->field_inv(group, t2, t2, ctx) - || !group->meth->field_mul(group, t1, t1, t2, ctx) - || !group->meth->field_mul(group, r->X, r->Z, t2, ctx) - || !BN_GF2m_add(t2, p->X, r->X) - || !group->meth->field_mul(group, t2, t2, t1, ctx) - || !BN_GF2m_add(r->Y, p->Y, t2) - || !BN_one(r->Z)) - goto err; - - r->Z_is_one = 1; - - /* GF(2^m) field elements should always have BIGNUM::neg = 0 */ - BN_set_negative(r->X, 0); - BN_set_negative(r->Y, 0); - - ret = 1; - - err: - BN_CTX_end(ctx); - return ret; -} - -static -int ec_GF2m_simple_points_mul(const EC_GROUP *group, EC_POINT *r, - const BIGNUM *scalar, size_t num, - const EC_POINT *points[], - const BIGNUM *scalars[], - BN_CTX *ctx) -{ - int ret = 0; - EC_POINT *t = NULL; - - /*- - * We limit use of the ladder only to the following cases: - * - r := scalar * G - * Fixed point mul: scalar != NULL && num == 0; - * - r := scalars[0] * points[0] - * Variable point mul: scalar == NULL && num == 1; - * - r := scalar * G + scalars[0] * points[0] - * used, e.g., in ECDSA verification: scalar != NULL && num == 1 - * - * In any other case (num > 1) we use the default wNAF implementation. - * - * We also let the default implementation handle degenerate cases like group - * order or cofactor set to 0. - */ - if (num > 1 || BN_is_zero(group->order) || BN_is_zero(group->cofactor)) - return ossl_ec_wNAF_mul(group, r, scalar, num, points, scalars, ctx); - - if (scalar != NULL && num == 0) - /* Fixed point multiplication */ - return ossl_ec_scalar_mul_ladder(group, r, scalar, NULL, ctx); - - if (scalar == NULL && num == 1) - /* Variable point multiplication */ - return ossl_ec_scalar_mul_ladder(group, r, scalars[0], points[0], ctx); - - /*- - * Double point multiplication: - * r := scalar * G + scalars[0] * points[0] - */ - - if ((t = EC_POINT_new(group)) == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); - return 0; - } - - if (!ossl_ec_scalar_mul_ladder(group, t, scalar, NULL, ctx) - || !ossl_ec_scalar_mul_ladder(group, r, scalars[0], points[0], ctx) - || !EC_POINT_add(group, r, t, r, ctx)) - goto err; - - ret = 1; - - err: - EC_POINT_free(t); - return ret; -} - -/*- - * Computes the multiplicative inverse of a in GF(2^m), storing the result in r. - * If a is zero (or equivalent), you'll get a EC_R_CANNOT_INVERT error. - * SCA hardening is with blinding: BN_GF2m_mod_inv does that. - */ -static int ec_GF2m_simple_field_inv(const EC_GROUP *group, BIGNUM *r, - const BIGNUM *a, BN_CTX *ctx) -{ - int ret; - - if (!(ret = BN_GF2m_mod_inv(r, a, group->field, ctx))) - ERR_raise(ERR_LIB_EC, EC_R_CANNOT_INVERT); - return ret; -} - -const EC_METHOD *EC_GF2m_simple_method(void) -{ - static const EC_METHOD ret = { - EC_FLAGS_DEFAULT_OCT, - NID_X9_62_characteristic_two_field, - ossl_ec_GF2m_simple_group_init, - ossl_ec_GF2m_simple_group_finish, - ossl_ec_GF2m_simple_group_clear_finish, - ossl_ec_GF2m_simple_group_copy, - ossl_ec_GF2m_simple_group_set_curve, - ossl_ec_GF2m_simple_group_get_curve, - ossl_ec_GF2m_simple_group_get_degree, - ossl_ec_group_simple_order_bits, - ossl_ec_GF2m_simple_group_check_discriminant, - ossl_ec_GF2m_simple_point_init, - ossl_ec_GF2m_simple_point_finish, - ossl_ec_GF2m_simple_point_clear_finish, - ossl_ec_GF2m_simple_point_copy, - ossl_ec_GF2m_simple_point_set_to_infinity, - ossl_ec_GF2m_simple_point_set_affine_coordinates, - ossl_ec_GF2m_simple_point_get_affine_coordinates, - 0, /* point_set_compressed_coordinates */ - 0, /* point2oct */ - 0, /* oct2point */ - ossl_ec_GF2m_simple_add, - ossl_ec_GF2m_simple_dbl, - ossl_ec_GF2m_simple_invert, - ossl_ec_GF2m_simple_is_at_infinity, - ossl_ec_GF2m_simple_is_on_curve, - ossl_ec_GF2m_simple_cmp, - ossl_ec_GF2m_simple_make_affine, - ossl_ec_GF2m_simple_points_make_affine, - ec_GF2m_simple_points_mul, - 0, /* precompute_mult */ - 0, /* have_precompute_mult */ - ossl_ec_GF2m_simple_field_mul, - ossl_ec_GF2m_simple_field_sqr, - ossl_ec_GF2m_simple_field_div, - ec_GF2m_simple_field_inv, - 0, /* field_encode */ - 0, /* field_decode */ - 0, /* field_set_to_one */ - ossl_ec_key_simple_priv2oct, - ossl_ec_key_simple_oct2priv, - 0, /* set private */ - ossl_ec_key_simple_generate_key, - ossl_ec_key_simple_check_key, - ossl_ec_key_simple_generate_public_key, - 0, /* keycopy */ - 0, /* keyfinish */ - ossl_ecdh_simple_compute_key, - ossl_ecdsa_simple_sign_setup, - ossl_ecdsa_simple_sign_sig, - ossl_ecdsa_simple_verify_sig, - 0, /* field_inverse_mod_ord */ - 0, /* blind_coordinates */ - ec_GF2m_simple_ladder_pre, - ec_GF2m_simple_ladder_step, - ec_GF2m_simple_ladder_post - }; - - return &ret; -} - -#endif diff --git a/crypto/ec/ec_ameth.c b/crypto/ec/ec_ameth.c deleted file mode 100644 index 7dc2232e5d3959fc845a4fef618e286ab03a82db..0000000000000000000000000000000000000000 --- a/crypto/ec/ec_ameth.c +++ /dev/null @@ -1,719 +0,0 @@ -/* - * Copyright 2006-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * ECDH and ECDSA low level APIs are deprecated for public use, but still ok - * for internal use. - */ -#include "internal/deprecated.h" - -#include -#include "internal/cryptlib.h" -#include -#include -#include -#include -#include "crypto/asn1.h" -#include "crypto/evp.h" -#include "crypto/x509.h" -#include -#include -#include "ec_local.h" - -static int eckey_param2type(int *pptype, void **ppval, const EC_KEY *ec_key) -{ - const EC_GROUP *group; - int nid; - - if (ec_key == NULL || (group = EC_KEY_get0_group(ec_key)) == NULL) { - ERR_raise(ERR_LIB_EC, EC_R_MISSING_PARAMETERS); - return 0; - } - if (EC_GROUP_get_asn1_flag(group) - && (nid = EC_GROUP_get_curve_name(group))) - /* we have a 'named curve' => just set the OID */ - { - ASN1_OBJECT *asn1obj = OBJ_nid2obj(nid); - - if (asn1obj == NULL || OBJ_length(asn1obj) == 0) { - ERR_raise(ERR_LIB_EC, EC_R_MISSING_OID); - return 0; - } - *ppval = asn1obj; - *pptype = V_ASN1_OBJECT; - } else { /* explicit parameters */ - - ASN1_STRING *pstr = NULL; - pstr = ASN1_STRING_new(); - if (pstr == NULL) - return 0; - pstr->length = i2d_ECParameters(ec_key, &pstr->data); - if (pstr->length <= 0) { - ASN1_STRING_free(pstr); - ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); - return 0; - } - *ppval = pstr; - *pptype = V_ASN1_SEQUENCE; - } - return 1; -} - -static int eckey_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) -{ - const EC_KEY *ec_key = pkey->pkey.ec; - void *pval = NULL; - int ptype; - unsigned char *penc = NULL, *p; - int penclen; - - if (!eckey_param2type(&ptype, &pval, ec_key)) { - ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); - return 0; - } - penclen = i2o_ECPublicKey(ec_key, NULL); - if (penclen <= 0) - goto err; - penc = OPENSSL_malloc(penclen); - if (penc == NULL) - goto err; - p = penc; - penclen = i2o_ECPublicKey(ec_key, &p); - if (penclen <= 0) - goto err; - if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(EVP_PKEY_EC), - ptype, pval, penc, penclen)) - return 1; - err: - if (ptype == V_ASN1_SEQUENCE) - ASN1_STRING_free(pval); - OPENSSL_free(penc); - return 0; -} - -static int eckey_pub_decode(EVP_PKEY *pkey, const X509_PUBKEY *pubkey) -{ - const unsigned char *p = NULL; - int pklen; - EC_KEY *eckey = NULL; - X509_ALGOR *palg; - OSSL_LIB_CTX *libctx = NULL; - const char *propq = NULL; - - if (!ossl_x509_PUBKEY_get0_libctx(&libctx, &propq, pubkey) - || !X509_PUBKEY_get0_param(NULL, &p, &pklen, &palg, pubkey)) - return 0; - eckey = ossl_ec_key_param_from_x509_algor(palg, libctx, propq); - - if (!eckey) - return 0; - - /* We have parameters now set public key */ - if (!o2i_ECPublicKey(&eckey, &p, pklen)) { - ERR_raise(ERR_LIB_EC, EC_R_DECODE_ERROR); - goto ecerr; - } - - EVP_PKEY_assign_EC_KEY(pkey, eckey); - return 1; - - ecerr: - EC_KEY_free(eckey); - return 0; -} - -static int eckey_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b) -{ - int r; - const EC_GROUP *group = EC_KEY_get0_group(b->pkey.ec); - const EC_POINT *pa = EC_KEY_get0_public_key(a->pkey.ec), - *pb = EC_KEY_get0_public_key(b->pkey.ec); - - if (group == NULL || pa == NULL || pb == NULL) - return -2; - r = EC_POINT_cmp(group, pa, pb, NULL); - if (r == 0) - return 1; - if (r == 1) - return 0; - return -2; -} - -static int eckey_priv_decode_ex(EVP_PKEY *pkey, const PKCS8_PRIV_KEY_INFO *p8, - OSSL_LIB_CTX *libctx, const char *propq) -{ - int ret = 0; - EC_KEY *eckey = ossl_ec_key_from_pkcs8(p8, libctx, propq); - - if (eckey != NULL) { - ret = 1; - EVP_PKEY_assign_EC_KEY(pkey, eckey); - } - - return ret; -} - -static int eckey_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) -{ - EC_KEY ec_key = *(pkey->pkey.ec); - unsigned char *ep = NULL; - int eplen, ptype; - void *pval; - unsigned int old_flags; - - if (!eckey_param2type(&ptype, &pval, &ec_key)) { - ERR_raise(ERR_LIB_EC, EC_R_DECODE_ERROR); - return 0; - } - - /* set the private key */ - - /* - * do not include the parameters in the SEC1 private key see PKCS#11 - * 12.11 - */ - old_flags = EC_KEY_get_enc_flags(&ec_key); - EC_KEY_set_enc_flags(&ec_key, old_flags | EC_PKEY_NO_PARAMETERS); - - eplen = i2d_ECPrivateKey(&ec_key, &ep); - if (eplen <= 0) { - ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); - goto err; - } - - if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_X9_62_id_ecPublicKey), 0, - ptype, pval, ep, eplen)) { - ERR_raise(ERR_LIB_EC, ERR_R_ASN1_LIB); - OPENSSL_clear_free(ep, eplen); - goto err; - } - - return 1; - - err: - if (ptype == V_ASN1_SEQUENCE) - ASN1_STRING_free(pval); - return 0; -} - -static int int_ec_size(const EVP_PKEY *pkey) -{ - return ECDSA_size(pkey->pkey.ec); -} - -static int ec_bits(const EVP_PKEY *pkey) -{ - return EC_GROUP_order_bits(EC_KEY_get0_group(pkey->pkey.ec)); -} - -static int ec_security_bits(const EVP_PKEY *pkey) -{ - int ecbits = ec_bits(pkey); - - if (ecbits >= 512) - return 256; - if (ecbits >= 384) - return 192; - if (ecbits >= 256) - return 128; - if (ecbits >= 224) - return 112; - if (ecbits >= 160) - return 80; - return ecbits / 2; -} - -static int ec_missing_parameters(const EVP_PKEY *pkey) -{ - if (pkey->pkey.ec == NULL || EC_KEY_get0_group(pkey->pkey.ec) == NULL) - return 1; - return 0; -} - -static int ec_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from) -{ - EC_GROUP *group = EC_GROUP_dup(EC_KEY_get0_group(from->pkey.ec)); - - if (group == NULL) - return 0; - if (to->pkey.ec == NULL) { - to->pkey.ec = EC_KEY_new(); - if (to->pkey.ec == NULL) - goto err; - } - if (EC_KEY_set_group(to->pkey.ec, group) == 0) - goto err; - EC_GROUP_free(group); - return 1; - err: - EC_GROUP_free(group); - return 0; -} - -static int ec_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b) -{ - const EC_GROUP *group_a = EC_KEY_get0_group(a->pkey.ec), - *group_b = EC_KEY_get0_group(b->pkey.ec); - - if (group_a == NULL || group_b == NULL) - return -2; - if (EC_GROUP_cmp(group_a, group_b, NULL)) - return 0; - else - return 1; -} - -static void int_ec_free(EVP_PKEY *pkey) -{ - EC_KEY_free(pkey->pkey.ec); -} - -typedef enum { - EC_KEY_PRINT_PRIVATE, - EC_KEY_PRINT_PUBLIC, - EC_KEY_PRINT_PARAM -} ec_print_t; - -static int do_EC_KEY_print(BIO *bp, const EC_KEY *x, int off, ec_print_t ktype) -{ - const char *ecstr; - unsigned char *priv = NULL, *pub = NULL; - size_t privlen = 0, publen = 0; - int ret = 0; - const EC_GROUP *group; - - if (x == NULL || (group = EC_KEY_get0_group(x)) == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - - if (ktype != EC_KEY_PRINT_PARAM && EC_KEY_get0_public_key(x) != NULL) { - publen = EC_KEY_key2buf(x, EC_KEY_get_conv_form(x), &pub, NULL); - if (publen == 0) - goto err; - } - - if (ktype == EC_KEY_PRINT_PRIVATE && EC_KEY_get0_private_key(x) != NULL) { - privlen = EC_KEY_priv2buf(x, &priv); - if (privlen == 0) - goto err; - } - - if (ktype == EC_KEY_PRINT_PRIVATE) - ecstr = "Private-Key"; - else if (ktype == EC_KEY_PRINT_PUBLIC) - ecstr = "Public-Key"; - else - ecstr = "ECDSA-Parameters"; - - if (!BIO_indent(bp, off, 128)) - goto err; - if (BIO_printf(bp, "%s: (%d bit)\n", ecstr, - EC_GROUP_order_bits(group)) <= 0) - goto err; - - if (privlen != 0) { - if (BIO_printf(bp, "%*spriv:\n", off, "") <= 0) - goto err; - if (ASN1_buf_print(bp, priv, privlen, off + 4) == 0) - goto err; - } - - if (publen != 0) { - if (BIO_printf(bp, "%*spub:\n", off, "") <= 0) - goto err; - if (ASN1_buf_print(bp, pub, publen, off + 4) == 0) - goto err; - } - - if (!ECPKParameters_print(bp, group, off)) - goto err; - ret = 1; - err: - if (!ret) - ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); - OPENSSL_clear_free(priv, privlen); - OPENSSL_free(pub); - return ret; -} - -static int eckey_param_decode(EVP_PKEY *pkey, - const unsigned char **pder, int derlen) -{ - EC_KEY *eckey; - - if ((eckey = d2i_ECParameters(NULL, pder, derlen)) == NULL) - return 0; - EVP_PKEY_assign_EC_KEY(pkey, eckey); - return 1; -} - -static int eckey_param_encode(const EVP_PKEY *pkey, unsigned char **pder) -{ - return i2d_ECParameters(pkey->pkey.ec, pder); -} - -static int eckey_param_print(BIO *bp, const EVP_PKEY *pkey, int indent, - ASN1_PCTX *ctx) -{ - return do_EC_KEY_print(bp, pkey->pkey.ec, indent, EC_KEY_PRINT_PARAM); -} - -static int eckey_pub_print(BIO *bp, const EVP_PKEY *pkey, int indent, - ASN1_PCTX *ctx) -{ - return do_EC_KEY_print(bp, pkey->pkey.ec, indent, EC_KEY_PRINT_PUBLIC); -} - -static int eckey_priv_print(BIO *bp, const EVP_PKEY *pkey, int indent, - ASN1_PCTX *ctx) -{ - return do_EC_KEY_print(bp, pkey->pkey.ec, indent, EC_KEY_PRINT_PRIVATE); -} - -static int old_ec_priv_decode(EVP_PKEY *pkey, - const unsigned char **pder, int derlen) -{ - EC_KEY *ec; - - if ((ec = d2i_ECPrivateKey(NULL, pder, derlen)) == NULL) - return 0; - EVP_PKEY_assign_EC_KEY(pkey, ec); - return 1; -} - -static int old_ec_priv_encode(const EVP_PKEY *pkey, unsigned char **pder) -{ - return i2d_ECPrivateKey(pkey->pkey.ec, pder); -} - -static int ec_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2) -{ - switch (op) { - case ASN1_PKEY_CTRL_DEFAULT_MD_NID: - if (EVP_PKEY_get_id(pkey) == EVP_PKEY_SM2) { - /* For SM2, the only valid digest-alg is SM3 */ - *(int *)arg2 = NID_sm3; - return 2; /* Make it mandatory */ - } - *(int *)arg2 = NID_sha256; - return 1; - - case ASN1_PKEY_CTRL_SET1_TLS_ENCPT: - /* We should only be here if we have a legacy key */ - if (!ossl_assert(evp_pkey_is_legacy(pkey))) - return 0; - return EC_KEY_oct2key(evp_pkey_get0_EC_KEY_int(pkey), arg2, arg1, NULL); - - case ASN1_PKEY_CTRL_GET1_TLS_ENCPT: - return EC_KEY_key2buf(EVP_PKEY_get0_EC_KEY(pkey), - POINT_CONVERSION_UNCOMPRESSED, arg2, NULL); - - default: - return -2; - } -} - -static int ec_pkey_check(const EVP_PKEY *pkey) -{ - EC_KEY *eckey = pkey->pkey.ec; - - /* stay consistent to what EVP_PKEY_check demands */ - if (eckey->priv_key == NULL) { - ERR_raise(ERR_LIB_EC, EC_R_MISSING_PRIVATE_KEY); - return 0; - } - - return EC_KEY_check_key(eckey); -} - -static int ec_pkey_public_check(const EVP_PKEY *pkey) -{ - EC_KEY *eckey = pkey->pkey.ec; - - /* - * Note: it unnecessary to check eckey->pub_key here since - * it will be checked in EC_KEY_check_key(). In fact, the - * EC_KEY_check_key() mainly checks the public key, and checks - * the private key optionally (only if there is one). So if - * someone passes a whole EC key (public + private), this - * will also work... - */ - - return EC_KEY_check_key(eckey); -} - -static int ec_pkey_param_check(const EVP_PKEY *pkey) -{ - EC_KEY *eckey = pkey->pkey.ec; - - /* stay consistent to what EVP_PKEY_check demands */ - if (eckey->group == NULL) { - ERR_raise(ERR_LIB_EC, EC_R_MISSING_PARAMETERS); - return 0; - } - - return EC_GROUP_check(eckey->group, NULL); -} - -static -size_t ec_pkey_dirty_cnt(const EVP_PKEY *pkey) -{ - return pkey->pkey.ec->dirty_cnt; -} - -static -int ec_pkey_export_to(const EVP_PKEY *from, void *to_keydata, - OSSL_FUNC_keymgmt_import_fn *importer, - OSSL_LIB_CTX *libctx, const char *propq) -{ - const EC_KEY *eckey = NULL; - const EC_GROUP *ecg = NULL; - unsigned char *pub_key_buf = NULL, *gen_buf = NULL; - size_t pub_key_buflen; - OSSL_PARAM_BLD *tmpl; - OSSL_PARAM *params = NULL; - const BIGNUM *priv_key = NULL; - const EC_POINT *pub_point = NULL; - int selection = 0; - int rv = 0; - BN_CTX *bnctx = NULL; - - if (from == NULL - || (eckey = from->pkey.ec) == NULL - || (ecg = EC_KEY_get0_group(eckey)) == NULL) - return 0; - - tmpl = OSSL_PARAM_BLD_new(); - if (tmpl == NULL) - return 0; - - /* - * EC_POINT_point2buf() can generate random numbers in some - * implementations so we need to ensure we use the correct libctx. - */ - bnctx = BN_CTX_new_ex(libctx); - if (bnctx == NULL) - goto err; - BN_CTX_start(bnctx); - - /* export the domain parameters */ - if (!ossl_ec_group_todata(ecg, tmpl, NULL, libctx, propq, bnctx, &gen_buf)) - goto err; - selection |= OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS; - - priv_key = EC_KEY_get0_private_key(eckey); - pub_point = EC_KEY_get0_public_key(eckey); - - if (pub_point != NULL) { - /* convert pub_point to a octet string according to the SECG standard */ - if ((pub_key_buflen = EC_POINT_point2buf(ecg, pub_point, - POINT_CONVERSION_COMPRESSED, - &pub_key_buf, bnctx)) == 0 - || !OSSL_PARAM_BLD_push_octet_string(tmpl, - OSSL_PKEY_PARAM_PUB_KEY, - pub_key_buf, - pub_key_buflen)) - goto err; - selection |= OSSL_KEYMGMT_SELECT_PUBLIC_KEY; - } - - if (priv_key != NULL) { - size_t sz; - int ecbits; - int ecdh_cofactor_mode; - - /* - * Key import/export should never leak the bit length of the secret - * scalar in the key. - * - * For this reason, on export we use padded BIGNUMs with fixed length. - * - * When importing we also should make sure that, even if short lived, - * the newly created BIGNUM is marked with the BN_FLG_CONSTTIME flag as - * soon as possible, so that any processing of this BIGNUM might opt for - * constant time implementations in the backend. - * - * Setting the BN_FLG_CONSTTIME flag alone is never enough, we also have - * to preallocate the BIGNUM internal buffer to a fixed public size big - * enough that operations performed during the processing never trigger - * a realloc which would leak the size of the scalar through memory - * accesses. - * - * Fixed Length - * ------------ - * - * The order of the large prime subgroup of the curve is our choice for - * a fixed public size, as that is generally the upper bound for - * generating a private key in EC cryptosystems and should fit all valid - * secret scalars. - * - * For padding on export we just use the bit length of the order - * converted to bytes (rounding up). - * - * For preallocating the BIGNUM storage we look at the number of "words" - * required for the internal representation of the order, and we - * preallocate 2 extra "words" in case any of the subsequent processing - * might temporarily overflow the order length. - */ - ecbits = EC_GROUP_order_bits(ecg); - if (ecbits <= 0) - goto err; - - sz = (ecbits + 7 ) / 8; - if (!OSSL_PARAM_BLD_push_BN_pad(tmpl, - OSSL_PKEY_PARAM_PRIV_KEY, - priv_key, sz)) - goto err; - selection |= OSSL_KEYMGMT_SELECT_PRIVATE_KEY; - - /* - * The ECDH Cofactor Mode is defined only if the EC_KEY actually - * contains a private key, so we check for the flag and export it only - * in this case. - */ - ecdh_cofactor_mode = - (EC_KEY_get_flags(eckey) & EC_FLAG_COFACTOR_ECDH) ? 1 : 0; - - /* Export the ECDH_COFACTOR_MODE parameter */ - if (!OSSL_PARAM_BLD_push_int(tmpl, - OSSL_PKEY_PARAM_USE_COFACTOR_ECDH, - ecdh_cofactor_mode)) - goto err; - selection |= OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS; - } - - params = OSSL_PARAM_BLD_to_param(tmpl); - - /* We export, the provider imports */ - rv = importer(to_keydata, selection, params); - - err: - OSSL_PARAM_BLD_free(tmpl); - OSSL_PARAM_free(params); - OPENSSL_free(pub_key_buf); - OPENSSL_free(gen_buf); - BN_CTX_end(bnctx); - BN_CTX_free(bnctx); - return rv; -} - -static int ec_pkey_import_from(const OSSL_PARAM params[], void *vpctx) -{ - EVP_PKEY_CTX *pctx = vpctx; - EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(pctx); - EC_KEY *ec = EC_KEY_new_ex(pctx->libctx, pctx->propquery); - - if (ec == NULL) { - ERR_raise(ERR_LIB_DH, ERR_R_MALLOC_FAILURE); - return 0; - } - - if (!ossl_ec_group_fromdata(ec, params) - || !ossl_ec_key_otherparams_fromdata(ec, params) - || !ossl_ec_key_fromdata(ec, params, 1) - || !EVP_PKEY_assign_EC_KEY(pkey, ec)) { - EC_KEY_free(ec); - return 0; - } - return 1; -} - -static int ec_pkey_copy(EVP_PKEY *to, EVP_PKEY *from) -{ - EC_KEY *eckey = from->pkey.ec; - EC_KEY *dupkey = NULL; - int ret; - - if (eckey != NULL) { - dupkey = EC_KEY_dup(eckey); - if (dupkey == NULL) - return 0; - } else { - /* necessary to properly copy empty SM2 keys */ - return EVP_PKEY_set_type(to, from->type); - } - - ret = EVP_PKEY_assign_EC_KEY(to, dupkey); - if (!ret) - EC_KEY_free(dupkey); - return ret; -} - -const EVP_PKEY_ASN1_METHOD ossl_eckey_asn1_meth = { - EVP_PKEY_EC, - EVP_PKEY_EC, - 0, - "EC", - "OpenSSL EC algorithm", - - eckey_pub_decode, - eckey_pub_encode, - eckey_pub_cmp, - eckey_pub_print, - - NULL, - eckey_priv_encode, - eckey_priv_print, - - int_ec_size, - ec_bits, - ec_security_bits, - - eckey_param_decode, - eckey_param_encode, - ec_missing_parameters, - ec_copy_parameters, - ec_cmp_parameters, - eckey_param_print, - 0, - - int_ec_free, - ec_pkey_ctrl, - old_ec_priv_decode, - old_ec_priv_encode, - - 0, 0, 0, - - ec_pkey_check, - ec_pkey_public_check, - ec_pkey_param_check, - - 0, /* set_priv_key */ - 0, /* set_pub_key */ - 0, /* get_priv_key */ - 0, /* get_pub_key */ - - ec_pkey_dirty_cnt, - ec_pkey_export_to, - ec_pkey_import_from, - ec_pkey_copy, - eckey_priv_decode_ex -}; - -#if !defined(OPENSSL_NO_SM2) -const EVP_PKEY_ASN1_METHOD ossl_sm2_asn1_meth = { - EVP_PKEY_SM2, - EVP_PKEY_EC, - ASN1_PKEY_ALIAS -}; -#endif - -int EC_KEY_print(BIO *bp, const EC_KEY *x, int off) -{ - int private = EC_KEY_get0_private_key(x) != NULL; - - return do_EC_KEY_print(bp, x, off, - private ? EC_KEY_PRINT_PRIVATE : EC_KEY_PRINT_PUBLIC); -} - -int ECParameters_print(BIO *bp, const EC_KEY *x) -{ - return do_EC_KEY_print(bp, x, 4, EC_KEY_PRINT_PARAM); -} diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c deleted file mode 100644 index 7a0b35a594311b001b003e5e1f2de763068e8d3d..0000000000000000000000000000000000000000 --- a/crypto/ec/ec_asn1.c +++ /dev/null @@ -1,1340 +0,0 @@ -/* - * Copyright 2002-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * ECDSA low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include -#include "ec_local.h" -#include -#include -#include -#include "internal/nelem.h" -#include "crypto/asn1_dsa.h" - -#ifndef FIPS_MODULE - -/* some structures needed for the asn1 encoding */ -typedef struct x9_62_pentanomial_st { - int32_t k1; - int32_t k2; - int32_t k3; -} X9_62_PENTANOMIAL; - -typedef struct x9_62_characteristic_two_st { - int32_t m; - ASN1_OBJECT *type; - union { - char *ptr; - /* NID_X9_62_onBasis */ - ASN1_NULL *onBasis; - /* NID_X9_62_tpBasis */ - ASN1_INTEGER *tpBasis; - /* NID_X9_62_ppBasis */ - X9_62_PENTANOMIAL *ppBasis; - /* anything else */ - ASN1_TYPE *other; - } p; -} X9_62_CHARACTERISTIC_TWO; - -typedef struct x9_62_fieldid_st { - ASN1_OBJECT *fieldType; - union { - char *ptr; - /* NID_X9_62_prime_field */ - ASN1_INTEGER *prime; - /* NID_X9_62_characteristic_two_field */ - X9_62_CHARACTERISTIC_TWO *char_two; - /* anything else */ - ASN1_TYPE *other; - } p; -} X9_62_FIELDID; - -typedef struct x9_62_curve_st { - ASN1_OCTET_STRING *a; - ASN1_OCTET_STRING *b; - ASN1_BIT_STRING *seed; -} X9_62_CURVE; - -struct ec_parameters_st { - int32_t version; - X9_62_FIELDID *fieldID; - X9_62_CURVE *curve; - ASN1_OCTET_STRING *base; - ASN1_INTEGER *order; - ASN1_INTEGER *cofactor; -} /* ECPARAMETERS */ ; - -typedef enum { - ECPKPARAMETERS_TYPE_NAMED = 0, - ECPKPARAMETERS_TYPE_EXPLICIT, - ECPKPARAMETERS_TYPE_IMPLICIT -} ecpk_parameters_type_t; - -struct ecpk_parameters_st { - int type; - union { - ASN1_OBJECT *named_curve; - ECPARAMETERS *parameters; - ASN1_NULL *implicitlyCA; - } value; -} /* ECPKPARAMETERS */ ; - -/* SEC1 ECPrivateKey */ -typedef struct ec_privatekey_st { - int32_t version; - ASN1_OCTET_STRING *privateKey; - ECPKPARAMETERS *parameters; - ASN1_BIT_STRING *publicKey; -} EC_PRIVATEKEY; - -/* the OpenSSL ASN.1 definitions */ -ASN1_SEQUENCE(X9_62_PENTANOMIAL) = { - ASN1_EMBED(X9_62_PENTANOMIAL, k1, INT32), - ASN1_EMBED(X9_62_PENTANOMIAL, k2, INT32), - ASN1_EMBED(X9_62_PENTANOMIAL, k3, INT32) -} static_ASN1_SEQUENCE_END(X9_62_PENTANOMIAL) - -DECLARE_ASN1_ALLOC_FUNCTIONS(X9_62_PENTANOMIAL) -IMPLEMENT_ASN1_ALLOC_FUNCTIONS(X9_62_PENTANOMIAL) - -ASN1_ADB_TEMPLATE(char_two_def) = ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, p.other, ASN1_ANY); - -ASN1_ADB(X9_62_CHARACTERISTIC_TWO) = { - ADB_ENTRY(NID_X9_62_onBasis, ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, p.onBasis, ASN1_NULL)), - ADB_ENTRY(NID_X9_62_tpBasis, ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, p.tpBasis, ASN1_INTEGER)), - ADB_ENTRY(NID_X9_62_ppBasis, ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, p.ppBasis, X9_62_PENTANOMIAL)) -} ASN1_ADB_END(X9_62_CHARACTERISTIC_TWO, 0, type, 0, &char_two_def_tt, NULL); - -ASN1_SEQUENCE(X9_62_CHARACTERISTIC_TWO) = { - ASN1_EMBED(X9_62_CHARACTERISTIC_TWO, m, INT32), - ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, type, ASN1_OBJECT), - ASN1_ADB_OBJECT(X9_62_CHARACTERISTIC_TWO) -} static_ASN1_SEQUENCE_END(X9_62_CHARACTERISTIC_TWO) - -DECLARE_ASN1_ALLOC_FUNCTIONS(X9_62_CHARACTERISTIC_TWO) -IMPLEMENT_ASN1_ALLOC_FUNCTIONS(X9_62_CHARACTERISTIC_TWO) - -ASN1_ADB_TEMPLATE(fieldID_def) = ASN1_SIMPLE(X9_62_FIELDID, p.other, ASN1_ANY); - -ASN1_ADB(X9_62_FIELDID) = { - ADB_ENTRY(NID_X9_62_prime_field, ASN1_SIMPLE(X9_62_FIELDID, p.prime, ASN1_INTEGER)), - ADB_ENTRY(NID_X9_62_characteristic_two_field, ASN1_SIMPLE(X9_62_FIELDID, p.char_two, X9_62_CHARACTERISTIC_TWO)) -} ASN1_ADB_END(X9_62_FIELDID, 0, fieldType, 0, &fieldID_def_tt, NULL); - -ASN1_SEQUENCE(X9_62_FIELDID) = { - ASN1_SIMPLE(X9_62_FIELDID, fieldType, ASN1_OBJECT), - ASN1_ADB_OBJECT(X9_62_FIELDID) -} static_ASN1_SEQUENCE_END(X9_62_FIELDID) - -ASN1_SEQUENCE(X9_62_CURVE) = { - ASN1_SIMPLE(X9_62_CURVE, a, ASN1_OCTET_STRING), - ASN1_SIMPLE(X9_62_CURVE, b, ASN1_OCTET_STRING), - ASN1_OPT(X9_62_CURVE, seed, ASN1_BIT_STRING) -} static_ASN1_SEQUENCE_END(X9_62_CURVE) - -ASN1_SEQUENCE(ECPARAMETERS) = { - ASN1_EMBED(ECPARAMETERS, version, INT32), - ASN1_SIMPLE(ECPARAMETERS, fieldID, X9_62_FIELDID), - ASN1_SIMPLE(ECPARAMETERS, curve, X9_62_CURVE), - ASN1_SIMPLE(ECPARAMETERS, base, ASN1_OCTET_STRING), - ASN1_SIMPLE(ECPARAMETERS, order, ASN1_INTEGER), - ASN1_OPT(ECPARAMETERS, cofactor, ASN1_INTEGER) -} ASN1_SEQUENCE_END(ECPARAMETERS) - -DECLARE_ASN1_ALLOC_FUNCTIONS(ECPARAMETERS) -IMPLEMENT_ASN1_ALLOC_FUNCTIONS(ECPARAMETERS) - -ASN1_CHOICE(ECPKPARAMETERS) = { - ASN1_SIMPLE(ECPKPARAMETERS, value.named_curve, ASN1_OBJECT), - ASN1_SIMPLE(ECPKPARAMETERS, value.parameters, ECPARAMETERS), - ASN1_SIMPLE(ECPKPARAMETERS, value.implicitlyCA, ASN1_NULL) -} ASN1_CHOICE_END(ECPKPARAMETERS) - -DECLARE_ASN1_FUNCTIONS(ECPKPARAMETERS) -DECLARE_ASN1_ENCODE_FUNCTIONS_name(ECPKPARAMETERS, ECPKPARAMETERS) -IMPLEMENT_ASN1_FUNCTIONS(ECPKPARAMETERS) - -ASN1_SEQUENCE(EC_PRIVATEKEY) = { - ASN1_EMBED(EC_PRIVATEKEY, version, INT32), - ASN1_SIMPLE(EC_PRIVATEKEY, privateKey, ASN1_OCTET_STRING), - ASN1_EXP_OPT(EC_PRIVATEKEY, parameters, ECPKPARAMETERS, 0), - ASN1_EXP_OPT(EC_PRIVATEKEY, publicKey, ASN1_BIT_STRING, 1) -} static_ASN1_SEQUENCE_END(EC_PRIVATEKEY) - -DECLARE_ASN1_FUNCTIONS(EC_PRIVATEKEY) -DECLARE_ASN1_ENCODE_FUNCTIONS_name(EC_PRIVATEKEY, EC_PRIVATEKEY) -IMPLEMENT_ASN1_FUNCTIONS(EC_PRIVATEKEY) - -/* some declarations of internal function */ - -/* ec_asn1_group2field() sets the values in a X9_62_FIELDID object */ -static int ec_asn1_group2fieldid(const EC_GROUP *, X9_62_FIELDID *); -/* ec_asn1_group2curve() sets the values in a X9_62_CURVE object */ -static int ec_asn1_group2curve(const EC_GROUP *, X9_62_CURVE *); - -/* the function definitions */ - -static int ec_asn1_group2fieldid(const EC_GROUP *group, X9_62_FIELDID *field) -{ - int ok = 0, nid; - BIGNUM *tmp = NULL; - - if (group == NULL || field == NULL) - return 0; - - /* clear the old values (if necessary) */ - ASN1_OBJECT_free(field->fieldType); - ASN1_TYPE_free(field->p.other); - - nid = EC_GROUP_get_field_type(group); - /* set OID for the field */ - if ((field->fieldType = OBJ_nid2obj(nid)) == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_OBJ_LIB); - goto err; - } - - if (nid == NID_X9_62_prime_field) { - if ((tmp = BN_new()) == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); - goto err; - } - /* the parameters are specified by the prime number p */ - if (!EC_GROUP_get_curve(group, tmp, NULL, NULL, NULL)) { - ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); - goto err; - } - /* set the prime number */ - field->p.prime = BN_to_ASN1_INTEGER(tmp, NULL); - if (field->p.prime == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_ASN1_LIB); - goto err; - } - } else if (nid == NID_X9_62_characteristic_two_field) -#ifdef OPENSSL_NO_EC2M - { - ERR_raise(ERR_LIB_EC, EC_R_GF2M_NOT_SUPPORTED); - goto err; - } -#else - { - int field_type; - X9_62_CHARACTERISTIC_TWO *char_two; - - field->p.char_two = X9_62_CHARACTERISTIC_TWO_new(); - char_two = field->p.char_two; - - if (char_two == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); - goto err; - } - - char_two->m = (long)EC_GROUP_get_degree(group); - - field_type = EC_GROUP_get_basis_type(group); - - if (field_type == 0) { - ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); - goto err; - } - /* set base type OID */ - if ((char_two->type = OBJ_nid2obj(field_type)) == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_OBJ_LIB); - goto err; - } - - if (field_type == NID_X9_62_tpBasis) { - unsigned int k; - - if (!EC_GROUP_get_trinomial_basis(group, &k)) - goto err; - - char_two->p.tpBasis = ASN1_INTEGER_new(); - if (char_two->p.tpBasis == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); - goto err; - } - if (!ASN1_INTEGER_set(char_two->p.tpBasis, (long)k)) { - ERR_raise(ERR_LIB_EC, ERR_R_ASN1_LIB); - goto err; - } - } else if (field_type == NID_X9_62_ppBasis) { - unsigned int k1, k2, k3; - - if (!EC_GROUP_get_pentanomial_basis(group, &k1, &k2, &k3)) - goto err; - - char_two->p.ppBasis = X9_62_PENTANOMIAL_new(); - if (char_two->p.ppBasis == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); - goto err; - } - - /* set k? values */ - char_two->p.ppBasis->k1 = (long)k1; - char_two->p.ppBasis->k2 = (long)k2; - char_two->p.ppBasis->k3 = (long)k3; - } else { /* field_type == NID_X9_62_onBasis */ - - /* for ONB the parameters are (asn1) NULL */ - char_two->p.onBasis = ASN1_NULL_new(); - if (char_two->p.onBasis == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); - goto err; - } - } - } -#endif - else { - ERR_raise(ERR_LIB_EC, EC_R_UNSUPPORTED_FIELD); - goto err; - } - - ok = 1; - - err: - BN_free(tmp); - return ok; -} - -static int ec_asn1_group2curve(const EC_GROUP *group, X9_62_CURVE *curve) -{ - int ok = 0; - BIGNUM *tmp_1 = NULL, *tmp_2 = NULL; - unsigned char *a_buf = NULL, *b_buf = NULL; - size_t len; - - if (!group || !curve || !curve->a || !curve->b) - return 0; - - if ((tmp_1 = BN_new()) == NULL || (tmp_2 = BN_new()) == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); - goto err; - } - - /* get a and b */ - if (!EC_GROUP_get_curve(group, NULL, tmp_1, tmp_2, NULL)) { - ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); - goto err; - } - - /* - * Per SEC 1, the curve coefficients must be padded up to size. See C.2's - * definition of Curve, C.1's definition of FieldElement, and 2.3.5's - * definition of how to encode the field elements. - */ - len = ((size_t)EC_GROUP_get_degree(group) + 7) / 8; - if ((a_buf = OPENSSL_malloc(len)) == NULL - || (b_buf = OPENSSL_malloc(len)) == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); - goto err; - } - if (BN_bn2binpad(tmp_1, a_buf, len) < 0 - || BN_bn2binpad(tmp_2, b_buf, len) < 0) { - ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); - goto err; - } - - /* set a and b */ - if (!ASN1_OCTET_STRING_set(curve->a, a_buf, len) - || !ASN1_OCTET_STRING_set(curve->b, b_buf, len)) { - ERR_raise(ERR_LIB_EC, ERR_R_ASN1_LIB); - goto err; - } - - /* set the seed (optional) */ - if (group->seed) { - if (!curve->seed) - if ((curve->seed = ASN1_BIT_STRING_new()) == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); - goto err; - } - curve->seed->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); - curve->seed->flags |= ASN1_STRING_FLAG_BITS_LEFT; - if (!ASN1_BIT_STRING_set(curve->seed, group->seed, - (int)group->seed_len)) { - ERR_raise(ERR_LIB_EC, ERR_R_ASN1_LIB); - goto err; - } - } else { - ASN1_BIT_STRING_free(curve->seed); - curve->seed = NULL; - } - - ok = 1; - - err: - OPENSSL_free(a_buf); - OPENSSL_free(b_buf); - BN_free(tmp_1); - BN_free(tmp_2); - return ok; -} - -ECPARAMETERS *EC_GROUP_get_ecparameters(const EC_GROUP *group, - ECPARAMETERS *params) -{ - size_t len = 0; - ECPARAMETERS *ret = NULL; - const BIGNUM *tmp; - unsigned char *buffer = NULL; - const EC_POINT *point = NULL; - point_conversion_form_t form; - ASN1_INTEGER *orig; - - if (params == NULL) { - if ((ret = ECPARAMETERS_new()) == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); - goto err; - } - } else - ret = params; - - /* set the version (always one) */ - ret->version = (long)0x1; - - /* set the fieldID */ - if (!ec_asn1_group2fieldid(group, ret->fieldID)) { - ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); - goto err; - } - - /* set the curve */ - if (!ec_asn1_group2curve(group, ret->curve)) { - ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); - goto err; - } - - /* set the base point */ - if ((point = EC_GROUP_get0_generator(group)) == NULL) { - ERR_raise(ERR_LIB_EC, EC_R_UNDEFINED_GENERATOR); - goto err; - } - - form = EC_GROUP_get_point_conversion_form(group); - - len = EC_POINT_point2buf(group, point, form, &buffer, NULL); - if (len == 0) { - ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); - goto err; - } - if (ret->base == NULL && (ret->base = ASN1_OCTET_STRING_new()) == NULL) { - OPENSSL_free(buffer); - ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); - goto err; - } - ASN1_STRING_set0(ret->base, buffer, len); - - /* set the order */ - tmp = EC_GROUP_get0_order(group); - if (tmp == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); - goto err; - } - ret->order = BN_to_ASN1_INTEGER(tmp, orig = ret->order); - if (ret->order == NULL) { - ret->order = orig; - ERR_raise(ERR_LIB_EC, ERR_R_ASN1_LIB); - goto err; - } - - /* set the cofactor (optional) */ - tmp = EC_GROUP_get0_cofactor(group); - if (tmp != NULL) { - ret->cofactor = BN_to_ASN1_INTEGER(tmp, orig = ret->cofactor); - if (ret->cofactor == NULL) { - ret->cofactor = orig; - ERR_raise(ERR_LIB_EC, ERR_R_ASN1_LIB); - goto err; - } - } - - return ret; - - err: - if (params == NULL) - ECPARAMETERS_free(ret); - return NULL; -} - -ECPKPARAMETERS *EC_GROUP_get_ecpkparameters(const EC_GROUP *group, - ECPKPARAMETERS *params) -{ - int ok = 1, tmp; - ECPKPARAMETERS *ret = params; - - if (ret == NULL) { - if ((ret = ECPKPARAMETERS_new()) == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); - return NULL; - } - } else { - if (ret->type == ECPKPARAMETERS_TYPE_NAMED) - ASN1_OBJECT_free(ret->value.named_curve); - else if (ret->type == ECPKPARAMETERS_TYPE_EXPLICIT - && ret->value.parameters != NULL) - ECPARAMETERS_free(ret->value.parameters); - } - - if (EC_GROUP_get_asn1_flag(group) == OPENSSL_EC_NAMED_CURVE) { - /* - * use the asn1 OID to describe the elliptic curve parameters - */ - tmp = EC_GROUP_get_curve_name(group); - if (tmp) { - ASN1_OBJECT *asn1obj = OBJ_nid2obj(tmp); - - if (asn1obj == NULL || OBJ_length(asn1obj) == 0) { - ASN1_OBJECT_free(asn1obj); - ERR_raise(ERR_LIB_EC, EC_R_MISSING_OID); - ok = 0; - } else { - ret->type = ECPKPARAMETERS_TYPE_NAMED; - ret->value.named_curve = asn1obj; - } - } else - /* we don't know the nid => ERROR */ - ok = 0; - } else { - /* use the ECPARAMETERS structure */ - ret->type = ECPKPARAMETERS_TYPE_EXPLICIT; - if ((ret->value.parameters = - EC_GROUP_get_ecparameters(group, NULL)) == NULL) - ok = 0; - } - - if (!ok) { - ECPKPARAMETERS_free(ret); - return NULL; - } - return ret; -} - -EC_GROUP *EC_GROUP_new_from_ecparameters(const ECPARAMETERS *params) -{ - int ok = 0, tmp; - EC_GROUP *ret = NULL, *dup = NULL; - BIGNUM *p = NULL, *a = NULL, *b = NULL; - EC_POINT *point = NULL; - long field_bits; - int curve_name = NID_undef; - BN_CTX *ctx = NULL; - - if (params->fieldID == NULL - || params->fieldID->fieldType == NULL - || params->fieldID->p.ptr == NULL) { - ERR_raise(ERR_LIB_EC, EC_R_ASN1_ERROR); - goto err; - } - - /* - * Now extract the curve parameters a and b. Note that, although SEC 1 - * specifies the length of their encodings, historical versions of OpenSSL - * encoded them incorrectly, so we must accept any length for backwards - * compatibility. - */ - if (params->curve == NULL - || params->curve->a == NULL || params->curve->a->data == NULL - || params->curve->b == NULL || params->curve->b->data == NULL) { - ERR_raise(ERR_LIB_EC, EC_R_ASN1_ERROR); - goto err; - } - a = BN_bin2bn(params->curve->a->data, params->curve->a->length, NULL); - if (a == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); - goto err; - } - b = BN_bin2bn(params->curve->b->data, params->curve->b->length, NULL); - if (b == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); - goto err; - } - - /* get the field parameters */ - tmp = OBJ_obj2nid(params->fieldID->fieldType); - if (tmp == NID_X9_62_characteristic_two_field) -#ifdef OPENSSL_NO_EC2M - { - ERR_raise(ERR_LIB_EC, EC_R_GF2M_NOT_SUPPORTED); - goto err; - } -#else - { - X9_62_CHARACTERISTIC_TWO *char_two; - - char_two = params->fieldID->p.char_two; - - field_bits = char_two->m; - if (field_bits > OPENSSL_ECC_MAX_FIELD_BITS) { - ERR_raise(ERR_LIB_EC, EC_R_FIELD_TOO_LARGE); - goto err; - } - - if ((p = BN_new()) == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); - goto err; - } - - /* get the base type */ - tmp = OBJ_obj2nid(char_two->type); - - if (tmp == NID_X9_62_tpBasis) { - long tmp_long; - - if (!char_two->p.tpBasis) { - ERR_raise(ERR_LIB_EC, EC_R_ASN1_ERROR); - goto err; - } - - tmp_long = ASN1_INTEGER_get(char_two->p.tpBasis); - - if (!(char_two->m > tmp_long && tmp_long > 0)) { - ERR_raise(ERR_LIB_EC, EC_R_INVALID_TRINOMIAL_BASIS); - goto err; - } - - /* create the polynomial */ - if (!BN_set_bit(p, (int)char_two->m)) - goto err; - if (!BN_set_bit(p, (int)tmp_long)) - goto err; - if (!BN_set_bit(p, 0)) - goto err; - } else if (tmp == NID_X9_62_ppBasis) { - X9_62_PENTANOMIAL *penta; - - penta = char_two->p.ppBasis; - if (penta == NULL) { - ERR_raise(ERR_LIB_EC, EC_R_ASN1_ERROR); - goto err; - } - - if (! - (char_two->m > penta->k3 && penta->k3 > penta->k2 - && penta->k2 > penta->k1 && penta->k1 > 0)) { - ERR_raise(ERR_LIB_EC, EC_R_INVALID_PENTANOMIAL_BASIS); - goto err; - } - - /* create the polynomial */ - if (!BN_set_bit(p, (int)char_two->m)) - goto err; - if (!BN_set_bit(p, (int)penta->k1)) - goto err; - if (!BN_set_bit(p, (int)penta->k2)) - goto err; - if (!BN_set_bit(p, (int)penta->k3)) - goto err; - if (!BN_set_bit(p, 0)) - goto err; - } else if (tmp == NID_X9_62_onBasis) { - ERR_raise(ERR_LIB_EC, EC_R_NOT_IMPLEMENTED); - goto err; - } else { /* error */ - - ERR_raise(ERR_LIB_EC, EC_R_ASN1_ERROR); - goto err; - } - - /* create the EC_GROUP structure */ - ret = EC_GROUP_new_curve_GF2m(p, a, b, NULL); - } -#endif - else if (tmp == NID_X9_62_prime_field) { - /* we have a curve over a prime field */ - /* extract the prime number */ - if (params->fieldID->p.prime == NULL) { - ERR_raise(ERR_LIB_EC, EC_R_ASN1_ERROR); - goto err; - } - p = ASN1_INTEGER_to_BN(params->fieldID->p.prime, NULL); - if (p == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_ASN1_LIB); - goto err; - } - - if (BN_is_negative(p) || BN_is_zero(p)) { - ERR_raise(ERR_LIB_EC, EC_R_INVALID_FIELD); - goto err; - } - - field_bits = BN_num_bits(p); - if (field_bits > OPENSSL_ECC_MAX_FIELD_BITS) { - ERR_raise(ERR_LIB_EC, EC_R_FIELD_TOO_LARGE); - goto err; - } - - /* create the EC_GROUP structure */ - ret = EC_GROUP_new_curve_GFp(p, a, b, NULL); - } else { - ERR_raise(ERR_LIB_EC, EC_R_INVALID_FIELD); - goto err; - } - - if (ret == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); - goto err; - } - - /* extract seed (optional) */ - if (params->curve->seed != NULL) { - /* - * This happens for instance with - * fuzz/corpora/asn1/65cf44e85614c62f10cf3b7a7184c26293a19e4a - * and causes the OPENSSL_malloc below to choke on the - * zero length allocation request. - */ - if (params->curve->seed->length == 0) { - ERR_raise(ERR_LIB_EC, EC_R_ASN1_ERROR); - goto err; - } - OPENSSL_free(ret->seed); - if ((ret->seed = OPENSSL_malloc(params->curve->seed->length)) == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); - goto err; - } - memcpy(ret->seed, params->curve->seed->data, - params->curve->seed->length); - ret->seed_len = params->curve->seed->length; - } - - if (params->order == NULL - || params->base == NULL - || params->base->data == NULL - || params->base->length == 0) { - ERR_raise(ERR_LIB_EC, EC_R_ASN1_ERROR); - goto err; - } - - if ((point = EC_POINT_new(ret)) == NULL) - goto err; - - /* set the point conversion form */ - EC_GROUP_set_point_conversion_form(ret, (point_conversion_form_t) - (params->base->data[0] & ~0x01)); - - /* extract the ec point */ - if (!EC_POINT_oct2point(ret, point, params->base->data, - params->base->length, NULL)) { - ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); - goto err; - } - - /* extract the order */ - if (ASN1_INTEGER_to_BN(params->order, a) == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_ASN1_LIB); - goto err; - } - if (BN_is_negative(a) || BN_is_zero(a)) { - ERR_raise(ERR_LIB_EC, EC_R_INVALID_GROUP_ORDER); - goto err; - } - if (BN_num_bits(a) > (int)field_bits + 1) { /* Hasse bound */ - ERR_raise(ERR_LIB_EC, EC_R_INVALID_GROUP_ORDER); - goto err; - } - - /* extract the cofactor (optional) */ - if (params->cofactor == NULL) { - BN_free(b); - b = NULL; - } else if (ASN1_INTEGER_to_BN(params->cofactor, b) == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_ASN1_LIB); - goto err; - } - /* set the generator, order and cofactor (if present) */ - if (!EC_GROUP_set_generator(ret, point, a, b)) { - ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); - goto err; - } - - /* - * Check if the explicit parameters group just created matches one of the - * built-in curves. - * - * We create a copy of the group just built, so that we can remove optional - * fields for the lookup: we do this to avoid the possibility that one of - * the optional parameters is used to force the library into using a less - * performant and less secure EC_METHOD instead of the specialized one. - * In any case, `seed` is not really used in any computation, while a - * cofactor different from the one in the built-in table is just - * mathematically wrong anyway and should not be used. - */ - if ((ctx = BN_CTX_new()) == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); - goto err; - } - if ((dup = EC_GROUP_dup(ret)) == NULL - || EC_GROUP_set_seed(dup, NULL, 0) != 1 - || !EC_GROUP_set_generator(dup, point, a, NULL)) { - ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); - goto err; - } - if ((curve_name = ossl_ec_curve_nid_from_params(dup, ctx)) != NID_undef) { - /* - * The input explicit parameters successfully matched one of the - * built-in curves: often for built-in curves we have specialized - * methods with better performance and hardening. - * - * In this case we replace the `EC_GROUP` created through explicit - * parameters with one created from a named group. - */ - EC_GROUP *named_group = NULL; - -#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 - /* - * NID_wap_wsg_idm_ecid_wtls12 and NID_secp224r1 are both aliases for - * the same curve, we prefer the SECP nid when matching explicit - * parameters as that is associated with a specialized EC_METHOD. - */ - if (curve_name == NID_wap_wsg_idm_ecid_wtls12) - curve_name = NID_secp224r1; -#endif /* !def(OPENSSL_NO_EC_NISTP_64_GCC_128) */ - - if ((named_group = EC_GROUP_new_by_curve_name(curve_name)) == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); - goto err; - } - EC_GROUP_free(ret); - ret = named_group; - - /* - * Set the flag so that EC_GROUPs created from explicit parameters are - * serialized using explicit parameters by default. - */ - EC_GROUP_set_asn1_flag(ret, OPENSSL_EC_EXPLICIT_CURVE); - - /* - * If the input params do not contain the optional seed field we make - * sure it is not added to the returned group. - * - * The seed field is not really used inside libcrypto anyway, and - * adding it to parsed explicit parameter keys would alter their DER - * encoding output (because of the extra field) which could impact - * applications fingerprinting keys by their DER encoding. - */ - if (params->curve->seed == NULL) { - if (EC_GROUP_set_seed(ret, NULL, 0) != 1) - goto err; - } - } - - ok = 1; - - err: - if (!ok) { - EC_GROUP_free(ret); - ret = NULL; - } - EC_GROUP_free(dup); - - BN_free(p); - BN_free(a); - BN_free(b); - EC_POINT_free(point); - - BN_CTX_free(ctx); - - return ret; -} - -EC_GROUP *EC_GROUP_new_from_ecpkparameters(const ECPKPARAMETERS *params) -{ - EC_GROUP *ret = NULL; - int tmp = 0; - - if (params == NULL) { - ERR_raise(ERR_LIB_EC, EC_R_MISSING_PARAMETERS); - return NULL; - } - - if (params->type == ECPKPARAMETERS_TYPE_NAMED) { - /* the curve is given by an OID */ - tmp = OBJ_obj2nid(params->value.named_curve); - if ((ret = EC_GROUP_new_by_curve_name(tmp)) == NULL) { - ERR_raise(ERR_LIB_EC, EC_R_EC_GROUP_NEW_BY_NAME_FAILURE); - return NULL; - } - EC_GROUP_set_asn1_flag(ret, OPENSSL_EC_NAMED_CURVE); - } else if (params->type == ECPKPARAMETERS_TYPE_EXPLICIT) { - /* the parameters are given by an ECPARAMETERS structure */ - ret = EC_GROUP_new_from_ecparameters(params->value.parameters); - if (!ret) { - ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); - return NULL; - } - EC_GROUP_set_asn1_flag(ret, OPENSSL_EC_EXPLICIT_CURVE); - } else if (params->type == ECPKPARAMETERS_TYPE_IMPLICIT) { - /* implicit parameters inherited from CA - unsupported */ - return NULL; - } else { - ERR_raise(ERR_LIB_EC, EC_R_ASN1_ERROR); - return NULL; - } - - return ret; -} - -/* EC_GROUP <-> DER encoding of ECPKPARAMETERS */ - -EC_GROUP *d2i_ECPKParameters(EC_GROUP **a, const unsigned char **in, long len) -{ - EC_GROUP *group = NULL; - ECPKPARAMETERS *params = NULL; - const unsigned char *p = *in; - - if ((params = d2i_ECPKPARAMETERS(NULL, &p, len)) == NULL) { - ECPKPARAMETERS_free(params); - return NULL; - } - - if ((group = EC_GROUP_new_from_ecpkparameters(params)) == NULL) { - ECPKPARAMETERS_free(params); - return NULL; - } - - if (params->type == ECPKPARAMETERS_TYPE_EXPLICIT) - group->decoded_from_explicit_params = 1; - - if (a) { - EC_GROUP_free(*a); - *a = group; - } - - ECPKPARAMETERS_free(params); - *in = p; - return group; -} - -int i2d_ECPKParameters(const EC_GROUP *a, unsigned char **out) -{ - int ret = 0; - ECPKPARAMETERS *tmp = EC_GROUP_get_ecpkparameters(a, NULL); - if (tmp == NULL) { - ERR_raise(ERR_LIB_EC, EC_R_GROUP2PKPARAMETERS_FAILURE); - return 0; - } - if ((ret = i2d_ECPKPARAMETERS(tmp, out)) == 0) { - ERR_raise(ERR_LIB_EC, EC_R_I2D_ECPKPARAMETERS_FAILURE); - ECPKPARAMETERS_free(tmp); - return 0; - } - ECPKPARAMETERS_free(tmp); - return ret; -} - -/* some EC_KEY functions */ - -EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len) -{ - EC_KEY *ret = NULL; - EC_PRIVATEKEY *priv_key = NULL; - const unsigned char *p = *in; - - if ((priv_key = d2i_EC_PRIVATEKEY(NULL, &p, len)) == NULL) - return NULL; - - if (a == NULL || *a == NULL) { - if ((ret = EC_KEY_new()) == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); - goto err; - } - } else - ret = *a; - - if (priv_key->parameters) { - EC_GROUP_free(ret->group); - ret->group = EC_GROUP_new_from_ecpkparameters(priv_key->parameters); - if (ret->group != NULL - && priv_key->parameters->type == ECPKPARAMETERS_TYPE_EXPLICIT) - ret->group->decoded_from_explicit_params = 1; - } - - if (ret->group == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); - goto err; - } - - ret->version = priv_key->version; - - if (priv_key->privateKey) { - ASN1_OCTET_STRING *pkey = priv_key->privateKey; - if (EC_KEY_oct2priv(ret, ASN1_STRING_get0_data(pkey), - ASN1_STRING_length(pkey)) == 0) - goto err; - } else { - ERR_raise(ERR_LIB_EC, EC_R_MISSING_PRIVATE_KEY); - goto err; - } - - if (EC_GROUP_get_curve_name(ret->group) == NID_sm2) - EC_KEY_set_flags(ret, EC_FLAG_SM2_RANGE); - - EC_POINT_clear_free(ret->pub_key); - ret->pub_key = EC_POINT_new(ret->group); - if (ret->pub_key == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); - goto err; - } - - if (priv_key->publicKey) { - const unsigned char *pub_oct; - int pub_oct_len; - - pub_oct = ASN1_STRING_get0_data(priv_key->publicKey); - pub_oct_len = ASN1_STRING_length(priv_key->publicKey); - if (!EC_KEY_oct2key(ret, pub_oct, pub_oct_len, NULL)) { - ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); - goto err; - } - } else { - if (ret->group->meth->keygenpub == NULL - || ret->group->meth->keygenpub(ret) == 0) - goto err; - /* Remember the original private-key-only encoding. */ - ret->enc_flag |= EC_PKEY_NO_PUBKEY; - } - - if (a) - *a = ret; - EC_PRIVATEKEY_free(priv_key); - *in = p; - ret->dirty_cnt++; - return ret; - - err: - if (a == NULL || *a != ret) - EC_KEY_free(ret); - EC_PRIVATEKEY_free(priv_key); - return NULL; -} - -int i2d_ECPrivateKey(const EC_KEY *a, unsigned char **out) -{ - int ret = 0, ok = 0; - unsigned char *priv= NULL, *pub= NULL; - size_t privlen = 0, publen = 0; - - EC_PRIVATEKEY *priv_key = NULL; - - if (a == NULL || a->group == NULL || - (!(a->enc_flag & EC_PKEY_NO_PUBKEY) && a->pub_key == NULL)) { - ERR_raise(ERR_LIB_EC, ERR_R_PASSED_NULL_PARAMETER); - goto err; - } - - if ((priv_key = EC_PRIVATEKEY_new()) == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); - goto err; - } - - priv_key->version = a->version; - - privlen = EC_KEY_priv2buf(a, &priv); - - if (privlen == 0) { - ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); - goto err; - } - - ASN1_STRING_set0(priv_key->privateKey, priv, privlen); - priv = NULL; - - if (!(a->enc_flag & EC_PKEY_NO_PARAMETERS)) { - if ((priv_key->parameters = - EC_GROUP_get_ecpkparameters(a->group, - priv_key->parameters)) == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); - goto err; - } - } - - if (!(a->enc_flag & EC_PKEY_NO_PUBKEY)) { - priv_key->publicKey = ASN1_BIT_STRING_new(); - if (priv_key->publicKey == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); - goto err; - } - - publen = EC_KEY_key2buf(a, a->conv_form, &pub, NULL); - - if (publen == 0) { - ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); - goto err; - } - - priv_key->publicKey->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); - priv_key->publicKey->flags |= ASN1_STRING_FLAG_BITS_LEFT; - ASN1_STRING_set0(priv_key->publicKey, pub, publen); - pub = NULL; - } - - if ((ret = i2d_EC_PRIVATEKEY(priv_key, out)) == 0) { - ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); - goto err; - } - ok = 1; - err: - OPENSSL_clear_free(priv, privlen); - OPENSSL_free(pub); - EC_PRIVATEKEY_free(priv_key); - return (ok ? ret : 0); -} - -int i2d_ECParameters(const EC_KEY *a, unsigned char **out) -{ - if (a == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - return i2d_ECPKParameters(a->group, out); -} - -EC_KEY *d2i_ECParameters(EC_KEY **a, const unsigned char **in, long len) -{ - EC_KEY *ret; - - if (in == NULL || *in == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_PASSED_NULL_PARAMETER); - return NULL; - } - - if (a == NULL || *a == NULL) { - if ((ret = EC_KEY_new()) == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); - return NULL; - } - } else - ret = *a; - - if (!d2i_ECPKParameters(&ret->group, in, len)) { - if (a == NULL || *a != ret) - EC_KEY_free(ret); - else - ret->dirty_cnt++; - return NULL; - } - - if (EC_GROUP_get_curve_name(ret->group) == NID_sm2) - EC_KEY_set_flags(ret, EC_FLAG_SM2_RANGE); - - ret->dirty_cnt++; - - if (a) - *a = ret; - - return ret; -} - -EC_KEY *o2i_ECPublicKey(EC_KEY **a, const unsigned char **in, long len) -{ - EC_KEY *ret = NULL; - - if (a == NULL || (*a) == NULL || (*a)->group == NULL) { - /* - * sorry, but a EC_GROUP-structure is necessary to set the public key - */ - ERR_raise(ERR_LIB_EC, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - ret = *a; - /* EC_KEY_opt2key updates dirty_cnt */ - if (!EC_KEY_oct2key(ret, *in, len, NULL)) { - ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); - return 0; - } - *in += len; - return ret; -} - -int i2o_ECPublicKey(const EC_KEY *a, unsigned char **out) -{ - size_t buf_len = 0; - int new_buffer = 0; - - if (a == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - - buf_len = EC_POINT_point2oct(a->group, a->pub_key, - a->conv_form, NULL, 0, NULL); - - if (out == NULL || buf_len == 0) - /* out == NULL => just return the length of the octet string */ - return buf_len; - - if (*out == NULL) { - if ((*out = OPENSSL_malloc(buf_len)) == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); - return 0; - } - new_buffer = 1; - } - if (!EC_POINT_point2oct(a->group, a->pub_key, a->conv_form, - *out, buf_len, NULL)) { - ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); - if (new_buffer) { - OPENSSL_free(*out); - *out = NULL; - } - return 0; - } - if (!new_buffer) - *out += buf_len; - return buf_len; -} - -DECLARE_ASN1_FUNCTIONS(ECDSA_SIG) -DECLARE_ASN1_ENCODE_FUNCTIONS_name(ECDSA_SIG, ECDSA_SIG) - -#endif /* FIPS_MODULE */ - -ECDSA_SIG *ECDSA_SIG_new(void) -{ - ECDSA_SIG *sig = OPENSSL_zalloc(sizeof(*sig)); - if (sig == NULL) - ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); - return sig; -} - -void ECDSA_SIG_free(ECDSA_SIG *sig) -{ - if (sig == NULL) - return; - BN_clear_free(sig->r); - BN_clear_free(sig->s); - OPENSSL_free(sig); -} - -ECDSA_SIG *d2i_ECDSA_SIG(ECDSA_SIG **psig, const unsigned char **ppin, long len) -{ - ECDSA_SIG *sig; - - if (len < 0) - return NULL; - if (psig != NULL && *psig != NULL) { - sig = *psig; - } else { - sig = ECDSA_SIG_new(); - if (sig == NULL) - return NULL; - } - if (sig->r == NULL) - sig->r = BN_new(); - if (sig->s == NULL) - sig->s = BN_new(); - if (sig->r == NULL || sig->s == NULL - || ossl_decode_der_dsa_sig(sig->r, sig->s, ppin, (size_t)len) == 0) { - if (psig == NULL || *psig == NULL) - ECDSA_SIG_free(sig); - return NULL; - } - if (psig != NULL && *psig == NULL) - *psig = sig; - return sig; -} - -int i2d_ECDSA_SIG(const ECDSA_SIG *sig, unsigned char **ppout) -{ - BUF_MEM *buf = NULL; - size_t encoded_len; - WPACKET pkt; - - if (ppout == NULL) { - if (!WPACKET_init_null(&pkt, 0)) - return -1; - } else if (*ppout == NULL) { - if ((buf = BUF_MEM_new()) == NULL - || !WPACKET_init_len(&pkt, buf, 0)) { - BUF_MEM_free(buf); - return -1; - } - } else { - if (!WPACKET_init_static_len(&pkt, *ppout, SIZE_MAX, 0)) - return -1; - } - - if (!ossl_encode_der_dsa_sig(&pkt, sig->r, sig->s) - || !WPACKET_get_total_written(&pkt, &encoded_len) - || !WPACKET_finish(&pkt)) { - BUF_MEM_free(buf); - WPACKET_cleanup(&pkt); - return -1; - } - - if (ppout != NULL) { - if (*ppout == NULL) { - *ppout = (unsigned char *)buf->data; - buf->data = NULL; - BUF_MEM_free(buf); - } else { - *ppout += encoded_len; - } - } - - return (int)encoded_len; -} - -void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps) -{ - if (pr != NULL) - *pr = sig->r; - if (ps != NULL) - *ps = sig->s; -} - -const BIGNUM *ECDSA_SIG_get0_r(const ECDSA_SIG *sig) -{ - return sig->r; -} - -const BIGNUM *ECDSA_SIG_get0_s(const ECDSA_SIG *sig) -{ - return sig->s; -} - -int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s) -{ - if (r == NULL || s == NULL) - return 0; - BN_clear_free(sig->r); - BN_clear_free(sig->s); - sig->r = r; - sig->s = s; - return 1; -} - -int ECDSA_size(const EC_KEY *ec) -{ - int ret; - ECDSA_SIG sig; - const EC_GROUP *group; - const BIGNUM *bn; - - if (ec == NULL) - return 0; - group = EC_KEY_get0_group(ec); - if (group == NULL) - return 0; - - bn = EC_GROUP_get0_order(group); - if (bn == NULL) - return 0; - - sig.r = sig.s = (BIGNUM *)bn; - ret = i2d_ECDSA_SIG(&sig, NULL); - - if (ret < 0) - ret = 0; - return ret; -} diff --git a/crypto/ec/ec_backend.c b/crypto/ec/ec_backend.c deleted file mode 100644 index 98e2c418e416c865a5a3681a17ab2155392a8484..0000000000000000000000000000000000000000 --- a/crypto/ec/ec_backend.c +++ /dev/null @@ -1,842 +0,0 @@ -/* - * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * Low level APIs related to EC_KEY are deprecated for public use, - * but still ok for internal use. - */ -#include "internal/deprecated.h" - -#include -#include -#include -#include -#ifndef FIPS_MODULE -# include -# include -#endif -#include "crypto/bn.h" -#include "crypto/ec.h" -#include "ec_local.h" -#include "e_os.h" -#include "internal/param_build_set.h" - -/* Mapping between a flag and a name */ -static const OSSL_ITEM encoding_nameid_map[] = { - { OPENSSL_EC_EXPLICIT_CURVE, OSSL_PKEY_EC_ENCODING_EXPLICIT }, - { OPENSSL_EC_NAMED_CURVE, OSSL_PKEY_EC_ENCODING_GROUP }, -}; - -static const OSSL_ITEM check_group_type_nameid_map[] = { - { 0, OSSL_PKEY_EC_GROUP_CHECK_DEFAULT }, - { EC_FLAG_CHECK_NAMED_GROUP, OSSL_PKEY_EC_GROUP_CHECK_NAMED }, - { EC_FLAG_CHECK_NAMED_GROUP_NIST, OSSL_PKEY_EC_GROUP_CHECK_NAMED_NIST }, -}; - -static const OSSL_ITEM format_nameid_map[] = { - { (int)POINT_CONVERSION_UNCOMPRESSED, OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_UNCOMPRESSED }, - { (int)POINT_CONVERSION_COMPRESSED, OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_COMPRESSED }, - { (int)POINT_CONVERSION_HYBRID, OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_HYBRID }, -}; - -int ossl_ec_encoding_name2id(const char *name) -{ - size_t i, sz; - - /* Return the default value if there is no name */ - if (name == NULL) - return OPENSSL_EC_NAMED_CURVE; - - for (i = 0, sz = OSSL_NELEM(encoding_nameid_map); i < sz; i++) { - if (OPENSSL_strcasecmp(name, encoding_nameid_map[i].ptr) == 0) - return encoding_nameid_map[i].id; - } - return -1; -} - -static char *ec_param_encoding_id2name(int id) -{ - size_t i, sz; - - for (i = 0, sz = OSSL_NELEM(encoding_nameid_map); i < sz; i++) { - if (id == (int)encoding_nameid_map[i].id) - return encoding_nameid_map[i].ptr; - } - return NULL; -} - -char *ossl_ec_check_group_type_id2name(int id) -{ - size_t i, sz; - - for (i = 0, sz = OSSL_NELEM(check_group_type_nameid_map); i < sz; i++) { - if (id == (int)check_group_type_nameid_map[i].id) - return check_group_type_nameid_map[i].ptr; - } - return NULL; -} - -static int ec_check_group_type_name2id(const char *name) -{ - size_t i, sz; - - /* Return the default value if there is no name */ - if (name == NULL) - return 0; - - for (i = 0, sz = OSSL_NELEM(check_group_type_nameid_map); i < sz; i++) { - if (OPENSSL_strcasecmp(name, check_group_type_nameid_map[i].ptr) == 0) - return check_group_type_nameid_map[i].id; - } - return -1; -} - -int ossl_ec_set_check_group_type_from_name(EC_KEY *ec, const char *name) -{ - int flags = ec_check_group_type_name2id(name); - - if (flags == -1) - return 0; - EC_KEY_clear_flags(ec, EC_FLAG_CHECK_NAMED_GROUP_MASK); - EC_KEY_set_flags(ec, flags); - return 1; -} - -static int ec_set_check_group_type_from_param(EC_KEY *ec, const OSSL_PARAM *p) -{ - const char *name = NULL; - int status = 0; - - switch (p->data_type) { - case OSSL_PARAM_UTF8_STRING: - name = p->data; - status = (name != NULL); - break; - case OSSL_PARAM_UTF8_PTR: - status = OSSL_PARAM_get_utf8_ptr(p, &name); - break; - } - if (status) - return ossl_ec_set_check_group_type_from_name(ec, name); - return 0; -} - -int ossl_ec_pt_format_name2id(const char *name) -{ - size_t i, sz; - - /* Return the default value if there is no name */ - if (name == NULL) - return (int)POINT_CONVERSION_UNCOMPRESSED; - - for (i = 0, sz = OSSL_NELEM(format_nameid_map); i < sz; i++) { - if (OPENSSL_strcasecmp(name, format_nameid_map[i].ptr) == 0) - return format_nameid_map[i].id; - } - return -1; -} - -char *ossl_ec_pt_format_id2name(int id) -{ - size_t i, sz; - - for (i = 0, sz = OSSL_NELEM(format_nameid_map); i < sz; i++) { - if (id == (int)format_nameid_map[i].id) - return format_nameid_map[i].ptr; - } - return NULL; -} - -static int ec_group_explicit_todata(const EC_GROUP *group, OSSL_PARAM_BLD *tmpl, - OSSL_PARAM params[], BN_CTX *bnctx, - unsigned char **genbuf) -{ - int ret = 0, fid; - const char *field_type; - const OSSL_PARAM *param = NULL; - const OSSL_PARAM *param_p = NULL; - const OSSL_PARAM *param_a = NULL; - const OSSL_PARAM *param_b = NULL; - - fid = EC_GROUP_get_field_type(group); - - if (fid == NID_X9_62_prime_field) { - field_type = SN_X9_62_prime_field; - } else if (fid == NID_X9_62_characteristic_two_field) { -#ifdef OPENSSL_NO_EC2M - ERR_raise(ERR_LIB_EC, EC_R_GF2M_NOT_SUPPORTED); - goto err; -#else - field_type = SN_X9_62_characteristic_two_field; -#endif - } else { - ERR_raise(ERR_LIB_EC, EC_R_INVALID_FIELD); - return 0; - } - - param_p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_EC_P); - param_a = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_EC_A); - param_b = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_EC_B); - if (tmpl != NULL || param_p != NULL || param_a != NULL || param_b != NULL) - { - BIGNUM *p = BN_CTX_get(bnctx); - BIGNUM *a = BN_CTX_get(bnctx); - BIGNUM *b = BN_CTX_get(bnctx); - - if (b == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); - goto err; - } - - if (!EC_GROUP_get_curve(group, p, a, b, bnctx)) { - ERR_raise(ERR_LIB_EC, EC_R_INVALID_CURVE); - goto err; - } - if (!ossl_param_build_set_bn(tmpl, params, OSSL_PKEY_PARAM_EC_P, p) - || !ossl_param_build_set_bn(tmpl, params, OSSL_PKEY_PARAM_EC_A, a) - || !ossl_param_build_set_bn(tmpl, params, OSSL_PKEY_PARAM_EC_B, b)) { - ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); - goto err; - } - } - - param = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_EC_ORDER); - if (tmpl != NULL || param != NULL) { - const BIGNUM *order = EC_GROUP_get0_order(group); - - if (order == NULL) { - ERR_raise(ERR_LIB_EC, EC_R_INVALID_GROUP_ORDER); - goto err; - } - if (!ossl_param_build_set_bn(tmpl, params, OSSL_PKEY_PARAM_EC_ORDER, - order)) { - ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); - goto err; - } - } - - param = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_EC_FIELD_TYPE); - if (tmpl != NULL || param != NULL) { - if (!ossl_param_build_set_utf8_string(tmpl, params, - OSSL_PKEY_PARAM_EC_FIELD_TYPE, - field_type)) { - ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); - goto err; - } - } - - param = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_EC_GENERATOR); - if (tmpl != NULL || param != NULL) { - size_t genbuf_len; - const EC_POINT *genpt = EC_GROUP_get0_generator(group); - point_conversion_form_t genform = EC_GROUP_get_point_conversion_form(group); - - if (genpt == NULL) { - ERR_raise(ERR_LIB_EC, EC_R_INVALID_GENERATOR); - goto err; - } - genbuf_len = EC_POINT_point2buf(group, genpt, genform, genbuf, bnctx); - if (genbuf_len == 0) { - ERR_raise(ERR_LIB_EC, EC_R_INVALID_GENERATOR); - goto err; - } - if (!ossl_param_build_set_octet_string(tmpl, params, - OSSL_PKEY_PARAM_EC_GENERATOR, - *genbuf, genbuf_len)) { - ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); - goto err; - } - } - - param = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_EC_COFACTOR); - if (tmpl != NULL || param != NULL) { - const BIGNUM *cofactor = EC_GROUP_get0_cofactor(group); - - if (cofactor != NULL - && !ossl_param_build_set_bn(tmpl, params, - OSSL_PKEY_PARAM_EC_COFACTOR, cofactor)) { - ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); - goto err; - } - } - - param = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_EC_SEED); - if (tmpl != NULL || param != NULL) { - unsigned char *seed = EC_GROUP_get0_seed(group); - size_t seed_len = EC_GROUP_get_seed_len(group); - - if (seed != NULL - && seed_len > 0 - && !ossl_param_build_set_octet_string(tmpl, params, - OSSL_PKEY_PARAM_EC_SEED, - seed, seed_len)) { - ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); - goto err; - } - } - ret = 1; -err: - return ret; -} - -int ossl_ec_group_todata(const EC_GROUP *group, OSSL_PARAM_BLD *tmpl, - OSSL_PARAM params[], OSSL_LIB_CTX *libctx, - const char *propq, - BN_CTX *bnctx, unsigned char **genbuf) -{ - int ret = 0, curve_nid, encoding_flag; - const char *encoding_name, *pt_form_name; - point_conversion_form_t genform; - - if (group == NULL) { - ERR_raise(ERR_LIB_EC,EC_R_PASSED_NULL_PARAMETER); - return 0; - } - - genform = EC_GROUP_get_point_conversion_form(group); - pt_form_name = ossl_ec_pt_format_id2name(genform); - if (pt_form_name == NULL - || !ossl_param_build_set_utf8_string( - tmpl, params, - OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT, pt_form_name)) { - ERR_raise(ERR_LIB_EC, EC_R_INVALID_FORM); - return 0; - } - encoding_flag = EC_GROUP_get_asn1_flag(group) & OPENSSL_EC_NAMED_CURVE; - encoding_name = ec_param_encoding_id2name(encoding_flag); - if (encoding_name == NULL - || !ossl_param_build_set_utf8_string(tmpl, params, - OSSL_PKEY_PARAM_EC_ENCODING, - encoding_name)) { - ERR_raise(ERR_LIB_EC, EC_R_INVALID_ENCODING); - return 0; - } - - if (!ossl_param_build_set_int(tmpl, params, - OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS, - group->decoded_from_explicit_params)) - return 0; - - curve_nid = EC_GROUP_get_curve_name(group); - - /* - * Get the explicit parameters in these two cases: - * - We do not have a template, i.e. specific parameters are requested - * - The curve is not a named curve - */ - if (tmpl == NULL || curve_nid == NID_undef) - if (!ec_group_explicit_todata(group, tmpl, params, bnctx, genbuf)) - goto err; - - if (curve_nid != NID_undef) { - /* Named curve */ - const char *curve_name = OSSL_EC_curve_nid2name(curve_nid); - - if (curve_name == NULL - || !ossl_param_build_set_utf8_string(tmpl, params, - OSSL_PKEY_PARAM_GROUP_NAME, - curve_name)) { - ERR_raise(ERR_LIB_EC, EC_R_INVALID_CURVE); - goto err; - } - } - ret = 1; -err: - return ret; -} - -/* - * The intention with the "backend" source file is to offer backend support - * for legacy backends (EVP_PKEY_ASN1_METHOD and EVP_PKEY_METHOD) and provider - * implementations alike. - */ -int ossl_ec_set_ecdh_cofactor_mode(EC_KEY *ec, int mode) -{ - const EC_GROUP *ecg = EC_KEY_get0_group(ec); - const BIGNUM *cofactor; - /* - * mode can be only 0 for disable, or 1 for enable here. - * - * This is in contrast with the same parameter on an ECDH EVP_PKEY_CTX that - * also supports mode == -1 with the meaning of "reset to the default for - * the associated key". - */ - if (mode < 0 || mode > 1) - return 0; - - if ((cofactor = EC_GROUP_get0_cofactor(ecg)) == NULL ) - return 0; - - /* ECDH cofactor mode has no effect if cofactor is 1 */ - if (BN_is_one(cofactor)) - return 1; - - if (mode == 1) - EC_KEY_set_flags(ec, EC_FLAG_COFACTOR_ECDH); - else if (mode == 0) - EC_KEY_clear_flags(ec, EC_FLAG_COFACTOR_ECDH); - - return 1; -} - -/* - * Callers of ossl_ec_key_fromdata MUST make sure that ec_key_params_fromdata has - * been called before! - * - * This function only gets the bare keypair, domain parameters and other - * parameters are treated separately, and domain parameters are required to - * define a keypair. - */ -int ossl_ec_key_fromdata(EC_KEY *ec, const OSSL_PARAM params[], int include_private) -{ - const OSSL_PARAM *param_priv_key = NULL, *param_pub_key = NULL; - BN_CTX *ctx = NULL; - BIGNUM *priv_key = NULL; - unsigned char *pub_key = NULL; - size_t pub_key_len; - const EC_GROUP *ecg = NULL; - EC_POINT *pub_point = NULL; - int ok = 0; - - ecg = EC_KEY_get0_group(ec); - if (ecg == NULL) - return 0; - - param_pub_key = - OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PUB_KEY); - if (include_private) - param_priv_key = - OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PRIV_KEY); - - ctx = BN_CTX_new_ex(ossl_ec_key_get_libctx(ec)); - if (ctx == NULL) - goto err; - - if (param_pub_key != NULL) - if (!OSSL_PARAM_get_octet_string(param_pub_key, - (void **)&pub_key, 0, &pub_key_len) - || (pub_point = EC_POINT_new(ecg)) == NULL - || !EC_POINT_oct2point(ecg, pub_point, pub_key, pub_key_len, ctx)) - goto err; - - if (param_priv_key != NULL && include_private) { - int fixed_words; - const BIGNUM *order; - - /* - * Key import/export should never leak the bit length of the secret - * scalar in the key. - * - * For this reason, on export we use padded BIGNUMs with fixed length. - * - * When importing we also should make sure that, even if short lived, - * the newly created BIGNUM is marked with the BN_FLG_CONSTTIME flag as - * soon as possible, so that any processing of this BIGNUM might opt for - * constant time implementations in the backend. - * - * Setting the BN_FLG_CONSTTIME flag alone is never enough, we also have - * to preallocate the BIGNUM internal buffer to a fixed public size big - * enough that operations performed during the processing never trigger - * a realloc which would leak the size of the scalar through memory - * accesses. - * - * Fixed Length - * ------------ - * - * The order of the large prime subgroup of the curve is our choice for - * a fixed public size, as that is generally the upper bound for - * generating a private key in EC cryptosystems and should fit all valid - * secret scalars. - * - * For padding on export we just use the bit length of the order - * converted to bytes (rounding up). - * - * For preallocating the BIGNUM storage we look at the number of "words" - * required for the internal representation of the order, and we - * preallocate 2 extra "words" in case any of the subsequent processing - * might temporarily overflow the order length. - */ - order = EC_GROUP_get0_order(ecg); - if (order == NULL || BN_is_zero(order)) - goto err; - - fixed_words = bn_get_top(order) + 2; - - if ((priv_key = BN_secure_new()) == NULL) - goto err; - if (bn_wexpand(priv_key, fixed_words) == NULL) - goto err; - BN_set_flags(priv_key, BN_FLG_CONSTTIME); - - if (!OSSL_PARAM_get_BN(param_priv_key, &priv_key)) - goto err; - } - - if (priv_key != NULL - && !EC_KEY_set_private_key(ec, priv_key)) - goto err; - - if (pub_point != NULL - && !EC_KEY_set_public_key(ec, pub_point)) - goto err; - - ok = 1; - - err: - BN_CTX_free(ctx); - BN_clear_free(priv_key); - OPENSSL_free(pub_key); - EC_POINT_free(pub_point); - return ok; -} - -int ossl_ec_group_fromdata(EC_KEY *ec, const OSSL_PARAM params[]) -{ - int ok = 0; - EC_GROUP *group = NULL; - - if (ec == NULL) - return 0; - - group = EC_GROUP_new_from_params(params, ossl_ec_key_get_libctx(ec), - ossl_ec_key_get0_propq(ec)); - - if (!EC_KEY_set_group(ec, group)) - goto err; - ok = 1; -err: - EC_GROUP_free(group); - return ok; -} - -static int ec_key_point_format_fromdata(EC_KEY *ec, const OSSL_PARAM params[]) -{ - const OSSL_PARAM *p; - int format = -1; - - p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT); - if (p != NULL) { - if (!ossl_ec_pt_format_param2id(p, &format)) { - ECerr(0, EC_R_INVALID_FORM); - return 0; - } - EC_KEY_set_conv_form(ec, format); - } - return 1; -} - -static int ec_key_group_check_fromdata(EC_KEY *ec, const OSSL_PARAM params[]) -{ - const OSSL_PARAM *p; - - p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_EC_GROUP_CHECK_TYPE); - if (p != NULL) - return ec_set_check_group_type_from_param(ec, p); - return 1; -} - -static int ec_set_include_public(EC_KEY *ec, int include) -{ - int flags = EC_KEY_get_enc_flags(ec); - - if (!include) - flags |= EC_PKEY_NO_PUBKEY; - else - flags &= ~EC_PKEY_NO_PUBKEY; - EC_KEY_set_enc_flags(ec, flags); - return 1; -} - -int ossl_ec_key_otherparams_fromdata(EC_KEY *ec, const OSSL_PARAM params[]) -{ - const OSSL_PARAM *p; - - if (ec == NULL) - return 0; - - p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_USE_COFACTOR_ECDH); - if (p != NULL) { - int mode; - - if (!OSSL_PARAM_get_int(p, &mode) - || !ossl_ec_set_ecdh_cofactor_mode(ec, mode)) - return 0; - } - - p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC); - if (p != NULL) { - int include = 1; - - if (!OSSL_PARAM_get_int(p, &include) - || !ec_set_include_public(ec, include)) - return 0; - } - if (!ec_key_point_format_fromdata(ec, params)) - return 0; - if (!ec_key_group_check_fromdata(ec, params)) - return 0; - return 1; -} - -int ossl_ec_key_is_foreign(const EC_KEY *ec) -{ -#ifndef FIPS_MODULE - if (ec->engine != NULL || EC_KEY_get_method(ec) != EC_KEY_OpenSSL()) - return 1; -#endif - return 0; - -} - -EC_KEY *ossl_ec_key_dup(const EC_KEY *src, int selection) -{ - EC_KEY *ret; - - if (src == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_PASSED_NULL_PARAMETER); - return NULL; - } - - if ((ret = ossl_ec_key_new_method_int(src->libctx, src->propq, - src->engine)) == NULL) - return NULL; - - /* copy the parameters */ - if (src->group != NULL - && (selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0) { - ret->group = ossl_ec_group_new_ex(src->libctx, src->propq, - src->group->meth); - if (ret->group == NULL - || !EC_GROUP_copy(ret->group, src->group)) - goto err; - - if (src->meth != NULL) { -#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE) - if (src->engine != NULL && ENGINE_init(src->engine) == 0) - goto err; - ret->engine = src->engine; -#endif - ret->meth = src->meth; - } - } - - /* copy the public key */ - if (src->pub_key != NULL - && (selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) { - if (ret->group == NULL) - /* no parameter-less keys allowed */ - goto err; - ret->pub_key = EC_POINT_new(ret->group); - if (ret->pub_key == NULL - || !EC_POINT_copy(ret->pub_key, src->pub_key)) - goto err; - } - - /* copy the private key */ - if (src->priv_key != NULL - && (selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) { - if (ret->group == NULL) - /* no parameter-less keys allowed */ - goto err; - ret->priv_key = BN_new(); - if (ret->priv_key == NULL || !BN_copy(ret->priv_key, src->priv_key)) - goto err; - if (ret->group->meth->keycopy - && ret->group->meth->keycopy(ret, src) == 0) - goto err; - } - - /* copy the rest */ - if ((selection & OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS) != 0) { - ret->enc_flag = src->enc_flag; - ret->conv_form = src->conv_form; - } - - ret->version = src->version; - ret->flags = src->flags; - -#ifndef FIPS_MODULE - if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_EC_KEY, - &ret->ex_data, &src->ex_data)) - goto err; -#endif - - if (ret->meth != NULL && ret->meth->copy != NULL) { - if ((selection - & OSSL_KEYMGMT_SELECT_KEYPAIR) != OSSL_KEYMGMT_SELECT_KEYPAIR) - goto err; - if (ret->meth->copy(ret, src) == 0) - goto err; - } - - return ret; - err: - EC_KEY_free(ret); - return NULL; -} - -int ossl_ec_encoding_param2id(const OSSL_PARAM *p, int *id) -{ - const char *name = NULL; - int status = 0; - - switch (p->data_type) { - case OSSL_PARAM_UTF8_STRING: - /* The OSSL_PARAM functions have no support for this */ - name = p->data; - status = (name != NULL); - break; - case OSSL_PARAM_UTF8_PTR: - status = OSSL_PARAM_get_utf8_ptr(p, &name); - break; - } - if (status) { - int i = ossl_ec_encoding_name2id(name); - - if (i >= 0) { - *id = i; - return 1; - } - } - return 0; -} - -int ossl_ec_pt_format_param2id(const OSSL_PARAM *p, int *id) -{ - const char *name = NULL; - int status = 0; - - switch (p->data_type) { - case OSSL_PARAM_UTF8_STRING: - /* The OSSL_PARAM functions have no support for this */ - name = p->data; - status = (name != NULL); - break; - case OSSL_PARAM_UTF8_PTR: - status = OSSL_PARAM_get_utf8_ptr(p, &name); - break; - } - if (status) { - int i = ossl_ec_pt_format_name2id(name); - - if (i >= 0) { - *id = i; - return 1; - } - } - return 0; -} - -#ifndef FIPS_MODULE -int ossl_x509_algor_is_sm2(const X509_ALGOR *palg) -{ - int ptype = 0; - const void *pval = NULL; - - X509_ALGOR_get0(NULL, &ptype, &pval, palg); - - if (ptype == V_ASN1_OBJECT) - return OBJ_obj2nid((ASN1_OBJECT *)pval) == NID_sm2; - - if (ptype == V_ASN1_SEQUENCE) { - const ASN1_STRING *str = pval; - const unsigned char *der = str->data; - int derlen = str->length; - EC_GROUP *group; - int ret; - - if ((group = d2i_ECPKParameters(NULL, &der, derlen)) == NULL) - ret = 0; - else - ret = (EC_GROUP_get_curve_name(group) == NID_sm2); - - EC_GROUP_free(group); - return ret; - } - - return 0; -} - -EC_KEY *ossl_ec_key_param_from_x509_algor(const X509_ALGOR *palg, - OSSL_LIB_CTX *libctx, const char *propq) -{ - int ptype = 0; - const void *pval = NULL; - EC_KEY *eckey = NULL; - EC_GROUP *group = NULL; - - X509_ALGOR_get0(NULL, &ptype, &pval, palg); - if ((eckey = EC_KEY_new_ex(libctx, propq)) == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); - goto ecerr; - } - - if (ptype == V_ASN1_SEQUENCE) { - const ASN1_STRING *pstr = pval; - const unsigned char *pm = pstr->data; - int pmlen = pstr->length; - - - if (d2i_ECParameters(&eckey, &pm, pmlen) == NULL) { - ERR_raise(ERR_LIB_EC, EC_R_DECODE_ERROR); - goto ecerr; - } - } else if (ptype == V_ASN1_OBJECT) { - const ASN1_OBJECT *poid = pval; - - /* - * type == V_ASN1_OBJECT => the parameters are given by an asn1 OID - */ - - group = EC_GROUP_new_by_curve_name_ex(libctx, propq, OBJ_obj2nid(poid)); - if (group == NULL) - goto ecerr; - EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE); - if (EC_KEY_set_group(eckey, group) == 0) - goto ecerr; - EC_GROUP_free(group); - } else { - ERR_raise(ERR_LIB_EC, EC_R_DECODE_ERROR); - goto ecerr; - } - - return eckey; - - ecerr: - EC_KEY_free(eckey); - EC_GROUP_free(group); - return NULL; -} - -EC_KEY *ossl_ec_key_from_pkcs8(const PKCS8_PRIV_KEY_INFO *p8inf, - OSSL_LIB_CTX *libctx, const char *propq) -{ - const unsigned char *p = NULL; - int pklen; - EC_KEY *eckey = NULL; - const X509_ALGOR *palg; - - if (!PKCS8_pkey_get0(NULL, &p, &pklen, &palg, p8inf)) - return 0; - eckey = ossl_ec_key_param_from_x509_algor(palg, libctx, propq); - if (eckey == NULL) - goto err; - - /* We have parameters now set private key */ - if (!d2i_ECPrivateKey(&eckey, &p, pklen)) { - ERR_raise(ERR_LIB_EC, EC_R_DECODE_ERROR); - goto err; - } - - return eckey; - err: - EC_KEY_free(eckey); - return NULL; -} -#endif diff --git a/crypto/ec/ec_check.c b/crypto/ec/ec_check.c deleted file mode 100644 index 484124915dc6aadda3970a24fe0847a3459242ec..0000000000000000000000000000000000000000 --- a/crypto/ec/ec_check.c +++ /dev/null @@ -1,118 +0,0 @@ -/* - * Copyright 2002-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * ECDSA low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include "ec_local.h" -#include - -int EC_GROUP_check_named_curve(const EC_GROUP *group, int nist_only, - BN_CTX *ctx) -{ - int nid; - BN_CTX *new_ctx = NULL; - - if (group == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_PASSED_NULL_PARAMETER); - return NID_undef; - } - - if (ctx == NULL) { - ctx = new_ctx = BN_CTX_new_ex(NULL); - if (ctx == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); - return NID_undef; - } - } - - nid = ossl_ec_curve_nid_from_params(group, ctx); - if (nid > 0 && nist_only && EC_curve_nid2nist(nid) == NULL) - nid = NID_undef; - - BN_CTX_free(new_ctx); - return nid; -} - -int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx) -{ -#ifdef FIPS_MODULE - /* - * ECC domain parameter validation. - * See SP800-56A R3 5.5.2 "Assurances of Domain-Parameter Validity" Part 1b. - */ - return EC_GROUP_check_named_curve(group, 1, ctx) >= 0 ? 1 : 0; -#else - int ret = 0; - const BIGNUM *order; - BN_CTX *new_ctx = NULL; - EC_POINT *point = NULL; - - if (group == NULL || group->meth == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - - /* Custom curves assumed to be correct */ - if ((group->meth->flags & EC_FLAGS_CUSTOM_CURVE) != 0) - return 1; - - if (ctx == NULL) { - ctx = new_ctx = BN_CTX_new(); - if (ctx == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); - goto err; - } - } - - /* check the discriminant */ - if (!EC_GROUP_check_discriminant(group, ctx)) { - ERR_raise(ERR_LIB_EC, EC_R_DISCRIMINANT_IS_ZERO); - goto err; - } - - /* check the generator */ - if (group->generator == NULL) { - ERR_raise(ERR_LIB_EC, EC_R_UNDEFINED_GENERATOR); - goto err; - } - if (EC_POINT_is_on_curve(group, group->generator, ctx) <= 0) { - ERR_raise(ERR_LIB_EC, EC_R_POINT_IS_NOT_ON_CURVE); - goto err; - } - - /* check the order of the generator */ - if ((point = EC_POINT_new(group)) == NULL) - goto err; - order = EC_GROUP_get0_order(group); - if (order == NULL) - goto err; - if (BN_is_zero(order)) { - ERR_raise(ERR_LIB_EC, EC_R_UNDEFINED_ORDER); - goto err; - } - - if (!EC_POINT_mul(group, point, order, NULL, NULL, ctx)) - goto err; - if (!EC_POINT_is_at_infinity(group, point)) { - ERR_raise(ERR_LIB_EC, EC_R_INVALID_GROUP_ORDER); - goto err; - } - - ret = 1; - - err: - BN_CTX_free(new_ctx); - EC_POINT_free(point); - return ret; -#endif /* FIPS_MODULE */ -} diff --git a/crypto/ec/ec_curve.c b/crypto/ec/ec_curve.c deleted file mode 100644 index b5b2f3342dfb550b87da7feb758637a7d69c6a4f..0000000000000000000000000000000000000000 --- a/crypto/ec/ec_curve.c +++ /dev/null @@ -1,3440 +0,0 @@ -/* - * Copyright 2002-2021 The OpenSSL Project Authors. All Rights Reserved. - * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * ECDSA low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include -#include "ec_local.h" -#include -#include -#include -#include -#include "internal/nelem.h" - -typedef struct { - int field_type, /* either NID_X9_62_prime_field or - * NID_X9_62_characteristic_two_field */ - seed_len, param_len; - unsigned int cofactor; /* promoted to BN_ULONG */ -} EC_CURVE_DATA; - -/* the nist prime curves */ -static const struct { - EC_CURVE_DATA h; - unsigned char data[20 + 24 * 6]; -} _EC_NIST_PRIME_192 = { - { - NID_X9_62_prime_field, 20, 24, 1 - }, - { - /* seed */ - 0x30, 0x45, 0xAE, 0x6F, 0xC8, 0x42, 0x2F, 0x64, 0xED, 0x57, 0x95, 0x28, - 0xD3, 0x81, 0x20, 0xEA, 0xE1, 0x21, 0x96, 0xD5, - /* p */ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - /* a */ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC, - /* b */ - 0x64, 0x21, 0x05, 0x19, 0xE5, 0x9C, 0x80, 0xE7, 0x0F, 0xA7, 0xE9, 0xAB, - 0x72, 0x24, 0x30, 0x49, 0xFE, 0xB8, 0xDE, 0xEC, 0xC1, 0x46, 0xB9, 0xB1, - /* x */ - 0x18, 0x8D, 0xA8, 0x0E, 0xB0, 0x30, 0x90, 0xF6, 0x7C, 0xBF, 0x20, 0xEB, - 0x43, 0xA1, 0x88, 0x00, 0xF4, 0xFF, 0x0A, 0xFD, 0x82, 0xFF, 0x10, 0x12, - /* y */ - 0x07, 0x19, 0x2b, 0x95, 0xff, 0xc8, 0xda, 0x78, 0x63, 0x10, 0x11, 0xed, - 0x6b, 0x24, 0xcd, 0xd5, 0x73, 0xf9, 0x77, 0xa1, 0x1e, 0x79, 0x48, 0x11, - /* order */ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0x99, 0xDE, 0xF8, 0x36, 0x14, 0x6B, 0xC9, 0xB1, 0xB4, 0xD2, 0x28, 0x31 - } -}; - -static const struct { - EC_CURVE_DATA h; - unsigned char data[20 + 28 * 6]; -} _EC_NIST_PRIME_224 = { - { - NID_X9_62_prime_field, 20, 28, 1 - }, - { - /* seed */ - 0xBD, 0x71, 0x34, 0x47, 0x99, 0xD5, 0xC7, 0xFC, 0xDC, 0x45, 0xB5, 0x9F, - 0xA3, 0xB9, 0xAB, 0x8F, 0x6A, 0x94, 0x8B, 0xC5, - /* p */ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x01, - /* a */ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xFF, 0xFF, 0xFF, 0xFE, - /* b */ - 0xB4, 0x05, 0x0A, 0x85, 0x0C, 0x04, 0xB3, 0xAB, 0xF5, 0x41, 0x32, 0x56, - 0x50, 0x44, 0xB0, 0xB7, 0xD7, 0xBF, 0xD8, 0xBA, 0x27, 0x0B, 0x39, 0x43, - 0x23, 0x55, 0xFF, 0xB4, - /* x */ - 0xB7, 0x0E, 0x0C, 0xBD, 0x6B, 0xB4, 0xBF, 0x7F, 0x32, 0x13, 0x90, 0xB9, - 0x4A, 0x03, 0xC1, 0xD3, 0x56, 0xC2, 0x11, 0x22, 0x34, 0x32, 0x80, 0xD6, - 0x11, 0x5C, 0x1D, 0x21, - /* y */ - 0xbd, 0x37, 0x63, 0x88, 0xb5, 0xf7, 0x23, 0xfb, 0x4c, 0x22, 0xdf, 0xe6, - 0xcd, 0x43, 0x75, 0xa0, 0x5a, 0x07, 0x47, 0x64, 0x44, 0xd5, 0x81, 0x99, - 0x85, 0x00, 0x7e, 0x34, - /* order */ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xFF, 0xFF, 0x16, 0xA2, 0xE0, 0xB8, 0xF0, 0x3E, 0x13, 0xDD, 0x29, 0x45, - 0x5C, 0x5C, 0x2A, 0x3D - } -}; - -static const struct { - EC_CURVE_DATA h; - unsigned char data[20 + 48 * 6]; -} _EC_NIST_PRIME_384 = { - { - NID_X9_62_prime_field, 20, 48, 1 - }, - { - /* seed */ - 0xA3, 0x35, 0x92, 0x6A, 0xA3, 0x19, 0xA2, 0x7A, 0x1D, 0x00, 0x89, 0x6A, - 0x67, 0x73, 0xA4, 0x82, 0x7A, 0xCD, 0xAC, 0x73, - /* p */ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, - /* a */ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFC, - /* b */ - 0xB3, 0x31, 0x2F, 0xA7, 0xE2, 0x3E, 0xE7, 0xE4, 0x98, 0x8E, 0x05, 0x6B, - 0xE3, 0xF8, 0x2D, 0x19, 0x18, 0x1D, 0x9C, 0x6E, 0xFE, 0x81, 0x41, 0x12, - 0x03, 0x14, 0x08, 0x8F, 0x50, 0x13, 0x87, 0x5A, 0xC6, 0x56, 0x39, 0x8D, - 0x8A, 0x2E, 0xD1, 0x9D, 0x2A, 0x85, 0xC8, 0xED, 0xD3, 0xEC, 0x2A, 0xEF, - /* x */ - 0xAA, 0x87, 0xCA, 0x22, 0xBE, 0x8B, 0x05, 0x37, 0x8E, 0xB1, 0xC7, 0x1E, - 0xF3, 0x20, 0xAD, 0x74, 0x6E, 0x1D, 0x3B, 0x62, 0x8B, 0xA7, 0x9B, 0x98, - 0x59, 0xF7, 0x41, 0xE0, 0x82, 0x54, 0x2A, 0x38, 0x55, 0x02, 0xF2, 0x5D, - 0xBF, 0x55, 0x29, 0x6C, 0x3A, 0x54, 0x5E, 0x38, 0x72, 0x76, 0x0A, 0xB7, - /* y */ - 0x36, 0x17, 0xde, 0x4a, 0x96, 0x26, 0x2c, 0x6f, 0x5d, 0x9e, 0x98, 0xbf, - 0x92, 0x92, 0xdc, 0x29, 0xf8, 0xf4, 0x1d, 0xbd, 0x28, 0x9a, 0x14, 0x7c, - 0xe9, 0xda, 0x31, 0x13, 0xb5, 0xf0, 0xb8, 0xc0, 0x0a, 0x60, 0xb1, 0xce, - 0x1d, 0x7e, 0x81, 0x9d, 0x7a, 0x43, 0x1d, 0x7c, 0x90, 0xea, 0x0e, 0x5f, - /* order */ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xC7, 0x63, 0x4D, 0x81, 0xF4, 0x37, 0x2D, 0xDF, 0x58, 0x1A, 0x0D, 0xB2, - 0x48, 0xB0, 0xA7, 0x7A, 0xEC, 0xEC, 0x19, 0x6A, 0xCC, 0xC5, 0x29, 0x73 - } -}; - -static const struct { - EC_CURVE_DATA h; - unsigned char data[20 + 66 * 6]; -} _EC_NIST_PRIME_521 = { - { - NID_X9_62_prime_field, 20, 66, 1 - }, - { - /* seed */ - 0xD0, 0x9E, 0x88, 0x00, 0x29, 0x1C, 0xB8, 0x53, 0x96, 0xCC, 0x67, 0x17, - 0x39, 0x32, 0x84, 0xAA, 0xA0, 0xDA, 0x64, 0xBA, - /* p */ - 0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - /* a */ - 0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC, - /* b */ - 0x00, 0x51, 0x95, 0x3E, 0xB9, 0x61, 0x8E, 0x1C, 0x9A, 0x1F, 0x92, 0x9A, - 0x21, 0xA0, 0xB6, 0x85, 0x40, 0xEE, 0xA2, 0xDA, 0x72, 0x5B, 0x99, 0xB3, - 0x15, 0xF3, 0xB8, 0xB4, 0x89, 0x91, 0x8E, 0xF1, 0x09, 0xE1, 0x56, 0x19, - 0x39, 0x51, 0xEC, 0x7E, 0x93, 0x7B, 0x16, 0x52, 0xC0, 0xBD, 0x3B, 0xB1, - 0xBF, 0x07, 0x35, 0x73, 0xDF, 0x88, 0x3D, 0x2C, 0x34, 0xF1, 0xEF, 0x45, - 0x1F, 0xD4, 0x6B, 0x50, 0x3F, 0x00, - /* x */ - 0x00, 0xC6, 0x85, 0x8E, 0x06, 0xB7, 0x04, 0x04, 0xE9, 0xCD, 0x9E, 0x3E, - 0xCB, 0x66, 0x23, 0x95, 0xB4, 0x42, 0x9C, 0x64, 0x81, 0x39, 0x05, 0x3F, - 0xB5, 0x21, 0xF8, 0x28, 0xAF, 0x60, 0x6B, 0x4D, 0x3D, 0xBA, 0xA1, 0x4B, - 0x5E, 0x77, 0xEF, 0xE7, 0x59, 0x28, 0xFE, 0x1D, 0xC1, 0x27, 0xA2, 0xFF, - 0xA8, 0xDE, 0x33, 0x48, 0xB3, 0xC1, 0x85, 0x6A, 0x42, 0x9B, 0xF9, 0x7E, - 0x7E, 0x31, 0xC2, 0xE5, 0xBD, 0x66, - /* y */ - 0x01, 0x18, 0x39, 0x29, 0x6a, 0x78, 0x9a, 0x3b, 0xc0, 0x04, 0x5c, 0x8a, - 0x5f, 0xb4, 0x2c, 0x7d, 0x1b, 0xd9, 0x98, 0xf5, 0x44, 0x49, 0x57, 0x9b, - 0x44, 0x68, 0x17, 0xaf, 0xbd, 0x17, 0x27, 0x3e, 0x66, 0x2c, 0x97, 0xee, - 0x72, 0x99, 0x5e, 0xf4, 0x26, 0x40, 0xc5, 0x50, 0xb9, 0x01, 0x3f, 0xad, - 0x07, 0x61, 0x35, 0x3c, 0x70, 0x86, 0xa2, 0x72, 0xc2, 0x40, 0x88, 0xbe, - 0x94, 0x76, 0x9f, 0xd1, 0x66, 0x50, - /* order */ - 0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFA, 0x51, 0x86, - 0x87, 0x83, 0xBF, 0x2F, 0x96, 0x6B, 0x7F, 0xCC, 0x01, 0x48, 0xF7, 0x09, - 0xA5, 0xD0, 0x3B, 0xB5, 0xC9, 0xB8, 0x89, 0x9C, 0x47, 0xAE, 0xBB, 0x6F, - 0xB7, 0x1E, 0x91, 0x38, 0x64, 0x09 - } -}; - -# ifndef FIPS_MODULE -/* the x9.62 prime curves (minus the nist prime curves) */ -static const struct { - EC_CURVE_DATA h; - unsigned char data[20 + 24 * 6]; -} _EC_X9_62_PRIME_192V2 = { - { - NID_X9_62_prime_field, 20, 24, 1 - }, - { - /* seed */ - 0x31, 0xA9, 0x2E, 0xE2, 0x02, 0x9F, 0xD1, 0x0D, 0x90, 0x1B, 0x11, 0x3E, - 0x99, 0x07, 0x10, 0xF0, 0xD2, 0x1A, 0xC6, 0xB6, - /* p */ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - /* a */ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC, - /* b */ - 0xCC, 0x22, 0xD6, 0xDF, 0xB9, 0x5C, 0x6B, 0x25, 0xE4, 0x9C, 0x0D, 0x63, - 0x64, 0xA4, 0xE5, 0x98, 0x0C, 0x39, 0x3A, 0xA2, 0x16, 0x68, 0xD9, 0x53, - /* x */ - 0xEE, 0xA2, 0xBA, 0xE7, 0xE1, 0x49, 0x78, 0x42, 0xF2, 0xDE, 0x77, 0x69, - 0xCF, 0xE9, 0xC9, 0x89, 0xC0, 0x72, 0xAD, 0x69, 0x6F, 0x48, 0x03, 0x4A, - /* y */ - 0x65, 0x74, 0xd1, 0x1d, 0x69, 0xb6, 0xec, 0x7a, 0x67, 0x2b, 0xb8, 0x2a, - 0x08, 0x3d, 0xf2, 0xf2, 0xb0, 0x84, 0x7d, 0xe9, 0x70, 0xb2, 0xde, 0x15, - /* order */ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, - 0x5F, 0xB1, 0xA7, 0x24, 0xDC, 0x80, 0x41, 0x86, 0x48, 0xD8, 0xDD, 0x31 - } -}; - -static const struct { - EC_CURVE_DATA h; - unsigned char data[20 + 24 * 6]; -} _EC_X9_62_PRIME_192V3 = { - { - NID_X9_62_prime_field, 20, 24, 1 - }, - { - /* seed */ - 0xC4, 0x69, 0x68, 0x44, 0x35, 0xDE, 0xB3, 0x78, 0xC4, 0xB6, 0x5C, 0xA9, - 0x59, 0x1E, 0x2A, 0x57, 0x63, 0x05, 0x9A, 0x2E, - /* p */ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - /* a */ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC, - /* b */ - 0x22, 0x12, 0x3D, 0xC2, 0x39, 0x5A, 0x05, 0xCA, 0xA7, 0x42, 0x3D, 0xAE, - 0xCC, 0xC9, 0x47, 0x60, 0xA7, 0xD4, 0x62, 0x25, 0x6B, 0xD5, 0x69, 0x16, - /* x */ - 0x7D, 0x29, 0x77, 0x81, 0x00, 0xC6, 0x5A, 0x1D, 0xA1, 0x78, 0x37, 0x16, - 0x58, 0x8D, 0xCE, 0x2B, 0x8B, 0x4A, 0xEE, 0x8E, 0x22, 0x8F, 0x18, 0x96, - /* y */ - 0x38, 0xa9, 0x0f, 0x22, 0x63, 0x73, 0x37, 0x33, 0x4b, 0x49, 0xdc, 0xb6, - 0x6a, 0x6d, 0xc8, 0xf9, 0x97, 0x8a, 0xca, 0x76, 0x48, 0xa9, 0x43, 0xb0, - /* order */ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0x7A, 0x62, 0xD0, 0x31, 0xC8, 0x3F, 0x42, 0x94, 0xF6, 0x40, 0xEC, 0x13 - } -}; - -static const struct { - EC_CURVE_DATA h; - unsigned char data[20 + 30 * 6]; -} _EC_X9_62_PRIME_239V1 = { - { - NID_X9_62_prime_field, 20, 30, 1 - }, - { - /* seed */ - 0xE4, 0x3B, 0xB4, 0x60, 0xF0, 0xB8, 0x0C, 0xC0, 0xC0, 0xB0, 0x75, 0x79, - 0x8E, 0x94, 0x80, 0x60, 0xF8, 0x32, 0x1B, 0x7D, - /* p */ - 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - /* a */ - 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC, - /* b */ - 0x6B, 0x01, 0x6C, 0x3B, 0xDC, 0xF1, 0x89, 0x41, 0xD0, 0xD6, 0x54, 0x92, - 0x14, 0x75, 0xCA, 0x71, 0xA9, 0xDB, 0x2F, 0xB2, 0x7D, 0x1D, 0x37, 0x79, - 0x61, 0x85, 0xC2, 0x94, 0x2C, 0x0A, - /* x */ - 0x0F, 0xFA, 0x96, 0x3C, 0xDC, 0xA8, 0x81, 0x6C, 0xCC, 0x33, 0xB8, 0x64, - 0x2B, 0xED, 0xF9, 0x05, 0xC3, 0xD3, 0x58, 0x57, 0x3D, 0x3F, 0x27, 0xFB, - 0xBD, 0x3B, 0x3C, 0xB9, 0xAA, 0xAF, - /* y */ - 0x7d, 0xeb, 0xe8, 0xe4, 0xe9, 0x0a, 0x5d, 0xae, 0x6e, 0x40, 0x54, 0xca, - 0x53, 0x0b, 0xa0, 0x46, 0x54, 0xb3, 0x68, 0x18, 0xce, 0x22, 0x6b, 0x39, - 0xfc, 0xcb, 0x7b, 0x02, 0xf1, 0xae, - /* order */ - 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0x7F, 0xFF, 0xFF, 0x9E, 0x5E, 0x9A, 0x9F, 0x5D, 0x90, 0x71, 0xFB, 0xD1, - 0x52, 0x26, 0x88, 0x90, 0x9D, 0x0B - } -}; - -static const struct { - EC_CURVE_DATA h; - unsigned char data[20 + 30 * 6]; -} _EC_X9_62_PRIME_239V2 = { - { - NID_X9_62_prime_field, 20, 30, 1 - }, - { - /* seed */ - 0xE8, 0xB4, 0x01, 0x16, 0x04, 0x09, 0x53, 0x03, 0xCA, 0x3B, 0x80, 0x99, - 0x98, 0x2B, 0xE0, 0x9F, 0xCB, 0x9A, 0xE6, 0x16, - /* p */ - 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - /* a */ - 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC, - /* b */ - 0x61, 0x7F, 0xAB, 0x68, 0x32, 0x57, 0x6C, 0xBB, 0xFE, 0xD5, 0x0D, 0x99, - 0xF0, 0x24, 0x9C, 0x3F, 0xEE, 0x58, 0xB9, 0x4B, 0xA0, 0x03, 0x8C, 0x7A, - 0xE8, 0x4C, 0x8C, 0x83, 0x2F, 0x2C, - /* x */ - 0x38, 0xAF, 0x09, 0xD9, 0x87, 0x27, 0x70, 0x51, 0x20, 0xC9, 0x21, 0xBB, - 0x5E, 0x9E, 0x26, 0x29, 0x6A, 0x3C, 0xDC, 0xF2, 0xF3, 0x57, 0x57, 0xA0, - 0xEA, 0xFD, 0x87, 0xB8, 0x30, 0xE7, - /* y */ - 0x5b, 0x01, 0x25, 0xe4, 0xdb, 0xea, 0x0e, 0xc7, 0x20, 0x6d, 0xa0, 0xfc, - 0x01, 0xd9, 0xb0, 0x81, 0x32, 0x9f, 0xb5, 0x55, 0xde, 0x6e, 0xf4, 0x60, - 0x23, 0x7d, 0xff, 0x8b, 0xe4, 0xba, - /* order */ - 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0x80, 0x00, 0x00, 0xCF, 0xA7, 0xE8, 0x59, 0x43, 0x77, 0xD4, 0x14, 0xC0, - 0x38, 0x21, 0xBC, 0x58, 0x20, 0x63 - } -}; - -static const struct { - EC_CURVE_DATA h; - unsigned char data[20 + 30 * 6]; -} _EC_X9_62_PRIME_239V3 = { - { - NID_X9_62_prime_field, 20, 30, 1 - }, - { - /* seed */ - 0x7D, 0x73, 0x74, 0x16, 0x8F, 0xFE, 0x34, 0x71, 0xB6, 0x0A, 0x85, 0x76, - 0x86, 0xA1, 0x94, 0x75, 0xD3, 0xBF, 0xA2, 0xFF, - /* p */ - 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - /* a */ - 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC, - /* b */ - 0x25, 0x57, 0x05, 0xFA, 0x2A, 0x30, 0x66, 0x54, 0xB1, 0xF4, 0xCB, 0x03, - 0xD6, 0xA7, 0x50, 0xA3, 0x0C, 0x25, 0x01, 0x02, 0xD4, 0x98, 0x87, 0x17, - 0xD9, 0xBA, 0x15, 0xAB, 0x6D, 0x3E, - /* x */ - 0x67, 0x68, 0xAE, 0x8E, 0x18, 0xBB, 0x92, 0xCF, 0xCF, 0x00, 0x5C, 0x94, - 0x9A, 0xA2, 0xC6, 0xD9, 0x48, 0x53, 0xD0, 0xE6, 0x60, 0xBB, 0xF8, 0x54, - 0xB1, 0xC9, 0x50, 0x5F, 0xE9, 0x5A, - /* y */ - 0x16, 0x07, 0xe6, 0x89, 0x8f, 0x39, 0x0c, 0x06, 0xbc, 0x1d, 0x55, 0x2b, - 0xad, 0x22, 0x6f, 0x3b, 0x6f, 0xcf, 0xe4, 0x8b, 0x6e, 0x81, 0x84, 0x99, - 0xaf, 0x18, 0xe3, 0xed, 0x6c, 0xf3, - /* order */ - 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0x7F, 0xFF, 0xFF, 0x97, 0x5D, 0xEB, 0x41, 0xB3, 0xA6, 0x05, 0x7C, 0x3C, - 0x43, 0x21, 0x46, 0x52, 0x65, 0x51 - } -}; -#endif /* FIPS_MODULE */ - -static const struct { - EC_CURVE_DATA h; - unsigned char data[20 + 32 * 6]; -} _EC_X9_62_PRIME_256V1 = { - { - NID_X9_62_prime_field, 20, 32, 1 - }, - { - /* seed */ - 0xC4, 0x9D, 0x36, 0x08, 0x86, 0xE7, 0x04, 0x93, 0x6A, 0x66, 0x78, 0xE1, - 0x13, 0x9D, 0x26, 0xB7, 0x81, 0x9F, 0x7E, 0x90, - /* p */ - 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - /* a */ - 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC, - /* b */ - 0x5A, 0xC6, 0x35, 0xD8, 0xAA, 0x3A, 0x93, 0xE7, 0xB3, 0xEB, 0xBD, 0x55, - 0x76, 0x98, 0x86, 0xBC, 0x65, 0x1D, 0x06, 0xB0, 0xCC, 0x53, 0xB0, 0xF6, - 0x3B, 0xCE, 0x3C, 0x3E, 0x27, 0xD2, 0x60, 0x4B, - /* x */ - 0x6B, 0x17, 0xD1, 0xF2, 0xE1, 0x2C, 0x42, 0x47, 0xF8, 0xBC, 0xE6, 0xE5, - 0x63, 0xA4, 0x40, 0xF2, 0x77, 0x03, 0x7D, 0x81, 0x2D, 0xEB, 0x33, 0xA0, - 0xF4, 0xA1, 0x39, 0x45, 0xD8, 0x98, 0xC2, 0x96, - /* y */ - 0x4f, 0xe3, 0x42, 0xe2, 0xfe, 0x1a, 0x7f, 0x9b, 0x8e, 0xe7, 0xeb, 0x4a, - 0x7c, 0x0f, 0x9e, 0x16, 0x2b, 0xce, 0x33, 0x57, 0x6b, 0x31, 0x5e, 0xce, - 0xcb, 0xb6, 0x40, 0x68, 0x37, 0xbf, 0x51, 0xf5, - /* order */ - 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, - 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, - 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51 - } -}; - -#ifndef FIPS_MODULE -/* the secg prime curves (minus the nist and x9.62 prime curves) */ -static const struct { - EC_CURVE_DATA h; - unsigned char data[20 + 14 * 6]; -} _EC_SECG_PRIME_112R1 = { - { - NID_X9_62_prime_field, 20, 14, 1 - }, - { - /* seed */ - 0x00, 0xF5, 0x0B, 0x02, 0x8E, 0x4D, 0x69, 0x6E, 0x67, 0x68, 0x75, 0x61, - 0x51, 0x75, 0x29, 0x04, 0x72, 0x78, 0x3F, 0xB1, - /* p */ - 0xDB, 0x7C, 0x2A, 0xBF, 0x62, 0xE3, 0x5E, 0x66, 0x80, 0x76, 0xBE, 0xAD, - 0x20, 0x8B, - /* a */ - 0xDB, 0x7C, 0x2A, 0xBF, 0x62, 0xE3, 0x5E, 0x66, 0x80, 0x76, 0xBE, 0xAD, - 0x20, 0x88, - /* b */ - 0x65, 0x9E, 0xF8, 0xBA, 0x04, 0x39, 0x16, 0xEE, 0xDE, 0x89, 0x11, 0x70, - 0x2B, 0x22, - /* x */ - 0x09, 0x48, 0x72, 0x39, 0x99, 0x5A, 0x5E, 0xE7, 0x6B, 0x55, 0xF9, 0xC2, - 0xF0, 0x98, - /* y */ - 0xa8, 0x9c, 0xe5, 0xaf, 0x87, 0x24, 0xc0, 0xa2, 0x3e, 0x0e, 0x0f, 0xf7, - 0x75, 0x00, - /* order */ - 0xDB, 0x7C, 0x2A, 0xBF, 0x62, 0xE3, 0x5E, 0x76, 0x28, 0xDF, 0xAC, 0x65, - 0x61, 0xC5 - } -}; - -static const struct { - EC_CURVE_DATA h; - unsigned char data[20 + 14 * 6]; -} _EC_SECG_PRIME_112R2 = { - { - NID_X9_62_prime_field, 20, 14, 4 - }, - { - /* seed */ - 0x00, 0x27, 0x57, 0xA1, 0x11, 0x4D, 0x69, 0x6E, 0x67, 0x68, 0x75, 0x61, - 0x51, 0x75, 0x53, 0x16, 0xC0, 0x5E, 0x0B, 0xD4, - /* p */ - 0xDB, 0x7C, 0x2A, 0xBF, 0x62, 0xE3, 0x5E, 0x66, 0x80, 0x76, 0xBE, 0xAD, - 0x20, 0x8B, - /* a */ - 0x61, 0x27, 0xC2, 0x4C, 0x05, 0xF3, 0x8A, 0x0A, 0xAA, 0xF6, 0x5C, 0x0E, - 0xF0, 0x2C, - /* b */ - 0x51, 0xDE, 0xF1, 0x81, 0x5D, 0xB5, 0xED, 0x74, 0xFC, 0xC3, 0x4C, 0x85, - 0xD7, 0x09, - /* x */ - 0x4B, 0xA3, 0x0A, 0xB5, 0xE8, 0x92, 0xB4, 0xE1, 0x64, 0x9D, 0xD0, 0x92, - 0x86, 0x43, - /* y */ - 0xad, 0xcd, 0x46, 0xf5, 0x88, 0x2e, 0x37, 0x47, 0xde, 0xf3, 0x6e, 0x95, - 0x6e, 0x97, - /* order */ - 0x36, 0xDF, 0x0A, 0xAF, 0xD8, 0xB8, 0xD7, 0x59, 0x7C, 0xA1, 0x05, 0x20, - 0xD0, 0x4B - } -}; - -static const struct { - EC_CURVE_DATA h; - unsigned char data[20 + 16 * 6]; -} _EC_SECG_PRIME_128R1 = { - { - NID_X9_62_prime_field, 20, 16, 1 - }, - { - /* seed */ - 0x00, 0x0E, 0x0D, 0x4D, 0x69, 0x6E, 0x67, 0x68, 0x75, 0x61, 0x51, 0x75, - 0x0C, 0xC0, 0x3A, 0x44, 0x73, 0xD0, 0x36, 0x79, - /* p */ - 0xFF, 0xFF, 0xFF, 0xFD, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xFF, 0xFF, 0xFF, 0xFF, - /* a */ - 0xFF, 0xFF, 0xFF, 0xFD, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xFF, 0xFF, 0xFF, 0xFC, - /* b */ - 0xE8, 0x75, 0x79, 0xC1, 0x10, 0x79, 0xF4, 0x3D, 0xD8, 0x24, 0x99, 0x3C, - 0x2C, 0xEE, 0x5E, 0xD3, - /* x */ - 0x16, 0x1F, 0xF7, 0x52, 0x8B, 0x89, 0x9B, 0x2D, 0x0C, 0x28, 0x60, 0x7C, - 0xA5, 0x2C, 0x5B, 0x86, - /* y */ - 0xcf, 0x5a, 0xc8, 0x39, 0x5b, 0xaf, 0xeb, 0x13, 0xc0, 0x2d, 0xa2, 0x92, - 0xdd, 0xed, 0x7a, 0x83, - /* order */ - 0xFF, 0xFF, 0xFF, 0xFE, 0x00, 0x00, 0x00, 0x00, 0x75, 0xA3, 0x0D, 0x1B, - 0x90, 0x38, 0xA1, 0x15 - } -}; - -static const struct { - EC_CURVE_DATA h; - unsigned char data[20 + 16 * 6]; -} _EC_SECG_PRIME_128R2 = { - { - NID_X9_62_prime_field, 20, 16, 4 - }, - { - /* seed */ - 0x00, 0x4D, 0x69, 0x6E, 0x67, 0x68, 0x75, 0x61, 0x51, 0x75, 0x12, 0xD8, - 0xF0, 0x34, 0x31, 0xFC, 0xE6, 0x3B, 0x88, 0xF4, - /* p */ - 0xFF, 0xFF, 0xFF, 0xFD, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xFF, 0xFF, 0xFF, 0xFF, - /* a */ - 0xD6, 0x03, 0x19, 0x98, 0xD1, 0xB3, 0xBB, 0xFE, 0xBF, 0x59, 0xCC, 0x9B, - 0xBF, 0xF9, 0xAE, 0xE1, - /* b */ - 0x5E, 0xEE, 0xFC, 0xA3, 0x80, 0xD0, 0x29, 0x19, 0xDC, 0x2C, 0x65, 0x58, - 0xBB, 0x6D, 0x8A, 0x5D, - /* x */ - 0x7B, 0x6A, 0xA5, 0xD8, 0x5E, 0x57, 0x29, 0x83, 0xE6, 0xFB, 0x32, 0xA7, - 0xCD, 0xEB, 0xC1, 0x40, - /* y */ - 0x27, 0xb6, 0x91, 0x6a, 0x89, 0x4d, 0x3a, 0xee, 0x71, 0x06, 0xfe, 0x80, - 0x5f, 0xc3, 0x4b, 0x44, - /* order */ - 0x3F, 0xFF, 0xFF, 0xFF, 0x7F, 0xFF, 0xFF, 0xFF, 0xBE, 0x00, 0x24, 0x72, - 0x06, 0x13, 0xB5, 0xA3 - } -}; - -static const struct { - EC_CURVE_DATA h; - unsigned char data[0 + 21 * 6]; -} _EC_SECG_PRIME_160K1 = { - { - NID_X9_62_prime_field, 0, 21, 1 - }, - { - /* no seed */ - /* p */ - 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xAC, 0x73, - /* a */ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - /* b */ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x07, - /* x */ - 0x00, 0x3B, 0x4C, 0x38, 0x2C, 0xE3, 0x7A, 0xA1, 0x92, 0xA4, 0x01, 0x9E, - 0x76, 0x30, 0x36, 0xF4, 0xF5, 0xDD, 0x4D, 0x7E, 0xBB, - /* y */ - 0x00, 0x93, 0x8c, 0xf9, 0x35, 0x31, 0x8f, 0xdc, 0xed, 0x6b, 0xc2, 0x82, - 0x86, 0x53, 0x17, 0x33, 0xc3, 0xf0, 0x3c, 0x4f, 0xee, - /* order */ - 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xB8, - 0xFA, 0x16, 0xDF, 0xAB, 0x9A, 0xCA, 0x16, 0xB6, 0xB3 - } -}; - -static const struct { - EC_CURVE_DATA h; - unsigned char data[20 + 21 * 6]; -} _EC_SECG_PRIME_160R1 = { - { - NID_X9_62_prime_field, 20, 21, 1 - }, - { - /* seed */ - 0x10, 0x53, 0xCD, 0xE4, 0x2C, 0x14, 0xD6, 0x96, 0xE6, 0x76, 0x87, 0x56, - 0x15, 0x17, 0x53, 0x3B, 0xF3, 0xF8, 0x33, 0x45, - /* p */ - 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x7F, 0xFF, 0xFF, 0xFF, - /* a */ - 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x7F, 0xFF, 0xFF, 0xFC, - /* b */ - 0x00, 0x1C, 0x97, 0xBE, 0xFC, 0x54, 0xBD, 0x7A, 0x8B, 0x65, 0xAC, 0xF8, - 0x9F, 0x81, 0xD4, 0xD4, 0xAD, 0xC5, 0x65, 0xFA, 0x45, - /* x */ - 0x00, 0x4A, 0x96, 0xB5, 0x68, 0x8E, 0xF5, 0x73, 0x28, 0x46, 0x64, 0x69, - 0x89, 0x68, 0xC3, 0x8B, 0xB9, 0x13, 0xCB, 0xFC, 0x82, - /* y */ - 0x00, 0x23, 0xa6, 0x28, 0x55, 0x31, 0x68, 0x94, 0x7d, 0x59, 0xdc, 0xc9, - 0x12, 0x04, 0x23, 0x51, 0x37, 0x7a, 0xc5, 0xfb, 0x32, - /* order */ - 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xF4, - 0xC8, 0xF9, 0x27, 0xAE, 0xD3, 0xCA, 0x75, 0x22, 0x57 - } -}; - -static const struct { - EC_CURVE_DATA h; - unsigned char data[20 + 21 * 6]; -} _EC_SECG_PRIME_160R2 = { - { - NID_X9_62_prime_field, 20, 21, 1 - }, - { - /* seed */ - 0xB9, 0x9B, 0x99, 0xB0, 0x99, 0xB3, 0x23, 0xE0, 0x27, 0x09, 0xA4, 0xD6, - 0x96, 0xE6, 0x76, 0x87, 0x56, 0x15, 0x17, 0x51, - /* p */ - 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xAC, 0x73, - /* a */ - 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xAC, 0x70, - /* b */ - 0x00, 0xB4, 0xE1, 0x34, 0xD3, 0xFB, 0x59, 0xEB, 0x8B, 0xAB, 0x57, 0x27, - 0x49, 0x04, 0x66, 0x4D, 0x5A, 0xF5, 0x03, 0x88, 0xBA, - /* x */ - 0x00, 0x52, 0xDC, 0xB0, 0x34, 0x29, 0x3A, 0x11, 0x7E, 0x1F, 0x4F, 0xF1, - 0x1B, 0x30, 0xF7, 0x19, 0x9D, 0x31, 0x44, 0xCE, 0x6D, - /* y */ - 0x00, 0xfe, 0xaf, 0xfe, 0xf2, 0xe3, 0x31, 0xf2, 0x96, 0xe0, 0x71, 0xfa, - 0x0d, 0xf9, 0x98, 0x2c, 0xfe, 0xa7, 0xd4, 0x3f, 0x2e, - /* order */ - 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x35, - 0x1E, 0xE7, 0x86, 0xA8, 0x18, 0xF3, 0xA1, 0xA1, 0x6B - } -}; - -static const struct { - EC_CURVE_DATA h; - unsigned char data[0 + 24 * 6]; -} _EC_SECG_PRIME_192K1 = { - { - NID_X9_62_prime_field, 0, 24, 1 - }, - { - /* no seed */ - /* p */ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xEE, 0x37, - /* a */ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - /* b */ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03, - /* x */ - 0xDB, 0x4F, 0xF1, 0x0E, 0xC0, 0x57, 0xE9, 0xAE, 0x26, 0xB0, 0x7D, 0x02, - 0x80, 0xB7, 0xF4, 0x34, 0x1D, 0xA5, 0xD1, 0xB1, 0xEA, 0xE0, 0x6C, 0x7D, - /* y */ - 0x9b, 0x2f, 0x2f, 0x6d, 0x9c, 0x56, 0x28, 0xa7, 0x84, 0x41, 0x63, 0xd0, - 0x15, 0xbe, 0x86, 0x34, 0x40, 0x82, 0xaa, 0x88, 0xd9, 0x5e, 0x2f, 0x9d, - /* order */ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, - 0x26, 0xF2, 0xFC, 0x17, 0x0F, 0x69, 0x46, 0x6A, 0x74, 0xDE, 0xFD, 0x8D - } -}; - -static const struct { - EC_CURVE_DATA h; - unsigned char data[0 + 29 * 6]; -} _EC_SECG_PRIME_224K1 = { - { - NID_X9_62_prime_field, 0, 29, 1 - }, - { - /* no seed */ - /* p */ - 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xFE, 0xFF, 0xFF, 0xE5, 0x6D, - /* a */ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, - /* b */ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x05, - /* x */ - 0x00, 0xA1, 0x45, 0x5B, 0x33, 0x4D, 0xF0, 0x99, 0xDF, 0x30, 0xFC, 0x28, - 0xA1, 0x69, 0xA4, 0x67, 0xE9, 0xE4, 0x70, 0x75, 0xA9, 0x0F, 0x7E, 0x65, - 0x0E, 0xB6, 0xB7, 0xA4, 0x5C, - /* y */ - 0x00, 0x7e, 0x08, 0x9f, 0xed, 0x7f, 0xba, 0x34, 0x42, 0x82, 0xca, 0xfb, - 0xd6, 0xf7, 0xe3, 0x19, 0xf7, 0xc0, 0xb0, 0xbd, 0x59, 0xe2, 0xca, 0x4b, - 0xdb, 0x55, 0x6d, 0x61, 0xa5, - /* order */ - 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x01, 0xDC, 0xE8, 0xD2, 0xEC, 0x61, 0x84, 0xCA, 0xF0, 0xA9, - 0x71, 0x76, 0x9F, 0xB1, 0xF7 - } -}; - -static const struct { - EC_CURVE_DATA h; - unsigned char data[0 + 32 * 6]; -} _EC_SECG_PRIME_256K1 = { - { - NID_X9_62_prime_field, 0, 32, 1 - }, - { - /* no seed */ - /* p */ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFC, 0x2F, - /* a */ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - /* b */ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x07, - /* x */ - 0x79, 0xBE, 0x66, 0x7E, 0xF9, 0xDC, 0xBB, 0xAC, 0x55, 0xA0, 0x62, 0x95, - 0xCE, 0x87, 0x0B, 0x07, 0x02, 0x9B, 0xFC, 0xDB, 0x2D, 0xCE, 0x28, 0xD9, - 0x59, 0xF2, 0x81, 0x5B, 0x16, 0xF8, 0x17, 0x98, - /* y */ - 0x48, 0x3a, 0xda, 0x77, 0x26, 0xa3, 0xc4, 0x65, 0x5d, 0xa4, 0xfb, 0xfc, - 0x0e, 0x11, 0x08, 0xa8, 0xfd, 0x17, 0xb4, 0x48, 0xa6, 0x85, 0x54, 0x19, - 0x9c, 0x47, 0xd0, 0x8f, 0xfb, 0x10, 0xd4, 0xb8, - /* order */ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xFF, 0xFF, 0xFF, 0xFE, 0xBA, 0xAE, 0xDC, 0xE6, 0xAF, 0x48, 0xA0, 0x3B, - 0xBF, 0xD2, 0x5E, 0x8C, 0xD0, 0x36, 0x41, 0x41 - } -}; - -/* some wap/wtls curves */ -static const struct { - EC_CURVE_DATA h; - unsigned char data[0 + 15 * 6]; -} _EC_WTLS_8 = { - { - NID_X9_62_prime_field, 0, 15, 1 - }, - { - /* no seed */ - /* p */ - 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xFF, 0xFD, 0xE7, - /* a */ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, - /* b */ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x03, - /* x */ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x01, - /* y */ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x02, - /* order */ - 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xEC, 0xEA, 0x55, 0x1A, - 0xD8, 0x37, 0xE9 - } -}; - -static const struct { - EC_CURVE_DATA h; - unsigned char data[0 + 21 * 6]; -} _EC_WTLS_9 = { - { - NID_X9_62_prime_field, 0, 21, 1 - }, - { - /* no seed */ - /* p */ - 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC, 0x80, 0x8F, - /* a */ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - /* b */ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03, - /* x */ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, - /* y */ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, - /* order */ - 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xCD, - 0xC9, 0x8A, 0xE0, 0xE2, 0xDE, 0x57, 0x4A, 0xBF, 0x33 - } -}; - -static const struct { - EC_CURVE_DATA h; - unsigned char data[0 + 28 * 6]; -} _EC_WTLS_12 = { - { - NID_X9_62_prime_field, 0, 28, 1 - }, - { - /* no seed */ - /* p */ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x01, - /* a */ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xFF, 0xFF, 0xFF, 0xFE, - /* b */ - 0xB4, 0x05, 0x0A, 0x85, 0x0C, 0x04, 0xB3, 0xAB, 0xF5, 0x41, 0x32, 0x56, - 0x50, 0x44, 0xB0, 0xB7, 0xD7, 0xBF, 0xD8, 0xBA, 0x27, 0x0B, 0x39, 0x43, - 0x23, 0x55, 0xFF, 0xB4, - /* x */ - 0xB7, 0x0E, 0x0C, 0xBD, 0x6B, 0xB4, 0xBF, 0x7F, 0x32, 0x13, 0x90, 0xB9, - 0x4A, 0x03, 0xC1, 0xD3, 0x56, 0xC2, 0x11, 0x22, 0x34, 0x32, 0x80, 0xD6, - 0x11, 0x5C, 0x1D, 0x21, - /* y */ - 0xbd, 0x37, 0x63, 0x88, 0xb5, 0xf7, 0x23, 0xfb, 0x4c, 0x22, 0xdf, 0xe6, - 0xcd, 0x43, 0x75, 0xa0, 0x5a, 0x07, 0x47, 0x64, 0x44, 0xd5, 0x81, 0x99, - 0x85, 0x00, 0x7e, 0x34, - /* order */ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xFF, 0xFF, 0x16, 0xA2, 0xE0, 0xB8, 0xF0, 0x3E, 0x13, 0xDD, 0x29, 0x45, - 0x5C, 0x5C, 0x2A, 0x3D - } -}; -#endif /* FIPS_MODULE */ - -#ifndef OPENSSL_NO_EC2M - -/* characteristic two curves */ - -# ifndef FIPS_MODULE -static const struct { - EC_CURVE_DATA h; - unsigned char data[20 + 15 * 6]; -} _EC_SECG_CHAR2_113R1 = { - { - NID_X9_62_characteristic_two_field, 20, 15, 2 - }, - { - /* seed */ - 0x10, 0xE7, 0x23, 0xAB, 0x14, 0xD6, 0x96, 0xE6, 0x76, 0x87, 0x56, 0x15, - 0x17, 0x56, 0xFE, 0xBF, 0x8F, 0xCB, 0x49, 0xA9, - /* p */ - 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x02, 0x01, - /* a */ - 0x00, 0x30, 0x88, 0x25, 0x0C, 0xA6, 0xE7, 0xC7, 0xFE, 0x64, 0x9C, 0xE8, - 0x58, 0x20, 0xF7, - /* b */ - 0x00, 0xE8, 0xBE, 0xE4, 0xD3, 0xE2, 0x26, 0x07, 0x44, 0x18, 0x8B, 0xE0, - 0xE9, 0xC7, 0x23, - /* x */ - 0x00, 0x9D, 0x73, 0x61, 0x6F, 0x35, 0xF4, 0xAB, 0x14, 0x07, 0xD7, 0x35, - 0x62, 0xC1, 0x0F, - /* y */ - 0x00, 0xA5, 0x28, 0x30, 0x27, 0x79, 0x58, 0xEE, 0x84, 0xD1, 0x31, 0x5E, - 0xD3, 0x18, 0x86, - /* order */ - 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xD9, 0xCC, 0xEC, 0x8A, - 0x39, 0xE5, 0x6F - } -}; - -static const struct { - EC_CURVE_DATA h; - unsigned char data[20 + 15 * 6]; -} _EC_SECG_CHAR2_113R2 = { - { - NID_X9_62_characteristic_two_field, 20, 15, 2 - }, - { - /* seed */ - 0x10, 0xC0, 0xFB, 0x15, 0x76, 0x08, 0x60, 0xDE, 0xF1, 0xEE, 0xF4, 0xD6, - 0x96, 0xE6, 0x76, 0x87, 0x56, 0x15, 0x17, 0x5D, - /* p */ - 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x02, 0x01, - /* a */ - 0x00, 0x68, 0x99, 0x18, 0xDB, 0xEC, 0x7E, 0x5A, 0x0D, 0xD6, 0xDF, 0xC0, - 0xAA, 0x55, 0xC7, - /* b */ - 0x00, 0x95, 0xE9, 0xA9, 0xEC, 0x9B, 0x29, 0x7B, 0xD4, 0xBF, 0x36, 0xE0, - 0x59, 0x18, 0x4F, - /* x */ - 0x01, 0xA5, 0x7A, 0x6A, 0x7B, 0x26, 0xCA, 0x5E, 0xF5, 0x2F, 0xCD, 0xB8, - 0x16, 0x47, 0x97, - /* y */ - 0x00, 0xB3, 0xAD, 0xC9, 0x4E, 0xD1, 0xFE, 0x67, 0x4C, 0x06, 0xE6, 0x95, - 0xBA, 0xBA, 0x1D, - /* order */ - 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x08, 0x78, 0x9B, 0x24, - 0x96, 0xAF, 0x93 - } -}; - -static const struct { - EC_CURVE_DATA h; - unsigned char data[20 + 17 * 6]; -} _EC_SECG_CHAR2_131R1 = { - { - NID_X9_62_characteristic_two_field, 20, 17, 2 - }, - { - /* seed */ - 0x4D, 0x69, 0x6E, 0x67, 0x68, 0x75, 0x61, 0x51, 0x75, 0x98, 0x5B, 0xD3, - 0xAD, 0xBA, 0xDA, 0x21, 0xB4, 0x3A, 0x97, 0xE2, - /* p */ - 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x01, 0x0D, - /* a */ - 0x07, 0xA1, 0x1B, 0x09, 0xA7, 0x6B, 0x56, 0x21, 0x44, 0x41, 0x8F, 0xF3, - 0xFF, 0x8C, 0x25, 0x70, 0xB8, - /* b */ - 0x02, 0x17, 0xC0, 0x56, 0x10, 0x88, 0x4B, 0x63, 0xB9, 0xC6, 0xC7, 0x29, - 0x16, 0x78, 0xF9, 0xD3, 0x41, - /* x */ - 0x00, 0x81, 0xBA, 0xF9, 0x1F, 0xDF, 0x98, 0x33, 0xC4, 0x0F, 0x9C, 0x18, - 0x13, 0x43, 0x63, 0x83, 0x99, - /* y */ - 0x07, 0x8C, 0x6E, 0x7E, 0xA3, 0x8C, 0x00, 0x1F, 0x73, 0xC8, 0x13, 0x4B, - 0x1B, 0x4E, 0xF9, 0xE1, 0x50, - /* order */ - 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x31, 0x23, 0x95, - 0x3A, 0x94, 0x64, 0xB5, 0x4D - } -}; - -static const struct { - EC_CURVE_DATA h; - unsigned char data[20 + 17 * 6]; -} _EC_SECG_CHAR2_131R2 = { - { - NID_X9_62_characteristic_two_field, 20, 17, 2 - }, - { - /* seed */ - 0x98, 0x5B, 0xD3, 0xAD, 0xBA, 0xD4, 0xD6, 0x96, 0xE6, 0x76, 0x87, 0x56, - 0x15, 0x17, 0x5A, 0x21, 0xB4, 0x3A, 0x97, 0xE3, - /* p */ - 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x01, 0x0D, - /* a */ - 0x03, 0xE5, 0xA8, 0x89, 0x19, 0xD7, 0xCA, 0xFC, 0xBF, 0x41, 0x5F, 0x07, - 0xC2, 0x17, 0x65, 0x73, 0xB2, - /* b */ - 0x04, 0xB8, 0x26, 0x6A, 0x46, 0xC5, 0x56, 0x57, 0xAC, 0x73, 0x4C, 0xE3, - 0x8F, 0x01, 0x8F, 0x21, 0x92, - /* x */ - 0x03, 0x56, 0xDC, 0xD8, 0xF2, 0xF9, 0x50, 0x31, 0xAD, 0x65, 0x2D, 0x23, - 0x95, 0x1B, 0xB3, 0x66, 0xA8, - /* y */ - 0x06, 0x48, 0xF0, 0x6D, 0x86, 0x79, 0x40, 0xA5, 0x36, 0x6D, 0x9E, 0x26, - 0x5D, 0xE9, 0xEB, 0x24, 0x0F, - /* order */ - 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x69, 0x54, 0xA2, - 0x33, 0x04, 0x9B, 0xA9, 0x8F - } -}; -# endif /* FIPS_MODULE */ - -static const struct { - EC_CURVE_DATA h; - unsigned char data[0 + 21 * 6]; -} _EC_NIST_CHAR2_163K = { - { - NID_X9_62_characteristic_two_field, 0, 21, 2 - }, - { - /* no seed */ - /* p */ - 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xC9, - /* a */ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, - /* b */ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, - /* x */ - 0x02, 0xFE, 0x13, 0xC0, 0x53, 0x7B, 0xBC, 0x11, 0xAC, 0xAA, 0x07, 0xD7, - 0x93, 0xDE, 0x4E, 0x6D, 0x5E, 0x5C, 0x94, 0xEE, 0xE8, - /* y */ - 0x02, 0x89, 0x07, 0x0F, 0xB0, 0x5D, 0x38, 0xFF, 0x58, 0x32, 0x1F, 0x2E, - 0x80, 0x05, 0x36, 0xD5, 0x38, 0xCC, 0xDA, 0xA3, 0xD9, - /* order */ - 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x01, - 0x08, 0xA2, 0xE0, 0xCC, 0x0D, 0x99, 0xF8, 0xA5, 0xEF - } -}; - -# ifndef FIPS_MODULE -static const struct { - EC_CURVE_DATA h; - unsigned char data[0 + 21 * 6]; -} _EC_SECG_CHAR2_163R1 = { - { - NID_X9_62_characteristic_two_field, 0, 21, 2 - }, - { - /* p */ - 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xC9, - /* a */ - 0x07, 0xB6, 0x88, 0x2C, 0xAA, 0xEF, 0xA8, 0x4F, 0x95, 0x54, 0xFF, 0x84, - 0x28, 0xBD, 0x88, 0xE2, 0x46, 0xD2, 0x78, 0x2A, 0xE2, - /* b */ - 0x07, 0x13, 0x61, 0x2D, 0xCD, 0xDC, 0xB4, 0x0A, 0xAB, 0x94, 0x6B, 0xDA, - 0x29, 0xCA, 0x91, 0xF7, 0x3A, 0xF9, 0x58, 0xAF, 0xD9, - /* x */ - 0x03, 0x69, 0x97, 0x96, 0x97, 0xAB, 0x43, 0x89, 0x77, 0x89, 0x56, 0x67, - 0x89, 0x56, 0x7F, 0x78, 0x7A, 0x78, 0x76, 0xA6, 0x54, - /* y */ - 0x00, 0x43, 0x5E, 0xDB, 0x42, 0xEF, 0xAF, 0xB2, 0x98, 0x9D, 0x51, 0xFE, - 0xFC, 0xE3, 0xC8, 0x09, 0x88, 0xF4, 0x1F, 0xF8, 0x83, - /* order */ - 0x03, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x48, - 0xAA, 0xB6, 0x89, 0xC2, 0x9C, 0xA7, 0x10, 0x27, 0x9B - } -}; -# endif /* FIPS_MODULE */ - -static const struct { - EC_CURVE_DATA h; - unsigned char data[0 + 21 * 6]; -} _EC_NIST_CHAR2_163B = { - { - NID_X9_62_characteristic_two_field, 0, 21, 2 - }, - { - /* p */ - 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xC9, - /* a */ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, - /* b */ - 0x02, 0x0A, 0x60, 0x19, 0x07, 0xB8, 0xC9, 0x53, 0xCA, 0x14, 0x81, 0xEB, - 0x10, 0x51, 0x2F, 0x78, 0x74, 0x4A, 0x32, 0x05, 0xFD, - /* x */ - 0x03, 0xF0, 0xEB, 0xA1, 0x62, 0x86, 0xA2, 0xD5, 0x7E, 0xA0, 0x99, 0x11, - 0x68, 0xD4, 0x99, 0x46, 0x37, 0xE8, 0x34, 0x3E, 0x36, - /* y */ - 0x00, 0xD5, 0x1F, 0xBC, 0x6C, 0x71, 0xA0, 0x09, 0x4F, 0xA2, 0xCD, 0xD5, - 0x45, 0xB1, 0x1C, 0x5C, 0x0C, 0x79, 0x73, 0x24, 0xF1, - /* order */ - 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x92, - 0xFE, 0x77, 0xE7, 0x0C, 0x12, 0xA4, 0x23, 0x4C, 0x33 - } -}; - -# ifndef FIPS_MODULE -static const struct { - EC_CURVE_DATA h; - unsigned char data[20 + 25 * 6]; -} _EC_SECG_CHAR2_193R1 = { - { - NID_X9_62_characteristic_two_field, 20, 25, 2 - }, - { - /* seed */ - 0x10, 0x3F, 0xAE, 0xC7, 0x4D, 0x69, 0x6E, 0x67, 0x68, 0x75, 0x61, 0x51, - 0x75, 0x77, 0x7F, 0xC5, 0xB1, 0x91, 0xEF, 0x30, - /* p */ - 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80, - 0x01, - /* a */ - 0x00, 0x17, 0x85, 0x8F, 0xEB, 0x7A, 0x98, 0x97, 0x51, 0x69, 0xE1, 0x71, - 0xF7, 0x7B, 0x40, 0x87, 0xDE, 0x09, 0x8A, 0xC8, 0xA9, 0x11, 0xDF, 0x7B, - 0x01, - /* b */ - 0x00, 0xFD, 0xFB, 0x49, 0xBF, 0xE6, 0xC3, 0xA8, 0x9F, 0xAC, 0xAD, 0xAA, - 0x7A, 0x1E, 0x5B, 0xBC, 0x7C, 0xC1, 0xC2, 0xE5, 0xD8, 0x31, 0x47, 0x88, - 0x14, - /* x */ - 0x01, 0xF4, 0x81, 0xBC, 0x5F, 0x0F, 0xF8, 0x4A, 0x74, 0xAD, 0x6C, 0xDF, - 0x6F, 0xDE, 0xF4, 0xBF, 0x61, 0x79, 0x62, 0x53, 0x72, 0xD8, 0xC0, 0xC5, - 0xE1, - /* y */ - 0x00, 0x25, 0xE3, 0x99, 0xF2, 0x90, 0x37, 0x12, 0xCC, 0xF3, 0xEA, 0x9E, - 0x3A, 0x1A, 0xD1, 0x7F, 0xB0, 0xB3, 0x20, 0x1B, 0x6A, 0xF7, 0xCE, 0x1B, - 0x05, - /* order */ - 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0xC7, 0xF3, 0x4A, 0x77, 0x8F, 0x44, 0x3A, 0xCC, 0x92, 0x0E, 0xBA, - 0x49 - } -}; - -static const struct { - EC_CURVE_DATA h; - unsigned char data[20 + 25 * 6]; -} _EC_SECG_CHAR2_193R2 = { - { - NID_X9_62_characteristic_two_field, 20, 25, 2 - }, - { - /* seed */ - 0x10, 0xB7, 0xB4, 0xD6, 0x96, 0xE6, 0x76, 0x87, 0x56, 0x15, 0x17, 0x51, - 0x37, 0xC8, 0xA1, 0x6F, 0xD0, 0xDA, 0x22, 0x11, - /* p */ - 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80, - 0x01, - /* a */ - 0x01, 0x63, 0xF3, 0x5A, 0x51, 0x37, 0xC2, 0xCE, 0x3E, 0xA6, 0xED, 0x86, - 0x67, 0x19, 0x0B, 0x0B, 0xC4, 0x3E, 0xCD, 0x69, 0x97, 0x77, 0x02, 0x70, - 0x9B, - /* b */ - 0x00, 0xC9, 0xBB, 0x9E, 0x89, 0x27, 0xD4, 0xD6, 0x4C, 0x37, 0x7E, 0x2A, - 0xB2, 0x85, 0x6A, 0x5B, 0x16, 0xE3, 0xEF, 0xB7, 0xF6, 0x1D, 0x43, 0x16, - 0xAE, - /* x */ - 0x00, 0xD9, 0xB6, 0x7D, 0x19, 0x2E, 0x03, 0x67, 0xC8, 0x03, 0xF3, 0x9E, - 0x1A, 0x7E, 0x82, 0xCA, 0x14, 0xA6, 0x51, 0x35, 0x0A, 0xAE, 0x61, 0x7E, - 0x8F, - /* y */ - 0x01, 0xCE, 0x94, 0x33, 0x56, 0x07, 0xC3, 0x04, 0xAC, 0x29, 0xE7, 0xDE, - 0xFB, 0xD9, 0xCA, 0x01, 0xF5, 0x96, 0xF9, 0x27, 0x22, 0x4C, 0xDE, 0xCF, - 0x6C, - /* order */ - 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x01, 0x5A, 0xAB, 0x56, 0x1B, 0x00, 0x54, 0x13, 0xCC, 0xD4, 0xEE, 0x99, - 0xD5 - } -}; -# endif /* FIPS_MODULE */ - -static const struct { - EC_CURVE_DATA h; - unsigned char data[0 + 30 * 6]; -} _EC_NIST_CHAR2_233K = { - { - NID_X9_62_characteristic_two_field, 0, 30, 4 - }, - { - /* no seed */ - /* p */ - 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, - /* a */ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - /* b */ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, - /* x */ - 0x01, 0x72, 0x32, 0xBA, 0x85, 0x3A, 0x7E, 0x73, 0x1A, 0xF1, 0x29, 0xF2, - 0x2F, 0xF4, 0x14, 0x95, 0x63, 0xA4, 0x19, 0xC2, 0x6B, 0xF5, 0x0A, 0x4C, - 0x9D, 0x6E, 0xEF, 0xAD, 0x61, 0x26, - /* y */ - 0x01, 0xDB, 0x53, 0x7D, 0xEC, 0xE8, 0x19, 0xB7, 0xF7, 0x0F, 0x55, 0x5A, - 0x67, 0xC4, 0x27, 0xA8, 0xCD, 0x9B, 0xF1, 0x8A, 0xEB, 0x9B, 0x56, 0xE0, - 0xC1, 0x10, 0x56, 0xFA, 0xE6, 0xA3, - /* order */ - 0x00, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x06, 0x9D, 0x5B, 0xB9, 0x15, 0xBC, 0xD4, 0x6E, 0xFB, - 0x1A, 0xD5, 0xF1, 0x73, 0xAB, 0xDF - } -}; - -static const struct { - EC_CURVE_DATA h; - unsigned char data[20 + 30 * 6]; -} _EC_NIST_CHAR2_233B = { - { - NID_X9_62_characteristic_two_field, 20, 30, 2 - }, - { - /* seed */ - 0x74, 0xD5, 0x9F, 0xF0, 0x7F, 0x6B, 0x41, 0x3D, 0x0E, 0xA1, 0x4B, 0x34, - 0x4B, 0x20, 0xA2, 0xDB, 0x04, 0x9B, 0x50, 0xC3, - /* p */ - 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, - /* a */ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, - /* b */ - 0x00, 0x66, 0x64, 0x7E, 0xDE, 0x6C, 0x33, 0x2C, 0x7F, 0x8C, 0x09, 0x23, - 0xBB, 0x58, 0x21, 0x3B, 0x33, 0x3B, 0x20, 0xE9, 0xCE, 0x42, 0x81, 0xFE, - 0x11, 0x5F, 0x7D, 0x8F, 0x90, 0xAD, - /* x */ - 0x00, 0xFA, 0xC9, 0xDF, 0xCB, 0xAC, 0x83, 0x13, 0xBB, 0x21, 0x39, 0xF1, - 0xBB, 0x75, 0x5F, 0xEF, 0x65, 0xBC, 0x39, 0x1F, 0x8B, 0x36, 0xF8, 0xF8, - 0xEB, 0x73, 0x71, 0xFD, 0x55, 0x8B, - /* y */ - 0x01, 0x00, 0x6A, 0x08, 0xA4, 0x19, 0x03, 0x35, 0x06, 0x78, 0xE5, 0x85, - 0x28, 0xBE, 0xBF, 0x8A, 0x0B, 0xEF, 0xF8, 0x67, 0xA7, 0xCA, 0x36, 0x71, - 0x6F, 0x7E, 0x01, 0xF8, 0x10, 0x52, - /* order */ - 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x13, 0xE9, 0x74, 0xE7, 0x2F, 0x8A, 0x69, 0x22, 0x03, - 0x1D, 0x26, 0x03, 0xCF, 0xE0, 0xD7 - } -}; - -#ifndef FIPS_MODULE -static const struct { - EC_CURVE_DATA h; - unsigned char data[0 + 30 * 6]; -} _EC_SECG_CHAR2_239K1 = { - { - NID_X9_62_characteristic_two_field, 0, 30, 4 - }, - { - /* no seed */ - /* p */ - 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x40, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, - /* a */ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - /* b */ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, - /* x */ - 0x29, 0xA0, 0xB6, 0xA8, 0x87, 0xA9, 0x83, 0xE9, 0x73, 0x09, 0x88, 0xA6, - 0x87, 0x27, 0xA8, 0xB2, 0xD1, 0x26, 0xC4, 0x4C, 0xC2, 0xCC, 0x7B, 0x2A, - 0x65, 0x55, 0x19, 0x30, 0x35, 0xDC, - /* y */ - 0x76, 0x31, 0x08, 0x04, 0xF1, 0x2E, 0x54, 0x9B, 0xDB, 0x01, 0x1C, 0x10, - 0x30, 0x89, 0xE7, 0x35, 0x10, 0xAC, 0xB2, 0x75, 0xFC, 0x31, 0x2A, 0x5D, - 0xC6, 0xB7, 0x65, 0x53, 0xF0, 0xCA, - /* order */ - 0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x5A, 0x79, 0xFE, 0xC6, 0x7C, 0xB6, 0xE9, 0x1F, 0x1C, - 0x1D, 0xA8, 0x00, 0xE4, 0x78, 0xA5 - } -}; -# endif /* FIPS_MODULE */ - -static const struct { - EC_CURVE_DATA h; - unsigned char data[0 + 36 * 6]; -} _EC_NIST_CHAR2_283K = { - { - NID_X9_62_characteristic_two_field, 0, 36, 4 - }, - { - /* no seed */ - /* p */ - 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10, 0xA1, - /* a */ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - /* b */ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, - /* x */ - 0x05, 0x03, 0x21, 0x3F, 0x78, 0xCA, 0x44, 0x88, 0x3F, 0x1A, 0x3B, 0x81, - 0x62, 0xF1, 0x88, 0xE5, 0x53, 0xCD, 0x26, 0x5F, 0x23, 0xC1, 0x56, 0x7A, - 0x16, 0x87, 0x69, 0x13, 0xB0, 0xC2, 0xAC, 0x24, 0x58, 0x49, 0x28, 0x36, - /* y */ - 0x01, 0xCC, 0xDA, 0x38, 0x0F, 0x1C, 0x9E, 0x31, 0x8D, 0x90, 0xF9, 0x5D, - 0x07, 0xE5, 0x42, 0x6F, 0xE8, 0x7E, 0x45, 0xC0, 0xE8, 0x18, 0x46, 0x98, - 0xE4, 0x59, 0x62, 0x36, 0x4E, 0x34, 0x11, 0x61, 0x77, 0xDD, 0x22, 0x59, - /* order */ - 0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xE9, 0xAE, 0x2E, 0xD0, 0x75, 0x77, - 0x26, 0x5D, 0xFF, 0x7F, 0x94, 0x45, 0x1E, 0x06, 0x1E, 0x16, 0x3C, 0x61 - } -}; - -static const struct { - EC_CURVE_DATA h; - unsigned char data[20 + 36 * 6]; -} _EC_NIST_CHAR2_283B = { - { - NID_X9_62_characteristic_two_field, 20, 36, 2 - }, - { - /* seed */ - 0x77, 0xE2, 0xB0, 0x73, 0x70, 0xEB, 0x0F, 0x83, 0x2A, 0x6D, 0xD5, 0xB6, - 0x2D, 0xFC, 0x88, 0xCD, 0x06, 0xBB, 0x84, 0xBE, - /* p */ - 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10, 0xA1, - /* a */ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, - /* b */ - 0x02, 0x7B, 0x68, 0x0A, 0xC8, 0xB8, 0x59, 0x6D, 0xA5, 0xA4, 0xAF, 0x8A, - 0x19, 0xA0, 0x30, 0x3F, 0xCA, 0x97, 0xFD, 0x76, 0x45, 0x30, 0x9F, 0xA2, - 0xA5, 0x81, 0x48, 0x5A, 0xF6, 0x26, 0x3E, 0x31, 0x3B, 0x79, 0xA2, 0xF5, - /* x */ - 0x05, 0xF9, 0x39, 0x25, 0x8D, 0xB7, 0xDD, 0x90, 0xE1, 0x93, 0x4F, 0x8C, - 0x70, 0xB0, 0xDF, 0xEC, 0x2E, 0xED, 0x25, 0xB8, 0x55, 0x7E, 0xAC, 0x9C, - 0x80, 0xE2, 0xE1, 0x98, 0xF8, 0xCD, 0xBE, 0xCD, 0x86, 0xB1, 0x20, 0x53, - /* y */ - 0x03, 0x67, 0x68, 0x54, 0xFE, 0x24, 0x14, 0x1C, 0xB9, 0x8F, 0xE6, 0xD4, - 0xB2, 0x0D, 0x02, 0xB4, 0x51, 0x6F, 0xF7, 0x02, 0x35, 0x0E, 0xDD, 0xB0, - 0x82, 0x67, 0x79, 0xC8, 0x13, 0xF0, 0xDF, 0x45, 0xBE, 0x81, 0x12, 0xF4, - /* order */ - 0x03, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xEF, 0x90, 0x39, 0x96, 0x60, 0xFC, - 0x93, 0x8A, 0x90, 0x16, 0x5B, 0x04, 0x2A, 0x7C, 0xEF, 0xAD, 0xB3, 0x07 - } -}; - -static const struct { - EC_CURVE_DATA h; - unsigned char data[0 + 52 * 6]; -} _EC_NIST_CHAR2_409K = { - { - NID_X9_62_characteristic_two_field, 0, 52, 4 - }, - { - /* no seed */ - /* p */ - 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x01, - /* a */ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, - /* b */ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x01, - /* x */ - 0x00, 0x60, 0xF0, 0x5F, 0x65, 0x8F, 0x49, 0xC1, 0xAD, 0x3A, 0xB1, 0x89, - 0x0F, 0x71, 0x84, 0x21, 0x0E, 0xFD, 0x09, 0x87, 0xE3, 0x07, 0xC8, 0x4C, - 0x27, 0xAC, 0xCF, 0xB8, 0xF9, 0xF6, 0x7C, 0xC2, 0xC4, 0x60, 0x18, 0x9E, - 0xB5, 0xAA, 0xAA, 0x62, 0xEE, 0x22, 0x2E, 0xB1, 0xB3, 0x55, 0x40, 0xCF, - 0xE9, 0x02, 0x37, 0x46, - /* y */ - 0x01, 0xE3, 0x69, 0x05, 0x0B, 0x7C, 0x4E, 0x42, 0xAC, 0xBA, 0x1D, 0xAC, - 0xBF, 0x04, 0x29, 0x9C, 0x34, 0x60, 0x78, 0x2F, 0x91, 0x8E, 0xA4, 0x27, - 0xE6, 0x32, 0x51, 0x65, 0xE9, 0xEA, 0x10, 0xE3, 0xDA, 0x5F, 0x6C, 0x42, - 0xE9, 0xC5, 0x52, 0x15, 0xAA, 0x9C, 0xA2, 0x7A, 0x58, 0x63, 0xEC, 0x48, - 0xD8, 0xE0, 0x28, 0x6B, - /* order */ - 0x00, 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xFF, 0xFF, 0xFE, 0x5F, 0x83, 0xB2, 0xD4, 0xEA, 0x20, 0x40, 0x0E, 0xC4, - 0x55, 0x7D, 0x5E, 0xD3, 0xE3, 0xE7, 0xCA, 0x5B, 0x4B, 0x5C, 0x83, 0xB8, - 0xE0, 0x1E, 0x5F, 0xCF - } -}; - -static const struct { - EC_CURVE_DATA h; - unsigned char data[20 + 52 * 6]; -} _EC_NIST_CHAR2_409B = { - { - NID_X9_62_characteristic_two_field, 20, 52, 2 - }, - { - /* seed */ - 0x40, 0x99, 0xB5, 0xA4, 0x57, 0xF9, 0xD6, 0x9F, 0x79, 0x21, 0x3D, 0x09, - 0x4C, 0x4B, 0xCD, 0x4D, 0x42, 0x62, 0x21, 0x0B, - /* p */ - 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x01, - /* a */ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x01, - /* b */ - 0x00, 0x21, 0xA5, 0xC2, 0xC8, 0xEE, 0x9F, 0xEB, 0x5C, 0x4B, 0x9A, 0x75, - 0x3B, 0x7B, 0x47, 0x6B, 0x7F, 0xD6, 0x42, 0x2E, 0xF1, 0xF3, 0xDD, 0x67, - 0x47, 0x61, 0xFA, 0x99, 0xD6, 0xAC, 0x27, 0xC8, 0xA9, 0xA1, 0x97, 0xB2, - 0x72, 0x82, 0x2F, 0x6C, 0xD5, 0x7A, 0x55, 0xAA, 0x4F, 0x50, 0xAE, 0x31, - 0x7B, 0x13, 0x54, 0x5F, - /* x */ - 0x01, 0x5D, 0x48, 0x60, 0xD0, 0x88, 0xDD, 0xB3, 0x49, 0x6B, 0x0C, 0x60, - 0x64, 0x75, 0x62, 0x60, 0x44, 0x1C, 0xDE, 0x4A, 0xF1, 0x77, 0x1D, 0x4D, - 0xB0, 0x1F, 0xFE, 0x5B, 0x34, 0xE5, 0x97, 0x03, 0xDC, 0x25, 0x5A, 0x86, - 0x8A, 0x11, 0x80, 0x51, 0x56, 0x03, 0xAE, 0xAB, 0x60, 0x79, 0x4E, 0x54, - 0xBB, 0x79, 0x96, 0xA7, - /* y */ - 0x00, 0x61, 0xB1, 0xCF, 0xAB, 0x6B, 0xE5, 0xF3, 0x2B, 0xBF, 0xA7, 0x83, - 0x24, 0xED, 0x10, 0x6A, 0x76, 0x36, 0xB9, 0xC5, 0xA7, 0xBD, 0x19, 0x8D, - 0x01, 0x58, 0xAA, 0x4F, 0x54, 0x88, 0xD0, 0x8F, 0x38, 0x51, 0x4F, 0x1F, - 0xDF, 0x4B, 0x4F, 0x40, 0xD2, 0x18, 0x1B, 0x36, 0x81, 0xC3, 0x64, 0xBA, - 0x02, 0x73, 0xC7, 0x06, - /* order */ - 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x01, 0xE2, 0xAA, 0xD6, 0xA6, 0x12, 0xF3, 0x33, 0x07, 0xBE, - 0x5F, 0xA4, 0x7C, 0x3C, 0x9E, 0x05, 0x2F, 0x83, 0x81, 0x64, 0xCD, 0x37, - 0xD9, 0xA2, 0x11, 0x73 - } -}; - -static const struct { - EC_CURVE_DATA h; - unsigned char data[0 + 72 * 6]; -} _EC_NIST_CHAR2_571K = { - { - NID_X9_62_characteristic_two_field, 0, 72, 4 - }, - { - /* no seed */ - /* p */ - 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x25, - /* a */ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - /* b */ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, - /* x */ - 0x02, 0x6E, 0xB7, 0xA8, 0x59, 0x92, 0x3F, 0xBC, 0x82, 0x18, 0x96, 0x31, - 0xF8, 0x10, 0x3F, 0xE4, 0xAC, 0x9C, 0xA2, 0x97, 0x00, 0x12, 0xD5, 0xD4, - 0x60, 0x24, 0x80, 0x48, 0x01, 0x84, 0x1C, 0xA4, 0x43, 0x70, 0x95, 0x84, - 0x93, 0xB2, 0x05, 0xE6, 0x47, 0xDA, 0x30, 0x4D, 0xB4, 0xCE, 0xB0, 0x8C, - 0xBB, 0xD1, 0xBA, 0x39, 0x49, 0x47, 0x76, 0xFB, 0x98, 0x8B, 0x47, 0x17, - 0x4D, 0xCA, 0x88, 0xC7, 0xE2, 0x94, 0x52, 0x83, 0xA0, 0x1C, 0x89, 0x72, - /* y */ - 0x03, 0x49, 0xDC, 0x80, 0x7F, 0x4F, 0xBF, 0x37, 0x4F, 0x4A, 0xEA, 0xDE, - 0x3B, 0xCA, 0x95, 0x31, 0x4D, 0xD5, 0x8C, 0xEC, 0x9F, 0x30, 0x7A, 0x54, - 0xFF, 0xC6, 0x1E, 0xFC, 0x00, 0x6D, 0x8A, 0x2C, 0x9D, 0x49, 0x79, 0xC0, - 0xAC, 0x44, 0xAE, 0xA7, 0x4F, 0xBE, 0xBB, 0xB9, 0xF7, 0x72, 0xAE, 0xDC, - 0xB6, 0x20, 0xB0, 0x1A, 0x7B, 0xA7, 0xAF, 0x1B, 0x32, 0x04, 0x30, 0xC8, - 0x59, 0x19, 0x84, 0xF6, 0x01, 0xCD, 0x4C, 0x14, 0x3E, 0xF1, 0xC7, 0xA3, - /* order */ - 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x13, 0x18, 0x50, 0xE1, 0xF1, 0x9A, 0x63, 0xE4, 0xB3, 0x91, 0xA8, 0xDB, - 0x91, 0x7F, 0x41, 0x38, 0xB6, 0x30, 0xD8, 0x4B, 0xE5, 0xD6, 0x39, 0x38, - 0x1E, 0x91, 0xDE, 0xB4, 0x5C, 0xFE, 0x77, 0x8F, 0x63, 0x7C, 0x10, 0x01 - } -}; - -static const struct { - EC_CURVE_DATA h; - unsigned char data[20 + 72 * 6]; -} _EC_NIST_CHAR2_571B = { - { - NID_X9_62_characteristic_two_field, 20, 72, 2 - }, - { - /* seed */ - 0x2A, 0xA0, 0x58, 0xF7, 0x3A, 0x0E, 0x33, 0xAB, 0x48, 0x6B, 0x0F, 0x61, - 0x04, 0x10, 0xC5, 0x3A, 0x7F, 0x13, 0x23, 0x10, - /* p */ - 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x25, - /* a */ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, - /* b */ - 0x02, 0xF4, 0x0E, 0x7E, 0x22, 0x21, 0xF2, 0x95, 0xDE, 0x29, 0x71, 0x17, - 0xB7, 0xF3, 0xD6, 0x2F, 0x5C, 0x6A, 0x97, 0xFF, 0xCB, 0x8C, 0xEF, 0xF1, - 0xCD, 0x6B, 0xA8, 0xCE, 0x4A, 0x9A, 0x18, 0xAD, 0x84, 0xFF, 0xAB, 0xBD, - 0x8E, 0xFA, 0x59, 0x33, 0x2B, 0xE7, 0xAD, 0x67, 0x56, 0xA6, 0x6E, 0x29, - 0x4A, 0xFD, 0x18, 0x5A, 0x78, 0xFF, 0x12, 0xAA, 0x52, 0x0E, 0x4D, 0xE7, - 0x39, 0xBA, 0xCA, 0x0C, 0x7F, 0xFE, 0xFF, 0x7F, 0x29, 0x55, 0x72, 0x7A, - /* x */ - 0x03, 0x03, 0x00, 0x1D, 0x34, 0xB8, 0x56, 0x29, 0x6C, 0x16, 0xC0, 0xD4, - 0x0D, 0x3C, 0xD7, 0x75, 0x0A, 0x93, 0xD1, 0xD2, 0x95, 0x5F, 0xA8, 0x0A, - 0xA5, 0xF4, 0x0F, 0xC8, 0xDB, 0x7B, 0x2A, 0xBD, 0xBD, 0xE5, 0x39, 0x50, - 0xF4, 0xC0, 0xD2, 0x93, 0xCD, 0xD7, 0x11, 0xA3, 0x5B, 0x67, 0xFB, 0x14, - 0x99, 0xAE, 0x60, 0x03, 0x86, 0x14, 0xF1, 0x39, 0x4A, 0xBF, 0xA3, 0xB4, - 0xC8, 0x50, 0xD9, 0x27, 0xE1, 0xE7, 0x76, 0x9C, 0x8E, 0xEC, 0x2D, 0x19, - /* y */ - 0x03, 0x7B, 0xF2, 0x73, 0x42, 0xDA, 0x63, 0x9B, 0x6D, 0xCC, 0xFF, 0xFE, - 0xB7, 0x3D, 0x69, 0xD7, 0x8C, 0x6C, 0x27, 0xA6, 0x00, 0x9C, 0xBB, 0xCA, - 0x19, 0x80, 0xF8, 0x53, 0x39, 0x21, 0xE8, 0xA6, 0x84, 0x42, 0x3E, 0x43, - 0xBA, 0xB0, 0x8A, 0x57, 0x62, 0x91, 0xAF, 0x8F, 0x46, 0x1B, 0xB2, 0xA8, - 0xB3, 0x53, 0x1D, 0x2F, 0x04, 0x85, 0xC1, 0x9B, 0x16, 0xE2, 0xF1, 0x51, - 0x6E, 0x23, 0xDD, 0x3C, 0x1A, 0x48, 0x27, 0xAF, 0x1B, 0x8A, 0xC1, 0x5B, - /* order */ - 0x03, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xE6, 0x61, 0xCE, 0x18, 0xFF, 0x55, 0x98, 0x73, 0x08, 0x05, 0x9B, 0x18, - 0x68, 0x23, 0x85, 0x1E, 0xC7, 0xDD, 0x9C, 0xA1, 0x16, 0x1D, 0xE9, 0x3D, - 0x51, 0x74, 0xD6, 0x6E, 0x83, 0x82, 0xE9, 0xBB, 0x2F, 0xE8, 0x4E, 0x47 - } -}; - -# ifndef FIPS_MODULE -static const struct { - EC_CURVE_DATA h; - unsigned char data[20 + 21 * 6]; -} _EC_X9_62_CHAR2_163V1 = { - { - NID_X9_62_characteristic_two_field, 20, 21, 2 - }, - { - /* seed */ - 0xD2, 0xC0, 0xFB, 0x15, 0x76, 0x08, 0x60, 0xDE, 0xF1, 0xEE, 0xF4, 0xD6, - 0x96, 0xE6, 0x76, 0x87, 0x56, 0x15, 0x17, 0x54, - /* p */ - 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x07, - /* a */ - 0x07, 0x25, 0x46, 0xB5, 0x43, 0x52, 0x34, 0xA4, 0x22, 0xE0, 0x78, 0x96, - 0x75, 0xF4, 0x32, 0xC8, 0x94, 0x35, 0xDE, 0x52, 0x42, - /* b */ - 0x00, 0xC9, 0x51, 0x7D, 0x06, 0xD5, 0x24, 0x0D, 0x3C, 0xFF, 0x38, 0xC7, - 0x4B, 0x20, 0xB6, 0xCD, 0x4D, 0x6F, 0x9D, 0xD4, 0xD9, - /* x */ - 0x07, 0xAF, 0x69, 0x98, 0x95, 0x46, 0x10, 0x3D, 0x79, 0x32, 0x9F, 0xCC, - 0x3D, 0x74, 0x88, 0x0F, 0x33, 0xBB, 0xE8, 0x03, 0xCB, - /* y */ - 0x01, 0xEC, 0x23, 0x21, 0x1B, 0x59, 0x66, 0xAD, 0xEA, 0x1D, 0x3F, 0x87, - 0xF7, 0xEA, 0x58, 0x48, 0xAE, 0xF0, 0xB7, 0xCA, 0x9F, - /* order */ - 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xE6, - 0x0F, 0xC8, 0x82, 0x1C, 0xC7, 0x4D, 0xAE, 0xAF, 0xC1 - } -}; - -static const struct { - EC_CURVE_DATA h; - unsigned char data[20 + 21 * 6]; -} _EC_X9_62_CHAR2_163V2 = { - { - NID_X9_62_characteristic_two_field, 20, 21, 2 - }, - { - /* seed */ - 0x53, 0x81, 0x4C, 0x05, 0x0D, 0x44, 0xD6, 0x96, 0xE6, 0x76, 0x87, 0x56, - 0x15, 0x17, 0x58, 0x0C, 0xA4, 0xE2, 0x9F, 0xFD, - /* p */ - 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x07, - /* a */ - 0x01, 0x08, 0xB3, 0x9E, 0x77, 0xC4, 0xB1, 0x08, 0xBE, 0xD9, 0x81, 0xED, - 0x0E, 0x89, 0x0E, 0x11, 0x7C, 0x51, 0x1C, 0xF0, 0x72, - /* b */ - 0x06, 0x67, 0xAC, 0xEB, 0x38, 0xAF, 0x4E, 0x48, 0x8C, 0x40, 0x74, 0x33, - 0xFF, 0xAE, 0x4F, 0x1C, 0x81, 0x16, 0x38, 0xDF, 0x20, - /* x */ - 0x00, 0x24, 0x26, 0x6E, 0x4E, 0xB5, 0x10, 0x6D, 0x0A, 0x96, 0x4D, 0x92, - 0xC4, 0x86, 0x0E, 0x26, 0x71, 0xDB, 0x9B, 0x6C, 0xC5, - /* y */ - 0x07, 0x9F, 0x68, 0x4D, 0xDF, 0x66, 0x84, 0xC5, 0xCD, 0x25, 0x8B, 0x38, - 0x90, 0x02, 0x1B, 0x23, 0x86, 0xDF, 0xD1, 0x9F, 0xC5, - /* order */ - 0x03, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFD, 0xF6, - 0x4D, 0xE1, 0x15, 0x1A, 0xDB, 0xB7, 0x8F, 0x10, 0xA7 - } -}; - -static const struct { - EC_CURVE_DATA h; - unsigned char data[20 + 21 * 6]; -} _EC_X9_62_CHAR2_163V3 = { - { - NID_X9_62_characteristic_two_field, 20, 21, 2 - }, - { - /* seed */ - 0x50, 0xCB, 0xF1, 0xD9, 0x5C, 0xA9, 0x4D, 0x69, 0x6E, 0x67, 0x68, 0x75, - 0x61, 0x51, 0x75, 0xF1, 0x6A, 0x36, 0xA3, 0xB8, - /* p */ - 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x07, - /* a */ - 0x07, 0xA5, 0x26, 0xC6, 0x3D, 0x3E, 0x25, 0xA2, 0x56, 0xA0, 0x07, 0x69, - 0x9F, 0x54, 0x47, 0xE3, 0x2A, 0xE4, 0x56, 0xB5, 0x0E, - /* b */ - 0x03, 0xF7, 0x06, 0x17, 0x98, 0xEB, 0x99, 0xE2, 0x38, 0xFD, 0x6F, 0x1B, - 0xF9, 0x5B, 0x48, 0xFE, 0xEB, 0x48, 0x54, 0x25, 0x2B, - /* x */ - 0x02, 0xF9, 0xF8, 0x7B, 0x7C, 0x57, 0x4D, 0x0B, 0xDE, 0xCF, 0x8A, 0x22, - 0xE6, 0x52, 0x47, 0x75, 0xF9, 0x8C, 0xDE, 0xBD, 0xCB, - /* y */ - 0x05, 0xB9, 0x35, 0x59, 0x0C, 0x15, 0x5E, 0x17, 0xEA, 0x48, 0xEB, 0x3F, - 0xF3, 0x71, 0x8B, 0x89, 0x3D, 0xF5, 0x9A, 0x05, 0xD0, - /* order */ - 0x03, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0x1A, - 0xEE, 0x14, 0x0F, 0x11, 0x0A, 0xFF, 0x96, 0x13, 0x09 - } -}; - -static const struct { - EC_CURVE_DATA h; - unsigned char data[0 + 23 * 6]; -} _EC_X9_62_CHAR2_176V1 = { - { - NID_X9_62_characteristic_two_field, 0, 23, 0xFF6E - }, - { - /* no seed */ - /* p */ - 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x08, 0x00, 0x00, 0x00, 0x00, 0x07, - /* a */ - 0x00, 0xE4, 0xE6, 0xDB, 0x29, 0x95, 0x06, 0x5C, 0x40, 0x7D, 0x9D, 0x39, - 0xB8, 0xD0, 0x96, 0x7B, 0x96, 0x70, 0x4B, 0xA8, 0xE9, 0xC9, 0x0B, - /* b */ - 0x00, 0x5D, 0xDA, 0x47, 0x0A, 0xBE, 0x64, 0x14, 0xDE, 0x8E, 0xC1, 0x33, - 0xAE, 0x28, 0xE9, 0xBB, 0xD7, 0xFC, 0xEC, 0x0A, 0xE0, 0xFF, 0xF2, - /* x */ - 0x00, 0x8D, 0x16, 0xC2, 0x86, 0x67, 0x98, 0xB6, 0x00, 0xF9, 0xF0, 0x8B, - 0xB4, 0xA8, 0xE8, 0x60, 0xF3, 0x29, 0x8C, 0xE0, 0x4A, 0x57, 0x98, - /* y */ - 0x00, 0x6F, 0xA4, 0x53, 0x9C, 0x2D, 0xAD, 0xDD, 0xD6, 0xBA, 0xB5, 0x16, - 0x7D, 0x61, 0xB4, 0x36, 0xE1, 0xD9, 0x2B, 0xB1, 0x6A, 0x56, 0x2C, - /* order */ - 0x00, 0x00, 0x01, 0x00, 0x92, 0x53, 0x73, 0x97, 0xEC, 0xA4, 0xF6, 0x14, - 0x57, 0x99, 0xD6, 0x2B, 0x0A, 0x19, 0xCE, 0x06, 0xFE, 0x26, 0xAD - } -}; - -static const struct { - EC_CURVE_DATA h; - unsigned char data[20 + 24 * 6]; -} _EC_X9_62_CHAR2_191V1 = { - { - NID_X9_62_characteristic_two_field, 20, 24, 2 - }, - { - /* seed */ - 0x4E, 0x13, 0xCA, 0x54, 0x27, 0x44, 0xD6, 0x96, 0xE6, 0x76, 0x87, 0x56, - 0x15, 0x17, 0x55, 0x2F, 0x27, 0x9A, 0x8C, 0x84, - /* p */ - 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x01, - /* a */ - 0x28, 0x66, 0x53, 0x7B, 0x67, 0x67, 0x52, 0x63, 0x6A, 0x68, 0xF5, 0x65, - 0x54, 0xE1, 0x26, 0x40, 0x27, 0x6B, 0x64, 0x9E, 0xF7, 0x52, 0x62, 0x67, - /* b */ - 0x2E, 0x45, 0xEF, 0x57, 0x1F, 0x00, 0x78, 0x6F, 0x67, 0xB0, 0x08, 0x1B, - 0x94, 0x95, 0xA3, 0xD9, 0x54, 0x62, 0xF5, 0xDE, 0x0A, 0xA1, 0x85, 0xEC, - /* x */ - 0x36, 0xB3, 0xDA, 0xF8, 0xA2, 0x32, 0x06, 0xF9, 0xC4, 0xF2, 0x99, 0xD7, - 0xB2, 0x1A, 0x9C, 0x36, 0x91, 0x37, 0xF2, 0xC8, 0x4A, 0xE1, 0xAA, 0x0D, - /* y */ - 0x76, 0x5B, 0xE7, 0x34, 0x33, 0xB3, 0xF9, 0x5E, 0x33, 0x29, 0x32, 0xE7, - 0x0E, 0xA2, 0x45, 0xCA, 0x24, 0x18, 0xEA, 0x0E, 0xF9, 0x80, 0x18, 0xFB, - /* order */ - 0x40, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x04, 0xA2, 0x0E, 0x90, 0xC3, 0x90, 0x67, 0xC8, 0x93, 0xBB, 0xB9, 0xA5 - } -}; - -static const struct { - EC_CURVE_DATA h; - unsigned char data[20 + 24 * 6]; -} _EC_X9_62_CHAR2_191V2 = { - { - NID_X9_62_characteristic_two_field, 20, 24, 4 - }, - { - /* seed */ - 0x08, 0x71, 0xEF, 0x2F, 0xEF, 0x24, 0xD6, 0x96, 0xE6, 0x76, 0x87, 0x56, - 0x15, 0x17, 0x58, 0xBE, 0xE0, 0xD9, 0x5C, 0x15, - /* p */ - 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x01, - /* a */ - 0x40, 0x10, 0x28, 0x77, 0x4D, 0x77, 0x77, 0xC7, 0xB7, 0x66, 0x6D, 0x13, - 0x66, 0xEA, 0x43, 0x20, 0x71, 0x27, 0x4F, 0x89, 0xFF, 0x01, 0xE7, 0x18, - /* b */ - 0x06, 0x20, 0x04, 0x8D, 0x28, 0xBC, 0xBD, 0x03, 0xB6, 0x24, 0x9C, 0x99, - 0x18, 0x2B, 0x7C, 0x8C, 0xD1, 0x97, 0x00, 0xC3, 0x62, 0xC4, 0x6A, 0x01, - /* x */ - 0x38, 0x09, 0xB2, 0xB7, 0xCC, 0x1B, 0x28, 0xCC, 0x5A, 0x87, 0x92, 0x6A, - 0xAD, 0x83, 0xFD, 0x28, 0x78, 0x9E, 0x81, 0xE2, 0xC9, 0xE3, 0xBF, 0x10, - /* y */ - 0x17, 0x43, 0x43, 0x86, 0x62, 0x6D, 0x14, 0xF3, 0xDB, 0xF0, 0x17, 0x60, - 0xD9, 0x21, 0x3A, 0x3E, 0x1C, 0xF3, 0x7A, 0xEC, 0x43, 0x7D, 0x66, 0x8A, - /* order */ - 0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x50, 0x50, 0x8C, 0xB8, 0x9F, 0x65, 0x28, 0x24, 0xE0, 0x6B, 0x81, 0x73 - } -}; - -static const struct { - EC_CURVE_DATA h; - unsigned char data[20 + 24 * 6]; -} _EC_X9_62_CHAR2_191V3 = { - { - NID_X9_62_characteristic_two_field, 20, 24, 6 - }, - { - /* seed */ - 0xE0, 0x53, 0x51, 0x2D, 0xC6, 0x84, 0xD6, 0x96, 0xE6, 0x76, 0x87, 0x56, - 0x15, 0x17, 0x50, 0x67, 0xAE, 0x78, 0x6D, 0x1F, - /* p */ - 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x01, - /* a */ - 0x6C, 0x01, 0x07, 0x47, 0x56, 0x09, 0x91, 0x22, 0x22, 0x10, 0x56, 0x91, - 0x1C, 0x77, 0xD7, 0x7E, 0x77, 0xA7, 0x77, 0xE7, 0xE7, 0xE7, 0x7F, 0xCB, - /* b */ - 0x71, 0xFE, 0x1A, 0xF9, 0x26, 0xCF, 0x84, 0x79, 0x89, 0xEF, 0xEF, 0x8D, - 0xB4, 0x59, 0xF6, 0x63, 0x94, 0xD9, 0x0F, 0x32, 0xAD, 0x3F, 0x15, 0xE8, - /* x */ - 0x37, 0x5D, 0x4C, 0xE2, 0x4F, 0xDE, 0x43, 0x44, 0x89, 0xDE, 0x87, 0x46, - 0xE7, 0x17, 0x86, 0x01, 0x50, 0x09, 0xE6, 0x6E, 0x38, 0xA9, 0x26, 0xDD, - /* y */ - 0x54, 0x5A, 0x39, 0x17, 0x61, 0x96, 0x57, 0x5D, 0x98, 0x59, 0x99, 0x36, - 0x6E, 0x6A, 0xD3, 0x4C, 0xE0, 0xA7, 0x7C, 0xD7, 0x12, 0x7B, 0x06, 0xBE, - /* order */ - 0x15, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, - 0x61, 0x0C, 0x0B, 0x19, 0x68, 0x12, 0xBF, 0xB6, 0x28, 0x8A, 0x3E, 0xA3 - } -}; - -static const struct { - EC_CURVE_DATA h; - unsigned char data[0 + 27 * 6]; -} _EC_X9_62_CHAR2_208W1 = { - { - NID_X9_62_characteristic_two_field, 0, 27, 0xFE48 - }, - { - /* no seed */ - /* p */ - 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x07, - /* a */ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, - /* b */ - 0x00, 0xC8, 0x61, 0x9E, 0xD4, 0x5A, 0x62, 0xE6, 0x21, 0x2E, 0x11, 0x60, - 0x34, 0x9E, 0x2B, 0xFA, 0x84, 0x44, 0x39, 0xFA, 0xFC, 0x2A, 0x3F, 0xD1, - 0x63, 0x8F, 0x9E, - /* x */ - 0x00, 0x89, 0xFD, 0xFB, 0xE4, 0xAB, 0xE1, 0x93, 0xDF, 0x95, 0x59, 0xEC, - 0xF0, 0x7A, 0xC0, 0xCE, 0x78, 0x55, 0x4E, 0x27, 0x84, 0xEB, 0x8C, 0x1E, - 0xD1, 0xA5, 0x7A, - /* y */ - 0x00, 0x0F, 0x55, 0xB5, 0x1A, 0x06, 0xE7, 0x8E, 0x9A, 0xC3, 0x8A, 0x03, - 0x5F, 0xF5, 0x20, 0xD8, 0xB0, 0x17, 0x81, 0xBE, 0xB1, 0xA6, 0xBB, 0x08, - 0x61, 0x7D, 0xE3, - /* order */ - 0x00, 0x00, 0x01, 0x01, 0xBA, 0xF9, 0x5C, 0x97, 0x23, 0xC5, 0x7B, 0x6C, - 0x21, 0xDA, 0x2E, 0xFF, 0x2D, 0x5E, 0xD5, 0x88, 0xBD, 0xD5, 0x71, 0x7E, - 0x21, 0x2F, 0x9D - } -}; - -static const struct { - EC_CURVE_DATA h; - unsigned char data[20 + 30 * 6]; -} _EC_X9_62_CHAR2_239V1 = { - { - NID_X9_62_characteristic_two_field, 20, 30, 4 - }, - { - /* seed */ - 0xD3, 0x4B, 0x9A, 0x4D, 0x69, 0x6E, 0x67, 0x68, 0x75, 0x61, 0x51, 0x75, - 0xCA, 0x71, 0xB9, 0x20, 0xBF, 0xEF, 0xB0, 0x5D, - /* p */ - 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x10, 0x00, 0x00, 0x00, 0x01, - /* a */ - 0x32, 0x01, 0x08, 0x57, 0x07, 0x7C, 0x54, 0x31, 0x12, 0x3A, 0x46, 0xB8, - 0x08, 0x90, 0x67, 0x56, 0xF5, 0x43, 0x42, 0x3E, 0x8D, 0x27, 0x87, 0x75, - 0x78, 0x12, 0x57, 0x78, 0xAC, 0x76, - /* b */ - 0x79, 0x04, 0x08, 0xF2, 0xEE, 0xDA, 0xF3, 0x92, 0xB0, 0x12, 0xED, 0xEF, - 0xB3, 0x39, 0x2F, 0x30, 0xF4, 0x32, 0x7C, 0x0C, 0xA3, 0xF3, 0x1F, 0xC3, - 0x83, 0xC4, 0x22, 0xAA, 0x8C, 0x16, - /* x */ - 0x57, 0x92, 0x70, 0x98, 0xFA, 0x93, 0x2E, 0x7C, 0x0A, 0x96, 0xD3, 0xFD, - 0x5B, 0x70, 0x6E, 0xF7, 0xE5, 0xF5, 0xC1, 0x56, 0xE1, 0x6B, 0x7E, 0x7C, - 0x86, 0x03, 0x85, 0x52, 0xE9, 0x1D, - /* y */ - 0x61, 0xD8, 0xEE, 0x50, 0x77, 0xC3, 0x3F, 0xEC, 0xF6, 0xF1, 0xA1, 0x6B, - 0x26, 0x8D, 0xE4, 0x69, 0xC3, 0xC7, 0x74, 0x4E, 0xA9, 0xA9, 0x71, 0x64, - 0x9F, 0xC7, 0xA9, 0x61, 0x63, 0x05, - /* order */ - 0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x0F, 0x4D, 0x42, 0xFF, 0xE1, 0x49, 0x2A, 0x49, 0x93, - 0xF1, 0xCA, 0xD6, 0x66, 0xE4, 0x47 - } -}; - -static const struct { - EC_CURVE_DATA h; - unsigned char data[20 + 30 * 6]; -} _EC_X9_62_CHAR2_239V2 = { - { - NID_X9_62_characteristic_two_field, 20, 30, 6 - }, - { - /* seed */ - 0x2A, 0xA6, 0x98, 0x2F, 0xDF, 0xA4, 0xD6, 0x96, 0xE6, 0x76, 0x87, 0x56, - 0x15, 0x17, 0x5D, 0x26, 0x67, 0x27, 0x27, 0x7D, - /* p */ - 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x10, 0x00, 0x00, 0x00, 0x01, - /* a */ - 0x42, 0x30, 0x01, 0x77, 0x57, 0xA7, 0x67, 0xFA, 0xE4, 0x23, 0x98, 0x56, - 0x9B, 0x74, 0x63, 0x25, 0xD4, 0x53, 0x13, 0xAF, 0x07, 0x66, 0x26, 0x64, - 0x79, 0xB7, 0x56, 0x54, 0xE6, 0x5F, - /* b */ - 0x50, 0x37, 0xEA, 0x65, 0x41, 0x96, 0xCF, 0xF0, 0xCD, 0x82, 0xB2, 0xC1, - 0x4A, 0x2F, 0xCF, 0x2E, 0x3F, 0xF8, 0x77, 0x52, 0x85, 0xB5, 0x45, 0x72, - 0x2F, 0x03, 0xEA, 0xCD, 0xB7, 0x4B, - /* x */ - 0x28, 0xF9, 0xD0, 0x4E, 0x90, 0x00, 0x69, 0xC8, 0xDC, 0x47, 0xA0, 0x85, - 0x34, 0xFE, 0x76, 0xD2, 0xB9, 0x00, 0xB7, 0xD7, 0xEF, 0x31, 0xF5, 0x70, - 0x9F, 0x20, 0x0C, 0x4C, 0xA2, 0x05, - /* y */ - 0x56, 0x67, 0x33, 0x4C, 0x45, 0xAF, 0xF3, 0xB5, 0xA0, 0x3B, 0xAD, 0x9D, - 0xD7, 0x5E, 0x2C, 0x71, 0xA9, 0x93, 0x62, 0x56, 0x7D, 0x54, 0x53, 0xF7, - 0xFA, 0x6E, 0x22, 0x7E, 0xC8, 0x33, - /* order */ - 0x15, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, - 0x55, 0x55, 0x55, 0x3C, 0x6F, 0x28, 0x85, 0x25, 0x9C, 0x31, 0xE3, 0xFC, - 0xDF, 0x15, 0x46, 0x24, 0x52, 0x2D - } -}; - -static const struct { - EC_CURVE_DATA h; - unsigned char data[20 + 30 * 6]; -} _EC_X9_62_CHAR2_239V3 = { - { - NID_X9_62_characteristic_two_field, 20, 30, 0xA - }, - { - /* seed */ - 0x9E, 0x07, 0x6F, 0x4D, 0x69, 0x6E, 0x67, 0x68, 0x75, 0x61, 0x51, 0x75, - 0xE1, 0x1E, 0x9F, 0xDD, 0x77, 0xF9, 0x20, 0x41, - /* p */ - 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x10, 0x00, 0x00, 0x00, 0x01, - /* a */ - 0x01, 0x23, 0x87, 0x74, 0x66, 0x6A, 0x67, 0x76, 0x6D, 0x66, 0x76, 0xF7, - 0x78, 0xE6, 0x76, 0xB6, 0x69, 0x99, 0x17, 0x66, 0x66, 0xE6, 0x87, 0x66, - 0x6D, 0x87, 0x66, 0xC6, 0x6A, 0x9F, - /* b */ - 0x6A, 0x94, 0x19, 0x77, 0xBA, 0x9F, 0x6A, 0x43, 0x51, 0x99, 0xAC, 0xFC, - 0x51, 0x06, 0x7E, 0xD5, 0x87, 0xF5, 0x19, 0xC5, 0xEC, 0xB5, 0x41, 0xB8, - 0xE4, 0x41, 0x11, 0xDE, 0x1D, 0x40, - /* x */ - 0x70, 0xF6, 0xE9, 0xD0, 0x4D, 0x28, 0x9C, 0x4E, 0x89, 0x91, 0x3C, 0xE3, - 0x53, 0x0B, 0xFD, 0xE9, 0x03, 0x97, 0x7D, 0x42, 0xB1, 0x46, 0xD5, 0x39, - 0xBF, 0x1B, 0xDE, 0x4E, 0x9C, 0x92, - /* y */ - 0x2E, 0x5A, 0x0E, 0xAF, 0x6E, 0x5E, 0x13, 0x05, 0xB9, 0x00, 0x4D, 0xCE, - 0x5C, 0x0E, 0xD7, 0xFE, 0x59, 0xA3, 0x56, 0x08, 0xF3, 0x38, 0x37, 0xC8, - 0x16, 0xD8, 0x0B, 0x79, 0xF4, 0x61, - /* order */ - 0x0C, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, - 0xCC, 0xCC, 0xCC, 0xAC, 0x49, 0x12, 0xD2, 0xD9, 0xDF, 0x90, 0x3E, 0xF9, - 0x88, 0x8B, 0x8A, 0x0E, 0x4C, 0xFF - } -}; - -static const struct { - EC_CURVE_DATA h; - unsigned char data[0 + 35 * 6]; -} _EC_X9_62_CHAR2_272W1 = { - { - NID_X9_62_characteristic_two_field, 0, 35, 0xFF06 - }, - { - /* no seed */ - /* p */ - 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0B, - /* a */ - 0x00, 0x91, 0xA0, 0x91, 0xF0, 0x3B, 0x5F, 0xBA, 0x4A, 0xB2, 0xCC, 0xF4, - 0x9C, 0x4E, 0xDD, 0x22, 0x0F, 0xB0, 0x28, 0x71, 0x2D, 0x42, 0xBE, 0x75, - 0x2B, 0x2C, 0x40, 0x09, 0x4D, 0xBA, 0xCD, 0xB5, 0x86, 0xFB, 0x20, - /* b */ - 0x00, 0x71, 0x67, 0xEF, 0xC9, 0x2B, 0xB2, 0xE3, 0xCE, 0x7C, 0x8A, 0xAA, - 0xFF, 0x34, 0xE1, 0x2A, 0x9C, 0x55, 0x70, 0x03, 0xD7, 0xC7, 0x3A, 0x6F, - 0xAF, 0x00, 0x3F, 0x99, 0xF6, 0xCC, 0x84, 0x82, 0xE5, 0x40, 0xF7, - /* x */ - 0x00, 0x61, 0x08, 0xBA, 0xBB, 0x2C, 0xEE, 0xBC, 0xF7, 0x87, 0x05, 0x8A, - 0x05, 0x6C, 0xBE, 0x0C, 0xFE, 0x62, 0x2D, 0x77, 0x23, 0xA2, 0x89, 0xE0, - 0x8A, 0x07, 0xAE, 0x13, 0xEF, 0x0D, 0x10, 0xD1, 0x71, 0xDD, 0x8D, - /* y */ - 0x00, 0x10, 0xC7, 0x69, 0x57, 0x16, 0x85, 0x1E, 0xEF, 0x6B, 0xA7, 0xF6, - 0x87, 0x2E, 0x61, 0x42, 0xFB, 0xD2, 0x41, 0xB8, 0x30, 0xFF, 0x5E, 0xFC, - 0xAC, 0xEC, 0xCA, 0xB0, 0x5E, 0x02, 0x00, 0x5D, 0xDE, 0x9D, 0x23, - /* order */ - 0x00, 0x00, 0x01, 0x00, 0xFA, 0xF5, 0x13, 0x54, 0xE0, 0xE3, 0x9E, 0x48, - 0x92, 0xDF, 0x6E, 0x31, 0x9C, 0x72, 0xC8, 0x16, 0x16, 0x03, 0xFA, 0x45, - 0xAA, 0x7B, 0x99, 0x8A, 0x16, 0x7B, 0x8F, 0x1E, 0x62, 0x95, 0x21 - } -}; - -static const struct { - EC_CURVE_DATA h; - unsigned char data[0 + 39 * 6]; -} _EC_X9_62_CHAR2_304W1 = { - { - NID_X9_62_characteristic_two_field, 0, 39, 0xFE2E - }, - { - /* no seed */ - /* p */ - 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x08, 0x07, - /* a */ - 0x00, 0xFD, 0x0D, 0x69, 0x31, 0x49, 0xA1, 0x18, 0xF6, 0x51, 0xE6, 0xDC, - 0xE6, 0x80, 0x20, 0x85, 0x37, 0x7E, 0x5F, 0x88, 0x2D, 0x1B, 0x51, 0x0B, - 0x44, 0x16, 0x00, 0x74, 0xC1, 0x28, 0x80, 0x78, 0x36, 0x5A, 0x03, 0x96, - 0xC8, 0xE6, 0x81, - /* b */ - 0x00, 0xBD, 0xDB, 0x97, 0xE5, 0x55, 0xA5, 0x0A, 0x90, 0x8E, 0x43, 0xB0, - 0x1C, 0x79, 0x8E, 0xA5, 0xDA, 0xA6, 0x78, 0x8F, 0x1E, 0xA2, 0x79, 0x4E, - 0xFC, 0xF5, 0x71, 0x66, 0xB8, 0xC1, 0x40, 0x39, 0x60, 0x1E, 0x55, 0x82, - 0x73, 0x40, 0xBE, - /* x */ - 0x00, 0x19, 0x7B, 0x07, 0x84, 0x5E, 0x9B, 0xE2, 0xD9, 0x6A, 0xDB, 0x0F, - 0x5F, 0x3C, 0x7F, 0x2C, 0xFF, 0xBD, 0x7A, 0x3E, 0xB8, 0xB6, 0xFE, 0xC3, - 0x5C, 0x7F, 0xD6, 0x7F, 0x26, 0xDD, 0xF6, 0x28, 0x5A, 0x64, 0x4F, 0x74, - 0x0A, 0x26, 0x14, - /* y */ - 0x00, 0xE1, 0x9F, 0xBE, 0xB7, 0x6E, 0x0D, 0xA1, 0x71, 0x51, 0x7E, 0xCF, - 0x40, 0x1B, 0x50, 0x28, 0x9B, 0xF0, 0x14, 0x10, 0x32, 0x88, 0x52, 0x7A, - 0x9B, 0x41, 0x6A, 0x10, 0x5E, 0x80, 0x26, 0x0B, 0x54, 0x9F, 0xDC, 0x1B, - 0x92, 0xC0, 0x3B, - /* order */ - 0x00, 0x00, 0x01, 0x01, 0xD5, 0x56, 0x57, 0x2A, 0xAB, 0xAC, 0x80, 0x01, - 0x01, 0xD5, 0x56, 0x57, 0x2A, 0xAB, 0xAC, 0x80, 0x01, 0x02, 0x2D, 0x5C, - 0x91, 0xDD, 0x17, 0x3F, 0x8F, 0xB5, 0x61, 0xDA, 0x68, 0x99, 0x16, 0x44, - 0x43, 0x05, 0x1D - } -}; - -static const struct { - EC_CURVE_DATA h; - unsigned char data[20 + 45 * 6]; -} _EC_X9_62_CHAR2_359V1 = { - { - NID_X9_62_characteristic_two_field, 20, 45, 0x4C - }, - { - /* seed */ - 0x2B, 0x35, 0x49, 0x20, 0xB7, 0x24, 0xD6, 0x96, 0xE6, 0x76, 0x87, 0x56, - 0x15, 0x17, 0x58, 0x5B, 0xA1, 0x33, 0x2D, 0xC6, - /* p */ - 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, - /* a */ - 0x56, 0x67, 0x67, 0x6A, 0x65, 0x4B, 0x20, 0x75, 0x4F, 0x35, 0x6E, 0xA9, - 0x20, 0x17, 0xD9, 0x46, 0x56, 0x7C, 0x46, 0x67, 0x55, 0x56, 0xF1, 0x95, - 0x56, 0xA0, 0x46, 0x16, 0xB5, 0x67, 0xD2, 0x23, 0xA5, 0xE0, 0x56, 0x56, - 0xFB, 0x54, 0x90, 0x16, 0xA9, 0x66, 0x56, 0xA5, 0x57, - /* b */ - 0x24, 0x72, 0xE2, 0xD0, 0x19, 0x7C, 0x49, 0x36, 0x3F, 0x1F, 0xE7, 0xF5, - 0xB6, 0xDB, 0x07, 0x5D, 0x52, 0xB6, 0x94, 0x7D, 0x13, 0x5D, 0x8C, 0xA4, - 0x45, 0x80, 0x5D, 0x39, 0xBC, 0x34, 0x56, 0x26, 0x08, 0x96, 0x87, 0x74, - 0x2B, 0x63, 0x29, 0xE7, 0x06, 0x80, 0x23, 0x19, 0x88, - /* x */ - 0x3C, 0x25, 0x8E, 0xF3, 0x04, 0x77, 0x67, 0xE7, 0xED, 0xE0, 0xF1, 0xFD, - 0xAA, 0x79, 0xDA, 0xEE, 0x38, 0x41, 0x36, 0x6A, 0x13, 0x2E, 0x16, 0x3A, - 0xCE, 0xD4, 0xED, 0x24, 0x01, 0xDF, 0x9C, 0x6B, 0xDC, 0xDE, 0x98, 0xE8, - 0xE7, 0x07, 0xC0, 0x7A, 0x22, 0x39, 0xB1, 0xB0, 0x97, - /* y */ - 0x53, 0xD7, 0xE0, 0x85, 0x29, 0x54, 0x70, 0x48, 0x12, 0x1E, 0x9C, 0x95, - 0xF3, 0x79, 0x1D, 0xD8, 0x04, 0x96, 0x39, 0x48, 0xF3, 0x4F, 0xAE, 0x7B, - 0xF4, 0x4E, 0xA8, 0x23, 0x65, 0xDC, 0x78, 0x68, 0xFE, 0x57, 0xE4, 0xAE, - 0x2D, 0xE2, 0x11, 0x30, 0x5A, 0x40, 0x71, 0x04, 0xBD, - /* order */ - 0x01, 0xAF, 0x28, 0x6B, 0xCA, 0x1A, 0xF2, 0x86, 0xBC, 0xA1, 0xAF, 0x28, - 0x6B, 0xCA, 0x1A, 0xF2, 0x86, 0xBC, 0xA1, 0xAF, 0x28, 0x6B, 0xC9, 0xFB, - 0x8F, 0x6B, 0x85, 0xC5, 0x56, 0x89, 0x2C, 0x20, 0xA7, 0xEB, 0x96, 0x4F, - 0xE7, 0x71, 0x9E, 0x74, 0xF4, 0x90, 0x75, 0x8D, 0x3B - } -}; - -static const struct { - EC_CURVE_DATA h; - unsigned char data[0 + 47 * 6]; -} _EC_X9_62_CHAR2_368W1 = { - { - NID_X9_62_characteristic_two_field, 0, 47, 0xFF70 - }, - { - /* no seed */ - /* p */ - 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x07, - /* a */ - 0x00, 0xE0, 0xD2, 0xEE, 0x25, 0x09, 0x52, 0x06, 0xF5, 0xE2, 0xA4, 0xF9, - 0xED, 0x22, 0x9F, 0x1F, 0x25, 0x6E, 0x79, 0xA0, 0xE2, 0xB4, 0x55, 0x97, - 0x0D, 0x8D, 0x0D, 0x86, 0x5B, 0xD9, 0x47, 0x78, 0xC5, 0x76, 0xD6, 0x2F, - 0x0A, 0xB7, 0x51, 0x9C, 0xCD, 0x2A, 0x1A, 0x90, 0x6A, 0xE3, 0x0D, - /* b */ - 0x00, 0xFC, 0x12, 0x17, 0xD4, 0x32, 0x0A, 0x90, 0x45, 0x2C, 0x76, 0x0A, - 0x58, 0xED, 0xCD, 0x30, 0xC8, 0xDD, 0x06, 0x9B, 0x3C, 0x34, 0x45, 0x38, - 0x37, 0xA3, 0x4E, 0xD5, 0x0C, 0xB5, 0x49, 0x17, 0xE1, 0xC2, 0x11, 0x2D, - 0x84, 0xD1, 0x64, 0xF4, 0x44, 0xF8, 0xF7, 0x47, 0x86, 0x04, 0x6A, - /* x */ - 0x00, 0x10, 0x85, 0xE2, 0x75, 0x53, 0x81, 0xDC, 0xCC, 0xE3, 0xC1, 0x55, - 0x7A, 0xFA, 0x10, 0xC2, 0xF0, 0xC0, 0xC2, 0x82, 0x56, 0x46, 0xC5, 0xB3, - 0x4A, 0x39, 0x4C, 0xBC, 0xFA, 0x8B, 0xC1, 0x6B, 0x22, 0xE7, 0xE7, 0x89, - 0xE9, 0x27, 0xBE, 0x21, 0x6F, 0x02, 0xE1, 0xFB, 0x13, 0x6A, 0x5F, - /* y */ - 0x00, 0x7B, 0x3E, 0xB1, 0xBD, 0xDC, 0xBA, 0x62, 0xD5, 0xD8, 0xB2, 0x05, - 0x9B, 0x52, 0x57, 0x97, 0xFC, 0x73, 0x82, 0x2C, 0x59, 0x05, 0x9C, 0x62, - 0x3A, 0x45, 0xFF, 0x38, 0x43, 0xCE, 0xE8, 0xF8, 0x7C, 0xD1, 0x85, 0x5A, - 0xDA, 0xA8, 0x1E, 0x2A, 0x07, 0x50, 0xB8, 0x0F, 0xDA, 0x23, 0x10, - /* order */ - 0x00, 0x00, 0x01, 0x00, 0x90, 0x51, 0x2D, 0xA9, 0xAF, 0x72, 0xB0, 0x83, - 0x49, 0xD9, 0x8A, 0x5D, 0xD4, 0xC7, 0xB0, 0x53, 0x2E, 0xCA, 0x51, 0xCE, - 0x03, 0xE2, 0xD1, 0x0F, 0x3B, 0x7A, 0xC5, 0x79, 0xBD, 0x87, 0xE9, 0x09, - 0xAE, 0x40, 0xA6, 0xF1, 0x31, 0xE9, 0xCF, 0xCE, 0x5B, 0xD9, 0x67 - } -}; - -static const struct { - EC_CURVE_DATA h; - unsigned char data[0 + 54 * 6]; -} _EC_X9_62_CHAR2_431R1 = { - { - NID_X9_62_characteristic_two_field, 0, 54, 0x2760 - }, - { - /* no seed */ - /* p */ - 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, - /* a */ - 0x1A, 0x82, 0x7E, 0xF0, 0x0D, 0xD6, 0xFC, 0x0E, 0x23, 0x4C, 0xAF, 0x04, - 0x6C, 0x6A, 0x5D, 0x8A, 0x85, 0x39, 0x5B, 0x23, 0x6C, 0xC4, 0xAD, 0x2C, - 0xF3, 0x2A, 0x0C, 0xAD, 0xBD, 0xC9, 0xDD, 0xF6, 0x20, 0xB0, 0xEB, 0x99, - 0x06, 0xD0, 0x95, 0x7F, 0x6C, 0x6F, 0xEA, 0xCD, 0x61, 0x54, 0x68, 0xDF, - 0x10, 0x4D, 0xE2, 0x96, 0xCD, 0x8F, - /* b */ - 0x10, 0xD9, 0xB4, 0xA3, 0xD9, 0x04, 0x7D, 0x8B, 0x15, 0x43, 0x59, 0xAB, - 0xFB, 0x1B, 0x7F, 0x54, 0x85, 0xB0, 0x4C, 0xEB, 0x86, 0x82, 0x37, 0xDD, - 0xC9, 0xDE, 0xDA, 0x98, 0x2A, 0x67, 0x9A, 0x5A, 0x91, 0x9B, 0x62, 0x6D, - 0x4E, 0x50, 0xA8, 0xDD, 0x73, 0x1B, 0x10, 0x7A, 0x99, 0x62, 0x38, 0x1F, - 0xB5, 0xD8, 0x07, 0xBF, 0x26, 0x18, - /* x */ - 0x12, 0x0F, 0xC0, 0x5D, 0x3C, 0x67, 0xA9, 0x9D, 0xE1, 0x61, 0xD2, 0xF4, - 0x09, 0x26, 0x22, 0xFE, 0xCA, 0x70, 0x1B, 0xE4, 0xF5, 0x0F, 0x47, 0x58, - 0x71, 0x4E, 0x8A, 0x87, 0xBB, 0xF2, 0xA6, 0x58, 0xEF, 0x8C, 0x21, 0xE7, - 0xC5, 0xEF, 0xE9, 0x65, 0x36, 0x1F, 0x6C, 0x29, 0x99, 0xC0, 0xC2, 0x47, - 0xB0, 0xDB, 0xD7, 0x0C, 0xE6, 0xB7, - /* y */ - 0x20, 0xD0, 0xAF, 0x89, 0x03, 0xA9, 0x6F, 0x8D, 0x5F, 0xA2, 0xC2, 0x55, - 0x74, 0x5D, 0x3C, 0x45, 0x1B, 0x30, 0x2C, 0x93, 0x46, 0xD9, 0xB7, 0xE4, - 0x85, 0xE7, 0xBC, 0xE4, 0x1F, 0x6B, 0x59, 0x1F, 0x3E, 0x8F, 0x6A, 0xDD, - 0xCB, 0xB0, 0xBC, 0x4C, 0x2F, 0x94, 0x7A, 0x7D, 0xE1, 0xA8, 0x9B, 0x62, - 0x5D, 0x6A, 0x59, 0x8B, 0x37, 0x60, - /* order */ - 0x00, 0x03, 0x40, 0x34, 0x03, 0x40, 0x34, 0x03, 0x40, 0x34, 0x03, 0x40, - 0x34, 0x03, 0x40, 0x34, 0x03, 0x40, 0x34, 0x03, 0x40, 0x34, 0x03, 0x40, - 0x34, 0x03, 0x40, 0x34, 0x03, 0x23, 0xC3, 0x13, 0xFA, 0xB5, 0x05, 0x89, - 0x70, 0x3B, 0x5E, 0xC6, 0x8D, 0x35, 0x87, 0xFE, 0xC6, 0x0D, 0x16, 0x1C, - 0xC1, 0x49, 0xC1, 0xAD, 0x4A, 0x91 - } -}; - -static const struct { - EC_CURVE_DATA h; - unsigned char data[0 + 15 * 6]; -} _EC_WTLS_1 = { - { - NID_X9_62_characteristic_two_field, 0, 15, 2 - }, - { - /* no seed */ - /* p */ - 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x02, 0x01, - /* a */ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x01, - /* b */ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x01, - /* x */ - 0x01, 0x66, 0x79, 0x79, 0xA4, 0x0B, 0xA4, 0x97, 0xE5, 0xD5, 0xC2, 0x70, - 0x78, 0x06, 0x17, - /* y */ - 0x00, 0xF4, 0x4B, 0x4A, 0xF1, 0xEC, 0xC2, 0x63, 0x0E, 0x08, 0x78, 0x5C, - 0xEB, 0xCC, 0x15, - /* order */ - 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFD, 0xBF, 0x91, 0xAF, - 0x6D, 0xEA, 0x73 - } -}; - -/* IPSec curves */ -/* - * NOTE: The of curves over a extension field of non prime degree is not - * recommended (Weil-descent). As the group order is not a prime this curve - * is not suitable for ECDSA. - */ -static const struct { - EC_CURVE_DATA h; - unsigned char data[0 + 20 * 6]; -} _EC_IPSEC_155_ID3 = { - { - NID_X9_62_characteristic_two_field, 0, 20, 3 - }, - { - /* no seed */ - /* p */ - 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x40, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, - /* a */ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - /* b */ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x07, 0x33, 0x8f, - /* x */ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x7b, - /* y */ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xc8, - /* order */ - 0x02, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xC7, 0xF3, - 0xC7, 0x88, 0x1B, 0xD0, 0x86, 0x8F, 0xA8, 0x6C - } -}; - -/* - * NOTE: The of curves over a extension field of non prime degree is not - * recommended (Weil-descent). As the group order is not a prime this curve - * is not suitable for ECDSA. - */ -static const struct { - EC_CURVE_DATA h; - unsigned char data[0 + 24 * 6]; -} _EC_IPSEC_185_ID4 = { - { - NID_X9_62_characteristic_two_field, 0, 24, 2 - }, - { - /* no seed */ - /* p */ - 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, - /* a */ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - /* b */ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x1e, 0xe9, - /* x */ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x18, - /* y */ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0d, - /* order */ - 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xED, 0xF9, 0x7C, 0x44, 0xDB, 0x9F, 0x24, 0x20, 0xBA, 0xFC, 0xA7, 0x5E - } -}; -# endif /* FIPS_MODULE */ -#endif /* OPENSSL_NO_EC2M */ - -/* - * These curves were added by Annie Yousar. - * For the definition of RFC 5639 curves see - * http://www.ietf.org/rfc/rfc5639.txt These curves are generated verifiable - * at random, nevertheless the seed is omitted as parameter because the - * generation mechanism is different from those defined in ANSI X9.62. - */ - -#ifndef FIPS_MODULE -static const struct { - EC_CURVE_DATA h; - unsigned char data[0 + 20 * 6]; -} _EC_brainpoolP160r1 = { - { - NID_X9_62_prime_field, 0, 20, 1 - }, - { - /* no seed */ - /* p */ - 0xE9, 0x5E, 0x4A, 0x5F, 0x73, 0x70, 0x59, 0xDC, 0x60, 0xDF, 0xC7, 0xAD, - 0x95, 0xB3, 0xD8, 0x13, 0x95, 0x15, 0x62, 0x0F, - /* a */ - 0x34, 0x0E, 0x7B, 0xE2, 0xA2, 0x80, 0xEB, 0x74, 0xE2, 0xBE, 0x61, 0xBA, - 0xDA, 0x74, 0x5D, 0x97, 0xE8, 0xF7, 0xC3, 0x00, - /* b */ - 0x1E, 0x58, 0x9A, 0x85, 0x95, 0x42, 0x34, 0x12, 0x13, 0x4F, 0xAA, 0x2D, - 0xBD, 0xEC, 0x95, 0xC8, 0xD8, 0x67, 0x5E, 0x58, - /* x */ - 0xBE, 0xD5, 0xAF, 0x16, 0xEA, 0x3F, 0x6A, 0x4F, 0x62, 0x93, 0x8C, 0x46, - 0x31, 0xEB, 0x5A, 0xF7, 0xBD, 0xBC, 0xDB, 0xC3, - /* y */ - 0x16, 0x67, 0xCB, 0x47, 0x7A, 0x1A, 0x8E, 0xC3, 0x38, 0xF9, 0x47, 0x41, - 0x66, 0x9C, 0x97, 0x63, 0x16, 0xDA, 0x63, 0x21, - /* order */ - 0xE9, 0x5E, 0x4A, 0x5F, 0x73, 0x70, 0x59, 0xDC, 0x60, 0xDF, 0x59, 0x91, - 0xD4, 0x50, 0x29, 0x40, 0x9E, 0x60, 0xFC, 0x09 - } -}; - -static const struct { - EC_CURVE_DATA h; - unsigned char data[0 + 20 * 6]; -} _EC_brainpoolP160t1 = { - { - NID_X9_62_prime_field, 0, 20, 1 - }, - { - /* no seed */ - /* p */ - 0xE9, 0x5E, 0x4A, 0x5F, 0x73, 0x70, 0x59, 0xDC, 0x60, 0xDF, 0xC7, 0xAD, - 0x95, 0xB3, 0xD8, 0x13, 0x95, 0x15, 0x62, 0x0F, - /* a */ - 0xE9, 0x5E, 0x4A, 0x5F, 0x73, 0x70, 0x59, 0xDC, 0x60, 0xDF, 0xC7, 0xAD, - 0x95, 0xB3, 0xD8, 0x13, 0x95, 0x15, 0x62, 0x0C, - /* b */ - 0x7A, 0x55, 0x6B, 0x6D, 0xAE, 0x53, 0x5B, 0x7B, 0x51, 0xED, 0x2C, 0x4D, - 0x7D, 0xAA, 0x7A, 0x0B, 0x5C, 0x55, 0xF3, 0x80, - /* x */ - 0xB1, 0x99, 0xB1, 0x3B, 0x9B, 0x34, 0xEF, 0xC1, 0x39, 0x7E, 0x64, 0xBA, - 0xEB, 0x05, 0xAC, 0xC2, 0x65, 0xFF, 0x23, 0x78, - /* y */ - 0xAD, 0xD6, 0x71, 0x8B, 0x7C, 0x7C, 0x19, 0x61, 0xF0, 0x99, 0x1B, 0x84, - 0x24, 0x43, 0x77, 0x21, 0x52, 0xC9, 0xE0, 0xAD, - /* order */ - 0xE9, 0x5E, 0x4A, 0x5F, 0x73, 0x70, 0x59, 0xDC, 0x60, 0xDF, 0x59, 0x91, - 0xD4, 0x50, 0x29, 0x40, 0x9E, 0x60, 0xFC, 0x09 - } -}; - -static const struct { - EC_CURVE_DATA h; - unsigned char data[0 + 24 * 6]; -} _EC_brainpoolP192r1 = { - { - NID_X9_62_prime_field, 0, 24, 1 - }, - { - /* no seed */ - /* p */ - 0xC3, 0x02, 0xF4, 0x1D, 0x93, 0x2A, 0x36, 0xCD, 0xA7, 0xA3, 0x46, 0x30, - 0x93, 0xD1, 0x8D, 0xB7, 0x8F, 0xCE, 0x47, 0x6D, 0xE1, 0xA8, 0x62, 0x97, - /* a */ - 0x6A, 0x91, 0x17, 0x40, 0x76, 0xB1, 0xE0, 0xE1, 0x9C, 0x39, 0xC0, 0x31, - 0xFE, 0x86, 0x85, 0xC1, 0xCA, 0xE0, 0x40, 0xE5, 0xC6, 0x9A, 0x28, 0xEF, - /* b */ - 0x46, 0x9A, 0x28, 0xEF, 0x7C, 0x28, 0xCC, 0xA3, 0xDC, 0x72, 0x1D, 0x04, - 0x4F, 0x44, 0x96, 0xBC, 0xCA, 0x7E, 0xF4, 0x14, 0x6F, 0xBF, 0x25, 0xC9, - /* x */ - 0xC0, 0xA0, 0x64, 0x7E, 0xAA, 0xB6, 0xA4, 0x87, 0x53, 0xB0, 0x33, 0xC5, - 0x6C, 0xB0, 0xF0, 0x90, 0x0A, 0x2F, 0x5C, 0x48, 0x53, 0x37, 0x5F, 0xD6, - /* y */ - 0x14, 0xB6, 0x90, 0x86, 0x6A, 0xBD, 0x5B, 0xB8, 0x8B, 0x5F, 0x48, 0x28, - 0xC1, 0x49, 0x00, 0x02, 0xE6, 0x77, 0x3F, 0xA2, 0xFA, 0x29, 0x9B, 0x8F, - /* order */ - 0xC3, 0x02, 0xF4, 0x1D, 0x93, 0x2A, 0x36, 0xCD, 0xA7, 0xA3, 0x46, 0x2F, - 0x9E, 0x9E, 0x91, 0x6B, 0x5B, 0xE8, 0xF1, 0x02, 0x9A, 0xC4, 0xAC, 0xC1 - } -}; - -static const struct { - EC_CURVE_DATA h; - unsigned char data[0 + 24 * 6]; -} _EC_brainpoolP192t1 = { - { - NID_X9_62_prime_field, 0, 24, 1 - }, - { - /* no seed */ - /* p */ - 0xC3, 0x02, 0xF4, 0x1D, 0x93, 0x2A, 0x36, 0xCD, 0xA7, 0xA3, 0x46, 0x30, - 0x93, 0xD1, 0x8D, 0xB7, 0x8F, 0xCE, 0x47, 0x6D, 0xE1, 0xA8, 0x62, 0x97, - /* a */ - 0xC3, 0x02, 0xF4, 0x1D, 0x93, 0x2A, 0x36, 0xCD, 0xA7, 0xA3, 0x46, 0x30, - 0x93, 0xD1, 0x8D, 0xB7, 0x8F, 0xCE, 0x47, 0x6D, 0xE1, 0xA8, 0x62, 0x94, - /* b */ - 0x13, 0xD5, 0x6F, 0xFA, 0xEC, 0x78, 0x68, 0x1E, 0x68, 0xF9, 0xDE, 0xB4, - 0x3B, 0x35, 0xBE, 0xC2, 0xFB, 0x68, 0x54, 0x2E, 0x27, 0x89, 0x7B, 0x79, - /* x */ - 0x3A, 0xE9, 0xE5, 0x8C, 0x82, 0xF6, 0x3C, 0x30, 0x28, 0x2E, 0x1F, 0xE7, - 0xBB, 0xF4, 0x3F, 0xA7, 0x2C, 0x44, 0x6A, 0xF6, 0xF4, 0x61, 0x81, 0x29, - /* y */ - 0x09, 0x7E, 0x2C, 0x56, 0x67, 0xC2, 0x22, 0x3A, 0x90, 0x2A, 0xB5, 0xCA, - 0x44, 0x9D, 0x00, 0x84, 0xB7, 0xE5, 0xB3, 0xDE, 0x7C, 0xCC, 0x01, 0xC9, - /* order */ - 0xC3, 0x02, 0xF4, 0x1D, 0x93, 0x2A, 0x36, 0xCD, 0xA7, 0xA3, 0x46, 0x2F, - 0x9E, 0x9E, 0x91, 0x6B, 0x5B, 0xE8, 0xF1, 0x02, 0x9A, 0xC4, 0xAC, 0xC1 - } -}; - -static const struct { - EC_CURVE_DATA h; - unsigned char data[0 + 28 * 6]; -} _EC_brainpoolP224r1 = { - { - NID_X9_62_prime_field, 0, 28, 1 - }, - { - /* no seed */ - /* p */ - 0xD7, 0xC1, 0x34, 0xAA, 0x26, 0x43, 0x66, 0x86, 0x2A, 0x18, 0x30, 0x25, - 0x75, 0xD1, 0xD7, 0x87, 0xB0, 0x9F, 0x07, 0x57, 0x97, 0xDA, 0x89, 0xF5, - 0x7E, 0xC8, 0xC0, 0xFF, - /* a */ - 0x68, 0xA5, 0xE6, 0x2C, 0xA9, 0xCE, 0x6C, 0x1C, 0x29, 0x98, 0x03, 0xA6, - 0xC1, 0x53, 0x0B, 0x51, 0x4E, 0x18, 0x2A, 0xD8, 0xB0, 0x04, 0x2A, 0x59, - 0xCA, 0xD2, 0x9F, 0x43, - /* b */ - 0x25, 0x80, 0xF6, 0x3C, 0xCF, 0xE4, 0x41, 0x38, 0x87, 0x07, 0x13, 0xB1, - 0xA9, 0x23, 0x69, 0xE3, 0x3E, 0x21, 0x35, 0xD2, 0x66, 0xDB, 0xB3, 0x72, - 0x38, 0x6C, 0x40, 0x0B, - /* x */ - 0x0D, 0x90, 0x29, 0xAD, 0x2C, 0x7E, 0x5C, 0xF4, 0x34, 0x08, 0x23, 0xB2, - 0xA8, 0x7D, 0xC6, 0x8C, 0x9E, 0x4C, 0xE3, 0x17, 0x4C, 0x1E, 0x6E, 0xFD, - 0xEE, 0x12, 0xC0, 0x7D, - /* y */ - 0x58, 0xAA, 0x56, 0xF7, 0x72, 0xC0, 0x72, 0x6F, 0x24, 0xC6, 0xB8, 0x9E, - 0x4E, 0xCD, 0xAC, 0x24, 0x35, 0x4B, 0x9E, 0x99, 0xCA, 0xA3, 0xF6, 0xD3, - 0x76, 0x14, 0x02, 0xCD, - /* order */ - 0xD7, 0xC1, 0x34, 0xAA, 0x26, 0x43, 0x66, 0x86, 0x2A, 0x18, 0x30, 0x25, - 0x75, 0xD0, 0xFB, 0x98, 0xD1, 0x16, 0xBC, 0x4B, 0x6D, 0xDE, 0xBC, 0xA3, - 0xA5, 0xA7, 0x93, 0x9F - } -}; - -static const struct { - EC_CURVE_DATA h; - unsigned char data[0 + 28 * 6]; -} _EC_brainpoolP224t1 = { - { - NID_X9_62_prime_field, 0, 28, 1 - }, - { - /* no seed */ - /* p */ - 0xD7, 0xC1, 0x34, 0xAA, 0x26, 0x43, 0x66, 0x86, 0x2A, 0x18, 0x30, 0x25, - 0x75, 0xD1, 0xD7, 0x87, 0xB0, 0x9F, 0x07, 0x57, 0x97, 0xDA, 0x89, 0xF5, - 0x7E, 0xC8, 0xC0, 0xFF, - /* a */ - 0xD7, 0xC1, 0x34, 0xAA, 0x26, 0x43, 0x66, 0x86, 0x2A, 0x18, 0x30, 0x25, - 0x75, 0xD1, 0xD7, 0x87, 0xB0, 0x9F, 0x07, 0x57, 0x97, 0xDA, 0x89, 0xF5, - 0x7E, 0xC8, 0xC0, 0xFC, - /* b */ - 0x4B, 0x33, 0x7D, 0x93, 0x41, 0x04, 0xCD, 0x7B, 0xEF, 0x27, 0x1B, 0xF6, - 0x0C, 0xED, 0x1E, 0xD2, 0x0D, 0xA1, 0x4C, 0x08, 0xB3, 0xBB, 0x64, 0xF1, - 0x8A, 0x60, 0x88, 0x8D, - /* x */ - 0x6A, 0xB1, 0xE3, 0x44, 0xCE, 0x25, 0xFF, 0x38, 0x96, 0x42, 0x4E, 0x7F, - 0xFE, 0x14, 0x76, 0x2E, 0xCB, 0x49, 0xF8, 0x92, 0x8A, 0xC0, 0xC7, 0x60, - 0x29, 0xB4, 0xD5, 0x80, - /* y */ - 0x03, 0x74, 0xE9, 0xF5, 0x14, 0x3E, 0x56, 0x8C, 0xD2, 0x3F, 0x3F, 0x4D, - 0x7C, 0x0D, 0x4B, 0x1E, 0x41, 0xC8, 0xCC, 0x0D, 0x1C, 0x6A, 0xBD, 0x5F, - 0x1A, 0x46, 0xDB, 0x4C, - /* order */ - 0xD7, 0xC1, 0x34, 0xAA, 0x26, 0x43, 0x66, 0x86, 0x2A, 0x18, 0x30, 0x25, - 0x75, 0xD0, 0xFB, 0x98, 0xD1, 0x16, 0xBC, 0x4B, 0x6D, 0xDE, 0xBC, 0xA3, - 0xA5, 0xA7, 0x93, 0x9F - } -}; - -static const struct { - EC_CURVE_DATA h; - unsigned char data[0 + 32 * 6]; -} _EC_brainpoolP256r1 = { - { - NID_X9_62_prime_field, 0, 32, 1 - }, - { - /* no seed */ - /* p */ - 0xA9, 0xFB, 0x57, 0xDB, 0xA1, 0xEE, 0xA9, 0xBC, 0x3E, 0x66, 0x0A, 0x90, - 0x9D, 0x83, 0x8D, 0x72, 0x6E, 0x3B, 0xF6, 0x23, 0xD5, 0x26, 0x20, 0x28, - 0x20, 0x13, 0x48, 0x1D, 0x1F, 0x6E, 0x53, 0x77, - /* a */ - 0x7D, 0x5A, 0x09, 0x75, 0xFC, 0x2C, 0x30, 0x57, 0xEE, 0xF6, 0x75, 0x30, - 0x41, 0x7A, 0xFF, 0xE7, 0xFB, 0x80, 0x55, 0xC1, 0x26, 0xDC, 0x5C, 0x6C, - 0xE9, 0x4A, 0x4B, 0x44, 0xF3, 0x30, 0xB5, 0xD9, - /* b */ - 0x26, 0xDC, 0x5C, 0x6C, 0xE9, 0x4A, 0x4B, 0x44, 0xF3, 0x30, 0xB5, 0xD9, - 0xBB, 0xD7, 0x7C, 0xBF, 0x95, 0x84, 0x16, 0x29, 0x5C, 0xF7, 0xE1, 0xCE, - 0x6B, 0xCC, 0xDC, 0x18, 0xFF, 0x8C, 0x07, 0xB6, - /* x */ - 0x8B, 0xD2, 0xAE, 0xB9, 0xCB, 0x7E, 0x57, 0xCB, 0x2C, 0x4B, 0x48, 0x2F, - 0xFC, 0x81, 0xB7, 0xAF, 0xB9, 0xDE, 0x27, 0xE1, 0xE3, 0xBD, 0x23, 0xC2, - 0x3A, 0x44, 0x53, 0xBD, 0x9A, 0xCE, 0x32, 0x62, - /* y */ - 0x54, 0x7E, 0xF8, 0x35, 0xC3, 0xDA, 0xC4, 0xFD, 0x97, 0xF8, 0x46, 0x1A, - 0x14, 0x61, 0x1D, 0xC9, 0xC2, 0x77, 0x45, 0x13, 0x2D, 0xED, 0x8E, 0x54, - 0x5C, 0x1D, 0x54, 0xC7, 0x2F, 0x04, 0x69, 0x97, - /* order */ - 0xA9, 0xFB, 0x57, 0xDB, 0xA1, 0xEE, 0xA9, 0xBC, 0x3E, 0x66, 0x0A, 0x90, - 0x9D, 0x83, 0x8D, 0x71, 0x8C, 0x39, 0x7A, 0xA3, 0xB5, 0x61, 0xA6, 0xF7, - 0x90, 0x1E, 0x0E, 0x82, 0x97, 0x48, 0x56, 0xA7 - } -}; - -static const struct { - EC_CURVE_DATA h; - unsigned char data[0 + 32 * 6]; -} _EC_brainpoolP256t1 = { - { - NID_X9_62_prime_field, 0, 32, 1 - }, - { - /* no seed */ - /* p */ - 0xA9, 0xFB, 0x57, 0xDB, 0xA1, 0xEE, 0xA9, 0xBC, 0x3E, 0x66, 0x0A, 0x90, - 0x9D, 0x83, 0x8D, 0x72, 0x6E, 0x3B, 0xF6, 0x23, 0xD5, 0x26, 0x20, 0x28, - 0x20, 0x13, 0x48, 0x1D, 0x1F, 0x6E, 0x53, 0x77, - /* a */ - 0xA9, 0xFB, 0x57, 0xDB, 0xA1, 0xEE, 0xA9, 0xBC, 0x3E, 0x66, 0x0A, 0x90, - 0x9D, 0x83, 0x8D, 0x72, 0x6E, 0x3B, 0xF6, 0x23, 0xD5, 0x26, 0x20, 0x28, - 0x20, 0x13, 0x48, 0x1D, 0x1F, 0x6E, 0x53, 0x74, - /* b */ - 0x66, 0x2C, 0x61, 0xC4, 0x30, 0xD8, 0x4E, 0xA4, 0xFE, 0x66, 0xA7, 0x73, - 0x3D, 0x0B, 0x76, 0xB7, 0xBF, 0x93, 0xEB, 0xC4, 0xAF, 0x2F, 0x49, 0x25, - 0x6A, 0xE5, 0x81, 0x01, 0xFE, 0xE9, 0x2B, 0x04, - /* x */ - 0xA3, 0xE8, 0xEB, 0x3C, 0xC1, 0xCF, 0xE7, 0xB7, 0x73, 0x22, 0x13, 0xB2, - 0x3A, 0x65, 0x61, 0x49, 0xAF, 0xA1, 0x42, 0xC4, 0x7A, 0xAF, 0xBC, 0x2B, - 0x79, 0xA1, 0x91, 0x56, 0x2E, 0x13, 0x05, 0xF4, - /* y */ - 0x2D, 0x99, 0x6C, 0x82, 0x34, 0x39, 0xC5, 0x6D, 0x7F, 0x7B, 0x22, 0xE1, - 0x46, 0x44, 0x41, 0x7E, 0x69, 0xBC, 0xB6, 0xDE, 0x39, 0xD0, 0x27, 0x00, - 0x1D, 0xAB, 0xE8, 0xF3, 0x5B, 0x25, 0xC9, 0xBE, - /* order */ - 0xA9, 0xFB, 0x57, 0xDB, 0xA1, 0xEE, 0xA9, 0xBC, 0x3E, 0x66, 0x0A, 0x90, - 0x9D, 0x83, 0x8D, 0x71, 0x8C, 0x39, 0x7A, 0xA3, 0xB5, 0x61, 0xA6, 0xF7, - 0x90, 0x1E, 0x0E, 0x82, 0x97, 0x48, 0x56, 0xA7 - } -}; - -static const struct { - EC_CURVE_DATA h; - unsigned char data[0 + 40 * 6]; -} _EC_brainpoolP320r1 = { - { - NID_X9_62_prime_field, 0, 40, 1 - }, - { - /* no seed */ - /* p */ - 0xD3, 0x5E, 0x47, 0x20, 0x36, 0xBC, 0x4F, 0xB7, 0xE1, 0x3C, 0x78, 0x5E, - 0xD2, 0x01, 0xE0, 0x65, 0xF9, 0x8F, 0xCF, 0xA6, 0xF6, 0xF4, 0x0D, 0xEF, - 0x4F, 0x92, 0xB9, 0xEC, 0x78, 0x93, 0xEC, 0x28, 0xFC, 0xD4, 0x12, 0xB1, - 0xF1, 0xB3, 0x2E, 0x27, - /* a */ - 0x3E, 0xE3, 0x0B, 0x56, 0x8F, 0xBA, 0xB0, 0xF8, 0x83, 0xCC, 0xEB, 0xD4, - 0x6D, 0x3F, 0x3B, 0xB8, 0xA2, 0xA7, 0x35, 0x13, 0xF5, 0xEB, 0x79, 0xDA, - 0x66, 0x19, 0x0E, 0xB0, 0x85, 0xFF, 0xA9, 0xF4, 0x92, 0xF3, 0x75, 0xA9, - 0x7D, 0x86, 0x0E, 0xB4, - /* b */ - 0x52, 0x08, 0x83, 0x94, 0x9D, 0xFD, 0xBC, 0x42, 0xD3, 0xAD, 0x19, 0x86, - 0x40, 0x68, 0x8A, 0x6F, 0xE1, 0x3F, 0x41, 0x34, 0x95, 0x54, 0xB4, 0x9A, - 0xCC, 0x31, 0xDC, 0xCD, 0x88, 0x45, 0x39, 0x81, 0x6F, 0x5E, 0xB4, 0xAC, - 0x8F, 0xB1, 0xF1, 0xA6, - /* x */ - 0x43, 0xBD, 0x7E, 0x9A, 0xFB, 0x53, 0xD8, 0xB8, 0x52, 0x89, 0xBC, 0xC4, - 0x8E, 0xE5, 0xBF, 0xE6, 0xF2, 0x01, 0x37, 0xD1, 0x0A, 0x08, 0x7E, 0xB6, - 0xE7, 0x87, 0x1E, 0x2A, 0x10, 0xA5, 0x99, 0xC7, 0x10, 0xAF, 0x8D, 0x0D, - 0x39, 0xE2, 0x06, 0x11, - /* y */ - 0x14, 0xFD, 0xD0, 0x55, 0x45, 0xEC, 0x1C, 0xC8, 0xAB, 0x40, 0x93, 0x24, - 0x7F, 0x77, 0x27, 0x5E, 0x07, 0x43, 0xFF, 0xED, 0x11, 0x71, 0x82, 0xEA, - 0xA9, 0xC7, 0x78, 0x77, 0xAA, 0xAC, 0x6A, 0xC7, 0xD3, 0x52, 0x45, 0xD1, - 0x69, 0x2E, 0x8E, 0xE1, - /* order */ - 0xD3, 0x5E, 0x47, 0x20, 0x36, 0xBC, 0x4F, 0xB7, 0xE1, 0x3C, 0x78, 0x5E, - 0xD2, 0x01, 0xE0, 0x65, 0xF9, 0x8F, 0xCF, 0xA5, 0xB6, 0x8F, 0x12, 0xA3, - 0x2D, 0x48, 0x2E, 0xC7, 0xEE, 0x86, 0x58, 0xE9, 0x86, 0x91, 0x55, 0x5B, - 0x44, 0xC5, 0x93, 0x11 - } -}; - -static const struct { - EC_CURVE_DATA h; - unsigned char data[0 + 40 * 6]; -} _EC_brainpoolP320t1 = { - { - NID_X9_62_prime_field, 0, 40, 1 - }, - { - /* no seed */ - /* p */ - 0xD3, 0x5E, 0x47, 0x20, 0x36, 0xBC, 0x4F, 0xB7, 0xE1, 0x3C, 0x78, 0x5E, - 0xD2, 0x01, 0xE0, 0x65, 0xF9, 0x8F, 0xCF, 0xA6, 0xF6, 0xF4, 0x0D, 0xEF, - 0x4F, 0x92, 0xB9, 0xEC, 0x78, 0x93, 0xEC, 0x28, 0xFC, 0xD4, 0x12, 0xB1, - 0xF1, 0xB3, 0x2E, 0x27, - /* a */ - 0xD3, 0x5E, 0x47, 0x20, 0x36, 0xBC, 0x4F, 0xB7, 0xE1, 0x3C, 0x78, 0x5E, - 0xD2, 0x01, 0xE0, 0x65, 0xF9, 0x8F, 0xCF, 0xA6, 0xF6, 0xF4, 0x0D, 0xEF, - 0x4F, 0x92, 0xB9, 0xEC, 0x78, 0x93, 0xEC, 0x28, 0xFC, 0xD4, 0x12, 0xB1, - 0xF1, 0xB3, 0x2E, 0x24, - /* b */ - 0xA7, 0xF5, 0x61, 0xE0, 0x38, 0xEB, 0x1E, 0xD5, 0x60, 0xB3, 0xD1, 0x47, - 0xDB, 0x78, 0x20, 0x13, 0x06, 0x4C, 0x19, 0xF2, 0x7E, 0xD2, 0x7C, 0x67, - 0x80, 0xAA, 0xF7, 0x7F, 0xB8, 0xA5, 0x47, 0xCE, 0xB5, 0xB4, 0xFE, 0xF4, - 0x22, 0x34, 0x03, 0x53, - /* x */ - 0x92, 0x5B, 0xE9, 0xFB, 0x01, 0xAF, 0xC6, 0xFB, 0x4D, 0x3E, 0x7D, 0x49, - 0x90, 0x01, 0x0F, 0x81, 0x34, 0x08, 0xAB, 0x10, 0x6C, 0x4F, 0x09, 0xCB, - 0x7E, 0xE0, 0x78, 0x68, 0xCC, 0x13, 0x6F, 0xFF, 0x33, 0x57, 0xF6, 0x24, - 0xA2, 0x1B, 0xED, 0x52, - /* y */ - 0x63, 0xBA, 0x3A, 0x7A, 0x27, 0x48, 0x3E, 0xBF, 0x66, 0x71, 0xDB, 0xEF, - 0x7A, 0xBB, 0x30, 0xEB, 0xEE, 0x08, 0x4E, 0x58, 0xA0, 0xB0, 0x77, 0xAD, - 0x42, 0xA5, 0xA0, 0x98, 0x9D, 0x1E, 0xE7, 0x1B, 0x1B, 0x9B, 0xC0, 0x45, - 0x5F, 0xB0, 0xD2, 0xC3, - /* order */ - 0xD3, 0x5E, 0x47, 0x20, 0x36, 0xBC, 0x4F, 0xB7, 0xE1, 0x3C, 0x78, 0x5E, - 0xD2, 0x01, 0xE0, 0x65, 0xF9, 0x8F, 0xCF, 0xA5, 0xB6, 0x8F, 0x12, 0xA3, - 0x2D, 0x48, 0x2E, 0xC7, 0xEE, 0x86, 0x58, 0xE9, 0x86, 0x91, 0x55, 0x5B, - 0x44, 0xC5, 0x93, 0x11 - } -}; - -static const struct { - EC_CURVE_DATA h; - unsigned char data[0 + 48 * 6]; -} _EC_brainpoolP384r1 = { - { - NID_X9_62_prime_field, 0, 48, 1 - }, - { - /* no seed */ - /* p */ - 0x8C, 0xB9, 0x1E, 0x82, 0xA3, 0x38, 0x6D, 0x28, 0x0F, 0x5D, 0x6F, 0x7E, - 0x50, 0xE6, 0x41, 0xDF, 0x15, 0x2F, 0x71, 0x09, 0xED, 0x54, 0x56, 0xB4, - 0x12, 0xB1, 0xDA, 0x19, 0x7F, 0xB7, 0x11, 0x23, 0xAC, 0xD3, 0xA7, 0x29, - 0x90, 0x1D, 0x1A, 0x71, 0x87, 0x47, 0x00, 0x13, 0x31, 0x07, 0xEC, 0x53, - /* a */ - 0x7B, 0xC3, 0x82, 0xC6, 0x3D, 0x8C, 0x15, 0x0C, 0x3C, 0x72, 0x08, 0x0A, - 0xCE, 0x05, 0xAF, 0xA0, 0xC2, 0xBE, 0xA2, 0x8E, 0x4F, 0xB2, 0x27, 0x87, - 0x13, 0x91, 0x65, 0xEF, 0xBA, 0x91, 0xF9, 0x0F, 0x8A, 0xA5, 0x81, 0x4A, - 0x50, 0x3A, 0xD4, 0xEB, 0x04, 0xA8, 0xC7, 0xDD, 0x22, 0xCE, 0x28, 0x26, - /* b */ - 0x04, 0xA8, 0xC7, 0xDD, 0x22, 0xCE, 0x28, 0x26, 0x8B, 0x39, 0xB5, 0x54, - 0x16, 0xF0, 0x44, 0x7C, 0x2F, 0xB7, 0x7D, 0xE1, 0x07, 0xDC, 0xD2, 0xA6, - 0x2E, 0x88, 0x0E, 0xA5, 0x3E, 0xEB, 0x62, 0xD5, 0x7C, 0xB4, 0x39, 0x02, - 0x95, 0xDB, 0xC9, 0x94, 0x3A, 0xB7, 0x86, 0x96, 0xFA, 0x50, 0x4C, 0x11, - /* x */ - 0x1D, 0x1C, 0x64, 0xF0, 0x68, 0xCF, 0x45, 0xFF, 0xA2, 0xA6, 0x3A, 0x81, - 0xB7, 0xC1, 0x3F, 0x6B, 0x88, 0x47, 0xA3, 0xE7, 0x7E, 0xF1, 0x4F, 0xE3, - 0xDB, 0x7F, 0xCA, 0xFE, 0x0C, 0xBD, 0x10, 0xE8, 0xE8, 0x26, 0xE0, 0x34, - 0x36, 0xD6, 0x46, 0xAA, 0xEF, 0x87, 0xB2, 0xE2, 0x47, 0xD4, 0xAF, 0x1E, - /* y */ - 0x8A, 0xBE, 0x1D, 0x75, 0x20, 0xF9, 0xC2, 0xA4, 0x5C, 0xB1, 0xEB, 0x8E, - 0x95, 0xCF, 0xD5, 0x52, 0x62, 0xB7, 0x0B, 0x29, 0xFE, 0xEC, 0x58, 0x64, - 0xE1, 0x9C, 0x05, 0x4F, 0xF9, 0x91, 0x29, 0x28, 0x0E, 0x46, 0x46, 0x21, - 0x77, 0x91, 0x81, 0x11, 0x42, 0x82, 0x03, 0x41, 0x26, 0x3C, 0x53, 0x15, - /* order */ - 0x8C, 0xB9, 0x1E, 0x82, 0xA3, 0x38, 0x6D, 0x28, 0x0F, 0x5D, 0x6F, 0x7E, - 0x50, 0xE6, 0x41, 0xDF, 0x15, 0x2F, 0x71, 0x09, 0xED, 0x54, 0x56, 0xB3, - 0x1F, 0x16, 0x6E, 0x6C, 0xAC, 0x04, 0x25, 0xA7, 0xCF, 0x3A, 0xB6, 0xAF, - 0x6B, 0x7F, 0xC3, 0x10, 0x3B, 0x88, 0x32, 0x02, 0xE9, 0x04, 0x65, 0x65 - } -}; - -static const struct { - EC_CURVE_DATA h; - unsigned char data[0 + 48 * 6]; -} _EC_brainpoolP384t1 = { - { - NID_X9_62_prime_field, 0, 48, 1 - }, - { - /* no seed */ - /* p */ - 0x8C, 0xB9, 0x1E, 0x82, 0xA3, 0x38, 0x6D, 0x28, 0x0F, 0x5D, 0x6F, 0x7E, - 0x50, 0xE6, 0x41, 0xDF, 0x15, 0x2F, 0x71, 0x09, 0xED, 0x54, 0x56, 0xB4, - 0x12, 0xB1, 0xDA, 0x19, 0x7F, 0xB7, 0x11, 0x23, 0xAC, 0xD3, 0xA7, 0x29, - 0x90, 0x1D, 0x1A, 0x71, 0x87, 0x47, 0x00, 0x13, 0x31, 0x07, 0xEC, 0x53, - /* a */ - 0x8C, 0xB9, 0x1E, 0x82, 0xA3, 0x38, 0x6D, 0x28, 0x0F, 0x5D, 0x6F, 0x7E, - 0x50, 0xE6, 0x41, 0xDF, 0x15, 0x2F, 0x71, 0x09, 0xED, 0x54, 0x56, 0xB4, - 0x12, 0xB1, 0xDA, 0x19, 0x7F, 0xB7, 0x11, 0x23, 0xAC, 0xD3, 0xA7, 0x29, - 0x90, 0x1D, 0x1A, 0x71, 0x87, 0x47, 0x00, 0x13, 0x31, 0x07, 0xEC, 0x50, - /* b */ - 0x7F, 0x51, 0x9E, 0xAD, 0xA7, 0xBD, 0xA8, 0x1B, 0xD8, 0x26, 0xDB, 0xA6, - 0x47, 0x91, 0x0F, 0x8C, 0x4B, 0x93, 0x46, 0xED, 0x8C, 0xCD, 0xC6, 0x4E, - 0x4B, 0x1A, 0xBD, 0x11, 0x75, 0x6D, 0xCE, 0x1D, 0x20, 0x74, 0xAA, 0x26, - 0x3B, 0x88, 0x80, 0x5C, 0xED, 0x70, 0x35, 0x5A, 0x33, 0xB4, 0x71, 0xEE, - /* x */ - 0x18, 0xDE, 0x98, 0xB0, 0x2D, 0xB9, 0xA3, 0x06, 0xF2, 0xAF, 0xCD, 0x72, - 0x35, 0xF7, 0x2A, 0x81, 0x9B, 0x80, 0xAB, 0x12, 0xEB, 0xD6, 0x53, 0x17, - 0x24, 0x76, 0xFE, 0xCD, 0x46, 0x2A, 0xAB, 0xFF, 0xC4, 0xFF, 0x19, 0x1B, - 0x94, 0x6A, 0x5F, 0x54, 0xD8, 0xD0, 0xAA, 0x2F, 0x41, 0x88, 0x08, 0xCC, - /* y */ - 0x25, 0xAB, 0x05, 0x69, 0x62, 0xD3, 0x06, 0x51, 0xA1, 0x14, 0xAF, 0xD2, - 0x75, 0x5A, 0xD3, 0x36, 0x74, 0x7F, 0x93, 0x47, 0x5B, 0x7A, 0x1F, 0xCA, - 0x3B, 0x88, 0xF2, 0xB6, 0xA2, 0x08, 0xCC, 0xFE, 0x46, 0x94, 0x08, 0x58, - 0x4D, 0xC2, 0xB2, 0x91, 0x26, 0x75, 0xBF, 0x5B, 0x9E, 0x58, 0x29, 0x28, - /* order */ - 0x8C, 0xB9, 0x1E, 0x82, 0xA3, 0x38, 0x6D, 0x28, 0x0F, 0x5D, 0x6F, 0x7E, - 0x50, 0xE6, 0x41, 0xDF, 0x15, 0x2F, 0x71, 0x09, 0xED, 0x54, 0x56, 0xB3, - 0x1F, 0x16, 0x6E, 0x6C, 0xAC, 0x04, 0x25, 0xA7, 0xCF, 0x3A, 0xB6, 0xAF, - 0x6B, 0x7F, 0xC3, 0x10, 0x3B, 0x88, 0x32, 0x02, 0xE9, 0x04, 0x65, 0x65 - } -}; - -static const struct { - EC_CURVE_DATA h; - unsigned char data[0 + 64 * 6]; -} _EC_brainpoolP512r1 = { - { - NID_X9_62_prime_field, 0, 64, 1 - }, - { - /* no seed */ - /* p */ - 0xAA, 0xDD, 0x9D, 0xB8, 0xDB, 0xE9, 0xC4, 0x8B, 0x3F, 0xD4, 0xE6, 0xAE, - 0x33, 0xC9, 0xFC, 0x07, 0xCB, 0x30, 0x8D, 0xB3, 0xB3, 0xC9, 0xD2, 0x0E, - 0xD6, 0x63, 0x9C, 0xCA, 0x70, 0x33, 0x08, 0x71, 0x7D, 0x4D, 0x9B, 0x00, - 0x9B, 0xC6, 0x68, 0x42, 0xAE, 0xCD, 0xA1, 0x2A, 0xE6, 0xA3, 0x80, 0xE6, - 0x28, 0x81, 0xFF, 0x2F, 0x2D, 0x82, 0xC6, 0x85, 0x28, 0xAA, 0x60, 0x56, - 0x58, 0x3A, 0x48, 0xF3, - /* a */ - 0x78, 0x30, 0xA3, 0x31, 0x8B, 0x60, 0x3B, 0x89, 0xE2, 0x32, 0x71, 0x45, - 0xAC, 0x23, 0x4C, 0xC5, 0x94, 0xCB, 0xDD, 0x8D, 0x3D, 0xF9, 0x16, 0x10, - 0xA8, 0x34, 0x41, 0xCA, 0xEA, 0x98, 0x63, 0xBC, 0x2D, 0xED, 0x5D, 0x5A, - 0xA8, 0x25, 0x3A, 0xA1, 0x0A, 0x2E, 0xF1, 0xC9, 0x8B, 0x9A, 0xC8, 0xB5, - 0x7F, 0x11, 0x17, 0xA7, 0x2B, 0xF2, 0xC7, 0xB9, 0xE7, 0xC1, 0xAC, 0x4D, - 0x77, 0xFC, 0x94, 0xCA, - /* b */ - 0x3D, 0xF9, 0x16, 0x10, 0xA8, 0x34, 0x41, 0xCA, 0xEA, 0x98, 0x63, 0xBC, - 0x2D, 0xED, 0x5D, 0x5A, 0xA8, 0x25, 0x3A, 0xA1, 0x0A, 0x2E, 0xF1, 0xC9, - 0x8B, 0x9A, 0xC8, 0xB5, 0x7F, 0x11, 0x17, 0xA7, 0x2B, 0xF2, 0xC7, 0xB9, - 0xE7, 0xC1, 0xAC, 0x4D, 0x77, 0xFC, 0x94, 0xCA, 0xDC, 0x08, 0x3E, 0x67, - 0x98, 0x40, 0x50, 0xB7, 0x5E, 0xBA, 0xE5, 0xDD, 0x28, 0x09, 0xBD, 0x63, - 0x80, 0x16, 0xF7, 0x23, - /* x */ - 0x81, 0xAE, 0xE4, 0xBD, 0xD8, 0x2E, 0xD9, 0x64, 0x5A, 0x21, 0x32, 0x2E, - 0x9C, 0x4C, 0x6A, 0x93, 0x85, 0xED, 0x9F, 0x70, 0xB5, 0xD9, 0x16, 0xC1, - 0xB4, 0x3B, 0x62, 0xEE, 0xF4, 0xD0, 0x09, 0x8E, 0xFF, 0x3B, 0x1F, 0x78, - 0xE2, 0xD0, 0xD4, 0x8D, 0x50, 0xD1, 0x68, 0x7B, 0x93, 0xB9, 0x7D, 0x5F, - 0x7C, 0x6D, 0x50, 0x47, 0x40, 0x6A, 0x5E, 0x68, 0x8B, 0x35, 0x22, 0x09, - 0xBC, 0xB9, 0xF8, 0x22, - /* y */ - 0x7D, 0xDE, 0x38, 0x5D, 0x56, 0x63, 0x32, 0xEC, 0xC0, 0xEA, 0xBF, 0xA9, - 0xCF, 0x78, 0x22, 0xFD, 0xF2, 0x09, 0xF7, 0x00, 0x24, 0xA5, 0x7B, 0x1A, - 0xA0, 0x00, 0xC5, 0x5B, 0x88, 0x1F, 0x81, 0x11, 0xB2, 0xDC, 0xDE, 0x49, - 0x4A, 0x5F, 0x48, 0x5E, 0x5B, 0xCA, 0x4B, 0xD8, 0x8A, 0x27, 0x63, 0xAE, - 0xD1, 0xCA, 0x2B, 0x2F, 0xA8, 0xF0, 0x54, 0x06, 0x78, 0xCD, 0x1E, 0x0F, - 0x3A, 0xD8, 0x08, 0x92, - /* order */ - 0xAA, 0xDD, 0x9D, 0xB8, 0xDB, 0xE9, 0xC4, 0x8B, 0x3F, 0xD4, 0xE6, 0xAE, - 0x33, 0xC9, 0xFC, 0x07, 0xCB, 0x30, 0x8D, 0xB3, 0xB3, 0xC9, 0xD2, 0x0E, - 0xD6, 0x63, 0x9C, 0xCA, 0x70, 0x33, 0x08, 0x70, 0x55, 0x3E, 0x5C, 0x41, - 0x4C, 0xA9, 0x26, 0x19, 0x41, 0x86, 0x61, 0x19, 0x7F, 0xAC, 0x10, 0x47, - 0x1D, 0xB1, 0xD3, 0x81, 0x08, 0x5D, 0xDA, 0xDD, 0xB5, 0x87, 0x96, 0x82, - 0x9C, 0xA9, 0x00, 0x69 - } -}; - -static const struct { - EC_CURVE_DATA h; - unsigned char data[0 + 64 * 6]; -} _EC_brainpoolP512t1 = { - { - NID_X9_62_prime_field, 0, 64, 1 - }, - { - /* no seed */ - /* p */ - 0xAA, 0xDD, 0x9D, 0xB8, 0xDB, 0xE9, 0xC4, 0x8B, 0x3F, 0xD4, 0xE6, 0xAE, - 0x33, 0xC9, 0xFC, 0x07, 0xCB, 0x30, 0x8D, 0xB3, 0xB3, 0xC9, 0xD2, 0x0E, - 0xD6, 0x63, 0x9C, 0xCA, 0x70, 0x33, 0x08, 0x71, 0x7D, 0x4D, 0x9B, 0x00, - 0x9B, 0xC6, 0x68, 0x42, 0xAE, 0xCD, 0xA1, 0x2A, 0xE6, 0xA3, 0x80, 0xE6, - 0x28, 0x81, 0xFF, 0x2F, 0x2D, 0x82, 0xC6, 0x85, 0x28, 0xAA, 0x60, 0x56, - 0x58, 0x3A, 0x48, 0xF3, - /* a */ - 0xAA, 0xDD, 0x9D, 0xB8, 0xDB, 0xE9, 0xC4, 0x8B, 0x3F, 0xD4, 0xE6, 0xAE, - 0x33, 0xC9, 0xFC, 0x07, 0xCB, 0x30, 0x8D, 0xB3, 0xB3, 0xC9, 0xD2, 0x0E, - 0xD6, 0x63, 0x9C, 0xCA, 0x70, 0x33, 0x08, 0x71, 0x7D, 0x4D, 0x9B, 0x00, - 0x9B, 0xC6, 0x68, 0x42, 0xAE, 0xCD, 0xA1, 0x2A, 0xE6, 0xA3, 0x80, 0xE6, - 0x28, 0x81, 0xFF, 0x2F, 0x2D, 0x82, 0xC6, 0x85, 0x28, 0xAA, 0x60, 0x56, - 0x58, 0x3A, 0x48, 0xF0, - /* b */ - 0x7C, 0xBB, 0xBC, 0xF9, 0x44, 0x1C, 0xFA, 0xB7, 0x6E, 0x18, 0x90, 0xE4, - 0x68, 0x84, 0xEA, 0xE3, 0x21, 0xF7, 0x0C, 0x0B, 0xCB, 0x49, 0x81, 0x52, - 0x78, 0x97, 0x50, 0x4B, 0xEC, 0x3E, 0x36, 0xA6, 0x2B, 0xCD, 0xFA, 0x23, - 0x04, 0x97, 0x65, 0x40, 0xF6, 0x45, 0x00, 0x85, 0xF2, 0xDA, 0xE1, 0x45, - 0xC2, 0x25, 0x53, 0xB4, 0x65, 0x76, 0x36, 0x89, 0x18, 0x0E, 0xA2, 0x57, - 0x18, 0x67, 0x42, 0x3E, - /* x */ - 0x64, 0x0E, 0xCE, 0x5C, 0x12, 0x78, 0x87, 0x17, 0xB9, 0xC1, 0xBA, 0x06, - 0xCB, 0xC2, 0xA6, 0xFE, 0xBA, 0x85, 0x84, 0x24, 0x58, 0xC5, 0x6D, 0xDE, - 0x9D, 0xB1, 0x75, 0x8D, 0x39, 0xC0, 0x31, 0x3D, 0x82, 0xBA, 0x51, 0x73, - 0x5C, 0xDB, 0x3E, 0xA4, 0x99, 0xAA, 0x77, 0xA7, 0xD6, 0x94, 0x3A, 0x64, - 0xF7, 0xA3, 0xF2, 0x5F, 0xE2, 0x6F, 0x06, 0xB5, 0x1B, 0xAA, 0x26, 0x96, - 0xFA, 0x90, 0x35, 0xDA, - /* y */ - 0x5B, 0x53, 0x4B, 0xD5, 0x95, 0xF5, 0xAF, 0x0F, 0xA2, 0xC8, 0x92, 0x37, - 0x6C, 0x84, 0xAC, 0xE1, 0xBB, 0x4E, 0x30, 0x19, 0xB7, 0x16, 0x34, 0xC0, - 0x11, 0x31, 0x15, 0x9C, 0xAE, 0x03, 0xCE, 0xE9, 0xD9, 0x93, 0x21, 0x84, - 0xBE, 0xEF, 0x21, 0x6B, 0xD7, 0x1D, 0xF2, 0xDA, 0xDF, 0x86, 0xA6, 0x27, - 0x30, 0x6E, 0xCF, 0xF9, 0x6D, 0xBB, 0x8B, 0xAC, 0xE1, 0x98, 0xB6, 0x1E, - 0x00, 0xF8, 0xB3, 0x32, - /* order */ - 0xAA, 0xDD, 0x9D, 0xB8, 0xDB, 0xE9, 0xC4, 0x8B, 0x3F, 0xD4, 0xE6, 0xAE, - 0x33, 0xC9, 0xFC, 0x07, 0xCB, 0x30, 0x8D, 0xB3, 0xB3, 0xC9, 0xD2, 0x0E, - 0xD6, 0x63, 0x9C, 0xCA, 0x70, 0x33, 0x08, 0x70, 0x55, 0x3E, 0x5C, 0x41, - 0x4C, 0xA9, 0x26, 0x19, 0x41, 0x86, 0x61, 0x19, 0x7F, 0xAC, 0x10, 0x47, - 0x1D, 0xB1, 0xD3, 0x81, 0x08, 0x5D, 0xDA, 0xDD, 0xB5, 0x87, 0x96, 0x82, - 0x9C, 0xA9, 0x00, 0x69 - } -}; -#endif /* FIPS_MODULE */ - -#if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE) -static const struct { - EC_CURVE_DATA h; - unsigned char data[0 + 32 * 6]; -} _EC_sm2p256v1 = { - { - NID_X9_62_prime_field, 0, 32, 1 - }, - { - /* no seed */ - - /* p */ - 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - /* a */ - 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfc, - /* b */ - 0x28, 0xe9, 0xfa, 0x9e, 0x9d, 0x9f, 0x5e, 0x34, 0x4d, 0x5a, 0x9e, 0x4b, - 0xcf, 0x65, 0x09, 0xa7, 0xf3, 0x97, 0x89, 0xf5, 0x15, 0xab, 0x8f, 0x92, - 0xdd, 0xbc, 0xbd, 0x41, 0x4d, 0x94, 0x0e, 0x93, - /* x */ - 0x32, 0xc4, 0xae, 0x2c, 0x1f, 0x19, 0x81, 0x19, 0x5f, 0x99, 0x04, 0x46, - 0x6a, 0x39, 0xc9, 0x94, 0x8f, 0xe3, 0x0b, 0xbf, 0xf2, 0x66, 0x0b, 0xe1, - 0x71, 0x5a, 0x45, 0x89, 0x33, 0x4c, 0x74, 0xc7, - /* y */ - 0xbc, 0x37, 0x36, 0xa2, 0xf4, 0xf6, 0x77, 0x9c, 0x59, 0xbd, 0xce, 0xe3, - 0x6b, 0x69, 0x21, 0x53, 0xd0, 0xa9, 0x87, 0x7c, 0xc6, 0x2a, 0x47, 0x40, - 0x02, 0xdf, 0x32, 0xe5, 0x21, 0x39, 0xf0, 0xa0, - /* order */ - 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0x72, 0x03, 0xdf, 0x6b, 0x21, 0xc6, 0x05, 0x2b, - 0x53, 0xbb, 0xf4, 0x09, 0x39, 0xd5, 0x41, 0x23, - } -}; -#endif /* OPENSSL_NO_SM2 */ - -typedef struct _ec_list_element_st { - int nid; - const EC_CURVE_DATA *data; - const EC_METHOD *(*meth) (void); - const char *comment; -} ec_list_element; - -#ifdef FIPS_MODULE -static const ec_list_element curve_list[] = { - /* prime field curves */ - /* secg curves */ - {NID_secp224r1, &_EC_NIST_PRIME_224.h, -# if !defined(OPENSSL_NO_EC_NISTP_64_GCC_128) - EC_GFp_nistp224_method, -# else - 0, -# endif - "NIST/SECG curve over a 224 bit prime field"}, - /* SECG secp256r1 is the same as X9.62 prime256v1 and hence omitted */ - {NID_secp384r1, &_EC_NIST_PRIME_384.h, -# if defined(S390X_EC_ASM) - EC_GFp_s390x_nistp384_method, -# else - 0, -# endif - "NIST/SECG curve over a 384 bit prime field"}, - - {NID_secp521r1, &_EC_NIST_PRIME_521.h, -# if defined(S390X_EC_ASM) - EC_GFp_s390x_nistp521_method, -# elif !defined(OPENSSL_NO_EC_NISTP_64_GCC_128) - EC_GFp_nistp521_method, -# else - 0, -# endif - "NIST/SECG curve over a 521 bit prime field"}, - - /* X9.62 curves */ - {NID_X9_62_prime192v1, &_EC_NIST_PRIME_192.h, 0, - "NIST/X9.62/SECG curve over a 192 bit prime field"}, - {NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1.h, -# if defined(ECP_NISTZ256_ASM) - EC_GFp_nistz256_method, -# elif defined(S390X_EC_ASM) - EC_GFp_s390x_nistp256_method, -# elif !defined(OPENSSL_NO_EC_NISTP_64_GCC_128) - EC_GFp_nistp256_method, -# else - 0, -# endif - "X9.62/SECG curve over a 256 bit prime field"}, - -# ifndef OPENSSL_NO_EC2M - /* characteristic two field curves */ - /* NIST/SECG curves */ - {NID_sect163k1, &_EC_NIST_CHAR2_163K.h, 0, - "NIST/SECG/WTLS curve over a 163 bit binary field"}, - {NID_sect163r2, &_EC_NIST_CHAR2_163B.h, 0, - "NIST/SECG curve over a 163 bit binary field"}, - {NID_sect233k1, &_EC_NIST_CHAR2_233K.h, 0, - "NIST/SECG/WTLS curve over a 233 bit binary field"}, - {NID_sect233r1, &_EC_NIST_CHAR2_233B.h, 0, - "NIST/SECG/WTLS curve over a 233 bit binary field"}, - {NID_sect283k1, &_EC_NIST_CHAR2_283K.h, 0, - "NIST/SECG curve over a 283 bit binary field"}, - {NID_sect283r1, &_EC_NIST_CHAR2_283B.h, 0, - "NIST/SECG curve over a 283 bit binary field"}, - {NID_sect409k1, &_EC_NIST_CHAR2_409K.h, 0, - "NIST/SECG curve over a 409 bit binary field"}, - {NID_sect409r1, &_EC_NIST_CHAR2_409B.h, 0, - "NIST/SECG curve over a 409 bit binary field"}, - {NID_sect571k1, &_EC_NIST_CHAR2_571K.h, 0, - "NIST/SECG curve over a 571 bit binary field"}, - {NID_sect571r1, &_EC_NIST_CHAR2_571B.h, 0, - "NIST/SECG curve over a 571 bit binary field"}, -# endif -}; - -#else - -static const ec_list_element curve_list[] = { - /* prime field curves */ - /* secg curves */ - {NID_secp112r1, &_EC_SECG_PRIME_112R1.h, 0, - "SECG/WTLS curve over a 112 bit prime field"}, - {NID_secp112r2, &_EC_SECG_PRIME_112R2.h, 0, - "SECG curve over a 112 bit prime field"}, - {NID_secp128r1, &_EC_SECG_PRIME_128R1.h, 0, - "SECG curve over a 128 bit prime field"}, - {NID_secp128r2, &_EC_SECG_PRIME_128R2.h, 0, - "SECG curve over a 128 bit prime field"}, - {NID_secp160k1, &_EC_SECG_PRIME_160K1.h, 0, - "SECG curve over a 160 bit prime field"}, - {NID_secp160r1, &_EC_SECG_PRIME_160R1.h, 0, - "SECG curve over a 160 bit prime field"}, - {NID_secp160r2, &_EC_SECG_PRIME_160R2.h, 0, - "SECG/WTLS curve over a 160 bit prime field"}, - /* SECG secp192r1 is the same as X9.62 prime192v1 and hence omitted */ - {NID_secp192k1, &_EC_SECG_PRIME_192K1.h, 0, - "SECG curve over a 192 bit prime field"}, - {NID_secp224k1, &_EC_SECG_PRIME_224K1.h, 0, - "SECG curve over a 224 bit prime field"}, -# ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 - {NID_secp224r1, &_EC_NIST_PRIME_224.h, EC_GFp_nistp224_method, - "NIST/SECG curve over a 224 bit prime field"}, -# else - {NID_secp224r1, &_EC_NIST_PRIME_224.h, 0, - "NIST/SECG curve over a 224 bit prime field"}, -# endif - {NID_secp256k1, &_EC_SECG_PRIME_256K1.h, 0, - "SECG curve over a 256 bit prime field"}, - /* SECG secp256r1 is the same as X9.62 prime256v1 and hence omitted */ - {NID_secp384r1, &_EC_NIST_PRIME_384.h, -# if defined(S390X_EC_ASM) - EC_GFp_s390x_nistp384_method, -# else - 0, -# endif - "NIST/SECG curve over a 384 bit prime field"}, - {NID_secp521r1, &_EC_NIST_PRIME_521.h, -# if defined(S390X_EC_ASM) - EC_GFp_s390x_nistp521_method, -# elif !defined(OPENSSL_NO_EC_NISTP_64_GCC_128) - EC_GFp_nistp521_method, -# else - 0, -# endif - "NIST/SECG curve over a 521 bit prime field"}, - /* X9.62 curves */ - {NID_X9_62_prime192v1, &_EC_NIST_PRIME_192.h, 0, - "NIST/X9.62/SECG curve over a 192 bit prime field"}, - {NID_X9_62_prime192v2, &_EC_X9_62_PRIME_192V2.h, 0, - "X9.62 curve over a 192 bit prime field"}, - {NID_X9_62_prime192v3, &_EC_X9_62_PRIME_192V3.h, 0, - "X9.62 curve over a 192 bit prime field"}, - {NID_X9_62_prime239v1, &_EC_X9_62_PRIME_239V1.h, 0, - "X9.62 curve over a 239 bit prime field"}, - {NID_X9_62_prime239v2, &_EC_X9_62_PRIME_239V2.h, 0, - "X9.62 curve over a 239 bit prime field"}, - {NID_X9_62_prime239v3, &_EC_X9_62_PRIME_239V3.h, 0, - "X9.62 curve over a 239 bit prime field"}, - {NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1.h, -# if defined(ECP_NISTZ256_ASM) - EC_GFp_nistz256_method, -# elif defined(S390X_EC_ASM) - EC_GFp_s390x_nistp256_method, -# elif !defined(OPENSSL_NO_EC_NISTP_64_GCC_128) - EC_GFp_nistp256_method, -# else - 0, -# endif - "X9.62/SECG curve over a 256 bit prime field"}, -# ifndef OPENSSL_NO_EC2M - /* characteristic two field curves */ - /* NIST/SECG curves */ - {NID_sect113r1, &_EC_SECG_CHAR2_113R1.h, 0, - "SECG curve over a 113 bit binary field"}, - {NID_sect113r2, &_EC_SECG_CHAR2_113R2.h, 0, - "SECG curve over a 113 bit binary field"}, - {NID_sect131r1, &_EC_SECG_CHAR2_131R1.h, 0, - "SECG/WTLS curve over a 131 bit binary field"}, - {NID_sect131r2, &_EC_SECG_CHAR2_131R2.h, 0, - "SECG curve over a 131 bit binary field"}, - {NID_sect163k1, &_EC_NIST_CHAR2_163K.h, 0, - "NIST/SECG/WTLS curve over a 163 bit binary field"}, - {NID_sect163r1, &_EC_SECG_CHAR2_163R1.h, 0, - "SECG curve over a 163 bit binary field"}, - {NID_sect163r2, &_EC_NIST_CHAR2_163B.h, 0, - "NIST/SECG curve over a 163 bit binary field"}, - {NID_sect193r1, &_EC_SECG_CHAR2_193R1.h, 0, - "SECG curve over a 193 bit binary field"}, - {NID_sect193r2, &_EC_SECG_CHAR2_193R2.h, 0, - "SECG curve over a 193 bit binary field"}, - {NID_sect233k1, &_EC_NIST_CHAR2_233K.h, 0, - "NIST/SECG/WTLS curve over a 233 bit binary field"}, - {NID_sect233r1, &_EC_NIST_CHAR2_233B.h, 0, - "NIST/SECG/WTLS curve over a 233 bit binary field"}, - {NID_sect239k1, &_EC_SECG_CHAR2_239K1.h, 0, - "SECG curve over a 239 bit binary field"}, - {NID_sect283k1, &_EC_NIST_CHAR2_283K.h, 0, - "NIST/SECG curve over a 283 bit binary field"}, - {NID_sect283r1, &_EC_NIST_CHAR2_283B.h, 0, - "NIST/SECG curve over a 283 bit binary field"}, - {NID_sect409k1, &_EC_NIST_CHAR2_409K.h, 0, - "NIST/SECG curve over a 409 bit binary field"}, - {NID_sect409r1, &_EC_NIST_CHAR2_409B.h, 0, - "NIST/SECG curve over a 409 bit binary field"}, - {NID_sect571k1, &_EC_NIST_CHAR2_571K.h, 0, - "NIST/SECG curve over a 571 bit binary field"}, - {NID_sect571r1, &_EC_NIST_CHAR2_571B.h, 0, - "NIST/SECG curve over a 571 bit binary field"}, - /* X9.62 curves */ - {NID_X9_62_c2pnb163v1, &_EC_X9_62_CHAR2_163V1.h, 0, - "X9.62 curve over a 163 bit binary field"}, - {NID_X9_62_c2pnb163v2, &_EC_X9_62_CHAR2_163V2.h, 0, - "X9.62 curve over a 163 bit binary field"}, - {NID_X9_62_c2pnb163v3, &_EC_X9_62_CHAR2_163V3.h, 0, - "X9.62 curve over a 163 bit binary field"}, - {NID_X9_62_c2pnb176v1, &_EC_X9_62_CHAR2_176V1.h, 0, - "X9.62 curve over a 176 bit binary field"}, - {NID_X9_62_c2tnb191v1, &_EC_X9_62_CHAR2_191V1.h, 0, - "X9.62 curve over a 191 bit binary field"}, - {NID_X9_62_c2tnb191v2, &_EC_X9_62_CHAR2_191V2.h, 0, - "X9.62 curve over a 191 bit binary field"}, - {NID_X9_62_c2tnb191v3, &_EC_X9_62_CHAR2_191V3.h, 0, - "X9.62 curve over a 191 bit binary field"}, - {NID_X9_62_c2pnb208w1, &_EC_X9_62_CHAR2_208W1.h, 0, - "X9.62 curve over a 208 bit binary field"}, - {NID_X9_62_c2tnb239v1, &_EC_X9_62_CHAR2_239V1.h, 0, - "X9.62 curve over a 239 bit binary field"}, - {NID_X9_62_c2tnb239v2, &_EC_X9_62_CHAR2_239V2.h, 0, - "X9.62 curve over a 239 bit binary field"}, - {NID_X9_62_c2tnb239v3, &_EC_X9_62_CHAR2_239V3.h, 0, - "X9.62 curve over a 239 bit binary field"}, - {NID_X9_62_c2pnb272w1, &_EC_X9_62_CHAR2_272W1.h, 0, - "X9.62 curve over a 272 bit binary field"}, - {NID_X9_62_c2pnb304w1, &_EC_X9_62_CHAR2_304W1.h, 0, - "X9.62 curve over a 304 bit binary field"}, - {NID_X9_62_c2tnb359v1, &_EC_X9_62_CHAR2_359V1.h, 0, - "X9.62 curve over a 359 bit binary field"}, - {NID_X9_62_c2pnb368w1, &_EC_X9_62_CHAR2_368W1.h, 0, - "X9.62 curve over a 368 bit binary field"}, - {NID_X9_62_c2tnb431r1, &_EC_X9_62_CHAR2_431R1.h, 0, - "X9.62 curve over a 431 bit binary field"}, - /* - * the WAP/WTLS curves [unlike SECG, spec has its own OIDs for curves - * from X9.62] - */ - {NID_wap_wsg_idm_ecid_wtls1, &_EC_WTLS_1.h, 0, - "WTLS curve over a 113 bit binary field"}, - {NID_wap_wsg_idm_ecid_wtls3, &_EC_NIST_CHAR2_163K.h, 0, - "NIST/SECG/WTLS curve over a 163 bit binary field"}, - {NID_wap_wsg_idm_ecid_wtls4, &_EC_SECG_CHAR2_113R1.h, 0, - "SECG curve over a 113 bit binary field"}, - {NID_wap_wsg_idm_ecid_wtls5, &_EC_X9_62_CHAR2_163V1.h, 0, - "X9.62 curve over a 163 bit binary field"}, -# endif - {NID_wap_wsg_idm_ecid_wtls6, &_EC_SECG_PRIME_112R1.h, 0, - "SECG/WTLS curve over a 112 bit prime field"}, - {NID_wap_wsg_idm_ecid_wtls7, &_EC_SECG_PRIME_160R2.h, 0, - "SECG/WTLS curve over a 160 bit prime field"}, - {NID_wap_wsg_idm_ecid_wtls8, &_EC_WTLS_8.h, 0, - "WTLS curve over a 112 bit prime field"}, - {NID_wap_wsg_idm_ecid_wtls9, &_EC_WTLS_9.h, 0, - "WTLS curve over a 160 bit prime field"}, -# ifndef OPENSSL_NO_EC2M - {NID_wap_wsg_idm_ecid_wtls10, &_EC_NIST_CHAR2_233K.h, 0, - "NIST/SECG/WTLS curve over a 233 bit binary field"}, - {NID_wap_wsg_idm_ecid_wtls11, &_EC_NIST_CHAR2_233B.h, 0, - "NIST/SECG/WTLS curve over a 233 bit binary field"}, -# endif - {NID_wap_wsg_idm_ecid_wtls12, &_EC_WTLS_12.h, 0, - "WTLS curve over a 224 bit prime field"}, -# ifndef OPENSSL_NO_EC2M - /* IPSec curves */ - {NID_ipsec3, &_EC_IPSEC_155_ID3.h, 0, - "\n\tIPSec/IKE/Oakley curve #3 over a 155 bit binary field.\n" - "\tNot suitable for ECDSA.\n\tQuestionable extension field!"}, - {NID_ipsec4, &_EC_IPSEC_185_ID4.h, 0, - "\n\tIPSec/IKE/Oakley curve #4 over a 185 bit binary field.\n" - "\tNot suitable for ECDSA.\n\tQuestionable extension field!"}, -# endif - /* brainpool curves */ - {NID_brainpoolP160r1, &_EC_brainpoolP160r1.h, 0, - "RFC 5639 curve over a 160 bit prime field"}, - {NID_brainpoolP160t1, &_EC_brainpoolP160t1.h, 0, - "RFC 5639 curve over a 160 bit prime field"}, - {NID_brainpoolP192r1, &_EC_brainpoolP192r1.h, 0, - "RFC 5639 curve over a 192 bit prime field"}, - {NID_brainpoolP192t1, &_EC_brainpoolP192t1.h, 0, - "RFC 5639 curve over a 192 bit prime field"}, - {NID_brainpoolP224r1, &_EC_brainpoolP224r1.h, 0, - "RFC 5639 curve over a 224 bit prime field"}, - {NID_brainpoolP224t1, &_EC_brainpoolP224t1.h, 0, - "RFC 5639 curve over a 224 bit prime field"}, - {NID_brainpoolP256r1, &_EC_brainpoolP256r1.h, 0, - "RFC 5639 curve over a 256 bit prime field"}, - {NID_brainpoolP256t1, &_EC_brainpoolP256t1.h, 0, - "RFC 5639 curve over a 256 bit prime field"}, - {NID_brainpoolP320r1, &_EC_brainpoolP320r1.h, 0, - "RFC 5639 curve over a 320 bit prime field"}, - {NID_brainpoolP320t1, &_EC_brainpoolP320t1.h, 0, - "RFC 5639 curve over a 320 bit prime field"}, - {NID_brainpoolP384r1, &_EC_brainpoolP384r1.h, 0, - "RFC 5639 curve over a 384 bit prime field"}, - {NID_brainpoolP384t1, &_EC_brainpoolP384t1.h, 0, - "RFC 5639 curve over a 384 bit prime field"}, - {NID_brainpoolP512r1, &_EC_brainpoolP512r1.h, 0, - "RFC 5639 curve over a 512 bit prime field"}, - {NID_brainpoolP512t1, &_EC_brainpoolP512t1.h, 0, - "RFC 5639 curve over a 512 bit prime field"}, -# ifndef OPENSSL_NO_SM2 - {NID_sm2, &_EC_sm2p256v1.h, 0, - "SM2 curve over a 256 bit prime field"}, -# endif -}; -#endif /* FIPS_MODULE */ - -#define curve_list_length OSSL_NELEM(curve_list) - -static const ec_list_element *ec_curve_nid2curve(int nid) -{ - size_t i; - - if (nid <= 0) - return NULL; - - for (i = 0; i < curve_list_length; i++) { - if (curve_list[i].nid == nid) - return &curve_list[i]; - } - return NULL; -} - -static EC_GROUP *ec_group_new_from_data(OSSL_LIB_CTX *libctx, - const char *propq, - const ec_list_element curve) -{ - EC_GROUP *group = NULL; - EC_POINT *P = NULL; - BN_CTX *ctx = NULL; - BIGNUM *p = NULL, *a = NULL, *b = NULL, *x = NULL, *y = NULL, *order = - NULL; - int ok = 0; - int seed_len, param_len; - const EC_METHOD *meth; - const EC_CURVE_DATA *data; - const unsigned char *params; - - /* If no curve data curve method must handle everything */ - if (curve.data == NULL) - return ossl_ec_group_new_ex(libctx, propq, - curve.meth != NULL ? curve.meth() : NULL); - - if ((ctx = BN_CTX_new_ex(libctx)) == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); - goto err; - } - - data = curve.data; - seed_len = data->seed_len; - param_len = data->param_len; - params = (const unsigned char *)(data + 1); /* skip header */ - params += seed_len; /* skip seed */ - - if ((p = BN_bin2bn(params + 0 * param_len, param_len, NULL)) == NULL - || (a = BN_bin2bn(params + 1 * param_len, param_len, NULL)) == NULL - || (b = BN_bin2bn(params + 2 * param_len, param_len, NULL)) == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); - goto err; - } - - if (curve.meth != 0) { - meth = curve.meth(); - if (((group = ossl_ec_group_new_ex(libctx, propq, meth)) == NULL) || - (!(group->meth->group_set_curve(group, p, a, b, ctx)))) { - ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); - goto err; - } - } else if (data->field_type == NID_X9_62_prime_field) { - if ((group = EC_GROUP_new_curve_GFp(p, a, b, ctx)) == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); - goto err; - } - } -#ifndef OPENSSL_NO_EC2M - else { /* field_type == - * NID_X9_62_characteristic_two_field */ - - if ((group = EC_GROUP_new_curve_GF2m(p, a, b, ctx)) == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); - goto err; - } - } -#endif - - EC_GROUP_set_curve_name(group, curve.nid); - - if ((P = EC_POINT_new(group)) == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); - goto err; - } - - if ((x = BN_bin2bn(params + 3 * param_len, param_len, NULL)) == NULL - || (y = BN_bin2bn(params + 4 * param_len, param_len, NULL)) == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); - goto err; - } - if (!EC_POINT_set_affine_coordinates(group, P, x, y, ctx)) { - ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); - goto err; - } - if ((order = BN_bin2bn(params + 5 * param_len, param_len, NULL)) == NULL - || !BN_set_word(x, (BN_ULONG)data->cofactor)) { - ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); - goto err; - } - if (!EC_GROUP_set_generator(group, P, order, x)) { - ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); - goto err; - } - if (seed_len) { - if (!EC_GROUP_set_seed(group, params - seed_len, seed_len)) { - ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); - goto err; - } - } - -#ifndef FIPS_MODULE - if (EC_GROUP_get_asn1_flag(group) == OPENSSL_EC_NAMED_CURVE) { - /* - * Some curves don't have an associated OID: for those we should not - * default to `OPENSSL_EC_NAMED_CURVE` encoding of parameters and - * instead set the ASN1 flag to `OPENSSL_EC_EXPLICIT_CURVE`. - * - * Note that `OPENSSL_EC_NAMED_CURVE` is set as the default ASN1 flag on - * `EC_GROUP_new()`, when we don't have enough elements to determine if - * an OID for the curve name actually exists. - * We could implement this check on `EC_GROUP_set_curve_name()` but - * overloading the simple setter with this lookup could have a negative - * performance impact and unexpected consequences. - */ - ASN1_OBJECT *asn1obj = OBJ_nid2obj(curve.nid); - - if (asn1obj == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_OBJ_LIB); - goto err; - } - if (OBJ_length(asn1obj) == 0) - EC_GROUP_set_asn1_flag(group, OPENSSL_EC_EXPLICIT_CURVE); - - ASN1_OBJECT_free(asn1obj); - } -#else - /* - * Inside the FIPS module we do not support explicit curves anyway - * so the above check is not necessary. - * - * Skipping it is also necessary because `OBJ_length()` and - * `ASN1_OBJECT_free()` are not available within the FIPS module - * boundaries. - */ -#endif - - ok = 1; - err: - if (!ok) { - EC_GROUP_free(group); - group = NULL; - } - EC_POINT_free(P); - BN_CTX_free(ctx); - BN_free(p); - BN_free(a); - BN_free(b); - BN_free(order); - BN_free(x); - BN_free(y); - return group; -} - -EC_GROUP *EC_GROUP_new_by_curve_name_ex(OSSL_LIB_CTX *libctx, const char *propq, - int nid) -{ - EC_GROUP *ret = NULL; - const ec_list_element *curve; - - if ((curve = ec_curve_nid2curve(nid)) == NULL - || (ret = ec_group_new_from_data(libctx, propq, *curve)) == NULL) { -#ifndef FIPS_MODULE - ERR_raise_data(ERR_LIB_EC, EC_R_UNKNOWN_GROUP, - "name=%s", OBJ_nid2sn(nid)); -#else - ERR_raise(ERR_LIB_EC, EC_R_UNKNOWN_GROUP); -#endif - return NULL; - } - - return ret; -} - -#ifndef FIPS_MODULE -EC_GROUP *EC_GROUP_new_by_curve_name(int nid) -{ - return EC_GROUP_new_by_curve_name_ex(NULL, NULL, nid); -} -#endif - -size_t EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems) -{ - size_t i, min; - - if (r == NULL || nitems == 0) - return curve_list_length; - - min = nitems < curve_list_length ? nitems : curve_list_length; - - for (i = 0; i < min; i++) { - r[i].nid = curve_list[i].nid; - r[i].comment = curve_list[i].comment; - } - - return curve_list_length; -} - -const char *EC_curve_nid2nist(int nid) -{ - return ossl_ec_curve_nid2nist_int(nid); -} - -int EC_curve_nist2nid(const char *name) -{ - return ossl_ec_curve_nist2nid_int(name); -} - -#define NUM_BN_FIELDS 6 -/* - * Validates EC domain parameter data for known named curves. - * This can be used when a curve is loaded explicitly (without a curve - * name) or to validate that domain parameters have not been modified. - * - * Returns: The nid associated with the found named curve, or NID_undef - * if not found. If there was an error it returns -1. - */ -int ossl_ec_curve_nid_from_params(const EC_GROUP *group, BN_CTX *ctx) -{ - int ret = -1, nid, len, field_type, param_len; - size_t i, seed_len; - const unsigned char *seed, *params_seed, *params; - unsigned char *param_bytes = NULL; - const EC_CURVE_DATA *data; - const EC_POINT *generator = NULL; - const BIGNUM *cofactor = NULL; - /* An array of BIGNUMs for (p, a, b, x, y, order) */ - BIGNUM *bn[NUM_BN_FIELDS] = {NULL, NULL, NULL, NULL, NULL, NULL}; - - /* Use the optional named curve nid as a search field */ - nid = EC_GROUP_get_curve_name(group); - field_type = EC_GROUP_get_field_type(group); - seed_len = EC_GROUP_get_seed_len(group); - seed = EC_GROUP_get0_seed(group); - cofactor = EC_GROUP_get0_cofactor(group); - - BN_CTX_start(ctx); - - /* - * The built-in curves contains data fields (p, a, b, x, y, order) that are - * all zero-padded to be the same size. The size of the padding is - * determined by either the number of bytes in the field modulus (p) or the - * EC group order, whichever is larger. - */ - param_len = BN_num_bytes(group->order); - len = BN_num_bytes(group->field); - if (len > param_len) - param_len = len; - - /* Allocate space to store the padded data for (p, a, b, x, y, order) */ - param_bytes = OPENSSL_malloc(param_len * NUM_BN_FIELDS); - if (param_bytes == NULL) - goto end; - - /* Create the bignums */ - for (i = 0; i < NUM_BN_FIELDS; ++i) { - if ((bn[i] = BN_CTX_get(ctx)) == NULL) - goto end; - } - /* - * Fill in the bn array with the same values as the internal curves - * i.e. the values are p, a, b, x, y, order. - */ - /* Get p, a & b */ - if (!(EC_GROUP_get_curve(group, bn[0], bn[1], bn[2], ctx) - && ((generator = EC_GROUP_get0_generator(group)) != NULL) - /* Get x & y */ - && EC_POINT_get_affine_coordinates(group, generator, bn[3], bn[4], ctx) - /* Get order */ - && EC_GROUP_get_order(group, bn[5], ctx))) - goto end; - - /* - * Convert the bignum array to bytes that are joined together to form - * a single buffer that contains data for all fields. - * (p, a, b, x, y, order) are all zero padded to be the same size. - */ - for (i = 0; i < NUM_BN_FIELDS; ++i) { - if (BN_bn2binpad(bn[i], ¶m_bytes[i*param_len], param_len) <= 0) - goto end; - } - - for (i = 0; i < curve_list_length; i++) { - const ec_list_element curve = curve_list[i]; - - data = curve.data; - /* Get the raw order byte data */ - params_seed = (const unsigned char *)(data + 1); /* skip header */ - params = params_seed + data->seed_len; - - /* Look for unique fields in the fixed curve data */ - if (data->field_type == field_type - && param_len == data->param_len - && (nid <= 0 || nid == curve.nid) - /* check the optional cofactor (ignore if its zero) */ - && (BN_is_zero(cofactor) - || BN_is_word(cofactor, (const BN_ULONG)curve.data->cofactor)) - /* Check the optional seed (ignore if its not set) */ - && (data->seed_len == 0 || seed_len == 0 - || ((size_t)data->seed_len == seed_len - && memcmp(params_seed, seed, seed_len) == 0)) - /* Check that the groups params match the built-in curve params */ - && memcmp(param_bytes, params, param_len * NUM_BN_FIELDS) - == 0) { - ret = curve.nid; - goto end; - } - } - /* Gets here if the group was not found */ - ret = NID_undef; -end: - OPENSSL_free(param_bytes); - BN_CTX_end(ctx); - return ret; -} diff --git a/crypto/ec/ec_cvt.c b/crypto/ec/ec_cvt.c deleted file mode 100644 index 1145bfb68f90df428a65b1f88d6dfad34b3c8cea..0000000000000000000000000000000000000000 --- a/crypto/ec/ec_cvt.c +++ /dev/null @@ -1,89 +0,0 @@ -/* - * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. - * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * ECDSA low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include -#include "crypto/bn.h" -#include "ec_local.h" - -EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, - const BIGNUM *b, BN_CTX *ctx) -{ - const EC_METHOD *meth; - EC_GROUP *ret; - -#if defined(OPENSSL_BN_ASM_MONT) - /* - * This might appear controversial, but the fact is that generic - * prime method was observed to deliver better performance even - * for NIST primes on a range of platforms, e.g.: 60%-15% - * improvement on IA-64, ~25% on ARM, 30%-90% on P4, 20%-25% - * in 32-bit build and 35%--12% in 64-bit build on Core2... - * Coefficients are relative to optimized bn_nist.c for most - * intensive ECDSA verify and ECDH operations for 192- and 521- - * bit keys respectively. Choice of these boundary values is - * arguable, because the dependency of improvement coefficient - * from key length is not a "monotone" curve. For example while - * 571-bit result is 23% on ARM, 384-bit one is -1%. But it's - * generally faster, sometimes "respectfully" faster, sometimes - * "tolerably" slower... What effectively happens is that loop - * with bn_mul_add_words is put against bn_mul_mont, and the - * latter "wins" on short vectors. Correct solution should be - * implementing dedicated NxN multiplication subroutines for - * small N. But till it materializes, let's stick to generic - * prime method... - * - */ - meth = EC_GFp_mont_method(); -#else - if (BN_nist_mod_func(p)) - meth = EC_GFp_nist_method(); - else - meth = EC_GFp_mont_method(); -#endif - - ret = ossl_ec_group_new_ex(ossl_bn_get_libctx(ctx), NULL, meth); - if (ret == NULL) - return NULL; - - if (!EC_GROUP_set_curve(ret, p, a, b, ctx)) { - EC_GROUP_free(ret); - return NULL; - } - - return ret; -} - -#ifndef OPENSSL_NO_EC2M -EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a, - const BIGNUM *b, BN_CTX *ctx) -{ - const EC_METHOD *meth; - EC_GROUP *ret; - - meth = EC_GF2m_simple_method(); - - ret = ossl_ec_group_new_ex(ossl_bn_get_libctx(ctx), NULL, meth); - if (ret == NULL) - return NULL; - - if (!EC_GROUP_set_curve(ret, p, a, b, ctx)) { - EC_GROUP_free(ret); - return NULL; - } - - return ret; -} -#endif diff --git a/crypto/ec/ec_deprecated.c b/crypto/ec/ec_deprecated.c deleted file mode 100644 index 765894c32977145257c74afad2e974ee84013891..0000000000000000000000000000000000000000 --- a/crypto/ec/ec_deprecated.c +++ /dev/null @@ -1,78 +0,0 @@ -/* - * Copyright 2002-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * Suppress deprecation warnings for EC low level implementations that are - * kept until removal. - */ -#define OPENSSL_SUPPRESS_DEPRECATED - -#include -#include -#include - -#ifndef OPENSSL_NO_DEPRECATED_3_0 -BIGNUM *EC_POINT_point2bn(const EC_GROUP *group, - const EC_POINT *point, - point_conversion_form_t form, - BIGNUM *ret, BN_CTX *ctx) -{ - size_t buf_len = 0; - unsigned char *buf; - - buf_len = EC_POINT_point2buf(group, point, form, &buf, ctx); - - if (buf_len == 0) - return NULL; - - ret = BN_bin2bn(buf, buf_len, ret); - - OPENSSL_free(buf); - - return ret; -} - -EC_POINT *EC_POINT_bn2point(const EC_GROUP *group, - const BIGNUM *bn, EC_POINT *point, BN_CTX *ctx) -{ - size_t buf_len = 0; - unsigned char *buf; - EC_POINT *ret; - - if ((buf_len = BN_num_bytes(bn)) == 0) - buf_len = 1; - if ((buf = OPENSSL_malloc(buf_len)) == NULL) { - ECerr(EC_F_EC_POINT_BN2POINT, ERR_R_MALLOC_FAILURE); - return NULL; - } - - if (BN_bn2binpad(bn, buf, buf_len) < 0) { - OPENSSL_free(buf); - return NULL; - } - - if (point == NULL) { - if ((ret = EC_POINT_new(group)) == NULL) { - OPENSSL_free(buf); - return NULL; - } - } else - ret = point; - - if (!EC_POINT_oct2point(group, ret, buf, buf_len, ctx)) { - if (ret != point) - EC_POINT_clear_free(ret); - OPENSSL_free(buf); - return NULL; - } - - OPENSSL_free(buf); - return ret; -} -#endif /* OPENSSL_NO_DEPRECATED_3_0 */ diff --git a/crypto/ec/ec_err.c b/crypto/ec/ec_err.c deleted file mode 100644 index 4d6f2a76ad2041f86612d819fb3dc565ee9c4f89..0000000000000000000000000000000000000000 --- a/crypto/ec/ec_err.c +++ /dev/null @@ -1,135 +0,0 @@ -/* - * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include "crypto/ecerr.h" - -#ifndef OPENSSL_NO_EC - -# ifndef OPENSSL_NO_ERR - -static const ERR_STRING_DATA EC_str_reasons[] = { - {ERR_PACK(ERR_LIB_EC, 0, EC_R_ASN1_ERROR), "asn1 error"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_BAD_SIGNATURE), "bad signature"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_BIGNUM_OUT_OF_RANGE), "bignum out of range"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_BUFFER_TOO_SMALL), "buffer too small"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_CANNOT_INVERT), "cannot invert"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_COORDINATES_OUT_OF_RANGE), - "coordinates out of range"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_CURVE_DOES_NOT_SUPPORT_ECDH), - "curve does not support ecdh"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_CURVE_DOES_NOT_SUPPORT_ECDSA), - "curve does not support ecdsa"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING), - "curve does not support signing"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_DECODE_ERROR), "decode error"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_DISCRIMINANT_IS_ZERO), - "discriminant is zero"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_EC_GROUP_NEW_BY_NAME_FAILURE), - "ec group new by name failure"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_EXPLICIT_PARAMS_NOT_SUPPORTED), - "explicit params not supported"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_FAILED_MAKING_PUBLIC_KEY), - "failed making public key"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_FIELD_TOO_LARGE), "field too large"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_GF2M_NOT_SUPPORTED), "gf2m not supported"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_GROUP2PKPARAMETERS_FAILURE), - "group2pkparameters failure"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_I2D_ECPKPARAMETERS_FAILURE), - "i2d ecpkparameters failure"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_INCOMPATIBLE_OBJECTS), - "incompatible objects"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_A), "invalid a"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_ARGUMENT), "invalid argument"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_B), "invalid b"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_COFACTOR), "invalid cofactor"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_COMPRESSED_POINT), - "invalid compressed point"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_COMPRESSION_BIT), - "invalid compression bit"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_CURVE), "invalid curve"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_DIGEST), "invalid digest"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_DIGEST_TYPE), "invalid digest type"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_ENCODING), "invalid encoding"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_FIELD), "invalid field"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_FORM), "invalid form"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_GENERATOR), "invalid generator"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_GROUP_ORDER), "invalid group order"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_KEY), "invalid key"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_LENGTH), "invalid length"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_NAMED_GROUP_CONVERSION), - "invalid named group conversion"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_OUTPUT_LENGTH), - "invalid output length"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_P), "invalid p"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_PEER_KEY), "invalid peer key"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_PENTANOMIAL_BASIS), - "invalid pentanomial basis"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_PRIVATE_KEY), "invalid private key"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_SEED), "invalid seed"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_TRINOMIAL_BASIS), - "invalid trinomial basis"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_KDF_PARAMETER_ERROR), "kdf parameter error"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_KEYS_NOT_SET), "keys not set"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_LADDER_POST_FAILURE), "ladder post failure"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_LADDER_PRE_FAILURE), "ladder pre failure"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_LADDER_STEP_FAILURE), "ladder step failure"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_MISSING_OID), "missing OID"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_MISSING_PARAMETERS), "missing parameters"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_MISSING_PRIVATE_KEY), "missing private key"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_NEED_NEW_SETUP_VALUES), - "need new setup values"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_NOT_A_NIST_PRIME), "not a NIST prime"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_NOT_IMPLEMENTED), "not implemented"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_NOT_INITIALIZED), "not initialized"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_NO_PARAMETERS_SET), "no parameters set"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_NO_PRIVATE_VALUE), "no private value"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_OPERATION_NOT_SUPPORTED), - "operation not supported"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_PASSED_NULL_PARAMETER), - "passed null parameter"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_PEER_KEY_ERROR), "peer key error"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_POINT_ARITHMETIC_FAILURE), - "point arithmetic failure"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_POINT_AT_INFINITY), "point at infinity"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_POINT_COORDINATES_BLIND_FAILURE), - "point coordinates blind failure"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_POINT_IS_NOT_ON_CURVE), - "point is not on curve"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_RANDOM_NUMBER_GENERATION_FAILED), - "random number generation failed"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_SHARED_INFO_ERROR), "shared info error"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_SLOT_FULL), "slot full"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_UNDEFINED_GENERATOR), "undefined generator"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_UNDEFINED_ORDER), "undefined order"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_UNKNOWN_COFACTOR), "unknown cofactor"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_UNKNOWN_GROUP), "unknown group"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_UNKNOWN_ORDER), "unknown order"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_UNSUPPORTED_FIELD), "unsupported field"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_WRONG_CURVE_PARAMETERS), - "wrong curve parameters"}, - {ERR_PACK(ERR_LIB_EC, 0, EC_R_WRONG_ORDER), "wrong order"}, - {0, NULL} -}; - -# endif - -int ossl_err_load_EC_strings(void) -{ -# ifndef OPENSSL_NO_ERR - if (ERR_reason_error_string(EC_str_reasons[0].error) == NULL) - ERR_load_strings_const(EC_str_reasons); -# endif - return 1; -} -#else -NON_EMPTY_TRANSLATION_UNIT -#endif diff --git a/crypto/ec/ec_key.c b/crypto/ec/ec_key.c deleted file mode 100644 index 729d338b33796d8511a6b02d52c9788b64948020..0000000000000000000000000000000000000000 --- a/crypto/ec/ec_key.c +++ /dev/null @@ -1,1037 +0,0 @@ -/* - * Copyright 2002-2022 The OpenSSL Project Authors. All Rights Reserved. - * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * EC_KEY low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include "internal/cryptlib.h" -#include -#include "ec_local.h" -#include "internal/refcount.h" -#include -#ifndef FIPS_MODULE -# include -#endif -#include -#include "prov/providercommon.h" -#include "crypto/bn.h" - -static int ecdsa_keygen_pairwise_test(EC_KEY *eckey, OSSL_CALLBACK *cb, - void *cbarg); - -#ifndef FIPS_MODULE -EC_KEY *EC_KEY_new(void) -{ - return ossl_ec_key_new_method_int(NULL, NULL, NULL); -} -#endif - -EC_KEY *EC_KEY_new_ex(OSSL_LIB_CTX *ctx, const char *propq) -{ - return ossl_ec_key_new_method_int(ctx, propq, NULL); -} - -EC_KEY *EC_KEY_new_by_curve_name_ex(OSSL_LIB_CTX *ctx, const char *propq, - int nid) -{ - EC_KEY *ret = EC_KEY_new_ex(ctx, propq); - if (ret == NULL) - return NULL; - ret->group = EC_GROUP_new_by_curve_name_ex(ctx, propq, nid); - if (ret->group == NULL) { - EC_KEY_free(ret); - return NULL; - } - if (ret->meth->set_group != NULL - && ret->meth->set_group(ret, ret->group) == 0) { - EC_KEY_free(ret); - return NULL; - } - return ret; -} - -#ifndef FIPS_MODULE -EC_KEY *EC_KEY_new_by_curve_name(int nid) -{ - return EC_KEY_new_by_curve_name_ex(NULL, NULL, nid); -} -#endif - -void EC_KEY_free(EC_KEY *r) -{ - int i; - - if (r == NULL) - return; - - CRYPTO_DOWN_REF(&r->references, &i, r->lock); - REF_PRINT_COUNT("EC_KEY", r); - if (i > 0) - return; - REF_ASSERT_ISNT(i < 0); - - if (r->meth != NULL && r->meth->finish != NULL) - r->meth->finish(r); - -#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE) - ENGINE_finish(r->engine); -#endif - - if (r->group && r->group->meth->keyfinish) - r->group->meth->keyfinish(r); - -#ifndef FIPS_MODULE - CRYPTO_free_ex_data(CRYPTO_EX_INDEX_EC_KEY, r, &r->ex_data); -#endif - CRYPTO_THREAD_lock_free(r->lock); - EC_GROUP_free(r->group); - EC_POINT_free(r->pub_key); - BN_clear_free(r->priv_key); - OPENSSL_free(r->propq); - - OPENSSL_clear_free((void *)r, sizeof(EC_KEY)); -} - -EC_KEY *EC_KEY_copy(EC_KEY *dest, const EC_KEY *src) -{ - if (dest == NULL || src == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_PASSED_NULL_PARAMETER); - return NULL; - } - if (src->meth != dest->meth) { - if (dest->meth->finish != NULL) - dest->meth->finish(dest); - if (dest->group && dest->group->meth->keyfinish) - dest->group->meth->keyfinish(dest); -#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE) - if (ENGINE_finish(dest->engine) == 0) - return 0; - dest->engine = NULL; -#endif - } - dest->libctx = src->libctx; - /* copy the parameters */ - if (src->group != NULL) { - /* clear the old group */ - EC_GROUP_free(dest->group); - dest->group = ossl_ec_group_new_ex(src->libctx, src->propq, - src->group->meth); - if (dest->group == NULL) - return NULL; - if (!EC_GROUP_copy(dest->group, src->group)) - return NULL; - - /* copy the public key */ - if (src->pub_key != NULL) { - EC_POINT_free(dest->pub_key); - dest->pub_key = EC_POINT_new(src->group); - if (dest->pub_key == NULL) - return NULL; - if (!EC_POINT_copy(dest->pub_key, src->pub_key)) - return NULL; - } - /* copy the private key */ - if (src->priv_key != NULL) { - if (dest->priv_key == NULL) { - dest->priv_key = BN_new(); - if (dest->priv_key == NULL) - return NULL; - } - if (!BN_copy(dest->priv_key, src->priv_key)) - return NULL; - if (src->group->meth->keycopy - && src->group->meth->keycopy(dest, src) == 0) - return NULL; - } - } - - - /* copy the rest */ - dest->enc_flag = src->enc_flag; - dest->conv_form = src->conv_form; - dest->version = src->version; - dest->flags = src->flags; -#ifndef FIPS_MODULE - if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_EC_KEY, - &dest->ex_data, &src->ex_data)) - return NULL; -#endif - - if (src->meth != dest->meth) { -#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE) - if (src->engine != NULL && ENGINE_init(src->engine) == 0) - return NULL; - dest->engine = src->engine; -#endif - dest->meth = src->meth; - } - - if (src->meth->copy != NULL && src->meth->copy(dest, src) == 0) - return NULL; - - dest->dirty_cnt++; - - return dest; -} - -EC_KEY *EC_KEY_dup(const EC_KEY *ec_key) -{ - return ossl_ec_key_dup(ec_key, OSSL_KEYMGMT_SELECT_ALL); -} - -int EC_KEY_up_ref(EC_KEY *r) -{ - int i; - - if (CRYPTO_UP_REF(&r->references, &i, r->lock) <= 0) - return 0; - - REF_PRINT_COUNT("EC_KEY", r); - REF_ASSERT_ISNT(i < 2); - return ((i > 1) ? 1 : 0); -} - -ENGINE *EC_KEY_get0_engine(const EC_KEY *eckey) -{ - return eckey->engine; -} - -int EC_KEY_generate_key(EC_KEY *eckey) -{ - if (eckey == NULL || eckey->group == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - if (eckey->meth->keygen != NULL) { - int ret; - - ret = eckey->meth->keygen(eckey); - if (ret == 1) - eckey->dirty_cnt++; - - return ret; - } - ERR_raise(ERR_LIB_EC, EC_R_OPERATION_NOT_SUPPORTED); - return 0; -} - -int ossl_ec_key_gen(EC_KEY *eckey) -{ - int ret; - - ret = eckey->group->meth->keygen(eckey); - - if (ret == 1) - eckey->dirty_cnt++; - return ret; -} - -/* - * ECC Key generation. - * See SP800-56AR3 5.6.1.2.2 "Key Pair Generation by Testing Candidates" - * - * Params: - * libctx A context containing an optional self test callback. - * eckey An EC key object that contains domain params. The generated keypair - * is stored in this object. - * pairwise_test Set to non zero to perform a pairwise test. If the test - * fails then the keypair is not generated, - * Returns 1 if the keypair was generated or 0 otherwise. - */ -static int ec_generate_key(EC_KEY *eckey, int pairwise_test) -{ - int ok = 0; - BIGNUM *priv_key = NULL; - const BIGNUM *tmp = NULL; - BIGNUM *order = NULL; - EC_POINT *pub_key = NULL; - const EC_GROUP *group = eckey->group; - BN_CTX *ctx = BN_CTX_secure_new_ex(eckey->libctx); - int sm2 = EC_KEY_get_flags(eckey) & EC_FLAG_SM2_RANGE ? 1 : 0; - - if (ctx == NULL) - goto err; - - if (eckey->priv_key == NULL) { - priv_key = BN_secure_new(); - if (priv_key == NULL) - goto err; - } else - priv_key = eckey->priv_key; - - /* - * Steps (1-2): Check domain parameters and security strength. - * These steps must be done by the user. This would need to be - * stated in the security policy. - */ - - tmp = EC_GROUP_get0_order(group); - if (tmp == NULL) - goto err; - - /* - * Steps (3-7): priv_key = DRBG_RAND(order_n_bits) (range [1, n-1]). - * Although this is slightly different from the standard, it is effectively - * equivalent as it gives an unbiased result ranging from 1..n-1. It is also - * faster as the standard needs to retry more often. Also doing - * 1 + rand[0..n-2] would effect the way that tests feed dummy entropy into - * rand so the simpler backward compatible method has been used here. - */ - - /* range of SM2 private key is [1, n-1) */ - if (sm2) { - order = BN_new(); - if (order == NULL || !BN_sub(order, tmp, BN_value_one())) - goto err; - } else { - order = BN_dup(tmp); - if (order == NULL) - goto err; - } - - do - if (!BN_priv_rand_range_ex(priv_key, order, 0, ctx)) - goto err; - while (BN_is_zero(priv_key)) ; - - if (eckey->pub_key == NULL) { - pub_key = EC_POINT_new(group); - if (pub_key == NULL) - goto err; - } else - pub_key = eckey->pub_key; - - /* Step (8) : pub_key = priv_key * G (where G is a point on the curve) */ - if (!EC_POINT_mul(group, pub_key, priv_key, NULL, NULL, ctx)) - goto err; - - eckey->priv_key = priv_key; - eckey->pub_key = pub_key; - priv_key = NULL; - pub_key = NULL; - - eckey->dirty_cnt++; - -#ifdef FIPS_MODULE - pairwise_test = 1; -#endif /* FIPS_MODULE */ - - ok = 1; - if (pairwise_test) { - OSSL_CALLBACK *cb = NULL; - void *cbarg = NULL; - - OSSL_SELF_TEST_get_callback(eckey->libctx, &cb, &cbarg); - ok = ecdsa_keygen_pairwise_test(eckey, cb, cbarg); - } -err: - /* Step (9): If there is an error return an invalid keypair. */ - if (!ok) { - ossl_set_error_state(OSSL_SELF_TEST_TYPE_PCT); - BN_clear(eckey->priv_key); - if (eckey->pub_key != NULL) - EC_POINT_set_to_infinity(group, eckey->pub_key); - } - - EC_POINT_free(pub_key); - BN_clear_free(priv_key); - BN_CTX_free(ctx); - BN_free(order); - return ok; -} - -int ossl_ec_key_simple_generate_key(EC_KEY *eckey) -{ - return ec_generate_key(eckey, 0); -} - -int ossl_ec_key_simple_generate_public_key(EC_KEY *eckey) -{ - int ret; - BN_CTX *ctx = BN_CTX_new_ex(eckey->libctx); - - if (ctx == NULL) - return 0; - - /* - * See SP800-56AR3 5.6.1.2.2: Step (8) - * pub_key = priv_key * G (where G is a point on the curve) - */ - ret = EC_POINT_mul(eckey->group, eckey->pub_key, eckey->priv_key, NULL, - NULL, ctx); - - BN_CTX_free(ctx); - if (ret == 1) - eckey->dirty_cnt++; - - return ret; -} - -int EC_KEY_check_key(const EC_KEY *eckey) -{ - if (eckey == NULL || eckey->group == NULL || eckey->pub_key == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - - if (eckey->group->meth->keycheck == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return 0; - } - - return eckey->group->meth->keycheck(eckey); -} - -/* - * Check the range of the EC public key. - * See SP800-56A R3 Section 5.6.2.3.3 (Part 2) - * i.e. - * - If q = odd prime p: Verify that xQ and yQ are integers in the - * interval[0, p - 1], OR - * - If q = 2m: Verify that xQ and yQ are bit strings of length m bits. - * Returns 1 if the public key has a valid range, otherwise it returns 0. - */ -static int ec_key_public_range_check(BN_CTX *ctx, const EC_KEY *key) -{ - int ret = 0; - BIGNUM *x, *y; - - BN_CTX_start(ctx); - x = BN_CTX_get(ctx); - y = BN_CTX_get(ctx); - if (y == NULL) - goto err; - - if (!EC_POINT_get_affine_coordinates(key->group, key->pub_key, x, y, ctx)) - goto err; - - if (EC_GROUP_get_field_type(key->group) == NID_X9_62_prime_field) { - if (BN_is_negative(x) - || BN_cmp(x, key->group->field) >= 0 - || BN_is_negative(y) - || BN_cmp(y, key->group->field) >= 0) { - goto err; - } - } else { - int m = EC_GROUP_get_degree(key->group); - if (BN_num_bits(x) > m || BN_num_bits(y) > m) { - goto err; - } - } - ret = 1; -err: - BN_CTX_end(ctx); - return ret; -} - -/* - * ECC Partial Public-Key Validation as specified in SP800-56A R3 - * Section 5.6.2.3.4 ECC Partial Public-Key Validation Routine. - */ -int ossl_ec_key_public_check_quick(const EC_KEY *eckey, BN_CTX *ctx) -{ - if (eckey == NULL || eckey->group == NULL || eckey->pub_key == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - - /* 5.6.2.3.3 (Step 1): Q != infinity */ - if (EC_POINT_is_at_infinity(eckey->group, eckey->pub_key)) { - ERR_raise(ERR_LIB_EC, EC_R_POINT_AT_INFINITY); - return 0; - } - - /* 5.6.2.3.3 (Step 2) Test if the public key is in range */ - if (!ec_key_public_range_check(ctx, eckey)) { - ERR_raise(ERR_LIB_EC, EC_R_COORDINATES_OUT_OF_RANGE); - return 0; - } - - /* 5.6.2.3.3 (Step 3) is the pub_key on the elliptic curve */ - if (EC_POINT_is_on_curve(eckey->group, eckey->pub_key, ctx) <= 0) { - ERR_raise(ERR_LIB_EC, EC_R_POINT_IS_NOT_ON_CURVE); - return 0; - } - return 1; -} - -/* - * ECC Key validation as specified in SP800-56A R3. - * Section 5.6.2.3.3 ECC Full Public-Key Validation Routine. - */ -int ossl_ec_key_public_check(const EC_KEY *eckey, BN_CTX *ctx) -{ - int ret = 0; - EC_POINT *point = NULL; - const BIGNUM *order = NULL; - - if (!ossl_ec_key_public_check_quick(eckey, ctx)) - return 0; - - point = EC_POINT_new(eckey->group); - if (point == NULL) - return 0; - - order = eckey->group->order; - if (BN_is_zero(order)) { - ERR_raise(ERR_LIB_EC, EC_R_INVALID_GROUP_ORDER); - goto err; - } - /* 5.6.2.3.3 (Step 4) : pub_key * order is the point at infinity. */ - if (!EC_POINT_mul(eckey->group, point, NULL, eckey->pub_key, order, ctx)) { - ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); - goto err; - } - if (!EC_POINT_is_at_infinity(eckey->group, point)) { - ERR_raise(ERR_LIB_EC, EC_R_WRONG_ORDER); - goto err; - } - ret = 1; -err: - EC_POINT_free(point); - return ret; -} - -/* - * ECC Key validation as specified in SP800-56A R3. - * Section 5.6.2.1.2 Owner Assurance of Private-Key Validity - * The private key is in the range [1, order-1] - */ -int ossl_ec_key_private_check(const EC_KEY *eckey) -{ - if (eckey == NULL || eckey->group == NULL || eckey->priv_key == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - if (BN_cmp(eckey->priv_key, BN_value_one()) < 0 - || BN_cmp(eckey->priv_key, eckey->group->order) >= 0) { - ERR_raise(ERR_LIB_EC, EC_R_INVALID_PRIVATE_KEY); - return 0; - } - return 1; -} - -/* - * ECC Key validation as specified in SP800-56A R3. - * Section 5.6.2.1.4 Owner Assurance of Pair-wise Consistency (b) - * Check if generator * priv_key = pub_key - */ -int ossl_ec_key_pairwise_check(const EC_KEY *eckey, BN_CTX *ctx) -{ - int ret = 0; - EC_POINT *point = NULL; - - if (eckey == NULL - || eckey->group == NULL - || eckey->pub_key == NULL - || eckey->priv_key == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - - point = EC_POINT_new(eckey->group); - if (point == NULL) - goto err; - - - if (!EC_POINT_mul(eckey->group, point, eckey->priv_key, NULL, NULL, ctx)) { - ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); - goto err; - } - if (EC_POINT_cmp(eckey->group, point, eckey->pub_key, ctx) != 0) { - ERR_raise(ERR_LIB_EC, EC_R_INVALID_PRIVATE_KEY); - goto err; - } - ret = 1; -err: - EC_POINT_free(point); - return ret; -} - - -/* - * ECC Key validation as specified in SP800-56A R3. - * Section 5.6.2.3.3 ECC Full Public-Key Validation - * Section 5.6.2.1.2 Owner Assurance of Private-Key Validity - * Section 5.6.2.1.4 Owner Assurance of Pair-wise Consistency - * NOTES: - * Before calling this method in fips mode, there should be an assurance that - * an approved elliptic-curve group is used. - * Returns 1 if the key is valid, otherwise it returns 0. - */ -int ossl_ec_key_simple_check_key(const EC_KEY *eckey) -{ - int ok = 0; - BN_CTX *ctx = NULL; - - if (eckey == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - if ((ctx = BN_CTX_new_ex(eckey->libctx)) == NULL) - return 0; - - if (!ossl_ec_key_public_check(eckey, ctx)) - goto err; - - if (eckey->priv_key != NULL) { - if (!ossl_ec_key_private_check(eckey) - || !ossl_ec_key_pairwise_check(eckey, ctx)) - goto err; - } - ok = 1; -err: - BN_CTX_free(ctx); - return ok; -} - -int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, BIGNUM *x, - BIGNUM *y) -{ - BN_CTX *ctx = NULL; - BIGNUM *tx, *ty; - EC_POINT *point = NULL; - int ok = 0; - - if (key == NULL || key->group == NULL || x == NULL || y == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - ctx = BN_CTX_new_ex(key->libctx); - if (ctx == NULL) - return 0; - - BN_CTX_start(ctx); - point = EC_POINT_new(key->group); - - if (point == NULL) - goto err; - - tx = BN_CTX_get(ctx); - ty = BN_CTX_get(ctx); - if (ty == NULL) - goto err; - - if (!EC_POINT_set_affine_coordinates(key->group, point, x, y, ctx)) - goto err; - if (!EC_POINT_get_affine_coordinates(key->group, point, tx, ty, ctx)) - goto err; - - /* - * Check if retrieved coordinates match originals. The range check is done - * inside EC_KEY_check_key(). - */ - if (BN_cmp(x, tx) || BN_cmp(y, ty)) { - ERR_raise(ERR_LIB_EC, EC_R_COORDINATES_OUT_OF_RANGE); - goto err; - } - - /* EC_KEY_set_public_key updates dirty_cnt */ - if (!EC_KEY_set_public_key(key, point)) - goto err; - - if (EC_KEY_check_key(key) == 0) - goto err; - - ok = 1; - - err: - BN_CTX_end(ctx); - BN_CTX_free(ctx); - EC_POINT_free(point); - return ok; - -} - -OSSL_LIB_CTX *ossl_ec_key_get_libctx(const EC_KEY *key) -{ - return key->libctx; -} - -const char *ossl_ec_key_get0_propq(const EC_KEY *key) -{ - return key->propq; -} - -void ossl_ec_key_set0_libctx(EC_KEY *key, OSSL_LIB_CTX *libctx) -{ - key->libctx = libctx; - /* Do we need to propagate this to the group? */ -} - -const EC_GROUP *EC_KEY_get0_group(const EC_KEY *key) -{ - return key->group; -} - -int EC_KEY_set_group(EC_KEY *key, const EC_GROUP *group) -{ - if (key->meth->set_group != NULL && key->meth->set_group(key, group) == 0) - return 0; - EC_GROUP_free(key->group); - key->group = EC_GROUP_dup(group); - if (key->group != NULL && EC_GROUP_get_curve_name(key->group) == NID_sm2) - EC_KEY_set_flags(key, EC_FLAG_SM2_RANGE); - - key->dirty_cnt++; - return (key->group == NULL) ? 0 : 1; -} - -const BIGNUM *EC_KEY_get0_private_key(const EC_KEY *key) -{ - return key->priv_key; -} - -int EC_KEY_set_private_key(EC_KEY *key, const BIGNUM *priv_key) -{ - int fixed_top; - const BIGNUM *order = NULL; - BIGNUM *tmp_key = NULL; - - if (key->group == NULL || key->group->meth == NULL) - return 0; - - /* - * Not only should key->group be set, but it should also be in a valid - * fully initialized state. - * - * Specifically, to operate in constant time, we need that the group order - * is set, as we use its length as the fixed public size of any scalar used - * as an EC private key. - */ - order = EC_GROUP_get0_order(key->group); - if (order == NULL || BN_is_zero(order)) - return 0; /* This should never happen */ - - if (key->group->meth->set_private != NULL - && key->group->meth->set_private(key, priv_key) == 0) - return 0; - if (key->meth->set_private != NULL - && key->meth->set_private(key, priv_key) == 0) - return 0; - - /* - * Return `0` to comply with legacy behavior for this function, see - * https://github.com/openssl/openssl/issues/18744#issuecomment-1195175696 - */ - if (priv_key == NULL) { - BN_clear_free(key->priv_key); - key->priv_key = NULL; - return 0; /* intentional for legacy compatibility */ - } - - /* - * We should never leak the bit length of the secret scalar in the key, - * so we always set the `BN_FLG_CONSTTIME` flag on the internal `BIGNUM` - * holding the secret scalar. - * - * This is important also because `BN_dup()` (and `BN_copy()`) do not - * propagate the `BN_FLG_CONSTTIME` flag from the source `BIGNUM`, and - * this brings an extra risk of inadvertently losing the flag, even when - * the caller specifically set it. - * - * The propagation has been turned on and off a few times in the past - * years because in some conditions has shown unintended consequences in - * some code paths, so at the moment we can't fix this in the BN layer. - * - * In `EC_KEY_set_private_key()` we can work around the propagation by - * manually setting the flag after `BN_dup()` as we know for sure that - * inside the EC module the `BN_FLG_CONSTTIME` is always treated - * correctly and should not generate unintended consequences. - * - * Setting the BN_FLG_CONSTTIME flag alone is never enough, we also have - * to preallocate the BIGNUM internal buffer to a fixed public size big - * enough that operations performed during the processing never trigger - * a realloc which would leak the size of the scalar through memory - * accesses. - * - * Fixed Length - * ------------ - * - * The order of the large prime subgroup of the curve is our choice for - * a fixed public size, as that is generally the upper bound for - * generating a private key in EC cryptosystems and should fit all valid - * secret scalars. - * - * For preallocating the BIGNUM storage we look at the number of "words" - * required for the internal representation of the order, and we - * preallocate 2 extra "words" in case any of the subsequent processing - * might temporarily overflow the order length. - */ - tmp_key = BN_dup(priv_key); - if (tmp_key == NULL) - return 0; - - BN_set_flags(tmp_key, BN_FLG_CONSTTIME); - - fixed_top = bn_get_top(order) + 2; - if (bn_wexpand(tmp_key, fixed_top) == NULL) { - BN_clear_free(tmp_key); - return 0; - } - - BN_clear_free(key->priv_key); - key->priv_key = tmp_key; - key->dirty_cnt++; - - return 1; -} - -const EC_POINT *EC_KEY_get0_public_key(const EC_KEY *key) -{ - return key->pub_key; -} - -int EC_KEY_set_public_key(EC_KEY *key, const EC_POINT *pub_key) -{ - if (key->meth->set_public != NULL - && key->meth->set_public(key, pub_key) == 0) - return 0; - EC_POINT_free(key->pub_key); - key->pub_key = EC_POINT_dup(pub_key, key->group); - key->dirty_cnt++; - return (key->pub_key == NULL) ? 0 : 1; -} - -unsigned int EC_KEY_get_enc_flags(const EC_KEY *key) -{ - return key->enc_flag; -} - -void EC_KEY_set_enc_flags(EC_KEY *key, unsigned int flags) -{ - key->enc_flag = flags; -} - -point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *key) -{ - return key->conv_form; -} - -void EC_KEY_set_conv_form(EC_KEY *key, point_conversion_form_t cform) -{ - key->conv_form = cform; - if (key->group != NULL) - EC_GROUP_set_point_conversion_form(key->group, cform); -} - -void EC_KEY_set_asn1_flag(EC_KEY *key, int flag) -{ - if (key->group != NULL) - EC_GROUP_set_asn1_flag(key->group, flag); -} - -#ifndef OPENSSL_NO_DEPRECATED_3_0 -int EC_KEY_precompute_mult(EC_KEY *key, BN_CTX *ctx) -{ - if (key->group == NULL) - return 0; - return EC_GROUP_precompute_mult(key->group, ctx); -} -#endif - -int EC_KEY_get_flags(const EC_KEY *key) -{ - return key->flags; -} - -void EC_KEY_set_flags(EC_KEY *key, int flags) -{ - key->flags |= flags; - key->dirty_cnt++; -} - -void EC_KEY_clear_flags(EC_KEY *key, int flags) -{ - key->flags &= ~flags; - key->dirty_cnt++; -} - -int EC_KEY_decoded_from_explicit_params(const EC_KEY *key) -{ - if (key == NULL || key->group == NULL) - return -1; - return key->group->decoded_from_explicit_params; -} - -size_t EC_KEY_key2buf(const EC_KEY *key, point_conversion_form_t form, - unsigned char **pbuf, BN_CTX *ctx) -{ - if (key == NULL || key->pub_key == NULL || key->group == NULL) - return 0; - return EC_POINT_point2buf(key->group, key->pub_key, form, pbuf, ctx); -} - -int EC_KEY_oct2key(EC_KEY *key, const unsigned char *buf, size_t len, - BN_CTX *ctx) -{ - if (key == NULL || key->group == NULL) - return 0; - if (key->pub_key == NULL) - key->pub_key = EC_POINT_new(key->group); - if (key->pub_key == NULL) - return 0; - if (EC_POINT_oct2point(key->group, key->pub_key, buf, len, ctx) == 0) - return 0; - key->dirty_cnt++; - /* - * Save the point conversion form. - * For non-custom curves the first octet of the buffer (excluding - * the last significant bit) contains the point conversion form. - * EC_POINT_oct2point() has already performed sanity checking of - * the buffer so we know it is valid. - */ - if ((key->group->meth->flags & EC_FLAGS_CUSTOM_CURVE) == 0) - key->conv_form = (point_conversion_form_t)(buf[0] & ~0x01); - return 1; -} - -size_t EC_KEY_priv2oct(const EC_KEY *eckey, - unsigned char *buf, size_t len) -{ - if (eckey->group == NULL || eckey->group->meth == NULL) - return 0; - if (eckey->group->meth->priv2oct == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return 0; - } - - return eckey->group->meth->priv2oct(eckey, buf, len); -} - -size_t ossl_ec_key_simple_priv2oct(const EC_KEY *eckey, - unsigned char *buf, size_t len) -{ - size_t buf_len; - - buf_len = (EC_GROUP_order_bits(eckey->group) + 7) / 8; - if (eckey->priv_key == NULL) - return 0; - if (buf == NULL) - return buf_len; - else if (len < buf_len) - return 0; - - /* Octetstring may need leading zeros if BN is to short */ - - if (BN_bn2binpad(eckey->priv_key, buf, buf_len) == -1) { - ERR_raise(ERR_LIB_EC, EC_R_BUFFER_TOO_SMALL); - return 0; - } - - return buf_len; -} - -int EC_KEY_oct2priv(EC_KEY *eckey, const unsigned char *buf, size_t len) -{ - int ret; - - if (eckey->group == NULL || eckey->group->meth == NULL) - return 0; - if (eckey->group->meth->oct2priv == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return 0; - } - ret = eckey->group->meth->oct2priv(eckey, buf, len); - if (ret == 1) - eckey->dirty_cnt++; - return ret; -} - -int ossl_ec_key_simple_oct2priv(EC_KEY *eckey, const unsigned char *buf, - size_t len) -{ - if (eckey->priv_key == NULL) - eckey->priv_key = BN_secure_new(); - if (eckey->priv_key == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); - return 0; - } - if (BN_bin2bn(buf, len, eckey->priv_key) == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); - return 0; - } - eckey->dirty_cnt++; - return 1; -} - -size_t EC_KEY_priv2buf(const EC_KEY *eckey, unsigned char **pbuf) -{ - size_t len; - unsigned char *buf; - - len = EC_KEY_priv2oct(eckey, NULL, 0); - if (len == 0) - return 0; - if ((buf = OPENSSL_malloc(len)) == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); - return 0; - } - len = EC_KEY_priv2oct(eckey, buf, len); - if (len == 0) { - OPENSSL_free(buf); - return 0; - } - *pbuf = buf; - return len; -} - -int EC_KEY_can_sign(const EC_KEY *eckey) -{ - if (eckey->group == NULL || eckey->group->meth == NULL - || (eckey->group->meth->flags & EC_FLAGS_NO_SIGN)) - return 0; - return 1; -} - -/* - * FIPS 140-2 IG 9.9 AS09.33 - * Perform a sign/verify operation. - * - * NOTE: When generating keys for key-agreement schemes - FIPS 140-2 IG 9.9 - * states that no additional pairwise tests are required (apart from the tests - * specified in SP800-56A) when generating keys. Hence pairwise ECDH tests are - * omitted here. - */ -static int ecdsa_keygen_pairwise_test(EC_KEY *eckey, OSSL_CALLBACK *cb, - void *cbarg) -{ - int ret = 0; - unsigned char dgst[16] = {0}; - int dgst_len = (int)sizeof(dgst); - ECDSA_SIG *sig = NULL; - OSSL_SELF_TEST *st = NULL; - - st = OSSL_SELF_TEST_new(cb, cbarg); - if (st == NULL) - return 0; - - OSSL_SELF_TEST_onbegin(st, OSSL_SELF_TEST_TYPE_PCT, - OSSL_SELF_TEST_DESC_PCT_ECDSA); - - sig = ECDSA_do_sign(dgst, dgst_len, eckey); - if (sig == NULL) - goto err; - - OSSL_SELF_TEST_oncorrupt_byte(st, dgst); - - if (ECDSA_do_verify(dgst, dgst_len, sig, eckey) != 1) - goto err; - - ret = 1; -err: - OSSL_SELF_TEST_onend(st, ret); - OSSL_SELF_TEST_free(st); - ECDSA_SIG_free(sig); - return ret; -} diff --git a/crypto/ec/ec_kmeth.c b/crypto/ec/ec_kmeth.c deleted file mode 100644 index 8c011635cb4283d79bc614546f35f73c9738da57..0000000000000000000000000000000000000000 --- a/crypto/ec/ec_kmeth.c +++ /dev/null @@ -1,344 +0,0 @@ -/* - * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * ECDH and ECDSA low level APIs are deprecated for public use, but still ok - * for internal use. - */ -#include "internal/deprecated.h" - -#include -#include -#ifndef FIPS_MODULE -# include -#endif -#include -#include "ec_local.h" - - -static const EC_KEY_METHOD openssl_ec_key_method = { - "OpenSSL EC_KEY method", - 0, - 0,0,0,0,0,0, - ossl_ec_key_gen, - ossl_ecdh_compute_key, - ossl_ecdsa_sign, - ossl_ecdsa_sign_setup, - ossl_ecdsa_sign_sig, - ossl_ecdsa_verify, - ossl_ecdsa_verify_sig -}; - -static const EC_KEY_METHOD *default_ec_key_meth = &openssl_ec_key_method; - -const EC_KEY_METHOD *EC_KEY_OpenSSL(void) -{ - return &openssl_ec_key_method; -} - -const EC_KEY_METHOD *EC_KEY_get_default_method(void) -{ - return default_ec_key_meth; -} - -void EC_KEY_set_default_method(const EC_KEY_METHOD *meth) -{ - if (meth == NULL) - default_ec_key_meth = &openssl_ec_key_method; - else - default_ec_key_meth = meth; -} - -const EC_KEY_METHOD *EC_KEY_get_method(const EC_KEY *key) -{ - return key->meth; -} - -int EC_KEY_set_method(EC_KEY *key, const EC_KEY_METHOD *meth) -{ - void (*finish)(EC_KEY *key) = key->meth->finish; - - if (finish != NULL) - finish(key); - -#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE) - ENGINE_finish(key->engine); - key->engine = NULL; -#endif - - key->meth = meth; - if (meth->init != NULL) - return meth->init(key); - return 1; -} - -EC_KEY *ossl_ec_key_new_method_int(OSSL_LIB_CTX *libctx, const char *propq, - ENGINE *engine) -{ - EC_KEY *ret = OPENSSL_zalloc(sizeof(*ret)); - - if (ret == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); - return NULL; - } - - ret->libctx = libctx; - if (propq != NULL) { - ret->propq = OPENSSL_strdup(propq); - if (ret->propq == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); - goto err; - } - } - - ret->references = 1; - ret->lock = CRYPTO_THREAD_lock_new(); - if (ret->lock == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); - goto err; - } - - ret->meth = EC_KEY_get_default_method(); -#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE) - if (engine != NULL) { - if (!ENGINE_init(engine)) { - ERR_raise(ERR_LIB_EC, ERR_R_ENGINE_LIB); - goto err; - } - ret->engine = engine; - } else - ret->engine = ENGINE_get_default_EC(); - if (ret->engine != NULL) { - ret->meth = ENGINE_get_EC(ret->engine); - if (ret->meth == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_ENGINE_LIB); - goto err; - } - } -#endif - - ret->version = 1; - ret->conv_form = POINT_CONVERSION_UNCOMPRESSED; - -/* No ex_data inside the FIPS provider */ -#ifndef FIPS_MODULE - if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_EC_KEY, ret, &ret->ex_data)) { - goto err; - } -#endif - - if (ret->meth->init != NULL && ret->meth->init(ret) == 0) { - ERR_raise(ERR_LIB_EC, ERR_R_INIT_FAIL); - goto err; - } - return ret; - - err: - EC_KEY_free(ret); - return NULL; -} - -#ifndef FIPS_MODULE -EC_KEY *EC_KEY_new_method(ENGINE *engine) -{ - return ossl_ec_key_new_method_int(NULL, NULL, engine); -} -#endif - -int ECDH_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, - const EC_KEY *eckey, - void *(*KDF) (const void *in, size_t inlen, void *out, - size_t *outlen)) -{ - unsigned char *sec = NULL; - size_t seclen; - if (eckey->meth->compute_key == NULL) { - ERR_raise(ERR_LIB_EC, EC_R_OPERATION_NOT_SUPPORTED); - return 0; - } - if (outlen > INT_MAX) { - ERR_raise(ERR_LIB_EC, EC_R_INVALID_OUTPUT_LENGTH); - return 0; - } - if (!eckey->meth->compute_key(&sec, &seclen, pub_key, eckey)) - return 0; - if (KDF != NULL) { - KDF(sec, seclen, out, &outlen); - } else { - if (outlen > seclen) - outlen = seclen; - memcpy(out, sec, outlen); - } - OPENSSL_clear_free(sec, seclen); - return outlen; -} - -EC_KEY_METHOD *EC_KEY_METHOD_new(const EC_KEY_METHOD *meth) -{ - EC_KEY_METHOD *ret = OPENSSL_zalloc(sizeof(*meth)); - - if (ret == NULL) - return NULL; - if (meth != NULL) - *ret = *meth; - ret->flags |= EC_KEY_METHOD_DYNAMIC; - return ret; -} - -void EC_KEY_METHOD_free(EC_KEY_METHOD *meth) -{ - if (meth->flags & EC_KEY_METHOD_DYNAMIC) - OPENSSL_free(meth); -} - -void EC_KEY_METHOD_set_init(EC_KEY_METHOD *meth, - int (*init)(EC_KEY *key), - void (*finish)(EC_KEY *key), - int (*copy)(EC_KEY *dest, const EC_KEY *src), - int (*set_group)(EC_KEY *key, const EC_GROUP *grp), - int (*set_private)(EC_KEY *key, - const BIGNUM *priv_key), - int (*set_public)(EC_KEY *key, - const EC_POINT *pub_key)) -{ - meth->init = init; - meth->finish = finish; - meth->copy = copy; - meth->set_group = set_group; - meth->set_private = set_private; - meth->set_public = set_public; -} - -void EC_KEY_METHOD_set_keygen(EC_KEY_METHOD *meth, - int (*keygen)(EC_KEY *key)) -{ - meth->keygen = keygen; -} - -void EC_KEY_METHOD_set_compute_key(EC_KEY_METHOD *meth, - int (*ckey)(unsigned char **psec, - size_t *pseclen, - const EC_POINT *pub_key, - const EC_KEY *ecdh)) -{ - meth->compute_key = ckey; -} - -void EC_KEY_METHOD_set_sign(EC_KEY_METHOD *meth, - int (*sign)(int type, const unsigned char *dgst, - int dlen, unsigned char *sig, - unsigned int *siglen, - const BIGNUM *kinv, const BIGNUM *r, - EC_KEY *eckey), - int (*sign_setup)(EC_KEY *eckey, BN_CTX *ctx_in, - BIGNUM **kinvp, BIGNUM **rp), - ECDSA_SIG *(*sign_sig)(const unsigned char *dgst, - int dgst_len, - const BIGNUM *in_kinv, - const BIGNUM *in_r, - EC_KEY *eckey)) -{ - meth->sign = sign; - meth->sign_setup = sign_setup; - meth->sign_sig = sign_sig; -} - -void EC_KEY_METHOD_set_verify(EC_KEY_METHOD *meth, - int (*verify)(int type, const unsigned - char *dgst, int dgst_len, - const unsigned char *sigbuf, - int sig_len, EC_KEY *eckey), - int (*verify_sig)(const unsigned char *dgst, - int dgst_len, - const ECDSA_SIG *sig, - EC_KEY *eckey)) -{ - meth->verify = verify; - meth->verify_sig = verify_sig; -} - -void EC_KEY_METHOD_get_init(const EC_KEY_METHOD *meth, - int (**pinit)(EC_KEY *key), - void (**pfinish)(EC_KEY *key), - int (**pcopy)(EC_KEY *dest, const EC_KEY *src), - int (**pset_group)(EC_KEY *key, - const EC_GROUP *grp), - int (**pset_private)(EC_KEY *key, - const BIGNUM *priv_key), - int (**pset_public)(EC_KEY *key, - const EC_POINT *pub_key)) -{ - if (pinit != NULL) - *pinit = meth->init; - if (pfinish != NULL) - *pfinish = meth->finish; - if (pcopy != NULL) - *pcopy = meth->copy; - if (pset_group != NULL) - *pset_group = meth->set_group; - if (pset_private != NULL) - *pset_private = meth->set_private; - if (pset_public != NULL) - *pset_public = meth->set_public; -} - -void EC_KEY_METHOD_get_keygen(const EC_KEY_METHOD *meth, - int (**pkeygen)(EC_KEY *key)) -{ - if (pkeygen != NULL) - *pkeygen = meth->keygen; -} - -void EC_KEY_METHOD_get_compute_key(const EC_KEY_METHOD *meth, - int (**pck)(unsigned char **pout, - size_t *poutlen, - const EC_POINT *pub_key, - const EC_KEY *ecdh)) -{ - if (pck != NULL) - *pck = meth->compute_key; -} - -void EC_KEY_METHOD_get_sign(const EC_KEY_METHOD *meth, - int (**psign)(int type, const unsigned char *dgst, - int dlen, unsigned char *sig, - unsigned int *siglen, - const BIGNUM *kinv, const BIGNUM *r, - EC_KEY *eckey), - int (**psign_setup)(EC_KEY *eckey, BN_CTX *ctx_in, - BIGNUM **kinvp, BIGNUM **rp), - ECDSA_SIG *(**psign_sig)(const unsigned char *dgst, - int dgst_len, - const BIGNUM *in_kinv, - const BIGNUM *in_r, - EC_KEY *eckey)) -{ - if (psign != NULL) - *psign = meth->sign; - if (psign_setup != NULL) - *psign_setup = meth->sign_setup; - if (psign_sig != NULL) - *psign_sig = meth->sign_sig; -} - -void EC_KEY_METHOD_get_verify(const EC_KEY_METHOD *meth, - int (**pverify)(int type, const unsigned - char *dgst, int dgst_len, - const unsigned char *sigbuf, - int sig_len, EC_KEY *eckey), - int (**pverify_sig)(const unsigned char *dgst, - int dgst_len, - const ECDSA_SIG *sig, - EC_KEY *eckey)) -{ - if (pverify != NULL) - *pverify = meth->verify; - if (pverify_sig != NULL) - *pverify_sig = meth->verify_sig; -} diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c deleted file mode 100644 index b1696d93bd6dd0dab0d613e41fe5e1c78fbbd665..0000000000000000000000000000000000000000 --- a/crypto/ec/ec_lib.c +++ /dev/null @@ -1,1760 +0,0 @@ -/* - * Copyright 2001-2022 The OpenSSL Project Authors. All Rights Reserved. - * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * EC_GROUP low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include -#include -#include -#include -#include -#include "crypto/ec.h" -#include "internal/nelem.h" -#include "ec_local.h" - -/* functions for EC_GROUP objects */ - -EC_GROUP *ossl_ec_group_new_ex(OSSL_LIB_CTX *libctx, const char *propq, - const EC_METHOD *meth) -{ - EC_GROUP *ret; - - if (meth == NULL) { - ERR_raise(ERR_LIB_EC, EC_R_SLOT_FULL); - return NULL; - } - if (meth->group_init == 0) { - ERR_raise(ERR_LIB_EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return NULL; - } - - ret = OPENSSL_zalloc(sizeof(*ret)); - if (ret == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); - return NULL; - } - - ret->libctx = libctx; - if (propq != NULL) { - ret->propq = OPENSSL_strdup(propq); - if (ret->propq == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); - goto err; - } - } - ret->meth = meth; - if ((ret->meth->flags & EC_FLAGS_CUSTOM_CURVE) == 0) { - ret->order = BN_new(); - if (ret->order == NULL) - goto err; - ret->cofactor = BN_new(); - if (ret->cofactor == NULL) - goto err; - } - ret->asn1_flag = OPENSSL_EC_EXPLICIT_CURVE; - ret->asn1_form = POINT_CONVERSION_UNCOMPRESSED; - if (!meth->group_init(ret)) - goto err; - return ret; - - err: - BN_free(ret->order); - BN_free(ret->cofactor); - OPENSSL_free(ret->propq); - OPENSSL_free(ret); - return NULL; -} - -#ifndef OPENSSL_NO_DEPRECATED_3_0 -# ifndef FIPS_MODULE -EC_GROUP *EC_GROUP_new(const EC_METHOD *meth) -{ - return ossl_ec_group_new_ex(NULL, NULL, meth); -} -# endif -#endif - -void EC_pre_comp_free(EC_GROUP *group) -{ - switch (group->pre_comp_type) { - case PCT_none: - break; - case PCT_nistz256: -#ifdef ECP_NISTZ256_ASM - EC_nistz256_pre_comp_free(group->pre_comp.nistz256); -#endif - break; -#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 - case PCT_nistp224: - EC_nistp224_pre_comp_free(group->pre_comp.nistp224); - break; - case PCT_nistp256: - EC_nistp256_pre_comp_free(group->pre_comp.nistp256); - break; - case PCT_nistp521: - EC_nistp521_pre_comp_free(group->pre_comp.nistp521); - break; -#else - case PCT_nistp224: - case PCT_nistp256: - case PCT_nistp521: - break; -#endif - case PCT_ec: - EC_ec_pre_comp_free(group->pre_comp.ec); - break; - } - group->pre_comp.ec = NULL; -} - -void EC_GROUP_free(EC_GROUP *group) -{ - if (!group) - return; - - if (group->meth->group_finish != 0) - group->meth->group_finish(group); - - EC_pre_comp_free(group); - BN_MONT_CTX_free(group->mont_data); - EC_POINT_free(group->generator); - BN_free(group->order); - BN_free(group->cofactor); - OPENSSL_free(group->seed); - OPENSSL_free(group->propq); - OPENSSL_free(group); -} - -#ifndef OPENSSL_NO_DEPRECATED_3_0 -void EC_GROUP_clear_free(EC_GROUP *group) -{ - if (!group) - return; - - if (group->meth->group_clear_finish != 0) - group->meth->group_clear_finish(group); - else if (group->meth->group_finish != 0) - group->meth->group_finish(group); - - EC_pre_comp_free(group); - BN_MONT_CTX_free(group->mont_data); - EC_POINT_clear_free(group->generator); - BN_clear_free(group->order); - BN_clear_free(group->cofactor); - OPENSSL_clear_free(group->seed, group->seed_len); - OPENSSL_clear_free(group, sizeof(*group)); -} -#endif - -int EC_GROUP_copy(EC_GROUP *dest, const EC_GROUP *src) -{ - if (dest->meth->group_copy == 0) { - ERR_raise(ERR_LIB_EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return 0; - } - if (dest->meth != src->meth) { - ERR_raise(ERR_LIB_EC, EC_R_INCOMPATIBLE_OBJECTS); - return 0; - } - if (dest == src) - return 1; - - dest->libctx = src->libctx; - dest->curve_name = src->curve_name; - - /* Copy precomputed */ - dest->pre_comp_type = src->pre_comp_type; - switch (src->pre_comp_type) { - case PCT_none: - dest->pre_comp.ec = NULL; - break; - case PCT_nistz256: -#ifdef ECP_NISTZ256_ASM - dest->pre_comp.nistz256 = EC_nistz256_pre_comp_dup(src->pre_comp.nistz256); -#endif - break; -#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 - case PCT_nistp224: - dest->pre_comp.nistp224 = EC_nistp224_pre_comp_dup(src->pre_comp.nistp224); - break; - case PCT_nistp256: - dest->pre_comp.nistp256 = EC_nistp256_pre_comp_dup(src->pre_comp.nistp256); - break; - case PCT_nistp521: - dest->pre_comp.nistp521 = EC_nistp521_pre_comp_dup(src->pre_comp.nistp521); - break; -#else - case PCT_nistp224: - case PCT_nistp256: - case PCT_nistp521: - break; -#endif - case PCT_ec: - dest->pre_comp.ec = EC_ec_pre_comp_dup(src->pre_comp.ec); - break; - } - - if (src->mont_data != NULL) { - if (dest->mont_data == NULL) { - dest->mont_data = BN_MONT_CTX_new(); - if (dest->mont_data == NULL) - return 0; - } - if (!BN_MONT_CTX_copy(dest->mont_data, src->mont_data)) - return 0; - } else { - /* src->generator == NULL */ - BN_MONT_CTX_free(dest->mont_data); - dest->mont_data = NULL; - } - - if (src->generator != NULL) { - if (dest->generator == NULL) { - dest->generator = EC_POINT_new(dest); - if (dest->generator == NULL) - return 0; - } - if (!EC_POINT_copy(dest->generator, src->generator)) - return 0; - } else { - /* src->generator == NULL */ - EC_POINT_clear_free(dest->generator); - dest->generator = NULL; - } - - if ((src->meth->flags & EC_FLAGS_CUSTOM_CURVE) == 0) { - if (!BN_copy(dest->order, src->order)) - return 0; - if (!BN_copy(dest->cofactor, src->cofactor)) - return 0; - } - - dest->asn1_flag = src->asn1_flag; - dest->asn1_form = src->asn1_form; - dest->decoded_from_explicit_params = src->decoded_from_explicit_params; - - if (src->seed) { - OPENSSL_free(dest->seed); - if ((dest->seed = OPENSSL_malloc(src->seed_len)) == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); - return 0; - } - if (!memcpy(dest->seed, src->seed, src->seed_len)) - return 0; - dest->seed_len = src->seed_len; - } else { - OPENSSL_free(dest->seed); - dest->seed = NULL; - dest->seed_len = 0; - } - - return dest->meth->group_copy(dest, src); -} - -EC_GROUP *EC_GROUP_dup(const EC_GROUP *a) -{ - EC_GROUP *t = NULL; - int ok = 0; - - if (a == NULL) - return NULL; - - if ((t = ossl_ec_group_new_ex(a->libctx, a->propq, a->meth)) == NULL) - return NULL; - if (!EC_GROUP_copy(t, a)) - goto err; - - ok = 1; - - err: - if (!ok) { - EC_GROUP_free(t); - return NULL; - } - return t; -} - -#ifndef OPENSSL_NO_DEPRECATED_3_0 -const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *group) -{ - return group->meth; -} - -int EC_METHOD_get_field_type(const EC_METHOD *meth) -{ - return meth->field_type; -} -#endif - -static int ec_precompute_mont_data(EC_GROUP *); - -/*- - * Try computing cofactor from the generator order (n) and field cardinality (q). - * This works for all curves of cryptographic interest. - * - * Hasse thm: q + 1 - 2*sqrt(q) <= n*h <= q + 1 + 2*sqrt(q) - * h_min = (q + 1 - 2*sqrt(q))/n - * h_max = (q + 1 + 2*sqrt(q))/n - * h_max - h_min = 4*sqrt(q)/n - * So if n > 4*sqrt(q) holds, there is only one possible value for h: - * h = \lfloor (h_min + h_max)/2 \rceil = \lfloor (q + 1)/n \rceil - * - * Otherwise, zero cofactor and return success. - */ -static int ec_guess_cofactor(EC_GROUP *group) { - int ret = 0; - BN_CTX *ctx = NULL; - BIGNUM *q = NULL; - - /*- - * If the cofactor is too large, we cannot guess it. - * The RHS of below is a strict overestimate of lg(4 * sqrt(q)) - */ - if (BN_num_bits(group->order) <= (BN_num_bits(group->field) + 1) / 2 + 3) { - /* default to 0 */ - BN_zero(group->cofactor); - /* return success */ - return 1; - } - - if ((ctx = BN_CTX_new_ex(group->libctx)) == NULL) - return 0; - - BN_CTX_start(ctx); - if ((q = BN_CTX_get(ctx)) == NULL) - goto err; - - /* set q = 2**m for binary fields; q = p otherwise */ - if (group->meth->field_type == NID_X9_62_characteristic_two_field) { - BN_zero(q); - if (!BN_set_bit(q, BN_num_bits(group->field) - 1)) - goto err; - } else { - if (!BN_copy(q, group->field)) - goto err; - } - - /* compute h = \lfloor (q + 1)/n \rceil = \lfloor (q + 1 + n/2)/n \rfloor */ - if (!BN_rshift1(group->cofactor, group->order) /* n/2 */ - || !BN_add(group->cofactor, group->cofactor, q) /* q + n/2 */ - /* q + 1 + n/2 */ - || !BN_add(group->cofactor, group->cofactor, BN_value_one()) - /* (q + 1 + n/2)/n */ - || !BN_div(group->cofactor, NULL, group->cofactor, group->order, ctx)) - goto err; - ret = 1; - err: - BN_CTX_end(ctx); - BN_CTX_free(ctx); - return ret; -} - -int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator, - const BIGNUM *order, const BIGNUM *cofactor) -{ - if (generator == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - - /* require group->field >= 1 */ - if (group->field == NULL || BN_is_zero(group->field) - || BN_is_negative(group->field)) { - ERR_raise(ERR_LIB_EC, EC_R_INVALID_FIELD); - return 0; - } - - /*- - * - require order >= 1 - * - enforce upper bound due to Hasse thm: order can be no more than one bit - * longer than field cardinality - */ - if (order == NULL || BN_is_zero(order) || BN_is_negative(order) - || BN_num_bits(order) > BN_num_bits(group->field) + 1) { - ERR_raise(ERR_LIB_EC, EC_R_INVALID_GROUP_ORDER); - return 0; - } - - /*- - * Unfortunately the cofactor is an optional field in many standards. - * Internally, the lib uses 0 cofactor as a marker for "unknown cofactor". - * So accept cofactor == NULL or cofactor >= 0. - */ - if (cofactor != NULL && BN_is_negative(cofactor)) { - ERR_raise(ERR_LIB_EC, EC_R_UNKNOWN_COFACTOR); - return 0; - } - - if (group->generator == NULL) { - group->generator = EC_POINT_new(group); - if (group->generator == NULL) - return 0; - } - if (!EC_POINT_copy(group->generator, generator)) - return 0; - - if (!BN_copy(group->order, order)) - return 0; - - /* Either take the provided positive cofactor, or try to compute it */ - if (cofactor != NULL && !BN_is_zero(cofactor)) { - if (!BN_copy(group->cofactor, cofactor)) - return 0; - } else if (!ec_guess_cofactor(group)) { - BN_zero(group->cofactor); - return 0; - } - - /* - * Some groups have an order with - * factors of two, which makes the Montgomery setup fail. - * |group->mont_data| will be NULL in this case. - */ - if (BN_is_odd(group->order)) { - return ec_precompute_mont_data(group); - } - - BN_MONT_CTX_free(group->mont_data); - group->mont_data = NULL; - return 1; -} - -const EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *group) -{ - return group->generator; -} - -BN_MONT_CTX *EC_GROUP_get_mont_data(const EC_GROUP *group) -{ - return group->mont_data; -} - -int EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order, BN_CTX *ctx) -{ - if (group->order == NULL) - return 0; - if (!BN_copy(order, group->order)) - return 0; - - return !BN_is_zero(order); -} - -const BIGNUM *EC_GROUP_get0_order(const EC_GROUP *group) -{ - return group->order; -} - -int EC_GROUP_order_bits(const EC_GROUP *group) -{ - return group->meth->group_order_bits(group); -} - -int EC_GROUP_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor, - BN_CTX *ctx) -{ - - if (group->cofactor == NULL) - return 0; - if (!BN_copy(cofactor, group->cofactor)) - return 0; - - return !BN_is_zero(group->cofactor); -} - -const BIGNUM *EC_GROUP_get0_cofactor(const EC_GROUP *group) -{ - return group->cofactor; -} - -void EC_GROUP_set_curve_name(EC_GROUP *group, int nid) -{ - group->curve_name = nid; - group->asn1_flag = - (nid != NID_undef) - ? OPENSSL_EC_NAMED_CURVE - : OPENSSL_EC_EXPLICIT_CURVE; -} - -int EC_GROUP_get_curve_name(const EC_GROUP *group) -{ - return group->curve_name; -} - -const BIGNUM *EC_GROUP_get0_field(const EC_GROUP *group) -{ - return group->field; -} - -int EC_GROUP_get_field_type(const EC_GROUP *group) -{ - return group->meth->field_type; -} - -void EC_GROUP_set_asn1_flag(EC_GROUP *group, int flag) -{ - group->asn1_flag = flag; -} - -int EC_GROUP_get_asn1_flag(const EC_GROUP *group) -{ - return group->asn1_flag; -} - -void EC_GROUP_set_point_conversion_form(EC_GROUP *group, - point_conversion_form_t form) -{ - group->asn1_form = form; -} - -point_conversion_form_t EC_GROUP_get_point_conversion_form(const EC_GROUP - *group) -{ - return group->asn1_form; -} - -size_t EC_GROUP_set_seed(EC_GROUP *group, const unsigned char *p, size_t len) -{ - OPENSSL_free(group->seed); - group->seed = NULL; - group->seed_len = 0; - - if (!len || !p) - return 1; - - if ((group->seed = OPENSSL_malloc(len)) == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); - return 0; - } - memcpy(group->seed, p, len); - group->seed_len = len; - - return len; -} - -unsigned char *EC_GROUP_get0_seed(const EC_GROUP *group) -{ - return group->seed; -} - -size_t EC_GROUP_get_seed_len(const EC_GROUP *group) -{ - return group->seed_len; -} - -int EC_GROUP_set_curve(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, - const BIGNUM *b, BN_CTX *ctx) -{ - if (group->meth->group_set_curve == 0) { - ERR_raise(ERR_LIB_EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return 0; - } - return group->meth->group_set_curve(group, p, a, b, ctx); -} - -int EC_GROUP_get_curve(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, - BN_CTX *ctx) -{ - if (group->meth->group_get_curve == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return 0; - } - return group->meth->group_get_curve(group, p, a, b, ctx); -} - -#ifndef OPENSSL_NO_DEPRECATED_3_0 -int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, - const BIGNUM *b, BN_CTX *ctx) -{ - return EC_GROUP_set_curve(group, p, a, b, ctx); -} - -int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, - BIGNUM *b, BN_CTX *ctx) -{ - return EC_GROUP_get_curve(group, p, a, b, ctx); -} - -# ifndef OPENSSL_NO_EC2M -int EC_GROUP_set_curve_GF2m(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, - const BIGNUM *b, BN_CTX *ctx) -{ - return EC_GROUP_set_curve(group, p, a, b, ctx); -} - -int EC_GROUP_get_curve_GF2m(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, - BIGNUM *b, BN_CTX *ctx) -{ - return EC_GROUP_get_curve(group, p, a, b, ctx); -} -# endif -#endif - -int EC_GROUP_get_degree(const EC_GROUP *group) -{ - if (group->meth->group_get_degree == 0) { - ERR_raise(ERR_LIB_EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return 0; - } - return group->meth->group_get_degree(group); -} - -int EC_GROUP_check_discriminant(const EC_GROUP *group, BN_CTX *ctx) -{ - if (group->meth->group_check_discriminant == 0) { - ERR_raise(ERR_LIB_EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return 0; - } - return group->meth->group_check_discriminant(group, ctx); -} - -int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ctx) -{ - int r = 0; - BIGNUM *a1, *a2, *a3, *b1, *b2, *b3; -#ifndef FIPS_MODULE - BN_CTX *ctx_new = NULL; -#endif - - /* compare the field types */ - if (EC_GROUP_get_field_type(a) != EC_GROUP_get_field_type(b)) - return 1; - /* compare the curve name (if present in both) */ - if (EC_GROUP_get_curve_name(a) && EC_GROUP_get_curve_name(b) && - EC_GROUP_get_curve_name(a) != EC_GROUP_get_curve_name(b)) - return 1; - if (a->meth->flags & EC_FLAGS_CUSTOM_CURVE) - return 0; - -#ifndef FIPS_MODULE - if (ctx == NULL) - ctx_new = ctx = BN_CTX_new(); -#endif - if (ctx == NULL) - return -1; - - BN_CTX_start(ctx); - a1 = BN_CTX_get(ctx); - a2 = BN_CTX_get(ctx); - a3 = BN_CTX_get(ctx); - b1 = BN_CTX_get(ctx); - b2 = BN_CTX_get(ctx); - b3 = BN_CTX_get(ctx); - if (b3 == NULL) { - BN_CTX_end(ctx); -#ifndef FIPS_MODULE - BN_CTX_free(ctx_new); -#endif - return -1; - } - - /* - * XXX This approach assumes that the external representation of curves - * over the same field type is the same. - */ - if (!a->meth->group_get_curve(a, a1, a2, a3, ctx) || - !b->meth->group_get_curve(b, b1, b2, b3, ctx)) - r = 1; - - /* return 1 if the curve parameters are different */ - if (r || BN_cmp(a1, b1) != 0 || BN_cmp(a2, b2) != 0 || BN_cmp(a3, b3) != 0) - r = 1; - - /* XXX EC_POINT_cmp() assumes that the methods are equal */ - /* return 1 if the generators are different */ - if (r || EC_POINT_cmp(a, EC_GROUP_get0_generator(a), - EC_GROUP_get0_generator(b), ctx) != 0) - r = 1; - - if (!r) { - const BIGNUM *ao, *bo, *ac, *bc; - /* compare the orders */ - ao = EC_GROUP_get0_order(a); - bo = EC_GROUP_get0_order(b); - if (ao == NULL || bo == NULL) { - /* return an error if either order is NULL */ - r = -1; - goto end; - } - if (BN_cmp(ao, bo) != 0) { - /* return 1 if orders are different */ - r = 1; - goto end; - } - /* - * It gets here if the curve parameters and generator matched. - * Now check the optional cofactors (if both are present). - */ - ac = EC_GROUP_get0_cofactor(a); - bc = EC_GROUP_get0_cofactor(b); - /* Returns 1 (mismatch) if both cofactors are specified and different */ - if (!BN_is_zero(ac) && !BN_is_zero(bc) && BN_cmp(ac, bc) != 0) - r = 1; - /* Returns 0 if the parameters matched */ - } -end: - BN_CTX_end(ctx); -#ifndef FIPS_MODULE - BN_CTX_free(ctx_new); -#endif - return r; -} - -/* functions for EC_POINT objects */ - -EC_POINT *EC_POINT_new(const EC_GROUP *group) -{ - EC_POINT *ret; - - if (group == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_PASSED_NULL_PARAMETER); - return NULL; - } - if (group->meth->point_init == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return NULL; - } - - ret = OPENSSL_zalloc(sizeof(*ret)); - if (ret == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); - return NULL; - } - - ret->meth = group->meth; - ret->curve_name = group->curve_name; - - if (!ret->meth->point_init(ret)) { - OPENSSL_free(ret); - return NULL; - } - - return ret; -} - -void EC_POINT_free(EC_POINT *point) -{ - if (point == NULL) - return; - - if (point->meth->point_finish != 0) - point->meth->point_finish(point); - OPENSSL_free(point); -} - -void EC_POINT_clear_free(EC_POINT *point) -{ - if (point == NULL) - return; - - if (point->meth->point_clear_finish != 0) - point->meth->point_clear_finish(point); - else if (point->meth->point_finish != 0) - point->meth->point_finish(point); - OPENSSL_clear_free(point, sizeof(*point)); -} - -int EC_POINT_copy(EC_POINT *dest, const EC_POINT *src) -{ - if (dest->meth->point_copy == 0) { - ERR_raise(ERR_LIB_EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return 0; - } - if (dest->meth != src->meth - || (dest->curve_name != src->curve_name - && dest->curve_name != 0 - && src->curve_name != 0)) { - ERR_raise(ERR_LIB_EC, EC_R_INCOMPATIBLE_OBJECTS); - return 0; - } - if (dest == src) - return 1; - return dest->meth->point_copy(dest, src); -} - -EC_POINT *EC_POINT_dup(const EC_POINT *a, const EC_GROUP *group) -{ - EC_POINT *t; - int r; - - if (a == NULL) - return NULL; - - t = EC_POINT_new(group); - if (t == NULL) - return NULL; - r = EC_POINT_copy(t, a); - if (!r) { - EC_POINT_free(t); - return NULL; - } - return t; -} - -#ifndef OPENSSL_NO_DEPRECATED_3_0 -const EC_METHOD *EC_POINT_method_of(const EC_POINT *point) -{ - return point->meth; -} -#endif - -int EC_POINT_set_to_infinity(const EC_GROUP *group, EC_POINT *point) -{ - if (group->meth->point_set_to_infinity == 0) { - ERR_raise(ERR_LIB_EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return 0; - } - if (group->meth != point->meth) { - ERR_raise(ERR_LIB_EC, EC_R_INCOMPATIBLE_OBJECTS); - return 0; - } - return group->meth->point_set_to_infinity(group, point); -} - -#ifndef OPENSSL_NO_DEPRECATED_3_0 -int EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *group, - EC_POINT *point, const BIGNUM *x, - const BIGNUM *y, const BIGNUM *z, - BN_CTX *ctx) -{ - if (group->meth->field_type != NID_X9_62_prime_field) { - ERR_raise(ERR_LIB_EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return 0; - } - if (!ec_point_is_compat(point, group)) { - ERR_raise(ERR_LIB_EC, EC_R_INCOMPATIBLE_OBJECTS); - return 0; - } - return ossl_ec_GFp_simple_set_Jprojective_coordinates_GFp(group, point, - x, y, z, ctx); -} - -int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *group, - const EC_POINT *point, BIGNUM *x, - BIGNUM *y, BIGNUM *z, - BN_CTX *ctx) -{ - if (group->meth->field_type != NID_X9_62_prime_field) { - ERR_raise(ERR_LIB_EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return 0; - } - if (!ec_point_is_compat(point, group)) { - ERR_raise(ERR_LIB_EC, EC_R_INCOMPATIBLE_OBJECTS); - return 0; - } - return ossl_ec_GFp_simple_get_Jprojective_coordinates_GFp(group, point, - x, y, z, ctx); -} -#endif - -int EC_POINT_set_affine_coordinates(const EC_GROUP *group, EC_POINT *point, - const BIGNUM *x, const BIGNUM *y, - BN_CTX *ctx) -{ - if (group->meth->point_set_affine_coordinates == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return 0; - } - if (!ec_point_is_compat(point, group)) { - ERR_raise(ERR_LIB_EC, EC_R_INCOMPATIBLE_OBJECTS); - return 0; - } - if (!group->meth->point_set_affine_coordinates(group, point, x, y, ctx)) - return 0; - - if (EC_POINT_is_on_curve(group, point, ctx) <= 0) { - ERR_raise(ERR_LIB_EC, EC_R_POINT_IS_NOT_ON_CURVE); - return 0; - } - return 1; -} - -#ifndef OPENSSL_NO_DEPRECATED_3_0 -int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group, - EC_POINT *point, const BIGNUM *x, - const BIGNUM *y, BN_CTX *ctx) -{ - return EC_POINT_set_affine_coordinates(group, point, x, y, ctx); -} - -# ifndef OPENSSL_NO_EC2M -int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *group, - EC_POINT *point, const BIGNUM *x, - const BIGNUM *y, BN_CTX *ctx) -{ - return EC_POINT_set_affine_coordinates(group, point, x, y, ctx); -} -# endif -#endif - -int EC_POINT_get_affine_coordinates(const EC_GROUP *group, - const EC_POINT *point, BIGNUM *x, BIGNUM *y, - BN_CTX *ctx) -{ - if (group->meth->point_get_affine_coordinates == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return 0; - } - if (!ec_point_is_compat(point, group)) { - ERR_raise(ERR_LIB_EC, EC_R_INCOMPATIBLE_OBJECTS); - return 0; - } - if (EC_POINT_is_at_infinity(group, point)) { - ERR_raise(ERR_LIB_EC, EC_R_POINT_AT_INFINITY); - return 0; - } - return group->meth->point_get_affine_coordinates(group, point, x, y, ctx); -} - -#ifndef OPENSSL_NO_DEPRECATED_3_0 -int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group, - const EC_POINT *point, BIGNUM *x, - BIGNUM *y, BN_CTX *ctx) -{ - return EC_POINT_get_affine_coordinates(group, point, x, y, ctx); -} - -# ifndef OPENSSL_NO_EC2M -int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *group, - const EC_POINT *point, BIGNUM *x, - BIGNUM *y, BN_CTX *ctx) -{ - return EC_POINT_get_affine_coordinates(group, point, x, y, ctx); -} -# endif -#endif - -int EC_POINT_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, - const EC_POINT *b, BN_CTX *ctx) -{ - if (group->meth->add == 0) { - ERR_raise(ERR_LIB_EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return 0; - } - if (!ec_point_is_compat(r, group) || !ec_point_is_compat(a, group) - || !ec_point_is_compat(b, group)) { - ERR_raise(ERR_LIB_EC, EC_R_INCOMPATIBLE_OBJECTS); - return 0; - } - return group->meth->add(group, r, a, b, ctx); -} - -int EC_POINT_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, - BN_CTX *ctx) -{ - if (group->meth->dbl == 0) { - ERR_raise(ERR_LIB_EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return 0; - } - if (!ec_point_is_compat(r, group) || !ec_point_is_compat(a, group)) { - ERR_raise(ERR_LIB_EC, EC_R_INCOMPATIBLE_OBJECTS); - return 0; - } - return group->meth->dbl(group, r, a, ctx); -} - -int EC_POINT_invert(const EC_GROUP *group, EC_POINT *a, BN_CTX *ctx) -{ - if (group->meth->invert == 0) { - ERR_raise(ERR_LIB_EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return 0; - } - if (!ec_point_is_compat(a, group)) { - ERR_raise(ERR_LIB_EC, EC_R_INCOMPATIBLE_OBJECTS); - return 0; - } - return group->meth->invert(group, a, ctx); -} - -int EC_POINT_is_at_infinity(const EC_GROUP *group, const EC_POINT *point) -{ - if (group->meth->is_at_infinity == 0) { - ERR_raise(ERR_LIB_EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return 0; - } - if (!ec_point_is_compat(point, group)) { - ERR_raise(ERR_LIB_EC, EC_R_INCOMPATIBLE_OBJECTS); - return 0; - } - return group->meth->is_at_infinity(group, point); -} - -/* - * Check whether an EC_POINT is on the curve or not. Note that the return - * value for this function should NOT be treated as a boolean. Return values: - * 1: The point is on the curve - * 0: The point is not on the curve - * -1: An error occurred - */ -int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point, - BN_CTX *ctx) -{ - if (group->meth->is_on_curve == 0) { - ERR_raise(ERR_LIB_EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return 0; - } - if (!ec_point_is_compat(point, group)) { - ERR_raise(ERR_LIB_EC, EC_R_INCOMPATIBLE_OBJECTS); - return 0; - } - return group->meth->is_on_curve(group, point, ctx); -} - -int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, - BN_CTX *ctx) -{ - if (group->meth->point_cmp == 0) { - ERR_raise(ERR_LIB_EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return -1; - } - if (!ec_point_is_compat(a, group) || !ec_point_is_compat(b, group)) { - ERR_raise(ERR_LIB_EC, EC_R_INCOMPATIBLE_OBJECTS); - return -1; - } - return group->meth->point_cmp(group, a, b, ctx); -} - -#ifndef OPENSSL_NO_DEPRECATED_3_0 -int EC_POINT_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx) -{ - if (group->meth->make_affine == 0) { - ERR_raise(ERR_LIB_EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return 0; - } - if (!ec_point_is_compat(point, group)) { - ERR_raise(ERR_LIB_EC, EC_R_INCOMPATIBLE_OBJECTS); - return 0; - } - return group->meth->make_affine(group, point, ctx); -} - -int EC_POINTs_make_affine(const EC_GROUP *group, size_t num, - EC_POINT *points[], BN_CTX *ctx) -{ - size_t i; - - if (group->meth->points_make_affine == 0) { - ERR_raise(ERR_LIB_EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return 0; - } - for (i = 0; i < num; i++) { - if (!ec_point_is_compat(points[i], group)) { - ERR_raise(ERR_LIB_EC, EC_R_INCOMPATIBLE_OBJECTS); - return 0; - } - } - return group->meth->points_make_affine(group, num, points, ctx); -} -#endif - -/* - * Functions for point multiplication. If group->meth->mul is 0, we use the - * wNAF-based implementations in ec_mult.c; otherwise we dispatch through - * methods. - */ - -#ifndef OPENSSL_NO_DEPRECATED_3_0 -int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, - size_t num, const EC_POINT *points[], - const BIGNUM *scalars[], BN_CTX *ctx) -{ - int ret = 0; - size_t i = 0; -#ifndef FIPS_MODULE - BN_CTX *new_ctx = NULL; -#endif - - if (!ec_point_is_compat(r, group)) { - ERR_raise(ERR_LIB_EC, EC_R_INCOMPATIBLE_OBJECTS); - return 0; - } - - if (scalar == NULL && num == 0) - return EC_POINT_set_to_infinity(group, r); - - for (i = 0; i < num; i++) { - if (!ec_point_is_compat(points[i], group)) { - ERR_raise(ERR_LIB_EC, EC_R_INCOMPATIBLE_OBJECTS); - return 0; - } - } - -#ifndef FIPS_MODULE - if (ctx == NULL) - ctx = new_ctx = BN_CTX_secure_new(); -#endif - if (ctx == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_INTERNAL_ERROR); - return 0; - } - - if (group->meth->mul != NULL) - ret = group->meth->mul(group, r, scalar, num, points, scalars, ctx); - else - /* use default */ - ret = ossl_ec_wNAF_mul(group, r, scalar, num, points, scalars, ctx); - -#ifndef FIPS_MODULE - BN_CTX_free(new_ctx); -#endif - return ret; -} -#endif - -int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *g_scalar, - const EC_POINT *point, const BIGNUM *p_scalar, BN_CTX *ctx) -{ - int ret = 0; - size_t num; -#ifndef FIPS_MODULE - BN_CTX *new_ctx = NULL; -#endif - - if (!ec_point_is_compat(r, group) - || (point != NULL && !ec_point_is_compat(point, group))) { - ERR_raise(ERR_LIB_EC, EC_R_INCOMPATIBLE_OBJECTS); - return 0; - } - - if (g_scalar == NULL && p_scalar == NULL) - return EC_POINT_set_to_infinity(group, r); - -#ifndef FIPS_MODULE - if (ctx == NULL) - ctx = new_ctx = BN_CTX_secure_new(); -#endif - if (ctx == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_INTERNAL_ERROR); - return 0; - } - - num = (point != NULL && p_scalar != NULL) ? 1 : 0; - if (group->meth->mul != NULL) - ret = group->meth->mul(group, r, g_scalar, num, &point, &p_scalar, ctx); - else - /* use default */ - ret = ossl_ec_wNAF_mul(group, r, g_scalar, num, &point, &p_scalar, ctx); - -#ifndef FIPS_MODULE - BN_CTX_free(new_ctx); -#endif - return ret; -} - -#ifndef OPENSSL_NO_DEPRECATED_3_0 -int EC_GROUP_precompute_mult(EC_GROUP *group, BN_CTX *ctx) -{ - if (group->meth->mul == 0) - /* use default */ - return ossl_ec_wNAF_precompute_mult(group, ctx); - - if (group->meth->precompute_mult != 0) - return group->meth->precompute_mult(group, ctx); - else - return 1; /* nothing to do, so report success */ -} - -int EC_GROUP_have_precompute_mult(const EC_GROUP *group) -{ - if (group->meth->mul == 0) - /* use default */ - return ossl_ec_wNAF_have_precompute_mult(group); - - if (group->meth->have_precompute_mult != 0) - return group->meth->have_precompute_mult(group); - else - return 0; /* cannot tell whether precomputation has - * been performed */ -} -#endif - -/* - * ec_precompute_mont_data sets |group->mont_data| from |group->order| and - * returns one on success. On error it returns zero. - */ -static int ec_precompute_mont_data(EC_GROUP *group) -{ - BN_CTX *ctx = BN_CTX_new_ex(group->libctx); - int ret = 0; - - BN_MONT_CTX_free(group->mont_data); - group->mont_data = NULL; - - if (ctx == NULL) - goto err; - - group->mont_data = BN_MONT_CTX_new(); - if (group->mont_data == NULL) - goto err; - - if (!BN_MONT_CTX_set(group->mont_data, group->order, ctx)) { - BN_MONT_CTX_free(group->mont_data); - group->mont_data = NULL; - goto err; - } - - ret = 1; - - err: - - BN_CTX_free(ctx); - return ret; -} - -#ifndef FIPS_MODULE -int EC_KEY_set_ex_data(EC_KEY *key, int idx, void *arg) -{ - return CRYPTO_set_ex_data(&key->ex_data, idx, arg); -} - -void *EC_KEY_get_ex_data(const EC_KEY *key, int idx) -{ - return CRYPTO_get_ex_data(&key->ex_data, idx); -} -#endif - -int ossl_ec_group_simple_order_bits(const EC_GROUP *group) -{ - if (group->order == NULL) - return 0; - return BN_num_bits(group->order); -} - -static int ec_field_inverse_mod_ord(const EC_GROUP *group, BIGNUM *r, - const BIGNUM *x, BN_CTX *ctx) -{ - BIGNUM *e = NULL; - int ret = 0; -#ifndef FIPS_MODULE - BN_CTX *new_ctx = NULL; -#endif - - if (group->mont_data == NULL) - return 0; - -#ifndef FIPS_MODULE - if (ctx == NULL) - ctx = new_ctx = BN_CTX_secure_new(); -#endif - if (ctx == NULL) - return 0; - - BN_CTX_start(ctx); - if ((e = BN_CTX_get(ctx)) == NULL) - goto err; - - /*- - * We want inverse in constant time, therefore we utilize the fact - * order must be prime and use Fermats Little Theorem instead. - */ - if (!BN_set_word(e, 2)) - goto err; - if (!BN_sub(e, group->order, e)) - goto err; - /*- - * Exponent e is public. - * No need for scatter-gather or BN_FLG_CONSTTIME. - */ - if (!BN_mod_exp_mont(r, x, e, group->order, ctx, group->mont_data)) - goto err; - - ret = 1; - - err: - BN_CTX_end(ctx); -#ifndef FIPS_MODULE - BN_CTX_free(new_ctx); -#endif - return ret; -} - -/*- - * Default behavior, if group->meth->field_inverse_mod_ord is NULL: - * - When group->order is even, this function returns an error. - * - When group->order is otherwise composite, the correctness - * of the output is not guaranteed. - * - When x is outside the range [1, group->order), the correctness - * of the output is not guaranteed. - * - Otherwise, this function returns the multiplicative inverse in the - * range [1, group->order). - * - * EC_METHODs must implement their own field_inverse_mod_ord for - * other functionality. - */ -int ossl_ec_group_do_inverse_ord(const EC_GROUP *group, BIGNUM *res, - const BIGNUM *x, BN_CTX *ctx) -{ - if (group->meth->field_inverse_mod_ord != NULL) - return group->meth->field_inverse_mod_ord(group, res, x, ctx); - else - return ec_field_inverse_mod_ord(group, res, x, ctx); -} - -/*- - * Coordinate blinding for EC_POINT. - * - * The underlying EC_METHOD can optionally implement this function: - * underlying implementations should return 0 on errors, or 1 on - * success. - * - * This wrapper returns 1 in case the underlying EC_METHOD does not - * support coordinate blinding. - */ -int ossl_ec_point_blind_coordinates(const EC_GROUP *group, EC_POINT *p, - BN_CTX *ctx) -{ - if (group->meth->blind_coordinates == NULL) - return 1; /* ignore if not implemented */ - - return group->meth->blind_coordinates(group, p, ctx); -} - -int EC_GROUP_get_basis_type(const EC_GROUP *group) -{ - int i; - - if (EC_GROUP_get_field_type(group) != NID_X9_62_characteristic_two_field) - /* everything else is currently not supported */ - return 0; - - /* Find the last non-zero element of group->poly[] */ - for (i = 0; - i < (int)OSSL_NELEM(group->poly) && group->poly[i] != 0; - i++) - continue; - - if (i == 4) - return NID_X9_62_ppBasis; - else if (i == 2) - return NID_X9_62_tpBasis; - else - /* everything else is currently not supported */ - return 0; -} - -#ifndef OPENSSL_NO_EC2M -int EC_GROUP_get_trinomial_basis(const EC_GROUP *group, unsigned int *k) -{ - if (group == NULL) - return 0; - - if (EC_GROUP_get_field_type(group) != NID_X9_62_characteristic_two_field - || !((group->poly[0] != 0) && (group->poly[1] != 0) - && (group->poly[2] == 0))) { - ERR_raise(ERR_LIB_EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return 0; - } - - if (k) - *k = group->poly[1]; - - return 1; -} - -int EC_GROUP_get_pentanomial_basis(const EC_GROUP *group, unsigned int *k1, - unsigned int *k2, unsigned int *k3) -{ - if (group == NULL) - return 0; - - if (EC_GROUP_get_field_type(group) != NID_X9_62_characteristic_two_field - || !((group->poly[0] != 0) && (group->poly[1] != 0) - && (group->poly[2] != 0) && (group->poly[3] != 0) - && (group->poly[4] == 0))) { - ERR_raise(ERR_LIB_EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return 0; - } - - if (k1) - *k1 = group->poly[3]; - if (k2) - *k2 = group->poly[2]; - if (k3) - *k3 = group->poly[1]; - - return 1; -} -#endif - -#ifndef FIPS_MODULE -/* - * Check if the explicit parameters group matches any built-in curves. - * - * We create a copy of the group just built, so that we can remove optional - * fields for the lookup: we do this to avoid the possibility that one of - * the optional parameters is used to force the library into using a less - * performant and less secure EC_METHOD instead of the specialized one. - * In any case, `seed` is not really used in any computation, while a - * cofactor different from the one in the built-in table is just - * mathematically wrong anyway and should not be used. - */ -static EC_GROUP *ec_group_explicit_to_named(const EC_GROUP *group, - OSSL_LIB_CTX *libctx, - const char *propq, - BN_CTX *ctx) -{ - EC_GROUP *ret_group = NULL, *dup = NULL; - int curve_name_nid; - - const EC_POINT *point = EC_GROUP_get0_generator(group); - const BIGNUM *order = EC_GROUP_get0_order(group); - int no_seed = (EC_GROUP_get0_seed(group) == NULL); - - if ((dup = EC_GROUP_dup(group)) == NULL - || EC_GROUP_set_seed(dup, NULL, 0) != 1 - || !EC_GROUP_set_generator(dup, point, order, NULL)) - goto err; - if ((curve_name_nid = ossl_ec_curve_nid_from_params(dup, ctx)) != NID_undef) { - /* - * The input explicit parameters successfully matched one of the - * built-in curves: often for built-in curves we have specialized - * methods with better performance and hardening. - * - * In this case we replace the `EC_GROUP` created through explicit - * parameters with one created from a named group. - */ - -# ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 - /* - * NID_wap_wsg_idm_ecid_wtls12 and NID_secp224r1 are both aliases for - * the same curve, we prefer the SECP nid when matching explicit - * parameters as that is associated with a specialized EC_METHOD. - */ - if (curve_name_nid == NID_wap_wsg_idm_ecid_wtls12) - curve_name_nid = NID_secp224r1; -# endif /* !def(OPENSSL_NO_EC_NISTP_64_GCC_128) */ - - ret_group = EC_GROUP_new_by_curve_name_ex(libctx, propq, curve_name_nid); - if (ret_group == NULL) - goto err; - - /* - * Set the flag so that EC_GROUPs created from explicit parameters are - * serialized using explicit parameters by default. - */ - EC_GROUP_set_asn1_flag(ret_group, OPENSSL_EC_EXPLICIT_CURVE); - - /* - * If the input params do not contain the optional seed field we make - * sure it is not added to the returned group. - * - * The seed field is not really used inside libcrypto anyway, and - * adding it to parsed explicit parameter keys would alter their DER - * encoding output (because of the extra field) which could impact - * applications fingerprinting keys by their DER encoding. - */ - if (no_seed) { - if (EC_GROUP_set_seed(ret_group, NULL, 0) != 1) - goto err; - } - } else { - ret_group = (EC_GROUP *)group; - } - EC_GROUP_free(dup); - return ret_group; -err: - EC_GROUP_free(dup); - EC_GROUP_free(ret_group); - return NULL; -} -#endif /* FIPS_MODULE */ - -static EC_GROUP *group_new_from_name(const OSSL_PARAM *p, - OSSL_LIB_CTX *libctx, const char *propq) -{ - int ok = 0, nid; - const char *curve_name = NULL; - - switch (p->data_type) { - case OSSL_PARAM_UTF8_STRING: - /* The OSSL_PARAM functions have no support for this */ - curve_name = p->data; - ok = (curve_name != NULL); - break; - case OSSL_PARAM_UTF8_PTR: - ok = OSSL_PARAM_get_utf8_ptr(p, &curve_name); - break; - } - - if (ok) { - nid = ossl_ec_curve_name2nid(curve_name); - if (nid == NID_undef) { - ERR_raise(ERR_LIB_EC, EC_R_INVALID_CURVE); - return NULL; - } else { - return EC_GROUP_new_by_curve_name_ex(libctx, propq, nid); - } - } - return NULL; -} - -/* These parameters can be set directly into an EC_GROUP */ -int ossl_ec_group_set_params(EC_GROUP *group, const OSSL_PARAM params[]) -{ - int encoding_flag = -1, format = -1; - const OSSL_PARAM *p; - - p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT); - if (p != NULL) { - if (!ossl_ec_pt_format_param2id(p, &format)) { - ECerr(0, EC_R_INVALID_FORM); - return 0; - } - EC_GROUP_set_point_conversion_form(group, format); - } - - p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_EC_ENCODING); - if (p != NULL) { - if (!ossl_ec_encoding_param2id(p, &encoding_flag)) { - ECerr(0, EC_R_INVALID_FORM); - return 0; - } - EC_GROUP_set_asn1_flag(group, encoding_flag); - } - /* Optional seed */ - p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_EC_SEED); - if (p != NULL) { - /* The seed is allowed to be NULL */ - if (p->data_type != OSSL_PARAM_OCTET_STRING - || !EC_GROUP_set_seed(group, p->data, p->data_size)) { - ECerr(0, EC_R_INVALID_SEED); - return 0; - } - } - return 1; -} - -EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[], - OSSL_LIB_CTX *libctx, const char *propq) -{ - const OSSL_PARAM *ptmp; - EC_GROUP *group = NULL; - -#ifndef FIPS_MODULE - const OSSL_PARAM *pa, *pb; - int ok = 0; - EC_GROUP *named_group = NULL; - BIGNUM *p = NULL, *a = NULL, *b = NULL, *order = NULL, *cofactor = NULL; - EC_POINT *point = NULL; - int field_bits = 0; - int is_prime_field = 1; - BN_CTX *bnctx = NULL; - const unsigned char *buf = NULL; - int encoding_flag = -1; -#endif - - /* This is the simple named group case */ - ptmp = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_GROUP_NAME); - if (ptmp != NULL) { - int decoded = 0; - - if ((group = group_new_from_name(ptmp, libctx, propq)) == NULL) - return NULL; - if (!ossl_ec_group_set_params(group, params)) { - EC_GROUP_free(group); - return NULL; - } - - ptmp = OSSL_PARAM_locate_const(params, - OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS); - if (ptmp != NULL && !OSSL_PARAM_get_int(ptmp, &decoded)) { - ERR_raise(ERR_LIB_EC, EC_R_WRONG_CURVE_PARAMETERS); - EC_GROUP_free(group); - return NULL; - } - group->decoded_from_explicit_params = decoded > 0; - return group; - } -#ifdef FIPS_MODULE - ERR_raise(ERR_LIB_EC, EC_R_EXPLICIT_PARAMS_NOT_SUPPORTED); - return NULL; -#else - /* If it gets here then we are trying explicit parameters */ - bnctx = BN_CTX_new_ex(libctx); - if (bnctx == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); - return 0; - } - BN_CTX_start(bnctx); - - p = BN_CTX_get(bnctx); - a = BN_CTX_get(bnctx); - b = BN_CTX_get(bnctx); - order = BN_CTX_get(bnctx); - if (order == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); - goto err; - } - - ptmp = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_EC_FIELD_TYPE); - if (ptmp == NULL || ptmp->data_type != OSSL_PARAM_UTF8_STRING) { - ERR_raise(ERR_LIB_EC, EC_R_INVALID_FIELD); - goto err; - } - if (OPENSSL_strcasecmp(ptmp->data, SN_X9_62_prime_field) == 0) { - is_prime_field = 1; - } else if (OPENSSL_strcasecmp(ptmp->data, - SN_X9_62_characteristic_two_field) == 0) { - is_prime_field = 0; - } else { - /* Invalid field */ - ERR_raise(ERR_LIB_EC, EC_R_UNSUPPORTED_FIELD); - goto err; - } - - pa = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_EC_A); - if (!OSSL_PARAM_get_BN(pa, &a)) { - ERR_raise(ERR_LIB_EC, EC_R_INVALID_A); - goto err; - } - pb = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_EC_B); - if (!OSSL_PARAM_get_BN(pb, &b)) { - ERR_raise(ERR_LIB_EC, EC_R_INVALID_B); - goto err; - } - - /* extract the prime number or irreducible polynomial */ - ptmp = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_EC_P); - if (!OSSL_PARAM_get_BN(ptmp, &p)) { - ERR_raise(ERR_LIB_EC, EC_R_INVALID_P); - goto err; - } - - if (is_prime_field) { - if (BN_is_negative(p) || BN_is_zero(p)) { - ERR_raise(ERR_LIB_EC, EC_R_INVALID_P); - goto err; - } - field_bits = BN_num_bits(p); - if (field_bits > OPENSSL_ECC_MAX_FIELD_BITS) { - ERR_raise(ERR_LIB_EC, EC_R_FIELD_TOO_LARGE); - goto err; - } - - /* create the EC_GROUP structure */ - group = EC_GROUP_new_curve_GFp(p, a, b, bnctx); - } else { -# ifdef OPENSSL_NO_EC2M - ERR_raise(ERR_LIB_EC, EC_R_GF2M_NOT_SUPPORTED); - goto err; -# else - /* create the EC_GROUP structure */ - group = EC_GROUP_new_curve_GF2m(p, a, b, NULL); - if (group != NULL) { - field_bits = EC_GROUP_get_degree(group); - if (field_bits > OPENSSL_ECC_MAX_FIELD_BITS) { - ERR_raise(ERR_LIB_EC, EC_R_FIELD_TOO_LARGE); - goto err; - } - } -# endif /* OPENSSL_NO_EC2M */ - } - - if (group == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); - goto err; - } - - /* Optional seed */ - ptmp = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_EC_SEED); - if (ptmp != NULL) { - if (ptmp->data_type != OSSL_PARAM_OCTET_STRING) { - ERR_raise(ERR_LIB_EC, EC_R_INVALID_SEED); - goto err; - } - if (!EC_GROUP_set_seed(group, ptmp->data, ptmp->data_size)) - goto err; - } - - /* generator base point */ - ptmp = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_EC_GENERATOR); - if (ptmp == NULL - || ptmp->data_type != OSSL_PARAM_OCTET_STRING) { - ERR_raise(ERR_LIB_EC, EC_R_INVALID_GENERATOR); - goto err; - } - buf = (const unsigned char *)(ptmp->data); - if ((point = EC_POINT_new(group)) == NULL) - goto err; - EC_GROUP_set_point_conversion_form(group, - (point_conversion_form_t)buf[0] & ~0x01); - if (!EC_POINT_oct2point(group, point, buf, ptmp->data_size, bnctx)) { - ERR_raise(ERR_LIB_EC, EC_R_INVALID_GENERATOR); - goto err; - } - - /* order */ - ptmp = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_EC_ORDER); - if (!OSSL_PARAM_get_BN(ptmp, &order) - || (BN_is_negative(order) || BN_is_zero(order)) - || (BN_num_bits(order) > (int)field_bits + 1)) { /* Hasse bound */ - ERR_raise(ERR_LIB_EC, EC_R_INVALID_GROUP_ORDER); - goto err; - } - - /* Optional cofactor */ - ptmp = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_EC_COFACTOR); - if (ptmp != NULL) { - cofactor = BN_CTX_get(bnctx); - if (cofactor == NULL || !OSSL_PARAM_get_BN(ptmp, &cofactor)) { - ERR_raise(ERR_LIB_EC, EC_R_INVALID_COFACTOR); - goto err; - } - } - - /* set the generator, order and cofactor (if present) */ - if (!EC_GROUP_set_generator(group, point, order, cofactor)) { - ERR_raise(ERR_LIB_EC, EC_R_INVALID_GENERATOR); - goto err; - } - - named_group = ec_group_explicit_to_named(group, libctx, propq, bnctx); - if (named_group == NULL) { - ERR_raise(ERR_LIB_EC, EC_R_INVALID_NAMED_GROUP_CONVERSION); - goto err; - } - if (named_group == group) { - /* - * If we did not find a named group then the encoding should be explicit - * if it was specified - */ - ptmp = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_EC_ENCODING); - if (ptmp != NULL - && !ossl_ec_encoding_param2id(ptmp, &encoding_flag)) { - ERR_raise(ERR_LIB_EC, EC_R_INVALID_ENCODING); - goto err; - } - if (encoding_flag == OPENSSL_EC_NAMED_CURVE) { - ERR_raise(ERR_LIB_EC, EC_R_INVALID_ENCODING); - goto err; - } - EC_GROUP_set_asn1_flag(group, OPENSSL_EC_EXPLICIT_CURVE); - } else { - EC_GROUP_free(group); - group = named_group; - } - /* We've imported the group from explicit parameters, set it so. */ - group->decoded_from_explicit_params = 1; - ok = 1; - err: - if (!ok) { - EC_GROUP_free(group); - group = NULL; - } - EC_POINT_free(point); - BN_CTX_end(bnctx); - BN_CTX_free(bnctx); - - return group; -#endif /* FIPS_MODULE */ -} diff --git a/crypto/ec/ec_local.h b/crypto/ec/ec_local.h deleted file mode 100644 index f34e06aea89a7ab9d156ef063fafe741e1c820db..0000000000000000000000000000000000000000 --- a/crypto/ec/ec_local.h +++ /dev/null @@ -1,773 +0,0 @@ -/* - * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. - * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include - -#include -#include -#include -#include "internal/refcount.h" -#include "crypto/ec.h" - -#if defined(__SUNPRO_C) -# if __SUNPRO_C >= 0x520 -# pragma error_messages (off,E_ARRAY_OF_INCOMPLETE_NONAME,E_ARRAY_OF_INCOMPLETE) -# endif -#endif - -/* Use default functions for poin2oct, oct2point and compressed coordinates */ -#define EC_FLAGS_DEFAULT_OCT 0x1 - -/* Use custom formats for EC_GROUP, EC_POINT and EC_KEY */ -#define EC_FLAGS_CUSTOM_CURVE 0x2 - -/* Curve does not support signing operations */ -#define EC_FLAGS_NO_SIGN 0x4 - -#ifdef OPENSSL_NO_DEPRECATED_3_0 -typedef struct ec_method_st EC_METHOD; -#endif - -/* - * Structure details are not part of the exported interface, so all this may - * change in future versions. - */ - -struct ec_method_st { - /* Various method flags */ - int flags; - /* used by EC_METHOD_get_field_type: */ - int field_type; /* a NID */ - /* - * used by EC_GROUP_new, EC_GROUP_free, EC_GROUP_clear_free, - * EC_GROUP_copy: - */ - int (*group_init) (EC_GROUP *); - void (*group_finish) (EC_GROUP *); - void (*group_clear_finish) (EC_GROUP *); - int (*group_copy) (EC_GROUP *, const EC_GROUP *); - /* used by EC_GROUP_set_curve, EC_GROUP_get_curve: */ - int (*group_set_curve) (EC_GROUP *, const BIGNUM *p, const BIGNUM *a, - const BIGNUM *b, BN_CTX *); - int (*group_get_curve) (const EC_GROUP *, BIGNUM *p, BIGNUM *a, BIGNUM *b, - BN_CTX *); - /* used by EC_GROUP_get_degree: */ - int (*group_get_degree) (const EC_GROUP *); - int (*group_order_bits) (const EC_GROUP *); - /* used by EC_GROUP_check: */ - int (*group_check_discriminant) (const EC_GROUP *, BN_CTX *); - /* - * used by EC_POINT_new, EC_POINT_free, EC_POINT_clear_free, - * EC_POINT_copy: - */ - int (*point_init) (EC_POINT *); - void (*point_finish) (EC_POINT *); - void (*point_clear_finish) (EC_POINT *); - int (*point_copy) (EC_POINT *, const EC_POINT *); - /*- - * used by EC_POINT_set_to_infinity, - * EC_POINT_set_Jprojective_coordinates_GFp, - * EC_POINT_get_Jprojective_coordinates_GFp, - * EC_POINT_set_affine_coordinates, - * EC_POINT_get_affine_coordinates, - * EC_POINT_set_compressed_coordinates: - */ - int (*point_set_to_infinity) (const EC_GROUP *, EC_POINT *); - int (*point_set_affine_coordinates) (const EC_GROUP *, EC_POINT *, - const BIGNUM *x, const BIGNUM *y, - BN_CTX *); - int (*point_get_affine_coordinates) (const EC_GROUP *, const EC_POINT *, - BIGNUM *x, BIGNUM *y, BN_CTX *); - int (*point_set_compressed_coordinates) (const EC_GROUP *, EC_POINT *, - const BIGNUM *x, int y_bit, - BN_CTX *); - /* used by EC_POINT_point2oct, EC_POINT_oct2point: */ - size_t (*point2oct) (const EC_GROUP *, const EC_POINT *, - point_conversion_form_t form, unsigned char *buf, - size_t len, BN_CTX *); - int (*oct2point) (const EC_GROUP *, EC_POINT *, const unsigned char *buf, - size_t len, BN_CTX *); - /* used by EC_POINT_add, EC_POINT_dbl, ECP_POINT_invert: */ - int (*add) (const EC_GROUP *, EC_POINT *r, const EC_POINT *a, - const EC_POINT *b, BN_CTX *); - int (*dbl) (const EC_GROUP *, EC_POINT *r, const EC_POINT *a, BN_CTX *); - int (*invert) (const EC_GROUP *, EC_POINT *, BN_CTX *); - /* - * used by EC_POINT_is_at_infinity, EC_POINT_is_on_curve, EC_POINT_cmp: - */ - int (*is_at_infinity) (const EC_GROUP *, const EC_POINT *); - int (*is_on_curve) (const EC_GROUP *, const EC_POINT *, BN_CTX *); - int (*point_cmp) (const EC_GROUP *, const EC_POINT *a, const EC_POINT *b, - BN_CTX *); - /* used by EC_POINT_make_affine, EC_POINTs_make_affine: */ - int (*make_affine) (const EC_GROUP *, EC_POINT *, BN_CTX *); - int (*points_make_affine) (const EC_GROUP *, size_t num, EC_POINT *[], - BN_CTX *); - /* - * used by EC_POINTs_mul, EC_POINT_mul, EC_POINT_precompute_mult, - * EC_POINT_have_precompute_mult (default implementations are used if the - * 'mul' pointer is 0): - */ - /*- - * mul() calculates the value - * - * r := generator * scalar - * + points[0] * scalars[0] - * + ... - * + points[num-1] * scalars[num-1]. - * - * For a fixed point multiplication (scalar != NULL, num == 0) - * or a variable point multiplication (scalar == NULL, num == 1), - * mul() must use a constant time algorithm: in both cases callers - * should provide an input scalar (either scalar or scalars[0]) - * in the range [0, ec_group_order); for robustness, implementers - * should handle the case when the scalar has not been reduced, but - * may treat it as an unusual input, without any constant-timeness - * guarantee. - */ - int (*mul) (const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, - size_t num, const EC_POINT *points[], const BIGNUM *scalars[], - BN_CTX *); - int (*precompute_mult) (EC_GROUP *group, BN_CTX *); - int (*have_precompute_mult) (const EC_GROUP *group); - /* internal functions */ - /* - * 'field_mul', 'field_sqr', and 'field_div' can be used by 'add' and - * 'dbl' so that the same implementations of point operations can be used - * with different optimized implementations of expensive field - * operations: - */ - int (*field_mul) (const EC_GROUP *, BIGNUM *r, const BIGNUM *a, - const BIGNUM *b, BN_CTX *); - int (*field_sqr) (const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *); - int (*field_div) (const EC_GROUP *, BIGNUM *r, const BIGNUM *a, - const BIGNUM *b, BN_CTX *); - /*- - * 'field_inv' computes the multiplicative inverse of a in the field, - * storing the result in r. - * - * If 'a' is zero (or equivalent), you'll get an EC_R_CANNOT_INVERT error. - */ - int (*field_inv) (const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *); - /* e.g. to Montgomery */ - int (*field_encode) (const EC_GROUP *, BIGNUM *r, const BIGNUM *a, - BN_CTX *); - /* e.g. from Montgomery */ - int (*field_decode) (const EC_GROUP *, BIGNUM *r, const BIGNUM *a, - BN_CTX *); - int (*field_set_to_one) (const EC_GROUP *, BIGNUM *r, BN_CTX *); - /* private key operations */ - size_t (*priv2oct)(const EC_KEY *eckey, unsigned char *buf, size_t len); - int (*oct2priv)(EC_KEY *eckey, const unsigned char *buf, size_t len); - int (*set_private)(EC_KEY *eckey, const BIGNUM *priv_key); - int (*keygen)(EC_KEY *eckey); - int (*keycheck)(const EC_KEY *eckey); - int (*keygenpub)(EC_KEY *eckey); - int (*keycopy)(EC_KEY *dst, const EC_KEY *src); - void (*keyfinish)(EC_KEY *eckey); - /* custom ECDH operation */ - int (*ecdh_compute_key)(unsigned char **pout, size_t *poutlen, - const EC_POINT *pub_key, const EC_KEY *ecdh); - /* custom ECDSA */ - int (*ecdsa_sign_setup)(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinvp, - BIGNUM **rp); - ECDSA_SIG *(*ecdsa_sign_sig)(const unsigned char *dgst, int dgstlen, - const BIGNUM *kinv, const BIGNUM *r, - EC_KEY *eckey); - int (*ecdsa_verify_sig)(const unsigned char *dgst, int dgstlen, - const ECDSA_SIG *sig, EC_KEY *eckey); - /* Inverse modulo order */ - int (*field_inverse_mod_ord)(const EC_GROUP *, BIGNUM *r, - const BIGNUM *x, BN_CTX *); - int (*blind_coordinates)(const EC_GROUP *group, EC_POINT *p, BN_CTX *ctx); - int (*ladder_pre)(const EC_GROUP *group, - EC_POINT *r, EC_POINT *s, - EC_POINT *p, BN_CTX *ctx); - int (*ladder_step)(const EC_GROUP *group, - EC_POINT *r, EC_POINT *s, - EC_POINT *p, BN_CTX *ctx); - int (*ladder_post)(const EC_GROUP *group, - EC_POINT *r, EC_POINT *s, - EC_POINT *p, BN_CTX *ctx); -}; - -/* - * Types and functions to manipulate pre-computed values. - */ -typedef struct nistp224_pre_comp_st NISTP224_PRE_COMP; -typedef struct nistp256_pre_comp_st NISTP256_PRE_COMP; -typedef struct nistp521_pre_comp_st NISTP521_PRE_COMP; -typedef struct nistz256_pre_comp_st NISTZ256_PRE_COMP; -typedef struct ec_pre_comp_st EC_PRE_COMP; - -struct ec_group_st { - const EC_METHOD *meth; - EC_POINT *generator; /* optional */ - BIGNUM *order, *cofactor; - int curve_name; /* optional NID for named curve */ - int asn1_flag; /* flag to control the asn1 encoding */ - int decoded_from_explicit_params; /* set if decoded from explicit - * curve parameters encoding */ - point_conversion_form_t asn1_form; - unsigned char *seed; /* optional seed for parameters (appears in - * ASN1) */ - size_t seed_len; - /* - * The following members are handled by the method functions, even if - * they appear generic - */ - /* - * Field specification. For curves over GF(p), this is the modulus; for - * curves over GF(2^m), this is the irreducible polynomial defining the - * field. - */ - BIGNUM *field; - /* - * Field specification for curves over GF(2^m). The irreducible f(t) is - * then of the form: t^poly[0] + t^poly[1] + ... + t^poly[k] where m = - * poly[0] > poly[1] > ... > poly[k] = 0. The array is terminated with - * poly[k+1]=-1. All elliptic curve irreducibles have at most 5 non-zero - * terms. - */ - int poly[6]; - /* - * Curve coefficients. (Here the assumption is that BIGNUMs can be used - * or abused for all kinds of fields, not just GF(p).) For characteristic - * > 3, the curve is defined by a Weierstrass equation of the form y^2 = - * x^3 + a*x + b. For characteristic 2, the curve is defined by an - * equation of the form y^2 + x*y = x^3 + a*x^2 + b. - */ - BIGNUM *a, *b; - /* enable optimized point arithmetics for special case */ - int a_is_minus3; - /* method-specific (e.g., Montgomery structure) */ - void *field_data1; - /* method-specific */ - void *field_data2; - /* method-specific */ - int (*field_mod_func) (BIGNUM *, const BIGNUM *, const BIGNUM *, - BN_CTX *); - /* data for ECDSA inverse */ - BN_MONT_CTX *mont_data; - - /* - * Precomputed values for speed. The PCT_xxx names match the - * pre_comp.xxx union names; see the SETPRECOMP and HAVEPRECOMP - * macros, below. - */ - enum { - PCT_none, - PCT_nistp224, PCT_nistp256, PCT_nistp521, PCT_nistz256, - PCT_ec - } pre_comp_type; - union { - NISTP224_PRE_COMP *nistp224; - NISTP256_PRE_COMP *nistp256; - NISTP521_PRE_COMP *nistp521; - NISTZ256_PRE_COMP *nistz256; - EC_PRE_COMP *ec; - } pre_comp; - - OSSL_LIB_CTX *libctx; - char *propq; -}; - -#define SETPRECOMP(g, type, pre) \ - g->pre_comp_type = PCT_##type, g->pre_comp.type = pre -#define HAVEPRECOMP(g, type) \ - g->pre_comp_type == PCT_##type && g->pre_comp.type != NULL - -struct ec_key_st { - const EC_KEY_METHOD *meth; - ENGINE *engine; - int version; - EC_GROUP *group; - EC_POINT *pub_key; - BIGNUM *priv_key; - unsigned int enc_flag; - point_conversion_form_t conv_form; - CRYPTO_REF_COUNT references; - int flags; -#ifndef FIPS_MODULE - CRYPTO_EX_DATA ex_data; -#endif - CRYPTO_RWLOCK *lock; - OSSL_LIB_CTX *libctx; - char *propq; - - /* Provider data */ - size_t dirty_cnt; /* If any key material changes, increment this */ -}; - -struct ec_point_st { - const EC_METHOD *meth; - /* NID for the curve if known */ - int curve_name; - /* - * All members except 'meth' are handled by the method functions, even if - * they appear generic - */ - BIGNUM *X; - BIGNUM *Y; - BIGNUM *Z; /* Jacobian projective coordinates: * (X, Y, - * Z) represents (X/Z^2, Y/Z^3) if Z != 0 */ - int Z_is_one; /* enable optimized point arithmetics for - * special case */ -}; - -static ossl_inline int ec_point_is_compat(const EC_POINT *point, - const EC_GROUP *group) -{ - return group->meth == point->meth - && (group->curve_name == 0 - || point->curve_name == 0 - || group->curve_name == point->curve_name); -} - -NISTP224_PRE_COMP *EC_nistp224_pre_comp_dup(NISTP224_PRE_COMP *); -NISTP256_PRE_COMP *EC_nistp256_pre_comp_dup(NISTP256_PRE_COMP *); -NISTP521_PRE_COMP *EC_nistp521_pre_comp_dup(NISTP521_PRE_COMP *); -NISTZ256_PRE_COMP *EC_nistz256_pre_comp_dup(NISTZ256_PRE_COMP *); -NISTP256_PRE_COMP *EC_nistp256_pre_comp_dup(NISTP256_PRE_COMP *); -EC_PRE_COMP *EC_ec_pre_comp_dup(EC_PRE_COMP *); - -void EC_pre_comp_free(EC_GROUP *group); -void EC_nistp224_pre_comp_free(NISTP224_PRE_COMP *); -void EC_nistp256_pre_comp_free(NISTP256_PRE_COMP *); -void EC_nistp521_pre_comp_free(NISTP521_PRE_COMP *); -void EC_nistz256_pre_comp_free(NISTZ256_PRE_COMP *); -void EC_ec_pre_comp_free(EC_PRE_COMP *); - -/* - * method functions in ec_mult.c (ec_lib.c uses these as defaults if - * group->method->mul is 0) - */ -int ossl_ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, - size_t num, const EC_POINT *points[], - const BIGNUM *scalars[], BN_CTX *); -int ossl_ec_wNAF_precompute_mult(EC_GROUP *group, BN_CTX *); -int ossl_ec_wNAF_have_precompute_mult(const EC_GROUP *group); - -/* method functions in ecp_smpl.c */ -int ossl_ec_GFp_simple_group_init(EC_GROUP *); -void ossl_ec_GFp_simple_group_finish(EC_GROUP *); -void ossl_ec_GFp_simple_group_clear_finish(EC_GROUP *); -int ossl_ec_GFp_simple_group_copy(EC_GROUP *, const EC_GROUP *); -int ossl_ec_GFp_simple_group_set_curve(EC_GROUP *, const BIGNUM *p, - const BIGNUM *a, const BIGNUM *b, - BN_CTX *); -int ossl_ec_GFp_simple_group_get_curve(const EC_GROUP *, BIGNUM *p, BIGNUM *a, - BIGNUM *b, BN_CTX *); -int ossl_ec_GFp_simple_group_get_degree(const EC_GROUP *); -int ossl_ec_GFp_simple_group_check_discriminant(const EC_GROUP *, BN_CTX *); -int ossl_ec_GFp_simple_point_init(EC_POINT *); -void ossl_ec_GFp_simple_point_finish(EC_POINT *); -void ossl_ec_GFp_simple_point_clear_finish(EC_POINT *); -int ossl_ec_GFp_simple_point_copy(EC_POINT *, const EC_POINT *); -int ossl_ec_GFp_simple_point_set_to_infinity(const EC_GROUP *, EC_POINT *); -int ossl_ec_GFp_simple_set_Jprojective_coordinates_GFp(const EC_GROUP *, - EC_POINT *, - const BIGNUM *x, - const BIGNUM *y, - const BIGNUM *z, - BN_CTX *); -int ossl_ec_GFp_simple_get_Jprojective_coordinates_GFp(const EC_GROUP *, - const EC_POINT *, - BIGNUM *x, - BIGNUM *y, BIGNUM *z, - BN_CTX *); -int ossl_ec_GFp_simple_point_set_affine_coordinates(const EC_GROUP *, EC_POINT *, - const BIGNUM *x, - const BIGNUM *y, BN_CTX *); -int ossl_ec_GFp_simple_point_get_affine_coordinates(const EC_GROUP *, - const EC_POINT *, BIGNUM *x, - BIGNUM *y, BN_CTX *); -int ossl_ec_GFp_simple_set_compressed_coordinates(const EC_GROUP *, EC_POINT *, - const BIGNUM *x, int y_bit, - BN_CTX *); -size_t ossl_ec_GFp_simple_point2oct(const EC_GROUP *, const EC_POINT *, - point_conversion_form_t form, - unsigned char *buf, size_t len, BN_CTX *); -int ossl_ec_GFp_simple_oct2point(const EC_GROUP *, EC_POINT *, - const unsigned char *buf, size_t len, BN_CTX *); -int ossl_ec_GFp_simple_add(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, - const EC_POINT *b, BN_CTX *); -int ossl_ec_GFp_simple_dbl(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, - BN_CTX *); -int ossl_ec_GFp_simple_invert(const EC_GROUP *, EC_POINT *, BN_CTX *); -int ossl_ec_GFp_simple_is_at_infinity(const EC_GROUP *, const EC_POINT *); -int ossl_ec_GFp_simple_is_on_curve(const EC_GROUP *, const EC_POINT *, BN_CTX *); -int ossl_ec_GFp_simple_cmp(const EC_GROUP *, const EC_POINT *a, - const EC_POINT *b, BN_CTX *); -int ossl_ec_GFp_simple_make_affine(const EC_GROUP *, EC_POINT *, BN_CTX *); -int ossl_ec_GFp_simple_points_make_affine(const EC_GROUP *, size_t num, - EC_POINT *[], BN_CTX *); -int ossl_ec_GFp_simple_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, - const BIGNUM *b, BN_CTX *); -int ossl_ec_GFp_simple_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, - BN_CTX *); -int ossl_ec_GFp_simple_field_inv(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, - BN_CTX *); -int ossl_ec_GFp_simple_blind_coordinates(const EC_GROUP *group, EC_POINT *p, - BN_CTX *ctx); -int ossl_ec_GFp_simple_ladder_pre(const EC_GROUP *group, - EC_POINT *r, EC_POINT *s, - EC_POINT *p, BN_CTX *ctx); -int ossl_ec_GFp_simple_ladder_step(const EC_GROUP *group, - EC_POINT *r, EC_POINT *s, - EC_POINT *p, BN_CTX *ctx); -int ossl_ec_GFp_simple_ladder_post(const EC_GROUP *group, - EC_POINT *r, EC_POINT *s, - EC_POINT *p, BN_CTX *ctx); - -/* method functions in ecp_mont.c */ -int ossl_ec_GFp_mont_group_init(EC_GROUP *); -int ossl_ec_GFp_mont_group_set_curve(EC_GROUP *, const BIGNUM *p, - const BIGNUM *a, - const BIGNUM *b, BN_CTX *); -void ossl_ec_GFp_mont_group_finish(EC_GROUP *); -void ossl_ec_GFp_mont_group_clear_finish(EC_GROUP *); -int ossl_ec_GFp_mont_group_copy(EC_GROUP *, const EC_GROUP *); -int ossl_ec_GFp_mont_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, - const BIGNUM *b, BN_CTX *); -int ossl_ec_GFp_mont_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, - BN_CTX *); -int ossl_ec_GFp_mont_field_inv(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, - BN_CTX *); -int ossl_ec_GFp_mont_field_encode(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, - BN_CTX *); -int ossl_ec_GFp_mont_field_decode(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, - BN_CTX *); -int ossl_ec_GFp_mont_field_set_to_one(const EC_GROUP *, BIGNUM *r, BN_CTX *); - -/* method functions in ecp_nist.c */ -int ossl_ec_GFp_nist_group_copy(EC_GROUP *dest, const EC_GROUP *src); -int ossl_ec_GFp_nist_group_set_curve(EC_GROUP *, const BIGNUM *p, - const BIGNUM *a, const BIGNUM *b, BN_CTX *); -int ossl_ec_GFp_nist_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, - const BIGNUM *b, BN_CTX *); -int ossl_ec_GFp_nist_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, - BN_CTX *); - -/* method functions in ec2_smpl.c */ -int ossl_ec_GF2m_simple_group_init(EC_GROUP *); -void ossl_ec_GF2m_simple_group_finish(EC_GROUP *); -void ossl_ec_GF2m_simple_group_clear_finish(EC_GROUP *); -int ossl_ec_GF2m_simple_group_copy(EC_GROUP *, const EC_GROUP *); -int ossl_ec_GF2m_simple_group_set_curve(EC_GROUP *, const BIGNUM *p, - const BIGNUM *a, const BIGNUM *b, - BN_CTX *); -int ossl_ec_GF2m_simple_group_get_curve(const EC_GROUP *, BIGNUM *p, BIGNUM *a, - BIGNUM *b, BN_CTX *); -int ossl_ec_GF2m_simple_group_get_degree(const EC_GROUP *); -int ossl_ec_GF2m_simple_group_check_discriminant(const EC_GROUP *, BN_CTX *); -int ossl_ec_GF2m_simple_point_init(EC_POINT *); -void ossl_ec_GF2m_simple_point_finish(EC_POINT *); -void ossl_ec_GF2m_simple_point_clear_finish(EC_POINT *); -int ossl_ec_GF2m_simple_point_copy(EC_POINT *, const EC_POINT *); -int ossl_ec_GF2m_simple_point_set_to_infinity(const EC_GROUP *, EC_POINT *); -int ossl_ec_GF2m_simple_point_set_affine_coordinates(const EC_GROUP *, - EC_POINT *, - const BIGNUM *x, - const BIGNUM *y, BN_CTX *); -int ossl_ec_GF2m_simple_point_get_affine_coordinates(const EC_GROUP *, - const EC_POINT *, BIGNUM *x, - BIGNUM *y, BN_CTX *); -int ossl_ec_GF2m_simple_set_compressed_coordinates(const EC_GROUP *, EC_POINT *, - const BIGNUM *x, int y_bit, - BN_CTX *); -size_t ossl_ec_GF2m_simple_point2oct(const EC_GROUP *, const EC_POINT *, - point_conversion_form_t form, - unsigned char *buf, size_t len, BN_CTX *); -int ossl_ec_GF2m_simple_oct2point(const EC_GROUP *, EC_POINT *, - const unsigned char *buf, size_t len, BN_CTX *); -int ossl_ec_GF2m_simple_add(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, - const EC_POINT *b, BN_CTX *); -int ossl_ec_GF2m_simple_dbl(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, - BN_CTX *); -int ossl_ec_GF2m_simple_invert(const EC_GROUP *, EC_POINT *, BN_CTX *); -int ossl_ec_GF2m_simple_is_at_infinity(const EC_GROUP *, const EC_POINT *); -int ossl_ec_GF2m_simple_is_on_curve(const EC_GROUP *, const EC_POINT *, BN_CTX *); -int ossl_ec_GF2m_simple_cmp(const EC_GROUP *, const EC_POINT *a, - const EC_POINT *b, BN_CTX *); -int ossl_ec_GF2m_simple_make_affine(const EC_GROUP *, EC_POINT *, BN_CTX *); -int ossl_ec_GF2m_simple_points_make_affine(const EC_GROUP *, size_t num, - EC_POINT *[], BN_CTX *); -int ossl_ec_GF2m_simple_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, - const BIGNUM *b, BN_CTX *); -int ossl_ec_GF2m_simple_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, - BN_CTX *); -int ossl_ec_GF2m_simple_field_div(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, - const BIGNUM *b, BN_CTX *); - -#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 -# ifdef B_ENDIAN -# error "Can not enable ec_nistp_64_gcc_128 on big-endian systems" -# endif - -/* method functions in ecp_nistp224.c */ -int ossl_ec_GFp_nistp224_group_init(EC_GROUP *group); -int ossl_ec_GFp_nistp224_group_set_curve(EC_GROUP *group, const BIGNUM *p, - const BIGNUM *a, const BIGNUM *n, - BN_CTX *); -int ossl_ec_GFp_nistp224_point_get_affine_coordinates(const EC_GROUP *group, - const EC_POINT *point, - BIGNUM *x, BIGNUM *y, - BN_CTX *ctx); -int ossl_ec_GFp_nistp224_mul(const EC_GROUP *group, EC_POINT *r, - const BIGNUM *scalar, size_t num, - const EC_POINT *points[], const BIGNUM *scalars[], - BN_CTX *); -int ossl_ec_GFp_nistp224_points_mul(const EC_GROUP *group, EC_POINT *r, - const BIGNUM *scalar, size_t num, - const EC_POINT *points[], - const BIGNUM *scalars[], BN_CTX *ctx); -int ossl_ec_GFp_nistp224_precompute_mult(EC_GROUP *group, BN_CTX *ctx); -int ossl_ec_GFp_nistp224_have_precompute_mult(const EC_GROUP *group); - -/* method functions in ecp_nistp256.c */ -int ossl_ec_GFp_nistp256_group_init(EC_GROUP *group); -int ossl_ec_GFp_nistp256_group_set_curve(EC_GROUP *group, const BIGNUM *p, - const BIGNUM *a, const BIGNUM *n, - BN_CTX *); -int ossl_ec_GFp_nistp256_point_get_affine_coordinates(const EC_GROUP *group, - const EC_POINT *point, - BIGNUM *x, BIGNUM *y, - BN_CTX *ctx); -int ossl_ec_GFp_nistp256_mul(const EC_GROUP *group, EC_POINT *r, - const BIGNUM *scalar, size_t num, - const EC_POINT *points[], const BIGNUM *scalars[], - BN_CTX *); -int ossl_ec_GFp_nistp256_points_mul(const EC_GROUP *group, EC_POINT *r, - const BIGNUM *scalar, size_t num, - const EC_POINT *points[], - const BIGNUM *scalars[], BN_CTX *ctx); -int ossl_ec_GFp_nistp256_precompute_mult(EC_GROUP *group, BN_CTX *ctx); -int ossl_ec_GFp_nistp256_have_precompute_mult(const EC_GROUP *group); - -/* method functions in ecp_nistp521.c */ -int ossl_ec_GFp_nistp521_group_init(EC_GROUP *group); -int ossl_ec_GFp_nistp521_group_set_curve(EC_GROUP *group, const BIGNUM *p, - const BIGNUM *a, const BIGNUM *n, - BN_CTX *); -int ossl_ec_GFp_nistp521_point_get_affine_coordinates(const EC_GROUP *group, - const EC_POINT *point, - BIGNUM *x, BIGNUM *y, - BN_CTX *ctx); -int ossl_ec_GFp_nistp521_mul(const EC_GROUP *group, EC_POINT *r, - const BIGNUM *scalar, size_t num, - const EC_POINT *points[], const BIGNUM *scalars[], - BN_CTX *); -int ossl_ec_GFp_nistp521_points_mul(const EC_GROUP *group, EC_POINT *r, - const BIGNUM *scalar, size_t num, - const EC_POINT *points[], - const BIGNUM *scalars[], BN_CTX *ctx); -int ossl_ec_GFp_nistp521_precompute_mult(EC_GROUP *group, BN_CTX *ctx); -int ossl_ec_GFp_nistp521_have_precompute_mult(const EC_GROUP *group); - -/* utility functions in ecp_nistputil.c */ -void ossl_ec_GFp_nistp_points_make_affine_internal(size_t num, void *point_array, - size_t felem_size, - void *tmp_felems, - void (*felem_one) (void *out), - int (*felem_is_zero) - (const void *in), - void (*felem_assign) - (void *out, const void *in), - void (*felem_square) - (void *out, const void *in), - void (*felem_mul) - (void *out, - const void *in1, - const void *in2), - void (*felem_inv) - (void *out, const void *in), - void (*felem_contract) - (void *out, const void *in)); -void ossl_ec_GFp_nistp_recode_scalar_bits(unsigned char *sign, - unsigned char *digit, - unsigned char in); -#endif -int ossl_ec_group_simple_order_bits(const EC_GROUP *group); - -/** - * Creates a new EC_GROUP object - * \param libctx The associated library context or NULL for the default - * library context - * \param propq Any property query string - * \param meth EC_METHOD to use - * \return newly created EC_GROUP object or NULL in case of an error. - */ -EC_GROUP *ossl_ec_group_new_ex(OSSL_LIB_CTX *libctx, const char *propq, - const EC_METHOD *meth); - -#ifdef ECP_NISTZ256_ASM -/** Returns GFp methods using montgomery multiplication, with x86-64 optimized - * P256. See http://eprint.iacr.org/2013/816. - * \return EC_METHOD object - */ -const EC_METHOD *EC_GFp_nistz256_method(void); -#endif -#ifdef S390X_EC_ASM -const EC_METHOD *EC_GFp_s390x_nistp256_method(void); -const EC_METHOD *EC_GFp_s390x_nistp384_method(void); -const EC_METHOD *EC_GFp_s390x_nistp521_method(void); -#endif - -size_t ossl_ec_key_simple_priv2oct(const EC_KEY *eckey, - unsigned char *buf, size_t len); -int ossl_ec_key_simple_oct2priv(EC_KEY *eckey, const unsigned char *buf, - size_t len); -int ossl_ec_key_simple_generate_key(EC_KEY *eckey); -int ossl_ec_key_simple_generate_public_key(EC_KEY *eckey); -int ossl_ec_key_simple_check_key(const EC_KEY *eckey); - -int ossl_ec_curve_nid_from_params(const EC_GROUP *group, BN_CTX *ctx); - -/* EC_METHOD definitions */ - -struct ec_key_method_st { - const char *name; - int32_t flags; - int (*init)(EC_KEY *key); - void (*finish)(EC_KEY *key); - int (*copy)(EC_KEY *dest, const EC_KEY *src); - int (*set_group)(EC_KEY *key, const EC_GROUP *grp); - int (*set_private)(EC_KEY *key, const BIGNUM *priv_key); - int (*set_public)(EC_KEY *key, const EC_POINT *pub_key); - int (*keygen)(EC_KEY *key); - int (*compute_key)(unsigned char **pout, size_t *poutlen, - const EC_POINT *pub_key, const EC_KEY *ecdh); - int (*sign)(int type, const unsigned char *dgst, int dlen, unsigned char - *sig, unsigned int *siglen, const BIGNUM *kinv, - const BIGNUM *r, EC_KEY *eckey); - int (*sign_setup)(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, - BIGNUM **rp); - ECDSA_SIG *(*sign_sig)(const unsigned char *dgst, int dgst_len, - const BIGNUM *in_kinv, const BIGNUM *in_r, - EC_KEY *eckey); - - int (*verify)(int type, const unsigned char *dgst, int dgst_len, - const unsigned char *sigbuf, int sig_len, EC_KEY *eckey); - int (*verify_sig)(const unsigned char *dgst, int dgst_len, - const ECDSA_SIG *sig, EC_KEY *eckey); -}; - -#define EC_KEY_METHOD_DYNAMIC 1 - -EC_KEY *ossl_ec_key_new_method_int(OSSL_LIB_CTX *libctx, const char *propq, - ENGINE *engine); - -int ossl_ec_key_gen(EC_KEY *eckey); -int ossl_ecdh_compute_key(unsigned char **pout, size_t *poutlen, - const EC_POINT *pub_key, const EC_KEY *ecdh); -int ossl_ecdh_simple_compute_key(unsigned char **pout, size_t *poutlen, - const EC_POINT *pub_key, const EC_KEY *ecdh); - -struct ECDSA_SIG_st { - BIGNUM *r; - BIGNUM *s; -}; - -int ossl_ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, - BIGNUM **rp); -int ossl_ecdsa_sign(int type, const unsigned char *dgst, int dlen, - unsigned char *sig, unsigned int *siglen, - const BIGNUM *kinv, const BIGNUM *r, EC_KEY *eckey); -ECDSA_SIG *ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len, - const BIGNUM *in_kinv, const BIGNUM *in_r, - EC_KEY *eckey); -int ossl_ecdsa_verify(int type, const unsigned char *dgst, int dgst_len, - const unsigned char *sigbuf, int sig_len, EC_KEY *eckey); -int ossl_ecdsa_verify_sig(const unsigned char *dgst, int dgst_len, - const ECDSA_SIG *sig, EC_KEY *eckey); -int ossl_ecdsa_simple_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, - BIGNUM **rp); -ECDSA_SIG *ossl_ecdsa_simple_sign_sig(const unsigned char *dgst, int dgst_len, - const BIGNUM *in_kinv, const BIGNUM *in_r, - EC_KEY *eckey); -int ossl_ecdsa_simple_verify_sig(const unsigned char *dgst, int dgst_len, - const ECDSA_SIG *sig, EC_KEY *eckey); - - -/*- - * This functions computes a single point multiplication over the EC group, - * using, at a high level, a Montgomery ladder with conditional swaps, with - * various timing attack defenses. - * - * It performs either a fixed point multiplication - * (scalar * generator) - * when point is NULL, or a variable point multiplication - * (scalar * point) - * when point is not NULL. - * - * `scalar` cannot be NULL and should be in the range [0,n) otherwise all - * constant time bets are off (where n is the cardinality of the EC group). - * - * This function expects `group->order` and `group->cardinality` to be well - * defined and non-zero: it fails with an error code otherwise. - * - * NB: This says nothing about the constant-timeness of the ladder step - * implementation (i.e., the default implementation is based on EC_POINT_add and - * EC_POINT_dbl, which of course are not constant time themselves) or the - * underlying multiprecision arithmetic. - * - * The product is stored in `r`. - * - * This is an internal function: callers are in charge of ensuring that the - * input parameters `group`, `r`, `scalar` and `ctx` are not NULL. - * - * Returns 1 on success, 0 otherwise. - */ -int ossl_ec_scalar_mul_ladder(const EC_GROUP *group, EC_POINT *r, - const BIGNUM *scalar, const EC_POINT *point, - BN_CTX *ctx); - -int ossl_ec_point_blind_coordinates(const EC_GROUP *group, EC_POINT *p, - BN_CTX *ctx); - -static ossl_inline int ec_point_ladder_pre(const EC_GROUP *group, - EC_POINT *r, EC_POINT *s, - EC_POINT *p, BN_CTX *ctx) -{ - if (group->meth->ladder_pre != NULL) - return group->meth->ladder_pre(group, r, s, p, ctx); - - if (!EC_POINT_copy(s, p) - || !EC_POINT_dbl(group, r, s, ctx)) - return 0; - - return 1; -} - -static ossl_inline int ec_point_ladder_step(const EC_GROUP *group, - EC_POINT *r, EC_POINT *s, - EC_POINT *p, BN_CTX *ctx) -{ - if (group->meth->ladder_step != NULL) - return group->meth->ladder_step(group, r, s, p, ctx); - - if (!EC_POINT_add(group, s, r, s, ctx) - || !EC_POINT_dbl(group, r, r, ctx)) - return 0; - - return 1; - -} - -static ossl_inline int ec_point_ladder_post(const EC_GROUP *group, - EC_POINT *r, EC_POINT *s, - EC_POINT *p, BN_CTX *ctx) -{ - if (group->meth->ladder_post != NULL) - return group->meth->ladder_post(group, r, s, p, ctx); - - return 1; -} diff --git a/crypto/ec/ec_mult.c b/crypto/ec/ec_mult.c deleted file mode 100644 index c6ec2964b7c48ce969f94161856ce3651d4f84e4..0000000000000000000000000000000000000000 --- a/crypto/ec/ec_mult.c +++ /dev/null @@ -1,994 +0,0 @@ -/* - * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. - * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * ECDSA low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include -#include - -#include "internal/cryptlib.h" -#include "crypto/bn.h" -#include "ec_local.h" -#include "internal/refcount.h" - -/* - * This file implements the wNAF-based interleaving multi-exponentiation method - * Formerly at: - * http://www.informatik.tu-darmstadt.de/TI/Mitarbeiter/moeller.html#multiexp - * You might now find it here: - * http://link.springer.com/chapter/10.1007%2F3-540-45537-X_13 - * http://www.bmoeller.de/pdf/TI-01-08.multiexp.pdf - * For multiplication with precomputation, we use wNAF splitting, formerly at: - * http://www.informatik.tu-darmstadt.de/TI/Mitarbeiter/moeller.html#fastexp - */ - -/* structure for precomputed multiples of the generator */ -struct ec_pre_comp_st { - const EC_GROUP *group; /* parent EC_GROUP object */ - size_t blocksize; /* block size for wNAF splitting */ - size_t numblocks; /* max. number of blocks for which we have - * precomputation */ - size_t w; /* window size */ - EC_POINT **points; /* array with pre-calculated multiples of - * generator: 'num' pointers to EC_POINT - * objects followed by a NULL */ - size_t num; /* numblocks * 2^(w-1) */ - CRYPTO_REF_COUNT references; - CRYPTO_RWLOCK *lock; -}; - -static EC_PRE_COMP *ec_pre_comp_new(const EC_GROUP *group) -{ - EC_PRE_COMP *ret = NULL; - - if (!group) - return NULL; - - ret = OPENSSL_zalloc(sizeof(*ret)); - if (ret == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); - return ret; - } - - ret->group = group; - ret->blocksize = 8; /* default */ - ret->w = 4; /* default */ - ret->references = 1; - - ret->lock = CRYPTO_THREAD_lock_new(); - if (ret->lock == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); - OPENSSL_free(ret); - return NULL; - } - return ret; -} - -EC_PRE_COMP *EC_ec_pre_comp_dup(EC_PRE_COMP *pre) -{ - int i; - if (pre != NULL) - CRYPTO_UP_REF(&pre->references, &i, pre->lock); - return pre; -} - -void EC_ec_pre_comp_free(EC_PRE_COMP *pre) -{ - int i; - - if (pre == NULL) - return; - - CRYPTO_DOWN_REF(&pre->references, &i, pre->lock); - REF_PRINT_COUNT("EC_ec", pre); - if (i > 0) - return; - REF_ASSERT_ISNT(i < 0); - - if (pre->points != NULL) { - EC_POINT **pts; - - for (pts = pre->points; *pts != NULL; pts++) - EC_POINT_free(*pts); - OPENSSL_free(pre->points); - } - CRYPTO_THREAD_lock_free(pre->lock); - OPENSSL_free(pre); -} - -#define EC_POINT_BN_set_flags(P, flags) do { \ - BN_set_flags((P)->X, (flags)); \ - BN_set_flags((P)->Y, (flags)); \ - BN_set_flags((P)->Z, (flags)); \ -} while(0) - -/*- - * This functions computes a single point multiplication over the EC group, - * using, at a high level, a Montgomery ladder with conditional swaps, with - * various timing attack defenses. - * - * It performs either a fixed point multiplication - * (scalar * generator) - * when point is NULL, or a variable point multiplication - * (scalar * point) - * when point is not NULL. - * - * `scalar` cannot be NULL and should be in the range [0,n) otherwise all - * constant time bets are off (where n is the cardinality of the EC group). - * - * This function expects `group->order` and `group->cardinality` to be well - * defined and non-zero: it fails with an error code otherwise. - * - * NB: This says nothing about the constant-timeness of the ladder step - * implementation (i.e., the default implementation is based on EC_POINT_add and - * EC_POINT_dbl, which of course are not constant time themselves) or the - * underlying multiprecision arithmetic. - * - * The product is stored in `r`. - * - * This is an internal function: callers are in charge of ensuring that the - * input parameters `group`, `r`, `scalar` and `ctx` are not NULL. - * - * Returns 1 on success, 0 otherwise. - */ -int ossl_ec_scalar_mul_ladder(const EC_GROUP *group, EC_POINT *r, - const BIGNUM *scalar, const EC_POINT *point, - BN_CTX *ctx) -{ - int i, cardinality_bits, group_top, kbit, pbit, Z_is_one; - EC_POINT *p = NULL; - EC_POINT *s = NULL; - BIGNUM *k = NULL; - BIGNUM *lambda = NULL; - BIGNUM *cardinality = NULL; - int ret = 0; - - /* early exit if the input point is the point at infinity */ - if (point != NULL && EC_POINT_is_at_infinity(group, point)) - return EC_POINT_set_to_infinity(group, r); - - if (BN_is_zero(group->order)) { - ERR_raise(ERR_LIB_EC, EC_R_UNKNOWN_ORDER); - return 0; - } - if (BN_is_zero(group->cofactor)) { - ERR_raise(ERR_LIB_EC, EC_R_UNKNOWN_COFACTOR); - return 0; - } - - BN_CTX_start(ctx); - - if (((p = EC_POINT_new(group)) == NULL) - || ((s = EC_POINT_new(group)) == NULL)) { - ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); - goto err; - } - - if (point == NULL) { - if (!EC_POINT_copy(p, group->generator)) { - ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); - goto err; - } - } else { - if (!EC_POINT_copy(p, point)) { - ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); - goto err; - } - } - - EC_POINT_BN_set_flags(p, BN_FLG_CONSTTIME); - EC_POINT_BN_set_flags(r, BN_FLG_CONSTTIME); - EC_POINT_BN_set_flags(s, BN_FLG_CONSTTIME); - - cardinality = BN_CTX_get(ctx); - lambda = BN_CTX_get(ctx); - k = BN_CTX_get(ctx); - if (k == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); - goto err; - } - - if (!BN_mul(cardinality, group->order, group->cofactor, ctx)) { - ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); - goto err; - } - - /* - * Group cardinalities are often on a word boundary. - * So when we pad the scalar, some timing diff might - * pop if it needs to be expanded due to carries. - * So expand ahead of time. - */ - cardinality_bits = BN_num_bits(cardinality); - group_top = bn_get_top(cardinality); - if ((bn_wexpand(k, group_top + 2) == NULL) - || (bn_wexpand(lambda, group_top + 2) == NULL)) { - ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); - goto err; - } - - if (!BN_copy(k, scalar)) { - ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); - goto err; - } - - BN_set_flags(k, BN_FLG_CONSTTIME); - - if ((BN_num_bits(k) > cardinality_bits) || (BN_is_negative(k))) { - /*- - * this is an unusual input, and we don't guarantee - * constant-timeness - */ - if (!BN_nnmod(k, k, cardinality, ctx)) { - ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); - goto err; - } - } - - if (!BN_add(lambda, k, cardinality)) { - ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); - goto err; - } - BN_set_flags(lambda, BN_FLG_CONSTTIME); - if (!BN_add(k, lambda, cardinality)) { - ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); - goto err; - } - /* - * lambda := scalar + cardinality - * k := scalar + 2*cardinality - */ - kbit = BN_is_bit_set(lambda, cardinality_bits); - BN_consttime_swap(kbit, k, lambda, group_top + 2); - - group_top = bn_get_top(group->field); - if ((bn_wexpand(s->X, group_top) == NULL) - || (bn_wexpand(s->Y, group_top) == NULL) - || (bn_wexpand(s->Z, group_top) == NULL) - || (bn_wexpand(r->X, group_top) == NULL) - || (bn_wexpand(r->Y, group_top) == NULL) - || (bn_wexpand(r->Z, group_top) == NULL) - || (bn_wexpand(p->X, group_top) == NULL) - || (bn_wexpand(p->Y, group_top) == NULL) - || (bn_wexpand(p->Z, group_top) == NULL)) { - ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); - goto err; - } - - /* ensure input point is in affine coords for ladder step efficiency */ - if (!p->Z_is_one && (group->meth->make_affine == NULL - || !group->meth->make_affine(group, p, ctx))) { - ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); - goto err; - } - - /* Initialize the Montgomery ladder */ - if (!ec_point_ladder_pre(group, r, s, p, ctx)) { - ERR_raise(ERR_LIB_EC, EC_R_LADDER_PRE_FAILURE); - goto err; - } - - /* top bit is a 1, in a fixed pos */ - pbit = 1; - -#define EC_POINT_CSWAP(c, a, b, w, t) do { \ - BN_consttime_swap(c, (a)->X, (b)->X, w); \ - BN_consttime_swap(c, (a)->Y, (b)->Y, w); \ - BN_consttime_swap(c, (a)->Z, (b)->Z, w); \ - t = ((a)->Z_is_one ^ (b)->Z_is_one) & (c); \ - (a)->Z_is_one ^= (t); \ - (b)->Z_is_one ^= (t); \ -} while(0) - - /*- - * The ladder step, with branches, is - * - * k[i] == 0: S = add(R, S), R = dbl(R) - * k[i] == 1: R = add(S, R), S = dbl(S) - * - * Swapping R, S conditionally on k[i] leaves you with state - * - * k[i] == 0: T, U = R, S - * k[i] == 1: T, U = S, R - * - * Then perform the ECC ops. - * - * U = add(T, U) - * T = dbl(T) - * - * Which leaves you with state - * - * k[i] == 0: U = add(R, S), T = dbl(R) - * k[i] == 1: U = add(S, R), T = dbl(S) - * - * Swapping T, U conditionally on k[i] leaves you with state - * - * k[i] == 0: R, S = T, U - * k[i] == 1: R, S = U, T - * - * Which leaves you with state - * - * k[i] == 0: S = add(R, S), R = dbl(R) - * k[i] == 1: R = add(S, R), S = dbl(S) - * - * So we get the same logic, but instead of a branch it's a - * conditional swap, followed by ECC ops, then another conditional swap. - * - * Optimization: The end of iteration i and start of i-1 looks like - * - * ... - * CSWAP(k[i], R, S) - * ECC - * CSWAP(k[i], R, S) - * (next iteration) - * CSWAP(k[i-1], R, S) - * ECC - * CSWAP(k[i-1], R, S) - * ... - * - * So instead of two contiguous swaps, you can merge the condition - * bits and do a single swap. - * - * k[i] k[i-1] Outcome - * 0 0 No Swap - * 0 1 Swap - * 1 0 Swap - * 1 1 No Swap - * - * This is XOR. pbit tracks the previous bit of k. - */ - - for (i = cardinality_bits - 1; i >= 0; i--) { - kbit = BN_is_bit_set(k, i) ^ pbit; - EC_POINT_CSWAP(kbit, r, s, group_top, Z_is_one); - - /* Perform a single step of the Montgomery ladder */ - if (!ec_point_ladder_step(group, r, s, p, ctx)) { - ERR_raise(ERR_LIB_EC, EC_R_LADDER_STEP_FAILURE); - goto err; - } - /* - * pbit logic merges this cswap with that of the - * next iteration - */ - pbit ^= kbit; - } - /* one final cswap to move the right value into r */ - EC_POINT_CSWAP(pbit, r, s, group_top, Z_is_one); -#undef EC_POINT_CSWAP - - /* Finalize ladder (and recover full point coordinates) */ - if (!ec_point_ladder_post(group, r, s, p, ctx)) { - ERR_raise(ERR_LIB_EC, EC_R_LADDER_POST_FAILURE); - goto err; - } - - ret = 1; - - err: - EC_POINT_free(p); - EC_POINT_clear_free(s); - BN_CTX_end(ctx); - - return ret; -} - -#undef EC_POINT_BN_set_flags - -/* - * Table could be optimised for the wNAF-based implementation, - * sometimes smaller windows will give better performance (thus the - * boundaries should be increased) - */ -#define EC_window_bits_for_scalar_size(b) \ - ((size_t) \ - ((b) >= 2000 ? 6 : \ - (b) >= 800 ? 5 : \ - (b) >= 300 ? 4 : \ - (b) >= 70 ? 3 : \ - (b) >= 20 ? 2 : \ - 1)) - -/*- - * Compute - * \sum scalars[i]*points[i], - * also including - * scalar*generator - * in the addition if scalar != NULL - */ -int ossl_ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, - size_t num, const EC_POINT *points[], - const BIGNUM *scalars[], BN_CTX *ctx) -{ - const EC_POINT *generator = NULL; - EC_POINT *tmp = NULL; - size_t totalnum; - size_t blocksize = 0, numblocks = 0; /* for wNAF splitting */ - size_t pre_points_per_block = 0; - size_t i, j; - int k; - int r_is_inverted = 0; - int r_is_at_infinity = 1; - size_t *wsize = NULL; /* individual window sizes */ - signed char **wNAF = NULL; /* individual wNAFs */ - size_t *wNAF_len = NULL; - size_t max_len = 0; - size_t num_val; - EC_POINT **val = NULL; /* precomputation */ - EC_POINT **v; - EC_POINT ***val_sub = NULL; /* pointers to sub-arrays of 'val' or - * 'pre_comp->points' */ - const EC_PRE_COMP *pre_comp = NULL; - int num_scalar = 0; /* flag: will be set to 1 if 'scalar' must be - * treated like other scalars, i.e. - * precomputation is not available */ - int ret = 0; - - if (!BN_is_zero(group->order) && !BN_is_zero(group->cofactor)) { - /*- - * Handle the common cases where the scalar is secret, enforcing a - * scalar multiplication implementation based on a Montgomery ladder, - * with various timing attack defenses. - */ - if ((scalar != group->order) && (scalar != NULL) && (num == 0)) { - /*- - * In this case we want to compute scalar * GeneratorPoint: this - * codepath is reached most prominently by (ephemeral) key - * generation of EC cryptosystems (i.e. ECDSA keygen and sign setup, - * ECDH keygen/first half), where the scalar is always secret. This - * is why we ignore if BN_FLG_CONSTTIME is actually set and we - * always call the ladder version. - */ - return ossl_ec_scalar_mul_ladder(group, r, scalar, NULL, ctx); - } - if ((scalar == NULL) && (num == 1) && (scalars[0] != group->order)) { - /*- - * In this case we want to compute scalar * VariablePoint: this - * codepath is reached most prominently by the second half of ECDH, - * where the secret scalar is multiplied by the peer's public point. - * To protect the secret scalar, we ignore if BN_FLG_CONSTTIME is - * actually set and we always call the ladder version. - */ - return ossl_ec_scalar_mul_ladder(group, r, scalars[0], points[0], - ctx); - } - } - - if (scalar != NULL) { - generator = EC_GROUP_get0_generator(group); - if (generator == NULL) { - ERR_raise(ERR_LIB_EC, EC_R_UNDEFINED_GENERATOR); - goto err; - } - - /* look if we can use precomputed multiples of generator */ - - pre_comp = group->pre_comp.ec; - if (pre_comp && pre_comp->numblocks - && (EC_POINT_cmp(group, generator, pre_comp->points[0], ctx) == - 0)) { - blocksize = pre_comp->blocksize; - - /* - * determine maximum number of blocks that wNAF splitting may - * yield (NB: maximum wNAF length is bit length plus one) - */ - numblocks = (BN_num_bits(scalar) / blocksize) + 1; - - /* - * we cannot use more blocks than we have precomputation for - */ - if (numblocks > pre_comp->numblocks) - numblocks = pre_comp->numblocks; - - pre_points_per_block = (size_t)1 << (pre_comp->w - 1); - - /* check that pre_comp looks sane */ - if (pre_comp->num != (pre_comp->numblocks * pre_points_per_block)) { - ERR_raise(ERR_LIB_EC, ERR_R_INTERNAL_ERROR); - goto err; - } - } else { - /* can't use precomputation */ - pre_comp = NULL; - numblocks = 1; - num_scalar = 1; /* treat 'scalar' like 'num'-th element of - * 'scalars' */ - } - } - - totalnum = num + numblocks; - - wsize = OPENSSL_malloc(totalnum * sizeof(wsize[0])); - wNAF_len = OPENSSL_malloc(totalnum * sizeof(wNAF_len[0])); - /* include space for pivot */ - wNAF = OPENSSL_malloc((totalnum + 1) * sizeof(wNAF[0])); - val_sub = OPENSSL_malloc(totalnum * sizeof(val_sub[0])); - - /* Ensure wNAF is initialised in case we end up going to err */ - if (wNAF != NULL) - wNAF[0] = NULL; /* preliminary pivot */ - - if (wsize == NULL || wNAF_len == NULL || wNAF == NULL || val_sub == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); - goto err; - } - - /* - * num_val will be the total number of temporarily precomputed points - */ - num_val = 0; - - for (i = 0; i < num + num_scalar; i++) { - size_t bits; - - bits = i < num ? BN_num_bits(scalars[i]) : BN_num_bits(scalar); - wsize[i] = EC_window_bits_for_scalar_size(bits); - num_val += (size_t)1 << (wsize[i] - 1); - wNAF[i + 1] = NULL; /* make sure we always have a pivot */ - wNAF[i] = - bn_compute_wNAF((i < num ? scalars[i] : scalar), wsize[i], - &wNAF_len[i]); - if (wNAF[i] == NULL) - goto err; - if (wNAF_len[i] > max_len) - max_len = wNAF_len[i]; - } - - if (numblocks) { - /* we go here iff scalar != NULL */ - - if (pre_comp == NULL) { - if (num_scalar != 1) { - ERR_raise(ERR_LIB_EC, ERR_R_INTERNAL_ERROR); - goto err; - } - /* we have already generated a wNAF for 'scalar' */ - } else { - signed char *tmp_wNAF = NULL; - size_t tmp_len = 0; - - if (num_scalar != 0) { - ERR_raise(ERR_LIB_EC, ERR_R_INTERNAL_ERROR); - goto err; - } - - /* - * use the window size for which we have precomputation - */ - wsize[num] = pre_comp->w; - tmp_wNAF = bn_compute_wNAF(scalar, wsize[num], &tmp_len); - if (!tmp_wNAF) - goto err; - - if (tmp_len <= max_len) { - /* - * One of the other wNAFs is at least as long as the wNAF - * belonging to the generator, so wNAF splitting will not buy - * us anything. - */ - - numblocks = 1; - totalnum = num + 1; /* don't use wNAF splitting */ - wNAF[num] = tmp_wNAF; - wNAF[num + 1] = NULL; - wNAF_len[num] = tmp_len; - /* - * pre_comp->points starts with the points that we need here: - */ - val_sub[num] = pre_comp->points; - } else { - /* - * don't include tmp_wNAF directly into wNAF array - use wNAF - * splitting and include the blocks - */ - - signed char *pp; - EC_POINT **tmp_points; - - if (tmp_len < numblocks * blocksize) { - /* - * possibly we can do with fewer blocks than estimated - */ - numblocks = (tmp_len + blocksize - 1) / blocksize; - if (numblocks > pre_comp->numblocks) { - ERR_raise(ERR_LIB_EC, ERR_R_INTERNAL_ERROR); - OPENSSL_free(tmp_wNAF); - goto err; - } - totalnum = num + numblocks; - } - - /* split wNAF in 'numblocks' parts */ - pp = tmp_wNAF; - tmp_points = pre_comp->points; - - for (i = num; i < totalnum; i++) { - if (i < totalnum - 1) { - wNAF_len[i] = blocksize; - if (tmp_len < blocksize) { - ERR_raise(ERR_LIB_EC, ERR_R_INTERNAL_ERROR); - OPENSSL_free(tmp_wNAF); - goto err; - } - tmp_len -= blocksize; - } else - /* - * last block gets whatever is left (this could be - * more or less than 'blocksize'!) - */ - wNAF_len[i] = tmp_len; - - wNAF[i + 1] = NULL; - wNAF[i] = OPENSSL_malloc(wNAF_len[i]); - if (wNAF[i] == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); - OPENSSL_free(tmp_wNAF); - goto err; - } - memcpy(wNAF[i], pp, wNAF_len[i]); - if (wNAF_len[i] > max_len) - max_len = wNAF_len[i]; - - if (*tmp_points == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_INTERNAL_ERROR); - OPENSSL_free(tmp_wNAF); - goto err; - } - val_sub[i] = tmp_points; - tmp_points += pre_points_per_block; - pp += blocksize; - } - OPENSSL_free(tmp_wNAF); - } - } - } - - /* - * All points we precompute now go into a single array 'val'. - * 'val_sub[i]' is a pointer to the subarray for the i-th point, or to a - * subarray of 'pre_comp->points' if we already have precomputation. - */ - val = OPENSSL_malloc((num_val + 1) * sizeof(val[0])); - if (val == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); - goto err; - } - val[num_val] = NULL; /* pivot element */ - - /* allocate points for precomputation */ - v = val; - for (i = 0; i < num + num_scalar; i++) { - val_sub[i] = v; - for (j = 0; j < ((size_t)1 << (wsize[i] - 1)); j++) { - *v = EC_POINT_new(group); - if (*v == NULL) - goto err; - v++; - } - } - if (!(v == val + num_val)) { - ERR_raise(ERR_LIB_EC, ERR_R_INTERNAL_ERROR); - goto err; - } - - if ((tmp = EC_POINT_new(group)) == NULL) - goto err; - - /*- - * prepare precomputed values: - * val_sub[i][0] := points[i] - * val_sub[i][1] := 3 * points[i] - * val_sub[i][2] := 5 * points[i] - * ... - */ - for (i = 0; i < num + num_scalar; i++) { - if (i < num) { - if (!EC_POINT_copy(val_sub[i][0], points[i])) - goto err; - } else { - if (!EC_POINT_copy(val_sub[i][0], generator)) - goto err; - } - - if (wsize[i] > 1) { - if (!EC_POINT_dbl(group, tmp, val_sub[i][0], ctx)) - goto err; - for (j = 1; j < ((size_t)1 << (wsize[i] - 1)); j++) { - if (!EC_POINT_add - (group, val_sub[i][j], val_sub[i][j - 1], tmp, ctx)) - goto err; - } - } - } - - if (group->meth->points_make_affine == NULL - || !group->meth->points_make_affine(group, num_val, val, ctx)) - goto err; - - r_is_at_infinity = 1; - - for (k = max_len - 1; k >= 0; k--) { - if (!r_is_at_infinity) { - if (!EC_POINT_dbl(group, r, r, ctx)) - goto err; - } - - for (i = 0; i < totalnum; i++) { - if (wNAF_len[i] > (size_t)k) { - int digit = wNAF[i][k]; - int is_neg; - - if (digit) { - is_neg = digit < 0; - - if (is_neg) - digit = -digit; - - if (is_neg != r_is_inverted) { - if (!r_is_at_infinity) { - if (!EC_POINT_invert(group, r, ctx)) - goto err; - } - r_is_inverted = !r_is_inverted; - } - - /* digit > 0 */ - - if (r_is_at_infinity) { - if (!EC_POINT_copy(r, val_sub[i][digit >> 1])) - goto err; - - /*- - * Apply coordinate blinding for EC_POINT. - * - * The underlying EC_METHOD can optionally implement this function: - * ossl_ec_point_blind_coordinates() returns 0 in case of errors or 1 on - * success or if coordinate blinding is not implemented for this - * group. - */ - if (!ossl_ec_point_blind_coordinates(group, r, ctx)) { - ERR_raise(ERR_LIB_EC, EC_R_POINT_COORDINATES_BLIND_FAILURE); - goto err; - } - - r_is_at_infinity = 0; - } else { - if (!EC_POINT_add - (group, r, r, val_sub[i][digit >> 1], ctx)) - goto err; - } - } - } - } - } - - if (r_is_at_infinity) { - if (!EC_POINT_set_to_infinity(group, r)) - goto err; - } else { - if (r_is_inverted) - if (!EC_POINT_invert(group, r, ctx)) - goto err; - } - - ret = 1; - - err: - EC_POINT_free(tmp); - OPENSSL_free(wsize); - OPENSSL_free(wNAF_len); - if (wNAF != NULL) { - signed char **w; - - for (w = wNAF; *w != NULL; w++) - OPENSSL_free(*w); - - OPENSSL_free(wNAF); - } - if (val != NULL) { - for (v = val; *v != NULL; v++) - EC_POINT_clear_free(*v); - - OPENSSL_free(val); - } - OPENSSL_free(val_sub); - return ret; -} - -/*- - * ossl_ec_wNAF_precompute_mult() - * creates an EC_PRE_COMP object with preprecomputed multiples of the generator - * for use with wNAF splitting as implemented in ossl_ec_wNAF_mul(). - * - * 'pre_comp->points' is an array of multiples of the generator - * of the following form: - * points[0] = generator; - * points[1] = 3 * generator; - * ... - * points[2^(w-1)-1] = (2^(w-1)-1) * generator; - * points[2^(w-1)] = 2^blocksize * generator; - * points[2^(w-1)+1] = 3 * 2^blocksize * generator; - * ... - * points[2^(w-1)*(numblocks-1)-1] = (2^(w-1)) * 2^(blocksize*(numblocks-2)) * generator - * points[2^(w-1)*(numblocks-1)] = 2^(blocksize*(numblocks-1)) * generator - * ... - * points[2^(w-1)*numblocks-1] = (2^(w-1)) * 2^(blocksize*(numblocks-1)) * generator - * points[2^(w-1)*numblocks] = NULL - */ -int ossl_ec_wNAF_precompute_mult(EC_GROUP *group, BN_CTX *ctx) -{ - const EC_POINT *generator; - EC_POINT *tmp_point = NULL, *base = NULL, **var; - const BIGNUM *order; - size_t i, bits, w, pre_points_per_block, blocksize, numblocks, num; - EC_POINT **points = NULL; - EC_PRE_COMP *pre_comp; - int ret = 0; - int used_ctx = 0; -#ifndef FIPS_MODULE - BN_CTX *new_ctx = NULL; -#endif - - /* if there is an old EC_PRE_COMP object, throw it away */ - EC_pre_comp_free(group); - if ((pre_comp = ec_pre_comp_new(group)) == NULL) - return 0; - - generator = EC_GROUP_get0_generator(group); - if (generator == NULL) { - ERR_raise(ERR_LIB_EC, EC_R_UNDEFINED_GENERATOR); - goto err; - } - -#ifndef FIPS_MODULE - if (ctx == NULL) - ctx = new_ctx = BN_CTX_new(); -#endif - if (ctx == NULL) - goto err; - - BN_CTX_start(ctx); - used_ctx = 1; - - order = EC_GROUP_get0_order(group); - if (order == NULL) - goto err; - if (BN_is_zero(order)) { - ERR_raise(ERR_LIB_EC, EC_R_UNKNOWN_ORDER); - goto err; - } - - bits = BN_num_bits(order); - /* - * The following parameters mean we precompute (approximately) one point - * per bit. TBD: The combination 8, 4 is perfect for 160 bits; for other - * bit lengths, other parameter combinations might provide better - * efficiency. - */ - blocksize = 8; - w = 4; - if (EC_window_bits_for_scalar_size(bits) > w) { - /* let's not make the window too small ... */ - w = EC_window_bits_for_scalar_size(bits); - } - - numblocks = (bits + blocksize - 1) / blocksize; /* max. number of blocks - * to use for wNAF - * splitting */ - - pre_points_per_block = (size_t)1 << (w - 1); - num = pre_points_per_block * numblocks; /* number of points to compute - * and store */ - - points = OPENSSL_malloc(sizeof(*points) * (num + 1)); - if (points == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); - goto err; - } - - var = points; - var[num] = NULL; /* pivot */ - for (i = 0; i < num; i++) { - if ((var[i] = EC_POINT_new(group)) == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); - goto err; - } - } - - if ((tmp_point = EC_POINT_new(group)) == NULL - || (base = EC_POINT_new(group)) == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); - goto err; - } - - if (!EC_POINT_copy(base, generator)) - goto err; - - /* do the precomputation */ - for (i = 0; i < numblocks; i++) { - size_t j; - - if (!EC_POINT_dbl(group, tmp_point, base, ctx)) - goto err; - - if (!EC_POINT_copy(*var++, base)) - goto err; - - for (j = 1; j < pre_points_per_block; j++, var++) { - /* - * calculate odd multiples of the current base point - */ - if (!EC_POINT_add(group, *var, tmp_point, *(var - 1), ctx)) - goto err; - } - - if (i < numblocks - 1) { - /* - * get the next base (multiply current one by 2^blocksize) - */ - size_t k; - - if (blocksize <= 2) { - ERR_raise(ERR_LIB_EC, ERR_R_INTERNAL_ERROR); - goto err; - } - - if (!EC_POINT_dbl(group, base, tmp_point, ctx)) - goto err; - for (k = 2; k < blocksize; k++) { - if (!EC_POINT_dbl(group, base, base, ctx)) - goto err; - } - } - } - - if (group->meth->points_make_affine == NULL - || !group->meth->points_make_affine(group, num, points, ctx)) - goto err; - - pre_comp->group = group; - pre_comp->blocksize = blocksize; - pre_comp->numblocks = numblocks; - pre_comp->w = w; - pre_comp->points = points; - points = NULL; - pre_comp->num = num; - SETPRECOMP(group, ec, pre_comp); - pre_comp = NULL; - ret = 1; - - err: - if (used_ctx) - BN_CTX_end(ctx); -#ifndef FIPS_MODULE - BN_CTX_free(new_ctx); -#endif - EC_ec_pre_comp_free(pre_comp); - if (points) { - EC_POINT **p; - - for (p = points; *p != NULL; p++) - EC_POINT_free(*p); - OPENSSL_free(points); - } - EC_POINT_free(tmp_point); - EC_POINT_free(base); - return ret; -} - -int ossl_ec_wNAF_have_precompute_mult(const EC_GROUP *group) -{ - return HAVEPRECOMP(group, ec); -} diff --git a/crypto/ec/ec_oct.c b/crypto/ec/ec_oct.c deleted file mode 100644 index 790a0b29077176f283b367775cea15ff6fb21331..0000000000000000000000000000000000000000 --- a/crypto/ec/ec_oct.c +++ /dev/null @@ -1,154 +0,0 @@ -/* - * Copyright 2011-2021 The OpenSSL Project Authors. All Rights Reserved. - * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * ECDSA low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include - -#include -#include - -#include "ec_local.h" - -int EC_POINT_set_compressed_coordinates(const EC_GROUP *group, EC_POINT *point, - const BIGNUM *x, int y_bit, BN_CTX *ctx) -{ - if (group->meth->point_set_compressed_coordinates == NULL - && !(group->meth->flags & EC_FLAGS_DEFAULT_OCT)) { - ERR_raise(ERR_LIB_EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return 0; - } - if (!ec_point_is_compat(point, group)) { - ERR_raise(ERR_LIB_EC, EC_R_INCOMPATIBLE_OBJECTS); - return 0; - } - if (group->meth->flags & EC_FLAGS_DEFAULT_OCT) { - if (group->meth->field_type == NID_X9_62_prime_field) - return ossl_ec_GFp_simple_set_compressed_coordinates(group, point, x, - y_bit, ctx); - else -#ifdef OPENSSL_NO_EC2M - { - ERR_raise(ERR_LIB_EC, EC_R_GF2M_NOT_SUPPORTED); - return 0; - } -#else - return ossl_ec_GF2m_simple_set_compressed_coordinates(group, point, - x, y_bit, ctx); -#endif - } - return group->meth->point_set_compressed_coordinates(group, point, x, - y_bit, ctx); -} - -#ifndef OPENSSL_NO_DEPRECATED_3_0 -int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group, - EC_POINT *point, const BIGNUM *x, - int y_bit, BN_CTX *ctx) -{ - return EC_POINT_set_compressed_coordinates(group, point, x, y_bit, ctx); -} - -# ifndef OPENSSL_NO_EC2M -int EC_POINT_set_compressed_coordinates_GF2m(const EC_GROUP *group, - EC_POINT *point, const BIGNUM *x, - int y_bit, BN_CTX *ctx) -{ - return EC_POINT_set_compressed_coordinates(group, point, x, y_bit, ctx); -} -# endif -#endif - -size_t EC_POINT_point2oct(const EC_GROUP *group, const EC_POINT *point, - point_conversion_form_t form, unsigned char *buf, - size_t len, BN_CTX *ctx) -{ - if (group->meth->point2oct == 0 - && !(group->meth->flags & EC_FLAGS_DEFAULT_OCT)) { - ERR_raise(ERR_LIB_EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return 0; - } - if (!ec_point_is_compat(point, group)) { - ERR_raise(ERR_LIB_EC, EC_R_INCOMPATIBLE_OBJECTS); - return 0; - } - if (group->meth->flags & EC_FLAGS_DEFAULT_OCT) { - if (group->meth->field_type == NID_X9_62_prime_field) - return ossl_ec_GFp_simple_point2oct(group, point, form, buf, len, - ctx); - else -#ifdef OPENSSL_NO_EC2M - { - ERR_raise(ERR_LIB_EC, EC_R_GF2M_NOT_SUPPORTED); - return 0; - } -#else - return ossl_ec_GF2m_simple_point2oct(group, point, - form, buf, len, ctx); -#endif - } - - return group->meth->point2oct(group, point, form, buf, len, ctx); -} - -int EC_POINT_oct2point(const EC_GROUP *group, EC_POINT *point, - const unsigned char *buf, size_t len, BN_CTX *ctx) -{ - if (group->meth->oct2point == 0 - && !(group->meth->flags & EC_FLAGS_DEFAULT_OCT)) { - ERR_raise(ERR_LIB_EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return 0; - } - if (!ec_point_is_compat(point, group)) { - ERR_raise(ERR_LIB_EC, EC_R_INCOMPATIBLE_OBJECTS); - return 0; - } - if (group->meth->flags & EC_FLAGS_DEFAULT_OCT) { - if (group->meth->field_type == NID_X9_62_prime_field) - return ossl_ec_GFp_simple_oct2point(group, point, buf, len, ctx); - else -#ifdef OPENSSL_NO_EC2M - { - ERR_raise(ERR_LIB_EC, EC_R_GF2M_NOT_SUPPORTED); - return 0; - } -#else - return ossl_ec_GF2m_simple_oct2point(group, point, buf, len, ctx); -#endif - } - return group->meth->oct2point(group, point, buf, len, ctx); -} - -size_t EC_POINT_point2buf(const EC_GROUP *group, const EC_POINT *point, - point_conversion_form_t form, - unsigned char **pbuf, BN_CTX *ctx) -{ - size_t len; - unsigned char *buf; - - len = EC_POINT_point2oct(group, point, form, NULL, 0, NULL); - if (len == 0) - return 0; - if ((buf = OPENSSL_malloc(len)) == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); - return 0; - } - len = EC_POINT_point2oct(group, point, form, buf, len, ctx); - if (len == 0) { - OPENSSL_free(buf); - return 0; - } - *pbuf = buf; - return len; -} diff --git a/crypto/ec/ec_pmeth.c b/crypto/ec/ec_pmeth.c deleted file mode 100644 index 19e2f0d0c04d0f13882c56708d698ede70b7b271..0000000000000000000000000000000000000000 --- a/crypto/ec/ec_pmeth.c +++ /dev/null @@ -1,519 +0,0 @@ -/* - * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * ECDH and ECDSA low level APIs are deprecated for public use, but still ok - * for internal use. - */ -#include "internal/deprecated.h" - -#include -#include "internal/cryptlib.h" -#include -#include -#include -#include "ec_local.h" -#include -#include "crypto/evp.h" - -/* EC pkey context structure */ - -typedef struct { - /* Key and paramgen group */ - EC_GROUP *gen_group; - /* message digest */ - const EVP_MD *md; - /* Duplicate key if custom cofactor needed */ - EC_KEY *co_key; - /* Cofactor mode */ - signed char cofactor_mode; - /* KDF (if any) to use for ECDH */ - char kdf_type; - /* Message digest to use for key derivation */ - const EVP_MD *kdf_md; - /* User key material */ - unsigned char *kdf_ukm; - size_t kdf_ukmlen; - /* KDF output length */ - size_t kdf_outlen; -} EC_PKEY_CTX; - -static int pkey_ec_init(EVP_PKEY_CTX *ctx) -{ - EC_PKEY_CTX *dctx; - - if ((dctx = OPENSSL_zalloc(sizeof(*dctx))) == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); - return 0; - } - - dctx->cofactor_mode = -1; - dctx->kdf_type = EVP_PKEY_ECDH_KDF_NONE; - ctx->data = dctx; - return 1; -} - -static int pkey_ec_copy(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src) -{ - EC_PKEY_CTX *dctx, *sctx; - if (!pkey_ec_init(dst)) - return 0; - sctx = src->data; - dctx = dst->data; - if (sctx->gen_group) { - dctx->gen_group = EC_GROUP_dup(sctx->gen_group); - if (!dctx->gen_group) - return 0; - } - dctx->md = sctx->md; - - if (sctx->co_key) { - dctx->co_key = EC_KEY_dup(sctx->co_key); - if (!dctx->co_key) - return 0; - } - dctx->kdf_type = sctx->kdf_type; - dctx->kdf_md = sctx->kdf_md; - dctx->kdf_outlen = sctx->kdf_outlen; - if (sctx->kdf_ukm) { - dctx->kdf_ukm = OPENSSL_memdup(sctx->kdf_ukm, sctx->kdf_ukmlen); - if (!dctx->kdf_ukm) - return 0; - } else - dctx->kdf_ukm = NULL; - dctx->kdf_ukmlen = sctx->kdf_ukmlen; - return 1; -} - -static void pkey_ec_cleanup(EVP_PKEY_CTX *ctx) -{ - EC_PKEY_CTX *dctx = ctx->data; - if (dctx != NULL) { - EC_GROUP_free(dctx->gen_group); - EC_KEY_free(dctx->co_key); - OPENSSL_free(dctx->kdf_ukm); - OPENSSL_free(dctx); - ctx->data = NULL; - } -} - -static int pkey_ec_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, - const unsigned char *tbs, size_t tbslen) -{ - int ret, type; - unsigned int sltmp; - EC_PKEY_CTX *dctx = ctx->data; - /* - * Discard const. Its marked as const because this may be a cached copy of - * the "real" key. These calls don't make any modifications that need to - * be reflected back in the "original" key. - */ - EC_KEY *ec = (EC_KEY *)EVP_PKEY_get0_EC_KEY(ctx->pkey); - const int sig_sz = ECDSA_size(ec); - - /* ensure cast to size_t is safe */ - if (!ossl_assert(sig_sz > 0)) - return 0; - - if (sig == NULL) { - *siglen = (size_t)sig_sz; - return 1; - } - - if (*siglen < (size_t)sig_sz) { - ERR_raise(ERR_LIB_EC, EC_R_BUFFER_TOO_SMALL); - return 0; - } - - type = (dctx->md != NULL) ? EVP_MD_get_type(dctx->md) : NID_sha1; - - ret = ECDSA_sign(type, tbs, tbslen, sig, &sltmp, ec); - - if (ret <= 0) - return ret; - *siglen = (size_t)sltmp; - return 1; -} - -static int pkey_ec_verify(EVP_PKEY_CTX *ctx, - const unsigned char *sig, size_t siglen, - const unsigned char *tbs, size_t tbslen) -{ - int ret, type; - EC_PKEY_CTX *dctx = ctx->data; - /* - * Discard const. Its marked as const because this may be a cached copy of - * the "real" key. These calls don't make any modifications that need to - * be reflected back in the "original" key. - */ - EC_KEY *ec = (EC_KEY *)EVP_PKEY_get0_EC_KEY(ctx->pkey); - - if (dctx->md) - type = EVP_MD_get_type(dctx->md); - else - type = NID_sha1; - - ret = ECDSA_verify(type, tbs, tbslen, sig, siglen, ec); - - return ret; -} - -#ifndef OPENSSL_NO_EC -static int pkey_ec_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen) -{ - int ret; - size_t outlen; - const EC_POINT *pubkey = NULL; - EC_KEY *eckey; - const EC_KEY *eckeypub; - EC_PKEY_CTX *dctx = ctx->data; - - if (ctx->pkey == NULL || ctx->peerkey == NULL) { - ERR_raise(ERR_LIB_EC, EC_R_KEYS_NOT_SET); - return 0; - } - eckeypub = EVP_PKEY_get0_EC_KEY(ctx->peerkey); - if (eckeypub == NULL) { - ERR_raise(ERR_LIB_EC, EC_R_KEYS_NOT_SET); - return 0; - } - - eckey = dctx->co_key ? dctx->co_key - : (EC_KEY *)EVP_PKEY_get0_EC_KEY(ctx->pkey); - - if (!key) { - const EC_GROUP *group; - group = EC_KEY_get0_group(eckey); - - if (group == NULL) - return 0; - *keylen = (EC_GROUP_get_degree(group) + 7) / 8; - return 1; - } - pubkey = EC_KEY_get0_public_key(eckeypub); - - /* - * NB: unlike PKCS#3 DH, if *outlen is less than maximum size this is not - * an error, the result is truncated. - */ - - outlen = *keylen; - - ret = ECDH_compute_key(key, outlen, pubkey, eckey, 0); - if (ret <= 0) - return 0; - *keylen = ret; - return 1; -} - -static int pkey_ec_kdf_derive(EVP_PKEY_CTX *ctx, - unsigned char *key, size_t *keylen) -{ - EC_PKEY_CTX *dctx = ctx->data; - unsigned char *ktmp = NULL; - size_t ktmplen; - int rv = 0; - if (dctx->kdf_type == EVP_PKEY_ECDH_KDF_NONE) - return pkey_ec_derive(ctx, key, keylen); - if (!key) { - *keylen = dctx->kdf_outlen; - return 1; - } - if (*keylen != dctx->kdf_outlen) - return 0; - if (!pkey_ec_derive(ctx, NULL, &ktmplen)) - return 0; - if ((ktmp = OPENSSL_malloc(ktmplen)) == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); - return 0; - } - if (!pkey_ec_derive(ctx, ktmp, &ktmplen)) - goto err; - /* Do KDF stuff */ - if (!ossl_ecdh_kdf_X9_63(key, *keylen, ktmp, ktmplen, - dctx->kdf_ukm, dctx->kdf_ukmlen, dctx->kdf_md, - ctx->libctx, ctx->propquery)) - goto err; - rv = 1; - - err: - OPENSSL_clear_free(ktmp, ktmplen); - return rv; -} -#endif - -static int pkey_ec_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) -{ - EC_PKEY_CTX *dctx = ctx->data; - EC_GROUP *group; - switch (type) { - case EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID: - group = EC_GROUP_new_by_curve_name(p1); - if (group == NULL) { - ERR_raise(ERR_LIB_EC, EC_R_INVALID_CURVE); - return 0; - } - EC_GROUP_free(dctx->gen_group); - dctx->gen_group = group; - return 1; - - case EVP_PKEY_CTRL_EC_PARAM_ENC: - if (!dctx->gen_group) { - ERR_raise(ERR_LIB_EC, EC_R_NO_PARAMETERS_SET); - return 0; - } - EC_GROUP_set_asn1_flag(dctx->gen_group, p1); - return 1; - -#ifndef OPENSSL_NO_EC - case EVP_PKEY_CTRL_EC_ECDH_COFACTOR: - if (p1 == -2) { - if (dctx->cofactor_mode != -1) - return dctx->cofactor_mode; - else { - const EC_KEY *ec_key = EVP_PKEY_get0_EC_KEY(ctx->pkey); - return EC_KEY_get_flags(ec_key) & EC_FLAG_COFACTOR_ECDH ? 1 : 0; - } - } else if (p1 < -1 || p1 > 1) - return -2; - dctx->cofactor_mode = p1; - if (p1 != -1) { - EC_KEY *ec_key = (EC_KEY *)EVP_PKEY_get0_EC_KEY(ctx->pkey); - - /* - * We discarded the "const" above. This will only work if the key is - * a "real" legacy key, and not a cached copy of a provided key - */ - if (evp_pkey_is_provided(ctx->pkey)) { - ERR_raise(ERR_LIB_EC, ERR_R_UNSUPPORTED); - return 0; - } - if (!ec_key->group) - return -2; - /* If cofactor is 1 cofactor mode does nothing */ - if (BN_is_one(ec_key->group->cofactor)) - return 1; - if (!dctx->co_key) { - dctx->co_key = EC_KEY_dup(ec_key); - if (!dctx->co_key) - return 0; - } - if (p1) - EC_KEY_set_flags(dctx->co_key, EC_FLAG_COFACTOR_ECDH); - else - EC_KEY_clear_flags(dctx->co_key, EC_FLAG_COFACTOR_ECDH); - } else { - EC_KEY_free(dctx->co_key); - dctx->co_key = NULL; - } - return 1; -#endif - - case EVP_PKEY_CTRL_EC_KDF_TYPE: - if (p1 == -2) - return dctx->kdf_type; - if (p1 != EVP_PKEY_ECDH_KDF_NONE && p1 != EVP_PKEY_ECDH_KDF_X9_63) - return -2; - dctx->kdf_type = p1; - return 1; - - case EVP_PKEY_CTRL_EC_KDF_MD: - dctx->kdf_md = p2; - return 1; - - case EVP_PKEY_CTRL_GET_EC_KDF_MD: - *(const EVP_MD **)p2 = dctx->kdf_md; - return 1; - - case EVP_PKEY_CTRL_EC_KDF_OUTLEN: - if (p1 <= 0) - return -2; - dctx->kdf_outlen = (size_t)p1; - return 1; - - case EVP_PKEY_CTRL_GET_EC_KDF_OUTLEN: - *(int *)p2 = dctx->kdf_outlen; - return 1; - - case EVP_PKEY_CTRL_EC_KDF_UKM: - OPENSSL_free(dctx->kdf_ukm); - dctx->kdf_ukm = p2; - if (p2) - dctx->kdf_ukmlen = p1; - else - dctx->kdf_ukmlen = 0; - return 1; - - case EVP_PKEY_CTRL_GET_EC_KDF_UKM: - *(unsigned char **)p2 = dctx->kdf_ukm; - return dctx->kdf_ukmlen; - - case EVP_PKEY_CTRL_MD: - if (EVP_MD_get_type((const EVP_MD *)p2) != NID_sha1 && - EVP_MD_get_type((const EVP_MD *)p2) != NID_ecdsa_with_SHA1 && - EVP_MD_get_type((const EVP_MD *)p2) != NID_sha224 && - EVP_MD_get_type((const EVP_MD *)p2) != NID_sha256 && - EVP_MD_get_type((const EVP_MD *)p2) != NID_sha384 && - EVP_MD_get_type((const EVP_MD *)p2) != NID_sha512 && - EVP_MD_get_type((const EVP_MD *)p2) != NID_sha3_224 && - EVP_MD_get_type((const EVP_MD *)p2) != NID_sha3_256 && - EVP_MD_get_type((const EVP_MD *)p2) != NID_sha3_384 && - EVP_MD_get_type((const EVP_MD *)p2) != NID_sha3_512 && - EVP_MD_get_type((const EVP_MD *)p2) != NID_sm3) { - ERR_raise(ERR_LIB_EC, EC_R_INVALID_DIGEST_TYPE); - return 0; - } - dctx->md = p2; - return 1; - - case EVP_PKEY_CTRL_GET_MD: - *(const EVP_MD **)p2 = dctx->md; - return 1; - - case EVP_PKEY_CTRL_PEER_KEY: - /* Default behaviour is OK */ - case EVP_PKEY_CTRL_DIGESTINIT: - case EVP_PKEY_CTRL_PKCS7_SIGN: - case EVP_PKEY_CTRL_CMS_SIGN: - return 1; - - default: - return -2; - - } -} - -static int pkey_ec_ctrl_str(EVP_PKEY_CTX *ctx, - const char *type, const char *value) -{ - if (strcmp(type, "ec_paramgen_curve") == 0) { - int nid; - nid = EC_curve_nist2nid(value); - if (nid == NID_undef) - nid = OBJ_sn2nid(value); - if (nid == NID_undef) - nid = OBJ_ln2nid(value); - if (nid == NID_undef) { - ERR_raise(ERR_LIB_EC, EC_R_INVALID_CURVE); - return 0; - } - return EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid); - } else if (strcmp(type, "ec_param_enc") == 0) { - int param_enc; - if (strcmp(value, "explicit") == 0) - param_enc = 0; - else if (strcmp(value, "named_curve") == 0) - param_enc = OPENSSL_EC_NAMED_CURVE; - else - return -2; - return EVP_PKEY_CTX_set_ec_param_enc(ctx, param_enc); - } else if (strcmp(type, "ecdh_kdf_md") == 0) { - const EVP_MD *md; - if ((md = EVP_get_digestbyname(value)) == NULL) { - ERR_raise(ERR_LIB_EC, EC_R_INVALID_DIGEST); - return 0; - } - return EVP_PKEY_CTX_set_ecdh_kdf_md(ctx, md); - } else if (strcmp(type, "ecdh_cofactor_mode") == 0) { - int co_mode; - co_mode = atoi(value); - return EVP_PKEY_CTX_set_ecdh_cofactor_mode(ctx, co_mode); - } - - return -2; -} - -static int pkey_ec_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) -{ - EC_KEY *ec = NULL; - EC_PKEY_CTX *dctx = ctx->data; - int ret; - - if (dctx->gen_group == NULL) { - ERR_raise(ERR_LIB_EC, EC_R_NO_PARAMETERS_SET); - return 0; - } - ec = EC_KEY_new(); - if (ec == NULL) - return 0; - if (!(ret = EC_KEY_set_group(ec, dctx->gen_group)) - || !ossl_assert(ret = EVP_PKEY_assign_EC_KEY(pkey, ec))) - EC_KEY_free(ec); - return ret; -} - -static int pkey_ec_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) -{ - EC_KEY *ec = NULL; - EC_PKEY_CTX *dctx = ctx->data; - int ret; - - if (ctx->pkey == NULL && dctx->gen_group == NULL) { - ERR_raise(ERR_LIB_EC, EC_R_NO_PARAMETERS_SET); - return 0; - } - ec = EC_KEY_new(); - if (ec == NULL) - return 0; - if (!ossl_assert(EVP_PKEY_assign_EC_KEY(pkey, ec))) { - EC_KEY_free(ec); - return 0; - } - /* Note: if error is returned, we count on caller to free pkey->pkey.ec */ - if (ctx->pkey != NULL) - ret = EVP_PKEY_copy_parameters(pkey, ctx->pkey); - else - ret = EC_KEY_set_group(ec, dctx->gen_group); - - return ret ? EC_KEY_generate_key(ec) : 0; -} - -static const EVP_PKEY_METHOD ec_pkey_meth = { - EVP_PKEY_EC, - 0, - pkey_ec_init, - pkey_ec_copy, - pkey_ec_cleanup, - - 0, - pkey_ec_paramgen, - - 0, - pkey_ec_keygen, - - 0, - pkey_ec_sign, - - 0, - pkey_ec_verify, - - 0, 0, - - 0, 0, 0, 0, - - 0, - 0, - - 0, - 0, - - 0, -#ifndef OPENSSL_NO_EC - pkey_ec_kdf_derive, -#else - 0, -#endif - pkey_ec_ctrl, - pkey_ec_ctrl_str -}; - -const EVP_PKEY_METHOD *ossl_ec_pkey_method(void) -{ - return &ec_pkey_meth; -} diff --git a/crypto/ec/ec_print.c b/crypto/ec/ec_print.c deleted file mode 100644 index ffe112052fbd620912f56958067dfac1db191975..0000000000000000000000000000000000000000 --- a/crypto/ec/ec_print.c +++ /dev/null @@ -1,85 +0,0 @@ -/* - * Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include /* strlen */ -#include -#include "ec_local.h" - -static const char *HEX_DIGITS = "0123456789ABCDEF"; - -/* the return value must be freed (using OPENSSL_free()) */ -char *EC_POINT_point2hex(const EC_GROUP *group, - const EC_POINT *point, - point_conversion_form_t form, BN_CTX *ctx) -{ - char *ret, *p; - size_t buf_len = 0, i; - unsigned char *buf = NULL, *pbuf; - - buf_len = EC_POINT_point2buf(group, point, form, &buf, ctx); - - if (buf_len == 0) - return NULL; - - ret = OPENSSL_malloc(buf_len * 2 + 2); - if (ret == NULL) { - OPENSSL_free(buf); - return NULL; - } - p = ret; - pbuf = buf; - for (i = buf_len; i > 0; i--) { - int v = (int)*(pbuf++); - *(p++) = HEX_DIGITS[v >> 4]; - *(p++) = HEX_DIGITS[v & 0x0F]; - } - *p = '\0'; - - OPENSSL_free(buf); - - return ret; -} - -EC_POINT *EC_POINT_hex2point(const EC_GROUP *group, - const char *hex, EC_POINT *point, BN_CTX *ctx) -{ - int ok = 0; - unsigned char *oct_buf = NULL; - size_t len, oct_buf_len = 0; - EC_POINT *pt = NULL; - - if (group == NULL || hex == NULL) - return NULL; - - if (point == NULL) { - pt = EC_POINT_new(group); - if (pt == NULL) - goto err; - } else { - pt = point; - } - - len = strlen(hex) / 2; - oct_buf = OPENSSL_malloc(len); - if (oct_buf == NULL) - goto err; - - if (!OPENSSL_hexstr2buf_ex(oct_buf, len, &oct_buf_len, hex, '\0') - || !EC_POINT_oct2point(group, pt, oct_buf, oct_buf_len, ctx)) - goto err; - ok = 1; -err: - OPENSSL_clear_free(oct_buf, oct_buf_len); - if (!ok) { - if (pt != point) - EC_POINT_clear_free(pt); - pt = NULL; - } - return pt; -} diff --git a/crypto/ec/ecdh_kdf.c b/crypto/ec/ecdh_kdf.c deleted file mode 100644 index de63bf8500b4fc465f3d9a1d1fac9ab4c64a14f1..0000000000000000000000000000000000000000 --- a/crypto/ec/ecdh_kdf.c +++ /dev/null @@ -1,65 +0,0 @@ -/* - * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * ECDH low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include -#include -#include -#include -#include -#include "ec_local.h" - -/* Key derivation function from X9.63/SECG */ -int ossl_ecdh_kdf_X9_63(unsigned char *out, size_t outlen, - const unsigned char *Z, size_t Zlen, - const unsigned char *sinfo, size_t sinfolen, - const EVP_MD *md, - OSSL_LIB_CTX *libctx, const char *propq) -{ - int ret = 0; - EVP_KDF_CTX *kctx = NULL; - OSSL_PARAM params[4], *p = params; - const char *mdname = EVP_MD_get0_name(md); - EVP_KDF *kdf = EVP_KDF_fetch(libctx, OSSL_KDF_NAME_X963KDF, propq); - - if ((kctx = EVP_KDF_CTX_new(kdf)) != NULL) { - *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, - (char *)mdname, 0); - *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, - (void *)Z, Zlen); - *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, - (void *)sinfo, sinfolen); - *p = OSSL_PARAM_construct_end(); - - ret = EVP_KDF_derive(kctx, out, outlen, params) > 0; - EVP_KDF_CTX_free(kctx); - } - EVP_KDF_free(kdf); - return ret; -} - -/*- - * The old name for ecdh_KDF_X9_63 - * Retained for ABI compatibility - */ -#ifndef OPENSSL_NO_DEPRECATED_3_0 -int ECDH_KDF_X9_62(unsigned char *out, size_t outlen, - const unsigned char *Z, size_t Zlen, - const unsigned char *sinfo, size_t sinfolen, - const EVP_MD *md) -{ - return ossl_ecdh_kdf_X9_63(out, outlen, Z, Zlen, sinfo, sinfolen, md, NULL, - NULL); -} -#endif diff --git a/crypto/ec/ecdh_ossl.c b/crypto/ec/ecdh_ossl.c deleted file mode 100644 index 8016c6d7ad73ac313c08509909f05e676dc8a2cc..0000000000000000000000000000000000000000 --- a/crypto/ec/ecdh_ossl.c +++ /dev/null @@ -1,146 +0,0 @@ -/* - * Copyright 2002-2021 The OpenSSL Project Authors. All Rights Reserved. - * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * ECDH low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include -#include - -#include "internal/cryptlib.h" - -#include -#include -#include -#include -#include "ec_local.h" - -int ossl_ecdh_compute_key(unsigned char **psec, size_t *pseclen, - const EC_POINT *pub_key, const EC_KEY *ecdh) -{ - if (ecdh->group->meth->ecdh_compute_key == NULL) { - ERR_raise(ERR_LIB_EC, EC_R_CURVE_DOES_NOT_SUPPORT_ECDH); - return 0; - } - - return ecdh->group->meth->ecdh_compute_key(psec, pseclen, pub_key, ecdh); -} - -/*- - * This implementation is based on the following primitives in the - * IEEE 1363 standard: - * - ECKAS-DH1 - * - ECSVDP-DH - * - * It also conforms to SP800-56A r3 - * See Section 5.7.1.2 "Elliptic Curve Cryptography Cofactor Diffie-Hellman - * (ECC CDH) Primitive:". The steps listed below refer to SP800-56A. - */ -int ossl_ecdh_simple_compute_key(unsigned char **pout, size_t *poutlen, - const EC_POINT *pub_key, const EC_KEY *ecdh) -{ - BN_CTX *ctx; - EC_POINT *tmp = NULL; - BIGNUM *x = NULL; - const BIGNUM *priv_key; - const EC_GROUP *group; - int ret = 0; - size_t buflen, len; - unsigned char *buf = NULL; - - if ((ctx = BN_CTX_new_ex(ecdh->libctx)) == NULL) - goto err; - BN_CTX_start(ctx); - x = BN_CTX_get(ctx); - if (x == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); - goto err; - } - - priv_key = EC_KEY_get0_private_key(ecdh); - if (priv_key == NULL) { - ERR_raise(ERR_LIB_EC, EC_R_MISSING_PRIVATE_KEY); - goto err; - } - - group = EC_KEY_get0_group(ecdh); - - /* - * Step(1) - Compute the point tmp = cofactor * owners_private_key - * * peer_public_key. - */ - if (EC_KEY_get_flags(ecdh) & EC_FLAG_COFACTOR_ECDH) { - if (!EC_GROUP_get_cofactor(group, x, NULL) || - !BN_mul(x, x, priv_key, ctx)) { - ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); - goto err; - } - priv_key = x; - } - - if ((tmp = EC_POINT_new(group)) == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); - goto err; - } - - if (!EC_POINT_mul(group, tmp, NULL, pub_key, priv_key, ctx)) { - ERR_raise(ERR_LIB_EC, EC_R_POINT_ARITHMETIC_FAILURE); - goto err; - } - - /* - * Step(2) : If point tmp is at infinity then clear intermediate values and - * exit. Note: getting affine coordinates returns 0 if point is at infinity. - * Step(3a) : Get x-coordinate of point x = tmp.x - */ - if (!EC_POINT_get_affine_coordinates(group, tmp, x, NULL, ctx)) { - ERR_raise(ERR_LIB_EC, EC_R_POINT_ARITHMETIC_FAILURE); - goto err; - } - - /* - * Step(3b) : convert x to a byte string, using the field-element-to-byte - * string conversion routine defined in Appendix C.2 - */ - buflen = (EC_GROUP_get_degree(group) + 7) / 8; - len = BN_num_bytes(x); - if (len > buflen) { - ERR_raise(ERR_LIB_EC, ERR_R_INTERNAL_ERROR); - goto err; - } - if ((buf = OPENSSL_malloc(buflen)) == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); - goto err; - } - - memset(buf, 0, buflen - len); - if (len != (size_t)BN_bn2bin(x, buf + buflen - len)) { - ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); - goto err; - } - - *pout = buf; - *poutlen = buflen; - buf = NULL; - - ret = 1; - - err: - /* Step(4) : Destroy all intermediate calculations */ - BN_clear(x); - EC_POINT_clear_free(tmp); - BN_CTX_end(ctx); - BN_CTX_free(ctx); - OPENSSL_free(buf); - return ret; -} diff --git a/crypto/ec/ecdsa_ossl.c b/crypto/ec/ecdsa_ossl.c deleted file mode 100644 index fe9b3cf59363e2b44e486c53e04ff84b1358198c..0000000000000000000000000000000000000000 --- a/crypto/ec/ecdsa_ossl.c +++ /dev/null @@ -1,464 +0,0 @@ -/* - * Copyright 2002-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * ECDSA low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include -#include -#include -#include -#include "crypto/bn.h" -#include "ec_local.h" - -int ossl_ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, - BIGNUM **rp) -{ - if (eckey->group->meth->ecdsa_sign_setup == NULL) { - ERR_raise(ERR_LIB_EC, EC_R_CURVE_DOES_NOT_SUPPORT_ECDSA); - return 0; - } - - return eckey->group->meth->ecdsa_sign_setup(eckey, ctx_in, kinvp, rp); -} - -ECDSA_SIG *ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len, - const BIGNUM *in_kinv, const BIGNUM *in_r, - EC_KEY *eckey) -{ - if (eckey->group->meth->ecdsa_sign_sig == NULL) { - ERR_raise(ERR_LIB_EC, EC_R_CURVE_DOES_NOT_SUPPORT_ECDSA); - return NULL; - } - - return eckey->group->meth->ecdsa_sign_sig(dgst, dgst_len, - in_kinv, in_r, eckey); -} - -int ossl_ecdsa_verify_sig(const unsigned char *dgst, int dgst_len, - const ECDSA_SIG *sig, EC_KEY *eckey) -{ - if (eckey->group->meth->ecdsa_verify_sig == NULL) { - ERR_raise(ERR_LIB_EC, EC_R_CURVE_DOES_NOT_SUPPORT_ECDSA); - return 0; - } - - return eckey->group->meth->ecdsa_verify_sig(dgst, dgst_len, sig, eckey); -} - -int ossl_ecdsa_sign(int type, const unsigned char *dgst, int dlen, - unsigned char *sig, unsigned int *siglen, - const BIGNUM *kinv, const BIGNUM *r, EC_KEY *eckey) -{ - ECDSA_SIG *s; - - s = ECDSA_do_sign_ex(dgst, dlen, kinv, r, eckey); - if (s == NULL) { - *siglen = 0; - return 0; - } - *siglen = i2d_ECDSA_SIG(s, &sig); - ECDSA_SIG_free(s); - return 1; -} - -static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, - BIGNUM **kinvp, BIGNUM **rp, - const unsigned char *dgst, int dlen) -{ - BN_CTX *ctx = NULL; - BIGNUM *k = NULL, *r = NULL, *X = NULL; - const BIGNUM *order; - EC_POINT *tmp_point = NULL; - const EC_GROUP *group; - int ret = 0; - int order_bits; - const BIGNUM *priv_key; - - if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - if ((priv_key = EC_KEY_get0_private_key(eckey)) == NULL) { - ERR_raise(ERR_LIB_EC, EC_R_MISSING_PRIVATE_KEY); - return 0; - } - - if (!EC_KEY_can_sign(eckey)) { - ERR_raise(ERR_LIB_EC, EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING); - return 0; - } - - if ((ctx = ctx_in) == NULL) { - if ((ctx = BN_CTX_new_ex(eckey->libctx)) == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); - return 0; - } - } - - k = BN_secure_new(); /* this value is later returned in *kinvp */ - r = BN_new(); /* this value is later returned in *rp */ - X = BN_new(); - if (k == NULL || r == NULL || X == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); - goto err; - } - if ((tmp_point = EC_POINT_new(group)) == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); - goto err; - } - order = EC_GROUP_get0_order(group); - - /* Preallocate space */ - order_bits = BN_num_bits(order); - if (!BN_set_bit(k, order_bits) - || !BN_set_bit(r, order_bits) - || !BN_set_bit(X, order_bits)) - goto err; - - do { - /* get random k */ - do { - if (dgst != NULL) { - if (!BN_generate_dsa_nonce(k, order, priv_key, - dgst, dlen, ctx)) { - ERR_raise(ERR_LIB_EC, EC_R_RANDOM_NUMBER_GENERATION_FAILED); - goto err; - } - } else { - if (!BN_priv_rand_range_ex(k, order, 0, ctx)) { - ERR_raise(ERR_LIB_EC, EC_R_RANDOM_NUMBER_GENERATION_FAILED); - goto err; - } - } - } while (BN_is_zero(k)); - - /* compute r the x-coordinate of generator * k */ - if (!EC_POINT_mul(group, tmp_point, k, NULL, NULL, ctx)) { - ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); - goto err; - } - - if (!EC_POINT_get_affine_coordinates(group, tmp_point, X, NULL, ctx)) { - ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); - goto err; - } - - if (!BN_nnmod(r, X, order, ctx)) { - ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); - goto err; - } - } while (BN_is_zero(r)); - - /* compute the inverse of k */ - if (!ossl_ec_group_do_inverse_ord(group, k, k, ctx)) { - ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); - goto err; - } - - /* clear old values if necessary */ - BN_clear_free(*rp); - BN_clear_free(*kinvp); - /* save the pre-computed values */ - *rp = r; - *kinvp = k; - ret = 1; - err: - if (!ret) { - BN_clear_free(k); - BN_clear_free(r); - } - if (ctx != ctx_in) - BN_CTX_free(ctx); - EC_POINT_free(tmp_point); - BN_clear_free(X); - return ret; -} - -int ossl_ecdsa_simple_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, - BIGNUM **rp) -{ - return ecdsa_sign_setup(eckey, ctx_in, kinvp, rp, NULL, 0); -} - -ECDSA_SIG *ossl_ecdsa_simple_sign_sig(const unsigned char *dgst, int dgst_len, - const BIGNUM *in_kinv, const BIGNUM *in_r, - EC_KEY *eckey) -{ - int ok = 0, i; - BIGNUM *kinv = NULL, *s, *m = NULL; - const BIGNUM *order, *ckinv; - BN_CTX *ctx = NULL; - const EC_GROUP *group; - ECDSA_SIG *ret; - const BIGNUM *priv_key; - - group = EC_KEY_get0_group(eckey); - priv_key = EC_KEY_get0_private_key(eckey); - - if (group == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_PASSED_NULL_PARAMETER); - return NULL; - } - if (priv_key == NULL) { - ERR_raise(ERR_LIB_EC, EC_R_MISSING_PRIVATE_KEY); - return NULL; - } - - if (!EC_KEY_can_sign(eckey)) { - ERR_raise(ERR_LIB_EC, EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING); - return NULL; - } - - ret = ECDSA_SIG_new(); - if (ret == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); - return NULL; - } - ret->r = BN_new(); - ret->s = BN_new(); - if (ret->r == NULL || ret->s == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); - goto err; - } - s = ret->s; - - if ((ctx = BN_CTX_new_ex(eckey->libctx)) == NULL - || (m = BN_new()) == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); - goto err; - } - - order = EC_GROUP_get0_order(group); - i = BN_num_bits(order); - /* - * Need to truncate digest if it is too long: first truncate whole bytes. - */ - if (8 * dgst_len > i) - dgst_len = (i + 7) / 8; - if (!BN_bin2bn(dgst, dgst_len, m)) { - ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); - goto err; - } - /* If still too long, truncate remaining bits with a shift */ - if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) { - ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); - goto err; - } - do { - if (in_kinv == NULL || in_r == NULL) { - if (!ecdsa_sign_setup(eckey, ctx, &kinv, &ret->r, dgst, dgst_len)) { - ERR_raise(ERR_LIB_EC, ERR_R_ECDSA_LIB); - goto err; - } - ckinv = kinv; - } else { - ckinv = in_kinv; - if (BN_copy(ret->r, in_r) == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); - goto err; - } - } - - /* - * With only one multiplicant being in Montgomery domain - * multiplication yields real result without post-conversion. - * Also note that all operations but last are performed with - * zero-padded vectors. Last operation, BN_mod_mul_montgomery - * below, returns user-visible value with removed zero padding. - */ - if (!bn_to_mont_fixed_top(s, ret->r, group->mont_data, ctx) - || !bn_mul_mont_fixed_top(s, s, priv_key, group->mont_data, ctx)) { - ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); - goto err; - } - if (!bn_mod_add_fixed_top(s, s, m, order)) { - ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); - goto err; - } - /* - * |s| can still be larger than modulus, because |m| can be. In - * such case we count on Montgomery reduction to tie it up. - */ - if (!bn_to_mont_fixed_top(s, s, group->mont_data, ctx) - || !BN_mod_mul_montgomery(s, s, ckinv, group->mont_data, ctx)) { - ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); - goto err; - } - - if (BN_is_zero(s)) { - /* - * if kinv and r have been supplied by the caller, don't - * generate new kinv and r values - */ - if (in_kinv != NULL && in_r != NULL) { - ERR_raise(ERR_LIB_EC, EC_R_NEED_NEW_SETUP_VALUES); - goto err; - } - } else { - /* s != 0 => we have a valid signature */ - break; - } - } while (1); - - ok = 1; - err: - if (!ok) { - ECDSA_SIG_free(ret); - ret = NULL; - } - BN_CTX_free(ctx); - BN_clear_free(m); - BN_clear_free(kinv); - return ret; -} - -/*- - * returns - * 1: correct signature - * 0: incorrect signature - * -1: error - */ -int ossl_ecdsa_verify(int type, const unsigned char *dgst, int dgst_len, - const unsigned char *sigbuf, int sig_len, EC_KEY *eckey) -{ - ECDSA_SIG *s; - const unsigned char *p = sigbuf; - unsigned char *der = NULL; - int derlen = -1; - int ret = -1; - - s = ECDSA_SIG_new(); - if (s == NULL) - return ret; - if (d2i_ECDSA_SIG(&s, &p, sig_len) == NULL) - goto err; - /* Ensure signature uses DER and doesn't have trailing garbage */ - derlen = i2d_ECDSA_SIG(s, &der); - if (derlen != sig_len || memcmp(sigbuf, der, derlen) != 0) - goto err; - ret = ECDSA_do_verify(dgst, dgst_len, s, eckey); - err: - OPENSSL_free(der); - ECDSA_SIG_free(s); - return ret; -} - -int ossl_ecdsa_simple_verify_sig(const unsigned char *dgst, int dgst_len, - const ECDSA_SIG *sig, EC_KEY *eckey) -{ - int ret = -1, i; - BN_CTX *ctx; - const BIGNUM *order; - BIGNUM *u1, *u2, *m, *X; - EC_POINT *point = NULL; - const EC_GROUP *group; - const EC_POINT *pub_key; - - /* check input values */ - if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL || - (pub_key = EC_KEY_get0_public_key(eckey)) == NULL || sig == NULL) { - ERR_raise(ERR_LIB_EC, EC_R_MISSING_PARAMETERS); - return -1; - } - - if (!EC_KEY_can_sign(eckey)) { - ERR_raise(ERR_LIB_EC, EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING); - return -1; - } - - ctx = BN_CTX_new_ex(eckey->libctx); - if (ctx == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); - return -1; - } - BN_CTX_start(ctx); - u1 = BN_CTX_get(ctx); - u2 = BN_CTX_get(ctx); - m = BN_CTX_get(ctx); - X = BN_CTX_get(ctx); - if (X == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); - goto err; - } - - order = EC_GROUP_get0_order(group); - if (order == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); - goto err; - } - - if (BN_is_zero(sig->r) || BN_is_negative(sig->r) || - BN_ucmp(sig->r, order) >= 0 || BN_is_zero(sig->s) || - BN_is_negative(sig->s) || BN_ucmp(sig->s, order) >= 0) { - ERR_raise(ERR_LIB_EC, EC_R_BAD_SIGNATURE); - ret = 0; /* signature is invalid */ - goto err; - } - /* calculate tmp1 = inv(S) mod order */ - if (!ossl_ec_group_do_inverse_ord(group, u2, sig->s, ctx)) { - ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); - goto err; - } - /* digest -> m */ - i = BN_num_bits(order); - /* - * Need to truncate digest if it is too long: first truncate whole bytes. - */ - if (8 * dgst_len > i) - dgst_len = (i + 7) / 8; - if (!BN_bin2bn(dgst, dgst_len, m)) { - ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); - goto err; - } - /* If still too long truncate remaining bits with a shift */ - if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) { - ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); - goto err; - } - /* u1 = m * tmp mod order */ - if (!BN_mod_mul(u1, m, u2, order, ctx)) { - ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); - goto err; - } - /* u2 = r * w mod q */ - if (!BN_mod_mul(u2, sig->r, u2, order, ctx)) { - ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); - goto err; - } - - if ((point = EC_POINT_new(group)) == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); - goto err; - } - if (!EC_POINT_mul(group, point, u1, pub_key, u2, ctx)) { - ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); - goto err; - } - - if (!EC_POINT_get_affine_coordinates(group, point, X, NULL, ctx)) { - ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); - goto err; - } - - if (!BN_nnmod(u1, X, order, ctx)) { - ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); - goto err; - } - /* if the signature is correct u1 is equal to sig->r */ - ret = (BN_ucmp(u1, sig->r) == 0); - err: - BN_CTX_end(ctx); - BN_CTX_free(ctx); - EC_POINT_free(point); - return ret; -} diff --git a/crypto/ec/ecdsa_sign.c b/crypto/ec/ecdsa_sign.c deleted file mode 100644 index 0c0748c84f871f7097ba1e42646267bfaf0814dd..0000000000000000000000000000000000000000 --- a/crypto/ec/ecdsa_sign.c +++ /dev/null @@ -1,58 +0,0 @@ -/* - * Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * ECDSA low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include -#include "ec_local.h" -#include - -ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst, int dlen, EC_KEY *eckey) -{ - return ECDSA_do_sign_ex(dgst, dlen, NULL, NULL, eckey); -} - -ECDSA_SIG *ECDSA_do_sign_ex(const unsigned char *dgst, int dlen, - const BIGNUM *kinv, const BIGNUM *rp, - EC_KEY *eckey) -{ - if (eckey->meth->sign_sig != NULL) - return eckey->meth->sign_sig(dgst, dlen, kinv, rp, eckey); - ERR_raise(ERR_LIB_EC, EC_R_OPERATION_NOT_SUPPORTED); - return NULL; -} - -int ECDSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char - *sig, unsigned int *siglen, EC_KEY *eckey) -{ - return ECDSA_sign_ex(type, dgst, dlen, sig, siglen, NULL, NULL, eckey); -} - -int ECDSA_sign_ex(int type, const unsigned char *dgst, int dlen, - unsigned char *sig, unsigned int *siglen, const BIGNUM *kinv, - const BIGNUM *r, EC_KEY *eckey) -{ - if (eckey->meth->sign != NULL) - return eckey->meth->sign(type, dgst, dlen, sig, siglen, kinv, r, eckey); - ERR_raise(ERR_LIB_EC, EC_R_OPERATION_NOT_SUPPORTED); - return 0; -} - -int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, - BIGNUM **rp) -{ - if (eckey->meth->sign_setup != NULL) - return eckey->meth->sign_setup(eckey, ctx_in, kinvp, rp); - ERR_raise(ERR_LIB_EC, EC_R_OPERATION_NOT_SUPPORTED); - return 0; -} diff --git a/crypto/ec/ecdsa_vrf.c b/crypto/ec/ecdsa_vrf.c deleted file mode 100644 index c148ecdb7cf61fe6d741314d5c5bea9be88838cd..0000000000000000000000000000000000000000 --- a/crypto/ec/ecdsa_vrf.c +++ /dev/null @@ -1,49 +0,0 @@ -/* - * Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * ECDSA low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include -#include "ec_local.h" -#include - -/*- - * returns - * 1: correct signature - * 0: incorrect signature - * -1: error - */ -int ECDSA_do_verify(const unsigned char *dgst, int dgst_len, - const ECDSA_SIG *sig, EC_KEY *eckey) -{ - if (eckey->meth->verify_sig != NULL) - return eckey->meth->verify_sig(dgst, dgst_len, sig, eckey); - ERR_raise(ERR_LIB_EC, EC_R_OPERATION_NOT_SUPPORTED); - return -1; -} - -/*- - * returns - * 1: correct signature - * 0: incorrect signature - * -1: error - */ -int ECDSA_verify(int type, const unsigned char *dgst, int dgst_len, - const unsigned char *sigbuf, int sig_len, EC_KEY *eckey) -{ - if (eckey->meth->verify != NULL) - return eckey->meth->verify(type, dgst, dgst_len, sigbuf, sig_len, - eckey); - ERR_raise(ERR_LIB_EC, EC_R_OPERATION_NOT_SUPPORTED); - return -1; -} diff --git a/crypto/ec/eck_prn.c b/crypto/ec/eck_prn.c deleted file mode 100644 index 96ced7c8be0d2890070ad7b98c01d762c1a3678e..0000000000000000000000000000000000000000 --- a/crypto/ec/eck_prn.c +++ /dev/null @@ -1,262 +0,0 @@ -/* - * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved. - * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include "internal/deprecated.h" - -#include -#include "internal/cryptlib.h" -#include -#include -#include - -#ifndef OPENSSL_NO_DEPRECATED_3_0 -# ifndef OPENSSL_NO_STDIO -int ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off) -{ - BIO *b; - int ret; - - if ((b = BIO_new(BIO_s_file())) == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_BUF_LIB); - return 0; - } - BIO_set_fp(b, fp, BIO_NOCLOSE); - ret = ECPKParameters_print(b, x, off); - BIO_free(b); - return ret; -} - -int EC_KEY_print_fp(FILE *fp, const EC_KEY *x, int off) -{ - BIO *b; - int ret; - - if ((b = BIO_new(BIO_s_file())) == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_BIO_LIB); - return 0; - } - BIO_set_fp(b, fp, BIO_NOCLOSE); - ret = EC_KEY_print(b, x, off); - BIO_free(b); - return ret; -} - -int ECParameters_print_fp(FILE *fp, const EC_KEY *x) -{ - BIO *b; - int ret; - - if ((b = BIO_new(BIO_s_file())) == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_BIO_LIB); - return 0; - } - BIO_set_fp(b, fp, BIO_NOCLOSE); - ret = ECParameters_print(b, x); - BIO_free(b); - return ret; -} -#endif /* OPENSSL_NO_STDIO */ - -static int print_bin(BIO *fp, const char *str, const unsigned char *num, - size_t len, int off); - -int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off) -{ - int ret = 0, reason = ERR_R_BIO_LIB; - BN_CTX *ctx = NULL; - const EC_POINT *point = NULL; - BIGNUM *p = NULL, *a = NULL, *b = NULL; - unsigned char *gen_buf = NULL; - const BIGNUM *order = NULL, *cofactor = NULL; - const unsigned char *seed; - size_t seed_len = 0, gen_buf_len = 0; - - static const char *gen_compressed = "Generator (compressed):"; - static const char *gen_uncompressed = "Generator (uncompressed):"; - static const char *gen_hybrid = "Generator (hybrid):"; - - if (!x) { - reason = ERR_R_PASSED_NULL_PARAMETER; - goto err; - } - - ctx = BN_CTX_new(); - if (ctx == NULL) { - reason = ERR_R_MALLOC_FAILURE; - goto err; - } - - if (EC_GROUP_get_asn1_flag(x)) { - /* the curve parameter are given by an asn1 OID */ - int nid; - const char *nname; - - if (!BIO_indent(bp, off, 128)) - goto err; - - nid = EC_GROUP_get_curve_name(x); - if (nid == 0) - goto err; - if (BIO_printf(bp, "ASN1 OID: %s", OBJ_nid2sn(nid)) <= 0) - goto err; - if (BIO_printf(bp, "\n") <= 0) - goto err; - nname = EC_curve_nid2nist(nid); - if (nname) { - if (!BIO_indent(bp, off, 128)) - goto err; - if (BIO_printf(bp, "NIST CURVE: %s\n", nname) <= 0) - goto err; - } - } else { - const char *form_str; - /* explicit parameters */ - int is_char_two = 0; - point_conversion_form_t form; - int tmp_nid = EC_GROUP_get_field_type(x); - - if (tmp_nid == NID_X9_62_characteristic_two_field) - is_char_two = 1; - - if ((p = BN_new()) == NULL || (a = BN_new()) == NULL || - (b = BN_new()) == NULL) { - reason = ERR_R_MALLOC_FAILURE; - goto err; - } - - if (!EC_GROUP_get_curve(x, p, a, b, ctx)) { - reason = ERR_R_EC_LIB; - goto err; - } - - if ((point = EC_GROUP_get0_generator(x)) == NULL) { - reason = ERR_R_EC_LIB; - goto err; - } - order = EC_GROUP_get0_order(x); - cofactor = EC_GROUP_get0_cofactor(x); - if (order == NULL) { - reason = ERR_R_EC_LIB; - goto err; - } - - form = EC_GROUP_get_point_conversion_form(x); - - gen_buf_len = EC_POINT_point2buf(x, point, form, &gen_buf, ctx); - if (gen_buf_len == 0) { - reason = ERR_R_EC_LIB; - goto err; - } - - if ((seed = EC_GROUP_get0_seed(x)) != NULL) - seed_len = EC_GROUP_get_seed_len(x); - - if (!BIO_indent(bp, off, 128)) - goto err; - - /* print the 'short name' of the field type */ - if (BIO_printf(bp, "Field Type: %s\n", OBJ_nid2sn(tmp_nid)) - <= 0) - goto err; - - if (is_char_two) { - /* print the 'short name' of the base type OID */ - int basis_type = EC_GROUP_get_basis_type(x); - if (basis_type == 0) - goto err; - - if (!BIO_indent(bp, off, 128)) - goto err; - - if (BIO_printf(bp, "Basis Type: %s\n", - OBJ_nid2sn(basis_type)) <= 0) - goto err; - - /* print the polynomial */ - if ((p != NULL) && !ASN1_bn_print(bp, "Polynomial:", p, NULL, - off)) - goto err; - } else { - if ((p != NULL) && !ASN1_bn_print(bp, "Prime:", p, NULL, off)) - goto err; - } - if ((a != NULL) && !ASN1_bn_print(bp, "A: ", a, NULL, off)) - goto err; - if ((b != NULL) && !ASN1_bn_print(bp, "B: ", b, NULL, off)) - goto err; - - if (form == POINT_CONVERSION_COMPRESSED) - form_str = gen_compressed; - else if (form == POINT_CONVERSION_UNCOMPRESSED) - form_str = gen_uncompressed; - else - form_str = gen_hybrid; - if (gen_buf != NULL - && !print_bin(bp, form_str, gen_buf, gen_buf_len, off)) - goto err; - - if ((order != NULL) && !ASN1_bn_print(bp, "Order: ", order, NULL, off)) - goto err; - if ((cofactor != NULL) && !ASN1_bn_print(bp, "Cofactor: ", cofactor, - NULL, off)) - goto err; - if (seed && !print_bin(bp, "Seed:", seed, seed_len, off)) - goto err; - } - ret = 1; - err: - if (!ret) - ERR_raise(ERR_LIB_EC, reason); - BN_free(p); - BN_free(a); - BN_free(b); - OPENSSL_clear_free(gen_buf, gen_buf_len); - BN_CTX_free(ctx); - return ret; -} - -static int print_bin(BIO *fp, const char *name, const unsigned char *buf, - size_t len, int off) -{ - size_t i; - char str[128 + 1 + 4]; - - if (buf == NULL) - return 1; - if (off > 0) { - if (off > 128) - off = 128; - memset(str, ' ', off); - if (BIO_write(fp, str, off) <= 0) - return 0; - } else { - off = 0; - } - - if (BIO_printf(fp, "%s", name) <= 0) - return 0; - - for (i = 0; i < len; i++) { - if ((i % 15) == 0) { - str[0] = '\n'; - memset(&(str[1]), ' ', off + 4); - if (BIO_write(fp, str, off + 1 + 4) <= 0) - return 0; - } - if (BIO_printf(fp, "%02x%s", buf[i], ((i + 1) == len) ? "" : ":") <= - 0) - return 0; - } - if (BIO_write(fp, "\n", 1) <= 0) - return 0; - - return 1; -} -#endif /* OPENSSL_NO_DEPRECATED_3_0 */ diff --git a/crypto/ec/ecp_mont.c b/crypto/ec/ecp_mont.c deleted file mode 100644 index 35b492453f57f501e34a6d97ea34643f33f4c47e..0000000000000000000000000000000000000000 --- a/crypto/ec/ecp_mont.c +++ /dev/null @@ -1,300 +0,0 @@ -/* - * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. - * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * ECDSA low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include - -#include "ec_local.h" - -const EC_METHOD *EC_GFp_mont_method(void) -{ - static const EC_METHOD ret = { - EC_FLAGS_DEFAULT_OCT, - NID_X9_62_prime_field, - ossl_ec_GFp_mont_group_init, - ossl_ec_GFp_mont_group_finish, - ossl_ec_GFp_mont_group_clear_finish, - ossl_ec_GFp_mont_group_copy, - ossl_ec_GFp_mont_group_set_curve, - ossl_ec_GFp_simple_group_get_curve, - ossl_ec_GFp_simple_group_get_degree, - ossl_ec_group_simple_order_bits, - ossl_ec_GFp_simple_group_check_discriminant, - ossl_ec_GFp_simple_point_init, - ossl_ec_GFp_simple_point_finish, - ossl_ec_GFp_simple_point_clear_finish, - ossl_ec_GFp_simple_point_copy, - ossl_ec_GFp_simple_point_set_to_infinity, - ossl_ec_GFp_simple_point_set_affine_coordinates, - ossl_ec_GFp_simple_point_get_affine_coordinates, - 0, 0, 0, - ossl_ec_GFp_simple_add, - ossl_ec_GFp_simple_dbl, - ossl_ec_GFp_simple_invert, - ossl_ec_GFp_simple_is_at_infinity, - ossl_ec_GFp_simple_is_on_curve, - ossl_ec_GFp_simple_cmp, - ossl_ec_GFp_simple_make_affine, - ossl_ec_GFp_simple_points_make_affine, - 0 /* mul */ , - 0 /* precompute_mult */ , - 0 /* have_precompute_mult */ , - ossl_ec_GFp_mont_field_mul, - ossl_ec_GFp_mont_field_sqr, - 0 /* field_div */ , - ossl_ec_GFp_mont_field_inv, - ossl_ec_GFp_mont_field_encode, - ossl_ec_GFp_mont_field_decode, - ossl_ec_GFp_mont_field_set_to_one, - ossl_ec_key_simple_priv2oct, - ossl_ec_key_simple_oct2priv, - 0, /* set private */ - ossl_ec_key_simple_generate_key, - ossl_ec_key_simple_check_key, - ossl_ec_key_simple_generate_public_key, - 0, /* keycopy */ - 0, /* keyfinish */ - ossl_ecdh_simple_compute_key, - ossl_ecdsa_simple_sign_setup, - ossl_ecdsa_simple_sign_sig, - ossl_ecdsa_simple_verify_sig, - 0, /* field_inverse_mod_ord */ - ossl_ec_GFp_simple_blind_coordinates, - ossl_ec_GFp_simple_ladder_pre, - ossl_ec_GFp_simple_ladder_step, - ossl_ec_GFp_simple_ladder_post - }; - - return &ret; -} - -int ossl_ec_GFp_mont_group_init(EC_GROUP *group) -{ - int ok; - - ok = ossl_ec_GFp_simple_group_init(group); - group->field_data1 = NULL; - group->field_data2 = NULL; - return ok; -} - -void ossl_ec_GFp_mont_group_finish(EC_GROUP *group) -{ - BN_MONT_CTX_free(group->field_data1); - group->field_data1 = NULL; - BN_free(group->field_data2); - group->field_data2 = NULL; - ossl_ec_GFp_simple_group_finish(group); -} - -void ossl_ec_GFp_mont_group_clear_finish(EC_GROUP *group) -{ - BN_MONT_CTX_free(group->field_data1); - group->field_data1 = NULL; - BN_clear_free(group->field_data2); - group->field_data2 = NULL; - ossl_ec_GFp_simple_group_clear_finish(group); -} - -int ossl_ec_GFp_mont_group_copy(EC_GROUP *dest, const EC_GROUP *src) -{ - BN_MONT_CTX_free(dest->field_data1); - dest->field_data1 = NULL; - BN_clear_free(dest->field_data2); - dest->field_data2 = NULL; - - if (!ossl_ec_GFp_simple_group_copy(dest, src)) - return 0; - - if (src->field_data1 != NULL) { - dest->field_data1 = BN_MONT_CTX_new(); - if (dest->field_data1 == NULL) - return 0; - if (!BN_MONT_CTX_copy(dest->field_data1, src->field_data1)) - goto err; - } - if (src->field_data2 != NULL) { - dest->field_data2 = BN_dup(src->field_data2); - if (dest->field_data2 == NULL) - goto err; - } - - return 1; - - err: - BN_MONT_CTX_free(dest->field_data1); - dest->field_data1 = NULL; - return 0; -} - -int ossl_ec_GFp_mont_group_set_curve(EC_GROUP *group, const BIGNUM *p, - const BIGNUM *a, const BIGNUM *b, - BN_CTX *ctx) -{ - BN_CTX *new_ctx = NULL; - BN_MONT_CTX *mont = NULL; - BIGNUM *one = NULL; - int ret = 0; - - BN_MONT_CTX_free(group->field_data1); - group->field_data1 = NULL; - BN_free(group->field_data2); - group->field_data2 = NULL; - - if (ctx == NULL) { - ctx = new_ctx = BN_CTX_new_ex(group->libctx); - if (ctx == NULL) - return 0; - } - - mont = BN_MONT_CTX_new(); - if (mont == NULL) - goto err; - if (!BN_MONT_CTX_set(mont, p, ctx)) { - ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); - goto err; - } - one = BN_new(); - if (one == NULL) - goto err; - if (!BN_to_montgomery(one, BN_value_one(), mont, ctx)) - goto err; - - group->field_data1 = mont; - mont = NULL; - group->field_data2 = one; - one = NULL; - - ret = ossl_ec_GFp_simple_group_set_curve(group, p, a, b, ctx); - - if (!ret) { - BN_MONT_CTX_free(group->field_data1); - group->field_data1 = NULL; - BN_free(group->field_data2); - group->field_data2 = NULL; - } - - err: - BN_free(one); - BN_CTX_free(new_ctx); - BN_MONT_CTX_free(mont); - return ret; -} - -int ossl_ec_GFp_mont_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, - const BIGNUM *b, BN_CTX *ctx) -{ - if (group->field_data1 == NULL) { - ERR_raise(ERR_LIB_EC, EC_R_NOT_INITIALIZED); - return 0; - } - - return BN_mod_mul_montgomery(r, a, b, group->field_data1, ctx); -} - -int ossl_ec_GFp_mont_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, - BN_CTX *ctx) -{ - if (group->field_data1 == NULL) { - ERR_raise(ERR_LIB_EC, EC_R_NOT_INITIALIZED); - return 0; - } - - return BN_mod_mul_montgomery(r, a, a, group->field_data1, ctx); -} - -/*- - * Computes the multiplicative inverse of a in GF(p), storing the result in r. - * If a is zero (or equivalent), you'll get a EC_R_CANNOT_INVERT error. - * We have a Mont structure, so SCA hardening is FLT inversion. - */ -int ossl_ec_GFp_mont_field_inv(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, - BN_CTX *ctx) -{ - BIGNUM *e = NULL; - BN_CTX *new_ctx = NULL; - int ret = 0; - - if (group->field_data1 == NULL) - return 0; - - if (ctx == NULL - && (ctx = new_ctx = BN_CTX_secure_new_ex(group->libctx)) == NULL) - return 0; - - BN_CTX_start(ctx); - if ((e = BN_CTX_get(ctx)) == NULL) - goto err; - - /* Inverse in constant time with Fermats Little Theorem */ - if (!BN_set_word(e, 2)) - goto err; - if (!BN_sub(e, group->field, e)) - goto err; - /*- - * Exponent e is public. - * No need for scatter-gather or BN_FLG_CONSTTIME. - */ - if (!BN_mod_exp_mont(r, a, e, group->field, ctx, group->field_data1)) - goto err; - - /* throw an error on zero */ - if (BN_is_zero(r)) { - ERR_raise(ERR_LIB_EC, EC_R_CANNOT_INVERT); - goto err; - } - - ret = 1; - - err: - BN_CTX_end(ctx); - BN_CTX_free(new_ctx); - return ret; -} - -int ossl_ec_GFp_mont_field_encode(const EC_GROUP *group, BIGNUM *r, - const BIGNUM *a, BN_CTX *ctx) -{ - if (group->field_data1 == NULL) { - ERR_raise(ERR_LIB_EC, EC_R_NOT_INITIALIZED); - return 0; - } - - return BN_to_montgomery(r, a, (BN_MONT_CTX *)group->field_data1, ctx); -} - -int ossl_ec_GFp_mont_field_decode(const EC_GROUP *group, BIGNUM *r, - const BIGNUM *a, BN_CTX *ctx) -{ - if (group->field_data1 == NULL) { - ERR_raise(ERR_LIB_EC, EC_R_NOT_INITIALIZED); - return 0; - } - - return BN_from_montgomery(r, a, group->field_data1, ctx); -} - -int ossl_ec_GFp_mont_field_set_to_one(const EC_GROUP *group, BIGNUM *r, - BN_CTX *ctx) -{ - if (group->field_data2 == NULL) { - ERR_raise(ERR_LIB_EC, EC_R_NOT_INITIALIZED); - return 0; - } - - if (!BN_copy(r, group->field_data2)) - return 0; - return 1; -} diff --git a/crypto/ec/ecp_nist.c b/crypto/ec/ecp_nist.c deleted file mode 100644 index 3efd43e64c750d8f5b507eae2aa7cdac7dae2738..0000000000000000000000000000000000000000 --- a/crypto/ec/ecp_nist.c +++ /dev/null @@ -1,176 +0,0 @@ -/* - * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. - * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * ECDSA low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include - -#include -#include -#include "ec_local.h" - -const EC_METHOD *EC_GFp_nist_method(void) -{ - static const EC_METHOD ret = { - EC_FLAGS_DEFAULT_OCT, - NID_X9_62_prime_field, - ossl_ec_GFp_simple_group_init, - ossl_ec_GFp_simple_group_finish, - ossl_ec_GFp_simple_group_clear_finish, - ossl_ec_GFp_nist_group_copy, - ossl_ec_GFp_nist_group_set_curve, - ossl_ec_GFp_simple_group_get_curve, - ossl_ec_GFp_simple_group_get_degree, - ossl_ec_group_simple_order_bits, - ossl_ec_GFp_simple_group_check_discriminant, - ossl_ec_GFp_simple_point_init, - ossl_ec_GFp_simple_point_finish, - ossl_ec_GFp_simple_point_clear_finish, - ossl_ec_GFp_simple_point_copy, - ossl_ec_GFp_simple_point_set_to_infinity, - ossl_ec_GFp_simple_point_set_affine_coordinates, - ossl_ec_GFp_simple_point_get_affine_coordinates, - 0, 0, 0, - ossl_ec_GFp_simple_add, - ossl_ec_GFp_simple_dbl, - ossl_ec_GFp_simple_invert, - ossl_ec_GFp_simple_is_at_infinity, - ossl_ec_GFp_simple_is_on_curve, - ossl_ec_GFp_simple_cmp, - ossl_ec_GFp_simple_make_affine, - ossl_ec_GFp_simple_points_make_affine, - 0 /* mul */ , - 0 /* precompute_mult */ , - 0 /* have_precompute_mult */ , - ossl_ec_GFp_nist_field_mul, - ossl_ec_GFp_nist_field_sqr, - 0 /* field_div */ , - ossl_ec_GFp_simple_field_inv, - 0 /* field_encode */ , - 0 /* field_decode */ , - 0, /* field_set_to_one */ - ossl_ec_key_simple_priv2oct, - ossl_ec_key_simple_oct2priv, - 0, /* set private */ - ossl_ec_key_simple_generate_key, - ossl_ec_key_simple_check_key, - ossl_ec_key_simple_generate_public_key, - 0, /* keycopy */ - 0, /* keyfinish */ - ossl_ecdh_simple_compute_key, - ossl_ecdsa_simple_sign_setup, - ossl_ecdsa_simple_sign_sig, - ossl_ecdsa_simple_verify_sig, - 0, /* field_inverse_mod_ord */ - ossl_ec_GFp_simple_blind_coordinates, - ossl_ec_GFp_simple_ladder_pre, - ossl_ec_GFp_simple_ladder_step, - ossl_ec_GFp_simple_ladder_post - }; - - return &ret; -} - -int ossl_ec_GFp_nist_group_copy(EC_GROUP *dest, const EC_GROUP *src) -{ - dest->field_mod_func = src->field_mod_func; - - return ossl_ec_GFp_simple_group_copy(dest, src); -} - -int ossl_ec_GFp_nist_group_set_curve(EC_GROUP *group, const BIGNUM *p, - const BIGNUM *a, const BIGNUM *b, - BN_CTX *ctx) -{ - int ret = 0; - BN_CTX *new_ctx = NULL; - - if (ctx == NULL) - if ((ctx = new_ctx = BN_CTX_new_ex(group->libctx)) == NULL) - return 0; - - BN_CTX_start(ctx); - - if (BN_ucmp(BN_get0_nist_prime_192(), p) == 0) - group->field_mod_func = BN_nist_mod_192; - else if (BN_ucmp(BN_get0_nist_prime_224(), p) == 0) - group->field_mod_func = BN_nist_mod_224; - else if (BN_ucmp(BN_get0_nist_prime_256(), p) == 0) - group->field_mod_func = BN_nist_mod_256; - else if (BN_ucmp(BN_get0_nist_prime_384(), p) == 0) - group->field_mod_func = BN_nist_mod_384; - else if (BN_ucmp(BN_get0_nist_prime_521(), p) == 0) - group->field_mod_func = BN_nist_mod_521; - else { - ERR_raise(ERR_LIB_EC, EC_R_NOT_A_NIST_PRIME); - goto err; - } - - ret = ossl_ec_GFp_simple_group_set_curve(group, p, a, b, ctx); - - err: - BN_CTX_end(ctx); - BN_CTX_free(new_ctx); - return ret; -} - -int ossl_ec_GFp_nist_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, - const BIGNUM *b, BN_CTX *ctx) -{ - int ret = 0; - BN_CTX *ctx_new = NULL; - - if (!group || !r || !a || !b) { - ERR_raise(ERR_LIB_EC, ERR_R_PASSED_NULL_PARAMETER); - goto err; - } - if (!ctx) - if ((ctx_new = ctx = BN_CTX_new_ex(group->libctx)) == NULL) - goto err; - - if (!BN_mul(r, a, b, ctx)) - goto err; - if (!group->field_mod_func(r, r, group->field, ctx)) - goto err; - - ret = 1; - err: - BN_CTX_free(ctx_new); - return ret; -} - -int ossl_ec_GFp_nist_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, - BN_CTX *ctx) -{ - int ret = 0; - BN_CTX *ctx_new = NULL; - - if (!group || !r || !a) { - ERR_raise(ERR_LIB_EC, EC_R_PASSED_NULL_PARAMETER); - goto err; - } - if (!ctx) - if ((ctx_new = ctx = BN_CTX_new_ex(group->libctx)) == NULL) - goto err; - - if (!BN_sqr(r, a, ctx)) - goto err; - if (!group->field_mod_func(r, r, group->field, ctx)) - goto err; - - ret = 1; - err: - BN_CTX_free(ctx_new); - return ret; -} diff --git a/crypto/ec/ecp_nistp224.c b/crypto/ec/ecp_nistp224.c deleted file mode 100644 index 5ab0dd7bef4f459bf2a677da0df471191cb19240..0000000000000000000000000000000000000000 --- a/crypto/ec/ecp_nistp224.c +++ /dev/null @@ -1,1748 +0,0 @@ -/* - * Copyright 2010-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* Copyright 2011 Google Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -/* - * ECDSA low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -/* - * A 64-bit implementation of the NIST P-224 elliptic curve point multiplication - * - * Inspired by Daniel J. Bernstein's public domain nistp224 implementation - * and Adam Langley's public domain 64-bit C implementation of curve25519 - */ - -#include - -#include -#include -#include -#include "ec_local.h" - -#include "internal/numbers.h" - -#ifndef INT128_MAX -# error "Your compiler doesn't appear to support 128-bit integer types" -#endif - -typedef uint8_t u8; -typedef uint64_t u64; - -/******************************************************************************/ -/*- - * INTERNAL REPRESENTATION OF FIELD ELEMENTS - * - * Field elements are represented as a_0 + 2^56*a_1 + 2^112*a_2 + 2^168*a_3 - * using 64-bit coefficients called 'limbs', - * and sometimes (for multiplication results) as - * b_0 + 2^56*b_1 + 2^112*b_2 + 2^168*b_3 + 2^224*b_4 + 2^280*b_5 + 2^336*b_6 - * using 128-bit coefficients called 'widelimbs'. - * A 4-limb representation is an 'felem'; - * a 7-widelimb representation is a 'widefelem'. - * Even within felems, bits of adjacent limbs overlap, and we don't always - * reduce the representations: we ensure that inputs to each felem - * multiplication satisfy a_i < 2^60, so outputs satisfy b_i < 4*2^60*2^60, - * and fit into a 128-bit word without overflow. The coefficients are then - * again partially reduced to obtain an felem satisfying a_i < 2^57. - * We only reduce to the unique minimal representation at the end of the - * computation. - */ - -typedef uint64_t limb; -typedef uint64_t limb_aX __attribute((__aligned__(1))); -typedef uint128_t widelimb; - -typedef limb felem[4]; -typedef widelimb widefelem[7]; - -/* - * Field element represented as a byte array. 28*8 = 224 bits is also the - * group order size for the elliptic curve, and we also use this type for - * scalars for point multiplication. - */ -typedef u8 felem_bytearray[28]; - -static const felem_bytearray nistp224_curve_params[5] = { - {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* p */ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}, - {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* a */ - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE}, - {0xB4, 0x05, 0x0A, 0x85, 0x0C, 0x04, 0xB3, 0xAB, 0xF5, 0x41, /* b */ - 0x32, 0x56, 0x50, 0x44, 0xB0, 0xB7, 0xD7, 0xBF, 0xD8, 0xBA, - 0x27, 0x0B, 0x39, 0x43, 0x23, 0x55, 0xFF, 0xB4}, - {0xB7, 0x0E, 0x0C, 0xBD, 0x6B, 0xB4, 0xBF, 0x7F, 0x32, 0x13, /* x */ - 0x90, 0xB9, 0x4A, 0x03, 0xC1, 0xD3, 0x56, 0xC2, 0x11, 0x22, - 0x34, 0x32, 0x80, 0xD6, 0x11, 0x5C, 0x1D, 0x21}, - {0xbd, 0x37, 0x63, 0x88, 0xb5, 0xf7, 0x23, 0xfb, 0x4c, 0x22, /* y */ - 0xdf, 0xe6, 0xcd, 0x43, 0x75, 0xa0, 0x5a, 0x07, 0x47, 0x64, - 0x44, 0xd5, 0x81, 0x99, 0x85, 0x00, 0x7e, 0x34} -}; - -/*- - * Precomputed multiples of the standard generator - * Points are given in coordinates (X, Y, Z) where Z normally is 1 - * (0 for the point at infinity). - * For each field element, slice a_0 is word 0, etc. - * - * The table has 2 * 16 elements, starting with the following: - * index | bits | point - * ------+---------+------------------------------ - * 0 | 0 0 0 0 | 0G - * 1 | 0 0 0 1 | 1G - * 2 | 0 0 1 0 | 2^56G - * 3 | 0 0 1 1 | (2^56 + 1)G - * 4 | 0 1 0 0 | 2^112G - * 5 | 0 1 0 1 | (2^112 + 1)G - * 6 | 0 1 1 0 | (2^112 + 2^56)G - * 7 | 0 1 1 1 | (2^112 + 2^56 + 1)G - * 8 | 1 0 0 0 | 2^168G - * 9 | 1 0 0 1 | (2^168 + 1)G - * 10 | 1 0 1 0 | (2^168 + 2^56)G - * 11 | 1 0 1 1 | (2^168 + 2^56 + 1)G - * 12 | 1 1 0 0 | (2^168 + 2^112)G - * 13 | 1 1 0 1 | (2^168 + 2^112 + 1)G - * 14 | 1 1 1 0 | (2^168 + 2^112 + 2^56)G - * 15 | 1 1 1 1 | (2^168 + 2^112 + 2^56 + 1)G - * followed by a copy of this with each element multiplied by 2^28. - * - * The reason for this is so that we can clock bits into four different - * locations when doing simple scalar multiplies against the base point, - * and then another four locations using the second 16 elements. - */ -static const felem gmul[2][16][3] = { -{{{0, 0, 0, 0}, - {0, 0, 0, 0}, - {0, 0, 0, 0}}, - {{0x3280d6115c1d21, 0xc1d356c2112234, 0x7f321390b94a03, 0xb70e0cbd6bb4bf}, - {0xd5819985007e34, 0x75a05a07476444, 0xfb4c22dfe6cd43, 0xbd376388b5f723}, - {1, 0, 0, 0}}, - {{0xfd9675666ebbe9, 0xbca7664d40ce5e, 0x2242df8d8a2a43, 0x1f49bbb0f99bc5}, - {0x29e0b892dc9c43, 0xece8608436e662, 0xdc858f185310d0, 0x9812dd4eb8d321}, - {1, 0, 0, 0}}, - {{0x6d3e678d5d8eb8, 0x559eed1cb362f1, 0x16e9a3bbce8a3f, 0xeedcccd8c2a748}, - {0xf19f90ed50266d, 0xabf2b4bf65f9df, 0x313865468fafec, 0x5cb379ba910a17}, - {1, 0, 0, 0}}, - {{0x0641966cab26e3, 0x91fb2991fab0a0, 0xefec27a4e13a0b, 0x0499aa8a5f8ebe}, - {0x7510407766af5d, 0x84d929610d5450, 0x81d77aae82f706, 0x6916f6d4338c5b}, - {1, 0, 0, 0}}, - {{0xea95ac3b1f15c6, 0x086000905e82d4, 0xdd323ae4d1c8b1, 0x932b56be7685a3}, - {0x9ef93dea25dbbf, 0x41665960f390f0, 0xfdec76dbe2a8a7, 0x523e80f019062a}, - {1, 0, 0, 0}}, - {{0x822fdd26732c73, 0xa01c83531b5d0f, 0x363f37347c1ba4, 0xc391b45c84725c}, - {0xbbd5e1b2d6ad24, 0xddfbcde19dfaec, 0xc393da7e222a7f, 0x1efb7890ede244}, - {1, 0, 0, 0}}, - {{0x4c9e90ca217da1, 0xd11beca79159bb, 0xff8d33c2c98b7c, 0x2610b39409f849}, - {0x44d1352ac64da0, 0xcdbb7b2c46b4fb, 0x966c079b753c89, 0xfe67e4e820b112}, - {1, 0, 0, 0}}, - {{0xe28cae2df5312d, 0xc71b61d16f5c6e, 0x79b7619a3e7c4c, 0x05c73240899b47}, - {0x9f7f6382c73e3a, 0x18615165c56bda, 0x641fab2116fd56, 0x72855882b08394}, - {1, 0, 0, 0}}, - {{0x0469182f161c09, 0x74a98ca8d00fb5, 0xb89da93489a3e0, 0x41c98768fb0c1d}, - {0xe5ea05fb32da81, 0x3dce9ffbca6855, 0x1cfe2d3fbf59e6, 0x0e5e03408738a7}, - {1, 0, 0, 0}}, - {{0xdab22b2333e87f, 0x4430137a5dd2f6, 0xe03ab9f738beb8, 0xcb0c5d0dc34f24}, - {0x764a7df0c8fda5, 0x185ba5c3fa2044, 0x9281d688bcbe50, 0xc40331df893881}, - {1, 0, 0, 0}}, - {{0xb89530796f0f60, 0xade92bd26909a3, 0x1a0c83fb4884da, 0x1765bf22a5a984}, - {0x772a9ee75db09e, 0x23bc6c67cec16f, 0x4c1edba8b14e2f, 0xe2a215d9611369}, - {1, 0, 0, 0}}, - {{0x571e509fb5efb3, 0xade88696410552, 0xc8ae85fada74fe, 0x6c7e4be83bbde3}, - {0xff9f51160f4652, 0xb47ce2495a6539, 0xa2946c53b582f4, 0x286d2db3ee9a60}, - {1, 0, 0, 0}}, - {{0x40bbd5081a44af, 0x0995183b13926c, 0xbcefba6f47f6d0, 0x215619e9cc0057}, - {0x8bc94d3b0df45e, 0xf11c54a3694f6f, 0x8631b93cdfe8b5, 0xe7e3f4b0982db9}, - {1, 0, 0, 0}}, - {{0xb17048ab3e1c7b, 0xac38f36ff8a1d8, 0x1c29819435d2c6, 0xc813132f4c07e9}, - {0x2891425503b11f, 0x08781030579fea, 0xf5426ba5cc9674, 0x1e28ebf18562bc}, - {1, 0, 0, 0}}, - {{0x9f31997cc864eb, 0x06cd91d28b5e4c, 0xff17036691a973, 0xf1aef351497c58}, - {0xdd1f2d600564ff, 0xdead073b1402db, 0x74a684435bd693, 0xeea7471f962558}, - {1, 0, 0, 0}}}, -{{{0, 0, 0, 0}, - {0, 0, 0, 0}, - {0, 0, 0, 0}}, - {{0x9665266dddf554, 0x9613d78b60ef2d, 0xce27a34cdba417, 0xd35ab74d6afc31}, - {0x85ccdd22deb15e, 0x2137e5783a6aab, 0xa141cffd8c93c6, 0x355a1830e90f2d}, - {1, 0, 0, 0}}, - {{0x1a494eadaade65, 0xd6da4da77fe53c, 0xe7992996abec86, 0x65c3553c6090e3}, - {0xfa610b1fb09346, 0xf1c6540b8a4aaf, 0xc51a13ccd3cbab, 0x02995b1b18c28a}, - {1, 0, 0, 0}}, - {{0x7874568e7295ef, 0x86b419fbe38d04, 0xdc0690a7550d9a, 0xd3966a44beac33}, - {0x2b7280ec29132f, 0xbeaa3b6a032df3, 0xdc7dd88ae41200, 0xd25e2513e3a100}, - {1, 0, 0, 0}}, - {{0x924857eb2efafd, 0xac2bce41223190, 0x8edaa1445553fc, 0x825800fd3562d5}, - {0x8d79148ea96621, 0x23a01c3dd9ed8d, 0xaf8b219f9416b5, 0xd8db0cc277daea}, - {1, 0, 0, 0}}, - {{0x76a9c3b1a700f0, 0xe9acd29bc7e691, 0x69212d1a6b0327, 0x6322e97fe154be}, - {0x469fc5465d62aa, 0x8d41ed18883b05, 0x1f8eae66c52b88, 0xe4fcbe9325be51}, - {1, 0, 0, 0}}, - {{0x825fdf583cac16, 0x020b857c7b023a, 0x683c17744b0165, 0x14ffd0a2daf2f1}, - {0x323b36184218f9, 0x4944ec4e3b47d4, 0xc15b3080841acf, 0x0bced4b01a28bb}, - {1, 0, 0, 0}}, - {{0x92ac22230df5c4, 0x52f33b4063eda8, 0xcb3f19870c0c93, 0x40064f2ba65233}, - {0xfe16f0924f8992, 0x012da25af5b517, 0x1a57bb24f723a6, 0x06f8bc76760def}, - {1, 0, 0, 0}}, - {{0x4a7084f7817cb9, 0xbcab0738ee9a78, 0x3ec11e11d9c326, 0xdc0fe90e0f1aae}, - {0xcf639ea5f98390, 0x5c350aa22ffb74, 0x9afae98a4047b7, 0x956ec2d617fc45}, - {1, 0, 0, 0}}, - {{0x4306d648c1be6a, 0x9247cd8bc9a462, 0xf5595e377d2f2e, 0xbd1c3caff1a52e}, - {0x045e14472409d0, 0x29f3e17078f773, 0x745a602b2d4f7d, 0x191837685cdfbb}, - {1, 0, 0, 0}}, - {{0x5b6ee254a8cb79, 0x4953433f5e7026, 0xe21faeb1d1def4, 0xc4c225785c09de}, - {0x307ce7bba1e518, 0x31b125b1036db8, 0x47e91868839e8f, 0xc765866e33b9f3}, - {1, 0, 0, 0}}, - {{0x3bfece24f96906, 0x4794da641e5093, 0xde5df64f95db26, 0x297ecd89714b05}, - {0x701bd3ebb2c3aa, 0x7073b4f53cb1d5, 0x13c5665658af16, 0x9895089d66fe58}, - {1, 0, 0, 0}}, - {{0x0fef05f78c4790, 0x2d773633b05d2e, 0x94229c3a951c94, 0xbbbd70df4911bb}, - {0xb2c6963d2c1168, 0x105f47a72b0d73, 0x9fdf6111614080, 0x7b7e94b39e67b0}, - {1, 0, 0, 0}}, - {{0xad1a7d6efbe2b3, 0xf012482c0da69d, 0x6b3bdf12438345, 0x40d7558d7aa4d9}, - {0x8a09fffb5c6d3d, 0x9a356e5d9ffd38, 0x5973f15f4f9b1c, 0xdcd5f59f63c3ea}, - {1, 0, 0, 0}}, - {{0xacf39f4c5ca7ab, 0x4c8071cc5fd737, 0xc64e3602cd1184, 0x0acd4644c9abba}, - {0x6c011a36d8bf6e, 0xfecd87ba24e32a, 0x19f6f56574fad8, 0x050b204ced9405}, - {1, 0, 0, 0}}, - {{0xed4f1cae7d9a96, 0x5ceef7ad94c40a, 0x778e4a3bf3ef9b, 0x7405783dc3b55e}, - {0x32477c61b6e8c6, 0xb46a97570f018b, 0x91176d0a7e95d1, 0x3df90fbc4c7d0e}, - {1, 0, 0, 0}}} -}; - -/* Precomputation for the group generator. */ -struct nistp224_pre_comp_st { - felem g_pre_comp[2][16][3]; - CRYPTO_REF_COUNT references; - CRYPTO_RWLOCK *lock; -}; - -const EC_METHOD *EC_GFp_nistp224_method(void) -{ - static const EC_METHOD ret = { - EC_FLAGS_DEFAULT_OCT, - NID_X9_62_prime_field, - ossl_ec_GFp_nistp224_group_init, - ossl_ec_GFp_simple_group_finish, - ossl_ec_GFp_simple_group_clear_finish, - ossl_ec_GFp_nist_group_copy, - ossl_ec_GFp_nistp224_group_set_curve, - ossl_ec_GFp_simple_group_get_curve, - ossl_ec_GFp_simple_group_get_degree, - ossl_ec_group_simple_order_bits, - ossl_ec_GFp_simple_group_check_discriminant, - ossl_ec_GFp_simple_point_init, - ossl_ec_GFp_simple_point_finish, - ossl_ec_GFp_simple_point_clear_finish, - ossl_ec_GFp_simple_point_copy, - ossl_ec_GFp_simple_point_set_to_infinity, - ossl_ec_GFp_simple_point_set_affine_coordinates, - ossl_ec_GFp_nistp224_point_get_affine_coordinates, - 0 /* point_set_compressed_coordinates */ , - 0 /* point2oct */ , - 0 /* oct2point */ , - ossl_ec_GFp_simple_add, - ossl_ec_GFp_simple_dbl, - ossl_ec_GFp_simple_invert, - ossl_ec_GFp_simple_is_at_infinity, - ossl_ec_GFp_simple_is_on_curve, - ossl_ec_GFp_simple_cmp, - ossl_ec_GFp_simple_make_affine, - ossl_ec_GFp_simple_points_make_affine, - ossl_ec_GFp_nistp224_points_mul, - ossl_ec_GFp_nistp224_precompute_mult, - ossl_ec_GFp_nistp224_have_precompute_mult, - ossl_ec_GFp_nist_field_mul, - ossl_ec_GFp_nist_field_sqr, - 0 /* field_div */ , - ossl_ec_GFp_simple_field_inv, - 0 /* field_encode */ , - 0 /* field_decode */ , - 0, /* field_set_to_one */ - ossl_ec_key_simple_priv2oct, - ossl_ec_key_simple_oct2priv, - 0, /* set private */ - ossl_ec_key_simple_generate_key, - ossl_ec_key_simple_check_key, - ossl_ec_key_simple_generate_public_key, - 0, /* keycopy */ - 0, /* keyfinish */ - ossl_ecdh_simple_compute_key, - ossl_ecdsa_simple_sign_setup, - ossl_ecdsa_simple_sign_sig, - ossl_ecdsa_simple_verify_sig, - 0, /* field_inverse_mod_ord */ - 0, /* blind_coordinates */ - 0, /* ladder_pre */ - 0, /* ladder_step */ - 0 /* ladder_post */ - }; - - return &ret; -} - -/* - * Helper functions to convert field elements to/from internal representation - */ -static void bin28_to_felem(felem out, const u8 in[28]) -{ - out[0] = *((const limb *)(in)) & 0x00ffffffffffffff; - out[1] = (*((const limb_aX *)(in + 7))) & 0x00ffffffffffffff; - out[2] = (*((const limb_aX *)(in + 14))) & 0x00ffffffffffffff; - out[3] = (*((const limb_aX *)(in + 20))) >> 8; -} - -static void felem_to_bin28(u8 out[28], const felem in) -{ - unsigned i; - for (i = 0; i < 7; ++i) { - out[i] = in[0] >> (8 * i); - out[i + 7] = in[1] >> (8 * i); - out[i + 14] = in[2] >> (8 * i); - out[i + 21] = in[3] >> (8 * i); - } -} - -/* From OpenSSL BIGNUM to internal representation */ -static int BN_to_felem(felem out, const BIGNUM *bn) -{ - felem_bytearray b_out; - int num_bytes; - - if (BN_is_negative(bn)) { - ERR_raise(ERR_LIB_EC, EC_R_BIGNUM_OUT_OF_RANGE); - return 0; - } - num_bytes = BN_bn2lebinpad(bn, b_out, sizeof(b_out)); - if (num_bytes < 0) { - ERR_raise(ERR_LIB_EC, EC_R_BIGNUM_OUT_OF_RANGE); - return 0; - } - bin28_to_felem(out, b_out); - return 1; -} - -/* From internal representation to OpenSSL BIGNUM */ -static BIGNUM *felem_to_BN(BIGNUM *out, const felem in) -{ - felem_bytearray b_out; - felem_to_bin28(b_out, in); - return BN_lebin2bn(b_out, sizeof(b_out), out); -} - -/******************************************************************************/ -/*- - * FIELD OPERATIONS - * - * Field operations, using the internal representation of field elements. - * NB! These operations are specific to our point multiplication and cannot be - * expected to be correct in general - e.g., multiplication with a large scalar - * will cause an overflow. - * - */ - -static void felem_one(felem out) -{ - out[0] = 1; - out[1] = 0; - out[2] = 0; - out[3] = 0; -} - -static void felem_assign(felem out, const felem in) -{ - out[0] = in[0]; - out[1] = in[1]; - out[2] = in[2]; - out[3] = in[3]; -} - -/* Sum two field elements: out += in */ -static void felem_sum(felem out, const felem in) -{ - out[0] += in[0]; - out[1] += in[1]; - out[2] += in[2]; - out[3] += in[3]; -} - -/* Subtract field elements: out -= in */ -/* Assumes in[i] < 2^57 */ -static void felem_diff(felem out, const felem in) -{ - static const limb two58p2 = (((limb) 1) << 58) + (((limb) 1) << 2); - static const limb two58m2 = (((limb) 1) << 58) - (((limb) 1) << 2); - static const limb two58m42m2 = (((limb) 1) << 58) - - (((limb) 1) << 42) - (((limb) 1) << 2); - - /* Add 0 mod 2^224-2^96+1 to ensure out > in */ - out[0] += two58p2; - out[1] += two58m42m2; - out[2] += two58m2; - out[3] += two58m2; - - out[0] -= in[0]; - out[1] -= in[1]; - out[2] -= in[2]; - out[3] -= in[3]; -} - -/* Subtract in unreduced 128-bit mode: out -= in */ -/* Assumes in[i] < 2^119 */ -static void widefelem_diff(widefelem out, const widefelem in) -{ - static const widelimb two120 = ((widelimb) 1) << 120; - static const widelimb two120m64 = (((widelimb) 1) << 120) - - (((widelimb) 1) << 64); - static const widelimb two120m104m64 = (((widelimb) 1) << 120) - - (((widelimb) 1) << 104) - (((widelimb) 1) << 64); - - /* Add 0 mod 2^224-2^96+1 to ensure out > in */ - out[0] += two120; - out[1] += two120m64; - out[2] += two120m64; - out[3] += two120; - out[4] += two120m104m64; - out[5] += two120m64; - out[6] += two120m64; - - out[0] -= in[0]; - out[1] -= in[1]; - out[2] -= in[2]; - out[3] -= in[3]; - out[4] -= in[4]; - out[5] -= in[5]; - out[6] -= in[6]; -} - -/* Subtract in mixed mode: out128 -= in64 */ -/* in[i] < 2^63 */ -static void felem_diff_128_64(widefelem out, const felem in) -{ - static const widelimb two64p8 = (((widelimb) 1) << 64) + - (((widelimb) 1) << 8); - static const widelimb two64m8 = (((widelimb) 1) << 64) - - (((widelimb) 1) << 8); - static const widelimb two64m48m8 = (((widelimb) 1) << 64) - - (((widelimb) 1) << 48) - (((widelimb) 1) << 8); - - /* Add 0 mod 2^224-2^96+1 to ensure out > in */ - out[0] += two64p8; - out[1] += two64m48m8; - out[2] += two64m8; - out[3] += two64m8; - - out[0] -= in[0]; - out[1] -= in[1]; - out[2] -= in[2]; - out[3] -= in[3]; -} - -/* - * Multiply a field element by a scalar: out = out * scalar The scalars we - * actually use are small, so results fit without overflow - */ -static void felem_scalar(felem out, const limb scalar) -{ - out[0] *= scalar; - out[1] *= scalar; - out[2] *= scalar; - out[3] *= scalar; -} - -/* - * Multiply an unreduced field element by a scalar: out = out * scalar The - * scalars we actually use are small, so results fit without overflow - */ -static void widefelem_scalar(widefelem out, const widelimb scalar) -{ - out[0] *= scalar; - out[1] *= scalar; - out[2] *= scalar; - out[3] *= scalar; - out[4] *= scalar; - out[5] *= scalar; - out[6] *= scalar; -} - -/* Square a field element: out = in^2 */ -static void felem_square(widefelem out, const felem in) -{ - limb tmp0, tmp1, tmp2; - tmp0 = 2 * in[0]; - tmp1 = 2 * in[1]; - tmp2 = 2 * in[2]; - out[0] = ((widelimb) in[0]) * in[0]; - out[1] = ((widelimb) in[0]) * tmp1; - out[2] = ((widelimb) in[0]) * tmp2 + ((widelimb) in[1]) * in[1]; - out[3] = ((widelimb) in[3]) * tmp0 + ((widelimb) in[1]) * tmp2; - out[4] = ((widelimb) in[3]) * tmp1 + ((widelimb) in[2]) * in[2]; - out[5] = ((widelimb) in[3]) * tmp2; - out[6] = ((widelimb) in[3]) * in[3]; -} - -/* Multiply two field elements: out = in1 * in2 */ -static void felem_mul(widefelem out, const felem in1, const felem in2) -{ - out[0] = ((widelimb) in1[0]) * in2[0]; - out[1] = ((widelimb) in1[0]) * in2[1] + ((widelimb) in1[1]) * in2[0]; - out[2] = ((widelimb) in1[0]) * in2[2] + ((widelimb) in1[1]) * in2[1] + - ((widelimb) in1[2]) * in2[0]; - out[3] = ((widelimb) in1[0]) * in2[3] + ((widelimb) in1[1]) * in2[2] + - ((widelimb) in1[2]) * in2[1] + ((widelimb) in1[3]) * in2[0]; - out[4] = ((widelimb) in1[1]) * in2[3] + ((widelimb) in1[2]) * in2[2] + - ((widelimb) in1[3]) * in2[1]; - out[5] = ((widelimb) in1[2]) * in2[3] + ((widelimb) in1[3]) * in2[2]; - out[6] = ((widelimb) in1[3]) * in2[3]; -} - -/*- - * Reduce seven 128-bit coefficients to four 64-bit coefficients. - * Requires in[i] < 2^126, - * ensures out[0] < 2^56, out[1] < 2^56, out[2] < 2^56, out[3] <= 2^56 + 2^16 */ -static void felem_reduce(felem out, const widefelem in) -{ - static const widelimb two127p15 = (((widelimb) 1) << 127) + - (((widelimb) 1) << 15); - static const widelimb two127m71 = (((widelimb) 1) << 127) - - (((widelimb) 1) << 71); - static const widelimb two127m71m55 = (((widelimb) 1) << 127) - - (((widelimb) 1) << 71) - (((widelimb) 1) << 55); - widelimb output[5]; - - /* Add 0 mod 2^224-2^96+1 to ensure all differences are positive */ - output[0] = in[0] + two127p15; - output[1] = in[1] + two127m71m55; - output[2] = in[2] + two127m71; - output[3] = in[3]; - output[4] = in[4]; - - /* Eliminate in[4], in[5], in[6] */ - output[4] += in[6] >> 16; - output[3] += (in[6] & 0xffff) << 40; - output[2] -= in[6]; - - output[3] += in[5] >> 16; - output[2] += (in[5] & 0xffff) << 40; - output[1] -= in[5]; - - output[2] += output[4] >> 16; - output[1] += (output[4] & 0xffff) << 40; - output[0] -= output[4]; - - /* Carry 2 -> 3 -> 4 */ - output[3] += output[2] >> 56; - output[2] &= 0x00ffffffffffffff; - - output[4] = output[3] >> 56; - output[3] &= 0x00ffffffffffffff; - - /* Now output[2] < 2^56, output[3] < 2^56, output[4] < 2^72 */ - - /* Eliminate output[4] */ - output[2] += output[4] >> 16; - /* output[2] < 2^56 + 2^56 = 2^57 */ - output[1] += (output[4] & 0xffff) << 40; - output[0] -= output[4]; - - /* Carry 0 -> 1 -> 2 -> 3 */ - output[1] += output[0] >> 56; - out[0] = output[0] & 0x00ffffffffffffff; - - output[2] += output[1] >> 56; - /* output[2] < 2^57 + 2^72 */ - out[1] = output[1] & 0x00ffffffffffffff; - output[3] += output[2] >> 56; - /* output[3] <= 2^56 + 2^16 */ - out[2] = output[2] & 0x00ffffffffffffff; - - /*- - * out[0] < 2^56, out[1] < 2^56, out[2] < 2^56, - * out[3] <= 2^56 + 2^16 (due to final carry), - * so out < 2*p - */ - out[3] = output[3]; -} - -static void felem_square_reduce(felem out, const felem in) -{ - widefelem tmp; - felem_square(tmp, in); - felem_reduce(out, tmp); -} - -static void felem_mul_reduce(felem out, const felem in1, const felem in2) -{ - widefelem tmp; - felem_mul(tmp, in1, in2); - felem_reduce(out, tmp); -} - -/* - * Reduce to unique minimal representation. Requires 0 <= in < 2*p (always - * call felem_reduce first) - */ -static void felem_contract(felem out, const felem in) -{ - static const int64_t two56 = ((limb) 1) << 56; - /* 0 <= in < 2*p, p = 2^224 - 2^96 + 1 */ - /* if in > p , reduce in = in - 2^224 + 2^96 - 1 */ - int64_t tmp[4], a; - tmp[0] = in[0]; - tmp[1] = in[1]; - tmp[2] = in[2]; - tmp[3] = in[3]; - /* Case 1: a = 1 iff in >= 2^224 */ - a = (in[3] >> 56); - tmp[0] -= a; - tmp[1] += a << 40; - tmp[3] &= 0x00ffffffffffffff; - /* - * Case 2: a = 0 iff p <= in < 2^224, i.e., the high 128 bits are all 1 - * and the lower part is non-zero - */ - a = ((in[3] & in[2] & (in[1] | 0x000000ffffffffff)) + 1) | - (((int64_t) (in[0] + (in[1] & 0x000000ffffffffff)) - 1) >> 63); - a &= 0x00ffffffffffffff; - /* turn a into an all-one mask (if a = 0) or an all-zero mask */ - a = (a - 1) >> 63; - /* subtract 2^224 - 2^96 + 1 if a is all-one */ - tmp[3] &= a ^ 0xffffffffffffffff; - tmp[2] &= a ^ 0xffffffffffffffff; - tmp[1] &= (a ^ 0xffffffffffffffff) | 0x000000ffffffffff; - tmp[0] -= 1 & a; - - /* - * eliminate negative coefficients: if tmp[0] is negative, tmp[1] must be - * non-zero, so we only need one step - */ - a = tmp[0] >> 63; - tmp[0] += two56 & a; - tmp[1] -= 1 & a; - - /* carry 1 -> 2 -> 3 */ - tmp[2] += tmp[1] >> 56; - tmp[1] &= 0x00ffffffffffffff; - - tmp[3] += tmp[2] >> 56; - tmp[2] &= 0x00ffffffffffffff; - - /* Now 0 <= out < p */ - out[0] = tmp[0]; - out[1] = tmp[1]; - out[2] = tmp[2]; - out[3] = tmp[3]; -} - -/* - * Get negative value: out = -in - * Requires in[i] < 2^63, - * ensures out[0] < 2^56, out[1] < 2^56, out[2] < 2^56, out[3] <= 2^56 + 2^16 - */ -static void felem_neg(felem out, const felem in) -{ - widefelem tmp; - - memset(tmp, 0, sizeof(tmp)); - felem_diff_128_64(tmp, in); - felem_reduce(out, tmp); -} - -/* - * Zero-check: returns 1 if input is 0, and 0 otherwise. We know that field - * elements are reduced to in < 2^225, so we only need to check three cases: - * 0, 2^224 - 2^96 + 1, and 2^225 - 2^97 + 2 - */ -static limb felem_is_zero(const felem in) -{ - limb zero, two224m96p1, two225m97p2; - - zero = in[0] | in[1] | in[2] | in[3]; - zero = (((int64_t) (zero) - 1) >> 63) & 1; - two224m96p1 = (in[0] ^ 1) | (in[1] ^ 0x00ffff0000000000) - | (in[2] ^ 0x00ffffffffffffff) | (in[3] ^ 0x00ffffffffffffff); - two224m96p1 = (((int64_t) (two224m96p1) - 1) >> 63) & 1; - two225m97p2 = (in[0] ^ 2) | (in[1] ^ 0x00fffe0000000000) - | (in[2] ^ 0x00ffffffffffffff) | (in[3] ^ 0x01ffffffffffffff); - two225m97p2 = (((int64_t) (two225m97p2) - 1) >> 63) & 1; - return (zero | two224m96p1 | two225m97p2); -} - -static int felem_is_zero_int(const void *in) -{ - return (int)(felem_is_zero(in) & ((limb) 1)); -} - -/* Invert a field element */ -/* Computation chain copied from djb's code */ -static void felem_inv(felem out, const felem in) -{ - felem ftmp, ftmp2, ftmp3, ftmp4; - widefelem tmp; - unsigned i; - - felem_square(tmp, in); - felem_reduce(ftmp, tmp); /* 2 */ - felem_mul(tmp, in, ftmp); - felem_reduce(ftmp, tmp); /* 2^2 - 1 */ - felem_square(tmp, ftmp); - felem_reduce(ftmp, tmp); /* 2^3 - 2 */ - felem_mul(tmp, in, ftmp); - felem_reduce(ftmp, tmp); /* 2^3 - 1 */ - felem_square(tmp, ftmp); - felem_reduce(ftmp2, tmp); /* 2^4 - 2 */ - felem_square(tmp, ftmp2); - felem_reduce(ftmp2, tmp); /* 2^5 - 4 */ - felem_square(tmp, ftmp2); - felem_reduce(ftmp2, tmp); /* 2^6 - 8 */ - felem_mul(tmp, ftmp2, ftmp); - felem_reduce(ftmp, tmp); /* 2^6 - 1 */ - felem_square(tmp, ftmp); - felem_reduce(ftmp2, tmp); /* 2^7 - 2 */ - for (i = 0; i < 5; ++i) { /* 2^12 - 2^6 */ - felem_square(tmp, ftmp2); - felem_reduce(ftmp2, tmp); - } - felem_mul(tmp, ftmp2, ftmp); - felem_reduce(ftmp2, tmp); /* 2^12 - 1 */ - felem_square(tmp, ftmp2); - felem_reduce(ftmp3, tmp); /* 2^13 - 2 */ - for (i = 0; i < 11; ++i) { /* 2^24 - 2^12 */ - felem_square(tmp, ftmp3); - felem_reduce(ftmp3, tmp); - } - felem_mul(tmp, ftmp3, ftmp2); - felem_reduce(ftmp2, tmp); /* 2^24 - 1 */ - felem_square(tmp, ftmp2); - felem_reduce(ftmp3, tmp); /* 2^25 - 2 */ - for (i = 0; i < 23; ++i) { /* 2^48 - 2^24 */ - felem_square(tmp, ftmp3); - felem_reduce(ftmp3, tmp); - } - felem_mul(tmp, ftmp3, ftmp2); - felem_reduce(ftmp3, tmp); /* 2^48 - 1 */ - felem_square(tmp, ftmp3); - felem_reduce(ftmp4, tmp); /* 2^49 - 2 */ - for (i = 0; i < 47; ++i) { /* 2^96 - 2^48 */ - felem_square(tmp, ftmp4); - felem_reduce(ftmp4, tmp); - } - felem_mul(tmp, ftmp3, ftmp4); - felem_reduce(ftmp3, tmp); /* 2^96 - 1 */ - felem_square(tmp, ftmp3); - felem_reduce(ftmp4, tmp); /* 2^97 - 2 */ - for (i = 0; i < 23; ++i) { /* 2^120 - 2^24 */ - felem_square(tmp, ftmp4); - felem_reduce(ftmp4, tmp); - } - felem_mul(tmp, ftmp2, ftmp4); - felem_reduce(ftmp2, tmp); /* 2^120 - 1 */ - for (i = 0; i < 6; ++i) { /* 2^126 - 2^6 */ - felem_square(tmp, ftmp2); - felem_reduce(ftmp2, tmp); - } - felem_mul(tmp, ftmp2, ftmp); - felem_reduce(ftmp, tmp); /* 2^126 - 1 */ - felem_square(tmp, ftmp); - felem_reduce(ftmp, tmp); /* 2^127 - 2 */ - felem_mul(tmp, ftmp, in); - felem_reduce(ftmp, tmp); /* 2^127 - 1 */ - for (i = 0; i < 97; ++i) { /* 2^224 - 2^97 */ - felem_square(tmp, ftmp); - felem_reduce(ftmp, tmp); - } - felem_mul(tmp, ftmp, ftmp3); - felem_reduce(out, tmp); /* 2^224 - 2^96 - 1 */ -} - -/* - * Copy in constant time: if icopy == 1, copy in to out, if icopy == 0, copy - * out to itself. - */ -static void copy_conditional(felem out, const felem in, limb icopy) -{ - unsigned i; - /* - * icopy is a (64-bit) 0 or 1, so copy is either all-zero or all-one - */ - const limb copy = -icopy; - for (i = 0; i < 4; ++i) { - const limb tmp = copy & (in[i] ^ out[i]); - out[i] ^= tmp; - } -} - -/******************************************************************************/ -/*- - * ELLIPTIC CURVE POINT OPERATIONS - * - * Points are represented in Jacobian projective coordinates: - * (X, Y, Z) corresponds to the affine point (X/Z^2, Y/Z^3), - * or to the point at infinity if Z == 0. - * - */ - -/*- - * Double an elliptic curve point: - * (X', Y', Z') = 2 * (X, Y, Z), where - * X' = (3 * (X - Z^2) * (X + Z^2))^2 - 8 * X * Y^2 - * Y' = 3 * (X - Z^2) * (X + Z^2) * (4 * X * Y^2 - X') - 8 * Y^4 - * Z' = (Y + Z)^2 - Y^2 - Z^2 = 2 * Y * Z - * Outputs can equal corresponding inputs, i.e., x_out == x_in is allowed, - * while x_out == y_in is not (maybe this works, but it's not tested). - */ -static void -point_double(felem x_out, felem y_out, felem z_out, - const felem x_in, const felem y_in, const felem z_in) -{ - widefelem tmp, tmp2; - felem delta, gamma, beta, alpha, ftmp, ftmp2; - - felem_assign(ftmp, x_in); - felem_assign(ftmp2, x_in); - - /* delta = z^2 */ - felem_square(tmp, z_in); - felem_reduce(delta, tmp); - - /* gamma = y^2 */ - felem_square(tmp, y_in); - felem_reduce(gamma, tmp); - - /* beta = x*gamma */ - felem_mul(tmp, x_in, gamma); - felem_reduce(beta, tmp); - - /* alpha = 3*(x-delta)*(x+delta) */ - felem_diff(ftmp, delta); - /* ftmp[i] < 2^57 + 2^58 + 2 < 2^59 */ - felem_sum(ftmp2, delta); - /* ftmp2[i] < 2^57 + 2^57 = 2^58 */ - felem_scalar(ftmp2, 3); - /* ftmp2[i] < 3 * 2^58 < 2^60 */ - felem_mul(tmp, ftmp, ftmp2); - /* tmp[i] < 2^60 * 2^59 * 4 = 2^121 */ - felem_reduce(alpha, tmp); - - /* x' = alpha^2 - 8*beta */ - felem_square(tmp, alpha); - /* tmp[i] < 4 * 2^57 * 2^57 = 2^116 */ - felem_assign(ftmp, beta); - felem_scalar(ftmp, 8); - /* ftmp[i] < 8 * 2^57 = 2^60 */ - felem_diff_128_64(tmp, ftmp); - /* tmp[i] < 2^116 + 2^64 + 8 < 2^117 */ - felem_reduce(x_out, tmp); - - /* z' = (y + z)^2 - gamma - delta */ - felem_sum(delta, gamma); - /* delta[i] < 2^57 + 2^57 = 2^58 */ - felem_assign(ftmp, y_in); - felem_sum(ftmp, z_in); - /* ftmp[i] < 2^57 + 2^57 = 2^58 */ - felem_square(tmp, ftmp); - /* tmp[i] < 4 * 2^58 * 2^58 = 2^118 */ - felem_diff_128_64(tmp, delta); - /* tmp[i] < 2^118 + 2^64 + 8 < 2^119 */ - felem_reduce(z_out, tmp); - - /* y' = alpha*(4*beta - x') - 8*gamma^2 */ - felem_scalar(beta, 4); - /* beta[i] < 4 * 2^57 = 2^59 */ - felem_diff(beta, x_out); - /* beta[i] < 2^59 + 2^58 + 2 < 2^60 */ - felem_mul(tmp, alpha, beta); - /* tmp[i] < 4 * 2^57 * 2^60 = 2^119 */ - felem_square(tmp2, gamma); - /* tmp2[i] < 4 * 2^57 * 2^57 = 2^116 */ - widefelem_scalar(tmp2, 8); - /* tmp2[i] < 8 * 2^116 = 2^119 */ - widefelem_diff(tmp, tmp2); - /* tmp[i] < 2^119 + 2^120 < 2^121 */ - felem_reduce(y_out, tmp); -} - -/*- - * Add two elliptic curve points: - * (X_1, Y_1, Z_1) + (X_2, Y_2, Z_2) = (X_3, Y_3, Z_3), where - * X_3 = (Z_1^3 * Y_2 - Z_2^3 * Y_1)^2 - (Z_1^2 * X_2 - Z_2^2 * X_1)^3 - - * 2 * Z_2^2 * X_1 * (Z_1^2 * X_2 - Z_2^2 * X_1)^2 - * Y_3 = (Z_1^3 * Y_2 - Z_2^3 * Y_1) * (Z_2^2 * X_1 * (Z_1^2 * X_2 - Z_2^2 * X_1)^2 - X_3) - - * Z_2^3 * Y_1 * (Z_1^2 * X_2 - Z_2^2 * X_1)^3 - * Z_3 = (Z_1^2 * X_2 - Z_2^2 * X_1) * (Z_1 * Z_2) - * - * This runs faster if 'mixed' is set, which requires Z_2 = 1 or Z_2 = 0. - */ - -/* - * This function is not entirely constant-time: it includes a branch for - * checking whether the two input points are equal, (while not equal to the - * point at infinity). This case never happens during single point - * multiplication, so there is no timing leak for ECDH or ECDSA signing. - */ -static void point_add(felem x3, felem y3, felem z3, - const felem x1, const felem y1, const felem z1, - const int mixed, const felem x2, const felem y2, - const felem z2) -{ - felem ftmp, ftmp2, ftmp3, ftmp4, ftmp5, x_out, y_out, z_out; - widefelem tmp, tmp2; - limb z1_is_zero, z2_is_zero, x_equal, y_equal; - limb points_equal; - - if (!mixed) { - /* ftmp2 = z2^2 */ - felem_square(tmp, z2); - felem_reduce(ftmp2, tmp); - - /* ftmp4 = z2^3 */ - felem_mul(tmp, ftmp2, z2); - felem_reduce(ftmp4, tmp); - - /* ftmp4 = z2^3*y1 */ - felem_mul(tmp2, ftmp4, y1); - felem_reduce(ftmp4, tmp2); - - /* ftmp2 = z2^2*x1 */ - felem_mul(tmp2, ftmp2, x1); - felem_reduce(ftmp2, tmp2); - } else { - /* - * We'll assume z2 = 1 (special case z2 = 0 is handled later) - */ - - /* ftmp4 = z2^3*y1 */ - felem_assign(ftmp4, y1); - - /* ftmp2 = z2^2*x1 */ - felem_assign(ftmp2, x1); - } - - /* ftmp = z1^2 */ - felem_square(tmp, z1); - felem_reduce(ftmp, tmp); - - /* ftmp3 = z1^3 */ - felem_mul(tmp, ftmp, z1); - felem_reduce(ftmp3, tmp); - - /* tmp = z1^3*y2 */ - felem_mul(tmp, ftmp3, y2); - /* tmp[i] < 4 * 2^57 * 2^57 = 2^116 */ - - /* ftmp3 = z1^3*y2 - z2^3*y1 */ - felem_diff_128_64(tmp, ftmp4); - /* tmp[i] < 2^116 + 2^64 + 8 < 2^117 */ - felem_reduce(ftmp3, tmp); - - /* tmp = z1^2*x2 */ - felem_mul(tmp, ftmp, x2); - /* tmp[i] < 4 * 2^57 * 2^57 = 2^116 */ - - /* ftmp = z1^2*x2 - z2^2*x1 */ - felem_diff_128_64(tmp, ftmp2); - /* tmp[i] < 2^116 + 2^64 + 8 < 2^117 */ - felem_reduce(ftmp, tmp); - - /* - * The formulae are incorrect if the points are equal, in affine coordinates - * (X_1, Y_1) == (X_2, Y_2), so we check for this and do doubling if this - * happens. - * - * We use bitwise operations to avoid potential side-channels introduced by - * the short-circuiting behaviour of boolean operators. - */ - x_equal = felem_is_zero(ftmp); - y_equal = felem_is_zero(ftmp3); - /* - * The special case of either point being the point at infinity (z1 and/or - * z2 are zero), is handled separately later on in this function, so we - * avoid jumping to point_double here in those special cases. - */ - z1_is_zero = felem_is_zero(z1); - z2_is_zero = felem_is_zero(z2); - - /* - * Compared to `ecp_nistp256.c` and `ecp_nistp521.c`, in this - * specific implementation `felem_is_zero()` returns truth as `0x1` - * (rather than `0xff..ff`). - * - * This implies that `~true` in this implementation becomes - * `0xff..fe` (rather than `0x0`): for this reason, to be used in - * the if expression, we mask out only the last bit in the next - * line. - */ - points_equal = (x_equal & y_equal & (~z1_is_zero) & (~z2_is_zero)) & 1; - - if (points_equal) { - /* - * This is obviously not constant-time but, as mentioned before, this - * case never happens during single point multiplication, so there is no - * timing leak for ECDH or ECDSA signing. - */ - point_double(x3, y3, z3, x1, y1, z1); - return; - } - - /* ftmp5 = z1*z2 */ - if (!mixed) { - felem_mul(tmp, z1, z2); - felem_reduce(ftmp5, tmp); - } else { - /* special case z2 = 0 is handled later */ - felem_assign(ftmp5, z1); - } - - /* z_out = (z1^2*x2 - z2^2*x1)*(z1*z2) */ - felem_mul(tmp, ftmp, ftmp5); - felem_reduce(z_out, tmp); - - /* ftmp = (z1^2*x2 - z2^2*x1)^2 */ - felem_assign(ftmp5, ftmp); - felem_square(tmp, ftmp); - felem_reduce(ftmp, tmp); - - /* ftmp5 = (z1^2*x2 - z2^2*x1)^3 */ - felem_mul(tmp, ftmp, ftmp5); - felem_reduce(ftmp5, tmp); - - /* ftmp2 = z2^2*x1*(z1^2*x2 - z2^2*x1)^2 */ - felem_mul(tmp, ftmp2, ftmp); - felem_reduce(ftmp2, tmp); - - /* tmp = z2^3*y1*(z1^2*x2 - z2^2*x1)^3 */ - felem_mul(tmp, ftmp4, ftmp5); - /* tmp[i] < 4 * 2^57 * 2^57 = 2^116 */ - - /* tmp2 = (z1^3*y2 - z2^3*y1)^2 */ - felem_square(tmp2, ftmp3); - /* tmp2[i] < 4 * 2^57 * 2^57 < 2^116 */ - - /* tmp2 = (z1^3*y2 - z2^3*y1)^2 - (z1^2*x2 - z2^2*x1)^3 */ - felem_diff_128_64(tmp2, ftmp5); - /* tmp2[i] < 2^116 + 2^64 + 8 < 2^117 */ - - /* ftmp5 = 2*z2^2*x1*(z1^2*x2 - z2^2*x1)^2 */ - felem_assign(ftmp5, ftmp2); - felem_scalar(ftmp5, 2); - /* ftmp5[i] < 2 * 2^57 = 2^58 */ - - /*- - * x_out = (z1^3*y2 - z2^3*y1)^2 - (z1^2*x2 - z2^2*x1)^3 - - * 2*z2^2*x1*(z1^2*x2 - z2^2*x1)^2 - */ - felem_diff_128_64(tmp2, ftmp5); - /* tmp2[i] < 2^117 + 2^64 + 8 < 2^118 */ - felem_reduce(x_out, tmp2); - - /* ftmp2 = z2^2*x1*(z1^2*x2 - z2^2*x1)^2 - x_out */ - felem_diff(ftmp2, x_out); - /* ftmp2[i] < 2^57 + 2^58 + 2 < 2^59 */ - - /* - * tmp2 = (z1^3*y2 - z2^3*y1)*(z2^2*x1*(z1^2*x2 - z2^2*x1)^2 - x_out) - */ - felem_mul(tmp2, ftmp3, ftmp2); - /* tmp2[i] < 4 * 2^57 * 2^59 = 2^118 */ - - /*- - * y_out = (z1^3*y2 - z2^3*y1)*(z2^2*x1*(z1^2*x2 - z2^2*x1)^2 - x_out) - - * z2^3*y1*(z1^2*x2 - z2^2*x1)^3 - */ - widefelem_diff(tmp2, tmp); - /* tmp2[i] < 2^118 + 2^120 < 2^121 */ - felem_reduce(y_out, tmp2); - - /* - * the result (x_out, y_out, z_out) is incorrect if one of the inputs is - * the point at infinity, so we need to check for this separately - */ - - /* - * if point 1 is at infinity, copy point 2 to output, and vice versa - */ - copy_conditional(x_out, x2, z1_is_zero); - copy_conditional(x_out, x1, z2_is_zero); - copy_conditional(y_out, y2, z1_is_zero); - copy_conditional(y_out, y1, z2_is_zero); - copy_conditional(z_out, z2, z1_is_zero); - copy_conditional(z_out, z1, z2_is_zero); - felem_assign(x3, x_out); - felem_assign(y3, y_out); - felem_assign(z3, z_out); -} - -/* - * select_point selects the |idx|th point from a precomputation table and - * copies it to out. - * The pre_comp array argument should be size of |size| argument - */ -static void select_point(const u64 idx, unsigned int size, - const felem pre_comp[][3], felem out[3]) -{ - unsigned i, j; - limb *outlimbs = &out[0][0]; - - memset(out, 0, sizeof(*out) * 3); - for (i = 0; i < size; i++) { - const limb *inlimbs = &pre_comp[i][0][0]; - u64 mask = i ^ idx; - mask |= mask >> 4; - mask |= mask >> 2; - mask |= mask >> 1; - mask &= 1; - mask--; - for (j = 0; j < 4 * 3; j++) - outlimbs[j] |= inlimbs[j] & mask; - } -} - -/* get_bit returns the |i|th bit in |in| */ -static char get_bit(const felem_bytearray in, unsigned i) -{ - if (i >= 224) - return 0; - return (in[i >> 3] >> (i & 7)) & 1; -} - -/* - * Interleaved point multiplication using precomputed point multiples: The - * small point multiples 0*P, 1*P, ..., 16*P are in pre_comp[], the scalars - * in scalars[]. If g_scalar is non-NULL, we also add this multiple of the - * generator, using certain (large) precomputed multiples in g_pre_comp. - * Output point (X, Y, Z) is stored in x_out, y_out, z_out - */ -static void batch_mul(felem x_out, felem y_out, felem z_out, - const felem_bytearray scalars[], - const unsigned num_points, const u8 *g_scalar, - const int mixed, const felem pre_comp[][17][3], - const felem g_pre_comp[2][16][3]) -{ - int i, skip; - unsigned num; - unsigned gen_mul = (g_scalar != NULL); - felem nq[3], tmp[4]; - u64 bits; - u8 sign, digit; - - /* set nq to the point at infinity */ - memset(nq, 0, sizeof(nq)); - - /* - * Loop over all scalars msb-to-lsb, interleaving additions of multiples - * of the generator (two in each of the last 28 rounds) and additions of - * other points multiples (every 5th round). - */ - skip = 1; /* save two point operations in the first - * round */ - for (i = (num_points ? 220 : 27); i >= 0; --i) { - /* double */ - if (!skip) - point_double(nq[0], nq[1], nq[2], nq[0], nq[1], nq[2]); - - /* add multiples of the generator */ - if (gen_mul && (i <= 27)) { - /* first, look 28 bits upwards */ - bits = get_bit(g_scalar, i + 196) << 3; - bits |= get_bit(g_scalar, i + 140) << 2; - bits |= get_bit(g_scalar, i + 84) << 1; - bits |= get_bit(g_scalar, i + 28); - /* select the point to add, in constant time */ - select_point(bits, 16, g_pre_comp[1], tmp); - - if (!skip) { - /* value 1 below is argument for "mixed" */ - point_add(nq[0], nq[1], nq[2], - nq[0], nq[1], nq[2], 1, tmp[0], tmp[1], tmp[2]); - } else { - memcpy(nq, tmp, 3 * sizeof(felem)); - skip = 0; - } - - /* second, look at the current position */ - bits = get_bit(g_scalar, i + 168) << 3; - bits |= get_bit(g_scalar, i + 112) << 2; - bits |= get_bit(g_scalar, i + 56) << 1; - bits |= get_bit(g_scalar, i); - /* select the point to add, in constant time */ - select_point(bits, 16, g_pre_comp[0], tmp); - point_add(nq[0], nq[1], nq[2], - nq[0], nq[1], nq[2], - 1 /* mixed */ , tmp[0], tmp[1], tmp[2]); - } - - /* do other additions every 5 doublings */ - if (num_points && (i % 5 == 0)) { - /* loop over all scalars */ - for (num = 0; num < num_points; ++num) { - bits = get_bit(scalars[num], i + 4) << 5; - bits |= get_bit(scalars[num], i + 3) << 4; - bits |= get_bit(scalars[num], i + 2) << 3; - bits |= get_bit(scalars[num], i + 1) << 2; - bits |= get_bit(scalars[num], i) << 1; - bits |= get_bit(scalars[num], i - 1); - ossl_ec_GFp_nistp_recode_scalar_bits(&sign, &digit, bits); - - /* select the point to add or subtract */ - select_point(digit, 17, pre_comp[num], tmp); - felem_neg(tmp[3], tmp[1]); /* (X, -Y, Z) is the negative - * point */ - copy_conditional(tmp[1], tmp[3], sign); - - if (!skip) { - point_add(nq[0], nq[1], nq[2], - nq[0], nq[1], nq[2], - mixed, tmp[0], tmp[1], tmp[2]); - } else { - memcpy(nq, tmp, 3 * sizeof(felem)); - skip = 0; - } - } - } - } - felem_assign(x_out, nq[0]); - felem_assign(y_out, nq[1]); - felem_assign(z_out, nq[2]); -} - -/******************************************************************************/ -/* - * FUNCTIONS TO MANAGE PRECOMPUTATION - */ - -static NISTP224_PRE_COMP *nistp224_pre_comp_new(void) -{ - NISTP224_PRE_COMP *ret = OPENSSL_zalloc(sizeof(*ret)); - - if (!ret) { - ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); - return ret; - } - - ret->references = 1; - - ret->lock = CRYPTO_THREAD_lock_new(); - if (ret->lock == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); - OPENSSL_free(ret); - return NULL; - } - return ret; -} - -NISTP224_PRE_COMP *EC_nistp224_pre_comp_dup(NISTP224_PRE_COMP *p) -{ - int i; - if (p != NULL) - CRYPTO_UP_REF(&p->references, &i, p->lock); - return p; -} - -void EC_nistp224_pre_comp_free(NISTP224_PRE_COMP *p) -{ - int i; - - if (p == NULL) - return; - - CRYPTO_DOWN_REF(&p->references, &i, p->lock); - REF_PRINT_COUNT("EC_nistp224", p); - if (i > 0) - return; - REF_ASSERT_ISNT(i < 0); - - CRYPTO_THREAD_lock_free(p->lock); - OPENSSL_free(p); -} - -/******************************************************************************/ -/* - * OPENSSL EC_METHOD FUNCTIONS - */ - -int ossl_ec_GFp_nistp224_group_init(EC_GROUP *group) -{ - int ret; - ret = ossl_ec_GFp_simple_group_init(group); - group->a_is_minus3 = 1; - return ret; -} - -int ossl_ec_GFp_nistp224_group_set_curve(EC_GROUP *group, const BIGNUM *p, - const BIGNUM *a, const BIGNUM *b, - BN_CTX *ctx) -{ - int ret = 0; - BIGNUM *curve_p, *curve_a, *curve_b; -#ifndef FIPS_MODULE - BN_CTX *new_ctx = NULL; - - if (ctx == NULL) - ctx = new_ctx = BN_CTX_new(); -#endif - if (ctx == NULL) - return 0; - - BN_CTX_start(ctx); - curve_p = BN_CTX_get(ctx); - curve_a = BN_CTX_get(ctx); - curve_b = BN_CTX_get(ctx); - if (curve_b == NULL) - goto err; - BN_bin2bn(nistp224_curve_params[0], sizeof(felem_bytearray), curve_p); - BN_bin2bn(nistp224_curve_params[1], sizeof(felem_bytearray), curve_a); - BN_bin2bn(nistp224_curve_params[2], sizeof(felem_bytearray), curve_b); - if ((BN_cmp(curve_p, p)) || (BN_cmp(curve_a, a)) || (BN_cmp(curve_b, b))) { - ERR_raise(ERR_LIB_EC, EC_R_WRONG_CURVE_PARAMETERS); - goto err; - } - group->field_mod_func = BN_nist_mod_224; - ret = ossl_ec_GFp_simple_group_set_curve(group, p, a, b, ctx); - err: - BN_CTX_end(ctx); -#ifndef FIPS_MODULE - BN_CTX_free(new_ctx); -#endif - return ret; -} - -/* - * Takes the Jacobian coordinates (X, Y, Z) of a point and returns (X', Y') = - * (X/Z^2, Y/Z^3) - */ -int ossl_ec_GFp_nistp224_point_get_affine_coordinates(const EC_GROUP *group, - const EC_POINT *point, - BIGNUM *x, BIGNUM *y, - BN_CTX *ctx) -{ - felem z1, z2, x_in, y_in, x_out, y_out; - widefelem tmp; - - if (EC_POINT_is_at_infinity(group, point)) { - ERR_raise(ERR_LIB_EC, EC_R_POINT_AT_INFINITY); - return 0; - } - if ((!BN_to_felem(x_in, point->X)) || (!BN_to_felem(y_in, point->Y)) || - (!BN_to_felem(z1, point->Z))) - return 0; - felem_inv(z2, z1); - felem_square(tmp, z2); - felem_reduce(z1, tmp); - felem_mul(tmp, x_in, z1); - felem_reduce(x_in, tmp); - felem_contract(x_out, x_in); - if (x != NULL) { - if (!felem_to_BN(x, x_out)) { - ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); - return 0; - } - } - felem_mul(tmp, z1, z2); - felem_reduce(z1, tmp); - felem_mul(tmp, y_in, z1); - felem_reduce(y_in, tmp); - felem_contract(y_out, y_in); - if (y != NULL) { - if (!felem_to_BN(y, y_out)) { - ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); - return 0; - } - } - return 1; -} - -static void make_points_affine(size_t num, felem points[ /* num */ ][3], - felem tmp_felems[ /* num+1 */ ]) -{ - /* - * Runs in constant time, unless an input is the point at infinity (which - * normally shouldn't happen). - */ - ossl_ec_GFp_nistp_points_make_affine_internal(num, - points, - sizeof(felem), - tmp_felems, - (void (*)(void *))felem_one, - felem_is_zero_int, - (void (*)(void *, const void *)) - felem_assign, - (void (*)(void *, const void *)) - felem_square_reduce, (void (*) - (void *, - const void - *, - const void - *)) - felem_mul_reduce, - (void (*)(void *, const void *)) - felem_inv, - (void (*)(void *, const void *)) - felem_contract); -} - -/* - * Computes scalar*generator + \sum scalars[i]*points[i], ignoring NULL - * values Result is stored in r (r can equal one of the inputs). - */ -int ossl_ec_GFp_nistp224_points_mul(const EC_GROUP *group, EC_POINT *r, - const BIGNUM *scalar, size_t num, - const EC_POINT *points[], - const BIGNUM *scalars[], BN_CTX *ctx) -{ - int ret = 0; - int j; - unsigned i; - int mixed = 0; - BIGNUM *x, *y, *z, *tmp_scalar; - felem_bytearray g_secret; - felem_bytearray *secrets = NULL; - felem (*pre_comp)[17][3] = NULL; - felem *tmp_felems = NULL; - int num_bytes; - int have_pre_comp = 0; - size_t num_points = num; - felem x_in, y_in, z_in, x_out, y_out, z_out; - NISTP224_PRE_COMP *pre = NULL; - const felem(*g_pre_comp)[16][3] = NULL; - EC_POINT *generator = NULL; - const EC_POINT *p = NULL; - const BIGNUM *p_scalar = NULL; - - BN_CTX_start(ctx); - x = BN_CTX_get(ctx); - y = BN_CTX_get(ctx); - z = BN_CTX_get(ctx); - tmp_scalar = BN_CTX_get(ctx); - if (tmp_scalar == NULL) - goto err; - - if (scalar != NULL) { - pre = group->pre_comp.nistp224; - if (pre) - /* we have precomputation, try to use it */ - g_pre_comp = (const felem(*)[16][3])pre->g_pre_comp; - else - /* try to use the standard precomputation */ - g_pre_comp = &gmul[0]; - generator = EC_POINT_new(group); - if (generator == NULL) - goto err; - /* get the generator from precomputation */ - if (!felem_to_BN(x, g_pre_comp[0][1][0]) || - !felem_to_BN(y, g_pre_comp[0][1][1]) || - !felem_to_BN(z, g_pre_comp[0][1][2])) { - ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); - goto err; - } - if (!ossl_ec_GFp_simple_set_Jprojective_coordinates_GFp(group, - generator, - x, y, z, ctx)) - goto err; - if (0 == EC_POINT_cmp(group, generator, group->generator, ctx)) - /* precomputation matches generator */ - have_pre_comp = 1; - else - /* - * we don't have valid precomputation: treat the generator as a - * random point - */ - num_points = num_points + 1; - } - - if (num_points > 0) { - if (num_points >= 3) { - /* - * unless we precompute multiples for just one or two points, - * converting those into affine form is time well spent - */ - mixed = 1; - } - secrets = OPENSSL_zalloc(sizeof(*secrets) * num_points); - pre_comp = OPENSSL_zalloc(sizeof(*pre_comp) * num_points); - if (mixed) - tmp_felems = - OPENSSL_malloc(sizeof(felem) * (num_points * 17 + 1)); - if ((secrets == NULL) || (pre_comp == NULL) - || (mixed && (tmp_felems == NULL))) { - ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); - goto err; - } - - /* - * we treat NULL scalars as 0, and NULL points as points at infinity, - * i.e., they contribute nothing to the linear combination - */ - for (i = 0; i < num_points; ++i) { - if (i == num) { - /* the generator */ - p = EC_GROUP_get0_generator(group); - p_scalar = scalar; - } else { - /* the i^th point */ - p = points[i]; - p_scalar = scalars[i]; - } - if ((p_scalar != NULL) && (p != NULL)) { - /* reduce scalar to 0 <= scalar < 2^224 */ - if ((BN_num_bits(p_scalar) > 224) - || (BN_is_negative(p_scalar))) { - /* - * this is an unusual input, and we don't guarantee - * constant-timeness - */ - if (!BN_nnmod(tmp_scalar, p_scalar, group->order, ctx)) { - ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); - goto err; - } - num_bytes = BN_bn2lebinpad(tmp_scalar, - secrets[i], sizeof(secrets[i])); - } else { - num_bytes = BN_bn2lebinpad(p_scalar, - secrets[i], sizeof(secrets[i])); - } - if (num_bytes < 0) { - ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); - goto err; - } - /* precompute multiples */ - if ((!BN_to_felem(x_out, p->X)) || - (!BN_to_felem(y_out, p->Y)) || - (!BN_to_felem(z_out, p->Z))) - goto err; - felem_assign(pre_comp[i][1][0], x_out); - felem_assign(pre_comp[i][1][1], y_out); - felem_assign(pre_comp[i][1][2], z_out); - for (j = 2; j <= 16; ++j) { - if (j & 1) { - point_add(pre_comp[i][j][0], pre_comp[i][j][1], - pre_comp[i][j][2], pre_comp[i][1][0], - pre_comp[i][1][1], pre_comp[i][1][2], 0, - pre_comp[i][j - 1][0], - pre_comp[i][j - 1][1], - pre_comp[i][j - 1][2]); - } else { - point_double(pre_comp[i][j][0], pre_comp[i][j][1], - pre_comp[i][j][2], pre_comp[i][j / 2][0], - pre_comp[i][j / 2][1], - pre_comp[i][j / 2][2]); - } - } - } - } - if (mixed) - make_points_affine(num_points * 17, pre_comp[0], tmp_felems); - } - - /* the scalar for the generator */ - if ((scalar != NULL) && (have_pre_comp)) { - memset(g_secret, 0, sizeof(g_secret)); - /* reduce scalar to 0 <= scalar < 2^224 */ - if ((BN_num_bits(scalar) > 224) || (BN_is_negative(scalar))) { - /* - * this is an unusual input, and we don't guarantee - * constant-timeness - */ - if (!BN_nnmod(tmp_scalar, scalar, group->order, ctx)) { - ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); - goto err; - } - num_bytes = BN_bn2lebinpad(tmp_scalar, g_secret, sizeof(g_secret)); - } else { - num_bytes = BN_bn2lebinpad(scalar, g_secret, sizeof(g_secret)); - } - /* do the multiplication with generator precomputation */ - batch_mul(x_out, y_out, z_out, - (const felem_bytearray(*))secrets, num_points, - g_secret, - mixed, (const felem(*)[17][3])pre_comp, g_pre_comp); - } else { - /* do the multiplication without generator precomputation */ - batch_mul(x_out, y_out, z_out, - (const felem_bytearray(*))secrets, num_points, - NULL, mixed, (const felem(*)[17][3])pre_comp, NULL); - } - /* reduce the output to its unique minimal representation */ - felem_contract(x_in, x_out); - felem_contract(y_in, y_out); - felem_contract(z_in, z_out); - if ((!felem_to_BN(x, x_in)) || (!felem_to_BN(y, y_in)) || - (!felem_to_BN(z, z_in))) { - ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); - goto err; - } - ret = ossl_ec_GFp_simple_set_Jprojective_coordinates_GFp(group, r, x, y, z, - ctx); - - err: - BN_CTX_end(ctx); - EC_POINT_free(generator); - OPENSSL_free(secrets); - OPENSSL_free(pre_comp); - OPENSSL_free(tmp_felems); - return ret; -} - -int ossl_ec_GFp_nistp224_precompute_mult(EC_GROUP *group, BN_CTX *ctx) -{ - int ret = 0; - NISTP224_PRE_COMP *pre = NULL; - int i, j; - BIGNUM *x, *y; - EC_POINT *generator = NULL; - felem tmp_felems[32]; -#ifndef FIPS_MODULE - BN_CTX *new_ctx = NULL; -#endif - - /* throw away old precomputation */ - EC_pre_comp_free(group); - -#ifndef FIPS_MODULE - if (ctx == NULL) - ctx = new_ctx = BN_CTX_new(); -#endif - if (ctx == NULL) - return 0; - - BN_CTX_start(ctx); - x = BN_CTX_get(ctx); - y = BN_CTX_get(ctx); - if (y == NULL) - goto err; - /* get the generator */ - if (group->generator == NULL) - goto err; - generator = EC_POINT_new(group); - if (generator == NULL) - goto err; - BN_bin2bn(nistp224_curve_params[3], sizeof(felem_bytearray), x); - BN_bin2bn(nistp224_curve_params[4], sizeof(felem_bytearray), y); - if (!EC_POINT_set_affine_coordinates(group, generator, x, y, ctx)) - goto err; - if ((pre = nistp224_pre_comp_new()) == NULL) - goto err; - /* - * if the generator is the standard one, use built-in precomputation - */ - if (0 == EC_POINT_cmp(group, generator, group->generator, ctx)) { - memcpy(pre->g_pre_comp, gmul, sizeof(pre->g_pre_comp)); - goto done; - } - if ((!BN_to_felem(pre->g_pre_comp[0][1][0], group->generator->X)) || - (!BN_to_felem(pre->g_pre_comp[0][1][1], group->generator->Y)) || - (!BN_to_felem(pre->g_pre_comp[0][1][2], group->generator->Z))) - goto err; - /* - * compute 2^56*G, 2^112*G, 2^168*G for the first table, 2^28*G, 2^84*G, - * 2^140*G, 2^196*G for the second one - */ - for (i = 1; i <= 8; i <<= 1) { - point_double(pre->g_pre_comp[1][i][0], pre->g_pre_comp[1][i][1], - pre->g_pre_comp[1][i][2], pre->g_pre_comp[0][i][0], - pre->g_pre_comp[0][i][1], pre->g_pre_comp[0][i][2]); - for (j = 0; j < 27; ++j) { - point_double(pre->g_pre_comp[1][i][0], pre->g_pre_comp[1][i][1], - pre->g_pre_comp[1][i][2], pre->g_pre_comp[1][i][0], - pre->g_pre_comp[1][i][1], pre->g_pre_comp[1][i][2]); - } - if (i == 8) - break; - point_double(pre->g_pre_comp[0][2 * i][0], - pre->g_pre_comp[0][2 * i][1], - pre->g_pre_comp[0][2 * i][2], pre->g_pre_comp[1][i][0], - pre->g_pre_comp[1][i][1], pre->g_pre_comp[1][i][2]); - for (j = 0; j < 27; ++j) { - point_double(pre->g_pre_comp[0][2 * i][0], - pre->g_pre_comp[0][2 * i][1], - pre->g_pre_comp[0][2 * i][2], - pre->g_pre_comp[0][2 * i][0], - pre->g_pre_comp[0][2 * i][1], - pre->g_pre_comp[0][2 * i][2]); - } - } - for (i = 0; i < 2; i++) { - /* g_pre_comp[i][0] is the point at infinity */ - memset(pre->g_pre_comp[i][0], 0, sizeof(pre->g_pre_comp[i][0])); - /* the remaining multiples */ - /* 2^56*G + 2^112*G resp. 2^84*G + 2^140*G */ - point_add(pre->g_pre_comp[i][6][0], pre->g_pre_comp[i][6][1], - pre->g_pre_comp[i][6][2], pre->g_pre_comp[i][4][0], - pre->g_pre_comp[i][4][1], pre->g_pre_comp[i][4][2], - 0, pre->g_pre_comp[i][2][0], pre->g_pre_comp[i][2][1], - pre->g_pre_comp[i][2][2]); - /* 2^56*G + 2^168*G resp. 2^84*G + 2^196*G */ - point_add(pre->g_pre_comp[i][10][0], pre->g_pre_comp[i][10][1], - pre->g_pre_comp[i][10][2], pre->g_pre_comp[i][8][0], - pre->g_pre_comp[i][8][1], pre->g_pre_comp[i][8][2], - 0, pre->g_pre_comp[i][2][0], pre->g_pre_comp[i][2][1], - pre->g_pre_comp[i][2][2]); - /* 2^112*G + 2^168*G resp. 2^140*G + 2^196*G */ - point_add(pre->g_pre_comp[i][12][0], pre->g_pre_comp[i][12][1], - pre->g_pre_comp[i][12][2], pre->g_pre_comp[i][8][0], - pre->g_pre_comp[i][8][1], pre->g_pre_comp[i][8][2], - 0, pre->g_pre_comp[i][4][0], pre->g_pre_comp[i][4][1], - pre->g_pre_comp[i][4][2]); - /* - * 2^56*G + 2^112*G + 2^168*G resp. 2^84*G + 2^140*G + 2^196*G - */ - point_add(pre->g_pre_comp[i][14][0], pre->g_pre_comp[i][14][1], - pre->g_pre_comp[i][14][2], pre->g_pre_comp[i][12][0], - pre->g_pre_comp[i][12][1], pre->g_pre_comp[i][12][2], - 0, pre->g_pre_comp[i][2][0], pre->g_pre_comp[i][2][1], - pre->g_pre_comp[i][2][2]); - for (j = 1; j < 8; ++j) { - /* odd multiples: add G resp. 2^28*G */ - point_add(pre->g_pre_comp[i][2 * j + 1][0], - pre->g_pre_comp[i][2 * j + 1][1], - pre->g_pre_comp[i][2 * j + 1][2], - pre->g_pre_comp[i][2 * j][0], - pre->g_pre_comp[i][2 * j][1], - pre->g_pre_comp[i][2 * j][2], 0, - pre->g_pre_comp[i][1][0], pre->g_pre_comp[i][1][1], - pre->g_pre_comp[i][1][2]); - } - } - make_points_affine(31, &(pre->g_pre_comp[0][1]), tmp_felems); - - done: - SETPRECOMP(group, nistp224, pre); - pre = NULL; - ret = 1; - err: - BN_CTX_end(ctx); - EC_POINT_free(generator); -#ifndef FIPS_MODULE - BN_CTX_free(new_ctx); -#endif - EC_nistp224_pre_comp_free(pre); - return ret; -} - -int ossl_ec_GFp_nistp224_have_precompute_mult(const EC_GROUP *group) -{ - return HAVEPRECOMP(group, nistp224); -} diff --git a/crypto/ec/ecp_nistp256.c b/crypto/ec/ecp_nistp256.c deleted file mode 100644 index 4a55f925c465911f03a07e86f8d763f3a70a3071..0000000000000000000000000000000000000000 --- a/crypto/ec/ecp_nistp256.c +++ /dev/null @@ -1,2378 +0,0 @@ -/* - * Copyright 2011-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* Copyright 2011 Google Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -/* - * ECDSA low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -/* - * A 64-bit implementation of the NIST P-256 elliptic curve point multiplication - * - * OpenSSL integration was taken from Emilia Kasper's work in ecp_nistp224.c. - * Otherwise based on Emilia's P224 work, which was inspired by my curve25519 - * work which got its smarts from Daniel J. Bernstein's work on the same. - */ - -#include - -#include -#include -#include -#include "ec_local.h" - -#include "internal/numbers.h" - -#ifndef INT128_MAX -# error "Your compiler doesn't appear to support 128-bit integer types" -#endif - -typedef uint8_t u8; -typedef uint32_t u32; -typedef uint64_t u64; - -/* - * The underlying field. P256 operates over GF(2^256-2^224+2^192+2^96-1). We - * can serialize an element of this field into 32 bytes. We call this an - * felem_bytearray. - */ - -typedef u8 felem_bytearray[32]; - -/* - * These are the parameters of P256, taken from FIPS 186-3, page 86. These - * values are big-endian. - */ -static const felem_bytearray nistp256_curve_params[5] = { - {0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x01, /* p */ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}, - {0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x01, /* a = -3 */ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfc}, - {0x5a, 0xc6, 0x35, 0xd8, 0xaa, 0x3a, 0x93, 0xe7, /* b */ - 0xb3, 0xeb, 0xbd, 0x55, 0x76, 0x98, 0x86, 0xbc, - 0x65, 0x1d, 0x06, 0xb0, 0xcc, 0x53, 0xb0, 0xf6, - 0x3b, 0xce, 0x3c, 0x3e, 0x27, 0xd2, 0x60, 0x4b}, - {0x6b, 0x17, 0xd1, 0xf2, 0xe1, 0x2c, 0x42, 0x47, /* x */ - 0xf8, 0xbc, 0xe6, 0xe5, 0x63, 0xa4, 0x40, 0xf2, - 0x77, 0x03, 0x7d, 0x81, 0x2d, 0xeb, 0x33, 0xa0, - 0xf4, 0xa1, 0x39, 0x45, 0xd8, 0x98, 0xc2, 0x96}, - {0x4f, 0xe3, 0x42, 0xe2, 0xfe, 0x1a, 0x7f, 0x9b, /* y */ - 0x8e, 0xe7, 0xeb, 0x4a, 0x7c, 0x0f, 0x9e, 0x16, - 0x2b, 0xce, 0x33, 0x57, 0x6b, 0x31, 0x5e, 0xce, - 0xcb, 0xb6, 0x40, 0x68, 0x37, 0xbf, 0x51, 0xf5} -}; - -/*- - * The representation of field elements. - * ------------------------------------ - * - * We represent field elements with either four 128-bit values, eight 128-bit - * values, or four 64-bit values. The field element represented is: - * v[0]*2^0 + v[1]*2^64 + v[2]*2^128 + v[3]*2^192 (mod p) - * or: - * v[0]*2^0 + v[1]*2^64 + v[2]*2^128 + ... + v[8]*2^512 (mod p) - * - * 128-bit values are called 'limbs'. Since the limbs are spaced only 64 bits - * apart, but are 128-bits wide, the most significant bits of each limb overlap - * with the least significant bits of the next. - * - * A field element with four limbs is an 'felem'. One with eight limbs is a - * 'longfelem' - * - * A field element with four, 64-bit values is called a 'smallfelem'. Small - * values are used as intermediate values before multiplication. - */ - -#define NLIMBS 4 - -typedef uint128_t limb; -typedef limb felem[NLIMBS]; -typedef limb longfelem[NLIMBS * 2]; -typedef u64 smallfelem[NLIMBS]; - -/* This is the value of the prime as four 64-bit words, little-endian. */ -static const u64 kPrime[4] = - { 0xfffffffffffffffful, 0xffffffff, 0, 0xffffffff00000001ul }; -static const u64 bottom63bits = 0x7ffffffffffffffful; - -/* - * bin32_to_felem takes a little-endian byte array and converts it into felem - * form. This assumes that the CPU is little-endian. - */ -static void bin32_to_felem(felem out, const u8 in[32]) -{ - out[0] = *((u64 *)&in[0]); - out[1] = *((u64 *)&in[8]); - out[2] = *((u64 *)&in[16]); - out[3] = *((u64 *)&in[24]); -} - -/* - * smallfelem_to_bin32 takes a smallfelem and serializes into a little - * endian, 32 byte array. This assumes that the CPU is little-endian. - */ -static void smallfelem_to_bin32(u8 out[32], const smallfelem in) -{ - *((u64 *)&out[0]) = in[0]; - *((u64 *)&out[8]) = in[1]; - *((u64 *)&out[16]) = in[2]; - *((u64 *)&out[24]) = in[3]; -} - -/* BN_to_felem converts an OpenSSL BIGNUM into an felem */ -static int BN_to_felem(felem out, const BIGNUM *bn) -{ - felem_bytearray b_out; - int num_bytes; - - if (BN_is_negative(bn)) { - ERR_raise(ERR_LIB_EC, EC_R_BIGNUM_OUT_OF_RANGE); - return 0; - } - num_bytes = BN_bn2lebinpad(bn, b_out, sizeof(b_out)); - if (num_bytes < 0) { - ERR_raise(ERR_LIB_EC, EC_R_BIGNUM_OUT_OF_RANGE); - return 0; - } - bin32_to_felem(out, b_out); - return 1; -} - -/* felem_to_BN converts an felem into an OpenSSL BIGNUM */ -static BIGNUM *smallfelem_to_BN(BIGNUM *out, const smallfelem in) -{ - felem_bytearray b_out; - smallfelem_to_bin32(b_out, in); - return BN_lebin2bn(b_out, sizeof(b_out), out); -} - -/*- - * Field operations - * ---------------- - */ - -static void smallfelem_one(smallfelem out) -{ - out[0] = 1; - out[1] = 0; - out[2] = 0; - out[3] = 0; -} - -static void smallfelem_assign(smallfelem out, const smallfelem in) -{ - out[0] = in[0]; - out[1] = in[1]; - out[2] = in[2]; - out[3] = in[3]; -} - -static void felem_assign(felem out, const felem in) -{ - out[0] = in[0]; - out[1] = in[1]; - out[2] = in[2]; - out[3] = in[3]; -} - -/* felem_sum sets out = out + in. */ -static void felem_sum(felem out, const felem in) -{ - out[0] += in[0]; - out[1] += in[1]; - out[2] += in[2]; - out[3] += in[3]; -} - -/* felem_small_sum sets out = out + in. */ -static void felem_small_sum(felem out, const smallfelem in) -{ - out[0] += in[0]; - out[1] += in[1]; - out[2] += in[2]; - out[3] += in[3]; -} - -/* felem_scalar sets out = out * scalar */ -static void felem_scalar(felem out, const u64 scalar) -{ - out[0] *= scalar; - out[1] *= scalar; - out[2] *= scalar; - out[3] *= scalar; -} - -/* longfelem_scalar sets out = out * scalar */ -static void longfelem_scalar(longfelem out, const u64 scalar) -{ - out[0] *= scalar; - out[1] *= scalar; - out[2] *= scalar; - out[3] *= scalar; - out[4] *= scalar; - out[5] *= scalar; - out[6] *= scalar; - out[7] *= scalar; -} - -#define two105m41m9 (((limb)1) << 105) - (((limb)1) << 41) - (((limb)1) << 9) -#define two105 (((limb)1) << 105) -#define two105m41p9 (((limb)1) << 105) - (((limb)1) << 41) + (((limb)1) << 9) - -/* zero105 is 0 mod p */ -static const felem zero105 = - { two105m41m9, two105, two105m41p9, two105m41p9 }; - -/*- - * smallfelem_neg sets |out| to |-small| - * On exit: - * out[i] < out[i] + 2^105 - */ -static void smallfelem_neg(felem out, const smallfelem small) -{ - /* In order to prevent underflow, we subtract from 0 mod p. */ - out[0] = zero105[0] - small[0]; - out[1] = zero105[1] - small[1]; - out[2] = zero105[2] - small[2]; - out[3] = zero105[3] - small[3]; -} - -/*- - * felem_diff subtracts |in| from |out| - * On entry: - * in[i] < 2^104 - * On exit: - * out[i] < out[i] + 2^105 - */ -static void felem_diff(felem out, const felem in) -{ - /* - * In order to prevent underflow, we add 0 mod p before subtracting. - */ - out[0] += zero105[0]; - out[1] += zero105[1]; - out[2] += zero105[2]; - out[3] += zero105[3]; - - out[0] -= in[0]; - out[1] -= in[1]; - out[2] -= in[2]; - out[3] -= in[3]; -} - -#define two107m43m11 (((limb)1) << 107) - (((limb)1) << 43) - (((limb)1) << 11) -#define two107 (((limb)1) << 107) -#define two107m43p11 (((limb)1) << 107) - (((limb)1) << 43) + (((limb)1) << 11) - -/* zero107 is 0 mod p */ -static const felem zero107 = - { two107m43m11, two107, two107m43p11, two107m43p11 }; - -/*- - * An alternative felem_diff for larger inputs |in| - * felem_diff_zero107 subtracts |in| from |out| - * On entry: - * in[i] < 2^106 - * On exit: - * out[i] < out[i] + 2^107 - */ -static void felem_diff_zero107(felem out, const felem in) -{ - /* - * In order to prevent underflow, we add 0 mod p before subtracting. - */ - out[0] += zero107[0]; - out[1] += zero107[1]; - out[2] += zero107[2]; - out[3] += zero107[3]; - - out[0] -= in[0]; - out[1] -= in[1]; - out[2] -= in[2]; - out[3] -= in[3]; -} - -/*- - * longfelem_diff subtracts |in| from |out| - * On entry: - * in[i] < 7*2^67 - * On exit: - * out[i] < out[i] + 2^70 + 2^40 - */ -static void longfelem_diff(longfelem out, const longfelem in) -{ - static const limb two70m8p6 = - (((limb) 1) << 70) - (((limb) 1) << 8) + (((limb) 1) << 6); - static const limb two70p40 = (((limb) 1) << 70) + (((limb) 1) << 40); - static const limb two70 = (((limb) 1) << 70); - static const limb two70m40m38p6 = - (((limb) 1) << 70) - (((limb) 1) << 40) - (((limb) 1) << 38) + - (((limb) 1) << 6); - static const limb two70m6 = (((limb) 1) << 70) - (((limb) 1) << 6); - - /* add 0 mod p to avoid underflow */ - out[0] += two70m8p6; - out[1] += two70p40; - out[2] += two70; - out[3] += two70m40m38p6; - out[4] += two70m6; - out[5] += two70m6; - out[6] += two70m6; - out[7] += two70m6; - - /* in[i] < 7*2^67 < 2^70 - 2^40 - 2^38 + 2^6 */ - out[0] -= in[0]; - out[1] -= in[1]; - out[2] -= in[2]; - out[3] -= in[3]; - out[4] -= in[4]; - out[5] -= in[5]; - out[6] -= in[6]; - out[7] -= in[7]; -} - -#define two64m0 (((limb)1) << 64) - 1 -#define two110p32m0 (((limb)1) << 110) + (((limb)1) << 32) - 1 -#define two64m46 (((limb)1) << 64) - (((limb)1) << 46) -#define two64m32 (((limb)1) << 64) - (((limb)1) << 32) - -/* zero110 is 0 mod p */ -static const felem zero110 = { two64m0, two110p32m0, two64m46, two64m32 }; - -/*- - * felem_shrink converts an felem into a smallfelem. The result isn't quite - * minimal as the value may be greater than p. - * - * On entry: - * in[i] < 2^109 - * On exit: - * out[i] < 2^64 - */ -static void felem_shrink(smallfelem out, const felem in) -{ - felem tmp; - u64 a, b, mask; - u64 high, low; - static const u64 kPrime3Test = 0x7fffffff00000001ul; /* 2^63 - 2^32 + 1 */ - - /* Carry 2->3 */ - tmp[3] = zero110[3] + in[3] + ((u64)(in[2] >> 64)); - /* tmp[3] < 2^110 */ - - tmp[2] = zero110[2] + (u64)in[2]; - tmp[0] = zero110[0] + in[0]; - tmp[1] = zero110[1] + in[1]; - /* tmp[0] < 2**110, tmp[1] < 2^111, tmp[2] < 2**65 */ - - /* - * We perform two partial reductions where we eliminate the high-word of - * tmp[3]. We don't update the other words till the end. - */ - a = tmp[3] >> 64; /* a < 2^46 */ - tmp[3] = (u64)tmp[3]; - tmp[3] -= a; - tmp[3] += ((limb) a) << 32; - /* tmp[3] < 2^79 */ - - b = a; - a = tmp[3] >> 64; /* a < 2^15 */ - b += a; /* b < 2^46 + 2^15 < 2^47 */ - tmp[3] = (u64)tmp[3]; - tmp[3] -= a; - tmp[3] += ((limb) a) << 32; - /* tmp[3] < 2^64 + 2^47 */ - - /* - * This adjusts the other two words to complete the two partial - * reductions. - */ - tmp[0] += b; - tmp[1] -= (((limb) b) << 32); - - /* - * In order to make space in tmp[3] for the carry from 2 -> 3, we - * conditionally subtract kPrime if tmp[3] is large enough. - */ - high = (u64)(tmp[3] >> 64); - /* As tmp[3] < 2^65, high is either 1 or 0 */ - high = 0 - high; - /*- - * high is: - * all ones if the high word of tmp[3] is 1 - * all zeros if the high word of tmp[3] if 0 - */ - low = (u64)tmp[3]; - mask = 0 - (low >> 63); - /*- - * mask is: - * all ones if the MSB of low is 1 - * all zeros if the MSB of low if 0 - */ - low &= bottom63bits; - low -= kPrime3Test; - /* if low was greater than kPrime3Test then the MSB is zero */ - low = ~low; - low = 0 - (low >> 63); - /*- - * low is: - * all ones if low was > kPrime3Test - * all zeros if low was <= kPrime3Test - */ - mask = (mask & low) | high; - tmp[0] -= mask & kPrime[0]; - tmp[1] -= mask & kPrime[1]; - /* kPrime[2] is zero, so omitted */ - tmp[3] -= mask & kPrime[3]; - /* tmp[3] < 2**64 - 2**32 + 1 */ - - tmp[1] += ((u64)(tmp[0] >> 64)); - tmp[0] = (u64)tmp[0]; - tmp[2] += ((u64)(tmp[1] >> 64)); - tmp[1] = (u64)tmp[1]; - tmp[3] += ((u64)(tmp[2] >> 64)); - tmp[2] = (u64)tmp[2]; - /* tmp[i] < 2^64 */ - - out[0] = tmp[0]; - out[1] = tmp[1]; - out[2] = tmp[2]; - out[3] = tmp[3]; -} - -/* smallfelem_expand converts a smallfelem to an felem */ -static void smallfelem_expand(felem out, const smallfelem in) -{ - out[0] = in[0]; - out[1] = in[1]; - out[2] = in[2]; - out[3] = in[3]; -} - -/*- - * smallfelem_square sets |out| = |small|^2 - * On entry: - * small[i] < 2^64 - * On exit: - * out[i] < 7 * 2^64 < 2^67 - */ -static void smallfelem_square(longfelem out, const smallfelem small) -{ - limb a; - u64 high, low; - - a = ((uint128_t) small[0]) * small[0]; - low = a; - high = a >> 64; - out[0] = low; - out[1] = high; - - a = ((uint128_t) small[0]) * small[1]; - low = a; - high = a >> 64; - out[1] += low; - out[1] += low; - out[2] = high; - - a = ((uint128_t) small[0]) * small[2]; - low = a; - high = a >> 64; - out[2] += low; - out[2] *= 2; - out[3] = high; - - a = ((uint128_t) small[0]) * small[3]; - low = a; - high = a >> 64; - out[3] += low; - out[4] = high; - - a = ((uint128_t) small[1]) * small[2]; - low = a; - high = a >> 64; - out[3] += low; - out[3] *= 2; - out[4] += high; - - a = ((uint128_t) small[1]) * small[1]; - low = a; - high = a >> 64; - out[2] += low; - out[3] += high; - - a = ((uint128_t) small[1]) * small[3]; - low = a; - high = a >> 64; - out[4] += low; - out[4] *= 2; - out[5] = high; - - a = ((uint128_t) small[2]) * small[3]; - low = a; - high = a >> 64; - out[5] += low; - out[5] *= 2; - out[6] = high; - out[6] += high; - - a = ((uint128_t) small[2]) * small[2]; - low = a; - high = a >> 64; - out[4] += low; - out[5] += high; - - a = ((uint128_t) small[3]) * small[3]; - low = a; - high = a >> 64; - out[6] += low; - out[7] = high; -} - -/*- - * felem_square sets |out| = |in|^2 - * On entry: - * in[i] < 2^109 - * On exit: - * out[i] < 7 * 2^64 < 2^67 - */ -static void felem_square(longfelem out, const felem in) -{ - u64 small[4]; - felem_shrink(small, in); - smallfelem_square(out, small); -} - -/*- - * smallfelem_mul sets |out| = |small1| * |small2| - * On entry: - * small1[i] < 2^64 - * small2[i] < 2^64 - * On exit: - * out[i] < 7 * 2^64 < 2^67 - */ -static void smallfelem_mul(longfelem out, const smallfelem small1, - const smallfelem small2) -{ - limb a; - u64 high, low; - - a = ((uint128_t) small1[0]) * small2[0]; - low = a; - high = a >> 64; - out[0] = low; - out[1] = high; - - a = ((uint128_t) small1[0]) * small2[1]; - low = a; - high = a >> 64; - out[1] += low; - out[2] = high; - - a = ((uint128_t) small1[1]) * small2[0]; - low = a; - high = a >> 64; - out[1] += low; - out[2] += high; - - a = ((uint128_t) small1[0]) * small2[2]; - low = a; - high = a >> 64; - out[2] += low; - out[3] = high; - - a = ((uint128_t) small1[1]) * small2[1]; - low = a; - high = a >> 64; - out[2] += low; - out[3] += high; - - a = ((uint128_t) small1[2]) * small2[0]; - low = a; - high = a >> 64; - out[2] += low; - out[3] += high; - - a = ((uint128_t) small1[0]) * small2[3]; - low = a; - high = a >> 64; - out[3] += low; - out[4] = high; - - a = ((uint128_t) small1[1]) * small2[2]; - low = a; - high = a >> 64; - out[3] += low; - out[4] += high; - - a = ((uint128_t) small1[2]) * small2[1]; - low = a; - high = a >> 64; - out[3] += low; - out[4] += high; - - a = ((uint128_t) small1[3]) * small2[0]; - low = a; - high = a >> 64; - out[3] += low; - out[4] += high; - - a = ((uint128_t) small1[1]) * small2[3]; - low = a; - high = a >> 64; - out[4] += low; - out[5] = high; - - a = ((uint128_t) small1[2]) * small2[2]; - low = a; - high = a >> 64; - out[4] += low; - out[5] += high; - - a = ((uint128_t) small1[3]) * small2[1]; - low = a; - high = a >> 64; - out[4] += low; - out[5] += high; - - a = ((uint128_t) small1[2]) * small2[3]; - low = a; - high = a >> 64; - out[5] += low; - out[6] = high; - - a = ((uint128_t) small1[3]) * small2[2]; - low = a; - high = a >> 64; - out[5] += low; - out[6] += high; - - a = ((uint128_t) small1[3]) * small2[3]; - low = a; - high = a >> 64; - out[6] += low; - out[7] = high; -} - -/*- - * felem_mul sets |out| = |in1| * |in2| - * On entry: - * in1[i] < 2^109 - * in2[i] < 2^109 - * On exit: - * out[i] < 7 * 2^64 < 2^67 - */ -static void felem_mul(longfelem out, const felem in1, const felem in2) -{ - smallfelem small1, small2; - felem_shrink(small1, in1); - felem_shrink(small2, in2); - smallfelem_mul(out, small1, small2); -} - -/*- - * felem_small_mul sets |out| = |small1| * |in2| - * On entry: - * small1[i] < 2^64 - * in2[i] < 2^109 - * On exit: - * out[i] < 7 * 2^64 < 2^67 - */ -static void felem_small_mul(longfelem out, const smallfelem small1, - const felem in2) -{ - smallfelem small2; - felem_shrink(small2, in2); - smallfelem_mul(out, small1, small2); -} - -#define two100m36m4 (((limb)1) << 100) - (((limb)1) << 36) - (((limb)1) << 4) -#define two100 (((limb)1) << 100) -#define two100m36p4 (((limb)1) << 100) - (((limb)1) << 36) + (((limb)1) << 4) -/* zero100 is 0 mod p */ -static const felem zero100 = - { two100m36m4, two100, two100m36p4, two100m36p4 }; - -/*- - * Internal function for the different flavours of felem_reduce. - * felem_reduce_ reduces the higher coefficients in[4]-in[7]. - * On entry: - * out[0] >= in[6] + 2^32*in[6] + in[7] + 2^32*in[7] - * out[1] >= in[7] + 2^32*in[4] - * out[2] >= in[5] + 2^32*in[5] - * out[3] >= in[4] + 2^32*in[5] + 2^32*in[6] - * On exit: - * out[0] <= out[0] + in[4] + 2^32*in[5] - * out[1] <= out[1] + in[5] + 2^33*in[6] - * out[2] <= out[2] + in[7] + 2*in[6] + 2^33*in[7] - * out[3] <= out[3] + 2^32*in[4] + 3*in[7] - */ -static void felem_reduce_(felem out, const longfelem in) -{ - int128_t c; - /* combine common terms from below */ - c = in[4] + (in[5] << 32); - out[0] += c; - out[3] -= c; - - c = in[5] - in[7]; - out[1] += c; - out[2] -= c; - - /* the remaining terms */ - /* 256: [(0,1),(96,-1),(192,-1),(224,1)] */ - out[1] -= (in[4] << 32); - out[3] += (in[4] << 32); - - /* 320: [(32,1),(64,1),(128,-1),(160,-1),(224,-1)] */ - out[2] -= (in[5] << 32); - - /* 384: [(0,-1),(32,-1),(96,2),(128,2),(224,-1)] */ - out[0] -= in[6]; - out[0] -= (in[6] << 32); - out[1] += (in[6] << 33); - out[2] += (in[6] * 2); - out[3] -= (in[6] << 32); - - /* 448: [(0,-1),(32,-1),(64,-1),(128,1),(160,2),(192,3)] */ - out[0] -= in[7]; - out[0] -= (in[7] << 32); - out[2] += (in[7] << 33); - out[3] += (in[7] * 3); -} - -/*- - * felem_reduce converts a longfelem into an felem. - * To be called directly after felem_square or felem_mul. - * On entry: - * in[0] < 2^64, in[1] < 3*2^64, in[2] < 5*2^64, in[3] < 7*2^64 - * in[4] < 7*2^64, in[5] < 5*2^64, in[6] < 3*2^64, in[7] < 2*64 - * On exit: - * out[i] < 2^101 - */ -static void felem_reduce(felem out, const longfelem in) -{ - out[0] = zero100[0] + in[0]; - out[1] = zero100[1] + in[1]; - out[2] = zero100[2] + in[2]; - out[3] = zero100[3] + in[3]; - - felem_reduce_(out, in); - - /*- - * out[0] > 2^100 - 2^36 - 2^4 - 3*2^64 - 3*2^96 - 2^64 - 2^96 > 0 - * out[1] > 2^100 - 2^64 - 7*2^96 > 0 - * out[2] > 2^100 - 2^36 + 2^4 - 5*2^64 - 5*2^96 > 0 - * out[3] > 2^100 - 2^36 + 2^4 - 7*2^64 - 5*2^96 - 3*2^96 > 0 - * - * out[0] < 2^100 + 2^64 + 7*2^64 + 5*2^96 < 2^101 - * out[1] < 2^100 + 3*2^64 + 5*2^64 + 3*2^97 < 2^101 - * out[2] < 2^100 + 5*2^64 + 2^64 + 3*2^65 + 2^97 < 2^101 - * out[3] < 2^100 + 7*2^64 + 7*2^96 + 3*2^64 < 2^101 - */ -} - -/*- - * felem_reduce_zero105 converts a larger longfelem into an felem. - * On entry: - * in[0] < 2^71 - * On exit: - * out[i] < 2^106 - */ -static void felem_reduce_zero105(felem out, const longfelem in) -{ - out[0] = zero105[0] + in[0]; - out[1] = zero105[1] + in[1]; - out[2] = zero105[2] + in[2]; - out[3] = zero105[3] + in[3]; - - felem_reduce_(out, in); - - /*- - * out[0] > 2^105 - 2^41 - 2^9 - 2^71 - 2^103 - 2^71 - 2^103 > 0 - * out[1] > 2^105 - 2^71 - 2^103 > 0 - * out[2] > 2^105 - 2^41 + 2^9 - 2^71 - 2^103 > 0 - * out[3] > 2^105 - 2^41 + 2^9 - 2^71 - 2^103 - 2^103 > 0 - * - * out[0] < 2^105 + 2^71 + 2^71 + 2^103 < 2^106 - * out[1] < 2^105 + 2^71 + 2^71 + 2^103 < 2^106 - * out[2] < 2^105 + 2^71 + 2^71 + 2^71 + 2^103 < 2^106 - * out[3] < 2^105 + 2^71 + 2^103 + 2^71 < 2^106 - */ -} - -/* - * subtract_u64 sets *result = *result - v and *carry to one if the - * subtraction underflowed. - */ -static void subtract_u64(u64 *result, u64 *carry, u64 v) -{ - uint128_t r = *result; - r -= v; - *carry = (r >> 64) & 1; - *result = (u64)r; -} - -/* - * felem_contract converts |in| to its unique, minimal representation. On - * entry: in[i] < 2^109 - */ -static void felem_contract(smallfelem out, const felem in) -{ - unsigned i; - u64 all_equal_so_far = 0, result = 0, carry; - - felem_shrink(out, in); - /* small is minimal except that the value might be > p */ - - all_equal_so_far--; - /* - * We are doing a constant time test if out >= kPrime. We need to compare - * each u64, from most-significant to least significant. For each one, if - * all words so far have been equal (m is all ones) then a non-equal - * result is the answer. Otherwise we continue. - */ - for (i = 3; i < 4; i--) { - u64 equal; - uint128_t a = ((uint128_t) kPrime[i]) - out[i]; - /* - * if out[i] > kPrime[i] then a will underflow and the high 64-bits - * will all be set. - */ - result |= all_equal_so_far & ((u64)(a >> 64)); - - /* - * if kPrime[i] == out[i] then |equal| will be all zeros and the - * decrement will make it all ones. - */ - equal = kPrime[i] ^ out[i]; - equal--; - equal &= equal << 32; - equal &= equal << 16; - equal &= equal << 8; - equal &= equal << 4; - equal &= equal << 2; - equal &= equal << 1; - equal = 0 - (equal >> 63); - - all_equal_so_far &= equal; - } - - /* - * if all_equal_so_far is still all ones then the two values are equal - * and so out >= kPrime is true. - */ - result |= all_equal_so_far; - - /* if out >= kPrime then we subtract kPrime. */ - subtract_u64(&out[0], &carry, result & kPrime[0]); - subtract_u64(&out[1], &carry, carry); - subtract_u64(&out[2], &carry, carry); - subtract_u64(&out[3], &carry, carry); - - subtract_u64(&out[1], &carry, result & kPrime[1]); - subtract_u64(&out[2], &carry, carry); - subtract_u64(&out[3], &carry, carry); - - subtract_u64(&out[2], &carry, result & kPrime[2]); - subtract_u64(&out[3], &carry, carry); - - subtract_u64(&out[3], &carry, result & kPrime[3]); -} - -static void smallfelem_square_contract(smallfelem out, const smallfelem in) -{ - longfelem longtmp; - felem tmp; - - smallfelem_square(longtmp, in); - felem_reduce(tmp, longtmp); - felem_contract(out, tmp); -} - -static void smallfelem_mul_contract(smallfelem out, const smallfelem in1, - const smallfelem in2) -{ - longfelem longtmp; - felem tmp; - - smallfelem_mul(longtmp, in1, in2); - felem_reduce(tmp, longtmp); - felem_contract(out, tmp); -} - -/*- - * felem_is_zero returns a limb with all bits set if |in| == 0 (mod p) and 0 - * otherwise. - * On entry: - * small[i] < 2^64 - */ -static limb smallfelem_is_zero(const smallfelem small) -{ - limb result; - u64 is_p; - - u64 is_zero = small[0] | small[1] | small[2] | small[3]; - is_zero--; - is_zero &= is_zero << 32; - is_zero &= is_zero << 16; - is_zero &= is_zero << 8; - is_zero &= is_zero << 4; - is_zero &= is_zero << 2; - is_zero &= is_zero << 1; - is_zero = 0 - (is_zero >> 63); - - is_p = (small[0] ^ kPrime[0]) | - (small[1] ^ kPrime[1]) | - (small[2] ^ kPrime[2]) | (small[3] ^ kPrime[3]); - is_p--; - is_p &= is_p << 32; - is_p &= is_p << 16; - is_p &= is_p << 8; - is_p &= is_p << 4; - is_p &= is_p << 2; - is_p &= is_p << 1; - is_p = 0 - (is_p >> 63); - - is_zero |= is_p; - - result = is_zero; - result |= ((limb) is_zero) << 64; - return result; -} - -static int smallfelem_is_zero_int(const void *small) -{ - return (int)(smallfelem_is_zero(small) & ((limb) 1)); -} - -/*- - * felem_inv calculates |out| = |in|^{-1} - * - * Based on Fermat's Little Theorem: - * a^p = a (mod p) - * a^{p-1} = 1 (mod p) - * a^{p-2} = a^{-1} (mod p) - */ -static void felem_inv(felem out, const felem in) -{ - felem ftmp, ftmp2; - /* each e_I will hold |in|^{2^I - 1} */ - felem e2, e4, e8, e16, e32, e64; - longfelem tmp; - unsigned i; - - felem_square(tmp, in); - felem_reduce(ftmp, tmp); /* 2^1 */ - felem_mul(tmp, in, ftmp); - felem_reduce(ftmp, tmp); /* 2^2 - 2^0 */ - felem_assign(e2, ftmp); - felem_square(tmp, ftmp); - felem_reduce(ftmp, tmp); /* 2^3 - 2^1 */ - felem_square(tmp, ftmp); - felem_reduce(ftmp, tmp); /* 2^4 - 2^2 */ - felem_mul(tmp, ftmp, e2); - felem_reduce(ftmp, tmp); /* 2^4 - 2^0 */ - felem_assign(e4, ftmp); - felem_square(tmp, ftmp); - felem_reduce(ftmp, tmp); /* 2^5 - 2^1 */ - felem_square(tmp, ftmp); - felem_reduce(ftmp, tmp); /* 2^6 - 2^2 */ - felem_square(tmp, ftmp); - felem_reduce(ftmp, tmp); /* 2^7 - 2^3 */ - felem_square(tmp, ftmp); - felem_reduce(ftmp, tmp); /* 2^8 - 2^4 */ - felem_mul(tmp, ftmp, e4); - felem_reduce(ftmp, tmp); /* 2^8 - 2^0 */ - felem_assign(e8, ftmp); - for (i = 0; i < 8; i++) { - felem_square(tmp, ftmp); - felem_reduce(ftmp, tmp); - } /* 2^16 - 2^8 */ - felem_mul(tmp, ftmp, e8); - felem_reduce(ftmp, tmp); /* 2^16 - 2^0 */ - felem_assign(e16, ftmp); - for (i = 0; i < 16; i++) { - felem_square(tmp, ftmp); - felem_reduce(ftmp, tmp); - } /* 2^32 - 2^16 */ - felem_mul(tmp, ftmp, e16); - felem_reduce(ftmp, tmp); /* 2^32 - 2^0 */ - felem_assign(e32, ftmp); - for (i = 0; i < 32; i++) { - felem_square(tmp, ftmp); - felem_reduce(ftmp, tmp); - } /* 2^64 - 2^32 */ - felem_assign(e64, ftmp); - felem_mul(tmp, ftmp, in); - felem_reduce(ftmp, tmp); /* 2^64 - 2^32 + 2^0 */ - for (i = 0; i < 192; i++) { - felem_square(tmp, ftmp); - felem_reduce(ftmp, tmp); - } /* 2^256 - 2^224 + 2^192 */ - - felem_mul(tmp, e64, e32); - felem_reduce(ftmp2, tmp); /* 2^64 - 2^0 */ - for (i = 0; i < 16; i++) { - felem_square(tmp, ftmp2); - felem_reduce(ftmp2, tmp); - } /* 2^80 - 2^16 */ - felem_mul(tmp, ftmp2, e16); - felem_reduce(ftmp2, tmp); /* 2^80 - 2^0 */ - for (i = 0; i < 8; i++) { - felem_square(tmp, ftmp2); - felem_reduce(ftmp2, tmp); - } /* 2^88 - 2^8 */ - felem_mul(tmp, ftmp2, e8); - felem_reduce(ftmp2, tmp); /* 2^88 - 2^0 */ - for (i = 0; i < 4; i++) { - felem_square(tmp, ftmp2); - felem_reduce(ftmp2, tmp); - } /* 2^92 - 2^4 */ - felem_mul(tmp, ftmp2, e4); - felem_reduce(ftmp2, tmp); /* 2^92 - 2^0 */ - felem_square(tmp, ftmp2); - felem_reduce(ftmp2, tmp); /* 2^93 - 2^1 */ - felem_square(tmp, ftmp2); - felem_reduce(ftmp2, tmp); /* 2^94 - 2^2 */ - felem_mul(tmp, ftmp2, e2); - felem_reduce(ftmp2, tmp); /* 2^94 - 2^0 */ - felem_square(tmp, ftmp2); - felem_reduce(ftmp2, tmp); /* 2^95 - 2^1 */ - felem_square(tmp, ftmp2); - felem_reduce(ftmp2, tmp); /* 2^96 - 2^2 */ - felem_mul(tmp, ftmp2, in); - felem_reduce(ftmp2, tmp); /* 2^96 - 3 */ - - felem_mul(tmp, ftmp2, ftmp); - felem_reduce(out, tmp); /* 2^256 - 2^224 + 2^192 + 2^96 - 3 */ -} - -static void smallfelem_inv_contract(smallfelem out, const smallfelem in) -{ - felem tmp; - - smallfelem_expand(tmp, in); - felem_inv(tmp, tmp); - felem_contract(out, tmp); -} - -/*- - * Group operations - * ---------------- - * - * Building on top of the field operations we have the operations on the - * elliptic curve group itself. Points on the curve are represented in Jacobian - * coordinates - */ - -/*- - * point_double calculates 2*(x_in, y_in, z_in) - * - * The method is taken from: - * http://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#doubling-dbl-2001-b - * - * Outputs can equal corresponding inputs, i.e., x_out == x_in is allowed. - * while x_out == y_in is not (maybe this works, but it's not tested). - */ -static void -point_double(felem x_out, felem y_out, felem z_out, - const felem x_in, const felem y_in, const felem z_in) -{ - longfelem tmp, tmp2; - felem delta, gamma, beta, alpha, ftmp, ftmp2; - smallfelem small1, small2; - - felem_assign(ftmp, x_in); - /* ftmp[i] < 2^106 */ - felem_assign(ftmp2, x_in); - /* ftmp2[i] < 2^106 */ - - /* delta = z^2 */ - felem_square(tmp, z_in); - felem_reduce(delta, tmp); - /* delta[i] < 2^101 */ - - /* gamma = y^2 */ - felem_square(tmp, y_in); - felem_reduce(gamma, tmp); - /* gamma[i] < 2^101 */ - felem_shrink(small1, gamma); - - /* beta = x*gamma */ - felem_small_mul(tmp, small1, x_in); - felem_reduce(beta, tmp); - /* beta[i] < 2^101 */ - - /* alpha = 3*(x-delta)*(x+delta) */ - felem_diff(ftmp, delta); - /* ftmp[i] < 2^105 + 2^106 < 2^107 */ - felem_sum(ftmp2, delta); - /* ftmp2[i] < 2^105 + 2^106 < 2^107 */ - felem_scalar(ftmp2, 3); - /* ftmp2[i] < 3 * 2^107 < 2^109 */ - felem_mul(tmp, ftmp, ftmp2); - felem_reduce(alpha, tmp); - /* alpha[i] < 2^101 */ - felem_shrink(small2, alpha); - - /* x' = alpha^2 - 8*beta */ - smallfelem_square(tmp, small2); - felem_reduce(x_out, tmp); - felem_assign(ftmp, beta); - felem_scalar(ftmp, 8); - /* ftmp[i] < 8 * 2^101 = 2^104 */ - felem_diff(x_out, ftmp); - /* x_out[i] < 2^105 + 2^101 < 2^106 */ - - /* z' = (y + z)^2 - gamma - delta */ - felem_sum(delta, gamma); - /* delta[i] < 2^101 + 2^101 = 2^102 */ - felem_assign(ftmp, y_in); - felem_sum(ftmp, z_in); - /* ftmp[i] < 2^106 + 2^106 = 2^107 */ - felem_square(tmp, ftmp); - felem_reduce(z_out, tmp); - felem_diff(z_out, delta); - /* z_out[i] < 2^105 + 2^101 < 2^106 */ - - /* y' = alpha*(4*beta - x') - 8*gamma^2 */ - felem_scalar(beta, 4); - /* beta[i] < 4 * 2^101 = 2^103 */ - felem_diff_zero107(beta, x_out); - /* beta[i] < 2^107 + 2^103 < 2^108 */ - felem_small_mul(tmp, small2, beta); - /* tmp[i] < 7 * 2^64 < 2^67 */ - smallfelem_square(tmp2, small1); - /* tmp2[i] < 7 * 2^64 */ - longfelem_scalar(tmp2, 8); - /* tmp2[i] < 8 * 7 * 2^64 = 7 * 2^67 */ - longfelem_diff(tmp, tmp2); - /* tmp[i] < 2^67 + 2^70 + 2^40 < 2^71 */ - felem_reduce_zero105(y_out, tmp); - /* y_out[i] < 2^106 */ -} - -/* - * point_double_small is the same as point_double, except that it operates on - * smallfelems - */ -static void -point_double_small(smallfelem x_out, smallfelem y_out, smallfelem z_out, - const smallfelem x_in, const smallfelem y_in, - const smallfelem z_in) -{ - felem felem_x_out, felem_y_out, felem_z_out; - felem felem_x_in, felem_y_in, felem_z_in; - - smallfelem_expand(felem_x_in, x_in); - smallfelem_expand(felem_y_in, y_in); - smallfelem_expand(felem_z_in, z_in); - point_double(felem_x_out, felem_y_out, felem_z_out, - felem_x_in, felem_y_in, felem_z_in); - felem_shrink(x_out, felem_x_out); - felem_shrink(y_out, felem_y_out); - felem_shrink(z_out, felem_z_out); -} - -/* copy_conditional copies in to out iff mask is all ones. */ -static void copy_conditional(felem out, const felem in, limb mask) -{ - unsigned i; - for (i = 0; i < NLIMBS; ++i) { - const limb tmp = mask & (in[i] ^ out[i]); - out[i] ^= tmp; - } -} - -/* copy_small_conditional copies in to out iff mask is all ones. */ -static void copy_small_conditional(felem out, const smallfelem in, limb mask) -{ - unsigned i; - const u64 mask64 = mask; - for (i = 0; i < NLIMBS; ++i) { - out[i] = ((limb) (in[i] & mask64)) | (out[i] & ~mask); - } -} - -/*- - * point_add calculates (x1, y1, z1) + (x2, y2, z2) - * - * The method is taken from: - * http://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#addition-add-2007-bl, - * adapted for mixed addition (z2 = 1, or z2 = 0 for the point at infinity). - * - * This function includes a branch for checking whether the two input points - * are equal, (while not equal to the point at infinity). This case never - * happens during single point multiplication, so there is no timing leak for - * ECDH or ECDSA signing. - */ -static void point_add(felem x3, felem y3, felem z3, - const felem x1, const felem y1, const felem z1, - const int mixed, const smallfelem x2, - const smallfelem y2, const smallfelem z2) -{ - felem ftmp, ftmp2, ftmp3, ftmp4, ftmp5, ftmp6, x_out, y_out, z_out; - longfelem tmp, tmp2; - smallfelem small1, small2, small3, small4, small5; - limb x_equal, y_equal, z1_is_zero, z2_is_zero; - limb points_equal; - - felem_shrink(small3, z1); - - z1_is_zero = smallfelem_is_zero(small3); - z2_is_zero = smallfelem_is_zero(z2); - - /* ftmp = z1z1 = z1**2 */ - smallfelem_square(tmp, small3); - felem_reduce(ftmp, tmp); - /* ftmp[i] < 2^101 */ - felem_shrink(small1, ftmp); - - if (!mixed) { - /* ftmp2 = z2z2 = z2**2 */ - smallfelem_square(tmp, z2); - felem_reduce(ftmp2, tmp); - /* ftmp2[i] < 2^101 */ - felem_shrink(small2, ftmp2); - - felem_shrink(small5, x1); - - /* u1 = ftmp3 = x1*z2z2 */ - smallfelem_mul(tmp, small5, small2); - felem_reduce(ftmp3, tmp); - /* ftmp3[i] < 2^101 */ - - /* ftmp5 = z1 + z2 */ - felem_assign(ftmp5, z1); - felem_small_sum(ftmp5, z2); - /* ftmp5[i] < 2^107 */ - - /* ftmp5 = (z1 + z2)**2 - (z1z1 + z2z2) = 2z1z2 */ - felem_square(tmp, ftmp5); - felem_reduce(ftmp5, tmp); - /* ftmp2 = z2z2 + z1z1 */ - felem_sum(ftmp2, ftmp); - /* ftmp2[i] < 2^101 + 2^101 = 2^102 */ - felem_diff(ftmp5, ftmp2); - /* ftmp5[i] < 2^105 + 2^101 < 2^106 */ - - /* ftmp2 = z2 * z2z2 */ - smallfelem_mul(tmp, small2, z2); - felem_reduce(ftmp2, tmp); - - /* s1 = ftmp2 = y1 * z2**3 */ - felem_mul(tmp, y1, ftmp2); - felem_reduce(ftmp6, tmp); - /* ftmp6[i] < 2^101 */ - } else { - /* - * We'll assume z2 = 1 (special case z2 = 0 is handled later) - */ - - /* u1 = ftmp3 = x1*z2z2 */ - felem_assign(ftmp3, x1); - /* ftmp3[i] < 2^106 */ - - /* ftmp5 = 2z1z2 */ - felem_assign(ftmp5, z1); - felem_scalar(ftmp5, 2); - /* ftmp5[i] < 2*2^106 = 2^107 */ - - /* s1 = ftmp2 = y1 * z2**3 */ - felem_assign(ftmp6, y1); - /* ftmp6[i] < 2^106 */ - } - - /* u2 = x2*z1z1 */ - smallfelem_mul(tmp, x2, small1); - felem_reduce(ftmp4, tmp); - - /* h = ftmp4 = u2 - u1 */ - felem_diff_zero107(ftmp4, ftmp3); - /* ftmp4[i] < 2^107 + 2^101 < 2^108 */ - felem_shrink(small4, ftmp4); - - x_equal = smallfelem_is_zero(small4); - - /* z_out = ftmp5 * h */ - felem_small_mul(tmp, small4, ftmp5); - felem_reduce(z_out, tmp); - /* z_out[i] < 2^101 */ - - /* ftmp = z1 * z1z1 */ - smallfelem_mul(tmp, small1, small3); - felem_reduce(ftmp, tmp); - - /* s2 = tmp = y2 * z1**3 */ - felem_small_mul(tmp, y2, ftmp); - felem_reduce(ftmp5, tmp); - - /* r = ftmp5 = (s2 - s1)*2 */ - felem_diff_zero107(ftmp5, ftmp6); - /* ftmp5[i] < 2^107 + 2^107 = 2^108 */ - felem_scalar(ftmp5, 2); - /* ftmp5[i] < 2^109 */ - felem_shrink(small1, ftmp5); - y_equal = smallfelem_is_zero(small1); - - /* - * The formulae are incorrect if the points are equal, in affine coordinates - * (X_1, Y_1) == (X_2, Y_2), so we check for this and do doubling if this - * happens. - * - * We use bitwise operations to avoid potential side-channels introduced by - * the short-circuiting behaviour of boolean operators. - * - * The special case of either point being the point at infinity (z1 and/or - * z2 are zero), is handled separately later on in this function, so we - * avoid jumping to point_double here in those special cases. - */ - points_equal = (x_equal & y_equal & (~z1_is_zero) & (~z2_is_zero)); - - if (points_equal) { - /* - * This is obviously not constant-time but, as mentioned before, this - * case never happens during single point multiplication, so there is no - * timing leak for ECDH or ECDSA signing. - */ - point_double(x3, y3, z3, x1, y1, z1); - return; - } - - /* I = ftmp = (2h)**2 */ - felem_assign(ftmp, ftmp4); - felem_scalar(ftmp, 2); - /* ftmp[i] < 2*2^108 = 2^109 */ - felem_square(tmp, ftmp); - felem_reduce(ftmp, tmp); - - /* J = ftmp2 = h * I */ - felem_mul(tmp, ftmp4, ftmp); - felem_reduce(ftmp2, tmp); - - /* V = ftmp4 = U1 * I */ - felem_mul(tmp, ftmp3, ftmp); - felem_reduce(ftmp4, tmp); - - /* x_out = r**2 - J - 2V */ - smallfelem_square(tmp, small1); - felem_reduce(x_out, tmp); - felem_assign(ftmp3, ftmp4); - felem_scalar(ftmp4, 2); - felem_sum(ftmp4, ftmp2); - /* ftmp4[i] < 2*2^101 + 2^101 < 2^103 */ - felem_diff(x_out, ftmp4); - /* x_out[i] < 2^105 + 2^101 */ - - /* y_out = r(V-x_out) - 2 * s1 * J */ - felem_diff_zero107(ftmp3, x_out); - /* ftmp3[i] < 2^107 + 2^101 < 2^108 */ - felem_small_mul(tmp, small1, ftmp3); - felem_mul(tmp2, ftmp6, ftmp2); - longfelem_scalar(tmp2, 2); - /* tmp2[i] < 2*2^67 = 2^68 */ - longfelem_diff(tmp, tmp2); - /* tmp[i] < 2^67 + 2^70 + 2^40 < 2^71 */ - felem_reduce_zero105(y_out, tmp); - /* y_out[i] < 2^106 */ - - copy_small_conditional(x_out, x2, z1_is_zero); - copy_conditional(x_out, x1, z2_is_zero); - copy_small_conditional(y_out, y2, z1_is_zero); - copy_conditional(y_out, y1, z2_is_zero); - copy_small_conditional(z_out, z2, z1_is_zero); - copy_conditional(z_out, z1, z2_is_zero); - felem_assign(x3, x_out); - felem_assign(y3, y_out); - felem_assign(z3, z_out); -} - -/* - * point_add_small is the same as point_add, except that it operates on - * smallfelems - */ -static void point_add_small(smallfelem x3, smallfelem y3, smallfelem z3, - smallfelem x1, smallfelem y1, smallfelem z1, - smallfelem x2, smallfelem y2, smallfelem z2) -{ - felem felem_x3, felem_y3, felem_z3; - felem felem_x1, felem_y1, felem_z1; - smallfelem_expand(felem_x1, x1); - smallfelem_expand(felem_y1, y1); - smallfelem_expand(felem_z1, z1); - point_add(felem_x3, felem_y3, felem_z3, felem_x1, felem_y1, felem_z1, 0, - x2, y2, z2); - felem_shrink(x3, felem_x3); - felem_shrink(y3, felem_y3); - felem_shrink(z3, felem_z3); -} - -/*- - * Base point pre computation - * -------------------------- - * - * Two different sorts of precomputed tables are used in the following code. - * Each contain various points on the curve, where each point is three field - * elements (x, y, z). - * - * For the base point table, z is usually 1 (0 for the point at infinity). - * This table has 2 * 16 elements, starting with the following: - * index | bits | point - * ------+---------+------------------------------ - * 0 | 0 0 0 0 | 0G - * 1 | 0 0 0 1 | 1G - * 2 | 0 0 1 0 | 2^64G - * 3 | 0 0 1 1 | (2^64 + 1)G - * 4 | 0 1 0 0 | 2^128G - * 5 | 0 1 0 1 | (2^128 + 1)G - * 6 | 0 1 1 0 | (2^128 + 2^64)G - * 7 | 0 1 1 1 | (2^128 + 2^64 + 1)G - * 8 | 1 0 0 0 | 2^192G - * 9 | 1 0 0 1 | (2^192 + 1)G - * 10 | 1 0 1 0 | (2^192 + 2^64)G - * 11 | 1 0 1 1 | (2^192 + 2^64 + 1)G - * 12 | 1 1 0 0 | (2^192 + 2^128)G - * 13 | 1 1 0 1 | (2^192 + 2^128 + 1)G - * 14 | 1 1 1 0 | (2^192 + 2^128 + 2^64)G - * 15 | 1 1 1 1 | (2^192 + 2^128 + 2^64 + 1)G - * followed by a copy of this with each element multiplied by 2^32. - * - * The reason for this is so that we can clock bits into four different - * locations when doing simple scalar multiplies against the base point, - * and then another four locations using the second 16 elements. - * - * Tables for other points have table[i] = iG for i in 0 .. 16. */ - -/* gmul is the table of precomputed base points */ -static const smallfelem gmul[2][16][3] = { - {{{0, 0, 0, 0}, - {0, 0, 0, 0}, - {0, 0, 0, 0}}, - {{0xf4a13945d898c296, 0x77037d812deb33a0, 0xf8bce6e563a440f2, - 0x6b17d1f2e12c4247}, - {0xcbb6406837bf51f5, 0x2bce33576b315ece, 0x8ee7eb4a7c0f9e16, - 0x4fe342e2fe1a7f9b}, - {1, 0, 0, 0}}, - {{0x90e75cb48e14db63, 0x29493baaad651f7e, 0x8492592e326e25de, - 0x0fa822bc2811aaa5}, - {0xe41124545f462ee7, 0x34b1a65050fe82f5, 0x6f4ad4bcb3df188b, - 0xbff44ae8f5dba80d}, - {1, 0, 0, 0}}, - {{0x93391ce2097992af, 0xe96c98fd0d35f1fa, 0xb257c0de95e02789, - 0x300a4bbc89d6726f}, - {0xaa54a291c08127a0, 0x5bb1eeada9d806a5, 0x7f1ddb25ff1e3c6f, - 0x72aac7e0d09b4644}, - {1, 0, 0, 0}}, - {{0x57c84fc9d789bd85, 0xfc35ff7dc297eac3, 0xfb982fd588c6766e, - 0x447d739beedb5e67}, - {0x0c7e33c972e25b32, 0x3d349b95a7fae500, 0xe12e9d953a4aaff7, - 0x2d4825ab834131ee}, - {1, 0, 0, 0}}, - {{0x13949c932a1d367f, 0xef7fbd2b1a0a11b7, 0xddc6068bb91dfc60, - 0xef9519328a9c72ff}, - {0x196035a77376d8a8, 0x23183b0895ca1740, 0xc1ee9807022c219c, - 0x611e9fc37dbb2c9b}, - {1, 0, 0, 0}}, - {{0xcae2b1920b57f4bc, 0x2936df5ec6c9bc36, 0x7dea6482e11238bf, - 0x550663797b51f5d8}, - {0x44ffe216348a964c, 0x9fb3d576dbdefbe1, 0x0afa40018d9d50e5, - 0x157164848aecb851}, - {1, 0, 0, 0}}, - {{0xe48ecafffc5cde01, 0x7ccd84e70d715f26, 0xa2e8f483f43e4391, - 0xeb5d7745b21141ea}, - {0xcac917e2731a3479, 0x85f22cfe2844b645, 0x0990e6a158006cee, - 0xeafd72ebdbecc17b}, - {1, 0, 0, 0}}, - {{0x6cf20ffb313728be, 0x96439591a3c6b94a, 0x2736ff8344315fc5, - 0xa6d39677a7849276}, - {0xf2bab833c357f5f4, 0x824a920c2284059b, 0x66b8babd2d27ecdf, - 0x674f84749b0b8816}, - {1, 0, 0, 0}}, - {{0x2df48c04677c8a3e, 0x74e02f080203a56b, 0x31855f7db8c7fedb, - 0x4e769e7672c9ddad}, - {0xa4c36165b824bbb0, 0xfb9ae16f3b9122a5, 0x1ec0057206947281, - 0x42b99082de830663}, - {1, 0, 0, 0}}, - {{0x6ef95150dda868b9, 0xd1f89e799c0ce131, 0x7fdc1ca008a1c478, - 0x78878ef61c6ce04d}, - {0x9c62b9121fe0d976, 0x6ace570ebde08d4f, 0xde53142c12309def, - 0xb6cb3f5d7b72c321}, - {1, 0, 0, 0}}, - {{0x7f991ed2c31a3573, 0x5b82dd5bd54fb496, 0x595c5220812ffcae, - 0x0c88bc4d716b1287}, - {0x3a57bf635f48aca8, 0x7c8181f4df2564f3, 0x18d1b5b39c04e6aa, - 0xdd5ddea3f3901dc6}, - {1, 0, 0, 0}}, - {{0xe96a79fb3e72ad0c, 0x43a0a28c42ba792f, 0xefe0a423083e49f3, - 0x68f344af6b317466}, - {0xcdfe17db3fb24d4a, 0x668bfc2271f5c626, 0x604ed93c24d67ff3, - 0x31b9c405f8540a20}, - {1, 0, 0, 0}}, - {{0xd36b4789a2582e7f, 0x0d1a10144ec39c28, 0x663c62c3edbad7a0, - 0x4052bf4b6f461db9}, - {0x235a27c3188d25eb, 0xe724f33999bfcc5b, 0x862be6bd71d70cc8, - 0xfecf4d5190b0fc61}, - {1, 0, 0, 0}}, - {{0x74346c10a1d4cfac, 0xafdf5cc08526a7a4, 0x123202a8f62bff7a, - 0x1eddbae2c802e41a}, - {0x8fa0af2dd603f844, 0x36e06b7e4c701917, 0x0c45f45273db33a0, - 0x43104d86560ebcfc}, - {1, 0, 0, 0}}, - {{0x9615b5110d1d78e5, 0x66b0de3225c4744b, 0x0a4a46fb6aaf363a, - 0xb48e26b484f7a21c}, - {0x06ebb0f621a01b2d, 0xc004e4048b7b0f98, 0x64131bcdfed6f668, - 0xfac015404d4d3dab}, - {1, 0, 0, 0}}}, - {{{0, 0, 0, 0}, - {0, 0, 0, 0}, - {0, 0, 0, 0}}, - {{0x3a5a9e22185a5943, 0x1ab919365c65dfb6, 0x21656b32262c71da, - 0x7fe36b40af22af89}, - {0xd50d152c699ca101, 0x74b3d5867b8af212, 0x9f09f40407dca6f1, - 0xe697d45825b63624}, - {1, 0, 0, 0}}, - {{0xa84aa9397512218e, 0xe9a521b074ca0141, 0x57880b3a18a2e902, - 0x4a5b506612a677a6}, - {0x0beada7a4c4f3840, 0x626db15419e26d9d, 0xc42604fbe1627d40, - 0xeb13461ceac089f1}, - {1, 0, 0, 0}}, - {{0xf9faed0927a43281, 0x5e52c4144103ecbc, 0xc342967aa815c857, - 0x0781b8291c6a220a}, - {0x5a8343ceeac55f80, 0x88f80eeee54a05e3, 0x97b2a14f12916434, - 0x690cde8df0151593}, - {1, 0, 0, 0}}, - {{0xaee9c75df7f82f2a, 0x9e4c35874afdf43a, 0xf5622df437371326, - 0x8a535f566ec73617}, - {0xc5f9a0ac223094b7, 0xcde533864c8c7669, 0x37e02819085a92bf, - 0x0455c08468b08bd7}, - {1, 0, 0, 0}}, - {{0x0c0a6e2c9477b5d9, 0xf9a4bf62876dc444, 0x5050a949b6cdc279, - 0x06bada7ab77f8276}, - {0xc8b4aed1ea48dac9, 0xdebd8a4b7ea1070f, 0x427d49101366eb70, - 0x5b476dfd0e6cb18a}, - {1, 0, 0, 0}}, - {{0x7c5c3e44278c340a, 0x4d54606812d66f3b, 0x29a751b1ae23c5d8, - 0x3e29864e8a2ec908}, - {0x142d2a6626dbb850, 0xad1744c4765bd780, 0x1f150e68e322d1ed, - 0x239b90ea3dc31e7e}, - {1, 0, 0, 0}}, - {{0x78c416527a53322a, 0x305dde6709776f8e, 0xdbcab759f8862ed4, - 0x820f4dd949f72ff7}, - {0x6cc544a62b5debd4, 0x75be5d937b4e8cc4, 0x1b481b1b215c14d3, - 0x140406ec783a05ec}, - {1, 0, 0, 0}}, - {{0x6a703f10e895df07, 0xfd75f3fa01876bd8, 0xeb5b06e70ce08ffe, - 0x68f6b8542783dfee}, - {0x90c76f8a78712655, 0xcf5293d2f310bf7f, 0xfbc8044dfda45028, - 0xcbe1feba92e40ce6}, - {1, 0, 0, 0}}, - {{0xe998ceea4396e4c1, 0xfc82ef0b6acea274, 0x230f729f2250e927, - 0xd0b2f94d2f420109}, - {0x4305adddb38d4966, 0x10b838f8624c3b45, 0x7db2636658954e7a, - 0x971459828b0719e5}, - {1, 0, 0, 0}}, - {{0x4bd6b72623369fc9, 0x57f2929e53d0b876, 0xc2d5cba4f2340687, - 0x961610004a866aba}, - {0x49997bcd2e407a5e, 0x69ab197d92ddcb24, 0x2cf1f2438fe5131c, - 0x7acb9fadcee75e44}, - {1, 0, 0, 0}}, - {{0x254e839423d2d4c0, 0xf57f0c917aea685b, 0xa60d880f6f75aaea, - 0x24eb9acca333bf5b}, - {0xe3de4ccb1cda5dea, 0xfeef9341c51a6b4f, 0x743125f88bac4c4d, - 0x69f891c5acd079cc}, - {1, 0, 0, 0}}, - {{0xeee44b35702476b5, 0x7ed031a0e45c2258, 0xb422d1e7bd6f8514, - 0xe51f547c5972a107}, - {0xa25bcd6fc9cf343d, 0x8ca922ee097c184e, 0xa62f98b3a9fe9a06, - 0x1c309a2b25bb1387}, - {1, 0, 0, 0}}, - {{0x9295dbeb1967c459, 0xb00148833472c98e, 0xc504977708011828, - 0x20b87b8aa2c4e503}, - {0x3063175de057c277, 0x1bd539338fe582dd, 0x0d11adef5f69a044, - 0xf5c6fa49919776be}, - {1, 0, 0, 0}}, - {{0x8c944e760fd59e11, 0x3876cba1102fad5f, 0xa454c3fad83faa56, - 0x1ed7d1b9332010b9}, - {0xa1011a270024b889, 0x05e4d0dcac0cd344, 0x52b520f0eb6a2a24, - 0x3a2b03f03217257a}, - {1, 0, 0, 0}}, - {{0xf20fc2afdf1d043d, 0xf330240db58d5a62, 0xfc7d229ca0058c3b, - 0x15fee545c78dd9f6}, - {0x501e82885bc98cda, 0x41ef80e5d046ac04, 0x557d9f49461210fb, - 0x4ab5b6b2b8753f81}, - {1, 0, 0, 0}}} -}; - -/* - * select_point selects the |idx|th point from a precomputation table and - * copies it to out. - */ -static void select_point(const u64 idx, unsigned int size, - const smallfelem pre_comp[16][3], smallfelem out[3]) -{ - unsigned i, j; - u64 *outlimbs = &out[0][0]; - - memset(out, 0, sizeof(*out) * 3); - - for (i = 0; i < size; i++) { - const u64 *inlimbs = (u64 *)&pre_comp[i][0][0]; - u64 mask = i ^ idx; - mask |= mask >> 4; - mask |= mask >> 2; - mask |= mask >> 1; - mask &= 1; - mask--; - for (j = 0; j < NLIMBS * 3; j++) - outlimbs[j] |= inlimbs[j] & mask; - } -} - -/* get_bit returns the |i|th bit in |in| */ -static char get_bit(const felem_bytearray in, int i) -{ - if ((i < 0) || (i >= 256)) - return 0; - return (in[i >> 3] >> (i & 7)) & 1; -} - -/* - * Interleaved point multiplication using precomputed point multiples: The - * small point multiples 0*P, 1*P, ..., 17*P are in pre_comp[], the scalars - * in scalars[]. If g_scalar is non-NULL, we also add this multiple of the - * generator, using certain (large) precomputed multiples in g_pre_comp. - * Output point (X, Y, Z) is stored in x_out, y_out, z_out - */ -static void batch_mul(felem x_out, felem y_out, felem z_out, - const felem_bytearray scalars[], - const unsigned num_points, const u8 *g_scalar, - const int mixed, const smallfelem pre_comp[][17][3], - const smallfelem g_pre_comp[2][16][3]) -{ - int i, skip; - unsigned num, gen_mul = (g_scalar != NULL); - felem nq[3], ftmp; - smallfelem tmp[3]; - u64 bits; - u8 sign, digit; - - /* set nq to the point at infinity */ - memset(nq, 0, sizeof(nq)); - - /* - * Loop over all scalars msb-to-lsb, interleaving additions of multiples - * of the generator (two in each of the last 32 rounds) and additions of - * other points multiples (every 5th round). - */ - skip = 1; /* save two point operations in the first - * round */ - for (i = (num_points ? 255 : 31); i >= 0; --i) { - /* double */ - if (!skip) - point_double(nq[0], nq[1], nq[2], nq[0], nq[1], nq[2]); - - /* add multiples of the generator */ - if (gen_mul && (i <= 31)) { - /* first, look 32 bits upwards */ - bits = get_bit(g_scalar, i + 224) << 3; - bits |= get_bit(g_scalar, i + 160) << 2; - bits |= get_bit(g_scalar, i + 96) << 1; - bits |= get_bit(g_scalar, i + 32); - /* select the point to add, in constant time */ - select_point(bits, 16, g_pre_comp[1], tmp); - - if (!skip) { - /* Arg 1 below is for "mixed" */ - point_add(nq[0], nq[1], nq[2], - nq[0], nq[1], nq[2], 1, tmp[0], tmp[1], tmp[2]); - } else { - smallfelem_expand(nq[0], tmp[0]); - smallfelem_expand(nq[1], tmp[1]); - smallfelem_expand(nq[2], tmp[2]); - skip = 0; - } - - /* second, look at the current position */ - bits = get_bit(g_scalar, i + 192) << 3; - bits |= get_bit(g_scalar, i + 128) << 2; - bits |= get_bit(g_scalar, i + 64) << 1; - bits |= get_bit(g_scalar, i); - /* select the point to add, in constant time */ - select_point(bits, 16, g_pre_comp[0], tmp); - /* Arg 1 below is for "mixed" */ - point_add(nq[0], nq[1], nq[2], - nq[0], nq[1], nq[2], 1, tmp[0], tmp[1], tmp[2]); - } - - /* do other additions every 5 doublings */ - if (num_points && (i % 5 == 0)) { - /* loop over all scalars */ - for (num = 0; num < num_points; ++num) { - bits = get_bit(scalars[num], i + 4) << 5; - bits |= get_bit(scalars[num], i + 3) << 4; - bits |= get_bit(scalars[num], i + 2) << 3; - bits |= get_bit(scalars[num], i + 1) << 2; - bits |= get_bit(scalars[num], i) << 1; - bits |= get_bit(scalars[num], i - 1); - ossl_ec_GFp_nistp_recode_scalar_bits(&sign, &digit, bits); - - /* - * select the point to add or subtract, in constant time - */ - select_point(digit, 17, pre_comp[num], tmp); - smallfelem_neg(ftmp, tmp[1]); /* (X, -Y, Z) is the negative - * point */ - copy_small_conditional(ftmp, tmp[1], (((limb) sign) - 1)); - felem_contract(tmp[1], ftmp); - - if (!skip) { - point_add(nq[0], nq[1], nq[2], - nq[0], nq[1], nq[2], - mixed, tmp[0], tmp[1], tmp[2]); - } else { - smallfelem_expand(nq[0], tmp[0]); - smallfelem_expand(nq[1], tmp[1]); - smallfelem_expand(nq[2], tmp[2]); - skip = 0; - } - } - } - } - felem_assign(x_out, nq[0]); - felem_assign(y_out, nq[1]); - felem_assign(z_out, nq[2]); -} - -/* Precomputation for the group generator. */ -struct nistp256_pre_comp_st { - smallfelem g_pre_comp[2][16][3]; - CRYPTO_REF_COUNT references; - CRYPTO_RWLOCK *lock; -}; - -const EC_METHOD *EC_GFp_nistp256_method(void) -{ - static const EC_METHOD ret = { - EC_FLAGS_DEFAULT_OCT, - NID_X9_62_prime_field, - ossl_ec_GFp_nistp256_group_init, - ossl_ec_GFp_simple_group_finish, - ossl_ec_GFp_simple_group_clear_finish, - ossl_ec_GFp_nist_group_copy, - ossl_ec_GFp_nistp256_group_set_curve, - ossl_ec_GFp_simple_group_get_curve, - ossl_ec_GFp_simple_group_get_degree, - ossl_ec_group_simple_order_bits, - ossl_ec_GFp_simple_group_check_discriminant, - ossl_ec_GFp_simple_point_init, - ossl_ec_GFp_simple_point_finish, - ossl_ec_GFp_simple_point_clear_finish, - ossl_ec_GFp_simple_point_copy, - ossl_ec_GFp_simple_point_set_to_infinity, - ossl_ec_GFp_simple_point_set_affine_coordinates, - ossl_ec_GFp_nistp256_point_get_affine_coordinates, - 0 /* point_set_compressed_coordinates */ , - 0 /* point2oct */ , - 0 /* oct2point */ , - ossl_ec_GFp_simple_add, - ossl_ec_GFp_simple_dbl, - ossl_ec_GFp_simple_invert, - ossl_ec_GFp_simple_is_at_infinity, - ossl_ec_GFp_simple_is_on_curve, - ossl_ec_GFp_simple_cmp, - ossl_ec_GFp_simple_make_affine, - ossl_ec_GFp_simple_points_make_affine, - ossl_ec_GFp_nistp256_points_mul, - ossl_ec_GFp_nistp256_precompute_mult, - ossl_ec_GFp_nistp256_have_precompute_mult, - ossl_ec_GFp_nist_field_mul, - ossl_ec_GFp_nist_field_sqr, - 0 /* field_div */ , - ossl_ec_GFp_simple_field_inv, - 0 /* field_encode */ , - 0 /* field_decode */ , - 0, /* field_set_to_one */ - ossl_ec_key_simple_priv2oct, - ossl_ec_key_simple_oct2priv, - 0, /* set private */ - ossl_ec_key_simple_generate_key, - ossl_ec_key_simple_check_key, - ossl_ec_key_simple_generate_public_key, - 0, /* keycopy */ - 0, /* keyfinish */ - ossl_ecdh_simple_compute_key, - ossl_ecdsa_simple_sign_setup, - ossl_ecdsa_simple_sign_sig, - ossl_ecdsa_simple_verify_sig, - 0, /* field_inverse_mod_ord */ - 0, /* blind_coordinates */ - 0, /* ladder_pre */ - 0, /* ladder_step */ - 0 /* ladder_post */ - }; - - return &ret; -} - -/******************************************************************************/ -/* - * FUNCTIONS TO MANAGE PRECOMPUTATION - */ - -static NISTP256_PRE_COMP *nistp256_pre_comp_new(void) -{ - NISTP256_PRE_COMP *ret = OPENSSL_zalloc(sizeof(*ret)); - - if (ret == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); - return ret; - } - - ret->references = 1; - - ret->lock = CRYPTO_THREAD_lock_new(); - if (ret->lock == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); - OPENSSL_free(ret); - return NULL; - } - return ret; -} - -NISTP256_PRE_COMP *EC_nistp256_pre_comp_dup(NISTP256_PRE_COMP *p) -{ - int i; - if (p != NULL) - CRYPTO_UP_REF(&p->references, &i, p->lock); - return p; -} - -void EC_nistp256_pre_comp_free(NISTP256_PRE_COMP *pre) -{ - int i; - - if (pre == NULL) - return; - - CRYPTO_DOWN_REF(&pre->references, &i, pre->lock); - REF_PRINT_COUNT("EC_nistp256", pre); - if (i > 0) - return; - REF_ASSERT_ISNT(i < 0); - - CRYPTO_THREAD_lock_free(pre->lock); - OPENSSL_free(pre); -} - -/******************************************************************************/ -/* - * OPENSSL EC_METHOD FUNCTIONS - */ - -int ossl_ec_GFp_nistp256_group_init(EC_GROUP *group) -{ - int ret; - ret = ossl_ec_GFp_simple_group_init(group); - group->a_is_minus3 = 1; - return ret; -} - -int ossl_ec_GFp_nistp256_group_set_curve(EC_GROUP *group, const BIGNUM *p, - const BIGNUM *a, const BIGNUM *b, - BN_CTX *ctx) -{ - int ret = 0; - BIGNUM *curve_p, *curve_a, *curve_b; -#ifndef FIPS_MODULE - BN_CTX *new_ctx = NULL; - - if (ctx == NULL) - ctx = new_ctx = BN_CTX_new(); -#endif - if (ctx == NULL) - return 0; - - BN_CTX_start(ctx); - curve_p = BN_CTX_get(ctx); - curve_a = BN_CTX_get(ctx); - curve_b = BN_CTX_get(ctx); - if (curve_b == NULL) - goto err; - BN_bin2bn(nistp256_curve_params[0], sizeof(felem_bytearray), curve_p); - BN_bin2bn(nistp256_curve_params[1], sizeof(felem_bytearray), curve_a); - BN_bin2bn(nistp256_curve_params[2], sizeof(felem_bytearray), curve_b); - if ((BN_cmp(curve_p, p)) || (BN_cmp(curve_a, a)) || (BN_cmp(curve_b, b))) { - ERR_raise(ERR_LIB_EC, EC_R_WRONG_CURVE_PARAMETERS); - goto err; - } - group->field_mod_func = BN_nist_mod_256; - ret = ossl_ec_GFp_simple_group_set_curve(group, p, a, b, ctx); - err: - BN_CTX_end(ctx); -#ifndef FIPS_MODULE - BN_CTX_free(new_ctx); -#endif - return ret; -} - -/* - * Takes the Jacobian coordinates (X, Y, Z) of a point and returns (X', Y') = - * (X/Z^2, Y/Z^3) - */ -int ossl_ec_GFp_nistp256_point_get_affine_coordinates(const EC_GROUP *group, - const EC_POINT *point, - BIGNUM *x, BIGNUM *y, - BN_CTX *ctx) -{ - felem z1, z2, x_in, y_in; - smallfelem x_out, y_out; - longfelem tmp; - - if (EC_POINT_is_at_infinity(group, point)) { - ERR_raise(ERR_LIB_EC, EC_R_POINT_AT_INFINITY); - return 0; - } - if ((!BN_to_felem(x_in, point->X)) || (!BN_to_felem(y_in, point->Y)) || - (!BN_to_felem(z1, point->Z))) - return 0; - felem_inv(z2, z1); - felem_square(tmp, z2); - felem_reduce(z1, tmp); - felem_mul(tmp, x_in, z1); - felem_reduce(x_in, tmp); - felem_contract(x_out, x_in); - if (x != NULL) { - if (!smallfelem_to_BN(x, x_out)) { - ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); - return 0; - } - } - felem_mul(tmp, z1, z2); - felem_reduce(z1, tmp); - felem_mul(tmp, y_in, z1); - felem_reduce(y_in, tmp); - felem_contract(y_out, y_in); - if (y != NULL) { - if (!smallfelem_to_BN(y, y_out)) { - ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); - return 0; - } - } - return 1; -} - -/* points below is of size |num|, and tmp_smallfelems is of size |num+1| */ -static void make_points_affine(size_t num, smallfelem points[][3], - smallfelem tmp_smallfelems[]) -{ - /* - * Runs in constant time, unless an input is the point at infinity (which - * normally shouldn't happen). - */ - ossl_ec_GFp_nistp_points_make_affine_internal(num, - points, - sizeof(smallfelem), - tmp_smallfelems, - (void (*)(void *))smallfelem_one, - smallfelem_is_zero_int, - (void (*)(void *, const void *)) - smallfelem_assign, - (void (*)(void *, const void *)) - smallfelem_square_contract, - (void (*) - (void *, const void *, - const void *)) - smallfelem_mul_contract, - (void (*)(void *, const void *)) - smallfelem_inv_contract, - /* nothing to contract */ - (void (*)(void *, const void *)) - smallfelem_assign); -} - -/* - * Computes scalar*generator + \sum scalars[i]*points[i], ignoring NULL - * values Result is stored in r (r can equal one of the inputs). - */ -int ossl_ec_GFp_nistp256_points_mul(const EC_GROUP *group, EC_POINT *r, - const BIGNUM *scalar, size_t num, - const EC_POINT *points[], - const BIGNUM *scalars[], BN_CTX *ctx) -{ - int ret = 0; - int j; - int mixed = 0; - BIGNUM *x, *y, *z, *tmp_scalar; - felem_bytearray g_secret; - felem_bytearray *secrets = NULL; - smallfelem (*pre_comp)[17][3] = NULL; - smallfelem *tmp_smallfelems = NULL; - unsigned i; - int num_bytes; - int have_pre_comp = 0; - size_t num_points = num; - smallfelem x_in, y_in, z_in; - felem x_out, y_out, z_out; - NISTP256_PRE_COMP *pre = NULL; - const smallfelem(*g_pre_comp)[16][3] = NULL; - EC_POINT *generator = NULL; - const EC_POINT *p = NULL; - const BIGNUM *p_scalar = NULL; - - BN_CTX_start(ctx); - x = BN_CTX_get(ctx); - y = BN_CTX_get(ctx); - z = BN_CTX_get(ctx); - tmp_scalar = BN_CTX_get(ctx); - if (tmp_scalar == NULL) - goto err; - - if (scalar != NULL) { - pre = group->pre_comp.nistp256; - if (pre) - /* we have precomputation, try to use it */ - g_pre_comp = (const smallfelem(*)[16][3])pre->g_pre_comp; - else - /* try to use the standard precomputation */ - g_pre_comp = &gmul[0]; - generator = EC_POINT_new(group); - if (generator == NULL) - goto err; - /* get the generator from precomputation */ - if (!smallfelem_to_BN(x, g_pre_comp[0][1][0]) || - !smallfelem_to_BN(y, g_pre_comp[0][1][1]) || - !smallfelem_to_BN(z, g_pre_comp[0][1][2])) { - ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); - goto err; - } - if (!ossl_ec_GFp_simple_set_Jprojective_coordinates_GFp(group, - generator, - x, y, z, ctx)) - goto err; - if (0 == EC_POINT_cmp(group, generator, group->generator, ctx)) - /* precomputation matches generator */ - have_pre_comp = 1; - else - /* - * we don't have valid precomputation: treat the generator as a - * random point - */ - num_points++; - } - if (num_points > 0) { - if (num_points >= 3) { - /* - * unless we precompute multiples for just one or two points, - * converting those into affine form is time well spent - */ - mixed = 1; - } - secrets = OPENSSL_malloc(sizeof(*secrets) * num_points); - pre_comp = OPENSSL_malloc(sizeof(*pre_comp) * num_points); - if (mixed) - tmp_smallfelems = - OPENSSL_malloc(sizeof(*tmp_smallfelems) * (num_points * 17 + 1)); - if ((secrets == NULL) || (pre_comp == NULL) - || (mixed && (tmp_smallfelems == NULL))) { - ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); - goto err; - } - - /* - * we treat NULL scalars as 0, and NULL points as points at infinity, - * i.e., they contribute nothing to the linear combination - */ - memset(secrets, 0, sizeof(*secrets) * num_points); - memset(pre_comp, 0, sizeof(*pre_comp) * num_points); - for (i = 0; i < num_points; ++i) { - if (i == num) { - /* - * we didn't have a valid precomputation, so we pick the - * generator - */ - p = EC_GROUP_get0_generator(group); - p_scalar = scalar; - } else { - /* the i^th point */ - p = points[i]; - p_scalar = scalars[i]; - } - if ((p_scalar != NULL) && (p != NULL)) { - /* reduce scalar to 0 <= scalar < 2^256 */ - if ((BN_num_bits(p_scalar) > 256) - || (BN_is_negative(p_scalar))) { - /* - * this is an unusual input, and we don't guarantee - * constant-timeness - */ - if (!BN_nnmod(tmp_scalar, p_scalar, group->order, ctx)) { - ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); - goto err; - } - num_bytes = BN_bn2lebinpad(tmp_scalar, - secrets[i], sizeof(secrets[i])); - } else { - num_bytes = BN_bn2lebinpad(p_scalar, - secrets[i], sizeof(secrets[i])); - } - if (num_bytes < 0) { - ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); - goto err; - } - /* precompute multiples */ - if ((!BN_to_felem(x_out, p->X)) || - (!BN_to_felem(y_out, p->Y)) || - (!BN_to_felem(z_out, p->Z))) - goto err; - felem_shrink(pre_comp[i][1][0], x_out); - felem_shrink(pre_comp[i][1][1], y_out); - felem_shrink(pre_comp[i][1][2], z_out); - for (j = 2; j <= 16; ++j) { - if (j & 1) { - point_add_small(pre_comp[i][j][0], pre_comp[i][j][1], - pre_comp[i][j][2], pre_comp[i][1][0], - pre_comp[i][1][1], pre_comp[i][1][2], - pre_comp[i][j - 1][0], - pre_comp[i][j - 1][1], - pre_comp[i][j - 1][2]); - } else { - point_double_small(pre_comp[i][j][0], - pre_comp[i][j][1], - pre_comp[i][j][2], - pre_comp[i][j / 2][0], - pre_comp[i][j / 2][1], - pre_comp[i][j / 2][2]); - } - } - } - } - if (mixed) - make_points_affine(num_points * 17, pre_comp[0], tmp_smallfelems); - } - - /* the scalar for the generator */ - if ((scalar != NULL) && (have_pre_comp)) { - memset(g_secret, 0, sizeof(g_secret)); - /* reduce scalar to 0 <= scalar < 2^256 */ - if ((BN_num_bits(scalar) > 256) || (BN_is_negative(scalar))) { - /* - * this is an unusual input, and we don't guarantee - * constant-timeness - */ - if (!BN_nnmod(tmp_scalar, scalar, group->order, ctx)) { - ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); - goto err; - } - num_bytes = BN_bn2lebinpad(tmp_scalar, g_secret, sizeof(g_secret)); - } else { - num_bytes = BN_bn2lebinpad(scalar, g_secret, sizeof(g_secret)); - } - /* do the multiplication with generator precomputation */ - batch_mul(x_out, y_out, z_out, - (const felem_bytearray(*))secrets, num_points, - g_secret, - mixed, (const smallfelem(*)[17][3])pre_comp, g_pre_comp); - } else { - /* do the multiplication without generator precomputation */ - batch_mul(x_out, y_out, z_out, - (const felem_bytearray(*))secrets, num_points, - NULL, mixed, (const smallfelem(*)[17][3])pre_comp, NULL); - } - /* reduce the output to its unique minimal representation */ - felem_contract(x_in, x_out); - felem_contract(y_in, y_out); - felem_contract(z_in, z_out); - if ((!smallfelem_to_BN(x, x_in)) || (!smallfelem_to_BN(y, y_in)) || - (!smallfelem_to_BN(z, z_in))) { - ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); - goto err; - } - ret = ossl_ec_GFp_simple_set_Jprojective_coordinates_GFp(group, r, x, y, z, - ctx); - - err: - BN_CTX_end(ctx); - EC_POINT_free(generator); - OPENSSL_free(secrets); - OPENSSL_free(pre_comp); - OPENSSL_free(tmp_smallfelems); - return ret; -} - -int ossl_ec_GFp_nistp256_precompute_mult(EC_GROUP *group, BN_CTX *ctx) -{ - int ret = 0; - NISTP256_PRE_COMP *pre = NULL; - int i, j; - BIGNUM *x, *y; - EC_POINT *generator = NULL; - smallfelem tmp_smallfelems[32]; - felem x_tmp, y_tmp, z_tmp; -#ifndef FIPS_MODULE - BN_CTX *new_ctx = NULL; -#endif - - /* throw away old precomputation */ - EC_pre_comp_free(group); - -#ifndef FIPS_MODULE - if (ctx == NULL) - ctx = new_ctx = BN_CTX_new(); -#endif - if (ctx == NULL) - return 0; - - BN_CTX_start(ctx); - x = BN_CTX_get(ctx); - y = BN_CTX_get(ctx); - if (y == NULL) - goto err; - /* get the generator */ - if (group->generator == NULL) - goto err; - generator = EC_POINT_new(group); - if (generator == NULL) - goto err; - BN_bin2bn(nistp256_curve_params[3], sizeof(felem_bytearray), x); - BN_bin2bn(nistp256_curve_params[4], sizeof(felem_bytearray), y); - if (!EC_POINT_set_affine_coordinates(group, generator, x, y, ctx)) - goto err; - if ((pre = nistp256_pre_comp_new()) == NULL) - goto err; - /* - * if the generator is the standard one, use built-in precomputation - */ - if (0 == EC_POINT_cmp(group, generator, group->generator, ctx)) { - memcpy(pre->g_pre_comp, gmul, sizeof(pre->g_pre_comp)); - goto done; - } - if ((!BN_to_felem(x_tmp, group->generator->X)) || - (!BN_to_felem(y_tmp, group->generator->Y)) || - (!BN_to_felem(z_tmp, group->generator->Z))) - goto err; - felem_shrink(pre->g_pre_comp[0][1][0], x_tmp); - felem_shrink(pre->g_pre_comp[0][1][1], y_tmp); - felem_shrink(pre->g_pre_comp[0][1][2], z_tmp); - /* - * compute 2^64*G, 2^128*G, 2^192*G for the first table, 2^32*G, 2^96*G, - * 2^160*G, 2^224*G for the second one - */ - for (i = 1; i <= 8; i <<= 1) { - point_double_small(pre->g_pre_comp[1][i][0], pre->g_pre_comp[1][i][1], - pre->g_pre_comp[1][i][2], pre->g_pre_comp[0][i][0], - pre->g_pre_comp[0][i][1], - pre->g_pre_comp[0][i][2]); - for (j = 0; j < 31; ++j) { - point_double_small(pre->g_pre_comp[1][i][0], - pre->g_pre_comp[1][i][1], - pre->g_pre_comp[1][i][2], - pre->g_pre_comp[1][i][0], - pre->g_pre_comp[1][i][1], - pre->g_pre_comp[1][i][2]); - } - if (i == 8) - break; - point_double_small(pre->g_pre_comp[0][2 * i][0], - pre->g_pre_comp[0][2 * i][1], - pre->g_pre_comp[0][2 * i][2], - pre->g_pre_comp[1][i][0], pre->g_pre_comp[1][i][1], - pre->g_pre_comp[1][i][2]); - for (j = 0; j < 31; ++j) { - point_double_small(pre->g_pre_comp[0][2 * i][0], - pre->g_pre_comp[0][2 * i][1], - pre->g_pre_comp[0][2 * i][2], - pre->g_pre_comp[0][2 * i][0], - pre->g_pre_comp[0][2 * i][1], - pre->g_pre_comp[0][2 * i][2]); - } - } - for (i = 0; i < 2; i++) { - /* g_pre_comp[i][0] is the point at infinity */ - memset(pre->g_pre_comp[i][0], 0, sizeof(pre->g_pre_comp[i][0])); - /* the remaining multiples */ - /* 2^64*G + 2^128*G resp. 2^96*G + 2^160*G */ - point_add_small(pre->g_pre_comp[i][6][0], pre->g_pre_comp[i][6][1], - pre->g_pre_comp[i][6][2], pre->g_pre_comp[i][4][0], - pre->g_pre_comp[i][4][1], pre->g_pre_comp[i][4][2], - pre->g_pre_comp[i][2][0], pre->g_pre_comp[i][2][1], - pre->g_pre_comp[i][2][2]); - /* 2^64*G + 2^192*G resp. 2^96*G + 2^224*G */ - point_add_small(pre->g_pre_comp[i][10][0], pre->g_pre_comp[i][10][1], - pre->g_pre_comp[i][10][2], pre->g_pre_comp[i][8][0], - pre->g_pre_comp[i][8][1], pre->g_pre_comp[i][8][2], - pre->g_pre_comp[i][2][0], pre->g_pre_comp[i][2][1], - pre->g_pre_comp[i][2][2]); - /* 2^128*G + 2^192*G resp. 2^160*G + 2^224*G */ - point_add_small(pre->g_pre_comp[i][12][0], pre->g_pre_comp[i][12][1], - pre->g_pre_comp[i][12][2], pre->g_pre_comp[i][8][0], - pre->g_pre_comp[i][8][1], pre->g_pre_comp[i][8][2], - pre->g_pre_comp[i][4][0], pre->g_pre_comp[i][4][1], - pre->g_pre_comp[i][4][2]); - /* - * 2^64*G + 2^128*G + 2^192*G resp. 2^96*G + 2^160*G + 2^224*G - */ - point_add_small(pre->g_pre_comp[i][14][0], pre->g_pre_comp[i][14][1], - pre->g_pre_comp[i][14][2], pre->g_pre_comp[i][12][0], - pre->g_pre_comp[i][12][1], pre->g_pre_comp[i][12][2], - pre->g_pre_comp[i][2][0], pre->g_pre_comp[i][2][1], - pre->g_pre_comp[i][2][2]); - for (j = 1; j < 8; ++j) { - /* odd multiples: add G resp. 2^32*G */ - point_add_small(pre->g_pre_comp[i][2 * j + 1][0], - pre->g_pre_comp[i][2 * j + 1][1], - pre->g_pre_comp[i][2 * j + 1][2], - pre->g_pre_comp[i][2 * j][0], - pre->g_pre_comp[i][2 * j][1], - pre->g_pre_comp[i][2 * j][2], - pre->g_pre_comp[i][1][0], - pre->g_pre_comp[i][1][1], - pre->g_pre_comp[i][1][2]); - } - } - make_points_affine(31, &(pre->g_pre_comp[0][1]), tmp_smallfelems); - - done: - SETPRECOMP(group, nistp256, pre); - pre = NULL; - ret = 1; - - err: - BN_CTX_end(ctx); - EC_POINT_free(generator); -#ifndef FIPS_MODULE - BN_CTX_free(new_ctx); -#endif - EC_nistp256_pre_comp_free(pre); - return ret; -} - -int ossl_ec_GFp_nistp256_have_precompute_mult(const EC_GROUP *group) -{ - return HAVEPRECOMP(group, nistp256); -} diff --git a/crypto/ec/ecp_nistp521.c b/crypto/ec/ecp_nistp521.c deleted file mode 100644 index 31a97d793742b6d5bffeba79aaa7cd773a663452..0000000000000000000000000000000000000000 --- a/crypto/ec/ecp_nistp521.c +++ /dev/null @@ -1,2237 +0,0 @@ -/* - * Copyright 2011-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* Copyright 2011 Google Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -/* - * ECDSA low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -/* - * A 64-bit implementation of the NIST P-521 elliptic curve point multiplication - * - * OpenSSL integration was taken from Emilia Kasper's work in ecp_nistp224.c. - * Otherwise based on Emilia's P224 work, which was inspired by my curve25519 - * work which got its smarts from Daniel J. Bernstein's work on the same. - */ - -#include - -#include -#include -#include "ec_local.h" - -#include "internal/numbers.h" - -#ifndef INT128_MAX -# error "Your compiler doesn't appear to support 128-bit integer types" -#endif - -typedef uint8_t u8; -typedef uint64_t u64; - -/* - * The underlying field. P521 operates over GF(2^521-1). We can serialize an - * element of this field into 66 bytes where the most significant byte - * contains only a single bit. We call this an felem_bytearray. - */ - -typedef u8 felem_bytearray[66]; - -/* - * These are the parameters of P521, taken from FIPS 186-3, section D.1.2.5. - * These values are big-endian. - */ -static const felem_bytearray nistp521_curve_params[5] = { - {0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, /* p */ - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff}, - {0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, /* a = -3 */ - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xfc}, - {0x00, 0x51, 0x95, 0x3e, 0xb9, 0x61, 0x8e, 0x1c, /* b */ - 0x9a, 0x1f, 0x92, 0x9a, 0x21, 0xa0, 0xb6, 0x85, - 0x40, 0xee, 0xa2, 0xda, 0x72, 0x5b, 0x99, 0xb3, - 0x15, 0xf3, 0xb8, 0xb4, 0x89, 0x91, 0x8e, 0xf1, - 0x09, 0xe1, 0x56, 0x19, 0x39, 0x51, 0xec, 0x7e, - 0x93, 0x7b, 0x16, 0x52, 0xc0, 0xbd, 0x3b, 0xb1, - 0xbf, 0x07, 0x35, 0x73, 0xdf, 0x88, 0x3d, 0x2c, - 0x34, 0xf1, 0xef, 0x45, 0x1f, 0xd4, 0x6b, 0x50, - 0x3f, 0x00}, - {0x00, 0xc6, 0x85, 0x8e, 0x06, 0xb7, 0x04, 0x04, /* x */ - 0xe9, 0xcd, 0x9e, 0x3e, 0xcb, 0x66, 0x23, 0x95, - 0xb4, 0x42, 0x9c, 0x64, 0x81, 0x39, 0x05, 0x3f, - 0xb5, 0x21, 0xf8, 0x28, 0xaf, 0x60, 0x6b, 0x4d, - 0x3d, 0xba, 0xa1, 0x4b, 0x5e, 0x77, 0xef, 0xe7, - 0x59, 0x28, 0xfe, 0x1d, 0xc1, 0x27, 0xa2, 0xff, - 0xa8, 0xde, 0x33, 0x48, 0xb3, 0xc1, 0x85, 0x6a, - 0x42, 0x9b, 0xf9, 0x7e, 0x7e, 0x31, 0xc2, 0xe5, - 0xbd, 0x66}, - {0x01, 0x18, 0x39, 0x29, 0x6a, 0x78, 0x9a, 0x3b, /* y */ - 0xc0, 0x04, 0x5c, 0x8a, 0x5f, 0xb4, 0x2c, 0x7d, - 0x1b, 0xd9, 0x98, 0xf5, 0x44, 0x49, 0x57, 0x9b, - 0x44, 0x68, 0x17, 0xaf, 0xbd, 0x17, 0x27, 0x3e, - 0x66, 0x2c, 0x97, 0xee, 0x72, 0x99, 0x5e, 0xf4, - 0x26, 0x40, 0xc5, 0x50, 0xb9, 0x01, 0x3f, 0xad, - 0x07, 0x61, 0x35, 0x3c, 0x70, 0x86, 0xa2, 0x72, - 0xc2, 0x40, 0x88, 0xbe, 0x94, 0x76, 0x9f, 0xd1, - 0x66, 0x50} -}; - -/*- - * The representation of field elements. - * ------------------------------------ - * - * We represent field elements with nine values. These values are either 64 or - * 128 bits and the field element represented is: - * v[0]*2^0 + v[1]*2^58 + v[2]*2^116 + ... + v[8]*2^464 (mod p) - * Each of the nine values is called a 'limb'. Since the limbs are spaced only - * 58 bits apart, but are greater than 58 bits in length, the most significant - * bits of each limb overlap with the least significant bits of the next. - * - * A field element with 64-bit limbs is an 'felem'. One with 128-bit limbs is a - * 'largefelem' */ - -#define NLIMBS 9 - -typedef uint64_t limb; -typedef limb limb_aX __attribute((__aligned__(1))); -typedef limb felem[NLIMBS]; -typedef uint128_t largefelem[NLIMBS]; - -static const limb bottom57bits = 0x1ffffffffffffff; -static const limb bottom58bits = 0x3ffffffffffffff; - -/* - * bin66_to_felem takes a little-endian byte array and converts it into felem - * form. This assumes that the CPU is little-endian. - */ -static void bin66_to_felem(felem out, const u8 in[66]) -{ - out[0] = (*((limb *) & in[0])) & bottom58bits; - out[1] = (*((limb_aX *) & in[7]) >> 2) & bottom58bits; - out[2] = (*((limb_aX *) & in[14]) >> 4) & bottom58bits; - out[3] = (*((limb_aX *) & in[21]) >> 6) & bottom58bits; - out[4] = (*((limb_aX *) & in[29])) & bottom58bits; - out[5] = (*((limb_aX *) & in[36]) >> 2) & bottom58bits; - out[6] = (*((limb_aX *) & in[43]) >> 4) & bottom58bits; - out[7] = (*((limb_aX *) & in[50]) >> 6) & bottom58bits; - out[8] = (*((limb_aX *) & in[58])) & bottom57bits; -} - -/* - * felem_to_bin66 takes an felem and serializes into a little endian, 66 byte - * array. This assumes that the CPU is little-endian. - */ -static void felem_to_bin66(u8 out[66], const felem in) -{ - memset(out, 0, 66); - (*((limb *) & out[0])) = in[0]; - (*((limb_aX *) & out[7])) |= in[1] << 2; - (*((limb_aX *) & out[14])) |= in[2] << 4; - (*((limb_aX *) & out[21])) |= in[3] << 6; - (*((limb_aX *) & out[29])) = in[4]; - (*((limb_aX *) & out[36])) |= in[5] << 2; - (*((limb_aX *) & out[43])) |= in[6] << 4; - (*((limb_aX *) & out[50])) |= in[7] << 6; - (*((limb_aX *) & out[58])) = in[8]; -} - -/* BN_to_felem converts an OpenSSL BIGNUM into an felem */ -static int BN_to_felem(felem out, const BIGNUM *bn) -{ - felem_bytearray b_out; - int num_bytes; - - if (BN_is_negative(bn)) { - ERR_raise(ERR_LIB_EC, EC_R_BIGNUM_OUT_OF_RANGE); - return 0; - } - num_bytes = BN_bn2lebinpad(bn, b_out, sizeof(b_out)); - if (num_bytes < 0) { - ERR_raise(ERR_LIB_EC, EC_R_BIGNUM_OUT_OF_RANGE); - return 0; - } - bin66_to_felem(out, b_out); - return 1; -} - -/* felem_to_BN converts an felem into an OpenSSL BIGNUM */ -static BIGNUM *felem_to_BN(BIGNUM *out, const felem in) -{ - felem_bytearray b_out; - felem_to_bin66(b_out, in); - return BN_lebin2bn(b_out, sizeof(b_out), out); -} - -/*- - * Field operations - * ---------------- - */ - -static void felem_one(felem out) -{ - out[0] = 1; - out[1] = 0; - out[2] = 0; - out[3] = 0; - out[4] = 0; - out[5] = 0; - out[6] = 0; - out[7] = 0; - out[8] = 0; -} - -static void felem_assign(felem out, const felem in) -{ - out[0] = in[0]; - out[1] = in[1]; - out[2] = in[2]; - out[3] = in[3]; - out[4] = in[4]; - out[5] = in[5]; - out[6] = in[6]; - out[7] = in[7]; - out[8] = in[8]; -} - -/* felem_sum64 sets out = out + in. */ -static void felem_sum64(felem out, const felem in) -{ - out[0] += in[0]; - out[1] += in[1]; - out[2] += in[2]; - out[3] += in[3]; - out[4] += in[4]; - out[5] += in[5]; - out[6] += in[6]; - out[7] += in[7]; - out[8] += in[8]; -} - -/* felem_scalar sets out = in * scalar */ -static void felem_scalar(felem out, const felem in, limb scalar) -{ - out[0] = in[0] * scalar; - out[1] = in[1] * scalar; - out[2] = in[2] * scalar; - out[3] = in[3] * scalar; - out[4] = in[4] * scalar; - out[5] = in[5] * scalar; - out[6] = in[6] * scalar; - out[7] = in[7] * scalar; - out[8] = in[8] * scalar; -} - -/* felem_scalar64 sets out = out * scalar */ -static void felem_scalar64(felem out, limb scalar) -{ - out[0] *= scalar; - out[1] *= scalar; - out[2] *= scalar; - out[3] *= scalar; - out[4] *= scalar; - out[5] *= scalar; - out[6] *= scalar; - out[7] *= scalar; - out[8] *= scalar; -} - -/* felem_scalar128 sets out = out * scalar */ -static void felem_scalar128(largefelem out, limb scalar) -{ - out[0] *= scalar; - out[1] *= scalar; - out[2] *= scalar; - out[3] *= scalar; - out[4] *= scalar; - out[5] *= scalar; - out[6] *= scalar; - out[7] *= scalar; - out[8] *= scalar; -} - -/*- - * felem_neg sets |out| to |-in| - * On entry: - * in[i] < 2^59 + 2^14 - * On exit: - * out[i] < 2^62 - */ -static void felem_neg(felem out, const felem in) -{ - /* In order to prevent underflow, we subtract from 0 mod p. */ - static const limb two62m3 = (((limb) 1) << 62) - (((limb) 1) << 5); - static const limb two62m2 = (((limb) 1) << 62) - (((limb) 1) << 4); - - out[0] = two62m3 - in[0]; - out[1] = two62m2 - in[1]; - out[2] = two62m2 - in[2]; - out[3] = two62m2 - in[3]; - out[4] = two62m2 - in[4]; - out[5] = two62m2 - in[5]; - out[6] = two62m2 - in[6]; - out[7] = two62m2 - in[7]; - out[8] = two62m2 - in[8]; -} - -/*- - * felem_diff64 subtracts |in| from |out| - * On entry: - * in[i] < 2^59 + 2^14 - * On exit: - * out[i] < out[i] + 2^62 - */ -static void felem_diff64(felem out, const felem in) -{ - /* - * In order to prevent underflow, we add 0 mod p before subtracting. - */ - static const limb two62m3 = (((limb) 1) << 62) - (((limb) 1) << 5); - static const limb two62m2 = (((limb) 1) << 62) - (((limb) 1) << 4); - - out[0] += two62m3 - in[0]; - out[1] += two62m2 - in[1]; - out[2] += two62m2 - in[2]; - out[3] += two62m2 - in[3]; - out[4] += two62m2 - in[4]; - out[5] += two62m2 - in[5]; - out[6] += two62m2 - in[6]; - out[7] += two62m2 - in[7]; - out[8] += two62m2 - in[8]; -} - -/*- - * felem_diff_128_64 subtracts |in| from |out| - * On entry: - * in[i] < 2^62 + 2^17 - * On exit: - * out[i] < out[i] + 2^63 - */ -static void felem_diff_128_64(largefelem out, const felem in) -{ - /* - * In order to prevent underflow, we add 64p mod p (which is equivalent - * to 0 mod p) before subtracting. p is 2^521 - 1, i.e. in binary a 521 - * digit number with all bits set to 1. See "The representation of field - * elements" comment above for a description of how limbs are used to - * represent a number. 64p is represented with 8 limbs containing a number - * with 58 bits set and one limb with a number with 57 bits set. - */ - static const limb two63m6 = (((limb) 1) << 63) - (((limb) 1) << 6); - static const limb two63m5 = (((limb) 1) << 63) - (((limb) 1) << 5); - - out[0] += two63m6 - in[0]; - out[1] += two63m5 - in[1]; - out[2] += two63m5 - in[2]; - out[3] += two63m5 - in[3]; - out[4] += two63m5 - in[4]; - out[5] += two63m5 - in[5]; - out[6] += two63m5 - in[6]; - out[7] += two63m5 - in[7]; - out[8] += two63m5 - in[8]; -} - -/*- - * felem_diff_128_64 subtracts |in| from |out| - * On entry: - * in[i] < 2^126 - * On exit: - * out[i] < out[i] + 2^127 - 2^69 - */ -static void felem_diff128(largefelem out, const largefelem in) -{ - /* - * In order to prevent underflow, we add 0 mod p before subtracting. - */ - static const uint128_t two127m70 = - (((uint128_t) 1) << 127) - (((uint128_t) 1) << 70); - static const uint128_t two127m69 = - (((uint128_t) 1) << 127) - (((uint128_t) 1) << 69); - - out[0] += (two127m70 - in[0]); - out[1] += (two127m69 - in[1]); - out[2] += (two127m69 - in[2]); - out[3] += (two127m69 - in[3]); - out[4] += (two127m69 - in[4]); - out[5] += (two127m69 - in[5]); - out[6] += (two127m69 - in[6]); - out[7] += (two127m69 - in[7]); - out[8] += (two127m69 - in[8]); -} - -/*- - * felem_square sets |out| = |in|^2 - * On entry: - * in[i] < 2^62 - * On exit: - * out[i] < 17 * max(in[i]) * max(in[i]) - */ -static void felem_square_ref(largefelem out, const felem in) -{ - felem inx2, inx4; - felem_scalar(inx2, in, 2); - felem_scalar(inx4, in, 4); - - /*- - * We have many cases were we want to do - * in[x] * in[y] + - * in[y] * in[x] - * This is obviously just - * 2 * in[x] * in[y] - * However, rather than do the doubling on the 128 bit result, we - * double one of the inputs to the multiplication by reading from - * |inx2| - */ - - out[0] = ((uint128_t) in[0]) * in[0]; - out[1] = ((uint128_t) in[0]) * inx2[1]; - out[2] = ((uint128_t) in[0]) * inx2[2] + ((uint128_t) in[1]) * in[1]; - out[3] = ((uint128_t) in[0]) * inx2[3] + ((uint128_t) in[1]) * inx2[2]; - out[4] = ((uint128_t) in[0]) * inx2[4] + - ((uint128_t) in[1]) * inx2[3] + ((uint128_t) in[2]) * in[2]; - out[5] = ((uint128_t) in[0]) * inx2[5] + - ((uint128_t) in[1]) * inx2[4] + ((uint128_t) in[2]) * inx2[3]; - out[6] = ((uint128_t) in[0]) * inx2[6] + - ((uint128_t) in[1]) * inx2[5] + - ((uint128_t) in[2]) * inx2[4] + ((uint128_t) in[3]) * in[3]; - out[7] = ((uint128_t) in[0]) * inx2[7] + - ((uint128_t) in[1]) * inx2[6] + - ((uint128_t) in[2]) * inx2[5] + ((uint128_t) in[3]) * inx2[4]; - out[8] = ((uint128_t) in[0]) * inx2[8] + - ((uint128_t) in[1]) * inx2[7] + - ((uint128_t) in[2]) * inx2[6] + - ((uint128_t) in[3]) * inx2[5] + ((uint128_t) in[4]) * in[4]; - - /* - * The remaining limbs fall above 2^521, with the first falling at 2^522. - * They correspond to locations one bit up from the limbs produced above - * so we would have to multiply by two to align them. Again, rather than - * operate on the 128-bit result, we double one of the inputs to the - * multiplication. If we want to double for both this reason, and the - * reason above, then we end up multiplying by four. - */ - - /* 9 */ - out[0] += ((uint128_t) in[1]) * inx4[8] + - ((uint128_t) in[2]) * inx4[7] + - ((uint128_t) in[3]) * inx4[6] + ((uint128_t) in[4]) * inx4[5]; - - /* 10 */ - out[1] += ((uint128_t) in[2]) * inx4[8] + - ((uint128_t) in[3]) * inx4[7] + - ((uint128_t) in[4]) * inx4[6] + ((uint128_t) in[5]) * inx2[5]; - - /* 11 */ - out[2] += ((uint128_t) in[3]) * inx4[8] + - ((uint128_t) in[4]) * inx4[7] + ((uint128_t) in[5]) * inx4[6]; - - /* 12 */ - out[3] += ((uint128_t) in[4]) * inx4[8] + - ((uint128_t) in[5]) * inx4[7] + ((uint128_t) in[6]) * inx2[6]; - - /* 13 */ - out[4] += ((uint128_t) in[5]) * inx4[8] + ((uint128_t) in[6]) * inx4[7]; - - /* 14 */ - out[5] += ((uint128_t) in[6]) * inx4[8] + ((uint128_t) in[7]) * inx2[7]; - - /* 15 */ - out[6] += ((uint128_t) in[7]) * inx4[8]; - - /* 16 */ - out[7] += ((uint128_t) in[8]) * inx2[8]; -} - -/*- - * felem_mul sets |out| = |in1| * |in2| - * On entry: - * in1[i] < 2^64 - * in2[i] < 2^63 - * On exit: - * out[i] < 17 * max(in1[i]) * max(in2[i]) - */ -static void felem_mul_ref(largefelem out, const felem in1, const felem in2) -{ - felem in2x2; - felem_scalar(in2x2, in2, 2); - - out[0] = ((uint128_t) in1[0]) * in2[0]; - - out[1] = ((uint128_t) in1[0]) * in2[1] + - ((uint128_t) in1[1]) * in2[0]; - - out[2] = ((uint128_t) in1[0]) * in2[2] + - ((uint128_t) in1[1]) * in2[1] + - ((uint128_t) in1[2]) * in2[0]; - - out[3] = ((uint128_t) in1[0]) * in2[3] + - ((uint128_t) in1[1]) * in2[2] + - ((uint128_t) in1[2]) * in2[1] + - ((uint128_t) in1[3]) * in2[0]; - - out[4] = ((uint128_t) in1[0]) * in2[4] + - ((uint128_t) in1[1]) * in2[3] + - ((uint128_t) in1[2]) * in2[2] + - ((uint128_t) in1[3]) * in2[1] + - ((uint128_t) in1[4]) * in2[0]; - - out[5] = ((uint128_t) in1[0]) * in2[5] + - ((uint128_t) in1[1]) * in2[4] + - ((uint128_t) in1[2]) * in2[3] + - ((uint128_t) in1[3]) * in2[2] + - ((uint128_t) in1[4]) * in2[1] + - ((uint128_t) in1[5]) * in2[0]; - - out[6] = ((uint128_t) in1[0]) * in2[6] + - ((uint128_t) in1[1]) * in2[5] + - ((uint128_t) in1[2]) * in2[4] + - ((uint128_t) in1[3]) * in2[3] + - ((uint128_t) in1[4]) * in2[2] + - ((uint128_t) in1[5]) * in2[1] + - ((uint128_t) in1[6]) * in2[0]; - - out[7] = ((uint128_t) in1[0]) * in2[7] + - ((uint128_t) in1[1]) * in2[6] + - ((uint128_t) in1[2]) * in2[5] + - ((uint128_t) in1[3]) * in2[4] + - ((uint128_t) in1[4]) * in2[3] + - ((uint128_t) in1[5]) * in2[2] + - ((uint128_t) in1[6]) * in2[1] + - ((uint128_t) in1[7]) * in2[0]; - - out[8] = ((uint128_t) in1[0]) * in2[8] + - ((uint128_t) in1[1]) * in2[7] + - ((uint128_t) in1[2]) * in2[6] + - ((uint128_t) in1[3]) * in2[5] + - ((uint128_t) in1[4]) * in2[4] + - ((uint128_t) in1[5]) * in2[3] + - ((uint128_t) in1[6]) * in2[2] + - ((uint128_t) in1[7]) * in2[1] + - ((uint128_t) in1[8]) * in2[0]; - - /* See comment in felem_square about the use of in2x2 here */ - - out[0] += ((uint128_t) in1[1]) * in2x2[8] + - ((uint128_t) in1[2]) * in2x2[7] + - ((uint128_t) in1[3]) * in2x2[6] + - ((uint128_t) in1[4]) * in2x2[5] + - ((uint128_t) in1[5]) * in2x2[4] + - ((uint128_t) in1[6]) * in2x2[3] + - ((uint128_t) in1[7]) * in2x2[2] + - ((uint128_t) in1[8]) * in2x2[1]; - - out[1] += ((uint128_t) in1[2]) * in2x2[8] + - ((uint128_t) in1[3]) * in2x2[7] + - ((uint128_t) in1[4]) * in2x2[6] + - ((uint128_t) in1[5]) * in2x2[5] + - ((uint128_t) in1[6]) * in2x2[4] + - ((uint128_t) in1[7]) * in2x2[3] + - ((uint128_t) in1[8]) * in2x2[2]; - - out[2] += ((uint128_t) in1[3]) * in2x2[8] + - ((uint128_t) in1[4]) * in2x2[7] + - ((uint128_t) in1[5]) * in2x2[6] + - ((uint128_t) in1[6]) * in2x2[5] + - ((uint128_t) in1[7]) * in2x2[4] + - ((uint128_t) in1[8]) * in2x2[3]; - - out[3] += ((uint128_t) in1[4]) * in2x2[8] + - ((uint128_t) in1[5]) * in2x2[7] + - ((uint128_t) in1[6]) * in2x2[6] + - ((uint128_t) in1[7]) * in2x2[5] + - ((uint128_t) in1[8]) * in2x2[4]; - - out[4] += ((uint128_t) in1[5]) * in2x2[8] + - ((uint128_t) in1[6]) * in2x2[7] + - ((uint128_t) in1[7]) * in2x2[6] + - ((uint128_t) in1[8]) * in2x2[5]; - - out[5] += ((uint128_t) in1[6]) * in2x2[8] + - ((uint128_t) in1[7]) * in2x2[7] + - ((uint128_t) in1[8]) * in2x2[6]; - - out[6] += ((uint128_t) in1[7]) * in2x2[8] + - ((uint128_t) in1[8]) * in2x2[7]; - - out[7] += ((uint128_t) in1[8]) * in2x2[8]; -} - -static const limb bottom52bits = 0xfffffffffffff; - -/*- - * felem_reduce converts a largefelem to an felem. - * On entry: - * in[i] < 2^128 - * On exit: - * out[i] < 2^59 + 2^14 - */ -static void felem_reduce(felem out, const largefelem in) -{ - u64 overflow1, overflow2; - - out[0] = ((limb) in[0]) & bottom58bits; - out[1] = ((limb) in[1]) & bottom58bits; - out[2] = ((limb) in[2]) & bottom58bits; - out[3] = ((limb) in[3]) & bottom58bits; - out[4] = ((limb) in[4]) & bottom58bits; - out[5] = ((limb) in[5]) & bottom58bits; - out[6] = ((limb) in[6]) & bottom58bits; - out[7] = ((limb) in[7]) & bottom58bits; - out[8] = ((limb) in[8]) & bottom58bits; - - /* out[i] < 2^58 */ - - out[1] += ((limb) in[0]) >> 58; - out[1] += (((limb) (in[0] >> 64)) & bottom52bits) << 6; - /*- - * out[1] < 2^58 + 2^6 + 2^58 - * = 2^59 + 2^6 - */ - out[2] += ((limb) (in[0] >> 64)) >> 52; - - out[2] += ((limb) in[1]) >> 58; - out[2] += (((limb) (in[1] >> 64)) & bottom52bits) << 6; - out[3] += ((limb) (in[1] >> 64)) >> 52; - - out[3] += ((limb) in[2]) >> 58; - out[3] += (((limb) (in[2] >> 64)) & bottom52bits) << 6; - out[4] += ((limb) (in[2] >> 64)) >> 52; - - out[4] += ((limb) in[3]) >> 58; - out[4] += (((limb) (in[3] >> 64)) & bottom52bits) << 6; - out[5] += ((limb) (in[3] >> 64)) >> 52; - - out[5] += ((limb) in[4]) >> 58; - out[5] += (((limb) (in[4] >> 64)) & bottom52bits) << 6; - out[6] += ((limb) (in[4] >> 64)) >> 52; - - out[6] += ((limb) in[5]) >> 58; - out[6] += (((limb) (in[5] >> 64)) & bottom52bits) << 6; - out[7] += ((limb) (in[5] >> 64)) >> 52; - - out[7] += ((limb) in[6]) >> 58; - out[7] += (((limb) (in[6] >> 64)) & bottom52bits) << 6; - out[8] += ((limb) (in[6] >> 64)) >> 52; - - out[8] += ((limb) in[7]) >> 58; - out[8] += (((limb) (in[7] >> 64)) & bottom52bits) << 6; - /*- - * out[x > 1] < 2^58 + 2^6 + 2^58 + 2^12 - * < 2^59 + 2^13 - */ - overflow1 = ((limb) (in[7] >> 64)) >> 52; - - overflow1 += ((limb) in[8]) >> 58; - overflow1 += (((limb) (in[8] >> 64)) & bottom52bits) << 6; - overflow2 = ((limb) (in[8] >> 64)) >> 52; - - overflow1 <<= 1; /* overflow1 < 2^13 + 2^7 + 2^59 */ - overflow2 <<= 1; /* overflow2 < 2^13 */ - - out[0] += overflow1; /* out[0] < 2^60 */ - out[1] += overflow2; /* out[1] < 2^59 + 2^6 + 2^13 */ - - out[1] += out[0] >> 58; - out[0] &= bottom58bits; - /*- - * out[0] < 2^58 - * out[1] < 2^59 + 2^6 + 2^13 + 2^2 - * < 2^59 + 2^14 - */ -} - -#if defined(ECP_NISTP521_ASM) -void felem_square_wrapper(largefelem out, const felem in); -void felem_mul_wrapper(largefelem out, const felem in1, const felem in2); - -static void (*felem_square_p)(largefelem out, const felem in) = - felem_square_wrapper; -static void (*felem_mul_p)(largefelem out, const felem in1, const felem in2) = - felem_mul_wrapper; - -void p521_felem_square(largefelem out, const felem in); -void p521_felem_mul(largefelem out, const felem in1, const felem in2); - -# if defined(_ARCH_PPC64) -# include "crypto/ppc_arch.h" -# endif - -void felem_select(void) -{ -# if defined(_ARCH_PPC64) - if ((OPENSSL_ppccap_P & PPC_MADD300) && (OPENSSL_ppccap_P & PPC_ALTIVEC)) { - felem_square_p = p521_felem_square; - felem_mul_p = p521_felem_mul; - - return; - } -# endif - - /* Default */ - felem_square_p = felem_square_ref; - felem_mul_p = felem_mul_ref; -} - -void felem_square_wrapper(largefelem out, const felem in) -{ - felem_select(); - felem_square_p(out, in); -} - -void felem_mul_wrapper(largefelem out, const felem in1, const felem in2) -{ - felem_select(); - felem_mul_p(out, in1, in2); -} - -# define felem_square felem_square_p -# define felem_mul felem_mul_p -#else -# define felem_square felem_square_ref -# define felem_mul felem_mul_ref -#endif - -static void felem_square_reduce(felem out, const felem in) -{ - largefelem tmp; - felem_square(tmp, in); - felem_reduce(out, tmp); -} - -static void felem_mul_reduce(felem out, const felem in1, const felem in2) -{ - largefelem tmp; - felem_mul(tmp, in1, in2); - felem_reduce(out, tmp); -} - -/*- - * felem_inv calculates |out| = |in|^{-1} - * - * Based on Fermat's Little Theorem: - * a^p = a (mod p) - * a^{p-1} = 1 (mod p) - * a^{p-2} = a^{-1} (mod p) - */ -static void felem_inv(felem out, const felem in) -{ - felem ftmp, ftmp2, ftmp3, ftmp4; - largefelem tmp; - unsigned i; - - felem_square(tmp, in); - felem_reduce(ftmp, tmp); /* 2^1 */ - felem_mul(tmp, in, ftmp); - felem_reduce(ftmp, tmp); /* 2^2 - 2^0 */ - felem_assign(ftmp2, ftmp); - felem_square(tmp, ftmp); - felem_reduce(ftmp, tmp); /* 2^3 - 2^1 */ - felem_mul(tmp, in, ftmp); - felem_reduce(ftmp, tmp); /* 2^3 - 2^0 */ - felem_square(tmp, ftmp); - felem_reduce(ftmp, tmp); /* 2^4 - 2^1 */ - - felem_square(tmp, ftmp2); - felem_reduce(ftmp3, tmp); /* 2^3 - 2^1 */ - felem_square(tmp, ftmp3); - felem_reduce(ftmp3, tmp); /* 2^4 - 2^2 */ - felem_mul(tmp, ftmp3, ftmp2); - felem_reduce(ftmp3, tmp); /* 2^4 - 2^0 */ - - felem_assign(ftmp2, ftmp3); - felem_square(tmp, ftmp3); - felem_reduce(ftmp3, tmp); /* 2^5 - 2^1 */ - felem_square(tmp, ftmp3); - felem_reduce(ftmp3, tmp); /* 2^6 - 2^2 */ - felem_square(tmp, ftmp3); - felem_reduce(ftmp3, tmp); /* 2^7 - 2^3 */ - felem_square(tmp, ftmp3); - felem_reduce(ftmp3, tmp); /* 2^8 - 2^4 */ - felem_assign(ftmp4, ftmp3); - felem_mul(tmp, ftmp3, ftmp); - felem_reduce(ftmp4, tmp); /* 2^8 - 2^1 */ - felem_square(tmp, ftmp4); - felem_reduce(ftmp4, tmp); /* 2^9 - 2^2 */ - felem_mul(tmp, ftmp3, ftmp2); - felem_reduce(ftmp3, tmp); /* 2^8 - 2^0 */ - felem_assign(ftmp2, ftmp3); - - for (i = 0; i < 8; i++) { - felem_square(tmp, ftmp3); - felem_reduce(ftmp3, tmp); /* 2^16 - 2^8 */ - } - felem_mul(tmp, ftmp3, ftmp2); - felem_reduce(ftmp3, tmp); /* 2^16 - 2^0 */ - felem_assign(ftmp2, ftmp3); - - for (i = 0; i < 16; i++) { - felem_square(tmp, ftmp3); - felem_reduce(ftmp3, tmp); /* 2^32 - 2^16 */ - } - felem_mul(tmp, ftmp3, ftmp2); - felem_reduce(ftmp3, tmp); /* 2^32 - 2^0 */ - felem_assign(ftmp2, ftmp3); - - for (i = 0; i < 32; i++) { - felem_square(tmp, ftmp3); - felem_reduce(ftmp3, tmp); /* 2^64 - 2^32 */ - } - felem_mul(tmp, ftmp3, ftmp2); - felem_reduce(ftmp3, tmp); /* 2^64 - 2^0 */ - felem_assign(ftmp2, ftmp3); - - for (i = 0; i < 64; i++) { - felem_square(tmp, ftmp3); - felem_reduce(ftmp3, tmp); /* 2^128 - 2^64 */ - } - felem_mul(tmp, ftmp3, ftmp2); - felem_reduce(ftmp3, tmp); /* 2^128 - 2^0 */ - felem_assign(ftmp2, ftmp3); - - for (i = 0; i < 128; i++) { - felem_square(tmp, ftmp3); - felem_reduce(ftmp3, tmp); /* 2^256 - 2^128 */ - } - felem_mul(tmp, ftmp3, ftmp2); - felem_reduce(ftmp3, tmp); /* 2^256 - 2^0 */ - felem_assign(ftmp2, ftmp3); - - for (i = 0; i < 256; i++) { - felem_square(tmp, ftmp3); - felem_reduce(ftmp3, tmp); /* 2^512 - 2^256 */ - } - felem_mul(tmp, ftmp3, ftmp2); - felem_reduce(ftmp3, tmp); /* 2^512 - 2^0 */ - - for (i = 0; i < 9; i++) { - felem_square(tmp, ftmp3); - felem_reduce(ftmp3, tmp); /* 2^521 - 2^9 */ - } - felem_mul(tmp, ftmp3, ftmp4); - felem_reduce(ftmp3, tmp); /* 2^512 - 2^2 */ - felem_mul(tmp, ftmp3, in); - felem_reduce(out, tmp); /* 2^512 - 3 */ -} - -/* This is 2^521-1, expressed as an felem */ -static const felem kPrime = { - 0x03ffffffffffffff, 0x03ffffffffffffff, 0x03ffffffffffffff, - 0x03ffffffffffffff, 0x03ffffffffffffff, 0x03ffffffffffffff, - 0x03ffffffffffffff, 0x03ffffffffffffff, 0x01ffffffffffffff -}; - -/*- - * felem_is_zero returns a limb with all bits set if |in| == 0 (mod p) and 0 - * otherwise. - * On entry: - * in[i] < 2^59 + 2^14 - */ -static limb felem_is_zero(const felem in) -{ - felem ftmp; - limb is_zero, is_p; - felem_assign(ftmp, in); - - ftmp[0] += ftmp[8] >> 57; - ftmp[8] &= bottom57bits; - /* ftmp[8] < 2^57 */ - ftmp[1] += ftmp[0] >> 58; - ftmp[0] &= bottom58bits; - ftmp[2] += ftmp[1] >> 58; - ftmp[1] &= bottom58bits; - ftmp[3] += ftmp[2] >> 58; - ftmp[2] &= bottom58bits; - ftmp[4] += ftmp[3] >> 58; - ftmp[3] &= bottom58bits; - ftmp[5] += ftmp[4] >> 58; - ftmp[4] &= bottom58bits; - ftmp[6] += ftmp[5] >> 58; - ftmp[5] &= bottom58bits; - ftmp[7] += ftmp[6] >> 58; - ftmp[6] &= bottom58bits; - ftmp[8] += ftmp[7] >> 58; - ftmp[7] &= bottom58bits; - /* ftmp[8] < 2^57 + 4 */ - - /* - * The ninth limb of 2*(2^521-1) is 0x03ffffffffffffff, which is greater - * than our bound for ftmp[8]. Therefore we only have to check if the - * zero is zero or 2^521-1. - */ - - is_zero = 0; - is_zero |= ftmp[0]; - is_zero |= ftmp[1]; - is_zero |= ftmp[2]; - is_zero |= ftmp[3]; - is_zero |= ftmp[4]; - is_zero |= ftmp[5]; - is_zero |= ftmp[6]; - is_zero |= ftmp[7]; - is_zero |= ftmp[8]; - - is_zero--; - /* - * We know that ftmp[i] < 2^63, therefore the only way that the top bit - * can be set is if is_zero was 0 before the decrement. - */ - is_zero = 0 - (is_zero >> 63); - - is_p = ftmp[0] ^ kPrime[0]; - is_p |= ftmp[1] ^ kPrime[1]; - is_p |= ftmp[2] ^ kPrime[2]; - is_p |= ftmp[3] ^ kPrime[3]; - is_p |= ftmp[4] ^ kPrime[4]; - is_p |= ftmp[5] ^ kPrime[5]; - is_p |= ftmp[6] ^ kPrime[6]; - is_p |= ftmp[7] ^ kPrime[7]; - is_p |= ftmp[8] ^ kPrime[8]; - - is_p--; - is_p = 0 - (is_p >> 63); - - is_zero |= is_p; - return is_zero; -} - -static int felem_is_zero_int(const void *in) -{ - return (int)(felem_is_zero(in) & ((limb) 1)); -} - -/*- - * felem_contract converts |in| to its unique, minimal representation. - * On entry: - * in[i] < 2^59 + 2^14 - */ -static void felem_contract(felem out, const felem in) -{ - limb is_p, is_greater, sign; - static const limb two58 = ((limb) 1) << 58; - - felem_assign(out, in); - - out[0] += out[8] >> 57; - out[8] &= bottom57bits; - /* out[8] < 2^57 */ - out[1] += out[0] >> 58; - out[0] &= bottom58bits; - out[2] += out[1] >> 58; - out[1] &= bottom58bits; - out[3] += out[2] >> 58; - out[2] &= bottom58bits; - out[4] += out[3] >> 58; - out[3] &= bottom58bits; - out[5] += out[4] >> 58; - out[4] &= bottom58bits; - out[6] += out[5] >> 58; - out[5] &= bottom58bits; - out[7] += out[6] >> 58; - out[6] &= bottom58bits; - out[8] += out[7] >> 58; - out[7] &= bottom58bits; - /* out[8] < 2^57 + 4 */ - - /* - * If the value is greater than 2^521-1 then we have to subtract 2^521-1 - * out. See the comments in felem_is_zero regarding why we don't test for - * other multiples of the prime. - */ - - /* - * First, if |out| is equal to 2^521-1, we subtract it out to get zero. - */ - - is_p = out[0] ^ kPrime[0]; - is_p |= out[1] ^ kPrime[1]; - is_p |= out[2] ^ kPrime[2]; - is_p |= out[3] ^ kPrime[3]; - is_p |= out[4] ^ kPrime[4]; - is_p |= out[5] ^ kPrime[5]; - is_p |= out[6] ^ kPrime[6]; - is_p |= out[7] ^ kPrime[7]; - is_p |= out[8] ^ kPrime[8]; - - is_p--; - is_p &= is_p << 32; - is_p &= is_p << 16; - is_p &= is_p << 8; - is_p &= is_p << 4; - is_p &= is_p << 2; - is_p &= is_p << 1; - is_p = 0 - (is_p >> 63); - is_p = ~is_p; - - /* is_p is 0 iff |out| == 2^521-1 and all ones otherwise */ - - out[0] &= is_p; - out[1] &= is_p; - out[2] &= is_p; - out[3] &= is_p; - out[4] &= is_p; - out[5] &= is_p; - out[6] &= is_p; - out[7] &= is_p; - out[8] &= is_p; - - /* - * In order to test that |out| >= 2^521-1 we need only test if out[8] >> - * 57 is greater than zero as (2^521-1) + x >= 2^522 - */ - is_greater = out[8] >> 57; - is_greater |= is_greater << 32; - is_greater |= is_greater << 16; - is_greater |= is_greater << 8; - is_greater |= is_greater << 4; - is_greater |= is_greater << 2; - is_greater |= is_greater << 1; - is_greater = 0 - (is_greater >> 63); - - out[0] -= kPrime[0] & is_greater; - out[1] -= kPrime[1] & is_greater; - out[2] -= kPrime[2] & is_greater; - out[3] -= kPrime[3] & is_greater; - out[4] -= kPrime[4] & is_greater; - out[5] -= kPrime[5] & is_greater; - out[6] -= kPrime[6] & is_greater; - out[7] -= kPrime[7] & is_greater; - out[8] -= kPrime[8] & is_greater; - - /* Eliminate negative coefficients */ - sign = -(out[0] >> 63); - out[0] += (two58 & sign); - out[1] -= (1 & sign); - sign = -(out[1] >> 63); - out[1] += (two58 & sign); - out[2] -= (1 & sign); - sign = -(out[2] >> 63); - out[2] += (two58 & sign); - out[3] -= (1 & sign); - sign = -(out[3] >> 63); - out[3] += (two58 & sign); - out[4] -= (1 & sign); - sign = -(out[4] >> 63); - out[4] += (two58 & sign); - out[5] -= (1 & sign); - sign = -(out[0] >> 63); - out[5] += (two58 & sign); - out[6] -= (1 & sign); - sign = -(out[6] >> 63); - out[6] += (two58 & sign); - out[7] -= (1 & sign); - sign = -(out[7] >> 63); - out[7] += (two58 & sign); - out[8] -= (1 & sign); - sign = -(out[5] >> 63); - out[5] += (two58 & sign); - out[6] -= (1 & sign); - sign = -(out[6] >> 63); - out[6] += (two58 & sign); - out[7] -= (1 & sign); - sign = -(out[7] >> 63); - out[7] += (two58 & sign); - out[8] -= (1 & sign); -} - -/*- - * Group operations - * ---------------- - * - * Building on top of the field operations we have the operations on the - * elliptic curve group itself. Points on the curve are represented in Jacobian - * coordinates */ - -/*- - * point_double calculates 2*(x_in, y_in, z_in) - * - * The method is taken from: - * http://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#doubling-dbl-2001-b - * - * Outputs can equal corresponding inputs, i.e., x_out == x_in is allowed. - * while x_out == y_in is not (maybe this works, but it's not tested). */ -static void -point_double(felem x_out, felem y_out, felem z_out, - const felem x_in, const felem y_in, const felem z_in) -{ - largefelem tmp, tmp2; - felem delta, gamma, beta, alpha, ftmp, ftmp2; - - felem_assign(ftmp, x_in); - felem_assign(ftmp2, x_in); - - /* delta = z^2 */ - felem_square(tmp, z_in); - felem_reduce(delta, tmp); /* delta[i] < 2^59 + 2^14 */ - - /* gamma = y^2 */ - felem_square(tmp, y_in); - felem_reduce(gamma, tmp); /* gamma[i] < 2^59 + 2^14 */ - - /* beta = x*gamma */ - felem_mul(tmp, x_in, gamma); - felem_reduce(beta, tmp); /* beta[i] < 2^59 + 2^14 */ - - /* alpha = 3*(x-delta)*(x+delta) */ - felem_diff64(ftmp, delta); - /* ftmp[i] < 2^61 */ - felem_sum64(ftmp2, delta); - /* ftmp2[i] < 2^60 + 2^15 */ - felem_scalar64(ftmp2, 3); - /* ftmp2[i] < 3*2^60 + 3*2^15 */ - felem_mul(tmp, ftmp, ftmp2); - /*- - * tmp[i] < 17(3*2^121 + 3*2^76) - * = 61*2^121 + 61*2^76 - * < 64*2^121 + 64*2^76 - * = 2^127 + 2^82 - * < 2^128 - */ - felem_reduce(alpha, tmp); - - /* x' = alpha^2 - 8*beta */ - felem_square(tmp, alpha); - /* - * tmp[i] < 17*2^120 < 2^125 - */ - felem_assign(ftmp, beta); - felem_scalar64(ftmp, 8); - /* ftmp[i] < 2^62 + 2^17 */ - felem_diff_128_64(tmp, ftmp); - /* tmp[i] < 2^125 + 2^63 + 2^62 + 2^17 */ - felem_reduce(x_out, tmp); - - /* z' = (y + z)^2 - gamma - delta */ - felem_sum64(delta, gamma); - /* delta[i] < 2^60 + 2^15 */ - felem_assign(ftmp, y_in); - felem_sum64(ftmp, z_in); - /* ftmp[i] < 2^60 + 2^15 */ - felem_square(tmp, ftmp); - /* - * tmp[i] < 17(2^122) < 2^127 - */ - felem_diff_128_64(tmp, delta); - /* tmp[i] < 2^127 + 2^63 */ - felem_reduce(z_out, tmp); - - /* y' = alpha*(4*beta - x') - 8*gamma^2 */ - felem_scalar64(beta, 4); - /* beta[i] < 2^61 + 2^16 */ - felem_diff64(beta, x_out); - /* beta[i] < 2^61 + 2^60 + 2^16 */ - felem_mul(tmp, alpha, beta); - /*- - * tmp[i] < 17*((2^59 + 2^14)(2^61 + 2^60 + 2^16)) - * = 17*(2^120 + 2^75 + 2^119 + 2^74 + 2^75 + 2^30) - * = 17*(2^120 + 2^119 + 2^76 + 2^74 + 2^30) - * < 2^128 - */ - felem_square(tmp2, gamma); - /*- - * tmp2[i] < 17*(2^59 + 2^14)^2 - * = 17*(2^118 + 2^74 + 2^28) - */ - felem_scalar128(tmp2, 8); - /*- - * tmp2[i] < 8*17*(2^118 + 2^74 + 2^28) - * = 2^125 + 2^121 + 2^81 + 2^77 + 2^35 + 2^31 - * < 2^126 - */ - felem_diff128(tmp, tmp2); - /*- - * tmp[i] < 2^127 - 2^69 + 17(2^120 + 2^119 + 2^76 + 2^74 + 2^30) - * = 2^127 + 2^124 + 2^122 + 2^120 + 2^118 + 2^80 + 2^78 + 2^76 + - * 2^74 + 2^69 + 2^34 + 2^30 - * < 2^128 - */ - felem_reduce(y_out, tmp); -} - -/* copy_conditional copies in to out iff mask is all ones. */ -static void copy_conditional(felem out, const felem in, limb mask) -{ - unsigned i; - for (i = 0; i < NLIMBS; ++i) { - const limb tmp = mask & (in[i] ^ out[i]); - out[i] ^= tmp; - } -} - -/*- - * point_add calculates (x1, y1, z1) + (x2, y2, z2) - * - * The method is taken from - * http://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#addition-add-2007-bl, - * adapted for mixed addition (z2 = 1, or z2 = 0 for the point at infinity). - * - * This function includes a branch for checking whether the two input points - * are equal (while not equal to the point at infinity). See comment below - * on constant-time. - */ -static void point_add(felem x3, felem y3, felem z3, - const felem x1, const felem y1, const felem z1, - const int mixed, const felem x2, const felem y2, - const felem z2) -{ - felem ftmp, ftmp2, ftmp3, ftmp4, ftmp5, ftmp6, x_out, y_out, z_out; - largefelem tmp, tmp2; - limb x_equal, y_equal, z1_is_zero, z2_is_zero; - limb points_equal; - - z1_is_zero = felem_is_zero(z1); - z2_is_zero = felem_is_zero(z2); - - /* ftmp = z1z1 = z1**2 */ - felem_square(tmp, z1); - felem_reduce(ftmp, tmp); - - if (!mixed) { - /* ftmp2 = z2z2 = z2**2 */ - felem_square(tmp, z2); - felem_reduce(ftmp2, tmp); - - /* u1 = ftmp3 = x1*z2z2 */ - felem_mul(tmp, x1, ftmp2); - felem_reduce(ftmp3, tmp); - - /* ftmp5 = z1 + z2 */ - felem_assign(ftmp5, z1); - felem_sum64(ftmp5, z2); - /* ftmp5[i] < 2^61 */ - - /* ftmp5 = (z1 + z2)**2 - z1z1 - z2z2 = 2*z1z2 */ - felem_square(tmp, ftmp5); - /* tmp[i] < 17*2^122 */ - felem_diff_128_64(tmp, ftmp); - /* tmp[i] < 17*2^122 + 2^63 */ - felem_diff_128_64(tmp, ftmp2); - /* tmp[i] < 17*2^122 + 2^64 */ - felem_reduce(ftmp5, tmp); - - /* ftmp2 = z2 * z2z2 */ - felem_mul(tmp, ftmp2, z2); - felem_reduce(ftmp2, tmp); - - /* s1 = ftmp6 = y1 * z2**3 */ - felem_mul(tmp, y1, ftmp2); - felem_reduce(ftmp6, tmp); - } else { - /* - * We'll assume z2 = 1 (special case z2 = 0 is handled later) - */ - - /* u1 = ftmp3 = x1*z2z2 */ - felem_assign(ftmp3, x1); - - /* ftmp5 = 2*z1z2 */ - felem_scalar(ftmp5, z1, 2); - - /* s1 = ftmp6 = y1 * z2**3 */ - felem_assign(ftmp6, y1); - } - - /* u2 = x2*z1z1 */ - felem_mul(tmp, x2, ftmp); - /* tmp[i] < 17*2^120 */ - - /* h = ftmp4 = u2 - u1 */ - felem_diff_128_64(tmp, ftmp3); - /* tmp[i] < 17*2^120 + 2^63 */ - felem_reduce(ftmp4, tmp); - - x_equal = felem_is_zero(ftmp4); - - /* z_out = ftmp5 * h */ - felem_mul(tmp, ftmp5, ftmp4); - felem_reduce(z_out, tmp); - - /* ftmp = z1 * z1z1 */ - felem_mul(tmp, ftmp, z1); - felem_reduce(ftmp, tmp); - - /* s2 = tmp = y2 * z1**3 */ - felem_mul(tmp, y2, ftmp); - /* tmp[i] < 17*2^120 */ - - /* r = ftmp5 = (s2 - s1)*2 */ - felem_diff_128_64(tmp, ftmp6); - /* tmp[i] < 17*2^120 + 2^63 */ - felem_reduce(ftmp5, tmp); - y_equal = felem_is_zero(ftmp5); - felem_scalar64(ftmp5, 2); - /* ftmp5[i] < 2^61 */ - - /* - * The formulae are incorrect if the points are equal, in affine coordinates - * (X_1, Y_1) == (X_2, Y_2), so we check for this and do doubling if this - * happens. - * - * We use bitwise operations to avoid potential side-channels introduced by - * the short-circuiting behaviour of boolean operators. - * - * The special case of either point being the point at infinity (z1 and/or - * z2 are zero), is handled separately later on in this function, so we - * avoid jumping to point_double here in those special cases. - * - * Notice the comment below on the implications of this branching for timing - * leaks and why it is considered practically irrelevant. - */ - points_equal = (x_equal & y_equal & (~z1_is_zero) & (~z2_is_zero)); - - if (points_equal) { - /* - * This is obviously not constant-time but it will almost-never happen - * for ECDH / ECDSA. The case where it can happen is during scalar-mult - * where the intermediate value gets very close to the group order. - * Since |ossl_ec_GFp_nistp_recode_scalar_bits| produces signed digits - * for the scalar, it's possible for the intermediate value to be a small - * negative multiple of the base point, and for the final signed digit - * to be the same value. We believe that this only occurs for the scalar - * 1fffffffffffffffffffffffffffffffffffffffffffffffffffffffffff - * ffffffa51868783bf2f966b7fcc0148f709a5d03bb5c9b8899c47aebb6fb - * 71e913863f7, in that case the penultimate intermediate is -9G and - * the final digit is also -9G. Since this only happens for a single - * scalar, the timing leak is irrelevant. (Any attacker who wanted to - * check whether a secret scalar was that exact value, can already do - * so.) - */ - point_double(x3, y3, z3, x1, y1, z1); - return; - } - - /* I = ftmp = (2h)**2 */ - felem_assign(ftmp, ftmp4); - felem_scalar64(ftmp, 2); - /* ftmp[i] < 2^61 */ - felem_square(tmp, ftmp); - /* tmp[i] < 17*2^122 */ - felem_reduce(ftmp, tmp); - - /* J = ftmp2 = h * I */ - felem_mul(tmp, ftmp4, ftmp); - felem_reduce(ftmp2, tmp); - - /* V = ftmp4 = U1 * I */ - felem_mul(tmp, ftmp3, ftmp); - felem_reduce(ftmp4, tmp); - - /* x_out = r**2 - J - 2V */ - felem_square(tmp, ftmp5); - /* tmp[i] < 17*2^122 */ - felem_diff_128_64(tmp, ftmp2); - /* tmp[i] < 17*2^122 + 2^63 */ - felem_assign(ftmp3, ftmp4); - felem_scalar64(ftmp4, 2); - /* ftmp4[i] < 2^61 */ - felem_diff_128_64(tmp, ftmp4); - /* tmp[i] < 17*2^122 + 2^64 */ - felem_reduce(x_out, tmp); - - /* y_out = r(V-x_out) - 2 * s1 * J */ - felem_diff64(ftmp3, x_out); - /* - * ftmp3[i] < 2^60 + 2^60 = 2^61 - */ - felem_mul(tmp, ftmp5, ftmp3); - /* tmp[i] < 17*2^122 */ - felem_mul(tmp2, ftmp6, ftmp2); - /* tmp2[i] < 17*2^120 */ - felem_scalar128(tmp2, 2); - /* tmp2[i] < 17*2^121 */ - felem_diff128(tmp, tmp2); - /*- - * tmp[i] < 2^127 - 2^69 + 17*2^122 - * = 2^126 - 2^122 - 2^6 - 2^2 - 1 - * < 2^127 - */ - felem_reduce(y_out, tmp); - - copy_conditional(x_out, x2, z1_is_zero); - copy_conditional(x_out, x1, z2_is_zero); - copy_conditional(y_out, y2, z1_is_zero); - copy_conditional(y_out, y1, z2_is_zero); - copy_conditional(z_out, z2, z1_is_zero); - copy_conditional(z_out, z1, z2_is_zero); - felem_assign(x3, x_out); - felem_assign(y3, y_out); - felem_assign(z3, z_out); -} - -/*- - * Base point pre computation - * -------------------------- - * - * Two different sorts of precomputed tables are used in the following code. - * Each contain various points on the curve, where each point is three field - * elements (x, y, z). - * - * For the base point table, z is usually 1 (0 for the point at infinity). - * This table has 16 elements: - * index | bits | point - * ------+---------+------------------------------ - * 0 | 0 0 0 0 | 0G - * 1 | 0 0 0 1 | 1G - * 2 | 0 0 1 0 | 2^130G - * 3 | 0 0 1 1 | (2^130 + 1)G - * 4 | 0 1 0 0 | 2^260G - * 5 | 0 1 0 1 | (2^260 + 1)G - * 6 | 0 1 1 0 | (2^260 + 2^130)G - * 7 | 0 1 1 1 | (2^260 + 2^130 + 1)G - * 8 | 1 0 0 0 | 2^390G - * 9 | 1 0 0 1 | (2^390 + 1)G - * 10 | 1 0 1 0 | (2^390 + 2^130)G - * 11 | 1 0 1 1 | (2^390 + 2^130 + 1)G - * 12 | 1 1 0 0 | (2^390 + 2^260)G - * 13 | 1 1 0 1 | (2^390 + 2^260 + 1)G - * 14 | 1 1 1 0 | (2^390 + 2^260 + 2^130)G - * 15 | 1 1 1 1 | (2^390 + 2^260 + 2^130 + 1)G - * - * The reason for this is so that we can clock bits into four different - * locations when doing simple scalar multiplies against the base point. - * - * Tables for other points have table[i] = iG for i in 0 .. 16. */ - -/* gmul is the table of precomputed base points */ -static const felem gmul[16][3] = { -{{0, 0, 0, 0, 0, 0, 0, 0, 0}, - {0, 0, 0, 0, 0, 0, 0, 0, 0}, - {0, 0, 0, 0, 0, 0, 0, 0, 0}}, -{{0x017e7e31c2e5bd66, 0x022cf0615a90a6fe, 0x00127a2ffa8de334, - 0x01dfbf9d64a3f877, 0x006b4d3dbaa14b5e, 0x014fed487e0a2bd8, - 0x015b4429c6481390, 0x03a73678fb2d988e, 0x00c6858e06b70404}, - {0x00be94769fd16650, 0x031c21a89cb09022, 0x039013fad0761353, - 0x02657bd099031542, 0x03273e662c97ee72, 0x01e6d11a05ebef45, - 0x03d1bd998f544495, 0x03001172297ed0b1, 0x011839296a789a3b}, - {1, 0, 0, 0, 0, 0, 0, 0, 0}}, -{{0x0373faacbc875bae, 0x00f325023721c671, 0x00f666fd3dbde5ad, - 0x01a6932363f88ea7, 0x01fc6d9e13f9c47b, 0x03bcbffc2bbf734e, - 0x013ee3c3647f3a92, 0x029409fefe75d07d, 0x00ef9199963d85e5}, - {0x011173743ad5b178, 0x02499c7c21bf7d46, 0x035beaeabb8b1a58, - 0x00f989c4752ea0a3, 0x0101e1de48a9c1a3, 0x01a20076be28ba6c, - 0x02f8052e5eb2de95, 0x01bfe8f82dea117c, 0x0160074d3c36ddb7}, - {1, 0, 0, 0, 0, 0, 0, 0, 0}}, -{{0x012f3fc373393b3b, 0x03d3d6172f1419fa, 0x02adc943c0b86873, - 0x00d475584177952b, 0x012a4d1673750ee2, 0x00512517a0f13b0c, - 0x02b184671a7b1734, 0x0315b84236f1a50a, 0x00a4afc472edbdb9}, - {0x00152a7077f385c4, 0x03044007d8d1c2ee, 0x0065829d61d52b52, - 0x00494ff6b6631d0d, 0x00a11d94d5f06bcf, 0x02d2f89474d9282e, - 0x0241c5727c06eeb9, 0x0386928710fbdb9d, 0x01f883f727b0dfbe}, - {1, 0, 0, 0, 0, 0, 0, 0, 0}}, -{{0x019b0c3c9185544d, 0x006243a37c9d97db, 0x02ee3cbe030a2ad2, - 0x00cfdd946bb51e0d, 0x0271c00932606b91, 0x03f817d1ec68c561, - 0x03f37009806a369c, 0x03c1f30baf184fd5, 0x01091022d6d2f065}, - {0x0292c583514c45ed, 0x0316fca51f9a286c, 0x00300af507c1489a, - 0x0295f69008298cf1, 0x02c0ed8274943d7b, 0x016509b9b47a431e, - 0x02bc9de9634868ce, 0x005b34929bffcb09, 0x000c1a0121681524}, - {1, 0, 0, 0, 0, 0, 0, 0, 0}}, -{{0x0286abc0292fb9f2, 0x02665eee9805b3f7, 0x01ed7455f17f26d6, - 0x0346355b83175d13, 0x006284944cd0a097, 0x0191895bcdec5e51, - 0x02e288370afda7d9, 0x03b22312bfefa67a, 0x01d104d3fc0613fe}, - {0x0092421a12f7e47f, 0x0077a83fa373c501, 0x03bd25c5f696bd0d, - 0x035c41e4d5459761, 0x01ca0d1742b24f53, 0x00aaab27863a509c, - 0x018b6de47df73917, 0x025c0b771705cd01, 0x01fd51d566d760a7}, - {1, 0, 0, 0, 0, 0, 0, 0, 0}}, -{{0x01dd92ff6b0d1dbd, 0x039c5e2e8f8afa69, 0x0261ed13242c3b27, - 0x0382c6e67026e6a0, 0x01d60b10be2089f9, 0x03c15f3dce86723f, - 0x03c764a32d2a062d, 0x017307eac0fad056, 0x018207c0b96c5256}, - {0x0196a16d60e13154, 0x03e6ce74c0267030, 0x00ddbf2b4e52a5aa, - 0x012738241bbf31c8, 0x00ebe8dc04685a28, 0x024c2ad6d380d4a2, - 0x035ee062a6e62d0e, 0x0029ed74af7d3a0f, 0x00eef32aec142ebd}, - {1, 0, 0, 0, 0, 0, 0, 0, 0}}, -{{0x00c31ec398993b39, 0x03a9f45bcda68253, 0x00ac733c24c70890, - 0x00872b111401ff01, 0x01d178c23195eafb, 0x03bca2c816b87f74, - 0x0261a9af46fbad7a, 0x0324b2a8dd3d28f9, 0x00918121d8f24e23}, - {0x032bc8c1ca983cd7, 0x00d869dfb08fc8c6, 0x01693cb61fce1516, - 0x012a5ea68f4e88a8, 0x010869cab88d7ae3, 0x009081ad277ceee1, - 0x033a77166d064cdc, 0x03955235a1fb3a95, 0x01251a4a9b25b65e}, - {1, 0, 0, 0, 0, 0, 0, 0, 0}}, -{{0x00148a3a1b27f40b, 0x0123186df1b31fdc, 0x00026e7beaad34ce, - 0x01db446ac1d3dbba, 0x0299c1a33437eaec, 0x024540610183cbb7, - 0x0173bb0e9ce92e46, 0x02b937e43921214b, 0x01ab0436a9bf01b5}, - {0x0383381640d46948, 0x008dacbf0e7f330f, 0x03602122bcc3f318, - 0x01ee596b200620d6, 0x03bd0585fda430b3, 0x014aed77fd123a83, - 0x005ace749e52f742, 0x0390fe041da2b842, 0x0189a8ceb3299242}, - {1, 0, 0, 0, 0, 0, 0, 0, 0}}, -{{0x012a19d6b3282473, 0x00c0915918b423ce, 0x023a954eb94405ae, - 0x00529f692be26158, 0x0289fa1b6fa4b2aa, 0x0198ae4ceea346ef, - 0x0047d8cdfbdedd49, 0x00cc8c8953f0f6b8, 0x001424abbff49203}, - {0x0256732a1115a03a, 0x0351bc38665c6733, 0x03f7b950fb4a6447, - 0x000afffa94c22155, 0x025763d0a4dab540, 0x000511e92d4fc283, - 0x030a7e9eda0ee96c, 0x004c3cd93a28bf0a, 0x017edb3a8719217f}, - {1, 0, 0, 0, 0, 0, 0, 0, 0}}, -{{0x011de5675a88e673, 0x031d7d0f5e567fbe, 0x0016b2062c970ae5, - 0x03f4a2be49d90aa7, 0x03cef0bd13822866, 0x03f0923dcf774a6c, - 0x0284bebc4f322f72, 0x016ab2645302bb2c, 0x01793f95dace0e2a}, - {0x010646e13527a28f, 0x01ca1babd59dc5e7, 0x01afedfd9a5595df, - 0x01f15785212ea6b1, 0x0324e5d64f6ae3f4, 0x02d680f526d00645, - 0x0127920fadf627a7, 0x03b383f75df4f684, 0x0089e0057e783b0a}, - {1, 0, 0, 0, 0, 0, 0, 0, 0}}, -{{0x00f334b9eb3c26c6, 0x0298fdaa98568dce, 0x01c2d24843a82292, - 0x020bcb24fa1b0711, 0x02cbdb3d2b1875e6, 0x0014907598f89422, - 0x03abe3aa43b26664, 0x02cbf47f720bc168, 0x0133b5e73014b79b}, - {0x034aab5dab05779d, 0x00cdc5d71fee9abb, 0x0399f16bd4bd9d30, - 0x03582fa592d82647, 0x02be1cdfb775b0e9, 0x0034f7cea32e94cb, - 0x0335a7f08f56f286, 0x03b707e9565d1c8b, 0x0015c946ea5b614f}, - {1, 0, 0, 0, 0, 0, 0, 0, 0}}, -{{0x024676f6cff72255, 0x00d14625cac96378, 0x00532b6008bc3767, - 0x01fc16721b985322, 0x023355ea1b091668, 0x029de7afdc0317c3, - 0x02fc8a7ca2da037c, 0x02de1217d74a6f30, 0x013f7173175b73bf}, - {0x0344913f441490b5, 0x0200f9e272b61eca, 0x0258a246b1dd55d2, - 0x03753db9ea496f36, 0x025e02937a09c5ef, 0x030cbd3d14012692, - 0x01793a67e70dc72a, 0x03ec1d37048a662e, 0x006550f700c32a8d}, - {1, 0, 0, 0, 0, 0, 0, 0, 0}}, -{{0x00d3f48a347eba27, 0x008e636649b61bd8, 0x00d3b93716778fb3, - 0x004d1915757bd209, 0x019d5311a3da44e0, 0x016d1afcbbe6aade, - 0x0241bf5f73265616, 0x0384672e5d50d39b, 0x005009fee522b684}, - {0x029b4fab064435fe, 0x018868ee095bbb07, 0x01ea3d6936cc92b8, - 0x000608b00f78a2f3, 0x02db911073d1c20f, 0x018205938470100a, - 0x01f1e4964cbe6ff2, 0x021a19a29eed4663, 0x01414485f42afa81}, - {1, 0, 0, 0, 0, 0, 0, 0, 0}}, -{{0x01612b3a17f63e34, 0x03813992885428e6, 0x022b3c215b5a9608, - 0x029b4057e19f2fcb, 0x0384059a587af7e6, 0x02d6400ace6fe610, - 0x029354d896e8e331, 0x00c047ee6dfba65e, 0x0037720542e9d49d}, - {0x02ce9eed7c5e9278, 0x0374ed703e79643b, 0x01316c54c4072006, - 0x005aaa09054b2ee8, 0x002824000c840d57, 0x03d4eba24771ed86, - 0x0189c50aabc3bdae, 0x0338c01541e15510, 0x00466d56e38eed42}, - {1, 0, 0, 0, 0, 0, 0, 0, 0}}, -{{0x007efd8330ad8bd6, 0x02465ed48047710b, 0x0034c6606b215e0c, - 0x016ae30c53cbf839, 0x01fa17bd37161216, 0x018ead4e61ce8ab9, - 0x005482ed5f5dee46, 0x037543755bba1d7f, 0x005e5ac7e70a9d0f}, - {0x0117e1bb2fdcb2a2, 0x03deea36249f40c4, 0x028d09b4a6246cb7, - 0x03524b8855bcf756, 0x023d7d109d5ceb58, 0x0178e43e3223ef9c, - 0x0154536a0c6e966a, 0x037964d1286ee9fe, 0x0199bcd90e125055}, - {1, 0, 0, 0, 0, 0, 0, 0, 0}} -}; - -/* - * select_point selects the |idx|th point from a precomputation table and - * copies it to out. - */ - /* pre_comp below is of the size provided in |size| */ -static void select_point(const limb idx, unsigned int size, - const felem pre_comp[][3], felem out[3]) -{ - unsigned i, j; - limb *outlimbs = &out[0][0]; - - memset(out, 0, sizeof(*out) * 3); - - for (i = 0; i < size; i++) { - const limb *inlimbs = &pre_comp[i][0][0]; - limb mask = i ^ idx; - mask |= mask >> 4; - mask |= mask >> 2; - mask |= mask >> 1; - mask &= 1; - mask--; - for (j = 0; j < NLIMBS * 3; j++) - outlimbs[j] |= inlimbs[j] & mask; - } -} - -/* get_bit returns the |i|th bit in |in| */ -static char get_bit(const felem_bytearray in, int i) -{ - if (i < 0) - return 0; - return (in[i >> 3] >> (i & 7)) & 1; -} - -/* - * Interleaved point multiplication using precomputed point multiples: The - * small point multiples 0*P, 1*P, ..., 16*P are in pre_comp[], the scalars - * in scalars[]. If g_scalar is non-NULL, we also add this multiple of the - * generator, using certain (large) precomputed multiples in g_pre_comp. - * Output point (X, Y, Z) is stored in x_out, y_out, z_out - */ -static void batch_mul(felem x_out, felem y_out, felem z_out, - const felem_bytearray scalars[], - const unsigned num_points, const u8 *g_scalar, - const int mixed, const felem pre_comp[][17][3], - const felem g_pre_comp[16][3]) -{ - int i, skip; - unsigned num, gen_mul = (g_scalar != NULL); - felem nq[3], tmp[4]; - limb bits; - u8 sign, digit; - - /* set nq to the point at infinity */ - memset(nq, 0, sizeof(nq)); - - /* - * Loop over all scalars msb-to-lsb, interleaving additions of multiples - * of the generator (last quarter of rounds) and additions of other - * points multiples (every 5th round). - */ - skip = 1; /* save two point operations in the first - * round */ - for (i = (num_points ? 520 : 130); i >= 0; --i) { - /* double */ - if (!skip) - point_double(nq[0], nq[1], nq[2], nq[0], nq[1], nq[2]); - - /* add multiples of the generator */ - if (gen_mul && (i <= 130)) { - bits = get_bit(g_scalar, i + 390) << 3; - if (i < 130) { - bits |= get_bit(g_scalar, i + 260) << 2; - bits |= get_bit(g_scalar, i + 130) << 1; - bits |= get_bit(g_scalar, i); - } - /* select the point to add, in constant time */ - select_point(bits, 16, g_pre_comp, tmp); - if (!skip) { - /* The 1 argument below is for "mixed" */ - point_add(nq[0], nq[1], nq[2], - nq[0], nq[1], nq[2], 1, tmp[0], tmp[1], tmp[2]); - } else { - memcpy(nq, tmp, 3 * sizeof(felem)); - skip = 0; - } - } - - /* do other additions every 5 doublings */ - if (num_points && (i % 5 == 0)) { - /* loop over all scalars */ - for (num = 0; num < num_points; ++num) { - bits = get_bit(scalars[num], i + 4) << 5; - bits |= get_bit(scalars[num], i + 3) << 4; - bits |= get_bit(scalars[num], i + 2) << 3; - bits |= get_bit(scalars[num], i + 1) << 2; - bits |= get_bit(scalars[num], i) << 1; - bits |= get_bit(scalars[num], i - 1); - ossl_ec_GFp_nistp_recode_scalar_bits(&sign, &digit, bits); - - /* - * select the point to add or subtract, in constant time - */ - select_point(digit, 17, pre_comp[num], tmp); - felem_neg(tmp[3], tmp[1]); /* (X, -Y, Z) is the negative - * point */ - copy_conditional(tmp[1], tmp[3], (-(limb) sign)); - - if (!skip) { - point_add(nq[0], nq[1], nq[2], - nq[0], nq[1], nq[2], - mixed, tmp[0], tmp[1], tmp[2]); - } else { - memcpy(nq, tmp, 3 * sizeof(felem)); - skip = 0; - } - } - } - } - felem_assign(x_out, nq[0]); - felem_assign(y_out, nq[1]); - felem_assign(z_out, nq[2]); -} - -/* Precomputation for the group generator. */ -struct nistp521_pre_comp_st { - felem g_pre_comp[16][3]; - CRYPTO_REF_COUNT references; - CRYPTO_RWLOCK *lock; -}; - -const EC_METHOD *EC_GFp_nistp521_method(void) -{ - static const EC_METHOD ret = { - EC_FLAGS_DEFAULT_OCT, - NID_X9_62_prime_field, - ossl_ec_GFp_nistp521_group_init, - ossl_ec_GFp_simple_group_finish, - ossl_ec_GFp_simple_group_clear_finish, - ossl_ec_GFp_nist_group_copy, - ossl_ec_GFp_nistp521_group_set_curve, - ossl_ec_GFp_simple_group_get_curve, - ossl_ec_GFp_simple_group_get_degree, - ossl_ec_group_simple_order_bits, - ossl_ec_GFp_simple_group_check_discriminant, - ossl_ec_GFp_simple_point_init, - ossl_ec_GFp_simple_point_finish, - ossl_ec_GFp_simple_point_clear_finish, - ossl_ec_GFp_simple_point_copy, - ossl_ec_GFp_simple_point_set_to_infinity, - ossl_ec_GFp_simple_point_set_affine_coordinates, - ossl_ec_GFp_nistp521_point_get_affine_coordinates, - 0 /* point_set_compressed_coordinates */ , - 0 /* point2oct */ , - 0 /* oct2point */ , - ossl_ec_GFp_simple_add, - ossl_ec_GFp_simple_dbl, - ossl_ec_GFp_simple_invert, - ossl_ec_GFp_simple_is_at_infinity, - ossl_ec_GFp_simple_is_on_curve, - ossl_ec_GFp_simple_cmp, - ossl_ec_GFp_simple_make_affine, - ossl_ec_GFp_simple_points_make_affine, - ossl_ec_GFp_nistp521_points_mul, - ossl_ec_GFp_nistp521_precompute_mult, - ossl_ec_GFp_nistp521_have_precompute_mult, - ossl_ec_GFp_nist_field_mul, - ossl_ec_GFp_nist_field_sqr, - 0 /* field_div */ , - ossl_ec_GFp_simple_field_inv, - 0 /* field_encode */ , - 0 /* field_decode */ , - 0, /* field_set_to_one */ - ossl_ec_key_simple_priv2oct, - ossl_ec_key_simple_oct2priv, - 0, /* set private */ - ossl_ec_key_simple_generate_key, - ossl_ec_key_simple_check_key, - ossl_ec_key_simple_generate_public_key, - 0, /* keycopy */ - 0, /* keyfinish */ - ossl_ecdh_simple_compute_key, - ossl_ecdsa_simple_sign_setup, - ossl_ecdsa_simple_sign_sig, - ossl_ecdsa_simple_verify_sig, - 0, /* field_inverse_mod_ord */ - 0, /* blind_coordinates */ - 0, /* ladder_pre */ - 0, /* ladder_step */ - 0 /* ladder_post */ - }; - - return &ret; -} - -/******************************************************************************/ -/* - * FUNCTIONS TO MANAGE PRECOMPUTATION - */ - -static NISTP521_PRE_COMP *nistp521_pre_comp_new(void) -{ - NISTP521_PRE_COMP *ret = OPENSSL_zalloc(sizeof(*ret)); - - if (ret == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); - return ret; - } - - ret->references = 1; - - ret->lock = CRYPTO_THREAD_lock_new(); - if (ret->lock == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); - OPENSSL_free(ret); - return NULL; - } - return ret; -} - -NISTP521_PRE_COMP *EC_nistp521_pre_comp_dup(NISTP521_PRE_COMP *p) -{ - int i; - if (p != NULL) - CRYPTO_UP_REF(&p->references, &i, p->lock); - return p; -} - -void EC_nistp521_pre_comp_free(NISTP521_PRE_COMP *p) -{ - int i; - - if (p == NULL) - return; - - CRYPTO_DOWN_REF(&p->references, &i, p->lock); - REF_PRINT_COUNT("EC_nistp521", p); - if (i > 0) - return; - REF_ASSERT_ISNT(i < 0); - - CRYPTO_THREAD_lock_free(p->lock); - OPENSSL_free(p); -} - -/******************************************************************************/ -/* - * OPENSSL EC_METHOD FUNCTIONS - */ - -int ossl_ec_GFp_nistp521_group_init(EC_GROUP *group) -{ - int ret; - ret = ossl_ec_GFp_simple_group_init(group); - group->a_is_minus3 = 1; - return ret; -} - -int ossl_ec_GFp_nistp521_group_set_curve(EC_GROUP *group, const BIGNUM *p, - const BIGNUM *a, const BIGNUM *b, - BN_CTX *ctx) -{ - int ret = 0; - BIGNUM *curve_p, *curve_a, *curve_b; -#ifndef FIPS_MODULE - BN_CTX *new_ctx = NULL; - - if (ctx == NULL) - ctx = new_ctx = BN_CTX_new(); -#endif - if (ctx == NULL) - return 0; - - BN_CTX_start(ctx); - curve_p = BN_CTX_get(ctx); - curve_a = BN_CTX_get(ctx); - curve_b = BN_CTX_get(ctx); - if (curve_b == NULL) - goto err; - BN_bin2bn(nistp521_curve_params[0], sizeof(felem_bytearray), curve_p); - BN_bin2bn(nistp521_curve_params[1], sizeof(felem_bytearray), curve_a); - BN_bin2bn(nistp521_curve_params[2], sizeof(felem_bytearray), curve_b); - if ((BN_cmp(curve_p, p)) || (BN_cmp(curve_a, a)) || (BN_cmp(curve_b, b))) { - ERR_raise(ERR_LIB_EC, EC_R_WRONG_CURVE_PARAMETERS); - goto err; - } - group->field_mod_func = BN_nist_mod_521; - ret = ossl_ec_GFp_simple_group_set_curve(group, p, a, b, ctx); - err: - BN_CTX_end(ctx); -#ifndef FIPS_MODULE - BN_CTX_free(new_ctx); -#endif - return ret; -} - -/* - * Takes the Jacobian coordinates (X, Y, Z) of a point and returns (X', Y') = - * (X/Z^2, Y/Z^3) - */ -int ossl_ec_GFp_nistp521_point_get_affine_coordinates(const EC_GROUP *group, - const EC_POINT *point, - BIGNUM *x, BIGNUM *y, - BN_CTX *ctx) -{ - felem z1, z2, x_in, y_in, x_out, y_out; - largefelem tmp; - - if (EC_POINT_is_at_infinity(group, point)) { - ERR_raise(ERR_LIB_EC, EC_R_POINT_AT_INFINITY); - return 0; - } - if ((!BN_to_felem(x_in, point->X)) || (!BN_to_felem(y_in, point->Y)) || - (!BN_to_felem(z1, point->Z))) - return 0; - felem_inv(z2, z1); - felem_square(tmp, z2); - felem_reduce(z1, tmp); - felem_mul(tmp, x_in, z1); - felem_reduce(x_in, tmp); - felem_contract(x_out, x_in); - if (x != NULL) { - if (!felem_to_BN(x, x_out)) { - ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); - return 0; - } - } - felem_mul(tmp, z1, z2); - felem_reduce(z1, tmp); - felem_mul(tmp, y_in, z1); - felem_reduce(y_in, tmp); - felem_contract(y_out, y_in); - if (y != NULL) { - if (!felem_to_BN(y, y_out)) { - ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); - return 0; - } - } - return 1; -} - -/* points below is of size |num|, and tmp_felems is of size |num+1/ */ -static void make_points_affine(size_t num, felem points[][3], - felem tmp_felems[]) -{ - /* - * Runs in constant time, unless an input is the point at infinity (which - * normally shouldn't happen). - */ - ossl_ec_GFp_nistp_points_make_affine_internal(num, - points, - sizeof(felem), - tmp_felems, - (void (*)(void *))felem_one, - felem_is_zero_int, - (void (*)(void *, const void *)) - felem_assign, - (void (*)(void *, const void *)) - felem_square_reduce, (void (*) - (void *, - const void - *, - const void - *)) - felem_mul_reduce, - (void (*)(void *, const void *)) - felem_inv, - (void (*)(void *, const void *)) - felem_contract); -} - -/* - * Computes scalar*generator + \sum scalars[i]*points[i], ignoring NULL - * values Result is stored in r (r can equal one of the inputs). - */ -int ossl_ec_GFp_nistp521_points_mul(const EC_GROUP *group, EC_POINT *r, - const BIGNUM *scalar, size_t num, - const EC_POINT *points[], - const BIGNUM *scalars[], BN_CTX *ctx) -{ - int ret = 0; - int j; - int mixed = 0; - BIGNUM *x, *y, *z, *tmp_scalar; - felem_bytearray g_secret; - felem_bytearray *secrets = NULL; - felem (*pre_comp)[17][3] = NULL; - felem *tmp_felems = NULL; - unsigned i; - int num_bytes; - int have_pre_comp = 0; - size_t num_points = num; - felem x_in, y_in, z_in, x_out, y_out, z_out; - NISTP521_PRE_COMP *pre = NULL; - felem(*g_pre_comp)[3] = NULL; - EC_POINT *generator = NULL; - const EC_POINT *p = NULL; - const BIGNUM *p_scalar = NULL; - - BN_CTX_start(ctx); - x = BN_CTX_get(ctx); - y = BN_CTX_get(ctx); - z = BN_CTX_get(ctx); - tmp_scalar = BN_CTX_get(ctx); - if (tmp_scalar == NULL) - goto err; - - if (scalar != NULL) { - pre = group->pre_comp.nistp521; - if (pre) - /* we have precomputation, try to use it */ - g_pre_comp = &pre->g_pre_comp[0]; - else - /* try to use the standard precomputation */ - g_pre_comp = (felem(*)[3]) gmul; - generator = EC_POINT_new(group); - if (generator == NULL) - goto err; - /* get the generator from precomputation */ - if (!felem_to_BN(x, g_pre_comp[1][0]) || - !felem_to_BN(y, g_pre_comp[1][1]) || - !felem_to_BN(z, g_pre_comp[1][2])) { - ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); - goto err; - } - if (!ossl_ec_GFp_simple_set_Jprojective_coordinates_GFp(group, - generator, - x, y, z, ctx)) - goto err; - if (0 == EC_POINT_cmp(group, generator, group->generator, ctx)) - /* precomputation matches generator */ - have_pre_comp = 1; - else - /* - * we don't have valid precomputation: treat the generator as a - * random point - */ - num_points++; - } - - if (num_points > 0) { - if (num_points >= 2) { - /* - * unless we precompute multiples for just one point, converting - * those into affine form is time well spent - */ - mixed = 1; - } - secrets = OPENSSL_zalloc(sizeof(*secrets) * num_points); - pre_comp = OPENSSL_zalloc(sizeof(*pre_comp) * num_points); - if (mixed) - tmp_felems = - OPENSSL_malloc(sizeof(*tmp_felems) * (num_points * 17 + 1)); - if ((secrets == NULL) || (pre_comp == NULL) - || (mixed && (tmp_felems == NULL))) { - ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); - goto err; - } - - /* - * we treat NULL scalars as 0, and NULL points as points at infinity, - * i.e., they contribute nothing to the linear combination - */ - for (i = 0; i < num_points; ++i) { - if (i == num) { - /* - * we didn't have a valid precomputation, so we pick the - * generator - */ - p = EC_GROUP_get0_generator(group); - p_scalar = scalar; - } else { - /* the i^th point */ - p = points[i]; - p_scalar = scalars[i]; - } - if ((p_scalar != NULL) && (p != NULL)) { - /* reduce scalar to 0 <= scalar < 2^521 */ - if ((BN_num_bits(p_scalar) > 521) - || (BN_is_negative(p_scalar))) { - /* - * this is an unusual input, and we don't guarantee - * constant-timeness - */ - if (!BN_nnmod(tmp_scalar, p_scalar, group->order, ctx)) { - ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); - goto err; - } - num_bytes = BN_bn2lebinpad(tmp_scalar, - secrets[i], sizeof(secrets[i])); - } else { - num_bytes = BN_bn2lebinpad(p_scalar, - secrets[i], sizeof(secrets[i])); - } - if (num_bytes < 0) { - ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); - goto err; - } - /* precompute multiples */ - if ((!BN_to_felem(x_out, p->X)) || - (!BN_to_felem(y_out, p->Y)) || - (!BN_to_felem(z_out, p->Z))) - goto err; - memcpy(pre_comp[i][1][0], x_out, sizeof(felem)); - memcpy(pre_comp[i][1][1], y_out, sizeof(felem)); - memcpy(pre_comp[i][1][2], z_out, sizeof(felem)); - for (j = 2; j <= 16; ++j) { - if (j & 1) { - point_add(pre_comp[i][j][0], pre_comp[i][j][1], - pre_comp[i][j][2], pre_comp[i][1][0], - pre_comp[i][1][1], pre_comp[i][1][2], 0, - pre_comp[i][j - 1][0], - pre_comp[i][j - 1][1], - pre_comp[i][j - 1][2]); - } else { - point_double(pre_comp[i][j][0], pre_comp[i][j][1], - pre_comp[i][j][2], pre_comp[i][j / 2][0], - pre_comp[i][j / 2][1], - pre_comp[i][j / 2][2]); - } - } - } - } - if (mixed) - make_points_affine(num_points * 17, pre_comp[0], tmp_felems); - } - - /* the scalar for the generator */ - if ((scalar != NULL) && (have_pre_comp)) { - memset(g_secret, 0, sizeof(g_secret)); - /* reduce scalar to 0 <= scalar < 2^521 */ - if ((BN_num_bits(scalar) > 521) || (BN_is_negative(scalar))) { - /* - * this is an unusual input, and we don't guarantee - * constant-timeness - */ - if (!BN_nnmod(tmp_scalar, scalar, group->order, ctx)) { - ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); - goto err; - } - num_bytes = BN_bn2lebinpad(tmp_scalar, g_secret, sizeof(g_secret)); - } else { - num_bytes = BN_bn2lebinpad(scalar, g_secret, sizeof(g_secret)); - } - /* do the multiplication with generator precomputation */ - batch_mul(x_out, y_out, z_out, - (const felem_bytearray(*))secrets, num_points, - g_secret, - mixed, (const felem(*)[17][3])pre_comp, - (const felem(*)[3])g_pre_comp); - } else { - /* do the multiplication without generator precomputation */ - batch_mul(x_out, y_out, z_out, - (const felem_bytearray(*))secrets, num_points, - NULL, mixed, (const felem(*)[17][3])pre_comp, NULL); - } - /* reduce the output to its unique minimal representation */ - felem_contract(x_in, x_out); - felem_contract(y_in, y_out); - felem_contract(z_in, z_out); - if ((!felem_to_BN(x, x_in)) || (!felem_to_BN(y, y_in)) || - (!felem_to_BN(z, z_in))) { - ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); - goto err; - } - ret = ossl_ec_GFp_simple_set_Jprojective_coordinates_GFp(group, r, x, y, z, - ctx); - - err: - BN_CTX_end(ctx); - EC_POINT_free(generator); - OPENSSL_free(secrets); - OPENSSL_free(pre_comp); - OPENSSL_free(tmp_felems); - return ret; -} - -int ossl_ec_GFp_nistp521_precompute_mult(EC_GROUP *group, BN_CTX *ctx) -{ - int ret = 0; - NISTP521_PRE_COMP *pre = NULL; - int i, j; - BIGNUM *x, *y; - EC_POINT *generator = NULL; - felem tmp_felems[16]; -#ifndef FIPS_MODULE - BN_CTX *new_ctx = NULL; -#endif - - /* throw away old precomputation */ - EC_pre_comp_free(group); - -#ifndef FIPS_MODULE - if (ctx == NULL) - ctx = new_ctx = BN_CTX_new(); -#endif - if (ctx == NULL) - return 0; - - BN_CTX_start(ctx); - x = BN_CTX_get(ctx); - y = BN_CTX_get(ctx); - if (y == NULL) - goto err; - /* get the generator */ - if (group->generator == NULL) - goto err; - generator = EC_POINT_new(group); - if (generator == NULL) - goto err; - BN_bin2bn(nistp521_curve_params[3], sizeof(felem_bytearray), x); - BN_bin2bn(nistp521_curve_params[4], sizeof(felem_bytearray), y); - if (!EC_POINT_set_affine_coordinates(group, generator, x, y, ctx)) - goto err; - if ((pre = nistp521_pre_comp_new()) == NULL) - goto err; - /* - * if the generator is the standard one, use built-in precomputation - */ - if (0 == EC_POINT_cmp(group, generator, group->generator, ctx)) { - memcpy(pre->g_pre_comp, gmul, sizeof(pre->g_pre_comp)); - goto done; - } - if ((!BN_to_felem(pre->g_pre_comp[1][0], group->generator->X)) || - (!BN_to_felem(pre->g_pre_comp[1][1], group->generator->Y)) || - (!BN_to_felem(pre->g_pre_comp[1][2], group->generator->Z))) - goto err; - /* compute 2^130*G, 2^260*G, 2^390*G */ - for (i = 1; i <= 4; i <<= 1) { - point_double(pre->g_pre_comp[2 * i][0], pre->g_pre_comp[2 * i][1], - pre->g_pre_comp[2 * i][2], pre->g_pre_comp[i][0], - pre->g_pre_comp[i][1], pre->g_pre_comp[i][2]); - for (j = 0; j < 129; ++j) { - point_double(pre->g_pre_comp[2 * i][0], - pre->g_pre_comp[2 * i][1], - pre->g_pre_comp[2 * i][2], - pre->g_pre_comp[2 * i][0], - pre->g_pre_comp[2 * i][1], - pre->g_pre_comp[2 * i][2]); - } - } - /* g_pre_comp[0] is the point at infinity */ - memset(pre->g_pre_comp[0], 0, sizeof(pre->g_pre_comp[0])); - /* the remaining multiples */ - /* 2^130*G + 2^260*G */ - point_add(pre->g_pre_comp[6][0], pre->g_pre_comp[6][1], - pre->g_pre_comp[6][2], pre->g_pre_comp[4][0], - pre->g_pre_comp[4][1], pre->g_pre_comp[4][2], - 0, pre->g_pre_comp[2][0], pre->g_pre_comp[2][1], - pre->g_pre_comp[2][2]); - /* 2^130*G + 2^390*G */ - point_add(pre->g_pre_comp[10][0], pre->g_pre_comp[10][1], - pre->g_pre_comp[10][2], pre->g_pre_comp[8][0], - pre->g_pre_comp[8][1], pre->g_pre_comp[8][2], - 0, pre->g_pre_comp[2][0], pre->g_pre_comp[2][1], - pre->g_pre_comp[2][2]); - /* 2^260*G + 2^390*G */ - point_add(pre->g_pre_comp[12][0], pre->g_pre_comp[12][1], - pre->g_pre_comp[12][2], pre->g_pre_comp[8][0], - pre->g_pre_comp[8][1], pre->g_pre_comp[8][2], - 0, pre->g_pre_comp[4][0], pre->g_pre_comp[4][1], - pre->g_pre_comp[4][2]); - /* 2^130*G + 2^260*G + 2^390*G */ - point_add(pre->g_pre_comp[14][0], pre->g_pre_comp[14][1], - pre->g_pre_comp[14][2], pre->g_pre_comp[12][0], - pre->g_pre_comp[12][1], pre->g_pre_comp[12][2], - 0, pre->g_pre_comp[2][0], pre->g_pre_comp[2][1], - pre->g_pre_comp[2][2]); - for (i = 1; i < 8; ++i) { - /* odd multiples: add G */ - point_add(pre->g_pre_comp[2 * i + 1][0], - pre->g_pre_comp[2 * i + 1][1], - pre->g_pre_comp[2 * i + 1][2], pre->g_pre_comp[2 * i][0], - pre->g_pre_comp[2 * i][1], pre->g_pre_comp[2 * i][2], 0, - pre->g_pre_comp[1][0], pre->g_pre_comp[1][1], - pre->g_pre_comp[1][2]); - } - make_points_affine(15, &(pre->g_pre_comp[1]), tmp_felems); - - done: - SETPRECOMP(group, nistp521, pre); - ret = 1; - pre = NULL; - err: - BN_CTX_end(ctx); - EC_POINT_free(generator); -#ifndef FIPS_MODULE - BN_CTX_free(new_ctx); -#endif - EC_nistp521_pre_comp_free(pre); - return ret; -} - -int ossl_ec_GFp_nistp521_have_precompute_mult(const EC_GROUP *group) -{ - return HAVEPRECOMP(group, nistp521); -} diff --git a/crypto/ec/ecp_nistputil.c b/crypto/ec/ecp_nistputil.c deleted file mode 100644 index 4e8c0e2767699db72c2f555d5ae9b8c5796d1d09..0000000000000000000000000000000000000000 --- a/crypto/ec/ecp_nistputil.c +++ /dev/null @@ -1,226 +0,0 @@ -/* - * Copyright 2011-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* Copyright 2011 Google Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -/* - * ECDSA low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include - -/* - * Common utility functions for ecp_nistp224.c, ecp_nistp256.c, ecp_nistp521.c. - */ - -#include -#include "ec_local.h" - -/* - * Convert an array of points into affine coordinates. (If the point at - * infinity is found (Z = 0), it remains unchanged.) This function is - * essentially an equivalent to EC_POINTs_make_affine(), but works with the - * internal representation of points as used by ecp_nistp###.c rather than - * with (BIGNUM-based) EC_POINT data structures. point_array is the - * input/output buffer ('num' points in projective form, i.e. three - * coordinates each), based on an internal representation of field elements - * of size 'felem_size'. tmp_felems needs to point to a temporary array of - * 'num'+1 field elements for storage of intermediate values. - */ -void -ossl_ec_GFp_nistp_points_make_affine_internal(size_t num, void *point_array, - size_t felem_size, - void *tmp_felems, - void (*felem_one) (void *out), - int (*felem_is_zero) (const void - *in), - void (*felem_assign) (void *out, - const void - *in), - void (*felem_square) (void *out, - const void - *in), - void (*felem_mul) (void *out, - const void - *in1, - const void - *in2), - void (*felem_inv) (void *out, - const void - *in), - void (*felem_contract) (void - *out, - const - void - *in)) -{ - int i = 0; - -#define tmp_felem(I) (&((char *)tmp_felems)[(I) * felem_size]) -#define X(I) (&((char *)point_array)[3*(I) * felem_size]) -#define Y(I) (&((char *)point_array)[(3*(I) + 1) * felem_size]) -#define Z(I) (&((char *)point_array)[(3*(I) + 2) * felem_size]) - - if (!felem_is_zero(Z(0))) - felem_assign(tmp_felem(0), Z(0)); - else - felem_one(tmp_felem(0)); - for (i = 1; i < (int)num; i++) { - if (!felem_is_zero(Z(i))) - felem_mul(tmp_felem(i), tmp_felem(i - 1), Z(i)); - else - felem_assign(tmp_felem(i), tmp_felem(i - 1)); - } - /* - * Now each tmp_felem(i) is the product of Z(0) .. Z(i), skipping any - * zero-valued factors: if Z(i) = 0, we essentially pretend that Z(i) = 1 - */ - - felem_inv(tmp_felem(num - 1), tmp_felem(num - 1)); - for (i = num - 1; i >= 0; i--) { - if (i > 0) - /* - * tmp_felem(i-1) is the product of Z(0) .. Z(i-1), tmp_felem(i) - * is the inverse of the product of Z(0) .. Z(i) - */ - /* 1/Z(i) */ - felem_mul(tmp_felem(num), tmp_felem(i - 1), tmp_felem(i)); - else - felem_assign(tmp_felem(num), tmp_felem(0)); /* 1/Z(0) */ - - if (!felem_is_zero(Z(i))) { - if (i > 0) - /* - * For next iteration, replace tmp_felem(i-1) by its inverse - */ - felem_mul(tmp_felem(i - 1), tmp_felem(i), Z(i)); - - /* - * Convert point (X, Y, Z) into affine form (X/(Z^2), Y/(Z^3), 1) - */ - felem_square(Z(i), tmp_felem(num)); /* 1/(Z^2) */ - felem_mul(X(i), X(i), Z(i)); /* X/(Z^2) */ - felem_mul(Z(i), Z(i), tmp_felem(num)); /* 1/(Z^3) */ - felem_mul(Y(i), Y(i), Z(i)); /* Y/(Z^3) */ - felem_contract(X(i), X(i)); - felem_contract(Y(i), Y(i)); - felem_one(Z(i)); - } else { - if (i > 0) - /* - * For next iteration, replace tmp_felem(i-1) by its inverse - */ - felem_assign(tmp_felem(i - 1), tmp_felem(i)); - } - } -} - -/*- - * This function looks at 5+1 scalar bits (5 current, 1 adjacent less - * significant bit), and recodes them into a signed digit for use in fast point - * multiplication: the use of signed rather than unsigned digits means that - * fewer points need to be precomputed, given that point inversion is easy - * (a precomputed point dP makes -dP available as well). - * - * BACKGROUND: - * - * Signed digits for multiplication were introduced by Booth ("A signed binary - * multiplication technique", Quart. Journ. Mech. and Applied Math., vol. IV, - * pt. 2 (1951), pp. 236-240), in that case for multiplication of integers. - * Booth's original encoding did not generally improve the density of nonzero - * digits over the binary representation, and was merely meant to simplify the - * handling of signed factors given in two's complement; but it has since been - * shown to be the basis of various signed-digit representations that do have - * further advantages, including the wNAF, using the following general approach: - * - * (1) Given a binary representation - * - * b_k ... b_2 b_1 b_0, - * - * of a nonnegative integer (b_k in {0, 1}), rewrite it in digits 0, 1, -1 - * by using bit-wise subtraction as follows: - * - * b_k b_(k-1) ... b_2 b_1 b_0 - * - b_k ... b_3 b_2 b_1 b_0 - * ----------------------------------------- - * s_(k+1) s_k ... s_3 s_2 s_1 s_0 - * - * A left-shift followed by subtraction of the original value yields a new - * representation of the same value, using signed bits s_i = b_(i-1) - b_i. - * This representation from Booth's paper has since appeared in the - * literature under a variety of different names including "reversed binary - * form", "alternating greedy expansion", "mutual opposite form", and - * "sign-alternating {+-1}-representation". - * - * An interesting property is that among the nonzero bits, values 1 and -1 - * strictly alternate. - * - * (2) Various window schemes can be applied to the Booth representation of - * integers: for example, right-to-left sliding windows yield the wNAF - * (a signed-digit encoding independently discovered by various researchers - * in the 1990s), and left-to-right sliding windows yield a left-to-right - * equivalent of the wNAF (independently discovered by various researchers - * around 2004). - * - * To prevent leaking information through side channels in point multiplication, - * we need to recode the given integer into a regular pattern: sliding windows - * as in wNAFs won't do, we need their fixed-window equivalent -- which is a few - * decades older: we'll be using the so-called "modified Booth encoding" due to - * MacSorley ("High-speed arithmetic in binary computers", Proc. IRE, vol. 49 - * (1961), pp. 67-91), in a radix-2^5 setting. That is, we always combine five - * signed bits into a signed digit: - * - * s_(5j + 4) s_(5j + 3) s_(5j + 2) s_(5j + 1) s_(5j) - * - * The sign-alternating property implies that the resulting digit values are - * integers from -16 to 16. - * - * Of course, we don't actually need to compute the signed digits s_i as an - * intermediate step (that's just a nice way to see how this scheme relates - * to the wNAF): a direct computation obtains the recoded digit from the - * six bits b_(5j + 4) ... b_(5j - 1). - * - * This function takes those six bits as an integer (0 .. 63), writing the - * recoded digit to *sign (0 for positive, 1 for negative) and *digit (absolute - * value, in the range 0 .. 16). Note that this integer essentially provides - * the input bits "shifted to the left" by one position: for example, the input - * to compute the least significant recoded digit, given that there's no bit - * b_-1, has to be b_4 b_3 b_2 b_1 b_0 0. - * - */ -void ossl_ec_GFp_nistp_recode_scalar_bits(unsigned char *sign, - unsigned char *digit, unsigned char in) -{ - unsigned char s, d; - - s = ~((in >> 5) - 1); /* sets all bits to MSB(in), 'in' seen as - * 6-bit value */ - d = (1 << 6) - in - 1; - d = (d & s) | (in & ~s); - d = (d >> 1) + (d & 1); - - *sign = s & 1; - *digit = d; -} diff --git a/crypto/ec/ecp_nistz256.c b/crypto/ec/ecp_nistz256.c deleted file mode 100644 index d65f6984ded3c62d8d3bdc2eaed6bfb6f1c63e55..0000000000000000000000000000000000000000 --- a/crypto/ec/ecp_nistz256.c +++ /dev/null @@ -1,1530 +0,0 @@ -/* - * Copyright 2014-2022 The OpenSSL Project Authors. All Rights Reserved. - * Copyright (c) 2014, Intel Corporation. All Rights Reserved. - * Copyright (c) 2015, CloudFlare, Inc. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - * - * Originally written by Shay Gueron (1, 2), and Vlad Krasnov (1, 3) - * (1) Intel Corporation, Israel Development Center, Haifa, Israel - * (2) University of Haifa, Israel - * (3) CloudFlare, Inc. - * - * Reference: - * S.Gueron and V.Krasnov, "Fast Prime Field Elliptic Curve Cryptography with - * 256 Bit Primes" - */ - -/* - * ECDSA low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include - -#include "internal/cryptlib.h" -#include "crypto/bn.h" -#include "ec_local.h" -#include "internal/refcount.h" - -#if BN_BITS2 != 64 -# define TOBN(hi,lo) lo,hi -#else -# define TOBN(hi,lo) ((BN_ULONG)hi<<32|lo) -#endif - -#if defined(__GNUC__) -# define ALIGN32 __attribute((aligned(32))) -#elif defined(_MSC_VER) -# define ALIGN32 __declspec(align(32)) -#else -# define ALIGN32 -#endif - -#define ALIGNPTR(p,N) ((unsigned char *)p+N-(size_t)p%N) -#define P256_LIMBS (256/BN_BITS2) - -typedef unsigned short u16; - -typedef struct { - BN_ULONG X[P256_LIMBS]; - BN_ULONG Y[P256_LIMBS]; - BN_ULONG Z[P256_LIMBS]; -} P256_POINT; - -typedef struct { - BN_ULONG X[P256_LIMBS]; - BN_ULONG Y[P256_LIMBS]; -} P256_POINT_AFFINE; - -typedef P256_POINT_AFFINE PRECOMP256_ROW[64]; - -/* structure for precomputed multiples of the generator */ -struct nistz256_pre_comp_st { - const EC_GROUP *group; /* Parent EC_GROUP object */ - size_t w; /* Window size */ - /* - * Constant time access to the X and Y coordinates of the pre-computed, - * generator multiplies, in the Montgomery domain. Pre-calculated - * multiplies are stored in affine form. - */ - PRECOMP256_ROW *precomp; - void *precomp_storage; - CRYPTO_REF_COUNT references; - CRYPTO_RWLOCK *lock; -}; - -/* Functions implemented in assembly */ -/* - * Most of below mentioned functions *preserve* the property of inputs - * being fully reduced, i.e. being in [0, modulus) range. Simply put if - * inputs are fully reduced, then output is too. Note that reverse is - * not true, in sense that given partially reduced inputs output can be - * either, not unlikely reduced. And "most" in first sentence refers to - * the fact that given the calculations flow one can tolerate that - * addition, 1st function below, produces partially reduced result *if* - * multiplications by 2 and 3, which customarily use addition, fully - * reduce it. This effectively gives two options: a) addition produces - * fully reduced result [as long as inputs are, just like remaining - * functions]; b) addition is allowed to produce partially reduced - * result, but multiplications by 2 and 3 perform additional reduction - * step. Choice between the two can be platform-specific, but it was a) - * in all cases so far... - */ -/* Modular add: res = a+b mod P */ -void ecp_nistz256_add(BN_ULONG res[P256_LIMBS], - const BN_ULONG a[P256_LIMBS], - const BN_ULONG b[P256_LIMBS]); -/* Modular mul by 2: res = 2*a mod P */ -void ecp_nistz256_mul_by_2(BN_ULONG res[P256_LIMBS], - const BN_ULONG a[P256_LIMBS]); -/* Modular mul by 3: res = 3*a mod P */ -void ecp_nistz256_mul_by_3(BN_ULONG res[P256_LIMBS], - const BN_ULONG a[P256_LIMBS]); - -/* Modular div by 2: res = a/2 mod P */ -void ecp_nistz256_div_by_2(BN_ULONG res[P256_LIMBS], - const BN_ULONG a[P256_LIMBS]); -/* Modular sub: res = a-b mod P */ -void ecp_nistz256_sub(BN_ULONG res[P256_LIMBS], - const BN_ULONG a[P256_LIMBS], - const BN_ULONG b[P256_LIMBS]); -/* Modular neg: res = -a mod P */ -void ecp_nistz256_neg(BN_ULONG res[P256_LIMBS], const BN_ULONG a[P256_LIMBS]); -/* Montgomery mul: res = a*b*2^-256 mod P */ -void ecp_nistz256_mul_mont(BN_ULONG res[P256_LIMBS], - const BN_ULONG a[P256_LIMBS], - const BN_ULONG b[P256_LIMBS]); -/* Montgomery sqr: res = a*a*2^-256 mod P */ -void ecp_nistz256_sqr_mont(BN_ULONG res[P256_LIMBS], - const BN_ULONG a[P256_LIMBS]); -/* Convert a number from Montgomery domain, by multiplying with 1 */ -void ecp_nistz256_from_mont(BN_ULONG res[P256_LIMBS], - const BN_ULONG in[P256_LIMBS]); -/* Convert a number to Montgomery domain, by multiplying with 2^512 mod P*/ -void ecp_nistz256_to_mont(BN_ULONG res[P256_LIMBS], - const BN_ULONG in[P256_LIMBS]); -/* Functions that perform constant time access to the precomputed tables */ -void ecp_nistz256_scatter_w5(P256_POINT *val, - const P256_POINT *in_t, int idx); -void ecp_nistz256_gather_w5(P256_POINT *val, - const P256_POINT *in_t, int idx); -void ecp_nistz256_scatter_w7(P256_POINT_AFFINE *val, - const P256_POINT_AFFINE *in_t, int idx); -void ecp_nistz256_gather_w7(P256_POINT_AFFINE *val, - const P256_POINT_AFFINE *in_t, int idx); - -/* One converted into the Montgomery domain */ -static const BN_ULONG ONE[P256_LIMBS] = { - TOBN(0x00000000, 0x00000001), TOBN(0xffffffff, 0x00000000), - TOBN(0xffffffff, 0xffffffff), TOBN(0x00000000, 0xfffffffe) -}; - -static NISTZ256_PRE_COMP *ecp_nistz256_pre_comp_new(const EC_GROUP *group); - -/* Precomputed tables for the default generator */ -extern const PRECOMP256_ROW ecp_nistz256_precomputed[37]; - -/* Recode window to a signed digit, see ecp_nistputil.c for details */ -static unsigned int _booth_recode_w5(unsigned int in) -{ - unsigned int s, d; - - s = ~((in >> 5) - 1); - d = (1 << 6) - in - 1; - d = (d & s) | (in & ~s); - d = (d >> 1) + (d & 1); - - return (d << 1) + (s & 1); -} - -static unsigned int _booth_recode_w7(unsigned int in) -{ - unsigned int s, d; - - s = ~((in >> 7) - 1); - d = (1 << 8) - in - 1; - d = (d & s) | (in & ~s); - d = (d >> 1) + (d & 1); - - return (d << 1) + (s & 1); -} - -static void copy_conditional(BN_ULONG dst[P256_LIMBS], - const BN_ULONG src[P256_LIMBS], BN_ULONG move) -{ - BN_ULONG mask1 = 0-move; - BN_ULONG mask2 = ~mask1; - - dst[0] = (src[0] & mask1) ^ (dst[0] & mask2); - dst[1] = (src[1] & mask1) ^ (dst[1] & mask2); - dst[2] = (src[2] & mask1) ^ (dst[2] & mask2); - dst[3] = (src[3] & mask1) ^ (dst[3] & mask2); - if (P256_LIMBS == 8) { - dst[4] = (src[4] & mask1) ^ (dst[4] & mask2); - dst[5] = (src[5] & mask1) ^ (dst[5] & mask2); - dst[6] = (src[6] & mask1) ^ (dst[6] & mask2); - dst[7] = (src[7] & mask1) ^ (dst[7] & mask2); - } -} - -static BN_ULONG is_zero(BN_ULONG in) -{ - in |= (0 - in); - in = ~in; - in >>= BN_BITS2 - 1; - return in; -} - -static BN_ULONG is_equal(const BN_ULONG a[P256_LIMBS], - const BN_ULONG b[P256_LIMBS]) -{ - BN_ULONG res; - - res = a[0] ^ b[0]; - res |= a[1] ^ b[1]; - res |= a[2] ^ b[2]; - res |= a[3] ^ b[3]; - if (P256_LIMBS == 8) { - res |= a[4] ^ b[4]; - res |= a[5] ^ b[5]; - res |= a[6] ^ b[6]; - res |= a[7] ^ b[7]; - } - - return is_zero(res); -} - -static BN_ULONG is_one(const BIGNUM *z) -{ - BN_ULONG res = 0; - BN_ULONG *a = bn_get_words(z); - - if (bn_get_top(z) == (P256_LIMBS - P256_LIMBS / 8)) { - res = a[0] ^ ONE[0]; - res |= a[1] ^ ONE[1]; - res |= a[2] ^ ONE[2]; - res |= a[3] ^ ONE[3]; - if (P256_LIMBS == 8) { - res |= a[4] ^ ONE[4]; - res |= a[5] ^ ONE[5]; - res |= a[6] ^ ONE[6]; - /* - * no check for a[7] (being zero) on 32-bit platforms, - * because value of "one" takes only 7 limbs. - */ - } - res = is_zero(res); - } - - return res; -} - -/* - * For reference, this macro is used only when new ecp_nistz256 assembly - * module is being developed. For example, configure with - * -DECP_NISTZ256_REFERENCE_IMPLEMENTATION and implement only functions - * performing simplest arithmetic operations on 256-bit vectors. Then - * work on implementation of higher-level functions performing point - * operations. Then remove ECP_NISTZ256_REFERENCE_IMPLEMENTATION - * and never define it again. (The correct macro denoting presence of - * ecp_nistz256 module is ECP_NISTZ256_ASM.) - */ -#ifndef ECP_NISTZ256_REFERENCE_IMPLEMENTATION -void ecp_nistz256_point_double(P256_POINT *r, const P256_POINT *a); -void ecp_nistz256_point_add(P256_POINT *r, - const P256_POINT *a, const P256_POINT *b); -void ecp_nistz256_point_add_affine(P256_POINT *r, - const P256_POINT *a, - const P256_POINT_AFFINE *b); -#else -/* Point double: r = 2*a */ -static void ecp_nistz256_point_double(P256_POINT *r, const P256_POINT *a) -{ - BN_ULONG S[P256_LIMBS]; - BN_ULONG M[P256_LIMBS]; - BN_ULONG Zsqr[P256_LIMBS]; - BN_ULONG tmp0[P256_LIMBS]; - - const BN_ULONG *in_x = a->X; - const BN_ULONG *in_y = a->Y; - const BN_ULONG *in_z = a->Z; - - BN_ULONG *res_x = r->X; - BN_ULONG *res_y = r->Y; - BN_ULONG *res_z = r->Z; - - ecp_nistz256_mul_by_2(S, in_y); - - ecp_nistz256_sqr_mont(Zsqr, in_z); - - ecp_nistz256_sqr_mont(S, S); - - ecp_nistz256_mul_mont(res_z, in_z, in_y); - ecp_nistz256_mul_by_2(res_z, res_z); - - ecp_nistz256_add(M, in_x, Zsqr); - ecp_nistz256_sub(Zsqr, in_x, Zsqr); - - ecp_nistz256_sqr_mont(res_y, S); - ecp_nistz256_div_by_2(res_y, res_y); - - ecp_nistz256_mul_mont(M, M, Zsqr); - ecp_nistz256_mul_by_3(M, M); - - ecp_nistz256_mul_mont(S, S, in_x); - ecp_nistz256_mul_by_2(tmp0, S); - - ecp_nistz256_sqr_mont(res_x, M); - - ecp_nistz256_sub(res_x, res_x, tmp0); - ecp_nistz256_sub(S, S, res_x); - - ecp_nistz256_mul_mont(S, S, M); - ecp_nistz256_sub(res_y, S, res_y); -} - -/* Point addition: r = a+b */ -static void ecp_nistz256_point_add(P256_POINT *r, - const P256_POINT *a, const P256_POINT *b) -{ - BN_ULONG U2[P256_LIMBS], S2[P256_LIMBS]; - BN_ULONG U1[P256_LIMBS], S1[P256_LIMBS]; - BN_ULONG Z1sqr[P256_LIMBS]; - BN_ULONG Z2sqr[P256_LIMBS]; - BN_ULONG H[P256_LIMBS], R[P256_LIMBS]; - BN_ULONG Hsqr[P256_LIMBS]; - BN_ULONG Rsqr[P256_LIMBS]; - BN_ULONG Hcub[P256_LIMBS]; - - BN_ULONG res_x[P256_LIMBS]; - BN_ULONG res_y[P256_LIMBS]; - BN_ULONG res_z[P256_LIMBS]; - - BN_ULONG in1infty, in2infty; - - const BN_ULONG *in1_x = a->X; - const BN_ULONG *in1_y = a->Y; - const BN_ULONG *in1_z = a->Z; - - const BN_ULONG *in2_x = b->X; - const BN_ULONG *in2_y = b->Y; - const BN_ULONG *in2_z = b->Z; - - /* - * Infinity in encoded as (,,0) - */ - in1infty = (in1_z[0] | in1_z[1] | in1_z[2] | in1_z[3]); - if (P256_LIMBS == 8) - in1infty |= (in1_z[4] | in1_z[5] | in1_z[6] | in1_z[7]); - - in2infty = (in2_z[0] | in2_z[1] | in2_z[2] | in2_z[3]); - if (P256_LIMBS == 8) - in2infty |= (in2_z[4] | in2_z[5] | in2_z[6] | in2_z[7]); - - in1infty = is_zero(in1infty); - in2infty = is_zero(in2infty); - - ecp_nistz256_sqr_mont(Z2sqr, in2_z); /* Z2^2 */ - ecp_nistz256_sqr_mont(Z1sqr, in1_z); /* Z1^2 */ - - ecp_nistz256_mul_mont(S1, Z2sqr, in2_z); /* S1 = Z2^3 */ - ecp_nistz256_mul_mont(S2, Z1sqr, in1_z); /* S2 = Z1^3 */ - - ecp_nistz256_mul_mont(S1, S1, in1_y); /* S1 = Y1*Z2^3 */ - ecp_nistz256_mul_mont(S2, S2, in2_y); /* S2 = Y2*Z1^3 */ - ecp_nistz256_sub(R, S2, S1); /* R = S2 - S1 */ - - ecp_nistz256_mul_mont(U1, in1_x, Z2sqr); /* U1 = X1*Z2^2 */ - ecp_nistz256_mul_mont(U2, in2_x, Z1sqr); /* U2 = X2*Z1^2 */ - ecp_nistz256_sub(H, U2, U1); /* H = U2 - U1 */ - - /* - * The formulae are incorrect if the points are equal so we check for - * this and do doubling if this happens. - * - * Points here are in Jacobian projective coordinates (Xi, Yi, Zi) - * that are bound to the affine coordinates (xi, yi) by the following - * equations: - * - xi = Xi / (Zi)^2 - * - y1 = Yi / (Zi)^3 - * - * For the sake of optimization, the algorithm operates over - * intermediate variables U1, U2 and S1, S2 that are derived from - * the projective coordinates: - * - U1 = X1 * (Z2)^2 ; U2 = X2 * (Z1)^2 - * - S1 = Y1 * (Z2)^3 ; S2 = Y2 * (Z1)^3 - * - * It is easy to prove that is_equal(U1, U2) implies that the affine - * x-coordinates are equal, or either point is at infinity. - * Likewise is_equal(S1, S2) implies that the affine y-coordinates are - * equal, or either point is at infinity. - * - * The special case of either point being the point at infinity (Z1 or Z2 - * is zero), is handled separately later on in this function, so we avoid - * jumping to point_double here in those special cases. - * - * When both points are inverse of each other, we know that the affine - * x-coordinates are equal, and the y-coordinates have different sign. - * Therefore since U1 = U2, we know H = 0, and therefore Z3 = H*Z1*Z2 - * will equal 0, thus the result is infinity, if we simply let this - * function continue normally. - * - * We use bitwise operations to avoid potential side-channels introduced by - * the short-circuiting behaviour of boolean operators. - */ - if (is_equal(U1, U2) & ~in1infty & ~in2infty & is_equal(S1, S2)) { - /* - * This is obviously not constant-time but it should never happen during - * single point multiplication, so there is no timing leak for ECDH or - * ECDSA signing. - */ - ecp_nistz256_point_double(r, a); - return; - } - - ecp_nistz256_sqr_mont(Rsqr, R); /* R^2 */ - ecp_nistz256_mul_mont(res_z, H, in1_z); /* Z3 = H*Z1*Z2 */ - ecp_nistz256_sqr_mont(Hsqr, H); /* H^2 */ - ecp_nistz256_mul_mont(res_z, res_z, in2_z); /* Z3 = H*Z1*Z2 */ - ecp_nistz256_mul_mont(Hcub, Hsqr, H); /* H^3 */ - - ecp_nistz256_mul_mont(U2, U1, Hsqr); /* U1*H^2 */ - ecp_nistz256_mul_by_2(Hsqr, U2); /* 2*U1*H^2 */ - - ecp_nistz256_sub(res_x, Rsqr, Hsqr); - ecp_nistz256_sub(res_x, res_x, Hcub); - - ecp_nistz256_sub(res_y, U2, res_x); - - ecp_nistz256_mul_mont(S2, S1, Hcub); - ecp_nistz256_mul_mont(res_y, R, res_y); - ecp_nistz256_sub(res_y, res_y, S2); - - copy_conditional(res_x, in2_x, in1infty); - copy_conditional(res_y, in2_y, in1infty); - copy_conditional(res_z, in2_z, in1infty); - - copy_conditional(res_x, in1_x, in2infty); - copy_conditional(res_y, in1_y, in2infty); - copy_conditional(res_z, in1_z, in2infty); - - memcpy(r->X, res_x, sizeof(res_x)); - memcpy(r->Y, res_y, sizeof(res_y)); - memcpy(r->Z, res_z, sizeof(res_z)); -} - -/* Point addition when b is known to be affine: r = a+b */ -static void ecp_nistz256_point_add_affine(P256_POINT *r, - const P256_POINT *a, - const P256_POINT_AFFINE *b) -{ - BN_ULONG U2[P256_LIMBS], S2[P256_LIMBS]; - BN_ULONG Z1sqr[P256_LIMBS]; - BN_ULONG H[P256_LIMBS], R[P256_LIMBS]; - BN_ULONG Hsqr[P256_LIMBS]; - BN_ULONG Rsqr[P256_LIMBS]; - BN_ULONG Hcub[P256_LIMBS]; - - BN_ULONG res_x[P256_LIMBS]; - BN_ULONG res_y[P256_LIMBS]; - BN_ULONG res_z[P256_LIMBS]; - - BN_ULONG in1infty, in2infty; - - const BN_ULONG *in1_x = a->X; - const BN_ULONG *in1_y = a->Y; - const BN_ULONG *in1_z = a->Z; - - const BN_ULONG *in2_x = b->X; - const BN_ULONG *in2_y = b->Y; - - /* - * Infinity in encoded as (,,0) - */ - in1infty = (in1_z[0] | in1_z[1] | in1_z[2] | in1_z[3]); - if (P256_LIMBS == 8) - in1infty |= (in1_z[4] | in1_z[5] | in1_z[6] | in1_z[7]); - - /* - * In affine representation we encode infinity as (0,0), which is - * not on the curve, so it is OK - */ - in2infty = (in2_x[0] | in2_x[1] | in2_x[2] | in2_x[3] | - in2_y[0] | in2_y[1] | in2_y[2] | in2_y[3]); - if (P256_LIMBS == 8) - in2infty |= (in2_x[4] | in2_x[5] | in2_x[6] | in2_x[7] | - in2_y[4] | in2_y[5] | in2_y[6] | in2_y[7]); - - in1infty = is_zero(in1infty); - in2infty = is_zero(in2infty); - - ecp_nistz256_sqr_mont(Z1sqr, in1_z); /* Z1^2 */ - - ecp_nistz256_mul_mont(U2, in2_x, Z1sqr); /* U2 = X2*Z1^2 */ - ecp_nistz256_sub(H, U2, in1_x); /* H = U2 - U1 */ - - ecp_nistz256_mul_mont(S2, Z1sqr, in1_z); /* S2 = Z1^3 */ - - ecp_nistz256_mul_mont(res_z, H, in1_z); /* Z3 = H*Z1*Z2 */ - - ecp_nistz256_mul_mont(S2, S2, in2_y); /* S2 = Y2*Z1^3 */ - ecp_nistz256_sub(R, S2, in1_y); /* R = S2 - S1 */ - - ecp_nistz256_sqr_mont(Hsqr, H); /* H^2 */ - ecp_nistz256_sqr_mont(Rsqr, R); /* R^2 */ - ecp_nistz256_mul_mont(Hcub, Hsqr, H); /* H^3 */ - - ecp_nistz256_mul_mont(U2, in1_x, Hsqr); /* U1*H^2 */ - ecp_nistz256_mul_by_2(Hsqr, U2); /* 2*U1*H^2 */ - - ecp_nistz256_sub(res_x, Rsqr, Hsqr); - ecp_nistz256_sub(res_x, res_x, Hcub); - ecp_nistz256_sub(H, U2, res_x); - - ecp_nistz256_mul_mont(S2, in1_y, Hcub); - ecp_nistz256_mul_mont(H, H, R); - ecp_nistz256_sub(res_y, H, S2); - - copy_conditional(res_x, in2_x, in1infty); - copy_conditional(res_x, in1_x, in2infty); - - copy_conditional(res_y, in2_y, in1infty); - copy_conditional(res_y, in1_y, in2infty); - - copy_conditional(res_z, ONE, in1infty); - copy_conditional(res_z, in1_z, in2infty); - - memcpy(r->X, res_x, sizeof(res_x)); - memcpy(r->Y, res_y, sizeof(res_y)); - memcpy(r->Z, res_z, sizeof(res_z)); -} -#endif - -/* r = in^-1 mod p */ -static void ecp_nistz256_mod_inverse(BN_ULONG r[P256_LIMBS], - const BN_ULONG in[P256_LIMBS]) -{ - /* - * The poly is ffffffff 00000001 00000000 00000000 00000000 ffffffff - * ffffffff ffffffff We use FLT and used poly-2 as exponent - */ - BN_ULONG p2[P256_LIMBS]; - BN_ULONG p4[P256_LIMBS]; - BN_ULONG p8[P256_LIMBS]; - BN_ULONG p16[P256_LIMBS]; - BN_ULONG p32[P256_LIMBS]; - BN_ULONG res[P256_LIMBS]; - int i; - - ecp_nistz256_sqr_mont(res, in); - ecp_nistz256_mul_mont(p2, res, in); /* 3*p */ - - ecp_nistz256_sqr_mont(res, p2); - ecp_nistz256_sqr_mont(res, res); - ecp_nistz256_mul_mont(p4, res, p2); /* f*p */ - - ecp_nistz256_sqr_mont(res, p4); - ecp_nistz256_sqr_mont(res, res); - ecp_nistz256_sqr_mont(res, res); - ecp_nistz256_sqr_mont(res, res); - ecp_nistz256_mul_mont(p8, res, p4); /* ff*p */ - - ecp_nistz256_sqr_mont(res, p8); - for (i = 0; i < 7; i++) - ecp_nistz256_sqr_mont(res, res); - ecp_nistz256_mul_mont(p16, res, p8); /* ffff*p */ - - ecp_nistz256_sqr_mont(res, p16); - for (i = 0; i < 15; i++) - ecp_nistz256_sqr_mont(res, res); - ecp_nistz256_mul_mont(p32, res, p16); /* ffffffff*p */ - - ecp_nistz256_sqr_mont(res, p32); - for (i = 0; i < 31; i++) - ecp_nistz256_sqr_mont(res, res); - ecp_nistz256_mul_mont(res, res, in); - - for (i = 0; i < 32 * 4; i++) - ecp_nistz256_sqr_mont(res, res); - ecp_nistz256_mul_mont(res, res, p32); - - for (i = 0; i < 32; i++) - ecp_nistz256_sqr_mont(res, res); - ecp_nistz256_mul_mont(res, res, p32); - - for (i = 0; i < 16; i++) - ecp_nistz256_sqr_mont(res, res); - ecp_nistz256_mul_mont(res, res, p16); - - for (i = 0; i < 8; i++) - ecp_nistz256_sqr_mont(res, res); - ecp_nistz256_mul_mont(res, res, p8); - - ecp_nistz256_sqr_mont(res, res); - ecp_nistz256_sqr_mont(res, res); - ecp_nistz256_sqr_mont(res, res); - ecp_nistz256_sqr_mont(res, res); - ecp_nistz256_mul_mont(res, res, p4); - - ecp_nistz256_sqr_mont(res, res); - ecp_nistz256_sqr_mont(res, res); - ecp_nistz256_mul_mont(res, res, p2); - - ecp_nistz256_sqr_mont(res, res); - ecp_nistz256_sqr_mont(res, res); - ecp_nistz256_mul_mont(res, res, in); - - memcpy(r, res, sizeof(res)); -} - -/* - * ecp_nistz256_bignum_to_field_elem copies the contents of |in| to |out| and - * returns one if it fits. Otherwise it returns zero. - */ -__owur static int ecp_nistz256_bignum_to_field_elem(BN_ULONG out[P256_LIMBS], - const BIGNUM *in) -{ - return bn_copy_words(out, in, P256_LIMBS); -} - -/* r = sum(scalar[i]*point[i]) */ -__owur static int ecp_nistz256_windowed_mul(const EC_GROUP *group, - P256_POINT *r, - const BIGNUM **scalar, - const EC_POINT **point, - size_t num, BN_CTX *ctx) -{ - size_t i; - int j, ret = 0; - unsigned int idx; - unsigned char (*p_str)[33] = NULL; - const unsigned int window_size = 5; - const unsigned int mask = (1 << (window_size + 1)) - 1; - unsigned int wvalue; - P256_POINT *temp; /* place for 5 temporary points */ - const BIGNUM **scalars = NULL; - P256_POINT (*table)[16] = NULL; - void *table_storage = NULL; - - if ((num * 16 + 6) > OPENSSL_MALLOC_MAX_NELEMS(P256_POINT) - || (table_storage = - OPENSSL_malloc((num * 16 + 5) * sizeof(P256_POINT) + 64)) == NULL - || (p_str = - OPENSSL_malloc(num * 33 * sizeof(unsigned char))) == NULL - || (scalars = OPENSSL_malloc(num * sizeof(BIGNUM *))) == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); - goto err; - } - - table = (void *)ALIGNPTR(table_storage, 64); - temp = (P256_POINT *)(table + num); - - for (i = 0; i < num; i++) { - P256_POINT *row = table[i]; - - /* This is an unusual input, we don't guarantee constant-timeness. */ - if ((BN_num_bits(scalar[i]) > 256) || BN_is_negative(scalar[i])) { - BIGNUM *mod; - - if ((mod = BN_CTX_get(ctx)) == NULL) - goto err; - if (!BN_nnmod(mod, scalar[i], group->order, ctx)) { - ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); - goto err; - } - scalars[i] = mod; - } else - scalars[i] = scalar[i]; - - for (j = 0; j < bn_get_top(scalars[i]) * BN_BYTES; j += BN_BYTES) { - BN_ULONG d = bn_get_words(scalars[i])[j / BN_BYTES]; - - p_str[i][j + 0] = (unsigned char)d; - p_str[i][j + 1] = (unsigned char)(d >> 8); - p_str[i][j + 2] = (unsigned char)(d >> 16); - p_str[i][j + 3] = (unsigned char)(d >>= 24); - if (BN_BYTES == 8) { - d >>= 8; - p_str[i][j + 4] = (unsigned char)d; - p_str[i][j + 5] = (unsigned char)(d >> 8); - p_str[i][j + 6] = (unsigned char)(d >> 16); - p_str[i][j + 7] = (unsigned char)(d >> 24); - } - } - for (; j < 33; j++) - p_str[i][j] = 0; - - if (!ecp_nistz256_bignum_to_field_elem(temp[0].X, point[i]->X) - || !ecp_nistz256_bignum_to_field_elem(temp[0].Y, point[i]->Y) - || !ecp_nistz256_bignum_to_field_elem(temp[0].Z, point[i]->Z)) { - ERR_raise(ERR_LIB_EC, EC_R_COORDINATES_OUT_OF_RANGE); - goto err; - } - - /* - * row[0] is implicitly (0,0,0) (the point at infinity), therefore it - * is not stored. All other values are actually stored with an offset - * of -1 in table. - */ - - ecp_nistz256_scatter_w5 (row, &temp[0], 1); - ecp_nistz256_point_double(&temp[1], &temp[0]); /*1+1=2 */ - ecp_nistz256_scatter_w5 (row, &temp[1], 2); - ecp_nistz256_point_add (&temp[2], &temp[1], &temp[0]); /*2+1=3 */ - ecp_nistz256_scatter_w5 (row, &temp[2], 3); - ecp_nistz256_point_double(&temp[1], &temp[1]); /*2*2=4 */ - ecp_nistz256_scatter_w5 (row, &temp[1], 4); - ecp_nistz256_point_double(&temp[2], &temp[2]); /*2*3=6 */ - ecp_nistz256_scatter_w5 (row, &temp[2], 6); - ecp_nistz256_point_add (&temp[3], &temp[1], &temp[0]); /*4+1=5 */ - ecp_nistz256_scatter_w5 (row, &temp[3], 5); - ecp_nistz256_point_add (&temp[4], &temp[2], &temp[0]); /*6+1=7 */ - ecp_nistz256_scatter_w5 (row, &temp[4], 7); - ecp_nistz256_point_double(&temp[1], &temp[1]); /*2*4=8 */ - ecp_nistz256_scatter_w5 (row, &temp[1], 8); - ecp_nistz256_point_double(&temp[2], &temp[2]); /*2*6=12 */ - ecp_nistz256_scatter_w5 (row, &temp[2], 12); - ecp_nistz256_point_double(&temp[3], &temp[3]); /*2*5=10 */ - ecp_nistz256_scatter_w5 (row, &temp[3], 10); - ecp_nistz256_point_double(&temp[4], &temp[4]); /*2*7=14 */ - ecp_nistz256_scatter_w5 (row, &temp[4], 14); - ecp_nistz256_point_add (&temp[2], &temp[2], &temp[0]); /*12+1=13*/ - ecp_nistz256_scatter_w5 (row, &temp[2], 13); - ecp_nistz256_point_add (&temp[3], &temp[3], &temp[0]); /*10+1=11*/ - ecp_nistz256_scatter_w5 (row, &temp[3], 11); - ecp_nistz256_point_add (&temp[4], &temp[4], &temp[0]); /*14+1=15*/ - ecp_nistz256_scatter_w5 (row, &temp[4], 15); - ecp_nistz256_point_add (&temp[2], &temp[1], &temp[0]); /*8+1=9 */ - ecp_nistz256_scatter_w5 (row, &temp[2], 9); - ecp_nistz256_point_double(&temp[1], &temp[1]); /*2*8=16 */ - ecp_nistz256_scatter_w5 (row, &temp[1], 16); - } - - idx = 255; - - wvalue = p_str[0][(idx - 1) / 8]; - wvalue = (wvalue >> ((idx - 1) % 8)) & mask; - - /* - * We gather to temp[0], because we know it's position relative - * to table - */ - ecp_nistz256_gather_w5(&temp[0], table[0], _booth_recode_w5(wvalue) >> 1); - memcpy(r, &temp[0], sizeof(temp[0])); - - while (idx >= 5) { - for (i = (idx == 255 ? 1 : 0); i < num; i++) { - unsigned int off = (idx - 1) / 8; - - wvalue = p_str[i][off] | p_str[i][off + 1] << 8; - wvalue = (wvalue >> ((idx - 1) % 8)) & mask; - - wvalue = _booth_recode_w5(wvalue); - - ecp_nistz256_gather_w5(&temp[0], table[i], wvalue >> 1); - - ecp_nistz256_neg(temp[1].Y, temp[0].Y); - copy_conditional(temp[0].Y, temp[1].Y, (wvalue & 1)); - - ecp_nistz256_point_add(r, r, &temp[0]); - } - - idx -= window_size; - - ecp_nistz256_point_double(r, r); - ecp_nistz256_point_double(r, r); - ecp_nistz256_point_double(r, r); - ecp_nistz256_point_double(r, r); - ecp_nistz256_point_double(r, r); - } - - /* Final window */ - for (i = 0; i < num; i++) { - wvalue = p_str[i][0]; - wvalue = (wvalue << 1) & mask; - - wvalue = _booth_recode_w5(wvalue); - - ecp_nistz256_gather_w5(&temp[0], table[i], wvalue >> 1); - - ecp_nistz256_neg(temp[1].Y, temp[0].Y); - copy_conditional(temp[0].Y, temp[1].Y, wvalue & 1); - - ecp_nistz256_point_add(r, r, &temp[0]); - } - - ret = 1; - err: - OPENSSL_free(table_storage); - OPENSSL_free(p_str); - OPENSSL_free(scalars); - return ret; -} - -/* Coordinates of G, for which we have precomputed tables */ -static const BN_ULONG def_xG[P256_LIMBS] = { - TOBN(0x79e730d4, 0x18a9143c), TOBN(0x75ba95fc, 0x5fedb601), - TOBN(0x79fb732b, 0x77622510), TOBN(0x18905f76, 0xa53755c6) -}; - -static const BN_ULONG def_yG[P256_LIMBS] = { - TOBN(0xddf25357, 0xce95560a), TOBN(0x8b4ab8e4, 0xba19e45c), - TOBN(0xd2e88688, 0xdd21f325), TOBN(0x8571ff18, 0x25885d85) -}; - -/* - * ecp_nistz256_is_affine_G returns one if |generator| is the standard, P-256 - * generator. - */ -static int ecp_nistz256_is_affine_G(const EC_POINT *generator) -{ - return (bn_get_top(generator->X) == P256_LIMBS) && - (bn_get_top(generator->Y) == P256_LIMBS) && - is_equal(bn_get_words(generator->X), def_xG) && - is_equal(bn_get_words(generator->Y), def_yG) && - is_one(generator->Z); -} - -__owur static int ecp_nistz256_mult_precompute(EC_GROUP *group, BN_CTX *ctx) -{ - /* - * We precompute a table for a Booth encoded exponent (wNAF) based - * computation. Each table holds 64 values for safe access, with an - * implicit value of infinity at index zero. We use window of size 7, and - * therefore require ceil(256/7) = 37 tables. - */ - const BIGNUM *order; - EC_POINT *P = NULL, *T = NULL; - const EC_POINT *generator; - NISTZ256_PRE_COMP *pre_comp; - BN_CTX *new_ctx = NULL; - int i, j, k, ret = 0; - size_t w; - - PRECOMP256_ROW *preComputedTable = NULL; - unsigned char *precomp_storage = NULL; - - /* if there is an old NISTZ256_PRE_COMP object, throw it away */ - EC_pre_comp_free(group); - generator = EC_GROUP_get0_generator(group); - if (generator == NULL) { - ERR_raise(ERR_LIB_EC, EC_R_UNDEFINED_GENERATOR); - return 0; - } - - if (ecp_nistz256_is_affine_G(generator)) { - /* - * No need to calculate tables for the standard generator because we - * have them statically. - */ - return 1; - } - - if ((pre_comp = ecp_nistz256_pre_comp_new(group)) == NULL) - return 0; - - if (ctx == NULL) { - ctx = new_ctx = BN_CTX_new_ex(group->libctx); - if (ctx == NULL) - goto err; - } - - BN_CTX_start(ctx); - - order = EC_GROUP_get0_order(group); - if (order == NULL) - goto err; - - if (BN_is_zero(order)) { - ERR_raise(ERR_LIB_EC, EC_R_UNKNOWN_ORDER); - goto err; - } - - w = 7; - - if ((precomp_storage = - OPENSSL_malloc(37 * 64 * sizeof(P256_POINT_AFFINE) + 64)) == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); - goto err; - } - - preComputedTable = (void *)ALIGNPTR(precomp_storage, 64); - - P = EC_POINT_new(group); - T = EC_POINT_new(group); - if (P == NULL || T == NULL) - goto err; - - /* - * The zero entry is implicitly infinity, and we skip it, storing other - * values with -1 offset. - */ - if (!EC_POINT_copy(T, generator)) - goto err; - - for (k = 0; k < 64; k++) { - if (!EC_POINT_copy(P, T)) - goto err; - for (j = 0; j < 37; j++) { - P256_POINT_AFFINE temp; - /* - * It would be faster to use EC_POINTs_make_affine and - * make multiple points affine at the same time. - */ - if (group->meth->make_affine == NULL - || !group->meth->make_affine(group, P, ctx)) - goto err; - if (!ecp_nistz256_bignum_to_field_elem(temp.X, P->X) || - !ecp_nistz256_bignum_to_field_elem(temp.Y, P->Y)) { - ERR_raise(ERR_LIB_EC, EC_R_COORDINATES_OUT_OF_RANGE); - goto err; - } - ecp_nistz256_scatter_w7(preComputedTable[j], &temp, k); - for (i = 0; i < 7; i++) { - if (!EC_POINT_dbl(group, P, P, ctx)) - goto err; - } - } - if (!EC_POINT_add(group, T, T, generator, ctx)) - goto err; - } - - pre_comp->group = group; - pre_comp->w = w; - pre_comp->precomp = preComputedTable; - pre_comp->precomp_storage = precomp_storage; - precomp_storage = NULL; - SETPRECOMP(group, nistz256, pre_comp); - pre_comp = NULL; - ret = 1; - - err: - BN_CTX_end(ctx); - BN_CTX_free(new_ctx); - - EC_nistz256_pre_comp_free(pre_comp); - OPENSSL_free(precomp_storage); - EC_POINT_free(P); - EC_POINT_free(T); - return ret; -} - -__owur static int ecp_nistz256_set_from_affine(EC_POINT *out, const EC_GROUP *group, - const P256_POINT_AFFINE *in, - BN_CTX *ctx) -{ - int ret = 0; - - if ((ret = bn_set_words(out->X, in->X, P256_LIMBS)) - && (ret = bn_set_words(out->Y, in->Y, P256_LIMBS)) - && (ret = bn_set_words(out->Z, ONE, P256_LIMBS))) - out->Z_is_one = 1; - - return ret; -} - -/* r = scalar*G + sum(scalars[i]*points[i]) */ -__owur static int ecp_nistz256_points_mul(const EC_GROUP *group, - EC_POINT *r, - const BIGNUM *scalar, - size_t num, - const EC_POINT *points[], - const BIGNUM *scalars[], BN_CTX *ctx) -{ - int i = 0, ret = 0, no_precomp_for_generator = 0, p_is_infinity = 0; - unsigned char p_str[33] = { 0 }; - const PRECOMP256_ROW *preComputedTable = NULL; - const NISTZ256_PRE_COMP *pre_comp = NULL; - const EC_POINT *generator = NULL; - const BIGNUM **new_scalars = NULL; - const EC_POINT **new_points = NULL; - unsigned int idx = 0; - const unsigned int window_size = 7; - const unsigned int mask = (1 << (window_size + 1)) - 1; - unsigned int wvalue; - ALIGN32 union { - P256_POINT p; - P256_POINT_AFFINE a; - } t, p; - BIGNUM *tmp_scalar; - - if ((num + 1) == 0 || (num + 1) > OPENSSL_MALLOC_MAX_NELEMS(void *)) { - ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); - return 0; - } - - memset(&p, 0, sizeof(p)); - BN_CTX_start(ctx); - - if (scalar) { - generator = EC_GROUP_get0_generator(group); - if (generator == NULL) { - ERR_raise(ERR_LIB_EC, EC_R_UNDEFINED_GENERATOR); - goto err; - } - - /* look if we can use precomputed multiples of generator */ - pre_comp = group->pre_comp.nistz256; - - if (pre_comp) { - /* - * If there is a precomputed table for the generator, check that - * it was generated with the same generator. - */ - EC_POINT *pre_comp_generator = EC_POINT_new(group); - if (pre_comp_generator == NULL) - goto err; - - ecp_nistz256_gather_w7(&p.a, pre_comp->precomp[0], 1); - if (!ecp_nistz256_set_from_affine(pre_comp_generator, - group, &p.a, ctx)) { - EC_POINT_free(pre_comp_generator); - goto err; - } - - if (0 == EC_POINT_cmp(group, generator, pre_comp_generator, ctx)) - preComputedTable = (const PRECOMP256_ROW *)pre_comp->precomp; - - EC_POINT_free(pre_comp_generator); - } - - if (preComputedTable == NULL && ecp_nistz256_is_affine_G(generator)) { - /* - * If there is no precomputed data, but the generator is the - * default, a hardcoded table of precomputed data is used. This - * is because applications, such as Apache, do not use - * EC_KEY_precompute_mult. - */ - preComputedTable = ecp_nistz256_precomputed; - } - - if (preComputedTable) { - BN_ULONG infty; - - if ((BN_num_bits(scalar) > 256) - || BN_is_negative(scalar)) { - if ((tmp_scalar = BN_CTX_get(ctx)) == NULL) - goto err; - - if (!BN_nnmod(tmp_scalar, scalar, group->order, ctx)) { - ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); - goto err; - } - scalar = tmp_scalar; - } - - for (i = 0; i < bn_get_top(scalar) * BN_BYTES; i += BN_BYTES) { - BN_ULONG d = bn_get_words(scalar)[i / BN_BYTES]; - - p_str[i + 0] = (unsigned char)d; - p_str[i + 1] = (unsigned char)(d >> 8); - p_str[i + 2] = (unsigned char)(d >> 16); - p_str[i + 3] = (unsigned char)(d >>= 24); - if (BN_BYTES == 8) { - d >>= 8; - p_str[i + 4] = (unsigned char)d; - p_str[i + 5] = (unsigned char)(d >> 8); - p_str[i + 6] = (unsigned char)(d >> 16); - p_str[i + 7] = (unsigned char)(d >> 24); - } - } - - for (; i < 33; i++) - p_str[i] = 0; - - /* First window */ - wvalue = (p_str[0] << 1) & mask; - idx += window_size; - - wvalue = _booth_recode_w7(wvalue); - - ecp_nistz256_gather_w7(&p.a, preComputedTable[0], - wvalue >> 1); - - ecp_nistz256_neg(p.p.Z, p.p.Y); - copy_conditional(p.p.Y, p.p.Z, wvalue & 1); - - /* - * Since affine infinity is encoded as (0,0) and - * Jacobian is (,,0), we need to harmonize them - * by assigning "one" or zero to Z. - */ - infty = (p.p.X[0] | p.p.X[1] | p.p.X[2] | p.p.X[3] | - p.p.Y[0] | p.p.Y[1] | p.p.Y[2] | p.p.Y[3]); - if (P256_LIMBS == 8) - infty |= (p.p.X[4] | p.p.X[5] | p.p.X[6] | p.p.X[7] | - p.p.Y[4] | p.p.Y[5] | p.p.Y[6] | p.p.Y[7]); - - infty = 0 - is_zero(infty); - infty = ~infty; - - p.p.Z[0] = ONE[0] & infty; - p.p.Z[1] = ONE[1] & infty; - p.p.Z[2] = ONE[2] & infty; - p.p.Z[3] = ONE[3] & infty; - if (P256_LIMBS == 8) { - p.p.Z[4] = ONE[4] & infty; - p.p.Z[5] = ONE[5] & infty; - p.p.Z[6] = ONE[6] & infty; - p.p.Z[7] = ONE[7] & infty; - } - - for (i = 1; i < 37; i++) { - unsigned int off = (idx - 1) / 8; - wvalue = p_str[off] | p_str[off + 1] << 8; - wvalue = (wvalue >> ((idx - 1) % 8)) & mask; - idx += window_size; - - wvalue = _booth_recode_w7(wvalue); - - ecp_nistz256_gather_w7(&t.a, - preComputedTable[i], wvalue >> 1); - - ecp_nistz256_neg(t.p.Z, t.a.Y); - copy_conditional(t.a.Y, t.p.Z, wvalue & 1); - - ecp_nistz256_point_add_affine(&p.p, &p.p, &t.a); - } - } else { - p_is_infinity = 1; - no_precomp_for_generator = 1; - } - } else - p_is_infinity = 1; - - if (no_precomp_for_generator) { - /* - * Without a precomputed table for the generator, it has to be - * handled like a normal point. - */ - new_scalars = OPENSSL_malloc((num + 1) * sizeof(BIGNUM *)); - if (new_scalars == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); - goto err; - } - - new_points = OPENSSL_malloc((num + 1) * sizeof(EC_POINT *)); - if (new_points == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); - goto err; - } - - memcpy(new_scalars, scalars, num * sizeof(BIGNUM *)); - new_scalars[num] = scalar; - memcpy(new_points, points, num * sizeof(EC_POINT *)); - new_points[num] = generator; - - scalars = new_scalars; - points = new_points; - num++; - } - - if (num) { - P256_POINT *out = &t.p; - if (p_is_infinity) - out = &p.p; - - if (!ecp_nistz256_windowed_mul(group, out, scalars, points, num, ctx)) - goto err; - - if (!p_is_infinity) - ecp_nistz256_point_add(&p.p, &p.p, out); - } - - /* Not constant-time, but we're only operating on the public output. */ - if (!bn_set_words(r->X, p.p.X, P256_LIMBS) || - !bn_set_words(r->Y, p.p.Y, P256_LIMBS) || - !bn_set_words(r->Z, p.p.Z, P256_LIMBS)) { - goto err; - } - r->Z_is_one = is_one(r->Z) & 1; - - ret = 1; - -err: - BN_CTX_end(ctx); - OPENSSL_free(new_points); - OPENSSL_free(new_scalars); - return ret; -} - -__owur static int ecp_nistz256_get_affine(const EC_GROUP *group, - const EC_POINT *point, - BIGNUM *x, BIGNUM *y, BN_CTX *ctx) -{ - BN_ULONG z_inv2[P256_LIMBS]; - BN_ULONG z_inv3[P256_LIMBS]; - BN_ULONG x_aff[P256_LIMBS]; - BN_ULONG y_aff[P256_LIMBS]; - BN_ULONG point_x[P256_LIMBS], point_y[P256_LIMBS], point_z[P256_LIMBS]; - BN_ULONG x_ret[P256_LIMBS], y_ret[P256_LIMBS]; - - if (EC_POINT_is_at_infinity(group, point)) { - ERR_raise(ERR_LIB_EC, EC_R_POINT_AT_INFINITY); - return 0; - } - - if (!ecp_nistz256_bignum_to_field_elem(point_x, point->X) || - !ecp_nistz256_bignum_to_field_elem(point_y, point->Y) || - !ecp_nistz256_bignum_to_field_elem(point_z, point->Z)) { - ERR_raise(ERR_LIB_EC, EC_R_COORDINATES_OUT_OF_RANGE); - return 0; - } - - ecp_nistz256_mod_inverse(z_inv3, point_z); - ecp_nistz256_sqr_mont(z_inv2, z_inv3); - ecp_nistz256_mul_mont(x_aff, z_inv2, point_x); - - if (x != NULL) { - ecp_nistz256_from_mont(x_ret, x_aff); - if (!bn_set_words(x, x_ret, P256_LIMBS)) - return 0; - } - - if (y != NULL) { - ecp_nistz256_mul_mont(z_inv3, z_inv3, z_inv2); - ecp_nistz256_mul_mont(y_aff, z_inv3, point_y); - ecp_nistz256_from_mont(y_ret, y_aff); - if (!bn_set_words(y, y_ret, P256_LIMBS)) - return 0; - } - - return 1; -} - -static NISTZ256_PRE_COMP *ecp_nistz256_pre_comp_new(const EC_GROUP *group) -{ - NISTZ256_PRE_COMP *ret = NULL; - - if (!group) - return NULL; - - ret = OPENSSL_zalloc(sizeof(*ret)); - - if (ret == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); - return ret; - } - - ret->group = group; - ret->w = 6; /* default */ - ret->references = 1; - - ret->lock = CRYPTO_THREAD_lock_new(); - if (ret->lock == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); - OPENSSL_free(ret); - return NULL; - } - return ret; -} - -NISTZ256_PRE_COMP *EC_nistz256_pre_comp_dup(NISTZ256_PRE_COMP *p) -{ - int i; - if (p != NULL) - CRYPTO_UP_REF(&p->references, &i, p->lock); - return p; -} - -void EC_nistz256_pre_comp_free(NISTZ256_PRE_COMP *pre) -{ - int i; - - if (pre == NULL) - return; - - CRYPTO_DOWN_REF(&pre->references, &i, pre->lock); - REF_PRINT_COUNT("EC_nistz256", pre); - if (i > 0) - return; - REF_ASSERT_ISNT(i < 0); - - OPENSSL_free(pre->precomp_storage); - CRYPTO_THREAD_lock_free(pre->lock); - OPENSSL_free(pre); -} - - -static int ecp_nistz256_window_have_precompute_mult(const EC_GROUP *group) -{ - /* There is a hard-coded table for the default generator. */ - const EC_POINT *generator = EC_GROUP_get0_generator(group); - - if (generator != NULL && ecp_nistz256_is_affine_G(generator)) { - /* There is a hard-coded table for the default generator. */ - return 1; - } - - return HAVEPRECOMP(group, nistz256); -} - -#if defined(__x86_64) || defined(__x86_64__) || \ - defined(_M_AMD64) || defined(_M_X64) || \ - defined(__powerpc64__) || defined(_ARCH_PP64) || \ - defined(__aarch64__) -/* - * Montgomery mul modulo Order(P): res = a*b*2^-256 mod Order(P) - */ -void ecp_nistz256_ord_mul_mont(BN_ULONG res[P256_LIMBS], - const BN_ULONG a[P256_LIMBS], - const BN_ULONG b[P256_LIMBS]); -void ecp_nistz256_ord_sqr_mont(BN_ULONG res[P256_LIMBS], - const BN_ULONG a[P256_LIMBS], - BN_ULONG rep); - -static int ecp_nistz256_inv_mod_ord(const EC_GROUP *group, BIGNUM *r, - const BIGNUM *x, BN_CTX *ctx) -{ - /* RR = 2^512 mod ord(p256) */ - static const BN_ULONG RR[P256_LIMBS] = { - TOBN(0x83244c95,0xbe79eea2), TOBN(0x4699799c,0x49bd6fa6), - TOBN(0x2845b239,0x2b6bec59), TOBN(0x66e12d94,0xf3d95620) - }; - /* The constant 1 (unlike ONE that is one in Montgomery representation) */ - static const BN_ULONG one[P256_LIMBS] = { - TOBN(0,1), TOBN(0,0), TOBN(0,0), TOBN(0,0) - }; - /* - * We don't use entry 0 in the table, so we omit it and address - * with -1 offset. - */ - BN_ULONG table[15][P256_LIMBS]; - BN_ULONG out[P256_LIMBS], t[P256_LIMBS]; - int i, ret = 0; - enum { - i_1 = 0, i_10, i_11, i_101, i_111, i_1010, i_1111, - i_10101, i_101010, i_101111, i_x6, i_x8, i_x16, i_x32 - }; - - /* - * Catch allocation failure early. - */ - if (bn_wexpand(r, P256_LIMBS) == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); - goto err; - } - - if ((BN_num_bits(x) > 256) || BN_is_negative(x)) { - BIGNUM *tmp; - - if ((tmp = BN_CTX_get(ctx)) == NULL - || !BN_nnmod(tmp, x, group->order, ctx)) { - ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); - goto err; - } - x = tmp; - } - - if (!ecp_nistz256_bignum_to_field_elem(t, x)) { - ERR_raise(ERR_LIB_EC, EC_R_COORDINATES_OUT_OF_RANGE); - goto err; - } - - ecp_nistz256_ord_mul_mont(table[0], t, RR); -#if 0 - /* - * Original sparse-then-fixed-window algorithm, retained for reference. - */ - for (i = 2; i < 16; i += 2) { - ecp_nistz256_ord_sqr_mont(table[i-1], table[i/2-1], 1); - ecp_nistz256_ord_mul_mont(table[i], table[i-1], table[0]); - } - - /* - * The top 128bit of the exponent are highly redudndant, so we - * perform an optimized flow - */ - ecp_nistz256_ord_sqr_mont(t, table[15-1], 4); /* f0 */ - ecp_nistz256_ord_mul_mont(t, t, table[15-1]); /* ff */ - - ecp_nistz256_ord_sqr_mont(out, t, 8); /* ff00 */ - ecp_nistz256_ord_mul_mont(out, out, t); /* ffff */ - - ecp_nistz256_ord_sqr_mont(t, out, 16); /* ffff0000 */ - ecp_nistz256_ord_mul_mont(t, t, out); /* ffffffff */ - - ecp_nistz256_ord_sqr_mont(out, t, 64); /* ffffffff0000000000000000 */ - ecp_nistz256_ord_mul_mont(out, out, t); /* ffffffff00000000ffffffff */ - - ecp_nistz256_ord_sqr_mont(out, out, 32); /* ffffffff00000000ffffffff00000000 */ - ecp_nistz256_ord_mul_mont(out, out, t); /* ffffffff00000000ffffffffffffffff */ - - /* - * The bottom 128 bit of the exponent are processed with fixed 4-bit window - */ - for(i = 0; i < 32; i++) { - /* expLo - the low 128 bits of the exponent we use (ord(p256) - 2), - * split into nibbles */ - static const unsigned char expLo[32] = { - 0xb,0xc,0xe,0x6,0xf,0xa,0xa,0xd,0xa,0x7,0x1,0x7,0x9,0xe,0x8,0x4, - 0xf,0x3,0xb,0x9,0xc,0xa,0xc,0x2,0xf,0xc,0x6,0x3,0x2,0x5,0x4,0xf - }; - - ecp_nistz256_ord_sqr_mont(out, out, 4); - /* The exponent is public, no need in constant-time access */ - ecp_nistz256_ord_mul_mont(out, out, table[expLo[i]-1]); - } -#else - /* - * https://briansmith.org/ecc-inversion-addition-chains-01#p256_scalar_inversion - * - * Even though this code path spares 12 squarings, 4.5%, and 13 - * multiplications, 25%, on grand scale sign operation is not that - * much faster, not more that 2%... - */ - - /* pre-calculate powers */ - ecp_nistz256_ord_sqr_mont(table[i_10], table[i_1], 1); - - ecp_nistz256_ord_mul_mont(table[i_11], table[i_1], table[i_10]); - - ecp_nistz256_ord_mul_mont(table[i_101], table[i_11], table[i_10]); - - ecp_nistz256_ord_mul_mont(table[i_111], table[i_101], table[i_10]); - - ecp_nistz256_ord_sqr_mont(table[i_1010], table[i_101], 1); - - ecp_nistz256_ord_mul_mont(table[i_1111], table[i_1010], table[i_101]); - - ecp_nistz256_ord_sqr_mont(table[i_10101], table[i_1010], 1); - ecp_nistz256_ord_mul_mont(table[i_10101], table[i_10101], table[i_1]); - - ecp_nistz256_ord_sqr_mont(table[i_101010], table[i_10101], 1); - - ecp_nistz256_ord_mul_mont(table[i_101111], table[i_101010], table[i_101]); - - ecp_nistz256_ord_mul_mont(table[i_x6], table[i_101010], table[i_10101]); - - ecp_nistz256_ord_sqr_mont(table[i_x8], table[i_x6], 2); - ecp_nistz256_ord_mul_mont(table[i_x8], table[i_x8], table[i_11]); - - ecp_nistz256_ord_sqr_mont(table[i_x16], table[i_x8], 8); - ecp_nistz256_ord_mul_mont(table[i_x16], table[i_x16], table[i_x8]); - - ecp_nistz256_ord_sqr_mont(table[i_x32], table[i_x16], 16); - ecp_nistz256_ord_mul_mont(table[i_x32], table[i_x32], table[i_x16]); - - /* calculations */ - ecp_nistz256_ord_sqr_mont(out, table[i_x32], 64); - ecp_nistz256_ord_mul_mont(out, out, table[i_x32]); - - for (i = 0; i < 27; i++) { - static const struct { unsigned char p, i; } chain[27] = { - { 32, i_x32 }, { 6, i_101111 }, { 5, i_111 }, - { 4, i_11 }, { 5, i_1111 }, { 5, i_10101 }, - { 4, i_101 }, { 3, i_101 }, { 3, i_101 }, - { 5, i_111 }, { 9, i_101111 }, { 6, i_1111 }, - { 2, i_1 }, { 5, i_1 }, { 6, i_1111 }, - { 5, i_111 }, { 4, i_111 }, { 5, i_111 }, - { 5, i_101 }, { 3, i_11 }, { 10, i_101111 }, - { 2, i_11 }, { 5, i_11 }, { 5, i_11 }, - { 3, i_1 }, { 7, i_10101 }, { 6, i_1111 } - }; - - ecp_nistz256_ord_sqr_mont(out, out, chain[i].p); - ecp_nistz256_ord_mul_mont(out, out, table[chain[i].i]); - } -#endif - ecp_nistz256_ord_mul_mont(out, out, one); - - /* - * Can't fail, but check return code to be consistent anyway. - */ - if (!bn_set_words(r, out, P256_LIMBS)) - goto err; - - ret = 1; -err: - return ret; -} -#else -# define ecp_nistz256_inv_mod_ord NULL -#endif - -const EC_METHOD *EC_GFp_nistz256_method(void) -{ - static const EC_METHOD ret = { - EC_FLAGS_DEFAULT_OCT, - NID_X9_62_prime_field, - ossl_ec_GFp_mont_group_init, - ossl_ec_GFp_mont_group_finish, - ossl_ec_GFp_mont_group_clear_finish, - ossl_ec_GFp_mont_group_copy, - ossl_ec_GFp_mont_group_set_curve, - ossl_ec_GFp_simple_group_get_curve, - ossl_ec_GFp_simple_group_get_degree, - ossl_ec_group_simple_order_bits, - ossl_ec_GFp_simple_group_check_discriminant, - ossl_ec_GFp_simple_point_init, - ossl_ec_GFp_simple_point_finish, - ossl_ec_GFp_simple_point_clear_finish, - ossl_ec_GFp_simple_point_copy, - ossl_ec_GFp_simple_point_set_to_infinity, - ossl_ec_GFp_simple_point_set_affine_coordinates, - ecp_nistz256_get_affine, - 0, 0, 0, - ossl_ec_GFp_simple_add, - ossl_ec_GFp_simple_dbl, - ossl_ec_GFp_simple_invert, - ossl_ec_GFp_simple_is_at_infinity, - ossl_ec_GFp_simple_is_on_curve, - ossl_ec_GFp_simple_cmp, - ossl_ec_GFp_simple_make_affine, - ossl_ec_GFp_simple_points_make_affine, - ecp_nistz256_points_mul, /* mul */ - ecp_nistz256_mult_precompute, /* precompute_mult */ - ecp_nistz256_window_have_precompute_mult, /* have_precompute_mult */ - ossl_ec_GFp_mont_field_mul, - ossl_ec_GFp_mont_field_sqr, - 0, /* field_div */ - ossl_ec_GFp_mont_field_inv, - ossl_ec_GFp_mont_field_encode, - ossl_ec_GFp_mont_field_decode, - ossl_ec_GFp_mont_field_set_to_one, - ossl_ec_key_simple_priv2oct, - ossl_ec_key_simple_oct2priv, - 0, /* set private */ - ossl_ec_key_simple_generate_key, - ossl_ec_key_simple_check_key, - ossl_ec_key_simple_generate_public_key, - 0, /* keycopy */ - 0, /* keyfinish */ - ossl_ecdh_simple_compute_key, - ossl_ecdsa_simple_sign_setup, - ossl_ecdsa_simple_sign_sig, - ossl_ecdsa_simple_verify_sig, - ecp_nistz256_inv_mod_ord, /* can be #define-d NULL */ - 0, /* blind_coordinates */ - 0, /* ladder_pre */ - 0, /* ladder_step */ - 0 /* ladder_post */ - }; - - return &ret; -} diff --git a/crypto/ec/ecp_nistz256_table.c b/crypto/ec/ecp_nistz256_table.c deleted file mode 100644 index 71430d4b81421bd95c88d7d4063787f00e499bf0..0000000000000000000000000000000000000000 --- a/crypto/ec/ecp_nistz256_table.c +++ /dev/null @@ -1,9542 +0,0 @@ -/* - * Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * This is the precomputed constant time access table for the code in - * ecp_montp256.c, for the default generator. The table consists of 37 - * subtables, each subtable contains 64 affine points. The affine points are - * encoded as eight uint64's, four for the x coordinate and four for the y. - * Both values are in little-endian order. There are 37 tables because a - * signed, 6-bit wNAF form of the scalar is used and ceil(256/(6 + 1)) = 37. - * Within each table there are 64 values because the 6-bit wNAF value can - * take 64 values, ignoring the sign bit, which is implemented by performing - * a negation of the affine point when required. We would like to align it - * to 2MB in order to increase the chances of using a large page but that - * appears to lead to invalid ELF files being produced. - */ - -#if defined(__GNUC__) -__attribute((aligned(4096))) -#elif defined(_MSC_VER) -__declspec(align(4096)) -#elif defined(__SUNPRO_C) -# pragma align 4096(ecp_nistz256_precomputed) -#endif -static const BN_ULONG ecp_nistz256_precomputed[37][64 * - sizeof(P256_POINT_AFFINE) / - sizeof(BN_ULONG)] = { - {TOBN(0x79e730d4, 0x18a9143c), TOBN(0x75ba95fc, 0x5fedb601), - TOBN(0x79fb732b, 0x77622510), TOBN(0x18905f76, 0xa53755c6), - TOBN(0xddf25357, 0xce95560a), TOBN(0x8b4ab8e4, 0xba19e45c), - TOBN(0xd2e88688, 0xdd21f325), TOBN(0x8571ff18, 0x25885d85), - TOBN(0x850046d4, 0x10ddd64d), TOBN(0xaa6ae3c1, 0xa433827d), - TOBN(0x73220503, 0x8d1490d9), TOBN(0xf6bb32e4, 0x3dcf3a3b), - TOBN(0x2f3648d3, 0x61bee1a5), TOBN(0x152cd7cb, 0xeb236ff8), - TOBN(0x19a8fb0e, 0x92042dbe), TOBN(0x78c57751, 0x0a5b8a3b), - TOBN(0xffac3f90, 0x4eebc127), TOBN(0xb027f84a, 0x087d81fb), - TOBN(0x66ad77dd, 0x87cbbc98), TOBN(0x26936a3f, 0xb6ff747e), - TOBN(0xb04c5c1f, 0xc983a7eb), TOBN(0x583e47ad, 0x0861fe1a), - TOBN(0x78820831, 0x1a2ee98e), TOBN(0xd5f06a29, 0xe587cc07), - TOBN(0x74b0b50d, 0x46918dcc), TOBN(0x4650a6ed, 0xc623c173), - TOBN(0x0cdaacac, 0xe8100af2), TOBN(0x577362f5, 0x41b0176b), - TOBN(0x2d96f24c, 0xe4cbaba6), TOBN(0x17628471, 0xfad6f447), - TOBN(0x6b6c36de, 0xe5ddd22e), TOBN(0x84b14c39, 0x4c5ab863), - TOBN(0xbe1b8aae, 0xc45c61f5), TOBN(0x90ec649a, 0x94b9537d), - TOBN(0x941cb5aa, 0xd076c20c), TOBN(0xc9079605, 0x890523c8), - TOBN(0xeb309b4a, 0xe7ba4f10), TOBN(0x73c568ef, 0xe5eb882b), - TOBN(0x3540a987, 0x7e7a1f68), TOBN(0x73a076bb, 0x2dd1e916), - TOBN(0x40394737, 0x3e77664a), TOBN(0x55ae744f, 0x346cee3e), - TOBN(0xd50a961a, 0x5b17a3ad), TOBN(0x13074b59, 0x54213673), - TOBN(0x93d36220, 0xd377e44b), TOBN(0x299c2b53, 0xadff14b5), - TOBN(0xf424d44c, 0xef639f11), TOBN(0xa4c9916d, 0x4a07f75f), - TOBN(0x0746354e, 0xa0173b4f), TOBN(0x2bd20213, 0xd23c00f7), - TOBN(0xf43eaab5, 0x0c23bb08), TOBN(0x13ba5119, 0xc3123e03), - TOBN(0x2847d030, 0x3f5b9d4d), TOBN(0x6742f2f2, 0x5da67bdd), - TOBN(0xef933bdc, 0x77c94195), TOBN(0xeaedd915, 0x6e240867), - TOBN(0x27f14cd1, 0x9499a78f), TOBN(0x462ab5c5, 0x6f9b3455), - TOBN(0x8f90f02a, 0xf02cfc6b), TOBN(0xb763891e, 0xb265230d), - TOBN(0xf59da3a9, 0x532d4977), TOBN(0x21e3327d, 0xcf9eba15), - TOBN(0x123c7b84, 0xbe60bbf0), TOBN(0x56ec12f2, 0x7706df76), - TOBN(0x75c96e8f, 0x264e20e8), TOBN(0xabe6bfed, 0x59a7a841), - TOBN(0x2cc09c04, 0x44c8eb00), TOBN(0xe05b3080, 0xf0c4e16b), - TOBN(0x1eb7777a, 0xa45f3314), TOBN(0x56af7bed, 0xce5d45e3), - TOBN(0x2b6e019a, 0x88b12f1a), TOBN(0x086659cd, 0xfd835f9b), - TOBN(0x2c18dbd1, 0x9dc21ec8), TOBN(0x98f9868a, 0x0fcf8139), - TOBN(0x737d2cd6, 0x48250b49), TOBN(0xcc61c947, 0x24b3428f), - TOBN(0x0c2b4078, 0x80dd9e76), TOBN(0xc43a8991, 0x383fbe08), - TOBN(0x5f7d2d65, 0x779be5d2), TOBN(0x78719a54, 0xeb3b4ab5), - TOBN(0xea7d260a, 0x6245e404), TOBN(0x9de40795, 0x6e7fdfe0), - TOBN(0x1ff3a415, 0x8dac1ab5), TOBN(0x3e7090f1, 0x649c9073), - TOBN(0x1a768561, 0x2b944e88), TOBN(0x250f939e, 0xe57f61c8), - TOBN(0x0c0daa89, 0x1ead643d), TOBN(0x68930023, 0xe125b88e), - TOBN(0x04b71aa7, 0xd2697768), TOBN(0xabdedef5, 0xca345a33), - TOBN(0x2409d29d, 0xee37385e), TOBN(0x4ee1df77, 0xcb83e156), - TOBN(0x0cac12d9, 0x1cbb5b43), TOBN(0x170ed2f6, 0xca895637), - TOBN(0x28228cfa, 0x8ade6d66), TOBN(0x7ff57c95, 0x53238aca), - TOBN(0xccc42563, 0x4b2ed709), TOBN(0x0e356769, 0x856fd30d), - TOBN(0xbcbcd43f, 0x559e9811), TOBN(0x738477ac, 0x5395b759), - TOBN(0x35752b90, 0xc00ee17f), TOBN(0x68748390, 0x742ed2e3), - TOBN(0x7cd06422, 0xbd1f5bc1), TOBN(0xfbc08769, 0xc9e7b797), - TOBN(0xa242a35b, 0xb0cf664a), TOBN(0x126e48f7, 0x7f9707e3), - TOBN(0x1717bf54, 0xc6832660), TOBN(0xfaae7332, 0xfd12c72e), - TOBN(0x27b52db7, 0x995d586b), TOBN(0xbe29569e, 0x832237c2), - TOBN(0xe8e4193e, 0x2a65e7db), TOBN(0x152706dc, 0x2eaa1bbb), - TOBN(0x72bcd8b7, 0xbc60055b), TOBN(0x03cc23ee, 0x56e27e4b), - TOBN(0xee337424, 0xe4819370), TOBN(0xe2aa0e43, 0x0ad3da09), - TOBN(0x40b8524f, 0x6383c45d), TOBN(0xd7663554, 0x42a41b25), - TOBN(0x64efa6de, 0x778a4797), TOBN(0x2042170a, 0x7079adf4), - TOBN(0x808b0b65, 0x0bc6fb80), TOBN(0x5882e075, 0x3ffe2e6b), - TOBN(0xd5ef2f7c, 0x2c83f549), TOBN(0x54d63c80, 0x9103b723), - TOBN(0xf2f11bd6, 0x52a23f9b), TOBN(0x3670c319, 0x4b0b6587), - TOBN(0x55c4623b, 0xb1580e9e), TOBN(0x64edf7b2, 0x01efe220), - TOBN(0x97091dcb, 0xd53c5c9d), TOBN(0xf17624b6, 0xac0a177b), - TOBN(0xb0f13975, 0x2cfe2dff), TOBN(0xc1a35c0a, 0x6c7a574e), - TOBN(0x227d3146, 0x93e79987), TOBN(0x0575bf30, 0xe89cb80e), - TOBN(0x2f4e247f, 0x0d1883bb), TOBN(0xebd51226, 0x3274c3d0), - TOBN(0x5f3e51c8, 0x56ada97a), TOBN(0x4afc964d, 0x8f8b403e), - TOBN(0xa6f247ab, 0x412e2979), TOBN(0x675abd1b, 0x6f80ebda), - TOBN(0x66a2bd72, 0x5e485a1d), TOBN(0x4b2a5caf, 0x8f4f0b3c), - TOBN(0x2626927f, 0x1b847bba), TOBN(0x6c6fc7d9, 0x0502394d), - TOBN(0xfea912ba, 0xa5659ae8), TOBN(0x68363aba, 0x25e1a16e), - TOBN(0xb8842277, 0x752c41ac), TOBN(0xfe545c28, 0x2897c3fc), - TOBN(0x2d36e9e7, 0xdc4c696b), TOBN(0x5806244a, 0xfba977c5), - TOBN(0x85665e9b, 0xe39508c1), TOBN(0xf720ee25, 0x6d12597b), - TOBN(0x8a979129, 0xd2337a31), TOBN(0x5916868f, 0x0f862bdc), - TOBN(0x048099d9, 0x5dd283ba), TOBN(0xe2d1eeb6, 0xfe5bfb4e), - TOBN(0x82ef1c41, 0x7884005d), TOBN(0xa2d4ec17, 0xffffcbae), - TOBN(0x9161c53f, 0x8aa95e66), TOBN(0x5ee104e1, 0xc5fee0d0), - TOBN(0x562e4cec, 0xc135b208), TOBN(0x74e1b265, 0x4783f47d), - TOBN(0x6d2a506c, 0x5a3f3b30), TOBN(0xecead9f4, 0xc16762fc), - TOBN(0xf29dd4b2, 0xe286e5b9), TOBN(0x1b0fadc0, 0x83bb3c61), - TOBN(0x7a75023e, 0x7fac29a4), TOBN(0xc086d5f1, 0xc9477fa3), - TOBN(0x0fc61135, 0x2f6f3076), TOBN(0xc99ffa23, 0xe3912a9a), - TOBN(0x6a0b0685, 0xd2f8ba3d), TOBN(0xfdc777e8, 0xe93358a4), - TOBN(0x94a787bb, 0x35415f04), TOBN(0x640c2d6a, 0x4d23fea4), - TOBN(0x9de917da, 0x153a35b5), TOBN(0x793e8d07, 0x5d5cd074), - TOBN(0xf4f87653, 0x2de45068), TOBN(0x37c7a7e8, 0x9e2e1f6e), - TOBN(0xd0825fa2, 0xa3584069), TOBN(0xaf2cea7c, 0x1727bf42), - TOBN(0x0360a4fb, 0x9e4785a9), TOBN(0xe5fda49c, 0x27299f4a), - TOBN(0x48068e13, 0x71ac2f71), TOBN(0x83d0687b, 0x9077666f), - TOBN(0x6d3883b2, 0x15d02819), TOBN(0x6d0d7550, 0x40dd9a35), - TOBN(0x61d7cbf9, 0x1d2b469f), TOBN(0xf97b232f, 0x2efc3115), - TOBN(0xa551d750, 0xb24bcbc7), TOBN(0x11ea4949, 0x88a1e356), - TOBN(0x7669f031, 0x93cb7501), TOBN(0x595dc55e, 0xca737b8a), - TOBN(0xa4a319ac, 0xd837879f), TOBN(0x6fc1b49e, 0xed6b67b0), - TOBN(0xe3959933, 0x32f1f3af), TOBN(0x966742eb, 0x65432a2e), - TOBN(0x4b8dc9fe, 0xb4966228), TOBN(0x96cc6312, 0x43f43950), - TOBN(0x12068859, 0xc9b731ee), TOBN(0x7b948dc3, 0x56f79968), - TOBN(0x61e4ad32, 0xed1f8008), TOBN(0xe6c9267a, 0xd8b17538), - TOBN(0x1ac7c5eb, 0x857ff6fb), TOBN(0x994baaa8, 0x55f2fb10), - TOBN(0x84cf14e1, 0x1d248018), TOBN(0x5a39898b, 0x628ac508), - TOBN(0x14fde97b, 0x5fa944f5), TOBN(0xed178030, 0xd12e5ac7), - TOBN(0x042c2af4, 0x97e2feb4), TOBN(0xd36a42d7, 0xaebf7313), - TOBN(0x49d2c9eb, 0x084ffdd7), TOBN(0x9f8aa54b, 0x2ef7c76a), - TOBN(0x9200b7ba, 0x09895e70), TOBN(0x3bd0c66f, 0xddb7fb58), - TOBN(0x2d97d108, 0x78eb4cbb), TOBN(0x2d431068, 0xd84bde31), - TOBN(0x4b523eb7, 0x172ccd1f), TOBN(0x7323cb28, 0x30a6a892), - TOBN(0x97082ec0, 0xcfe153eb), TOBN(0xe97f6b6a, 0xf2aadb97), - TOBN(0x1d3d393e, 0xd1a83da1), TOBN(0xa6a7f9c7, 0x804b2a68), - TOBN(0x4a688b48, 0x2d0cb71e), TOBN(0xa9b4cc5f, 0x40585278), - TOBN(0x5e5db46a, 0xcb66e132), TOBN(0xf1be963a, 0x0d925880), - TOBN(0x944a7027, 0x0317b9e2), TOBN(0xe266f959, 0x48603d48), - TOBN(0x98db6673, 0x5c208899), TOBN(0x90472447, 0xa2fb18a3), - TOBN(0x8a966939, 0x777c619f), TOBN(0x3798142a, 0x2a3be21b), - TOBN(0xb4241cb1, 0x3298b343), TOBN(0xa3a14e49, 0xb44f65a1), - TOBN(0xc5f4d6cd, 0x3ac77acd), TOBN(0xd0288cb5, 0x52b6fc3c), - TOBN(0xd5cc8c2f, 0x1c040abc), TOBN(0xb675511e, 0x06bf9b4a), - TOBN(0xd667da37, 0x9b3aa441), TOBN(0x460d45ce, 0x51601f72), - TOBN(0xe2f73c69, 0x6755ff89), TOBN(0xdd3cf7e7, 0x473017e6), - TOBN(0x8ef5689d, 0x3cf7600d), TOBN(0x948dc4f8, 0xb1fc87b4), - TOBN(0xd9e9fe81, 0x4ea53299), TOBN(0x2d921ca2, 0x98eb6028), - TOBN(0xfaecedfd, 0x0c9803fc), TOBN(0xf38ae891, 0x4d7b4745), - TOBN(0xd8c5fccf, 0xc5e3a3d8), TOBN(0xbefd904c, 0x4079dfbf), - TOBN(0xbc6d6a58, 0xfead0197), TOBN(0x39227077, 0x695532a4), - TOBN(0x09e23e6d, 0xdbef42f5), TOBN(0x7e449b64, 0x480a9908), - TOBN(0x7b969c1a, 0xad9a2e40), TOBN(0x6231d792, 0x9591c2a4), - TOBN(0x87151456, 0x0f664534), TOBN(0x85ceae7c, 0x4b68f103), - TOBN(0xac09c4ae, 0x65578ab9), TOBN(0x33ec6868, 0xf044b10c), - TOBN(0x6ac4832b, 0x3a8ec1f1), TOBN(0x5509d128, 0x5847d5ef), - TOBN(0xf909604f, 0x763f1574), TOBN(0xb16c4303, 0xc32f63c4), - TOBN(0xb6ab2014, 0x7ca23cd3), TOBN(0xcaa7a5c6, 0xa391849d), - TOBN(0x5b0673a3, 0x75678d94), TOBN(0xc982ddd4, 0xdd303e64), - TOBN(0xfd7b000b, 0x5db6f971), TOBN(0xbba2cb1f, 0x6f876f92), - TOBN(0xc77332a3, 0x3c569426), TOBN(0xa159100c, 0x570d74f8), - TOBN(0xfd16847f, 0xdec67ef5), TOBN(0x742ee464, 0x233e76b7), - TOBN(0x0b8e4134, 0xefc2b4c8), TOBN(0xca640b86, 0x42a3e521), - TOBN(0x653a0190, 0x8ceb6aa9), TOBN(0x313c300c, 0x547852d5), - TOBN(0x24e4ab12, 0x6b237af7), TOBN(0x2ba90162, 0x8bb47af8), - TOBN(0x3d5e58d6, 0xa8219bb7), TOBN(0xc691d0bd, 0x1b06c57f), - TOBN(0x0ae4cb10, 0xd257576e), TOBN(0x3569656c, 0xd54a3dc3), - TOBN(0xe5ebaebd, 0x94cda03a), TOBN(0x934e82d3, 0x162bfe13), - TOBN(0x450ac0ba, 0xe251a0c6), TOBN(0x480b9e11, 0xdd6da526), - TOBN(0x00467bc5, 0x8cce08b5), TOBN(0xb636458c, 0x7f178d55), - TOBN(0xc5748bae, 0xa677d806), TOBN(0x2763a387, 0xdfa394eb), - TOBN(0xa12b448a, 0x7d3cebb6), TOBN(0xe7adda3e, 0x6f20d850), - TOBN(0xf63ebce5, 0x1558462c), TOBN(0x58b36143, 0x620088a8), - TOBN(0x8a2cc3ca, 0x4d63c0ee), TOBN(0x51233117, 0x0fe948ce), - TOBN(0x7463fd85, 0x222ef33b), TOBN(0xadf0c7dc, 0x7c603d6c), - TOBN(0x0ec32d3b, 0xfe7765e5), TOBN(0xccaab359, 0xbf380409), - TOBN(0xbdaa84d6, 0x8e59319c), TOBN(0xd9a4c280, 0x9c80c34d), - TOBN(0xa9d89488, 0xa059c142), TOBN(0x6f5ae714, 0xff0b9346), - TOBN(0x068f237d, 0x16fb3664), TOBN(0x5853e4c4, 0x363186ac), - TOBN(0xe2d87d23, 0x63c52f98), TOBN(0x2ec4a766, 0x81828876), - TOBN(0x47b864fa, 0xe14e7b1c), TOBN(0x0c0bc0e5, 0x69192408), - TOBN(0xe4d7681d, 0xb82e9f3e), TOBN(0x83200f0b, 0xdf25e13c), - TOBN(0x8909984c, 0x66f27280), TOBN(0x462d7b00, 0x75f73227), - TOBN(0xd90ba188, 0xf2651798), TOBN(0x74c6e18c, 0x36ab1c34), - TOBN(0xab256ea3, 0x5ef54359), TOBN(0x03466612, 0xd1aa702f), - TOBN(0x624d6049, 0x2ed22e91), TOBN(0x6fdfe0b5, 0x6f072822), - TOBN(0xeeca1115, 0x39ce2271), TOBN(0x98100a4f, 0xdb01614f), - TOBN(0xb6b0daa2, 0xa35c628f), TOBN(0xb6f94d2e, 0xc87e9a47), - TOBN(0xc6773259, 0x1d57d9ce), TOBN(0xf70bfeec, 0x03884a7b), - TOBN(0x5fb35ccf, 0xed2bad01), TOBN(0xa155cbe3, 0x1da6a5c7), - TOBN(0xc2e2594c, 0x30a92f8f), TOBN(0x649c89ce, 0x5bfafe43), - TOBN(0xd158667d, 0xe9ff257a), TOBN(0x9b359611, 0xf32c50ae), - TOBN(0x4b00b20b, 0x906014cf), TOBN(0xf3a8cfe3, 0x89bc7d3d), - TOBN(0x4ff23ffd, 0x248a7d06), TOBN(0x80c5bfb4, 0x878873fa), - TOBN(0xb7d9ad90, 0x05745981), TOBN(0x179c85db, 0x3db01994), - TOBN(0xba41b062, 0x61a6966c), TOBN(0x4d82d052, 0xeadce5a8), - TOBN(0x9e91cd3b, 0xa5e6a318), TOBN(0x47795f4f, 0x95b2dda0), - TOBN(0xecfd7c1f, 0xd55a897c), TOBN(0x009194ab, 0xb29110fb), - TOBN(0x5f0e2046, 0xe381d3b0), TOBN(0x5f3425f6, 0xa98dd291), - TOBN(0xbfa06687, 0x730d50da), TOBN(0x0423446c, 0x4b083b7f), - TOBN(0x397a247d, 0xd69d3417), TOBN(0xeb629f90, 0x387ba42a), - TOBN(0x1ee426cc, 0xd5cd79bf), TOBN(0x0032940b, 0x946c6e18), - TOBN(0x1b1e8ae0, 0x57477f58), TOBN(0xe94f7d34, 0x6d823278), - TOBN(0xc747cb96, 0x782ba21a), TOBN(0xc5254469, 0xf72b33a5), - TOBN(0x772ef6de, 0xc7f80c81), TOBN(0xd73acbfe, 0x2cd9e6b5), - TOBN(0x4075b5b1, 0x49ee90d9), TOBN(0x785c339a, 0xa06e9eba), - TOBN(0xa1030d5b, 0xabf825e0), TOBN(0xcec684c3, 0xa42931dc), - TOBN(0x42ab62c9, 0xc1586e63), TOBN(0x45431d66, 0x5ab43f2b), - TOBN(0x57c8b2c0, 0x55f7835d), TOBN(0x033da338, 0xc1b7f865), - TOBN(0x283c7513, 0xcaa76097), TOBN(0x0a624fa9, 0x36c83906), - TOBN(0x6b20afec, 0x715af2c7), TOBN(0x4b969974, 0xeba78bfd), - TOBN(0x220755cc, 0xd921d60e), TOBN(0x9b944e10, 0x7baeca13), - TOBN(0x04819d51, 0x5ded93d4), TOBN(0x9bbff86e, 0x6dddfd27), - TOBN(0x6b344130, 0x77adc612), TOBN(0xa7496529, 0xbbd803a0), - TOBN(0x1a1baaa7, 0x6d8805bd), TOBN(0xc8403902, 0x470343ad), - TOBN(0x39f59f66, 0x175adff1), TOBN(0x0b26d7fb, 0xb7d8c5b7), - TOBN(0xa875f5ce, 0x529d75e3), TOBN(0x85efc7e9, 0x41325cc2), - TOBN(0x21950b42, 0x1ff6acd3), TOBN(0xffe70484, 0x53dc6909), - TOBN(0xff4cd0b2, 0x28766127), TOBN(0xabdbe608, 0x4fb7db2b), - TOBN(0x837c9228, 0x5e1109e8), TOBN(0x26147d27, 0xf4645b5a), - TOBN(0x4d78f592, 0xf7818ed8), TOBN(0xd394077e, 0xf247fa36), - TOBN(0x0fb9c2d0, 0x488c171a), TOBN(0xa78bfbaa, 0x13685278), - TOBN(0xedfbe268, 0xd5b1fa6a), TOBN(0x0dceb8db, 0x2b7eaba7), - TOBN(0xbf9e8089, 0x9ae2b710), TOBN(0xefde7ae6, 0xa4449c96), - TOBN(0x43b7716b, 0xcc143a46), TOBN(0xd7d34194, 0xc3628c13), - TOBN(0x508cec1c, 0x3b3f64c9), TOBN(0xe20bc0ba, 0x1e5edf3f), - TOBN(0xda1deb85, 0x2f4318d4), TOBN(0xd20ebe0d, 0x5c3fa443), - TOBN(0x370b4ea7, 0x73241ea3), TOBN(0x61f1511c, 0x5e1a5f65), - TOBN(0x99a5e23d, 0x82681c62), TOBN(0xd731e383, 0xa2f54c2d), - TOBN(0x2692f36e, 0x83445904), TOBN(0x2e0ec469, 0xaf45f9c0), - TOBN(0x905a3201, 0xc67528b7), TOBN(0x88f77f34, 0xd0e5e542), - TOBN(0xf67a8d29, 0x5864687c), TOBN(0x23b92eae, 0x22df3562), - TOBN(0x5c27014b, 0x9bbec39e), TOBN(0x7ef2f226, 0x9c0f0f8d), - TOBN(0x97359638, 0x546c4d8d), TOBN(0x5f9c3fc4, 0x92f24679), - TOBN(0x912e8bed, 0xa8c8acd9), TOBN(0xec3a318d, 0x306634b0), - TOBN(0x80167f41, 0xc31cb264), TOBN(0x3db82f6f, 0x522113f2), - TOBN(0xb155bcd2, 0xdcafe197), TOBN(0xfba1da59, 0x43465283), - TOBN(0xa0425b8e, 0xb212cf53), TOBN(0x4f2e512e, 0xf8557c5f), - TOBN(0xc1286ff9, 0x25c4d56c), TOBN(0xbb8a0fea, 0xee26c851), - TOBN(0xc28f70d2, 0xe7d6107e), TOBN(0x7ee0c444, 0xe76265aa), - TOBN(0x3df277a4, 0x1d1936b1), TOBN(0x1a556e3f, 0xea9595eb), - TOBN(0x258bbbf9, 0xe7305683), TOBN(0x31eea5bf, 0x07ef5be6), - TOBN(0x0deb0e4a, 0x46c814c1), TOBN(0x5cee8449, 0xa7b730dd), - TOBN(0xeab495c5, 0xa0182bde), TOBN(0xee759f87, 0x9e27a6b4), - TOBN(0xc2cf6a68, 0x80e518ca), TOBN(0x25e8013f, 0xf14cf3f4), - TOBN(0x8fc44140, 0x7e8d7a14), TOBN(0xbb1ff3ca, 0x9556f36a), - TOBN(0x6a844385, 0x14600044), TOBN(0xba3f0c4a, 0x7451ae63), - TOBN(0xdfcac25b, 0x1f9af32a), TOBN(0x01e0db86, 0xb1f2214b), - TOBN(0x4e9a5bc2, 0xa4b596ac), TOBN(0x83927681, 0x026c2c08), - TOBN(0x3ec832e7, 0x7acaca28), TOBN(0x1bfeea57, 0xc7385b29), - TOBN(0x068212e3, 0xfd1eaf38), TOBN(0xc1329830, 0x6acf8ccc), - TOBN(0xb909f2db, 0x2aac9e59), TOBN(0x5748060d, 0xb661782a), - TOBN(0xc5ab2632, 0xc79b7a01), TOBN(0xda44c6c6, 0x00017626), - TOBN(0xf26c00e8, 0xa7ea82f0), TOBN(0x99cac80d, 0xe4299aaf), - TOBN(0xd66fe3b6, 0x7ed78be1), TOBN(0x305f725f, 0x648d02cd), - TOBN(0x33ed1bc4, 0x623fb21b), TOBN(0xfa70533e, 0x7a6319ad), - TOBN(0x17ab562d, 0xbe5ffb3e), TOBN(0x06374994, 0x56674741), - TOBN(0x69d44ed6, 0x5c46aa8e), TOBN(0x2100d5d3, 0xa8d063d1), - TOBN(0xcb9727ea, 0xa2d17c36), TOBN(0x4c2bab1b, 0x8add53b7), - TOBN(0xa084e90c, 0x15426704), TOBN(0x778afcd3, 0xa837ebea), - TOBN(0x6651f701, 0x7ce477f8), TOBN(0xa0624998, 0x46fb7a8b), - TOBN(0xdc1e6828, 0xed8a6e19), TOBN(0x33fc2336, 0x4189d9c7), - TOBN(0x026f8fe2, 0x671c39bc), TOBN(0xd40c4ccd, 0xbc6f9915), - TOBN(0xafa135bb, 0xf80e75ca), TOBN(0x12c651a0, 0x22adff2c), - TOBN(0xc40a04bd, 0x4f51ad96), TOBN(0x04820109, 0xbbe4e832), - TOBN(0x3667eb1a, 0x7f4c04cc), TOBN(0x59556621, 0xa9404f84), - TOBN(0x71cdf653, 0x7eceb50a), TOBN(0x994a44a6, 0x9b8335fa), - TOBN(0xd7faf819, 0xdbeb9b69), TOBN(0x473c5680, 0xeed4350d), - TOBN(0xb6658466, 0xda44bba2), TOBN(0x0d1bc780, 0x872bdbf3), - TOBN(0xe535f175, 0xa1962f91), TOBN(0x6ed7e061, 0xed58f5a7), - TOBN(0x177aa4c0, 0x2089a233), TOBN(0x0dbcb03a, 0xe539b413), - TOBN(0xe3dc424e, 0xbb32e38e), TOBN(0x6472e5ef, 0x6806701e), - TOBN(0xdd47ff98, 0x814be9ee), TOBN(0x6b60cfff, 0x35ace009), - TOBN(0xb8d3d931, 0x9ff91fe5), TOBN(0x039c4800, 0xf0518eed), - TOBN(0x95c37632, 0x9182cb26), TOBN(0x0763a434, 0x82fc568d), - TOBN(0x707c04d5, 0x383e76ba), TOBN(0xac98b930, 0x824e8197), - TOBN(0x92bf7c8f, 0x91230de0), TOBN(0x90876a01, 0x40959b70), - TOBN(0xdb6d96f3, 0x05968b80), TOBN(0x380a0913, 0x089f73b9), - TOBN(0x7da70b83, 0xc2c61e01), TOBN(0x95fb8394, 0x569b38c7), - TOBN(0x9a3c6512, 0x80edfe2f), TOBN(0x8f726bb9, 0x8faeaf82), - TOBN(0x8010a4a0, 0x78424bf8), TOBN(0x29672044, 0x0e844970)} - , - {TOBN(0x63c5cb81, 0x7a2ad62a), TOBN(0x7ef2b6b9, 0xac62ff54), - TOBN(0x3749bba4, 0xb3ad9db5), TOBN(0xad311f2c, 0x46d5a617), - TOBN(0xb77a8087, 0xc2ff3b6d), TOBN(0xb46feaf3, 0x367834ff), - TOBN(0xf8aa266d, 0x75d6b138), TOBN(0xfa38d320, 0xec008188), - TOBN(0x486d8ffa, 0x696946fc), TOBN(0x50fbc6d8, 0xb9cba56d), - TOBN(0x7e3d423e, 0x90f35a15), TOBN(0x7c3da195, 0xc0dd962c), - TOBN(0xe673fdb0, 0x3cfd5d8b), TOBN(0x0704b7c2, 0x889dfca5), - TOBN(0xf6ce581f, 0xf52305aa), TOBN(0x399d49eb, 0x914d5e53), - TOBN(0x380a496d, 0x6ec293cd), TOBN(0x733dbda7, 0x8e7051f5), - TOBN(0x037e388d, 0xb849140a), TOBN(0xee4b32b0, 0x5946dbf6), - TOBN(0xb1c4fda9, 0xcae368d1), TOBN(0x5001a7b0, 0xfdb0b2f3), - TOBN(0x6df59374, 0x2e3ac46e), TOBN(0x4af675f2, 0x39b3e656), - TOBN(0x44e38110, 0x39949296), TOBN(0x5b63827b, 0x361db1b5), - TOBN(0x3e5323ed, 0x206eaff5), TOBN(0x942370d2, 0xc21f4290), - TOBN(0xf2caaf2e, 0xe0d985a1), TOBN(0x192cc64b, 0x7239846d), - TOBN(0x7c0b8f47, 0xae6312f8), TOBN(0x7dc61f91, 0x96620108), - TOBN(0xb830fb5b, 0xc2da7de9), TOBN(0xd0e643df, 0x0ff8d3be), - TOBN(0x31ee77ba, 0x188a9641), TOBN(0x4e8aa3aa, 0xbcf6d502), - TOBN(0xf9fb6532, 0x9a49110f), TOBN(0xd18317f6, 0x2dd6b220), - TOBN(0x7e3ced41, 0x52c3ea5a), TOBN(0x0d296a14, 0x7d579c4a), - TOBN(0x35d6a53e, 0xed4c3717), TOBN(0x9f8240cf, 0x3d0ed2a3), - TOBN(0x8c0d4d05, 0xe5543aa5), TOBN(0x45d5bbfb, 0xdd33b4b4), - TOBN(0xfa04cc73, 0x137fd28e), TOBN(0x862ac6ef, 0xc73b3ffd), - TOBN(0x403ff9f5, 0x31f51ef2), TOBN(0x34d5e0fc, 0xbc73f5a2), - TOBN(0xf2526820, 0x08913f4f), TOBN(0xea20ed61, 0xeac93d95), - TOBN(0x51ed38b4, 0x6ca6b26c), TOBN(0x8662dcbc, 0xea4327b0), - TOBN(0x6daf295c, 0x725d2aaa), TOBN(0xbad2752f, 0x8e52dcda), - TOBN(0x2210e721, 0x0b17dacc), TOBN(0xa37f7912, 0xd51e8232), - TOBN(0x4f7081e1, 0x44cc3add), TOBN(0xd5ffa1d6, 0x87be82cf), - TOBN(0x89890b6c, 0x0edd6472), TOBN(0xada26e1a, 0x3ed17863), - TOBN(0x276f2715, 0x63483caa), TOBN(0xe6924cd9, 0x2f6077fd), - TOBN(0x05a7fe98, 0x0a466e3c), TOBN(0xf1c794b0, 0xb1902d1f), - TOBN(0xe5213688, 0x82a8042c), TOBN(0xd931cfaf, 0xcd278298), - TOBN(0x069a0ae0, 0xf597a740), TOBN(0x0adbb3f3, 0xeb59107c), - TOBN(0x983e951e, 0x5eaa8eb8), TOBN(0xe663a8b5, 0x11b48e78), - TOBN(0x1631cc0d, 0x8a03f2c5), TOBN(0x7577c11e, 0x11e271e2), - TOBN(0x33b2385c, 0x08369a90), TOBN(0x2990c59b, 0x190eb4f8), - TOBN(0x819a6145, 0xc68eac80), TOBN(0x7a786d62, 0x2ec4a014), - TOBN(0x33faadbe, 0x20ac3a8d), TOBN(0x31a21781, 0x5aba2d30), - TOBN(0x209d2742, 0xdba4f565), TOBN(0xdb2ce9e3, 0x55aa0fbb), - TOBN(0x8cef334b, 0x168984df), TOBN(0xe81dce17, 0x33879638), - TOBN(0xf6e6949c, 0x263720f0), TOBN(0x5c56feaf, 0xf593cbec), - TOBN(0x8bff5601, 0xfde58c84), TOBN(0x74e24117, 0x2eccb314), - TOBN(0xbcf01b61, 0x4c9a8a78), TOBN(0xa233e35e, 0x544c9868), - TOBN(0xb3156bf3, 0x8bd7aff1), TOBN(0x1b5ee4cb, 0x1d81b146), - TOBN(0x7ba1ac41, 0xd628a915), TOBN(0x8f3a8f9c, 0xfd89699e), - TOBN(0x7329b9c9, 0xa0748be7), TOBN(0x1d391c95, 0xa92e621f), - TOBN(0xe51e6b21, 0x4d10a837), TOBN(0xd255f53a, 0x4947b435), - TOBN(0x07669e04, 0xf1788ee3), TOBN(0xc14f27af, 0xa86938a2), - TOBN(0x8b47a334, 0xe93a01c0), TOBN(0xff627438, 0xd9366808), - TOBN(0x7a0985d8, 0xca2a5965), TOBN(0x3d9a5542, 0xd6e9b9b3), - TOBN(0xc23eb80b, 0x4cf972e8), TOBN(0x5c1c33bb, 0x4fdf72fd), - TOBN(0x0c4a58d4, 0x74a86108), TOBN(0xf8048a8f, 0xee4c5d90), - TOBN(0xe3c7c924, 0xe86d4c80), TOBN(0x28c889de, 0x056a1e60), - TOBN(0x57e2662e, 0xb214a040), TOBN(0xe8c48e98, 0x37e10347), - TOBN(0x87742862, 0x80ac748a), TOBN(0xf1c24022, 0x186b06f2), - TOBN(0xac2dd4c3, 0x5f74040a), TOBN(0x409aeb71, 0xfceac957), - TOBN(0x4fbad782, 0x55c4ec23), TOBN(0xb359ed61, 0x8a7b76ec), - TOBN(0x12744926, 0xed6f4a60), TOBN(0xe21e8d7f, 0x4b912de3), - TOBN(0xe2575a59, 0xfc705a59), TOBN(0x72f1d4de, 0xed2dbc0e), - TOBN(0x3d2b24b9, 0xeb7926b8), TOBN(0xbff88cb3, 0xcdbe5509), - TOBN(0xd0f399af, 0xe4dd640b), TOBN(0x3c5fe130, 0x2f76ed45), - TOBN(0x6f3562f4, 0x3764fb3d), TOBN(0x7b5af318, 0x3151b62d), - TOBN(0xd5bd0bc7, 0xd79ce5f3), TOBN(0xfdaf6b20, 0xec66890f), - TOBN(0x735c67ec, 0x6063540c), TOBN(0x50b259c2, 0xe5f9cb8f), - TOBN(0xb8734f9a, 0x3f99c6ab), TOBN(0xf8cc13d5, 0xa3a7bc85), - TOBN(0x80c1b305, 0xc5217659), TOBN(0xfe5364d4, 0x4ec12a54), - TOBN(0xbd87045e, 0x681345fe), TOBN(0x7f8efeb1, 0x582f897f), - TOBN(0xe8cbf1e5, 0xd5923359), TOBN(0xdb0cea9d, 0x539b9fb0), - TOBN(0x0c5b34cf, 0x49859b98), TOBN(0x5e583c56, 0xa4403cc6), - TOBN(0x11fc1a2d, 0xd48185b7), TOBN(0xc93fbc7e, 0x6e521787), - TOBN(0x47e7a058, 0x05105b8b), TOBN(0x7b4d4d58, 0xdb8260c8), - TOBN(0xe33930b0, 0x46eb842a), TOBN(0x8e844a9a, 0x7bdae56d), - TOBN(0x34ef3a9e, 0x13f7fdfc), TOBN(0xb3768f82, 0x636ca176), - TOBN(0x2821f4e0, 0x4e09e61c), TOBN(0x414dc3a1, 0xa0c7cddc), - TOBN(0xd5379437, 0x54945fcd), TOBN(0x151b6eef, 0xb3555ff1), - TOBN(0xb31bd613, 0x6339c083), TOBN(0x39ff8155, 0xdfb64701), - TOBN(0x7c3388d2, 0xe29604ab), TOBN(0x1e19084b, 0xa6b10442), - TOBN(0x17cf54c0, 0xeccd47ef), TOBN(0x89693385, 0x4a5dfb30), - TOBN(0x69d023fb, 0x47daf9f6), TOBN(0x9222840b, 0x7d91d959), - TOBN(0x439108f5, 0x803bac62), TOBN(0x0b7dd91d, 0x379bd45f), - TOBN(0xd651e827, 0xca63c581), TOBN(0x5c5d75f6, 0x509c104f), - TOBN(0x7d5fc738, 0x1f2dc308), TOBN(0x20faa7bf, 0xd98454be), - TOBN(0x95374bee, 0xa517b031), TOBN(0xf036b9b1, 0x642692ac), - TOBN(0xc5106109, 0x39842194), TOBN(0xb7e2353e, 0x49d05295), - TOBN(0xfc8c1d5c, 0xefb42ee0), TOBN(0xe04884eb, 0x08ce811c), - TOBN(0xf1f75d81, 0x7419f40e), TOBN(0x5b0ac162, 0xa995c241), - TOBN(0x120921bb, 0xc4c55646), TOBN(0x713520c2, 0x8d33cf97), - TOBN(0xb4a65a5c, 0xe98c5100), TOBN(0x6cec871d, 0x2ddd0f5a), - TOBN(0x251f0b7f, 0x9ba2e78b), TOBN(0x224a8434, 0xce3a2a5f), - TOBN(0x26827f61, 0x25f5c46f), TOBN(0x6a22bedc, 0x48545ec0), - TOBN(0x25ae5fa0, 0xb1bb5cdc), TOBN(0xd693682f, 0xfcb9b98f), - TOBN(0x32027fe8, 0x91e5d7d3), TOBN(0xf14b7d17, 0x73a07678), - TOBN(0xf88497b3, 0xc0dfdd61), TOBN(0xf7c2eec0, 0x2a8c4f48), - TOBN(0xaa5573f4, 0x3756e621), TOBN(0xc013a240, 0x1825b948), - TOBN(0x1c03b345, 0x63878572), TOBN(0xa0472bea, 0x653a4184), - TOBN(0xf4222e27, 0x0ac69a80), TOBN(0x34096d25, 0xf51e54f6), - TOBN(0x00a648cb, 0x8fffa591), TOBN(0x4e87acdc, 0x69b6527f), - TOBN(0x0575e037, 0xe285ccb4), TOBN(0x188089e4, 0x50ddcf52), - TOBN(0xaa96c9a8, 0x870ff719), TOBN(0x74a56cd8, 0x1fc7e369), - TOBN(0x41d04ee2, 0x1726931a), TOBN(0x0bbbb2c8, 0x3660ecfd), - TOBN(0xa6ef6de5, 0x24818e18), TOBN(0xe421cc51, 0xe7d57887), - TOBN(0xf127d208, 0xbea87be6), TOBN(0x16a475d3, 0xb1cdd682), - TOBN(0x9db1b684, 0x439b63f7), TOBN(0x5359b3db, 0xf0f113b6), - TOBN(0xdfccf1de, 0x8bf06e31), TOBN(0x1fdf8f44, 0xdd383901), - TOBN(0x10775cad, 0x5017e7d2), TOBN(0xdfc3a597, 0x58d11eef), - TOBN(0x6ec9c8a0, 0xb1ecff10), TOBN(0xee6ed6cc, 0x28400549), - TOBN(0xb5ad7bae, 0x1b4f8d73), TOBN(0x61b4f11d, 0xe00aaab9), - TOBN(0x7b32d69b, 0xd4eff2d7), TOBN(0x88ae6771, 0x4288b60f), - TOBN(0x159461b4, 0x37a1e723), TOBN(0x1f3d4789, 0x570aae8c), - TOBN(0x869118c0, 0x7f9871da), TOBN(0x35fbda78, 0xf635e278), - TOBN(0x738f3641, 0xe1541dac), TOBN(0x6794b13a, 0xc0dae45f), - TOBN(0x065064ac, 0x09cc0917), TOBN(0x27c53729, 0xc68540fd), - TOBN(0x0d2d4c8e, 0xef227671), TOBN(0xd23a9f80, 0xa1785a04), - TOBN(0x98c59528, 0x52650359), TOBN(0xfa09ad01, 0x74a1acad), - TOBN(0x082d5a29, 0x0b55bf5c), TOBN(0xa40f1c67, 0x419b8084), - TOBN(0x3a5c752e, 0xdcc18770), TOBN(0x4baf1f2f, 0x8825c3a5), - TOBN(0xebd63f74, 0x21b153ed), TOBN(0xa2383e47, 0xb2f64723), - TOBN(0xe7bf620a, 0x2646d19a), TOBN(0x56cb44ec, 0x03c83ffd), - TOBN(0xaf7267c9, 0x4f6be9f1), TOBN(0x8b2dfd7b, 0xc06bb5e9), - TOBN(0xb87072f2, 0xa672c5c7), TOBN(0xeacb11c8, 0x0d53c5e2), - TOBN(0x22dac29d, 0xff435932), TOBN(0x37bdb99d, 0x4408693c), - TOBN(0xf6e62fb6, 0x2899c20f), TOBN(0x3535d512, 0x447ece24), - TOBN(0xfbdc6b88, 0xff577ce3), TOBN(0x726693bd, 0x190575f2), - TOBN(0x6772b0e5, 0xab4b35a2), TOBN(0x1d8b6001, 0xf5eeaacf), - TOBN(0x728f7ce4, 0x795b9580), TOBN(0x4a20ed2a, 0x41fb81da), - TOBN(0x9f685cd4, 0x4fec01e6), TOBN(0x3ed7ddcc, 0xa7ff50ad), - TOBN(0x460fd264, 0x0c2d97fd), TOBN(0x3a241426, 0xeb82f4f9), - TOBN(0x17d1df2c, 0x6a8ea820), TOBN(0xb2b50d3b, 0xf22cc254), - TOBN(0x03856cba, 0xb7291426), TOBN(0x87fd26ae, 0x04f5ee39), - TOBN(0x9cb696cc, 0x02bee4ba), TOBN(0x53121804, 0x06820fd6), - TOBN(0xa5dfc269, 0x0212e985), TOBN(0x666f7ffa, 0x160f9a09), - TOBN(0xc503cd33, 0xbccd9617), TOBN(0x365dede4, 0xba7730a3), - TOBN(0x798c6355, 0x5ddb0786), TOBN(0xa6c3200e, 0xfc9cd3bc), - TOBN(0x060ffb2c, 0xe5e35efd), TOBN(0x99a4e25b, 0x5555a1c1), - TOBN(0x11d95375, 0xf70b3751), TOBN(0x0a57354a, 0x160e1bf6), - TOBN(0xecb3ae4b, 0xf8e4b065), TOBN(0x07a834c4, 0x2e53022b), - TOBN(0x1cd300b3, 0x8692ed96), TOBN(0x16a6f792, 0x61ee14ec), - TOBN(0x8f1063c6, 0x6a8649ed), TOBN(0xfbcdfcfe, 0x869f3e14), - TOBN(0x2cfb97c1, 0x00a7b3ec), TOBN(0xcea49b3c, 0x7130c2f1), - TOBN(0x462d044f, 0xe9d96488), TOBN(0x4b53d52e, 0x8182a0c1), - TOBN(0x84b6ddd3, 0x0391e9e9), TOBN(0x80ab7b48, 0xb1741a09), - TOBN(0xec0e15d4, 0x27d3317f), TOBN(0x8dfc1ddb, 0x1a64671e), - TOBN(0x93cc5d5f, 0xd49c5b92), TOBN(0xc995d53d, 0x3674a331), - TOBN(0x302e41ec, 0x090090ae), TOBN(0x2278a0cc, 0xedb06830), - TOBN(0x1d025932, 0xfbc99690), TOBN(0x0c32fbd2, 0xb80d68da), - TOBN(0xd79146da, 0xf341a6c1), TOBN(0xae0ba139, 0x1bef68a0), - TOBN(0xc6b8a563, 0x8d774b3a), TOBN(0x1cf307bd, 0x880ba4d7), - TOBN(0xc033bdc7, 0x19803511), TOBN(0xa9f97b3b, 0x8888c3be), - TOBN(0x3d68aebc, 0x85c6d05e), TOBN(0xc3b88a9d, 0x193919eb), - TOBN(0x2d300748, 0xc48b0ee3), TOBN(0x7506bc7c, 0x07a746c1), - TOBN(0xfc48437c, 0x6e6d57f3), TOBN(0x5bd71587, 0xcfeaa91a), - TOBN(0xa4ed0408, 0xc1bc5225), TOBN(0xd0b946db, 0x2719226d), - TOBN(0x109ecd62, 0x758d2d43), TOBN(0x75c8485a, 0x2751759b), - TOBN(0xb0b75f49, 0x9ce4177a), TOBN(0x4fa61a1e, 0x79c10c3d), - TOBN(0xc062d300, 0xa167fcd7), TOBN(0x4df3874c, 0x750f0fa8), - TOBN(0x29ae2cf9, 0x83dfedc9), TOBN(0xf8437134, 0x8d87631a), - TOBN(0xaf571711, 0x7429c8d2), TOBN(0x18d15867, 0x146d9272), - TOBN(0x83053ecf, 0x69769bb7), TOBN(0xc55eb856, 0xc479ab82), - TOBN(0x5ef7791c, 0x21b0f4b2), TOBN(0xaa5956ba, 0x3d491525), - TOBN(0x407a96c2, 0x9fe20eba), TOBN(0xf27168bb, 0xe52a5ad3), - TOBN(0x43b60ab3, 0xbf1d9d89), TOBN(0xe45c51ef, 0x710e727a), - TOBN(0xdfca5276, 0x099b4221), TOBN(0x8dc6407c, 0x2557a159), - TOBN(0x0ead8335, 0x91035895), TOBN(0x0a9db957, 0x9c55dc32), - TOBN(0xe40736d3, 0xdf61bc76), TOBN(0x13a619c0, 0x3f778cdb), - TOBN(0x6dd921a4, 0xc56ea28f), TOBN(0x76a52433, 0x2fa647b4), - TOBN(0x23591891, 0xac5bdc5d), TOBN(0xff4a1a72, 0xbac7dc01), - TOBN(0x9905e261, 0x62df8453), TOBN(0x3ac045df, 0xe63b265f), - TOBN(0x8a3f341b, 0xad53dba7), TOBN(0x8ec269cc, 0x837b625a), - TOBN(0xd71a2782, 0x3ae31189), TOBN(0x8fb4f9a3, 0x55e96120), - TOBN(0x804af823, 0xff9875cf), TOBN(0x23224f57, 0x5d442a9b), - TOBN(0x1c4d3b9e, 0xecc62679), TOBN(0x91da22fb, 0xa0e7ddb1), - TOBN(0xa370324d, 0x6c04a661), TOBN(0x9710d3b6, 0x5e376d17), - TOBN(0xed8c98f0, 0x3044e357), TOBN(0xc364ebbe, 0x6422701c), - TOBN(0x347f5d51, 0x7733d61c), TOBN(0xd55644b9, 0xcea826c3), - TOBN(0x80c6e0ad, 0x55a25548), TOBN(0x0aa7641d, 0x844220a7), - TOBN(0x1438ec81, 0x31810660), TOBN(0x9dfa6507, 0xde4b4043), - TOBN(0x10b515d8, 0xcc3e0273), TOBN(0x1b6066dd, 0x28d8cfb2), - TOBN(0xd3b04591, 0x9c9efebd), TOBN(0x425d4bdf, 0xa21c1ff4), - TOBN(0x5fe5af19, 0xd57607d3), TOBN(0xbbf773f7, 0x54481084), - TOBN(0x8435bd69, 0x94b03ed1), TOBN(0xd9ad1de3, 0x634cc546), - TOBN(0x2cf423fc, 0x00e420ca), TOBN(0xeed26d80, 0xa03096dd), - TOBN(0xd7f60be7, 0xa4db09d2), TOBN(0xf47f569d, 0x960622f7), - TOBN(0xe5925fd7, 0x7296c729), TOBN(0xeff2db26, 0x26ca2715), - TOBN(0xa6fcd014, 0xb913e759), TOBN(0x53da4786, 0x8ff4de93), - TOBN(0x14616d79, 0xc32068e1), TOBN(0xb187d664, 0xccdf352e), - TOBN(0xf7afb650, 0x1dc90b59), TOBN(0x8170e943, 0x7daa1b26), - TOBN(0xc8e3bdd8, 0x700c0a84), TOBN(0x6e8d345f, 0x6482bdfa), - TOBN(0x84cfbfa1, 0xc5c5ea50), TOBN(0xd3baf14c, 0x67960681), - TOBN(0x26398403, 0x0dd50942), TOBN(0xe4b7839c, 0x4716a663), - TOBN(0xd5f1f794, 0xe7de6dc0), TOBN(0x5cd0f4d4, 0x622aa7ce), - TOBN(0x5295f3f1, 0x59acfeec), TOBN(0x8d933552, 0x953e0607), - TOBN(0xc7db8ec5, 0x776c5722), TOBN(0xdc467e62, 0x2b5f290c), - TOBN(0xd4297e70, 0x4ff425a9), TOBN(0x4be924c1, 0x0cf7bb72), - TOBN(0x0d5dc5ae, 0xa1892131), TOBN(0x8bf8a8e3, 0xa705c992), - TOBN(0x73a0b064, 0x7a305ac5), TOBN(0x00c9ca4e, 0x9a8c77a8), - TOBN(0x5dfee80f, 0x83774bdd), TOBN(0x63131602, 0x85734485), - TOBN(0xa1b524ae, 0x914a69a9), TOBN(0xebc2ffaf, 0xd4e300d7), - TOBN(0x52c93db7, 0x7cfa46a5), TOBN(0x71e6161f, 0x21653b50), - TOBN(0x3574fc57, 0xa4bc580a), TOBN(0xc09015dd, 0xe1bc1253), - TOBN(0x4b7b47b2, 0xd174d7aa), TOBN(0x4072d8e8, 0xf3a15d04), - TOBN(0xeeb7d47f, 0xd6fa07ed), TOBN(0x6f2b9ff9, 0xedbdafb1), - TOBN(0x18c51615, 0x3760fe8a), TOBN(0x7a96e6bf, 0xf06c6c13), - TOBN(0x4d7a0410, 0x0ea2d071), TOBN(0xa1914e9b, 0x0be2a5ce), - TOBN(0x5726e357, 0xd8a3c5cf), TOBN(0x1197ecc3, 0x2abb2b13), - TOBN(0x6c0d7f7f, 0x31ae88dd), TOBN(0x15b20d1a, 0xfdbb3efe), - TOBN(0xcd06aa26, 0x70584039), TOBN(0x2277c969, 0xa7dc9747), - TOBN(0xbca69587, 0x7855d815), TOBN(0x899ea238, 0x5188b32a), - TOBN(0x37d9228b, 0x760c1c9d), TOBN(0xc7efbb11, 0x9b5c18da), - TOBN(0x7f0d1bc8, 0x19f6dbc5), TOBN(0x4875384b, 0x07e6905b), - TOBN(0xc7c50baa, 0x3ba8cd86), TOBN(0xb0ce40fb, 0xc2905de0), - TOBN(0x70840673, 0x7a231952), TOBN(0xa912a262, 0xcf43de26), - TOBN(0x9c38ddcc, 0xeb5b76c1), TOBN(0x746f5285, 0x26fc0ab4), - TOBN(0x52a63a50, 0xd62c269f), TOBN(0x60049c55, 0x99458621), - TOBN(0xe7f48f82, 0x3c2f7c9e), TOBN(0x6bd99043, 0x917d5cf3), - TOBN(0xeb1317a8, 0x8701f469), TOBN(0xbd3fe2ed, 0x9a449fe0), - TOBN(0x421e79ca, 0x12ef3d36), TOBN(0x9ee3c36c, 0x3e7ea5de), - TOBN(0xe48198b5, 0xcdff36f7), TOBN(0xaff4f967, 0xc6b82228), - TOBN(0x15e19dd0, 0xc47adb7e), TOBN(0x45699b23, 0x032e7dfa), - TOBN(0x40680c8b, 0x1fae026a), TOBN(0x5a347a48, 0x550dbf4d), - TOBN(0xe652533b, 0x3cef0d7d), TOBN(0xd94f7b18, 0x2bbb4381), - TOBN(0x838752be, 0x0e80f500), TOBN(0x8e6e2488, 0x9e9c9bfb), - TOBN(0xc9751697, 0x16caca6a), TOBN(0x866c49d8, 0x38531ad9), - TOBN(0xc917e239, 0x7151ade1), TOBN(0x2d016ec1, 0x6037c407), - TOBN(0xa407ccc9, 0x00eac3f9), TOBN(0x835f6280, 0xe2ed4748), - TOBN(0xcc54c347, 0x1cc98e0d), TOBN(0x0e969937, 0xdcb572eb), - TOBN(0x1b16c8e8, 0x8f30c9cb), TOBN(0xa606ae75, 0x373c4661), - TOBN(0x47aa689b, 0x35502cab), TOBN(0xf89014ae, 0x4d9bb64f), - TOBN(0x202f6a9c, 0x31c71f7b), TOBN(0x01f95aa3, 0x296ffe5c), - TOBN(0x5fc06014, 0x53cec3a3), TOBN(0xeb991237, 0x5f498a45), - TOBN(0xae9a935e, 0x5d91ba87), TOBN(0xc6ac6281, 0x0b564a19), - TOBN(0x8a8fe81c, 0x3bd44e69), TOBN(0x7c8b467f, 0x9dd11d45), - TOBN(0xf772251f, 0xea5b8e69), TOBN(0xaeecb3bd, 0xc5b75fbc), - TOBN(0x1aca3331, 0x887ff0e5), TOBN(0xbe5d49ff, 0x19f0a131), - TOBN(0x582c13aa, 0xe5c8646f), TOBN(0xdbaa12e8, 0x20e19980), - TOBN(0x8f40f31a, 0xf7abbd94), TOBN(0x1f13f5a8, 0x1dfc7663), - TOBN(0x5d81f1ee, 0xaceb4fc0), TOBN(0x36256002, 0x5e6f0f42), - TOBN(0x4b67d6d7, 0x751370c8), TOBN(0x2608b698, 0x03e80589), - TOBN(0xcfc0d2fc, 0x05268301), TOBN(0xa6943d39, 0x40309212), - TOBN(0x192a90c2, 0x1fd0e1c2), TOBN(0xb209f113, 0x37f1dc76), - TOBN(0xefcc5e06, 0x97bf1298), TOBN(0xcbdb6730, 0x219d639e), - TOBN(0xd009c116, 0xb81e8c6f), TOBN(0xa3ffdde3, 0x1a7ce2e5), - TOBN(0xc53fbaaa, 0xa914d3ba), TOBN(0x836d500f, 0x88df85ee), - TOBN(0xd98dc71b, 0x66ee0751), TOBN(0x5a3d7005, 0x714516fd), - TOBN(0x21d3634d, 0x39eedbba), TOBN(0x35cd2e68, 0x0455a46d), - TOBN(0xc8cafe65, 0xf9d7eb0c), TOBN(0xbda3ce9e, 0x00cefb3e), - TOBN(0xddc17a60, 0x2c9cf7a4), TOBN(0x01572ee4, 0x7bcb8773), - TOBN(0xa92b2b01, 0x8c7548df), TOBN(0x732fd309, 0xa84600e3), - TOBN(0xe22109c7, 0x16543a40), TOBN(0x9acafd36, 0xfede3c6c), - TOBN(0xfb206852, 0x6824e614), TOBN(0x2a4544a9, 0xda25dca0), - TOBN(0x25985262, 0x91d60b06), TOBN(0x281b7be9, 0x28753545), - TOBN(0xec667b1a, 0x90f13b27), TOBN(0x33a83aff, 0x940e2eb4), - TOBN(0x80009862, 0xd5d721d5), TOBN(0x0c3357a3, 0x5bd3a182), - TOBN(0x27f3a83b, 0x7aa2cda4), TOBN(0xb58ae74e, 0xf6f83085), - TOBN(0x2a911a81, 0x2e6dad6b), TOBN(0xde286051, 0xf43d6c5b), - TOBN(0x4bdccc41, 0xf996c4d8), TOBN(0xe7312ec0, 0x0ae1e24e)} - , - {TOBN(0xf8d112e7, 0x6e6485b3), TOBN(0x4d3e24db, 0x771c52f8), - TOBN(0x48e3ee41, 0x684a2f6d), TOBN(0x7161957d, 0x21d95551), - TOBN(0x19631283, 0xcdb12a6c), TOBN(0xbf3fa882, 0x2e50e164), - TOBN(0xf6254b63, 0x3166cc73), TOBN(0x3aefa7ae, 0xaee8cc38), - TOBN(0x79b0fe62, 0x3b36f9fd), TOBN(0x26543b23, 0xfde19fc0), - TOBN(0x136e64a0, 0x958482ef), TOBN(0x23f63771, 0x9b095825), - TOBN(0x14cfd596, 0xb6a1142e), TOBN(0x5ea6aac6, 0x335aac0b), - TOBN(0x86a0e8bd, 0xf3081dd5), TOBN(0x5fb89d79, 0x003dc12a), - TOBN(0xf615c33a, 0xf72e34d4), TOBN(0x0bd9ea40, 0x110eec35), - TOBN(0x1c12bc5b, 0xc1dea34e), TOBN(0x686584c9, 0x49ae4699), - TOBN(0x13ad95d3, 0x8c97b942), TOBN(0x4609561a, 0x4e5c7562), - TOBN(0x9e94a4ae, 0xf2737f89), TOBN(0xf57594c6, 0x371c78b6), - TOBN(0x0f0165fc, 0xe3779ee3), TOBN(0xe00e7f9d, 0xbd495d9e), - TOBN(0x1fa4efa2, 0x20284e7a), TOBN(0x4564bade, 0x47ac6219), - TOBN(0x90e6312a, 0xc4708e8e), TOBN(0x4f5725fb, 0xa71e9adf), - TOBN(0xe95f55ae, 0x3d684b9f), TOBN(0x47f7ccb1, 0x1e94b415), - TOBN(0x7322851b, 0x8d946581), TOBN(0xf0d13133, 0xbdf4a012), - TOBN(0xa3510f69, 0x6584dae0), TOBN(0x03a7c171, 0x3c9f6c6d), - TOBN(0x5be97f38, 0xe475381a), TOBN(0xca1ba422, 0x85823334), - TOBN(0xf83cc5c7, 0x0be17dda), TOBN(0x158b1494, 0x0b918c0f), - TOBN(0xda3a77e5, 0x522e6b69), TOBN(0x69c908c3, 0xbbcd6c18), - TOBN(0x1f1b9e48, 0xd924fd56), TOBN(0x37c64e36, 0xaa4bb3f7), - TOBN(0x5a4fdbdf, 0xee478d7d), TOBN(0xba75c8bc, 0x0193f7a0), - TOBN(0x84bc1e84, 0x56cd16df), TOBN(0x1fb08f08, 0x46fad151), - TOBN(0x8a7cabf9, 0x842e9f30), TOBN(0xa331d4bf, 0x5eab83af), - TOBN(0xd272cfba, 0x017f2a6a), TOBN(0x27560abc, 0x83aba0e3), - TOBN(0x94b83387, 0x0e3a6b75), TOBN(0x25c6aea2, 0x6b9f50f5), - TOBN(0x803d691d, 0xb5fdf6d0), TOBN(0x03b77509, 0xe6333514), - TOBN(0x36178903, 0x61a341c1), TOBN(0x3604dc60, 0x0cfd6142), - TOBN(0x022295eb, 0x8533316c), TOBN(0x3dbde4ac, 0x44af2922), - TOBN(0x898afc5d, 0x1c7eef69), TOBN(0x58896805, 0xd14f4fa1), - TOBN(0x05002160, 0x203c21ca), TOBN(0x6f0d1f30, 0x40ef730b), - TOBN(0x8e8c44d4, 0x196224f8), TOBN(0x75a4ab95, 0x374d079d), - TOBN(0x79085ecc, 0x7d48f123), TOBN(0x56f04d31, 0x1bf65ad8), - TOBN(0xe220bf1c, 0xbda602b2), TOBN(0x73ee1742, 0xf9612c69), - TOBN(0x76008fc8, 0x084fd06b), TOBN(0x4000ef9f, 0xf11380d1), - TOBN(0x48201b4b, 0x12cfe297), TOBN(0x3eee129c, 0x292f74e5), - TOBN(0xe1fe114e, 0xc9e874e8), TOBN(0x899b055c, 0x92c5fc41), - TOBN(0x4e477a64, 0x3a39c8cf), TOBN(0x82f09efe, 0x78963cc9), - TOBN(0x6fd3fd8f, 0xd333f863), TOBN(0x85132b2a, 0xdc949c63), - TOBN(0x7e06a3ab, 0x516eb17b), TOBN(0x73bec06f, 0xd2c7372b), - TOBN(0xe4f74f55, 0xba896da6), TOBN(0xbb4afef8, 0x8e9eb40f), - TOBN(0x2d75bec8, 0xe61d66b0), TOBN(0x02bda4b4, 0xef29300b), - TOBN(0x8bbaa8de, 0x026baa5a), TOBN(0xff54befd, 0xa07f4440), - TOBN(0xbd9b8b1d, 0xbe7a2af3), TOBN(0xec51caa9, 0x4fb74a72), - TOBN(0xb9937a4b, 0x63879697), TOBN(0x7c9a9d20, 0xec2687d5), - TOBN(0x1773e44f, 0x6ef5f014), TOBN(0x8abcf412, 0xe90c6900), - TOBN(0x387bd022, 0x8142161e), TOBN(0x50393755, 0xfcb6ff2a), - TOBN(0x9813fd56, 0xed6def63), TOBN(0x53cf6482, 0x7d53106c), - TOBN(0x991a35bd, 0x431f7ac1), TOBN(0xf1e274dd, 0x63e65faf), - TOBN(0xf63ffa3c, 0x44cc7880), TOBN(0x411a426b, 0x7c256981), - TOBN(0xb698b9fd, 0x93a420e0), TOBN(0x89fdddc0, 0xae53f8fe), - TOBN(0x766e0722, 0x32398baa), TOBN(0x205fee42, 0x5cfca031), - TOBN(0xa49f5341, 0x7a029cf2), TOBN(0xa88c68b8, 0x4023890d), - TOBN(0xbc275041, 0x7337aaa8), TOBN(0x9ed364ad, 0x0eb384f4), - TOBN(0xe0816f85, 0x29aba92f), TOBN(0x2e9e1941, 0x04e38a88), - TOBN(0x57eef44a, 0x3dafd2d5), TOBN(0x35d1fae5, 0x97ed98d8), - TOBN(0x50628c09, 0x2307f9b1), TOBN(0x09d84aae, 0xd6cba5c6), - TOBN(0x67071bc7, 0x88aaa691), TOBN(0x2dea57a9, 0xafe6cb03), - TOBN(0xdfe11bb4, 0x3d78ac01), TOBN(0x7286418c, 0x7fd7aa51), - TOBN(0xfabf7709, 0x77f7195a), TOBN(0x8ec86167, 0xadeb838f), - TOBN(0xea1285a8, 0xbb4f012d), TOBN(0xd6883503, 0x9a3eab3f), - TOBN(0xee5d24f8, 0x309004c2), TOBN(0xa96e4b76, 0x13ffe95e), - TOBN(0x0cdffe12, 0xbd223ea4), TOBN(0x8f5c2ee5, 0xb6739a53), - TOBN(0x5cb4aaa5, 0xdd968198), TOBN(0xfa131c52, 0x72413a6c), - TOBN(0x53d46a90, 0x9536d903), TOBN(0xb270f0d3, 0x48606d8e), - TOBN(0x518c7564, 0xa053a3bc), TOBN(0x088254b7, 0x1a86caef), - TOBN(0xb3ba8cb4, 0x0ab5efd0), TOBN(0x5c59900e, 0x4605945d), - TOBN(0xecace1dd, 0xa1887395), TOBN(0x40960f36, 0x932a65de), - TOBN(0x9611ff5c, 0x3aa95529), TOBN(0xc58215b0, 0x7c1e5a36), - TOBN(0xd48c9b58, 0xf0e1a524), TOBN(0xb406856b, 0xf590dfb8), - TOBN(0xc7605e04, 0x9cd95662), TOBN(0x0dd036ee, 0xa33ecf82), - TOBN(0xa50171ac, 0xc33156b3), TOBN(0xf09d24ea, 0x4a80172e), - TOBN(0x4e1f72c6, 0x76dc8eef), TOBN(0xe60caadc, 0x5e3d44ee), - TOBN(0x006ef8a6, 0x979b1d8f), TOBN(0x60908a1c, 0x97788d26), - TOBN(0x6e08f95b, 0x266feec0), TOBN(0x618427c2, 0x22e8c94e), - TOBN(0x3d613339, 0x59145a65), TOBN(0xcd9bc368, 0xfa406337), - TOBN(0x82d11be3, 0x2d8a52a0), TOBN(0xf6877b27, 0x97a1c590), - TOBN(0x837a819b, 0xf5cbdb25), TOBN(0x2a4fd1d8, 0xde090249), - TOBN(0x622a7de7, 0x74990e5f), TOBN(0x840fa5a0, 0x7945511b), - TOBN(0x30b974be, 0x6558842d), TOBN(0x70df8c64, 0x17f3d0a6), - TOBN(0x7c803520, 0x7542e46d), TOBN(0x7251fe7f, 0xe4ecc823), - TOBN(0xe59134cb, 0x5e9aac9a), TOBN(0x11bb0934, 0xf0045d71), - TOBN(0x53e5d9b5, 0xdbcb1d4e), TOBN(0x8d97a905, 0x92defc91), - TOBN(0xfe289327, 0x7946d3f9), TOBN(0xe132bd24, 0x07472273), - TOBN(0xeeeb510c, 0x1eb6ae86), TOBN(0x777708c5, 0xf0595067), - TOBN(0x18e2c8cd, 0x1297029e), TOBN(0x2c61095c, 0xbbf9305e), - TOBN(0xe466c258, 0x6b85d6d9), TOBN(0x8ac06c36, 0xda1ea530), - TOBN(0xa365dc39, 0xa1304668), TOBN(0xe4a9c885, 0x07f89606), - TOBN(0x65a4898f, 0xacc7228d), TOBN(0x3e2347ff, 0x84ca8303), - TOBN(0xa5f6fb77, 0xea7d23a3), TOBN(0x2fac257d, 0x672a71cd), - TOBN(0x6908bef8, 0x7e6a44d3), TOBN(0x8ff87566, 0x891d3d7a), - TOBN(0xe58e90b3, 0x6b0cf82e), TOBN(0x6438d246, 0x2615b5e7), - TOBN(0x07b1f8fc, 0x669c145a), TOBN(0xb0d8b2da, 0x36f1e1cb), - TOBN(0x54d5dadb, 0xd9184c4d), TOBN(0x3dbb18d5, 0xf93d9976), - TOBN(0x0a3e0f56, 0xd1147d47), TOBN(0x2afa8c8d, 0xa0a48609), - TOBN(0x275353e8, 0xbc36742c), TOBN(0x898f427e, 0xeea0ed90), - TOBN(0x26f4947e, 0x3e477b00), TOBN(0x8ad8848a, 0x308741e3), - TOBN(0x6c703c38, 0xd74a2a46), TOBN(0x5e3e05a9, 0x9ba17ba2), - TOBN(0xc1fa6f66, 0x4ab9a9e4), TOBN(0x474a2d9a, 0x3841d6ec), - TOBN(0x871239ad, 0x653ae326), TOBN(0x14bcf72a, 0xa74cbb43), - TOBN(0x8737650e, 0x20d4c083), TOBN(0x3df86536, 0x110ed4af), - TOBN(0xd2d86fe7, 0xb53ca555), TOBN(0x688cb00d, 0xabd5d538), - TOBN(0xcf81bda3, 0x1ad38468), TOBN(0x7ccfe3cc, 0xf01167b6), - TOBN(0xcf4f47e0, 0x6c4c1fe6), TOBN(0x557e1f1a, 0x298bbb79), - TOBN(0xf93b974f, 0x30d45a14), TOBN(0x174a1d2d, 0x0baf97c4), - TOBN(0x7a003b30, 0xc51fbf53), TOBN(0xd8940991, 0xee68b225), - TOBN(0x5b0aa7b7, 0x1c0f4173), TOBN(0x975797c9, 0xa20a7153), - TOBN(0x26e08c07, 0xe3533d77), TOBN(0xd7222e6a, 0x2e341c99), - TOBN(0x9d60ec3d, 0x8d2dc4ed), TOBN(0xbdfe0d8f, 0x7c476cf8), - TOBN(0x1fe59ab6, 0x1d056605), TOBN(0xa9ea9df6, 0x86a8551f), - TOBN(0x8489941e, 0x47fb8d8c), TOBN(0xfeb874eb, 0x4a7f1b10), - TOBN(0xfe5fea86, 0x7ee0d98f), TOBN(0x201ad34b, 0xdbf61864), - TOBN(0x45d8fe47, 0x37c031d4), TOBN(0xd5f49fae, 0x795f0822), - TOBN(0xdb0fb291, 0xc7f4a40c), TOBN(0x2e69d9c1, 0x730ddd92), - TOBN(0x754e1054, 0x49d76987), TOBN(0x8a24911d, 0x7662db87), - TOBN(0x61fc1810, 0x60a71676), TOBN(0xe852d1a8, 0xf66a8ad1), - TOBN(0x172bbd65, 0x6417231e), TOBN(0x0d6de7bd, 0x3babb11f), - TOBN(0x6fde6f88, 0xc8e347f8), TOBN(0x1c587547, 0x9bd99cc3), - TOBN(0x78e54ed0, 0x34076950), TOBN(0x97f0f334, 0x796e83ba), - TOBN(0xe4dbe1ce, 0x4924867a), TOBN(0xbd5f51b0, 0x60b84917), - TOBN(0x37530040, 0x3cb09a79), TOBN(0xdb3fe0f8, 0xff1743d8), - TOBN(0xed7894d8, 0x556fa9db), TOBN(0xfa262169, 0x23412fbf), - TOBN(0x563be0db, 0xba7b9291), TOBN(0x6ca8b8c0, 0x0c9fb234), - TOBN(0xed406aa9, 0xbd763802), TOBN(0xc21486a0, 0x65303da1), - TOBN(0x61ae291e, 0xc7e62ec4), TOBN(0x622a0492, 0xdf99333e), - TOBN(0x7fd80c9d, 0xbb7a8ee0), TOBN(0xdc2ed3bc, 0x6c01aedb), - TOBN(0x35c35a12, 0x08be74ec), TOBN(0xd540cb1a, 0x469f671f), - TOBN(0xd16ced4e, 0xcf84f6c7), TOBN(0x8561fb9c, 0x2d090f43), - TOBN(0x7e693d79, 0x6f239db4), TOBN(0xa736f928, 0x77bd0d94), - TOBN(0x07b4d929, 0x2c1950ee), TOBN(0xda177543, 0x56dc11b3), - TOBN(0xa5dfbbaa, 0x7a6a878e), TOBN(0x1c70cb29, 0x4decb08a), - TOBN(0xfba28c8b, 0x6f0f7c50), TOBN(0xa8eba2b8, 0x854dcc6d), - TOBN(0x5ff8e89a, 0x36b78642), TOBN(0x070c1c8e, 0xf6873adf), - TOBN(0xbbd3c371, 0x6484d2e4), TOBN(0xfb78318f, 0x0d414129), - TOBN(0x2621a39c, 0x6ad93b0b), TOBN(0x979d74c2, 0xa9e917f7), - TOBN(0xfc195647, 0x61fb0428), TOBN(0x4d78954a, 0xbee624d4), - TOBN(0xb94896e0, 0xb8ae86fd), TOBN(0x6667ac0c, 0xc91c8b13), - TOBN(0x9f180512, 0x43bcf832), TOBN(0xfbadf8b7, 0xa0010137), - TOBN(0xc69b4089, 0xb3ba8aa7), TOBN(0xfac4bacd, 0xe687ce85), - TOBN(0x9164088d, 0x977eab40), TOBN(0x51f4c5b6, 0x2760b390), - TOBN(0xd238238f, 0x340dd553), TOBN(0x358566c3, 0xdb1d31c9), - TOBN(0x3a5ad69e, 0x5068f5ff), TOBN(0xf31435fc, 0xdaff6b06), - TOBN(0xae549a5b, 0xd6debff0), TOBN(0x59e5f0b7, 0x75e01331), - TOBN(0x5d492fb8, 0x98559acf), TOBN(0x96018c2e, 0x4db79b50), - TOBN(0x55f4a48f, 0x609f66aa), TOBN(0x1943b3af, 0x4900a14f), - TOBN(0xc22496df, 0x15a40d39), TOBN(0xb2a44684, 0x4c20f7c5), - TOBN(0x76a35afa, 0x3b98404c), TOBN(0xbec75725, 0xff5d1b77), - TOBN(0xb67aa163, 0xbea06444), TOBN(0x27e95bb2, 0xf724b6f2), - TOBN(0x3c20e3e9, 0xd238c8ab), TOBN(0x1213754e, 0xddd6ae17), - TOBN(0x8c431020, 0x716e0f74), TOBN(0x6679c82e, 0xffc095c2), - TOBN(0x2eb3adf4, 0xd0ac2932), TOBN(0x2cc970d3, 0x01bb7a76), - TOBN(0x70c71f2f, 0x740f0e66), TOBN(0x545c616b, 0x2b6b23cc), - TOBN(0x4528cfcb, 0xb40a8bd7), TOBN(0xff839633, 0x2ab27722), - TOBN(0x049127d9, 0x025ac99a), TOBN(0xd314d4a0, 0x2b63e33b), - TOBN(0xc8c310e7, 0x28d84519), TOBN(0x0fcb8983, 0xb3bc84ba), - TOBN(0x2cc52261, 0x38634818), TOBN(0x501814f4, 0xb44c2e0b), - TOBN(0xf7e181aa, 0x54dfdba3), TOBN(0xcfd58ff0, 0xe759718c), - TOBN(0xf90cdb14, 0xd3b507a8), TOBN(0x57bd478e, 0xc50bdad8), - TOBN(0x29c197e2, 0x50e5f9aa), TOBN(0x4db6eef8, 0xe40bc855), - TOBN(0x2cc8f21a, 0xd1fc0654), TOBN(0xc71cc963, 0x81269d73), - TOBN(0xecfbb204, 0x077f49f9), TOBN(0xdde92571, 0xca56b793), - TOBN(0x9abed6a3, 0xf97ad8f7), TOBN(0xe6c19d3f, 0x924de3bd), - TOBN(0x8dce92f4, 0xa140a800), TOBN(0x85f44d1e, 0x1337af07), - TOBN(0x5953c08b, 0x09d64c52), TOBN(0xa1b5e49f, 0xf5df9749), - TOBN(0x336a8fb8, 0x52735f7d), TOBN(0xb332b6db, 0x9add676b), - TOBN(0x558b88a0, 0xb4511aa4), TOBN(0x09788752, 0xdbd5cc55), - TOBN(0x16b43b9c, 0xd8cd52bd), TOBN(0x7f0bc5a0, 0xc2a2696b), - TOBN(0x146e12d4, 0xc11f61ef), TOBN(0x9ce10754, 0x3a83e79e), - TOBN(0x08ec73d9, 0x6cbfca15), TOBN(0x09ff29ad, 0x5b49653f), - TOBN(0xe31b72bd, 0xe7da946e), TOBN(0xebf9eb3b, 0xee80a4f2), - TOBN(0xd1aabd08, 0x17598ce4), TOBN(0x18b5fef4, 0x53f37e80), - TOBN(0xd5d5cdd3, 0x5958cd79), TOBN(0x3580a1b5, 0x1d373114), - TOBN(0xa36e4c91, 0xfa935726), TOBN(0xa38c534d, 0xef20d760), - TOBN(0x7088e40a, 0x2ff5845b), TOBN(0xe5bb40bd, 0xbd78177f), - TOBN(0x4f06a7a8, 0x857f9920), TOBN(0xe3cc3e50, 0xe968f05d), - TOBN(0x1d68b7fe, 0xe5682d26), TOBN(0x5206f76f, 0xaec7f87c), - TOBN(0x41110530, 0x041951ab), TOBN(0x58ec52c1, 0xd4b5a71a), - TOBN(0xf3488f99, 0x0f75cf9a), TOBN(0xf411951f, 0xba82d0d5), - TOBN(0x27ee75be, 0x618895ab), TOBN(0xeae060d4, 0x6d8aab14), - TOBN(0x9ae1df73, 0x7fb54dc2), TOBN(0x1f3e391b, 0x25963649), - TOBN(0x242ec32a, 0xfe055081), TOBN(0x5bd450ef, 0x8491c9bd), - TOBN(0x367efc67, 0x981eb389), TOBN(0xed7e1928, 0x3a0550d5), - TOBN(0x362e776b, 0xab3ce75c), TOBN(0xe890e308, 0x1f24c523), - TOBN(0xb961b682, 0xfeccef76), TOBN(0x8b8e11f5, 0x8bba6d92), - TOBN(0x8f2ccc4c, 0x2b2375c4), TOBN(0x0d7f7a52, 0xe2f86cfa), - TOBN(0xfd94d30a, 0x9efe5633), TOBN(0x2d8d246b, 0x5451f934), - TOBN(0x2234c6e3, 0x244e6a00), TOBN(0xde2b5b0d, 0xddec8c50), - TOBN(0x2ce53c5a, 0xbf776f5b), TOBN(0x6f724071, 0x60357b05), - TOBN(0xb2593717, 0x71bf3f7a), TOBN(0x87d2501c, 0x440c4a9f), - TOBN(0x440552e1, 0x87b05340), TOBN(0xb7bf7cc8, 0x21624c32), - TOBN(0x4155a6ce, 0x22facddb), TOBN(0x5a4228cb, 0x889837ef), - TOBN(0xef87d6d6, 0xfd4fd671), TOBN(0xa233687e, 0xc2daa10e), - TOBN(0x75622244, 0x03c0eb96), TOBN(0x7632d184, 0x8bf19be6), - TOBN(0x05d0f8e9, 0x40735ff4), TOBN(0x3a3e6e13, 0xc00931f1), - TOBN(0x31ccde6a, 0xdafe3f18), TOBN(0xf381366a, 0xcfe51207), - TOBN(0x24c222a9, 0x60167d92), TOBN(0x62f9d6f8, 0x7529f18c), - TOBN(0x412397c0, 0x0353b114), TOBN(0x334d89dc, 0xef808043), - TOBN(0xd9ec63ba, 0x2a4383ce), TOBN(0xcec8e937, 0x5cf92ba0), - TOBN(0xfb8b4288, 0xc8be74c0), TOBN(0x67d6912f, 0x105d4391), - TOBN(0x7b996c46, 0x1b913149), TOBN(0x36aae2ef, 0x3a4e02da), - TOBN(0xb68aa003, 0x972de594), TOBN(0x284ec70d, 0x4ec6d545), - TOBN(0xf3d2b2d0, 0x61391d54), TOBN(0x69c5d5d6, 0xfe114e92), - TOBN(0xbe0f00b5, 0xb4482dff), TOBN(0xe1596fa5, 0xf5bf33c5), - TOBN(0x10595b56, 0x96a71cba), TOBN(0x944938b2, 0xfdcadeb7), - TOBN(0xa282da4c, 0xfccd8471), TOBN(0x98ec05f3, 0x0d37bfe1), - TOBN(0xe171ce1b, 0x0698304a), TOBN(0x2d691444, 0x21bdf79b), - TOBN(0xd0cd3b74, 0x1b21dec1), TOBN(0x712ecd8b, 0x16a15f71), - TOBN(0x8d4c00a7, 0x00fd56e1), TOBN(0x02ec9692, 0xf9527c18), - TOBN(0x21c44937, 0x4a3e42e1), TOBN(0x9176fbab, 0x1392ae0a), - TOBN(0x8726f1ba, 0x44b7b618), TOBN(0xb4d7aae9, 0xf1de491c), - TOBN(0xf91df7b9, 0x07b582c0), TOBN(0x7e116c30, 0xef60aa3a), - TOBN(0x99270f81, 0x466265d7), TOBN(0xb15b6fe2, 0x4df7adf0), - TOBN(0xfe33b2d3, 0xf9738f7f), TOBN(0x48553ab9, 0xd6d70f95), - TOBN(0x2cc72ac8, 0xc21e94db), TOBN(0x795ac38d, 0xbdc0bbee), - TOBN(0x0a1be449, 0x2e40478f), TOBN(0x81bd3394, 0x052bde55), - TOBN(0x63c8dbe9, 0x56b3c4f2), TOBN(0x017a99cf, 0x904177cc), - TOBN(0x947bbddb, 0x4d010fc1), TOBN(0xacf9b00b, 0xbb2c9b21), - TOBN(0x2970bc8d, 0x47173611), TOBN(0x1a4cbe08, 0xac7d756f), - TOBN(0x06d9f4aa, 0x67d541a2), TOBN(0xa3e8b689, 0x59c2cf44), - TOBN(0xaad066da, 0x4d88f1dd), TOBN(0xc604f165, 0x7ad35dea), - TOBN(0x7edc0720, 0x4478ca67), TOBN(0xa10dfae0, 0xba02ce06), - TOBN(0xeceb1c76, 0xaf36f4e4), TOBN(0x994b2292, 0xaf3f8f48), - TOBN(0xbf9ed77b, 0x77c8a68c), TOBN(0x74f544ea, 0x51744c9d), - TOBN(0x82d05bb9, 0x8113a757), TOBN(0x4ef2d2b4, 0x8a9885e4), - TOBN(0x1e332be5, 0x1aa7865f), TOBN(0x22b76b18, 0x290d1a52), - TOBN(0x308a2310, 0x44351683), TOBN(0x9d861896, 0xa3f22840), - TOBN(0x5959ddcd, 0x841ed947), TOBN(0x0def0c94, 0x154b73bf), - TOBN(0xf0105417, 0x4c7c15e0), TOBN(0x539bfb02, 0x3a277c32), - TOBN(0xe699268e, 0xf9dccf5f), TOBN(0x9f5796a5, 0x0247a3bd), - TOBN(0x8b839de8, 0x4f157269), TOBN(0xc825c1e5, 0x7a30196b), - TOBN(0x6ef0aabc, 0xdc8a5a91), TOBN(0xf4a8ce6c, 0x498b7fe6), - TOBN(0x1cce35a7, 0x70cbac78), TOBN(0x83488e9b, 0xf6b23958), - TOBN(0x0341a070, 0xd76cb011), TOBN(0xda6c9d06, 0xae1b2658), - TOBN(0xb701fb30, 0xdd648c52), TOBN(0x994ca02c, 0x52fb9fd1), - TOBN(0x06933117, 0x6f563086), TOBN(0x3d2b8100, 0x17856bab), - TOBN(0xe89f48c8, 0x5963a46e), TOBN(0x658ab875, 0xa99e61c7), - TOBN(0x6e296f87, 0x4b8517b4), TOBN(0x36c4fcdc, 0xfc1bc656), - TOBN(0xde5227a1, 0xa3906def), TOBN(0x9fe95f57, 0x62418945), - TOBN(0x20c91e81, 0xfdd96cde), TOBN(0x5adbe47e, 0xda4480de), - TOBN(0xa009370f, 0x396de2b6), TOBN(0x98583d4b, 0xf0ecc7bd), - TOBN(0xf44f6b57, 0xe51d0672), TOBN(0x03d6b078, 0x556b1984), - TOBN(0x27dbdd93, 0xb0b64912), TOBN(0x9b3a3434, 0x15687b09), - TOBN(0x0dba6461, 0x51ec20a9), TOBN(0xec93db7f, 0xff28187c), - TOBN(0x00ff8c24, 0x66e48bdd), TOBN(0x2514f2f9, 0x11ccd78e), - TOBN(0xeba11f4f, 0xe1250603), TOBN(0x8a22cd41, 0x243fa156), - TOBN(0xa4e58df4, 0xb283e4c6), TOBN(0x78c29859, 0x8b39783f), - TOBN(0x5235aee2, 0xa5259809), TOBN(0xc16284b5, 0x0e0227dd), - TOBN(0xa5f57916, 0x1338830d), TOBN(0x6d4b8a6b, 0xd2123fca), - TOBN(0x236ea68a, 0xf9c546f8), TOBN(0xc1d36873, 0xfa608d36), - TOBN(0xcd76e495, 0x8d436d13), TOBN(0xd4d9c221, 0x8fb080af), - TOBN(0x665c1728, 0xe8ad3fb5), TOBN(0xcf1ebe4d, 0xb3d572e0), - TOBN(0xa7a8746a, 0x584c5e20), TOBN(0x267e4ea1, 0xb9dc7035), - TOBN(0x593a15cf, 0xb9548c9b), TOBN(0x5e6e2135, 0x4bd012f3), - TOBN(0xdf31cc6a, 0x8c8f936e), TOBN(0x8af84d04, 0xb5c241dc), - TOBN(0x63990a6f, 0x345efb86), TOBN(0x6fef4e61, 0xb9b962cb)} - , - {TOBN(0xf6368f09, 0x25722608), TOBN(0x131260db, 0x131cf5c6), - TOBN(0x40eb353b, 0xfab4f7ac), TOBN(0x85c78880, 0x37eee829), - TOBN(0x4c1581ff, 0xc3bdf24e), TOBN(0x5bff75cb, 0xf5c3c5a8), - TOBN(0x35e8c83f, 0xa14e6f40), TOBN(0xb81d1c0f, 0x0295e0ca), - TOBN(0xfcde7cc8, 0xf43a730f), TOBN(0xe89b6f3c, 0x33ab590e), - TOBN(0xc823f529, 0xad03240b), TOBN(0x82b79afe, 0x98bea5db), - TOBN(0x568f2856, 0x962fe5de), TOBN(0x0c590adb, 0x60c591f3), - TOBN(0x1fc74a14, 0x4a28a858), TOBN(0x3b662498, 0xb3203f4c), - TOBN(0x91e3cf0d, 0x6c39765a), TOBN(0xa2db3acd, 0xac3cca0b), - TOBN(0x288f2f08, 0xcb953b50), TOBN(0x2414582c, 0xcf43cf1a), - TOBN(0x8dec8bbc, 0x60eee9a8), TOBN(0x54c79f02, 0x729aa042), - TOBN(0xd81cd5ec, 0x6532f5d5), TOBN(0xa672303a, 0xcf82e15f), - TOBN(0x376aafa8, 0x719c0563), TOBN(0xcd8ad2dc, 0xbc5fc79f), - TOBN(0x303fdb9f, 0xcb750cd3), TOBN(0x14ff052f, 0x4418b08e), - TOBN(0xf75084cf, 0x3e2d6520), TOBN(0x7ebdf0f8, 0x144ed509), - TOBN(0xf43bf0f2, 0xd3f25b98), TOBN(0x86ad71cf, 0xa354d837), - TOBN(0xb827fe92, 0x26f43572), TOBN(0xdfd3ab5b, 0x5d824758), - TOBN(0x315dd23a, 0x539094c1), TOBN(0x85c0e37a, 0x66623d68), - TOBN(0x575c7972, 0x7be19ae0), TOBN(0x616a3396, 0xdf0d36b5), - TOBN(0xa1ebb3c8, 0x26b1ff7e), TOBN(0x635b9485, 0x140ad453), - TOBN(0x92bf3cda, 0xda430c0b), TOBN(0x4702850e, 0x3a96dac6), - TOBN(0xc91cf0a5, 0x15ac326a), TOBN(0x95de4f49, 0xab8c25e4), - TOBN(0xb01bad09, 0xe265c17c), TOBN(0x24e45464, 0x087b3881), - TOBN(0xd43e583c, 0xe1fac5ca), TOBN(0xe17cb318, 0x6ead97a6), - TOBN(0x6cc39243, 0x74dcec46), TOBN(0x33cfc02d, 0x54c2b73f), - TOBN(0x82917844, 0xf26cd99c), TOBN(0x8819dd95, 0xd1773f89), - TOBN(0x09572aa6, 0x0871f427), TOBN(0x8e0cf365, 0xf6f01c34), - TOBN(0x7fa52988, 0xbff1f5af), TOBN(0x4eb357ea, 0xe75e8e50), - TOBN(0xd9d0c8c4, 0x868af75d), TOBN(0xd7325cff, 0x45c8c7ea), - TOBN(0xab471996, 0xcc81ecb0), TOBN(0xff5d55f3, 0x611824ed), - TOBN(0xbe314541, 0x1977a0ee), TOBN(0x5085c4c5, 0x722038c6), - TOBN(0x2d5335bf, 0xf94bb495), TOBN(0x894ad8a6, 0xc8e2a082), - TOBN(0x5c3e2341, 0xada35438), TOBN(0xf4a9fc89, 0x049b8c4e), - TOBN(0xbeeb355a, 0x9f17cf34), TOBN(0x3f311e0e, 0x6c91fe10), - TOBN(0xc2d20038, 0x92ab9891), TOBN(0x257bdcc1, 0x3e8ce9a9), - TOBN(0x1b2d9789, 0x88c53bee), TOBN(0x927ce89a, 0xcdba143a), - TOBN(0xb0a32cca, 0x523db280), TOBN(0x5c889f8a, 0x50d43783), - TOBN(0x503e04b3, 0x4897d16f), TOBN(0x8cdb6e78, 0x08f5f2e8), - TOBN(0x6ab91cf0, 0x179c8e74), TOBN(0xd8874e52, 0x48211d60), - TOBN(0xf948d4d5, 0xea851200), TOBN(0x4076d41e, 0xe6f9840a), - TOBN(0xc20e263c, 0x47b517ea), TOBN(0x79a448fd, 0x30685e5e), - TOBN(0xe55f6f78, 0xf90631a0), TOBN(0x88a790b1, 0xa79e6346), - TOBN(0x62160c7d, 0x80969fe8), TOBN(0x54f92fd4, 0x41491bb9), - TOBN(0xa6645c23, 0x5c957526), TOBN(0xf44cc5ae, 0xbea3ce7b), - TOBN(0xf7628327, 0x8b1e68b7), TOBN(0xc731ad7a, 0x303f29d3), - TOBN(0xfe5a9ca9, 0x57d03ecb), TOBN(0x96c0d50c, 0x41bc97a7), - TOBN(0xc4669fe7, 0x9b4f7f24), TOBN(0xfdd781d8, 0x3d9967ef), - TOBN(0x7892c7c3, 0x5d2c208d), TOBN(0x8bf64f7c, 0xae545cb3), - TOBN(0xc01f862c, 0x467be912), TOBN(0xf4c85ee9, 0xc73d30cc), - TOBN(0x1fa6f4be, 0x6ab83ec7), TOBN(0xa07a3c1c, 0x4e3e3cf9), - TOBN(0x87f8ef45, 0x0c00beb3), TOBN(0x30e2c2b3, 0x000d4c3e), - TOBN(0x1aa00b94, 0xfe08bf5b), TOBN(0x32c133aa, 0x9224ef52), - TOBN(0x38df16bb, 0x32e5685d), TOBN(0x68a9e069, 0x58e6f544), - TOBN(0x495aaff7, 0xcdc5ebc6), TOBN(0xf894a645, 0x378b135f), - TOBN(0xf316350a, 0x09e27ecf), TOBN(0xeced201e, 0x58f7179d), - TOBN(0x2eec273c, 0xe97861ba), TOBN(0x47ec2cae, 0xd693be2e), - TOBN(0xfa4c97c4, 0xf68367ce), TOBN(0xe4f47d0b, 0xbe5a5755), - TOBN(0x17de815d, 0xb298a979), TOBN(0xd7eca659, 0xc177dc7d), - TOBN(0x20fdbb71, 0x49ded0a3), TOBN(0x4cb2aad4, 0xfb34d3c5), - TOBN(0x2cf31d28, 0x60858a33), TOBN(0x3b6873ef, 0xa24aa40f), - TOBN(0x540234b2, 0x2c11bb37), TOBN(0x2d0366dd, 0xed4c74a3), - TOBN(0xf9a968da, 0xeec5f25d), TOBN(0x36601068, 0x67b63142), - TOBN(0x07cd6d2c, 0x68d7b6d4), TOBN(0xa8f74f09, 0x0c842942), - TOBN(0xe2751404, 0x7768b1ee), TOBN(0x4b5f7e89, 0xfe62aee4), - TOBN(0xc6a77177, 0x89070d26), TOBN(0xa1f28e4e, 0xdd1c8bc7), - TOBN(0xea5f4f06, 0x469e1f17), TOBN(0x78fc242a, 0xfbdb78e0), - TOBN(0xc9c7c592, 0x8b0588f1), TOBN(0xb6b7a0fd, 0x1535921e), - TOBN(0xcc5bdb91, 0xbde5ae35), TOBN(0xb42c485e, 0x12ff1864), - TOBN(0xa1113e13, 0xdbab98aa), TOBN(0xde9d469b, 0xa17b1024), - TOBN(0x23f48b37, 0xc0462d3a), TOBN(0x3752e537, 0x7c5c078d), - TOBN(0xe3a86add, 0x15544eb9), TOBN(0xf013aea7, 0x80fba279), - TOBN(0x8b5bb76c, 0xf22001b5), TOBN(0xe617ba14, 0xf02891ab), - TOBN(0xd39182a6, 0x936219d3), TOBN(0x5ce1f194, 0xae51cb19), - TOBN(0xc78f8598, 0xbf07a74c), TOBN(0x6d7158f2, 0x22cbf1bc), - TOBN(0x3b846b21, 0xe300ce18), TOBN(0x35fba630, 0x2d11275d), - TOBN(0x5fe25c36, 0xa0239b9b), TOBN(0xd8beb35d, 0xdf05d940), - TOBN(0x4db02bb0, 0x1f7e320d), TOBN(0x0641c364, 0x6da320ea), - TOBN(0x6d95fa5d, 0x821389a3), TOBN(0x92699748, 0x8fcd8e3d), - TOBN(0x316fef17, 0xceb6c143), TOBN(0x67fcb841, 0xd933762b), - TOBN(0xbb837e35, 0x118b17f8), TOBN(0x4b92552f, 0x9fd24821), - TOBN(0xae6bc70e, 0x46aca793), TOBN(0x1cf0b0e4, 0xe579311b), - TOBN(0x8dc631be, 0x5802f716), TOBN(0x099bdc6f, 0xbddbee4d), - TOBN(0xcc352bb2, 0x0caf8b05), TOBN(0xf74d505a, 0x72d63df2), - TOBN(0xb9876d4b, 0x91c4f408), TOBN(0x1ce18473, 0x9e229b2d), - TOBN(0x49507597, 0x83abdb4a), TOBN(0x850fbcb6, 0xdee84b18), - TOBN(0x6325236e, 0x609e67dc), TOBN(0x04d831d9, 0x9336c6d8), - TOBN(0x8deaae3b, 0xfa12d45d), TOBN(0xe425f8ce, 0x4746e246), - TOBN(0x8004c175, 0x24f5f31e), TOBN(0xaca16d8f, 0xad62c3b7), - TOBN(0x0dc15a6a, 0x9152f934), TOBN(0xf1235e5d, 0xed0e12c1), - TOBN(0xc33c06ec, 0xda477dac), TOBN(0x76be8732, 0xb2ea0006), - TOBN(0xcf3f7831, 0x0c0cd313), TOBN(0x3c524553, 0xa614260d), - TOBN(0x31a756f8, 0xcab22d15), TOBN(0x03ee10d1, 0x77827a20), - TOBN(0xd1e059b2, 0x1994ef20), TOBN(0x2a653b69, 0x638ae318), - TOBN(0x70d5eb58, 0x2f699010), TOBN(0x279739f7, 0x09f5f84a), - TOBN(0x5da4663c, 0x8b799336), TOBN(0xfdfdf14d, 0x203c37eb), - TOBN(0x32d8a9dc, 0xa1dbfb2d), TOBN(0xab40cff0, 0x77d48f9b), - TOBN(0xc018b383, 0xd20b42d5), TOBN(0xf9a810ef, 0x9f78845f), - TOBN(0x40af3753, 0xbdba9df0), TOBN(0xb90bdcfc, 0x131dfdf9), - TOBN(0x18720591, 0xf01ab782), TOBN(0xc823f211, 0x6af12a88), - TOBN(0xa51b80f3, 0x0dc14401), TOBN(0xde248f77, 0xfb2dfbe3), - TOBN(0xef5a44e5, 0x0cafe751), TOBN(0x73997c9c, 0xd4dcd221), - TOBN(0x32fd86d1, 0xde854024), TOBN(0xd5b53adc, 0xa09b84bb), - TOBN(0x008d7a11, 0xdcedd8d1), TOBN(0x406bd1c8, 0x74b32c84), - TOBN(0x5d4472ff, 0x05dde8b1), TOBN(0x2e25f2cd, 0xfce2b32f), - TOBN(0xbec0dd5e, 0x29dfc254), TOBN(0x4455fcf6, 0x2b98b267), - TOBN(0x0b4d43a5, 0xc72df2ad), TOBN(0xea70e6be, 0x48a75397), - TOBN(0x2aad6169, 0x5820f3bf), TOBN(0xf410d2dd, 0x9e37f68f), - TOBN(0x70fb7dba, 0x7be5ac83), TOBN(0x636bb645, 0x36ec3eec), - TOBN(0x27104ea3, 0x9754e21c), TOBN(0xbc87a3e6, 0x8d63c373), - TOBN(0x483351d7, 0x4109db9a), TOBN(0x0fa724e3, 0x60134da7), - TOBN(0x9ff44c29, 0xb0720b16), TOBN(0x2dd0cf13, 0x06aceead), - TOBN(0x5942758c, 0xe26929a6), TOBN(0x96c5db92, 0xb766a92b), - TOBN(0xcec7d4c0, 0x5f18395e), TOBN(0xd3f22744, 0x1f80d032), - TOBN(0x7a68b37a, 0xcb86075b), TOBN(0x074764dd, 0xafef92db), - TOBN(0xded1e950, 0x7bc7f389), TOBN(0xc580c850, 0xb9756460), - TOBN(0xaeeec2a4, 0x7da48157), TOBN(0x3f0b4e7f, 0x82c587b3), - TOBN(0x231c6de8, 0xa9f19c53), TOBN(0x5717bd73, 0x6974e34e), - TOBN(0xd9e1d216, 0xf1508fa9), TOBN(0x9f112361, 0xdadaa124), - TOBN(0x80145e31, 0x823b7348), TOBN(0x4dd8f0d5, 0xac634069), - TOBN(0xe3d82fc7, 0x2297c258), TOBN(0x276fcfee, 0x9cee7431), - TOBN(0x8eb61b5e, 0x2bc0aea9), TOBN(0x4f668fd5, 0xde329431), - TOBN(0x03a32ab1, 0x38e4b87e), TOBN(0xe1374517, 0x73d0ef0b), - TOBN(0x1a46f7e6, 0x853ac983), TOBN(0xc3bdf42e, 0x68e78a57), - TOBN(0xacf20785, 0x2ea96dd1), TOBN(0xa10649b9, 0xf1638460), - TOBN(0xf2369f0b, 0x879fbbed), TOBN(0x0ff0ae86, 0xda9d1869), - TOBN(0x5251d759, 0x56766f45), TOBN(0x4984d8c0, 0x2be8d0fc), - TOBN(0x7ecc95a6, 0xd21008f0), TOBN(0x29bd54a0, 0x3a1a1c49), - TOBN(0xab9828c5, 0xd26c50f3), TOBN(0x32c0087c, 0x51d0d251), - TOBN(0x9bac3ce6, 0x0c1cdb26), TOBN(0xcd94d947, 0x557ca205), - TOBN(0x1b1bd598, 0x9db1fdcd), TOBN(0x0eda0108, 0xa3d8b149), - TOBN(0x95066610, 0x56152fcc), TOBN(0xc2f037e6, 0xe7192b33), - TOBN(0xdeffb41a, 0xc92e05a4), TOBN(0x1105f6c2, 0xc2f6c62e), - TOBN(0x68e73500, 0x8733913c), TOBN(0xcce86163, 0x3f3adc40), - TOBN(0xf407a942, 0x38a278e9), TOBN(0xd13c1b9d, 0x2ab21292), - TOBN(0x93ed7ec7, 0x1c74cf5c), TOBN(0x8887dc48, 0xf1a4c1b4), - TOBN(0x3830ff30, 0x4b3a11f1), TOBN(0x358c5a3c, 0x58937cb6), - TOBN(0x027dc404, 0x89022829), TOBN(0x40e93977, 0x3b798f79), - TOBN(0x90ad3337, 0x38be6ead), TOBN(0x9c23f6bc, 0xf34c0a5d), - TOBN(0xd1711a35, 0xfbffd8bb), TOBN(0x60fcfb49, 0x1949d3dd), - TOBN(0x09c8ef4b, 0x7825d93a), TOBN(0x24233cff, 0xa0a8c968), - TOBN(0x67ade46c, 0xe6d982af), TOBN(0xebb6bf3e, 0xe7544d7c), - TOBN(0xd6b9ba76, 0x3d8bd087), TOBN(0x46fe382d, 0x4dc61280), - TOBN(0xbd39a7e8, 0xb5bdbd75), TOBN(0xab381331, 0xb8f228fe), - TOBN(0x0709a77c, 0xce1c4300), TOBN(0x6a247e56, 0xf337ceac), - TOBN(0x8f34f21b, 0x636288be), TOBN(0x9dfdca74, 0xc8a7c305), - TOBN(0x6decfd1b, 0xea919e04), TOBN(0xcdf2688d, 0x8e1991f8), - TOBN(0xe607df44, 0xd0f8a67e), TOBN(0xd985df4b, 0x0b58d010), - TOBN(0x57f834c5, 0x0c24f8f4), TOBN(0xe976ef56, 0xa0bf01ae), - TOBN(0x536395ac, 0xa1c32373), TOBN(0x351027aa, 0x734c0a13), - TOBN(0xd2f1b5d6, 0x5e6bd5bc), TOBN(0x2b539e24, 0x223debed), - TOBN(0xd4994cec, 0x0eaa1d71), TOBN(0x2a83381d, 0x661dcf65), - TOBN(0x5f1aed2f, 0x7b54c740), TOBN(0x0bea3fa5, 0xd6dda5ee), - TOBN(0x9d4fb684, 0x36cc6134), TOBN(0x8eb9bbf3, 0xc0a443dd), - TOBN(0xfc500e2e, 0x383b7d2a), TOBN(0x7aad621c, 0x5b775257), - TOBN(0x69284d74, 0x0a8f7cc0), TOBN(0xe820c2ce, 0x07562d65), - TOBN(0xbf9531b9, 0x499758ee), TOBN(0x73e95ca5, 0x6ee0cc2d), - TOBN(0xf61790ab, 0xfbaf50a5), TOBN(0xdf55e76b, 0x684e0750), - TOBN(0xec516da7, 0xf176b005), TOBN(0x575553bb, 0x7a2dddc7), - TOBN(0x37c87ca3, 0x553afa73), TOBN(0x315f3ffc, 0x4d55c251), - TOBN(0xe846442a, 0xaf3e5d35), TOBN(0x61b91149, 0x6495ff28), - TOBN(0x23cc95d3, 0xfa326dc3), TOBN(0x1df4da1f, 0x18fc2cea), - TOBN(0x24bf9adc, 0xd0a37d59), TOBN(0xb6710053, 0x320d6e1e), - TOBN(0x96f9667e, 0x618344d1), TOBN(0xcc7ce042, 0xa06445af), - TOBN(0xa02d8514, 0xd68dbc3a), TOBN(0x4ea109e4, 0x280b5a5b), - TOBN(0x5741a7ac, 0xb40961bf), TOBN(0x4ada5937, 0x6aa56bfa), - TOBN(0x7feb9145, 0x02b765d1), TOBN(0x561e97be, 0xe6ad1582), - TOBN(0xbbc4a5b6, 0xda3982f5), TOBN(0x0c2659ed, 0xb546f468), - TOBN(0xb8e7e6aa, 0x59612d20), TOBN(0xd83dfe20, 0xac19e8e0), - TOBN(0x8530c45f, 0xb835398c), TOBN(0x6106a8bf, 0xb38a41c2), - TOBN(0x21e8f9a6, 0x35f5dcdb), TOBN(0x39707137, 0xcae498ed), - TOBN(0x70c23834, 0xd8249f00), TOBN(0x9f14b58f, 0xab2537a0), - TOBN(0xd043c365, 0x5f61c0c2), TOBN(0xdc5926d6, 0x09a194a7), - TOBN(0xddec0339, 0x8e77738a), TOBN(0xd07a63ef, 0xfba46426), - TOBN(0x2e58e79c, 0xee7f6e86), TOBN(0xe59b0459, 0xff32d241), - TOBN(0xc5ec84e5, 0x20fa0338), TOBN(0x97939ac8, 0xeaff5ace), - TOBN(0x0310a4e3, 0xb4a38313), TOBN(0x9115fba2, 0x8f9d9885), - TOBN(0x8dd710c2, 0x5fadf8c3), TOBN(0x66be38a2, 0xce19c0e2), - TOBN(0xd42a279c, 0x4cfe5022), TOBN(0x597bb530, 0x0e24e1b8), - TOBN(0x3cde86b7, 0xc153ca7f), TOBN(0xa8d30fb3, 0x707d63bd), - TOBN(0xac905f92, 0xbd60d21e), TOBN(0x98e7ffb6, 0x7b9a54ab), - TOBN(0xd7147df8, 0xe9726a30), TOBN(0xb5e216ff, 0xafce3533), - TOBN(0xb550b799, 0x2ff1ec40), TOBN(0x6b613b87, 0xa1e953fd), - TOBN(0x87b88dba, 0x792d5610), TOBN(0x2ee1270a, 0xa190fbe1), - TOBN(0x02f4e2dc, 0x2ef581da), TOBN(0x016530e4, 0xeff82a95), - TOBN(0xcbb93dfd, 0x8fd6ee89), TOBN(0x16d3d986, 0x46848fff), - TOBN(0x600eff24, 0x1da47adf), TOBN(0x1b9754a0, 0x0ad47a71), - TOBN(0x8f9266df, 0x70c33b98), TOBN(0xaadc87ae, 0xdf34186e), - TOBN(0x0d2ce8e1, 0x4ad24132), TOBN(0x8a47cbfc, 0x19946eba), - TOBN(0x47feeb66, 0x62b5f3af), TOBN(0xcefab561, 0x0abb3734), - TOBN(0x449de60e, 0x19f35cb1), TOBN(0x39f8db14, 0x157f0eb9), - TOBN(0xffaecc5b, 0x3c61bfd6), TOBN(0xa5a4d41d, 0x41216703), - TOBN(0x7f8fabed, 0x224e1cc2), TOBN(0x0d5a8186, 0x871ad953), - TOBN(0xf10774f7, 0xd22da9a9), TOBN(0x45b8a678, 0xcc8a9b0d), - TOBN(0xd9c2e722, 0xbdc32cff), TOBN(0xbf71b5f5, 0x337202a5), - TOBN(0x95c57f2f, 0x69fc4db9), TOBN(0xb6dad34c, 0x765d01e1), - TOBN(0x7e0bd13f, 0xcb904635), TOBN(0x61751253, 0x763a588c), - TOBN(0xd85c2997, 0x81af2c2d), TOBN(0xc0f7d9c4, 0x81b9d7da), - TOBN(0x838a34ae, 0x08533e8d), TOBN(0x15c4cb08, 0x311d8311), - TOBN(0x97f83285, 0x8e121e14), TOBN(0xeea7dc1e, 0x85000a5f), - TOBN(0x0c6059b6, 0x5d256274), TOBN(0xec9beace, 0xb95075c0), - TOBN(0x173daad7, 0x1df97828), TOBN(0xbf851cb5, 0xa8937877), - TOBN(0xb083c594, 0x01646f3c), TOBN(0x3bad30cf, 0x50c6d352), - TOBN(0xfeb2b202, 0x496bbcea), TOBN(0x3cf9fd4f, 0x18a1e8ba), - TOBN(0xd26de7ff, 0x1c066029), TOBN(0x39c81e9e, 0x4e9ed4f8), - TOBN(0xd8be0cb9, 0x7b390d35), TOBN(0x01df2bbd, 0x964aab27), - TOBN(0x3e8c1a65, 0xc3ef64f8), TOBN(0x567291d1, 0x716ed1dd), - TOBN(0x95499c6c, 0x5f5406d3), TOBN(0x71fdda39, 0x5ba8e23f), - TOBN(0xcfeb320e, 0xd5096ece), TOBN(0xbe7ba92b, 0xca66dd16), - TOBN(0x4608d36b, 0xc6fb5a7d), TOBN(0xe3eea15a, 0x6d2dd0e0), - TOBN(0x75b0a3eb, 0x8f97a36a), TOBN(0xf59814cc, 0x1c83de1e), - TOBN(0x56c9c5b0, 0x1c33c23f), TOBN(0xa96c1da4, 0x6faa4136), - TOBN(0x46bf2074, 0xde316551), TOBN(0x3b866e7b, 0x1f756c8f), - TOBN(0x727727d8, 0x1495ed6b), TOBN(0xb2394243, 0xb682dce7), - TOBN(0x8ab8454e, 0x758610f3), TOBN(0xc243ce84, 0x857d72a4), - TOBN(0x7b320d71, 0xdbbf370f), TOBN(0xff9afa37, 0x78e0f7ca), - TOBN(0x0119d1e0, 0xea7b523f), TOBN(0xb997f8cb, 0x058c7d42), - TOBN(0x285bcd2a, 0x37bbb184), TOBN(0x51dcec49, 0xa45d1fa6), - TOBN(0x6ade3b64, 0xe29634cb), TOBN(0x080c94a7, 0x26b86ef1), - TOBN(0xba583db1, 0x2283fbe3), TOBN(0x902bddc8, 0x5a9315ed), - TOBN(0x07c1ccb3, 0x86964bec), TOBN(0x78f4eacf, 0xb6258301), - TOBN(0x4bdf3a49, 0x56f90823), TOBN(0xba0f5080, 0x741d777b), - TOBN(0x091d71c3, 0xf38bf760), TOBN(0x9633d50f, 0x9b625b02), - TOBN(0x03ecb743, 0xb8c9de61), TOBN(0xb4751254, 0x5de74720), - TOBN(0x9f9defc9, 0x74ce1cb2), TOBN(0x774a4f6a, 0x00bd32ef), - TOBN(0xaca385f7, 0x73848f22), TOBN(0x53dad716, 0xf3f8558e), - TOBN(0xab7b34b0, 0x93c471f9), TOBN(0xf530e069, 0x19644bc7), - TOBN(0x3d9fb1ff, 0xdd59d31a), TOBN(0x4382e0df, 0x08daa795), - TOBN(0x165c6f4b, 0xd5cc88d7), TOBN(0xeaa392d5, 0x4a18c900), - TOBN(0x94203c67, 0x648024ee), TOBN(0x188763f2, 0x8c2fabcd), - TOBN(0xa80f87ac, 0xbbaec835), TOBN(0x632c96e0, 0xf29d8d54), - TOBN(0x29b0a60e, 0x4c00a95e), TOBN(0x2ef17f40, 0xe011e9fa), - TOBN(0xf6c0e1d1, 0x15b77223), TOBN(0xaaec2c62, 0x14b04e32), - TOBN(0xd35688d8, 0x3d84e58c), TOBN(0x2af5094c, 0x958571db), - TOBN(0x4fff7e19, 0x760682a6), TOBN(0x4cb27077, 0xe39a407c), - TOBN(0x0f59c547, 0x4ff0e321), TOBN(0x169f34a6, 0x1b34c8ff), - TOBN(0x2bff1096, 0x52bc1ba7), TOBN(0xa25423b7, 0x83583544), - TOBN(0x5d55d5d5, 0x0ac8b782), TOBN(0xff6622ec, 0x2db3c892), - TOBN(0x48fce741, 0x6b8bb642), TOBN(0x31d6998c, 0x69d7e3dc), - TOBN(0xdbaf8004, 0xcadcaed0), TOBN(0x801b0142, 0xd81d053c), - TOBN(0x94b189fc, 0x59630ec6), TOBN(0x120e9934, 0xaf762c8e), - TOBN(0x53a29aa4, 0xfdc6a404), TOBN(0x19d8e01e, 0xa1909948), - TOBN(0x3cfcabf1, 0xd7e89681), TOBN(0x3321a50d, 0x4e132d37), - TOBN(0xd0496863, 0xe9a86111), TOBN(0x8c0cde61, 0x06a3bc65), - TOBN(0xaf866c49, 0xfc9f8eef), TOBN(0x2066350e, 0xff7f5141), - TOBN(0x4f8a4689, 0xe56ddfbd), TOBN(0xea1b0c07, 0xfe32983a), - TOBN(0x2b317462, 0x873cb8cb), TOBN(0x658deddc, 0x2d93229f), - TOBN(0x65efaf4d, 0x0f64ef58), TOBN(0xfe43287d, 0x730cc7a8), - TOBN(0xaebc0c72, 0x3d047d70), TOBN(0x92efa539, 0xd92d26c9), - TOBN(0x06e78457, 0x94b56526), TOBN(0x415cb80f, 0x0961002d), - TOBN(0x89e5c565, 0x76dcb10f), TOBN(0x8bbb6982, 0xff9259fe), - TOBN(0x4fe8795b, 0x9abc2668), TOBN(0xb5d4f534, 0x1e678fb1), - TOBN(0x6601f3be, 0x7b7da2b9), TOBN(0x98da59e2, 0xa13d6805), - TOBN(0x190d8ea6, 0x01799a52), TOBN(0xa20cec41, 0xb86d2952), - TOBN(0x3062ffb2, 0x7fff2a7c), TOBN(0x741b32e5, 0x79f19d37), - TOBN(0xf80d8181, 0x4eb57d47), TOBN(0x7a2d0ed4, 0x16aef06b), - TOBN(0x09735fb0, 0x1cecb588), TOBN(0x1641caaa, 0xc6061f5b)} - , - {TOBN(0x7f99824f, 0x20151427), TOBN(0x206828b6, 0x92430206), - TOBN(0xaa9097d7, 0xe1112357), TOBN(0xacf9a2f2, 0x09e414ec), - TOBN(0xdbdac9da, 0x27915356), TOBN(0x7e0734b7, 0x001efee3), - TOBN(0x54fab5bb, 0xd2b288e2), TOBN(0x4c630fc4, 0xf62dd09c), - TOBN(0x8537107a, 0x1ac2703b), TOBN(0xb49258d8, 0x6bc857b5), - TOBN(0x57df14de, 0xbcdaccd1), TOBN(0x24ab68d7, 0xc4ae8529), - TOBN(0x7ed8b5d4, 0x734e59d0), TOBN(0x5f8740c8, 0xc495cc80), - TOBN(0x84aedd5a, 0x291db9b3), TOBN(0x80b360f8, 0x4fb995be), - TOBN(0xae915f5d, 0x5fa067d1), TOBN(0x4134b57f, 0x9668960c), - TOBN(0xbd3656d6, 0xa48edaac), TOBN(0xdac1e3e4, 0xfc1d7436), - TOBN(0x674ff869, 0xd81fbb26), TOBN(0x449ed3ec, 0xb26c33d4), - TOBN(0x85138705, 0xd94203e8), TOBN(0xccde538b, 0xbeeb6f4a), - TOBN(0x55d5c68d, 0xa61a76fa), TOBN(0x598b441d, 0xca1554dc), - TOBN(0xd39923b9, 0x773b279c), TOBN(0x33331d3c, 0x36bf9efc), - TOBN(0x2d4c848e, 0x298de399), TOBN(0xcfdb8e77, 0xa1a27f56), - TOBN(0x94c855ea, 0x57b8ab70), TOBN(0xdcdb9dae, 0x6f7879ba), - TOBN(0x7bdff8c2, 0x019f2a59), TOBN(0xb3ce5bb3, 0xcb4fbc74), - TOBN(0xea907f68, 0x8a9173dd), TOBN(0x6cd3d0d3, 0x95a75439), - TOBN(0x92ecc4d6, 0xefed021c), TOBN(0x09a9f9b0, 0x6a77339a), - TOBN(0x87ca6b15, 0x7188c64a), TOBN(0x10c29968, 0x44899158), - TOBN(0x5859a229, 0xed6e82ef), TOBN(0x16f338e3, 0x65ebaf4e), - TOBN(0x0cd31387, 0x5ead67ae), TOBN(0x1c73d228, 0x54ef0bb4), - TOBN(0x4cb55131, 0x74a5c8c7), TOBN(0x01cd2970, 0x7f69ad6a), - TOBN(0xa04d00dd, 0xe966f87e), TOBN(0xd96fe447, 0x0b7b0321), - TOBN(0x342ac06e, 0x88fbd381), TOBN(0x02cd4a84, 0x5c35a493), - TOBN(0xe8fa89de, 0x54f1bbcd), TOBN(0x341d6367, 0x2575ed4c), - TOBN(0xebe357fb, 0xd238202b), TOBN(0x600b4d1a, 0xa984ead9), - TOBN(0xc35c9f44, 0x52436ea0), TOBN(0x96fe0a39, 0xa370751b), - TOBN(0x4c4f0736, 0x7f636a38), TOBN(0x9f943fb7, 0x0e76d5cb), - TOBN(0xb03510ba, 0xa8b68b8b), TOBN(0xc246780a, 0x9ed07a1f), - TOBN(0x3c051415, 0x6d549fc2), TOBN(0xc2953f31, 0x607781ca), - TOBN(0x955e2c69, 0xd8d95413), TOBN(0xb300fadc, 0x7bd282e3), - TOBN(0x81fe7b50, 0x87e9189f), TOBN(0xdb17375c, 0xf42dda27), - TOBN(0x22f7d896, 0xcf0a5904), TOBN(0xa0e57c5a, 0xebe348e6), - TOBN(0xa61011d3, 0xf40e3c80), TOBN(0xb1189321, 0x8db705c5), - TOBN(0x4ed9309e, 0x50fedec3), TOBN(0xdcf14a10, 0x4d6d5c1d), - TOBN(0x056c265b, 0x55691342), TOBN(0xe8e08504, 0x91049dc7), - TOBN(0x131329f5, 0xc9bae20a), TOBN(0x96c8b3e8, 0xd9dccdb4), - TOBN(0x8c5ff838, 0xfb4ee6b4), TOBN(0xfc5a9aeb, 0x41e8ccf0), - TOBN(0x7417b764, 0xfae050c6), TOBN(0x0953c3d7, 0x00452080), - TOBN(0x21372682, 0x38dfe7e8), TOBN(0xea417e15, 0x2bb79d4b), - TOBN(0x59641f1c, 0x76e7cf2d), TOBN(0x271e3059, 0xea0bcfcc), - TOBN(0x624c7dfd, 0x7253ecbd), TOBN(0x2f552e25, 0x4fca6186), - TOBN(0xcbf84ecd, 0x4d866e9c), TOBN(0x73967709, 0xf68d4610), - TOBN(0xa14b1163, 0xc27901b4), TOBN(0xfd9236e0, 0x899b8bf3), - TOBN(0x42b091ec, 0xcbc6da0a), TOBN(0xbb1dac6f, 0x5ad1d297), - TOBN(0x80e61d53, 0xa91cf76e), TOBN(0x4110a412, 0xd31f1ee7), - TOBN(0x2d87c3ba, 0x13efcf77), TOBN(0x1f374bb4, 0xdf450d76), - TOBN(0x5e78e2f2, 0x0d188dab), TOBN(0xe3968ed0, 0xf4b885ef), - TOBN(0x46c0568e, 0x7314570f), TOBN(0x31616338, 0x01170521), - TOBN(0x18e1e7e2, 0x4f0c8afe), TOBN(0x4caa75ff, 0xdeea78da), - TOBN(0x82db67f2, 0x7c5d8a51), TOBN(0x36a44d86, 0x6f505370), - TOBN(0xd72c5bda, 0x0333974f), TOBN(0x5db516ae, 0x27a70146), - TOBN(0x34705281, 0x210ef921), TOBN(0xbff17a8f, 0x0c9c38e5), - TOBN(0x78f4814e, 0x12476da1), TOBN(0xc1e16613, 0x33c16980), - TOBN(0x9e5b386f, 0x424d4bca), TOBN(0x4c274e87, 0xc85740de), - TOBN(0xb6a9b88d, 0x6c2f5226), TOBN(0x14d1b944, 0x550d7ca8), - TOBN(0x580c85fc, 0x1fc41709), TOBN(0xc1da368b, 0x54c6d519), - TOBN(0x2b0785ce, 0xd5113cf7), TOBN(0x0670f633, 0x5a34708f), - TOBN(0x46e23767, 0x15cc3f88), TOBN(0x1b480cfa, 0x50c72c8f), - TOBN(0x20288602, 0x4147519a), TOBN(0xd0981eac, 0x26b372f0), - TOBN(0xa9d4a7ca, 0xa785ebc8), TOBN(0xd953c50d, 0xdbdf58e9), - TOBN(0x9d6361cc, 0xfd590f8f), TOBN(0x72e9626b, 0x44e6c917), - TOBN(0x7fd96110, 0x22eb64cf), TOBN(0x863ebb7e, 0x9eb288f3), - TOBN(0x6e6ab761, 0x6aca8ee7), TOBN(0x97d10b39, 0xd7b40358), - TOBN(0x1687d377, 0x1e5feb0d), TOBN(0xc83e50e4, 0x8265a27a), - TOBN(0x8f75a9fe, 0xc954b313), TOBN(0xcc2e8f47, 0x310d1f61), - TOBN(0xf5ba81c5, 0x6557d0e0), TOBN(0x25f9680c, 0x3eaf6207), - TOBN(0xf95c6609, 0x4354080b), TOBN(0x5225bfa5, 0x7bf2fe1c), - TOBN(0xc5c004e2, 0x5c7d98fa), TOBN(0x3561bf1c, 0x019aaf60), - TOBN(0x5e6f9f17, 0xba151474), TOBN(0xdec2f934, 0xb04f6eca), - TOBN(0x64e368a1, 0x269acb1e), TOBN(0x1332d9e4, 0x0cdda493), - TOBN(0x60d6cf69, 0xdf23de05), TOBN(0x66d17da2, 0x009339a0), - TOBN(0x9fcac985, 0x0a693923), TOBN(0xbcf057fc, 0xed7c6a6d), - TOBN(0xc3c5c8c5, 0xf0b5662c), TOBN(0x25318dd8, 0xdcba4f24), - TOBN(0x60e8cb75, 0x082b69ff), TOBN(0x7c23b3ee, 0x1e728c01), - TOBN(0x15e10a0a, 0x097e4403), TOBN(0xcb3d0a86, 0x19854665), - TOBN(0x88d8e211, 0xd67d4826), TOBN(0xb39af66e, 0x0b9d2839), - TOBN(0xa5f94588, 0xbd475ca8), TOBN(0xe06b7966, 0xc077b80b), - TOBN(0xfedb1485, 0xda27c26c), TOBN(0xd290d33a, 0xfe0fd5e0), - TOBN(0xa40bcc47, 0xf34fb0fa), TOBN(0xb4760cc8, 0x1fb1ab09), - TOBN(0x8fca0993, 0xa273bfe3), TOBN(0x13e4fe07, 0xf70b213c), - TOBN(0x3bcdb992, 0xfdb05163), TOBN(0x8c484b11, 0x0c2b19b6), - TOBN(0x1acb815f, 0xaaf2e3e2), TOBN(0xc6905935, 0xb89ff1b4), - TOBN(0xb2ad6f9d, 0x586e74e1), TOBN(0x488883ad, 0x67b80484), - TOBN(0x758aa2c7, 0x369c3ddb), TOBN(0x8ab74e69, 0x9f9afd31), - TOBN(0x10fc2d28, 0x5e21beb1), TOBN(0x3484518a, 0x318c42f9), - TOBN(0x377427dc, 0x53cf40c3), TOBN(0x9de0781a, 0x391bc1d9), - TOBN(0x8faee858, 0x693807e1), TOBN(0xa3865327, 0x4e81ccc7), - TOBN(0x02c30ff2, 0x6f835b84), TOBN(0xb604437b, 0x0d3d38d4), - TOBN(0xb3fc8a98, 0x5ca1823d), TOBN(0xb82f7ec9, 0x03be0324), - TOBN(0xee36d761, 0xcf684a33), TOBN(0x5a01df0e, 0x9f29bf7d), - TOBN(0x686202f3, 0x1306583d), TOBN(0x05b10da0, 0x437c622e), - TOBN(0xbf9aaa0f, 0x076a7bc8), TOBN(0x25e94efb, 0x8f8f4e43), - TOBN(0x8a35c9b7, 0xfa3dc26d), TOBN(0xe0e5fb93, 0x96ff03c5), - TOBN(0xa77e3843, 0xebc394ce), TOBN(0xcede6595, 0x8361de60), - TOBN(0xd27c22f6, 0xa1993545), TOBN(0xab01cc36, 0x24d671ba), - TOBN(0x63fa2877, 0xa169c28e), TOBN(0x925ef904, 0x2eb08376), - TOBN(0x3b2fa3cf, 0x53aa0b32), TOBN(0xb27beb5b, 0x71c49d7a), - TOBN(0xb60e1834, 0xd105e27f), TOBN(0xd6089788, 0x4f68570d), - TOBN(0x23094ce0, 0xd6fbc2ac), TOBN(0x738037a1, 0x815ff551), - TOBN(0xda73b1bb, 0x6bef119c), TOBN(0xdcf6c430, 0xeef506ba), - TOBN(0x00e4fe7b, 0xe3ef104a), TOBN(0xebdd9a2c, 0x0a065628), - TOBN(0x853a81c3, 0x8792043e), TOBN(0x22ad6ece, 0xb3b59108), - TOBN(0x9fb813c0, 0x39cd297d), TOBN(0x8ec7e16e, 0x05bda5d9), - TOBN(0x2834797c, 0x0d104b96), TOBN(0xcc11a2e7, 0x7c511510), - TOBN(0x96ca5a53, 0x96ee6380), TOBN(0x054c8655, 0xcea38742), - TOBN(0xb5946852, 0xd54dfa7d), TOBN(0x97c422e7, 0x1f4ab207), - TOBN(0xbf907509, 0x0c22b540), TOBN(0x2cde42aa, 0xb7c267d4), - TOBN(0xba18f9ed, 0x5ab0d693), TOBN(0x3ba62aa6, 0x6e4660d9), - TOBN(0xb24bf97b, 0xab9ea96a), TOBN(0x5d039642, 0xe3b60e32), - TOBN(0x4e6a4506, 0x7c4d9bd5), TOBN(0x666c5b9e, 0x7ed4a6a4), - TOBN(0xfa3fdcd9, 0x8edbd7cc), TOBN(0x4660bb87, 0xc6ccd753), - TOBN(0x9ae90820, 0x21e6b64f), TOBN(0x8a56a713, 0xb36bfb3f), - TOBN(0xabfce096, 0x5726d47f), TOBN(0x9eed01b2, 0x0b1a9a7f), - TOBN(0x30e9cad4, 0x4eb74a37), TOBN(0x7b2524cc, 0x53e9666d), - TOBN(0x6a29683b, 0x8f4b002f), TOBN(0xc2200d7a, 0x41f4fc20), - TOBN(0xcf3af47a, 0x3a338acc), TOBN(0x6539a4fb, 0xe7128975), - TOBN(0xcec31c14, 0xc33c7fcf), TOBN(0x7eb6799b, 0xc7be322b), - TOBN(0x119ef4e9, 0x6646f623), TOBN(0x7b7a26a5, 0x54d7299b), - TOBN(0xcb37f08d, 0x403f46f2), TOBN(0x94b8fc43, 0x1a0ec0c7), - TOBN(0xbb8514e3, 0xc332142f), TOBN(0xf3ed2c33, 0xe80d2a7a), - TOBN(0x8d2080af, 0xb639126c), TOBN(0xf7b6be60, 0xe3553ade), - TOBN(0x3950aa9f, 0x1c7e2b09), TOBN(0x847ff958, 0x6410f02b), - TOBN(0x877b7cf5, 0x678a31b0), TOBN(0xd50301ae, 0x3998b620), - TOBN(0x734257c5, 0xc00fb396), TOBN(0xf9fb18a0, 0x04e672a6), - TOBN(0xff8bd8eb, 0xe8758851), TOBN(0x1e64e4c6, 0x5d99ba44), - TOBN(0x4b8eaedf, 0x7dfd93b7), TOBN(0xba2f2a98, 0x04e76b8c), - TOBN(0x7d790cba, 0xe8053433), TOBN(0xc8e725a0, 0x3d2c9585), - TOBN(0x58c5c476, 0xcdd8f5ed), TOBN(0xd106b952, 0xefa9fe1d), - TOBN(0x3c5c775b, 0x0eff13a9), TOBN(0x242442ba, 0xe057b930), - TOBN(0xe9f458d4, 0xc9b70cbd), TOBN(0x69b71448, 0xa3cdb89a), - TOBN(0x41ee46f6, 0x0e2ed742), TOBN(0x573f1045, 0x40067493), - TOBN(0xb1e154ff, 0x9d54c304), TOBN(0x2ad0436a, 0x8d3a7502), - TOBN(0xee4aaa2d, 0x431a8121), TOBN(0xcd38b3ab, 0x886f11ed), - TOBN(0x57d49ea6, 0x034a0eb7), TOBN(0xd2b773bd, 0xf7e85e58), - TOBN(0x4a559ac4, 0x9b5c1f14), TOBN(0xc444be1a, 0x3e54df2b), - TOBN(0x13aad704, 0xeda41891), TOBN(0xcd927bec, 0x5eb5c788), - TOBN(0xeb3c8516, 0xe48c8a34), TOBN(0x1b7ac812, 0x4b546669), - TOBN(0x1815f896, 0x594df8ec), TOBN(0x87c6a79c, 0x79227865), - TOBN(0xae02a2f0, 0x9b56ddbd), TOBN(0x1339b5ac, 0x8a2f1cf3), - TOBN(0xf2b569c7, 0x839dff0d), TOBN(0xb0b9e864, 0xfee9a43d), - TOBN(0x4ff8ca41, 0x77bb064e), TOBN(0x145a2812, 0xfd249f63), - TOBN(0x3ab7beac, 0xf86f689a), TOBN(0x9bafec27, 0x01d35f5e), - TOBN(0x28054c65, 0x4265aa91), TOBN(0xa4b18304, 0x035efe42), - TOBN(0x6887b0e6, 0x9639dec7), TOBN(0xf4b8f6ad, 0x3d52aea5), - TOBN(0xfb9293cc, 0x971a8a13), TOBN(0x3f159e5d, 0x4c934d07), - TOBN(0x2c50e9b1, 0x09acbc29), TOBN(0x08eb65e6, 0x7154d129), - TOBN(0x4feff589, 0x30b75c3e), TOBN(0x0bb82fe2, 0x94491c93), - TOBN(0xd8ac377a, 0x89af62bb), TOBN(0xd7b51490, 0x9685e49f), - TOBN(0xabca9a7b, 0x04497f19), TOBN(0x1b35ed0a, 0x1a7ad13f), - TOBN(0x6b601e21, 0x3ec86ed6), TOBN(0xda91fcb9, 0xce0c76f1), - TOBN(0x9e28507b, 0xd7ab27e1), TOBN(0x7c19a555, 0x63945b7b), - TOBN(0x6b43f0a1, 0xaafc9827), TOBN(0x443b4fbd, 0x3aa55b91), - TOBN(0x962b2e65, 0x6962c88f), TOBN(0x139da8d4, 0xce0db0ca), - TOBN(0xb93f05dd, 0x1b8d6c4f), TOBN(0x779cdff7, 0x180b9824), - TOBN(0xbba23fdd, 0xae57c7b7), TOBN(0x345342f2, 0x1b932522), - TOBN(0xfd9c80fe, 0x556d4aa3), TOBN(0xa03907ba, 0x6525bb61), - TOBN(0x38b010e1, 0xff218933), TOBN(0xc066b654, 0xaa52117b), - TOBN(0x8e141920, 0x94f2e6ea), TOBN(0x66a27dca, 0x0d32f2b2), - TOBN(0x69c7f993, 0x048b3717), TOBN(0xbf5a989a, 0xb178ae1c), - TOBN(0x49fa9058, 0x564f1d6b), TOBN(0x27ec6e15, 0xd31fde4e), - TOBN(0x4cce0373, 0x7276e7fc), TOBN(0x64086d79, 0x89d6bf02), - TOBN(0x5a72f046, 0x4ccdd979), TOBN(0x909c3566, 0x47775631), - TOBN(0x1c07bc6b, 0x75dd7125), TOBN(0xb4c6bc97, 0x87a0428d), - TOBN(0x507ece52, 0xfdeb6b9d), TOBN(0xfca56512, 0xb2c95432), - TOBN(0x15d97181, 0xd0e8bd06), TOBN(0x384dd317, 0xc6bb46ea), - TOBN(0x5441ea20, 0x3952b624), TOBN(0xbcf70dee, 0x4e7dc2fb), - TOBN(0x372b016e, 0x6628e8c3), TOBN(0x07a0d667, 0xb60a7522), - TOBN(0xcf05751b, 0x0a344ee2), TOBN(0x0ec09a48, 0x118bdeec), - TOBN(0x6e4b3d4e, 0xd83dce46), TOBN(0x43a6316d, 0x99d2fc6e), - TOBN(0xa99d8989, 0x56cf044c), TOBN(0x7c7f4454, 0xae3e5fb7), - TOBN(0xb2e6b121, 0xfbabbe92), TOBN(0x281850fb, 0xe1330076), - TOBN(0x093581ec, 0x97890015), TOBN(0x69b1dded, 0x75ff77f5), - TOBN(0x7cf0b18f, 0xab105105), TOBN(0x953ced31, 0xa89ccfef), - TOBN(0x3151f85f, 0xeb914009), TOBN(0x3c9f1b87, 0x88ed48ad), - TOBN(0xc9aba1a1, 0x4a7eadcb), TOBN(0x928e7501, 0x522e71cf), - TOBN(0xeaede727, 0x3a2e4f83), TOBN(0x467e10d1, 0x1ce3bbd3), - TOBN(0xf3442ac3, 0xb955dcf0), TOBN(0xba96307d, 0xd3d5e527), - TOBN(0xf763a10e, 0xfd77f474), TOBN(0x5d744bd0, 0x6a6e1ff0), - TOBN(0xd287282a, 0xa777899e), TOBN(0xe20eda8f, 0xd03f3cde), - TOBN(0x6a7e75bb, 0x50b07d31), TOBN(0x0b7e2a94, 0x6f379de4), - TOBN(0x31cb64ad, 0x19f593cf), TOBN(0x7b1a9e4f, 0x1e76ef1d), - TOBN(0xe18c9c9d, 0xb62d609c), TOBN(0x439bad6d, 0xe779a650), - TOBN(0x219d9066, 0xe032f144), TOBN(0x1db632b8, 0xe8b2ec6a), - TOBN(0xff0d0fd4, 0xfda12f78), TOBN(0x56fb4c2d, 0x2a25d265), - TOBN(0x5f4e2ee1, 0x255a03f1), TOBN(0x61cd6af2, 0xe96af176), - TOBN(0xe0317ba8, 0xd068bc97), TOBN(0x927d6bab, 0x264b988e), - TOBN(0xa18f07e0, 0xe90fb21e), TOBN(0x00fd2b80, 0xbba7fca1), - TOBN(0x20387f27, 0x95cd67b5), TOBN(0x5b89a4e7, 0xd39707f7), - TOBN(0x8f83ad3f, 0x894407ce), TOBN(0xa0025b94, 0x6c226132), - TOBN(0xc79563c7, 0xf906c13b), TOBN(0x5f548f31, 0x4e7bb025), - TOBN(0x2b4c6b8f, 0xeac6d113), TOBN(0xa67e3f9c, 0x0e813c76), - TOBN(0x3982717c, 0x3fe1f4b9), TOBN(0x58865819, 0x26d8050e), - TOBN(0x99f3640c, 0xf7f06f20), TOBN(0xdc610216, 0x2a66ebc2), - TOBN(0x52f2c175, 0x767a1e08), TOBN(0x05660e1a, 0x5999871b), - TOBN(0x6b0f1762, 0x6d3c4693), TOBN(0xf0e7d627, 0x37ed7bea), - TOBN(0xc51758c7, 0xb75b226d), TOBN(0x40a88628, 0x1f91613b), - TOBN(0x889dbaa7, 0xbbb38ce0), TOBN(0xe0404b65, 0xbddcad81), - TOBN(0xfebccd3a, 0x8bc9671f), TOBN(0xfbf9a357, 0xee1f5375), - TOBN(0x5dc169b0, 0x28f33398), TOBN(0xb07ec11d, 0x72e90f65), - TOBN(0xae7f3b4a, 0xfaab1eb1), TOBN(0xd970195e, 0x5f17538a), - TOBN(0x52b05cbe, 0x0181e640), TOBN(0xf5debd62, 0x2643313d), - TOBN(0x76148154, 0x5df31f82), TOBN(0x23e03b33, 0x3a9e13c5), - TOBN(0xff758949, 0x4fde0c1f), TOBN(0xbf8a1abe, 0xe5b6ec20), - TOBN(0x702278fb, 0x87e1db6c), TOBN(0xc447ad7a, 0x35ed658f), - TOBN(0x48d4aa38, 0x03d0ccf2), TOBN(0x80acb338, 0x819a7c03), - TOBN(0x9bc7c89e, 0x6e17cecc), TOBN(0x46736b8b, 0x03be1d82), - TOBN(0xd65d7b60, 0xc0432f96), TOBN(0xddebe7a3, 0xdeb5442f), - TOBN(0x79a25307, 0x7dff69a2), TOBN(0x37a56d94, 0x02cf3122), - TOBN(0x8bab8aed, 0xf2350d0a), TOBN(0x13c3f276, 0x037b0d9a), - TOBN(0xc664957c, 0x44c65cae), TOBN(0x88b44089, 0xc2e71a88), - TOBN(0xdb88e5a3, 0x5cb02664), TOBN(0x5d4c0bf1, 0x8686c72e), - TOBN(0xea3d9b62, 0xa682d53e), TOBN(0x9b605ef4, 0x0b2ad431), - TOBN(0x71bac202, 0xc69645d0), TOBN(0xa115f03a, 0x6a1b66e7), - TOBN(0xfe2c563a, 0x158f4dc4), TOBN(0xf715b3a0, 0x4d12a78c), - TOBN(0x8f7f0a48, 0xd413213a), TOBN(0x2035806d, 0xc04becdb), - TOBN(0xecd34a99, 0x5d8587f5), TOBN(0x4d8c3079, 0x9f6d3a71), - TOBN(0x1b2a2a67, 0x8d95a8f6), TOBN(0xc58c9d7d, 0xf2110d0d), - TOBN(0xdeee81d5, 0xcf8fba3f), TOBN(0xa42be3c0, 0x0c7cdf68), - TOBN(0x2126f742, 0xd43b5eaa), TOBN(0x054a0766, 0xdfa59b85), - TOBN(0x9d0d5e36, 0x126bfd45), TOBN(0xa1f8fbd7, 0x384f8a8f), - TOBN(0x317680f5, 0xd563fccc), TOBN(0x48ca5055, 0xf280a928), - TOBN(0xe00b81b2, 0x27b578cf), TOBN(0x10aad918, 0x2994a514), - TOBN(0xd9e07b62, 0xb7bdc953), TOBN(0x9f0f6ff2, 0x5bc086dd), - TOBN(0x09d1ccff, 0x655eee77), TOBN(0x45475f79, 0x5bef7df1), - TOBN(0x3faa28fa, 0x86f702cc), TOBN(0x92e60905, 0x0f021f07), - TOBN(0xe9e62968, 0x7f8fa8c6), TOBN(0xbd71419a, 0xf036ea2c), - TOBN(0x171ee1cc, 0x6028da9a), TOBN(0x5352fe1a, 0xc251f573), - TOBN(0xf8ff236e, 0x3fa997f4), TOBN(0xd831b6c9, 0xa5749d5f), - TOBN(0x7c872e1d, 0xe350e2c2), TOBN(0xc56240d9, 0x1e0ce403), - TOBN(0xf9deb077, 0x6974f5cb), TOBN(0x7d50ba87, 0x961c3728), - TOBN(0xd6f89426, 0x5a3a2518), TOBN(0xcf817799, 0xc6303d43), - TOBN(0x510a0471, 0x619e5696), TOBN(0xab049ff6, 0x3a5e307b), - TOBN(0xe4cdf9b0, 0xfeb13ec7), TOBN(0xd5e97117, 0x9d8ff90c), - TOBN(0xf6f64d06, 0x9afa96af), TOBN(0x00d0bf5e, 0x9d2012a2), - TOBN(0xe63f301f, 0x358bcdc0), TOBN(0x07689e99, 0x0a9d47f8), - TOBN(0x1f689e2f, 0x4f43d43a), TOBN(0x4d542a16, 0x90920904), - TOBN(0xaea293d5, 0x9ca0a707), TOBN(0xd061fe45, 0x8ac68065), - TOBN(0x1033bf1b, 0x0090008c), TOBN(0x29749558, 0xc08a6db6), - TOBN(0x74b5fc59, 0xc1d5d034), TOBN(0xf712e9f6, 0x67e215e0), - TOBN(0xfd520cbd, 0x860200e6), TOBN(0x0229acb4, 0x3ea22588), - TOBN(0x9cd1e14c, 0xfff0c82e), TOBN(0x87684b62, 0x59c69e73), - TOBN(0xda85e61c, 0x96ccb989), TOBN(0x2d5dbb02, 0xa3d06493), - TOBN(0xf22ad33a, 0xe86b173c), TOBN(0xe8e41ea5, 0xa79ff0e3), - TOBN(0x01d2d725, 0xdd0d0c10), TOBN(0x31f39088, 0x032d28f9), - TOBN(0x7b3f71e1, 0x7829839e), TOBN(0x0cf691b4, 0x4502ae58), - TOBN(0xef658dbd, 0xbefc6115), TOBN(0xa5cd6ee5, 0xb3ab5314), - TOBN(0x206c8d7b, 0x5f1d2347), TOBN(0x794645ba, 0x4cc2253a), - TOBN(0xd517d8ff, 0x58389e08), TOBN(0x4fa20dee, 0x9f847288), - TOBN(0xeba072d8, 0xd797770a), TOBN(0x7360c91d, 0xbf429e26), - TOBN(0x7200a3b3, 0x80af8279), TOBN(0x6a1c9150, 0x82dadce3), - TOBN(0x0ee6d3a7, 0xc35d8794), TOBN(0x042e6558, 0x0356bae5), - TOBN(0x9f59698d, 0x643322fd), TOBN(0x9379ae15, 0x50a61967), - TOBN(0x64b9ae62, 0xfcc9981e), TOBN(0xaed3d631, 0x6d2934c6), - TOBN(0x2454b302, 0x5e4e65eb), TOBN(0xab09f647, 0xf9950428)} - , - {TOBN(0xb2083a12, 0x22248acc), TOBN(0x1f6ec0ef, 0x3264e366), - TOBN(0x5659b704, 0x5afdee28), TOBN(0x7a823a40, 0xe6430bb5), - TOBN(0x24592a04, 0xe1900a79), TOBN(0xcde09d4a, 0xc9ee6576), - TOBN(0x52b6463f, 0x4b5ea54a), TOBN(0x1efe9ed3, 0xd3ca65a7), - TOBN(0xe27a6dbe, 0x305406dd), TOBN(0x8eb7dc7f, 0xdd5d1957), - TOBN(0xf54a6876, 0x387d4d8f), TOBN(0x9c479409, 0xc7762de4), - TOBN(0xbe4d5b5d, 0x99b30778), TOBN(0x25380c56, 0x6e793682), - TOBN(0x602d37f3, 0xdac740e3), TOBN(0x140deabe, 0x1566e4ae), - TOBN(0x4481d067, 0xafd32acf), TOBN(0xd8f0fcca, 0xe1f71ccf), - TOBN(0xd208dd0c, 0xb596f2da), TOBN(0xd049d730, 0x9aad93f9), - TOBN(0xc79f263d, 0x42ab580e), TOBN(0x09411bb1, 0x23f707b4), - TOBN(0x8cfde1ff, 0x835e0eda), TOBN(0x72707490, 0x90f03402), - TOBN(0xeaee6126, 0xc49a861e), TOBN(0x024f3b65, 0xe14f0d06), - TOBN(0x51a3f1e8, 0xc69bfc17), TOBN(0xc3c3a8e9, 0xa7686381), - TOBN(0x3400752c, 0xb103d4c8), TOBN(0x02bc4613, 0x9218b36b), - TOBN(0xc67f75eb, 0x7651504a), TOBN(0xd6848b56, 0xd02aebfa), - TOBN(0xbd9802e6, 0xc30fa92b), TOBN(0x5a70d96d, 0x9a552784), - TOBN(0x9085c4ea, 0x3f83169b), TOBN(0xfa9423bb, 0x06908228), - TOBN(0x2ffebe12, 0xfe97a5b9), TOBN(0x85da6049, 0x71b99118), - TOBN(0x9cbc2f7f, 0x63178846), TOBN(0xfd96bc70, 0x9153218e), - TOBN(0x958381db, 0x1782269b), TOBN(0xae34bf79, 0x2597e550), - TOBN(0xbb5c6064, 0x5f385153), TOBN(0x6f0e96af, 0xe3088048), - TOBN(0xbf6a0215, 0x77884456), TOBN(0xb3b5688c, 0x69310ea7), - TOBN(0x17c94295, 0x04fad2de), TOBN(0xe020f0e5, 0x17896d4d), - TOBN(0x730ba0ab, 0x0976505f), TOBN(0x567f6813, 0x095e2ec5), - TOBN(0x47062010, 0x6331ab71), TOBN(0x72cfa977, 0x41d22b9f), - TOBN(0x33e55ead, 0x8a2373da), TOBN(0xa8d0d5f4, 0x7ba45a68), - TOBN(0xba1d8f9c, 0x03029d15), TOBN(0x8f34f1cc, 0xfc55b9f3), - TOBN(0xcca4428d, 0xbbe5a1a9), TOBN(0x8187fd5f, 0x3126bd67), - TOBN(0x0036973a, 0x48105826), TOBN(0xa39b6663, 0xb8bd61a0), - TOBN(0x6d42deef, 0x2d65a808), TOBN(0x4969044f, 0x94636b19), - TOBN(0xf611ee47, 0xdd5d564c), TOBN(0x7b2f3a49, 0xd2873077), - TOBN(0x94157d45, 0x300eb294), TOBN(0x2b2a656e, 0x169c1494), - TOBN(0xc000dd76, 0xd3a47aa9), TOBN(0xa2864e4f, 0xa6243ea4), - TOBN(0x82716c47, 0xdb89842e), TOBN(0x12dfd7d7, 0x61479fb7), - TOBN(0x3b9a2c56, 0xe0b2f6dc), TOBN(0x46be862a, 0xd7f85d67), - TOBN(0x03b0d8dd, 0x0f82b214), TOBN(0x460c34f9, 0xf103cbc6), - TOBN(0xf32e5c03, 0x18d79e19), TOBN(0x8b8888ba, 0xa84117f8), - TOBN(0x8f3c37dc, 0xc0722677), TOBN(0x10d21be9, 0x1c1c0f27), - TOBN(0xd47c8468, 0xe0f7a0c6), TOBN(0x9bf02213, 0xadecc0e0), - TOBN(0x0baa7d12, 0x42b48b99), TOBN(0x1bcb665d, 0x48424096), - TOBN(0x8b847cd6, 0xebfb5cfb), TOBN(0x87c2ae56, 0x9ad4d10d), - TOBN(0xf1cbb122, 0x0de36726), TOBN(0xe7043c68, 0x3fdfbd21), - TOBN(0x4bd0826a, 0x4e79d460), TOBN(0x11f5e598, 0x4bd1a2cb), - TOBN(0x97554160, 0xb7fe7b6e), TOBN(0x7d16189a, 0x400a3fb2), - TOBN(0xd73e9bea, 0xe328ca1e), TOBN(0x0dd04b97, 0xe793d8cc), - TOBN(0xa9c83c9b, 0x506db8cc), TOBN(0x5cd47aae, 0xcf38814c), - TOBN(0x26fc430d, 0xb64b45e6), TOBN(0x079b5499, 0xd818ea84), - TOBN(0xebb01102, 0xc1c24a3b), TOBN(0xca24e568, 0x1c161c1a), - TOBN(0x103eea69, 0x36f00a4a), TOBN(0x9ad76ee8, 0x76176c7b), - TOBN(0x97451fc2, 0x538e0ff7), TOBN(0x94f89809, 0x6604b3b0), - TOBN(0x6311436e, 0x3249cfd7), TOBN(0x27b4a7bd, 0x41224f69), - TOBN(0x03b5d21a, 0xe0ac2941), TOBN(0x279b0254, 0xc2d31937), - TOBN(0x3307c052, 0xcac992d0), TOBN(0x6aa7cb92, 0xefa8b1f3), - TOBN(0x5a182580, 0x0d37c7a5), TOBN(0x13380c37, 0x342d5422), - TOBN(0x92ac2d66, 0xd5d2ef92), TOBN(0x035a70c9, 0x030c63c6), - TOBN(0xc16025dd, 0x4ce4f152), TOBN(0x1f419a71, 0xf9df7c06), - TOBN(0x6d5b2214, 0x91e4bb14), TOBN(0xfc43c6cc, 0x839fb4ce), - TOBN(0x49f06591, 0x925d6b2d), TOBN(0x4b37d9d3, 0x62186598), - TOBN(0x8c54a971, 0xd01b1629), TOBN(0xe1a9c29f, 0x51d50e05), - TOBN(0x5109b785, 0x71ba1861), TOBN(0x48b22d5c, 0xd0c8f93d), - TOBN(0xe8fa84a7, 0x8633bb93), TOBN(0x53fba6ba, 0x5aebbd08), - TOBN(0x7ff27df3, 0xe5eea7d8), TOBN(0x521c8796, 0x68ca7158), - TOBN(0xb9d5133b, 0xce6f1a05), TOBN(0x2d50cd53, 0xfd0ebee4), - TOBN(0xc82115d6, 0xc5a3ef16), TOBN(0x993eff9d, 0xba079221), - TOBN(0xe4da2c5e, 0x4b5da81c), TOBN(0x9a89dbdb, 0x8033fd85), - TOBN(0x60819ebf, 0x2b892891), TOBN(0x53902b21, 0x5d14a4d5), - TOBN(0x6ac35051, 0xd7fda421), TOBN(0xcc6ab885, 0x61c83284), - TOBN(0x14eba133, 0xf74cff17), TOBN(0x240aaa03, 0xecb813f2), - TOBN(0xcfbb6540, 0x6f665bee), TOBN(0x084b1fe4, 0xa425ad73), - TOBN(0x009d5d16, 0xd081f6a6), TOBN(0x35304fe8, 0xeef82c90), - TOBN(0xf20346d5, 0xaa9eaa22), TOBN(0x0ada9f07, 0xac1c91e3), - TOBN(0xa6e21678, 0x968a6144), TOBN(0x54c1f77c, 0x07b31a1e), - TOBN(0xd6bb787e, 0x5781fbe1), TOBN(0x61bd2ee0, 0xe31f1c4a), - TOBN(0xf25aa1e9, 0x781105fc), TOBN(0x9cf2971f, 0x7b2f8e80), - TOBN(0x26d15412, 0xcdff919b), TOBN(0x01db4ebe, 0x34bc896e), - TOBN(0x7d9b3e23, 0xb40df1cf), TOBN(0x59337373, 0x94e971b4), - TOBN(0xbf57bd14, 0x669cf921), TOBN(0x865daedf, 0x0c1a1064), - TOBN(0x3eb70bd3, 0x83279125), TOBN(0xbc3d5b9f, 0x34ecdaab), - TOBN(0x91e3ed7e, 0x5f755caf), TOBN(0x49699f54, 0xd41e6f02), - TOBN(0x185770e1, 0xd4a7a15b), TOBN(0x08f3587a, 0xeaac87e7), - TOBN(0x352018db, 0x473133ea), TOBN(0x674ce719, 0x04fd30fc), - TOBN(0x7b8d9835, 0x088b3e0e), TOBN(0x7a0356a9, 0x5d0d47a1), - TOBN(0x9d9e7659, 0x6474a3c4), TOBN(0x61ea48a7, 0xff66966c), - TOBN(0x30417758, 0x0f3e4834), TOBN(0xfdbb21c2, 0x17a9afcb), - TOBN(0x756fa17f, 0x2f9a67b3), TOBN(0x2a6b2421, 0xa245c1a8), - TOBN(0x64be2794, 0x4af02291), TOBN(0xade465c6, 0x2a5804fe), - TOBN(0x8dffbd39, 0xa6f08fd7), TOBN(0xc4efa84c, 0xaa14403b), - TOBN(0xa1b91b2a, 0x442b0f5c), TOBN(0xb748e317, 0xcf997736), - TOBN(0x8d1b62bf, 0xcee90e16), TOBN(0x907ae271, 0x0b2078c0), - TOBN(0xdf31534b, 0x0c9bcddd), TOBN(0x043fb054, 0x39adce83), - TOBN(0x99031043, 0xd826846a), TOBN(0x61a9c0d6, 0xb144f393), - TOBN(0xdab48046, 0x47718427), TOBN(0xdf17ff9b, 0x6e830f8b), - TOBN(0x408d7ee8, 0xe49a1347), TOBN(0x6ac71e23, 0x91c1d4ae), - TOBN(0xc8cbb9fd, 0x1defd73c), TOBN(0x19840657, 0xbbbbfec5), - TOBN(0x39db1cb5, 0x9e7ef8ea), TOBN(0x78aa8296, 0x64105f30), - TOBN(0xa3d9b7f0, 0xa3738c29), TOBN(0x0a2f235a, 0xbc3250a3), - TOBN(0x55e506f6, 0x445e4caf), TOBN(0x0974f73d, 0x33475f7a), - TOBN(0xd37dbba3, 0x5ba2f5a8), TOBN(0x542c6e63, 0x6af40066), - TOBN(0x26d99b53, 0xc5d73e2c), TOBN(0x06060d7d, 0x6c3ca33e), - TOBN(0xcdbef1c2, 0x065fef4a), TOBN(0x77e60f7d, 0xfd5b92e3), - TOBN(0xd7c549f0, 0x26708350), TOBN(0x201b3ad0, 0x34f121bf), - TOBN(0x5fcac2a1, 0x0334fc14), TOBN(0x8a9a9e09, 0x344552f6), - TOBN(0x7dd8a1d3, 0x97653082), TOBN(0x5fc0738f, 0x79d4f289), - TOBN(0x787d244d, 0x17d2d8c3), TOBN(0xeffc6345, 0x70830684), - TOBN(0x5ddb96dd, 0xe4f73ae5), TOBN(0x8efb14b1, 0x172549a5), - TOBN(0x6eb73eee, 0x2245ae7a), TOBN(0xbca4061e, 0xea11f13e), - TOBN(0xb577421d, 0x30b01f5d), TOBN(0xaa688b24, 0x782e152c), - TOBN(0x67608e71, 0xbd3502ba), TOBN(0x4ef41f24, 0xb4de75a0), - TOBN(0xb08dde5e, 0xfd6125e5), TOBN(0xde484825, 0xa409543f), - TOBN(0x1f198d98, 0x65cc2295), TOBN(0x428a3771, 0x6e0edfa2), - TOBN(0x4f9697a2, 0xadf35fc7), TOBN(0x01a43c79, 0xf7cac3c7), - TOBN(0xb05d7059, 0x0fd3659a), TOBN(0x8927f30c, 0xbb7f2d9a), - TOBN(0x4023d1ac, 0x8cf984d3), TOBN(0x32125ed3, 0x02897a45), - TOBN(0xfb572dad, 0x3d414205), TOBN(0x73000ef2, 0xe3fa82a9), - TOBN(0x4c0868e9, 0xf10a5581), TOBN(0x5b61fc67, 0x6b0b3ca5), - TOBN(0xc1258d5b, 0x7cae440c), TOBN(0x21c08b41, 0x402b7531), - TOBN(0xf61a8955, 0xde932321), TOBN(0x3568faf8, 0x2d1408af), - TOBN(0x71b15e99, 0x9ecf965b), TOBN(0xf14ed248, 0xe917276f), - TOBN(0xc6f4caa1, 0x820cf9e2), TOBN(0x681b20b2, 0x18d83c7e), - TOBN(0x6cde738d, 0xc6c01120), TOBN(0x71db0813, 0xae70e0db), - TOBN(0x95fc0644, 0x74afe18c), TOBN(0x34619053, 0x129e2be7), - TOBN(0x80615cea, 0xdb2a3b15), TOBN(0x0a49a19e, 0xdb4c7073), - TOBN(0x0e1b84c8, 0x8fd2d367), TOBN(0xd74bf462, 0x033fb8aa), - TOBN(0x889f6d65, 0x533ef217), TOBN(0x7158c7e4, 0xc3ca2e87), - TOBN(0xfb670dfb, 0xdc2b4167), TOBN(0x75910a01, 0x844c257f), - TOBN(0xf336bf07, 0xcf88577d), TOBN(0x22245250, 0xe45e2ace), - TOBN(0x2ed92e8d, 0x7ca23d85), TOBN(0x29f8be4c, 0x2b812f58), - TOBN(0xdd9ebaa7, 0x076fe12b), TOBN(0x3f2400cb, 0xae1537f9), - TOBN(0x1aa93528, 0x17bdfb46), TOBN(0xc0f98430, 0x67883b41), - TOBN(0x5590ede1, 0x0170911d), TOBN(0x7562f5bb, 0x34d4b17f), - TOBN(0xe1fa1df2, 0x1826b8d2), TOBN(0xb40b796a, 0x6bd80d59), - TOBN(0xd65bf197, 0x3467ba92), TOBN(0x8c9b46db, 0xf70954b0), - TOBN(0x97c8a0f3, 0x0e78f15d), TOBN(0xa8f3a69a, 0x85a4c961), - TOBN(0x4242660f, 0x61e4ce9b), TOBN(0xbf06aab3, 0x6ea6790c), - TOBN(0xc6706f8e, 0xec986416), TOBN(0x9e56dec1, 0x9a9fc225), - TOBN(0x527c46f4, 0x9a9898d9), TOBN(0xd799e77b, 0x5633cdef), - TOBN(0x24eacc16, 0x7d9e4297), TOBN(0xabb61cea, 0x6b1cb734), - TOBN(0xbee2e8a7, 0xf778443c), TOBN(0x3bb42bf1, 0x29de2fe6), - TOBN(0xcbed86a1, 0x3003bb6f), TOBN(0xd3918e6c, 0xd781cdf6), - TOBN(0x4bee3271, 0x9a5103f1), TOBN(0x5243efc6, 0xf50eac06), - TOBN(0xb8e122cb, 0x6adcc119), TOBN(0x1b7faa84, 0xc0b80a08), - TOBN(0x32c3d1bd, 0x6dfcd08c), TOBN(0x129dec4e, 0x0be427de), - TOBN(0x98ab679c, 0x1d263c83), TOBN(0xafc83cb7, 0xcef64eff), - TOBN(0x85eb6088, 0x2fa6be76), TOBN(0x892585fb, 0x1328cbfe), - TOBN(0xc154d3ed, 0xcf618dda), TOBN(0xc44f601b, 0x3abaf26e), - TOBN(0x7bf57d0b, 0x2be1fdfd), TOBN(0xa833bd2d, 0x21137fee), - TOBN(0x9353af36, 0x2db591a8), TOBN(0xc76f26dc, 0x5562a056), - TOBN(0x1d87e47d, 0x3fdf5a51), TOBN(0x7afb5f93, 0x55c9cab0), - TOBN(0x91bbf58f, 0x89e0586e), TOBN(0x7c72c018, 0x0d843709), - TOBN(0xa9a5aafb, 0x99b5c3dc), TOBN(0xa48a0f1d, 0x3844aeb0), - TOBN(0x7178b7dd, 0xb667e482), TOBN(0x453985e9, 0x6e23a59a), - TOBN(0x4a54c860, 0x01b25dd8), TOBN(0x0dd37f48, 0xfb897c8a), - TOBN(0x5f8aa610, 0x0ea90cd9), TOBN(0xc8892c68, 0x16d5830d), - TOBN(0xeb4befc0, 0xef514ca5), TOBN(0x478eb679, 0xe72c9ee6), - TOBN(0x9bca20da, 0xdbc40d5f), TOBN(0xf015de21, 0xdde4f64a), - TOBN(0xaa6a4de0, 0xeaf4b8a5), TOBN(0x68cfd9ca, 0x4bc60e32), - TOBN(0x668a4b01, 0x7fd15e70), TOBN(0xd9f0694a, 0xf27dc09d), - TOBN(0xf6c3cad5, 0xba708bcd), TOBN(0x5cd2ba69, 0x5bb95c2a), - TOBN(0xaa28c1d3, 0x33c0a58f), TOBN(0x23e274e3, 0xabc77870), - TOBN(0x44c3692d, 0xdfd20a4a), TOBN(0x091c5fd3, 0x81a66653), - TOBN(0x6c0bb691, 0x09a0757d), TOBN(0x9072e8b9, 0x667343ea), - TOBN(0x31d40eb0, 0x80848bec), TOBN(0x95bd480a, 0x79fd36cc), - TOBN(0x01a77c61, 0x65ed43f5), TOBN(0xafccd127, 0x2e0d40bf), - TOBN(0xeccfc82d, 0x1cc1884b), TOBN(0xc85ac201, 0x5d4753b4), - TOBN(0xc7a6caac, 0x658e099f), TOBN(0xcf46369e, 0x04b27390), - TOBN(0xe2e7d049, 0x506467ea), TOBN(0x481b63a2, 0x37cdeccc), - TOBN(0x4029abd8, 0xed80143a), TOBN(0x28bfe3c7, 0xbcb00b88), - TOBN(0x3bec1009, 0x0643d84a), TOBN(0x885f3668, 0xabd11041), - TOBN(0xdb02432c, 0xf83a34d6), TOBN(0x32f7b360, 0x719ceebe), - TOBN(0xf06c7837, 0xdad1fe7a), TOBN(0x60a157a9, 0x5441a0b0), - TOBN(0x704970e9, 0xe2d47550), TOBN(0xcd2bd553, 0x271b9020), - TOBN(0xff57f82f, 0x33e24a0b), TOBN(0x9cbee23f, 0xf2565079), - TOBN(0x16353427, 0xeb5f5825), TOBN(0x276feec4, 0xe948d662), - TOBN(0xd1b62bc6, 0xda10032b), TOBN(0x718351dd, 0xf0e72a53), - TOBN(0x93452076, 0x2420e7ba), TOBN(0x96368fff, 0x3a00118d), - TOBN(0x00ce2d26, 0x150a49e4), TOBN(0x0c28b636, 0x3f04706b), - TOBN(0xbad65a46, 0x58b196d0), TOBN(0x6c8455fc, 0xec9f8b7c), - TOBN(0xe90c895f, 0x2d71867e), TOBN(0x5c0be31b, 0xedf9f38c), - TOBN(0x2a37a15e, 0xd8f6ec04), TOBN(0x239639e7, 0x8cd85251), - TOBN(0xd8975315, 0x9c7c4c6b), TOBN(0x603aa3c0, 0xd7409af7), - TOBN(0xb8d53d0c, 0x007132fb), TOBN(0x68d12af7, 0xa6849238), - TOBN(0xbe0607e7, 0xbf5d9279), TOBN(0x9aa50055, 0xaada74ce), - TOBN(0xe81079cb, 0xba7e8ccb), TOBN(0x610c71d1, 0xa5f4ff5e), - TOBN(0x9e2ee1a7, 0x5aa07093), TOBN(0xca84004b, 0xa75da47c), - TOBN(0x074d3951, 0x3de75401), TOBN(0xf938f756, 0xbb311592), - TOBN(0x96197618, 0x00a43421), TOBN(0x39a25362, 0x07bc78c8), - TOBN(0x278f710a, 0x0a171276), TOBN(0xb28446ea, 0x8d1a8f08), - TOBN(0x184781bf, 0xe3b6a661), TOBN(0x7751cb1d, 0xe6d279f7), - TOBN(0xf8ff95d6, 0xc59eb662), TOBN(0x186d90b7, 0x58d3dea7), - TOBN(0x0e4bb6c1, 0xdfb4f754), TOBN(0x5c5cf56b, 0x2b2801dc), - TOBN(0xc561e452, 0x1f54564d), TOBN(0xb4fb8c60, 0xf0dd7f13), - TOBN(0xf8849630, 0x33ff98c7), TOBN(0x9619fffa, 0xcf17769c), - TOBN(0xf8090bf6, 0x1bfdd80a), TOBN(0x14d9a149, 0x422cfe63), - TOBN(0xb354c360, 0x6f6df9ea), TOBN(0xdbcf770d, 0x218f17ea), - TOBN(0x207db7c8, 0x79eb3480), TOBN(0x213dbda8, 0x559b6a26), - TOBN(0xac4c200b, 0x29fc81b3), TOBN(0xebc3e09f, 0x171d87c1), - TOBN(0x91799530, 0x1481aa9e), TOBN(0x051b92e1, 0x92e114fa), - TOBN(0xdf8f92e9, 0xecb5537f), TOBN(0x44b1b2cc, 0x290c7483), - TOBN(0xa711455a, 0x2adeb016), TOBN(0x964b6856, 0x81a10c2c), - TOBN(0x4f159d99, 0xcec03623), TOBN(0x05532225, 0xef3271ea), - TOBN(0xb231bea3, 0xc5ee4849), TOBN(0x57a54f50, 0x7094f103), - TOBN(0x3e2d421d, 0x9598b352), TOBN(0xe865a49c, 0x67412ab4), - TOBN(0xd2998a25, 0x1cc3a912), TOBN(0x5d092808, 0x0c74d65d), - TOBN(0x73f45908, 0x4088567a), TOBN(0xeb6b280e, 0x1f214a61), - TOBN(0x8c9adc34, 0xcaf0c13d), TOBN(0x39d12938, 0xf561fb80), - TOBN(0xb2dc3a5e, 0xbc6edfb4), TOBN(0x7485b1b1, 0xfe4d210e), - TOBN(0x062e0400, 0xe186ae72), TOBN(0x91e32d5c, 0x6eeb3b88), - TOBN(0x6df574d7, 0x4be59224), TOBN(0xebc88ccc, 0x716d55f3), - TOBN(0x26c2e6d0, 0xcad6ed33), TOBN(0xc6e21e7d, 0x0d3e8b10), - TOBN(0x2cc5840e, 0x5bcc36bb), TOBN(0x9292445e, 0x7da74f69), - TOBN(0x8be8d321, 0x4e5193a8), TOBN(0x3ec23629, 0x8df06413), - TOBN(0xc7e9ae85, 0xb134defa), TOBN(0x6073b1d0, 0x1bb2d475), - TOBN(0xb9ad615e, 0x2863c00d), TOBN(0x9e29493d, 0x525f4ac4), - TOBN(0xc32b1dea, 0x4e9acf4f), TOBN(0x3e1f01c8, 0xa50db88d), - TOBN(0xb05d70ea, 0x04da916c), TOBN(0x714b0d0a, 0xd865803e), - TOBN(0x4bd493fc, 0x9920cb5e), TOBN(0x5b44b1f7, 0x92c7a3ac), - TOBN(0xa2a77293, 0xbcec9235), TOBN(0x5ee06e87, 0xcd378553), - TOBN(0xceff8173, 0xda621607), TOBN(0x2bb03e4c, 0x99f5d290), - TOBN(0x2945106a, 0xa6f734ac), TOBN(0xb5056604, 0xd25c4732), - TOBN(0x5945920c, 0xe079afee), TOBN(0x686e17a0, 0x6789831f), - TOBN(0x5966bee8, 0xb74a5ae5), TOBN(0x38a673a2, 0x1e258d46), - TOBN(0xbd1cc1f2, 0x83141c95), TOBN(0x3b2ecf4f, 0x0e96e486), - TOBN(0xcd3aa896, 0x74e5fc78), TOBN(0x415ec10c, 0x2482fa7a), - TOBN(0x15234419, 0x80503380), TOBN(0x513d917a, 0xd314b392), - TOBN(0xb0b52f4e, 0x63caecae), TOBN(0x07bf22ad, 0x2dc7780b), - TOBN(0xe761e8a1, 0xe4306839), TOBN(0x1b3be962, 0x5dd7feaa), - TOBN(0x4fe728de, 0x74c778f1), TOBN(0xf1fa0bda, 0x5e0070f6), - TOBN(0x85205a31, 0x6ec3f510), TOBN(0x2c7e4a14, 0xd2980475), - TOBN(0xde3c19c0, 0x6f30ebfd), TOBN(0xdb1c1f38, 0xd4b7e644), - TOBN(0xfe291a75, 0x5dce364a), TOBN(0xb7b22a3c, 0x058f5be3), - TOBN(0x2cd2c302, 0x37fea38c), TOBN(0x2930967a, 0x2e17be17), - TOBN(0x87f009de, 0x0c061c65), TOBN(0xcb014aac, 0xedc6ed44), - TOBN(0x49bd1cb4, 0x3bafb1eb), TOBN(0x81bd8b5c, 0x282d3688), - TOBN(0x1cdab87e, 0xf01a17af), TOBN(0x21f37ac4, 0xe710063b), - TOBN(0x5a6c5676, 0x42fc8193), TOBN(0xf4753e70, 0x56a6015c), - TOBN(0x020f795e, 0xa15b0a44), TOBN(0x8f37c8d7, 0x8958a958), - TOBN(0x63b7e89b, 0xa4b675b5), TOBN(0xb4fb0c0c, 0x0fc31aea), - TOBN(0xed95e639, 0xa7ff1f2e), TOBN(0x9880f5a3, 0x619614fb), - TOBN(0xdeb6ff02, 0x947151ab), TOBN(0x5bc5118c, 0xa868dcdb), - TOBN(0xd8da2055, 0x4c20cea5), TOBN(0xcac2776e, 0x14c4d69a), - TOBN(0xcccb22c1, 0x622d599b), TOBN(0xa4ddb653, 0x68a9bb50), - TOBN(0x2c4ff151, 0x1b4941b4), TOBN(0xe1ff19b4, 0x6efba588), - TOBN(0x35034363, 0xc48345e0), TOBN(0x45542e3d, 0x1e29dfc4), - TOBN(0xf197cb91, 0x349f7aed), TOBN(0x3b2b5a00, 0x8fca8420), - TOBN(0x7c175ee8, 0x23aaf6d8), TOBN(0x54dcf421, 0x35af32b6), - TOBN(0x0ba14307, 0x27d6561e), TOBN(0x879d5ee4, 0xd175b1e2), - TOBN(0xc7c43673, 0x99807db5), TOBN(0x77a54455, 0x9cd55bcd), - TOBN(0xe6c2ff13, 0x0105c072), TOBN(0x18f7a99f, 0x8dda7da4), - TOBN(0x4c301820, 0x0e2d35c1), TOBN(0x06a53ca0, 0xd9cc6c82), - TOBN(0xaa21cc1e, 0xf1aa1d9e), TOBN(0x32414334, 0x4a75b1e8), - TOBN(0x2a6d1328, 0x0ebe9fdc), TOBN(0x16bd173f, 0x98a4755a), - TOBN(0xfbb9b245, 0x2133ffd9), TOBN(0x39a8b2f1, 0x830f1a20), - TOBN(0x484bc97d, 0xd5a1f52a), TOBN(0xd6aebf56, 0xa40eddf8), - TOBN(0x32257acb, 0x76ccdac6), TOBN(0xaf4d36ec, 0x1586ff27), - TOBN(0x8eaa8863, 0xf8de7dd1), TOBN(0x0045d5cf, 0x88647c16)} - , - {TOBN(0xa6f3d574, 0xc005979d), TOBN(0xc2072b42, 0x6a40e350), - TOBN(0xfca5c156, 0x8de2ecf9), TOBN(0xa8c8bf5b, 0xa515344e), - TOBN(0x97aee555, 0x114df14a), TOBN(0xd4374a4d, 0xfdc5ec6b), - TOBN(0x754cc28f, 0x2ca85418), TOBN(0x71cb9e27, 0xd3c41f78), - TOBN(0x89105079, 0x03605c39), TOBN(0xf0843d9e, 0xa142c96c), - TOBN(0xf3744934, 0x16923684), TOBN(0x732caa2f, 0xfa0a2893), - TOBN(0xb2e8c270, 0x61160170), TOBN(0xc32788cc, 0x437fbaa3), - TOBN(0x39cd818e, 0xa6eda3ac), TOBN(0xe2e94239, 0x9e2b2e07), - TOBN(0x6967d39b, 0x0260e52a), TOBN(0xd42585cc, 0x90653325), - TOBN(0x0d9bd605, 0x21ca7954), TOBN(0x4fa20877, 0x81ed57b3), - TOBN(0x60c1eff8, 0xe34a0bbe), TOBN(0x56b0040c, 0x84f6ef64), - TOBN(0x28be2b24, 0xb1af8483), TOBN(0xb2278163, 0xf5531614), - TOBN(0x8df27545, 0x5922ac1c), TOBN(0xa7b3ef5c, 0xa52b3f63), - TOBN(0x8e77b214, 0x71de57c4), TOBN(0x31682c10, 0x834c008b), - TOBN(0xc76824f0, 0x4bd55d31), TOBN(0xb6d1c086, 0x17b61c71), - TOBN(0x31db0903, 0xc2a5089d), TOBN(0x9c092172, 0x184e5d3f), - TOBN(0xdd7ced5b, 0xc00cc638), TOBN(0x1a2015eb, 0x61278fc2), - TOBN(0x2e8e5288, 0x6a37f8d6), TOBN(0xc457786f, 0xe79933ad), - TOBN(0xb3fe4cce, 0x2c51211a), TOBN(0xad9b10b2, 0x24c20498), - TOBN(0x90d87a4f, 0xd28db5e5), TOBN(0x698cd105, 0x3aca2fc3), - TOBN(0x4f112d07, 0xe91b536d), TOBN(0xceb982f2, 0x9eba09d6), - TOBN(0x3c157b2c, 0x197c396f), TOBN(0xe23c2d41, 0x7b66eb24), - TOBN(0x480c57d9, 0x3f330d37), TOBN(0xb3a4c8a1, 0x79108deb), - TOBN(0x702388de, 0xcb199ce5), TOBN(0x0b019211, 0xb944a8d4), - TOBN(0x24f2a692, 0x840bb336), TOBN(0x7c353bdc, 0xa669fa7b), - TOBN(0xda20d6fc, 0xdec9c300), TOBN(0x625fbe2f, 0xa13a4f17), - TOBN(0xa2b1b61a, 0xdbc17328), TOBN(0x008965bf, 0xa9515621), - TOBN(0x49690939, 0xc620ff46), TOBN(0x182dd27d, 0x8717e91c), - TOBN(0x5ace5035, 0xea6c3997), TOBN(0x54259aaa, 0xc2610bef), - TOBN(0xef18bb3f, 0x3c80dd39), TOBN(0x6910b95b, 0x5fc3fa39), - TOBN(0xfce2f510, 0x43e09aee), TOBN(0xced56c9f, 0xa7675665), - TOBN(0x10e265ac, 0xd872db61), TOBN(0x6982812e, 0xae9fce69), - TOBN(0x29be11c6, 0xce800998), TOBN(0x72bb1752, 0xb90360d9), - TOBN(0x2c193197, 0x5a4ad590), TOBN(0x2ba2f548, 0x9fc1dbc0), - TOBN(0x7fe4eebb, 0xe490ebe0), TOBN(0x12a0a4cd, 0x7fae11c0), - TOBN(0x7197cf81, 0xe903ba37), TOBN(0xcf7d4aa8, 0xde1c6dd8), - TOBN(0x92af6bf4, 0x3fd5684c), TOBN(0x2b26eecf, 0x80360aa1), - TOBN(0xbd960f30, 0x00546a82), TOBN(0x407b3c43, 0xf59ad8fe), - TOBN(0x86cae5fe, 0x249c82ba), TOBN(0x9e0faec7, 0x2463744c), - TOBN(0x87f551e8, 0x94916272), TOBN(0x033f9344, 0x6ceb0615), - TOBN(0x1e5eb0d1, 0x8be82e84), TOBN(0x89967f0e, 0x7a582fef), - TOBN(0xbcf687d5, 0xa6e921fa), TOBN(0xdfee4cf3, 0xd37a09ba), - TOBN(0x94f06965, 0xb493c465), TOBN(0x638b9a1c, 0x7635c030), - TOBN(0x76667864, 0x66f05e9f), TOBN(0xccaf6808, 0xc04da725), - TOBN(0xca2eb690, 0x768fccfc), TOBN(0xf402d37d, 0xb835b362), - TOBN(0x0efac0d0, 0xe2fdfcce), TOBN(0xefc9cdef, 0xb638d990), - TOBN(0x2af12b72, 0xd1669a8b), TOBN(0x33c536bc, 0x5774ccbd), - TOBN(0x30b21909, 0xfb34870e), TOBN(0xc38fa2f7, 0x7df25aca), - TOBN(0x74c5f02b, 0xbf81f3f5), TOBN(0x0525a5ae, 0xaf7e4581), - TOBN(0x88d2aaba, 0x433c54ae), TOBN(0xed9775db, 0x806a56c5), - TOBN(0xd320738a, 0xc0edb37d), TOBN(0x25fdb6ee, 0x66cc1f51), - TOBN(0xac661d17, 0x10600d76), TOBN(0x931ec1f3, 0xbdd1ed76), - TOBN(0x65c11d62, 0x19ee43f1), TOBN(0x5cd57c3e, 0x60829d97), - TOBN(0xd26c91a3, 0x984be6e8), TOBN(0xf08d9309, 0x8b0c53bd), - TOBN(0x94bc9e5b, 0xc016e4ea), TOBN(0xd3916839, 0x11d43d2b), - TOBN(0x886c5ad7, 0x73701155), TOBN(0xe0377626, 0x20b00715), - TOBN(0x7f01c9ec, 0xaa80ba59), TOBN(0x3083411a, 0x68538e51), - TOBN(0x970370f1, 0xe88128af), TOBN(0x625cc3db, 0x91dec14b), - TOBN(0xfef9666c, 0x01ac3107), TOBN(0xb2a8d577, 0xd5057ac3), - TOBN(0xb0f26299, 0x92be5df7), TOBN(0xf579c8e5, 0x00353924), - TOBN(0xb8fa3d93, 0x1341ed7a), TOBN(0x4223272c, 0xa7b59d49), - TOBN(0x3dcb1947, 0x83b8c4a4), TOBN(0x4e413c01, 0xed1302e4), - TOBN(0x6d999127, 0xe17e44ce), TOBN(0xee86bf75, 0x33b3adfb), - TOBN(0xf6902fe6, 0x25aa96ca), TOBN(0xb73540e4, 0xe5aae47d), - TOBN(0x32801d7b, 0x1b4a158c), TOBN(0xe571c99e, 0x27e2a369), - TOBN(0x40cb76c0, 0x10d9f197), TOBN(0xc308c289, 0x3167c0ae), - TOBN(0xa6ef9dd3, 0xeb7958f2), TOBN(0xa7226dfc, 0x300879b1), - TOBN(0x6cd0b362, 0x7edf0636), TOBN(0x4efbce6c, 0x7bc37eed), - TOBN(0x75f92a05, 0x8d699021), TOBN(0x586d4c79, 0x772566e3), - TOBN(0x378ca5f1, 0x761ad23a), TOBN(0x650d86fc, 0x1465a8ac), - TOBN(0x7a4ed457, 0x842ba251), TOBN(0x6b65e3e6, 0x42234933), - TOBN(0xaf1543b7, 0x31aad657), TOBN(0xa4cefe98, 0xcbfec369), - TOBN(0xb587da90, 0x9f47befb), TOBN(0x6562e9fb, 0x41312d13), - TOBN(0xa691ea59, 0xeff1cefe), TOBN(0xcc30477a, 0x05fc4cf6), - TOBN(0xa1632461, 0x0b0ffd3d), TOBN(0xa1f16f3b, 0x5b355956), - TOBN(0x5b148d53, 0x4224ec24), TOBN(0xdc834e7b, 0xf977012a), - TOBN(0x7bfc5e75, 0xb2c69dbc), TOBN(0x3aa77a29, 0x03c3da6c), - TOBN(0xde0df03c, 0xca910271), TOBN(0xcbd5ca4a, 0x7806dc55), - TOBN(0xe1ca5807, 0x6db476cb), TOBN(0xfde15d62, 0x5f37a31e), - TOBN(0xf49af520, 0xf41af416), TOBN(0x96c5c5b1, 0x7d342db5), - TOBN(0x155c43b7, 0xeb4ceb9b), TOBN(0x2e993010, 0x4e77371a), - TOBN(0x1d2987da, 0x675d43af), TOBN(0xef2bc1c0, 0x8599fd72), - TOBN(0x96894b7b, 0x9342f6b2), TOBN(0x201eadf2, 0x7c8e71f0), - TOBN(0xf3479d9f, 0x4a1f3efc), TOBN(0xe0f8a742, 0x702a9704), - TOBN(0xeafd44b6, 0xb3eba40c), TOBN(0xf9739f29, 0xc1c1e0d0), - TOBN(0x0091471a, 0x619d505e), TOBN(0xc15f9c96, 0x9d7c263e), - TOBN(0x5be47285, 0x83afbe33), TOBN(0xa3b6d6af, 0x04f1e092), - TOBN(0xe76526b9, 0x751a9d11), TOBN(0x2ec5b26d, 0x9a4ae4d2), - TOBN(0xeb66f4d9, 0x02f6fb8d), TOBN(0x4063c561, 0x96912164), - TOBN(0xeb7050c1, 0x80ef3000), TOBN(0x288d1c33, 0xeaa5b3f0), - TOBN(0xe87c68d6, 0x07806fd8), TOBN(0xb2f7f9d5, 0x4bbbf50f), - TOBN(0x25972f3a, 0xac8d6627), TOBN(0xf8547774, 0x10e8c13b), - TOBN(0xcc50ef6c, 0x872b4a60), TOBN(0xab2a34a4, 0x4613521b), - TOBN(0x39c5c190, 0x983e15d1), TOBN(0x61dde5df, 0x59905512), - TOBN(0xe417f621, 0x9f2275f3), TOBN(0x0750c8b6, 0x451d894b), - TOBN(0x75b04ab9, 0x78b0bdaa), TOBN(0x3bfd9fd4, 0x458589bd), - TOBN(0xf1013e30, 0xee9120b6), TOBN(0x2b51af93, 0x23a4743e), - TOBN(0xea96ffae, 0x48d14d9e), TOBN(0x71dc0dbe, 0x698a1d32), - TOBN(0x914962d2, 0x0180cca4), TOBN(0x1ae60677, 0xc3568963), - TOBN(0x8cf227b1, 0x437bc444), TOBN(0xc650c83b, 0xc9962c7a), - TOBN(0x23c2c7dd, 0xfe7ccfc4), TOBN(0xf925c89d, 0x1b929d48), - TOBN(0x4460f74b, 0x06783c33), TOBN(0xac2c8d49, 0xa590475a), - TOBN(0xfb40b407, 0xb807bba0), TOBN(0x9d1e362d, 0x69ff8f3a), - TOBN(0xa33e9681, 0xcbef64a4), TOBN(0x67ece5fa, 0x332fb4b2), - TOBN(0x6900a99b, 0x739f10e3), TOBN(0xc3341ca9, 0xff525925), - TOBN(0xee18a626, 0xa9e2d041), TOBN(0xa5a83685, 0x29580ddd), - TOBN(0xf3470c81, 0x9d7de3cd), TOBN(0xedf02586, 0x2062cf9c), - TOBN(0xf43522fa, 0xc010edb0), TOBN(0x30314135, 0x13a4b1ae), - TOBN(0xc792e02a, 0xdb22b94b), TOBN(0x993d8ae9, 0xa1eaa45b), - TOBN(0x8aad6cd3, 0xcd1e1c63), TOBN(0x89529ca7, 0xc5ce688a), - TOBN(0x2ccee3aa, 0xe572a253), TOBN(0xe02b6438, 0x02a21efb), - TOBN(0xa7091b6e, 0xc9430358), TOBN(0x06d1b1fa, 0x9d7db504), - TOBN(0x58846d32, 0xc4744733), TOBN(0x40517c71, 0x379f9e34), - TOBN(0x2f65655f, 0x130ef6ca), TOBN(0x526e4488, 0xf1f3503f), - TOBN(0x8467bd17, 0x7ee4a976), TOBN(0x1d9dc913, 0x921363d1), - TOBN(0xd8d24c33, 0xb069e041), TOBN(0x5eb5da0a, 0x2cdf7f51), - TOBN(0x1c0f3cb1, 0x197b994f), TOBN(0x3c95a6c5, 0x2843eae9), - TOBN(0x7766ffc9, 0xa6097ea5), TOBN(0x7bea4093, 0xd723b867), - TOBN(0xb48e1f73, 0x4db378f9), TOBN(0x70025b00, 0xe37b77ac), - TOBN(0x943dc8e7, 0xaf24ad46), TOBN(0xb98a15ac, 0x16d00a85), - TOBN(0x3adc38ba, 0x2743b004), TOBN(0xb1c7f4f7, 0x334415ee), - TOBN(0xea43df8f, 0x1e62d05a), TOBN(0x32618905, 0x9d76a3b6), - TOBN(0x2fbd0bb5, 0xa23a0f46), TOBN(0x5bc971db, 0x6a01918c), - TOBN(0x7801d94a, 0xb4743f94), TOBN(0xb94df65e, 0x676ae22b), - TOBN(0xaafcbfab, 0xaf95894c), TOBN(0x7b9bdc07, 0x276b2241), - TOBN(0xeaf98362, 0x5bdda48b), TOBN(0x5977faf2, 0xa3fcb4df), - TOBN(0xbed042ef, 0x052c4b5b), TOBN(0x9fe87f71, 0x067591f0), - TOBN(0xc89c73ca, 0x22f24ec7), TOBN(0x7d37fa9e, 0xe64a9f1b), - TOBN(0x2710841a, 0x15562627), TOBN(0x2c01a613, 0xc243b034), - TOBN(0x1d135c56, 0x2bc68609), TOBN(0xc2ca1715, 0x8b03f1f6), - TOBN(0xc9966c2d, 0x3eb81d82), TOBN(0xc02abf4a, 0x8f6df13e), - TOBN(0x77b34bd7, 0x8f72b43b), TOBN(0xaff6218f, 0x360c82b0), - TOBN(0x0aa5726c, 0x8d55b9d2), TOBN(0xdc0adbe9, 0x99e9bffb), - TOBN(0x9097549c, 0xefb9e72a), TOBN(0x16755712, 0x9dfb3111), - TOBN(0xdd8bf984, 0xf26847f9), TOBN(0xbcb8e387, 0xdfb30cb7), - TOBN(0xc1fd32a7, 0x5171ef9c), TOBN(0x977f3fc7, 0x389b363f), - TOBN(0x116eaf2b, 0xf4babda0), TOBN(0xfeab68bd, 0xf7113c8e), - TOBN(0xd1e3f064, 0xb7def526), TOBN(0x1ac30885, 0xe0b3fa02), - TOBN(0x1c5a6e7b, 0x40142d9d), TOBN(0x839b5603, 0x30921c0b), - TOBN(0x48f301fa, 0x36a116a3), TOBN(0x380e1107, 0xcfd9ee6d), - TOBN(0x7945ead8, 0x58854be1), TOBN(0x4111c12e, 0xcbd4d49d), - TOBN(0xece3b1ec, 0x3a29c2ef), TOBN(0x6356d404, 0x8d3616f5), - TOBN(0x9f0d6a8f, 0x594d320e), TOBN(0x0989316d, 0xf651ccd2), - TOBN(0x6c32117a, 0x0f8fdde4), TOBN(0x9abe5cc5, 0xa26a9bbc), - TOBN(0xcff560fb, 0x9723f671), TOBN(0x21b2a12d, 0x7f3d593c), - TOBN(0xe4cb18da, 0x24ba0696), TOBN(0x186e2220, 0xc3543384), - TOBN(0x722f64e0, 0x88312c29), TOBN(0x94282a99, 0x17dc7752), - TOBN(0x62467bbf, 0x5a85ee89), TOBN(0xf435c650, 0xf10076a0), - TOBN(0xc9ff1539, 0x43b3a50b), TOBN(0x7132130c, 0x1a53efbc), - TOBN(0x31bfe063, 0xf7b0c5b7), TOBN(0xb0179a7d, 0x4ea994cc), - TOBN(0x12d064b3, 0xc85f455b), TOBN(0x47259328, 0x8f6e0062), - TOBN(0xf64e590b, 0xb875d6d9), TOBN(0x22dd6225, 0xad92bcc7), - TOBN(0xb658038e, 0xb9c3bd6d), TOBN(0x00cdb0d6, 0xfbba27c8), - TOBN(0x0c681337, 0x1062c45d), TOBN(0xd8515b8c, 0x2d33407d), - TOBN(0xcb8f699e, 0x8cbb5ecf), TOBN(0x8c4347f8, 0xc608d7d8), - TOBN(0x2c11850a, 0xbb3e00db), TOBN(0x20a8dafd, 0xecb49d19), - TOBN(0xbd781480, 0x45ee2f40), TOBN(0x75e354af, 0x416b60cf), - TOBN(0xde0b58a1, 0x8d49a8c4), TOBN(0xe40e94e2, 0xfa359536), - TOBN(0xbd4fa59f, 0x62accd76), TOBN(0x05cf466a, 0x8c762837), - TOBN(0xb5abda99, 0x448c277b), TOBN(0x5a9e01bf, 0x48b13740), - TOBN(0x9d457798, 0x326aad8d), TOBN(0xbdef4954, 0xc396f7e7), - TOBN(0x6fb274a2, 0xc253e292), TOBN(0x2800bf0a, 0x1cfe53e7), - TOBN(0x22426d31, 0x44438fd4), TOBN(0xef233923, 0x5e259f9a), - TOBN(0x4188503c, 0x03f66264), TOBN(0x9e5e7f13, 0x7f9fdfab), - TOBN(0x565eb76c, 0x5fcc1aba), TOBN(0xea632548, 0x59b5bff8), - TOBN(0x5587c087, 0xaab6d3fa), TOBN(0x92b639ea, 0x6ce39c1b), - TOBN(0x0706e782, 0x953b135c), TOBN(0x7308912e, 0x425268ef), - TOBN(0x599e92c7, 0x090e7469), TOBN(0x83b90f52, 0x9bc35e75), - TOBN(0x4750b3d0, 0x244975b3), TOBN(0xf3a44358, 0x11965d72), - TOBN(0x179c6774, 0x9c8dc751), TOBN(0xff18cdfe, 0xd23d9ff0), - TOBN(0xc4013833, 0x2028e247), TOBN(0x96e280e2, 0xf3bfbc79), - TOBN(0xf60417bd, 0xd0880a84), TOBN(0x263c9f3d, 0x2a568151), - TOBN(0x36be15b3, 0x2d2ce811), TOBN(0x846dc0c2, 0xf8291d21), - TOBN(0x5cfa0ecb, 0x789fcfdb), TOBN(0x45a0beed, 0xd7535b9a), - TOBN(0xec8e9f07, 0x96d69af1), TOBN(0x31a7c5b8, 0x599ab6dc), - TOBN(0xd36d45ef, 0xf9e2e09f), TOBN(0x3cf49ef1, 0xdcee954b), - TOBN(0x6be34cf3, 0x086cff9b), TOBN(0x88dbd491, 0x39a3360f), - TOBN(0x1e96b8cc, 0x0dbfbd1d), TOBN(0xc1e5f7bf, 0xcb7e2552), - TOBN(0x0547b214, 0x28819d98), TOBN(0xc770dd9c, 0x7aea9dcb), - TOBN(0xaef0d4c7, 0x041d68c8), TOBN(0xcc2b9818, 0x13cb9ba8), - TOBN(0x7fc7bc76, 0xfe86c607), TOBN(0x6b7b9337, 0x502a9a95), - TOBN(0x1948dc27, 0xd14dab63), TOBN(0x249dd198, 0xdae047be), - TOBN(0xe8356584, 0xa981a202), TOBN(0x3531dd18, 0x3a893387), - TOBN(0x1be11f90, 0xc85c7209), TOBN(0x93d2fe1e, 0xe2a52b5a), - TOBN(0x8225bfe2, 0xec6d6b97), TOBN(0x9cf6d6f4, 0xbd0aa5de), - TOBN(0x911459cb, 0x54779f5f), TOBN(0x5649cddb, 0x86aeb1f3), - TOBN(0x32133579, 0x3f26ce5a), TOBN(0xc289a102, 0x550f431e), - TOBN(0x559dcfda, 0x73b84c6f), TOBN(0x84973819, 0xee3ac4d7), - TOBN(0xb51e55e6, 0xf2606a82), TOBN(0xe25f7061, 0x90f2fb57), - TOBN(0xacef6c2a, 0xb1a4e37c), TOBN(0x864e359d, 0x5dcf2706), - TOBN(0x479e6b18, 0x7ce57316), TOBN(0x2cab2500, 0x3a96b23d), - TOBN(0xed489862, 0x8ef16df7), TOBN(0x2056538c, 0xef3758b5), - TOBN(0xa7df865e, 0xf15d3101), TOBN(0x80c5533a, 0x61b553d7), - TOBN(0x366e1997, 0x4ed14294), TOBN(0x6620741f, 0xb3c0bcd6), - TOBN(0x21d1d9c4, 0xedc45418), TOBN(0x005b859e, 0xc1cc4a9d), - TOBN(0xdf01f630, 0xa1c462f0), TOBN(0x15d06cf3, 0xf26820c7), - TOBN(0x9f7f24ee, 0x3484be47), TOBN(0x2ff33e96, 0x4a0c902f), - TOBN(0x00bdf457, 0x5a0bc453), TOBN(0x2378dfaf, 0x1aa238db), - TOBN(0x272420ec, 0x856720f2), TOBN(0x2ad9d95b, 0x96797291), - TOBN(0xd1242cc6, 0x768a1558), TOBN(0x2e287f8b, 0x5cc86aa8), - TOBN(0x796873d0, 0x990cecaa), TOBN(0xade55f81, 0x675d4080), - TOBN(0x2645eea3, 0x21f0cd84), TOBN(0x7a1efa0f, 0xb4e17d02), - TOBN(0xf6858420, 0x037cc061), TOBN(0x682e05f0, 0xd5d43e12), - TOBN(0x59c36994, 0x27218710), TOBN(0x85cbba4d, 0x3f7cd2fc), - TOBN(0x726f9729, 0x7a3cd22a), TOBN(0x9f8cd5dc, 0x4a628397), - TOBN(0x17b93ab9, 0xc23165ed), TOBN(0xff5f5dbf, 0x122823d4), - TOBN(0xc1e4e4b5, 0x654a446d), TOBN(0xd1a9496f, 0x677257ba), - TOBN(0x6387ba94, 0xde766a56), TOBN(0x23608bc8, 0x521ec74a), - TOBN(0x16a522d7, 0x6688c4d4), TOBN(0x9d6b4282, 0x07373abd), - TOBN(0xa62f07ac, 0xb42efaa3), TOBN(0xf73e00f7, 0xe3b90180), - TOBN(0x36175fec, 0x49421c3e), TOBN(0xc4e44f9b, 0x3dcf2678), - TOBN(0x76df436b, 0x7220f09f), TOBN(0x172755fb, 0x3aa8b6cf), - TOBN(0xbab89d57, 0x446139cc), TOBN(0x0a0a6e02, 0x5fe0208f), - TOBN(0xcdbb63e2, 0x11e5d399), TOBN(0x33ecaa12, 0xa8977f0b), - TOBN(0x59598b21, 0xf7c42664), TOBN(0xb3e91b32, 0xab65d08a), - TOBN(0x035822ee, 0xf4502526), TOBN(0x1dcf0176, 0x720a82a9), - TOBN(0x50f8598f, 0x3d589e02), TOBN(0xdf0478ff, 0xb1d63d2c), - TOBN(0x8b8068bd, 0x1571cd07), TOBN(0x30c3aa4f, 0xd79670cd), - TOBN(0x25e8fd4b, 0x941ade7f), TOBN(0x3d1debdc, 0x32790011), - TOBN(0x65b6dcbd, 0x3a3f9ff0), TOBN(0x282736a4, 0x793de69c), - TOBN(0xef69a0c3, 0xd41d3bd3), TOBN(0xb533b8c9, 0x07a26bde), - TOBN(0xe2801d97, 0xdb2edf9f), TOBN(0xdc4a8269, 0xe1877af0), - TOBN(0x6c1c5851, 0x3d590dbe), TOBN(0x84632f6b, 0xee4e9357), - TOBN(0xd36d36b7, 0x79b33374), TOBN(0xb46833e3, 0x9bbca2e6), - TOBN(0x37893913, 0xf7fc0586), TOBN(0x385315f7, 0x66bf4719), - TOBN(0x72c56293, 0xb31855dc), TOBN(0xd1416d4e, 0x849061fe), - TOBN(0xbeb3ab78, 0x51047213), TOBN(0x447f6e61, 0xf040c996), - TOBN(0xd06d310d, 0x638b1d0c), TOBN(0xe28a413f, 0xbad1522e), - TOBN(0x685a76cb, 0x82003f86), TOBN(0x610d07f7, 0x0bcdbca3), - TOBN(0x6ff66021, 0x9ca4c455), TOBN(0x7df39b87, 0xcea10eec), - TOBN(0xb9255f96, 0xe22db218), TOBN(0x8cc6d9eb, 0x08a34c44), - TOBN(0xcd4ffb86, 0x859f9276), TOBN(0x8fa15eb2, 0x50d07335), - TOBN(0xdf553845, 0xcf2c24b5), TOBN(0x89f66a9f, 0x52f9c3ba), - TOBN(0x8f22b5b9, 0xe4a7ceb3), TOBN(0xaffef809, 0x0e134686), - TOBN(0x3e53e1c6, 0x8eb8fac2), TOBN(0x93c1e4eb, 0x28aec98e), - TOBN(0xb6b91ec5, 0x32a43bcb), TOBN(0x2dbfa947, 0xb2d74a51), - TOBN(0xe065d190, 0xca84bad7), TOBN(0xfb13919f, 0xad58e65c), - TOBN(0x3c41718b, 0xf1cb6e31), TOBN(0x688969f0, 0x06d05c3f), - TOBN(0xd4f94ce7, 0x21264d45), TOBN(0xfdfb65e9, 0x7367532b), - TOBN(0x5b1be8b1, 0x0945a39d), TOBN(0x229f789c, 0x2b8baf3b), - TOBN(0xd8f41f3e, 0x6f49f15d), TOBN(0x678ce828, 0x907f0792), - TOBN(0xc69ace82, 0xfca6e867), TOBN(0x106451ae, 0xd01dcc89), - TOBN(0x1bb4f7f0, 0x19fc32d2), TOBN(0x64633dfc, 0xb00c52d2), - TOBN(0x8f13549a, 0xad9ea445), TOBN(0x99a3bf50, 0xfb323705), - TOBN(0x0c9625a2, 0x534d4dbc), TOBN(0x45b8f1d1, 0xc2a2fea3), - TOBN(0x76ec21a1, 0xa530fc1a), TOBN(0x4bac9c2a, 0x9e5bd734), - TOBN(0x5996d76a, 0x7b4e3587), TOBN(0x0045cdee, 0x1182d9e3), - TOBN(0x1aee24b9, 0x1207f13d), TOBN(0x66452e97, 0x97345a41), - TOBN(0x16e5b054, 0x9f950cd0), TOBN(0x9cc72fb1, 0xd7fdd075), - TOBN(0x6edd61e7, 0x66249663), TOBN(0xde4caa4d, 0xf043cccb), - TOBN(0x11b1f57a, 0x55c7ac17), TOBN(0x779cbd44, 0x1a85e24d), - TOBN(0x78030f86, 0xe46081e7), TOBN(0xfd4a6032, 0x8e20f643), - TOBN(0xcc7a6488, 0x0a750c0f), TOBN(0x39bacfe3, 0x4e548e83), - TOBN(0x3d418c76, 0x0c110f05), TOBN(0x3e4daa4c, 0xb1f11588), - TOBN(0x2733e7b5, 0x5ffc69ff), TOBN(0x46f147bc, 0x92053127), - TOBN(0x885b2434, 0xd722df94), TOBN(0x6a444f65, 0xe6fc6b7c)} - , - {TOBN(0x7a1a465a, 0xc3f16ea8), TOBN(0x115a461d, 0xb2f1d11c), - TOBN(0x4767dd95, 0x6c68a172), TOBN(0x3392f2eb, 0xd13a4698), - TOBN(0xc7a99ccd, 0xe526cdc7), TOBN(0x8e537fdc, 0x22292b81), - TOBN(0x76d8cf69, 0xa6d39198), TOBN(0xffc5ff43, 0x2446852d), - TOBN(0x97b14f7e, 0xa90567e6), TOBN(0x513257b7, 0xb6ae5cb7), - TOBN(0x85454a3c, 0x9f10903d), TOBN(0xd8d2c9ad, 0x69bc3724), - TOBN(0x38da9324, 0x6b29cb44), TOBN(0xb540a21d, 0x77c8cbac), - TOBN(0x9bbfe435, 0x01918e42), TOBN(0xfffa707a, 0x56c3614e), - TOBN(0x0ce4e3f1, 0xd4e353b7), TOBN(0x062d8a14, 0xef46b0a0), - TOBN(0x6408d5ab, 0x574b73fd), TOBN(0xbc41d1c9, 0xd3273ffd), - TOBN(0x3538e1e7, 0x6be77800), TOBN(0x71fe8b37, 0xc5655031), - TOBN(0x1cd91621, 0x6b9b331a), TOBN(0xad825d0b, 0xbb388f73), - TOBN(0x56c2e05b, 0x1cb76219), TOBN(0x0ec0bf91, 0x71567e7e), - TOBN(0xe7076f86, 0x61c4c910), TOBN(0xd67b085b, 0xbabc04d9), - TOBN(0x9fb90459, 0x5e93a96a), TOBN(0x7526c1ea, 0xfbdc249a), - TOBN(0x0d44d367, 0xecdd0bb7), TOBN(0x95399917, 0x9dc0d695), - TOBN(0x61360ee9, 0x9e240d18), TOBN(0x057cdcac, 0xb4b94466), - TOBN(0xe7667cd1, 0x2fe5325c), TOBN(0x1fa297b5, 0x21974e3b), - TOBN(0xfa4081e7, 0xdb083d76), TOBN(0x31993be6, 0xf206bd15), - TOBN(0x8949269b, 0x14c19f8c), TOBN(0x21468d72, 0xa9d92357), - TOBN(0x2ccbc583, 0xa4c506ec), TOBN(0x957ed188, 0xd1acfe97), - TOBN(0x8baed833, 0x12f1aea2), TOBN(0xef2a6cb4, 0x8325362d), - TOBN(0x130dde42, 0x8e195c43), TOBN(0xc842025a, 0x0e6050c6), - TOBN(0x2da972a7, 0x08686a5d), TOBN(0xb52999a1, 0xe508b4a8), - TOBN(0xd9f090b9, 0x10a5a8bd), TOBN(0xca91d249, 0x096864da), - TOBN(0x8e6a93be, 0x3f67dbc1), TOBN(0xacae6fba, 0xf5f4764c), - TOBN(0x1563c6e0, 0xd21411a0), TOBN(0x28fa787f, 0xda0a4ad8), - TOBN(0xd524491c, 0x908c8030), TOBN(0x1257ba0e, 0x4c795f07), - TOBN(0x83f49167, 0xceca9754), TOBN(0x426d2cf6, 0x4b7939a0), - TOBN(0x2555e355, 0x723fd0bf), TOBN(0xa96e6d06, 0xc4f144e2), - TOBN(0x4768a8dd, 0x87880e61), TOBN(0x15543815, 0xe508e4d5), - TOBN(0x09d7e772, 0xb1b65e15), TOBN(0x63439dd6, 0xac302fa0), - TOBN(0xb93f802f, 0xc14e35c2), TOBN(0x71735b7c, 0x4341333c), - TOBN(0x03a25104, 0x16d4f362), TOBN(0x3f4d069b, 0xbf433c8e), - TOBN(0x0d83ae01, 0xf78f5a7c), TOBN(0x50a8ffbe, 0x7c4eed07), - TOBN(0xc74f8906, 0x76e10f83), TOBN(0x7d080966, 0x9ddaf8e1), - TOBN(0xb11df8e1, 0x698e04cc), TOBN(0x877be203, 0x169005c8), - TOBN(0x32749e8c, 0x4f3c6179), TOBN(0x2dbc9d0a, 0x7853fc05), - TOBN(0x187d4f93, 0x9454d937), TOBN(0xe682ce9d, 0xb4800e1b), - TOBN(0xa9129ad8, 0x165e68e8), TOBN(0x0fe29735, 0xbe7f785b), - TOBN(0x5303f40c, 0x5b9e02b7), TOBN(0xa37c9692, 0x35ee04e8), - TOBN(0x5f46cc20, 0x34d6632b), TOBN(0x55ef72b2, 0x96ac545b), - TOBN(0xabec5c1f, 0x7b91b062), TOBN(0x0a79e1c7, 0xbb33e821), - TOBN(0xbb04b428, 0x3a9f4117), TOBN(0x0de1f28f, 0xfd2a475a), - TOBN(0x31019ccf, 0x3a4434b4), TOBN(0xa3458111, 0x1a7954dc), - TOBN(0xa9dac80d, 0xe34972a7), TOBN(0xb043d054, 0x74f6b8dd), - TOBN(0x021c319e, 0x11137b1a), TOBN(0x00a754ce, 0xed5cc03f), - TOBN(0x0aa2c794, 0xcbea5ad4), TOBN(0x093e67f4, 0x70c015b6), - TOBN(0x72cdfee9, 0xc97e3f6b), TOBN(0xc10bcab4, 0xb6da7461), - TOBN(0x3b02d2fc, 0xb59806b9), TOBN(0x85185e89, 0xa1de6f47), - TOBN(0x39e6931f, 0x0eb6c4d4), TOBN(0x4d4440bd, 0xd4fa5b04), - TOBN(0x5418786e, 0x34be7eb8), TOBN(0x6380e521, 0x9d7259bc), - TOBN(0x20ac0351, 0xd598d710), TOBN(0x272c4166, 0xcb3a4da4), - TOBN(0xdb82fe1a, 0xca71de1f), TOBN(0x746e79f2, 0xd8f54b0f), - TOBN(0x6e7fc736, 0x4b573e9b), TOBN(0x75d03f46, 0xfd4b5040), - TOBN(0x5c1cc36d, 0x0b98d87b), TOBN(0x513ba3f1, 0x1f472da1), - TOBN(0x79d0af26, 0xabb177dd), TOBN(0xf82ab568, 0x7891d564), - TOBN(0x2b6768a9, 0x72232173), TOBN(0xefbb3bb0, 0x8c1f6619), - TOBN(0xb29c11db, 0xa6d18358), TOBN(0x519e2797, 0xb0916d3a), - TOBN(0xd4dc18f0, 0x9188e290), TOBN(0x648e86e3, 0x98b0ca7f), - TOBN(0x859d3145, 0x983c38b5), TOBN(0xb14f176c, 0x637abc8b), - TOBN(0x2793fb9d, 0xcaff7be6), TOBN(0xebe5a55f, 0x35a66a5a), - TOBN(0x7cec1dcd, 0x9f87dc59), TOBN(0x7c595cd3, 0xfbdbf560), - TOBN(0x5b543b22, 0x26eb3257), TOBN(0x69080646, 0xc4c935fd), - TOBN(0x7f2e4403, 0x81e9ede3), TOBN(0x243c3894, 0xcaf6df0a), - TOBN(0x7c605bb1, 0x1c073b11), TOBN(0xcd06a541, 0xba6a4a62), - TOBN(0x29168949, 0x49d4e2e5), TOBN(0x33649d07, 0x4af66880), - TOBN(0xbfc0c885, 0xe9a85035), TOBN(0xb4e52113, 0xfc410f4b), - TOBN(0xdca3b706, 0x78a6513b), TOBN(0x92ea4a2a, 0x9edb1943), - TOBN(0x02642216, 0xdb6e2dd8), TOBN(0x9b45d0b4, 0x9fd57894), - TOBN(0x114e70db, 0xc69d11ae), TOBN(0x1477dd19, 0x4c57595f), - TOBN(0xbc2208b4, 0xec77c272), TOBN(0x95c5b4d7, 0xdb68f59c), - TOBN(0xb8c4fc63, 0x42e532b7), TOBN(0x386ba422, 0x9ae35290), - TOBN(0xfb5dda42, 0xd201ecbc), TOBN(0x2353dc8b, 0xa0e38fd6), - TOBN(0x9a0b85ea, 0x68f7e978), TOBN(0x96ec5682, 0x2ad6d11f), - TOBN(0x5e279d6c, 0xe5f6886d), TOBN(0xd3fe03cd, 0x3cb1914d), - TOBN(0xfe541fa4, 0x7ea67c77), TOBN(0x952bd2af, 0xe3ea810c), - TOBN(0x791fef56, 0x8d01d374), TOBN(0xa3a1c621, 0x0f11336e), - TOBN(0x5ad0d5a9, 0xc7ec6d79), TOBN(0xff7038af, 0x3225c342), - TOBN(0x003c6689, 0xbc69601b), TOBN(0x25059bc7, 0x45e8747d), - TOBN(0xfa4965b2, 0xf2086fbf), TOBN(0xf6840ea6, 0x86916078), - TOBN(0xd7ac7620, 0x70081d6c), TOBN(0xe600da31, 0xb5328645), - TOBN(0x01916f63, 0x529b8a80), TOBN(0xe80e4858, 0x2d7d6f3e), - TOBN(0x29eb0fe8, 0xd664ca7c), TOBN(0xf017637b, 0xe7b43b0c), - TOBN(0x9a75c806, 0x76cb2566), TOBN(0x8f76acb1, 0xb24892d9), - TOBN(0x7ae7b9cc, 0x1f08fe45), TOBN(0x19ef7329, 0x6a4907d8), - TOBN(0x2db4ab71, 0x5f228bf0), TOBN(0xf3cdea39, 0x817032d7), - TOBN(0x0b1f482e, 0xdcabe3c0), TOBN(0x3baf76b4, 0xbb86325c), - TOBN(0xd49065e0, 0x10089465), TOBN(0x3bab5d29, 0x8e77c596), - TOBN(0x7636c3a6, 0x193dbd95), TOBN(0xdef5d294, 0xb246e499), - TOBN(0xb22c58b9, 0x286b2475), TOBN(0xa0b93939, 0xcd80862b), - TOBN(0x3002c83a, 0xf0992388), TOBN(0x6de01f9b, 0xeacbe14c), - TOBN(0x6aac688e, 0xadd70482), TOBN(0x708de92a, 0x7b4a4e8a), - TOBN(0x75b6dd73, 0x758a6eef), TOBN(0xea4bf352, 0x725b3c43), - TOBN(0x10041f2c, 0x87912868), TOBN(0xb1b1be95, 0xef09297a), - TOBN(0x19ae23c5, 0xa9f3860a), TOBN(0xc4f0f839, 0x515dcf4b), - TOBN(0x3c7ecca3, 0x97f6306a), TOBN(0x744c44ae, 0x68a3a4b0), - TOBN(0x69cd13a0, 0xb3a1d8a2), TOBN(0x7cad0a1e, 0x5256b578), - TOBN(0xea653fcd, 0x33791d9e), TOBN(0x9cc2a05d, 0x74b2e05f), - TOBN(0x73b391dc, 0xfd7affa2), TOBN(0xddb7091e, 0xb6b05442), - TOBN(0xc71e27bf, 0x8538a5c6), TOBN(0x195c63dd, 0x89abff17), - TOBN(0xfd315285, 0x1b71e3da), TOBN(0x9cbdfda7, 0xfa680fa0), - TOBN(0x9db876ca, 0x849d7eab), TOBN(0xebe2764b, 0x3c273271), - TOBN(0x663357e3, 0xf208dcea), TOBN(0x8c5bd833, 0x565b1b70), - TOBN(0xccc3b4f5, 0x9837fc0d), TOBN(0x9b641ba8, 0xa79cf00f), - TOBN(0x7428243d, 0xdfdf3990), TOBN(0x83a594c4, 0x020786b1), - TOBN(0xb712451a, 0x526c4502), TOBN(0x9d39438e, 0x6adb3f93), - TOBN(0xfdb261e3, 0xe9ff0ccd), TOBN(0x80344e3c, 0xe07af4c3), - TOBN(0x75900d7c, 0x2fa4f126), TOBN(0x08a3b865, 0x5c99a232), - TOBN(0x2478b6bf, 0xdb25e0c3), TOBN(0x482cc2c2, 0x71db2edf), - TOBN(0x37df7e64, 0x5f321bb8), TOBN(0x8a93821b, 0x9a8005b4), - TOBN(0x3fa2f10c, 0xcc8c1958), TOBN(0x0d332218, 0x2c269d0a), - TOBN(0x20ab8119, 0xe246b0e6), TOBN(0xb39781e4, 0xd349fd17), - TOBN(0xd293231e, 0xb31aa100), TOBN(0x4b779c97, 0xbb032168), - TOBN(0x4b3f19e1, 0xc8470500), TOBN(0x45b7efe9, 0x0c4c869d), - TOBN(0xdb84f38a, 0xa1a6bbcc), TOBN(0x3b59cb15, 0xb2fddbc1), - TOBN(0xba5514df, 0x3fd165e8), TOBN(0x499fd6a9, 0x061f8811), - TOBN(0x72cd1fe0, 0xbfef9f00), TOBN(0x120a4bb9, 0x79ad7e8a), - TOBN(0xf2ffd095, 0x5f4a5ac5), TOBN(0xcfd174f1, 0x95a7a2f0), - TOBN(0xd42301ba, 0x9d17baf1), TOBN(0xd2fa487a, 0x77f22089), - TOBN(0x9cb09efe, 0xb1dc77e1), TOBN(0xe9566939, 0x21c99682), - TOBN(0x8c546901, 0x6c6067bb), TOBN(0xfd378574, 0x61c24456), - TOBN(0x2b6a6cbe, 0x81796b33), TOBN(0x62d550f6, 0x58e87f8b), - TOBN(0x1b763e1c, 0x7f1b01b4), TOBN(0x4b93cfea, 0x1b1b5e12), - TOBN(0xb9345238, 0x1d531696), TOBN(0x57201c00, 0x88cdde69), - TOBN(0xdde92251, 0x9a86afc7), TOBN(0xe3043895, 0xbd35cea8), - TOBN(0x7608c1e1, 0x8555970d), TOBN(0x8267dfa9, 0x2535935e), - TOBN(0xd4c60a57, 0x322ea38b), TOBN(0xe0bf7977, 0x804ef8b5), - TOBN(0x1a0dab28, 0xc06fece4), TOBN(0xd405991e, 0x94e7b49d), - TOBN(0xc542b6d2, 0x706dab28), TOBN(0xcb228da3, 0xa91618fb), - TOBN(0x224e4164, 0x107d1cea), TOBN(0xeb9fdab3, 0xd0f5d8f1), - TOBN(0xc02ba386, 0x0d6e41cd), TOBN(0x676a72c5, 0x9b1f7146), - TOBN(0xffd6dd98, 0x4d6cb00b), TOBN(0xcef9c5ca, 0xde2e8d7c), - TOBN(0xa1bbf5d7, 0x641c7936), TOBN(0x1b95b230, 0xee8f772e), - TOBN(0xf765a92e, 0xe8ac25b1), TOBN(0xceb04cfc, 0x3a18b7c6), - TOBN(0x27944cef, 0x0acc8966), TOBN(0xcbb3c957, 0x434c1004), - TOBN(0x9c9971a1, 0xa43ff93c), TOBN(0x5bc2db17, 0xa1e358a9), - TOBN(0x45b4862e, 0xa8d9bc82), TOBN(0x70ebfbfb, 0x2201e052), - TOBN(0xafdf64c7, 0x92871591), TOBN(0xea5bcae6, 0xb42d0219), - TOBN(0xde536c55, 0x2ad8f03c), TOBN(0xcd6c3f4d, 0xa76aa33c), - TOBN(0xbeb5f623, 0x0bca6de3), TOBN(0xdd20dd99, 0xb1e706fd), - TOBN(0x90b3ff9d, 0xac9059d4), TOBN(0x2d7b2902, 0x7ccccc4e), - TOBN(0x8a090a59, 0xce98840f), TOBN(0xa5d947e0, 0x8410680a), - TOBN(0x49ae346a, 0x923379a5), TOBN(0x7dbc84f9, 0xb28a3156), - TOBN(0xfd40d916, 0x54a1aff2), TOBN(0xabf318ba, 0x3a78fb9b), - TOBN(0x50152ed8, 0x3029f95e), TOBN(0x9fc1dd77, 0xc58ad7fa), - TOBN(0x5fa57915, 0x13595c17), TOBN(0xb9504668, 0x8f62b3a9), - TOBN(0x907b5b24, 0xff3055b0), TOBN(0x2e995e35, 0x9a84f125), - TOBN(0x87dacf69, 0x7e9bbcfb), TOBN(0x95d0c1d6, 0xe86d96e3), - TOBN(0x65726e3c, 0x2d95a75c), TOBN(0x2c3c9001, 0xacd27f21), - TOBN(0x1deab561, 0x6c973f57), TOBN(0x108b7e2c, 0xa5221643), - TOBN(0x5fee9859, 0xc4ef79d4), TOBN(0xbd62b88a, 0x40d4b8c6), - TOBN(0xb4dd29c4, 0x197c75d6), TOBN(0x266a6df2, 0xb7076feb), - TOBN(0x9512d0ea, 0x4bf2df11), TOBN(0x1320c24f, 0x6b0cc9ec), - TOBN(0x6bb1e0e1, 0x01a59596), TOBN(0x8317c5bb, 0xeff9aaac), - TOBN(0x65bb405e, 0x385aa6c9), TOBN(0x613439c1, 0x8f07988f), - TOBN(0xd730049f, 0x16a66e91), TOBN(0xe97f2820, 0xfa1b0e0d), - TOBN(0x4131e003, 0x304c28ea), TOBN(0x820ab732, 0x526bac62), - TOBN(0xb2ac9ef9, 0x28714423), TOBN(0x54ecfffa, 0xadb10cb2), - TOBN(0x8781476e, 0xf886a4cc), TOBN(0x4b2c87b5, 0xdb2f8d49), - TOBN(0xe857cd20, 0x0a44295d), TOBN(0x707d7d21, 0x58c6b044), - TOBN(0xae8521f9, 0xf596757c), TOBN(0x87448f03, 0x67b2b714), - TOBN(0x13a9bc45, 0x5ebcd58d), TOBN(0x79bcced9, 0x9122d3c1), - TOBN(0x3c644247, 0x9e076642), TOBN(0x0cf22778, 0x2df4767d), - TOBN(0x5e61aee4, 0x71d444b6), TOBN(0x211236bf, 0xc5084a1d), - TOBN(0x7e15bc9a, 0x4fd3eaf6), TOBN(0x68df2c34, 0xab622bf5), - TOBN(0x9e674f0f, 0x59bf4f36), TOBN(0xf883669b, 0xd7f34d73), - TOBN(0xc48ac1b8, 0x31497b1d), TOBN(0x323b925d, 0x5106703b), - TOBN(0x22156f42, 0x74082008), TOBN(0xeffc521a, 0xc8482bcb), - TOBN(0x5c6831bf, 0x12173479), TOBN(0xcaa2528f, 0xc4739490), - TOBN(0x84d2102a, 0x8f1b3c4d), TOBN(0xcf64dfc1, 0x2d9bec0d), - TOBN(0x433febad, 0x78a546ef), TOBN(0x1f621ec3, 0x7b73cef1), - TOBN(0x6aecd627, 0x37338615), TOBN(0x162082ab, 0x01d8edf6), - TOBN(0x833a8119, 0x19e86b66), TOBN(0x6023a251, 0xd299b5db), - TOBN(0xf5bb0c3a, 0xbbf04b89), TOBN(0x6735eb69, 0xae749a44), - TOBN(0xd0e058c5, 0x4713de3b), TOBN(0xfdf2593e, 0x2c3d4ccd), - TOBN(0x1b8f414e, 0xfdd23667), TOBN(0xdd52aaca, 0xfa2015ee), - TOBN(0x3e31b517, 0xbd9625ff), TOBN(0x5ec9322d, 0x8db5918c), - TOBN(0xbc73ac85, 0xa96f5294), TOBN(0x82aa5bf3, 0x61a0666a), - TOBN(0x49755810, 0xbf08ac42), TOBN(0xd21cdfd5, 0x891cedfc), - TOBN(0x918cb57b, 0x67f8be10), TOBN(0x365d1a7c, 0x56ffa726), - TOBN(0x2435c504, 0x6532de93), TOBN(0xc0fc5e10, 0x2674cd02), - TOBN(0x6e51fcf8, 0x9cbbb142), TOBN(0x1d436e5a, 0xafc50692), - TOBN(0x766bffff, 0x3fbcae22), TOBN(0x3148c2fd, 0xfd55d3b8), - TOBN(0x52c7fdc9, 0x233222fa), TOBN(0x89ff1092, 0xe419fb6b), - TOBN(0x3cd6db99, 0x25254977), TOBN(0x2e85a161, 0x1cf12ca7), - TOBN(0xadd2547c, 0xdc810bc9), TOBN(0xea3f458f, 0x9d257c22), - TOBN(0x642c1fbe, 0x27d6b19b), TOBN(0xed07e6b5, 0x140481a6), - TOBN(0x6ada1d42, 0x86d2e0f8), TOBN(0xe5920122, 0x0e8a9fd5), - TOBN(0x02c936af, 0x708c1b49), TOBN(0x60f30fee, 0x2b4bfaff), - TOBN(0x6637ad06, 0x858e6a61), TOBN(0xce4c7767, 0x3fd374d0), - TOBN(0x39d54b2d, 0x7188defb), TOBN(0xa8c9d250, 0xf56a6b66), - TOBN(0x58fc0f5e, 0xb24fe1dc), TOBN(0x9eaf9dee, 0x6b73f24c), - TOBN(0xa90d588b, 0x33650705), TOBN(0xde5b62c5, 0xaf2ec729), - TOBN(0x5c72cfae, 0xd3c2b36e), TOBN(0x868c19d5, 0x034435da), - TOBN(0x88605f93, 0xe17ee145), TOBN(0xaa60c4ee, 0x77a5d5b1), - TOBN(0xbcf5bfd2, 0x3b60c472), TOBN(0xaf4ef13c, 0xeb1d3049), - TOBN(0x373f44fc, 0xe13895c9), TOBN(0xf29b382f, 0x0cbc9822), - TOBN(0x1bfcb853, 0x73efaef6), TOBN(0xcf56ac9c, 0xa8c96f40), - TOBN(0xd7adf109, 0x7a191e24), TOBN(0x98035f44, 0xbf8a8dc2), - TOBN(0xf40a71b9, 0x1e750c84), TOBN(0xc57f7b0c, 0x5dc6c469), - TOBN(0x49a0e79c, 0x6fbc19c1), TOBN(0x6b0f5889, 0xa48ebdb8), - TOBN(0x5d3fd084, 0xa07c4e9f), TOBN(0xc3830111, 0xab27de14), - TOBN(0x0e4929fe, 0x33e08dcc), TOBN(0xf4a5ad24, 0x40bb73a3), - TOBN(0xde86c2bf, 0x490f97ca), TOBN(0x288f09c6, 0x67a1ce18), - TOBN(0x364bb886, 0x1844478d), TOBN(0x7840fa42, 0xceedb040), - TOBN(0x1269fdd2, 0x5a631b37), TOBN(0x94761f1e, 0xa47c8b7d), - TOBN(0xfc0c2e17, 0x481c6266), TOBN(0x85e16ea2, 0x3daa5fa7), - TOBN(0xccd86033, 0x92491048), TOBN(0x0c2f6963, 0xf4d402d7), - TOBN(0x6336f7df, 0xdf6a865c), TOBN(0x0a2a463c, 0xb5c02a87), - TOBN(0xb0e29be7, 0xbf2f12ee), TOBN(0xf0a22002, 0x66bad988), - TOBN(0x27f87e03, 0x9123c1d7), TOBN(0x21669c55, 0x328a8c98), - TOBN(0x186b9803, 0x92f14529), TOBN(0xd3d056cc, 0x63954df3), - TOBN(0x2f03fd58, 0x175a46f6), TOBN(0x63e34ebe, 0x11558558), - TOBN(0xe13fedee, 0x5b80cfa5), TOBN(0xe872a120, 0xd401dbd1), - TOBN(0x52657616, 0xe8a9d667), TOBN(0xbc8da4b6, 0xe08d6693), - TOBN(0x370fb9bb, 0x1b703e75), TOBN(0x6773b186, 0xd4338363), - TOBN(0x18dad378, 0xecef7bff), TOBN(0xaac787ed, 0x995677da), - TOBN(0x4801ea8b, 0x0437164b), TOBN(0xf430ad20, 0x73fe795e), - TOBN(0xb164154d, 0x8ee5eb73), TOBN(0x0884ecd8, 0x108f7c0e), - TOBN(0x0e6ec096, 0x5f520698), TOBN(0x640631fe, 0x44f7b8d9), - TOBN(0x92fd34fc, 0xa35a68b9), TOBN(0x9c5a4b66, 0x4d40cf4e), - TOBN(0x949454bf, 0x80b6783d), TOBN(0x80e701fe, 0x3a320a10), - TOBN(0x8d1a564a, 0x1a0a39b2), TOBN(0x1436d53d, 0x320587db), - TOBN(0xf5096e6d, 0x6556c362), TOBN(0xbc23a3c0, 0xe2455d7e), - TOBN(0x3a7aee54, 0x807230f9), TOBN(0x9ba1cfa6, 0x22ae82fd), - TOBN(0x833a057a, 0x99c5d706), TOBN(0x8be85f4b, 0x842315c9), - TOBN(0xd083179a, 0x66a72f12), TOBN(0x2fc77d5d, 0xcdcc73cd), - TOBN(0x22b88a80, 0x5616ee30), TOBN(0xfb09548f, 0xe7ab1083), - TOBN(0x8ad6ab0d, 0x511270cd), TOBN(0x61f6c57a, 0x6924d9ab), - TOBN(0xa0f7bf72, 0x90aecb08), TOBN(0x849f87c9, 0x0df784a4), - TOBN(0x27c79c15, 0xcfaf1d03), TOBN(0xbbf9f675, 0xc463face), - TOBN(0x91502c65, 0x765ba543), TOBN(0x18ce3cac, 0x42ea60dd), - TOBN(0xe5cee6ac, 0x6e43ecb3), TOBN(0x63e4e910, 0x68f2aeeb), - TOBN(0x26234fa3, 0xc85932ee), TOBN(0x96883e8b, 0x4c90c44d), - TOBN(0x29b9e738, 0xa18a50f6), TOBN(0xbfc62b2a, 0x3f0420df), - TOBN(0xd22a7d90, 0x6d3e1fa9), TOBN(0x17115618, 0xfe05b8a3), - TOBN(0x2a0c9926, 0xbb2b9c01), TOBN(0xc739fcc6, 0xe07e76a2), - TOBN(0x540e9157, 0x165e439a), TOBN(0x06353a62, 0x6a9063d8), - TOBN(0x84d95594, 0x61e927a3), TOBN(0x013b9b26, 0xe2e0be7f), - TOBN(0x4feaec3b, 0x973497f1), TOBN(0x15c0f94e, 0x093ebc2d), - TOBN(0x6af5f227, 0x33af0583), TOBN(0x0c2af206, 0xc61f3340), - TOBN(0xd25dbdf1, 0x4457397c), TOBN(0x2e8ed017, 0xcabcbae0), - TOBN(0xe3010938, 0xc2815306), TOBN(0xbaa99337, 0xe8c6cd68), - TOBN(0x08513182, 0x3b0ec7de), TOBN(0x1e1b822b, 0x58df05df), - TOBN(0x5c14842f, 0xa5c3b683), TOBN(0x98fe977e, 0x3eba34ce), - TOBN(0xfd2316c2, 0x0d5e8873), TOBN(0xe48d839a, 0xbd0d427d), - TOBN(0x495b2218, 0x623fc961), TOBN(0x24ee56e7, 0xb46fba5e), - TOBN(0x9184a55b, 0x91e4de58), TOBN(0xa7488ca5, 0xdfdea288), - TOBN(0xa723862e, 0xa8dcc943), TOBN(0x92d762b2, 0x849dc0fc), - TOBN(0x3c444a12, 0x091ff4a9), TOBN(0x581113fa, 0x0cada274), - TOBN(0xb9de0a45, 0x30d8eae2), TOBN(0x5e0fcd85, 0xdf6b41ea), - TOBN(0x6233ea68, 0xc094dbb5), TOBN(0xb77d062e, 0xd968d410), - TOBN(0x3e719bbc, 0x58b3002d), TOBN(0x68e7dd3d, 0x3dc49d58), - TOBN(0x8d825740, 0x013a5e58), TOBN(0x21311747, 0x3c9e3c1b), - TOBN(0x0cb0a2a7, 0x7c99b6ab), TOBN(0x5c48a3b3, 0xc2f888f2)} - , - {TOBN(0xc7913e91, 0x991724f3), TOBN(0x5eda799c, 0x39cbd686), - TOBN(0xddb595c7, 0x63d4fc1e), TOBN(0x6b63b80b, 0xac4fed54), - TOBN(0x6ea0fc69, 0x7e5fb516), TOBN(0x737708ba, 0xd0f1c964), - TOBN(0x9628745f, 0x11a92ca5), TOBN(0x61f37958, 0x9a86967a), - TOBN(0x9af39b2c, 0xaa665072), TOBN(0x78322fa4, 0xefd324ef), - TOBN(0x3d153394, 0xc327bd31), TOBN(0x81d5f271, 0x3129dab0), - TOBN(0xc72e0c42, 0xf48027f5), TOBN(0xaa40cdbc, 0x8536e717), - TOBN(0xf45a657a, 0x2d369d0f), TOBN(0xb03bbfc4, 0xea7f74e6), - TOBN(0x46a8c418, 0x0d738ded), TOBN(0x6f1a5bb0, 0xe0de5729), - TOBN(0xf10230b9, 0x8ba81675), TOBN(0x32c6f30c, 0x112b33d4), - TOBN(0x7559129d, 0xd8fffb62), TOBN(0x6a281b47, 0xb459bf05), - TOBN(0x77c1bd3a, 0xfa3b6776), TOBN(0x0709b380, 0x7829973a), - TOBN(0x8c26b232, 0xa3326505), TOBN(0x38d69272, 0xee1d41bf), - TOBN(0x0459453e, 0xffe32afa), TOBN(0xce8143ad, 0x7cb3ea87), - TOBN(0x932ec1fa, 0x7e6ab666), TOBN(0x6cd2d230, 0x22286264), - TOBN(0x459a46fe, 0x6736f8ed), TOBN(0x50bf0d00, 0x9eca85bb), - TOBN(0x0b825852, 0x877a21ec), TOBN(0x300414a7, 0x0f537a94), - TOBN(0x3f1cba40, 0x21a9a6a2), TOBN(0x50824eee, 0x76943c00), - TOBN(0xa0dbfcec, 0xf83cba5d), TOBN(0xf9538148, 0x93b4f3c0), - TOBN(0x61744162, 0x48f24dd7), TOBN(0x5322d64d, 0xe4fb09dd), - TOBN(0x57447384, 0x3d9325f3), TOBN(0xa9bef2d0, 0xf371cb84), - TOBN(0x77d2188b, 0xa61e36c5), TOBN(0xbbd6a7d7, 0xc602df72), - TOBN(0xba3aa902, 0x8f61bc0b), TOBN(0xf49085ed, 0x6ed0b6a1), - TOBN(0x8bc625d6, 0xae6e8298), TOBN(0x832b0b1d, 0xa2e9c01d), - TOBN(0xa337c447, 0xf1f0ced1), TOBN(0x800cc793, 0x9492dd2b), - TOBN(0x4b93151d, 0xbea08efa), TOBN(0x820cf3f8, 0xde0a741e), - TOBN(0xff1982dc, 0x1c0f7d13), TOBN(0xef921960, 0x84dde6ca), - TOBN(0x1ad7d972, 0x45f96ee3), TOBN(0x319c8dbe, 0x29dea0c7), - TOBN(0xd3ea3871, 0x7b82b99b), TOBN(0x75922d4d, 0x470eb624), - TOBN(0x8f66ec54, 0x3b95d466), TOBN(0x66e673cc, 0xbee1e346), - TOBN(0x6afe67c4, 0xb5f2b89a), TOBN(0x3de9c1e6, 0x290e5cd3), - TOBN(0x8c278bb6, 0x310a2ada), TOBN(0x420fa384, 0x0bdb323b), - TOBN(0x0ae1d63b, 0x0eb919b0), TOBN(0xd74ee51d, 0xa74b9620), - TOBN(0x395458d0, 0xa674290c), TOBN(0x324c930f, 0x4620a510), - TOBN(0x2d1f4d19, 0xfbac27d4), TOBN(0x4086e8ca, 0x9bedeeac), - TOBN(0x0cdd211b, 0x9b679ab8), TOBN(0x5970167d, 0x7090fec4), - TOBN(0x3420f2c9, 0xfaf1fc63), TOBN(0x616d333a, 0x328c8bb4), - TOBN(0x7d65364c, 0x57f1fe4a), TOBN(0x9343e877, 0x55e5c73a), - TOBN(0x5795176b, 0xe970e78c), TOBN(0xa36ccebf, 0x60533627), - TOBN(0xfc7c7380, 0x09cdfc1b), TOBN(0xb39a2afe, 0xb3fec326), - TOBN(0xb7ff1ba1, 0x6224408a), TOBN(0xcc856e92, 0x247cfc5e), - TOBN(0x01f102e7, 0xc18bc493), TOBN(0x4613ab74, 0x2091c727), - TOBN(0xaa25e89c, 0xc420bf2b), TOBN(0x00a53176, 0x90337ec2), - TOBN(0xd2be9f43, 0x7d025fc7), TOBN(0x3316fb85, 0x6e6fe3dc), - TOBN(0x27520af5, 0x9ac50814), TOBN(0xfdf95e78, 0x9a8e4223), - TOBN(0xb7e7df2a, 0x56bec5a0), TOBN(0xf7022f7d, 0xdf159e5d), - TOBN(0x93eeeab1, 0xcac1fe8f), TOBN(0x8040188c, 0x37451168), - TOBN(0x7ee8aa8a, 0xd967dce6), TOBN(0xfa0e79e7, 0x3abc9299), - TOBN(0x67332cfc, 0x2064cfd1), TOBN(0x339c31de, 0xb0651934), - TOBN(0x719b28d5, 0x2a3bcbea), TOBN(0xee74c82b, 0x9d6ae5c6), - TOBN(0x0927d05e, 0xbaf28ee6), TOBN(0x82cecf2c, 0x9d719028), - TOBN(0x0b0d353e, 0xddb30289), TOBN(0xfe4bb977, 0xfddb2e29), - TOBN(0xbb5bb990, 0x640bfd9e), TOBN(0xd226e277, 0x82f62108), - TOBN(0x4bf00985, 0x02ffdd56), TOBN(0x7756758a, 0x2ca1b1b5), - TOBN(0xc32b62a3, 0x5285fe91), TOBN(0xedbc546a, 0x8c9cd140), - TOBN(0x1e47a013, 0xaf5cb008), TOBN(0xbca7e720, 0x073ce8f2), - TOBN(0xe10b2ab8, 0x17a91cae), TOBN(0xb89aab65, 0x08e27f63), - TOBN(0x7b3074a7, 0xdba3ddf9), TOBN(0x1c20ce09, 0x330c2972), - TOBN(0x6b9917b4, 0x5fcf7e33), TOBN(0xe6793743, 0x945ceb42), - TOBN(0x18fc2215, 0x5c633d19), TOBN(0xad1adb3c, 0xc7485474), - TOBN(0x646f9679, 0x6424c49b), TOBN(0xf888dfe8, 0x67c241c9), - TOBN(0xe12d4b93, 0x24f68b49), TOBN(0x9a6b62d8, 0xa571df20), - TOBN(0x81b4b26d, 0x179483cb), TOBN(0x666f9632, 0x9511fae2), - TOBN(0xd281b3e4, 0xd53aa51f), TOBN(0x7f96a765, 0x7f3dbd16), - TOBN(0xa7f8b5bf, 0x074a30ce), TOBN(0xd7f52107, 0x005a32e6), - TOBN(0x6f9e0907, 0x50237ed4), TOBN(0x2f21da47, 0x8096fa2b), - TOBN(0xf3e19cb4, 0xeec863a0), TOBN(0xd18f77fd, 0x9527620a), - TOBN(0x9505c81c, 0x407c1cf8), TOBN(0x9998db4e, 0x1b6ec284), - TOBN(0x7e3389e5, 0xc247d44d), TOBN(0x12507141, 0x3f4f3d80), - TOBN(0xd4ba0110, 0x4a78a6c7), TOBN(0x312874a0, 0x767720be), - TOBN(0xded059a6, 0x75944370), TOBN(0xd6123d90, 0x3b2c0bdd), - TOBN(0xa56b717b, 0x51c108e3), TOBN(0x9bb7940e, 0x070623e9), - TOBN(0x794e2d59, 0x84ac066c), TOBN(0xf5954a92, 0xe68c69a0), - TOBN(0x28c52458, 0x4fd99dcc), TOBN(0x60e639fc, 0xb1012517), - TOBN(0xc2e60125, 0x7de79248), TOBN(0xe9ef6404, 0xf12fc6d7), - TOBN(0x4c4f2808, 0x2a3b5d32), TOBN(0x865ad32e, 0xc768eb8a), - TOBN(0xac02331b, 0x13fb70b6), TOBN(0x037b44c1, 0x95599b27), - TOBN(0x1a860fc4, 0x60bd082c), TOBN(0xa2e25745, 0xc980cd01), - TOBN(0xee3387a8, 0x1da0263e), TOBN(0x931bfb95, 0x2d10f3d6), - TOBN(0x5b687270, 0xa1f24a32), TOBN(0xf140e65d, 0xca494b86), - TOBN(0x4f4ddf91, 0xb2f1ac7a), TOBN(0xf99eaabb, 0x760fee27), - TOBN(0x57f4008a, 0x49c228e5), TOBN(0x090be440, 0x1cf713bb), - TOBN(0xac91fbe4, 0x5004f022), TOBN(0xd838c2c2, 0x569e1af6), - TOBN(0xd6c7d20b, 0x0f1daaa5), TOBN(0xaa063ac1, 0x1bbb02c0), - TOBN(0x0938a422, 0x59558a78), TOBN(0x5343c669, 0x8435da2f), - TOBN(0x96f67b18, 0x034410dc), TOBN(0x7cc1e424, 0x84510804), - TOBN(0x86a1543f, 0x16dfbb7d), TOBN(0x921fa942, 0x5b5bd592), - TOBN(0x9dcccb6e, 0xb33dd03c), TOBN(0x8581ddd9, 0xb843f51e), - TOBN(0x54935fcb, 0x81d73c9e), TOBN(0x6d07e979, 0x0a5e97ab), - TOBN(0x4dc7b30a, 0xcf3a6bab), TOBN(0x147ab1f3, 0x170bee11), - TOBN(0x0aaf8e3d, 0x9fafdee4), TOBN(0xfab3dbcb, 0x538a8b95), - TOBN(0x405df4b3, 0x6ef13871), TOBN(0xf1f4e9cb, 0x088d5a49), - TOBN(0x9bcd24d3, 0x66b33f1d), TOBN(0x3b97b820, 0x5ce445c0), - TOBN(0xe2926549, 0xba93ff61), TOBN(0xd9c341ce, 0x4dafe616), - TOBN(0xfb30a76e, 0x16efb6f3), TOBN(0xdf24b8ca, 0x605b953c), - TOBN(0x8bd52afe, 0xc2fffb9f), TOBN(0xbbac5ff7, 0xe19d0b96), - TOBN(0x43c01b87, 0x459afccd), TOBN(0x6bd45143, 0xb7432652), - TOBN(0x84734530, 0x55b5d78e), TOBN(0x81088fdb, 0x1554ba7d), - TOBN(0xada0a52c, 0x1e269375), TOBN(0xf9f037c4, 0x2dc5ec10), - TOBN(0xc0660607, 0x94bfbc11), TOBN(0xc0a630bb, 0xc9c40d2f), - TOBN(0x5efc797e, 0xab64c31e), TOBN(0xffdb1dab, 0x74507144), - TOBN(0xf6124287, 0x1ca6790c), TOBN(0xe9609d81, 0xe69bf1bf), - TOBN(0xdb898595, 0x00d24fc9), TOBN(0x9c750333, 0xe51fb417), - TOBN(0x51830a91, 0xfef7bbde), TOBN(0x0ce67dc8, 0x945f585c), - TOBN(0x9a730ed4, 0x4763eb50), TOBN(0x24a0e221, 0xc1ab0d66), - TOBN(0x643b6393, 0x648748f3), TOBN(0x1982daa1, 0x6d3c6291), - TOBN(0x6f00a9f7, 0x8bbc5549), TOBN(0x7a1783e1, 0x7f36384e), - TOBN(0xe8346323, 0xde977f50), TOBN(0x91ab688d, 0xb245502a), - TOBN(0x331ab6b5, 0x6d0bdd66), TOBN(0x0a6ef32e, 0x64b71229), - TOBN(0x1028150e, 0xfe7c352f), TOBN(0x27e04350, 0xce7b39d3), - TOBN(0x2a3c8acd, 0xc1070c82), TOBN(0xfb2034d3, 0x80c9feef), - TOBN(0x2d729621, 0x709f3729), TOBN(0x8df290bf, 0x62cb4549), - TOBN(0x02f99f33, 0xfc2e4326), TOBN(0x3b30076d, 0x5eddf032), - TOBN(0xbb21f8cf, 0x0c652fb5), TOBN(0x314fb49e, 0xed91cf7b), - TOBN(0xa013eca5, 0x2f700750), TOBN(0x2b9e3c23, 0x712a4575), - TOBN(0xe5355557, 0xaf30fbb0), TOBN(0x1ada3516, 0x7c77e771), - TOBN(0x45f6ecb2, 0x7b135670), TOBN(0xe85d19df, 0x7cfc202e), - TOBN(0x0f1b50c7, 0x58d1be9f), TOBN(0x5ebf2c0a, 0xead2e344), - TOBN(0x1531fe4e, 0xabc199c9), TOBN(0xc7032592, 0x56bab0ae), - TOBN(0x16ab2e48, 0x6c1fec54), TOBN(0x0f87fda8, 0x04280188), - TOBN(0xdc9f46fc, 0x609e4a74), TOBN(0x2a44a143, 0xba667f91), - TOBN(0xbc3d8b95, 0xb4d83436), TOBN(0xa01e4bd0, 0xc7bd2958), - TOBN(0x7b182932, 0x73483c90), TOBN(0xa79c6aa1, 0xa7c7b598), - TOBN(0xbf3983c6, 0xeaaac07e), TOBN(0x8f18181e, 0x96e0d4e6), - TOBN(0x8553d37c, 0x051af62b), TOBN(0xe9a998eb, 0x0bf94496), - TOBN(0xe0844f9f, 0xb0d59aa1), TOBN(0x983fd558, 0xe6afb813), - TOBN(0x9670c0ca, 0x65d69804), TOBN(0x732b22de, 0x6ea5ff2d), - TOBN(0xd7640ba9, 0x5fd8623b), TOBN(0x9f619163, 0xa6351782), - TOBN(0x0bfc27ee, 0xacee5043), TOBN(0xae419e73, 0x2eb10f02), - TOBN(0x19c028d1, 0x8943fb05), TOBN(0x71f01cf7, 0xff13aa2a), - TOBN(0x7790737e, 0x8887a132), TOBN(0x67513309, 0x66318410), - TOBN(0x9819e8a3, 0x7ddb795e), TOBN(0xfecb8ef5, 0xdad100b2), - TOBN(0x59f74a22, 0x3021926a), TOBN(0xb7c28a49, 0x6f9b4c1c), - TOBN(0xed1a733f, 0x912ad0ab), TOBN(0x42a910af, 0x01a5659c), - TOBN(0x3842c6e0, 0x7bd68cab), TOBN(0x2b57fa38, 0x76d70ac8), - TOBN(0x8a6707a8, 0x3c53aaeb), TOBN(0x62c1c510, 0x65b4db18), - TOBN(0x8de2c1fb, 0xb2d09dc7), TOBN(0xc3dfed12, 0x266bd23b), - TOBN(0x927d039b, 0xd5b27db6), TOBN(0x2fb2f0f1, 0x103243da), - TOBN(0xf855a07b, 0x80be7399), TOBN(0xed9327ce, 0x1f9f27a8), - TOBN(0xa0bd99c7, 0x729bdef7), TOBN(0x2b67125e, 0x28250d88), - TOBN(0x784b26e8, 0x8670ced7), TOBN(0xe3dfe41f, 0xc31bd3b4), - TOBN(0x9e353a06, 0xbcc85cbc), TOBN(0x302e2909, 0x60178a9d), - TOBN(0x860abf11, 0xa6eac16e), TOBN(0x76447000, 0xaa2b3aac), - TOBN(0x46ff9d19, 0x850afdab), TOBN(0x35bdd6a5, 0xfdb2d4c1), - TOBN(0xe82594b0, 0x7e5c9ce9), TOBN(0x0f379e53, 0x20af346e), - TOBN(0x608b31e3, 0xbc65ad4a), TOBN(0x710c6b12, 0x267c4826), - TOBN(0x51c966f9, 0x71954cf1), TOBN(0xb1cec793, 0x0d0aa215), - TOBN(0x1f155989, 0x86bd23a8), TOBN(0xae2ff99c, 0xf9452e86), - TOBN(0xd8dd953c, 0x340ceaa2), TOBN(0x26355275, 0x2e2e9333), - TOBN(0x15d4e5f9, 0x8586f06d), TOBN(0xd6bf94a8, 0xf7cab546), - TOBN(0x33c59a0a, 0xb76a9af0), TOBN(0x52740ab3, 0xba095af7), - TOBN(0xc444de8a, 0x24389ca0), TOBN(0xcc6f9863, 0x706da0cb), - TOBN(0xb5a741a7, 0x6b2515cf), TOBN(0x71c41601, 0x9585c749), - TOBN(0x78350d4f, 0xe683de97), TOBN(0x31d61524, 0x63d0b5f5), - TOBN(0x7a0cc5e1, 0xfbce090b), TOBN(0xaac927ed, 0xfbcb2a5b), - TOBN(0xe920de49, 0x20d84c35), TOBN(0x8c06a0b6, 0x22b4de26), - TOBN(0xd34dd58b, 0xafe7ddf3), TOBN(0x55851fed, 0xc1e6e55b), - TOBN(0xd1395616, 0x960696e7), TOBN(0x940304b2, 0x5f22705f), - TOBN(0x6f43f861, 0xb0a2a860), TOBN(0xcf121282, 0x0e7cc981), - TOBN(0x12186212, 0x0ab64a96), TOBN(0x09215b9a, 0xb789383c), - TOBN(0x311eb305, 0x37387c09), TOBN(0xc5832fce, 0xf03ee760), - TOBN(0x30358f58, 0x32f7ea19), TOBN(0xe01d3c34, 0x91d53551), - TOBN(0x1ca5ee41, 0xda48ea80), TOBN(0x34e71e8e, 0xcf4fa4c1), - TOBN(0x312abd25, 0x7af1e1c7), TOBN(0xe3afcdeb, 0x2153f4a5), - TOBN(0x9d5c84d7, 0x00235e9a), TOBN(0x0308d3f4, 0x8c4c836f), - TOBN(0xc0a66b04, 0x89332de5), TOBN(0x610dd399, 0x89e566ef), - TOBN(0xf8eea460, 0xd1ac1635), TOBN(0x84cbb3fb, 0x20a2c0df), - TOBN(0x40afb488, 0xe74a48c5), TOBN(0x29738198, 0xd326b150), - TOBN(0x2a17747f, 0xa6d74081), TOBN(0x60ea4c05, 0x55a26214), - TOBN(0x53514bb4, 0x1f88c5fe), TOBN(0xedd64567, 0x7e83426c), - TOBN(0xd5d6cbec, 0x96460b25), TOBN(0xa12fd0ce, 0x68dc115e), - TOBN(0xc5bc3ed2, 0x697840ea), TOBN(0x969876a8, 0xa6331e31), - TOBN(0x60c36217, 0x472ff580), TOBN(0xf4229705, 0x4ad41393), - TOBN(0x4bd99ef0, 0xa03b8b92), TOBN(0x501c7317, 0xc144f4f6), - TOBN(0x159009b3, 0x18464945), TOBN(0x6d5e594c, 0x74c5c6be), - TOBN(0x2d587011, 0x321a3660), TOBN(0xd1e184b1, 0x3898d022), - TOBN(0x5ba04752, 0x4c6a7e04), TOBN(0x47fa1e2b, 0x45550b65), - TOBN(0x9419daf0, 0x48c0a9a5), TOBN(0x66362953, 0x7c243236), - TOBN(0xcd0744b1, 0x5cb12a88), TOBN(0x561b6f9a, 0x2b646188), - TOBN(0x599415a5, 0x66c2c0c0), TOBN(0xbe3f0859, 0x0f83f09a), - TOBN(0x9141c5be, 0xb92041b8), TOBN(0x01ae38c7, 0x26477d0d), - TOBN(0xca8b71f3, 0xd12c7a94), TOBN(0xfab5b31f, 0x765c70db), - TOBN(0x76ae7492, 0x487443e9), TOBN(0x8595a310, 0x990d1349), - TOBN(0xf8dbeda8, 0x7d460a37), TOBN(0x7f7ad082, 0x1e45a38f), - TOBN(0xed1d4db6, 0x1059705a), TOBN(0xa3dd492a, 0xe6b9c697), - TOBN(0x4b92ee3a, 0x6eb38bd5), TOBN(0xbab2609d, 0x67cc0bb7), - TOBN(0x7fc4fe89, 0x6e70ee82), TOBN(0xeff2c56e, 0x13e6b7e3), - TOBN(0x9b18959e, 0x34d26fca), TOBN(0x2517ab66, 0x889d6b45), - TOBN(0xf167b4e0, 0xbdefdd4f), TOBN(0x69958465, 0xf366e401), - TOBN(0x5aa368ab, 0xa73bbec0), TOBN(0x12148709, 0x7b240c21), - TOBN(0x378c3233, 0x18969006), TOBN(0xcb4d73ce, 0xe1fe53d1), - TOBN(0x5f50a80e, 0x130c4361), TOBN(0xd67f5951, 0x7ef5212b), - TOBN(0xf145e21e, 0x9e70c72e), TOBN(0xb2e52e29, 0x5566d2fb), - TOBN(0x44eaba4a, 0x032397f5), TOBN(0x5e56937b, 0x7e31a7de), - TOBN(0x68dcf517, 0x456c61e1), TOBN(0xbc2e954a, 0xa8b0a388), - TOBN(0xe3552fa7, 0x60a8b755), TOBN(0x03442dae, 0x73ad0cde), - TOBN(0x37ffe747, 0xceb26210), TOBN(0x983545e8, 0x787baef9), - TOBN(0x8b8c8535, 0x86a3de31), TOBN(0xc621dbcb, 0xfacd46db), - TOBN(0x82e442e9, 0x59266fbb), TOBN(0xa3514c37, 0x339d471c), - TOBN(0x3a11b771, 0x62cdad96), TOBN(0xf0cb3b3c, 0xecf9bdf0), - TOBN(0x3fcbdbce, 0x478e2135), TOBN(0x7547b5cf, 0xbda35342), - TOBN(0xa97e81f1, 0x8a677af6), TOBN(0xc8c2bf83, 0x28817987), - TOBN(0xdf07eaaf, 0x45580985), TOBN(0xc68d1f05, 0xc93b45cb), - TOBN(0x106aa2fe, 0xc77b4cac), TOBN(0x4c1d8afc, 0x04a7ae86), - TOBN(0xdb41c3fd, 0x9eb45ab2), TOBN(0x5b234b5b, 0xd4b22e74), - TOBN(0xda253dec, 0xf215958a), TOBN(0x67e0606e, 0xa04edfa0), - TOBN(0xabbbf070, 0xef751b11), TOBN(0xf352f175, 0xf6f06dce), - TOBN(0xdfc4b6af, 0x6839f6b4), TOBN(0x53ddf9a8, 0x9959848e), - TOBN(0xda49c379, 0xc21520b0), TOBN(0x90864ff0, 0xdbd5d1b6), - TOBN(0x2f055d23, 0x5f49c7f7), TOBN(0xe51e4e6a, 0xa796b2d8), - TOBN(0xc361a67f, 0x5c9dc340), TOBN(0x5ad53c37, 0xbca7c620), - TOBN(0xda1d6588, 0x32c756d0), TOBN(0xad60d911, 0x8bb67e13), - TOBN(0xd6c47bdf, 0x0eeec8c6), TOBN(0x4a27fec1, 0x078a1821), - TOBN(0x081f7415, 0xc3099524), TOBN(0x8effdf0b, 0x82cd8060), - TOBN(0xdb70ec1c, 0x65842df8), TOBN(0x8821b358, 0xd319a901), - TOBN(0x72ee56ee, 0xde42b529), TOBN(0x5bb39592, 0x236e4286), - TOBN(0xd1183316, 0xfd6f7140), TOBN(0xf9fadb5b, 0xbd8e81f7), - TOBN(0x701d5e0c, 0x5a02d962), TOBN(0xfdee4dbf, 0x1b601324), - TOBN(0xbed17407, 0x35d7620e), TOBN(0x04e3c2c3, 0xf48c0012), - TOBN(0x9ee29da7, 0x3455449a), TOBN(0x562cdef4, 0x91a836c4), - TOBN(0x8f682a5f, 0x47701097), TOBN(0x617125d8, 0xff88d0c2), - TOBN(0x948fda24, 0x57bb86dd), TOBN(0x348abb8f, 0x289f7286), - TOBN(0xeb10eab5, 0x99d94bbd), TOBN(0xd51ba28e, 0x4684d160), - TOBN(0xabe0e51c, 0x30c8f41a), TOBN(0x66588b45, 0x13254f4a), - TOBN(0x147ebf01, 0xfad097a5), TOBN(0x49883ea8, 0x610e815d), - TOBN(0xe44d60ba, 0x8a11de56), TOBN(0xa970de6e, 0x827a7a6d), - TOBN(0x2be41424, 0x5e17fc19), TOBN(0xd833c657, 0x01214057), - TOBN(0x1375813b, 0x363e723f), TOBN(0x6820bb88, 0xe6a52e9b), - TOBN(0x7e7f6970, 0xd875d56a), TOBN(0xd6a0a9ac, 0x51fbf6bf), - TOBN(0x54ba8790, 0xa3083c12), TOBN(0xebaeb23d, 0x6ae7eb64), - TOBN(0xa8685c3a, 0xb99a907a), TOBN(0xf1e74550, 0x026bf40b), - TOBN(0x7b73a027, 0xc802cd9e), TOBN(0x9a8a927c, 0x4fef4635), - TOBN(0xe1b6f60c, 0x08191224), TOBN(0xc4126ebb, 0xde4ec091), - TOBN(0xe1dff4dc, 0x4ae38d84), TOBN(0xde3f57db, 0x4f2ef985), - TOBN(0x34964337, 0xd446a1dd), TOBN(0x7bf217a0, 0x859e77f6), - TOBN(0x8ff10527, 0x8e1d13f5), TOBN(0xa304ef03, 0x74eeae27), - TOBN(0xfc6f5e47, 0xd19dfa5a), TOBN(0xdb007de3, 0x7fad982b), - TOBN(0x28205ad1, 0x613715f5), TOBN(0x251e6729, 0x7889529e), - TOBN(0x72705184, 0x1ae98e78), TOBN(0xf818537d, 0x271cac32), - TOBN(0xc8a15b7e, 0xb7f410f5), TOBN(0xc474356f, 0x81f62393), - TOBN(0x92dbdc5a, 0xc242316b), TOBN(0xabe060ac, 0xdbf4aff5), - TOBN(0x6e8c38fe, 0x909a8ec6), TOBN(0x43e514e5, 0x6116cb94), - TOBN(0x2078fa38, 0x07d784f9), TOBN(0x1161a880, 0xf4b5b357), - TOBN(0x5283ce79, 0x13adea3d), TOBN(0x0756c3e6, 0xcc6a910b), - TOBN(0x60bcfe01, 0xaaa79697), TOBN(0x04a73b29, 0x56391db1), - TOBN(0xdd8dad47, 0x189b45a0), TOBN(0xbfac0dd0, 0x48d5b8d9), - TOBN(0x34ab3af5, 0x7d3d2ec2), TOBN(0x6fa2fc2d, 0x207bd3af), - TOBN(0x9ff40092, 0x66550ded), TOBN(0x719b3e87, 0x1fd5b913), - TOBN(0xa573a496, 0x6d17fbc7), TOBN(0x0cd1a70a, 0x73d2b24e), - TOBN(0x34e2c5ca, 0xb2676937), TOBN(0xe7050b06, 0xbf669f21), - TOBN(0xfbe948b6, 0x1ede9046), TOBN(0xa0530051, 0x97662659), - TOBN(0x58cbd4ed, 0xf10124c5), TOBN(0xde2646e4, 0xdd6c06c8), - TOBN(0x332f8108, 0x8cad38c0), TOBN(0x471b7e90, 0x6bd68ae2), - TOBN(0x56ac3fb2, 0x0d8e27a3), TOBN(0xb54660db, 0x136b4b0d), - TOBN(0x123a1e11, 0xa6fd8de4), TOBN(0x44dbffea, 0xa37799ef), - TOBN(0x4540b977, 0xce6ac17c), TOBN(0x495173a8, 0xaf60acef)} - , - {TOBN(0x9ebb284d, 0x391c2a82), TOBN(0xbcdd4863, 0x158308e8), - TOBN(0x006f16ec, 0x83f1edca), TOBN(0xa13e2c37, 0x695dc6c8), - TOBN(0x2ab756f0, 0x4a057a87), TOBN(0xa8765500, 0xa6b48f98), - TOBN(0x4252face, 0x68651c44), TOBN(0xa52b540b, 0xe1765e02), - TOBN(0x4f922fc5, 0x16a0d2bb), TOBN(0x0d5cc16c, 0x1a623499), - TOBN(0x9241cf3a, 0x57c62c8b), TOBN(0x2f5e6961, 0xfd1b667f), - TOBN(0x5c15c70b, 0xf5a01797), TOBN(0x3d20b44d, 0x60956192), - TOBN(0x04911b37, 0x071fdb52), TOBN(0xf648f916, 0x8d6f0f7b), - TOBN(0x6dc1acaf, 0xe60b7cf7), TOBN(0x25860a50, 0x84a9d869), - TOBN(0x56fc6f09, 0xe7ba8ac4), TOBN(0x828c5bd0, 0x6148d29e), - TOBN(0xac6b435e, 0xdc55ae5f), TOBN(0xa527f56c, 0xc0117411), - TOBN(0x94d5045e, 0xfd24342c), TOBN(0x2c4c0a35, 0x70b67c0d), - TOBN(0x027cc8b8, 0xfac61d9a), TOBN(0x7d25e062, 0xe3c6fe8a), - TOBN(0xe08805bf, 0xe5bff503), TOBN(0x13271e6c, 0x6ff632f7), - TOBN(0x55dca6c0, 0x232f76a5), TOBN(0x8957c32d, 0x701ef426), - TOBN(0xee728bcb, 0xa10a5178), TOBN(0x5ea60411, 0xb62c5173), - TOBN(0xfc4e964e, 0xd0b8892b), TOBN(0x9ea17683, 0x9301bb74), - TOBN(0x6265c5ae, 0xfcc48626), TOBN(0xe60cf82e, 0xbb3e9102), - TOBN(0x57adf797, 0xd4df5531), TOBN(0x235b59a1, 0x8deeefe2), - TOBN(0x60adcf58, 0x3f306eb1), TOBN(0x105c2753, 0x3d09492d), - TOBN(0x4090914b, 0xb5def996), TOBN(0x1cb69c83, 0x233dd1e7), - TOBN(0xc1e9c1d3, 0x9b3d5e76), TOBN(0x1f3338ed, 0xfccf6012), - TOBN(0xb1e95d0d, 0x2f5378a8), TOBN(0xacf4c2c7, 0x2f00cd21), - TOBN(0x6e984240, 0xeb5fe290), TOBN(0xd66c038d, 0x248088ae), - TOBN(0x804d264a, 0xf94d70cf), TOBN(0xbdb802ef, 0x7314bf7e), - TOBN(0x8fb54de2, 0x4333ed02), TOBN(0x740461e0, 0x285635d9), - TOBN(0x4113b2c8, 0x365e9383), TOBN(0xea762c83, 0x3fdef652), - TOBN(0x4eec6e2e, 0x47b956c1), TOBN(0xa3d814be, 0x65620fa4), - TOBN(0x9ad5462b, 0xb4d8bc50), TOBN(0x181c0b16, 0xa9195770), - TOBN(0xebd4fe1c, 0x78412a68), TOBN(0xae0341bc, 0xc0dff48c), - TOBN(0xb6bc45cf, 0x7003e866), TOBN(0xf11a6dea, 0x8a24a41b), - TOBN(0x5407151a, 0xd04c24c2), TOBN(0x62c9d27d, 0xda5b7b68), - TOBN(0x2e964235, 0x88cceff6), TOBN(0x8594c54f, 0x8b07ed69), - TOBN(0x1578e73c, 0xc84d0d0d), TOBN(0x7b4e1055, 0xff532868), - TOBN(0xa348c0d5, 0xb5ec995a), TOBN(0xbf4b9d55, 0x14289a54), - TOBN(0x9ba155a6, 0x58fbd777), TOBN(0x186ed7a8, 0x1a84491d), - TOBN(0xd4992b30, 0x614c0900), TOBN(0xda98d121, 0xbd00c24b), - TOBN(0x7f534dc8, 0x7ec4bfa1), TOBN(0x4a5ff674, 0x37dc34bc), - TOBN(0x68c196b8, 0x1d7ea1d7), TOBN(0x38cf2893, 0x80a6d208), - TOBN(0xfd56cd09, 0xe3cbbd6e), TOBN(0xec72e27e, 0x4205a5b6), - TOBN(0x15ea68f5, 0xa44f77f7), TOBN(0x7aa5f9fd, 0xb43c52bc), - TOBN(0x86ff676f, 0x94f0e609), TOBN(0xa4cde963, 0x2e2d432b), - TOBN(0x8cafa0c0, 0xeee470af), TOBN(0x84137d0e, 0x8a3f5ec8), - TOBN(0xebb40411, 0xfaa31231), TOBN(0xa239c13f, 0x6f7f7ccf), - TOBN(0x32865719, 0xa8afd30b), TOBN(0x86798328, 0x8a826dce), - TOBN(0xdf04e891, 0xc4a8fbe0), TOBN(0xbb6b6e1b, 0xebf56ad3), - TOBN(0x0a695b11, 0x471f1ff0), TOBN(0xd76c3389, 0xbe15baf0), - TOBN(0x018edb95, 0xbe96c43e), TOBN(0xf2beaaf4, 0x90794158), - TOBN(0x152db09e, 0xc3076a27), TOBN(0x5e82908e, 0xe416545d), - TOBN(0xa2c41272, 0x356d6f2e), TOBN(0xdc9c9642, 0x31fd74e1), - TOBN(0x66ceb88d, 0x519bf615), TOBN(0xe29ecd76, 0x05a2274e), - TOBN(0x3a0473c4, 0xbf5e2fa0), TOBN(0x6b6eb671, 0x64284e67), - TOBN(0xe8b97932, 0xb88756dd), TOBN(0xed4e8652, 0xf17e3e61), - TOBN(0xc2dd1499, 0x3ee1c4a4), TOBN(0xc0aaee17, 0x597f8c0e), - TOBN(0x15c4edb9, 0x6c168af3), TOBN(0x6563c7bf, 0xb39ae875), - TOBN(0xadfadb6f, 0x20adb436), TOBN(0xad55e8c9, 0x9a042ac0), - TOBN(0x975a1ed8, 0xb76da1f5), TOBN(0x10dfa466, 0xa58acb94), - TOBN(0x8dd7f7e3, 0xac060282), TOBN(0x6813e66a, 0x572a051e), - TOBN(0xb4ccae1e, 0x350cb901), TOBN(0xb653d656, 0x50cb7822), - TOBN(0x42484710, 0xdfab3b87), TOBN(0xcd7ee537, 0x9b670fd0), - TOBN(0x0a50b12e, 0x523b8bf6), TOBN(0x8009eb5b, 0x8f910c1b), - TOBN(0xf535af82, 0x4a167588), TOBN(0x0f835f9c, 0xfb2a2abd), - TOBN(0xf59b2931, 0x2afceb62), TOBN(0xc797df2a, 0x169d383f), - TOBN(0xeb3f5fb0, 0x66ac02b0), TOBN(0x029d4c6f, 0xdaa2d0ca), - TOBN(0xd4059bc1, 0xafab4bc5), TOBN(0x833f5c6f, 0x56783247), - TOBN(0xb5346630, 0x8d2d3605), TOBN(0x83387891, 0xd34d8433), - TOBN(0xd973b30f, 0xadd9419a), TOBN(0xbcca1099, 0xafe3fce8), - TOBN(0x08178315, 0x0809aac6), TOBN(0x01b7f21a, 0x540f0f11), - TOBN(0x65c29219, 0x909523c8), TOBN(0xa62f648f, 0xa3a1c741), - TOBN(0x88598d4f, 0x60c9e55a), TOBN(0xbce9141b, 0x0e4f347a), - TOBN(0x9af97d84, 0x35f9b988), TOBN(0x0210da62, 0x320475b6), - TOBN(0x3c076e22, 0x9191476c), TOBN(0x7520dbd9, 0x44fc7834), - TOBN(0x6a6b2cfe, 0xc1ab1bbd), TOBN(0xef8a65be, 0xdc650938), - TOBN(0x72855540, 0x805d7bc4), TOBN(0xda389396, 0xed11fdfd), - TOBN(0xa9d5bd36, 0x74660876), TOBN(0x11d67c54, 0xb45dff35), - TOBN(0x6af7d148, 0xa4f5da94), TOBN(0xbb8d4c3f, 0xc0bbeb31), - TOBN(0x87a7ebd1, 0xe0a1b12a), TOBN(0x1e4ef88d, 0x770ba95f), - TOBN(0x8c33345c, 0xdc2ae9cb), TOBN(0xcecf1276, 0x01cc8403), - TOBN(0x687c012e, 0x1b39b80f), TOBN(0xfd90d0ad, 0x35c33ba4), - TOBN(0xa3ef5a67, 0x5c9661c2), TOBN(0x368fc88e, 0xe017429e), - TOBN(0xd30c6761, 0x196a2fa2), TOBN(0x931b9817, 0xbd5b312e), - TOBN(0xba01000c, 0x72f54a31), TOBN(0xa203d2c8, 0x66eaa541), - TOBN(0xf2abdee0, 0x98939db3), TOBN(0xe37d6c2c, 0x3e606c02), - TOBN(0xf2921574, 0x521ff643), TOBN(0x2781b3c4, 0xd7e2fca3), - TOBN(0x664300b0, 0x7850ec06), TOBN(0xac5a38b9, 0x7d3a10cf), - TOBN(0x9233188d, 0xe34ab39d), TOBN(0xe77057e4, 0x5072cbb9), - TOBN(0xbcf0c042, 0xb59e78df), TOBN(0x4cfc91e8, 0x1d97de52), - TOBN(0x4661a26c, 0x3ee0ca4a), TOBN(0x5620a4c1, 0xfb8507bc), - TOBN(0x4b44d4aa, 0x049f842c), TOBN(0xceabc5d5, 0x1540e82b), - TOBN(0x306710fd, 0x15c6f156), TOBN(0xbe5ae52b, 0x63db1d72), - TOBN(0x06f1e7e6, 0x334957f1), TOBN(0x57e388f0, 0x31144a70), - TOBN(0xfb69bb2f, 0xdf96447b), TOBN(0x0f78ebd3, 0x73e38a12), - TOBN(0xb8222605, 0x2b7ce542), TOBN(0xe6d4ce99, 0x7472bde1), - TOBN(0x53e16ebe, 0x09d2f4da), TOBN(0x180ff42e, 0x53b92b2e), - TOBN(0xc59bcc02, 0x2c34a1c6), TOBN(0x3803d6f9, 0x422c46c2), - TOBN(0x18aff74f, 0x5c14a8a2), TOBN(0x55aebf80, 0x10a08b28), - TOBN(0x66097d58, 0x7135593f), TOBN(0x32e6eff7, 0x2be570cd), - TOBN(0x584e6a10, 0x2a8c860d), TOBN(0xcd185890, 0xa2eb4163), - TOBN(0x7ceae99d, 0x6d97e134), TOBN(0xd42c6b70, 0xdd8447ce), - TOBN(0x59ddbb4a, 0xb8c50273), TOBN(0x03c612df, 0x3cf34e1e), - TOBN(0x84b9ca15, 0x04b6c5a0), TOBN(0x35216f39, 0x18f0e3a3), - TOBN(0x3ec2d2bc, 0xbd986c00), TOBN(0x8bf546d9, 0xd19228fe), - TOBN(0xd1c655a4, 0x4cd623c3), TOBN(0x366ce718, 0x502b8e5a), - TOBN(0x2cfc84b4, 0xeea0bfe7), TOBN(0xe01d5cee, 0xcf443e8e), - TOBN(0x8ec045d9, 0x036520f8), TOBN(0xdfb3c3d1, 0x92d40e98), - TOBN(0x0bac4cce, 0xcc559a04), TOBN(0x35eccae5, 0x240ea6b1), - TOBN(0x180b32db, 0xf8a5a0ac), TOBN(0x547972a5, 0xeb699700), - TOBN(0xa3765801, 0xca26bca0), TOBN(0x57e09d0e, 0xa647f25a), - TOBN(0xb956970e, 0x2fdd23cc), TOBN(0xb80288bc, 0x5682e971), - TOBN(0xe6e6d91e, 0x9ae86ebc), TOBN(0x0564c83f, 0x8c9f1939), - TOBN(0x551932a2, 0x39560368), TOBN(0xe893752b, 0x049c28e2), - TOBN(0x0b03cee5, 0xa6a158c3), TOBN(0xe12d656b, 0x04964263), - TOBN(0x4b47554e, 0x63e3bc1d), TOBN(0xc719b6a2, 0x45044ff7), - TOBN(0x4f24d30a, 0xe48daa07), TOBN(0xa3f37556, 0xc8c1edc3), - TOBN(0x9a47bf76, 0x0700d360), TOBN(0xbb1a1824, 0x822ae4e2), - TOBN(0x22e275a3, 0x89f1fb4c), TOBN(0x72b1aa23, 0x9968c5f5), - TOBN(0xa75feaca, 0xbe063f64), TOBN(0x9b392f43, 0xbce47a09), - TOBN(0xd4241509, 0x1ad07aca), TOBN(0x4b0c591b, 0x8d26cd0f), - TOBN(0x2d42ddfd, 0x92f1169a), TOBN(0x63aeb1ac, 0x4cbf2392), - TOBN(0x1de9e877, 0x0691a2af), TOBN(0xebe79af7, 0xd98021da), - TOBN(0xcfdf2a4e, 0x40e50acf), TOBN(0xf0a98ad7, 0xaf01d665), - TOBN(0xefb640bf, 0x1831be1f), TOBN(0x6fe8bd2f, 0x80e9ada0), - TOBN(0x94c103a1, 0x6cafbc91), TOBN(0x170f8759, 0x8308e08c), - TOBN(0x5de2d2ab, 0x9780ff4f), TOBN(0x666466bc, 0x45b201f2), - TOBN(0x58af2010, 0xf5b343bc), TOBN(0x0f2e400a, 0xf2f142fe), - TOBN(0x3483bfde, 0xa85f4bdf), TOBN(0xf0b1d093, 0x03bfeaa9), - TOBN(0x2ea01b95, 0xc7081603), TOBN(0xe943e4c9, 0x3dba1097), - TOBN(0x47be92ad, 0xb438f3a6), TOBN(0x00bb7742, 0xe5bf6636), - TOBN(0x136b7083, 0x824297b4), TOBN(0x9d0e5580, 0x5584455f), - TOBN(0xab48cedc, 0xf1c7d69e), TOBN(0x53a9e481, 0x2a256e76), - TOBN(0x0402b0e0, 0x65eb2413), TOBN(0xdadbbb84, 0x8fc407a7), - TOBN(0xa65cd5a4, 0x8d7f5492), TOBN(0x21d44293, 0x74bae294), - TOBN(0x66917ce6, 0x3b5f1cc4), TOBN(0x37ae52ea, 0xce872e62), - TOBN(0xbb087b72, 0x2905f244), TOBN(0x12077086, 0x1e6af74f), - TOBN(0x4b644e49, 0x1058edea), TOBN(0x827510e3, 0xb638ca1d), - TOBN(0x8cf2b704, 0x6038591c), TOBN(0xffc8b47a, 0xfe635063), - TOBN(0x3ae220e6, 0x1b4d5e63), TOBN(0xbd864742, 0x9d961b4b), - TOBN(0x610c107e, 0x9bd16bed), TOBN(0x4270352a, 0x1127147b), - TOBN(0x7d17ffe6, 0x64cfc50e), TOBN(0x50dee01a, 0x1e36cb42), - TOBN(0x068a7622, 0x35dc5f9a), TOBN(0x9a08d536, 0xdf53f62c), - TOBN(0x4ed71457, 0x6be5f7de), TOBN(0xd93006f8, 0xc2263c9e), - TOBN(0xe073694c, 0xcacacb36), TOBN(0x2ff7a5b4, 0x3ae118ab), - TOBN(0x3cce53f1, 0xcd871236), TOBN(0xf156a39d, 0xc2aa6d52), - TOBN(0x9cc5f271, 0xb198d76d), TOBN(0xbc615b6f, 0x81383d39), - TOBN(0xa54538e8, 0xde3eee6b), TOBN(0x58c77538, 0xab910d91), - TOBN(0x31e5bdbc, 0x58d278bd), TOBN(0x3cde4adf, 0xb963acae), - TOBN(0xb1881fd2, 0x5302169c), TOBN(0x8ca60fa0, 0xa989ed8b), - TOBN(0xa1999458, 0xff96a0ee), TOBN(0xc1141f03, 0xac6c283d), - TOBN(0x7677408d, 0x6dfafed3), TOBN(0x33a01653, 0x39661588), - TOBN(0x3c9c15ec, 0x0b726fa0), TOBN(0x090cfd93, 0x6c9b56da), - TOBN(0xe34f4bae, 0xa3c40af5), TOBN(0x3469eadb, 0xd21129f1), - TOBN(0xcc51674a, 0x1e207ce8), TOBN(0x1e293b24, 0xc83b1ef9), - TOBN(0x17173d13, 0x1e6c0bb4), TOBN(0x19004695, 0x90776d35), - TOBN(0xe7980e34, 0x6de6f922), TOBN(0x873554cb, 0xf4dd9a22), - TOBN(0x0316c627, 0xcbf18a51), TOBN(0x4d93651b, 0x3032c081), - TOBN(0x207f2771, 0x3946834d), TOBN(0x2c08d7b4, 0x30cdbf80), - TOBN(0x137a4fb4, 0x86df2a61), TOBN(0xa1ed9c07, 0xecf7b4a2), - TOBN(0xb2e460e2, 0x7bd042ff), TOBN(0xb7f5e2fa, 0x5f62f5ec), - TOBN(0x7aa6ec6b, 0xcc2423b7), TOBN(0x75ce0a7f, 0xba63eea7), - TOBN(0x67a45fb1, 0xf250a6e1), TOBN(0x93bc919c, 0xe53cdc9f), - TOBN(0x9271f56f, 0x871942df), TOBN(0x2372ff6f, 0x7859ad66), - TOBN(0x5f4c2b96, 0x33cb1a78), TOBN(0xe3e29101, 0x5838aa83), - TOBN(0xa7ed1611, 0xe4e8110c), TOBN(0x2a2d70d5, 0x330198ce), - TOBN(0xbdf132e8, 0x6720efe0), TOBN(0xe61a8962, 0x66a471bf), - TOBN(0x796d3a85, 0x825808bd), TOBN(0x51dc3cb7, 0x3fd6e902), - TOBN(0x643c768a, 0x916219d1), TOBN(0x36cd7685, 0xa2ad7d32), - TOBN(0xe3db9d05, 0xb22922a4), TOBN(0x6494c87e, 0xdba29660), - TOBN(0xf0ac91df, 0xbcd2ebc7), TOBN(0x4deb57a0, 0x45107f8d), - TOBN(0x42271f59, 0xc3d12a73), TOBN(0x5f71687c, 0xa5c2c51d), - TOBN(0xcb1f50c6, 0x05797bcb), TOBN(0x29ed0ed9, 0xd6d34eb0), - TOBN(0xe5fe5b47, 0x4683c2eb), TOBN(0x4956eeb5, 0x97447c46), - TOBN(0x5b163a43, 0x71207167), TOBN(0x93fa2fed, 0x0248c5ef), - TOBN(0x67930af2, 0x31f63950), TOBN(0xa77797c1, 0x14caa2c9), - TOBN(0x526e80ee, 0x27ac7e62), TOBN(0xe1e6e626, 0x58b28aec), - TOBN(0x636178b0, 0xb3c9fef0), TOBN(0xaf7752e0, 0x6d5f90be), - TOBN(0x94ecaf18, 0xeece51cf), TOBN(0x2864d0ed, 0xca806e1f), - TOBN(0x6de2e383, 0x97c69134), TOBN(0x5a42c316, 0xeb291293), - TOBN(0xc7779219, 0x6a60bae0), TOBN(0xa24de346, 0x6b7599d1), - TOBN(0x49d374aa, 0xb75d4941), TOBN(0x98900586, 0x2d501ff0), - TOBN(0x9f16d40e, 0xeb7974cf), TOBN(0x1033860b, 0xcdd8c115), - TOBN(0xb6c69ac8, 0x2094cec3), TOBN(0x9976fb88, 0x403b770c), - TOBN(0x1dea026c, 0x4859590d), TOBN(0xb6acbb46, 0x8562d1fd), - TOBN(0x7cd6c461, 0x44569d85), TOBN(0xc3190a36, 0x97f0891d), - TOBN(0xc6f53195, 0x48d5a17d), TOBN(0x7d919966, 0xd749abc8), - TOBN(0x65104837, 0xdd1c8a20), TOBN(0x7e5410c8, 0x2f683419), - TOBN(0x958c3ca8, 0xbe94022e), TOBN(0x605c3197, 0x6145dac2), - TOBN(0x3fc07501, 0x01683d54), TOBN(0x1d7127c5, 0x595b1234), - TOBN(0x10b8f87c, 0x9481277f), TOBN(0x677db2a8, 0xe65a1adb), - TOBN(0xec2fccaa, 0xddce3345), TOBN(0x2a6811b7, 0x012a4350), - TOBN(0x96760ff1, 0xac598bdc), TOBN(0x054d652a, 0xd1bf4128), - TOBN(0x0a1151d4, 0x92a21005), TOBN(0xad7f3971, 0x33110fdf), - TOBN(0x8c95928c, 0x1960100f), TOBN(0x6c91c825, 0x7bf03362), - TOBN(0xc8c8b2a2, 0xce309f06), TOBN(0xfdb27b59, 0xca27204b), - TOBN(0xd223eaa5, 0x0848e32e), TOBN(0xb93e4b2e, 0xe7bfaf1e), - TOBN(0xc5308ae6, 0x44aa3ded), TOBN(0x317a666a, 0xc015d573), - TOBN(0xc888ce23, 0x1a979707), TOBN(0xf141c1e6, 0x0d5c4958), - TOBN(0xb53b7de5, 0x61906373), TOBN(0x858dbade, 0xeb999595), - TOBN(0x8cbb47b2, 0xa59e5c36), TOBN(0x660318b3, 0xdcf4e842), - TOBN(0xbd161ccd, 0x12ba4b7a), TOBN(0xf399daab, 0xf8c8282a), - TOBN(0x1587633a, 0xeeb2130d), TOBN(0xa465311a, 0xda38dd7d), - TOBN(0x5f75eec8, 0x64d3779b), TOBN(0x3c5d0476, 0xad64c171), - TOBN(0x87410371, 0x2a914428), TOBN(0x8096a891, 0x90e2fc29), - TOBN(0xd3d2ae9d, 0x23b3ebc2), TOBN(0x90bdd6db, 0xa580cfd6), - TOBN(0x52dbb7f3, 0xc5b01f6c), TOBN(0xe68eded4, 0xe102a2dc), - TOBN(0x17785b77, 0x99eb6df0), TOBN(0x26c3cc51, 0x7386b779), - TOBN(0x345ed988, 0x6417a48e), TOBN(0xe990b4e4, 0x07d6ef31), - TOBN(0x0f456b7e, 0x2586abba), TOBN(0x239ca6a5, 0x59c96e9a), - TOBN(0xe327459c, 0xe2eb4206), TOBN(0x3a4c3313, 0xa002b90a), - TOBN(0x2a114806, 0xf6a3f6fb), TOBN(0xad5cad2f, 0x85c251dd), - TOBN(0x92c1f613, 0xf5a784d3), TOBN(0xec7bfacf, 0x349766d5), - TOBN(0x04b3cd33, 0x3e23cb3b), TOBN(0x3979fe84, 0xc5a64b2d), - TOBN(0x192e2720, 0x7e589106), TOBN(0xa60c43d1, 0xa15b527f), - TOBN(0x2dae9082, 0xbe7cf3a6), TOBN(0xcc86ba92, 0xbc967274), - TOBN(0xf28a2ce8, 0xaea0a8a9), TOBN(0x404ca6d9, 0x6ee988b3), - TOBN(0xfd7e9c5d, 0x005921b8), TOBN(0xf56297f1, 0x44e79bf9), - TOBN(0xa163b460, 0x0d75ddc2), TOBN(0x30b23616, 0xa1f2be87), - TOBN(0x4b070d21, 0xbfe50e2b), TOBN(0x7ef8cfd0, 0xe1bfede1), - TOBN(0xadba0011, 0x2aac4ae0), TOBN(0x2a3e7d01, 0xb9ebd033), - TOBN(0x995277ec, 0xe38d9d1c), TOBN(0xb500249e, 0x9c5d2de3), - TOBN(0x8912b820, 0xf13ca8c9), TOBN(0xc8798114, 0x877793af), - TOBN(0x19e6125d, 0xec3f1dec), TOBN(0x07b1f040, 0x911178da), - TOBN(0xd93ededa, 0x904a6738), TOBN(0x55187a5a, 0x0bebedcd), - TOBN(0xf7d04722, 0xeb329d41), TOBN(0xf449099e, 0xf170b391), - TOBN(0xfd317a69, 0xca99f828), TOBN(0x50c3db2b, 0x34a4976d), - TOBN(0xe9ba7784, 0x3757b392), TOBN(0x326caefd, 0xaa3ca05a), - TOBN(0x78e5293b, 0xf1e593d4), TOBN(0x7842a937, 0x0d98fd13), - TOBN(0xe694bf96, 0x5f96b10d), TOBN(0x373a9df6, 0x06a8cd05), - TOBN(0x997d1e51, 0xe8f0c7fc), TOBN(0x1d019790, 0x63fd972e), - TOBN(0x0064d858, 0x5499fb32), TOBN(0x7b67bad9, 0x77a8aeb7), - TOBN(0x1d3eb977, 0x2d08eec5), TOBN(0x5fc047a6, 0xcbabae1d), - TOBN(0x0577d159, 0xe54a64bb), TOBN(0x8862201b, 0xc43497e4), - TOBN(0xad6b4e28, 0x2ce0608d), TOBN(0x8b687b7d, 0x0b167aac), - TOBN(0x6ed4d367, 0x8b2ecfa9), TOBN(0x24dfe62d, 0xa90c3c38), - TOBN(0xa1862e10, 0x3fe5c42b), TOBN(0x1ca73dca, 0xd5732a9f), - TOBN(0x35f038b7, 0x76bb87ad), TOBN(0x674976ab, 0xf242b81f), - TOBN(0x4f2bde7e, 0xb0fd90cd), TOBN(0x6efc172e, 0xa7fdf092), - TOBN(0x3806b69b, 0x92222f1f), TOBN(0x5a2459ca, 0x6cf7ae70), - TOBN(0x6789f69c, 0xa85217ee), TOBN(0x5f232b5e, 0xe3dc85ac), - TOBN(0x660e3ec5, 0x48e9e516), TOBN(0x124b4e47, 0x3197eb31), - TOBN(0x10a0cb13, 0xaafcca23), TOBN(0x7bd63ba4, 0x8213224f), - TOBN(0xaffad7cc, 0x290a7f4f), TOBN(0x6b409c9e, 0x0286b461), - TOBN(0x58ab809f, 0xffa407af), TOBN(0xc3122eed, 0xc68ac073), - TOBN(0x17bf9e50, 0x4ef24d7e), TOBN(0x5d929794, 0x3e2a5811), - TOBN(0x519bc867, 0x02902e01), TOBN(0x76bba5da, 0x39c8a851), - TOBN(0xe9f9669c, 0xda94951e), TOBN(0x4b6af58d, 0x66b8d418), - TOBN(0xfa321074, 0x17d426a4), TOBN(0xc78e66a9, 0x9dde6027), - TOBN(0x0516c083, 0x4a53b964), TOBN(0xfc659d38, 0xff602330), - TOBN(0x0ab55e5c, 0x58c5c897), TOBN(0x985099b2, 0x838bc5df), - TOBN(0x061d9efc, 0xc52fc238), TOBN(0x712b2728, 0x6ac1da3f), - TOBN(0xfb658149, 0x9283fe08), TOBN(0x4954ac94, 0xb8aaa2f7), - TOBN(0x85c0ada4, 0x7fb2e74f), TOBN(0xee8ba98e, 0xb89926b0), - TOBN(0xe4f9d37d, 0x23d1af5b), TOBN(0x14ccdbf9, 0xba9b015e), - TOBN(0xb674481b, 0x7bfe7178), TOBN(0x4e1debae, 0x65405868), - TOBN(0x061b2821, 0xc48c867d), TOBN(0x69c15b35, 0x513b30ea), - TOBN(0x3b4a1666, 0x36871088), TOBN(0xe5e29f5d, 0x1220b1ff), - TOBN(0x4b82bb35, 0x233d9f4d), TOBN(0x4e076333, 0x18cdc675)} - , - {TOBN(0x0d53f5c7, 0xa3e6fced), TOBN(0xe8cbbdd5, 0xf45fbdeb), - TOBN(0xf85c01df, 0x13339a70), TOBN(0x0ff71880, 0x142ceb81), - TOBN(0x4c4e8774, 0xbd70437a), TOBN(0x5fb32891, 0xba0bda6a), - TOBN(0x1cdbebd2, 0xf18bd26e), TOBN(0x2f9526f1, 0x03a9d522), - TOBN(0x40ce3051, 0x92c4d684), TOBN(0x8b04d725, 0x7612efcd), - TOBN(0xb9dcda36, 0x6f9cae20), TOBN(0x0edc4d24, 0xf058856c), - TOBN(0x64f2e6bf, 0x85427900), TOBN(0x3de81295, 0xdc09dfea), - TOBN(0xd41b4487, 0x379bf26c), TOBN(0x50b62c6d, 0x6df135a9), - TOBN(0xd4f8e3b4, 0xc72dfe67), TOBN(0xc416b0f6, 0x90e19fdf), - TOBN(0x18b9098d, 0x4c13bd35), TOBN(0xac11118a, 0x15b8cb9e), - TOBN(0xf598a318, 0xf0062841), TOBN(0xbfe0602f, 0x89f356f4), - TOBN(0x7ae3637e, 0x30177a0c), TOBN(0x34097747, 0x61136537), - TOBN(0x0db2fb5e, 0xd005832a), TOBN(0x5f5efd3b, 0x91042e4f), - TOBN(0x8c4ffdc6, 0xed70f8ca), TOBN(0xe4645d0b, 0xb52da9cc), - TOBN(0x9596f58b, 0xc9001d1f), TOBN(0x52c8f0bc, 0x4e117205), - TOBN(0xfd4aa0d2, 0xe398a084), TOBN(0x815bfe3a, 0x104f49de), - TOBN(0x97e5443f, 0x23885e5f), TOBN(0xf72f8f99, 0xe8433aab), - TOBN(0xbd00b154, 0xe4d4e604), TOBN(0xd0b35e6a, 0xe5e173ff), - TOBN(0x57b2a048, 0x9164722d), TOBN(0x3e3c665b, 0x88761ec8), - TOBN(0x6bdd1397, 0x3da83832), TOBN(0x3c8b1a1e, 0x73dafe3b), - TOBN(0x4497ace6, 0x54317cac), TOBN(0xbe600ab9, 0x521771b3), - TOBN(0xb42e409e, 0xb0dfe8b8), TOBN(0x386a67d7, 0x3942310f), - TOBN(0x25548d8d, 0x4431cc28), TOBN(0xa7cff142, 0x985dc524), - TOBN(0x4d60f5a1, 0x93c4be32), TOBN(0x83ebd5c8, 0xd071c6e1), - TOBN(0xba3a80a7, 0xb1fd2b0b), TOBN(0x9b3ad396, 0x5bec33e8), - TOBN(0xb3868d61, 0x79743fb3), TOBN(0xcfd169fc, 0xfdb462fa), - TOBN(0xd3b499d7, 0x9ce0a6af), TOBN(0x55dc1cf1, 0xe42d3ff8), - TOBN(0x04fb9e6c, 0xc6c3e1b2), TOBN(0x47e6961d, 0x6f69a474), - TOBN(0x54eb3acc, 0xe548b37b), TOBN(0xb38e7542, 0x84d40549), - TOBN(0x8c3daa51, 0x7b341b4f), TOBN(0x2f6928ec, 0x690bf7fa), - TOBN(0x0496b323, 0x86ce6c41), TOBN(0x01be1c55, 0x10adadcd), - TOBN(0xc04e67e7, 0x4bb5faf9), TOBN(0x3cbaf678, 0xe15c9985), - TOBN(0x8cd12145, 0x50ca4247), TOBN(0xba1aa47a, 0xe7dd30aa), - TOBN(0x2f81ddf1, 0xe58fee24), TOBN(0x03452936, 0xeec9b0e8), - TOBN(0x8bdc3b81, 0x243aea96), TOBN(0x9a2919af, 0x15c3d0e5), - TOBN(0x9ea640ec, 0x10948361), TOBN(0x5ac86d5b, 0x6e0bcccf), - TOBN(0xf892d918, 0xc36cf440), TOBN(0xaed3e837, 0xc939719c), - TOBN(0xb07b08d2, 0xc0218b64), TOBN(0x6f1bcbba, 0xce9790dd), - TOBN(0x4a84d6ed, 0x60919b8e), TOBN(0xd8900791, 0x8ac1f9eb), - TOBN(0xf84941aa, 0x0dd5daef), TOBN(0xb22fe40a, 0x67fd62c5), - TOBN(0x97e15ba2, 0x157f2db3), TOBN(0xbda2fc8f, 0x8e28ca9c), - TOBN(0x5d050da4, 0x37b9f454), TOBN(0x3d57eb57, 0x2379d72e), - TOBN(0xe9b5eba2, 0xfb5ee997), TOBN(0x01648ca2, 0xe11538ca), - TOBN(0x32bb76f6, 0xf6327974), TOBN(0x338f14b8, 0xff3f4bb7), - TOBN(0x524d226a, 0xd7ab9a2d), TOBN(0x9c00090d, 0x7dfae958), - TOBN(0x0ba5f539, 0x8751d8c2), TOBN(0x8afcbcdd, 0x3ab8262d), - TOBN(0x57392729, 0xe99d043b), TOBN(0xef51263b, 0xaebc943a), - TOBN(0x9feace93, 0x20862935), TOBN(0x639efc03, 0xb06c817b), - TOBN(0x1fe054b3, 0x66b4be7a), TOBN(0x3f25a9de, 0x84a37a1e), - TOBN(0xf39ef1ad, 0x78d75cd9), TOBN(0xd7b58f49, 0x5062c1b5), - TOBN(0x6f74f9a9, 0xff563436), TOBN(0xf718ff29, 0xe8af51e7), - TOBN(0x5234d313, 0x15e97fec), TOBN(0xb6a8e2b1, 0x292f1c0a), - TOBN(0xa7f53aa8, 0x327720c1), TOBN(0x956ca322, 0xba092cc8), - TOBN(0x8f03d64a, 0x28746c4d), TOBN(0x51fe1782, 0x66d0d392), - TOBN(0xd19b34db, 0x3c832c80), TOBN(0x60dccc5c, 0x6da2e3b4), - TOBN(0x245dd62e, 0x0a104ccc), TOBN(0xa7ab1de1, 0x620b21fd), - TOBN(0xb293ae0b, 0x3893d123), TOBN(0xf7b75783, 0xb15ee71c), - TOBN(0x5aa3c614, 0x42a9468b), TOBN(0xd686123c, 0xdb15d744), - TOBN(0x8c616891, 0xa7ab4116), TOBN(0x6fcd72c8, 0xa4e6a459), - TOBN(0xac219110, 0x77e5fad7), TOBN(0xfb6a20e7, 0x704fa46b), - TOBN(0xe839be7d, 0x341d81dc), TOBN(0xcddb6889, 0x32148379), - TOBN(0xda6211a1, 0xf7026ead), TOBN(0xf3b2575f, 0xf4d1cc5e), - TOBN(0x40cfc8f6, 0xa7a73ae6), TOBN(0x83879a5e, 0x61d5b483), - TOBN(0xc5acb1ed, 0x41a50ebc), TOBN(0x59a60cc8, 0x3c07d8fa), - TOBN(0x1b73bdce, 0xb1876262), TOBN(0x2b0d79f0, 0x12af4ee9), - TOBN(0x8bcf3b0b, 0xd46e1d07), TOBN(0x17d6af9d, 0xe45d152f), - TOBN(0x73520461, 0x6d736451), TOBN(0x43cbbd97, 0x56b0bf5a), - TOBN(0xb0833a5b, 0xd5999b9d), TOBN(0x702614f0, 0xeb72e398), - TOBN(0x0aadf01a, 0x59c3e9f8), TOBN(0x40200e77, 0xce6b3d16), - TOBN(0xda22bdd3, 0xdeddafad), TOBN(0x76dedaf4, 0x310d72e1), - TOBN(0x49ef807c, 0x4bc2e88f), TOBN(0x6ba81291, 0x146dd5a5), - TOBN(0xa1a4077a, 0x7d8d59e9), TOBN(0x87b6a2e7, 0x802db349), - TOBN(0xd5679997, 0x1b4e598e), TOBN(0xf499ef1f, 0x06fe4b1d), - TOBN(0x3978d3ae, 0xfcb267c5), TOBN(0xb582b557, 0x235786d0), - TOBN(0x32b3b2ca, 0x1715cb07), TOBN(0x4c3de6a2, 0x8480241d), - TOBN(0x63b5ffed, 0xcb571ecd), TOBN(0xeaf53900, 0xed2fe9a9), - TOBN(0xdec98d4a, 0xc3b81990), TOBN(0x1cb83722, 0x9e0cc8fe), - TOBN(0xfe0b0491, 0xd2b427b9), TOBN(0x0f2386ac, 0xe983a66c), - TOBN(0x930c4d1e, 0xb3291213), TOBN(0xa2f82b2e, 0x59a62ae4), - TOBN(0x77233853, 0xf93e89e3), TOBN(0x7f8063ac, 0x11777c7f), - TOBN(0xff0eb567, 0x59ad2877), TOBN(0x6f454642, 0x9865c754), - TOBN(0xe6fe701a, 0x236e9a84), TOBN(0xc586ef16, 0x06e40fc3), - TOBN(0x3f62b6e0, 0x24bafad9), TOBN(0xc8b42bd2, 0x64da906a), - TOBN(0xc98e1eb4, 0xda3276a0), TOBN(0x30d0e5fc, 0x06cbf852), - TOBN(0x1b6b2ae1, 0xe8b4dfd4), TOBN(0xd754d5c7, 0x8301cbac), - TOBN(0x66097629, 0x112a39ac), TOBN(0xf86b5999, 0x93ba4ab9), - TOBN(0x26c9dea7, 0x99f9d581), TOBN(0x0473b1a8, 0xc2fafeaa), - TOBN(0x1469af55, 0x3b2505a5), TOBN(0x227d16d7, 0xd6a43323), - TOBN(0x3316f73c, 0xad3d97f9), TOBN(0x52bf3bb5, 0x1f137455), - TOBN(0x953eafeb, 0x09954e7c), TOBN(0xa721dfed, 0xdd732411), - TOBN(0xb4929821, 0x141d4579), TOBN(0x3411321c, 0xaa3bd435), - TOBN(0xafb355aa, 0x17fa6015), TOBN(0xb4e7ef4a, 0x18e42f0e), - TOBN(0x604ac97c, 0x59371000), TOBN(0xe1c48c70, 0x7f759c18), - TOBN(0x3f62ecc5, 0xa5db6b65), TOBN(0x0a78b173, 0x38a21495), - TOBN(0x6be1819d, 0xbcc8ad94), TOBN(0x70dc04f6, 0xd89c3400), - TOBN(0x462557b4, 0xa6b4840a), TOBN(0x544c6ade, 0x60bd21c0), - TOBN(0x6a00f24e, 0x907a544b), TOBN(0xa7520dcb, 0x313da210), - TOBN(0xfe939b75, 0x11e4994b), TOBN(0x918b6ba6, 0xbc275d70), - TOBN(0xd3e5e0fc, 0x644be892), TOBN(0x707a9816, 0xfdaf6c42), - TOBN(0x60145567, 0xf15c13fe), TOBN(0x4818ebaa, 0xe130a54a), - TOBN(0x28aad3ad, 0x58d2f767), TOBN(0xdc5267fd, 0xd7e7c773), - TOBN(0x4919cc88, 0xc3afcc98), TOBN(0xaa2e6ab0, 0x2db8cd4b), - TOBN(0xd46fec04, 0xd0c63eaa), TOBN(0xa1cb92c5, 0x19ffa832), - TOBN(0x678dd178, 0xe43a631f), TOBN(0xfb5ae1cd, 0x3dc788b3), - TOBN(0x68b4fb90, 0x6e77de04), TOBN(0x7992bcf0, 0xf06dbb97), - TOBN(0x896e6a13, 0xc417c01d), TOBN(0x8d96332c, 0xb956be01), - TOBN(0x902fc93a, 0x413aa2b9), TOBN(0x99a4d915, 0xfc98c8a5), - TOBN(0x52c29407, 0x565f1137), TOBN(0x4072690f, 0x21e4f281), - TOBN(0x36e607cf, 0x02ff6072), TOBN(0xa47d2ca9, 0x8ad98cdc), - TOBN(0xbf471d1e, 0xf5f56609), TOBN(0xbcf86623, 0xf264ada0), - TOBN(0xb70c0687, 0xaa9e5cb6), TOBN(0xc98124f2, 0x17401c6c), - TOBN(0x8189635f, 0xd4a61435), TOBN(0xd28fb8af, 0xa9d98ea6), - TOBN(0xb9a67c2a, 0x40c251f8), TOBN(0x88cd5d87, 0xa2da44be), - TOBN(0x437deb96, 0xe09b5423), TOBN(0x150467db, 0x64287dc1), - TOBN(0xe161debb, 0xcdabb839), TOBN(0xa79e9742, 0xf1839a3e), - TOBN(0xbb8dd3c2, 0x652d202b), TOBN(0x7b3e67f7, 0xe9f97d96), - TOBN(0x5aa5d78f, 0xb1cb6ac9), TOBN(0xffa13e8e, 0xca1d0d45), - TOBN(0x369295dd, 0x2ba5bf95), TOBN(0xd68bd1f8, 0x39aff05e), - TOBN(0xaf0d86f9, 0x26d783f2), TOBN(0x543a59b3, 0xfc3aafc1), - TOBN(0x3fcf81d2, 0x7b7da97c), TOBN(0xc990a056, 0xd25dee46), - TOBN(0x3e6775b8, 0x519cce2c), TOBN(0xfc9af71f, 0xae13d863), - TOBN(0x774a4a6f, 0x47c1605c), TOBN(0x46ba4245, 0x2fd205e8), - TOBN(0xa06feea4, 0xd3fd524d), TOBN(0x1e724641, 0x6de1acc2), - TOBN(0xf53816f1, 0x334e2b42), TOBN(0x49e5918e, 0x922f0024), - TOBN(0x439530b6, 0x65c7322d), TOBN(0xcf12cc01, 0xb3c1b3fb), - TOBN(0xc70b0186, 0x0172f685), TOBN(0xb915ee22, 0x1b58391d), - TOBN(0x9afdf03b, 0xa317db24), TOBN(0x87dec659, 0x17b8ffc4), - TOBN(0x7f46597b, 0xe4d3d050), TOBN(0x80a1c1ed, 0x006500e7), - TOBN(0x84902a96, 0x78bf030e), TOBN(0xfb5e9c9a, 0x50560148), - TOBN(0x6dae0a92, 0x63362426), TOBN(0xdcaeecf4, 0xa9e30c40), - TOBN(0xc0d887bb, 0x518d0c6b), TOBN(0x99181152, 0xcb985b9d), - TOBN(0xad186898, 0xef7bc381), TOBN(0x18168ffb, 0x9ee46201), - TOBN(0x9a04cdaa, 0x2502753c), TOBN(0xbb279e26, 0x51407c41), - TOBN(0xeacb03aa, 0xf23564e5), TOBN(0x18336582, 0x71e61016), - TOBN(0x8684b8c4, 0xeb809877), TOBN(0xb336e18d, 0xea0e672e), - TOBN(0xefb601f0, 0x34ee5867), TOBN(0x2733edbe, 0x1341cfd1), - TOBN(0xb15e809a, 0x26025c3c), TOBN(0xe6e981a6, 0x9350df88), - TOBN(0x92376237, 0x8502fd8e), TOBN(0x4791f216, 0x0c12be9b), - TOBN(0xb7256789, 0x25f02425), TOBN(0xec863194, 0x7a974443), - TOBN(0x7c0ce882, 0xfb41cc52), TOBN(0xc266ff7e, 0xf25c07f2), - TOBN(0x3d4da8c3, 0x017025f3), TOBN(0xefcf628c, 0xfb9579b4), - TOBN(0x5c4d0016, 0x1f3716ec), TOBN(0x9c27ebc4, 0x6801116e), - TOBN(0x5eba0ea1, 0x1da1767e), TOBN(0xfe151452, 0x47004c57), - TOBN(0x3ace6df6, 0x8c2373b7), TOBN(0x75c3dffe, 0x5dbc37ac), - TOBN(0x3dc32a73, 0xddc925fc), TOBN(0xb679c841, 0x2f65ee0b), - TOBN(0x715a3295, 0x451cbfeb), TOBN(0xd9889768, 0xf76e9a29), - TOBN(0xec20ce7f, 0xb28ad247), TOBN(0xe99146c4, 0x00894d79), - TOBN(0x71457d7c, 0x9f5e3ea7), TOBN(0x097b2662, 0x38030031), - TOBN(0xdb7f6ae6, 0xcf9f82a8), TOBN(0x319decb9, 0x438f473a), - TOBN(0xa63ab386, 0x283856c3), TOBN(0x13e3172f, 0xb06a361b), - TOBN(0x2959f8dc, 0x7d5a006c), TOBN(0x2dbc27c6, 0x75fba752), - TOBN(0xc1227ab2, 0x87c22c9e), TOBN(0x06f61f75, 0x71a268b2), - TOBN(0x1b6bb971, 0x04779ce2), TOBN(0xaca83812, 0x0aadcb1d), - TOBN(0x297ae0bc, 0xaeaab2d5), TOBN(0xa5c14ee7, 0x5bfb9f13), - TOBN(0xaa00c583, 0xf17a62c7), TOBN(0x39eb962c, 0x173759f6), - TOBN(0x1eeba1d4, 0x86c9a88f), TOBN(0x0ab6c37a, 0xdf016c5e), - TOBN(0xa2a147db, 0xa28a0749), TOBN(0x246c20d6, 0xee519165), - TOBN(0x5068d1b1, 0xd3810715), TOBN(0xb1e7018c, 0x748160b9), - TOBN(0x03f5b1fa, 0xf380ff62), TOBN(0xef7fb1dd, 0xf3cb2c1e), - TOBN(0xeab539a8, 0xfc91a7da), TOBN(0x83ddb707, 0xf3f9b561), - TOBN(0xc550e211, 0xfe7df7a4), TOBN(0xa7cd07f2, 0x063f6f40), - TOBN(0xb0de3635, 0x2976879c), TOBN(0xb5f83f85, 0xe55741da), - TOBN(0x4ea9d25e, 0xf3d8ac3d), TOBN(0x6fe2066f, 0x62819f02), - TOBN(0x4ab2b9c2, 0xcef4a564), TOBN(0x1e155d96, 0x5ffa2de3), - TOBN(0x0eb0a19b, 0xc3a72d00), TOBN(0x4037665b, 0x8513c31b), - TOBN(0x2fb2b6bf, 0x04c64637), TOBN(0x45c34d6e, 0x08cdc639), - TOBN(0x56f1e10f, 0xf01fd796), TOBN(0x4dfb8101, 0xfe3667b8), - TOBN(0xe0eda253, 0x9021d0c0), TOBN(0x7a94e9ff, 0x8a06c6ab), - TOBN(0x2d3bb0d9, 0xbb9aa882), TOBN(0xea20e4e5, 0xec05fd10), - TOBN(0xed7eeb5f, 0x1a1ca64e), TOBN(0x2fa6b43c, 0xc6327cbd), - TOBN(0xb577e3cf, 0x3aa91121), TOBN(0x8c6bd5ea, 0x3a34079b), - TOBN(0xd7e5ba39, 0x60e02fc0), TOBN(0xf16dd2c3, 0x90141bf8), - TOBN(0xb57276d9, 0x80101b98), TOBN(0x760883fd, 0xb82f0f66), - TOBN(0x89d7de75, 0x4bc3eff3), TOBN(0x03b60643, 0x5dc2ab40), - TOBN(0xcd6e53df, 0xe05beeac), TOBN(0xf2f1e862, 0xbc3325cd), - TOBN(0xdd0f7921, 0x774f03c3), TOBN(0x97ca7221, 0x4552cc1b), - TOBN(0x5a0d6afe, 0x1cd19f72), TOBN(0xa20915dc, 0xf183fbeb), - TOBN(0x9fda4b40, 0x832c403c), TOBN(0x32738edd, 0xbe425442), - TOBN(0x469a1df6, 0xb5eccf1a), TOBN(0x4b5aff42, 0x28bbe1f0), - TOBN(0x31359d7f, 0x570dfc93), TOBN(0xa18be235, 0xf0088628), - TOBN(0xa5b30fba, 0xb00ed3a9), TOBN(0x34c61374, 0x73cdf8be), - TOBN(0x2c5c5f46, 0xabc56797), TOBN(0x5cecf93d, 0xb82a8ae2), - TOBN(0x7d3dbe41, 0xa968fbf0), TOBN(0xd23d4583, 0x1a5c7f3d), - TOBN(0xf28f69a0, 0xc087a9c7), TOBN(0xc2d75471, 0x474471ca), - TOBN(0x36ec9f4a, 0x4eb732ec), TOBN(0x6c943bbd, 0xb1ca6bed), - TOBN(0xd64535e1, 0xf2457892), TOBN(0x8b84a8ea, 0xf7e2ac06), - TOBN(0xe0936cd3, 0x2499dd5f), TOBN(0x12053d7e, 0x0ed04e57), - TOBN(0x4bdd0076, 0xe4305d9d), TOBN(0x34a527b9, 0x1f67f0a2), - TOBN(0xe79a4af0, 0x9cec46ea), TOBN(0xb15347a1, 0x658b9bc7), - TOBN(0x6bd2796f, 0x35af2f75), TOBN(0xac957990, 0x4051c435), - TOBN(0x2669dda3, 0xc33a655d), TOBN(0x5d503c2e, 0x88514aa3), - TOBN(0xdfa11337, 0x3753dd41), TOBN(0x3f054673, 0x0b754f78), - TOBN(0xbf185677, 0x496125bd), TOBN(0xfb0023c8, 0x3775006c), - TOBN(0xfa0f072f, 0x3a037899), TOBN(0x4222b6eb, 0x0e4aea57), - TOBN(0x3dde5e76, 0x7866d25a), TOBN(0xb6eb04f8, 0x4837aa6f), - TOBN(0x5315591a, 0x2cf1cdb8), TOBN(0x6dfb4f41, 0x2d4e683c), - TOBN(0x7e923ea4, 0x48ee1f3a), TOBN(0x9604d9f7, 0x05a2afd5), - TOBN(0xbe1d4a33, 0x40ea4948), TOBN(0x5b45f1f4, 0xb44cbd2f), - TOBN(0x5faf8376, 0x4acc757e), TOBN(0xa7cf9ab8, 0x63d68ff7), - TOBN(0x8ad62f69, 0xdf0e404b), TOBN(0xd65f33c2, 0x12bdafdf), - TOBN(0xc365de15, 0xa377b14e), TOBN(0x6bf5463b, 0x8e39f60c), - TOBN(0x62030d2d, 0x2ce68148), TOBN(0xd95867ef, 0xe6f843a8), - TOBN(0xd39a0244, 0xef5ab017), TOBN(0x0bd2d8c1, 0x4ab55d12), - TOBN(0xc9503db3, 0x41639169), TOBN(0x2d4e25b0, 0xf7660c8a), - TOBN(0x760cb3b5, 0xe224c5d7), TOBN(0xfa3baf8c, 0x68616919), - TOBN(0x9fbca113, 0x8d142552), TOBN(0x1ab18bf1, 0x7669ebf5), - TOBN(0x55e6f53e, 0x9bdf25dd), TOBN(0x04cc0bf3, 0xcb6cd154), - TOBN(0x595bef49, 0x95e89080), TOBN(0xfe9459a8, 0x104a9ac1), - TOBN(0xad2d89ca, 0xcce9bb32), TOBN(0xddea65e1, 0xf7de8285), - TOBN(0x62ed8c35, 0xb351bd4b), TOBN(0x4150ff36, 0x0c0e19a7), - TOBN(0x86e3c801, 0x345f4e47), TOBN(0x3bf21f71, 0x203a266c), - TOBN(0x7ae110d4, 0x855b1f13), TOBN(0x5d6aaf6a, 0x07262517), - TOBN(0x1e0f12e1, 0x813d28f1), TOBN(0x6000e11d, 0x7ad7a523), - TOBN(0xc7d8deef, 0xc744a17b), TOBN(0x1e990b48, 0x14c05a00), - TOBN(0x68fddaee, 0x93e976d5), TOBN(0x696241d1, 0x46610d63), - TOBN(0xb204e7c3, 0x893dda88), TOBN(0x8bccfa65, 0x6a3a6946), - TOBN(0xb59425b4, 0xc5cd1411), TOBN(0x701b4042, 0xff3658b1), - TOBN(0xe3e56bca, 0x4784cf93), TOBN(0x27de5f15, 0x8fe68d60), - TOBN(0x4ab9cfce, 0xf8d53f19), TOBN(0xddb10311, 0xa40a730d), - TOBN(0x6fa73cd1, 0x4eee0a8a), TOBN(0xfd548748, 0x5249719d), - TOBN(0x49d66316, 0xa8123ef0), TOBN(0x73c32db4, 0xe7f95438), - TOBN(0x2e2ed209, 0x0d9e7854), TOBN(0xf98a9329, 0x9d9f0507), - TOBN(0xc5d33cf6, 0x0c6aa20a), TOBN(0x9a32ba14, 0x75279bb2), - TOBN(0x7e3202cb, 0x774a7307), TOBN(0x64ed4bc4, 0xe8c42dbd), - TOBN(0xc20f1a06, 0xd4caed0d), TOBN(0xb8021407, 0x171d22b3), - TOBN(0xd426ca04, 0xd13268d7), TOBN(0x92377007, 0x25f4d126), - TOBN(0x4204cbc3, 0x71f21a85), TOBN(0x18461b7a, 0xf82369ba), - TOBN(0xc0c07d31, 0x3fc858f9), TOBN(0x5deb5a50, 0xe2bab569), - TOBN(0xd5959d46, 0xd5eea89e), TOBN(0xfdff8424, 0x08437f4b), - TOBN(0xf21071e4, 0x3cfe254f), TOBN(0x72417696, 0x95468321), - TOBN(0x5d8288b9, 0x102cae3e), TOBN(0x2d143e3d, 0xf1965dff), - TOBN(0x00c9a376, 0xa078d847), TOBN(0x6fc0da31, 0x26028731), - TOBN(0xa2baeadf, 0xe45083a2), TOBN(0x66bc7218, 0x5e5b4bcd), - TOBN(0x2c826442, 0xd04b8e7f), TOBN(0xc19f5451, 0x6c4b586b), - TOBN(0x60182c49, 0x5b7eeed5), TOBN(0xd9954ecd, 0x7aa9dfa1), - TOBN(0xa403a8ec, 0xc73884ad), TOBN(0x7fb17de2, 0x9bb39041), - TOBN(0x694b64c5, 0xabb020e8), TOBN(0x3d18c184, 0x19c4eec7), - TOBN(0x9c4673ef, 0x1c4793e5), TOBN(0xc7b8aeb5, 0x056092e6), - TOBN(0x3aa1ca43, 0xf0f8c16b), TOBN(0x224ed5ec, 0xd679b2f6), - TOBN(0x0d56eeaf, 0x55a205c9), TOBN(0xbfe115ba, 0x4b8e028b), - TOBN(0x97e60849, 0x3927f4fe), TOBN(0xf91fbf94, 0x759aa7c5), - TOBN(0x985af769, 0x6be90a51), TOBN(0xc1277b78, 0x78ccb823), - TOBN(0x395b656e, 0xe7a75952), TOBN(0x00df7de0, 0x928da5f5), - TOBN(0x09c23175, 0x4ca4454f), TOBN(0x4ec971f4, 0x7aa2d3c1), - TOBN(0x45c3c507, 0xe75d9ccc), TOBN(0x63b7be8a, 0x3dc90306), - TOBN(0x37e09c66, 0x5db44bdc), TOBN(0x50d60da1, 0x6841c6a2), - TOBN(0x6f9b65ee, 0x08df1b12), TOBN(0x38734879, 0x7ff089df), - TOBN(0x9c331a66, 0x3fe8013d), TOBN(0x017f5de9, 0x5f42fcc8), - TOBN(0x43077866, 0xe8e57567), TOBN(0xc9f781ce, 0xf9fcdb18), - TOBN(0x38131dda, 0x9b12e174), TOBN(0x25d84aa3, 0x8a03752a), - TOBN(0x45e09e09, 0x4d0c0ce2), TOBN(0x1564008b, 0x92bebba5), - TOBN(0xf7e8ad31, 0xa87284c7), TOBN(0xb7c4b46c, 0x97e7bbaa), - TOBN(0x3e22a7b3, 0x97acf4ec), TOBN(0x0426c400, 0x5ea8b640), - TOBN(0x5e3295a6, 0x4e969285), TOBN(0x22aabc59, 0xa6a45670), - TOBN(0xb929714c, 0x5f5942bc), TOBN(0x9a6168bd, 0xfa3182ed), - TOBN(0x2216a665, 0x104152ba), TOBN(0x46908d03, 0xb6926368)} - , - {TOBN(0xa9f5d874, 0x5a1251fb), TOBN(0x967747a8, 0xc72725c7), - TOBN(0x195c33e5, 0x31ffe89e), TOBN(0x609d210f, 0xe964935e), - TOBN(0xcafd6ca8, 0x2fe12227), TOBN(0xaf9b5b96, 0x0426469d), - TOBN(0x2e9ee04c, 0x5693183c), TOBN(0x1084a333, 0xc8146fef), - TOBN(0x96649933, 0xaed1d1f7), TOBN(0x566eaff3, 0x50563090), - TOBN(0x345057f0, 0xad2e39cf), TOBN(0x148ff65b, 0x1f832124), - TOBN(0x042e89d4, 0xcf94cf0d), TOBN(0x319bec84, 0x520c58b3), - TOBN(0x2a267626, 0x5361aa0d), TOBN(0xc86fa302, 0x8fbc87ad), - TOBN(0xfc83d2ab, 0x5c8b06d5), TOBN(0xb1a785a2, 0xfe4eac46), - TOBN(0xb99315bc, 0x846f7779), TOBN(0xcf31d816, 0xef9ea505), - TOBN(0x2391fe6a, 0x15d7dc85), TOBN(0x2f132b04, 0xb4016b33), - TOBN(0x29547fe3, 0x181cb4c7), TOBN(0xdb66d8a6, 0x650155a1), - TOBN(0x6b66d7e1, 0xadc1696f), TOBN(0x98ebe593, 0x0acd72d0), - TOBN(0x65f24550, 0xcc1b7435), TOBN(0xce231393, 0xb4b9a5ec), - TOBN(0x234a22d4, 0xdb067df9), TOBN(0x98dda095, 0xcaff9b00), - TOBN(0x1bbc75a0, 0x6100c9c1), TOBN(0x1560a9c8, 0x939cf695), - TOBN(0xcf006d3e, 0x99e0925f), TOBN(0x2dd74a96, 0x6322375a), - TOBN(0xc58b446a, 0xb56af5ba), TOBN(0x50292683, 0xe0b9b4f1), - TOBN(0xe2c34cb4, 0x1aeaffa3), TOBN(0x8b17203f, 0x9b9587c1), - TOBN(0x6d559207, 0xead1350c), TOBN(0x2b66a215, 0xfb7f9604), - TOBN(0x0850325e, 0xfe51bf74), TOBN(0x9c4f579e, 0x5e460094), - TOBN(0x5c87b92a, 0x76da2f25), TOBN(0x889de4e0, 0x6febef33), - TOBN(0x6900ec06, 0x646083ce), TOBN(0xbe2a0335, 0xbfe12773), - TOBN(0xadd1da35, 0xc5344110), TOBN(0x757568b7, 0xb802cd20), - TOBN(0x75559779, 0x00f7e6c8), TOBN(0x38e8b94f, 0x0facd2f0), - TOBN(0xfea1f3af, 0x03fde375), TOBN(0x5e11a1d8, 0x75881dfc), - TOBN(0xb3a6b02e, 0xc1e2f2ef), TOBN(0x193d2bbb, 0xc605a6c5), - TOBN(0x325ffeee, 0x339a0b2d), TOBN(0x27b6a724, 0x9e0c8846), - TOBN(0xe4050f1c, 0xf1c367ca), TOBN(0x9bc85a9b, 0xc90fbc7d), - TOBN(0xa373c4a2, 0xe1a11032), TOBN(0xb64232b7, 0xad0393a9), - TOBN(0xf5577eb0, 0x167dad29), TOBN(0x1604f301, 0x94b78ab2), - TOBN(0x0baa94af, 0xe829348b), TOBN(0x77fbd8dd, 0x41654342), - TOBN(0xdab50ea5, 0xb964e39a), TOBN(0xd4c29e3c, 0xd0d3c76e), - TOBN(0x80dae67c, 0x56d11964), TOBN(0x7307a8bf, 0xe5ffcc2f), - TOBN(0x65bbc1aa, 0x91708c3b), TOBN(0xa151e62c, 0x28bf0eeb), - TOBN(0x6cb53381, 0x6fa34db7), TOBN(0x5139e05c, 0xa29403a8), - TOBN(0x6ff651b4, 0x94a7cd2e), TOBN(0x5671ffd1, 0x0699336c), - TOBN(0x6f5fd2cc, 0x979a896a), TOBN(0x11e893a8, 0xd8148cef), - TOBN(0x988906a1, 0x65cf7b10), TOBN(0x81b67178, 0xc50d8485), - TOBN(0x7c0deb35, 0x8a35b3de), TOBN(0x423ac855, 0xc1d29799), - TOBN(0xaf580d87, 0xdac50b74), TOBN(0x28b2b89f, 0x5869734c), - TOBN(0x99a3b936, 0x874e28fb), TOBN(0xbb2c9190, 0x25f3f73a), - TOBN(0x199f6918, 0x84a9d5b7), TOBN(0x7ebe2325, 0x7e770374), - TOBN(0xf442e107, 0x0738efe2), TOBN(0xcf9f3f56, 0xcf9082d2), - TOBN(0x719f69e1, 0x09618708), TOBN(0xcc9e8364, 0xc183f9b1), - TOBN(0xec203a95, 0x366a21af), TOBN(0x6aec5d6d, 0x068b141f), - TOBN(0xee2df78a, 0x994f04e9), TOBN(0xb39ccae8, 0x271245b0), - TOBN(0xb875a4a9, 0x97e43f4f), TOBN(0x507dfe11, 0xdb2cea98), - TOBN(0x4fbf81cb, 0x489b03e9), TOBN(0xdb86ec5b, 0x6ec414fa), - TOBN(0xfad444f9, 0xf51b3ae5), TOBN(0xca7d33d6, 0x1914e3fe), - TOBN(0xa9c32f5c, 0x0ae6c4d0), TOBN(0xa9ca1d1e, 0x73969568), - TOBN(0x98043c31, 0x1aa7467e), TOBN(0xe832e75c, 0xe21b5ac6), - TOBN(0x314b7aea, 0x5232123d), TOBN(0x08307c8c, 0x65ae86db), - TOBN(0x06e7165c, 0xaa4668ed), TOBN(0xb170458b, 0xb4d3ec39), - TOBN(0x4d2e3ec6, 0xc19bb986), TOBN(0xc5f34846, 0xae0304ed), - TOBN(0x917695a0, 0x6c9f9722), TOBN(0x6c7f7317, 0x4cab1c0a), - TOBN(0x6295940e, 0x9d6d2e8b), TOBN(0xd318b8c1, 0x549f7c97), - TOBN(0x22453204, 0x97713885), TOBN(0x468d834b, 0xa8a440fe), - TOBN(0xd81fe5b2, 0xbfba796e), TOBN(0x152364db, 0x6d71f116), - TOBN(0xbb8c7c59, 0xb5b66e53), TOBN(0x0b12c61b, 0x2641a192), - TOBN(0x31f14802, 0xfcf0a7fd), TOBN(0x42fd0789, 0x5488b01e), - TOBN(0x71d78d6d, 0x9952b498), TOBN(0x8eb572d9, 0x07ac5201), - TOBN(0xe0a2a44c, 0x4d194a88), TOBN(0xd2b63fd9, 0xba017e66), - TOBN(0x78efc6c8, 0xf888aefc), TOBN(0xb76f6bda, 0x4a881a11), - TOBN(0x187f314b, 0xb46c2397), TOBN(0x004cf566, 0x5ded2819), - TOBN(0xa9ea5704, 0x38764d34), TOBN(0xbba45217, 0x78084709), - TOBN(0x06474571, 0x1171121e), TOBN(0xad7b7eb1, 0xe7c9b671), - TOBN(0xdacfbc40, 0x730f7507), TOBN(0x178cd8c6, 0xc7ad7bd1), - TOBN(0xbf0be101, 0xb2a67238), TOBN(0x3556d367, 0xaf9c14f2), - TOBN(0x104b7831, 0xa5662075), TOBN(0x58ca59bb, 0x79d9e60a), - TOBN(0x4bc45392, 0xa569a73b), TOBN(0x517a52e8, 0x5698f6c9), - TOBN(0x85643da5, 0xaeadd755), TOBN(0x1aed0cd5, 0x2a581b84), - TOBN(0xb9b4ff84, 0x80af1372), TOBN(0x244c3113, 0xf1ba5d1f), - TOBN(0x2a5dacbe, 0xf5f98d31), TOBN(0x2c3323e8, 0x4375bc2a), - TOBN(0x17a3ab4a, 0x5594b1dd), TOBN(0xa1928bfb, 0xceb4797e), - TOBN(0xe83af245, 0xe4886a19), TOBN(0x8979d546, 0x72b5a74a), - TOBN(0xa0f726bc, 0x19f9e967), TOBN(0xd9d03152, 0xe8fbbf4e), - TOBN(0xcfd6f51d, 0xb7707d40), TOBN(0x633084d9, 0x63f6e6e0), - TOBN(0xedcd9cdc, 0x55667eaf), TOBN(0x73b7f92b, 0x2e44d56f), - TOBN(0xfb2e39b6, 0x4e962b14), TOBN(0x7d408f6e, 0xf671fcbf), - TOBN(0xcc634ddc, 0x164a89bb), TOBN(0x74a42bb2, 0x3ef3bd05), - TOBN(0x1280dbb2, 0x428decbb), TOBN(0x6103f6bb, 0x402c8596), - TOBN(0xfa2bf581, 0x355a5752), TOBN(0x562f96a8, 0x00946674), - TOBN(0x4e4ca16d, 0x6da0223b), TOBN(0xfe47819f, 0x28d3aa25), - TOBN(0x9eea3075, 0xf8dfcf8a), TOBN(0xa284f0aa, 0x95669825), - TOBN(0xb3fca250, 0x867d3fd8), TOBN(0x20757b5f, 0x269d691e), - TOBN(0xf2c24020, 0x93b8a5de), TOBN(0xd3f93359, 0xebc06da6), - TOBN(0x1178293e, 0xb2739c33), TOBN(0xd2a3e770, 0xbcd686e5), - TOBN(0xa76f49f4, 0xcd941534), TOBN(0x0d37406b, 0xe3c71c0e), - TOBN(0x172d9397, 0x3b97f7e3), TOBN(0xec17e239, 0xbd7fd0de), - TOBN(0xe3290551, 0x6f496ba2), TOBN(0x6a693172, 0x36ad50e7), - TOBN(0xc4e539a2, 0x83e7eff5), TOBN(0x752737e7, 0x18e1b4cf), - TOBN(0xa2f7932c, 0x68af43ee), TOBN(0x5502468e, 0x703d00bd), - TOBN(0xe5dc978f, 0x2fb061f5), TOBN(0xc9a1904a, 0x28c815ad), - TOBN(0xd3af538d, 0x470c56a4), TOBN(0x159abc5f, 0x193d8ced), - TOBN(0x2a37245f, 0x20108ef3), TOBN(0xfa17081e, 0x223f7178), - TOBN(0x27b0fb2b, 0x10c8c0f5), TOBN(0x2102c3ea, 0x40650547), - TOBN(0x594564df, 0x8ac3bfa7), TOBN(0x98102033, 0x509dad96), - TOBN(0x6989643f, 0xf1d18a13), TOBN(0x35eebd91, 0xd7fc5af0), - TOBN(0x078d096a, 0xfaeaafd8), TOBN(0xb7a89341, 0xdef3de98), - TOBN(0x2a206e8d, 0xecf2a73a), TOBN(0x066a6397, 0x8e551994), - TOBN(0x3a6a088a, 0xb98d53a2), TOBN(0x0ce7c67c, 0x2d1124aa), - TOBN(0x48cec671, 0x759a113c), TOBN(0xe3b373d3, 0x4f6f67fa), - TOBN(0x5455d479, 0xfd36727b), TOBN(0xe5a428ee, 0xa13c0d81), - TOBN(0xb853dbc8, 0x1c86682b), TOBN(0xb78d2727, 0xb8d02b2a), - TOBN(0xaaf69bed, 0x8ebc329a), TOBN(0xdb6b40b3, 0x293b2148), - TOBN(0xe42ea77d, 0xb8c4961f), TOBN(0xb1a12f7c, 0x20e5e0ab), - TOBN(0xa0ec5274, 0x79e8b05e), TOBN(0x68027391, 0xfab60a80), - TOBN(0x6bfeea5f, 0x16b1bd5e), TOBN(0xf957e420, 0x4de30ad3), - TOBN(0xcbaf664e, 0x6a353b9e), TOBN(0x5c873312, 0x26d14feb), - TOBN(0x4e87f98c, 0xb65f57cb), TOBN(0xdb60a621, 0x5e0cdd41), - TOBN(0x67c16865, 0xa6881440), TOBN(0x1093ef1a, 0x46ab52aa), - TOBN(0xc095afb5, 0x3f4ece64), TOBN(0x6a6bb02e, 0x7604551a), - TOBN(0x55d44b4e, 0x0b26b8cd), TOBN(0xe5f9a999, 0xf971268a), - TOBN(0xc08ec425, 0x11a7de84), TOBN(0x83568095, 0xfda469dd), - TOBN(0x737bfba1, 0x6c6c90a2), TOBN(0x1cb9c4a0, 0xbe229831), - TOBN(0x93bccbba, 0xbb2eec64), TOBN(0xa0c23b64, 0xda03adbe), - TOBN(0x5f7aa00a, 0xe0e86ac4), TOBN(0x470b941e, 0xfc1401e6), - TOBN(0x5ad8d679, 0x9df43574), TOBN(0x4ccfb8a9, 0x0f65d810), - TOBN(0x1bce80e3, 0xaa7fbd81), TOBN(0x273291ad, 0x9508d20a), - TOBN(0xf5c4b46b, 0x42a92806), TOBN(0x810684ec, 0xa86ab44a), - TOBN(0x4591640b, 0xca0bc9f8), TOBN(0xb5efcdfc, 0x5c4b6054), - TOBN(0x16fc8907, 0x6e9edd12), TOBN(0xe29d0b50, 0xd4d792f9), - TOBN(0xa45fd01c, 0x9b03116d), TOBN(0x85035235, 0xc81765a4), - TOBN(0x1fe2a9b2, 0xb4b4b67c), TOBN(0xc1d10df0, 0xe8020604), - TOBN(0x9d64abfc, 0xbc8058d8), TOBN(0x8943b9b2, 0x712a0fbb), - TOBN(0x90eed914, 0x3b3def04), TOBN(0x85ab3aa2, 0x4ce775ff), - TOBN(0x605fd4ca, 0x7bbc9040), TOBN(0x8b34a564, 0xe2c75dfb), - TOBN(0x41ffc94a, 0x10358560), TOBN(0x2d8a5072, 0x9e5c28aa), - TOBN(0xe915a0fc, 0x4cc7eb15), TOBN(0xe9efab05, 0x8f6d0f5d), - TOBN(0xdbab47a9, 0xd19e9b91), TOBN(0x8cfed745, 0x0276154c), - TOBN(0x154357ae, 0x2cfede0d), TOBN(0x520630df, 0x19f5a4ef), - TOBN(0x25759f7c, 0xe382360f), TOBN(0xb6db05c9, 0x88bf5857), - TOBN(0x2917d61d, 0x6c58d46c), TOBN(0x14f8e491, 0xfd20cb7a), - TOBN(0xb68a727a, 0x11c20340), TOBN(0x0386f86f, 0xaf7ccbb6), - TOBN(0x5c8bc6cc, 0xfee09a20), TOBN(0x7d76ff4a, 0xbb7eea35), - TOBN(0xa7bdebe7, 0xdb15be7a), TOBN(0x67a08054, 0xd89f0302), - TOBN(0x56bf0ea9, 0xc1193364), TOBN(0xc8244467, 0x62837ebe), - TOBN(0x32bd8e8b, 0x20d841b8), TOBN(0x127a0548, 0xdbb8a54f), - TOBN(0x83dd4ca6, 0x63b20236), TOBN(0x87714718, 0x203491fa), - TOBN(0x4dabcaaa, 0xaa8a5288), TOBN(0x91cc0c8a, 0xaf23a1c9), - TOBN(0x34c72c6a, 0x3f220e0c), TOBN(0xbcc20bdf, 0x1232144a), - TOBN(0x6e2f42da, 0xa20ede1b), TOBN(0xc441f00c, 0x74a00515), - TOBN(0xbf46a5b6, 0x734b8c4b), TOBN(0x57409503, 0x7b56c9a4), - TOBN(0x9f735261, 0xe4585d45), TOBN(0x9231faed, 0x6734e642), - TOBN(0x1158a176, 0xbe70ee6c), TOBN(0x35f1068d, 0x7c3501bf), - TOBN(0x6beef900, 0xa2d26115), TOBN(0x649406f2, 0xef0afee3), - TOBN(0x3f43a60a, 0xbc2420a1), TOBN(0x509002a7, 0xd5aee4ac), - TOBN(0xb46836a5, 0x3ff3571b), TOBN(0x24f98b78, 0x837927c1), - TOBN(0x6254256a, 0x4533c716), TOBN(0xf27abb0b, 0xd07ee196), - TOBN(0xd7cf64fc, 0x5c6d5bfd), TOBN(0x6915c751, 0xf0cd7a77), - TOBN(0xd9f59012, 0x8798f534), TOBN(0x772b0da8, 0xf81d8b5f), - TOBN(0x1244260c, 0x2e03fa69), TOBN(0x36cf0e3a, 0x3be1a374), - TOBN(0x6e7c1633, 0xef06b960), TOBN(0xa71a4c55, 0x671f90f6), - TOBN(0x7a941251, 0x33c673db), TOBN(0xc0bea510, 0x73e8c131), - TOBN(0x61a8a699, 0xd4f6c734), TOBN(0x25e78c88, 0x341ed001), - TOBN(0x5c18acf8, 0x8e2f7d90), TOBN(0xfdbf33d7, 0x77be32cd), - TOBN(0x0a085cd7, 0xd2eb5ee9), TOBN(0x2d702cfb, 0xb3201115), - TOBN(0xb6e0ebdb, 0x85c88ce8), TOBN(0x23a3ce3c, 0x1e01d617), - TOBN(0x3041618e, 0x567333ac), TOBN(0x9dd0fd8f, 0x157edb6b), - TOBN(0x27f74702, 0xb57872b8), TOBN(0x2ef26b4f, 0x657d5fe1), - TOBN(0x95426f0a, 0x57cf3d40), TOBN(0x847e2ad1, 0x65a6067a), - TOBN(0xd474d9a0, 0x09996a74), TOBN(0x16a56acd, 0x2a26115c), - TOBN(0x02a615c3, 0xd16f4d43), TOBN(0xcc3fc965, 0xaadb85b7), - TOBN(0x386bda73, 0xce07d1b0), TOBN(0xd82910c2, 0x58ad4178), - TOBN(0x124f82cf, 0xcd2617f4), TOBN(0xcc2f5e8d, 0xef691770), - TOBN(0x82702550, 0xb8c30ccc), TOBN(0x7b856aea, 0x1a8e575a), - TOBN(0xbb822fef, 0xb1ab9459), TOBN(0x085928bc, 0xec24e38e), - TOBN(0x5d0402ec, 0xba8f4b4d), TOBN(0xc07cd4ba, 0x00b4d58b), - TOBN(0x5d8dffd5, 0x29227e7a), TOBN(0x61d44d0c, 0x31bf386f), - TOBN(0xe486dc2b, 0x135e6f4d), TOBN(0x680962eb, 0xe79410ef), - TOBN(0xa61bd343, 0xf10088b5), TOBN(0x6aa76076, 0xe2e28686), - TOBN(0x80463d11, 0x8fb98871), TOBN(0xcb26f5c3, 0xbbc76aff), - TOBN(0xd4ab8edd, 0xfbe03614), TOBN(0xc8eb579b, 0xc0cf2dee), - TOBN(0xcc004c15, 0xc93bae41), TOBN(0x46fbae5d, 0x3aeca3b2), - TOBN(0x671235cf, 0x0f1e9ab1), TOBN(0xadfba934, 0x9ec285c1), - TOBN(0x88ded013, 0xf216c980), TOBN(0xc8ac4fb8, 0xf79e0bc1), - TOBN(0xa29b89c6, 0xfb97a237), TOBN(0xb697b780, 0x9922d8e7), - TOBN(0x3142c639, 0xddb945b5), TOBN(0x447b06c7, 0xe094c3a9), - TOBN(0xcdcb3642, 0x72266c90), TOBN(0x633aad08, 0xa9385046), - TOBN(0xa36c936b, 0xb57c6477), TOBN(0x871f8b64, 0xe94dbcc6), - TOBN(0x28d0fb62, 0xa591a67b), TOBN(0x9d40e081, 0xc1d926f5), - TOBN(0x3111eaf6, 0xf2d84b5a), TOBN(0x228993f9, 0xa565b644), - TOBN(0x0ccbf592, 0x2c83188b), TOBN(0xf87b30ab, 0x3df3e197), - TOBN(0xb8658b31, 0x7642bca8), TOBN(0x1a032d7f, 0x52800f17), - TOBN(0x051dcae5, 0x79bf9445), TOBN(0xeba6b8ee, 0x54a2e253), - TOBN(0x5c8b9cad, 0xd4485692), TOBN(0x84bda40e, 0x8986e9be), - TOBN(0xd16d16a4, 0x2f0db448), TOBN(0x8ec80050, 0xa14d4188), - TOBN(0xb2b26107, 0x98fa7aaa), TOBN(0x41209ee4, 0xf073aa4e), - TOBN(0xf1570359, 0xf2d6b19b), TOBN(0xcbe6868c, 0xfc577caf), - TOBN(0x186c4bdc, 0x32c04dd3), TOBN(0xa6c35fae, 0xcfeee397), - TOBN(0xb4a1b312, 0xf086c0cf), TOBN(0xe0a5ccc6, 0xd9461fe2), - TOBN(0xc32278aa, 0x1536189f), TOBN(0x1126c55f, 0xba6df571), - TOBN(0x0f71a602, 0xb194560e), TOBN(0x8b2d7405, 0x324bd6e1), - TOBN(0x8481939e, 0x3738be71), TOBN(0xb5090b1a, 0x1a4d97a9), - TOBN(0x116c65a3, 0xf05ba915), TOBN(0x21863ad3, 0xaae448aa), - TOBN(0xd24e2679, 0xa7aae5d3), TOBN(0x7076013d, 0x0de5c1c4), - TOBN(0x2d50f8ba, 0xbb05b629), TOBN(0x73c1abe2, 0x6e66efbb), - TOBN(0xefd4b422, 0xf2488af7), TOBN(0xe4105d02, 0x663ba575), - TOBN(0x7eb60a8b, 0x53a69457), TOBN(0x62210008, 0xc945973b), - TOBN(0xfb255478, 0x77a50ec6), TOBN(0xbf0392f7, 0x0a37a72c), - TOBN(0xa0a7a19c, 0x4be18e7a), TOBN(0x90d8ea16, 0x25b1e0af), - TOBN(0x7582a293, 0xef953f57), TOBN(0x90a64d05, 0xbdc5465a), - TOBN(0xca79c497, 0xe2510717), TOBN(0x560dbb7c, 0x18cb641f), - TOBN(0x1d8e3286, 0x4b66abfb), TOBN(0xd26f52e5, 0x59030900), - TOBN(0x1ee3f643, 0x5584941a), TOBN(0x6d3b3730, 0x569f5958), - TOBN(0x9ff2a62f, 0x4789dba5), TOBN(0x91fcb815, 0x72b5c9b7), - TOBN(0xf446cb7d, 0x6c8f9a0e), TOBN(0x48f625c1, 0x39b7ecb5), - TOBN(0xbabae801, 0x1c6219b8), TOBN(0xe7a562d9, 0x28ac2f23), - TOBN(0xe1b48732, 0x26e20588), TOBN(0x06ee1cad, 0x775af051), - TOBN(0xda29ae43, 0xfaff79f7), TOBN(0xc141a412, 0x652ee9e0), - TOBN(0x1e127f6f, 0x195f4bd0), TOBN(0x29c6ab4f, 0x072f34f8), - TOBN(0x7b7c1477, 0x30448112), TOBN(0x82b51af1, 0xe4a38656), - TOBN(0x2bf2028a, 0x2f315010), TOBN(0xc9a4a01f, 0x6ea88cd4), - TOBN(0xf63e95d8, 0x257e5818), TOBN(0xdd8efa10, 0xb4519b16), - TOBN(0xed8973e0, 0x0da910bf), TOBN(0xed49d077, 0x5c0fe4a9), - TOBN(0xac3aac5e, 0xb7caee1e), TOBN(0x1033898d, 0xa7f4da57), - TOBN(0x42145c0e, 0x5c6669b9), TOBN(0x42daa688, 0xc1aa2aa0), - TOBN(0x629cc15c, 0x1a1d885a), TOBN(0x25572ec0, 0xf4b76817), - TOBN(0x8312e435, 0x9c8f8f28), TOBN(0x8107f8cd, 0x81965490), - TOBN(0x516ff3a3, 0x6fa6110c), TOBN(0x74fb1eb1, 0xfb93561f), - TOBN(0x6c0c9047, 0x8457522b), TOBN(0xcfd32104, 0x6bb8bdc6), - TOBN(0x2d6884a2, 0xcc80ad57), TOBN(0x7c27fc35, 0x86a9b637), - TOBN(0x3461baed, 0xadf4e8cd), TOBN(0x1d56251a, 0x617242f0), - TOBN(0x0b80d209, 0xc955bef4), TOBN(0xdf02cad2, 0x06adb047), - TOBN(0xf0d7cb91, 0x5ec74fee), TOBN(0xd2503375, 0x1111ba44), - TOBN(0x9671755e, 0xdf53cb36), TOBN(0x54dcb612, 0x3368551b), - TOBN(0x66d69aac, 0xc8a025a4), TOBN(0x6be946c6, 0xe77ef445), - TOBN(0x719946d1, 0xa995e094), TOBN(0x65e848f6, 0xe51e04d8), - TOBN(0xe62f3300, 0x6a1e3113), TOBN(0x1541c7c1, 0x501de503), - TOBN(0x4daac9fa, 0xf4acfade), TOBN(0x0e585897, 0x44cd0b71), - TOBN(0x544fd869, 0x0a51cd77), TOBN(0x60fc20ed, 0x0031016d), - TOBN(0x58b404ec, 0xa4276867), TOBN(0x46f6c3cc, 0x34f34993), - TOBN(0x477ca007, 0xc636e5bd), TOBN(0x8018f5e5, 0x7c458b47), - TOBN(0xa1202270, 0xe47b668f), TOBN(0xcef48ccd, 0xee14f203), - TOBN(0x23f98bae, 0x62ff9b4d), TOBN(0x55acc035, 0xc589eddd), - TOBN(0x3fe712af, 0x64db4444), TOBN(0x19e9d634, 0xbecdd480), - TOBN(0xe08bc047, 0xa930978a), TOBN(0x2dbf24ec, 0xa1280733), - TOBN(0x3c0ae38c, 0x2cd706b2), TOBN(0x5b012a5b, 0x359017b9), - TOBN(0x3943c38c, 0x72e0f5ae), TOBN(0x786167ea, 0x57176fa3), - TOBN(0xe5f9897d, 0x594881dc), TOBN(0x6b5efad8, 0xcfb820c1), - TOBN(0xb2179093, 0xd55018de), TOBN(0x39ad7d32, 0x0bac56ce), - TOBN(0xb55122e0, 0x2cfc0e81), TOBN(0x117c4661, 0xf6d89daa), - TOBN(0x362d01e1, 0xcb64fa09), TOBN(0x6a309b4e, 0x3e9c4ddd), - TOBN(0xfa979fb7, 0xabea49b1), TOBN(0xb4b1d27d, 0x10e2c6c5), - TOBN(0xbd61c2c4, 0x23afde7a), TOBN(0xeb6614f8, 0x9786d358), - TOBN(0x4a5d816b, 0x7f6f7459), TOBN(0xe431a44f, 0x09360e7b), - TOBN(0x8c27a032, 0xc309914c), TOBN(0xcea5d68a, 0xcaede3d8), - TOBN(0x3668f665, 0x3a0a3f95), TOBN(0x89369416, 0x7ceba27b), - TOBN(0x89981fad, 0xe4728fe9), TOBN(0x7102c8a0, 0x8a093562), - TOBN(0xbb80310e, 0x235d21c8), TOBN(0x505e55d1, 0xbefb7f7b), - TOBN(0xa0a90811, 0x12958a67), TOBN(0xd67e106a, 0x4d851fef), - TOBN(0xb84011a9, 0x431dd80e), TOBN(0xeb7c7cca, 0x73306cd9), - TOBN(0x20fadd29, 0xd1b3b730), TOBN(0x83858b5b, 0xfe37b3d3), - TOBN(0xbf4cd193, 0xb6251d5c), TOBN(0x1cca1fd3, 0x1352d952), - TOBN(0xc66157a4, 0x90fbc051), TOBN(0x7990a638, 0x89b98636),} - , - {TOBN(0xe5aa692a, 0x87dec0e1), TOBN(0x010ded8d, 0xf7b39d00), - TOBN(0x7b1b80c8, 0x54cfa0b5), TOBN(0x66beb876, 0xa0f8ea28), - TOBN(0x50d7f531, 0x3476cd0e), TOBN(0xa63d0e65, 0xb08d3949), - TOBN(0x1a09eea9, 0x53479fc6), TOBN(0x82ae9891, 0xf499e742), - TOBN(0xab58b910, 0x5ca7d866), TOBN(0x582967e2, 0x3adb3b34), - TOBN(0x89ae4447, 0xcceac0bc), TOBN(0x919c667c, 0x7bf56af5), - TOBN(0x9aec17b1, 0x60f5dcd7), TOBN(0xec697b9f, 0xddcaadbc), - TOBN(0x0b98f341, 0x463467f5), TOBN(0xb187f1f7, 0xa967132f), - TOBN(0x90fe7a1d, 0x214aeb18), TOBN(0x1506af3c, 0x741432f7), - TOBN(0xbb5565f9, 0xe591a0c4), TOBN(0x10d41a77, 0xb44f1bc3), - TOBN(0xa09d65e4, 0xa84bde96), TOBN(0x42f060d8, 0xf20a6a1c), - TOBN(0x652a3bfd, 0xf27f9ce7), TOBN(0xb6bdb65c, 0x3b3d739f), - TOBN(0xeb5ddcb6, 0xec7fae9f), TOBN(0x995f2714, 0xefb66e5a), - TOBN(0xdee95d8e, 0x69445d52), TOBN(0x1b6c2d46, 0x09e27620), - TOBN(0x32621c31, 0x8129d716), TOBN(0xb03909f1, 0x0958c1aa), - TOBN(0x8c468ef9, 0x1af4af63), TOBN(0x162c429f, 0xfba5cdf6), - TOBN(0x2f682343, 0x753b9371), TOBN(0x29cab45a, 0x5f1f9cd7), - TOBN(0x571623ab, 0xb245db96), TOBN(0xc507db09, 0x3fd79999), - TOBN(0x4e2ef652, 0xaf036c32), TOBN(0x86f0cc78, 0x05018e5c), - TOBN(0xc10a73d4, 0xab8be350), TOBN(0x6519b397, 0x7e826327), - TOBN(0xe8cb5eef, 0x9c053df7), TOBN(0x8de25b37, 0xb300ea6f), - TOBN(0xdb03fa92, 0xc849cffb), TOBN(0x242e43a7, 0xe84169bb), - TOBN(0xe4fa51f4, 0xdd6f958e), TOBN(0x6925a77f, 0xf4445a8d), - TOBN(0xe6e72a50, 0xe90d8949), TOBN(0xc66648e3, 0x2b1f6390), - TOBN(0xb2ab1957, 0x173e460c), TOBN(0x1bbbce75, 0x30704590), - TOBN(0xc0a90dbd, 0xdb1c7162), TOBN(0x505e399e, 0x15cdd65d), - TOBN(0x68434dcb, 0x57797ab7), TOBN(0x60ad35ba, 0x6a2ca8e8), - TOBN(0x4bfdb1e0, 0xde3336c1), TOBN(0xbbef99eb, 0xd8b39015), - TOBN(0x6c3b96f3, 0x1711ebec), TOBN(0x2da40f1f, 0xce98fdc4), - TOBN(0xb99774d3, 0x57b4411f), TOBN(0x87c8bdf4, 0x15b65bb6), - TOBN(0xda3a89e3, 0xc2eef12d), TOBN(0xde95bb9b, 0x3c7471f3), - TOBN(0x600f225b, 0xd812c594), TOBN(0x54907c5d, 0x2b75a56b), - TOBN(0xa93cc5f0, 0x8db60e35), TOBN(0x743e3cd6, 0xfa833319), - TOBN(0x7dad5c41, 0xf81683c9), TOBN(0x70c1e7d9, 0x9c34107e), - TOBN(0x0edc4a39, 0xa6be0907), TOBN(0x36d47035, 0x86d0b7d3), - TOBN(0x8c76da03, 0x272bfa60), TOBN(0x0b4a07ea, 0x0f08a414), - TOBN(0x699e4d29, 0x45c1dd53), TOBN(0xcadc5898, 0x231debb5), - TOBN(0xdf49fcc7, 0xa77f00e0), TOBN(0x93057bbf, 0xa73e5a0e), - TOBN(0x2f8b7ecd, 0x027a4cd1), TOBN(0x114734b3, 0xc614011a), - TOBN(0xe7a01db7, 0x67677c68), TOBN(0x89d9be5e, 0x7e273f4f), - TOBN(0xd225cb2e, 0x089808ef), TOBN(0xf1f7a27d, 0xd59e4107), - TOBN(0x53afc761, 0x8211b9c9), TOBN(0x0361bc67, 0xe6819159), - TOBN(0x2a865d0b, 0x7f071426), TOBN(0x6a3c1810, 0xe7072567), - TOBN(0x3e3bca1e, 0x0d6bcabd), TOBN(0xa1b02bc1, 0x408591bc), - TOBN(0xe0deee59, 0x31fba239), TOBN(0xf47424d3, 0x98bd91d1), - TOBN(0x0f8886f4, 0x071a3c1d), TOBN(0x3f7d41e8, 0xa819233b), - TOBN(0x708623c2, 0xcf6eb998), TOBN(0x86bb49af, 0x609a287f), - TOBN(0x942bb249, 0x63c90762), TOBN(0x0ef6eea5, 0x55a9654b), - TOBN(0x5f6d2d72, 0x36f5defe), TOBN(0xfa9922dc, 0x56f99176), - TOBN(0x6c8c5ece, 0xf78ce0c7), TOBN(0x7b44589d, 0xbe09b55e), - TOBN(0xe11b3bca, 0x9ea83770), TOBN(0xd7fa2c7f, 0x2ab71547), - TOBN(0x2a3dd6fa, 0x2a1ddcc0), TOBN(0x09acb430, 0x5a7b7707), - TOBN(0x4add4a2e, 0x649d4e57), TOBN(0xcd53a2b0, 0x1917526e), - TOBN(0xc5262330, 0x20b44ac4), TOBN(0x4028746a, 0xbaa2c31d), - TOBN(0x51318390, 0x64291d4c), TOBN(0xbf48f151, 0xee5ad909), - TOBN(0xcce57f59, 0x7b185681), TOBN(0x7c3ac1b0, 0x4854d442), - TOBN(0x65587dc3, 0xc093c171), TOBN(0xae7acb24, 0x24f42b65), - TOBN(0x5a338adb, 0x955996cb), TOBN(0xc8e65675, 0x6051f91b), - TOBN(0x66711fba, 0x28b8d0b1), TOBN(0x15d74137, 0xb6c10a90), - TOBN(0x70cdd7eb, 0x3a232a80), TOBN(0xc9e2f07f, 0x6191ed24), - TOBN(0xa80d1db6, 0xf79588c0), TOBN(0xfa52fc69, 0xb55768cc), - TOBN(0x0b4df1ae, 0x7f54438a), TOBN(0x0cadd1a7, 0xf9b46a4f), - TOBN(0xb40ea6b3, 0x1803dd6f), TOBN(0x488e4fa5, 0x55eaae35), - TOBN(0x9f047d55, 0x382e4e16), TOBN(0xc9b5b7e0, 0x2f6e0c98), - TOBN(0x6b1bd2d3, 0x95762649), TOBN(0xa9604ee7, 0xc7aea3f6), - TOBN(0x3646ff27, 0x6dc6f896), TOBN(0x9bf0e7f5, 0x2860bad1), - TOBN(0x2d92c821, 0x7cb44b92), TOBN(0xa2f5ce63, 0xaea9c182), - TOBN(0xd0a2afb1, 0x9154a5fd), TOBN(0x482e474c, 0x95801da6), - TOBN(0xc19972d0, 0xb611c24b), TOBN(0x1d468e65, 0x60a8f351), - TOBN(0xeb758069, 0x7bcf6421), TOBN(0xec9dd0ee, 0x88fbc491), - TOBN(0x5b59d2bf, 0x956c2e32), TOBN(0x73dc6864, 0xdcddf94e), - TOBN(0xfd5e2321, 0xbcee7665), TOBN(0xa7b4f8ef, 0x5e9a06c4), - TOBN(0xfba918dd, 0x7280f855), TOBN(0xbbaac260, 0x8baec688), - TOBN(0xa3b3f00f, 0x33400f42), TOBN(0x3d2dba29, 0x66f2e6e4), - TOBN(0xb6f71a94, 0x98509375), TOBN(0x8f33031f, 0xcea423cc), - TOBN(0x009b8dd0, 0x4807e6fb), TOBN(0x5163cfe5, 0x5cdb954c), - TOBN(0x03cc8f17, 0xcf41c6e8), TOBN(0xf1f03c2a, 0x037b925c), - TOBN(0xc39c19cc, 0x66d2427c), TOBN(0x823d24ba, 0x7b6c18e4), - TOBN(0x32ef9013, 0x901f0b4f), TOBN(0x684360f1, 0xf8941c2e), - TOBN(0x0ebaff52, 0x2c28092e), TOBN(0x7891e4e3, 0x256c932f), - TOBN(0x51264319, 0xac445e3d), TOBN(0x553432e7, 0x8ea74381), - TOBN(0xe6eeaa69, 0x67e9c50a), TOBN(0x27ced284, 0x62e628c7), - TOBN(0x3f96d375, 0x7a4afa57), TOBN(0xde0a14c3, 0xe484c150), - TOBN(0x364a24eb, 0x38bd9923), TOBN(0x1df18da0, 0xe5177422), - TOBN(0x174e8f82, 0xd8d38a9b), TOBN(0x2e97c600, 0xe7de1391), - TOBN(0xc5709850, 0xa1c175dd), TOBN(0x969041a0, 0x32ae5035), - TOBN(0xcbfd533b, 0x76a2086b), TOBN(0xd6bba71b, 0xd7c2e8fe), - TOBN(0xb2d58ee6, 0x099dfb67), TOBN(0x3a8b342d, 0x064a85d9), - TOBN(0x3bc07649, 0x522f9be3), TOBN(0x690c075b, 0xdf1f49a8), - TOBN(0x80e1aee8, 0x3854ec42), TOBN(0x2a7dbf44, 0x17689dc7), - TOBN(0xc004fc0e, 0x3faf4078), TOBN(0xb2f02e9e, 0xdf11862c), - TOBN(0xf10a5e0f, 0xa0a1b7b3), TOBN(0x30aca623, 0x8936ec80), - TOBN(0xf83cbf05, 0x02f40d9a), TOBN(0x4681c468, 0x2c318a4d), - TOBN(0x98575618, 0x0e9c2674), TOBN(0xbe79d046, 0x1847092e), - TOBN(0xaf1e480a, 0x78bd01e0), TOBN(0x6dd359e4, 0x72a51db9), - TOBN(0x62ce3821, 0xe3afbab6), TOBN(0xc5cee5b6, 0x17733199), - TOBN(0xe08b30d4, 0x6ffd9fbb), TOBN(0x6e5bc699, 0x36c610b7), - TOBN(0xf343cff2, 0x9ce262cf), TOBN(0xca2e4e35, 0x68b914c1), - TOBN(0x011d64c0, 0x16de36c5), TOBN(0xe0b10fdd, 0x42e2b829), - TOBN(0x78942981, 0x6685aaf8), TOBN(0xe7511708, 0x230ede97), - TOBN(0x671ed8fc, 0x3b922bf8), TOBN(0xe4d8c0a0, 0x4c29b133), - TOBN(0x87eb1239, 0x3b6e99c4), TOBN(0xaff3974c, 0x8793beba), - TOBN(0x03749405, 0x2c18df9b), TOBN(0xc5c3a293, 0x91007139), - TOBN(0x6a77234f, 0xe37a0b95), TOBN(0x02c29a21, 0xb661c96b), - TOBN(0xc3aaf1d6, 0x141ecf61), TOBN(0x9195509e, 0x3bb22f53), - TOBN(0x29597404, 0x22d51357), TOBN(0x1b083822, 0x537bed60), - TOBN(0xcd7d6e35, 0xe07289f0), TOBN(0x1f94c48c, 0x6dd86eff), - TOBN(0xc8bb1f82, 0xeb0f9cfa), TOBN(0x9ee0b7e6, 0x1b2eb97d), - TOBN(0x5a52fe2e, 0x34d74e31), TOBN(0xa352c310, 0x3bf79ab6), - TOBN(0x97ff6c5a, 0xabfeeb8f), TOBN(0xbfbe8fef, 0xf5c97305), - TOBN(0xd6081ce6, 0xa7904608), TOBN(0x1f812f3a, 0xc4fca249), - TOBN(0x9b24bc9a, 0xb9e5e200), TOBN(0x91022c67, 0x38012ee8), - TOBN(0xe83d9c5d, 0x30a713a1), TOBN(0x4876e3f0, 0x84ef0f93), - TOBN(0xc9777029, 0xc1fbf928), TOBN(0xef7a6bb3, 0xbce7d2a4), - TOBN(0xb8067228, 0xdfa2a659), TOBN(0xd5cd3398, 0xd877a48f), - TOBN(0xbea4fd8f, 0x025d0f3f), TOBN(0xd67d2e35, 0x2eae7c2b), - TOBN(0x184de7d7, 0xcc5f4394), TOBN(0xb5551b5c, 0x4536e142), - TOBN(0x2e89b212, 0xd34aa60a), TOBN(0x14a96fea, 0xf50051d5), - TOBN(0x4e21ef74, 0x0d12bb0b), TOBN(0xc522f020, 0x60b9677e), - TOBN(0x8b12e467, 0x2df7731d), TOBN(0x39f80382, 0x7b326d31), - TOBN(0xdfb8630c, 0x39024a94), TOBN(0xaacb96a8, 0x97319452), - TOBN(0xd68a3961, 0xeda3867c), TOBN(0x0c58e2b0, 0x77c4ffca), - TOBN(0x3d545d63, 0x4da919fa), TOBN(0xef79b69a, 0xf15e2289), - TOBN(0x54bc3d3d, 0x808bab10), TOBN(0xc8ab3007, 0x45f82c37), - TOBN(0xc12738b6, 0x7c4a658a), TOBN(0xb3c47639, 0x40e72182), - TOBN(0x3b77be46, 0x8798e44f), TOBN(0xdc047df2, 0x17a7f85f), - TOBN(0x2439d4c5, 0x5e59d92d), TOBN(0xcedca475, 0xe8e64d8d), - TOBN(0xa724cd0d, 0x87ca9b16), TOBN(0x35e4fd59, 0xa5540dfe), - TOBN(0xf8c1ff18, 0xe4bcf6b1), TOBN(0x856d6285, 0x295018fa), - TOBN(0x433f665c, 0x3263c949), TOBN(0xa6a76dd6, 0xa1f21409), - TOBN(0x17d32334, 0xcc7b4f79), TOBN(0xa1d03122, 0x06720e4a), - TOBN(0xadb6661d, 0x81d9bed5), TOBN(0xf0d6fb02, 0x11db15d1), - TOBN(0x7fd11ad5, 0x1fb747d2), TOBN(0xab50f959, 0x3033762b), - TOBN(0x2a7e711b, 0xfbefaf5a), TOBN(0xc7393278, 0x3fef2bbf), - TOBN(0xe29fa244, 0x0df6f9be), TOBN(0x9092757b, 0x71efd215), - TOBN(0xee60e311, 0x4f3d6fd9), TOBN(0x338542d4, 0x0acfb78b), - TOBN(0x44a23f08, 0x38961a0f), TOBN(0x1426eade, 0x986987ca), - TOBN(0x36e6ee2e, 0x4a863cc6), TOBN(0x48059420, 0x628b8b79), - TOBN(0x30303ad8, 0x7396e1de), TOBN(0x5c8bdc48, 0x38c5aad1), - TOBN(0x3e40e11f, 0x5c8f5066), TOBN(0xabd6e768, 0x8d246bbd), - TOBN(0x68aa40bb, 0x23330a01), TOBN(0xd23f5ee4, 0xc34eafa0), - TOBN(0x3bbee315, 0x5de02c21), TOBN(0x18dd4397, 0xd1d8dd06), - TOBN(0x3ba1939a, 0x122d7b44), TOBN(0xe6d3b40a, 0xa33870d6), - TOBN(0x8e620f70, 0x1c4fe3f8), TOBN(0xf6bba1a5, 0xd3a50cbf), - TOBN(0x4a78bde5, 0xcfc0aee0), TOBN(0x847edc46, 0xc08c50bd), - TOBN(0xbaa2439c, 0xad63c9b2), TOBN(0xceb4a728, 0x10fc2acb), - TOBN(0xa419e40e, 0x26da033d), TOBN(0x6cc3889d, 0x03e02683), - TOBN(0x1cd28559, 0xfdccf725), TOBN(0x0fd7e0f1, 0x8d13d208), - TOBN(0x01b9733b, 0x1f0df9d4), TOBN(0x8cc2c5f3, 0xa2b5e4f3), - TOBN(0x43053bfa, 0x3a304fd4), TOBN(0x8e87665c, 0x0a9f1aa7), - TOBN(0x087f29ec, 0xd73dc965), TOBN(0x15ace455, 0x3e9023db), - TOBN(0x2370e309, 0x2bce28b4), TOBN(0xf9723442, 0xb6b1e84a), - TOBN(0xbeee662e, 0xb72d9f26), TOBN(0xb19396de, 0xf0e47109), - TOBN(0x85b1fa73, 0xe13289d0), TOBN(0x436cf77e, 0x54e58e32), - TOBN(0x0ec833b3, 0xe990ef77), TOBN(0x7373e3ed, 0x1b11fc25), - TOBN(0xbe0eda87, 0x0fc332ce), TOBN(0xced04970, 0x8d7ea856), - TOBN(0xf85ff785, 0x7e977ca0), TOBN(0xb66ee8da, 0xdfdd5d2b), - TOBN(0xf5e37950, 0x905af461), TOBN(0x587b9090, 0x966d487c), - TOBN(0x6a198a1b, 0x32ba0127), TOBN(0xa7720e07, 0x141615ac), - TOBN(0xa23f3499, 0x996ef2f2), TOBN(0xef5f64b4, 0x470bcb3d), - TOBN(0xa526a962, 0x92b8c559), TOBN(0x0c14aac0, 0x69740a0f), - TOBN(0x0d41a9e3, 0xa6bdc0a5), TOBN(0x97d52106, 0x9c48aef4), - TOBN(0xcf16bd30, 0x3e7c253b), TOBN(0xcc834b1a, 0x47fdedc1), - TOBN(0x7362c6e5, 0x373aab2e), TOBN(0x264ed85e, 0xc5f590ff), - TOBN(0x7a46d9c0, 0x66d41870), TOBN(0xa50c20b1, 0x4787ba09), - TOBN(0x185e7e51, 0xe3d44635), TOBN(0xb3b3e080, 0x31e2d8dc), - TOBN(0xbed1e558, 0xa179e9d9), TOBN(0x2daa3f79, 0x74a76781), - TOBN(0x4372baf2, 0x3a40864f), TOBN(0x46900c54, 0x4fe75cb5), - TOBN(0xb95f171e, 0xf76765d0), TOBN(0x4ad726d2, 0x95c87502), - TOBN(0x2ec769da, 0x4d7c99bd), TOBN(0x5e2ddd19, 0xc36cdfa8), - TOBN(0xc22117fc, 0xa93e6dea), TOBN(0xe8a2583b, 0x93771123), - TOBN(0xbe2f6089, 0xfa08a3a2), TOBN(0x4809d5ed, 0x8f0e1112), - TOBN(0x3b414aa3, 0xda7a095e), TOBN(0x9049acf1, 0x26f5aadd), - TOBN(0x78d46a4d, 0x6be8b84a), TOBN(0xd66b1963, 0xb732b9b3), - TOBN(0x5c2ac2a0, 0xde6e9555), TOBN(0xcf52d098, 0xb5bd8770), - TOBN(0x15a15fa6, 0x0fd28921), TOBN(0x56ccb81e, 0x8b27536d), - TOBN(0x0f0d8ab8, 0x9f4ccbb8), TOBN(0xed5f44d2, 0xdb221729), - TOBN(0x43141988, 0x00bed10c), TOBN(0xc94348a4, 0x1d735b8b), - TOBN(0x79f3e9c4, 0x29ef8479), TOBN(0x4c13a4e3, 0x614c693f), - TOBN(0x32c9af56, 0x8e143a14), TOBN(0xbc517799, 0xe29ac5c4), - TOBN(0x05e17992, 0x2774856f), TOBN(0x6e52fb05, 0x6c1bf55f), - TOBN(0xaeda4225, 0xe4f19e16), TOBN(0x70f4728a, 0xaf5ccb26), - TOBN(0x5d2118d1, 0xb2947f22), TOBN(0xc827ea16, 0x281d6fb9), - TOBN(0x8412328d, 0x8cf0eabd), TOBN(0x45ee9fb2, 0x03ef9dcf), - TOBN(0x8e700421, 0xbb937d63), TOBN(0xdf8ff2d5, 0xcc4b37a6), - TOBN(0xa4c0d5b2, 0x5ced7b68), TOBN(0x6537c1ef, 0xc7308f59), - TOBN(0x25ce6a26, 0x3b37f8e8), TOBN(0x170e9a9b, 0xdeebc6ce), - TOBN(0xdd037952, 0x8728d72c), TOBN(0x445b0e55, 0x850154bc), - TOBN(0x4b7d0e06, 0x83a7337b), TOBN(0x1e3416d4, 0xffecf249), - TOBN(0x24840eff, 0x66a2b71f), TOBN(0xd0d9a50a, 0xb37cc26d), - TOBN(0xe2198150, 0x6fe28ef7), TOBN(0x3cc5ef16, 0x23324c7f), - TOBN(0x220f3455, 0x769b5263), TOBN(0xe2ade2f1, 0xa10bf475), - TOBN(0x28cd20fa, 0x458d3671), TOBN(0x1549722c, 0x2dc4847b), - TOBN(0x6dd01e55, 0x591941e3), TOBN(0x0e6fbcea, 0x27128ccb), - TOBN(0xae1a1e6b, 0x3bef0262), TOBN(0xfa8c472c, 0x8f54e103), - TOBN(0x7539c0a8, 0x72c052ec), TOBN(0xd7b27369, 0x5a3490e9), - TOBN(0x143fe1f1, 0x71684349), TOBN(0x36b4722e, 0x32e19b97), - TOBN(0xdc059227, 0x90980aff), TOBN(0x175c9c88, 0x9e13d674), - TOBN(0xa7de5b22, 0x6e6bfdb1), TOBN(0x5ea5b7b2, 0xbedb4b46), - TOBN(0xd5570191, 0xd34a6e44), TOBN(0xfcf60d2e, 0xa24ff7e6), - TOBN(0x614a392d, 0x677819e1), TOBN(0x7be74c7e, 0xaa5a29e8), - TOBN(0xab50fece, 0x63c85f3f), TOBN(0xaca2e2a9, 0x46cab337), - TOBN(0x7f700388, 0x122a6fe3), TOBN(0xdb69f703, 0x882a04a8), - TOBN(0x9a77935d, 0xcf7aed57), TOBN(0xdf16207c, 0x8d91c86f), - TOBN(0x2fca49ab, 0x63ed9998), TOBN(0xa3125c44, 0xa77ddf96), - TOBN(0x05dd8a86, 0x24344072), TOBN(0xa023dda2, 0xfec3fb56), - TOBN(0x421b41fc, 0x0c743032), TOBN(0x4f2120c1, 0x5e438639), - TOBN(0xfb7cae51, 0xc83c1b07), TOBN(0xb2370caa, 0xcac2171a), - TOBN(0x2eb2d962, 0x6cc820fb), TOBN(0x59feee5c, 0xb85a44bf), - TOBN(0x94620fca, 0x5b6598f0), TOBN(0x6b922cae, 0x7e314051), - TOBN(0xff8745ad, 0x106bed4e), TOBN(0x546e71f5, 0xdfa1e9ab), - TOBN(0x935c1e48, 0x1ec29487), TOBN(0x9509216c, 0x4d936530), - TOBN(0xc7ca3067, 0x85c9a2db), TOBN(0xd6ae5152, 0x6be8606f), - TOBN(0x09dbcae6, 0xe14c651d), TOBN(0xc9536e23, 0x9bc32f96), - TOBN(0xa90535a9, 0x34521b03), TOBN(0xf39c526c, 0x878756ff), - TOBN(0x383172ec, 0x8aedf03c), TOBN(0x20a8075e, 0xefe0c034), - TOBN(0xf22f9c62, 0x64026422), TOBN(0x8dd10780, 0x24b9d076), - TOBN(0x944c742a, 0x3bef2950), TOBN(0x55b9502e, 0x88a2b00b), - TOBN(0xa59e14b4, 0x86a09817), TOBN(0xa39dd3ac, 0x47bb4071), - TOBN(0x55137f66, 0x3be0592f), TOBN(0x07fcafd4, 0xc9e63f5b), - TOBN(0x963652ee, 0x346eb226), TOBN(0x7dfab085, 0xec2facb7), - TOBN(0x273bf2b8, 0x691add26), TOBN(0x30d74540, 0xf2b46c44), - TOBN(0x05e8e73e, 0xf2c2d065), TOBN(0xff9b8a00, 0xd42eeac9), - TOBN(0x2fcbd205, 0x97209d22), TOBN(0xeb740ffa, 0xde14ea2c), - TOBN(0xc71ff913, 0xa8aef518), TOBN(0x7bfc74bb, 0xfff4cfa2), - TOBN(0x1716680c, 0xb6b36048), TOBN(0x121b2cce, 0x9ef79af1), - TOBN(0xbff3c836, 0xa01eb3d3), TOBN(0x50eb1c6a, 0x5f79077b), - TOBN(0xa48c32d6, 0xa004bbcf), TOBN(0x47a59316, 0x7d64f61d), - TOBN(0x6068147f, 0x93102016), TOBN(0x12c5f654, 0x94d12576), - TOBN(0xefb071a7, 0xc9bc6b91), TOBN(0x7c2da0c5, 0x6e23ea95), - TOBN(0xf4fd45b6, 0xd4a1dd5d), TOBN(0x3e7ad9b6, 0x9122b13c), - TOBN(0x342ca118, 0xe6f57a48), TOBN(0x1c2e94a7, 0x06f8288f), - TOBN(0x99e68f07, 0x5a97d231), TOBN(0x7c80de97, 0x4d838758), - TOBN(0xbce0f5d0, 0x05872727), TOBN(0xbe5d95c2, 0x19c4d016), - TOBN(0x921d5cb1, 0x9c2492ee), TOBN(0x42192dc1, 0x404d6fb3), - TOBN(0x4c84dcd1, 0x32f988d3), TOBN(0xde26d61f, 0xa17b8e85), - TOBN(0xc466dcb6, 0x137c7408), TOBN(0x9a38d7b6, 0x36a266da), - TOBN(0x7ef5cb06, 0x83bebf1b), TOBN(0xe5cdcbbf, 0x0fd014e3), - TOBN(0x30aa376d, 0xf65965a0), TOBN(0x60fe88c2, 0xebb3e95e), - TOBN(0x33fd0b61, 0x66ee6f20), TOBN(0x8827dcdb, 0x3f41f0a0), - TOBN(0xbf8a9d24, 0x0c56c690), TOBN(0x40265dad, 0xddb7641d), - TOBN(0x522b05bf, 0x3a6b662b), TOBN(0x466d1dfe, 0xb1478c9b), - TOBN(0xaa616962, 0x1484469b), TOBN(0x0db60549, 0x02df8f9f), - TOBN(0xc37bca02, 0x3cb8bf51), TOBN(0x5effe346, 0x21371ce8), - TOBN(0xe8f65264, 0xff112c32), TOBN(0x8a9c736d, 0x7b971fb2), - TOBN(0xa4f19470, 0x7b75080d), TOBN(0xfc3f2c5a, 0x8839c59b), - TOBN(0x1d6c777e, 0x5aeb49c2), TOBN(0xf3db034d, 0xda1addfe), - TOBN(0xd76fee5a, 0x5535affc), TOBN(0x0853ac70, 0xb92251fd), - TOBN(0x37e3d594, 0x8b2a29d5), TOBN(0x28f1f457, 0x4de00ddb), - TOBN(0x8083c1b5, 0xf42c328b), TOBN(0xd8ef1d8f, 0xe493c73b), - TOBN(0x96fb6260, 0x41dc61bd), TOBN(0xf74e8a9d, 0x27ee2f8a), - TOBN(0x7c605a80, 0x2c946a5d), TOBN(0xeed48d65, 0x3839ccfd), - TOBN(0x9894344f, 0x3a29467a), TOBN(0xde81e949, 0xc51eba6d), - TOBN(0xdaea066b, 0xa5e5c2f2), TOBN(0x3fc8a614, 0x08c8c7b3), - TOBN(0x7adff88f, 0x06d0de9f), TOBN(0xbbc11cf5, 0x3b75ce0a), - TOBN(0x9fbb7acc, 0xfbbc87d5), TOBN(0xa1458e26, 0x7badfde2)} - , - {TOBN(0x1cb43668, 0xe039c256), TOBN(0x5f26fb8b, 0x7c17fd5d), - TOBN(0xeee426af, 0x79aa062b), TOBN(0x072002d0, 0xd78fbf04), - TOBN(0x4c9ca237, 0xe84fb7e3), TOBN(0xb401d8a1, 0x0c82133d), - TOBN(0xaaa52592, 0x6d7e4181), TOBN(0xe9430833, 0x73dbb152), - TOBN(0xf92dda31, 0xbe24319a), TOBN(0x03f7d28b, 0xe095a8e7), - TOBN(0xa52fe840, 0x98782185), TOBN(0x276ddafe, 0x29c24dbc), - TOBN(0x80cd5496, 0x1d7a64eb), TOBN(0xe4360889, 0x7f1dbe42), - TOBN(0x2f81a877, 0x8438d2d5), TOBN(0x7e4d52a8, 0x85169036), - TOBN(0x19e3d5b1, 0x1d59715d), TOBN(0xc7eaa762, 0xd788983e), - TOBN(0xe5a730b0, 0xabf1f248), TOBN(0xfbab8084, 0xfae3fd83), - TOBN(0x65e50d21, 0x53765b2f), TOBN(0xbdd4e083, 0xfa127f3d), - TOBN(0x9cf3c074, 0x397b1b10), TOBN(0x59f8090c, 0xb1b59fd3), - TOBN(0x7b15fd9d, 0x615faa8f), TOBN(0x8fa1eb40, 0x968554ed), - TOBN(0x7bb4447e, 0x7aa44882), TOBN(0x2bb2d0d1, 0x029fff32), - TOBN(0x075e2a64, 0x6caa6d2f), TOBN(0x8eb879de, 0x22e7351b), - TOBN(0xbcd5624e, 0x9a506c62), TOBN(0x218eaef0, 0xa87e24dc), - TOBN(0x37e56847, 0x44ddfa35), TOBN(0x9ccfc5c5, 0xdab3f747), - TOBN(0x9ac1df3f, 0x1ee96cf4), TOBN(0x0c0571a1, 0x3b480b8f), - TOBN(0x2fbeb3d5, 0x4b3a7b3c), TOBN(0x35c03669, 0x5dcdbb99), - TOBN(0x52a0f5dc, 0xb2415b3a), TOBN(0xd57759b4, 0x4413ed9a), - TOBN(0x1fe647d8, 0x3d30a2c5), TOBN(0x0857f77e, 0xf78a81dc), - TOBN(0x11d5a334, 0x131a4a9b), TOBN(0xc0a94af9, 0x29d393f5), - TOBN(0xbc3a5c0b, 0xdaa6ec1a), TOBN(0xba9fe493, 0x88d2d7ed), - TOBN(0xbb4335b4, 0xbb614797), TOBN(0x991c4d68, 0x72f83533), - TOBN(0x53258c28, 0xd2f01cb3), TOBN(0x93d6eaa3, 0xd75db0b1), - TOBN(0x419a2b0d, 0xe87d0db4), TOBN(0xa1e48f03, 0xd8fe8493), - TOBN(0xf747faf6, 0xc508b23a), TOBN(0xf137571a, 0x35d53549), - TOBN(0x9f5e58e2, 0xfcf9b838), TOBN(0xc7186cee, 0xa7fd3cf5), - TOBN(0x77b868ce, 0xe978a1d3), TOBN(0xe3a68b33, 0x7ab92d04), - TOBN(0x51029794, 0x87a5b862), TOBN(0x5f0606c3, 0x3a61d41d), - TOBN(0x2814be27, 0x6f9326f1), TOBN(0x2f521c14, 0xc6fe3c2e), - TOBN(0x17464d7d, 0xacdf7351), TOBN(0x10f5f9d3, 0x777f7e44), - TOBN(0xce8e616b, 0x269fb37d), TOBN(0xaaf73804, 0x7de62de5), - TOBN(0xaba11175, 0x4fdd4153), TOBN(0x515759ba, 0x3770b49b), - TOBN(0x8b09ebf8, 0xaa423a61), TOBN(0x592245a1, 0xcd41fb92), - TOBN(0x1cba8ec1, 0x9b4c8936), TOBN(0xa87e91e3, 0xaf36710e), - TOBN(0x1fd84ce4, 0x3d34a2e3), TOBN(0xee3759ce, 0xb43b5d61), - TOBN(0x895bc78c, 0x619186c7), TOBN(0xf19c3809, 0xcbb9725a), - TOBN(0xc0be21aa, 0xde744b1f), TOBN(0xa7d222b0, 0x60f8056b), - TOBN(0x74be6157, 0xb23efe11), TOBN(0x6fab2b4f, 0x0cd68253), - TOBN(0xad33ea5f, 0x4bf1d725), TOBN(0x9c1d8ee2, 0x4f6c950f), - TOBN(0x544ee78a, 0xa377af06), TOBN(0x54f489bb, 0x94a113e1), - TOBN(0x8f11d634, 0x992fb7e8), TOBN(0x0169a7aa, 0xa2a44347), - TOBN(0x1d49d4af, 0x95020e00), TOBN(0x95945722, 0xe08e120b), - TOBN(0xb6e33878, 0xa4d32282), TOBN(0xe36e029d, 0x48020ae7), - TOBN(0xe05847fb, 0x37a9b750), TOBN(0xf876812c, 0xb29e3819), - TOBN(0x84ad138e, 0xd23a17f0), TOBN(0x6d7b4480, 0xf0b3950e), - TOBN(0xdfa8aef4, 0x2fd67ae0), TOBN(0x8d3eea24, 0x52333af6), - TOBN(0x0d052075, 0xb15d5acc), TOBN(0xc6d9c79f, 0xbd815bc4), - TOBN(0x8dcafd88, 0xdfa36cf2), TOBN(0x908ccbe2, 0x38aa9070), - TOBN(0x638722c4, 0xba35afce), TOBN(0x5a3da8b0, 0xfd6abf0b), - TOBN(0x2dce252c, 0xc9c335c1), TOBN(0x84e7f0de, 0x65aa799b), - TOBN(0x2101a522, 0xb99a72cb), TOBN(0x06de6e67, 0x87618016), - TOBN(0x5ff8c7cd, 0xe6f3653e), TOBN(0x0a821ab5, 0xc7a6754a), - TOBN(0x7e3fa52b, 0x7cb0b5a2), TOBN(0xa7fb121c, 0xc9048790), - TOBN(0x1a725020, 0x06ce053a), TOBN(0xb490a31f, 0x04e929b0), - TOBN(0xe17be47d, 0x62dd61ad), TOBN(0x781a961c, 0x6be01371), - TOBN(0x1063bfd3, 0xdae3cbba), TOBN(0x35647406, 0x7f73c9ba), - TOBN(0xf50e957b, 0x2736a129), TOBN(0xa6313702, 0xed13f256), - TOBN(0x9436ee65, 0x3a19fcc5), TOBN(0xcf2bdb29, 0xe7a4c8b6), - TOBN(0xb06b1244, 0xc5f95cd8), TOBN(0xda8c8af0, 0xf4ab95f4), - TOBN(0x1bae59c2, 0xb9e5836d), TOBN(0x07d51e7e, 0x3acffffc), - TOBN(0x01e15e6a, 0xc2ccbcda), TOBN(0x3bc1923f, 0x8528c3e0), - TOBN(0x43324577, 0xa49fead4), TOBN(0x61a1b884, 0x2aa7a711), - TOBN(0xf9a86e08, 0x700230ef), TOBN(0x0af585a1, 0xbd19adf8), - TOBN(0x7645f361, 0xf55ad8f2), TOBN(0x6e676223, 0x46c3614c), - TOBN(0x23cb257c, 0x4e774d3f), TOBN(0x82a38513, 0xac102d1b), - TOBN(0x9bcddd88, 0x7b126aa5), TOBN(0xe716998b, 0xeefd3ee4), - TOBN(0x4239d571, 0xfb167583), TOBN(0xdd011c78, 0xd16c8f8a), - TOBN(0x271c2895, 0x69a27519), TOBN(0x9ce0a3b7, 0xd2d64b6a), - TOBN(0x8c977289, 0xd5ec6738), TOBN(0xa3b49f9a, 0x8840ef6b), - TOBN(0x808c14c9, 0x9a453419), TOBN(0x5c00295b, 0x0cf0a2d5), - TOBN(0x524414fb, 0x1d4bcc76), TOBN(0xb07691d2, 0x459a88f1), - TOBN(0x77f43263, 0xf70d110f), TOBN(0x64ada5e0, 0xb7abf9f3), - TOBN(0xafd0f94e, 0x5b544cf5), TOBN(0xb4a13a15, 0xfd2713fe), - TOBN(0xb99b7d6e, 0x250c74f4), TOBN(0x097f2f73, 0x20324e45), - TOBN(0x994b37d8, 0xaffa8208), TOBN(0xc3c31b0b, 0xdc29aafc), - TOBN(0x3da74651, 0x7a3a607f), TOBN(0xd8e1b8c1, 0xfe6955d6), - TOBN(0x716e1815, 0xc8418682), TOBN(0x541d487f, 0x7dc91d97), - TOBN(0x48a04669, 0xc6996982), TOBN(0xf39cab15, 0x83a6502e), - TOBN(0x025801a0, 0xe68db055), TOBN(0xf3569758, 0xba3338d5), - TOBN(0xb0c8c0aa, 0xee2afa84), TOBN(0x4f6985d3, 0xfb6562d1), - TOBN(0x351f1f15, 0x132ed17a), TOBN(0x510ed0b4, 0xc04365fe), - TOBN(0xa3f98138, 0xe5b1f066), TOBN(0xbc9d95d6, 0x32df03dc), - TOBN(0xa83ccf6e, 0x19abd09e), TOBN(0x0b4097c1, 0x4ff17edb), - TOBN(0x58a5c478, 0xd64a06ce), TOBN(0x2ddcc3fd, 0x544a58fd), - TOBN(0xd449503d, 0x9e8153b8), TOBN(0x3324fd02, 0x7774179b), - TOBN(0xaf5d47c8, 0xdbd9120c), TOBN(0xeb860162, 0x34fa94db), - TOBN(0x5817bdd1, 0x972f07f4), TOBN(0xe5579e2e, 0xd27bbceb), - TOBN(0x86847a1f, 0x5f11e5a6), TOBN(0xb39ed255, 0x7c3cf048), - TOBN(0xe1076417, 0xa2f62e55), TOBN(0x6b9ab38f, 0x1bcf82a2), - TOBN(0x4bb7c319, 0x7aeb29f9), TOBN(0xf6d17da3, 0x17227a46), - TOBN(0xab53ddbd, 0x0f968c00), TOBN(0xa03da7ec, 0x000c880b), - TOBN(0x7b239624, 0x6a9ad24d), TOBN(0x612c0401, 0x01ec60d0), - TOBN(0x70d10493, 0x109f5df1), TOBN(0xfbda4030, 0x80af7550), - TOBN(0x30b93f95, 0xc6b9a9b3), TOBN(0x0c74ec71, 0x007d9418), - TOBN(0x94175564, 0x6edb951f), TOBN(0x5f4a9d78, 0x7f22c282), - TOBN(0xb7870895, 0xb38d1196), TOBN(0xbc593df3, 0xa228ce7c), - TOBN(0xc78c5bd4, 0x6af3641a), TOBN(0x7802200b, 0x3d9b3dcc), - TOBN(0x0dc73f32, 0x8be33304), TOBN(0x847ed87d, 0x61ffb79a), - TOBN(0xf85c974e, 0x6d671192), TOBN(0x1e14100a, 0xde16f60f), - TOBN(0x45cb0d5a, 0x95c38797), TOBN(0x18923bba, 0x9b022da4), - TOBN(0xef2be899, 0xbbe7e86e), TOBN(0x4a1510ee, 0x216067bf), - TOBN(0xd98c8154, 0x84d5ce3e), TOBN(0x1af777f0, 0xf92a2b90), - TOBN(0x9fbcb400, 0x4ef65724), TOBN(0x3e04a4c9, 0x3c0ca6fe), - TOBN(0xfb3e2cb5, 0x55002994), TOBN(0x1f3a93c5, 0x5363ecab), - TOBN(0x1fe00efe, 0x3923555b), TOBN(0x744bedd9, 0x1e1751ea), - TOBN(0x3fb2db59, 0x6ab69357), TOBN(0x8dbd7365, 0xf5e6618b), - TOBN(0x99d53099, 0xdf1ea40e), TOBN(0xb3f24a0b, 0x57d61e64), - TOBN(0xd088a198, 0x596eb812), TOBN(0x22c8361b, 0x5762940b), - TOBN(0x66f01f97, 0xf9c0d95c), TOBN(0x88461172, 0x8e43cdae), - TOBN(0x11599a7f, 0xb72b15c3), TOBN(0x135a7536, 0x420d95cc), - TOBN(0x2dcdf0f7, 0x5f7ae2f6), TOBN(0x15fc6e1d, 0xd7fa6da2), - TOBN(0x81ca829a, 0xd1d441b6), TOBN(0x84c10cf8, 0x04a106b6), - TOBN(0xa9b26c95, 0xa73fbbd0), TOBN(0x7f24e0cb, 0x4d8f6ee8), - TOBN(0x48b45937, 0x1e25a043), TOBN(0xf8a74fca, 0x036f3dfe), - TOBN(0x1ed46585, 0xc9f84296), TOBN(0x7fbaa8fb, 0x3bc278b0), - TOBN(0xa8e96cd4, 0x6c4fcbd0), TOBN(0x940a1202, 0x73b60a5f), - TOBN(0x34aae120, 0x55a4aec8), TOBN(0x550e9a74, 0xdbd742f0), - TOBN(0x794456d7, 0x228c68ab), TOBN(0x492f8868, 0xa4e25ec6), - TOBN(0x682915ad, 0xb2d8f398), TOBN(0xf13b51cc, 0x5b84c953), - TOBN(0xcda90ab8, 0x5bb917d6), TOBN(0x4b615560, 0x4ea3dee1), - TOBN(0x578b4e85, 0x0a52c1c8), TOBN(0xeab1a695, 0x20b75fc4), - TOBN(0x60c14f3c, 0xaa0bb3c6), TOBN(0x220f448a, 0xb8216094), - TOBN(0x4fe7ee31, 0xb0e63d34), TOBN(0xf4600572, 0xa9e54fab), - TOBN(0xc0493334, 0xd5e7b5a4), TOBN(0x8589fb92, 0x06d54831), - TOBN(0xaa70f5cc, 0x6583553a), TOBN(0x0879094a, 0xe25649e5), - TOBN(0xcc904507, 0x10044652), TOBN(0xebb0696d, 0x02541c4f), - TOBN(0x5a171fde, 0xb9718710), TOBN(0x38f1bed8, 0xf374a9f5), - TOBN(0xc8c582e1, 0xba39bdc1), TOBN(0xfc457b0a, 0x908cc0ce), - TOBN(0x9a187fd4, 0x883841e2), TOBN(0x8ec25b39, 0x38725381), - TOBN(0x2553ed05, 0x96f84395), TOBN(0x095c7661, 0x6f6c6897), - TOBN(0x917ac85c, 0x4bdc5610), TOBN(0xb2885fe4, 0x179eb301), - TOBN(0x5fc65547, 0x8b78bdcc), TOBN(0x4a9fc893, 0xe59e4699), - TOBN(0xbb7ff0cd, 0x3ce299af), TOBN(0x195be9b3, 0xadf38b20), - TOBN(0x6a929c87, 0xd38ddb8f), TOBN(0x55fcc99c, 0xb21a51b9), - TOBN(0x2b695b4c, 0x721a4593), TOBN(0xed1e9a15, 0x768eaac2), - TOBN(0xfb63d71c, 0x7489f914), TOBN(0xf98ba31c, 0x78118910), - TOBN(0x80291373, 0x9b128eb4), TOBN(0x7801214e, 0xd448af4a), - TOBN(0xdbd2e22b, 0x55418dd3), TOBN(0xeffb3c0d, 0xd3998242), - TOBN(0xdfa6077c, 0xc7bf3827), TOBN(0xf2165bcb, 0x47f8238f), - TOBN(0xfe37cf68, 0x8564d554), TOBN(0xe5f825c4, 0x0a81fb98), - TOBN(0x43cc4f67, 0xffed4d6f), TOBN(0xbc609578, 0xb50a34b0), - TOBN(0x8aa8fcf9, 0x5041faf1), TOBN(0x5659f053, 0x651773b6), - TOBN(0xe87582c3, 0x6044d63b), TOBN(0xa6089409, 0x0cdb0ca0), - TOBN(0x8c993e0f, 0xbfb2bcf6), TOBN(0xfc64a719, 0x45985cfc), - TOBN(0x15c4da80, 0x83dbedba), TOBN(0x804ae112, 0x2be67df7), - TOBN(0xda4c9658, 0xa23defde), TOBN(0x12002ddd, 0x5156e0d3), - TOBN(0xe68eae89, 0x5dd21b96), TOBN(0x8b99f28b, 0xcf44624d), - TOBN(0x0ae00808, 0x1ec8897a), TOBN(0xdd0a9303, 0x6712f76e), - TOBN(0x96237522, 0x4e233de4), TOBN(0x192445b1, 0x2b36a8a5), - TOBN(0xabf9ff74, 0x023993d9), TOBN(0x21f37bf4, 0x2aad4a8f), - TOBN(0x340a4349, 0xf8bd2bbd), TOBN(0x1d902cd9, 0x4868195d), - TOBN(0x3d27bbf1, 0xe5fdb6f1), TOBN(0x7a5ab088, 0x124f9f1c), - TOBN(0xc466ab06, 0xf7a09e03), TOBN(0x2f8a1977, 0x31f2c123), - TOBN(0xda355dc7, 0x041b6657), TOBN(0xcb840d12, 0x8ece2a7c), - TOBN(0xb600ad9f, 0x7db32675), TOBN(0x78fea133, 0x07a06f1b), - TOBN(0x5d032269, 0xb31f6094), TOBN(0x07753ef5, 0x83ec37aa), - TOBN(0x03485aed, 0x9c0bea78), TOBN(0x41bb3989, 0xbc3f4524), - TOBN(0x09403761, 0x697f726d), TOBN(0x6109beb3, 0xdf394820), - TOBN(0x804111ea, 0x3b6d1145), TOBN(0xb6271ea9, 0xa8582654), - TOBN(0x619615e6, 0x24e66562), TOBN(0xa2554945, 0xd7b6ad9c), - TOBN(0xd9c4985e, 0x99bfe35f), TOBN(0x9770ccc0, 0x7b51cdf6), - TOBN(0x7c327013, 0x92881832), TOBN(0x8777d45f, 0x286b26d1), - TOBN(0x9bbeda22, 0xd847999d), TOBN(0x03aa33b6, 0xc3525d32), - TOBN(0x4b7b96d4, 0x28a959a1), TOBN(0xbb3786e5, 0x31e5d234), - TOBN(0xaeb5d3ce, 0x6961f247), TOBN(0x20aa85af, 0x02f93d3f), - TOBN(0x9cd1ad3d, 0xd7a7ae4f), TOBN(0xbf6688f0, 0x781adaa8), - TOBN(0xb1b40e86, 0x7469cead), TOBN(0x1904c524, 0x309fca48), - TOBN(0x9b7312af, 0x4b54bbc7), TOBN(0xbe24bf8f, 0x593affa2), - TOBN(0xbe5e0790, 0xbd98764b), TOBN(0xa0f45f17, 0xa26e299e), - TOBN(0x4af0d2c2, 0x6b8fe4c7), TOBN(0xef170db1, 0x8ae8a3e6), - TOBN(0x0e8d61a0, 0x29e0ccc1), TOBN(0xcd53e87e, 0x60ad36ca), - TOBN(0x328c6623, 0xc8173822), TOBN(0x7ee1767d, 0xa496be55), - TOBN(0x89f13259, 0x648945af), TOBN(0x9e45a5fd, 0x25c8009c), - TOBN(0xaf2febd9, 0x1f61ab8c), TOBN(0x43f6bc86, 0x8a275385), - TOBN(0x87792348, 0xf2142e79), TOBN(0x17d89259, 0xc6e6238a), - TOBN(0x7536d2f6, 0x4a839d9b), TOBN(0x1f428fce, 0x76a1fbdc), - TOBN(0x1c109601, 0x0db06dfe), TOBN(0xbfc16bc1, 0x50a3a3cc), - TOBN(0xf9cbd9ec, 0x9b30f41b), TOBN(0x5b5da0d6, 0x00138cce), - TOBN(0xec1d0a48, 0x56ef96a7), TOBN(0xb47eb848, 0x982bf842), - TOBN(0x66deae32, 0xec3f700d), TOBN(0x4e43c42c, 0xaa1181e0), - TOBN(0xa1d72a31, 0xd1a4aa2a), TOBN(0x440d4668, 0xc004f3ce), - TOBN(0x0d6a2d3b, 0x45fe8a7a), TOBN(0x820e52e2, 0xfb128365), - TOBN(0x29ac5fcf, 0x25e51b09), TOBN(0x180cd2bf, 0x2023d159), - TOBN(0xa9892171, 0xa1ebf90e), TOBN(0xf97c4c87, 0x7c132181), - TOBN(0x9f1dc724, 0xc03dbb7e), TOBN(0xae043765, 0x018cbbe4), - TOBN(0xfb0b2a36, 0x0767d153), TOBN(0xa8e2f4d6, 0x249cbaeb), - TOBN(0x172a5247, 0xd95ea168), TOBN(0x1758fada, 0x2970764a), - TOBN(0xac803a51, 0x1d978169), TOBN(0x299cfe2e, 0xde77e01b), - TOBN(0x652a1e17, 0xb0a98927), TOBN(0x2e26e1d1, 0x20014495), - TOBN(0x7ae0af9f, 0x7175b56a), TOBN(0xc2e22a80, 0xd64b9f95), - TOBN(0x4d0ff9fb, 0xd90a060a), TOBN(0x496a27db, 0xbaf38085), - TOBN(0x32305401, 0xda776bcf), TOBN(0xb8cdcef6, 0x725f209e), - TOBN(0x61ba0f37, 0x436a0bba), TOBN(0x263fa108, 0x76860049), - TOBN(0x92beb98e, 0xda3542cf), TOBN(0xa2d4d14a, 0xd5849538), - TOBN(0x989b9d68, 0x12e9a1bc), TOBN(0x61d9075c, 0x5f6e3268), - TOBN(0x352c6aa9, 0x99ace638), TOBN(0xde4e4a55, 0x920f43ff), - TOBN(0xe5e4144a, 0xd673c017), TOBN(0x667417ae, 0x6f6e05ea), - TOBN(0x613416ae, 0xdcd1bd56), TOBN(0x5eb36201, 0x86693711), - TOBN(0x2d7bc504, 0x3a1aa914), TOBN(0x175a1299, 0x76dc5975), - TOBN(0xe900e0f2, 0x3fc8125c), TOBN(0x569ef68c, 0x11198875), - TOBN(0x9012db63, 0x63a113b4), TOBN(0xe3bd3f56, 0x98835766), - TOBN(0xa5c94a52, 0x76412dea), TOBN(0xad9e2a09, 0xaa735e5c), - TOBN(0x405a984c, 0x508b65e9), TOBN(0xbde4a1d1, 0x6df1a0d1), - TOBN(0x1a9433a1, 0xdfba80da), TOBN(0xe9192ff9, 0x9440ad2e), - TOBN(0x9f649696, 0x5099fe92), TOBN(0x25ddb65c, 0x0b27a54a), - TOBN(0x178279dd, 0xc590da61), TOBN(0x5479a999, 0xfbde681a), - TOBN(0xd0e84e05, 0x013fe162), TOBN(0xbe11dc92, 0x632d471b), - TOBN(0xdf0b0c45, 0xfc0e089f), TOBN(0x04fb15b0, 0x4c144025), - TOBN(0xa61d5fc2, 0x13c99927), TOBN(0xa033e9e0, 0x3de2eb35), - TOBN(0xf8185d5c, 0xb8dacbb4), TOBN(0x9a88e265, 0x8644549d), - TOBN(0xf717af62, 0x54671ff6), TOBN(0x4bd4241b, 0x5fa58603), - TOBN(0x06fba40b, 0xe67773c0), TOBN(0xc1d933d2, 0x6a2847e9), - TOBN(0xf4f5acf3, 0x689e2c70), TOBN(0x92aab0e7, 0x46bafd31), - TOBN(0x798d76aa, 0x3473f6e5), TOBN(0xcc6641db, 0x93141934), - TOBN(0xcae27757, 0xd31e535e), TOBN(0x04cc43b6, 0x87c2ee11), - TOBN(0x8d1f9675, 0x2e029ffa), TOBN(0xc2150672, 0xe4cc7a2c), - TOBN(0x3b03c1e0, 0x8d68b013), TOBN(0xa9d6816f, 0xedf298f3), - TOBN(0x1bfbb529, 0xa2804464), TOBN(0x95a52fae, 0x5db22125), - TOBN(0x55b32160, 0x0e1cb64e), TOBN(0x004828f6, 0x7e7fc9fe), - TOBN(0x13394b82, 0x1bb0fb93), TOBN(0xb6293a2d, 0x35f1a920), - TOBN(0xde35ef21, 0xd145d2d9), TOBN(0xbe6225b3, 0xbb8fa603), - TOBN(0x00fc8f6b, 0x32cf252d), TOBN(0xa28e52e6, 0x117cf8c2), - TOBN(0x9d1dc89b, 0x4c371e6d), TOBN(0xcebe0675, 0x36ef0f28), - TOBN(0x5de05d09, 0xa4292f81), TOBN(0xa8303593, 0x353e3083), - TOBN(0xa1715b0a, 0x7e37a9bb), TOBN(0x8c56f61e, 0x2b8faec3), - TOBN(0x52507431, 0x33c9b102), TOBN(0x0130cefc, 0xa44431f0), - TOBN(0x56039fa0, 0xbd865cfb), TOBN(0x4b03e578, 0xbc5f1dd7), - TOBN(0x40edf2e4, 0xbabe7224), TOBN(0xc752496d, 0x3a1988f6), - TOBN(0xd1572d3b, 0x564beb6b), TOBN(0x0db1d110, 0x39a1c608), - TOBN(0x568d1934, 0x16f60126), TOBN(0x05ae9668, 0xf354af33), - TOBN(0x19de6d37, 0xc92544f2), TOBN(0xcc084353, 0xa35837d5), - TOBN(0xcbb6869c, 0x1a514ece), TOBN(0xb633e728, 0x2e1d1066), - TOBN(0xf15dd69f, 0x936c581c), TOBN(0x96e7b8ce, 0x7439c4f9), - TOBN(0x5e676f48, 0x2e448a5b), TOBN(0xb2ca7d5b, 0xfd916bbb), - TOBN(0xd55a2541, 0xf5024025), TOBN(0x47bc5769, 0xe4c2d937), - TOBN(0x7d31b92a, 0x0362189f), TOBN(0x83f3086e, 0xef7816f9), - TOBN(0xf9f46d94, 0xb587579a), TOBN(0xec2d22d8, 0x30e76c5f), - TOBN(0x27d57461, 0xb000ffcf), TOBN(0xbb7e65f9, 0x364ffc2c), - TOBN(0x7c7c9477, 0x6652a220), TOBN(0x61618f89, 0xd696c981), - TOBN(0x5021701d, 0x89effff3), TOBN(0xf2c8ff8e, 0x7c314163), - TOBN(0x2da413ad, 0x8efb4d3e), TOBN(0x937b5adf, 0xce176d95), - TOBN(0x22867d34, 0x2a67d51c), TOBN(0x262b9b10, 0x18eb3ac9), - TOBN(0x4e314fe4, 0xc43ff28b), TOBN(0x76476627, 0x6a664e7a), - TOBN(0x3e90e40b, 0xb7a565c2), TOBN(0x8588993a, 0xc1acf831), - TOBN(0xd7b501d6, 0x8f938829), TOBN(0x996627ee, 0x3edd7d4c), - TOBN(0x37d44a62, 0x90cd34c7), TOBN(0xa8327499, 0xf3833e8d), - TOBN(0x2e18917d, 0x4bf50353), TOBN(0x85dd726b, 0x556765fb), - TOBN(0x54fe65d6, 0x93d5ab66), TOBN(0x3ddbaced, 0x915c25fe), - TOBN(0xa799d9a4, 0x12f22e85), TOBN(0xe2a24867, 0x6d06f6bc), - TOBN(0xf4f1ee56, 0x43ca1637), TOBN(0xfda2828b, 0x61ece30a), - TOBN(0x758c1a3e, 0xa2dee7a6), TOBN(0xdcde2f3c, 0x734b2284), - TOBN(0xaba445d2, 0x4eaba6ad), TOBN(0x35aaf668, 0x76cee0a7), - TOBN(0x7e0b04a9, 0xe5aa049a), TOBN(0xe74083ad, 0x91103e84), - TOBN(0xbeb183ce, 0x40afecc3), TOBN(0x6b89de9f, 0xea043f7a),} - , - {TOBN(0x0e299d23, 0xfe67ba66), TOBN(0x91450760, 0x93cf2f34), - TOBN(0xf45b5ea9, 0x97fcf913), TOBN(0x5be00843, 0x8bd7ddda), - TOBN(0x358c3e05, 0xd53ff04d), TOBN(0xbf7ccdc3, 0x5de91ef7), - TOBN(0xad684dbf, 0xb69ec1a0), TOBN(0x367e7cf2, 0x801fd997), - TOBN(0x0ca1f3b7, 0xb0dc8595), TOBN(0x27de4608, 0x9f1d9f2e), - TOBN(0x1af3bf39, 0xbadd82a7), TOBN(0x79356a79, 0x65862448), - TOBN(0xc0602345, 0xf5f9a052), TOBN(0x1a8b0f89, 0x139a42f9), - TOBN(0xb53eee42, 0x844d40fc), TOBN(0x93b0bfe5, 0x4e5b6368), - TOBN(0x5434dd02, 0xc024789c), TOBN(0x90dca9ea, 0x41b57bfc), - TOBN(0x8aa898e2, 0x243398df), TOBN(0xf607c834, 0x894a94bb), - TOBN(0xbb07be97, 0xc2c99b76), TOBN(0x6576ba67, 0x18c29302), - TOBN(0x3d79efcc, 0xe703a88c), TOBN(0xf259ced7, 0xb6a0d106), - TOBN(0x0f893a5d, 0xc8de610b), TOBN(0xe8c515fb, 0x67e223ce), - TOBN(0x7774bfa6, 0x4ead6dc5), TOBN(0x89d20f95, 0x925c728f), - TOBN(0x7a1e0966, 0x098583ce), TOBN(0xa2eedb94, 0x93f2a7d7), - TOBN(0x1b282097, 0x4c304d4a), TOBN(0x0842e3da, 0xc077282d), - TOBN(0xe4d972a3, 0x3b9e2d7b), TOBN(0x7cc60b27, 0xc48218ff), - TOBN(0x8fc70838, 0x84149d91), TOBN(0x5c04346f, 0x2f461ecc), - TOBN(0xebe9fdf2, 0x614650a9), TOBN(0x5e35b537, 0xc1f666ac), - TOBN(0x645613d1, 0x88babc83), TOBN(0x88cace3a, 0xc5e1c93e), - TOBN(0x209ca375, 0x3de92e23), TOBN(0xccb03cc8, 0x5fbbb6e3), - TOBN(0xccb90f03, 0xd7b1487e), TOBN(0xfa9c2a38, 0xc710941f), - TOBN(0x756c3823, 0x6724ceed), TOBN(0x3a902258, 0x192d0323), - TOBN(0xb150e519, 0xea5e038e), TOBN(0xdcba2865, 0xc7427591), - TOBN(0xe549237f, 0x78890732), TOBN(0xc443bef9, 0x53fcb4d9), - TOBN(0x9884d8a6, 0xeb3480d6), TOBN(0x8a35b6a1, 0x3048b186), - TOBN(0xb4e44716, 0x65e9a90a), TOBN(0x45bf380d, 0x653006c0), - TOBN(0x8f3f820d, 0x4fe9ae3b), TOBN(0x244a35a0, 0x979a3b71), - TOBN(0xa1010e9d, 0x74cd06ff), TOBN(0x9c17c7df, 0xaca3eeac), - TOBN(0x74c86cd3, 0x8063aa2b), TOBN(0x8595c4b3, 0x734614ff), - TOBN(0xa3de00ca, 0x990f62cc), TOBN(0xd9bed213, 0xca0c3be5), - TOBN(0x7886078a, 0xdf8ce9f5), TOBN(0xddb27ce3, 0x5cd44444), - TOBN(0xed374a66, 0x58926ddd), TOBN(0x138b2d49, 0x908015b8), - TOBN(0x886c6579, 0xde1f7ab8), TOBN(0x888b9aa0, 0xc3020b7a), - TOBN(0xd3ec034e, 0x3a96e355), TOBN(0xba65b0b8, 0xf30fbe9a), - TOBN(0x064c8e50, 0xff21367a), TOBN(0x1f508ea4, 0x0b04b46e), - TOBN(0x98561a49, 0x747c866c), TOBN(0xbbb1e5fe, 0x0518a062), - TOBN(0x20ff4e8b, 0xecdc3608), TOBN(0x7f55cded, 0x20184027), - TOBN(0x8d73ec95, 0xf38c85f0), TOBN(0x5b589fdf, 0x8bc3b8c3), - TOBN(0xbe95dd98, 0x0f12b66f), TOBN(0xf5bd1a09, 0x0e338e01), - TOBN(0x65163ae5, 0x5e915918), TOBN(0x6158d6d9, 0x86f8a46b), - TOBN(0x8466b538, 0xeeebf99c), TOBN(0xca8761f6, 0xbca477ef), - TOBN(0xaf3449c2, 0x9ebbc601), TOBN(0xef3b0f41, 0xe0c3ae2f), - TOBN(0xaa6c577d, 0x5de63752), TOBN(0xe9166601, 0x64682a51), - TOBN(0x5a3097be, 0xfc15aa1e), TOBN(0x40d12548, 0xb54b0745), - TOBN(0x5bad4706, 0x519a5f12), TOBN(0xed03f717, 0xa439dee6), - TOBN(0x0794bb6c, 0x4a02c499), TOBN(0xf725083d, 0xcffe71d2), - TOBN(0x2cad7519, 0x0f3adcaf), TOBN(0x7f68ea1c, 0x43729310), - TOBN(0xe747c8c7, 0xb7ffd977), TOBN(0xec104c35, 0x80761a22), - TOBN(0x8395ebaf, 0x5a3ffb83), TOBN(0xfb3261f4, 0xe4b63db7), - TOBN(0x53544960, 0xd883e544), TOBN(0x13520d70, 0x8cc2eeb8), - TOBN(0x08f6337b, 0xd3d65f99), TOBN(0x83997db2, 0x781cf95b), - TOBN(0xce6ff106, 0x0dbd2c01), TOBN(0x4f8eea6b, 0x1f9ce934), - TOBN(0x546f7c4b, 0x0e993921), TOBN(0x6236a324, 0x5e753fc7), - TOBN(0x65a41f84, 0xa16022e9), TOBN(0x0c18d878, 0x43d1dbb2), - TOBN(0x73c55640, 0x2d4cef9c), TOBN(0xa0428108, 0x70444c74), - TOBN(0x68e4f15e, 0x9afdfb3c), TOBN(0x49a56143, 0x5bdfb6df), - TOBN(0xa9bc1bd4, 0x5f823d97), TOBN(0xbceb5970, 0xea111c2a), - TOBN(0x366b455f, 0xb269bbc4), TOBN(0x7cd85e1e, 0xe9bc5d62), - TOBN(0xc743c41c, 0x4f18b086), TOBN(0xa4b40990, 0x95294fb9), - TOBN(0x9c7c581d, 0x26ee8382), TOBN(0xcf17dcc5, 0x359d638e), - TOBN(0xee8273ab, 0xb728ae3d), TOBN(0x1d112926, 0xf821f047), - TOBN(0x11498477, 0x50491a74), TOBN(0x687fa761, 0xfde0dfb9), - TOBN(0x2c258022, 0x7ea435ab), TOBN(0x6b8bdb94, 0x91ce7e3f), - TOBN(0x4c5b5dc9, 0x3bf834aa), TOBN(0x04371819, 0x4f6c7e4b), - TOBN(0xc284e00a, 0x3736bcad), TOBN(0x0d881118, 0x21ae8f8d), - TOBN(0xf9cf0f82, 0xf48c8e33), TOBN(0xa11fd075, 0xa1bf40db), - TOBN(0xdceab0de, 0xdc2733e5), TOBN(0xc560a8b5, 0x8e986bd7), - TOBN(0x48dd1fe2, 0x3929d097), TOBN(0x3885b290, 0x92f188f1), - TOBN(0x0f2ae613, 0xda6fcdac), TOBN(0x9054303e, 0xb662a46c), - TOBN(0xb6871e44, 0x0738042a), TOBN(0x98e6a977, 0xbdaf6449), - TOBN(0xd8bc0650, 0xd1c9df1b), TOBN(0xef3d6451, 0x36e098f9), - TOBN(0x03fbae82, 0xb6d72d28), TOBN(0x77ca9db1, 0xf5d84080), - TOBN(0x8a112cff, 0xa58efc1c), TOBN(0x518d761c, 0xc564cb4a), - TOBN(0x69b5740e, 0xf0d1b5ce), TOBN(0x717039cc, 0xe9eb1785), - TOBN(0x3fe29f90, 0x22f53382), TOBN(0x8e54ba56, 0x6bc7c95c), - TOBN(0x9c806d8a, 0xf7f91d0f), TOBN(0x3b61b0f1, 0xa82a5728), - TOBN(0x4640032d, 0x94d76754), TOBN(0x273eb5de, 0x47d834c6), - TOBN(0x2988abf7, 0x7b4e4d53), TOBN(0xb7ce66bf, 0xde401777), - TOBN(0x9fba6b32, 0x715071b3), TOBN(0x82413c24, 0xad3a1a98), - TOBN(0x5b7fc8c4, 0xe0e8ad93), TOBN(0xb5679aee, 0x5fab868d), - TOBN(0xb1f9d2fa, 0x2b3946f3), TOBN(0x458897dc, 0x5685b50a), - TOBN(0x1e98c930, 0x89d0caf3), TOBN(0x39564c5f, 0x78642e92), - TOBN(0x1b77729a, 0x0dbdaf18), TOBN(0xf9170722, 0x579e82e6), - TOBN(0x680c0317, 0xe4515fa5), TOBN(0xf85cff84, 0xfb0c790f), - TOBN(0xc7a82aab, 0x6d2e0765), TOBN(0x7446bca9, 0x35c82b32), - TOBN(0x5de607aa, 0x6d63184f), TOBN(0x7c1a46a8, 0x262803a6), - TOBN(0xd218313d, 0xaebe8035), TOBN(0x92113ffd, 0xc73c51f8), - TOBN(0x4b38e083, 0x12e7e46c), TOBN(0x69d0a37a, 0x56126bd5), - TOBN(0xfb3f324b, 0x73c07e04), TOBN(0xa0c22f67, 0x8fda7267), - TOBN(0x8f2c0051, 0x4d2c7d8f), TOBN(0xbc45ced3, 0xcbe2cae5), - TOBN(0xe1c6cf07, 0xa8f0f277), TOBN(0xbc392312, 0x1eb99a98), - TOBN(0x75537b7e, 0x3cc8ac85), TOBN(0x8d725f57, 0xdd02753b), - TOBN(0xfd05ff64, 0xb737df2f), TOBN(0x55fe8712, 0xf6d2531d), - TOBN(0x57ce04a9, 0x6ab6b01c), TOBN(0x69a02a89, 0x7cd93724), - TOBN(0x4f82ac35, 0xcf86699b), TOBN(0x8242d3ad, 0x9cb4b232), - TOBN(0x713d0f65, 0xd62105e5), TOBN(0xbb222bfa, 0x2d29be61), - TOBN(0xf2f9a79e, 0x6cfbef09), TOBN(0xfc24d8d3, 0xd5d6782f), - TOBN(0x5db77085, 0xd4129967), TOBN(0xdb81c3cc, 0xdc3c2a43), - TOBN(0x9d655fc0, 0x05d8d9a3), TOBN(0x3f5d057a, 0x54298026), - TOBN(0x1157f56d, 0x88c54694), TOBN(0xb26baba5, 0x9b09573e), - TOBN(0x2cab03b0, 0x22adffd1), TOBN(0x60a412c8, 0xdd69f383), - TOBN(0xed76e98b, 0x54b25039), TOBN(0xd4ee67d3, 0x687e714d), - TOBN(0x87739648, 0x7b00b594), TOBN(0xce419775, 0xc9ef709b), - TOBN(0x40f76f85, 0x1c203a40), TOBN(0x30d352d6, 0xeafd8f91), - TOBN(0xaf196d3d, 0x95578dd2), TOBN(0xea4bb3d7, 0x77cc3f3d), - TOBN(0x42a5bd03, 0xb98e782b), TOBN(0xac958c40, 0x0624920d), - TOBN(0xb838134c, 0xfc56fcc8), TOBN(0x86ec4ccf, 0x89572e5e), - TOBN(0x69c43526, 0x9be47be0), TOBN(0x323b7dd8, 0xcb28fea1), - TOBN(0xfa5538ba, 0x3a6c67e5), TOBN(0xef921d70, 0x1d378e46), - TOBN(0xf92961fc, 0x3c4b880e), TOBN(0x3f6f914e, 0x98940a67), - TOBN(0xa990eb0a, 0xfef0ff39), TOBN(0xa6c2920f, 0xf0eeff9c), - TOBN(0xca804166, 0x51b8d9a3), TOBN(0x42531bc9, 0x0ffb0db1), - TOBN(0x72ce4718, 0xaa82e7ce), TOBN(0x6e199913, 0xdf574741), - TOBN(0xd5f1b13d, 0xd5d36946), TOBN(0x8255dc65, 0xf68f0194), - TOBN(0xdc9df4cd, 0x8710d230), TOBN(0x3453c20f, 0x138c1988), - TOBN(0x9af98dc0, 0x89a6ef01), TOBN(0x4dbcc3f0, 0x9857df85), - TOBN(0x34805601, 0x5c1ad924), TOBN(0x40448da5, 0xd0493046), - TOBN(0xf629926d, 0x4ee343e2), TOBN(0x6343f1bd, 0x90e8a301), - TOBN(0xefc93491, 0x40815b3f), TOBN(0xf882a423, 0xde8f66fb), - TOBN(0x3a12d5f4, 0xe7db9f57), TOBN(0x7dfba38a, 0x3c384c27), - TOBN(0x7a904bfd, 0x6fc660b1), TOBN(0xeb6c5db3, 0x2773b21c), - TOBN(0xc350ee66, 0x1cdfe049), TOBN(0x9baac0ce, 0x44540f29), - TOBN(0xbc57b6ab, 0xa5ec6aad), TOBN(0x167ce8c3, 0x0a7c1baa), - TOBN(0xb23a03a5, 0x53fb2b56), TOBN(0x6ce141e7, 0x4e057f78), - TOBN(0x796525c3, 0x89e490d9), TOBN(0x0bc95725, 0xa31a7e75), - TOBN(0x1ec56791, 0x1220fd06), TOBN(0x716e3a3c, 0x408b0bd6), - TOBN(0x31cd6bf7, 0xe8ebeba9), TOBN(0xa7326ca6, 0xbee6b670), - TOBN(0x3d9f851c, 0xcd090c43), TOBN(0x561e8f13, 0xf12c3988), - TOBN(0x50490b6a, 0x904b7be4), TOBN(0x61690ce1, 0x0410737b), - TOBN(0x299e9a37, 0x0f009052), TOBN(0x258758f0, 0xf026092e), - TOBN(0x9fa255f3, 0xfdfcdc0f), TOBN(0xdbc9fb1f, 0xc0e1bcd2), - TOBN(0x35f9dd6e, 0x24651840), TOBN(0xdca45a84, 0xa5c59abc), - TOBN(0x103d396f, 0xecca4938), TOBN(0x4532da0a, 0xb97b3f29), - TOBN(0xc4135ea5, 0x1999a6bf), TOBN(0x3aa9505a, 0x5e6bf2ee), - TOBN(0xf77cef06, 0x3f5be093), TOBN(0x97d1a0f8, 0xa943152e), - TOBN(0x2cb0ebba, 0x2e1c21dd), TOBN(0xf41b29fc, 0x2c6797c4), - TOBN(0xc6e17321, 0xb300101f), TOBN(0x4422b0e9, 0xd0d79a89), - TOBN(0x49e4901c, 0x92f1bfc4), TOBN(0x06ab1f8f, 0xe1e10ed9), - TOBN(0x84d35577, 0xdb2926b8), TOBN(0xca349d39, 0x356e8ec2), - TOBN(0x70b63d32, 0x343bf1a9), TOBN(0x8fd3bd28, 0x37d1a6b1), - TOBN(0x0454879c, 0x316865b4), TOBN(0xee959ff6, 0xc458efa2), - TOBN(0x0461dcf8, 0x9706dc3f), TOBN(0x737db0e2, 0x164e4b2e), - TOBN(0x09262680, 0x2f8843c8), TOBN(0x54498bbc, 0x7745e6f6), - TOBN(0x359473fa, 0xa29e24af), TOBN(0xfcc3c454, 0x70aa87a1), - TOBN(0xfd2c4bf5, 0x00573ace), TOBN(0xb65b514e, 0x28dd1965), - TOBN(0xe46ae7cf, 0x2193e393), TOBN(0x60e9a4e1, 0xf5444d97), - TOBN(0xe7594e96, 0x00ff38ed), TOBN(0x43d84d2f, 0x0a0e0f02), - TOBN(0x8b6db141, 0xee398a21), TOBN(0xb88a56ae, 0xe3bcc5be), - TOBN(0x0a1aa52f, 0x373460ea), TOBN(0x20da1a56, 0x160bb19b), - TOBN(0xfb54999d, 0x65bf0384), TOBN(0x71a14d24, 0x5d5a180e), - TOBN(0xbc44db7b, 0x21737b04), TOBN(0xd84fcb18, 0x01dd8e92), - TOBN(0x80de937b, 0xfa44b479), TOBN(0x53505499, 0x5c98fd4f), - TOBN(0x1edb12ab, 0x28f08727), TOBN(0x4c58b582, 0xa5f3ef53), - TOBN(0xbfb236d8, 0x8327f246), TOBN(0xc3a3bfaa, 0x4d7df320), - TOBN(0xecd96c59, 0xb96024f2), TOBN(0xfc293a53, 0x7f4e0433), - TOBN(0x5341352b, 0x5acf6e10), TOBN(0xc50343fd, 0xafe652c3), - TOBN(0x4af3792d, 0x18577a7f), TOBN(0xe1a4c617, 0xaf16823d), - TOBN(0x9b26d0cd, 0x33425d0a), TOBN(0x306399ed, 0x9b7bc47f), - TOBN(0x2a792f33, 0x706bb20b), TOBN(0x31219614, 0x98111055), - TOBN(0x864ec064, 0x87f5d28b), TOBN(0x11392d91, 0x962277fd), - TOBN(0xb5aa7942, 0xbb6aed5f), TOBN(0x080094dc, 0x47e799d9), - TOBN(0x4afa588c, 0x208ba19b), TOBN(0xd3e7570f, 0x8512f284), - TOBN(0xcbae64e6, 0x02f5799a), TOBN(0xdeebe7ef, 0x514b9492), - TOBN(0x30300f98, 0xe5c298ff), TOBN(0x17f561be, 0x3678361f), - TOBN(0xf52ff312, 0x98cb9a16), TOBN(0x6233c3bc, 0x5562d490), - TOBN(0x7bfa15a1, 0x92e3a2cb), TOBN(0x961bcfd1, 0xe6365119), - TOBN(0x3bdd29bf, 0x2c8c53b1), TOBN(0x739704df, 0x822844ba), - TOBN(0x7dacfb58, 0x7e7b754b), TOBN(0x23360791, 0xa806c9b9), - TOBN(0xe7eb88c9, 0x23504452), TOBN(0x2983e996, 0x852c1783), - TOBN(0xdd4ae529, 0x958d881d), TOBN(0x026bae03, 0x262c7b3c), - TOBN(0x3a6f9193, 0x960b52d1), TOBN(0xd0980f90, 0x92696cfb), - TOBN(0x4c1f428c, 0xd5f30851), TOBN(0x94dfed27, 0x2a4f6630), - TOBN(0x4df53772, 0xfc5d48a4), TOBN(0xdd2d5a2f, 0x933260ce), - TOBN(0x574115bd, 0xd44cc7a5), TOBN(0x4ba6b20d, 0xbd12533a), - TOBN(0x30e93cb8, 0x243057c9), TOBN(0x794c486a, 0x14de320e), - TOBN(0xe925d4ce, 0xf21496e4), TOBN(0xf951d198, 0xec696331), - TOBN(0x9810e2de, 0x3e8d812f), TOBN(0xd0a47259, 0x389294ab), - TOBN(0x513ba2b5, 0x0e3bab66), TOBN(0x462caff5, 0xabad306f), - TOBN(0xe2dc6d59, 0xaf04c49e), TOBN(0x1aeb8750, 0xe0b84b0b), - TOBN(0xc034f12f, 0x2f7d0ca2), TOBN(0x6d2e8128, 0xe06acf2f), - TOBN(0x801f4f83, 0x21facc2f), TOBN(0xa1170c03, 0xf40ef607), - TOBN(0xfe0a1d4f, 0x7805a99c), TOBN(0xbde56a36, 0xcc26aba5), - TOBN(0x5b1629d0, 0x35531f40), TOBN(0xac212c2b, 0x9afa6108), - TOBN(0x30a06bf3, 0x15697be5), TOBN(0x6f0545dc, 0x2c63c7c1), - TOBN(0x5d8cb842, 0x7ccdadaf), TOBN(0xd52e379b, 0xac7015bb), - TOBN(0xc4f56147, 0xf462c23e), TOBN(0xd44a4298, 0x46bc24b0), - TOBN(0xbc73d23a, 0xe2856d4f), TOBN(0x61cedd8c, 0x0832bcdf), - TOBN(0x60953556, 0x99f241d7), TOBN(0xee4adbd7, 0x001a349d), - TOBN(0x0b35bf6a, 0xaa89e491), TOBN(0x7f0076f4, 0x136f7546), - TOBN(0xd19a18ba, 0x9264da3d), TOBN(0x6eb2d2cd, 0x62a7a28b), - TOBN(0xcdba941f, 0x8761c971), TOBN(0x1550518b, 0xa3be4a5d), - TOBN(0xd0e8e2f0, 0x57d0b70c), TOBN(0xeea8612e, 0xcd133ba3), - TOBN(0x814670f0, 0x44416aec), TOBN(0x424db6c3, 0x30775061), - TOBN(0xd96039d1, 0x16213fd1), TOBN(0xc61e7fa5, 0x18a3478f), - TOBN(0xa805bdcc, 0xcb0c5021), TOBN(0xbdd6f3a8, 0x0cc616dd), - TOBN(0x06009667, 0x5d97f7e2), TOBN(0x31db0fc1, 0xaf0bf4b6), - TOBN(0x23680ed4, 0x5491627a), TOBN(0xb99a3c66, 0x7d741fb1), - TOBN(0xe9bb5f55, 0x36b1ff92), TOBN(0x29738577, 0x512b388d), - TOBN(0xdb8a2ce7, 0x50fcf263), TOBN(0x385346d4, 0x6c4f7b47), - TOBN(0xbe86c5ef, 0x31631f9e), TOBN(0xbf91da21, 0x03a57a29), - TOBN(0xc3b1f796, 0x7b23f821), TOBN(0x0f7d00d2, 0x770db354), - TOBN(0x8ffc6c3b, 0xd8fe79da), TOBN(0xcc5e8c40, 0xd525c996), - TOBN(0x4640991d, 0xcfff632a), TOBN(0x64d97e8c, 0x67112528), - TOBN(0xc232d973, 0x02f1cd1e), TOBN(0xce87eacb, 0x1dd212a4), - TOBN(0x6e4c8c73, 0xe69802f7), TOBN(0x12ef0290, 0x1fffddbd), - TOBN(0x941ec74e, 0x1bcea6e2), TOBN(0xd0b54024, 0x3cb92cbb), - TOBN(0x809fb9d4, 0x7e8f9d05), TOBN(0x3bf16159, 0xf2992aae), - TOBN(0xad40f279, 0xf8a7a838), TOBN(0x11aea631, 0x05615660), - TOBN(0xbf52e6f1, 0xa01f6fa1), TOBN(0xef046995, 0x3dc2aec9), - TOBN(0x785dbec9, 0xd8080711), TOBN(0xe1aec60a, 0x9fdedf76), - TOBN(0xece797b5, 0xfa21c126), TOBN(0xc66e898f, 0x05e52732), - TOBN(0x39bb69c4, 0x08811fdb), TOBN(0x8bfe1ef8, 0x2fc7f082), - TOBN(0xc8e7a393, 0x174f4138), TOBN(0xfba8ad1d, 0xd58d1f98), - TOBN(0xbc21d0ce, 0xbfd2fd5b), TOBN(0x0b839a82, 0x6ee60d61), - TOBN(0xaacf7658, 0xafd22253), TOBN(0xb526bed8, 0xaae396b3), - TOBN(0xccc1bbc2, 0x38564464), TOBN(0x9e3ff947, 0x8c45bc73), - TOBN(0xcde9bca3, 0x58188a78), TOBN(0x138b8ee0, 0xd73bf8f7), - TOBN(0x5c7e234c, 0x4123c489), TOBN(0x66e69368, 0xfa643297), - TOBN(0x0629eeee, 0x39a15fa3), TOBN(0x95fab881, 0xa9e2a927), - TOBN(0xb2497007, 0xeafbb1e1), TOBN(0xd75c9ce6, 0xe75b7a93), - TOBN(0x3558352d, 0xefb68d78), TOBN(0xa2f26699, 0x223f6396), - TOBN(0xeb911ecf, 0xe469b17a), TOBN(0x62545779, 0xe72d3ec2), - TOBN(0x8ea47de7, 0x82cb113f), TOBN(0xebe4b086, 0x4e1fa98d), - TOBN(0xec2d5ed7, 0x8cdfedb1), TOBN(0xa535c077, 0xfe211a74), - TOBN(0x9678109b, 0x11d244c5), TOBN(0xf17c8bfb, 0xbe299a76), - TOBN(0xb651412e, 0xfb11fbc4), TOBN(0xea0b5482, 0x94ab3f65), - TOBN(0xd8dffd95, 0x0cf78243), TOBN(0x2e719e57, 0xce0361d4), - TOBN(0x9007f085, 0x304ddc5b), TOBN(0x095e8c6d, 0x4daba2ea), - TOBN(0x5a33cdb4, 0x3f9d28a9), TOBN(0x85b95cd8, 0xe2283003), - TOBN(0xbcd6c819, 0xb9744733), TOBN(0x29c5f538, 0xfc7f5783), - TOBN(0x6c49b2fa, 0xd59038e4), TOBN(0x68349cc1, 0x3bbe1018), - TOBN(0xcc490c1d, 0x21830ee5), TOBN(0x36f9c4ee, 0xe9bfa297), - TOBN(0x58fd7294, 0x48de1a94), TOBN(0xaadb13a8, 0x4e8f2cdc), - TOBN(0x515eaaa0, 0x81313dba), TOBN(0xc76bb468, 0xc2152dd8), - TOBN(0x357f8d75, 0xa653dbf8), TOBN(0xe4d8c4d1, 0xb14ac143), - TOBN(0xbdb8e675, 0xb055cb40), TOBN(0x898f8e7b, 0x977b5167), - TOBN(0xecc65651, 0xb82fb863), TOBN(0x56544814, 0x6d88f01f), - TOBN(0xb0928e95, 0x263a75a9), TOBN(0xcfb6836f, 0x1a22fcda), - TOBN(0x651d14db, 0x3f3bd37c), TOBN(0x1d3837fb, 0xb6ad4664), - TOBN(0x7c5fb538, 0xff4f94ab), TOBN(0x7243c712, 0x6d7fb8f2), - TOBN(0xef13d60c, 0xa85c5287), TOBN(0x18cfb7c7, 0x4bb8dd1b), - TOBN(0x82f9bfe6, 0x72908219), TOBN(0x35c4592b, 0x9d5144ab), - TOBN(0x52734f37, 0x9cf4b42f), TOBN(0x6bac55e7, 0x8c60ddc4), - TOBN(0xb5cd811e, 0x94dea0f6), TOBN(0x259ecae4, 0xe18cc1a3), - TOBN(0x6a0e836e, 0x15e660f8), TOBN(0x6c639ea6, 0x0e02bff2), - TOBN(0x8721b8cb, 0x7e1026fd), TOBN(0x9e73b50b, 0x63261942), - TOBN(0xb8c70974, 0x77f01da3), TOBN(0x1839e6a6, 0x8268f57f), - TOBN(0x571b9415, 0x5150b805), TOBN(0x1892389e, 0xf92c7097), - TOBN(0x8d69c18e, 0x4a084b95), TOBN(0x7014c512, 0xbe5b495c), - TOBN(0x4780db36, 0x1b07523c), TOBN(0x2f6219ce, 0x2c1c64fa), - TOBN(0xc38b81b0, 0x602c105a), TOBN(0xab4f4f20, 0x5dc8e360), - TOBN(0x20d3c982, 0xcf7d62d2), TOBN(0x1f36e29d, 0x23ba8150), - TOBN(0x48ae0bf0, 0x92763f9e), TOBN(0x7a527e6b, 0x1d3a7007), - TOBN(0xb4a89097, 0x581a85e3), TOBN(0x1f1a520f, 0xdc158be5), - TOBN(0xf98db37d, 0x167d726e), TOBN(0x8802786e, 0x1113e862)} - , - {TOBN(0xefb2149e, 0x36f09ab0), TOBN(0x03f163ca, 0x4a10bb5b), - TOBN(0xd0297045, 0x06e20998), TOBN(0x56f0af00, 0x1b5a3bab), - TOBN(0x7af4cfec, 0x70880e0d), TOBN(0x7332a66f, 0xbe3d913f), - TOBN(0x32e6c84a, 0x7eceb4bd), TOBN(0xedc4a79a, 0x9c228f55), - TOBN(0xc37c7dd0, 0xc55c4496), TOBN(0xa6a96357, 0x25bbabd2), - TOBN(0x5b7e63f2, 0xadd7f363), TOBN(0x9dce3782, 0x2e73f1df), - TOBN(0xe1e5a16a, 0xb2b91f71), TOBN(0xe4489823, 0x5ba0163c), - TOBN(0xf2759c32, 0xf6e515ad), TOBN(0xa5e2f1f8, 0x8615eecf), - TOBN(0x74519be7, 0xabded551), TOBN(0x03d358b8, 0xc8b74410), - TOBN(0x4d00b10b, 0x0e10d9a9), TOBN(0x6392b0b1, 0x28da52b7), - TOBN(0x6744a298, 0x0b75c904), TOBN(0xc305b0ae, 0xa8f7f96c), - TOBN(0x042e421d, 0x182cf932), TOBN(0xf6fc5d50, 0x9e4636ca), - TOBN(0x795847c9, 0xd64cc78c), TOBN(0x6c50621b, 0x9b6cb27b), - TOBN(0x07099bf8, 0xdf8022ab), TOBN(0x48f862eb, 0xc04eda1d), - TOBN(0xd12732ed, 0xe1603c16), TOBN(0x19a80e0f, 0x5c9a9450), - TOBN(0xe2257f54, 0xb429b4fc), TOBN(0x66d3b2c6, 0x45460515), - TOBN(0x6ca4f87e, 0x822e37be), TOBN(0x73f237b4, 0x253bda4e), - TOBN(0xf747f3a2, 0x41190aeb), TOBN(0xf06fa36f, 0x804cf284), - TOBN(0x0a6bbb6e, 0xfc621c12), TOBN(0x5d624b64, 0x40b80ec6), - TOBN(0x4b072425, 0x7ba556f3), TOBN(0x7fa0c354, 0x3e2d20a8), - TOBN(0xe921fa31, 0xe3229d41), TOBN(0xa929c652, 0x94531bd4), - TOBN(0x84156027, 0xa6d38209), TOBN(0xf3d69f73, 0x6bdb97bd), - TOBN(0x8906d19a, 0x16833631), TOBN(0x68a34c2e, 0x03d51be3), - TOBN(0xcb59583b, 0x0e511cd8), TOBN(0x99ce6bfd, 0xfdc132a8), - TOBN(0x3facdaaa, 0xffcdb463), TOBN(0x658bbc1a, 0x34a38b08), - TOBN(0x12a801f8, 0xf1a9078d), TOBN(0x1567bcf9, 0x6ab855de), - TOBN(0xe08498e0, 0x3572359b), TOBN(0xcf0353e5, 0x8659e68b), - TOBN(0xbb86e9c8, 0x7d23807c), TOBN(0xbc08728d, 0x2198e8a2), - TOBN(0x8de2b7bc, 0x453cadd6), TOBN(0x203900a7, 0xbc0bc1f8), - TOBN(0xbcd86e47, 0xa6abd3af), TOBN(0x911cac12, 0x8502effb), - TOBN(0x2d550242, 0xec965469), TOBN(0x0e9f7692, 0x29e0017e), - TOBN(0x633f078f, 0x65979885), TOBN(0xfb87d449, 0x4cf751ef), - TOBN(0xe1790e4b, 0xfc25419a), TOBN(0x36467203, 0x4bff3cfd), - TOBN(0xc8db6386, 0x25b6e83f), TOBN(0x6cc69f23, 0x6cad6fd2), - TOBN(0x0219e45a, 0x6bc68bb9), TOBN(0xe43d79b6, 0x297f7334), - TOBN(0x7d445368, 0x465dc97c), TOBN(0x4b9eea32, 0x2a0b949a), - TOBN(0x1b96c6ba, 0x6102d021), TOBN(0xeaafac78, 0x2f4461ea), - TOBN(0xd4b85c41, 0xc49f19a8), TOBN(0x275c28e4, 0xcf538875), - TOBN(0x35451a9d, 0xdd2e54e0), TOBN(0x6991adb5, 0x0605618b), - TOBN(0x5b8b4bcd, 0x7b36cd24), TOBN(0x372a4f8c, 0x56f37216), - TOBN(0xc890bd73, 0xa6a5da60), TOBN(0x6f083da0, 0xdc4c9ff0), - TOBN(0xf4e14d94, 0xf0536e57), TOBN(0xf9ee1eda, 0xaaec8243), - TOBN(0x571241ec, 0x8bdcf8e7), TOBN(0xa5db8271, 0x0b041e26), - TOBN(0x9a0b9a99, 0xe3fff040), TOBN(0xcaaf21dd, 0x7c271202), - TOBN(0xb4e2b2e1, 0x4f0dd2e8), TOBN(0xe77e7c4f, 0x0a377ac7), - TOBN(0x69202c3f, 0x0d7a2198), TOBN(0xf759b7ff, 0x28200eb8), - TOBN(0xc87526ed, 0xdcfe314e), TOBN(0xeb84c524, 0x53d5cf99), - TOBN(0xb1b52ace, 0x515138b6), TOBN(0x5aa7ff8c, 0x23fca3f4), - TOBN(0xff0b13c3, 0xb9791a26), TOBN(0x960022da, 0xcdd58b16), - TOBN(0xdbd55c92, 0x57aad2de), TOBN(0x3baaaaa3, 0xf30fe619), - TOBN(0x9a4b2346, 0x0d881efd), TOBN(0x506416c0, 0x46325e2a), - TOBN(0x91381e76, 0x035c18d4), TOBN(0xb3bb68be, 0xf27817b0), - TOBN(0x15bfb8bf, 0x5116f937), TOBN(0x7c64a586, 0xc1268943), - TOBN(0x71e25cc3, 0x8419a2c8), TOBN(0x9fd6b0c4, 0x8335f463), - TOBN(0x4bf0ba3c, 0xe8ee0e0e), TOBN(0x6f6fba60, 0x298c21fa), - TOBN(0x57d57b39, 0xae66bee0), TOBN(0x292d5130, 0x22672544), - TOBN(0xf451105d, 0xbab093b3), TOBN(0x012f59b9, 0x02839986), - TOBN(0x8a915802, 0x3474a89c), TOBN(0x048c919c, 0x2de03e97), - TOBN(0xc476a2b5, 0x91071cd5), TOBN(0x791ed89a, 0x034970a5), - TOBN(0x89bd9042, 0xe1b7994b), TOBN(0x8eaf5179, 0xa1057ffd), - TOBN(0x6066e2a2, 0xd551ee10), TOBN(0x87a8f1d8, 0x727e09a6), - TOBN(0x00d08bab, 0x2c01148d), TOBN(0x6da8e4f1, 0x424f33fe), - TOBN(0x466d17f0, 0xcf9a4e71), TOBN(0xff502010, 0x3bf5cb19), - TOBN(0xdccf97d8, 0xd062ecc0), TOBN(0x80c0d9af, 0x81d80ac4), - TOBN(0xe87771d8, 0x033f2876), TOBN(0xb0186ec6, 0x7d5cc3db), - TOBN(0x58e8bb80, 0x3bc9bc1d), TOBN(0x4d1395cc, 0x6f6ef60e), - TOBN(0xa73c62d6, 0x186244a0), TOBN(0x918e5f23, 0x110a5b53), - TOBN(0xed4878ca, 0x741b7eab), TOBN(0x3038d71a, 0xdbe03e51), - TOBN(0x840204b7, 0xa93c3246), TOBN(0x21ab6069, 0xa0b9b4cd), - TOBN(0xf5fa6e2b, 0xb1d64218), TOBN(0x1de6ad0e, 0xf3d56191), - TOBN(0x570aaa88, 0xff1929c7), TOBN(0xc6df4c6b, 0x640e87b5), - TOBN(0xde8a74f2, 0xc65f0ccc), TOBN(0x8b972fd5, 0xe6f6cc01), - TOBN(0x3fff36b6, 0x0b846531), TOBN(0xba7e45e6, 0x10a5e475), - TOBN(0x84a1d10e, 0x4145b6c5), TOBN(0xf1f7f91a, 0x5e046d9d), - TOBN(0x0317a692, 0x44de90d7), TOBN(0x951a1d4a, 0xf199c15e), - TOBN(0x91f78046, 0xc9d73deb), TOBN(0x74c82828, 0xfab8224f), - TOBN(0xaa6778fc, 0xe7560b90), TOBN(0xb4073e61, 0xa7e824ce), - TOBN(0xff0d693c, 0xd642eba8), TOBN(0x7ce2e57a, 0x5dccef38), - TOBN(0x89c2c789, 0x1df1ad46), TOBN(0x83a06922, 0x098346fd), - TOBN(0x2d715d72, 0xda2fc177), TOBN(0x7b6dd71d, 0x85b6cf1d), - TOBN(0xc60a6d0a, 0x73fa9cb0), TOBN(0xedd3992e, 0x328bf5a9), - TOBN(0xc380ddd0, 0x832c8c82), TOBN(0xd182d410, 0xa2a0bf50), - TOBN(0x7d9d7438, 0xd9a528db), TOBN(0xe8b1a0e9, 0xcaf53994), - TOBN(0xddd6e5fe, 0x0e19987c), TOBN(0xacb8df03, 0x190b059d), - TOBN(0x53703a32, 0x8300129f), TOBN(0x1f637662, 0x68c43bfd), - TOBN(0xbcbd1913, 0x00e54051), TOBN(0x812fcc62, 0x7bf5a8c5), - TOBN(0x3f969d5f, 0x29fb85da), TOBN(0x72f4e00a, 0x694759e8), - TOBN(0x426b6e52, 0x790726b7), TOBN(0x617bbc87, 0x3bdbb209), - TOBN(0x511f8bb9, 0x97aee317), TOBN(0x812a4096, 0xe81536a8), - TOBN(0x137dfe59, 0x3ac09b9b), TOBN(0x0682238f, 0xba8c9a7a), - TOBN(0x7072ead6, 0xaeccb4bd), TOBN(0x6a34e9aa, 0x692ba633), - TOBN(0xc82eaec2, 0x6fff9d33), TOBN(0xfb753512, 0x1d4d2b62), - TOBN(0x1a0445ff, 0x1d7aadab), TOBN(0x65d38260, 0xd5f6a67c), - TOBN(0x6e62fb08, 0x91cfb26f), TOBN(0xef1e0fa5, 0x5c7d91d6), - TOBN(0x47e7c7ba, 0x33db72cd), TOBN(0x017cbc09, 0xfa7c74b2), - TOBN(0x3c931590, 0xf50a503c), TOBN(0xcac54f60, 0x616baa42), - TOBN(0x9b6cd380, 0xb2369f0f), TOBN(0x97d3a70d, 0x23c76151), - TOBN(0x5f9dd6fc, 0x9862a9c6), TOBN(0x044c4ab2, 0x12312f51), - TOBN(0x035ea0fd, 0x834a2ddc), TOBN(0x49e6b862, 0xcc7b826d), - TOBN(0xb03d6883, 0x62fce490), TOBN(0x62f2497a, 0xb37e36e9), - TOBN(0x04b005b6, 0xc6458293), TOBN(0x36bb5276, 0xe8d10af7), - TOBN(0xacf2dc13, 0x8ee617b8), TOBN(0x470d2d35, 0xb004b3d4), - TOBN(0x06790832, 0xfeeb1b77), TOBN(0x2bb75c39, 0x85657f9c), - TOBN(0xd70bd4ed, 0xc0f60004), TOBN(0xfe797ecc, 0x219b018b), - TOBN(0x9b5bec2a, 0x753aebcc), TOBN(0xdaf9f3dc, 0xc939eca5), - TOBN(0xd6bc6833, 0xd095ad09), TOBN(0x98abdd51, 0xdaa4d2fc), - TOBN(0xd9840a31, 0x8d168be5), TOBN(0xcf7c10e0, 0x2325a23c), - TOBN(0xa5c02aa0, 0x7e6ecfaf), TOBN(0x2462e7e6, 0xb5bfdf18), - TOBN(0xab2d8a8b, 0xa0cc3f12), TOBN(0x68dd485d, 0xbc672a29), - TOBN(0x72039752, 0x596f2cd3), TOBN(0x5d3eea67, 0xa0cf3d8d), - TOBN(0x810a1a81, 0xe6602671), TOBN(0x8f144a40, 0x14026c0c), - TOBN(0xbc753a6d, 0x76b50f85), TOBN(0xc4dc21e8, 0x645cd4a4), - TOBN(0xc5262dea, 0x521d0378), TOBN(0x802b8e0e, 0x05011c6f), - TOBN(0x1ba19cbb, 0x0b4c19ea), TOBN(0x21db64b5, 0xebf0aaec), - TOBN(0x1f394ee9, 0x70342f9d), TOBN(0x93a10aee, 0x1bc44a14), - TOBN(0xa7eed31b, 0x3efd0baa), TOBN(0x6e7c824e, 0x1d154e65), - TOBN(0xee23fa81, 0x9966e7ee), TOBN(0x64ec4aa8, 0x05b7920d), - TOBN(0x2d44462d, 0x2d90aad4), TOBN(0xf44dd195, 0xdf277ad5), - TOBN(0x8d6471f1, 0xbb46b6a1), TOBN(0x1e65d313, 0xfd885090), - TOBN(0x33a800f5, 0x13a977b4), TOBN(0xaca9d721, 0x0797e1ef), - TOBN(0x9a5a85a0, 0xfcff6a17), TOBN(0x9970a3f3, 0x1eca7cee), - TOBN(0xbb9f0d6b, 0xc9504be3), TOBN(0xe0c504be, 0xadd24ee2), - TOBN(0x7e09d956, 0x77fcc2f4), TOBN(0xef1a5227, 0x65bb5fc4), - TOBN(0x145d4fb1, 0x8b9286aa), TOBN(0x66fd0c5d, 0x6649028b), - TOBN(0x98857ceb, 0x1bf4581c), TOBN(0xe635e186, 0xaca7b166), - TOBN(0x278ddd22, 0x659722ac), TOBN(0xa0903c4c, 0x1db68007), - TOBN(0x366e4589, 0x48f21402), TOBN(0x31b49c14, 0xb96abda2), - TOBN(0x329c4b09, 0xe0403190), TOBN(0x97197ca3, 0xd29f43fe), - TOBN(0x8073dd1e, 0x274983d8), TOBN(0xda1a3bde, 0x55717c8f), - TOBN(0xfd3d4da2, 0x0361f9d1), TOBN(0x1332d081, 0x4c7de1ce), - TOBN(0x9b7ef7a3, 0xaa6d0e10), TOBN(0x17db2e73, 0xf54f1c4a), - TOBN(0xaf3dffae, 0x4cd35567), TOBN(0xaaa2f406, 0xe56f4e71), - TOBN(0x8966759e, 0x7ace3fc7), TOBN(0x9594eacf, 0x45a8d8c6), - TOBN(0x8de3bd8b, 0x91834e0e), TOBN(0xafe4ca53, 0x548c0421), - TOBN(0xfdd7e856, 0xe6ee81c6), TOBN(0x8f671beb, 0x6b891a3a), - TOBN(0xf7a58f2b, 0xfae63829), TOBN(0x9ab186fb, 0x9c11ac9f), - TOBN(0x8d6eb369, 0x10b5be76), TOBN(0x046b7739, 0xfb040bcd), - TOBN(0xccb4529f, 0xcb73de88), TOBN(0x1df0fefc, 0xcf26be03), - TOBN(0xad7757a6, 0xbcfcd027), TOBN(0xa8786c75, 0xbb3165ca), - TOBN(0xe9db1e34, 0x7e99a4d9), TOBN(0x99ee86df, 0xb06c504b), - TOBN(0x5b7c2ddd, 0xc15c9f0a), TOBN(0xdf87a734, 0x4295989e), - TOBN(0x59ece47c, 0x03d08fda), TOBN(0xb074d3dd, 0xad5fc702), - TOBN(0x20407903, 0x51a03776), TOBN(0x2bb1f77b, 0x2a608007), - TOBN(0x25c58f4f, 0xe1153185), TOBN(0xe6df62f6, 0x766e6447), - TOBN(0xefb3d1be, 0xed51275a), TOBN(0x5de47dc7, 0x2f0f483f), - TOBN(0x7932d98e, 0x97c2bedf), TOBN(0xd5c11927, 0x0219f8a1), - TOBN(0x9d751200, 0xa73a294e), TOBN(0x5f88434a, 0x9dc20172), - TOBN(0xd28d9fd3, 0xa26f506a), TOBN(0xa890cd31, 0x9d1dcd48), - TOBN(0x0aebaec1, 0x70f4d3b4), TOBN(0xfd1a1369, 0x0ffc8d00), - TOBN(0xb9d9c240, 0x57d57838), TOBN(0x45929d26, 0x68bac361), - TOBN(0x5a2cd060, 0x25b15ca6), TOBN(0x4b3c83e1, 0x6e474446), - TOBN(0x1aac7578, 0xee1e5134), TOBN(0xa418f5d6, 0xc91e2f41), - TOBN(0x6936fc8a, 0x213ed68b), TOBN(0x860ae7ed, 0x510a5224), - TOBN(0x63660335, 0xdef09b53), TOBN(0x641b2897, 0xcd79c98d), - TOBN(0x29bd38e1, 0x01110f35), TOBN(0x79c26f42, 0x648b1937), - TOBN(0x64dae519, 0x9d9164f4), TOBN(0xd85a2310, 0x0265c273), - TOBN(0x7173dd5d, 0x4b07e2b1), TOBN(0xd144c4cb, 0x8d9ea221), - TOBN(0xe8b04ea4, 0x1105ab14), TOBN(0x92dda542, 0xfe80d8f1), - TOBN(0xe9982fa8, 0xcf03dce6), TOBN(0x8b5ea965, 0x1a22cffc), - TOBN(0xf7f4ea7f, 0x3fad88c4), TOBN(0x62db773e, 0x6a5ba95c), - TOBN(0xd20f02fb, 0x93f24567), TOBN(0xfd46c69a, 0x315257ca), - TOBN(0x0ac74cc7, 0x8bcab987), TOBN(0x46f31c01, 0x5ceca2f5), - TOBN(0x40aedb59, 0x888b219e), TOBN(0xe50ecc37, 0xe1fccd02), - TOBN(0x1bcd9dad, 0x911f816c), TOBN(0x583cc1ec, 0x8db9b00c), - TOBN(0xf3cd2e66, 0xa483bf11), TOBN(0xfa08a6f5, 0xb1b2c169), - TOBN(0xf375e245, 0x4be9fa28), TOBN(0x99a7ffec, 0x5b6d011f), - TOBN(0x6a3ebddb, 0xc4ae62da), TOBN(0x6cea00ae, 0x374aef5d), - TOBN(0xab5fb98d, 0x9d4d05bc), TOBN(0x7cba1423, 0xd560f252), - TOBN(0x49b2cc21, 0x208490de), TOBN(0x1ca66ec3, 0xbcfb2879), - TOBN(0x7f1166b7, 0x1b6fb16f), TOBN(0xfff63e08, 0x65fe5db3), - TOBN(0xb8345abe, 0x8b2610be), TOBN(0xb732ed80, 0x39de3df4), - TOBN(0x0e24ed50, 0x211c32b4), TOBN(0xd10d8a69, 0x848ff27d), - TOBN(0xc1074398, 0xed4de248), TOBN(0xd7cedace, 0x10488927), - TOBN(0xa4aa6bf8, 0x85673e13), TOBN(0xb46bae91, 0x6daf30af), - TOBN(0x07088472, 0xfcef7ad8), TOBN(0x61151608, 0xd4b35e97), - TOBN(0xbcfe8f26, 0xdde29986), TOBN(0xeb84c4c7, 0xd5a34c79), - TOBN(0xc1eec55c, 0x164e1214), TOBN(0x891be86d, 0xa147bb03), - TOBN(0x9fab4d10, 0x0ba96835), TOBN(0xbf01e9b8, 0xa5c1ae9f), - TOBN(0x6b4de139, 0xb186ebc0), TOBN(0xd5c74c26, 0x85b91bca), - TOBN(0x5086a99c, 0xc2d93854), TOBN(0xeed62a7b, 0xa7a9dfbc), - TOBN(0x8778ed6f, 0x76b7618a), TOBN(0xbff750a5, 0x03b66062), - TOBN(0x4cb7be22, 0xb65186db), TOBN(0x369dfbf0, 0xcc3a6d13), - TOBN(0xc7dab26c, 0x7191a321), TOBN(0x9edac3f9, 0x40ed718e), - TOBN(0xbc142b36, 0xd0cfd183), TOBN(0xc8af82f6, 0x7c991693), - TOBN(0xb3d1e4d8, 0x97ce0b2a), TOBN(0xe6d7c87f, 0xc3a55cdf), - TOBN(0x35846b95, 0x68b81afe), TOBN(0x018d12af, 0xd3c239d8), - TOBN(0x2b2c6208, 0x01206e15), TOBN(0xe0e42453, 0xa3b882c6), - TOBN(0x854470a3, 0xa50162d5), TOBN(0x08157478, 0x7017a62a), - TOBN(0x18bd3fb4, 0x820357c7), TOBN(0x992039ae, 0x6f1458ad), - TOBN(0x9a1df3c5, 0x25b44aa1), TOBN(0x2d780357, 0xed3d5281), - TOBN(0x58cf7e4d, 0xc77ad4d4), TOBN(0xd49a7998, 0xf9df4fc4), - TOBN(0x4465a8b5, 0x1d71205e), TOBN(0xa0ee0ea6, 0x649254aa), - TOBN(0x4b5eeecf, 0xab7bd771), TOBN(0x6c873073, 0x35c262b9), - TOBN(0xdc5bd648, 0x3c9d61e7), TOBN(0x233d6d54, 0x321460d2), - TOBN(0xd20c5626, 0xfc195bcc), TOBN(0x25445958, 0x04d78b63), - TOBN(0xe03fcb3d, 0x17ec8ef3), TOBN(0x54b690d1, 0x46b8f781), - TOBN(0x82fa2c8a, 0x21230646), TOBN(0xf51aabb9, 0x084f418c), - TOBN(0xff4fbec1, 0x1a30ba43), TOBN(0x6a5acf73, 0x743c9df7), - TOBN(0x1da2b357, 0xd635b4d5), TOBN(0xc3de68dd, 0xecd5c1da), - TOBN(0xa689080b, 0xd61af0dd), TOBN(0xdea5938a, 0xd665bf99), - TOBN(0x0231d71a, 0xfe637294), TOBN(0x01968aa6, 0xa5a81cd8), - TOBN(0x11252d50, 0x048e63b5), TOBN(0xc446bc52, 0x6ca007e9), - TOBN(0xef8c50a6, 0x96d6134b), TOBN(0x9361fbf5, 0x9e09a05c), - TOBN(0xf17f85a6, 0xdca3291a), TOBN(0xb178d548, 0xff251a21), - TOBN(0x87f6374b, 0xa4df3915), TOBN(0x566ce1bf, 0x2fd5d608), - TOBN(0x425cba4d, 0x7de35102), TOBN(0x6b745f8f, 0x58c5d5e2), - TOBN(0x88402af6, 0x63122edf), TOBN(0x3190f9ed, 0x3b989a89), - TOBN(0x4ad3d387, 0xebba3156), TOBN(0xef385ad9, 0xc7c469a5), - TOBN(0xb08281de, 0x3f642c29), TOBN(0x20be0888, 0x910ffb88), - TOBN(0xf353dd4a, 0xd5292546), TOBN(0x3f1627de, 0x8377a262), - TOBN(0xa5faa013, 0xeefcd638), TOBN(0x8f3bf626, 0x74cc77c3), - TOBN(0x32618f65, 0xa348f55e), TOBN(0x5787c0dc, 0x9fefeb9e), - TOBN(0xf1673aa2, 0xd9a23e44), TOBN(0x88dfa993, 0x4e10690d), - TOBN(0x1ced1b36, 0x2bf91108), TOBN(0x9193ceca, 0x3af48649), - TOBN(0xfb34327d, 0x2d738fc5), TOBN(0x6697b037, 0x975fee6c), - TOBN(0x2f485da0, 0xc04079a5), TOBN(0x2cdf5735, 0x2feaa1ac), - TOBN(0x76944420, 0xbd55659e), TOBN(0x7973e32b, 0x4376090c), - TOBN(0x86bb4fe1, 0x163b591a), TOBN(0x10441aed, 0xc196f0ca), - TOBN(0x3b431f4a, 0x045ad915), TOBN(0x6c11b437, 0xa4afacb1), - TOBN(0x30b0c7db, 0x71fdbbd8), TOBN(0xb642931f, 0xeda65acd), - TOBN(0x4baae6e8, 0x9c92b235), TOBN(0xa73bbd0e, 0x6b3993a1), - TOBN(0xd06d60ec, 0x693dd031), TOBN(0x03cab91b, 0x7156881c), - TOBN(0xd615862f, 0x1db3574b), TOBN(0x485b0185, 0x64bb061a), - TOBN(0x27434988, 0xa0181e06), TOBN(0x2cd61ad4, 0xc1c0c757), - TOBN(0x3effed5a, 0x2ff9f403), TOBN(0x8dc98d8b, 0x62239029), - TOBN(0x2206021e, 0x1f17b70d), TOBN(0xafbec0ca, 0xbf510015), - TOBN(0x9fed7164, 0x80130dfa), TOBN(0x306dc2b5, 0x8a02dcf5), - TOBN(0x48f06620, 0xfeb10fc0), TOBN(0x78d1e1d5, 0x5a57cf51), - TOBN(0xadef8c5a, 0x192ef710), TOBN(0x88afbd4b, 0x3b7431f9), - TOBN(0x7e1f7407, 0x64250c9e), TOBN(0x6e31318d, 0xb58bec07), - TOBN(0xfd4fc4b8, 0x24f89b4e), TOBN(0x65a5dd88, 0x48c36a2a), - TOBN(0x4f1eccff, 0xf024baa7), TOBN(0x22a21cf2, 0xcba94650), - TOBN(0x95d29dee, 0x42a554f7), TOBN(0x828983a5, 0x002ec4ba), - TOBN(0x8112a1f7, 0x8badb73d), TOBN(0x79ea8897, 0xa27c1839), - TOBN(0x8969a5a7, 0xd065fd83), TOBN(0xf49af791, 0xb262a0bc), - TOBN(0xfcdea8b6, 0xaf2b5127), TOBN(0x10e913e1, 0x564c2dbc), - TOBN(0x51239d14, 0xbc21ef51), TOBN(0xe51c3ceb, 0x4ce57292), - TOBN(0x795ff068, 0x47bbcc3b), TOBN(0x86b46e1e, 0xbd7e11e6), - TOBN(0x0ea6ba23, 0x80041ef4), TOBN(0xd72fe505, 0x6262342e), - TOBN(0x8abc6dfd, 0x31d294d4), TOBN(0xbbe017a2, 0x1278c2c9), - TOBN(0xb1fcfa09, 0xb389328a), TOBN(0x322fbc62, 0xd01771b5), - TOBN(0x04c0d063, 0x60b045bf), TOBN(0xdb652edc, 0x10e52d01), - TOBN(0x50ef932c, 0x03ec6627), TOBN(0xde1b3b2d, 0xc1ee50e3), - TOBN(0x5ab7bdc5, 0xdc37a90d), TOBN(0xfea67213, 0x31e33a96), - TOBN(0x6482b5cb, 0x4f2999aa), TOBN(0x38476cc6, 0xb8cbf0dd), - TOBN(0x93ebfacb, 0x173405bb), TOBN(0x15cdafe7, 0xe52369ec), - TOBN(0xd42d5ba4, 0xd935b7db), TOBN(0x648b6004, 0x1c99a4cd), - TOBN(0x785101bd, 0xa3b5545b), TOBN(0x4bf2c38a, 0x9dd67faf), - TOBN(0xb1aadc63, 0x4442449c), TOBN(0xe0e9921a, 0x33ad4fb8), - TOBN(0x5c552313, 0xaa686d82), TOBN(0xdee635fa, 0x465d866c), - TOBN(0xbc3c224a, 0x18ee6e8a), TOBN(0xeed748a6, 0xed42e02f), - TOBN(0xe70f930a, 0xd474cd08), TOBN(0x774ea6ec, 0xfff24adf), - TOBN(0x03e2de1c, 0xf3480d4a), TOBN(0xf0d8edc7, 0xbc8acf1a), - TOBN(0xf23e3303, 0x68295a9c), TOBN(0xfadd5f68, 0xc546a97d), - TOBN(0x895597ad, 0x96f8acb1), TOBN(0xbddd49d5, 0x671bdae2), - TOBN(0x16fcd528, 0x21dd43f4), TOBN(0xa5a45412, 0x6619141a)} - , - {TOBN(0x8ce9b6bf, 0xc360e25a), TOBN(0xe6425195, 0x075a1a78), - TOBN(0x9dc756a8, 0x481732f4), TOBN(0x83c0440f, 0x5432b57a), - TOBN(0xc670b3f1, 0xd720281f), TOBN(0x2205910e, 0xd135e051), - TOBN(0xded14b0e, 0xdb052be7), TOBN(0x697b3d27, 0xc568ea39), - TOBN(0x2e599b9a, 0xfb3ff9ed), TOBN(0x28c2e0ab, 0x17f6515c), - TOBN(0x1cbee4fd, 0x474da449), TOBN(0x071279a4, 0x4f364452), - TOBN(0x97abff66, 0x01fbe855), TOBN(0x3ee394e8, 0x5fda51c4), - TOBN(0x190385f6, 0x67597c0b), TOBN(0x6e9fccc6, 0xa27ee34b), - TOBN(0x0b89de93, 0x14092ebb), TOBN(0xf17256bd, 0x428e240c), - TOBN(0xcf89a7f3, 0x93d2f064), TOBN(0x4f57841e, 0xe1ed3b14), - TOBN(0x4ee14405, 0xe708d855), TOBN(0x856aae72, 0x03f1c3d0), - TOBN(0xc8e5424f, 0xbdd7eed5), TOBN(0x3333e4ef, 0x73ab4270), - TOBN(0x3bc77ade, 0xdda492f8), TOBN(0xc11a3aea, 0x78297205), - TOBN(0x5e89a3e7, 0x34931b4c), TOBN(0x17512e2e, 0x9f5694bb), - TOBN(0x5dc349f3, 0x177bf8b6), TOBN(0x232ea4ba, 0x08c7ff3e), - TOBN(0x9c4f9d16, 0xf511145d), TOBN(0xccf109a3, 0x33b379c3), - TOBN(0xe75e7a88, 0xa1f25897), TOBN(0x7ac6961f, 0xa1b5d4d8), - TOBN(0xe3e10773, 0x08f3ed5c), TOBN(0x208a54ec, 0x0a892dfb), - TOBN(0xbe826e19, 0x78660710), TOBN(0x0cf70a97, 0x237df2c8), - TOBN(0x418a7340, 0xed704da5), TOBN(0xa3eeb9a9, 0x08ca33fd), - TOBN(0x49d96233, 0x169bca96), TOBN(0x04d286d4, 0x2da6aafb), - TOBN(0xc09606ec, 0xa0c2fa94), TOBN(0x8869d0d5, 0x23ff0fb3), - TOBN(0xa99937e5, 0xd0150d65), TOBN(0xa92e2503, 0x240c14c9), - TOBN(0x656bf945, 0x108e2d49), TOBN(0x152a733a, 0xa2f59e2b), - TOBN(0xb4323d58, 0x8434a920), TOBN(0xc0af8e93, 0x622103c5), - TOBN(0x667518ef, 0x938dbf9a), TOBN(0xa1843073, 0x83a9cdf2), - TOBN(0x350a94aa, 0x5447ab80), TOBN(0xe5e5a325, 0xc75a3d61), - TOBN(0x74ba507f, 0x68411a9e), TOBN(0x10581fc1, 0x594f70c5), - TOBN(0x60e28570, 0x80eb24a9), TOBN(0x7bedfb4d, 0x488e0cfd), - TOBN(0x721ebbd7, 0xc259cdb8), TOBN(0x0b0da855, 0xbc6390a9), - TOBN(0x2b4d04db, 0xde314c70), TOBN(0xcdbf1fbc, 0x6c32e846), - TOBN(0x33833eab, 0xb162fc9e), TOBN(0x9939b48b, 0xb0dd3ab7), - TOBN(0x5aaa98a7, 0xcb0c9c8c), TOBN(0x75105f30, 0x81c4375c), - TOBN(0xceee5057, 0x5ef1c90f), TOBN(0xb31e065f, 0xc23a17bf), - TOBN(0x5364d275, 0xd4b6d45a), TOBN(0xd363f3ad, 0x62ec8996), - TOBN(0xb5d21239, 0x4391c65b), TOBN(0x84564765, 0xebb41b47), - TOBN(0x20d18ecc, 0x37107c78), TOBN(0xacff3b6b, 0x570c2a66), - TOBN(0x22f975d9, 0x9bd0d845), TOBN(0xef0a0c46, 0xba178fa0), - TOBN(0x1a419651, 0x76b6028e), TOBN(0xc49ec674, 0x248612d4), - TOBN(0x5b6ac4f2, 0x7338af55), TOBN(0x06145e62, 0x7bee5a36), - TOBN(0x33e95d07, 0xe75746b5), TOBN(0x1c1e1f6d, 0xc40c78be), - TOBN(0x967833ef, 0x222ff8e2), TOBN(0x4bedcf6a, 0xb49180ad), - TOBN(0x6b37e9c1, 0x3d7a4c8a), TOBN(0x2748887c, 0x6ddfe760), - TOBN(0xf7055123, 0xaa3a5bbc), TOBN(0x954ff225, 0x7bbb8e74), - TOBN(0xc42b8ab1, 0x97c3dfb9), TOBN(0x55a549b0, 0xcf168154), - TOBN(0xad6748e7, 0xc1b50692), TOBN(0x2775780f, 0x6fc5cbcb), - TOBN(0x4eab80b8, 0xe1c9d7c8), TOBN(0x8c69dae1, 0x3fdbcd56), - TOBN(0x47e6b4fb, 0x9969eace), TOBN(0x002f1085, 0xa705cb5a), - TOBN(0x4e23ca44, 0x6d3fea55), TOBN(0xb4ae9c86, 0xf4810568), - TOBN(0x47bfb91b, 0x2a62f27d), TOBN(0x60deb4c9, 0xd9bac28c), - TOBN(0xa892d894, 0x7de6c34c), TOBN(0x4ee68259, 0x4494587d), - TOBN(0x914ee14e, 0x1a3f8a5b), TOBN(0xbb113eaa, 0x28700385), - TOBN(0x81ca03b9, 0x2115b4c9), TOBN(0x7c163d38, 0x8908cad1), - TOBN(0xc912a118, 0xaa18179a), TOBN(0xe09ed750, 0x886e3081), - TOBN(0xa676e3fa, 0x26f516ca), TOBN(0x753cacf7, 0x8e732f91), - TOBN(0x51592aea, 0x833da8b4), TOBN(0xc626f42f, 0x4cbea8aa), - TOBN(0xef9dc899, 0xa7b56eaf), TOBN(0x00c0e52c, 0x34ef7316), - TOBN(0x5b1e4e24, 0xfe818a86), TOBN(0x9d31e20d, 0xc538be47), - TOBN(0x22eb932d, 0x3ed68974), TOBN(0xe44bbc08, 0x7c4e87c4), - TOBN(0x4121086e, 0x0dde9aef), TOBN(0x8e6b9cff, 0x134f4345), - TOBN(0x96892c1f, 0x711b0eb9), TOBN(0xb905f2c8, 0x780ab954), - TOBN(0xace26309, 0xa20792db), TOBN(0xec8ac9b3, 0x0684e126), - TOBN(0x486ad8b6, 0xb40a2447), TOBN(0x60121fc1, 0x9fe3fb24), - TOBN(0x5626fccf, 0x1a8e3b3f), TOBN(0x4e568622, 0x6ad1f394), - TOBN(0xda7aae0d, 0x196aa5a1), TOBN(0xe0df8c77, 0x1041b5fb), - TOBN(0x451465d9, 0x26b318b7), TOBN(0xc29b6e55, 0x7ab136e9), - TOBN(0x2c2ab48b, 0x71148463), TOBN(0xb5738de3, 0x64454a76), - TOBN(0x54ccf9a0, 0x5a03abe4), TOBN(0x377c0296, 0x0427d58e), - TOBN(0x73f5f0b9, 0x2bb39c1f), TOBN(0x14373f2c, 0xe608d8c5), - TOBN(0xdcbfd314, 0x00fbb805), TOBN(0xdf18fb20, 0x83afdcfb), - TOBN(0x81a57f42, 0x42b3523f), TOBN(0xe958532d, 0x87f650fb), - TOBN(0xaa8dc8b6, 0x8b0a7d7c), TOBN(0x1b75dfb7, 0x150166be), - TOBN(0x90e4f7c9, 0x2d7d1413), TOBN(0x67e2d6b5, 0x9834f597), - TOBN(0x4fd4f4f9, 0xa808c3e8), TOBN(0xaf8237e0, 0xd5281ec1), - TOBN(0x25ab5fdc, 0x84687cee), TOBN(0xc5ded6b1, 0xa5b26c09), - TOBN(0x8e4a5aec, 0xc8ea7650), TOBN(0x23b73e5c, 0x14cc417f), - TOBN(0x2bfb4318, 0x3037bf52), TOBN(0xb61e6db5, 0x78c725d7), - TOBN(0x8efd4060, 0xbbb3e5d7), TOBN(0x2e014701, 0xdbac488e), - TOBN(0xac75cf9a, 0x360aa449), TOBN(0xb70cfd05, 0x79634d08), - TOBN(0xa591536d, 0xfffb15ef), TOBN(0xb2c37582, 0xd07c106c), - TOBN(0xb4293fdc, 0xf50225f9), TOBN(0xc52e175c, 0xb0e12b03), - TOBN(0xf649c3ba, 0xd0a8bf64), TOBN(0x745a8fef, 0xeb8ae3c6), - TOBN(0x30d7e5a3, 0x58321bc3), TOBN(0xb1732be7, 0x0bc4df48), - TOBN(0x1f217993, 0xe9ea5058), TOBN(0xf7a71cde, 0x3e4fd745), - TOBN(0x86cc533e, 0x894c5bbb), TOBN(0x6915c7d9, 0x69d83082), - TOBN(0xa6aa2d05, 0x5815c244), TOBN(0xaeeee592, 0x49b22ce5), - TOBN(0x89e39d13, 0x78135486), TOBN(0x3a275c1f, 0x16b76f2f), - TOBN(0xdb6bcc1b, 0xe036e8f5), TOBN(0x4df69b21, 0x5e4709f5), - TOBN(0xa188b250, 0x2d0f39aa), TOBN(0x622118bb, 0x15a85947), - TOBN(0x2ebf520f, 0xfde0f4fa), TOBN(0xa40e9f29, 0x4860e539), - TOBN(0x7b6a51eb, 0x22b57f0f), TOBN(0x849a33b9, 0x7e80644a), - TOBN(0x50e5d16f, 0x1cf095fe), TOBN(0xd754b54e, 0xec55f002), - TOBN(0x5cfbbb22, 0x236f4a98), TOBN(0x0b0c59e9, 0x066800bb), - TOBN(0x4ac69a8f, 0x5a9a7774), TOBN(0x2b33f804, 0xd6bec948), - TOBN(0xb3729295, 0x32e6c466), TOBN(0x68956d0f, 0x4e599c73), - TOBN(0xa47a249f, 0x155c31cc), TOBN(0x24d80f0d, 0xe1ce284e), - TOBN(0xcd821dfb, 0x988baf01), TOBN(0xe6331a7d, 0xdbb16647), - TOBN(0x1eb8ad33, 0x094cb960), TOBN(0x593cca38, 0xc91bbca5), - TOBN(0x384aac8d, 0x26567456), TOBN(0x40fa0309, 0xc04b6490), - TOBN(0x97834cd6, 0xdab6c8f6), TOBN(0x68a7318d, 0x3f91e55f), - TOBN(0xa00fd04e, 0xfc4d3157), TOBN(0xb56f8ab2, 0x2bf3bdea), - TOBN(0x014f5648, 0x4fa57172), TOBN(0x948c5860, 0x450abdb3), - TOBN(0x342b5df0, 0x0ebd4f08), TOBN(0x3e5168cd, 0x0e82938e), - TOBN(0x7aedc1ce, 0xb0df5dd0), TOBN(0x6bbbc6d9, 0xe5732516), - TOBN(0xc7bfd486, 0x605daaa6), TOBN(0x46fd72b7, 0xbb9a6c9e), - TOBN(0xe4847fb1, 0xa124fb89), TOBN(0x75959cbd, 0xa2d8ffbc), - TOBN(0x42579f65, 0xc8a588ee), TOBN(0x368c92e6, 0xb80b499d), - TOBN(0xea4ef6cd, 0x999a5df1), TOBN(0xaa73bb7f, 0x936fe604), - TOBN(0xf347a70d, 0x6457d188), TOBN(0x86eda86b, 0x8b7a388b), - TOBN(0xb7cdff06, 0x0ccd6013), TOBN(0xbeb1b6c7, 0xd0053fb2), - TOBN(0x0b022387, 0x99240a9f), TOBN(0x1bbb384f, 0x776189b2), - TOBN(0x8695e71e, 0x9066193a), TOBN(0x2eb50097, 0x06ffac7e), - TOBN(0x0654a9c0, 0x4a7d2caa), TOBN(0x6f3fb3d1, 0xa5aaa290), - TOBN(0x835db041, 0xff476e8f), TOBN(0x540b8b0b, 0xc42295e4), - TOBN(0xa5c73ac9, 0x05e214f5), TOBN(0x9a74075a, 0x56a0b638), - TOBN(0x2e4b1090, 0xce9e680b), TOBN(0x57a5b479, 0x6b8d9afa), - TOBN(0x0dca48e7, 0x26bfe65c), TOBN(0x097e391c, 0x7290c307), - TOBN(0x683c462e, 0x6669e72e), TOBN(0xf505be1e, 0x062559ac), - TOBN(0x5fbe3ea1, 0xe3a3035a), TOBN(0x6431ebf6, 0x9cd50da8), - TOBN(0xfd169d5c, 0x1f6407f2), TOBN(0x8d838a95, 0x60fce6b8), - TOBN(0x2a2bfa7f, 0x650006f0), TOBN(0xdfd7dad3, 0x50c0fbb2), - TOBN(0x92452495, 0xccf9ad96), TOBN(0x183bf494, 0xd95635f9), - TOBN(0x02d5df43, 0x4a7bd989), TOBN(0x505385cc, 0xa5431095), - TOBN(0xdd98e67d, 0xfd43f53e), TOBN(0xd61e1a6c, 0x500c34a9), - TOBN(0x5a4b46c6, 0x4a8a3d62), TOBN(0x8469c4d0, 0x247743d2), - TOBN(0x2bb3a13d, 0x88f7e433), TOBN(0x62b23a10, 0x01be5849), - TOBN(0xe83596b4, 0xa63d1a4c), TOBN(0x454e7fea, 0x7d183f3e), - TOBN(0x643fce61, 0x17afb01c), TOBN(0x4e65e5e6, 0x1c4c3638), - TOBN(0x41d85ea1, 0xef74c45b), TOBN(0x2cfbfa66, 0xae328506), - TOBN(0x98b078f5, 0x3ada7da9), TOBN(0xd985fe37, 0xec752fbb), - TOBN(0xeece68fe, 0x5a0148b4), TOBN(0x6f9a55c7, 0x2d78136d), - TOBN(0x232dccc4, 0xd2b729ce), TOBN(0xa27e0dfd, 0x90aafbc4), - TOBN(0x96474452, 0x12b4603e), TOBN(0xa876c551, 0x6b706d14), - TOBN(0xdf145fcf, 0x69a9d412), TOBN(0xe2ab75b7, 0x2d479c34), - TOBN(0x12df9a76, 0x1a23ff97), TOBN(0xc6138992, 0x5d359d10), - TOBN(0x6e51c7ae, 0xfa835f22), TOBN(0x69a79cb1, 0xc0fcc4d9), - TOBN(0xf57f350d, 0x594cc7e1), TOBN(0x3079ca63, 0x3350ab79), - TOBN(0x226fb614, 0x9aff594a), TOBN(0x35afec02, 0x6d59a62b), - TOBN(0x9bee46f4, 0x06ed2c6e), TOBN(0x58da1735, 0x7d939a57), - TOBN(0x44c50402, 0x8fd1797e), TOBN(0xd8853e7c, 0x5ccea6ca), - TOBN(0x4065508d, 0xa35fcd5f), TOBN(0x8965df8c, 0x495ccaeb), - TOBN(0x0f2da850, 0x12e1a962), TOBN(0xee471b94, 0xc1cf1cc4), - TOBN(0xcef19bc8, 0x0a08fb75), TOBN(0x704958f5, 0x81de3591), - TOBN(0x2867f8b2, 0x3aef4f88), TOBN(0x8d749384, 0xea9f9a5f), - TOBN(0x1b385537, 0x8c9049f4), TOBN(0x5be948f3, 0x7b92d8b6), - TOBN(0xd96f725d, 0xb6e2bd6b), TOBN(0x37a222bc, 0x958c454d), - TOBN(0xe7c61abb, 0x8809bf61), TOBN(0x46f07fbc, 0x1346f18d), - TOBN(0xfb567a7a, 0xe87c0d1c), TOBN(0x84a461c8, 0x7ef3d07a), - TOBN(0x0a5adce6, 0xd9278d98), TOBN(0x24d94813, 0x9dfc73e1), - TOBN(0x4f3528b6, 0x054321c3), TOBN(0x2e03fdde, 0x692ea706), - TOBN(0x10e60619, 0x47b533c0), TOBN(0x1a8bc73f, 0x2ca3c055), - TOBN(0xae58d4b2, 0x1bb62b8f), TOBN(0xb2045a73, 0x584a24e3), - TOBN(0x3ab3d5af, 0xbd76e195), TOBN(0x478dd1ad, 0x6938a810), - TOBN(0x6ffab393, 0x6ee3d5cb), TOBN(0xdfb693db, 0x22b361e4), - TOBN(0xf9694496, 0x51dbf1a7), TOBN(0xcab4b4ef, 0x08a2e762), - TOBN(0xe8c92f25, 0xd39bba9a), TOBN(0x850e61bc, 0xf1464d96), - TOBN(0xb7e830e3, 0xdc09508b), TOBN(0xfaf6d2cf, 0x74317655), - TOBN(0x72606ceb, 0xdf690355), TOBN(0x48bb92b3, 0xd0c3ded6), - TOBN(0x65b75484, 0x5c7cf892), TOBN(0xf6cd7ac9, 0xd5d5f01f), - TOBN(0xc2c30a59, 0x96401d69), TOBN(0x91268650, 0xed921878), - TOBN(0x380bf913, 0xb78c558f), TOBN(0x43c0baeb, 0xc8afdaa9), - TOBN(0x377f61d5, 0x54f169d3), TOBN(0xf8da07e3, 0xae5ff20b), - TOBN(0xb676c49d, 0xa8a90ea8), TOBN(0x81c1ff2b, 0x83a29b21), - TOBN(0x383297ac, 0x2ad8d276), TOBN(0x3001122f, 0xba89f982), - TOBN(0xe1d794be, 0x6718e448), TOBN(0x246c1482, 0x7c3e6e13), - TOBN(0x56646ef8, 0x5d26b5ef), TOBN(0x80f5091e, 0x88069cdd), - TOBN(0xc5992e2f, 0x724bdd38), TOBN(0x02e915b4, 0x8471e8c7), - TOBN(0x96ff320a, 0x0d0ff2a9), TOBN(0xbf886487, 0x4384d1a0), - TOBN(0xbbe1e6a6, 0xc93f72d6), TOBN(0xd5f75d12, 0xcad800ea), - TOBN(0xfa40a09f, 0xe7acf117), TOBN(0x32c8cdd5, 0x7581a355), - TOBN(0x74221992, 0x7023c499), TOBN(0xa8afe5d7, 0x38ec3901), - TOBN(0x5691afcb, 0xa90e83f0), TOBN(0x41bcaa03, 0x0b8f8eac), - TOBN(0xe38b5ff9, 0x8d2668d5), TOBN(0x0715281a, 0x7ad81965), - TOBN(0x1bc8fc7c, 0x03c6ce11), TOBN(0xcbbee6e2, 0x8b650436), - TOBN(0x06b00fe8, 0x0cdb9808), TOBN(0x17d6e066, 0xfe3ed315), - TOBN(0x2e9d38c6, 0x4d0b5018), TOBN(0xab8bfd56, 0x844dcaef), - TOBN(0x42894a59, 0x513aed8b), TOBN(0xf77f3b6d, 0x314bd07a), - TOBN(0xbbdecb8f, 0x8e42b582), TOBN(0xf10e2fa8, 0xd2390fe6), - TOBN(0xefb95022, 0x62a2f201), TOBN(0x4d59ea50, 0x50ee32b0), - TOBN(0xd87f7728, 0x6da789a8), TOBN(0xcf98a2cf, 0xf79492c4), - TOBN(0xf9577239, 0x720943c2), TOBN(0xba044cf5, 0x3990b9d0), - TOBN(0x5aa8e823, 0x95f2884a), TOBN(0x834de6ed, 0x0278a0af), - TOBN(0xc8e1ee9a, 0x5f25bd12), TOBN(0x9259ceaa, 0x6f7ab271), - TOBN(0x7e6d97a2, 0x77d00b76), TOBN(0x5c0c6eea, 0xa437832a), - TOBN(0x5232c20f, 0x5606b81d), TOBN(0xabd7b375, 0x0d991ee5), - TOBN(0x4d2bfe35, 0x8632d951), TOBN(0x78f85146, 0x98ed9364), - TOBN(0x951873f0, 0xf30c3282), TOBN(0x0da8ac80, 0xa789230b), - TOBN(0x3ac7789c, 0x5398967f), TOBN(0xa69b8f7f, 0xbdda0fb5), - TOBN(0xe5db7717, 0x6add8545), TOBN(0x1b71cb66, 0x72c49b66), - TOBN(0xd8560739, 0x68421d77), TOBN(0x03840fe8, 0x83e3afea), - TOBN(0xb391dad5, 0x1ec69977), TOBN(0xae243fb9, 0x307f6726), - TOBN(0xc88ac87b, 0xe8ca160c), TOBN(0x5174cced, 0x4ce355f4), - TOBN(0x98a35966, 0xe58ba37d), TOBN(0xfdcc8da2, 0x7817335d), - TOBN(0x5b752830, 0x83fbc7bf), TOBN(0x68e419d4, 0xd9c96984), - TOBN(0x409a39f4, 0x02a40380), TOBN(0x88940faf, 0x1fe977bc), - TOBN(0xc640a94b, 0x8f8edea6), TOBN(0x1e22cd17, 0xed11547d), - TOBN(0xe28568ce, 0x59ffc3e2), TOBN(0x60aa1b55, 0xc1dee4e7), - TOBN(0xc67497c8, 0x837cb363), TOBN(0x06fb438a, 0x105a2bf2), - TOBN(0x30357ec4, 0x500d8e20), TOBN(0x1ad9095d, 0x0670db10), - TOBN(0x7f589a05, 0xc73b7cfd), TOBN(0xf544607d, 0x880d6d28), - TOBN(0x17ba93b1, 0xa20ef103), TOBN(0xad859130, 0x6ba6577b), - TOBN(0x65c91cf6, 0x6fa214a0), TOBN(0xd7d49c6c, 0x27990da5), - TOBN(0xecd9ec8d, 0x20bb569d), TOBN(0xbd4b2502, 0xeeffbc33), - TOBN(0x2056ca5a, 0x6bed0467), TOBN(0x7916a1f7, 0x5b63728c), - TOBN(0xd4f9497d, 0x53a4f566), TOBN(0x89734664, 0x97b56810), - TOBN(0xf8e1da74, 0x0494a621), TOBN(0x82546a93, 0x8d011c68), - TOBN(0x1f3acb19, 0xc61ac162), TOBN(0x52f8fa9c, 0xabad0d3e), - TOBN(0x15356523, 0xb4b7ea43), TOBN(0x5a16ad61, 0xae608125), - TOBN(0xb0bcb87f, 0x4faed184), TOBN(0x5f236b1d, 0x5029f45f), - TOBN(0xd42c7607, 0x0bc6b1fc), TOBN(0xc644324e, 0x68aefce3), - TOBN(0x8e191d59, 0x5c5d8446), TOBN(0xc0208077, 0x13ae1979), - TOBN(0xadcaee55, 0x3ba59cc7), TOBN(0x20ed6d6b, 0xa2cb81ba), - TOBN(0x0952ba19, 0xb6efcffc), TOBN(0x60f12d68, 0x97c0b87c), - TOBN(0x4ee2c7c4, 0x9caa30bc), TOBN(0x767238b7, 0x97fbff4e), - TOBN(0xebc73921, 0x501b5d92), TOBN(0x3279e3df, 0xc2a37737), - TOBN(0x9fc12bc8, 0x6d197543), TOBN(0xfa94dc6f, 0x0a40db4e), - TOBN(0x7392b41a, 0x530ccbbd), TOBN(0x87c82146, 0xea823525), - TOBN(0xa52f984c, 0x05d98d0c), TOBN(0x2ae57d73, 0x5ef6974c), - TOBN(0x9377f7bf, 0x3042a6dd), TOBN(0xb1a007c0, 0x19647a64), - TOBN(0xfaa9079a, 0x0cca9767), TOBN(0x3d81a25b, 0xf68f72d5), - TOBN(0x752067f8, 0xff81578e), TOBN(0x78622150, 0x9045447d), - TOBN(0xc0c22fcf, 0x0505aa6f), TOBN(0x1030f0a6, 0x6bed1c77), - TOBN(0x31f29f15, 0x1f0bd739), TOBN(0x2d7989c7, 0xe6debe85), - TOBN(0x5c070e72, 0x8e677e98), TOBN(0x0a817bd3, 0x06e81fd5), - TOBN(0xc110d830, 0xb0f2ac95), TOBN(0x48d0995a, 0xab20e64e), - TOBN(0x0f3e00e1, 0x7729cd9a), TOBN(0x2a570c20, 0xdd556946), - TOBN(0x912dbcfd, 0x4e86214d), TOBN(0x2d014ee2, 0xcf615498), - TOBN(0x55e2b1e6, 0x3530d76e), TOBN(0xc5135ae4, 0xfd0fd6d1), - TOBN(0x0066273a, 0xd4f3049f), TOBN(0xbb8e9893, 0xe7087477), - TOBN(0x2dba1ddb, 0x14c6e5fd), TOBN(0xdba37886, 0x51f57e6c), - TOBN(0x5aaee0a6, 0x5a72f2cf), TOBN(0x1208bfbf, 0x7bea5642), - TOBN(0xf5c6aa3b, 0x67872c37), TOBN(0xd726e083, 0x43f93224), - TOBN(0x1854daa5, 0x061f1658), TOBN(0xc0016df1, 0xdf0cd2b3), - TOBN(0xc2a3f23e, 0x833d50de), TOBN(0x73b681d2, 0xbbbd3017), - TOBN(0x2f046dc4, 0x3ac343c0), TOBN(0x9c847e7d, 0x85716421), - TOBN(0xe1e13c91, 0x0917eed4), TOBN(0x3fc9eebd, 0x63a1b9c6), - TOBN(0x0f816a72, 0x7fe02299), TOBN(0x6335ccc2, 0x294f3319), - TOBN(0x3820179f, 0x4745c5be), TOBN(0xe647b782, 0x922f066e), - TOBN(0xc22e49de, 0x02cafb8a), TOBN(0x299bc2ff, 0xfcc2eccc), - TOBN(0x9a8feea2, 0x6e0e8282), TOBN(0xa627278b, 0xfe893205), - TOBN(0xa7e19733, 0x7933e47b), TOBN(0xf4ff6b13, 0x2e766402), - TOBN(0xa4d8be0a, 0x98440d9f), TOBN(0x658f5c2f, 0x38938808), - TOBN(0x90b75677, 0xc95b3b3e), TOBN(0xfa044269, 0x3137b6ff), - TOBN(0x077b039b, 0x43c47c29), TOBN(0xcca95dd3, 0x8a6445b2), - TOBN(0x0b498ba4, 0x2333fc4c), TOBN(0x274f8e68, 0xf736a1b1), - TOBN(0x6ca348fd, 0x5f1d4b2e), TOBN(0x24d3be78, 0xa8f10199), - TOBN(0x8535f858, 0xca14f530), TOBN(0xa6e7f163, 0x5b982e51), - TOBN(0x847c8512, 0x36e1bf62), TOBN(0xf6a7c58e, 0x03448418), - TOBN(0x583f3703, 0xf9374ab6), TOBN(0x864f9195, 0x6e564145), - TOBN(0x33bc3f48, 0x22526d50), TOBN(0x9f323c80, 0x1262a496), - TOBN(0xaa97a7ae, 0x3f046a9a), TOBN(0x70da183e, 0xdf8a039a), - TOBN(0x5b68f71c, 0x52aa0ba6), TOBN(0x9be0fe51, 0x21459c2d), - TOBN(0xc1e17eb6, 0xcbc613e5), TOBN(0x33131d55, 0x497ea61c), - TOBN(0x2f69d39e, 0xaf7eded5), TOBN(0x73c2f434, 0xde6af11b), - TOBN(0x4ca52493, 0xa4a375fa), TOBN(0x5f06787c, 0xb833c5c2), - TOBN(0x814e091f, 0x3e6e71cf), TOBN(0x76451f57, 0x8b746666)} - , - {TOBN(0x80f9bdef, 0x694db7e0), TOBN(0xedca8787, 0xb9fcddc6), - TOBN(0x51981c34, 0x03b8dce1), TOBN(0x4274dcf1, 0x70e10ba1), - TOBN(0xf72743b8, 0x6def6d1a), TOBN(0xd25b1670, 0xebdb1866), - TOBN(0xc4491e8c, 0x050c6f58), TOBN(0x2be2b2ab, 0x87fbd7f5), - TOBN(0x3e0e5c9d, 0xd111f8ec), TOBN(0xbcc33f8d, 0xb7c4e760), - TOBN(0x702f9a91, 0xbd392a51), TOBN(0x7da4a795, 0xc132e92d), - TOBN(0x1a0b0ae3, 0x0bb1151b), TOBN(0x54febac8, 0x02e32251), - TOBN(0xea3a5082, 0x694e9e78), TOBN(0xe58ffec1, 0xe4fe40b8), - TOBN(0xf85592fc, 0xd1e0cf9e), TOBN(0xdea75f0d, 0xc0e7b2e8), - TOBN(0xc04215cf, 0xc135584e), TOBN(0x174fc727, 0x2f57092a), - TOBN(0xe7277877, 0xeb930bea), TOBN(0x504caccb, 0x5eb02a5a), - TOBN(0xf9fe08f7, 0xf5241b9b), TOBN(0xe7fb62f4, 0x8d5ca954), - TOBN(0xfbb8349d, 0x29c4120b), TOBN(0x9f94391f, 0xc0d0d915), - TOBN(0xc4074fa7, 0x5410ba51), TOBN(0xa66adbf6, 0x150a5911), - TOBN(0xc164543c, 0x34bfca38), TOBN(0xe0f27560, 0xb9e1ccfc), - TOBN(0x99da0f53, 0xe820219c), TOBN(0xe8234498, 0xc6b4997a), - TOBN(0xcfb88b76, 0x9d4c5423), TOBN(0x9e56eb10, 0xb0521c49), - TOBN(0x418e0b5e, 0xbe8700a1), TOBN(0x00cbaad6, 0xf93cb58a), - TOBN(0xe923fbde, 0xd92a5e67), TOBN(0xca4979ac, 0x1f347f11), - TOBN(0x89162d85, 0x6bc0585b), TOBN(0xdd6254af, 0xac3c70e3), - TOBN(0x7b23c513, 0x516e19e4), TOBN(0x56e2e847, 0xc5c4d593), - TOBN(0x9f727d73, 0x5ce71ef6), TOBN(0x5b6304a6, 0xf79a44c5), - TOBN(0x6638a736, 0x3ab7e433), TOBN(0x1adea470, 0xfe742f83), - TOBN(0xe054b854, 0x5b7fc19f), TOBN(0xf935381a, 0xba1d0698), - TOBN(0x546eab2d, 0x799e9a74), TOBN(0x96239e0e, 0xa949f729), - TOBN(0xca274c6b, 0x7090055a), TOBN(0x835142c3, 0x9020c9b0), - TOBN(0xa405667a, 0xa2e8807f), TOBN(0x29f2c085, 0x1aa3d39e), - TOBN(0xcc555d64, 0x42fc72f5), TOBN(0xe856e0e7, 0xfbeacb3c), - TOBN(0xb5504f9d, 0x918e4936), TOBN(0x65035ef6, 0xb2513982), - TOBN(0x0553a0c2, 0x6f4d9cb9), TOBN(0x6cb10d56, 0xbea85509), - TOBN(0x48d957b7, 0xa242da11), TOBN(0x16a4d3dd, 0x672b7268), - TOBN(0x3d7e637c, 0x8502a96b), TOBN(0x27c7032b, 0x730d463b), - TOBN(0xbdc02b18, 0xe4136a14), TOBN(0xbacf969d, 0x678e32bf), - TOBN(0xc98d89a3, 0xdd9c3c03), TOBN(0x7b92420a, 0x23becc4f), - TOBN(0xd4b41f78, 0xc64d565c), TOBN(0x9f969d00, 0x10f28295), - TOBN(0xec7f7f76, 0xb13d051a), TOBN(0x08945e1e, 0xa92da585), - TOBN(0x55366b7d, 0x5846426f), TOBN(0xe7d09e89, 0x247d441d), - TOBN(0x510b404d, 0x736fbf48), TOBN(0x7fa003d0, 0xe784bd7d), - TOBN(0x25f7614f, 0x17fd9596), TOBN(0x49e0e0a1, 0x35cb98db), - TOBN(0x2c65957b, 0x2e83a76a), TOBN(0x5d40da8d, 0xcddbe0f8), - TOBN(0xf2b8c405, 0x050bad24), TOBN(0x8918426d, 0xc2aa4823), - TOBN(0x2aeab3dd, 0xa38365a7), TOBN(0x72031717, 0x7c91b690), - TOBN(0x8b00d699, 0x60a94120), TOBN(0x478a255d, 0xe99eaeec), - TOBN(0xbf656a5f, 0x6f60aafd), TOBN(0xdfd7cb75, 0x5dee77b3), - TOBN(0x37f68bb4, 0xa595939d), TOBN(0x03556479, 0x28740217), - TOBN(0x8e740e7c, 0x84ad7612), TOBN(0xd89bc843, 0x9044695f), - TOBN(0xf7f3da5d, 0x85a9184d), TOBN(0x562563bb, 0x9fc0b074), - TOBN(0x06d2e6aa, 0xf88a888e), TOBN(0x612d8643, 0x161fbe7c), - TOBN(0x465edba7, 0xf64085e7), TOBN(0xb230f304, 0x29aa8511), - TOBN(0x53388426, 0xcda2d188), TOBN(0x90885735, 0x4b666649), - TOBN(0x6f02ff9a, 0x652f54f6), TOBN(0x65c82294, 0x5fae2bf0), - TOBN(0x7816ade0, 0x62f5eee3), TOBN(0xdcdbdf43, 0xfcc56d70), - TOBN(0x9fb3bba3, 0x54530bb2), TOBN(0xbde3ef77, 0xcb0869ea), - TOBN(0x89bc9046, 0x0b431163), TOBN(0x4d03d7d2, 0xe4819a35), - TOBN(0x33ae4f9e, 0x43b6a782), TOBN(0x216db307, 0x9c88a686), - TOBN(0x91dd88e0, 0x00ffedd9), TOBN(0xb280da9f, 0x12bd4840), - TOBN(0x32a7cb8a, 0x1635e741), TOBN(0xfe14008a, 0x78be02a7), - TOBN(0x3fafb334, 0x1b7ae030), TOBN(0x7fd508e7, 0x5add0ce9), - TOBN(0x72c83219, 0xd607ad51), TOBN(0x0f229c0a, 0x8d40964a), - TOBN(0x1be2c336, 0x1c878da2), TOBN(0xe0c96742, 0xeab2ab86), - TOBN(0x458f8691, 0x3e538cd7), TOBN(0xa7001f6c, 0x8e08ad53), - TOBN(0x52b8c6e6, 0xbf5d15ff), TOBN(0x548234a4, 0x011215dd), - TOBN(0xff5a9d2d, 0x3d5b4045), TOBN(0xb0ffeeb6, 0x4a904190), - TOBN(0x55a3aca4, 0x48607f8b), TOBN(0x8cbd665c, 0x30a0672a), - TOBN(0x87f834e0, 0x42583068), TOBN(0x02da2aeb, 0xf3f6e683), - TOBN(0x6b763e5d, 0x05c12248), TOBN(0x7230378f, 0x65a8aefc), - TOBN(0x93bd80b5, 0x71e8e5ca), TOBN(0x53ab041c, 0xb3b62524), - TOBN(0x1b860513, 0x6c9c552e), TOBN(0xe84d402c, 0xd5524e66), - TOBN(0xa37f3573, 0xf37f5937), TOBN(0xeb0f6c7d, 0xd1e4fca5), - TOBN(0x2965a554, 0xac8ab0fc), TOBN(0x17fbf56c, 0x274676ac), - TOBN(0x2e2f6bd9, 0xacf7d720), TOBN(0x41fc8f88, 0x10224766), - TOBN(0x517a14b3, 0x85d53bef), TOBN(0xdae327a5, 0x7d76a7d1), - TOBN(0x6ad0a065, 0xc4818267), TOBN(0x33aa189b, 0x37c1bbc1), - TOBN(0x64970b52, 0x27392a92), TOBN(0x21699a1c, 0x2d1535ea), - TOBN(0xcd20779c, 0xc2d7a7fd), TOBN(0xe3186059, 0x99c83cf2), - TOBN(0x9b69440b, 0x72c0b8c7), TOBN(0xa81497d7, 0x7b9e0e4d), - TOBN(0x515d5c89, 0x1f5f82dc), TOBN(0x9a7f67d7, 0x6361079e), - TOBN(0xa8da81e3, 0x11a35330), TOBN(0xe44990c4, 0x4b18be1b), - TOBN(0xc7d5ed95, 0xaf103e59), TOBN(0xece8aba7, 0x8dac9261), - TOBN(0xbe82b099, 0x9394b8d3), TOBN(0x6830f09a, 0x16adfe83), - TOBN(0x250a29b4, 0x88172d01), TOBN(0x8b20bd65, 0xcaff9e02), - TOBN(0xb8a7661e, 0xe8a6329a), TOBN(0x4520304d, 0xd3fce920), - TOBN(0xae45da1f, 0x2b47f7ef), TOBN(0xe07f5288, 0x5bffc540), - TOBN(0xf7997009, 0x3464f874), TOBN(0x2244c2cd, 0xa6fa1f38), - TOBN(0x43c41ac1, 0x94d7d9b1), TOBN(0x5bafdd82, 0xc82e7f17), - TOBN(0xdf0614c1, 0x5fda0fca), TOBN(0x74b043a7, 0xa8ae37ad), - TOBN(0x3ba6afa1, 0x9e71734c), TOBN(0x15d5437e, 0x9c450f2e), - TOBN(0x4a5883fe, 0x67e242b1), TOBN(0x5143bdc2, 0x2c1953c2), - TOBN(0x542b8b53, 0xfc5e8920), TOBN(0x363bf9a8, 0x9a9cee08), - TOBN(0x02375f10, 0xc3486e08), TOBN(0x2037543b, 0x8c5e70d2), - TOBN(0x7109bccc, 0x625640b4), TOBN(0xcbc1051e, 0x8bc62c3b), - TOBN(0xf8455fed, 0x803f26ea), TOBN(0x6badceab, 0xeb372424), - TOBN(0xa2a9ce7c, 0x6b53f5f9), TOBN(0x64246595, 0x1b176d99), - TOBN(0xb1298d36, 0xb95c081b), TOBN(0x53505bb8, 0x1d9a9ee6), - TOBN(0x3f6f9e61, 0xf2ba70b0), TOBN(0xd07e16c9, 0x8afad453), - TOBN(0x9f1694bb, 0xe7eb4a6a), TOBN(0xdfebced9, 0x3cb0bc8e), - TOBN(0x92d3dcdc, 0x53868c8b), TOBN(0x174311a2, 0x386107a6), - TOBN(0x4109e07c, 0x689b4e64), TOBN(0x30e4587f, 0x2df3dcb6), - TOBN(0x841aea31, 0x0811b3b2), TOBN(0x6144d41d, 0x0cce43ea), - TOBN(0x464c4581, 0x2a9a7803), TOBN(0xd03d371f, 0x3e158930), - TOBN(0xc676d7f2, 0xb1f3390b), TOBN(0x9f7a1b8c, 0xa5b61272), - TOBN(0x4ebebfc9, 0xc2e127a9), TOBN(0x4602500c, 0x5dd997bf), - TOBN(0x7f09771c, 0x4711230f), TOBN(0x058eb37c, 0x020f09c1), - TOBN(0xab693d4b, 0xfee5e38b), TOBN(0x9289eb1f, 0x4653cbc0), - TOBN(0xbecf46ab, 0xd51b9cf5), TOBN(0xd2aa9c02, 0x9f0121af), - TOBN(0x36aaf7d2, 0xe90dc274), TOBN(0x909e4ea0, 0x48b95a3c), - TOBN(0xe6b70496, 0x6f32dbdb), TOBN(0x672188a0, 0x8b030b3e), - TOBN(0xeeffe5b3, 0xcfb617e2), TOBN(0x87e947de, 0x7c82709e), - TOBN(0xa44d2b39, 0x1770f5a7), TOBN(0xe4d4d791, 0x0e44eb82), - TOBN(0x42e69d1e, 0x3f69712a), TOBN(0xbf11c4d6, 0xac6a820e), - TOBN(0xb5e7f3e5, 0x42c4224c), TOBN(0xd6b4e81c, 0x449d941c), - TOBN(0x5d72bd16, 0x5450e878), TOBN(0x6a61e28a, 0xee25ac54), - TOBN(0x33272094, 0xe6f1cd95), TOBN(0x7512f30d, 0x0d18673f), - TOBN(0x32f7a4ca, 0x5afc1464), TOBN(0x2f095656, 0x6bbb977b), - TOBN(0x586f47ca, 0xa8226200), TOBN(0x02c868ad, 0x1ac07369), - TOBN(0x4ef2b845, 0xc613acbe), TOBN(0x43d7563e, 0x0386054c), - TOBN(0x54da9dc7, 0xab952578), TOBN(0xb5423df2, 0x26e84d0b), - TOBN(0xa8b64eeb, 0x9b872042), TOBN(0xac205782, 0x5990f6df), - TOBN(0x4ff696eb, 0x21f4c77a), TOBN(0x1a79c3e4, 0xaab273af), - TOBN(0x29bc922e, 0x9436b3f1), TOBN(0xff807ef8, 0xd6d9a27a), - TOBN(0x82acea3d, 0x778f22a0), TOBN(0xfb10b2e8, 0x5b5e7469), - TOBN(0xc0b16980, 0x2818ee7d), TOBN(0x011afff4, 0xc91c1a2f), - TOBN(0x95a6d126, 0xad124418), TOBN(0x31c081a5, 0xe72e295f), - TOBN(0x36bb283a, 0xf2f4db75), TOBN(0xd115540f, 0x7acef462), - TOBN(0xc7f3a8f8, 0x33f6746c), TOBN(0x21e46f65, 0xfea990ca), - TOBN(0x915fd5c5, 0xcaddb0a9), TOBN(0xbd41f016, 0x78614555), - TOBN(0x346f4434, 0x426ffb58), TOBN(0x80559436, 0x14dbc204), - TOBN(0xf3dd20fe, 0x5a969b7f), TOBN(0x9d59e956, 0xe899a39a), - TOBN(0xf1b0971c, 0x8ad4cf4b), TOBN(0x03448860, 0x2ffb8fb8), - TOBN(0xf071ac3c, 0x65340ba4), TOBN(0x408d0596, 0xb27fd758), - TOBN(0xe7c78ea4, 0x98c364b0), TOBN(0xa4aac4a5, 0x051e8ab5), - TOBN(0xb9e1d560, 0x485d9002), TOBN(0x9acd518a, 0x88844455), - TOBN(0xe4ca688f, 0xd06f56c0), TOBN(0xa48af70d, 0xdf027972), - TOBN(0x691f0f04, 0x5e9a609d), TOBN(0xa9dd82cd, 0xee61270e), - TOBN(0x8903ca63, 0xa0ef18d3), TOBN(0x9fb7ee35, 0x3d6ca3bd), - TOBN(0xa7b4a09c, 0xabf47d03), TOBN(0x4cdada01, 0x1c67de8e), - TOBN(0x52003749, 0x9355a244), TOBN(0xe77fd2b6, 0x4f2151a9), - TOBN(0x695d6cf6, 0x66b4efcb), TOBN(0xc5a0cacf, 0xda2cfe25), - TOBN(0x104efe5c, 0xef811865), TOBN(0xf52813e8, 0x9ea5cc3d), - TOBN(0x855683dc, 0x40b58dbc), TOBN(0x0338ecde, 0x175fcb11), - TOBN(0xf9a05637, 0x74921592), TOBN(0xb4f1261d, 0xb9bb9d31), - TOBN(0x551429b7, 0x4e9c5459), TOBN(0xbe182e6f, 0x6ea71f53), - TOBN(0xd3a3b07c, 0xdfc50573), TOBN(0x9ba1afda, 0x62be8d44), - TOBN(0x9bcfd2cb, 0x52ab65d3), TOBN(0xdf11d547, 0xa9571802), - TOBN(0x099403ee, 0x02a2404a), TOBN(0x497406f4, 0x21088a71), - TOBN(0x99479409, 0x5004ae71), TOBN(0xbdb42078, 0xa812c362), - TOBN(0x2b72a30f, 0xd8828442), TOBN(0x283add27, 0xfcb5ed1c), - TOBN(0xf7c0e200, 0x66a40015), TOBN(0x3e3be641, 0x08b295ef), - TOBN(0xac127dc1, 0xe038a675), TOBN(0x729deff3, 0x8c5c6320), - TOBN(0xb7df8fd4, 0xa90d2c53), TOBN(0x9b74b0ec, 0x681e7cd3), - TOBN(0x5cb5a623, 0xdab407e5), TOBN(0xcdbd3615, 0x76b340c6), - TOBN(0xa184415a, 0x7d28392c), TOBN(0xc184c1d8, 0xe96f7830), - TOBN(0xc3204f19, 0x81d3a80f), TOBN(0xfde0c841, 0xc8e02432), - TOBN(0x78203b3e, 0x8149e0c1), TOBN(0x5904bdbb, 0x08053a73), - TOBN(0x30fc1dd1, 0x101b6805), TOBN(0x43c223bc, 0x49aa6d49), - TOBN(0x9ed67141, 0x7a174087), TOBN(0x311469a0, 0xd5997008), - TOBN(0xb189b684, 0x5e43fc61), TOBN(0xf3282375, 0xe0d3ab57), - TOBN(0x4fa34b67, 0xb1181da8), TOBN(0x621ed0b2, 0x99ee52b8), - TOBN(0x9b178de1, 0xad990676), TOBN(0xd51de67b, 0x56d54065), - TOBN(0x2a2c27c4, 0x7538c201), TOBN(0x33856ec8, 0x38a40f5c), - TOBN(0x2522fc15, 0xbe6cdcde), TOBN(0x1e603f33, 0x9f0c6f89), - TOBN(0x7994edc3, 0x103e30a6), TOBN(0x033a00db, 0x220c853e), - TOBN(0xd3cfa409, 0xf7bb7fd7), TOBN(0x70f8781e, 0x462d18f6), - TOBN(0xbbd82980, 0x687fe295), TOBN(0x6eef4c32, 0x595669f3), - TOBN(0x86a9303b, 0x2f7e85c3), TOBN(0x5fce4621, 0x71988f9b), - TOBN(0x5b935bf6, 0xc138acb5), TOBN(0x30ea7d67, 0x25661212), - TOBN(0xef1eb5f4, 0xe51ab9a2), TOBN(0x0587c98a, 0xae067c78), - TOBN(0xb3ce1b3c, 0x77ca9ca6), TOBN(0x2a553d4d, 0x54b5f057), - TOBN(0xc7898236, 0x4da29ec2), TOBN(0xdbdd5d13, 0xb9c57316), - TOBN(0xc57d6e6b, 0x2cd80d47), TOBN(0x80b460cf, 0xfe9e7391), - TOBN(0x98648cab, 0xf963c31e), TOBN(0x67f9f633, 0xcc4d32fd), - TOBN(0x0af42a9d, 0xfdf7c687), TOBN(0x55f292a3, 0x0b015ea7), - TOBN(0x89e468b2, 0xcd21ab3d), TOBN(0xe504f022, 0xc393d392), - TOBN(0xab21e1d4, 0xa5013af9), TOBN(0xe3283f78, 0xc2c28acb), - TOBN(0xf38b35f6, 0x226bf99f), TOBN(0xe8354274, 0x0e291e69), - TOBN(0x61673a15, 0xb20c162d), TOBN(0xc101dc75, 0xb04fbdbe), - TOBN(0x8323b4c2, 0x255bd617), TOBN(0x6c969693, 0x6c2a9154), - TOBN(0xc6e65860, 0x62679387), TOBN(0x8e01db0c, 0xb8c88e23), - TOBN(0x33c42873, 0x893a5559), TOBN(0x7630f04b, 0x47a3e149), - TOBN(0xb5d80805, 0xddcf35f8), TOBN(0x582ca080, 0x77dfe732), - TOBN(0x2c7156e1, 0x0b1894a0), TOBN(0x92034001, 0xd81c68c0), - TOBN(0xed225d00, 0xc8b115b5), TOBN(0x237f9c22, 0x83b907f2), - TOBN(0x0ea2f32f, 0x4470e2c0), TOBN(0xb725f7c1, 0x58be4e95), - TOBN(0x0f1dcafa, 0xb1ae5463), TOBN(0x59ed5187, 0x1ba2fc04), - TOBN(0xf6e0f316, 0xd0115d4d), TOBN(0x5180b12f, 0xd3691599), - TOBN(0x157e32c9, 0x527f0a41), TOBN(0x7b0b081d, 0xa8e0ecc0), - TOBN(0x6dbaaa8a, 0xbf4f0dd0), TOBN(0x99b289c7, 0x4d252696), - TOBN(0x79b7755e, 0xdbf864fe), TOBN(0x6974e2b1, 0x76cad3ab), - TOBN(0x35dbbee2, 0x06ddd657), TOBN(0xe7cbdd11, 0x2ff3a96d), - TOBN(0x88381968, 0x076be758), TOBN(0x2d737e72, 0x08c91f5d), - TOBN(0x5f83ab62, 0x86ec3776), TOBN(0x98aa649d, 0x945fa7a1), - TOBN(0xf477ec37, 0x72ef0933), TOBN(0x66f52b1e, 0x098c17b1), - TOBN(0x9eec58fb, 0xd803738b), TOBN(0x91aaade7, 0xe4e86aa4), - TOBN(0x6b1ae617, 0xa5b51492), TOBN(0x63272121, 0xbbc45974), - TOBN(0x7e0e28f0, 0x862c5129), TOBN(0x0a8f79a9, 0x3321a4a0), - TOBN(0xe26d1664, 0x5041c88f), TOBN(0x0571b805, 0x53233e3a), - TOBN(0xd1b0ccde, 0xc9520711), TOBN(0x55a9e4ed, 0x3c8b84bf), - TOBN(0x9426bd39, 0xa1fef314), TOBN(0x4f5f638e, 0x6eb93f2b), - TOBN(0xba2a1ed3, 0x2bf9341b), TOBN(0xd63c1321, 0x4d42d5a9), - TOBN(0xd2964a89, 0x316dc7c5), TOBN(0xd1759606, 0xca511851), - TOBN(0xd8a9201f, 0xf9e6ed35), TOBN(0xb7b5ee45, 0x6736925a), - TOBN(0x0a83fbbc, 0x99581af7), TOBN(0x3076bc40, 0x64eeb051), - TOBN(0x5511c98c, 0x02dec312), TOBN(0x270de898, 0x238dcb78), - TOBN(0x2cf4cf9c, 0x539c08c9), TOBN(0xa70cb65e, 0x38d3b06e), - TOBN(0xb12ec10e, 0xcfe57bbd), TOBN(0x82c7b656, 0x35a0c2b5), - TOBN(0xddc7d5cd, 0x161c67bd), TOBN(0xe32e8985, 0xae3a32cc), - TOBN(0x7aba9444, 0xd11a5529), TOBN(0xe964ed02, 0x2427fa1a), - TOBN(0x1528392d, 0x24a1770a), TOBN(0xa152ce2c, 0x12c72fcd), - TOBN(0x714553a4, 0x8ec07649), TOBN(0x18b4c290, 0x459dd453), - TOBN(0xea32b714, 0x7b64b110), TOBN(0xb871bfa5, 0x2e6f07a2), - TOBN(0xb67112e5, 0x9e2e3c9b), TOBN(0xfbf250e5, 0x44aa90f6), - TOBN(0xf77aedb8, 0xbd539006), TOBN(0x3b0cdf9a, 0xd172a66f), - TOBN(0xedf69fea, 0xf8c51187), TOBN(0x05bb67ec, 0x741e4da7), - TOBN(0x47df0f32, 0x08114345), TOBN(0x56facb07, 0xbb9792b1), - TOBN(0xf3e007e9, 0x8f6229e4), TOBN(0x62d103f4, 0x526fba0f), - TOBN(0x4f33bef7, 0xb0339d79), TOBN(0x9841357b, 0xb59bfec1), - TOBN(0xfa8dbb59, 0xc34e6705), TOBN(0xc3c7180b, 0x7fdaa84c), - TOBN(0xf95872fc, 0xa4108537), TOBN(0x8750cc3b, 0x932a3e5a), - TOBN(0xb61cc69d, 0xb7275d7d), TOBN(0xffa0168b, 0x2e59b2e9), - TOBN(0xca032abc, 0x6ecbb493), TOBN(0x1d86dbd3, 0x2c9082d8), - TOBN(0xae1e0b67, 0xe28ef5ba), TOBN(0x2c9a4699, 0xcb18e169), - TOBN(0x0ecd0e33, 0x1e6bbd20), TOBN(0x571b360e, 0xaf5e81d2), - TOBN(0xcd9fea58, 0x101c1d45), TOBN(0x6651788e, 0x18880452), - TOBN(0xa9972635, 0x1f8dd446), TOBN(0x44bed022, 0xe37281d0), - TOBN(0x094b2b2d, 0x33da525d), TOBN(0xf193678e, 0x13144fd8), - TOBN(0xb8ab5ba4, 0xf4c1061d), TOBN(0x4343b5fa, 0xdccbe0f4), - TOBN(0xa8702371, 0x63812713), TOBN(0x47bf6d2d, 0xf7611d93), - TOBN(0x46729b8c, 0xbd21e1d7), TOBN(0x7484d4e0, 0xd629e77d), - TOBN(0x830e6eea, 0x60dbac1f), TOBN(0x23d8c484, 0xda06a2f7), - TOBN(0x896714b0, 0x50ca535b), TOBN(0xdc8d3644, 0xebd97a9b), - TOBN(0x106ef9fa, 0xb12177b4), TOBN(0xf79bf464, 0x534d5d9c), - TOBN(0x2537a349, 0xa6ab360b), TOBN(0xc7c54253, 0xa00c744f), - TOBN(0xb3c7a047, 0xe5911a76), TOBN(0x61ffa5c8, 0x647f1ee7), - TOBN(0x15aed36f, 0x8f56ab42), TOBN(0x6a0d41b0, 0xa3ff9ac9), - TOBN(0x68f469f5, 0xcc30d357), TOBN(0xbe9adf81, 0x6b72be96), - TOBN(0x1cd926fe, 0x903ad461), TOBN(0x7e89e38f, 0xcaca441b), - TOBN(0xf0f82de5, 0xfacf69d4), TOBN(0x363b7e76, 0x4775344c), - TOBN(0x6894f312, 0xb2e36d04), TOBN(0x3c6cb4fe, 0x11d1c9a5), - TOBN(0x85d9c339, 0x4008e1f2), TOBN(0x5e9a85ea, 0x249f326c), - TOBN(0xdc35c60a, 0x678c5e06), TOBN(0xc08b944f, 0x9f86fba9), - TOBN(0xde40c02c, 0x89f71f0f), TOBN(0xad8f3e31, 0xff3da3c0), - TOBN(0x3ea5096b, 0x42125ded), TOBN(0x13879cbf, 0xa7379183), - TOBN(0x6f4714a5, 0x6b306a0b), TOBN(0x359c2ea6, 0x67646c5e), - TOBN(0xfacf8943, 0x07726368), TOBN(0x07a58935, 0x65ff431e), - TOBN(0x24d661d1, 0x68754ab0), TOBN(0x801fce1d, 0x6f429a76), - TOBN(0xc068a85f, 0xa58ce769), TOBN(0xedc35c54, 0x5d5eca2b), - TOBN(0xea31276f, 0xa3f660d1), TOBN(0xa0184ebe, 0xb8fc7167), - TOBN(0x0f20f21a, 0x1d8db0ae), TOBN(0xd96d095f, 0x56c35e12), - TOBN(0xedf402b5, 0xf8c2a25b), TOBN(0x1bb772b9, 0x059204b6), - TOBN(0x50cbeae2, 0x19b4e34c), TOBN(0x93109d80, 0x3fa0845a), - TOBN(0x54f7ccf7, 0x8ef59fb5), TOBN(0x3b438fe2, 0x88070963), - TOBN(0x9e28c659, 0x31f3ba9b), TOBN(0x9cc31b46, 0xead9da92), - TOBN(0x3c2f0ba9, 0xb733aa5f), TOBN(0xdece47cb, 0xf05af235), - TOBN(0xf8e3f715, 0xa2ac82a5), TOBN(0xc97ba641, 0x2203f18a), - TOBN(0xc3af5504, 0x09c11060), TOBN(0x56ea2c05, 0x46af512d), - TOBN(0xfac28daf, 0xf3f28146), TOBN(0x87fab43a, 0x959ef494),} - , - {TOBN(0x09891641, 0xd4c5105f), TOBN(0x1ae80f8e, 0x6d7fbd65), - TOBN(0x9d67225f, 0xbee6bdb0), TOBN(0x3b433b59, 0x7fc4d860), - TOBN(0x44e66db6, 0x93e85638), TOBN(0xf7b59252, 0xe3e9862f), - TOBN(0xdb785157, 0x665c32ec), TOBN(0x702fefd7, 0xae362f50), - TOBN(0x3754475d, 0x0fefb0c3), TOBN(0xd48fb56b, 0x46d7c35d), - TOBN(0xa070b633, 0x363798a4), TOBN(0xae89f3d2, 0x8fdb98e6), - TOBN(0x970b89c8, 0x6363d14c), TOBN(0x89817521, 0x67abd27d), - TOBN(0x9bf7d474, 0x44d5a021), TOBN(0xb3083baf, 0xcac72aee), - TOBN(0x389741de, 0xbe949a44), TOBN(0x638e9388, 0x546a4fa5), - TOBN(0x3fe6419c, 0xa0047bdc), TOBN(0x7047f648, 0xaaea57ca), - TOBN(0x54e48a90, 0x41fbab17), TOBN(0xda8e0b28, 0x576bdba2), - TOBN(0xe807eebc, 0xc72afddc), TOBN(0x07d3336d, 0xf42577bf), - TOBN(0x62a8c244, 0xbfe20925), TOBN(0x91c19ac3, 0x8fdce867), - TOBN(0x5a96a5d5, 0xdd387063), TOBN(0x61d587d4, 0x21d324f6), - TOBN(0xe87673a2, 0xa37173ea), TOBN(0x23848008, 0x53778b65), - TOBN(0x10f8441e, 0x05bab43e), TOBN(0xfa11fe12, 0x4621efbe), - TOBN(0x047b772e, 0x81685d7b), TOBN(0x23f27d81, 0xbf34a976), - TOBN(0xc27608e2, 0x915f48ef), TOBN(0x3b0b43fa, 0xa521d5c3), - TOBN(0x7613fb26, 0x63ca7284), TOBN(0x7f5729b4, 0x1d4db837), - TOBN(0x87b14898, 0x583b526b), TOBN(0x00b732a6, 0xbbadd3d1), - TOBN(0x8e02f426, 0x2048e396), TOBN(0x436b50b6, 0x383d9de4), - TOBN(0xf78d3481, 0x471e85ad), TOBN(0x8b01ea6a, 0xd005c8d6), - TOBN(0xd3c7afee, 0x97015c07), TOBN(0x46cdf1a9, 0x4e3ba2ae), - TOBN(0x7a42e501, 0x83d3a1d2), TOBN(0xd54b5268, 0xb541dff4), - TOBN(0x3f24cf30, 0x4e23e9bc), TOBN(0x4387f816, 0x126e3624), - TOBN(0x26a46a03, 0x3b0b6d61), TOBN(0xaf1bc845, 0x8b2d777c), - TOBN(0x25c401ba, 0x527de79c), TOBN(0x0e1346d4, 0x4261bbb6), - TOBN(0x4b96c44b, 0x287b4bc7), TOBN(0x658493c7, 0x5254562f), - TOBN(0x23f949fe, 0xb8a24a20), TOBN(0x17ebfed1, 0xf52ca53f), - TOBN(0x9b691bbe, 0xbcfb4853), TOBN(0x5617ff6b, 0x6278a05d), - TOBN(0x241b34c5, 0xe3c99ebd), TOBN(0xfc64242e, 0x1784156a), - TOBN(0x4206482f, 0x695d67df), TOBN(0xb967ce0e, 0xee27c011), - TOBN(0x65db3751, 0x21c80b5d), TOBN(0x2e7a563c, 0xa31ecca0), - TOBN(0xe56ffc4e, 0x5238a07e), TOBN(0x3d6c2966, 0x32ced854), - TOBN(0xe99d7d1a, 0xaf70b885), TOBN(0xafc3bad9, 0x2d686459), - TOBN(0x9c78bf46, 0x0cc8ba5b), TOBN(0x5a439519, 0x18955aa3), - TOBN(0xf8b517a8, 0x5fe4e314), TOBN(0xe60234d0, 0xfcb8906f), - TOBN(0xffe542ac, 0xf2061b23), TOBN(0x287e191f, 0x6b4cb59c), - TOBN(0x21857ddc, 0x09d877d8), TOBN(0x1c23478c, 0x14678941), - TOBN(0xbbf0c056, 0xb6e05ea4), TOBN(0x82da4b53, 0xb01594fe), - TOBN(0xf7526791, 0xfadb8608), TOBN(0x049e832d, 0x7b74cdf6), - TOBN(0xa43581cc, 0xc2b90a34), TOBN(0x73639eb8, 0x9360b10c), - TOBN(0x4fba331f, 0xe1e4a71b), TOBN(0x6ffd6b93, 0x8072f919), - TOBN(0x6e53271c, 0x65679032), TOBN(0x67206444, 0xf14272ce), - TOBN(0xc0f734a3, 0xb2335834), TOBN(0x9526205a, 0x90ef6860), - TOBN(0xcb8be717, 0x04e2bb0d), TOBN(0x2418871e, 0x02f383fa), - TOBN(0xd7177681, 0x4082c157), TOBN(0xcc914ad0, 0x29c20073), - TOBN(0xf186c1eb, 0xe587e728), TOBN(0x6fdb3c22, 0x61bcd5fd), - TOBN(0x30d014a6, 0xf2f9f8e9), TOBN(0x963ece23, 0x4fec49d2), - TOBN(0x862025c5, 0x9605a8d9), TOBN(0x39874445, 0x19f8929a), - TOBN(0x01b6ff65, 0x12bf476a), TOBN(0x598a64d8, 0x09cf7d91), - TOBN(0xd7ec7749, 0x93be56ca), TOBN(0x10899785, 0xcbb33615), - TOBN(0xb8a092fd, 0x02eee3ad), TOBN(0xa86b3d35, 0x30145270), - TOBN(0x323d98c6, 0x8512b675), TOBN(0x4b8bc785, 0x62ebb40f), - TOBN(0x7d301f54, 0x413f9cde), TOBN(0xa5e4fb4f, 0x2bab5664), - TOBN(0x1d2b252d, 0x1cbfec23), TOBN(0xfcd576bb, 0xe177120d), - TOBN(0x04427d3e, 0x83731a34), TOBN(0x2bb9028e, 0xed836e8e), - TOBN(0xb36acff8, 0xb612ca7c), TOBN(0xb88fe5ef, 0xd3d9c73a), - TOBN(0xbe2a6bc6, 0xedea4eb3), TOBN(0x43b93133, 0x488eec77), - TOBN(0xf41ff566, 0xb17106e1), TOBN(0x469e9172, 0x654efa32), - TOBN(0xb4480f04, 0x41c23fa3), TOBN(0xb4712eb0, 0xc1989a2e), - TOBN(0x3ccbba0f, 0x93a29ca7), TOBN(0x6e205c14, 0xd619428c), - TOBN(0x90db7957, 0xb3641686), TOBN(0x0432691d, 0x45ac8b4e), - TOBN(0x07a759ac, 0xf64e0350), TOBN(0x0514d89c, 0x9c972517), - TOBN(0x1701147f, 0xa8e67fc3), TOBN(0x9e2e0b8b, 0xab2085be), - TOBN(0xd5651824, 0xac284e57), TOBN(0x890d4325, 0x74893664), - TOBN(0x8a7c5e6e, 0xc55e68a3), TOBN(0xbf12e90b, 0x4339c85a), - TOBN(0x31846b85, 0xf922b655), TOBN(0x9a54ce4d, 0x0bf4d700), - TOBN(0xd7f4e83a, 0xf1a14295), TOBN(0x916f955c, 0xb285d4f9), - TOBN(0xe57bb0e0, 0x99ffdaba), TOBN(0x28a43034, 0xeab0d152), - TOBN(0x0a36ffa2, 0xb8a9cef8), TOBN(0x5517407e, 0xb9ec051a), - TOBN(0x9c796096, 0xea68e672), TOBN(0x853db5fb, 0xfb3c77fb), - TOBN(0x21474ba9, 0xe864a51a), TOBN(0x6c267699, 0x6e8a1b8b), - TOBN(0x7c823626, 0x94120a28), TOBN(0xe61e9a48, 0x8383a5db), - TOBN(0x7dd75003, 0x9f84216d), TOBN(0xab020d07, 0xad43cd85), - TOBN(0x9437ae48, 0xda12c659), TOBN(0x6449c2eb, 0xe65452ad), - TOBN(0xcc7c4c1c, 0x2cf9d7c1), TOBN(0x1320886a, 0xee95e5ab), - TOBN(0xbb7b9056, 0xbeae170c), TOBN(0xc8a5b250, 0xdbc0d662), - TOBN(0x4ed81432, 0xc11d2303), TOBN(0x7da66912, 0x1f03769f), - TOBN(0x3ac7a5fd, 0x84539828), TOBN(0x14dada94, 0x3bccdd02), - TOBN(0x8b84c321, 0x7ef6b0d1), TOBN(0x52a9477a, 0x7c933f22), - TOBN(0x5ef6728a, 0xfd440b82), TOBN(0x5c3bd859, 0x6ce4bd5e), - TOBN(0x918b80f5, 0xf22c2d3e), TOBN(0x368d5040, 0xb7bb6cc5), - TOBN(0xb66142a1, 0x2695a11c), TOBN(0x60ac583a, 0xeb19ea70), - TOBN(0x317cbb98, 0x0eab2437), TOBN(0x8cc08c55, 0x5e2654c8), - TOBN(0xfe2d6520, 0xe6d8307f), TOBN(0xe9f147f3, 0x57428993), - TOBN(0x5f9c7d14, 0xd2fd6cf1), TOBN(0xa3ecd064, 0x2d4fcbb0), - TOBN(0xad83fef0, 0x8e7341f7), TOBN(0x643f23a0, 0x3a63115c), - TOBN(0xd38a78ab, 0xe65ab743), TOBN(0xbf7c75b1, 0x35edc89c), - TOBN(0x3dd8752e, 0x530df568), TOBN(0xf85c4a76, 0xe308c682), - TOBN(0x4c9955b2, 0xe68acf37), TOBN(0xa544df3d, 0xab32af85), - TOBN(0x4b8ec3f5, 0xa25cf493), TOBN(0x4d8f2764, 0x1a622feb), - TOBN(0x7bb4f7aa, 0xf0dcbc49), TOBN(0x7de551f9, 0x70bbb45b), - TOBN(0xcfd0f3e4, 0x9f2ca2e5), TOBN(0xece58709, 0x1f5c76ef), - TOBN(0x32920edd, 0x167d79ae), TOBN(0x039df8a2, 0xfa7d7ec1), - TOBN(0xf46206c0, 0xbb30af91), TOBN(0x1ff5e2f5, 0x22676b59), - TOBN(0x11f4a039, 0x6ea51d66), TOBN(0x506c1445, 0x807d7a26), - TOBN(0x60da5705, 0x755a9b24), TOBN(0x8fc8cc32, 0x1f1a319e), - TOBN(0x83642d4d, 0x9433d67d), TOBN(0x7fa5cb8f, 0x6a7dd296), - TOBN(0x576591db, 0x9b7bde07), TOBN(0x13173d25, 0x419716fb), - TOBN(0xea30599d, 0xd5b340ff), TOBN(0xfc6b5297, 0xb0fe76c5), - TOBN(0x1c6968c8, 0xab8f5adc), TOBN(0xf723c7f5, 0x901c928d), - TOBN(0x4203c321, 0x9773d402), TOBN(0xdf7c6aa3, 0x1b51dd47), - TOBN(0x3d49e37a, 0x552be23c), TOBN(0x57febee8, 0x0b5a6e87), - TOBN(0xc5ecbee4, 0x7bd8e739), TOBN(0x79d44994, 0xae63bf75), - TOBN(0x168bd00f, 0x38fb8923), TOBN(0x75d48ee4, 0xd0533130), - TOBN(0x554f77aa, 0xdb5cdf33), TOBN(0x3396e896, 0x3c696769), - TOBN(0x2fdddbf2, 0xd3fd674e), TOBN(0xbbb8f6ee, 0x99d0e3e5), - TOBN(0x51b90651, 0xcbae2f70), TOBN(0xefc4bc05, 0x93aaa8eb), - TOBN(0x8ecd8689, 0xdd1df499), TOBN(0x1aee99a8, 0x22f367a5), - TOBN(0x95d485b9, 0xae8274c5), TOBN(0x6c14d445, 0x7d30b39c), - TOBN(0xbafea90b, 0xbcc1ef81), TOBN(0x7c5f317a, 0xa459a2ed), - TOBN(0x01211075, 0x4ef44227), TOBN(0xa17bed6e, 0xdc20f496), - TOBN(0x0cdfe424, 0x819853cd), TOBN(0x13793298, 0xf71e2ce7), - TOBN(0x3c1f3078, 0xdbbe307b), TOBN(0x6dd1c20e, 0x76ee9936), - TOBN(0x23ee4b57, 0x423caa20), TOBN(0x4ac3793b, 0x8efb840e), - TOBN(0x934438eb, 0xed1f8ca0), TOBN(0x3e546658, 0x4ebb25a2), - TOBN(0xc415af0e, 0xc069896f), TOBN(0xc13eddb0, 0x9a5aa43d), - TOBN(0x7a04204f, 0xd49eb8f6), TOBN(0xd0d5bdfc, 0xd74f1670), - TOBN(0x3697e286, 0x56fc0558), TOBN(0x10207371, 0x01cebade), - TOBN(0x5f87e690, 0x0647a82b), TOBN(0x908e0ed4, 0x8f40054f), - TOBN(0xa9f633d4, 0x79853803), TOBN(0x8ed13c9a, 0x4a28b252), - TOBN(0x3e2ef676, 0x1f460f64), TOBN(0x53930b9b, 0x36d06336), - TOBN(0x347073ac, 0x8fc4979b), TOBN(0x84380e0e, 0x5ecd5597), - TOBN(0xe3b22c6b, 0xc4fe3c39), TOBN(0xba4a8153, 0x6c7bebdf), - TOBN(0xf23ab6b7, 0x25693459), TOBN(0x53bc3770, 0x14922b11), - TOBN(0x4645c8ab, 0x5afc60db), TOBN(0xaa022355, 0x20b9f2a3), - TOBN(0x52a2954c, 0xce0fc507), TOBN(0x8c2731bb, 0x7ce1c2e7), - TOBN(0xf39608ab, 0x18a0339d), TOBN(0xac7a658d, 0x3735436c), - TOBN(0xb22c2b07, 0xcd992b4f), TOBN(0x4e83daec, 0xf40dcfd4), - TOBN(0x8a34c7be, 0x2f39ea3e), TOBN(0xef0c005f, 0xb0a56d2e), - TOBN(0x62731f6a, 0x6edd8038), TOBN(0x5721d740, 0x4e3cb075), - TOBN(0x1ea41511, 0xfbeeee1b), TOBN(0xd1ef5e73, 0xef1d0c05), - TOBN(0x42feefd1, 0x73c07d35), TOBN(0xe530a00a, 0x8a329493), - TOBN(0x5d55b7fe, 0xf15ebfb0), TOBN(0x549de03c, 0xd322491a), - TOBN(0xf7b5f602, 0x745b3237), TOBN(0x3632a3a2, 0x1ab6e2b6), - TOBN(0x0d3bba89, 0x0ef59f78), TOBN(0x0dfc6443, 0xc9e52b9a), - TOBN(0x1dc79699, 0x72631447), TOBN(0xef033917, 0xb3be20b1), - TOBN(0x0c92735d, 0xb1383948), TOBN(0xc1fc29a2, 0xc0dd7d7d), - TOBN(0x6485b697, 0x403ed068), TOBN(0x13bfaab3, 0xaac93bdc), - TOBN(0x410dc6a9, 0x0deeaf52), TOBN(0xb003fb02, 0x4c641c15), - TOBN(0x1384978c, 0x5bc504c4), TOBN(0x37640487, 0x864a6a77), - TOBN(0x05991bc6, 0x222a77da), TOBN(0x62260a57, 0x5e47eb11), - TOBN(0xc7af6613, 0xf21b432c), TOBN(0x22f3acc9, 0xab4953e9), - TOBN(0x52934922, 0x8e41d155), TOBN(0x4d024568, 0x3ac059ef), - TOBN(0xb0201755, 0x4d884411), TOBN(0xce8055cf, 0xa59a178f), - TOBN(0xcd77d1af, 0xf6204549), TOBN(0xa0a00a3e, 0xc7066759), - TOBN(0x471071ef, 0x0272c229), TOBN(0x009bcf6b, 0xd3c4b6b0), - TOBN(0x2a2638a8, 0x22305177), TOBN(0xd51d59df, 0x41645bbf), - TOBN(0xa81142fd, 0xc0a7a3c0), TOBN(0xa17eca6d, 0x4c7063ee), - TOBN(0x0bb887ed, 0x60d9dcec), TOBN(0xd6d28e51, 0x20ad2455), - TOBN(0xebed6308, 0xa67102ba), TOBN(0x042c3114, 0x8bffa408), - TOBN(0xfd099ac5, 0x8aa68e30), TOBN(0x7a6a3d7c, 0x1483513e), - TOBN(0xffcc6b75, 0xba2d8f0c), TOBN(0x54dacf96, 0x1e78b954), - TOBN(0xf645696f, 0xa4a9af89), TOBN(0x3a411940, 0x06ac98ec), - TOBN(0x41b8b3f6, 0x22a67a20), TOBN(0x2d0b1e0f, 0x99dec626), - TOBN(0x27c89192, 0x40be34e8), TOBN(0xc7162b37, 0x91907f35), - TOBN(0x90188ec1, 0xa956702b), TOBN(0xca132f7d, 0xdf93769c), - TOBN(0x3ece44f9, 0x0e2025b4), TOBN(0x67aaec69, 0x0c62f14c), - TOBN(0xad741418, 0x22e3cc11), TOBN(0xcf9b75c3, 0x7ff9a50e), - TOBN(0x02fa2b16, 0x4d348272), TOBN(0xbd99d61a, 0x9959d56d), - TOBN(0xbc4f19db, 0x18762916), TOBN(0xcc7cce50, 0x49c1ac80), - TOBN(0x4d59ebaa, 0xd846bd83), TOBN(0x8775a9dc, 0xa9202849), - TOBN(0x07ec4ae1, 0x6e1f4ca9), TOBN(0x27eb5875, 0xba893f11), - TOBN(0x00284d51, 0x662cc565), TOBN(0x82353a6b, 0x0db4138d), - TOBN(0xd9c7aaaa, 0xaa32a594), TOBN(0xf5528b5e, 0xa5669c47), - TOBN(0xf3220231, 0x2f23c5ff), TOBN(0xe3e8147a, 0x6affa3a1), - TOBN(0xfb423d5c, 0x202ddda0), TOBN(0x3d6414ac, 0x6b871bd4), - TOBN(0x586f82e1, 0xa51a168a), TOBN(0xb712c671, 0x48ae5448), - TOBN(0x9a2e4bd1, 0x76233eb8), TOBN(0x0188223a, 0x78811ca9), - TOBN(0x553c5e21, 0xf7c18de1), TOBN(0x7682e451, 0xb27bb286), - TOBN(0x3ed036b3, 0x0e51e929), TOBN(0xf487211b, 0xec9cb34f), - TOBN(0x0d094277, 0x0c24efc8), TOBN(0x0349fd04, 0xbef737a4), - TOBN(0x6d1c9dd2, 0x514cdd28), TOBN(0x29c135ff, 0x30da9521), - TOBN(0xea6e4508, 0xf78b0b6f), TOBN(0x176f5dd2, 0x678c143c), - TOBN(0x08148418, 0x4be21e65), TOBN(0x27f7525c, 0xe7df38c4), - TOBN(0x1fb70e09, 0x748ab1a4), TOBN(0x9cba50a0, 0x5efe4433), - TOBN(0x7846c7a6, 0x15f75af2), TOBN(0x2a7c2c57, 0x5ee73ea8), - TOBN(0x42e566a4, 0x3f0a449a), TOBN(0x45474c3b, 0xad90fc3d), - TOBN(0x7447be3d, 0x8b61d057), TOBN(0x3e9d1cf1, 0x3a4ec092), - TOBN(0x1603e453, 0xf380a6e6), TOBN(0x0b86e431, 0x9b1437c2), - TOBN(0x7a4173f2, 0xef29610a), TOBN(0x8fa729a7, 0xf03d57f7), - TOBN(0x3e186f6e, 0x6c9c217e), TOBN(0xbe1d3079, 0x91919524), - TOBN(0x92a62a70, 0x153d4fb1), TOBN(0x32ed3e34, 0xd68c2f71), - TOBN(0xd785027f, 0x9eb1a8b7), TOBN(0xbc37eb77, 0xc5b22fe8), - TOBN(0x466b34f0, 0xb9d6a191), TOBN(0x008a89af, 0x9a05f816), - TOBN(0x19b028fb, 0x7d42c10a), TOBN(0x7fe8c92f, 0x49b3f6b8), - TOBN(0x58907cc0, 0xa5a0ade3), TOBN(0xb3154f51, 0x559d1a7c), - TOBN(0x5066efb6, 0xd9790ed6), TOBN(0xa77a0cbc, 0xa6aa793b), - TOBN(0x1a915f3c, 0x223e042e), TOBN(0x1c5def04, 0x69c5874b), - TOBN(0x0e830078, 0x73b6c1da), TOBN(0x55cf85d2, 0xfcd8557a), - TOBN(0x0f7c7c76, 0x0460f3b1), TOBN(0x87052acb, 0x46e58063), - TOBN(0x09212b80, 0x907eae66), TOBN(0x3cb068e0, 0x4d721c89), - TOBN(0xa87941ae, 0xdd45ac1c), TOBN(0xde8d5c0d, 0x0daa0dbb), - TOBN(0xda421fdc, 0xe3502e6e), TOBN(0xc8944201, 0x4d89a084), - TOBN(0x7307ba5e, 0xf0c24bfb), TOBN(0xda212beb, 0x20bde0ef), - TOBN(0xea2da24b, 0xf82ce682), TOBN(0x058d3816, 0x07f71fe4), - TOBN(0x35a02462, 0x5ffad8de), TOBN(0xcd7b05dc, 0xaadcefab), - TOBN(0xd442f8ed, 0x1d9f54ec), TOBN(0x8be3d618, 0xb2d3b5ca), - TOBN(0xe2220ed0, 0xe06b2ce2), TOBN(0x82699a5f, 0x1b0da4c0), - TOBN(0x3ff106f5, 0x71c0c3a7), TOBN(0x8f580f5a, 0x0d34180c), - TOBN(0x4ebb120e, 0x22d7d375), TOBN(0x5e5782cc, 0xe9513675), - TOBN(0x2275580c, 0x99c82a70), TOBN(0xe8359fbf, 0x15ea8c4c), - TOBN(0x53b48db8, 0x7b415e70), TOBN(0xaacf2240, 0x100c6014), - TOBN(0x9faaccf5, 0xe4652f1d), TOBN(0xbd6fdd2a, 0xd56157b2), - TOBN(0xa4f4fb1f, 0x6261ec50), TOBN(0x244e55ad, 0x476bcd52), - TOBN(0x881c9305, 0x047d320b), TOBN(0x1ca983d5, 0x6181263f), - TOBN(0x354e9a44, 0x278fb8ee), TOBN(0xad2dbc0f, 0x396e4964), - TOBN(0x723f3aa2, 0x9268b3de), TOBN(0x0d1ca29a, 0xe6e0609a), - TOBN(0x794866aa, 0x6cf44252), TOBN(0x0b59f3e3, 0x01af87ed), - TOBN(0xe234e5ff, 0x7f4a6c51), TOBN(0xa8768fd2, 0x61dc2f7e), - TOBN(0xdafc7332, 0x0a94d81f), TOBN(0xd7f84282, 0x06938ce1), - TOBN(0xae0b3c0e, 0x0546063e), TOBN(0x7fbadcb2, 0x5d61abc6), - TOBN(0xd5d7a2c9, 0x369ac400), TOBN(0xa5978d09, 0xae67d10c), - TOBN(0x290f211e, 0x4f85eaac), TOBN(0xe61e2ad1, 0xfacac681), - TOBN(0xae125225, 0x388384cd), TOBN(0xa7fb68e9, 0xccfde30f), - TOBN(0x7a59b936, 0x3daed4c2), TOBN(0x80a9aa40, 0x2606f789), - TOBN(0xb40c1ea5, 0xf6a6d90a), TOBN(0x948364d3, 0x514d5885), - TOBN(0x062ebc60, 0x70985182), TOBN(0xa6db5b0e, 0x33310895), - TOBN(0x64a12175, 0xe329c2f5), TOBN(0xc5f25bd2, 0x90ea237e), - TOBN(0x7915c524, 0x2d0a4c23), TOBN(0xeb5d26e4, 0x6bb3cc52), - TOBN(0x369a9116, 0xc09e2c92), TOBN(0x0c527f92, 0xcf182cf8), - TOBN(0x9e591938, 0x2aede0ac), TOBN(0xb2922208, 0x6cc34939), - TOBN(0x3c9d8962, 0x99a34361), TOBN(0x3c81836d, 0xc1905fe6), - TOBN(0x4bfeb57f, 0xa001ec5a), TOBN(0xe993f5bb, 0xa0dc5dba), - TOBN(0x47884109, 0x724a1380), TOBN(0x8a0369ab, 0x32fe9a04), - TOBN(0xea068d60, 0x8c927db8), TOBN(0xbf5f37cf, 0x94655741), - TOBN(0x47d402a2, 0x04b6c7ea), TOBN(0x4551c295, 0x6af259cb), - TOBN(0x698b71e7, 0xed77ee8b), TOBN(0xbddf7bd0, 0xf309d5c7), - TOBN(0x6201c22c, 0x34e780ca), TOBN(0xab04f7d8, 0x4c295ef4), - TOBN(0x1c947294, 0x4313a8ce), TOBN(0xe532e4ac, 0x92ca4cfe), - TOBN(0x89738f80, 0xd0a7a97a), TOBN(0xec088c88, 0xa580fd5b), - TOBN(0x612b1ecc, 0x42ce9e51), TOBN(0x8f9840fd, 0xb25fdd2a), - TOBN(0x3cda78c0, 0x01e7f839), TOBN(0x546b3d3a, 0xece05480), - TOBN(0x271719a9, 0x80d30916), TOBN(0x45497107, 0x584c20c4), - TOBN(0xaf8f9478, 0x5bc78608), TOBN(0x28c7d484, 0x277e2a4c), - TOBN(0xfce01767, 0x88a2ffe4), TOBN(0xdc506a35, 0x28e169a5), - TOBN(0x0ea10861, 0x7af9c93a), TOBN(0x1ed24361, 0x03fa0e08), - TOBN(0x96eaaa92, 0xa3d694e7), TOBN(0xc0f43b4d, 0xef50bc74), - TOBN(0xce6aa58c, 0x64114db4), TOBN(0x8218e8ea, 0x7c000fd4), - TOBN(0xac815dfb, 0x185f8844), TOBN(0xcd7e90cb, 0x1557abfb), - TOBN(0x23d16655, 0xafbfecdf), TOBN(0x80f3271f, 0x085cac4a), - TOBN(0x7fc39aa7, 0xd0e62f47), TOBN(0x88d519d1, 0x460a48e5), - TOBN(0x59559ac4, 0xd28f101e), TOBN(0x7981d9e9, 0xca9ae816), - TOBN(0x5c38652c, 0x9ac38203), TOBN(0x86eaf87f, 0x57657fe5), - TOBN(0x568fc472, 0xe21f5416), TOBN(0x2afff39c, 0xe7e597b5), - TOBN(0x3adbbb07, 0x256d4eab), TOBN(0x22598692, 0x8285ab89), - TOBN(0x35f8112a, 0x041caefe), TOBN(0x95df02e3, 0xa5064c8b), - TOBN(0x4d63356e, 0xc7004bf3), TOBN(0x230a08f4, 0xdb83c7de), - TOBN(0xca27b270, 0x8709a7b7), TOBN(0x0d1c4cc4, 0xcb9abd2d), - TOBN(0x8a0bc66e, 0x7550fee8), TOBN(0x369cd4c7, 0x9cf7247e), - TOBN(0x75562e84, 0x92b5b7e7), TOBN(0x8fed0da0, 0x5802af7b), - TOBN(0x6a7091c2, 0xe48fb889), TOBN(0x26882c13, 0x7b8a9d06), - TOBN(0xa2498663, 0x1b82a0e2), TOBN(0x844ed736, 0x3518152d), - TOBN(0x282f476f, 0xd86e27c7), TOBN(0xa04edaca, 0x04afefdc), - TOBN(0x8b256ebc, 0x6119e34d), TOBN(0x56a413e9, 0x0787d78b),} - , - {TOBN(0x82ee061d, 0x5a74be50), TOBN(0xe41781c4, 0xdea16ff5), - TOBN(0xe0b0c81e, 0x99bfc8a2), TOBN(0x624f4d69, 0x0b547e2d), - TOBN(0x3a83545d, 0xbdcc9ae4), TOBN(0x2573dbb6, 0x409b1e8e), - TOBN(0x482960c4, 0xa6c93539), TOBN(0xf01059ad, 0x5ae18798), - TOBN(0x715c9f97, 0x3112795f), TOBN(0xe8244437, 0x984e6ee1), - TOBN(0x55cb4858, 0xecb66bcd), TOBN(0x7c136735, 0xabaffbee), - TOBN(0x54661595, 0x5dbec38e), TOBN(0x51c0782c, 0x388ad153), - TOBN(0x9ba4c53a, 0xc6e0952f), TOBN(0x27e6782a, 0x1b21dfa8), - TOBN(0x682f903d, 0x4ed2dbc2), TOBN(0x0eba59c8, 0x7c3b2d83), - TOBN(0x8e9dc84d, 0x9c7e9335), TOBN(0x5f9b21b0, 0x0eb226d7), - TOBN(0xe33bd394, 0xaf267bae), TOBN(0xaa86cc25, 0xbe2e15ae), - TOBN(0x4f0bf67d, 0x6a8ec500), TOBN(0x5846aa44, 0xf9630658), - TOBN(0xfeb09740, 0xe2c2bf15), TOBN(0x627a2205, 0xa9e99704), - TOBN(0xec8d73d0, 0xc2fbc565), TOBN(0x223eed8f, 0xc20c8de8), - TOBN(0x1ee32583, 0xa8363b49), TOBN(0x1a0b6cb9, 0xc9c2b0a6), - TOBN(0x49f7c3d2, 0x90dbc85c), TOBN(0xa8dfbb97, 0x1ef4c1ac), - TOBN(0xafb34d4c, 0x65c7c2ab), TOBN(0x1d4610e7, 0xe2c5ea84), - TOBN(0x893f6d1b, 0x973c4ab5), TOBN(0xa3cdd7e9, 0x945ba5c4), - TOBN(0x60514983, 0x064417ee), TOBN(0x1459b23c, 0xad6bdf2b), - TOBN(0x23b2c341, 0x5cf726c3), TOBN(0x3a829635, 0x32d6354a), - TOBN(0x294f901f, 0xab192c18), TOBN(0xec5fcbfe, 0x7030164f), - TOBN(0xe2e2fcb7, 0xe2246ba6), TOBN(0x1e7c88b3, 0x221a1a0c), - TOBN(0x72c7dd93, 0xc92d88c5), TOBN(0x41c2148e, 0x1106fb59), - TOBN(0x547dd4f5, 0xa0f60f14), TOBN(0xed9b52b2, 0x63960f31), - TOBN(0x6c8349eb, 0xb0a5b358), TOBN(0xb154c5c2, 0x9e7e2ed6), - TOBN(0xcad5eccf, 0xeda462db), TOBN(0xf2d6dbe4, 0x2de66b69), - TOBN(0x426aedf3, 0x8665e5b2), TOBN(0x488a8513, 0x7b7f5723), - TOBN(0x15cc43b3, 0x8bcbb386), TOBN(0x27ad0af3, 0xd791d879), - TOBN(0xc16c236e, 0x846e364f), TOBN(0x7f33527c, 0xdea50ca0), - TOBN(0xc4810775, 0x0926b86d), TOBN(0x6c2a3609, 0x0598e70c), - TOBN(0xa6755e52, 0xf024e924), TOBN(0xe0fa07a4, 0x9db4afca), - TOBN(0x15c3ce7d, 0x66831790), TOBN(0x5b4ef350, 0xa6cbb0d6), - TOBN(0x2c4aafc4, 0xb6205969), TOBN(0x42563f02, 0xf6c7854f), - TOBN(0x016aced5, 0x1d983b48), TOBN(0xfeb356d8, 0x99949755), - TOBN(0x8c2a2c81, 0xd1a39bd7), TOBN(0x8f44340f, 0xe6934ae9), - TOBN(0x148cf91c, 0x447904da), TOBN(0x7340185f, 0x0f51a926), - TOBN(0x2f8f00fb, 0x7409ab46), TOBN(0x057e78e6, 0x80e289b2), - TOBN(0x03e5022c, 0xa888e5d1), TOBN(0x3c87111a, 0x9dede4e2), - TOBN(0x5b9b0e1c, 0x7809460b), TOBN(0xe751c852, 0x71c9abc7), - TOBN(0x8b944e28, 0xc7cc1dc9), TOBN(0x4f201ffa, 0x1d3cfa08), - TOBN(0x02fc905c, 0x3e6721ce), TOBN(0xd52d70da, 0xd0b3674c), - TOBN(0x5dc2e5ca, 0x18810da4), TOBN(0xa984b273, 0x5c69dd99), - TOBN(0x63b92527, 0x84de5ca4), TOBN(0x2f1c9872, 0xc852dec4), - TOBN(0x18b03593, 0xc2e3de09), TOBN(0x19d70b01, 0x9813dc2f), - TOBN(0x42806b2d, 0xa6dc1d29), TOBN(0xd3030009, 0xf871e144), - TOBN(0xa1feb333, 0xaaf49276), TOBN(0xb5583b9e, 0xc70bc04b), - TOBN(0x1db0be78, 0x95695f20), TOBN(0xfc841811, 0x89d012b5), - TOBN(0x6409f272, 0x05f61643), TOBN(0x40d34174, 0xd5883128), - TOBN(0xd79196f5, 0x67419833), TOBN(0x6059e252, 0x863b7b08), - TOBN(0x84da1817, 0x1c56700c), TOBN(0x5758ee56, 0xb28d3ec4), - TOBN(0x7da2771d, 0x013b0ea6), TOBN(0xfddf524b, 0x54c5e9b9), - TOBN(0x7df4faf8, 0x24305d80), TOBN(0x58f5c1bf, 0x3a97763f), - TOBN(0xa5af37f1, 0x7c696042), TOBN(0xd4cba22c, 0x4a2538de), - TOBN(0x211cb995, 0x9ea42600), TOBN(0xcd105f41, 0x7b069889), - TOBN(0xb1e1cf19, 0xddb81e74), TOBN(0x472f2d89, 0x5157b8ca), - TOBN(0x086fb008, 0xee9db885), TOBN(0x365cd570, 0x0f26d131), - TOBN(0x284b02bb, 0xa2be7053), TOBN(0xdcbbf7c6, 0x7ab9a6d6), - TOBN(0x4425559c, 0x20f7a530), TOBN(0x961f2dfa, 0x188767c8), - TOBN(0xe2fd9435, 0x70dc80c4), TOBN(0x104d6b63, 0xf0784120), - TOBN(0x7f592bc1, 0x53567122), TOBN(0xf6bc1246, 0xf688ad77), - TOBN(0x05214c05, 0x0f15dde9), TOBN(0xa47a76a8, 0x0d5f2b82), - TOBN(0xbb254d30, 0x62e82b62), TOBN(0x11a05fe0, 0x3ec955ee), - TOBN(0x7eaff46e, 0x9d529b36), TOBN(0x55ab1301, 0x8f9e3df6), - TOBN(0xc463e371, 0x99317698), TOBN(0xfd251438, 0xccda47ad), - TOBN(0xca9c3547, 0x23d695ea), TOBN(0x48ce626e, 0x16e589b5), - TOBN(0x6b5b64c7, 0xb187d086), TOBN(0xd02e1794, 0xb2207948), - TOBN(0x8b58e98f, 0x7198111d), TOBN(0x90ca6305, 0xdcf9c3cc), - TOBN(0x5691fe72, 0xf34089b0), TOBN(0x60941af1, 0xfc7c80ff), - TOBN(0xa09bc0a2, 0x22eb51e5), TOBN(0xc0bb7244, 0xaa9cf09a), - TOBN(0x36a8077f, 0x80159f06), TOBN(0x8b5c989e, 0xdddc560e), - TOBN(0x19d2f316, 0x512e1f43), TOBN(0x02eac554, 0xad08ff62), - TOBN(0x012ab84c, 0x07d20b4e), TOBN(0x37d1e115, 0xd6d4e4e1), - TOBN(0xb6443e1a, 0xab7b19a8), TOBN(0xf08d067e, 0xdef8cd45), - TOBN(0x63adf3e9, 0x685e03da), TOBN(0xcf15a10e, 0x4792b916), - TOBN(0xf44bcce5, 0xb738a425), TOBN(0xebe131d5, 0x9636b2fd), - TOBN(0x94068841, 0x7850d605), TOBN(0x09684eaa, 0xb40d749d), - TOBN(0x8c3c669c, 0x72ba075b), TOBN(0x89f78b55, 0xba469015), - TOBN(0x5706aade, 0x3e9f8ba8), TOBN(0x6d8bd565, 0xb32d7ed7), - TOBN(0x25f4e63b, 0x805f08d6), TOBN(0x7f48200d, 0xc3bcc1b5), - TOBN(0x4e801968, 0xb025d847), TOBN(0x74afac04, 0x87cbe0a8), - TOBN(0x43ed2c2b, 0x7e63d690), TOBN(0xefb6bbf0, 0x0223cdb8), - TOBN(0x4fec3cae, 0x2884d3fe), TOBN(0x065ecce6, 0xd75e25a4), - TOBN(0x6c2294ce, 0x69f79071), TOBN(0x0d9a8e5f, 0x044b8666), - TOBN(0x5009f238, 0x17b69d8f), TOBN(0x3c29f8fe, 0xc5dfdaf7), - TOBN(0x9067528f, 0xebae68c4), TOBN(0x5b385632, 0x30c5ba21), - TOBN(0x540df119, 0x1fdd1aec), TOBN(0xcf37825b, 0xcfba4c78), - TOBN(0x77eff980, 0xbeb11454), TOBN(0x40a1a991, 0x60c1b066), - TOBN(0xe8018980, 0xf889a1c7), TOBN(0xb9c52ae9, 0x76c24be0), - TOBN(0x05fbbcce, 0x45650ef4), TOBN(0xae000f10, 0x8aa29ac7), - TOBN(0x884b7172, 0x4f04c470), TOBN(0x7cd4fde2, 0x19bb5c25), - TOBN(0x6477b22a, 0xe8840869), TOBN(0xa8868859, 0x5fbd0686), - TOBN(0xf23cc02e, 0x1116dfba), TOBN(0x76cd563f, 0xd87d7776), - TOBN(0xe2a37598, 0xa9d82abf), TOBN(0x5f188ccb, 0xe6c170f5), - TOBN(0x81682200, 0x5066b087), TOBN(0xda22c212, 0xc7155ada), - TOBN(0x151e5d3a, 0xfbddb479), TOBN(0x4b606b84, 0x6d715b99), - TOBN(0x4a73b54b, 0xf997cb2e), TOBN(0x9a1bfe43, 0x3ecd8b66), - TOBN(0x1c312809, 0x2a67d48a), TOBN(0xcd6a671e, 0x031fa9e2), - TOBN(0xbec3312a, 0x0e43a34a), TOBN(0x1d935639, 0x55ef47d3), - TOBN(0x5ea02489, 0x8fea73ea), TOBN(0x8247b364, 0xa035afb2), - TOBN(0xb58300a6, 0x5265b54c), TOBN(0x3286662f, 0x722c7148), - TOBN(0xb77fd76b, 0xb4ec4c20), TOBN(0xf0a12fa7, 0x0f3fe3fd), - TOBN(0xf845bbf5, 0x41d8c7e8), TOBN(0xe4d969ca, 0x5ec10aa8), - TOBN(0x4c0053b7, 0x43e232a3), TOBN(0xdc7a3fac, 0x37f8a45a), - TOBN(0x3c4261c5, 0x20d81c8f), TOBN(0xfd4b3453, 0xb00eab00), - TOBN(0x76d48f86, 0xd36e3062), TOBN(0x626c5277, 0xa143ff02), - TOBN(0x538174de, 0xaf76f42e), TOBN(0x2267aa86, 0x6407ceac), - TOBN(0xfad76351, 0x72e572d5), TOBN(0xab861af7, 0xba7330eb), - TOBN(0xa0a1c8c7, 0x418d8657), TOBN(0x988821cb, 0x20289a52), - TOBN(0x79732522, 0xcccc18ad), TOBN(0xaadf3f8d, 0xf1a6e027), - TOBN(0xf7382c93, 0x17c2354d), TOBN(0x5ce1680c, 0xd818b689), - TOBN(0x359ebbfc, 0xd9ecbee9), TOBN(0x4330689c, 0x1cae62ac), - TOBN(0xb55ce5b4, 0xc51ac38a), TOBN(0x7921dfea, 0xfe238ee8), - TOBN(0x3972bef8, 0x271d1ca5), TOBN(0x3e423bc7, 0xe8aabd18), - TOBN(0x57b09f3f, 0x44a3e5e3), TOBN(0x5da886ae, 0x7b444d66), - TOBN(0x68206634, 0xa9964375), TOBN(0x356a2fa3, 0x699cd0ff), - TOBN(0xaf0faa24, 0xdba515e9), TOBN(0x536e1f5c, 0xb321d79a), - TOBN(0xd3b9913a, 0x5c04e4ea), TOBN(0xd549dcfe, 0xd6f11513), - TOBN(0xee227bf5, 0x79fd1d94), TOBN(0x9f35afee, 0xb43f2c67), - TOBN(0xd2638d24, 0xf1314f53), TOBN(0x62baf948, 0xcabcd822), - TOBN(0x5542de29, 0x4ef48db0), TOBN(0xb3eb6a04, 0xfc5f6bb2), - TOBN(0x23c110ae, 0x1208e16a), TOBN(0x1a4d15b5, 0xf8363e24), - TOBN(0x30716844, 0x164be00b), TOBN(0xa8e24824, 0xf6f4690d), - TOBN(0x548773a2, 0x90b170cf), TOBN(0xa1bef331, 0x42f191f4), - TOBN(0x70f418d0, 0x9247aa97), TOBN(0xea06028e, 0x48be9147), - TOBN(0xe13122f3, 0xdbfb894e), TOBN(0xbe9b79f6, 0xce274b18), - TOBN(0x85a49de5, 0xca58aadf), TOBN(0x24957758, 0x11487351), - TOBN(0x111def61, 0xbb939099), TOBN(0x1d6a974a, 0x26d13694), - TOBN(0x4474b4ce, 0xd3fc253b), TOBN(0x3a1485e6, 0x4c5db15e), - TOBN(0xe79667b4, 0x147c15b4), TOBN(0xe34f553b, 0x7bc61301), - TOBN(0x032b80f8, 0x17094381), TOBN(0x55d8bafd, 0x723eaa21), - TOBN(0x5a987995, 0xf1c0e74e), TOBN(0x5a9b292e, 0xebba289c), - TOBN(0x413cd4b2, 0xeb4c8251), TOBN(0x98b5d243, 0xd162db0a), - TOBN(0xbb47bf66, 0x68342520), TOBN(0x08d68949, 0xbaa862d1), - TOBN(0x11f349c7, 0xe906abcd), TOBN(0x454ce985, 0xed7bf00e), - TOBN(0xacab5c9e, 0xb55b803b), TOBN(0xb03468ea, 0x31e3c16d), - TOBN(0x5c24213d, 0xd273bf12), TOBN(0x211538eb, 0x71587887), - TOBN(0x198e4a2f, 0x731dea2d), TOBN(0xd5856cf2, 0x74ed7b2a), - TOBN(0x86a632eb, 0x13a664fe), TOBN(0x932cd909, 0xbda41291), - TOBN(0x850e95d4, 0xc0c4ddc0), TOBN(0xc0f422f8, 0x347fc2c9), - TOBN(0xe68cbec4, 0x86076bcb), TOBN(0xf9e7c0c0, 0xcd6cd286), - TOBN(0x65994ddb, 0x0f5f27ca), TOBN(0xe85461fb, 0xa80d59ff), - TOBN(0xff05481a, 0x66601023), TOBN(0xc665427a, 0xfc9ebbfb), - TOBN(0xb0571a69, 0x7587fd52), TOBN(0x935289f8, 0x8d49efce), - TOBN(0x61becc60, 0xea420688), TOBN(0xb22639d9, 0x13a786af), - TOBN(0x1a8e6220, 0x361ecf90), TOBN(0x001f23e0, 0x25506463), - TOBN(0xe4ae9b5d, 0x0a5c2b79), TOBN(0xebc9cdad, 0xd8149db5), - TOBN(0xb33164a1, 0x934aa728), TOBN(0x750eb00e, 0xae9b60f3), - TOBN(0x5a91615b, 0x9b9cfbfd), TOBN(0x97015cbf, 0xef45f7f6), - TOBN(0xb462c4a5, 0xbf5151df), TOBN(0x21adcc41, 0xb07118f2), - TOBN(0xd60c545b, 0x043fa42c), TOBN(0xfc21aa54, 0xe96be1ab), - TOBN(0xe84bc32f, 0x4e51ea80), TOBN(0x3dae45f0, 0x259b5d8d), - TOBN(0xbb73c7eb, 0xc38f1b5e), TOBN(0xe405a74a, 0xe8ae617d), - TOBN(0xbb1ae9c6, 0x9f1c56bd), TOBN(0x8c176b98, 0x49f196a4), - TOBN(0xc448f311, 0x6875092b), TOBN(0xb5afe3de, 0x9f976033), - TOBN(0xa8dafd49, 0x145813e5), TOBN(0x687fc4d9, 0xe2b34226), - TOBN(0xf2dfc92d, 0x4c7ff57f), TOBN(0x004e3fc1, 0x401f1b46), - TOBN(0x5afddab6, 0x1430c9ab), TOBN(0x0bdd41d3, 0x2238e997), - TOBN(0xf0947430, 0x418042ae), TOBN(0x71f9adda, 0xcdddc4cb), - TOBN(0x7090c016, 0xc52dd907), TOBN(0xd9bdf44d, 0x29e2047f), - TOBN(0xe6f1fe80, 0x1b1011a6), TOBN(0xb63accbc, 0xd9acdc78), - TOBN(0xcfc7e235, 0x1272a95b), TOBN(0x0c667717, 0xa6276ac8), - TOBN(0x3c0d3709, 0xe2d7eef7), TOBN(0x5add2b06, 0x9a685b3e), - TOBN(0x363ad32d, 0x14ea5d65), TOBN(0xf8e01f06, 0x8d7dd506), - TOBN(0xc9ea2213, 0x75b4aac6), TOBN(0xed2a2bf9, 0x0d353466), - TOBN(0x439d79b5, 0xe9d3a7c3), TOBN(0x8e0ee5a6, 0x81b7f34b), - TOBN(0xcf3dacf5, 0x1dc4ba75), TOBN(0x1d3d1773, 0xeb3310c7), - TOBN(0xa8e67112, 0x7747ae83), TOBN(0x31f43160, 0x197d6b40), - TOBN(0x0521ccee, 0xcd961400), TOBN(0x67246f11, 0xf6535768), - TOBN(0x702fcc5a, 0xef0c3133), TOBN(0x247cc45d, 0x7e16693b), - TOBN(0xfd484e49, 0xc729b749), TOBN(0x522cef7d, 0xb218320f), - TOBN(0xe56ef405, 0x59ab93b3), TOBN(0x225fba11, 0x9f181071), - TOBN(0x33bd6595, 0x15330ed0), TOBN(0xc4be69d5, 0x1ddb32f7), - TOBN(0x264c7668, 0x0448087c), TOBN(0xac30903f, 0x71432dae), - TOBN(0x3851b266, 0x00f9bf47), TOBN(0x400ed311, 0x6cdd6d03), - TOBN(0x045e79fe, 0xf8fd2424), TOBN(0xfdfd974a, 0xfa6da98b), - TOBN(0x45c9f641, 0x0c1e673a), TOBN(0x76f2e733, 0x5b2c5168), - TOBN(0x1adaebb5, 0x2a601753), TOBN(0xb286514c, 0xc57c2d49), - TOBN(0xd8769670, 0x1e0bfd24), TOBN(0x950c547e, 0x04478922), - TOBN(0xd1d41969, 0xe5d32bfe), TOBN(0x30bc1472, 0x750d6c3e), - TOBN(0x8f3679fe, 0xe0e27f3a), TOBN(0x8f64a7dc, 0xa4a6ee0c), - TOBN(0x2fe59937, 0x633dfb1f), TOBN(0xea82c395, 0x977f2547), - TOBN(0xcbdfdf1a, 0x661ea646), TOBN(0xc7ccc591, 0xb9085451), - TOBN(0x82177962, 0x81761e13), TOBN(0xda57596f, 0x9196885c), - TOBN(0xbc17e849, 0x28ffbd70), TOBN(0x1e6e0a41, 0x2671d36f), - TOBN(0x61ae872c, 0x4152fcf5), TOBN(0x441c87b0, 0x9e77e754), - TOBN(0xd0799dd5, 0xa34dff09), TOBN(0x766b4e44, 0x88a6b171), - TOBN(0xdc06a512, 0x11f1c792), TOBN(0xea02ae93, 0x4be35c3e), - TOBN(0xe5ca4d6d, 0xe90c469e), TOBN(0x4df4368e, 0x56e4ff5c), - TOBN(0x7817acab, 0x4baef62e), TOBN(0x9f5a2202, 0xa85b91e8), - TOBN(0x9666ebe6, 0x6ce57610), TOBN(0x32ad31f3, 0xf73bfe03), - TOBN(0x628330a4, 0x25bcf4d6), TOBN(0xea950593, 0x515056e6), - TOBN(0x59811c89, 0xe1332156), TOBN(0xc89cf1fe, 0x8c11b2d7), - TOBN(0x75b63913, 0x04e60cc0), TOBN(0xce811e8d, 0x4625d375), - TOBN(0x030e43fc, 0x2d26e562), TOBN(0xfbb30b4b, 0x608d36a0), - TOBN(0x634ff82c, 0x48528118), TOBN(0x7c6fe085, 0xcd285911), - TOBN(0x7f2830c0, 0x99358f28), TOBN(0x2e60a95e, 0x665e6c09), - TOBN(0x08407d3d, 0x9b785dbf), TOBN(0x530889ab, 0xa759bce7), - TOBN(0xf228e0e6, 0x52f61239), TOBN(0x2b6d1461, 0x6879be3c), - TOBN(0xe6902c04, 0x51a7bbf7), TOBN(0x30ad99f0, 0x76f24a64), - TOBN(0x66d9317a, 0x98bc6da0), TOBN(0xf4f877f3, 0xcb596ac0), - TOBN(0xb05ff62d, 0x4c44f119), TOBN(0x4555f536, 0xe9b77416), - TOBN(0xc7c0d059, 0x8caed63b), TOBN(0x0cd2b7ce, 0xc358b2a9), - TOBN(0x3f33287b, 0x46945fa3), TOBN(0xf8785b20, 0xd67c8791), - TOBN(0xc54a7a61, 0x9637bd08), TOBN(0x54d4598c, 0x18be79d7), - TOBN(0x889e5acb, 0xc46d7ce1), TOBN(0x9a515bb7, 0x8b085877), - TOBN(0xfac1a03d, 0x0b7a5050), TOBN(0x7d3e738a, 0xf2926035), - TOBN(0x861cc2ce, 0x2a6cb0eb), TOBN(0x6f2e2955, 0x8f7adc79), - TOBN(0x61c4d451, 0x33016376), TOBN(0xd9fd2c80, 0x5ad59090), - TOBN(0xe5a83738, 0xb2b836a1), TOBN(0x855b41a0, 0x7c0d6622), - TOBN(0x186fe317, 0x7cc19af1), TOBN(0x6465c1ff, 0xfdd99acb), - TOBN(0x46e5c23f, 0x6974b99e), TOBN(0x75a7cf8b, 0xa2717cbe), - TOBN(0x4d2ebc3f, 0x062be658), TOBN(0x094b4447, 0x5f209c98), - TOBN(0x4af285ed, 0xb940cb5a), TOBN(0x6706d792, 0x7cc82f10), - TOBN(0xc8c8776c, 0x030526fa), TOBN(0xfa8e6f76, 0xa0da9140), - TOBN(0x77ea9d34, 0x591ee4f0), TOBN(0x5f46e337, 0x40274166), - TOBN(0x1bdf98bb, 0xea671457), TOBN(0xd7c08b46, 0x862a1fe2), - TOBN(0x46cc303c, 0x1c08ad63), TOBN(0x99543440, 0x4c845e7b), - TOBN(0x1b8fbdb5, 0x48f36bf7), TOBN(0x5b82c392, 0x8c8273a7), - TOBN(0x08f712c4, 0x928435d5), TOBN(0x071cf0f1, 0x79330380), - TOBN(0xc74c2d24, 0xa8da054a), TOBN(0xcb0e7201, 0x43c46b5c), - TOBN(0x0ad7337a, 0xc0b7eff3), TOBN(0x8552225e, 0xc5e48b3c), - TOBN(0xe6f78b0c, 0x73f13a5f), TOBN(0x5e70062e, 0x82349cbe), - TOBN(0x6b8d5048, 0xe7073969), TOBN(0x392d2a29, 0xc33cb3d2), - TOBN(0xee4f727c, 0x4ecaa20f), TOBN(0xa068c99e, 0x2ccde707), - TOBN(0xfcd5651f, 0xb87a2913), TOBN(0xea3e3c15, 0x3cc252f0), - TOBN(0x777d92df, 0x3b6cd3e4), TOBN(0x7a414143, 0xc5a732e7), - TOBN(0xa895951a, 0xa71ff493), TOBN(0xfe980c92, 0xbbd37cf6), - TOBN(0x45bd5e64, 0xdecfeeff), TOBN(0x910dc2a9, 0xa44c43e9), - TOBN(0xcb403f26, 0xcca9f54d), TOBN(0x928bbdfb, 0x9303f6db), - TOBN(0x3c37951e, 0xa9eee67c), TOBN(0x3bd61a52, 0xf79961c3), - TOBN(0x09a238e6, 0x395c9a79), TOBN(0x6940ca2d, 0x61eb352d), - TOBN(0x7d1e5c5e, 0xc1875631), TOBN(0x1e19742c, 0x1e1b20d1), - TOBN(0x4633d908, 0x23fc2e6e), TOBN(0xa76e29a9, 0x08959149), - TOBN(0x61069d9c, 0x84ed7da5), TOBN(0x0baa11cf, 0x5dbcad51), - TOBN(0xd01eec64, 0x961849da), TOBN(0x93b75f1f, 0xaf3d8c28), - TOBN(0x57bc4f9f, 0x1ca2ee44), TOBN(0x5a26322d, 0x00e00558), - TOBN(0x1888d658, 0x61a023ef), TOBN(0x1d72aab4, 0xb9e5246e), - TOBN(0xa9a26348, 0xe5563ec0), TOBN(0xa0971963, 0xc3439a43), - TOBN(0x567dd54b, 0xadb9b5b7), TOBN(0x73fac1a1, 0xc45a524b), - TOBN(0x8fe97ef7, 0xfe38e608), TOBN(0x608748d2, 0x3f384f48), - TOBN(0xb0571794, 0xc486094f), TOBN(0x869254a3, 0x8bf3a8d6), - TOBN(0x148a8dd1, 0x310b0e25), TOBN(0x99ab9f3f, 0x9aa3f7d8), - TOBN(0x0927c68a, 0x6706c02e), TOBN(0x22b5e76c, 0x69790e6c), - TOBN(0x6c325260, 0x6c71376c), TOBN(0x53a57690, 0x09ef6657), - TOBN(0x8d63f852, 0xedffcf3a), TOBN(0xb4d2ed04, 0x3c0a6f55), - TOBN(0xdb3aa8de, 0x12519b9e), TOBN(0x5d38e9c4, 0x1e0a569a), - TOBN(0x871528bf, 0x303747e2), TOBN(0xa208e77c, 0xf5b5c18d), - TOBN(0x9d129c88, 0xca6bf923), TOBN(0xbcbf197f, 0xbf02839f), - TOBN(0x9b9bf030, 0x27323194), TOBN(0x3b055a8b, 0x339ca59d), - TOBN(0xb46b2312, 0x0f669520), TOBN(0x19789f1f, 0x497e5f24), - TOBN(0x9c499468, 0xaaf01801), TOBN(0x72ee1190, 0x8b69d59c), - TOBN(0x8bd39595, 0xacf4c079), TOBN(0x3ee11ece, 0x8e0cd048), - TOBN(0xebde86ec, 0x1ed66f18), TOBN(0x225d906b, 0xd61fce43), - TOBN(0x5cab07d6, 0xe8bed74d), TOBN(0x16e4617f, 0x27855ab7), - TOBN(0x6568aadd, 0xb2fbc3dd), TOBN(0xedb5484f, 0x8aeddf5b), - TOBN(0x878f20e8, 0x6dcf2fad), TOBN(0x3516497c, 0x615f5699),} - , - {TOBN(0xef0a3fec, 0xfa181e69), TOBN(0x9ea02f81, 0x30d69a98), - TOBN(0xb2e9cf8e, 0x66eab95d), TOBN(0x520f2beb, 0x24720021), - TOBN(0x621c540a, 0x1df84361), TOBN(0x12037721, 0x71fa6d5d), - TOBN(0x6e3c7b51, 0x0ff5f6ff), TOBN(0x817a069b, 0xabb2bef3), - TOBN(0x83572fb6, 0xb294cda6), TOBN(0x6ce9bf75, 0xb9039f34), - TOBN(0x20e012f0, 0x095cbb21), TOBN(0xa0aecc1b, 0xd063f0da), - TOBN(0x57c21c3a, 0xf02909e5), TOBN(0xc7d59ecf, 0x48ce9cdc), - TOBN(0x2732b844, 0x8ae336f8), TOBN(0x056e3723, 0x3f4f85f4), - TOBN(0x8a10b531, 0x89e800ca), TOBN(0x50fe0c17, 0x145208fd), - TOBN(0x9e43c0d3, 0xb714ba37), TOBN(0x427d200e, 0x34189acc), - TOBN(0x05dee24f, 0xe616e2c0), TOBN(0x9c25f4c8, 0xee1854c1), - TOBN(0x4d3222a5, 0x8f342a73), TOBN(0x0807804f, 0xa027c952), - TOBN(0xc222653a, 0x4f0d56f3), TOBN(0x961e4047, 0xca28b805), - TOBN(0x2c03f8b0, 0x4a73434b), TOBN(0x4c966787, 0xab712a19), - TOBN(0xcc196c42, 0x864fee42), TOBN(0xc1be93da, 0x5b0ece5c), - TOBN(0xa87d9f22, 0xc131c159), TOBN(0x2bb6d593, 0xdce45655), - TOBN(0x22c49ec9, 0xb809b7ce), TOBN(0x8a41486b, 0xe2c72c2c), - TOBN(0x813b9420, 0xfea0bf36), TOBN(0xb3d36ee9, 0xa66dac69), - TOBN(0x6fddc08a, 0x328cc987), TOBN(0x0a3bcd2c, 0x3a326461), - TOBN(0x7103c49d, 0xd810dbba), TOBN(0xf9d81a28, 0x4b78a4c4), - TOBN(0x3de865ad, 0xe4d55941), TOBN(0xdedafa5e, 0x30384087), - TOBN(0x6f414abb, 0x4ef18b9b), TOBN(0x9ee9ea42, 0xfaee5268), - TOBN(0x260faa16, 0x37a55a4a), TOBN(0xeb19a514, 0x015f93b9), - TOBN(0x51d7ebd2, 0x9e9c3598), TOBN(0x523fc56d, 0x1932178e), - TOBN(0x501d070c, 0xb98fe684), TOBN(0xd60fbe9a, 0x124a1458), - TOBN(0xa45761c8, 0x92bc6b3f), TOBN(0xf5384858, 0xfe6f27cb), - TOBN(0x4b0271f7, 0xb59e763b), TOBN(0x3d4606a9, 0x5b5a8e5e), - TOBN(0x1eda5d9b, 0x05a48292), TOBN(0xda7731d0, 0xe6fec446), - TOBN(0xa3e33693, 0x90d45871), TOBN(0xe9764040, 0x06166d8d), - TOBN(0xb5c33682, 0x89a90403), TOBN(0x4bd17983, 0x72f1d637), - TOBN(0xa616679e, 0xd5d2c53a), TOBN(0x5ec4bcd8, 0xfdcf3b87), - TOBN(0xae6d7613, 0xb66a694e), TOBN(0x7460fc76, 0xe3fc27e5), - TOBN(0x70469b82, 0x95caabee), TOBN(0xde024ca5, 0x889501e3), - TOBN(0x6bdadc06, 0x076ed265), TOBN(0x0cb1236b, 0x5a0ef8b2), - TOBN(0x4065ddbf, 0x0972ebf9), TOBN(0xf1dd3875, 0x22aca432), - TOBN(0xa88b97cf, 0x744aff76), TOBN(0xd1359afd, 0xfe8e3d24), - TOBN(0x52a3ba2b, 0x91502cf3), TOBN(0x2c3832a8, 0x084db75d), - TOBN(0x04a12ddd, 0xde30b1c9), TOBN(0x7802eabc, 0xe31fd60c), - TOBN(0x33707327, 0xa37fddab), TOBN(0x65d6f2ab, 0xfaafa973), - TOBN(0x3525c5b8, 0x11e6f91a), TOBN(0x76aeb0c9, 0x5f46530b), - TOBN(0xe8815ff6, 0x2f93a675), TOBN(0xa6ec9684, 0x05f48679), - TOBN(0x6dcbb556, 0x358ae884), TOBN(0x0af61472, 0xe19e3873), - TOBN(0x72334372, 0xa5f696be), TOBN(0xc65e57ea, 0x6f22fb70), - TOBN(0x268da30c, 0x946cea90), TOBN(0x136a8a87, 0x65681b2a), - TOBN(0xad5e81dc, 0x0f9f44d4), TOBN(0xf09a6960, 0x2c46585a), - TOBN(0xd1649164, 0xc447d1b1), TOBN(0x3b4b36c8, 0x879dc8b1), - TOBN(0x20d4177b, 0x3b6b234c), TOBN(0x096a2505, 0x1730d9d0), - TOBN(0x0611b9b8, 0xef80531d), TOBN(0xba904b3b, 0x64bb495d), - TOBN(0x1192d9d4, 0x93a3147a), TOBN(0x9f30a5dc, 0x9a565545), - TOBN(0x90b1f9cb, 0x6ef07212), TOBN(0x29958546, 0x0d87fc13), - TOBN(0xd3323eff, 0xc17db9ba), TOBN(0xcb18548c, 0xcb1644a8), - TOBN(0x18a306d4, 0x4f49ffbc), TOBN(0x28d658f1, 0x4c2e8684), - TOBN(0x44ba60cd, 0xa99f8c71), TOBN(0x67b7abdb, 0x4bf742ff), - TOBN(0x66310f9c, 0x914b3f99), TOBN(0xae430a32, 0xf412c161), - TOBN(0x1e6776d3, 0x88ace52f), TOBN(0x4bc0fa24, 0x52d7067d), - TOBN(0x03c286aa, 0x8f07cd1b), TOBN(0x4cb8f38c, 0xa985b2c1), - TOBN(0x83ccbe80, 0x8c3bff36), TOBN(0x005a0bd2, 0x5263e575), - TOBN(0x460d7dda, 0x259bdcd1), TOBN(0x4a1c5642, 0xfa5cab6b), - TOBN(0x2b7bdbb9, 0x9fe4fc88), TOBN(0x09418e28, 0xcc97bbb5), - TOBN(0xd8274fb4, 0xa12321ae), TOBN(0xb137007d, 0x5c87b64e), - TOBN(0x80531fe1, 0xc63c4962), TOBN(0x50541e89, 0x981fdb25), - TOBN(0xdc1291a1, 0xfd4c2b6b), TOBN(0xc0693a17, 0xa6df4fca), - TOBN(0xb2c4604e, 0x0117f203), TOBN(0x245f1963, 0x0a99b8d0), - TOBN(0xaedc20aa, 0xc6212c44), TOBN(0xb1ed4e56, 0x520f52a8), - TOBN(0xfe48f575, 0xf8547be3), TOBN(0x0a7033cd, 0xa9e45f98), - TOBN(0x4b45d3a9, 0x18c50100), TOBN(0xb2a6cd6a, 0xa61d41da), - TOBN(0x60bbb4f5, 0x57933c6b), TOBN(0xa7538ebd, 0x2b0d7ffc), - TOBN(0x9ea3ab8d, 0x8cd626b6), TOBN(0x8273a484, 0x3601625a), - TOBN(0x88859845, 0x0168e508), TOBN(0x8cbc9bb2, 0x99a94abd), - TOBN(0x713ac792, 0xfab0a671), TOBN(0xa3995b19, 0x6c9ebffc), - TOBN(0xe711668e, 0x1239e152), TOBN(0x56892558, 0xbbb8dff4), - TOBN(0x8bfc7dab, 0xdbf17963), TOBN(0x5b59fe5a, 0xb3de1253), - TOBN(0x7e3320eb, 0x34a9f7ae), TOBN(0xe5e8cf72, 0xd751efe4), - TOBN(0x7ea003bc, 0xd9be2f37), TOBN(0xc0f551a0, 0xb6c08ef7), - TOBN(0x56606268, 0x038f6725), TOBN(0x1dd38e35, 0x6d92d3b6), - TOBN(0x07dfce7c, 0xc3cbd686), TOBN(0x4e549e04, 0x651c5da8), - TOBN(0x4058f93b, 0x08b19340), TOBN(0xc2fae6f4, 0xcac6d89d), - TOBN(0x4bad8a8c, 0x8f159cc7), TOBN(0x0ddba4b3, 0xcb0b601c), - TOBN(0xda4fc7b5, 0x1dd95f8c), TOBN(0x1d163cd7, 0xcea5c255), - TOBN(0x30707d06, 0x274a8c4c), TOBN(0x79d9e008, 0x2802e9ce), - TOBN(0x02a29ebf, 0xe6ddd505), TOBN(0x37064e74, 0xb50bed1a), - TOBN(0x3f6bae65, 0xa7327d57), TOBN(0x3846f5f1, 0xf83920bc), - TOBN(0x87c37491, 0x60df1b9b), TOBN(0x4cfb2895, 0x2d1da29f), - TOBN(0x10a478ca, 0x4ed1743c), TOBN(0x390c6030, 0x3edd47c6), - TOBN(0x8f3e5312, 0x8c0a78de), TOBN(0xccd02bda, 0x1e85df70), - TOBN(0xd6c75c03, 0xa61b6582), TOBN(0x0762921c, 0xfc0eebd1), - TOBN(0xd34d0823, 0xd85010c0), TOBN(0xd73aaacb, 0x0044cf1f), - TOBN(0xfb4159bb, 0xa3b5e78a), TOBN(0x2287c7f7, 0xe5826f3f), - TOBN(0x4aeaf742, 0x580b1a01), TOBN(0xf080415d, 0x60423b79), - TOBN(0xe12622cd, 0xa7dea144), TOBN(0x49ea4996, 0x59d62472), - TOBN(0xb42991ef, 0x571f3913), TOBN(0x0610f214, 0xf5b25a8a), - TOBN(0x47adc585, 0x30b79e8f), TOBN(0xf90e3df6, 0x07a065a2), - TOBN(0x5d0a5deb, 0x43e2e034), TOBN(0x53fb5a34, 0x444024aa), - TOBN(0xa8628c68, 0x6b0c9f7f), TOBN(0x9c69c29c, 0xac563656), - TOBN(0x5a231feb, 0xbace47b6), TOBN(0xbdce0289, 0x9ea5a2ec), - TOBN(0x05da1fac, 0x9463853e), TOBN(0x96812c52, 0x509e78aa), - TOBN(0xd3fb5771, 0x57151692), TOBN(0xeb2721f8, 0xd98e1c44), - TOBN(0xc0506087, 0x32399be1), TOBN(0xda5a5511, 0xd979d8b8), - TOBN(0x737ed55d, 0xc6f56780), TOBN(0xe20d3004, 0x0dc7a7f4), - TOBN(0x02ce7301, 0xf5941a03), TOBN(0x91ef5215, 0xed30f83a), - TOBN(0x28727fc1, 0x4092d85f), TOBN(0x72d223c6, 0x5c49e41a), - TOBN(0xa7cf30a2, 0xba6a4d81), TOBN(0x7c086209, 0xb030d87d), - TOBN(0x04844c7d, 0xfc588b09), TOBN(0x728cd499, 0x5874bbb0), - TOBN(0xcc1281ee, 0xe84c0495), TOBN(0x0769b5ba, 0xec31958f), - TOBN(0x665c228b, 0xf99c2471), TOBN(0xf2d8a11b, 0x191eb110), - TOBN(0x4594f494, 0xd36d7024), TOBN(0x482ded8b, 0xcdcb25a1), - TOBN(0xc958a9d8, 0xdadd4885), TOBN(0x7004477e, 0xf1d2b547), - TOBN(0x0a45f6ef, 0x2a0af550), TOBN(0x4fc739d6, 0x2f8d6351), - TOBN(0x75cdaf27, 0x786f08a9), TOBN(0x8700bb26, 0x42c2737f), - TOBN(0x855a7141, 0x1c4e2670), TOBN(0x810188c1, 0x15076fef), - TOBN(0xc251d0c9, 0xabcd3297), TOBN(0xae4c8967, 0xf48108eb), - TOBN(0xbd146de7, 0x18ceed30), TOBN(0xf9d4f07a, 0xc986bced), - TOBN(0x5ad98ed5, 0x83fa1e08), TOBN(0x7780d33e, 0xbeabd1fb), - TOBN(0xe330513c, 0x903b1196), TOBN(0xba11de9e, 0xa47bc8c4), - TOBN(0x684334da, 0x02c2d064), TOBN(0x7ecf360d, 0xa48de23b), - TOBN(0x57a1b474, 0x0a9089d8), TOBN(0xf28fa439, 0xff36734c), - TOBN(0xf2a482cb, 0xea4570b3), TOBN(0xee65d68b, 0xa5ebcee9), - TOBN(0x988d0036, 0xb9694cd5), TOBN(0x53edd0e9, 0x37885d32), - TOBN(0xe37e3307, 0xbeb9bc6d), TOBN(0xe9abb907, 0x9f5c6768), - TOBN(0x4396ccd5, 0x51f2160f), TOBN(0x2500888c, 0x47336da6), - TOBN(0x383f9ed9, 0x926fce43), TOBN(0x809dd1c7, 0x04da2930), - TOBN(0x30f6f596, 0x8a4cb227), TOBN(0x0d700c7f, 0x73a56b38), - TOBN(0x1825ea33, 0xab64a065), TOBN(0xaab9b735, 0x1338df80), - TOBN(0x1516100d, 0x9b63f57f), TOBN(0x2574395a, 0x27a6a634), - TOBN(0xb5560fb6, 0x700a1acd), TOBN(0xe823fd73, 0xfd999681), - TOBN(0xda915d1f, 0x6cb4e1ba), TOBN(0x0d030118, 0x6ebe00a3), - TOBN(0x744fb0c9, 0x89fca8cd), TOBN(0x970d01db, 0xf9da0e0b), - TOBN(0x0ad8c564, 0x7931d76f), TOBN(0xb15737bf, 0xf659b96a), - TOBN(0xdc9933e8, 0xa8b484e7), TOBN(0xb2fdbdf9, 0x7a26dec7), - TOBN(0x2349e9a4, 0x9f1f0136), TOBN(0x7860368e, 0x70fddddb), - TOBN(0xd93d2c1c, 0xf9ad3e18), TOBN(0x6d6c5f17, 0x689f4e79), - TOBN(0x7a544d91, 0xb24ff1b6), TOBN(0x3e12a5eb, 0xfe16cd8c), - TOBN(0x543574e9, 0xa56b872f), TOBN(0xa1ad550c, 0xfcf68ea2), - TOBN(0x689e37d2, 0x3f560ef7), TOBN(0x8c54b9ca, 0xc9d47a8b), - TOBN(0x46d40a4a, 0x088ac342), TOBN(0xec450c7c, 0x1576c6d0), - TOBN(0xb589e31c, 0x1f9689e9), TOBN(0xdacf2602, 0xb8781718), - TOBN(0xa89237c6, 0xc8cb6b42), TOBN(0x1326fc93, 0xb96ef381), - TOBN(0x55d56c6d, 0xb5f07825), TOBN(0xacba2eea, 0x7449e22d), - TOBN(0x74e0887a, 0x633c3000), TOBN(0xcb6cd172, 0xd7cbcf71), - TOBN(0x309e81de, 0xc36cf1be), TOBN(0x07a18a6d, 0x60ae399b), - TOBN(0xb36c2679, 0x9edce57e), TOBN(0x52b892f4, 0xdf001d41), - TOBN(0xd884ae5d, 0x16a1f2c6), TOBN(0x9b329424, 0xefcc370a), - TOBN(0x3120daf2, 0xbd2e21df), TOBN(0x55298d2d, 0x02470a99), - TOBN(0x0b78af6c, 0xa05db32e), TOBN(0x5c76a331, 0x601f5636), - TOBN(0xaae861ff, 0xf8a4f29c), TOBN(0x70dc9240, 0xd68f8d49), - TOBN(0x960e649f, 0x81b1321c), TOBN(0x3d2c801b, 0x8792e4ce), - TOBN(0xf479f772, 0x42521876), TOBN(0x0bed93bc, 0x416c79b1), - TOBN(0xa67fbc05, 0x263e5bc9), TOBN(0x01e8e630, 0x521db049), - TOBN(0x76f26738, 0xc6f3431e), TOBN(0xe609cb02, 0xe3267541), - TOBN(0xb10cff2d, 0x818c877c), TOBN(0x1f0e75ce, 0x786a13cb), - TOBN(0xf4fdca64, 0x1158544d), TOBN(0x5d777e89, 0x6cb71ed0), - TOBN(0x3c233737, 0xa9aa4755), TOBN(0x7b453192, 0xe527ab40), - TOBN(0xdb59f688, 0x39f05ffe), TOBN(0x8f4f4be0, 0x6d82574e), - TOBN(0xcce3450c, 0xee292d1b), TOBN(0xaa448a12, 0x61ccd086), - TOBN(0xabce91b3, 0xf7914967), TOBN(0x4537f09b, 0x1908a5ed), - TOBN(0xa812421e, 0xf51042e7), TOBN(0xfaf5cebc, 0xec0b3a34), - TOBN(0x730ffd87, 0x4ca6b39a), TOBN(0x70fb72ed, 0x02efd342), - TOBN(0xeb4735f9, 0xd75c8edb), TOBN(0xc11f2157, 0xc278aa51), - TOBN(0xc459f635, 0xbf3bfebf), TOBN(0x3a1ff0b4, 0x6bd9601f), - TOBN(0xc9d12823, 0xc420cb73), TOBN(0x3e9af3e2, 0x3c2915a3), - TOBN(0xe0c82c72, 0xb41c3440), TOBN(0x175239e5, 0xe3039a5f), - TOBN(0xe1084b8a, 0x558795a3), TOBN(0x328d0a1d, 0xd01e5c60), - TOBN(0x0a495f2e, 0xd3788a04), TOBN(0x25d8ff16, 0x66c11a9f), - TOBN(0xf5155f05, 0x9ed692d6), TOBN(0x954fa107, 0x4f425fe4), - TOBN(0xd16aabf2, 0xe98aaa99), TOBN(0x90cd8ba0, 0x96b0f88a), - TOBN(0x957f4782, 0xc154026a), TOBN(0x54ee0734, 0x52af56d2), - TOBN(0xbcf89e54, 0x45b4147a), TOBN(0x3d102f21, 0x9a52816c), - TOBN(0x6808517e, 0x39b62e77), TOBN(0x92e25421, 0x69169ad8), - TOBN(0xd721d871, 0xbb608558), TOBN(0x60e4ebae, 0xf6d4ff9b), - TOBN(0x0ba10819, 0x41f2763e), TOBN(0xca2e45be, 0x51ee3247), - TOBN(0x66d172ec, 0x2bfd7a5f), TOBN(0x528a8f2f, 0x74d0b12d), - TOBN(0xe17f1e38, 0xdabe70dc), TOBN(0x1d5d7316, 0x9f93983c), - TOBN(0x51b2184a, 0xdf423e31), TOBN(0xcb417291, 0xaedb1a10), - TOBN(0x2054ca93, 0x625bcab9), TOBN(0x54396860, 0xa98998f0), - TOBN(0x4e53f6c4, 0xa54ae57e), TOBN(0x0ffeb590, 0xee648e9d), - TOBN(0xfbbdaadc, 0x6afaf6bc), TOBN(0xf88ae796, 0xaa3bfb8a), - TOBN(0x209f1d44, 0xd2359ed9), TOBN(0xac68dd03, 0xf3544ce2), - TOBN(0xf378da47, 0xfd51e569), TOBN(0xe1abd860, 0x2cc80097), - TOBN(0x23ca18d9, 0x343b6e3a), TOBN(0x480797e8, 0xb40a1bae), - TOBN(0xd1f0c717, 0x533f3e67), TOBN(0x44896970, 0x06e6cdfc), - TOBN(0x8ca21055, 0x52a82e8d), TOBN(0xb2caf785, 0x78460cdc), - TOBN(0x4c1b7b62, 0xe9037178), TOBN(0xefc09d2c, 0xdb514b58), - TOBN(0x5f2df9ee, 0x9113be5c), TOBN(0x2fbda78f, 0xb3f9271c), - TOBN(0xe09a81af, 0x8f83fc54), TOBN(0x06b13866, 0x8afb5141), - TOBN(0x38f6480f, 0x43e3865d), TOBN(0x72dd77a8, 0x1ddf47d9), - TOBN(0xf2a8e971, 0x4c205ff7), TOBN(0x46d449d8, 0x9d088ad8), - TOBN(0x926619ea, 0x185d706f), TOBN(0xe47e02eb, 0xc7dd7f62), - TOBN(0xe7f120a7, 0x8cbc2031), TOBN(0xc18bef00, 0x998d4ac9), - TOBN(0x18f37a9c, 0x6bdf22da), TOBN(0xefbc432f, 0x90dc82df), - TOBN(0xc52cef8e, 0x5d703651), TOBN(0x82887ba0, 0xd99881a5), - TOBN(0x7cec9dda, 0xb920ec1d), TOBN(0xd0d7e8c3, 0xec3e8d3b), - TOBN(0x445bc395, 0x4ca88747), TOBN(0xedeaa2e0, 0x9fd53535), - TOBN(0x461b1d93, 0x6cc87475), TOBN(0xd92a52e2, 0x6d2383bd), - TOBN(0xfabccb59, 0xd7903546), TOBN(0x6111a761, 0x3d14b112), - TOBN(0x0ae584fe, 0xb3d5f612), TOBN(0x5ea69b8d, 0x60e828ec), - TOBN(0x6c078985, 0x54087030), TOBN(0x649cab04, 0xac4821fe), - TOBN(0x25ecedcf, 0x8bdce214), TOBN(0xb5622f72, 0x86af7361), - TOBN(0x0e1227aa, 0x7038b9e2), TOBN(0xd0efb273, 0xac20fa77), - TOBN(0x817ff88b, 0x79df975b), TOBN(0x856bf286, 0x1999503e), - TOBN(0xb4d5351f, 0x5038ec46), TOBN(0x740a52c5, 0xfc42af6e), - TOBN(0x2e38bb15, 0x2cbb1a3f), TOBN(0xc3eb99fe, 0x17a83429), - TOBN(0xca4fcbf1, 0xdd66bb74), TOBN(0x880784d6, 0xcde5e8fc), - TOBN(0xddc84c1c, 0xb4e7a0be), TOBN(0x8780510d, 0xbd15a72f), - TOBN(0x44bcf1af, 0x81ec30e1), TOBN(0x141e50a8, 0x0a61073e), - TOBN(0x0d955718, 0x47be87ae), TOBN(0x68a61417, 0xf76a4372), - TOBN(0xf57e7e87, 0xc607c3d3), TOBN(0x043afaf8, 0x5252f332), - TOBN(0xcc14e121, 0x1552a4d2), TOBN(0xb6dee692, 0xbb4d4ab4), - TOBN(0xb6ab74c8, 0xa03816a4), TOBN(0x84001ae4, 0x6f394a29), - TOBN(0x5bed8344, 0xd795fb45), TOBN(0x57326e7d, 0xb79f55a5), - TOBN(0xc9533ce0, 0x4accdffc), TOBN(0x53473caf, 0x3993fa04), - TOBN(0x7906eb93, 0xa13df4c8), TOBN(0xa73e51f6, 0x97cbe46f), - TOBN(0xd1ab3ae1, 0x0ae4ccf8), TOBN(0x25614508, 0x8a5b3dbc), - TOBN(0x61eff962, 0x11a71b27), TOBN(0xdf71412b, 0x6bb7fa39), - TOBN(0xb31ba6b8, 0x2bd7f3ef), TOBN(0xb0b9c415, 0x69180d29), - TOBN(0xeec14552, 0x014cdde5), TOBN(0x702c624b, 0x227b4bbb), - TOBN(0x2b15e8c2, 0xd3e988f3), TOBN(0xee3bcc6d, 0xa4f7fd04), - TOBN(0x9d00822a, 0x42ac6c85), TOBN(0x2db0cea6, 0x1df9f2b7), - TOBN(0xd7cad2ab, 0x42de1e58), TOBN(0x346ed526, 0x2d6fbb61), - TOBN(0xb3962995, 0x1a2faf09), TOBN(0x2fa8a580, 0x7c25612e), - TOBN(0x30ae04da, 0x7cf56490), TOBN(0x75662908, 0x0eea3961), - TOBN(0x3609f5c5, 0x3d080847), TOBN(0xcb081d39, 0x5241d4f6), - TOBN(0xb4fb3810, 0x77961a63), TOBN(0xc20c5984, 0x2abb66fc), - TOBN(0x3d40aa7c, 0xf902f245), TOBN(0x9cb12736, 0x4e536b1e), - TOBN(0x5eda24da, 0x99b3134f), TOBN(0xafbd9c69, 0x5cd011af), - TOBN(0x9a16e30a, 0xc7088c7d), TOBN(0x5ab65710, 0x3207389f), - TOBN(0x1b09547f, 0xe7407a53), TOBN(0x2322f9d7, 0x4fdc6eab), - TOBN(0xc0f2f22d, 0x7430de4d), TOBN(0x19382696, 0xe68ca9a9), - TOBN(0x17f1eff1, 0x918e5868), TOBN(0xe3b5b635, 0x586f4204), - TOBN(0x146ef980, 0x3fbc4341), TOBN(0x359f2c80, 0x5b5eed4e), - TOBN(0x9f35744e, 0x7482e41d), TOBN(0x9a9ac3ec, 0xf3b224c2), - TOBN(0x9161a6fe, 0x91fc50ae), TOBN(0x89ccc66b, 0xc613fa7c), - TOBN(0x89268b14, 0xc732f15a), TOBN(0x7cd6f4e2, 0xb467ed03), - TOBN(0xfbf79869, 0xce56b40e), TOBN(0xf93e094c, 0xc02dde98), - TOBN(0xefe0c3a8, 0xedee2cd7), TOBN(0x90f3ffc0, 0xb268fd42), - TOBN(0x81a7fd56, 0x08241aed), TOBN(0x95ab7ad8, 0x00b1afe8), - TOBN(0x40127056, 0x3e310d52), TOBN(0xd3ffdeb1, 0x09d9fc43), - TOBN(0xc8f85c91, 0xd11a8594), TOBN(0x2e74d258, 0x31cf6db8), - TOBN(0x829c7ca3, 0x02b5dfd0), TOBN(0xe389cfbe, 0x69143c86), - TOBN(0xd01b6405, 0x941768d8), TOBN(0x45103995, 0x03bf825d), - TOBN(0xcc4ee166, 0x56cd17e2), TOBN(0xbea3c283, 0xba037e79), - TOBN(0x4e1ac06e, 0xd9a47520), TOBN(0xfbfe18aa, 0xaf852404), - TOBN(0x5615f8e2, 0x8087648a), TOBN(0x7301e47e, 0xb9d150d9), - TOBN(0x79f9f9dd, 0xb299b977), TOBN(0x76697a7b, 0xa5b78314), - TOBN(0x10d67468, 0x7d7c90e7), TOBN(0x7afffe03, 0x937210b5), - TOBN(0x5aef3e4b, 0x28c22cee), TOBN(0xefb0ecd8, 0x09fd55ae), - TOBN(0x4cea7132, 0x0d2a5d6a), TOBN(0x9cfb5fa1, 0x01db6357), - TOBN(0x395e0b57, 0xf36e1ac5), TOBN(0x008fa9ad, 0x36cafb7d), - TOBN(0x8f6cdf70, 0x5308c4db), TOBN(0x51527a37, 0x95ed2477), - TOBN(0xba0dee30, 0x5bd21311), TOBN(0x6ed41b22, 0x909c90d7), - TOBN(0xc5f6b758, 0x7c8696d3), TOBN(0x0db8eaa8, 0x3ce83a80), - TOBN(0xd297fe37, 0xb24b4b6f), TOBN(0xfe58afe8, 0x522d1f0d), - TOBN(0x97358736, 0x8c98dbd9), TOBN(0x6bc226ca, 0x9454a527), - TOBN(0xa12b384e, 0xce53c2d0), TOBN(0x779d897d, 0x5e4606da), - TOBN(0xa53e47b0, 0x73ec12b0), TOBN(0x462dbbba, 0x5756f1ad), - TOBN(0x69fe09f2, 0xcafe37b6), TOBN(0x273d1ebf, 0xecce2e17), - TOBN(0x8ac1d538, 0x3cf607fd), TOBN(0x8035f7ff, 0x12e10c25),} - , - {TOBN(0x854d34c7, 0x7e6c5520), TOBN(0xc27df9ef, 0xdcb9ea58), - TOBN(0x405f2369, 0xd686666d), TOBN(0x29d1febf, 0x0417aa85), - TOBN(0x9846819e, 0x93470afe), TOBN(0x3e6a9669, 0xe2a27f9e), - TOBN(0x24d008a2, 0xe31e6504), TOBN(0xdba7cecf, 0x9cb7680a), - TOBN(0xecaff541, 0x338d6e43), TOBN(0x56f7dd73, 0x4541d5cc), - TOBN(0xb5d426de, 0x96bc88ca), TOBN(0x48d94f6b, 0x9ed3a2c3), - TOBN(0x6354a3bb, 0x2ef8279c), TOBN(0xd575465b, 0x0b1867f2), - TOBN(0xef99b0ff, 0x95225151), TOBN(0xf3e19d88, 0xf94500d8), - TOBN(0x92a83268, 0xe32dd620), TOBN(0x913ec99f, 0x627849a2), - TOBN(0xedd8fdfa, 0x2c378882), TOBN(0xaf96f33e, 0xee6f8cfe), - TOBN(0xc06737e5, 0xdc3fa8a5), TOBN(0x236bb531, 0xb0b03a1d), - TOBN(0x33e59f29, 0x89f037b0), TOBN(0x13f9b5a7, 0xd9a12a53), - TOBN(0x0d0df6ce, 0x51efb310), TOBN(0xcb5b2eb4, 0x958df5be), - TOBN(0xd6459e29, 0x36158e59), TOBN(0x82aae2b9, 0x1466e336), - TOBN(0xfb658a39, 0x411aa636), TOBN(0x7152ecc5, 0xd4c0a933), - TOBN(0xf10c758a, 0x49f026b7), TOBN(0xf4837f97, 0xcb09311f), - TOBN(0xddfb02c4, 0xc753c45f), TOBN(0x18ca81b6, 0xf9c840fe), - TOBN(0x846fd09a, 0xb0f8a3e6), TOBN(0xb1162add, 0xe7733dbc), - TOBN(0x7070ad20, 0x236e3ab6), TOBN(0xf88cdaf5, 0xb2a56326), - TOBN(0x05fc8719, 0x997cbc7a), TOBN(0x442cd452, 0x4b665272), - TOBN(0x7807f364, 0xb71698f5), TOBN(0x6ba418d2, 0x9f7b605e), - TOBN(0xfd20b00f, 0xa03b2cbb), TOBN(0x883eca37, 0xda54386f), - TOBN(0xff0be43f, 0xf3437f24), TOBN(0xe910b432, 0xa48bb33c), - TOBN(0x4963a128, 0x329df765), TOBN(0xac1dd556, 0xbe2fe6f7), - TOBN(0x557610f9, 0x24a0a3fc), TOBN(0x38e17bf4, 0xe881c3f9), - TOBN(0x6ba84faf, 0xed0dac99), TOBN(0xd4a222c3, 0x59eeb918), - TOBN(0xc79c1dbe, 0x13f542b6), TOBN(0x1fc65e0d, 0xe425d457), - TOBN(0xeffb754f, 0x1debb779), TOBN(0x638d8fd0, 0x9e08af60), - TOBN(0x994f523a, 0x626332d5), TOBN(0x7bc38833, 0x5561bb44), - TOBN(0x005ed4b0, 0x3d845ea2), TOBN(0xd39d3ee1, 0xc2a1f08a), - TOBN(0x6561fdd3, 0xe7676b0d), TOBN(0x620e35ff, 0xfb706017), - TOBN(0x36ce424f, 0xf264f9a8), TOBN(0xc4c3419f, 0xda2681f7), - TOBN(0xfb6afd2f, 0x69beb6e8), TOBN(0x3a50b993, 0x6d700d03), - TOBN(0xc840b2ad, 0x0c83a14f), TOBN(0x573207be, 0x54085bef), - TOBN(0x5af882e3, 0x09fe7e5b), TOBN(0x957678a4, 0x3b40a7e1), - TOBN(0x172d4bdd, 0x543056e2), TOBN(0x9c1b26b4, 0x0df13c0a), - TOBN(0x1c30861c, 0xf405ff06), TOBN(0xebac86bd, 0x486e828b), - TOBN(0xe791a971, 0x636933fc), TOBN(0x50e7c2be, 0x7aeee947), - TOBN(0xc3d4a095, 0xfa90d767), TOBN(0xae60eb7b, 0xe670ab7b), - TOBN(0x17633a64, 0x397b056d), TOBN(0x93a21f33, 0x105012aa), - TOBN(0x663c370b, 0xabb88643), TOBN(0x91df36d7, 0x22e21599), - TOBN(0x183ba835, 0x8b761671), TOBN(0x381eea1d, 0x728f3bf1), - TOBN(0xb9b2f1ba, 0x39966e6c), TOBN(0x7c464a28, 0xe7295492), - TOBN(0x0fd5f70a, 0x09b26b7f), TOBN(0xa9aba1f9, 0xfbe009df), - TOBN(0x857c1f22, 0x369b87ad), TOBN(0x3c00e5d9, 0x32fca556), - TOBN(0x1ad74cab, 0x90b06466), TOBN(0xa7112386, 0x550faaf2), - TOBN(0x7435e198, 0x6d9bd5f5), TOBN(0x2dcc7e38, 0x59c3463f), - TOBN(0xdc7df748, 0xca7bd4b2), TOBN(0x13cd4c08, 0x9dec2f31), - TOBN(0x0d3b5df8, 0xe3237710), TOBN(0x0dadb26e, 0xcbd2f7b0), - TOBN(0x9f5966ab, 0xe4aa082b), TOBN(0x666ec8de, 0x350e966e), - TOBN(0x1bfd1ed5, 0xee524216), TOBN(0xcd93c59b, 0x41dab0b6), - TOBN(0x658a8435, 0xd186d6ba), TOBN(0x1b7d34d2, 0x159d1195), - TOBN(0x5936e460, 0x22caf46b), TOBN(0x6a45dd8f, 0x9a96fe4f), - TOBN(0xf7925434, 0xb98f474e), TOBN(0x41410412, 0x0053ef15), - TOBN(0x71cf8d12, 0x41de97bf), TOBN(0xb8547b61, 0xbd80bef4), - TOBN(0xb47d3970, 0xc4db0037), TOBN(0xf1bcd328, 0xfef20dff), - TOBN(0x31a92e09, 0x10caad67), TOBN(0x1f591960, 0x5531a1e1), - TOBN(0x3bb852e0, 0x5f4fc840), TOBN(0x63e297ca, 0x93a72c6c), - TOBN(0x3c2b0b2e, 0x49abad67), TOBN(0x6ec405fc, 0xed3db0d9), - TOBN(0xdc14a530, 0x7fef1d40), TOBN(0xccd19846, 0x280896fc), - TOBN(0x00f83176, 0x9bb81648), TOBN(0xd69eb485, 0x653120d0), - TOBN(0xd17d75f4, 0x4ccabc62), TOBN(0x34a07f82, 0xb749fcb1), - TOBN(0x2c3af787, 0xbbfb5554), TOBN(0xb06ed4d0, 0x62e283f8), - TOBN(0x5722889f, 0xa19213a0), TOBN(0x162b085e, 0xdcf3c7b4), - TOBN(0xbcaecb31, 0xe0dd3eca), TOBN(0xc6237fbc, 0xe52f13a5), - TOBN(0xcc2b6b03, 0x27bac297), TOBN(0x2ae1cac5, 0xb917f54a), - TOBN(0x474807d4, 0x7845ae4f), TOBN(0xfec7dd92, 0xce5972e0), - TOBN(0xc3bd2541, 0x1d7915bb), TOBN(0x66f85dc4, 0xd94907ca), - TOBN(0xd981b888, 0xbdbcf0ca), TOBN(0xd75f5da6, 0xdf279e9f), - TOBN(0x128bbf24, 0x7054e934), TOBN(0x3c6ff6e5, 0x81db134b), - TOBN(0x795b7cf4, 0x047d26e4), TOBN(0xf370f7b8, 0x5049ec37), - TOBN(0xc6712d4d, 0xced945af), TOBN(0xdf30b5ec, 0x095642bc), - TOBN(0x9b034c62, 0x4896246e), TOBN(0x5652c016, 0xee90bbd1), - TOBN(0xeb38636f, 0x87fedb73), TOBN(0x5e32f847, 0x0135a613), - TOBN(0x0703b312, 0xcf933c83), TOBN(0xd05bb76e, 0x1a7f47e6), - TOBN(0x825e4f0c, 0x949c2415), TOBN(0x569e5622, 0x7250d6f8), - TOBN(0xbbe9eb3a, 0x6568013e), TOBN(0x8dbd203f, 0x22f243fc), - TOBN(0x9dbd7694, 0xb342734a), TOBN(0x8f6d12f8, 0x46afa984), - TOBN(0xb98610a2, 0xc9eade29), TOBN(0xbab4f323, 0x47dd0f18), - TOBN(0x5779737b, 0x671c0d46), TOBN(0x10b6a7c6, 0xd3e0a42a), - TOBN(0xfb19ddf3, 0x3035b41c), TOBN(0xd336343f, 0x99c45895), - TOBN(0x61fe4938, 0x54c857e5), TOBN(0xc4d506be, 0xae4e57d5), - TOBN(0x3cd8c8cb, 0xbbc33f75), TOBN(0x7281f08a, 0x9262c77d), - TOBN(0x083f4ea6, 0xf11a2823), TOBN(0x8895041e, 0x9fba2e33), - TOBN(0xfcdfea49, 0x9c438edf), TOBN(0x7678dcc3, 0x91edba44), - TOBN(0xf07b3b87, 0xe2ba50f0), TOBN(0xc13888ef, 0x43948c1b), - TOBN(0xc2135ad4, 0x1140af42), TOBN(0x8e5104f3, 0x926ed1a7), - TOBN(0xf24430cb, 0x88f6695f), TOBN(0x0ce0637b, 0x6d73c120), - TOBN(0xb2db01e6, 0xfe631e8f), TOBN(0x1c5563d7, 0xd7bdd24b), - TOBN(0x8daea3ba, 0x369ad44f), TOBN(0x000c81b6, 0x8187a9f9), - TOBN(0x5f48a951, 0xaae1fd9a), TOBN(0xe35626c7, 0x8d5aed8a), - TOBN(0x20952763, 0x0498c622), TOBN(0x76d17634, 0x773aa504), - TOBN(0x36d90dda, 0xeb300f7a), TOBN(0x9dcf7dfc, 0xedb5e801), - TOBN(0x645cb268, 0x74d5244c), TOBN(0xa127ee79, 0x348e3aa2), - TOBN(0x488acc53, 0x575f1dbb), TOBN(0x95037e85, 0x80e6161e), - TOBN(0x57e59283, 0x292650d0), TOBN(0xabe67d99, 0x14938216), - TOBN(0x3c7f944b, 0x3f8e1065), TOBN(0xed908cb6, 0x330e8924), - TOBN(0x08ee8fd5, 0x6f530136), TOBN(0x2227b7d5, 0xd7ffc169), - TOBN(0x4f55c893, 0xb5cd6dd5), TOBN(0x82225e11, 0xa62796e8), - TOBN(0x5c6cead1, 0xcb18e12c), TOBN(0x4381ae0c, 0x84f5a51a), - TOBN(0x345913d3, 0x7fafa4c8), TOBN(0x3d918082, 0x0491aac0), - TOBN(0x9347871f, 0x3e69264c), TOBN(0xbea9dd3c, 0xb4f4f0cd), - TOBN(0xbda5d067, 0x3eadd3e7), TOBN(0x0033c1b8, 0x0573bcd8), - TOBN(0x25589379, 0x5da2486c), TOBN(0xcb89ee5b, 0x86abbee7), - TOBN(0x8fe0a8f3, 0x22532e5d), TOBN(0xb6410ff0, 0x727dfc4c), - TOBN(0x619b9d58, 0x226726db), TOBN(0x5ec25669, 0x7a2b2dc7), - TOBN(0xaf4d2e06, 0x4c3beb01), TOBN(0x852123d0, 0x7acea556), - TOBN(0x0e9470fa, 0xf783487a), TOBN(0x75a7ea04, 0x5664b3eb), - TOBN(0x4ad78f35, 0x6798e4ba), TOBN(0x9214e6e5, 0xc7d0e091), - TOBN(0xc420b488, 0xb1290403), TOBN(0x64049e0a, 0xfc295749), - TOBN(0x03ef5af1, 0x3ae9841f), TOBN(0xdbe4ca19, 0xb0b662a6), - TOBN(0x46845c5f, 0xfa453458), TOBN(0xf8dabf19, 0x10b66722), - TOBN(0xb650f0aa, 0xcce2793b), TOBN(0x71db851e, 0xc5ec47c1), - TOBN(0x3eb78f3e, 0x3b234fa9), TOBN(0xb0c60f35, 0xfc0106ce), - TOBN(0x05427121, 0x774eadbd), TOBN(0x25367faf, 0xce323863), - TOBN(0x7541b5c9, 0xcd086976), TOBN(0x4ff069e2, 0xdc507ad1), - TOBN(0x74145256, 0x8776e667), TOBN(0x6e76142c, 0xb23c6bb5), - TOBN(0xdbf30712, 0x1b3a8a87), TOBN(0x60e7363e, 0x98450836), - TOBN(0x5741450e, 0xb7366d80), TOBN(0xe4ee14ca, 0x4837dbdf), - TOBN(0xa765eb9b, 0x69d4316f), TOBN(0x04548dca, 0x8ef43825), - TOBN(0x9c9f4e4c, 0x5ae888eb), TOBN(0x733abb51, 0x56e9ac99), - TOBN(0xdaad3c20, 0xba6ac029), TOBN(0x9b8dd3d3, 0x2ba3e38e), - TOBN(0xa9bb4c92, 0x0bc5d11a), TOBN(0xf20127a7, 0x9c5f88a3), - TOBN(0x4f52b06e, 0x161d3cb8), TOBN(0x26c1ff09, 0x6afaf0a6), - TOBN(0x32670d2f, 0x7189e71f), TOBN(0xc6438748, 0x5ecf91e7), - TOBN(0x15758e57, 0xdb757a21), TOBN(0x427d09f8, 0x290a9ce5), - TOBN(0x846a308f, 0x38384a7a), TOBN(0xaac3acb4, 0xb0732b99), - TOBN(0x9e941009, 0x17845819), TOBN(0x95cba111, 0xa7ce5e03), - TOBN(0x6f3d4f7f, 0xb00009c4), TOBN(0xb8396c27, 0x8ff28b5f), - TOBN(0xb1a9ae43, 0x1c97975d), TOBN(0x9d7ba8af, 0xe5d9fed5), - TOBN(0x338cf09f, 0x34f485b6), TOBN(0xbc0ddacc, 0x64122516), - TOBN(0xa450da12, 0x05d471fe), TOBN(0x4c3a6250, 0x628dd8c9), - TOBN(0x69c7d103, 0xd1295837), TOBN(0xa2893e50, 0x3807eb2f), - TOBN(0xd6e1e1de, 0xbdb41491), TOBN(0xc630745b, 0x5e138235), - TOBN(0xc892109e, 0x48661ae1), TOBN(0x8d17e7eb, 0xea2b2674), - TOBN(0x00ec0f87, 0xc328d6b5), TOBN(0x6d858645, 0xf079ff9e), - TOBN(0x6cdf243e, 0x19115ead), TOBN(0x1ce1393e, 0x4bac4fcf), - TOBN(0x2c960ed0, 0x9c29f25b), TOBN(0x59be4d8e, 0x9d388a05), - TOBN(0x0d46e06c, 0xd0def72b), TOBN(0xb923db5d, 0xe0342748), - TOBN(0xf7d3aacd, 0x936d4a3d), TOBN(0x558519cc, 0x0b0b099e), - TOBN(0x3ea8ebf8, 0x827097ef), TOBN(0x259353db, 0xd054f55d), - TOBN(0x84c89abc, 0x6d2ed089), TOBN(0x5c548b69, 0x8e096a7c), - TOBN(0xd587f616, 0x994b995d), TOBN(0x4d1531f6, 0xa5845601), - TOBN(0x792ab31e, 0x451fd9f0), TOBN(0xc8b57bb2, 0x65adf6ca), - TOBN(0x68440fcb, 0x1cd5ad73), TOBN(0xb9c860e6, 0x6144da4f), - TOBN(0x2ab286aa, 0x8462beb8), TOBN(0xcc6b8fff, 0xef46797f), - TOBN(0xac820da4, 0x20c8a471), TOBN(0x69ae05a1, 0x77ff7faf), - TOBN(0xb9163f39, 0xbfb5da77), TOBN(0xbd03e590, 0x2c73ab7a), - TOBN(0x7e862b5e, 0xb2940d9e), TOBN(0x3c663d86, 0x4b9af564), - TOBN(0xd8309031, 0xbde3033d), TOBN(0x298231b2, 0xd42c5bc6), - TOBN(0x42090d2c, 0x552ad093), TOBN(0xa4799d1c, 0xff854695), - TOBN(0x0a88b5d6, 0xd31f0d00), TOBN(0xf8b40825, 0xa2f26b46), - TOBN(0xec29b1ed, 0xf1bd7218), TOBN(0xd491c53b, 0x4b24c86e), - TOBN(0xd2fe588f, 0x3395ea65), TOBN(0x6f3764f7, 0x4456ef15), - TOBN(0xdb43116d, 0xcdc34800), TOBN(0xcdbcd456, 0xc1e33955), - TOBN(0xefdb5540, 0x74ab286b), TOBN(0x948c7a51, 0xd18c5d7c), - TOBN(0xeb81aa37, 0x7378058e), TOBN(0x41c746a1, 0x04411154), - TOBN(0xa10c73bc, 0xfb828ac7), TOBN(0x6439be91, 0x9d972b29), - TOBN(0x4bf3b4b0, 0x43a2fbad), TOBN(0x39e6dadf, 0x82b5e840), - TOBN(0x4f716408, 0x6397bd4c), TOBN(0x0f7de568, 0x7f1eeccb), - TOBN(0x5865c5a1, 0xd2ffbfc1), TOBN(0xf74211fa, 0x4ccb6451), - TOBN(0x66368a88, 0xc0b32558), TOBN(0x5b539dc2, 0x9ad7812e), - TOBN(0x579483d0, 0x2f3af6f6), TOBN(0x52132078, 0x99934ece), - TOBN(0x50b9650f, 0xdcc9e983), TOBN(0xca989ec9, 0xaee42b8a), - TOBN(0x6a44c829, 0xd6f62f99), TOBN(0x8f06a309, 0x4c2a7c0c), - TOBN(0x4ea2b3a0, 0x98a0cb0a), TOBN(0x5c547b70, 0xbeee8364), - TOBN(0x461d40e1, 0x682afe11), TOBN(0x9e0fc77a, 0x7b41c0a8), - TOBN(0x79e4aefd, 0xe20d5d36), TOBN(0x2916e520, 0x32dd9f63), - TOBN(0xf59e52e8, 0x3f883faf), TOBN(0x396f9639, 0x2b868d35), - TOBN(0xc902a9df, 0x4ca19881), TOBN(0x0fc96822, 0xdb2401a6), - TOBN(0x41237587, 0x66f1c68d), TOBN(0x10fc6de3, 0xfb476c0d), - TOBN(0xf8b6b579, 0x841f5d90), TOBN(0x2ba8446c, 0xfa24f44a), - TOBN(0xa237b920, 0xef4a9975), TOBN(0x60bb6004, 0x2330435f), - TOBN(0xd6f4ab5a, 0xcfb7e7b5), TOBN(0xb2ac5097, 0x83435391), - TOBN(0xf036ee2f, 0xb0d1ea67), TOBN(0xae779a6a, 0x74c56230), - TOBN(0x59bff8c8, 0xab838ae6), TOBN(0xcd83ca99, 0x9b38e6f0), - TOBN(0xbb27bef5, 0xe33deed3), TOBN(0xe6356f6f, 0x001892a8), - TOBN(0xbf3be6cc, 0x7adfbd3e), TOBN(0xaecbc81c, 0x33d1ac9d), - TOBN(0xe4feb909, 0xe6e861dc), TOBN(0x90a247a4, 0x53f5f801), - TOBN(0x01c50acb, 0x27346e57), TOBN(0xce29242e, 0x461acc1b), - TOBN(0x04dd214a, 0x2f998a91), TOBN(0x271ee9b1, 0xd4baf27b), - TOBN(0x7e3027d1, 0xe8c26722), TOBN(0x21d1645c, 0x1820dce5), - TOBN(0x086f242c, 0x7501779c), TOBN(0xf0061407, 0xfa0e8009), - TOBN(0xf23ce477, 0x60187129), TOBN(0x05bbdedb, 0x0fde9bd0), - TOBN(0x682f4832, 0x25d98473), TOBN(0xf207fe85, 0x5c658427), - TOBN(0xb6fdd7ba, 0x4166ffa1), TOBN(0x0c314056, 0x9eed799d), - TOBN(0x0db8048f, 0x4107e28f), TOBN(0x74ed3871, 0x41216840), - TOBN(0x74489f8f, 0x56a3c06e), TOBN(0x1e1c005b, 0x12777134), - TOBN(0xdb332a73, 0xf37ec3c3), TOBN(0xc65259bd, 0xdd59eba0), - TOBN(0x2291709c, 0xdb4d3257), TOBN(0x9a793b25, 0xbd389390), - TOBN(0xf39fe34b, 0xe43756f0), TOBN(0x2f76bdce, 0x9afb56c9), - TOBN(0x9f37867a, 0x61208b27), TOBN(0xea1d4307, 0x089972c3), - TOBN(0x8c595330, 0x8bdf623a), TOBN(0x5f5accda, 0x8441fb7d), - TOBN(0xfafa9418, 0x32ddfd95), TOBN(0x6ad40c5a, 0x0fde9be7), - TOBN(0x43faba89, 0xaeca8709), TOBN(0xc64a7cf1, 0x2c248a9d), - TOBN(0x16620252, 0x72637a76), TOBN(0xaee1c791, 0x22b8d1bb), - TOBN(0xf0f798fd, 0x21a843b2), TOBN(0x56e4ed4d, 0x8d005cb1), - TOBN(0x355f7780, 0x1f0d8abe), TOBN(0x197b04cf, 0x34522326), - TOBN(0x41f9b31f, 0xfd42c13f), TOBN(0x5ef7feb2, 0xb40f933d), - TOBN(0x27326f42, 0x5d60bad4), TOBN(0x027ecdb2, 0x8c92cf89), - TOBN(0x04aae4d1, 0x4e3352fe), TOBN(0x08414d2f, 0x73591b90), - TOBN(0x5ed6124e, 0xb7da7d60), TOBN(0xb985b931, 0x4d13d4ec), - TOBN(0xa592d3ab, 0x96bf36f9), TOBN(0x012dbed5, 0xbbdf51df), - TOBN(0xa57963c0, 0xdf6c177d), TOBN(0x010ec869, 0x87ca29cf), - TOBN(0xba1700f6, 0xbf926dff), TOBN(0x7c9fdbd1, 0xf4bf6bc2), - TOBN(0xdc18dc8f, 0x64da11f5), TOBN(0xa6074b7a, 0xd938ae75), - TOBN(0x14270066, 0xe84f44a4), TOBN(0x99998d38, 0xd27b954e), - TOBN(0xc1be8ab2, 0xb4f38e9a), TOBN(0x8bb55bbf, 0x15c01016), - TOBN(0xf73472b4, 0x0ea2ab30), TOBN(0xd365a340, 0xf73d68dd), - TOBN(0xc01a7168, 0x19c2e1eb), TOBN(0x32f49e37, 0x34061719), - TOBN(0xb73c57f1, 0x01d8b4d6), TOBN(0x03c8423c, 0x26b47700), - TOBN(0x321d0bc8, 0xa4d8826a), TOBN(0x6004213c, 0x4bc0e638), - TOBN(0xf78c64a1, 0xc1c06681), TOBN(0x16e0a16f, 0xef018e50), - TOBN(0x31cbdf91, 0xdb42b2b3), TOBN(0xf8f4ffce, 0xe0d36f58), - TOBN(0xcdcc71cd, 0x4cc5e3e0), TOBN(0xd55c7cfa, 0xa129e3e0), - TOBN(0xccdb6ba0, 0x0fb2cbf1), TOBN(0x6aba0005, 0xc4bce3cb), - TOBN(0x501cdb30, 0xd232cfc4), TOBN(0x9ddcf12e, 0xd58a3cef), - TOBN(0x02d2cf9c, 0x87e09149), TOBN(0xdc5d7ec7, 0x2c976257), - TOBN(0x6447986e, 0x0b50d7dd), TOBN(0x88fdbaf7, 0x807f112a), - TOBN(0x58c9822a, 0xb00ae9f6), TOBN(0x6abfb950, 0x6d3d27e0), - TOBN(0xd0a74487, 0x8a429f4f), TOBN(0x0649712b, 0xdb516609), - TOBN(0xb826ba57, 0xe769b5df), TOBN(0x82335df2, 0x1fc7aaf2), - TOBN(0x2389f067, 0x5c93d995), TOBN(0x59ac367a, 0x68677be6), - TOBN(0xa77985ff, 0x21d9951b), TOBN(0x038956fb, 0x85011cce), - TOBN(0x608e48cb, 0xbb734e37), TOBN(0xc08c0bf2, 0x2be5b26f), - TOBN(0x17bbdd3b, 0xf9b1a0d9), TOBN(0xeac7d898, 0x10483319), - TOBN(0xc95c4baf, 0xbc1a6dea), TOBN(0xfdd0e2bf, 0x172aafdb), - TOBN(0x40373cbc, 0x8235c41a), TOBN(0x14303f21, 0xfb6f41d5), - TOBN(0xba063621, 0x0408f237), TOBN(0xcad3b09a, 0xecd2d1ed), - TOBN(0x4667855a, 0x52abb6a2), TOBN(0xba9157dc, 0xaa8b417b), - TOBN(0xfe7f3507, 0x4f013efb), TOBN(0x1b112c4b, 0xaa38c4a2), - TOBN(0xa1406a60, 0x9ba64345), TOBN(0xe53cba33, 0x6993c80b), - TOBN(0x45466063, 0xded40d23), TOBN(0x3d5f1f4d, 0x54908e25), - TOBN(0x9ebefe62, 0x403c3c31), TOBN(0x274ea0b5, 0x0672a624), - TOBN(0xff818d99, 0x451d1b71), TOBN(0x80e82643, 0x8f79cf79), - TOBN(0xa165df13, 0x73ce37f5), TOBN(0xa744ef4f, 0xfe3a21fd), - TOBN(0x73f1e7f5, 0xcf551396), TOBN(0xc616898e, 0x868c676b), - TOBN(0x671c28c7, 0x8c442c36), TOBN(0xcfe5e558, 0x5e0a317d), - TOBN(0x1242d818, 0x7051f476), TOBN(0x56fad2a6, 0x14f03442), - TOBN(0x262068bc, 0x0a44d0f6), TOBN(0xdfa2cd6e, 0xce6edf4e), - TOBN(0x0f43813a, 0xd15d1517), TOBN(0x61214cb2, 0x377d44f5), - TOBN(0xd399aa29, 0xc639b35f), TOBN(0x42136d71, 0x54c51c19), - TOBN(0x9774711b, 0x08417221), TOBN(0x0a5546b3, 0x52545a57), - TOBN(0x80624c41, 0x1150582d), TOBN(0x9ec5c418, 0xfbc555bc), - TOBN(0x2c87dcad, 0x771849f1), TOBN(0xb0c932c5, 0x01d7bf6f), - TOBN(0x6aa5cd3e, 0x89116eb2), TOBN(0xd378c25a, 0x51ca7bd3), - TOBN(0xc612a0da, 0x9e6e3e31), TOBN(0x0417a54d, 0xb68ad5d0), - TOBN(0x00451e4a, 0x22c6edb8), TOBN(0x9fbfe019, 0xb42827ce), - TOBN(0x2fa92505, 0xba9384a2), TOBN(0x21b8596e, 0x64ad69c1), - TOBN(0x8f4fcc49, 0x983b35a6), TOBN(0xde093760, 0x72754672), - TOBN(0x2f14ccc8, 0xf7bffe6d), TOBN(0x27566bff, 0x5d94263d), - TOBN(0xb5b4e9c6, 0x2df3ec30), TOBN(0x94f1d7d5, 0x3e6ea6ba), - TOBN(0x97b7851a, 0xaaca5e9b), TOBN(0x518aa521, 0x56713b97), - TOBN(0x3357e8c7, 0x150a61f6), TOBN(0x7842e7e2, 0xec2c2b69), - TOBN(0x8dffaf65, 0x6868a548), TOBN(0xd963bd82, 0xe068fc81), - TOBN(0x64da5c8b, 0x65917733), TOBN(0x927090ff, 0x7b247328),} - , - {TOBN(0x214bc9a7, 0xd298c241), TOBN(0xe3b697ba, 0x56807cfd), - TOBN(0xef1c7802, 0x4564eadb), TOBN(0xdde8cdcf, 0xb48149c5), - TOBN(0x946bf0a7, 0x5a4d2604), TOBN(0x27154d7f, 0x6c1538af), - TOBN(0x95cc9230, 0xde5b1fcc), TOBN(0xd88519e9, 0x66864f82), - TOBN(0xb828dd1a, 0x7cb1282c), TOBN(0xa08d7626, 0xbe46973a), - TOBN(0x6baf8d40, 0xe708d6b2), TOBN(0x72571fa1, 0x4daeb3f3), - TOBN(0x85b1732f, 0xf22dfd98), TOBN(0x87ab01a7, 0x0087108d), - TOBN(0xaaaafea8, 0x5988207a), TOBN(0xccc832f8, 0x69f00755), - TOBN(0x964d950e, 0x36ff3bf0), TOBN(0x8ad20f6f, 0xf0b34638), - TOBN(0x4d9177b3, 0xb5d7585f), TOBN(0xcf839760, 0xef3f019f), - TOBN(0x582fc5b3, 0x8288c545), TOBN(0x2f8e4e9b, 0x13116bd1), - TOBN(0xf91e1b2f, 0x332120ef), TOBN(0xcf568724, 0x2a17dd23), - TOBN(0x488f1185, 0xca8d9d1a), TOBN(0xadf2c77d, 0xd987ded2), - TOBN(0x5f3039f0, 0x60c46124), TOBN(0xe5d70b75, 0x71e095f4), - TOBN(0x82d58650, 0x6260e70f), TOBN(0x39d75ea7, 0xf750d105), - TOBN(0x8cf3d0b1, 0x75bac364), TOBN(0xf3a7564d, 0x21d01329), - TOBN(0x182f04cd, 0x2f52d2a7), TOBN(0x4fde149a, 0xe2df565a), - TOBN(0xb80c5eec, 0xa79fb2f7), TOBN(0xab491d7b, 0x22ddc897), - TOBN(0x99d76c18, 0xc6312c7f), TOBN(0xca0d5f3d, 0x6aa41a57), - TOBN(0x71207325, 0xd15363a0), TOBN(0xe82aa265, 0xbeb252c2), - TOBN(0x94ab4700, 0xec3128c2), TOBN(0x6c76d862, 0x8e383f49), - TOBN(0xdc36b150, 0xc03024eb), TOBN(0xfb439477, 0x53daac69), - TOBN(0xfc68764a, 0x8dc79623), TOBN(0x5b86995d, 0xb440fbb2), - TOBN(0xd66879bf, 0xccc5ee0d), TOBN(0x05228942, 0x95aa8bd3), - TOBN(0xb51a40a5, 0x1e6a75c1), TOBN(0x24327c76, 0x0ea7d817), - TOBN(0x06630182, 0x07774597), TOBN(0xd6fdbec3, 0x97fa7164), - TOBN(0x20c99dfb, 0x13c90f48), TOBN(0xd6ac5273, 0x686ef263), - TOBN(0xc6a50bdc, 0xfef64eeb), TOBN(0xcd87b281, 0x86fdfc32), - TOBN(0xb24aa43e, 0x3fcd3efc), TOBN(0xdd26c034, 0xb8088e9a), - TOBN(0xa5ef4dc9, 0xbd3d46ea), TOBN(0xa2f99d58, 0x8a4c6a6f), - TOBN(0xddabd355, 0x2f1da46c), TOBN(0x72c3f8ce, 0x1afacdd1), - TOBN(0xd90c4eee, 0x92d40578), TOBN(0xd28bb41f, 0xca623b94), - TOBN(0x50fc0711, 0x745edc11), TOBN(0x9dd9ad7d, 0x3dc87558), - TOBN(0xce6931fb, 0xb49d1e64), TOBN(0x6c77a0a2, 0xc98bd0f9), - TOBN(0x62b9a629, 0x6baf7cb1), TOBN(0xcf065f91, 0xccf72d22), - TOBN(0x7203cce9, 0x79639071), TOBN(0x09ae4885, 0xf9cb732f), - TOBN(0x5e7c3bec, 0xee8314f3), TOBN(0x1c068aed, 0xdbea298f), - TOBN(0x08d381f1, 0x7c80acec), TOBN(0x03b56be8, 0xe330495b), - TOBN(0xaeffb8f2, 0x9222882d), TOBN(0x95ff38f6, 0xc4af8bf7), - TOBN(0x50e32d35, 0x1fc57d8c), TOBN(0x6635be52, 0x17b444f0), - TOBN(0x04d15276, 0xa5177900), TOBN(0x4e1dbb47, 0xf6858752), - TOBN(0x5b475622, 0xc615796c), TOBN(0xa6fa0387, 0x691867bf), - TOBN(0xed7f5d56, 0x2844c6d0), TOBN(0xc633cf9b, 0x03a2477d), - TOBN(0xf6be5c40, 0x2d3721d6), TOBN(0xaf312eb7, 0xe9fd68e6), - TOBN(0x242792d2, 0xe7417ce1), TOBN(0xff42bc71, 0x970ee7f5), - TOBN(0x1ff4dc6d, 0x5c67a41e), TOBN(0x77709b7b, 0x20882a58), - TOBN(0x3554731d, 0xbe217f2c), TOBN(0x2af2a8cd, 0x5bb72177), - TOBN(0x58eee769, 0x591dd059), TOBN(0xbb2930c9, 0x4bba6477), - TOBN(0x863ee047, 0x7d930cfc), TOBN(0x4c262ad1, 0x396fd1f4), - TOBN(0xf4765bc8, 0x039af7e1), TOBN(0x2519834b, 0x5ba104f6), - TOBN(0x7cd61b4c, 0xd105f961), TOBN(0xa5415da5, 0xd63bca54), - TOBN(0x778280a0, 0x88a1f17c), TOBN(0xc4968949, 0x2329512c), - TOBN(0x174a9126, 0xcecdaa7a), TOBN(0xfc8c7e0e, 0x0b13247b), - TOBN(0x29c110d2, 0x3484c1c4), TOBN(0xf8eb8757, 0x831dfc3b), - TOBN(0x022f0212, 0xc0067452), TOBN(0x3f6f69ee, 0x7b9b926c), - TOBN(0x09032da0, 0xef42daf4), TOBN(0x79f00ade, 0x83f80de4), - TOBN(0x6210db71, 0x81236c97), TOBN(0x74f7685b, 0x3ee0781f), - TOBN(0x4df7da7b, 0xa3e41372), TOBN(0x2aae38b1, 0xb1a1553e), - TOBN(0x1688e222, 0xf6dd9d1b), TOBN(0x57695448, 0x5b8b6487), - TOBN(0x478d2127, 0x4b2edeaa), TOBN(0xb2818fa5, 0x1e85956a), - TOBN(0x1e6addda, 0xf176f2c0), TOBN(0x01ca4604, 0xe2572658), - TOBN(0x0a404ded, 0x85342ffb), TOBN(0x8cf60f96, 0x441838d6), - TOBN(0x9bbc691c, 0xc9071c4a), TOBN(0xfd588744, 0x34442803), - TOBN(0x97101c85, 0x809c0d81), TOBN(0xa7fb754c, 0x8c456f7f), - TOBN(0xc95f3c5c, 0xd51805e1), TOBN(0xab4ccd39, 0xb299dca8), - TOBN(0x3e03d20b, 0x47eaf500), TOBN(0xfa3165c1, 0xd7b80893), - TOBN(0x005e8b54, 0xe160e552), TOBN(0xdc4972ba, 0x9019d11f), - TOBN(0x21a6972e, 0x0c9a4a7a), TOBN(0xa52c258f, 0x37840fd7), - TOBN(0xf8559ff4, 0xc1e99d81), TOBN(0x08e1a7d6, 0xa3c617c0), - TOBN(0xb398fd43, 0x248c6ba7), TOBN(0x6ffedd91, 0xd1283794), - TOBN(0x8a6a59d2, 0xd629d208), TOBN(0xa9d141d5, 0x3490530e), - TOBN(0x42f6fc18, 0x38505989), TOBN(0x09bf250d, 0x479d94ee), - TOBN(0x223ad3b1, 0xb3822790), TOBN(0x6c5926c0, 0x93b8971c), - TOBN(0x609efc7e, 0x75f7fa62), TOBN(0x45d66a6d, 0x1ec2d989), - TOBN(0x4422d663, 0x987d2792), TOBN(0x4a73caad, 0x3eb31d2b), - TOBN(0xf06c2ac1, 0xa32cb9e6), TOBN(0xd9445c5f, 0x91aeba84), - TOBN(0x6af7a1d5, 0xaf71013f), TOBN(0xe68216e5, 0x0bedc946), - TOBN(0xf4cba30b, 0xd27370a0), TOBN(0x7981afbf, 0x870421cc), - TOBN(0x02496a67, 0x9449f0e1), TOBN(0x86cfc4be, 0x0a47edae), - TOBN(0x3073c936, 0xb1feca22), TOBN(0xf5694612, 0x03f8f8fb), - TOBN(0xd063b723, 0x901515ea), TOBN(0x4c6c77a5, 0x749cf038), - TOBN(0x6361e360, 0xab9e5059), TOBN(0x596cf171, 0xa76a37c0), - TOBN(0x800f53fa, 0x6530ae7a), TOBN(0x0f5e631e, 0x0792a7a6), - TOBN(0x5cc29c24, 0xefdb81c9), TOBN(0xa269e868, 0x3f9c40ba), - TOBN(0xec14f9e1, 0x2cb7191e), TOBN(0x78ea1bd8, 0xe5b08ea6), - TOBN(0x3c65aa9b, 0x46332bb9), TOBN(0x84cc22b3, 0xbf80ce25), - TOBN(0x0098e9e9, 0xd49d5bf1), TOBN(0xcd4ec1c6, 0x19087da4), - TOBN(0x3c9d07c5, 0xaef6e357), TOBN(0x839a0268, 0x9f8f64b8), - TOBN(0xc5e9eb62, 0xc6d8607f), TOBN(0x759689f5, 0x6aa995e4), - TOBN(0x70464669, 0xbbb48317), TOBN(0x921474bf, 0xe402417d), - TOBN(0xcabe135b, 0x2a354c8c), TOBN(0xd51e52d2, 0x812fa4b5), - TOBN(0xec741096, 0x53311fe8), TOBN(0x4f774535, 0xb864514b), - TOBN(0xbcadd671, 0x5bde48f8), TOBN(0xc9703873, 0x2189bc7d), - TOBN(0x5d45299e, 0xc709ee8a), TOBN(0xd1287ee2, 0x845aaff8), - TOBN(0x7d1f8874, 0xdb1dbf1f), TOBN(0xea46588b, 0x990c88d6), - TOBN(0x60ba649a, 0x84368313), TOBN(0xd5fdcbce, 0x60d543ae), - TOBN(0x90b46d43, 0x810d5ab0), TOBN(0x6739d8f9, 0x04d7e5cc), - TOBN(0x021c1a58, 0x0d337c33), TOBN(0x00a61162, 0x68e67c40), - TOBN(0x95ef413b, 0x379f0a1f), TOBN(0xfe126605, 0xe9e2ab95), - TOBN(0x67578b85, 0x2f5f199c), TOBN(0xf5c00329, 0x2cb84913), - TOBN(0xf7956430, 0x37577dd8), TOBN(0x83b82af4, 0x29c5fe88), - TOBN(0x9c1bea26, 0xcdbdc132), TOBN(0x589fa086, 0x9c04339e), - TOBN(0x033e9538, 0xb13799df), TOBN(0x85fa8b21, 0xd295d034), - TOBN(0xdf17f73f, 0xbd9ddcca), TOBN(0xf32bd122, 0xddb66334), - TOBN(0x55ef88a7, 0x858b044c), TOBN(0x1f0d69c2, 0x5aa9e397), - TOBN(0x55fd9cc3, 0x40d85559), TOBN(0xc774df72, 0x7785ddb2), - TOBN(0x5dcce9f6, 0xd3bd2e1c), TOBN(0xeb30da20, 0xa85dfed0), - TOBN(0x5ed7f5bb, 0xd3ed09c4), TOBN(0x7d42a35c, 0x82a9c1bd), - TOBN(0xcf3de995, 0x9890272d), TOBN(0x75f3432a, 0x3e713a10), - TOBN(0x5e13479f, 0xe28227b8), TOBN(0xb8561ea9, 0xfefacdc8), - TOBN(0xa6a297a0, 0x8332aafd), TOBN(0x9b0d8bb5, 0x73809b62), - TOBN(0xd2fa1cfd, 0x0c63036f), TOBN(0x7a16eb55, 0xbd64bda8), - TOBN(0x3f5cf5f6, 0x78e62ddc), TOBN(0x2267c454, 0x07fd752b), - TOBN(0x5e361b6b, 0x5e437bbe), TOBN(0x95c59501, 0x8354e075), - TOBN(0xec725f85, 0xf2b254d9), TOBN(0x844b617d, 0x2cb52b4e), - TOBN(0xed8554f5, 0xcf425fb5), TOBN(0xab67703e, 0x2af9f312), - TOBN(0x4cc34ec1, 0x3cf48283), TOBN(0xb09daa25, 0x9c8a705e), - TOBN(0xd1e9d0d0, 0x5b7d4f84), TOBN(0x4df6ef64, 0xdb38929d), - TOBN(0xe16b0763, 0xaa21ba46), TOBN(0xc6b1d178, 0xa293f8fb), - TOBN(0x0ff5b602, 0xd520aabf), TOBN(0x94d671bd, 0xc339397a), - TOBN(0x7c7d98cf, 0x4f5792fa), TOBN(0x7c5e0d67, 0x11215261), - TOBN(0x9b19a631, 0xa7c5a6d4), TOBN(0xc8511a62, 0x7a45274d), - TOBN(0x0c16621c, 0xa5a60d99), TOBN(0xf7fbab88, 0xcf5e48cb), - TOBN(0xab1e6ca2, 0xf7ddee08), TOBN(0x83bd08ce, 0xe7867f3c), - TOBN(0xf7e48e8a, 0x2ac13e27), TOBN(0x4494f6df, 0x4eb1a9f5), - TOBN(0xedbf84eb, 0x981f0a62), TOBN(0x49badc32, 0x536438f0), - TOBN(0x50bea541, 0x004f7571), TOBN(0xbac67d10, 0xdf1c94ee), - TOBN(0x253d73a1, 0xb727bc31), TOBN(0xb3d01cf2, 0x30686e28), - TOBN(0x51b77b1b, 0x55fd0b8b), TOBN(0xa099d183, 0xfeec3173), - TOBN(0x202b1fb7, 0x670e72b7), TOBN(0xadc88b33, 0xa8e1635f), - TOBN(0x34e8216a, 0xf989d905), TOBN(0xc2e68d20, 0x29b58d01), - TOBN(0x11f81c92, 0x6fe55a93), TOBN(0x15f1462a, 0x8f296f40), - TOBN(0x1915d375, 0xea3d62f2), TOBN(0xa17765a3, 0x01c8977d), - TOBN(0x7559710a, 0xe47b26f6), TOBN(0xe0bd29c8, 0x535077a5), - TOBN(0x615f976d, 0x08d84858), TOBN(0x370dfe85, 0x69ced5c1), - TOBN(0xbbc7503c, 0xa734fa56), TOBN(0xfbb9f1ec, 0x91ac4574), - TOBN(0x95d7ec53, 0x060dd7ef), TOBN(0xeef2dacd, 0x6e657979), - TOBN(0x54511af3, 0xe2a08235), TOBN(0x1e324aa4, 0x1f4aea3d), - TOBN(0x550e7e71, 0xe6e67671), TOBN(0xbccd5190, 0xbf52faf7), - TOBN(0xf880d316, 0x223cc62a), TOBN(0x0d402c7e, 0x2b32eb5d), - TOBN(0xa40bc039, 0x306a5a3b), TOBN(0x4e0a41fd, 0x96783a1b), - TOBN(0xa1e8d39a, 0x0253cdd4), TOBN(0x6480be26, 0xc7388638), - TOBN(0xee365e1d, 0x2285f382), TOBN(0x188d8d8f, 0xec0b5c36), - TOBN(0x34ef1a48, 0x1f0f4d82), TOBN(0x1a8f43e1, 0xa487d29a), - TOBN(0x8168226d, 0x77aefb3a), TOBN(0xf69a751e, 0x1e72c253), - TOBN(0x8e04359a, 0xe9594df1), TOBN(0x475ffd7d, 0xd14c0467), - TOBN(0xb5a2c2b1, 0x3844e95c), TOBN(0x85caf647, 0xdd12ef94), - TOBN(0x1ecd2a9f, 0xf1063d00), TOBN(0x1dd2e229, 0x23843311), - TOBN(0x38f0e09d, 0x73d17244), TOBN(0x3ede7746, 0x8fc653f1), - TOBN(0xae4459f5, 0xdc20e21c), TOBN(0x00db2ffa, 0x6a8599ea), - TOBN(0x11682c39, 0x30cfd905), TOBN(0x4934d074, 0xa5c112a6), - TOBN(0xbdf063c5, 0x568bfe95), TOBN(0x779a440a, 0x016c441a), - TOBN(0x0c23f218, 0x97d6fbdc), TOBN(0xd3a5cd87, 0xe0776aac), - TOBN(0xcee37f72, 0xd712e8db), TOBN(0xfb28c70d, 0x26f74e8d), - TOBN(0xffe0c728, 0xb61301a0), TOBN(0xa6282168, 0xd3724354), - TOBN(0x7ff4cb00, 0x768ffedc), TOBN(0xc51b3088, 0x03b02de9), - TOBN(0xa5a8147c, 0x3902dda5), TOBN(0x35d2f706, 0xfe6973b4), - TOBN(0x5ac2efcf, 0xc257457e), TOBN(0x933f48d4, 0x8700611b), - TOBN(0xc365af88, 0x4912beb2), TOBN(0x7f5a4de6, 0x162edf94), - TOBN(0xc646ba7c, 0x0c32f34b), TOBN(0x632c6af3, 0xb2091074), - TOBN(0x58d4f2e3, 0x753e43a9), TOBN(0x70e1d217, 0x24d4e23f), - TOBN(0xb24bf729, 0xafede6a6), TOBN(0x7f4a94d8, 0x710c8b60), - TOBN(0xaad90a96, 0x8d4faa6a), TOBN(0xd9ed0b32, 0xb066b690), - TOBN(0x52fcd37b, 0x78b6dbfd), TOBN(0x0b64615e, 0x8bd2b431), - TOBN(0x228e2048, 0xcfb9fad5), TOBN(0xbeaa386d, 0x240b76bd), - TOBN(0x2d6681c8, 0x90dad7bc), TOBN(0x3e553fc3, 0x06d38f5e), - TOBN(0xf27cdb9b, 0x9d5f9750), TOBN(0x3e85c52a, 0xd28c5b0e), - TOBN(0x190795af, 0x5247c39b), TOBN(0x547831eb, 0xbddd6828), - TOBN(0xf327a227, 0x4a82f424), TOBN(0x36919c78, 0x7e47f89d), - TOBN(0xe4783919, 0x43c7392c), TOBN(0xf101b9aa, 0x2316fefe), - TOBN(0xbcdc9e9c, 0x1c5009d2), TOBN(0xfb55ea13, 0x9cd18345), - TOBN(0xf5b5e231, 0xa3ce77c7), TOBN(0xde6b4527, 0xd2f2cb3d), - TOBN(0x10f6a333, 0x9bb26f5f), TOBN(0x1e85db8e, 0x044d85b6), - TOBN(0xc3697a08, 0x94197e54), TOBN(0x65e18cc0, 0xa7cb4ea8), - TOBN(0xa38c4f50, 0xa471fe6e), TOBN(0xf031747a, 0x2f13439c), - TOBN(0x53c4a6ba, 0xc007318b), TOBN(0xa8da3ee5, 0x1deccb3d), - TOBN(0x0555b31c, 0x558216b1), TOBN(0x90c7810c, 0x2f79e6c2), - TOBN(0x9b669f4d, 0xfe8eed3c), TOBN(0x70398ec8, 0xe0fac126), - TOBN(0xa96a449e, 0xf701b235), TOBN(0x0ceecdb3, 0xeb94f395), - TOBN(0x285fc368, 0xd0cb7431), TOBN(0x0d37bb52, 0x16a18c64), - TOBN(0x05110d38, 0xb880d2dd), TOBN(0xa60f177b, 0x65930d57), - TOBN(0x7da34a67, 0xf36235f5), TOBN(0x47f5e17c, 0x183816b9), - TOBN(0xc7664b57, 0xdb394af4), TOBN(0x39ba215d, 0x7036f789), - TOBN(0x46d2ca0e, 0x2f27b472), TOBN(0xc42647ee, 0xf73a84b7), - TOBN(0x44bc7545, 0x64488f1d), TOBN(0xaa922708, 0xf4cf85d5), - TOBN(0x721a01d5, 0x53e4df63), TOBN(0x649c0c51, 0x5db46ced), - TOBN(0x6bf0d64e, 0x3cffcb6c), TOBN(0xe3bf93fe, 0x50f71d96), - TOBN(0x75044558, 0xbcc194a0), TOBN(0x16ae3372, 0x6afdc554), - TOBN(0xbfc01adf, 0x5ca48f3f), TOBN(0x64352f06, 0xe22a9b84), - TOBN(0xcee54da1, 0xc1099e4a), TOBN(0xbbda54e8, 0xfa1b89c0), - TOBN(0x166a3df5, 0x6f6e55fb), TOBN(0x1ca44a24, 0x20176f88), - TOBN(0x936afd88, 0xdfb7b5ff), TOBN(0xe34c2437, 0x8611d4a0), - TOBN(0x7effbb75, 0x86142103), TOBN(0x6704ba1b, 0x1f34fc4d), - TOBN(0x7c2a468f, 0x10c1b122), TOBN(0x36b3a610, 0x8c6aace9), - TOBN(0xabfcc0a7, 0x75a0d050), TOBN(0x066f9197, 0x3ce33e32), - TOBN(0xce905ef4, 0x29fe09be), TOBN(0x89ee25ba, 0xa8376351), - TOBN(0x2a3ede22, 0xfd29dc76), TOBN(0x7fd32ed9, 0x36f17260), - TOBN(0x0cadcf68, 0x284b4126), TOBN(0x63422f08, 0xa7951fc8), - TOBN(0x562b24f4, 0x0807e199), TOBN(0xfe9ce5d1, 0x22ad4490), - TOBN(0xc2f51b10, 0x0db2b1b4), TOBN(0xeb3613ff, 0xe4541d0d), - TOBN(0xbd2c4a05, 0x2680813b), TOBN(0x527aa55d, 0x561b08d6), - TOBN(0xa9f8a40e, 0xa7205558), TOBN(0xe3eea56f, 0x243d0bec), - TOBN(0x7b853817, 0xa0ff58b3), TOBN(0xb67d3f65, 0x1a69e627), - TOBN(0x0b76bbb9, 0xa869b5d6), TOBN(0xa3afeb82, 0x546723ed), - TOBN(0x5f24416d, 0x3e554892), TOBN(0x8413b53d, 0x430e2a45), - TOBN(0x99c56aee, 0x9032a2a0), TOBN(0x09432bf6, 0xeec367b1), - TOBN(0x552850c6, 0xdaf0ecc1), TOBN(0x49ebce55, 0x5bc92048), - TOBN(0xdfb66ba6, 0x54811307), TOBN(0x1b84f797, 0x6f298597), - TOBN(0x79590481, 0x8d1d7a0d), TOBN(0xd9fabe03, 0x3a6fa556), - TOBN(0xa40f9c59, 0xba9e5d35), TOBN(0xcb1771c1, 0xf6247577), - TOBN(0x542a47ca, 0xe9a6312b), TOBN(0xa34b3560, 0x552dd8c5), - TOBN(0xfdf94de0, 0x0d794716), TOBN(0xd46124a9, 0x9c623094), - TOBN(0x56b7435d, 0x68afe8b4), TOBN(0x27f20540, 0x6c0d8ea1), - TOBN(0x12b77e14, 0x73186898), TOBN(0xdbc3dd46, 0x7479490f), - TOBN(0x951a9842, 0xc03b0c05), TOBN(0x8b1b3bb3, 0x7921bc96), - TOBN(0xa573b346, 0x2b202e0a), TOBN(0x77e4665d, 0x47254d56), - TOBN(0x08b70dfc, 0xd23e3984), TOBN(0xab86e8bc, 0xebd14236), - TOBN(0xaa3e07f8, 0x57114ba7), TOBN(0x5ac71689, 0xab0ef4f2), - TOBN(0x88fca384, 0x0139d9af), TOBN(0x72733f88, 0x76644af0), - TOBN(0xf122f72a, 0x65d74f4a), TOBN(0x13931577, 0xa5626c7a), - TOBN(0xd5b5d9eb, 0x70f8d5a4), TOBN(0x375adde7, 0xd7bbb228), - TOBN(0x31e88b86, 0x0c1c0b32), TOBN(0xd1f568c4, 0x173edbaa), - TOBN(0x1592fc83, 0x5459df02), TOBN(0x2beac0fb, 0x0fcd9a7e), - TOBN(0xb0a6fdb8, 0x1b473b0a), TOBN(0xe3224c6f, 0x0fe8fc48), - TOBN(0x680bd00e, 0xe87edf5b), TOBN(0x30385f02, 0x20e77cf5), - TOBN(0xe9ab98c0, 0x4d42d1b2), TOBN(0x72d191d2, 0xd3816d77), - TOBN(0x1564daca, 0x0917d9e5), TOBN(0x394eab59, 0x1f8fed7f), - TOBN(0xa209aa8d, 0x7fbb3896), TOBN(0x5564f3b9, 0xbe6ac98e), - TOBN(0xead21d05, 0xd73654ef), TOBN(0x68d1a9c4, 0x13d78d74), - TOBN(0x61e01708, 0x6d4973a0), TOBN(0x83da3500, 0x46e6d32a), - TOBN(0x6a3dfca4, 0x68ae0118), TOBN(0xa1b9a4c9, 0xd02da069), - TOBN(0x0b2ff9c7, 0xebab8302), TOBN(0x98af07c3, 0x944ba436), - TOBN(0x85997326, 0x995f0f9f), TOBN(0x467fade0, 0x71b58bc6), - TOBN(0x47e4495a, 0xbd625a2b), TOBN(0xfdd2d01d, 0x33c3b8cd), - TOBN(0x2c38ae28, 0xc693f9fa), TOBN(0x48622329, 0x348f7999), - TOBN(0x97bf738e, 0x2161f583), TOBN(0x15ee2fa7, 0x565e8cc9), - TOBN(0xa1a5c845, 0x5777e189), TOBN(0xcc10bee0, 0x456f2829), - TOBN(0x8ad95c56, 0xda762bd5), TOBN(0x152e2214, 0xe9d91da8), - TOBN(0x975b0e72, 0x7cb23c74), TOBN(0xfd5d7670, 0xa90c66df), - TOBN(0xb5b5b8ad, 0x225ffc53), TOBN(0xab6dff73, 0xfaded2ae), - TOBN(0xebd56781, 0x6f4cbe9d), TOBN(0x0ed8b249, 0x6a574bd7), - TOBN(0x41c246fe, 0x81a881fa), TOBN(0x91564805, 0xc3db9c70), - TOBN(0xd7c12b08, 0x5b862809), TOBN(0x1facd1f1, 0x55858d7b), - TOBN(0x7693747c, 0xaf09e92a), TOBN(0x3b69dcba, 0x189a425f), - TOBN(0x0be28e9f, 0x967365ef), TOBN(0x57300eb2, 0xe801f5c9), - TOBN(0x93b8ac6a, 0xd583352f), TOBN(0xa2cf1f89, 0xcd05b2b7), - TOBN(0x7c0c9b74, 0x4dcc40cc), TOBN(0xfee38c45, 0xada523fb), - TOBN(0xb49a4dec, 0x1099cc4d), TOBN(0x325c377f, 0x69f069c6), - TOBN(0xe12458ce, 0x476cc9ff), TOBN(0x580e0b6c, 0xc6d4cb63), - TOBN(0xd561c8b7, 0x9072289b), TOBN(0x0377f264, 0xa619e6da), - TOBN(0x26685362, 0x88e591a5), TOBN(0xa453a7bd, 0x7523ca2b), - TOBN(0x8a9536d2, 0xc1df4533), TOBN(0xc8e50f2f, 0xbe972f79), - TOBN(0xd433e50f, 0x6d3549cf), TOBN(0x6f33696f, 0xfacd665e), - TOBN(0x695bfdac, 0xce11fcb4), TOBN(0x810ee252, 0xaf7c9860), - TOBN(0x65450fe1, 0x7159bb2c), TOBN(0xf7dfbebe, 0x758b357b), - TOBN(0x2b057e74, 0xd69fea72), TOBN(0xd485717a, 0x92731745),} - , - {TOBN(0x896c42e8, 0xee36860c), TOBN(0xdaf04dfd, 0x4113c22d), - TOBN(0x1adbb7b7, 0x44104213), TOBN(0xe5fd5fa1, 0x1fd394ea), - TOBN(0x68235d94, 0x1a4e0551), TOBN(0x6772cfbe, 0x18d10151), - TOBN(0x276071e3, 0x09984523), TOBN(0xe4e879de, 0x5a56ba98), - TOBN(0xaaafafb0, 0x285b9491), TOBN(0x01a0be88, 0x1e4c705e), - TOBN(0xff1d4f5d, 0x2ad9caab), TOBN(0x6e349a4a, 0xc37a233f), - TOBN(0xcf1c1246, 0x4a1c6a16), TOBN(0xd99e6b66, 0x29383260), - TOBN(0xea3d4366, 0x5f6d5471), TOBN(0x36974d04, 0xff8cc89b), - TOBN(0xc26c49a1, 0xcfe89d80), TOBN(0xb42c026d, 0xda9c8371), - TOBN(0xca6c013a, 0xdad066d2), TOBN(0xfb8f7228, 0x56a4f3ee), - TOBN(0x08b579ec, 0xd850935b), TOBN(0x34c1a74c, 0xd631e1b3), - TOBN(0xcb5fe596, 0xac198534), TOBN(0x39ff21f6, 0xe1f24f25), - TOBN(0x27f29e14, 0x8f929057), TOBN(0x7a64ae06, 0xc0c853df), - TOBN(0x256cd183, 0x58e9c5ce), TOBN(0x9d9cce82, 0xded092a5), - TOBN(0xcc6e5979, 0x6e93b7c7), TOBN(0xe1e47092, 0x31bb9e27), - TOBN(0xb70b3083, 0xaa9e29a0), TOBN(0xbf181a75, 0x3785e644), - TOBN(0xf53f2c65, 0x8ead09f7), TOBN(0x1335e1d5, 0x9780d14d), - TOBN(0x69cc20e0, 0xcd1b66bc), TOBN(0x9b670a37, 0xbbe0bfc8), - TOBN(0xce53dc81, 0x28efbeed), TOBN(0x0c74e77c, 0x8326a6e5), - TOBN(0x3604e0d2, 0xb88e9a63), TOBN(0xbab38fca, 0x13dc2248), - TOBN(0x8ed6e8c8, 0x5c0a3f1e), TOBN(0xbcad2492, 0x7c87c37f), - TOBN(0xfdfb62bb, 0x9ee3b78d), TOBN(0xeba8e477, 0xcbceba46), - TOBN(0x37d38cb0, 0xeeaede4b), TOBN(0x0bc498e8, 0x7976deb6), - TOBN(0xb2944c04, 0x6b6147fb), TOBN(0x8b123f35, 0xf71f9609), - TOBN(0xa155dcc7, 0xde79dc24), TOBN(0xf1168a32, 0x558f69cd), - TOBN(0xbac21595, 0x0d1850df), TOBN(0x15c8295b, 0xb204c848), - TOBN(0xf661aa36, 0x7d8184ff), TOBN(0xc396228e, 0x30447bdb), - TOBN(0x11cd5143, 0xbde4a59e), TOBN(0xe3a26e3b, 0x6beab5e6), - TOBN(0xd3b3a13f, 0x1402b9d0), TOBN(0x573441c3, 0x2c7bc863), - TOBN(0x4b301ec4, 0x578c3e6e), TOBN(0xc26fc9c4, 0x0adaf57e), - TOBN(0x96e71bfd, 0x7493cea3), TOBN(0xd05d4b3f, 0x1af81456), - TOBN(0xdaca2a8a, 0x6a8c608f), TOBN(0x53ef07f6, 0x0725b276), - TOBN(0x07a5fbd2, 0x7824fc56), TOBN(0x34675218, 0x13289077), - TOBN(0x5bf69fd5, 0xe0c48349), TOBN(0xa613ddd3, 0xb6aa7875), - TOBN(0x7f78c19c, 0x5450d866), TOBN(0x46f4409c, 0x8f84a481), - TOBN(0x9f1d1928, 0x90fce239), TOBN(0x016c4168, 0xb2ce44b9), - TOBN(0xbae023f0, 0xc7435978), TOBN(0xb152c888, 0x20e30e19), - TOBN(0x9c241645, 0xe3fa6faf), TOBN(0x735d95c1, 0x84823e60), - TOBN(0x03197573, 0x03955317), TOBN(0x0b4b02a9, 0xf03b4995), - TOBN(0x076bf559, 0x70274600), TOBN(0x32c5cc53, 0xaaf57508), - TOBN(0xe8af6d1f, 0x60624129), TOBN(0xb7bc5d64, 0x9a5e2b5e), - TOBN(0x3814b048, 0x5f082d72), TOBN(0x76f267f2, 0xce19677a), - TOBN(0x626c630f, 0xb36eed93), TOBN(0x55230cd7, 0x3bf56803), - TOBN(0x78837949, 0xce2736a0), TOBN(0x0d792d60, 0xaa6c55f1), - TOBN(0x0318dbfd, 0xd5c7c5d2), TOBN(0xb38f8da7, 0x072b342d), - TOBN(0x3569bddc, 0x7b8de38a), TOBN(0xf25b5887, 0xa1c94842), - TOBN(0xb2d5b284, 0x2946ad60), TOBN(0x854f29ad, 0xe9d1707e), - TOBN(0xaa5159dc, 0x2c6a4509), TOBN(0x899f94c0, 0x57189837), - TOBN(0xcf6adc51, 0xf4a55b03), TOBN(0x261762de, 0x35e3b2d5), - TOBN(0x4cc43012, 0x04827b51), TOBN(0xcd22a113, 0xc6021442), - TOBN(0xce2fd61a, 0x247c9569), TOBN(0x59a50973, 0xd152beca), - TOBN(0x6c835a11, 0x63a716d4), TOBN(0xc26455ed, 0x187dedcf), - TOBN(0x27f536e0, 0x49ce89e7), TOBN(0x18908539, 0xcc890cb5), - TOBN(0x308909ab, 0xd83c2aa1), TOBN(0xecd3142b, 0x1ab73bd3), - TOBN(0x6a85bf59, 0xb3f5ab84), TOBN(0x3c320a68, 0xf2bea4c6), - TOBN(0xad8dc538, 0x6da4541f), TOBN(0xeaf34eb0, 0xb7c41186), - TOBN(0x1c780129, 0x977c97c4), TOBN(0x5ff9beeb, 0xc57eb9fa), - TOBN(0xa24d0524, 0xc822c478), TOBN(0xfd8eec2a, 0x461cd415), - TOBN(0xfbde194e, 0xf027458c), TOBN(0xb4ff5319, 0x1d1be115), - TOBN(0x63f874d9, 0x4866d6f4), TOBN(0x35c75015, 0xb21ad0c9), - TOBN(0xa6b5c9d6, 0x46ac49d2), TOBN(0x42c77c0b, 0x83137aa9), - TOBN(0x24d000fc, 0x68225a38), TOBN(0x0f63cfc8, 0x2fe1e907), - TOBN(0x22d1b01b, 0xc6441f95), TOBN(0x7d38f719, 0xec8e448f), - TOBN(0x9b33fa5f, 0x787fb1ba), TOBN(0x94dcfda1, 0x190158df), - TOBN(0xc47cb339, 0x5f6d4a09), TOBN(0x6b4f355c, 0xee52b826), - TOBN(0x3d100f5d, 0xf51b930a), TOBN(0xf4512fac, 0x9f668f69), - TOBN(0x546781d5, 0x206c4c74), TOBN(0xd021d4d4, 0xcb4d2e48), - TOBN(0x494a54c2, 0xca085c2d), TOBN(0xf1dbaca4, 0x520850a8), - TOBN(0x63c79326, 0x490a1aca), TOBN(0xcb64dd9c, 0x41526b02), - TOBN(0xbb772591, 0xa2979258), TOBN(0x3f582970, 0x48d97846), - TOBN(0xd66b70d1, 0x7c213ba7), TOBN(0xc28febb5, 0xe8a0ced4), - TOBN(0x6b911831, 0xc10338c1), TOBN(0x0d54e389, 0xbf0126f3), - TOBN(0x7048d460, 0x4af206ee), TOBN(0x786c88f6, 0x77e97cb9), - TOBN(0xd4375ae1, 0xac64802e), TOBN(0x469bcfe1, 0xd53ec11c), - TOBN(0xfc9b340d, 0x47062230), TOBN(0xe743bb57, 0xc5b4a3ac), - TOBN(0xfe00b4aa, 0x59ef45ac), TOBN(0x29a4ef23, 0x59edf188), - TOBN(0x40242efe, 0xb483689b), TOBN(0x2575d3f6, 0x513ac262), - TOBN(0xf30037c8, 0x0ca6db72), TOBN(0xc9fcce82, 0x98864be2), - TOBN(0x84a112ff, 0x0149362d), TOBN(0x95e57582, 0x1c4ae971), - TOBN(0x1fa4b1a8, 0x945cf86c), TOBN(0x4525a734, 0x0b024a2f), - TOBN(0xe76c8b62, 0x8f338360), TOBN(0x483ff593, 0x28edf32b), - TOBN(0x67e8e90a, 0x298b1aec), TOBN(0x9caab338, 0x736d9a21), - TOBN(0x5c09d2fd, 0x66892709), TOBN(0x2496b4dc, 0xb55a1d41), - TOBN(0x93f5fb1a, 0xe24a4394), TOBN(0x08c75049, 0x6fa8f6c1), - TOBN(0xcaead1c2, 0xc905d85f), TOBN(0xe9d7f790, 0x0733ae57), - TOBN(0x24c9a65c, 0xf07cdd94), TOBN(0x7389359c, 0xa4b55931), - TOBN(0xf58709b7, 0x367e45f7), TOBN(0x1f203067, 0xcb7e7adc), - TOBN(0x82444bff, 0xc7b72818), TOBN(0x07303b35, 0xbaac8033), - TOBN(0x1e1ee4e4, 0xd13b7ea1), TOBN(0xe6489b24, 0xe0e74180), - TOBN(0xa5f2c610, 0x7e70ef70), TOBN(0xa1655412, 0xbdd10894), - TOBN(0x555ebefb, 0x7af4194e), TOBN(0x533c1c3c, 0x8e89bd9c), - TOBN(0x735b9b57, 0x89895856), TOBN(0x15fb3cd2, 0x567f5c15), - TOBN(0x057fed45, 0x526f09fd), TOBN(0xe8a4f10c, 0x8128240a), - TOBN(0x9332efc4, 0xff2bfd8d), TOBN(0x214e77a0, 0xbd35aa31), - TOBN(0x32896d73, 0x14faa40e), TOBN(0x767867ec, 0x01e5f186), - TOBN(0xc9adf8f1, 0x17a1813e), TOBN(0xcb6cda78, 0x54741795), - TOBN(0xb7521b6d, 0x349d51aa), TOBN(0xf56b5a9e, 0xe3c7b8e9), - TOBN(0xc6f1e5c9, 0x32a096df), TOBN(0x083667c4, 0xa3635024), - TOBN(0x365ea135, 0x18087f2f), TOBN(0xf1b8eaac, 0xd136e45d), - TOBN(0xc8a0e484, 0x73aec989), TOBN(0xd75a324b, 0x142c9259), - TOBN(0xb7b4d001, 0x01dae185), TOBN(0x45434e0b, 0x9b7a94bc), - TOBN(0xf54339af, 0xfbd8cb0b), TOBN(0xdcc4569e, 0xe98ef49e), - TOBN(0x7789318a, 0x09a51299), TOBN(0x81b4d206, 0xb2b025d8), - TOBN(0xf64aa418, 0xfae85792), TOBN(0x3e50258f, 0xacd7baf7), - TOBN(0xdce84cdb, 0x2996864b), TOBN(0xa2e67089, 0x1f485fa4), - TOBN(0xb28b2bb6, 0x534c6a5a), TOBN(0x31a7ec6b, 0xc94b9d39), - TOBN(0x1d217766, 0xd6bc20da), TOBN(0x4acdb5ec, 0x86761190), - TOBN(0x68726328, 0x73701063), TOBN(0x4d24ee7c, 0x2128c29b), - TOBN(0xc072ebd3, 0xa19fd868), TOBN(0x612e481c, 0xdb8ddd3b), - TOBN(0xb4e1d754, 0x1a64d852), TOBN(0x00ef95ac, 0xc4c6c4ab), - TOBN(0x1536d2ed, 0xaa0a6c46), TOBN(0x61294086, 0x43774790), - TOBN(0x54af25e8, 0x343fda10), TOBN(0x9ff9d98d, 0xfd25d6f2), - TOBN(0x0746af7c, 0x468b8835), TOBN(0x977a31cb, 0x730ecea7), - TOBN(0xa5096b80, 0xc2cf4a81), TOBN(0xaa986833, 0x6458c37a), - TOBN(0x6af29bf3, 0xa6bd9d34), TOBN(0x6a62fe9b, 0x33c5d854), - TOBN(0x50e6c304, 0xb7133b5e), TOBN(0x04b60159, 0x7d6e6848), - TOBN(0x4cd296df, 0x5579bea4), TOBN(0x10e35ac8, 0x5ceedaf1), - TOBN(0x04c4c5fd, 0xe3bcc5b1), TOBN(0x95f9ee8a, 0x89412cf9), - TOBN(0x2c9459ee, 0x82b6eb0f), TOBN(0x2e845765, 0x95c2aadd), - TOBN(0x774a84ae, 0xd327fcfe), TOBN(0xd8c93722, 0x0368d476), - TOBN(0x0dbd5748, 0xf83e8a3b), TOBN(0xa579aa96, 0x8d2495f3), - TOBN(0x535996a0, 0xae496e9b), TOBN(0x07afbfe9, 0xb7f9bcc2), - TOBN(0x3ac1dc6d, 0x5b7bd293), TOBN(0x3b592cff, 0x7022323d), - TOBN(0xba0deb98, 0x9c0a3e76), TOBN(0x18e78e9f, 0x4b197acb), - TOBN(0x211cde10, 0x296c36ef), TOBN(0x7ee89672, 0x82c4da77), - TOBN(0xb617d270, 0xa57836da), TOBN(0xf0cd9c31, 0x9cb7560b), - TOBN(0x01fdcbf7, 0xe455fe90), TOBN(0x3fb53cbb, 0x7e7334f3), - TOBN(0x781e2ea4, 0x4e7de4ec), TOBN(0x8adab3ad, 0x0b384fd0), - TOBN(0x129eee2f, 0x53d64829), TOBN(0x7a471e17, 0xa261492b), - TOBN(0xe4f9adb9, 0xe4cb4a2c), TOBN(0x3d359f6f, 0x97ba2c2d), - TOBN(0x346c6786, 0x0aacd697), TOBN(0x92b444c3, 0x75c2f8a8), - TOBN(0xc79fa117, 0xd85df44e), TOBN(0x56782372, 0x398ddf31), - TOBN(0x60e690f2, 0xbbbab3b8), TOBN(0x4851f8ae, 0x8b04816b), - TOBN(0xc72046ab, 0x9c92e4d2), TOBN(0x518c74a1, 0x7cf3136b), - TOBN(0xff4eb50a, 0xf9877d4c), TOBN(0x14578d90, 0xa919cabb), - TOBN(0x8218f8c4, 0xac5eb2b6), TOBN(0xa3ccc547, 0x542016e4), - TOBN(0x025bf48e, 0x327f8349), TOBN(0xf3e97346, 0xf43cb641), - TOBN(0xdc2bafdf, 0x500f1085), TOBN(0x57167876, 0x2f063055), - TOBN(0x5bd914b9, 0x411925a6), TOBN(0x7c078d48, 0xa1123de5), - TOBN(0xee6bf835, 0x182b165d), TOBN(0xb11b5e5b, 0xba519727), - TOBN(0xe33ea76c, 0x1eea7b85), TOBN(0x2352b461, 0x92d4f85e), - TOBN(0xf101d334, 0xafe115bb), TOBN(0xfabc1294, 0x889175a3), - TOBN(0x7f6bcdc0, 0x5233f925), TOBN(0xe0a802db, 0xe77fec55), - TOBN(0xbdb47b75, 0x8069b659), TOBN(0x1c5e12de, 0xf98fbd74), - TOBN(0x869c58c6, 0x4b8457ee), TOBN(0xa5360f69, 0x4f7ea9f7), - TOBN(0xe576c09f, 0xf460b38f), TOBN(0x6b70d548, 0x22b7fb36), - TOBN(0x3fd237f1, 0x3bfae315), TOBN(0x33797852, 0xcbdff369), - TOBN(0x97df25f5, 0x25b516f9), TOBN(0x46f388f2, 0xba38ad2d), - TOBN(0x656c4658, 0x89d8ddbb), TOBN(0x8830b26e, 0x70f38ee8), - TOBN(0x4320fd5c, 0xde1212b0), TOBN(0xc34f30cf, 0xe4a2edb2), - TOBN(0xabb131a3, 0x56ab64b8), TOBN(0x7f77f0cc, 0xd99c5d26), - TOBN(0x66856a37, 0xbf981d94), TOBN(0x19e76d09, 0x738bd76e), - TOBN(0xe76c8ac3, 0x96238f39), TOBN(0xc0a482be, 0xa830b366), - TOBN(0xb7b8eaff, 0x0b4eb499), TOBN(0x8ecd83bc, 0x4bfb4865), - TOBN(0x971b2cb7, 0xa2f3776f), TOBN(0xb42176a4, 0xf4b88adf), - TOBN(0xb9617df5, 0xbe1fa446), TOBN(0x8b32d508, 0xcd031bd2), - TOBN(0x1c6bd47d, 0x53b618c0), TOBN(0xc424f46c, 0x6a227923), - TOBN(0x7303ffde, 0xdd92d964), TOBN(0xe9712878, 0x71b5abf2), - TOBN(0x8f48a632, 0xf815561d), TOBN(0x85f48ff5, 0xd3c055d1), - TOBN(0x222a1427, 0x7525684f), TOBN(0xd0d841a0, 0x67360cc3), - TOBN(0x4245a926, 0x0b9267c6), TOBN(0xc78913f1, 0xcf07f863), - TOBN(0xaa844c8e, 0x4d0d9e24), TOBN(0xa42ad522, 0x3d5f9017), - TOBN(0xbd371749, 0xa2c989d5), TOBN(0x928292df, 0xe1f5e78e), - TOBN(0x493b383e, 0x0a1ea6da), TOBN(0x5136fd8d, 0x13aee529), - TOBN(0x860c44b1, 0xf2c34a99), TOBN(0x3b00aca4, 0xbf5855ac), - TOBN(0xabf6aaa0, 0xfaaf37be), TOBN(0x65f43682, 0x2a53ec08), - TOBN(0x1d9a5801, 0xa11b12e1), TOBN(0x78a7ab2c, 0xe20ed475), - TOBN(0x0de1067e, 0x9a41e0d5), TOBN(0x30473f5f, 0x305023ea), - TOBN(0xdd3ae09d, 0x169c7d97), TOBN(0x5cd5baa4, 0xcfaef9cd), - TOBN(0x5cd7440b, 0x65a44803), TOBN(0xdc13966a, 0x47f364de), - TOBN(0x077b2be8, 0x2b8357c1), TOBN(0x0cb1b4c5, 0xe9d57c2a), - TOBN(0x7a4ceb32, 0x05ff363e), TOBN(0xf310fa4d, 0xca35a9ef), - TOBN(0xdbb7b352, 0xf97f68c6), TOBN(0x0c773b50, 0x0b02cf58), - TOBN(0xea2e4821, 0x3c1f96d9), TOBN(0xffb357b0, 0xeee01815), - TOBN(0xb9c924cd, 0xe0f28039), TOBN(0x0b36c95a, 0x46a3fbe4), - TOBN(0x1faaaea4, 0x5e46db6c), TOBN(0xcae575c3, 0x1928aaff), - TOBN(0x7f671302, 0xa70dab86), TOBN(0xfcbd12a9, 0x71c58cfc), - TOBN(0xcbef9acf, 0xbee0cb92), TOBN(0x573da0b9, 0xf8c1b583), - TOBN(0x4752fcfe, 0x0d41d550), TOBN(0xe7eec0e3, 0x2155cffe), - TOBN(0x0fc39fcb, 0x545ae248), TOBN(0x522cb8d1, 0x8065f44e), - TOBN(0x263c962a, 0x70cbb96c), TOBN(0xe034362a, 0xbcd124a9), - TOBN(0xf120db28, 0x3c2ae58d), TOBN(0xb9a38d49, 0xfef6d507), - TOBN(0xb1fd2a82, 0x1ff140fd), TOBN(0xbd162f30, 0x20aee7e0), - TOBN(0x4e17a5d4, 0xcb251949), TOBN(0x2aebcb83, 0x4f7e1c3d), - TOBN(0x608eb25f, 0x937b0527), TOBN(0xf42e1e47, 0xeb7d9997), - TOBN(0xeba699c4, 0xb8a53a29), TOBN(0x1f921c71, 0xe091b536), - TOBN(0xcce29e7b, 0x5b26bbd5), TOBN(0x7a8ef5ed, 0x3b61a680), - TOBN(0xe5ef8043, 0xba1f1c7e), TOBN(0x16ea8217, 0x18158dda), - TOBN(0x01778a2b, 0x599ff0f9), TOBN(0x68a923d7, 0x8104fc6b), - TOBN(0x5bfa44df, 0xda694ff3), TOBN(0x4f7199db, 0xf7667f12), - TOBN(0xc06d8ff6, 0xe46f2a79), TOBN(0x08b5dead, 0xe9f8131d), - TOBN(0x02519a59, 0xabb4ce7c), TOBN(0xc4f710bc, 0xb42aec3e), - TOBN(0x3d77b057, 0x78bde41a), TOBN(0x6474bf80, 0xb4186b5a), - TOBN(0x048b3f67, 0x88c65741), TOBN(0xc64519de, 0x03c7c154), - TOBN(0xdf073846, 0x0edfcc4f), TOBN(0x319aa737, 0x48f1aa6b), - TOBN(0x8b9f8a02, 0xca909f77), TOBN(0x90258139, 0x7580bfef), - TOBN(0xd8bfd3ca, 0xc0c22719), TOBN(0xc60209e4, 0xc9ca151e), - TOBN(0x7a744ab5, 0xd9a1a69c), TOBN(0x6de5048b, 0x14937f8f), - TOBN(0x171938d8, 0xe115ac04), TOBN(0x7df70940, 0x1c6b16d2), - TOBN(0xa6aeb663, 0x7f8e94e7), TOBN(0xc130388e, 0x2a2cf094), - TOBN(0x1850be84, 0x77f54e6e), TOBN(0x9f258a72, 0x65d60fe5), - TOBN(0xff7ff0c0, 0x6c9146d6), TOBN(0x039aaf90, 0xe63a830b), - TOBN(0x38f27a73, 0x9460342f), TOBN(0x4703148c, 0x3f795f8a), - TOBN(0x1bb5467b, 0x9681a97e), TOBN(0x00931ba5, 0xecaeb594), - TOBN(0xcdb6719d, 0x786f337c), TOBN(0xd9c01cd2, 0xe704397d), - TOBN(0x0f4a3f20, 0x555c2fef), TOBN(0x00452509, 0x7c0af223), - TOBN(0x54a58047, 0x84db8e76), TOBN(0x3bacf1aa, 0x93c8aa06), - TOBN(0x11ca957c, 0xf7919422), TOBN(0x50641053, 0x78cdaa40), - TOBN(0x7a303874, 0x9f7144ae), TOBN(0x170c963f, 0x43d4acfd), - TOBN(0x5e148149, 0x58ddd3ef), TOBN(0xa7bde582, 0x9e72dba8), - TOBN(0x0769da8b, 0x6fa68750), TOBN(0xfa64e532, 0x572e0249), - TOBN(0xfcaadf9d, 0x2619ad31), TOBN(0x87882daa, 0xa7b349cd), - TOBN(0x9f6eb731, 0x6c67a775), TOBN(0xcb10471a, 0xefc5d0b1), - TOBN(0xb433750c, 0xe1b806b2), TOBN(0x19c5714d, 0x57b1ae7e), - TOBN(0xc0dc8b7b, 0xed03fd3f), TOBN(0xdd03344f, 0x31bc194e), - TOBN(0xa66c52a7, 0x8c6320b5), TOBN(0x8bc82ce3, 0xd0b6fd93), - TOBN(0xf8e13501, 0xb35f1341), TOBN(0xe53156dd, 0x25a43e42), - TOBN(0xd3adf27e, 0x4daeb85c), TOBN(0xb81d8379, 0xbbeddeb5), - TOBN(0x1b0b546e, 0x2e435867), TOBN(0x9020eb94, 0xeba5dd60), - TOBN(0x37d91161, 0x8210cb9d), TOBN(0x4c596b31, 0x5c91f1cf), - TOBN(0xb228a90f, 0x0e0b040d), TOBN(0xbaf02d82, 0x45ff897f), - TOBN(0x2aac79e6, 0x00fa6122), TOBN(0x24828817, 0x8e36f557), - TOBN(0xb9521d31, 0x113ec356), TOBN(0x9e48861e, 0x15eff1f8), - TOBN(0x2aa1d412, 0xe0d41715), TOBN(0x71f86203, 0x53f131b8), - TOBN(0xf60da8da, 0x3fd19408), TOBN(0x4aa716dc, 0x278d9d99), - TOBN(0x394531f7, 0xa8c51c90), TOBN(0xb560b0e8, 0xf59db51c), - TOBN(0xa28fc992, 0xfa34bdad), TOBN(0xf024fa14, 0x9cd4f8bd), - TOBN(0x5cf530f7, 0x23a9d0d3), TOBN(0x615ca193, 0xe28c9b56), - TOBN(0x6d2a483d, 0x6f73c51e), TOBN(0xa4cb2412, 0xea0dc2dd), - TOBN(0x50663c41, 0x1eb917ff), TOBN(0x3d3a74cf, 0xeade299e), - TOBN(0x29b3990f, 0x4a7a9202), TOBN(0xa9bccf59, 0xa7b15c3d), - TOBN(0x66a3ccdc, 0xa5df9208), TOBN(0x48027c14, 0x43f2f929), - TOBN(0xd385377c, 0x40b557f0), TOBN(0xe001c366, 0xcd684660), - TOBN(0x1b18ed6b, 0xe2183a27), TOBN(0x879738d8, 0x63210329), - TOBN(0xa687c74b, 0xbda94882), TOBN(0xd1bbcc48, 0xa684b299), - TOBN(0xaf6f1112, 0x863b3724), TOBN(0x6943d1b4, 0x2c8ce9f8), - TOBN(0xe044a3bb, 0x098cafb4), TOBN(0x27ed2310, 0x60d48caf), - TOBN(0x542b5675, 0x3a31b84d), TOBN(0xcbf3dd50, 0xfcddbed7), - TOBN(0x25031f16, 0x41b1d830), TOBN(0xa7ec851d, 0xcb0c1e27), - TOBN(0xac1c8fe0, 0xb5ae75db), TOBN(0xb24c7557, 0x08c52120), - TOBN(0x57f811dc, 0x1d4636c3), TOBN(0xf8436526, 0x681a9939), - TOBN(0x1f6bc6d9, 0x9c81adb3), TOBN(0x840f8ac3, 0x5b7d80d4), - TOBN(0x731a9811, 0xf4387f1a), TOBN(0x7c501cd3, 0xb5156880), - TOBN(0xa5ca4a07, 0xdfe68867), TOBN(0xf123d8f0, 0x5fcea120), - TOBN(0x1fbb0e71, 0xd607039e), TOBN(0x2b70e215, 0xcd3a4546), - TOBN(0x32d2f01d, 0x53324091), TOBN(0xb796ff08, 0x180ab19b), - TOBN(0x32d87a86, 0x3c57c4aa), TOBN(0x2aed9caf, 0xb7c49a27), - TOBN(0x9fb35eac, 0x31630d98), TOBN(0x338e8cdf, 0x5c3e20a3), - TOBN(0x80f16182, 0x66cde8db), TOBN(0x4e159980, 0x2d72fd36), - TOBN(0xd7b8f13b, 0x9b6e5072), TOBN(0xf5213907, 0x3b7b5dc1), - TOBN(0x4d431f1d, 0x8ce4396e), TOBN(0x37a1a680, 0xa7ed2142), - TOBN(0xbf375696, 0xd01aaf6b), TOBN(0xaa1c0c54, 0xe63aab66), - TOBN(0x3014368b, 0x4ed80940), TOBN(0x67e6d056, 0x7a6fcedd), - TOBN(0x7c208c49, 0xca97579f), TOBN(0xfe3d7a81, 0xa23597f6), - TOBN(0x5e203202, 0x7e096ae2), TOBN(0xb1f3e1e7, 0x24b39366), - TOBN(0x26da26f3, 0x2fdcdffc), TOBN(0x79422f1d, 0x6097be83),} - , - {TOBN(0x263a2cfb, 0x9db3b381), TOBN(0x9c3a2dee, 0xd4df0a4b), - TOBN(0x728d06e9, 0x7d04e61f), TOBN(0x8b1adfbc, 0x42449325), - TOBN(0x6ec1d939, 0x7e053a1b), TOBN(0xee2be5c7, 0x66daf707), - TOBN(0x80ba1e14, 0x810ac7ab), TOBN(0xdd2ae778, 0xf530f174), - TOBN(0x0435d97a, 0x205b9d8b), TOBN(0x6eb8f064, 0x056756d4), - TOBN(0xd5e88a8b, 0xb6f8210e), TOBN(0x070ef12d, 0xec9fd9ea), - TOBN(0x4d849505, 0x3bcc876a), TOBN(0x12a75338, 0xa7404ce3), - TOBN(0xd22b49e1, 0xb8a1db5e), TOBN(0xec1f2051, 0x14bfa5ad), - TOBN(0xadbaeb79, 0xb6828f36), TOBN(0x9d7a0258, 0x01bd5b9e), - TOBN(0xeda01e0d, 0x1e844b0c), TOBN(0x4b625175, 0x887edfc9), - TOBN(0x14109fdd, 0x9669b621), TOBN(0x88a2ca56, 0xf6f87b98), - TOBN(0xfe2eb788, 0x170df6bc), TOBN(0x0cea06f4, 0xffa473f9), - TOBN(0x43ed81b5, 0xc4e83d33), TOBN(0xd9f35879, 0x5efd488b), - TOBN(0x164a620f, 0x9deb4d0f), TOBN(0xc6927bdb, 0xac6a7394), - TOBN(0x45c28df7, 0x9f9e0f03), TOBN(0x2868661e, 0xfcd7e1a9), - TOBN(0x7cf4e8d0, 0xffa348f1), TOBN(0x6bd4c284, 0x398538e0), - TOBN(0x2618a091, 0x289a8619), TOBN(0xef796e60, 0x6671b173), - TOBN(0x664e46e5, 0x9090c632), TOBN(0xa38062d4, 0x1e66f8fb), - TOBN(0x6c744a20, 0x0573274e), TOBN(0xd07b67e4, 0xa9271394), - TOBN(0x391223b2, 0x6bdc0e20), TOBN(0xbe2d93f1, 0xeb0a05a7), - TOBN(0xf23e2e53, 0x3f36d141), TOBN(0xe84bb3d4, 0x4dfca442), - TOBN(0xb804a48d, 0x6b7c023a), TOBN(0x1e16a8fa, 0x76431c3b), - TOBN(0x1b5452ad, 0xddd472e0), TOBN(0x7d405ee7, 0x0d1ee127), - TOBN(0x50fc6f1d, 0xffa27599), TOBN(0x351ac53c, 0xbf391b35), - TOBN(0x7efa14b8, 0x4444896b), TOBN(0x64974d2f, 0xf94027fb), - TOBN(0xefdcd0e8, 0xde84487d), TOBN(0x8c45b260, 0x2b48989b), - TOBN(0xa8fcbbc2, 0xd8463487), TOBN(0xd1b2b3f7, 0x3fbc476c), - TOBN(0x21d005b7, 0xc8f443c0), TOBN(0x518f2e67, 0x40c0139c), - TOBN(0x56036e8c, 0x06d75fc1), TOBN(0x2dcf7bb7, 0x3249a89f), - TOBN(0x81dd1d3d, 0xe245e7dd), TOBN(0xf578dc4b, 0xebd6e2a7), - TOBN(0x4c028903, 0xdf2ce7a0), TOBN(0xaee36288, 0x9c39afac), - TOBN(0xdc847c31, 0x146404ab), TOBN(0x6304c0d8, 0xa4e97818), - TOBN(0xae51dca2, 0xa91f6791), TOBN(0x2abe4190, 0x9baa9efc), - TOBN(0xd9d2e2f4, 0x559c7ac1), TOBN(0xe82f4b51, 0xfc9f773a), - TOBN(0xa7713027, 0x4073e81c), TOBN(0xc0276fac, 0xfbb596fc), - TOBN(0x1d819fc9, 0xa684f70c), TOBN(0x29b47fdd, 0xc9f7b1e0), - TOBN(0x358de103, 0x459b1940), TOBN(0xec881c59, 0x5b013e93), - TOBN(0x51574c93, 0x49532ad3), TOBN(0x2db1d445, 0xb37b46de), - TOBN(0xc6445b87, 0xdf239fd8), TOBN(0xc718af75, 0x151d24ee), - TOBN(0xaea1c4a4, 0xf43c6259), TOBN(0x40c0e5d7, 0x70be02f7), - TOBN(0x6a4590f4, 0x721b33f2), TOBN(0x2124f1fb, 0xfedf04ea), - TOBN(0xf8e53cde, 0x9745efe7), TOBN(0xe7e10432, 0x65f046d9), - TOBN(0xc3fca28e, 0xe4d0c7e6), TOBN(0x847e339a, 0x87253b1b), - TOBN(0x9b595348, 0x3743e643), TOBN(0xcb6a0a0b, 0x4fd12fc5), - TOBN(0xfb6836c3, 0x27d02dcc), TOBN(0x5ad00982, 0x7a68bcc2), - TOBN(0x1b24b44c, 0x005e912d), TOBN(0xcc83d20f, 0x811fdcfe), - TOBN(0x36527ec1, 0x666fba0c), TOBN(0x69948197, 0x14754635), - TOBN(0xfcdcb1a8, 0x556da9c2), TOBN(0xa5934267, 0x81a732b2), - TOBN(0xec1214ed, 0xa714181d), TOBN(0x609ac13b, 0x6067b341), - TOBN(0xff4b4c97, 0xa545df1f), TOBN(0xa1240501, 0x34d2076b), - TOBN(0x6efa0c23, 0x1409ca97), TOBN(0x254cc1a8, 0x20638c43), - TOBN(0xd4e363af, 0xdcfb46cd), TOBN(0x62c2adc3, 0x03942a27), - TOBN(0xc67b9df0, 0x56e46483), TOBN(0xa55abb20, 0x63736356), - TOBN(0xab93c098, 0xc551bc52), TOBN(0x382b49f9, 0xb15fe64b), - TOBN(0x9ec221ad, 0x4dff8d47), TOBN(0x79caf615, 0x437df4d6), - TOBN(0x5f13dc64, 0xbb456509), TOBN(0xe4c589d9, 0x191f0714), - TOBN(0x27b6a8ab, 0x3fd40e09), TOBN(0xe455842e, 0x77313ea9), - TOBN(0x8b51d1e2, 0x1f55988b), TOBN(0x5716dd73, 0x062bbbfc), - TOBN(0x633c11e5, 0x4e8bf3de), TOBN(0x9a0e77b6, 0x1b85be3b), - TOBN(0x56510729, 0x0911cca6), TOBN(0x27e76495, 0xefa6590f), - TOBN(0xe4ac8b33, 0x070d3aab), TOBN(0x2643672b, 0x9a2cd5e5), - TOBN(0x52eff79b, 0x1cfc9173), TOBN(0x665ca49b, 0x90a7c13f), - TOBN(0x5a8dda59, 0xb3efb998), TOBN(0x8a5b922d, 0x052f1341), - TOBN(0xae9ebbab, 0x3cf9a530), TOBN(0x35986e7b, 0xf56da4d7), - TOBN(0x3a636b5c, 0xff3513cc), TOBN(0xbb0cf8ba, 0x3198f7dd), - TOBN(0xb8d40522, 0x41f16f86), TOBN(0x760575d8, 0xde13a7bf), - TOBN(0x36f74e16, 0x9f7aa181), TOBN(0x163a3ecf, 0xf509ed1c), - TOBN(0x6aead61f, 0x3c40a491), TOBN(0x158c95fc, 0xdfe8fcaa), - TOBN(0xa3991b6e, 0x13cda46f), TOBN(0x79482415, 0x342faed0), - TOBN(0xf3ba5bde, 0x666b5970), TOBN(0x1d52e6bc, 0xb26ab6dd), - TOBN(0x768ba1e7, 0x8608dd3d), TOBN(0x4930db2a, 0xea076586), - TOBN(0xd9575714, 0xe7dc1afa), TOBN(0x1fc7bf7d, 0xf7c58817), - TOBN(0x6b47accd, 0xd9eee96c), TOBN(0x0ca277fb, 0xe58cec37), - TOBN(0x113fe413, 0xe702c42a), TOBN(0xdd1764ee, 0xc47cbe51), - TOBN(0x041e7cde, 0x7b3ed739), TOBN(0x50cb7459, 0x5ce9e1c0), - TOBN(0x35568513, 0x2925b212), TOBN(0x7cff95c4, 0x001b081c), - TOBN(0x63ee4cbd, 0x8088b454), TOBN(0xdb7f32f7, 0x9a9e0c8a), - TOBN(0xb377d418, 0x6b2447cb), TOBN(0xe3e982aa, 0xd370219b), - TOBN(0x06ccc1e4, 0xc2a2a593), TOBN(0x72c36865, 0x0773f24f), - TOBN(0xa13b4da7, 0x95859423), TOBN(0x8bbf1d33, 0x75040c8f), - TOBN(0x726f0973, 0xda50c991), TOBN(0x48afcd5b, 0x822d6ee2), - TOBN(0xe5fc718b, 0x20fd7771), TOBN(0xb9e8e77d, 0xfd0807a1), - TOBN(0x7f5e0f44, 0x99a7703d), TOBN(0x6972930e, 0x618e36f3), - TOBN(0x2b7c77b8, 0x23807bbe), TOBN(0xe5b82405, 0xcb27ff50), - TOBN(0xba8b8be3, 0xbd379062), TOBN(0xd64b7a1d, 0x2dce4a92), - TOBN(0x040a73c5, 0xb2952e37), TOBN(0x0a9e252e, 0xd438aeca), - TOBN(0xdd43956b, 0xc39d3bcb), TOBN(0x1a31ca00, 0xb32b2d63), - TOBN(0xd67133b8, 0x5c417a18), TOBN(0xd08e4790, 0x2ef442c8), - TOBN(0x98cb1ae9, 0x255c0980), TOBN(0x4bd86381, 0x2b4a739f), - TOBN(0x5a5c31e1, 0x1e4a45a1), TOBN(0x1e5d55fe, 0x9cb0db2f), - TOBN(0x74661b06, 0x8ff5cc29), TOBN(0x026b389f, 0x0eb8a4f4), - TOBN(0x536b21a4, 0x58848c24), TOBN(0x2e5bf8ec, 0x81dc72b0), - TOBN(0x03c187d0, 0xad886aac), TOBN(0x5c16878a, 0xb771b645), - TOBN(0xb07dfc6f, 0xc74045ab), TOBN(0x2c6360bf, 0x7800caed), - TOBN(0x24295bb5, 0xb9c972a3), TOBN(0xc9e6f88e, 0x7c9a6dba), - TOBN(0x90ffbf24, 0x92a79aa6), TOBN(0xde29d50a, 0x41c26ac2), - TOBN(0x9f0af483, 0xd309cbe6), TOBN(0x5b020d8a, 0xe0bced4f), - TOBN(0x606e986d, 0xb38023e3), TOBN(0xad8f2c9d, 0x1abc6933), - TOBN(0x19292e1d, 0xe7400e93), TOBN(0xfe3e18a9, 0x52be5e4d), - TOBN(0xe8e9771d, 0x2e0680bf), TOBN(0x8c5bec98, 0xc54db063), - TOBN(0x2af9662a, 0x74a55d1f), TOBN(0xe3fbf28f, 0x046f66d8), - TOBN(0xa3a72ab4, 0xd4dc4794), TOBN(0x09779f45, 0x5c7c2dd8), - TOBN(0xd893bdaf, 0xc3d19d8d), TOBN(0xd5a75094, 0x57d6a6df), - TOBN(0x8cf8fef9, 0x952e6255), TOBN(0x3da67cfb, 0xda9a8aff), - TOBN(0x4c23f62a, 0x2c160dcd), TOBN(0x34e6c5e3, 0x8f90eaef), - TOBN(0x35865519, 0xa9a65d5a), TOBN(0x07c48aae, 0x8fd38a3d), - TOBN(0xb7e7aeda, 0x50068527), TOBN(0x2c09ef23, 0x1c90936a), - TOBN(0x31ecfeb6, 0xe879324c), TOBN(0xa0871f6b, 0xfb0ec938), - TOBN(0xb1f0fb68, 0xd84d835d), TOBN(0xc90caf39, 0x861dc1e6), - TOBN(0x12e5b046, 0x7594f8d7), TOBN(0x26897ae2, 0x65012b92), - TOBN(0xbcf68a08, 0xa4d6755d), TOBN(0x403ee41c, 0x0991fbda), - TOBN(0x733e343e, 0x3bbf17e8), TOBN(0xd2c7980d, 0x679b3d65), - TOBN(0x33056232, 0xd2e11305), TOBN(0x966be492, 0xf3c07a6f), - TOBN(0x6a8878ff, 0xbb15509d), TOBN(0xff221101, 0x0a9b59a4), - TOBN(0x6c9f564a, 0xabe30129), TOBN(0xc6f2c940, 0x336e64cf), - TOBN(0x0fe75262, 0x8b0c8022), TOBN(0xbe0267e9, 0x6ae8db87), - TOBN(0x22e192f1, 0x93bc042b), TOBN(0xf085b534, 0xb237c458), - TOBN(0xa0d192bd, 0x832c4168), TOBN(0x7a76e9e3, 0xbdf6271d), - TOBN(0x52a882fa, 0xb88911b5), TOBN(0xc85345e4, 0xb4db0eb5), - TOBN(0xa3be02a6, 0x81a7c3ff), TOBN(0x51889c8c, 0xf0ec0469), - TOBN(0x9d031369, 0xa5e829e5), TOBN(0xcbb4c6fc, 0x1607aa41), - TOBN(0x75ac59a6, 0x241d84c1), TOBN(0xc043f2bf, 0x8829e0ee), - TOBN(0x82a38f75, 0x8ea5e185), TOBN(0x8bda40b9, 0xd87cbd9f), - TOBN(0x9e65e75e, 0x2d8fc601), TOBN(0x3d515f74, 0xa35690b3), - TOBN(0x534acf4f, 0xda79e5ac), TOBN(0x68b83b3a, 0x8630215f), - TOBN(0x5c748b2e, 0xd085756e), TOBN(0xb0317258, 0xe5d37cb2), - TOBN(0x6735841a, 0xc5ccc2c4), TOBN(0x7d7dc96b, 0x3d9d5069), - TOBN(0xa147e410, 0xfd1754bd), TOBN(0x65296e94, 0xd399ddd5), - TOBN(0xf6b5b2d0, 0xbc8fa5bc), TOBN(0x8a5ead67, 0x500c277b), - TOBN(0x214625e6, 0xdfa08a5d), TOBN(0x51fdfedc, 0x959cf047), - TOBN(0x6bc9430b, 0x289fca32), TOBN(0xe36ff0cf, 0x9d9bdc3f), - TOBN(0x2fe187cb, 0x58ea0ede), TOBN(0xed66af20, 0x5a900b3f), - TOBN(0x00e0968b, 0x5fa9f4d6), TOBN(0x2d4066ce, 0x37a362e7), - TOBN(0xa99a9748, 0xbd07e772), TOBN(0x710989c0, 0x06a4f1d0), - TOBN(0xd5dedf35, 0xce40cbd8), TOBN(0xab55c5f0, 0x1743293d), - TOBN(0x766f1144, 0x8aa24e2c), TOBN(0x94d874f8, 0x605fbcb4), - TOBN(0xa365f0e8, 0xa518001b), TOBN(0xee605eb6, 0x9d04ef0f), - TOBN(0x5a3915cd, 0xba8d4d25), TOBN(0x44c0e1b8, 0xb5113472), - TOBN(0xcbb024e8, 0x8b6740dc), TOBN(0x89087a53, 0xee1d4f0c), - TOBN(0xa88fa05c, 0x1fc4e372), TOBN(0x8bf395cb, 0xaf8b3af2), - TOBN(0x1e71c9a1, 0xdeb8568b), TOBN(0xa35daea0, 0x80fb3d32), - TOBN(0xe8b6f266, 0x2cf8fb81), TOBN(0x6d51afe8, 0x9490696a), - TOBN(0x81beac6e, 0x51803a19), TOBN(0xe3d24b7f, 0x86219080), - TOBN(0x727cfd9d, 0xdf6f463c), TOBN(0x8c6865ca, 0x72284ee8), - TOBN(0x32c88b7d, 0xb743f4ef), TOBN(0x3793909b, 0xe7d11dce), - TOBN(0xd398f922, 0x2ff2ebe8), TOBN(0x2c70ca44, 0xe5e49796), - TOBN(0xdf4d9929, 0xcb1131b1), TOBN(0x7826f298, 0x25888e79), - TOBN(0x4d3a112c, 0xf1d8740a), TOBN(0x00384cb6, 0x270afa8b), - TOBN(0xcb64125b, 0x3ab48095), TOBN(0x3451c256, 0x62d05106), - TOBN(0xd73d577d, 0xa4955845), TOBN(0x39570c16, 0xbf9f4433), - TOBN(0xd7dfaad3, 0xadecf263), TOBN(0xf1c3d8d1, 0xdc76e102), - TOBN(0x5e774a58, 0x54c6a836), TOBN(0xdad4b672, 0x3e92d47b), - TOBN(0xbe7e990f, 0xf0d796a0), TOBN(0x5fc62478, 0xdf0e8b02), - TOBN(0x8aae8bf4, 0x030c00ad), TOBN(0x3d2db93b, 0x9004ba0f), - TOBN(0xe48c8a79, 0xd85d5ddc), TOBN(0xe907caa7, 0x6bb07f34), - TOBN(0x58db343a, 0xa39eaed5), TOBN(0x0ea6e007, 0xadaf5724), - TOBN(0xe00df169, 0xd23233f3), TOBN(0x3e322796, 0x77cb637f), - TOBN(0x1f897c0e, 0x1da0cf6c), TOBN(0xa651f5d8, 0x31d6bbdd), - TOBN(0xdd61af19, 0x1a230c76), TOBN(0xbd527272, 0xcdaa5e4a), - TOBN(0xca753636, 0xd0abcd7e), TOBN(0x78bdd37c, 0x370bd8dc), - TOBN(0xc23916c2, 0x17cd93fe), TOBN(0x65b97a4d, 0xdadce6e2), - TOBN(0xe04ed4eb, 0x174e42f8), TOBN(0x1491ccaa, 0xbb21480a), - TOBN(0x145a8280, 0x23196332), TOBN(0x3c3862d7, 0x587b479a), - TOBN(0x9f4a88a3, 0x01dcd0ed), TOBN(0x4da2b7ef, 0x3ea12f1f), - TOBN(0xf8e7ae33, 0xb126e48e), TOBN(0x404a0b32, 0xf494e237), - TOBN(0x9beac474, 0xc55acadb), TOBN(0x4ee5cf3b, 0xcbec9fd9), - TOBN(0x336b33b9, 0x7df3c8c3), TOBN(0xbd905fe3, 0xb76808fd), - TOBN(0x8f436981, 0xaa45c16a), TOBN(0x255c5bfa, 0x3dd27b62), - TOBN(0x71965cbf, 0xc3dd9b4d), TOBN(0xce23edbf, 0xfc068a87), - TOBN(0xb78d4725, 0x745b029b), TOBN(0x74610713, 0xcefdd9bd), - TOBN(0x7116f75f, 0x1266bf52), TOBN(0x02046722, 0x18e49bb6), - TOBN(0xdf43df9f, 0x3d6f19e3), TOBN(0xef1bc7d0, 0xe685cb2f), - TOBN(0xcddb27c1, 0x7078c432), TOBN(0xe1961b9c, 0xb77fedb7), - TOBN(0x1edc2f5c, 0xc2290570), TOBN(0x2c3fefca, 0x19cbd886), - TOBN(0xcf880a36, 0xc2af389a), TOBN(0x96c610fd, 0xbda71cea), - TOBN(0xf03977a9, 0x32aa8463), TOBN(0x8eb7763f, 0x8586d90a), - TOBN(0x3f342454, 0x2a296e77), TOBN(0xc8718683, 0x42837a35), - TOBN(0x7dc71090, 0x6a09c731), TOBN(0x54778ffb, 0x51b816db), - TOBN(0x6b33bfec, 0xaf06defd), TOBN(0xfe3c105f, 0x8592b70b), - TOBN(0xf937fda4, 0x61da6114), TOBN(0x3c13e651, 0x4c266ad7), - TOBN(0xe363a829, 0x855938e8), TOBN(0x2eeb5d9e, 0x9de54b72), - TOBN(0xbeb93b0e, 0x20ccfab9), TOBN(0x3dffbb5f, 0x25e61a25), - TOBN(0x7f655e43, 0x1acc093d), TOBN(0x0cb6cc3d, 0x3964ce61), - TOBN(0x6ab283a1, 0xe5e9b460), TOBN(0x55d787c5, 0xa1c7e72d), - TOBN(0x4d2efd47, 0xdeadbf02), TOBN(0x11e80219, 0xac459068), - TOBN(0x810c7626, 0x71f311f0), TOBN(0xfa17ef8d, 0x4ab6ef53), - TOBN(0xaf47fd25, 0x93e43bff), TOBN(0x5cb5ff3f, 0x0be40632), - TOBN(0x54687106, 0x8ee61da3), TOBN(0x7764196e, 0xb08afd0f), - TOBN(0x831ab3ed, 0xf0290a8f), TOBN(0xcae81966, 0xcb47c387), - TOBN(0xaad7dece, 0x184efb4f), TOBN(0xdcfc53b3, 0x4749110e), - TOBN(0x6698f23c, 0x4cb632f9), TOBN(0xc42a1ad6, 0xb91f8067), - TOBN(0xb116a81d, 0x6284180a), TOBN(0xebedf5f8, 0xe901326f), - TOBN(0xf2274c9f, 0x97e3e044), TOBN(0x42018520, 0x11d09fc9), - TOBN(0x56a65f17, 0xd18e6e23), TOBN(0x2ea61e2a, 0x352b683c), - TOBN(0x27d291bc, 0x575eaa94), TOBN(0x9e7bc721, 0xb8ff522d), - TOBN(0x5f7268bf, 0xa7f04d6f), TOBN(0x5868c73f, 0xaba41748), - TOBN(0x9f85c2db, 0x7be0eead), TOBN(0x511e7842, 0xff719135), - TOBN(0x5a06b1e9, 0xc5ea90d7), TOBN(0x0c19e283, 0x26fab631), - TOBN(0x8af8f0cf, 0xe9206c55), TOBN(0x89389cb4, 0x3553c06a), - TOBN(0x39dbed97, 0xf65f8004), TOBN(0x0621b037, 0xc508991d), - TOBN(0x1c52e635, 0x96e78cc4), TOBN(0x5385c8b2, 0x0c06b4a8), - TOBN(0xd84ddfdb, 0xb0e87d03), TOBN(0xc49dfb66, 0x934bafad), - TOBN(0x7071e170, 0x59f70772), TOBN(0x3a073a84, 0x3a1db56b), - TOBN(0x03494903, 0x3b8af190), TOBN(0x7d882de3, 0xd32920f0), - TOBN(0x91633f0a, 0xb2cf8940), TOBN(0x72b0b178, 0x6f948f51), - TOBN(0x2d28dc30, 0x782653c8), TOBN(0x88829849, 0xdb903a05), - TOBN(0xb8095d0c, 0x6a19d2bb), TOBN(0x4b9e7f0c, 0x86f782cb), - TOBN(0x7af73988, 0x2d907064), TOBN(0xd12be0fe, 0x8b32643c), - TOBN(0x358ed23d, 0x0e165dc3), TOBN(0x3d47ce62, 0x4e2378ce), - TOBN(0x7e2bb0b9, 0xfeb8a087), TOBN(0x3246e8ae, 0xe29e10b9), - TOBN(0x459f4ec7, 0x03ce2b4d), TOBN(0xe9b4ca1b, 0xbbc077cf), - TOBN(0x2613b4f2, 0x0e9940c1), TOBN(0xfc598bb9, 0x047d1eb1), - TOBN(0x9744c62b, 0x45036099), TOBN(0xa9dee742, 0x167c65d8), - TOBN(0x0c511525, 0xdabe1943), TOBN(0xda110554, 0x93c6c624), - TOBN(0xae00a52c, 0x651a3be2), TOBN(0xcda5111d, 0x884449a6), - TOBN(0x063c06f4, 0xff33bed1), TOBN(0x73baaf9a, 0x0d3d76b4), - TOBN(0x52fb0c9d, 0x7fc63668), TOBN(0x6886c9dd, 0x0c039cde), - TOBN(0x602bd599, 0x55b22351), TOBN(0xb00cab02, 0x360c7c13), - TOBN(0x8cb616bc, 0x81b69442), TOBN(0x41486700, 0xb55c3cee), - TOBN(0x71093281, 0xf49ba278), TOBN(0xad956d9c, 0x64a50710), - TOBN(0x9561f28b, 0x638a7e81), TOBN(0x54155cdf, 0x5980ddc3), - TOBN(0xb2db4a96, 0xd26f247a), TOBN(0x9d774e4e, 0x4787d100), - TOBN(0x1a9e6e2e, 0x078637d2), TOBN(0x1c363e2d, 0x5e0ae06a), - TOBN(0x7493483e, 0xe9cfa354), TOBN(0x76843cb3, 0x7f74b98d), - TOBN(0xbaca6591, 0xd4b66947), TOBN(0xb452ce98, 0x04460a8c), - TOBN(0x6830d246, 0x43768f55), TOBN(0xf4197ed8, 0x7dff12df), - TOBN(0x6521b472, 0x400dd0f7), TOBN(0x59f5ca8f, 0x4b1e7093), - TOBN(0x6feff11b, 0x080338ae), TOBN(0x0ada31f6, 0xa29ca3c6), - TOBN(0x24794eb6, 0x94a2c215), TOBN(0xd83a43ab, 0x05a57ab4), - TOBN(0x264a543a, 0x2a6f89fe), TOBN(0x2c2a3868, 0xdd5ec7c2), - TOBN(0xd3373940, 0x8439d9b2), TOBN(0x715ea672, 0x0acd1f11), - TOBN(0x42c1d235, 0xe7e6cc19), TOBN(0x81ce6e96, 0xb990585c), - TOBN(0x04e5dfe0, 0xd809c7bd), TOBN(0xd7b2580c, 0x8f1050ab), - TOBN(0x6d91ad78, 0xd8a4176f), TOBN(0x0af556ee, 0x4e2e897c), - TOBN(0x162a8b73, 0x921de0ac), TOBN(0x52ac9c22, 0x7ea78400), - TOBN(0xee2a4eea, 0xefce2174), TOBN(0xbe61844e, 0x6d637f79), - TOBN(0x0491f1bc, 0x789a283b), TOBN(0x72d3ac3d, 0x880836f4), - TOBN(0xaa1c5ea3, 0x88e5402d), TOBN(0x1b192421, 0xd5cc473d), - TOBN(0x5c0b9998, 0x9dc84cac), TOBN(0xb0a8482d, 0x9c6e75b8), - TOBN(0x639961d0, 0x3a191ce2), TOBN(0xda3bc865, 0x6d837930), - TOBN(0xca990653, 0x056e6f8f), TOBN(0x84861c41, 0x64d133a7), - TOBN(0x8b403276, 0x746abe40), TOBN(0xb7b4d51a, 0xebf8e303), - TOBN(0x05b43211, 0x220a255d), TOBN(0xc997152c, 0x02419e6e), - TOBN(0x76ff47b6, 0x630c2fea), TOBN(0x50518677, 0x281fdade), - TOBN(0x3283b8ba, 0xcf902b0b), TOBN(0x8d4b4eb5, 0x37db303b), - TOBN(0xcc89f42d, 0x755011bc), TOBN(0xb43d74bb, 0xdd09d19b), - TOBN(0x65746bc9, 0x8adba350), TOBN(0x364eaf8c, 0xb51c1927), - TOBN(0x13c76596, 0x10ad72ec), TOBN(0x30045121, 0xf8d40c20), - TOBN(0x6d2d99b7, 0xea7b979b), TOBN(0xcd78cd74, 0xe6fb3bcd), - TOBN(0x11e45a9e, 0x86cffbfe), TOBN(0x78a61cf4, 0x637024f6), - TOBN(0xd06bc872, 0x3d502295), TOBN(0xf1376854, 0x458cb288), - TOBN(0xb9db26a1, 0x342f8586), TOBN(0xf33effcf, 0x4beee09e), - TOBN(0xd7e0c4cd, 0xb30cfb3a), TOBN(0x6d09b8c1, 0x6c9db4c8), - TOBN(0x40ba1a42, 0x07c8d9df), TOBN(0x6fd495f7, 0x1c52c66d), - TOBN(0xfb0e169f, 0x275264da), TOBN(0x80c2b746, 0xe57d8362), - TOBN(0xedd987f7, 0x49ad7222), TOBN(0xfdc229af, 0x4398ec7b),} - , - {TOBN(0xb0d1ed84, 0x52666a58), TOBN(0x4bcb6e00, 0xe6a9c3c2), - TOBN(0x3c57411c, 0x26906408), TOBN(0xcfc20755, 0x13556400), - TOBN(0xa08b1c50, 0x5294dba3), TOBN(0xa30ba286, 0x8b7dd31e), - TOBN(0xd70ba90e, 0x991eca74), TOBN(0x094e142c, 0xe762c2b9), - TOBN(0xb81d783e, 0x979f3925), TOBN(0x1efd130a, 0xaf4c89a7), - TOBN(0x525c2144, 0xfd1bf7fa), TOBN(0x4b296904, 0x1b265a9e), - TOBN(0xed8e9634, 0xb9db65b6), TOBN(0x35c82e32, 0x03599d8a), - TOBN(0xdaa7a54f, 0x403563f3), TOBN(0x9df088ad, 0x022c38ab), - TOBN(0xe5cfb066, 0xbb3fd30a), TOBN(0x429169da, 0xeff0354e), - TOBN(0x809cf852, 0x3524e36c), TOBN(0x136f4fb3, 0x0155be1d), - TOBN(0x4826af01, 0x1fbba712), TOBN(0x6ef0f0b4, 0x506ba1a1), - TOBN(0xd9928b31, 0x77aea73e), TOBN(0xe2bf6af2, 0x5eaa244e), - TOBN(0x8d084f12, 0x4237b64b), TOBN(0x688ebe99, 0xe3ecfd07), - TOBN(0x57b8a70c, 0xf6845dd8), TOBN(0x808fc59c, 0x5da4a325), - TOBN(0xa9032b2b, 0xa3585862), TOBN(0xb66825d5, 0xedf29386), - TOBN(0xb5a5a8db, 0x431ec29b), TOBN(0xbb143a98, 0x3a1e8dc8), - TOBN(0x35ee94ce, 0x12ae381b), TOBN(0x3a7f176c, 0x86ccda90), - TOBN(0xc63a657e, 0x4606eaca), TOBN(0x9ae5a380, 0x43cd04df), - TOBN(0x9bec8d15, 0xed251b46), TOBN(0x1f5d6d30, 0xcaca5e64), - TOBN(0x347b3b35, 0x9ff20f07), TOBN(0x4d65f034, 0xf7e4b286), - TOBN(0x9e93ba24, 0xf111661e), TOBN(0xedced484, 0xb105eb04), - TOBN(0x96dc9ba1, 0xf424b578), TOBN(0xbf8f66b7, 0xe83e9069), - TOBN(0x872d4df4, 0xd7ed8216), TOBN(0xbf07f377, 0x8e2cbecf), - TOBN(0x4281d899, 0x98e73754), TOBN(0xfec85fbb, 0x8aab8708), - TOBN(0x9a3c0dee, 0xa5ba5b0b), TOBN(0xe6a116ce, 0x42d05299), - TOBN(0xae9775fe, 0xe9b02d42), TOBN(0x72b05200, 0xa1545cb6), - TOBN(0xbc506f7d, 0x31a3b4ea), TOBN(0xe5893078, 0x8bbd9b32), - TOBN(0xc8bc5f37, 0xe4b12a97), TOBN(0x6b000c06, 0x4a73b671), - TOBN(0x13b5bf22, 0x765fa7d0), TOBN(0x59805bf0, 0x1d6a5370), - TOBN(0x67a5e29d, 0x4280db98), TOBN(0x4f53916f, 0x776b1ce3), - TOBN(0x714ff61f, 0x33ddf626), TOBN(0x4206238e, 0xa085d103), - TOBN(0x1c50d4b7, 0xe5809ee3), TOBN(0x999f450d, 0x85f8eb1d), - TOBN(0x658a6051, 0xe4c79e9b), TOBN(0x1394cb73, 0xc66a9fea), - TOBN(0x27f31ed5, 0xc6be7b23), TOBN(0xf4c88f36, 0x5aa6f8fe), - TOBN(0x0fb0721f, 0x4aaa499e), TOBN(0x68b3a7d5, 0xe3fb2a6b), - TOBN(0xa788097d, 0x3a92851d), TOBN(0x060e7f8a, 0xe96f4913), - TOBN(0x82eebe73, 0x1a3a93bc), TOBN(0x42bbf465, 0xa21adc1a), - TOBN(0xc10b6fa4, 0xef030efd), TOBN(0x247aa4c7, 0x87b097bb), - TOBN(0x8b8dc632, 0xf60c77da), TOBN(0x6ffbc26a, 0xc223523e), - TOBN(0xa4f6ff11, 0x344579cf), TOBN(0x5825653c, 0x980250f6), - TOBN(0xb2dd097e, 0xbc1aa2b9), TOBN(0x07889393, 0x37a0333a), - TOBN(0x1cf55e71, 0x37a0db38), TOBN(0x2648487f, 0x792c1613), - TOBN(0xdad01336, 0x3fcef261), TOBN(0x6239c81d, 0x0eabf129), - TOBN(0x8ee761de, 0x9d276be2), TOBN(0x406a7a34, 0x1eda6ad3), - TOBN(0x4bf367ba, 0x4a493b31), TOBN(0x54f20a52, 0x9bf7f026), - TOBN(0xb696e062, 0x9795914b), TOBN(0xcddab96d, 0x8bf236ac), - TOBN(0x4ff2c70a, 0xed25ea13), TOBN(0xfa1d09eb, 0x81cbbbe7), - TOBN(0x88fc8c87, 0x468544c5), TOBN(0x847a670d, 0x696b3317), - TOBN(0xf133421e, 0x64bcb626), TOBN(0xaea638c8, 0x26dee0b5), - TOBN(0xd6e7680b, 0xb310346c), TOBN(0xe06f4097, 0xd5d4ced3), - TOBN(0x09961452, 0x7512a30b), TOBN(0xf3d867fd, 0xe589a59a), - TOBN(0x2e73254f, 0x52d0c180), TOBN(0x9063d8a3, 0x333c74ac), - TOBN(0xeda6c595, 0xd314e7bc), TOBN(0x2ee7464b, 0x467899ed), - TOBN(0x1cef423c, 0x0a1ed5d3), TOBN(0x217e76ea, 0x69cc7613), - TOBN(0x27ccce1f, 0xe7cda917), TOBN(0x12d8016b, 0x8a893f16), - TOBN(0xbcd6de84, 0x9fc74f6b), TOBN(0xfa5817e2, 0xf3144e61), - TOBN(0x1f354164, 0x0821ee4c), TOBN(0x1583eab4, 0x0bc61992), - TOBN(0x7490caf6, 0x1d72879f), TOBN(0x998ad9f3, 0xf76ae7b2), - TOBN(0x1e181950, 0xa41157f7), TOBN(0xa9d7e1e6, 0xe8da3a7e), - TOBN(0x963784eb, 0x8426b95f), TOBN(0x0ee4ed6e, 0x542e2a10), - TOBN(0xb79d4cc5, 0xac751e7b), TOBN(0x93f96472, 0xfd4211bd), - TOBN(0x8c72d3d2, 0xc8de4fc6), TOBN(0x7b69cbf5, 0xdf44f064), - TOBN(0x3da90ca2, 0xf4bf94e1), TOBN(0x1a5325f8, 0xf12894e2), - TOBN(0x0a437f6c, 0x7917d60b), TOBN(0x9be70486, 0x96c9cb5d), - TOBN(0xb4d880bf, 0xe1dc5c05), TOBN(0xd738adda, 0xeebeeb57), - TOBN(0x6f0119d3, 0xdf0fe6a3), TOBN(0x5c686e55, 0x66eaaf5a), - TOBN(0x9cb10b50, 0xdfd0b7ec), TOBN(0xbdd0264b, 0x6a497c21), - TOBN(0xfc093514, 0x8c546c96), TOBN(0x58a947fa, 0x79dbf42a), - TOBN(0xc0b48d4e, 0x49ccd6d7), TOBN(0xff8fb02c, 0x88bd5580), - TOBN(0xc75235e9, 0x07d473b2), TOBN(0x4fab1ac5, 0xa2188af3), - TOBN(0x030fa3bc, 0x97576ec0), TOBN(0xe8c946e8, 0x0b7e7d2f), - TOBN(0x40a5c9cc, 0x70305600), TOBN(0x6d8260a9, 0xc8b013b4), - TOBN(0x0368304f, 0x70bba85c), TOBN(0xad090da1, 0xa4a0d311), - TOBN(0x7170e870, 0x2415eec1), TOBN(0xbfba35fe, 0x8461ea47), - TOBN(0x6279019a, 0xc1e91938), TOBN(0xa47638f3, 0x1afc415f), - TOBN(0x36c65cbb, 0xbcba0e0f), TOBN(0x02160efb, 0x034e2c48), - TOBN(0xe6c51073, 0x615cd9e4), TOBN(0x498ec047, 0xf1243c06), - TOBN(0x3e5a8809, 0xb17b3d8c), TOBN(0x5cd99e61, 0x0cc565f1), - TOBN(0x81e312df, 0x7851dafe), TOBN(0xf156f5ba, 0xa79061e2), - TOBN(0x80d62b71, 0x880c590e), TOBN(0xbec9746f, 0x0a39faa1), - TOBN(0x1d98a9c1, 0xc8ed1f7a), TOBN(0x09e43bb5, 0xa81d5ff2), - TOBN(0xd5f00f68, 0x0da0794a), TOBN(0x412050d9, 0x661aa836), - TOBN(0xa89f7c4e, 0x90747e40), TOBN(0x6dc05ebb, 0xb62a3686), - TOBN(0xdf4de847, 0x308e3353), TOBN(0x53868fbb, 0x9fb53bb9), - TOBN(0x2b09d2c3, 0xcfdcf7dd), TOBN(0x41a9fce3, 0x723fcab4), - TOBN(0x73d905f7, 0x07f57ca3), TOBN(0x080f9fb1, 0xac8e1555), - TOBN(0x7c088e84, 0x9ba7a531), TOBN(0x07d35586, 0xed9a147f), - TOBN(0x602846ab, 0xaf48c336), TOBN(0x7320fd32, 0x0ccf0e79), - TOBN(0xaa780798, 0xb18bd1ff), TOBN(0x52c2e300, 0xafdd2905), - TOBN(0xf27ea3d6, 0x434267cd), TOBN(0x8b96d16d, 0x15605b5f), - TOBN(0x7bb31049, 0x4b45706b), TOBN(0xe7f58b8e, 0x743d25f8), - TOBN(0xe9b5e45b, 0x87f30076), TOBN(0xd19448d6, 0x5d053d5a), - TOBN(0x1ecc8cb9, 0xd3210a04), TOBN(0x6bc7d463, 0xdafb5269), - TOBN(0x3e59b10a, 0x67c3489f), TOBN(0x1769788c, 0x65641e1b), - TOBN(0x8a53b82d, 0xbd6cb838), TOBN(0x7066d6e6, 0x236d5f22), - TOBN(0x03aa1c61, 0x6908536e), TOBN(0xc971da0d, 0x66ae9809), - TOBN(0x01b3a86b, 0xc49a2fac), TOBN(0x3b8420c0, 0x3092e77a), - TOBN(0x02057300, 0x7d6fb556), TOBN(0x6941b2a1, 0xbff40a87), - TOBN(0x140b6308, 0x0658ff2a), TOBN(0x87804363, 0x3424ab36), - TOBN(0x0253bd51, 0x5751e299), TOBN(0xc75bcd76, 0x449c3e3a), - TOBN(0x92eb4090, 0x7f8f875d), TOBN(0x9c9d754e, 0x56c26bbf), - TOBN(0x158cea61, 0x8110bbe7), TOBN(0x62a6b802, 0x745f91ea), - TOBN(0xa79c41aa, 0xc6e7394b), TOBN(0x445b6a83, 0xad57ef10), - TOBN(0x0c5277eb, 0x6ea6f40c), TOBN(0x319fe96b, 0x88633365), - TOBN(0x0b0fc61f, 0x385f63cb), TOBN(0x41250c84, 0x22bdd127), - TOBN(0x67d153f1, 0x09e942c2), TOBN(0x60920d08, 0xc021ad5d), - TOBN(0x229f5746, 0x724d81a5), TOBN(0xb7ffb892, 0x5bba3299), - TOBN(0x518c51a1, 0xde413032), TOBN(0x2a9bfe77, 0x3c2fd94c), - TOBN(0xcbcde239, 0x3191f4fd), TOBN(0x43093e16, 0xd3d6ada1), - TOBN(0x184579f3, 0x58769606), TOBN(0x2c94a8b3, 0xd236625c), - TOBN(0x6922b9c0, 0x5c437d8e), TOBN(0x3d4ae423, 0xd8d9f3c8), - TOBN(0xf72c31c1, 0x2e7090a2), TOBN(0x4ac3f5f3, 0xd76a55bd), - TOBN(0x342508fc, 0x6b6af991), TOBN(0x0d527100, 0x1b5cebbd), - TOBN(0xb84740d0, 0xdd440dd7), TOBN(0x748ef841, 0x780162fd), - TOBN(0xa8dbfe0e, 0xdfc6fafb), TOBN(0xeadfdf05, 0xf7300f27), - TOBN(0x7d06555f, 0xfeba4ec9), TOBN(0x12c56f83, 0x9e25fa97), - TOBN(0x77f84203, 0xd39b8c34), TOBN(0xed8b1be6, 0x3125eddb), - TOBN(0x5bbf2441, 0xf6e39dc5), TOBN(0xb00f6ee6, 0x6a5d678a), - TOBN(0xba456ecf, 0x57d0ea99), TOBN(0xdcae0f58, 0x17e06c43), - TOBN(0x01643de4, 0x0f5b4baa), TOBN(0x2c324341, 0xd161b9be), - TOBN(0x80177f55, 0xe126d468), TOBN(0xed325f1f, 0x76748e09), - TOBN(0x6116004a, 0xcfa9bdc2), TOBN(0x2d8607e6, 0x3a9fb468), - TOBN(0x0e573e27, 0x6009d660), TOBN(0x3a525d2e, 0x8d10c5a1), - TOBN(0xd26cb45c, 0x3b9009a0), TOBN(0xb6b0cdc0, 0xde9d7448), - TOBN(0x949c9976, 0xe1337c26), TOBN(0x6faadebd, 0xd73d68e5), - TOBN(0x9e158614, 0xf1b768d9), TOBN(0x22dfa557, 0x9cc4f069), - TOBN(0xccd6da17, 0xbe93c6d6), TOBN(0x24866c61, 0xa504f5b9), - TOBN(0x2121353c, 0x8d694da1), TOBN(0x1c6ca580, 0x0140b8c6), - TOBN(0xc245ad8c, 0xe964021e), TOBN(0xb83bffba, 0x032b82b3), - TOBN(0xfaa220c6, 0x47ef9898), TOBN(0x7e8d3ac6, 0x982c948a), - TOBN(0x1faa2091, 0xbc2d124a), TOBN(0xbd54c3dd, 0x05b15ff4), - TOBN(0x386bf3ab, 0xc87c6fb7), TOBN(0xfb2b0563, 0xfdeb6f66), - TOBN(0x4e77c557, 0x5b45afb4), TOBN(0xe9ded649, 0xefb8912d), - TOBN(0x7ec9bbf5, 0x42f6e557), TOBN(0x2570dfff, 0x62671f00), - TOBN(0x2b3bfb78, 0x88e084bd), TOBN(0xa024b238, 0xf37fe5b4), - TOBN(0x44e7dc04, 0x95649aee), TOBN(0x498ca255, 0x5e7ec1d8), - TOBN(0x3bc766ea, 0xaaa07e86), TOBN(0x0db6facb, 0xf3608586), - TOBN(0xbadd2549, 0xbdc259c8), TOBN(0x95af3c6e, 0x041c649f), - TOBN(0xb36a928c, 0x02e30afb), TOBN(0x9b5356ad, 0x008a88b8), - TOBN(0x4b67a5f1, 0xcf1d9e9d), TOBN(0xc6542e47, 0xa5d8d8ce), - TOBN(0x73061fe8, 0x7adfb6cc), TOBN(0xcc826fd3, 0x98678141), - TOBN(0x00e758b1, 0x3c80515a), TOBN(0x6afe3247, 0x41485083), - TOBN(0x0fcb08b9, 0xb6ae8a75), TOBN(0xb8cf388d, 0x4acf51e1), - TOBN(0x344a5560, 0x6961b9d6), TOBN(0x1a6778b8, 0x6a97fd0c), - TOBN(0xd840fdc1, 0xecc4c7e3), TOBN(0xde9fe47d, 0x16db68cc), - TOBN(0xe95f89de, 0xa3e216aa), TOBN(0x84f1a6a4, 0x9594a8be), - TOBN(0x7ddc7d72, 0x5a7b162b), TOBN(0xc5cfda19, 0xadc817a3), - TOBN(0x80a5d350, 0x78b58d46), TOBN(0x93365b13, 0x82978f19), - TOBN(0x2e44d225, 0x26a1fc90), TOBN(0x0d6d10d2, 0x4d70705d), - TOBN(0xd94b6b10, 0xd70c45f4), TOBN(0x0f201022, 0xb216c079), - TOBN(0xcec966c5, 0x658fde41), TOBN(0xa8d2bc7d, 0x7e27601d), - TOBN(0xbfcce3e1, 0xff230be7), TOBN(0x3394ff6b, 0x0033ffb5), - TOBN(0xd890c509, 0x8132c9af), TOBN(0xaac4b0eb, 0x361e7868), - TOBN(0x5194ded3, 0xe82d15aa), TOBN(0x4550bd2e, 0x23ae6b7d), - TOBN(0x3fda318e, 0xea5399d4), TOBN(0xd989bffa, 0x91638b80), - TOBN(0x5ea124d0, 0xa14aa12d), TOBN(0x1fb1b899, 0x3667b944), - TOBN(0x95ec7969, 0x44c44d6a), TOBN(0x91df144a, 0x57e86137), - TOBN(0x915fd620, 0x73adac44), TOBN(0x8f01732d, 0x59a83801), - TOBN(0xec579d25, 0x3aa0a633), TOBN(0x06de5e7c, 0xc9d6d59c), - TOBN(0xc132f958, 0xb1ef8010), TOBN(0x29476f96, 0xe65c1a02), - TOBN(0x336a77c0, 0xd34c3565), TOBN(0xef1105b2, 0x1b9f1e9e), - TOBN(0x63e6d08b, 0xf9e08002), TOBN(0x9aff2f21, 0xc613809e), - TOBN(0xb5754f85, 0x3a80e75d), TOBN(0xde71853e, 0x6bbda681), - TOBN(0x86f041df, 0x8197fd7a), TOBN(0x8b332e08, 0x127817fa), - TOBN(0x05d99be8, 0xb9c20cda), TOBN(0x89f7aad5, 0xd5cd0c98), - TOBN(0x7ef936fe, 0x5bb94183), TOBN(0x92ca0753, 0xb05cd7f2), - TOBN(0x9d65db11, 0x74a1e035), TOBN(0x02628cc8, 0x13eaea92), - TOBN(0xf2d9e242, 0x49e4fbf2), TOBN(0x94fdfd9b, 0xe384f8b7), - TOBN(0x65f56054, 0x63428c6b), TOBN(0x2f7205b2, 0x90b409a5), - TOBN(0xf778bb78, 0xff45ae11), TOBN(0xa13045be, 0xc5ee53b2), - TOBN(0xe00a14ff, 0x03ef77fe), TOBN(0x689cd59f, 0xffef8bef), - TOBN(0x3578f0ed, 0x1e9ade22), TOBN(0xe99f3ec0, 0x6268b6a8), - TOBN(0xa2057d91, 0xea1b3c3e), TOBN(0x2d1a7053, 0xb8823a4a), - TOBN(0xabbb336a, 0x2cca451e), TOBN(0xcd2466e3, 0x2218bb5d), - TOBN(0x3ac1f42f, 0xc8cb762d), TOBN(0x7e312aae, 0x7690211f), - TOBN(0xebb9bd73, 0x45d07450), TOBN(0x207c4b82, 0x46c2213f), - TOBN(0x99d425c1, 0x375913ec), TOBN(0x94e45e96, 0x67908220), - TOBN(0xc08f3087, 0xcd67dbf6), TOBN(0xa5670fbe, 0xc0887056), - TOBN(0x6717b64a, 0x66f5b8fc), TOBN(0xd5a56aea, 0x786fec28), - TOBN(0xa8c3f55f, 0xc0ff4952), TOBN(0xa77fefae, 0x457ac49b), - TOBN(0x29882d7c, 0x98379d44), TOBN(0xd000bdfb, 0x509edc8a), - TOBN(0xc6f95979, 0xe66fe464), TOBN(0x504a6115, 0xfa61bde0), - TOBN(0x56b3b871, 0xeffea31a), TOBN(0x2d3de26d, 0xf0c21a54), - TOBN(0x21dbff31, 0x834753bf), TOBN(0xe67ecf49, 0x69269d86), - TOBN(0x7a176952, 0x151fe690), TOBN(0x03515804, 0x7f2adb5f), - TOBN(0xee794b15, 0xd1b62a8d), TOBN(0xf004ceec, 0xaae454e6), - TOBN(0x0897ea7c, 0xf0386fac), TOBN(0x3b62ff12, 0xd1fca751), - TOBN(0x154181df, 0x1b7a04ec), TOBN(0x2008e04a, 0xfb5847ec), - TOBN(0xd147148e, 0x41dbd772), TOBN(0x2b419f73, 0x22942654), - TOBN(0x669f30d3, 0xe9c544f7), TOBN(0x52a2c223, 0xc8540149), - TOBN(0x5da9ee14, 0x634dfb02), TOBN(0x5f074ff0, 0xf47869f3), - TOBN(0x74ee878d, 0xa3933acc), TOBN(0xe6510651, 0x4fe35ed1), - TOBN(0xb3eb9482, 0xf1012e7a), TOBN(0x51013cc0, 0xa8a566ae), - TOBN(0xdd5e9243, 0x47c00d3b), TOBN(0x7fde089d, 0x946bb0e5), - TOBN(0x030754fe, 0xc731b4b3), TOBN(0x12a136a4, 0x99fda062), - TOBN(0x7c1064b8, 0x5a1a35bc), TOBN(0xbf1f5763, 0x446c84ef), - TOBN(0xed29a56d, 0xa16d4b34), TOBN(0x7fba9d09, 0xdca21c4f), - TOBN(0x66d7ac00, 0x6d8de486), TOBN(0x60061987, 0x73a2a5e1), - TOBN(0x8b400f86, 0x9da28ff0), TOBN(0x3133f708, 0x43c4599c), - TOBN(0x9911c9b8, 0xee28cb0d), TOBN(0xcd7e2874, 0x8e0af61d), - TOBN(0x5a85f0f2, 0x72ed91fc), TOBN(0x85214f31, 0x9cd4a373), - TOBN(0x881fe5be, 0x1925253c), TOBN(0xd8dc98e0, 0x91e8bc76), - TOBN(0x7120affe, 0x585cc3a2), TOBN(0x724952ed, 0x735bf97a), - TOBN(0x5581e7dc, 0x3eb34581), TOBN(0x5cbff4f2, 0xe52ee57d), - TOBN(0x8d320a0e, 0x87d8cc7b), TOBN(0x9beaa7f3, 0xf1d280d0), - TOBN(0x7a0b9571, 0x9beec704), TOBN(0x9126332e, 0x5b7f0057), - TOBN(0x01fbc1b4, 0x8ed3bd6d), TOBN(0x35bb2c12, 0xd945eb24), - TOBN(0x6404694e, 0x9a8ae255), TOBN(0xb6092eec, 0x8d6abfb3), - TOBN(0x4d76143f, 0xcc058865), TOBN(0x7b0a5af2, 0x6e249922), - TOBN(0x8aef9440, 0x6a50d353), TOBN(0xe11e4bcc, 0x64f0e07a), - TOBN(0x4472993a, 0xa14a90fa), TOBN(0x7706e20c, 0xba0c51d4), - TOBN(0xf403292f, 0x1532672d), TOBN(0x52573bfa, 0x21829382), - TOBN(0x6a7bb6a9, 0x3b5bdb83), TOBN(0x08da65c0, 0xa4a72318), - TOBN(0xc58d22aa, 0x63eb065f), TOBN(0x1717596c, 0x1b15d685), - TOBN(0x112df0d0, 0xb266d88b), TOBN(0xf688ae97, 0x5941945a), - TOBN(0x487386e3, 0x7c292cac), TOBN(0x42f3b50d, 0x57d6985c), - TOBN(0x6da4f998, 0x6a90fc34), TOBN(0xc8f257d3, 0x65ca8a8d), - TOBN(0xc2feabca, 0x6951f762), TOBN(0xe1bc81d0, 0x74c323ac), - TOBN(0x1bc68f67, 0x251a2a12), TOBN(0x10d86587, 0xbe8a70dc), - TOBN(0xd648af7f, 0xf0f84d2e), TOBN(0xf0aa9ebc, 0x6a43ac92), - TOBN(0x69e3be04, 0x27596893), TOBN(0xb6bb02a6, 0x45bf452b), - TOBN(0x0875c11a, 0xf4c698c8), TOBN(0x6652b5c7, 0xbece3794), - TOBN(0x7b3755fd, 0x4f5c0499), TOBN(0x6ea16558, 0xb5532b38), - TOBN(0xd1c69889, 0xa2e96ef7), TOBN(0x9c773c3a, 0x61ed8f48), - TOBN(0x2b653a40, 0x9b323abc), TOBN(0xe26605e1, 0xf0e1d791), - TOBN(0x45d41064, 0x4a87157a), TOBN(0x8f9a78b7, 0xcbbce616), - TOBN(0xcf1e44aa, 0xc407eddd), TOBN(0x81ddd1d8, 0xa35b964f), - TOBN(0x473e339e, 0xfd083999), TOBN(0x6c94bdde, 0x8e796802), - TOBN(0x5a304ada, 0x8545d185), TOBN(0x82ae44ea, 0x738bb8cb), - TOBN(0x628a35e3, 0xdf87e10e), TOBN(0xd3624f3d, 0xa15b9fe3), - TOBN(0xcc44209b, 0x14be4254), TOBN(0x7d0efcbc, 0xbdbc2ea5), - TOBN(0x1f603362, 0x04c37bbe), TOBN(0x21f363f5, 0x56a5852c), - TOBN(0xa1503d1c, 0xa8501550), TOBN(0x2251e0e1, 0xd8ab10bb), - TOBN(0xde129c96, 0x6961c51c), TOBN(0x1f7246a4, 0x81910f68), - TOBN(0x2eb744ee, 0x5f2591f2), TOBN(0x3c47d33f, 0x5e627157), - TOBN(0x4d6d62c9, 0x22f3bd68), TOBN(0x6120a64b, 0xcb8df856), - TOBN(0x3a9ac6c0, 0x7b5d07df), TOBN(0xa92b9558, 0x7ef39783), - TOBN(0xe128a134, 0xab3a9b4f), TOBN(0x41c18807, 0xb1252f05), - TOBN(0xfc7ed089, 0x80ba9b1c), TOBN(0xac8dc6de, 0xc532a9dd), - TOBN(0xbf829cef, 0x55246809), TOBN(0x101b784f, 0x5b4ee80f), - TOBN(0xc09945bb, 0xb6f11603), TOBN(0x57b09dbe, 0x41d2801e), - TOBN(0xfba5202f, 0xa97534a8), TOBN(0x7fd8ae5f, 0xc17b9614), - TOBN(0xa50ba666, 0x78308435), TOBN(0x9572f77c, 0xd3868c4d), - TOBN(0x0cef7bfd, 0x2dd7aab0), TOBN(0xe7958e08, 0x2c7c79ff), - TOBN(0x81262e42, 0x25346689), TOBN(0x716da290, 0xb07c7004), - TOBN(0x35f911ea, 0xb7950ee3), TOBN(0x6fd72969, 0x261d21b5), - TOBN(0x52389803, 0x08b640d3), TOBN(0x5b0026ee, 0x887f12a1), - TOBN(0x20e21660, 0x742e9311), TOBN(0x0ef6d541, 0x5ff77ff7), - TOBN(0x969127f0, 0xf9c41135), TOBN(0xf21d60c9, 0x68a64993), - TOBN(0x656e5d0c, 0xe541875c), TOBN(0xf1e0f84e, 0xa1d3c233), - TOBN(0x9bcca359, 0x06002d60), TOBN(0xbe2da60c, 0x06191552), - TOBN(0x5da8bbae, 0x61181ec3), TOBN(0x9f04b823, 0x65806f19), - TOBN(0xf1604a7d, 0xd4b79bb8), TOBN(0xaee806fb, 0x52c878c8), - TOBN(0x34144f11, 0x8d47b8e8), TOBN(0x72edf52b, 0x949f9054), - TOBN(0xebfca84e, 0x2127015a), TOBN(0x9051d0c0, 0x9cb7cef3), - TOBN(0x86e8fe58, 0x296deec8), TOBN(0x33b28188, 0x41010d74),} - , - {TOBN(0x01079383, 0x171b445f), TOBN(0x9bcf21e3, 0x8131ad4c), - TOBN(0x8cdfe205, 0xc93987e8), TOBN(0xe63f4152, 0xc92e8c8f), - TOBN(0x729462a9, 0x30add43d), TOBN(0x62ebb143, 0xc980f05a), - TOBN(0x4f3954e5, 0x3b06e968), TOBN(0xfe1d75ad, 0x242cf6b1), - TOBN(0x5f95c6c7, 0xaf8685c8), TOBN(0xd4c1c8ce, 0x2f8f01aa), - TOBN(0xc44bbe32, 0x2574692a), TOBN(0xb8003478, 0xd4a4a068), - TOBN(0x7c8fc6e5, 0x2eca3cdb), TOBN(0xea1db16b, 0xec04d399), - TOBN(0xb05bc82e, 0x8f2bc5cf), TOBN(0x763d517f, 0xf44793d2), - TOBN(0x4451c1b8, 0x08bd98d0), TOBN(0x644b1cd4, 0x6575f240), - TOBN(0x6907eb33, 0x7375d270), TOBN(0x56c8bebd, 0xfa2286bd), - TOBN(0xc713d2ac, 0xc4632b46), TOBN(0x17da427a, 0xafd60242), - TOBN(0x313065b7, 0xc95c7546), TOBN(0xf8239898, 0xbf17a3de), - TOBN(0xf3b7963f, 0x4c830320), TOBN(0x842c7aa0, 0x903203e3), - TOBN(0xaf22ca0a, 0xe7327afb), TOBN(0x38e13092, 0x967609b6), - TOBN(0x73b8fb62, 0x757558f1), TOBN(0x3cc3e831, 0xf7eca8c1), - TOBN(0xe4174474, 0xf6331627), TOBN(0xa77989ca, 0xc3c40234), - TOBN(0xe5fd17a1, 0x44a081e0), TOBN(0xd797fb7d, 0xb70e296a), - TOBN(0x2b472b30, 0x481f719c), TOBN(0x0e632a98, 0xfe6f8c52), - TOBN(0x89ccd116, 0xc5f0c284), TOBN(0xf51088af, 0x2d987c62), - TOBN(0x2a2bccda, 0x4c2de6cf), TOBN(0x810f9efe, 0xf679f0f9), - TOBN(0xb0f394b9, 0x7ffe4b3e), TOBN(0x0b691d21, 0xe5fa5d21), - TOBN(0xb0bd7747, 0x9dfbbc75), TOBN(0xd2830fda, 0xfaf78b00), - TOBN(0xf78c249c, 0x52434f57), TOBN(0x4b1f7545, 0x98096dab), - TOBN(0x73bf6f94, 0x8ff8c0b3), TOBN(0x34aef03d, 0x454e134c), - TOBN(0xf8d151f4, 0xb7ac7ec5), TOBN(0xd6ceb95a, 0xe50da7d5), - TOBN(0xa1b492b0, 0xdc3a0eb8), TOBN(0x75157b69, 0xb3dd2863), - TOBN(0xe2c4c74e, 0xc5413d62), TOBN(0xbe329ff7, 0xbc5fc4c7), - TOBN(0x835a2aea, 0x60fa9dda), TOBN(0xf117f5ad, 0x7445cb87), - TOBN(0xae8317f4, 0xb0166f7a), TOBN(0xfbd3e3f7, 0xceec74e6), - TOBN(0xfdb516ac, 0xe0874bfd), TOBN(0x3d846019, 0xc681f3a3), - TOBN(0x0b12ee5c, 0x7c1620b0), TOBN(0xba68b4dd, 0x2b63c501), - TOBN(0xac03cd32, 0x6668c51e), TOBN(0x2a6279f7, 0x4e0bcb5b), - TOBN(0x17bd69b0, 0x6ae85c10), TOBN(0x72946979, 0x1dfdd3a6), - TOBN(0xd9a03268, 0x2c078bec), TOBN(0x41c6a658, 0xbfd68a52), - TOBN(0xcdea1024, 0x0e023900), TOBN(0xbaeec121, 0xb10d144d), - TOBN(0x5a600e74, 0x058ab8dc), TOBN(0x1333af21, 0xbb89ccdd), - TOBN(0xdf25eae0, 0x3aaba1f1), TOBN(0x2cada16e, 0x3b7144cf), - TOBN(0x657ee27d, 0x71ab98bc), TOBN(0x99088b4c, 0x7a6fc96e), - TOBN(0x05d5c0a0, 0x3549dbd4), TOBN(0x42cbdf8f, 0xf158c3ac), - TOBN(0x3fb6b3b0, 0x87edd685), TOBN(0x22071cf6, 0x86f064d0), - TOBN(0xd2d6721f, 0xff2811e5), TOBN(0xdb81b703, 0xfe7fae8c), - TOBN(0x3cfb74ef, 0xd3f1f7bb), TOBN(0x0cdbcd76, 0x16cdeb5d), - TOBN(0x4f39642a, 0x566a808c), TOBN(0x02b74454, 0x340064d6), - TOBN(0xfabbadca, 0x0528fa6f), TOBN(0xe4c3074c, 0xd3fc0bb6), - TOBN(0xb32cb8b0, 0xb796d219), TOBN(0xc3e95f4f, 0x34741dd9), - TOBN(0x87212125, 0x68edf6f5), TOBN(0x7a03aee4, 0xa2b9cb8e), - TOBN(0x0cd3c376, 0xf53a89aa), TOBN(0x0d8af9b1, 0x948a28dc), - TOBN(0xcf86a3f4, 0x902ab04f), TOBN(0x8aacb62a, 0x7f42002d), - TOBN(0x106985eb, 0xf62ffd52), TOBN(0xe670b54e, 0x5797bf10), - TOBN(0x4b405209, 0xc5e30aef), TOBN(0x12c97a20, 0x4365b5e9), - TOBN(0x104646ce, 0x1fe32093), TOBN(0x13cb4ff6, 0x3907a8c9), - TOBN(0x8b9f30d1, 0xd46e726b), TOBN(0xe1985e21, 0xaba0f499), - TOBN(0xc573dea9, 0x10a230cd), TOBN(0x24f46a93, 0xcd30f947), - TOBN(0xf2623fcf, 0xabe2010a), TOBN(0x3f278cb2, 0x73f00e4f), - TOBN(0xed55c67d, 0x50b920eb), TOBN(0xf1cb9a2d, 0x8e760571), - TOBN(0x7c50d109, 0x0895b709), TOBN(0x4207cf07, 0x190d4369), - TOBN(0x3b027e81, 0xc4127fe1), TOBN(0xa9f8b9ad, 0x3ae9c566), - TOBN(0x5ab10851, 0xacbfbba5), TOBN(0xa747d648, 0x569556f5), - TOBN(0xcc172b5c, 0x2ba97bf7), TOBN(0x15e0f77d, 0xbcfa3324), - TOBN(0xa345b797, 0x7686279d), TOBN(0x5a723480, 0xe38003d3), - TOBN(0xfd8e139f, 0x8f5fcda8), TOBN(0xf3e558c4, 0xbdee5bfd), - TOBN(0xd76cbaf4, 0xe33f9f77), TOBN(0x3a4c97a4, 0x71771969), - TOBN(0xda27e84b, 0xf6dce6a7), TOBN(0xff373d96, 0x13e6c2d1), - TOBN(0xf115193c, 0xd759a6e9), TOBN(0x3f9b7025, 0x63d2262c), - TOBN(0xd9764a31, 0x317cd062), TOBN(0x30779d8e, 0x199f8332), - TOBN(0xd8074106, 0x16b11b0b), TOBN(0x7917ab9f, 0x78aeaed8), - TOBN(0xb67a9cbe, 0x28fb1d8e), TOBN(0x2e313563, 0x136eda33), - TOBN(0x010b7069, 0xa371a86c), TOBN(0x44d90fa2, 0x6744e6b7), - TOBN(0x68190867, 0xd6b3e243), TOBN(0x9fe6cd9d, 0x59048c48), - TOBN(0xb900b028, 0x95731538), TOBN(0xa012062f, 0x32cae04f), - TOBN(0x8107c8bc, 0x9399d082), TOBN(0x47e8c54a, 0x41df12e2), - TOBN(0x14ba5117, 0xb6ef3f73), TOBN(0x22260bea, 0x81362f0b), - TOBN(0x90ea261e, 0x1a18cc20), TOBN(0x2192999f, 0x2321d636), - TOBN(0xef64d314, 0xe311b6a0), TOBN(0xd7401e4c, 0x3b54a1f5), - TOBN(0x19019983, 0x6fbca2ba), TOBN(0x46ad3293, 0x8fbffc4b), - TOBN(0xa142d3f6, 0x3786bf40), TOBN(0xeb5cbc26, 0xb67039fc), - TOBN(0x9cb0ae6c, 0x252bd479), TOBN(0x05e0f88a, 0x12b5848f), - TOBN(0x78f6d2b2, 0xa5c97663), TOBN(0x6f6e149b, 0xc162225c), - TOBN(0xe602235c, 0xde601a89), TOBN(0xd17bbe98, 0xf373be1f), - TOBN(0xcaf49a5b, 0xa8471827), TOBN(0x7e1a0a85, 0x18aaa116), - TOBN(0x6c833196, 0x270580c3), TOBN(0x1e233839, 0xf1c98a14), - TOBN(0x67b2f7b4, 0xae34e0a5), TOBN(0x47ac8745, 0xd8ce7289), - TOBN(0x2b74779a, 0x100dd467), TOBN(0x274a4337, 0x4ee50d09), - TOBN(0x603dcf13, 0x83608bc9), TOBN(0xcd9da6c3, 0xc89e8388), - TOBN(0x2660199f, 0x355116ac), TOBN(0xcc38bb59, 0xb6d18eed), - TOBN(0x3075f31f, 0x2f4bc071), TOBN(0x9774457f, 0x265dc57e), - TOBN(0x06a6a9c8, 0xc6db88bb), TOBN(0x6429d07f, 0x4ec98e04), - TOBN(0x8d05e57b, 0x05ecaa8b), TOBN(0x20f140b1, 0x7872ea7b), - TOBN(0xdf8c0f09, 0xca494693), TOBN(0x48d3a020, 0xf252e909), - TOBN(0x4c5c29af, 0x57b14b12), TOBN(0x7e6fa37d, 0xbf47ad1c), - TOBN(0x66e7b506, 0x49a0c938), TOBN(0xb72c0d48, 0x6be5f41f), - TOBN(0x6a6242b8, 0xb2359412), TOBN(0xcd35c774, 0x8e859480), - TOBN(0x12536fea, 0x87baa627), TOBN(0x58c1fec1, 0xf72aa680), - TOBN(0x6c29b637, 0x601e5dc9), TOBN(0x9e3c3c1c, 0xde9e01b9), - TOBN(0xefc8127b, 0x2bcfe0b0), TOBN(0x35107102, 0x2a12f50d), - TOBN(0x6ccd6cb1, 0x4879b397), TOBN(0xf792f804, 0xf8a82f21), - TOBN(0x509d4804, 0xa9b46402), TOBN(0xedddf85d, 0xc10f0850), - TOBN(0x928410dc, 0x4b6208aa), TOBN(0xf6229c46, 0x391012dc), - TOBN(0xc5a7c41e, 0x7727b9b6), TOBN(0x289e4e4b, 0xaa444842), - TOBN(0x049ba1d9, 0xe9a947ea), TOBN(0x44f9e47f, 0x83c8debc), - TOBN(0xfa77a1fe, 0x611f8b8e), TOBN(0xfd2e416a, 0xf518f427), - TOBN(0xc5fffa70, 0x114ebac3), TOBN(0xfe57c4e9, 0x5d89697b), - TOBN(0xfdd053ac, 0xb1aaf613), TOBN(0x31df210f, 0xea585a45), - TOBN(0x318cc10e, 0x24985034), TOBN(0x1a38efd1, 0x5f1d6130), - TOBN(0xbf86f237, 0x0b1e9e21), TOBN(0xb258514d, 0x1dbe88aa), - TOBN(0x1e38a588, 0x90c1baf9), TOBN(0x2936a01e, 0xbdb9b692), - TOBN(0xd576de98, 0x6dd5b20c), TOBN(0xb586bf71, 0x70f98ecf), - TOBN(0xcccf0f12, 0xc42d2fd7), TOBN(0x8717e61c, 0xfb35bd7b), - TOBN(0x8b1e5722, 0x35e6fc06), TOBN(0x3477728f, 0x0b3e13d5), - TOBN(0x150c294d, 0xaa8a7372), TOBN(0xc0291d43, 0x3bfa528a), - TOBN(0xc6c8bc67, 0xcec5a196), TOBN(0xdeeb31e4, 0x5c2e8a7c), - TOBN(0xba93e244, 0xfb6e1c51), TOBN(0xb9f8b71b, 0x2e28e156), - TOBN(0xce65a287, 0x968a2ab9), TOBN(0xe3c5ce69, 0x46bbcb1f), - TOBN(0xf8c835b9, 0xe7ae3f30), TOBN(0x16bbee26, 0xff72b82b), - TOBN(0x665e2017, 0xfd42cd22), TOBN(0x1e139970, 0xf8b1d2a0), - TOBN(0x125cda29, 0x79204932), TOBN(0x7aee94a5, 0x49c3bee5), - TOBN(0x68c70160, 0x89821a66), TOBN(0xf7c37678, 0x8f981669), - TOBN(0xd90829fc, 0x48cc3645), TOBN(0x346af049, 0xd70addfc), - TOBN(0x2057b232, 0x370bf29c), TOBN(0xf90c73ce, 0x42e650ee), - TOBN(0xe03386ea, 0xa126ab90), TOBN(0x0e266e7e, 0x975a087b), - TOBN(0x80578eb9, 0x0fca65d9), TOBN(0x7e2989ea, 0x16af45b8), - TOBN(0x7438212d, 0xcac75a4e), TOBN(0x38c7ca39, 0x4fef36b8), - TOBN(0x8650c494, 0xd402676a), TOBN(0x26ab5a66, 0xf72c7c48), - TOBN(0x4e6cb426, 0xce3a464e), TOBN(0xf8f99896, 0x2b72f841), - TOBN(0x8c318491, 0x1a335cc8), TOBN(0x563459ba, 0x6a5913e4), - TOBN(0x1b920d61, 0xc7b32919), TOBN(0x805ab8b6, 0xa02425ad), - TOBN(0x2ac512da, 0x8d006086), TOBN(0x6ca4846a, 0xbcf5c0fd), - TOBN(0xafea51d8, 0xac2138d7), TOBN(0xcb647545, 0x344cd443), - TOBN(0x0429ee8f, 0xbd7d9040), TOBN(0xee66a2de, 0x819b9c96), - TOBN(0x54f9ec25, 0xdea7d744), TOBN(0x2ffea642, 0x671721bb), - TOBN(0x4f19dbd1, 0x114344ea), TOBN(0x04304536, 0xfd0dbc8b), - TOBN(0x014b50aa, 0x29ec7f91), TOBN(0xb5fc22fe, 0xbb06014d), - TOBN(0x60d963a9, 0x1ee682e0), TOBN(0xdf48abc0, 0xfe85c727), - TOBN(0x0cadba13, 0x2e707c2d), TOBN(0xde608d3a, 0xa645aeff), - TOBN(0x05f1c28b, 0xedafd883), TOBN(0x3c362ede, 0xbd94de1f), - TOBN(0x8dd0629d, 0x13593e41), TOBN(0x0a5e736f, 0x766d6eaf), - TOBN(0xbfa92311, 0xf68cf9d1), TOBN(0xa4f9ef87, 0xc1797556), - TOBN(0x10d75a1f, 0x5601c209), TOBN(0x651c374c, 0x09b07361), - TOBN(0x49950b58, 0x88b5cead), TOBN(0x0ef00058, 0x6fa9dbaa), - TOBN(0xf51ddc26, 0x4e15f33a), TOBN(0x1f8b5ca6, 0x2ef46140), - TOBN(0x343ac0a3, 0xee9523f0), TOBN(0xbb75eab2, 0x975ea978), - TOBN(0x1bccf332, 0x107387f4), TOBN(0x790f9259, 0x9ab0062e), - TOBN(0xf1a363ad, 0x1e4f6a5f), TOBN(0x06e08b84, 0x62519a50), - TOBN(0x60915187, 0x7265f1ee), TOBN(0x6a80ca34, 0x93ae985e), - TOBN(0x81b29768, 0xaaba4864), TOBN(0xb13cabf2, 0x8d52a7d6), - TOBN(0xb5c36348, 0x8ead03f1), TOBN(0xc932ad95, 0x81c7c1c0), - TOBN(0x5452708e, 0xcae1e27b), TOBN(0x9dac4269, 0x1b0df648), - TOBN(0x233e3f0c, 0xdfcdb8bc), TOBN(0xe6ceccdf, 0xec540174), - TOBN(0xbd0d845e, 0x95081181), TOBN(0xcc8a7920, 0x699355d5), - TOBN(0x111c0f6d, 0xc3b375a8), TOBN(0xfd95bc6b, 0xfd51e0dc), - TOBN(0x4a106a26, 0x6888523a), TOBN(0x4d142bd6, 0xcb01a06d), - TOBN(0x79bfd289, 0xadb9b397), TOBN(0x0bdbfb94, 0xe9863914), - TOBN(0x29d8a229, 0x1660f6a6), TOBN(0x7f6abcd6, 0x551c042d), - TOBN(0x13039deb, 0x0ac3ffe8), TOBN(0xa01be628, 0xec8523fb), - TOBN(0x6ea34103, 0x0ca1c328), TOBN(0xc74114bd, 0xb903928e), - TOBN(0x8aa4ff4e, 0x9e9144b0), TOBN(0x7064091f, 0x7f9a4b17), - TOBN(0xa3f4f521, 0xe447f2c4), TOBN(0x81b8da7a, 0x604291f0), - TOBN(0xd680bc46, 0x7d5926de), TOBN(0x84f21fd5, 0x34a1202f), - TOBN(0x1d1e3181, 0x4e9df3d8), TOBN(0x1ca4861a, 0x39ab8d34), - TOBN(0x809ddeec, 0x5b19aa4a), TOBN(0x59f72f7e, 0x4d329366), - TOBN(0xa2f93f41, 0x386d5087), TOBN(0x40bf739c, 0xdd67d64f), - TOBN(0xb4494205, 0x66702158), TOBN(0xc33c65be, 0x73b1e178), - TOBN(0xcdcd657c, 0x38ca6153), TOBN(0x97f4519a, 0xdc791976), - TOBN(0xcc7c7f29, 0xcd6e1f39), TOBN(0x38de9cfb, 0x7e3c3932), - TOBN(0xe448eba3, 0x7b793f85), TOBN(0xe9f8dbf9, 0xf067e914), - TOBN(0xc0390266, 0xf114ae87), TOBN(0x39ed75a7, 0xcd6a8e2a), - TOBN(0xadb14848, 0x7ffba390), TOBN(0x67f8cb8b, 0x6af9bc09), - TOBN(0x322c3848, 0x9c7476db), TOBN(0xa320fecf, 0x52a538d6), - TOBN(0xe0493002, 0xb2aced2b), TOBN(0xdfba1809, 0x616bd430), - TOBN(0x531c4644, 0xc331be70), TOBN(0xbc04d32e, 0x90d2e450), - TOBN(0x1805a0d1, 0x0f9f142d), TOBN(0x2c44a0c5, 0x47ee5a23), - TOBN(0x31875a43, 0x3989b4e3), TOBN(0x6b1949fd, 0x0c063481), - TOBN(0x2dfb9e08, 0xbe0f4492), TOBN(0x3ff0da03, 0xe9d5e517), - TOBN(0x03dbe9a1, 0xf79466a8), TOBN(0x0b87bcd0, 0x15ea9932), - TOBN(0xeb64fc83, 0xab1f58ab), TOBN(0x6d9598da, 0x817edc8a), - TOBN(0x699cff66, 0x1d3b67e5), TOBN(0x645c0f29, 0x92635853), - TOBN(0x253cdd82, 0xeabaf21c), TOBN(0x82b9602a, 0x2241659e), - TOBN(0x2cae07ec, 0x2d9f7091), TOBN(0xbe4c720c, 0x8b48cd9b), - TOBN(0x6ce5bc03, 0x6f08d6c9), TOBN(0x36e8a997, 0xaf10bf40), - TOBN(0x83422d21, 0x3e10ff12), TOBN(0x7b26d3eb, 0xbcc12494), - TOBN(0xb240d2d0, 0xc9469ad6), TOBN(0xc4a11b4d, 0x30afa05b), - TOBN(0x4b604ace, 0xdd6ba286), TOBN(0x18486600, 0x3ee2864c), - TOBN(0x5869d6ba, 0x8d9ce5be), TOBN(0x0d8f68c5, 0xff4bfb0d), - TOBN(0xb69f210b, 0x5700cf73), TOBN(0x61f6653a, 0x6d37c135), - TOBN(0xff3d432b, 0x5aff5a48), TOBN(0x0d81c4b9, 0x72ba3a69), - TOBN(0xee879ae9, 0xfa1899ef), TOBN(0xbac7e2a0, 0x2d6acafd), - TOBN(0xd6d93f6c, 0x1c664399), TOBN(0x4c288de1, 0x5bcb135d), - TOBN(0x83031dab, 0x9dab7cbf), TOBN(0xfe23feb0, 0x3abbf5f0), - TOBN(0x9f1b2466, 0xcdedca85), TOBN(0x140bb710, 0x1a09538c), - TOBN(0xac8ae851, 0x5e11115d), TOBN(0x0d63ff67, 0x6f03f59e), - TOBN(0x755e5551, 0x7d234afb), TOBN(0x61c2db4e, 0x7e208fc1), - TOBN(0xaa9859ce, 0xf28a4b5d), TOBN(0xbdd6d4fc, 0x34af030f), - TOBN(0xd1c4a26d, 0x3be01cb1), TOBN(0x9ba14ffc, 0x243aa07c), - TOBN(0xf95cd3a9, 0xb2503502), TOBN(0xe379bc06, 0x7d2a93ab), - TOBN(0x3efc18e9, 0xd4ca8d68), TOBN(0x083558ec, 0x80bb412a), - TOBN(0xd903b940, 0x9645a968), TOBN(0xa499f0b6, 0x9ba6054f), - TOBN(0x208b573c, 0xb8349abe), TOBN(0x3baab3e5, 0x30b4fc1c), - TOBN(0x87e978ba, 0xcb524990), TOBN(0x3524194e, 0xccdf0e80), - TOBN(0x62711725, 0x7d4bcc42), TOBN(0xe90a3d9b, 0xb90109ba), - TOBN(0x3b1bdd57, 0x1323e1e0), TOBN(0xb78e9bd5, 0x5eae1599), - TOBN(0x0794b746, 0x9e03d278), TOBN(0x80178605, 0xd70e6297), - TOBN(0x171792f8, 0x99c97855), TOBN(0x11b393ee, 0xf5a86b5c), - TOBN(0x48ef6582, 0xd8884f27), TOBN(0xbd44737a, 0xbf19ba5f), - TOBN(0x8698de4c, 0xa42062c6), TOBN(0x8975eb80, 0x61ce9c54), - TOBN(0xd50e57c7, 0xd7fe71f3), TOBN(0x15342190, 0xbc97ce38), - TOBN(0x51bda2de, 0x4df07b63), TOBN(0xba12aeae, 0x200eb87d), - TOBN(0xabe135d2, 0xa9b4f8f6), TOBN(0x04619d65, 0xfad6d99c), - TOBN(0x4a6683a7, 0x7994937c), TOBN(0x7a778c8b, 0x6f94f09a), - TOBN(0x8c508623, 0x20a71b89), TOBN(0x241a2aed, 0x1c229165), - TOBN(0x352be595, 0xaaf83a99), TOBN(0x9fbfee7f, 0x1562bac8), - TOBN(0xeaf658b9, 0x5c4017e3), TOBN(0x1dc7f9e0, 0x15120b86), - TOBN(0xd84f13dd, 0x4c034d6f), TOBN(0x283dd737, 0xeaea3038), - TOBN(0x197f2609, 0xcd85d6a2), TOBN(0x6ebbc345, 0xfae60177), - TOBN(0xb80f031b, 0x4e12fede), TOBN(0xde55d0c2, 0x07a2186b), - TOBN(0x1fb3e37f, 0x24dcdd5a), TOBN(0x8d602da5, 0x7ed191fb), - TOBN(0x108fb056, 0x76023e0d), TOBN(0x70178c71, 0x459c20c0), - TOBN(0xfad5a386, 0x3fe54cf0), TOBN(0xa4a3ec4f, 0x02bbb475), - TOBN(0x1aa5ec20, 0x919d94d7), TOBN(0x5d3b63b5, 0xa81e4ab3), - TOBN(0x7fa733d8, 0x5ad3d2af), TOBN(0xfbc586dd, 0xd1ac7a37), - TOBN(0x282925de, 0x40779614), TOBN(0xfe0ffffb, 0xe74a242a), - TOBN(0x3f39e67f, 0x906151e5), TOBN(0xcea27f5f, 0x55e10649), - TOBN(0xdca1d4e1, 0xc17cf7b7), TOBN(0x0c326d12, 0x2fe2362d), - TOBN(0x05f7ac33, 0x7dd35df3), TOBN(0x0c3b7639, 0xc396dbdf), - TOBN(0x0912f5ac, 0x03b7db1c), TOBN(0x9dea4b70, 0x5c9ed4a9), - TOBN(0x475e6e53, 0xaae3f639), TOBN(0xfaba0e7c, 0xfc278bac), - TOBN(0x16f9e221, 0x9490375f), TOBN(0xaebf9746, 0xa5a7ed0a), - TOBN(0x45f9af3f, 0xf41ad5d6), TOBN(0x03c4623c, 0xb2e99224), - TOBN(0x82c5bb5c, 0xb3cf56aa), TOBN(0x64311819, 0x34567ed3), - TOBN(0xec57f211, 0x8be489ac), TOBN(0x2821895d, 0xb9a1104b), - TOBN(0x610dc875, 0x6064e007), TOBN(0x8e526f3f, 0x5b20d0fe), - TOBN(0x6e71ca77, 0x5b645aee), TOBN(0x3d1dcb9f, 0x800e10ff), - TOBN(0x36b51162, 0x189cf6de), TOBN(0x2c5a3e30, 0x6bb17353), - TOBN(0xc186cd3e, 0x2a6c6fbf), TOBN(0xa74516fa, 0x4bf97906), - TOBN(0x5b4b8f4b, 0x279d6901), TOBN(0x0c4e57b4, 0x2b573743), - TOBN(0x75fdb229, 0xb6e386b6), TOBN(0xb46793fd, 0x99deac27), - TOBN(0xeeec47ea, 0xcf712629), TOBN(0xe965f3c4, 0xcbc3b2dd), - TOBN(0x8dd1fb83, 0x425c6559), TOBN(0x7fc00ee6, 0x0af06fda), - TOBN(0xe98c9225, 0x33d956df), TOBN(0x0f1ef335, 0x4fbdc8a2), - TOBN(0x2abb5145, 0xb79b8ea2), TOBN(0x40fd2945, 0xbdbff288), - TOBN(0x6a814ac4, 0xd7185db7), TOBN(0xc4329d6f, 0xc084609a), - TOBN(0xc9ba7b52, 0xed1be45d), TOBN(0x891dd20d, 0xe4cd2c74), - TOBN(0x5a4d4a7f, 0x824139b1), TOBN(0x66c17716, 0xb873c710), - TOBN(0x5e5bc141, 0x2843c4e0), TOBN(0xd5ac4817, 0xb97eb5bf), - TOBN(0xc0f8af54, 0x450c95c7), TOBN(0xc91b3fa0, 0x318406c5), - TOBN(0x360c340a, 0xab9d97f8), TOBN(0xfb57bd07, 0x90a2d611), - TOBN(0x4339ae3c, 0xa6a6f7e5), TOBN(0x9c1fcd2a, 0x2feb8a10), - TOBN(0x972bcca9, 0xc7ea7432), TOBN(0x1b0b924c, 0x308076f6), - TOBN(0x80b2814a, 0x2a5b4ca5), TOBN(0x2f78f55b, 0x61ef3b29), - TOBN(0xf838744a, 0xc18a414f), TOBN(0xc611eaae, 0x903d0a86), - TOBN(0x94dabc16, 0x2a453f55), TOBN(0xe6f2e3da, 0x14efb279), - TOBN(0x5b7a6017, 0x9320dc3c), TOBN(0x692e382f, 0x8df6b5a4), - TOBN(0x3f5e15e0, 0x2d40fa90), TOBN(0xc87883ae, 0x643dd318), - TOBN(0x511053e4, 0x53544774), TOBN(0x834d0ecc, 0x3adba2bc), - TOBN(0x4215d7f7, 0xbae371f5), TOBN(0xfcfd57bf, 0x6c8663bc), - TOBN(0xded2383d, 0xd6901b1d), TOBN(0x3b49fbb4, 0xb5587dc3), - TOBN(0xfd44a08d, 0x07625f62), TOBN(0x3ee4d65b, 0x9de9b762),} - , - {TOBN(0x64e5137d, 0x0d63d1fa), TOBN(0x658fc052, 0x02a9d89f), - TOBN(0x48894874, 0x50436309), TOBN(0xe9ae30f8, 0xd598da61), - TOBN(0x2ed710d1, 0x818baf91), TOBN(0xe27e9e06, 0x8b6a0c20), - TOBN(0x1e28dcfb, 0x1c1a6b44), TOBN(0x883acb64, 0xd6ac57dc), - TOBN(0x8735728d, 0xc2c6ff70), TOBN(0x79d6122f, 0xc5dc2235), - TOBN(0x23f5d003, 0x19e277f9), TOBN(0x7ee84e25, 0xdded8cc7), - TOBN(0x91a8afb0, 0x63cd880a), TOBN(0x3f3ea7c6, 0x3574af60), - TOBN(0x0cfcdc84, 0x02de7f42), TOBN(0x62d0792f, 0xb31aa152), - TOBN(0x8e1b4e43, 0x8a5807ce), TOBN(0xad283893, 0xe4109a7e), - TOBN(0xc30cc9cb, 0xafd59dda), TOBN(0xf65f36c6, 0x3d8d8093), - TOBN(0xdf31469e, 0xa60d32b2), TOBN(0xee93df4b, 0x3e8191c8), - TOBN(0x9c1017c5, 0x355bdeb5), TOBN(0xd2623185, 0x8616aa28), - TOBN(0xb02c83f9, 0xdec31a21), TOBN(0x988c8b23, 0x6ad9d573), - TOBN(0x53e983ae, 0xa57be365), TOBN(0xe968734d, 0x646f834e), - TOBN(0x9137ea8f, 0x5da6309b), TOBN(0x10f3a624, 0xc1f1ce16), - TOBN(0x782a9ea2, 0xca440921), TOBN(0xdf94739e, 0x5b46f1b5), - TOBN(0x9f9be006, 0xcce85c9b), TOBN(0x360e70d6, 0xa4c7c2d3), - TOBN(0x2cd5beea, 0xaefa1e60), TOBN(0x64cf63c0, 0x8c3d2b6d), - TOBN(0xfb107fa3, 0xe1cf6f90), TOBN(0xb7e937c6, 0xd5e044e6), - TOBN(0x74e8ca78, 0xce34db9f), TOBN(0x4f8b36c1, 0x3e210bd0), - TOBN(0x1df165a4, 0x34a35ea8), TOBN(0x3418e0f7, 0x4d4412f6), - TOBN(0x5af1f8af, 0x518836c3), TOBN(0x42ceef4d, 0x130e1965), - TOBN(0x5560ca0b, 0x543a1957), TOBN(0xc33761e5, 0x886cb123), - TOBN(0x66624b1f, 0xfe98ed30), TOBN(0xf772f4bf, 0x1090997d), - TOBN(0xf4e540bb, 0x4885d410), TOBN(0x7287f810, 0x9ba5f8d7), - TOBN(0x22d0d865, 0xde98dfb1), TOBN(0x49ff51a1, 0xbcfbb8a3), - TOBN(0xb6b6fa53, 0x6bc3012e), TOBN(0x3d31fd72, 0x170d541d), - TOBN(0x8018724f, 0x4b0f4966), TOBN(0x79e7399f, 0x87dbde07), - TOBN(0x56f8410e, 0xf4f8b16a), TOBN(0x97241afe, 0xc47b266a), - TOBN(0x0a406b8e, 0x6d9c87c1), TOBN(0x803f3e02, 0xcd42ab1b), - TOBN(0x7f0309a8, 0x04dbec69), TOBN(0xa83b85f7, 0x3bbad05f), - TOBN(0xc6097273, 0xad8e197f), TOBN(0xc097440e, 0x5067adc1), - TOBN(0x730eafb6, 0x3524ff16), TOBN(0xd7f9b51e, 0x823fc6ce), - TOBN(0x27bd0d32, 0x443e4ac0), TOBN(0x40c59ad9, 0x4d66f217), - TOBN(0x6c33136f, 0x17c387a4), TOBN(0x5043b8d5, 0xeb86804d), - TOBN(0x74970312, 0x675a73c9), TOBN(0x838fdb31, 0xf16669b6), - TOBN(0xc507b6dd, 0x418e7ddd), TOBN(0x39888d93, 0x472f19d6), - TOBN(0x7eae26be, 0x0c27eb4d), TOBN(0x17b53ed3, 0xfbabb884), - TOBN(0xfc27021b, 0x2b01ae4f), TOBN(0x88462e87, 0xcf488682), - TOBN(0xbee096ec, 0x215e2d87), TOBN(0xeb2fea9a, 0xd242e29b), - TOBN(0x5d985b5f, 0xb821fc28), TOBN(0x89d2e197, 0xdc1e2ad2), - TOBN(0x55b566b8, 0x9030ba62), TOBN(0xe3fd41b5, 0x4f41b1c6), - TOBN(0xb738ac2e, 0xb9a96d61), TOBN(0x7f8567ca, 0x369443f4), - TOBN(0x8698622d, 0xf803a440), TOBN(0x2b586236, 0x8fe2f4dc), - TOBN(0xbbcc00c7, 0x56b95bce), TOBN(0x5ec03906, 0x616da680), - TOBN(0x79162ee6, 0x72214252), TOBN(0x43132b63, 0x86a892d2), - TOBN(0x4bdd3ff2, 0x2f3263bf), TOBN(0xd5b3733c, 0x9cd0a142), - TOBN(0x592eaa82, 0x44415ccb), TOBN(0x663e8924, 0x8d5474ea), - TOBN(0x8058a25e, 0x5236344e), TOBN(0x82e8df9d, 0xbda76ee6), - TOBN(0xdcf6efd8, 0x11cc3d22), TOBN(0x00089cda, 0x3b4ab529), - TOBN(0x91d3a071, 0xbd38a3db), TOBN(0x4ea97fc0, 0xef72b925), - TOBN(0x0c9fc15b, 0xea3edf75), TOBN(0x5a6297cd, 0xa4348ed3), - TOBN(0x0d38ab35, 0xce7c42d4), TOBN(0x9fd493ef, 0x82feab10), - TOBN(0x46056b6d, 0x82111b45), TOBN(0xda11dae1, 0x73efc5c3), - TOBN(0xdc740278, 0x5545a7fb), TOBN(0xbdb2601c, 0x40d507e6), - TOBN(0x121dfeeb, 0x7066fa58), TOBN(0x214369a8, 0x39ae8c2a), - TOBN(0x195709cb, 0x06e0956c), TOBN(0x4c9d254f, 0x010cd34b), - TOBN(0xf51e13f7, 0x0471a532), TOBN(0xe19d6791, 0x1e73054d), - TOBN(0xf702a628, 0xdb5c7be3), TOBN(0xc7141218, 0xb24dde05), - TOBN(0xdc18233c, 0xf29b2e2e), TOBN(0x3a6bd1e8, 0x85342dba), - TOBN(0x3f747fa0, 0xb311898c), TOBN(0xe2a272e4, 0xcd0eac65), - TOBN(0x4bba5851, 0xf914d0bc), TOBN(0x7a1a9660, 0xc4a43ee3), - TOBN(0xe5a367ce, 0xa1c8cde9), TOBN(0x9d958ba9, 0x7271abe3), - TOBN(0xf3ff7eb6, 0x3d1615cd), TOBN(0xa2280dce, 0xf5ae20b0), - TOBN(0x56dba5c1, 0xcf640147), TOBN(0xea5a2e3d, 0x5e83d118), - TOBN(0x04cd6b6d, 0xda24c511), TOBN(0x1c0f4671, 0xe854d214), - TOBN(0x91a6b7a9, 0x69565381), TOBN(0xdc966240, 0xdecf1f5b), - TOBN(0x1b22d21c, 0xfcf5d009), TOBN(0x2a05f641, 0x9021dbd5), - TOBN(0x8c0ed566, 0xd4312483), TOBN(0x5179a95d, 0x643e216f), - TOBN(0xcc185fec, 0x17044493), TOBN(0xb3063339, 0x54991a21), - TOBN(0xd801ecdb, 0x0081a726), TOBN(0x0149b0c6, 0x4fa89bbb), - TOBN(0xafe9065a, 0x4391b6b9), TOBN(0xedc92786, 0xd633f3a3), - TOBN(0xe408c24a, 0xae6a8e13), TOBN(0x85833fde, 0x9f3897ab), - TOBN(0x43800e7e, 0xd81a0715), TOBN(0xde08e346, 0xb44ffc5f), - TOBN(0x7094184c, 0xcdeff2e0), TOBN(0x49f9387b, 0x165eaed1), - TOBN(0x635d6129, 0x777c468a), TOBN(0x8c0dcfd1, 0x538c2dd8), - TOBN(0xd6d9d9e3, 0x7a6a308b), TOBN(0x62375830, 0x4c2767d3), - TOBN(0x874a8bc6, 0xf38cbeb6), TOBN(0xd94d3f1a, 0xccb6fd9e), - TOBN(0x92a9735b, 0xba21f248), TOBN(0x272ad0e5, 0x6cd1efb0), - TOBN(0x7437b69c, 0x05b03284), TOBN(0xe7f04702, 0x6948c225), - TOBN(0x8a56c04a, 0xcba2ecec), TOBN(0x0c181270, 0xe3a73e41), - TOBN(0x6cb34e9d, 0x03e93725), TOBN(0xf77c8713, 0x496521a9), - TOBN(0x94569183, 0xfa7f9f90), TOBN(0xf2e7aa4c, 0x8c9707ad), - TOBN(0xced2c9ba, 0x26c1c9a3), TOBN(0x9109fe96, 0x40197507), - TOBN(0x9ae868a9, 0xe9adfe1c), TOBN(0x3984403d, 0x314e39bb), - TOBN(0xb5875720, 0xf2fe378f), TOBN(0x33f901e0, 0xba44a628), - TOBN(0xea1125fe, 0x3652438c), TOBN(0xae9ec4e6, 0x9dd1f20b), - TOBN(0x1e740d9e, 0xbebf7fbd), TOBN(0x6dbd3ddc, 0x42dbe79c), - TOBN(0x62082aec, 0xedd36776), TOBN(0xf612c478, 0xe9859039), - TOBN(0xa493b201, 0x032f7065), TOBN(0xebd4d8f2, 0x4ff9b211), - TOBN(0x3f23a0aa, 0xaac4cb32), TOBN(0xea3aadb7, 0x15ed4005), - TOBN(0xacf17ea4, 0xafa27e63), TOBN(0x56125c1a, 0xc11fd66c), - TOBN(0x266344a4, 0x3794f8dc), TOBN(0xdcca923a, 0x483c5c36), - TOBN(0x2d6b6bbf, 0x3f9d10a0), TOBN(0xb320c5ca, 0x81d9bdf3), - TOBN(0x620e28ff, 0x47b50a95), TOBN(0x933e3b01, 0xcef03371), - TOBN(0xf081bf85, 0x99100153), TOBN(0x183be9a0, 0xc3a8c8d6), - TOBN(0x4e3ddc5a, 0xd6bbe24d), TOBN(0xc6c74630, 0x53843795), - TOBN(0x78193dd7, 0x65ec2d4c), TOBN(0xb8df26cc, 0xcd3c89b2), - TOBN(0x98dbe399, 0x5a483f8d), TOBN(0x72d8a957, 0x7dd3313a), - TOBN(0x65087294, 0xab0bd375), TOBN(0xfcd89248, 0x7c259d16), - TOBN(0x8a9443d7, 0x7613aa81), TOBN(0x80100800, 0x85fe6584), - TOBN(0x70fc4dbc, 0x7fb10288), TOBN(0xf58280d3, 0xe86beee8), - TOBN(0x14fdd82f, 0x7c978c38), TOBN(0xdf1204c1, 0x0de44d7b), - TOBN(0xa08a1c84, 0x4160252f), TOBN(0x591554ca, 0xc17646a5), - TOBN(0x214a37d6, 0xa05bd525), TOBN(0x48d5f09b, 0x07957b3c), - TOBN(0x0247cdcb, 0xd7109bc9), TOBN(0x40f9e4bb, 0x30599ce7), - TOBN(0xc325fa03, 0xf46ad2ec), TOBN(0x00f766cf, 0xc3e3f9ee), - TOBN(0xab556668, 0xd43a4577), TOBN(0x68d30a61, 0x3ee03b93), - TOBN(0x7ddc81ea, 0x77b46a08), TOBN(0xcf5a6477, 0xc7480699), - TOBN(0x43a8cb34, 0x6633f683), TOBN(0x1b867e6b, 0x92363c60), - TOBN(0x43921114, 0x1f60558e), TOBN(0xcdbcdd63, 0x2f41450e), - TOBN(0x7fc04601, 0xcc630e8b), TOBN(0xea7c66d5, 0x97038b43), - TOBN(0x7259b8a5, 0x04e99fd8), TOBN(0x98a8dd12, 0x4785549a), - TOBN(0x0e459a7c, 0x840552e1), TOBN(0xcdfcf4d0, 0x4bb0909e), - TOBN(0x34a86db2, 0x53758da7), TOBN(0xe643bb83, 0xeac997e1), - TOBN(0x96400bd7, 0x530c5b7e), TOBN(0x9f97af87, 0xb41c8b52), - TOBN(0x34fc8820, 0xfbeee3f9), TOBN(0x93e53490, 0x49091afd), - TOBN(0x764b9be5, 0x9a31f35c), TOBN(0x71f37864, 0x57e3d924), - TOBN(0x02fb34e0, 0x943aa75e), TOBN(0xa18c9c58, 0xab8ff6e4), - TOBN(0x080f31b1, 0x33cf0d19), TOBN(0x5c9682db, 0x083518a7), - TOBN(0x873d4ca6, 0xb709c3de), TOBN(0x64a84262, 0x3575b8f0), - TOBN(0x6275da1f, 0x020154bb), TOBN(0x97678caa, 0xd17cf1ab), - TOBN(0x8779795f, 0x951a95c3), TOBN(0xdd35b163, 0x50fccc08), - TOBN(0x32709627, 0x33d8f031), TOBN(0x3c5ab10a, 0x498dd85c), - TOBN(0xb6c185c3, 0x41dca566), TOBN(0x7de7feda, 0xd8622aa3), - TOBN(0x99e84d92, 0x901b6dfb), TOBN(0x30a02b0e, 0x7c4ad288), - TOBN(0xc7c81daa, 0x2fd3cf36), TOBN(0xd1319547, 0xdf89e59f), - TOBN(0xb2be8184, 0xcd496733), TOBN(0xd5f449eb, 0x93d3412b), - TOBN(0x7ea41b1b, 0x25fe531d), TOBN(0xf9797432, 0x6a1d5646), - TOBN(0x86067f72, 0x2bde501a), TOBN(0xf91481c0, 0x0c85e89c), - TOBN(0xca8ee465, 0xf8b05bc6), TOBN(0x1844e1cf, 0x02e83cda), - TOBN(0xca82114a, 0xb4dbe33b), TOBN(0x0f9f8769, 0x4eabfde2), - TOBN(0x4936b1c0, 0x38b27fe2), TOBN(0x63b6359b, 0xaba402df), - TOBN(0x40c0ea2f, 0x656bdbab), TOBN(0x9c992a89, 0x6580c39c), - TOBN(0x600e8f15, 0x2a60aed1), TOBN(0xeb089ca4, 0xe0bf49df), - TOBN(0x9c233d7d, 0x2d42d99a), TOBN(0x648d3f95, 0x4c6bc2fa), - TOBN(0xdcc383a8, 0xe1add3f3), TOBN(0xf42c0c6a, 0x4f64a348), - TOBN(0x2abd176f, 0x0030dbdb), TOBN(0x4de501a3, 0x7d6c215e), - TOBN(0x4a107c1f, 0x4b9a64bc), TOBN(0xa77f0ad3, 0x2496cd59), - TOBN(0xfb78ac62, 0x7688dffb), TOBN(0x7025a2ca, 0x67937d8e), - TOBN(0xfde8b2d1, 0xd1a8f4e7), TOBN(0xf5b3da47, 0x7354927c), - TOBN(0xe48606a3, 0xd9205735), TOBN(0xac477cc6, 0xe177b917), - TOBN(0xfb1f73d2, 0xa883239a), TOBN(0xe12572f6, 0xcc8b8357), - TOBN(0x9d355e9c, 0xfb1f4f86), TOBN(0x89b795f8, 0xd9f3ec6e), - TOBN(0x27be56f1, 0xb54398dc), TOBN(0x1890efd7, 0x3fedeed5), - TOBN(0x62f77f1f, 0x9c6d0140), TOBN(0x7ef0e314, 0x596f0ee4), - TOBN(0x50ca6631, 0xcc61dab3), TOBN(0x4a39801d, 0xf4866e4f), - TOBN(0x66c8d032, 0xae363b39), TOBN(0x22c591e5, 0x2ead66aa), - TOBN(0x954ba308, 0xde02a53e), TOBN(0x2a6c060f, 0xd389f357), - TOBN(0xe6cfcde8, 0xfbf40b66), TOBN(0x8e02fc56, 0xc6340ce1), - TOBN(0xe4957795, 0x73adb4ba), TOBN(0x7b86122c, 0xa7b03805), - TOBN(0x63f83512, 0x0c8e6fa6), TOBN(0x83660ea0, 0x057d7804), - TOBN(0xbad79105, 0x21ba473c), TOBN(0xb6c50bee, 0xded5389d), - TOBN(0xee2caf4d, 0xaa7c9bc0), TOBN(0xd97b8de4, 0x8c4e98a7), - TOBN(0xa9f63e70, 0xab3bbddb), TOBN(0x3898aabf, 0x2597815a), - TOBN(0x7659af89, 0xac15b3d9), TOBN(0xedf7725b, 0x703ce784), - TOBN(0x25470fab, 0xe085116b), TOBN(0x04a43375, 0x87285310), - TOBN(0x4e39187e, 0xe2bfd52f), TOBN(0x36166b44, 0x7d9ebc74), - TOBN(0x92ad433c, 0xfd4b322c), TOBN(0x726aa817, 0xba79ab51), - TOBN(0xf96eacd8, 0xc1db15eb), TOBN(0xfaf71e91, 0x0476be63), - TOBN(0xdd69a640, 0x641fad98), TOBN(0xb7995918, 0x29622559), - TOBN(0x03c6daa5, 0xde4199dc), TOBN(0x92cadc97, 0xad545eb4), - TOBN(0x1028238b, 0x256534e4), TOBN(0x73e80ce6, 0x8595409a), - TOBN(0x690d4c66, 0xd05dc59b), TOBN(0xc95f7b8f, 0x981dee80), - TOBN(0xf4337014, 0xd856ac25), TOBN(0x441bd9dd, 0xac524dca), - TOBN(0x640b3d85, 0x5f0499f5), TOBN(0x39cf84a9, 0xd5fda182), - TOBN(0x04e7b055, 0xb2aa95a0), TOBN(0x29e33f0a, 0x0ddf1860), - TOBN(0x082e74b5, 0x423f6b43), TOBN(0x217edeb9, 0x0aaa2b0f), - TOBN(0x58b83f35, 0x83cbea55), TOBN(0xc485ee4d, 0xbc185d70), - TOBN(0x833ff03b, 0x1e5f6992), TOBN(0xb5b9b9cc, 0xcf0c0dd5), - TOBN(0x7caaee8e, 0x4e9e8a50), TOBN(0x462e907b, 0x6269dafd), - TOBN(0x6ed5cee9, 0xfbe791c6), TOBN(0x68ca3259, 0xed430790), - TOBN(0x2b72bdf2, 0x13b5ba88), TOBN(0x60294c8a, 0x35ef0ac4), - TOBN(0x9c3230ed, 0x19b99b08), TOBN(0x560fff17, 0x6c2589aa), - TOBN(0x552b8487, 0xd6770374), TOBN(0xa373202d, 0x9a56f685), - TOBN(0xd3e7f907, 0x45f175d9), TOBN(0x3c2f315f, 0xd080d810), - TOBN(0x1130e9dd, 0x7b9520e8), TOBN(0xc078f9e2, 0x0af037b5), - TOBN(0x38cd2ec7, 0x1e9c104c), TOBN(0x0f684368, 0xc472fe92), - TOBN(0xd3f1b5ed, 0x6247e7ef), TOBN(0xb32d33a9, 0x396dfe21), - TOBN(0x46f59cf4, 0x4a9aa2c2), TOBN(0x69cd5168, 0xff0f7e41), - TOBN(0x3f59da0f, 0x4b3234da), TOBN(0xcf0b0235, 0xb4579ebe), - TOBN(0x6d1cbb25, 0x6d2476c7), TOBN(0x4f0837e6, 0x9dc30f08), - TOBN(0x9a4075bb, 0x906f6e98), TOBN(0x253bb434, 0xc761e7d1), - TOBN(0xde2e645f, 0x6e73af10), TOBN(0xb89a4060, 0x0c5f131c), - TOBN(0xd12840c5, 0xb8cc037f), TOBN(0x3d093a5b, 0x7405bb47), - TOBN(0x6202c253, 0x206348b8), TOBN(0xbf5d57fc, 0xc55a3ca7), - TOBN(0x89f6c90c, 0x8c3bef48), TOBN(0x23ac7623, 0x5a0a960a), - TOBN(0xdfbd3d6b, 0x552b42ab), TOBN(0x3ef22458, 0x132061f6), - TOBN(0xd74e9bda, 0xc97e6516), TOBN(0x88779360, 0xc230f49e), - TOBN(0xa6ec1de3, 0x1e74ea49), TOBN(0x581dcee5, 0x3fb645a2), - TOBN(0xbaef2391, 0x8f483f14), TOBN(0x6d2dddfc, 0xd137d13b), - TOBN(0x54cde50e, 0xd2743a42), TOBN(0x89a34fc5, 0xe4d97e67), - TOBN(0x13f1f5b3, 0x12e08ce5), TOBN(0xa80540b8, 0xa7f0b2ca), - TOBN(0x854bcf77, 0x01982805), TOBN(0xb8653ffd, 0x233bea04), - TOBN(0x8e7b8787, 0x02b0b4c9), TOBN(0x2675261f, 0x9acb170a), - TOBN(0x061a9d90, 0x930c14e5), TOBN(0xb59b30e0, 0xdef0abea), - TOBN(0x1dc19ea6, 0x0200ec7d), TOBN(0xb6f4a3f9, 0x0bce132b), - TOBN(0xb8d5de90, 0xf13e27e0), TOBN(0xbaee5ef0, 0x1fade16f), - TOBN(0x6f406aaa, 0xe4c6cf38), TOBN(0xab4cfe06, 0xd1369815), - TOBN(0x0dcffe87, 0xefd550c6), TOBN(0x9d4f59c7, 0x75ff7d39), - TOBN(0xb02553b1, 0x51deb6ad), TOBN(0x812399a4, 0xb1877749), - TOBN(0xce90f71f, 0xca6006e1), TOBN(0xc32363a6, 0xb02b6e77), - TOBN(0x02284fbe, 0xdc36c64d), TOBN(0x86c81e31, 0xa7e1ae61), - TOBN(0x2576c7e5, 0xb909d94a), TOBN(0x8b6f7d02, 0x818b2bb0), - TOBN(0xeca3ed07, 0x56faa38a), TOBN(0xa3790e6c, 0x9305bb54), - TOBN(0xd784eeda, 0x7bc73061), TOBN(0xbd56d369, 0x6dd50614), - TOBN(0xd6575949, 0x229a8aa9), TOBN(0xdcca8f47, 0x4595ec28), - TOBN(0x814305c1, 0x06ab4fe6), TOBN(0xc8c39768, 0x24f43f16), - TOBN(0xe2a45f36, 0x523f2b36), TOBN(0x995c6493, 0x920d93bb), - TOBN(0xf8afdab7, 0x90f1632b), TOBN(0x79ebbecd, 0x1c295954), - TOBN(0xc7bb3ddb, 0x79592f48), TOBN(0x67216a7b, 0x5f88e998), - TOBN(0xd91f098b, 0xbc01193e), TOBN(0xf7d928a5, 0xb1db83fc), - TOBN(0x55e38417, 0xe991f600), TOBN(0x2a91113e, 0x2981a934), - TOBN(0xcbc9d648, 0x06b13bde), TOBN(0xb011b6ac, 0x0755ff44), - TOBN(0x6f4cb518, 0x045ec613), TOBN(0x522d2d31, 0xc2f5930a), - TOBN(0x5acae1af, 0x382e65de), TOBN(0x57643067, 0x27bc966f), - TOBN(0x5e12705d, 0x1c7193f0), TOBN(0xf0f32f47, 0x3be8858e), - TOBN(0x785c3d7d, 0x96c6dfc7), TOBN(0xd75b4a20, 0xbf31795d), - TOBN(0x91acf17b, 0x342659d4), TOBN(0xe596ea34, 0x44f0378f), - TOBN(0x4515708f, 0xce52129d), TOBN(0x17387e1e, 0x79f2f585), - TOBN(0x72cfd2e9, 0x49dee168), TOBN(0x1ae05223, 0x3e2af239), - TOBN(0x009e75be, 0x1d94066a), TOBN(0x6cca31c7, 0x38abf413), - TOBN(0xb50bd61d, 0x9bc49908), TOBN(0x4a9b4a8c, 0xf5e2bc1e), - TOBN(0xeb6cc5f7, 0x946f83ac), TOBN(0x27da93fc, 0xebffab28), - TOBN(0xea314c96, 0x4821c8c5), TOBN(0x8de49ded, 0xa83c15f4), - TOBN(0x7a64cf20, 0x7af33004), TOBN(0x45f1bfeb, 0xc9627e10), - TOBN(0x878b0626, 0x54b9df60), TOBN(0x5e4fdc3c, 0xa95c0b33), - TOBN(0xe54a37ca, 0xc2035d8e), TOBN(0x9087cda9, 0x80f20b8c), - TOBN(0x36f61c23, 0x8319ade4), TOBN(0x766f287a, 0xde8cfdf8), - TOBN(0x48821948, 0x346f3705), TOBN(0x49a7b853, 0x16e4f4a2), - TOBN(0xb9b3f8a7, 0x5cedadfd), TOBN(0x8f562815, 0x8db2a815), - TOBN(0xc0b7d554, 0x01f68f95), TOBN(0x12971e27, 0x688a208e), - TOBN(0xc9f8b696, 0xd0ff34fc), TOBN(0x20824de2, 0x1222718c), - TOBN(0x7213cf9f, 0x0c95284d), TOBN(0xe2ad741b, 0xdc158240), - TOBN(0x0ee3a6df, 0x54043ccf), TOBN(0x16ff479b, 0xd84412b3), - TOBN(0xf6c74ee0, 0xdfc98af0), TOBN(0xa78a169f, 0x52fcd2fb), - TOBN(0xd8ae8746, 0x99c930e9), TOBN(0x1d33e858, 0x49e117a5), - TOBN(0x7581fcb4, 0x6624759f), TOBN(0xde50644f, 0x5bedc01d), - TOBN(0xbeec5d00, 0xcaf3155e), TOBN(0x672d66ac, 0xbc73e75f), - TOBN(0x86b9d8c6, 0x270b01db), TOBN(0xd249ef83, 0x50f55b79), - TOBN(0x6131d6d4, 0x73978fe3), TOBN(0xcc4e4542, 0x754b00a1), - TOBN(0x4e05df05, 0x57dfcfe9), TOBN(0x94b29cdd, 0x51ef6bf0), - TOBN(0xe4530cff, 0x9bc7edf2), TOBN(0x8ac236fd, 0xd3da65f3), - TOBN(0x0faf7d5f, 0xc8eb0b48), TOBN(0x4d2de14c, 0x660eb039), - TOBN(0xc006bba7, 0x60430e54), TOBN(0x10a2d0d6, 0xda3289ab), - TOBN(0x9c037a5d, 0xd7979c59), TOBN(0x04d1f3d3, 0xa116d944), - TOBN(0x9ff22473, 0x8a0983cd), TOBN(0x28e25b38, 0xc883cabb), - TOBN(0xe968dba5, 0x47a58995), TOBN(0x2c80b505, 0x774eebdf), - TOBN(0xee763b71, 0x4a953beb), TOBN(0x502e223f, 0x1642e7f6), - TOBN(0x6fe4b641, 0x61d5e722), TOBN(0x9d37c5b0, 0xdbef5316), - TOBN(0x0115ed70, 0xf8330bc7), TOBN(0x139850e6, 0x75a72789), - TOBN(0x27d7faec, 0xffceccc2), TOBN(0x3016a860, 0x4fd9f7f6), - TOBN(0xc492ec64, 0x4cd8f64c), TOBN(0x58a2d790, 0x279d7b51), - TOBN(0x0ced1fc5, 0x1fc75256), TOBN(0x3e658aed, 0x8f433017), - TOBN(0x0b61942e, 0x05da59eb), TOBN(0xba3d60a3, 0x0ddc3722), - TOBN(0x7c311cd1, 0x742e7f87), TOBN(0x6473ffee, 0xf6b01b6e),} - , - {TOBN(0x8303604f, 0x692ac542), TOBN(0xf079ffe1, 0x227b91d3), - TOBN(0x19f63e63, 0x15aaf9bd), TOBN(0xf99ee565, 0xf1f344fb), - TOBN(0x8a1d661f, 0xd6219199), TOBN(0x8c883bc6, 0xd48ce41c), - TOBN(0x1065118f, 0x3c74d904), TOBN(0x713889ee, 0x0faf8b1b), - TOBN(0x972b3f8f, 0x81a1b3be), TOBN(0x4f3ce145, 0xce2764a0), - TOBN(0xe2d0f1cc, 0x28c4f5f7), TOBN(0xdeee0c0d, 0xc7f3985b), - TOBN(0x7df4adc0, 0xd39e25c3), TOBN(0x40619820, 0xc467a080), - TOBN(0x440ebc93, 0x61cf5a58), TOBN(0x527729a6, 0x422ad600), - TOBN(0xca6c0937, 0xb1b76ba6), TOBN(0x1a2eab85, 0x4d2026dc), - TOBN(0xb1715e15, 0x19d9ae0a), TOBN(0xf1ad9199, 0xbac4a026), - TOBN(0x35b3dfb8, 0x07ea7b0e), TOBN(0xedf5496f, 0x3ed9eb89), - TOBN(0x8932e5ff, 0x2d6d08ab), TOBN(0xf314874e, 0x25bd2731), - TOBN(0xefb26a75, 0x3f73f449), TOBN(0x1d1c94f8, 0x8d44fc79), - TOBN(0x49f0fbc5, 0x3bc0dc4d), TOBN(0xb747ea0b, 0x3698a0d0), - TOBN(0x5218c3fe, 0x228d291e), TOBN(0x35b804b5, 0x43c129d6), - TOBN(0xfac859b8, 0xd1acc516), TOBN(0x6c10697d, 0x95d6e668), - TOBN(0xc38e438f, 0x0876fd4e), TOBN(0x45f0c307, 0x83d2f383), - TOBN(0x203cc2ec, 0xb10934cb), TOBN(0x6a8f2439, 0x2c9d46ee), - TOBN(0xf16b431b, 0x65ccde7b), TOBN(0x41e2cd18, 0x27e76a6f), - TOBN(0xb9c8cf8f, 0x4e3484d7), TOBN(0x64426efd, 0x8315244a), - TOBN(0x1c0a8e44, 0xfc94dea3), TOBN(0x34c8cdbf, 0xdad6a0b0), - TOBN(0x919c3840, 0x04113cef), TOBN(0xfd32fba4, 0x15490ffa), - TOBN(0x58d190f6, 0x795dcfb7), TOBN(0xfef01b03, 0x83588baf), - TOBN(0x9e6d1d63, 0xca1fc1c0), TOBN(0x53173f96, 0xf0a41ac9), - TOBN(0x2b1d402a, 0xba16f73b), TOBN(0x2fb31014, 0x8cf9b9fc), - TOBN(0x2d51e60e, 0x446ef7bf), TOBN(0xc731021b, 0xb91e1745), - TOBN(0x9d3b4724, 0x4fee99d4), TOBN(0x4bca48b6, 0xfac5c1ea), - TOBN(0x70f5f514, 0xbbea9af7), TOBN(0x751f55a5, 0x974c283a), - TOBN(0x6e30251a, 0xcb452fdb), TOBN(0x31ee6965, 0x50f30650), - TOBN(0xb0b3e508, 0x933548d9), TOBN(0xb8949a4f, 0xf4b0ef5b), - TOBN(0x208b8326, 0x3c88f3bd), TOBN(0xab147c30, 0xdb1d9989), - TOBN(0xed6515fd, 0x44d4df03), TOBN(0x17a12f75, 0xe72eb0c5), - TOBN(0x3b59796d, 0x36cf69db), TOBN(0x1219eee9, 0x56670c18), - TOBN(0xfe3341f7, 0x7a070d8e), TOBN(0x9b70130b, 0xa327f90c), - TOBN(0x36a32462, 0x0ae18e0e), TOBN(0x2021a623, 0x46c0a638), - TOBN(0x251b5817, 0xc62eb0d4), TOBN(0x87bfbcdf, 0x4c762293), - TOBN(0xf78ab505, 0xcdd61d64), TOBN(0x8c7a53fc, 0xc8c18857), - TOBN(0xa653ce6f, 0x16147515), TOBN(0x9c923aa5, 0xea7d52d5), - TOBN(0xc24709cb, 0x5c18871f), TOBN(0x7d53bec8, 0x73b3cc74), - TOBN(0x59264aff, 0xfdd1d4c4), TOBN(0x5555917e, 0x240da582), - TOBN(0xcae8bbda, 0x548f5a0e), TOBN(0x1910eaba, 0x3bbfbbe1), - TOBN(0xae579685, 0x7677afc3), TOBN(0x49ea61f1, 0x73ff0b5c), - TOBN(0x78655478, 0x4f7c3922), TOBN(0x95d337cd, 0x20c68eef), - TOBN(0x68f1e1e5, 0xdf779ab9), TOBN(0x14b491b0, 0xb5cf69a8), - TOBN(0x7a6cbbe0, 0x28e3fe89), TOBN(0xe7e1fee4, 0xc5aac0eb), - TOBN(0x7f47eda5, 0x697e5140), TOBN(0x4f450137, 0xb454921f), - TOBN(0xdb625f84, 0x95cd8185), TOBN(0x74be0ba1, 0xcdb2e583), - TOBN(0xaee4fd7c, 0xdd5e6de4), TOBN(0x4251437d, 0xe8101739), - TOBN(0x686d72a0, 0xac620366), TOBN(0x4be3fb9c, 0xb6d59344), - TOBN(0x6e8b44e7, 0xa1eb75b9), TOBN(0x84e39da3, 0x91a5c10c), - TOBN(0x37cc1490, 0xb38f0409), TOBN(0x02951943, 0x2c2ade82), - TOBN(0x9b688783, 0x1190a2d8), TOBN(0x25627d14, 0x231182ba), - TOBN(0x6eb550aa, 0x658a6d87), TOBN(0x1405aaa7, 0xcf9c7325), - TOBN(0xd147142e, 0x5c8748c9), TOBN(0x7f637e4f, 0x53ede0e0), - TOBN(0xf8ca2776, 0x14ffad2c), TOBN(0xe58fb1bd, 0xbafb6791), - TOBN(0x17158c23, 0xbf8f93fc), TOBN(0x7f15b373, 0x0a4a4655), - TOBN(0x39d4add2, 0xd842ca72), TOBN(0xa71e4391, 0x3ed96305), - TOBN(0x5bb09cbe, 0x6700be14), TOBN(0x68d69d54, 0xd8befcf6), - TOBN(0xa45f5367, 0x37183bcf), TOBN(0x7152b7bb, 0x3370dff7), - TOBN(0xcf887baa, 0xbf12525b), TOBN(0xe7ac7bdd, 0xd6d1e3cd), - TOBN(0x25914f78, 0x81fdad90), TOBN(0xcf638f56, 0x0d2cf6ab), - TOBN(0xb90bc03f, 0xcc054de5), TOBN(0x932811a7, 0x18b06350), - TOBN(0x2f00b330, 0x9bbd11ff), TOBN(0x76108a6f, 0xb4044974), - TOBN(0x801bb9e0, 0xa851d266), TOBN(0x0dd099be, 0xbf8990c1), - TOBN(0x58c5aaaa, 0xabe32986), TOBN(0x0fe9dd2a, 0x50d59c27), - TOBN(0x84951ff4, 0x8d307305), TOBN(0x6c23f829, 0x86529b78), - TOBN(0x50bb2218, 0x0b136a79), TOBN(0x7e2174de, 0x77a20996), - TOBN(0x6f00a4b9, 0xc0bb4da6), TOBN(0x89a25a17, 0xefdde8da), - TOBN(0xf728a27e, 0xc11ee01d), TOBN(0xf900553a, 0xe5f10dfb), - TOBN(0x189a83c8, 0x02ec893c), TOBN(0x3ca5bdc1, 0x23f66d77), - TOBN(0x98781537, 0x97eada9f), TOBN(0x59c50ab3, 0x10256230), - TOBN(0x346042d9, 0x323c69b3), TOBN(0x1b715a6d, 0x2c460449), - TOBN(0xa41dd476, 0x6ae06e0b), TOBN(0xcdd7888e, 0x9d42e25f), - TOBN(0x0f395f74, 0x56b25a20), TOBN(0xeadfe0ae, 0x8700e27e), - TOBN(0xb09d52a9, 0x69950093), TOBN(0x3525d9cb, 0x327f8d40), - TOBN(0xb8235a94, 0x67df886a), TOBN(0x77e4b0dd, 0x035faec2), - TOBN(0x115eb20a, 0x517d7061), TOBN(0x77fe3433, 0x6c2df683), - TOBN(0x6870ddc7, 0xcdc6fc67), TOBN(0xb1610588, 0x0b87de83), - TOBN(0x343584ca, 0xd9c4ddbe), TOBN(0xb3164f1c, 0x3d754be2), - TOBN(0x0731ed3a, 0xc1e6c894), TOBN(0x26327dec, 0x4f6b904c), - TOBN(0x9d49c6de, 0x97b5cd32), TOBN(0x40835dae, 0xb5eceecd), - TOBN(0xc66350ed, 0xd9ded7fe), TOBN(0x8aeebb5c, 0x7a678804), - TOBN(0x51d42fb7, 0x5b8ee9ec), TOBN(0xd7a17bdd, 0x8e3ca118), - TOBN(0x40d7511a, 0x2ef4400e), TOBN(0xc48990ac, 0x875a66f4), - TOBN(0x8de07d2a, 0x2199e347), TOBN(0xbee75556, 0x2a39e051), - TOBN(0x56918786, 0x916e51dc), TOBN(0xeb191313, 0x4a2d89ec), - TOBN(0x6679610d, 0x37d341ed), TOBN(0x434fbb41, 0x56d51c2b), - TOBN(0xe54b7ee7, 0xd7492dba), TOBN(0xaa33a79a, 0x59021493), - TOBN(0x49fc5054, 0xe4bd6d3d), TOBN(0x09540f04, 0x5ab551d0), - TOBN(0x8acc9085, 0x4942d3a6), TOBN(0x231af02f, 0x2d28323b), - TOBN(0x93458cac, 0x0992c163), TOBN(0x1fef8e71, 0x888e3bb4), - TOBN(0x27578da5, 0xbe8c268c), TOBN(0xcc8be792, 0xe805ec00), - TOBN(0x29267bae, 0xc61c3855), TOBN(0xebff429d, 0x58c1fd3b), - TOBN(0x22d886c0, 0x8c0b93b8), TOBN(0xca5e00b2, 0x2ddb8953), - TOBN(0xcf330117, 0xc3fed8b7), TOBN(0xd49ac6fa, 0x819c01f6), - TOBN(0x6ddaa6bd, 0x3c0fbd54), TOBN(0x91743068, 0x8049a2cf), - TOBN(0xd67f981e, 0xaff2ef81), TOBN(0xc3654d35, 0x2818ae80), - TOBN(0x81d05044, 0x1b2aa892), TOBN(0x2db067bf, 0x3d099328), - TOBN(0xe7c79e86, 0x703dcc97), TOBN(0xe66f9b37, 0xe133e215), - TOBN(0xcdf119a6, 0xe39a7a5c), TOBN(0x47c60de3, 0x876f1b61), - TOBN(0x6e405939, 0xd860f1b2), TOBN(0x3e9a1dbc, 0xf5ed4d4a), - TOBN(0x3f23619e, 0xc9b6bcbd), TOBN(0x5ee790cf, 0x734e4497), - TOBN(0xf0a834b1, 0x5bdaf9bb), TOBN(0x02cedda7, 0x4ca295f0), - TOBN(0x4619aa2b, 0xcb8e378c), TOBN(0xe5613244, 0xcc987ea4), - TOBN(0x0bc022cc, 0x76b23a50), TOBN(0x4a2793ad, 0x0a6c21ce), - TOBN(0x38328780, 0x89cac3f5), TOBN(0x29176f1b, 0xcba26d56), - TOBN(0x06296187, 0x4f6f59eb), TOBN(0x86e9bca9, 0x8bdc658e), - TOBN(0x2ca9c4d3, 0x57e30402), TOBN(0x5438b216, 0x516a09bb), - TOBN(0x0a6a063c, 0x7672765a), TOBN(0x37a3ce64, 0x0547b9bf), - TOBN(0x42c099c8, 0x98b1a633), TOBN(0xb5ab800d, 0x05ee6961), - TOBN(0xf1963f59, 0x11a5acd6), TOBN(0xbaee6157, 0x46201063), - TOBN(0x36d9a649, 0xa596210a), TOBN(0xaed04363, 0x1ba7138c), - TOBN(0xcf817d1c, 0xa4a82b76), TOBN(0x5586960e, 0xf3806be9), - TOBN(0x7ab67c89, 0x09dc6bb5), TOBN(0x52ace7a0, 0x114fe7eb), - TOBN(0xcd987618, 0xcbbc9b70), TOBN(0x4f06fd5a, 0x604ca5e1), - TOBN(0x90af14ca, 0x6dbde133), TOBN(0x1afe4322, 0x948a3264), - TOBN(0xa70d2ca6, 0xc44b2c6c), TOBN(0xab726799, 0x0ef87dfe), - TOBN(0x310f64dc, 0x2e696377), TOBN(0x49b42e68, 0x4c8126a0), - TOBN(0x0ea444c3, 0xcea0b176), TOBN(0x53a8ddf7, 0xcb269182), - TOBN(0xf3e674eb, 0xbbba9dcb), TOBN(0x0d2878a8, 0xd8669d33), - TOBN(0x04b935d5, 0xd019b6a3), TOBN(0xbb5cf88e, 0x406f1e46), - TOBN(0xa1912d16, 0x5b57c111), TOBN(0x9803fc21, 0x19ebfd78), - TOBN(0x4f231c9e, 0xc07764a9), TOBN(0xd93286ee, 0xb75bd055), - TOBN(0x83a9457d, 0x8ee6c9de), TOBN(0x04695915, 0x6087ec90), - TOBN(0x14c6dd8a, 0x58d6cd46), TOBN(0x9cb633b5, 0x8e6634d2), - TOBN(0xc1305047, 0xf81bc328), TOBN(0x12ede0e2, 0x26a177e5), - TOBN(0x332cca62, 0x065a6f4f), TOBN(0xc3a47ecd, 0x67be487b), - TOBN(0x741eb187, 0x0f47ed1c), TOBN(0x99e66e58, 0xe7598b14), - TOBN(0x6f0544ca, 0x63d0ff12), TOBN(0xe5efc784, 0xb610a05f), - TOBN(0xf72917b1, 0x7cad7b47), TOBN(0x3ff6ea20, 0xf2cac0c0), - TOBN(0xcc23791b, 0xf21db8b7), TOBN(0x7dac70b1, 0xd7d93565), - TOBN(0x682cda1d, 0x694bdaad), TOBN(0xeb88bb8c, 0x1023516d), - TOBN(0xc4c634b4, 0xdfdbeb1b), TOBN(0x22f5ca72, 0xb4ee4dea), - TOBN(0x1045a368, 0xe6524821), TOBN(0xed9e8a3f, 0x052b18b2), - TOBN(0x9b7f2cb1, 0xb961f49a), TOBN(0x7fee2ec1, 0x7b009670), - TOBN(0x350d8754, 0x22507a6d), TOBN(0x561bd711, 0x4db55f1d), - TOBN(0x4c189ccc, 0x320bbcaf), TOBN(0x568434cf, 0xdf1de48c), - TOBN(0x6af1b00e, 0x0fa8f128), TOBN(0xf0ba9d02, 0x8907583c), - TOBN(0x735a4004, 0x32ff9f60), TOBN(0x3dd8e4b6, 0xc25dcf33), - TOBN(0xf2230f16, 0x42c74cef), TOBN(0xd8117623, 0x013fa8ad), - TOBN(0x36822876, 0xf51fe76e), TOBN(0x8a6811cc, 0x11d62589), - TOBN(0xc3fc7e65, 0x46225718), TOBN(0xb7df2c9f, 0xc82fdbcd), - TOBN(0x3b1d4e52, 0xdd7b205b), TOBN(0xb6959478, 0x47a2e414), - TOBN(0x05e4d793, 0xefa91148), TOBN(0xb47ed446, 0xfd2e9675), - TOBN(0x1a7098b9, 0x04c9d9bf), TOBN(0x661e2881, 0x1b793048), - TOBN(0xb1a16966, 0xb01ee461), TOBN(0xbc521308, 0x2954746f), - TOBN(0xc909a0fc, 0x2477de50), TOBN(0xd80bb41c, 0x7dbd51ef), - TOBN(0xa85be7ec, 0x53294905), TOBN(0x6d465b18, 0x83958f97), - TOBN(0x16f6f330, 0xfb6840fd), TOBN(0xfaaeb214, 0x3401e6c8), - TOBN(0xaf83d30f, 0xccb5b4f8), TOBN(0x22885739, 0x266dec4b), - TOBN(0x51b4367c, 0x7bc467df), TOBN(0x926562e3, 0xd842d27a), - TOBN(0xdfcb6614, 0x0fea14a6), TOBN(0xeb394dae, 0xf2734cd9), - TOBN(0x3eeae5d2, 0x11c0be98), TOBN(0xb1e6ed11, 0x814e8165), - TOBN(0x191086bc, 0xe52bce1c), TOBN(0x14b74cc6, 0xa75a04da), - TOBN(0x63cf1186, 0x8c060985), TOBN(0x071047de, 0x2dbd7f7c), - TOBN(0x4e433b8b, 0xce0942ca), TOBN(0xecbac447, 0xd8fec61d), - TOBN(0x8f0ed0e2, 0xebf3232f), TOBN(0xfff80f9e, 0xc52a2edd), - TOBN(0xad9ab433, 0x75b55fdb), TOBN(0x73ca7820, 0xe42e0c11), - TOBN(0x6dace0a0, 0xe6251b46), TOBN(0x89bc6b5c, 0x4c0d932d), - TOBN(0x3438cd77, 0x095da19a), TOBN(0x2f24a939, 0x8d48bdfb), - TOBN(0x99b47e46, 0x766561b7), TOBN(0x736600e6, 0x0ed0322a), - TOBN(0x06a47cb1, 0x638e1865), TOBN(0x927c1c2d, 0xcb136000), - TOBN(0x29542337, 0x0cc5df69), TOBN(0x99b37c02, 0x09d649a9), - TOBN(0xc5f0043c, 0x6aefdb27), TOBN(0x6cdd9987, 0x1be95c27), - TOBN(0x69850931, 0x390420d2), TOBN(0x299c40ac, 0x0983efa4), - TOBN(0x3a05e778, 0xaf39aead), TOBN(0x84274408, 0x43a45193), - TOBN(0x6bcd0fb9, 0x91a711a0), TOBN(0x461592c8, 0x9f52ab17), - TOBN(0xb49302b4, 0xda3c6ed6), TOBN(0xc51fddc7, 0x330d7067), - TOBN(0x94babeb6, 0xda50d531), TOBN(0x521b840d, 0xa6a7b9da), - TOBN(0x5305151e, 0x404bdc89), TOBN(0x1bcde201, 0xd0d07449), - TOBN(0xf427a78b, 0x3b76a59a), TOBN(0xf84841ce, 0x07791a1b), - TOBN(0xebd314be, 0xbf91ed1c), TOBN(0x8e61d34c, 0xbf172943), - TOBN(0x1d5dc451, 0x5541b892), TOBN(0xb186ee41, 0xfc9d9e54), - TOBN(0x9d9f345e, 0xd5bf610d), TOBN(0x3e7ba65d, 0xf6acca9f), - TOBN(0x9dda787a, 0xa8369486), TOBN(0x09f9dab7, 0x8eb5ba53), - TOBN(0x5afb2033, 0xd6481bc3), TOBN(0x76f4ce30, 0xafa62104), - TOBN(0xa8fa00cf, 0xf4f066b5), TOBN(0x89ab5143, 0x461dafc2), - TOBN(0x44339ed7, 0xa3389998), TOBN(0x2ff862f1, 0xbc214903), - TOBN(0x2c88f985, 0xb05556e3), TOBN(0xcd96058e, 0x3467081e), - TOBN(0x7d6a4176, 0xedc637ea), TOBN(0xe1743d09, 0x36a5acdc), - TOBN(0x66fd72e2, 0x7eb37726), TOBN(0xf7fa264e, 0x1481a037), - TOBN(0x9fbd3bde, 0x45f4aa79), TOBN(0xed1e0147, 0x767c3e22), - TOBN(0x7621f979, 0x82e7abe2), TOBN(0x19eedc72, 0x45f633f8), - TOBN(0xe69b155e, 0x6137bf3a), TOBN(0xa0ad13ce, 0x414ee94e), - TOBN(0x93e3d524, 0x1c0e651a), TOBN(0xab1a6e2a, 0x02ce227e), - TOBN(0xe7af1797, 0x4ab27eca), TOBN(0x245446de, 0xbd444f39), - TOBN(0x59e22a21, 0x56c07613), TOBN(0x43deafce, 0xf4275498), - TOBN(0x10834ccb, 0x67fd0946), TOBN(0xa75841e5, 0x47406edf), - TOBN(0xebd6a677, 0x7b0ac93d), TOBN(0xa6e37b0d, 0x78f5e0d7), - TOBN(0x2516c096, 0x76f5492b), TOBN(0x1e4bf888, 0x9ac05f3a), - TOBN(0xcdb42ce0, 0x4df0ba2b), TOBN(0x935d5cfd, 0x5062341b), - TOBN(0x8a303333, 0x82acac20), TOBN(0x429438c4, 0x5198b00e), - TOBN(0x1d083bc9, 0x049d33fa), TOBN(0x58b82dda, 0x946f67ff), - TOBN(0xac3e2db8, 0x67a1d6a3), TOBN(0x62e6bead, 0x1798aac8), - TOBN(0xfc85980f, 0xde46c58c), TOBN(0xa7f69379, 0x69c8d7be), - TOBN(0x23557927, 0x837b35ec), TOBN(0x06a933d8, 0xe0790c0c), - TOBN(0x827c0e9b, 0x077ff55d), TOBN(0x53977798, 0xbb26e680), - TOBN(0x59530874, 0x1d9cb54f), TOBN(0xcca3f449, 0x4aac53ef), - TOBN(0x11dc5c87, 0xa07eda0f), TOBN(0xc138bccf, 0xfd6400c8), - TOBN(0x549680d3, 0x13e5da72), TOBN(0xc93eed82, 0x4540617e), - TOBN(0xfd3db157, 0x4d0b75c0), TOBN(0x9716eb42, 0x6386075b), - TOBN(0x0639605c, 0x817b2c16), TOBN(0x09915109, 0xf1e4f201), - TOBN(0x35c9a928, 0x5cca6c3b), TOBN(0xb25f7d1a, 0x3505c900), - TOBN(0xeb9f7d20, 0x630480c4), TOBN(0xc3c7b8c6, 0x2a1a501c), - TOBN(0x3f99183c, 0x5a1f8e24), TOBN(0xfdb118fa, 0x9dd255f0), - TOBN(0xb9b18b90, 0xc27f62a6), TOBN(0xe8f732f7, 0x396ec191), - TOBN(0x524a2d91, 0x0be786ab), TOBN(0x5d32adef, 0x0ac5a0f5), - TOBN(0x9b53d4d6, 0x9725f694), TOBN(0x032a76c6, 0x0510ba89), - TOBN(0x840391a3, 0xebeb1544), TOBN(0x44b7b88c, 0x3ed73ac3), - TOBN(0xd24bae7a, 0x256cb8b3), TOBN(0x7ceb151a, 0xe394cb12), - TOBN(0xbd6b66d0, 0x5bc1e6a8), TOBN(0xec70cecb, 0x090f07bf), - TOBN(0x270644ed, 0x7d937589), TOBN(0xee9e1a3d, 0x5f1dccfe), - TOBN(0xb0d40a84, 0x745b98d2), TOBN(0xda429a21, 0x2556ed40), - TOBN(0xf676eced, 0x85148cb9), TOBN(0x5a22d40c, 0xded18936), - TOBN(0x3bc4b9e5, 0x70e8a4ce), TOBN(0xbfd1445b, 0x9eae0379), - TOBN(0xf23f2c0c, 0x1a0bd47e), TOBN(0xa9c0bb31, 0xe1845531), - TOBN(0x9ddc4d60, 0x0a4c3f6b), TOBN(0xbdfaad79, 0x2c15ef44), - TOBN(0xce55a236, 0x7f484acc), TOBN(0x08653ca7, 0x055b1f15), - TOBN(0x2efa8724, 0x538873a3), TOBN(0x09299e5d, 0xace1c7e7), - TOBN(0x07afab66, 0xade332ba), TOBN(0x9be1fdf6, 0x92dd71b7), - TOBN(0xa49b5d59, 0x5758b11c), TOBN(0x0b852893, 0xc8654f40), - TOBN(0xb63ef6f4, 0x52379447), TOBN(0xd4957d29, 0x105e690c), - TOBN(0x7d484363, 0x646559b0), TOBN(0xf4a8273c, 0x49788a8e), - TOBN(0xee406cb8, 0x34ce54a9), TOBN(0x1e1c260f, 0xf86fda9b), - TOBN(0xe150e228, 0xcf6a4a81), TOBN(0x1fa3b6a3, 0x1b488772), - TOBN(0x1e6ff110, 0xc5a9c15b), TOBN(0xc6133b91, 0x8ad6aa47), - TOBN(0x8ac5d55c, 0x9dffa978), TOBN(0xba1d1c1d, 0x5f3965f2), - TOBN(0xf969f4e0, 0x7732b52f), TOBN(0xfceecdb5, 0xa5172a07), - TOBN(0xb0120a5f, 0x10f2b8f5), TOBN(0xc83a6cdf, 0x5c4c2f63), - TOBN(0x4d47a491, 0xf8f9c213), TOBN(0xd9e1cce5, 0xd3f1bbd5), - TOBN(0x0d91bc7c, 0xaba7e372), TOBN(0xfcdc74c8, 0xdfd1a2db), - TOBN(0x05efa800, 0x374618e5), TOBN(0x11216969, 0x15a7925e), - TOBN(0xd4c89823, 0xf6021c5d), TOBN(0x880d5e84, 0xeff14423), - TOBN(0x6523bc5a, 0x6dcd1396), TOBN(0xd1acfdfc, 0x113c978b), - TOBN(0xb0c164e8, 0xbbb66840), TOBN(0xf7f4301e, 0x72b58459), - TOBN(0xc29ad4a6, 0xa638e8ec), TOBN(0xf5ab8961, 0x46b78699), - TOBN(0x9dbd7974, 0x0e954750), TOBN(0x0121de88, 0x64f9d2c6), - TOBN(0x2e597b42, 0xd985232e), TOBN(0x55b6c3c5, 0x53451777), - TOBN(0xbb53e547, 0x519cb9fb), TOBN(0xf134019f, 0x8428600d), - TOBN(0x5a473176, 0xe081791a), TOBN(0x2f3e2263, 0x35fb0c08), - TOBN(0xb28c3017, 0x73d273b0), TOBN(0xccd21076, 0x7721ef9a), - TOBN(0x054cc292, 0xb650dc39), TOBN(0x662246de, 0x6188045e), - TOBN(0x904b52fa, 0x6b83c0d1), TOBN(0xa72df267, 0x97e9cd46), - TOBN(0x886b43cd, 0x899725e4), TOBN(0x2b651688, 0xd849ff22), - TOBN(0x60479b79, 0x02f34533), TOBN(0x5e354c14, 0x0c77c148), - TOBN(0xb4bb7581, 0xa8537c78), TOBN(0x188043d7, 0xefe1495f), - TOBN(0x9ba12f42, 0x8c1d5026), TOBN(0x2e0c8a26, 0x93d4aaab), - TOBN(0xbdba7b8b, 0xaa57c450), TOBN(0x140c9ad6, 0x9bbdafef), - TOBN(0x2067aa42, 0x25ac0f18), TOBN(0xf7b1295b, 0x04d1fbf3), - TOBN(0x14829111, 0xa4b04824), TOBN(0x2ce3f192, 0x33bd5e91), - TOBN(0x9c7a1d55, 0x8f2e1b72), TOBN(0xfe932286, 0x302aa243), - TOBN(0x497ca7b4, 0xd4be9554), TOBN(0xb8e821b8, 0xe0547a6e), - TOBN(0xfb2838be, 0x67e573e0), TOBN(0x05891db9, 0x4084c44b), - TOBN(0x91311373, 0x96c1c2c5), TOBN(0x6aebfa3f, 0xd958444b), - TOBN(0xac9cdce9, 0xe56e55c1), TOBN(0x7148ced3, 0x2caa46d0), - TOBN(0x2e10c7ef, 0xb61fe8eb), TOBN(0x9fd835da, 0xff97cf4d),} - , - {TOBN(0xa36da109, 0x081e9387), TOBN(0xfb9780d7, 0x8c935828), - TOBN(0xd5940332, 0xe540b015), TOBN(0xc9d7b51b, 0xe0f466fa), - TOBN(0xfaadcd41, 0xd6d9f671), TOBN(0xba6c1e28, 0xb1a2ac17), - TOBN(0x066a7833, 0xed201e5f), TOBN(0x19d99719, 0xf90f462b), - TOBN(0xf431f462, 0x060b5f61), TOBN(0xa56f46b4, 0x7bd057c2), - TOBN(0x348dca6c, 0x47e1bf65), TOBN(0x9a38783e, 0x41bcf1ff), - TOBN(0x7a5d33a9, 0xda710718), TOBN(0x5a779987, 0x2e0aeaf6), - TOBN(0xca87314d, 0x2d29d187), TOBN(0xfa0edc3e, 0xc687d733), - TOBN(0x9df33621, 0x6a31e09b), TOBN(0xde89e44d, 0xc1350e35), - TOBN(0x29214871, 0x4ca0cf52), TOBN(0xdf379672, 0x0b88a538), - TOBN(0xc92a510a, 0x2591d61b), TOBN(0x79aa87d7, 0x585b447b), - TOBN(0xf67db604, 0xe5287f77), TOBN(0x1697c8bf, 0x5efe7a80), - TOBN(0x1c894849, 0xcb198ac7), TOBN(0xa884a93d, 0x0f264665), - TOBN(0x2da964ef, 0x9b200678), TOBN(0x3c351b87, 0x009834e6), - TOBN(0xafb2ef9f, 0xe2c4b44b), TOBN(0x580f6c47, 0x3326790c), - TOBN(0xb8480521, 0x0b02264a), TOBN(0x8ba6f9e2, 0x42a194e2), - TOBN(0xfc87975f, 0x8fb54738), TOBN(0x35160788, 0x27c3ead3), - TOBN(0x834116d2, 0xb74a085a), TOBN(0x53c99a73, 0xa62fe996), - TOBN(0x87585be0, 0x5b81c51b), TOBN(0x925bafa8, 0xbe0852b7), - TOBN(0x76a4fafd, 0xa84d19a7), TOBN(0x39a45982, 0x585206d4), - TOBN(0x499b6ab6, 0x5eb03c0e), TOBN(0xf19b7954, 0x72bc3fde), - TOBN(0xa86b5b9c, 0x6e3a80d2), TOBN(0xe4377508, 0x6d42819f), - TOBN(0xc1663650, 0xbb3ee8a3), TOBN(0x75eb14fc, 0xb132075f), - TOBN(0xa8ccc906, 0x7ad834f6), TOBN(0xea6a2474, 0xe6e92ffd), - TOBN(0x9d72fd95, 0x0f8d6758), TOBN(0xcb84e101, 0x408c07dd), - TOBN(0xb9114bfd, 0xa5e23221), TOBN(0x358b5fe2, 0xe94e742c), - TOBN(0x1c0577ec, 0x95f40e75), TOBN(0xf0155451, 0x3d73f3d6), - TOBN(0x9d55cd67, 0xbd1b9b66), TOBN(0x63e86e78, 0xaf8d63c7), - TOBN(0x39d934ab, 0xd3c095f1), TOBN(0x04b261be, 0xe4b76d71), - TOBN(0x1d2e6970, 0xe73e6984), TOBN(0x879fb23b, 0x5e5fcb11), - TOBN(0x11506c72, 0xdfd75490), TOBN(0x3a97d085, 0x61bcf1c1), - TOBN(0x43201d82, 0xbf5e7007), TOBN(0x7f0ac52f, 0x798232a7), - TOBN(0x2715cbc4, 0x6eb564d4), TOBN(0x8d6c752c, 0x9e570e29), - TOBN(0xf80247c8, 0x9ef5fd5d), TOBN(0xc3c66b46, 0xd53eb514), - TOBN(0x9666b401, 0x0f87de56), TOBN(0xce62c06f, 0xc6c603b5), - TOBN(0xae7b4c60, 0x7e4fc942), TOBN(0x38ac0b77, 0x663a9c19), - TOBN(0xcb4d20ee, 0x4b049136), TOBN(0x8b63bf12, 0x356a4613), - TOBN(0x1221aef6, 0x70e08128), TOBN(0xe62d8c51, 0x4acb6b16), - TOBN(0x71f64a67, 0x379e7896), TOBN(0xb25237a2, 0xcafd7fa5), - TOBN(0xf077bd98, 0x3841ba6a), TOBN(0xc4ac0244, 0x3cd16e7e), - TOBN(0x548ba869, 0x21fea4ca), TOBN(0xd36d0817, 0xf3dfdac1), - TOBN(0x09d8d71f, 0xf4685faf), TOBN(0x8eff66be, 0xc52c459a), - TOBN(0x182faee7, 0x0b57235e), TOBN(0xee3c39b1, 0x0106712b), - TOBN(0x5107331f, 0xc0fcdcb0), TOBN(0x669fb9dc, 0xa51054ba), - TOBN(0xb25101fb, 0x319d7682), TOBN(0xb0293129, 0x0a982fee), - TOBN(0x51c1c9b9, 0x0261b344), TOBN(0x0e008c5b, 0xbfd371fa), - TOBN(0xd866dd1c, 0x0278ca33), TOBN(0x666f76a6, 0xe5aa53b1), - TOBN(0xe5cfb779, 0x6013a2cf), TOBN(0x1d3a1aad, 0xa3521836), - TOBN(0xcedd2531, 0x73faa485), TOBN(0xc8ee6c4f, 0xc0a76878), - TOBN(0xddbccfc9, 0x2a11667d), TOBN(0x1a418ea9, 0x1c2f695a), - TOBN(0xdb11bd92, 0x51f73971), TOBN(0x3e4b3c82, 0xda2ed89f), - TOBN(0x9a44f3f4, 0xe73e0319), TOBN(0xd1e3de0f, 0x303431af), - TOBN(0x3c5604ff, 0x50f75f9c), TOBN(0x1d8eddf3, 0x7e752b22), - TOBN(0x0ef074dd, 0x3c9a1118), TOBN(0xd0ffc172, 0xccb86d7b), - TOBN(0xabd1ece3, 0x037d90f2), TOBN(0xe3f307d6, 0x6055856c), - TOBN(0x422f9328, 0x7e4c6daf), TOBN(0x902aac66, 0x334879a0), - TOBN(0xb6a1e7bf, 0x94cdfade), TOBN(0x6c97e1ed, 0x7fc6d634), - TOBN(0x662ad24d, 0xa2fb63f8), TOBN(0xf81be1b9, 0xa5928405), - TOBN(0x86d765e4, 0xd14b4206), TOBN(0xbecc2e0e, 0x8fa0db65), - TOBN(0xa28838e0, 0xb17fc76c), TOBN(0xe49a602a, 0xe37cf24e), - TOBN(0x76b4131a, 0x567193ec), TOBN(0xaf3c305a, 0xe5f6e70b), - TOBN(0x9587bd39, 0x031eebdd), TOBN(0x5709def8, 0x71bbe831), - TOBN(0x57059983, 0x0eb2b669), TOBN(0x4d80ce1b, 0x875b7029), - TOBN(0x838a7da8, 0x0364ac16), TOBN(0x2f431d23, 0xbe1c83ab), - TOBN(0xe56812a6, 0xf9294dd3), TOBN(0xb448d01f, 0x9b4b0d77), - TOBN(0xf3ae6061, 0x04e8305c), TOBN(0x2bead645, 0x94d8c63e), - TOBN(0x0a85434d, 0x84fd8b07), TOBN(0x537b983f, 0xf7a9dee5), - TOBN(0xedcc5f18, 0xef55bd85), TOBN(0x2041af62, 0x21c6cf8b), - TOBN(0x8e52874c, 0xb940c71e), TOBN(0x211935a9, 0xdb5f4b3a), - TOBN(0x94350492, 0x301b1dc3), TOBN(0x33d2646d, 0x29958620), - TOBN(0x16b0d64b, 0xef911404), TOBN(0x9d1f25ea, 0x9a3c5ef4), - TOBN(0x20f200eb, 0x4a352c78), TOBN(0x43929f2c, 0x4bd0b428), - TOBN(0xa5656667, 0xc7196e29), TOBN(0x7992c2f0, 0x9391be48), - TOBN(0xaaa97cbd, 0x9ee0cd6e), TOBN(0x51b0310c, 0x3dc8c9bf), - TOBN(0x237f8acf, 0xdd9f22cb), TOBN(0xbb1d81a1, 0xb585d584), - TOBN(0x8d5d85f5, 0x8c416388), TOBN(0x0d6e5a5a, 0x42fe474f), - TOBN(0xe7812766, 0x38235d4e), TOBN(0x1c62bd67, 0x496e3298), - TOBN(0x8378660c, 0x3f175bc8), TOBN(0x4d04e189, 0x17afdd4d), - TOBN(0x32a81601, 0x85a8068c), TOBN(0xdb58e4e1, 0x92b29a85), - TOBN(0xe8a65b86, 0xc70d8a3b), TOBN(0x5f0e6f4e, 0x98a0403b), - TOBN(0x08129684, 0x69ed2370), TOBN(0x34dc30bd, 0x0871ee26), - TOBN(0x3a5ce948, 0x7c9c5b05), TOBN(0x7d487b80, 0x43a90c87), - TOBN(0x4089ba37, 0xdd0e7179), TOBN(0x45f80191, 0xb4041811), - TOBN(0x1c3e1058, 0x98747ba5), TOBN(0x98c4e13a, 0x6e1ae592), - TOBN(0xd44636e6, 0xe82c9f9e), TOBN(0x711db87c, 0xc33a1043), - TOBN(0x6f431263, 0xaa8aec05), TOBN(0x43ff120d, 0x2744a4aa), - TOBN(0xd3bd892f, 0xae77779b), TOBN(0xf0fe0cc9, 0x8cdc9f82), - TOBN(0xca5f7fe6, 0xf1c5b1bc), TOBN(0xcc63a682, 0x44929a72), - TOBN(0xc7eaba0c, 0x09dbe19a), TOBN(0x2f3585ad, 0x6b5c73c2), - TOBN(0x8ab8924b, 0x0ae50c30), TOBN(0x17fcd27a, 0x638b30ba), - TOBN(0xaf414d34, 0x10b3d5a5), TOBN(0x09c107d2, 0x2a9accf1), - TOBN(0x15dac49f, 0x946a6242), TOBN(0xaec3df2a, 0xd707d642), - TOBN(0x2c2492b7, 0x3f894ae0), TOBN(0xf59df3e5, 0xb75f18ce), - TOBN(0x7cb740d2, 0x8f53cad0), TOBN(0x3eb585fb, 0xc4f01294), - TOBN(0x17da0c86, 0x32c7f717), TOBN(0xeb8c795b, 0xaf943f4c), - TOBN(0x4ee23fb5, 0xf67c51d2), TOBN(0xef187575, 0x68889949), - TOBN(0xa6b4bdb2, 0x0389168b), TOBN(0xc4ecd258, 0xea577d03), - TOBN(0x3a63782b, 0x55743082), TOBN(0x6f678f4c, 0xc72f08cd), - TOBN(0x553511cf, 0x65e58dd8), TOBN(0xd53b4e3e, 0xd402c0cd), - TOBN(0x37de3e29, 0xa037c14c), TOBN(0x86b6c516, 0xc05712aa), - TOBN(0x2834da3e, 0xb38dff6f), TOBN(0xbe012c52, 0xea636be8), - TOBN(0x292d238c, 0x61dd37f8), TOBN(0x0e54523f, 0x8f8142db), - TOBN(0xe31eb436, 0x036a05d8), TOBN(0x83e3cdff, 0x1e93c0ff), - TOBN(0x3fd2fe0f, 0x50821ddf), TOBN(0xc8e19b0d, 0xff9eb33b), - TOBN(0xc8cc943f, 0xb569a5fe), TOBN(0xad0090d4, 0xd4342d75), - TOBN(0x82090b4b, 0xcaeca000), TOBN(0xca39687f, 0x1bd410eb), - TOBN(0xe7bb0df7, 0x65959d77), TOBN(0x39d78218, 0x9c964999), - TOBN(0xd87f62e8, 0xb2415451), TOBN(0xe5efb774, 0xbed76108), - TOBN(0x3ea011a4, 0xe822f0d0), TOBN(0xbc647ad1, 0x5a8704f8), - TOBN(0xbb315b35, 0x50c6820f), TOBN(0x863dec3d, 0xb7e76bec), - TOBN(0x01ff5d3a, 0xf017bfc7), TOBN(0x20054439, 0x976b8229), - TOBN(0x067fca37, 0x0bbd0d3b), TOBN(0xf63dde64, 0x7f5e3d0f), - TOBN(0x22dbefb3, 0x2a4c94e9), TOBN(0xafbff0fe, 0x96f8278a), - TOBN(0x80aea0b1, 0x3503793d), TOBN(0xb2238029, 0x5f06cd29), - TOBN(0x65703e57, 0x8ec3feca), TOBN(0x06c38314, 0x393e7053), - TOBN(0xa0b751eb, 0x7c6734c4), TOBN(0xd2e8a435, 0xc59f0f1e), - TOBN(0x147d9052, 0x5e9ca895), TOBN(0x2f4dd31e, 0x972072df), - TOBN(0xa16fda8e, 0xe6c6755c), TOBN(0xc66826ff, 0xcf196558), - TOBN(0x1f1a76a3, 0x0cf43895), TOBN(0xa9d604e0, 0x83c3097b), - TOBN(0xe1908309, 0x66390e0e), TOBN(0xa50bf753, 0xb3c85eff), - TOBN(0x0696bdde, 0xf6a70251), TOBN(0x548b801b, 0x3c6ab16a), - TOBN(0x37fcf704, 0xa4d08762), TOBN(0x090b3def, 0xdff76c4e), - TOBN(0x87e8cb89, 0x69cb9158), TOBN(0x44a90744, 0x995ece43), - TOBN(0xf85395f4, 0x0ad9fbf5), TOBN(0x49b0f6c5, 0x4fb0c82d), - TOBN(0x75d9bc15, 0xadf7cccf), TOBN(0x81a3e5d6, 0xdfa1e1b0), - TOBN(0x8c39e444, 0x249bc17e), TOBN(0xf37dccb2, 0x8ea7fd43), - TOBN(0xda654873, 0x907fba12), TOBN(0x35daa6da, 0x4a372904), - TOBN(0x0564cfc6, 0x6283a6c5), TOBN(0xd09fa4f6, 0x4a9395bf), - TOBN(0x688e9ec9, 0xaeb19a36), TOBN(0xd913f1ce, 0xc7bfbfb4), - TOBN(0x797b9a3c, 0x61c2faa6), TOBN(0x2f979bec, 0x6a0a9c12), - TOBN(0xb5969d0f, 0x359679ec), TOBN(0xebcf523d, 0x079b0460), - TOBN(0xfd6b0008, 0x10fab870), TOBN(0x3f2edcda, 0x9373a39c), - TOBN(0x0d64f9a7, 0x6f568431), TOBN(0xf848c27c, 0x02f8898c), - TOBN(0xf418ade1, 0x260b5bd5), TOBN(0xc1f3e323, 0x6973dee8), - TOBN(0x46e9319c, 0x26c185dd), TOBN(0x6d85b7d8, 0x546f0ac4), - TOBN(0x427965f2, 0x247f9d57), TOBN(0xb519b636, 0xb0035f48), - TOBN(0x6b6163a9, 0xab87d59c), TOBN(0xff9f58c3, 0x39caaa11), - TOBN(0x4ac39cde, 0x3177387b), TOBN(0x5f6557c2, 0x873e77f9), - TOBN(0x67504006, 0x36a83041), TOBN(0x9b1c96ca, 0x75ef196c), - TOBN(0xf34283de, 0xb08c7940), TOBN(0x7ea09644, 0x1128c316), - TOBN(0xb510b3b5, 0x6aa39dff), TOBN(0x59b43da2, 0x9f8e4d8c), - TOBN(0xa8ce31fd, 0x9e4c4b9f), TOBN(0x0e20be26, 0xc1303c01), - TOBN(0x18187182, 0xe8ee47c9), TOBN(0xd9687cdb, 0x7db98101), - TOBN(0x7a520e4d, 0xa1e14ff6), TOBN(0x429808ba, 0x8836d572), - TOBN(0xa37ca60d, 0x4944b663), TOBN(0xf901f7a9, 0xa3f91ae5), - TOBN(0xe4e3e76e, 0x9e36e3b1), TOBN(0x9aa219cf, 0x29d93250), - TOBN(0x347fe275, 0x056a2512), TOBN(0xa4d643d9, 0xde65d95c), - TOBN(0x9669d396, 0x699fc3ed), TOBN(0xb598dee2, 0xcf8c6bbe), - TOBN(0x682ac1e5, 0xdda9e5c6), TOBN(0x4e0d3c72, 0xcaa9fc95), - TOBN(0x17faaade, 0x772bea44), TOBN(0x5ef8428c, 0xab0009c8), - TOBN(0xcc4ce47a, 0x460ff016), TOBN(0xda6d12bf, 0x725281cb), - TOBN(0x44c67848, 0x0223aad2), TOBN(0x6e342afa, 0x36256e28), - TOBN(0x1400bb0b, 0x93a37c04), TOBN(0x62b1bc9b, 0xdd10bd96), - TOBN(0x7251adeb, 0x0dac46b7), TOBN(0x7d33b92e, 0x7be4ef51), - TOBN(0x28b2a94b, 0xe61fa29a), TOBN(0x4b2be13f, 0x06422233), - TOBN(0x36d6d062, 0x330d8d37), TOBN(0x5ef80e1e, 0xb28ca005), - TOBN(0x174d4699, 0x6d16768e), TOBN(0x9fc4ff6a, 0x628bf217), - TOBN(0x77705a94, 0x154e490d), TOBN(0x9d96dd28, 0x8d2d997a), - TOBN(0x77e2d9d8, 0xce5d72c4), TOBN(0x9d06c5a4, 0xc11c714f), - TOBN(0x02aa5136, 0x79e4a03e), TOBN(0x1386b3c2, 0x030ff28b), - TOBN(0xfe82e8a6, 0xfb283f61), TOBN(0x7df203e5, 0xf3abc3fb), - TOBN(0xeec7c351, 0x3a4d3622), TOBN(0xf7d17dbf, 0xdf762761), - TOBN(0xc3956e44, 0x522055f0), TOBN(0xde3012db, 0x8fa748db), - TOBN(0xca9fcb63, 0xbf1dcc14), TOBN(0xa56d9dcf, 0xbe4e2f3a), - TOBN(0xb86186b6, 0x8bcec9c2), TOBN(0x7cf24df9, 0x680b9f06), - TOBN(0xc46b45ea, 0xc0d29281), TOBN(0xfff42bc5, 0x07b10e12), - TOBN(0x12263c40, 0x4d289427), TOBN(0x3d5f1899, 0xb4848ec4), - TOBN(0x11f97010, 0xd040800c), TOBN(0xb4c5f529, 0x300feb20), - TOBN(0xcc543f8f, 0xde94fdcb), TOBN(0xe96af739, 0xc7c2f05e), - TOBN(0xaa5e0036, 0x882692e1), TOBN(0x09c75b68, 0x950d4ae9), - TOBN(0x62f63df2, 0xb5932a7a), TOBN(0x2658252e, 0xde0979ad), - TOBN(0x2a19343f, 0xb5e69631), TOBN(0x718c7501, 0x525b666b), - TOBN(0x26a42d69, 0xea40dc3a), TOBN(0xdc84ad22, 0xaecc018f), - TOBN(0x25c36c7b, 0x3270f04a), TOBN(0x46ba6d47, 0x50fa72ed), - TOBN(0x6c37d1c5, 0x93e58a8e), TOBN(0xa2394731, 0x120c088c), - TOBN(0xc3be4263, 0xcb6e86da), TOBN(0x2c417d36, 0x7126d038), - TOBN(0x5b70f9c5, 0x8b6f8efa), TOBN(0x671a2faa, 0x37718536), - TOBN(0xd3ced3c6, 0xb539c92b), TOBN(0xe56f1bd9, 0xa31203c2), - TOBN(0x8b096ec4, 0x9ff3c8eb), TOBN(0x2deae432, 0x43491cea), - TOBN(0x2465c6eb, 0x17943794), TOBN(0x5d267e66, 0x20586843), - TOBN(0x9d3d116d, 0xb07159d0), TOBN(0xae07a67f, 0xc1896210), - TOBN(0x8fc84d87, 0xbb961579), TOBN(0x30009e49, 0x1c1f8dd6), - TOBN(0x8a8caf22, 0xe3132819), TOBN(0xcffa197c, 0xf23ab4ff), - TOBN(0x58103a44, 0x205dd687), TOBN(0x57b796c3, 0x0ded67a2), - TOBN(0x0b9c3a6c, 0xa1779ad7), TOBN(0xa33cfe2e, 0x357c09c5), - TOBN(0x2ea29315, 0x3db4a57e), TOBN(0x91959695, 0x8ebeb52e), - TOBN(0x118db9a6, 0xe546c879), TOBN(0x8e996df4, 0x6295c8d6), - TOBN(0xdd990484, 0x55ec806b), TOBN(0x24f291ca, 0x165c1035), - TOBN(0xcca523bb, 0x440e2229), TOBN(0x324673a2, 0x73ef4d04), - TOBN(0xaf3adf34, 0x3e11ec39), TOBN(0x6136d7f1, 0xdc5968d3), - TOBN(0x7a7b2899, 0xb053a927), TOBN(0x3eaa2661, 0xae067ecd), - TOBN(0x8549b9c8, 0x02779cd9), TOBN(0x061d7940, 0xc53385ea), - TOBN(0x3e0ba883, 0xf06d18bd), TOBN(0x4ba6de53, 0xb2700843), - TOBN(0xb966b668, 0x591a9e4d), TOBN(0x93f67567, 0x7f4fa0ed), - TOBN(0x5a02711b, 0x4347237b), TOBN(0xbc041e2f, 0xe794608e), - TOBN(0x55af10f5, 0x70f73d8c), TOBN(0xd2d4d4f7, 0xbb7564f7), - TOBN(0xd7d27a89, 0xb3e93ce7), TOBN(0xf7b5a875, 0x5d3a2c1b), - TOBN(0xb29e68a0, 0x255b218a), TOBN(0xb533837e, 0x8af76754), - TOBN(0xd1b05a73, 0x579fab2e), TOBN(0xb41055a1, 0xecd74385), - TOBN(0xb2369274, 0x445e9115), TOBN(0x2972a7c4, 0xf520274e), - TOBN(0x6c08334e, 0xf678e68a), TOBN(0x4e4160f0, 0x99b057ed), - TOBN(0x3cfe11b8, 0x52ccb69a), TOBN(0x2fd1823a, 0x21c8f772), - TOBN(0xdf7f072f, 0x3298f055), TOBN(0x8c0566f9, 0xfec74a6e), - TOBN(0xe549e019, 0x5bb4d041), TOBN(0x7c3930ba, 0x9208d850), - TOBN(0xe07141fc, 0xaaa2902b), TOBN(0x539ad799, 0xe4f69ad3), - TOBN(0xa6453f94, 0x813f9ffd), TOBN(0xc58d3c48, 0x375bc2f7), - TOBN(0xb3326fad, 0x5dc64e96), TOBN(0x3aafcaa9, 0xb240e354), - TOBN(0x1d1b0903, 0xaca1e7a9), TOBN(0x4ceb9767, 0x1211b8a0), - TOBN(0xeca83e49, 0xe32a858e), TOBN(0x4c32892e, 0xae907bad), - TOBN(0xd5b42ab6, 0x2eb9b494), TOBN(0x7fde3ee2, 0x1eabae1b), - TOBN(0x13b5ab09, 0xcaf54957), TOBN(0xbfb028be, 0xe5f5d5d5), - TOBN(0x928a0650, 0x2003e2c0), TOBN(0x90793aac, 0x67476843), - TOBN(0x5e942e79, 0xc81710a0), TOBN(0x557e4a36, 0x27ccadd4), - TOBN(0x72a2bc56, 0x4bcf6d0c), TOBN(0x09ee5f43, 0x26d7b80c), - TOBN(0x6b70dbe9, 0xd4292f19), TOBN(0x56f74c26, 0x63f16b18), - TOBN(0xc23db0f7, 0x35fbb42a), TOBN(0xb606bdf6, 0x6ae10040), - TOBN(0x1eb15d4d, 0x044573ac), TOBN(0x7dc3cf86, 0x556b0ba4), - TOBN(0x97af9a33, 0xc60df6f7), TOBN(0x0b1ef85c, 0xa716ce8c), - TOBN(0x2922f884, 0xc96958be), TOBN(0x7c32fa94, 0x35690963), - TOBN(0x2d7f667c, 0xeaa00061), TOBN(0xeaaf7c17, 0x3547365c), - TOBN(0x1eb4de46, 0x87032d58), TOBN(0xc54f3d83, 0x5e2c79e0), - TOBN(0x07818df4, 0x5d04ef23), TOBN(0x55faa9c8, 0x673d41b4), - TOBN(0xced64f6f, 0x89b95355), TOBN(0x4860d2ea, 0xb7415c84), - TOBN(0x5fdb9bd2, 0x050ebad3), TOBN(0xdb53e0cc, 0x6685a5bf), - TOBN(0xb830c031, 0x9feb6593), TOBN(0xdd87f310, 0x6accff17), - TOBN(0x2303ebab, 0x9f555c10), TOBN(0x94603695, 0x287e7065), - TOBN(0xf88311c3, 0x2e83358c), TOBN(0x508dd9b4, 0xeefb0178), - TOBN(0x7ca23706, 0x2dba8652), TOBN(0x62aac5a3, 0x0047abe5), - TOBN(0x9a61d2a0, 0x8b1ea7b3), TOBN(0xd495ab63, 0xae8b1485), - TOBN(0x38740f84, 0x87052f99), TOBN(0x178ebe5b, 0xb2974eea), - TOBN(0x030bbcca, 0x5b36d17f), TOBN(0xb5e4cce3, 0xaaf86eea), - TOBN(0xb51a0220, 0x68f8e9e0), TOBN(0xa4348796, 0x09eb3e75), - TOBN(0xbe592309, 0xeef1a752), TOBN(0x5d7162d7, 0x6f2aa1ed), - TOBN(0xaebfb5ed, 0x0f007dd2), TOBN(0x255e14b2, 0xc89edd22), - TOBN(0xba85e072, 0x0303b697), TOBN(0xc5d17e25, 0xf05720ff), - TOBN(0x02b58d6e, 0x5128ebb6), TOBN(0x2c80242d, 0xd754e113), - TOBN(0x919fca5f, 0xabfae1ca), TOBN(0x937afaac, 0x1a21459b), - TOBN(0x9e0ca91c, 0x1f66a4d2), TOBN(0x194cc7f3, 0x23ec1331), - TOBN(0xad25143a, 0x8aa11690), TOBN(0xbe40ad8d, 0x09b59e08), - TOBN(0x37d60d9b, 0xe750860a), TOBN(0x6c53b008, 0xc6bf434c), - TOBN(0xb572415d, 0x1356eb80), TOBN(0xb8bf9da3, 0x9578ded8), - TOBN(0x22658e36, 0x5e8fb38b), TOBN(0x9b70ce22, 0x5af8cb22), - TOBN(0x7c00018a, 0x829a8180), TOBN(0x84329f93, 0xb81ed295), - TOBN(0x7c343ea2, 0x5f3cea83), TOBN(0x38f8655f, 0x67586536), - TOBN(0xa661a0d0, 0x1d3ec517), TOBN(0x98744652, 0x512321ae), - TOBN(0x084ca591, 0xeca92598), TOBN(0xa9bb9dc9, 0x1dcb3feb), - TOBN(0x14c54355, 0x78b4c240), TOBN(0x5ed62a3b, 0x610cafdc), - TOBN(0x07512f37, 0x1b38846b), TOBN(0x571bb70a, 0xb0e38161), - TOBN(0xb556b95b, 0x2da705d2), TOBN(0x3ef8ada6, 0xb1a08f98), - TOBN(0x85302ca7, 0xddecfbe5), TOBN(0x0e530573, 0x943105cd), - TOBN(0x60554d55, 0x21a9255d), TOBN(0x63a32fa1, 0xf2f3802a), - TOBN(0x35c8c5b0, 0xcd477875), TOBN(0x97f458ea, 0x6ad42da1), - TOBN(0x832d7080, 0xeb6b242d), TOBN(0xd30bd023, 0x3b71e246), - TOBN(0x7027991b, 0xbe31139d), TOBN(0x68797e91, 0x462e4e53), - TOBN(0x423fe20a, 0x6b4e185a), TOBN(0x82f2c67e, 0x42d9b707), - TOBN(0x25c81768, 0x4cf7811b), TOBN(0xbd53005e, 0x045bb95d),} - , - {TOBN(0xe5f649be, 0x9d8e68fd), TOBN(0xdb0f0533, 0x1b044320), - TOBN(0xf6fde9b3, 0xe0c33398), TOBN(0x92f4209b, 0x66c8cfae), - TOBN(0xe9d1afcc, 0x1a739d4b), TOBN(0x09aea75f, 0xa28ab8de), - TOBN(0x14375fb5, 0xeac6f1d0), TOBN(0x6420b560, 0x708f7aa5), - TOBN(0x9eae499c, 0x6254dc41), TOBN(0x7e293924, 0x7a837e7e), - TOBN(0x74aec08c, 0x090524a7), TOBN(0xf82b9219, 0x8d6f55f2), - TOBN(0x493c962e, 0x1402cec5), TOBN(0x9f17ca17, 0xfa2f30e7), - TOBN(0xbcd783e8, 0xe9b879cb), TOBN(0xea3d8c14, 0x5a6f145f), - TOBN(0xdede15e7, 0x5e0dee6e), TOBN(0x74f24872, 0xdc628aa2), - TOBN(0xd3e9c4fe, 0x7861bb93), TOBN(0x56d4822a, 0x6187b2e0), - TOBN(0xb66417cf, 0xc59826f9), TOBN(0xca260969, 0x2408169e), - TOBN(0xedf69d06, 0xc79ef885), TOBN(0x00031f8a, 0xdc7d138f), - TOBN(0x103c46e6, 0x0ebcf726), TOBN(0x4482b831, 0x6231470e), - TOBN(0x6f6dfaca, 0x487c2109), TOBN(0x2e0ace97, 0x62e666ef), - TOBN(0x3246a9d3, 0x1f8d1f42), TOBN(0x1b1e83f1, 0x574944d2), - TOBN(0x13dfa63a, 0xa57f334b), TOBN(0x0cf8daed, 0x9f025d81), - TOBN(0x30d78ea8, 0x00ee11c1), TOBN(0xeb053cd4, 0xb5e3dd75), - TOBN(0x9b65b13e, 0xd58c43c5), TOBN(0xc3ad49bd, 0xbd151663), - TOBN(0x99fd8e41, 0xb6427990), TOBN(0x12cf15bd, 0x707eae1e), - TOBN(0x29ad4f1b, 0x1aabb71e), TOBN(0x5143e74d, 0x07545d0e), - TOBN(0x30266336, 0xc88bdee1), TOBN(0x25f29306, 0x5876767c), - TOBN(0x9c078571, 0xc6731996), TOBN(0xc88690b2, 0xed552951), - TOBN(0x274f2c2d, 0x852705b4), TOBN(0xb0bf8d44, 0x4e09552d), - TOBN(0x7628beeb, 0x986575d1), TOBN(0x407be238, 0x7f864651), - TOBN(0x0e5e3049, 0xa639fc6b), TOBN(0xe75c35d9, 0x86003625), - TOBN(0x0cf35bd8, 0x5dcc1646), TOBN(0x8bcaced2, 0x6c26273a), - TOBN(0xe22ecf1d, 0xb5536742), TOBN(0x013dd897, 0x1a9e068b), - TOBN(0x17f411cb, 0x8a7909c5), TOBN(0x5757ac98, 0x861dd506), - TOBN(0x85de1f0d, 0x1e935abb), TOBN(0xdefd10b4, 0x154de37a), - TOBN(0xb8d9e392, 0x369cebb5), TOBN(0x54d5ef9b, 0x761324be), - TOBN(0x4d6341ba, 0x74f17e26), TOBN(0xc0a0e3c8, 0x78c1dde4), - TOBN(0xa6d77581, 0x87d918fd), TOBN(0x66876015, 0x02ca3a13), - TOBN(0xc7313e9c, 0xf36658f0), TOBN(0xc433ef1c, 0x71f8057e), - TOBN(0x85326246, 0x1b6a835a), TOBN(0xc8f05398, 0x7c86394c), - TOBN(0xff398cdf, 0xe983c4a1), TOBN(0xbf5e8162, 0x03b7b931), - TOBN(0x93193c46, 0xb7b9045b), TOBN(0x1e4ebf5d, 0xa4a6e46b), - TOBN(0xf9942a60, 0x43a24fe7), TOBN(0x29c1191e, 0xffb3492b), - TOBN(0x9f662449, 0x902fde05), TOBN(0xc792a7ac, 0x6713c32d), - TOBN(0x2fd88ad8, 0xb737982c), TOBN(0x7e3a0319, 0xa21e60e3), - TOBN(0x09b0de44, 0x7383591a), TOBN(0x6df141ee, 0x8310a456), - TOBN(0xaec1a039, 0xe6d6f471), TOBN(0x14b2ba0f, 0x1198d12e), - TOBN(0xebc1a160, 0x3aeee5ac), TOBN(0x401f4836, 0xe0b964ce), - TOBN(0x2ee43796, 0x4fd03f66), TOBN(0x3fdb4e49, 0xdd8f3f12), - TOBN(0x6ef267f6, 0x29380f18), TOBN(0x3e8e9670, 0x8da64d16), - TOBN(0xbc19180c, 0x207674f1), TOBN(0x112e09a7, 0x33ae8fdb), - TOBN(0x99667554, 0x6aaeb71e), TOBN(0x79432af1, 0xe101b1c7), - TOBN(0xd5eb558f, 0xde2ddec6), TOBN(0x81392d1f, 0x5357753f), - TOBN(0xa7a76b97, 0x3ae1158a), TOBN(0x416fbbff, 0x4a899991), - TOBN(0x9e65fdfd, 0x0d4a9dcf), TOBN(0x7bc29e48, 0x944ddf12), - TOBN(0xbc1a92d9, 0x3c856866), TOBN(0x273c6905, 0x6e98dfe2), - TOBN(0x69fce418, 0xcdfaa6b8), TOBN(0x606bd823, 0x5061c69f), - TOBN(0x42d495a0, 0x6af75e27), TOBN(0x8ed3d505, 0x6d873a1f), - TOBN(0xaf552841, 0x6ab25b6a), TOBN(0xc6c0ffc7, 0x2b1a4523), - TOBN(0xab18827b, 0x21c99e03), TOBN(0x060e8648, 0x9034691b), - TOBN(0x5207f90f, 0x93c7f398), TOBN(0x9f4a96cb, 0x82f8d10b), - TOBN(0xdd71cd79, 0x3ad0f9e3), TOBN(0x84f435d2, 0xfc3a54f5), - TOBN(0x4b03c55b, 0x8e33787f), TOBN(0xef42f975, 0xa6384673), - TOBN(0xff7304f7, 0x5051b9f0), TOBN(0x18aca1dc, 0x741c87c2), - TOBN(0x56f120a7, 0x2d4bfe80), TOBN(0xfd823b3d, 0x053e732c), - TOBN(0x11bccfe4, 0x7537ca16), TOBN(0xdf6c9c74, 0x1b5a996b), - TOBN(0xee7332c7, 0x904fc3fa), TOBN(0x14a23f45, 0xc7e3636a), - TOBN(0xc38659c3, 0xf091d9aa), TOBN(0x4a995e5d, 0xb12d8540), - TOBN(0x20a53bec, 0xf3a5598a), TOBN(0x56534b17, 0xb1eaa995), - TOBN(0x9ed3dca4, 0xbf04e03c), TOBN(0x716c563a, 0xd8d56268), - TOBN(0x27ba77a4, 0x1d6178e7), TOBN(0xe4c80c40, 0x68a1ff8e), - TOBN(0x75011099, 0x0a13f63d), TOBN(0x7bf33521, 0xa61d46f3), - TOBN(0x0aff218e, 0x10b365bb), TOBN(0x81021804, 0x0fd7ea75), - TOBN(0x05a3fd8a, 0xa4b3a925), TOBN(0xb829e75f, 0x9b3db4e6), - TOBN(0x6bdc75a5, 0x4d53e5fb), TOBN(0x04a5dc02, 0xd52717e3), - TOBN(0x86af502f, 0xe9a42ec2), TOBN(0x8867e8fb, 0x2630e382), - TOBN(0xbf845c6e, 0xbec9889b), TOBN(0x54f491f2, 0xcb47c98d), - TOBN(0xa3091fba, 0x790c2a12), TOBN(0xd7f6fd78, 0xc20f708b), - TOBN(0xa569ac30, 0xacde5e17), TOBN(0xd0f996d0, 0x6852b4d7), - TOBN(0xe51d4bb5, 0x4609ae54), TOBN(0x3fa37d17, 0x0daed061), - TOBN(0x62a88684, 0x34b8fb41), TOBN(0x99a2acbd, 0x9efb64f1), - TOBN(0xb75c1a5e, 0x6448e1f2), TOBN(0xfa99951a, 0x42b5a069), - TOBN(0x6d956e89, 0x2f3b26e7), TOBN(0xf4709860, 0xda875247), - TOBN(0x3ad15179, 0x2482dda3), TOBN(0xd64110e3, 0x017d82f0), - TOBN(0x14928d2c, 0xfad414e4), TOBN(0x2b155f58, 0x2ed02b24), - TOBN(0x481a141b, 0xcb821bf1), TOBN(0x12e3c770, 0x4f81f5da), - TOBN(0xe49c5de5, 0x9fff8381), TOBN(0x11053232, 0x5bbec894), - TOBN(0xa0d051cc, 0x454d88c4), TOBN(0x4f6db89c, 0x1f8e531b), - TOBN(0x34fe3fd6, 0xca563a44), TOBN(0x7f5c2215, 0x58da8ab9), - TOBN(0x8445016d, 0x9474f0a1), TOBN(0x17d34d61, 0xcb7d8a0a), - TOBN(0x8e9d3910, 0x1c474019), TOBN(0xcaff2629, 0xd52ceefb), - TOBN(0xf9cf3e32, 0xc1622c2b), TOBN(0xd4b95e3c, 0xe9071a05), - TOBN(0xfbbca61f, 0x1594438c), TOBN(0x1eb6e6a6, 0x04aadedf), - TOBN(0x853027f4, 0x68e14940), TOBN(0x221d322a, 0xdfabda9c), - TOBN(0xed8ea9f6, 0xb7cb179a), TOBN(0xdc7b764d, 0xb7934dcc), - TOBN(0xfcb13940, 0x5e09180d), TOBN(0x6629a6bf, 0xb47dc2dd), - TOBN(0xbfc55e4e, 0x9f5a915e), TOBN(0xb1db9d37, 0x6204441e), - TOBN(0xf82d68cf, 0x930c5f53), TOBN(0x17d3a142, 0xcbb605b1), - TOBN(0xdd5944ea, 0x308780f2), TOBN(0xdc8de761, 0x3845f5e4), - TOBN(0x6beaba7d, 0x7624d7a3), TOBN(0x1e709afd, 0x304df11e), - TOBN(0x95364376, 0x02170456), TOBN(0xbf204b3a, 0xc8f94b64), - TOBN(0x4e53af7c, 0x5680ca68), TOBN(0x0526074a, 0xe0c67574), - TOBN(0x95d8cef8, 0xecd92af6), TOBN(0xe6b9fa7a, 0x6cd1745a), - TOBN(0x3d546d3d, 0xa325c3e4), TOBN(0x1f57691d, 0x9ae93aae), - TOBN(0xe891f3fe, 0x9d2e1a33), TOBN(0xd430093f, 0xac063d35), - TOBN(0xeda59b12, 0x5513a327), TOBN(0xdc2134f3, 0x5536f18f), - TOBN(0xaa51fe2c, 0x5c210286), TOBN(0x3f68aaee, 0x1cab658c), - TOBN(0x5a23a00b, 0xf9357292), TOBN(0x9a626f39, 0x7efdabed), - TOBN(0xfe2b3bf3, 0x199d78e3), TOBN(0xb7a2af77, 0x71bbc345), - TOBN(0x3d19827a, 0x1e59802c), TOBN(0x823bbc15, 0xb487a51c), - TOBN(0x856139f2, 0x99d0a422), TOBN(0x9ac3df65, 0xf456c6fb), - TOBN(0xaddf65c6, 0x701f8bd6), TOBN(0x149f321e, 0x3758df87), - TOBN(0xb1ecf714, 0x721b7eba), TOBN(0xe17df098, 0x31a3312a), - TOBN(0xdb2fd6ec, 0xd5c4d581), TOBN(0xfd02996f, 0x8fcea1b3), - TOBN(0xe29fa63e, 0x7882f14f), TOBN(0xc9f6dc35, 0x07c6cadc), - TOBN(0x46f22d6f, 0xb882bed0), TOBN(0x1a45755b, 0xd118e52c), - TOBN(0x9f2c7c27, 0x7c4608cf), TOBN(0x7ccbdf32, 0x568012c2), - TOBN(0xfcb0aedd, 0x61729b0e), TOBN(0x7ca2ca9e, 0xf7d75dbf), - TOBN(0xf58fecb1, 0x6f640f62), TOBN(0xe274b92b, 0x39f51946), - TOBN(0x7f4dfc04, 0x6288af44), TOBN(0x0a91f32a, 0xeac329e5), - TOBN(0x43ad274b, 0xd6aaba31), TOBN(0x719a1640, 0x0f6884f9), - TOBN(0x685d29f6, 0xdaf91e20), TOBN(0x5ec1cc33, 0x27e49d52), - TOBN(0x38f4de96, 0x3b54a059), TOBN(0x0e0015e5, 0xefbcfdb3), - TOBN(0x177d23d9, 0x4dbb8da6), TOBN(0x98724aa2, 0x97a617ad), - TOBN(0x30f0885b, 0xfdb6558e), TOBN(0xf9f7a28a, 0xc7899a96), - TOBN(0xd2ae8ac8, 0x872dc112), TOBN(0xfa0642ca, 0x73c3c459), - TOBN(0x15296981, 0xe7dfc8d6), TOBN(0x67cd4450, 0x1fb5b94a), - TOBN(0x0ec71cf1, 0x0eddfd37), TOBN(0xc7e5eeb3, 0x9a8eddc7), - TOBN(0x02ac8e3d, 0x81d95028), TOBN(0x0088f172, 0x70b0e35d), - TOBN(0xec041fab, 0xe1881fe3), TOBN(0x62cf71b8, 0xd99e7faa), - TOBN(0x5043dea7, 0xe0f222c2), TOBN(0x309d42ac, 0x72e65142), - TOBN(0x94fe9ddd, 0x9216cd30), TOBN(0xd6539c7d, 0x0f87feec), - TOBN(0x03c5a57c, 0x432ac7d7), TOBN(0x72692cf0, 0x327fda10), - TOBN(0xec28c85f, 0x280698de), TOBN(0x2331fb46, 0x7ec283b1), - TOBN(0xd34bfa32, 0x2867e633), TOBN(0x78709a82, 0x0a9cc815), - TOBN(0xb7fe6964, 0x875e2fa5), TOBN(0x25cc064f, 0x9e98bfb5), - TOBN(0x9eb0151c, 0x493a65c5), TOBN(0x5fb5d941, 0x53182464), - TOBN(0x69e6f130, 0xf04618e2), TOBN(0xa8ecec22, 0xf89c8ab6), - TOBN(0xcd6ac88b, 0xb96209bd), TOBN(0x65fa8cdb, 0xb3e1c9e0), - TOBN(0xa47d22f5, 0x4a8d8eac), TOBN(0x83895cdf, 0x8d33f963), - TOBN(0xa8adca59, 0xb56cd3d1), TOBN(0x10c8350b, 0xdaf38232), - TOBN(0x2b161fb3, 0xa5080a9f), TOBN(0xbe7f5c64, 0x3af65b3a), - TOBN(0x2c754039, 0x97403a11), TOBN(0x94626cf7, 0x121b96af), - TOBN(0x431de7c4, 0x6a983ec2), TOBN(0x3780dd3a, 0x52cc3df7), - TOBN(0xe28a0e46, 0x2baf8e3b), TOBN(0xabe68aad, 0x51d299ae), - TOBN(0x603eb8f9, 0x647a2408), TOBN(0x14c61ed6, 0x5c750981), - TOBN(0x88b34414, 0xc53352e7), TOBN(0x5a34889c, 0x1337d46e), - TOBN(0x612c1560, 0xf95f2bc8), TOBN(0x8a3f8441, 0xd4807a3a), - TOBN(0x680d9e97, 0x5224da68), TOBN(0x60cd6e88, 0xc3eb00e9), - TOBN(0x3875a98e, 0x9a6bc375), TOBN(0xdc80f924, 0x4fd554c2), - TOBN(0x6c4b3415, 0x6ac77407), TOBN(0xa1e5ea8f, 0x25420681), - TOBN(0x541bfa14, 0x4607a458), TOBN(0x5dbc7e7a, 0x96d7fbf9), - TOBN(0x646a851b, 0x31590a47), TOBN(0x039e85ba, 0x15ee6df8), - TOBN(0xd19fa231, 0xd7b43fc0), TOBN(0x84bc8be8, 0x299a0e04), - TOBN(0x2b9d2936, 0xf20df03a), TOBN(0x24054382, 0x8608d472), - TOBN(0x76b6ba04, 0x9149202a), TOBN(0xb21c3831, 0x3670e7b7), - TOBN(0xddd93059, 0xd6fdee10), TOBN(0x9da47ad3, 0x78488e71), - TOBN(0x99cc1dfd, 0xa0fcfb25), TOBN(0x42abde10, 0x64696954), - TOBN(0x14cc15fc, 0x17eab9fe), TOBN(0xd6e863e4, 0xd3e70972), - TOBN(0x29a7765c, 0x6432112c), TOBN(0x88660001, 0x5b0774d8), - TOBN(0x3729175a, 0x2c088eae), TOBN(0x13afbcae, 0x8230b8d4), - TOBN(0x44768151, 0x915f4379), TOBN(0xf086431a, 0xd8d22812), - TOBN(0x37461955, 0xc298b974), TOBN(0x905fb5f0, 0xf8711e04), - TOBN(0x787abf3a, 0xfe969d18), TOBN(0x392167c2, 0x6f6a494e), - TOBN(0xfc7a0d2d, 0x28c511da), TOBN(0xf127c7dc, 0xb66a262d), - TOBN(0xf9c4bb95, 0xfd63fdf0), TOBN(0x90016589, 0x3913ef46), - TOBN(0x74d2a73c, 0x11aa600d), TOBN(0x2f5379bd, 0x9fb5ab52), - TOBN(0xe49e53a4, 0x7fb70068), TOBN(0x68dd39e5, 0x404aa9a7), - TOBN(0xb9b0cf57, 0x2ecaa9c3), TOBN(0xba0e103b, 0xe824826b), - TOBN(0x60c2198b, 0x4631a3c4), TOBN(0xc5ff84ab, 0xfa8966a2), - TOBN(0x2d6ebe22, 0xac95aff8), TOBN(0x1c9bb6db, 0xb5a46d09), - TOBN(0x419062da, 0x53ee4f8d), TOBN(0x7b9042d0, 0xbb97efef), - TOBN(0x0f87f080, 0x830cf6bd), TOBN(0x4861d19a, 0x6ec8a6c6), - TOBN(0xd3a0daa1, 0x202f01aa), TOBN(0xb0111674, 0xf25afbd5), - TOBN(0x6d00d6cf, 0x1afb20d9), TOBN(0x13695000, 0x40671bc5), - TOBN(0x913ab0dc, 0x2485ea9b), TOBN(0x1f2bed06, 0x9eef61ac), - TOBN(0x850c8217, 0x6d799e20), TOBN(0x93415f37, 0x3271c2de), - TOBN(0x5afb06e9, 0x6c4f5910), TOBN(0x688a52df, 0xc4e9e421), - TOBN(0x30495ba3, 0xe2a9a6db), TOBN(0x4601303d, 0x58f9268b), - TOBN(0xbe3b0dad, 0x7eb0f04f), TOBN(0x4ea47250, 0x4456936d), - TOBN(0x8caf8798, 0xd33fd3e7), TOBN(0x1ccd8a89, 0xeb433708), - TOBN(0x9effe3e8, 0x87fd50ad), TOBN(0xbe240a56, 0x6b29c4df), - TOBN(0xec4ffd98, 0xca0e7ebd), TOBN(0xf586783a, 0xe748616e), - TOBN(0xa5b00d8f, 0xc77baa99), TOBN(0x0acada29, 0xb4f34c9c), - TOBN(0x36dad67d, 0x0fe723ac), TOBN(0x1d8e53a5, 0x39c36c1e), - TOBN(0xe4dd342d, 0x1f4bea41), TOBN(0x64fd5e35, 0xebc9e4e0), - TOBN(0x96f01f90, 0x57908805), TOBN(0xb5b9ea3d, 0x5ed480dd), - TOBN(0x366c5dc2, 0x3efd2dd0), TOBN(0xed2fe305, 0x6e9dfa27), - TOBN(0x4575e892, 0x6e9197e2), TOBN(0x11719c09, 0xab502a5d), - TOBN(0x264c7bec, 0xe81f213f), TOBN(0x741b9241, 0x55f5c457), - TOBN(0x78ac7b68, 0x49a5f4f4), TOBN(0xf91d70a2, 0x9fc45b7d), - TOBN(0x39b05544, 0xb0f5f355), TOBN(0x11f06bce, 0xeef930d9), - TOBN(0xdb84d25d, 0x038d05e1), TOBN(0x04838ee5, 0xbacc1d51), - TOBN(0x9da3ce86, 0x9e8ee00b), TOBN(0xc3412057, 0xc36eda1f), - TOBN(0xae80b913, 0x64d9c2f4), TOBN(0x7468bac3, 0xa010a8ff), - TOBN(0xdfd20037, 0x37359d41), TOBN(0x1a0f5ab8, 0x15efeacc), - TOBN(0x7c25ad2f, 0x659d0ce0), TOBN(0x4011bcbb, 0x6785cff1), - TOBN(0x128b9912, 0x7e2192c7), TOBN(0xa549d8e1, 0x13ccb0e8), - TOBN(0x805588d8, 0xc85438b1), TOBN(0x5680332d, 0xbc25cb27), - TOBN(0xdcd1bc96, 0x1a4bfdf4), TOBN(0x779ff428, 0x706f6566), - TOBN(0x8bbee998, 0xf059987a), TOBN(0xf6ce8cf2, 0xcc686de7), - TOBN(0xf8ad3c4a, 0x953cfdb2), TOBN(0xd1d426d9, 0x2205da36), - TOBN(0xb3c0f13f, 0xc781a241), TOBN(0x3e89360e, 0xd75362a8), - TOBN(0xccd05863, 0xc8a91184), TOBN(0x9bd0c9b7, 0xefa8a7f4), - TOBN(0x97ee4d53, 0x8a912a4b), TOBN(0xde5e15f8, 0xbcf518fd), - TOBN(0x6a055bf8, 0xc467e1e0), TOBN(0x10be4b4b, 0x1587e256), - TOBN(0xd90c14f2, 0x668621c9), TOBN(0xd5518f51, 0xab9c92c1), - TOBN(0x8e6a0100, 0xd6d47b3c), TOBN(0xcbe980dd, 0x66716175), - TOBN(0x500d3f10, 0xddd83683), TOBN(0x3b6cb35d, 0x99cac73c), - TOBN(0x53730c8b, 0x6083d550), TOBN(0xcf159767, 0xdf0a1987), - TOBN(0x84bfcf53, 0x43ad73b3), TOBN(0x1b528c20, 0x4f035a94), - TOBN(0x4294edf7, 0x33eeac69), TOBN(0xb6283e83, 0x817f3240), - TOBN(0xc3fdc959, 0x0a5f25b1), TOBN(0xefaf8aa5, 0x5844ee22), - TOBN(0xde269ba5, 0xdbdde4de), TOBN(0xe3347160, 0xc56133bf), - TOBN(0xc1184219, 0x8d9ea9f8), TOBN(0x090de5db, 0xf3fc1ab5), - TOBN(0x404c37b1, 0x0bf22cda), TOBN(0x7de20ec8, 0xf5618894), - TOBN(0x754c588e, 0xecdaecab), TOBN(0x6ca4b0ed, 0x88342743), - TOBN(0x76f08bdd, 0xf4a938ec), TOBN(0xd182de89, 0x91493ccb), - TOBN(0xd652c53e, 0xc8a4186a), TOBN(0xb3e878db, 0x946d8e33), - TOBN(0x088453c0, 0x5f37663c), TOBN(0x5cd9daaa, 0xb407748b), - TOBN(0xa1f5197f, 0x586d5e72), TOBN(0x47500be8, 0xc443ca59), - TOBN(0x78ef35b2, 0xe2652424), TOBN(0x09c5d26f, 0x6dd7767d), - TOBN(0x7175a79a, 0xa74d3f7b), TOBN(0x0428fd8d, 0xcf5ea459), - TOBN(0x511cb97c, 0xa5d1746d), TOBN(0x36363939, 0xe71d1278), - TOBN(0xcf2df955, 0x10350bf4), TOBN(0xb3817439, 0x60aae782), - TOBN(0xa748c0e4, 0x3e688809), TOBN(0x98021fbf, 0xd7a5a006), - TOBN(0x9076a70c, 0x0e367a98), TOBN(0xbea1bc15, 0x0f62b7c2), - TOBN(0x2645a68c, 0x30fe0343), TOBN(0xacaffa78, 0x699dc14f), - TOBN(0xf4469964, 0x457bf9c4), TOBN(0x0db6407b, 0x0d2ead83), - TOBN(0x68d56cad, 0xb2c6f3eb), TOBN(0x3b512e73, 0xf376356c), - TOBN(0xe43b0e1f, 0xfce10408), TOBN(0x89ddc003, 0x5a5e257d), - TOBN(0xb0ae0d12, 0x0362e5b3), TOBN(0x07f983c7, 0xb0519161), - TOBN(0xc2e94d15, 0x5d5231e7), TOBN(0xcff22aed, 0x0b4f9513), - TOBN(0xb02588dd, 0x6ad0b0b5), TOBN(0xb967d1ac, 0x11d0dcd5), - TOBN(0x8dac6bc6, 0xcf777b6c), TOBN(0x0062bdbd, 0x4c6d1959), - TOBN(0x53da71b5, 0x0ef5cc85), TOBN(0x07012c7d, 0x4006f14f), - TOBN(0x4617f962, 0xac47800d), TOBN(0x53365f2b, 0xc102ed75), - TOBN(0xb422efcb, 0x4ab8c9d3), TOBN(0x195cb26b, 0x34af31c9), - TOBN(0x3a926e29, 0x05f2c4ce), TOBN(0xbd2bdecb, 0x9856966c), - TOBN(0x5d16ab3a, 0x85527015), TOBN(0x9f81609e, 0x4486c231), - TOBN(0xd8b96b2c, 0xda350002), TOBN(0xbd054690, 0xfa1b7d36), - TOBN(0xdc90ebf5, 0xe71d79bc), TOBN(0xf241b6f9, 0x08964e4e), - TOBN(0x7c838643, 0x2fe3cd4c), TOBN(0xe0f33acb, 0xb4bc633c), - TOBN(0xb4a9ecec, 0x3d139f1f), TOBN(0x05ce69cd, 0xdc4a1f49), - TOBN(0xa19d1b16, 0xf5f98aaf), TOBN(0x45bb71d6, 0x6f23e0ef), - TOBN(0x33789fcd, 0x46cdfdd3), TOBN(0x9b8e2978, 0xcee040ca), - TOBN(0x9c69b246, 0xae0a6828), TOBN(0xba533d24, 0x7078d5aa), - TOBN(0x7a2e42c0, 0x7bb4fbdb), TOBN(0xcfb4879a, 0x7035385c), - TOBN(0x8c3dd30b, 0x3281705b), TOBN(0x7e361c6c, 0x404fe081), - TOBN(0x7b21649c, 0x3f604edf), TOBN(0x5dbf6a3f, 0xe52ffe47), - TOBN(0xc41b7c23, 0x4b54d9bf), TOBN(0x1374e681, 0x3511c3d9), - TOBN(0x1863bf16, 0xc1b2b758), TOBN(0x90e78507, 0x1e9e6a96), - TOBN(0xab4bf98d, 0x5d86f174), TOBN(0xd74e0bd3, 0x85e96fe4), - TOBN(0x8afde39f, 0xcac5d344), TOBN(0x90946dbc, 0xbd91b847), - TOBN(0xf5b42358, 0xfe1a838c), TOBN(0x05aae6c5, 0x620ac9d8), - TOBN(0x8e193bd8, 0xa1ce5a0b), TOBN(0x8f710571, 0x4dabfd72), - TOBN(0x8d8fdd48, 0x182caaac), TOBN(0x8c4aeefa, 0x040745cf), - TOBN(0x73c6c30a, 0xf3b93e6d), TOBN(0x991241f3, 0x16f42011), - TOBN(0xa0158eea, 0xe457a477), TOBN(0xd19857db, 0xee6ddc05), - TOBN(0xb3265224, 0x18c41671), TOBN(0x3ffdfc7e, 0x3c2c0d58), - TOBN(0x3a3a5254, 0x26ee7cda), TOBN(0x341b0869, 0xdf02c3a8), - TOBN(0xa023bf42, 0x723bbfc8), TOBN(0x3d15002a, 0x14452691),} - , - {TOBN(0x5ef7324c, 0x85edfa30), TOBN(0x25976554, 0x87d4f3da), - TOBN(0x352f5bc0, 0xdcb50c86), TOBN(0x8f6927b0, 0x4832a96c), - TOBN(0xd08ee1ba, 0x55f2f94c), TOBN(0x6a996f99, 0x344b45fa), - TOBN(0xe133cb8d, 0xa8aa455d), TOBN(0x5d0721ec, 0x758dc1f7), - TOBN(0x6ba7a920, 0x79e5fb67), TOBN(0xe1331feb, 0x70aa725e), - TOBN(0x5080ccf5, 0x7df5d837), TOBN(0xe4cae01d, 0x7ff72e21), - TOBN(0xd9243ee6, 0x0412a77d), TOBN(0x06ff7cac, 0xdf449025), - TOBN(0xbe75f7cd, 0x23ef5a31), TOBN(0xbc957822, 0x0ddef7a8), - TOBN(0x8cf7230c, 0xb0ce1c55), TOBN(0x5b534d05, 0x0bbfb607), - TOBN(0xee1ef113, 0x0e16363b), TOBN(0x27e0aa7a, 0xb4999e82), - TOBN(0xce1dac2d, 0x79362c41), TOBN(0x67920c90, 0x91bb6cb0), - TOBN(0x1e648d63, 0x2223df24), TOBN(0x0f7d9eef, 0xe32e8f28), - TOBN(0x6943f39a, 0xfa833834), TOBN(0x22951722, 0xa6328562), - TOBN(0x81d63dd5, 0x4170fc10), TOBN(0x9f5fa58f, 0xaecc2e6d), - TOBN(0xb66c8725, 0xe77d9a3b), TOBN(0x11235cea, 0x6384ebe0), - TOBN(0x06a8c118, 0x5845e24a), TOBN(0x0137b286, 0xebd093b1), - TOBN(0xc589e1ce, 0x44ace150), TOBN(0xe0f8d3d9, 0x4381e97c), - TOBN(0x59e99b11, 0x62c5a4b8), TOBN(0x90d262f7, 0xfd0ec9f9), - TOBN(0xfbc854c9, 0x283e13c9), TOBN(0x2d04fde7, 0xaedc7085), - TOBN(0x057d7765, 0x47dcbecb), TOBN(0x8dbdf591, 0x9a76fa5f), - TOBN(0xd0150695, 0x0de1e578), TOBN(0x2e1463e7, 0xe9f72bc6), - TOBN(0xffa68441, 0x1b39eca5), TOBN(0x673c8530, 0x7c037f2f), - TOBN(0xd0d6a600, 0x747f91da), TOBN(0xb08d43e1, 0xc9cb78e9), - TOBN(0x0fc0c644, 0x27b5cef5), TOBN(0x5c1d160a, 0xa60a2fd6), - TOBN(0xf98cae53, 0x28c8e13b), TOBN(0x375f10c4, 0xb2eddcd1), - TOBN(0xd4eb8b7f, 0x5cce06ad), TOBN(0xb4669f45, 0x80a2e1ef), - TOBN(0xd593f9d0, 0x5bbd8699), TOBN(0x5528a4c9, 0xe7976d13), - TOBN(0x3923e095, 0x1c7e28d3), TOBN(0xb9293790, 0x3f6bb577), - TOBN(0xdb567d6a, 0xc42bd6d2), TOBN(0x6df86468, 0xbb1f96ae), - TOBN(0x0efe5b1a, 0x4843b28e), TOBN(0x961bbb05, 0x6379b240), - TOBN(0xb6caf5f0, 0x70a6a26b), TOBN(0x70686c0d, 0x328e6e39), - TOBN(0x80da06cf, 0x895fc8d3), TOBN(0x804d8810, 0xb363fdc9), - TOBN(0xbe22877b, 0x207f1670), TOBN(0x9b0dd188, 0x4e615291), - TOBN(0x625ae8dc, 0x97a3c2bf), TOBN(0x08584ef7, 0x439b86e8), - TOBN(0xde7190a5, 0xdcd898ff), TOBN(0x26286c40, 0x2058ee3d), - TOBN(0x3db0b217, 0x5f87b1c1), TOBN(0xcc334771, 0x102a6db5), - TOBN(0xd99de954, 0x2f770fb1), TOBN(0x97c1c620, 0x4cd7535e), - TOBN(0xd3b6c448, 0x3f09cefc), TOBN(0xd725af15, 0x5a63b4f8), - TOBN(0x0c95d24f, 0xc01e20ec), TOBN(0xdfd37494, 0x9ae7121f), - TOBN(0x7d6ddb72, 0xec77b7ec), TOBN(0xfe079d3b, 0x0353a4ae), - TOBN(0x3066e70a, 0x2e6ac8d2), TOBN(0x9c6b5a43, 0x106e5c05), - TOBN(0x52d3c6f5, 0xede59b8c), TOBN(0x30d6a5c3, 0xfccec9ae), - TOBN(0xedec7c22, 0x4fc0a9ef), TOBN(0x190ff083, 0x95c16ced), - TOBN(0xbe12ec8f, 0x94de0fde), TOBN(0x0d131ab8, 0x852d3433), - TOBN(0x42ace07e, 0x85701291), TOBN(0x94793ed9, 0x194061a8), - TOBN(0x30e83ed6, 0xd7f4a485), TOBN(0x9eec7269, 0xf9eeff4d), - TOBN(0x90acba59, 0x0c9d8005), TOBN(0x5feca458, 0x1e79b9d1), - TOBN(0x8fbe5427, 0x1d506a1e), TOBN(0xa32b2c8e, 0x2439cfa7), - TOBN(0x1671c173, 0x73dd0b4e), TOBN(0x37a28214, 0x44a054c6), - TOBN(0x81760a1b, 0x4e8b53f1), TOBN(0xa6c04224, 0xf9f93b9e), - TOBN(0x18784b34, 0xcf671e3c), TOBN(0x81bbecd2, 0xcda9b994), - TOBN(0x38831979, 0xb2ab3848), TOBN(0xef54feb7, 0xf2e03c2d), - TOBN(0xcf197ca7, 0xfb8088fa), TOBN(0x01427247, 0x4ddc96c5), - TOBN(0xa2d2550a, 0x30777176), TOBN(0x53469898, 0x4d0cf71d), - TOBN(0x6ce937b8, 0x3a2aaac6), TOBN(0xe9f91dc3, 0x5af38d9b), - TOBN(0x2598ad83, 0xc8bf2899), TOBN(0x8e706ac9, 0xb5536c16), - TOBN(0x40dc7495, 0xf688dc98), TOBN(0x26490cd7, 0x124c4afc), - TOBN(0xe651ec84, 0x1f18775c), TOBN(0x393ea6c3, 0xb4fdaf4a), - TOBN(0x1e1f3343, 0x7f338e0d), TOBN(0x39fb832b, 0x6053e7b5), - TOBN(0x46e702da, 0x619e14d5), TOBN(0x859cacd1, 0xcdeef6e0), - TOBN(0x63b99ce7, 0x4462007d), TOBN(0xb8ab48a5, 0x4cb5f5b7), - TOBN(0x9ec673d2, 0xf55edde7), TOBN(0xd1567f74, 0x8cfaefda), - TOBN(0x46381b6b, 0x0887bcec), TOBN(0x694497ce, 0xe178f3c2), - TOBN(0x5e6525e3, 0x1e6266cb), TOBN(0x5931de26, 0x697d6413), - TOBN(0x87f8df7c, 0x0e58d493), TOBN(0xb1ae5ed0, 0x58b73f12), - TOBN(0xc368f784, 0xdea0c34d), TOBN(0x9bd0a120, 0x859a91a0), - TOBN(0xb00d88b7, 0xcc863c68), TOBN(0x3a1cc11e, 0x3d1f4d65), - TOBN(0xea38e0e7, 0x0aa85593), TOBN(0x37f13e98, 0x7dc4aee8), - TOBN(0x10d38667, 0xbc947bad), TOBN(0x738e07ce, 0x2a36ee2e), - TOBN(0xc93470cd, 0xc577fcac), TOBN(0xdee1b616, 0x2782470d), - TOBN(0x36a25e67, 0x2e793d12), TOBN(0xd6aa6cae, 0xe0f186da), - TOBN(0x474d0fd9, 0x80e07af7), TOBN(0xf7cdc47d, 0xba8a5cd4), - TOBN(0x28af6d9d, 0xab15247f), TOBN(0x7c789c10, 0x493a537f), - TOBN(0x7ac9b110, 0x23a334e7), TOBN(0x0236ac09, 0x12c9c277), - TOBN(0xa7e5bd25, 0x1d7a5144), TOBN(0x098b9c2a, 0xf13ec4ec), - TOBN(0x3639daca, 0xd3f0abca), TOBN(0x642da81a, 0xa23960f9), - TOBN(0x7d2e5c05, 0x4f7269b1), TOBN(0xfcf30777, 0xe287c385), - TOBN(0x10edc84f, 0xf2a46f21), TOBN(0x35441757, 0x4f43fa36), - TOBN(0xf1327899, 0xfd703431), TOBN(0xa438d7a6, 0x16dd587a), - TOBN(0x65c34c57, 0xe9c8352d), TOBN(0xa728edab, 0x5cc5a24e), - TOBN(0xaed78abc, 0x42531689), TOBN(0x0a51a0e8, 0x010963ef), - TOBN(0x5776fa0a, 0xd717d9b3), TOBN(0xf356c239, 0x7dd3428b), - TOBN(0x29903fff, 0x8d3a3dac), TOBN(0x409597fa, 0x3d94491f), - TOBN(0x4cd7a5ff, 0xbf4a56a4), TOBN(0xe5096474, 0x8adab462), - TOBN(0xa97b5126, 0x5c3427b0), TOBN(0x6401405c, 0xd282c9bd), - TOBN(0x3629f8d7, 0x222c5c45), TOBN(0xb1c02c16, 0xe8d50aed), - TOBN(0xbea2ed75, 0xd9635bc9), TOBN(0x226790c7, 0x6e24552f), - TOBN(0x3c33f2a3, 0x65f1d066), TOBN(0x2a43463e, 0x6dfccc2e), - TOBN(0x8cc3453a, 0xdb483761), TOBN(0xe7cc6085, 0x65d5672b), - TOBN(0x277ed6cb, 0xde3efc87), TOBN(0x19f2f368, 0x69234eaf), - TOBN(0x9aaf4317, 0x5c0b800b), TOBN(0x1f1e7c89, 0x8b6da6e2), - TOBN(0x6cfb4715, 0xb94ec75e), TOBN(0xd590dd5f, 0x453118c2), - TOBN(0x14e49da1, 0x1f17a34c), TOBN(0x5420ab39, 0x235a1456), - TOBN(0xb7637241, 0x2f50363b), TOBN(0x7b15d623, 0xc3fabb6e), - TOBN(0xa0ef40b1, 0xe274e49c), TOBN(0x5cf50744, 0x96b1860a), - TOBN(0xd6583fbf, 0x66afe5a4), TOBN(0x44240510, 0xf47e3e9a), - TOBN(0x99254343, 0x11b2d595), TOBN(0xf1367499, 0xeec8df57), - TOBN(0x3cb12c61, 0x3e73dd05), TOBN(0xd248c033, 0x7dac102a), - TOBN(0xcf154f13, 0xa77739f5), TOBN(0xbf4288cb, 0x23d2af42), - TOBN(0xaa64c9b6, 0x32e4a1cf), TOBN(0xee8c07a8, 0xc8a208f3), - TOBN(0xe10d4999, 0x6fe8393f), TOBN(0x0f809a3f, 0xe91f3a32), - TOBN(0x61096d1c, 0x802f63c8), TOBN(0x289e1462, 0x57750d3d), - TOBN(0xed06167e, 0x9889feea), TOBN(0xd5c9c0e2, 0xe0993909), - TOBN(0x46fca0d8, 0x56508ac6), TOBN(0x91826047, 0x4f1b8e83), - TOBN(0x4f2c877a, 0x9a4a2751), TOBN(0x71bd0072, 0xcae6fead), - TOBN(0x38df8dcc, 0x06aa1941), TOBN(0x5a074b4c, 0x63beeaa8), - TOBN(0xd6d65934, 0xc1cec8ed), TOBN(0xa6ecb49e, 0xaabc03bd), - TOBN(0xaade91c2, 0xde8a8415), TOBN(0xcfb0efdf, 0x691136e0), - TOBN(0x11af45ee, 0x23ab3495), TOBN(0xa132df88, 0x0b77463d), - TOBN(0x8923c15c, 0x815d06f4), TOBN(0xc3ceb3f5, 0x0d61a436), - TOBN(0xaf52291d, 0xe88fb1da), TOBN(0xea057974, 0x1da12179), - TOBN(0xb0d7218c, 0xd2fef720), TOBN(0x6c0899c9, 0x8e1d8845), - TOBN(0x98157504, 0x752ddad7), TOBN(0xd60bd74f, 0xa1a68a97), - TOBN(0x7047a3a9, 0xf658fb99), TOBN(0x1f5d86d6, 0x5f8511e4), - TOBN(0xb8a4bc42, 0x4b5a6d88), TOBN(0x69eb2c33, 0x1abefa7d), - TOBN(0x95bf39e8, 0x13c9c510), TOBN(0xf571960a, 0xd48aab43), - TOBN(0x7e8cfbcf, 0x704e23c6), TOBN(0xc71b7d22, 0x28aaa65b), - TOBN(0xa041b2bd, 0x245e3c83), TOBN(0x69b98834, 0xd21854ff), - TOBN(0x89d227a3, 0x963bfeec), TOBN(0x99947aaa, 0xde7da7cb), - TOBN(0x1d9ee9db, 0xee68a9b1), TOBN(0x0a08f003, 0x698ec368), - TOBN(0xe9ea4094, 0x78ef2487), TOBN(0xc8d2d415, 0x02cfec26), - TOBN(0xc52f9a6e, 0xb7dcf328), TOBN(0x0ed489e3, 0x85b6a937), - TOBN(0x9b94986b, 0xbef3366e), TOBN(0x0de59c70, 0xedddddb8), - TOBN(0xffdb748c, 0xeadddbe2), TOBN(0x9b9784bb, 0x8266ea40), - TOBN(0x142b5502, 0x1a93507a), TOBN(0xb4cd1187, 0x8d3c06cf), - TOBN(0xdf70e76a, 0x91ec3f40), TOBN(0x484e81ad, 0x4e7553c2), - TOBN(0x830f87b5, 0x272e9d6e), TOBN(0xea1c93e5, 0xc6ff514a), - TOBN(0x67cc2adc, 0xc4192a8e), TOBN(0xc77e27e2, 0x42f4535a), - TOBN(0x9cdbab36, 0xd2b713c5), TOBN(0x86274ea0, 0xcf7b0cd3), - TOBN(0x784680f3, 0x09af826b), TOBN(0xbfcc837a, 0x0c72dea3), - TOBN(0xa8bdfe9d, 0xd6529b73), TOBN(0x708aa228, 0x63a88002), - TOBN(0x6c7a9a54, 0xc91d45b9), TOBN(0xdf1a38bb, 0xfd004f56), - TOBN(0x2e8c9a26, 0xb8bad853), TOBN(0x2d52cea3, 0x3723eae7), - TOBN(0x054d6d81, 0x56ca2830), TOBN(0xa3317d14, 0x9a8dc411), - TOBN(0xa08662fe, 0xfd4ddeda), TOBN(0xed2a153a, 0xb55d792b), - TOBN(0x7035c16a, 0xbfc6e944), TOBN(0xb6bc5834, 0x00171cf3), - TOBN(0xe27152b3, 0x83d102b6), TOBN(0xfe695a47, 0x0646b848), - TOBN(0xa5bb09d8, 0x916e6d37), TOBN(0xb4269d64, 0x0d17015e), - TOBN(0x8d8156a1, 0x0a1d2285), TOBN(0xfeef6c51, 0x46d26d72), - TOBN(0x9dac57c8, 0x4c5434a7), TOBN(0x0282e5be, 0x59d39e31), - TOBN(0xedfff181, 0x721c486d), TOBN(0x301baf10, 0xbc58824e), - TOBN(0x8136a6aa, 0x00570031), TOBN(0x55aaf78c, 0x1cddde68), - TOBN(0x26829371, 0x59c63952), TOBN(0x3a3bd274, 0x8bc25baf), - TOBN(0xecdf8657, 0xb7e52dc3), TOBN(0x2dd8c087, 0xfd78e6c8), - TOBN(0x20553274, 0xf5531461), TOBN(0x8b4a1281, 0x5d95499b), - TOBN(0xe2c8763a, 0x1a80f9d2), TOBN(0xd1dbe32b, 0x4ddec758), - TOBN(0xaf12210d, 0x30c34169), TOBN(0xba74a953, 0x78baa533), - TOBN(0x3d133c6e, 0xa438f254), TOBN(0xa431531a, 0x201bef5b), - TOBN(0x15295e22, 0xf669d7ec), TOBN(0xca374f64, 0x357fb515), - TOBN(0x8a8406ff, 0xeaa3fdb3), TOBN(0x106ae448, 0xdf3f2da8), - TOBN(0x8f9b0a90, 0x33c8e9a1), TOBN(0x234645e2, 0x71ad5885), - TOBN(0x3d083224, 0x1c0aed14), TOBN(0xf10a7d3e, 0x7a942d46), - TOBN(0x7c11deee, 0x40d5c9be), TOBN(0xb2bae7ff, 0xba84ed98), - TOBN(0x93e97139, 0xaad58ddd), TOBN(0x3d872796, 0x3f6d1fa3), - TOBN(0x483aca81, 0x8569ff13), TOBN(0x8b89a5fb, 0x9a600f72), - TOBN(0x4cbc27c3, 0xc06f2b86), TOBN(0x22130713, 0x63ad9c0b), - TOBN(0xb5358b1e, 0x48ac2840), TOBN(0x18311294, 0xecba9477), - TOBN(0xda58f990, 0xa6946b43), TOBN(0x3098baf9, 0x9ab41819), - TOBN(0x66c4c158, 0x4198da52), TOBN(0xab4fc17c, 0x146bfd1b), - TOBN(0x2f0a4c3c, 0xbf36a908), TOBN(0x2ae9e34b, 0x58cf7838), - TOBN(0xf411529e, 0x3fa11b1f), TOBN(0x21e43677, 0x974af2b4), - TOBN(0x7c20958e, 0xc230793b), TOBN(0x710ea885, 0x16e840f3), - TOBN(0xfc0b21fc, 0xc5dc67cf), TOBN(0x08d51647, 0x88405718), - TOBN(0xd955c21f, 0xcfe49eb7), TOBN(0x9722a5d5, 0x56dd4a1f), - TOBN(0xc9ef50e2, 0xc861baa5), TOBN(0xc0c21a5d, 0x9505ac3e), - TOBN(0xaf6b9a33, 0x8b7c063f), TOBN(0xc6370339, 0x2f4779c1), - TOBN(0x22df99c7, 0x638167c3), TOBN(0xfe6ffe76, 0x795db30c), - TOBN(0x2b822d33, 0xa4854989), TOBN(0xfef031dd, 0x30563aa5), - TOBN(0x16b09f82, 0xd57c667f), TOBN(0xc70312ce, 0xcc0b76f1), - TOBN(0xbf04a9e6, 0xc9118aec), TOBN(0x82fcb419, 0x3409d133), - TOBN(0x1a8ab385, 0xab45d44d), TOBN(0xfba07222, 0x617b83a3), - TOBN(0xb05f50dd, 0x58e81b52), TOBN(0x1d8db553, 0x21ce5aff), - TOBN(0x3097b8d4, 0xe344a873), TOBN(0x7d8d116d, 0xfe36d53e), - TOBN(0x6db22f58, 0x7875e750), TOBN(0x2dc5e373, 0x43e144ea), - TOBN(0xc05f32e6, 0xe799eb95), TOBN(0xe9e5f4df, 0x6899e6ec), - TOBN(0xbdc3bd68, 0x1fab23d5), TOBN(0xb72b8ab7, 0x73af60e6), - TOBN(0x8db27ae0, 0x2cecc84a), TOBN(0x600016d8, 0x7bdb871c), - TOBN(0x42a44b13, 0xd7c46f58), TOBN(0xb8919727, 0xc3a77d39), - TOBN(0xcfc6bbbd, 0xdafd6088), TOBN(0x1a740146, 0x6bd20d39), - TOBN(0x8c747abd, 0x98c41072), TOBN(0x4c91e765, 0xbdf68ea1), - TOBN(0x7c95e5ca, 0x08819a78), TOBN(0xcf48b729, 0xc9587921), - TOBN(0x091c7c5f, 0xdebbcc7d), TOBN(0x6f287404, 0xf0e05149), - TOBN(0xf83b5ac2, 0x26cd44ec), TOBN(0x88ae32a6, 0xcfea250e), - TOBN(0x6ac5047a, 0x1d06ebc5), TOBN(0xc7e550b4, 0xd434f781), - TOBN(0x61ab1cf2, 0x5c727bd2), TOBN(0x2e4badb1, 0x1cf915b0), - TOBN(0x1b4dadec, 0xf69d3920), TOBN(0xe61b1ca6, 0xf14c1dfe), - TOBN(0x90b479cc, 0xbd6bd51f), TOBN(0x8024e401, 0x8045ec30), - TOBN(0xcab29ca3, 0x25ef0e62), TOBN(0x4f2e9416, 0x49e4ebc0), - TOBN(0x45eb40ec, 0x0ccced58), TOBN(0x25cd4b9c, 0x0da44f98), - TOBN(0x43e06458, 0x871812c6), TOBN(0x99f80d55, 0x16cef651), - TOBN(0x571340c9, 0xce6dc153), TOBN(0x138d5117, 0xd8665521), - TOBN(0xacdb45bc, 0x4e07014d), TOBN(0x2f34bb38, 0x84b60b91), - TOBN(0xf44a4fd2, 0x2ae8921e), TOBN(0xb039288e, 0x892ba1e2), - TOBN(0x9da50174, 0xb1c180b2), TOBN(0x6b70ab66, 0x1693dc87), - TOBN(0x7e9babc9, 0xe7057481), TOBN(0x4581ddef, 0x9c80dc41), - TOBN(0x0c890da9, 0x51294682), TOBN(0x0b5629d3, 0x3f4736e5), - TOBN(0x2340c79e, 0xb06f5b41), TOBN(0xa42e84ce, 0x4e243469), - TOBN(0xf9a20135, 0x045a71a9), TOBN(0xefbfb415, 0xd27b6fb6), - TOBN(0x25ebea23, 0x9d33cd6f), TOBN(0x9caedb88, 0xaa6c0af8), - TOBN(0x53dc7e9a, 0xd9ce6f96), TOBN(0x3897f9fd, 0x51e0b15a), - TOBN(0xf51cb1f8, 0x8e5d788e), TOBN(0x1aec7ba8, 0xe1d490ee), - TOBN(0x265991e0, 0xcc58cb3c), TOBN(0x9f306e8c, 0x9fc3ad31), - TOBN(0x5fed006e, 0x5040a0ac), TOBN(0xca9d5043, 0xfb476f2e), - TOBN(0xa19c06e8, 0xbeea7a23), TOBN(0xd2865801, 0x0edabb63), - TOBN(0xdb92293f, 0x6967469a), TOBN(0x2894d839, 0x8d8a8ed8), - TOBN(0x87c9e406, 0xbbc77122), TOBN(0x8671c6f1, 0x2ea3a26a), - TOBN(0xe42df8d6, 0xd7de9853), TOBN(0x2e3ce346, 0xb1f2bcc7), - TOBN(0xda601dfc, 0x899d50cf), TOBN(0xbfc913de, 0xfb1b598f), - TOBN(0x81c4909f, 0xe61f7908), TOBN(0x192e304f, 0x9bbc7b29), - TOBN(0xc3ed8738, 0xc104b338), TOBN(0xedbe9e47, 0x783f5d61), - TOBN(0x0c06e9be, 0x2db30660), TOBN(0xda3e613f, 0xc0eb7d8e), - TOBN(0xd8fa3e97, 0x322e096e), TOBN(0xfebd91e8, 0xd336e247), - TOBN(0x8f13ccc4, 0xdf655a49), TOBN(0xa9e00dfc, 0x5eb20210), - TOBN(0x84631d0f, 0xc656b6ea), TOBN(0x93a058cd, 0xd8c0d947), - TOBN(0x6846904a, 0x67bd3448), TOBN(0x4a3d4e1a, 0xf394fd5c), - TOBN(0xc102c1a5, 0xdb225f52), TOBN(0xe3455bba, 0xfc4f5e9a), - TOBN(0x6b36985b, 0x4b9ad1ce), TOBN(0xa9818536, 0x5bb7f793), - TOBN(0x6c25e1d0, 0x48b1a416), TOBN(0x1381dd53, 0x3c81bee7), - TOBN(0xd2a30d61, 0x7a4a7620), TOBN(0xc8412926, 0x39b8944c), - TOBN(0x3c1c6fbe, 0x7a97c33a), TOBN(0x941e541d, 0x938664e7), - TOBN(0x417499e8, 0x4a34f239), TOBN(0x15fdb83c, 0xb90402d5), - TOBN(0xb75f46bf, 0x433aa832), TOBN(0xb61e15af, 0x63215db1), - TOBN(0xaabe59d4, 0xa127f89a), TOBN(0x5d541e0c, 0x07e816da), - TOBN(0xaaba0659, 0xa618b692), TOBN(0x55327733, 0x17266026), - TOBN(0xaf53a0fc, 0x95f57552), TOBN(0x32947650, 0x6cacb0c9), - TOBN(0x253ff58d, 0xc821be01), TOBN(0xb0309531, 0xa06f1146), - TOBN(0x59bbbdf5, 0x05c2e54d), TOBN(0x158f27ad, 0x26e8dd22), - TOBN(0xcc5b7ffb, 0x397e1e53), TOBN(0xae03f65b, 0x7fc1e50d), - TOBN(0xa9784ebd, 0x9c95f0f9), TOBN(0x5ed9deb2, 0x24640771), - TOBN(0x31244af7, 0x035561c4), TOBN(0x87332f3a, 0x7ee857de), - TOBN(0x09e16e9e, 0x2b9e0d88), TOBN(0x52d910f4, 0x56a06049), - TOBN(0x507ed477, 0xa9592f48), TOBN(0x85cb917b, 0x2365d678), - TOBN(0xf8511c93, 0x4c8998d1), TOBN(0x2186a3f1, 0x730ea58f), - TOBN(0x50189626, 0xb2029db0), TOBN(0x9137a6d9, 0x02ceb75a), - TOBN(0x2fe17f37, 0x748bc82c), TOBN(0x87c2e931, 0x80469f8c), - TOBN(0x850f71cd, 0xbf891aa2), TOBN(0x0ca1b89b, 0x75ec3d8d), - TOBN(0x516c43aa, 0x5e1cd3cd), TOBN(0x89397808, 0x9a887c28), - TOBN(0x0059c699, 0xddea1f9f), TOBN(0x7737d6fa, 0x8e6868f7), - TOBN(0x6d93746a, 0x60f1524b), TOBN(0x36985e55, 0xba052aa7), - TOBN(0x41b1d322, 0xed923ea5), TOBN(0x3429759f, 0x25852a11), - TOBN(0xbeca6ec3, 0x092e9f41), TOBN(0x3a238c66, 0x62256bbd), - TOBN(0xd82958ea, 0x70ad487d), TOBN(0x4ac8aaf9, 0x65610d93), - TOBN(0x3fa101b1, 0x5e4ccab0), TOBN(0x9bf430f2, 0x9de14bfb), - TOBN(0xa10f5cc6, 0x6531899d), TOBN(0x590005fb, 0xea8ce17d), - TOBN(0xc437912f, 0x24544cb6), TOBN(0x9987b71a, 0xd79ac2e3), - TOBN(0x13e3d9dd, 0xc058a212), TOBN(0x00075aac, 0xd2de9606), - TOBN(0x80ab508b, 0x6cac8369), TOBN(0x87842be7, 0xf54f6c89), - TOBN(0xa7ad663d, 0x6bc532a4), TOBN(0x67813de7, 0x78a91bc8), - TOBN(0x5dcb61ce, 0xc3427239), TOBN(0x5f3c7cf0, 0xc56934d9), - TOBN(0xc079e0fb, 0xe3191591), TOBN(0xe40896bd, 0xb01aada7), - TOBN(0x8d466791, 0x0492d25f), TOBN(0x8aeb30c9, 0xe7408276), - TOBN(0xe9437495, 0x9287aacc), TOBN(0x23d4708d, 0x79fe03d4), - TOBN(0x8cda9cf2, 0xd0c05199), TOBN(0x502fbc22, 0xfae78454), - TOBN(0xc0bda9df, 0xf572a182), TOBN(0x5f9b71b8, 0x6158b372), - TOBN(0xe0f33a59, 0x2b82dd07), TOBN(0x76302735, 0x9523032e), - TOBN(0x7fe1a721, 0xc4505a32), TOBN(0x7b6e3e82, 0xf796409f),} - , - {TOBN(0xe3417bc0, 0x35d0b34a), TOBN(0x440b386b, 0x8327c0a7), - TOBN(0x8fb7262d, 0xac0362d1), TOBN(0x2c41114c, 0xe0cdf943), - TOBN(0x2ba5cef1, 0xad95a0b1), TOBN(0xc09b37a8, 0x67d54362), - TOBN(0x26d6cdd2, 0x01e486c9), TOBN(0x20477abf, 0x42ff9297), - TOBN(0xa004dcb3, 0x292a9287), TOBN(0xddc15cf6, 0x77b092c7), - TOBN(0x083a8464, 0x806c0605), TOBN(0x4a68df70, 0x3db997b0), - TOBN(0x9c134e45, 0x05bf7dd0), TOBN(0xa4e63d39, 0x8ccf7f8c), - TOBN(0xa6e6517f, 0x41b5f8af), TOBN(0xaa8b9342, 0xad7bc1cc), - TOBN(0x126f35b5, 0x1e706ad9), TOBN(0xb99cebb4, 0xc3a9ebdf), - TOBN(0xa75389af, 0xbf608d90), TOBN(0x76113c4f, 0xc6c89858), - TOBN(0x80de8eb0, 0x97e2b5aa), TOBN(0x7e1022cc, 0x63b91304), - TOBN(0x3bdab605, 0x6ccc066c), TOBN(0x33cbb144, 0xb2edf900), - TOBN(0xc4176471, 0x7af715d2), TOBN(0xe2f7f594, 0xd0134a96), - TOBN(0x2c1873ef, 0xa41ec956), TOBN(0xe4e7b4f6, 0x77821304), - TOBN(0xe5c8ff97, 0x88d5374a), TOBN(0x2b915e63, 0x80823d5b), - TOBN(0xea6bc755, 0xb2ee8fe2), TOBN(0x6657624c, 0xe7112651), - TOBN(0x157af101, 0xdace5aca), TOBN(0xc4fdbcf2, 0x11a6a267), - TOBN(0xdaddf340, 0xc49c8609), TOBN(0x97e49f52, 0xe9604a65), - TOBN(0x9be8e790, 0x937e2ad5), TOBN(0x846e2508, 0x326e17f1), - TOBN(0x3f38007a, 0x0bbbc0dc), TOBN(0xcf03603f, 0xb11e16d6), - TOBN(0xd6f800e0, 0x7442f1d5), TOBN(0x475607d1, 0x66e0e3ab), - TOBN(0x82807f16, 0xb7c64047), TOBN(0x8858e1e3, 0xa749883d), - TOBN(0x5859120b, 0x8231ee10), TOBN(0x1b80e7eb, 0x638a1ece), - TOBN(0xcb72525a, 0xc6aa73a4), TOBN(0xa7cdea3d, 0x844423ac), - TOBN(0x5ed0c007, 0xf8ae7c38), TOBN(0x6db07a5c, 0x3d740192), - TOBN(0xbe5e9c2a, 0x5fe36db3), TOBN(0xd5b9d57a, 0x76e95046), - TOBN(0x54ac32e7, 0x8eba20f2), TOBN(0xef11ca8f, 0x71b9a352), - TOBN(0x305e373e, 0xff98a658), TOBN(0xffe5a100, 0x823eb667), - TOBN(0x57477b11, 0xe51732d2), TOBN(0xdfd6eb28, 0x2538fc0e), - TOBN(0x5c43b0cc, 0x3b39eec5), TOBN(0x6af12778, 0xcb36cc57), - TOBN(0x70b0852d, 0x06c425ae), TOBN(0x6df92f8c, 0x5c221b9b), - TOBN(0x6c8d4f9e, 0xce826d9c), TOBN(0xf59aba7b, 0xb49359c3), - TOBN(0x5c8ed8d5, 0xda64309d), TOBN(0x61a6de56, 0x91b30704), - TOBN(0xd6b52f6a, 0x2f9b5808), TOBN(0x0eee4194, 0x98c958a7), - TOBN(0xcddd9aab, 0x771e4caa), TOBN(0x83965dfd, 0x78bc21be), - TOBN(0x02affce3, 0xb3b504f5), TOBN(0x30847a21, 0x561c8291), - TOBN(0xd2eb2cf1, 0x52bfda05), TOBN(0xe0e4c4e9, 0x6197b98c), - TOBN(0x1d35076c, 0xf8a1726f), TOBN(0x6c06085b, 0x2db11e3d), - TOBN(0x15c0c4d7, 0x4463ba14), TOBN(0x9d292f83, 0x0030238c), - TOBN(0x1311ee8b, 0x3727536d), TOBN(0xfeea86ef, 0xbeaedc1e), - TOBN(0xb9d18cd3, 0x66131e2e), TOBN(0xf31d974f, 0x80fe2682), - TOBN(0xb6e49e0f, 0xe4160289), TOBN(0x7c48ec0b, 0x08e92799), - TOBN(0x818111d8, 0xd1989aa7), TOBN(0xb34fa0aa, 0xebf926f9), - TOBN(0xdb5fe2f5, 0xa245474a), TOBN(0xf80a6ebb, 0x3c7ca756), - TOBN(0xa7f96054, 0xafa05dd8), TOBN(0x26dfcf21, 0xfcaf119e), - TOBN(0xe20ef2e3, 0x0564bb59), TOBN(0xef4dca50, 0x61cb02b8), - TOBN(0xcda7838a, 0x65d30672), TOBN(0x8b08d534, 0xfd657e86), - TOBN(0x4c5b4395, 0x46d595c8), TOBN(0x39b58725, 0x425cb836), - TOBN(0x8ea61059, 0x3de9abe3), TOBN(0x40434881, 0x9cdc03be), - TOBN(0x9b261245, 0xcfedce8c), TOBN(0x78c318b4, 0xcf5234a1), - TOBN(0x510bcf16, 0xfde24c99), TOBN(0x2a77cb75, 0xa2c2ff5d), - TOBN(0x9c895c2b, 0x27960fb4), TOBN(0xd30ce975, 0xb0eda42b), - TOBN(0xfda85393, 0x1a62cc26), TOBN(0x23c69b96, 0x50c0e052), - TOBN(0xa227df15, 0xbfc633f3), TOBN(0x2ac78848, 0x1bae7d48), - TOBN(0x487878f9, 0x187d073d), TOBN(0x6c2be919, 0x967f807d), - TOBN(0x765861d8, 0x336e6d8f), TOBN(0x88b8974c, 0xce528a43), - TOBN(0x09521177, 0xff57d051), TOBN(0x2ff38037, 0xfb6a1961), - TOBN(0xfc0aba74, 0xa3d76ad4), TOBN(0x7c764803, 0x25a7ec17), - TOBN(0x7532d75f, 0x48879bc8), TOBN(0xea7eacc0, 0x58ce6bc1), - TOBN(0xc82176b4, 0x8e896c16), TOBN(0x9a30e0b2, 0x2c750fed), - TOBN(0xc37e2c2e, 0x421d3aa4), TOBN(0xf926407c, 0xe84fa840), - TOBN(0x18abc03d, 0x1454e41c), TOBN(0x26605ecd, 0x3f7af644), - TOBN(0x242341a6, 0xd6a5eabf), TOBN(0x1edb84f4, 0x216b668e), - TOBN(0xd836edb8, 0x04010102), TOBN(0x5b337ce7, 0x945e1d8c), - TOBN(0xd2075c77, 0xc055dc14), TOBN(0x2a0ffa25, 0x81d89cdf), - TOBN(0x8ce815ea, 0x6ffdcbaf), TOBN(0xa3428878, 0xfb648867), - TOBN(0x277699cf, 0x884655fb), TOBN(0xfa5b5bd6, 0x364d3e41), - TOBN(0x01f680c6, 0x441e1cb7), TOBN(0x3fd61e66, 0xb70a7d67), - TOBN(0x666ba2dc, 0xcc78cf66), TOBN(0xb3018174, 0x6fdbff77), - TOBN(0x8d4dd0db, 0x168d4668), TOBN(0x259455d0, 0x1dab3a2a), - TOBN(0xf58564c5, 0xcde3acec), TOBN(0x77141925, 0x13adb276), - TOBN(0x527d725d, 0x8a303f65), TOBN(0x55deb6c9, 0xe6f38f7b), - TOBN(0xfd5bb657, 0xb1fa70fb), TOBN(0xfa07f50f, 0xd8073a00), - TOBN(0xf72e3aa7, 0xbca02500), TOBN(0xf68f895d, 0x9975740d), - TOBN(0x30112060, 0x5cae2a6a), TOBN(0x01bd7218, 0x02874842), - TOBN(0x3d423891, 0x7ce47bd3), TOBN(0xa66663c1, 0x789544f6), - TOBN(0x864d05d7, 0x3272d838), TOBN(0xe22924f9, 0xfa6295c5), - TOBN(0x8189593f, 0x6c2fda32), TOBN(0x330d7189, 0xb184b544), - TOBN(0x79efa62c, 0xbde1f714), TOBN(0x35771c94, 0xe5cb1a63), - TOBN(0x2f4826b8, 0x641c8332), TOBN(0x00a894fb, 0xc8cee854), - TOBN(0xb4b9a39b, 0x36194d40), TOBN(0xe857a7c5, 0x77612601), - TOBN(0xf4209dd2, 0x4ecf2f58), TOBN(0x82b9e66d, 0x5a033487), - TOBN(0xc1e36934, 0xe4e8b9dd), TOBN(0xd2372c9d, 0xa42377d7), - TOBN(0x51dc94c7, 0x0e3ae43b), TOBN(0x4c57761e, 0x04474f6f), - TOBN(0xdcdacd0a, 0x1058a318), TOBN(0x369cf3f5, 0x78053a9a), - TOBN(0xc6c3de50, 0x31c68de2), TOBN(0x4653a576, 0x3c4b6d9f), - TOBN(0x1688dd5a, 0xaa4e5c97), TOBN(0x5be80aa1, 0xb7ab3c74), - TOBN(0x70cefe7c, 0xbc65c283), TOBN(0x57f95f13, 0x06867091), - TOBN(0xa39114e2, 0x4415503b), TOBN(0xc08ff7c6, 0x4cbb17e9), - TOBN(0x1eff674d, 0xd7dec966), TOBN(0x6d4690af, 0x53376f63), - TOBN(0xff6fe32e, 0xea74237b), TOBN(0xc436d17e, 0xcd57508e), - TOBN(0x15aa28e1, 0xedcc40fe), TOBN(0x0d769c04, 0x581bbb44), - TOBN(0xc240b6de, 0x34eaacda), TOBN(0xd9e116e8, 0x2ba0f1de), - TOBN(0xcbe45ec7, 0x79438e55), TOBN(0x91787c9d, 0x96f752d7), - TOBN(0x897f532b, 0xf129ac2f), TOBN(0xd307b7c8, 0x5a36e22c), - TOBN(0x91940675, 0x749fb8f3), TOBN(0xd14f95d0, 0x157fdb28), - TOBN(0xfe51d029, 0x6ae55043), TOBN(0x8931e98f, 0x44a87de1), - TOBN(0xe57f1cc6, 0x09e4fee2), TOBN(0x0d063b67, 0x4e072d92), - TOBN(0x70a998b9, 0xed0e4316), TOBN(0xe74a736b, 0x306aca46), - TOBN(0xecf0fbf2, 0x4fda97c7), TOBN(0xa40f65cb, 0x3e178d93), - TOBN(0x16253604, 0x16df4285), TOBN(0xb0c9babb, 0xd0c56ae2), - TOBN(0x73032b19, 0xcfc5cfc3), TOBN(0xe497e5c3, 0x09752056), - TOBN(0x12096bb4, 0x164bda96), TOBN(0x1ee42419, 0xa0b74da1), - TOBN(0x8fc36243, 0x403826ba), TOBN(0x0c8f0069, 0xdc09e660), - TOBN(0x8667e981, 0xc27253c9), TOBN(0x05a6aefb, 0x92b36a45), - TOBN(0xa62c4b36, 0x9cb7bb46), TOBN(0x8394f375, 0x11f7027b), - TOBN(0x747bc79c, 0x5f109d0f), TOBN(0xcad88a76, 0x5b8cc60a), - TOBN(0x80c5a66b, 0x58f09e68), TOBN(0xe753d451, 0xf6127eac), - TOBN(0xc44b74a1, 0x5b0ec6f5), TOBN(0x47989fe4, 0x5289b2b8), - TOBN(0x745f8484, 0x58d6fc73), TOBN(0xec362a6f, 0xf61c70ab), - TOBN(0x070c98a7, 0xb3a8ad41), TOBN(0x73a20fc0, 0x7b63db51), - TOBN(0xed2c2173, 0xf44c35f4), TOBN(0x8a56149d, 0x9acc9dca), - TOBN(0x98f17881, 0x9ac6e0f4), TOBN(0x360fdeaf, 0xa413b5ed), - TOBN(0x0625b8f4, 0xa300b0fd), TOBN(0xf1f4d76a, 0x5b3222d3), - TOBN(0x9d6f5109, 0x587f76b8), TOBN(0x8b4ee08d, 0x2317fdb5), - TOBN(0x88089bb7, 0x8c68b095), TOBN(0x95570e9a, 0x5808d9b9), - TOBN(0xa395c36f, 0x35d33ae7), TOBN(0x200ea123, 0x50bb5a94), - TOBN(0x20c789bd, 0x0bafe84b), TOBN(0x243ef52d, 0x0919276a), - TOBN(0x3934c577, 0xe23ae233), TOBN(0xb93807af, 0xa460d1ec), - TOBN(0xb72a53b1, 0xf8fa76a4), TOBN(0xd8914cb0, 0xc3ca4491), - TOBN(0x2e128494, 0x3fb42622), TOBN(0x3b2700ac, 0x500907d5), - TOBN(0xf370fb09, 0x1a95ec63), TOBN(0xf8f30be2, 0x31b6dfbd), - TOBN(0xf2b2f8d2, 0x69e55f15), TOBN(0x1fead851, 0xcc1323e9), - TOBN(0xfa366010, 0xd9e5eef6), TOBN(0x64d487b0, 0xe316107e), - TOBN(0x4c076b86, 0xd23ddc82), TOBN(0x03fd344c, 0x7e0143f0), - TOBN(0xa95362ff, 0x317af2c5), TOBN(0x0add3db7, 0xe18b7a4f), - TOBN(0x9c673e3f, 0x8260e01b), TOBN(0xfbeb49e5, 0x54a1cc91), - TOBN(0x91351bf2, 0x92f2e433), TOBN(0xc755e7ec, 0x851141eb), - TOBN(0xc9a95139, 0x29607745), TOBN(0x0ca07420, 0xa26f2b28), - TOBN(0xcb2790e7, 0x4bc6f9dd), TOBN(0x345bbb58, 0xadcaffc0), - TOBN(0xc65ea38c, 0xbe0f27a2), TOBN(0x67c24d7c, 0x641fcb56), - TOBN(0x2c25f0a7, 0xa9e2c757), TOBN(0x93f5cdb0, 0x16f16c49), - TOBN(0x2ca5a9d7, 0xc5ee30a1), TOBN(0xd1593635, 0xb909b729), - TOBN(0x804ce9f3, 0xdadeff48), TOBN(0xec464751, 0xb07c30c3), - TOBN(0x89d65ff3, 0x9e49af6a), TOBN(0xf2d6238a, 0x6f3d01bc), - TOBN(0x1095561e, 0x0bced843), TOBN(0x51789e12, 0xc8a13fd8), - TOBN(0xd633f929, 0x763231df), TOBN(0x46df9f7d, 0xe7cbddef), - TOBN(0x01c889c0, 0xcb265da8), TOBN(0xfce1ad10, 0xaf4336d2), - TOBN(0x8d110df6, 0xfc6a0a7e), TOBN(0xdd431b98, 0x6da425dc), - TOBN(0xcdc4aeab, 0x1834aabe), TOBN(0x84deb124, 0x8439b7fc), - TOBN(0x8796f169, 0x3c2a5998), TOBN(0x9b9247b4, 0x7947190d), - TOBN(0x55b9d9a5, 0x11597014), TOBN(0x7e9dd70d, 0x7b1566ee), - TOBN(0x94ad78f7, 0xcbcd5e64), TOBN(0x0359ac17, 0x9bd4c032), - TOBN(0x3b11baaf, 0x7cc222ae), TOBN(0xa6a6e284, 0xba78e812), - TOBN(0x8392053f, 0x24cea1a0), TOBN(0xc97bce4a, 0x33621491), - TOBN(0x7eb1db34, 0x35399ee9), TOBN(0x473f78ef, 0xece81ad1), - TOBN(0x41d72fe0, 0xf63d3d0d), TOBN(0xe620b880, 0xafab62fc), - TOBN(0x92096bc9, 0x93158383), TOBN(0x41a21357, 0x8f896f6c), - TOBN(0x1b5ee2fa, 0xc7dcfcab), TOBN(0x650acfde, 0x9546e007), - TOBN(0xc081b749, 0xb1b02e07), TOBN(0xda9e41a0, 0xf9eca03d), - TOBN(0x013ba727, 0x175a54ab), TOBN(0xca0cd190, 0xea5d8d10), - TOBN(0x85ea52c0, 0x95fd96a9), TOBN(0x2c591b9f, 0xbc5c3940), - TOBN(0x6fb4d4e4, 0x2bad4d5f), TOBN(0xfa4c3590, 0xfef0059b), - TOBN(0x6a10218a, 0xf5122294), TOBN(0x9a78a81a, 0xa85751d1), - TOBN(0x04f20579, 0xa98e84e7), TOBN(0xfe1242c0, 0x4997e5b5), - TOBN(0xe77a273b, 0xca21e1e4), TOBN(0xfcc8b1ef, 0x9411939d), - TOBN(0xe20ea302, 0x92d0487a), TOBN(0x1442dbec, 0x294b91fe), - TOBN(0x1f7a4afe, 0xbb6b0e8f), TOBN(0x1700ef74, 0x6889c318), - TOBN(0xf5bbffc3, 0x70f1fc62), TOBN(0x3b31d4b6, 0x69c79cca), - TOBN(0xe8bc2aab, 0xa7f6340d), TOBN(0xb0b08ab4, 0xa725e10a), - TOBN(0x44f05701, 0xae340050), TOBN(0xba4b3016, 0x1cf0c569), - TOBN(0x5aa29f83, 0xfbe19a51), TOBN(0x1b9ed428, 0xb71d752e), - TOBN(0x1666e54e, 0xeb4819f5), TOBN(0x616cdfed, 0x9e18b75b), - TOBN(0x112ed5be, 0x3ee27b0b), TOBN(0xfbf28319, 0x44c7de4d), - TOBN(0xd685ec85, 0xe0e60d84), TOBN(0x68037e30, 0x1db7ee78), - TOBN(0x5b65bdcd, 0x003c4d6e), TOBN(0x33e7363a, 0x93e29a6a), - TOBN(0x995b3a61, 0x08d0756c), TOBN(0xd727f85c, 0x2faf134b), - TOBN(0xfac6edf7, 0x1d337823), TOBN(0x99b9aa50, 0x0439b8b4), - TOBN(0x722eb104, 0xe2b4e075), TOBN(0x49987295, 0x437c4926), - TOBN(0xb1e4c0e4, 0x46a9b82d), TOBN(0xd0cb3197, 0x57a006f5), - TOBN(0xf3de0f7d, 0xd7808c56), TOBN(0xb5c54d8f, 0x51f89772), - TOBN(0x500a114a, 0xadbd31aa), TOBN(0x9afaaaa6, 0x295f6cab), - TOBN(0x94705e21, 0x04cf667a), TOBN(0xfc2a811b, 0x9d3935d7), - TOBN(0x560b0280, 0x6d09267c), TOBN(0xf19ed119, 0xf780e53b), - TOBN(0xf0227c09, 0x067b6269), TOBN(0x967b8533, 0x5caef599), - TOBN(0x155b9243, 0x68efeebc), TOBN(0xcd6d34f5, 0xc497bae6), - TOBN(0x1dd8d5d3, 0x6cceb370), TOBN(0x2aeac579, 0xa78d7bf9), - TOBN(0x5d65017d, 0x70b67a62), TOBN(0x70c8e44f, 0x17c53f67), - TOBN(0xd1fc0950, 0x86a34d09), TOBN(0xe0fca256, 0xe7134907), - TOBN(0xe24fa29c, 0x80fdd315), TOBN(0x2c4acd03, 0xd87499ad), - TOBN(0xbaaf7517, 0x3b5a9ba6), TOBN(0xb9cbe1f6, 0x12e51a51), - TOBN(0xd88edae3, 0x5e154897), TOBN(0xe4309c3c, 0x77b66ca0), - TOBN(0xf5555805, 0xf67f3746), TOBN(0x85fc37ba, 0xa36401ff), - TOBN(0xdf86e2ca, 0xd9499a53), TOBN(0x6270b2a3, 0xecbc955b), - TOBN(0xafae64f5, 0x974ad33b), TOBN(0x04d85977, 0xfe7b2df1), - TOBN(0x2a3db3ff, 0x4ab03f73), TOBN(0x0b87878a, 0x8702740a), - TOBN(0x6d263f01, 0x5a061732), TOBN(0xc25430ce, 0xa32a1901), - TOBN(0xf7ebab3d, 0xdb155018), TOBN(0x3a86f693, 0x63a9b78e), - TOBN(0x349ae368, 0xda9f3804), TOBN(0x470f07fe, 0xa164349c), - TOBN(0xd52f4cc9, 0x8562baa5), TOBN(0xc74a9e86, 0x2b290df3), - TOBN(0xd3a1aa35, 0x43471a24), TOBN(0x239446be, 0xb8194511), - TOBN(0xbec2dd00, 0x81dcd44d), TOBN(0xca3d7f0f, 0xc42ac82d), - TOBN(0x1f3db085, 0xfdaf4520), TOBN(0xbb6d3e80, 0x4549daf2), - TOBN(0xf5969d8a, 0x19ad5c42), TOBN(0x7052b13d, 0xdbfd1511), - TOBN(0x11890d1b, 0x682b9060), TOBN(0xa71d3883, 0xac34452c), - TOBN(0xa438055b, 0x783805b4), TOBN(0x43241277, 0x4725b23e), - TOBN(0xf20cf96e, 0x4901bbed), TOBN(0x6419c710, 0xf432a2bb), - TOBN(0x57a0fbb9, 0xdfa9cd7d), TOBN(0x589111e4, 0x00daa249), - TOBN(0x19809a33, 0x7b60554e), TOBN(0xea5f8887, 0xede283a4), - TOBN(0x2d713802, 0x503bfd35), TOBN(0x151bb0af, 0x585d2a53), - TOBN(0x40b08f74, 0x43b30ca8), TOBN(0xe10b5bba, 0xd9934583), - TOBN(0xe8a546d6, 0xb51110ad), TOBN(0x1dd50e66, 0x28e0b6c5), - TOBN(0x292e9d54, 0xcff2b821), TOBN(0x3882555d, 0x47281760), - TOBN(0x134838f8, 0x3724d6e3), TOBN(0xf2c679e0, 0x22ddcda1), - TOBN(0x40ee8815, 0x6d2a5768), TOBN(0x7f227bd2, 0x1c1e7e2d), - TOBN(0x487ba134, 0xd04ff443), TOBN(0x76e2ff3d, 0xc614e54b), - TOBN(0x36b88d6f, 0xa3177ec7), TOBN(0xbf731d51, 0x2328fff5), - TOBN(0x758caea2, 0x49ba158e), TOBN(0x5ab8ff4c, 0x02938188), - TOBN(0x33e16056, 0x35edc56d), TOBN(0x5a69d349, 0x7e940d79), - TOBN(0x6c4fd001, 0x03866dcb), TOBN(0x20a38f57, 0x4893cdef), - TOBN(0xfbf3e790, 0xfac3a15b), TOBN(0x6ed7ea2e, 0x7a4f8e6b), - TOBN(0xa663eb4f, 0xbc3aca86), TOBN(0x22061ea5, 0x080d53f7), - TOBN(0x2480dfe6, 0xf546783f), TOBN(0xd38bc6da, 0x5a0a641e), - TOBN(0xfb093cd1, 0x2ede8965), TOBN(0x89654db4, 0xacb455cf), - TOBN(0x413cbf9a, 0x26e1adee), TOBN(0x291f3764, 0x373294d4), - TOBN(0x00797257, 0x648083fe), TOBN(0x25f504d3, 0x208cc341), - TOBN(0x635a8e5e, 0xc3a0ee43), TOBN(0x70aaebca, 0x679898ff), - TOBN(0x9ee9f547, 0x5dc63d56), TOBN(0xce987966, 0xffb34d00), - TOBN(0xf9f86b19, 0x5e26310a), TOBN(0x9e435484, 0x382a8ca8), - TOBN(0x253bcb81, 0xc2352fe4), TOBN(0xa4eac8b0, 0x4474b571), - TOBN(0xc1b97512, 0xc1ad8cf8), TOBN(0x193b4e9e, 0x99e0b697), - TOBN(0x939d2716, 0x01e85df0), TOBN(0x4fb265b3, 0xcd44eafd), - TOBN(0x321e7dcd, 0xe51e1ae2), TOBN(0x8e3a8ca6, 0xe3d8b096), - TOBN(0x8de46cb0, 0x52604998), TOBN(0x91099ad8, 0x39072aa7), - TOBN(0x2617f91c, 0x93aa96b8), TOBN(0x0fc8716b, 0x7fca2e13), - TOBN(0xa7106f5e, 0x95328723), TOBN(0xd1c9c40b, 0x262e6522), - TOBN(0xb9bafe86, 0x42b7c094), TOBN(0x1873439d, 0x1543c021), - TOBN(0xe1baa5de, 0x5cbefd5d), TOBN(0xa363fc5e, 0x521e8aff), - TOBN(0xefe6320d, 0xf862eaac), TOBN(0x14419c63, 0x22c647dc), - TOBN(0x0e06707c, 0x4e46d428), TOBN(0xcb6c834f, 0x4a178f8f), - TOBN(0x0f993a45, 0xd30f917c), TOBN(0xd4c4b049, 0x9879afee), - TOBN(0xb6142a1e, 0x70500063), TOBN(0x7c9b41c3, 0xa5d9d605), - TOBN(0xbc00fc2f, 0x2f8ba2c7), TOBN(0x0966eb2f, 0x7c67aa28), - TOBN(0x13f7b516, 0x5a786972), TOBN(0x3bfb7557, 0x8a2fbba0), - TOBN(0x131c4f23, 0x5a2b9620), TOBN(0xbff3ed27, 0x6faf46be), - TOBN(0x9b4473d1, 0x7e172323), TOBN(0x421e8878, 0x339f6246), - TOBN(0x0fa8587a, 0x25a41632), TOBN(0xc0814124, 0xa35b6c93), - TOBN(0x2b18a9f5, 0x59ebb8db), TOBN(0x264e3357, 0x76edb29c), - TOBN(0xaf245ccd, 0xc87c51e2), TOBN(0x16b3015b, 0x501e6214), - TOBN(0xbb31c560, 0x0a3882ce), TOBN(0x6961bb94, 0xfec11e04), - TOBN(0x3b825b8d, 0xeff7a3a0), TOBN(0xbec33738, 0xb1df7326), - TOBN(0x68ad747c, 0x99604a1f), TOBN(0xd154c934, 0x9a3bd499), - TOBN(0xac33506f, 0x1cc7a906), TOBN(0x73bb5392, 0x6c560e8f), - TOBN(0x6428fcbe, 0x263e3944), TOBN(0xc11828d5, 0x1c387434), - TOBN(0x3cd04be1, 0x3e4b12ff), TOBN(0xc3aad9f9, 0x2d88667c), - TOBN(0xc52ddcf8, 0x248120cf), TOBN(0x985a892e, 0x2a389532), - TOBN(0xfbb4b21b, 0x3bb85fa0), TOBN(0xf95375e0, 0x8dfc6269), - TOBN(0xfb4fb06c, 0x7ee2acea), TOBN(0x6785426e, 0x309c4d1f), - TOBN(0x659b17c8, 0xd8ceb147), TOBN(0x9b649eee, 0xb70a5554), - TOBN(0x6b7fa0b5, 0xac6bc634), TOBN(0xd99fe2c7, 0x1d6e732f), - TOBN(0x30e6e762, 0x8d3abba2), TOBN(0x18fee6e7, 0xa797b799), - TOBN(0x5c9d360d, 0xc696464d), TOBN(0xe3baeb48, 0x27bfde12), - TOBN(0x2bf5db47, 0xf23206d5), TOBN(0x2f6d3420, 0x1d260152), - TOBN(0x17b87653, 0x3f8ff89a), TOBN(0x5157c30c, 0x378fa458), - TOBN(0x7517c5c5, 0x2d4fb936), TOBN(0xef22f7ac, 0xe6518cdc), - TOBN(0xdeb483e6, 0xbf847a64), TOBN(0xf5084558, 0x92e0fa89),} - , - {TOBN(0xab9659d8, 0xdf7304d4), TOBN(0xb71bcf1b, 0xff210e8e), - TOBN(0xa9a2438b, 0xd73fbd60), TOBN(0x4595cd1f, 0x5d11b4de), - TOBN(0x9c0d329a, 0x4835859d), TOBN(0x4a0f0d2d, 0x7dbb6e56), - TOBN(0xc6038e5e, 0xdf928a4e), TOBN(0xc9429621, 0x8f5ad154), - TOBN(0x91213462, 0xf23f2d92), TOBN(0x6cab71bd, 0x60b94078), - TOBN(0x6bdd0a63, 0x176cde20), TOBN(0x54c9b20c, 0xee4d54bc), - TOBN(0x3cd2d8aa, 0x9f2ac02f), TOBN(0x03f8e617, 0x206eedb0), - TOBN(0xc7f68e16, 0x93086434), TOBN(0x831469c5, 0x92dd3db9), - TOBN(0x8521df24, 0x8f981354), TOBN(0x587e23ec, 0x3588a259), - TOBN(0xcbedf281, 0xd7a0992c), TOBN(0x06930a55, 0x38961407), - TOBN(0x09320deb, 0xbe5bbe21), TOBN(0xa7ffa5b5, 0x2491817f), - TOBN(0xe6c8b4d9, 0x09065160), TOBN(0xac4f3992, 0xfff6d2a9), - TOBN(0x7aa7a158, 0x3ae9c1bd), TOBN(0xe0af6d98, 0xe37ce240), - TOBN(0xe54342d9, 0x28ab38b4), TOBN(0xe8b75007, 0x0a1c98ca), - TOBN(0xefce86af, 0xe02358f2), TOBN(0x31b8b856, 0xea921228), - TOBN(0x052a1912, 0x0a1c67fc), TOBN(0xb4069ea4, 0xe3aead59), - TOBN(0x3232d6e2, 0x7fa03cb3), TOBN(0xdb938e5b, 0x0fdd7d88), - TOBN(0x04c1d2cd, 0x2ccbfc5d), TOBN(0xd2f45c12, 0xaf3a580f), - TOBN(0x592620b5, 0x7883e614), TOBN(0x5fd27e68, 0xbe7c5f26), - TOBN(0x139e45a9, 0x1567e1e3), TOBN(0x2cc71d2d, 0x44d8aaaf), - TOBN(0x4a9090cd, 0xe36d0757), TOBN(0xf722d7b1, 0xd9a29382), - TOBN(0xfb7fb04c, 0x04b48ddf), TOBN(0x628ad2a7, 0xebe16f43), - TOBN(0xcd3fbfb5, 0x20226040), TOBN(0x6c34ecb1, 0x5104b6c4), - TOBN(0x30c0754e, 0xc903c188), TOBN(0xec336b08, 0x2d23cab0), - TOBN(0x473d62a2, 0x1e206ee5), TOBN(0xf1e27480, 0x8c49a633), - TOBN(0x87ab956c, 0xe9f6b2c3), TOBN(0x61830b48, 0x62b606ea), - TOBN(0x67cd6846, 0xe78e815f), TOBN(0xfe40139f, 0x4c02082a), - TOBN(0x52bbbfcb, 0x952ec365), TOBN(0x74c11642, 0x6b9836ab), - TOBN(0x9f51439e, 0x558df019), TOBN(0x230da4ba, 0xac712b27), - TOBN(0x518919e3, 0x55185a24), TOBN(0x4dcefcdd, 0x84b78f50), - TOBN(0xa7d90fb2, 0xa47d4c5a), TOBN(0x55ac9abf, 0xb30e009e), - TOBN(0xfd2fc359, 0x74eed273), TOBN(0xb72d824c, 0xdbea8faf), - TOBN(0xce721a74, 0x4513e2ca), TOBN(0x0b418612, 0x38240b2c), - TOBN(0x05199968, 0xd5baa450), TOBN(0xeb1757ed, 0x2b0e8c25), - TOBN(0x6ebc3e28, 0x3dfac6d5), TOBN(0xb2431e2e, 0x48a237f5), - TOBN(0x2acb5e23, 0x52f61499), TOBN(0x5558a2a7, 0xe06c936b), - TOBN(0xd213f923, 0xcbb13d1b), TOBN(0x98799f42, 0x5bfb9bfe), - TOBN(0x1ae8ddc9, 0x701144a9), TOBN(0x0b8b3bb6, 0x4c5595ee), - TOBN(0x0ea9ef2e, 0x3ecebb21), TOBN(0x17cb6c4b, 0x3671f9a7), - TOBN(0x47ef464f, 0x726f1d1f), TOBN(0x171b9484, 0x6943a276), - TOBN(0x51a4ae2d, 0x7ef0329c), TOBN(0x08509222, 0x91c4402a), - TOBN(0x64a61d35, 0xafd45bbc), TOBN(0x38f096fe, 0x3035a851), - TOBN(0xc7468b74, 0xa1dec027), TOBN(0xe8cf10e7, 0x4fc7dcba), - TOBN(0xea35ff40, 0xf4a06353), TOBN(0x0b4c0dfa, 0x8b77dd66), - TOBN(0x779b8552, 0xde7e5c19), TOBN(0xfab28609, 0xc1c0256c), - TOBN(0x64f58eee, 0xabd4743d), TOBN(0x4e8ef838, 0x7b6cc93b), - TOBN(0xee650d26, 0x4cb1bf3d), TOBN(0x4c1f9d09, 0x73dedf61), - TOBN(0xaef7c9d7, 0xbfb70ced), TOBN(0x1ec0507e, 0x1641de1e), - TOBN(0xcd7e5cc7, 0xcde45079), TOBN(0xde173c9a, 0x516ac9e4), - TOBN(0x517a8494, 0xc170315c), TOBN(0x438fd905, 0x91d8e8fb), - TOBN(0x5145c506, 0xc7d9630b), TOBN(0x6457a87b, 0xf47d4d75), - TOBN(0xd31646bf, 0x0d9a80e8), TOBN(0x453add2b, 0xcef3aabe), - TOBN(0xc9941109, 0xa607419d), TOBN(0xfaa71e62, 0xbb6bca80), - TOBN(0x34158c13, 0x07c431f3), TOBN(0x594abebc, 0x992bc47a), - TOBN(0x6dfea691, 0xeb78399f), TOBN(0x48aafb35, 0x3f42cba4), - TOBN(0xedcd65af, 0x077c04f0), TOBN(0x1a29a366, 0xe884491a), - TOBN(0x023a40e5, 0x1c21f2bf), TOBN(0xf99a513c, 0xa5057aee), - TOBN(0xa3fe7e25, 0xbcab072e), TOBN(0x8568d2e1, 0x40e32bcf), - TOBN(0x904594eb, 0xd3f69d9f), TOBN(0x181a9733, 0x07affab1), - TOBN(0xe4d68d76, 0xb6e330f4), TOBN(0x87a6dafb, 0xc75a7fc1), - TOBN(0x549db2b5, 0xef7d9289), TOBN(0x2480d4a8, 0x197f015a), - TOBN(0x61d5590b, 0xc40493b6), TOBN(0x3a55b52e, 0x6f780331), - TOBN(0x40eb8115, 0x309eadb0), TOBN(0xdea7de5a, 0x92e5c625), - TOBN(0x64d631f0, 0xcc6a3d5a), TOBN(0x9d5e9d7c, 0x93e8dd61), - TOBN(0xf297bef5, 0x206d3ffc), TOBN(0x23d5e033, 0x7d808bd4), - TOBN(0x4a4f6912, 0xd24cf5ba), TOBN(0xe4d8163b, 0x09cdaa8a), - TOBN(0x0e0de9ef, 0xd3082e8e), TOBN(0x4fe1246c, 0x0192f360), - TOBN(0x1f900150, 0x4b8eee0a), TOBN(0x5219da81, 0xf1da391b), - TOBN(0x7bf6a5c1, 0xf7ea25aa), TOBN(0xd165e6bf, 0xfbb07d5f), - TOBN(0xe3539361, 0x89e78671), TOBN(0xa3fcac89, 0x2bac4219), - TOBN(0xdfab6fd4, 0xf0baa8ab), TOBN(0x5a4adac1, 0xe2c1c2e5), - TOBN(0x6cd75e31, 0x40d85849), TOBN(0xce263fea, 0x19b39181), - TOBN(0xcb6803d3, 0x07032c72), TOBN(0x7f40d5ce, 0x790968c8), - TOBN(0xa6de86bd, 0xdce978f0), TOBN(0x25547c4f, 0x368f751c), - TOBN(0xb1e685fd, 0x65fb2a9e), TOBN(0xce69336f, 0x1eb9179c), - TOBN(0xb15d1c27, 0x12504442), TOBN(0xb7df465c, 0xb911a06b), - TOBN(0xb8d804a3, 0x315980cd), TOBN(0x693bc492, 0xfa3bebf7), - TOBN(0x3578aeee, 0x2253c504), TOBN(0x158de498, 0xcd2474a2), - TOBN(0x1331f5c7, 0xcfda8368), TOBN(0xd2d7bbb3, 0x78d7177e), - TOBN(0xdf61133a, 0xf3c1e46e), TOBN(0x5836ce7d, 0xd30e7be8), - TOBN(0x83084f19, 0x94f834cb), TOBN(0xd35653d4, 0x429ed782), - TOBN(0xa542f16f, 0x59e58243), TOBN(0xc2b52f65, 0x0470a22d), - TOBN(0xe3b6221b, 0x18f23d96), TOBN(0xcb05abac, 0x3f5252b4), - TOBN(0xca00938b, 0x87d61402), TOBN(0x2f186cdd, 0x411933e4), - TOBN(0xe042ece5, 0x9a29a5c5), TOBN(0xb19b3c07, 0x3b6c8402), - TOBN(0xc97667c7, 0x19d92684), TOBN(0xb5624622, 0xebc66372), - TOBN(0x0cb96e65, 0x3c04fa02), TOBN(0x83a7176c, 0x8eaa39aa), - TOBN(0x2033561d, 0xeaa1633f), TOBN(0x45a9d086, 0x4533df73), - TOBN(0xe0542c1d, 0x3dc090bc), TOBN(0x82c996ef, 0xaa59c167), - TOBN(0xe3f735e8, 0x0ee7fc4d), TOBN(0x7b179393, 0x7c35db79), - TOBN(0xb6419e25, 0xf8c5dbfd), TOBN(0x4d9d7a1e, 0x1f327b04), - TOBN(0x979f6f9b, 0x298dfca8), TOBN(0xc7c5dff1, 0x8de9366a), - TOBN(0x1b7a588d, 0x04c82bdd), TOBN(0x68005534, 0xf8319dfd), - TOBN(0xde8a55b5, 0xd8eb9580), TOBN(0x5ea886da, 0x8d5bca81), - TOBN(0xe8530a01, 0x252a0b4d), TOBN(0x1bffb4fe, 0x35eaa0a1), - TOBN(0x2ad828b1, 0xd8e99563), TOBN(0x7de96ef5, 0x95f9cd87), - TOBN(0x4abb2d0c, 0xd77d970c), TOBN(0x03cfb933, 0xd33ef9cb), - TOBN(0xb0547c01, 0x8b211fe9), TOBN(0x2fe64809, 0xa56ed1c6), - TOBN(0xcb7d5624, 0xc2ac98cc), TOBN(0x2a1372c0, 0x1a393e33), - TOBN(0xc8d1ec1c, 0x29660521), TOBN(0xf3d31b04, 0xb37ac3e9), - TOBN(0xa29ae9df, 0x5ece6e7c), TOBN(0x0603ac8f, 0x0facfb55), - TOBN(0xcfe85b7a, 0xdda233a5), TOBN(0xe618919f, 0xbd75f0b8), - TOBN(0xf555a3d2, 0x99bf1603), TOBN(0x1f43afc9, 0xf184255a), - TOBN(0xdcdaf341, 0x319a3e02), TOBN(0xd3b117ef, 0x03903a39), - TOBN(0xe095da13, 0x65d1d131), TOBN(0x86f16367, 0xc37ad03e), - TOBN(0x5f37389e, 0x462cd8dd), TOBN(0xc103fa04, 0xd67a60e6), - TOBN(0x57c34344, 0xf4b478f0), TOBN(0xce91edd8, 0xe117c98d), - TOBN(0x001777b0, 0x231fc12e), TOBN(0x11ae47f2, 0xb207bccb), - TOBN(0xd983cf8d, 0x20f8a242), TOBN(0x7aff5b1d, 0xf22e1ad8), - TOBN(0x68fd11d0, 0x7fc4feb3), TOBN(0x5d53ae90, 0xb0f1c3e1), - TOBN(0x50fb7905, 0xec041803), TOBN(0x85e3c977, 0x14404888), - TOBN(0x0e67faed, 0xac628d8f), TOBN(0x2e865150, 0x6668532c), - TOBN(0x15acaaa4, 0x6a67a6b0), TOBN(0xf4cdee25, 0xb25cec41), - TOBN(0x49ee565a, 0xe4c6701e), TOBN(0x2a04ca66, 0xfc7d63d8), - TOBN(0xeb105018, 0xef0543fb), TOBN(0xf709a4f5, 0xd1b0d81d), - TOBN(0x5b906ee6, 0x2915d333), TOBN(0xf4a87412, 0x96f1f0ab), - TOBN(0xb6b82fa7, 0x4d82f4c2), TOBN(0x90725a60, 0x6804efb3), - TOBN(0xbc82ec46, 0xadc3425e), TOBN(0xb7b80581, 0x2787843e), - TOBN(0xdf46d91c, 0xdd1fc74c), TOBN(0xdc1c62cb, 0xe783a6c4), - TOBN(0x59d1b9f3, 0x1a04cbba), TOBN(0xd87f6f72, 0x95e40764), - TOBN(0x02b4cfc1, 0x317f4a76), TOBN(0x8d2703eb, 0x91036bce), - TOBN(0x98206cc6, 0xa5e72a56), TOBN(0x57be9ed1, 0xcf53fb0f), - TOBN(0x09374571, 0xef0b17ac), TOBN(0x74b2655e, 0xd9181b38), - TOBN(0xc8f80ea8, 0x89935d0e), TOBN(0xc0d9e942, 0x91529936), - TOBN(0x19686041, 0x1e84e0e5), TOBN(0xa5db84d3, 0xaea34c93), - TOBN(0xf9d5bb19, 0x7073a732), TOBN(0xb8d2fe56, 0x6bcfd7c0), - TOBN(0x45775f36, 0xf3eb82fa), TOBN(0x8cb20ccc, 0xfdff8b58), - TOBN(0x1659b65f, 0x8374c110), TOBN(0xb8b4a422, 0x330c789a), - TOBN(0x75e3c3ea, 0x6fe8208b), TOBN(0xbd74b9e4, 0x286e78fe), - TOBN(0x0be2e81b, 0xd7d93a1a), TOBN(0x7ed06e27, 0xdd0a5aae), - TOBN(0x721f5a58, 0x6be8b800), TOBN(0x428299d1, 0xd846db28), - TOBN(0x95cb8e6b, 0x5be88ed3), TOBN(0xc3186b23, 0x1c034e11), - TOBN(0xa6312c9e, 0x8977d99b), TOBN(0xbe944331, 0x83f531e7), - TOBN(0x8232c0c2, 0x18d3b1d4), TOBN(0x617aae8b, 0xe1247b73), - TOBN(0x40153fc4, 0x282aec3b), TOBN(0xc6063d2f, 0xf7b8f823), - TOBN(0x68f10e58, 0x3304f94c), TOBN(0x31efae74, 0xee676346), - TOBN(0xbadb6c6d, 0x40a9b97c), TOBN(0x14702c63, 0x4f666256), - TOBN(0xdeb954f1, 0x5184b2e3), TOBN(0x5184a526, 0x94b6ca40), - TOBN(0xfff05337, 0x003c32ea), TOBN(0x5aa374dd, 0x205974c7), - TOBN(0x9a763854, 0x4b0dd71a), TOBN(0x459cd27f, 0xdeb947ec), - TOBN(0xa6e28161, 0x459c2b92), TOBN(0x2f020fa8, 0x75ee8ef5), - TOBN(0xb132ec2d, 0x30b06310), TOBN(0xc3e15899, 0xbc6a4530), - TOBN(0xdc5f53fe, 0xaa3f451a), TOBN(0x3a3c7f23, 0xc2d9acac), - TOBN(0x2ec2f892, 0x6b27e58b), TOBN(0x68466ee7, 0xd742799f), - TOBN(0x98324dd4, 0x1fa26613), TOBN(0xa2dc6dab, 0xbdc29d63), - TOBN(0xf9675faa, 0xd712d657), TOBN(0x813994be, 0x21fd8d15), - TOBN(0x5ccbb722, 0xfd4f7553), TOBN(0x5135ff8b, 0xf3a36b20), - TOBN(0x44be28af, 0x69559df5), TOBN(0x40b65bed, 0x9d41bf30), - TOBN(0xd98bf2a4, 0x3734e520), TOBN(0x5e3abbe3, 0x209bdcba), - TOBN(0x77c76553, 0xbc945b35), TOBN(0x5331c093, 0xc6ef14aa), - TOBN(0x518ffe29, 0x76b60c80), TOBN(0x2285593b, 0x7ace16f8), - TOBN(0xab1f64cc, 0xbe2b9784), TOBN(0xe8f2c0d9, 0xab2421b6), - TOBN(0x617d7174, 0xc1df065c), TOBN(0xafeeb5ab, 0x5f6578fa), - TOBN(0x16ff1329, 0x263b54a8), TOBN(0x45c55808, 0xc990dce3), - TOBN(0x42eab6c0, 0xecc8c177), TOBN(0x799ea9b5, 0x5982ecaa), - TOBN(0xf65da244, 0xb607ef8e), TOBN(0x8ab226ce, 0x32a3fc2c), - TOBN(0x745741e5, 0x7ea973dc), TOBN(0x5c00ca70, 0x20888f2e), - TOBN(0x7cdce3cf, 0x45fd9cf1), TOBN(0x8a741ef1, 0x5507f872), - TOBN(0x47c51c2f, 0x196b4cec), TOBN(0x70d08e43, 0xc97ea618), - TOBN(0x930da15c, 0x15b18a2b), TOBN(0x33b6c678, 0x2f610514), - TOBN(0xc662e4f8, 0x07ac9794), TOBN(0x1eccf050, 0xba06cb79), - TOBN(0x1ff08623, 0xe7d954e5), TOBN(0x6ef2c5fb, 0x24cf71c3), - TOBN(0xb2c063d2, 0x67978453), TOBN(0xa0cf3796, 0x1d654af8), - TOBN(0x7cb242ea, 0x7ebdaa37), TOBN(0x206e0b10, 0xb86747e0), - TOBN(0x481dae5f, 0xd5ecfefc), TOBN(0x07084fd8, 0xc2bff8fc), - TOBN(0x8040a01a, 0xea324596), TOBN(0x4c646980, 0xd4de4036), - TOBN(0x9eb8ab4e, 0xd65abfc3), TOBN(0xe01cb91f, 0x13541ec7), - TOBN(0x8f029adb, 0xfd695012), TOBN(0x9ae28483, 0x3c7569ec), - TOBN(0xa5614c9e, 0xa66d80a1), TOBN(0x680a3e44, 0x75f5f911), - TOBN(0x0c07b14d, 0xceba4fc1), TOBN(0x891c285b, 0xa13071c1), - TOBN(0xcac67ceb, 0x799ece3c), TOBN(0x29b910a9, 0x41e07e27), - TOBN(0x66bdb409, 0xf2e43123), TOBN(0x06f8b137, 0x7ac9ecbe), - TOBN(0x5981fafd, 0x38547090), TOBN(0x19ab8b9f, 0x85e3415d), - TOBN(0xfc28c194, 0xc7e31b27), TOBN(0x843be0aa, 0x6fbcbb42), - TOBN(0xf3b1ed43, 0xa6db836c), TOBN(0x2a1330e4, 0x01a45c05), - TOBN(0x4f19f3c5, 0x95c1a377), TOBN(0xa85f39d0, 0x44b5ee33), - TOBN(0x3da18e6d, 0x4ae52834), TOBN(0x5a403b39, 0x7423dcb0), - TOBN(0xbb555e0a, 0xf2374aef), TOBN(0x2ad599c4, 0x1e8ca111), - TOBN(0x1b3a2fb9, 0x014b3bf8), TOBN(0x73092684, 0xf66d5007), - TOBN(0x079f1426, 0xc4340102), TOBN(0x1827cf81, 0x8fddf4de), - TOBN(0xc83605f6, 0xf10ff927), TOBN(0xd3871451, 0x23739fc6), - TOBN(0x6d163450, 0xcac1c2cc), TOBN(0x6b521296, 0xa2ec1ac5), - TOBN(0x0606c4f9, 0x6e3cb4a5), TOBN(0xe47d3f41, 0x778abff7), - TOBN(0x425a8d5e, 0xbe8e3a45), TOBN(0x53ea9e97, 0xa6102160), - TOBN(0x477a106e, 0x39cbb688), TOBN(0x532401d2, 0xf3386d32), - TOBN(0x8e564f64, 0xb1b9b421), TOBN(0xca9b8388, 0x81dad33f), - TOBN(0xb1422b4e, 0x2093913e), TOBN(0x533d2f92, 0x69bc8112), - TOBN(0x3fa017be, 0xebe7b2c7), TOBN(0xb2767c4a, 0xcaf197c6), - TOBN(0xc925ff87, 0xaedbae9f), TOBN(0x7daf0eb9, 0x36880a54), - TOBN(0x9284ddf5, 0x9c4d0e71), TOBN(0x1581cf93, 0x316f8cf5), - TOBN(0x3eeca887, 0x3ac1f452), TOBN(0xb417fce9, 0xfb6aeffe), - TOBN(0xa5918046, 0xeefb8dc3), TOBN(0x73d318ac, 0x02209400), - TOBN(0xe800400f, 0x728693e5), TOBN(0xe87d814b, 0x339927ed), - TOBN(0x93e94d3b, 0x57ea9910), TOBN(0xff8a35b6, 0x2245fb69), - TOBN(0x043853d7, 0x7f200d34), TOBN(0x470f1e68, 0x0f653ce1), - TOBN(0x81ac05bd, 0x59a06379), TOBN(0xa14052c2, 0x03930c29), - TOBN(0x6b72fab5, 0x26bc2797), TOBN(0x13670d16, 0x99f16771), - TOBN(0x00170052, 0x1e3e48d1), TOBN(0x978fe401, 0xb7adf678), - TOBN(0x55ecfb92, 0xd41c5dd4), TOBN(0x5ff8e247, 0xc7b27da5), - TOBN(0xe7518272, 0x013fb606), TOBN(0x5768d7e5, 0x2f547a3c), - TOBN(0xbb24eaa3, 0x60017a5f), TOBN(0x6b18e6e4, 0x9c64ce9b), - TOBN(0xc225c655, 0x103dde07), TOBN(0xfc3672ae, 0x7592f7ea), - TOBN(0x9606ad77, 0xd06283a1), TOBN(0x542fc650, 0xe4d59d99), - TOBN(0xabb57c49, 0x2a40e7c2), TOBN(0xac948f13, 0xa8db9f55), - TOBN(0x6d4c9682, 0xb04465c3), TOBN(0xe3d062fa, 0x6468bd15), - TOBN(0xa51729ac, 0x5f318d7e), TOBN(0x1fc87df6, 0x9eb6fc95), - TOBN(0x63d146a8, 0x0591f652), TOBN(0xa861b8f7, 0x589621aa), - TOBN(0x59f5f15a, 0xce31348c), TOBN(0x8f663391, 0x440da6da), - TOBN(0xcfa778ac, 0xb591ffa3), TOBN(0x027ca9c5, 0x4cdfebce), - TOBN(0xbe8e05a5, 0x444ea6b3), TOBN(0x8aab4e69, 0xa78d8254), - TOBN(0x2437f04f, 0xb474d6b8), TOBN(0x6597ffd4, 0x045b3855), - TOBN(0xbb0aea4e, 0xca47ecaa), TOBN(0x568aae83, 0x85c7ebfc), - TOBN(0x0e966e64, 0xc73b2383), TOBN(0x49eb3447, 0xd17d8762), - TOBN(0xde107821, 0x8da05dab), TOBN(0x443d8baa, 0x016b7236), - TOBN(0x163b63a5, 0xea7610d6), TOBN(0xe47e4185, 0xce1ca979), - TOBN(0xae648b65, 0x80baa132), TOBN(0xebf53de2, 0x0e0d5b64), - TOBN(0x8d3bfcb4, 0xd3c8c1ca), TOBN(0x0d914ef3, 0x5d04b309), - TOBN(0x55ef6415, 0x3de7d395), TOBN(0xbde1666f, 0x26b850e8), - TOBN(0xdbe1ca6e, 0xd449ab19), TOBN(0x8902b322, 0xe89a2672), - TOBN(0xb1674b7e, 0xdacb7a53), TOBN(0x8e9faf6e, 0xf52523ff), - TOBN(0x6ba535da, 0x9a85788b), TOBN(0xd21f03ae, 0xbd0626d4), - TOBN(0x099f8c47, 0xe873dc64), TOBN(0xcda8564d, 0x018ec97e), - TOBN(0x3e8d7a5c, 0xde92c68c), TOBN(0x78e035a1, 0x73323cc4), - TOBN(0x3ef26275, 0xf880ff7c), TOBN(0xa4ee3dff, 0x273eedaa), - TOBN(0x58823507, 0xaf4e18f8), TOBN(0x967ec9b5, 0x0672f328), - TOBN(0x9ded19d9, 0x559d3186), TOBN(0x5e2ab3de, 0x6cdce39c), - TOBN(0xabad6e4d, 0x11c226df), TOBN(0xf9783f43, 0x87723014), - TOBN(0x9a49a0cf, 0x1a885719), TOBN(0xfc0c1a5a, 0x90da9dbf), - TOBN(0x8bbaec49, 0x571d92ac), TOBN(0x569e85fe, 0x4692517f), - TOBN(0x8333b014, 0xa14ea4af), TOBN(0x32f2a62f, 0x12e5c5ad), - TOBN(0x98c2ce3a, 0x06d89b85), TOBN(0xb90741aa, 0x2ff77a08), - TOBN(0x2530defc, 0x01f795a2), TOBN(0xd6e5ba0b, 0x84b3c199), - TOBN(0x7d8e8451, 0x12e4c936), TOBN(0xae419f7d, 0xbd0be17b), - TOBN(0xa583fc8c, 0x22262bc9), TOBN(0x6b842ac7, 0x91bfe2bd), - TOBN(0x33cef4e9, 0x440d6827), TOBN(0x5f69f4de, 0xef81fb14), - TOBN(0xf16cf6f6, 0x234fbb92), TOBN(0x76ae3fc3, 0xd9e7e158), - TOBN(0x4e89f6c2, 0xe9740b33), TOBN(0x677bc85d, 0x4962d6a1), - TOBN(0x6c6d8a7f, 0x68d10d15), TOBN(0x5f9a7224, 0x0257b1cd), - TOBN(0x7096b916, 0x4ad85961), TOBN(0x5f8c47f7, 0xe657ab4a), - TOBN(0xde57d7d0, 0xf7461d7e), TOBN(0x7eb6094d, 0x80ce5ee2), - TOBN(0x0b1e1dfd, 0x34190547), TOBN(0x8a394f43, 0xf05dd150), - TOBN(0x0a9eb24d, 0x97df44e6), TOBN(0x78ca06bf, 0x87675719), - TOBN(0x6f0b3462, 0x6ffeec22), TOBN(0x9d91bcea, 0x36cdd8fb), - TOBN(0xac83363c, 0xa105be47), TOBN(0x81ba76c1, 0x069710e3), - TOBN(0x3d1b24cb, 0x28c682c6), TOBN(0x27f25228, 0x8612575b), - TOBN(0xb587c779, 0xe8e66e98), TOBN(0x7b0c03e9, 0x405eb1fe), - TOBN(0xfdf0d030, 0x15b548e7), TOBN(0xa8be76e0, 0x38b36af7), - TOBN(0x4cdab04a, 0x4f310c40), TOBN(0x6287223e, 0xf47ecaec), - TOBN(0x678e6055, 0x8b399320), TOBN(0x61fe3fa6, 0xc01e4646), - TOBN(0xc482866b, 0x03261a5e), TOBN(0xdfcf45b8, 0x5c2f244a), - TOBN(0x8fab9a51, 0x2f684b43), TOBN(0xf796c654, 0xc7220a66), - TOBN(0x1d90707e, 0xf5afa58f), TOBN(0x2c421d97, 0x4fdbe0de), - TOBN(0xc4f4cda3, 0xaf2ebc2f), TOBN(0xa0af843d, 0xcb4efe24), - TOBN(0x53b857c1, 0x9ccd10b1), TOBN(0xddc9d1eb, 0x914d3e04), - TOBN(0x7bdec8bb, 0x62771deb), TOBN(0x829277aa, 0x91c5aa81), - TOBN(0x7af18dd6, 0x832391ae), TOBN(0x1740f316, 0xc71a84ca),} - , - {TOBN(0x8928e99a, 0xeeaf8c49), TOBN(0xee7aa73d, 0x6e24d728), - TOBN(0x4c5007c2, 0xe72b156c), TOBN(0x5fcf57c5, 0xed408a1d), - TOBN(0x9f719e39, 0xb6057604), TOBN(0x7d343c01, 0xc2868bbf), - TOBN(0x2cca254b, 0x7e103e2d), TOBN(0xe6eb38a9, 0xf131bea2), - TOBN(0xb33e624f, 0x8be762b4), TOBN(0x2a9ee4d1, 0x058e3413), - TOBN(0x968e6369, 0x67d805fa), TOBN(0x9848949b, 0x7db8bfd7), - TOBN(0x5308d7e5, 0xd23a8417), TOBN(0x892f3b1d, 0xf3e29da5), - TOBN(0xc95c139e, 0x3dee471f), TOBN(0x8631594d, 0xd757e089), - TOBN(0xe0c82a3c, 0xde918dcc), TOBN(0x2e7b5994, 0x26fdcf4b), - TOBN(0x82c50249, 0x32cb1b2d), TOBN(0xea613a9d, 0x7657ae07), - TOBN(0xc2eb5f6c, 0xf1fdc9f7), TOBN(0xb6eae8b8, 0x879fe682), - TOBN(0x253dfee0, 0x591cbc7f), TOBN(0x000da713, 0x3e1290e6), - TOBN(0x1083e2ea, 0x1f095615), TOBN(0x0a28ad77, 0x14e68c33), - TOBN(0x6bfc0252, 0x3d8818be), TOBN(0xb585113a, 0xf35850cd), - TOBN(0x7d935f0b, 0x30df8aa1), TOBN(0xaddda07c, 0x4ab7e3ac), - TOBN(0x92c34299, 0x552f00cb), TOBN(0xc33ed1de, 0x2909df6c), - TOBN(0x22c2195d, 0x80e87766), TOBN(0x9e99e6d8, 0x9ddf4ac0), - TOBN(0x09642e4e, 0x65e74934), TOBN(0x2610ffa2, 0xff1ff241), - TOBN(0x4d1d47d4, 0x751c8159), TOBN(0x697b4985, 0xaf3a9363), - TOBN(0x0318ca46, 0x87477c33), TOBN(0xa90cb565, 0x9441eff3), - TOBN(0x58bb3848, 0x36f024cb), TOBN(0x85be1f77, 0x36016168), - TOBN(0x6c59587c, 0xdc7e07f1), TOBN(0x191be071, 0xaf1d8f02), - TOBN(0xbf169fa5, 0xcca5e55c), TOBN(0x3864ba3c, 0xf7d04eac), - TOBN(0x915e367f, 0x8d7d05db), TOBN(0xb48a876d, 0xa6549e5d), - TOBN(0xef89c656, 0x580e40a2), TOBN(0xf194ed8c, 0x728068bc), - TOBN(0x74528045, 0xa47990c9), TOBN(0xf53fc7d7, 0x5e1a4649), - TOBN(0xbec5ae9b, 0x78593e7d), TOBN(0x2cac4ee3, 0x41db65d7), - TOBN(0xa8c1eb24, 0x04a3d39b), TOBN(0x53b7d634, 0x03f8f3ef), - TOBN(0x2dc40d48, 0x3e07113c), TOBN(0x6e4a5d39, 0x7d8b63ae), - TOBN(0x5582a94b, 0x79684c2b), TOBN(0x932b33d4, 0x622da26c), - TOBN(0xf534f651, 0x0dbbf08d), TOBN(0x211d07c9, 0x64c23a52), - TOBN(0x0eeece0f, 0xee5bdc9b), TOBN(0xdf178168, 0xf7015558), - TOBN(0xd4294635, 0x0a712229), TOBN(0x93cbe448, 0x09273f8c), - TOBN(0x00b095ef, 0x8f13bc83), TOBN(0xbb741972, 0x8798978c), - TOBN(0x9d7309a2, 0x56dbe6e7), TOBN(0xe578ec56, 0x5a5d39ec), - TOBN(0x3961151b, 0x851f9a31), TOBN(0x2da7715d, 0xe5709eb4), - TOBN(0x867f3017, 0x53dfabf0), TOBN(0x728d2078, 0xb8e39259), - TOBN(0x5c75a0cd, 0x815d9958), TOBN(0xf84867a6, 0x16603be1), - TOBN(0xc865b13d, 0x70e35b1c), TOBN(0x02414468, 0x19b03e2c), - TOBN(0xe46041da, 0xac1f3121), TOBN(0x7c9017ad, 0x6f028a7c), - TOBN(0xabc96de9, 0x0a482873), TOBN(0x4265d6b1, 0xb77e54d4), - TOBN(0x68c38e79, 0xa57d88e7), TOBN(0xd461d766, 0x9ce82de3), - TOBN(0x817a9ec5, 0x64a7e489), TOBN(0xcc5675cd, 0xa0def5f2), - TOBN(0x9a00e785, 0x985d494e), TOBN(0xc626833f, 0x1b03514a), - TOBN(0xabe7905a, 0x83cdd60e), TOBN(0x50602fb5, 0xa1170184), - TOBN(0x689886cd, 0xb023642a), TOBN(0xd568d090, 0xa6e1fb00), - TOBN(0x5b1922c7, 0x0259217f), TOBN(0x93831cd9, 0xc43141e4), - TOBN(0xdfca3587, 0x0c95f86e), TOBN(0xdec2057a, 0x568ae828), - TOBN(0xc44ea599, 0xf98a759a), TOBN(0x55a0a7a2, 0xf7c23c1d), - TOBN(0xd5ffb6e6, 0x94c4f687), TOBN(0x3563cce2, 0x12848478), - TOBN(0x812b3517, 0xe7b1fbe1), TOBN(0x8a7dc979, 0x4f7338e0), - TOBN(0x211ecee9, 0x52d048db), TOBN(0x2eea4056, 0xc86ea3b8), - TOBN(0xd8cb68a7, 0xba772b34), TOBN(0xe16ed341, 0x5f4e2541), - TOBN(0x9b32f6a6, 0x0fec14db), TOBN(0xeee376f7, 0x391698be), - TOBN(0xe9a7aa17, 0x83674c02), TOBN(0x65832f97, 0x5843022a), - TOBN(0x29f3a8da, 0x5ba4990f), TOBN(0x79a59c3a, 0xfb8e3216), - TOBN(0x9cdc4d2e, 0xbd19bb16), TOBN(0xc6c7cfd0, 0xb3262d86), - TOBN(0xd4ce14d0, 0x969c0b47), TOBN(0x1fa352b7, 0x13e56128), - TOBN(0x383d55b8, 0x973db6d3), TOBN(0x71836850, 0xe8e5b7bf), - TOBN(0xc7714596, 0xe6bb571f), TOBN(0x259df31f, 0x2d5b2dd2), - TOBN(0x568f8925, 0x913cc16d), TOBN(0x18bc5b6d, 0xe1a26f5a), - TOBN(0xdfa413be, 0xf5f499ae), TOBN(0xf8835dec, 0xc3f0ae84), - TOBN(0xb6e60bd8, 0x65a40ab0), TOBN(0x65596439, 0x194b377e), - TOBN(0xbcd85625, 0x92084a69), TOBN(0x5ce433b9, 0x4f23ede0), - TOBN(0xe8e8f04f, 0x6ad65143), TOBN(0x11511827, 0xd6e14af6), - TOBN(0x3d390a10, 0x8295c0c7), TOBN(0x71e29ee4, 0x621eba16), - TOBN(0xa588fc09, 0x63717b46), TOBN(0x02be02fe, 0xe06ad4a2), - TOBN(0x931558c6, 0x04c22b22), TOBN(0xbb4d4bd6, 0x12f3c849), - TOBN(0x54a4f496, 0x20efd662), TOBN(0x92ba6d20, 0xc5952d14), - TOBN(0x2db8ea1e, 0xcc9784c2), TOBN(0x81cc10ca, 0x4b353644), - TOBN(0x40b570ad, 0x4b4d7f6c), TOBN(0x5c9f1d96, 0x84a1dcd2), - TOBN(0x01379f81, 0x3147e797), TOBN(0xe5c6097b, 0x2bd499f5), - TOBN(0x40dcafa6, 0x328e5e20), TOBN(0xf7b5244a, 0x54815550), - TOBN(0xb9a4f118, 0x47bfc978), TOBN(0x0ea0e79f, 0xd25825b1), - TOBN(0xa50f96eb, 0x646c7ecf), TOBN(0xeb811493, 0x446dea9d), - TOBN(0x2af04677, 0xdfabcf69), TOBN(0xbe3a068f, 0xc713f6e8), - TOBN(0x860d523d, 0x42e06189), TOBN(0xbf077941, 0x4e3aff13), - TOBN(0x0b616dca, 0xc1b20650), TOBN(0xe66dd6d1, 0x2131300d), - TOBN(0xd4a0fd67, 0xff99abde), TOBN(0xc9903550, 0xc7aac50d), - TOBN(0x022ecf8b, 0x7c46b2d7), TOBN(0x3333b1e8, 0x3abf92af), - TOBN(0x11cc113c, 0x6c491c14), TOBN(0x05976688, 0x80dd3f88), - TOBN(0xf5b4d9e7, 0x29d932ed), TOBN(0xe982aad8, 0xa2c38b6d), - TOBN(0x6f925347, 0x8be0dcf0), TOBN(0x700080ae, 0x65ca53f2), - TOBN(0xd8131156, 0x443ca77f), TOBN(0xe92d6942, 0xec51f984), - TOBN(0xd2a08af8, 0x85dfe9ae), TOBN(0xd825d9a5, 0x4d2a86ca), - TOBN(0x2c53988d, 0x39dff020), TOBN(0xf38b135a, 0x430cdc40), - TOBN(0x0c918ae0, 0x62a7150b), TOBN(0xf31fd8de, 0x0c340e9b), - TOBN(0xafa0e7ae, 0x4dbbf02e), TOBN(0x5847fb2a, 0x5eba6239), - TOBN(0x6b1647dc, 0xdccbac8b), TOBN(0xb642aa78, 0x06f485c8), - TOBN(0x873f3765, 0x7038ecdf), TOBN(0x2ce5e865, 0xfa49d3fe), - TOBN(0xea223788, 0xc98c4400), TOBN(0x8104a8cd, 0xf1fa5279), - TOBN(0xbcf7cc7a, 0x06becfd7), TOBN(0x49424316, 0xc8f974ae), - TOBN(0xc0da65e7, 0x84d6365d), TOBN(0xbcb7443f, 0x8f759fb8), - TOBN(0x35c712b1, 0x7ae81930), TOBN(0x80428dff, 0x4c6e08ab), - TOBN(0xf19dafef, 0xa4faf843), TOBN(0xced8538d, 0xffa9855f), - TOBN(0x20ac409c, 0xbe3ac7ce), TOBN(0x358c1fb6, 0x882da71e), - TOBN(0xafa9c0e5, 0xfd349961), TOBN(0x2b2cfa51, 0x8421c2fc), - TOBN(0x2a80db17, 0xf3a28d38), TOBN(0xa8aba539, 0x5d138e7e), - TOBN(0x52012d1d, 0x6e96eb8d), TOBN(0x65d8dea0, 0xcbaf9622), - TOBN(0x57735447, 0xb264f56c), TOBN(0xbeebef3f, 0x1b6c8da2), - TOBN(0xfc346d98, 0xce785254), TOBN(0xd50e8d72, 0xbb64a161), - TOBN(0xc03567c7, 0x49794add), TOBN(0x15a76065, 0x752c7ef6), - TOBN(0x59f3a222, 0x961f23d6), TOBN(0x378e4438, 0x73ecc0b0), - TOBN(0xc74be434, 0x5a82fde4), TOBN(0xae509af2, 0xd8b9cf34), - TOBN(0x4a61ee46, 0x577f44a1), TOBN(0xe09b748c, 0xb611deeb), - TOBN(0xc0481b2c, 0xf5f7b884), TOBN(0x35626678, 0x61acfa6b), - TOBN(0x37f4c518, 0xbf8d21e6), TOBN(0x22d96531, 0xb205a76d), - TOBN(0x37fb85e1, 0x954073c0), TOBN(0xbceafe4f, 0x65b3a567), - TOBN(0xefecdef7, 0xbe42a582), TOBN(0xd3fc6080, 0x65046be6), - TOBN(0xc9af13c8, 0x09e8dba9), TOBN(0x1e6c9847, 0x641491ff), - TOBN(0x3b574925, 0xd30c31f7), TOBN(0xb7eb72ba, 0xac2a2122), - TOBN(0x776a0dac, 0xef0859e7), TOBN(0x06fec314, 0x21900942), - TOBN(0x2464bc10, 0xf8c22049), TOBN(0x9bfbcce7, 0x875ebf69), - TOBN(0xd7a88e2a, 0x4336326b), TOBN(0xda05261c, 0x5bc2acfa), - TOBN(0xc29f5bdc, 0xeba7efc8), TOBN(0x471237ca, 0x25dbbf2e), - TOBN(0xa72773f2, 0x2975f127), TOBN(0xdc744e8e, 0x04d0b326), - TOBN(0x38a7ed16, 0xa56edb73), TOBN(0x64357e37, 0x2c007e70), - TOBN(0xa167d15b, 0x5080b400), TOBN(0x07b41164, 0x23de4be1), - TOBN(0xb2d91e32, 0x74c89883), TOBN(0x3c162821, 0x2882e7ed), - TOBN(0xad6b36ba, 0x7503e482), TOBN(0x48434e8e, 0x0ea34331), - TOBN(0x79f4f24f, 0x2c7ae0b9), TOBN(0xc46fbf81, 0x1939b44a), - TOBN(0x76fefae8, 0x56595eb1), TOBN(0x417b66ab, 0xcd5f29c7), - TOBN(0x5f2332b2, 0xc5ceec20), TOBN(0xd69661ff, 0xe1a1cae2), - TOBN(0x5ede7e52, 0x9b0286e6), TOBN(0x9d062529, 0xe276b993), - TOBN(0x324794b0, 0x7e50122b), TOBN(0xdd744f8b, 0x4af07ca5), - TOBN(0x30a12f08, 0xd63fc97b), TOBN(0x39650f1a, 0x76626d9d), - TOBN(0x101b47f7, 0x1fa38477), TOBN(0x3d815f19, 0xd4dc124f), - TOBN(0x1569ae95, 0xb26eb58a), TOBN(0xc3cde188, 0x95fb1887), - TOBN(0x54e9f37b, 0xf9539a48), TOBN(0xb0100e06, 0x7408c1a5), - TOBN(0x821d9811, 0xea580cbb), TOBN(0x8af52d35, 0x86e50c56), - TOBN(0xdfbd9d47, 0xdbbf698b), TOBN(0x2961a1ea, 0x03dc1c73), - TOBN(0x203d38f8, 0xe76a5df8), TOBN(0x08a53a68, 0x6def707a), - TOBN(0x26eefb48, 0x1bee45d4), TOBN(0xb3cee346, 0x3c688036), - TOBN(0x463c5315, 0xc42f2469), TOBN(0x19d84d2e, 0x81378162), - TOBN(0x22d7c3c5, 0x1c4d349f), TOBN(0x65965844, 0x163d59c5), - TOBN(0xcf198c56, 0xb8abceae), TOBN(0x6fb1fb1b, 0x628559d5), - TOBN(0x8bbffd06, 0x07bf8fe3), TOBN(0x46259c58, 0x3467734b), - TOBN(0xd8953cea, 0x35f7f0d3), TOBN(0x1f0bece2, 0xd65b0ff1), - TOBN(0xf7d5b4b3, 0xf3c72914), TOBN(0x29e8ea95, 0x3cb53389), - TOBN(0x4a365626, 0x836b6d46), TOBN(0xe849f910, 0xea174fde), - TOBN(0x7ec62fbb, 0xf4737f21), TOBN(0xd8dba5ab, 0x6209f5ac), - TOBN(0x24b5d7a9, 0xa5f9adbe), TOBN(0x707d28f7, 0xa61dc768), - TOBN(0x7711460b, 0xcaa999ea), TOBN(0xba7b174d, 0x1c92e4cc), - TOBN(0x3c4bab66, 0x18d4bf2d), TOBN(0xb8f0c980, 0xeb8bd279), - TOBN(0x024bea9a, 0x324b4737), TOBN(0xfba9e423, 0x32a83bca), - TOBN(0x6e635643, 0xa232dced), TOBN(0x99619367, 0x2571c8ba), - TOBN(0xe8c9f357, 0x54b7032b), TOBN(0xf936b3ba, 0x2442d54a), - TOBN(0x2263f0f0, 0x8290c65a), TOBN(0x48989780, 0xee2c7fdb), - TOBN(0xadc5d55a, 0x13d4f95e), TOBN(0x737cff85, 0xad9b8500), - TOBN(0x271c557b, 0x8a73f43d), TOBN(0xbed617a4, 0xe18bc476), - TOBN(0x66245401, 0x7dfd8ab2), TOBN(0xae7b89ae, 0x3a2870aa), - TOBN(0x1b555f53, 0x23a7e545), TOBN(0x6791e247, 0xbe057e4c), - TOBN(0x860136ad, 0x324fa34d), TOBN(0xea111447, 0x4cbeae28), - TOBN(0x023a4270, 0xbedd3299), TOBN(0x3d5c3a7f, 0xc1c35c34), - TOBN(0xb0f6db67, 0x8d0412d2), TOBN(0xd92625e2, 0xfcdc6b9a), - TOBN(0x92ae5ccc, 0x4e28a982), TOBN(0xea251c36, 0x47a3ce7e), - TOBN(0x9d658932, 0x790691bf), TOBN(0xed610589, 0x06b736ae), - TOBN(0x712c2f04, 0xc0d63b6e), TOBN(0x5cf06fd5, 0xc63d488f), - TOBN(0x97363fac, 0xd9588e41), TOBN(0x1f9bf762, 0x2b93257e), - TOBN(0xa9d1ffc4, 0x667acace), TOBN(0x1cf4a1aa, 0x0a061ecf), - TOBN(0x40e48a49, 0xdc1818d0), TOBN(0x0643ff39, 0xa3621ab0), - TOBN(0x5768640c, 0xe39ef639), TOBN(0x1fc099ea, 0x04d86854), - TOBN(0x9130b9c3, 0xeccd28fd), TOBN(0xd743cbd2, 0x7eec54ab), - TOBN(0x052b146f, 0xe5b475b6), TOBN(0x058d9a82, 0x900a7d1f), - TOBN(0x65e02292, 0x91262b72), TOBN(0x96f924f9, 0xbb0edf03), - TOBN(0x5cfa59c8, 0xfe206842), TOBN(0xf6037004, 0x5eafa720), - TOBN(0x5f30699e, 0x18d7dd96), TOBN(0x381e8782, 0xcbab2495), - TOBN(0x91669b46, 0xdd8be949), TOBN(0xb40606f5, 0x26aae8ef), - TOBN(0x2812b839, 0xfc6751a4), TOBN(0x16196214, 0xfba800ef), - TOBN(0x4398d5ca, 0x4c1a2875), TOBN(0x720c00ee, 0x653d8349), - TOBN(0xc2699eb0, 0xd820007c), TOBN(0x880ee660, 0xa39b5825), - TOBN(0x70694694, 0x471f6984), TOBN(0xf7d16ea8, 0xe3dda99a), - TOBN(0x28d675b2, 0xc0519a23), TOBN(0x9ebf94fe, 0x4f6952e3), - TOBN(0xf28bb767, 0xa2294a8a), TOBN(0x85512b4d, 0xfe0af3f5), - TOBN(0x18958ba8, 0x99b16a0d), TOBN(0x95c2430c, 0xba7548a7), - TOBN(0xb30d1b10, 0xa16be615), TOBN(0xe3ebbb97, 0x85bfb74c), - TOBN(0xa3273cfe, 0x18549fdb), TOBN(0xf6e200bf, 0x4fcdb792), - TOBN(0x54a76e18, 0x83aba56c), TOBN(0x73ec66f6, 0x89ef6aa2), - TOBN(0x8d17add7, 0xd1b9a305), TOBN(0xa959c5b9, 0xb7ae1b9d), - TOBN(0x88643522, 0x6bcc094a), TOBN(0xcc5616c4, 0xd7d429b9), - TOBN(0xa6dada01, 0xe6a33f7c), TOBN(0xc6217a07, 0x9d4e70ad), - TOBN(0xd619a818, 0x09c15b7c), TOBN(0xea06b329, 0x0e80c854), - TOBN(0x174811ce, 0xa5f5e7b9), TOBN(0x66dfc310, 0x787c65f4), - TOBN(0x4ea7bd69, 0x3316ab54), TOBN(0xc12c4acb, 0x1dcc0f70), - TOBN(0xe4308d1a, 0x1e407dd9), TOBN(0xe8a3587c, 0x91afa997), - TOBN(0xea296c12, 0xab77b7a5), TOBN(0xb5ad49e4, 0x673c0d52), - TOBN(0x40f9b2b2, 0x7006085a), TOBN(0xa88ff340, 0x87bf6ec2), - TOBN(0x978603b1, 0x4e3066a6), TOBN(0xb3f99fc2, 0xb5e486e2), - TOBN(0x07b53f5e, 0xb2e63645), TOBN(0xbe57e547, 0x84c84232), - TOBN(0xd779c216, 0x7214d5cf), TOBN(0x617969cd, 0x029a3aca), - TOBN(0xd17668cd, 0x8a7017a0), TOBN(0x77b4d19a, 0xbe9b7ee8), - TOBN(0x58fd0e93, 0x9c161776), TOBN(0xa8c4f4ef, 0xd5968a72), - TOBN(0x296071cc, 0x67b3de77), TOBN(0xae3c0b8e, 0x634f7905), - TOBN(0x67e440c2, 0x8a7100c9), TOBN(0xbb8c3c1b, 0xeb4b9b42), - TOBN(0x6d71e8ea, 0xc51b3583), TOBN(0x7591f5af, 0x9525e642), - TOBN(0xf73a2f7b, 0x13f509f3), TOBN(0x618487aa, 0x5619ac9b), - TOBN(0x3a72e5f7, 0x9d61718a), TOBN(0x00413bcc, 0x7592d28c), - TOBN(0x7d9b11d3, 0x963c35cf), TOBN(0x77623bcf, 0xb90a46ed), - TOBN(0xdeef273b, 0xdcdd2a50), TOBN(0x4a741f9b, 0x0601846e), - TOBN(0x33b89e51, 0x0ec6e929), TOBN(0xcb02319f, 0x8b7f22cd), - TOBN(0xbbe1500d, 0x084bae24), TOBN(0x2f0ae8d7, 0x343d2693), - TOBN(0xacffb5f2, 0x7cdef811), TOBN(0xaa0c030a, 0x263fb94f), - TOBN(0x6eef0d61, 0xa0f442de), TOBN(0xf92e1817, 0x27b139d3), - TOBN(0x1ae6deb7, 0x0ad8bc28), TOBN(0xa89e38dc, 0xc0514130), - TOBN(0x81eeb865, 0xd2fdca23), TOBN(0x5a15ee08, 0xcc8ef895), - TOBN(0x768fa10a, 0x01905614), TOBN(0xeff5b8ef, 0x880ee19b), - TOBN(0xf0c0cabb, 0xcb1c8a0e), TOBN(0x2e1ee9cd, 0xb8c838f9), - TOBN(0x0587d8b8, 0x8a4a14c0), TOBN(0xf6f27896, 0x2ff698e5), - TOBN(0xed38ef1c, 0x89ee6256), TOBN(0xf44ee1fe, 0x6b353b45), - TOBN(0x9115c0c7, 0x70e903b3), TOBN(0xc78ec0a1, 0x818f31df), - TOBN(0x6c003324, 0xb7dccbc6), TOBN(0xd96dd1f3, 0x163bbc25), - TOBN(0x33aa82dd, 0x5cedd805), TOBN(0x123aae4f, 0x7f7eb2f1), - TOBN(0x1723fcf5, 0xa26262cd), TOBN(0x1f7f4d5d, 0x0060ebd5), - TOBN(0xf19c5c01, 0xb2eaa3af), TOBN(0x2ccb9b14, 0x9790accf), - TOBN(0x1f9c1cad, 0x52324aa6), TOBN(0x63200526, 0x7247df54), - TOBN(0x5732fe42, 0xbac96f82), TOBN(0x52fe771f, 0x01a1c384), - TOBN(0x546ca13d, 0xb1001684), TOBN(0xb56b4eee, 0xa1709f75), - TOBN(0x266545a9, 0xd5db8672), TOBN(0xed971c90, 0x1e8f3cfb), - TOBN(0x4e7d8691, 0xe3a07b29), TOBN(0x7570d9ec, 0xe4b696b9), - TOBN(0xdc5fa067, 0x7bc7e9ae), TOBN(0x68b44caf, 0xc82c4844), - TOBN(0x519d34b3, 0xbf44da80), TOBN(0x283834f9, 0x5ab32e66), - TOBN(0x6e608797, 0x6278a000), TOBN(0x1e62960e, 0x627312f6), - TOBN(0x9b87b27b, 0xe6901c55), TOBN(0x80e78538, 0x24fdbc1f), - TOBN(0xbbbc0951, 0x2facc27d), TOBN(0x06394239, 0xac143b5a), - TOBN(0x35bb4a40, 0x376c1944), TOBN(0x7cb62694, 0x63da1511), - TOBN(0xafd29161, 0xb7148a3b), TOBN(0xa6f9d9ed, 0x4e2ea2ee), - TOBN(0x15dc2ca2, 0x880dd212), TOBN(0x903c3813, 0xa61139a9), - TOBN(0x2aa7b46d, 0x6c0f8785), TOBN(0x36ce2871, 0x901c60ff), - TOBN(0xc683b028, 0xe10d9c12), TOBN(0x7573baa2, 0x032f33d3), - TOBN(0x87a9b1f6, 0x67a31b58), TOBN(0xfd3ed11a, 0xf4ffae12), - TOBN(0x83dcaa9a, 0x0cb2748e), TOBN(0x8239f018, 0x5d6fdf16), - TOBN(0xba67b49c, 0x72753941), TOBN(0x2beec455, 0xc321cb36), - TOBN(0x88015606, 0x3f8b84ce), TOBN(0x76417083, 0x8d38c86f), - TOBN(0x054f1ca7, 0x598953dd), TOBN(0xc939e110, 0x4e8e7429), - TOBN(0x9b1ac2b3, 0x5a914f2f), TOBN(0x39e35ed3, 0xe74b8f9c), - TOBN(0xd0debdb2, 0x781b2fb0), TOBN(0x1585638f, 0x2d997ba2), - TOBN(0x9c4b646e, 0x9e2fce99), TOBN(0x68a21081, 0x1e80857f), - TOBN(0x06d54e44, 0x3643b52a), TOBN(0xde8d6d63, 0x0d8eb843), - TOBN(0x70321563, 0x42146a0a), TOBN(0x8ba826f2, 0x5eaa3622), - TOBN(0x227a58bd, 0x86138787), TOBN(0x43b6c03c, 0x10281d37), - TOBN(0x6326afbb, 0xb54dde39), TOBN(0x744e5e8a, 0xdb6f2d5f), - TOBN(0x48b2a99a, 0xcff158e1), TOBN(0xa93c8fa0, 0xef87918f), - TOBN(0x2182f956, 0xde058c5c), TOBN(0x216235d2, 0x936f9e7a), - TOBN(0xace0c0db, 0xd2e31e67), TOBN(0xc96449bf, 0xf23ac3e7), - TOBN(0x7e9a2874, 0x170693bd), TOBN(0xa28e14fd, 0xa45e6335), - TOBN(0x5757f6b3, 0x56427344), TOBN(0x822e4556, 0xacf8edf9), - TOBN(0x2b7a6ee2, 0xe6a285cd), TOBN(0x5866f211, 0xa9df3af0), - TOBN(0x40dde2dd, 0xf845b844), TOBN(0x986c3726, 0x110e5e49), - TOBN(0x73680c2a, 0xf7172277), TOBN(0x57b94f0f, 0x0cccb244), - TOBN(0xbdff7267, 0x2d438ca7), TOBN(0xbad1ce11, 0xcf4663fd), - TOBN(0x9813ed9d, 0xd8f71cae), TOBN(0xf43272a6, 0x961fdaa6), - TOBN(0xbeff0119, 0xbd6d1637), TOBN(0xfebc4f91, 0x30361978), - TOBN(0x02b37a95, 0x2f41deff), TOBN(0x0e44a59a, 0xe63b89b7), - TOBN(0x673257dc, 0x143ff951), TOBN(0x19c02205, 0xd752baf4), - TOBN(0x46c23069, 0xc4b7d692), TOBN(0x2e6392c3, 0xfd1502ac), - TOBN(0x6057b1a2, 0x1b220846), TOBN(0xe51ff946, 0x0c1b5b63),} - , - {TOBN(0x6e85cb51, 0x566c5c43), TOBN(0xcff9c919, 0x3597f046), - TOBN(0x9354e90c, 0x4994d94a), TOBN(0xe0a39332, 0x2147927d), - TOBN(0x8427fac1, 0x0dc1eb2b), TOBN(0x88cfd8c2, 0x2ff319fa), - TOBN(0xe2d4e684, 0x01965274), TOBN(0xfa2e067d, 0x67aaa746), - TOBN(0xb6d92a7f, 0x3e5f9f11), TOBN(0x9afe153a, 0xd6cb3b8e), - TOBN(0x4d1a6dd7, 0xddf800bd), TOBN(0xf6c13cc0, 0xcaf17e19), - TOBN(0x15f6c58e, 0x325fc3ee), TOBN(0x71095400, 0xa31dc3b2), - TOBN(0x168e7c07, 0xafa3d3e7), TOBN(0x3f8417a1, 0x94c7ae2d), - TOBN(0xec234772, 0x813b230d), TOBN(0x634d0f5f, 0x17344427), - TOBN(0x11548ab1, 0xd77fc56a), TOBN(0x7fab1750, 0xce06af77), - TOBN(0xb62c10a7, 0x4f7c4f83), TOBN(0xa7d2edc4, 0x220a67d9), - TOBN(0x1c404170, 0x921209a0), TOBN(0x0b9815a0, 0xface59f0), - TOBN(0x2842589b, 0x319540c3), TOBN(0x18490f59, 0xa283d6f8), - TOBN(0xa2731f84, 0xdaae9fcb), TOBN(0x3db6d960, 0xc3683ba0), - TOBN(0xc85c63bb, 0x14611069), TOBN(0xb19436af, 0x0788bf05), - TOBN(0x905459df, 0x347460d2), TOBN(0x73f6e094, 0xe11a7db1), - TOBN(0xdc7f938e, 0xb6357f37), TOBN(0xc5d00f79, 0x2bd8aa62), - TOBN(0xc878dcb9, 0x2ca979fc), TOBN(0x37e83ed9, 0xeb023a99), - TOBN(0x6b23e273, 0x1560bf3d), TOBN(0x1086e459, 0x1d0fae61), - TOBN(0x78248316, 0x9a9414bd), TOBN(0x1b956bc0, 0xf0ea9ea1), - TOBN(0x7b85bb91, 0xc31b9c38), TOBN(0x0c5aa90b, 0x48ef57b5), - TOBN(0xdedeb169, 0xaf3bab6f), TOBN(0xe610ad73, 0x2d373685), - TOBN(0xf13870df, 0x02ba8e15), TOBN(0x0337edb6, 0x8ca7f771), - TOBN(0xe4acf747, 0xb62c036c), TOBN(0xd921d576, 0xb6b94e81), - TOBN(0xdbc86439, 0x2c422f7a), TOBN(0xfb635362, 0xed348898), - TOBN(0x83084668, 0xc45bfcd1), TOBN(0xc357c9e3, 0x2b315e11), - TOBN(0xb173b540, 0x5b2e5b8c), TOBN(0x7e946931, 0xe102b9a4), - TOBN(0x17c890eb, 0x7b0fb199), TOBN(0xec225a83, 0xd61b662b), - TOBN(0xf306a3c8, 0xee3c76cb), TOBN(0x3cf11623, 0xd32a1f6e), - TOBN(0xe6d5ab64, 0x6863e956), TOBN(0x3b8a4cbe, 0x5c005c26), - TOBN(0xdcd529a5, 0x9ce6bb27), TOBN(0xc4afaa52, 0x04d4b16f), - TOBN(0xb0624a26, 0x7923798d), TOBN(0x85e56df6, 0x6b307fab), - TOBN(0x0281893c, 0x2bf29698), TOBN(0x91fc19a4, 0xd7ce7603), - TOBN(0x75a5dca3, 0xad9a558f), TOBN(0x40ceb3fa, 0x4d50bf77), - TOBN(0x1baf6060, 0xbc9ba369), TOBN(0x927e1037, 0x597888c2), - TOBN(0xd936bf19, 0x86a34c07), TOBN(0xd4cf10c1, 0xc34ae980), - TOBN(0x3a3e5334, 0x859dd614), TOBN(0x9c475b5b, 0x18d0c8ee), - TOBN(0x63080d1f, 0x07cd51d5), TOBN(0xc9c0d0a6, 0xb88b4326), - TOBN(0x1ac98691, 0xc234296f), TOBN(0x2a0a83a4, 0x94887fb6), - TOBN(0x56511427, 0x0cea9cf2), TOBN(0x5230a6e8, 0xa24802f5), - TOBN(0xf7a2bf0f, 0x72e3d5c1), TOBN(0x37717446, 0x4f21439e), - TOBN(0xfedcbf25, 0x9ce30334), TOBN(0xe0030a78, 0x7ce202f9), - TOBN(0x6f2d9ebf, 0x1202e9ca), TOBN(0xe79dde6c, 0x75e6e591), - TOBN(0xf52072af, 0xf1dac4f8), TOBN(0x6c8d087e, 0xbb9b404d), - TOBN(0xad0fc73d, 0xbce913af), TOBN(0x909e587b, 0x458a07cb), - TOBN(0x1300da84, 0xd4f00c8a), TOBN(0x425cd048, 0xb54466ac), - TOBN(0xb59cb9be, 0x90e9d8bf), TOBN(0x991616db, 0x3e431b0e), - TOBN(0xd3aa117a, 0x531aecff), TOBN(0x91af92d3, 0x59f4dc3b), - TOBN(0x9b1ec292, 0xe93fda29), TOBN(0x76bb6c17, 0xe97d91bc), - TOBN(0x7509d95f, 0xaface1e6), TOBN(0x3653fe47, 0xbe855ae3), - TOBN(0x73180b28, 0x0f680e75), TOBN(0x75eefd1b, 0xeeb6c26c), - TOBN(0xa4cdf29f, 0xb66d4236), TOBN(0x2d70a997, 0x6b5821d8), - TOBN(0x7a3ee207, 0x20445c36), TOBN(0x71d1ac82, 0x59877174), - TOBN(0x0fc539f7, 0x949f73e9), TOBN(0xd05cf3d7, 0x982e3081), - TOBN(0x8758e20b, 0x7b1c7129), TOBN(0xffadcc20, 0x569e61f2), - TOBN(0xb05d3a2f, 0x59544c2d), TOBN(0xbe16f5c1, 0x9fff5e53), - TOBN(0x73cf65b8, 0xaad58135), TOBN(0x622c2119, 0x037aa5be), - TOBN(0x79373b3f, 0x646fd6a0), TOBN(0x0e029db5, 0x0d3978cf), - TOBN(0x8bdfc437, 0x94fba037), TOBN(0xaefbd687, 0x620797a6), - TOBN(0x3fa5382b, 0xbd30d38e), TOBN(0x7627cfbf, 0x585d7464), - TOBN(0xb2330fef, 0x4e4ca463), TOBN(0xbcef7287, 0x3566cc63), - TOBN(0xd161d2ca, 0xcf780900), TOBN(0x135dc539, 0x5b54827d), - TOBN(0x638f052e, 0x27bf1bc6), TOBN(0x10a224f0, 0x07dfa06c), - TOBN(0xe973586d, 0x6d3321da), TOBN(0x8b0c5738, 0x26152c8f), - TOBN(0x07ef4f2a, 0x34606074), TOBN(0x80fe7fe8, 0xa0f7047a), - TOBN(0x3d1a8152, 0xe1a0e306), TOBN(0x32cf43d8, 0x88da5222), - TOBN(0xbf89a95f, 0x5f02ffe6), TOBN(0x3d9eb9a4, 0x806ad3ea), - TOBN(0x012c17bb, 0x79c8e55e), TOBN(0xfdcd1a74, 0x99c81dac), - TOBN(0x7043178b, 0xb9556098), TOBN(0x4090a1df, 0x801c3886), - TOBN(0x759800ff, 0x9b67b912), TOBN(0x3e5c0304, 0x232620c8), - TOBN(0x4b9d3c4b, 0x70dceeca), TOBN(0xbb2d3c15, 0x181f648e), - TOBN(0xf981d837, 0x6e33345c), TOBN(0xb626289b, 0x0cf2297a), - TOBN(0x766ac659, 0x8baebdcf), TOBN(0x1a28ae09, 0x75df01e5), - TOBN(0xb71283da, 0x375876d8), TOBN(0x4865a96d, 0x607b9800), - TOBN(0x25dd1bcd, 0x237936b2), TOBN(0x332f4f4b, 0x60417494), - TOBN(0xd0923d68, 0x370a2147), TOBN(0x497f5dfb, 0xdc842203), - TOBN(0x9dc74cbd, 0x32be5e0f), TOBN(0x7475bcb7, 0x17a01375), - TOBN(0x438477c9, 0x50d872b1), TOBN(0xcec67879, 0xffe1d63d), - TOBN(0x9b006014, 0xd8578c70), TOBN(0xc9ad99a8, 0x78bb6b8b), - TOBN(0x6799008e, 0x11fb3806), TOBN(0xcfe81435, 0xcd44cab3), - TOBN(0xa2ee1582, 0x2f4fb344), TOBN(0xb8823450, 0x483fa6eb), - TOBN(0x622d323d, 0x652c7749), TOBN(0xd8474a98, 0xbeb0a15b), - TOBN(0xe43c154d, 0x5d1c00d0), TOBN(0x7fd581d9, 0x0e3e7aac), - TOBN(0x2b44c619, 0x2525ddf8), TOBN(0x67a033eb, 0xb8ae9739), - TOBN(0x113ffec1, 0x9ef2d2e4), TOBN(0x1bf6767e, 0xd5a0ea7f), - TOBN(0x57fff75e, 0x03714c0a), TOBN(0xa23c422e, 0x0a23e9ee), - TOBN(0xdd5f6b2d, 0x540f83af), TOBN(0xc2c2c27e, 0x55ea46a7), - TOBN(0xeb6b4246, 0x672a1208), TOBN(0xd13599f7, 0xae634f7a), - TOBN(0xcf914b5c, 0xd7b32c6e), TOBN(0x61a5a640, 0xeaf61814), - TOBN(0x8dc3df8b, 0x208a1bbb), TOBN(0xef627fd6, 0xb6d79aa5), - TOBN(0x44232ffc, 0xc4c86bc8), TOBN(0xe6f9231b, 0x061539fe), - TOBN(0x1d04f25a, 0x958b9533), TOBN(0x180cf934, 0x49e8c885), - TOBN(0x89689595, 0x9884aaf7), TOBN(0xb1959be3, 0x07b348a6), - TOBN(0x96250e57, 0x3c147c87), TOBN(0xae0efb3a, 0xdd0c61f8), - TOBN(0xed00745e, 0xca8c325e), TOBN(0x3c911696, 0xecff3f70), - TOBN(0x73acbc65, 0x319ad41d), TOBN(0x7b01a020, 0xf0b1c7ef), - TOBN(0xea32b293, 0x63a1483f), TOBN(0x89eabe71, 0x7a248f96), - TOBN(0x9c6231d3, 0x343157e5), TOBN(0x93a375e5, 0xdf3c546d), - TOBN(0xe76e9343, 0x6a2afe69), TOBN(0xc4f89100, 0xe166c88e), - TOBN(0x248efd0d, 0x4f872093), TOBN(0xae0eb3ea, 0x8fe0ea61), - TOBN(0xaf89790d, 0x9d79046e), TOBN(0x4d650f2d, 0x6cee0976), - TOBN(0xa3935d9a, 0x43071eca), TOBN(0x66fcd2c9, 0x283b0bfe), - TOBN(0x0e665eb5, 0x696605f1), TOBN(0xe77e5d07, 0xa54cd38d), - TOBN(0x90ee050a, 0x43d950cf), TOBN(0x86ddebda, 0xd32e69b5), - TOBN(0x6ad94a3d, 0xfddf7415), TOBN(0xf7fa1309, 0x3f6e8d5a), - TOBN(0xc4831d1d, 0xe9957f75), TOBN(0x7de28501, 0xd5817447), - TOBN(0x6f1d7078, 0x9e2aeb6b), TOBN(0xba2b9ff4, 0xf67a53c2), - TOBN(0x36963767, 0xdf9defc3), TOBN(0x479deed3, 0x0d38022c), - TOBN(0xd2edb89b, 0x3a8631e8), TOBN(0x8de855de, 0x7a213746), - TOBN(0xb2056cb7, 0xb00c5f11), TOBN(0xdeaefbd0, 0x2c9b85e4), - TOBN(0x03f39a8d, 0xd150892d), TOBN(0x37b84686, 0x218b7985), - TOBN(0x36296dd8, 0xb7375f1a), TOBN(0x472cd4b1, 0xb78e898e), - TOBN(0x15dff651, 0xe9f05de9), TOBN(0xd4045069, 0x2ce98ba9), - TOBN(0x8466a7ae, 0x9b38024c), TOBN(0xb910e700, 0xe5a6b5ef), - TOBN(0xae1c56ea, 0xb3aa8f0d), TOBN(0xbab2a507, 0x7eee74a6), - TOBN(0x0dca11e2, 0x4b4c4620), TOBN(0xfd896e2e, 0x4c47d1f4), - TOBN(0xeb45ae53, 0x308fbd93), TOBN(0x46cd5a2e, 0x02c36fda), - TOBN(0x6a3d4e90, 0xbaa48385), TOBN(0xdd55e62e, 0x9dbe9960), - TOBN(0xa1406aa0, 0x2a81ede7), TOBN(0x6860dd14, 0xf9274ea7), - TOBN(0xcfdcb0c2, 0x80414f86), TOBN(0xff410b10, 0x22f94327), - TOBN(0x5a33cc38, 0x49ad467b), TOBN(0xefb48b6c, 0x0a7335f1), - TOBN(0x14fb54a4, 0xb153a360), TOBN(0x604aa9d2, 0xb52469cc), - TOBN(0x5e9dc486, 0x754e48e9), TOBN(0x693cb455, 0x37471e8e), - TOBN(0xfb2fd7cd, 0x8d3b37b6), TOBN(0x63345e16, 0xcf09ff07), - TOBN(0x9910ba6b, 0x23a5d896), TOBN(0x1fe19e35, 0x7fe4364e), - TOBN(0x6e1da8c3, 0x9a33c677), TOBN(0x15b4488b, 0x29fd9fd0), - TOBN(0x1f439254, 0x1a1f22bf), TOBN(0x920a8a70, 0xab8163e8), - TOBN(0x3fd1b249, 0x07e5658e), TOBN(0xf2c4f79c, 0xb6ec839b), - TOBN(0x1abbc3d0, 0x4aa38d1b), TOBN(0x3b0db35c, 0xb5d9510e), - TOBN(0x1754ac78, 0x3e60dec0), TOBN(0x53272fd7, 0xea099b33), - TOBN(0x5fb0494f, 0x07a8e107), TOBN(0x4a89e137, 0x6a8191fa), - TOBN(0xa113b7f6, 0x3c4ad544), TOBN(0x88a2e909, 0x6cb9897b), - TOBN(0x17d55de3, 0xb44a3f84), TOBN(0xacb2f344, 0x17c6c690), - TOBN(0x32088168, 0x10232390), TOBN(0xf2e8a61f, 0x6c733bf7), - TOBN(0xa774aab6, 0x9c2d7652), TOBN(0xfb5307e3, 0xed95c5bc), - TOBN(0xa05c73c2, 0x4981f110), TOBN(0x1baae31c, 0xa39458c9), - TOBN(0x1def185b, 0xcbea62e7), TOBN(0xe8ac9eae, 0xeaf63059), - TOBN(0x098a8cfd, 0x9921851c), TOBN(0xd959c3f1, 0x3abe2f5b), - TOBN(0xa4f19525, 0x20e40ae5), TOBN(0x320789e3, 0x07a24aa1), - TOBN(0x259e6927, 0x7392b2bc), TOBN(0x58f6c667, 0x1918668b), - TOBN(0xce1db2bb, 0xc55d2d8b), TOBN(0x41d58bb7, 0xf4f6ca56), - TOBN(0x7650b680, 0x8f877614), TOBN(0x905e16ba, 0xf4c349ed), - TOBN(0xed415140, 0xf661acac), TOBN(0x3b8784f0, 0xcb2270af), - TOBN(0x3bc280ac, 0x8a402cba), TOBN(0xd53f7146, 0x0937921a), - TOBN(0xc03c8ee5, 0xe5681e83), TOBN(0x62126105, 0xf6ac9e4a), - TOBN(0x9503a53f, 0x936b1a38), TOBN(0x3d45e2d4, 0x782fecbd), - TOBN(0x69a5c439, 0x76e8ae98), TOBN(0xb53b2eeb, 0xbfb4b00e), - TOBN(0xf1674712, 0x72386c89), TOBN(0x30ca34a2, 0x4268bce4), - TOBN(0x7f1ed86c, 0x78341730), TOBN(0x8ef5beb8, 0xb525e248), - TOBN(0xbbc489fd, 0xb74fbf38), TOBN(0x38a92a0e, 0x91a0b382), - TOBN(0x7a77ba3f, 0x22433ccf), TOBN(0xde8362d6, 0xa29f05a9), - TOBN(0x7f6a30ea, 0x61189afc), TOBN(0x693b5505, 0x59ef114f), - TOBN(0x50266bc0, 0xcd1797a1), TOBN(0xea17b47e, 0xf4b7af2d), - TOBN(0xd6c4025c, 0x3df9483e), TOBN(0x8cbb9d9f, 0xa37b18c9), - TOBN(0x91cbfd9c, 0x4d8424cf), TOBN(0xdb7048f1, 0xab1c3506), - TOBN(0x9eaf641f, 0x028206a3), TOBN(0xf986f3f9, 0x25bdf6ce), - TOBN(0x262143b5, 0x224c08dc), TOBN(0x2bbb09b4, 0x81b50c91), - TOBN(0xc16ed709, 0xaca8c84f), TOBN(0xa6210d9d, 0xb2850ca8), - TOBN(0x6d8df67a, 0x09cb54d6), TOBN(0x91eef6e0, 0x500919a4), - TOBN(0x90f61381, 0x0f132857), TOBN(0x9acede47, 0xf8d5028b), - TOBN(0x844d1b71, 0x90b771c3), TOBN(0x563b71e4, 0xba6426be), - TOBN(0x2efa2e83, 0xbdb802ff), TOBN(0x3410cbab, 0xab5b4a41), - TOBN(0x555b2d26, 0x30da84dd), TOBN(0xd0711ae9, 0xee1cc29a), - TOBN(0xcf3e8c60, 0x2f547792), TOBN(0x03d7d5de, 0xdc678b35), - TOBN(0x071a2fa8, 0xced806b8), TOBN(0x222e6134, 0x697f1478), - TOBN(0xdc16fd5d, 0xabfcdbbf), TOBN(0x44912ebf, 0x121b53b8), - TOBN(0xac943674, 0x2496c27c), TOBN(0x8ea3176c, 0x1ffc26b0), - TOBN(0xb6e224ac, 0x13debf2c), TOBN(0x524cc235, 0xf372a832), - TOBN(0xd706e1d8, 0x9f6f1b18), TOBN(0x2552f005, 0x44cce35b), - TOBN(0x8c8326c2, 0xa88e31fc), TOBN(0xb5468b2c, 0xf9552047), - TOBN(0xce683e88, 0x3ff90f2b), TOBN(0x77947bdf, 0x2f0a5423), - TOBN(0xd0a1b28b, 0xed56e328), TOBN(0xaee35253, 0xc20134ac), - TOBN(0x7e98367d, 0x3567962f), TOBN(0x379ed61f, 0x8188bffb), - TOBN(0x73bba348, 0xfaf130a1), TOBN(0x6c1f75e1, 0x904ed734), - TOBN(0x18956642, 0x3b4a79fc), TOBN(0xf20bc83d, 0x54ef4493), - TOBN(0x836d425d, 0x9111eca1), TOBN(0xe5b5c318, 0x009a8dcf), - TOBN(0x3360b25d, 0x13221bc5), TOBN(0x707baad2, 0x6b3eeaf7), - TOBN(0xd7279ed8, 0x743a95a1), TOBN(0x7450a875, 0x969e809f), - TOBN(0x32b6bd53, 0xe5d0338f), TOBN(0x1e77f7af, 0x2b883bbc), - TOBN(0x90da12cc, 0x1063ecd0), TOBN(0xe2697b58, 0xc315be47), - TOBN(0x2771a5bd, 0xda85d534), TOBN(0x53e78c1f, 0xff980eea), - TOBN(0xadf1cf84, 0x900385e7), TOBN(0x7d3b14f6, 0xc9387b62), - TOBN(0x170e74b0, 0xcb8f2bd2), TOBN(0x2d50b486, 0x827fa993), - TOBN(0xcdbe8c9a, 0xf6f32bab), TOBN(0x55e906b0, 0xc3b93ab8), - TOBN(0x747f22fc, 0x8fe280d1), TOBN(0xcd8e0de5, 0xb2e114ab), - TOBN(0x5ab7dbeb, 0xe10b68b0), TOBN(0x9dc63a9c, 0xa480d4b2), - TOBN(0x78d4bc3b, 0x4be1495f), TOBN(0x25eb3db8, 0x9359122d), - TOBN(0x3f8ac05b, 0x0809cbdc), TOBN(0xbf4187bb, 0xd37c702f), - TOBN(0x84cea069, 0x1416a6a5), TOBN(0x8f860c79, 0x43ef881c), - TOBN(0x41311f8a, 0x38038a5d), TOBN(0xe78c2ec0, 0xfc612067), - TOBN(0x494d2e81, 0x5ad73581), TOBN(0xb4cc9e00, 0x59604097), - TOBN(0xff558aec, 0xf3612cba), TOBN(0x35beef7a, 0x9e36c39e), - TOBN(0x1845c7cf, 0xdbcf41b9), TOBN(0x5703662a, 0xaea997c0), - TOBN(0x8b925afe, 0xe402f6d8), TOBN(0xd0a1b1ae, 0x4dd72162), - TOBN(0x9f47b375, 0x03c41c4b), TOBN(0xa023829b, 0x0391d042), - TOBN(0x5f5045c3, 0x503b8b0a), TOBN(0x123c2688, 0x98c010e5), - TOBN(0x324ec0cc, 0x36ba06ee), TOBN(0xface3115, 0x3dd2cc0c), - TOBN(0xb364f3be, 0xf333e91f), TOBN(0xef8aff73, 0x28e832b0), - TOBN(0x1e9bad04, 0x2d05841b), TOBN(0x42f0e3df, 0x356a21e2), - TOBN(0xa3270bcb, 0x4add627e), TOBN(0xb09a8158, 0xd322e711), - TOBN(0x86e326a1, 0x0fee104a), TOBN(0xad7788f8, 0x3703f65d), - TOBN(0x7e765430, 0x47bc4833), TOBN(0x6cee582b, 0x2b9b893a), - TOBN(0x9cd2a167, 0xe8f55a7b), TOBN(0xefbee3c6, 0xd9e4190d), - TOBN(0x33ee7185, 0xd40c2e9d), TOBN(0x844cc9c5, 0xa380b548), - TOBN(0x323f8ecd, 0x66926e04), TOBN(0x0001e38f, 0x8110c1ba), - TOBN(0x8dbcac12, 0xfc6a7f07), TOBN(0xd65e1d58, 0x0cec0827), - TOBN(0xd2cd4141, 0xbe76ca2d), TOBN(0x7895cf5c, 0xe892f33a), - TOBN(0x956d230d, 0x367139d2), TOBN(0xa91abd3e, 0xd012c4c1), - TOBN(0x34fa4883, 0x87eb36bf), TOBN(0xc5f07102, 0x914b8fb4), - TOBN(0x90f0e579, 0xadb9c95f), TOBN(0xfe6ea8cb, 0x28888195), - TOBN(0x7b9b5065, 0xedfa9284), TOBN(0x6c510bd2, 0x2b8c8d65), - TOBN(0xd7b8ebef, 0xcbe8aafd), TOBN(0xedb3af98, 0x96b1da07), - TOBN(0x28ff779d, 0x6295d426), TOBN(0x0c4f6ac7, 0x3fa3ad7b), - TOBN(0xec44d054, 0x8b8e2604), TOBN(0x9b32a66d, 0x8b0050e1), - TOBN(0x1f943366, 0xf0476ce2), TOBN(0x7554d953, 0xa602c7b4), - TOBN(0xbe35aca6, 0x524f2809), TOBN(0xb6881229, 0xfd4edbea), - TOBN(0xe8cd0c8f, 0x508efb63), TOBN(0x9eb5b5c8, 0x6abcefc7), - TOBN(0xf5621f5f, 0xb441ab4f), TOBN(0x79e6c046, 0xb76a2b22), - TOBN(0x74a4792c, 0xe37a1f69), TOBN(0xcbd252cb, 0x03542b60), - TOBN(0x785f65d5, 0xb3c20bd3), TOBN(0x8dea6143, 0x4fabc60c), - TOBN(0x45e21446, 0xde673629), TOBN(0x57f7aa1e, 0x703c2d21), - TOBN(0xa0e99b7f, 0x98c868c7), TOBN(0x4e42f66d, 0x8b641676), - TOBN(0x602884dc, 0x91077896), TOBN(0xa0d690cf, 0xc2c9885b), - TOBN(0xfeb4da33, 0x3b9a5187), TOBN(0x5f789598, 0x153c87ee), - TOBN(0x2192dd47, 0x52b16dba), TOBN(0xdeefc0e6, 0x3524c1b1), - TOBN(0x465ea76e, 0xe4383693), TOBN(0x79401711, 0x361b8d98), - TOBN(0xa5f9ace9, 0xf21a15cb), TOBN(0x73d26163, 0xefee9aeb), - TOBN(0xcca844b3, 0xe677016c), TOBN(0x6c122b07, 0x57eaee06), - TOBN(0xb782dce7, 0x15f09690), TOBN(0x508b9b12, 0x2dfc0fc9), - TOBN(0x9015ab4b, 0x65d89fc6), TOBN(0x5e79dab7, 0xd6d5bb0f), - TOBN(0x64f021f0, 0x6c775aa2), TOBN(0xdf09d8cc, 0x37c7eca1), - TOBN(0x9a761367, 0xef2fa506), TOBN(0xed4ca476, 0x5b81eec6), - TOBN(0x262ede36, 0x10bbb8b5), TOBN(0x0737ce83, 0x0641ada3), - TOBN(0x4c94288a, 0xe9831ccc), TOBN(0x487fc1ce, 0x8065e635), - TOBN(0xb13d7ab3, 0xb8bb3659), TOBN(0xdea5df3e, 0x855e4120), - TOBN(0xb9a18573, 0x85eb0244), TOBN(0x1a1b8ea3, 0xa7cfe0a3), - TOBN(0x3b837119, 0x67b0867c), TOBN(0x8d5e0d08, 0x9d364520), - TOBN(0x52dccc1e, 0xd930f0e3), TOBN(0xefbbcec7, 0xbf20bbaf), - TOBN(0x99cffcab, 0x0263ad10), TOBN(0xd8199e6d, 0xfcd18f8a), - TOBN(0x64e2773f, 0xe9f10617), TOBN(0x0079e8e1, 0x08704848), - TOBN(0x1169989f, 0x8a342283), TOBN(0x8097799c, 0xa83012e6), - TOBN(0xece966cb, 0x8a6a9001), TOBN(0x93b3afef, 0x072ac7fc), - TOBN(0xe6893a2a, 0x2db3d5ba), TOBN(0x263dc462, 0x89bf4fdc), - TOBN(0x8852dfc9, 0xe0396673), TOBN(0x7ac70895, 0x3af362b6), - TOBN(0xbb9cce4d, 0x5c2f342b), TOBN(0xbf80907a, 0xb52d7aae), - TOBN(0x97f3d3cd, 0x2161bcd0), TOBN(0xb25b0834, 0x0962744d), - TOBN(0xc5b18ea5, 0x6c3a1dda), TOBN(0xfe4ec7eb, 0x06c92317), - TOBN(0xb787b890, 0xad1c4afe), TOBN(0xdccd9a92, 0x0ede801a), - TOBN(0x9ac6ddda, 0xdb58da1f), TOBN(0x22bbc12f, 0xb8cae6ee), - TOBN(0xc6f8bced, 0x815c4a43), TOBN(0x8105a92c, 0xf96480c7), - TOBN(0x0dc3dbf3, 0x7a859d51), TOBN(0xe3ec7ce6, 0x3041196b), - TOBN(0xd9f64b25, 0x0d1067c9), TOBN(0xf2321321, 0x3d1f8dd8), - TOBN(0x8b5c619c, 0x76497ee8), TOBN(0x5d2b0ac6, 0xc717370e), - TOBN(0x98204cb6, 0x4fcf68e1), TOBN(0x0bdec211, 0x62bc6792), - TOBN(0x6973ccef, 0xa63b1011), TOBN(0xf9e3fa97, 0xe0de1ac5), - TOBN(0x5efb693e, 0x3d0e0c8b), TOBN(0x037248e9, 0xd2d4fcb4),} - , - {TOBN(0x80802dc9, 0x1ec34f9e), TOBN(0xd8772d35, 0x33810603), - TOBN(0x3f06d66c, 0x530cb4f3), TOBN(0x7be5ed0d, 0xc475c129), - TOBN(0xcb9e3c19, 0x31e82b10), TOBN(0xc63d2857, 0xc9ff6b4c), - TOBN(0xb92118c6, 0x92a1b45e), TOBN(0x0aec4414, 0x7285bbca), - TOBN(0xfc189ae7, 0x1e29a3ef), TOBN(0xcbe906f0, 0x4c93302e), - TOBN(0xd0107914, 0xceaae10e), TOBN(0xb7a23f34, 0xb68e19f8), - TOBN(0xe9d875c2, 0xefd2119d), TOBN(0x03198c6e, 0xfcadc9c8), - TOBN(0x65591bf6, 0x4da17113), TOBN(0x3cf0bbf8, 0x3d443038), - TOBN(0xae485bb7, 0x2b724759), TOBN(0x945353e1, 0xb2d4c63a), - TOBN(0x82159d07, 0xde7d6f2c), TOBN(0x389caef3, 0x4ec5b109), - TOBN(0x4a8ebb53, 0xdb65ef14), TOBN(0x2dc2cb7e, 0xdd99de43), - TOBN(0x816fa3ed, 0x83f2405f), TOBN(0x73429bb9, 0xc14208a3), - TOBN(0xb618d590, 0xb01e6e27), TOBN(0x047e2ccd, 0xe180b2dc), - TOBN(0xd1b299b5, 0x04aea4a9), TOBN(0x412c9e1e, 0x9fa403a4), - TOBN(0x88d28a36, 0x79407552), TOBN(0x49c50136, 0xf332b8e3), - TOBN(0x3a1b6fcc, 0xe668de19), TOBN(0x178851bc, 0x75122b97), - TOBN(0xb1e13752, 0xfb85fa4c), TOBN(0xd61257ce, 0x383c8ce9), - TOBN(0xd43da670, 0xd2f74dae), TOBN(0xa35aa23f, 0xbf846bbb), - TOBN(0x5e74235d, 0x4421fc83), TOBN(0xf6df8ee0, 0xc363473b), - TOBN(0x34d7f52a, 0x3c4aa158), TOBN(0x50d05aab, 0x9bc6d22e), - TOBN(0x8c56e735, 0xa64785f4), TOBN(0xbc56637b, 0x5f29cd07), - TOBN(0x53b2bb80, 0x3ee35067), TOBN(0x50235a0f, 0xdc919270), - TOBN(0x191ab6d8, 0xf2c4aa65), TOBN(0xc3475831, 0x8396023b), - TOBN(0x80400ba5, 0xf0f805ba), TOBN(0x8881065b, 0x5ec0f80f), - TOBN(0xc370e522, 0xcc1b5e83), TOBN(0xde2d4ad1, 0x860b8bfb), - TOBN(0xad364df0, 0x67b256df), TOBN(0x8f12502e, 0xe0138997), - TOBN(0x503fa0dc, 0x7783920a), TOBN(0xe80014ad, 0xc0bc866a), - TOBN(0x3f89b744, 0xd3064ba6), TOBN(0x03511dcd, 0xcba5dba5), - TOBN(0x197dd46d, 0x95a7b1a2), TOBN(0x9c4e7ad6, 0x3c6341fb), - TOBN(0x426eca29, 0x484c2ece), TOBN(0x9211e489, 0xde7f4f8a), - TOBN(0x14997f6e, 0xc78ef1f4), TOBN(0x2b2c0910, 0x06574586), - TOBN(0x17286a6e, 0x1c3eede8), TOBN(0x25f92e47, 0x0f60e018), - TOBN(0x805c5646, 0x31890a36), TOBN(0x703ef600, 0x57feea5b), - TOBN(0x389f747c, 0xaf3c3030), TOBN(0xe0e5daeb, 0x54dd3739), - TOBN(0xfe24a4c3, 0xc9c9f155), TOBN(0x7e4bf176, 0xb5393962), - TOBN(0x37183de2, 0xaf20bf29), TOBN(0x4a1bd7b5, 0xf95a8c3b), - TOBN(0xa83b9699, 0x46191d3d), TOBN(0x281fc8dd, 0x7b87f257), - TOBN(0xb18e2c13, 0x54107588), TOBN(0x6372def7, 0x9b2bafe8), - TOBN(0xdaf4bb48, 0x0d8972ca), TOBN(0x3f2dd4b7, 0x56167a3f), - TOBN(0x1eace32d, 0x84310cf4), TOBN(0xe3bcefaf, 0xe42700aa), - TOBN(0x5fe5691e, 0xd785e73d), TOBN(0xa5db5ab6, 0x2ea60467), - TOBN(0x02e23d41, 0xdfc6514a), TOBN(0x35e8048e, 0xe03c3665), - TOBN(0x3f8b118f, 0x1adaa0f8), TOBN(0x28ec3b45, 0x84ce1a5a), - TOBN(0xe8cacc6e, 0x2c6646b8), TOBN(0x1343d185, 0xdbd0e40f), - TOBN(0xe5d7f844, 0xcaaa358c), TOBN(0x1a1db7e4, 0x9924182a), - TOBN(0xd64cd42d, 0x9c875d9a), TOBN(0xb37b515f, 0x042eeec8), - TOBN(0x4d4dd409, 0x7b165fbe), TOBN(0xfc322ed9, 0xe206eff3), - TOBN(0x7dee4102, 0x59b7e17e), TOBN(0x55a481c0, 0x8236ca00), - TOBN(0x8c885312, 0xc23fc975), TOBN(0x15715806, 0x05d6297b), - TOBN(0xa078868e, 0xf78edd39), TOBN(0x956b31e0, 0x03c45e52), - TOBN(0x470275d5, 0xff7b33a6), TOBN(0xc8d5dc3a, 0x0c7e673f), - TOBN(0x419227b4, 0x7e2f2598), TOBN(0x8b37b634, 0x4c14a975), - TOBN(0xd0667ed6, 0x8b11888c), TOBN(0x5e0e8c3e, 0x803e25dc), - TOBN(0x34e5d0dc, 0xb987a24a), TOBN(0x9f40ac3b, 0xae920323), - TOBN(0x5463de95, 0x34e0f63a), TOBN(0xa128bf92, 0x6b6328f9), - TOBN(0x491ccd7c, 0xda64f1b7), TOBN(0x7ef1ec27, 0xc47bde35), - TOBN(0xa857240f, 0xa36a2737), TOBN(0x35dc1366, 0x63621bc1), - TOBN(0x7a3a6453, 0xd4fb6897), TOBN(0x80f1a439, 0xc929319d), - TOBN(0xfc18274b, 0xf8cb0ba0), TOBN(0xb0b53766, 0x8078c5eb), - TOBN(0xfb0d4924, 0x1e01d0ef), TOBN(0x50d7c67d, 0x372ab09c), - TOBN(0xb4e370af, 0x3aeac968), TOBN(0xe4f7fee9, 0xc4b63266), - TOBN(0xb4acd4c2, 0xe3ac5664), TOBN(0xf8910bd2, 0xceb38cbf), - TOBN(0x1c3ae50c, 0xc9c0726e), TOBN(0x15309569, 0xd97b40bf), - TOBN(0x70884b7f, 0xfd5a5a1b), TOBN(0x3890896a, 0xef8314cd), - TOBN(0x58e1515c, 0xa5618c93), TOBN(0xe665432b, 0x77d942d1), - TOBN(0xb32181bf, 0xb6f767a8), TOBN(0x753794e8, 0x3a604110), - TOBN(0x09afeb7c, 0xe8c0dbcc), TOBN(0x31e02613, 0x598673a3), - TOBN(0x5d98e557, 0x7d46db00), TOBN(0xfc21fb8c, 0x9d985b28), - TOBN(0xc9040116, 0xb0843e0b), TOBN(0x53b1b3a8, 0x69b04531), - TOBN(0xdd1649f0, 0x85d7d830), TOBN(0xbb3bcc87, 0xcb7427e8), - TOBN(0x77261100, 0xc93dce83), TOBN(0x7e79da61, 0xa1922a2a), - TOBN(0x587a2b02, 0xf3149ce8), TOBN(0x147e1384, 0xde92ec83), - TOBN(0x484c83d3, 0xaf077f30), TOBN(0xea78f844, 0x0658b53a), - TOBN(0x912076c2, 0x027aec53), TOBN(0xf34714e3, 0x93c8177d), - TOBN(0x37ef5d15, 0xc2376c84), TOBN(0x8315b659, 0x3d1aa783), - TOBN(0x3a75c484, 0xef852a90), TOBN(0x0ba0c58a, 0x16086bd4), - TOBN(0x29688d7a, 0x529a6d48), TOBN(0x9c7f250d, 0xc2f19203), - TOBN(0x123042fb, 0x682e2df9), TOBN(0x2b7587e7, 0xad8121bc), - TOBN(0x30fc0233, 0xe0182a65), TOBN(0xb82ecf87, 0xe3e1128a), - TOBN(0x71682861, 0x93fb098f), TOBN(0x043e21ae, 0x85e9e6a7), - TOBN(0xab5b49d6, 0x66c834ea), TOBN(0x3be43e18, 0x47414287), - TOBN(0xf40fb859, 0x219a2a47), TOBN(0x0e6559e9, 0xcc58df3c), - TOBN(0xfe1dfe8e, 0x0c6615b4), TOBN(0x14abc8fd, 0x56459d70), - TOBN(0x7be0fa8e, 0x05de0386), TOBN(0x8e63ef68, 0xe9035c7c), - TOBN(0x116401b4, 0x53b31e91), TOBN(0x0cba7ad4, 0x4436b4d8), - TOBN(0x9151f9a0, 0x107afd66), TOBN(0xafaca8d0, 0x1f0ee4c4), - TOBN(0x75fe5c1d, 0x9ee9761c), TOBN(0x3497a16b, 0xf0c0588f), - TOBN(0x3ee2bebd, 0x0304804c), TOBN(0xa8fb9a60, 0xc2c990b9), - TOBN(0xd14d32fe, 0x39251114), TOBN(0x36bf25bc, 0xcac73366), - TOBN(0xc9562c66, 0xdba7495c), TOBN(0x324d301b, 0x46ad348b), - TOBN(0x9f46620c, 0xd670407e), TOBN(0x0ea8d4f1, 0xe3733a01), - TOBN(0xd396d532, 0xb0c324e0), TOBN(0x5b211a0e, 0x03c317cd), - TOBN(0x090d7d20, 0x5ffe7b37), TOBN(0x3b7f3efb, 0x1747d2da), - TOBN(0xa2cb525f, 0xb54fc519), TOBN(0x6e220932, 0xf66a971e), - TOBN(0xddc160df, 0xb486d440), TOBN(0x7fcfec46, 0x3fe13465), - TOBN(0x83da7e4e, 0x76e4c151), TOBN(0xd6fa48a1, 0xd8d302b5), - TOBN(0xc6304f26, 0x5872cd88), TOBN(0x806c1d3c, 0x278b90a1), - TOBN(0x3553e725, 0xcaf0bc1c), TOBN(0xff59e603, 0xbb9d8d5c), - TOBN(0xa4550f32, 0x7a0b85dd), TOBN(0xdec5720a, 0x93ecc217), - TOBN(0x0b88b741, 0x69d62213), TOBN(0x7212f245, 0x5b365955), - TOBN(0x20764111, 0xb5cae787), TOBN(0x13cb7f58, 0x1dfd3124), - TOBN(0x2dca77da, 0x1175aefb), TOBN(0xeb75466b, 0xffaae775), - TOBN(0x74d76f3b, 0xdb6cff32), TOBN(0x7440f37a, 0x61fcda9a), - TOBN(0x1bb3ac92, 0xb525028b), TOBN(0x20fbf8f7, 0xa1975f29), - TOBN(0x982692e1, 0xdf83097f), TOBN(0x28738f6c, 0x554b0800), - TOBN(0xdc703717, 0xa2ce2f2f), TOBN(0x7913b93c, 0x40814194), - TOBN(0x04924593, 0x1fe89636), TOBN(0x7b98443f, 0xf78834a6), - TOBN(0x11c6ab01, 0x5114a5a1), TOBN(0x60deb383, 0xffba5f4c), - TOBN(0x4caa54c6, 0x01a982e6), TOBN(0x1dd35e11, 0x3491cd26), - TOBN(0x973c315f, 0x7cbd6b05), TOBN(0xcab00775, 0x52494724), - TOBN(0x04659b1f, 0x6565e15a), TOBN(0xbf30f529, 0x8c8fb026), - TOBN(0xfc21641b, 0xa8a0de37), TOBN(0xe9c7a366, 0xfa5e5114), - TOBN(0xdb849ca5, 0x52f03ad8), TOBN(0xc7e8dbe9, 0x024e35c0), - TOBN(0xa1a2bbac, 0xcfc3c789), TOBN(0xbf733e7d, 0x9c26f262), - TOBN(0x882ffbf5, 0xb8444823), TOBN(0xb7224e88, 0x6bf8483b), - TOBN(0x53023b8b, 0x65bef640), TOBN(0xaabfec91, 0xd4d5f8cd), - TOBN(0xa40e1510, 0x079ea1bd), TOBN(0x1ad9addc, 0xd05d5d26), - TOBN(0xdb3f2eab, 0x13e68d4f), TOBN(0x1cff1ae2, 0x640f803f), - TOBN(0xe0e7b749, 0xd4cee117), TOBN(0x8e9f275b, 0x4036d909), - TOBN(0xce34e31d, 0x8f4d4c38), TOBN(0x22b37f69, 0xd75130fc), - TOBN(0x83e0f1fd, 0xb4014604), TOBN(0xa8ce9919, 0x89415078), - TOBN(0x82375b75, 0x41792efe), TOBN(0x4f59bf5c, 0x97d4515b), - TOBN(0xac4f324f, 0x923a277d), TOBN(0xd9bc9b7d, 0x650f3406), - TOBN(0xc6fa87d1, 0x8a39bc51), TOBN(0x82588530, 0x5ccc108f), - TOBN(0x5ced3c9f, 0x82e4c634), TOBN(0x8efb8314, 0x3a4464f8), - TOBN(0xe706381b, 0x7a1dca25), TOBN(0x6cd15a3c, 0x5a2a412b), - TOBN(0x9347a8fd, 0xbfcd8fb5), TOBN(0x31db2eef, 0x6e54cd22), - TOBN(0xc4aeb11e, 0xf8d8932f), TOBN(0x11e7c1ed, 0x344411af), - TOBN(0x2653050c, 0xdc9a151e), TOBN(0x9edbfc08, 0x3bb0a859), - TOBN(0x926c81c7, 0xfd5691e7), TOBN(0x9c1b2342, 0x6f39019a), - TOBN(0x64a81c8b, 0x7f8474b9), TOBN(0x90657c07, 0x01761819), - TOBN(0x390b3331, 0x55e0375a), TOBN(0xc676c626, 0xb6ebc47d), - TOBN(0x51623247, 0xb7d6dee8), TOBN(0x0948d927, 0x79659313), - TOBN(0x99700161, 0xe9ab35ed), TOBN(0x06cc32b4, 0x8ddde408), - TOBN(0x6f2fd664, 0x061ef338), TOBN(0x1606fa02, 0xc202e9ed), - TOBN(0x55388bc1, 0x929ba99b), TOBN(0xc4428c5e, 0x1e81df69), - TOBN(0xce2028ae, 0xf91b0b2a), TOBN(0xce870a23, 0xf03dfd3f), - TOBN(0x66ec2c87, 0x0affe8ed), TOBN(0xb205fb46, 0x284d0c00), - TOBN(0xbf5dffe7, 0x44cefa48), TOBN(0xb6fc37a8, 0xa19876d7), - TOBN(0xbecfa84c, 0x08b72863), TOBN(0xd7205ff5, 0x2576374f), - TOBN(0x80330d32, 0x8887de41), TOBN(0x5de0df0c, 0x869ea534), - TOBN(0x13f42753, 0x3c56ea17), TOBN(0xeb1f6069, 0x452b1a78), - TOBN(0x50474396, 0xe30ea15c), TOBN(0x575816a1, 0xc1494125), - TOBN(0xbe1ce55b, 0xfe6bb38f), TOBN(0xb901a948, 0x96ae30f7), - TOBN(0xe5af0f08, 0xd8fc3548), TOBN(0x5010b5d0, 0xd73bfd08), - TOBN(0x993d2880, 0x53fe655a), TOBN(0x99f2630b, 0x1c1309fd), - TOBN(0xd8677baf, 0xb4e3b76f), TOBN(0x14e51ddc, 0xb840784b), - TOBN(0x326c750c, 0xbf0092ce), TOBN(0xc83d306b, 0xf528320f), - TOBN(0xc4456715, 0x77d4715c), TOBN(0xd30019f9, 0x6b703235), - TOBN(0x207ccb2e, 0xd669e986), TOBN(0x57c824af, 0xf6dbfc28), - TOBN(0xf0eb532f, 0xd8f92a23), TOBN(0x4a557fd4, 0x9bb98fd2), - TOBN(0xa57acea7, 0xc1e6199a), TOBN(0x0c663820, 0x8b94b1ed), - TOBN(0x9b42be8f, 0xf83a9266), TOBN(0xc7741c97, 0x0101bd45), - TOBN(0x95770c11, 0x07bd9ceb), TOBN(0x1f50250a, 0x8b2e0744), - TOBN(0xf762eec8, 0x1477b654), TOBN(0xc65b900e, 0x15efe59a), - TOBN(0x88c96148, 0x9546a897), TOBN(0x7e8025b3, 0xc30b4d7c), - TOBN(0xae4065ef, 0x12045cf9), TOBN(0x6fcb2caf, 0x9ccce8bd), - TOBN(0x1fa0ba4e, 0xf2cf6525), TOBN(0xf683125d, 0xcb72c312), - TOBN(0xa01da4ea, 0xe312410e), TOBN(0x67e28677, 0x6cd8e830), - TOBN(0xabd95752, 0x98fb3f07), TOBN(0x05f11e11, 0xeef649a5), - TOBN(0xba47faef, 0x9d3472c2), TOBN(0x3adff697, 0xc77d1345), - TOBN(0x4761fa04, 0xdd15afee), TOBN(0x64f1f61a, 0xb9e69462), - TOBN(0xfa691fab, 0x9bfb9093), TOBN(0x3df8ae8f, 0xa1133dfe), - TOBN(0xcd5f8967, 0x58cc710d), TOBN(0xfbb88d50, 0x16c7fe79), - TOBN(0x8e011b4c, 0xe88c50d1), TOBN(0x7532e807, 0xa8771c4f), - TOBN(0x64c78a48, 0xe2278ee4), TOBN(0x0b283e83, 0x3845072a), - TOBN(0x98a6f291, 0x49e69274), TOBN(0xb96e9668, 0x1868b21c), - TOBN(0x38f0adc2, 0xb1a8908e), TOBN(0x90afcff7, 0x1feb829d), - TOBN(0x9915a383, 0x210b0856), TOBN(0xa5a80602, 0xdef04889), - TOBN(0x800e9af9, 0x7c64d509), TOBN(0x81382d0b, 0xb8996f6f), - TOBN(0x490eba53, 0x81927e27), TOBN(0x46c63b32, 0x4af50182), - TOBN(0x784c5fd9, 0xd3ad62ce), TOBN(0xe4fa1870, 0xf8ae8736), - TOBN(0x4ec9d0bc, 0xd7466b25), TOBN(0x84ddbe1a, 0xdb235c65), - TOBN(0x5e2645ee, 0x163c1688), TOBN(0x570bd00e, 0x00eba747), - TOBN(0xfa51b629, 0x128bfa0f), TOBN(0x92fce1bd, 0x6c1d3b68), - TOBN(0x3e7361dc, 0xb66778b1), TOBN(0x9c7d249d, 0x5561d2bb), - TOBN(0xa40b28bf, 0x0bbc6229), TOBN(0x1c83c05e, 0xdfd91497), - TOBN(0x5f9f5154, 0xf083df05), TOBN(0xbac38b3c, 0xeee66c9d), - TOBN(0xf71db7e3, 0xec0dfcfd), TOBN(0xf2ecda8e, 0x8b0a8416), - TOBN(0x52fddd86, 0x7812aa66), TOBN(0x2896ef10, 0x4e6f4272), - TOBN(0xff27186a, 0x0fe9a745), TOBN(0x08249fcd, 0x49ca70db), - TOBN(0x7425a2e6, 0x441cac49), TOBN(0xf4a0885a, 0xece5ff57), - TOBN(0x6e2cb731, 0x7d7ead58), TOBN(0xf96cf7d6, 0x1898d104), - TOBN(0xafe67c9d, 0x4f2c9a89), TOBN(0x89895a50, 0x1c7bf5bc), - TOBN(0xdc7cb8e5, 0x573cecfa), TOBN(0x66497eae, 0xd15f03e6), - TOBN(0x6bc0de69, 0x3f084420), TOBN(0x323b9b36, 0xacd532b0), - TOBN(0xcfed390a, 0x0115a3c1), TOBN(0x9414c40b, 0x2d65ca0e), - TOBN(0x641406bd, 0x2f530c78), TOBN(0x29369a44, 0x833438f2), - TOBN(0x996884f5, 0x903fa271), TOBN(0xe6da0fd2, 0xb9da921e), - TOBN(0xa6f2f269, 0x5db01e54), TOBN(0x1ee3e9bd, 0x6876214e), - TOBN(0xa26e181c, 0xe27a9497), TOBN(0x36d254e4, 0x8e215e04), - TOBN(0x42f32a6c, 0x252cabca), TOBN(0x99481487, 0x80b57614), - TOBN(0x4c4dfe69, 0x40d9cae1), TOBN(0x05869580, 0x11a10f09), - TOBN(0xca287b57, 0x3491b64b), TOBN(0x77862d5d, 0x3fd4a53b), - TOBN(0xbf94856e, 0x50349126), TOBN(0x2be30bd1, 0x71c5268f), - TOBN(0x10393f19, 0xcbb650a6), TOBN(0x639531fe, 0x778cf9fd), - TOBN(0x02556a11, 0xb2935359), TOBN(0xda38aa96, 0xaf8c126e), - TOBN(0x47dbe6c2, 0x0960167f), TOBN(0x37bbabb6, 0x501901cd), - TOBN(0xb6e979e0, 0x2c947778), TOBN(0xd69a5175, 0x7a1a1dc6), - TOBN(0xc3ed5095, 0x9d9faf0c), TOBN(0x4dd9c096, 0x1d5fa5f0), - TOBN(0xa0c4304d, 0x64f16ea8), TOBN(0x8b1cac16, 0x7e718623), - TOBN(0x0b576546, 0x7c67f03e), TOBN(0x559cf5ad, 0xcbd88c01), - TOBN(0x074877bb, 0x0e2af19a), TOBN(0x1f717ec1, 0xa1228c92), - TOBN(0x70bcb800, 0x326e8920), TOBN(0xec6e2c5c, 0x4f312804), - TOBN(0x426aea7d, 0x3fca4752), TOBN(0xf12c0949, 0x2211f62a), - TOBN(0x24beecd8, 0x7be7b6b5), TOBN(0xb77eaf4c, 0x36d7a27d), - TOBN(0x154c2781, 0xfda78fd3), TOBN(0x848a83b0, 0x264eeabe), - TOBN(0x81287ef0, 0x4ffe2bc4), TOBN(0x7b6d88c6, 0xb6b6fc2a), - TOBN(0x805fb947, 0xce417d99), TOBN(0x4b93dcc3, 0x8b916cc4), - TOBN(0x72e65bb3, 0x21273323), TOBN(0xbcc1badd, 0x6ea9886e), - TOBN(0x0e223011, 0x4bc5ee85), TOBN(0xa561be74, 0xc18ee1e4), - TOBN(0x762fd2d4, 0xa6bcf1f1), TOBN(0x50e6a5a4, 0x95231489), - TOBN(0xca96001f, 0xa00b500b), TOBN(0x5c098cfc, 0x5d7dcdf5), - TOBN(0xa64e2d2e, 0x8c446a85), TOBN(0xbae9bcf1, 0x971f3c62), - TOBN(0x4ec22683, 0x8435a2c5), TOBN(0x8ceaed6c, 0x4bad4643), - TOBN(0xe9f8fb47, 0xccccf4e3), TOBN(0xbd4f3fa4, 0x1ce3b21e), - TOBN(0xd79fb110, 0xa3db3292), TOBN(0xe28a37da, 0xb536c66a), - TOBN(0x279ce87b, 0x8e49e6a9), TOBN(0x70ccfe8d, 0xfdcec8e3), - TOBN(0x2193e4e0, 0x3ba464b2), TOBN(0x0f39d60e, 0xaca9a398), - TOBN(0x7d7932af, 0xf82c12ab), TOBN(0xd8ff50ed, 0x91e7e0f7), - TOBN(0xea961058, 0xfa28a7e0), TOBN(0xc726cf25, 0x0bf5ec74), - TOBN(0xe74d55c8, 0xdb229666), TOBN(0x0bd9abbf, 0xa57f5799), - TOBN(0x7479ef07, 0x4dfc47b3), TOBN(0xd9c65fc3, 0x0c52f91d), - TOBN(0x8e0283fe, 0x36a8bde2), TOBN(0xa32a8b5e, 0x7d4b7280), - TOBN(0x6a677c61, 0x12e83233), TOBN(0x0fbb3512, 0xdcc9bf28), - TOBN(0x562e8ea5, 0x0d780f61), TOBN(0x0db8b22b, 0x1dc4e89c), - TOBN(0x0a6fd1fb, 0x89be0144), TOBN(0x8c77d246, 0xca57113b), - TOBN(0x4639075d, 0xff09c91c), TOBN(0x5b47b17f, 0x5060824c), - TOBN(0x58aea2b0, 0x16287b52), TOBN(0xa1343520, 0xd0cd8eb0), - TOBN(0x6148b4d0, 0xc5d58573), TOBN(0xdd2b6170, 0x291c68ae), - TOBN(0xa61b3929, 0x1da3b3b7), TOBN(0x5f946d79, 0x08c4ac10), - TOBN(0x4105d4a5, 0x7217d583), TOBN(0x5061da3d, 0x25e6de5e), - TOBN(0x3113940d, 0xec1b4991), TOBN(0xf12195e1, 0x36f485ae), - TOBN(0xa7507fb2, 0x731a2ee0), TOBN(0x95057a8e, 0x6e9e196e), - TOBN(0xa3c2c911, 0x2e130136), TOBN(0x97dfbb36, 0x33c60d15), - TOBN(0xcaf3c581, 0xb300ee2b), TOBN(0x77f25d90, 0xf4bac8b8), - TOBN(0xdb1c4f98, 0x6d840cd6), TOBN(0x471d62c0, 0xe634288c), - TOBN(0x8ec2f85e, 0xcec8a161), TOBN(0x41f37cbc, 0xfa6f4ae2), - TOBN(0x6793a20f, 0x4b709985), TOBN(0x7a7bd33b, 0xefa8985b), - TOBN(0x2c6a3fbd, 0x938e6446), TOBN(0x19042619, 0x2a8d47c1), - TOBN(0x16848667, 0xcc36975f), TOBN(0x02acf168, 0x9d5f1dfb), - TOBN(0x62d41ad4, 0x613baa94), TOBN(0xb56fbb92, 0x9f684670), - TOBN(0xce610d0d, 0xe9e40569), TOBN(0x7b99c65f, 0x35489fef), - TOBN(0x0c88ad1b, 0x3df18b97), TOBN(0x81b7d9be, 0x5d0e9edb), - TOBN(0xd85218c0, 0xc716cc0a), TOBN(0xf4b5ff90, 0x85691c49), - TOBN(0xa4fd666b, 0xce356ac6), TOBN(0x17c72895, 0x4b327a7a), - TOBN(0xf93d5085, 0xda6be7de), TOBN(0xff71530e, 0x3301d34e), - TOBN(0x4cd96442, 0xd8f448e8), TOBN(0x9283d331, 0x2ed18ffa), - TOBN(0x4d33dd99, 0x2a849870), TOBN(0xa716964b, 0x41576335), - TOBN(0xff5e3a9b, 0x179be0e5), TOBN(0x5b9d6b1b, 0x83b13632), - TOBN(0x3b8bd7d4, 0xa52f313b), TOBN(0xc9dd95a0, 0x637a4660), - TOBN(0x30035962, 0x0b3e218f), TOBN(0xce1481a3, 0xc7b28a3c), - TOBN(0xab41b43a, 0x43228d83), TOBN(0x24ae1c30, 0x4ad63f99), - TOBN(0x8e525f1a, 0x46a51229), TOBN(0x14af860f, 0xcd26d2b4), - TOBN(0xd6baef61, 0x3f714aa1), TOBN(0xf51865ad, 0xeb78795e), - TOBN(0xd3e21fce, 0xe6a9d694), TOBN(0x82ceb1dd, 0x8a37b527)} -}; diff --git a/crypto/ec/ecp_oct.c b/crypto/ec/ecp_oct.c deleted file mode 100644 index 68943e521e8a808e6e04bf45e5e70b9c365145dd..0000000000000000000000000000000000000000 --- a/crypto/ec/ecp_oct.c +++ /dev/null @@ -1,372 +0,0 @@ -/* - * Copyright 2011-2021 The OpenSSL Project Authors. All Rights Reserved. - * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * ECDSA low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include -#include - -#include "ec_local.h" - -int ossl_ec_GFp_simple_set_compressed_coordinates(const EC_GROUP *group, - EC_POINT *point, - const BIGNUM *x_, int y_bit, - BN_CTX *ctx) -{ - BN_CTX *new_ctx = NULL; - BIGNUM *tmp1, *tmp2, *x, *y; - int ret = 0; - - if (ctx == NULL) { - ctx = new_ctx = BN_CTX_new_ex(group->libctx); - if (ctx == NULL) - return 0; - } - - y_bit = (y_bit != 0); - - BN_CTX_start(ctx); - tmp1 = BN_CTX_get(ctx); - tmp2 = BN_CTX_get(ctx); - x = BN_CTX_get(ctx); - y = BN_CTX_get(ctx); - if (y == NULL) - goto err; - - /*- - * Recover y. We have a Weierstrass equation - * y^2 = x^3 + a*x + b, - * so y is one of the square roots of x^3 + a*x + b. - */ - - /* tmp1 := x^3 */ - if (!BN_nnmod(x, x_, group->field, ctx)) - goto err; - if (group->meth->field_decode == 0) { - /* field_{sqr,mul} work on standard representation */ - if (!group->meth->field_sqr(group, tmp2, x_, ctx)) - goto err; - if (!group->meth->field_mul(group, tmp1, tmp2, x_, ctx)) - goto err; - } else { - if (!BN_mod_sqr(tmp2, x_, group->field, ctx)) - goto err; - if (!BN_mod_mul(tmp1, tmp2, x_, group->field, ctx)) - goto err; - } - - /* tmp1 := tmp1 + a*x */ - if (group->a_is_minus3) { - if (!BN_mod_lshift1_quick(tmp2, x, group->field)) - goto err; - if (!BN_mod_add_quick(tmp2, tmp2, x, group->field)) - goto err; - if (!BN_mod_sub_quick(tmp1, tmp1, tmp2, group->field)) - goto err; - } else { - if (group->meth->field_decode) { - if (!group->meth->field_decode(group, tmp2, group->a, ctx)) - goto err; - if (!BN_mod_mul(tmp2, tmp2, x, group->field, ctx)) - goto err; - } else { - /* field_mul works on standard representation */ - if (!group->meth->field_mul(group, tmp2, group->a, x, ctx)) - goto err; - } - - if (!BN_mod_add_quick(tmp1, tmp1, tmp2, group->field)) - goto err; - } - - /* tmp1 := tmp1 + b */ - if (group->meth->field_decode) { - if (!group->meth->field_decode(group, tmp2, group->b, ctx)) - goto err; - if (!BN_mod_add_quick(tmp1, tmp1, tmp2, group->field)) - goto err; - } else { - if (!BN_mod_add_quick(tmp1, tmp1, group->b, group->field)) - goto err; - } - - ERR_set_mark(); - if (!BN_mod_sqrt(y, tmp1, group->field, ctx)) { -#ifndef FIPS_MODULE - unsigned long err = ERR_peek_last_error(); - - if (ERR_GET_LIB(err) == ERR_LIB_BN - && ERR_GET_REASON(err) == BN_R_NOT_A_SQUARE) { - ERR_pop_to_mark(); - ERR_raise(ERR_LIB_EC, EC_R_INVALID_COMPRESSED_POINT); - } else -#endif - { - ERR_clear_last_mark(); - ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); - } - goto err; - } - ERR_clear_last_mark(); - - if (y_bit != BN_is_odd(y)) { - if (BN_is_zero(y)) { - int kron; - - kron = BN_kronecker(x, group->field, ctx); - if (kron == -2) - goto err; - - if (kron == 1) - ERR_raise(ERR_LIB_EC, EC_R_INVALID_COMPRESSION_BIT); - else - /* - * BN_mod_sqrt() should have caught this error (not a square) - */ - ERR_raise(ERR_LIB_EC, EC_R_INVALID_COMPRESSED_POINT); - goto err; - } - if (!BN_usub(y, group->field, y)) - goto err; - } - if (y_bit != BN_is_odd(y)) { - ERR_raise(ERR_LIB_EC, ERR_R_INTERNAL_ERROR); - goto err; - } - - if (!EC_POINT_set_affine_coordinates(group, point, x, y, ctx)) - goto err; - - ret = 1; - - err: - BN_CTX_end(ctx); - BN_CTX_free(new_ctx); - return ret; -} - -size_t ossl_ec_GFp_simple_point2oct(const EC_GROUP *group, const EC_POINT *point, - point_conversion_form_t form, - unsigned char *buf, size_t len, BN_CTX *ctx) -{ - size_t ret; - BN_CTX *new_ctx = NULL; - int used_ctx = 0; - BIGNUM *x, *y; - size_t field_len, i, skip; - - if ((form != POINT_CONVERSION_COMPRESSED) - && (form != POINT_CONVERSION_UNCOMPRESSED) - && (form != POINT_CONVERSION_HYBRID)) { - ERR_raise(ERR_LIB_EC, EC_R_INVALID_FORM); - goto err; - } - - if (EC_POINT_is_at_infinity(group, point)) { - /* encodes to a single 0 octet */ - if (buf != NULL) { - if (len < 1) { - ERR_raise(ERR_LIB_EC, EC_R_BUFFER_TOO_SMALL); - return 0; - } - buf[0] = 0; - } - return 1; - } - - /* ret := required output buffer length */ - field_len = BN_num_bytes(group->field); - ret = - (form == - POINT_CONVERSION_COMPRESSED) ? 1 + field_len : 1 + 2 * field_len; - - /* if 'buf' is NULL, just return required length */ - if (buf != NULL) { - if (len < ret) { - ERR_raise(ERR_LIB_EC, EC_R_BUFFER_TOO_SMALL); - goto err; - } - - if (ctx == NULL) { - ctx = new_ctx = BN_CTX_new_ex(group->libctx); - if (ctx == NULL) - return 0; - } - - BN_CTX_start(ctx); - used_ctx = 1; - x = BN_CTX_get(ctx); - y = BN_CTX_get(ctx); - if (y == NULL) - goto err; - - if (!EC_POINT_get_affine_coordinates(group, point, x, y, ctx)) - goto err; - - if ((form == POINT_CONVERSION_COMPRESSED - || form == POINT_CONVERSION_HYBRID) && BN_is_odd(y)) - buf[0] = form + 1; - else - buf[0] = form; - - i = 1; - - skip = field_len - BN_num_bytes(x); - if (skip > field_len) { - ERR_raise(ERR_LIB_EC, ERR_R_INTERNAL_ERROR); - goto err; - } - while (skip > 0) { - buf[i++] = 0; - skip--; - } - skip = BN_bn2bin(x, buf + i); - i += skip; - if (i != 1 + field_len) { - ERR_raise(ERR_LIB_EC, ERR_R_INTERNAL_ERROR); - goto err; - } - - if (form == POINT_CONVERSION_UNCOMPRESSED - || form == POINT_CONVERSION_HYBRID) { - skip = field_len - BN_num_bytes(y); - if (skip > field_len) { - ERR_raise(ERR_LIB_EC, ERR_R_INTERNAL_ERROR); - goto err; - } - while (skip > 0) { - buf[i++] = 0; - skip--; - } - skip = BN_bn2bin(y, buf + i); - i += skip; - } - - if (i != ret) { - ERR_raise(ERR_LIB_EC, ERR_R_INTERNAL_ERROR); - goto err; - } - } - - if (used_ctx) - BN_CTX_end(ctx); - BN_CTX_free(new_ctx); - return ret; - - err: - if (used_ctx) - BN_CTX_end(ctx); - BN_CTX_free(new_ctx); - return 0; -} - -int ossl_ec_GFp_simple_oct2point(const EC_GROUP *group, EC_POINT *point, - const unsigned char *buf, size_t len, - BN_CTX *ctx) -{ - point_conversion_form_t form; - int y_bit; - BN_CTX *new_ctx = NULL; - BIGNUM *x, *y; - size_t field_len, enc_len; - int ret = 0; - - if (len == 0) { - ERR_raise(ERR_LIB_EC, EC_R_BUFFER_TOO_SMALL); - return 0; - } - form = buf[0]; - y_bit = form & 1; - form = form & ~1U; - if ((form != 0) && (form != POINT_CONVERSION_COMPRESSED) - && (form != POINT_CONVERSION_UNCOMPRESSED) - && (form != POINT_CONVERSION_HYBRID)) { - ERR_raise(ERR_LIB_EC, EC_R_INVALID_ENCODING); - return 0; - } - if ((form == 0 || form == POINT_CONVERSION_UNCOMPRESSED) && y_bit) { - ERR_raise(ERR_LIB_EC, EC_R_INVALID_ENCODING); - return 0; - } - - if (form == 0) { - if (len != 1) { - ERR_raise(ERR_LIB_EC, EC_R_INVALID_ENCODING); - return 0; - } - - return EC_POINT_set_to_infinity(group, point); - } - - field_len = BN_num_bytes(group->field); - enc_len = - (form == - POINT_CONVERSION_COMPRESSED) ? 1 + field_len : 1 + 2 * field_len; - - if (len != enc_len) { - ERR_raise(ERR_LIB_EC, EC_R_INVALID_ENCODING); - return 0; - } - - if (ctx == NULL) { - ctx = new_ctx = BN_CTX_new_ex(group->libctx); - if (ctx == NULL) - return 0; - } - - BN_CTX_start(ctx); - x = BN_CTX_get(ctx); - y = BN_CTX_get(ctx); - if (y == NULL) - goto err; - - if (!BN_bin2bn(buf + 1, field_len, x)) - goto err; - if (BN_ucmp(x, group->field) >= 0) { - ERR_raise(ERR_LIB_EC, EC_R_INVALID_ENCODING); - goto err; - } - - if (form == POINT_CONVERSION_COMPRESSED) { - if (!EC_POINT_set_compressed_coordinates(group, point, x, y_bit, ctx)) - goto err; - } else { - if (!BN_bin2bn(buf + 1 + field_len, field_len, y)) - goto err; - if (BN_ucmp(y, group->field) >= 0) { - ERR_raise(ERR_LIB_EC, EC_R_INVALID_ENCODING); - goto err; - } - if (form == POINT_CONVERSION_HYBRID) { - if (y_bit != BN_is_odd(y)) { - ERR_raise(ERR_LIB_EC, EC_R_INVALID_ENCODING); - goto err; - } - } - - /* - * EC_POINT_set_affine_coordinates is responsible for checking that - * the point is on the curve. - */ - if (!EC_POINT_set_affine_coordinates(group, point, x, y, ctx)) - goto err; - } - - ret = 1; - - err: - BN_CTX_end(ctx); - BN_CTX_free(new_ctx); - return ret; -} diff --git a/crypto/ec/ecp_ppc.c b/crypto/ec/ecp_ppc.c deleted file mode 100644 index b2b9f772b87bfcaf8ce30734dbeb41d290b01b6a..0000000000000000000000000000000000000000 --- a/crypto/ec/ecp_ppc.c +++ /dev/null @@ -1,34 +0,0 @@ -/* - * Copyright 2009-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include "internal/cryptlib.h" -#include "crypto/ppc_arch.h" -#include "ec_local.h" - -void ecp_nistz256_mul_mont(unsigned long res[4], const unsigned long a[4], - const unsigned long b[4]); - -void ecp_nistz256_to_mont(unsigned long res[4], const unsigned long in[4]); -void ecp_nistz256_to_mont(unsigned long res[4], const unsigned long in[4]) -{ - static const unsigned long RR[] = { 0x0000000000000003U, - 0xfffffffbffffffffU, - 0xfffffffffffffffeU, - 0x00000004fffffffdU }; - - ecp_nistz256_mul_mont(res, in, RR); -} - -void ecp_nistz256_from_mont(unsigned long res[4], const unsigned long in[4]); -void ecp_nistz256_from_mont(unsigned long res[4], const unsigned long in[4]) -{ - static const unsigned long one[] = { 1, 0, 0, 0 }; - - ecp_nistz256_mul_mont(res, in, one); -} diff --git a/crypto/ec/ecp_s390x_nistp.c b/crypto/ec/ecp_s390x_nistp.c deleted file mode 100644 index 0c10196ea34eca416f06b4a6e9347f1a6723862c..0000000000000000000000000000000000000000 --- a/crypto/ec/ecp_s390x_nistp.c +++ /dev/null @@ -1,400 +0,0 @@ -/* - * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * EC_METHOD low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include -#include -#include -#include -#include "ec_local.h" -#include "s390x_arch.h" - -/* Size of parameter blocks */ -#define S390X_SIZE_PARAM 4096 - -/* Size of fields in parameter blocks */ -#define S390X_SIZE_P256 32 -#define S390X_SIZE_P384 48 -#define S390X_SIZE_P521 80 - -/* Offsets of fields in PCC parameter blocks */ -#define S390X_OFF_RES_X(n) (0 * n) -#define S390X_OFF_RES_Y(n) (1 * n) -#define S390X_OFF_SRC_X(n) (2 * n) -#define S390X_OFF_SRC_Y(n) (3 * n) -#define S390X_OFF_SCALAR(n) (4 * n) - -/* Offsets of fields in KDSA parameter blocks */ -#define S390X_OFF_R(n) (0 * n) -#define S390X_OFF_S(n) (1 * n) -#define S390X_OFF_H(n) (2 * n) -#define S390X_OFF_K(n) (3 * n) -#define S390X_OFF_X(n) (3 * n) -#define S390X_OFF_RN(n) (4 * n) -#define S390X_OFF_Y(n) (4 * n) - -static int ec_GFp_s390x_nistp_mul(const EC_GROUP *group, EC_POINT *r, - const BIGNUM *scalar, - size_t num, const EC_POINT *points[], - const BIGNUM *scalars[], - BN_CTX *ctx, unsigned int fc, int len) -{ - unsigned char param[S390X_SIZE_PARAM]; - BIGNUM *x, *y; - const EC_POINT *point_ptr = NULL; - const BIGNUM *scalar_ptr = NULL; - BN_CTX *new_ctx = NULL; - int rc = -1; - - if (ctx == NULL) { - ctx = new_ctx = BN_CTX_new_ex(group->libctx); - if (ctx == NULL) - return 0; - } - - BN_CTX_start(ctx); - - x = BN_CTX_get(ctx); - y = BN_CTX_get(ctx); - if (x == NULL || y == NULL) { - rc = 0; - goto ret; - } - - /* - * Use PCC for EC keygen and ECDH key derivation: - * scalar * generator and scalar * peer public key, - * scalar in [0,order). - */ - if ((scalar != NULL && num == 0 && BN_is_negative(scalar) == 0) - || (scalar == NULL && num == 1 && BN_is_negative(scalars[0]) == 0)) { - - if (num == 0) { - point_ptr = EC_GROUP_get0_generator(group); - scalar_ptr = scalar; - } else { - point_ptr = points[0]; - scalar_ptr = scalars[0]; - } - - if (EC_POINT_is_at_infinity(group, point_ptr) == 1 - || BN_is_zero(scalar_ptr)) { - rc = EC_POINT_set_to_infinity(group, r); - goto ret; - } - - memset(¶m, 0, sizeof(param)); - - if (group->meth->point_get_affine_coordinates(group, point_ptr, - x, y, ctx) != 1 - || BN_bn2binpad(x, param + S390X_OFF_SRC_X(len), len) == -1 - || BN_bn2binpad(y, param + S390X_OFF_SRC_Y(len), len) == -1 - || BN_bn2binpad(scalar_ptr, - param + S390X_OFF_SCALAR(len), len) == -1 - || s390x_pcc(fc, param) != 0 - || BN_bin2bn(param + S390X_OFF_RES_X(len), len, x) == NULL - || BN_bin2bn(param + S390X_OFF_RES_Y(len), len, y) == NULL - || group->meth->point_set_affine_coordinates(group, r, - x, y, ctx) != 1) - goto ret; - - rc = 1; - } - -ret: - /* Otherwise use default. */ - if (rc == -1) - rc = ossl_ec_wNAF_mul(group, r, scalar, num, points, scalars, ctx); - OPENSSL_cleanse(param, sizeof(param)); - BN_CTX_end(ctx); - BN_CTX_free(new_ctx); - return rc; -} - -static ECDSA_SIG *ecdsa_s390x_nistp_sign_sig(const unsigned char *dgst, - int dgstlen, - const BIGNUM *kinv, - const BIGNUM *r, - EC_KEY *eckey, - unsigned int fc, int len) -{ - unsigned char param[S390X_SIZE_PARAM]; - int ok = 0; - BIGNUM *k; - ECDSA_SIG *sig; - const EC_GROUP *group; - const BIGNUM *privkey; - int off; - - group = EC_KEY_get0_group(eckey); - privkey = EC_KEY_get0_private_key(eckey); - if (group == NULL || privkey == NULL) { - ERR_raise(ERR_LIB_EC, EC_R_MISSING_PARAMETERS); - return NULL; - } - - if (!EC_KEY_can_sign(eckey)) { - ERR_raise(ERR_LIB_EC, EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING); - return NULL; - } - - k = BN_secure_new(); - sig = ECDSA_SIG_new(); - if (k == NULL || sig == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); - goto ret; - } - - sig->r = BN_new(); - sig->s = BN_new(); - if (sig->r == NULL || sig->s == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); - goto ret; - } - - memset(param, 0, sizeof(param)); - off = len - (dgstlen > len ? len : dgstlen); - memcpy(param + S390X_OFF_H(len) + off, dgst, len - off); - - if (BN_bn2binpad(privkey, param + S390X_OFF_K(len), len) == -1) { - ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); - goto ret; - } - - if (r == NULL || kinv == NULL) { - if (len < 0) { - ERR_raise(ERR_LIB_EC, EC_R_INVALID_LENGTH); - goto ret; - } - /* - * Generate random k and copy to param param block. RAND_priv_bytes_ex - * is used instead of BN_priv_rand_range or BN_generate_dsa_nonce - * because kdsa instruction constructs an in-range, invertible nonce - * internally implementing counter-measures for RNG weakness. - */ - if (RAND_priv_bytes_ex(eckey->libctx, param + S390X_OFF_RN(len), - (size_t)len, 0) != 1) { - ERR_raise(ERR_LIB_EC, EC_R_RANDOM_NUMBER_GENERATION_FAILED); - goto ret; - } - } else { - /* Reconstruct k = (k^-1)^-1. */ - if (ossl_ec_group_do_inverse_ord(group, k, kinv, NULL) == 0 - || BN_bn2binpad(k, param + S390X_OFF_RN(len), len) == -1) { - ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); - goto ret; - } - /* Turns KDSA internal nonce-generation off. */ - fc |= S390X_KDSA_D; - } - - if (s390x_kdsa(fc, param, NULL, 0) != 0) { - ERR_raise(ERR_LIB_EC, ERR_R_ECDSA_LIB); - goto ret; - } - - if (BN_bin2bn(param + S390X_OFF_R(len), len, sig->r) == NULL - || BN_bin2bn(param + S390X_OFF_S(len), len, sig->s) == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); - goto ret; - } - - ok = 1; -ret: - OPENSSL_cleanse(param, sizeof(param)); - if (ok != 1) { - ECDSA_SIG_free(sig); - sig = NULL; - } - BN_clear_free(k); - return sig; -} - -static int ecdsa_s390x_nistp_verify_sig(const unsigned char *dgst, int dgstlen, - const ECDSA_SIG *sig, EC_KEY *eckey, - unsigned int fc, int len) -{ - unsigned char param[S390X_SIZE_PARAM]; - int rc = -1; - BN_CTX *ctx; - BIGNUM *x, *y; - const EC_GROUP *group; - const EC_POINT *pubkey; - int off; - - group = EC_KEY_get0_group(eckey); - pubkey = EC_KEY_get0_public_key(eckey); - if (eckey == NULL || group == NULL || pubkey == NULL || sig == NULL) { - ERR_raise(ERR_LIB_EC, EC_R_MISSING_PARAMETERS); - return -1; - } - - if (!EC_KEY_can_sign(eckey)) { - ERR_raise(ERR_LIB_EC, EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING); - return -1; - } - - ctx = BN_CTX_new_ex(group->libctx); - if (ctx == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); - return -1; - } - - BN_CTX_start(ctx); - - x = BN_CTX_get(ctx); - y = BN_CTX_get(ctx); - if (x == NULL || y == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); - goto ret; - } - - memset(param, 0, sizeof(param)); - off = len - (dgstlen > len ? len : dgstlen); - memcpy(param + S390X_OFF_H(len) + off, dgst, len - off); - - if (group->meth->point_get_affine_coordinates(group, pubkey, - x, y, ctx) != 1 - || BN_bn2binpad(sig->r, param + S390X_OFF_R(len), len) == -1 - || BN_bn2binpad(sig->s, param + S390X_OFF_S(len), len) == -1 - || BN_bn2binpad(x, param + S390X_OFF_X(len), len) == -1 - || BN_bn2binpad(y, param + S390X_OFF_Y(len), len) == -1) { - ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); - goto ret; - } - - rc = s390x_kdsa(fc, param, NULL, 0) == 0 ? 1 : 0; -ret: - BN_CTX_end(ctx); - BN_CTX_free(ctx); - return rc; -} - -#define EC_GFP_S390X_NISTP_METHOD(bits) \ - \ -static int ec_GFp_s390x_nistp##bits##_mul(const EC_GROUP *group, \ - EC_POINT *r, \ - const BIGNUM *scalar, \ - size_t num, \ - const EC_POINT *points[], \ - const BIGNUM *scalars[], \ - BN_CTX *ctx) \ -{ \ - return ec_GFp_s390x_nistp_mul(group, r, scalar, num, points, \ - scalars, ctx, \ - S390X_SCALAR_MULTIPLY_P##bits, \ - S390X_SIZE_P##bits); \ -} \ - \ -static ECDSA_SIG *ecdsa_s390x_nistp##bits##_sign_sig(const unsigned \ - char *dgst, \ - int dgstlen, \ - const BIGNUM *kinv,\ - const BIGNUM *r, \ - EC_KEY *eckey) \ -{ \ - return ecdsa_s390x_nistp_sign_sig(dgst, dgstlen, kinv, r, eckey, \ - S390X_ECDSA_SIGN_P##bits, \ - S390X_SIZE_P##bits); \ -} \ - \ -static int ecdsa_s390x_nistp##bits##_verify_sig(const \ - unsigned char *dgst, \ - int dgstlen, \ - const ECDSA_SIG *sig, \ - EC_KEY *eckey) \ -{ \ - return ecdsa_s390x_nistp_verify_sig(dgst, dgstlen, sig, eckey, \ - S390X_ECDSA_VERIFY_P##bits, \ - S390X_SIZE_P##bits); \ -} \ - \ -const EC_METHOD *EC_GFp_s390x_nistp##bits##_method(void) \ -{ \ - static const EC_METHOD EC_GFp_s390x_nistp##bits##_meth = { \ - EC_FLAGS_DEFAULT_OCT, \ - NID_X9_62_prime_field, \ - ossl_ec_GFp_simple_group_init, \ - ossl_ec_GFp_simple_group_finish, \ - ossl_ec_GFp_simple_group_clear_finish, \ - ossl_ec_GFp_simple_group_copy, \ - ossl_ec_GFp_simple_group_set_curve, \ - ossl_ec_GFp_simple_group_get_curve, \ - ossl_ec_GFp_simple_group_get_degree, \ - ossl_ec_group_simple_order_bits, \ - ossl_ec_GFp_simple_group_check_discriminant, \ - ossl_ec_GFp_simple_point_init, \ - ossl_ec_GFp_simple_point_finish, \ - ossl_ec_GFp_simple_point_clear_finish, \ - ossl_ec_GFp_simple_point_copy, \ - ossl_ec_GFp_simple_point_set_to_infinity, \ - ossl_ec_GFp_simple_point_set_affine_coordinates, \ - ossl_ec_GFp_simple_point_get_affine_coordinates, \ - NULL, /* point_set_compressed_coordinates */ \ - NULL, /* point2oct */ \ - NULL, /* oct2point */ \ - ossl_ec_GFp_simple_add, \ - ossl_ec_GFp_simple_dbl, \ - ossl_ec_GFp_simple_invert, \ - ossl_ec_GFp_simple_is_at_infinity, \ - ossl_ec_GFp_simple_is_on_curve, \ - ossl_ec_GFp_simple_cmp, \ - ossl_ec_GFp_simple_make_affine, \ - ossl_ec_GFp_simple_points_make_affine, \ - ec_GFp_s390x_nistp##bits##_mul, \ - NULL, /* precompute_mult */ \ - NULL, /* have_precompute_mult */ \ - ossl_ec_GFp_simple_field_mul, \ - ossl_ec_GFp_simple_field_sqr, \ - NULL, /* field_div */ \ - ossl_ec_GFp_simple_field_inv, \ - NULL, /* field_encode */ \ - NULL, /* field_decode */ \ - NULL, /* field_set_to_one */ \ - ossl_ec_key_simple_priv2oct, \ - ossl_ec_key_simple_oct2priv, \ - NULL, /* set_private */ \ - ossl_ec_key_simple_generate_key, \ - ossl_ec_key_simple_check_key, \ - ossl_ec_key_simple_generate_public_key, \ - NULL, /* keycopy */ \ - NULL, /* keyfinish */ \ - ossl_ecdh_simple_compute_key, \ - ossl_ecdsa_simple_sign_setup, \ - ecdsa_s390x_nistp##bits##_sign_sig, \ - ecdsa_s390x_nistp##bits##_verify_sig, \ - NULL, /* field_inverse_mod_ord */ \ - ossl_ec_GFp_simple_blind_coordinates, \ - ossl_ec_GFp_simple_ladder_pre, \ - ossl_ec_GFp_simple_ladder_step, \ - ossl_ec_GFp_simple_ladder_post \ - }; \ - static const EC_METHOD *ret; \ - \ - if ((OPENSSL_s390xcap_P.pcc[1] \ - & S390X_CAPBIT(S390X_SCALAR_MULTIPLY_P##bits)) \ - && (OPENSSL_s390xcap_P.kdsa[0] \ - & S390X_CAPBIT(S390X_ECDSA_VERIFY_P##bits)) \ - && (OPENSSL_s390xcap_P.kdsa[0] \ - & S390X_CAPBIT(S390X_ECDSA_SIGN_P##bits))) \ - ret = &EC_GFp_s390x_nistp##bits##_meth; \ - else \ - ret = EC_GFp_mont_method(); \ - \ - return ret; \ -} - -EC_GFP_S390X_NISTP_METHOD(256) -EC_GFP_S390X_NISTP_METHOD(384) -EC_GFP_S390X_NISTP_METHOD(521) diff --git a/crypto/ec/ecp_smpl.c b/crypto/ec/ecp_smpl.c deleted file mode 100644 index bde8cad34641a469544b35ca6377872f2318cf65..0000000000000000000000000000000000000000 --- a/crypto/ec/ecp_smpl.c +++ /dev/null @@ -1,1723 +0,0 @@ -/* - * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. - * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * ECDSA low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include -#include - -#include "ec_local.h" - -const EC_METHOD *EC_GFp_simple_method(void) -{ - static const EC_METHOD ret = { - EC_FLAGS_DEFAULT_OCT, - NID_X9_62_prime_field, - ossl_ec_GFp_simple_group_init, - ossl_ec_GFp_simple_group_finish, - ossl_ec_GFp_simple_group_clear_finish, - ossl_ec_GFp_simple_group_copy, - ossl_ec_GFp_simple_group_set_curve, - ossl_ec_GFp_simple_group_get_curve, - ossl_ec_GFp_simple_group_get_degree, - ossl_ec_group_simple_order_bits, - ossl_ec_GFp_simple_group_check_discriminant, - ossl_ec_GFp_simple_point_init, - ossl_ec_GFp_simple_point_finish, - ossl_ec_GFp_simple_point_clear_finish, - ossl_ec_GFp_simple_point_copy, - ossl_ec_GFp_simple_point_set_to_infinity, - ossl_ec_GFp_simple_point_set_affine_coordinates, - ossl_ec_GFp_simple_point_get_affine_coordinates, - 0, 0, 0, - ossl_ec_GFp_simple_add, - ossl_ec_GFp_simple_dbl, - ossl_ec_GFp_simple_invert, - ossl_ec_GFp_simple_is_at_infinity, - ossl_ec_GFp_simple_is_on_curve, - ossl_ec_GFp_simple_cmp, - ossl_ec_GFp_simple_make_affine, - ossl_ec_GFp_simple_points_make_affine, - 0 /* mul */ , - 0 /* precompute_mult */ , - 0 /* have_precompute_mult */ , - ossl_ec_GFp_simple_field_mul, - ossl_ec_GFp_simple_field_sqr, - 0 /* field_div */ , - ossl_ec_GFp_simple_field_inv, - 0 /* field_encode */ , - 0 /* field_decode */ , - 0, /* field_set_to_one */ - ossl_ec_key_simple_priv2oct, - ossl_ec_key_simple_oct2priv, - 0, /* set private */ - ossl_ec_key_simple_generate_key, - ossl_ec_key_simple_check_key, - ossl_ec_key_simple_generate_public_key, - 0, /* keycopy */ - 0, /* keyfinish */ - ossl_ecdh_simple_compute_key, - ossl_ecdsa_simple_sign_setup, - ossl_ecdsa_simple_sign_sig, - ossl_ecdsa_simple_verify_sig, - 0, /* field_inverse_mod_ord */ - ossl_ec_GFp_simple_blind_coordinates, - ossl_ec_GFp_simple_ladder_pre, - ossl_ec_GFp_simple_ladder_step, - ossl_ec_GFp_simple_ladder_post - }; - - return &ret; -} - -/* - * Most method functions in this file are designed to work with - * non-trivial representations of field elements if necessary - * (see ecp_mont.c): while standard modular addition and subtraction - * are used, the field_mul and field_sqr methods will be used for - * multiplication, and field_encode and field_decode (if defined) - * will be used for converting between representations. - * - * Functions ec_GFp_simple_points_make_affine() and - * ec_GFp_simple_point_get_affine_coordinates() specifically assume - * that if a non-trivial representation is used, it is a Montgomery - * representation (i.e. 'encoding' means multiplying by some factor R). - */ - -int ossl_ec_GFp_simple_group_init(EC_GROUP *group) -{ - group->field = BN_new(); - group->a = BN_new(); - group->b = BN_new(); - if (group->field == NULL || group->a == NULL || group->b == NULL) { - BN_free(group->field); - BN_free(group->a); - BN_free(group->b); - return 0; - } - group->a_is_minus3 = 0; - return 1; -} - -void ossl_ec_GFp_simple_group_finish(EC_GROUP *group) -{ - BN_free(group->field); - BN_free(group->a); - BN_free(group->b); -} - -void ossl_ec_GFp_simple_group_clear_finish(EC_GROUP *group) -{ - BN_clear_free(group->field); - BN_clear_free(group->a); - BN_clear_free(group->b); -} - -int ossl_ec_GFp_simple_group_copy(EC_GROUP *dest, const EC_GROUP *src) -{ - if (!BN_copy(dest->field, src->field)) - return 0; - if (!BN_copy(dest->a, src->a)) - return 0; - if (!BN_copy(dest->b, src->b)) - return 0; - - dest->a_is_minus3 = src->a_is_minus3; - - return 1; -} - -int ossl_ec_GFp_simple_group_set_curve(EC_GROUP *group, - const BIGNUM *p, const BIGNUM *a, - const BIGNUM *b, BN_CTX *ctx) -{ - int ret = 0; - BN_CTX *new_ctx = NULL; - BIGNUM *tmp_a; - - /* p must be a prime > 3 */ - if (BN_num_bits(p) <= 2 || !BN_is_odd(p)) { - ERR_raise(ERR_LIB_EC, EC_R_INVALID_FIELD); - return 0; - } - - if (ctx == NULL) { - ctx = new_ctx = BN_CTX_new_ex(group->libctx); - if (ctx == NULL) - return 0; - } - - BN_CTX_start(ctx); - tmp_a = BN_CTX_get(ctx); - if (tmp_a == NULL) - goto err; - - /* group->field */ - if (!BN_copy(group->field, p)) - goto err; - BN_set_negative(group->field, 0); - - /* group->a */ - if (!BN_nnmod(tmp_a, a, p, ctx)) - goto err; - if (group->meth->field_encode) { - if (!group->meth->field_encode(group, group->a, tmp_a, ctx)) - goto err; - } else if (!BN_copy(group->a, tmp_a)) - goto err; - - /* group->b */ - if (!BN_nnmod(group->b, b, p, ctx)) - goto err; - if (group->meth->field_encode) - if (!group->meth->field_encode(group, group->b, group->b, ctx)) - goto err; - - /* group->a_is_minus3 */ - if (!BN_add_word(tmp_a, 3)) - goto err; - group->a_is_minus3 = (0 == BN_cmp(tmp_a, group->field)); - - ret = 1; - - err: - BN_CTX_end(ctx); - BN_CTX_free(new_ctx); - return ret; -} - -int ossl_ec_GFp_simple_group_get_curve(const EC_GROUP *group, BIGNUM *p, - BIGNUM *a, BIGNUM *b, BN_CTX *ctx) -{ - int ret = 0; - BN_CTX *new_ctx = NULL; - - if (p != NULL) { - if (!BN_copy(p, group->field)) - return 0; - } - - if (a != NULL || b != NULL) { - if (group->meth->field_decode) { - if (ctx == NULL) { - ctx = new_ctx = BN_CTX_new_ex(group->libctx); - if (ctx == NULL) - return 0; - } - if (a != NULL) { - if (!group->meth->field_decode(group, a, group->a, ctx)) - goto err; - } - if (b != NULL) { - if (!group->meth->field_decode(group, b, group->b, ctx)) - goto err; - } - } else { - if (a != NULL) { - if (!BN_copy(a, group->a)) - goto err; - } - if (b != NULL) { - if (!BN_copy(b, group->b)) - goto err; - } - } - } - - ret = 1; - - err: - BN_CTX_free(new_ctx); - return ret; -} - -int ossl_ec_GFp_simple_group_get_degree(const EC_GROUP *group) -{ - return BN_num_bits(group->field); -} - -int ossl_ec_GFp_simple_group_check_discriminant(const EC_GROUP *group, - BN_CTX *ctx) -{ - int ret = 0; - BIGNUM *a, *b, *order, *tmp_1, *tmp_2; - const BIGNUM *p = group->field; - BN_CTX *new_ctx = NULL; - - if (ctx == NULL) { - ctx = new_ctx = BN_CTX_new_ex(group->libctx); - if (ctx == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); - goto err; - } - } - BN_CTX_start(ctx); - a = BN_CTX_get(ctx); - b = BN_CTX_get(ctx); - tmp_1 = BN_CTX_get(ctx); - tmp_2 = BN_CTX_get(ctx); - order = BN_CTX_get(ctx); - if (order == NULL) - goto err; - - if (group->meth->field_decode) { - if (!group->meth->field_decode(group, a, group->a, ctx)) - goto err; - if (!group->meth->field_decode(group, b, group->b, ctx)) - goto err; - } else { - if (!BN_copy(a, group->a)) - goto err; - if (!BN_copy(b, group->b)) - goto err; - } - - /*- - * check the discriminant: - * y^2 = x^3 + a*x + b is an elliptic curve <=> 4*a^3 + 27*b^2 != 0 (mod p) - * 0 =< a, b < p - */ - if (BN_is_zero(a)) { - if (BN_is_zero(b)) - goto err; - } else if (!BN_is_zero(b)) { - if (!BN_mod_sqr(tmp_1, a, p, ctx)) - goto err; - if (!BN_mod_mul(tmp_2, tmp_1, a, p, ctx)) - goto err; - if (!BN_lshift(tmp_1, tmp_2, 2)) - goto err; - /* tmp_1 = 4*a^3 */ - - if (!BN_mod_sqr(tmp_2, b, p, ctx)) - goto err; - if (!BN_mul_word(tmp_2, 27)) - goto err; - /* tmp_2 = 27*b^2 */ - - if (!BN_mod_add(a, tmp_1, tmp_2, p, ctx)) - goto err; - if (BN_is_zero(a)) - goto err; - } - ret = 1; - - err: - BN_CTX_end(ctx); - BN_CTX_free(new_ctx); - return ret; -} - -int ossl_ec_GFp_simple_point_init(EC_POINT *point) -{ - point->X = BN_new(); - point->Y = BN_new(); - point->Z = BN_new(); - point->Z_is_one = 0; - - if (point->X == NULL || point->Y == NULL || point->Z == NULL) { - BN_free(point->X); - BN_free(point->Y); - BN_free(point->Z); - return 0; - } - return 1; -} - -void ossl_ec_GFp_simple_point_finish(EC_POINT *point) -{ - BN_free(point->X); - BN_free(point->Y); - BN_free(point->Z); -} - -void ossl_ec_GFp_simple_point_clear_finish(EC_POINT *point) -{ - BN_clear_free(point->X); - BN_clear_free(point->Y); - BN_clear_free(point->Z); - point->Z_is_one = 0; -} - -int ossl_ec_GFp_simple_point_copy(EC_POINT *dest, const EC_POINT *src) -{ - if (!BN_copy(dest->X, src->X)) - return 0; - if (!BN_copy(dest->Y, src->Y)) - return 0; - if (!BN_copy(dest->Z, src->Z)) - return 0; - dest->Z_is_one = src->Z_is_one; - dest->curve_name = src->curve_name; - - return 1; -} - -int ossl_ec_GFp_simple_point_set_to_infinity(const EC_GROUP *group, - EC_POINT *point) -{ - point->Z_is_one = 0; - BN_zero(point->Z); - return 1; -} - -int ossl_ec_GFp_simple_set_Jprojective_coordinates_GFp(const EC_GROUP *group, - EC_POINT *point, - const BIGNUM *x, - const BIGNUM *y, - const BIGNUM *z, - BN_CTX *ctx) -{ - BN_CTX *new_ctx = NULL; - int ret = 0; - - if (ctx == NULL) { - ctx = new_ctx = BN_CTX_new_ex(group->libctx); - if (ctx == NULL) - return 0; - } - - if (x != NULL) { - if (!BN_nnmod(point->X, x, group->field, ctx)) - goto err; - if (group->meth->field_encode) { - if (!group->meth->field_encode(group, point->X, point->X, ctx)) - goto err; - } - } - - if (y != NULL) { - if (!BN_nnmod(point->Y, y, group->field, ctx)) - goto err; - if (group->meth->field_encode) { - if (!group->meth->field_encode(group, point->Y, point->Y, ctx)) - goto err; - } - } - - if (z != NULL) { - int Z_is_one; - - if (!BN_nnmod(point->Z, z, group->field, ctx)) - goto err; - Z_is_one = BN_is_one(point->Z); - if (group->meth->field_encode) { - if (Z_is_one && (group->meth->field_set_to_one != 0)) { - if (!group->meth->field_set_to_one(group, point->Z, ctx)) - goto err; - } else { - if (!group-> - meth->field_encode(group, point->Z, point->Z, ctx)) - goto err; - } - } - point->Z_is_one = Z_is_one; - } - - ret = 1; - - err: - BN_CTX_free(new_ctx); - return ret; -} - -int ossl_ec_GFp_simple_get_Jprojective_coordinates_GFp(const EC_GROUP *group, - const EC_POINT *point, - BIGNUM *x, BIGNUM *y, - BIGNUM *z, BN_CTX *ctx) -{ - BN_CTX *new_ctx = NULL; - int ret = 0; - - if (group->meth->field_decode != 0) { - if (ctx == NULL) { - ctx = new_ctx = BN_CTX_new_ex(group->libctx); - if (ctx == NULL) - return 0; - } - - if (x != NULL) { - if (!group->meth->field_decode(group, x, point->X, ctx)) - goto err; - } - if (y != NULL) { - if (!group->meth->field_decode(group, y, point->Y, ctx)) - goto err; - } - if (z != NULL) { - if (!group->meth->field_decode(group, z, point->Z, ctx)) - goto err; - } - } else { - if (x != NULL) { - if (!BN_copy(x, point->X)) - goto err; - } - if (y != NULL) { - if (!BN_copy(y, point->Y)) - goto err; - } - if (z != NULL) { - if (!BN_copy(z, point->Z)) - goto err; - } - } - - ret = 1; - - err: - BN_CTX_free(new_ctx); - return ret; -} - -int ossl_ec_GFp_simple_point_set_affine_coordinates(const EC_GROUP *group, - EC_POINT *point, - const BIGNUM *x, - const BIGNUM *y, BN_CTX *ctx) -{ - if (x == NULL || y == NULL) { - /* - * unlike for projective coordinates, we do not tolerate this - */ - ERR_raise(ERR_LIB_EC, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - - return EC_POINT_set_Jprojective_coordinates_GFp(group, point, x, y, - BN_value_one(), ctx); -} - -int ossl_ec_GFp_simple_point_get_affine_coordinates(const EC_GROUP *group, - const EC_POINT *point, - BIGNUM *x, BIGNUM *y, - BN_CTX *ctx) -{ - BN_CTX *new_ctx = NULL; - BIGNUM *Z, *Z_1, *Z_2, *Z_3; - const BIGNUM *Z_; - int ret = 0; - - if (EC_POINT_is_at_infinity(group, point)) { - ERR_raise(ERR_LIB_EC, EC_R_POINT_AT_INFINITY); - return 0; - } - - if (ctx == NULL) { - ctx = new_ctx = BN_CTX_new_ex(group->libctx); - if (ctx == NULL) - return 0; - } - - BN_CTX_start(ctx); - Z = BN_CTX_get(ctx); - Z_1 = BN_CTX_get(ctx); - Z_2 = BN_CTX_get(ctx); - Z_3 = BN_CTX_get(ctx); - if (Z_3 == NULL) - goto err; - - /* transform (X, Y, Z) into (x, y) := (X/Z^2, Y/Z^3) */ - - if (group->meth->field_decode) { - if (!group->meth->field_decode(group, Z, point->Z, ctx)) - goto err; - Z_ = Z; - } else { - Z_ = point->Z; - } - - if (BN_is_one(Z_)) { - if (group->meth->field_decode) { - if (x != NULL) { - if (!group->meth->field_decode(group, x, point->X, ctx)) - goto err; - } - if (y != NULL) { - if (!group->meth->field_decode(group, y, point->Y, ctx)) - goto err; - } - } else { - if (x != NULL) { - if (!BN_copy(x, point->X)) - goto err; - } - if (y != NULL) { - if (!BN_copy(y, point->Y)) - goto err; - } - } - } else { - if (!group->meth->field_inv(group, Z_1, Z_, ctx)) { - ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); - goto err; - } - - if (group->meth->field_encode == 0) { - /* field_sqr works on standard representation */ - if (!group->meth->field_sqr(group, Z_2, Z_1, ctx)) - goto err; - } else { - if (!BN_mod_sqr(Z_2, Z_1, group->field, ctx)) - goto err; - } - - if (x != NULL) { - /* - * in the Montgomery case, field_mul will cancel out Montgomery - * factor in X: - */ - if (!group->meth->field_mul(group, x, point->X, Z_2, ctx)) - goto err; - } - - if (y != NULL) { - if (group->meth->field_encode == 0) { - /* - * field_mul works on standard representation - */ - if (!group->meth->field_mul(group, Z_3, Z_2, Z_1, ctx)) - goto err; - } else { - if (!BN_mod_mul(Z_3, Z_2, Z_1, group->field, ctx)) - goto err; - } - - /* - * in the Montgomery case, field_mul will cancel out Montgomery - * factor in Y: - */ - if (!group->meth->field_mul(group, y, point->Y, Z_3, ctx)) - goto err; - } - } - - ret = 1; - - err: - BN_CTX_end(ctx); - BN_CTX_free(new_ctx); - return ret; -} - -int ossl_ec_GFp_simple_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, - const EC_POINT *b, BN_CTX *ctx) -{ - int (*field_mul) (const EC_GROUP *, BIGNUM *, const BIGNUM *, - const BIGNUM *, BN_CTX *); - int (*field_sqr) (const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *); - const BIGNUM *p; - BN_CTX *new_ctx = NULL; - BIGNUM *n0, *n1, *n2, *n3, *n4, *n5, *n6; - int ret = 0; - - if (a == b) - return EC_POINT_dbl(group, r, a, ctx); - if (EC_POINT_is_at_infinity(group, a)) - return EC_POINT_copy(r, b); - if (EC_POINT_is_at_infinity(group, b)) - return EC_POINT_copy(r, a); - - field_mul = group->meth->field_mul; - field_sqr = group->meth->field_sqr; - p = group->field; - - if (ctx == NULL) { - ctx = new_ctx = BN_CTX_new_ex(group->libctx); - if (ctx == NULL) - return 0; - } - - BN_CTX_start(ctx); - n0 = BN_CTX_get(ctx); - n1 = BN_CTX_get(ctx); - n2 = BN_CTX_get(ctx); - n3 = BN_CTX_get(ctx); - n4 = BN_CTX_get(ctx); - n5 = BN_CTX_get(ctx); - n6 = BN_CTX_get(ctx); - if (n6 == NULL) - goto end; - - /* - * Note that in this function we must not read components of 'a' or 'b' - * once we have written the corresponding components of 'r'. ('r' might - * be one of 'a' or 'b'.) - */ - - /* n1, n2 */ - if (b->Z_is_one) { - if (!BN_copy(n1, a->X)) - goto end; - if (!BN_copy(n2, a->Y)) - goto end; - /* n1 = X_a */ - /* n2 = Y_a */ - } else { - if (!field_sqr(group, n0, b->Z, ctx)) - goto end; - if (!field_mul(group, n1, a->X, n0, ctx)) - goto end; - /* n1 = X_a * Z_b^2 */ - - if (!field_mul(group, n0, n0, b->Z, ctx)) - goto end; - if (!field_mul(group, n2, a->Y, n0, ctx)) - goto end; - /* n2 = Y_a * Z_b^3 */ - } - - /* n3, n4 */ - if (a->Z_is_one) { - if (!BN_copy(n3, b->X)) - goto end; - if (!BN_copy(n4, b->Y)) - goto end; - /* n3 = X_b */ - /* n4 = Y_b */ - } else { - if (!field_sqr(group, n0, a->Z, ctx)) - goto end; - if (!field_mul(group, n3, b->X, n0, ctx)) - goto end; - /* n3 = X_b * Z_a^2 */ - - if (!field_mul(group, n0, n0, a->Z, ctx)) - goto end; - if (!field_mul(group, n4, b->Y, n0, ctx)) - goto end; - /* n4 = Y_b * Z_a^3 */ - } - - /* n5, n6 */ - if (!BN_mod_sub_quick(n5, n1, n3, p)) - goto end; - if (!BN_mod_sub_quick(n6, n2, n4, p)) - goto end; - /* n5 = n1 - n3 */ - /* n6 = n2 - n4 */ - - if (BN_is_zero(n5)) { - if (BN_is_zero(n6)) { - /* a is the same point as b */ - BN_CTX_end(ctx); - ret = EC_POINT_dbl(group, r, a, ctx); - ctx = NULL; - goto end; - } else { - /* a is the inverse of b */ - BN_zero(r->Z); - r->Z_is_one = 0; - ret = 1; - goto end; - } - } - - /* 'n7', 'n8' */ - if (!BN_mod_add_quick(n1, n1, n3, p)) - goto end; - if (!BN_mod_add_quick(n2, n2, n4, p)) - goto end; - /* 'n7' = n1 + n3 */ - /* 'n8' = n2 + n4 */ - - /* Z_r */ - if (a->Z_is_one && b->Z_is_one) { - if (!BN_copy(r->Z, n5)) - goto end; - } else { - if (a->Z_is_one) { - if (!BN_copy(n0, b->Z)) - goto end; - } else if (b->Z_is_one) { - if (!BN_copy(n0, a->Z)) - goto end; - } else { - if (!field_mul(group, n0, a->Z, b->Z, ctx)) - goto end; - } - if (!field_mul(group, r->Z, n0, n5, ctx)) - goto end; - } - r->Z_is_one = 0; - /* Z_r = Z_a * Z_b * n5 */ - - /* X_r */ - if (!field_sqr(group, n0, n6, ctx)) - goto end; - if (!field_sqr(group, n4, n5, ctx)) - goto end; - if (!field_mul(group, n3, n1, n4, ctx)) - goto end; - if (!BN_mod_sub_quick(r->X, n0, n3, p)) - goto end; - /* X_r = n6^2 - n5^2 * 'n7' */ - - /* 'n9' */ - if (!BN_mod_lshift1_quick(n0, r->X, p)) - goto end; - if (!BN_mod_sub_quick(n0, n3, n0, p)) - goto end; - /* n9 = n5^2 * 'n7' - 2 * X_r */ - - /* Y_r */ - if (!field_mul(group, n0, n0, n6, ctx)) - goto end; - if (!field_mul(group, n5, n4, n5, ctx)) - goto end; /* now n5 is n5^3 */ - if (!field_mul(group, n1, n2, n5, ctx)) - goto end; - if (!BN_mod_sub_quick(n0, n0, n1, p)) - goto end; - if (BN_is_odd(n0)) - if (!BN_add(n0, n0, p)) - goto end; - /* now 0 <= n0 < 2*p, and n0 is even */ - if (!BN_rshift1(r->Y, n0)) - goto end; - /* Y_r = (n6 * 'n9' - 'n8' * 'n5^3') / 2 */ - - ret = 1; - - end: - BN_CTX_end(ctx); - BN_CTX_free(new_ctx); - return ret; -} - -int ossl_ec_GFp_simple_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, - BN_CTX *ctx) -{ - int (*field_mul) (const EC_GROUP *, BIGNUM *, const BIGNUM *, - const BIGNUM *, BN_CTX *); - int (*field_sqr) (const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *); - const BIGNUM *p; - BN_CTX *new_ctx = NULL; - BIGNUM *n0, *n1, *n2, *n3; - int ret = 0; - - if (EC_POINT_is_at_infinity(group, a)) { - BN_zero(r->Z); - r->Z_is_one = 0; - return 1; - } - - field_mul = group->meth->field_mul; - field_sqr = group->meth->field_sqr; - p = group->field; - - if (ctx == NULL) { - ctx = new_ctx = BN_CTX_new_ex(group->libctx); - if (ctx == NULL) - return 0; - } - - BN_CTX_start(ctx); - n0 = BN_CTX_get(ctx); - n1 = BN_CTX_get(ctx); - n2 = BN_CTX_get(ctx); - n3 = BN_CTX_get(ctx); - if (n3 == NULL) - goto err; - - /* - * Note that in this function we must not read components of 'a' once we - * have written the corresponding components of 'r'. ('r' might the same - * as 'a'.) - */ - - /* n1 */ - if (a->Z_is_one) { - if (!field_sqr(group, n0, a->X, ctx)) - goto err; - if (!BN_mod_lshift1_quick(n1, n0, p)) - goto err; - if (!BN_mod_add_quick(n0, n0, n1, p)) - goto err; - if (!BN_mod_add_quick(n1, n0, group->a, p)) - goto err; - /* n1 = 3 * X_a^2 + a_curve */ - } else if (group->a_is_minus3) { - if (!field_sqr(group, n1, a->Z, ctx)) - goto err; - if (!BN_mod_add_quick(n0, a->X, n1, p)) - goto err; - if (!BN_mod_sub_quick(n2, a->X, n1, p)) - goto err; - if (!field_mul(group, n1, n0, n2, ctx)) - goto err; - if (!BN_mod_lshift1_quick(n0, n1, p)) - goto err; - if (!BN_mod_add_quick(n1, n0, n1, p)) - goto err; - /*- - * n1 = 3 * (X_a + Z_a^2) * (X_a - Z_a^2) - * = 3 * X_a^2 - 3 * Z_a^4 - */ - } else { - if (!field_sqr(group, n0, a->X, ctx)) - goto err; - if (!BN_mod_lshift1_quick(n1, n0, p)) - goto err; - if (!BN_mod_add_quick(n0, n0, n1, p)) - goto err; - if (!field_sqr(group, n1, a->Z, ctx)) - goto err; - if (!field_sqr(group, n1, n1, ctx)) - goto err; - if (!field_mul(group, n1, n1, group->a, ctx)) - goto err; - if (!BN_mod_add_quick(n1, n1, n0, p)) - goto err; - /* n1 = 3 * X_a^2 + a_curve * Z_a^4 */ - } - - /* Z_r */ - if (a->Z_is_one) { - if (!BN_copy(n0, a->Y)) - goto err; - } else { - if (!field_mul(group, n0, a->Y, a->Z, ctx)) - goto err; - } - if (!BN_mod_lshift1_quick(r->Z, n0, p)) - goto err; - r->Z_is_one = 0; - /* Z_r = 2 * Y_a * Z_a */ - - /* n2 */ - if (!field_sqr(group, n3, a->Y, ctx)) - goto err; - if (!field_mul(group, n2, a->X, n3, ctx)) - goto err; - if (!BN_mod_lshift_quick(n2, n2, 2, p)) - goto err; - /* n2 = 4 * X_a * Y_a^2 */ - - /* X_r */ - if (!BN_mod_lshift1_quick(n0, n2, p)) - goto err; - if (!field_sqr(group, r->X, n1, ctx)) - goto err; - if (!BN_mod_sub_quick(r->X, r->X, n0, p)) - goto err; - /* X_r = n1^2 - 2 * n2 */ - - /* n3 */ - if (!field_sqr(group, n0, n3, ctx)) - goto err; - if (!BN_mod_lshift_quick(n3, n0, 3, p)) - goto err; - /* n3 = 8 * Y_a^4 */ - - /* Y_r */ - if (!BN_mod_sub_quick(n0, n2, r->X, p)) - goto err; - if (!field_mul(group, n0, n1, n0, ctx)) - goto err; - if (!BN_mod_sub_quick(r->Y, n0, n3, p)) - goto err; - /* Y_r = n1 * (n2 - X_r) - n3 */ - - ret = 1; - - err: - BN_CTX_end(ctx); - BN_CTX_free(new_ctx); - return ret; -} - -int ossl_ec_GFp_simple_invert(const EC_GROUP *group, EC_POINT *point, - BN_CTX *ctx) -{ - if (EC_POINT_is_at_infinity(group, point) || BN_is_zero(point->Y)) - /* point is its own inverse */ - return 1; - - return BN_usub(point->Y, group->field, point->Y); -} - -int ossl_ec_GFp_simple_is_at_infinity(const EC_GROUP *group, - const EC_POINT *point) -{ - return BN_is_zero(point->Z); -} - -int ossl_ec_GFp_simple_is_on_curve(const EC_GROUP *group, const EC_POINT *point, - BN_CTX *ctx) -{ - int (*field_mul) (const EC_GROUP *, BIGNUM *, const BIGNUM *, - const BIGNUM *, BN_CTX *); - int (*field_sqr) (const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *); - const BIGNUM *p; - BN_CTX *new_ctx = NULL; - BIGNUM *rh, *tmp, *Z4, *Z6; - int ret = -1; - - if (EC_POINT_is_at_infinity(group, point)) - return 1; - - field_mul = group->meth->field_mul; - field_sqr = group->meth->field_sqr; - p = group->field; - - if (ctx == NULL) { - ctx = new_ctx = BN_CTX_new_ex(group->libctx); - if (ctx == NULL) - return -1; - } - - BN_CTX_start(ctx); - rh = BN_CTX_get(ctx); - tmp = BN_CTX_get(ctx); - Z4 = BN_CTX_get(ctx); - Z6 = BN_CTX_get(ctx); - if (Z6 == NULL) - goto err; - - /*- - * We have a curve defined by a Weierstrass equation - * y^2 = x^3 + a*x + b. - * The point to consider is given in Jacobian projective coordinates - * where (X, Y, Z) represents (x, y) = (X/Z^2, Y/Z^3). - * Substituting this and multiplying by Z^6 transforms the above equation into - * Y^2 = X^3 + a*X*Z^4 + b*Z^6. - * To test this, we add up the right-hand side in 'rh'. - */ - - /* rh := X^2 */ - if (!field_sqr(group, rh, point->X, ctx)) - goto err; - - if (!point->Z_is_one) { - if (!field_sqr(group, tmp, point->Z, ctx)) - goto err; - if (!field_sqr(group, Z4, tmp, ctx)) - goto err; - if (!field_mul(group, Z6, Z4, tmp, ctx)) - goto err; - - /* rh := (rh + a*Z^4)*X */ - if (group->a_is_minus3) { - if (!BN_mod_lshift1_quick(tmp, Z4, p)) - goto err; - if (!BN_mod_add_quick(tmp, tmp, Z4, p)) - goto err; - if (!BN_mod_sub_quick(rh, rh, tmp, p)) - goto err; - if (!field_mul(group, rh, rh, point->X, ctx)) - goto err; - } else { - if (!field_mul(group, tmp, Z4, group->a, ctx)) - goto err; - if (!BN_mod_add_quick(rh, rh, tmp, p)) - goto err; - if (!field_mul(group, rh, rh, point->X, ctx)) - goto err; - } - - /* rh := rh + b*Z^6 */ - if (!field_mul(group, tmp, group->b, Z6, ctx)) - goto err; - if (!BN_mod_add_quick(rh, rh, tmp, p)) - goto err; - } else { - /* point->Z_is_one */ - - /* rh := (rh + a)*X */ - if (!BN_mod_add_quick(rh, rh, group->a, p)) - goto err; - if (!field_mul(group, rh, rh, point->X, ctx)) - goto err; - /* rh := rh + b */ - if (!BN_mod_add_quick(rh, rh, group->b, p)) - goto err; - } - - /* 'lh' := Y^2 */ - if (!field_sqr(group, tmp, point->Y, ctx)) - goto err; - - ret = (0 == BN_ucmp(tmp, rh)); - - err: - BN_CTX_end(ctx); - BN_CTX_free(new_ctx); - return ret; -} - -int ossl_ec_GFp_simple_cmp(const EC_GROUP *group, const EC_POINT *a, - const EC_POINT *b, BN_CTX *ctx) -{ - /*- - * return values: - * -1 error - * 0 equal (in affine coordinates) - * 1 not equal - */ - - int (*field_mul) (const EC_GROUP *, BIGNUM *, const BIGNUM *, - const BIGNUM *, BN_CTX *); - int (*field_sqr) (const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *); - BN_CTX *new_ctx = NULL; - BIGNUM *tmp1, *tmp2, *Za23, *Zb23; - const BIGNUM *tmp1_, *tmp2_; - int ret = -1; - - if (EC_POINT_is_at_infinity(group, a)) { - return EC_POINT_is_at_infinity(group, b) ? 0 : 1; - } - - if (EC_POINT_is_at_infinity(group, b)) - return 1; - - if (a->Z_is_one && b->Z_is_one) { - return ((BN_cmp(a->X, b->X) == 0) && BN_cmp(a->Y, b->Y) == 0) ? 0 : 1; - } - - field_mul = group->meth->field_mul; - field_sqr = group->meth->field_sqr; - - if (ctx == NULL) { - ctx = new_ctx = BN_CTX_new_ex(group->libctx); - if (ctx == NULL) - return -1; - } - - BN_CTX_start(ctx); - tmp1 = BN_CTX_get(ctx); - tmp2 = BN_CTX_get(ctx); - Za23 = BN_CTX_get(ctx); - Zb23 = BN_CTX_get(ctx); - if (Zb23 == NULL) - goto end; - - /*- - * We have to decide whether - * (X_a/Z_a^2, Y_a/Z_a^3) = (X_b/Z_b^2, Y_b/Z_b^3), - * or equivalently, whether - * (X_a*Z_b^2, Y_a*Z_b^3) = (X_b*Z_a^2, Y_b*Z_a^3). - */ - - if (!b->Z_is_one) { - if (!field_sqr(group, Zb23, b->Z, ctx)) - goto end; - if (!field_mul(group, tmp1, a->X, Zb23, ctx)) - goto end; - tmp1_ = tmp1; - } else - tmp1_ = a->X; - if (!a->Z_is_one) { - if (!field_sqr(group, Za23, a->Z, ctx)) - goto end; - if (!field_mul(group, tmp2, b->X, Za23, ctx)) - goto end; - tmp2_ = tmp2; - } else - tmp2_ = b->X; - - /* compare X_a*Z_b^2 with X_b*Z_a^2 */ - if (BN_cmp(tmp1_, tmp2_) != 0) { - ret = 1; /* points differ */ - goto end; - } - - if (!b->Z_is_one) { - if (!field_mul(group, Zb23, Zb23, b->Z, ctx)) - goto end; - if (!field_mul(group, tmp1, a->Y, Zb23, ctx)) - goto end; - /* tmp1_ = tmp1 */ - } else - tmp1_ = a->Y; - if (!a->Z_is_one) { - if (!field_mul(group, Za23, Za23, a->Z, ctx)) - goto end; - if (!field_mul(group, tmp2, b->Y, Za23, ctx)) - goto end; - /* tmp2_ = tmp2 */ - } else - tmp2_ = b->Y; - - /* compare Y_a*Z_b^3 with Y_b*Z_a^3 */ - if (BN_cmp(tmp1_, tmp2_) != 0) { - ret = 1; /* points differ */ - goto end; - } - - /* points are equal */ - ret = 0; - - end: - BN_CTX_end(ctx); - BN_CTX_free(new_ctx); - return ret; -} - -int ossl_ec_GFp_simple_make_affine(const EC_GROUP *group, EC_POINT *point, - BN_CTX *ctx) -{ - BN_CTX *new_ctx = NULL; - BIGNUM *x, *y; - int ret = 0; - - if (point->Z_is_one || EC_POINT_is_at_infinity(group, point)) - return 1; - - if (ctx == NULL) { - ctx = new_ctx = BN_CTX_new_ex(group->libctx); - if (ctx == NULL) - return 0; - } - - BN_CTX_start(ctx); - x = BN_CTX_get(ctx); - y = BN_CTX_get(ctx); - if (y == NULL) - goto err; - - if (!EC_POINT_get_affine_coordinates(group, point, x, y, ctx)) - goto err; - if (!EC_POINT_set_affine_coordinates(group, point, x, y, ctx)) - goto err; - if (!point->Z_is_one) { - ERR_raise(ERR_LIB_EC, ERR_R_INTERNAL_ERROR); - goto err; - } - - ret = 1; - - err: - BN_CTX_end(ctx); - BN_CTX_free(new_ctx); - return ret; -} - -int ossl_ec_GFp_simple_points_make_affine(const EC_GROUP *group, size_t num, - EC_POINT *points[], BN_CTX *ctx) -{ - BN_CTX *new_ctx = NULL; - BIGNUM *tmp, *tmp_Z; - BIGNUM **prod_Z = NULL; - size_t i; - int ret = 0; - - if (num == 0) - return 1; - - if (ctx == NULL) { - ctx = new_ctx = BN_CTX_new_ex(group->libctx); - if (ctx == NULL) - return 0; - } - - BN_CTX_start(ctx); - tmp = BN_CTX_get(ctx); - tmp_Z = BN_CTX_get(ctx); - if (tmp_Z == NULL) - goto err; - - prod_Z = OPENSSL_malloc(num * sizeof(prod_Z[0])); - if (prod_Z == NULL) - goto err; - for (i = 0; i < num; i++) { - prod_Z[i] = BN_new(); - if (prod_Z[i] == NULL) - goto err; - } - - /* - * Set each prod_Z[i] to the product of points[0]->Z .. points[i]->Z, - * skipping any zero-valued inputs (pretend that they're 1). - */ - - if (!BN_is_zero(points[0]->Z)) { - if (!BN_copy(prod_Z[0], points[0]->Z)) - goto err; - } else { - if (group->meth->field_set_to_one != 0) { - if (!group->meth->field_set_to_one(group, prod_Z[0], ctx)) - goto err; - } else { - if (!BN_one(prod_Z[0])) - goto err; - } - } - - for (i = 1; i < num; i++) { - if (!BN_is_zero(points[i]->Z)) { - if (!group-> - meth->field_mul(group, prod_Z[i], prod_Z[i - 1], points[i]->Z, - ctx)) - goto err; - } else { - if (!BN_copy(prod_Z[i], prod_Z[i - 1])) - goto err; - } - } - - /* - * Now use a single explicit inversion to replace every non-zero - * points[i]->Z by its inverse. - */ - - if (!group->meth->field_inv(group, tmp, prod_Z[num - 1], ctx)) { - ERR_raise(ERR_LIB_EC, ERR_R_BN_LIB); - goto err; - } - if (group->meth->field_encode != 0) { - /* - * In the Montgomery case, we just turned R*H (representing H) into - * 1/(R*H), but we need R*(1/H) (representing 1/H); i.e. we need to - * multiply by the Montgomery factor twice. - */ - if (!group->meth->field_encode(group, tmp, tmp, ctx)) - goto err; - if (!group->meth->field_encode(group, tmp, tmp, ctx)) - goto err; - } - - for (i = num - 1; i > 0; --i) { - /* - * Loop invariant: tmp is the product of the inverses of points[0]->Z - * .. points[i]->Z (zero-valued inputs skipped). - */ - if (!BN_is_zero(points[i]->Z)) { - /* - * Set tmp_Z to the inverse of points[i]->Z (as product of Z - * inverses 0 .. i, Z values 0 .. i - 1). - */ - if (!group-> - meth->field_mul(group, tmp_Z, prod_Z[i - 1], tmp, ctx)) - goto err; - /* - * Update tmp to satisfy the loop invariant for i - 1. - */ - if (!group->meth->field_mul(group, tmp, tmp, points[i]->Z, ctx)) - goto err; - /* Replace points[i]->Z by its inverse. */ - if (!BN_copy(points[i]->Z, tmp_Z)) - goto err; - } - } - - if (!BN_is_zero(points[0]->Z)) { - /* Replace points[0]->Z by its inverse. */ - if (!BN_copy(points[0]->Z, tmp)) - goto err; - } - - /* Finally, fix up the X and Y coordinates for all points. */ - - for (i = 0; i < num; i++) { - EC_POINT *p = points[i]; - - if (!BN_is_zero(p->Z)) { - /* turn (X, Y, 1/Z) into (X/Z^2, Y/Z^3, 1) */ - - if (!group->meth->field_sqr(group, tmp, p->Z, ctx)) - goto err; - if (!group->meth->field_mul(group, p->X, p->X, tmp, ctx)) - goto err; - - if (!group->meth->field_mul(group, tmp, tmp, p->Z, ctx)) - goto err; - if (!group->meth->field_mul(group, p->Y, p->Y, tmp, ctx)) - goto err; - - if (group->meth->field_set_to_one != 0) { - if (!group->meth->field_set_to_one(group, p->Z, ctx)) - goto err; - } else { - if (!BN_one(p->Z)) - goto err; - } - p->Z_is_one = 1; - } - } - - ret = 1; - - err: - BN_CTX_end(ctx); - BN_CTX_free(new_ctx); - if (prod_Z != NULL) { - for (i = 0; i < num; i++) { - if (prod_Z[i] == NULL) - break; - BN_clear_free(prod_Z[i]); - } - OPENSSL_free(prod_Z); - } - return ret; -} - -int ossl_ec_GFp_simple_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, - const BIGNUM *b, BN_CTX *ctx) -{ - return BN_mod_mul(r, a, b, group->field, ctx); -} - -int ossl_ec_GFp_simple_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, - BN_CTX *ctx) -{ - return BN_mod_sqr(r, a, group->field, ctx); -} - -/*- - * Computes the multiplicative inverse of a in GF(p), storing the result in r. - * If a is zero (or equivalent), you'll get a EC_R_CANNOT_INVERT error. - * Since we don't have a Mont structure here, SCA hardening is with blinding. - * NB: "a" must be in _decoded_ form. (i.e. field_decode must precede.) - */ -int ossl_ec_GFp_simple_field_inv(const EC_GROUP *group, BIGNUM *r, - const BIGNUM *a, BN_CTX *ctx) -{ - BIGNUM *e = NULL; - BN_CTX *new_ctx = NULL; - int ret = 0; - - if (ctx == NULL - && (ctx = new_ctx = BN_CTX_secure_new_ex(group->libctx)) == NULL) - return 0; - - BN_CTX_start(ctx); - if ((e = BN_CTX_get(ctx)) == NULL) - goto err; - - do { - if (!BN_priv_rand_range_ex(e, group->field, 0, ctx)) - goto err; - } while (BN_is_zero(e)); - - /* r := a * e */ - if (!group->meth->field_mul(group, r, a, e, ctx)) - goto err; - /* r := 1/(a * e) */ - if (!BN_mod_inverse(r, r, group->field, ctx)) { - ERR_raise(ERR_LIB_EC, EC_R_CANNOT_INVERT); - goto err; - } - /* r := e/(a * e) = 1/a */ - if (!group->meth->field_mul(group, r, r, e, ctx)) - goto err; - - ret = 1; - - err: - BN_CTX_end(ctx); - BN_CTX_free(new_ctx); - return ret; -} - -/*- - * Apply randomization of EC point projective coordinates: - * - * (X, Y ,Z ) = (lambda^2*X, lambda^3*Y, lambda*Z) - * lambda = [1,group->field) - * - */ -int ossl_ec_GFp_simple_blind_coordinates(const EC_GROUP *group, EC_POINT *p, - BN_CTX *ctx) -{ - int ret = 0; - BIGNUM *lambda = NULL; - BIGNUM *temp = NULL; - - BN_CTX_start(ctx); - lambda = BN_CTX_get(ctx); - temp = BN_CTX_get(ctx); - if (temp == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); - goto end; - } - - /*- - * Make sure lambda is not zero. - * If the RNG fails, we cannot blind but nevertheless want - * code to continue smoothly and not clobber the error stack. - */ - do { - ERR_set_mark(); - ret = BN_priv_rand_range_ex(lambda, group->field, 0, ctx); - ERR_pop_to_mark(); - if (ret == 0) { - ret = 1; - goto end; - } - } while (BN_is_zero(lambda)); - - /* if field_encode defined convert between representations */ - if ((group->meth->field_encode != NULL - && !group->meth->field_encode(group, lambda, lambda, ctx)) - || !group->meth->field_mul(group, p->Z, p->Z, lambda, ctx) - || !group->meth->field_sqr(group, temp, lambda, ctx) - || !group->meth->field_mul(group, p->X, p->X, temp, ctx) - || !group->meth->field_mul(group, temp, temp, lambda, ctx) - || !group->meth->field_mul(group, p->Y, p->Y, temp, ctx)) - goto end; - - p->Z_is_one = 0; - ret = 1; - - end: - BN_CTX_end(ctx); - return ret; -} - -/*- - * Input: - * - p: affine coordinates - * - * Output: - * - s := p, r := 2p: blinded projective (homogeneous) coordinates - * - * For doubling we use Formula 3 from Izu-Takagi "A fast parallel elliptic curve - * multiplication resistant against side channel attacks" appendix, described at - * https://hyperelliptic.org/EFD/g1p/auto-shortw-xz.html#doubling-dbl-2002-it-2 - * simplified for Z1=1. - * - * Blinding uses the equivalence relation (\lambda X, \lambda Y, \lambda Z) - * for any non-zero \lambda that holds for projective (homogeneous) coords. - */ -int ossl_ec_GFp_simple_ladder_pre(const EC_GROUP *group, - EC_POINT *r, EC_POINT *s, - EC_POINT *p, BN_CTX *ctx) -{ - BIGNUM *t1, *t2, *t3, *t4, *t5 = NULL; - - t1 = s->Z; - t2 = r->Z; - t3 = s->X; - t4 = r->X; - t5 = s->Y; - - if (!p->Z_is_one /* r := 2p */ - || !group->meth->field_sqr(group, t3, p->X, ctx) - || !BN_mod_sub_quick(t4, t3, group->a, group->field) - || !group->meth->field_sqr(group, t4, t4, ctx) - || !group->meth->field_mul(group, t5, p->X, group->b, ctx) - || !BN_mod_lshift_quick(t5, t5, 3, group->field) - /* r->X coord output */ - || !BN_mod_sub_quick(r->X, t4, t5, group->field) - || !BN_mod_add_quick(t1, t3, group->a, group->field) - || !group->meth->field_mul(group, t2, p->X, t1, ctx) - || !BN_mod_add_quick(t2, group->b, t2, group->field) - /* r->Z coord output */ - || !BN_mod_lshift_quick(r->Z, t2, 2, group->field)) - return 0; - - /* make sure lambda (r->Y here for storage) is not zero */ - do { - if (!BN_priv_rand_range_ex(r->Y, group->field, 0, ctx)) - return 0; - } while (BN_is_zero(r->Y)); - - /* make sure lambda (s->Z here for storage) is not zero */ - do { - if (!BN_priv_rand_range_ex(s->Z, group->field, 0, ctx)) - return 0; - } while (BN_is_zero(s->Z)); - - /* if field_encode defined convert between representations */ - if (group->meth->field_encode != NULL - && (!group->meth->field_encode(group, r->Y, r->Y, ctx) - || !group->meth->field_encode(group, s->Z, s->Z, ctx))) - return 0; - - /* blind r and s independently */ - if (!group->meth->field_mul(group, r->Z, r->Z, r->Y, ctx) - || !group->meth->field_mul(group, r->X, r->X, r->Y, ctx) - || !group->meth->field_mul(group, s->X, p->X, s->Z, ctx)) /* s := p */ - return 0; - - r->Z_is_one = 0; - s->Z_is_one = 0; - - return 1; -} - -/*- - * Input: - * - s, r: projective (homogeneous) coordinates - * - p: affine coordinates - * - * Output: - * - s := r + s, r := 2r: projective (homogeneous) coordinates - * - * Differential addition-and-doubling using Eq. (9) and (10) from Izu-Takagi - * "A fast parallel elliptic curve multiplication resistant against side channel - * attacks", as described at - * https://hyperelliptic.org/EFD/g1p/auto-shortw-xz.html#ladder-mladd-2002-it-4 - */ -int ossl_ec_GFp_simple_ladder_step(const EC_GROUP *group, - EC_POINT *r, EC_POINT *s, - EC_POINT *p, BN_CTX *ctx) -{ - int ret = 0; - BIGNUM *t0, *t1, *t2, *t3, *t4, *t5, *t6 = NULL; - - BN_CTX_start(ctx); - t0 = BN_CTX_get(ctx); - t1 = BN_CTX_get(ctx); - t2 = BN_CTX_get(ctx); - t3 = BN_CTX_get(ctx); - t4 = BN_CTX_get(ctx); - t5 = BN_CTX_get(ctx); - t6 = BN_CTX_get(ctx); - - if (t6 == NULL - || !group->meth->field_mul(group, t6, r->X, s->X, ctx) - || !group->meth->field_mul(group, t0, r->Z, s->Z, ctx) - || !group->meth->field_mul(group, t4, r->X, s->Z, ctx) - || !group->meth->field_mul(group, t3, r->Z, s->X, ctx) - || !group->meth->field_mul(group, t5, group->a, t0, ctx) - || !BN_mod_add_quick(t5, t6, t5, group->field) - || !BN_mod_add_quick(t6, t3, t4, group->field) - || !group->meth->field_mul(group, t5, t6, t5, ctx) - || !group->meth->field_sqr(group, t0, t0, ctx) - || !BN_mod_lshift_quick(t2, group->b, 2, group->field) - || !group->meth->field_mul(group, t0, t2, t0, ctx) - || !BN_mod_lshift1_quick(t5, t5, group->field) - || !BN_mod_sub_quick(t3, t4, t3, group->field) - /* s->Z coord output */ - || !group->meth->field_sqr(group, s->Z, t3, ctx) - || !group->meth->field_mul(group, t4, s->Z, p->X, ctx) - || !BN_mod_add_quick(t0, t0, t5, group->field) - /* s->X coord output */ - || !BN_mod_sub_quick(s->X, t0, t4, group->field) - || !group->meth->field_sqr(group, t4, r->X, ctx) - || !group->meth->field_sqr(group, t5, r->Z, ctx) - || !group->meth->field_mul(group, t6, t5, group->a, ctx) - || !BN_mod_add_quick(t1, r->X, r->Z, group->field) - || !group->meth->field_sqr(group, t1, t1, ctx) - || !BN_mod_sub_quick(t1, t1, t4, group->field) - || !BN_mod_sub_quick(t1, t1, t5, group->field) - || !BN_mod_sub_quick(t3, t4, t6, group->field) - || !group->meth->field_sqr(group, t3, t3, ctx) - || !group->meth->field_mul(group, t0, t5, t1, ctx) - || !group->meth->field_mul(group, t0, t2, t0, ctx) - /* r->X coord output */ - || !BN_mod_sub_quick(r->X, t3, t0, group->field) - || !BN_mod_add_quick(t3, t4, t6, group->field) - || !group->meth->field_sqr(group, t4, t5, ctx) - || !group->meth->field_mul(group, t4, t4, t2, ctx) - || !group->meth->field_mul(group, t1, t1, t3, ctx) - || !BN_mod_lshift1_quick(t1, t1, group->field) - /* r->Z coord output */ - || !BN_mod_add_quick(r->Z, t4, t1, group->field)) - goto err; - - ret = 1; - - err: - BN_CTX_end(ctx); - return ret; -} - -/*- - * Input: - * - s, r: projective (homogeneous) coordinates - * - p: affine coordinates - * - * Output: - * - r := (x,y): affine coordinates - * - * Recovers the y-coordinate of r using Eq. (8) from Brier-Joye, "Weierstrass - * Elliptic Curves and Side-Channel Attacks", modified to work in mixed - * projective coords, i.e. p is affine and (r,s) in projective (homogeneous) - * coords, and return r in affine coordinates. - * - * X4 = two*Y1*X2*Z3*Z2; - * Y4 = two*b*Z3*SQR(Z2) + Z3*(a*Z2+X1*X2)*(X1*Z2+X2) - X3*SQR(X1*Z2-X2); - * Z4 = two*Y1*Z3*SQR(Z2); - * - * Z4 != 0 because: - * - Z2==0 implies r is at infinity (handled by the BN_is_zero(r->Z) branch); - * - Z3==0 implies s is at infinity (handled by the BN_is_zero(s->Z) branch); - * - Y1==0 implies p has order 2, so either r or s are infinity and handled by - * one of the BN_is_zero(...) branches. - */ -int ossl_ec_GFp_simple_ladder_post(const EC_GROUP *group, - EC_POINT *r, EC_POINT *s, - EC_POINT *p, BN_CTX *ctx) -{ - int ret = 0; - BIGNUM *t0, *t1, *t2, *t3, *t4, *t5, *t6 = NULL; - - if (BN_is_zero(r->Z)) - return EC_POINT_set_to_infinity(group, r); - - if (BN_is_zero(s->Z)) { - if (!EC_POINT_copy(r, p) - || !EC_POINT_invert(group, r, ctx)) - return 0; - return 1; - } - - BN_CTX_start(ctx); - t0 = BN_CTX_get(ctx); - t1 = BN_CTX_get(ctx); - t2 = BN_CTX_get(ctx); - t3 = BN_CTX_get(ctx); - t4 = BN_CTX_get(ctx); - t5 = BN_CTX_get(ctx); - t6 = BN_CTX_get(ctx); - - if (t6 == NULL - || !BN_mod_lshift1_quick(t4, p->Y, group->field) - || !group->meth->field_mul(group, t6, r->X, t4, ctx) - || !group->meth->field_mul(group, t6, s->Z, t6, ctx) - || !group->meth->field_mul(group, t5, r->Z, t6, ctx) - || !BN_mod_lshift1_quick(t1, group->b, group->field) - || !group->meth->field_mul(group, t1, s->Z, t1, ctx) - || !group->meth->field_sqr(group, t3, r->Z, ctx) - || !group->meth->field_mul(group, t2, t3, t1, ctx) - || !group->meth->field_mul(group, t6, r->Z, group->a, ctx) - || !group->meth->field_mul(group, t1, p->X, r->X, ctx) - || !BN_mod_add_quick(t1, t1, t6, group->field) - || !group->meth->field_mul(group, t1, s->Z, t1, ctx) - || !group->meth->field_mul(group, t0, p->X, r->Z, ctx) - || !BN_mod_add_quick(t6, r->X, t0, group->field) - || !group->meth->field_mul(group, t6, t6, t1, ctx) - || !BN_mod_add_quick(t6, t6, t2, group->field) - || !BN_mod_sub_quick(t0, t0, r->X, group->field) - || !group->meth->field_sqr(group, t0, t0, ctx) - || !group->meth->field_mul(group, t0, t0, s->X, ctx) - || !BN_mod_sub_quick(t0, t6, t0, group->field) - || !group->meth->field_mul(group, t1, s->Z, t4, ctx) - || !group->meth->field_mul(group, t1, t3, t1, ctx) - || (group->meth->field_decode != NULL - && !group->meth->field_decode(group, t1, t1, ctx)) - || !group->meth->field_inv(group, t1, t1, ctx) - || (group->meth->field_encode != NULL - && !group->meth->field_encode(group, t1, t1, ctx)) - || !group->meth->field_mul(group, r->X, t5, t1, ctx) - || !group->meth->field_mul(group, r->Y, t0, t1, ctx)) - goto err; - - if (group->meth->field_set_to_one != NULL) { - if (!group->meth->field_set_to_one(group, r->Z, ctx)) - goto err; - } else { - if (!BN_one(r->Z)) - goto err; - } - - r->Z_is_one = 1; - ret = 1; - - err: - BN_CTX_end(ctx); - return ret; -} diff --git a/crypto/ec/ecx_backend.c b/crypto/ec/ecx_backend.c deleted file mode 100644 index 2ab7611be9af693a3c6770adafe6c0349c49662f..0000000000000000000000000000000000000000 --- a/crypto/ec/ecx_backend.c +++ /dev/null @@ -1,260 +0,0 @@ -/* - * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include -#include -#include -#ifndef FIPS_MODULE -# include -#endif -#include "crypto/ecx.h" -#include "ecx_backend.h" - -/* - * The intention with the "backend" source file is to offer backend support - * for legacy backends (EVP_PKEY_ASN1_METHOD and EVP_PKEY_METHOD) and provider - * implementations alike. - */ - -int ossl_ecx_public_from_private(ECX_KEY *key) -{ - switch (key->type) { - case ECX_KEY_TYPE_X25519: - ossl_x25519_public_from_private(key->pubkey, key->privkey); - break; - case ECX_KEY_TYPE_ED25519: - if (!ossl_ed25519_public_from_private(key->libctx, key->pubkey, - key->privkey, key->propq)) { - ERR_raise(ERR_LIB_EC, EC_R_FAILED_MAKING_PUBLIC_KEY); - return 0; - } - break; - case ECX_KEY_TYPE_X448: - ossl_x448_public_from_private(key->pubkey, key->privkey); - break; - case ECX_KEY_TYPE_ED448: - if (!ossl_ed448_public_from_private(key->libctx, key->pubkey, - key->privkey, key->propq)) { - ERR_raise(ERR_LIB_EC, EC_R_FAILED_MAKING_PUBLIC_KEY); - return 0; - } - break; - } - return 1; -} - -int ossl_ecx_key_fromdata(ECX_KEY *ecx, const OSSL_PARAM params[], - int include_private) -{ - size_t privkeylen = 0, pubkeylen = 0; - const OSSL_PARAM *param_priv_key = NULL, *param_pub_key; - unsigned char *pubkey; - - if (ecx == NULL) - return 0; - - param_pub_key = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PUB_KEY); - if (include_private) - param_priv_key = - OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PRIV_KEY); - - if (param_pub_key == NULL && param_priv_key == NULL) - return 0; - - if (param_priv_key != NULL) { - if (!OSSL_PARAM_get_octet_string(param_priv_key, - (void **)&ecx->privkey, ecx->keylen, - &privkeylen)) - return 0; - if (privkeylen != ecx->keylen) { - /* - * Invalid key length. We will clear what we've received now. We - * can't leave it to ossl_ecx_key_free() because that will call - * OPENSSL_secure_clear_free() and assume the correct key length - */ - OPENSSL_secure_clear_free(ecx->privkey, privkeylen); - ecx->privkey = NULL; - return 0; - } - } - - - pubkey = ecx->pubkey; - if (param_pub_key != NULL - && !OSSL_PARAM_get_octet_string(param_pub_key, - (void **)&pubkey, - sizeof(ecx->pubkey), &pubkeylen)) - return 0; - - if ((param_pub_key != NULL && pubkeylen != ecx->keylen)) - return 0; - - if (param_pub_key == NULL && !ossl_ecx_public_from_private(ecx)) - return 0; - - ecx->haspubkey = 1; - - return 1; -} - -ECX_KEY *ossl_ecx_key_dup(const ECX_KEY *key, int selection) -{ - ECX_KEY *ret = OPENSSL_zalloc(sizeof(*ret)); - - if (ret == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); - return NULL; - } - - ret->lock = CRYPTO_THREAD_lock_new(); - if (ret->lock == NULL) { - OPENSSL_free(ret); - return NULL; - } - - ret->libctx = key->libctx; - ret->haspubkey = key->haspubkey; - ret->keylen = key->keylen; - ret->type = key->type; - ret->references = 1; - - if (key->propq != NULL) { - ret->propq = OPENSSL_strdup(key->propq); - if (ret->propq == NULL) - goto err; - } - - if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) - memcpy(ret->pubkey, key->pubkey, sizeof(ret->pubkey)); - - if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0 - && key->privkey != NULL) { - if (ossl_ecx_key_allocate_privkey(ret) == NULL) - goto err; - memcpy(ret->privkey, key->privkey, ret->keylen); - } - - return ret; - -err: - ossl_ecx_key_free(ret); - ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); - return NULL; -} - -#ifndef FIPS_MODULE -ECX_KEY *ossl_ecx_key_op(const X509_ALGOR *palg, - const unsigned char *p, int plen, - int id, ecx_key_op_t op, - OSSL_LIB_CTX *libctx, const char *propq) -{ - ECX_KEY *key = NULL; - unsigned char *privkey, *pubkey; - - if (op != KEY_OP_KEYGEN) { - if (palg != NULL) { - int ptype; - - /* Algorithm parameters must be absent */ - X509_ALGOR_get0(NULL, &ptype, NULL, palg); - if (ptype != V_ASN1_UNDEF) { - ERR_raise(ERR_LIB_EC, EC_R_INVALID_ENCODING); - return 0; - } - if (id == EVP_PKEY_NONE) - id = OBJ_obj2nid(palg->algorithm); - else if (id != OBJ_obj2nid(palg->algorithm)) { - ERR_raise(ERR_LIB_EC, EC_R_INVALID_ENCODING); - return 0; - } - } - - if (p == NULL || id == EVP_PKEY_NONE || plen != KEYLENID(id)) { - ERR_raise(ERR_LIB_EC, EC_R_INVALID_ENCODING); - return 0; - } - } - - key = ossl_ecx_key_new(libctx, KEYNID2TYPE(id), 1, propq); - if (key == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); - return 0; - } - pubkey = key->pubkey; - - if (op == KEY_OP_PUBLIC) { - memcpy(pubkey, p, plen); - } else { - privkey = ossl_ecx_key_allocate_privkey(key); - if (privkey == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); - goto err; - } - if (op == KEY_OP_KEYGEN) { - if (id != EVP_PKEY_NONE) { - if (RAND_priv_bytes_ex(libctx, privkey, KEYLENID(id), 0) <= 0) - goto err; - if (id == EVP_PKEY_X25519) { - privkey[0] &= 248; - privkey[X25519_KEYLEN - 1] &= 127; - privkey[X25519_KEYLEN - 1] |= 64; - } else if (id == EVP_PKEY_X448) { - privkey[0] &= 252; - privkey[X448_KEYLEN - 1] |= 128; - } - } - } else { - memcpy(privkey, p, KEYLENID(id)); - } - if (!ossl_ecx_public_from_private(key)) { - ERR_raise(ERR_LIB_EC, EC_R_FAILED_MAKING_PUBLIC_KEY); - goto err; - } - } - - return key; - err: - ossl_ecx_key_free(key); - return NULL; -} - -ECX_KEY *ossl_ecx_key_from_pkcs8(const PKCS8_PRIV_KEY_INFO *p8inf, - OSSL_LIB_CTX *libctx, const char *propq) -{ - ECX_KEY *ecx = NULL; - const unsigned char *p; - int plen; - ASN1_OCTET_STRING *oct = NULL; - const X509_ALGOR *palg; - - if (!PKCS8_pkey_get0(NULL, &p, &plen, &palg, p8inf)) - return 0; - - oct = d2i_ASN1_OCTET_STRING(NULL, &p, plen); - if (oct == NULL) { - p = NULL; - plen = 0; - } else { - p = ASN1_STRING_get0_data(oct); - plen = ASN1_STRING_length(oct); - } - - /* - * EVP_PKEY_NONE means that ecx_key_op() has to figure out the key type - * on its own. - */ - ecx = ossl_ecx_key_op(palg, p, plen, EVP_PKEY_NONE, KEY_OP_PRIVATE, - libctx, propq); - ASN1_OCTET_STRING_free(oct); - return ecx; -} -#endif diff --git a/crypto/ec/ecx_backend.h b/crypto/ec/ecx_backend.h deleted file mode 100644 index 2c01294789b3f02ae620565dab5eb1c0885f0493..0000000000000000000000000000000000000000 --- a/crypto/ec/ecx_backend.h +++ /dev/null @@ -1,20 +0,0 @@ -/* - * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#define ISX448(id) ((id) == EVP_PKEY_X448) -#define IS25519(id) ((id) == EVP_PKEY_X25519 || (id) == EVP_PKEY_ED25519) -#define KEYLENID(id) (IS25519(id) ? X25519_KEYLEN \ - : ((id) == EVP_PKEY_X448 ? X448_KEYLEN \ - : ED448_KEYLEN)) -#define KEYNID2TYPE(id) \ - (IS25519(id) ? ((id) == EVP_PKEY_X25519 ? ECX_KEY_TYPE_X25519 \ - : ECX_KEY_TYPE_ED25519) \ - : ((id) == EVP_PKEY_X448 ? ECX_KEY_TYPE_X448 \ - : ECX_KEY_TYPE_ED448)) -#define KEYLEN(p) KEYLENID((p)->ameth->pkey_id) diff --git a/crypto/ec/ecx_key.c b/crypto/ec/ecx_key.c deleted file mode 100644 index dcec26c2e9b38f4df2438dfc11b073fad147539b..0000000000000000000000000000000000000000 --- a/crypto/ec/ecx_key.c +++ /dev/null @@ -1,98 +0,0 @@ -/* - * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include "crypto/ecx.h" - -ECX_KEY *ossl_ecx_key_new(OSSL_LIB_CTX *libctx, ECX_KEY_TYPE type, int haspubkey, - const char *propq) -{ - ECX_KEY *ret = OPENSSL_zalloc(sizeof(*ret)); - - if (ret == NULL) - return NULL; - - ret->libctx = libctx; - ret->haspubkey = haspubkey; - switch (type) { - case ECX_KEY_TYPE_X25519: - ret->keylen = X25519_KEYLEN; - break; - case ECX_KEY_TYPE_X448: - ret->keylen = X448_KEYLEN; - break; - case ECX_KEY_TYPE_ED25519: - ret->keylen = ED25519_KEYLEN; - break; - case ECX_KEY_TYPE_ED448: - ret->keylen = ED448_KEYLEN; - break; - } - ret->type = type; - ret->references = 1; - - if (propq != NULL) { - ret->propq = OPENSSL_strdup(propq); - if (ret->propq == NULL) - goto err; - } - - ret->lock = CRYPTO_THREAD_lock_new(); - if (ret->lock == NULL) - goto err; - return ret; -err: - ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); - OPENSSL_free(ret); - return NULL; -} - -void ossl_ecx_key_free(ECX_KEY *key) -{ - int i; - - if (key == NULL) - return; - - CRYPTO_DOWN_REF(&key->references, &i, key->lock); - REF_PRINT_COUNT("ECX_KEY", key); - if (i > 0) - return; - REF_ASSERT_ISNT(i < 0); - - OPENSSL_free(key->propq); - OPENSSL_secure_clear_free(key->privkey, key->keylen); - CRYPTO_THREAD_lock_free(key->lock); - OPENSSL_free(key); -} - -void ossl_ecx_key_set0_libctx(ECX_KEY *key, OSSL_LIB_CTX *libctx) -{ - key->libctx = libctx; -} - -int ossl_ecx_key_up_ref(ECX_KEY *key) -{ - int i; - - if (CRYPTO_UP_REF(&key->references, &i, key->lock) <= 0) - return 0; - - REF_PRINT_COUNT("ECX_KEY", key); - REF_ASSERT_ISNT(i < 2); - return ((i > 1) ? 1 : 0); -} - -unsigned char *ossl_ecx_key_allocate_privkey(ECX_KEY *key) -{ - key->privkey = OPENSSL_secure_zalloc(key->keylen); - - return key->privkey; -} diff --git a/crypto/ec/ecx_meth.c b/crypto/ec/ecx_meth.c deleted file mode 100644 index 4e32210bf43613bf5e789f751e141f538e92f202..0000000000000000000000000000000000000000 --- a/crypto/ec/ecx_meth.c +++ /dev/null @@ -1,1424 +0,0 @@ -/* - * Copyright 2006-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * ECDSA low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include -#include -#include -#include -#include -#include -#include "internal/cryptlib.h" -#include "internal/provider.h" -#include "crypto/asn1.h" -#include "crypto/evp.h" -#include "crypto/ecx.h" -#include "ec_local.h" -#include "curve448/curve448_local.h" -#include "ecx_backend.h" - -static int ecx_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) -{ - const ECX_KEY *ecxkey = pkey->pkey.ecx; - unsigned char *penc; - - if (ecxkey == NULL) { - ERR_raise(ERR_LIB_EC, EC_R_INVALID_KEY); - return 0; - } - - penc = OPENSSL_memdup(ecxkey->pubkey, KEYLEN(pkey)); - if (penc == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); - return 0; - } - - if (!X509_PUBKEY_set0_param(pk, OBJ_nid2obj(pkey->ameth->pkey_id), - V_ASN1_UNDEF, NULL, penc, KEYLEN(pkey))) { - OPENSSL_free(penc); - ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); - return 0; - } - return 1; -} - -static int ecx_pub_decode(EVP_PKEY *pkey, const X509_PUBKEY *pubkey) -{ - const unsigned char *p; - int pklen; - X509_ALGOR *palg; - ECX_KEY *ecx; - int ret = 0; - - if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, &palg, pubkey)) - return 0; - ecx = ossl_ecx_key_op(palg, p, pklen, pkey->ameth->pkey_id, - KEY_OP_PUBLIC, NULL, NULL); - if (ecx != NULL) { - ret = 1; - EVP_PKEY_assign(pkey, pkey->ameth->pkey_id, ecx); - } - return ret; -} - -static int ecx_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b) -{ - const ECX_KEY *akey = a->pkey.ecx; - const ECX_KEY *bkey = b->pkey.ecx; - - if (akey == NULL || bkey == NULL) - return -2; - - return CRYPTO_memcmp(akey->pubkey, bkey->pubkey, KEYLEN(a)) == 0; -} - -static int ecx_priv_decode_ex(EVP_PKEY *pkey, const PKCS8_PRIV_KEY_INFO *p8, - OSSL_LIB_CTX *libctx, const char *propq) -{ - int ret = 0; - ECX_KEY *ecx = ossl_ecx_key_from_pkcs8(p8, libctx, propq); - - if (ecx != NULL) { - ret = 1; - EVP_PKEY_assign(pkey, pkey->ameth->pkey_id, ecx); - } - - return ret; -} - -static int ecx_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) -{ - const ECX_KEY *ecxkey = pkey->pkey.ecx; - ASN1_OCTET_STRING oct; - unsigned char *penc = NULL; - int penclen; - - if (ecxkey == NULL || ecxkey->privkey == NULL) { - ERR_raise(ERR_LIB_EC, EC_R_INVALID_PRIVATE_KEY); - return 0; - } - - oct.data = ecxkey->privkey; - oct.length = KEYLEN(pkey); - oct.flags = 0; - - penclen = i2d_ASN1_OCTET_STRING(&oct, &penc); - if (penclen < 0) { - ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); - return 0; - } - - if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(pkey->ameth->pkey_id), 0, - V_ASN1_UNDEF, NULL, penc, penclen)) { - OPENSSL_clear_free(penc, penclen); - ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); - return 0; - } - - return 1; -} - -static int ecx_size(const EVP_PKEY *pkey) -{ - return KEYLEN(pkey); -} - -static int ecx_bits(const EVP_PKEY *pkey) -{ - if (IS25519(pkey->ameth->pkey_id)) { - return X25519_BITS; - } else if(ISX448(pkey->ameth->pkey_id)) { - return X448_BITS; - } else { - return ED448_BITS; - } -} - -static int ecx_security_bits(const EVP_PKEY *pkey) -{ - if (IS25519(pkey->ameth->pkey_id)) { - return X25519_SECURITY_BITS; - } else { - return X448_SECURITY_BITS; - } -} - -static void ecx_free(EVP_PKEY *pkey) -{ - ossl_ecx_key_free(pkey->pkey.ecx); -} - -/* "parameters" are always equal */ -static int ecx_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b) -{ - return 1; -} - -static int ecx_key_print(BIO *bp, const EVP_PKEY *pkey, int indent, - ASN1_PCTX *ctx, ecx_key_op_t op) -{ - const ECX_KEY *ecxkey = pkey->pkey.ecx; - const char *nm = OBJ_nid2ln(pkey->ameth->pkey_id); - - if (op == KEY_OP_PRIVATE) { - if (ecxkey == NULL || ecxkey->privkey == NULL) { - if (BIO_printf(bp, "%*s\n", indent, "") <= 0) - return 0; - return 1; - } - if (BIO_printf(bp, "%*s%s Private-Key:\n", indent, "", nm) <= 0) - return 0; - if (BIO_printf(bp, "%*spriv:\n", indent, "") <= 0) - return 0; - if (ASN1_buf_print(bp, ecxkey->privkey, KEYLEN(pkey), - indent + 4) == 0) - return 0; - } else { - if (ecxkey == NULL) { - if (BIO_printf(bp, "%*s\n", indent, "") <= 0) - return 0; - return 1; - } - if (BIO_printf(bp, "%*s%s Public-Key:\n", indent, "", nm) <= 0) - return 0; - } - if (BIO_printf(bp, "%*spub:\n", indent, "") <= 0) - return 0; - - if (ASN1_buf_print(bp, ecxkey->pubkey, KEYLEN(pkey), - indent + 4) == 0) - return 0; - return 1; -} - -static int ecx_priv_print(BIO *bp, const EVP_PKEY *pkey, int indent, - ASN1_PCTX *ctx) -{ - return ecx_key_print(bp, pkey, indent, ctx, KEY_OP_PRIVATE); -} - -static int ecx_pub_print(BIO *bp, const EVP_PKEY *pkey, int indent, - ASN1_PCTX *ctx) -{ - return ecx_key_print(bp, pkey, indent, ctx, KEY_OP_PUBLIC); -} - -static int ecx_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2) -{ - switch (op) { - - case ASN1_PKEY_CTRL_SET1_TLS_ENCPT: { - ECX_KEY *ecx = ossl_ecx_key_op(NULL, arg2, arg1, pkey->ameth->pkey_id, - KEY_OP_PUBLIC, NULL, NULL); - - if (ecx != NULL) { - EVP_PKEY_assign(pkey, pkey->ameth->pkey_id, ecx); - return 1; - } - return 0; - } - case ASN1_PKEY_CTRL_GET1_TLS_ENCPT: - if (pkey->pkey.ecx != NULL) { - unsigned char **ppt = arg2; - - *ppt = OPENSSL_memdup(pkey->pkey.ecx->pubkey, KEYLEN(pkey)); - if (*ppt != NULL) - return KEYLEN(pkey); - } - return 0; - - default: - return -2; - - } -} - -static int ecd_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2) -{ - switch (op) { - case ASN1_PKEY_CTRL_DEFAULT_MD_NID: - /* We currently only support Pure EdDSA which takes no digest */ - *(int *)arg2 = NID_undef; - return 2; - - default: - return -2; - - } -} - -static int ecx_set_priv_key(EVP_PKEY *pkey, const unsigned char *priv, - size_t len) -{ - OSSL_LIB_CTX *libctx = NULL; - ECX_KEY *ecx = NULL; - - if (pkey->keymgmt != NULL) - libctx = ossl_provider_libctx(EVP_KEYMGMT_get0_provider(pkey->keymgmt)); - - ecx = ossl_ecx_key_op(NULL, priv, len, pkey->ameth->pkey_id, - KEY_OP_PRIVATE, libctx, NULL); - - if (ecx != NULL) { - EVP_PKEY_assign(pkey, pkey->ameth->pkey_id, ecx); - return 1; - } - return 0; -} - -static int ecx_set_pub_key(EVP_PKEY *pkey, const unsigned char *pub, size_t len) -{ - OSSL_LIB_CTX *libctx = NULL; - ECX_KEY *ecx = NULL; - - if (pkey->keymgmt != NULL) - libctx = ossl_provider_libctx(EVP_KEYMGMT_get0_provider(pkey->keymgmt)); - - ecx = ossl_ecx_key_op(NULL, pub, len, pkey->ameth->pkey_id, - KEY_OP_PUBLIC, libctx, NULL); - - if (ecx != NULL) { - EVP_PKEY_assign(pkey, pkey->ameth->pkey_id, ecx); - return 1; - } - return 0; -} - -static int ecx_get_priv_key(const EVP_PKEY *pkey, unsigned char *priv, - size_t *len) -{ - const ECX_KEY *key = pkey->pkey.ecx; - - if (priv == NULL) { - *len = KEYLENID(pkey->ameth->pkey_id); - return 1; - } - - if (key == NULL - || key->privkey == NULL - || *len < (size_t)KEYLENID(pkey->ameth->pkey_id)) - return 0; - - *len = KEYLENID(pkey->ameth->pkey_id); - memcpy(priv, key->privkey, *len); - - return 1; -} - -static int ecx_get_pub_key(const EVP_PKEY *pkey, unsigned char *pub, - size_t *len) -{ - const ECX_KEY *key = pkey->pkey.ecx; - - if (pub == NULL) { - *len = KEYLENID(pkey->ameth->pkey_id); - return 1; - } - - if (key == NULL - || *len < (size_t)KEYLENID(pkey->ameth->pkey_id)) - return 0; - - *len = KEYLENID(pkey->ameth->pkey_id); - memcpy(pub, key->pubkey, *len); - - return 1; -} - -static size_t ecx_pkey_dirty_cnt(const EVP_PKEY *pkey) -{ - /* - * We provide no mechanism to "update" an ECX key once it has been set, - * therefore we do not have to maintain a dirty count. - */ - return 1; -} - -static int ecx_pkey_export_to(const EVP_PKEY *from, void *to_keydata, - OSSL_FUNC_keymgmt_import_fn *importer, - OSSL_LIB_CTX *libctx, const char *propq) -{ - const ECX_KEY *key = from->pkey.ecx; - OSSL_PARAM_BLD *tmpl = OSSL_PARAM_BLD_new(); - OSSL_PARAM *params = NULL; - int selection = 0; - int rv = 0; - - if (tmpl == NULL) - return 0; - - /* A key must at least have a public part */ - if (!OSSL_PARAM_BLD_push_octet_string(tmpl, OSSL_PKEY_PARAM_PUB_KEY, - key->pubkey, key->keylen)) - goto err; - selection |= OSSL_KEYMGMT_SELECT_PUBLIC_KEY; - - if (key->privkey != NULL) { - if (!OSSL_PARAM_BLD_push_octet_string(tmpl, - OSSL_PKEY_PARAM_PRIV_KEY, - key->privkey, key->keylen)) - goto err; - selection |= OSSL_KEYMGMT_SELECT_PRIVATE_KEY; - } - - params = OSSL_PARAM_BLD_to_param(tmpl); - - /* We export, the provider imports */ - rv = importer(to_keydata, selection, params); - - err: - OSSL_PARAM_BLD_free(tmpl); - OSSL_PARAM_free(params); - return rv; -} - -static int ecx_generic_import_from(const OSSL_PARAM params[], void *vpctx, - int keytype) -{ - EVP_PKEY_CTX *pctx = vpctx; - EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(pctx); - ECX_KEY *ecx = ossl_ecx_key_new(pctx->libctx, KEYNID2TYPE(keytype), 0, - pctx->propquery); - - if (ecx == NULL) { - ERR_raise(ERR_LIB_DH, ERR_R_MALLOC_FAILURE); - return 0; - } - - if (!ossl_ecx_key_fromdata(ecx, params, 1) - || !EVP_PKEY_assign(pkey, keytype, ecx)) { - ossl_ecx_key_free(ecx); - return 0; - } - return 1; -} - -static int ecx_pkey_copy(EVP_PKEY *to, EVP_PKEY *from) -{ - ECX_KEY *ecx = from->pkey.ecx, *dupkey = NULL; - int ret; - - if (ecx != NULL) { - dupkey = ossl_ecx_key_dup(ecx, OSSL_KEYMGMT_SELECT_ALL); - if (dupkey == NULL) - return 0; - } - - ret = EVP_PKEY_assign(to, from->type, dupkey); - if (!ret) - ossl_ecx_key_free(dupkey); - return ret; -} - -static int x25519_import_from(const OSSL_PARAM params[], void *vpctx) -{ - return ecx_generic_import_from(params, vpctx, EVP_PKEY_X25519); -} - -const EVP_PKEY_ASN1_METHOD ossl_ecx25519_asn1_meth = { - EVP_PKEY_X25519, - EVP_PKEY_X25519, - 0, - "X25519", - "OpenSSL X25519 algorithm", - - ecx_pub_decode, - ecx_pub_encode, - ecx_pub_cmp, - ecx_pub_print, - - NULL, - ecx_priv_encode, - ecx_priv_print, - - ecx_size, - ecx_bits, - ecx_security_bits, - - 0, 0, 0, 0, - ecx_cmp_parameters, - 0, 0, - - ecx_free, - ecx_ctrl, - NULL, - NULL, - - NULL, - NULL, - NULL, - - NULL, - NULL, - NULL, - - ecx_set_priv_key, - ecx_set_pub_key, - ecx_get_priv_key, - ecx_get_pub_key, - ecx_pkey_dirty_cnt, - ecx_pkey_export_to, - x25519_import_from, - ecx_pkey_copy, - - ecx_priv_decode_ex -}; - -static int x448_import_from(const OSSL_PARAM params[], void *vpctx) -{ - return ecx_generic_import_from(params, vpctx, EVP_PKEY_X448); -} - -const EVP_PKEY_ASN1_METHOD ossl_ecx448_asn1_meth = { - EVP_PKEY_X448, - EVP_PKEY_X448, - 0, - "X448", - "OpenSSL X448 algorithm", - - ecx_pub_decode, - ecx_pub_encode, - ecx_pub_cmp, - ecx_pub_print, - - NULL, - ecx_priv_encode, - ecx_priv_print, - - ecx_size, - ecx_bits, - ecx_security_bits, - - 0, 0, 0, 0, - ecx_cmp_parameters, - 0, 0, - - ecx_free, - ecx_ctrl, - NULL, - NULL, - - NULL, - NULL, - NULL, - - NULL, - NULL, - NULL, - - ecx_set_priv_key, - ecx_set_pub_key, - ecx_get_priv_key, - ecx_get_pub_key, - ecx_pkey_dirty_cnt, - ecx_pkey_export_to, - x448_import_from, - ecx_pkey_copy, - - ecx_priv_decode_ex -}; - -static int ecd_size25519(const EVP_PKEY *pkey) -{ - return ED25519_SIGSIZE; -} - -static int ecd_size448(const EVP_PKEY *pkey) -{ - return ED448_SIGSIZE; -} - -static int ecd_item_verify(EVP_MD_CTX *ctx, const ASN1_ITEM *it, - const void *asn, const X509_ALGOR *sigalg, - const ASN1_BIT_STRING *str, EVP_PKEY *pkey) -{ - const ASN1_OBJECT *obj; - int ptype; - int nid; - - /* Sanity check: make sure it is ED25519/ED448 with absent parameters */ - X509_ALGOR_get0(&obj, &ptype, NULL, sigalg); - nid = OBJ_obj2nid(obj); - if ((nid != NID_ED25519 && nid != NID_ED448) || ptype != V_ASN1_UNDEF) { - ERR_raise(ERR_LIB_EC, EC_R_INVALID_ENCODING); - return 0; - } - - if (!EVP_DigestVerifyInit(ctx, NULL, NULL, NULL, pkey)) - return 0; - - return 2; -} - -static int ecd_item_sign25519(EVP_MD_CTX *ctx, const ASN1_ITEM *it, - const void *asn, - X509_ALGOR *alg1, X509_ALGOR *alg2, - ASN1_BIT_STRING *str) -{ - /* Set algorithms identifiers */ - X509_ALGOR_set0(alg1, OBJ_nid2obj(NID_ED25519), V_ASN1_UNDEF, NULL); - if (alg2) - X509_ALGOR_set0(alg2, OBJ_nid2obj(NID_ED25519), V_ASN1_UNDEF, NULL); - /* Algorithm identifiers set: carry on as normal */ - return 3; -} - -static int ecd_sig_info_set25519(X509_SIG_INFO *siginf, const X509_ALGOR *alg, - const ASN1_STRING *sig) -{ - X509_SIG_INFO_set(siginf, NID_undef, NID_ED25519, X25519_SECURITY_BITS, - X509_SIG_INFO_TLS); - return 1; -} - -static int ecd_item_sign448(EVP_MD_CTX *ctx, const ASN1_ITEM *it, - const void *asn, - X509_ALGOR *alg1, X509_ALGOR *alg2, - ASN1_BIT_STRING *str) -{ - /* Set algorithm identifier */ - X509_ALGOR_set0(alg1, OBJ_nid2obj(NID_ED448), V_ASN1_UNDEF, NULL); - if (alg2 != NULL) - X509_ALGOR_set0(alg2, OBJ_nid2obj(NID_ED448), V_ASN1_UNDEF, NULL); - /* Algorithm identifier set: carry on as normal */ - return 3; -} - -static int ecd_sig_info_set448(X509_SIG_INFO *siginf, const X509_ALGOR *alg, - const ASN1_STRING *sig) -{ - X509_SIG_INFO_set(siginf, NID_undef, NID_ED448, X448_SECURITY_BITS, - X509_SIG_INFO_TLS); - return 1; -} - -static int ed25519_import_from(const OSSL_PARAM params[], void *vpctx) -{ - return ecx_generic_import_from(params, vpctx, EVP_PKEY_ED25519); -} - -const EVP_PKEY_ASN1_METHOD ossl_ed25519_asn1_meth = { - EVP_PKEY_ED25519, - EVP_PKEY_ED25519, - 0, - "ED25519", - "OpenSSL ED25519 algorithm", - - ecx_pub_decode, - ecx_pub_encode, - ecx_pub_cmp, - ecx_pub_print, - - NULL, - ecx_priv_encode, - ecx_priv_print, - - ecd_size25519, - ecx_bits, - ecx_security_bits, - - 0, 0, 0, 0, - ecx_cmp_parameters, - 0, 0, - - ecx_free, - ecd_ctrl, - NULL, - NULL, - ecd_item_verify, - ecd_item_sign25519, - ecd_sig_info_set25519, - - NULL, - NULL, - NULL, - - ecx_set_priv_key, - ecx_set_pub_key, - ecx_get_priv_key, - ecx_get_pub_key, - ecx_pkey_dirty_cnt, - ecx_pkey_export_to, - ed25519_import_from, - ecx_pkey_copy, - - ecx_priv_decode_ex -}; - -static int ed448_import_from(const OSSL_PARAM params[], void *vpctx) -{ - return ecx_generic_import_from(params, vpctx, EVP_PKEY_ED448); -} - -const EVP_PKEY_ASN1_METHOD ossl_ed448_asn1_meth = { - EVP_PKEY_ED448, - EVP_PKEY_ED448, - 0, - "ED448", - "OpenSSL ED448 algorithm", - - ecx_pub_decode, - ecx_pub_encode, - ecx_pub_cmp, - ecx_pub_print, - - NULL, - ecx_priv_encode, - ecx_priv_print, - - ecd_size448, - ecx_bits, - ecx_security_bits, - - 0, 0, 0, 0, - ecx_cmp_parameters, - 0, 0, - - ecx_free, - ecd_ctrl, - NULL, - NULL, - ecd_item_verify, - ecd_item_sign448, - ecd_sig_info_set448, - - NULL, - NULL, - NULL, - - ecx_set_priv_key, - ecx_set_pub_key, - ecx_get_priv_key, - ecx_get_pub_key, - ecx_pkey_dirty_cnt, - ecx_pkey_export_to, - ed448_import_from, - ecx_pkey_copy, - - ecx_priv_decode_ex -}; - -static int pkey_ecx_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) -{ - ECX_KEY *ecx = ossl_ecx_key_op(NULL, NULL, 0, ctx->pmeth->pkey_id, - KEY_OP_PUBLIC, NULL, NULL); - - if (ecx != NULL) { - EVP_PKEY_assign(pkey, ctx->pmeth->pkey_id, ecx); - return 1; - } - return 0; -} - -static int validate_ecx_derive(EVP_PKEY_CTX *ctx, unsigned char *key, - size_t *keylen, - const unsigned char **privkey, - const unsigned char **pubkey) -{ - const ECX_KEY *ecxkey, *peerkey; - - if (ctx->pkey == NULL || ctx->peerkey == NULL) { - ERR_raise(ERR_LIB_EC, EC_R_KEYS_NOT_SET); - return 0; - } - ecxkey = evp_pkey_get_legacy(ctx->pkey); - peerkey = evp_pkey_get_legacy(ctx->peerkey); - if (ecxkey == NULL || ecxkey->privkey == NULL) { - ERR_raise(ERR_LIB_EC, EC_R_INVALID_PRIVATE_KEY); - return 0; - } - if (peerkey == NULL) { - ERR_raise(ERR_LIB_EC, EC_R_INVALID_PEER_KEY); - return 0; - } - *privkey = ecxkey->privkey; - *pubkey = peerkey->pubkey; - - return 1; -} - -static int pkey_ecx_derive25519(EVP_PKEY_CTX *ctx, unsigned char *key, - size_t *keylen) -{ - const unsigned char *privkey, *pubkey; - - if (!validate_ecx_derive(ctx, key, keylen, &privkey, &pubkey) - || (key != NULL - && ossl_x25519(key, privkey, pubkey) == 0)) - return 0; - *keylen = X25519_KEYLEN; - return 1; -} - -static int pkey_ecx_derive448(EVP_PKEY_CTX *ctx, unsigned char *key, - size_t *keylen) -{ - const unsigned char *privkey, *pubkey; - - if (!validate_ecx_derive(ctx, key, keylen, &privkey, &pubkey) - || (key != NULL - && ossl_x448(key, privkey, pubkey) == 0)) - return 0; - *keylen = X448_KEYLEN; - return 1; -} - -static int pkey_ecx_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) -{ - /* Only need to handle peer key for derivation */ - if (type == EVP_PKEY_CTRL_PEER_KEY) - return 1; - return -2; -} - -static const EVP_PKEY_METHOD ecx25519_pkey_meth = { - EVP_PKEY_X25519, - 0, 0, 0, 0, 0, 0, 0, - pkey_ecx_keygen, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - pkey_ecx_derive25519, - pkey_ecx_ctrl, - 0 -}; - -static const EVP_PKEY_METHOD ecx448_pkey_meth = { - EVP_PKEY_X448, - 0, 0, 0, 0, 0, 0, 0, - pkey_ecx_keygen, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - pkey_ecx_derive448, - pkey_ecx_ctrl, - 0 -}; - -static int pkey_ecd_digestsign25519(EVP_MD_CTX *ctx, unsigned char *sig, - size_t *siglen, const unsigned char *tbs, - size_t tbslen) -{ - const ECX_KEY *edkey = evp_pkey_get_legacy(EVP_MD_CTX_get_pkey_ctx(ctx)->pkey); - - if (edkey == NULL) { - ERR_raise(ERR_LIB_EC, EC_R_INVALID_KEY); - return 0; - } - - if (sig == NULL) { - *siglen = ED25519_SIGSIZE; - return 1; - } - if (*siglen < ED25519_SIGSIZE) { - ERR_raise(ERR_LIB_EC, EC_R_BUFFER_TOO_SMALL); - return 0; - } - - if (ossl_ed25519_sign(sig, tbs, tbslen, edkey->pubkey, edkey->privkey, NULL, - NULL) == 0) - return 0; - *siglen = ED25519_SIGSIZE; - return 1; -} - -static int pkey_ecd_digestsign448(EVP_MD_CTX *ctx, unsigned char *sig, - size_t *siglen, const unsigned char *tbs, - size_t tbslen) -{ - const ECX_KEY *edkey = evp_pkey_get_legacy(EVP_MD_CTX_get_pkey_ctx(ctx)->pkey); - - if (edkey == NULL) { - ERR_raise(ERR_LIB_EC, EC_R_INVALID_KEY); - return 0; - } - - if (sig == NULL) { - *siglen = ED448_SIGSIZE; - return 1; - } - if (*siglen < ED448_SIGSIZE) { - ERR_raise(ERR_LIB_EC, EC_R_BUFFER_TOO_SMALL); - return 0; - } - - if (ossl_ed448_sign(edkey->libctx, sig, tbs, tbslen, edkey->pubkey, - edkey->privkey, NULL, 0, edkey->propq) == 0) - return 0; - *siglen = ED448_SIGSIZE; - return 1; -} - -static int pkey_ecd_digestverify25519(EVP_MD_CTX *ctx, const unsigned char *sig, - size_t siglen, const unsigned char *tbs, - size_t tbslen) -{ - const ECX_KEY *edkey = evp_pkey_get_legacy(EVP_MD_CTX_get_pkey_ctx(ctx)->pkey); - - if (edkey == NULL) { - ERR_raise(ERR_LIB_EC, EC_R_INVALID_KEY); - return 0; - } - - if (siglen != ED25519_SIGSIZE) - return 0; - - return ossl_ed25519_verify(tbs, tbslen, sig, edkey->pubkey, - edkey->libctx, edkey->propq); -} - -static int pkey_ecd_digestverify448(EVP_MD_CTX *ctx, const unsigned char *sig, - size_t siglen, const unsigned char *tbs, - size_t tbslen) -{ - const ECX_KEY *edkey = evp_pkey_get_legacy(EVP_MD_CTX_get_pkey_ctx(ctx)->pkey); - - if (edkey == NULL) { - ERR_raise(ERR_LIB_EC, EC_R_INVALID_KEY); - return 0; - } - - if (siglen != ED448_SIGSIZE) - return 0; - - return ossl_ed448_verify(edkey->libctx, tbs, tbslen, sig, edkey->pubkey, - NULL, 0, edkey->propq); -} - -static int pkey_ecd_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) -{ - switch (type) { - case EVP_PKEY_CTRL_MD: - /* Only NULL allowed as digest */ - if (p2 == NULL || (const EVP_MD *)p2 == EVP_md_null()) - return 1; - ERR_raise(ERR_LIB_EC, EC_R_INVALID_DIGEST_TYPE); - return 0; - - case EVP_PKEY_CTRL_DIGESTINIT: - return 1; - } - return -2; -} - -static const EVP_PKEY_METHOD ed25519_pkey_meth = { - EVP_PKEY_ED25519, EVP_PKEY_FLAG_SIGCTX_CUSTOM, - 0, 0, 0, 0, 0, 0, - pkey_ecx_keygen, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - pkey_ecd_ctrl, - 0, - pkey_ecd_digestsign25519, - pkey_ecd_digestverify25519 -}; - -static const EVP_PKEY_METHOD ed448_pkey_meth = { - EVP_PKEY_ED448, EVP_PKEY_FLAG_SIGCTX_CUSTOM, - 0, 0, 0, 0, 0, 0, - pkey_ecx_keygen, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - pkey_ecd_ctrl, - 0, - pkey_ecd_digestsign448, - pkey_ecd_digestverify448 -}; - -#ifdef S390X_EC_ASM -# include "s390x_arch.h" - -static int s390x_pkey_ecx_keygen25519(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) -{ - static const unsigned char generator[] = { - 0x09, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 - }; - ECX_KEY *key = ossl_ecx_key_new(ctx->libctx, ECX_KEY_TYPE_X25519, 1, - ctx->propquery); - unsigned char *privkey = NULL, *pubkey; - - if (key == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); - goto err; - } - - pubkey = key->pubkey; - - privkey = ossl_ecx_key_allocate_privkey(key); - if (privkey == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); - goto err; - } - - if (RAND_priv_bytes_ex(ctx->libctx, privkey, X25519_KEYLEN, 0) <= 0) - goto err; - - privkey[0] &= 248; - privkey[31] &= 127; - privkey[31] |= 64; - - if (s390x_x25519_mul(pubkey, generator, privkey) != 1) - goto err; - - EVP_PKEY_assign(pkey, ctx->pmeth->pkey_id, key); - return 1; - err: - ossl_ecx_key_free(key); - return 0; -} - -static int s390x_pkey_ecx_keygen448(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) -{ - static const unsigned char generator[] = { - 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 - }; - ECX_KEY *key = ossl_ecx_key_new(ctx->libctx, ECX_KEY_TYPE_X448, 1, - ctx->propquery); - unsigned char *privkey = NULL, *pubkey; - - if (key == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); - goto err; - } - - pubkey = key->pubkey; - - privkey = ossl_ecx_key_allocate_privkey(key); - if (privkey == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); - goto err; - } - - if (RAND_priv_bytes_ex(ctx->libctx, privkey, X448_KEYLEN, 0) <= 0) - goto err; - - privkey[0] &= 252; - privkey[55] |= 128; - - if (s390x_x448_mul(pubkey, generator, privkey) != 1) - goto err; - - EVP_PKEY_assign(pkey, ctx->pmeth->pkey_id, key); - return 1; - err: - ossl_ecx_key_free(key); - return 0; -} - -static int s390x_pkey_ecd_keygen25519(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) -{ - static const unsigned char generator_x[] = { - 0x1a, 0xd5, 0x25, 0x8f, 0x60, 0x2d, 0x56, 0xc9, 0xb2, 0xa7, 0x25, 0x95, - 0x60, 0xc7, 0x2c, 0x69, 0x5c, 0xdc, 0xd6, 0xfd, 0x31, 0xe2, 0xa4, 0xc0, - 0xfe, 0x53, 0x6e, 0xcd, 0xd3, 0x36, 0x69, 0x21 - }; - static const unsigned char generator_y[] = { - 0x58, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, - 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, - 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, - }; - unsigned char x_dst[32], buff[SHA512_DIGEST_LENGTH]; - ECX_KEY *key = ossl_ecx_key_new(ctx->libctx, ECX_KEY_TYPE_ED25519, 1, - ctx->propquery); - unsigned char *privkey = NULL, *pubkey; - unsigned int sz; - EVP_MD *md = NULL; - int rv; - - if (key == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); - goto err; - } - - pubkey = key->pubkey; - - privkey = ossl_ecx_key_allocate_privkey(key); - if (privkey == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); - goto err; - } - - if (RAND_priv_bytes_ex(ctx->libctx, privkey, ED25519_KEYLEN, 0) <= 0) - goto err; - - md = EVP_MD_fetch(ctx->libctx, "SHA512", ctx->propquery); - if (md == NULL) - goto err; - - rv = EVP_Digest(privkey, 32, buff, &sz, md, NULL); - EVP_MD_free(md); - if (!rv) - goto err; - - buff[0] &= 248; - buff[31] &= 63; - buff[31] |= 64; - - if (s390x_ed25519_mul(x_dst, pubkey, - generator_x, generator_y, buff) != 1) - goto err; - - pubkey[31] |= ((x_dst[0] & 0x01) << 7); - - EVP_PKEY_assign(pkey, ctx->pmeth->pkey_id, key); - return 1; - err: - ossl_ecx_key_free(key); - return 0; -} - -static int s390x_pkey_ecd_keygen448(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) -{ - static const unsigned char generator_x[] = { - 0x5e, 0xc0, 0x0c, 0xc7, 0x2b, 0xa8, 0x26, 0x26, 0x8e, 0x93, 0x00, 0x8b, - 0xe1, 0x80, 0x3b, 0x43, 0x11, 0x65, 0xb6, 0x2a, 0xf7, 0x1a, 0xae, 0x12, - 0x64, 0xa4, 0xd3, 0xa3, 0x24, 0xe3, 0x6d, 0xea, 0x67, 0x17, 0x0f, 0x47, - 0x70, 0x65, 0x14, 0x9e, 0xda, 0x36, 0xbf, 0x22, 0xa6, 0x15, 0x1d, 0x22, - 0xed, 0x0d, 0xed, 0x6b, 0xc6, 0x70, 0x19, 0x4f, 0x00 - }; - static const unsigned char generator_y[] = { - 0x14, 0xfa, 0x30, 0xf2, 0x5b, 0x79, 0x08, 0x98, 0xad, 0xc8, 0xd7, 0x4e, - 0x2c, 0x13, 0xbd, 0xfd, 0xc4, 0x39, 0x7c, 0xe6, 0x1c, 0xff, 0xd3, 0x3a, - 0xd7, 0xc2, 0xa0, 0x05, 0x1e, 0x9c, 0x78, 0x87, 0x40, 0x98, 0xa3, 0x6c, - 0x73, 0x73, 0xea, 0x4b, 0x62, 0xc7, 0xc9, 0x56, 0x37, 0x20, 0x76, 0x88, - 0x24, 0xbc, 0xb6, 0x6e, 0x71, 0x46, 0x3f, 0x69, 0x00 - }; - unsigned char x_dst[57], buff[114]; - ECX_KEY *key = ossl_ecx_key_new(ctx->libctx, ECX_KEY_TYPE_ED448, 1, - ctx->propquery); - unsigned char *privkey = NULL, *pubkey; - EVP_MD_CTX *hashctx = NULL; - EVP_MD *md = NULL; - int rv; - - if (key == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); - goto err; - } - - pubkey = key->pubkey; - - privkey = ossl_ecx_key_allocate_privkey(key); - if (privkey == NULL) { - ERR_raise(ERR_LIB_EC, ERR_R_MALLOC_FAILURE); - goto err; - } - - if (RAND_priv_bytes_ex(ctx->libctx, privkey, ED448_KEYLEN, 0) <= 0) - goto err; - - hashctx = EVP_MD_CTX_new(); - if (hashctx == NULL) - goto err; - - md = EVP_MD_fetch(ctx->libctx, "SHAKE256", ctx->propquery); - if (md == NULL) - goto err; - - rv = EVP_DigestInit_ex(hashctx, md, NULL); - EVP_MD_free(md); - if (rv != 1) - goto err; - - if (EVP_DigestUpdate(hashctx, privkey, 57) != 1) - goto err; - if (EVP_DigestFinalXOF(hashctx, buff, sizeof(buff)) != 1) - goto err; - - buff[0] &= -4; - buff[55] |= 0x80; - buff[56] = 0; - - if (s390x_ed448_mul(x_dst, pubkey, - generator_x, generator_y, buff) != 1) - goto err; - - pubkey[56] |= ((x_dst[0] & 0x01) << 7); - - EVP_PKEY_assign(pkey, ctx->pmeth->pkey_id, key); - EVP_MD_CTX_free(hashctx); - return 1; - err: - ossl_ecx_key_free(key); - EVP_MD_CTX_free(hashctx); - return 0; -} - -static int s390x_pkey_ecx_derive25519(EVP_PKEY_CTX *ctx, unsigned char *key, - size_t *keylen) -{ - const unsigned char *privkey, *pubkey; - - if (!validate_ecx_derive(ctx, key, keylen, &privkey, &pubkey) - || (key != NULL - && s390x_x25519_mul(key, privkey, pubkey) == 0)) - return 0; - *keylen = X25519_KEYLEN; - return 1; -} - -static int s390x_pkey_ecx_derive448(EVP_PKEY_CTX *ctx, unsigned char *key, - size_t *keylen) -{ - const unsigned char *privkey, *pubkey; - - if (!validate_ecx_derive(ctx, key, keylen, &privkey, &pubkey) - || (key != NULL - && s390x_x448_mul(key, pubkey, privkey) == 0)) - return 0; - *keylen = X448_KEYLEN; - return 1; -} - -static int s390x_pkey_ecd_digestsign25519(EVP_MD_CTX *ctx, - unsigned char *sig, size_t *siglen, - const unsigned char *tbs, - size_t tbslen) -{ - union { - struct { - unsigned char sig[64]; - unsigned char priv[32]; - } ed25519; - unsigned long long buff[512]; - } param; - const ECX_KEY *edkey = evp_pkey_get_legacy(EVP_MD_CTX_get_pkey_ctx(ctx)->pkey); - int rc; - - if (edkey == NULL) { - ERR_raise(ERR_LIB_EC, EC_R_INVALID_KEY); - return 0; - } - - if (sig == NULL) { - *siglen = ED25519_SIGSIZE; - return 1; - } - - if (*siglen < ED25519_SIGSIZE) { - ERR_raise(ERR_LIB_EC, EC_R_BUFFER_TOO_SMALL); - return 0; - } - - memset(¶m, 0, sizeof(param)); - memcpy(param.ed25519.priv, edkey->privkey, sizeof(param.ed25519.priv)); - - rc = s390x_kdsa(S390X_EDDSA_SIGN_ED25519, ¶m.ed25519, tbs, tbslen); - OPENSSL_cleanse(param.ed25519.priv, sizeof(param.ed25519.priv)); - if (rc != 0) - return 0; - - s390x_flip_endian32(sig, param.ed25519.sig); - s390x_flip_endian32(sig + 32, param.ed25519.sig + 32); - - *siglen = ED25519_SIGSIZE; - return 1; -} - -static int s390x_pkey_ecd_digestsign448(EVP_MD_CTX *ctx, - unsigned char *sig, size_t *siglen, - const unsigned char *tbs, - size_t tbslen) -{ - union { - struct { - unsigned char sig[128]; - unsigned char priv[64]; - } ed448; - unsigned long long buff[512]; - } param; - const ECX_KEY *edkey = evp_pkey_get_legacy(EVP_MD_CTX_get_pkey_ctx(ctx)->pkey); - int rc; - - if (edkey == NULL) { - ERR_raise(ERR_LIB_EC, EC_R_INVALID_KEY); - return 0; - } - - if (sig == NULL) { - *siglen = ED448_SIGSIZE; - return 1; - } - - if (*siglen < ED448_SIGSIZE) { - ERR_raise(ERR_LIB_EC, EC_R_BUFFER_TOO_SMALL); - return 0; - } - - memset(¶m, 0, sizeof(param)); - memcpy(param.ed448.priv + 64 - 57, edkey->privkey, 57); - - rc = s390x_kdsa(S390X_EDDSA_SIGN_ED448, ¶m.ed448, tbs, tbslen); - OPENSSL_cleanse(param.ed448.priv, sizeof(param.ed448.priv)); - if (rc != 0) - return 0; - - s390x_flip_endian64(param.ed448.sig, param.ed448.sig); - s390x_flip_endian64(param.ed448.sig + 64, param.ed448.sig + 64); - memcpy(sig, param.ed448.sig, 57); - memcpy(sig + 57, param.ed448.sig + 64, 57); - - *siglen = ED448_SIGSIZE; - return 1; -} - -static int s390x_pkey_ecd_digestverify25519(EVP_MD_CTX *ctx, - const unsigned char *sig, - size_t siglen, - const unsigned char *tbs, - size_t tbslen) -{ - union { - struct { - unsigned char sig[64]; - unsigned char pub[32]; - } ed25519; - unsigned long long buff[512]; - } param; - const ECX_KEY *edkey = evp_pkey_get_legacy(EVP_MD_CTX_get_pkey_ctx(ctx)->pkey); - - if (edkey == NULL) { - ERR_raise(ERR_LIB_EC, EC_R_INVALID_KEY); - return 0; - } - - if (siglen != ED25519_SIGSIZE) - return 0; - - memset(¶m, 0, sizeof(param)); - s390x_flip_endian32(param.ed25519.sig, sig); - s390x_flip_endian32(param.ed25519.sig + 32, sig + 32); - s390x_flip_endian32(param.ed25519.pub, edkey->pubkey); - - return s390x_kdsa(S390X_EDDSA_VERIFY_ED25519, - ¶m.ed25519, tbs, tbslen) == 0 ? 1 : 0; -} - -static int s390x_pkey_ecd_digestverify448(EVP_MD_CTX *ctx, - const unsigned char *sig, - size_t siglen, - const unsigned char *tbs, - size_t tbslen) -{ - union { - struct { - unsigned char sig[128]; - unsigned char pub[64]; - } ed448; - unsigned long long buff[512]; - } param; - const ECX_KEY *edkey = evp_pkey_get_legacy(EVP_MD_CTX_get_pkey_ctx(ctx)->pkey); - - if (edkey == NULL) { - ERR_raise(ERR_LIB_EC, EC_R_INVALID_KEY); - return 0; - } - - if (siglen != ED448_SIGSIZE) - return 0; - - memset(¶m, 0, sizeof(param)); - memcpy(param.ed448.sig, sig, 57); - s390x_flip_endian64(param.ed448.sig, param.ed448.sig); - memcpy(param.ed448.sig + 64, sig + 57, 57); - s390x_flip_endian64(param.ed448.sig + 64, param.ed448.sig + 64); - memcpy(param.ed448.pub, edkey->pubkey, 57); - s390x_flip_endian64(param.ed448.pub, param.ed448.pub); - - return s390x_kdsa(S390X_EDDSA_VERIFY_ED448, - ¶m.ed448, tbs, tbslen) == 0 ? 1 : 0; -} - -static const EVP_PKEY_METHOD ecx25519_s390x_pkey_meth = { - EVP_PKEY_X25519, - 0, 0, 0, 0, 0, 0, 0, - s390x_pkey_ecx_keygen25519, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - s390x_pkey_ecx_derive25519, - pkey_ecx_ctrl, - 0 -}; - -static const EVP_PKEY_METHOD ecx448_s390x_pkey_meth = { - EVP_PKEY_X448, - 0, 0, 0, 0, 0, 0, 0, - s390x_pkey_ecx_keygen448, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - s390x_pkey_ecx_derive448, - pkey_ecx_ctrl, - 0 -}; -static const EVP_PKEY_METHOD ed25519_s390x_pkey_meth = { - EVP_PKEY_ED25519, EVP_PKEY_FLAG_SIGCTX_CUSTOM, - 0, 0, 0, 0, 0, 0, - s390x_pkey_ecd_keygen25519, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - pkey_ecd_ctrl, - 0, - s390x_pkey_ecd_digestsign25519, - s390x_pkey_ecd_digestverify25519 -}; - -static const EVP_PKEY_METHOD ed448_s390x_pkey_meth = { - EVP_PKEY_ED448, EVP_PKEY_FLAG_SIGCTX_CUSTOM, - 0, 0, 0, 0, 0, 0, - s390x_pkey_ecd_keygen448, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - pkey_ecd_ctrl, - 0, - s390x_pkey_ecd_digestsign448, - s390x_pkey_ecd_digestverify448 -}; -#endif - -const EVP_PKEY_METHOD *ossl_ecx25519_pkey_method(void) -{ -#ifdef S390X_EC_ASM - if (OPENSSL_s390xcap_P.pcc[1] & S390X_CAPBIT(S390X_SCALAR_MULTIPLY_X25519)) - return &ecx25519_s390x_pkey_meth; -#endif - return &ecx25519_pkey_meth; -} - -const EVP_PKEY_METHOD *ossl_ecx448_pkey_method(void) -{ -#ifdef S390X_EC_ASM - if (OPENSSL_s390xcap_P.pcc[1] & S390X_CAPBIT(S390X_SCALAR_MULTIPLY_X448)) - return &ecx448_s390x_pkey_meth; -#endif - return &ecx448_pkey_meth; -} - -const EVP_PKEY_METHOD *ossl_ed25519_pkey_method(void) -{ -#ifdef S390X_EC_ASM - if (OPENSSL_s390xcap_P.pcc[1] & S390X_CAPBIT(S390X_SCALAR_MULTIPLY_ED25519) - && OPENSSL_s390xcap_P.kdsa[0] & S390X_CAPBIT(S390X_EDDSA_SIGN_ED25519) - && OPENSSL_s390xcap_P.kdsa[0] - & S390X_CAPBIT(S390X_EDDSA_VERIFY_ED25519)) - return &ed25519_s390x_pkey_meth; -#endif - return &ed25519_pkey_meth; -} - -const EVP_PKEY_METHOD *ossl_ed448_pkey_method(void) -{ -#ifdef S390X_EC_ASM - if (OPENSSL_s390xcap_P.pcc[1] & S390X_CAPBIT(S390X_SCALAR_MULTIPLY_ED448) - && OPENSSL_s390xcap_P.kdsa[0] & S390X_CAPBIT(S390X_EDDSA_SIGN_ED448) - && OPENSSL_s390xcap_P.kdsa[0] & S390X_CAPBIT(S390X_EDDSA_VERIFY_ED448)) - return &ed448_s390x_pkey_meth; -#endif - return &ed448_pkey_meth; -} diff --git a/crypto/ec/ecx_s390x.c b/crypto/ec/ecx_s390x.c deleted file mode 100644 index d424d6252dcffaa32de243958f29f67b863344e4..0000000000000000000000000000000000000000 --- a/crypto/ec/ecx_s390x.c +++ /dev/null @@ -1,217 +0,0 @@ -/* - * Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/cryptlib.h" -#include -#include -#include "crypto/ecx.h" -#include "ec_local.h" -#include "curve448/curve448_local.h" -#include "ecx_backend.h" -#include "s390x_arch.h" -#include "internal/constant_time.h" - -static void s390x_x25519_mod_p(unsigned char u[32]) -{ - unsigned char u_red[32]; - unsigned int c = 0; - int i; - - memcpy(u_red, u, sizeof(u_red)); - - c += (unsigned int)u_red[31] + 19; - u_red[31] = (unsigned char)c; - c >>= 8; - - for (i = 30; i >= 0; i--) { - c += (unsigned int)u_red[i]; - u_red[i] = (unsigned char)c; - c >>= 8; - } - - c = (u_red[0] & 0x80) >> 7; - u_red[0] &= 0x7f; - constant_time_cond_swap_buff(0 - (unsigned char)c, - u, u_red, sizeof(u_red)); -} - -static void s390x_x448_mod_p(unsigned char u[56]) -{ - unsigned char u_red[56]; - unsigned int c = 0; - int i; - - memcpy(u_red, u, sizeof(u_red)); - - c += (unsigned int)u_red[55] + 1; - u_red[55] = (unsigned char)c; - c >>= 8; - - for (i = 54; i >= 28; i--) { - c += (unsigned int)u_red[i]; - u_red[i] = (unsigned char)c; - c >>= 8; - } - - c += (unsigned int)u_red[27] + 1; - u_red[27] = (unsigned char)c; - c >>= 8; - - for (i = 26; i >= 0; i--) { - c += (unsigned int)u_red[i]; - u_red[i] = (unsigned char)c; - c >>= 8; - } - - constant_time_cond_swap_buff(0 - (unsigned char)c, - u, u_red, sizeof(u_red)); -} - -int s390x_x25519_mul(unsigned char u_dst[32], - const unsigned char u_src[32], - const unsigned char d_src[32]) -{ - union { - struct { - unsigned char u_dst[32]; - unsigned char u_src[32]; - unsigned char d_src[32]; - } x25519; - unsigned long long buff[512]; - } param; - int rc; - - memset(¶m, 0, sizeof(param)); - - s390x_flip_endian32(param.x25519.u_src, u_src); - param.x25519.u_src[0] &= 0x7f; - s390x_x25519_mod_p(param.x25519.u_src); - - s390x_flip_endian32(param.x25519.d_src, d_src); - param.x25519.d_src[31] &= 248; - param.x25519.d_src[0] &= 127; - param.x25519.d_src[0] |= 64; - - rc = s390x_pcc(S390X_SCALAR_MULTIPLY_X25519, ¶m.x25519) ? 0 : 1; - if (rc == 1) - s390x_flip_endian32(u_dst, param.x25519.u_dst); - - OPENSSL_cleanse(param.x25519.d_src, sizeof(param.x25519.d_src)); - return rc; -} - -int s390x_x448_mul(unsigned char u_dst[56], - const unsigned char u_src[56], - const unsigned char d_src[56]) -{ - union { - struct { - unsigned char u_dst[64]; - unsigned char u_src[64]; - unsigned char d_src[64]; - } x448; - unsigned long long buff[512]; - } param; - int rc; - - memset(¶m, 0, sizeof(param)); - - memcpy(param.x448.u_src, u_src, 56); - memcpy(param.x448.d_src, d_src, 56); - - s390x_flip_endian64(param.x448.u_src, param.x448.u_src); - s390x_x448_mod_p(param.x448.u_src + 8); - - s390x_flip_endian64(param.x448.d_src, param.x448.d_src); - param.x448.d_src[63] &= 252; - param.x448.d_src[8] |= 128; - - rc = s390x_pcc(S390X_SCALAR_MULTIPLY_X448, ¶m.x448) ? 0 : 1; - if (rc == 1) { - s390x_flip_endian64(param.x448.u_dst, param.x448.u_dst); - memcpy(u_dst, param.x448.u_dst, 56); - } - - OPENSSL_cleanse(param.x448.d_src, sizeof(param.x448.d_src)); - return rc; -} - -int s390x_ed25519_mul(unsigned char x_dst[32], - unsigned char y_dst[32], - const unsigned char x_src[32], - const unsigned char y_src[32], - const unsigned char d_src[32]) -{ - union { - struct { - unsigned char x_dst[32]; - unsigned char y_dst[32]; - unsigned char x_src[32]; - unsigned char y_src[32]; - unsigned char d_src[32]; - } ed25519; - unsigned long long buff[512]; - } param; - int rc; - - memset(¶m, 0, sizeof(param)); - - s390x_flip_endian32(param.ed25519.x_src, x_src); - s390x_flip_endian32(param.ed25519.y_src, y_src); - s390x_flip_endian32(param.ed25519.d_src, d_src); - - rc = s390x_pcc(S390X_SCALAR_MULTIPLY_ED25519, ¶m.ed25519) ? 0 : 1; - if (rc == 1) { - s390x_flip_endian32(x_dst, param.ed25519.x_dst); - s390x_flip_endian32(y_dst, param.ed25519.y_dst); - } - - OPENSSL_cleanse(param.ed25519.d_src, sizeof(param.ed25519.d_src)); - return rc; -} - -int s390x_ed448_mul(unsigned char x_dst[57], - unsigned char y_dst[57], - const unsigned char x_src[57], - const unsigned char y_src[57], - const unsigned char d_src[57]) -{ - union { - struct { - unsigned char x_dst[64]; - unsigned char y_dst[64]; - unsigned char x_src[64]; - unsigned char y_src[64]; - unsigned char d_src[64]; - } ed448; - unsigned long long buff[512]; - } param; - int rc; - - memset(¶m, 0, sizeof(param)); - - memcpy(param.ed448.x_src, x_src, 57); - memcpy(param.ed448.y_src, y_src, 57); - memcpy(param.ed448.d_src, d_src, 57); - s390x_flip_endian64(param.ed448.x_src, param.ed448.x_src); - s390x_flip_endian64(param.ed448.y_src, param.ed448.y_src); - s390x_flip_endian64(param.ed448.d_src, param.ed448.d_src); - - rc = s390x_pcc(S390X_SCALAR_MULTIPLY_ED448, ¶m.ed448) ? 0 : 1; - if (rc == 1) { - s390x_flip_endian64(param.ed448.x_dst, param.ed448.x_dst); - s390x_flip_endian64(param.ed448.y_dst, param.ed448.y_dst); - memcpy(x_dst, param.ed448.x_dst, 57); - memcpy(y_dst, param.ed448.y_dst, 57); - } - - OPENSSL_cleanse(param.ed448.d_src, sizeof(param.ed448.d_src)); - return rc; -} diff --git a/crypto/encode_decode/build.info b/crypto/encode_decode/build.info deleted file mode 100644 index e2cd846673384a541fc1b958d93375a419e80123..0000000000000000000000000000000000000000 --- a/crypto/encode_decode/build.info +++ /dev/null @@ -1,5 +0,0 @@ -SOURCE[../../libcrypto]=encoder_meth.c encoder_lib.c encoder_pkey.c -SOURCE[../../libcrypto]=decoder_meth.c decoder_lib.c decoder_pkey.c - -SOURCE[../../libcrypto]=encoder_err.c -SOURCE[../../libcrypto]=decoder_err.c diff --git a/crypto/encode_decode/decoder_err.c b/crypto/encode_decode/decoder_err.c deleted file mode 100644 index 88324a1d50788db2bd8bd0aac02c9ede9731a702..0000000000000000000000000000000000000000 --- a/crypto/encode_decode/decoder_err.c +++ /dev/null @@ -1,36 +0,0 @@ -/* - * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include "crypto/decodererr.h" - -#ifndef OPENSSL_NO_ERR - -static const ERR_STRING_DATA OSSL_DECODER_str_reasons[] = { - {ERR_PACK(ERR_LIB_OSSL_DECODER, 0, OSSL_DECODER_R_COULD_NOT_DECODE_OBJECT), - "could not decode object"}, - {ERR_PACK(ERR_LIB_OSSL_DECODER, 0, OSSL_DECODER_R_DECODER_NOT_FOUND), - "decoder not found"}, - {ERR_PACK(ERR_LIB_OSSL_DECODER, 0, OSSL_DECODER_R_MISSING_GET_PARAMS), - "missing get params"}, - {0, NULL} -}; - -#endif - -int ossl_err_load_OSSL_DECODER_strings(void) -{ -#ifndef OPENSSL_NO_ERR - if (ERR_reason_error_string(OSSL_DECODER_str_reasons[0].error) == NULL) - ERR_load_strings_const(OSSL_DECODER_str_reasons); -#endif - return 1; -} diff --git a/crypto/encode_decode/decoder_lib.c b/crypto/encode_decode/decoder_lib.c deleted file mode 100644 index e24d2c6cd588be7aa9ebc119c084e2f01212b903..0000000000000000000000000000000000000000 --- a/crypto/encode_decode/decoder_lib.c +++ /dev/null @@ -1,999 +0,0 @@ -/* - * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include "internal/bio.h" -#include "internal/provider.h" -#include "crypto/decoder.h" -#include "encoder_local.h" -#include "e_os.h" - -struct decoder_process_data_st { - OSSL_DECODER_CTX *ctx; - - /* Current BIO */ - BIO *bio; - - /* Index of the current decoder instance to be processed */ - size_t current_decoder_inst_index; - /* For tracing, count recursion level */ - size_t recursion; - - /*- - * Flags - */ - unsigned int flag_next_level_called : 1; - unsigned int flag_construct_called : 1; - unsigned int flag_input_structure_checked : 1; -}; - -static int decoder_process(const OSSL_PARAM params[], void *arg); - -int OSSL_DECODER_from_bio(OSSL_DECODER_CTX *ctx, BIO *in) -{ - struct decoder_process_data_st data; - int ok = 0; - BIO *new_bio = NULL; - unsigned long lasterr; - - if (in == NULL) { - ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - - if (OSSL_DECODER_CTX_get_num_decoders(ctx) == 0) { - ERR_raise_data(ERR_LIB_OSSL_DECODER, OSSL_DECODER_R_DECODER_NOT_FOUND, - "No decoders were found. For standard decoders you need " - "at least one of the default or base providers " - "available. Did you forget to load them?"); - return 0; - } - - lasterr = ERR_peek_last_error(); - - if (BIO_tell(in) < 0) { - new_bio = BIO_new(BIO_f_readbuffer()); - if (new_bio == NULL) - return 0; - in = BIO_push(new_bio, in); - } - memset(&data, 0, sizeof(data)); - data.ctx = ctx; - data.bio = in; - - /* Enable passphrase caching */ - (void)ossl_pw_enable_passphrase_caching(&ctx->pwdata); - - ok = decoder_process(NULL, &data); - - if (!data.flag_construct_called) { - const char *spaces - = ctx->start_input_type != NULL && ctx->input_structure != NULL - ? " " : ""; - const char *input_type_label - = ctx->start_input_type != NULL ? "Input type: " : ""; - const char *input_structure_label - = ctx->input_structure != NULL ? "Input structure: " : ""; - const char *comma - = ctx->start_input_type != NULL && ctx->input_structure != NULL - ? ", " : ""; - const char *input_type - = ctx->start_input_type != NULL ? ctx->start_input_type : ""; - const char *input_structure - = ctx->input_structure != NULL ? ctx->input_structure : ""; - - if (ERR_peek_last_error() == lasterr || ERR_peek_error() == 0) - /* Prevent spurious decoding error but add at least something */ - ERR_raise_data(ERR_LIB_OSSL_DECODER, ERR_R_UNSUPPORTED, - "No supported data to decode. %s%s%s%s%s%s", - spaces, input_type_label, input_type, comma, - input_structure_label, input_structure); - ok = 0; - } - - /* Clear any internally cached passphrase */ - (void)ossl_pw_clear_passphrase_cache(&ctx->pwdata); - - if (new_bio != NULL) { - BIO_pop(new_bio); - BIO_free(new_bio); - } - return ok; -} - -#ifndef OPENSSL_NO_STDIO -static BIO *bio_from_file(FILE *fp) -{ - BIO *b; - - if ((b = BIO_new(BIO_s_file())) == NULL) { - ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_BIO_LIB); - return NULL; - } - BIO_set_fp(b, fp, BIO_NOCLOSE); - return b; -} - -int OSSL_DECODER_from_fp(OSSL_DECODER_CTX *ctx, FILE *fp) -{ - BIO *b = bio_from_file(fp); - int ret = 0; - - if (b != NULL) - ret = OSSL_DECODER_from_bio(ctx, b); - - BIO_free(b); - return ret; -} -#endif - -int OSSL_DECODER_from_data(OSSL_DECODER_CTX *ctx, const unsigned char **pdata, - size_t *pdata_len) -{ - BIO *membio; - int ret = 0; - - if (pdata == NULL || *pdata == NULL || pdata_len == NULL) { - ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - - membio = BIO_new_mem_buf(*pdata, (int)*pdata_len); - if (OSSL_DECODER_from_bio(ctx, membio)) { - *pdata_len = (size_t)BIO_get_mem_data(membio, pdata); - ret = 1; - } - BIO_free(membio); - - return ret; -} - -int OSSL_DECODER_CTX_set_selection(OSSL_DECODER_CTX *ctx, int selection) -{ - if (!ossl_assert(ctx != NULL)) { - ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - - /* - * 0 is a valid selection, and means that the caller leaves - * it to code to discover what the selection is. - */ - ctx->selection = selection; - return 1; -} - -int OSSL_DECODER_CTX_set_input_type(OSSL_DECODER_CTX *ctx, - const char *input_type) -{ - if (!ossl_assert(ctx != NULL)) { - ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - - /* - * NULL is a valid starting input type, and means that the caller leaves - * it to code to discover what the starting input type is. - */ - ctx->start_input_type = input_type; - return 1; -} - -int OSSL_DECODER_CTX_set_input_structure(OSSL_DECODER_CTX *ctx, - const char *input_structure) -{ - if (!ossl_assert(ctx != NULL)) { - ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - - /* - * NULL is a valid starting input structure, and means that the caller - * leaves it to code to discover what the starting input structure is. - */ - ctx->input_structure = input_structure; - return 1; -} - -OSSL_DECODER_INSTANCE *ossl_decoder_instance_new(OSSL_DECODER *decoder, - void *decoderctx) -{ - OSSL_DECODER_INSTANCE *decoder_inst = NULL; - const OSSL_PROVIDER *prov; - OSSL_LIB_CTX *libctx; - const OSSL_PROPERTY_LIST *props; - const OSSL_PROPERTY_DEFINITION *prop; - - if (!ossl_assert(decoder != NULL)) { - ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - - if ((decoder_inst = OPENSSL_zalloc(sizeof(*decoder_inst))) == NULL) { - ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_MALLOC_FAILURE); - return 0; - } - - prov = OSSL_DECODER_get0_provider(decoder); - libctx = ossl_provider_libctx(prov); - props = ossl_decoder_parsed_properties(decoder); - if (props == NULL) { - ERR_raise_data(ERR_LIB_OSSL_DECODER, ERR_R_INVALID_PROPERTY_DEFINITION, - "there are no property definitions with decoder %s", - OSSL_DECODER_get0_name(decoder)); - goto err; - } - - /* The "input" property is mandatory */ - prop = ossl_property_find_property(props, libctx, "input"); - decoder_inst->input_type = ossl_property_get_string_value(libctx, prop); - if (decoder_inst->input_type == NULL) { - ERR_raise_data(ERR_LIB_OSSL_DECODER, ERR_R_INVALID_PROPERTY_DEFINITION, - "the mandatory 'input' property is missing " - "for decoder %s (properties: %s)", - OSSL_DECODER_get0_name(decoder), - OSSL_DECODER_get0_properties(decoder)); - goto err; - } - - /* The "structure" property is optional */ - prop = ossl_property_find_property(props, libctx, "structure"); - if (prop != NULL) { - decoder_inst->input_structure - = ossl_property_get_string_value(libctx, prop); - } - - if (!OSSL_DECODER_up_ref(decoder)) { - ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_INTERNAL_ERROR); - goto err; - } - decoder_inst->decoder = decoder; - decoder_inst->decoderctx = decoderctx; - return decoder_inst; - err: - ossl_decoder_instance_free(decoder_inst); - return NULL; -} - -void ossl_decoder_instance_free(OSSL_DECODER_INSTANCE *decoder_inst) -{ - if (decoder_inst != NULL) { - if (decoder_inst->decoder != NULL) - decoder_inst->decoder->freectx(decoder_inst->decoderctx); - decoder_inst->decoderctx = NULL; - OSSL_DECODER_free(decoder_inst->decoder); - decoder_inst->decoder = NULL; - OPENSSL_free(decoder_inst); - } -} - -int ossl_decoder_ctx_add_decoder_inst(OSSL_DECODER_CTX *ctx, - OSSL_DECODER_INSTANCE *di) -{ - int ok; - - if (ctx->decoder_insts == NULL - && (ctx->decoder_insts = - sk_OSSL_DECODER_INSTANCE_new_null()) == NULL) { - ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_MALLOC_FAILURE); - return 0; - } - - ok = (sk_OSSL_DECODER_INSTANCE_push(ctx->decoder_insts, di) > 0); - if (ok) { - OSSL_TRACE_BEGIN(DECODER) { - BIO_printf(trc_out, - "(ctx %p) Added decoder instance %p for decoder %p\n" - " %s with %s\n", - (void *)ctx, (void *)di, (void *)di->decoder, - OSSL_DECODER_get0_name(di->decoder), - OSSL_DECODER_get0_properties(di->decoder)); - } OSSL_TRACE_END(DECODER); - } - return ok; -} - -int OSSL_DECODER_CTX_add_decoder(OSSL_DECODER_CTX *ctx, OSSL_DECODER *decoder) -{ - OSSL_DECODER_INSTANCE *decoder_inst = NULL; - const OSSL_PROVIDER *prov = NULL; - void *decoderctx = NULL; - void *provctx = NULL; - - if (!ossl_assert(ctx != NULL) || !ossl_assert(decoder != NULL)) { - ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - - prov = OSSL_DECODER_get0_provider(decoder); - provctx = OSSL_PROVIDER_get0_provider_ctx(prov); - - if ((decoderctx = decoder->newctx(provctx)) == NULL - || (decoder_inst = - ossl_decoder_instance_new(decoder, decoderctx)) == NULL) - goto err; - /* Avoid double free of decoderctx on further errors */ - decoderctx = NULL; - - if (!ossl_decoder_ctx_add_decoder_inst(ctx, decoder_inst)) - goto err; - - return 1; - err: - ossl_decoder_instance_free(decoder_inst); - if (decoderctx != NULL) - decoder->freectx(decoderctx); - return 0; -} - -struct collect_extra_decoder_data_st { - OSSL_DECODER_CTX *ctx; - const char *output_type; - /* - * 0 to check that the decoder's input type is the same as the decoder name - * 1 to check that the decoder's input type differs from the decoder name - */ - enum { IS_SAME = 0, IS_DIFFERENT = 1 } type_check; - size_t w_prev_start, w_prev_end; /* "previous" decoders */ - size_t w_new_start, w_new_end; /* "new" decoders */ -}; - -DEFINE_STACK_OF(OSSL_DECODER) - -static void collect_all_decoders(OSSL_DECODER *decoder, void *arg) -{ - STACK_OF(OSSL_DECODER) *skdecoders = arg; - - if (OSSL_DECODER_up_ref(decoder) - && !sk_OSSL_DECODER_push(skdecoders, decoder)) - OSSL_DECODER_free(decoder); -} - -static void collect_extra_decoder(OSSL_DECODER *decoder, void *arg) -{ - struct collect_extra_decoder_data_st *data = arg; - size_t j; - const OSSL_PROVIDER *prov = OSSL_DECODER_get0_provider(decoder); - void *provctx = OSSL_PROVIDER_get0_provider_ctx(prov); - - if (OSSL_DECODER_is_a(decoder, data->output_type)) { - void *decoderctx = NULL; - OSSL_DECODER_INSTANCE *di = NULL; - - OSSL_TRACE_BEGIN(DECODER) { - BIO_printf(trc_out, - "(ctx %p) [%d] Checking out decoder %p:\n" - " %s with %s\n", - (void *)data->ctx, data->type_check, (void *)decoder, - OSSL_DECODER_get0_name(decoder), - OSSL_DECODER_get0_properties(decoder)); - } OSSL_TRACE_END(DECODER); - - /* - * Check that we don't already have this decoder in our stack, - * starting with the previous windows but also looking at what - * we have added in the current window. - */ - for (j = data->w_prev_start; j < data->w_new_end; j++) { - OSSL_DECODER_INSTANCE *check_inst = - sk_OSSL_DECODER_INSTANCE_value(data->ctx->decoder_insts, j); - - if (decoder->base.algodef == check_inst->decoder->base.algodef) { - /* We found it, so don't do anything more */ - OSSL_TRACE_BEGIN(DECODER) { - BIO_printf(trc_out, - " REJECTED: already exists in the chain\n"); - } OSSL_TRACE_END(DECODER); - return; - } - } - - if ((decoderctx = decoder->newctx(provctx)) == NULL) - return; - - if ((di = ossl_decoder_instance_new(decoder, decoderctx)) == NULL) { - decoder->freectx(decoderctx); - return; - } - - switch (data->type_check) { - case IS_SAME: - /* If it differs, this is not a decoder to add for now. */ - if (!OSSL_DECODER_is_a(decoder, - OSSL_DECODER_INSTANCE_get_input_type(di))) { - ossl_decoder_instance_free(di); - OSSL_TRACE_BEGIN(DECODER) { - BIO_printf(trc_out, - " REJECTED: input type doesn't match output type\n"); - } OSSL_TRACE_END(DECODER); - return; - } - break; - case IS_DIFFERENT: - /* If it's the same, this is not a decoder to add for now. */ - if (OSSL_DECODER_is_a(decoder, - OSSL_DECODER_INSTANCE_get_input_type(di))) { - ossl_decoder_instance_free(di); - OSSL_TRACE_BEGIN(DECODER) { - BIO_printf(trc_out, - " REJECTED: input type matches output type\n"); - } OSSL_TRACE_END(DECODER); - return; - } - break; - } - - /* - * Apart from keeping w_new_end up to date, We don't care about - * errors here. If it doesn't collect, then it doesn't... - */ - if (!ossl_decoder_ctx_add_decoder_inst(data->ctx, di)) { - ossl_decoder_instance_free(di); - return; - } - - data->w_new_end++; - } -} - -int OSSL_DECODER_CTX_add_extra(OSSL_DECODER_CTX *ctx, - OSSL_LIB_CTX *libctx, const char *propq) -{ - /* - * This function goes through existing decoder methods in - * |ctx->decoder_insts|, and tries to fetch new decoders that produce - * what the existing ones want as input, and push those newly fetched - * decoders on top of the same stack. - * Then it does the same again, but looping over the newly fetched - * decoders, until there are no more decoders to be fetched, or - * when we have done this 10 times. - * - * we do this with sliding windows on the stack by keeping track of indexes - * and of the end. - * - * +----------------+ - * | DER to RSA | <--- w_prev_start - * +----------------+ - * | DER to DSA | - * +----------------+ - * | DER to DH | - * +----------------+ - * | PEM to DER | <--- w_prev_end, w_new_start - * +----------------+ - * <--- w_new_end - */ - struct collect_extra_decoder_data_st data; - size_t depth = 0; /* Counts the number of iterations */ - size_t count; /* Calculates how many were added in each iteration */ - size_t numdecoders; - STACK_OF(OSSL_DECODER) *skdecoders; - - if (!ossl_assert(ctx != NULL)) { - ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - - /* - * If there is no stack of OSSL_DECODER_INSTANCE, we have nothing - * more to add. That's fine. - */ - if (ctx->decoder_insts == NULL) - return 1; - - OSSL_TRACE_BEGIN(DECODER) { - BIO_printf(trc_out, "(ctx %p) Looking for extra decoders\n", - (void *)ctx); - } OSSL_TRACE_END(DECODER); - - - skdecoders = sk_OSSL_DECODER_new_null(); - if (skdecoders == NULL) { - ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_MALLOC_FAILURE); - return 0; - } - OSSL_DECODER_do_all_provided(libctx, collect_all_decoders, skdecoders); - numdecoders = sk_OSSL_DECODER_num(skdecoders); - - memset(&data, 0, sizeof(data)); - data.ctx = ctx; - data.w_prev_start = 0; - data.w_prev_end = sk_OSSL_DECODER_INSTANCE_num(ctx->decoder_insts); - do { - size_t i, j; - - data.w_new_start = data.w_new_end = data.w_prev_end; - - /* - * Two iterations: - * 0. All decoders that have the same name as their input type. - * This allows for decoders that unwrap some data in a specific - * encoding, and pass the result on with the same encoding. - * 1. All decoders that a different name than their input type. - */ - for (data.type_check = IS_SAME; - data.type_check <= IS_DIFFERENT; - data.type_check++) { - for (i = data.w_prev_start; i < data.w_prev_end; i++) { - OSSL_DECODER_INSTANCE *decoder_inst = - sk_OSSL_DECODER_INSTANCE_value(ctx->decoder_insts, i); - - data.output_type - = OSSL_DECODER_INSTANCE_get_input_type(decoder_inst); - - - for (j = 0; j < numdecoders; j++) - collect_extra_decoder(sk_OSSL_DECODER_value(skdecoders, j), - &data); - } - } - /* How many were added in this iteration */ - count = data.w_new_end - data.w_new_start; - - /* Slide the "previous decoder" windows */ - data.w_prev_start = data.w_new_start; - data.w_prev_end = data.w_new_end; - - depth++; - } while (count != 0 && depth <= 10); - - sk_OSSL_DECODER_pop_free(skdecoders, OSSL_DECODER_free); - return 1; -} - -int OSSL_DECODER_CTX_get_num_decoders(OSSL_DECODER_CTX *ctx) -{ - if (ctx == NULL || ctx->decoder_insts == NULL) - return 0; - return sk_OSSL_DECODER_INSTANCE_num(ctx->decoder_insts); -} - -int OSSL_DECODER_CTX_set_construct(OSSL_DECODER_CTX *ctx, - OSSL_DECODER_CONSTRUCT *construct) -{ - if (!ossl_assert(ctx != NULL)) { - ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - ctx->construct = construct; - return 1; -} - -int OSSL_DECODER_CTX_set_construct_data(OSSL_DECODER_CTX *ctx, - void *construct_data) -{ - if (!ossl_assert(ctx != NULL)) { - ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - ctx->construct_data = construct_data; - return 1; -} - -int OSSL_DECODER_CTX_set_cleanup(OSSL_DECODER_CTX *ctx, - OSSL_DECODER_CLEANUP *cleanup) -{ - if (!ossl_assert(ctx != NULL)) { - ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - ctx->cleanup = cleanup; - return 1; -} - -OSSL_DECODER_CONSTRUCT * -OSSL_DECODER_CTX_get_construct(OSSL_DECODER_CTX *ctx) -{ - if (ctx == NULL) - return NULL; - return ctx->construct; -} - -void *OSSL_DECODER_CTX_get_construct_data(OSSL_DECODER_CTX *ctx) -{ - if (ctx == NULL) - return NULL; - return ctx->construct_data; -} - -OSSL_DECODER_CLEANUP * -OSSL_DECODER_CTX_get_cleanup(OSSL_DECODER_CTX *ctx) -{ - if (ctx == NULL) - return NULL; - return ctx->cleanup; -} - -int OSSL_DECODER_export(OSSL_DECODER_INSTANCE *decoder_inst, - void *reference, size_t reference_sz, - OSSL_CALLBACK *export_cb, void *export_cbarg) -{ - OSSL_DECODER *decoder = NULL; - void *decoderctx = NULL; - - if (!(ossl_assert(decoder_inst != NULL) - && ossl_assert(reference != NULL) - && ossl_assert(export_cb != NULL) - && ossl_assert(export_cbarg != NULL))) { - ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - - decoder = OSSL_DECODER_INSTANCE_get_decoder(decoder_inst); - decoderctx = OSSL_DECODER_INSTANCE_get_decoder_ctx(decoder_inst); - return decoder->export_object(decoderctx, reference, reference_sz, - export_cb, export_cbarg); -} - -OSSL_DECODER * -OSSL_DECODER_INSTANCE_get_decoder(OSSL_DECODER_INSTANCE *decoder_inst) -{ - if (decoder_inst == NULL) - return NULL; - return decoder_inst->decoder; -} - -void * -OSSL_DECODER_INSTANCE_get_decoder_ctx(OSSL_DECODER_INSTANCE *decoder_inst) -{ - if (decoder_inst == NULL) - return NULL; - return decoder_inst->decoderctx; -} - -const char * -OSSL_DECODER_INSTANCE_get_input_type(OSSL_DECODER_INSTANCE *decoder_inst) -{ - if (decoder_inst == NULL) - return NULL; - return decoder_inst->input_type; -} - -const char * -OSSL_DECODER_INSTANCE_get_input_structure(OSSL_DECODER_INSTANCE *decoder_inst, - int *was_set) -{ - if (decoder_inst == NULL) - return NULL; - *was_set = decoder_inst->flag_input_structure_was_set; - return decoder_inst->input_structure; -} - -static int decoder_process(const OSSL_PARAM params[], void *arg) -{ - struct decoder_process_data_st *data = arg; - OSSL_DECODER_CTX *ctx = data->ctx; - OSSL_DECODER_INSTANCE *decoder_inst = NULL; - OSSL_DECODER *decoder = NULL; - OSSL_CORE_BIO *cbio = NULL; - BIO *bio = data->bio; - long loc; - size_t i; - int ok = 0; - /* For recursions */ - struct decoder_process_data_st new_data; - const char *data_type = NULL; - const char *data_structure = NULL; - - /* - * This is an indicator up the call stack that something was indeed - * decoded, leading to a recursive call of this function. - */ - data->flag_next_level_called = 1; - - memset(&new_data, 0, sizeof(new_data)); - new_data.ctx = data->ctx; - new_data.recursion = data->recursion + 1; - -#define LEVEL_STR ">>>>>>>>>>>>>>>>" -#define LEVEL (new_data.recursion < sizeof(LEVEL_STR) \ - ? &LEVEL_STR[sizeof(LEVEL_STR) - new_data.recursion - 1] \ - : LEVEL_STR "...") - - if (params == NULL) { - /* First iteration, where we prepare for what is to come */ - - OSSL_TRACE_BEGIN(DECODER) { - BIO_printf(trc_out, - "(ctx %p) starting to walk the decoder chain\n", - (void *)new_data.ctx); - } OSSL_TRACE_END(DECODER); - - data->current_decoder_inst_index = - OSSL_DECODER_CTX_get_num_decoders(ctx); - - bio = data->bio; - } else { - const OSSL_PARAM *p; - const char *trace_data_structure; - - decoder_inst = - sk_OSSL_DECODER_INSTANCE_value(ctx->decoder_insts, - data->current_decoder_inst_index); - decoder = OSSL_DECODER_INSTANCE_get_decoder(decoder_inst); - - data->flag_construct_called = 0; - if (ctx->construct != NULL) { - int rv; - - OSSL_TRACE_BEGIN(DECODER) { - BIO_printf(trc_out, - "(ctx %p) %s Running constructor\n", - (void *)new_data.ctx, LEVEL); - } OSSL_TRACE_END(DECODER); - - rv = ctx->construct(decoder_inst, params, ctx->construct_data); - - OSSL_TRACE_BEGIN(DECODER) { - BIO_printf(trc_out, - "(ctx %p) %s Running constructor => %d\n", - (void *)new_data.ctx, LEVEL, rv); - } OSSL_TRACE_END(DECODER); - - data->flag_construct_called = 1; - ok = (rv > 0); - if (ok) - goto end; - } - - /* The constructor didn't return success */ - - /* - * so we try to use the object we got and feed it to any next - * decoder that will take it. Object references are not - * allowed for this. - * If this data isn't present, decoding has failed. - */ - - p = OSSL_PARAM_locate_const(params, OSSL_OBJECT_PARAM_DATA); - if (p == NULL || p->data_type != OSSL_PARAM_OCTET_STRING) - goto end; - new_data.bio = BIO_new_mem_buf(p->data, (int)p->data_size); - if (new_data.bio == NULL) - goto end; - bio = new_data.bio; - - /* Get the data type if there is one */ - p = OSSL_PARAM_locate_const(params, OSSL_OBJECT_PARAM_DATA_TYPE); - if (p != NULL && !OSSL_PARAM_get_utf8_string_ptr(p, &data_type)) - goto end; - - /* Get the data structure if there is one */ - p = OSSL_PARAM_locate_const(params, OSSL_OBJECT_PARAM_DATA_STRUCTURE); - if (p != NULL && !OSSL_PARAM_get_utf8_string_ptr(p, &data_structure)) - goto end; - - /* - * If the data structure is "type-specific" and the data type is - * given, we drop the data structure. The reasoning is that the - * data type is already enough to find the applicable next decoder, - * so an additional "type-specific" data structure is extraneous. - * - * Furthermore, if the OSSL_DECODER caller asked for a type specific - * structure under another name, such as "DH", we get a mismatch - * if the data structure we just received is "type-specific". - * There's only so much you can do without infusing this code with - * too special knowledge. - */ - trace_data_structure = data_structure; - if (data_type != NULL && data_structure != NULL - && OPENSSL_strcasecmp(data_structure, "type-specific") == 0) - data_structure = NULL; - - OSSL_TRACE_BEGIN(DECODER) { - BIO_printf(trc_out, - "(ctx %p) %s incoming from previous decoder (%p):\n" - " data type: %s, data structure: %s%s\n", - (void *)new_data.ctx, LEVEL, (void *)decoder, - data_type, trace_data_structure, - (trace_data_structure == data_structure - ? "" : " (dropped)")); - } OSSL_TRACE_END(DECODER); - } - - /* - * If we have no more decoders to look through at this point, - * we failed - */ - if (data->current_decoder_inst_index == 0) - goto end; - - if ((loc = BIO_tell(bio)) < 0) { - ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_BIO_LIB); - goto end; - } - - if ((cbio = ossl_core_bio_new_from_bio(bio)) == NULL) { - ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_MALLOC_FAILURE); - goto end; - } - - for (i = data->current_decoder_inst_index; i-- > 0;) { - OSSL_DECODER_INSTANCE *new_decoder_inst = - sk_OSSL_DECODER_INSTANCE_value(ctx->decoder_insts, i); - OSSL_DECODER *new_decoder = - OSSL_DECODER_INSTANCE_get_decoder(new_decoder_inst); - void *new_decoderctx = - OSSL_DECODER_INSTANCE_get_decoder_ctx(new_decoder_inst); - const char *new_input_type = - OSSL_DECODER_INSTANCE_get_input_type(new_decoder_inst); - int n_i_s_was_set = 0; /* We don't care here */ - const char *new_input_structure = - OSSL_DECODER_INSTANCE_get_input_structure(new_decoder_inst, - &n_i_s_was_set); - - OSSL_TRACE_BEGIN(DECODER) { - BIO_printf(trc_out, - "(ctx %p) %s [%u] Considering decoder instance %p (decoder %p):\n" - " %s with %s\n", - (void *)new_data.ctx, LEVEL, (unsigned int)i, - (void *)new_decoder_inst, (void *)new_decoder, - OSSL_DECODER_get0_name(new_decoder), - OSSL_DECODER_get0_properties(new_decoder)); - } OSSL_TRACE_END(DECODER); - - /* - * If |decoder| is NULL, it means we've just started, and the caller - * may have specified what it expects the initial input to be. If - * that's the case, we do this extra check. - */ - if (decoder == NULL && ctx->start_input_type != NULL - && OPENSSL_strcasecmp(ctx->start_input_type, new_input_type) != 0) { - OSSL_TRACE_BEGIN(DECODER) { - BIO_printf(trc_out, - "(ctx %p) %s [%u] the start input type '%s' doesn't match the input type of the considered decoder, skipping...\n", - (void *)new_data.ctx, LEVEL, (unsigned int)i, - ctx->start_input_type); - } OSSL_TRACE_END(DECODER); - continue; - } - - /* - * If we have a previous decoder, we check that the input type - * of the next to be used matches the type of this previous one. - * |new_input_type| holds the value of the "input-type" parameter - * for the decoder we're currently considering. - */ - if (decoder != NULL && !OSSL_DECODER_is_a(decoder, new_input_type)) { - OSSL_TRACE_BEGIN(DECODER) { - BIO_printf(trc_out, - "(ctx %p) %s [%u] the input type doesn't match the name of the previous decoder (%p), skipping...\n", - (void *)new_data.ctx, LEVEL, (unsigned int)i, - (void *)decoder); - } OSSL_TRACE_END(DECODER); - continue; - } - - /* - * If the previous decoder gave us a data type, we check to see - * if that matches the decoder we're currently considering. - */ - if (data_type != NULL && !OSSL_DECODER_is_a(new_decoder, data_type)) { - OSSL_TRACE_BEGIN(DECODER) { - BIO_printf(trc_out, - "(ctx %p) %s [%u] the previous decoder's data type doesn't match the name of the considered decoder, skipping...\n", - (void *)new_data.ctx, LEVEL, (unsigned int)i); - } OSSL_TRACE_END(DECODER); - continue; - } - - /* - * If the previous decoder gave us a data structure name, we check - * to see that it matches the input data structure of the decoder - * we're currently considering. - */ - if (data_structure != NULL - && (new_input_structure == NULL - || OPENSSL_strcasecmp(data_structure, - new_input_structure) != 0)) { - OSSL_TRACE_BEGIN(DECODER) { - BIO_printf(trc_out, - "(ctx %p) %s [%u] the previous decoder's data structure doesn't match the input structure of the considered decoder, skipping...\n", - (void *)new_data.ctx, LEVEL, (unsigned int)i); - } OSSL_TRACE_END(DECODER); - continue; - } - - /* - * If the decoder we're currently considering specifies a structure, - * and this check hasn't already been done earlier in this chain of - * decoder_process() calls, check that it matches the user provided - * input structure, if one is given. - */ - if (!data->flag_input_structure_checked - && ctx->input_structure != NULL - && new_input_structure != NULL) { - data->flag_input_structure_checked = 1; - if (OPENSSL_strcasecmp(new_input_structure, - ctx->input_structure) != 0) { - OSSL_TRACE_BEGIN(DECODER) { - BIO_printf(trc_out, - "(ctx %p) %s [%u] the previous decoder's data structure doesn't match the input structure given by the user, skipping...\n", - (void *)new_data.ctx, LEVEL, (unsigned int)i); - } OSSL_TRACE_END(DECODER); - continue; - } - } - - /* - * Checking the return value of BIO_reset() or BIO_seek() is unsafe. - * Furthermore, BIO_reset() is unsafe to use if the source BIO happens - * to be a BIO_s_mem(), because the earlier BIO_tell() gives us zero - * no matter where we are in the underlying buffer we're reading from. - * - * So, we simply do a BIO_seek(), and use BIO_tell() that we're back - * at the same position. This is a best effort attempt, but BIO_seek() - * and BIO_tell() should come as a pair... - */ - (void)BIO_seek(bio, loc); - if (BIO_tell(bio) != loc) - goto end; - - /* Recurse */ - OSSL_TRACE_BEGIN(DECODER) { - BIO_printf(trc_out, - "(ctx %p) %s [%u] Running decoder instance %p\n", - (void *)new_data.ctx, LEVEL, (unsigned int)i, - (void *)new_decoder_inst); - } OSSL_TRACE_END(DECODER); - - /* - * We only care about errors reported from decoder implementations - * if it returns false (i.e. there was a fatal error). - */ - ERR_set_mark(); - - new_data.current_decoder_inst_index = i; - new_data.flag_input_structure_checked - = data->flag_input_structure_checked; - ok = new_decoder->decode(new_decoderctx, cbio, - new_data.ctx->selection, - decoder_process, &new_data, - ossl_pw_passphrase_callback_dec, - &new_data.ctx->pwdata); - - OSSL_TRACE_BEGIN(DECODER) { - BIO_printf(trc_out, - "(ctx %p) %s [%u] Running decoder instance %p => %d" - " (recursed further: %s, construct called: %s)\n", - (void *)new_data.ctx, LEVEL, (unsigned int)i, - (void *)new_decoder_inst, ok, - new_data.flag_next_level_called ? "yes" : "no", - new_data.flag_construct_called ? "yes" : "no"); - } OSSL_TRACE_END(DECODER); - - data->flag_construct_called = new_data.flag_construct_called; - - /* Break on error or if we tried to construct an object already */ - if (!ok || data->flag_construct_called) { - ERR_clear_last_mark(); - break; - } - ERR_pop_to_mark(); - - /* - * Break if the decoder implementation that we called recursed, since - * that indicates that it successfully decoded something. - */ - if (new_data.flag_next_level_called) - break; - } - - end: - ossl_core_bio_free(cbio); - BIO_free(new_data.bio); - return ok; -} diff --git a/crypto/encode_decode/decoder_meth.c b/crypto/encode_decode/decoder_meth.c deleted file mode 100644 index 56899a9269819dea9f873941346e4f2f628da955..0000000000000000000000000000000000000000 --- a/crypto/encode_decode/decoder_meth.c +++ /dev/null @@ -1,701 +0,0 @@ -/* - * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include -#include "internal/core.h" -#include "internal/namemap.h" -#include "internal/property.h" -#include "internal/provider.h" -#include "crypto/decoder.h" -#include "encoder_local.h" - -/* - * Decoder can have multiple names, separated with colons in a name string - */ -#define NAME_SEPARATOR ':' - -/* Simple method structure constructor and destructor */ -static OSSL_DECODER *ossl_decoder_new(void) -{ - OSSL_DECODER *decoder = NULL; - - if ((decoder = OPENSSL_zalloc(sizeof(*decoder))) == NULL - || (decoder->base.lock = CRYPTO_THREAD_lock_new()) == NULL) { - OSSL_DECODER_free(decoder); - ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_MALLOC_FAILURE); - return NULL; - } - - decoder->base.refcnt = 1; - - return decoder; -} - -int OSSL_DECODER_up_ref(OSSL_DECODER *decoder) -{ - int ref = 0; - - CRYPTO_UP_REF(&decoder->base.refcnt, &ref, decoder->base.lock); - return 1; -} - -void OSSL_DECODER_free(OSSL_DECODER *decoder) -{ - int ref = 0; - - if (decoder == NULL) - return; - - CRYPTO_DOWN_REF(&decoder->base.refcnt, &ref, decoder->base.lock); - if (ref > 0) - return; - OPENSSL_free(decoder->base.name); - ossl_property_free(decoder->base.parsed_propdef); - ossl_provider_free(decoder->base.prov); - CRYPTO_THREAD_lock_free(decoder->base.lock); - OPENSSL_free(decoder); -} - -/* Permanent decoder method store, constructor and destructor */ -static void decoder_store_free(void *vstore) -{ - ossl_method_store_free(vstore); -} - -static void *decoder_store_new(OSSL_LIB_CTX *ctx) -{ - return ossl_method_store_new(ctx); -} - - -static const OSSL_LIB_CTX_METHOD decoder_store_method = { - /* We want decoder_store to be cleaned up before the provider store */ - OSSL_LIB_CTX_METHOD_PRIORITY_2, - decoder_store_new, - decoder_store_free, -}; - -/* Data to be passed through ossl_method_construct() */ -struct decoder_data_st { - OSSL_LIB_CTX *libctx; - int id; /* For get_decoder_from_store() */ - const char *names; /* For get_decoder_from_store() */ - const char *propquery; /* For get_decoder_from_store() */ - - OSSL_METHOD_STORE *tmp_store; /* For get_tmp_decoder_store() */ - - unsigned int flag_construct_error_occurred : 1; -}; - -/* - * Generic routines to fetch / create DECODER methods with - * ossl_method_construct() - */ - -/* Temporary decoder method store, constructor and destructor */ -static void *get_tmp_decoder_store(void *data) -{ - struct decoder_data_st *methdata = data; - - if (methdata->tmp_store == NULL) - methdata->tmp_store = ossl_method_store_new(methdata->libctx); - return methdata->tmp_store; -} - -static void dealloc_tmp_decoder_store(void *store) -{ - if (store != NULL) - ossl_method_store_free(store); -} - -/* Get the permanent decoder store */ -static OSSL_METHOD_STORE *get_decoder_store(OSSL_LIB_CTX *libctx) -{ - return ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_DECODER_STORE_INDEX, - &decoder_store_method); -} - -static int reserve_decoder_store(void *store, void *data) -{ - struct decoder_data_st *methdata = data; - - if (store == NULL - && (store = get_decoder_store(methdata->libctx)) == NULL) - return 0; - - return ossl_method_lock_store(store); -} - -static int unreserve_decoder_store(void *store, void *data) -{ - struct decoder_data_st *methdata = data; - - if (store == NULL - && (store = get_decoder_store(methdata->libctx)) == NULL) - return 0; - - return ossl_method_unlock_store(store); -} - -/* Get decoder methods from a store, or put one in */ -static void *get_decoder_from_store(void *store, const OSSL_PROVIDER **prov, - void *data) -{ - struct decoder_data_st *methdata = data; - void *method = NULL; - int id; - - /* - * get_decoder_from_store() is only called to try and get the method - * that OSSL_DECODER_fetch() is asking for, and the name or name id are - * passed via methdata. - */ - if ((id = methdata->id) == 0 && methdata->names != NULL) { - OSSL_NAMEMAP *namemap = ossl_namemap_stored(methdata->libctx); - const char *names = methdata->names; - const char *q = strchr(names, NAME_SEPARATOR); - size_t l = (q == NULL ? strlen(names) : (size_t)(q - names)); - - if (namemap == 0) - return NULL; - id = ossl_namemap_name2num_n(namemap, names, l); - } - - if (id == 0) - return NULL; - - if (store == NULL - && (store = get_decoder_store(methdata->libctx)) == NULL) - return NULL; - - if (!ossl_method_store_fetch(store, id, methdata->propquery, prov, &method)) - return NULL; - return method; -} - -static int put_decoder_in_store(void *store, void *method, - const OSSL_PROVIDER *prov, - const char *names, const char *propdef, - void *data) -{ - struct decoder_data_st *methdata = data; - OSSL_NAMEMAP *namemap; - int id; - size_t l = 0; - - /* - * put_decoder_in_store() is only called with an OSSL_DECODER method that - * was successfully created by construct_decoder() below, which means that - * all the names should already be stored in the namemap with the same - * numeric identity, so just use the first to get that identity. - */ - if (names != NULL) { - const char *q = strchr(names, NAME_SEPARATOR); - - l = (q == NULL ? strlen(names) : (size_t)(q - names)); - } - - if ((namemap = ossl_namemap_stored(methdata->libctx)) == NULL - || (id = ossl_namemap_name2num_n(namemap, names, l)) == 0) - return 0; - - if (store == NULL && (store = get_decoder_store(methdata->libctx)) == NULL) - return 0; - - return ossl_method_store_add(store, prov, id, propdef, method, - (int (*)(void *))OSSL_DECODER_up_ref, - (void (*)(void *))OSSL_DECODER_free); -} - -/* Create and populate a decoder method */ -void *ossl_decoder_from_algorithm(int id, const OSSL_ALGORITHM *algodef, - OSSL_PROVIDER *prov) -{ - OSSL_DECODER *decoder = NULL; - const OSSL_DISPATCH *fns = algodef->implementation; - OSSL_LIB_CTX *libctx = ossl_provider_libctx(prov); - - if ((decoder = ossl_decoder_new()) == NULL) - return NULL; - decoder->base.id = id; - if ((decoder->base.name = ossl_algorithm_get1_first_name(algodef)) == NULL) { - OSSL_DECODER_free(decoder); - return NULL; - } - decoder->base.algodef = algodef; - if ((decoder->base.parsed_propdef - = ossl_parse_property(libctx, algodef->property_definition)) == NULL) { - OSSL_DECODER_free(decoder); - return NULL; - } - - for (; fns->function_id != 0; fns++) { - switch (fns->function_id) { - case OSSL_FUNC_DECODER_NEWCTX: - if (decoder->newctx == NULL) - decoder->newctx = OSSL_FUNC_decoder_newctx(fns); - break; - case OSSL_FUNC_DECODER_FREECTX: - if (decoder->freectx == NULL) - decoder->freectx = OSSL_FUNC_decoder_freectx(fns); - break; - case OSSL_FUNC_DECODER_GET_PARAMS: - if (decoder->get_params == NULL) - decoder->get_params = - OSSL_FUNC_decoder_get_params(fns); - break; - case OSSL_FUNC_DECODER_GETTABLE_PARAMS: - if (decoder->gettable_params == NULL) - decoder->gettable_params = - OSSL_FUNC_decoder_gettable_params(fns); - break; - case OSSL_FUNC_DECODER_SET_CTX_PARAMS: - if (decoder->set_ctx_params == NULL) - decoder->set_ctx_params = - OSSL_FUNC_decoder_set_ctx_params(fns); - break; - case OSSL_FUNC_DECODER_SETTABLE_CTX_PARAMS: - if (decoder->settable_ctx_params == NULL) - decoder->settable_ctx_params = - OSSL_FUNC_decoder_settable_ctx_params(fns); - break; - case OSSL_FUNC_DECODER_DOES_SELECTION: - if (decoder->does_selection == NULL) - decoder->does_selection = - OSSL_FUNC_decoder_does_selection(fns); - break; - case OSSL_FUNC_DECODER_DECODE: - if (decoder->decode == NULL) - decoder->decode = OSSL_FUNC_decoder_decode(fns); - break; - case OSSL_FUNC_DECODER_EXPORT_OBJECT: - if (decoder->export_object == NULL) - decoder->export_object = OSSL_FUNC_decoder_export_object(fns); - break; - } - } - /* - * Try to check that the method is sensible. - * If you have a constructor, you must have a destructor and vice versa. - * You must have at least one of the encoding driver functions. - */ - if (!((decoder->newctx == NULL && decoder->freectx == NULL) - || (decoder->newctx != NULL && decoder->freectx != NULL)) - || decoder->decode == NULL) { - OSSL_DECODER_free(decoder); - ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_INVALID_PROVIDER_FUNCTIONS); - return NULL; - } - - if (prov != NULL && !ossl_provider_up_ref(prov)) { - OSSL_DECODER_free(decoder); - return NULL; - } - - decoder->base.prov = prov; - return decoder; -} - - -/* - * The core fetching functionality passes the names of the implementation. - * This function is responsible to getting an identity number for them, - * then call ossl_decoder_from_algorithm() with that identity number. - */ -static void *construct_decoder(const OSSL_ALGORITHM *algodef, - OSSL_PROVIDER *prov, void *data) -{ - /* - * This function is only called if get_decoder_from_store() returned - * NULL, so it's safe to say that of all the spots to create a new - * namemap entry, this is it. Should the name already exist there, we - * know that ossl_namemap_add() will return its corresponding number. - */ - struct decoder_data_st *methdata = data; - OSSL_LIB_CTX *libctx = ossl_provider_libctx(prov); - OSSL_NAMEMAP *namemap = ossl_namemap_stored(libctx); - const char *names = algodef->algorithm_names; - int id = ossl_namemap_add_names(namemap, 0, names, NAME_SEPARATOR); - void *method = NULL; - - if (id != 0) - method = ossl_decoder_from_algorithm(id, algodef, prov); - - /* - * Flag to indicate that there was actual construction errors. This - * helps inner_evp_generic_fetch() determine what error it should - * record on inaccessible algorithms. - */ - if (method == NULL) - methdata->flag_construct_error_occurred = 1; - - return method; -} - -/* Intermediary function to avoid ugly casts, used below */ -static void destruct_decoder(void *method, void *data) -{ - OSSL_DECODER_free(method); -} - -static int up_ref_decoder(void *method) -{ - return OSSL_DECODER_up_ref(method); -} - -static void free_decoder(void *method) -{ - OSSL_DECODER_free(method); -} - -/* Fetching support. Can fetch by numeric identity or by name */ -static OSSL_DECODER * -inner_ossl_decoder_fetch(struct decoder_data_st *methdata, int id, - const char *name, const char *properties) -{ - OSSL_METHOD_STORE *store = get_decoder_store(methdata->libctx); - OSSL_NAMEMAP *namemap = ossl_namemap_stored(methdata->libctx); - const char *const propq = properties != NULL ? properties : ""; - void *method = NULL; - int unsupported = 0; - - if (store == NULL || namemap == NULL) { - ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_PASSED_INVALID_ARGUMENT); - return NULL; - } - - /* - * If we have been passed both an id and a name, we have an - * internal programming error. - */ - if (!ossl_assert(id == 0 || name == NULL)) { - ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_INTERNAL_ERROR); - return NULL; - } - - if (id == 0 && name != NULL) - id = ossl_namemap_name2num(namemap, name); - - /* - * If we haven't found the name yet, chances are that the algorithm to - * be fetched is unsupported. - */ - if (id == 0) - unsupported = 1; - - if (id == 0 - || !ossl_method_store_cache_get(store, NULL, id, propq, &method)) { - OSSL_METHOD_CONSTRUCT_METHOD mcm = { - get_tmp_decoder_store, - reserve_decoder_store, - unreserve_decoder_store, - get_decoder_from_store, - put_decoder_in_store, - construct_decoder, - destruct_decoder - }; - OSSL_PROVIDER *prov = NULL; - - methdata->id = id; - methdata->names = name; - methdata->propquery = propq; - methdata->flag_construct_error_occurred = 0; - if ((method = ossl_method_construct(methdata->libctx, OSSL_OP_DECODER, - &prov, 0 /* !force_cache */, - &mcm, methdata)) != NULL) { - /* - * If construction did create a method for us, we know that - * there is a correct name_id and meth_id, since those have - * already been calculated in get_decoder_from_store() and - * put_decoder_in_store() above. - */ - if (id == 0 && name != NULL) - id = ossl_namemap_name2num(namemap, name); - if (id != 0) - ossl_method_store_cache_set(store, prov, id, propq, method, - up_ref_decoder, free_decoder); - } - - /* - * If we never were in the constructor, the algorithm to be fetched - * is unsupported. - */ - unsupported = !methdata->flag_construct_error_occurred; - } - - if ((id != 0 || name != NULL) && method == NULL) { - int code = unsupported ? ERR_R_UNSUPPORTED : ERR_R_FETCH_FAILED; - - if (name == NULL) - name = ossl_namemap_num2name(namemap, id, 0); - ERR_raise_data(ERR_LIB_OSSL_DECODER, code, - "%s, Name (%s : %d), Properties (%s)", - ossl_lib_ctx_get_descriptor(methdata->libctx), - name == NULL ? "" : name, id, - properties == NULL ? "" : properties); - } - - return method; -} - -OSSL_DECODER *OSSL_DECODER_fetch(OSSL_LIB_CTX *libctx, const char *name, - const char *properties) -{ - struct decoder_data_st methdata; - void *method; - - methdata.libctx = libctx; - methdata.tmp_store = NULL; - method = inner_ossl_decoder_fetch(&methdata, 0, name, properties); - dealloc_tmp_decoder_store(methdata.tmp_store); - return method; -} - -OSSL_DECODER *ossl_decoder_fetch_by_number(OSSL_LIB_CTX *libctx, int id, - const char *properties) -{ - struct decoder_data_st methdata; - void *method; - - methdata.libctx = libctx; - methdata.tmp_store = NULL; - method = inner_ossl_decoder_fetch(&methdata, id, NULL, properties); - dealloc_tmp_decoder_store(methdata.tmp_store); - return method; -} - -int ossl_decoder_store_cache_flush(OSSL_LIB_CTX *libctx) -{ - OSSL_METHOD_STORE *store = get_decoder_store(libctx); - - if (store != NULL) - return ossl_method_store_cache_flush_all(store); - return 1; -} - -int ossl_decoder_store_remove_all_provided(const OSSL_PROVIDER *prov) -{ - OSSL_LIB_CTX *libctx = ossl_provider_libctx(prov); - OSSL_METHOD_STORE *store = get_decoder_store(libctx); - - if (store != NULL) - return ossl_method_store_remove_all_provided(store, prov); - return 1; -} - -/* - * Library of basic method functions - */ - -const OSSL_PROVIDER *OSSL_DECODER_get0_provider(const OSSL_DECODER *decoder) -{ - if (!ossl_assert(decoder != NULL)) { - ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - - return decoder->base.prov; -} - -const char *OSSL_DECODER_get0_properties(const OSSL_DECODER *decoder) -{ - if (!ossl_assert(decoder != NULL)) { - ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - - return decoder->base.algodef->property_definition; -} - -const OSSL_PROPERTY_LIST * -ossl_decoder_parsed_properties(const OSSL_DECODER *decoder) -{ - if (!ossl_assert(decoder != NULL)) { - ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - - return decoder->base.parsed_propdef; -} - -int ossl_decoder_get_number(const OSSL_DECODER *decoder) -{ - if (!ossl_assert(decoder != NULL)) { - ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - - return decoder->base.id; -} - -const char *OSSL_DECODER_get0_name(const OSSL_DECODER *decoder) -{ - return decoder->base.name; -} - -const char *OSSL_DECODER_get0_description(const OSSL_DECODER *decoder) -{ - return decoder->base.algodef->algorithm_description; -} - -int OSSL_DECODER_is_a(const OSSL_DECODER *decoder, const char *name) -{ - if (decoder->base.prov != NULL) { - OSSL_LIB_CTX *libctx = ossl_provider_libctx(decoder->base.prov); - OSSL_NAMEMAP *namemap = ossl_namemap_stored(libctx); - - return ossl_namemap_name2num(namemap, name) == decoder->base.id; - } - return 0; -} - -struct do_one_data_st { - void (*user_fn)(OSSL_DECODER *decoder, void *arg); - void *user_arg; -}; - -static void do_one(ossl_unused int id, void *method, void *arg) -{ - struct do_one_data_st *data = arg; - - data->user_fn(method, data->user_arg); -} - -void OSSL_DECODER_do_all_provided(OSSL_LIB_CTX *libctx, - void (*user_fn)(OSSL_DECODER *decoder, - void *arg), - void *user_arg) -{ - struct decoder_data_st methdata; - struct do_one_data_st data; - - methdata.libctx = libctx; - methdata.tmp_store = NULL; - (void)inner_ossl_decoder_fetch(&methdata, 0, NULL, NULL /* properties */); - - data.user_fn = user_fn; - data.user_arg = user_arg; - if (methdata.tmp_store != NULL) - ossl_method_store_do_all(methdata.tmp_store, &do_one, &data); - ossl_method_store_do_all(get_decoder_store(libctx), &do_one, &data); - dealloc_tmp_decoder_store(methdata.tmp_store); -} - -int OSSL_DECODER_names_do_all(const OSSL_DECODER *decoder, - void (*fn)(const char *name, void *data), - void *data) -{ - if (decoder == NULL) - return 0; - - if (decoder->base.prov != NULL) { - OSSL_LIB_CTX *libctx = ossl_provider_libctx(decoder->base.prov); - OSSL_NAMEMAP *namemap = ossl_namemap_stored(libctx); - - return ossl_namemap_doall_names(namemap, decoder->base.id, fn, data); - } - - return 1; -} - -const OSSL_PARAM * -OSSL_DECODER_gettable_params(OSSL_DECODER *decoder) -{ - if (decoder != NULL && decoder->gettable_params != NULL) { - void *provctx = ossl_provider_ctx(OSSL_DECODER_get0_provider(decoder)); - - return decoder->gettable_params(provctx); - } - return NULL; -} - -int OSSL_DECODER_get_params(OSSL_DECODER *decoder, OSSL_PARAM params[]) -{ - if (decoder != NULL && decoder->get_params != NULL) - return decoder->get_params(params); - return 0; -} - -const OSSL_PARAM * -OSSL_DECODER_settable_ctx_params(OSSL_DECODER *decoder) -{ - if (decoder != NULL && decoder->settable_ctx_params != NULL) { - void *provctx = ossl_provider_ctx(OSSL_DECODER_get0_provider(decoder)); - - return decoder->settable_ctx_params(provctx); - } - return NULL; -} - -/* - * Decoder context support - */ - -/* - * |encoder| value NULL is valid, and signifies that there is no decoder. - * This is useful to provide fallback mechanisms. - * Functions that want to verify if there is a decoder can do so with - * OSSL_DECODER_CTX_get_decoder() - */ -OSSL_DECODER_CTX *OSSL_DECODER_CTX_new(void) -{ - OSSL_DECODER_CTX *ctx; - - if ((ctx = OPENSSL_zalloc(sizeof(*ctx))) == NULL) - ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_MALLOC_FAILURE); - - return ctx; -} - -int OSSL_DECODER_CTX_set_params(OSSL_DECODER_CTX *ctx, - const OSSL_PARAM params[]) -{ - int ok = 1; - size_t i; - size_t l; - - if (!ossl_assert(ctx != NULL)) { - ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - - if (ctx->decoder_insts == NULL) - return 1; - - l = OSSL_DECODER_CTX_get_num_decoders(ctx); - for (i = 0; i < l; i++) { - OSSL_DECODER_INSTANCE *decoder_inst = - sk_OSSL_DECODER_INSTANCE_value(ctx->decoder_insts, i); - OSSL_DECODER *decoder = - OSSL_DECODER_INSTANCE_get_decoder(decoder_inst); - OSSL_DECODER *decoderctx = - OSSL_DECODER_INSTANCE_get_decoder_ctx(decoder_inst); - - if (decoderctx == NULL || decoder->set_ctx_params == NULL) - continue; - if (!decoder->set_ctx_params(decoderctx, params)) - ok = 0; - } - return ok; -} - -void OSSL_DECODER_CTX_free(OSSL_DECODER_CTX *ctx) -{ - if (ctx != NULL) { - if (ctx->cleanup != NULL) - ctx->cleanup(ctx->construct_data); - sk_OSSL_DECODER_INSTANCE_pop_free(ctx->decoder_insts, - ossl_decoder_instance_free); - ossl_pw_clear_passphrase_data(&ctx->pwdata); - OPENSSL_free(ctx); - } -} diff --git a/crypto/encode_decode/decoder_pkey.c b/crypto/encode_decode/decoder_pkey.c deleted file mode 100644 index ed10bb1cee035aa02eb693d80aafeeacd578ca35..0000000000000000000000000000000000000000 --- a/crypto/encode_decode/decoder_pkey.c +++ /dev/null @@ -1,462 +0,0 @@ -/* - * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include "crypto/evp.h" -#include "crypto/decoder.h" -#include "encoder_local.h" - -int OSSL_DECODER_CTX_set_passphrase(OSSL_DECODER_CTX *ctx, - const unsigned char *kstr, - size_t klen) -{ - return ossl_pw_set_passphrase(&ctx->pwdata, kstr, klen); -} - -int OSSL_DECODER_CTX_set_passphrase_ui(OSSL_DECODER_CTX *ctx, - const UI_METHOD *ui_method, - void *ui_data) -{ - return ossl_pw_set_ui_method(&ctx->pwdata, ui_method, ui_data); -} - -int OSSL_DECODER_CTX_set_pem_password_cb(OSSL_DECODER_CTX *ctx, - pem_password_cb *cb, void *cbarg) -{ - return ossl_pw_set_pem_password_cb(&ctx->pwdata, cb, cbarg); -} - -int OSSL_DECODER_CTX_set_passphrase_cb(OSSL_DECODER_CTX *ctx, - OSSL_PASSPHRASE_CALLBACK *cb, - void *cbarg) -{ - return ossl_pw_set_ossl_passphrase_cb(&ctx->pwdata, cb, cbarg); -} - -/* - * Support for OSSL_DECODER_CTX_new_for_pkey: - * The construct data, and collecting keymgmt information for it - */ - -DEFINE_STACK_OF(EVP_KEYMGMT) - -struct decoder_pkey_data_st { - OSSL_LIB_CTX *libctx; - char *propq; - int selection; - - STACK_OF(EVP_KEYMGMT) *keymgmts; - char *object_type; /* recorded object data type, may be NULL */ - void **object; /* Where the result should end up */ -}; - -static int decoder_construct_pkey(OSSL_DECODER_INSTANCE *decoder_inst, - const OSSL_PARAM *params, - void *construct_data) -{ - struct decoder_pkey_data_st *data = construct_data; - OSSL_DECODER *decoder = OSSL_DECODER_INSTANCE_get_decoder(decoder_inst); - void *decoderctx = OSSL_DECODER_INSTANCE_get_decoder_ctx(decoder_inst); - const OSSL_PROVIDER *decoder_prov = OSSL_DECODER_get0_provider(decoder); - EVP_KEYMGMT *keymgmt = NULL; - const OSSL_PROVIDER *keymgmt_prov = NULL; - int i, end; - /* - * |object_ref| points to a provider reference to an object, its exact - * contents entirely opaque to us, but may be passed to any provider - * function that expects this (such as OSSL_FUNC_keymgmt_load(). - * - * This pointer is considered volatile, i.e. whatever it points at - * is assumed to be freed as soon as this function returns. - */ - void *object_ref = NULL; - size_t object_ref_sz = 0; - const OSSL_PARAM *p; - - p = OSSL_PARAM_locate_const(params, OSSL_OBJECT_PARAM_DATA_TYPE); - if (p != NULL) { - char *object_type = NULL; - - if (!OSSL_PARAM_get_utf8_string(p, &object_type, 0)) - return 0; - OPENSSL_free(data->object_type); - data->object_type = object_type; - } - - /* - * For stuff that should end up in an EVP_PKEY, we only accept an object - * reference for the moment. This enforces that the key data itself - * remains with the provider. - */ - p = OSSL_PARAM_locate_const(params, OSSL_OBJECT_PARAM_REFERENCE); - if (p == NULL || p->data_type != OSSL_PARAM_OCTET_STRING) - return 0; - object_ref = p->data; - object_ref_sz = p->data_size; - - /* - * First, we try to find a keymgmt that comes from the same provider as - * the decoder that passed the params. - */ - end = sk_EVP_KEYMGMT_num(data->keymgmts); - for (i = 0; i < end; i++) { - keymgmt = sk_EVP_KEYMGMT_value(data->keymgmts, i); - keymgmt_prov = EVP_KEYMGMT_get0_provider(keymgmt); - - if (keymgmt_prov == decoder_prov - && evp_keymgmt_has_load(keymgmt) - && EVP_KEYMGMT_is_a(keymgmt, data->object_type)) - break; - } - if (i < end) { - /* To allow it to be freed further down */ - if (!EVP_KEYMGMT_up_ref(keymgmt)) - return 0; - } else if ((keymgmt = EVP_KEYMGMT_fetch(data->libctx, - data->object_type, - data->propq)) != NULL) { - keymgmt_prov = EVP_KEYMGMT_get0_provider(keymgmt); - } - - if (keymgmt != NULL) { - EVP_PKEY *pkey = NULL; - void *keydata = NULL; - - /* - * If the EVP_KEYMGMT and the OSSL_DECODER are from the - * same provider, we assume that the KEYMGMT has a key loading - * function that can handle the provider reference we hold. - * - * Otherwise, we export from the decoder and import the - * result in the keymgmt. - */ - if (keymgmt_prov == decoder_prov) { - keydata = evp_keymgmt_load(keymgmt, object_ref, object_ref_sz); - } else { - struct evp_keymgmt_util_try_import_data_st import_data; - - import_data.keymgmt = keymgmt; - import_data.keydata = NULL; - import_data.selection = data->selection; - - /* - * No need to check for errors here, the value of - * |import_data.keydata| is as much an indicator. - */ - (void)decoder->export_object(decoderctx, - object_ref, object_ref_sz, - &evp_keymgmt_util_try_import, - &import_data); - keydata = import_data.keydata; - import_data.keydata = NULL; - } - - if (keydata != NULL - && (pkey = evp_keymgmt_util_make_pkey(keymgmt, keydata)) == NULL) - evp_keymgmt_freedata(keymgmt, keydata); - - *data->object = pkey; - - /* - * evp_keymgmt_util_make_pkey() increments the reference count when - * assigning the EVP_PKEY, so we can free the keymgmt here. - */ - EVP_KEYMGMT_free(keymgmt); - } - /* - * We successfully looked through, |*ctx->object| determines if we - * actually found something. - */ - return (*data->object != NULL); -} - -static void decoder_clean_pkey_construct_arg(void *construct_data) -{ - struct decoder_pkey_data_st *data = construct_data; - - if (data != NULL) { - sk_EVP_KEYMGMT_pop_free(data->keymgmts, EVP_KEYMGMT_free); - OPENSSL_free(data->propq); - OPENSSL_free(data->object_type); - OPENSSL_free(data); - } -} - -static void collect_name(const char *name, void *arg) -{ - STACK_OF(OPENSSL_CSTRING) *names = arg; - - sk_OPENSSL_CSTRING_push(names, name); -} - -static void collect_keymgmt(EVP_KEYMGMT *keymgmt, void *arg) -{ - STACK_OF(EVP_KEYMGMT) *keymgmts = arg; - - if (!EVP_KEYMGMT_up_ref(keymgmt) /* ref++ */) - return; - if (sk_EVP_KEYMGMT_push(keymgmts, keymgmt) <= 0) { - EVP_KEYMGMT_free(keymgmt); /* ref-- */ - return; - } -} - -struct collect_decoder_data_st { - STACK_OF(OPENSSL_CSTRING) *names; - OSSL_DECODER_CTX *ctx; - - int total; - unsigned int error_occurred:1; -}; - -static void collect_decoder(OSSL_DECODER *decoder, void *arg) -{ - struct collect_decoder_data_st *data = arg; - size_t i, end_i; - const OSSL_PROVIDER *prov = OSSL_DECODER_get0_provider(decoder); - void *provctx = OSSL_PROVIDER_get0_provider_ctx(prov); - - if (data->error_occurred) - return; - - if (data->names == NULL) { - data->error_occurred = 1; - return; - } - - /* - * Either the caller didn't give a selection, or if they did, - * the decoder must tell us if it supports that selection to - * be accepted. If the decoder doesn't have |does_selection|, - * it's seen as taking anything. - */ - if (decoder->does_selection != NULL - && !decoder->does_selection(provctx, data->ctx->selection)) - return; - - OSSL_TRACE_BEGIN(DECODER) { - BIO_printf(trc_out, - "(ctx %p) Checking out decoder %p:\n" - " %s with %s\n", - (void *)data->ctx, (void *)decoder, - OSSL_DECODER_get0_name(decoder), - OSSL_DECODER_get0_properties(decoder)); - } OSSL_TRACE_END(DECODER); - - end_i = sk_OPENSSL_CSTRING_num(data->names); - for (i = 0; i < end_i; i++) { - const char *name = sk_OPENSSL_CSTRING_value(data->names, i); - - if (OSSL_DECODER_is_a(decoder, name)) { - void *decoderctx = NULL; - OSSL_DECODER_INSTANCE *di = NULL; - - if ((decoderctx = decoder->newctx(provctx)) == NULL) { - data->error_occurred = 1; - return; - } - if ((di = ossl_decoder_instance_new(decoder, decoderctx)) == NULL) { - decoder->freectx(decoderctx); - data->error_occurred = 1; - return; - } - - OSSL_TRACE_BEGIN(DECODER) { - BIO_printf(trc_out, - "(ctx %p) Checking out decoder %p:\n" - " %s with %s\n", - (void *)data->ctx, (void *)decoder, - OSSL_DECODER_get0_name(decoder), - OSSL_DECODER_get0_properties(decoder)); - } OSSL_TRACE_END(DECODER); - - if (!ossl_decoder_ctx_add_decoder_inst(data->ctx, di)) { - ossl_decoder_instance_free(di); - data->error_occurred = 1; - return; - } - data->total++; - - /* Success */ - return; - } - } - - /* Decoder not suitable - but not a fatal error */ - data->error_occurred = 0; -} - -int ossl_decoder_ctx_setup_for_pkey(OSSL_DECODER_CTX *ctx, - EVP_PKEY **pkey, const char *keytype, - OSSL_LIB_CTX *libctx, - const char *propquery) -{ - struct decoder_pkey_data_st *process_data = NULL; - STACK_OF(OPENSSL_CSTRING) *names = NULL; - const char *input_type = ctx->start_input_type; - const char *input_structure = ctx->input_structure; - int ok = 0; - int isecoid = 0; - int i, end; - - if (keytype != NULL - && (strcmp(keytype, "id-ecPublicKey") == 0 - || strcmp(keytype, "1.2.840.10045.2.1") == 0)) - isecoid = 1; - - OSSL_TRACE_BEGIN(DECODER) { - BIO_printf(trc_out, - "(ctx %p) Looking for decoders producing %s%s%s%s%s%s\n", - (void *)ctx, - keytype != NULL ? keytype : "", - keytype != NULL ? " keys" : "keys of any type", - input_type != NULL ? " from " : "", - input_type != NULL ? input_type : "", - input_structure != NULL ? " with " : "", - input_structure != NULL ? input_structure : ""); - } OSSL_TRACE_END(DECODER); - - if ((process_data = OPENSSL_zalloc(sizeof(*process_data))) == NULL - || (propquery != NULL - && (process_data->propq = OPENSSL_strdup(propquery)) == NULL) - || (process_data->keymgmts = sk_EVP_KEYMGMT_new_null()) == NULL - || (names = sk_OPENSSL_CSTRING_new_null()) == NULL) { - ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_MALLOC_FAILURE); - goto err; - } - - process_data->object = (void **)pkey; - process_data->libctx = libctx; - process_data->selection = ctx->selection; - - /* First, find all keymgmts to form goals */ - EVP_KEYMGMT_do_all_provided(libctx, collect_keymgmt, - process_data->keymgmts); - - /* Then, we collect all the keymgmt names */ - end = sk_EVP_KEYMGMT_num(process_data->keymgmts); - for (i = 0; i < end; i++) { - EVP_KEYMGMT *keymgmt = sk_EVP_KEYMGMT_value(process_data->keymgmts, i); - - /* - * If the key type is given by the caller, we only use the matching - * KEYMGMTs, otherwise we use them all. - * We have to special case SM2 here because of its abuse of the EC OID. - * The EC OID can be used to identify an EC key or an SM2 key - so if - * we have seen that OID we try both key types - */ - if (keytype == NULL - || EVP_KEYMGMT_is_a(keymgmt, keytype) - || (isecoid && EVP_KEYMGMT_is_a(keymgmt, "SM2"))) { - if (!EVP_KEYMGMT_names_do_all(keymgmt, collect_name, names)) { - ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_INTERNAL_ERROR); - goto err; - } - } - } - - OSSL_TRACE_BEGIN(DECODER) { - end = sk_OPENSSL_CSTRING_num(names); - BIO_printf(trc_out, - " Found %d keytypes (possibly with duplicates)", - end); - for (i = 0; i < end; i++) - BIO_printf(trc_out, "%s%s", - i == 0 ? ": " : ", ", - sk_OPENSSL_CSTRING_value(names, i)); - BIO_printf(trc_out, "\n"); - } OSSL_TRACE_END(DECODER); - - /* - * Finally, find all decoders that have any keymgmt of the collected - * keymgmt names - */ - { - struct collect_decoder_data_st collect_decoder_data = { NULL, }; - - collect_decoder_data.names = names; - collect_decoder_data.ctx = ctx; - OSSL_DECODER_do_all_provided(libctx, - collect_decoder, &collect_decoder_data); - sk_OPENSSL_CSTRING_free(names); - names = NULL; - - if (collect_decoder_data.error_occurred) - goto err; - - OSSL_TRACE_BEGIN(DECODER) { - BIO_printf(trc_out, - "(ctx %p) Got %d decoders producing keys\n", - (void *)ctx, collect_decoder_data.total); - } OSSL_TRACE_END(DECODER); - } - - if (OSSL_DECODER_CTX_get_num_decoders(ctx) != 0) { - if (!OSSL_DECODER_CTX_set_construct(ctx, decoder_construct_pkey) - || !OSSL_DECODER_CTX_set_construct_data(ctx, process_data) - || !OSSL_DECODER_CTX_set_cleanup(ctx, - decoder_clean_pkey_construct_arg)) - goto err; - - process_data = NULL; /* Avoid it being freed */ - } - - ok = 1; - err: - decoder_clean_pkey_construct_arg(process_data); - sk_OPENSSL_CSTRING_free(names); - - return ok; -} - -OSSL_DECODER_CTX * -OSSL_DECODER_CTX_new_for_pkey(EVP_PKEY **pkey, - const char *input_type, - const char *input_structure, - const char *keytype, int selection, - OSSL_LIB_CTX *libctx, const char *propquery) -{ - OSSL_DECODER_CTX *ctx = NULL; - - if ((ctx = OSSL_DECODER_CTX_new()) == NULL) { - ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_MALLOC_FAILURE); - return NULL; - } - - OSSL_TRACE_BEGIN(DECODER) { - BIO_printf(trc_out, - "(ctx %p) Looking for %s decoders with selection %d\n", - (void *)ctx, keytype, selection); - BIO_printf(trc_out, " input type: %s, input structure: %s\n", - input_type, input_structure); - } OSSL_TRACE_END(DECODER); - - if (OSSL_DECODER_CTX_set_input_type(ctx, input_type) - && OSSL_DECODER_CTX_set_input_structure(ctx, input_structure) - && OSSL_DECODER_CTX_set_selection(ctx, selection) - && ossl_decoder_ctx_setup_for_pkey(ctx, pkey, keytype, - libctx, propquery) - && OSSL_DECODER_CTX_add_extra(ctx, libctx, propquery)) { - OSSL_TRACE_BEGIN(DECODER) { - BIO_printf(trc_out, "(ctx %p) Got %d decoders\n", - (void *)ctx, OSSL_DECODER_CTX_get_num_decoders(ctx)); - } OSSL_TRACE_END(DECODER); - return ctx; - } - - OSSL_DECODER_CTX_free(ctx); - return NULL; -} diff --git a/crypto/encode_decode/encoder_err.c b/crypto/encode_decode/encoder_err.c deleted file mode 100644 index a904e87ef2e7cedc21ed7d55e60d68ee52377665..0000000000000000000000000000000000000000 --- a/crypto/encode_decode/encoder_err.c +++ /dev/null @@ -1,36 +0,0 @@ -/* - * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include "crypto/encodererr.h" - -#ifndef OPENSSL_NO_ERR - -static const ERR_STRING_DATA OSSL_ENCODER_str_reasons[] = { - {ERR_PACK(ERR_LIB_OSSL_ENCODER, 0, OSSL_ENCODER_R_ENCODER_NOT_FOUND), - "encoder not found"}, - {ERR_PACK(ERR_LIB_OSSL_ENCODER, 0, OSSL_ENCODER_R_INCORRECT_PROPERTY_QUERY), - "incorrect property query"}, - {ERR_PACK(ERR_LIB_OSSL_ENCODER, 0, OSSL_ENCODER_R_MISSING_GET_PARAMS), - "missing get params"}, - {0, NULL} -}; - -#endif - -int ossl_err_load_OSSL_ENCODER_strings(void) -{ -#ifndef OPENSSL_NO_ERR - if (ERR_reason_error_string(OSSL_ENCODER_str_reasons[0].error) == NULL) - ERR_load_strings_const(OSSL_ENCODER_str_reasons); -#endif - return 1; -} diff --git a/crypto/encode_decode/encoder_lib.c b/crypto/encode_decode/encoder_lib.c deleted file mode 100644 index 7a55c7ab9a2730da58404ece497c5d648bf32f1f..0000000000000000000000000000000000000000 --- a/crypto/encode_decode/encoder_lib.c +++ /dev/null @@ -1,674 +0,0 @@ -/* - * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include -#include -#include -#include -#include "internal/bio.h" -#include "internal/provider.h" -#include "encoder_local.h" - -struct encoder_process_data_st { - OSSL_ENCODER_CTX *ctx; - - /* Current BIO */ - BIO *bio; - - /* Index of the current encoder instance to be processed */ - int current_encoder_inst_index; - - /* Processing data passed down through recursion */ - int level; /* Recursion level */ - OSSL_ENCODER_INSTANCE *next_encoder_inst; - int count_output_structure; - - /* Processing data passed up through recursion */ - OSSL_ENCODER_INSTANCE *prev_encoder_inst; - unsigned char *running_output; - size_t running_output_length; - /* Data type = the name of the first succeeding encoder implementation */ - const char *data_type; -}; - -static int encoder_process(struct encoder_process_data_st *data); - -int OSSL_ENCODER_to_bio(OSSL_ENCODER_CTX *ctx, BIO *out) -{ - struct encoder_process_data_st data; - - memset(&data, 0, sizeof(data)); - data.ctx = ctx; - data.bio = out; - data.current_encoder_inst_index = OSSL_ENCODER_CTX_get_num_encoders(ctx); - - if (data.current_encoder_inst_index == 0) { - ERR_raise_data(ERR_LIB_OSSL_ENCODER, OSSL_ENCODER_R_ENCODER_NOT_FOUND, - "No encoders were found. For standard encoders you need " - "at least one of the default or base providers " - "available. Did you forget to load them?"); - return 0; - } - - return encoder_process(&data) > 0; -} - -#ifndef OPENSSL_NO_STDIO -static BIO *bio_from_file(FILE *fp) -{ - BIO *b; - - if ((b = BIO_new(BIO_s_file())) == NULL) { - ERR_raise(ERR_LIB_OSSL_ENCODER, ERR_R_BUF_LIB); - return NULL; - } - BIO_set_fp(b, fp, BIO_NOCLOSE); - return b; -} - -int OSSL_ENCODER_to_fp(OSSL_ENCODER_CTX *ctx, FILE *fp) -{ - BIO *b = bio_from_file(fp); - int ret = 0; - - if (b != NULL) - ret = OSSL_ENCODER_to_bio(ctx, b); - - BIO_free(b); - return ret; -} -#endif - -int OSSL_ENCODER_to_data(OSSL_ENCODER_CTX *ctx, unsigned char **pdata, - size_t *pdata_len) -{ - BIO *out; - BUF_MEM *buf = NULL; - int ret = 0; - - if (pdata_len == NULL) { - ERR_raise(ERR_LIB_OSSL_ENCODER, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - - out = BIO_new(BIO_s_mem()); - - if (out != NULL - && OSSL_ENCODER_to_bio(ctx, out) - && BIO_get_mem_ptr(out, &buf) > 0) { - ret = 1; /* Hope for the best. A too small buffer will clear this */ - - if (pdata != NULL && *pdata != NULL) { - if (*pdata_len < buf->length) - /* - * It's tempting to do |*pdata_len = (size_t)buf->length| - * However, it's believed to be confusing more than helpful, - * so we don't. - */ - ret = 0; - else - *pdata_len -= buf->length; - } else { - /* The buffer with the right size is already allocated for us */ - *pdata_len = (size_t)buf->length; - } - - if (ret) { - if (pdata != NULL) { - if (*pdata != NULL) { - memcpy(*pdata, buf->data, buf->length); - *pdata += buf->length; - } else { - /* In this case, we steal the data from BIO_s_mem() */ - *pdata = (unsigned char *)buf->data; - buf->data = NULL; - } - } - } - } - BIO_free(out); - return ret; -} - -int OSSL_ENCODER_CTX_set_selection(OSSL_ENCODER_CTX *ctx, int selection) -{ - if (!ossl_assert(ctx != NULL)) { - ERR_raise(ERR_LIB_OSSL_ENCODER, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - - if (!ossl_assert(selection != 0)) { - ERR_raise(ERR_LIB_OSSL_ENCODER, ERR_R_PASSED_INVALID_ARGUMENT); - return 0; - } - - ctx->selection = selection; - return 1; -} - -int OSSL_ENCODER_CTX_set_output_type(OSSL_ENCODER_CTX *ctx, - const char *output_type) -{ - if (!ossl_assert(ctx != NULL) || !ossl_assert(output_type != NULL)) { - ERR_raise(ERR_LIB_OSSL_ENCODER, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - - ctx->output_type = output_type; - return 1; -} - -int OSSL_ENCODER_CTX_set_output_structure(OSSL_ENCODER_CTX *ctx, - const char *output_structure) -{ - if (!ossl_assert(ctx != NULL) || !ossl_assert(output_structure != NULL)) { - ERR_raise(ERR_LIB_OSSL_ENCODER, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - - ctx->output_structure = output_structure; - return 1; -} - -static OSSL_ENCODER_INSTANCE *ossl_encoder_instance_new(OSSL_ENCODER *encoder, - void *encoderctx) -{ - OSSL_ENCODER_INSTANCE *encoder_inst = NULL; - const OSSL_PROVIDER *prov; - OSSL_LIB_CTX *libctx; - const OSSL_PROPERTY_LIST *props; - const OSSL_PROPERTY_DEFINITION *prop; - - if (!ossl_assert(encoder != NULL)) { - ERR_raise(ERR_LIB_OSSL_ENCODER, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - - if ((encoder_inst = OPENSSL_zalloc(sizeof(*encoder_inst))) == NULL) { - ERR_raise(ERR_LIB_OSSL_ENCODER, ERR_R_MALLOC_FAILURE); - return 0; - } - - if (!OSSL_ENCODER_up_ref(encoder)) { - ERR_raise(ERR_LIB_OSSL_ENCODER, ERR_R_INTERNAL_ERROR); - goto err; - } - - prov = OSSL_ENCODER_get0_provider(encoder); - libctx = ossl_provider_libctx(prov); - props = ossl_encoder_parsed_properties(encoder); - if (props == NULL) { - ERR_raise_data(ERR_LIB_OSSL_DECODER, ERR_R_INVALID_PROPERTY_DEFINITION, - "there are no property definitions with encoder %s", - OSSL_ENCODER_get0_name(encoder)); - goto err; - } - - /* The "output" property is mandatory */ - prop = ossl_property_find_property(props, libctx, "output"); - encoder_inst->output_type = ossl_property_get_string_value(libctx, prop); - if (encoder_inst->output_type == NULL) { - ERR_raise_data(ERR_LIB_OSSL_DECODER, ERR_R_INVALID_PROPERTY_DEFINITION, - "the mandatory 'output' property is missing " - "for encoder %s (properties: %s)", - OSSL_ENCODER_get0_name(encoder), - OSSL_ENCODER_get0_properties(encoder)); - goto err; - } - - /* The "structure" property is optional */ - prop = ossl_property_find_property(props, libctx, "structure"); - if (prop != NULL) - encoder_inst->output_structure - = ossl_property_get_string_value(libctx, prop); - - encoder_inst->encoder = encoder; - encoder_inst->encoderctx = encoderctx; - return encoder_inst; - err: - ossl_encoder_instance_free(encoder_inst); - return NULL; -} - -void ossl_encoder_instance_free(OSSL_ENCODER_INSTANCE *encoder_inst) -{ - if (encoder_inst != NULL) { - if (encoder_inst->encoder != NULL) - encoder_inst->encoder->freectx(encoder_inst->encoderctx); - encoder_inst->encoderctx = NULL; - OSSL_ENCODER_free(encoder_inst->encoder); - encoder_inst->encoder = NULL; - OPENSSL_free(encoder_inst); - } -} - -static int ossl_encoder_ctx_add_encoder_inst(OSSL_ENCODER_CTX *ctx, - OSSL_ENCODER_INSTANCE *ei) -{ - int ok; - - if (ctx->encoder_insts == NULL - && (ctx->encoder_insts = - sk_OSSL_ENCODER_INSTANCE_new_null()) == NULL) { - ERR_raise(ERR_LIB_OSSL_ENCODER, ERR_R_MALLOC_FAILURE); - return 0; - } - - ok = (sk_OSSL_ENCODER_INSTANCE_push(ctx->encoder_insts, ei) > 0); - if (ok) { - OSSL_TRACE_BEGIN(ENCODER) { - BIO_printf(trc_out, - "(ctx %p) Added encoder instance %p (encoder %p):\n" - " %s with %s\n", - (void *)ctx, (void *)ei, (void *)ei->encoder, - OSSL_ENCODER_get0_name(ei->encoder), - OSSL_ENCODER_get0_properties(ei->encoder)); - } OSSL_TRACE_END(ENCODER); - } - return ok; -} - -int OSSL_ENCODER_CTX_add_encoder(OSSL_ENCODER_CTX *ctx, OSSL_ENCODER *encoder) -{ - OSSL_ENCODER_INSTANCE *encoder_inst = NULL; - const OSSL_PROVIDER *prov = NULL; - void *encoderctx = NULL; - void *provctx = NULL; - - if (!ossl_assert(ctx != NULL) || !ossl_assert(encoder != NULL)) { - ERR_raise(ERR_LIB_OSSL_ENCODER, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - - prov = OSSL_ENCODER_get0_provider(encoder); - provctx = OSSL_PROVIDER_get0_provider_ctx(prov); - - if ((encoderctx = encoder->newctx(provctx)) == NULL - || (encoder_inst = - ossl_encoder_instance_new(encoder, encoderctx)) == NULL) - goto err; - /* Avoid double free of encoderctx on further errors */ - encoderctx = NULL; - - if (!ossl_encoder_ctx_add_encoder_inst(ctx, encoder_inst)) - goto err; - - return 1; - err: - ossl_encoder_instance_free(encoder_inst); - if (encoderctx != NULL) - encoder->freectx(encoderctx); - return 0; -} - -int OSSL_ENCODER_CTX_add_extra(OSSL_ENCODER_CTX *ctx, - OSSL_LIB_CTX *libctx, const char *propq) -{ - return 1; -} - -int OSSL_ENCODER_CTX_get_num_encoders(OSSL_ENCODER_CTX *ctx) -{ - if (ctx == NULL || ctx->encoder_insts == NULL) - return 0; - return sk_OSSL_ENCODER_INSTANCE_num(ctx->encoder_insts); -} - -int OSSL_ENCODER_CTX_set_construct(OSSL_ENCODER_CTX *ctx, - OSSL_ENCODER_CONSTRUCT *construct) -{ - if (!ossl_assert(ctx != NULL)) { - ERR_raise(ERR_LIB_OSSL_ENCODER, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - ctx->construct = construct; - return 1; -} - -int OSSL_ENCODER_CTX_set_construct_data(OSSL_ENCODER_CTX *ctx, - void *construct_data) -{ - if (!ossl_assert(ctx != NULL)) { - ERR_raise(ERR_LIB_OSSL_ENCODER, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - ctx->construct_data = construct_data; - return 1; -} - -int OSSL_ENCODER_CTX_set_cleanup(OSSL_ENCODER_CTX *ctx, - OSSL_ENCODER_CLEANUP *cleanup) -{ - if (!ossl_assert(ctx != NULL)) { - ERR_raise(ERR_LIB_OSSL_ENCODER, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - ctx->cleanup = cleanup; - return 1; -} - -OSSL_ENCODER * -OSSL_ENCODER_INSTANCE_get_encoder(OSSL_ENCODER_INSTANCE *encoder_inst) -{ - if (encoder_inst == NULL) - return NULL; - return encoder_inst->encoder; -} - -void * -OSSL_ENCODER_INSTANCE_get_encoder_ctx(OSSL_ENCODER_INSTANCE *encoder_inst) -{ - if (encoder_inst == NULL) - return NULL; - return encoder_inst->encoderctx; -} - -const char * -OSSL_ENCODER_INSTANCE_get_output_type(OSSL_ENCODER_INSTANCE *encoder_inst) -{ - if (encoder_inst == NULL) - return NULL; - return encoder_inst->output_type; -} - -const char * -OSSL_ENCODER_INSTANCE_get_output_structure(OSSL_ENCODER_INSTANCE *encoder_inst) -{ - if (encoder_inst == NULL) - return NULL; - return encoder_inst->output_structure; -} - -static int encoder_process(struct encoder_process_data_st *data) -{ - OSSL_ENCODER_INSTANCE *current_encoder_inst = NULL; - OSSL_ENCODER *current_encoder = NULL; - OSSL_ENCODER_CTX *current_encoder_ctx = NULL; - BIO *allocated_out = NULL; - const void *original_data = NULL; - OSSL_PARAM abstract[10]; - const OSSL_PARAM *current_abstract = NULL; - int i; - int ok = -1; /* -1 signifies that the lookup loop gave nothing */ - int top = 0; - - if (data->next_encoder_inst == NULL) { - /* First iteration, where we prepare for what is to come */ - - data->count_output_structure = - data->ctx->output_structure == NULL ? -1 : 0; - top = 1; - } - - for (i = data->current_encoder_inst_index; i-- > 0;) { - OSSL_ENCODER *next_encoder = NULL; - const char *current_output_type; - const char *current_output_structure; - struct encoder_process_data_st new_data; - - if (!top) - next_encoder = - OSSL_ENCODER_INSTANCE_get_encoder(data->next_encoder_inst); - - current_encoder_inst = - sk_OSSL_ENCODER_INSTANCE_value(data->ctx->encoder_insts, i); - current_encoder = - OSSL_ENCODER_INSTANCE_get_encoder(current_encoder_inst); - current_encoder_ctx = - OSSL_ENCODER_INSTANCE_get_encoder_ctx(current_encoder_inst); - current_output_type = - OSSL_ENCODER_INSTANCE_get_output_type(current_encoder_inst); - current_output_structure = - OSSL_ENCODER_INSTANCE_get_output_structure(current_encoder_inst); - memset(&new_data, 0, sizeof(new_data)); - new_data.ctx = data->ctx; - new_data.current_encoder_inst_index = i; - new_data.next_encoder_inst = current_encoder_inst; - new_data.count_output_structure = data->count_output_structure; - new_data.level = data->level + 1; - - OSSL_TRACE_BEGIN(ENCODER) { - BIO_printf(trc_out, - "[%d] (ctx %p) Considering encoder instance %p (encoder %p)\n", - data->level, (void *)data->ctx, - (void *)current_encoder_inst, (void *)current_encoder); - } OSSL_TRACE_END(ENCODER); - - /* - * If this is the top call, we check if the output type of the current - * encoder matches the desired output type. - * If this isn't the top call, i.e. this is deeper in the recursion, - * we instead check if the output type of the current encoder matches - * the name of the next encoder (the one found by the parent call). - */ - if (top) { - if (data->ctx->output_type != NULL - && OPENSSL_strcasecmp(current_output_type, - data->ctx->output_type) != 0) { - OSSL_TRACE_BEGIN(ENCODER) { - BIO_printf(trc_out, - "[%d] Skipping because current encoder output type (%s) != desired output type (%s)\n", - data->level, - current_output_type, data->ctx->output_type); - } OSSL_TRACE_END(ENCODER); - continue; - } - } else { - if (!OSSL_ENCODER_is_a(next_encoder, current_output_type)) { - OSSL_TRACE_BEGIN(ENCODER) { - BIO_printf(trc_out, - "[%d] Skipping because current encoder output type (%s) != name of encoder %p\n", - data->level, - current_output_type, (void *)next_encoder); - } OSSL_TRACE_END(ENCODER); - continue; - } - } - - /* - * If the caller and the current encoder specify an output structure, - * Check if they match. If they do, count the match, otherwise skip - * the current encoder. - */ - if (data->ctx->output_structure != NULL - && current_output_structure != NULL) { - if (OPENSSL_strcasecmp(data->ctx->output_structure, - current_output_structure) != 0) { - OSSL_TRACE_BEGIN(ENCODER) { - BIO_printf(trc_out, - "[%d] Skipping because current encoder output structure (%s) != ctx output structure (%s)\n", - data->level, - current_output_structure, - data->ctx->output_structure); - } OSSL_TRACE_END(ENCODER); - continue; - } - - data->count_output_structure++; - } - - /* - * Recurse to process the encoder implementations before the current - * one. - */ - ok = encoder_process(&new_data); - - data->prev_encoder_inst = new_data.prev_encoder_inst; - data->running_output = new_data.running_output; - data->running_output_length = new_data.running_output_length; - - /* - * ok == -1 means that the recursion call above gave no further - * encoders, and that the one we're currently at should - * be tried. - * ok == 0 means that something failed in the recursion call - * above, making the result unsuitable for a chain. - * In this case, we simply continue to try finding a - * suitable encoder at this recursion level. - * ok == 1 means that the recursion call was successful, and we - * try to use the result at this recursion level. - */ - if (ok != 0) - break; - - OSSL_TRACE_BEGIN(ENCODER) { - BIO_printf(trc_out, - "[%d] Skipping because recusion level %d failed\n", - data->level, new_data.level); - } OSSL_TRACE_END(ENCODER); - } - - /* - * If |i < 0|, we didn't find any useful encoder in this recursion, so - * we do the rest of the process only if |i >= 0|. - */ - if (i < 0) { - ok = -1; - - OSSL_TRACE_BEGIN(ENCODER) { - BIO_printf(trc_out, - "[%d] (ctx %p) No suitable encoder found\n", - data->level, (void *)data->ctx); - } OSSL_TRACE_END(ENCODER); - } else { - /* Preparations */ - - switch (ok) { - case 0: - break; - case -1: - /* - * We have reached the beginning of the encoder instance sequence, - * so we prepare the object to be encoded. - */ - - /* - * |data->count_output_structure| is one of these values: - * - * -1 There is no desired output structure - * 0 There is a desired output structure, and it wasn't - * matched by any of the encoder instances that were - * considered - * >0 There is a desired output structure, and at least one - * of the encoder instances matched it - */ - if (data->count_output_structure == 0) - return 0; - - original_data = - data->ctx->construct(current_encoder_inst, - data->ctx->construct_data); - - /* Also set the data type, using the encoder implementation name */ - data->data_type = OSSL_ENCODER_get0_name(current_encoder); - - /* Assume that the constructor recorded an error */ - if (original_data != NULL) - ok = 1; - else - ok = 0; - break; - case 1: - if (!ossl_assert(data->running_output != NULL)) { - ERR_raise(ERR_LIB_OSSL_ENCODER, ERR_R_INTERNAL_ERROR); - ok = 0; - break; - } - - { - /* - * Create an object abstraction from the latest output, which - * was stolen from the previous round. - */ - - OSSL_PARAM *abstract_p = abstract; - const char *prev_output_structure = - OSSL_ENCODER_INSTANCE_get_output_structure(data->prev_encoder_inst); - - *abstract_p++ = - OSSL_PARAM_construct_utf8_string(OSSL_OBJECT_PARAM_DATA_TYPE, - (char *)data->data_type, 0); - if (prev_output_structure != NULL) - *abstract_p++ = - OSSL_PARAM_construct_utf8_string(OSSL_OBJECT_PARAM_DATA_STRUCTURE, - (char *)prev_output_structure, - 0); - *abstract_p++ = - OSSL_PARAM_construct_octet_string(OSSL_OBJECT_PARAM_DATA, - data->running_output, - data->running_output_length); - *abstract_p = OSSL_PARAM_construct_end(); - current_abstract = abstract; - } - break; - } - - /* Calling the encoder implementation */ - - if (ok) { - OSSL_CORE_BIO *cbio = NULL; - BIO *current_out = NULL; - - /* - * If we're at the last encoder instance to use, we're setting up - * final output. Otherwise, set up an intermediary memory output. - */ - if (top) - current_out = data->bio; - else if ((current_out = allocated_out = BIO_new(BIO_s_mem())) - == NULL) - ok = 0; /* Assume BIO_new() recorded an error */ - - if (ok) - ok = (cbio = ossl_core_bio_new_from_bio(current_out)) != NULL; - if (ok) { - ok = current_encoder->encode(current_encoder_ctx, cbio, - original_data, current_abstract, - data->ctx->selection, - ossl_pw_passphrase_callback_enc, - &data->ctx->pwdata); - OSSL_TRACE_BEGIN(ENCODER) { - BIO_printf(trc_out, - "[%d] (ctx %p) Running encoder instance %p => %d\n", - data->level, (void *)data->ctx, - (void *)current_encoder_inst, ok); - } OSSL_TRACE_END(ENCODER); - } - - ossl_core_bio_free(cbio); - data->prev_encoder_inst = current_encoder_inst; - } - } - - /* Cleanup and collecting the result */ - - OPENSSL_free(data->running_output); - data->running_output = NULL; - - /* - * Steal the output from the BIO_s_mem, if we did allocate one. - * That'll be the data for an object abstraction in the next round. - */ - if (allocated_out != NULL) { - BUF_MEM *buf; - - BIO_get_mem_ptr(allocated_out, &buf); - data->running_output = (unsigned char *)buf->data; - data->running_output_length = buf->length; - memset(buf, 0, sizeof(*buf)); - } - - BIO_free(allocated_out); - if (original_data != NULL) - data->ctx->cleanup(data->ctx->construct_data); - return ok; -} diff --git a/crypto/encode_decode/encoder_local.h b/crypto/encode_decode/encoder_local.h deleted file mode 100644 index c1885ffc771feaa3102ccc990a508848163e6113..0000000000000000000000000000000000000000 --- a/crypto/encode_decode/encoder_local.h +++ /dev/null @@ -1,164 +0,0 @@ -/* - * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include -#include -#include "internal/cryptlib.h" -#include "internal/passphrase.h" -#include "internal/property.h" -#include "internal/refcount.h" - -struct ossl_endecode_base_st { - OSSL_PROVIDER *prov; - int id; - char *name; - const OSSL_ALGORITHM *algodef; - OSSL_PROPERTY_LIST *parsed_propdef; - - CRYPTO_REF_COUNT refcnt; - CRYPTO_RWLOCK *lock; -}; - -struct ossl_encoder_st { - struct ossl_endecode_base_st base; - OSSL_FUNC_encoder_newctx_fn *newctx; - OSSL_FUNC_encoder_freectx_fn *freectx; - OSSL_FUNC_encoder_get_params_fn *get_params; - OSSL_FUNC_encoder_gettable_params_fn *gettable_params; - OSSL_FUNC_encoder_set_ctx_params_fn *set_ctx_params; - OSSL_FUNC_encoder_settable_ctx_params_fn *settable_ctx_params; - OSSL_FUNC_encoder_does_selection_fn *does_selection; - OSSL_FUNC_encoder_encode_fn *encode; - OSSL_FUNC_encoder_import_object_fn *import_object; - OSSL_FUNC_encoder_free_object_fn *free_object; -}; - -struct ossl_decoder_st { - struct ossl_endecode_base_st base; - OSSL_FUNC_decoder_newctx_fn *newctx; - OSSL_FUNC_decoder_freectx_fn *freectx; - OSSL_FUNC_decoder_get_params_fn *get_params; - OSSL_FUNC_decoder_gettable_params_fn *gettable_params; - OSSL_FUNC_decoder_set_ctx_params_fn *set_ctx_params; - OSSL_FUNC_decoder_settable_ctx_params_fn *settable_ctx_params; - OSSL_FUNC_decoder_does_selection_fn *does_selection; - OSSL_FUNC_decoder_decode_fn *decode; - OSSL_FUNC_decoder_export_object_fn *export_object; -}; - -struct ossl_encoder_instance_st { - OSSL_ENCODER *encoder; /* Never NULL */ - void *encoderctx; /* Never NULL */ - const char *output_type; /* Never NULL */ - const char *output_structure; /* May be NULL */ -}; - -DEFINE_STACK_OF(OSSL_ENCODER_INSTANCE) - -void ossl_encoder_instance_free(OSSL_ENCODER_INSTANCE *encoder_inst); - -struct ossl_encoder_ctx_st { - /* - * Select what parts of an object will be encoded. This selection is - * bit encoded, and the bits correspond to selection bits available with - * the provider side operation. For example, when encoding an EVP_PKEY, - * the OSSL_KEYMGMT_SELECT_ macros are used for this. - */ - int selection; - /* - * The desired output type. The encoder implementation must have a - * gettable "output-type" parameter that this will match against. - */ - const char *output_type; - /* - * The desired output structure, if that's relevant for the type of - * object being encoded. It may be used for selection of the starting - * encoder implementations in a chain. - */ - const char *output_structure; - - /* - * Decoders that are components of any current decoding path. - */ - STACK_OF(OSSL_ENCODER_INSTANCE) *encoder_insts; - - /* - * The constructor and destructor of an object to pass to the first - * encoder in a chain. - */ - OSSL_ENCODER_CONSTRUCT *construct; - OSSL_ENCODER_CLEANUP *cleanup; - void *construct_data; - - /* For any function that needs a passphrase reader */ - struct ossl_passphrase_data_st pwdata; -}; - -struct ossl_decoder_instance_st { - OSSL_DECODER *decoder; /* Never NULL */ - void *decoderctx; /* Never NULL */ - const char *input_type; /* Never NULL */ - const char *input_structure; /* May be NULL */ - - unsigned int flag_input_structure_was_set : 1; -}; - -DEFINE_STACK_OF(OSSL_DECODER_INSTANCE) - -struct ossl_decoder_ctx_st { - /* - * The caller may know the input type of the data they pass. If not, - * this will remain NULL and the decoding functionality will start - * with trying to decode with any desencoder in |decoder_insts|, - * regardless of their respective input type. - */ - const char *start_input_type; - /* - * The desired input structure, if that's relevant for the type of - * object being encoded. It may be used for selection of the ending - * decoder implementations in a chain, i.e. those chosen using the - * expected output data type. - */ - const char *input_structure; - /* - * Select what parts of an object are expected. This may affect what - * decoder implementations are selected, because there are structures - * that look different depending on this selection; for example, EVP_PKEY - * objects often have different encoding structures for private keys, - * public keys and key parameters. - * This selection is bit encoded, and the bits correspond to selection - * bits available with the provider side operation. For example, when - * encoding an EVP_PKEY, the OSSL_KEYMGMT_SELECT_ macros are used for - * this. - */ - int selection; - - /* - * Decoders that are components of any current decoding path. - */ - STACK_OF(OSSL_DECODER_INSTANCE) *decoder_insts; - - /* - * The constructors of a decoding, and its caller argument. - */ - OSSL_DECODER_CONSTRUCT *construct; - OSSL_DECODER_CLEANUP *cleanup; - void *construct_data; - - /* For any function that needs a passphrase reader */ - struct ossl_passphrase_data_st pwdata; -}; - -const OSSL_PROPERTY_LIST * -ossl_decoder_parsed_properties(const OSSL_DECODER *decoder); -const OSSL_PROPERTY_LIST * -ossl_encoder_parsed_properties(const OSSL_ENCODER *encoder); diff --git a/crypto/encode_decode/encoder_meth.c b/crypto/encode_decode/encoder_meth.c deleted file mode 100644 index 89e7b6abf855ddf1c913fd6f7a3bc3515abe78fe..0000000000000000000000000000000000000000 --- a/crypto/encode_decode/encoder_meth.c +++ /dev/null @@ -1,700 +0,0 @@ -/* - * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include -#include "internal/core.h" -#include "internal/namemap.h" -#include "internal/property.h" -#include "internal/provider.h" -#include "crypto/encoder.h" -#include "encoder_local.h" - -/* - * Encoder can have multiple names, separated with colons in a name string - */ -#define NAME_SEPARATOR ':' - -/* Simple method structure constructor and destructor */ -static OSSL_ENCODER *ossl_encoder_new(void) -{ - OSSL_ENCODER *encoder = NULL; - - if ((encoder = OPENSSL_zalloc(sizeof(*encoder))) == NULL - || (encoder->base.lock = CRYPTO_THREAD_lock_new()) == NULL) { - OSSL_ENCODER_free(encoder); - ERR_raise(ERR_LIB_OSSL_ENCODER, ERR_R_MALLOC_FAILURE); - return NULL; - } - - encoder->base.refcnt = 1; - - return encoder; -} - -int OSSL_ENCODER_up_ref(OSSL_ENCODER *encoder) -{ - int ref = 0; - - CRYPTO_UP_REF(&encoder->base.refcnt, &ref, encoder->base.lock); - return 1; -} - -void OSSL_ENCODER_free(OSSL_ENCODER *encoder) -{ - int ref = 0; - - if (encoder == NULL) - return; - - CRYPTO_DOWN_REF(&encoder->base.refcnt, &ref, encoder->base.lock); - if (ref > 0) - return; - OPENSSL_free(encoder->base.name); - ossl_property_free(encoder->base.parsed_propdef); - ossl_provider_free(encoder->base.prov); - CRYPTO_THREAD_lock_free(encoder->base.lock); - OPENSSL_free(encoder); -} - -/* Permanent encoder method store, constructor and destructor */ -static void encoder_store_free(void *vstore) -{ - ossl_method_store_free(vstore); -} - -static void *encoder_store_new(OSSL_LIB_CTX *ctx) -{ - return ossl_method_store_new(ctx); -} - - -static const OSSL_LIB_CTX_METHOD encoder_store_method = { - /* We want encoder_store to be cleaned up before the provider store */ - OSSL_LIB_CTX_METHOD_PRIORITY_2, - encoder_store_new, - encoder_store_free, -}; - -/* Data to be passed through ossl_method_construct() */ -struct encoder_data_st { - OSSL_LIB_CTX *libctx; - int id; /* For get_encoder_from_store() */ - const char *names; /* For get_encoder_from_store() */ - const char *propquery; /* For get_encoder_from_store() */ - - OSSL_METHOD_STORE *tmp_store; /* For get_tmp_encoder_store() */ - - unsigned int flag_construct_error_occurred : 1; -}; - -/* - * Generic routines to fetch / create ENCODER methods with - * ossl_method_construct() - */ - -/* Temporary encoder method store, constructor and destructor */ -static void *get_tmp_encoder_store(void *data) -{ - struct encoder_data_st *methdata = data; - - if (methdata->tmp_store == NULL) - methdata->tmp_store = ossl_method_store_new(methdata->libctx); - return methdata->tmp_store; -} - -static void dealloc_tmp_encoder_store(void *store) -{ - if (store != NULL) - ossl_method_store_free(store); -} - -/* Get the permanent encoder store */ -static OSSL_METHOD_STORE *get_encoder_store(OSSL_LIB_CTX *libctx) -{ - return ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_ENCODER_STORE_INDEX, - &encoder_store_method); -} - -static int reserve_encoder_store(void *store, void *data) -{ - struct encoder_data_st *methdata = data; - - if (store == NULL - && (store = get_encoder_store(methdata->libctx)) == NULL) - return 0; - - return ossl_method_lock_store(store); -} - -static int unreserve_encoder_store(void *store, void *data) -{ - struct encoder_data_st *methdata = data; - - if (store == NULL - && (store = get_encoder_store(methdata->libctx)) == NULL) - return 0; - - return ossl_method_unlock_store(store); -} - -/* Get encoder methods from a store, or put one in */ -static void *get_encoder_from_store(void *store, const OSSL_PROVIDER **prov, - void *data) -{ - struct encoder_data_st *methdata = data; - void *method = NULL; - int id; - - /* - * get_encoder_from_store() is only called to try and get the method - * that OSSL_ENCODER_fetch() is asking for, and the name or name id are - * passed via methdata. - */ - if ((id = methdata->id) == 0 && methdata->names != NULL) { - OSSL_NAMEMAP *namemap = ossl_namemap_stored(methdata->libctx); - const char *names = methdata->names; - const char *q = strchr(names, NAME_SEPARATOR); - size_t l = (q == NULL ? strlen(names) : (size_t)(q - names)); - - if (namemap == 0) - return NULL; - id = ossl_namemap_name2num_n(namemap, methdata->names, l); - } - - if (id == 0) - return NULL; - - if (store == NULL - && (store = get_encoder_store(methdata->libctx)) == NULL) - return NULL; - - if (!ossl_method_store_fetch(store, id, methdata->propquery, prov, &method)) - return NULL; - return method; -} - -static int put_encoder_in_store(void *store, void *method, - const OSSL_PROVIDER *prov, - const char *names, const char *propdef, - void *data) -{ - struct encoder_data_st *methdata = data; - OSSL_NAMEMAP *namemap; - int id; - size_t l = 0; - - /* - * put_encoder_in_store() is only called with an OSSL_ENCODER method that - * was successfully created by construct_encoder() below, which means that - * all the names should already be stored in the namemap with the same - * numeric identity, so just use the first to get that identity. - */ - if (names != NULL) { - const char *q = strchr(names, NAME_SEPARATOR); - - l = (q == NULL ? strlen(names) : (size_t)(q - names)); - } - - if ((namemap = ossl_namemap_stored(methdata->libctx)) == NULL - || (id = ossl_namemap_name2num_n(namemap, names, l)) == 0) - return 0; - - if (store == NULL && (store = get_encoder_store(methdata->libctx)) == NULL) - return 0; - - return ossl_method_store_add(store, prov, id, propdef, method, - (int (*)(void *))OSSL_ENCODER_up_ref, - (void (*)(void *))OSSL_ENCODER_free); -} - -/* Create and populate a encoder method */ -static void *encoder_from_algorithm(int id, const OSSL_ALGORITHM *algodef, - OSSL_PROVIDER *prov) -{ - OSSL_ENCODER *encoder = NULL; - const OSSL_DISPATCH *fns = algodef->implementation; - OSSL_LIB_CTX *libctx = ossl_provider_libctx(prov); - - if ((encoder = ossl_encoder_new()) == NULL) - return NULL; - encoder->base.id = id; - if ((encoder->base.name = ossl_algorithm_get1_first_name(algodef)) == NULL) { - OSSL_ENCODER_free(encoder); - return NULL; - } - encoder->base.algodef = algodef; - if ((encoder->base.parsed_propdef - = ossl_parse_property(libctx, algodef->property_definition)) == NULL) { - OSSL_ENCODER_free(encoder); - return NULL; - } - - for (; fns->function_id != 0; fns++) { - switch (fns->function_id) { - case OSSL_FUNC_ENCODER_NEWCTX: - if (encoder->newctx == NULL) - encoder->newctx = - OSSL_FUNC_encoder_newctx(fns); - break; - case OSSL_FUNC_ENCODER_FREECTX: - if (encoder->freectx == NULL) - encoder->freectx = - OSSL_FUNC_encoder_freectx(fns); - break; - case OSSL_FUNC_ENCODER_GET_PARAMS: - if (encoder->get_params == NULL) - encoder->get_params = - OSSL_FUNC_encoder_get_params(fns); - break; - case OSSL_FUNC_ENCODER_GETTABLE_PARAMS: - if (encoder->gettable_params == NULL) - encoder->gettable_params = - OSSL_FUNC_encoder_gettable_params(fns); - break; - case OSSL_FUNC_ENCODER_SET_CTX_PARAMS: - if (encoder->set_ctx_params == NULL) - encoder->set_ctx_params = - OSSL_FUNC_encoder_set_ctx_params(fns); - break; - case OSSL_FUNC_ENCODER_SETTABLE_CTX_PARAMS: - if (encoder->settable_ctx_params == NULL) - encoder->settable_ctx_params = - OSSL_FUNC_encoder_settable_ctx_params(fns); - break; - case OSSL_FUNC_ENCODER_DOES_SELECTION: - if (encoder->does_selection == NULL) - encoder->does_selection = - OSSL_FUNC_encoder_does_selection(fns); - break; - case OSSL_FUNC_ENCODER_ENCODE: - if (encoder->encode == NULL) - encoder->encode = OSSL_FUNC_encoder_encode(fns); - break; - case OSSL_FUNC_ENCODER_IMPORT_OBJECT: - if (encoder->import_object == NULL) - encoder->import_object = - OSSL_FUNC_encoder_import_object(fns); - break; - case OSSL_FUNC_ENCODER_FREE_OBJECT: - if (encoder->free_object == NULL) - encoder->free_object = - OSSL_FUNC_encoder_free_object(fns); - break; - } - } - /* - * Try to check that the method is sensible. - * If you have a constructor, you must have a destructor and vice versa. - * You must have the encoding driver functions. - */ - if (!((encoder->newctx == NULL && encoder->freectx == NULL) - || (encoder->newctx != NULL && encoder->freectx != NULL) - || (encoder->import_object != NULL && encoder->free_object != NULL) - || (encoder->import_object == NULL && encoder->free_object == NULL)) - || encoder->encode == NULL) { - OSSL_ENCODER_free(encoder); - ERR_raise(ERR_LIB_OSSL_ENCODER, ERR_R_INVALID_PROVIDER_FUNCTIONS); - return NULL; - } - - if (prov != NULL && !ossl_provider_up_ref(prov)) { - OSSL_ENCODER_free(encoder); - return NULL; - } - - encoder->base.prov = prov; - return encoder; -} - - -/* - * The core fetching functionality passes the names of the implementation. - * This function is responsible to getting an identity number for them, - * then call encoder_from_algorithm() with that identity number. - */ -static void *construct_encoder(const OSSL_ALGORITHM *algodef, - OSSL_PROVIDER *prov, void *data) -{ - /* - * This function is only called if get_encoder_from_store() returned - * NULL, so it's safe to say that of all the spots to create a new - * namemap entry, this is it. Should the name already exist there, we - * know that ossl_namemap_add() will return its corresponding number. - */ - struct encoder_data_st *methdata = data; - OSSL_LIB_CTX *libctx = ossl_provider_libctx(prov); - OSSL_NAMEMAP *namemap = ossl_namemap_stored(libctx); - const char *names = algodef->algorithm_names; - int id = ossl_namemap_add_names(namemap, 0, names, NAME_SEPARATOR); - void *method = NULL; - - if (id != 0) - method = encoder_from_algorithm(id, algodef, prov); - - /* - * Flag to indicate that there was actual construction errors. This - * helps inner_evp_generic_fetch() determine what error it should - * record on inaccessible algorithms. - */ - if (method == NULL) - methdata->flag_construct_error_occurred = 1; - - return method; -} - -/* Intermediary function to avoid ugly casts, used below */ -static void destruct_encoder(void *method, void *data) -{ - OSSL_ENCODER_free(method); -} - -static int up_ref_encoder(void *method) -{ - return OSSL_ENCODER_up_ref(method); -} - -static void free_encoder(void *method) -{ - OSSL_ENCODER_free(method); -} - -/* Fetching support. Can fetch by numeric identity or by name */ -static OSSL_ENCODER * -inner_ossl_encoder_fetch(struct encoder_data_st *methdata, int id, - const char *name, const char *properties) -{ - OSSL_METHOD_STORE *store = get_encoder_store(methdata->libctx); - OSSL_NAMEMAP *namemap = ossl_namemap_stored(methdata->libctx); - const char *const propq = properties != NULL ? properties : ""; - void *method = NULL; - int unsupported = 0; - - if (store == NULL || namemap == NULL) { - ERR_raise(ERR_LIB_OSSL_ENCODER, ERR_R_PASSED_INVALID_ARGUMENT); - return NULL; - } - - /* - * If we have been passed both an id and a name, we have an - * internal programming error. - */ - if (!ossl_assert(id == 0 || name == NULL)) { - ERR_raise(ERR_LIB_OSSL_ENCODER, ERR_R_INTERNAL_ERROR); - return NULL; - } - - if (id == 0) - id = ossl_namemap_name2num(namemap, name); - - /* - * If we haven't found the name yet, chances are that the algorithm to - * be fetched is unsupported. - */ - if (id == 0) - unsupported = 1; - - if (id == 0 - || !ossl_method_store_cache_get(store, NULL, id, propq, &method)) { - OSSL_METHOD_CONSTRUCT_METHOD mcm = { - get_tmp_encoder_store, - reserve_encoder_store, - unreserve_encoder_store, - get_encoder_from_store, - put_encoder_in_store, - construct_encoder, - destruct_encoder - }; - OSSL_PROVIDER *prov = NULL; - - methdata->id = id; - methdata->names = name; - methdata->propquery = propq; - methdata->flag_construct_error_occurred = 0; - if ((method = ossl_method_construct(methdata->libctx, OSSL_OP_ENCODER, - &prov, 0 /* !force_cache */, - &mcm, methdata)) != NULL) { - /* - * If construction did create a method for us, we know that - * there is a correct name_id and meth_id, since those have - * already been calculated in get_encoder_from_store() and - * put_encoder_in_store() above. - */ - if (id == 0) - id = ossl_namemap_name2num(namemap, name); - ossl_method_store_cache_set(store, prov, id, propq, method, - up_ref_encoder, free_encoder); - } - - /* - * If we never were in the constructor, the algorithm to be fetched - * is unsupported. - */ - unsupported = !methdata->flag_construct_error_occurred; - } - - if ((id != 0 || name != NULL) && method == NULL) { - int code = unsupported ? ERR_R_UNSUPPORTED : ERR_R_FETCH_FAILED; - - if (name == NULL) - name = ossl_namemap_num2name(namemap, id, 0); - ERR_raise_data(ERR_LIB_OSSL_ENCODER, code, - "%s, Name (%s : %d), Properties (%s)", - ossl_lib_ctx_get_descriptor(methdata->libctx), - name == NULL ? "" : name, id, - properties == NULL ? "" : properties); - } - - return method; -} - -OSSL_ENCODER *OSSL_ENCODER_fetch(OSSL_LIB_CTX *libctx, const char *name, - const char *properties) -{ - struct encoder_data_st methdata; - void *method; - - methdata.libctx = libctx; - methdata.tmp_store = NULL; - method = inner_ossl_encoder_fetch(&methdata, 0, name, properties); - dealloc_tmp_encoder_store(methdata.tmp_store); - return method; -} - -OSSL_ENCODER *ossl_encoder_fetch_by_number(OSSL_LIB_CTX *libctx, int id, - const char *properties) -{ - struct encoder_data_st methdata; - void *method; - - methdata.libctx = libctx; - methdata.tmp_store = NULL; - method = inner_ossl_encoder_fetch(&methdata, id, NULL, properties); - dealloc_tmp_encoder_store(methdata.tmp_store); - return method; -} - -int ossl_encoder_store_cache_flush(OSSL_LIB_CTX *libctx) -{ - OSSL_METHOD_STORE *store = get_encoder_store(libctx); - - if (store != NULL) - return ossl_method_store_cache_flush_all(store); - return 1; -} - -int ossl_encoder_store_remove_all_provided(const OSSL_PROVIDER *prov) -{ - OSSL_LIB_CTX *libctx = ossl_provider_libctx(prov); - OSSL_METHOD_STORE *store = get_encoder_store(libctx); - - if (store != NULL) - return ossl_method_store_remove_all_provided(store, prov); - return 1; -} - -/* - * Library of basic method functions - */ - -const OSSL_PROVIDER *OSSL_ENCODER_get0_provider(const OSSL_ENCODER *encoder) -{ - if (!ossl_assert(encoder != NULL)) { - ERR_raise(ERR_LIB_OSSL_ENCODER, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - - return encoder->base.prov; -} - -const char *OSSL_ENCODER_get0_properties(const OSSL_ENCODER *encoder) -{ - if (!ossl_assert(encoder != NULL)) { - ERR_raise(ERR_LIB_OSSL_ENCODER, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - - return encoder->base.algodef->property_definition; -} - -const OSSL_PROPERTY_LIST * -ossl_encoder_parsed_properties(const OSSL_ENCODER *encoder) -{ - if (!ossl_assert(encoder != NULL)) { - ERR_raise(ERR_LIB_OSSL_ENCODER, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - - return encoder->base.parsed_propdef; -} - -int ossl_encoder_get_number(const OSSL_ENCODER *encoder) -{ - if (!ossl_assert(encoder != NULL)) { - ERR_raise(ERR_LIB_OSSL_ENCODER, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - - return encoder->base.id; -} - -const char *OSSL_ENCODER_get0_name(const OSSL_ENCODER *encoder) -{ - return encoder->base.name; -} - -const char *OSSL_ENCODER_get0_description(const OSSL_ENCODER *encoder) -{ - return encoder->base.algodef->algorithm_description; -} - -int OSSL_ENCODER_is_a(const OSSL_ENCODER *encoder, const char *name) -{ - if (encoder->base.prov != NULL) { - OSSL_LIB_CTX *libctx = ossl_provider_libctx(encoder->base.prov); - OSSL_NAMEMAP *namemap = ossl_namemap_stored(libctx); - - return ossl_namemap_name2num(namemap, name) == encoder->base.id; - } - return 0; -} - -struct do_one_data_st { - void (*user_fn)(OSSL_ENCODER *encoder, void *arg); - void *user_arg; -}; - -static void do_one(ossl_unused int id, void *method, void *arg) -{ - struct do_one_data_st *data = arg; - - data->user_fn(method, data->user_arg); -} - -void OSSL_ENCODER_do_all_provided(OSSL_LIB_CTX *libctx, - void (*user_fn)(OSSL_ENCODER *encoder, - void *arg), - void *user_arg) -{ - struct encoder_data_st methdata; - struct do_one_data_st data; - - methdata.libctx = libctx; - methdata.tmp_store = NULL; - (void)inner_ossl_encoder_fetch(&methdata, 0, NULL, NULL /* properties */); - - data.user_fn = user_fn; - data.user_arg = user_arg; - if (methdata.tmp_store != NULL) - ossl_method_store_do_all(methdata.tmp_store, &do_one, &data); - ossl_method_store_do_all(get_encoder_store(libctx), &do_one, &data); - dealloc_tmp_encoder_store(methdata.tmp_store); -} - -int OSSL_ENCODER_names_do_all(const OSSL_ENCODER *encoder, - void (*fn)(const char *name, void *data), - void *data) -{ - if (encoder == NULL) - return 0; - - if (encoder->base.prov != NULL) { - OSSL_LIB_CTX *libctx = ossl_provider_libctx(encoder->base.prov); - OSSL_NAMEMAP *namemap = ossl_namemap_stored(libctx); - - return ossl_namemap_doall_names(namemap, encoder->base.id, fn, data); - } - - return 1; -} - -const OSSL_PARAM * -OSSL_ENCODER_gettable_params(OSSL_ENCODER *encoder) -{ - if (encoder != NULL && encoder->gettable_params != NULL) { - void *provctx = ossl_provider_ctx(OSSL_ENCODER_get0_provider(encoder)); - - return encoder->gettable_params(provctx); - } - return NULL; -} - -int OSSL_ENCODER_get_params(OSSL_ENCODER *encoder, OSSL_PARAM params[]) -{ - if (encoder != NULL && encoder->get_params != NULL) - return encoder->get_params(params); - return 0; -} - -const OSSL_PARAM *OSSL_ENCODER_settable_ctx_params(OSSL_ENCODER *encoder) -{ - if (encoder != NULL && encoder->settable_ctx_params != NULL) { - void *provctx = ossl_provider_ctx(OSSL_ENCODER_get0_provider(encoder)); - - return encoder->settable_ctx_params(provctx); - } - return NULL; -} - -/* - * Encoder context support - */ - -OSSL_ENCODER_CTX *OSSL_ENCODER_CTX_new(void) -{ - OSSL_ENCODER_CTX *ctx; - - if ((ctx = OPENSSL_zalloc(sizeof(*ctx))) == NULL) - ERR_raise(ERR_LIB_OSSL_ENCODER, ERR_R_MALLOC_FAILURE); - - return ctx; -} - -int OSSL_ENCODER_CTX_set_params(OSSL_ENCODER_CTX *ctx, - const OSSL_PARAM params[]) -{ - int ok = 1; - size_t i; - size_t l; - - if (!ossl_assert(ctx != NULL)) { - ERR_raise(ERR_LIB_OSSL_ENCODER, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - - if (ctx->encoder_insts == NULL) - return 1; - - l = OSSL_ENCODER_CTX_get_num_encoders(ctx); - for (i = 0; i < l; i++) { - OSSL_ENCODER_INSTANCE *encoder_inst = - sk_OSSL_ENCODER_INSTANCE_value(ctx->encoder_insts, i); - OSSL_ENCODER *encoder = OSSL_ENCODER_INSTANCE_get_encoder(encoder_inst); - void *encoderctx = OSSL_ENCODER_INSTANCE_get_encoder_ctx(encoder_inst); - - if (encoderctx == NULL || encoder->set_ctx_params == NULL) - continue; - if (!encoder->set_ctx_params(encoderctx, params)) - ok = 0; - } - return ok; -} - -void OSSL_ENCODER_CTX_free(OSSL_ENCODER_CTX *ctx) -{ - if (ctx != NULL) { - sk_OSSL_ENCODER_INSTANCE_pop_free(ctx->encoder_insts, - ossl_encoder_instance_free); - OPENSSL_free(ctx->construct_data); - ossl_pw_clear_passphrase_data(&ctx->pwdata); - OPENSSL_free(ctx); - } -} diff --git a/crypto/encode_decode/encoder_pkey.c b/crypto/encode_decode/encoder_pkey.c deleted file mode 100644 index 3a24317cf4d6cf9955a436b8808982765adbf8b0..0000000000000000000000000000000000000000 --- a/crypto/encode_decode/encoder_pkey.c +++ /dev/null @@ -1,379 +0,0 @@ -/* - * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include "internal/provider.h" -#include "internal/property.h" -#include "crypto/evp.h" -#include "encoder_local.h" - -DEFINE_STACK_OF(OSSL_ENCODER) - -int OSSL_ENCODER_CTX_set_cipher(OSSL_ENCODER_CTX *ctx, - const char *cipher_name, - const char *propquery) -{ - OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END, OSSL_PARAM_END }; - - params[0] = - OSSL_PARAM_construct_utf8_string(OSSL_ENCODER_PARAM_CIPHER, - (void *)cipher_name, 0); - params[1] = - OSSL_PARAM_construct_utf8_string(OSSL_ENCODER_PARAM_PROPERTIES, - (void *)propquery, 0); - - return OSSL_ENCODER_CTX_set_params(ctx, params); -} - -int OSSL_ENCODER_CTX_set_passphrase(OSSL_ENCODER_CTX *ctx, - const unsigned char *kstr, - size_t klen) -{ - return ossl_pw_set_passphrase(&ctx->pwdata, kstr, klen); -} - -int OSSL_ENCODER_CTX_set_passphrase_ui(OSSL_ENCODER_CTX *ctx, - const UI_METHOD *ui_method, - void *ui_data) -{ - return ossl_pw_set_ui_method(&ctx->pwdata, ui_method, ui_data); -} - -int OSSL_ENCODER_CTX_set_pem_password_cb(OSSL_ENCODER_CTX *ctx, - pem_password_cb *cb, void *cbarg) -{ - return ossl_pw_set_pem_password_cb(&ctx->pwdata, cb, cbarg); -} - -int OSSL_ENCODER_CTX_set_passphrase_cb(OSSL_ENCODER_CTX *ctx, - OSSL_PASSPHRASE_CALLBACK *cb, - void *cbarg) -{ - return ossl_pw_set_ossl_passphrase_cb(&ctx->pwdata, cb, cbarg); -} - -/* - * Support for OSSL_ENCODER_CTX_new_for_type: - * finding a suitable encoder - */ - -struct collected_encoder_st { - STACK_OF(OPENSSL_CSTRING) *names; - const char *output_structure; - const char *output_type; - - const OSSL_PROVIDER *keymgmt_prov; - OSSL_ENCODER_CTX *ctx; - unsigned int flag_find_same_provider:1; - - int error_occurred; -}; - -static void collect_encoder(OSSL_ENCODER *encoder, void *arg) -{ - struct collected_encoder_st *data = arg; - size_t i, end_i; - - if (data->error_occurred) - return; - - data->error_occurred = 1; /* Assume the worst */ - - if (data->names == NULL) - return; - - end_i = sk_OPENSSL_CSTRING_num(data->names); - for (i = 0; i < end_i; i++) { - const char *name = sk_OPENSSL_CSTRING_value(data->names, i); - const OSSL_PROVIDER *prov = OSSL_ENCODER_get0_provider(encoder); - void *provctx = OSSL_PROVIDER_get0_provider_ctx(prov); - - /* - * collect_encoder() is called in two passes, one where the encoders - * from the same provider as the keymgmt are looked up, and one where - * the other encoders are looked up. |data->flag_find_same_provider| - * tells us which pass we're in. - */ - if ((data->keymgmt_prov == prov) != data->flag_find_same_provider) - continue; - - if (!OSSL_ENCODER_is_a(encoder, name) - || (encoder->does_selection != NULL - && !encoder->does_selection(provctx, data->ctx->selection)) - || (data->keymgmt_prov != prov - && encoder->import_object == NULL)) - continue; - - /* Only add each encoder implementation once */ - if (OSSL_ENCODER_CTX_add_encoder(data->ctx, encoder)) - break; - } - - data->error_occurred = 0; /* All is good now */ -} - -struct collected_names_st { - STACK_OF(OPENSSL_CSTRING) *names; - unsigned int error_occurred:1; -}; - -static void collect_name(const char *name, void *arg) -{ - struct collected_names_st *data = arg; - - if (data->error_occurred) - return; - - data->error_occurred = 1; /* Assume the worst */ - - if (sk_OPENSSL_CSTRING_push(data->names, name) <= 0) - return; - - data->error_occurred = 0; /* All is good now */ -} - -/* - * Support for OSSL_ENCODER_to_bio: - * writing callback for the OSSL_PARAM (the implementation doesn't have - * intimate knowledge of the provider side object) - */ - -struct construct_data_st { - const EVP_PKEY *pk; - int selection; - - OSSL_ENCODER_INSTANCE *encoder_inst; - const void *obj; - void *constructed_obj; -}; - -static int encoder_import_cb(const OSSL_PARAM params[], void *arg) -{ - struct construct_data_st *construct_data = arg; - OSSL_ENCODER_INSTANCE *encoder_inst = construct_data->encoder_inst; - OSSL_ENCODER *encoder = OSSL_ENCODER_INSTANCE_get_encoder(encoder_inst); - void *encoderctx = OSSL_ENCODER_INSTANCE_get_encoder_ctx(encoder_inst); - - construct_data->constructed_obj = - encoder->import_object(encoderctx, construct_data->selection, params); - - return (construct_data->constructed_obj != NULL); -} - -static const void * -encoder_construct_pkey(OSSL_ENCODER_INSTANCE *encoder_inst, void *arg) -{ - struct construct_data_st *data = arg; - - if (data->obj == NULL) { - OSSL_ENCODER *encoder = - OSSL_ENCODER_INSTANCE_get_encoder(encoder_inst); - const EVP_PKEY *pk = data->pk; - const OSSL_PROVIDER *k_prov = EVP_KEYMGMT_get0_provider(pk->keymgmt); - const OSSL_PROVIDER *e_prov = OSSL_ENCODER_get0_provider(encoder); - - if (k_prov != e_prov) { - data->encoder_inst = encoder_inst; - - if (!evp_keymgmt_export(pk->keymgmt, pk->keydata, data->selection, - &encoder_import_cb, data)) - return NULL; - data->obj = data->constructed_obj; - } else { - data->obj = pk->keydata; - } - } - - return data->obj; -} - -static void encoder_destruct_pkey(void *arg) -{ - struct construct_data_st *data = arg; - - if (data->encoder_inst != NULL) { - OSSL_ENCODER *encoder = - OSSL_ENCODER_INSTANCE_get_encoder(data->encoder_inst); - - encoder->free_object(data->constructed_obj); - } - data->constructed_obj = NULL; -} - -/* - * OSSL_ENCODER_CTX_new_for_pkey() returns a ctx with no encoder if - * it couldn't find a suitable encoder. This allows a caller to detect if - * a suitable encoder was found, with OSSL_ENCODER_CTX_get_num_encoder(), - * and to use fallback methods if the result is NULL. - */ -static int ossl_encoder_ctx_setup_for_pkey(OSSL_ENCODER_CTX *ctx, - const EVP_PKEY *pkey, - int selection, - const char *propquery) -{ - struct construct_data_st *data = NULL; - const OSSL_PROVIDER *prov = NULL; - OSSL_LIB_CTX *libctx = NULL; - int ok = 0; - - if (!ossl_assert(ctx != NULL) || !ossl_assert(pkey != NULL)) { - ERR_raise(ERR_LIB_OSSL_ENCODER, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - - if (evp_pkey_is_provided(pkey)) { - prov = EVP_KEYMGMT_get0_provider(pkey->keymgmt); - libctx = ossl_provider_libctx(prov); - } - - if (pkey->keymgmt != NULL) { - struct collected_encoder_st encoder_data; - struct collected_names_st keymgmt_data; - - if ((data = OPENSSL_zalloc(sizeof(*data))) == NULL) { - ERR_raise(ERR_LIB_OSSL_ENCODER, ERR_R_MALLOC_FAILURE); - goto err; - } - - /* - * Select the first encoder implementations in two steps. - * First, collect the keymgmt names, then the encoders that match. - */ - keymgmt_data.names = sk_OPENSSL_CSTRING_new_null(); - if (keymgmt_data.names == NULL) { - ERR_raise(ERR_LIB_OSSL_ENCODER, ERR_R_MALLOC_FAILURE); - goto err; - } - - keymgmt_data.error_occurred = 0; - EVP_KEYMGMT_names_do_all(pkey->keymgmt, collect_name, &keymgmt_data); - if (keymgmt_data.error_occurred) { - sk_OPENSSL_CSTRING_free(keymgmt_data.names); - goto err; - } - - encoder_data.names = keymgmt_data.names; - encoder_data.output_type = ctx->output_type; - encoder_data.output_structure = ctx->output_structure; - encoder_data.error_occurred = 0; - encoder_data.keymgmt_prov = prov; - encoder_data.ctx = ctx; - - /* - * Place the encoders with the a different provider as the keymgmt - * last (the chain is processed in reverse order) - */ - encoder_data.flag_find_same_provider = 0; - OSSL_ENCODER_do_all_provided(libctx, collect_encoder, &encoder_data); - - /* - * Place the encoders with the same provider as the keymgmt first - * (the chain is processed in reverse order) - */ - encoder_data.flag_find_same_provider = 1; - OSSL_ENCODER_do_all_provided(libctx, collect_encoder, &encoder_data); - - sk_OPENSSL_CSTRING_free(keymgmt_data.names); - if (encoder_data.error_occurred) { - ERR_raise(ERR_LIB_OSSL_ENCODER, ERR_R_MALLOC_FAILURE); - goto err; - } - } - - if (data != NULL && OSSL_ENCODER_CTX_get_num_encoders(ctx) != 0) { - if (!OSSL_ENCODER_CTX_set_construct(ctx, encoder_construct_pkey) - || !OSSL_ENCODER_CTX_set_construct_data(ctx, data) - || !OSSL_ENCODER_CTX_set_cleanup(ctx, encoder_destruct_pkey)) - goto err; - - data->pk = pkey; - data->selection = selection; - - data = NULL; /* Avoid it being freed */ - } - - ok = 1; - err: - if (data != NULL) { - OSSL_ENCODER_CTX_set_construct_data(ctx, NULL); - OPENSSL_free(data); - } - return ok; -} - -OSSL_ENCODER_CTX *OSSL_ENCODER_CTX_new_for_pkey(const EVP_PKEY *pkey, - int selection, - const char *output_type, - const char *output_struct, - const char *propquery) -{ - OSSL_ENCODER_CTX *ctx = NULL; - OSSL_LIB_CTX *libctx = NULL; - - if (pkey == NULL) { - ERR_raise(ERR_LIB_OSSL_ENCODER, ERR_R_PASSED_NULL_PARAMETER); - return NULL; - } - - if (!evp_pkey_is_assigned(pkey)) { - ERR_raise_data(ERR_LIB_OSSL_ENCODER, ERR_R_PASSED_INVALID_ARGUMENT, - "The passed EVP_PKEY must be assigned a key"); - return NULL; - } - - if ((ctx = OSSL_ENCODER_CTX_new()) == NULL) { - ERR_raise(ERR_LIB_OSSL_ENCODER, ERR_R_MALLOC_FAILURE); - return NULL; - } - - if (evp_pkey_is_provided(pkey)) { - const OSSL_PROVIDER *prov = EVP_KEYMGMT_get0_provider(pkey->keymgmt); - - libctx = ossl_provider_libctx(prov); - } - - OSSL_TRACE_BEGIN(ENCODER) { - BIO_printf(trc_out, - "(ctx %p) Looking for %s encoders with selection %d\n", - (void *)ctx, EVP_PKEY_get0_type_name(pkey), selection); - BIO_printf(trc_out, " output type: %s, output structure: %s\n", - output_type, output_struct); - } OSSL_TRACE_END(ENCODER); - - if (OSSL_ENCODER_CTX_set_output_type(ctx, output_type) - && (output_struct == NULL - || OSSL_ENCODER_CTX_set_output_structure(ctx, output_struct)) - && OSSL_ENCODER_CTX_set_selection(ctx, selection) - && ossl_encoder_ctx_setup_for_pkey(ctx, pkey, selection, propquery) - && OSSL_ENCODER_CTX_add_extra(ctx, libctx, propquery)) { - OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; - int save_parameters = pkey->save_parameters; - - params[0] = OSSL_PARAM_construct_int(OSSL_ENCODER_PARAM_SAVE_PARAMETERS, - &save_parameters); - /* ignoring error as this is only auxiliary parameter */ - (void)OSSL_ENCODER_CTX_set_params(ctx, params); - - OSSL_TRACE_BEGIN(ENCODER) { - BIO_printf(trc_out, "(ctx %p) Got %d encoders\n", - (void *)ctx, OSSL_ENCODER_CTX_get_num_encoders(ctx)); - } OSSL_TRACE_END(ENCODER); - return ctx; - } - - OSSL_ENCODER_CTX_free(ctx); - return NULL; -} diff --git a/crypto/engine/README.md b/crypto/engine/README.md deleted file mode 100644 index b45115ca2481f355a6c6303f33132b557e2b7699..0000000000000000000000000000000000000000 --- a/crypto/engine/README.md +++ /dev/null @@ -1,210 +0,0 @@ -Notes on engines of 2001-09-24 -============================== - -This "description" (if one chooses to call it that) needed some major updating -so here goes. This update addresses a change being made at the same time to -OpenSSL, and it pretty much completely restructures the underlying mechanics of -the "ENGINE" code. So it serves a double purpose of being a "ENGINE internals -for masochists" document *and* a rather extensive commit log message. (I'd get -lynched for sticking all this in CHANGES.md or the commit mails :-). - -ENGINE_TABLE underlies this restructuring, as described in the internal header -"eng_local.h", implemented in eng_table.c, and used in each of the "class" files; -tb_rsa.c, tb_dsa.c, etc. - -However, "EVP_CIPHER" underlies the motivation and design of ENGINE_TABLE so -I'll mention a bit about that first. EVP_CIPHER (and most of this applies -equally to EVP_MD for digests) is both a "method" and a algorithm/mode -identifier that, in the current API, "lingers". These cipher description + -implementation structures can be defined or obtained directly by applications, -or can be loaded "en masse" into EVP storage so that they can be catalogued and -searched in various ways, ie. two ways of encrypting with the "des_cbc" -algorithm/mode pair are; - - (i) directly; - const EVP_CIPHER *cipher = EVP_des_cbc(); - EVP_EncryptInit(&ctx, cipher, key, iv); - [ ... use EVP_EncryptUpdate() and EVP_EncryptFinal() ...] - - (ii) indirectly; - OpenSSL_add_all_ciphers(); - cipher = EVP_get_cipherbyname("des_cbc"); - EVP_EncryptInit(&ctx, cipher, key, iv); - [ ... etc ... ] - -The latter is more generally used because it also allows ciphers/digests to be -looked up based on other identifiers which can be useful for automatic cipher -selection, eg. in SSL/TLS, or by user-controllable configuration. - -The important point about this is that EVP_CIPHER definitions and structures are -passed around with impunity and there is no safe way, without requiring massive -rewrites of many applications, to assume that EVP_CIPHERs can be reference -counted. One an EVP_CIPHER is exposed to the caller, neither it nor anything it -comes from can "safely" be destroyed. Unless of course the way of getting to -such ciphers is via entirely distinct API calls that didn't exist before. -However existing API usage cannot be made to understand when an EVP_CIPHER -pointer, that has been passed to the caller, is no longer being used. - -The other problem with the existing API w.r.t. to hooking EVP_CIPHER support -into ENGINE is storage - the OBJ_NAME-based storage used by EVP to register -ciphers simultaneously registers cipher *types* and cipher *implementations* - -they are effectively the same thing, an "EVP_CIPHER" pointer. The problem with -hooking in ENGINEs is that multiple ENGINEs may implement the same ciphers. The -solution is necessarily that ENGINE-provided ciphers simply are not registered, -stored, or exposed to the caller in the same manner as existing ciphers. This is -especially necessary considering the fact ENGINE uses reference counts to allow -for cleanup, modularity, and DSO support - yet EVP_CIPHERs, as exposed to -callers in the current API, support no such controls. - -Another sticking point for integrating cipher support into ENGINE is linkage. -Already there is a problem with the way ENGINE supports RSA, DSA, etc whereby -they are available *because* they're part of a giant ENGINE called "openssl". -Ie. all implementations *have* to come from an ENGINE, but we get round that by -having a giant ENGINE with all the software support encapsulated. This creates -linker hassles if nothing else - linking a 1-line application that calls 2 basic -RSA functions (eg. "RSA_free(RSA_new());") will result in large quantities of -ENGINE code being linked in *and* because of that DSA, DH, and RAND also. If we -continue with this approach for EVP_CIPHER support (even if it *was* possible) -we would lose our ability to link selectively by selectively loading certain -implementations of certain functionality. Touching any part of any kind of -crypto would result in massive static linkage of everything else. So the -solution is to change the way ENGINE feeds existing "classes", ie. how the -hooking to ENGINE works from RSA, DSA, DH, RAND, as well as adding new hooking -for EVP_CIPHER, and EVP_MD. - -The way this is now being done is by mostly reverting back to how things used to -work prior to ENGINE :-). Ie. RSA now has a "RSA_METHOD" pointer again - this -was previously replaced by an "ENGINE" pointer and all RSA code that required -the RSA_METHOD would call ENGINE_get_RSA() each time on its ENGINE handle to -temporarily get and use the ENGINE's RSA implementation. Apart from being more -efficient, switching back to each RSA having an RSA_METHOD pointer also allows -us to conceivably operate with *no* ENGINE. As we'll see, this removes any need -for a fallback ENGINE that encapsulates default implementations - we can simply -have our RSA structure pointing its RSA_METHOD pointer to the software -implementation and have its ENGINE pointer set to NULL. - -A look at the EVP_CIPHER hooking is most explanatory, the RSA, DSA (etc) cases -turn out to be degenerate forms of the same thing. The EVP storage of ciphers, -and the existing EVP API functions that return "software" implementations and -descriptions remain untouched. However, the storage takes more meaning in terms -of "cipher description" and less meaning in terms of "implementation". When an -EVP_CIPHER_CTX is actually initialised with an EVP_CIPHER method and is about to -begin en/decryption, the hooking to ENGINE comes into play. What happens is that -cipher-specific ENGINE code is asked for an ENGINE pointer (a functional -reference) for any ENGINE that is registered to perform the algo/mode that the -provided EVP_CIPHER structure represents. Under normal circumstances, that -ENGINE code will return NULL because no ENGINEs will have had any cipher -implementations *registered*. As such, a NULL ENGINE pointer is stored in the -EVP_CIPHER_CTX context, and the EVP_CIPHER structure is left hooked into the -context and so is used as the implementation. Pretty much how things work now -except we'd have a redundant ENGINE pointer set to NULL and doing nothing. - -Conversely, if an ENGINE *has* been registered to perform the algorithm/mode -combination represented by the provided EVP_CIPHER, then a functional reference -to that ENGINE will be returned to the EVP_CIPHER_CTX during initialisation. -That functional reference will be stored in the context (and released on -cleanup) - and having that reference provides a *safe* way to use an EVP_CIPHER -definition that is private to the ENGINE. Ie. the EVP_CIPHER provided by the -application will actually be replaced by an EVP_CIPHER from the registered -ENGINE - it will support the same algorithm/mode as the original but will be a -completely different implementation. Because this EVP_CIPHER isn't stored in the -EVP storage, nor is it returned to applications from traditional API functions, -there is no associated problem with it not having reference counts. And of -course, when one of these "private" cipher implementations is hooked into -EVP_CIPHER_CTX, it is done whilst the EVP_CIPHER_CTX holds a functional -reference to the ENGINE that owns it, thus the use of the ENGINE's EVP_CIPHER is -safe. - -The "cipher-specific ENGINE code" I mentioned is implemented in tb_cipher.c but -in essence it is simply an instantiation of "ENGINE_TABLE" code for use by -EVP_CIPHER code. tb_digest.c is virtually identical but, of course, it is for -use by EVP_MD code. Ditto for tb_rsa.c, tb_dsa.c, etc. These instantiations of -ENGINE_TABLE essentially provide linker-separation of the classes so that even -if ENGINEs implement *all* possible algorithms, an application using only -EVP_CIPHER code will link at most code relating to EVP_CIPHER, tb_cipher.c, core -ENGINE code that is independent of class, and of course the ENGINE -implementation that the application loaded. It will *not* however link any -class-specific ENGINE code for digests, RSA, etc nor will it bleed over into -other APIs, such as the RSA/DSA/etc library code. - -ENGINE_TABLE is a little more complicated than may seem necessary but this is -mostly to avoid a lot of "init()"-thrashing on ENGINEs (that may have to load -DSOs, and other expensive setup that shouldn't be thrashed unnecessarily) *and* -to duplicate "default" behaviour. Basically an ENGINE_TABLE instantiation, for -example tb_cipher.c, implements a hash-table keyed by integer "nid" values. -These nids provide the uniquenness of an algorithm/mode - and each nid will hash -to a potentially NULL "ENGINE_PILE". An ENGINE_PILE is essentially a list of -pointers to ENGINEs that implement that particular 'nid'. Each "pile" uses some -caching tricks such that requests on that 'nid' will be cached and all future -requests will return immediately (well, at least with minimal operation) unless -a change is made to the pile, eg. perhaps an ENGINE was unloaded. The reason is -that an application could have support for 10 ENGINEs statically linked -in, and the machine in question may not have any of the hardware those 10 -ENGINEs support. If each of those ENGINEs has a "des_cbc" implementation, we -want to avoid every EVP_CIPHER_CTX setup from trying (and failing) to initialise -each of those 10 ENGINEs. Instead, the first such request will try to do that -and will either return (and cache) a NULL ENGINE pointer or will return a -functional reference to the first that successfully initialised. In the latter -case it will also cache an extra functional reference to the ENGINE as a -"default" for that 'nid'. The caching is acknowledged by a 'uptodate' variable -that is unset only if un/registration takes place on that pile. Ie. if -implementations of "des_cbc" are added or removed. This behaviour can be -tweaked; the ENGINE_TABLE_FLAG_NOINIT value can be passed to -ENGINE_set_table_flags(), in which case the only ENGINEs that tb_cipher.c will -try to initialise from the "pile" will be those that are already initialised -(ie. it's simply an increment of the functional reference count, and no real -"initialisation" will take place). - -RSA, DSA, DH, and RAND all have their own ENGINE_TABLE code as well, and the -difference is that they all use an implicit 'nid' of 1. Whereas EVP_CIPHERs are -actually qualitatively different depending on 'nid' (the "des_cbc" EVP_CIPHER is -not an interoperable implementation of "aes_256_cbc"), RSA_METHODs are -necessarily interoperable and don't have different flavours, only different -implementations. In other words, the ENGINE_TABLE for RSA will either be empty, -or will have a single ENGINE_PILE hashed to by the 'nid' 1 and that pile -represents ENGINEs that implement the single "type" of RSA there is. - -Cleanup - the registration and unregistration may pose questions about how -cleanup works with the ENGINE_PILE doing all this caching nonsense (ie. when the -application or EVP_CIPHER code releases its last reference to an ENGINE, the -ENGINE_PILE code may still have references and thus those ENGINEs will stay -hooked in forever). The way this is handled is via "unregistration". With these -new ENGINE changes, an abstract ENGINE can be loaded and initialised, but that -is an algorithm-agnostic process. Even if initialised, it will not have -registered any of its implementations (to do so would link all class "table" -code despite the fact the application may use only ciphers, for example). This -is deliberately a distinct step. Moreover, registration and unregistration has -nothing to do with whether an ENGINE is *functional* or not (ie. you can even -register an ENGINE and its implementations without it being operational, you may -not even have the drivers to make it operate). What actually happens with -respect to cleanup is managed inside eng_lib.c with the `engine_cleanup_***` -functions. These functions are internal-only and each part of ENGINE code that -could require cleanup will, upon performing its first allocation, register a -callback with the "engine_cleanup" code. The other part of this that makes it -tick is that the ENGINE_TABLE instantiations (tb_***.c) use NULL as their -initialised state. So if RSA code asks for an ENGINE and no ENGINE has -registered an implementation, the code will simply return NULL and the tb_rsa.c -state will be unchanged. Thus, no cleanup is required unless registration takes -place. ENGINE_cleanup() will simply iterate across a list of registered cleanup -callbacks calling each in turn, and will then internally delete its own storage -(a STACK). When a cleanup callback is next registered (eg. if the cleanup() is -part of a graceful restart and the application wants to cleanup all state then -start again), the internal STACK storage will be freshly allocated. This is much -the same as the situation in the ENGINE_TABLE instantiations ... NULL is the -initialised state, so only modification operations (not queries) will cause that -code to have to register a cleanup. - -What else? The bignum callbacks and associated ENGINE functions have been -removed for two obvious reasons; (i) there was no way to generalise them to the -mechanism now used by RSA/DSA/..., because there's no such thing as a BIGNUM -method, and (ii) because of (i), there was no meaningful way for library or -application code to automatically hook and use ENGINE supplied bignum functions -anyway. Also, ENGINE_cpy() has been removed (although an internal-only version -exists) - the idea of providing an ENGINE_cpy() function probably wasn't a good -one and now certainly doesn't make sense in any generalised way. Some of the -RSA, DSA, DH, and RAND functions that were fiddled during the original ENGINE -changes have now, as a consequence, been reverted back. This is because the -hooking of ENGINE is now automatic (and passive, it can internally use a NULL -ENGINE pointer to simply ignore ENGINE from then on). - -Hell, that should be enough for now ... comments welcome. diff --git a/crypto/engine/build.info b/crypto/engine/build.info deleted file mode 100644 index 47fe948966ea1e2854327b48626b20757e967c0f..0000000000000000000000000000000000000000 --- a/crypto/engine/build.info +++ /dev/null @@ -1,8 +0,0 @@ -LIBS=../../libcrypto -SOURCE[../../libcrypto]=\ - eng_err.c eng_lib.c eng_list.c eng_init.c eng_ctrl.c \ - eng_table.c eng_pkey.c eng_fat.c eng_all.c \ - tb_rsa.c tb_dsa.c tb_dh.c tb_rand.c \ - tb_cipher.c tb_digest.c tb_pkmeth.c tb_asnmth.c tb_eckey.c \ - eng_openssl.c eng_cnf.c eng_dyn.c \ - eng_rdrand.c diff --git a/crypto/engine/eng_all.c b/crypto/engine/eng_all.c deleted file mode 100644 index 2f83b2ec182f88dd665868ce8c2368eeca1a60b5..0000000000000000000000000000000000000000 --- a/crypto/engine/eng_all.c +++ /dev/null @@ -1,24 +0,0 @@ -/* - * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include "internal/cryptlib.h" -#include "eng_local.h" - -void ENGINE_load_builtin_engines(void) -{ - OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_ALL_BUILTIN, NULL); -} - -#ifndef OPENSSL_NO_DEPRECATED_1_1_0 -# if (defined(__OpenBSD__) || defined(__FreeBSD__) || defined(__DragonFly__)) -void ENGINE_setup_bsd_cryptodev(void) -{ -} -# endif -#endif diff --git a/crypto/engine/eng_cnf.c b/crypto/engine/eng_cnf.c deleted file mode 100644 index 14744bb7f55bd7dfaa87567f1df82eb065ce76a5..0000000000000000000000000000000000000000 --- a/crypto/engine/eng_cnf.c +++ /dev/null @@ -1,185 +0,0 @@ -/* - * Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* We need to use some engine deprecated APIs */ -#define OPENSSL_SUPPRESS_DEPRECATED - -#include "eng_local.h" -#include -#include - -/* ENGINE config module */ - -static const char *skip_dot(const char *name) -{ - const char *p = strchr(name, '.'); - - if (p != NULL) - return p + 1; - return name; -} - -static STACK_OF(ENGINE) *initialized_engines = NULL; - -static int int_engine_init(ENGINE *e) -{ - if (!ENGINE_init(e)) - return 0; - if (!initialized_engines) - initialized_engines = sk_ENGINE_new_null(); - if (!initialized_engines || !sk_ENGINE_push(initialized_engines, e)) { - ENGINE_finish(e); - return 0; - } - return 1; -} - -static int int_engine_configure(const char *name, const char *value, const CONF *cnf) -{ - int i; - int ret = 0; - long do_init = -1; - STACK_OF(CONF_VALUE) *ecmds; - CONF_VALUE *ecmd = NULL; - const char *ctrlname, *ctrlvalue; - ENGINE *e = NULL; - int soft = 0; - - name = skip_dot(name); - OSSL_TRACE1(CONF, "Configuring engine %s\n", name); - /* Value is a section containing ENGINE commands */ - ecmds = NCONF_get_section(cnf, value); - - if (!ecmds) { - ERR_raise(ERR_LIB_ENGINE, ENGINE_R_ENGINE_SECTION_ERROR); - return 0; - } - - for (i = 0; i < sk_CONF_VALUE_num(ecmds); i++) { - ecmd = sk_CONF_VALUE_value(ecmds, i); - ctrlname = skip_dot(ecmd->name); - ctrlvalue = ecmd->value; - OSSL_TRACE2(CONF, "ENGINE: doing ctrl(%s,%s)\n", - ctrlname, ctrlvalue); - - /* First handle some special pseudo ctrls */ - - /* Override engine name to use */ - if (strcmp(ctrlname, "engine_id") == 0) - name = ctrlvalue; - else if (strcmp(ctrlname, "soft_load") == 0) - soft = 1; - /* Load a dynamic ENGINE */ - else if (strcmp(ctrlname, "dynamic_path") == 0) { - e = ENGINE_by_id("dynamic"); - if (!e) - goto err; - if (!ENGINE_ctrl_cmd_string(e, "SO_PATH", ctrlvalue, 0)) - goto err; - if (!ENGINE_ctrl_cmd_string(e, "LIST_ADD", "2", 0)) - goto err; - if (!ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0)) - goto err; - } - /* ... add other pseudos here ... */ - else { - /* - * At this point we need an ENGINE structural reference if we - * don't already have one. - */ - if (!e) { - e = ENGINE_by_id(name); - if (!e && soft) { - ERR_clear_error(); - return 1; - } - if (!e) - goto err; - } - /* - * Allow "EMPTY" to mean no value: this allows a valid "value" to - * be passed to ctrls of type NO_INPUT - */ - if (strcmp(ctrlvalue, "EMPTY") == 0) - ctrlvalue = NULL; - if (strcmp(ctrlname, "init") == 0) { - if (!NCONF_get_number_e(cnf, value, "init", &do_init)) - goto err; - if (do_init == 1) { - if (!int_engine_init(e)) - goto err; - } else if (do_init != 0) { - ERR_raise(ERR_LIB_ENGINE, ENGINE_R_INVALID_INIT_VALUE); - goto err; - } - } else if (strcmp(ctrlname, "default_algorithms") == 0) { - if (!ENGINE_set_default_string(e, ctrlvalue)) - goto err; - } else if (!ENGINE_ctrl_cmd_string(e, ctrlname, ctrlvalue, 0)) - goto err; - } - - } - if (e && (do_init == -1) && !int_engine_init(e)) { - ecmd = NULL; - goto err; - } - ret = 1; - err: - if (ret != 1) { - if (ecmd == NULL) - ERR_raise(ERR_LIB_ENGINE, ENGINE_R_ENGINE_CONFIGURATION_ERROR); - else - ERR_raise_data(ERR_LIB_ENGINE, ENGINE_R_ENGINE_CONFIGURATION_ERROR, - "section=%s, name=%s, value=%s", - ecmd->section, ecmd->name, ecmd->value); - } - ENGINE_free(e); - return ret; -} - -static int int_engine_module_init(CONF_IMODULE *md, const CONF *cnf) -{ - STACK_OF(CONF_VALUE) *elist; - CONF_VALUE *cval; - int i; - OSSL_TRACE2(CONF, "Called engine module: name %s, value %s\n", - CONF_imodule_get_name(md), CONF_imodule_get_value(md)); - /* Value is a section containing ENGINEs to configure */ - elist = NCONF_get_section(cnf, CONF_imodule_get_value(md)); - - if (!elist) { - ERR_raise(ERR_LIB_ENGINE, ENGINE_R_ENGINES_SECTION_ERROR); - return 0; - } - - for (i = 0; i < sk_CONF_VALUE_num(elist); i++) { - cval = sk_CONF_VALUE_value(elist, i); - if (!int_engine_configure(cval->name, cval->value, cnf)) - return 0; - } - - return 1; -} - -static void int_engine_module_finish(CONF_IMODULE *md) -{ - ENGINE *e; - - while ((e = sk_ENGINE_pop(initialized_engines))) - ENGINE_finish(e); - sk_ENGINE_free(initialized_engines); - initialized_engines = NULL; -} - -void ENGINE_add_conf_module(void) -{ - CONF_module_add("engines", - int_engine_module_init, int_engine_module_finish); -} diff --git a/crypto/engine/eng_ctrl.c b/crypto/engine/eng_ctrl.c deleted file mode 100644 index 5d7e15634e6ef02736130b4ee78c8932fcc15dac..0000000000000000000000000000000000000000 --- a/crypto/engine/eng_ctrl.c +++ /dev/null @@ -1,327 +0,0 @@ -/* - * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* We need to use some engine deprecated APIs */ -#define OPENSSL_SUPPRESS_DEPRECATED - -#include "eng_local.h" - -/* - * When querying a ENGINE-specific control command's 'description', this - * string is used if the ENGINE_CMD_DEFN has cmd_desc set to NULL. - */ -static const char *int_no_description = ""; - -/* - * These internal functions handle 'CMD'-related control commands when the - * ENGINE in question has asked us to take care of it (ie. the ENGINE did not - * set the ENGINE_FLAGS_MANUAL_CMD_CTRL flag. - */ - -static int int_ctrl_cmd_is_null(const ENGINE_CMD_DEFN *defn) -{ - if ((defn->cmd_num == 0) || (defn->cmd_name == NULL)) - return 1; - return 0; -} - -static int int_ctrl_cmd_by_name(const ENGINE_CMD_DEFN *defn, const char *s) -{ - int idx = 0; - while (!int_ctrl_cmd_is_null(defn) && (strcmp(defn->cmd_name, s) != 0)) { - idx++; - defn++; - } - if (int_ctrl_cmd_is_null(defn)) - /* The given name wasn't found */ - return -1; - return idx; -} - -static int int_ctrl_cmd_by_num(const ENGINE_CMD_DEFN *defn, unsigned int num) -{ - int idx = 0; - /* - * NB: It is stipulated that 'cmd_defn' lists are ordered by cmd_num. So - * our searches don't need to take any longer than necessary. - */ - while (!int_ctrl_cmd_is_null(defn) && (defn->cmd_num < num)) { - idx++; - defn++; - } - if (defn->cmd_num == num) - return idx; - /* The given cmd_num wasn't found */ - return -1; -} - -static int int_ctrl_helper(ENGINE *e, int cmd, long i, void *p, - void (*f) (void)) -{ - int idx; - char *s = (char *)p; - const ENGINE_CMD_DEFN *cdp; - - /* Take care of the easy one first (eg. it requires no searches) */ - if (cmd == ENGINE_CTRL_GET_FIRST_CMD_TYPE) { - if ((e->cmd_defns == NULL) || int_ctrl_cmd_is_null(e->cmd_defns)) - return 0; - return e->cmd_defns->cmd_num; - } - /* One or two commands require that "p" be a valid string buffer */ - if ((cmd == ENGINE_CTRL_GET_CMD_FROM_NAME) || - (cmd == ENGINE_CTRL_GET_NAME_FROM_CMD) || - (cmd == ENGINE_CTRL_GET_DESC_FROM_CMD)) { - if (s == NULL) { - ERR_raise(ERR_LIB_ENGINE, ERR_R_PASSED_NULL_PARAMETER); - return -1; - } - } - /* Now handle cmd_name -> cmd_num conversion */ - if (cmd == ENGINE_CTRL_GET_CMD_FROM_NAME) { - if ((e->cmd_defns == NULL) - || ((idx = int_ctrl_cmd_by_name(e->cmd_defns, s)) < 0)) { - ERR_raise(ERR_LIB_ENGINE, ENGINE_R_INVALID_CMD_NAME); - return -1; - } - return e->cmd_defns[idx].cmd_num; - } - /* - * For the rest of the commands, the 'long' argument must specify a valid - * command number - so we need to conduct a search. - */ - if ((e->cmd_defns == NULL) - || ((idx = int_ctrl_cmd_by_num(e->cmd_defns, (unsigned int)i)) < 0)) { - ERR_raise(ERR_LIB_ENGINE, ENGINE_R_INVALID_CMD_NUMBER); - return -1; - } - /* Now the logic splits depending on command type */ - cdp = &e->cmd_defns[idx]; - switch (cmd) { - case ENGINE_CTRL_GET_NEXT_CMD_TYPE: - cdp++; - return int_ctrl_cmd_is_null(cdp) ? 0 : cdp->cmd_num; - case ENGINE_CTRL_GET_NAME_LEN_FROM_CMD: - return strlen(cdp->cmd_name); - case ENGINE_CTRL_GET_NAME_FROM_CMD: - return strlen(strcpy(s, cdp->cmd_name)); - case ENGINE_CTRL_GET_DESC_LEN_FROM_CMD: - return strlen(cdp->cmd_desc == NULL ? int_no_description - : cdp->cmd_desc); - case ENGINE_CTRL_GET_DESC_FROM_CMD: - return strlen(strcpy(s, cdp->cmd_desc == NULL ? int_no_description - : cdp->cmd_desc)); - case ENGINE_CTRL_GET_CMD_FLAGS: - return cdp->cmd_flags; - } - /* Shouldn't really be here ... */ - ERR_raise(ERR_LIB_ENGINE, ENGINE_R_INTERNAL_LIST_ERROR); - return -1; -} - -int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void)) -{ - int ctrl_exists, ref_exists; - if (e == NULL) { - ERR_raise(ERR_LIB_ENGINE, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - if (!CRYPTO_THREAD_write_lock(global_engine_lock)) - return 0; - ref_exists = ((e->struct_ref > 0) ? 1 : 0); - CRYPTO_THREAD_unlock(global_engine_lock); - ctrl_exists = ((e->ctrl == NULL) ? 0 : 1); - if (!ref_exists) { - ERR_raise(ERR_LIB_ENGINE, ENGINE_R_NO_REFERENCE); - return 0; - } - /* - * Intercept any "root-level" commands before trying to hand them on to - * ctrl() handlers. - */ - switch (cmd) { - case ENGINE_CTRL_HAS_CTRL_FUNCTION: - return ctrl_exists; - case ENGINE_CTRL_GET_FIRST_CMD_TYPE: - case ENGINE_CTRL_GET_NEXT_CMD_TYPE: - case ENGINE_CTRL_GET_CMD_FROM_NAME: - case ENGINE_CTRL_GET_NAME_LEN_FROM_CMD: - case ENGINE_CTRL_GET_NAME_FROM_CMD: - case ENGINE_CTRL_GET_DESC_LEN_FROM_CMD: - case ENGINE_CTRL_GET_DESC_FROM_CMD: - case ENGINE_CTRL_GET_CMD_FLAGS: - if (ctrl_exists && !(e->flags & ENGINE_FLAGS_MANUAL_CMD_CTRL)) - return int_ctrl_helper(e, cmd, i, p, f); - if (!ctrl_exists) { - ERR_raise(ERR_LIB_ENGINE, ENGINE_R_NO_CONTROL_FUNCTION); - /* - * For these cmd-related functions, failure is indicated by a -1 - * return value (because 0 is used as a valid return in some - * places). - */ - return -1; - } - default: - break; - } - /* Anything else requires a ctrl() handler to exist. */ - if (!ctrl_exists) { - ERR_raise(ERR_LIB_ENGINE, ENGINE_R_NO_CONTROL_FUNCTION); - return 0; - } - return e->ctrl(e, cmd, i, p, f); -} - -int ENGINE_cmd_is_executable(ENGINE *e, int cmd) -{ - int flags; - if ((flags = - ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FLAGS, cmd, NULL, NULL)) < 0) { - ERR_raise(ERR_LIB_ENGINE, ENGINE_R_INVALID_CMD_NUMBER); - return 0; - } - if (!(flags & ENGINE_CMD_FLAG_NO_INPUT) && - !(flags & ENGINE_CMD_FLAG_NUMERIC) && - !(flags & ENGINE_CMD_FLAG_STRING)) - return 0; - return 1; -} - -int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name, - long i, void *p, void (*f) (void), int cmd_optional) -{ - int num; - - if (e == NULL || cmd_name == NULL) { - ERR_raise(ERR_LIB_ENGINE, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - if (e->ctrl == NULL - || (num = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FROM_NAME, - 0, (void *)cmd_name, NULL)) <= 0) { - /* - * If the command didn't *have* to be supported, we fake success. - * This allows certain settings to be specified for multiple ENGINEs - * and only require a change of ENGINE id (without having to - * selectively apply settings). Eg. changing from a hardware device - * back to the regular software ENGINE without editing the config - * file, etc. - */ - if (cmd_optional) { - ERR_clear_error(); - return 1; - } - ERR_raise(ERR_LIB_ENGINE, ENGINE_R_INVALID_CMD_NAME); - return 0; - } - /* - * Force the result of the control command to 0 or 1, for the reasons - * mentioned before. - */ - if (ENGINE_ctrl(e, num, i, p, f) > 0) - return 1; - return 0; -} - -int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg, - int cmd_optional) -{ - int num, flags; - long l; - char *ptr; - - if (e == NULL || cmd_name == NULL) { - ERR_raise(ERR_LIB_ENGINE, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - if (e->ctrl == NULL - || (num = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FROM_NAME, - 0, (void *)cmd_name, NULL)) <= 0) { - /* - * If the command didn't *have* to be supported, we fake success. - * This allows certain settings to be specified for multiple ENGINEs - * and only require a change of ENGINE id (without having to - * selectively apply settings). Eg. changing from a hardware device - * back to the regular software ENGINE without editing the config - * file, etc. - */ - if (cmd_optional) { - ERR_clear_error(); - return 1; - } - ERR_raise(ERR_LIB_ENGINE, ENGINE_R_INVALID_CMD_NAME); - return 0; - } - if (!ENGINE_cmd_is_executable(e, num)) { - ERR_raise(ERR_LIB_ENGINE, ENGINE_R_CMD_NOT_EXECUTABLE); - return 0; - } - - flags = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FLAGS, num, NULL, NULL); - if (flags < 0) { - /* - * Shouldn't happen, given that ENGINE_cmd_is_executable() returned - * success. - */ - ERR_raise(ERR_LIB_ENGINE, ENGINE_R_INTERNAL_LIST_ERROR); - return 0; - } - /* - * If the command takes no input, there must be no input. And vice versa. - */ - if (flags & ENGINE_CMD_FLAG_NO_INPUT) { - if (arg != NULL) { - ERR_raise(ERR_LIB_ENGINE, ENGINE_R_COMMAND_TAKES_NO_INPUT); - return 0; - } - /* - * We deliberately force the result of ENGINE_ctrl() to 0 or 1 rather - * than returning it as "return data". This is to ensure usage of - * these commands is consistent across applications and that certain - * applications don't understand it one way, and others another. - */ - if (ENGINE_ctrl(e, num, 0, (void *)arg, NULL) > 0) - return 1; - return 0; - } - /* So, we require input */ - if (arg == NULL) { - ERR_raise(ERR_LIB_ENGINE, ENGINE_R_COMMAND_TAKES_INPUT); - return 0; - } - /* If it takes string input, that's easy */ - if (flags & ENGINE_CMD_FLAG_STRING) { - /* Same explanation as above */ - if (ENGINE_ctrl(e, num, 0, (void *)arg, NULL) > 0) - return 1; - return 0; - } - /* - * If it doesn't take numeric either, then it is unsupported for use in a - * config-setting situation, which is what this function is for. This - * should never happen though, because ENGINE_cmd_is_executable() was - * used. - */ - if (!(flags & ENGINE_CMD_FLAG_NUMERIC)) { - ERR_raise(ERR_LIB_ENGINE, ENGINE_R_INTERNAL_LIST_ERROR); - return 0; - } - l = strtol(arg, &ptr, 10); - if ((arg == ptr) || (*ptr != '\0')) { - ERR_raise(ERR_LIB_ENGINE, ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER); - return 0; - } - /* - * Force the result of the control command to 0 or 1, for the reasons - * mentioned before. - */ - if (ENGINE_ctrl(e, num, l, NULL, NULL) > 0) - return 1; - return 0; -} diff --git a/crypto/engine/eng_dyn.c b/crypto/engine/eng_dyn.c deleted file mode 100644 index 6d402927c546477dbe848e2ba25c0c4c0656e675..0000000000000000000000000000000000000000 --- a/crypto/engine/eng_dyn.c +++ /dev/null @@ -1,538 +0,0 @@ -/* - * Copyright 2001-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* We need to use some engine deprecated APIs */ -#define OPENSSL_SUPPRESS_DEPRECATED - -#include "eng_local.h" -#include "internal/dso.h" -#include - -/* - * Shared libraries implementing ENGINEs for use by the "dynamic" ENGINE - * loader should implement the hook-up functions with the following - * prototypes. - */ - -/* Our ENGINE handlers */ -static int dynamic_init(ENGINE *e); -static int dynamic_finish(ENGINE *e); -static int dynamic_ctrl(ENGINE *e, int cmd, long i, void *p, - void (*f) (void)); -/* Predeclare our context type */ -typedef struct st_dynamic_data_ctx dynamic_data_ctx; -/* The implementation for the important control command */ -static int dynamic_load(ENGINE *e, dynamic_data_ctx *ctx); - -#define DYNAMIC_CMD_SO_PATH ENGINE_CMD_BASE -#define DYNAMIC_CMD_NO_VCHECK (ENGINE_CMD_BASE + 1) -#define DYNAMIC_CMD_ID (ENGINE_CMD_BASE + 2) -#define DYNAMIC_CMD_LIST_ADD (ENGINE_CMD_BASE + 3) -#define DYNAMIC_CMD_DIR_LOAD (ENGINE_CMD_BASE + 4) -#define DYNAMIC_CMD_DIR_ADD (ENGINE_CMD_BASE + 5) -#define DYNAMIC_CMD_LOAD (ENGINE_CMD_BASE + 6) - -/* The constants used when creating the ENGINE */ -static const char *engine_dynamic_id = "dynamic"; -static const char *engine_dynamic_name = "Dynamic engine loading support"; -static const ENGINE_CMD_DEFN dynamic_cmd_defns[] = { - {DYNAMIC_CMD_SO_PATH, - "SO_PATH", - "Specifies the path to the new ENGINE shared library", - ENGINE_CMD_FLAG_STRING}, - {DYNAMIC_CMD_NO_VCHECK, - "NO_VCHECK", - "Specifies to continue even if version checking fails (boolean)", - ENGINE_CMD_FLAG_NUMERIC}, - {DYNAMIC_CMD_ID, - "ID", - "Specifies an ENGINE id name for loading", - ENGINE_CMD_FLAG_STRING}, - {DYNAMIC_CMD_LIST_ADD, - "LIST_ADD", - "Whether to add a loaded ENGINE to the internal list (0=no,1=yes,2=mandatory)", - ENGINE_CMD_FLAG_NUMERIC}, - {DYNAMIC_CMD_DIR_LOAD, - "DIR_LOAD", - "Specifies whether to load from 'DIR_ADD' directories (0=no,1=yes,2=mandatory)", - ENGINE_CMD_FLAG_NUMERIC}, - {DYNAMIC_CMD_DIR_ADD, - "DIR_ADD", - "Adds a directory from which ENGINEs can be loaded", - ENGINE_CMD_FLAG_STRING}, - {DYNAMIC_CMD_LOAD, - "LOAD", - "Load up the ENGINE specified by other settings", - ENGINE_CMD_FLAG_NO_INPUT}, - {0, NULL, NULL, 0} -}; - -/* - * Loading code stores state inside the ENGINE structure via the "ex_data" - * element. We load all our state into a single structure and use that as a - * single context in the "ex_data" stack. - */ -struct st_dynamic_data_ctx { - /* The DSO object we load that supplies the ENGINE code */ - DSO *dynamic_dso; - /* - * The function pointer to the version checking shared library function - */ - dynamic_v_check_fn v_check; - /* - * The function pointer to the engine-binding shared library function - */ - dynamic_bind_engine bind_engine; - /* The default name/path for loading the shared library */ - char *DYNAMIC_LIBNAME; - /* Whether to continue loading on a version check failure */ - int no_vcheck; - /* If non-NULL, stipulates the 'id' of the ENGINE to be loaded */ - char *engine_id; - /* - * If non-zero, a successfully loaded ENGINE should be added to the - * internal ENGINE list. If 2, the add must succeed or the entire load - * should fail. - */ - int list_add_value; - /* The symbol name for the version checking function */ - const char *DYNAMIC_F1; - /* The symbol name for the "initialise ENGINE structure" function */ - const char *DYNAMIC_F2; - /* - * Whether to never use 'dirs', use 'dirs' as a fallback, or only use - * 'dirs' for loading. Default is to use 'dirs' as a fallback. - */ - int dir_load; - /* A stack of directories from which ENGINEs could be loaded */ - STACK_OF(OPENSSL_STRING) *dirs; -}; - -/* - * This is the "ex_data" index we obtain and reserve for use with our context - * structure. - */ -static int dynamic_ex_data_idx = -1; - -static void int_free_str(char *s) -{ - OPENSSL_free(s); -} - -/* - * Because our ex_data element may or may not get allocated depending on - * whether a "first-use" occurs before the ENGINE is freed, we have a memory - * leak problem to solve. We can't declare a "new" handler for the ex_data as - * we don't want a dynamic_data_ctx in *all* ENGINE structures of all types - * (this is a bug in the design of CRYPTO_EX_DATA). As such, we just declare - * a "free" handler and that will get called if an ENGINE is being destroyed - * and there was an ex_data element corresponding to our context type. - */ -static void dynamic_data_ctx_free_func(void *parent, void *ptr, - CRYPTO_EX_DATA *ad, int idx, long argl, - void *argp) -{ - if (ptr) { - dynamic_data_ctx *ctx = (dynamic_data_ctx *)ptr; - DSO_free(ctx->dynamic_dso); - OPENSSL_free(ctx->DYNAMIC_LIBNAME); - OPENSSL_free(ctx->engine_id); - sk_OPENSSL_STRING_pop_free(ctx->dirs, int_free_str); - OPENSSL_free(ctx); - } -} - -/* - * Construct the per-ENGINE context. We create it blindly and then use a lock - * to check for a race - if so, all but one of the threads "racing" will have - * wasted their time. The alternative involves creating everything inside the - * lock which is far worse. - */ -static int dynamic_set_data_ctx(ENGINE *e, dynamic_data_ctx **ctx) -{ - dynamic_data_ctx *c = OPENSSL_zalloc(sizeof(*c)); - int ret = 0; - - if (c == NULL) { - ERR_raise(ERR_LIB_ENGINE, ERR_R_MALLOC_FAILURE); - return 0; - } - c->dirs = sk_OPENSSL_STRING_new_null(); - if (c->dirs == NULL) { - ERR_raise(ERR_LIB_ENGINE, ERR_R_MALLOC_FAILURE); - goto end; - } - c->DYNAMIC_F1 = "v_check"; - c->DYNAMIC_F2 = "bind_engine"; - c->dir_load = 1; - if (!CRYPTO_THREAD_write_lock(global_engine_lock)) - goto end; - if ((*ctx = (dynamic_data_ctx *)ENGINE_get_ex_data(e, - dynamic_ex_data_idx)) - == NULL) { - /* Good, we're the first */ - ret = ENGINE_set_ex_data(e, dynamic_ex_data_idx, c); - if (ret) { - *ctx = c; - c = NULL; - } - } - CRYPTO_THREAD_unlock(global_engine_lock); - ret = 1; - /* - * If we lost the race to set the context, c is non-NULL and *ctx is the - * context of the thread that won. - */ -end: - if (c != NULL) - sk_OPENSSL_STRING_free(c->dirs); - OPENSSL_free(c); - return ret; -} - -/* - * This function retrieves the context structure from an ENGINE's "ex_data", - * or if it doesn't exist yet, sets it up. - */ -static dynamic_data_ctx *dynamic_get_data_ctx(ENGINE *e) -{ - dynamic_data_ctx *ctx; - if (dynamic_ex_data_idx < 0) { - /* - * Create and register the ENGINE ex_data, and associate our "free" - * function with it to ensure any allocated contexts get freed when - * an ENGINE goes underground. - */ - int new_idx = ENGINE_get_ex_new_index(0, NULL, NULL, NULL, - dynamic_data_ctx_free_func); - if (new_idx == -1) { - ERR_raise(ERR_LIB_ENGINE, ENGINE_R_NO_INDEX); - return NULL; - } - if (!CRYPTO_THREAD_write_lock(global_engine_lock)) - return NULL; - /* Avoid a race by checking again inside this lock */ - if (dynamic_ex_data_idx < 0) { - /* Good, someone didn't beat us to it */ - dynamic_ex_data_idx = new_idx; - new_idx = -1; - } - CRYPTO_THREAD_unlock(global_engine_lock); - /* - * In theory we could "give back" the index here if (new_idx>-1), but - * it's not possible and wouldn't gain us much if it were. - */ - } - ctx = (dynamic_data_ctx *)ENGINE_get_ex_data(e, dynamic_ex_data_idx); - /* Check if the context needs to be created */ - if ((ctx == NULL) && !dynamic_set_data_ctx(e, &ctx)) - /* "set_data" will set errors if necessary */ - return NULL; - return ctx; -} - -static ENGINE *engine_dynamic(void) -{ - ENGINE *ret = ENGINE_new(); - if (ret == NULL) - return NULL; - if (!ENGINE_set_id(ret, engine_dynamic_id) || - !ENGINE_set_name(ret, engine_dynamic_name) || - !ENGINE_set_init_function(ret, dynamic_init) || - !ENGINE_set_finish_function(ret, dynamic_finish) || - !ENGINE_set_ctrl_function(ret, dynamic_ctrl) || - !ENGINE_set_flags(ret, ENGINE_FLAGS_BY_ID_COPY) || - !ENGINE_set_cmd_defns(ret, dynamic_cmd_defns)) { - ENGINE_free(ret); - return NULL; - } - return ret; -} - -void engine_load_dynamic_int(void) -{ - ENGINE *toadd = engine_dynamic(); - if (!toadd) - return; - - ERR_set_mark(); - ENGINE_add(toadd); - /* - * If the "add" worked, it gets a structural reference. So either way, we - * release our just-created reference. - */ - ENGINE_free(toadd); - /* - * If the "add" didn't work, it was probably a conflict because it was - * already added (eg. someone calling ENGINE_load_blah then calling - * ENGINE_load_builtin_engines() perhaps). - */ - ERR_pop_to_mark(); -} - -static int dynamic_init(ENGINE *e) -{ - /* - * We always return failure - the "dynamic" engine itself can't be used - * for anything. - */ - return 0; -} - -static int dynamic_finish(ENGINE *e) -{ - /* - * This should never be called on account of "dynamic_init" always - * failing. - */ - return 0; -} - -static int dynamic_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void)) -{ - dynamic_data_ctx *ctx = dynamic_get_data_ctx(e); - int initialised; - - if (!ctx) { - ERR_raise(ERR_LIB_ENGINE, ENGINE_R_NOT_LOADED); - return 0; - } - initialised = ((ctx->dynamic_dso == NULL) ? 0 : 1); - /* All our control commands require the ENGINE to be uninitialised */ - if (initialised) { - ERR_raise(ERR_LIB_ENGINE, ENGINE_R_ALREADY_LOADED); - return 0; - } - switch (cmd) { - case DYNAMIC_CMD_SO_PATH: - /* a NULL 'p' or a string of zero-length is the same thing */ - if (p && (strlen((const char *)p) < 1)) - p = NULL; - OPENSSL_free(ctx->DYNAMIC_LIBNAME); - if (p) - ctx->DYNAMIC_LIBNAME = OPENSSL_strdup(p); - else - ctx->DYNAMIC_LIBNAME = NULL; - return (ctx->DYNAMIC_LIBNAME ? 1 : 0); - case DYNAMIC_CMD_NO_VCHECK: - ctx->no_vcheck = ((i == 0) ? 0 : 1); - return 1; - case DYNAMIC_CMD_ID: - /* a NULL 'p' or a string of zero-length is the same thing */ - if (p && (strlen((const char *)p) < 1)) - p = NULL; - OPENSSL_free(ctx->engine_id); - if (p) - ctx->engine_id = OPENSSL_strdup(p); - else - ctx->engine_id = NULL; - return (ctx->engine_id ? 1 : 0); - case DYNAMIC_CMD_LIST_ADD: - if ((i < 0) || (i > 2)) { - ERR_raise(ERR_LIB_ENGINE, ENGINE_R_INVALID_ARGUMENT); - return 0; - } - ctx->list_add_value = (int)i; - return 1; - case DYNAMIC_CMD_LOAD: - return dynamic_load(e, ctx); - case DYNAMIC_CMD_DIR_LOAD: - if ((i < 0) || (i > 2)) { - ERR_raise(ERR_LIB_ENGINE, ENGINE_R_INVALID_ARGUMENT); - return 0; - } - ctx->dir_load = (int)i; - return 1; - case DYNAMIC_CMD_DIR_ADD: - /* a NULL 'p' or a string of zero-length is the same thing */ - if (p == NULL || (strlen((const char *)p) < 1)) { - ERR_raise(ERR_LIB_ENGINE, ENGINE_R_INVALID_ARGUMENT); - return 0; - } - { - char *tmp_str = OPENSSL_strdup(p); - if (tmp_str == NULL) { - ERR_raise(ERR_LIB_ENGINE, ERR_R_MALLOC_FAILURE); - return 0; - } - if (!sk_OPENSSL_STRING_push(ctx->dirs, tmp_str)) { - OPENSSL_free(tmp_str); - ERR_raise(ERR_LIB_ENGINE, ERR_R_MALLOC_FAILURE); - return 0; - } - } - return 1; - default: - break; - } - ERR_raise(ERR_LIB_ENGINE, ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED); - return 0; -} - -static int int_load(dynamic_data_ctx *ctx) -{ - int num, loop; - /* Unless told not to, try a direct load */ - if ((ctx->dir_load != 2) && (DSO_load(ctx->dynamic_dso, - ctx->DYNAMIC_LIBNAME, NULL, - 0)) != NULL) - return 1; - /* If we're not allowed to use 'dirs' or we have none, fail */ - if (!ctx->dir_load || (num = sk_OPENSSL_STRING_num(ctx->dirs)) < 1) - return 0; - for (loop = 0; loop < num; loop++) { - const char *s = sk_OPENSSL_STRING_value(ctx->dirs, loop); - char *merge = DSO_merge(ctx->dynamic_dso, ctx->DYNAMIC_LIBNAME, s); - if (!merge) - return 0; - if (DSO_load(ctx->dynamic_dso, merge, NULL, 0)) { - /* Found what we're looking for */ - OPENSSL_free(merge); - return 1; - } - OPENSSL_free(merge); - } - return 0; -} - -/* - * Unfortunately the version checker does not distinguish between - * engines built for openssl 1.1.x and openssl 3.x, but loading - * an engine that is built for openssl 1.1.x will cause a fatal - * error. Detect such engines, since EVP_PKEY_base_id is exported - * as a function in openssl 1.1.x, while it is named EVP_PKEY_get_base_id - * in openssl 3.x. Therefore we take the presence of that symbol - * as an indication that the engine will be incompatible. - */ -static int using_libcrypto_11(dynamic_data_ctx *ctx) -{ - int ret; - - ERR_set_mark(); - ret = DSO_bind_func(ctx->dynamic_dso, "EVP_PKEY_base_id") != NULL; - ERR_pop_to_mark(); - - return ret; -} - -static int dynamic_load(ENGINE *e, dynamic_data_ctx *ctx) -{ - ENGINE cpy; - dynamic_fns fns; - - if (ctx->dynamic_dso == NULL) - ctx->dynamic_dso = DSO_new(); - if (ctx->dynamic_dso == NULL) - return 0; - if (!ctx->DYNAMIC_LIBNAME) { - if (!ctx->engine_id) - return 0; - DSO_ctrl(ctx->dynamic_dso, DSO_CTRL_SET_FLAGS, - DSO_FLAG_NAME_TRANSLATION_EXT_ONLY, NULL); - ctx->DYNAMIC_LIBNAME = - DSO_convert_filename(ctx->dynamic_dso, ctx->engine_id); - } - if (!int_load(ctx)) { - ERR_raise(ERR_LIB_ENGINE, ENGINE_R_DSO_NOT_FOUND); - DSO_free(ctx->dynamic_dso); - ctx->dynamic_dso = NULL; - return 0; - } - /* We have to find a bind function otherwise it'll always end badly */ - if (! - (ctx->bind_engine = - (dynamic_bind_engine) DSO_bind_func(ctx->dynamic_dso, - ctx->DYNAMIC_F2))) { - ctx->bind_engine = NULL; - DSO_free(ctx->dynamic_dso); - ctx->dynamic_dso = NULL; - ERR_raise(ERR_LIB_ENGINE, ENGINE_R_DSO_FAILURE); - return 0; - } - /* Do we perform version checking? */ - if (!ctx->no_vcheck) { - unsigned long vcheck_res = 0; - /* - * Now we try to find a version checking function and decide how to - * cope with failure if/when it fails. - */ - ctx->v_check = - (dynamic_v_check_fn) DSO_bind_func(ctx->dynamic_dso, - ctx->DYNAMIC_F1); - if (ctx->v_check) - vcheck_res = ctx->v_check(OSSL_DYNAMIC_VERSION); - /* - * We fail if the version checker veto'd the load *or* if it is - * deferring to us (by returning its version) and we think it is too - * old. Also fail if this is engine for openssl 1.1.x. - */ - if (vcheck_res < OSSL_DYNAMIC_OLDEST || using_libcrypto_11(ctx)) { - /* Fail */ - ctx->bind_engine = NULL; - ctx->v_check = NULL; - DSO_free(ctx->dynamic_dso); - ctx->dynamic_dso = NULL; - ERR_raise(ERR_LIB_ENGINE, ENGINE_R_VERSION_INCOMPATIBILITY); - return 0; - } - } - /* - * First binary copy the ENGINE structure so that we can roll back if the - * hand-over fails - */ - memcpy(&cpy, e, sizeof(ENGINE)); - /* - * Provide the ERR, "ex_data", memory, and locking callbacks so the - * loaded library uses our state rather than its own. FIXME: As noted in - * engine.h, much of this would be simplified if each area of code - * provided its own "summary" structure of all related callbacks. It - * would also increase opaqueness. - */ - fns.static_state = ENGINE_get_static_state(); - CRYPTO_get_mem_functions(&fns.mem_fns.malloc_fn, &fns.mem_fns.realloc_fn, - &fns.mem_fns.free_fn); - /* - * Now that we've loaded the dynamic engine, make sure no "dynamic" - * ENGINE elements will show through. - */ - engine_set_all_null(e); - - /* Try to bind the ENGINE onto our own ENGINE structure */ - if (!engine_add_dynamic_id(e, (ENGINE_DYNAMIC_ID)ctx->bind_engine, 1) - || !ctx->bind_engine(e, ctx->engine_id, &fns)) { - engine_remove_dynamic_id(e, 1); - ctx->bind_engine = NULL; - ctx->v_check = NULL; - DSO_free(ctx->dynamic_dso); - ctx->dynamic_dso = NULL; - ERR_raise(ERR_LIB_ENGINE, ENGINE_R_INIT_FAILED); - /* Copy the original ENGINE structure back */ - memcpy(e, &cpy, sizeof(ENGINE)); - return 0; - } - /* Do we try to add this ENGINE to the internal list too? */ - if (ctx->list_add_value > 0) { - if (!ENGINE_add(e)) { - /* Do we tolerate this or fail? */ - if (ctx->list_add_value > 1) { - /* - * Fail - NB: By this time, it's too late to rollback, and - * trying to do so allows the bind_engine() code to have - * created leaks. We just have to fail where we are, after - * the ENGINE has changed. - */ - ERR_raise(ERR_LIB_ENGINE, ENGINE_R_CONFLICTING_ENGINE_ID); - return 0; - } - /* Tolerate */ - ERR_clear_error(); - } - } - return 1; -} diff --git a/crypto/engine/eng_err.c b/crypto/engine/eng_err.c deleted file mode 100644 index 17c1b7d008ee37edd20be79ddc61cb00d33fa1a4..0000000000000000000000000000000000000000 --- a/crypto/engine/eng_err.c +++ /dev/null @@ -1,94 +0,0 @@ -/* - * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include "crypto/engineerr.h" - -#ifndef OPENSSL_NO_ENGINE - -# ifndef OPENSSL_NO_ERR - -static const ERR_STRING_DATA ENGINE_str_reasons[] = { - {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_ALREADY_LOADED), "already loaded"}, - {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER), - "argument is not a number"}, - {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_CMD_NOT_EXECUTABLE), - "cmd not executable"}, - {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_COMMAND_TAKES_INPUT), - "command takes input"}, - {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_COMMAND_TAKES_NO_INPUT), - "command takes no input"}, - {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_CONFLICTING_ENGINE_ID), - "conflicting engine id"}, - {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED), - "ctrl command not implemented"}, - {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_DSO_FAILURE), "DSO failure"}, - {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_DSO_NOT_FOUND), "dso not found"}, - {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_ENGINES_SECTION_ERROR), - "engines section error"}, - {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_ENGINE_CONFIGURATION_ERROR), - "engine configuration error"}, - {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_ENGINE_IS_NOT_IN_LIST), - "engine is not in the list"}, - {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_ENGINE_SECTION_ERROR), - "engine section error"}, - {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_FAILED_LOADING_PRIVATE_KEY), - "failed loading private key"}, - {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_FAILED_LOADING_PUBLIC_KEY), - "failed loading public key"}, - {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_FINISH_FAILED), "finish failed"}, - {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_ID_OR_NAME_MISSING), - "'id' or 'name' missing"}, - {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_INIT_FAILED), "init failed"}, - {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_INTERNAL_LIST_ERROR), - "internal list error"}, - {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_INVALID_ARGUMENT), - "invalid argument"}, - {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_INVALID_CMD_NAME), - "invalid cmd name"}, - {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_INVALID_CMD_NUMBER), - "invalid cmd number"}, - {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_INVALID_INIT_VALUE), - "invalid init value"}, - {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_INVALID_STRING), "invalid string"}, - {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_NOT_INITIALISED), "not initialised"}, - {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_NOT_LOADED), "not loaded"}, - {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_NO_CONTROL_FUNCTION), - "no control function"}, - {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_NO_INDEX), "no index"}, - {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_NO_LOAD_FUNCTION), - "no load function"}, - {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_NO_REFERENCE), "no reference"}, - {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_NO_SUCH_ENGINE), "no such engine"}, - {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_UNIMPLEMENTED_CIPHER), - "unimplemented cipher"}, - {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_UNIMPLEMENTED_DIGEST), - "unimplemented digest"}, - {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_UNIMPLEMENTED_PUBLIC_KEY_METHOD), - "unimplemented public key method"}, - {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_VERSION_INCOMPATIBILITY), - "version incompatibility"}, - {0, NULL} -}; - -# endif - -int ossl_err_load_ENGINE_strings(void) -{ -# ifndef OPENSSL_NO_ERR - if (ERR_reason_error_string(ENGINE_str_reasons[0].error) == NULL) - ERR_load_strings_const(ENGINE_str_reasons); -# endif - return 1; -} -#else -NON_EMPTY_TRANSLATION_UNIT -#endif diff --git a/crypto/engine/eng_fat.c b/crypto/engine/eng_fat.c deleted file mode 100644 index 0cf27715c5ccd66d422615ec1c825f2a373ad151..0000000000000000000000000000000000000000 --- a/crypto/engine/eng_fat.c +++ /dev/null @@ -1,121 +0,0 @@ -/* - * Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. - * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* We need to use some engine deprecated APIs */ -#define OPENSSL_SUPPRESS_DEPRECATED - -#include "eng_local.h" -#include - -int ENGINE_set_default(ENGINE *e, unsigned int flags) -{ - if ((flags & ENGINE_METHOD_CIPHERS) && !ENGINE_set_default_ciphers(e)) - return 0; - if ((flags & ENGINE_METHOD_DIGESTS) && !ENGINE_set_default_digests(e)) - return 0; - if ((flags & ENGINE_METHOD_RSA) && !ENGINE_set_default_RSA(e)) - return 0; -#ifndef OPENSSL_NO_DSA - if ((flags & ENGINE_METHOD_DSA) && !ENGINE_set_default_DSA(e)) - return 0; -#endif -#ifndef OPENSSL_NO_DH - if ((flags & ENGINE_METHOD_DH) && !ENGINE_set_default_DH(e)) - return 0; -#endif -#ifndef OPENSSL_NO_EC - if ((flags & ENGINE_METHOD_EC) && !ENGINE_set_default_EC(e)) - return 0; -#endif - if ((flags & ENGINE_METHOD_RAND) && !ENGINE_set_default_RAND(e)) - return 0; - if ((flags & ENGINE_METHOD_PKEY_METHS) - && !ENGINE_set_default_pkey_meths(e)) - return 0; - if ((flags & ENGINE_METHOD_PKEY_ASN1_METHS) - && !ENGINE_set_default_pkey_asn1_meths(e)) - return 0; - return 1; -} - -/* Set default algorithms using a string */ - -static int int_def_cb(const char *alg, int len, void *arg) -{ - unsigned int *pflags = arg; - if (alg == NULL) - return 0; - if (strncmp(alg, "ALL", len) == 0) - *pflags |= ENGINE_METHOD_ALL; - else if (strncmp(alg, "RSA", len) == 0) - *pflags |= ENGINE_METHOD_RSA; - else if (strncmp(alg, "DSA", len) == 0) - *pflags |= ENGINE_METHOD_DSA; - else if (strncmp(alg, "DH", len) == 0) - *pflags |= ENGINE_METHOD_DH; - else if (strncmp(alg, "EC", len) == 0) - *pflags |= ENGINE_METHOD_EC; - else if (strncmp(alg, "RAND", len) == 0) - *pflags |= ENGINE_METHOD_RAND; - else if (strncmp(alg, "CIPHERS", len) == 0) - *pflags |= ENGINE_METHOD_CIPHERS; - else if (strncmp(alg, "DIGESTS", len) == 0) - *pflags |= ENGINE_METHOD_DIGESTS; - else if (strncmp(alg, "PKEY", len) == 0) - *pflags |= ENGINE_METHOD_PKEY_METHS | ENGINE_METHOD_PKEY_ASN1_METHS; - else if (strncmp(alg, "PKEY_CRYPTO", len) == 0) - *pflags |= ENGINE_METHOD_PKEY_METHS; - else if (strncmp(alg, "PKEY_ASN1", len) == 0) - *pflags |= ENGINE_METHOD_PKEY_ASN1_METHS; - else - return 0; - return 1; -} - -int ENGINE_set_default_string(ENGINE *e, const char *def_list) -{ - unsigned int flags = 0; - if (!CONF_parse_list(def_list, ',', 1, int_def_cb, &flags)) { - ERR_raise_data(ERR_LIB_ENGINE, ENGINE_R_INVALID_STRING, - "str=%s", def_list); - return 0; - } - return ENGINE_set_default(e, flags); -} - -int ENGINE_register_complete(ENGINE *e) -{ - ENGINE_register_ciphers(e); - ENGINE_register_digests(e); - ENGINE_register_RSA(e); -#ifndef OPENSSL_NO_DSA - ENGINE_register_DSA(e); -#endif -#ifndef OPENSSL_NO_DH - ENGINE_register_DH(e); -#endif -#ifndef OPENSSL_NO_EC - ENGINE_register_EC(e); -#endif - ENGINE_register_RAND(e); - ENGINE_register_pkey_meths(e); - ENGINE_register_pkey_asn1_meths(e); - return 1; -} - -int ENGINE_register_all_complete(void) -{ - ENGINE *e; - - for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e)) - if (!(e->flags & ENGINE_FLAGS_NO_REGISTER_ALL)) - ENGINE_register_complete(e); - return 1; -} diff --git a/crypto/engine/eng_init.c b/crypto/engine/eng_init.c deleted file mode 100644 index c204eb18998674eaf5e0087d0b89dcefee87fa5d..0000000000000000000000000000000000000000 --- a/crypto/engine/eng_init.c +++ /dev/null @@ -1,115 +0,0 @@ -/* - * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* We need to use some engine deprecated APIs */ -#define OPENSSL_SUPPRESS_DEPRECATED - -#include "e_os.h" -#include "eng_local.h" - -/* - * Initialise a engine type for use (or up its functional reference count if - * it's already in use). This version is only used internally. - */ -int engine_unlocked_init(ENGINE *e) -{ - int to_return = 1; - - if ((e->funct_ref == 0) && e->init) - /* - * This is the first functional reference and the engine requires - * initialisation so we do it now. - */ - to_return = e->init(e); - if (to_return) { - /* - * OK, we return a functional reference which is also a structural - * reference. - */ - e->struct_ref++; - e->funct_ref++; - ENGINE_REF_PRINT(e, 0, 1); - ENGINE_REF_PRINT(e, 1, 1); - } - return to_return; -} - -/* - * Free a functional reference to a engine type. This version is only used - * internally. - */ -int engine_unlocked_finish(ENGINE *e, int unlock_for_handlers) -{ - int to_return = 1; - - /* - * Reduce the functional reference count here so if it's the terminating - * case, we can release the lock safely and call the finish() handler - * without risk of a race. We get a race if we leave the count until - * after and something else is calling "finish" at the same time - - * there's a chance that both threads will together take the count from 2 - * to 0 without either calling finish(). - */ - e->funct_ref--; - ENGINE_REF_PRINT(e, 1, -1); - if ((e->funct_ref == 0) && e->finish) { - if (unlock_for_handlers) - CRYPTO_THREAD_unlock(global_engine_lock); - to_return = e->finish(e); - if (unlock_for_handlers) - if (!CRYPTO_THREAD_write_lock(global_engine_lock)) - return 0; - if (!to_return) - return 0; - } - REF_ASSERT_ISNT(e->funct_ref < 0); - /* Release the structural reference too */ - if (!engine_free_util(e, 0)) { - ERR_raise(ERR_LIB_ENGINE, ENGINE_R_FINISH_FAILED); - return 0; - } - return to_return; -} - -/* The API (locked) version of "init" */ -int ENGINE_init(ENGINE *e) -{ - int ret; - if (e == NULL) { - ERR_raise(ERR_LIB_ENGINE, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - if (!RUN_ONCE(&engine_lock_init, do_engine_lock_init)) { - ERR_raise(ERR_LIB_ENGINE, ERR_R_MALLOC_FAILURE); - return 0; - } - if (!CRYPTO_THREAD_write_lock(global_engine_lock)) - return 0; - ret = engine_unlocked_init(e); - CRYPTO_THREAD_unlock(global_engine_lock); - return ret; -} - -/* The API (locked) version of "finish" */ -int ENGINE_finish(ENGINE *e) -{ - int to_return = 1; - - if (e == NULL) - return 1; - if (!CRYPTO_THREAD_write_lock(global_engine_lock)) - return 0; - to_return = engine_unlocked_finish(e, 1); - CRYPTO_THREAD_unlock(global_engine_lock); - if (!to_return) { - ERR_raise(ERR_LIB_ENGINE, ENGINE_R_FINISH_FAILED); - return 0; - } - return to_return; -} diff --git a/crypto/engine/eng_lib.c b/crypto/engine/eng_lib.c deleted file mode 100644 index 05c6a67c1e1b51b8bc8ae9bab877b42444764924..0000000000000000000000000000000000000000 --- a/crypto/engine/eng_lib.c +++ /dev/null @@ -1,300 +0,0 @@ -/* - * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include "e_os.h" -#include "eng_local.h" -#include -#include "internal/refcount.h" - -CRYPTO_RWLOCK *global_engine_lock; - -CRYPTO_ONCE engine_lock_init = CRYPTO_ONCE_STATIC_INIT; - -/* The "new"/"free" stuff first */ - -DEFINE_RUN_ONCE(do_engine_lock_init) -{ - global_engine_lock = CRYPTO_THREAD_lock_new(); - return global_engine_lock != NULL; -} - -ENGINE *ENGINE_new(void) -{ - ENGINE *ret; - - if (!RUN_ONCE(&engine_lock_init, do_engine_lock_init) - || (ret = OPENSSL_zalloc(sizeof(*ret))) == NULL) { - ERR_raise(ERR_LIB_ENGINE, ERR_R_MALLOC_FAILURE); - return NULL; - } - ret->struct_ref = 1; - ENGINE_REF_PRINT(ret, 0, 1); - if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_ENGINE, ret, &ret->ex_data)) { - OPENSSL_free(ret); - return NULL; - } - return ret; -} - -/* - * Placed here (close proximity to ENGINE_new) so that modifications to the - * elements of the ENGINE structure are more likely to be caught and changed - * here. - */ -void engine_set_all_null(ENGINE *e) -{ - e->id = NULL; - e->name = NULL; - e->rsa_meth = NULL; - e->dsa_meth = NULL; - e->dh_meth = NULL; - e->rand_meth = NULL; - e->ciphers = NULL; - e->digests = NULL; - e->destroy = NULL; - e->init = NULL; - e->finish = NULL; - e->ctrl = NULL; - e->load_privkey = NULL; - e->load_pubkey = NULL; - e->cmd_defns = NULL; - e->flags = 0; - e->dynamic_id = NULL; -} - -int engine_free_util(ENGINE *e, int not_locked) -{ - int i; - - if (e == NULL) - return 1; - if (not_locked) - CRYPTO_DOWN_REF(&e->struct_ref, &i, global_engine_lock); - else - i = --e->struct_ref; - ENGINE_REF_PRINT(e, 0, -1); - if (i > 0) - return 1; - REF_ASSERT_ISNT(i < 0); - /* Free up any dynamically allocated public key methods */ - engine_pkey_meths_free(e); - engine_pkey_asn1_meths_free(e); - /* - * Give the ENGINE a chance to do any structural cleanup corresponding to - * allocation it did in its constructor (eg. unload error strings) - */ - if (e->destroy) - e->destroy(e); - engine_remove_dynamic_id(e, not_locked); - CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ENGINE, e, &e->ex_data); - OPENSSL_free(e); - return 1; -} - -int ENGINE_free(ENGINE *e) -{ - return engine_free_util(e, 1); -} - -/* Cleanup stuff */ - -/* - * engine_cleanup_int() is coded such that anything that does work that will - * need cleanup can register a "cleanup" callback here. That way we don't get - * linker bloat by referring to all *possible* cleanups, but any linker bloat - * into code "X" will cause X's cleanup function to end up here. - */ -static STACK_OF(ENGINE_CLEANUP_ITEM) *cleanup_stack = NULL; -static int int_cleanup_check(int create) -{ - if (cleanup_stack) - return 1; - if (!create) - return 0; - cleanup_stack = sk_ENGINE_CLEANUP_ITEM_new_null(); - return (cleanup_stack ? 1 : 0); -} - -static ENGINE_CLEANUP_ITEM *int_cleanup_item(ENGINE_CLEANUP_CB *cb) -{ - ENGINE_CLEANUP_ITEM *item; - - if ((item = OPENSSL_malloc(sizeof(*item))) == NULL) { - ERR_raise(ERR_LIB_ENGINE, ERR_R_MALLOC_FAILURE); - return NULL; - } - item->cb = cb; - return item; -} - -void engine_cleanup_add_first(ENGINE_CLEANUP_CB *cb) -{ - ENGINE_CLEANUP_ITEM *item; - - if (!int_cleanup_check(1)) - return; - item = int_cleanup_item(cb); - if (item) - sk_ENGINE_CLEANUP_ITEM_insert(cleanup_stack, item, 0); -} - -void engine_cleanup_add_last(ENGINE_CLEANUP_CB *cb) -{ - ENGINE_CLEANUP_ITEM *item; - if (!int_cleanup_check(1)) - return; - item = int_cleanup_item(cb); - if (item != NULL) { - if (sk_ENGINE_CLEANUP_ITEM_push(cleanup_stack, item) <= 0) - OPENSSL_free(item); - } -} - -/* The API function that performs all cleanup */ -static void engine_cleanup_cb_free(ENGINE_CLEANUP_ITEM *item) -{ - (*(item->cb)) (); - OPENSSL_free(item); -} - -void engine_cleanup_int(void) -{ - if (int_cleanup_check(0)) { - sk_ENGINE_CLEANUP_ITEM_pop_free(cleanup_stack, - engine_cleanup_cb_free); - cleanup_stack = NULL; - } - CRYPTO_THREAD_lock_free(global_engine_lock); - global_engine_lock = NULL; -} - -/* Now the "ex_data" support */ - -int ENGINE_set_ex_data(ENGINE *e, int idx, void *arg) -{ - return CRYPTO_set_ex_data(&e->ex_data, idx, arg); -} - -void *ENGINE_get_ex_data(const ENGINE *e, int idx) -{ - return CRYPTO_get_ex_data(&e->ex_data, idx); -} - -/* - * Functions to get/set an ENGINE's elements - mainly to avoid exposing the - * ENGINE structure itself. - */ - -int ENGINE_set_id(ENGINE *e, const char *id) -{ - if (id == NULL) { - ERR_raise(ERR_LIB_ENGINE, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - e->id = id; - return 1; -} - -int ENGINE_set_name(ENGINE *e, const char *name) -{ - if (name == NULL) { - ERR_raise(ERR_LIB_ENGINE, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - e->name = name; - return 1; -} - -int ENGINE_set_destroy_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR destroy_f) -{ - e->destroy = destroy_f; - return 1; -} - -int ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f) -{ - e->init = init_f; - return 1; -} - -int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f) -{ - e->finish = finish_f; - return 1; -} - -int ENGINE_set_ctrl_function(ENGINE *e, ENGINE_CTRL_FUNC_PTR ctrl_f) -{ - e->ctrl = ctrl_f; - return 1; -} - -int ENGINE_set_flags(ENGINE *e, int flags) -{ - e->flags = flags; - return 1; -} - -int ENGINE_set_cmd_defns(ENGINE *e, const ENGINE_CMD_DEFN *defns) -{ - e->cmd_defns = defns; - return 1; -} - -const char *ENGINE_get_id(const ENGINE *e) -{ - return e->id; -} - -const char *ENGINE_get_name(const ENGINE *e) -{ - return e->name; -} - -ENGINE_GEN_INT_FUNC_PTR ENGINE_get_destroy_function(const ENGINE *e) -{ - return e->destroy; -} - -ENGINE_GEN_INT_FUNC_PTR ENGINE_get_init_function(const ENGINE *e) -{ - return e->init; -} - -ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(const ENGINE *e) -{ - return e->finish; -} - -ENGINE_CTRL_FUNC_PTR ENGINE_get_ctrl_function(const ENGINE *e) -{ - return e->ctrl; -} - -int ENGINE_get_flags(const ENGINE *e) -{ - return e->flags; -} - -const ENGINE_CMD_DEFN *ENGINE_get_cmd_defns(const ENGINE *e) -{ - return e->cmd_defns; -} - -/* - * eng_lib.o is pretty much linked into anything that touches ENGINE already, - * so put the "static_state" hack here. - */ - -static int internal_static_hack = 0; - -void *ENGINE_get_static_state(void) -{ - return &internal_static_hack; -} diff --git a/crypto/engine/eng_list.c b/crypto/engine/eng_list.c deleted file mode 100644 index 04c73c76286486936db9ac913c50c7f00786db7e..0000000000000000000000000000000000000000 --- a/crypto/engine/eng_list.c +++ /dev/null @@ -1,444 +0,0 @@ -/* - * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. - * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* We need to use some engine deprecated APIs */ -#define OPENSSL_SUPPRESS_DEPRECATED - -#include "eng_local.h" - -/* - * The linked-list of pointers to engine types. engine_list_head incorporates - * an implicit structural reference but engine_list_tail does not - the - * latter is a computational optimization and only points to something that - * is already pointed to by its predecessor in the list (or engine_list_head - * itself). In the same way, the use of the "prev" pointer in each ENGINE is - * to save excessive list iteration, it doesn't correspond to an extra - * structural reference. Hence, engine_list_head, and each non-null "next" - * pointer account for the list itself assuming exactly 1 structural - * reference on each list member. - */ -static ENGINE *engine_list_head = NULL; -static ENGINE *engine_list_tail = NULL; - -/* - * The linked list of currently loaded dynamic engines. - */ -static ENGINE *engine_dyn_list_head = NULL; -static ENGINE *engine_dyn_list_tail = NULL; - -/* - * This cleanup function is only needed internally. If it should be called, - * we register it with the "engine_cleanup_int()" stack to be called during - * cleanup. - */ - -static void engine_list_cleanup(void) -{ - ENGINE *iterator = engine_list_head; - - while (iterator != NULL) { - ENGINE_remove(iterator); - iterator = engine_list_head; - } - return; -} - -/* - * These static functions starting with a lower case "engine_" always take - * place when global_engine_lock has been locked up. - */ -static int engine_list_add(ENGINE *e) -{ - int conflict = 0; - ENGINE *iterator = NULL; - - if (e == NULL) { - ERR_raise(ERR_LIB_ENGINE, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - iterator = engine_list_head; - while (iterator && !conflict) { - conflict = (strcmp(iterator->id, e->id) == 0); - iterator = iterator->next; - } - if (conflict) { - ERR_raise(ERR_LIB_ENGINE, ENGINE_R_CONFLICTING_ENGINE_ID); - return 0; - } - if (engine_list_head == NULL) { - /* We are adding to an empty list. */ - if (engine_list_tail) { - ERR_raise(ERR_LIB_ENGINE, ENGINE_R_INTERNAL_LIST_ERROR); - return 0; - } - engine_list_head = e; - e->prev = NULL; - /* - * The first time the list allocates, we should register the cleanup. - */ - engine_cleanup_add_last(engine_list_cleanup); - } else { - /* We are adding to the tail of an existing list. */ - if ((engine_list_tail == NULL) || (engine_list_tail->next != NULL)) { - ERR_raise(ERR_LIB_ENGINE, ENGINE_R_INTERNAL_LIST_ERROR); - return 0; - } - engine_list_tail->next = e; - e->prev = engine_list_tail; - } - /* - * Having the engine in the list assumes a structural reference. - */ - e->struct_ref++; - ENGINE_REF_PRINT(e, 0, 1); - /* However it came to be, e is the last item in the list. */ - engine_list_tail = e; - e->next = NULL; - return 1; -} - -static int engine_list_remove(ENGINE *e) -{ - ENGINE *iterator; - - if (e == NULL) { - ERR_raise(ERR_LIB_ENGINE, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - /* We need to check that e is in our linked list! */ - iterator = engine_list_head; - while (iterator && (iterator != e)) - iterator = iterator->next; - if (iterator == NULL) { - ERR_raise(ERR_LIB_ENGINE, ENGINE_R_ENGINE_IS_NOT_IN_LIST); - return 0; - } - /* un-link e from the chain. */ - if (e->next) - e->next->prev = e->prev; - if (e->prev) - e->prev->next = e->next; - /* Correct our head/tail if necessary. */ - if (engine_list_head == e) - engine_list_head = e->next; - if (engine_list_tail == e) - engine_list_tail = e->prev; - engine_free_util(e, 0); - return 1; -} - -/* Add engine to dynamic engine list. */ -int engine_add_dynamic_id(ENGINE *e, ENGINE_DYNAMIC_ID dynamic_id, - int not_locked) -{ - int result = 0; - ENGINE *iterator = NULL; - - if (e == NULL) - return 0; - - if (e->dynamic_id == NULL && dynamic_id == NULL) - return 0; - - if (not_locked && !CRYPTO_THREAD_write_lock(global_engine_lock)) - return 0; - - if (dynamic_id != NULL) { - iterator = engine_dyn_list_head; - while (iterator != NULL) { - if (iterator->dynamic_id == dynamic_id) - goto err; - iterator = iterator->next; - } - if (e->dynamic_id != NULL) - goto err; - e->dynamic_id = dynamic_id; - } - - if (engine_dyn_list_head == NULL) { - /* We are adding to an empty list. */ - if (engine_dyn_list_tail != NULL) - goto err; - engine_dyn_list_head = e; - e->prev_dyn = NULL; - } else { - /* We are adding to the tail of an existing list. */ - if (engine_dyn_list_tail == NULL - || engine_dyn_list_tail->next_dyn != NULL) - goto err; - engine_dyn_list_tail->next_dyn = e; - e->prev_dyn = engine_dyn_list_tail; - } - - engine_dyn_list_tail = e; - e->next_dyn = NULL; - result = 1; - - err: - if (not_locked) - CRYPTO_THREAD_unlock(global_engine_lock); - return result; -} - -/* Remove engine from dynamic engine list. */ -void engine_remove_dynamic_id(ENGINE *e, int not_locked) -{ - if (e == NULL || e->dynamic_id == NULL) - return; - - if (not_locked && !CRYPTO_THREAD_write_lock(global_engine_lock)) - return; - - e->dynamic_id = NULL; - - /* un-link e from the chain. */ - if (e->next_dyn != NULL) - e->next_dyn->prev_dyn = e->prev_dyn; - if (e->prev_dyn != NULL) - e->prev_dyn->next_dyn = e->next_dyn; - /* Correct our head/tail if necessary. */ - if (engine_dyn_list_head == e) - engine_dyn_list_head = e->next_dyn; - if (engine_dyn_list_tail == e) - engine_dyn_list_tail = e->prev_dyn; - - if (not_locked) - CRYPTO_THREAD_unlock(global_engine_lock); -} - -/* Get the first/last "ENGINE" type available. */ -ENGINE *ENGINE_get_first(void) -{ - ENGINE *ret; - - if (!RUN_ONCE(&engine_lock_init, do_engine_lock_init)) { - ERR_raise(ERR_LIB_ENGINE, ERR_R_MALLOC_FAILURE); - return NULL; - } - - if (!CRYPTO_THREAD_write_lock(global_engine_lock)) - return NULL; - ret = engine_list_head; - if (ret) { - ret->struct_ref++; - ENGINE_REF_PRINT(ret, 0, 1); - } - CRYPTO_THREAD_unlock(global_engine_lock); - return ret; -} - -ENGINE *ENGINE_get_last(void) -{ - ENGINE *ret; - - if (!RUN_ONCE(&engine_lock_init, do_engine_lock_init)) { - ERR_raise(ERR_LIB_ENGINE, ERR_R_MALLOC_FAILURE); - return NULL; - } - - if (!CRYPTO_THREAD_write_lock(global_engine_lock)) - return NULL; - ret = engine_list_tail; - if (ret) { - ret->struct_ref++; - ENGINE_REF_PRINT(ret, 0, 1); - } - CRYPTO_THREAD_unlock(global_engine_lock); - return ret; -} - -/* Iterate to the next/previous "ENGINE" type (NULL = end of the list). */ -ENGINE *ENGINE_get_next(ENGINE *e) -{ - ENGINE *ret = NULL; - if (e == NULL) { - ERR_raise(ERR_LIB_ENGINE, ERR_R_PASSED_NULL_PARAMETER); - return NULL; - } - if (!CRYPTO_THREAD_write_lock(global_engine_lock)) - return NULL; - ret = e->next; - if (ret) { - /* Return a valid structural reference to the next ENGINE */ - ret->struct_ref++; - ENGINE_REF_PRINT(ret, 0, 1); - } - CRYPTO_THREAD_unlock(global_engine_lock); - /* Release the structural reference to the previous ENGINE */ - ENGINE_free(e); - return ret; -} - -ENGINE *ENGINE_get_prev(ENGINE *e) -{ - ENGINE *ret = NULL; - if (e == NULL) { - ERR_raise(ERR_LIB_ENGINE, ERR_R_PASSED_NULL_PARAMETER); - return NULL; - } - if (!CRYPTO_THREAD_write_lock(global_engine_lock)) - return NULL; - ret = e->prev; - if (ret) { - /* Return a valid structural reference to the next ENGINE */ - ret->struct_ref++; - ENGINE_REF_PRINT(ret, 0, 1); - } - CRYPTO_THREAD_unlock(global_engine_lock); - /* Release the structural reference to the previous ENGINE */ - ENGINE_free(e); - return ret; -} - -/* Add another "ENGINE" type into the list. */ -int ENGINE_add(ENGINE *e) -{ - int to_return = 1; - if (e == NULL) { - ERR_raise(ERR_LIB_ENGINE, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - if ((e->id == NULL) || (e->name == NULL)) { - ERR_raise(ERR_LIB_ENGINE, ENGINE_R_ID_OR_NAME_MISSING); - return 0; - } - if (!CRYPTO_THREAD_write_lock(global_engine_lock)) - return 0; - if (!engine_list_add(e)) { - ERR_raise(ERR_LIB_ENGINE, ENGINE_R_INTERNAL_LIST_ERROR); - to_return = 0; - } - CRYPTO_THREAD_unlock(global_engine_lock); - return to_return; -} - -/* Remove an existing "ENGINE" type from the array. */ -int ENGINE_remove(ENGINE *e) -{ - int to_return = 1; - if (e == NULL) { - ERR_raise(ERR_LIB_ENGINE, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - if (!CRYPTO_THREAD_write_lock(global_engine_lock)) - return 0; - if (!engine_list_remove(e)) { - ERR_raise(ERR_LIB_ENGINE, ENGINE_R_INTERNAL_LIST_ERROR); - to_return = 0; - } - CRYPTO_THREAD_unlock(global_engine_lock); - return to_return; -} - -static void engine_cpy(ENGINE *dest, const ENGINE *src) -{ - dest->id = src->id; - dest->name = src->name; - dest->rsa_meth = src->rsa_meth; -#ifndef OPENSSL_NO_DSA - dest->dsa_meth = src->dsa_meth; -#endif -#ifndef OPENSSL_NO_DH - dest->dh_meth = src->dh_meth; -#endif -#ifndef OPENSSL_NO_EC - dest->ec_meth = src->ec_meth; -#endif - dest->rand_meth = src->rand_meth; - dest->ciphers = src->ciphers; - dest->digests = src->digests; - dest->pkey_meths = src->pkey_meths; - dest->destroy = src->destroy; - dest->init = src->init; - dest->finish = src->finish; - dest->ctrl = src->ctrl; - dest->load_privkey = src->load_privkey; - dest->load_pubkey = src->load_pubkey; - dest->cmd_defns = src->cmd_defns; - dest->flags = src->flags; - dest->dynamic_id = src->dynamic_id; - engine_add_dynamic_id(dest, NULL, 0); -} - -ENGINE *ENGINE_by_id(const char *id) -{ - ENGINE *iterator; - char *load_dir = NULL; - if (id == NULL) { - ERR_raise(ERR_LIB_ENGINE, ERR_R_PASSED_NULL_PARAMETER); - return NULL; - } - ENGINE_load_builtin_engines(); - - if (!RUN_ONCE(&engine_lock_init, do_engine_lock_init)) { - ERR_raise(ERR_LIB_ENGINE, ERR_R_MALLOC_FAILURE); - return NULL; - } - - if (!CRYPTO_THREAD_write_lock(global_engine_lock)) - return NULL; - iterator = engine_list_head; - while (iterator && (strcmp(id, iterator->id) != 0)) - iterator = iterator->next; - if (iterator != NULL) { - /* - * We need to return a structural reference. If this is an ENGINE - * type that returns copies, make a duplicate - otherwise increment - * the existing ENGINE's reference count. - */ - if (iterator->flags & ENGINE_FLAGS_BY_ID_COPY) { - ENGINE *cp = ENGINE_new(); - if (cp == NULL) - iterator = NULL; - else { - engine_cpy(cp, iterator); - iterator = cp; - } - } else { - iterator->struct_ref++; - ENGINE_REF_PRINT(iterator, 0, 1); - } - } - CRYPTO_THREAD_unlock(global_engine_lock); - if (iterator != NULL) - return iterator; - /* - * Prevent infinite recursion if we're looking for the dynamic engine. - */ - if (strcmp(id, "dynamic")) { - if ((load_dir = ossl_safe_getenv("OPENSSL_ENGINES")) == NULL) - load_dir = ENGINESDIR; - iterator = ENGINE_by_id("dynamic"); - if (!iterator || !ENGINE_ctrl_cmd_string(iterator, "ID", id, 0) || - !ENGINE_ctrl_cmd_string(iterator, "DIR_LOAD", "2", 0) || - !ENGINE_ctrl_cmd_string(iterator, "DIR_ADD", - load_dir, 0) || - !ENGINE_ctrl_cmd_string(iterator, "LIST_ADD", "1", 0) || - !ENGINE_ctrl_cmd_string(iterator, "LOAD", NULL, 0)) - goto notfound; - return iterator; - } - notfound: - ENGINE_free(iterator); - ERR_raise_data(ERR_LIB_ENGINE, ENGINE_R_NO_SUCH_ENGINE, "id=%s", id); - return NULL; - /* EEK! Experimental code ends */ -} - -int ENGINE_up_ref(ENGINE *e) -{ - int i; - if (e == NULL) { - ERR_raise(ERR_LIB_ENGINE, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - CRYPTO_UP_REF(&e->struct_ref, &i, global_engine_lock); - return 1; -} diff --git a/crypto/engine/eng_local.h b/crypto/engine/eng_local.h deleted file mode 100644 index 03a86299cf88b889ec920eceb53b2ec657200d45..0000000000000000000000000000000000000000 --- a/crypto/engine/eng_local.h +++ /dev/null @@ -1,161 +0,0 @@ -/* - * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. - * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#ifndef OSSL_CRYPTO_ENGINE_ENG_LOCAL_H -# define OSSL_CRYPTO_ENGINE_ENG_LOCAL_H - -# include -# include "internal/cryptlib.h" -# include "crypto/engine.h" -# include "internal/thread_once.h" -# include "internal/refcount.h" - -extern CRYPTO_RWLOCK *global_engine_lock; - -/* - * This prints the engine's pointer address, "struct" or "funct" to - * indicate the reference type, the before and after reference count, and - * the file:line-number pair. The "ENGINE_REF_PRINT" statements must come - * *after* the change. - */ -# define ENGINE_REF_PRINT(e, isfunct, diff) \ - OSSL_TRACE6(ENGINE_REF_COUNT, \ - "engine: %p %s from %d to %d (%s:%d)\n", \ - (void *)(e), (isfunct ? "funct" : "struct"), \ - ((isfunct) \ - ? ((e)->funct_ref - (diff)) \ - : ((e)->struct_ref - (diff))), \ - ((isfunct) ? (e)->funct_ref : (e)->struct_ref), \ - (OPENSSL_FILE), (OPENSSL_LINE)) - -/* - * Any code that will need cleanup operations should use these functions to - * register callbacks. engine_cleanup_int() will call all registered - * callbacks in order. NB: both the "add" functions assume the engine lock to - * already be held (in "write" mode). - */ -typedef void (ENGINE_CLEANUP_CB) (void); -typedef struct st_engine_cleanup_item { - ENGINE_CLEANUP_CB *cb; -} ENGINE_CLEANUP_ITEM; -DEFINE_STACK_OF(ENGINE_CLEANUP_ITEM) -void engine_cleanup_add_first(ENGINE_CLEANUP_CB *cb); -void engine_cleanup_add_last(ENGINE_CLEANUP_CB *cb); - -/* We need stacks of ENGINEs for use in eng_table.c */ -DEFINE_STACK_OF(ENGINE) - -/* - * This represents an implementation table. Dependent code should instantiate - * it as a (ENGINE_TABLE *) pointer value set initially to NULL. - */ -typedef struct st_engine_table ENGINE_TABLE; -int engine_table_register(ENGINE_TABLE **table, ENGINE_CLEANUP_CB *cleanup, - ENGINE *e, const int *nids, int num_nids, - int setdefault); -void engine_table_unregister(ENGINE_TABLE **table, ENGINE *e); -void engine_table_cleanup(ENGINE_TABLE **table); -ENGINE *ossl_engine_table_select(ENGINE_TABLE **table, int nid, - const char *f, int l); -typedef void (engine_table_doall_cb) (int nid, STACK_OF(ENGINE) *sk, - ENGINE *def, void *arg); -void engine_table_doall(ENGINE_TABLE *table, engine_table_doall_cb *cb, - void *arg); - -/* - * Internal versions of API functions that have control over locking. These - * are used between C files when functionality needs to be shared but the - * caller may already be controlling of the engine lock. - */ -int engine_unlocked_init(ENGINE *e); -int engine_unlocked_finish(ENGINE *e, int unlock_for_handlers); -int engine_free_util(ENGINE *e, int not_locked); - -/* - * This function will reset all "set"able values in an ENGINE to NULL. This - * won't touch reference counts or ex_data, but is equivalent to calling all - * the ENGINE_set_***() functions with a NULL value. - */ -void engine_set_all_null(ENGINE *e); - -/* - * NB: Bitwise OR-able values for the "flags" variable in ENGINE are now - * exposed in engine.h. - */ - -/* Free up dynamically allocated public key methods associated with ENGINE */ - -void engine_pkey_meths_free(ENGINE *e); -void engine_pkey_asn1_meths_free(ENGINE *e); - -/* Once initialisation function */ -extern CRYPTO_ONCE engine_lock_init; -DECLARE_RUN_ONCE(do_engine_lock_init) - -typedef void (*ENGINE_DYNAMIC_ID)(void); -int engine_add_dynamic_id(ENGINE *e, ENGINE_DYNAMIC_ID dynamic_id, - int not_locked); -void engine_remove_dynamic_id(ENGINE *e, int not_locked); - -/* - * This is a structure for storing implementations of various crypto - * algorithms and functions. - */ -struct engine_st { - const char *id; - const char *name; - const RSA_METHOD *rsa_meth; - const DSA_METHOD *dsa_meth; - const DH_METHOD *dh_meth; - const EC_KEY_METHOD *ec_meth; - const RAND_METHOD *rand_meth; - /* Cipher handling is via this callback */ - ENGINE_CIPHERS_PTR ciphers; - /* Digest handling is via this callback */ - ENGINE_DIGESTS_PTR digests; - /* Public key handling via this callback */ - ENGINE_PKEY_METHS_PTR pkey_meths; - /* ASN1 public key handling via this callback */ - ENGINE_PKEY_ASN1_METHS_PTR pkey_asn1_meths; - ENGINE_GEN_INT_FUNC_PTR destroy; - ENGINE_GEN_INT_FUNC_PTR init; - ENGINE_GEN_INT_FUNC_PTR finish; - ENGINE_CTRL_FUNC_PTR ctrl; - ENGINE_LOAD_KEY_PTR load_privkey; - ENGINE_LOAD_KEY_PTR load_pubkey; - ENGINE_SSL_CLIENT_CERT_PTR load_ssl_client_cert; - const ENGINE_CMD_DEFN *cmd_defns; - int flags; - /* reference count on the structure itself */ - CRYPTO_REF_COUNT struct_ref; - /* - * reference count on usability of the engine type. NB: This controls the - * loading and initialisation of any functionality required by this - * engine, whereas the previous count is simply to cope with - * (de)allocation of this structure. Hence, running_ref <= struct_ref at - * all times. - */ - int funct_ref; - /* A place to store per-ENGINE data */ - CRYPTO_EX_DATA ex_data; - /* Used to maintain the linked-list of engines. */ - struct engine_st *prev; - struct engine_st *next; - /* Used to maintain the linked-list of dynamic engines. */ - struct engine_st *prev_dyn; - struct engine_st *next_dyn; - ENGINE_DYNAMIC_ID dynamic_id; -}; - -typedef struct st_engine_pile ENGINE_PILE; - -DEFINE_LHASH_OF(ENGINE_PILE); - -#endif /* OSSL_CRYPTO_ENGINE_ENG_LOCAL_H */ diff --git a/crypto/engine/eng_openssl.c b/crypto/engine/eng_openssl.c deleted file mode 100644 index 91656e6b80840593a26aaafe15c15f6020d3fa1e..0000000000000000000000000000000000000000 --- a/crypto/engine/eng_openssl.c +++ /dev/null @@ -1,668 +0,0 @@ -/* - * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. - * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* We need to use some engine deprecated APIs */ -#define OPENSSL_SUPPRESS_DEPRECATED - -/* - * RC4 and SHA-1 low level APIs and EVP _meth_ APISs are deprecated for public - * use, but still ok for internal use. - */ -#include "internal/deprecated.h" - -#include -#include -#include "internal/cryptlib.h" -#include "crypto/engine.h" -#include -#include -#include -#include -#include -#include - -#include -#include - -/* - * This testing gunk is implemented (and explained) lower down. It also - * assumes the application explicitly calls "ENGINE_load_openssl()" because - * this is no longer automatic in ENGINE_load_builtin_engines(). - */ -#define TEST_ENG_OPENSSL_RC4 -#ifndef OPENSSL_NO_STDIO -# define TEST_ENG_OPENSSL_PKEY -#endif -/* #define TEST_ENG_OPENSSL_HMAC */ -/* #define TEST_ENG_OPENSSL_HMAC_INIT */ -/* #define TEST_ENG_OPENSSL_RC4_OTHERS */ -#ifndef OPENSSL_NO_STDIO -# define TEST_ENG_OPENSSL_RC4_P_INIT -#endif -/* #define TEST_ENG_OPENSSL_RC4_P_CIPHER */ -#define TEST_ENG_OPENSSL_SHA -/* #define TEST_ENG_OPENSSL_SHA_OTHERS */ -/* #define TEST_ENG_OPENSSL_SHA_P_INIT */ -/* #define TEST_ENG_OPENSSL_SHA_P_UPDATE */ -/* #define TEST_ENG_OPENSSL_SHA_P_FINAL */ - -/* Now check what of those algorithms are actually enabled */ -#ifdef OPENSSL_NO_RC4 -# undef TEST_ENG_OPENSSL_RC4 -# undef TEST_ENG_OPENSSL_RC4_OTHERS -# undef TEST_ENG_OPENSSL_RC4_P_INIT -# undef TEST_ENG_OPENSSL_RC4_P_CIPHER -#endif - -static int openssl_destroy(ENGINE *e); - -#ifdef TEST_ENG_OPENSSL_RC4 -static int openssl_ciphers(ENGINE *e, const EVP_CIPHER **cipher, - const int **nids, int nid); -#endif -#ifdef TEST_ENG_OPENSSL_SHA -static int openssl_digests(ENGINE *e, const EVP_MD **digest, - const int **nids, int nid); -#endif - -#ifdef TEST_ENG_OPENSSL_PKEY -static EVP_PKEY *openssl_load_privkey(ENGINE *eng, const char *key_id, - UI_METHOD *ui_method, - void *callback_data); -#endif - -#ifdef TEST_ENG_OPENSSL_HMAC -static int ossl_register_hmac_meth(void); -static int ossl_pkey_meths(ENGINE *e, EVP_PKEY_METHOD **pmeth, - const int **nids, int nid); -#endif - -/* The constants used when creating the ENGINE */ -static const char *engine_openssl_id = "openssl"; -static const char *engine_openssl_name = "Software engine support"; - -/* - * This internal function is used by ENGINE_openssl() and possibly by the - * "dynamic" ENGINE support too - */ -static int bind_helper(ENGINE *e) -{ - if (!ENGINE_set_id(e, engine_openssl_id) - || !ENGINE_set_name(e, engine_openssl_name) - || !ENGINE_set_destroy_function(e, openssl_destroy) -#ifndef TEST_ENG_OPENSSL_NO_ALGORITHMS - || !ENGINE_set_RSA(e, RSA_get_default_method()) -# ifndef OPENSSL_NO_DSA - || !ENGINE_set_DSA(e, DSA_get_default_method()) -# endif -# ifndef OPENSSL_NO_EC - || !ENGINE_set_EC(e, EC_KEY_OpenSSL()) -# endif -# ifndef OPENSSL_NO_DH - || !ENGINE_set_DH(e, DH_get_default_method()) -# endif - || !ENGINE_set_RAND(e, RAND_OpenSSL()) -# ifdef TEST_ENG_OPENSSL_RC4 - || !ENGINE_set_ciphers(e, openssl_ciphers) -# endif -# ifdef TEST_ENG_OPENSSL_SHA - || !ENGINE_set_digests(e, openssl_digests) -# endif -#endif -#ifdef TEST_ENG_OPENSSL_PKEY - || !ENGINE_set_load_privkey_function(e, openssl_load_privkey) -#endif -#ifdef TEST_ENG_OPENSSL_HMAC - || !ossl_register_hmac_meth() - || !ENGINE_set_pkey_meths(e, ossl_pkey_meths) -#endif - ) - return 0; - /* - * If we add errors to this ENGINE, ensure the error handling is setup - * here - */ - /* openssl_load_error_strings(); */ - return 1; -} - -static ENGINE *engine_openssl(void) -{ - ENGINE *ret = ENGINE_new(); - if (ret == NULL) - return NULL; - if (!bind_helper(ret)) { - ENGINE_free(ret); - return NULL; - } - return ret; -} - -void engine_load_openssl_int(void) -{ - ENGINE *toadd = engine_openssl(); - if (!toadd) - return; - - ERR_set_mark(); - ENGINE_add(toadd); - /* - * If the "add" worked, it gets a structural reference. So either way, we - * release our just-created reference. - */ - ENGINE_free(toadd); - /* - * If the "add" didn't work, it was probably a conflict because it was - * already added (eg. someone calling ENGINE_load_blah then calling - * ENGINE_load_builtin_engines() perhaps). - */ - ERR_pop_to_mark(); -} - -/* - * This stuff is needed if this ENGINE is being compiled into a - * self-contained shared-library. - */ -#ifdef ENGINE_DYNAMIC_SUPPORT -static int bind_fn(ENGINE *e, const char *id) -{ - if (id && (strcmp(id, engine_openssl_id) != 0)) - return 0; - if (!bind_helper(e)) - return 0; - return 1; -} - -IMPLEMENT_DYNAMIC_CHECK_FN() - IMPLEMENT_DYNAMIC_BIND_FN(bind_fn) -#endif /* ENGINE_DYNAMIC_SUPPORT */ -#ifdef TEST_ENG_OPENSSL_RC4 -/*- - * This section of code compiles an "alternative implementation" of two modes of - * RC4 into this ENGINE. The result is that EVP_CIPHER operation for "rc4" - * should under normal circumstances go via this support rather than the default - * EVP support. There are other symbols to tweak the testing; - * TEST_ENC_OPENSSL_RC4_OTHERS - print a one line message to stderr each time - * we're asked for a cipher we don't support (should not happen). - * TEST_ENG_OPENSSL_RC4_P_INIT - print a one line message to stderr each time - * the "init_key" handler is called. - * TEST_ENG_OPENSSL_RC4_P_CIPHER - ditto for the "cipher" handler. - */ -# include -# define TEST_RC4_KEY_SIZE 16 -typedef struct { - unsigned char key[TEST_RC4_KEY_SIZE]; - RC4_KEY ks; -} TEST_RC4_KEY; -# define test(ctx) ((TEST_RC4_KEY *)EVP_CIPHER_CTX_get_cipher_data(ctx)) -static int test_rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) -{ - const int n = EVP_CIPHER_CTX_get_key_length(ctx); - -# ifdef TEST_ENG_OPENSSL_RC4_P_INIT - fprintf(stderr, "(TEST_ENG_OPENSSL_RC4) test_init_key() called\n"); -# endif - if (n <= 0) - return n; - memcpy(&test(ctx)->key[0], key, n); - RC4_set_key(&test(ctx)->ks, n, test(ctx)->key); - return 1; -} - -static int test_rc4_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl) -{ -# ifdef TEST_ENG_OPENSSL_RC4_P_CIPHER - fprintf(stderr, "(TEST_ENG_OPENSSL_RC4) test_cipher() called\n"); -# endif - RC4(&test(ctx)->ks, inl, in, out); - return 1; -} - -static EVP_CIPHER *r4_cipher = NULL; -static const EVP_CIPHER *test_r4_cipher(void) -{ - if (r4_cipher == NULL) { - EVP_CIPHER *cipher; - - if ((cipher = EVP_CIPHER_meth_new(NID_rc4, 1, TEST_RC4_KEY_SIZE)) == NULL - || !EVP_CIPHER_meth_set_iv_length(cipher, 0) - || !EVP_CIPHER_meth_set_flags(cipher, EVP_CIPH_VARIABLE_LENGTH) - || !EVP_CIPHER_meth_set_init(cipher, test_rc4_init_key) - || !EVP_CIPHER_meth_set_do_cipher(cipher, test_rc4_cipher) - || !EVP_CIPHER_meth_set_impl_ctx_size(cipher, sizeof(TEST_RC4_KEY))) { - EVP_CIPHER_meth_free(cipher); - cipher = NULL; - } - r4_cipher = cipher; - } - return r4_cipher; -} -static void test_r4_cipher_destroy(void) -{ - EVP_CIPHER_meth_free(r4_cipher); - r4_cipher = NULL; -} - -static EVP_CIPHER *r4_40_cipher = NULL; -static const EVP_CIPHER *test_r4_40_cipher(void) -{ - if (r4_40_cipher == NULL) { - EVP_CIPHER *cipher; - - if ((cipher = EVP_CIPHER_meth_new(NID_rc4, 1, 5 /* 40 bits */)) == NULL - || !EVP_CIPHER_meth_set_iv_length(cipher, 0) - || !EVP_CIPHER_meth_set_flags(cipher, EVP_CIPH_VARIABLE_LENGTH) - || !EVP_CIPHER_meth_set_init(cipher, test_rc4_init_key) - || !EVP_CIPHER_meth_set_do_cipher(cipher, test_rc4_cipher) - || !EVP_CIPHER_meth_set_impl_ctx_size(cipher, sizeof(TEST_RC4_KEY))) { - EVP_CIPHER_meth_free(cipher); - cipher = NULL; - } - r4_40_cipher = cipher; - } - return r4_40_cipher; -} -static void test_r4_40_cipher_destroy(void) -{ - EVP_CIPHER_meth_free(r4_40_cipher); - r4_40_cipher = NULL; -} -static int test_cipher_nids(const int **nids) -{ - static int cipher_nids[4] = { 0, 0, 0, 0 }; - static int pos = 0; - static int init = 0; - - if (!init) { - const EVP_CIPHER *cipher; - if ((cipher = test_r4_cipher()) != NULL) - cipher_nids[pos++] = EVP_CIPHER_get_nid(cipher); - if ((cipher = test_r4_40_cipher()) != NULL) - cipher_nids[pos++] = EVP_CIPHER_get_nid(cipher); - cipher_nids[pos] = 0; - init = 1; - } - *nids = cipher_nids; - return pos; -} - -static int openssl_ciphers(ENGINE *e, const EVP_CIPHER **cipher, - const int **nids, int nid) -{ - if (!cipher) { - /* We are returning a list of supported nids */ - return test_cipher_nids(nids); - } - /* We are being asked for a specific cipher */ - if (nid == NID_rc4) - *cipher = test_r4_cipher(); - else if (nid == NID_rc4_40) - *cipher = test_r4_40_cipher(); - else { -# ifdef TEST_ENG_OPENSSL_RC4_OTHERS - fprintf(stderr, "(TEST_ENG_OPENSSL_RC4) returning NULL for " - "nid %d\n", nid); -# endif - *cipher = NULL; - return 0; - } - return 1; -} -#endif - -#ifdef TEST_ENG_OPENSSL_SHA -/* Much the same sort of comment as for TEST_ENG_OPENSSL_RC4 */ -# include - -static int test_sha1_init(EVP_MD_CTX *ctx) -{ -# ifdef TEST_ENG_OPENSSL_SHA_P_INIT - fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_init() called\n"); -# endif - return SHA1_Init(EVP_MD_CTX_get0_md_data(ctx)); -} - -static int test_sha1_update(EVP_MD_CTX *ctx, const void *data, size_t count) -{ -# ifdef TEST_ENG_OPENSSL_SHA_P_UPDATE - fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_update() called\n"); -# endif - return SHA1_Update(EVP_MD_CTX_get0_md_data(ctx), data, count); -} - -static int test_sha1_final(EVP_MD_CTX *ctx, unsigned char *md) -{ -# ifdef TEST_ENG_OPENSSL_SHA_P_FINAL - fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_final() called\n"); -# endif - return SHA1_Final(md, EVP_MD_CTX_get0_md_data(ctx)); -} - -static EVP_MD *sha1_md = NULL; -static const EVP_MD *test_sha_md(void) -{ - if (sha1_md == NULL) { - EVP_MD *md; - - if ((md = EVP_MD_meth_new(NID_sha1, NID_sha1WithRSAEncryption)) == NULL - || !EVP_MD_meth_set_result_size(md, SHA_DIGEST_LENGTH) - || !EVP_MD_meth_set_input_blocksize(md, SHA_CBLOCK) - || !EVP_MD_meth_set_app_datasize(md, - sizeof(EVP_MD *) + sizeof(SHA_CTX)) - || !EVP_MD_meth_set_flags(md, 0) - || !EVP_MD_meth_set_init(md, test_sha1_init) - || !EVP_MD_meth_set_update(md, test_sha1_update) - || !EVP_MD_meth_set_final(md, test_sha1_final)) { - EVP_MD_meth_free(md); - md = NULL; - } - sha1_md = md; - } - return sha1_md; -} -static void test_sha_md_destroy(void) -{ - EVP_MD_meth_free(sha1_md); - sha1_md = NULL; -} -static int test_digest_nids(const int **nids) -{ - static int digest_nids[2] = { 0, 0 }; - static int pos = 0; - static int init = 0; - - if (!init) { - const EVP_MD *md; - if ((md = test_sha_md()) != NULL) - digest_nids[pos++] = EVP_MD_get_type(md); - digest_nids[pos] = 0; - init = 1; - } - *nids = digest_nids; - return pos; -} - -static int openssl_digests(ENGINE *e, const EVP_MD **digest, - const int **nids, int nid) -{ - if (!digest) { - /* We are returning a list of supported nids */ - return test_digest_nids(nids); - } - /* We are being asked for a specific digest */ - if (nid == NID_sha1) - *digest = test_sha_md(); - else { -# ifdef TEST_ENG_OPENSSL_SHA_OTHERS - fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) returning NULL for " - "nid %d\n", nid); -# endif - *digest = NULL; - return 0; - } - return 1; -} -#endif - -#ifdef TEST_ENG_OPENSSL_PKEY -static EVP_PKEY *openssl_load_privkey(ENGINE *eng, const char *key_id, - UI_METHOD *ui_method, - void *callback_data) -{ - BIO *in; - EVP_PKEY *key; - fprintf(stderr, "(TEST_ENG_OPENSSL_PKEY)Loading Private key %s\n", - key_id); - in = BIO_new_file(key_id, "r"); - if (!in) - return NULL; - key = PEM_read_bio_PrivateKey(in, NULL, 0, NULL); - BIO_free(in); - return key; -} -#endif - -#ifdef TEST_ENG_OPENSSL_HMAC - -/* - * Experimental HMAC redirection implementation: mainly copied from - * hm_pmeth.c - */ - -/* HMAC pkey context structure */ - -typedef struct { - const EVP_MD *md; /* MD for HMAC use */ - ASN1_OCTET_STRING ktmp; /* Temp storage for key */ - HMAC_CTX *ctx; -} OSSL_HMAC_PKEY_CTX; - -static int ossl_hmac_init(EVP_PKEY_CTX *ctx) -{ - OSSL_HMAC_PKEY_CTX *hctx; - - if ((hctx = OPENSSL_zalloc(sizeof(*hctx))) == NULL) { - ERR_raise(ERR_LIB_ENGINE, ERR_R_MALLOC_FAILURE); - return 0; - } - hctx->ktmp.type = V_ASN1_OCTET_STRING; - hctx->ctx = HMAC_CTX_new(); - if (hctx->ctx == NULL) { - OPENSSL_free(hctx); - return 0; - } - EVP_PKEY_CTX_set_data(ctx, hctx); - EVP_PKEY_CTX_set0_keygen_info(ctx, NULL, 0); -# ifdef TEST_ENG_OPENSSL_HMAC_INIT - fprintf(stderr, "(TEST_ENG_OPENSSL_HMAC) ossl_hmac_init() called\n"); -# endif - return 1; -} - -static void ossl_hmac_cleanup(EVP_PKEY_CTX *ctx); - -static int ossl_hmac_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) -{ - OSSL_HMAC_PKEY_CTX *sctx, *dctx; - - /* allocate memory for dst->data and a new HMAC_CTX in dst->data->ctx */ - if (!ossl_hmac_init(dst)) - return 0; - sctx = EVP_PKEY_CTX_get_data(src); - dctx = EVP_PKEY_CTX_get_data(dst); - dctx->md = sctx->md; - if (!HMAC_CTX_copy(dctx->ctx, sctx->ctx)) - goto err; - if (sctx->ktmp.data) { - if (!ASN1_OCTET_STRING_set(&dctx->ktmp, - sctx->ktmp.data, sctx->ktmp.length)) - goto err; - } - return 1; -err: - /* release HMAC_CTX in dst->data->ctx and memory allocated for dst->data */ - ossl_hmac_cleanup(dst); - return 0; -} - -static void ossl_hmac_cleanup(EVP_PKEY_CTX *ctx) -{ - OSSL_HMAC_PKEY_CTX *hctx = EVP_PKEY_CTX_get_data(ctx); - - if (hctx) { - HMAC_CTX_free(hctx->ctx); - OPENSSL_clear_free(hctx->ktmp.data, hctx->ktmp.length); - OPENSSL_free(hctx); - EVP_PKEY_CTX_set_data(ctx, NULL); - } -} - -static int ossl_hmac_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) -{ - ASN1_OCTET_STRING *hkey = NULL; - OSSL_HMAC_PKEY_CTX *hctx = EVP_PKEY_CTX_get_data(ctx); - if (!hctx->ktmp.data) - return 0; - hkey = ASN1_OCTET_STRING_dup(&hctx->ktmp); - if (!hkey) - return 0; - EVP_PKEY_assign(pkey, EVP_PKEY_HMAC, hkey); - - return 1; -} - -static int ossl_int_update(EVP_MD_CTX *ctx, const void *data, size_t count) -{ - OSSL_HMAC_PKEY_CTX *hctx = EVP_PKEY_CTX_get_data(EVP_MD_CTX_get_pkey_ctx(ctx)); - if (!HMAC_Update(hctx->ctx, data, count)) - return 0; - return 1; -} - -static int ossl_hmac_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx) -{ - EVP_MD_CTX_set_flags(mctx, EVP_MD_CTX_FLAG_NO_INIT); - EVP_MD_CTX_set_update_fn(mctx, ossl_int_update); - return 1; -} - -static int ossl_hmac_signctx(EVP_PKEY_CTX *ctx, unsigned char *sig, - size_t *siglen, EVP_MD_CTX *mctx) -{ - unsigned int hlen; - OSSL_HMAC_PKEY_CTX *hctx = EVP_PKEY_CTX_get_data(ctx); - int l = EVP_MD_CTX_get_size(mctx); - - if (l < 0) - return 0; - *siglen = l; - if (!sig) - return 1; - - if (!HMAC_Final(hctx->ctx, sig, &hlen)) - return 0; - *siglen = (size_t)hlen; - return 1; -} - -static int ossl_hmac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) -{ - OSSL_HMAC_PKEY_CTX *hctx = EVP_PKEY_CTX_get_data(ctx); - EVP_PKEY *pk; - ASN1_OCTET_STRING *key; - switch (type) { - - case EVP_PKEY_CTRL_SET_MAC_KEY: - if ((!p2 && p1 > 0) || (p1 < -1)) - return 0; - if (!ASN1_OCTET_STRING_set(&hctx->ktmp, p2, p1)) - return 0; - break; - - case EVP_PKEY_CTRL_MD: - hctx->md = p2; - break; - - case EVP_PKEY_CTRL_DIGESTINIT: - pk = EVP_PKEY_CTX_get0_pkey(ctx); - key = EVP_PKEY_get0(pk); - if (!HMAC_Init_ex(hctx->ctx, key->data, key->length, hctx->md, NULL)) - return 0; - break; - - default: - return -2; - - } - return 1; -} - -static int ossl_hmac_ctrl_str(EVP_PKEY_CTX *ctx, - const char *type, const char *value) -{ - if (!value) { - return 0; - } - if (strcmp(type, "key") == 0) { - void *p = (void *)value; - return ossl_hmac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, -1, p); - } - if (strcmp(type, "hexkey") == 0) { - unsigned char *key; - int r; - long keylen; - key = OPENSSL_hexstr2buf(value, &keylen); - if (!key) - return 0; - r = ossl_hmac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, keylen, key); - OPENSSL_free(key); - return r; - } - return -2; -} - -static EVP_PKEY_METHOD *ossl_hmac_meth; - -static int ossl_register_hmac_meth(void) -{ - EVP_PKEY_METHOD *meth; - meth = EVP_PKEY_meth_new(EVP_PKEY_HMAC, 0); - if (meth == NULL) - return 0; - EVP_PKEY_meth_set_init(meth, ossl_hmac_init); - EVP_PKEY_meth_set_copy(meth, ossl_hmac_copy); - EVP_PKEY_meth_set_cleanup(meth, ossl_hmac_cleanup); - - EVP_PKEY_meth_set_keygen(meth, 0, ossl_hmac_keygen); - - EVP_PKEY_meth_set_signctx(meth, ossl_hmac_signctx_init, - ossl_hmac_signctx); - - EVP_PKEY_meth_set_ctrl(meth, ossl_hmac_ctrl, ossl_hmac_ctrl_str); - ossl_hmac_meth = meth; - return 1; -} - -static int ossl_pkey_meths(ENGINE *e, EVP_PKEY_METHOD **pmeth, - const int **nids, int nid) -{ - static int ossl_pkey_nids[] = { - EVP_PKEY_HMAC, - 0 - }; - - if (pmeth == NULL) { - *nids = ossl_pkey_nids; - return 1; - } - - if (nid == EVP_PKEY_HMAC) { - *pmeth = ossl_hmac_meth; - return 1; - } - - *pmeth = NULL; - return 0; -} - -#endif - -int openssl_destroy(ENGINE *e) -{ - test_sha_md_destroy(); -#ifdef TEST_ENG_OPENSSL_RC4 - test_r4_cipher_destroy(); - test_r4_40_cipher_destroy(); -#endif - return 1; -} - diff --git a/crypto/engine/eng_pkey.c b/crypto/engine/eng_pkey.c deleted file mode 100644 index 6e6d6df35b2b9a1a51a32654c009bdc13e576101..0000000000000000000000000000000000000000 --- a/crypto/engine/eng_pkey.c +++ /dev/null @@ -1,138 +0,0 @@ -/* - * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* We need to use some engine deprecated APIs */ -#define OPENSSL_SUPPRESS_DEPRECATED - -#include "eng_local.h" - -/* Basic get/set stuff */ - -int ENGINE_set_load_privkey_function(ENGINE *e, - ENGINE_LOAD_KEY_PTR loadpriv_f) -{ - e->load_privkey = loadpriv_f; - return 1; -} - -int ENGINE_set_load_pubkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpub_f) -{ - e->load_pubkey = loadpub_f; - return 1; -} - -int ENGINE_set_load_ssl_client_cert_function(ENGINE *e, - ENGINE_SSL_CLIENT_CERT_PTR - loadssl_f) -{ - e->load_ssl_client_cert = loadssl_f; - return 1; -} - -ENGINE_LOAD_KEY_PTR ENGINE_get_load_privkey_function(const ENGINE *e) -{ - return e->load_privkey; -} - -ENGINE_LOAD_KEY_PTR ENGINE_get_load_pubkey_function(const ENGINE *e) -{ - return e->load_pubkey; -} - -ENGINE_SSL_CLIENT_CERT_PTR ENGINE_get_ssl_client_cert_function(const ENGINE - *e) -{ - return e->load_ssl_client_cert; -} - -/* API functions to load public/private keys */ - -EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id, - UI_METHOD *ui_method, void *callback_data) -{ - EVP_PKEY *pkey; - - if (e == NULL) { - ERR_raise(ERR_LIB_ENGINE, ERR_R_PASSED_NULL_PARAMETER); - return NULL; - } - if (!CRYPTO_THREAD_write_lock(global_engine_lock)) - return NULL; - if (e->funct_ref == 0) { - CRYPTO_THREAD_unlock(global_engine_lock); - ERR_raise(ERR_LIB_ENGINE, ENGINE_R_NOT_INITIALISED); - return NULL; - } - CRYPTO_THREAD_unlock(global_engine_lock); - if (!e->load_privkey) { - ERR_raise(ERR_LIB_ENGINE, ENGINE_R_NO_LOAD_FUNCTION); - return NULL; - } - pkey = e->load_privkey(e, key_id, ui_method, callback_data); - if (pkey == NULL) { - ERR_raise(ERR_LIB_ENGINE, ENGINE_R_FAILED_LOADING_PRIVATE_KEY); - return NULL; - } - return pkey; -} - -EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id, - UI_METHOD *ui_method, void *callback_data) -{ - EVP_PKEY *pkey; - - if (e == NULL) { - ERR_raise(ERR_LIB_ENGINE, ERR_R_PASSED_NULL_PARAMETER); - return NULL; - } - if (!CRYPTO_THREAD_write_lock(global_engine_lock)) - return NULL; - if (e->funct_ref == 0) { - CRYPTO_THREAD_unlock(global_engine_lock); - ERR_raise(ERR_LIB_ENGINE, ENGINE_R_NOT_INITIALISED); - return NULL; - } - CRYPTO_THREAD_unlock(global_engine_lock); - if (!e->load_pubkey) { - ERR_raise(ERR_LIB_ENGINE, ENGINE_R_NO_LOAD_FUNCTION); - return NULL; - } - pkey = e->load_pubkey(e, key_id, ui_method, callback_data); - if (pkey == NULL) { - ERR_raise(ERR_LIB_ENGINE, ENGINE_R_FAILED_LOADING_PUBLIC_KEY); - return NULL; - } - return pkey; -} - -int ENGINE_load_ssl_client_cert(ENGINE *e, SSL *s, - STACK_OF(X509_NAME) *ca_dn, X509 **pcert, - EVP_PKEY **ppkey, STACK_OF(X509) **pother, - UI_METHOD *ui_method, void *callback_data) -{ - - if (e == NULL) { - ERR_raise(ERR_LIB_ENGINE, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - if (!CRYPTO_THREAD_write_lock(global_engine_lock)) - return 0; - if (e->funct_ref == 0) { - CRYPTO_THREAD_unlock(global_engine_lock); - ERR_raise(ERR_LIB_ENGINE, ENGINE_R_NOT_INITIALISED); - return 0; - } - CRYPTO_THREAD_unlock(global_engine_lock); - if (!e->load_ssl_client_cert) { - ERR_raise(ERR_LIB_ENGINE, ENGINE_R_NO_LOAD_FUNCTION); - return 0; - } - return e->load_ssl_client_cert(e, s, ca_dn, pcert, ppkey, pother, - ui_method, callback_data); -} diff --git a/crypto/engine/eng_rdrand.c b/crypto/engine/eng_rdrand.c deleted file mode 100644 index f46a5145974e62767d051d57c1b27133c191b01a..0000000000000000000000000000000000000000 --- a/crypto/engine/eng_rdrand.c +++ /dev/null @@ -1,109 +0,0 @@ -/* - * Copyright 2011-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* We need to use some engine deprecated APIs */ -#define OPENSSL_SUPPRESS_DEPRECATED - -#include - -#include -#include -#include "crypto/engine.h" -#include "internal/cryptlib.h" -#include -#include -#include - -#if (defined(__i386) || defined(__i386__) || defined(_M_IX86) || \ - defined(__x86_64) || defined(__x86_64__) || \ - defined(_M_AMD64) || defined (_M_X64)) && defined(OPENSSL_CPUID_OBJ) - -size_t OPENSSL_ia32_rdrand_bytes(unsigned char *buf, size_t len); - -static int get_random_bytes(unsigned char *buf, int num) -{ - if (num < 0) { - return 0; - } - - return (size_t)num == OPENSSL_ia32_rdrand_bytes(buf, (size_t)num); -} - -static int random_status(void) -{ - return 1; -} - -static RAND_METHOD rdrand_meth = { - NULL, /* seed */ - get_random_bytes, - NULL, /* cleanup */ - NULL, /* add */ - get_random_bytes, - random_status, -}; - -static int rdrand_init(ENGINE *e) -{ - return 1; -} - -static const char *engine_e_rdrand_id = "rdrand"; -static const char *engine_e_rdrand_name = "Intel RDRAND engine"; - -static int bind_helper(ENGINE *e) -{ - if (!ENGINE_set_id(e, engine_e_rdrand_id) || - !ENGINE_set_name(e, engine_e_rdrand_name) || - !ENGINE_set_flags(e, ENGINE_FLAGS_NO_REGISTER_ALL) || - !ENGINE_set_init_function(e, rdrand_init) || - !ENGINE_set_RAND(e, &rdrand_meth)) - return 0; - - return 1; -} - -static ENGINE *ENGINE_rdrand(void) -{ - ENGINE *ret = ENGINE_new(); - if (ret == NULL) - return NULL; - if (!bind_helper(ret)) { - ENGINE_free(ret); - return NULL; - } - return ret; -} - -void engine_load_rdrand_int(void) -{ - if (OPENSSL_ia32cap_P[1] & (1 << (62 - 32))) { - ENGINE *toadd = ENGINE_rdrand(); - if (!toadd) - return; - ERR_set_mark(); - ENGINE_add(toadd); - /* - * If the "add" worked, it gets a structural reference. So either way, we - * release our just-created reference. - */ - ENGINE_free(toadd); - /* - * If the "add" didn't work, it was probably a conflict because it was - * already added (eg. someone calling ENGINE_load_blah then calling - * ENGINE_load_builtin_engines() perhaps). - */ - ERR_pop_to_mark(); - } -} -#else -void engine_load_rdrand_int(void) -{ -} -#endif diff --git a/crypto/engine/eng_table.c b/crypto/engine/eng_table.c deleted file mode 100644 index a8209d9e71760b2806fe6b8bad79f7be177f89f1..0000000000000000000000000000000000000000 --- a/crypto/engine/eng_table.c +++ /dev/null @@ -1,309 +0,0 @@ -/* - * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include "internal/cryptlib.h" -#include -#include -#include -#include "eng_local.h" - -/* The type of the items in the table */ -struct st_engine_pile { - /* The 'nid' of this algorithm/mode */ - int nid; - /* ENGINEs that implement this algorithm/mode. */ - STACK_OF(ENGINE) *sk; - /* The default ENGINE to perform this algorithm/mode. */ - ENGINE *funct; - /* - * Zero if 'sk' is newer than the cached 'funct', non-zero otherwise - */ - int uptodate; -}; - -/* The type exposed in eng_local.h */ -struct st_engine_table { - LHASH_OF(ENGINE_PILE) piles; -}; /* ENGINE_TABLE */ - -typedef struct st_engine_pile_doall { - engine_table_doall_cb *cb; - void *arg; -} ENGINE_PILE_DOALL; - -/* Global flags (ENGINE_TABLE_FLAG_***). */ -static unsigned int table_flags = 0; - -/* API function manipulating 'table_flags' */ -unsigned int ENGINE_get_table_flags(void) -{ - return table_flags; -} - -void ENGINE_set_table_flags(unsigned int flags) -{ - table_flags = flags; -} - -/* Internal functions for the "piles" hash table */ -static unsigned long engine_pile_hash(const ENGINE_PILE *c) -{ - return c->nid; -} - -static int engine_pile_cmp(const ENGINE_PILE *a, const ENGINE_PILE *b) -{ - return a->nid - b->nid; -} - -static int int_table_check(ENGINE_TABLE **t, int create) -{ - LHASH_OF(ENGINE_PILE) *lh; - - if (*t) - return 1; - if (!create) - return 0; - if ((lh = lh_ENGINE_PILE_new(engine_pile_hash, engine_pile_cmp)) == NULL) - return 0; - *t = (ENGINE_TABLE *)lh; - return 1; -} - -/* - * Privately exposed (via eng_local.h) functions for adding and/or removing - * ENGINEs from the implementation table - */ -int engine_table_register(ENGINE_TABLE **table, ENGINE_CLEANUP_CB *cleanup, - ENGINE *e, const int *nids, int num_nids, - int setdefault) -{ - int ret = 0, added = 0; - ENGINE_PILE tmplate, *fnd; - - if (!CRYPTO_THREAD_write_lock(global_engine_lock)) - return 0; - if (!(*table)) - added = 1; - if (!int_table_check(table, 1)) - goto end; - if (added) - /* The cleanup callback needs to be added */ - engine_cleanup_add_first(cleanup); - while (num_nids--) { - tmplate.nid = *nids; - fnd = lh_ENGINE_PILE_retrieve(&(*table)->piles, &tmplate); - if (!fnd) { - fnd = OPENSSL_malloc(sizeof(*fnd)); - if (fnd == NULL) - goto end; - fnd->uptodate = 1; - fnd->nid = *nids; - fnd->sk = sk_ENGINE_new_null(); - if (!fnd->sk) { - OPENSSL_free(fnd); - goto end; - } - fnd->funct = NULL; - (void)lh_ENGINE_PILE_insert(&(*table)->piles, fnd); - if (lh_ENGINE_PILE_retrieve(&(*table)->piles, &tmplate) != fnd) { - sk_ENGINE_free(fnd->sk); - OPENSSL_free(fnd); - goto end; - } - } - /* A registration shouldn't add duplicate entries */ - (void)sk_ENGINE_delete_ptr(fnd->sk, e); - /* - * if 'setdefault', this ENGINE goes to the head of the list - */ - if (!sk_ENGINE_push(fnd->sk, e)) - goto end; - /* "touch" this ENGINE_PILE */ - fnd->uptodate = 0; - if (setdefault) { - if (!engine_unlocked_init(e)) { - ERR_raise(ERR_LIB_ENGINE, ENGINE_R_INIT_FAILED); - goto end; - } - if (fnd->funct) - engine_unlocked_finish(fnd->funct, 0); - fnd->funct = e; - fnd->uptodate = 1; - } - nids++; - } - ret = 1; - end: - CRYPTO_THREAD_unlock(global_engine_lock); - return ret; -} - -static void int_unregister_cb(ENGINE_PILE *pile, ENGINE *e) -{ - int n; - /* Iterate the 'c->sk' stack removing any occurrence of 'e' */ - while ((n = sk_ENGINE_find(pile->sk, e)) >= 0) { - (void)sk_ENGINE_delete(pile->sk, n); - pile->uptodate = 0; - } - if (pile->funct == e) { - engine_unlocked_finish(e, 0); - pile->funct = NULL; - } -} - -IMPLEMENT_LHASH_DOALL_ARG(ENGINE_PILE, ENGINE); - -void engine_table_unregister(ENGINE_TABLE **table, ENGINE *e) -{ - if (!CRYPTO_THREAD_write_lock(global_engine_lock)) - /* Can't return a value. :( */ - return; - if (int_table_check(table, 0)) - lh_ENGINE_PILE_doall_ENGINE(&(*table)->piles, int_unregister_cb, e); - CRYPTO_THREAD_unlock(global_engine_lock); -} - -static void int_cleanup_cb_doall(ENGINE_PILE *p) -{ - if (p == NULL) - return; - sk_ENGINE_free(p->sk); - if (p->funct) - engine_unlocked_finish(p->funct, 0); - OPENSSL_free(p); -} - -void engine_table_cleanup(ENGINE_TABLE **table) -{ - if (!CRYPTO_THREAD_write_lock(global_engine_lock)) - return; - if (*table) { - lh_ENGINE_PILE_doall(&(*table)->piles, int_cleanup_cb_doall); - lh_ENGINE_PILE_free(&(*table)->piles); - *table = NULL; - } - CRYPTO_THREAD_unlock(global_engine_lock); -} - -/* return a functional reference for a given 'nid' */ -ENGINE *ossl_engine_table_select(ENGINE_TABLE **table, int nid, - const char *f, int l) -{ - ENGINE *ret = NULL; - ENGINE_PILE tmplate, *fnd = NULL; - int initres, loop = 0; - - /* Load the config before trying to check if engines are available */ - OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL); - - if (!(*table)) { - OSSL_TRACE3(ENGINE_TABLE, - "%s:%d, nid=%d, nothing registered!\n", - f, l, nid); - return NULL; - } - ERR_set_mark(); - if (!CRYPTO_THREAD_write_lock(global_engine_lock)) - goto end; - /* - * Check again inside the lock otherwise we could race against cleanup - * operations. But don't worry about a debug printout - */ - if (!int_table_check(table, 0)) - goto end; - tmplate.nid = nid; - fnd = lh_ENGINE_PILE_retrieve(&(*table)->piles, &tmplate); - if (!fnd) - goto end; - if (fnd->funct && engine_unlocked_init(fnd->funct)) { - OSSL_TRACE4(ENGINE_TABLE, - "%s:%d, nid=%d, using ENGINE '%s' cached\n", - f, l, nid, fnd->funct->id); - ret = fnd->funct; - goto end; - } - if (fnd->uptodate) { - ret = fnd->funct; - goto end; - } - trynext: - ret = sk_ENGINE_value(fnd->sk, loop++); - if (!ret) { - OSSL_TRACE3(ENGINE_TABLE, - "%s:%d, nid=%d, " - "no registered implementations would initialise\n", - f, l, nid); - goto end; - } - /* Try to initialise the ENGINE? */ - if ((ret->funct_ref > 0) || !(table_flags & ENGINE_TABLE_FLAG_NOINIT)) - initres = engine_unlocked_init(ret); - else - initres = 0; - if (initres) { - /* Update 'funct' */ - if ((fnd->funct != ret) && engine_unlocked_init(ret)) { - /* If there was a previous default we release it. */ - if (fnd->funct) - engine_unlocked_finish(fnd->funct, 0); - fnd->funct = ret; - OSSL_TRACE4(ENGINE_TABLE, - "%s:%d, nid=%d, setting default to '%s'\n", - f, l, nid, ret->id); - } - OSSL_TRACE4(ENGINE_TABLE, - "%s:%d, nid=%d, using newly initialised '%s'\n", - f, l, nid, ret->id); - goto end; - } - goto trynext; - end: - /* - * If it failed, it is unlikely to succeed again until some future - * registrations have taken place. In all cases, we cache. - */ - if (fnd) - fnd->uptodate = 1; - if (ret) - OSSL_TRACE4(ENGINE_TABLE, - "%s:%d, nid=%d, caching ENGINE '%s'\n", - f, l, nid, ret->id); - else - OSSL_TRACE3(ENGINE_TABLE, - "%s:%d, nid=%d, caching 'no matching ENGINE'\n", - f, l, nid); - CRYPTO_THREAD_unlock(global_engine_lock); - /* - * Whatever happened, any failed init()s are not failures in this - * context, so clear our error state. - */ - ERR_pop_to_mark(); - return ret; -} - -/* Table enumeration */ - -static void int_dall(const ENGINE_PILE *pile, ENGINE_PILE_DOALL *dall) -{ - dall->cb(pile->nid, pile->sk, pile->funct, dall->arg); -} - -IMPLEMENT_LHASH_DOALL_ARG_CONST(ENGINE_PILE, ENGINE_PILE_DOALL); - -void engine_table_doall(ENGINE_TABLE *table, engine_table_doall_cb *cb, - void *arg) -{ - ENGINE_PILE_DOALL dall; - dall.cb = cb; - dall.arg = arg; - if (table) - lh_ENGINE_PILE_doall_ENGINE_PILE_DOALL(&table->piles, int_dall, &dall); -} diff --git a/crypto/engine/tb_asnmth.c b/crypto/engine/tb_asnmth.c deleted file mode 100644 index 81f8e7add0e7d78f7190de82ccf2c243aea4ba4c..0000000000000000000000000000000000000000 --- a/crypto/engine/tb_asnmth.c +++ /dev/null @@ -1,214 +0,0 @@ -/* - * Copyright 2006-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* We need to use some engine deprecated APIs */ -#define OPENSSL_SUPPRESS_DEPRECATED - -#include "e_os.h" -#include "eng_local.h" -#include -#include "crypto/asn1.h" - -/* - * If this symbol is defined then ENGINE_get_pkey_asn1_meth_engine(), the - * function that is used by EVP to hook in pkey_asn1_meth code and cache - * defaults (etc), will display brief debugging summaries to stderr with the - * 'nid'. - */ -/* #define ENGINE_PKEY_ASN1_METH_DEBUG */ - -static ENGINE_TABLE *pkey_asn1_meth_table = NULL; - -void ENGINE_unregister_pkey_asn1_meths(ENGINE *e) -{ - engine_table_unregister(&pkey_asn1_meth_table, e); -} - -static void engine_unregister_all_pkey_asn1_meths(void) -{ - engine_table_cleanup(&pkey_asn1_meth_table); -} - -int ENGINE_register_pkey_asn1_meths(ENGINE *e) -{ - if (e->pkey_asn1_meths) { - const int *nids; - int num_nids = e->pkey_asn1_meths(e, NULL, &nids, 0); - if (num_nids > 0) - return engine_table_register(&pkey_asn1_meth_table, - engine_unregister_all_pkey_asn1_meths, - e, nids, num_nids, 0); - } - return 1; -} - -void ENGINE_register_all_pkey_asn1_meths(void) -{ - ENGINE *e; - - for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e)) - ENGINE_register_pkey_asn1_meths(e); -} - -int ENGINE_set_default_pkey_asn1_meths(ENGINE *e) -{ - if (e->pkey_asn1_meths) { - const int *nids; - int num_nids = e->pkey_asn1_meths(e, NULL, &nids, 0); - if (num_nids > 0) - return engine_table_register(&pkey_asn1_meth_table, - engine_unregister_all_pkey_asn1_meths, - e, nids, num_nids, 1); - } - return 1; -} - -/* - * Exposed API function to get a functional reference from the implementation - * table (ie. try to get a functional reference from the tabled structural - * references) for a given pkey_asn1_meth 'nid' - */ -ENGINE *ENGINE_get_pkey_asn1_meth_engine(int nid) -{ - return ossl_engine_table_select(&pkey_asn1_meth_table, nid, - OPENSSL_FILE, OPENSSL_LINE); -} - -/* - * Obtains a pkey_asn1_meth implementation from an ENGINE functional - * reference - */ -const EVP_PKEY_ASN1_METHOD *ENGINE_get_pkey_asn1_meth(ENGINE *e, int nid) -{ - EVP_PKEY_ASN1_METHOD *ret; - ENGINE_PKEY_ASN1_METHS_PTR fn = ENGINE_get_pkey_asn1_meths(e); - if (!fn || !fn(e, &ret, NULL, nid)) { - ERR_raise(ERR_LIB_ENGINE, ENGINE_R_UNIMPLEMENTED_PUBLIC_KEY_METHOD); - return NULL; - } - return ret; -} - -/* Gets the pkey_asn1_meth callback from an ENGINE structure */ -ENGINE_PKEY_ASN1_METHS_PTR ENGINE_get_pkey_asn1_meths(const ENGINE *e) -{ - return e->pkey_asn1_meths; -} - -/* Sets the pkey_asn1_meth callback in an ENGINE structure */ -int ENGINE_set_pkey_asn1_meths(ENGINE *e, ENGINE_PKEY_ASN1_METHS_PTR f) -{ - e->pkey_asn1_meths = f; - return 1; -} - -/* - * Internal function to free up EVP_PKEY_ASN1_METHOD structures before an - * ENGINE is destroyed - */ - -void engine_pkey_asn1_meths_free(ENGINE *e) -{ - int i; - EVP_PKEY_ASN1_METHOD *pkm; - if (e->pkey_asn1_meths) { - const int *pknids; - int npknids; - npknids = e->pkey_asn1_meths(e, NULL, &pknids, 0); - for (i = 0; i < npknids; i++) { - if (e->pkey_asn1_meths(e, &pkm, NULL, pknids[i])) { - EVP_PKEY_asn1_free(pkm); - } - } - } -} - -/* - * Find a method based on a string. This does a linear search through all - * implemented algorithms. This is OK in practice because only a small number - * of algorithms are likely to be implemented in an engine and it is not used - * for speed critical operations. - */ - -const EVP_PKEY_ASN1_METHOD *ENGINE_get_pkey_asn1_meth_str(ENGINE *e, - const char *str, - int len) -{ - int i, nidcount; - const int *nids; - EVP_PKEY_ASN1_METHOD *ameth; - if (!e->pkey_asn1_meths) - return NULL; - if (len == -1) - len = strlen(str); - nidcount = e->pkey_asn1_meths(e, NULL, &nids, 0); - for (i = 0; i < nidcount; i++) { - e->pkey_asn1_meths(e, &ameth, NULL, nids[i]); - if (ameth != NULL - && ((int)strlen(ameth->pem_str) == len) - && OPENSSL_strncasecmp(ameth->pem_str, str, len) == 0) - return ameth; - } - return NULL; -} - -typedef struct { - ENGINE *e; - const EVP_PKEY_ASN1_METHOD *ameth; - const char *str; - int len; -} ENGINE_FIND_STR; - -static void look_str_cb(int nid, STACK_OF(ENGINE) *sk, ENGINE *def, void *arg) -{ - ENGINE_FIND_STR *lk = arg; - int i; - if (lk->ameth) - return; - for (i = 0; i < sk_ENGINE_num(sk); i++) { - ENGINE *e = sk_ENGINE_value(sk, i); - EVP_PKEY_ASN1_METHOD *ameth; - e->pkey_asn1_meths(e, &ameth, NULL, nid); - if (ameth != NULL - && ((int)strlen(ameth->pem_str) == lk->len) - && OPENSSL_strncasecmp(ameth->pem_str, lk->str, lk->len) == 0) { - lk->e = e; - lk->ameth = ameth; - return; - } - } -} - -const EVP_PKEY_ASN1_METHOD *ENGINE_pkey_asn1_find_str(ENGINE **pe, - const char *str, - int len) -{ - ENGINE_FIND_STR fstr; - fstr.e = NULL; - fstr.ameth = NULL; - fstr.str = str; - fstr.len = len; - - if (!RUN_ONCE(&engine_lock_init, do_engine_lock_init)) { - ERR_raise(ERR_LIB_ENGINE, ERR_R_MALLOC_FAILURE); - return NULL; - } - - if (!CRYPTO_THREAD_write_lock(global_engine_lock)) - return NULL; - engine_table_doall(pkey_asn1_meth_table, look_str_cb, &fstr); - /* If found obtain a structural reference to engine */ - if (fstr.e) { - fstr.e->struct_ref++; - ENGINE_REF_PRINT(fstr.e, 0, 1); - } - *pe = fstr.e; - CRYPTO_THREAD_unlock(global_engine_lock); - return fstr.ameth; -} diff --git a/crypto/engine/tb_cipher.c b/crypto/engine/tb_cipher.c deleted file mode 100644 index 037f5687524fbbf661150508253f41ae6646f56a..0000000000000000000000000000000000000000 --- a/crypto/engine/tb_cipher.c +++ /dev/null @@ -1,95 +0,0 @@ -/* - * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* We need to use some engine deprecated APIs */ -#define OPENSSL_SUPPRESS_DEPRECATED - -#include "eng_local.h" - -static ENGINE_TABLE *cipher_table = NULL; - -void ENGINE_unregister_ciphers(ENGINE *e) -{ - engine_table_unregister(&cipher_table, e); -} - -static void engine_unregister_all_ciphers(void) -{ - engine_table_cleanup(&cipher_table); -} - -int ENGINE_register_ciphers(ENGINE *e) -{ - if (e->ciphers) { - const int *nids; - int num_nids = e->ciphers(e, NULL, &nids, 0); - if (num_nids > 0) - return engine_table_register(&cipher_table, - engine_unregister_all_ciphers, e, - nids, num_nids, 0); - } - return 1; -} - -void ENGINE_register_all_ciphers(void) -{ - ENGINE *e; - - for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e)) - ENGINE_register_ciphers(e); -} - -int ENGINE_set_default_ciphers(ENGINE *e) -{ - if (e->ciphers) { - const int *nids; - int num_nids = e->ciphers(e, NULL, &nids, 0); - if (num_nids > 0) - return engine_table_register(&cipher_table, - engine_unregister_all_ciphers, e, - nids, num_nids, 1); - } - return 1; -} - -/* - * Exposed API function to get a functional reference from the implementation - * table (ie. try to get a functional reference from the tabled structural - * references) for a given cipher 'nid' - */ -ENGINE *ENGINE_get_cipher_engine(int nid) -{ - return ossl_engine_table_select(&cipher_table, nid, - OPENSSL_FILE, OPENSSL_LINE); -} - -/* Obtains a cipher implementation from an ENGINE functional reference */ -const EVP_CIPHER *ENGINE_get_cipher(ENGINE *e, int nid) -{ - const EVP_CIPHER *ret; - ENGINE_CIPHERS_PTR fn = ENGINE_get_ciphers(e); - if (!fn || !fn(e, &ret, NULL, nid)) { - ERR_raise(ERR_LIB_ENGINE, ENGINE_R_UNIMPLEMENTED_CIPHER); - return NULL; - } - return ret; -} - -/* Gets the cipher callback from an ENGINE structure */ -ENGINE_CIPHERS_PTR ENGINE_get_ciphers(const ENGINE *e) -{ - return e->ciphers; -} - -/* Sets the cipher callback in an ENGINE structure */ -int ENGINE_set_ciphers(ENGINE *e, ENGINE_CIPHERS_PTR f) -{ - e->ciphers = f; - return 1; -} diff --git a/crypto/engine/tb_dh.c b/crypto/engine/tb_dh.c deleted file mode 100644 index e1fa45685b11f9c4615f55eabfa2adbb1e13dab9..0000000000000000000000000000000000000000 --- a/crypto/engine/tb_dh.c +++ /dev/null @@ -1,76 +0,0 @@ -/* - * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* We need to use some engine deprecated APIs */ -#define OPENSSL_SUPPRESS_DEPRECATED - -#include "eng_local.h" - -static ENGINE_TABLE *dh_table = NULL; -static const int dummy_nid = 1; - -void ENGINE_unregister_DH(ENGINE *e) -{ - engine_table_unregister(&dh_table, e); -} - -static void engine_unregister_all_DH(void) -{ - engine_table_cleanup(&dh_table); -} - -int ENGINE_register_DH(ENGINE *e) -{ - if (e->dh_meth) - return engine_table_register(&dh_table, - engine_unregister_all_DH, e, &dummy_nid, - 1, 0); - return 1; -} - -void ENGINE_register_all_DH(void) -{ - ENGINE *e; - - for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e)) - ENGINE_register_DH(e); -} - -int ENGINE_set_default_DH(ENGINE *e) -{ - if (e->dh_meth) - return engine_table_register(&dh_table, - engine_unregister_all_DH, e, &dummy_nid, - 1, 1); - return 1; -} - -/* - * Exposed API function to get a functional reference from the implementation - * table (ie. try to get a functional reference from the tabled structural - * references). - */ -ENGINE *ENGINE_get_default_DH(void) -{ - return ossl_engine_table_select(&dh_table, dummy_nid, - OPENSSL_FILE, OPENSSL_LINE); -} - -/* Obtains an DH implementation from an ENGINE functional reference */ -const DH_METHOD *ENGINE_get_DH(const ENGINE *e) -{ - return e->dh_meth; -} - -/* Sets an DH implementation in an ENGINE structure */ -int ENGINE_set_DH(ENGINE *e, const DH_METHOD *dh_meth) -{ - e->dh_meth = dh_meth; - return 1; -} diff --git a/crypto/engine/tb_digest.c b/crypto/engine/tb_digest.c deleted file mode 100644 index dcc70eca458770a4b6e5885520a42adc440ca55f..0000000000000000000000000000000000000000 --- a/crypto/engine/tb_digest.c +++ /dev/null @@ -1,95 +0,0 @@ -/* - * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* We need to use some engine deprecated APIs */ -#define OPENSSL_SUPPRESS_DEPRECATED - -#include "eng_local.h" - -static ENGINE_TABLE *digest_table = NULL; - -void ENGINE_unregister_digests(ENGINE *e) -{ - engine_table_unregister(&digest_table, e); -} - -static void engine_unregister_all_digests(void) -{ - engine_table_cleanup(&digest_table); -} - -int ENGINE_register_digests(ENGINE *e) -{ - if (e->digests) { - const int *nids; - int num_nids = e->digests(e, NULL, &nids, 0); - if (num_nids > 0) - return engine_table_register(&digest_table, - engine_unregister_all_digests, e, - nids, num_nids, 0); - } - return 1; -} - -void ENGINE_register_all_digests(void) -{ - ENGINE *e; - - for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e)) - ENGINE_register_digests(e); -} - -int ENGINE_set_default_digests(ENGINE *e) -{ - if (e->digests) { - const int *nids; - int num_nids = e->digests(e, NULL, &nids, 0); - if (num_nids > 0) - return engine_table_register(&digest_table, - engine_unregister_all_digests, e, - nids, num_nids, 1); - } - return 1; -} - -/* - * Exposed API function to get a functional reference from the implementation - * table (ie. try to get a functional reference from the tabled structural - * references) for a given digest 'nid' - */ -ENGINE *ENGINE_get_digest_engine(int nid) -{ - return ossl_engine_table_select(&digest_table, nid, - OPENSSL_FILE, OPENSSL_LINE); -} - -/* Obtains a digest implementation from an ENGINE functional reference */ -const EVP_MD *ENGINE_get_digest(ENGINE *e, int nid) -{ - const EVP_MD *ret; - ENGINE_DIGESTS_PTR fn = ENGINE_get_digests(e); - if (!fn || !fn(e, &ret, NULL, nid)) { - ERR_raise(ERR_LIB_ENGINE, ENGINE_R_UNIMPLEMENTED_DIGEST); - return NULL; - } - return ret; -} - -/* Gets the digest callback from an ENGINE structure */ -ENGINE_DIGESTS_PTR ENGINE_get_digests(const ENGINE *e) -{ - return e->digests; -} - -/* Sets the digest callback in an ENGINE structure */ -int ENGINE_set_digests(ENGINE *e, ENGINE_DIGESTS_PTR f) -{ - e->digests = f; - return 1; -} diff --git a/crypto/engine/tb_dsa.c b/crypto/engine/tb_dsa.c deleted file mode 100644 index 6de314b7fcbe809ed804c1f4b6f0f88bff892f48..0000000000000000000000000000000000000000 --- a/crypto/engine/tb_dsa.c +++ /dev/null @@ -1,76 +0,0 @@ -/* - * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* We need to use some engine deprecated APIs */ -#define OPENSSL_SUPPRESS_DEPRECATED - -#include "eng_local.h" - -static ENGINE_TABLE *dsa_table = NULL; -static const int dummy_nid = 1; - -void ENGINE_unregister_DSA(ENGINE *e) -{ - engine_table_unregister(&dsa_table, e); -} - -static void engine_unregister_all_DSA(void) -{ - engine_table_cleanup(&dsa_table); -} - -int ENGINE_register_DSA(ENGINE *e) -{ - if (e->dsa_meth) - return engine_table_register(&dsa_table, - engine_unregister_all_DSA, e, &dummy_nid, - 1, 0); - return 1; -} - -void ENGINE_register_all_DSA(void) -{ - ENGINE *e; - - for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e)) - ENGINE_register_DSA(e); -} - -int ENGINE_set_default_DSA(ENGINE *e) -{ - if (e->dsa_meth) - return engine_table_register(&dsa_table, - engine_unregister_all_DSA, e, &dummy_nid, - 1, 1); - return 1; -} - -/* - * Exposed API function to get a functional reference from the implementation - * table (ie. try to get a functional reference from the tabled structural - * references). - */ -ENGINE *ENGINE_get_default_DSA(void) -{ - return ossl_engine_table_select(&dsa_table, dummy_nid, - OPENSSL_FILE, OPENSSL_LINE); -} - -/* Obtains an DSA implementation from an ENGINE functional reference */ -const DSA_METHOD *ENGINE_get_DSA(const ENGINE *e) -{ - return e->dsa_meth; -} - -/* Sets an DSA implementation in an ENGINE structure */ -int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth) -{ - e->dsa_meth = dsa_meth; - return 1; -} diff --git a/crypto/engine/tb_eckey.c b/crypto/engine/tb_eckey.c deleted file mode 100644 index 0394a5bc220a8abb05e2c0852c7cbbfc9f75040e..0000000000000000000000000000000000000000 --- a/crypto/engine/tb_eckey.c +++ /dev/null @@ -1,76 +0,0 @@ -/* - * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* We need to use some engine deprecated APIs */ -#define OPENSSL_SUPPRESS_DEPRECATED - -#include "eng_local.h" - -static ENGINE_TABLE *dh_table = NULL; -static const int dummy_nid = 1; - -void ENGINE_unregister_EC(ENGINE *e) -{ - engine_table_unregister(&dh_table, e); -} - -static void engine_unregister_all_EC(void) -{ - engine_table_cleanup(&dh_table); -} - -int ENGINE_register_EC(ENGINE *e) -{ - if (e->ec_meth != NULL) - return engine_table_register(&dh_table, - engine_unregister_all_EC, e, &dummy_nid, - 1, 0); - return 1; -} - -void ENGINE_register_all_EC(void) -{ - ENGINE *e; - - for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e)) - ENGINE_register_EC(e); -} - -int ENGINE_set_default_EC(ENGINE *e) -{ - if (e->ec_meth != NULL) - return engine_table_register(&dh_table, - engine_unregister_all_EC, e, &dummy_nid, - 1, 1); - return 1; -} - -/* - * Exposed API function to get a functional reference from the implementation - * table (ie. try to get a functional reference from the tabled structural - * references). - */ -ENGINE *ENGINE_get_default_EC(void) -{ - return ossl_engine_table_select(&dh_table, dummy_nid, - OPENSSL_FILE, OPENSSL_LINE); -} - -/* Obtains an EC_KEY implementation from an ENGINE functional reference */ -const EC_KEY_METHOD *ENGINE_get_EC(const ENGINE *e) -{ - return e->ec_meth; -} - -/* Sets an EC_KEY implementation in an ENGINE structure */ -int ENGINE_set_EC(ENGINE *e, const EC_KEY_METHOD *ec_meth) -{ - e->ec_meth = ec_meth; - return 1; -} diff --git a/crypto/engine/tb_pkmeth.c b/crypto/engine/tb_pkmeth.c deleted file mode 100644 index 5c3da1136d2b81bd4322ead0fc331972f714a1f8..0000000000000000000000000000000000000000 --- a/crypto/engine/tb_pkmeth.c +++ /dev/null @@ -1,117 +0,0 @@ -/* - * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* We need to use some deprecated APIs */ -#include "internal/deprecated.h" - -#include "eng_local.h" -#include - -static ENGINE_TABLE *pkey_meth_table = NULL; - -void ENGINE_unregister_pkey_meths(ENGINE *e) -{ - engine_table_unregister(&pkey_meth_table, e); -} - -static void engine_unregister_all_pkey_meths(void) -{ - engine_table_cleanup(&pkey_meth_table); -} - -int ENGINE_register_pkey_meths(ENGINE *e) -{ - if (e->pkey_meths) { - const int *nids; - int num_nids = e->pkey_meths(e, NULL, &nids, 0); - if (num_nids > 0) - return engine_table_register(&pkey_meth_table, - engine_unregister_all_pkey_meths, e, - nids, num_nids, 0); - } - return 1; -} - -void ENGINE_register_all_pkey_meths(void) -{ - ENGINE *e; - - for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e)) - ENGINE_register_pkey_meths(e); -} - -int ENGINE_set_default_pkey_meths(ENGINE *e) -{ - if (e->pkey_meths) { - const int *nids; - int num_nids = e->pkey_meths(e, NULL, &nids, 0); - if (num_nids > 0) - return engine_table_register(&pkey_meth_table, - engine_unregister_all_pkey_meths, e, - nids, num_nids, 1); - } - return 1; -} - -/* - * Exposed API function to get a functional reference from the implementation - * table (ie. try to get a functional reference from the tabled structural - * references) for a given pkey_meth 'nid' - */ -ENGINE *ENGINE_get_pkey_meth_engine(int nid) -{ - return ossl_engine_table_select(&pkey_meth_table, nid, - OPENSSL_FILE, OPENSSL_LINE); -} - -/* Obtains a pkey_meth implementation from an ENGINE functional reference */ -const EVP_PKEY_METHOD *ENGINE_get_pkey_meth(ENGINE *e, int nid) -{ - EVP_PKEY_METHOD *ret; - ENGINE_PKEY_METHS_PTR fn = ENGINE_get_pkey_meths(e); - if (!fn || !fn(e, &ret, NULL, nid)) { - ERR_raise(ERR_LIB_ENGINE, ENGINE_R_UNIMPLEMENTED_PUBLIC_KEY_METHOD); - return NULL; - } - return ret; -} - -/* Gets the pkey_meth callback from an ENGINE structure */ -ENGINE_PKEY_METHS_PTR ENGINE_get_pkey_meths(const ENGINE *e) -{ - return e->pkey_meths; -} - -/* Sets the pkey_meth callback in an ENGINE structure */ -int ENGINE_set_pkey_meths(ENGINE *e, ENGINE_PKEY_METHS_PTR f) -{ - e->pkey_meths = f; - return 1; -} - -/* - * Internal function to free up EVP_PKEY_METHOD structures before an ENGINE - * is destroyed - */ - -void engine_pkey_meths_free(ENGINE *e) -{ - int i; - EVP_PKEY_METHOD *pkm; - if (e->pkey_meths) { - const int *pknids; - int npknids; - npknids = e->pkey_meths(e, NULL, &pknids, 0); - for (i = 0; i < npknids; i++) { - if (e->pkey_meths(e, &pkm, NULL, pknids[i])) { - EVP_PKEY_meth_free(pkm); - } - } - } -} diff --git a/crypto/engine/tb_rand.c b/crypto/engine/tb_rand.c deleted file mode 100644 index 991a4914eafe436ffaca724bb2830e605fc426b0..0000000000000000000000000000000000000000 --- a/crypto/engine/tb_rand.c +++ /dev/null @@ -1,76 +0,0 @@ -/* - * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* We need to use some engine deprecated APIs */ -#define OPENSSL_SUPPRESS_DEPRECATED - -#include "eng_local.h" - -static ENGINE_TABLE *rand_table = NULL; -static const int dummy_nid = 1; - -void ENGINE_unregister_RAND(ENGINE *e) -{ - engine_table_unregister(&rand_table, e); -} - -static void engine_unregister_all_RAND(void) -{ - engine_table_cleanup(&rand_table); -} - -int ENGINE_register_RAND(ENGINE *e) -{ - if (e->rand_meth) - return engine_table_register(&rand_table, - engine_unregister_all_RAND, e, - &dummy_nid, 1, 0); - return 1; -} - -void ENGINE_register_all_RAND(void) -{ - ENGINE *e; - - for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e)) - ENGINE_register_RAND(e); -} - -int ENGINE_set_default_RAND(ENGINE *e) -{ - if (e->rand_meth) - return engine_table_register(&rand_table, - engine_unregister_all_RAND, e, - &dummy_nid, 1, 1); - return 1; -} - -/* - * Exposed API function to get a functional reference from the implementation - * table (ie. try to get a functional reference from the tabled structural - * references). - */ -ENGINE *ENGINE_get_default_RAND(void) -{ - return ossl_engine_table_select(&rand_table, dummy_nid, - OPENSSL_FILE, OPENSSL_LINE); -} - -/* Obtains an RAND implementation from an ENGINE functional reference */ -const RAND_METHOD *ENGINE_get_RAND(const ENGINE *e) -{ - return e->rand_meth; -} - -/* Sets an RAND implementation in an ENGINE structure */ -int ENGINE_set_RAND(ENGINE *e, const RAND_METHOD *rand_meth) -{ - e->rand_meth = rand_meth; - return 1; -} diff --git a/crypto/engine/tb_rsa.c b/crypto/engine/tb_rsa.c deleted file mode 100644 index b68b8f0ca74e2e85c90d531b30dbf14bc5100079..0000000000000000000000000000000000000000 --- a/crypto/engine/tb_rsa.c +++ /dev/null @@ -1,76 +0,0 @@ -/* - * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* We need to use some engine deprecated APIs */ -#define OPENSSL_SUPPRESS_DEPRECATED - -#include "eng_local.h" - -static ENGINE_TABLE *rsa_table = NULL; -static const int dummy_nid = 1; - -void ENGINE_unregister_RSA(ENGINE *e) -{ - engine_table_unregister(&rsa_table, e); -} - -static void engine_unregister_all_RSA(void) -{ - engine_table_cleanup(&rsa_table); -} - -int ENGINE_register_RSA(ENGINE *e) -{ - if (e->rsa_meth) - return engine_table_register(&rsa_table, - engine_unregister_all_RSA, e, &dummy_nid, - 1, 0); - return 1; -} - -void ENGINE_register_all_RSA(void) -{ - ENGINE *e; - - for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e)) - ENGINE_register_RSA(e); -} - -int ENGINE_set_default_RSA(ENGINE *e) -{ - if (e->rsa_meth) - return engine_table_register(&rsa_table, - engine_unregister_all_RSA, e, &dummy_nid, - 1, 1); - return 1; -} - -/* - * Exposed API function to get a functional reference from the implementation - * table (ie. try to get a functional reference from the tabled structural - * references). - */ -ENGINE *ENGINE_get_default_RSA(void) -{ - return ossl_engine_table_select(&rsa_table, dummy_nid, - OPENSSL_FILE, OPENSSL_LINE); -} - -/* Obtains an RSA implementation from an ENGINE functional reference */ -const RSA_METHOD *ENGINE_get_RSA(const ENGINE *e) -{ - return e->rsa_meth; -} - -/* Sets an RSA implementation in an ENGINE structure */ -int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth) -{ - e->rsa_meth = rsa_meth; - return 1; -} diff --git a/crypto/err/README.md b/crypto/err/README.md deleted file mode 100644 index 78085b37799d74ca695ef44f61aa10a2764d5358..0000000000000000000000000000000000000000 --- a/crypto/err/README.md +++ /dev/null @@ -1,44 +0,0 @@ -Adding new libraries -==================== - -When adding a new sub-library to OpenSSL, assign it a library number -`ERR_LIB_XXX`, define a macro `XXXerr()` (both in `err.h`), add its -name to `ERR_str_libraries[]` (in `crypto/err/err.c`), and add -`ERR_load_XXX_strings()` to the `ERR_load_crypto_strings()` function -(in `crypto/err/err_all.c`). Finally, add an entry: - - L XXX xxx.h xxx_err.c - -to `crypto/err/openssl.ec`, and add `xxx_err.c` to the `Makefile`. -Running make errors will then generate a file `xxx_err.c`, and -add all error codes used in the library to `xxx.h`. - -Additionally the library include file must have a certain form. -Typically it will initially look like this: - - #ifndef HEADER_XXX_H - #define HEADER_XXX_H - - #ifdef __cplusplus - extern "C" { - #endif - - /* Include files */ - - #include - #include - - /* Macros, structures and function prototypes */ - - - /* BEGIN ERROR CODES */ - -The `BEGIN ERROR CODES` sequence is used by the error code -generation script as the point to place new error codes, any text -after this point will be overwritten when make errors is run. -The closing `#endif` etc will be automatically added by the script. - -The generated C error code file `xxx_err.c` will load the header -files `stdio.h`, `openssl/err.h` and `openssl/xxx.h` so the -header file must load any additional header files containing any -definitions it uses. diff --git a/crypto/err/build.info b/crypto/err/build.info deleted file mode 100644 index 98f8801e34a6d5fb492b8efa82b1e11b6bb25fcf..0000000000000000000000000000000000000000 --- a/crypto/err/build.info +++ /dev/null @@ -1,3 +0,0 @@ -LIBS=../../libcrypto -SOURCE[../../libcrypto]=\ - err_blocks.c err.c err_all.c err_all_legacy.c err_prn.c diff --git a/crypto/err/err.c b/crypto/err/err.c deleted file mode 100644 index ec55642308c4fae64ec75a301fafec47bd541f45..0000000000000000000000000000000000000000 --- a/crypto/err/err.c +++ /dev/null @@ -1,951 +0,0 @@ -/* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#define OSSL_FORCE_ERR_STATE - -#include -#include -#include -#include "crypto/cryptlib.h" -#include "internal/err.h" -#include "crypto/err.h" -#include -#include -#include -#include -#include -#include "internal/thread_once.h" -#include "crypto/ctype.h" -#include "internal/constant_time.h" -#include "e_os.h" -#include "err_local.h" - -/* Forward declaration in case it's not published because of configuration */ -ERR_STATE *ERR_get_state(void); - -#ifndef OPENSSL_NO_ERR -static int err_load_strings(const ERR_STRING_DATA *str); -#endif - -static void ERR_STATE_free(ERR_STATE *s); -#ifndef OPENSSL_NO_ERR -static ERR_STRING_DATA ERR_str_libraries[] = { - {ERR_PACK(ERR_LIB_NONE, 0, 0), "unknown library"}, - {ERR_PACK(ERR_LIB_SYS, 0, 0), "system library"}, - {ERR_PACK(ERR_LIB_BN, 0, 0), "bignum routines"}, - {ERR_PACK(ERR_LIB_RSA, 0, 0), "rsa routines"}, - {ERR_PACK(ERR_LIB_DH, 0, 0), "Diffie-Hellman routines"}, - {ERR_PACK(ERR_LIB_EVP, 0, 0), "digital envelope routines"}, - {ERR_PACK(ERR_LIB_BUF, 0, 0), "memory buffer routines"}, - {ERR_PACK(ERR_LIB_OBJ, 0, 0), "object identifier routines"}, - {ERR_PACK(ERR_LIB_PEM, 0, 0), "PEM routines"}, - {ERR_PACK(ERR_LIB_DSA, 0, 0), "dsa routines"}, - {ERR_PACK(ERR_LIB_X509, 0, 0), "x509 certificate routines"}, - {ERR_PACK(ERR_LIB_ASN1, 0, 0), "asn1 encoding routines"}, - {ERR_PACK(ERR_LIB_CONF, 0, 0), "configuration file routines"}, - {ERR_PACK(ERR_LIB_CRYPTO, 0, 0), "common libcrypto routines"}, - {ERR_PACK(ERR_LIB_EC, 0, 0), "elliptic curve routines"}, - {ERR_PACK(ERR_LIB_ECDSA, 0, 0), "ECDSA routines"}, - {ERR_PACK(ERR_LIB_ECDH, 0, 0), "ECDH routines"}, - {ERR_PACK(ERR_LIB_SSL, 0, 0), "SSL routines"}, - {ERR_PACK(ERR_LIB_BIO, 0, 0), "BIO routines"}, - {ERR_PACK(ERR_LIB_PKCS7, 0, 0), "PKCS7 routines"}, - {ERR_PACK(ERR_LIB_X509V3, 0, 0), "X509 V3 routines"}, - {ERR_PACK(ERR_LIB_PKCS12, 0, 0), "PKCS12 routines"}, - {ERR_PACK(ERR_LIB_RAND, 0, 0), "random number generator"}, - {ERR_PACK(ERR_LIB_DSO, 0, 0), "DSO support routines"}, - {ERR_PACK(ERR_LIB_TS, 0, 0), "time stamp routines"}, - {ERR_PACK(ERR_LIB_ENGINE, 0, 0), "engine routines"}, - {ERR_PACK(ERR_LIB_OCSP, 0, 0), "OCSP routines"}, - {ERR_PACK(ERR_LIB_UI, 0, 0), "UI routines"}, - {ERR_PACK(ERR_LIB_FIPS, 0, 0), "FIPS routines"}, - {ERR_PACK(ERR_LIB_CMS, 0, 0), "CMS routines"}, - {ERR_PACK(ERR_LIB_CRMF, 0, 0), "CRMF routines"}, - {ERR_PACK(ERR_LIB_CMP, 0, 0), "CMP routines"}, - {ERR_PACK(ERR_LIB_HMAC, 0, 0), "HMAC routines"}, - {ERR_PACK(ERR_LIB_CT, 0, 0), "CT routines"}, - {ERR_PACK(ERR_LIB_ASYNC, 0, 0), "ASYNC routines"}, - {ERR_PACK(ERR_LIB_KDF, 0, 0), "KDF routines"}, - {ERR_PACK(ERR_LIB_OSSL_STORE, 0, 0), "STORE routines"}, - {ERR_PACK(ERR_LIB_SM2, 0, 0), "SM2 routines"}, - {ERR_PACK(ERR_LIB_ESS, 0, 0), "ESS routines"}, - {ERR_PACK(ERR_LIB_PROV, 0, 0), "Provider routines"}, - {ERR_PACK(ERR_LIB_OSSL_ENCODER, 0, 0), "ENCODER routines"}, - {ERR_PACK(ERR_LIB_OSSL_DECODER, 0, 0), "DECODER routines"}, - {ERR_PACK(ERR_LIB_HTTP, 0, 0), "HTTP routines"}, - {0, NULL}, -}; - -/* - * Should make sure that all ERR_R_ reasons defined in include/openssl/err.h.in - * are listed. For maintainability, please keep all reasons in the same order. - */ -static ERR_STRING_DATA ERR_str_reasons[] = { - {ERR_R_SYS_LIB, "system lib"}, - {ERR_R_BN_LIB, "BN lib"}, - {ERR_R_RSA_LIB, "RSA lib"}, - {ERR_R_DH_LIB, "DH lib"}, - {ERR_R_EVP_LIB, "EVP lib"}, - {ERR_R_BUF_LIB, "BUF lib"}, - {ERR_R_OBJ_LIB, "OBJ lib"}, - {ERR_R_PEM_LIB, "PEM lib"}, - {ERR_R_DSA_LIB, "DSA lib"}, - {ERR_R_X509_LIB, "X509 lib"}, - {ERR_R_ASN1_LIB, "ASN1 lib"}, - {ERR_R_CRYPTO_LIB, "CRYPTO lib"}, - {ERR_R_EC_LIB, "EC lib"}, - {ERR_R_BIO_LIB, "BIO lib"}, - {ERR_R_PKCS7_LIB, "PKCS7 lib"}, - {ERR_R_X509V3_LIB, "X509V3 lib"}, - {ERR_R_ENGINE_LIB, "ENGINE lib"}, - {ERR_R_UI_LIB, "UI lib"}, - {ERR_R_ECDSA_LIB, "ECDSA lib"}, - {ERR_R_OSSL_STORE_LIB, "OSSL_STORE lib"}, - {ERR_R_OSSL_DECODER_LIB, "OSSL_DECODER lib"}, - - {ERR_R_FATAL, "fatal"}, - {ERR_R_MALLOC_FAILURE, "malloc failure"}, - {ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED, - "called a function you should not call"}, - {ERR_R_PASSED_NULL_PARAMETER, "passed a null parameter"}, - {ERR_R_INTERNAL_ERROR, "internal error"}, - {ERR_R_DISABLED, "called a function that was disabled at compile-time"}, - {ERR_R_INIT_FAIL, "init fail"}, - {ERR_R_PASSED_INVALID_ARGUMENT, "passed invalid argument"}, - {ERR_R_OPERATION_FAIL, "operation fail"}, - {ERR_R_INVALID_PROVIDER_FUNCTIONS, "invalid provider functions"}, - {ERR_R_INTERRUPTED_OR_CANCELLED, "interrupted or cancelled"}, - {ERR_R_NESTED_ASN1_ERROR, "nested asn1 error"}, - {ERR_R_MISSING_ASN1_EOS, "missing asn1 eos"}, - /* - * Something is unsupported, exactly what is expressed with additional data - */ - {ERR_R_UNSUPPORTED, "unsupported"}, - /* - * A fetch failed for other reasons than the name to be fetched being - * unsupported. - */ - {ERR_R_FETCH_FAILED, "fetch failed"}, - {ERR_R_INVALID_PROPERTY_DEFINITION, "invalid property definition"}, - {ERR_R_UNABLE_TO_GET_READ_LOCK, "unable to get read lock"}, - {ERR_R_UNABLE_TO_GET_WRITE_LOCK, "unable to get write lock"}, - {0, NULL}, -}; -#endif - -static CRYPTO_ONCE err_init = CRYPTO_ONCE_STATIC_INIT; -static int set_err_thread_local; -static CRYPTO_THREAD_LOCAL err_thread_local; - -static CRYPTO_ONCE err_string_init = CRYPTO_ONCE_STATIC_INIT; -static CRYPTO_RWLOCK *err_string_lock = NULL; - -#ifndef OPENSSL_NO_ERR -static ERR_STRING_DATA *int_err_get_item(const ERR_STRING_DATA *); -#endif - -/* - * The internal state - */ - -#ifndef OPENSSL_NO_ERR -static LHASH_OF(ERR_STRING_DATA) *int_error_hash = NULL; -#endif -static int int_err_library_number = ERR_LIB_USER; - -typedef enum ERR_GET_ACTION_e { - EV_POP, EV_PEEK, EV_PEEK_LAST -} ERR_GET_ACTION; - -static unsigned long get_error_values(ERR_GET_ACTION g, - const char **file, int *line, - const char **func, const char **data, - int *flags); - -#ifndef OPENSSL_NO_ERR -static unsigned long err_string_data_hash(const ERR_STRING_DATA *a) -{ - unsigned long ret, l; - - l = a->error; - ret = l ^ ERR_GET_LIB(l); - return (ret ^ ret % 19 * 13); -} - -static int err_string_data_cmp(const ERR_STRING_DATA *a, - const ERR_STRING_DATA *b) -{ - if (a->error == b->error) - return 0; - return a->error > b->error ? 1 : -1; -} - -static ERR_STRING_DATA *int_err_get_item(const ERR_STRING_DATA *d) -{ - ERR_STRING_DATA *p = NULL; - - if (!CRYPTO_THREAD_read_lock(err_string_lock)) - return NULL; - p = lh_ERR_STRING_DATA_retrieve(int_error_hash, d); - CRYPTO_THREAD_unlock(err_string_lock); - - return p; -} -#endif - -static void ERR_STATE_free(ERR_STATE *s) -{ - int i; - - if (s == NULL) - return; - for (i = 0; i < ERR_NUM_ERRORS; i++) { - err_clear(s, i, 1); - } - OPENSSL_free(s); -} - -DEFINE_RUN_ONCE_STATIC(do_err_strings_init) -{ - if (!OPENSSL_init_crypto(OPENSSL_INIT_BASE_ONLY, NULL)) - return 0; - err_string_lock = CRYPTO_THREAD_lock_new(); - if (err_string_lock == NULL) - return 0; -#ifndef OPENSSL_NO_ERR - int_error_hash = lh_ERR_STRING_DATA_new(err_string_data_hash, - err_string_data_cmp); - if (int_error_hash == NULL) { - CRYPTO_THREAD_lock_free(err_string_lock); - err_string_lock = NULL; - return 0; - } -#endif - return 1; -} - -void err_cleanup(void) -{ - if (set_err_thread_local != 0) - CRYPTO_THREAD_cleanup_local(&err_thread_local); - CRYPTO_THREAD_lock_free(err_string_lock); - err_string_lock = NULL; -#ifndef OPENSSL_NO_ERR - lh_ERR_STRING_DATA_free(int_error_hash); - int_error_hash = NULL; -#endif -} - -#ifndef OPENSSL_NO_ERR -/* - * Legacy; pack in the library. - */ -static void err_patch(int lib, ERR_STRING_DATA *str) -{ - unsigned long plib = ERR_PACK(lib, 0, 0); - - for (; str->error != 0; str++) - str->error |= plib; -} - -/* - * Hash in |str| error strings. Assumes the RUN_ONCE was done. - */ -static int err_load_strings(const ERR_STRING_DATA *str) -{ - if (!CRYPTO_THREAD_write_lock(err_string_lock)) - return 0; - for (; str->error; str++) - (void)lh_ERR_STRING_DATA_insert(int_error_hash, - (ERR_STRING_DATA *)str); - CRYPTO_THREAD_unlock(err_string_lock); - return 1; -} -#endif - -int ossl_err_load_ERR_strings(void) -{ -#ifndef OPENSSL_NO_ERR - if (!RUN_ONCE(&err_string_init, do_err_strings_init)) - return 0; - - err_load_strings(ERR_str_libraries); - err_load_strings(ERR_str_reasons); -#endif - return 1; -} - -int ERR_load_strings(int lib, ERR_STRING_DATA *str) -{ -#ifndef OPENSSL_NO_ERR - if (ossl_err_load_ERR_strings() == 0) - return 0; - - err_patch(lib, str); - err_load_strings(str); -#endif - - return 1; -} - -int ERR_load_strings_const(const ERR_STRING_DATA *str) -{ -#ifndef OPENSSL_NO_ERR - if (ossl_err_load_ERR_strings() == 0) - return 0; - err_load_strings(str); -#endif - - return 1; -} - -int ERR_unload_strings(int lib, ERR_STRING_DATA *str) -{ -#ifndef OPENSSL_NO_ERR - if (!RUN_ONCE(&err_string_init, do_err_strings_init)) - return 0; - - if (!CRYPTO_THREAD_write_lock(err_string_lock)) - return 0; - /* - * We don't need to ERR_PACK the lib, since that was done (to - * the table) when it was loaded. - */ - for (; str->error; str++) - (void)lh_ERR_STRING_DATA_delete(int_error_hash, str); - CRYPTO_THREAD_unlock(err_string_lock); -#endif - - return 1; -} - -void err_free_strings_int(void) -{ - /* obsolete */ -} - -/********************************************************/ - -void ERR_clear_error(void) -{ - int i; - ERR_STATE *es; - - es = ossl_err_get_state_int(); - if (es == NULL) - return; - - for (i = 0; i < ERR_NUM_ERRORS; i++) { - err_clear(es, i, 0); - } - es->top = es->bottom = 0; -} - -unsigned long ERR_get_error(void) -{ - return get_error_values(EV_POP, NULL, NULL, NULL, NULL, NULL); -} - -unsigned long ERR_get_error_all(const char **file, int *line, - const char **func, - const char **data, int *flags) -{ - return get_error_values(EV_POP, file, line, func, data, flags); -} - -#ifndef OPENSSL_NO_DEPRECATED_3_0 -unsigned long ERR_get_error_line(const char **file, int *line) -{ - return get_error_values(EV_POP, file, line, NULL, NULL, NULL); -} - -unsigned long ERR_get_error_line_data(const char **file, int *line, - const char **data, int *flags) -{ - return get_error_values(EV_POP, file, line, NULL, data, flags); -} -#endif - -unsigned long ERR_peek_error(void) -{ - return get_error_values(EV_PEEK, NULL, NULL, NULL, NULL, NULL); -} - -unsigned long ERR_peek_error_line(const char **file, int *line) -{ - return get_error_values(EV_PEEK, file, line, NULL, NULL, NULL); -} - -unsigned long ERR_peek_error_func(const char **func) -{ - return get_error_values(EV_PEEK, NULL, NULL, func, NULL, NULL); -} - -unsigned long ERR_peek_error_data(const char **data, int *flags) -{ - return get_error_values(EV_PEEK, NULL, NULL, NULL, data, flags); -} - -unsigned long ERR_peek_error_all(const char **file, int *line, - const char **func, - const char **data, int *flags) -{ - return get_error_values(EV_PEEK, file, line, func, data, flags); -} - -#ifndef OPENSSL_NO_DEPRECATED_3_0 -unsigned long ERR_peek_error_line_data(const char **file, int *line, - const char **data, int *flags) -{ - return get_error_values(EV_PEEK, file, line, NULL, data, flags); -} -#endif - -unsigned long ERR_peek_last_error(void) -{ - return get_error_values(EV_PEEK_LAST, NULL, NULL, NULL, NULL, NULL); -} - -unsigned long ERR_peek_last_error_line(const char **file, int *line) -{ - return get_error_values(EV_PEEK_LAST, file, line, NULL, NULL, NULL); -} - -unsigned long ERR_peek_last_error_func(const char **func) -{ - return get_error_values(EV_PEEK_LAST, NULL, NULL, func, NULL, NULL); -} - -unsigned long ERR_peek_last_error_data(const char **data, int *flags) -{ - return get_error_values(EV_PEEK_LAST, NULL, NULL, NULL, data, flags); -} - -unsigned long ERR_peek_last_error_all(const char **file, int *line, - const char **func, - const char **data, int *flags) -{ - return get_error_values(EV_PEEK_LAST, file, line, func, data, flags); -} - -#ifndef OPENSSL_NO_DEPRECATED_3_0 -unsigned long ERR_peek_last_error_line_data(const char **file, int *line, - const char **data, int *flags) -{ - return get_error_values(EV_PEEK_LAST, file, line, NULL, data, flags); -} -#endif - -static unsigned long get_error_values(ERR_GET_ACTION g, - const char **file, int *line, - const char **func, - const char **data, int *flags) -{ - int i = 0; - ERR_STATE *es; - unsigned long ret; - - es = ossl_err_get_state_int(); - if (es == NULL) - return 0; - - /* - * Clear anything that should have been cleared earlier. We do this - * here because this doesn't have constant-time issues. - */ - while (es->bottom != es->top) { - if (es->err_flags[es->top] & ERR_FLAG_CLEAR) { - err_clear(es, es->top, 0); - es->top = es->top > 0 ? es->top - 1 : ERR_NUM_ERRORS - 1; - continue; - } - i = (es->bottom + 1) % ERR_NUM_ERRORS; - if (es->err_flags[i] & ERR_FLAG_CLEAR) { - es->bottom = i; - err_clear(es, es->bottom, 0); - continue; - } - break; - } - - /* If everything has been cleared, the stack is empty. */ - if (es->bottom == es->top) - return 0; - - /* Which error, the top of stack (latest one) or the first one? */ - if (g == EV_PEEK_LAST) - i = es->top; - else - i = (es->bottom + 1) % ERR_NUM_ERRORS; - - ret = es->err_buffer[i]; - if (g == EV_POP) { - es->bottom = i; - es->err_buffer[i] = 0; - } - - if (file != NULL) { - *file = es->err_file[i]; - if (*file == NULL) - *file = ""; - } - if (line != NULL) - *line = es->err_line[i]; - if (func != NULL) { - *func = es->err_func[i]; - if (*func == NULL) - *func = ""; - } - if (flags != NULL) - *flags = es->err_data_flags[i]; - if (data == NULL) { - if (g == EV_POP) { - err_clear_data(es, i, 0); - } - } else { - *data = es->err_data[i]; - if (*data == NULL) { - *data = ""; - if (flags != NULL) - *flags = 0; - } - } - return ret; -} - -void ossl_err_string_int(unsigned long e, const char *func, - char *buf, size_t len) -{ - char lsbuf[64], rsbuf[256]; - const char *ls, *rs = NULL; - unsigned long l, r; - - if (len == 0) - return; - - l = ERR_GET_LIB(e); - ls = ERR_lib_error_string(e); - if (ls == NULL) { - BIO_snprintf(lsbuf, sizeof(lsbuf), "lib(%lu)", l); - ls = lsbuf; - } - - /* - * ERR_reason_error_string() can't safely return system error strings, - * since it would call openssl_strerror_r(), which needs a buffer for - * thread safety. So for system errors, we call openssl_strerror_r() - * directly instead. - */ - r = ERR_GET_REASON(e); -#ifndef OPENSSL_NO_ERR - if (ERR_SYSTEM_ERROR(e)) { - if (openssl_strerror_r(r, rsbuf, sizeof(rsbuf))) - rs = rsbuf; - } else { - rs = ERR_reason_error_string(e); - } -#endif - if (rs == NULL) { - BIO_snprintf(rsbuf, sizeof(rsbuf), "reason(%lu)", r); - rs = rsbuf; - } - - BIO_snprintf(buf, len, "error:%08lX:%s:%s:%s", e, ls, func, rs); - if (strlen(buf) == len - 1) { - /* Didn't fit; use a minimal format. */ - BIO_snprintf(buf, len, "err:%lx:%lx:%lx:%lx", e, l, 0L, r); - } -} - - -void ERR_error_string_n(unsigned long e, char *buf, size_t len) -{ - ossl_err_string_int(e, "", buf, len); -} - -/* - * ERR_error_string_n should be used instead for ret != NULL as - * ERR_error_string cannot know how large the buffer is - */ -char *ERR_error_string(unsigned long e, char *ret) -{ - static char buf[256]; - - if (ret == NULL) - ret = buf; - ERR_error_string_n(e, ret, (int)sizeof(buf)); - return ret; -} - -const char *ERR_lib_error_string(unsigned long e) -{ -#ifndef OPENSSL_NO_ERR - ERR_STRING_DATA d, *p; - unsigned long l; - - if (!RUN_ONCE(&err_string_init, do_err_strings_init)) { - return NULL; - } - - l = ERR_GET_LIB(e); - d.error = ERR_PACK(l, 0, 0); - p = int_err_get_item(&d); - return ((p == NULL) ? NULL : p->string); -#else - return NULL; -#endif -} - -#ifndef OPENSSL_NO_DEPRECATED_3_0 -const char *ERR_func_error_string(unsigned long e) -{ - return NULL; -} -#endif - -const char *ERR_reason_error_string(unsigned long e) -{ -#ifndef OPENSSL_NO_ERR - ERR_STRING_DATA d, *p = NULL; - unsigned long l, r; - - if (!RUN_ONCE(&err_string_init, do_err_strings_init)) { - return NULL; - } - - /* - * ERR_reason_error_string() can't safely return system error strings, - * since openssl_strerror_r() needs a buffer for thread safety, and we - * haven't got one that would serve any sensible purpose. - */ - if (ERR_SYSTEM_ERROR(e)) - return NULL; - - l = ERR_GET_LIB(e); - r = ERR_GET_REASON(e); - d.error = ERR_PACK(l, 0, r); - p = int_err_get_item(&d); - if (p == NULL) { - d.error = ERR_PACK(0, 0, r); - p = int_err_get_item(&d); - } - return ((p == NULL) ? NULL : p->string); -#else - return NULL; -#endif -} - -static void err_delete_thread_state(void *unused) -{ - ERR_STATE *state = CRYPTO_THREAD_get_local(&err_thread_local); - if (state == NULL) - return; - - CRYPTO_THREAD_set_local(&err_thread_local, NULL); - ERR_STATE_free(state); -} - -#ifndef OPENSSL_NO_DEPRECATED_1_1_0 -void ERR_remove_thread_state(void *dummy) -{ -} -#endif - -#ifndef OPENSSL_NO_DEPRECATED_1_0_0 -void ERR_remove_state(unsigned long pid) -{ -} -#endif - -DEFINE_RUN_ONCE_STATIC(err_do_init) -{ - set_err_thread_local = 1; - return CRYPTO_THREAD_init_local(&err_thread_local, NULL); -} - -ERR_STATE *ossl_err_get_state_int(void) -{ - ERR_STATE *state; - int saveerrno = get_last_sys_error(); - - if (!OPENSSL_init_crypto(OPENSSL_INIT_BASE_ONLY, NULL)) - return NULL; - - if (!RUN_ONCE(&err_init, err_do_init)) - return NULL; - - state = CRYPTO_THREAD_get_local(&err_thread_local); - if (state == (ERR_STATE*)-1) - return NULL; - - if (state == NULL) { - if (!CRYPTO_THREAD_set_local(&err_thread_local, (ERR_STATE*)-1)) - return NULL; - - if ((state = OPENSSL_zalloc(sizeof(*state))) == NULL) { - CRYPTO_THREAD_set_local(&err_thread_local, NULL); - return NULL; - } - - if (!ossl_init_thread_start(NULL, NULL, err_delete_thread_state) - || !CRYPTO_THREAD_set_local(&err_thread_local, state)) { - ERR_STATE_free(state); - CRYPTO_THREAD_set_local(&err_thread_local, NULL); - return NULL; - } - - /* Ignore failures from these */ - OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL); - } - - set_sys_error(saveerrno); - return state; -} - -#ifndef OPENSSL_NO_DEPRECATED_3_0 -ERR_STATE *ERR_get_state(void) -{ - return ossl_err_get_state_int(); -} -#endif - - -/* - * err_shelve_state returns the current thread local error state - * and freezes the error module until err_unshelve_state is called. - */ -int err_shelve_state(void **state) -{ - int saveerrno = get_last_sys_error(); - - /* - * Note, at present our only caller is OPENSSL_init_crypto(), indirectly - * via ossl_init_load_crypto_nodelete(), by which point the requested - * "base" initialization has already been performed, so the below call is a - * NOOP, that re-enters OPENSSL_init_crypto() only to quickly return. - * - * If are no other valid callers of this function, the call below can be - * removed, avoiding the re-entry into OPENSSL_init_crypto(). If there are - * potential uses that are not from inside OPENSSL_init_crypto(), then this - * call is needed, but some care is required to make sure that the re-entry - * remains a NOOP. - */ - if (!OPENSSL_init_crypto(OPENSSL_INIT_BASE_ONLY, NULL)) - return 0; - - if (!RUN_ONCE(&err_init, err_do_init)) - return 0; - - *state = CRYPTO_THREAD_get_local(&err_thread_local); - if (!CRYPTO_THREAD_set_local(&err_thread_local, (ERR_STATE*)-1)) - return 0; - - set_sys_error(saveerrno); - return 1; -} - -/* - * err_unshelve_state restores the error state that was returned - * by err_shelve_state previously. - */ -void err_unshelve_state(void* state) -{ - if (state != (void*)-1) - CRYPTO_THREAD_set_local(&err_thread_local, (ERR_STATE*)state); -} - -int ERR_get_next_error_library(void) -{ - int ret; - - if (!RUN_ONCE(&err_string_init, do_err_strings_init)) - return 0; - - if (!CRYPTO_THREAD_write_lock(err_string_lock)) - return 0; - ret = int_err_library_number++; - CRYPTO_THREAD_unlock(err_string_lock); - return ret; -} - -static int err_set_error_data_int(char *data, size_t size, int flags, - int deallocate) -{ - ERR_STATE *es; - - es = ossl_err_get_state_int(); - if (es == NULL) - return 0; - - err_clear_data(es, es->top, deallocate); - err_set_data(es, es->top, data, size, flags); - - return 1; -} - -void ERR_set_error_data(char *data, int flags) -{ - /* - * This function is void so we cannot propagate the error return. Since it - * is also in the public API we can't change the return type. - * - * We estimate the size of the data. If it's not flagged as allocated, - * then this is safe, and if it is flagged as allocated, then our size - * may be smaller than the actual allocation, but that doesn't matter - * too much, the buffer will remain untouched or will eventually be - * reallocated to a new size. - * - * callers should be advised that this function takes over ownership of - * the allocated memory, i.e. they can't count on the pointer to remain - * valid. - */ - err_set_error_data_int(data, strlen(data) + 1, flags, 1); -} - -void ERR_add_error_data(int num, ...) -{ - va_list args; - va_start(args, num); - ERR_add_error_vdata(num, args); - va_end(args); -} - -void ERR_add_error_vdata(int num, va_list args) -{ - int i, len, size; - int flags = ERR_TXT_MALLOCED | ERR_TXT_STRING; - char *str, *arg; - ERR_STATE *es; - - /* Get the current error data; if an allocated string get it. */ - es = ossl_err_get_state_int(); - if (es == NULL) - return; - i = es->top; - - /* - * If err_data is allocated already, re-use the space. - * Otherwise, allocate a small new buffer. - */ - if ((es->err_data_flags[i] & flags) == flags) { - str = es->err_data[i]; - size = es->err_data_size[i]; - - /* - * To protect the string we just grabbed from tampering by other - * functions we may call, or to protect them from freeing a pointer - * that may no longer be valid at that point, we clear away the - * data pointer and the flags. We will set them again at the end - * of this function. - */ - es->err_data[i] = NULL; - es->err_data_flags[i] = 0; - } else if ((str = OPENSSL_malloc(size = 81)) == NULL) { - return; - } else { - str[0] = '\0'; - } - len = strlen(str); - - while (--num >= 0) { - arg = va_arg(args, char *); - if (arg == NULL) - arg = ""; - len += strlen(arg); - if (len >= size) { - char *p; - - size = len + 20; - p = OPENSSL_realloc(str, size); - if (p == NULL) { - OPENSSL_free(str); - return; - } - str = p; - } - OPENSSL_strlcat(str, arg, (size_t)size); - } - if (!err_set_error_data_int(str, size, flags, 0)) - OPENSSL_free(str); -} - -int ERR_set_mark(void) -{ - ERR_STATE *es; - - es = ossl_err_get_state_int(); - if (es == NULL) - return 0; - - if (es->bottom == es->top) - return 0; - es->err_marks[es->top]++; - return 1; -} - -int ERR_pop_to_mark(void) -{ - ERR_STATE *es; - - es = ossl_err_get_state_int(); - if (es == NULL) - return 0; - - while (es->bottom != es->top - && es->err_marks[es->top] == 0) { - err_clear(es, es->top, 0); - es->top = es->top > 0 ? es->top - 1 : ERR_NUM_ERRORS - 1; - } - - if (es->bottom == es->top) - return 0; - es->err_marks[es->top]--; - return 1; -} - -int ERR_clear_last_mark(void) -{ - ERR_STATE *es; - int top; - - es = ossl_err_get_state_int(); - if (es == NULL) - return 0; - - top = es->top; - while (es->bottom != top - && es->err_marks[top] == 0) { - top = top > 0 ? top - 1 : ERR_NUM_ERRORS - 1; - } - - if (es->bottom == top) - return 0; - es->err_marks[top]--; - return 1; -} - -void err_clear_last_constant_time(int clear) -{ - ERR_STATE *es; - int top; - - es = ossl_err_get_state_int(); - if (es == NULL) - return; - - top = es->top; - - /* - * Flag error as cleared but remove it elsewhere to avoid two errors - * accessing the same error stack location, revealing timing information. - */ - clear = constant_time_select_int(constant_time_eq_int(clear, 0), - 0, ERR_FLAG_CLEAR); - es->err_flags[top] |= clear; -} diff --git a/crypto/err/err_all.c b/crypto/err/err_all.c deleted file mode 100644 index 55aa2b8dbd56855d6316756383ebbd7550519931..0000000000000000000000000000000000000000 --- a/crypto/err/err_all.c +++ /dev/null @@ -1,113 +0,0 @@ -/* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include "crypto/err.h" -#include "crypto/cryptoerr.h" -#include "crypto/asn1err.h" -#include "crypto/bnerr.h" -#include "crypto/ecerr.h" -#include "crypto/buffererr.h" -#include "crypto/bioerr.h" -#include "crypto/comperr.h" -#include "crypto/rsaerr.h" -#include "crypto/dherr.h" -#include "crypto/dsaerr.h" -#include "crypto/evperr.h" -#include "crypto/objectserr.h" -#include "crypto/pemerr.h" -#include "crypto/pkcs7err.h" -#include "crypto/x509err.h" -#include "crypto/x509v3err.h" -#include "crypto/conferr.h" -#include "crypto/pkcs12err.h" -#include "crypto/randerr.h" -#include "internal/dsoerr.h" -#include "crypto/engineerr.h" -#include "crypto/uierr.h" -#include "crypto/httperr.h" -#include "crypto/ocsperr.h" -#include "crypto/tserr.h" -#include "crypto/cmserr.h" -#include "crypto/crmferr.h" -#include "crypto/cmperr.h" -#include "crypto/cterr.h" -#include "crypto/asyncerr.h" -#include "crypto/storeerr.h" -#include "crypto/esserr.h" -#include "internal/propertyerr.h" -#include "prov/proverr.h" - -int ossl_err_load_crypto_strings(void) -{ - if (0 -#ifndef OPENSSL_NO_ERR - || ossl_err_load_ERR_strings() == 0 /* include error strings for SYSerr */ - || ossl_err_load_BN_strings() == 0 - || ossl_err_load_RSA_strings() == 0 -# ifndef OPENSSL_NO_DH - || ossl_err_load_DH_strings() == 0 -# endif - || ossl_err_load_EVP_strings() == 0 - || ossl_err_load_BUF_strings() == 0 - || ossl_err_load_OBJ_strings() == 0 - || ossl_err_load_PEM_strings() == 0 -# ifndef OPENSSL_NO_DSA - || ossl_err_load_DSA_strings() == 0 -# endif - || ossl_err_load_X509_strings() == 0 - || ossl_err_load_ASN1_strings() == 0 - || ossl_err_load_CONF_strings() == 0 - || ossl_err_load_CRYPTO_strings() == 0 -# ifndef OPENSSL_NO_COMP - || ossl_err_load_COMP_strings() == 0 -# endif -# ifndef OPENSSL_NO_EC - || ossl_err_load_EC_strings() == 0 -# endif - /* skip ossl_err_load_SSL_strings() because it is not in this library */ - || ossl_err_load_BIO_strings() == 0 - || ossl_err_load_PKCS7_strings() == 0 - || ossl_err_load_X509V3_strings() == 0 - || ossl_err_load_PKCS12_strings() == 0 - || ossl_err_load_RAND_strings() == 0 - || ossl_err_load_DSO_strings() == 0 -# ifndef OPENSSL_NO_TS - || ossl_err_load_TS_strings() == 0 -# endif -# ifndef OPENSSL_NO_ENGINE - || ossl_err_load_ENGINE_strings() == 0 -# endif - || ossl_err_load_HTTP_strings() == 0 -# ifndef OPENSSL_NO_OCSP - || ossl_err_load_OCSP_strings() == 0 -# endif - || ossl_err_load_UI_strings() == 0 -# ifndef OPENSSL_NO_CMS - || ossl_err_load_CMS_strings() == 0 -# endif -# ifndef OPENSSL_NO_CRMF - || ossl_err_load_CRMF_strings() == 0 - || ossl_err_load_CMP_strings() == 0 -# endif -# ifndef OPENSSL_NO_CT - || ossl_err_load_CT_strings() == 0 -# endif - || ossl_err_load_ESS_strings() == 0 - || ossl_err_load_ASYNC_strings() == 0 - || ossl_err_load_OSSL_STORE_strings() == 0 - || ossl_err_load_PROP_strings() == 0 - || ossl_err_load_PROV_strings() == 0 -#endif - ) - return 0; - - return 1; -} diff --git a/crypto/err/err_all_legacy.c b/crypto/err/err_all_legacy.c deleted file mode 100644 index 64dd61867d6d4b2054796961dcbac7e7733471fb..0000000000000000000000000000000000000000 --- a/crypto/err/err_all_legacy.c +++ /dev/null @@ -1,106 +0,0 @@ -/* - * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* This is the C source file where we include this header directly */ -#include - -#ifndef OPENSSL_NO_DEPRECATED_3_0 - -# include "crypto/err.h" -# include "crypto/asn1err.h" -# include "crypto/asyncerr.h" -# include "crypto/bnerr.h" -# include "crypto/buffererr.h" -# include "crypto/bioerr.h" -# include "crypto/cmserr.h" -# include "crypto/comperr.h" -# include "crypto/conferr.h" -# include "crypto/cryptoerr.h" -# include "crypto/cterr.h" -# include "crypto/dherr.h" -# include "crypto/dsaerr.h" -# include "internal/dsoerr.h" -# include "crypto/ecerr.h" -# include "crypto/engineerr.h" -# include "crypto/evperr.h" -# include "crypto/httperr.h" -# include "crypto/objectserr.h" -# include "crypto/ocsperr.h" -# include "crypto/pemerr.h" -# include "crypto/pkcs12err.h" -# include "crypto/pkcs7err.h" -# include "crypto/randerr.h" -# include "crypto/rsaerr.h" -# include "crypto/storeerr.h" -# include "crypto/tserr.h" -# include "crypto/uierr.h" -# include "crypto/x509err.h" -# include "crypto/x509v3err.h" - -# ifdef OPENSSL_NO_ERR -# define IMPLEMENT_LEGACY_ERR_LOAD(lib) \ - int ERR_load_##lib##_strings(void) \ - { \ - return 1; \ - } -# else -# define IMPLEMENT_LEGACY_ERR_LOAD(lib) \ - int ERR_load_##lib##_strings(void) \ - { \ - return ossl_err_load_##lib##_strings(); \ - } -# endif - -IMPLEMENT_LEGACY_ERR_LOAD(ASN1) -IMPLEMENT_LEGACY_ERR_LOAD(ASYNC) -IMPLEMENT_LEGACY_ERR_LOAD(BIO) -IMPLEMENT_LEGACY_ERR_LOAD(BN) -IMPLEMENT_LEGACY_ERR_LOAD(BUF) -# ifndef OPENSSL_NO_CMS -IMPLEMENT_LEGACY_ERR_LOAD(CMS) -# endif -# ifndef OPENSSL_NO_COMP -IMPLEMENT_LEGACY_ERR_LOAD(COMP) -# endif -IMPLEMENT_LEGACY_ERR_LOAD(CONF) -IMPLEMENT_LEGACY_ERR_LOAD(CRYPTO) -# ifndef OPENSSL_NO_CT -IMPLEMENT_LEGACY_ERR_LOAD(CT) -# endif -# ifndef OPENSSL_NO_DH -IMPLEMENT_LEGACY_ERR_LOAD(DH) -# endif -# ifndef OPENSSL_NO_DSA -IMPLEMENT_LEGACY_ERR_LOAD(DSA) -# endif -# ifndef OPENSSL_NO_EC -IMPLEMENT_LEGACY_ERR_LOAD(EC) -# endif -# ifndef OPENSSL_NO_ENGINE -IMPLEMENT_LEGACY_ERR_LOAD(ENGINE) -# endif -IMPLEMENT_LEGACY_ERR_LOAD(ERR) -IMPLEMENT_LEGACY_ERR_LOAD(EVP) -IMPLEMENT_LEGACY_ERR_LOAD(OBJ) -# ifndef OPENSSL_NO_OCSP -IMPLEMENT_LEGACY_ERR_LOAD(OCSP) -# endif -IMPLEMENT_LEGACY_ERR_LOAD(PEM) -IMPLEMENT_LEGACY_ERR_LOAD(PKCS12) -IMPLEMENT_LEGACY_ERR_LOAD(PKCS7) -IMPLEMENT_LEGACY_ERR_LOAD(RAND) -IMPLEMENT_LEGACY_ERR_LOAD(RSA) -IMPLEMENT_LEGACY_ERR_LOAD(OSSL_STORE) -# ifndef OPENSSL_NO_TS -IMPLEMENT_LEGACY_ERR_LOAD(TS) -# endif -IMPLEMENT_LEGACY_ERR_LOAD(UI) -IMPLEMENT_LEGACY_ERR_LOAD(X509) -IMPLEMENT_LEGACY_ERR_LOAD(X509V3) -#endif /* OPENSSL_NO_DEPRECATED_3_0 */ diff --git a/crypto/err/err_blocks.c b/crypto/err/err_blocks.c deleted file mode 100644 index a658df05766d914aefa050b4b1ff070bfa8f1b13..0000000000000000000000000000000000000000 --- a/crypto/err/err_blocks.c +++ /dev/null @@ -1,117 +0,0 @@ -/* - * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#define OSSL_FORCE_ERR_STATE - -#include -#include -#include "err_local.h" - -void ERR_new(void) -{ - ERR_STATE *es; - - es = ossl_err_get_state_int(); - if (es == NULL) - return; - - /* Allocate a slot */ - err_get_slot(es); - err_clear(es, es->top, 0); -} - -void ERR_set_debug(const char *file, int line, const char *func) -{ - ERR_STATE *es; - - es = ossl_err_get_state_int(); - if (es == NULL) - return; - - err_set_debug(es, es->top, file, line, func); -} - -void ERR_set_error(int lib, int reason, const char *fmt, ...) -{ - va_list args; - - va_start(args, fmt); - ERR_vset_error(lib, reason, fmt, args); - va_end(args); -} - -void ERR_vset_error(int lib, int reason, const char *fmt, va_list args) -{ - ERR_STATE *es; - char *buf = NULL; - size_t buf_size = 0; - unsigned long flags = 0; - size_t i; - - es = ossl_err_get_state_int(); - if (es == NULL) - return; - i = es->top; - - if (fmt != NULL) { - int printed_len = 0; - char *rbuf = NULL; - - buf = es->err_data[i]; - buf_size = es->err_data_size[i]; - - /* - * To protect the string we just grabbed from tampering by other - * functions we may call, or to protect them from freeing a pointer - * that may no longer be valid at that point, we clear away the - * data pointer and the flags. We will set them again at the end - * of this function. - */ - es->err_data[i] = NULL; - es->err_data_flags[i] = 0; - - /* - * Try to maximize the space available. If that fails, we use what - * we have. - */ - if (buf_size < ERR_MAX_DATA_SIZE - && (rbuf = OPENSSL_realloc(buf, ERR_MAX_DATA_SIZE)) != NULL) { - buf = rbuf; - buf_size = ERR_MAX_DATA_SIZE; - } - - if (buf != NULL) { - printed_len = BIO_vsnprintf(buf, buf_size, fmt, args); - } - if (printed_len < 0) - printed_len = 0; - if (buf != NULL) - buf[printed_len] = '\0'; - - /* - * Try to reduce the size, but only if we maximized above. If that - * fails, we keep what we have. - * (According to documentation, realloc leaves the old buffer untouched - * if it fails) - */ - if ((rbuf = OPENSSL_realloc(buf, printed_len + 1)) != NULL) { - buf = rbuf; - buf_size = printed_len + 1; - buf[printed_len] = '\0'; - } - - if (buf != NULL) - flags = ERR_TXT_MALLOCED | ERR_TXT_STRING; - } - - err_clear_data(es, es->top, 0); - err_set_error(es, es->top, lib, reason); - if (fmt != NULL) - err_set_data(es, es->top, buf, buf_size, flags); -} diff --git a/crypto/err/err_local.h b/crypto/err/err_local.h deleted file mode 100644 index d4e19dff241b0b034ddfedab2faf825d56795222..0000000000000000000000000000000000000000 --- a/crypto/err/err_local.h +++ /dev/null @@ -1,94 +0,0 @@ -/* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include - -static ossl_inline void err_get_slot(ERR_STATE *es) -{ - es->top = (es->top + 1) % ERR_NUM_ERRORS; - if (es->top == es->bottom) - es->bottom = (es->bottom + 1) % ERR_NUM_ERRORS; -} - -static ossl_inline void err_clear_data(ERR_STATE *es, size_t i, int deall) -{ - if (es->err_data_flags[i] & ERR_TXT_MALLOCED) { - if (deall) { - OPENSSL_free(es->err_data[i]); - es->err_data[i] = NULL; - es->err_data_size[i] = 0; - es->err_data_flags[i] = 0; - } else if (es->err_data[i] != NULL) { - es->err_data[i][0] = '\0'; - es->err_data_flags[i] = ERR_TXT_MALLOCED; - } - } else { - es->err_data[i] = NULL; - es->err_data_size[i] = 0; - es->err_data_flags[i] = 0; - } -} - -static ossl_inline void err_set_error(ERR_STATE *es, size_t i, - int lib, int reason) -{ - es->err_buffer[i] = - lib == ERR_LIB_SYS - ? (unsigned int)(ERR_SYSTEM_FLAG | reason) - : ERR_PACK(lib, 0, reason); -} - -static ossl_inline void err_set_debug(ERR_STATE *es, size_t i, - const char *file, int line, - const char *fn) -{ - /* - * We dup the file and fn strings because they may be provider owned. If the - * provider gets unloaded, they may not be valid anymore. - */ - OPENSSL_free(es->err_file[i]); - if (file == NULL || file[0] == '\0') - es->err_file[i] = NULL; - else - es->err_file[i] = OPENSSL_strdup(file); - es->err_line[i] = line; - OPENSSL_free(es->err_func[i]); - if (fn == NULL || fn[0] == '\0') - es->err_func[i] = NULL; - else - es->err_func[i] = OPENSSL_strdup(fn); -} - -static ossl_inline void err_set_data(ERR_STATE *es, size_t i, - void *data, size_t datasz, int flags) -{ - if ((es->err_data_flags[i] & ERR_TXT_MALLOCED) != 0) - OPENSSL_free(es->err_data[i]); - es->err_data[i] = data; - es->err_data_size[i] = datasz; - es->err_data_flags[i] = flags; -} - -static ossl_inline void err_clear(ERR_STATE *es, size_t i, int deall) -{ - err_clear_data(es, i, (deall)); - es->err_marks[i] = 0; - es->err_flags[i] = 0; - es->err_buffer[i] = 0; - es->err_line[i] = -1; - OPENSSL_free(es->err_file[i]); - es->err_file[i] = NULL; - OPENSSL_free(es->err_func[i]); - es->err_func[i] = NULL; -} - -ERR_STATE *ossl_err_get_state_int(void); -void ossl_err_string_int(unsigned long e, const char *func, - char *buf, size_t len); diff --git a/crypto/err/err_prn.c b/crypto/err/err_prn.c deleted file mode 100644 index 028811eedeee398918ee6fccf5d56d3ccc898e42..0000000000000000000000000000000000000000 --- a/crypto/err/err_prn.c +++ /dev/null @@ -1,186 +0,0 @@ -/* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#define OSSL_FORCE_ERR_STATE - -#include -#include "internal/cryptlib.h" -#include -#include -#include -#include "err_local.h" - -#define ERR_PRINT_BUF_SIZE 4096 -void ERR_print_errors_cb(int (*cb) (const char *str, size_t len, void *u), - void *u) -{ - CRYPTO_THREAD_ID tid = CRYPTO_THREAD_get_current_id(); - unsigned long l; - const char *file, *data, *func; - int line, flags; - - while ((l = ERR_get_error_all(&file, &line, &func, &data, &flags)) != 0) { - char buf[ERR_PRINT_BUF_SIZE] = ""; - char *hex = NULL; - int offset; - - if ((flags & ERR_TXT_STRING) == 0) - data = ""; - - hex = ossl_buf2hexstr_sep((const unsigned char *)&tid, sizeof(tid), '\0'); - BIO_snprintf(buf, sizeof(buf), "%s:", hex == NULL ? "" : hex); - offset = strlen(buf); - ossl_err_string_int(l, func, buf + offset, sizeof(buf) - offset); - offset += strlen(buf + offset); - BIO_snprintf(buf + offset, sizeof(buf) - offset, ":%s:%d:%s\n", - file, line, data); - OPENSSL_free(hex); - if (cb(buf, strlen(buf), u) <= 0) - break; /* abort outputting the error report */ - } -} - -/* auxiliary function for incrementally reporting texts via the error queue */ -static void put_error(int lib, const char *func, int reason, - const char *file, int line) -{ - ERR_new(); - ERR_set_debug(file, line, func); - ERR_set_error(lib, reason, NULL /* no data here, so fmt is NULL */); -} - -#define TYPICAL_MAX_OUTPUT_BEFORE_DATA 100 -#define MAX_DATA_LEN (ERR_PRINT_BUF_SIZE - TYPICAL_MAX_OUTPUT_BEFORE_DATA) -void ERR_add_error_txt(const char *separator, const char *txt) -{ - const char *file = NULL; - int line; - const char *func = NULL; - const char *data = NULL; - int flags; - unsigned long err = ERR_peek_last_error(); - - if (separator == NULL) - separator = ""; - if (err == 0) - put_error(ERR_LIB_NONE, NULL, 0, "", 0); - - do { - size_t available_len, data_len; - const char *curr = txt, *next = txt; - const char *leading_separator = separator; - int trailing_separator = 0; - char *tmp; - - ERR_peek_last_error_all(&file, &line, &func, &data, &flags); - if ((flags & ERR_TXT_STRING) == 0) { - data = ""; - leading_separator = ""; - } - data_len = strlen(data); - - /* workaround for limit of ERR_print_errors_cb() */ - if (data_len >= MAX_DATA_LEN - || strlen(separator) >= (size_t)(MAX_DATA_LEN - data_len)) - available_len = 0; - else - available_len = MAX_DATA_LEN - data_len - strlen(separator) - 1; - /* MAX_DATA_LEN > available_len >= 0 */ - - if (*separator == '\0') { - const size_t len_next = strlen(next); - - if (len_next <= available_len) { - next += len_next; - curr = NULL; /* no need to split */ - } else { - next += available_len; - curr = next; /* will split at this point */ - } - } else { - while (*next != '\0' && (size_t)(next - txt) <= available_len) { - curr = next; - next = strstr(curr, separator); - if (next != NULL) { - next += strlen(separator); - trailing_separator = *next == '\0'; - } else { - next = curr + strlen(curr); - } - } - if ((size_t)(next - txt) <= available_len) - curr = NULL; /* the above loop implies *next == '\0' */ - } - if (curr != NULL) { - /* split error msg at curr since error data would get too long */ - if (curr != txt) { - tmp = OPENSSL_strndup(txt, curr - txt); - if (tmp == NULL) - return; - ERR_add_error_data(2, separator, tmp); - OPENSSL_free(tmp); - } - put_error(ERR_GET_LIB(err), func, err, file, line); - txt = curr; - } else { - if (trailing_separator) { - tmp = OPENSSL_strndup(txt, next - strlen(separator) - txt); - if (tmp == NULL) - return; - /* output txt without the trailing separator */ - ERR_add_error_data(2, leading_separator, tmp); - OPENSSL_free(tmp); - } else { - ERR_add_error_data(2, leading_separator, txt); - } - txt = next; /* finished */ - } - } while (*txt != '\0'); -} - -void ERR_add_error_mem_bio(const char *separator, BIO *bio) -{ - if (bio != NULL) { - char *str; - long len = BIO_get_mem_data(bio, &str); - - if (len > 0) { - if (str[len - 1] != '\0') { - if (BIO_write(bio, "", 1) <= 0) - return; - - len = BIO_get_mem_data(bio, &str); - } - if (len > 1) - ERR_add_error_txt(separator, str); - } - } -} - -static int print_bio(const char *str, size_t len, void *bp) -{ - return BIO_write((BIO *)bp, str, len); -} - -void ERR_print_errors(BIO *bp) -{ - ERR_print_errors_cb(print_bio, bp); -} - -#ifndef OPENSSL_NO_STDIO -void ERR_print_errors_fp(FILE *fp) -{ - BIO *bio = BIO_new_fp(fp, BIO_NOCLOSE); - if (bio == NULL) - return; - - ERR_print_errors_cb(print_bio, bio); - BIO_free(bio); -} -#endif diff --git a/crypto/err/openssl.ec b/crypto/err/openssl.ec deleted file mode 100644 index 3612c195f09f3ef483a2f24c8c18cced0cb9c347..0000000000000000000000000000000000000000 --- a/crypto/err/openssl.ec +++ /dev/null @@ -1,81 +0,0 @@ -# configuration file for util/mkerr.pl - -# The INPUT HEADER is scanned for declarations -# LIBNAME PUBLIC HEADER ERROR-TABLE FILE INTERNAL HEADER (if relevant) -L ERR NONE NONE -L FUNC NONE NONE -L BN include/openssl/bnerr.h crypto/bn/bn_err.c include/crypto/bnerr.h -L RSA include/openssl/rsaerr.h crypto/rsa/rsa_err.c include/crypto/rsaerr.h -L DH include/openssl/dherr.h crypto/dh/dh_err.c include/crypto/dherr.h -L EVP include/openssl/evperr.h crypto/evp/evp_err.c include/crypto/evperr.h -L BUF include/openssl/buffererr.h crypto/buffer/buf_err.c include/crypto/buffererr.h -L OBJ include/openssl/objectserr.h crypto/objects/obj_err.c include/crypto/objectserr.h -L PEM include/openssl/pemerr.h crypto/pem/pem_err.c include/crypto/pemerr.h -L DSA include/openssl/dsaerr.h crypto/dsa/dsa_err.c include/crypto/dsaerr.h -L X509 include/openssl/x509err.h crypto/x509/x509_err.c include/crypto/x509err.h -L ASN1 include/openssl/asn1err.h crypto/asn1/asn1_err.c include/crypto/asn1err.h -L CONF include/openssl/conferr.h crypto/conf/conf_err.c include/crypto/conferr.h -L CRYPTO include/openssl/cryptoerr.h crypto/cpt_err.c include/crypto/cryptoerr.h -L EC include/openssl/ecerr.h crypto/ec/ec_err.c include/crypto/ecerr.h -L SSL include/openssl/sslerr.h ssl/ssl_err.c ssl/sslerr.h -L BIO include/openssl/bioerr.h crypto/bio/bio_err.c include/crypto/bioerr.h -L PKCS7 include/openssl/pkcs7err.h crypto/pkcs7/pkcs7err.c include/crypto/pkcs7err.h -L X509V3 include/openssl/x509v3err.h crypto/x509/v3err.c include/crypto/x509v3err.h -L PKCS12 include/openssl/pkcs12err.h crypto/pkcs12/pk12err.c include/crypto/pkcs12err.h -L RAND include/openssl/randerr.h crypto/rand/rand_err.c include/crypto/randerr.h -L DSO NONE crypto/dso/dso_err.c include/internal/dsoerr.h -L ENGINE include/openssl/engineerr.h crypto/engine/eng_err.c include/crypto/engineerr.h -L OCSP include/openssl/ocsperr.h crypto/ocsp/ocsp_err.c include/crypto/ocsperr.h -L UI include/openssl/uierr.h crypto/ui/ui_err.c include/crypto/uierr.h -L COMP include/openssl/comperr.h crypto/comp/comp_err.c include/crypto/comperr.h -L TS include/openssl/tserr.h crypto/ts/ts_err.c include/crypto/tserr.h -L CMS include/openssl/cmserr.h crypto/cms/cms_err.c include/crypto/cmserr.h -L CRMF include/openssl/crmferr.h crypto/crmf/crmf_err.c include/crypto/crmferr.h -L CMP include/openssl/cmperr.h crypto/cmp/cmp_err.c include/crypto/cmperr.h -L CT include/openssl/cterr.h crypto/ct/ct_err.c include/crypto/cterr.h -L ASYNC include/openssl/asyncerr.h crypto/async/async_err.c include/crypto/asyncerr.h -# KDF is only here for conservation purposes -L KDF NONE NONE NONE -L SM2 NONE crypto/sm2/sm2_err.c include/crypto/sm2err.h -L OSSL_STORE include/openssl/storeerr.h crypto/store/store_err.c include/crypto/storeerr.h -L ESS include/openssl/esserr.h crypto/ess/ess_err.c include/crypto/esserr.h -L PROP NONE crypto/property/property_err.c include/internal/propertyerr.h -L PROV include/openssl/proverr.h providers/common/provider_err.c providers/common/include/prov/proverr.h -L OSSL_ENCODER include/openssl/encodererr.h crypto/encode_decode/encoder_err.c include/crypto/encodererr.h -L OSSL_DECODER include/openssl/decodererr.h crypto/encode_decode/decoder_err.c include/crypto/decodererr.h -L HTTP include/openssl/httperr.h crypto/http/http_err.c include/crypto/httperr.h - -# SSL/TLS alerts -R SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE 1010 -R SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020 -R SSL_R_TLSV1_ALERT_DECRYPTION_FAILED 1021 -R SSL_R_TLSV1_ALERT_RECORD_OVERFLOW 1022 -R SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE 1030 -R SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE 1040 -R SSL_R_SSLV3_ALERT_NO_CERTIFICATE 1041 -R SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042 -R SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE 1043 -R SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED 1044 -R SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED 1045 -R SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN 1046 -R SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER 1047 -R SSL_R_TLSV1_ALERT_UNKNOWN_CA 1048 -R SSL_R_TLSV1_ALERT_ACCESS_DENIED 1049 -R SSL_R_TLSV1_ALERT_DECODE_ERROR 1050 -R SSL_R_TLSV1_ALERT_DECRYPT_ERROR 1051 -R SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION 1060 -R SSL_R_TLSV1_ALERT_PROTOCOL_VERSION 1070 -R SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY 1071 -R SSL_R_TLSV1_ALERT_INTERNAL_ERROR 1080 -R SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK 1086 -R SSL_R_TLSV1_ALERT_USER_CANCELLED 1090 -R SSL_R_TLSV1_ALERT_NO_RENEGOTIATION 1100 -R SSL_R_TLSV13_ALERT_MISSING_EXTENSION 1109 -R SSL_R_TLSV1_UNSUPPORTED_EXTENSION 1110 -R SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE 1111 -R SSL_R_TLSV1_UNRECOGNIZED_NAME 1112 -R SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE 1113 -R SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE 1114 -R TLS1_AD_UNKNOWN_PSK_IDENTITY 1115 -R SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED 1116 -R TLS1_AD_NO_APPLICATION_PROTOCOL 1120 diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt deleted file mode 100644 index aded91f6dfc9370020611b2327725120797b0681..0000000000000000000000000000000000000000 --- a/crypto/err/openssl.txt +++ /dev/null @@ -1,1701 +0,0 @@ -# Copyright 1999-2022 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - -#Reason codes -ASN1_R_ADDING_OBJECT:171:adding object -ASN1_R_ASN1_PARSE_ERROR:203:asn1 parse error -ASN1_R_ASN1_SIG_PARSE_ERROR:204:asn1 sig parse error -ASN1_R_AUX_ERROR:100:aux error -ASN1_R_BAD_OBJECT_HEADER:102:bad object header -ASN1_R_BAD_TEMPLATE:230:bad template -ASN1_R_BMPSTRING_IS_WRONG_LENGTH:214:bmpstring is wrong length -ASN1_R_BN_LIB:105:bn lib -ASN1_R_BOOLEAN_IS_WRONG_LENGTH:106:boolean is wrong length -ASN1_R_BUFFER_TOO_SMALL:107:buffer too small -ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER:108:cipher has no object identifier -ASN1_R_CONTEXT_NOT_INITIALISED:217:context not initialised -ASN1_R_DATA_IS_WRONG:109:data is wrong -ASN1_R_DECODE_ERROR:110:decode error -ASN1_R_DEPTH_EXCEEDED:174:depth exceeded -ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED:198:digest and key type not supported -ASN1_R_ENCODE_ERROR:112:encode error -ASN1_R_ERROR_GETTING_TIME:173:error getting time -ASN1_R_ERROR_LOADING_SECTION:172:error loading section -ASN1_R_ERROR_SETTING_CIPHER_PARAMS:114:error setting cipher params -ASN1_R_EXPECTING_AN_INTEGER:115:expecting an integer -ASN1_R_EXPECTING_AN_OBJECT:116:expecting an object -ASN1_R_EXPLICIT_LENGTH_MISMATCH:119:explicit length mismatch -ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED:120:explicit tag not constructed -ASN1_R_FIELD_MISSING:121:field missing -ASN1_R_FIRST_NUM_TOO_LARGE:122:first num too large -ASN1_R_HEADER_TOO_LONG:123:header too long -ASN1_R_ILLEGAL_BITSTRING_FORMAT:175:illegal bitstring format -ASN1_R_ILLEGAL_BOOLEAN:176:illegal boolean -ASN1_R_ILLEGAL_CHARACTERS:124:illegal characters -ASN1_R_ILLEGAL_FORMAT:177:illegal format -ASN1_R_ILLEGAL_HEX:178:illegal hex -ASN1_R_ILLEGAL_IMPLICIT_TAG:179:illegal implicit tag -ASN1_R_ILLEGAL_INTEGER:180:illegal integer -ASN1_R_ILLEGAL_NEGATIVE_VALUE:226:illegal negative value -ASN1_R_ILLEGAL_NESTED_TAGGING:181:illegal nested tagging -ASN1_R_ILLEGAL_NULL:125:illegal null -ASN1_R_ILLEGAL_NULL_VALUE:182:illegal null value -ASN1_R_ILLEGAL_OBJECT:183:illegal object -ASN1_R_ILLEGAL_OPTIONAL_ANY:126:illegal optional any -ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE:170:illegal options on item template -ASN1_R_ILLEGAL_PADDING:221:illegal padding -ASN1_R_ILLEGAL_TAGGED_ANY:127:illegal tagged any -ASN1_R_ILLEGAL_TIME_VALUE:184:illegal time value -ASN1_R_ILLEGAL_ZERO_CONTENT:222:illegal zero content -ASN1_R_INTEGER_NOT_ASCII_FORMAT:185:integer not ascii format -ASN1_R_INTEGER_TOO_LARGE_FOR_LONG:128:integer too large for long -ASN1_R_INVALID_BIT_STRING_BITS_LEFT:220:invalid bit string bits left -ASN1_R_INVALID_BMPSTRING_LENGTH:129:invalid bmpstring length -ASN1_R_INVALID_DIGIT:130:invalid digit -ASN1_R_INVALID_MIME_TYPE:205:invalid mime type -ASN1_R_INVALID_MODIFIER:186:invalid modifier -ASN1_R_INVALID_NUMBER:187:invalid number -ASN1_R_INVALID_OBJECT_ENCODING:216:invalid object encoding -ASN1_R_INVALID_SCRYPT_PARAMETERS:227:invalid scrypt parameters -ASN1_R_INVALID_SEPARATOR:131:invalid separator -ASN1_R_INVALID_STRING_TABLE_VALUE:218:invalid string table value -ASN1_R_INVALID_UNIVERSALSTRING_LENGTH:133:invalid universalstring length -ASN1_R_INVALID_UTF8STRING:134:invalid utf8string -ASN1_R_INVALID_VALUE:219:invalid value -ASN1_R_LENGTH_TOO_LONG:231:length too long -ASN1_R_LIST_ERROR:188:list error -ASN1_R_MIME_NO_CONTENT_TYPE:206:mime no content type -ASN1_R_MIME_PARSE_ERROR:207:mime parse error -ASN1_R_MIME_SIG_PARSE_ERROR:208:mime sig parse error -ASN1_R_MISSING_EOC:137:missing eoc -ASN1_R_MISSING_SECOND_NUMBER:138:missing second number -ASN1_R_MISSING_VALUE:189:missing value -ASN1_R_MSTRING_NOT_UNIVERSAL:139:mstring not universal -ASN1_R_MSTRING_WRONG_TAG:140:mstring wrong tag -ASN1_R_NESTED_ASN1_STRING:197:nested asn1 string -ASN1_R_NESTED_TOO_DEEP:201:nested too deep -ASN1_R_NON_HEX_CHARACTERS:141:non hex characters -ASN1_R_NOT_ASCII_FORMAT:190:not ascii format -ASN1_R_NOT_ENOUGH_DATA:142:not enough data -ASN1_R_NO_CONTENT_TYPE:209:no content type -ASN1_R_NO_MATCHING_CHOICE_TYPE:143:no matching choice type -ASN1_R_NO_MULTIPART_BODY_FAILURE:210:no multipart body failure -ASN1_R_NO_MULTIPART_BOUNDARY:211:no multipart boundary -ASN1_R_NO_SIG_CONTENT_TYPE:212:no sig content type -ASN1_R_NULL_IS_WRONG_LENGTH:144:null is wrong length -ASN1_R_OBJECT_NOT_ASCII_FORMAT:191:object not ascii format -ASN1_R_ODD_NUMBER_OF_CHARS:145:odd number of chars -ASN1_R_SECOND_NUMBER_TOO_LARGE:147:second number too large -ASN1_R_SEQUENCE_LENGTH_MISMATCH:148:sequence length mismatch -ASN1_R_SEQUENCE_NOT_CONSTRUCTED:149:sequence not constructed -ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG:192:sequence or set needs config -ASN1_R_SHORT_LINE:150:short line -ASN1_R_SIG_INVALID_MIME_TYPE:213:sig invalid mime type -ASN1_R_STREAMING_NOT_SUPPORTED:202:streaming not supported -ASN1_R_STRING_TOO_LONG:151:string too long -ASN1_R_STRING_TOO_SHORT:152:string too short -ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD:154:\ - the asn1 object identifier is not known for this md -ASN1_R_TIME_NOT_ASCII_FORMAT:193:time not ascii format -ASN1_R_TOO_LARGE:223:too large -ASN1_R_TOO_LONG:155:too long -ASN1_R_TOO_SMALL:224:too small -ASN1_R_TYPE_NOT_CONSTRUCTED:156:type not constructed -ASN1_R_TYPE_NOT_PRIMITIVE:195:type not primitive -ASN1_R_UNEXPECTED_EOC:159:unexpected eoc -ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH:215:universalstring is wrong length -ASN1_R_UNKNOWN_DIGEST:229:unknown digest -ASN1_R_UNKNOWN_FORMAT:160:unknown format -ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM:161:unknown message digest algorithm -ASN1_R_UNKNOWN_OBJECT_TYPE:162:unknown object type -ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE:163:unknown public key type -ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM:199:unknown signature algorithm -ASN1_R_UNKNOWN_TAG:194:unknown tag -ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE:164:unsupported any defined by type -ASN1_R_UNSUPPORTED_CIPHER:228:unsupported cipher -ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE:167:unsupported public key type -ASN1_R_UNSUPPORTED_TYPE:196:unsupported type -ASN1_R_WRONG_INTEGER_TYPE:225:wrong integer type -ASN1_R_WRONG_PUBLIC_KEY_TYPE:200:wrong public key type -ASN1_R_WRONG_TAG:168:wrong tag -ASYNC_R_FAILED_TO_SET_POOL:101:failed to set pool -ASYNC_R_FAILED_TO_SWAP_CONTEXT:102:failed to swap context -ASYNC_R_INIT_FAILED:105:init failed -ASYNC_R_INVALID_POOL_SIZE:103:invalid pool size -BIO_R_ACCEPT_ERROR:100:accept error -BIO_R_ADDRINFO_ADDR_IS_NOT_AF_INET:141:addrinfo addr is not af inet -BIO_R_AMBIGUOUS_HOST_OR_SERVICE:129:ambiguous host or service -BIO_R_BAD_FOPEN_MODE:101:bad fopen mode -BIO_R_BROKEN_PIPE:124:broken pipe -BIO_R_CONNECT_ERROR:103:connect error -BIO_R_CONNECT_TIMEOUT:147:connect timeout -BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET:107:gethostbyname addr is not af inet -BIO_R_GETSOCKNAME_ERROR:132:getsockname error -BIO_R_GETSOCKNAME_TRUNCATED_ADDRESS:133:getsockname truncated address -BIO_R_GETTING_SOCKTYPE:134:getting socktype -BIO_R_INVALID_ARGUMENT:125:invalid argument -BIO_R_INVALID_SOCKET:135:invalid socket -BIO_R_IN_USE:123:in use -BIO_R_LENGTH_TOO_LONG:102:length too long -BIO_R_LISTEN_V6_ONLY:136:listen v6 only -BIO_R_LOOKUP_RETURNED_NOTHING:142:lookup returned nothing -BIO_R_MALFORMED_HOST_OR_SERVICE:130:malformed host or service -BIO_R_NBIO_CONNECT_ERROR:110:nbio connect error -BIO_R_NO_ACCEPT_ADDR_OR_SERVICE_SPECIFIED:143:\ - no accept addr or service specified -BIO_R_NO_HOSTNAME_OR_SERVICE_SPECIFIED:144:no hostname or service specified -BIO_R_NO_PORT_DEFINED:113:no port defined -BIO_R_NO_SUCH_FILE:128:no such file -BIO_R_TRANSFER_ERROR:104:transfer error -BIO_R_TRANSFER_TIMEOUT:105:transfer timeout -BIO_R_UNABLE_TO_BIND_SOCKET:117:unable to bind socket -BIO_R_UNABLE_TO_CREATE_SOCKET:118:unable to create socket -BIO_R_UNABLE_TO_KEEPALIVE:137:unable to keepalive -BIO_R_UNABLE_TO_LISTEN_SOCKET:119:unable to listen socket -BIO_R_UNABLE_TO_NODELAY:138:unable to nodelay -BIO_R_UNABLE_TO_REUSEADDR:139:unable to reuseaddr -BIO_R_UNAVAILABLE_IP_FAMILY:145:unavailable ip family -BIO_R_UNINITIALIZED:120:uninitialized -BIO_R_UNKNOWN_INFO_TYPE:140:unknown info type -BIO_R_UNSUPPORTED_IP_FAMILY:146:unsupported ip family -BIO_R_UNSUPPORTED_METHOD:121:unsupported method -BIO_R_UNSUPPORTED_PROTOCOL_FAMILY:131:unsupported protocol family -BIO_R_WRITE_TO_READ_ONLY_BIO:126:write to read only BIO -BIO_R_WSASTARTUP:122:WSAStartup -BN_R_ARG2_LT_ARG3:100:arg2 lt arg3 -BN_R_BAD_RECIPROCAL:101:bad reciprocal -BN_R_BIGNUM_TOO_LONG:114:bignum too long -BN_R_BITS_TOO_SMALL:118:bits too small -BN_R_CALLED_WITH_EVEN_MODULUS:102:called with even modulus -BN_R_DIV_BY_ZERO:103:div by zero -BN_R_ENCODING_ERROR:104:encoding error -BN_R_EXPAND_ON_STATIC_BIGNUM_DATA:105:expand on static bignum data -BN_R_INPUT_NOT_REDUCED:110:input not reduced -BN_R_INVALID_LENGTH:106:invalid length -BN_R_INVALID_RANGE:115:invalid range -BN_R_INVALID_SHIFT:119:invalid shift -BN_R_NOT_A_SQUARE:111:not a square -BN_R_NOT_INITIALIZED:107:not initialized -BN_R_NO_INVERSE:108:no inverse -BN_R_NO_PRIME_CANDIDATE:121:no prime candidate -BN_R_NO_SOLUTION:116:no solution -BN_R_NO_SUITABLE_DIGEST:120:no suitable digest -BN_R_PRIVATE_KEY_TOO_LARGE:117:private key too large -BN_R_P_IS_NOT_PRIME:112:p is not prime -BN_R_TOO_MANY_ITERATIONS:113:too many iterations -BN_R_TOO_MANY_TEMPORARY_VARIABLES:109:too many temporary variables -CMP_R_ALGORITHM_NOT_SUPPORTED:139:algorithm not supported -CMP_R_BAD_CHECKAFTER_IN_POLLREP:167:bad checkafter in pollrep -CMP_R_BAD_REQUEST_ID:108:bad request id -CMP_R_CERTHASH_UNMATCHED:156:certhash unmatched -CMP_R_CERTID_NOT_FOUND:109:certid not found -CMP_R_CERTIFICATE_NOT_ACCEPTED:169:certificate not accepted -CMP_R_CERTIFICATE_NOT_FOUND:112:certificate not found -CMP_R_CERTREQMSG_NOT_FOUND:157:certreqmsg not found -CMP_R_CERTRESPONSE_NOT_FOUND:113:certresponse not found -CMP_R_CERT_AND_KEY_DO_NOT_MATCH:114:cert and key do not match -CMP_R_CHECKAFTER_OUT_OF_RANGE:181:checkafter out of range -CMP_R_ENCOUNTERED_KEYUPDATEWARNING:176:encountered keyupdatewarning -CMP_R_ENCOUNTERED_WAITING:162:encountered waiting -CMP_R_ERROR_CALCULATING_PROTECTION:115:error calculating protection -CMP_R_ERROR_CREATING_CERTCONF:116:error creating certconf -CMP_R_ERROR_CREATING_CERTREP:117:error creating certrep -CMP_R_ERROR_CREATING_CERTREQ:163:error creating certreq -CMP_R_ERROR_CREATING_ERROR:118:error creating error -CMP_R_ERROR_CREATING_GENM:119:error creating genm -CMP_R_ERROR_CREATING_GENP:120:error creating genp -CMP_R_ERROR_CREATING_PKICONF:122:error creating pkiconf -CMP_R_ERROR_CREATING_POLLREP:123:error creating pollrep -CMP_R_ERROR_CREATING_POLLREQ:124:error creating pollreq -CMP_R_ERROR_CREATING_RP:125:error creating rp -CMP_R_ERROR_CREATING_RR:126:error creating rr -CMP_R_ERROR_PARSING_PKISTATUS:107:error parsing pkistatus -CMP_R_ERROR_PROCESSING_MESSAGE:158:error processing message -CMP_R_ERROR_PROTECTING_MESSAGE:127:error protecting message -CMP_R_ERROR_SETTING_CERTHASH:128:error setting certhash -CMP_R_ERROR_UNEXPECTED_CERTCONF:160:error unexpected certconf -CMP_R_ERROR_VALIDATING_PROTECTION:140:error validating protection -CMP_R_ERROR_VALIDATING_SIGNATURE:171:error validating signature -CMP_R_FAILED_BUILDING_OWN_CHAIN:164:failed building own chain -CMP_R_FAILED_EXTRACTING_PUBKEY:141:failed extracting pubkey -CMP_R_FAILURE_OBTAINING_RANDOM:110:failure obtaining random -CMP_R_FAIL_INFO_OUT_OF_RANGE:129:fail info out of range -CMP_R_INVALID_ARGS:100:invalid args -CMP_R_INVALID_OPTION:174:invalid option -CMP_R_MISSING_CERTID:165:missing certid -CMP_R_MISSING_KEY_INPUT_FOR_CREATING_PROTECTION:130:\ - missing key input for creating protection -CMP_R_MISSING_KEY_USAGE_DIGITALSIGNATURE:142:missing key usage digitalsignature -CMP_R_MISSING_P10CSR:121:missing p10csr -CMP_R_MISSING_PBM_SECRET:166:missing pbm secret -CMP_R_MISSING_PRIVATE_KEY:131:missing private key -CMP_R_MISSING_PROTECTION:143:missing protection -CMP_R_MISSING_REFERENCE_CERT:168:missing reference cert -CMP_R_MISSING_SENDER_IDENTIFICATION:111:missing sender identification -CMP_R_MISSING_TRUST_STORE:144:missing trust store -CMP_R_MULTIPLE_REQUESTS_NOT_SUPPORTED:161:multiple requests not supported -CMP_R_MULTIPLE_RESPONSES_NOT_SUPPORTED:170:multiple responses not supported -CMP_R_MULTIPLE_SAN_SOURCES:102:multiple san sources -CMP_R_NO_STDIO:194:no stdio -CMP_R_NO_SUITABLE_SENDER_CERT:145:no suitable sender cert -CMP_R_NULL_ARGUMENT:103:null argument -CMP_R_PKIBODY_ERROR:146:pkibody error -CMP_R_PKISTATUSINFO_NOT_FOUND:132:pkistatusinfo not found -CMP_R_POLLING_FAILED:172:polling failed -CMP_R_POTENTIALLY_INVALID_CERTIFICATE:147:potentially invalid certificate -CMP_R_RECEIVED_ERROR:180:received error -CMP_R_RECIPNONCE_UNMATCHED:148:recipnonce unmatched -CMP_R_REQUEST_NOT_ACCEPTED:149:request not accepted -CMP_R_REQUEST_REJECTED_BY_SERVER:182:request rejected by server -CMP_R_SENDER_GENERALNAME_TYPE_NOT_SUPPORTED:150:\ - sender generalname type not supported -CMP_R_SRVCERT_DOES_NOT_VALIDATE_MSG:151:srvcert does not validate msg -CMP_R_TOTAL_TIMEOUT:184:total timeout -CMP_R_TRANSACTIONID_UNMATCHED:152:transactionid unmatched -CMP_R_TRANSFER_ERROR:159:transfer error -CMP_R_UNEXPECTED_PKIBODY:133:unexpected pkibody -CMP_R_UNEXPECTED_PKISTATUS:185:unexpected pkistatus -CMP_R_UNEXPECTED_PVNO:153:unexpected pvno -CMP_R_UNKNOWN_ALGORITHM_ID:134:unknown algorithm id -CMP_R_UNKNOWN_CERT_TYPE:135:unknown cert type -CMP_R_UNKNOWN_PKISTATUS:186:unknown pkistatus -CMP_R_UNSUPPORTED_ALGORITHM:136:unsupported algorithm -CMP_R_UNSUPPORTED_KEY_TYPE:137:unsupported key type -CMP_R_UNSUPPORTED_PROTECTION_ALG_DHBASEDMAC:154:\ - unsupported protection alg dhbasedmac -CMP_R_VALUE_TOO_LARGE:175:value too large -CMP_R_VALUE_TOO_SMALL:177:value too small -CMP_R_WRONG_ALGORITHM_OID:138:wrong algorithm oid -CMP_R_WRONG_CERTID:189:wrong certid -CMP_R_WRONG_CERTID_IN_RP:187:wrong certid in rp -CMP_R_WRONG_PBM_VALUE:155:wrong pbm value -CMP_R_WRONG_RP_COMPONENT_COUNT:188:wrong rp component count -CMP_R_WRONG_SERIAL_IN_RP:173:wrong serial in rp -CMS_R_ADD_SIGNER_ERROR:99:add signer error -CMS_R_ATTRIBUTE_ERROR:161:attribute error -CMS_R_CERTIFICATE_ALREADY_PRESENT:175:certificate already present -CMS_R_CERTIFICATE_HAS_NO_KEYID:160:certificate has no keyid -CMS_R_CERTIFICATE_VERIFY_ERROR:100:certificate verify error -CMS_R_CIPHER_AEAD_SET_TAG_ERROR:184:cipher aead set tag error -CMS_R_CIPHER_GET_TAG:185:cipher get tag -CMS_R_CIPHER_INITIALISATION_ERROR:101:cipher initialisation error -CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR:102:\ - cipher parameter initialisation error -CMS_R_CMS_DATAFINAL_ERROR:103:cms datafinal error -CMS_R_CMS_LIB:104:cms lib -CMS_R_CONTENTIDENTIFIER_MISMATCH:170:contentidentifier mismatch -CMS_R_CONTENT_NOT_FOUND:105:content not found -CMS_R_CONTENT_TYPE_MISMATCH:171:content type mismatch -CMS_R_CONTENT_TYPE_NOT_COMPRESSED_DATA:106:content type not compressed data -CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA:107:content type not enveloped data -CMS_R_CONTENT_TYPE_NOT_SIGNED_DATA:108:content type not signed data -CMS_R_CONTENT_VERIFY_ERROR:109:content verify error -CMS_R_CTRL_ERROR:110:ctrl error -CMS_R_CTRL_FAILURE:111:ctrl failure -CMS_R_DECODE_ERROR:187:decode error -CMS_R_DECRYPT_ERROR:112:decrypt error -CMS_R_ERROR_GETTING_PUBLIC_KEY:113:error getting public key -CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE:114:\ - error reading messagedigest attribute -CMS_R_ERROR_SETTING_KEY:115:error setting key -CMS_R_ERROR_SETTING_RECIPIENTINFO:116:error setting recipientinfo -CMS_R_ESS_SIGNING_CERTID_MISMATCH_ERROR:183:ess signing certid mismatch error -CMS_R_INVALID_ENCRYPTED_KEY_LENGTH:117:invalid encrypted key length -CMS_R_INVALID_KEY_ENCRYPTION_PARAMETER:176:invalid key encryption parameter -CMS_R_INVALID_KEY_LENGTH:118:invalid key length -CMS_R_INVALID_LABEL:190:invalid label -CMS_R_INVALID_OAEP_PARAMETERS:191:invalid oaep parameters -CMS_R_KDF_PARAMETER_ERROR:186:kdf parameter error -CMS_R_MD_BIO_INIT_ERROR:119:md bio init error -CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH:120:\ - messagedigest attribute wrong length -CMS_R_MESSAGEDIGEST_WRONG_LENGTH:121:messagedigest wrong length -CMS_R_MSGSIGDIGEST_ERROR:172:msgsigdigest error -CMS_R_MSGSIGDIGEST_VERIFICATION_FAILURE:162:msgsigdigest verification failure -CMS_R_MSGSIGDIGEST_WRONG_LENGTH:163:msgsigdigest wrong length -CMS_R_NEED_ONE_SIGNER:164:need one signer -CMS_R_NOT_A_SIGNED_RECEIPT:165:not a signed receipt -CMS_R_NOT_ENCRYPTED_DATA:122:not encrypted data -CMS_R_NOT_KEK:123:not kek -CMS_R_NOT_KEY_AGREEMENT:181:not key agreement -CMS_R_NOT_KEY_TRANSPORT:124:not key transport -CMS_R_NOT_PWRI:177:not pwri -CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE:125:not supported for this key type -CMS_R_NO_CIPHER:126:no cipher -CMS_R_NO_CONTENT:127:no content -CMS_R_NO_CONTENT_TYPE:173:no content type -CMS_R_NO_DEFAULT_DIGEST:128:no default digest -CMS_R_NO_DIGEST_SET:129:no digest set -CMS_R_NO_KEY:130:no key -CMS_R_NO_KEY_OR_CERT:174:no key or cert -CMS_R_NO_MATCHING_DIGEST:131:no matching digest -CMS_R_NO_MATCHING_RECIPIENT:132:no matching recipient -CMS_R_NO_MATCHING_SIGNATURE:166:no matching signature -CMS_R_NO_MSGSIGDIGEST:167:no msgsigdigest -CMS_R_NO_PASSWORD:178:no password -CMS_R_NO_PRIVATE_KEY:133:no private key -CMS_R_NO_PUBLIC_KEY:134:no public key -CMS_R_NO_RECEIPT_REQUEST:168:no receipt request -CMS_R_NO_SIGNERS:135:no signers -CMS_R_PEER_KEY_ERROR:188:peer key error -CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE:136:\ - private key does not match certificate -CMS_R_RECEIPT_DECODE_ERROR:169:receipt decode error -CMS_R_RECIPIENT_ERROR:137:recipient error -CMS_R_SHARED_INFO_ERROR:189:shared info error -CMS_R_SIGNER_CERTIFICATE_NOT_FOUND:138:signer certificate not found -CMS_R_SIGNFINAL_ERROR:139:signfinal error -CMS_R_SMIME_TEXT_ERROR:140:smime text error -CMS_R_STORE_INIT_ERROR:141:store init error -CMS_R_TYPE_NOT_COMPRESSED_DATA:142:type not compressed data -CMS_R_TYPE_NOT_DATA:143:type not data -CMS_R_TYPE_NOT_DIGESTED_DATA:144:type not digested data -CMS_R_TYPE_NOT_ENCRYPTED_DATA:145:type not encrypted data -CMS_R_TYPE_NOT_ENVELOPED_DATA:146:type not enveloped data -CMS_R_UNABLE_TO_FINALIZE_CONTEXT:147:unable to finalize context -CMS_R_UNKNOWN_CIPHER:148:unknown cipher -CMS_R_UNKNOWN_DIGEST_ALGORITHM:149:unknown digest algorithm -CMS_R_UNKNOWN_ID:150:unknown id -CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM:151:unsupported compression algorithm -CMS_R_UNSUPPORTED_CONTENT_TYPE:152:unsupported content type -CMS_R_UNSUPPORTED_ENCRYPTION_TYPE:192:unsupported encryption type -CMS_R_UNSUPPORTED_KEK_ALGORITHM:153:unsupported kek algorithm -CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM:179:\ - unsupported key encryption algorithm -CMS_R_UNSUPPORTED_LABEL_SOURCE:193:unsupported label source -CMS_R_UNSUPPORTED_RECIPIENTINFO_TYPE:155:unsupported recipientinfo type -CMS_R_UNSUPPORTED_RECIPIENT_TYPE:154:unsupported recipient type -CMS_R_UNSUPPORTED_TYPE:156:unsupported type -CMS_R_UNWRAP_ERROR:157:unwrap error -CMS_R_UNWRAP_FAILURE:180:unwrap failure -CMS_R_VERIFICATION_FAILURE:158:verification failure -CMS_R_WRAP_ERROR:159:wrap error -COMP_R_ZLIB_DEFLATE_ERROR:99:zlib deflate error -COMP_R_ZLIB_INFLATE_ERROR:100:zlib inflate error -COMP_R_ZLIB_NOT_SUPPORTED:101:zlib not supported -CONF_R_ERROR_LOADING_DSO:110:error loading dso -CONF_R_INVALID_PRAGMA:122:invalid pragma -CONF_R_LIST_CANNOT_BE_NULL:115:list cannot be null -CONF_R_MANDATORY_BRACES_IN_VARIABLE_EXPANSION:123:\ - mandatory braces in variable expansion -CONF_R_MISSING_CLOSE_SQUARE_BRACKET:100:missing close square bracket -CONF_R_MISSING_EQUAL_SIGN:101:missing equal sign -CONF_R_MISSING_INIT_FUNCTION:112:missing init function -CONF_R_MODULE_INITIALIZATION_ERROR:109:module initialization error -CONF_R_NO_CLOSE_BRACE:102:no close brace -CONF_R_NO_CONF:105:no conf -CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE:106:no conf or environment variable -CONF_R_NO_SECTION:107:no section -CONF_R_NO_SUCH_FILE:114:no such file -CONF_R_NO_VALUE:108:no value -CONF_R_NUMBER_TOO_LARGE:121:number too large -CONF_R_OPENSSL_CONF_REFERENCES_MISSING_SECTION:124:\ - openssl conf references missing section -CONF_R_RECURSIVE_DIRECTORY_INCLUDE:111:recursive directory include -CONF_R_RELATIVE_PATH:125:relative path -CONF_R_SSL_COMMAND_SECTION_EMPTY:117:ssl command section empty -CONF_R_SSL_COMMAND_SECTION_NOT_FOUND:118:ssl command section not found -CONF_R_SSL_SECTION_EMPTY:119:ssl section empty -CONF_R_SSL_SECTION_NOT_FOUND:120:ssl section not found -CONF_R_UNABLE_TO_CREATE_NEW_SECTION:103:unable to create new section -CONF_R_UNKNOWN_MODULE_NAME:113:unknown module name -CONF_R_VARIABLE_EXPANSION_TOO_LONG:116:variable expansion too long -CONF_R_VARIABLE_HAS_NO_VALUE:104:variable has no value -CRMF_R_BAD_PBM_ITERATIONCOUNT:100:bad pbm iterationcount -CRMF_R_CRMFERROR:102:crmferror -CRMF_R_ERROR:103:error -CRMF_R_ERROR_DECODING_CERTIFICATE:104:error decoding certificate -CRMF_R_ERROR_DECRYPTING_CERTIFICATE:105:error decrypting certificate -CRMF_R_ERROR_DECRYPTING_SYMMETRIC_KEY:106:error decrypting symmetric key -CRMF_R_FAILURE_OBTAINING_RANDOM:107:failure obtaining random -CRMF_R_ITERATIONCOUNT_BELOW_100:108:iterationcount below 100 -CRMF_R_MALFORMED_IV:101:malformed iv -CRMF_R_NULL_ARGUMENT:109:null argument -CRMF_R_POPOSKINPUT_NOT_SUPPORTED:113:poposkinput not supported -CRMF_R_POPO_INCONSISTENT_PUBLIC_KEY:117:popo inconsistent public key -CRMF_R_POPO_MISSING:121:popo missing -CRMF_R_POPO_MISSING_PUBLIC_KEY:118:popo missing public key -CRMF_R_POPO_MISSING_SUBJECT:119:popo missing subject -CRMF_R_POPO_RAVERIFIED_NOT_ACCEPTED:120:popo raverified not accepted -CRMF_R_SETTING_MAC_ALGOR_FAILURE:110:setting mac algor failure -CRMF_R_SETTING_OWF_ALGOR_FAILURE:111:setting owf algor failure -CRMF_R_UNSUPPORTED_ALGORITHM:112:unsupported algorithm -CRMF_R_UNSUPPORTED_CIPHER:114:unsupported cipher -CRMF_R_UNSUPPORTED_METHOD_FOR_CREATING_POPO:115:\ - unsupported method for creating popo -CRMF_R_UNSUPPORTED_POPO_METHOD:116:unsupported popo method -CRYPTO_R_BAD_ALGORITHM_NAME:117:bad algorithm name -CRYPTO_R_CONFLICTING_NAMES:118:conflicting names -CRYPTO_R_HEX_STRING_TOO_SHORT:121:hex string too short -CRYPTO_R_ILLEGAL_HEX_DIGIT:102:illegal hex digit -CRYPTO_R_INSUFFICIENT_DATA_SPACE:106:insufficient data space -CRYPTO_R_INSUFFICIENT_PARAM_SIZE:107:insufficient param size -CRYPTO_R_INSUFFICIENT_SECURE_DATA_SPACE:108:insufficient secure data space -CRYPTO_R_INVALID_NEGATIVE_VALUE:122:invalid negative value -CRYPTO_R_INVALID_NULL_ARGUMENT:109:invalid null argument -CRYPTO_R_INVALID_OSSL_PARAM_TYPE:110:invalid ossl param type -CRYPTO_R_ODD_NUMBER_OF_DIGITS:103:odd number of digits -CRYPTO_R_PROVIDER_ALREADY_EXISTS:104:provider already exists -CRYPTO_R_PROVIDER_SECTION_ERROR:105:provider section error -CRYPTO_R_RANDOM_SECTION_ERROR:119:random section error -CRYPTO_R_SECURE_MALLOC_FAILURE:111:secure malloc failure -CRYPTO_R_STRING_TOO_LONG:112:string too long -CRYPTO_R_TOO_MANY_BYTES:113:too many bytes -CRYPTO_R_TOO_MANY_RECORDS:114:too many records -CRYPTO_R_TOO_SMALL_BUFFER:116:too small buffer -CRYPTO_R_UNKNOWN_NAME_IN_RANDOM_SECTION:120:unknown name in random section -CRYPTO_R_ZERO_LENGTH_NUMBER:115:zero length number -CT_R_BASE64_DECODE_ERROR:108:base64 decode error -CT_R_INVALID_LOG_ID_LENGTH:100:invalid log id length -CT_R_LOG_CONF_INVALID:109:log conf invalid -CT_R_LOG_CONF_INVALID_KEY:110:log conf invalid key -CT_R_LOG_CONF_MISSING_DESCRIPTION:111:log conf missing description -CT_R_LOG_CONF_MISSING_KEY:112:log conf missing key -CT_R_LOG_KEY_INVALID:113:log key invalid -CT_R_SCT_FUTURE_TIMESTAMP:116:sct future timestamp -CT_R_SCT_INVALID:104:sct invalid -CT_R_SCT_INVALID_SIGNATURE:107:sct invalid signature -CT_R_SCT_LIST_INVALID:105:sct list invalid -CT_R_SCT_LOG_ID_MISMATCH:114:sct log id mismatch -CT_R_SCT_NOT_SET:106:sct not set -CT_R_SCT_UNSUPPORTED_VERSION:115:sct unsupported version -CT_R_UNRECOGNIZED_SIGNATURE_NID:101:unrecognized signature nid -CT_R_UNSUPPORTED_ENTRY_TYPE:102:unsupported entry type -CT_R_UNSUPPORTED_VERSION:103:unsupported version -DH_R_BAD_FFC_PARAMETERS:127:bad ffc parameters -DH_R_BAD_GENERATOR:101:bad generator -DH_R_BN_DECODE_ERROR:109:bn decode error -DH_R_BN_ERROR:106:bn error -DH_R_CHECK_INVALID_J_VALUE:115:check invalid j value -DH_R_CHECK_INVALID_Q_VALUE:116:check invalid q value -DH_R_CHECK_PUBKEY_INVALID:122:check pubkey invalid -DH_R_CHECK_PUBKEY_TOO_LARGE:123:check pubkey too large -DH_R_CHECK_PUBKEY_TOO_SMALL:124:check pubkey too small -DH_R_CHECK_P_NOT_PRIME:117:check p not prime -DH_R_CHECK_P_NOT_SAFE_PRIME:118:check p not safe prime -DH_R_CHECK_Q_NOT_PRIME:119:check q not prime -DH_R_DECODE_ERROR:104:decode error -DH_R_INVALID_PARAMETER_NAME:110:invalid parameter name -DH_R_INVALID_PARAMETER_NID:114:invalid parameter nid -DH_R_INVALID_PUBKEY:102:invalid public key -DH_R_INVALID_SECRET:128:invalid secret -DH_R_KDF_PARAMETER_ERROR:112:kdf parameter error -DH_R_KEYS_NOT_SET:108:keys not set -DH_R_MISSING_PUBKEY:125:missing pubkey -DH_R_MODULUS_TOO_LARGE:103:modulus too large -DH_R_MODULUS_TOO_SMALL:126:modulus too small -DH_R_NOT_SUITABLE_GENERATOR:120:not suitable generator -DH_R_NO_PARAMETERS_SET:107:no parameters set -DH_R_NO_PRIVATE_VALUE:100:no private value -DH_R_PARAMETER_ENCODING_ERROR:105:parameter encoding error -DH_R_PEER_KEY_ERROR:111:peer key error -DH_R_SHARED_INFO_ERROR:113:shared info error -DH_R_UNABLE_TO_CHECK_GENERATOR:121:unable to check generator -DSA_R_BAD_FFC_PARAMETERS:114:bad ffc parameters -DSA_R_BAD_Q_VALUE:102:bad q value -DSA_R_BN_DECODE_ERROR:108:bn decode error -DSA_R_BN_ERROR:109:bn error -DSA_R_DECODE_ERROR:104:decode error -DSA_R_INVALID_DIGEST_TYPE:106:invalid digest type -DSA_R_INVALID_PARAMETERS:112:invalid parameters -DSA_R_MISSING_PARAMETERS:101:missing parameters -DSA_R_MISSING_PRIVATE_KEY:111:missing private key -DSA_R_MODULUS_TOO_LARGE:103:modulus too large -DSA_R_NO_PARAMETERS_SET:107:no parameters set -DSA_R_PARAMETER_ENCODING_ERROR:105:parameter encoding error -DSA_R_P_NOT_PRIME:115:p not prime -DSA_R_Q_NOT_PRIME:113:q not prime -DSA_R_SEED_LEN_SMALL:110:seed_len is less than the length of q -DSO_R_CTRL_FAILED:100:control command failed -DSO_R_DSO_ALREADY_LOADED:110:dso already loaded -DSO_R_EMPTY_FILE_STRUCTURE:113:empty file structure -DSO_R_FAILURE:114:failure -DSO_R_FILENAME_TOO_BIG:101:filename too big -DSO_R_FINISH_FAILED:102:cleanup method function failed -DSO_R_INCORRECT_FILE_SYNTAX:115:incorrect file syntax -DSO_R_LOAD_FAILED:103:could not load the shared library -DSO_R_NAME_TRANSLATION_FAILED:109:name translation failed -DSO_R_NO_FILENAME:111:no filename -DSO_R_NULL_HANDLE:104:a null shared library handle was used -DSO_R_SET_FILENAME_FAILED:112:set filename failed -DSO_R_STACK_ERROR:105:the meth_data stack is corrupt -DSO_R_SYM_FAILURE:106:could not bind to the requested symbol name -DSO_R_UNLOAD_FAILED:107:could not unload the shared library -DSO_R_UNSUPPORTED:108:functionality not supported -EC_R_ASN1_ERROR:115:asn1 error -EC_R_BAD_SIGNATURE:156:bad signature -EC_R_BIGNUM_OUT_OF_RANGE:144:bignum out of range -EC_R_BUFFER_TOO_SMALL:100:buffer too small -EC_R_CANNOT_INVERT:165:cannot invert -EC_R_COORDINATES_OUT_OF_RANGE:146:coordinates out of range -EC_R_CURVE_DOES_NOT_SUPPORT_ECDH:160:curve does not support ecdh -EC_R_CURVE_DOES_NOT_SUPPORT_ECDSA:170:curve does not support ecdsa -EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING:159:curve does not support signing -EC_R_DECODE_ERROR:142:decode error -EC_R_DISCRIMINANT_IS_ZERO:118:discriminant is zero -EC_R_EC_GROUP_NEW_BY_NAME_FAILURE:119:ec group new by name failure -EC_R_EXPLICIT_PARAMS_NOT_SUPPORTED:127:explicit params not supported -EC_R_FAILED_MAKING_PUBLIC_KEY:166:failed making public key -EC_R_FIELD_TOO_LARGE:143:field too large -EC_R_GF2M_NOT_SUPPORTED:147:gf2m not supported -EC_R_GROUP2PKPARAMETERS_FAILURE:120:group2pkparameters failure -EC_R_I2D_ECPKPARAMETERS_FAILURE:121:i2d ecpkparameters failure -EC_R_INCOMPATIBLE_OBJECTS:101:incompatible objects -EC_R_INVALID_A:168:invalid a -EC_R_INVALID_ARGUMENT:112:invalid argument -EC_R_INVALID_B:169:invalid b -EC_R_INVALID_COFACTOR:171:invalid cofactor -EC_R_INVALID_COMPRESSED_POINT:110:invalid compressed point -EC_R_INVALID_COMPRESSION_BIT:109:invalid compression bit -EC_R_INVALID_CURVE:141:invalid curve -EC_R_INVALID_DIGEST:151:invalid digest -EC_R_INVALID_DIGEST_TYPE:138:invalid digest type -EC_R_INVALID_ENCODING:102:invalid encoding -EC_R_INVALID_FIELD:103:invalid field -EC_R_INVALID_FORM:104:invalid form -EC_R_INVALID_GENERATOR:173:invalid generator -EC_R_INVALID_GROUP_ORDER:122:invalid group order -EC_R_INVALID_KEY:116:invalid key -EC_R_INVALID_LENGTH:117:invalid length -EC_R_INVALID_NAMED_GROUP_CONVERSION:174:invalid named group conversion -EC_R_INVALID_OUTPUT_LENGTH:161:invalid output length -EC_R_INVALID_P:172:invalid p -EC_R_INVALID_PEER_KEY:133:invalid peer key -EC_R_INVALID_PENTANOMIAL_BASIS:132:invalid pentanomial basis -EC_R_INVALID_PRIVATE_KEY:123:invalid private key -EC_R_INVALID_SEED:175:invalid seed -EC_R_INVALID_TRINOMIAL_BASIS:137:invalid trinomial basis -EC_R_KDF_PARAMETER_ERROR:148:kdf parameter error -EC_R_KEYS_NOT_SET:140:keys not set -EC_R_LADDER_POST_FAILURE:136:ladder post failure -EC_R_LADDER_PRE_FAILURE:153:ladder pre failure -EC_R_LADDER_STEP_FAILURE:162:ladder step failure -EC_R_MISSING_OID:167:missing OID -EC_R_MISSING_PARAMETERS:124:missing parameters -EC_R_MISSING_PRIVATE_KEY:125:missing private key -EC_R_NEED_NEW_SETUP_VALUES:157:need new setup values -EC_R_NOT_A_NIST_PRIME:135:not a NIST prime -EC_R_NOT_IMPLEMENTED:126:not implemented -EC_R_NOT_INITIALIZED:111:not initialized -EC_R_NO_PARAMETERS_SET:139:no parameters set -EC_R_NO_PRIVATE_VALUE:154:no private value -EC_R_OPERATION_NOT_SUPPORTED:152:operation not supported -EC_R_PASSED_NULL_PARAMETER:134:passed null parameter -EC_R_PEER_KEY_ERROR:149:peer key error -EC_R_POINT_ARITHMETIC_FAILURE:155:point arithmetic failure -EC_R_POINT_AT_INFINITY:106:point at infinity -EC_R_POINT_COORDINATES_BLIND_FAILURE:163:point coordinates blind failure -EC_R_POINT_IS_NOT_ON_CURVE:107:point is not on curve -EC_R_RANDOM_NUMBER_GENERATION_FAILED:158:random number generation failed -EC_R_SHARED_INFO_ERROR:150:shared info error -EC_R_SLOT_FULL:108:slot full -EC_R_UNDEFINED_GENERATOR:113:undefined generator -EC_R_UNDEFINED_ORDER:128:undefined order -EC_R_UNKNOWN_COFACTOR:164:unknown cofactor -EC_R_UNKNOWN_GROUP:129:unknown group -EC_R_UNKNOWN_ORDER:114:unknown order -EC_R_UNSUPPORTED_FIELD:131:unsupported field -EC_R_WRONG_CURVE_PARAMETERS:145:wrong curve parameters -EC_R_WRONG_ORDER:130:wrong order -ENGINE_R_ALREADY_LOADED:100:already loaded -ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER:133:argument is not a number -ENGINE_R_CMD_NOT_EXECUTABLE:134:cmd not executable -ENGINE_R_COMMAND_TAKES_INPUT:135:command takes input -ENGINE_R_COMMAND_TAKES_NO_INPUT:136:command takes no input -ENGINE_R_CONFLICTING_ENGINE_ID:103:conflicting engine id -ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED:119:ctrl command not implemented -ENGINE_R_DSO_FAILURE:104:DSO failure -ENGINE_R_DSO_NOT_FOUND:132:dso not found -ENGINE_R_ENGINES_SECTION_ERROR:148:engines section error -ENGINE_R_ENGINE_CONFIGURATION_ERROR:102:engine configuration error -ENGINE_R_ENGINE_IS_NOT_IN_LIST:105:engine is not in the list -ENGINE_R_ENGINE_SECTION_ERROR:149:engine section error -ENGINE_R_FAILED_LOADING_PRIVATE_KEY:128:failed loading private key -ENGINE_R_FAILED_LOADING_PUBLIC_KEY:129:failed loading public key -ENGINE_R_FINISH_FAILED:106:finish failed -ENGINE_R_ID_OR_NAME_MISSING:108:'id' or 'name' missing -ENGINE_R_INIT_FAILED:109:init failed -ENGINE_R_INTERNAL_LIST_ERROR:110:internal list error -ENGINE_R_INVALID_ARGUMENT:143:invalid argument -ENGINE_R_INVALID_CMD_NAME:137:invalid cmd name -ENGINE_R_INVALID_CMD_NUMBER:138:invalid cmd number -ENGINE_R_INVALID_INIT_VALUE:151:invalid init value -ENGINE_R_INVALID_STRING:150:invalid string -ENGINE_R_NOT_INITIALISED:117:not initialised -ENGINE_R_NOT_LOADED:112:not loaded -ENGINE_R_NO_CONTROL_FUNCTION:120:no control function -ENGINE_R_NO_INDEX:144:no index -ENGINE_R_NO_LOAD_FUNCTION:125:no load function -ENGINE_R_NO_REFERENCE:130:no reference -ENGINE_R_NO_SUCH_ENGINE:116:no such engine -ENGINE_R_UNIMPLEMENTED_CIPHER:146:unimplemented cipher -ENGINE_R_UNIMPLEMENTED_DIGEST:147:unimplemented digest -ENGINE_R_UNIMPLEMENTED_PUBLIC_KEY_METHOD:101:unimplemented public key method -ENGINE_R_VERSION_INCOMPATIBILITY:145:version incompatibility -ESS_R_EMPTY_ESS_CERT_ID_LIST:107:empty ess cert id list -ESS_R_ESS_CERT_DIGEST_ERROR:103:ess cert digest error -ESS_R_ESS_CERT_ID_NOT_FOUND:104:ess cert id not found -ESS_R_ESS_CERT_ID_WRONG_ORDER:105:ess cert id wrong order -ESS_R_ESS_DIGEST_ALG_UNKNOWN:106:ess digest alg unknown -ESS_R_ESS_SIGNING_CERTIFICATE_ERROR:102:ess signing certificate error -ESS_R_ESS_SIGNING_CERT_ADD_ERROR:100:ess signing cert add error -ESS_R_ESS_SIGNING_CERT_V2_ADD_ERROR:101:ess signing cert v2 add error -ESS_R_MISSING_SIGNING_CERTIFICATE_ATTRIBUTE:108:\ - missing signing certificate attribute -EVP_R_AES_KEY_SETUP_FAILED:143:aes key setup failed -EVP_R_ARIA_KEY_SETUP_FAILED:176:aria key setup failed -EVP_R_BAD_ALGORITHM_NAME:200:bad algorithm name -EVP_R_BAD_DECRYPT:100:bad decrypt -EVP_R_BAD_KEY_LENGTH:195:bad key length -EVP_R_BUFFER_TOO_SMALL:155:buffer too small -EVP_R_CACHE_CONSTANTS_FAILED:225:cache constants failed -EVP_R_CAMELLIA_KEY_SETUP_FAILED:157:camellia key setup failed -EVP_R_CANNOT_GET_PARAMETERS:197:cannot get parameters -EVP_R_CANNOT_SET_PARAMETERS:198:cannot set parameters -EVP_R_CIPHER_NOT_GCM_MODE:184:cipher not gcm mode -EVP_R_CIPHER_PARAMETER_ERROR:122:cipher parameter error -EVP_R_COMMAND_NOT_SUPPORTED:147:command not supported -EVP_R_CONFLICTING_ALGORITHM_NAME:201:conflicting algorithm name -EVP_R_COPY_ERROR:173:copy error -EVP_R_CTRL_NOT_IMPLEMENTED:132:ctrl not implemented -EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED:133:ctrl operation not implemented -EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH:138:data not multiple of block length -EVP_R_DECODE_ERROR:114:decode error -EVP_R_DEFAULT_QUERY_PARSE_ERROR:210:default query parse error -EVP_R_DIFFERENT_KEY_TYPES:101:different key types -EVP_R_DIFFERENT_PARAMETERS:153:different parameters -EVP_R_ERROR_LOADING_SECTION:165:error loading section -EVP_R_EXPECTING_AN_HMAC_KEY:174:expecting an hmac key -EVP_R_EXPECTING_AN_RSA_KEY:127:expecting an rsa key -EVP_R_EXPECTING_A_DH_KEY:128:expecting a dh key -EVP_R_EXPECTING_A_DSA_KEY:129:expecting a dsa key -EVP_R_EXPECTING_A_ECX_KEY:219:expecting an ecx key -EVP_R_EXPECTING_A_EC_KEY:142:expecting an ec key -EVP_R_EXPECTING_A_POLY1305_KEY:164:expecting a poly1305 key -EVP_R_EXPECTING_A_SIPHASH_KEY:175:expecting a siphash key -EVP_R_FINAL_ERROR:188:final error -EVP_R_GENERATE_ERROR:214:generate error -EVP_R_GET_RAW_KEY_FAILED:182:get raw key failed -EVP_R_ILLEGAL_SCRYPT_PARAMETERS:171:illegal scrypt parameters -EVP_R_INACCESSIBLE_DOMAIN_PARAMETERS:204:inaccessible domain parameters -EVP_R_INACCESSIBLE_KEY:203:inaccessible key -EVP_R_INITIALIZATION_ERROR:134:initialization error -EVP_R_INPUT_NOT_INITIALIZED:111:input not initialized -EVP_R_INVALID_CUSTOM_LENGTH:185:invalid custom length -EVP_R_INVALID_DIGEST:152:invalid digest -EVP_R_INVALID_IV_LENGTH:194:invalid iv length -EVP_R_INVALID_KEY:163:invalid key -EVP_R_INVALID_KEY_LENGTH:130:invalid key length -EVP_R_INVALID_LENGTH:221:invalid length -EVP_R_INVALID_NULL_ALGORITHM:218:invalid null algorithm -EVP_R_INVALID_OPERATION:148:invalid operation -EVP_R_INVALID_PROVIDER_FUNCTIONS:193:invalid provider functions -EVP_R_INVALID_SALT_LENGTH:186:invalid salt length -EVP_R_INVALID_SECRET_LENGTH:223:invalid secret length -EVP_R_INVALID_SEED_LENGTH:220:invalid seed length -EVP_R_INVALID_VALUE:222:invalid value -EVP_R_KEYMGMT_EXPORT_FAILURE:205:keymgmt export failure -EVP_R_KEY_SETUP_FAILED:180:key setup failed -EVP_R_LOCKING_NOT_SUPPORTED:213:locking not supported -EVP_R_MEMORY_LIMIT_EXCEEDED:172:memory limit exceeded -EVP_R_MESSAGE_DIGEST_IS_NULL:159:message digest is null -EVP_R_METHOD_NOT_SUPPORTED:144:method not supported -EVP_R_MISSING_PARAMETERS:103:missing parameters -EVP_R_NOT_ABLE_TO_COPY_CTX:190:not able to copy ctx -EVP_R_NOT_XOF_OR_INVALID_LENGTH:178:not XOF or invalid length -EVP_R_NO_CIPHER_SET:131:no cipher set -EVP_R_NO_DEFAULT_DIGEST:158:no default digest -EVP_R_NO_DIGEST_SET:139:no digest set -EVP_R_NO_IMPORT_FUNCTION:206:no import function -EVP_R_NO_KEYMGMT_AVAILABLE:199:no keymgmt available -EVP_R_NO_KEYMGMT_PRESENT:196:no keymgmt present -EVP_R_NO_KEY_SET:154:no key set -EVP_R_NO_OPERATION_SET:149:no operation set -EVP_R_NULL_MAC_PKEY_CTX:208:null mac pkey ctx -EVP_R_ONLY_ONESHOT_SUPPORTED:177:only oneshot supported -EVP_R_OPERATION_NOT_INITIALIZED:151:operation not initialized -EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE:150:\ - operation not supported for this keytype -EVP_R_OUTPUT_WOULD_OVERFLOW:202:output would overflow -EVP_R_PARAMETER_TOO_LARGE:187:parameter too large -EVP_R_PARTIALLY_OVERLAPPING:162:partially overlapping buffers -EVP_R_PBKDF2_ERROR:181:pbkdf2 error -EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED:179:\ - pkey application asn1 method already registered -EVP_R_PRIVATE_KEY_DECODE_ERROR:145:private key decode error -EVP_R_PRIVATE_KEY_ENCODE_ERROR:146:private key encode error -EVP_R_PUBLIC_KEY_NOT_RSA:106:public key not rsa -EVP_R_SETTING_XOF_FAILED:227:setting xof failed -EVP_R_SET_DEFAULT_PROPERTY_FAILURE:209:set default property failure -EVP_R_TOO_MANY_RECORDS:183:too many records -EVP_R_UNABLE_TO_ENABLE_LOCKING:212:unable to enable locking -EVP_R_UNABLE_TO_GET_MAXIMUM_REQUEST_SIZE:215:unable to get maximum request size -EVP_R_UNABLE_TO_GET_RANDOM_STRENGTH:216:unable to get random strength -EVP_R_UNABLE_TO_LOCK_CONTEXT:211:unable to lock context -EVP_R_UNABLE_TO_SET_CALLBACKS:217:unable to set callbacks -EVP_R_UNKNOWN_CIPHER:160:unknown cipher -EVP_R_UNKNOWN_DIGEST:161:unknown digest -EVP_R_UNKNOWN_KEY_TYPE:207:unknown key type -EVP_R_UNKNOWN_OPTION:169:unknown option -EVP_R_UNKNOWN_PBE_ALGORITHM:121:unknown pbe algorithm -EVP_R_UNSUPPORTED_ALGORITHM:156:unsupported algorithm -EVP_R_UNSUPPORTED_CIPHER:107:unsupported cipher -EVP_R_UNSUPPORTED_KEYLENGTH:123:unsupported keylength -EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION:124:\ - unsupported key derivation function -EVP_R_UNSUPPORTED_KEY_SIZE:108:unsupported key size -EVP_R_UNSUPPORTED_KEY_TYPE:224:unsupported key type -EVP_R_UNSUPPORTED_NUMBER_OF_ROUNDS:135:unsupported number of rounds -EVP_R_UNSUPPORTED_PRF:125:unsupported prf -EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM:118:unsupported private key algorithm -EVP_R_UNSUPPORTED_SALT_TYPE:126:unsupported salt type -EVP_R_UPDATE_ERROR:189:update error -EVP_R_WRAP_MODE_NOT_ALLOWED:170:wrap mode not allowed -EVP_R_WRONG_FINAL_BLOCK_LENGTH:109:wrong final block length -EVP_R_XTS_DATA_UNIT_IS_TOO_LARGE:191:xts data unit is too large -EVP_R_XTS_DUPLICATED_KEYS:192:xts duplicated keys -HTTP_R_ASN1_LEN_EXCEEDS_MAX_RESP_LEN:108:asn1 len exceeds max resp len -HTTP_R_CONNECT_FAILURE:100:connect failure -HTTP_R_ERROR_PARSING_ASN1_LENGTH:109:error parsing asn1 length -HTTP_R_ERROR_PARSING_CONTENT_LENGTH:119:error parsing content length -HTTP_R_ERROR_PARSING_URL:101:error parsing url -HTTP_R_ERROR_RECEIVING:103:error receiving -HTTP_R_ERROR_SENDING:102:error sending -HTTP_R_FAILED_READING_DATA:128:failed reading data -HTTP_R_HEADER_PARSE_ERROR:126:header parse error -HTTP_R_INCONSISTENT_CONTENT_LENGTH:120:inconsistent content length -HTTP_R_INVALID_PORT_NUMBER:123:invalid port number -HTTP_R_INVALID_URL_PATH:125:invalid url path -HTTP_R_INVALID_URL_SCHEME:124:invalid url scheme -HTTP_R_MAX_RESP_LEN_EXCEEDED:117:max resp len exceeded -HTTP_R_MISSING_ASN1_ENCODING:110:missing asn1 encoding -HTTP_R_MISSING_CONTENT_TYPE:121:missing content type -HTTP_R_MISSING_REDIRECT_LOCATION:111:missing redirect location -HTTP_R_RECEIVED_ERROR:105:received error -HTTP_R_RECEIVED_WRONG_HTTP_VERSION:106:received wrong http version -HTTP_R_REDIRECTION_FROM_HTTPS_TO_HTTP:112:redirection from https to http -HTTP_R_REDIRECTION_NOT_ENABLED:116:redirection not enabled -HTTP_R_RESPONSE_LINE_TOO_LONG:113:response line too long -HTTP_R_RESPONSE_PARSE_ERROR:104:response parse error -HTTP_R_RETRY_TIMEOUT:129:retry timeout -HTTP_R_SERVER_CANCELED_CONNECTION:127:server canceled connection -HTTP_R_SOCK_NOT_SUPPORTED:122:sock not supported -HTTP_R_STATUS_CODE_UNSUPPORTED:114:status code unsupported -HTTP_R_TLS_NOT_ENABLED:107:tls not enabled -HTTP_R_TOO_MANY_REDIRECTIONS:115:too many redirections -HTTP_R_UNEXPECTED_CONTENT_TYPE:118:unexpected content type -OBJ_R_OID_EXISTS:102:oid exists -OBJ_R_UNKNOWN_NID:101:unknown nid -OBJ_R_UNKNOWN_OBJECT_NAME:103:unknown object name -OCSP_R_CERTIFICATE_VERIFY_ERROR:101:certificate verify error -OCSP_R_DIGEST_ERR:102:digest err -OCSP_R_DIGEST_NAME_ERR:106:digest name err -OCSP_R_DIGEST_SIZE_ERR:107:digest size err -OCSP_R_ERROR_IN_NEXTUPDATE_FIELD:122:error in nextupdate field -OCSP_R_ERROR_IN_THISUPDATE_FIELD:123:error in thisupdate field -OCSP_R_MISSING_OCSPSIGNING_USAGE:103:missing ocspsigning usage -OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE:124:nextupdate before thisupdate -OCSP_R_NOT_BASIC_RESPONSE:104:not basic response -OCSP_R_NO_CERTIFICATES_IN_CHAIN:105:no certificates in chain -OCSP_R_NO_RESPONSE_DATA:108:no response data -OCSP_R_NO_REVOKED_TIME:109:no revoked time -OCSP_R_NO_SIGNER_KEY:130:no signer key -OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE:110:\ - private key does not match certificate -OCSP_R_REQUEST_NOT_SIGNED:128:request not signed -OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA:111:\ - response contains no revocation data -OCSP_R_ROOT_CA_NOT_TRUSTED:112:root ca not trusted -OCSP_R_SIGNATURE_FAILURE:117:signature failure -OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND:118:signer certificate not found -OCSP_R_STATUS_EXPIRED:125:status expired -OCSP_R_STATUS_NOT_YET_VALID:126:status not yet valid -OCSP_R_STATUS_TOO_OLD:127:status too old -OCSP_R_UNKNOWN_MESSAGE_DIGEST:119:unknown message digest -OCSP_R_UNKNOWN_NID:120:unknown nid -OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE:129:unsupported requestorname type -OSSL_DECODER_R_COULD_NOT_DECODE_OBJECT:101:could not decode object -OSSL_DECODER_R_DECODER_NOT_FOUND:102:decoder not found -OSSL_DECODER_R_MISSING_GET_PARAMS:100:missing get params -OSSL_ENCODER_R_ENCODER_NOT_FOUND:101:encoder not found -OSSL_ENCODER_R_INCORRECT_PROPERTY_QUERY:100:incorrect property query -OSSL_ENCODER_R_MISSING_GET_PARAMS:102:missing get params -OSSL_STORE_R_AMBIGUOUS_CONTENT_TYPE:107:ambiguous content type -OSSL_STORE_R_BAD_PASSWORD_READ:115:bad password read -OSSL_STORE_R_ERROR_VERIFYING_PKCS12_MAC:113:error verifying pkcs12 mac -OSSL_STORE_R_FINGERPRINT_SIZE_DOES_NOT_MATCH_DIGEST:121:\ - fingerprint size does not match digest -OSSL_STORE_R_INVALID_SCHEME:106:invalid scheme -OSSL_STORE_R_IS_NOT_A:112:is not a -OSSL_STORE_R_LOADER_INCOMPLETE:116:loader incomplete -OSSL_STORE_R_LOADING_STARTED:117:loading started -OSSL_STORE_R_NOT_A_CERTIFICATE:100:not a certificate -OSSL_STORE_R_NOT_A_CRL:101:not a crl -OSSL_STORE_R_NOT_A_NAME:103:not a name -OSSL_STORE_R_NOT_A_PRIVATE_KEY:102:not a private key -OSSL_STORE_R_NOT_A_PUBLIC_KEY:122:not a public key -OSSL_STORE_R_NOT_PARAMETERS:104:not parameters -OSSL_STORE_R_NO_LOADERS_FOUND:123:no loaders found -OSSL_STORE_R_PASSPHRASE_CALLBACK_ERROR:114:passphrase callback error -OSSL_STORE_R_PATH_MUST_BE_ABSOLUTE:108:path must be absolute -OSSL_STORE_R_SEARCH_ONLY_SUPPORTED_FOR_DIRECTORIES:119:\ - search only supported for directories -OSSL_STORE_R_UI_PROCESS_INTERRUPTED_OR_CANCELLED:109:\ - ui process interrupted or cancelled -OSSL_STORE_R_UNREGISTERED_SCHEME:105:unregistered scheme -OSSL_STORE_R_UNSUPPORTED_CONTENT_TYPE:110:unsupported content type -OSSL_STORE_R_UNSUPPORTED_OPERATION:118:unsupported operation -OSSL_STORE_R_UNSUPPORTED_SEARCH_TYPE:120:unsupported search type -OSSL_STORE_R_URI_AUTHORITY_UNSUPPORTED:111:uri authority unsupported -PEM_R_BAD_BASE64_DECODE:100:bad base64 decode -PEM_R_BAD_DECRYPT:101:bad decrypt -PEM_R_BAD_END_LINE:102:bad end line -PEM_R_BAD_IV_CHARS:103:bad iv chars -PEM_R_BAD_MAGIC_NUMBER:116:bad magic number -PEM_R_BAD_PASSWORD_READ:104:bad password read -PEM_R_BAD_VERSION_NUMBER:117:bad version number -PEM_R_BIO_WRITE_FAILURE:118:bio write failure -PEM_R_CIPHER_IS_NULL:127:cipher is null -PEM_R_ERROR_CONVERTING_PRIVATE_KEY:115:error converting private key -PEM_R_EXPECTING_DSS_KEY_BLOB:131:expecting dss key blob -PEM_R_EXPECTING_PRIVATE_KEY_BLOB:119:expecting private key blob -PEM_R_EXPECTING_PUBLIC_KEY_BLOB:120:expecting public key blob -PEM_R_EXPECTING_RSA_KEY_BLOB:132:expecting rsa key blob -PEM_R_HEADER_TOO_LONG:128:header too long -PEM_R_INCONSISTENT_HEADER:121:inconsistent header -PEM_R_KEYBLOB_HEADER_PARSE_ERROR:122:keyblob header parse error -PEM_R_KEYBLOB_TOO_SHORT:123:keyblob too short -PEM_R_MISSING_DEK_IV:129:missing dek iv -PEM_R_NOT_DEK_INFO:105:not dek info -PEM_R_NOT_ENCRYPTED:106:not encrypted -PEM_R_NOT_PROC_TYPE:107:not proc type -PEM_R_NO_START_LINE:108:no start line -PEM_R_PROBLEMS_GETTING_PASSWORD:109:problems getting password -PEM_R_PVK_DATA_TOO_SHORT:124:pvk data too short -PEM_R_PVK_TOO_SHORT:125:pvk too short -PEM_R_READ_KEY:111:read key -PEM_R_SHORT_HEADER:112:short header -PEM_R_UNEXPECTED_DEK_IV:130:unexpected dek iv -PEM_R_UNSUPPORTED_CIPHER:113:unsupported cipher -PEM_R_UNSUPPORTED_ENCRYPTION:114:unsupported encryption -PEM_R_UNSUPPORTED_KEY_COMPONENTS:126:unsupported key components -PEM_R_UNSUPPORTED_PUBLIC_KEY_TYPE:110:unsupported public key type -PKCS12_R_CANT_PACK_STRUCTURE:100:cant pack structure -PKCS12_R_CONTENT_TYPE_NOT_DATA:121:content type not data -PKCS12_R_DECODE_ERROR:101:decode error -PKCS12_R_ENCODE_ERROR:102:encode error -PKCS12_R_ENCRYPT_ERROR:103:encrypt error -PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE:120:error setting encrypted data type -PKCS12_R_INVALID_NULL_ARGUMENT:104:invalid null argument -PKCS12_R_INVALID_NULL_PKCS12_POINTER:105:invalid null pkcs12 pointer -PKCS12_R_INVALID_TYPE:112:invalid type -PKCS12_R_IV_GEN_ERROR:106:iv gen error -PKCS12_R_KEY_GEN_ERROR:107:key gen error -PKCS12_R_MAC_ABSENT:108:mac absent -PKCS12_R_MAC_GENERATION_ERROR:109:mac generation error -PKCS12_R_MAC_SETUP_ERROR:110:mac setup error -PKCS12_R_MAC_STRING_SET_ERROR:111:mac string set error -PKCS12_R_MAC_VERIFY_FAILURE:113:mac verify failure -PKCS12_R_PARSE_ERROR:114:parse error -PKCS12_R_PKCS12_CIPHERFINAL_ERROR:116:pkcs12 cipherfinal error -PKCS12_R_UNKNOWN_DIGEST_ALGORITHM:118:unknown digest algorithm -PKCS12_R_UNSUPPORTED_PKCS12_MODE:119:unsupported pkcs12 mode -PKCS7_R_CERTIFICATE_VERIFY_ERROR:117:certificate verify error -PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER:144:cipher has no object identifier -PKCS7_R_CIPHER_NOT_INITIALIZED:116:cipher not initialized -PKCS7_R_CONTENT_AND_DATA_PRESENT:118:content and data present -PKCS7_R_CTRL_ERROR:152:ctrl error -PKCS7_R_DECRYPT_ERROR:119:decrypt error -PKCS7_R_DIGEST_FAILURE:101:digest failure -PKCS7_R_ENCRYPTION_CTRL_FAILURE:149:encryption ctrl failure -PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE:150:\ - encryption not supported for this key type -PKCS7_R_ERROR_ADDING_RECIPIENT:120:error adding recipient -PKCS7_R_ERROR_SETTING_CIPHER:121:error setting cipher -PKCS7_R_INVALID_NULL_POINTER:143:invalid null pointer -PKCS7_R_INVALID_SIGNED_DATA_TYPE:155:invalid signed data type -PKCS7_R_NO_CONTENT:122:no content -PKCS7_R_NO_DEFAULT_DIGEST:151:no default digest -PKCS7_R_NO_MATCHING_DIGEST_TYPE_FOUND:154:no matching digest type found -PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE:115:no recipient matches certificate -PKCS7_R_NO_SIGNATURES_ON_DATA:123:no signatures on data -PKCS7_R_NO_SIGNERS:142:no signers -PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE:104:\ - operation not supported on this type -PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR:124:pkcs7 add signature error -PKCS7_R_PKCS7_ADD_SIGNER_ERROR:153:pkcs7 add signer error -PKCS7_R_PKCS7_DATASIGN:145:pkcs7 datasign -PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE:127:\ - private key does not match certificate -PKCS7_R_SIGNATURE_FAILURE:105:signature failure -PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND:128:signer certificate not found -PKCS7_R_SIGNING_CTRL_FAILURE:147:signing ctrl failure -PKCS7_R_SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE:148:\ - signing not supported for this key type -PKCS7_R_SMIME_TEXT_ERROR:129:smime text error -PKCS7_R_UNABLE_TO_FIND_CERTIFICATE:106:unable to find certificate -PKCS7_R_UNABLE_TO_FIND_MEM_BIO:107:unable to find mem bio -PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST:108:unable to find message digest -PKCS7_R_UNKNOWN_DIGEST_TYPE:109:unknown digest type -PKCS7_R_UNKNOWN_OPERATION:110:unknown operation -PKCS7_R_UNSUPPORTED_CIPHER_TYPE:111:unsupported cipher type -PKCS7_R_UNSUPPORTED_CONTENT_TYPE:112:unsupported content type -PKCS7_R_WRONG_CONTENT_TYPE:113:wrong content type -PKCS7_R_WRONG_PKCS7_TYPE:114:wrong pkcs7 type -PROP_R_NAME_TOO_LONG:100:name too long -PROP_R_NOT_AN_ASCII_CHARACTER:101:not an ascii character -PROP_R_NOT_AN_HEXADECIMAL_DIGIT:102:not an hexadecimal digit -PROP_R_NOT_AN_IDENTIFIER:103:not an identifier -PROP_R_NOT_AN_OCTAL_DIGIT:104:not an octal digit -PROP_R_NOT_A_DECIMAL_DIGIT:105:not a decimal digit -PROP_R_NO_MATCHING_STRING_DELIMITER:106:no matching string delimiter -PROP_R_NO_VALUE:107:no value -PROP_R_PARSE_FAILED:108:parse failed -PROP_R_STRING_TOO_LONG:109:string too long -PROP_R_TRAILING_CHARACTERS:110:trailing characters -PROV_R_ADDITIONAL_INPUT_TOO_LONG:184:additional input too long -PROV_R_ALGORITHM_MISMATCH:173:algorithm mismatch -PROV_R_ALREADY_INSTANTIATED:185:already instantiated -PROV_R_BAD_DECRYPT:100:bad decrypt -PROV_R_BAD_ENCODING:141:bad encoding -PROV_R_BAD_LENGTH:142:bad length -PROV_R_BAD_TLS_CLIENT_VERSION:161:bad tls client version -PROV_R_BN_ERROR:160:bn error -PROV_R_CIPHER_OPERATION_FAILED:102:cipher operation failed -PROV_R_DERIVATION_FUNCTION_INIT_FAILED:205:derivation function init failed -PROV_R_DIGEST_NOT_ALLOWED:174:digest not allowed -PROV_R_ENTROPY_SOURCE_STRENGTH_TOO_WEAK:186:entropy source strength too weak -PROV_R_ERROR_INSTANTIATING_DRBG:188:error instantiating drbg -PROV_R_ERROR_RETRIEVING_ENTROPY:189:error retrieving entropy -PROV_R_ERROR_RETRIEVING_NONCE:190:error retrieving nonce -PROV_R_FAILED_DURING_DERIVATION:164:failed during derivation -PROV_R_FAILED_TO_CREATE_LOCK:180:failed to create lock -PROV_R_FAILED_TO_DECRYPT:162:failed to decrypt -PROV_R_FAILED_TO_GENERATE_KEY:121:failed to generate key -PROV_R_FAILED_TO_GET_PARAMETER:103:failed to get parameter -PROV_R_FAILED_TO_SET_PARAMETER:104:failed to set parameter -PROV_R_FAILED_TO_SIGN:175:failed to sign -PROV_R_FIPS_MODULE_CONDITIONAL_ERROR:227:fips module conditional error -PROV_R_FIPS_MODULE_ENTERING_ERROR_STATE:224:fips module entering error state -PROV_R_FIPS_MODULE_IN_ERROR_STATE:225:fips module in error state -PROV_R_GENERATE_ERROR:191:generate error -PROV_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE:165:\ - illegal or unsupported padding mode -PROV_R_INDICATOR_INTEGRITY_FAILURE:210:indicator integrity failure -PROV_R_INSUFFICIENT_DRBG_STRENGTH:181:insufficient drbg strength -PROV_R_INVALID_AAD:108:invalid aad -PROV_R_INVALID_CONFIG_DATA:211:invalid config data -PROV_R_INVALID_CONSTANT_LENGTH:157:invalid constant length -PROV_R_INVALID_CURVE:176:invalid curve -PROV_R_INVALID_CUSTOM_LENGTH:111:invalid custom length -PROV_R_INVALID_DATA:115:invalid data -PROV_R_INVALID_DIGEST:122:invalid digest -PROV_R_INVALID_DIGEST_LENGTH:166:invalid digest length -PROV_R_INVALID_DIGEST_SIZE:218:invalid digest size -PROV_R_INVALID_INPUT_LENGTH:230:invalid input length -PROV_R_INVALID_ITERATION_COUNT:123:invalid iteration count -PROV_R_INVALID_IV_LENGTH:109:invalid iv length -PROV_R_INVALID_KEY:158:invalid key -PROV_R_INVALID_KEY_LENGTH:105:invalid key length -PROV_R_INVALID_MAC:151:invalid mac -PROV_R_INVALID_MGF1_MD:167:invalid mgf1 md -PROV_R_INVALID_MODE:125:invalid mode -PROV_R_INVALID_OUTPUT_LENGTH:217:invalid output length -PROV_R_INVALID_PADDING_MODE:168:invalid padding mode -PROV_R_INVALID_PUBINFO:198:invalid pubinfo -PROV_R_INVALID_SALT_LENGTH:112:invalid salt length -PROV_R_INVALID_SEED_LENGTH:154:invalid seed length -PROV_R_INVALID_SIGNATURE_SIZE:179:invalid signature size -PROV_R_INVALID_STATE:212:invalid state -PROV_R_INVALID_TAG:110:invalid tag -PROV_R_INVALID_TAG_LENGTH:118:invalid tag length -PROV_R_INVALID_UKM_LENGTH:200:invalid ukm length -PROV_R_INVALID_X931_DIGEST:170:invalid x931 digest -PROV_R_IN_ERROR_STATE:192:in error state -PROV_R_KEY_SETUP_FAILED:101:key setup failed -PROV_R_KEY_SIZE_TOO_SMALL:171:key size too small -PROV_R_LENGTH_TOO_LARGE:202:length too large -PROV_R_MISMATCHING_DOMAIN_PARAMETERS:203:mismatching domain parameters -PROV_R_MISSING_CEK_ALG:144:missing cek alg -PROV_R_MISSING_CIPHER:155:missing cipher -PROV_R_MISSING_CONFIG_DATA:213:missing config data -PROV_R_MISSING_CONSTANT:156:missing constant -PROV_R_MISSING_KEY:128:missing key -PROV_R_MISSING_MAC:150:missing mac -PROV_R_MISSING_MESSAGE_DIGEST:129:missing message digest -PROV_R_MISSING_OID:209:missing OID -PROV_R_MISSING_PASS:130:missing pass -PROV_R_MISSING_SALT:131:missing salt -PROV_R_MISSING_SECRET:132:missing secret -PROV_R_MISSING_SEED:140:missing seed -PROV_R_MISSING_SESSION_ID:133:missing session id -PROV_R_MISSING_TYPE:134:missing type -PROV_R_MISSING_XCGHASH:135:missing xcghash -PROV_R_MODULE_INTEGRITY_FAILURE:214:module integrity failure -PROV_R_NOT_A_PRIVATE_KEY:221:not a private key -PROV_R_NOT_A_PUBLIC_KEY:220:not a public key -PROV_R_NOT_INSTANTIATED:193:not instantiated -PROV_R_NOT_PARAMETERS:226:not parameters -PROV_R_NOT_SUPPORTED:136:not supported -PROV_R_NOT_XOF_OR_INVALID_LENGTH:113:not xof or invalid length -PROV_R_NO_KEY_SET:114:no key set -PROV_R_NO_PARAMETERS_SET:177:no parameters set -PROV_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE:178:\ - operation not supported for this keytype -PROV_R_OUTPUT_BUFFER_TOO_SMALL:106:output buffer too small -PROV_R_PARENT_CANNOT_GENERATE_RANDOM_NUMBERS:228:\ - parent cannot generate random numbers -PROV_R_PARENT_CANNOT_SUPPLY_ENTROPY_SEED:187:parent cannot supply entropy seed -PROV_R_PARENT_LOCKING_NOT_ENABLED:182:parent locking not enabled -PROV_R_PARENT_STRENGTH_TOO_WEAK:194:parent strength too weak -PROV_R_PATH_MUST_BE_ABSOLUTE:219:path must be absolute -PROV_R_PERSONALISATION_STRING_TOO_LONG:195:personalisation string too long -PROV_R_PSS_SALTLEN_TOO_SMALL:172:pss saltlen too small -PROV_R_REQUEST_TOO_LARGE_FOR_DRBG:196:request too large for drbg -PROV_R_REQUIRE_CTR_MODE_CIPHER:206:require ctr mode cipher -PROV_R_RESEED_ERROR:197:reseed error -PROV_R_SEARCH_ONLY_SUPPORTED_FOR_DIRECTORIES:222:\ - search only supported for directories -PROV_R_SEED_SOURCES_MUST_NOT_HAVE_A_PARENT:229:\ - seed sources must not have a parent -PROV_R_SELF_TEST_KAT_FAILURE:215:self test kat failure -PROV_R_SELF_TEST_POST_FAILURE:216:self test post failure -PROV_R_TAG_NOT_NEEDED:120:tag not needed -PROV_R_TAG_NOT_SET:119:tag not set -PROV_R_TOO_MANY_RECORDS:126:too many records -PROV_R_UNABLE_TO_FIND_CIPHERS:207:unable to find ciphers -PROV_R_UNABLE_TO_GET_PARENT_STRENGTH:199:unable to get parent strength -PROV_R_UNABLE_TO_GET_PASSPHRASE:159:unable to get passphrase -PROV_R_UNABLE_TO_INITIALISE_CIPHERS:208:unable to initialise ciphers -PROV_R_UNABLE_TO_LOAD_SHA256:147:unable to load sha256 -PROV_R_UNABLE_TO_LOCK_PARENT:201:unable to lock parent -PROV_R_UNABLE_TO_RESEED:204:unable to reseed -PROV_R_UNSUPPORTED_CEK_ALG:145:unsupported cek alg -PROV_R_UNSUPPORTED_KEY_SIZE:153:unsupported key size -PROV_R_UNSUPPORTED_MAC_TYPE:137:unsupported mac type -PROV_R_UNSUPPORTED_NUMBER_OF_ROUNDS:152:unsupported number of rounds -PROV_R_URI_AUTHORITY_UNSUPPORTED:223:uri authority unsupported -PROV_R_VALUE_ERROR:138:value error -PROV_R_WRONG_FINAL_BLOCK_LENGTH:107:wrong final block length -PROV_R_WRONG_OUTPUT_BUFFER_SIZE:139:wrong output buffer size -PROV_R_XOF_DIGESTS_NOT_ALLOWED:183:xof digests not allowed -PROV_R_XTS_DATA_UNIT_IS_TOO_LARGE:148:xts data unit is too large -PROV_R_XTS_DUPLICATED_KEYS:149:xts duplicated keys -RAND_R_ADDITIONAL_INPUT_TOO_LONG:102:additional input too long -RAND_R_ALREADY_INSTANTIATED:103:already instantiated -RAND_R_ARGUMENT_OUT_OF_RANGE:105:argument out of range -RAND_R_CANNOT_OPEN_FILE:121:Cannot open file -RAND_R_DRBG_ALREADY_INITIALIZED:129:drbg already initialized -RAND_R_DRBG_NOT_INITIALISED:104:drbg not initialised -RAND_R_ENTROPY_INPUT_TOO_LONG:106:entropy input too long -RAND_R_ENTROPY_OUT_OF_RANGE:124:entropy out of range -RAND_R_ERROR_ENTROPY_POOL_WAS_IGNORED:127:error entropy pool was ignored -RAND_R_ERROR_INITIALISING_DRBG:107:error initialising drbg -RAND_R_ERROR_INSTANTIATING_DRBG:108:error instantiating drbg -RAND_R_ERROR_RETRIEVING_ADDITIONAL_INPUT:109:error retrieving additional input -RAND_R_ERROR_RETRIEVING_ENTROPY:110:error retrieving entropy -RAND_R_ERROR_RETRIEVING_NONCE:111:error retrieving nonce -RAND_R_FAILED_TO_CREATE_LOCK:126:failed to create lock -RAND_R_FUNC_NOT_IMPLEMENTED:101:Function not implemented -RAND_R_FWRITE_ERROR:123:Error writing file -RAND_R_GENERATE_ERROR:112:generate error -RAND_R_INSUFFICIENT_DRBG_STRENGTH:139:insufficient drbg strength -RAND_R_INTERNAL_ERROR:113:internal error -RAND_R_IN_ERROR_STATE:114:in error state -RAND_R_NOT_A_REGULAR_FILE:122:Not a regular file -RAND_R_NOT_INSTANTIATED:115:not instantiated -RAND_R_NO_DRBG_IMPLEMENTATION_SELECTED:128:no drbg implementation selected -RAND_R_PARENT_LOCKING_NOT_ENABLED:130:parent locking not enabled -RAND_R_PARENT_STRENGTH_TOO_WEAK:131:parent strength too weak -RAND_R_PERSONALISATION_STRING_TOO_LONG:116:personalisation string too long -RAND_R_PREDICTION_RESISTANCE_NOT_SUPPORTED:133:\ - prediction resistance not supported -RAND_R_PRNG_NOT_SEEDED:100:PRNG not seeded -RAND_R_RANDOM_POOL_OVERFLOW:125:random pool overflow -RAND_R_RANDOM_POOL_UNDERFLOW:134:random pool underflow -RAND_R_REQUEST_TOO_LARGE_FOR_DRBG:117:request too large for drbg -RAND_R_RESEED_ERROR:118:reseed error -RAND_R_SELFTEST_FAILURE:119:selftest failure -RAND_R_TOO_LITTLE_NONCE_REQUESTED:135:too little nonce requested -RAND_R_TOO_MUCH_NONCE_REQUESTED:136:too much nonce requested -RAND_R_UNABLE_TO_CREATE_DRBG:143:unable to create drbg -RAND_R_UNABLE_TO_FETCH_DRBG:144:unable to fetch drbg -RAND_R_UNABLE_TO_GET_PARENT_RESEED_PROP_COUNTER:141:\ - unable to get parent reseed prop counter -RAND_R_UNABLE_TO_GET_PARENT_STRENGTH:138:unable to get parent strength -RAND_R_UNABLE_TO_LOCK_PARENT:140:unable to lock parent -RAND_R_UNSUPPORTED_DRBG_FLAGS:132:unsupported drbg flags -RAND_R_UNSUPPORTED_DRBG_TYPE:120:unsupported drbg type -RSA_R_ALGORITHM_MISMATCH:100:algorithm mismatch -RSA_R_BAD_E_VALUE:101:bad e value -RSA_R_BAD_FIXED_HEADER_DECRYPT:102:bad fixed header decrypt -RSA_R_BAD_PAD_BYTE_COUNT:103:bad pad byte count -RSA_R_BAD_SIGNATURE:104:bad signature -RSA_R_BLOCK_TYPE_IS_NOT_01:106:block type is not 01 -RSA_R_BLOCK_TYPE_IS_NOT_02:107:block type is not 02 -RSA_R_DATA_GREATER_THAN_MOD_LEN:108:data greater than mod len -RSA_R_DATA_TOO_LARGE:109:data too large -RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE:110:data too large for key size -RSA_R_DATA_TOO_LARGE_FOR_MODULUS:132:data too large for modulus -RSA_R_DATA_TOO_SMALL:111:data too small -RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE:122:data too small for key size -RSA_R_DIGEST_DOES_NOT_MATCH:158:digest does not match -RSA_R_DIGEST_NOT_ALLOWED:145:digest not allowed -RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY:112:digest too big for rsa key -RSA_R_DMP1_NOT_CONGRUENT_TO_D:124:dmp1 not congruent to d -RSA_R_DMQ1_NOT_CONGRUENT_TO_D:125:dmq1 not congruent to d -RSA_R_D_E_NOT_CONGRUENT_TO_1:123:d e not congruent to 1 -RSA_R_FIRST_OCTET_INVALID:133:first octet invalid -RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE:144:\ - illegal or unsupported padding mode -RSA_R_INVALID_DIGEST:157:invalid digest -RSA_R_INVALID_DIGEST_LENGTH:143:invalid digest length -RSA_R_INVALID_HEADER:137:invalid header -RSA_R_INVALID_KEYPAIR:171:invalid keypair -RSA_R_INVALID_KEY_LENGTH:173:invalid key length -RSA_R_INVALID_LABEL:160:invalid label -RSA_R_INVALID_LENGTH:181:invalid length -RSA_R_INVALID_MESSAGE_LENGTH:131:invalid message length -RSA_R_INVALID_MGF1_MD:156:invalid mgf1 md -RSA_R_INVALID_MODULUS:174:invalid modulus -RSA_R_INVALID_MULTI_PRIME_KEY:167:invalid multi prime key -RSA_R_INVALID_OAEP_PARAMETERS:161:invalid oaep parameters -RSA_R_INVALID_PADDING:138:invalid padding -RSA_R_INVALID_PADDING_MODE:141:invalid padding mode -RSA_R_INVALID_PSS_PARAMETERS:149:invalid pss parameters -RSA_R_INVALID_PSS_SALTLEN:146:invalid pss saltlen -RSA_R_INVALID_REQUEST:175:invalid request -RSA_R_INVALID_SALT_LENGTH:150:invalid salt length -RSA_R_INVALID_STRENGTH:176:invalid strength -RSA_R_INVALID_TRAILER:139:invalid trailer -RSA_R_INVALID_X931_DIGEST:142:invalid x931 digest -RSA_R_IQMP_NOT_INVERSE_OF_Q:126:iqmp not inverse of q -RSA_R_KEY_PRIME_NUM_INVALID:165:key prime num invalid -RSA_R_KEY_SIZE_TOO_SMALL:120:key size too small -RSA_R_LAST_OCTET_INVALID:134:last octet invalid -RSA_R_MGF1_DIGEST_NOT_ALLOWED:152:mgf1 digest not allowed -RSA_R_MISSING_PRIVATE_KEY:179:missing private key -RSA_R_MODULUS_TOO_LARGE:105:modulus too large -RSA_R_MP_COEFFICIENT_NOT_INVERSE_OF_R:168:mp coefficient not inverse of r -RSA_R_MP_EXPONENT_NOT_CONGRUENT_TO_D:169:mp exponent not congruent to d -RSA_R_MP_R_NOT_PRIME:170:mp r not prime -RSA_R_NO_PUBLIC_EXPONENT:140:no public exponent -RSA_R_NULL_BEFORE_BLOCK_MISSING:113:null before block missing -RSA_R_N_DOES_NOT_EQUAL_PRODUCT_OF_PRIMES:172:n does not equal product of primes -RSA_R_N_DOES_NOT_EQUAL_P_Q:127:n does not equal p q -RSA_R_OAEP_DECODING_ERROR:121:oaep decoding error -RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE:148:\ - operation not supported for this keytype -RSA_R_PADDING_CHECK_FAILED:114:padding check failed -RSA_R_PAIRWISE_TEST_FAILURE:177:pairwise test failure -RSA_R_PKCS_DECODING_ERROR:159:pkcs decoding error -RSA_R_PSS_SALTLEN_TOO_SMALL:164:pss saltlen too small -RSA_R_PUB_EXPONENT_OUT_OF_RANGE:178:pub exponent out of range -RSA_R_P_NOT_PRIME:128:p not prime -RSA_R_Q_NOT_PRIME:129:q not prime -RSA_R_RANDOMNESS_SOURCE_STRENGTH_INSUFFICIENT:180:\ - randomness source strength insufficient -RSA_R_RSA_OPERATIONS_NOT_SUPPORTED:130:rsa operations not supported -RSA_R_SLEN_CHECK_FAILED:136:salt length check failed -RSA_R_SLEN_RECOVERY_FAILED:135:salt length recovery failed -RSA_R_SSLV3_ROLLBACK_ATTACK:115:sslv3 rollback attack -RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD:116:\ - the asn1 object identifier is not known for this md -RSA_R_UNKNOWN_ALGORITHM_TYPE:117:unknown algorithm type -RSA_R_UNKNOWN_DIGEST:166:unknown digest -RSA_R_UNKNOWN_MASK_DIGEST:151:unknown mask digest -RSA_R_UNKNOWN_PADDING_TYPE:118:unknown padding type -RSA_R_UNSUPPORTED_ENCRYPTION_TYPE:162:unsupported encryption type -RSA_R_UNSUPPORTED_LABEL_SOURCE:163:unsupported label source -RSA_R_UNSUPPORTED_MASK_ALGORITHM:153:unsupported mask algorithm -RSA_R_UNSUPPORTED_MASK_PARAMETER:154:unsupported mask parameter -RSA_R_UNSUPPORTED_SIGNATURE_TYPE:155:unsupported signature type -RSA_R_VALUE_MISSING:147:value missing -RSA_R_WRONG_SIGNATURE_LENGTH:119:wrong signature length -SM2_R_ASN1_ERROR:100:asn1 error -SM2_R_BAD_SIGNATURE:101:bad signature -SM2_R_BUFFER_TOO_SMALL:107:buffer too small -SM2_R_DIST_ID_TOO_LARGE:110:dist id too large -SM2_R_ID_NOT_SET:112:id not set -SM2_R_ID_TOO_LARGE:111:id too large -SM2_R_INVALID_CURVE:108:invalid curve -SM2_R_INVALID_DIGEST:102:invalid digest -SM2_R_INVALID_DIGEST_TYPE:103:invalid digest type -SM2_R_INVALID_ENCODING:104:invalid encoding -SM2_R_INVALID_FIELD:105:invalid field -SM2_R_INVALID_PRIVATE_KEY:113:invalid private key -SM2_R_NO_PARAMETERS_SET:109:no parameters set -SM2_R_USER_ID_TOO_LARGE:106:user id too large -SSL_R_APPLICATION_DATA_AFTER_CLOSE_NOTIFY:291:\ - application data after close notify -SSL_R_APP_DATA_IN_HANDSHAKE:100:app data in handshake -SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT:272:\ - attempt to reuse session in different context -SSL_R_AT_LEAST_TLS_1_2_NEEDED_IN_SUITEB_MODE:158:\ - at least (D)TLS 1.2 needed in Suite B mode -SSL_R_BAD_CHANGE_CIPHER_SPEC:103:bad change cipher spec -SSL_R_BAD_CIPHER:186:bad cipher -SSL_R_BAD_DATA:390:bad data -SSL_R_BAD_DATA_RETURNED_BY_CALLBACK:106:bad data returned by callback -SSL_R_BAD_DECOMPRESSION:107:bad decompression -SSL_R_BAD_DH_VALUE:102:bad dh value -SSL_R_BAD_DIGEST_LENGTH:111:bad digest length -SSL_R_BAD_EARLY_DATA:233:bad early data -SSL_R_BAD_ECC_CERT:304:bad ecc cert -SSL_R_BAD_ECPOINT:306:bad ecpoint -SSL_R_BAD_EXTENSION:110:bad extension -SSL_R_BAD_HANDSHAKE_LENGTH:332:bad handshake length -SSL_R_BAD_HANDSHAKE_STATE:236:bad handshake state -SSL_R_BAD_HELLO_REQUEST:105:bad hello request -SSL_R_BAD_HRR_VERSION:263:bad hrr version -SSL_R_BAD_KEY_SHARE:108:bad key share -SSL_R_BAD_KEY_UPDATE:122:bad key update -SSL_R_BAD_LEGACY_VERSION:292:bad legacy version -SSL_R_BAD_LENGTH:271:bad length -SSL_R_BAD_PACKET:240:bad packet -SSL_R_BAD_PACKET_LENGTH:115:bad packet length -SSL_R_BAD_PROTOCOL_VERSION_NUMBER:116:bad protocol version number -SSL_R_BAD_PSK:219:bad psk -SSL_R_BAD_PSK_IDENTITY:114:bad psk identity -SSL_R_BAD_RECORD_TYPE:443:bad record type -SSL_R_BAD_RSA_ENCRYPT:119:bad rsa encrypt -SSL_R_BAD_SIGNATURE:123:bad signature -SSL_R_BAD_SRP_A_LENGTH:347:bad srp a length -SSL_R_BAD_SRP_PARAMETERS:371:bad srp parameters -SSL_R_BAD_SRTP_MKI_VALUE:352:bad srtp mki value -SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST:353:bad srtp protection profile list -SSL_R_BAD_SSL_FILETYPE:124:bad ssl filetype -SSL_R_BAD_VALUE:384:bad value -SSL_R_BAD_WRITE_RETRY:127:bad write retry -SSL_R_BINDER_DOES_NOT_VERIFY:253:binder does not verify -SSL_R_BIO_NOT_SET:128:bio not set -SSL_R_BLOCK_CIPHER_PAD_IS_WRONG:129:block cipher pad is wrong -SSL_R_BN_LIB:130:bn lib -SSL_R_CALLBACK_FAILED:234:callback failed -SSL_R_CANNOT_CHANGE_CIPHER:109:cannot change cipher -SSL_R_CANNOT_GET_GROUP_NAME:299:cannot get group name -SSL_R_CA_DN_LENGTH_MISMATCH:131:ca dn length mismatch -SSL_R_CA_KEY_TOO_SMALL:397:ca key too small -SSL_R_CA_MD_TOO_WEAK:398:ca md too weak -SSL_R_CCS_RECEIVED_EARLY:133:ccs received early -SSL_R_CERTIFICATE_VERIFY_FAILED:134:certificate verify failed -SSL_R_CERT_CB_ERROR:377:cert cb error -SSL_R_CERT_LENGTH_MISMATCH:135:cert length mismatch -SSL_R_CIPHERSUITE_DIGEST_HAS_CHANGED:218:ciphersuite digest has changed -SSL_R_CIPHER_CODE_WRONG_LENGTH:137:cipher code wrong length -SSL_R_CLIENTHELLO_TLSEXT:226:clienthello tlsext -SSL_R_COMPRESSED_LENGTH_TOO_LONG:140:compressed length too long -SSL_R_COMPRESSION_DISABLED:343:compression disabled -SSL_R_COMPRESSION_FAILURE:141:compression failure -SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE:307:\ - compression id not within private range -SSL_R_COMPRESSION_LIBRARY_ERROR:142:compression library error -SSL_R_CONNECTION_TYPE_NOT_SET:144:connection type not set -SSL_R_CONTEXT_NOT_DANE_ENABLED:167:context not dane enabled -SSL_R_COOKIE_GEN_CALLBACK_FAILURE:400:cookie gen callback failure -SSL_R_COOKIE_MISMATCH:308:cookie mismatch -SSL_R_COPY_PARAMETERS_FAILED:296:copy parameters failed -SSL_R_CUSTOM_EXT_HANDLER_ALREADY_INSTALLED:206:\ - custom ext handler already installed -SSL_R_DANE_ALREADY_ENABLED:172:dane already enabled -SSL_R_DANE_CANNOT_OVERRIDE_MTYPE_FULL:173:dane cannot override mtype full -SSL_R_DANE_NOT_ENABLED:175:dane not enabled -SSL_R_DANE_TLSA_BAD_CERTIFICATE:180:dane tlsa bad certificate -SSL_R_DANE_TLSA_BAD_CERTIFICATE_USAGE:184:dane tlsa bad certificate usage -SSL_R_DANE_TLSA_BAD_DATA_LENGTH:189:dane tlsa bad data length -SSL_R_DANE_TLSA_BAD_DIGEST_LENGTH:192:dane tlsa bad digest length -SSL_R_DANE_TLSA_BAD_MATCHING_TYPE:200:dane tlsa bad matching type -SSL_R_DANE_TLSA_BAD_PUBLIC_KEY:201:dane tlsa bad public key -SSL_R_DANE_TLSA_BAD_SELECTOR:202:dane tlsa bad selector -SSL_R_DANE_TLSA_NULL_DATA:203:dane tlsa null data -SSL_R_DATA_BETWEEN_CCS_AND_FINISHED:145:data between ccs and finished -SSL_R_DATA_LENGTH_TOO_LONG:146:data length too long -SSL_R_DECRYPTION_FAILED:147:decryption failed -SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC:281:\ - decryption failed or bad record mac -SSL_R_DH_KEY_TOO_SMALL:394:dh key too small -SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG:148:dh public value length is wrong -SSL_R_DIGEST_CHECK_FAILED:149:digest check failed -SSL_R_DTLS_MESSAGE_TOO_BIG:334:dtls message too big -SSL_R_DUPLICATE_COMPRESSION_ID:309:duplicate compression id -SSL_R_ECC_CERT_NOT_FOR_SIGNING:318:ecc cert not for signing -SSL_R_ECDH_REQUIRED_FOR_SUITEB_MODE:374:ecdh required for suiteb mode -SSL_R_EE_KEY_TOO_SMALL:399:ee key too small -SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST:354:empty srtp protection profile list -SSL_R_ENCRYPTED_LENGTH_TOO_LONG:150:encrypted length too long -SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST:151:error in received cipher list -SSL_R_ERROR_SETTING_TLSA_BASE_DOMAIN:204:error setting tlsa base domain -SSL_R_EXCEEDS_MAX_FRAGMENT_SIZE:194:exceeds max fragment size -SSL_R_EXCESSIVE_MESSAGE_SIZE:152:excessive message size -SSL_R_EXTENSION_NOT_RECEIVED:279:extension not received -SSL_R_EXTRA_DATA_IN_MESSAGE:153:extra data in message -SSL_R_EXT_LENGTH_MISMATCH:163:ext length mismatch -SSL_R_FAILED_TO_INIT_ASYNC:405:failed to init async -SSL_R_FRAGMENTED_CLIENT_HELLO:401:fragmented client hello -SSL_R_GOT_A_FIN_BEFORE_A_CCS:154:got a fin before a ccs -SSL_R_HTTPS_PROXY_REQUEST:155:https proxy request -SSL_R_HTTP_REQUEST:156:http request -SSL_R_ILLEGAL_POINT_COMPRESSION:162:illegal point compression -SSL_R_ILLEGAL_SUITEB_DIGEST:380:illegal Suite B digest -SSL_R_INAPPROPRIATE_FALLBACK:373:inappropriate fallback -SSL_R_INCONSISTENT_COMPRESSION:340:inconsistent compression -SSL_R_INCONSISTENT_EARLY_DATA_ALPN:222:inconsistent early data alpn -SSL_R_INCONSISTENT_EARLY_DATA_SNI:231:inconsistent early data sni -SSL_R_INCONSISTENT_EXTMS:104:inconsistent extms -SSL_R_INSUFFICIENT_SECURITY:241:insufficient security -SSL_R_INVALID_ALERT:205:invalid alert -SSL_R_INVALID_CCS_MESSAGE:260:invalid ccs message -SSL_R_INVALID_CERTIFICATE_OR_ALG:238:invalid certificate or alg -SSL_R_INVALID_COMMAND:280:invalid command -SSL_R_INVALID_COMPRESSION_ALGORITHM:341:invalid compression algorithm -SSL_R_INVALID_CONFIG:283:invalid config -SSL_R_INVALID_CONFIGURATION_NAME:113:invalid configuration name -SSL_R_INVALID_CONTEXT:282:invalid context -SSL_R_INVALID_CT_VALIDATION_TYPE:212:invalid ct validation type -SSL_R_INVALID_KEY_UPDATE_TYPE:120:invalid key update type -SSL_R_INVALID_MAX_EARLY_DATA:174:invalid max early data -SSL_R_INVALID_NULL_CMD_NAME:385:invalid null cmd name -SSL_R_INVALID_SEQUENCE_NUMBER:402:invalid sequence number -SSL_R_INVALID_SERVERINFO_DATA:388:invalid serverinfo data -SSL_R_INVALID_SESSION_ID:999:invalid session id -SSL_R_INVALID_SRP_USERNAME:357:invalid srp username -SSL_R_INVALID_STATUS_RESPONSE:328:invalid status response -SSL_R_INVALID_TICKET_KEYS_LENGTH:325:invalid ticket keys length -SSL_R_LENGTH_MISMATCH:159:length mismatch -SSL_R_LENGTH_TOO_LONG:404:length too long -SSL_R_LENGTH_TOO_SHORT:160:length too short -SSL_R_LIBRARY_BUG:274:library bug -SSL_R_LIBRARY_HAS_NO_CIPHERS:161:library has no ciphers -SSL_R_MISSING_DSA_SIGNING_CERT:165:missing dsa signing cert -SSL_R_MISSING_ECDSA_SIGNING_CERT:381:missing ecdsa signing cert -SSL_R_MISSING_FATAL:256:missing fatal -SSL_R_MISSING_PARAMETERS:290:missing parameters -SSL_R_MISSING_PSK_KEX_MODES_EXTENSION:310:missing psk kex modes extension -SSL_R_MISSING_RSA_CERTIFICATE:168:missing rsa certificate -SSL_R_MISSING_RSA_ENCRYPTING_CERT:169:missing rsa encrypting cert -SSL_R_MISSING_RSA_SIGNING_CERT:170:missing rsa signing cert -SSL_R_MISSING_SIGALGS_EXTENSION:112:missing sigalgs extension -SSL_R_MISSING_SIGNING_CERT:221:missing signing cert -SSL_R_MISSING_SRP_PARAM:358:can't find SRP server param -SSL_R_MISSING_SUPPORTED_GROUPS_EXTENSION:209:missing supported groups extension -SSL_R_MISSING_TMP_DH_KEY:171:missing tmp dh key -SSL_R_MISSING_TMP_ECDH_KEY:311:missing tmp ecdh key -SSL_R_MIXED_HANDSHAKE_AND_NON_HANDSHAKE_DATA:293:\ - mixed handshake and non handshake data -SSL_R_NOT_ON_RECORD_BOUNDARY:182:not on record boundary -SSL_R_NOT_REPLACING_CERTIFICATE:289:not replacing certificate -SSL_R_NOT_SERVER:284:not server -SSL_R_NO_APPLICATION_PROTOCOL:235:no application protocol -SSL_R_NO_CERTIFICATES_RETURNED:176:no certificates returned -SSL_R_NO_CERTIFICATE_ASSIGNED:177:no certificate assigned -SSL_R_NO_CERTIFICATE_SET:179:no certificate set -SSL_R_NO_CHANGE_FOLLOWING_HRR:214:no change following hrr -SSL_R_NO_CIPHERS_AVAILABLE:181:no ciphers available -SSL_R_NO_CIPHERS_SPECIFIED:183:no ciphers specified -SSL_R_NO_CIPHER_MATCH:185:no cipher match -SSL_R_NO_CLIENT_CERT_METHOD:331:no client cert method -SSL_R_NO_COMPRESSION_SPECIFIED:187:no compression specified -SSL_R_NO_COOKIE_CALLBACK_SET:287:no cookie callback set -SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER:330:\ - Peer haven't sent GOST certificate, required for selected ciphersuite -SSL_R_NO_METHOD_SPECIFIED:188:no method specified -SSL_R_NO_PEM_EXTENSIONS:389:no pem extensions -SSL_R_NO_PRIVATE_KEY_ASSIGNED:190:no private key assigned -SSL_R_NO_PROTOCOLS_AVAILABLE:191:no protocols available -SSL_R_NO_RENEGOTIATION:339:no renegotiation -SSL_R_NO_REQUIRED_DIGEST:324:no required digest -SSL_R_NO_SHARED_CIPHER:193:no shared cipher -SSL_R_NO_SHARED_GROUPS:410:no shared groups -SSL_R_NO_SHARED_SIGNATURE_ALGORITHMS:376:no shared signature algorithms -SSL_R_NO_SRTP_PROFILES:359:no srtp profiles -SSL_R_NO_SUITABLE_DIGEST_ALGORITHM:297:no suitable digest algorithm -SSL_R_NO_SUITABLE_GROUPS:295:no suitable groups -SSL_R_NO_SUITABLE_KEY_SHARE:101:no suitable key share -SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM:118:no suitable signature algorithm -SSL_R_NO_VALID_SCTS:216:no valid scts -SSL_R_NO_VERIFY_COOKIE_CALLBACK:403:no verify cookie callback -SSL_R_NULL_SSL_CTX:195:null ssl ctx -SSL_R_NULL_SSL_METHOD_PASSED:196:null ssl method passed -SSL_R_OCSP_CALLBACK_FAILURE:305:ocsp callback failure -SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED:197:old session cipher not returned -SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED:344:\ - old session compression algorithm not returned -SSL_R_OVERFLOW_ERROR:237:overflow error -SSL_R_PACKET_LENGTH_TOO_LONG:198:packet length too long -SSL_R_PARSE_TLSEXT:227:parse tlsext -SSL_R_PATH_TOO_LONG:270:path too long -SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE:199:peer did not return a certificate -SSL_R_PEM_NAME_BAD_PREFIX:391:pem name bad prefix -SSL_R_PEM_NAME_TOO_SHORT:392:pem name too short -SSL_R_PIPELINE_FAILURE:406:pipeline failure -SSL_R_POST_HANDSHAKE_AUTH_ENCODING_ERR:278:post handshake auth encoding err -SSL_R_PRIVATE_KEY_MISMATCH:288:private key mismatch -SSL_R_PROTOCOL_IS_SHUTDOWN:207:protocol is shutdown -SSL_R_PSK_IDENTITY_NOT_FOUND:223:psk identity not found -SSL_R_PSK_NO_CLIENT_CB:224:psk no client cb -SSL_R_PSK_NO_SERVER_CB:225:psk no server cb -SSL_R_READ_BIO_NOT_SET:211:read bio not set -SSL_R_READ_TIMEOUT_EXPIRED:312:read timeout expired -SSL_R_RECORD_LENGTH_MISMATCH:213:record length mismatch -SSL_R_RECORD_TOO_SMALL:298:record too small -SSL_R_RENEGOTIATE_EXT_TOO_LONG:335:renegotiate ext too long -SSL_R_RENEGOTIATION_ENCODING_ERR:336:renegotiation encoding err -SSL_R_RENEGOTIATION_MISMATCH:337:renegotiation mismatch -SSL_R_REQUEST_PENDING:285:request pending -SSL_R_REQUEST_SENT:286:request sent -SSL_R_REQUIRED_CIPHER_MISSING:215:required cipher missing -SSL_R_REQUIRED_COMPRESSION_ALGORITHM_MISSING:342:\ - required compression algorithm missing -SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING:345:scsv received when renegotiating -SSL_R_SCT_VERIFICATION_FAILED:208:sct verification failed -SSL_R_SERVERHELLO_TLSEXT:275:serverhello tlsext -SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED:277:session id context uninitialized -SSL_R_SHUTDOWN_WHILE_IN_INIT:407:shutdown while in init -SSL_R_SIGNATURE_ALGORITHMS_ERROR:360:signature algorithms error -SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE:220:\ - signature for non signing certificate -SSL_R_SRP_A_CALC:361:error with the srp params -SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES:362:srtp could not allocate profiles -SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG:363:\ - srtp protection profile list too long -SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE:364:srtp unknown protection profile -SSL_R_SSL3_EXT_INVALID_MAX_FRAGMENT_LENGTH:232:\ - ssl3 ext invalid max fragment length -SSL_R_SSL3_EXT_INVALID_SERVERNAME:319:ssl3 ext invalid servername -SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE:320:ssl3 ext invalid servername type -SSL_R_SSL3_SESSION_ID_TOO_LONG:300:ssl3 session id too long -SSL_R_SSL_COMMAND_SECTION_EMPTY:117:ssl command section empty -SSL_R_SSL_COMMAND_SECTION_NOT_FOUND:125:ssl command section not found -SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION:228:ssl ctx has no default ssl version -SSL_R_SSL_HANDSHAKE_FAILURE:229:ssl handshake failure -SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS:230:ssl library has no ciphers -SSL_R_SSL_NEGATIVE_LENGTH:372:ssl negative length -SSL_R_SSL_SECTION_EMPTY:126:ssl section empty -SSL_R_SSL_SECTION_NOT_FOUND:136:ssl section not found -SSL_R_SSL_SESSION_ID_CALLBACK_FAILED:301:ssl session id callback failed -SSL_R_SSL_SESSION_ID_CONFLICT:302:ssl session id conflict -SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG:273:ssl session id context too long -SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH:303:ssl session id has bad length -SSL_R_SSL_SESSION_ID_TOO_LONG:408:ssl session id too long -SSL_R_SSL_SESSION_VERSION_MISMATCH:210:ssl session version mismatch -SSL_R_STILL_IN_INIT:121:still in init -SSL_R_TLS_ILLEGAL_EXPORTER_LABEL:367:tls illegal exporter label -SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST:157:tls invalid ecpointformat list -SSL_R_TOO_MANY_KEY_UPDATES:132:too many key updates -SSL_R_TOO_MANY_WARN_ALERTS:409:too many warn alerts -SSL_R_TOO_MUCH_EARLY_DATA:164:too much early data -SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS:314:unable to find ecdh parameters -SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS:239:\ - unable to find public key parameters -SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES:242:unable to load ssl3 md5 routines -SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES:243:unable to load ssl3 sha1 routines -SSL_R_UNEXPECTED_CCS_MESSAGE:262:unexpected ccs message -SSL_R_UNEXPECTED_END_OF_EARLY_DATA:178:unexpected end of early data -SSL_R_UNEXPECTED_EOF_WHILE_READING:294:unexpected eof while reading -SSL_R_UNEXPECTED_MESSAGE:244:unexpected message -SSL_R_UNEXPECTED_RECORD:245:unexpected record -SSL_R_UNINITIALIZED:276:uninitialized -SSL_R_UNKNOWN_ALERT_TYPE:246:unknown alert type -SSL_R_UNKNOWN_CERTIFICATE_TYPE:247:unknown certificate type -SSL_R_UNKNOWN_CIPHER_RETURNED:248:unknown cipher returned -SSL_R_UNKNOWN_CIPHER_TYPE:249:unknown cipher type -SSL_R_UNKNOWN_CMD_NAME:386:unknown cmd name -SSL_R_UNKNOWN_COMMAND:139:unknown command -SSL_R_UNKNOWN_DIGEST:368:unknown digest -SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE:250:unknown key exchange type -SSL_R_UNKNOWN_PKEY_TYPE:251:unknown pkey type -SSL_R_UNKNOWN_PROTOCOL:252:unknown protocol -SSL_R_UNKNOWN_SSL_VERSION:254:unknown ssl version -SSL_R_UNKNOWN_STATE:255:unknown state -SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED:338:\ - unsafe legacy renegotiation disabled -SSL_R_UNSOLICITED_EXTENSION:217:unsolicited extension -SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM:257:unsupported compression algorithm -SSL_R_UNSUPPORTED_ELLIPTIC_CURVE:315:unsupported elliptic curve -SSL_R_UNSUPPORTED_PROTOCOL:258:unsupported protocol -SSL_R_UNSUPPORTED_SSL_VERSION:259:unsupported ssl version -SSL_R_UNSUPPORTED_STATUS_TYPE:329:unsupported status type -SSL_R_USE_SRTP_NOT_NEGOTIATED:369:use srtp not negotiated -SSL_R_VERSION_TOO_HIGH:166:version too high -SSL_R_VERSION_TOO_LOW:396:version too low -SSL_R_WRONG_CERTIFICATE_TYPE:383:wrong certificate type -SSL_R_WRONG_CIPHER_RETURNED:261:wrong cipher returned -SSL_R_WRONG_CURVE:378:wrong curve -SSL_R_WRONG_SIGNATURE_LENGTH:264:wrong signature length -SSL_R_WRONG_SIGNATURE_SIZE:265:wrong signature size -SSL_R_WRONG_SIGNATURE_TYPE:370:wrong signature type -SSL_R_WRONG_SSL_VERSION:266:wrong ssl version -SSL_R_WRONG_VERSION_NUMBER:267:wrong version number -SSL_R_X509_LIB:268:x509 lib -SSL_R_X509_VERIFICATION_SETUP_PROBLEMS:269:x509 verification setup problems -TS_R_BAD_PKCS7_TYPE:132:bad pkcs7 type -TS_R_BAD_TYPE:133:bad type -TS_R_CANNOT_LOAD_CERT:137:cannot load certificate -TS_R_CANNOT_LOAD_KEY:138:cannot load private key -TS_R_CERTIFICATE_VERIFY_ERROR:100:certificate verify error -TS_R_COULD_NOT_SET_ENGINE:127:could not set engine -TS_R_COULD_NOT_SET_TIME:115:could not set time -TS_R_DETACHED_CONTENT:134:detached content -TS_R_ESS_ADD_SIGNING_CERT_ERROR:116:ess add signing cert error -TS_R_ESS_ADD_SIGNING_CERT_V2_ERROR:139:ess add signing cert v2 error -TS_R_ESS_SIGNING_CERTIFICATE_ERROR:101:ess signing certificate error -TS_R_INVALID_NULL_POINTER:102:invalid null pointer -TS_R_INVALID_SIGNER_CERTIFICATE_PURPOSE:117:invalid signer certificate purpose -TS_R_MESSAGE_IMPRINT_MISMATCH:103:message imprint mismatch -TS_R_NONCE_MISMATCH:104:nonce mismatch -TS_R_NONCE_NOT_RETURNED:105:nonce not returned -TS_R_NO_CONTENT:106:no content -TS_R_NO_TIME_STAMP_TOKEN:107:no time stamp token -TS_R_PKCS7_ADD_SIGNATURE_ERROR:118:pkcs7 add signature error -TS_R_PKCS7_ADD_SIGNED_ATTR_ERROR:119:pkcs7 add signed attr error -TS_R_PKCS7_TO_TS_TST_INFO_FAILED:129:pkcs7 to ts tst info failed -TS_R_POLICY_MISMATCH:108:policy mismatch -TS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE:120:\ - private key does not match certificate -TS_R_RESPONSE_SETUP_ERROR:121:response setup error -TS_R_SIGNATURE_FAILURE:109:signature failure -TS_R_THERE_MUST_BE_ONE_SIGNER:110:there must be one signer -TS_R_TIME_SYSCALL_ERROR:122:time syscall error -TS_R_TOKEN_NOT_PRESENT:130:token not present -TS_R_TOKEN_PRESENT:131:token present -TS_R_TSA_NAME_MISMATCH:111:tsa name mismatch -TS_R_TSA_UNTRUSTED:112:tsa untrusted -TS_R_TST_INFO_SETUP_ERROR:123:tst info setup error -TS_R_TS_DATASIGN:124:ts datasign -TS_R_UNACCEPTABLE_POLICY:125:unacceptable policy -TS_R_UNSUPPORTED_MD_ALGORITHM:126:unsupported md algorithm -TS_R_UNSUPPORTED_VERSION:113:unsupported version -TS_R_VAR_BAD_VALUE:135:var bad value -TS_R_VAR_LOOKUP_FAILURE:136:cannot find config variable -TS_R_WRONG_CONTENT_TYPE:114:wrong content type -UI_R_COMMON_OK_AND_CANCEL_CHARACTERS:104:common ok and cancel characters -UI_R_INDEX_TOO_LARGE:102:index too large -UI_R_INDEX_TOO_SMALL:103:index too small -UI_R_NO_RESULT_BUFFER:105:no result buffer -UI_R_PROCESSING_ERROR:107:processing error -UI_R_RESULT_TOO_LARGE:100:result too large -UI_R_RESULT_TOO_SMALL:101:result too small -UI_R_SYSASSIGN_ERROR:109:sys$assign error -UI_R_SYSDASSGN_ERROR:110:sys$dassgn error -UI_R_SYSQIOW_ERROR:111:sys$qiow error -UI_R_UNKNOWN_CONTROL_COMMAND:106:unknown control command -UI_R_UNKNOWN_TTYGET_ERRNO_VALUE:108:unknown ttyget errno value -UI_R_USER_DATA_DUPLICATION_UNSUPPORTED:112:user data duplication unsupported -X509V3_R_BAD_IP_ADDRESS:118:bad ip address -X509V3_R_BAD_OBJECT:119:bad object -X509V3_R_BN_DEC2BN_ERROR:100:bn dec2bn error -X509V3_R_BN_TO_ASN1_INTEGER_ERROR:101:bn to asn1 integer error -X509V3_R_DIRNAME_ERROR:149:dirname error -X509V3_R_DISTPOINT_ALREADY_SET:160:distpoint already set -X509V3_R_DUPLICATE_ZONE_ID:133:duplicate zone id -X509V3_R_EMPTY_KEY_USAGE:169:empty key usage -X509V3_R_ERROR_CONVERTING_ZONE:131:error converting zone -X509V3_R_ERROR_CREATING_EXTENSION:144:error creating extension -X509V3_R_ERROR_IN_EXTENSION:128:error in extension -X509V3_R_EXPECTED_A_SECTION_NAME:137:expected a section name -X509V3_R_EXTENSION_EXISTS:145:extension exists -X509V3_R_EXTENSION_NAME_ERROR:115:extension name error -X509V3_R_EXTENSION_NOT_FOUND:102:extension not found -X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED:103:extension setting not supported -X509V3_R_EXTENSION_VALUE_ERROR:116:extension value error -X509V3_R_ILLEGAL_EMPTY_EXTENSION:151:illegal empty extension -X509V3_R_INCORRECT_POLICY_SYNTAX_TAG:152:incorrect policy syntax tag -X509V3_R_INVALID_ASNUMBER:162:invalid asnumber -X509V3_R_INVALID_ASRANGE:163:invalid asrange -X509V3_R_INVALID_BOOLEAN_STRING:104:invalid boolean string -X509V3_R_INVALID_CERTIFICATE:158:invalid certificate -X509V3_R_INVALID_EMPTY_NAME:108:invalid empty name -X509V3_R_INVALID_EXTENSION_STRING:105:invalid extension string -X509V3_R_INVALID_INHERITANCE:165:invalid inheritance -X509V3_R_INVALID_IPADDRESS:166:invalid ipaddress -X509V3_R_INVALID_MULTIPLE_RDNS:161:invalid multiple rdns -X509V3_R_INVALID_NAME:106:invalid name -X509V3_R_INVALID_NULL_ARGUMENT:107:invalid null argument -X509V3_R_INVALID_NULL_VALUE:109:invalid null value -X509V3_R_INVALID_NUMBER:140:invalid number -X509V3_R_INVALID_NUMBERS:141:invalid numbers -X509V3_R_INVALID_OBJECT_IDENTIFIER:110:invalid object identifier -X509V3_R_INVALID_OPTION:138:invalid option -X509V3_R_INVALID_POLICY_IDENTIFIER:134:invalid policy identifier -X509V3_R_INVALID_PROXY_POLICY_SETTING:153:invalid proxy policy setting -X509V3_R_INVALID_PURPOSE:146:invalid purpose -X509V3_R_INVALID_SAFI:164:invalid safi -X509V3_R_INVALID_SECTION:135:invalid section -X509V3_R_INVALID_SYNTAX:143:invalid syntax -X509V3_R_ISSUER_DECODE_ERROR:126:issuer decode error -X509V3_R_MISSING_VALUE:124:missing value -X509V3_R_NEED_ORGANIZATION_AND_NUMBERS:142:need organization and numbers -X509V3_R_NEGATIVE_PATHLEN:168:negative pathlen -X509V3_R_NO_CONFIG_DATABASE:136:no config database -X509V3_R_NO_ISSUER_CERTIFICATE:121:no issuer certificate -X509V3_R_NO_ISSUER_DETAILS:127:no issuer details -X509V3_R_NO_POLICY_IDENTIFIER:139:no policy identifier -X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED:154:\ - no proxy cert policy language defined -X509V3_R_NO_PUBLIC_KEY:114:no public key -X509V3_R_NO_SUBJECT_DETAILS:125:no subject details -X509V3_R_OPERATION_NOT_DEFINED:148:operation not defined -X509V3_R_OTHERNAME_ERROR:147:othername error -X509V3_R_POLICY_LANGUAGE_ALREADY_DEFINED:155:policy language already defined -X509V3_R_POLICY_PATH_LENGTH:156:policy path length -X509V3_R_POLICY_PATH_LENGTH_ALREADY_DEFINED:157:\ - policy path length already defined -X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY:159:\ - policy when proxy language requires no policy -X509V3_R_SECTION_NOT_FOUND:150:section not found -X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS:122:unable to get issuer details -X509V3_R_UNABLE_TO_GET_ISSUER_KEYID:123:unable to get issuer keyid -X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT:111:unknown bit string argument -X509V3_R_UNKNOWN_EXTENSION:129:unknown extension -X509V3_R_UNKNOWN_EXTENSION_NAME:130:unknown extension name -X509V3_R_UNKNOWN_OPTION:120:unknown option -X509V3_R_UNSUPPORTED_OPTION:117:unsupported option -X509V3_R_UNSUPPORTED_TYPE:167:unsupported type -X509V3_R_USER_TOO_LONG:132:user too long -X509_R_AKID_MISMATCH:110:akid mismatch -X509_R_BAD_SELECTOR:133:bad selector -X509_R_BAD_X509_FILETYPE:100:bad x509 filetype -X509_R_BASE64_DECODE_ERROR:118:base64 decode error -X509_R_CANT_CHECK_DH_KEY:114:cant check dh key -X509_R_CERTIFICATE_VERIFICATION_FAILED:139:certificate verification failed -X509_R_CERT_ALREADY_IN_HASH_TABLE:101:cert already in hash table -X509_R_CRL_ALREADY_DELTA:127:crl already delta -X509_R_CRL_VERIFY_FAILURE:131:crl verify failure -X509_R_ERROR_GETTING_MD_BY_NID:141:error getting md by nid -X509_R_ERROR_USING_SIGINF_SET:142:error using siginf set -X509_R_IDP_MISMATCH:128:idp mismatch -X509_R_INVALID_ATTRIBUTES:138:invalid attributes -X509_R_INVALID_DIRECTORY:113:invalid directory -X509_R_INVALID_DISTPOINT:143:invalid distpoint -X509_R_INVALID_FIELD_NAME:119:invalid field name -X509_R_INVALID_TRUST:123:invalid trust -X509_R_ISSUER_MISMATCH:129:issuer mismatch -X509_R_KEY_TYPE_MISMATCH:115:key type mismatch -X509_R_KEY_VALUES_MISMATCH:116:key values mismatch -X509_R_LOADING_CERT_DIR:103:loading cert dir -X509_R_LOADING_DEFAULTS:104:loading defaults -X509_R_METHOD_NOT_SUPPORTED:124:method not supported -X509_R_NAME_TOO_LONG:134:name too long -X509_R_NEWER_CRL_NOT_NEWER:132:newer crl not newer -X509_R_NO_CERTIFICATE_FOUND:135:no certificate found -X509_R_NO_CERTIFICATE_OR_CRL_FOUND:136:no certificate or crl found -X509_R_NO_CERT_SET_FOR_US_TO_VERIFY:105:no cert set for us to verify -X509_R_NO_CRL_FOUND:137:no crl found -X509_R_NO_CRL_NUMBER:130:no crl number -X509_R_PUBLIC_KEY_DECODE_ERROR:125:public key decode error -X509_R_PUBLIC_KEY_ENCODE_ERROR:126:public key encode error -X509_R_SHOULD_RETRY:106:should retry -X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN:107:unable to find parameters in chain -X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY:108:unable to get certs public key -X509_R_UNKNOWN_KEY_TYPE:117:unknown key type -X509_R_UNKNOWN_NID:109:unknown nid -X509_R_UNKNOWN_PURPOSE_ID:121:unknown purpose id -X509_R_UNKNOWN_SIGID_ALGS:144:unknown sigid algs -X509_R_UNKNOWN_TRUST_ID:120:unknown trust id -X509_R_UNSUPPORTED_ALGORITHM:111:unsupported algorithm -X509_R_WRONG_LOOKUP_TYPE:112:wrong lookup type -X509_R_WRONG_TYPE:122:wrong type diff --git a/crypto/ess/build.info b/crypto/ess/build.info deleted file mode 100644 index f25c1271fb2f8044bd2dc709917885aafed94515..0000000000000000000000000000000000000000 --- a/crypto/ess/build.info +++ /dev/null @@ -1,3 +0,0 @@ -LIBS=../../libcrypto - -SOURCE[../../libcrypto]= ess_asn1.c ess_err.c ess_lib.c diff --git a/crypto/ess/ess_asn1.c b/crypto/ess/ess_asn1.c deleted file mode 100644 index 68bc854c99bb27e305ce795134032138c00d1243..0000000000000000000000000000000000000000 --- a/crypto/ess/ess_asn1.c +++ /dev/null @@ -1,58 +0,0 @@ -/* - * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include -#include -#include "crypto/ess.h" - -/* ASN1 stuff for ESS Structure */ - -ASN1_SEQUENCE(ESS_ISSUER_SERIAL) = { - ASN1_SEQUENCE_OF(ESS_ISSUER_SERIAL, issuer, GENERAL_NAME), - ASN1_SIMPLE(ESS_ISSUER_SERIAL, serial, ASN1_INTEGER) -} static_ASN1_SEQUENCE_END(ESS_ISSUER_SERIAL) - -IMPLEMENT_ASN1_FUNCTIONS(ESS_ISSUER_SERIAL) -IMPLEMENT_ASN1_DUP_FUNCTION(ESS_ISSUER_SERIAL) - -ASN1_SEQUENCE(ESS_CERT_ID) = { - ASN1_SIMPLE(ESS_CERT_ID, hash, ASN1_OCTET_STRING), - ASN1_OPT(ESS_CERT_ID, issuer_serial, ESS_ISSUER_SERIAL) -} static_ASN1_SEQUENCE_END(ESS_CERT_ID) - -IMPLEMENT_ASN1_FUNCTIONS(ESS_CERT_ID) -IMPLEMENT_ASN1_DUP_FUNCTION(ESS_CERT_ID) - -ASN1_SEQUENCE(ESS_SIGNING_CERT) = { - ASN1_SEQUENCE_OF(ESS_SIGNING_CERT, cert_ids, ESS_CERT_ID), - ASN1_SEQUENCE_OF_OPT(ESS_SIGNING_CERT, policy_info, POLICYINFO) -} ASN1_SEQUENCE_END(ESS_SIGNING_CERT) - -IMPLEMENT_ASN1_FUNCTIONS(ESS_SIGNING_CERT) -IMPLEMENT_ASN1_DUP_FUNCTION(ESS_SIGNING_CERT) - -ASN1_SEQUENCE(ESS_CERT_ID_V2) = { - ASN1_OPT(ESS_CERT_ID_V2, hash_alg, X509_ALGOR), - ASN1_SIMPLE(ESS_CERT_ID_V2, hash, ASN1_OCTET_STRING), - ASN1_OPT(ESS_CERT_ID_V2, issuer_serial, ESS_ISSUER_SERIAL) -} static_ASN1_SEQUENCE_END(ESS_CERT_ID_V2) - -IMPLEMENT_ASN1_FUNCTIONS(ESS_CERT_ID_V2) -IMPLEMENT_ASN1_DUP_FUNCTION(ESS_CERT_ID_V2) - -ASN1_SEQUENCE(ESS_SIGNING_CERT_V2) = { - ASN1_SEQUENCE_OF(ESS_SIGNING_CERT_V2, cert_ids, ESS_CERT_ID_V2), - ASN1_SEQUENCE_OF_OPT(ESS_SIGNING_CERT_V2, policy_info, POLICYINFO) -} ASN1_SEQUENCE_END(ESS_SIGNING_CERT_V2) - -IMPLEMENT_ASN1_FUNCTIONS(ESS_SIGNING_CERT_V2) -IMPLEMENT_ASN1_DUP_FUNCTION(ESS_SIGNING_CERT_V2) diff --git a/crypto/ess/ess_err.c b/crypto/ess/ess_err.c deleted file mode 100644 index eb76dfe7cc8f48f29fdaa0d6a9b98c0e641724cd..0000000000000000000000000000000000000000 --- a/crypto/ess/ess_err.c +++ /dev/null @@ -1,48 +0,0 @@ -/* - * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include "crypto/esserr.h" - -#ifndef OPENSSL_NO_ERR - -static const ERR_STRING_DATA ESS_str_reasons[] = { - {ERR_PACK(ERR_LIB_ESS, 0, ESS_R_EMPTY_ESS_CERT_ID_LIST), - "empty ess cert id list"}, - {ERR_PACK(ERR_LIB_ESS, 0, ESS_R_ESS_CERT_DIGEST_ERROR), - "ess cert digest error"}, - {ERR_PACK(ERR_LIB_ESS, 0, ESS_R_ESS_CERT_ID_NOT_FOUND), - "ess cert id not found"}, - {ERR_PACK(ERR_LIB_ESS, 0, ESS_R_ESS_CERT_ID_WRONG_ORDER), - "ess cert id wrong order"}, - {ERR_PACK(ERR_LIB_ESS, 0, ESS_R_ESS_DIGEST_ALG_UNKNOWN), - "ess digest alg unknown"}, - {ERR_PACK(ERR_LIB_ESS, 0, ESS_R_ESS_SIGNING_CERTIFICATE_ERROR), - "ess signing certificate error"}, - {ERR_PACK(ERR_LIB_ESS, 0, ESS_R_ESS_SIGNING_CERT_ADD_ERROR), - "ess signing cert add error"}, - {ERR_PACK(ERR_LIB_ESS, 0, ESS_R_ESS_SIGNING_CERT_V2_ADD_ERROR), - "ess signing cert v2 add error"}, - {ERR_PACK(ERR_LIB_ESS, 0, ESS_R_MISSING_SIGNING_CERTIFICATE_ATTRIBUTE), - "missing signing certificate attribute"}, - {0, NULL} -}; - -#endif - -int ossl_err_load_ESS_strings(void) -{ -#ifndef OPENSSL_NO_ERR - if (ERR_reason_error_string(ESS_str_reasons[0].error) == NULL) - ERR_load_strings_const(ESS_str_reasons); -#endif - return 1; -} diff --git a/crypto/ess/ess_lib.c b/crypto/ess/ess_lib.c deleted file mode 100644 index 65444d383ff4bdc8af42ecb359be7741c514c73b..0000000000000000000000000000000000000000 --- a/crypto/ess/ess_lib.c +++ /dev/null @@ -1,315 +0,0 @@ -/* - * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include -#include "internal/sizes.h" -#include "crypto/ess.h" -#include "crypto/x509.h" - -static ESS_CERT_ID *ESS_CERT_ID_new_init(const X509 *cert, - int set_issuer_serial); -static ESS_CERT_ID_V2 *ESS_CERT_ID_V2_new_init(const EVP_MD *hash_alg, - const X509 *cert, - int set_issuer_serial); - -ESS_SIGNING_CERT *OSSL_ESS_signing_cert_new_init(const X509 *signcert, - const STACK_OF(X509) *certs, - int set_issuer_serial) -{ - ESS_CERT_ID *cid = NULL; - ESS_SIGNING_CERT *sc; - int i; - - if ((sc = ESS_SIGNING_CERT_new()) == NULL) - goto err; - if (sc->cert_ids == NULL - && (sc->cert_ids = sk_ESS_CERT_ID_new_null()) == NULL) - goto err; - - if ((cid = ESS_CERT_ID_new_init(signcert, set_issuer_serial)) == NULL - || !sk_ESS_CERT_ID_push(sc->cert_ids, cid)) - goto err; - for (i = 0; i < sk_X509_num(certs); ++i) { - X509 *cert = sk_X509_value(certs, i); - - if ((cid = ESS_CERT_ID_new_init(cert, 1)) == NULL - || !sk_ESS_CERT_ID_push(sc->cert_ids, cid)) - goto err; - } - - return sc; - err: - ESS_SIGNING_CERT_free(sc); - ESS_CERT_ID_free(cid); - ERR_raise(ERR_LIB_ESS, ERR_R_MALLOC_FAILURE); - return NULL; -} - -static ESS_CERT_ID *ESS_CERT_ID_new_init(const X509 *cert, - int set_issuer_serial) -{ - ESS_CERT_ID *cid = NULL; - GENERAL_NAME *name = NULL; - unsigned char cert_sha1[SHA_DIGEST_LENGTH]; - - if ((cid = ESS_CERT_ID_new()) == NULL) - goto err; - if (!X509_digest(cert, EVP_sha1(), cert_sha1, NULL)) - goto err; - if (!ASN1_OCTET_STRING_set(cid->hash, cert_sha1, SHA_DIGEST_LENGTH)) - goto err; - - /* Setting the issuer/serial if requested. */ - if (!set_issuer_serial) - return cid; - - if (cid->issuer_serial == NULL - && (cid->issuer_serial = ESS_ISSUER_SERIAL_new()) == NULL) - goto err; - if ((name = GENERAL_NAME_new()) == NULL) - goto err; - name->type = GEN_DIRNAME; - if ((name->d.dirn = X509_NAME_dup(X509_get_issuer_name(cert))) == NULL) - goto err; - if (!sk_GENERAL_NAME_push(cid->issuer_serial->issuer, name)) - goto err; - name = NULL; /* Ownership is lost. */ - ASN1_INTEGER_free(cid->issuer_serial->serial); - if ((cid->issuer_serial->serial = - ASN1_INTEGER_dup(X509_get0_serialNumber(cert))) == NULL) - goto err; - - return cid; - err: - GENERAL_NAME_free(name); - ESS_CERT_ID_free(cid); - ERR_raise(ERR_LIB_ESS, ERR_R_MALLOC_FAILURE); - return NULL; -} - -ESS_SIGNING_CERT_V2 *OSSL_ESS_signing_cert_v2_new_init(const EVP_MD *hash_alg, - const X509 *signcert, - const - STACK_OF(X509) *certs, - int set_issuer_serial) -{ - ESS_CERT_ID_V2 *cid = NULL; - ESS_SIGNING_CERT_V2 *sc; - int i; - - if ((sc = ESS_SIGNING_CERT_V2_new()) == NULL) - goto err; - cid = ESS_CERT_ID_V2_new_init(hash_alg, signcert, set_issuer_serial); - if (cid == NULL) - goto err; - if (!sk_ESS_CERT_ID_V2_push(sc->cert_ids, cid)) - goto err; - cid = NULL; - - for (i = 0; i < sk_X509_num(certs); ++i) { - X509 *cert = sk_X509_value(certs, i); - - if ((cid = ESS_CERT_ID_V2_new_init(hash_alg, cert, 1)) == NULL) - goto err; - if (!sk_ESS_CERT_ID_V2_push(sc->cert_ids, cid)) - goto err; - cid = NULL; - } - - return sc; - err: - ESS_SIGNING_CERT_V2_free(sc); - ESS_CERT_ID_V2_free(cid); - ERR_raise(ERR_LIB_ESS, ERR_R_MALLOC_FAILURE); - return NULL; -} - -static ESS_CERT_ID_V2 *ESS_CERT_ID_V2_new_init(const EVP_MD *hash_alg, - const X509 *cert, - int set_issuer_serial) -{ - ESS_CERT_ID_V2 *cid; - GENERAL_NAME *name = NULL; - unsigned char hash[EVP_MAX_MD_SIZE]; - unsigned int hash_len = sizeof(hash); - X509_ALGOR *alg = NULL; - - memset(hash, 0, sizeof(hash)); - - if ((cid = ESS_CERT_ID_V2_new()) == NULL) - goto err; - - if (!EVP_MD_is_a(hash_alg, SN_sha256)) { - alg = X509_ALGOR_new(); - if (alg == NULL) - goto err; - X509_ALGOR_set_md(alg, hash_alg); - if (alg->algorithm == NULL) - goto err; - cid->hash_alg = alg; - alg = NULL; - } else { - cid->hash_alg = NULL; - } - - if (!X509_digest(cert, hash_alg, hash, &hash_len)) - goto err; - - if (!ASN1_OCTET_STRING_set(cid->hash, hash, hash_len)) - goto err; - - if (!set_issuer_serial) - return cid; - - if ((cid->issuer_serial = ESS_ISSUER_SERIAL_new()) == NULL) - goto err; - if ((name = GENERAL_NAME_new()) == NULL) - goto err; - name->type = GEN_DIRNAME; - if ((name->d.dirn = X509_NAME_dup(X509_get_issuer_name(cert))) == NULL) - goto err; - if (!sk_GENERAL_NAME_push(cid->issuer_serial->issuer, name)) - goto err; - name = NULL; /* Ownership is lost. */ - ASN1_INTEGER_free(cid->issuer_serial->serial); - cid->issuer_serial->serial = ASN1_INTEGER_dup(X509_get0_serialNumber(cert)); - if (cid->issuer_serial->serial == NULL) - goto err; - - return cid; - err: - X509_ALGOR_free(alg); - GENERAL_NAME_free(name); - ESS_CERT_ID_V2_free(cid); - ERR_raise(ERR_LIB_ESS, ERR_R_MALLOC_FAILURE); - return NULL; -} - -static int ess_issuer_serial_cmp(const ESS_ISSUER_SERIAL *is, const X509 *cert) -{ - GENERAL_NAME *issuer; - - if (is == NULL || cert == NULL || sk_GENERAL_NAME_num(is->issuer) != 1) - return -1; - - issuer = sk_GENERAL_NAME_value(is->issuer, 0); - if (issuer->type != GEN_DIRNAME - || X509_NAME_cmp(issuer->d.dirn, X509_get_issuer_name(cert)) != 0) - return -1; - - return ASN1_INTEGER_cmp(is->serial, X509_get0_serialNumber(cert)); -} - -/* - * Find the cert in |certs| referenced by |cid| if not NULL, else by |cid_v2|. - * The cert must be the first one in |certs| if and only if |index| is 0. - * Return 0 on not found, -1 on error, else 1 + the position in |certs|. - */ -static int find(const ESS_CERT_ID *cid, const ESS_CERT_ID_V2 *cid_v2, - int index, const STACK_OF(X509) *certs) -{ - const X509 *cert; - EVP_MD *md = NULL; - char name[OSSL_MAX_NAME_SIZE]; - unsigned char cert_digest[EVP_MAX_MD_SIZE]; - unsigned int len, cid_hash_len; - const ESS_ISSUER_SERIAL *is; - int i; - int ret = -1; - - if (cid == NULL && cid_v2 == NULL) { - ERR_raise(ERR_LIB_ESS, ERR_R_PASSED_INVALID_ARGUMENT); - return -1; - } - - if (cid != NULL) - strcpy(name, "SHA1"); - else if (cid_v2->hash_alg == NULL) - strcpy(name, "SHA256"); - else - OBJ_obj2txt(name, sizeof(name), cid_v2->hash_alg->algorithm, 0); - - (void)ERR_set_mark(); - md = EVP_MD_fetch(NULL, name, NULL); - - if (md == NULL) - md = (EVP_MD *)EVP_get_digestbyname(name); - - if (md == NULL) { - (void)ERR_clear_last_mark(); - ERR_raise(ERR_LIB_ESS, ESS_R_ESS_DIGEST_ALG_UNKNOWN); - goto end; - } - (void)ERR_pop_to_mark(); - - for (i = 0; i < sk_X509_num(certs); ++i) { - cert = sk_X509_value(certs, i); - - cid_hash_len = cid != NULL ? cid->hash->length : cid_v2->hash->length; - if (!X509_digest(cert, md, cert_digest, &len) - || cid_hash_len != len) { - ERR_raise(ERR_LIB_ESS, ESS_R_ESS_CERT_DIGEST_ERROR); - goto end; - } - - if (memcmp(cid != NULL ? cid->hash->data : cid_v2->hash->data, - cert_digest, len) == 0) { - is = cid != NULL ? cid->issuer_serial : cid_v2->issuer_serial; - /* Well, it's not really required to match the serial numbers. */ - if (is == NULL || ess_issuer_serial_cmp(is, cert) == 0) { - if ((i == 0) == (index == 0)) { - ret = i + 1; - goto end; - } - ERR_raise(ERR_LIB_ESS, ESS_R_ESS_CERT_ID_WRONG_ORDER); - goto end; - } - } - } - - ret = 0; - ERR_raise(ERR_LIB_ESS, ESS_R_ESS_CERT_ID_NOT_FOUND); -end: - EVP_MD_free(md); - return ret; -} - -int OSSL_ESS_check_signing_certs(const ESS_SIGNING_CERT *ss, - const ESS_SIGNING_CERT_V2 *ssv2, - const STACK_OF(X509) *chain, - int require_signing_cert) -{ - int n_v1 = ss == NULL ? -1 : sk_ESS_CERT_ID_num(ss->cert_ids); - int n_v2 = ssv2 == NULL ? -1 : sk_ESS_CERT_ID_V2_num(ssv2->cert_ids); - int i, ret; - - if (require_signing_cert && ss == NULL && ssv2 == NULL) { - ERR_raise(ERR_LIB_CMS, ESS_R_MISSING_SIGNING_CERTIFICATE_ATTRIBUTE); - return -1; - } - if (n_v1 == 0 || n_v2 == 0) { - ERR_raise(ERR_LIB_ESS, ESS_R_EMPTY_ESS_CERT_ID_LIST); - return -1; - } - /* If both ss and ssv2 exist, as required evaluate them independently. */ - for (i = 0; i < n_v1; i++) { - ret = find(sk_ESS_CERT_ID_value(ss->cert_ids, i), NULL, i, chain); - if (ret <= 0) - return ret; - } - for (i = 0; i < n_v2; i++) { - ret = find(NULL, sk_ESS_CERT_ID_V2_value(ssv2->cert_ids, i), i, chain); - if (ret <= 0) - return ret; - } - return 1; -} diff --git a/crypto/evp/asymcipher.c b/crypto/evp/asymcipher.c deleted file mode 100644 index b7784c899457ee26ff4d73d4ced452e8244551f6..0000000000000000000000000000000000000000 --- a/crypto/evp/asymcipher.c +++ /dev/null @@ -1,552 +0,0 @@ -/* - * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include -#include "internal/cryptlib.h" -#include "internal/provider.h" -#include "internal/core.h" -#include "crypto/evp.h" -#include "evp_local.h" - -static int evp_pkey_asym_cipher_init(EVP_PKEY_CTX *ctx, int operation, - const OSSL_PARAM params[]) -{ - int ret = 0; - void *provkey = NULL; - EVP_ASYM_CIPHER *cipher = NULL; - EVP_KEYMGMT *tmp_keymgmt = NULL; - const OSSL_PROVIDER *tmp_prov = NULL; - const char *supported_ciph = NULL; - int iter; - - if (ctx == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); - return -2; - } - - evp_pkey_ctx_free_old_ops(ctx); - ctx->operation = operation; - - ERR_set_mark(); - - if (evp_pkey_ctx_is_legacy(ctx)) - goto legacy; - - if (ctx->pkey == NULL) { - ERR_clear_last_mark(); - ERR_raise(ERR_LIB_EVP, EVP_R_NO_KEY_SET); - goto err; - } - - /* - * Try to derive the supported asym cipher from |ctx->keymgmt|. - */ - if (!ossl_assert(ctx->pkey->keymgmt == NULL - || ctx->pkey->keymgmt == ctx->keymgmt)) { - ERR_clear_last_mark(); - ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR); - goto err; - } - supported_ciph - = evp_keymgmt_util_query_operation_name(ctx->keymgmt, - OSSL_OP_ASYM_CIPHER); - if (supported_ciph == NULL) { - ERR_clear_last_mark(); - ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); - goto err; - } - - /* - * We perform two iterations: - * - * 1. Do the normal asym cipher fetch, using the fetching data given by - * the EVP_PKEY_CTX. - * 2. Do the provider specific asym cipher fetch, from the same provider - * as |ctx->keymgmt| - * - * We then try to fetch the keymgmt from the same provider as the - * asym cipher, and try to export |ctx->pkey| to that keymgmt (when - * this keymgmt happens to be the same as |ctx->keymgmt|, the export - * is a no-op, but we call it anyway to not complicate the code even - * more). - * If the export call succeeds (returns a non-NULL provider key pointer), - * we're done and can perform the operation itself. If not, we perform - * the second iteration, or jump to legacy. - */ - for (iter = 1, provkey = NULL; iter < 3 && provkey == NULL; iter++) { - EVP_KEYMGMT *tmp_keymgmt_tofree; - - /* - * If we're on the second iteration, free the results from the first. - * They are NULL on the first iteration, so no need to check what - * iteration we're on. - */ - EVP_ASYM_CIPHER_free(cipher); - EVP_KEYMGMT_free(tmp_keymgmt); - - switch (iter) { - case 1: - cipher = EVP_ASYM_CIPHER_fetch(ctx->libctx, supported_ciph, - ctx->propquery); - if (cipher != NULL) - tmp_prov = EVP_ASYM_CIPHER_get0_provider(cipher); - break; - case 2: - tmp_prov = EVP_KEYMGMT_get0_provider(ctx->keymgmt); - cipher = - evp_asym_cipher_fetch_from_prov((OSSL_PROVIDER *)tmp_prov, - supported_ciph, ctx->propquery); - if (cipher == NULL) - goto legacy; - break; - } - if (cipher == NULL) - continue; - - /* - * Ensure that the key is provided, either natively, or as a cached - * export. We start by fetching the keymgmt with the same name as - * |ctx->pkey|, but from the provider of the asym cipher method, using - * the same property query as when fetching the asym cipher method. - * With the keymgmt we found (if we did), we try to export |ctx->pkey| - * to it (evp_pkey_export_to_provider() is smart enough to only actually - * export it if |tmp_keymgmt| is different from |ctx->pkey|'s keymgmt) - */ - tmp_keymgmt_tofree = tmp_keymgmt - = evp_keymgmt_fetch_from_prov((OSSL_PROVIDER *)tmp_prov, - EVP_KEYMGMT_get0_name(ctx->keymgmt), - ctx->propquery); - if (tmp_keymgmt != NULL) - provkey = evp_pkey_export_to_provider(ctx->pkey, ctx->libctx, - &tmp_keymgmt, ctx->propquery); - if (tmp_keymgmt == NULL) - EVP_KEYMGMT_free(tmp_keymgmt_tofree); - } - - if (provkey == NULL) { - EVP_ASYM_CIPHER_free(cipher); - goto legacy; - } - - ERR_pop_to_mark(); - - /* No more legacy from here down to legacy: */ - - ctx->op.ciph.cipher = cipher; - ctx->op.ciph.algctx = cipher->newctx(ossl_provider_ctx(cipher->prov)); - if (ctx->op.ciph.algctx == NULL) { - /* The provider key can stay in the cache */ - ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); - goto err; - } - - switch (operation) { - case EVP_PKEY_OP_ENCRYPT: - if (cipher->encrypt_init == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); - ret = -2; - goto err; - } - ret = cipher->encrypt_init(ctx->op.ciph.algctx, provkey, params); - break; - case EVP_PKEY_OP_DECRYPT: - if (cipher->decrypt_init == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); - ret = -2; - goto err; - } - ret = cipher->decrypt_init(ctx->op.ciph.algctx, provkey, params); - break; - default: - ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); - goto err; - } - - if (ret <= 0) - goto err; - EVP_KEYMGMT_free(tmp_keymgmt); - return 1; - - legacy: - /* - * If we don't have the full support we need with provided methods, - * let's go see if legacy does. - */ - ERR_pop_to_mark(); - EVP_KEYMGMT_free(tmp_keymgmt); - tmp_keymgmt = NULL; - - if (ctx->pmeth == NULL || ctx->pmeth->encrypt == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); - return -2; - } - switch(ctx->operation) { - case EVP_PKEY_OP_ENCRYPT: - if (ctx->pmeth->encrypt_init == NULL) - return 1; - ret = ctx->pmeth->encrypt_init(ctx); - break; - case EVP_PKEY_OP_DECRYPT: - if (ctx->pmeth->decrypt_init == NULL) - return 1; - ret = ctx->pmeth->decrypt_init(ctx); - break; - default: - ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); - ret = -1; - } - - err: - if (ret <= 0) { - evp_pkey_ctx_free_old_ops(ctx); - ctx->operation = EVP_PKEY_OP_UNDEFINED; - } - EVP_KEYMGMT_free(tmp_keymgmt); - return ret; -} - -int EVP_PKEY_encrypt_init(EVP_PKEY_CTX *ctx) -{ - return evp_pkey_asym_cipher_init(ctx, EVP_PKEY_OP_ENCRYPT, NULL); -} - -int EVP_PKEY_encrypt_init_ex(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[]) -{ - return evp_pkey_asym_cipher_init(ctx, EVP_PKEY_OP_ENCRYPT, params); -} - -int EVP_PKEY_encrypt(EVP_PKEY_CTX *ctx, - unsigned char *out, size_t *outlen, - const unsigned char *in, size_t inlen) -{ - int ret; - - if (ctx == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); - return -2; - } - - if (ctx->operation != EVP_PKEY_OP_ENCRYPT) { - ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_INITIALIZED); - return -1; - } - - if (ctx->op.ciph.algctx == NULL) - goto legacy; - - ret = ctx->op.ciph.cipher->encrypt(ctx->op.ciph.algctx, out, outlen, - (out == NULL ? 0 : *outlen), in, inlen); - return ret; - - legacy: - if (ctx->pmeth == NULL || ctx->pmeth->encrypt == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); - return -2; - } - M_check_autoarg(ctx, out, outlen, EVP_F_EVP_PKEY_ENCRYPT) - return ctx->pmeth->encrypt(ctx, out, outlen, in, inlen); -} - -int EVP_PKEY_decrypt_init(EVP_PKEY_CTX *ctx) -{ - return evp_pkey_asym_cipher_init(ctx, EVP_PKEY_OP_DECRYPT, NULL); -} - -int EVP_PKEY_decrypt_init_ex(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[]) -{ - return evp_pkey_asym_cipher_init(ctx, EVP_PKEY_OP_DECRYPT, params); -} - -int EVP_PKEY_decrypt(EVP_PKEY_CTX *ctx, - unsigned char *out, size_t *outlen, - const unsigned char *in, size_t inlen) -{ - int ret; - - if (ctx == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); - return -2; - } - - if (ctx->operation != EVP_PKEY_OP_DECRYPT) { - ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_INITIALIZED); - return -1; - } - - if (ctx->op.ciph.algctx == NULL) - goto legacy; - - ret = ctx->op.ciph.cipher->decrypt(ctx->op.ciph.algctx, out, outlen, - (out == NULL ? 0 : *outlen), in, inlen); - return ret; - - legacy: - if (ctx->pmeth == NULL || ctx->pmeth->decrypt == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); - return -2; - } - M_check_autoarg(ctx, out, outlen, EVP_F_EVP_PKEY_DECRYPT) - return ctx->pmeth->decrypt(ctx, out, outlen, in, inlen); -} - - -static EVP_ASYM_CIPHER *evp_asym_cipher_new(OSSL_PROVIDER *prov) -{ - EVP_ASYM_CIPHER *cipher = OPENSSL_zalloc(sizeof(EVP_ASYM_CIPHER)); - - if (cipher == NULL) { - ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE); - return NULL; - } - - cipher->lock = CRYPTO_THREAD_lock_new(); - if (cipher->lock == NULL) { - ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE); - OPENSSL_free(cipher); - return NULL; - } - cipher->prov = prov; - ossl_provider_up_ref(prov); - cipher->refcnt = 1; - - return cipher; -} - -static void *evp_asym_cipher_from_algorithm(int name_id, - const OSSL_ALGORITHM *algodef, - OSSL_PROVIDER *prov) -{ - const OSSL_DISPATCH *fns = algodef->implementation; - EVP_ASYM_CIPHER *cipher = NULL; - int ctxfncnt = 0, encfncnt = 0, decfncnt = 0; - int gparamfncnt = 0, sparamfncnt = 0; - - if ((cipher = evp_asym_cipher_new(prov)) == NULL) { - ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE); - goto err; - } - - cipher->name_id = name_id; - if ((cipher->type_name = ossl_algorithm_get1_first_name(algodef)) == NULL) - goto err; - cipher->description = algodef->algorithm_description; - - for (; fns->function_id != 0; fns++) { - switch (fns->function_id) { - case OSSL_FUNC_ASYM_CIPHER_NEWCTX: - if (cipher->newctx != NULL) - break; - cipher->newctx = OSSL_FUNC_asym_cipher_newctx(fns); - ctxfncnt++; - break; - case OSSL_FUNC_ASYM_CIPHER_ENCRYPT_INIT: - if (cipher->encrypt_init != NULL) - break; - cipher->encrypt_init = OSSL_FUNC_asym_cipher_encrypt_init(fns); - encfncnt++; - break; - case OSSL_FUNC_ASYM_CIPHER_ENCRYPT: - if (cipher->encrypt != NULL) - break; - cipher->encrypt = OSSL_FUNC_asym_cipher_encrypt(fns); - encfncnt++; - break; - case OSSL_FUNC_ASYM_CIPHER_DECRYPT_INIT: - if (cipher->decrypt_init != NULL) - break; - cipher->decrypt_init = OSSL_FUNC_asym_cipher_decrypt_init(fns); - decfncnt++; - break; - case OSSL_FUNC_ASYM_CIPHER_DECRYPT: - if (cipher->decrypt != NULL) - break; - cipher->decrypt = OSSL_FUNC_asym_cipher_decrypt(fns); - decfncnt++; - break; - case OSSL_FUNC_ASYM_CIPHER_FREECTX: - if (cipher->freectx != NULL) - break; - cipher->freectx = OSSL_FUNC_asym_cipher_freectx(fns); - ctxfncnt++; - break; - case OSSL_FUNC_ASYM_CIPHER_DUPCTX: - if (cipher->dupctx != NULL) - break; - cipher->dupctx = OSSL_FUNC_asym_cipher_dupctx(fns); - break; - case OSSL_FUNC_ASYM_CIPHER_GET_CTX_PARAMS: - if (cipher->get_ctx_params != NULL) - break; - cipher->get_ctx_params - = OSSL_FUNC_asym_cipher_get_ctx_params(fns); - gparamfncnt++; - break; - case OSSL_FUNC_ASYM_CIPHER_GETTABLE_CTX_PARAMS: - if (cipher->gettable_ctx_params != NULL) - break; - cipher->gettable_ctx_params - = OSSL_FUNC_asym_cipher_gettable_ctx_params(fns); - gparamfncnt++; - break; - case OSSL_FUNC_ASYM_CIPHER_SET_CTX_PARAMS: - if (cipher->set_ctx_params != NULL) - break; - cipher->set_ctx_params - = OSSL_FUNC_asym_cipher_set_ctx_params(fns); - sparamfncnt++; - break; - case OSSL_FUNC_ASYM_CIPHER_SETTABLE_CTX_PARAMS: - if (cipher->settable_ctx_params != NULL) - break; - cipher->settable_ctx_params - = OSSL_FUNC_asym_cipher_settable_ctx_params(fns); - sparamfncnt++; - break; - } - } - if (ctxfncnt != 2 - || (encfncnt != 0 && encfncnt != 2) - || (decfncnt != 0 && decfncnt != 2) - || (encfncnt != 2 && decfncnt != 2) - || (gparamfncnt != 0 && gparamfncnt != 2) - || (sparamfncnt != 0 && sparamfncnt != 2)) { - /* - * In order to be a consistent set of functions we must have at least - * a set of context functions (newctx and freectx) as well as a pair of - * "cipher" functions: (encrypt_init, encrypt) or - * (decrypt_init decrypt). set_ctx_params and settable_ctx_params are - * optional, but if one of them is present then the other one must also - * be present. The same applies to get_ctx_params and - * gettable_ctx_params. The dupctx function is optional. - */ - ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS); - goto err; - } - - return cipher; - err: - EVP_ASYM_CIPHER_free(cipher); - return NULL; -} - -void EVP_ASYM_CIPHER_free(EVP_ASYM_CIPHER *cipher) -{ - int i; - - if (cipher == NULL) - return; - CRYPTO_DOWN_REF(&cipher->refcnt, &i, cipher->lock); - if (i > 0) - return; - OPENSSL_free(cipher->type_name); - ossl_provider_free(cipher->prov); - CRYPTO_THREAD_lock_free(cipher->lock); - OPENSSL_free(cipher); -} - -int EVP_ASYM_CIPHER_up_ref(EVP_ASYM_CIPHER *cipher) -{ - int ref = 0; - - CRYPTO_UP_REF(&cipher->refcnt, &ref, cipher->lock); - return 1; -} - -OSSL_PROVIDER *EVP_ASYM_CIPHER_get0_provider(const EVP_ASYM_CIPHER *cipher) -{ - return cipher->prov; -} - -EVP_ASYM_CIPHER *EVP_ASYM_CIPHER_fetch(OSSL_LIB_CTX *ctx, const char *algorithm, - const char *properties) -{ - return evp_generic_fetch(ctx, OSSL_OP_ASYM_CIPHER, algorithm, properties, - evp_asym_cipher_from_algorithm, - (int (*)(void *))EVP_ASYM_CIPHER_up_ref, - (void (*)(void *))EVP_ASYM_CIPHER_free); -} - -EVP_ASYM_CIPHER *evp_asym_cipher_fetch_from_prov(OSSL_PROVIDER *prov, - const char *algorithm, - const char *properties) -{ - return evp_generic_fetch_from_prov(prov, OSSL_OP_ASYM_CIPHER, - algorithm, properties, - evp_asym_cipher_from_algorithm, - (int (*)(void *))EVP_ASYM_CIPHER_up_ref, - (void (*)(void *))EVP_ASYM_CIPHER_free); -} - -int EVP_ASYM_CIPHER_is_a(const EVP_ASYM_CIPHER *cipher, const char *name) -{ - return evp_is_a(cipher->prov, cipher->name_id, NULL, name); -} - -int evp_asym_cipher_get_number(const EVP_ASYM_CIPHER *cipher) -{ - return cipher->name_id; -} - -const char *EVP_ASYM_CIPHER_get0_name(const EVP_ASYM_CIPHER *cipher) -{ - return cipher->type_name; -} - -const char *EVP_ASYM_CIPHER_get0_description(const EVP_ASYM_CIPHER *cipher) -{ - return cipher->description; -} - -void EVP_ASYM_CIPHER_do_all_provided(OSSL_LIB_CTX *libctx, - void (*fn)(EVP_ASYM_CIPHER *cipher, - void *arg), - void *arg) -{ - evp_generic_do_all(libctx, OSSL_OP_ASYM_CIPHER, - (void (*)(void *, void *))fn, arg, - evp_asym_cipher_from_algorithm, - (int (*)(void *))EVP_ASYM_CIPHER_up_ref, - (void (*)(void *))EVP_ASYM_CIPHER_free); -} - - -int EVP_ASYM_CIPHER_names_do_all(const EVP_ASYM_CIPHER *cipher, - void (*fn)(const char *name, void *data), - void *data) -{ - if (cipher->prov != NULL) - return evp_names_do_all(cipher->prov, cipher->name_id, fn, data); - - return 1; -} - -const OSSL_PARAM *EVP_ASYM_CIPHER_gettable_ctx_params(const EVP_ASYM_CIPHER *cip) -{ - void *provctx; - - if (cip == NULL || cip->gettable_ctx_params == NULL) - return NULL; - - provctx = ossl_provider_ctx(EVP_ASYM_CIPHER_get0_provider(cip)); - return cip->gettable_ctx_params(NULL, provctx); -} - -const OSSL_PARAM *EVP_ASYM_CIPHER_settable_ctx_params(const EVP_ASYM_CIPHER *cip) -{ - void *provctx; - - if (cip == NULL || cip->settable_ctx_params == NULL) - return NULL; - - provctx = ossl_provider_ctx(EVP_ASYM_CIPHER_get0_provider(cip)); - return cip->settable_ctx_params(NULL, provctx); -} diff --git a/crypto/evp/bio_b64.c b/crypto/evp/bio_b64.c deleted file mode 100644 index 81d2609c302bc35341a4b0d2aa2f6b1964180822..0000000000000000000000000000000000000000 --- a/crypto/evp/bio_b64.c +++ /dev/null @@ -1,546 +0,0 @@ -/* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include "internal/cryptlib.h" -#include -#include -#include "internal/bio.h" - -static int b64_write(BIO *h, const char *buf, int num); -static int b64_read(BIO *h, char *buf, int size); -static int b64_puts(BIO *h, const char *str); -static long b64_ctrl(BIO *h, int cmd, long arg1, void *arg2); -static int b64_new(BIO *h); -static int b64_free(BIO *data); -static long b64_callback_ctrl(BIO *h, int cmd, BIO_info_cb *fp); -#define B64_BLOCK_SIZE 1024 -#define B64_BLOCK_SIZE2 768 -#define B64_NONE 0 -#define B64_ENCODE 1 -#define B64_DECODE 2 - -typedef struct b64_struct { - /* - * BIO *bio; moved to the BIO structure - */ - int buf_len; - int buf_off; - int tmp_len; /* used to find the start when decoding */ - int tmp_nl; /* If true, scan until '\n' */ - int encode; - int start; /* have we started decoding yet? */ - int cont; /* <= 0 when finished */ - EVP_ENCODE_CTX *base64; - char buf[EVP_ENCODE_LENGTH(B64_BLOCK_SIZE) + 10]; - char tmp[B64_BLOCK_SIZE]; -} BIO_B64_CTX; - -static const BIO_METHOD methods_b64 = { - BIO_TYPE_BASE64, - "base64 encoding", - bwrite_conv, - b64_write, - bread_conv, - b64_read, - b64_puts, - NULL, /* b64_gets, */ - b64_ctrl, - b64_new, - b64_free, - b64_callback_ctrl, -}; - - -const BIO_METHOD *BIO_f_base64(void) -{ - return &methods_b64; -} - -static int b64_new(BIO *bi) -{ - BIO_B64_CTX *ctx; - - if ((ctx = OPENSSL_zalloc(sizeof(*ctx))) == NULL) { - ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE); - return 0; - } - - ctx->cont = 1; - ctx->start = 1; - ctx->base64 = EVP_ENCODE_CTX_new(); - if (ctx->base64 == NULL) { - OPENSSL_free(ctx); - return 0; - } - - BIO_set_data(bi, ctx); - BIO_set_init(bi, 1); - - return 1; -} - -static int b64_free(BIO *a) -{ - BIO_B64_CTX *ctx; - if (a == NULL) - return 0; - - ctx = BIO_get_data(a); - if (ctx == NULL) - return 0; - - EVP_ENCODE_CTX_free(ctx->base64); - OPENSSL_free(ctx); - BIO_set_data(a, NULL); - BIO_set_init(a, 0); - - return 1; -} - -static int b64_read(BIO *b, char *out, int outl) -{ - int ret = 0, i, ii, j, k, x, n, num, ret_code = 0; - BIO_B64_CTX *ctx; - unsigned char *p, *q; - BIO *next; - - if (out == NULL) - return 0; - ctx = (BIO_B64_CTX *)BIO_get_data(b); - - next = BIO_next(b); - if ((ctx == NULL) || (next == NULL)) - return 0; - - BIO_clear_retry_flags(b); - - if (ctx->encode != B64_DECODE) { - ctx->encode = B64_DECODE; - ctx->buf_len = 0; - ctx->buf_off = 0; - ctx->tmp_len = 0; - EVP_DecodeInit(ctx->base64); - } - - /* First check if there are bytes decoded/encoded */ - if (ctx->buf_len > 0) { - OPENSSL_assert(ctx->buf_len >= ctx->buf_off); - i = ctx->buf_len - ctx->buf_off; - if (i > outl) - i = outl; - OPENSSL_assert(ctx->buf_off + i < (int)sizeof(ctx->buf)); - memcpy(out, &(ctx->buf[ctx->buf_off]), i); - ret = i; - out += i; - outl -= i; - ctx->buf_off += i; - if (ctx->buf_len == ctx->buf_off) { - ctx->buf_len = 0; - ctx->buf_off = 0; - } - } - - /* - * At this point, we have room of outl bytes and an empty buffer, so we - * should read in some more. - */ - - ret_code = 0; - while (outl > 0) { - if (ctx->cont <= 0) - break; - - i = BIO_read(next, &(ctx->tmp[ctx->tmp_len]), - B64_BLOCK_SIZE - ctx->tmp_len); - - if (i <= 0) { - ret_code = i; - - /* Should we continue next time we are called? */ - if (!BIO_should_retry(next)) { - ctx->cont = i; - /* If buffer empty break */ - if (ctx->tmp_len == 0) - break; - /* Fall through and process what we have */ - else - i = 0; - } - /* else we retry and add more data to buffer */ - else - break; - } - i += ctx->tmp_len; - ctx->tmp_len = i; - - /* - * We need to scan, a line at a time until we have a valid line if we - * are starting. - */ - if (ctx->start && (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL)) { - /* ctx->start=1; */ - ctx->tmp_len = 0; - } else if (ctx->start) { - q = p = (unsigned char *)ctx->tmp; - num = 0; - for (j = 0; j < i; j++) { - if (*(q++) != '\n') - continue; - - /* - * due to a previous very long line, we need to keep on - * scanning for a '\n' before we even start looking for - * base64 encoded stuff. - */ - if (ctx->tmp_nl) { - p = q; - ctx->tmp_nl = 0; - continue; - } - - k = EVP_DecodeUpdate(ctx->base64, - (unsigned char *)ctx->buf, - &num, p, q - p); - if ((k <= 0) && (num == 0) && (ctx->start)) - EVP_DecodeInit(ctx->base64); - else { - if (p != (unsigned char *) - &(ctx->tmp[0])) { - i -= (p - (unsigned char *) - &(ctx->tmp[0])); - for (x = 0; x < i; x++) - ctx->tmp[x] = p[x]; - } - EVP_DecodeInit(ctx->base64); - ctx->start = 0; - break; - } - p = q; - } - - /* we fell off the end without starting */ - if ((j == i) && (num == 0)) { - /* - * Is this is one long chunk?, if so, keep on reading until a - * new line. - */ - if (p == (unsigned char *)&(ctx->tmp[0])) { - /* Check buffer full */ - if (i == B64_BLOCK_SIZE) { - ctx->tmp_nl = 1; - ctx->tmp_len = 0; - } - } else if (p != q) { /* finished on a '\n' */ - n = q - p; - for (ii = 0; ii < n; ii++) - ctx->tmp[ii] = p[ii]; - ctx->tmp_len = n; - } - /* else finished on a '\n' */ - continue; - } else { - ctx->tmp_len = 0; - } - } else if ((i < B64_BLOCK_SIZE) && (ctx->cont > 0)) { - /* - * If buffer isn't full and we can retry then restart to read in - * more data. - */ - continue; - } - - if (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL) { - int z, jj; - - jj = i & ~3; /* process per 4 */ - z = EVP_DecodeBlock((unsigned char *)ctx->buf, - (unsigned char *)ctx->tmp, jj); - if (jj > 2) { - if (ctx->tmp[jj - 1] == '=') { - z--; - if (ctx->tmp[jj - 2] == '=') - z--; - } - } - /* - * z is now number of output bytes and jj is the number consumed - */ - if (jj != i) { - memmove(ctx->tmp, &ctx->tmp[jj], i - jj); - ctx->tmp_len = i - jj; - } - ctx->buf_len = 0; - if (z > 0) { - ctx->buf_len = z; - } - i = z; - } else { - i = EVP_DecodeUpdate(ctx->base64, - (unsigned char *)ctx->buf, &ctx->buf_len, - (unsigned char *)ctx->tmp, i); - ctx->tmp_len = 0; - } - /* - * If eof or an error was signalled, then the condition - * 'ctx->cont <= 0' will prevent b64_read() from reading - * more data on subsequent calls. This assignment was - * deleted accidentally in commit 5562cfaca4f3. - */ - ctx->cont = i; - - ctx->buf_off = 0; - if (i < 0) { - ret_code = 0; - ctx->buf_len = 0; - break; - } - - if (ctx->buf_len <= outl) - i = ctx->buf_len; - else - i = outl; - - memcpy(out, ctx->buf, i); - ret += i; - ctx->buf_off = i; - if (ctx->buf_off == ctx->buf_len) { - ctx->buf_len = 0; - ctx->buf_off = 0; - } - outl -= i; - out += i; - } - /* BIO_clear_retry_flags(b); */ - BIO_copy_next_retry(b); - return ((ret == 0) ? ret_code : ret); -} - -static int b64_write(BIO *b, const char *in, int inl) -{ - int ret = 0; - int n; - int i; - BIO_B64_CTX *ctx; - BIO *next; - - ctx = (BIO_B64_CTX *)BIO_get_data(b); - next = BIO_next(b); - if ((ctx == NULL) || (next == NULL)) - return 0; - - BIO_clear_retry_flags(b); - - if (ctx->encode != B64_ENCODE) { - ctx->encode = B64_ENCODE; - ctx->buf_len = 0; - ctx->buf_off = 0; - ctx->tmp_len = 0; - EVP_EncodeInit(ctx->base64); - } - - OPENSSL_assert(ctx->buf_off < (int)sizeof(ctx->buf)); - OPENSSL_assert(ctx->buf_len <= (int)sizeof(ctx->buf)); - OPENSSL_assert(ctx->buf_len >= ctx->buf_off); - n = ctx->buf_len - ctx->buf_off; - while (n > 0) { - i = BIO_write(next, &(ctx->buf[ctx->buf_off]), n); - if (i <= 0) { - BIO_copy_next_retry(b); - return i; - } - OPENSSL_assert(i <= n); - ctx->buf_off += i; - OPENSSL_assert(ctx->buf_off <= (int)sizeof(ctx->buf)); - OPENSSL_assert(ctx->buf_len >= ctx->buf_off); - n -= i; - } - /* at this point all pending data has been written */ - ctx->buf_off = 0; - ctx->buf_len = 0; - - if ((in == NULL) || (inl <= 0)) - return 0; - - while (inl > 0) { - n = (inl > B64_BLOCK_SIZE) ? B64_BLOCK_SIZE : inl; - - if (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL) { - if (ctx->tmp_len > 0) { - OPENSSL_assert(ctx->tmp_len <= 3); - n = 3 - ctx->tmp_len; - /* - * There's a theoretical possibility for this - */ - if (n > inl) - n = inl; - memcpy(&(ctx->tmp[ctx->tmp_len]), in, n); - ctx->tmp_len += n; - ret += n; - if (ctx->tmp_len < 3) - break; - ctx->buf_len = - EVP_EncodeBlock((unsigned char *)ctx->buf, - (unsigned char *)ctx->tmp, ctx->tmp_len); - OPENSSL_assert(ctx->buf_len <= (int)sizeof(ctx->buf)); - OPENSSL_assert(ctx->buf_len >= ctx->buf_off); - /* - * Since we're now done using the temporary buffer, the - * length should be 0'd - */ - ctx->tmp_len = 0; - } else { - if (n < 3) { - memcpy(ctx->tmp, in, n); - ctx->tmp_len = n; - ret += n; - break; - } - n -= n % 3; - ctx->buf_len = - EVP_EncodeBlock((unsigned char *)ctx->buf, - (const unsigned char *)in, n); - OPENSSL_assert(ctx->buf_len <= (int)sizeof(ctx->buf)); - OPENSSL_assert(ctx->buf_len >= ctx->buf_off); - ret += n; - } - } else { - if (!EVP_EncodeUpdate(ctx->base64, - (unsigned char *)ctx->buf, &ctx->buf_len, - (unsigned char *)in, n)) - return ((ret == 0) ? -1 : ret); - OPENSSL_assert(ctx->buf_len <= (int)sizeof(ctx->buf)); - OPENSSL_assert(ctx->buf_len >= ctx->buf_off); - ret += n; - } - inl -= n; - in += n; - - ctx->buf_off = 0; - n = ctx->buf_len; - while (n > 0) { - i = BIO_write(next, &(ctx->buf[ctx->buf_off]), n); - if (i <= 0) { - BIO_copy_next_retry(b); - return ((ret == 0) ? i : ret); - } - OPENSSL_assert(i <= n); - n -= i; - ctx->buf_off += i; - OPENSSL_assert(ctx->buf_off <= (int)sizeof(ctx->buf)); - OPENSSL_assert(ctx->buf_len >= ctx->buf_off); - } - ctx->buf_len = 0; - ctx->buf_off = 0; - } - return ret; -} - -static long b64_ctrl(BIO *b, int cmd, long num, void *ptr) -{ - BIO_B64_CTX *ctx; - long ret = 1; - int i; - BIO *next; - - ctx = (BIO_B64_CTX *)BIO_get_data(b); - next = BIO_next(b); - if ((ctx == NULL) || (next == NULL)) - return 0; - - switch (cmd) { - case BIO_CTRL_RESET: - ctx->cont = 1; - ctx->start = 1; - ctx->encode = B64_NONE; - ret = BIO_ctrl(next, cmd, num, ptr); - break; - case BIO_CTRL_EOF: /* More to read */ - if (ctx->cont <= 0) - ret = 1; - else - ret = BIO_ctrl(next, cmd, num, ptr); - break; - case BIO_CTRL_WPENDING: /* More to write in buffer */ - OPENSSL_assert(ctx->buf_len >= ctx->buf_off); - ret = ctx->buf_len - ctx->buf_off; - if ((ret == 0) && (ctx->encode != B64_NONE) - && (EVP_ENCODE_CTX_num(ctx->base64) != 0)) - ret = 1; - else if (ret <= 0) - ret = BIO_ctrl(next, cmd, num, ptr); - break; - case BIO_CTRL_PENDING: /* More to read in buffer */ - OPENSSL_assert(ctx->buf_len >= ctx->buf_off); - ret = ctx->buf_len - ctx->buf_off; - if (ret <= 0) - ret = BIO_ctrl(next, cmd, num, ptr); - break; - case BIO_CTRL_FLUSH: - /* do a final write */ - again: - while (ctx->buf_len != ctx->buf_off) { - i = b64_write(b, NULL, 0); - if (i < 0) - return i; - } - if (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL) { - if (ctx->tmp_len != 0) { - ctx->buf_len = EVP_EncodeBlock((unsigned char *)ctx->buf, - (unsigned char *)ctx->tmp, - ctx->tmp_len); - ctx->buf_off = 0; - ctx->tmp_len = 0; - goto again; - } - } else if (ctx->encode != B64_NONE - && EVP_ENCODE_CTX_num(ctx->base64) != 0) { - ctx->buf_off = 0; - EVP_EncodeFinal(ctx->base64, - (unsigned char *)ctx->buf, &(ctx->buf_len)); - /* push out the bytes */ - goto again; - } - /* Finally flush the underlying BIO */ - ret = BIO_ctrl(next, cmd, num, ptr); - break; - - case BIO_C_DO_STATE_MACHINE: - BIO_clear_retry_flags(b); - ret = BIO_ctrl(next, cmd, num, ptr); - BIO_copy_next_retry(b); - break; - - case BIO_CTRL_DUP: - break; - case BIO_CTRL_INFO: - case BIO_CTRL_GET: - case BIO_CTRL_SET: - default: - ret = BIO_ctrl(next, cmd, num, ptr); - break; - } - return ret; -} - -static long b64_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp) -{ - BIO *next = BIO_next(b); - - if (next == NULL) - return 0; - - return BIO_callback_ctrl(next, cmd, fp); -} - -static int b64_puts(BIO *b, const char *str) -{ - return b64_write(b, str, strlen(str)); -} diff --git a/crypto/evp/bio_enc.c b/crypto/evp/bio_enc.c deleted file mode 100644 index 2d52c48d1a0f66583254c0c6fc58ef455abf2301..0000000000000000000000000000000000000000 --- a/crypto/evp/bio_enc.c +++ /dev/null @@ -1,441 +0,0 @@ -/* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#define OPENSSL_SUPPRESS_DEPRECATED /* for BIO_get_callback */ - -#include -#include -#include "internal/cryptlib.h" -#include -#include -#include "internal/bio.h" - -static int enc_write(BIO *h, const char *buf, int num); -static int enc_read(BIO *h, char *buf, int size); -static long enc_ctrl(BIO *h, int cmd, long arg1, void *arg2); -static int enc_new(BIO *h); -static int enc_free(BIO *data); -static long enc_callback_ctrl(BIO *h, int cmd, BIO_info_cb *fps); -#define ENC_BLOCK_SIZE (1024*4) -#define ENC_MIN_CHUNK (256) -#define BUF_OFFSET (ENC_MIN_CHUNK + EVP_MAX_BLOCK_LENGTH) - -typedef struct enc_struct { - int buf_len; - int buf_off; - int cont; /* <= 0 when finished */ - int finished; - int ok; /* bad decrypt */ - EVP_CIPHER_CTX *cipher; - unsigned char *read_start, *read_end; - /* - * buf is larger than ENC_BLOCK_SIZE because EVP_DecryptUpdate can return - * up to a block more data than is presented to it - */ - unsigned char buf[BUF_OFFSET + ENC_BLOCK_SIZE]; -} BIO_ENC_CTX; - -static const BIO_METHOD methods_enc = { - BIO_TYPE_CIPHER, - "cipher", - bwrite_conv, - enc_write, - bread_conv, - enc_read, - NULL, /* enc_puts, */ - NULL, /* enc_gets, */ - enc_ctrl, - enc_new, - enc_free, - enc_callback_ctrl, -}; - -const BIO_METHOD *BIO_f_cipher(void) -{ - return &methods_enc; -} - -static int enc_new(BIO *bi) -{ - BIO_ENC_CTX *ctx; - - if ((ctx = OPENSSL_zalloc(sizeof(*ctx))) == NULL) { - ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE); - return 0; - } - - ctx->cipher = EVP_CIPHER_CTX_new(); - if (ctx->cipher == NULL) { - OPENSSL_free(ctx); - return 0; - } - ctx->cont = 1; - ctx->ok = 1; - ctx->read_end = ctx->read_start = &(ctx->buf[BUF_OFFSET]); - BIO_set_data(bi, ctx); - BIO_set_init(bi, 1); - - return 1; -} - -static int enc_free(BIO *a) -{ - BIO_ENC_CTX *b; - - if (a == NULL) - return 0; - - b = BIO_get_data(a); - if (b == NULL) - return 0; - - EVP_CIPHER_CTX_free(b->cipher); - OPENSSL_clear_free(b, sizeof(BIO_ENC_CTX)); - BIO_set_data(a, NULL); - BIO_set_init(a, 0); - - return 1; -} - -static int enc_read(BIO *b, char *out, int outl) -{ - int ret = 0, i, blocksize; - BIO_ENC_CTX *ctx; - BIO *next; - - if (out == NULL) - return 0; - ctx = BIO_get_data(b); - - next = BIO_next(b); - if ((ctx == NULL) || (next == NULL)) - return 0; - - /* First check if there are bytes decoded/encoded */ - if (ctx->buf_len > 0) { - i = ctx->buf_len - ctx->buf_off; - if (i > outl) - i = outl; - memcpy(out, &(ctx->buf[ctx->buf_off]), i); - ret = i; - out += i; - outl -= i; - ctx->buf_off += i; - if (ctx->buf_len == ctx->buf_off) { - ctx->buf_len = 0; - ctx->buf_off = 0; - } - } - - blocksize = EVP_CIPHER_CTX_get_block_size(ctx->cipher); - if (blocksize == 1) - blocksize = 0; - - /* - * At this point, we have room of outl bytes and an empty buffer, so we - * should read in some more. - */ - - while (outl > 0) { - if (ctx->cont <= 0) - break; - - if (ctx->read_start == ctx->read_end) { /* time to read more data */ - ctx->read_end = ctx->read_start = &(ctx->buf[BUF_OFFSET]); - i = BIO_read(next, ctx->read_start, ENC_BLOCK_SIZE); - if (i > 0) - ctx->read_end += i; - } else { - i = ctx->read_end - ctx->read_start; - } - - if (i <= 0) { - /* Should be continue next time we are called? */ - if (!BIO_should_retry(next)) { - ctx->cont = i; - i = EVP_CipherFinal_ex(ctx->cipher, - ctx->buf, &(ctx->buf_len)); - ctx->ok = i; - ctx->buf_off = 0; - } else { - ret = (ret == 0) ? i : ret; - break; - } - } else { - if (outl > ENC_MIN_CHUNK) { - /* - * Depending on flags block cipher decrypt can write - * one extra block and then back off, i.e. output buffer - * has to accommodate extra block... - */ - int j = outl - blocksize, buf_len; - - if (!EVP_CipherUpdate(ctx->cipher, - (unsigned char *)out, &buf_len, - ctx->read_start, i > j ? j : i)) { - BIO_clear_retry_flags(b); - return 0; - } - ret += buf_len; - out += buf_len; - outl -= buf_len; - - if ((i -= j) <= 0) { - ctx->read_start = ctx->read_end; - continue; - } - ctx->read_start += j; - } - if (i > ENC_MIN_CHUNK) - i = ENC_MIN_CHUNK; - if (!EVP_CipherUpdate(ctx->cipher, - ctx->buf, &ctx->buf_len, - ctx->read_start, i)) { - BIO_clear_retry_flags(b); - ctx->ok = 0; - return 0; - } - ctx->read_start += i; - ctx->cont = 1; - /* - * Note: it is possible for EVP_CipherUpdate to decrypt zero - * bytes because this is or looks like the final block: if this - * happens we should retry and either read more data or decrypt - * the final block - */ - if (ctx->buf_len == 0) - continue; - } - - if (ctx->buf_len <= outl) - i = ctx->buf_len; - else - i = outl; - if (i <= 0) - break; - memcpy(out, ctx->buf, i); - ret += i; - ctx->buf_off = i; - outl -= i; - out += i; - } - - BIO_clear_retry_flags(b); - BIO_copy_next_retry(b); - return ((ret == 0) ? ctx->cont : ret); -} - -static int enc_write(BIO *b, const char *in, int inl) -{ - int ret = 0, n, i; - BIO_ENC_CTX *ctx; - BIO *next; - - ctx = BIO_get_data(b); - next = BIO_next(b); - if ((ctx == NULL) || (next == NULL)) - return 0; - - ret = inl; - - BIO_clear_retry_flags(b); - n = ctx->buf_len - ctx->buf_off; - while (n > 0) { - i = BIO_write(next, &(ctx->buf[ctx->buf_off]), n); - if (i <= 0) { - BIO_copy_next_retry(b); - return i; - } - ctx->buf_off += i; - n -= i; - } - /* at this point all pending data has been written */ - - if ((in == NULL) || (inl <= 0)) - return 0; - - ctx->buf_off = 0; - while (inl > 0) { - n = (inl > ENC_BLOCK_SIZE) ? ENC_BLOCK_SIZE : inl; - if (!EVP_CipherUpdate(ctx->cipher, - ctx->buf, &ctx->buf_len, - (const unsigned char *)in, n)) { - BIO_clear_retry_flags(b); - ctx->ok = 0; - return 0; - } - inl -= n; - in += n; - - ctx->buf_off = 0; - n = ctx->buf_len; - while (n > 0) { - i = BIO_write(next, &(ctx->buf[ctx->buf_off]), n); - if (i <= 0) { - BIO_copy_next_retry(b); - return (ret == inl) ? i : ret - inl; - } - n -= i; - ctx->buf_off += i; - } - ctx->buf_len = 0; - ctx->buf_off = 0; - } - BIO_copy_next_retry(b); - return ret; -} - -static long enc_ctrl(BIO *b, int cmd, long num, void *ptr) -{ - BIO *dbio; - BIO_ENC_CTX *ctx, *dctx; - long ret = 1; - int i; - EVP_CIPHER_CTX **c_ctx; - BIO *next; - - ctx = BIO_get_data(b); - next = BIO_next(b); - if (ctx == NULL) - return 0; - - switch (cmd) { - case BIO_CTRL_RESET: - ctx->ok = 1; - ctx->finished = 0; - if (!EVP_CipherInit_ex(ctx->cipher, NULL, NULL, NULL, NULL, - EVP_CIPHER_CTX_is_encrypting(ctx->cipher))) - return 0; - ret = BIO_ctrl(next, cmd, num, ptr); - break; - case BIO_CTRL_EOF: /* More to read */ - if (ctx->cont <= 0) - ret = 1; - else - ret = BIO_ctrl(next, cmd, num, ptr); - break; - case BIO_CTRL_WPENDING: - ret = ctx->buf_len - ctx->buf_off; - if (ret <= 0) - ret = BIO_ctrl(next, cmd, num, ptr); - break; - case BIO_CTRL_PENDING: /* More to read in buffer */ - ret = ctx->buf_len - ctx->buf_off; - if (ret <= 0) - ret = BIO_ctrl(next, cmd, num, ptr); - break; - case BIO_CTRL_FLUSH: - /* do a final write */ - again: - while (ctx->buf_len != ctx->buf_off) { - i = enc_write(b, NULL, 0); - if (i < 0) - return i; - } - - if (!ctx->finished) { - ctx->finished = 1; - ctx->buf_off = 0; - ret = EVP_CipherFinal_ex(ctx->cipher, - (unsigned char *)ctx->buf, - &(ctx->buf_len)); - ctx->ok = (int)ret; - if (ret <= 0) - break; - - /* push out the bytes */ - goto again; - } - - /* Finally flush the underlying BIO */ - ret = BIO_ctrl(next, cmd, num, ptr); - break; - case BIO_C_GET_CIPHER_STATUS: - ret = (long)ctx->ok; - break; - case BIO_C_DO_STATE_MACHINE: - BIO_clear_retry_flags(b); - ret = BIO_ctrl(next, cmd, num, ptr); - BIO_copy_next_retry(b); - break; - case BIO_C_GET_CIPHER_CTX: - c_ctx = (EVP_CIPHER_CTX **)ptr; - *c_ctx = ctx->cipher; - BIO_set_init(b, 1); - break; - case BIO_CTRL_DUP: - dbio = (BIO *)ptr; - dctx = BIO_get_data(dbio); - dctx->cipher = EVP_CIPHER_CTX_new(); - if (dctx->cipher == NULL) - return 0; - ret = EVP_CIPHER_CTX_copy(dctx->cipher, ctx->cipher); - if (ret) - BIO_set_init(dbio, 1); - break; - default: - ret = BIO_ctrl(next, cmd, num, ptr); - break; - } - return ret; -} - -static long enc_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp) -{ - BIO *next = BIO_next(b); - - if (next == NULL) - return 0; - - return BIO_callback_ctrl(next, cmd, fp); -} - -int BIO_set_cipher(BIO *b, const EVP_CIPHER *c, const unsigned char *k, - const unsigned char *i, int e) -{ - BIO_ENC_CTX *ctx; - BIO_callback_fn_ex callback_ex; -#ifndef OPENSSL_NO_DEPRECATED_3_0 - long (*callback) (struct bio_st *, int, const char *, int, long, long) = NULL; -#endif - - ctx = BIO_get_data(b); - if (ctx == NULL) - return 0; - - if ((callback_ex = BIO_get_callback_ex(b)) != NULL) { - if (callback_ex(b, BIO_CB_CTRL, (const char *)c, 0, BIO_CTRL_SET, - e, 1, NULL) <= 0) - return 0; - } -#ifndef OPENSSL_NO_DEPRECATED_3_0 - else { - callback = BIO_get_callback(b); - - if ((callback != NULL) && - (callback(b, BIO_CB_CTRL, (const char *)c, BIO_CTRL_SET, e, - 0L) <= 0)) - return 0; - } -#endif - - BIO_set_init(b, 1); - - if (!EVP_CipherInit_ex(ctx->cipher, c, NULL, k, i, e)) - return 0; - - if (callback_ex != NULL) - return callback_ex(b, BIO_CB_CTRL | BIO_CB_RETURN, (const char *)c, 0, - BIO_CTRL_SET, e, 1, NULL); -#ifndef OPENSSL_NO_DEPRECATED_3_0 - else if (callback != NULL) - return callback(b, BIO_CB_CTRL, (const char *)c, BIO_CTRL_SET, e, 1L); -#endif - return 1; -} diff --git a/crypto/evp/bio_md.c b/crypto/evp/bio_md.c deleted file mode 100644 index 1a85be18118b380f55987fcd138a852cf1a11013..0000000000000000000000000000000000000000 --- a/crypto/evp/bio_md.c +++ /dev/null @@ -1,222 +0,0 @@ -/* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include -#include "internal/bio.h" - -/* - * BIO_put and BIO_get both add to the digest, BIO_gets returns the digest - */ - -static int md_write(BIO *h, char const *buf, int num); -static int md_read(BIO *h, char *buf, int size); -static int md_gets(BIO *h, char *str, int size); -static long md_ctrl(BIO *h, int cmd, long arg1, void *arg2); -static int md_new(BIO *h); -static int md_free(BIO *data); -static long md_callback_ctrl(BIO *h, int cmd, BIO_info_cb *fp); - -static const BIO_METHOD methods_md = { - BIO_TYPE_MD, - "message digest", - bwrite_conv, - md_write, - bread_conv, - md_read, - NULL, /* md_puts, */ - md_gets, - md_ctrl, - md_new, - md_free, - md_callback_ctrl, -}; - -const BIO_METHOD *BIO_f_md(void) -{ - return &methods_md; -} - -static int md_new(BIO *bi) -{ - EVP_MD_CTX *ctx; - - ctx = EVP_MD_CTX_new(); - if (ctx == NULL) - return 0; - - BIO_set_init(bi, 1); - BIO_set_data(bi, ctx); - - return 1; -} - -static int md_free(BIO *a) -{ - if (a == NULL) - return 0; - EVP_MD_CTX_free(BIO_get_data(a)); - BIO_set_data(a, NULL); - BIO_set_init(a, 0); - - return 1; -} - -static int md_read(BIO *b, char *out, int outl) -{ - int ret = 0; - EVP_MD_CTX *ctx; - BIO *next; - - if (out == NULL) - return 0; - - ctx = BIO_get_data(b); - next = BIO_next(b); - - if ((ctx == NULL) || (next == NULL)) - return 0; - - ret = BIO_read(next, out, outl); - if (BIO_get_init(b)) { - if (ret > 0) { - if (EVP_DigestUpdate(ctx, (unsigned char *)out, - (unsigned int)ret) <= 0) - return -1; - } - } - BIO_clear_retry_flags(b); - BIO_copy_next_retry(b); - return ret; -} - -static int md_write(BIO *b, const char *in, int inl) -{ - int ret = 0; - EVP_MD_CTX *ctx; - BIO *next; - - if ((in == NULL) || (inl <= 0)) - return 0; - - ctx = BIO_get_data(b); - next = BIO_next(b); - if ((ctx != NULL) && (next != NULL)) - ret = BIO_write(next, in, inl); - - if (BIO_get_init(b)) { - if (ret > 0) { - if (!EVP_DigestUpdate(ctx, (const unsigned char *)in, - (unsigned int)ret)) { - BIO_clear_retry_flags(b); - return 0; - } - } - } - if (next != NULL) { - BIO_clear_retry_flags(b); - BIO_copy_next_retry(b); - } - return ret; -} - -static long md_ctrl(BIO *b, int cmd, long num, void *ptr) -{ - EVP_MD_CTX *ctx, *dctx, **pctx; - const EVP_MD **ppmd; - EVP_MD *md; - long ret = 1; - BIO *dbio, *next; - - - ctx = BIO_get_data(b); - next = BIO_next(b); - - switch (cmd) { - case BIO_CTRL_RESET: - if (BIO_get_init(b)) - ret = EVP_DigestInit_ex(ctx, EVP_MD_CTX_get0_md(ctx), NULL); - else - ret = 0; - if (ret > 0) - ret = BIO_ctrl(next, cmd, num, ptr); - break; - case BIO_C_GET_MD: - if (BIO_get_init(b)) { - ppmd = ptr; - *ppmd = EVP_MD_CTX_get0_md(ctx); - } else - ret = 0; - break; - case BIO_C_GET_MD_CTX: - pctx = ptr; - *pctx = ctx; - BIO_set_init(b, 1); - break; - case BIO_C_SET_MD_CTX: - if (BIO_get_init(b)) - BIO_set_data(b, ptr); - else - ret = 0; - break; - case BIO_C_DO_STATE_MACHINE: - BIO_clear_retry_flags(b); - ret = BIO_ctrl(next, cmd, num, ptr); - BIO_copy_next_retry(b); - break; - - case BIO_C_SET_MD: - md = ptr; - ret = EVP_DigestInit_ex(ctx, md, NULL); - if (ret > 0) - BIO_set_init(b, 1); - break; - case BIO_CTRL_DUP: - dbio = ptr; - dctx = BIO_get_data(dbio); - if (!EVP_MD_CTX_copy_ex(dctx, ctx)) - return 0; - BIO_set_init(b, 1); - break; - default: - ret = BIO_ctrl(next, cmd, num, ptr); - break; - } - return ret; -} - -static long md_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp) -{ - BIO *next; - - next = BIO_next(b); - - if (next == NULL) - return 0; - - return BIO_callback_ctrl(next, cmd, fp); -} - -static int md_gets(BIO *bp, char *buf, int size) -{ - EVP_MD_CTX *ctx; - unsigned int ret; - - ctx = BIO_get_data(bp); - - if (size < EVP_MD_CTX_get_size(ctx)) - return 0; - - if (EVP_DigestFinal_ex(ctx, (unsigned char *)buf, &ret) <= 0) - return -1; - - return (int)ret; -} diff --git a/crypto/evp/bio_ok.c b/crypto/evp/bio_ok.c deleted file mode 100644 index 97e67fcb68141a94ff76ab415e5c7ce312ce7bad..0000000000000000000000000000000000000000 --- a/crypto/evp/bio_ok.c +++ /dev/null @@ -1,601 +0,0 @@ -/* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/*- - From: Arne Ansper - - Why BIO_f_reliable? - - I wrote function which took BIO* as argument, read data from it - and processed it. Then I wanted to store the input file in - encrypted form. OK I pushed BIO_f_cipher to the BIO stack - and everything was OK. BUT if user types wrong password - BIO_f_cipher outputs only garbage and my function crashes. Yes - I can and I should fix my function, but BIO_f_cipher is - easy way to add encryption support to many existing applications - and it's hard to debug and fix them all. - - So I wanted another BIO which would catch the incorrect passwords and - file damages which cause garbage on BIO_f_cipher's output. - - The easy way is to push the BIO_f_md and save the checksum at - the end of the file. However there are several problems with this - approach: - - 1) you must somehow separate checksum from actual data. - 2) you need lot's of memory when reading the file, because you - must read to the end of the file and verify the checksum before - letting the application to read the data. - - BIO_f_reliable tries to solve both problems, so that you can - read and write arbitrary long streams using only fixed amount - of memory. - - BIO_f_reliable splits data stream into blocks. Each block is prefixed - with its length and suffixed with its digest. So you need only - several Kbytes of memory to buffer single block before verifying - its digest. - - BIO_f_reliable goes further and adds several important capabilities: - - 1) the digest of the block is computed over the whole stream - -- so nobody can rearrange the blocks or remove or replace them. - - 2) to detect invalid passwords right at the start BIO_f_reliable - adds special prefix to the stream. In order to avoid known plain-text - attacks this prefix is generated as follows: - - *) digest is initialized with random seed instead of - standardized one. - *) same seed is written to output - *) well-known text is then hashed and the output - of the digest is also written to output. - - reader can now read the seed from stream, hash the same string - and then compare the digest output. - - Bad things: BIO_f_reliable knows what's going on in EVP_Digest. I - initially wrote and tested this code on x86 machine and wrote the - digests out in machine-dependent order :( There are people using - this code and I cannot change this easily without making existing - data files unreadable. - -*/ - -#include -#include -#include -#include "internal/cryptlib.h" -#include -#include "internal/bio.h" -#include -#include -#include "internal/endian.h" -#include "crypto/evp.h" - -static int ok_write(BIO *h, const char *buf, int num); -static int ok_read(BIO *h, char *buf, int size); -static long ok_ctrl(BIO *h, int cmd, long arg1, void *arg2); -static int ok_new(BIO *h); -static int ok_free(BIO *data); -static long ok_callback_ctrl(BIO *h, int cmd, BIO_info_cb *fp); - -static __owur int sig_out(BIO *b); -static __owur int sig_in(BIO *b); -static __owur int block_out(BIO *b); -static __owur int block_in(BIO *b); -#define OK_BLOCK_SIZE (1024*4) -#define OK_BLOCK_BLOCK 4 -#define IOBS (OK_BLOCK_SIZE+ OK_BLOCK_BLOCK+ 3*EVP_MAX_MD_SIZE) -#define WELLKNOWN "The quick brown fox jumped over the lazy dog's back." - -typedef struct ok_struct { - size_t buf_len; - size_t buf_off; - size_t buf_len_save; - size_t buf_off_save; - int cont; /* <= 0 when finished */ - int finished; - EVP_MD_CTX *md; - int blockout; /* output block is ready */ - int sigio; /* must process signature */ - unsigned char buf[IOBS]; -} BIO_OK_CTX; - -static const BIO_METHOD methods_ok = { - BIO_TYPE_CIPHER, - "reliable", - bwrite_conv, - ok_write, - bread_conv, - ok_read, - NULL, /* ok_puts, */ - NULL, /* ok_gets, */ - ok_ctrl, - ok_new, - ok_free, - ok_callback_ctrl, -}; - -const BIO_METHOD *BIO_f_reliable(void) -{ - return &methods_ok; -} - -static int ok_new(BIO *bi) -{ - BIO_OK_CTX *ctx; - - if ((ctx = OPENSSL_zalloc(sizeof(*ctx))) == NULL) { - ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE); - return 0; - } - - ctx->cont = 1; - ctx->sigio = 1; - ctx->md = EVP_MD_CTX_new(); - if (ctx->md == NULL) { - OPENSSL_free(ctx); - return 0; - } - BIO_set_init(bi, 0); - BIO_set_data(bi, ctx); - - return 1; -} - -static int ok_free(BIO *a) -{ - BIO_OK_CTX *ctx; - - if (a == NULL) - return 0; - - ctx = BIO_get_data(a); - - EVP_MD_CTX_free(ctx->md); - OPENSSL_clear_free(ctx, sizeof(BIO_OK_CTX)); - BIO_set_data(a, NULL); - BIO_set_init(a, 0); - - return 1; -} - -static int ok_read(BIO *b, char *out, int outl) -{ - int ret = 0, i, n; - BIO_OK_CTX *ctx; - BIO *next; - - if (out == NULL) - return 0; - - ctx = BIO_get_data(b); - next = BIO_next(b); - - if ((ctx == NULL) || (next == NULL) || (BIO_get_init(b) == 0)) - return 0; - - while (outl > 0) { - - /* copy clean bytes to output buffer */ - if (ctx->blockout) { - i = ctx->buf_len - ctx->buf_off; - if (i > outl) - i = outl; - memcpy(out, &(ctx->buf[ctx->buf_off]), i); - ret += i; - out += i; - outl -= i; - ctx->buf_off += i; - - /* all clean bytes are out */ - if (ctx->buf_len == ctx->buf_off) { - ctx->buf_off = 0; - - /* - * copy start of the next block into proper place - */ - if (ctx->buf_len_save > ctx->buf_off_save) { - ctx->buf_len = ctx->buf_len_save - ctx->buf_off_save; - memmove(ctx->buf, &(ctx->buf[ctx->buf_off_save]), - ctx->buf_len); - } else { - ctx->buf_len = 0; - } - ctx->blockout = 0; - } - } - - /* output buffer full -- cancel */ - if (outl == 0) - break; - - /* no clean bytes in buffer -- fill it */ - n = IOBS - ctx->buf_len; - i = BIO_read(next, &(ctx->buf[ctx->buf_len]), n); - - if (i <= 0) - break; /* nothing new */ - - ctx->buf_len += i; - - /* no signature yet -- check if we got one */ - if (ctx->sigio == 1) { - if (!sig_in(b)) { - BIO_clear_retry_flags(b); - return 0; - } - } - - /* signature ok -- check if we got block */ - if (ctx->sigio == 0) { - if (!block_in(b)) { - BIO_clear_retry_flags(b); - return 0; - } - } - - /* invalid block -- cancel */ - if (ctx->cont <= 0) - break; - - } - - BIO_clear_retry_flags(b); - BIO_copy_next_retry(b); - return ret; -} - -static int ok_write(BIO *b, const char *in, int inl) -{ - int ret = 0, n, i; - BIO_OK_CTX *ctx; - BIO *next; - - if (inl <= 0) - return inl; - - ctx = BIO_get_data(b); - next = BIO_next(b); - ret = inl; - - if ((ctx == NULL) || (next == NULL) || (BIO_get_init(b) == 0)) - return 0; - - if (ctx->sigio && !sig_out(b)) - return 0; - - do { - BIO_clear_retry_flags(b); - n = ctx->buf_len - ctx->buf_off; - while (ctx->blockout && n > 0) { - i = BIO_write(next, &(ctx->buf[ctx->buf_off]), n); - if (i <= 0) { - BIO_copy_next_retry(b); - if (!BIO_should_retry(b)) - ctx->cont = 0; - return i; - } - ctx->buf_off += i; - n -= i; - } - - /* at this point all pending data has been written */ - ctx->blockout = 0; - if (ctx->buf_len == ctx->buf_off) { - ctx->buf_len = OK_BLOCK_BLOCK; - ctx->buf_off = 0; - } - - if ((in == NULL) || (inl <= 0)) - return 0; - - n = (inl + ctx->buf_len > OK_BLOCK_SIZE + OK_BLOCK_BLOCK) ? - (int)(OK_BLOCK_SIZE + OK_BLOCK_BLOCK - ctx->buf_len) : inl; - - memcpy(&ctx->buf[ctx->buf_len], in, n); - ctx->buf_len += n; - inl -= n; - in += n; - - if (ctx->buf_len >= OK_BLOCK_SIZE + OK_BLOCK_BLOCK) { - if (!block_out(b)) { - BIO_clear_retry_flags(b); - return 0; - } - } - } while (inl > 0); - - BIO_clear_retry_flags(b); - BIO_copy_next_retry(b); - return ret; -} - -static long ok_ctrl(BIO *b, int cmd, long num, void *ptr) -{ - BIO_OK_CTX *ctx; - EVP_MD *md; - const EVP_MD **ppmd; - long ret = 1; - int i; - BIO *next; - - ctx = BIO_get_data(b); - next = BIO_next(b); - - switch (cmd) { - case BIO_CTRL_RESET: - ctx->buf_len = 0; - ctx->buf_off = 0; - ctx->buf_len_save = 0; - ctx->buf_off_save = 0; - ctx->cont = 1; - ctx->finished = 0; - ctx->blockout = 0; - ctx->sigio = 1; - ret = BIO_ctrl(next, cmd, num, ptr); - break; - case BIO_CTRL_EOF: /* More to read */ - if (ctx->cont <= 0) - ret = 1; - else - ret = BIO_ctrl(next, cmd, num, ptr); - break; - case BIO_CTRL_PENDING: /* More to read in buffer */ - case BIO_CTRL_WPENDING: /* More to read in buffer */ - ret = ctx->blockout ? ctx->buf_len - ctx->buf_off : 0; - if (ret <= 0) - ret = BIO_ctrl(next, cmd, num, ptr); - break; - case BIO_CTRL_FLUSH: - /* do a final write */ - if (ctx->blockout == 0) - if (!block_out(b)) - return 0; - - while (ctx->blockout) { - i = ok_write(b, NULL, 0); - if (i < 0) { - ret = i; - break; - } - } - - ctx->finished = 1; - ctx->buf_off = ctx->buf_len = 0; - ctx->cont = (int)ret; - - /* Finally flush the underlying BIO */ - ret = BIO_ctrl(next, cmd, num, ptr); - break; - case BIO_C_DO_STATE_MACHINE: - BIO_clear_retry_flags(b); - ret = BIO_ctrl(next, cmd, num, ptr); - BIO_copy_next_retry(b); - break; - case BIO_CTRL_INFO: - ret = (long)ctx->cont; - break; - case BIO_C_SET_MD: - md = ptr; - if (!EVP_DigestInit_ex(ctx->md, md, NULL)) - return 0; - BIO_set_init(b, 1); - break; - case BIO_C_GET_MD: - if (BIO_get_init(b)) { - ppmd = ptr; - *ppmd = EVP_MD_CTX_get0_md(ctx->md); - } else - ret = 0; - break; - default: - ret = BIO_ctrl(next, cmd, num, ptr); - break; - } - return ret; -} - -static long ok_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp) -{ - BIO *next; - - next = BIO_next(b); - - if (next == NULL) - return 0; - - return BIO_callback_ctrl(next, cmd, fp); -} - -static void longswap(void *_ptr, size_t len) -{ - DECLARE_IS_ENDIAN; - - if (IS_LITTLE_ENDIAN) { - size_t i; - unsigned char *p = _ptr, c; - - for (i = 0; i < len; i += 4) { - c = p[0], p[0] = p[3], p[3] = c; - c = p[1], p[1] = p[2], p[2] = c; - } - } -} - -static int sig_out(BIO *b) -{ - BIO_OK_CTX *ctx; - EVP_MD_CTX *md; - const EVP_MD *digest; - int md_size; - void *md_data; - - ctx = BIO_get_data(b); - md = ctx->md; - digest = EVP_MD_CTX_get0_md(md); - md_size = EVP_MD_get_size(digest); - md_data = EVP_MD_CTX_get0_md_data(md); - - if (ctx->buf_len + 2 * md_size > OK_BLOCK_SIZE) - return 1; - - if (!EVP_DigestInit_ex(md, digest, NULL)) - goto berr; - /* - * FIXME: there's absolutely no guarantee this makes any sense at all, - * particularly now EVP_MD_CTX has been restructured. - */ - if (RAND_bytes(md_data, md_size) <= 0) - goto berr; - memcpy(&(ctx->buf[ctx->buf_len]), md_data, md_size); - longswap(&(ctx->buf[ctx->buf_len]), md_size); - ctx->buf_len += md_size; - - if (!EVP_DigestUpdate(md, WELLKNOWN, strlen(WELLKNOWN))) - goto berr; - if (!EVP_DigestFinal_ex(md, &(ctx->buf[ctx->buf_len]), NULL)) - goto berr; - ctx->buf_len += md_size; - ctx->blockout = 1; - ctx->sigio = 0; - return 1; - berr: - BIO_clear_retry_flags(b); - return 0; -} - -static int sig_in(BIO *b) -{ - BIO_OK_CTX *ctx; - EVP_MD_CTX *md; - unsigned char tmp[EVP_MAX_MD_SIZE]; - int ret = 0; - const EVP_MD *digest; - int md_size; - void *md_data; - - ctx = BIO_get_data(b); - if ((md = ctx->md) == NULL) - goto berr; - digest = EVP_MD_CTX_get0_md(md); - if ((md_size = EVP_MD_get_size(digest)) < 0) - goto berr; - md_data = EVP_MD_CTX_get0_md_data(md); - - if ((int)(ctx->buf_len - ctx->buf_off) < 2 * md_size) - return 1; - - if (!EVP_DigestInit_ex(md, digest, NULL)) - goto berr; - memcpy(md_data, &(ctx->buf[ctx->buf_off]), md_size); - longswap(md_data, md_size); - ctx->buf_off += md_size; - - if (!EVP_DigestUpdate(md, WELLKNOWN, strlen(WELLKNOWN))) - goto berr; - if (!EVP_DigestFinal_ex(md, tmp, NULL)) - goto berr; - ret = memcmp(&(ctx->buf[ctx->buf_off]), tmp, md_size) == 0; - ctx->buf_off += md_size; - if (ret == 1) { - ctx->sigio = 0; - if (ctx->buf_len != ctx->buf_off) { - memmove(ctx->buf, &(ctx->buf[ctx->buf_off]), - ctx->buf_len - ctx->buf_off); - } - ctx->buf_len -= ctx->buf_off; - ctx->buf_off = 0; - } else { - ctx->cont = 0; - } - return 1; - berr: - BIO_clear_retry_flags(b); - return 0; -} - -static int block_out(BIO *b) -{ - BIO_OK_CTX *ctx; - EVP_MD_CTX *md; - unsigned long tl; - const EVP_MD *digest; - int md_size; - - ctx = BIO_get_data(b); - md = ctx->md; - digest = EVP_MD_CTX_get0_md(md); - md_size = EVP_MD_get_size(digest); - - tl = ctx->buf_len - OK_BLOCK_BLOCK; - ctx->buf[0] = (unsigned char)(tl >> 24); - ctx->buf[1] = (unsigned char)(tl >> 16); - ctx->buf[2] = (unsigned char)(tl >> 8); - ctx->buf[3] = (unsigned char)(tl); - if (!EVP_DigestUpdate(md, - (unsigned char *)&(ctx->buf[OK_BLOCK_BLOCK]), tl)) - goto berr; - if (!EVP_DigestFinal_ex(md, &(ctx->buf[ctx->buf_len]), NULL)) - goto berr; - ctx->buf_len += md_size; - ctx->blockout = 1; - return 1; - berr: - BIO_clear_retry_flags(b); - return 0; -} - -static int block_in(BIO *b) -{ - BIO_OK_CTX *ctx; - EVP_MD_CTX *md; - unsigned long tl = 0; - unsigned char tmp[EVP_MAX_MD_SIZE]; - int md_size; - - ctx = BIO_get_data(b); - md = ctx->md; - md_size = EVP_MD_get_size(EVP_MD_CTX_get0_md(md)); - if (md_size < 0) - goto berr; - - assert(sizeof(tl) >= OK_BLOCK_BLOCK); /* always true */ - tl = ctx->buf[0]; - tl <<= 8; - tl |= ctx->buf[1]; - tl <<= 8; - tl |= ctx->buf[2]; - tl <<= 8; - tl |= ctx->buf[3]; - - if (ctx->buf_len < tl + OK_BLOCK_BLOCK + md_size) - return 1; - - if (!EVP_DigestUpdate(md, - (unsigned char *)&(ctx->buf[OK_BLOCK_BLOCK]), tl)) - goto berr; - if (!EVP_DigestFinal_ex(md, tmp, NULL)) - goto berr; - if (memcmp(&(ctx->buf[tl + OK_BLOCK_BLOCK]), tmp, md_size) == 0) { - /* there might be parts from next block lurking around ! */ - ctx->buf_off_save = tl + OK_BLOCK_BLOCK + md_size; - ctx->buf_len_save = ctx->buf_len; - ctx->buf_off = OK_BLOCK_BLOCK; - ctx->buf_len = tl + OK_BLOCK_BLOCK; - ctx->blockout = 1; - } else { - ctx->cont = 0; - } - return 1; - berr: - BIO_clear_retry_flags(b); - return 0; -} diff --git a/crypto/evp/build.info b/crypto/evp/build.info deleted file mode 100644 index 95fea31226b0921d02fbaa0764159fb7f8a81a10..0000000000000000000000000000000000000000 --- a/crypto/evp/build.info +++ /dev/null @@ -1,71 +0,0 @@ -LIBS=../../libcrypto -$COMMON=digest.c evp_enc.c evp_lib.c evp_fetch.c evp_utils.c \ - mac_lib.c mac_meth.c keymgmt_meth.c keymgmt_lib.c kdf_lib.c kdf_meth.c \ - m_sigver.c pmeth_lib.c signature.c p_lib.c pmeth_gn.c exchange.c \ - evp_rand.c asymcipher.c kem.c dh_support.c ec_support.c pmeth_check.c - -SOURCE[../../libcrypto]=$COMMON\ - encode.c evp_key.c evp_cnf.c \ - e_des.c e_bf.c e_idea.c e_des3.c \ - e_rc4.c e_aes.c names.c e_aria.c e_sm4.c \ - e_xcbc_d.c e_rc2.c e_cast.c e_rc5.c m_null.c \ - p_seal.c p_sign.c p_verify.c p_legacy.c \ - bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c \ - c_allc.c c_alld.c bio_ok.c \ - evp_pkey.c evp_pbe.c p5_crpt.c p5_crpt2.c pbe_scrypt.c \ - e_aes_cbc_hmac_sha1.c e_aes_cbc_hmac_sha256.c e_rc4_hmac_md5.c \ - e_chacha20_poly1305.c \ - legacy_sha.c ctrl_params_translate.c \ - cmeth_lib.c - -# Diverse type specific ctrl functions. They are kinda sorta legacy, kinda -# sorta not. -SOURCE[../../libcrypto]=dh_ctrl.c dsa_ctrl.c ec_ctrl.c - -IF[{- !$disabled{'deprecated-3.0'} -}] - SOURCE[../../libcrypto]=p_enc.c p_dec.c -ENDIF -IF[{- !$disabled{'deprecated-0.9.8'} -}] - SOURCE[../../libcrypto]=e_old.c -ENDIF -IF[{- !$disabled{'rsa'} -}] - SOURCE[../../libcrypto]=p_open.c -ENDIF -IF[{- !$disabled{md2} -}] - SOURCE[../../libcrypto]=legacy_md2.c -ENDIF -IF[{- !$disabled{md4} -}] - SOURCE[../../libcrypto]=legacy_md4.c -ENDIF -IF[{- !$disabled{md5} -}] - SOURCE[../../libcrypto]=legacy_md5.c legacy_md5_sha1.c -ENDIF -IF[{- !$disabled{mdc2} -}] - SOURCE[../../libcrypto]=legacy_mdc2.c -ENDIF -IF[{- !$disabled{blake2} -}] - SOURCE[../../libcrypto]=legacy_blake2.c -ENDIF -IF[{- !$disabled{whirlpool} -}] - SOURCE[../../libcrypto]=legacy_wp.c -ENDIF -IF[{- !$disabled{rmd160} -}] - SOURCE[../../libcrypto]=legacy_ripemd.c -ENDIF -IF[{- !$disabled{seed} -}] - SOURCE[../../libcrypto]=e_seed.c -ENDIF -IF[{- !$disabled{camellia} -}] - SOURCE[../../libcrypto]=e_camellia.c - INCLUDE[e_camellia.o]=.. ../modes -ENDIF - -SOURCE[../../providers/libfips.a]=$COMMON - -INCLUDE[e_aes.o]=.. ../modes -INCLUDE[e_aes_cbc_hmac_sha1.o]=../modes -INCLUDE[e_aes_cbc_hmac_sha256.o]=../modes -INCLUDE[e_aria.o]=.. ../modes -INCLUDE[e_sm4.o]=.. ../modes -INCLUDE[e_des.o]=.. -INCLUDE[e_des3.o]=.. diff --git a/crypto/evp/c_allc.c b/crypto/evp/c_allc.c deleted file mode 100644 index d556b5ab280a4d73ef01124aad72736f0e4d0317..0000000000000000000000000000000000000000 --- a/crypto/evp/c_allc.c +++ /dev/null @@ -1,265 +0,0 @@ -/* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/cryptlib.h" -#include -#include "crypto/evp.h" -#include -#include - -void openssl_add_all_ciphers_int(void) -{ - -#ifndef OPENSSL_NO_DES - EVP_add_cipher(EVP_des_cfb()); - EVP_add_cipher(EVP_des_cfb1()); - EVP_add_cipher(EVP_des_cfb8()); - EVP_add_cipher(EVP_des_ede_cfb()); - EVP_add_cipher(EVP_des_ede3_cfb()); - EVP_add_cipher(EVP_des_ede3_cfb1()); - EVP_add_cipher(EVP_des_ede3_cfb8()); - - EVP_add_cipher(EVP_des_ofb()); - EVP_add_cipher(EVP_des_ede_ofb()); - EVP_add_cipher(EVP_des_ede3_ofb()); - - EVP_add_cipher(EVP_desx_cbc()); - EVP_add_cipher_alias(SN_desx_cbc, "DESX"); - EVP_add_cipher_alias(SN_desx_cbc, "desx"); - - EVP_add_cipher(EVP_des_cbc()); - EVP_add_cipher_alias(SN_des_cbc, "DES"); - EVP_add_cipher_alias(SN_des_cbc, "des"); - EVP_add_cipher(EVP_des_ede_cbc()); - EVP_add_cipher(EVP_des_ede3_cbc()); - EVP_add_cipher_alias(SN_des_ede3_cbc, "DES3"); - EVP_add_cipher_alias(SN_des_ede3_cbc, "des3"); - - EVP_add_cipher(EVP_des_ecb()); - EVP_add_cipher(EVP_des_ede()); - EVP_add_cipher_alias(SN_des_ede_ecb, "DES-EDE-ECB"); - EVP_add_cipher_alias(SN_des_ede_ecb, "des-ede-ecb"); - EVP_add_cipher(EVP_des_ede3()); - EVP_add_cipher_alias(SN_des_ede3_ecb, "DES-EDE3-ECB"); - EVP_add_cipher_alias(SN_des_ede3_ecb, "des-ede3-ecb"); - EVP_add_cipher(EVP_des_ede3_wrap()); - EVP_add_cipher_alias(SN_id_smime_alg_CMS3DESwrap, "des3-wrap"); -#endif - -#ifndef OPENSSL_NO_RC4 - EVP_add_cipher(EVP_rc4()); - EVP_add_cipher(EVP_rc4_40()); -# ifndef OPENSSL_NO_MD5 - EVP_add_cipher(EVP_rc4_hmac_md5()); -# endif -#endif - -#ifndef OPENSSL_NO_IDEA - EVP_add_cipher(EVP_idea_ecb()); - EVP_add_cipher(EVP_idea_cfb()); - EVP_add_cipher(EVP_idea_ofb()); - EVP_add_cipher(EVP_idea_cbc()); - EVP_add_cipher_alias(SN_idea_cbc, "IDEA"); - EVP_add_cipher_alias(SN_idea_cbc, "idea"); -#endif - -#ifndef OPENSSL_NO_SEED - EVP_add_cipher(EVP_seed_ecb()); - EVP_add_cipher(EVP_seed_cfb()); - EVP_add_cipher(EVP_seed_ofb()); - EVP_add_cipher(EVP_seed_cbc()); - EVP_add_cipher_alias(SN_seed_cbc, "SEED"); - EVP_add_cipher_alias(SN_seed_cbc, "seed"); -#endif - -#ifndef OPENSSL_NO_SM4 - EVP_add_cipher(EVP_sm4_ecb()); - EVP_add_cipher(EVP_sm4_cbc()); - EVP_add_cipher(EVP_sm4_cfb()); - EVP_add_cipher(EVP_sm4_ofb()); - EVP_add_cipher(EVP_sm4_ctr()); - EVP_add_cipher_alias(SN_sm4_cbc, "SM4"); - EVP_add_cipher_alias(SN_sm4_cbc, "sm4"); -#endif - -#ifndef OPENSSL_NO_RC2 - EVP_add_cipher(EVP_rc2_ecb()); - EVP_add_cipher(EVP_rc2_cfb()); - EVP_add_cipher(EVP_rc2_ofb()); - EVP_add_cipher(EVP_rc2_cbc()); - EVP_add_cipher(EVP_rc2_40_cbc()); - EVP_add_cipher(EVP_rc2_64_cbc()); - EVP_add_cipher_alias(SN_rc2_cbc, "RC2"); - EVP_add_cipher_alias(SN_rc2_cbc, "rc2"); - EVP_add_cipher_alias(SN_rc2_cbc, "rc2-128"); - EVP_add_cipher_alias(SN_rc2_64_cbc, "rc2-64"); - EVP_add_cipher_alias(SN_rc2_40_cbc, "rc2-40"); -#endif - -#ifndef OPENSSL_NO_BF - EVP_add_cipher(EVP_bf_ecb()); - EVP_add_cipher(EVP_bf_cfb()); - EVP_add_cipher(EVP_bf_ofb()); - EVP_add_cipher(EVP_bf_cbc()); - EVP_add_cipher_alias(SN_bf_cbc, "BF"); - EVP_add_cipher_alias(SN_bf_cbc, "bf"); - EVP_add_cipher_alias(SN_bf_cbc, "blowfish"); -#endif - -#ifndef OPENSSL_NO_CAST - EVP_add_cipher(EVP_cast5_ecb()); - EVP_add_cipher(EVP_cast5_cfb()); - EVP_add_cipher(EVP_cast5_ofb()); - EVP_add_cipher(EVP_cast5_cbc()); - EVP_add_cipher_alias(SN_cast5_cbc, "CAST"); - EVP_add_cipher_alias(SN_cast5_cbc, "cast"); - EVP_add_cipher_alias(SN_cast5_cbc, "CAST-cbc"); - EVP_add_cipher_alias(SN_cast5_cbc, "cast-cbc"); -#endif - -#ifndef OPENSSL_NO_RC5 - EVP_add_cipher(EVP_rc5_32_12_16_ecb()); - EVP_add_cipher(EVP_rc5_32_12_16_cfb()); - EVP_add_cipher(EVP_rc5_32_12_16_ofb()); - EVP_add_cipher(EVP_rc5_32_12_16_cbc()); - EVP_add_cipher_alias(SN_rc5_cbc, "rc5"); - EVP_add_cipher_alias(SN_rc5_cbc, "RC5"); -#endif - - EVP_add_cipher(EVP_aes_128_ecb()); - EVP_add_cipher(EVP_aes_128_cbc()); - EVP_add_cipher(EVP_aes_128_cfb()); - EVP_add_cipher(EVP_aes_128_cfb1()); - EVP_add_cipher(EVP_aes_128_cfb8()); - EVP_add_cipher(EVP_aes_128_ofb()); - EVP_add_cipher(EVP_aes_128_ctr()); - EVP_add_cipher(EVP_aes_128_gcm()); -#ifndef OPENSSL_NO_OCB - EVP_add_cipher(EVP_aes_128_ocb()); -#endif - EVP_add_cipher(EVP_aes_128_xts()); - EVP_add_cipher(EVP_aes_128_ccm()); - EVP_add_cipher(EVP_aes_128_wrap()); - EVP_add_cipher_alias(SN_id_aes128_wrap, "aes128-wrap"); - EVP_add_cipher(EVP_aes_128_wrap_pad()); - EVP_add_cipher_alias(SN_aes_128_cbc, "AES128"); - EVP_add_cipher_alias(SN_aes_128_cbc, "aes128"); - EVP_add_cipher(EVP_aes_192_ecb()); - EVP_add_cipher(EVP_aes_192_cbc()); - EVP_add_cipher(EVP_aes_192_cfb()); - EVP_add_cipher(EVP_aes_192_cfb1()); - EVP_add_cipher(EVP_aes_192_cfb8()); - EVP_add_cipher(EVP_aes_192_ofb()); - EVP_add_cipher(EVP_aes_192_ctr()); - EVP_add_cipher(EVP_aes_192_gcm()); -#ifndef OPENSSL_NO_OCB - EVP_add_cipher(EVP_aes_192_ocb()); -#endif - EVP_add_cipher(EVP_aes_192_ccm()); - EVP_add_cipher(EVP_aes_192_wrap()); - EVP_add_cipher_alias(SN_id_aes192_wrap, "aes192-wrap"); - EVP_add_cipher(EVP_aes_192_wrap_pad()); - EVP_add_cipher_alias(SN_aes_192_cbc, "AES192"); - EVP_add_cipher_alias(SN_aes_192_cbc, "aes192"); - EVP_add_cipher(EVP_aes_256_ecb()); - EVP_add_cipher(EVP_aes_256_cbc()); - EVP_add_cipher(EVP_aes_256_cfb()); - EVP_add_cipher(EVP_aes_256_cfb1()); - EVP_add_cipher(EVP_aes_256_cfb8()); - EVP_add_cipher(EVP_aes_256_ofb()); - EVP_add_cipher(EVP_aes_256_ctr()); - EVP_add_cipher(EVP_aes_256_gcm()); -#ifndef OPENSSL_NO_OCB - EVP_add_cipher(EVP_aes_256_ocb()); -#endif - EVP_add_cipher(EVP_aes_256_xts()); - EVP_add_cipher(EVP_aes_256_ccm()); - EVP_add_cipher(EVP_aes_256_wrap()); - EVP_add_cipher_alias(SN_id_aes256_wrap, "aes256-wrap"); - EVP_add_cipher(EVP_aes_256_wrap_pad()); - EVP_add_cipher_alias(SN_aes_256_cbc, "AES256"); - EVP_add_cipher_alias(SN_aes_256_cbc, "aes256"); - EVP_add_cipher(EVP_aes_128_cbc_hmac_sha1()); - EVP_add_cipher(EVP_aes_256_cbc_hmac_sha1()); - EVP_add_cipher(EVP_aes_128_cbc_hmac_sha256()); - EVP_add_cipher(EVP_aes_256_cbc_hmac_sha256()); -#ifndef OPENSSL_NO_ARIA - EVP_add_cipher(EVP_aria_128_ecb()); - EVP_add_cipher(EVP_aria_128_cbc()); - EVP_add_cipher(EVP_aria_128_cfb()); - EVP_add_cipher(EVP_aria_128_cfb1()); - EVP_add_cipher(EVP_aria_128_cfb8()); - EVP_add_cipher(EVP_aria_128_ctr()); - EVP_add_cipher(EVP_aria_128_ofb()); - EVP_add_cipher(EVP_aria_128_gcm()); - EVP_add_cipher(EVP_aria_128_ccm()); - EVP_add_cipher_alias(SN_aria_128_cbc, "ARIA128"); - EVP_add_cipher_alias(SN_aria_128_cbc, "aria128"); - EVP_add_cipher(EVP_aria_192_ecb()); - EVP_add_cipher(EVP_aria_192_cbc()); - EVP_add_cipher(EVP_aria_192_cfb()); - EVP_add_cipher(EVP_aria_192_cfb1()); - EVP_add_cipher(EVP_aria_192_cfb8()); - EVP_add_cipher(EVP_aria_192_ctr()); - EVP_add_cipher(EVP_aria_192_ofb()); - EVP_add_cipher(EVP_aria_192_gcm()); - EVP_add_cipher(EVP_aria_192_ccm()); - EVP_add_cipher_alias(SN_aria_192_cbc, "ARIA192"); - EVP_add_cipher_alias(SN_aria_192_cbc, "aria192"); - EVP_add_cipher(EVP_aria_256_ecb()); - EVP_add_cipher(EVP_aria_256_cbc()); - EVP_add_cipher(EVP_aria_256_cfb()); - EVP_add_cipher(EVP_aria_256_cfb1()); - EVP_add_cipher(EVP_aria_256_cfb8()); - EVP_add_cipher(EVP_aria_256_ctr()); - EVP_add_cipher(EVP_aria_256_ofb()); - EVP_add_cipher(EVP_aria_256_gcm()); - EVP_add_cipher(EVP_aria_256_ccm()); - EVP_add_cipher_alias(SN_aria_256_cbc, "ARIA256"); - EVP_add_cipher_alias(SN_aria_256_cbc, "aria256"); -#endif - -#ifndef OPENSSL_NO_CAMELLIA - EVP_add_cipher(EVP_camellia_128_ecb()); - EVP_add_cipher(EVP_camellia_128_cbc()); - EVP_add_cipher(EVP_camellia_128_cfb()); - EVP_add_cipher(EVP_camellia_128_cfb1()); - EVP_add_cipher(EVP_camellia_128_cfb8()); - EVP_add_cipher(EVP_camellia_128_ofb()); - EVP_add_cipher_alias(SN_camellia_128_cbc, "CAMELLIA128"); - EVP_add_cipher_alias(SN_camellia_128_cbc, "camellia128"); - EVP_add_cipher(EVP_camellia_192_ecb()); - EVP_add_cipher(EVP_camellia_192_cbc()); - EVP_add_cipher(EVP_camellia_192_cfb()); - EVP_add_cipher(EVP_camellia_192_cfb1()); - EVP_add_cipher(EVP_camellia_192_cfb8()); - EVP_add_cipher(EVP_camellia_192_ofb()); - EVP_add_cipher_alias(SN_camellia_192_cbc, "CAMELLIA192"); - EVP_add_cipher_alias(SN_camellia_192_cbc, "camellia192"); - EVP_add_cipher(EVP_camellia_256_ecb()); - EVP_add_cipher(EVP_camellia_256_cbc()); - EVP_add_cipher(EVP_camellia_256_cfb()); - EVP_add_cipher(EVP_camellia_256_cfb1()); - EVP_add_cipher(EVP_camellia_256_cfb8()); - EVP_add_cipher(EVP_camellia_256_ofb()); - EVP_add_cipher_alias(SN_camellia_256_cbc, "CAMELLIA256"); - EVP_add_cipher_alias(SN_camellia_256_cbc, "camellia256"); - EVP_add_cipher(EVP_camellia_128_ctr()); - EVP_add_cipher(EVP_camellia_192_ctr()); - EVP_add_cipher(EVP_camellia_256_ctr()); -#endif - -#ifndef OPENSSL_NO_CHACHA - EVP_add_cipher(EVP_chacha20()); -# ifndef OPENSSL_NO_POLY1305 - EVP_add_cipher(EVP_chacha20_poly1305()); -# endif -#endif -} diff --git a/crypto/evp/c_alld.c b/crypto/evp/c_alld.c deleted file mode 100644 index f7d62bd2ecff8bd5538292ddadcf0ecafcc86e48..0000000000000000000000000000000000000000 --- a/crypto/evp/c_alld.c +++ /dev/null @@ -1,60 +0,0 @@ -/* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/cryptlib.h" -#include -#include "crypto/evp.h" -#include -#include - -void openssl_add_all_digests_int(void) -{ -#ifndef OPENSSL_NO_MD4 - EVP_add_digest(EVP_md4()); -#endif -#ifndef OPENSSL_NO_MD5 - EVP_add_digest(EVP_md5()); - EVP_add_digest_alias(SN_md5, "ssl3-md5"); - EVP_add_digest(EVP_md5_sha1()); -#endif - EVP_add_digest(EVP_sha1()); - EVP_add_digest_alias(SN_sha1, "ssl3-sha1"); - EVP_add_digest_alias(SN_sha1WithRSAEncryption, SN_sha1WithRSA); -#if !defined(OPENSSL_NO_MDC2) && !defined(OPENSSL_NO_DES) - EVP_add_digest(EVP_mdc2()); -#endif -#ifndef OPENSSL_NO_RMD160 - EVP_add_digest(EVP_ripemd160()); - EVP_add_digest_alias(SN_ripemd160, "ripemd"); - EVP_add_digest_alias(SN_ripemd160, "rmd160"); -#endif - EVP_add_digest(EVP_sha224()); - EVP_add_digest(EVP_sha256()); - EVP_add_digest(EVP_sha384()); - EVP_add_digest(EVP_sha512()); - EVP_add_digest(EVP_sha512_224()); - EVP_add_digest(EVP_sha512_256()); -#ifndef OPENSSL_NO_WHIRLPOOL - EVP_add_digest(EVP_whirlpool()); -#endif -#ifndef OPENSSL_NO_SM3 - EVP_add_digest(EVP_sm3()); -#endif -#ifndef OPENSSL_NO_BLAKE2 - EVP_add_digest(EVP_blake2b512()); - EVP_add_digest(EVP_blake2s256()); -#endif - EVP_add_digest(EVP_sha3_224()); - EVP_add_digest(EVP_sha3_256()); - EVP_add_digest(EVP_sha3_384()); - EVP_add_digest(EVP_sha3_512()); - EVP_add_digest(EVP_shake128()); - EVP_add_digest(EVP_shake256()); -} diff --git a/crypto/evp/cmeth_lib.c b/crypto/evp/cmeth_lib.c deleted file mode 100644 index a806ec5f9e22088585dba3e0cafa42d6f1022d89..0000000000000000000000000000000000000000 --- a/crypto/evp/cmeth_lib.c +++ /dev/null @@ -1,201 +0,0 @@ -/* - * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * EVP _meth_ APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include - -#include -#include "crypto/evp.h" -#include "internal/provider.h" -#include "evp_local.h" - -EVP_CIPHER *EVP_CIPHER_meth_new(int cipher_type, int block_size, int key_len) -{ - EVP_CIPHER *cipher = evp_cipher_new(); - - if (cipher != NULL) { - cipher->nid = cipher_type; - cipher->block_size = block_size; - cipher->key_len = key_len; - cipher->origin = EVP_ORIG_METH; - } - return cipher; -} - -EVP_CIPHER *EVP_CIPHER_meth_dup(const EVP_CIPHER *cipher) -{ - EVP_CIPHER *to = NULL; - - /* - * Non-legacy EVP_CIPHERs can't be duplicated like this. - * Use EVP_CIPHER_up_ref() instead. - */ - if (cipher->prov != NULL) - return NULL; - - if ((to = EVP_CIPHER_meth_new(cipher->nid, cipher->block_size, - cipher->key_len)) != NULL) { - CRYPTO_RWLOCK *lock = to->lock; - - memcpy(to, cipher, sizeof(*to)); - to->lock = lock; - to->origin = EVP_ORIG_METH; - } - return to; -} - -void EVP_CIPHER_meth_free(EVP_CIPHER *cipher) -{ - if (cipher == NULL || cipher->origin != EVP_ORIG_METH) - return; - - evp_cipher_free_int(cipher); -} - -int EVP_CIPHER_meth_set_iv_length(EVP_CIPHER *cipher, int iv_len) -{ - if (cipher->iv_len != 0) - return 0; - - cipher->iv_len = iv_len; - return 1; -} - -int EVP_CIPHER_meth_set_flags(EVP_CIPHER *cipher, unsigned long flags) -{ - if (cipher->flags != 0) - return 0; - - cipher->flags = flags; - return 1; -} - -int EVP_CIPHER_meth_set_impl_ctx_size(EVP_CIPHER *cipher, int ctx_size) -{ - if (cipher->ctx_size != 0) - return 0; - - cipher->ctx_size = ctx_size; - return 1; -} - -int EVP_CIPHER_meth_set_init(EVP_CIPHER *cipher, - int (*init) (EVP_CIPHER_CTX *ctx, - const unsigned char *key, - const unsigned char *iv, - int enc)) -{ - if (cipher->init != NULL) - return 0; - - cipher->init = init; - return 1; -} - -int EVP_CIPHER_meth_set_do_cipher(EVP_CIPHER *cipher, - int (*do_cipher) (EVP_CIPHER_CTX *ctx, - unsigned char *out, - const unsigned char *in, - size_t inl)) -{ - if (cipher->do_cipher != NULL) - return 0; - - cipher->do_cipher = do_cipher; - return 1; -} - -int EVP_CIPHER_meth_set_cleanup(EVP_CIPHER *cipher, - int (*cleanup) (EVP_CIPHER_CTX *)) -{ - if (cipher->cleanup != NULL) - return 0; - - cipher->cleanup = cleanup; - return 1; -} - -int EVP_CIPHER_meth_set_set_asn1_params(EVP_CIPHER *cipher, - int (*set_asn1_parameters) (EVP_CIPHER_CTX *, - ASN1_TYPE *)) -{ - if (cipher->set_asn1_parameters != NULL) - return 0; - - cipher->set_asn1_parameters = set_asn1_parameters; - return 1; -} - -int EVP_CIPHER_meth_set_get_asn1_params(EVP_CIPHER *cipher, - int (*get_asn1_parameters) (EVP_CIPHER_CTX *, - ASN1_TYPE *)) -{ - if (cipher->get_asn1_parameters != NULL) - return 0; - - cipher->get_asn1_parameters = get_asn1_parameters; - return 1; -} - -int EVP_CIPHER_meth_set_ctrl(EVP_CIPHER *cipher, - int (*ctrl) (EVP_CIPHER_CTX *, int type, - int arg, void *ptr)) -{ - if (cipher->ctrl != NULL) - return 0; - - cipher->ctrl = ctrl; - return 1; -} - - -int (*EVP_CIPHER_meth_get_init(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *ctx, - const unsigned char *key, - const unsigned char *iv, - int enc) -{ - return cipher->init; -} -int (*EVP_CIPHER_meth_get_do_cipher(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *ctx, - unsigned char *out, - const unsigned char *in, - size_t inl) -{ - return cipher->do_cipher; -} - -int (*EVP_CIPHER_meth_get_cleanup(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *) -{ - return cipher->cleanup; -} - -int (*EVP_CIPHER_meth_get_set_asn1_params(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *, - ASN1_TYPE *) -{ - return cipher->set_asn1_parameters; -} - -int (*EVP_CIPHER_meth_get_get_asn1_params(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *, - ASN1_TYPE *) -{ - return cipher->get_asn1_parameters; -} - -int (*EVP_CIPHER_meth_get_ctrl(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *, - int type, int arg, - void *ptr) -{ - return cipher->ctrl; -} - diff --git a/crypto/evp/ctrl_params_translate.c b/crypto/evp/ctrl_params_translate.c deleted file mode 100644 index c767c316439dd737dbd038347d92b4a7f843c6f3..0000000000000000000000000000000000000000 --- a/crypto/evp/ctrl_params_translate.c +++ /dev/null @@ -1,2808 +0,0 @@ -/* - * Copyright 2021-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * Some ctrls depend on deprecated functionality. We trust that this is - * functionality that remains internally even when 'no-deprecated' is - * configured. When we drop #legacy EVP_PKEYs, this source should be - * possible to drop as well. - */ -#include "internal/deprecated.h" - -#include - -/* The following includes get us all the EVP_PKEY_CTRL macros */ -#include -#include -#include -#include -#include - -/* This include gets us all the OSSL_PARAM key string macros */ -#include - -#include -#include -#include -#include "internal/nelem.h" -#include "internal/cryptlib.h" -#include "internal/ffc.h" -#include "crypto/evp.h" -#include "crypto/dh.h" -#include "crypto/ec.h" - -struct translation_ctx_st; /* Forwarding */ -struct translation_st; /* Forwarding */ - -/* - * The fixup_args functions are called with the following parameters: - * - * |state| The state we're called in, explained further at the - * end of this comment. - * |translation| The translation item, to be pilfered for data as - * necessary. - * |ctx| The translation context, which contains copies of - * the following arguments, applicable according to - * the caller. All of the attributes in this context - * may be freely modified by the fixup_args function. - * For cleanup, call cleanup_translation_ctx(). - * - * The |state| tells the fixup_args function something about the caller and - * what they may expect: - * - * PKEY The fixup_args function has been called - * from an EVP_PKEY payload getter / setter, - * and is fully responsible for getting or - * setting the requested data. With this - * state, the fixup_args function is expected - * to use or modify |*params|, depending on - * |action_type|. - * - * PRE_CTRL_TO_PARAMS The fixup_args function has been called - * POST_CTRL_TO_PARAMS from EVP_PKEY_CTX_ctrl(), to help with - * translating the ctrl data to an OSSL_PARAM - * element or back. The calling sequence is - * as follows: - * - * 1. fixup_args(PRE_CTRL_TO_PARAMS, ...) - * 2. EVP_PKEY_CTX_set_params() or - * EVP_PKEY_CTX_get_params() - * 3. fixup_args(POST_CTRL_TO_PARAMS, ...) - * - * With the PRE_CTRL_TO_PARAMS state, the - * fixup_args function is expected to modify - * the passed |*params| in whatever way - * necessary, when |action_type == SET|. - * With the POST_CTRL_TO_PARAMS state, the - * fixup_args function is expected to modify - * the passed |p2| in whatever way necessary, - * when |action_type == GET|. - * - * The return value from the fixup_args call - * with the POST_CTRL_TO_PARAMS state becomes - * the return value back to EVP_PKEY_CTX_ctrl(). - * - * CLEANUP_CTRL_TO_PARAMS The cleanup_args functions has been called - * from EVP_PKEY_CTX_ctrl(), to clean up what - * the fixup_args function has done, if needed. - * - * - * PRE_CTRL_STR_TO_PARAMS The fixup_args function has been called - * POST_CTRL_STR_TO_PARAMS from EVP_PKEY_CTX_ctrl_str(), to help with - * translating the ctrl_str data to an - * OSSL_PARAM element or back. The calling - * sequence is as follows: - * - * 1. fixup_args(PRE_CTRL_STR_TO_PARAMS, ...) - * 2. EVP_PKEY_CTX_set_params() or - * EVP_PKEY_CTX_get_params() - * 3. fixup_args(POST_CTRL_STR_TO_PARAMS, ...) - * - * With the PRE_CTRL_STR_TO_PARAMS state, - * the fixup_args function is expected to - * modify the passed |*params| in whatever - * way necessary, when |action_type == SET|. - * With the POST_CTRL_STR_TO_PARAMS state, - * the fixup_args function is only expected - * to return a value. - * - * CLEANUP_CTRL_STR_TO_PARAMS The cleanup_args functions has been called - * from EVP_PKEY_CTX_ctrl_str(), to clean up - * what the fixup_args function has done, if - * needed. - * - * PRE_PARAMS_TO_CTRL The fixup_args function has been called - * POST_PARAMS_TO_CTRL from EVP_PKEY_CTX_get_params() or - * EVP_PKEY_CTX_set_params(), to help with - * translating the OSSL_PARAM data to the - * corresponding EVP_PKEY_CTX_ctrl() arguments - * or the other way around. The calling - * sequence is as follows: - * - * 1. fixup_args(PRE_PARAMS_TO_CTRL, ...) - * 2. EVP_PKEY_CTX_ctrl() - * 3. fixup_args(POST_PARAMS_TO_CTRL, ...) - * - * With the PRE_PARAMS_TO_CTRL state, the - * fixup_args function is expected to modify - * the passed |p1| and |p2| in whatever way - * necessary, when |action_type == SET|. - * With the POST_PARAMS_TO_CTRL state, the - * fixup_args function is expected to - * modify the passed |*params| in whatever - * way necessary, when |action_type == GET|. - * - * CLEANUP_PARAMS_TO_CTRL The cleanup_args functions has been called - * from EVP_PKEY_CTX_get_params() or - * EVP_PKEY_CTX_set_params(), to clean up what - * the fixup_args function has done, if needed. - */ -enum state { - PKEY, - PRE_CTRL_TO_PARAMS, POST_CTRL_TO_PARAMS, CLEANUP_CTRL_TO_PARAMS, - PRE_CTRL_STR_TO_PARAMS, POST_CTRL_STR_TO_PARAMS, CLEANUP_CTRL_STR_TO_PARAMS, - PRE_PARAMS_TO_CTRL, POST_PARAMS_TO_CTRL, CLEANUP_PARAMS_TO_CTRL -}; -enum action { - NONE = 0, GET = 1, SET = 2 -}; -typedef int fixup_args_fn(enum state state, - const struct translation_st *translation, - struct translation_ctx_st *ctx); -typedef int cleanup_args_fn(enum state state, - const struct translation_st *translation, - struct translation_ctx_st *ctx); - -struct translation_ctx_st { - /* - * The EVP_PKEY_CTX, for calls on that structure, to be pilfered for data - * as necessary. - */ - EVP_PKEY_CTX *pctx; - /* - * The action type (GET or SET). This may be 0 in some cases, and should - * be modified by the fixup_args function in the PRE states. It should - * otherwise remain untouched once set. - */ - enum action action_type; - /* - * For ctrl to params translation, the actual ctrl command number used. - * For params to ctrl translation, 0. - */ - int ctrl_cmd; - /* - * For ctrl_str to params translation, the actual ctrl command string - * used. In this case, the (string) value is always passed as |p2|. - * For params to ctrl translation, this is NULL. Along with it is also - * and indicator whether it matched |ctrl_str| or |ctrl_hexstr| in the - * translation item. - */ - const char *ctrl_str; - int ishex; - /* the ctrl-style int argument. */ - int p1; - /* the ctrl-style void* argument. */ - void *p2; - /* a size, for passing back the |p2| size where applicable */ - size_t sz; - /* pointer to the OSSL_PARAM-style params array. */ - OSSL_PARAM *params; - - /*- - * The following are used entirely internally by the fixup_args functions - * and should not be touched by the callers, at all. - */ - - /* - * Copy of the ctrl-style void* argument, if the fixup_args function - * needs to manipulate |p2| but wants to remember original. - */ - void *orig_p2; - /* Diverse types of storage for the needy. */ - char name_buf[OSSL_MAX_NAME_SIZE]; - void *allocated_buf; - void *bufp; - size_t buflen; -}; - -struct translation_st { - /*- - * What this table item does. - * - * If the item has this set to 0, it means that both GET and SET are - * supported, and |fixup_args| will determine which it is. This is to - * support translations of ctrls where the action type depends on the - * value of |p1| or |p2| (ctrls are really bi-directional, but are - * seldom used that way). - * - * This can be also used in the lookup template when it looks up by - * OSSL_PARAM key, to indicate if a setter or a getter called. - */ - enum action action_type; - - /*- - * Conditions, for params->ctrl translations. - * - * In table item, |keytype1| and |keytype2| can be set to -1 to indicate - * that this item supports all key types (or rather, that |fixup_args| - * will check and return an error if it's not supported). - * Any of these may be set to 0 to indicate that they are unset. - */ - int keytype1; /* The EVP_PKEY_XXX type, i.e. NIDs. #legacy */ - int keytype2; /* Another EVP_PKEY_XXX type, used for aliases */ - int optype; /* The operation type */ - - /* - * Lookup and translation attributes - * - * |ctrl_num|, |ctrl_str|, |ctrl_hexstr| and |param_key| are lookup - * attributes. - * - * |ctrl_num| may be 0 or that |param_key| may be NULL in the table item, - * but not at the same time. If they are, they are simply not used for - * lookup. - * When |ctrl_num| == 0, no ctrl will be called. Likewise, when - * |param_key| == NULL, no OSSL_PARAM setter/getter will be called. - * In that case the treatment of the translation item relies entirely on - * |fixup_args|, which is then assumed to have side effects. - * - * As a special case, it's possible to set |ctrl_hexstr| and assign NULL - * to |ctrl_str|. That will signal to default_fixup_args() that the - * value must always be interpreted as hex. - */ - int ctrl_num; /* EVP_PKEY_CTRL_xxx */ - const char *ctrl_str; /* The corresponding ctrl string */ - const char *ctrl_hexstr; /* The alternative "hex{str}" ctrl string */ - const char *param_key; /* The corresponding OSSL_PARAM key */ - /* - * The appropriate OSSL_PARAM data type. This may be 0 to indicate that - * this OSSL_PARAM may have more than one data type, depending on input - * material. In this case, |fixup_args| is expected to check and handle - * it. - */ - unsigned int param_data_type; - - /* - * Fixer functions - * - * |fixup_args| is always called before (for SET) or after (for GET) - * the actual ctrl / OSSL_PARAM function. - */ - fixup_args_fn *fixup_args; -}; - -/*- - * Fixer function implementations - * ============================== - */ - -/* - * default_check isn't a fixer per se, but rather a helper function to - * perform certain standard checks. - */ -static int default_check(enum state state, - const struct translation_st *translation, - const struct translation_ctx_st *ctx) -{ - switch (state) { - default: - break; - case PRE_CTRL_TO_PARAMS: - if (!ossl_assert(translation != NULL)) { - ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED); - return -2; - } - if (!ossl_assert(translation->param_key != 0) - || !ossl_assert(translation->param_data_type != 0)) { - ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR); - return -1; - } - break; - case PRE_CTRL_STR_TO_PARAMS: - /* - * For ctrl_str to params translation, we allow direct use of - * OSSL_PARAM keys as ctrl_str keys. Therefore, it's possible that - * we end up with |translation == NULL|, which is fine. The fixup - * function will have to deal with it carefully. - */ - if (translation != NULL) { - if (!ossl_assert(translation->action_type != GET)) { - ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED); - return -2; - } - if (!ossl_assert(translation->param_key != NULL) - || !ossl_assert(translation->param_data_type != 0)) { - ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR); - return 0; - } - } - break; - case PRE_PARAMS_TO_CTRL: - case POST_PARAMS_TO_CTRL: - if (!ossl_assert(translation != NULL)) { - ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED); - return -2; - } - if (!ossl_assert(translation->ctrl_num != 0) - || !ossl_assert(translation->param_data_type != 0)) { - ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR); - return -1; - } - } - - /* Nothing else to check */ - return 1; -} - -/*- - * default_fixup_args fixes up all sorts of arguments, governed by the - * diverse attributes in the translation item. It covers all "standard" - * base ctrl functionality, meaning it can handle basic conversion of - * data between p1+p2 (SET) or return value+p2 (GET) as long as the values - * don't have extra semantics (such as NIDs, OIDs, that sort of stuff). - * Extra semantics must be handled via specific fixup_args functions. - * - * The following states and action type combinations have standard handling - * done in this function: - * - * PRE_CTRL_TO_PARAMS, 0 - ERROR. action type must be - * determined by a fixup function. - * PRE_CTRL_TO_PARAMS, SET | GET - |p1| and |p2| are converted to an - * OSSL_PARAM according to the data - * type given in |translattion|. - * For OSSL_PARAM_UNSIGNED_INTEGER, - * a BIGNUM passed as |p2| is accepted. - * POST_CTRL_TO_PARAMS, GET - If the OSSL_PARAM data type is a - * STRING or PTR type, |p1| is set - * to the OSSL_PARAM return size, and - * |p2| is set to the string. - * PRE_CTRL_STR_TO_PARAMS, !SET - ERROR. That combination is not - * supported. - * PRE_CTRL_STR_TO_PARAMS, SET - |p2| is taken as a string, and is - * converted to an OSSL_PARAM in a - * standard manner, guided by the - * param key and data type from - * |translation|. - * PRE_PARAMS_TO_CTRL, SET - the OSSL_PARAM is converted to - * |p1| and |p2| according to the - * data type given in |translation| - * For OSSL_PARAM_UNSIGNED_INTEGER, - * if |p2| is non-NULL, then |*p2| - * is assigned a BIGNUM, otherwise - * |p1| is assigned an unsigned int. - * POST_PARAMS_TO_CTRL, GET - |p1| and |p2| are converted to - * an OSSL_PARAM, in the same manner - * as for the combination of - * PRE_CTRL_TO_PARAMS, SET. - */ -static int default_fixup_args(enum state state, - const struct translation_st *translation, - struct translation_ctx_st *ctx) -{ - int ret; - - if ((ret = default_check(state, translation, ctx)) < 0) - return ret; - - switch (state) { - default: - /* For states this function should never have been called with */ - ERR_raise_data(ERR_LIB_EVP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED, - "[action:%d, state:%d]", ctx->action_type, state); - return 0; - - /* - * PRE_CTRL_TO_PARAMS and POST_CTRL_TO_PARAMS handle ctrl to params - * translations. PRE_CTRL_TO_PARAMS is responsible for preparing - * |*params|, and POST_CTRL_TO_PARAMS is responsible for bringing the - * result back to |*p2| and the return value. - */ - case PRE_CTRL_TO_PARAMS: - /* This is ctrl to params translation, so we need an OSSL_PARAM key */ - if (ctx->action_type == NONE) { - /* - * No action type is an error here. That's a case for a - * special fixup function. - */ - ERR_raise_data(ERR_LIB_EVP, ERR_R_UNSUPPORTED, - "[action:%d, state:%d]", ctx->action_type, state); - return 0; - } - - if (translation->optype != 0) { - if ((EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx->pctx) - && ctx->pctx->op.sig.algctx == NULL) - || (EVP_PKEY_CTX_IS_DERIVE_OP(ctx->pctx) - && ctx->pctx->op.kex.algctx == NULL) - || (EVP_PKEY_CTX_IS_ASYM_CIPHER_OP(ctx->pctx) - && ctx->pctx->op.ciph.algctx == NULL) - || (EVP_PKEY_CTX_IS_KEM_OP(ctx->pctx) - && ctx->pctx->op.encap.algctx == NULL) - /* - * The following may be unnecessary, but we have them - * for good measure... - */ - || (EVP_PKEY_CTX_IS_GEN_OP(ctx->pctx) - && ctx->pctx->op.keymgmt.genctx == NULL) - || (EVP_PKEY_CTX_IS_FROMDATA_OP(ctx->pctx) - && ctx->pctx->op.keymgmt.genctx == NULL)) { - ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED); - /* Uses the same return values as EVP_PKEY_CTX_ctrl */ - return -2; - } - } - - /* - * OSSL_PARAM_construct_TYPE() works equally well for both SET and GET. - */ - switch (translation->param_data_type) { - case OSSL_PARAM_INTEGER: - *ctx->params = OSSL_PARAM_construct_int(translation->param_key, - &ctx->p1); - break; - case OSSL_PARAM_UNSIGNED_INTEGER: - /* - * BIGNUMs are passed via |p2|. For all ctrl's that just want - * to pass a simple integer via |p1|, |p2| is expected to be - * NULL. - * - * Note that this allocates a buffer, which the cleanup function - * must deallocate. - */ - if (ctx->p2 != NULL) { - if (ctx->action_type == SET) { - ctx->buflen = BN_num_bytes(ctx->p2); - if ((ctx->allocated_buf = - OPENSSL_malloc(ctx->buflen)) == NULL) { - ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE); - return 0; - } - if (BN_bn2nativepad(ctx->p2, - ctx->allocated_buf, ctx->buflen) < 0) { - OPENSSL_free(ctx->allocated_buf); - ctx->allocated_buf = NULL; - return 0; - } - *ctx->params = - OSSL_PARAM_construct_BN(translation->param_key, - ctx->allocated_buf, - ctx->buflen); - } else { - /* - * No support for getting a BIGNUM by ctrl, this needs - * fixup_args function support. - */ - ERR_raise_data(ERR_LIB_EVP, ERR_R_UNSUPPORTED, - "[action:%d, state:%d] trying to get a " - "BIGNUM via ctrl call", - ctx->action_type, state); - return 0; - } - } else { - *ctx->params = - OSSL_PARAM_construct_uint(translation->param_key, - (unsigned int *)&ctx->p1); - } - break; - case OSSL_PARAM_UTF8_STRING: - *ctx->params = - OSSL_PARAM_construct_utf8_string(translation->param_key, - ctx->p2, (size_t)ctx->p1); - break; - case OSSL_PARAM_UTF8_PTR: - *ctx->params = - OSSL_PARAM_construct_utf8_ptr(translation->param_key, - ctx->p2, (size_t)ctx->p1); - break; - case OSSL_PARAM_OCTET_STRING: - *ctx->params = - OSSL_PARAM_construct_octet_string(translation->param_key, - ctx->p2, (size_t)ctx->p1); - break; - case OSSL_PARAM_OCTET_PTR: - *ctx->params = - OSSL_PARAM_construct_octet_ptr(translation->param_key, - ctx->p2, (size_t)ctx->p1); - break; - } - break; - case POST_CTRL_TO_PARAMS: - /* - * Because EVP_PKEY_CTX_ctrl() returns the length of certain objects - * as its return value, we need to ensure that we do it here as well, - * for the OSSL_PARAM data types where this makes sense. - */ - if (ctx->action_type == GET) { - switch (translation->param_data_type) { - case OSSL_PARAM_UTF8_STRING: - case OSSL_PARAM_UTF8_PTR: - case OSSL_PARAM_OCTET_STRING: - case OSSL_PARAM_OCTET_PTR: - ctx->p1 = (int)ctx->params[0].return_size; - break; - } - } - break; - - /* - * PRE_CTRL_STR_TO_PARAMS and POST_CTRL_STR_TO_PARAMS handle ctrl_str to - * params translations. PRE_CTRL_TO_PARAMS is responsible for preparing - * |*params|, and POST_CTRL_TO_PARAMS currently has nothing to do, since - * there's no support for getting data via ctrl_str calls. - */ - case PRE_CTRL_STR_TO_PARAMS: - { - /* This is ctrl_str to params translation */ - const char *tmp_ctrl_str = ctx->ctrl_str; - const char *orig_ctrl_str = ctx->ctrl_str; - const char *orig_value = ctx->p2; - const OSSL_PARAM *settable = NULL; - int exists = 0; - - /* Only setting is supported here */ - if (ctx->action_type != SET) { - ERR_raise_data(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED, - "[action:%d, state:%d] only setting allowed", - ctx->action_type, state); - return 0; - } - - /* - * If no translation exists, we simply pass the control string - * unmodified. - */ - if (translation != NULL) { - tmp_ctrl_str = ctx->ctrl_str = translation->param_key; - - if (ctx->ishex) { - strcpy(ctx->name_buf, "hex"); - if (OPENSSL_strlcat(ctx->name_buf, tmp_ctrl_str, - sizeof(ctx->name_buf)) <= 3) { - ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR); - return -1; - } - tmp_ctrl_str = ctx->name_buf; - } - } - - settable = EVP_PKEY_CTX_settable_params(ctx->pctx); - if (!OSSL_PARAM_allocate_from_text(ctx->params, settable, - tmp_ctrl_str, - ctx->p2, strlen(ctx->p2), - &exists)) { - if (!exists) { - ERR_raise_data(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED, - "[action:%d, state:%d] name=%s, value=%s", - ctx->action_type, state, - orig_ctrl_str, orig_value); - return -2; - } - return 0; - } - ctx->allocated_buf = ctx->params->data; - ctx->buflen = ctx->params->data_size; - } - break; - case POST_CTRL_STR_TO_PARAMS: - /* Nothing to be done */ - break; - - /* - * PRE_PARAMS_TO_CTRL and POST_PARAMS_TO_CTRL handle params to ctrl - * translations. PRE_PARAMS_TO_CTRL is responsible for preparing - * |p1| and |p2|, and POST_PARAMS_TO_CTRL is responsible for bringing - * the EVP_PKEY_CTX_ctrl() return value (passed as |p1|) and |p2| back - * to |*params|. - * - * PKEY is treated just like POST_PARAMS_TO_CTRL, making it easy - * for the related fixup_args functions to just set |p1| and |p2| - * appropriately and leave it to this section of code to fix up - * |ctx->params| accordingly. - */ - case PKEY: - case POST_PARAMS_TO_CTRL: - ret = ctx->p1; - /* FALLTHRU */ - case PRE_PARAMS_TO_CTRL: - { - /* This is params to ctrl translation */ - if (state == PRE_PARAMS_TO_CTRL && ctx->action_type == SET) { - /* For the PRE state, only setting needs some work to be done */ - - /* When setting, we populate |p1| and |p2| from |*params| */ - switch (translation->param_data_type) { - case OSSL_PARAM_INTEGER: - return OSSL_PARAM_get_int(ctx->params, &ctx->p1); - case OSSL_PARAM_UNSIGNED_INTEGER: - if (ctx->p2 != NULL) { - /* BIGNUM passed down with p2 */ - if (!OSSL_PARAM_get_BN(ctx->params, ctx->p2)) - return 0; - } else { - /* Normal C unsigned int passed down */ - if (!OSSL_PARAM_get_uint(ctx->params, - (unsigned int *)&ctx->p1)) - return 0; - } - return 1; - case OSSL_PARAM_UTF8_STRING: - return OSSL_PARAM_get_utf8_string(ctx->params, - ctx->p2, ctx->sz); - case OSSL_PARAM_OCTET_STRING: - return OSSL_PARAM_get_octet_string(ctx->params, - ctx->p2, ctx->sz, - &ctx->sz); - case OSSL_PARAM_OCTET_PTR: - return OSSL_PARAM_get_octet_ptr(ctx->params, - ctx->p2, &ctx->sz); - default: - ERR_raise_data(ERR_LIB_EVP, ERR_R_UNSUPPORTED, - "[action:%d, state:%d] " - "unknown OSSL_PARAM data type %d", - ctx->action_type, state, - translation->param_data_type); - return 0; - } - } else if ((state == POST_PARAMS_TO_CTRL || state == PKEY) - && ctx->action_type == GET) { - /* For the POST state, only getting needs some work to be done */ - unsigned int param_data_type = translation->param_data_type; - size_t size = (size_t)ctx->p1; - - if (state == PKEY) - size = ctx->sz; - if (param_data_type == 0) { - /* we must have a fixup_args function to work */ - if (!ossl_assert(translation->fixup_args != NULL)) { - ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR); - return 0; - } - param_data_type = ctx->params->data_type; - } - /* When getting, we populate |*params| from |p1| and |p2| */ - switch (param_data_type) { - case OSSL_PARAM_INTEGER: - return OSSL_PARAM_set_int(ctx->params, ctx->p1); - case OSSL_PARAM_UNSIGNED_INTEGER: - if (ctx->p2 != NULL) { - /* BIGNUM passed back */ - return OSSL_PARAM_set_BN(ctx->params, ctx->p2); - } else { - /* Normal C unsigned int passed back */ - return OSSL_PARAM_set_uint(ctx->params, - (unsigned int)ctx->p1); - } - return 0; - case OSSL_PARAM_UTF8_STRING: - return OSSL_PARAM_set_utf8_string(ctx->params, ctx->p2); - case OSSL_PARAM_OCTET_STRING: - return OSSL_PARAM_set_octet_string(ctx->params, ctx->p2, - size); - case OSSL_PARAM_OCTET_PTR: - return OSSL_PARAM_set_octet_ptr(ctx->params, ctx->p2, - size); - default: - ERR_raise_data(ERR_LIB_EVP, ERR_R_UNSUPPORTED, - "[action:%d, state:%d] " - "unsupported OSSL_PARAM data type %d", - ctx->action_type, state, - translation->param_data_type); - return 0; - } - } - } - /* Any other combination is simply pass-through */ - break; - } - return ret; -} - -static int -cleanup_translation_ctx(enum state state, - const struct translation_st *translation, - struct translation_ctx_st *ctx) -{ - if (ctx->allocated_buf != NULL) - OPENSSL_free(ctx->allocated_buf); - ctx->allocated_buf = NULL; - return 1; -} - -/* - * fix_cipher_md fixes up an EVP_CIPHER / EVP_MD to its name on SET, - * and cipher / md name to EVP_MD on GET. - */ -static const char *get_cipher_name(void *cipher) -{ - return EVP_CIPHER_get0_name(cipher); -} - -static const char *get_md_name(void *md) -{ - return EVP_MD_get0_name(md); -} - -static const void *get_cipher_by_name(OSSL_LIB_CTX *libctx, const char *name) -{ - return evp_get_cipherbyname_ex(libctx, name); -} - -static const void *get_md_by_name(OSSL_LIB_CTX *libctx, const char *name) -{ - return evp_get_digestbyname_ex(libctx, name); -} - -static int fix_cipher_md(enum state state, - const struct translation_st *translation, - struct translation_ctx_st *ctx, - const char *(*get_name)(void *algo), - const void *(*get_algo_by_name)(OSSL_LIB_CTX *libctx, - const char *name)) -{ - int ret = 1; - - if ((ret = default_check(state, translation, ctx)) <= 0) - return ret; - - if (state == PRE_CTRL_TO_PARAMS && ctx->action_type == GET) { - /* - * |ctx->p2| contains the address to an EVP_CIPHER or EVP_MD pointer - * to be filled in. We need to remember it, then make |ctx->p2| - * point at a buffer to be filled in with the name, and |ctx->p1| - * with its size. default_fixup_args() will take care of the rest - * for us. - */ - ctx->orig_p2 = ctx->p2; - ctx->p2 = ctx->name_buf; - ctx->p1 = sizeof(ctx->name_buf); - } else if (state == PRE_CTRL_TO_PARAMS && ctx->action_type == SET) { - /* - * In different parts of OpenSSL, this ctrl command is used - * differently. Some calls pass a NID as p1, others pass an - * EVP_CIPHER pointer as p2... - */ - ctx->p2 = (char *)(ctx->p2 == NULL - ? OBJ_nid2sn(ctx->p1) - : get_name(ctx->p2)); - ctx->p1 = strlen(ctx->p2); - } else if (state == POST_PARAMS_TO_CTRL && ctx->action_type == GET) { - ctx->p2 = (ctx->p2 == NULL ? "" : (char *)get_name(ctx->p2)); - ctx->p1 = strlen(ctx->p2); - } - - if ((ret = default_fixup_args(state, translation, ctx)) <= 0) - return ret; - - if (state == POST_CTRL_TO_PARAMS && ctx->action_type == GET) { - /* - * Here's how we re-use |ctx->orig_p2| that was set in the - * PRE_CTRL_TO_PARAMS state above. - */ - *(void **)ctx->orig_p2 = - (void *)get_algo_by_name(ctx->pctx->libctx, ctx->p2); - ctx->p1 = 1; - } else if (state == PRE_PARAMS_TO_CTRL && ctx->action_type == SET) { - ctx->p2 = (void *)get_algo_by_name(ctx->pctx->libctx, ctx->p2); - ctx->p1 = 0; - } - - return ret; -} - -static int fix_cipher(enum state state, - const struct translation_st *translation, - struct translation_ctx_st *ctx) -{ - return fix_cipher_md(state, translation, ctx, - get_cipher_name, get_cipher_by_name); -} - -static int fix_md(enum state state, - const struct translation_st *translation, - struct translation_ctx_st *ctx) -{ - return fix_cipher_md(state, translation, ctx, - get_md_name, get_md_by_name); -} - -static int fix_distid_len(enum state state, - const struct translation_st *translation, - struct translation_ctx_st *ctx) -{ - int ret = default_fixup_args(state, translation, ctx); - - if (ret > 0) { - ret = 0; - if ((state == POST_CTRL_TO_PARAMS - || state == POST_CTRL_STR_TO_PARAMS) && ctx->action_type == GET) { - *(size_t *)ctx->p2 = ctx->sz; - ret = 1; - } - } - return ret; -} - -struct kdf_type_map_st { - int kdf_type_num; - const char *kdf_type_str; -}; - -static int fix_kdf_type(enum state state, - const struct translation_st *translation, - struct translation_ctx_st *ctx, - const struct kdf_type_map_st *kdf_type_map) -{ - /* - * The EVP_PKEY_CTRL_DH_KDF_TYPE ctrl command is a bit special, in - * that it's used both for setting a value, and for getting it, all - * depending on the value if |p1|; if |p1| is -2, the backend is - * supposed to place the current kdf type in |p2|, and if not, |p1| - * is interpreted as the new kdf type. - */ - int ret = 0; - - if ((ret = default_check(state, translation, ctx)) <= 0) - return ret; - - if (state == PRE_CTRL_TO_PARAMS) { - /* - * In |translations|, the initial value for |ctx->action_type| must - * be NONE. - */ - if (!ossl_assert(ctx->action_type == NONE)) - return 0; - - /* The action type depends on the value of *p1 */ - if (ctx->p1 == -2) { - /* - * The OSSL_PARAMS getter needs space to store a copy of the kdf - * type string. We use |ctx->name_buf|, which has enough space - * allocated. - * - * (this wouldn't be needed if the OSSL_xxx_PARAM_KDF_TYPE - * had the data type OSSL_PARAM_UTF8_PTR) - */ - ctx->p2 = ctx->name_buf; - ctx->p1 = sizeof(ctx->name_buf); - ctx->action_type = GET; - } else { - ctx->action_type = SET; - } - } - - if ((ret = default_check(state, translation, ctx)) <= 0) - return ret; - - if ((state == PRE_CTRL_TO_PARAMS && ctx->action_type == SET) - || (state == POST_PARAMS_TO_CTRL && ctx->action_type == GET)) { - ret = -2; - /* Convert KDF type numbers to strings */ - for (; kdf_type_map->kdf_type_str != NULL; kdf_type_map++) - if (ctx->p1 == kdf_type_map->kdf_type_num) { - ctx->p2 = (char *)kdf_type_map->kdf_type_str; - ret = 1; - break; - } - if (ret <= 0) - goto end; - ctx->p1 = strlen(ctx->p2); - } - - if ((ret = default_fixup_args(state, translation, ctx)) <= 0) - return ret; - - if ((state == POST_CTRL_TO_PARAMS && ctx->action_type == GET) - || (state == PRE_PARAMS_TO_CTRL && ctx->action_type == SET)) { - ctx->p1 = ret = -1; - - /* Convert KDF type strings to numbers */ - for (; kdf_type_map->kdf_type_str != NULL; kdf_type_map++) - if (OPENSSL_strcasecmp(ctx->p2, kdf_type_map->kdf_type_str) == 0) { - ctx->p1 = kdf_type_map->kdf_type_num; - ret = 1; - break; - } - ctx->p2 = NULL; - } else if (state == PRE_PARAMS_TO_CTRL && ctx->action_type == GET) { - ctx->p1 = -2; - } - end: - return ret; -} - -/* EVP_PKEY_CTRL_DH_KDF_TYPE */ -static int fix_dh_kdf_type(enum state state, - const struct translation_st *translation, - struct translation_ctx_st *ctx) -{ - static const struct kdf_type_map_st kdf_type_map[] = { - { EVP_PKEY_DH_KDF_NONE, "" }, - { EVP_PKEY_DH_KDF_X9_42, OSSL_KDF_NAME_X942KDF_ASN1 }, - { 0, NULL } - }; - - return fix_kdf_type(state, translation, ctx, kdf_type_map); -} - -/* EVP_PKEY_CTRL_EC_KDF_TYPE */ -static int fix_ec_kdf_type(enum state state, - const struct translation_st *translation, - struct translation_ctx_st *ctx) -{ - static const struct kdf_type_map_st kdf_type_map[] = { - { EVP_PKEY_ECDH_KDF_NONE, "" }, - { EVP_PKEY_ECDH_KDF_X9_63, OSSL_KDF_NAME_X963KDF }, - { 0, NULL } - }; - - return fix_kdf_type(state, translation, ctx, kdf_type_map); -} - -/* EVP_PKEY_CTRL_DH_KDF_OID, EVP_PKEY_CTRL_GET_DH_KDF_OID, ...??? */ -static int fix_oid(enum state state, - const struct translation_st *translation, - struct translation_ctx_st *ctx) -{ - int ret; - - if ((ret = default_check(state, translation, ctx)) <= 0) - return ret; - - if ((state == PRE_CTRL_TO_PARAMS && ctx->action_type == SET) - || (state == POST_PARAMS_TO_CTRL && ctx->action_type == GET)) { - /* - * We're translating from ctrl to params and setting the OID, or - * we're translating from params to ctrl and getting the OID. - * Either way, |ctx->p2| points at an ASN1_OBJECT, and needs to have - * that replaced with the corresponding name. - * default_fixup_args() will then be able to convert that to the - * corresponding OSSL_PARAM. - */ - OBJ_obj2txt(ctx->name_buf, sizeof(ctx->name_buf), ctx->p2, 0); - ctx->p2 = (char *)ctx->name_buf; - ctx->p1 = 0; /* let default_fixup_args() figure out the length */ - } - - if ((ret = default_fixup_args(state, translation, ctx)) <= 0) - return ret; - - if ((state == PRE_PARAMS_TO_CTRL && ctx->action_type == SET) - || (state == POST_CTRL_TO_PARAMS && ctx->action_type == GET)) { - /* - * We're translating from ctrl to params and setting the OID name, - * or we're translating from params to ctrl and getting the OID - * name. Either way, default_fixup_args() has placed the OID name - * in |ctx->p2|, all we need to do now is to replace that with the - * corresponding ASN1_OBJECT. - */ - ctx->p2 = (ASN1_OBJECT *)OBJ_txt2obj(ctx->p2, 0); - } - - return ret; -} - -/* EVP_PKEY_CTRL_DH_NID */ -static int fix_dh_nid(enum state state, - const struct translation_st *translation, - struct translation_ctx_st *ctx) -{ - int ret; - - if ((ret = default_check(state, translation, ctx)) <= 0) - return ret; - - /* This is only settable */ - if (ctx->action_type != SET) - return 0; - - if (state == PRE_CTRL_TO_PARAMS) { - if ((ctx->p2 = (char *)ossl_ffc_named_group_get_name - (ossl_ffc_uid_to_dh_named_group(ctx->p1))) == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_VALUE); - return 0; - } - ctx->p1 = 0; - } - - return default_fixup_args(state, translation, ctx); -} - -/* EVP_PKEY_CTRL_DH_RFC5114 */ -static int fix_dh_nid5114(enum state state, - const struct translation_st *translation, - struct translation_ctx_st *ctx) -{ - int ret; - - if ((ret = default_check(state, translation, ctx)) <= 0) - return ret; - - /* This is only settable */ - if (ctx->action_type != SET) - return 0; - - switch (state) { - case PRE_CTRL_TO_PARAMS: - if ((ctx->p2 = (char *)ossl_ffc_named_group_get_name - (ossl_ffc_uid_to_dh_named_group(ctx->p1))) == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_VALUE); - return 0; - } - - ctx->p1 = 0; - break; - - case PRE_CTRL_STR_TO_PARAMS: - if (ctx->p2 == NULL) - return 0; - if ((ctx->p2 = (char *)ossl_ffc_named_group_get_name - (ossl_ffc_uid_to_dh_named_group(atoi(ctx->p2)))) == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_VALUE); - return 0; - } - - ctx->p1 = 0; - break; - - default: - break; - } - - return default_fixup_args(state, translation, ctx); -} - -/* EVP_PKEY_CTRL_DH_PARAMGEN_TYPE */ -static int fix_dh_paramgen_type(enum state state, - const struct translation_st *translation, - struct translation_ctx_st *ctx) -{ - int ret; - - if ((ret = default_check(state, translation, ctx)) <= 0) - return ret; - - /* This is only settable */ - if (ctx->action_type != SET) - return 0; - - if (state == PRE_CTRL_STR_TO_PARAMS) { - if ((ctx->p2 = (char *)ossl_dh_gen_type_id2name(atoi(ctx->p2))) - == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_VALUE); - return 0; - } - ctx->p1 = strlen(ctx->p2); - } - - return default_fixup_args(state, translation, ctx); -} - -/* EVP_PKEY_CTRL_EC_PARAM_ENC */ -static int fix_ec_param_enc(enum state state, - const struct translation_st *translation, - struct translation_ctx_st *ctx) -{ - int ret; - - if ((ret = default_check(state, translation, ctx)) <= 0) - return ret; - - /* This is currently only settable */ - if (ctx->action_type != SET) - return 0; - - if (state == PRE_CTRL_TO_PARAMS) { - switch (ctx->p1) { - case OPENSSL_EC_EXPLICIT_CURVE: - ctx->p2 = OSSL_PKEY_EC_ENCODING_EXPLICIT; - break; - case OPENSSL_EC_NAMED_CURVE: - ctx->p2 = OSSL_PKEY_EC_ENCODING_GROUP; - break; - default: - ret = -2; - goto end; - } - ctx->p1 = 0; - } - - if ((ret = default_fixup_args(state, translation, ctx)) <= 0) - return ret; - - if (state == PRE_PARAMS_TO_CTRL) { - if (strcmp(ctx->p2, OSSL_PKEY_EC_ENCODING_EXPLICIT) == 0) - ctx->p1 = OPENSSL_EC_EXPLICIT_CURVE; - else if (strcmp(ctx->p2, OSSL_PKEY_EC_ENCODING_GROUP) == 0) - ctx->p1 = OPENSSL_EC_NAMED_CURVE; - else - ctx->p1 = ret = -2; - ctx->p2 = NULL; - } - - end: - if (ret == -2) - ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED); - return ret; -} - -/* EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID */ -static int fix_ec_paramgen_curve_nid(enum state state, - const struct translation_st *translation, - struct translation_ctx_st *ctx) -{ - int ret; - - if ((ret = default_check(state, translation, ctx)) <= 0) - return ret; - - /* This is currently only settable */ - if (ctx->action_type != SET) - return 0; - - if (state == PRE_CTRL_TO_PARAMS) { - ctx->p2 = (char *)OBJ_nid2sn(ctx->p1); - ctx->p1 = 0; - } - - if ((ret = default_fixup_args(state, translation, ctx)) <= 0) - return ret; - - if (state == PRE_PARAMS_TO_CTRL) { - ctx->p1 = OBJ_sn2nid(ctx->p2); - ctx->p2 = NULL; - } - - return ret; -} - -/* EVP_PKEY_CTRL_EC_ECDH_COFACTOR */ -static int fix_ecdh_cofactor(enum state state, - const struct translation_st *translation, - struct translation_ctx_st *ctx) -{ - /* - * The EVP_PKEY_CTRL_EC_ECDH_COFACTOR ctrl command is a bit special, in - * that it's used both for setting a value, and for getting it, all - * depending on the value if |ctx->p1|; if |ctx->p1| is -2, the backend is - * supposed to place the current cofactor mode in |ctx->p2|, and if not, - * |ctx->p1| is interpreted as the new cofactor mode. - */ - int ret = 0; - - if (state == PRE_CTRL_TO_PARAMS) { - /* - * The initial value for |ctx->action_type| must be zero. - * evp_pkey_ctrl_to_params() takes it from the translation item. - */ - if (!ossl_assert(ctx->action_type == NONE)) - return 0; - - /* The action type depends on the value of ctx->p1 */ - if (ctx->p1 == -2) - ctx->action_type = GET; - else - ctx->action_type = SET; - } else if (state == PRE_CTRL_STR_TO_PARAMS) { - ctx->action_type = SET; - } else if (state == PRE_PARAMS_TO_CTRL) { - /* The initial value for |ctx->action_type| must not be zero. */ - if (!ossl_assert(ctx->action_type != NONE)) - return 0; - } - - if ((ret = default_check(state, translation, ctx)) <= 0) - return ret; - - if (state == PRE_CTRL_TO_PARAMS && ctx->action_type == SET) { - if (ctx->p1 < -1 || ctx->p1 > 1) { - /* Uses the same return value of pkey_ec_ctrl() */ - return -2; - } - } - - if ((ret = default_fixup_args(state, translation, ctx)) <= 0) - return ret; - - if (state == POST_CTRL_TO_PARAMS && ctx->action_type == GET) { - if (ctx->p1 < 0 || ctx->p1 > 1) { - /* - * The provider should return either 0 or 1, any other value is a - * provider error. - */ - ctx->p1 = ret = -1; - } - } else if (state == PRE_PARAMS_TO_CTRL && ctx->action_type == GET) { - ctx->p1 = -2; - } - - return ret; -} - -/* EVP_PKEY_CTRL_RSA_PADDING, EVP_PKEY_CTRL_GET_RSA_PADDING */ -static int fix_rsa_padding_mode(enum state state, - const struct translation_st *translation, - struct translation_ctx_st *ctx) -{ - static const OSSL_ITEM str_value_map[] = { - { RSA_PKCS1_PADDING, "pkcs1" }, - { RSA_NO_PADDING, "none" }, - { RSA_PKCS1_OAEP_PADDING, "oaep" }, - { RSA_PKCS1_OAEP_PADDING, "oeap" }, - { RSA_X931_PADDING, "x931" }, - { RSA_PKCS1_PSS_PADDING, "pss" }, - /* Special case, will pass directly as an integer */ - { RSA_PKCS1_WITH_TLS_PADDING, NULL } - }; - int ret; - - if ((ret = default_check(state, translation, ctx)) <= 0) - return ret; - - if (state == PRE_CTRL_TO_PARAMS && ctx->action_type == GET) { - /* - * EVP_PKEY_CTRL_GET_RSA_PADDING returns the padding mode in the - * weirdest way for a ctrl. Instead of doing like all other ctrls - * that return a simple, i.e. just have that as a return value, - * this particular ctrl treats p2 as the address for the int to be - * returned. We must therefore remember |ctx->p2|, then make - * |ctx->p2| point at a buffer to be filled in with the name, and - * |ctx->p1| with its size. default_fixup_args() will take care - * of the rest for us, along with the POST_CTRL_TO_PARAMS && GET - * code section further down. - */ - ctx->orig_p2 = ctx->p2; - ctx->p2 = ctx->name_buf; - ctx->p1 = sizeof(ctx->name_buf); - } else if (state == PRE_CTRL_TO_PARAMS && ctx->action_type == SET) { - /* - * Ideally, we should use utf8 strings for the diverse padding modes. - * We only came here because someone called EVP_PKEY_CTX_ctrl(), - * though, and since that can reasonably be seen as legacy code - * that uses the diverse RSA macros for the padding mode, and we - * know that at least our providers can handle the numeric modes, - * we take the cheap route for now. - * - * The other solution would be to match |ctx->p1| against entries - * in str_value_map and pass the corresponding string. However, - * since we don't have a string for RSA_PKCS1_WITH_TLS_PADDING, - * we have to do this same hack at least for that one. - * - * Since the "official" data type for the RSA padding mode is utf8 - * string, we cannot count on default_fixup_args(). Instead, we - * build the OSSL_PARAM item ourselves and return immediately. - */ - ctx->params[0] = OSSL_PARAM_construct_int(translation->param_key, - &ctx->p1); - return 1; - } else if (state == POST_PARAMS_TO_CTRL && ctx->action_type == GET) { - size_t i; - - /* - * The EVP_PKEY_CTX_get_params() caller may have asked for a utf8 - * string, or may have asked for an integer of some sort. If they - * ask for an integer, we respond directly. If not, we translate - * the response from the ctrl function into a string. - */ - switch (ctx->params->data_type) { - case OSSL_PARAM_INTEGER: - return OSSL_PARAM_get_int(ctx->params, &ctx->p1); - case OSSL_PARAM_UNSIGNED_INTEGER: - return OSSL_PARAM_get_uint(ctx->params, (unsigned int *)&ctx->p1); - default: - break; - } - - for (i = 0; i < OSSL_NELEM(str_value_map); i++) { - if (ctx->p1 == (int)str_value_map[i].id) - break; - } - if (i == OSSL_NELEM(str_value_map)) { - ERR_raise_data(ERR_LIB_RSA, RSA_R_UNKNOWN_PADDING_TYPE, - "[action:%d, state:%d] padding number %d", - ctx->action_type, state, ctx->p1); - return -2; - } - /* - * If we don't have a string, we can't do anything. The caller - * should have asked for a number... - */ - if (str_value_map[i].ptr == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED); - return -2; - } - ctx->p2 = str_value_map[i].ptr; - ctx->p1 = strlen(ctx->p2); - } - - if ((ret = default_fixup_args(state, translation, ctx)) <= 0) - return ret; - - if ((ctx->action_type == SET && state == PRE_PARAMS_TO_CTRL) - || (ctx->action_type == GET && state == POST_CTRL_TO_PARAMS)) { - size_t i; - - for (i = 0; i < OSSL_NELEM(str_value_map); i++) { - if (strcmp(ctx->p2, str_value_map[i].ptr) == 0) - break; - } - - if (i == OSSL_NELEM(str_value_map)) { - ERR_raise_data(ERR_LIB_RSA, RSA_R_UNKNOWN_PADDING_TYPE, - "[action:%d, state:%d] padding name %s", - ctx->action_type, state, ctx->p1); - ctx->p1 = ret = -2; - } else if (state == POST_CTRL_TO_PARAMS) { - /* EVP_PKEY_CTRL_GET_RSA_PADDING weirdness explained further up */ - *(int *)ctx->orig_p2 = str_value_map[i].id; - } else { - ctx->p1 = str_value_map[i].id; - } - ctx->p2 = NULL; - } - - return ret; -} - -/* EVP_PKEY_CTRL_RSA_PSS_SALTLEN, EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN */ -static int fix_rsa_pss_saltlen(enum state state, - const struct translation_st *translation, - struct translation_ctx_st *ctx) -{ - static const OSSL_ITEM str_value_map[] = { - { (unsigned int)RSA_PSS_SALTLEN_DIGEST, "digest" }, - { (unsigned int)RSA_PSS_SALTLEN_MAX, "max" }, - { (unsigned int)RSA_PSS_SALTLEN_AUTO, "auto" } - }; - int ret; - - if ((ret = default_check(state, translation, ctx)) <= 0) - return ret; - - if (state == PRE_CTRL_TO_PARAMS && ctx->action_type == GET) { - /* - * EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN returns the saltlen by filling - * in the int pointed at by p2. This is potentially as weird as - * the way EVP_PKEY_CTRL_GET_RSA_PADDING works, except that saltlen - * might be a negative value, so it wouldn't work as a legitimate - * return value. - * In any case, we must therefore remember |ctx->p2|, then make - * |ctx->p2| point at a buffer to be filled in with the name, and - * |ctx->p1| with its size. default_fixup_args() will take care - * of the rest for us, along with the POST_CTRL_TO_PARAMS && GET - * code section further down. - */ - ctx->orig_p2 = ctx->p2; - ctx->p2 = ctx->name_buf; - ctx->p1 = sizeof(ctx->name_buf); - } else if ((ctx->action_type == SET && state == PRE_CTRL_TO_PARAMS) - || (ctx->action_type == GET && state == POST_PARAMS_TO_CTRL)) { - size_t i; - - for (i = 0; i < OSSL_NELEM(str_value_map); i++) { - if (ctx->p1 == (int)str_value_map[i].id) - break; - } - if (i == OSSL_NELEM(str_value_map)) { - BIO_snprintf(ctx->name_buf, sizeof(ctx->name_buf), "%d", ctx->p1); - } else { - /* This won't truncate but it will quiet static analysers */ - strncpy(ctx->name_buf, str_value_map[i].ptr, sizeof(ctx->name_buf) - 1); - ctx->name_buf[sizeof(ctx->name_buf) - 1] = '\0'; - } - ctx->p2 = ctx->name_buf; - ctx->p1 = strlen(ctx->p2); - } - - if ((ret = default_fixup_args(state, translation, ctx)) <= 0) - return ret; - - if ((ctx->action_type == SET && state == PRE_PARAMS_TO_CTRL) - || (ctx->action_type == GET && state == POST_CTRL_TO_PARAMS)) { - size_t i; - int val; - - for (i = 0; i < OSSL_NELEM(str_value_map); i++) { - if (strcmp(ctx->p2, str_value_map[i].ptr) == 0) - break; - } - - val = i == OSSL_NELEM(str_value_map) ? atoi(ctx->p2) - : (int)str_value_map[i].id; - if (state == POST_CTRL_TO_PARAMS) { - /* - * EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN weirdness explained further - * up - */ - *(int *)ctx->orig_p2 = val; - } else { - ctx->p1 = val; - } - ctx->p2 = NULL; - } - - return ret; -} - -/* EVP_PKEY_CTRL_HKDF_MODE */ -static int fix_hkdf_mode(enum state state, - const struct translation_st *translation, - struct translation_ctx_st *ctx) -{ - static const OSSL_ITEM str_value_map[] = { - { EVP_KDF_HKDF_MODE_EXTRACT_AND_EXPAND, "EXTRACT_AND_EXPAND" }, - { EVP_KDF_HKDF_MODE_EXTRACT_ONLY, "EXTRACT_ONLY" }, - { EVP_KDF_HKDF_MODE_EXPAND_ONLY, "EXPAND_ONLY" } - }; - int ret; - - if ((ret = default_check(state, translation, ctx)) <= 0) - return ret; - - if ((ctx->action_type == SET && state == PRE_CTRL_TO_PARAMS) - || (ctx->action_type == GET && state == POST_PARAMS_TO_CTRL)) { - size_t i; - - for (i = 0; i < OSSL_NELEM(str_value_map); i++) { - if (ctx->p1 == (int)str_value_map[i].id) - break; - } - if (i == OSSL_NELEM(str_value_map)) - return 0; - ctx->p2 = str_value_map[i].ptr; - ctx->p1 = strlen(ctx->p2); - } - - if ((ret = default_fixup_args(state, translation, ctx)) <= 0) - return ret; - - if ((ctx->action_type == SET && state == PRE_PARAMS_TO_CTRL) - || (ctx->action_type == GET && state == POST_CTRL_TO_PARAMS)) { - size_t i; - - for (i = 0; i < OSSL_NELEM(str_value_map); i++) { - if (strcmp(ctx->p2, str_value_map[i].ptr) == 0) - break; - } - if (i == OSSL_NELEM(str_value_map)) - return 0; - if (state == POST_CTRL_TO_PARAMS) - ret = str_value_map[i].id; - else - ctx->p1 = str_value_map[i].id; - ctx->p2 = NULL; - } - - return 1; -} - -/*- - * Payload getters - * =============== - * - * These all get the data they want, then call default_fixup_args() as - * a post-ctrl GET fixup. They all get NULL ctx, ctrl_cmd, ctrl_str, - * p1, sz - */ - -/* Pilfering DH, DSA and EC_KEY */ -static int get_payload_group_name(enum state state, - const struct translation_st *translation, - struct translation_ctx_st *ctx) -{ - EVP_PKEY *pkey = ctx->p2; - - ctx->p2 = NULL; - switch (EVP_PKEY_get_base_id(pkey)) { -#ifndef OPENSSL_NO_DH - case EVP_PKEY_DH: - { - const DH *dh = EVP_PKEY_get0_DH(pkey); - int uid = DH_get_nid(dh); - - if (uid != NID_undef) { - const DH_NAMED_GROUP *dh_group = - ossl_ffc_uid_to_dh_named_group(uid); - - ctx->p2 = (char *)ossl_ffc_named_group_get_name(dh_group); - } - } - break; -#endif -#ifndef OPENSSL_NO_EC - case EVP_PKEY_EC: - { - const EC_GROUP *grp = - EC_KEY_get0_group(EVP_PKEY_get0_EC_KEY(pkey)); - int nid = NID_undef; - - if (grp != NULL) - nid = EC_GROUP_get_curve_name(grp); - if (nid != NID_undef) - ctx->p2 = (char *)OSSL_EC_curve_nid2name(nid); - } - break; -#endif - default: - ERR_raise(ERR_LIB_EVP, EVP_R_UNSUPPORTED_KEY_TYPE); - return 0; - } - - /* - * Quietly ignoring unknown groups matches the behaviour on the provider - * side. - */ - if (ctx->p2 == NULL) - return 1; - - ctx->p1 = strlen(ctx->p2); - return default_fixup_args(state, translation, ctx); -} - -static int get_payload_private_key(enum state state, - const struct translation_st *translation, - struct translation_ctx_st *ctx) -{ - EVP_PKEY *pkey = ctx->p2; - - ctx->p2 = NULL; - if (ctx->params->data_type != OSSL_PARAM_UNSIGNED_INTEGER) - return 0; - - switch (EVP_PKEY_get_base_id(pkey)) { -#ifndef OPENSSL_NO_DH - case EVP_PKEY_DH: - { - const DH *dh = EVP_PKEY_get0_DH(pkey); - - ctx->p2 = (BIGNUM *)DH_get0_priv_key(dh); - } - break; -#endif -#ifndef OPENSSL_NO_EC - case EVP_PKEY_EC: - { - const EC_KEY *ec = EVP_PKEY_get0_EC_KEY(pkey); - - ctx->p2 = (BIGNUM *)EC_KEY_get0_private_key(ec); - } - break; -#endif - default: - ERR_raise(ERR_LIB_EVP, EVP_R_UNSUPPORTED_KEY_TYPE); - return 0; - } - - return default_fixup_args(state, translation, ctx); -} - -static int get_payload_public_key(enum state state, - const struct translation_st *translation, - struct translation_ctx_st *ctx) -{ - EVP_PKEY *pkey = ctx->p2; - unsigned char *buf = NULL; - int ret; - - ctx->p2 = NULL; - switch (EVP_PKEY_get_base_id(pkey)) { -#ifndef OPENSSL_NO_DH - case EVP_PKEY_DHX: - case EVP_PKEY_DH: - switch (ctx->params->data_type) { - case OSSL_PARAM_OCTET_STRING: - ctx->sz = ossl_dh_key2buf(EVP_PKEY_get0_DH(pkey), &buf, 0, 1); - ctx->p2 = buf; - break; - case OSSL_PARAM_UNSIGNED_INTEGER: - ctx->p2 = (void *)DH_get0_pub_key(EVP_PKEY_get0_DH(pkey)); - break; - default: - return 0; - } - break; -#endif -#ifndef OPENSSL_NO_DSA - case EVP_PKEY_DSA: - if (ctx->params->data_type == OSSL_PARAM_UNSIGNED_INTEGER) { - ctx->p2 = (void *)DSA_get0_pub_key(EVP_PKEY_get0_DSA(pkey)); - break; - } - return 0; -#endif -#ifndef OPENSSL_NO_EC - case EVP_PKEY_EC: - if (ctx->params->data_type == OSSL_PARAM_OCTET_STRING) { - const EC_KEY *eckey = EVP_PKEY_get0_EC_KEY(pkey); - BN_CTX *bnctx = BN_CTX_new_ex(ossl_ec_key_get_libctx(eckey)); - const EC_GROUP *ecg = EC_KEY_get0_group(eckey); - const EC_POINT *point = EC_KEY_get0_public_key(eckey); - - if (bnctx == NULL) - return 0; - ctx->sz = EC_POINT_point2buf(ecg, point, - POINT_CONVERSION_COMPRESSED, - &buf, bnctx); - ctx->p2 = buf; - BN_CTX_free(bnctx); - break; - } - return 0; -#endif - default: - ERR_raise(ERR_LIB_EVP, EVP_R_UNSUPPORTED_KEY_TYPE); - return 0; - } - - ret = default_fixup_args(state, translation, ctx); - OPENSSL_free(buf); - return ret; -} - -static int get_payload_bn(enum state state, - const struct translation_st *translation, - struct translation_ctx_st *ctx, const BIGNUM *bn) -{ - if (bn == NULL) - return 0; - if (ctx->params->data_type != OSSL_PARAM_UNSIGNED_INTEGER) - return 0; - ctx->p2 = (BIGNUM *)bn; - - return default_fixup_args(state, translation, ctx); -} - -static int get_dh_dsa_payload_p(enum state state, - const struct translation_st *translation, - struct translation_ctx_st *ctx) -{ - const BIGNUM *bn = NULL; - EVP_PKEY *pkey = ctx->p2; - - switch (EVP_PKEY_get_base_id(pkey)) { -#ifndef OPENSSL_NO_DH - case EVP_PKEY_DH: - bn = DH_get0_p(EVP_PKEY_get0_DH(pkey)); - break; -#endif -#ifndef OPENSSL_NO_DSA - case EVP_PKEY_DSA: - bn = DSA_get0_p(EVP_PKEY_get0_DSA(pkey)); - break; -#endif - default: - ERR_raise(ERR_LIB_EVP, EVP_R_UNSUPPORTED_KEY_TYPE); - } - - return get_payload_bn(state, translation, ctx, bn); -} - -static int get_dh_dsa_payload_q(enum state state, - const struct translation_st *translation, - struct translation_ctx_st *ctx) -{ - const BIGNUM *bn = NULL; - - switch (EVP_PKEY_get_base_id(ctx->p2)) { -#ifndef OPENSSL_NO_DH - case EVP_PKEY_DH: - bn = DH_get0_q(EVP_PKEY_get0_DH(ctx->p2)); - break; -#endif -#ifndef OPENSSL_NO_DSA - case EVP_PKEY_DSA: - bn = DSA_get0_q(EVP_PKEY_get0_DSA(ctx->p2)); - break; -#endif - } - - return get_payload_bn(state, translation, ctx, bn); -} - -static int get_dh_dsa_payload_g(enum state state, - const struct translation_st *translation, - struct translation_ctx_st *ctx) -{ - const BIGNUM *bn = NULL; - - switch (EVP_PKEY_get_base_id(ctx->p2)) { -#ifndef OPENSSL_NO_DH - case EVP_PKEY_DH: - bn = DH_get0_g(EVP_PKEY_get0_DH(ctx->p2)); - break; -#endif -#ifndef OPENSSL_NO_DSA - case EVP_PKEY_DSA: - bn = DSA_get0_g(EVP_PKEY_get0_DSA(ctx->p2)); - break; -#endif - } - - return get_payload_bn(state, translation, ctx, bn); -} - -static int get_payload_int(enum state state, - const struct translation_st *translation, - struct translation_ctx_st *ctx, - const int val) -{ - if (ctx->params->data_type != OSSL_PARAM_INTEGER) - return 0; - ctx->p1 = val; - ctx->p2 = NULL; - - return default_fixup_args(state, translation, ctx); -} - -static int get_ec_decoded_from_explicit_params(enum state state, - const struct translation_st *translation, - struct translation_ctx_st *ctx) -{ - int val = 0; - EVP_PKEY *pkey = ctx->p2; - - switch (EVP_PKEY_base_id(pkey)) { -#ifndef OPENSSL_NO_EC - case EVP_PKEY_EC: - val = EC_KEY_decoded_from_explicit_params(EVP_PKEY_get0_EC_KEY(pkey)); - if (val < 0) { - ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_KEY); - return 0; - } - break; -#endif - default: - ERR_raise(ERR_LIB_EVP, EVP_R_UNSUPPORTED_KEY_TYPE); - return 0; - } - - return get_payload_int(state, translation, ctx, val); -} - -static int get_rsa_payload_n(enum state state, - const struct translation_st *translation, - struct translation_ctx_st *ctx) -{ - const BIGNUM *bn = NULL; - - if (EVP_PKEY_get_base_id(ctx->p2) != EVP_PKEY_RSA) - return 0; - bn = RSA_get0_n(EVP_PKEY_get0_RSA(ctx->p2)); - - return get_payload_bn(state, translation, ctx, bn); -} - -static int get_rsa_payload_e(enum state state, - const struct translation_st *translation, - struct translation_ctx_st *ctx) -{ - const BIGNUM *bn = NULL; - - if (EVP_PKEY_get_base_id(ctx->p2) != EVP_PKEY_RSA) - return 0; - bn = RSA_get0_e(EVP_PKEY_get0_RSA(ctx->p2)); - - return get_payload_bn(state, translation, ctx, bn); -} - -static int get_rsa_payload_d(enum state state, - const struct translation_st *translation, - struct translation_ctx_st *ctx) -{ - const BIGNUM *bn = NULL; - - if (EVP_PKEY_get_base_id(ctx->p2) != EVP_PKEY_RSA) - return 0; - bn = RSA_get0_d(EVP_PKEY_get0_RSA(ctx->p2)); - - return get_payload_bn(state, translation, ctx, bn); -} - -static int get_rsa_payload_factor(enum state state, - const struct translation_st *translation, - struct translation_ctx_st *ctx, - size_t factornum) -{ - const RSA *r = EVP_PKEY_get0_RSA(ctx->p2); - const BIGNUM *bn = NULL; - - switch (factornum) { - case 0: - bn = RSA_get0_p(r); - break; - case 1: - bn = RSA_get0_q(r); - break; - default: - { - size_t pnum = RSA_get_multi_prime_extra_count(r); - const BIGNUM *factors[10]; - - if (factornum - 2 < pnum - && RSA_get0_multi_prime_factors(r, factors)) - bn = factors[factornum - 2]; - } - break; - } - - return get_payload_bn(state, translation, ctx, bn); -} - -static int get_rsa_payload_exponent(enum state state, - const struct translation_st *translation, - struct translation_ctx_st *ctx, - size_t exponentnum) -{ - const RSA *r = EVP_PKEY_get0_RSA(ctx->p2); - const BIGNUM *bn = NULL; - - switch (exponentnum) { - case 0: - bn = RSA_get0_dmp1(r); - break; - case 1: - bn = RSA_get0_dmq1(r); - break; - default: - { - size_t pnum = RSA_get_multi_prime_extra_count(r); - const BIGNUM *exps[10], *coeffs[10]; - - if (exponentnum - 2 < pnum - && RSA_get0_multi_prime_crt_params(r, exps, coeffs)) - bn = exps[exponentnum - 2]; - } - break; - } - - return get_payload_bn(state, translation, ctx, bn); -} - -static int get_rsa_payload_coefficient(enum state state, - const struct translation_st *translation, - struct translation_ctx_st *ctx, - size_t coefficientnum) -{ - const RSA *r = EVP_PKEY_get0_RSA(ctx->p2); - const BIGNUM *bn = NULL; - - switch (coefficientnum) { - case 0: - bn = RSA_get0_iqmp(r); - break; - default: - { - size_t pnum = RSA_get_multi_prime_extra_count(r); - const BIGNUM *exps[10], *coeffs[10]; - - if (coefficientnum - 1 < pnum - && RSA_get0_multi_prime_crt_params(r, exps, coeffs)) - bn = coeffs[coefficientnum - 1]; - } - break; - } - - return get_payload_bn(state, translation, ctx, bn); -} - -#define IMPL_GET_RSA_PAYLOAD_FACTOR(n) \ - static int \ - get_rsa_payload_f##n(enum state state, \ - const struct translation_st *translation, \ - struct translation_ctx_st *ctx) \ - { \ - if (EVP_PKEY_get_base_id(ctx->p2) != EVP_PKEY_RSA) \ - return 0; \ - return get_rsa_payload_factor(state, translation, ctx, n - 1); \ - } - -#define IMPL_GET_RSA_PAYLOAD_EXPONENT(n) \ - static int \ - get_rsa_payload_e##n(enum state state, \ - const struct translation_st *translation, \ - struct translation_ctx_st *ctx) \ - { \ - if (EVP_PKEY_get_base_id(ctx->p2) != EVP_PKEY_RSA) \ - return 0; \ - return get_rsa_payload_exponent(state, translation, ctx, \ - n - 1); \ - } - -#define IMPL_GET_RSA_PAYLOAD_COEFFICIENT(n) \ - static int \ - get_rsa_payload_c##n(enum state state, \ - const struct translation_st *translation, \ - struct translation_ctx_st *ctx) \ - { \ - if (EVP_PKEY_get_base_id(ctx->p2) != EVP_PKEY_RSA) \ - return 0; \ - return get_rsa_payload_coefficient(state, translation, ctx, \ - n - 1); \ - } - -IMPL_GET_RSA_PAYLOAD_FACTOR(1) -IMPL_GET_RSA_PAYLOAD_FACTOR(2) -IMPL_GET_RSA_PAYLOAD_FACTOR(3) -IMPL_GET_RSA_PAYLOAD_FACTOR(4) -IMPL_GET_RSA_PAYLOAD_FACTOR(5) -IMPL_GET_RSA_PAYLOAD_FACTOR(6) -IMPL_GET_RSA_PAYLOAD_FACTOR(7) -IMPL_GET_RSA_PAYLOAD_FACTOR(8) -IMPL_GET_RSA_PAYLOAD_FACTOR(9) -IMPL_GET_RSA_PAYLOAD_FACTOR(10) -IMPL_GET_RSA_PAYLOAD_EXPONENT(1) -IMPL_GET_RSA_PAYLOAD_EXPONENT(2) -IMPL_GET_RSA_PAYLOAD_EXPONENT(3) -IMPL_GET_RSA_PAYLOAD_EXPONENT(4) -IMPL_GET_RSA_PAYLOAD_EXPONENT(5) -IMPL_GET_RSA_PAYLOAD_EXPONENT(6) -IMPL_GET_RSA_PAYLOAD_EXPONENT(7) -IMPL_GET_RSA_PAYLOAD_EXPONENT(8) -IMPL_GET_RSA_PAYLOAD_EXPONENT(9) -IMPL_GET_RSA_PAYLOAD_EXPONENT(10) -IMPL_GET_RSA_PAYLOAD_COEFFICIENT(1) -IMPL_GET_RSA_PAYLOAD_COEFFICIENT(2) -IMPL_GET_RSA_PAYLOAD_COEFFICIENT(3) -IMPL_GET_RSA_PAYLOAD_COEFFICIENT(4) -IMPL_GET_RSA_PAYLOAD_COEFFICIENT(5) -IMPL_GET_RSA_PAYLOAD_COEFFICIENT(6) -IMPL_GET_RSA_PAYLOAD_COEFFICIENT(7) -IMPL_GET_RSA_PAYLOAD_COEFFICIENT(8) -IMPL_GET_RSA_PAYLOAD_COEFFICIENT(9) - -static int fix_group_ecx(enum state state, - const struct translation_st *translation, - struct translation_ctx_st *ctx) -{ - const char *value = NULL; - - switch (state) { - case PRE_PARAMS_TO_CTRL: - if (!EVP_PKEY_CTX_IS_GEN_OP(ctx->pctx)) - return 0; - ctx->action_type = NONE; - return 1; - case POST_PARAMS_TO_CTRL: - if (OSSL_PARAM_get_utf8_string_ptr(ctx->params, &value) == 0 || - OPENSSL_strcasecmp(ctx->pctx->keytype, value) != 0) { - ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_INVALID_ARGUMENT); - ctx->p1 = 0; - return 0; - } - ctx->p1 = 1; - return 1; - default: - return 0; - } -} - -/*- - * The translation table itself - * ============================ - */ - -static const struct translation_st evp_pkey_ctx_translations[] = { - /* - * DistID: we pass it to the backend as an octet string, - * but get it back as a pointer to an octet string. - * - * Note that the EVP_PKEY_CTRL_GET1_ID_LEN is purely for legacy purposes - * that has no separate counterpart in OSSL_PARAM terms, since we get - * the length of the DistID automatically when getting the DistID itself. - */ - { SET, -1, -1, EVP_PKEY_OP_TYPE_SIG, - EVP_PKEY_CTRL_SET1_ID, "distid", "hexdistid", - OSSL_PKEY_PARAM_DIST_ID, OSSL_PARAM_OCTET_STRING, NULL }, - { GET, -1, -1, -1, - EVP_PKEY_CTRL_GET1_ID, "distid", "hexdistid", - OSSL_PKEY_PARAM_DIST_ID, OSSL_PARAM_OCTET_PTR, NULL }, - { GET, -1, -1, -1, - EVP_PKEY_CTRL_GET1_ID_LEN, NULL, NULL, - OSSL_PKEY_PARAM_DIST_ID, OSSL_PARAM_OCTET_PTR, fix_distid_len }, - - /*- - * DH & DHX - * ======== - */ - - /* - * EVP_PKEY_CTRL_DH_KDF_TYPE is used both for setting and getting. The - * fixup function has to handle this... - */ - { NONE, EVP_PKEY_DHX, 0, EVP_PKEY_OP_DERIVE, - EVP_PKEY_CTRL_DH_KDF_TYPE, NULL, NULL, - OSSL_EXCHANGE_PARAM_KDF_TYPE, OSSL_PARAM_UTF8_STRING, - fix_dh_kdf_type }, - { SET, EVP_PKEY_DHX, 0, EVP_PKEY_OP_DERIVE, - EVP_PKEY_CTRL_DH_KDF_MD, NULL, NULL, - OSSL_EXCHANGE_PARAM_KDF_DIGEST, OSSL_PARAM_UTF8_STRING, fix_md }, - { GET, EVP_PKEY_DHX, 0, EVP_PKEY_OP_DERIVE, - EVP_PKEY_CTRL_GET_DH_KDF_MD, NULL, NULL, - OSSL_EXCHANGE_PARAM_KDF_DIGEST, OSSL_PARAM_UTF8_STRING, fix_md }, - { SET, EVP_PKEY_DHX, 0, EVP_PKEY_OP_DERIVE, - EVP_PKEY_CTRL_DH_KDF_OUTLEN, NULL, NULL, - OSSL_EXCHANGE_PARAM_KDF_OUTLEN, OSSL_PARAM_UNSIGNED_INTEGER, NULL }, - { GET, EVP_PKEY_DHX, 0, EVP_PKEY_OP_DERIVE, - EVP_PKEY_CTRL_GET_DH_KDF_OUTLEN, NULL, NULL, - OSSL_EXCHANGE_PARAM_KDF_OUTLEN, OSSL_PARAM_UNSIGNED_INTEGER, NULL }, - { SET, EVP_PKEY_DHX, 0, EVP_PKEY_OP_DERIVE, - EVP_PKEY_CTRL_DH_KDF_UKM, NULL, NULL, - OSSL_EXCHANGE_PARAM_KDF_UKM, OSSL_PARAM_OCTET_STRING, NULL }, - { GET, EVP_PKEY_DHX, 0, EVP_PKEY_OP_DERIVE, - EVP_PKEY_CTRL_GET_DH_KDF_UKM, NULL, NULL, - OSSL_EXCHANGE_PARAM_KDF_UKM, OSSL_PARAM_OCTET_PTR, NULL }, - { SET, EVP_PKEY_DHX, 0, EVP_PKEY_OP_DERIVE, - EVP_PKEY_CTRL_DH_KDF_OID, NULL, NULL, - OSSL_KDF_PARAM_CEK_ALG, OSSL_PARAM_UTF8_STRING, fix_oid }, - { GET, EVP_PKEY_DHX, 0, EVP_PKEY_OP_DERIVE, - EVP_PKEY_CTRL_GET_DH_KDF_OID, NULL, NULL, - OSSL_KDF_PARAM_CEK_ALG, OSSL_PARAM_UTF8_STRING, fix_oid }, - - /* DHX Keygen Parameters that are shared with DH */ - { SET, EVP_PKEY_DHX, 0, EVP_PKEY_OP_PARAMGEN, - EVP_PKEY_CTRL_DH_PARAMGEN_TYPE, "dh_paramgen_type", NULL, - OSSL_PKEY_PARAM_FFC_TYPE, OSSL_PARAM_UTF8_STRING, fix_dh_paramgen_type }, - { SET, EVP_PKEY_DHX, 0, EVP_PKEY_OP_PARAMGEN, - EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN, "dh_paramgen_prime_len", NULL, - OSSL_PKEY_PARAM_FFC_PBITS, OSSL_PARAM_UNSIGNED_INTEGER, NULL }, - { SET, EVP_PKEY_DHX, 0, EVP_PKEY_OP_PARAMGEN | EVP_PKEY_OP_KEYGEN, - EVP_PKEY_CTRL_DH_NID, "dh_param", NULL, - OSSL_PKEY_PARAM_GROUP_NAME, OSSL_PARAM_UTF8_STRING, NULL }, - { SET, EVP_PKEY_DHX, 0, EVP_PKEY_OP_PARAMGEN | EVP_PKEY_OP_KEYGEN, - EVP_PKEY_CTRL_DH_RFC5114, "dh_rfc5114", NULL, - OSSL_PKEY_PARAM_GROUP_NAME, OSSL_PARAM_UTF8_STRING, fix_dh_nid5114 }, - - /* DH Keygen Parameters that are shared with DHX */ - { SET, EVP_PKEY_DH, 0, EVP_PKEY_OP_PARAMGEN, - EVP_PKEY_CTRL_DH_PARAMGEN_TYPE, "dh_paramgen_type", NULL, - OSSL_PKEY_PARAM_FFC_TYPE, OSSL_PARAM_UTF8_STRING, fix_dh_paramgen_type }, - { SET, EVP_PKEY_DH, 0, EVP_PKEY_OP_PARAMGEN, - EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN, "dh_paramgen_prime_len", NULL, - OSSL_PKEY_PARAM_FFC_PBITS, OSSL_PARAM_UNSIGNED_INTEGER, NULL }, - { SET, EVP_PKEY_DH, 0, EVP_PKEY_OP_PARAMGEN | EVP_PKEY_OP_KEYGEN, - EVP_PKEY_CTRL_DH_NID, "dh_param", NULL, - OSSL_PKEY_PARAM_GROUP_NAME, OSSL_PARAM_UTF8_STRING, fix_dh_nid }, - { SET, EVP_PKEY_DH, 0, EVP_PKEY_OP_PARAMGEN | EVP_PKEY_OP_KEYGEN, - EVP_PKEY_CTRL_DH_RFC5114, "dh_rfc5114", NULL, - OSSL_PKEY_PARAM_GROUP_NAME, OSSL_PARAM_UTF8_STRING, fix_dh_nid5114 }, - - /* DH specific Keygen Parameters */ - { SET, EVP_PKEY_DH, 0, EVP_PKEY_OP_PARAMGEN, - EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR, "dh_paramgen_generator", NULL, - OSSL_PKEY_PARAM_DH_GENERATOR, OSSL_PARAM_INTEGER, NULL }, - - /* DHX specific Keygen Parameters */ - { SET, EVP_PKEY_DHX, 0, EVP_PKEY_OP_PARAMGEN, - EVP_PKEY_CTRL_DH_PARAMGEN_SUBPRIME_LEN, "dh_paramgen_subprime_len", NULL, - OSSL_PKEY_PARAM_FFC_QBITS, OSSL_PARAM_UNSIGNED_INTEGER, NULL }, - - { SET, EVP_PKEY_DH, 0, EVP_PKEY_OP_DERIVE, - EVP_PKEY_CTRL_DH_PAD, "dh_pad", NULL, - OSSL_EXCHANGE_PARAM_PAD, OSSL_PARAM_UNSIGNED_INTEGER, NULL }, - - /*- - * DSA - * === - */ - { SET, EVP_PKEY_DSA, 0, EVP_PKEY_OP_PARAMGEN, - EVP_PKEY_CTRL_DSA_PARAMGEN_BITS, "dsa_paramgen_bits", NULL, - OSSL_PKEY_PARAM_FFC_PBITS, OSSL_PARAM_UNSIGNED_INTEGER, NULL }, - { SET, EVP_PKEY_DSA, 0, EVP_PKEY_OP_PARAMGEN, - EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS, "dsa_paramgen_q_bits", NULL, - OSSL_PKEY_PARAM_FFC_QBITS, OSSL_PARAM_UNSIGNED_INTEGER, NULL }, - { SET, EVP_PKEY_DSA, 0, EVP_PKEY_OP_PARAMGEN, - EVP_PKEY_CTRL_DSA_PARAMGEN_MD, "dsa_paramgen_md", NULL, - OSSL_PKEY_PARAM_FFC_DIGEST, OSSL_PARAM_UTF8_STRING, fix_md }, - - /*- - * EC - * == - */ - { SET, EVP_PKEY_EC, 0, EVP_PKEY_OP_PARAMGEN | EVP_PKEY_OP_KEYGEN, - EVP_PKEY_CTRL_EC_PARAM_ENC, "ec_param_enc", NULL, - OSSL_PKEY_PARAM_EC_ENCODING, OSSL_PARAM_UTF8_STRING, fix_ec_param_enc }, - { SET, EVP_PKEY_EC, 0, EVP_PKEY_OP_PARAMGEN | EVP_PKEY_OP_KEYGEN, - EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID, "ec_paramgen_curve", NULL, - OSSL_PKEY_PARAM_GROUP_NAME, OSSL_PARAM_UTF8_STRING, - fix_ec_paramgen_curve_nid }, - /* - * EVP_PKEY_CTRL_EC_ECDH_COFACTOR and EVP_PKEY_CTRL_EC_KDF_TYPE are used - * both for setting and getting. The fixup function has to handle this... - */ - { NONE, EVP_PKEY_EC, 0, EVP_PKEY_OP_DERIVE, - EVP_PKEY_CTRL_EC_ECDH_COFACTOR, "ecdh_cofactor_mode", NULL, - OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE, OSSL_PARAM_INTEGER, - fix_ecdh_cofactor }, - { NONE, EVP_PKEY_EC, 0, EVP_PKEY_OP_DERIVE, - EVP_PKEY_CTRL_EC_KDF_TYPE, NULL, NULL, - OSSL_EXCHANGE_PARAM_KDF_TYPE, OSSL_PARAM_UTF8_STRING, fix_ec_kdf_type }, - { SET, EVP_PKEY_EC, 0, EVP_PKEY_OP_DERIVE, - EVP_PKEY_CTRL_EC_KDF_MD, "ecdh_kdf_md", NULL, - OSSL_EXCHANGE_PARAM_KDF_DIGEST, OSSL_PARAM_UTF8_STRING, fix_md }, - { GET, EVP_PKEY_EC, 0, EVP_PKEY_OP_DERIVE, - EVP_PKEY_CTRL_GET_EC_KDF_MD, NULL, NULL, - OSSL_EXCHANGE_PARAM_KDF_DIGEST, OSSL_PARAM_UTF8_STRING, fix_md }, - { SET, EVP_PKEY_EC, 0, EVP_PKEY_OP_DERIVE, - EVP_PKEY_CTRL_EC_KDF_OUTLEN, NULL, NULL, - OSSL_EXCHANGE_PARAM_KDF_OUTLEN, OSSL_PARAM_UNSIGNED_INTEGER, NULL }, - { GET, EVP_PKEY_EC, 0, EVP_PKEY_OP_DERIVE, - EVP_PKEY_CTRL_GET_EC_KDF_OUTLEN, NULL, NULL, - OSSL_EXCHANGE_PARAM_KDF_OUTLEN, OSSL_PARAM_UNSIGNED_INTEGER, NULL }, - { SET, EVP_PKEY_EC, 0, EVP_PKEY_OP_DERIVE, - EVP_PKEY_CTRL_EC_KDF_UKM, NULL, NULL, - OSSL_EXCHANGE_PARAM_KDF_UKM, OSSL_PARAM_OCTET_STRING, NULL }, - { GET, EVP_PKEY_EC, 0, EVP_PKEY_OP_DERIVE, - EVP_PKEY_CTRL_GET_EC_KDF_UKM, NULL, NULL, - OSSL_EXCHANGE_PARAM_KDF_UKM, OSSL_PARAM_OCTET_PTR, NULL }, - - /*- - * RSA - * === - */ - - /* - * RSA padding modes are numeric with ctrls, strings with ctrl_strs, - * and can be both with OSSL_PARAM. We standardise on strings here, - * fix_rsa_padding_mode() does the work when the caller has a different - * idea. - */ - { SET, EVP_PKEY_RSA, EVP_PKEY_RSA_PSS, - EVP_PKEY_OP_TYPE_CRYPT | EVP_PKEY_OP_TYPE_SIG, - EVP_PKEY_CTRL_RSA_PADDING, "rsa_padding_mode", NULL, - OSSL_PKEY_PARAM_PAD_MODE, OSSL_PARAM_UTF8_STRING, fix_rsa_padding_mode }, - { GET, EVP_PKEY_RSA, EVP_PKEY_RSA_PSS, - EVP_PKEY_OP_TYPE_CRYPT | EVP_PKEY_OP_TYPE_SIG, - EVP_PKEY_CTRL_GET_RSA_PADDING, NULL, NULL, - OSSL_PKEY_PARAM_PAD_MODE, OSSL_PARAM_UTF8_STRING, fix_rsa_padding_mode }, - - { SET, EVP_PKEY_RSA, EVP_PKEY_RSA_PSS, - EVP_PKEY_OP_TYPE_CRYPT | EVP_PKEY_OP_TYPE_SIG, - EVP_PKEY_CTRL_RSA_MGF1_MD, "rsa_mgf1_md", NULL, - OSSL_PKEY_PARAM_MGF1_DIGEST, OSSL_PARAM_UTF8_STRING, fix_md }, - { GET, EVP_PKEY_RSA, EVP_PKEY_RSA_PSS, - EVP_PKEY_OP_TYPE_CRYPT | EVP_PKEY_OP_TYPE_SIG, - EVP_PKEY_CTRL_GET_RSA_MGF1_MD, NULL, NULL, - OSSL_PKEY_PARAM_MGF1_DIGEST, OSSL_PARAM_UTF8_STRING, fix_md }, - - /* - * RSA-PSS saltlen is essentially numeric, but certain values can be - * expressed as keywords (strings) with ctrl_str. The corresponding - * OSSL_PARAM allows both forms. - * fix_rsa_pss_saltlen() takes care of the distinction. - */ - { SET, EVP_PKEY_RSA, EVP_PKEY_RSA_PSS, EVP_PKEY_OP_TYPE_SIG, - EVP_PKEY_CTRL_RSA_PSS_SALTLEN, "rsa_pss_saltlen", NULL, - OSSL_PKEY_PARAM_RSA_PSS_SALTLEN, OSSL_PARAM_UTF8_STRING, - fix_rsa_pss_saltlen }, - { GET, EVP_PKEY_RSA, EVP_PKEY_RSA_PSS, EVP_PKEY_OP_TYPE_SIG, - EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN, NULL, NULL, - OSSL_PKEY_PARAM_RSA_PSS_SALTLEN, OSSL_PARAM_UTF8_STRING, - fix_rsa_pss_saltlen }, - - { SET, EVP_PKEY_RSA, 0, EVP_PKEY_OP_TYPE_CRYPT, - EVP_PKEY_CTRL_RSA_OAEP_MD, "rsa_oaep_md", NULL, - OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST, OSSL_PARAM_UTF8_STRING, fix_md }, - { GET, EVP_PKEY_RSA, 0, EVP_PKEY_OP_TYPE_CRYPT, - EVP_PKEY_CTRL_GET_RSA_OAEP_MD, NULL, NULL, - OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST, OSSL_PARAM_UTF8_STRING, fix_md }, - /* - * The "rsa_oaep_label" ctrl_str expects the value to always be hex. - * This is accomodated by default_fixup_args() above, which mimics that - * expectation for any translation item where |ctrl_str| is NULL and - * |ctrl_hexstr| is non-NULL. - */ - { SET, EVP_PKEY_RSA, 0, EVP_PKEY_OP_TYPE_CRYPT, - EVP_PKEY_CTRL_RSA_OAEP_LABEL, NULL, "rsa_oaep_label", - OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL, OSSL_PARAM_OCTET_STRING, NULL }, - { GET, EVP_PKEY_RSA, 0, EVP_PKEY_OP_TYPE_CRYPT, - EVP_PKEY_CTRL_GET_RSA_OAEP_LABEL, NULL, NULL, - OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL, OSSL_PARAM_OCTET_STRING, NULL }, - - { SET, EVP_PKEY_RSA_PSS, 0, EVP_PKEY_OP_TYPE_GEN, - EVP_PKEY_CTRL_MD, "rsa_pss_keygen_md", NULL, - OSSL_ALG_PARAM_DIGEST, OSSL_PARAM_UTF8_STRING, fix_md }, - { SET, EVP_PKEY_RSA_PSS, 0, EVP_PKEY_OP_TYPE_GEN, - EVP_PKEY_CTRL_RSA_MGF1_MD, "rsa_pss_keygen_mgf1_md", NULL, - OSSL_PKEY_PARAM_MGF1_DIGEST, OSSL_PARAM_UTF8_STRING, fix_md }, - { SET, EVP_PKEY_RSA_PSS, 0, EVP_PKEY_OP_TYPE_GEN, - EVP_PKEY_CTRL_RSA_PSS_SALTLEN, "rsa_pss_keygen_saltlen", NULL, - OSSL_SIGNATURE_PARAM_PSS_SALTLEN, OSSL_PARAM_INTEGER, NULL }, - { SET, EVP_PKEY_RSA, EVP_PKEY_RSA_PSS, EVP_PKEY_OP_KEYGEN, - EVP_PKEY_CTRL_RSA_KEYGEN_BITS, "rsa_keygen_bits", NULL, - OSSL_PKEY_PARAM_RSA_BITS, OSSL_PARAM_UNSIGNED_INTEGER, NULL }, - { SET, EVP_PKEY_RSA, 0, EVP_PKEY_OP_KEYGEN, - EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP, "rsa_keygen_pubexp", NULL, - OSSL_PKEY_PARAM_RSA_E, OSSL_PARAM_UNSIGNED_INTEGER, NULL }, - { SET, EVP_PKEY_RSA, 0, EVP_PKEY_OP_KEYGEN, - EVP_PKEY_CTRL_RSA_KEYGEN_PRIMES, "rsa_keygen_primes", NULL, - OSSL_PKEY_PARAM_RSA_PRIMES, OSSL_PARAM_UNSIGNED_INTEGER, NULL }, - - /*- - * SipHash - * ====== - */ - { SET, -1, -1, EVP_PKEY_OP_TYPE_SIG, - EVP_PKEY_CTRL_SET_DIGEST_SIZE, "digestsize", NULL, - OSSL_MAC_PARAM_SIZE, OSSL_PARAM_UNSIGNED_INTEGER, NULL }, - - /*- - * TLS1-PRF - * ======== - */ - { SET, -1, -1, EVP_PKEY_OP_DERIVE, - EVP_PKEY_CTRL_TLS_MD, "md", NULL, - OSSL_KDF_PARAM_DIGEST, OSSL_PARAM_UTF8_STRING, fix_md }, - { SET, -1, -1, EVP_PKEY_OP_DERIVE, - EVP_PKEY_CTRL_TLS_SECRET, "secret", "hexsecret", - OSSL_KDF_PARAM_SECRET, OSSL_PARAM_OCTET_STRING, NULL }, - { SET, -1, -1, EVP_PKEY_OP_DERIVE, - EVP_PKEY_CTRL_TLS_SEED, "seed", "hexseed", - OSSL_KDF_PARAM_SEED, OSSL_PARAM_OCTET_STRING, NULL }, - - /*- - * HKDF - * ==== - */ - { SET, -1, -1, EVP_PKEY_OP_DERIVE, - EVP_PKEY_CTRL_HKDF_MD, "md", NULL, - OSSL_KDF_PARAM_DIGEST, OSSL_PARAM_UTF8_STRING, fix_md }, - { SET, -1, -1, EVP_PKEY_OP_DERIVE, - EVP_PKEY_CTRL_HKDF_SALT, "salt", "hexsalt", - OSSL_KDF_PARAM_SALT, OSSL_PARAM_OCTET_STRING, NULL }, - { SET, -1, -1, EVP_PKEY_OP_DERIVE, - EVP_PKEY_CTRL_HKDF_KEY, "key", "hexkey", - OSSL_KDF_PARAM_KEY, OSSL_PARAM_OCTET_STRING, NULL }, - { SET, -1, -1, EVP_PKEY_OP_DERIVE, - EVP_PKEY_CTRL_HKDF_INFO, "info", "hexinfo", - OSSL_KDF_PARAM_INFO, OSSL_PARAM_OCTET_STRING, NULL }, - { SET, -1, -1, EVP_PKEY_OP_DERIVE, - EVP_PKEY_CTRL_HKDF_MODE, "mode", NULL, - OSSL_KDF_PARAM_MODE, OSSL_PARAM_INTEGER, fix_hkdf_mode }, - - /*- - * Scrypt - * ====== - */ - { SET, -1, -1, EVP_PKEY_OP_DERIVE, - EVP_PKEY_CTRL_PASS, "pass", "hexpass", - OSSL_KDF_PARAM_PASSWORD, OSSL_PARAM_OCTET_STRING, NULL }, - { SET, -1, -1, EVP_PKEY_OP_DERIVE, - EVP_PKEY_CTRL_SCRYPT_SALT, "salt", "hexsalt", - OSSL_KDF_PARAM_SALT, OSSL_PARAM_OCTET_STRING, NULL }, - { SET, -1, -1, EVP_PKEY_OP_DERIVE, - EVP_PKEY_CTRL_SCRYPT_N, "N", NULL, - OSSL_KDF_PARAM_SCRYPT_N, OSSL_PARAM_UNSIGNED_INTEGER, NULL }, - { SET, -1, -1, EVP_PKEY_OP_DERIVE, - EVP_PKEY_CTRL_SCRYPT_R, "r", NULL, - OSSL_KDF_PARAM_SCRYPT_R, OSSL_PARAM_UNSIGNED_INTEGER, NULL }, - { SET, -1, -1, EVP_PKEY_OP_DERIVE, - EVP_PKEY_CTRL_SCRYPT_P, "p", NULL, - OSSL_KDF_PARAM_SCRYPT_P, OSSL_PARAM_UNSIGNED_INTEGER, NULL }, - { SET, -1, -1, EVP_PKEY_OP_DERIVE, - EVP_PKEY_CTRL_SCRYPT_MAXMEM_BYTES, "maxmem_bytes", NULL, - OSSL_KDF_PARAM_SCRYPT_MAXMEM, OSSL_PARAM_UNSIGNED_INTEGER, NULL }, - - { SET, -1, -1, EVP_PKEY_OP_KEYGEN | EVP_PKEY_OP_TYPE_CRYPT, - EVP_PKEY_CTRL_CIPHER, NULL, NULL, - OSSL_PKEY_PARAM_CIPHER, OSSL_PARAM_UTF8_STRING, fix_cipher }, - { SET, -1, -1, EVP_PKEY_OP_KEYGEN, - EVP_PKEY_CTRL_SET_MAC_KEY, "key", "hexkey", - OSSL_PKEY_PARAM_PRIV_KEY, OSSL_PARAM_OCTET_STRING, NULL }, - - { SET, -1, -1, EVP_PKEY_OP_TYPE_SIG, - EVP_PKEY_CTRL_MD, NULL, NULL, - OSSL_SIGNATURE_PARAM_DIGEST, OSSL_PARAM_UTF8_STRING, fix_md }, - { GET, -1, -1, EVP_PKEY_OP_TYPE_SIG, - EVP_PKEY_CTRL_GET_MD, NULL, NULL, - OSSL_SIGNATURE_PARAM_DIGEST, OSSL_PARAM_UTF8_STRING, fix_md }, - - /*- - * ECX - * === - */ - { SET, EVP_PKEY_X25519, EVP_PKEY_X25519, EVP_PKEY_OP_KEYGEN, -1, NULL, NULL, - OSSL_PKEY_PARAM_GROUP_NAME, OSSL_PARAM_UTF8_STRING, fix_group_ecx }, - { SET, EVP_PKEY_X448, EVP_PKEY_X448, EVP_PKEY_OP_KEYGEN, -1, NULL, NULL, - OSSL_PKEY_PARAM_GROUP_NAME, OSSL_PARAM_UTF8_STRING, fix_group_ecx }, -}; - -static const struct translation_st evp_pkey_translations[] = { - /* - * The following contain no ctrls, they are exclusively here to extract - * key payloads from legacy keys, using OSSL_PARAMs, and rely entirely - * on |fixup_args| to pass the actual data. The |fixup_args| should - * expect to get the EVP_PKEY pointer through |ctx->p2|. - */ - - /* DH, DSA & EC */ - { GET, -1, -1, -1, 0, NULL, NULL, - OSSL_PKEY_PARAM_GROUP_NAME, OSSL_PARAM_UTF8_STRING, - get_payload_group_name }, - { GET, -1, -1, -1, 0, NULL, NULL, - OSSL_PKEY_PARAM_PRIV_KEY, OSSL_PARAM_UNSIGNED_INTEGER, - get_payload_private_key }, - { GET, -1, -1, -1, 0, NULL, NULL, - OSSL_PKEY_PARAM_PUB_KEY, - 0 /* no data type, let get_payload_public_key() handle that */, - get_payload_public_key }, - - /* DH and DSA */ - { GET, -1, -1, -1, 0, NULL, NULL, - OSSL_PKEY_PARAM_FFC_P, OSSL_PARAM_UNSIGNED_INTEGER, - get_dh_dsa_payload_p }, - { GET, -1, -1, -1, 0, NULL, NULL, - OSSL_PKEY_PARAM_FFC_G, OSSL_PARAM_UNSIGNED_INTEGER, - get_dh_dsa_payload_g }, - { GET, -1, -1, -1, 0, NULL, NULL, - OSSL_PKEY_PARAM_FFC_Q, OSSL_PARAM_UNSIGNED_INTEGER, - get_dh_dsa_payload_q }, - - /* RSA */ - { GET, -1, -1, -1, 0, NULL, NULL, - OSSL_PKEY_PARAM_RSA_N, OSSL_PARAM_UNSIGNED_INTEGER, - get_rsa_payload_n }, - { GET, -1, -1, -1, 0, NULL, NULL, - OSSL_PKEY_PARAM_RSA_E, OSSL_PARAM_UNSIGNED_INTEGER, - get_rsa_payload_e }, - { GET, -1, -1, -1, 0, NULL, NULL, - OSSL_PKEY_PARAM_RSA_D, OSSL_PARAM_UNSIGNED_INTEGER, - get_rsa_payload_d }, - { GET, -1, -1, -1, 0, NULL, NULL, - OSSL_PKEY_PARAM_RSA_FACTOR1, OSSL_PARAM_UNSIGNED_INTEGER, - get_rsa_payload_f1 }, - { GET, -1, -1, -1, 0, NULL, NULL, - OSSL_PKEY_PARAM_RSA_FACTOR2, OSSL_PARAM_UNSIGNED_INTEGER, - get_rsa_payload_f2 }, - { GET, -1, -1, -1, 0, NULL, NULL, - OSSL_PKEY_PARAM_RSA_FACTOR3, OSSL_PARAM_UNSIGNED_INTEGER, - get_rsa_payload_f3 }, - { GET, -1, -1, -1, 0, NULL, NULL, - OSSL_PKEY_PARAM_RSA_FACTOR4, OSSL_PARAM_UNSIGNED_INTEGER, - get_rsa_payload_f4 }, - { GET, -1, -1, -1, 0, NULL, NULL, - OSSL_PKEY_PARAM_RSA_FACTOR5, OSSL_PARAM_UNSIGNED_INTEGER, - get_rsa_payload_f5 }, - { GET, -1, -1, -1, 0, NULL, NULL, - OSSL_PKEY_PARAM_RSA_FACTOR6, OSSL_PARAM_UNSIGNED_INTEGER, - get_rsa_payload_f6 }, - { GET, -1, -1, -1, 0, NULL, NULL, - OSSL_PKEY_PARAM_RSA_FACTOR7, OSSL_PARAM_UNSIGNED_INTEGER, - get_rsa_payload_f7 }, - { GET, -1, -1, -1, 0, NULL, NULL, - OSSL_PKEY_PARAM_RSA_FACTOR8, OSSL_PARAM_UNSIGNED_INTEGER, - get_rsa_payload_f8 }, - { GET, -1, -1, -1, 0, NULL, NULL, - OSSL_PKEY_PARAM_RSA_FACTOR9, OSSL_PARAM_UNSIGNED_INTEGER, - get_rsa_payload_f9 }, - { GET, -1, -1, -1, 0, NULL, NULL, - OSSL_PKEY_PARAM_RSA_FACTOR10, OSSL_PARAM_UNSIGNED_INTEGER, - get_rsa_payload_f10 }, - { GET, -1, -1, -1, 0, NULL, NULL, - OSSL_PKEY_PARAM_RSA_EXPONENT1, OSSL_PARAM_UNSIGNED_INTEGER, - get_rsa_payload_e1 }, - { GET, -1, -1, -1, 0, NULL, NULL, - OSSL_PKEY_PARAM_RSA_EXPONENT2, OSSL_PARAM_UNSIGNED_INTEGER, - get_rsa_payload_e2 }, - { GET, -1, -1, -1, 0, NULL, NULL, - OSSL_PKEY_PARAM_RSA_EXPONENT3, OSSL_PARAM_UNSIGNED_INTEGER, - get_rsa_payload_e3 }, - { GET, -1, -1, -1, 0, NULL, NULL, - OSSL_PKEY_PARAM_RSA_EXPONENT4, OSSL_PARAM_UNSIGNED_INTEGER, - get_rsa_payload_e4 }, - { GET, -1, -1, -1, 0, NULL, NULL, - OSSL_PKEY_PARAM_RSA_EXPONENT5, OSSL_PARAM_UNSIGNED_INTEGER, - get_rsa_payload_e5 }, - { GET, -1, -1, -1, 0, NULL, NULL, - OSSL_PKEY_PARAM_RSA_EXPONENT6, OSSL_PARAM_UNSIGNED_INTEGER, - get_rsa_payload_e6 }, - { GET, -1, -1, -1, 0, NULL, NULL, - OSSL_PKEY_PARAM_RSA_EXPONENT7, OSSL_PARAM_UNSIGNED_INTEGER, - get_rsa_payload_e7 }, - { GET, -1, -1, -1, 0, NULL, NULL, - OSSL_PKEY_PARAM_RSA_EXPONENT8, OSSL_PARAM_UNSIGNED_INTEGER, - get_rsa_payload_e8 }, - { GET, -1, -1, -1, 0, NULL, NULL, - OSSL_PKEY_PARAM_RSA_EXPONENT9, OSSL_PARAM_UNSIGNED_INTEGER, - get_rsa_payload_e9 }, - { GET, -1, -1, -1, 0, NULL, NULL, - OSSL_PKEY_PARAM_RSA_EXPONENT10, OSSL_PARAM_UNSIGNED_INTEGER, - get_rsa_payload_e10 }, - { GET, -1, -1, -1, 0, NULL, NULL, - OSSL_PKEY_PARAM_RSA_COEFFICIENT1, OSSL_PARAM_UNSIGNED_INTEGER, - get_rsa_payload_c1 }, - { GET, -1, -1, -1, 0, NULL, NULL, - OSSL_PKEY_PARAM_RSA_COEFFICIENT2, OSSL_PARAM_UNSIGNED_INTEGER, - get_rsa_payload_c2 }, - { GET, -1, -1, -1, 0, NULL, NULL, - OSSL_PKEY_PARAM_RSA_COEFFICIENT3, OSSL_PARAM_UNSIGNED_INTEGER, - get_rsa_payload_c3 }, - { GET, -1, -1, -1, 0, NULL, NULL, - OSSL_PKEY_PARAM_RSA_COEFFICIENT4, OSSL_PARAM_UNSIGNED_INTEGER, - get_rsa_payload_c4 }, - { GET, -1, -1, -1, 0, NULL, NULL, - OSSL_PKEY_PARAM_RSA_COEFFICIENT5, OSSL_PARAM_UNSIGNED_INTEGER, - get_rsa_payload_c5 }, - { GET, -1, -1, -1, 0, NULL, NULL, - OSSL_PKEY_PARAM_RSA_COEFFICIENT6, OSSL_PARAM_UNSIGNED_INTEGER, - get_rsa_payload_c6 }, - { GET, -1, -1, -1, 0, NULL, NULL, - OSSL_PKEY_PARAM_RSA_COEFFICIENT7, OSSL_PARAM_UNSIGNED_INTEGER, - get_rsa_payload_c7 }, - { GET, -1, -1, -1, 0, NULL, NULL, - OSSL_PKEY_PARAM_RSA_COEFFICIENT8, OSSL_PARAM_UNSIGNED_INTEGER, - get_rsa_payload_c8 }, - { GET, -1, -1, -1, 0, NULL, NULL, - OSSL_PKEY_PARAM_RSA_COEFFICIENT9, OSSL_PARAM_UNSIGNED_INTEGER, - get_rsa_payload_c9 }, - - /* EC */ - { GET, -1, -1, -1, 0, NULL, NULL, - OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS, OSSL_PARAM_INTEGER, - get_ec_decoded_from_explicit_params }, -}; - -static const struct translation_st * -lookup_translation(struct translation_st *tmpl, - const struct translation_st *translations, - size_t translations_num) -{ - size_t i; - - for (i = 0; i < translations_num; i++) { - const struct translation_st *item = &translations[i]; - - /* - * Sanity check the translation table item. - * - * 1. Either both keytypes are -1, or neither of them are. - * 2. TBA... - */ - if (!ossl_assert((item->keytype1 == -1) == (item->keytype2 == -1))) - continue; - - - /* - * Base search criteria: check that the optype and keytypes match, - * if relevant. All callers must synthesise these bits somehow. - */ - if (item->optype != -1 && (tmpl->optype & item->optype) == 0) - continue; - /* - * This expression is stunningly simple thanks to the sanity check - * above. - */ - if (item->keytype1 != -1 - && tmpl->keytype1 != item->keytype1 - && tmpl->keytype2 != item->keytype2) - continue; - - /* - * Done with the base search criteria, now we check the criteria for - * the individual types of translations: - * ctrl->params, ctrl_str->params, and params->ctrl - */ - if (tmpl->ctrl_num != 0) { - if (tmpl->ctrl_num != item->ctrl_num) - continue; - } else if (tmpl->ctrl_str != NULL) { - const char *ctrl_str = NULL; - const char *ctrl_hexstr = NULL; - - /* - * Search criteria that originates from a ctrl_str is only used - * for setting, never for getting. Therefore, we only look at - * the setter items. - */ - if (item->action_type != NONE - && item->action_type != SET) - continue; - /* - * At least one of the ctrl cmd names must be match the ctrl - * cmd name in the template. - */ - if (item->ctrl_str != NULL - && OPENSSL_strcasecmp(tmpl->ctrl_str, item->ctrl_str) == 0) - ctrl_str = tmpl->ctrl_str; - else if (item->ctrl_hexstr != NULL - && OPENSSL_strcasecmp(tmpl->ctrl_hexstr, - item->ctrl_hexstr) == 0) - ctrl_hexstr = tmpl->ctrl_hexstr; - else - continue; - - /* Modify the template to signal which string matched */ - tmpl->ctrl_str = ctrl_str; - tmpl->ctrl_hexstr = ctrl_hexstr; - } else if (tmpl->param_key != NULL) { - /* - * Search criteria that originates from a OSSL_PARAM setter or - * getter. - * - * Ctrls were fundamentally bidirectional, with only the ctrl - * command macro name implying direction (if you're lucky). - * A few ctrl commands were even taking advantage of the - * bidirectional nature, making the direction depend in the - * value of the numeric argument. - * - * OSSL_PARAM functions are fundamentally different, in that - * setters and getters are separated, so the data direction is - * implied by the function that's used. The same OSSL_PARAM - * key name can therefore be used in both directions. We must - * therefore take the action type into account in this case. - */ - if ((item->action_type != NONE - && tmpl->action_type != item->action_type) - || (item->param_key != NULL - && OPENSSL_strcasecmp(tmpl->param_key, - item->param_key) != 0)) - continue; - } else { - return NULL; - } - - return item; - } - - return NULL; -} - -static const struct translation_st * -lookup_evp_pkey_ctx_translation(struct translation_st *tmpl) -{ - return lookup_translation(tmpl, evp_pkey_ctx_translations, - OSSL_NELEM(evp_pkey_ctx_translations)); -} - -static const struct translation_st * -lookup_evp_pkey_translation(struct translation_st *tmpl) -{ - return lookup_translation(tmpl, evp_pkey_translations, - OSSL_NELEM(evp_pkey_translations)); -} - -/* This must ONLY be called for provider side operations */ -int evp_pkey_ctx_ctrl_to_param(EVP_PKEY_CTX *pctx, - int keytype, int optype, - int cmd, int p1, void *p2) -{ - struct translation_ctx_st ctx = { 0, }; - struct translation_st tmpl = { 0, }; - const struct translation_st *translation = NULL; - OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; - int ret; - fixup_args_fn *fixup = default_fixup_args; - - if (keytype == -1) - keytype = pctx->legacy_keytype; - tmpl.ctrl_num = cmd; - tmpl.keytype1 = tmpl.keytype2 = keytype; - tmpl.optype = optype; - translation = lookup_evp_pkey_ctx_translation(&tmpl); - - if (translation == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED); - return -2; - } - - if (pctx->pmeth != NULL - && pctx->pmeth->pkey_id != translation->keytype1 - && pctx->pmeth->pkey_id != translation->keytype2) - return -1; - - if (translation->fixup_args != NULL) - fixup = translation->fixup_args; - ctx.action_type = translation->action_type; - ctx.ctrl_cmd = cmd; - ctx.p1 = p1; - ctx.p2 = p2; - ctx.pctx = pctx; - ctx.params = params; - - ret = fixup(PRE_CTRL_TO_PARAMS, translation, &ctx); - - if (ret > 0) { - switch (ctx.action_type) { - default: - /* fixup_args is expected to make sure this is dead code */ - break; - case GET: - ret = evp_pkey_ctx_get_params_strict(pctx, ctx.params); - break; - case SET: - ret = evp_pkey_ctx_set_params_strict(pctx, ctx.params); - break; - } - } - - /* - * In POST, we pass the return value as p1, allowing the fixup_args - * function to affect it by changing its value. - */ - if (ret > 0) { - ctx.p1 = ret; - fixup(POST_CTRL_TO_PARAMS, translation, &ctx); - ret = ctx.p1; - } - - cleanup_translation_ctx(POST_CTRL_TO_PARAMS, translation, &ctx); - - return ret; -} - -/* This must ONLY be called for provider side operations */ -int evp_pkey_ctx_ctrl_str_to_param(EVP_PKEY_CTX *pctx, - const char *name, const char *value) -{ - struct translation_ctx_st ctx = { 0, }; - struct translation_st tmpl = { 0, }; - const struct translation_st *translation = NULL; - OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; - int keytype = pctx->legacy_keytype; - int optype = pctx->operation == 0 ? -1 : pctx->operation; - int ret; - fixup_args_fn *fixup = default_fixup_args; - - tmpl.action_type = SET; - tmpl.keytype1 = tmpl.keytype2 = keytype; - tmpl.optype = optype; - tmpl.ctrl_str = name; - tmpl.ctrl_hexstr = name; - translation = lookup_evp_pkey_ctx_translation(&tmpl); - - if (translation != NULL) { - if (translation->fixup_args != NULL) - fixup = translation->fixup_args; - ctx.action_type = translation->action_type; - ctx.ishex = (tmpl.ctrl_hexstr != NULL); - } else { - /* String controls really only support setting */ - ctx.action_type = SET; - } - ctx.ctrl_str = name; - ctx.p1 = (int)strlen(value); - ctx.p2 = (char *)value; - ctx.pctx = pctx; - ctx.params = params; - - ret = fixup(PRE_CTRL_STR_TO_PARAMS, translation, &ctx); - - if (ret > 0) { - switch (ctx.action_type) { - default: - /* fixup_args is expected to make sure this is dead code */ - break; - case GET: - /* - * this is dead code, but must be present, or some compilers - * will complain - */ - break; - case SET: - ret = evp_pkey_ctx_set_params_strict(pctx, ctx.params); - break; - } - } - - if (ret > 0) - ret = fixup(POST_CTRL_STR_TO_PARAMS, translation, &ctx); - - cleanup_translation_ctx(CLEANUP_CTRL_STR_TO_PARAMS, translation, &ctx); - - return ret; -} - -/* This must ONLY be called for legacy operations */ -static int evp_pkey_ctx_setget_params_to_ctrl(EVP_PKEY_CTX *pctx, - enum action action_type, - OSSL_PARAM *params) -{ - int keytype = pctx->legacy_keytype; - int optype = pctx->operation == 0 ? -1 : pctx->operation; - - for (; params != NULL && params->key != NULL; params++) { - struct translation_ctx_st ctx = { 0, }; - struct translation_st tmpl = { 0, }; - const struct translation_st *translation = NULL; - fixup_args_fn *fixup = default_fixup_args; - int ret; - - tmpl.action_type = action_type; - tmpl.keytype1 = tmpl.keytype2 = keytype; - tmpl.optype = optype; - tmpl.param_key = params->key; - translation = lookup_evp_pkey_ctx_translation(&tmpl); - - if (translation != NULL) { - if (translation->fixup_args != NULL) - fixup = translation->fixup_args; - ctx.action_type = translation->action_type; - } - ctx.pctx = pctx; - ctx.params = params; - - ret = fixup(PRE_PARAMS_TO_CTRL, translation, &ctx); - - if (ret > 0 && ctx.action_type != NONE) - ret = EVP_PKEY_CTX_ctrl(pctx, keytype, optype, - ctx.ctrl_cmd, ctx.p1, ctx.p2); - - /* - * In POST, we pass the return value as p1, allowing the fixup_args - * function to put it to good use, or maybe affect it. - */ - if (ret > 0) { - ctx.p1 = ret; - fixup(POST_PARAMS_TO_CTRL, translation, &ctx); - ret = ctx.p1; - } - - cleanup_translation_ctx(CLEANUP_PARAMS_TO_CTRL, translation, &ctx); - - if (ret <= 0) - return 0; - } - return 1; -} - -int evp_pkey_ctx_set_params_to_ctrl(EVP_PKEY_CTX *ctx, const OSSL_PARAM *params) -{ - return evp_pkey_ctx_setget_params_to_ctrl(ctx, SET, (OSSL_PARAM *)params); -} - -int evp_pkey_ctx_get_params_to_ctrl(EVP_PKEY_CTX *ctx, OSSL_PARAM *params) -{ - return evp_pkey_ctx_setget_params_to_ctrl(ctx, GET, params); -} - -/* This must ONLY be called for legacy EVP_PKEYs */ -static int evp_pkey_setget_params_to_ctrl(const EVP_PKEY *pkey, - enum action action_type, - OSSL_PARAM *params) -{ - int ret = 1; - - for (; params != NULL && params->key != NULL; params++) { - struct translation_ctx_st ctx = { 0, }; - struct translation_st tmpl = { 0, }; - const struct translation_st *translation = NULL; - fixup_args_fn *fixup = default_fixup_args; - - tmpl.action_type = action_type; - tmpl.param_key = params->key; - translation = lookup_evp_pkey_translation(&tmpl); - - if (translation != NULL) { - if (translation->fixup_args != NULL) - fixup = translation->fixup_args; - ctx.action_type = translation->action_type; - } - ctx.p2 = (void *)pkey; - ctx.params = params; - - /* - * EVP_PKEY doesn't have any ctrl function, so we rely completely - * on fixup_args to do the whole work. Also, we currently only - * support getting. - */ - if (!ossl_assert(translation != NULL) - || !ossl_assert(translation->action_type == GET) - || !ossl_assert(translation->fixup_args != NULL)) { - return -2; - } - - ret = fixup(PKEY, translation, &ctx); - - cleanup_translation_ctx(PKEY, translation, &ctx); - } - return ret; -} - -int evp_pkey_get_params_to_ctrl(const EVP_PKEY *pkey, OSSL_PARAM *params) -{ - return evp_pkey_setget_params_to_ctrl(pkey, GET, params); -} diff --git a/crypto/evp/dh_ctrl.c b/crypto/evp/dh_ctrl.c deleted file mode 100644 index fee7757d9aee84ae6b1fb30df5c82aff8c474f76..0000000000000000000000000000000000000000 --- a/crypto/evp/dh_ctrl.c +++ /dev/null @@ -1,346 +0,0 @@ -/* - * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include "internal/deprecated.h" - -#include -#include -#include -#include -#include "crypto/dh.h" -#include "crypto/evp.h" - -static int dh_paramgen_check(EVP_PKEY_CTX *ctx) -{ - if (ctx == NULL || !EVP_PKEY_CTX_IS_GEN_OP(ctx)) { - ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED); - /* Uses the same return values as EVP_PKEY_CTX_ctrl */ - return -2; - } - /* If key type not DH return error */ - if (evp_pkey_ctx_is_legacy(ctx) - && ctx->pmeth->pkey_id != EVP_PKEY_DH - && ctx->pmeth->pkey_id != EVP_PKEY_DHX) - return -1; - return 1; -} - -static int dh_param_derive_check(EVP_PKEY_CTX *ctx) -{ - if (ctx == NULL || !EVP_PKEY_CTX_IS_DERIVE_OP(ctx)) { - ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED); - /* Uses the same return values as EVP_PKEY_CTX_ctrl */ - return -2; - } - /* If key type not DH return error */ - if (evp_pkey_ctx_is_legacy(ctx) - && ctx->pmeth->pkey_id != EVP_PKEY_DH - && ctx->pmeth->pkey_id != EVP_PKEY_DHX) - return -1; - return 1; -} - -int EVP_PKEY_CTX_set_dh_paramgen_gindex(EVP_PKEY_CTX *ctx, int gindex) -{ - int ret; - OSSL_PARAM params[2], *p = params; - - if ((ret = dh_paramgen_check(ctx)) <= 0) - return ret; - - *p++ = OSSL_PARAM_construct_int(OSSL_PKEY_PARAM_FFC_GINDEX, &gindex); - *p = OSSL_PARAM_construct_end(); - - return evp_pkey_ctx_set_params_strict(ctx, params); -} - -int EVP_PKEY_CTX_set_dh_paramgen_seed(EVP_PKEY_CTX *ctx, - const unsigned char *seed, - size_t seedlen) -{ - int ret; - OSSL_PARAM params[2], *p = params; - - if ((ret = dh_paramgen_check(ctx)) <= 0) - return ret; - - *p++ = OSSL_PARAM_construct_octet_string(OSSL_PKEY_PARAM_FFC_SEED, - (void *)seed, seedlen); - *p = OSSL_PARAM_construct_end(); - - return evp_pkey_ctx_set_params_strict(ctx, params); -} - -/* - * This one is currently implemented as an EVP_PKEY_CTX_ctrl() wrapper, - * simply because that's easier. - */ -int EVP_PKEY_CTX_set_dh_paramgen_type(EVP_PKEY_CTX *ctx, int typ) -{ - return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, - EVP_PKEY_CTRL_DH_PARAMGEN_TYPE, typ, NULL); -} - -int EVP_PKEY_CTX_set_dh_paramgen_prime_len(EVP_PKEY_CTX *ctx, int pbits) -{ - int ret; - OSSL_PARAM params[2], *p = params; - size_t bits = pbits; - - if ((ret = dh_paramgen_check(ctx)) <= 0) - return ret; - - *p++ = OSSL_PARAM_construct_size_t(OSSL_PKEY_PARAM_FFC_PBITS, &bits); - *p = OSSL_PARAM_construct_end(); - return evp_pkey_ctx_set_params_strict(ctx, params); -} - -int EVP_PKEY_CTX_set_dh_paramgen_subprime_len(EVP_PKEY_CTX *ctx, int qbits) -{ - int ret; - OSSL_PARAM params[2], *p = params; - size_t bits2 = qbits; - - if ((ret = dh_paramgen_check(ctx)) <= 0) - return ret; - - *p++ = OSSL_PARAM_construct_size_t(OSSL_PKEY_PARAM_FFC_QBITS, &bits2); - *p = OSSL_PARAM_construct_end(); - - return evp_pkey_ctx_set_params_strict(ctx, params); -} - -int EVP_PKEY_CTX_set_dh_paramgen_generator(EVP_PKEY_CTX *ctx, int gen) -{ - int ret; - OSSL_PARAM params[2], *p = params; - - if ((ret = dh_paramgen_check(ctx)) <= 0) - return ret; - - *p++ = OSSL_PARAM_construct_int(OSSL_PKEY_PARAM_DH_GENERATOR, &gen); - *p = OSSL_PARAM_construct_end(); - - return evp_pkey_ctx_set_params_strict(ctx, params); -} - -/* - * This one is currently implemented as an EVP_PKEY_CTX_ctrl() wrapper, - * simply because that's easier. - */ -int EVP_PKEY_CTX_set_dh_rfc5114(EVP_PKEY_CTX *ctx, int gen) -{ - return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_PARAMGEN, - EVP_PKEY_CTRL_DH_RFC5114, gen, NULL); -} - -int EVP_PKEY_CTX_set_dhx_rfc5114(EVP_PKEY_CTX *ctx, int gen) -{ - return EVP_PKEY_CTX_set_dh_rfc5114(ctx, gen); -} - -/* - * This one is currently implemented as an EVP_PKEY_CTX_ctrl() wrapper, - * simply because that's easier. - */ -int EVP_PKEY_CTX_set_dh_nid(EVP_PKEY_CTX *ctx, int nid) -{ - return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, - EVP_PKEY_OP_PARAMGEN | EVP_PKEY_OP_KEYGEN, - EVP_PKEY_CTRL_DH_NID, nid, NULL); -} - -int EVP_PKEY_CTX_set_dh_pad(EVP_PKEY_CTX *ctx, int pad) -{ - OSSL_PARAM dh_pad_params[2]; - unsigned int upad = pad; - - /* We use EVP_PKEY_CTX_ctrl return values */ - if (ctx == NULL || !EVP_PKEY_CTX_IS_DERIVE_OP(ctx)) { - ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED); - return -2; - } - - dh_pad_params[0] = OSSL_PARAM_construct_uint(OSSL_EXCHANGE_PARAM_PAD, &upad); - dh_pad_params[1] = OSSL_PARAM_construct_end(); - - return evp_pkey_ctx_set_params_strict(ctx, dh_pad_params); -} - -/* - * This one is currently implemented as an EVP_PKEY_CTX_ctrl() wrapper, - * simply because that's easier. - */ -int EVP_PKEY_CTX_set_dh_kdf_type(EVP_PKEY_CTX *ctx, int kdf) -{ - return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_DERIVE, - EVP_PKEY_CTRL_DH_KDF_TYPE, kdf, NULL); -} - -/* - * This one is currently implemented as an EVP_PKEY_CTX_ctrl() wrapper, - * simply because that's easier. - */ -int EVP_PKEY_CTX_get_dh_kdf_type(EVP_PKEY_CTX *ctx) -{ - return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_DERIVE, - EVP_PKEY_CTRL_DH_KDF_TYPE, -2, NULL); -} - -/* - * This one is currently implemented as an EVP_PKEY_CTX_ctrl() wrapper, - * simply because that's easier. - */ -int EVP_PKEY_CTX_set0_dh_kdf_oid(EVP_PKEY_CTX *ctx, ASN1_OBJECT *oid) -{ - return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_DERIVE, - EVP_PKEY_CTRL_DH_KDF_OID, 0, (void *)(oid)); -} - -/* - * This one is currently implemented as an EVP_PKEY_CTX_ctrl() wrapper, - * simply because that's easier. - */ -int EVP_PKEY_CTX_get0_dh_kdf_oid(EVP_PKEY_CTX *ctx, ASN1_OBJECT **oid) -{ - return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_DERIVE, - EVP_PKEY_CTRL_GET_DH_KDF_OID, 0, (void *)(oid)); -} - -/* - * This one is currently implemented as an EVP_PKEY_CTX_ctrl() wrapper, - * simply because that's easier. - */ -int EVP_PKEY_CTX_set_dh_kdf_md(EVP_PKEY_CTX *ctx, const EVP_MD *md) -{ - return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_DERIVE, - EVP_PKEY_CTRL_DH_KDF_MD, 0, (void *)(md)); -} - -/* - * This one is currently implemented as an EVP_PKEY_CTX_ctrl() wrapper, - * simply because that's easier. - */ -int EVP_PKEY_CTX_get_dh_kdf_md(EVP_PKEY_CTX *ctx, const EVP_MD **pmd) -{ - return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_DERIVE, - EVP_PKEY_CTRL_GET_DH_KDF_MD, 0, (void *)(pmd)); -} - -int EVP_PKEY_CTX_set_dh_kdf_outlen(EVP_PKEY_CTX *ctx, int outlen) -{ - int ret; - size_t len = outlen; - OSSL_PARAM params[2], *p = params; - - ret = dh_param_derive_check(ctx); - if (ret != 1) - return ret; - - if (outlen <= 0) { - /* - * This would ideally be -1 or 0, but we have to retain compatibility - * with legacy behaviour of EVP_PKEY_CTX_ctrl() which returned -2 if - * inlen <= 0 - */ - return -2; - } - - *p++ = OSSL_PARAM_construct_size_t(OSSL_EXCHANGE_PARAM_KDF_OUTLEN, - &len); - *p = OSSL_PARAM_construct_end(); - - ret = evp_pkey_ctx_set_params_strict(ctx, params); - if (ret == -2) - ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED); - return ret; -} - -int EVP_PKEY_CTX_get_dh_kdf_outlen(EVP_PKEY_CTX *ctx, int *plen) -{ - int ret; - size_t len = UINT_MAX; - OSSL_PARAM params[2], *p = params; - - ret = dh_param_derive_check(ctx); - if (ret != 1) - return ret; - - *p++ = OSSL_PARAM_construct_size_t(OSSL_EXCHANGE_PARAM_KDF_OUTLEN, - &len); - *p = OSSL_PARAM_construct_end(); - - ret = evp_pkey_ctx_get_params_strict(ctx, params); - if (ret == -2) - ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED); - if (ret != 1 || len > INT_MAX) - return -1; - - *plen = (int)len; - - return 1; -} - -int EVP_PKEY_CTX_set0_dh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char *ukm, int len) -{ - int ret; - OSSL_PARAM params[2], *p = params; - - if (len < 0) - return -1; - - ret = dh_param_derive_check(ctx); - if (ret != 1) - return ret; - - *p++ = OSSL_PARAM_construct_octet_string(OSSL_EXCHANGE_PARAM_KDF_UKM, - /* - * Cast away the const. This is read - * only so should be safe - */ - (void *)ukm, - (size_t)len); - *p = OSSL_PARAM_construct_end(); - - ret = evp_pkey_ctx_set_params_strict(ctx, params); - if (ret == -2) - ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED); - if (ret == 1) - OPENSSL_free(ukm); - return ret; -} - -#ifndef OPENSSL_NO_DEPRECATED_3_0 -int EVP_PKEY_CTX_get0_dh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char **pukm) -{ - int ret; - size_t ukmlen; - OSSL_PARAM params[2], *p = params; - - ret = dh_param_derive_check(ctx); - if (ret != 1) - return ret; - - *p++ = OSSL_PARAM_construct_octet_ptr(OSSL_EXCHANGE_PARAM_KDF_UKM, - (void **)pukm, 0); - *p = OSSL_PARAM_construct_end(); - - ret = evp_pkey_ctx_get_params_strict(ctx, params); - if (ret == -2) - ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED); - if (ret != 1) - return -1; - - ukmlen = params[0].return_size; - if (ukmlen > INT_MAX) - return -1; - - return (int)ukmlen; -} -#endif diff --git a/crypto/evp/dh_support.c b/crypto/evp/dh_support.c deleted file mode 100644 index 87296ffbee2b58374e87ae732c2c67b62fafa3a8..0000000000000000000000000000000000000000 --- a/crypto/evp/dh_support.c +++ /dev/null @@ -1,63 +0,0 @@ -/* - * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include /* strcmp */ -#include -#include "internal/nelem.h" -#include "crypto/dh.h" - -typedef struct dh_name2id_st{ - const char *name; - int id; - int type; -} DH_GENTYPE_NAME2ID; - -/* Indicates that the paramgen_type can be used for either DH or DHX */ -#define TYPE_ANY -1 -#ifndef OPENSSL_NO_DH -# define TYPE_DH DH_FLAG_TYPE_DH -# define TYPE_DHX DH_FLAG_TYPE_DHX -#else -# define TYPE_DH 0 -# define TYPE_DHX 0 -#endif - -static const DH_GENTYPE_NAME2ID dhtype2id[] = -{ - { "group", DH_PARAMGEN_TYPE_GROUP, TYPE_ANY }, - { "generator", DH_PARAMGEN_TYPE_GENERATOR, TYPE_DH }, - { "fips186_4", DH_PARAMGEN_TYPE_FIPS_186_4, TYPE_DHX }, - { "fips186_2", DH_PARAMGEN_TYPE_FIPS_186_2, TYPE_DHX }, -}; - -const char *ossl_dh_gen_type_id2name(int id) -{ - size_t i; - - for (i = 0; i < OSSL_NELEM(dhtype2id); ++i) { - if (dhtype2id[i].id == id) - return dhtype2id[i].name; - } - return NULL; -} - -#ifndef OPENSSL_NO_DH -int ossl_dh_gen_type_name2id(const char *name, int type) -{ - size_t i; - - for (i = 0; i < OSSL_NELEM(dhtype2id); ++i) { - if ((dhtype2id[i].type == TYPE_ANY - || type == dhtype2id[i].type) - && strcmp(dhtype2id[i].name, name) == 0) - return dhtype2id[i].id; - } - return -1; -} -#endif diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c deleted file mode 100644 index e6e03eaf34a5781f226ed890daec18d1399892ab..0000000000000000000000000000000000000000 --- a/crypto/evp/digest.c +++ /dev/null @@ -1,1108 +0,0 @@ -/* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* We need to use some engine deprecated APIs */ -#define OPENSSL_SUPPRESS_DEPRECATED - -#include -#include -#include -#include -#ifndef FIPS_MODULE -# include -#endif -#include -#include -#include "internal/cryptlib.h" -#include "internal/provider.h" -#include "internal/core.h" -#include "crypto/evp.h" -#include "evp_local.h" - -static void cleanup_old_md_data(EVP_MD_CTX *ctx, int force) -{ - if (ctx->digest != NULL) { - if (ctx->digest->cleanup != NULL - && !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_CLEANED)) - ctx->digest->cleanup(ctx); - if (ctx->md_data != NULL && ctx->digest->ctx_size > 0 - && (!EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE) - || force)) { - OPENSSL_clear_free(ctx->md_data, ctx->digest->ctx_size); - ctx->md_data = NULL; - } - } -} - -void evp_md_ctx_clear_digest(EVP_MD_CTX *ctx, int force, int keep_fetched) -{ - if (ctx->algctx != NULL) { - if (ctx->digest != NULL && ctx->digest->freectx != NULL) - ctx->digest->freectx(ctx->algctx); - ctx->algctx = NULL; - EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_CLEANED); - } - - /* Code below to be removed when legacy support is dropped. */ - - /* - * Don't assume ctx->md_data was cleaned in EVP_Digest_Final, because - * sometimes only copies of the context are ever finalised. - */ - cleanup_old_md_data(ctx, force); - if (force) - ctx->digest = NULL; - -#if !defined(FIPS_MODULE) && !defined(OPENSSL_NO_ENGINE) - ENGINE_finish(ctx->engine); - ctx->engine = NULL; -#endif - - /* Non legacy code, this has to be later than the ctx->digest cleaning */ - if (!keep_fetched) { - EVP_MD_free(ctx->fetched_digest); - ctx->fetched_digest = NULL; - ctx->reqdigest = NULL; - } -} - -static int evp_md_ctx_reset_ex(EVP_MD_CTX *ctx, int keep_fetched) -{ - if (ctx == NULL) - return 1; - -#ifndef FIPS_MODULE - /* - * pctx should be freed by the user of EVP_MD_CTX - * if EVP_MD_CTX_FLAG_KEEP_PKEY_CTX is set - */ - if (!EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX)) { - EVP_PKEY_CTX_free(ctx->pctx); - ctx->pctx = NULL; - } -#endif - - evp_md_ctx_clear_digest(ctx, 0, keep_fetched); - if (!keep_fetched) - OPENSSL_cleanse(ctx, sizeof(*ctx)); - - return 1; -} - -/* This call frees resources associated with the context */ -int EVP_MD_CTX_reset(EVP_MD_CTX *ctx) -{ - return evp_md_ctx_reset_ex(ctx, 0); -} - -#ifndef FIPS_MODULE -EVP_MD_CTX *evp_md_ctx_new_ex(EVP_PKEY *pkey, const ASN1_OCTET_STRING *id, - OSSL_LIB_CTX *libctx, const char *propq) -{ - EVP_MD_CTX *ctx; - EVP_PKEY_CTX *pctx = NULL; - - if ((ctx = EVP_MD_CTX_new()) == NULL - || (pctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, propq)) == NULL) { - ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); - goto err; - } - - if (id != NULL && EVP_PKEY_CTX_set1_id(pctx, id->data, id->length) <= 0) - goto err; - - EVP_MD_CTX_set_pkey_ctx(ctx, pctx); - return ctx; - - err: - EVP_PKEY_CTX_free(pctx); - EVP_MD_CTX_free(ctx); - return NULL; -} -#endif - -EVP_MD_CTX *EVP_MD_CTX_new(void) -{ - return OPENSSL_zalloc(sizeof(EVP_MD_CTX)); -} - -void EVP_MD_CTX_free(EVP_MD_CTX *ctx) -{ - if (ctx == NULL) - return; - - EVP_MD_CTX_reset(ctx); - OPENSSL_free(ctx); -} - -static int evp_md_init_internal(EVP_MD_CTX *ctx, const EVP_MD *type, - const OSSL_PARAM params[], ENGINE *impl) -{ -#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE) - ENGINE *tmpimpl = NULL; -#endif - -#if !defined(FIPS_MODULE) - if (ctx->pctx != NULL - && EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx->pctx) - && ctx->pctx->op.sig.algctx != NULL) { - /* - * Prior to OpenSSL 3.0 calling EVP_DigestInit_ex() on an mdctx - * previously initialised with EVP_DigestSignInit() would retain - * information about the key, and re-initialise for another sign - * operation. So in that case we redirect to EVP_DigestSignInit() - */ - if (ctx->pctx->operation == EVP_PKEY_OP_SIGNCTX) - return EVP_DigestSignInit(ctx, NULL, type, impl, NULL); - if (ctx->pctx->operation == EVP_PKEY_OP_VERIFYCTX) - return EVP_DigestVerifyInit(ctx, NULL, type, impl, NULL); - ERR_raise(ERR_LIB_EVP, EVP_R_UPDATE_ERROR); - return 0; - } -#endif - - EVP_MD_CTX_clear_flags(ctx, EVP_MD_CTX_FLAG_CLEANED); - - if (ctx->algctx != NULL) { - if (!ossl_assert(ctx->digest != NULL)) { - ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); - return 0; - } - if (ctx->digest->freectx != NULL) - ctx->digest->freectx(ctx->algctx); - ctx->algctx = NULL; - } - - if (type != NULL) { - ctx->reqdigest = type; - } else { - if (ctx->digest == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_NO_DIGEST_SET); - return 0; - } - type = ctx->digest; - } - - /* Code below to be removed when legacy support is dropped. */ -#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE) - /* - * Whether it's nice or not, "Inits" can be used on "Final"'d contexts so - * this context may already have an ENGINE! Try to avoid releasing the - * previous handle, re-querying for an ENGINE, and having a - * reinitialisation, when it may all be unnecessary. - */ - if (ctx->engine && ctx->digest && - (type == NULL || (type->type == ctx->digest->type))) - goto skip_to_init; - - if (type != NULL) { - /* - * Ensure an ENGINE left lying around from last time is cleared (the - * previous check attempted to avoid this if the same ENGINE and - * EVP_MD could be used). - */ - ENGINE_finish(ctx->engine); - ctx->engine = NULL; - } - - if (type != NULL && impl == NULL) - tmpimpl = ENGINE_get_digest_engine(type->type); -#endif - - /* - * If there are engines involved or EVP_MD_CTX_FLAG_NO_INIT is set then we - * should use legacy handling for now. - */ - if (ctx->engine != NULL - || impl != NULL -#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE) - || tmpimpl != NULL -#endif - || (ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) != 0 - || (type != NULL && type->origin == EVP_ORIG_METH) - || (type == NULL && ctx->digest != NULL - && ctx->digest->origin == EVP_ORIG_METH)) { - if (ctx->digest == ctx->fetched_digest) - ctx->digest = NULL; - EVP_MD_free(ctx->fetched_digest); - ctx->fetched_digest = NULL; - goto legacy; - } - - cleanup_old_md_data(ctx, 1); - - /* Start of non-legacy code below */ - - if (type->prov == NULL) { -#ifdef FIPS_MODULE - /* We only do explicit fetches inside the FIPS module */ - ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); - return 0; -#else - /* The NULL digest is a special case */ - EVP_MD *provmd = EVP_MD_fetch(NULL, - type->type != NID_undef ? OBJ_nid2sn(type->type) - : "NULL", ""); - - if (provmd == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); - return 0; - } - type = provmd; - EVP_MD_free(ctx->fetched_digest); - ctx->fetched_digest = provmd; -#endif - } - - if (ctx->algctx != NULL && ctx->digest != NULL && ctx->digest != type) { - if (ctx->digest->freectx != NULL) - ctx->digest->freectx(ctx->algctx); - ctx->algctx = NULL; - } - if (type->prov != NULL && ctx->fetched_digest != type) { - if (!EVP_MD_up_ref((EVP_MD *)type)) { - ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); - return 0; - } - EVP_MD_free(ctx->fetched_digest); - ctx->fetched_digest = (EVP_MD *)type; - } - ctx->digest = type; - if (ctx->algctx == NULL) { - ctx->algctx = ctx->digest->newctx(ossl_provider_ctx(type->prov)); - if (ctx->algctx == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); - return 0; - } - } - - if (ctx->digest->dinit == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); - return 0; - } - - return ctx->digest->dinit(ctx->algctx, params); - - /* Code below to be removed when legacy support is dropped. */ - legacy: - -#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE) - if (type) { - if (impl != NULL) { - if (!ENGINE_init(impl)) { - ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); - return 0; - } - } else { - /* Ask if an ENGINE is reserved for this job */ - impl = tmpimpl; - } - if (impl != NULL) { - /* There's an ENGINE for this job ... (apparently) */ - const EVP_MD *d = ENGINE_get_digest(impl, type->type); - - if (d == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); - ENGINE_finish(impl); - return 0; - } - /* We'll use the ENGINE's private digest definition */ - type = d; - /* - * Store the ENGINE functional reference so we know 'type' came - * from an ENGINE and we need to release it when done. - */ - ctx->engine = impl; - } else - ctx->engine = NULL; - } -#endif - if (ctx->digest != type) { - cleanup_old_md_data(ctx, 1); - - ctx->digest = type; - if (!(ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) && type->ctx_size) { - ctx->update = type->update; - ctx->md_data = OPENSSL_zalloc(type->ctx_size); - if (ctx->md_data == NULL) { - ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE); - return 0; - } - } - } -#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE) - skip_to_init: -#endif -#ifndef FIPS_MODULE - if (ctx->pctx != NULL - && (!EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx->pctx) - || ctx->pctx->op.sig.signature == NULL)) { - int r; - r = EVP_PKEY_CTX_ctrl(ctx->pctx, -1, EVP_PKEY_OP_TYPE_SIG, - EVP_PKEY_CTRL_DIGESTINIT, 0, ctx); - if (r <= 0 && (r != -2)) - return 0; - } -#endif - if (ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) - return 1; - return ctx->digest->init(ctx); -} - -int EVP_DigestInit_ex2(EVP_MD_CTX *ctx, const EVP_MD *type, - const OSSL_PARAM params[]) -{ - return evp_md_init_internal(ctx, type, params, NULL); -} - -int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type) -{ - EVP_MD_CTX_reset(ctx); - return evp_md_init_internal(ctx, type, NULL, NULL); -} - -int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) -{ - return evp_md_init_internal(ctx, type, NULL, impl); -} - -int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t count) -{ - if (count == 0) - return 1; - - if (ctx->pctx != NULL - && EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx->pctx) - && ctx->pctx->op.sig.algctx != NULL) { - /* - * Prior to OpenSSL 3.0 EVP_DigestSignUpdate() and - * EVP_DigestVerifyUpdate() were just macros for EVP_DigestUpdate(). - * Some code calls EVP_DigestUpdate() directly even when initialised - * with EVP_DigestSignInit_ex() or - * EVP_DigestVerifyInit_ex(), so we detect that and redirect to - * the correct EVP_Digest*Update() function - */ - if (ctx->pctx->operation == EVP_PKEY_OP_SIGNCTX) - return EVP_DigestSignUpdate(ctx, data, count); - if (ctx->pctx->operation == EVP_PKEY_OP_VERIFYCTX) - return EVP_DigestVerifyUpdate(ctx, data, count); - ERR_raise(ERR_LIB_EVP, EVP_R_UPDATE_ERROR); - return 0; - } - - if (ctx->digest == NULL - || ctx->digest->prov == NULL - || (ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) != 0) - goto legacy; - - if (ctx->digest->dupdate == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_UPDATE_ERROR); - return 0; - } - return ctx->digest->dupdate(ctx->algctx, data, count); - - /* Code below to be removed when legacy support is dropped. */ - legacy: - return ctx->update(ctx, data, count); -} - -/* The caller can assume that this removes any secret data from the context */ -int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size) -{ - int ret; - ret = EVP_DigestFinal_ex(ctx, md, size); - EVP_MD_CTX_reset(ctx); - return ret; -} - -/* The caller can assume that this removes any secret data from the context */ -int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *isize) -{ - int ret, sz; - size_t size = 0; - size_t mdsize = 0; - - if (ctx->digest == NULL) - return 0; - - sz = EVP_MD_get_size(ctx->digest); - if (sz < 0) - return 0; - mdsize = sz; - if (ctx->digest->prov == NULL) - goto legacy; - - if (ctx->digest->dfinal == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_FINAL_ERROR); - return 0; - } - - ret = ctx->digest->dfinal(ctx->algctx, md, &size, mdsize); - - if (isize != NULL) { - if (size <= UINT_MAX) { - *isize = (int)size; - } else { - ERR_raise(ERR_LIB_EVP, EVP_R_FINAL_ERROR); - ret = 0; - } - } - - return ret; - - /* Code below to be removed when legacy support is dropped. */ - legacy: - OPENSSL_assert(mdsize <= EVP_MAX_MD_SIZE); - ret = ctx->digest->final(ctx, md); - if (isize != NULL) - *isize = mdsize; - if (ctx->digest->cleanup) { - ctx->digest->cleanup(ctx); - EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_CLEANED); - } - OPENSSL_cleanse(ctx->md_data, ctx->digest->ctx_size); - return ret; -} - -int EVP_DigestFinalXOF(EVP_MD_CTX *ctx, unsigned char *md, size_t size) -{ - int ret = 0; - OSSL_PARAM params[2]; - size_t i = 0; - - if (ctx->digest == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_NULL_ALGORITHM); - return 0; - } - - if (ctx->digest->prov == NULL) - goto legacy; - - if (ctx->digest->dfinal == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_FINAL_ERROR); - return 0; - } - - params[i++] = OSSL_PARAM_construct_size_t(OSSL_DIGEST_PARAM_XOFLEN, &size); - params[i++] = OSSL_PARAM_construct_end(); - - if (EVP_MD_CTX_set_params(ctx, params) > 0) - ret = ctx->digest->dfinal(ctx->algctx, md, &size, size); - - return ret; - -legacy: - if (ctx->digest->flags & EVP_MD_FLAG_XOF - && size <= INT_MAX - && ctx->digest->md_ctrl(ctx, EVP_MD_CTRL_XOF_LEN, (int)size, NULL)) { - ret = ctx->digest->final(ctx, md); - if (ctx->digest->cleanup != NULL) { - ctx->digest->cleanup(ctx); - EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_CLEANED); - } - OPENSSL_cleanse(ctx->md_data, ctx->digest->ctx_size); - } else { - ERR_raise(ERR_LIB_EVP, EVP_R_NOT_XOF_OR_INVALID_LENGTH); - } - - return ret; -} - -int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in) -{ - EVP_MD_CTX_reset(out); - return EVP_MD_CTX_copy_ex(out, in); -} - -int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in) -{ - int digest_change = 0; - unsigned char *tmp_buf; - - if (in == NULL) { - ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - - if (in->digest == NULL) { - /* copying uninitialized digest context */ - EVP_MD_CTX_reset(out); - if (out->fetched_digest != NULL) - EVP_MD_free(out->fetched_digest); - *out = *in; - goto clone_pkey; - } - - if (in->digest->prov == NULL - || (in->flags & EVP_MD_CTX_FLAG_NO_INIT) != 0) - goto legacy; - - if (in->digest->dupctx == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_NOT_ABLE_TO_COPY_CTX); - return 0; - } - - evp_md_ctx_reset_ex(out, 1); - digest_change = (out->fetched_digest != in->fetched_digest); - if (digest_change && out->fetched_digest != NULL) - EVP_MD_free(out->fetched_digest); - *out = *in; - /* NULL out pointers in case of error */ - out->pctx = NULL; - out->algctx = NULL; - - if (digest_change && in->fetched_digest != NULL) - EVP_MD_up_ref(in->fetched_digest); - - if (in->algctx != NULL) { - out->algctx = in->digest->dupctx(in->algctx); - if (out->algctx == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_NOT_ABLE_TO_COPY_CTX); - return 0; - } - } - - clone_pkey: - /* copied EVP_MD_CTX should free the copied EVP_PKEY_CTX */ - EVP_MD_CTX_clear_flags(out, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX); -#ifndef FIPS_MODULE - if (in->pctx != NULL) { - out->pctx = EVP_PKEY_CTX_dup(in->pctx); - if (out->pctx == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_NOT_ABLE_TO_COPY_CTX); - EVP_MD_CTX_reset(out); - return 0; - } - } -#endif - - return 1; - - /* Code below to be removed when legacy support is dropped. */ - legacy: -#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE) - /* Make sure it's safe to copy a digest context using an ENGINE */ - if (in->engine && !ENGINE_init(in->engine)) { - ERR_raise(ERR_LIB_EVP, ERR_R_ENGINE_LIB); - return 0; - } -#endif - - if (out->digest == in->digest) { - tmp_buf = out->md_data; - EVP_MD_CTX_set_flags(out, EVP_MD_CTX_FLAG_REUSE); - } else - tmp_buf = NULL; - EVP_MD_CTX_reset(out); - memcpy(out, in, sizeof(*out)); - - /* copied EVP_MD_CTX should free the copied EVP_PKEY_CTX */ - EVP_MD_CTX_clear_flags(out, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX); - - /* Null these variables, since they are getting fixed up - * properly below. Anything else may cause a memleak and/or - * double free if any of the memory allocations below fail - */ - out->md_data = NULL; - out->pctx = NULL; - - if (in->md_data && out->digest->ctx_size) { - if (tmp_buf) - out->md_data = tmp_buf; - else { - out->md_data = OPENSSL_malloc(out->digest->ctx_size); - if (out->md_data == NULL) { - ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE); - return 0; - } - } - memcpy(out->md_data, in->md_data, out->digest->ctx_size); - } - - out->update = in->update; - -#ifndef FIPS_MODULE - if (in->pctx) { - out->pctx = EVP_PKEY_CTX_dup(in->pctx); - if (!out->pctx) { - EVP_MD_CTX_reset(out); - return 0; - } - } -#endif - - if (out->digest->copy) - return out->digest->copy(out, in); - - return 1; -} - -int EVP_Digest(const void *data, size_t count, - unsigned char *md, unsigned int *size, const EVP_MD *type, - ENGINE *impl) -{ - EVP_MD_CTX *ctx = EVP_MD_CTX_new(); - int ret; - - if (ctx == NULL) - return 0; - EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_ONESHOT); - ret = EVP_DigestInit_ex(ctx, type, impl) - && EVP_DigestUpdate(ctx, data, count) - && EVP_DigestFinal_ex(ctx, md, size); - EVP_MD_CTX_free(ctx); - - return ret; -} - -int EVP_Q_digest(OSSL_LIB_CTX *libctx, const char *name, const char *propq, - const void *data, size_t datalen, - unsigned char *md, size_t *mdlen) -{ - EVP_MD *digest = EVP_MD_fetch(libctx, name, propq); - unsigned int temp = 0; - int ret = 0; - - if (digest != NULL) { - ret = EVP_Digest(data, datalen, md, &temp, digest, NULL); - EVP_MD_free(digest); - } - if (mdlen != NULL) - *mdlen = temp; - return ret; -} - -int EVP_MD_get_params(const EVP_MD *digest, OSSL_PARAM params[]) -{ - if (digest != NULL && digest->get_params != NULL) - return digest->get_params(params); - return 0; -} - -const OSSL_PARAM *EVP_MD_gettable_params(const EVP_MD *digest) -{ - if (digest != NULL && digest->gettable_params != NULL) - return digest->gettable_params( - ossl_provider_ctx(EVP_MD_get0_provider(digest))); - return NULL; -} - -int EVP_MD_CTX_set_params(EVP_MD_CTX *ctx, const OSSL_PARAM params[]) -{ - EVP_PKEY_CTX *pctx = ctx->pctx; - - /* If we have a pctx then we should try that first */ - if (pctx != NULL - && (pctx->operation == EVP_PKEY_OP_VERIFYCTX - || pctx->operation == EVP_PKEY_OP_SIGNCTX) - && pctx->op.sig.algctx != NULL - && pctx->op.sig.signature->set_ctx_md_params != NULL) - return pctx->op.sig.signature->set_ctx_md_params(pctx->op.sig.algctx, - params); - - if (ctx->digest != NULL && ctx->digest->set_ctx_params != NULL) - return ctx->digest->set_ctx_params(ctx->algctx, params); - - return 0; -} - -const OSSL_PARAM *EVP_MD_settable_ctx_params(const EVP_MD *md) -{ - void *provctx; - - if (md != NULL && md->settable_ctx_params != NULL) { - provctx = ossl_provider_ctx(EVP_MD_get0_provider(md)); - return md->settable_ctx_params(NULL, provctx); - } - return NULL; -} - -const OSSL_PARAM *EVP_MD_CTX_settable_params(EVP_MD_CTX *ctx) -{ - EVP_PKEY_CTX *pctx; - void *alg; - - if (ctx == NULL) - return NULL; - - /* If we have a pctx then we should try that first */ - pctx = ctx->pctx; - if (pctx != NULL - && (pctx->operation == EVP_PKEY_OP_VERIFYCTX - || pctx->operation == EVP_PKEY_OP_SIGNCTX) - && pctx->op.sig.algctx != NULL - && pctx->op.sig.signature->settable_ctx_md_params != NULL) - return pctx->op.sig.signature->settable_ctx_md_params( - pctx->op.sig.algctx); - - if (ctx->digest != NULL && ctx->digest->settable_ctx_params != NULL) { - alg = ossl_provider_ctx(EVP_MD_get0_provider(ctx->digest)); - return ctx->digest->settable_ctx_params(ctx->algctx, alg); - } - - return NULL; -} - -int EVP_MD_CTX_get_params(EVP_MD_CTX *ctx, OSSL_PARAM params[]) -{ - EVP_PKEY_CTX *pctx = ctx->pctx; - - /* If we have a pctx then we should try that first */ - if (pctx != NULL - && (pctx->operation == EVP_PKEY_OP_VERIFYCTX - || pctx->operation == EVP_PKEY_OP_SIGNCTX) - && pctx->op.sig.algctx != NULL - && pctx->op.sig.signature->get_ctx_md_params != NULL) - return pctx->op.sig.signature->get_ctx_md_params(pctx->op.sig.algctx, - params); - - if (ctx->digest != NULL && ctx->digest->get_params != NULL) - return ctx->digest->get_ctx_params(ctx->algctx, params); - - return 0; -} - -const OSSL_PARAM *EVP_MD_gettable_ctx_params(const EVP_MD *md) -{ - void *provctx; - - if (md != NULL && md->gettable_ctx_params != NULL) { - provctx = ossl_provider_ctx(EVP_MD_get0_provider(md)); - return md->gettable_ctx_params(NULL, provctx); - } - return NULL; -} - -const OSSL_PARAM *EVP_MD_CTX_gettable_params(EVP_MD_CTX *ctx) -{ - EVP_PKEY_CTX *pctx; - void *provctx; - - if (ctx == NULL) - return NULL; - - /* If we have a pctx then we should try that first */ - pctx = ctx->pctx; - if (pctx != NULL - && (pctx->operation == EVP_PKEY_OP_VERIFYCTX - || pctx->operation == EVP_PKEY_OP_SIGNCTX) - && pctx->op.sig.algctx != NULL - && pctx->op.sig.signature->gettable_ctx_md_params != NULL) - return pctx->op.sig.signature->gettable_ctx_md_params( - pctx->op.sig.algctx); - - if (ctx->digest != NULL && ctx->digest->gettable_ctx_params != NULL) { - provctx = ossl_provider_ctx(EVP_MD_get0_provider(ctx->digest)); - return ctx->digest->gettable_ctx_params(ctx->algctx, provctx); - } - return NULL; -} - -int EVP_MD_CTX_ctrl(EVP_MD_CTX *ctx, int cmd, int p1, void *p2) -{ - int ret = EVP_CTRL_RET_UNSUPPORTED; - int set_params = 1; - size_t sz; - OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; - - if (ctx == NULL) { - ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - - if (ctx->digest != NULL && ctx->digest->prov == NULL) - goto legacy; - - switch (cmd) { - case EVP_MD_CTRL_XOF_LEN: - sz = (size_t)p1; - params[0] = OSSL_PARAM_construct_size_t(OSSL_DIGEST_PARAM_XOFLEN, &sz); - break; - case EVP_MD_CTRL_MICALG: - set_params = 0; - params[0] = OSSL_PARAM_construct_utf8_string(OSSL_DIGEST_PARAM_MICALG, - p2, p1 ? p1 : 9999); - break; - case EVP_CTRL_SSL3_MASTER_SECRET: - params[0] = OSSL_PARAM_construct_octet_string(OSSL_DIGEST_PARAM_SSL3_MS, - p2, p1); - break; - default: - goto conclude; - } - - if (set_params) - ret = EVP_MD_CTX_set_params(ctx, params); - else - ret = EVP_MD_CTX_get_params(ctx, params); - goto conclude; - - - /* Code below to be removed when legacy support is dropped. */ - legacy: - if (ctx->digest->md_ctrl == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_CTRL_NOT_IMPLEMENTED); - return 0; - } - - ret = ctx->digest->md_ctrl(ctx, cmd, p1, p2); - conclude: - if (ret <= 0) - return 0; - return ret; -} - -EVP_MD *evp_md_new(void) -{ - EVP_MD *md = OPENSSL_zalloc(sizeof(*md)); - - if (md != NULL) { - md->lock = CRYPTO_THREAD_lock_new(); - if (md->lock == NULL) { - OPENSSL_free(md); - return NULL; - } - md->refcnt = 1; - } - return md; -} - -/* - * FIPS module note: since internal fetches will be entirely - * provider based, we know that none of its code depends on legacy - * NIDs or any functionality that use them. - */ -#ifndef FIPS_MODULE -static void set_legacy_nid(const char *name, void *vlegacy_nid) -{ - int nid; - int *legacy_nid = vlegacy_nid; - /* - * We use lowest level function to get the associated method, because - * higher level functions such as EVP_get_digestbyname() have changed - * to look at providers too. - */ - const void *legacy_method = OBJ_NAME_get(name, OBJ_NAME_TYPE_MD_METH); - - if (*legacy_nid == -1) /* We found a clash already */ - return; - - if (legacy_method == NULL) - return; - nid = EVP_MD_nid(legacy_method); - if (*legacy_nid != NID_undef && *legacy_nid != nid) { - *legacy_nid = -1; - return; - } - *legacy_nid = nid; -} -#endif - -static int evp_md_cache_constants(EVP_MD *md) -{ - int ok, xof = 0, algid_absent = 0; - size_t blksz = 0; - size_t mdsize = 0; - OSSL_PARAM params[5]; - - params[0] = OSSL_PARAM_construct_size_t(OSSL_DIGEST_PARAM_BLOCK_SIZE, &blksz); - params[1] = OSSL_PARAM_construct_size_t(OSSL_DIGEST_PARAM_SIZE, &mdsize); - params[2] = OSSL_PARAM_construct_int(OSSL_DIGEST_PARAM_XOF, &xof); - params[3] = OSSL_PARAM_construct_int(OSSL_DIGEST_PARAM_ALGID_ABSENT, - &algid_absent); - params[4] = OSSL_PARAM_construct_end(); - ok = evp_do_md_getparams(md, params) > 0; - if (mdsize > INT_MAX || blksz > INT_MAX) - ok = 0; - if (ok) { - md->block_size = (int)blksz; - md->md_size = (int)mdsize; - if (xof) - md->flags |= EVP_MD_FLAG_XOF; - if (algid_absent) - md->flags |= EVP_MD_FLAG_DIGALGID_ABSENT; - } - return ok; -} - -static void *evp_md_from_algorithm(int name_id, - const OSSL_ALGORITHM *algodef, - OSSL_PROVIDER *prov) -{ - const OSSL_DISPATCH *fns = algodef->implementation; - EVP_MD *md = NULL; - int fncnt = 0; - - /* EVP_MD_fetch() will set the legacy NID if available */ - if ((md = evp_md_new()) == NULL) { - ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE); - return NULL; - } - -#ifndef FIPS_MODULE - md->type = NID_undef; - if (!evp_names_do_all(prov, name_id, set_legacy_nid, &md->type) - || md->type == -1) { - ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR); - EVP_MD_free(md); - return NULL; - } -#endif - - md->name_id = name_id; - if ((md->type_name = ossl_algorithm_get1_first_name(algodef)) == NULL) { - EVP_MD_free(md); - return NULL; - } - md->description = algodef->algorithm_description; - - for (; fns->function_id != 0; fns++) { - switch (fns->function_id) { - case OSSL_FUNC_DIGEST_NEWCTX: - if (md->newctx == NULL) { - md->newctx = OSSL_FUNC_digest_newctx(fns); - fncnt++; - } - break; - case OSSL_FUNC_DIGEST_INIT: - if (md->dinit == NULL) { - md->dinit = OSSL_FUNC_digest_init(fns); - fncnt++; - } - break; - case OSSL_FUNC_DIGEST_UPDATE: - if (md->dupdate == NULL) { - md->dupdate = OSSL_FUNC_digest_update(fns); - fncnt++; - } - break; - case OSSL_FUNC_DIGEST_FINAL: - if (md->dfinal == NULL) { - md->dfinal = OSSL_FUNC_digest_final(fns); - fncnt++; - } - break; - case OSSL_FUNC_DIGEST_DIGEST: - if (md->digest == NULL) - md->digest = OSSL_FUNC_digest_digest(fns); - /* We don't increment fnct for this as it is stand alone */ - break; - case OSSL_FUNC_DIGEST_FREECTX: - if (md->freectx == NULL) { - md->freectx = OSSL_FUNC_digest_freectx(fns); - fncnt++; - } - break; - case OSSL_FUNC_DIGEST_DUPCTX: - if (md->dupctx == NULL) - md->dupctx = OSSL_FUNC_digest_dupctx(fns); - break; - case OSSL_FUNC_DIGEST_GET_PARAMS: - if (md->get_params == NULL) - md->get_params = OSSL_FUNC_digest_get_params(fns); - break; - case OSSL_FUNC_DIGEST_SET_CTX_PARAMS: - if (md->set_ctx_params == NULL) - md->set_ctx_params = OSSL_FUNC_digest_set_ctx_params(fns); - break; - case OSSL_FUNC_DIGEST_GET_CTX_PARAMS: - if (md->get_ctx_params == NULL) - md->get_ctx_params = OSSL_FUNC_digest_get_ctx_params(fns); - break; - case OSSL_FUNC_DIGEST_GETTABLE_PARAMS: - if (md->gettable_params == NULL) - md->gettable_params = OSSL_FUNC_digest_gettable_params(fns); - break; - case OSSL_FUNC_DIGEST_SETTABLE_CTX_PARAMS: - if (md->settable_ctx_params == NULL) - md->settable_ctx_params = - OSSL_FUNC_digest_settable_ctx_params(fns); - break; - case OSSL_FUNC_DIGEST_GETTABLE_CTX_PARAMS: - if (md->gettable_ctx_params == NULL) - md->gettable_ctx_params = - OSSL_FUNC_digest_gettable_ctx_params(fns); - break; - } - } - if ((fncnt != 0 && fncnt != 5) - || (fncnt == 0 && md->digest == NULL)) { - /* - * In order to be a consistent set of functions we either need the - * whole set of init/update/final etc functions or none of them. - * The "digest" function can standalone. We at least need one way to - * generate digests. - */ - EVP_MD_free(md); - ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS); - return NULL; - } - md->prov = prov; - if (prov != NULL) - ossl_provider_up_ref(prov); - - if (!evp_md_cache_constants(md)) { - EVP_MD_free(md); - ERR_raise(ERR_LIB_EVP, EVP_R_CACHE_CONSTANTS_FAILED); - md = NULL; - } - - return md; -} - -static int evp_md_up_ref(void *md) -{ - return EVP_MD_up_ref(md); -} - -static void evp_md_free(void *md) -{ - EVP_MD_free(md); -} - -EVP_MD *EVP_MD_fetch(OSSL_LIB_CTX *ctx, const char *algorithm, - const char *properties) -{ - EVP_MD *md = - evp_generic_fetch(ctx, OSSL_OP_DIGEST, algorithm, properties, - evp_md_from_algorithm, evp_md_up_ref, evp_md_free); - - return md; -} - -int EVP_MD_up_ref(EVP_MD *md) -{ - int ref = 0; - - if (md->origin == EVP_ORIG_DYNAMIC) - CRYPTO_UP_REF(&md->refcnt, &ref, md->lock); - return 1; -} - -void EVP_MD_free(EVP_MD *md) -{ - int i; - - if (md == NULL || md->origin != EVP_ORIG_DYNAMIC) - return; - - CRYPTO_DOWN_REF(&md->refcnt, &i, md->lock); - if (i > 0) - return; - evp_md_free_int(md); -} - -void EVP_MD_do_all_provided(OSSL_LIB_CTX *libctx, - void (*fn)(EVP_MD *mac, void *arg), - void *arg) -{ - evp_generic_do_all(libctx, OSSL_OP_DIGEST, - (void (*)(void *, void *))fn, arg, - evp_md_from_algorithm, evp_md_up_ref, evp_md_free); -} diff --git a/crypto/evp/dsa_ctrl.c b/crypto/evp/dsa_ctrl.c deleted file mode 100644 index 531a21fa8d4d1f2d8a406aa810d18cdd1e914b30..0000000000000000000000000000000000000000 --- a/crypto/evp/dsa_ctrl.c +++ /dev/null @@ -1,132 +0,0 @@ -/* - * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include -#include -#include "crypto/evp.h" - -static int dsa_paramgen_check(EVP_PKEY_CTX *ctx) -{ - if (ctx == NULL || !EVP_PKEY_CTX_IS_GEN_OP(ctx)) { - ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED); - /* Uses the same return values as EVP_PKEY_CTX_ctrl */ - return -2; - } - /* If key type not DSA return error */ - if (ctx->pmeth != NULL && ctx->pmeth->pkey_id != EVP_PKEY_DSA) - return -1; - return 1; -} - -int EVP_PKEY_CTX_set_dsa_paramgen_type(EVP_PKEY_CTX *ctx, const char *name) -{ - int ret; - OSSL_PARAM params[2], *p = params; - - if ((ret = dsa_paramgen_check(ctx)) <= 0) - return ret; - - *p++ = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_FFC_TYPE, - (char *)name, 0); - *p++ = OSSL_PARAM_construct_end(); - - return EVP_PKEY_CTX_set_params(ctx, params); -} - -int EVP_PKEY_CTX_set_dsa_paramgen_gindex(EVP_PKEY_CTX *ctx, int gindex) -{ - int ret; - OSSL_PARAM params[2], *p = params; - - if ((ret = dsa_paramgen_check(ctx)) <= 0) - return ret; - - *p++ = OSSL_PARAM_construct_int(OSSL_PKEY_PARAM_FFC_GINDEX, &gindex); - *p++ = OSSL_PARAM_construct_end(); - - return EVP_PKEY_CTX_set_params(ctx, params); -} - -int EVP_PKEY_CTX_set_dsa_paramgen_seed(EVP_PKEY_CTX *ctx, - const unsigned char *seed, - size_t seedlen) -{ - int ret; - OSSL_PARAM params[2], *p = params; - - if ((ret = dsa_paramgen_check(ctx)) <= 0) - return ret; - - *p++ = OSSL_PARAM_construct_octet_string(OSSL_PKEY_PARAM_FFC_SEED, - (void *)seed, seedlen); - *p++ = OSSL_PARAM_construct_end(); - - return EVP_PKEY_CTX_set_params(ctx, params); -} - -int EVP_PKEY_CTX_set_dsa_paramgen_bits(EVP_PKEY_CTX *ctx, int nbits) -{ - int ret; - OSSL_PARAM params[2], *p = params; - size_t bits = nbits; - - if ((ret = dsa_paramgen_check(ctx)) <= 0) - return ret; - - *p++ = OSSL_PARAM_construct_size_t(OSSL_PKEY_PARAM_FFC_PBITS, &bits); - *p++ = OSSL_PARAM_construct_end(); - - return EVP_PKEY_CTX_set_params(ctx, params); -} - -int EVP_PKEY_CTX_set_dsa_paramgen_q_bits(EVP_PKEY_CTX *ctx, int qbits) -{ - int ret; - OSSL_PARAM params[2], *p = params; - size_t bits2 = qbits; - - if ((ret = dsa_paramgen_check(ctx)) <= 0) - return ret; - - *p++ = OSSL_PARAM_construct_size_t(OSSL_PKEY_PARAM_FFC_QBITS, &bits2); - *p++ = OSSL_PARAM_construct_end(); - - return EVP_PKEY_CTX_set_params(ctx, params); -} - -int EVP_PKEY_CTX_set_dsa_paramgen_md_props(EVP_PKEY_CTX *ctx, - const char *md_name, - const char *md_properties) -{ - int ret; - OSSL_PARAM params[3], *p = params; - - if ((ret = dsa_paramgen_check(ctx)) <= 0) - return ret; - - *p++ = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_FFC_DIGEST, - (char *)md_name, 0); - if (md_properties != NULL) - *p++ = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_FFC_DIGEST_PROPS, - (char *)md_properties, 0); - *p++ = OSSL_PARAM_construct_end(); - - return EVP_PKEY_CTX_set_params(ctx, params); -} - -#if !defined(FIPS_MODULE) -int EVP_PKEY_CTX_set_dsa_paramgen_md(EVP_PKEY_CTX *ctx, const EVP_MD *md) -{ - return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN, - EVP_PKEY_CTRL_DSA_PARAMGEN_MD, 0, (void *)(md)); -} -#endif diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c deleted file mode 100644 index 52b9e87c1e2b2ab484c21bf416813549dbced90a..0000000000000000000000000000000000000000 --- a/crypto/evp/e_aes.c +++ /dev/null @@ -1,4049 +0,0 @@ -/* - * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * This file uses the low level AES functions (which are deprecated for - * non-internal use) in order to implement the EVP AES ciphers. - */ -#include "internal/deprecated.h" - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include "crypto/evp.h" -#include "internal/cryptlib.h" -#include "crypto/modes.h" -#include "crypto/siv.h" -#include "crypto/aes_platform.h" -#include "evp_local.h" - -typedef struct { - union { - OSSL_UNION_ALIGN; - AES_KEY ks; - } ks; - block128_f block; - union { - cbc128_f cbc; - ctr128_f ctr; - } stream; -} EVP_AES_KEY; - -typedef struct { - union { - OSSL_UNION_ALIGN; - AES_KEY ks; - } ks; /* AES key schedule to use */ - int key_set; /* Set if key initialised */ - int iv_set; /* Set if an iv is set */ - GCM128_CONTEXT gcm; - unsigned char *iv; /* Temporary IV store */ - int ivlen; /* IV length */ - int taglen; - int iv_gen; /* It is OK to generate IVs */ - int iv_gen_rand; /* No IV was specified, so generate a rand IV */ - int tls_aad_len; /* TLS AAD length */ - uint64_t tls_enc_records; /* Number of TLS records encrypted */ - ctr128_f ctr; -} EVP_AES_GCM_CTX; - -typedef struct { - union { - OSSL_UNION_ALIGN; - AES_KEY ks; - } ks1, ks2; /* AES key schedules to use */ - XTS128_CONTEXT xts; - void (*stream) (const unsigned char *in, - unsigned char *out, size_t length, - const AES_KEY *key1, const AES_KEY *key2, - const unsigned char iv[16]); -} EVP_AES_XTS_CTX; - -#ifdef FIPS_MODULE -static const int allow_insecure_decrypt = 0; -#else -static const int allow_insecure_decrypt = 1; -#endif - -typedef struct { - union { - OSSL_UNION_ALIGN; - AES_KEY ks; - } ks; /* AES key schedule to use */ - int key_set; /* Set if key initialised */ - int iv_set; /* Set if an iv is set */ - int tag_set; /* Set if tag is valid */ - int len_set; /* Set if message length set */ - int L, M; /* L and M parameters from RFC3610 */ - int tls_aad_len; /* TLS AAD length */ - CCM128_CONTEXT ccm; - ccm128_f str; -} EVP_AES_CCM_CTX; - -#ifndef OPENSSL_NO_OCB -typedef struct { - union { - OSSL_UNION_ALIGN; - AES_KEY ks; - } ksenc; /* AES key schedule to use for encryption */ - union { - OSSL_UNION_ALIGN; - AES_KEY ks; - } ksdec; /* AES key schedule to use for decryption */ - int key_set; /* Set if key initialised */ - int iv_set; /* Set if an iv is set */ - OCB128_CONTEXT ocb; - unsigned char *iv; /* Temporary IV store */ - unsigned char tag[16]; - unsigned char data_buf[16]; /* Store partial data blocks */ - unsigned char aad_buf[16]; /* Store partial AAD blocks */ - int data_buf_len; - int aad_buf_len; - int ivlen; /* IV length */ - int taglen; -} EVP_AES_OCB_CTX; -#endif - -#define MAXBITCHUNK ((size_t)1<<(sizeof(size_t)*8-4)) - -/* increment counter (64-bit int) by 1 */ -static void ctr64_inc(unsigned char *counter) -{ - int n = 8; - unsigned char c; - - do { - --n; - c = counter[n]; - ++c; - counter[n] = c; - if (c) - return; - } while (n); -} - -#if defined(AESNI_CAPABLE) -# if defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64) || defined(_M_X64) -# define AES_GCM_ASM2(gctx) (gctx->gcm.block==(block128_f)aesni_encrypt && \ - gctx->gcm.ghash==gcm_ghash_avx) -# undef AES_GCM_ASM2 /* minor size optimization */ -# endif - -static int aesni_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) -{ - int ret, mode; - EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx); - - mode = EVP_CIPHER_CTX_get_mode(ctx); - if ((mode == EVP_CIPH_ECB_MODE || mode == EVP_CIPH_CBC_MODE) - && !enc) { - ret = aesni_set_decrypt_key(key, - EVP_CIPHER_CTX_get_key_length(ctx) * 8, - &dat->ks.ks); - dat->block = (block128_f) aesni_decrypt; - dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ? - (cbc128_f) aesni_cbc_encrypt : NULL; - } else { - ret = aesni_set_encrypt_key(key, - EVP_CIPHER_CTX_get_key_length(ctx) * 8, - &dat->ks.ks); - dat->block = (block128_f) aesni_encrypt; - if (mode == EVP_CIPH_CBC_MODE) - dat->stream.cbc = (cbc128_f) aesni_cbc_encrypt; - else if (mode == EVP_CIPH_CTR_MODE) - dat->stream.ctr = (ctr128_f) aesni_ctr32_encrypt_blocks; - else - dat->stream.cbc = NULL; - } - - if (ret < 0) { - ERR_raise(ERR_LIB_EVP, EVP_R_AES_KEY_SETUP_FAILED); - return 0; - } - - return 1; -} - -static int aesni_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len) -{ - aesni_cbc_encrypt(in, out, len, &EVP_C_DATA(EVP_AES_KEY,ctx)->ks.ks, - ctx->iv, EVP_CIPHER_CTX_is_encrypting(ctx)); - - return 1; -} - -static int aesni_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len) -{ - size_t bl = EVP_CIPHER_CTX_get_block_size(ctx); - - if (len < bl) - return 1; - - aesni_ecb_encrypt(in, out, len, &EVP_C_DATA(EVP_AES_KEY,ctx)->ks.ks, - EVP_CIPHER_CTX_is_encrypting(ctx)); - - return 1; -} - -# define aesni_ofb_cipher aes_ofb_cipher -static int aesni_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len); - -# define aesni_cfb_cipher aes_cfb_cipher -static int aesni_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len); - -# define aesni_cfb8_cipher aes_cfb8_cipher -static int aesni_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len); - -# define aesni_cfb1_cipher aes_cfb1_cipher -static int aesni_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len); - -# define aesni_ctr_cipher aes_ctr_cipher -static int aesni_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len); - -static int aesni_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) -{ - EVP_AES_GCM_CTX *gctx = EVP_C_DATA(EVP_AES_GCM_CTX,ctx); - if (!iv && !key) - return 1; - if (key) { - aesni_set_encrypt_key(key, EVP_CIPHER_CTX_get_key_length(ctx) * 8, - &gctx->ks.ks); - CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks, (block128_f) aesni_encrypt); - gctx->ctr = (ctr128_f) aesni_ctr32_encrypt_blocks; - /* - * If we have an iv can set it directly, otherwise use saved IV. - */ - if (iv == NULL && gctx->iv_set) - iv = gctx->iv; - if (iv) { - CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen); - gctx->iv_set = 1; - } - gctx->key_set = 1; - } else { - /* If key set use IV, otherwise copy */ - if (gctx->key_set) - CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen); - else - memcpy(gctx->iv, iv, gctx->ivlen); - gctx->iv_set = 1; - gctx->iv_gen = 0; - } - return 1; -} - -# define aesni_gcm_cipher aes_gcm_cipher -static int aesni_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len); - -static int aesni_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) -{ - EVP_AES_XTS_CTX *xctx = EVP_C_DATA(EVP_AES_XTS_CTX,ctx); - - if (!iv && !key) - return 1; - - if (key) { - /* The key is two half length keys in reality */ - const int bytes = EVP_CIPHER_CTX_get_key_length(ctx) / 2; - const int bits = bytes * 8; - - /* - * Verify that the two keys are different. - * - * This addresses Rogaway's vulnerability. - * See comment in aes_xts_init_key() below. - */ - if ((!allow_insecure_decrypt || enc) - && CRYPTO_memcmp(key, key + bytes, bytes) == 0) { - ERR_raise(ERR_LIB_EVP, EVP_R_XTS_DUPLICATED_KEYS); - return 0; - } - - /* key_len is two AES keys */ - if (enc) { - aesni_set_encrypt_key(key, bits, &xctx->ks1.ks); - xctx->xts.block1 = (block128_f) aesni_encrypt; - xctx->stream = aesni_xts_encrypt; - } else { - aesni_set_decrypt_key(key, bits, &xctx->ks1.ks); - xctx->xts.block1 = (block128_f) aesni_decrypt; - xctx->stream = aesni_xts_decrypt; - } - - aesni_set_encrypt_key(key + bytes, bits, &xctx->ks2.ks); - xctx->xts.block2 = (block128_f) aesni_encrypt; - - xctx->xts.key1 = &xctx->ks1; - } - - if (iv) { - xctx->xts.key2 = &xctx->ks2; - memcpy(ctx->iv, iv, 16); - } - - return 1; -} - -# define aesni_xts_cipher aes_xts_cipher -static int aesni_xts_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len); - -static int aesni_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) -{ - EVP_AES_CCM_CTX *cctx = EVP_C_DATA(EVP_AES_CCM_CTX,ctx); - if (!iv && !key) - return 1; - if (key) { - aesni_set_encrypt_key(key, EVP_CIPHER_CTX_get_key_length(ctx) * 8, - &cctx->ks.ks); - CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L, - &cctx->ks, (block128_f) aesni_encrypt); - cctx->str = enc ? (ccm128_f) aesni_ccm64_encrypt_blocks : - (ccm128_f) aesni_ccm64_decrypt_blocks; - cctx->key_set = 1; - } - if (iv) { - memcpy(ctx->iv, iv, 15 - cctx->L); - cctx->iv_set = 1; - } - return 1; -} - -# define aesni_ccm_cipher aes_ccm_cipher -static int aesni_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len); - -# ifndef OPENSSL_NO_OCB -static int aesni_ocb_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) -{ - EVP_AES_OCB_CTX *octx = EVP_C_DATA(EVP_AES_OCB_CTX,ctx); - if (!iv && !key) - return 1; - if (key) { - do { - /* - * We set both the encrypt and decrypt key here because decrypt - * needs both. We could possibly optimise to remove setting the - * decrypt for an encryption operation. - */ - aesni_set_encrypt_key(key, EVP_CIPHER_CTX_get_key_length(ctx) * 8, - &octx->ksenc.ks); - aesni_set_decrypt_key(key, EVP_CIPHER_CTX_get_key_length(ctx) * 8, - &octx->ksdec.ks); - if (!CRYPTO_ocb128_init(&octx->ocb, - &octx->ksenc.ks, &octx->ksdec.ks, - (block128_f) aesni_encrypt, - (block128_f) aesni_decrypt, - enc ? aesni_ocb_encrypt - : aesni_ocb_decrypt)) - return 0; - } - while (0); - - /* - * If we have an iv we can set it directly, otherwise use saved IV. - */ - if (iv == NULL && octx->iv_set) - iv = octx->iv; - if (iv) { - if (CRYPTO_ocb128_setiv(&octx->ocb, iv, octx->ivlen, octx->taglen) - != 1) - return 0; - octx->iv_set = 1; - } - octx->key_set = 1; - } else { - /* If key set use IV, otherwise copy */ - if (octx->key_set) - CRYPTO_ocb128_setiv(&octx->ocb, iv, octx->ivlen, octx->taglen); - else - memcpy(octx->iv, iv, octx->ivlen); - octx->iv_set = 1; - } - return 1; -} - -# define aesni_ocb_cipher aes_ocb_cipher -static int aesni_ocb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len); -# endif /* OPENSSL_NO_OCB */ - -# define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \ -static const EVP_CIPHER aesni_##keylen##_##mode = { \ - nid##_##keylen##_##nmode,blocksize,keylen/8,ivlen, \ - flags|EVP_CIPH_##MODE##_MODE, \ - EVP_ORIG_GLOBAL, \ - aesni_init_key, \ - aesni_##mode##_cipher, \ - NULL, \ - sizeof(EVP_AES_KEY), \ - NULL,NULL,NULL,NULL }; \ -static const EVP_CIPHER aes_##keylen##_##mode = { \ - nid##_##keylen##_##nmode,blocksize, \ - keylen/8,ivlen, \ - flags|EVP_CIPH_##MODE##_MODE, \ - EVP_ORIG_GLOBAL, \ - aes_init_key, \ - aes_##mode##_cipher, \ - NULL, \ - sizeof(EVP_AES_KEY), \ - NULL,NULL,NULL,NULL }; \ -const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \ -{ return AESNI_CAPABLE?&aesni_##keylen##_##mode:&aes_##keylen##_##mode; } - -# define BLOCK_CIPHER_custom(nid,keylen,blocksize,ivlen,mode,MODE,flags) \ -static const EVP_CIPHER aesni_##keylen##_##mode = { \ - nid##_##keylen##_##mode,blocksize, \ - (EVP_CIPH_##MODE##_MODE==EVP_CIPH_XTS_MODE||EVP_CIPH_##MODE##_MODE==EVP_CIPH_SIV_MODE?2:1)*keylen/8, \ - ivlen, \ - flags|EVP_CIPH_##MODE##_MODE, \ - EVP_ORIG_GLOBAL, \ - aesni_##mode##_init_key, \ - aesni_##mode##_cipher, \ - aes_##mode##_cleanup, \ - sizeof(EVP_AES_##MODE##_CTX), \ - NULL,NULL,aes_##mode##_ctrl,NULL }; \ -static const EVP_CIPHER aes_##keylen##_##mode = { \ - nid##_##keylen##_##mode,blocksize, \ - (EVP_CIPH_##MODE##_MODE==EVP_CIPH_XTS_MODE||EVP_CIPH_##MODE##_MODE==EVP_CIPH_SIV_MODE?2:1)*keylen/8, \ - ivlen, \ - flags|EVP_CIPH_##MODE##_MODE, \ - EVP_ORIG_GLOBAL, \ - aes_##mode##_init_key, \ - aes_##mode##_cipher, \ - aes_##mode##_cleanup, \ - sizeof(EVP_AES_##MODE##_CTX), \ - NULL,NULL,aes_##mode##_ctrl,NULL }; \ -const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \ -{ return AESNI_CAPABLE?&aesni_##keylen##_##mode:&aes_##keylen##_##mode; } - -#elif defined(SPARC_AES_CAPABLE) - -static int aes_t4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) -{ - int ret, mode, bits; - EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx); - - mode = EVP_CIPHER_CTX_get_mode(ctx); - bits = EVP_CIPHER_CTX_get_key_length(ctx) * 8; - if ((mode == EVP_CIPH_ECB_MODE || mode == EVP_CIPH_CBC_MODE) - && !enc) { - ret = 0; - aes_t4_set_decrypt_key(key, bits, &dat->ks.ks); - dat->block = (block128_f) aes_t4_decrypt; - switch (bits) { - case 128: - dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ? - (cbc128_f) aes128_t4_cbc_decrypt : NULL; - break; - case 192: - dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ? - (cbc128_f) aes192_t4_cbc_decrypt : NULL; - break; - case 256: - dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ? - (cbc128_f) aes256_t4_cbc_decrypt : NULL; - break; - default: - ret = -1; - } - } else { - ret = 0; - aes_t4_set_encrypt_key(key, bits, &dat->ks.ks); - dat->block = (block128_f) aes_t4_encrypt; - switch (bits) { - case 128: - if (mode == EVP_CIPH_CBC_MODE) - dat->stream.cbc = (cbc128_f) aes128_t4_cbc_encrypt; - else if (mode == EVP_CIPH_CTR_MODE) - dat->stream.ctr = (ctr128_f) aes128_t4_ctr32_encrypt; - else - dat->stream.cbc = NULL; - break; - case 192: - if (mode == EVP_CIPH_CBC_MODE) - dat->stream.cbc = (cbc128_f) aes192_t4_cbc_encrypt; - else if (mode == EVP_CIPH_CTR_MODE) - dat->stream.ctr = (ctr128_f) aes192_t4_ctr32_encrypt; - else - dat->stream.cbc = NULL; - break; - case 256: - if (mode == EVP_CIPH_CBC_MODE) - dat->stream.cbc = (cbc128_f) aes256_t4_cbc_encrypt; - else if (mode == EVP_CIPH_CTR_MODE) - dat->stream.ctr = (ctr128_f) aes256_t4_ctr32_encrypt; - else - dat->stream.cbc = NULL; - break; - default: - ret = -1; - } - } - - if (ret < 0) { - ERR_raise(ERR_LIB_EVP, EVP_R_AES_KEY_SETUP_FAILED); - return 0; - } - - return 1; -} - -# define aes_t4_cbc_cipher aes_cbc_cipher -static int aes_t4_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len); - -# define aes_t4_ecb_cipher aes_ecb_cipher -static int aes_t4_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len); - -# define aes_t4_ofb_cipher aes_ofb_cipher -static int aes_t4_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len); - -# define aes_t4_cfb_cipher aes_cfb_cipher -static int aes_t4_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len); - -# define aes_t4_cfb8_cipher aes_cfb8_cipher -static int aes_t4_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len); - -# define aes_t4_cfb1_cipher aes_cfb1_cipher -static int aes_t4_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len); - -# define aes_t4_ctr_cipher aes_ctr_cipher -static int aes_t4_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len); - -static int aes_t4_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) -{ - EVP_AES_GCM_CTX *gctx = EVP_C_DATA(EVP_AES_GCM_CTX,ctx); - if (!iv && !key) - return 1; - if (key) { - int bits = EVP_CIPHER_CTX_get_key_length(ctx) * 8; - aes_t4_set_encrypt_key(key, bits, &gctx->ks.ks); - CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks, - (block128_f) aes_t4_encrypt); - switch (bits) { - case 128: - gctx->ctr = (ctr128_f) aes128_t4_ctr32_encrypt; - break; - case 192: - gctx->ctr = (ctr128_f) aes192_t4_ctr32_encrypt; - break; - case 256: - gctx->ctr = (ctr128_f) aes256_t4_ctr32_encrypt; - break; - default: - return 0; - } - /* - * If we have an iv can set it directly, otherwise use saved IV. - */ - if (iv == NULL && gctx->iv_set) - iv = gctx->iv; - if (iv) { - CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen); - gctx->iv_set = 1; - } - gctx->key_set = 1; - } else { - /* If key set use IV, otherwise copy */ - if (gctx->key_set) - CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen); - else - memcpy(gctx->iv, iv, gctx->ivlen); - gctx->iv_set = 1; - gctx->iv_gen = 0; - } - return 1; -} - -# define aes_t4_gcm_cipher aes_gcm_cipher -static int aes_t4_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len); - -static int aes_t4_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) -{ - EVP_AES_XTS_CTX *xctx = EVP_C_DATA(EVP_AES_XTS_CTX,ctx); - - if (!iv && !key) - return 1; - - if (key) { - /* The key is two half length keys in reality */ - const int bytes = EVP_CIPHER_CTX_get_key_length(ctx) / 2; - const int bits = bytes * 8; - - /* - * Verify that the two keys are different. - * - * This addresses Rogaway's vulnerability. - * See comment in aes_xts_init_key() below. - */ - if ((!allow_insecure_decrypt || enc) - && CRYPTO_memcmp(key, key + bytes, bytes) == 0) { - ERR_raise(ERR_LIB_EVP, EVP_R_XTS_DUPLICATED_KEYS); - return 0; - } - - xctx->stream = NULL; - /* key_len is two AES keys */ - if (enc) { - aes_t4_set_encrypt_key(key, bits, &xctx->ks1.ks); - xctx->xts.block1 = (block128_f) aes_t4_encrypt; - switch (bits) { - case 128: - xctx->stream = aes128_t4_xts_encrypt; - break; - case 256: - xctx->stream = aes256_t4_xts_encrypt; - break; - default: - return 0; - } - } else { - aes_t4_set_decrypt_key(key, bits, &xctx->ks1.ks); - xctx->xts.block1 = (block128_f) aes_t4_decrypt; - switch (bits) { - case 128: - xctx->stream = aes128_t4_xts_decrypt; - break; - case 256: - xctx->stream = aes256_t4_xts_decrypt; - break; - default: - return 0; - } - } - - aes_t4_set_encrypt_key(key + bytes, bits, &xctx->ks2.ks); - xctx->xts.block2 = (block128_f) aes_t4_encrypt; - - xctx->xts.key1 = &xctx->ks1; - } - - if (iv) { - xctx->xts.key2 = &xctx->ks2; - memcpy(ctx->iv, iv, 16); - } - - return 1; -} - -# define aes_t4_xts_cipher aes_xts_cipher -static int aes_t4_xts_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len); - -static int aes_t4_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) -{ - EVP_AES_CCM_CTX *cctx = EVP_C_DATA(EVP_AES_CCM_CTX,ctx); - if (!iv && !key) - return 1; - if (key) { - int bits = EVP_CIPHER_CTX_get_key_length(ctx) * 8; - aes_t4_set_encrypt_key(key, bits, &cctx->ks.ks); - CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L, - &cctx->ks, (block128_f) aes_t4_encrypt); - cctx->str = NULL; - cctx->key_set = 1; - } - if (iv) { - memcpy(ctx->iv, iv, 15 - cctx->L); - cctx->iv_set = 1; - } - return 1; -} - -# define aes_t4_ccm_cipher aes_ccm_cipher -static int aes_t4_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len); - -# ifndef OPENSSL_NO_OCB -static int aes_t4_ocb_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) -{ - EVP_AES_OCB_CTX *octx = EVP_C_DATA(EVP_AES_OCB_CTX,ctx); - if (!iv && !key) - return 1; - if (key) { - do { - /* - * We set both the encrypt and decrypt key here because decrypt - * needs both. We could possibly optimise to remove setting the - * decrypt for an encryption operation. - */ - aes_t4_set_encrypt_key(key, EVP_CIPHER_CTX_get_key_length(ctx) * 8, - &octx->ksenc.ks); - aes_t4_set_decrypt_key(key, EVP_CIPHER_CTX_get_key_length(ctx) * 8, - &octx->ksdec.ks); - if (!CRYPTO_ocb128_init(&octx->ocb, - &octx->ksenc.ks, &octx->ksdec.ks, - (block128_f) aes_t4_encrypt, - (block128_f) aes_t4_decrypt, - NULL)) - return 0; - } - while (0); - - /* - * If we have an iv we can set it directly, otherwise use saved IV. - */ - if (iv == NULL && octx->iv_set) - iv = octx->iv; - if (iv) { - if (CRYPTO_ocb128_setiv(&octx->ocb, iv, octx->ivlen, octx->taglen) - != 1) - return 0; - octx->iv_set = 1; - } - octx->key_set = 1; - } else { - /* If key set use IV, otherwise copy */ - if (octx->key_set) - CRYPTO_ocb128_setiv(&octx->ocb, iv, octx->ivlen, octx->taglen); - else - memcpy(octx->iv, iv, octx->ivlen); - octx->iv_set = 1; - } - return 1; -} - -# define aes_t4_ocb_cipher aes_ocb_cipher -static int aes_t4_ocb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len); -# endif /* OPENSSL_NO_OCB */ - -# ifndef OPENSSL_NO_SIV -# define aes_t4_siv_init_key aes_siv_init_key -# define aes_t4_siv_cipher aes_siv_cipher -# endif /* OPENSSL_NO_SIV */ - -# define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \ -static const EVP_CIPHER aes_t4_##keylen##_##mode = { \ - nid##_##keylen##_##nmode,blocksize,keylen/8,ivlen, \ - flags|EVP_CIPH_##MODE##_MODE, \ - EVP_ORIG_GLOBAL, \ - aes_t4_init_key, \ - aes_t4_##mode##_cipher, \ - NULL, \ - sizeof(EVP_AES_KEY), \ - NULL,NULL,NULL,NULL }; \ -static const EVP_CIPHER aes_##keylen##_##mode = { \ - nid##_##keylen##_##nmode,blocksize, \ - keylen/8,ivlen, \ - flags|EVP_CIPH_##MODE##_MODE, \ - EVP_ORIG_GLOBAL, \ - aes_init_key, \ - aes_##mode##_cipher, \ - NULL, \ - sizeof(EVP_AES_KEY), \ - NULL,NULL,NULL,NULL }; \ -const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \ -{ return SPARC_AES_CAPABLE?&aes_t4_##keylen##_##mode:&aes_##keylen##_##mode; } - -# define BLOCK_CIPHER_custom(nid,keylen,blocksize,ivlen,mode,MODE,flags) \ -static const EVP_CIPHER aes_t4_##keylen##_##mode = { \ - nid##_##keylen##_##mode,blocksize, \ - (EVP_CIPH_##MODE##_MODE==EVP_CIPH_XTS_MODE||EVP_CIPH_##MODE##_MODE==EVP_CIPH_SIV_MODE?2:1)*keylen/8, \ - ivlen, \ - flags|EVP_CIPH_##MODE##_MODE, \ - EVP_ORIG_GLOBAL, \ - aes_t4_##mode##_init_key, \ - aes_t4_##mode##_cipher, \ - aes_##mode##_cleanup, \ - sizeof(EVP_AES_##MODE##_CTX), \ - NULL,NULL,aes_##mode##_ctrl,NULL }; \ -static const EVP_CIPHER aes_##keylen##_##mode = { \ - nid##_##keylen##_##mode,blocksize, \ - (EVP_CIPH_##MODE##_MODE==EVP_CIPH_XTS_MODE||EVP_CIPH_##MODE##_MODE==EVP_CIPH_SIV_MODE?2:1)*keylen/8, \ - ivlen, \ - flags|EVP_CIPH_##MODE##_MODE, \ - EVP_ORIG_GLOBAL, \ - aes_##mode##_init_key, \ - aes_##mode##_cipher, \ - aes_##mode##_cleanup, \ - sizeof(EVP_AES_##MODE##_CTX), \ - NULL,NULL,aes_##mode##_ctrl,NULL }; \ -const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \ -{ return SPARC_AES_CAPABLE?&aes_t4_##keylen##_##mode:&aes_##keylen##_##mode; } - -#elif defined(S390X_aes_128_CAPABLE) -/* IBM S390X support */ -typedef struct { - union { - OSSL_UNION_ALIGN; - /*- - * KM-AES parameter block - begin - * (see z/Architecture Principles of Operation >= SA22-7832-06) - */ - struct { - unsigned char k[32]; - } param; - /* KM-AES parameter block - end */ - } km; - unsigned int fc; -} S390X_AES_ECB_CTX; - -typedef struct { - union { - OSSL_UNION_ALIGN; - /*- - * KMO-AES parameter block - begin - * (see z/Architecture Principles of Operation >= SA22-7832-08) - */ - struct { - unsigned char cv[16]; - unsigned char k[32]; - } param; - /* KMO-AES parameter block - end */ - } kmo; - unsigned int fc; - - int res; -} S390X_AES_OFB_CTX; - -typedef struct { - union { - OSSL_UNION_ALIGN; - /*- - * KMF-AES parameter block - begin - * (see z/Architecture Principles of Operation >= SA22-7832-08) - */ - struct { - unsigned char cv[16]; - unsigned char k[32]; - } param; - /* KMF-AES parameter block - end */ - } kmf; - unsigned int fc; - - int res; -} S390X_AES_CFB_CTX; - -typedef struct { - union { - OSSL_UNION_ALIGN; - /*- - * KMA-GCM-AES parameter block - begin - * (see z/Architecture Principles of Operation >= SA22-7832-11) - */ - struct { - unsigned char reserved[12]; - union { - unsigned int w; - unsigned char b[4]; - } cv; - union { - unsigned long long g[2]; - unsigned char b[16]; - } t; - unsigned char h[16]; - unsigned long long taadl; - unsigned long long tpcl; - union { - unsigned long long g[2]; - unsigned int w[4]; - } j0; - unsigned char k[32]; - } param; - /* KMA-GCM-AES parameter block - end */ - } kma; - unsigned int fc; - int key_set; - - unsigned char *iv; - int ivlen; - int iv_set; - int iv_gen; - - int taglen; - - unsigned char ares[16]; - unsigned char mres[16]; - unsigned char kres[16]; - int areslen; - int mreslen; - int kreslen; - - int tls_aad_len; - uint64_t tls_enc_records; /* Number of TLS records encrypted */ -} S390X_AES_GCM_CTX; - -typedef struct { - union { - OSSL_UNION_ALIGN; - /*- - * Padding is chosen so that ccm.kmac_param.k overlaps with key.k and - * ccm.fc with key.k.rounds. Remember that on s390x, an AES_KEY's - * rounds field is used to store the function code and that the key - * schedule is not stored (if aes hardware support is detected). - */ - struct { - unsigned char pad[16]; - AES_KEY k; - } key; - - struct { - /*- - * KMAC-AES parameter block - begin - * (see z/Architecture Principles of Operation >= SA22-7832-08) - */ - struct { - union { - unsigned long long g[2]; - unsigned char b[16]; - } icv; - unsigned char k[32]; - } kmac_param; - /* KMAC-AES parameter block - end */ - - union { - unsigned long long g[2]; - unsigned char b[16]; - } nonce; - union { - unsigned long long g[2]; - unsigned char b[16]; - } buf; - - unsigned long long blocks; - int l; - int m; - int tls_aad_len; - int iv_set; - int tag_set; - int len_set; - int key_set; - - unsigned char pad[140]; - unsigned int fc; - } ccm; - } aes; -} S390X_AES_CCM_CTX; - -# define s390x_aes_init_key aes_init_key -static int s390x_aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc); - -# define S390X_AES_CBC_CTX EVP_AES_KEY - -# define s390x_aes_cbc_init_key aes_init_key - -# define s390x_aes_cbc_cipher aes_cbc_cipher -static int s390x_aes_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len); - -static int s390x_aes_ecb_init_key(EVP_CIPHER_CTX *ctx, - const unsigned char *key, - const unsigned char *iv, int enc) -{ - S390X_AES_ECB_CTX *cctx = EVP_C_DATA(S390X_AES_ECB_CTX, ctx); - const int keylen = EVP_CIPHER_CTX_get_key_length(ctx); - - cctx->fc = S390X_AES_FC(keylen); - if (!enc) - cctx->fc |= S390X_DECRYPT; - - memcpy(cctx->km.param.k, key, keylen); - return 1; -} - -static int s390x_aes_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len) -{ - S390X_AES_ECB_CTX *cctx = EVP_C_DATA(S390X_AES_ECB_CTX, ctx); - - s390x_km(in, len, out, cctx->fc, &cctx->km.param); - return 1; -} - -static int s390x_aes_ofb_init_key(EVP_CIPHER_CTX *ctx, - const unsigned char *key, - const unsigned char *ivec, int enc) -{ - S390X_AES_OFB_CTX *cctx = EVP_C_DATA(S390X_AES_OFB_CTX, ctx); - const unsigned char *iv = ctx->oiv; - const int keylen = EVP_CIPHER_CTX_get_key_length(ctx); - const int ivlen = EVP_CIPHER_CTX_get_iv_length(ctx); - - memcpy(cctx->kmo.param.cv, iv, ivlen); - memcpy(cctx->kmo.param.k, key, keylen); - cctx->fc = S390X_AES_FC(keylen); - cctx->res = 0; - return 1; -} - -static int s390x_aes_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len) -{ - S390X_AES_OFB_CTX *cctx = EVP_C_DATA(S390X_AES_OFB_CTX, ctx); - const int ivlen = EVP_CIPHER_CTX_get_iv_length(ctx); - unsigned char *iv = EVP_CIPHER_CTX_iv_noconst(ctx); - int n = cctx->res; - int rem; - - memcpy(cctx->kmo.param.cv, iv, ivlen); - while (n && len) { - *out = *in ^ cctx->kmo.param.cv[n]; - n = (n + 1) & 0xf; - --len; - ++in; - ++out; - } - - rem = len & 0xf; - - len &= ~(size_t)0xf; - if (len) { - s390x_kmo(in, len, out, cctx->fc, &cctx->kmo.param); - - out += len; - in += len; - } - - if (rem) { - s390x_km(cctx->kmo.param.cv, 16, cctx->kmo.param.cv, cctx->fc, - cctx->kmo.param.k); - - while (rem--) { - out[n] = in[n] ^ cctx->kmo.param.cv[n]; - ++n; - } - } - - memcpy(iv, cctx->kmo.param.cv, ivlen); - cctx->res = n; - return 1; -} - -static int s390x_aes_cfb_init_key(EVP_CIPHER_CTX *ctx, - const unsigned char *key, - const unsigned char *ivec, int enc) -{ - S390X_AES_CFB_CTX *cctx = EVP_C_DATA(S390X_AES_CFB_CTX, ctx); - const unsigned char *iv = ctx->oiv; - const int keylen = EVP_CIPHER_CTX_get_key_length(ctx); - const int ivlen = EVP_CIPHER_CTX_get_iv_length(ctx); - - cctx->fc = S390X_AES_FC(keylen); - cctx->fc |= 16 << 24; /* 16 bytes cipher feedback */ - if (!enc) - cctx->fc |= S390X_DECRYPT; - - cctx->res = 0; - memcpy(cctx->kmf.param.cv, iv, ivlen); - memcpy(cctx->kmf.param.k, key, keylen); - return 1; -} - -static int s390x_aes_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len) -{ - S390X_AES_CFB_CTX *cctx = EVP_C_DATA(S390X_AES_CFB_CTX, ctx); - const int keylen = EVP_CIPHER_CTX_get_key_length(ctx); - const int enc = EVP_CIPHER_CTX_is_encrypting(ctx); - const int ivlen = EVP_CIPHER_CTX_get_iv_length(ctx); - unsigned char *iv = EVP_CIPHER_CTX_iv_noconst(ctx); - int n = cctx->res; - int rem; - unsigned char tmp; - - memcpy(cctx->kmf.param.cv, iv, ivlen); - while (n && len) { - tmp = *in; - *out = cctx->kmf.param.cv[n] ^ tmp; - cctx->kmf.param.cv[n] = enc ? *out : tmp; - n = (n + 1) & 0xf; - --len; - ++in; - ++out; - } - - rem = len & 0xf; - - len &= ~(size_t)0xf; - if (len) { - s390x_kmf(in, len, out, cctx->fc, &cctx->kmf.param); - - out += len; - in += len; - } - - if (rem) { - s390x_km(cctx->kmf.param.cv, 16, cctx->kmf.param.cv, - S390X_AES_FC(keylen), cctx->kmf.param.k); - - while (rem--) { - tmp = in[n]; - out[n] = cctx->kmf.param.cv[n] ^ tmp; - cctx->kmf.param.cv[n] = enc ? out[n] : tmp; - ++n; - } - } - - memcpy(iv, cctx->kmf.param.cv, ivlen); - cctx->res = n; - return 1; -} - -static int s390x_aes_cfb8_init_key(EVP_CIPHER_CTX *ctx, - const unsigned char *key, - const unsigned char *ivec, int enc) -{ - S390X_AES_CFB_CTX *cctx = EVP_C_DATA(S390X_AES_CFB_CTX, ctx); - const unsigned char *iv = ctx->oiv; - const int keylen = EVP_CIPHER_CTX_get_key_length(ctx); - const int ivlen = EVP_CIPHER_CTX_get_iv_length(ctx); - - cctx->fc = S390X_AES_FC(keylen); - cctx->fc |= 1 << 24; /* 1 byte cipher feedback */ - if (!enc) - cctx->fc |= S390X_DECRYPT; - - memcpy(cctx->kmf.param.cv, iv, ivlen); - memcpy(cctx->kmf.param.k, key, keylen); - return 1; -} - -static int s390x_aes_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len) -{ - S390X_AES_CFB_CTX *cctx = EVP_C_DATA(S390X_AES_CFB_CTX, ctx); - const int ivlen = EVP_CIPHER_CTX_get_iv_length(ctx); - unsigned char *iv = EVP_CIPHER_CTX_iv_noconst(ctx); - - memcpy(cctx->kmf.param.cv, iv, ivlen); - s390x_kmf(in, len, out, cctx->fc, &cctx->kmf.param); - memcpy(iv, cctx->kmf.param.cv, ivlen); - return 1; -} - -# define s390x_aes_cfb1_init_key aes_init_key - -# define s390x_aes_cfb1_cipher aes_cfb1_cipher -static int s390x_aes_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len); - -# define S390X_AES_CTR_CTX EVP_AES_KEY - -# define s390x_aes_ctr_init_key aes_init_key - -# define s390x_aes_ctr_cipher aes_ctr_cipher -static int s390x_aes_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len); - -/* iv + padding length for iv lengths != 12 */ -# define S390X_gcm_ivpadlen(i) ((((i) + 15) >> 4 << 4) + 16) - -/*- - * Process additional authenticated data. Returns 0 on success. Code is - * big-endian. - */ -static int s390x_aes_gcm_aad(S390X_AES_GCM_CTX *ctx, const unsigned char *aad, - size_t len) -{ - unsigned long long alen; - int n, rem; - - if (ctx->kma.param.tpcl) - return -2; - - alen = ctx->kma.param.taadl + len; - if (alen > (U64(1) << 61) || (sizeof(len) == 8 && alen < len)) - return -1; - ctx->kma.param.taadl = alen; - - n = ctx->areslen; - if (n) { - while (n && len) { - ctx->ares[n] = *aad; - n = (n + 1) & 0xf; - ++aad; - --len; - } - /* ctx->ares contains a complete block if offset has wrapped around */ - if (!n) { - s390x_kma(ctx->ares, 16, NULL, 0, NULL, ctx->fc, &ctx->kma.param); - ctx->fc |= S390X_KMA_HS; - } - ctx->areslen = n; - } - - rem = len & 0xf; - - len &= ~(size_t)0xf; - if (len) { - s390x_kma(aad, len, NULL, 0, NULL, ctx->fc, &ctx->kma.param); - aad += len; - ctx->fc |= S390X_KMA_HS; - } - - if (rem) { - ctx->areslen = rem; - - do { - --rem; - ctx->ares[rem] = aad[rem]; - } while (rem); - } - return 0; -} - -/*- - * En/de-crypt plain/cipher-text and authenticate ciphertext. Returns 0 for - * success. Code is big-endian. - */ -static int s390x_aes_gcm(S390X_AES_GCM_CTX *ctx, const unsigned char *in, - unsigned char *out, size_t len) -{ - const unsigned char *inptr; - unsigned long long mlen; - union { - unsigned int w[4]; - unsigned char b[16]; - } buf; - size_t inlen; - int n, rem, i; - - mlen = ctx->kma.param.tpcl + len; - if (mlen > ((U64(1) << 36) - 32) || (sizeof(len) == 8 && mlen < len)) - return -1; - ctx->kma.param.tpcl = mlen; - - n = ctx->mreslen; - if (n) { - inptr = in; - inlen = len; - while (n && inlen) { - ctx->mres[n] = *inptr; - n = (n + 1) & 0xf; - ++inptr; - --inlen; - } - /* ctx->mres contains a complete block if offset has wrapped around */ - if (!n) { - s390x_kma(ctx->ares, ctx->areslen, ctx->mres, 16, buf.b, - ctx->fc | S390X_KMA_LAAD, &ctx->kma.param); - ctx->fc |= S390X_KMA_HS; - ctx->areslen = 0; - - /* previous call already encrypted/decrypted its remainder, - * see comment below */ - n = ctx->mreslen; - while (n) { - *out = buf.b[n]; - n = (n + 1) & 0xf; - ++out; - ++in; - --len; - } - ctx->mreslen = 0; - } - } - - rem = len & 0xf; - - len &= ~(size_t)0xf; - if (len) { - s390x_kma(ctx->ares, ctx->areslen, in, len, out, - ctx->fc | S390X_KMA_LAAD, &ctx->kma.param); - in += len; - out += len; - ctx->fc |= S390X_KMA_HS; - ctx->areslen = 0; - } - - /*- - * If there is a remainder, it has to be saved such that it can be - * processed by kma later. However, we also have to do the for-now - * unauthenticated encryption/decryption part here and now... - */ - if (rem) { - if (!ctx->mreslen) { - buf.w[0] = ctx->kma.param.j0.w[0]; - buf.w[1] = ctx->kma.param.j0.w[1]; - buf.w[2] = ctx->kma.param.j0.w[2]; - buf.w[3] = ctx->kma.param.cv.w + 1; - s390x_km(buf.b, 16, ctx->kres, ctx->fc & 0x1f, &ctx->kma.param.k); - } - - n = ctx->mreslen; - for (i = 0; i < rem; i++) { - ctx->mres[n + i] = in[i]; - out[i] = in[i] ^ ctx->kres[n + i]; - } - - ctx->mreslen += rem; - } - return 0; -} - -/*- - * Initialize context structure. Code is big-endian. - */ -static void s390x_aes_gcm_setiv(S390X_AES_GCM_CTX *ctx, - const unsigned char *iv) -{ - ctx->kma.param.t.g[0] = 0; - ctx->kma.param.t.g[1] = 0; - ctx->kma.param.tpcl = 0; - ctx->kma.param.taadl = 0; - ctx->mreslen = 0; - ctx->areslen = 0; - ctx->kreslen = 0; - - if (ctx->ivlen == 12) { - memcpy(&ctx->kma.param.j0, iv, ctx->ivlen); - ctx->kma.param.j0.w[3] = 1; - ctx->kma.param.cv.w = 1; - } else { - /* ctx->iv has the right size and is already padded. */ - memcpy(ctx->iv, iv, ctx->ivlen); - s390x_kma(ctx->iv, S390X_gcm_ivpadlen(ctx->ivlen), NULL, 0, NULL, - ctx->fc, &ctx->kma.param); - ctx->fc |= S390X_KMA_HS; - - ctx->kma.param.j0.g[0] = ctx->kma.param.t.g[0]; - ctx->kma.param.j0.g[1] = ctx->kma.param.t.g[1]; - ctx->kma.param.cv.w = ctx->kma.param.j0.w[3]; - ctx->kma.param.t.g[0] = 0; - ctx->kma.param.t.g[1] = 0; - } -} - -/*- - * Performs various operations on the context structure depending on control - * type. Returns 1 for success, 0 for failure and -1 for unknown control type. - * Code is big-endian. - */ -static int s390x_aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) -{ - S390X_AES_GCM_CTX *gctx = EVP_C_DATA(S390X_AES_GCM_CTX, c); - S390X_AES_GCM_CTX *gctx_out; - EVP_CIPHER_CTX *out; - unsigned char *buf; - int ivlen, enc, len; - - switch (type) { - case EVP_CTRL_INIT: - ivlen = EVP_CIPHER_get_iv_length(c->cipher); - gctx->key_set = 0; - gctx->iv_set = 0; - gctx->ivlen = ivlen; - gctx->iv = c->iv; - gctx->taglen = -1; - gctx->iv_gen = 0; - gctx->tls_aad_len = -1; - return 1; - - case EVP_CTRL_GET_IVLEN: - *(int *)ptr = gctx->ivlen; - return 1; - - case EVP_CTRL_AEAD_SET_IVLEN: - if (arg <= 0) - return 0; - - if (arg != 12) { - len = S390X_gcm_ivpadlen(arg); - - /* Allocate memory for iv if needed. */ - if (gctx->ivlen == 12 || len > S390X_gcm_ivpadlen(gctx->ivlen)) { - if (gctx->iv != c->iv) - OPENSSL_free(gctx->iv); - - if ((gctx->iv = OPENSSL_malloc(len)) == NULL) { - ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE); - return 0; - } - } - /* Add padding. */ - memset(gctx->iv + arg, 0, len - arg - 8); - *((unsigned long long *)(gctx->iv + len - 8)) = arg << 3; - } - gctx->ivlen = arg; - return 1; - - case EVP_CTRL_AEAD_SET_TAG: - buf = EVP_CIPHER_CTX_buf_noconst(c); - enc = EVP_CIPHER_CTX_is_encrypting(c); - if (arg <= 0 || arg > 16 || enc) - return 0; - - memcpy(buf, ptr, arg); - gctx->taglen = arg; - return 1; - - case EVP_CTRL_AEAD_GET_TAG: - enc = EVP_CIPHER_CTX_is_encrypting(c); - if (arg <= 0 || arg > 16 || !enc || gctx->taglen < 0) - return 0; - - memcpy(ptr, gctx->kma.param.t.b, arg); - return 1; - - case EVP_CTRL_GCM_SET_IV_FIXED: - /* Special case: -1 length restores whole iv */ - if (arg == -1) { - memcpy(gctx->iv, ptr, gctx->ivlen); - gctx->iv_gen = 1; - return 1; - } - /* - * Fixed field must be at least 4 bytes and invocation field at least - * 8. - */ - if ((arg < 4) || (gctx->ivlen - arg) < 8) - return 0; - - if (arg) - memcpy(gctx->iv, ptr, arg); - - enc = EVP_CIPHER_CTX_is_encrypting(c); - if (enc && RAND_bytes(gctx->iv + arg, gctx->ivlen - arg) <= 0) - return 0; - - gctx->iv_gen = 1; - return 1; - - case EVP_CTRL_GCM_IV_GEN: - if (gctx->iv_gen == 0 || gctx->key_set == 0) - return 0; - - s390x_aes_gcm_setiv(gctx, gctx->iv); - - if (arg <= 0 || arg > gctx->ivlen) - arg = gctx->ivlen; - - memcpy(ptr, gctx->iv + gctx->ivlen - arg, arg); - /* - * Invocation field will be at least 8 bytes in size and so no need - * to check wrap around or increment more than last 8 bytes. - */ - ctr64_inc(gctx->iv + gctx->ivlen - 8); - gctx->iv_set = 1; - return 1; - - case EVP_CTRL_GCM_SET_IV_INV: - enc = EVP_CIPHER_CTX_is_encrypting(c); - if (gctx->iv_gen == 0 || gctx->key_set == 0 || enc) - return 0; - - memcpy(gctx->iv + gctx->ivlen - arg, ptr, arg); - s390x_aes_gcm_setiv(gctx, gctx->iv); - gctx->iv_set = 1; - return 1; - - case EVP_CTRL_AEAD_TLS1_AAD: - /* Save the aad for later use. */ - if (arg != EVP_AEAD_TLS1_AAD_LEN) - return 0; - - buf = EVP_CIPHER_CTX_buf_noconst(c); - memcpy(buf, ptr, arg); - gctx->tls_aad_len = arg; - gctx->tls_enc_records = 0; - - len = buf[arg - 2] << 8 | buf[arg - 1]; - /* Correct length for explicit iv. */ - if (len < EVP_GCM_TLS_EXPLICIT_IV_LEN) - return 0; - len -= EVP_GCM_TLS_EXPLICIT_IV_LEN; - - /* If decrypting correct for tag too. */ - enc = EVP_CIPHER_CTX_is_encrypting(c); - if (!enc) { - if (len < EVP_GCM_TLS_TAG_LEN) - return 0; - len -= EVP_GCM_TLS_TAG_LEN; - } - buf[arg - 2] = len >> 8; - buf[arg - 1] = len & 0xff; - /* Extra padding: tag appended to record. */ - return EVP_GCM_TLS_TAG_LEN; - - case EVP_CTRL_COPY: - out = ptr; - gctx_out = EVP_C_DATA(S390X_AES_GCM_CTX, out); - - if (gctx->iv == c->iv) { - gctx_out->iv = out->iv; - } else { - len = S390X_gcm_ivpadlen(gctx->ivlen); - - if ((gctx_out->iv = OPENSSL_malloc(len)) == NULL) { - ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE); - return 0; - } - - memcpy(gctx_out->iv, gctx->iv, len); - } - return 1; - - default: - return -1; - } -} - -/*- - * Set key and/or iv. Returns 1 on success. Otherwise 0 is returned. - */ -static int s390x_aes_gcm_init_key(EVP_CIPHER_CTX *ctx, - const unsigned char *key, - const unsigned char *iv, int enc) -{ - S390X_AES_GCM_CTX *gctx = EVP_C_DATA(S390X_AES_GCM_CTX, ctx); - int keylen; - - if (iv == NULL && key == NULL) - return 1; - - if (key != NULL) { - keylen = EVP_CIPHER_CTX_get_key_length(ctx); - memcpy(&gctx->kma.param.k, key, keylen); - - gctx->fc = S390X_AES_FC(keylen); - if (!enc) - gctx->fc |= S390X_DECRYPT; - - if (iv == NULL && gctx->iv_set) - iv = gctx->iv; - - if (iv != NULL) { - s390x_aes_gcm_setiv(gctx, iv); - gctx->iv_set = 1; - } - gctx->key_set = 1; - } else { - if (gctx->key_set) - s390x_aes_gcm_setiv(gctx, iv); - else - memcpy(gctx->iv, iv, gctx->ivlen); - - gctx->iv_set = 1; - gctx->iv_gen = 0; - } - return 1; -} - -/*- - * En/de-crypt and authenticate TLS packet. Returns the number of bytes written - * if successful. Otherwise -1 is returned. Code is big-endian. - */ -static int s390x_aes_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len) -{ - S390X_AES_GCM_CTX *gctx = EVP_C_DATA(S390X_AES_GCM_CTX, ctx); - const unsigned char *buf = EVP_CIPHER_CTX_buf_noconst(ctx); - const int enc = EVP_CIPHER_CTX_is_encrypting(ctx); - int rv = -1; - - if (out != in || len < (EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN)) - return -1; - - /* - * Check for too many keys as per FIPS 140-2 IG A.5 "Key/IV Pair Uniqueness - * Requirements from SP 800-38D". The requirements is for one party to the - * communication to fail after 2^64 - 1 keys. We do this on the encrypting - * side only. - */ - if (ctx->encrypt && ++gctx->tls_enc_records == 0) { - ERR_raise(ERR_LIB_EVP, EVP_R_TOO_MANY_RECORDS); - goto err; - } - - if (EVP_CIPHER_CTX_ctrl(ctx, enc ? EVP_CTRL_GCM_IV_GEN - : EVP_CTRL_GCM_SET_IV_INV, - EVP_GCM_TLS_EXPLICIT_IV_LEN, out) <= 0) - goto err; - - in += EVP_GCM_TLS_EXPLICIT_IV_LEN; - out += EVP_GCM_TLS_EXPLICIT_IV_LEN; - len -= EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN; - - gctx->kma.param.taadl = gctx->tls_aad_len << 3; - gctx->kma.param.tpcl = len << 3; - s390x_kma(buf, gctx->tls_aad_len, in, len, out, - gctx->fc | S390X_KMA_LAAD | S390X_KMA_LPC, &gctx->kma.param); - - if (enc) { - memcpy(out + len, gctx->kma.param.t.b, EVP_GCM_TLS_TAG_LEN); - rv = len + EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN; - } else { - if (CRYPTO_memcmp(gctx->kma.param.t.b, in + len, - EVP_GCM_TLS_TAG_LEN)) { - OPENSSL_cleanse(out, len); - goto err; - } - rv = len; - } -err: - gctx->iv_set = 0; - gctx->tls_aad_len = -1; - return rv; -} - -/*- - * Called from EVP layer to initialize context, process additional - * authenticated data, en/de-crypt plain/cipher-text and authenticate - * ciphertext or process a TLS packet, depending on context. Returns bytes - * written on success. Otherwise -1 is returned. Code is big-endian. - */ -static int s390x_aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len) -{ - S390X_AES_GCM_CTX *gctx = EVP_C_DATA(S390X_AES_GCM_CTX, ctx); - unsigned char *buf, tmp[16]; - int enc; - - if (!gctx->key_set) - return -1; - - if (gctx->tls_aad_len >= 0) - return s390x_aes_gcm_tls_cipher(ctx, out, in, len); - - if (!gctx->iv_set) - return -1; - - if (in != NULL) { - if (out == NULL) { - if (s390x_aes_gcm_aad(gctx, in, len)) - return -1; - } else { - if (s390x_aes_gcm(gctx, in, out, len)) - return -1; - } - return len; - } else { - gctx->kma.param.taadl <<= 3; - gctx->kma.param.tpcl <<= 3; - s390x_kma(gctx->ares, gctx->areslen, gctx->mres, gctx->mreslen, tmp, - gctx->fc | S390X_KMA_LAAD | S390X_KMA_LPC, &gctx->kma.param); - /* recall that we already did en-/decrypt gctx->mres - * and returned it to caller... */ - OPENSSL_cleanse(tmp, gctx->mreslen); - gctx->iv_set = 0; - - enc = EVP_CIPHER_CTX_is_encrypting(ctx); - if (enc) { - gctx->taglen = 16; - } else { - if (gctx->taglen < 0) - return -1; - - buf = EVP_CIPHER_CTX_buf_noconst(ctx); - if (CRYPTO_memcmp(buf, gctx->kma.param.t.b, gctx->taglen)) - return -1; - } - return 0; - } -} - -static int s390x_aes_gcm_cleanup(EVP_CIPHER_CTX *c) -{ - S390X_AES_GCM_CTX *gctx = EVP_C_DATA(S390X_AES_GCM_CTX, c); - - if (gctx == NULL) - return 0; - - if (gctx->iv != c->iv) - OPENSSL_free(gctx->iv); - - OPENSSL_cleanse(gctx, sizeof(*gctx)); - return 1; -} - -# define S390X_AES_XTS_CTX EVP_AES_XTS_CTX - -# define s390x_aes_xts_init_key aes_xts_init_key -static int s390x_aes_xts_init_key(EVP_CIPHER_CTX *ctx, - const unsigned char *key, - const unsigned char *iv, int enc); -# define s390x_aes_xts_cipher aes_xts_cipher -static int s390x_aes_xts_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len); -# define s390x_aes_xts_ctrl aes_xts_ctrl -static int s390x_aes_xts_ctrl(EVP_CIPHER_CTX *, int type, int arg, void *ptr); -# define s390x_aes_xts_cleanup aes_xts_cleanup - -/*- - * Set nonce and length fields. Code is big-endian. - */ -static inline void s390x_aes_ccm_setiv(S390X_AES_CCM_CTX *ctx, - const unsigned char *nonce, - size_t mlen) -{ - ctx->aes.ccm.nonce.b[0] &= ~S390X_CCM_AAD_FLAG; - ctx->aes.ccm.nonce.g[1] = mlen; - memcpy(ctx->aes.ccm.nonce.b + 1, nonce, 15 - ctx->aes.ccm.l); -} - -/*- - * Process additional authenticated data. Code is big-endian. - */ -static void s390x_aes_ccm_aad(S390X_AES_CCM_CTX *ctx, const unsigned char *aad, - size_t alen) -{ - unsigned char *ptr; - int i, rem; - - if (!alen) - return; - - ctx->aes.ccm.nonce.b[0] |= S390X_CCM_AAD_FLAG; - - /* Suppress 'type-punned pointer dereference' warning. */ - ptr = ctx->aes.ccm.buf.b; - - if (alen < ((1 << 16) - (1 << 8))) { - *(uint16_t *)ptr = alen; - i = 2; - } else if (sizeof(alen) == 8 - && alen >= (size_t)1 << (32 % (sizeof(alen) * 8))) { - *(uint16_t *)ptr = 0xffff; - *(uint64_t *)(ptr + 2) = alen; - i = 10; - } else { - *(uint16_t *)ptr = 0xfffe; - *(uint32_t *)(ptr + 2) = alen; - i = 6; - } - - while (i < 16 && alen) { - ctx->aes.ccm.buf.b[i] = *aad; - ++aad; - --alen; - ++i; - } - while (i < 16) { - ctx->aes.ccm.buf.b[i] = 0; - ++i; - } - - ctx->aes.ccm.kmac_param.icv.g[0] = 0; - ctx->aes.ccm.kmac_param.icv.g[1] = 0; - s390x_kmac(ctx->aes.ccm.nonce.b, 32, ctx->aes.ccm.fc, - &ctx->aes.ccm.kmac_param); - ctx->aes.ccm.blocks += 2; - - rem = alen & 0xf; - alen &= ~(size_t)0xf; - if (alen) { - s390x_kmac(aad, alen, ctx->aes.ccm.fc, &ctx->aes.ccm.kmac_param); - ctx->aes.ccm.blocks += alen >> 4; - aad += alen; - } - if (rem) { - for (i = 0; i < rem; i++) - ctx->aes.ccm.kmac_param.icv.b[i] ^= aad[i]; - - s390x_km(ctx->aes.ccm.kmac_param.icv.b, 16, - ctx->aes.ccm.kmac_param.icv.b, ctx->aes.ccm.fc, - ctx->aes.ccm.kmac_param.k); - ctx->aes.ccm.blocks++; - } -} - -/*- - * En/de-crypt plain/cipher-text. Compute tag from plaintext. Returns 0 for - * success. - */ -static int s390x_aes_ccm(S390X_AES_CCM_CTX *ctx, const unsigned char *in, - unsigned char *out, size_t len, int enc) -{ - size_t n, rem; - unsigned int i, l, num; - unsigned char flags; - - flags = ctx->aes.ccm.nonce.b[0]; - if (!(flags & S390X_CCM_AAD_FLAG)) { - s390x_km(ctx->aes.ccm.nonce.b, 16, ctx->aes.ccm.kmac_param.icv.b, - ctx->aes.ccm.fc, ctx->aes.ccm.kmac_param.k); - ctx->aes.ccm.blocks++; - } - l = flags & 0x7; - ctx->aes.ccm.nonce.b[0] = l; - - /*- - * Reconstruct length from encoded length field - * and initialize it with counter value. - */ - n = 0; - for (i = 15 - l; i < 15; i++) { - n |= ctx->aes.ccm.nonce.b[i]; - ctx->aes.ccm.nonce.b[i] = 0; - n <<= 8; - } - n |= ctx->aes.ccm.nonce.b[15]; - ctx->aes.ccm.nonce.b[15] = 1; - - if (n != len) - return -1; /* length mismatch */ - - if (enc) { - /* Two operations per block plus one for tag encryption */ - ctx->aes.ccm.blocks += (((len + 15) >> 4) << 1) + 1; - if (ctx->aes.ccm.blocks > (1ULL << 61)) - return -2; /* too much data */ - } - - num = 0; - rem = len & 0xf; - len &= ~(size_t)0xf; - - if (enc) { - /* mac-then-encrypt */ - if (len) - s390x_kmac(in, len, ctx->aes.ccm.fc, &ctx->aes.ccm.kmac_param); - if (rem) { - for (i = 0; i < rem; i++) - ctx->aes.ccm.kmac_param.icv.b[i] ^= in[len + i]; - - s390x_km(ctx->aes.ccm.kmac_param.icv.b, 16, - ctx->aes.ccm.kmac_param.icv.b, ctx->aes.ccm.fc, - ctx->aes.ccm.kmac_param.k); - } - - CRYPTO_ctr128_encrypt_ctr32(in, out, len + rem, &ctx->aes.key.k, - ctx->aes.ccm.nonce.b, ctx->aes.ccm.buf.b, - &num, (ctr128_f)AES_ctr32_encrypt); - } else { - /* decrypt-then-mac */ - CRYPTO_ctr128_encrypt_ctr32(in, out, len + rem, &ctx->aes.key.k, - ctx->aes.ccm.nonce.b, ctx->aes.ccm.buf.b, - &num, (ctr128_f)AES_ctr32_encrypt); - - if (len) - s390x_kmac(out, len, ctx->aes.ccm.fc, &ctx->aes.ccm.kmac_param); - if (rem) { - for (i = 0; i < rem; i++) - ctx->aes.ccm.kmac_param.icv.b[i] ^= out[len + i]; - - s390x_km(ctx->aes.ccm.kmac_param.icv.b, 16, - ctx->aes.ccm.kmac_param.icv.b, ctx->aes.ccm.fc, - ctx->aes.ccm.kmac_param.k); - } - } - /* encrypt tag */ - for (i = 15 - l; i < 16; i++) - ctx->aes.ccm.nonce.b[i] = 0; - - s390x_km(ctx->aes.ccm.nonce.b, 16, ctx->aes.ccm.buf.b, ctx->aes.ccm.fc, - ctx->aes.ccm.kmac_param.k); - ctx->aes.ccm.kmac_param.icv.g[0] ^= ctx->aes.ccm.buf.g[0]; - ctx->aes.ccm.kmac_param.icv.g[1] ^= ctx->aes.ccm.buf.g[1]; - - ctx->aes.ccm.nonce.b[0] = flags; /* restore flags field */ - return 0; -} - -/*- - * En/de-crypt and authenticate TLS packet. Returns the number of bytes written - * if successful. Otherwise -1 is returned. - */ -static int s390x_aes_ccm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len) -{ - S390X_AES_CCM_CTX *cctx = EVP_C_DATA(S390X_AES_CCM_CTX, ctx); - unsigned char *ivec = ctx->iv; - unsigned char *buf = EVP_CIPHER_CTX_buf_noconst(ctx); - const int enc = EVP_CIPHER_CTX_is_encrypting(ctx); - - if (out != in - || len < (EVP_CCM_TLS_EXPLICIT_IV_LEN + (size_t)cctx->aes.ccm.m)) - return -1; - - if (enc) { - /* Set explicit iv (sequence number). */ - memcpy(out, buf, EVP_CCM_TLS_EXPLICIT_IV_LEN); - } - - len -= EVP_CCM_TLS_EXPLICIT_IV_LEN + cctx->aes.ccm.m; - /*- - * Get explicit iv (sequence number). We already have fixed iv - * (server/client_write_iv) here. - */ - memcpy(ivec + EVP_CCM_TLS_FIXED_IV_LEN, in, EVP_CCM_TLS_EXPLICIT_IV_LEN); - s390x_aes_ccm_setiv(cctx, ivec, len); - - /* Process aad (sequence number|type|version|length) */ - s390x_aes_ccm_aad(cctx, buf, cctx->aes.ccm.tls_aad_len); - - in += EVP_CCM_TLS_EXPLICIT_IV_LEN; - out += EVP_CCM_TLS_EXPLICIT_IV_LEN; - - if (enc) { - if (s390x_aes_ccm(cctx, in, out, len, enc)) - return -1; - - memcpy(out + len, cctx->aes.ccm.kmac_param.icv.b, cctx->aes.ccm.m); - return len + EVP_CCM_TLS_EXPLICIT_IV_LEN + cctx->aes.ccm.m; - } else { - if (!s390x_aes_ccm(cctx, in, out, len, enc)) { - if (!CRYPTO_memcmp(cctx->aes.ccm.kmac_param.icv.b, in + len, - cctx->aes.ccm.m)) - return len; - } - - OPENSSL_cleanse(out, len); - return -1; - } -} - -/*- - * Set key and flag field and/or iv. Returns 1 if successful. Otherwise 0 is - * returned. - */ -static int s390x_aes_ccm_init_key(EVP_CIPHER_CTX *ctx, - const unsigned char *key, - const unsigned char *iv, int enc) -{ - S390X_AES_CCM_CTX *cctx = EVP_C_DATA(S390X_AES_CCM_CTX, ctx); - int keylen; - - if (iv == NULL && key == NULL) - return 1; - - if (key != NULL) { - keylen = EVP_CIPHER_CTX_get_key_length(ctx); - cctx->aes.ccm.fc = S390X_AES_FC(keylen); - memcpy(cctx->aes.ccm.kmac_param.k, key, keylen); - - /* Store encoded m and l. */ - cctx->aes.ccm.nonce.b[0] = ((cctx->aes.ccm.l - 1) & 0x7) - | (((cctx->aes.ccm.m - 2) >> 1) & 0x7) << 3; - memset(cctx->aes.ccm.nonce.b + 1, 0, - sizeof(cctx->aes.ccm.nonce.b)); - cctx->aes.ccm.blocks = 0; - - cctx->aes.ccm.key_set = 1; - } - - if (iv != NULL) { - memcpy(ctx->iv, iv, 15 - cctx->aes.ccm.l); - - cctx->aes.ccm.iv_set = 1; - } - - return 1; -} - -/*- - * Called from EVP layer to initialize context, process additional - * authenticated data, en/de-crypt plain/cipher-text and authenticate - * plaintext or process a TLS packet, depending on context. Returns bytes - * written on success. Otherwise -1 is returned. - */ -static int s390x_aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len) -{ - S390X_AES_CCM_CTX *cctx = EVP_C_DATA(S390X_AES_CCM_CTX, ctx); - const int enc = EVP_CIPHER_CTX_is_encrypting(ctx); - int rv; - unsigned char *buf; - - if (!cctx->aes.ccm.key_set) - return -1; - - if (cctx->aes.ccm.tls_aad_len >= 0) - return s390x_aes_ccm_tls_cipher(ctx, out, in, len); - - /*- - * Final(): Does not return any data. Recall that ccm is mac-then-encrypt - * so integrity must be checked already at Update() i.e., before - * potentially corrupted data is output. - */ - if (in == NULL && out != NULL) - return 0; - - if (!cctx->aes.ccm.iv_set) - return -1; - - if (out == NULL) { - /* Update(): Pass message length. */ - if (in == NULL) { - s390x_aes_ccm_setiv(cctx, ctx->iv, len); - - cctx->aes.ccm.len_set = 1; - return len; - } - - /* Update(): Process aad. */ - if (!cctx->aes.ccm.len_set && len) - return -1; - - s390x_aes_ccm_aad(cctx, in, len); - return len; - } - - /* The tag must be set before actually decrypting data */ - if (!enc && !cctx->aes.ccm.tag_set) - return -1; - - /* Update(): Process message. */ - - if (!cctx->aes.ccm.len_set) { - /*- - * In case message length was not previously set explicitly via - * Update(), set it now. - */ - s390x_aes_ccm_setiv(cctx, ctx->iv, len); - - cctx->aes.ccm.len_set = 1; - } - - if (enc) { - if (s390x_aes_ccm(cctx, in, out, len, enc)) - return -1; - - cctx->aes.ccm.tag_set = 1; - return len; - } else { - rv = -1; - - if (!s390x_aes_ccm(cctx, in, out, len, enc)) { - buf = EVP_CIPHER_CTX_buf_noconst(ctx); - if (!CRYPTO_memcmp(cctx->aes.ccm.kmac_param.icv.b, buf, - cctx->aes.ccm.m)) - rv = len; - } - - if (rv == -1) - OPENSSL_cleanse(out, len); - - cctx->aes.ccm.iv_set = 0; - cctx->aes.ccm.tag_set = 0; - cctx->aes.ccm.len_set = 0; - return rv; - } -} - -/*- - * Performs various operations on the context structure depending on control - * type. Returns 1 for success, 0 for failure and -1 for unknown control type. - * Code is big-endian. - */ -static int s390x_aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) -{ - S390X_AES_CCM_CTX *cctx = EVP_C_DATA(S390X_AES_CCM_CTX, c); - unsigned char *buf; - int enc, len; - - switch (type) { - case EVP_CTRL_INIT: - cctx->aes.ccm.key_set = 0; - cctx->aes.ccm.iv_set = 0; - cctx->aes.ccm.l = 8; - cctx->aes.ccm.m = 12; - cctx->aes.ccm.tag_set = 0; - cctx->aes.ccm.len_set = 0; - cctx->aes.ccm.tls_aad_len = -1; - return 1; - - case EVP_CTRL_GET_IVLEN: - *(int *)ptr = 15 - cctx->aes.ccm.l; - return 1; - - case EVP_CTRL_AEAD_TLS1_AAD: - if (arg != EVP_AEAD_TLS1_AAD_LEN) - return 0; - - /* Save the aad for later use. */ - buf = EVP_CIPHER_CTX_buf_noconst(c); - memcpy(buf, ptr, arg); - cctx->aes.ccm.tls_aad_len = arg; - - len = buf[arg - 2] << 8 | buf[arg - 1]; - if (len < EVP_CCM_TLS_EXPLICIT_IV_LEN) - return 0; - - /* Correct length for explicit iv. */ - len -= EVP_CCM_TLS_EXPLICIT_IV_LEN; - - enc = EVP_CIPHER_CTX_is_encrypting(c); - if (!enc) { - if (len < cctx->aes.ccm.m) - return 0; - - /* Correct length for tag. */ - len -= cctx->aes.ccm.m; - } - - buf[arg - 2] = len >> 8; - buf[arg - 1] = len & 0xff; - - /* Extra padding: tag appended to record. */ - return cctx->aes.ccm.m; - - case EVP_CTRL_CCM_SET_IV_FIXED: - if (arg != EVP_CCM_TLS_FIXED_IV_LEN) - return 0; - - /* Copy to first part of the iv. */ - memcpy(c->iv, ptr, arg); - return 1; - - case EVP_CTRL_AEAD_SET_IVLEN: - arg = 15 - arg; - /* fall-through */ - - case EVP_CTRL_CCM_SET_L: - if (arg < 2 || arg > 8) - return 0; - - cctx->aes.ccm.l = arg; - return 1; - - case EVP_CTRL_AEAD_SET_TAG: - if ((arg & 1) || arg < 4 || arg > 16) - return 0; - - enc = EVP_CIPHER_CTX_is_encrypting(c); - if (enc && ptr) - return 0; - - if (ptr) { - cctx->aes.ccm.tag_set = 1; - buf = EVP_CIPHER_CTX_buf_noconst(c); - memcpy(buf, ptr, arg); - } - - cctx->aes.ccm.m = arg; - return 1; - - case EVP_CTRL_AEAD_GET_TAG: - enc = EVP_CIPHER_CTX_is_encrypting(c); - if (!enc || !cctx->aes.ccm.tag_set) - return 0; - - if(arg < cctx->aes.ccm.m) - return 0; - - memcpy(ptr, cctx->aes.ccm.kmac_param.icv.b, cctx->aes.ccm.m); - cctx->aes.ccm.tag_set = 0; - cctx->aes.ccm.iv_set = 0; - cctx->aes.ccm.len_set = 0; - return 1; - - case EVP_CTRL_COPY: - return 1; - - default: - return -1; - } -} - -# define s390x_aes_ccm_cleanup aes_ccm_cleanup - -# ifndef OPENSSL_NO_OCB -# define S390X_AES_OCB_CTX EVP_AES_OCB_CTX - -# define s390x_aes_ocb_init_key aes_ocb_init_key -static int s390x_aes_ocb_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc); -# define s390x_aes_ocb_cipher aes_ocb_cipher -static int s390x_aes_ocb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len); -# define s390x_aes_ocb_cleanup aes_ocb_cleanup -static int s390x_aes_ocb_cleanup(EVP_CIPHER_CTX *); -# define s390x_aes_ocb_ctrl aes_ocb_ctrl -static int s390x_aes_ocb_ctrl(EVP_CIPHER_CTX *, int type, int arg, void *ptr); -# endif - -# ifndef OPENSSL_NO_SIV -# define S390X_AES_SIV_CTX EVP_AES_SIV_CTX - -# define s390x_aes_siv_init_key aes_siv_init_key -# define s390x_aes_siv_cipher aes_siv_cipher -# define s390x_aes_siv_cleanup aes_siv_cleanup -# define s390x_aes_siv_ctrl aes_siv_ctrl -# endif - -# define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode, \ - MODE,flags) \ -static const EVP_CIPHER s390x_aes_##keylen##_##mode = { \ - nid##_##keylen##_##nmode,blocksize, \ - keylen / 8, \ - ivlen, \ - flags | EVP_CIPH_##MODE##_MODE, \ - EVP_ORIG_GLOBAL, \ - s390x_aes_##mode##_init_key, \ - s390x_aes_##mode##_cipher, \ - NULL, \ - sizeof(S390X_AES_##MODE##_CTX), \ - NULL, \ - NULL, \ - NULL, \ - NULL \ -}; \ -static const EVP_CIPHER aes_##keylen##_##mode = { \ - nid##_##keylen##_##nmode, \ - blocksize, \ - keylen / 8, \ - ivlen, \ - flags | EVP_CIPH_##MODE##_MODE, \ - EVP_ORIG_GLOBAL, \ - aes_init_key, \ - aes_##mode##_cipher, \ - NULL, \ - sizeof(EVP_AES_KEY), \ - NULL, \ - NULL, \ - NULL, \ - NULL \ -}; \ -const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \ -{ \ - return S390X_aes_##keylen##_##mode##_CAPABLE ? \ - &s390x_aes_##keylen##_##mode : &aes_##keylen##_##mode; \ -} - -# define BLOCK_CIPHER_custom(nid,keylen,blocksize,ivlen,mode,MODE,flags)\ -static const EVP_CIPHER s390x_aes_##keylen##_##mode = { \ - nid##_##keylen##_##mode, \ - blocksize, \ - (EVP_CIPH_##MODE##_MODE==EVP_CIPH_XTS_MODE||EVP_CIPH_##MODE##_MODE==EVP_CIPH_SIV_MODE ? 2 : 1) * keylen / 8, \ - ivlen, \ - flags | EVP_CIPH_##MODE##_MODE, \ - EVP_ORIG_GLOBAL, \ - s390x_aes_##mode##_init_key, \ - s390x_aes_##mode##_cipher, \ - s390x_aes_##mode##_cleanup, \ - sizeof(S390X_AES_##MODE##_CTX), \ - NULL, \ - NULL, \ - s390x_aes_##mode##_ctrl, \ - NULL \ -}; \ -static const EVP_CIPHER aes_##keylen##_##mode = { \ - nid##_##keylen##_##mode,blocksize, \ - (EVP_CIPH_##MODE##_MODE==EVP_CIPH_XTS_MODE||EVP_CIPH_##MODE##_MODE==EVP_CIPH_SIV_MODE ? 2 : 1) * keylen / 8, \ - ivlen, \ - flags | EVP_CIPH_##MODE##_MODE, \ - EVP_ORIG_GLOBAL, \ - aes_##mode##_init_key, \ - aes_##mode##_cipher, \ - aes_##mode##_cleanup, \ - sizeof(EVP_AES_##MODE##_CTX), \ - NULL, \ - NULL, \ - aes_##mode##_ctrl, \ - NULL \ -}; \ -const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \ -{ \ - return S390X_aes_##keylen##_##mode##_CAPABLE ? \ - &s390x_aes_##keylen##_##mode : &aes_##keylen##_##mode; \ -} - -#else - -# define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \ -static const EVP_CIPHER aes_##keylen##_##mode = { \ - nid##_##keylen##_##nmode,blocksize,keylen/8,ivlen, \ - flags|EVP_CIPH_##MODE##_MODE, \ - EVP_ORIG_GLOBAL, \ - aes_init_key, \ - aes_##mode##_cipher, \ - NULL, \ - sizeof(EVP_AES_KEY), \ - NULL,NULL,NULL,NULL }; \ -const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \ -{ return &aes_##keylen##_##mode; } - -# define BLOCK_CIPHER_custom(nid,keylen,blocksize,ivlen,mode,MODE,flags) \ -static const EVP_CIPHER aes_##keylen##_##mode = { \ - nid##_##keylen##_##mode,blocksize, \ - (EVP_CIPH_##MODE##_MODE==EVP_CIPH_XTS_MODE||EVP_CIPH_##MODE##_MODE==EVP_CIPH_SIV_MODE?2:1)*keylen/8, \ - ivlen, \ - flags|EVP_CIPH_##MODE##_MODE, \ - EVP_ORIG_GLOBAL, \ - aes_##mode##_init_key, \ - aes_##mode##_cipher, \ - aes_##mode##_cleanup, \ - sizeof(EVP_AES_##MODE##_CTX), \ - NULL,NULL,aes_##mode##_ctrl,NULL }; \ -const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \ -{ return &aes_##keylen##_##mode; } - -#endif - -#define BLOCK_CIPHER_generic_pack(nid,keylen,flags) \ - BLOCK_CIPHER_generic(nid,keylen,16,16,cbc,cbc,CBC,flags|EVP_CIPH_FLAG_DEFAULT_ASN1) \ - BLOCK_CIPHER_generic(nid,keylen,16,0,ecb,ecb,ECB,flags|EVP_CIPH_FLAG_DEFAULT_ASN1) \ - BLOCK_CIPHER_generic(nid,keylen,1,16,ofb128,ofb,OFB,flags|EVP_CIPH_FLAG_DEFAULT_ASN1) \ - BLOCK_CIPHER_generic(nid,keylen,1,16,cfb128,cfb,CFB,flags|EVP_CIPH_FLAG_DEFAULT_ASN1) \ - BLOCK_CIPHER_generic(nid,keylen,1,16,cfb1,cfb1,CFB,flags) \ - BLOCK_CIPHER_generic(nid,keylen,1,16,cfb8,cfb8,CFB,flags) \ - BLOCK_CIPHER_generic(nid,keylen,1,16,ctr,ctr,CTR,flags) - -static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) -{ - int ret, mode; - EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx); - - mode = EVP_CIPHER_CTX_get_mode(ctx); - if ((mode == EVP_CIPH_ECB_MODE || mode == EVP_CIPH_CBC_MODE) - && !enc) { -#ifdef HWAES_CAPABLE - if (HWAES_CAPABLE) { - ret = HWAES_set_decrypt_key(key, - EVP_CIPHER_CTX_get_key_length(ctx) * 8, - &dat->ks.ks); - dat->block = (block128_f) HWAES_decrypt; - dat->stream.cbc = NULL; -# ifdef HWAES_cbc_encrypt - if (mode == EVP_CIPH_CBC_MODE) - dat->stream.cbc = (cbc128_f) HWAES_cbc_encrypt; -# endif - } else -#endif -#ifdef BSAES_CAPABLE - if (BSAES_CAPABLE && mode == EVP_CIPH_CBC_MODE) { - ret = AES_set_decrypt_key(key, - EVP_CIPHER_CTX_get_key_length(ctx) * 8, - &dat->ks.ks); - dat->block = (block128_f) AES_decrypt; - dat->stream.cbc = (cbc128_f) ossl_bsaes_cbc_encrypt; - } else -#endif -#ifdef VPAES_CAPABLE - if (VPAES_CAPABLE) { - ret = vpaes_set_decrypt_key(key, - EVP_CIPHER_CTX_get_key_length(ctx) * 8, - &dat->ks.ks); - dat->block = (block128_f) vpaes_decrypt; - dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ? - (cbc128_f) vpaes_cbc_encrypt : NULL; - } else -#endif - { - ret = AES_set_decrypt_key(key, - EVP_CIPHER_CTX_get_key_length(ctx) * 8, - &dat->ks.ks); - dat->block = (block128_f) AES_decrypt; - dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ? - (cbc128_f) AES_cbc_encrypt : NULL; - } - } else -#ifdef HWAES_CAPABLE - if (HWAES_CAPABLE) { - ret = HWAES_set_encrypt_key(key, - EVP_CIPHER_CTX_get_key_length(ctx) * 8, - &dat->ks.ks); - dat->block = (block128_f) HWAES_encrypt; - dat->stream.cbc = NULL; -# ifdef HWAES_cbc_encrypt - if (mode == EVP_CIPH_CBC_MODE) - dat->stream.cbc = (cbc128_f) HWAES_cbc_encrypt; - else -# endif -# ifdef HWAES_ctr32_encrypt_blocks - if (mode == EVP_CIPH_CTR_MODE) - dat->stream.ctr = (ctr128_f) HWAES_ctr32_encrypt_blocks; - else -# endif - (void)0; /* terminate potentially open 'else' */ - } else -#endif -#ifdef BSAES_CAPABLE - if (BSAES_CAPABLE && mode == EVP_CIPH_CTR_MODE) { - ret = AES_set_encrypt_key(key, EVP_CIPHER_CTX_get_key_length(ctx) * 8, - &dat->ks.ks); - dat->block = (block128_f) AES_encrypt; - dat->stream.ctr = (ctr128_f) ossl_bsaes_ctr32_encrypt_blocks; - } else -#endif -#ifdef VPAES_CAPABLE - if (VPAES_CAPABLE) { - ret = vpaes_set_encrypt_key(key, - EVP_CIPHER_CTX_get_key_length(ctx) * 8, - &dat->ks.ks); - dat->block = (block128_f) vpaes_encrypt; - dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ? - (cbc128_f) vpaes_cbc_encrypt : NULL; - } else -#endif - { - ret = AES_set_encrypt_key(key, EVP_CIPHER_CTX_get_key_length(ctx) * 8, - &dat->ks.ks); - dat->block = (block128_f) AES_encrypt; - dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ? - (cbc128_f) AES_cbc_encrypt : NULL; -#ifdef AES_CTR_ASM - if (mode == EVP_CIPH_CTR_MODE) - dat->stream.ctr = (ctr128_f) AES_ctr32_encrypt; -#endif - } - - if (ret < 0) { - ERR_raise(ERR_LIB_EVP, EVP_R_AES_KEY_SETUP_FAILED); - return 0; - } - - return 1; -} - -static int aes_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len) -{ - EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx); - - if (dat->stream.cbc) - (*dat->stream.cbc) (in, out, len, &dat->ks, ctx->iv, - EVP_CIPHER_CTX_is_encrypting(ctx)); - else if (EVP_CIPHER_CTX_is_encrypting(ctx)) - CRYPTO_cbc128_encrypt(in, out, len, &dat->ks, ctx->iv, - dat->block); - else - CRYPTO_cbc128_decrypt(in, out, len, &dat->ks, - ctx->iv, dat->block); - - return 1; -} - -static int aes_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len) -{ - size_t bl = EVP_CIPHER_CTX_get_block_size(ctx); - size_t i; - EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx); - - if (len < bl) - return 1; - - for (i = 0, len -= bl; i <= len; i += bl) - (*dat->block) (in + i, out + i, &dat->ks); - - return 1; -} - -static int aes_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len) -{ - EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx); - - int num = EVP_CIPHER_CTX_get_num(ctx); - CRYPTO_ofb128_encrypt(in, out, len, &dat->ks, - ctx->iv, &num, dat->block); - EVP_CIPHER_CTX_set_num(ctx, num); - return 1; -} - -static int aes_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len) -{ - EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx); - - int num = EVP_CIPHER_CTX_get_num(ctx); - CRYPTO_cfb128_encrypt(in, out, len, &dat->ks, - ctx->iv, &num, - EVP_CIPHER_CTX_is_encrypting(ctx), dat->block); - EVP_CIPHER_CTX_set_num(ctx, num); - return 1; -} - -static int aes_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len) -{ - EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx); - - int num = EVP_CIPHER_CTX_get_num(ctx); - CRYPTO_cfb128_8_encrypt(in, out, len, &dat->ks, - ctx->iv, &num, - EVP_CIPHER_CTX_is_encrypting(ctx), dat->block); - EVP_CIPHER_CTX_set_num(ctx, num); - return 1; -} - -static int aes_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len) -{ - EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx); - - if (EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS)) { - int num = EVP_CIPHER_CTX_get_num(ctx); - CRYPTO_cfb128_1_encrypt(in, out, len, &dat->ks, - ctx->iv, &num, - EVP_CIPHER_CTX_is_encrypting(ctx), dat->block); - EVP_CIPHER_CTX_set_num(ctx, num); - return 1; - } - - while (len >= MAXBITCHUNK) { - int num = EVP_CIPHER_CTX_get_num(ctx); - CRYPTO_cfb128_1_encrypt(in, out, MAXBITCHUNK * 8, &dat->ks, - ctx->iv, &num, - EVP_CIPHER_CTX_is_encrypting(ctx), dat->block); - EVP_CIPHER_CTX_set_num(ctx, num); - len -= MAXBITCHUNK; - out += MAXBITCHUNK; - in += MAXBITCHUNK; - } - if (len) { - int num = EVP_CIPHER_CTX_get_num(ctx); - CRYPTO_cfb128_1_encrypt(in, out, len * 8, &dat->ks, - ctx->iv, &num, - EVP_CIPHER_CTX_is_encrypting(ctx), dat->block); - EVP_CIPHER_CTX_set_num(ctx, num); - } - - return 1; -} - -static int aes_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len) -{ - int n = EVP_CIPHER_CTX_get_num(ctx); - unsigned int num; - EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx); - - if (n < 0) - return 0; - num = (unsigned int)n; - - if (dat->stream.ctr) - CRYPTO_ctr128_encrypt_ctr32(in, out, len, &dat->ks, - ctx->iv, - EVP_CIPHER_CTX_buf_noconst(ctx), - &num, dat->stream.ctr); - else - CRYPTO_ctr128_encrypt(in, out, len, &dat->ks, - ctx->iv, - EVP_CIPHER_CTX_buf_noconst(ctx), &num, - dat->block); - EVP_CIPHER_CTX_set_num(ctx, num); - return 1; -} - -BLOCK_CIPHER_generic_pack(NID_aes, 128, 0) - BLOCK_CIPHER_generic_pack(NID_aes, 192, 0) - BLOCK_CIPHER_generic_pack(NID_aes, 256, 0) - -static int aes_gcm_cleanup(EVP_CIPHER_CTX *c) -{ - EVP_AES_GCM_CTX *gctx = EVP_C_DATA(EVP_AES_GCM_CTX,c); - if (gctx == NULL) - return 0; - OPENSSL_cleanse(&gctx->gcm, sizeof(gctx->gcm)); - if (gctx->iv != c->iv) - OPENSSL_free(gctx->iv); - return 1; -} - -static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) -{ - EVP_AES_GCM_CTX *gctx = EVP_C_DATA(EVP_AES_GCM_CTX,c); - switch (type) { - case EVP_CTRL_INIT: - gctx->key_set = 0; - gctx->iv_set = 0; - gctx->ivlen = EVP_CIPHER_get_iv_length(c->cipher); - gctx->iv = c->iv; - gctx->taglen = -1; - gctx->iv_gen = 0; - gctx->tls_aad_len = -1; - return 1; - - case EVP_CTRL_GET_IVLEN: - *(int *)ptr = gctx->ivlen; - return 1; - - case EVP_CTRL_AEAD_SET_IVLEN: - if (arg <= 0) - return 0; - /* Allocate memory for IV if needed */ - if ((arg > EVP_MAX_IV_LENGTH) && (arg > gctx->ivlen)) { - if (gctx->iv != c->iv) - OPENSSL_free(gctx->iv); - if ((gctx->iv = OPENSSL_malloc(arg)) == NULL) { - ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE); - return 0; - } - } - gctx->ivlen = arg; - return 1; - - case EVP_CTRL_AEAD_SET_TAG: - if (arg <= 0 || arg > 16 || c->encrypt) - return 0; - memcpy(c->buf, ptr, arg); - gctx->taglen = arg; - return 1; - - case EVP_CTRL_AEAD_GET_TAG: - if (arg <= 0 || arg > 16 || !c->encrypt - || gctx->taglen < 0) - return 0; - memcpy(ptr, c->buf, arg); - return 1; - - case EVP_CTRL_GCM_SET_IV_FIXED: - /* Special case: -1 length restores whole IV */ - if (arg == -1) { - memcpy(gctx->iv, ptr, gctx->ivlen); - gctx->iv_gen = 1; - return 1; - } - /* - * Fixed field must be at least 4 bytes and invocation field at least - * 8. - */ - if ((arg < 4) || (gctx->ivlen - arg) < 8) - return 0; - if (arg) - memcpy(gctx->iv, ptr, arg); - if (c->encrypt && RAND_bytes(gctx->iv + arg, gctx->ivlen - arg) <= 0) - return 0; - gctx->iv_gen = 1; - return 1; - - case EVP_CTRL_GCM_IV_GEN: - if (gctx->iv_gen == 0 || gctx->key_set == 0) - return 0; - CRYPTO_gcm128_setiv(&gctx->gcm, gctx->iv, gctx->ivlen); - if (arg <= 0 || arg > gctx->ivlen) - arg = gctx->ivlen; - memcpy(ptr, gctx->iv + gctx->ivlen - arg, arg); - /* - * Invocation field will be at least 8 bytes in size and so no need - * to check wrap around or increment more than last 8 bytes. - */ - ctr64_inc(gctx->iv + gctx->ivlen - 8); - gctx->iv_set = 1; - return 1; - - case EVP_CTRL_GCM_SET_IV_INV: - if (gctx->iv_gen == 0 || gctx->key_set == 0 || c->encrypt) - return 0; - memcpy(gctx->iv + gctx->ivlen - arg, ptr, arg); - CRYPTO_gcm128_setiv(&gctx->gcm, gctx->iv, gctx->ivlen); - gctx->iv_set = 1; - return 1; - - case EVP_CTRL_AEAD_TLS1_AAD: - /* Save the AAD for later use */ - if (arg != EVP_AEAD_TLS1_AAD_LEN) - return 0; - memcpy(c->buf, ptr, arg); - gctx->tls_aad_len = arg; - gctx->tls_enc_records = 0; - { - unsigned int len = c->buf[arg - 2] << 8 | c->buf[arg - 1]; - /* Correct length for explicit IV */ - if (len < EVP_GCM_TLS_EXPLICIT_IV_LEN) - return 0; - len -= EVP_GCM_TLS_EXPLICIT_IV_LEN; - /* If decrypting correct for tag too */ - if (!c->encrypt) { - if (len < EVP_GCM_TLS_TAG_LEN) - return 0; - len -= EVP_GCM_TLS_TAG_LEN; - } - c->buf[arg - 2] = len >> 8; - c->buf[arg - 1] = len & 0xff; - } - /* Extra padding: tag appended to record */ - return EVP_GCM_TLS_TAG_LEN; - - case EVP_CTRL_COPY: - { - EVP_CIPHER_CTX *out = ptr; - EVP_AES_GCM_CTX *gctx_out = EVP_C_DATA(EVP_AES_GCM_CTX,out); - if (gctx->gcm.key) { - if (gctx->gcm.key != &gctx->ks) - return 0; - gctx_out->gcm.key = &gctx_out->ks; - } - if (gctx->iv == c->iv) - gctx_out->iv = out->iv; - else { - if ((gctx_out->iv = OPENSSL_malloc(gctx->ivlen)) == NULL) { - ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE); - return 0; - } - memcpy(gctx_out->iv, gctx->iv, gctx->ivlen); - } - return 1; - } - - default: - return -1; - - } -} - -static int aes_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) -{ - EVP_AES_GCM_CTX *gctx = EVP_C_DATA(EVP_AES_GCM_CTX,ctx); - if (!iv && !key) - return 1; - if (key) { - do { -#ifdef HWAES_CAPABLE - if (HWAES_CAPABLE) { - HWAES_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks.ks); - CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks, - (block128_f) HWAES_encrypt); -# ifdef HWAES_ctr32_encrypt_blocks - gctx->ctr = (ctr128_f) HWAES_ctr32_encrypt_blocks; -# else - gctx->ctr = NULL; -# endif - break; - } else -#endif -#ifdef BSAES_CAPABLE - if (BSAES_CAPABLE) { - AES_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks.ks); - CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks, - (block128_f) AES_encrypt); - gctx->ctr = (ctr128_f) ossl_bsaes_ctr32_encrypt_blocks; - break; - } else -#endif -#ifdef VPAES_CAPABLE - if (VPAES_CAPABLE) { - vpaes_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks.ks); - CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks, - (block128_f) vpaes_encrypt); - gctx->ctr = NULL; - break; - } else -#endif - (void)0; /* terminate potentially open 'else' */ - - AES_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks.ks); - CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks, - (block128_f) AES_encrypt); -#ifdef AES_CTR_ASM - gctx->ctr = (ctr128_f) AES_ctr32_encrypt; -#else - gctx->ctr = NULL; -#endif - } while (0); - - /* - * If we have an iv can set it directly, otherwise use saved IV. - */ - if (iv == NULL && gctx->iv_set) - iv = gctx->iv; - if (iv) { - CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen); - gctx->iv_set = 1; - } - gctx->key_set = 1; - } else { - /* If key set use IV, otherwise copy */ - if (gctx->key_set) - CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen); - else - memcpy(gctx->iv, iv, gctx->ivlen); - gctx->iv_set = 1; - gctx->iv_gen = 0; - } - return 1; -} - -/* - * Handle TLS GCM packet format. This consists of the last portion of the IV - * followed by the payload and finally the tag. On encrypt generate IV, - * encrypt payload and write the tag. On verify retrieve IV, decrypt payload - * and verify tag. - */ - -static int aes_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len) -{ - EVP_AES_GCM_CTX *gctx = EVP_C_DATA(EVP_AES_GCM_CTX,ctx); - int rv = -1; - /* Encrypt/decrypt must be performed in place */ - if (out != in - || len < (EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN)) - return -1; - - /* - * Check for too many keys as per FIPS 140-2 IG A.5 "Key/IV Pair Uniqueness - * Requirements from SP 800-38D". The requirements is for one party to the - * communication to fail after 2^64 - 1 keys. We do this on the encrypting - * side only. - */ - if (ctx->encrypt && ++gctx->tls_enc_records == 0) { - ERR_raise(ERR_LIB_EVP, EVP_R_TOO_MANY_RECORDS); - goto err; - } - - /* - * Set IV from start of buffer or generate IV and write to start of - * buffer. - */ - if (EVP_CIPHER_CTX_ctrl(ctx, ctx->encrypt ? EVP_CTRL_GCM_IV_GEN - : EVP_CTRL_GCM_SET_IV_INV, - EVP_GCM_TLS_EXPLICIT_IV_LEN, out) <= 0) - goto err; - /* Use saved AAD */ - if (CRYPTO_gcm128_aad(&gctx->gcm, ctx->buf, gctx->tls_aad_len)) - goto err; - /* Fix buffer and length to point to payload */ - in += EVP_GCM_TLS_EXPLICIT_IV_LEN; - out += EVP_GCM_TLS_EXPLICIT_IV_LEN; - len -= EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN; - if (ctx->encrypt) { - /* Encrypt payload */ - if (gctx->ctr) { - size_t bulk = 0; -#if defined(AES_GCM_ASM) - if (len >= 32 && AES_GCM_ASM(gctx)) { - if (CRYPTO_gcm128_encrypt(&gctx->gcm, NULL, NULL, 0)) - return -1; - - bulk = AES_gcm_encrypt(in, out, len, - gctx->gcm.key, - gctx->gcm.Yi.c, gctx->gcm.Xi.u); - gctx->gcm.len.u[1] += bulk; - } -#endif - if (CRYPTO_gcm128_encrypt_ctr32(&gctx->gcm, - in + bulk, - out + bulk, - len - bulk, gctx->ctr)) - goto err; - } else { - size_t bulk = 0; -#if defined(AES_GCM_ASM2) - if (len >= 32 && AES_GCM_ASM2(gctx)) { - if (CRYPTO_gcm128_encrypt(&gctx->gcm, NULL, NULL, 0)) - return -1; - - bulk = AES_gcm_encrypt(in, out, len, - gctx->gcm.key, - gctx->gcm.Yi.c, gctx->gcm.Xi.u); - gctx->gcm.len.u[1] += bulk; - } -#endif - if (CRYPTO_gcm128_encrypt(&gctx->gcm, - in + bulk, out + bulk, len - bulk)) - goto err; - } - out += len; - /* Finally write tag */ - CRYPTO_gcm128_tag(&gctx->gcm, out, EVP_GCM_TLS_TAG_LEN); - rv = len + EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN; - } else { - /* Decrypt */ - if (gctx->ctr) { - size_t bulk = 0; -#if defined(AES_GCM_ASM) - if (len >= 16 && AES_GCM_ASM(gctx)) { - if (CRYPTO_gcm128_decrypt(&gctx->gcm, NULL, NULL, 0)) - return -1; - - bulk = AES_gcm_decrypt(in, out, len, - gctx->gcm.key, - gctx->gcm.Yi.c, gctx->gcm.Xi.u); - gctx->gcm.len.u[1] += bulk; - } -#endif - if (CRYPTO_gcm128_decrypt_ctr32(&gctx->gcm, - in + bulk, - out + bulk, - len - bulk, gctx->ctr)) - goto err; - } else { - size_t bulk = 0; -#if defined(AES_GCM_ASM2) - if (len >= 16 && AES_GCM_ASM2(gctx)) { - if (CRYPTO_gcm128_decrypt(&gctx->gcm, NULL, NULL, 0)) - return -1; - - bulk = AES_gcm_decrypt(in, out, len, - gctx->gcm.key, - gctx->gcm.Yi.c, gctx->gcm.Xi.u); - gctx->gcm.len.u[1] += bulk; - } -#endif - if (CRYPTO_gcm128_decrypt(&gctx->gcm, - in + bulk, out + bulk, len - bulk)) - goto err; - } - /* Retrieve tag */ - CRYPTO_gcm128_tag(&gctx->gcm, ctx->buf, EVP_GCM_TLS_TAG_LEN); - /* If tag mismatch wipe buffer */ - if (CRYPTO_memcmp(ctx->buf, in + len, EVP_GCM_TLS_TAG_LEN)) { - OPENSSL_cleanse(out, len); - goto err; - } - rv = len; - } - - err: - gctx->iv_set = 0; - gctx->tls_aad_len = -1; - return rv; -} - -#ifdef FIPS_MODULE -/* - * See SP800-38D (GCM) Section 8 "Uniqueness requirement on IVS and keys" - * - * See also 8.2.2 RBG-based construction. - * Random construction consists of a free field (which can be NULL) and a - * random field which will use a DRBG that can return at least 96 bits of - * entropy strength. (The DRBG must be seeded by the FIPS module). - */ -static int aes_gcm_iv_generate(EVP_AES_GCM_CTX *gctx, int offset) -{ - int sz = gctx->ivlen - offset; - - /* Must be at least 96 bits */ - if (sz <= 0 || gctx->ivlen < 12) - return 0; - - /* Use DRBG to generate random iv */ - if (RAND_bytes(gctx->iv + offset, sz) <= 0) - return 0; - return 1; -} -#endif /* FIPS_MODULE */ - -static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len) -{ - EVP_AES_GCM_CTX *gctx = EVP_C_DATA(EVP_AES_GCM_CTX,ctx); - - /* If not set up, return error */ - if (!gctx->key_set) - return -1; - - if (gctx->tls_aad_len >= 0) - return aes_gcm_tls_cipher(ctx, out, in, len); - -#ifdef FIPS_MODULE - /* - * FIPS requires generation of AES-GCM IV's inside the FIPS module. - * The IV can still be set externally (the security policy will state that - * this is not FIPS compliant). There are some applications - * where setting the IV externally is the only option available. - */ - if (!gctx->iv_set) { - if (!ctx->encrypt || !aes_gcm_iv_generate(gctx, 0)) - return -1; - CRYPTO_gcm128_setiv(&gctx->gcm, gctx->iv, gctx->ivlen); - gctx->iv_set = 1; - gctx->iv_gen_rand = 1; - } -#else - if (!gctx->iv_set) - return -1; -#endif /* FIPS_MODULE */ - - if (in) { - if (out == NULL) { - if (CRYPTO_gcm128_aad(&gctx->gcm, in, len)) - return -1; - } else if (ctx->encrypt) { - if (gctx->ctr) { - size_t bulk = 0; -#if defined(AES_GCM_ASM) - if (len >= 32 && AES_GCM_ASM(gctx)) { - size_t res = (16 - gctx->gcm.mres) % 16; - - if (CRYPTO_gcm128_encrypt(&gctx->gcm, in, out, res)) - return -1; - - bulk = AES_gcm_encrypt(in + res, - out + res, len - res, - gctx->gcm.key, gctx->gcm.Yi.c, - gctx->gcm.Xi.u); - gctx->gcm.len.u[1] += bulk; - bulk += res; - } -#endif - if (CRYPTO_gcm128_encrypt_ctr32(&gctx->gcm, - in + bulk, - out + bulk, - len - bulk, gctx->ctr)) - return -1; - } else { - size_t bulk = 0; -#if defined(AES_GCM_ASM2) - if (len >= 32 && AES_GCM_ASM2(gctx)) { - size_t res = (16 - gctx->gcm.mres) % 16; - - if (CRYPTO_gcm128_encrypt(&gctx->gcm, in, out, res)) - return -1; - - bulk = AES_gcm_encrypt(in + res, - out + res, len - res, - gctx->gcm.key, gctx->gcm.Yi.c, - gctx->gcm.Xi.u); - gctx->gcm.len.u[1] += bulk; - bulk += res; - } -#endif - if (CRYPTO_gcm128_encrypt(&gctx->gcm, - in + bulk, out + bulk, len - bulk)) - return -1; - } - } else { - if (gctx->ctr) { - size_t bulk = 0; -#if defined(AES_GCM_ASM) - if (len >= 16 && AES_GCM_ASM(gctx)) { - size_t res = (16 - gctx->gcm.mres) % 16; - - if (CRYPTO_gcm128_decrypt(&gctx->gcm, in, out, res)) - return -1; - - bulk = AES_gcm_decrypt(in + res, - out + res, len - res, - gctx->gcm.key, - gctx->gcm.Yi.c, gctx->gcm.Xi.u); - gctx->gcm.len.u[1] += bulk; - bulk += res; - } -#endif - if (CRYPTO_gcm128_decrypt_ctr32(&gctx->gcm, - in + bulk, - out + bulk, - len - bulk, gctx->ctr)) - return -1; - } else { - size_t bulk = 0; -#if defined(AES_GCM_ASM2) - if (len >= 16 && AES_GCM_ASM2(gctx)) { - size_t res = (16 - gctx->gcm.mres) % 16; - - if (CRYPTO_gcm128_decrypt(&gctx->gcm, in, out, res)) - return -1; - - bulk = AES_gcm_decrypt(in + res, - out + res, len - res, - gctx->gcm.key, - gctx->gcm.Yi.c, gctx->gcm.Xi.u); - gctx->gcm.len.u[1] += bulk; - bulk += res; - } -#endif - if (CRYPTO_gcm128_decrypt(&gctx->gcm, - in + bulk, out + bulk, len - bulk)) - return -1; - } - } - return len; - } else { - if (!ctx->encrypt) { - if (gctx->taglen < 0) - return -1; - if (CRYPTO_gcm128_finish(&gctx->gcm, ctx->buf, gctx->taglen) != 0) - return -1; - gctx->iv_set = 0; - return 0; - } - CRYPTO_gcm128_tag(&gctx->gcm, ctx->buf, 16); - gctx->taglen = 16; - /* Don't reuse the IV */ - gctx->iv_set = 0; - return 0; - } - -} - -#define CUSTOM_FLAGS (EVP_CIPH_FLAG_DEFAULT_ASN1 \ - | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER \ - | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT \ - | EVP_CIPH_CUSTOM_COPY | EVP_CIPH_CUSTOM_IV_LENGTH) - -BLOCK_CIPHER_custom(NID_aes, 128, 1, 12, gcm, GCM, - EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS) - BLOCK_CIPHER_custom(NID_aes, 192, 1, 12, gcm, GCM, - EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS) - BLOCK_CIPHER_custom(NID_aes, 256, 1, 12, gcm, GCM, - EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS) - -static int aes_xts_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) -{ - EVP_AES_XTS_CTX *xctx = EVP_C_DATA(EVP_AES_XTS_CTX, c); - - if (type == EVP_CTRL_COPY) { - EVP_CIPHER_CTX *out = ptr; - EVP_AES_XTS_CTX *xctx_out = EVP_C_DATA(EVP_AES_XTS_CTX,out); - - if (xctx->xts.key1) { - if (xctx->xts.key1 != &xctx->ks1) - return 0; - xctx_out->xts.key1 = &xctx_out->ks1; - } - if (xctx->xts.key2) { - if (xctx->xts.key2 != &xctx->ks2) - return 0; - xctx_out->xts.key2 = &xctx_out->ks2; - } - return 1; - } else if (type != EVP_CTRL_INIT) - return -1; - /* key1 and key2 are used as an indicator both key and IV are set */ - xctx->xts.key1 = NULL; - xctx->xts.key2 = NULL; - return 1; -} - -static int aes_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) -{ - EVP_AES_XTS_CTX *xctx = EVP_C_DATA(EVP_AES_XTS_CTX,ctx); - - if (!iv && !key) - return 1; - - if (key) { - do { - /* The key is two half length keys in reality */ - const int bytes = EVP_CIPHER_CTX_get_key_length(ctx) / 2; - const int bits = bytes * 8; - - /* - * Verify that the two keys are different. - * - * This addresses the vulnerability described in Rogaway's - * September 2004 paper: - * - * "Efficient Instantiations of Tweakable Blockciphers and - * Refinements to Modes OCB and PMAC". - * (http://web.cs.ucdavis.edu/~rogaway/papers/offsets.pdf) - * - * FIPS 140-2 IG A.9 XTS-AES Key Generation Requirements states - * that: - * "The check for Key_1 != Key_2 shall be done at any place - * BEFORE using the keys in the XTS-AES algorithm to process - * data with them." - */ - if ((!allow_insecure_decrypt || enc) - && CRYPTO_memcmp(key, key + bytes, bytes) == 0) { - ERR_raise(ERR_LIB_EVP, EVP_R_XTS_DUPLICATED_KEYS); - return 0; - } - -#ifdef AES_XTS_ASM - xctx->stream = enc ? AES_xts_encrypt : AES_xts_decrypt; -#else - xctx->stream = NULL; -#endif - /* key_len is two AES keys */ -#ifdef HWAES_CAPABLE - if (HWAES_CAPABLE) { - if (enc) { - HWAES_set_encrypt_key(key, bits, &xctx->ks1.ks); - xctx->xts.block1 = (block128_f) HWAES_encrypt; -# ifdef HWAES_xts_encrypt - xctx->stream = HWAES_xts_encrypt; -# endif - } else { - HWAES_set_decrypt_key(key, bits, &xctx->ks1.ks); - xctx->xts.block1 = (block128_f) HWAES_decrypt; -# ifdef HWAES_xts_decrypt - xctx->stream = HWAES_xts_decrypt; -#endif - } - - HWAES_set_encrypt_key(key + bytes, bits, &xctx->ks2.ks); - xctx->xts.block2 = (block128_f) HWAES_encrypt; - - xctx->xts.key1 = &xctx->ks1; - break; - } else -#endif -#ifdef BSAES_CAPABLE - if (BSAES_CAPABLE) - xctx->stream = enc ? ossl_bsaes_xts_encrypt : ossl_bsaes_xts_decrypt; - else -#endif -#ifdef VPAES_CAPABLE - if (VPAES_CAPABLE) { - if (enc) { - vpaes_set_encrypt_key(key, bits, &xctx->ks1.ks); - xctx->xts.block1 = (block128_f) vpaes_encrypt; - } else { - vpaes_set_decrypt_key(key, bits, &xctx->ks1.ks); - xctx->xts.block1 = (block128_f) vpaes_decrypt; - } - - vpaes_set_encrypt_key(key + bytes, bits, &xctx->ks2.ks); - xctx->xts.block2 = (block128_f) vpaes_encrypt; - - xctx->xts.key1 = &xctx->ks1; - break; - } else -#endif - (void)0; /* terminate potentially open 'else' */ - - if (enc) { - AES_set_encrypt_key(key, bits, &xctx->ks1.ks); - xctx->xts.block1 = (block128_f) AES_encrypt; - } else { - AES_set_decrypt_key(key, bits, &xctx->ks1.ks); - xctx->xts.block1 = (block128_f) AES_decrypt; - } - - AES_set_encrypt_key(key + bytes, bits, &xctx->ks2.ks); - xctx->xts.block2 = (block128_f) AES_encrypt; - - xctx->xts.key1 = &xctx->ks1; - } while (0); - } - - if (iv) { - xctx->xts.key2 = &xctx->ks2; - memcpy(ctx->iv, iv, 16); - } - - return 1; -} - -static int aes_xts_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len) -{ - EVP_AES_XTS_CTX *xctx = EVP_C_DATA(EVP_AES_XTS_CTX,ctx); - - if (xctx->xts.key1 == NULL - || xctx->xts.key2 == NULL - || out == NULL - || in == NULL - || len < AES_BLOCK_SIZE) - return 0; - - /* - * Impose a limit of 2^20 blocks per data unit as specified by - * IEEE Std 1619-2018. The earlier and obsolete IEEE Std 1619-2007 - * indicated that this was a SHOULD NOT rather than a MUST NOT. - * NIST SP 800-38E mandates the same limit. - */ - if (len > XTS_MAX_BLOCKS_PER_DATA_UNIT * AES_BLOCK_SIZE) { - ERR_raise(ERR_LIB_EVP, EVP_R_XTS_DATA_UNIT_IS_TOO_LARGE); - return 0; - } - - if (xctx->stream) - (*xctx->stream) (in, out, len, - xctx->xts.key1, xctx->xts.key2, - ctx->iv); - else if (CRYPTO_xts128_encrypt(&xctx->xts, ctx->iv, in, out, len, - EVP_CIPHER_CTX_is_encrypting(ctx))) - return 0; - return 1; -} - -#define aes_xts_cleanup NULL - -#define XTS_FLAGS (EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CUSTOM_IV \ - | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT \ - | EVP_CIPH_CUSTOM_COPY) - -BLOCK_CIPHER_custom(NID_aes, 128, 1, 16, xts, XTS, XTS_FLAGS) - BLOCK_CIPHER_custom(NID_aes, 256, 1, 16, xts, XTS, XTS_FLAGS) - -static int aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) -{ - EVP_AES_CCM_CTX *cctx = EVP_C_DATA(EVP_AES_CCM_CTX,c); - switch (type) { - case EVP_CTRL_INIT: - cctx->key_set = 0; - cctx->iv_set = 0; - cctx->L = 8; - cctx->M = 12; - cctx->tag_set = 0; - cctx->len_set = 0; - cctx->tls_aad_len = -1; - return 1; - - case EVP_CTRL_GET_IVLEN: - *(int *)ptr = 15 - cctx->L; - return 1; - - case EVP_CTRL_AEAD_TLS1_AAD: - /* Save the AAD for later use */ - if (arg != EVP_AEAD_TLS1_AAD_LEN) - return 0; - memcpy(EVP_CIPHER_CTX_buf_noconst(c), ptr, arg); - cctx->tls_aad_len = arg; - { - uint16_t len = - EVP_CIPHER_CTX_buf_noconst(c)[arg - 2] << 8 - | EVP_CIPHER_CTX_buf_noconst(c)[arg - 1]; - /* Correct length for explicit IV */ - if (len < EVP_CCM_TLS_EXPLICIT_IV_LEN) - return 0; - len -= EVP_CCM_TLS_EXPLICIT_IV_LEN; - /* If decrypting correct for tag too */ - if (!EVP_CIPHER_CTX_is_encrypting(c)) { - if (len < cctx->M) - return 0; - len -= cctx->M; - } - EVP_CIPHER_CTX_buf_noconst(c)[arg - 2] = len >> 8; - EVP_CIPHER_CTX_buf_noconst(c)[arg - 1] = len & 0xff; - } - /* Extra padding: tag appended to record */ - return cctx->M; - - case EVP_CTRL_CCM_SET_IV_FIXED: - /* Sanity check length */ - if (arg != EVP_CCM_TLS_FIXED_IV_LEN) - return 0; - /* Just copy to first part of IV */ - memcpy(c->iv, ptr, arg); - return 1; - - case EVP_CTRL_AEAD_SET_IVLEN: - arg = 15 - arg; - /* fall thru */ - case EVP_CTRL_CCM_SET_L: - if (arg < 2 || arg > 8) - return 0; - cctx->L = arg; - return 1; - - case EVP_CTRL_AEAD_SET_TAG: - if ((arg & 1) || arg < 4 || arg > 16) - return 0; - if (EVP_CIPHER_CTX_is_encrypting(c) && ptr) - return 0; - if (ptr) { - cctx->tag_set = 1; - memcpy(EVP_CIPHER_CTX_buf_noconst(c), ptr, arg); - } - cctx->M = arg; - return 1; - - case EVP_CTRL_AEAD_GET_TAG: - if (!EVP_CIPHER_CTX_is_encrypting(c) || !cctx->tag_set) - return 0; - if (!CRYPTO_ccm128_tag(&cctx->ccm, ptr, (size_t)arg)) - return 0; - cctx->tag_set = 0; - cctx->iv_set = 0; - cctx->len_set = 0; - return 1; - - case EVP_CTRL_COPY: - { - EVP_CIPHER_CTX *out = ptr; - EVP_AES_CCM_CTX *cctx_out = EVP_C_DATA(EVP_AES_CCM_CTX,out); - if (cctx->ccm.key) { - if (cctx->ccm.key != &cctx->ks) - return 0; - cctx_out->ccm.key = &cctx_out->ks; - } - return 1; - } - - default: - return -1; - - } -} - -static int aes_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) -{ - EVP_AES_CCM_CTX *cctx = EVP_C_DATA(EVP_AES_CCM_CTX,ctx); - if (!iv && !key) - return 1; - if (key) - do { -#ifdef HWAES_CAPABLE - if (HWAES_CAPABLE) { - HWAES_set_encrypt_key(key, - EVP_CIPHER_CTX_get_key_length(ctx) * 8, - &cctx->ks.ks); - - CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L, - &cctx->ks, (block128_f) HWAES_encrypt); - cctx->str = NULL; - cctx->key_set = 1; - break; - } else -#endif -#ifdef VPAES_CAPABLE - if (VPAES_CAPABLE) { - vpaes_set_encrypt_key(key, - EVP_CIPHER_CTX_get_key_length(ctx) * 8, - &cctx->ks.ks); - CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L, - &cctx->ks, (block128_f) vpaes_encrypt); - cctx->str = NULL; - cctx->key_set = 1; - break; - } -#endif - AES_set_encrypt_key(key, EVP_CIPHER_CTX_get_key_length(ctx) * 8, - &cctx->ks.ks); - CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L, - &cctx->ks, (block128_f) AES_encrypt); - cctx->str = NULL; - cctx->key_set = 1; - } while (0); - if (iv) { - memcpy(ctx->iv, iv, 15 - cctx->L); - cctx->iv_set = 1; - } - return 1; -} - -static int aes_ccm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len) -{ - EVP_AES_CCM_CTX *cctx = EVP_C_DATA(EVP_AES_CCM_CTX,ctx); - CCM128_CONTEXT *ccm = &cctx->ccm; - /* Encrypt/decrypt must be performed in place */ - if (out != in || len < (EVP_CCM_TLS_EXPLICIT_IV_LEN + (size_t)cctx->M)) - return -1; - /* If encrypting set explicit IV from sequence number (start of AAD) */ - if (EVP_CIPHER_CTX_is_encrypting(ctx)) - memcpy(out, EVP_CIPHER_CTX_buf_noconst(ctx), - EVP_CCM_TLS_EXPLICIT_IV_LEN); - /* Get rest of IV from explicit IV */ - memcpy(ctx->iv + EVP_CCM_TLS_FIXED_IV_LEN, in, - EVP_CCM_TLS_EXPLICIT_IV_LEN); - /* Correct length value */ - len -= EVP_CCM_TLS_EXPLICIT_IV_LEN + cctx->M; - if (CRYPTO_ccm128_setiv(ccm, ctx->iv, 15 - cctx->L, - len)) - return -1; - /* Use saved AAD */ - CRYPTO_ccm128_aad(ccm, EVP_CIPHER_CTX_buf_noconst(ctx), - cctx->tls_aad_len); - /* Fix buffer to point to payload */ - in += EVP_CCM_TLS_EXPLICIT_IV_LEN; - out += EVP_CCM_TLS_EXPLICIT_IV_LEN; - if (EVP_CIPHER_CTX_is_encrypting(ctx)) { - if (cctx->str ? CRYPTO_ccm128_encrypt_ccm64(ccm, in, out, len, - cctx->str) : - CRYPTO_ccm128_encrypt(ccm, in, out, len)) - return -1; - if (!CRYPTO_ccm128_tag(ccm, out + len, cctx->M)) - return -1; - return len + EVP_CCM_TLS_EXPLICIT_IV_LEN + cctx->M; - } else { - if (cctx->str ? !CRYPTO_ccm128_decrypt_ccm64(ccm, in, out, len, - cctx->str) : - !CRYPTO_ccm128_decrypt(ccm, in, out, len)) { - unsigned char tag[16]; - if (CRYPTO_ccm128_tag(ccm, tag, cctx->M)) { - if (!CRYPTO_memcmp(tag, in + len, cctx->M)) - return len; - } - } - OPENSSL_cleanse(out, len); - return -1; - } -} - -static int aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len) -{ - EVP_AES_CCM_CTX *cctx = EVP_C_DATA(EVP_AES_CCM_CTX,ctx); - CCM128_CONTEXT *ccm = &cctx->ccm; - /* If not set up, return error */ - if (!cctx->key_set) - return -1; - - if (cctx->tls_aad_len >= 0) - return aes_ccm_tls_cipher(ctx, out, in, len); - - /* EVP_*Final() doesn't return any data */ - if (in == NULL && out != NULL) - return 0; - - if (!cctx->iv_set) - return -1; - - if (!out) { - if (!in) { - if (CRYPTO_ccm128_setiv(ccm, ctx->iv, - 15 - cctx->L, len)) - return -1; - cctx->len_set = 1; - return len; - } - /* If have AAD need message length */ - if (!cctx->len_set && len) - return -1; - CRYPTO_ccm128_aad(ccm, in, len); - return len; - } - - /* The tag must be set before actually decrypting data */ - if (!EVP_CIPHER_CTX_is_encrypting(ctx) && !cctx->tag_set) - return -1; - - /* If not set length yet do it */ - if (!cctx->len_set) { - if (CRYPTO_ccm128_setiv(ccm, ctx->iv, 15 - cctx->L, len)) - return -1; - cctx->len_set = 1; - } - if (EVP_CIPHER_CTX_is_encrypting(ctx)) { - if (cctx->str ? CRYPTO_ccm128_encrypt_ccm64(ccm, in, out, len, - cctx->str) : - CRYPTO_ccm128_encrypt(ccm, in, out, len)) - return -1; - cctx->tag_set = 1; - return len; - } else { - int rv = -1; - if (cctx->str ? !CRYPTO_ccm128_decrypt_ccm64(ccm, in, out, len, - cctx->str) : - !CRYPTO_ccm128_decrypt(ccm, in, out, len)) { - unsigned char tag[16]; - if (CRYPTO_ccm128_tag(ccm, tag, cctx->M)) { - if (!CRYPTO_memcmp(tag, EVP_CIPHER_CTX_buf_noconst(ctx), - cctx->M)) - rv = len; - } - } - if (rv == -1) - OPENSSL_cleanse(out, len); - cctx->iv_set = 0; - cctx->tag_set = 0; - cctx->len_set = 0; - return rv; - } -} - -#define aes_ccm_cleanup NULL - -BLOCK_CIPHER_custom(NID_aes, 128, 1, 12, ccm, CCM, - EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS) -BLOCK_CIPHER_custom(NID_aes, 192, 1, 12, ccm, CCM, - EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS) -BLOCK_CIPHER_custom(NID_aes, 256, 1, 12, ccm, CCM, - EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS) - -typedef struct { - union { - OSSL_UNION_ALIGN; - AES_KEY ks; - } ks; - /* Indicates if IV has been set */ - unsigned char *iv; -} EVP_AES_WRAP_CTX; - -static int aes_wrap_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) -{ - int len; - EVP_AES_WRAP_CTX *wctx = EVP_C_DATA(EVP_AES_WRAP_CTX,ctx); - - if (iv == NULL && key == NULL) - return 1; - if (key != NULL) { - if (EVP_CIPHER_CTX_is_encrypting(ctx)) - AES_set_encrypt_key(key, EVP_CIPHER_CTX_get_key_length(ctx) * 8, - &wctx->ks.ks); - else - AES_set_decrypt_key(key, EVP_CIPHER_CTX_get_key_length(ctx) * 8, - &wctx->ks.ks); - if (iv == NULL) - wctx->iv = NULL; - } - if (iv != NULL) { - if ((len = EVP_CIPHER_CTX_get_iv_length(ctx)) < 0) - return 0; - memcpy(ctx->iv, iv, len); - wctx->iv = ctx->iv; - } - return 1; -} - -static int aes_wrap_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inlen) -{ - EVP_AES_WRAP_CTX *wctx = EVP_C_DATA(EVP_AES_WRAP_CTX,ctx); - size_t rv; - /* AES wrap with padding has IV length of 4, without padding 8 */ - int pad = EVP_CIPHER_CTX_get_iv_length(ctx) == 4; - /* No final operation so always return zero length */ - if (!in) - return 0; - /* Input length must always be non-zero */ - if (!inlen) - return -1; - /* If decrypting need at least 16 bytes and multiple of 8 */ - if (!EVP_CIPHER_CTX_is_encrypting(ctx) && (inlen < 16 || inlen & 0x7)) - return -1; - /* If not padding input must be multiple of 8 */ - if (!pad && inlen & 0x7) - return -1; - if (ossl_is_partially_overlapping(out, in, inlen)) { - ERR_raise(ERR_LIB_EVP, EVP_R_PARTIALLY_OVERLAPPING); - return 0; - } - if (!out) { - if (EVP_CIPHER_CTX_is_encrypting(ctx)) { - /* If padding round up to multiple of 8 */ - if (pad) - inlen = (inlen + 7) / 8 * 8; - /* 8 byte prefix */ - return inlen + 8; - } else { - /* - * If not padding output will be exactly 8 bytes smaller than - * input. If padding it will be at least 8 bytes smaller but we - * don't know how much. - */ - return inlen - 8; - } - } - if (pad) { - if (EVP_CIPHER_CTX_is_encrypting(ctx)) - rv = CRYPTO_128_wrap_pad(&wctx->ks.ks, wctx->iv, - out, in, inlen, - (block128_f) AES_encrypt); - else - rv = CRYPTO_128_unwrap_pad(&wctx->ks.ks, wctx->iv, - out, in, inlen, - (block128_f) AES_decrypt); - } else { - if (EVP_CIPHER_CTX_is_encrypting(ctx)) - rv = CRYPTO_128_wrap(&wctx->ks.ks, wctx->iv, - out, in, inlen, (block128_f) AES_encrypt); - else - rv = CRYPTO_128_unwrap(&wctx->ks.ks, wctx->iv, - out, in, inlen, (block128_f) AES_decrypt); - } - return rv ? (int)rv : -1; -} - -#define WRAP_FLAGS (EVP_CIPH_WRAP_MODE \ - | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER \ - | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_FLAG_DEFAULT_ASN1) - -static const EVP_CIPHER aes_128_wrap = { - NID_id_aes128_wrap, - 8, 16, 8, WRAP_FLAGS, EVP_ORIG_GLOBAL, - aes_wrap_init_key, aes_wrap_cipher, - NULL, - sizeof(EVP_AES_WRAP_CTX), - NULL, NULL, NULL, NULL -}; - -const EVP_CIPHER *EVP_aes_128_wrap(void) -{ - return &aes_128_wrap; -} - -static const EVP_CIPHER aes_192_wrap = { - NID_id_aes192_wrap, - 8, 24, 8, WRAP_FLAGS, EVP_ORIG_GLOBAL, - aes_wrap_init_key, aes_wrap_cipher, - NULL, - sizeof(EVP_AES_WRAP_CTX), - NULL, NULL, NULL, NULL -}; - -const EVP_CIPHER *EVP_aes_192_wrap(void) -{ - return &aes_192_wrap; -} - -static const EVP_CIPHER aes_256_wrap = { - NID_id_aes256_wrap, - 8, 32, 8, WRAP_FLAGS, EVP_ORIG_GLOBAL, - aes_wrap_init_key, aes_wrap_cipher, - NULL, - sizeof(EVP_AES_WRAP_CTX), - NULL, NULL, NULL, NULL -}; - -const EVP_CIPHER *EVP_aes_256_wrap(void) -{ - return &aes_256_wrap; -} - -static const EVP_CIPHER aes_128_wrap_pad = { - NID_id_aes128_wrap_pad, - 8, 16, 4, WRAP_FLAGS, EVP_ORIG_GLOBAL, - aes_wrap_init_key, aes_wrap_cipher, - NULL, - sizeof(EVP_AES_WRAP_CTX), - NULL, NULL, NULL, NULL -}; - -const EVP_CIPHER *EVP_aes_128_wrap_pad(void) -{ - return &aes_128_wrap_pad; -} - -static const EVP_CIPHER aes_192_wrap_pad = { - NID_id_aes192_wrap_pad, - 8, 24, 4, WRAP_FLAGS, EVP_ORIG_GLOBAL, - aes_wrap_init_key, aes_wrap_cipher, - NULL, - sizeof(EVP_AES_WRAP_CTX), - NULL, NULL, NULL, NULL -}; - -const EVP_CIPHER *EVP_aes_192_wrap_pad(void) -{ - return &aes_192_wrap_pad; -} - -static const EVP_CIPHER aes_256_wrap_pad = { - NID_id_aes256_wrap_pad, - 8, 32, 4, WRAP_FLAGS, EVP_ORIG_GLOBAL, - aes_wrap_init_key, aes_wrap_cipher, - NULL, - sizeof(EVP_AES_WRAP_CTX), - NULL, NULL, NULL, NULL -}; - -const EVP_CIPHER *EVP_aes_256_wrap_pad(void) -{ - return &aes_256_wrap_pad; -} - -#ifndef OPENSSL_NO_OCB -static int aes_ocb_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) -{ - EVP_AES_OCB_CTX *octx = EVP_C_DATA(EVP_AES_OCB_CTX,c); - EVP_CIPHER_CTX *newc; - EVP_AES_OCB_CTX *new_octx; - - switch (type) { - case EVP_CTRL_INIT: - octx->key_set = 0; - octx->iv_set = 0; - octx->ivlen = EVP_CIPHER_get_iv_length(c->cipher); - octx->iv = c->iv; - octx->taglen = 16; - octx->data_buf_len = 0; - octx->aad_buf_len = 0; - return 1; - - case EVP_CTRL_GET_IVLEN: - *(int *)ptr = octx->ivlen; - return 1; - - case EVP_CTRL_AEAD_SET_IVLEN: - /* IV len must be 1 to 15 */ - if (arg <= 0 || arg > 15) - return 0; - - octx->ivlen = arg; - return 1; - - case EVP_CTRL_AEAD_SET_TAG: - if (ptr == NULL) { - /* Tag len must be 0 to 16 */ - if (arg < 0 || arg > 16) - return 0; - - octx->taglen = arg; - return 1; - } - if (arg != octx->taglen || EVP_CIPHER_CTX_is_encrypting(c)) - return 0; - memcpy(octx->tag, ptr, arg); - return 1; - - case EVP_CTRL_AEAD_GET_TAG: - if (arg != octx->taglen || !EVP_CIPHER_CTX_is_encrypting(c)) - return 0; - - memcpy(ptr, octx->tag, arg); - return 1; - - case EVP_CTRL_COPY: - newc = (EVP_CIPHER_CTX *)ptr; - new_octx = EVP_C_DATA(EVP_AES_OCB_CTX,newc); - return CRYPTO_ocb128_copy_ctx(&new_octx->ocb, &octx->ocb, - &new_octx->ksenc.ks, - &new_octx->ksdec.ks); - - default: - return -1; - - } -} - -static int aes_ocb_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) -{ - EVP_AES_OCB_CTX *octx = EVP_C_DATA(EVP_AES_OCB_CTX,ctx); - if (!iv && !key) - return 1; - if (key) { - do { - /* - * We set both the encrypt and decrypt key here because decrypt - * needs both. We could possibly optimise to remove setting the - * decrypt for an encryption operation. - */ -# ifdef HWAES_CAPABLE - if (HWAES_CAPABLE) { - HWAES_set_encrypt_key(key, EVP_CIPHER_CTX_get_key_length(ctx) * 8, - &octx->ksenc.ks); - HWAES_set_decrypt_key(key, EVP_CIPHER_CTX_get_key_length(ctx) * 8, - &octx->ksdec.ks); - if (!CRYPTO_ocb128_init(&octx->ocb, - &octx->ksenc.ks, &octx->ksdec.ks, - (block128_f) HWAES_encrypt, - (block128_f) HWAES_decrypt, - enc ? HWAES_ocb_encrypt - : HWAES_ocb_decrypt)) - return 0; - break; - } -# endif -# ifdef VPAES_CAPABLE - if (VPAES_CAPABLE) { - vpaes_set_encrypt_key(key, - EVP_CIPHER_CTX_get_key_length(ctx) * 8, - &octx->ksenc.ks); - vpaes_set_decrypt_key(key, - EVP_CIPHER_CTX_get_key_length(ctx) * 8, - &octx->ksdec.ks); - if (!CRYPTO_ocb128_init(&octx->ocb, - &octx->ksenc.ks, &octx->ksdec.ks, - (block128_f) vpaes_encrypt, - (block128_f) vpaes_decrypt, - NULL)) - return 0; - break; - } -# endif - AES_set_encrypt_key(key, EVP_CIPHER_CTX_get_key_length(ctx) * 8, - &octx->ksenc.ks); - AES_set_decrypt_key(key, EVP_CIPHER_CTX_get_key_length(ctx) * 8, - &octx->ksdec.ks); - if (!CRYPTO_ocb128_init(&octx->ocb, - &octx->ksenc.ks, &octx->ksdec.ks, - (block128_f) AES_encrypt, - (block128_f) AES_decrypt, - NULL)) - return 0; - } - while (0); - - /* - * If we have an iv we can set it directly, otherwise use saved IV. - */ - if (iv == NULL && octx->iv_set) - iv = octx->iv; - if (iv) { - if (CRYPTO_ocb128_setiv(&octx->ocb, iv, octx->ivlen, octx->taglen) - != 1) - return 0; - octx->iv_set = 1; - } - octx->key_set = 1; - } else { - /* If key set use IV, otherwise copy */ - if (octx->key_set) - CRYPTO_ocb128_setiv(&octx->ocb, iv, octx->ivlen, octx->taglen); - else - memcpy(octx->iv, iv, octx->ivlen); - octx->iv_set = 1; - } - return 1; -} - -static int aes_ocb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len) -{ - unsigned char *buf; - int *buf_len; - int written_len = 0; - size_t trailing_len; - EVP_AES_OCB_CTX *octx = EVP_C_DATA(EVP_AES_OCB_CTX,ctx); - - /* If IV or Key not set then return error */ - if (!octx->iv_set) - return -1; - - if (!octx->key_set) - return -1; - - if (in != NULL) { - /* - * Need to ensure we are only passing full blocks to low level OCB - * routines. We do it here rather than in EVP_EncryptUpdate/ - * EVP_DecryptUpdate because we need to pass full blocks of AAD too - * and those routines don't support that - */ - - /* Are we dealing with AAD or normal data here? */ - if (out == NULL) { - buf = octx->aad_buf; - buf_len = &(octx->aad_buf_len); - } else { - buf = octx->data_buf; - buf_len = &(octx->data_buf_len); - - if (ossl_is_partially_overlapping(out + *buf_len, in, len)) { - ERR_raise(ERR_LIB_EVP, EVP_R_PARTIALLY_OVERLAPPING); - return 0; - } - } - - /* - * If we've got a partially filled buffer from a previous call then - * use that data first - */ - if (*buf_len > 0) { - unsigned int remaining; - - remaining = AES_BLOCK_SIZE - (*buf_len); - if (remaining > len) { - memcpy(buf + (*buf_len), in, len); - *(buf_len) += len; - return 0; - } - memcpy(buf + (*buf_len), in, remaining); - - /* - * If we get here we've filled the buffer, so process it - */ - len -= remaining; - in += remaining; - if (out == NULL) { - if (!CRYPTO_ocb128_aad(&octx->ocb, buf, AES_BLOCK_SIZE)) - return -1; - } else if (EVP_CIPHER_CTX_is_encrypting(ctx)) { - if (!CRYPTO_ocb128_encrypt(&octx->ocb, buf, out, - AES_BLOCK_SIZE)) - return -1; - } else { - if (!CRYPTO_ocb128_decrypt(&octx->ocb, buf, out, - AES_BLOCK_SIZE)) - return -1; - } - written_len = AES_BLOCK_SIZE; - *buf_len = 0; - if (out != NULL) - out += AES_BLOCK_SIZE; - } - - /* Do we have a partial block to handle at the end? */ - trailing_len = len % AES_BLOCK_SIZE; - - /* - * If we've got some full blocks to handle, then process these first - */ - if (len != trailing_len) { - if (out == NULL) { - if (!CRYPTO_ocb128_aad(&octx->ocb, in, len - trailing_len)) - return -1; - } else if (EVP_CIPHER_CTX_is_encrypting(ctx)) { - if (!CRYPTO_ocb128_encrypt - (&octx->ocb, in, out, len - trailing_len)) - return -1; - } else { - if (!CRYPTO_ocb128_decrypt - (&octx->ocb, in, out, len - trailing_len)) - return -1; - } - written_len += len - trailing_len; - in += len - trailing_len; - } - - /* Handle any trailing partial block */ - if (trailing_len > 0) { - memcpy(buf, in, trailing_len); - *buf_len = trailing_len; - } - - return written_len; - } else { - /* - * First of all empty the buffer of any partial block that we might - * have been provided - both for data and AAD - */ - if (octx->data_buf_len > 0) { - if (EVP_CIPHER_CTX_is_encrypting(ctx)) { - if (!CRYPTO_ocb128_encrypt(&octx->ocb, octx->data_buf, out, - octx->data_buf_len)) - return -1; - } else { - if (!CRYPTO_ocb128_decrypt(&octx->ocb, octx->data_buf, out, - octx->data_buf_len)) - return -1; - } - written_len = octx->data_buf_len; - octx->data_buf_len = 0; - } - if (octx->aad_buf_len > 0) { - if (!CRYPTO_ocb128_aad - (&octx->ocb, octx->aad_buf, octx->aad_buf_len)) - return -1; - octx->aad_buf_len = 0; - } - /* If decrypting then verify */ - if (!EVP_CIPHER_CTX_is_encrypting(ctx)) { - if (octx->taglen < 0) - return -1; - if (CRYPTO_ocb128_finish(&octx->ocb, - octx->tag, octx->taglen) != 0) - return -1; - octx->iv_set = 0; - return written_len; - } - /* If encrypting then just get the tag */ - if (CRYPTO_ocb128_tag(&octx->ocb, octx->tag, 16) != 1) - return -1; - /* Don't reuse the IV */ - octx->iv_set = 0; - return written_len; - } -} - -static int aes_ocb_cleanup(EVP_CIPHER_CTX *c) -{ - EVP_AES_OCB_CTX *octx = EVP_C_DATA(EVP_AES_OCB_CTX,c); - CRYPTO_ocb128_cleanup(&octx->ocb); - return 1; -} - -BLOCK_CIPHER_custom(NID_aes, 128, 16, 12, ocb, OCB, - EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS) -BLOCK_CIPHER_custom(NID_aes, 192, 16, 12, ocb, OCB, - EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS) -BLOCK_CIPHER_custom(NID_aes, 256, 16, 12, ocb, OCB, - EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS) -#endif /* OPENSSL_NO_OCB */ diff --git a/crypto/evp/e_aes_cbc_hmac_sha1.c b/crypto/evp/e_aes_cbc_hmac_sha1.c deleted file mode 100644 index 4941f98e6483985e0a2d995ef6b4e84030c3ab01..0000000000000000000000000000000000000000 --- a/crypto/evp/e_aes_cbc_hmac_sha1.c +++ /dev/null @@ -1,969 +0,0 @@ -/* - * Copyright 2011-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * AES low level APIs are deprecated for public use, but still ok for internal - * use where we're using them to implement the higher level EVP interface, as is - * the case here. - */ -#include "internal/deprecated.h" - -#include -#include -#include -#include -#include -#include -#include -#include -#include "internal/cryptlib.h" -#include "crypto/modes.h" -#include "crypto/evp.h" -#include "internal/constant_time.h" -#include "evp_local.h" - -typedef struct { - AES_KEY ks; - SHA_CTX head, tail, md; - size_t payload_length; /* AAD length in decrypt case */ - union { - unsigned int tls_ver; - unsigned char tls_aad[16]; /* 13 used */ - } aux; -} EVP_AES_HMAC_SHA1; - -#define NO_PAYLOAD_LENGTH ((size_t)-1) - -#if defined(AES_ASM) && ( \ - defined(__x86_64) || defined(__x86_64__) || \ - defined(_M_AMD64) || defined(_M_X64) ) - -# define AESNI_CAPABLE (1<<(57-32)) - -int aesni_set_encrypt_key(const unsigned char *userKey, int bits, - AES_KEY *key); -int aesni_set_decrypt_key(const unsigned char *userKey, int bits, - AES_KEY *key); - -void aesni_cbc_encrypt(const unsigned char *in, - unsigned char *out, - size_t length, - const AES_KEY *key, unsigned char *ivec, int enc); - -void aesni_cbc_sha1_enc(const void *inp, void *out, size_t blocks, - const AES_KEY *key, unsigned char iv[16], - SHA_CTX *ctx, const void *in0); - -void aesni256_cbc_sha1_dec(const void *inp, void *out, size_t blocks, - const AES_KEY *key, unsigned char iv[16], - SHA_CTX *ctx, const void *in0); - -# define data(ctx) ((EVP_AES_HMAC_SHA1 *)EVP_CIPHER_CTX_get_cipher_data(ctx)) - -static int aesni_cbc_hmac_sha1_init_key(EVP_CIPHER_CTX *ctx, - const unsigned char *inkey, - const unsigned char *iv, int enc) -{ - EVP_AES_HMAC_SHA1 *key = data(ctx); - int ret; - - if (enc) - ret = aesni_set_encrypt_key(inkey, - EVP_CIPHER_CTX_get_key_length(ctx) * 8, - &key->ks); - else - ret = aesni_set_decrypt_key(inkey, - EVP_CIPHER_CTX_get_key_length(ctx) * 8, - &key->ks); - - SHA1_Init(&key->head); /* handy when benchmarking */ - key->tail = key->head; - key->md = key->head; - - key->payload_length = NO_PAYLOAD_LENGTH; - - return ret < 0 ? 0 : 1; -} - -# define STITCHED_CALL -# undef STITCHED_DECRYPT_CALL - -# if !defined(STITCHED_CALL) -# define aes_off 0 -# endif - -void sha1_block_data_order(void *c, const void *p, size_t len); - -static void sha1_update(SHA_CTX *c, const void *data, size_t len) -{ - const unsigned char *ptr = data; - size_t res; - - if ((res = c->num)) { - res = SHA_CBLOCK - res; - if (len < res) - res = len; - SHA1_Update(c, ptr, res); - ptr += res; - len -= res; - } - - res = len % SHA_CBLOCK; - len -= res; - - if (len) { - sha1_block_data_order(c, ptr, len / SHA_CBLOCK); - - ptr += len; - c->Nh += len >> 29; - c->Nl += len <<= 3; - if (c->Nl < (unsigned int)len) - c->Nh++; - } - - if (res) - SHA1_Update(c, ptr, res); -} - -# ifdef SHA1_Update -# undef SHA1_Update -# endif -# define SHA1_Update sha1_update - -# if !defined(OPENSSL_NO_MULTIBLOCK) - -typedef struct { - unsigned int A[8], B[8], C[8], D[8], E[8]; -} SHA1_MB_CTX; -typedef struct { - const unsigned char *ptr; - int blocks; -} HASH_DESC; - -void sha1_multi_block(SHA1_MB_CTX *, const HASH_DESC *, int); - -typedef struct { - const unsigned char *inp; - unsigned char *out; - int blocks; - u64 iv[2]; -} CIPH_DESC; - -void aesni_multi_cbc_encrypt(CIPH_DESC *, void *, int); - -static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA1 *key, - unsigned char *out, - const unsigned char *inp, - size_t inp_len, int n4x) -{ /* n4x is 1 or 2 */ - HASH_DESC hash_d[8], edges[8]; - CIPH_DESC ciph_d[8]; - unsigned char storage[sizeof(SHA1_MB_CTX) + 32]; - union { - u64 q[16]; - u32 d[32]; - u8 c[128]; - } blocks[8]; - SHA1_MB_CTX *ctx; - unsigned int frag, last, packlen, i, x4 = 4 * n4x, minblocks, processed = - 0; - size_t ret = 0; - u8 *IVs; -# if defined(BSWAP8) - u64 seqnum; -# endif - - /* ask for IVs in bulk */ - if (RAND_bytes((IVs = blocks[0].c), 16 * x4) <= 0) - return 0; - - ctx = (SHA1_MB_CTX *) (storage + 32 - ((size_t)storage % 32)); /* align */ - - frag = (unsigned int)inp_len >> (1 + n4x); - last = (unsigned int)inp_len + frag - (frag << (1 + n4x)); - if (last > frag && ((last + 13 + 9) % 64) < (x4 - 1)) { - frag++; - last -= x4 - 1; - } - - packlen = 5 + 16 + ((frag + 20 + 16) & -16); - - /* populate descriptors with pointers and IVs */ - hash_d[0].ptr = inp; - ciph_d[0].inp = inp; - /* 5+16 is place for header and explicit IV */ - ciph_d[0].out = out + 5 + 16; - memcpy(ciph_d[0].out - 16, IVs, 16); - memcpy(ciph_d[0].iv, IVs, 16); - IVs += 16; - - for (i = 1; i < x4; i++) { - ciph_d[i].inp = hash_d[i].ptr = hash_d[i - 1].ptr + frag; - ciph_d[i].out = ciph_d[i - 1].out + packlen; - memcpy(ciph_d[i].out - 16, IVs, 16); - memcpy(ciph_d[i].iv, IVs, 16); - IVs += 16; - } - -# if defined(BSWAP8) - memcpy(blocks[0].c, key->md.data, 8); - seqnum = BSWAP8(blocks[0].q[0]); -# endif - for (i = 0; i < x4; i++) { - unsigned int len = (i == (x4 - 1) ? last : frag); -# if !defined(BSWAP8) - unsigned int carry, j; -# endif - - ctx->A[i] = key->md.h0; - ctx->B[i] = key->md.h1; - ctx->C[i] = key->md.h2; - ctx->D[i] = key->md.h3; - ctx->E[i] = key->md.h4; - - /* fix seqnum */ -# if defined(BSWAP8) - blocks[i].q[0] = BSWAP8(seqnum + i); -# else - for (carry = i, j = 8; j--;) { - blocks[i].c[j] = ((u8 *)key->md.data)[j] + carry; - carry = (blocks[i].c[j] - carry) >> (sizeof(carry) * 8 - 1); - } -# endif - blocks[i].c[8] = ((u8 *)key->md.data)[8]; - blocks[i].c[9] = ((u8 *)key->md.data)[9]; - blocks[i].c[10] = ((u8 *)key->md.data)[10]; - /* fix length */ - blocks[i].c[11] = (u8)(len >> 8); - blocks[i].c[12] = (u8)(len); - - memcpy(blocks[i].c + 13, hash_d[i].ptr, 64 - 13); - hash_d[i].ptr += 64 - 13; - hash_d[i].blocks = (len - (64 - 13)) / 64; - - edges[i].ptr = blocks[i].c; - edges[i].blocks = 1; - } - - /* hash 13-byte headers and first 64-13 bytes of inputs */ - sha1_multi_block(ctx, edges, n4x); - /* hash bulk inputs */ -# define MAXCHUNKSIZE 2048 -# if MAXCHUNKSIZE%64 -# error "MAXCHUNKSIZE is not divisible by 64" -# elif MAXCHUNKSIZE - /* - * goal is to minimize pressure on L1 cache by moving in shorter steps, - * so that hashed data is still in the cache by the time we encrypt it - */ - minblocks = ((frag <= last ? frag : last) - (64 - 13)) / 64; - if (minblocks > MAXCHUNKSIZE / 64) { - for (i = 0; i < x4; i++) { - edges[i].ptr = hash_d[i].ptr; - edges[i].blocks = MAXCHUNKSIZE / 64; - ciph_d[i].blocks = MAXCHUNKSIZE / 16; - } - do { - sha1_multi_block(ctx, edges, n4x); - aesni_multi_cbc_encrypt(ciph_d, &key->ks, n4x); - - for (i = 0; i < x4; i++) { - edges[i].ptr = hash_d[i].ptr += MAXCHUNKSIZE; - hash_d[i].blocks -= MAXCHUNKSIZE / 64; - edges[i].blocks = MAXCHUNKSIZE / 64; - ciph_d[i].inp += MAXCHUNKSIZE; - ciph_d[i].out += MAXCHUNKSIZE; - ciph_d[i].blocks = MAXCHUNKSIZE / 16; - memcpy(ciph_d[i].iv, ciph_d[i].out - 16, 16); - } - processed += MAXCHUNKSIZE; - minblocks -= MAXCHUNKSIZE / 64; - } while (minblocks > MAXCHUNKSIZE / 64); - } -# endif -# undef MAXCHUNKSIZE - sha1_multi_block(ctx, hash_d, n4x); - - memset(blocks, 0, sizeof(blocks)); - for (i = 0; i < x4; i++) { - unsigned int len = (i == (x4 - 1) ? last : frag), - off = hash_d[i].blocks * 64; - const unsigned char *ptr = hash_d[i].ptr + off; - - off = (len - processed) - (64 - 13) - off; /* remainder actually */ - memcpy(blocks[i].c, ptr, off); - blocks[i].c[off] = 0x80; - len += 64 + 13; /* 64 is HMAC header */ - len *= 8; /* convert to bits */ - if (off < (64 - 8)) { -# ifdef BSWAP4 - blocks[i].d[15] = BSWAP4(len); -# else - PUTU32(blocks[i].c + 60, len); -# endif - edges[i].blocks = 1; - } else { -# ifdef BSWAP4 - blocks[i].d[31] = BSWAP4(len); -# else - PUTU32(blocks[i].c + 124, len); -# endif - edges[i].blocks = 2; - } - edges[i].ptr = blocks[i].c; - } - - /* hash input tails and finalize */ - sha1_multi_block(ctx, edges, n4x); - - memset(blocks, 0, sizeof(blocks)); - for (i = 0; i < x4; i++) { -# ifdef BSWAP4 - blocks[i].d[0] = BSWAP4(ctx->A[i]); - ctx->A[i] = key->tail.h0; - blocks[i].d[1] = BSWAP4(ctx->B[i]); - ctx->B[i] = key->tail.h1; - blocks[i].d[2] = BSWAP4(ctx->C[i]); - ctx->C[i] = key->tail.h2; - blocks[i].d[3] = BSWAP4(ctx->D[i]); - ctx->D[i] = key->tail.h3; - blocks[i].d[4] = BSWAP4(ctx->E[i]); - ctx->E[i] = key->tail.h4; - blocks[i].c[20] = 0x80; - blocks[i].d[15] = BSWAP4((64 + 20) * 8); -# else - PUTU32(blocks[i].c + 0, ctx->A[i]); - ctx->A[i] = key->tail.h0; - PUTU32(blocks[i].c + 4, ctx->B[i]); - ctx->B[i] = key->tail.h1; - PUTU32(blocks[i].c + 8, ctx->C[i]); - ctx->C[i] = key->tail.h2; - PUTU32(blocks[i].c + 12, ctx->D[i]); - ctx->D[i] = key->tail.h3; - PUTU32(blocks[i].c + 16, ctx->E[i]); - ctx->E[i] = key->tail.h4; - blocks[i].c[20] = 0x80; - PUTU32(blocks[i].c + 60, (64 + 20) * 8); -# endif - edges[i].ptr = blocks[i].c; - edges[i].blocks = 1; - } - - /* finalize MACs */ - sha1_multi_block(ctx, edges, n4x); - - for (i = 0; i < x4; i++) { - unsigned int len = (i == (x4 - 1) ? last : frag), pad, j; - unsigned char *out0 = out; - - memcpy(ciph_d[i].out, ciph_d[i].inp, len - processed); - ciph_d[i].inp = ciph_d[i].out; - - out += 5 + 16 + len; - - /* write MAC */ - PUTU32(out + 0, ctx->A[i]); - PUTU32(out + 4, ctx->B[i]); - PUTU32(out + 8, ctx->C[i]); - PUTU32(out + 12, ctx->D[i]); - PUTU32(out + 16, ctx->E[i]); - out += 20; - len += 20; - - /* pad */ - pad = 15 - len % 16; - for (j = 0; j <= pad; j++) - *(out++) = pad; - len += pad + 1; - - ciph_d[i].blocks = (len - processed) / 16; - len += 16; /* account for explicit iv */ - - /* arrange header */ - out0[0] = ((u8 *)key->md.data)[8]; - out0[1] = ((u8 *)key->md.data)[9]; - out0[2] = ((u8 *)key->md.data)[10]; - out0[3] = (u8)(len >> 8); - out0[4] = (u8)(len); - - ret += len + 5; - inp += frag; - } - - aesni_multi_cbc_encrypt(ciph_d, &key->ks, n4x); - - OPENSSL_cleanse(blocks, sizeof(blocks)); - OPENSSL_cleanse(ctx, sizeof(*ctx)); - - return ret; -} -# endif - -static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len) -{ - EVP_AES_HMAC_SHA1 *key = data(ctx); - unsigned int l; - size_t plen = key->payload_length, iv = 0, /* explicit IV in TLS 1.1 and - * later */ - sha_off = 0; -# if defined(STITCHED_CALL) - size_t aes_off = 0, blocks; - - sha_off = SHA_CBLOCK - key->md.num; -# endif - - key->payload_length = NO_PAYLOAD_LENGTH; - - if (len % AES_BLOCK_SIZE) - return 0; - - if (EVP_CIPHER_CTX_is_encrypting(ctx)) { - if (plen == NO_PAYLOAD_LENGTH) - plen = len; - else if (len != - ((plen + SHA_DIGEST_LENGTH + - AES_BLOCK_SIZE) & -AES_BLOCK_SIZE)) - return 0; - else if (key->aux.tls_ver >= TLS1_1_VERSION) - iv = AES_BLOCK_SIZE; - -# if defined(STITCHED_CALL) - if (plen > (sha_off + iv) - && (blocks = (plen - (sha_off + iv)) / SHA_CBLOCK)) { - SHA1_Update(&key->md, in + iv, sha_off); - - aesni_cbc_sha1_enc(in, out, blocks, &key->ks, ctx->iv, - &key->md, in + iv + sha_off); - blocks *= SHA_CBLOCK; - aes_off += blocks; - sha_off += blocks; - key->md.Nh += blocks >> 29; - key->md.Nl += blocks <<= 3; - if (key->md.Nl < (unsigned int)blocks) - key->md.Nh++; - } else { - sha_off = 0; - } -# endif - sha_off += iv; - SHA1_Update(&key->md, in + sha_off, plen - sha_off); - - if (plen != len) { /* "TLS" mode of operation */ - if (in != out) - memcpy(out + aes_off, in + aes_off, plen - aes_off); - - /* calculate HMAC and append it to payload */ - SHA1_Final(out + plen, &key->md); - key->md = key->tail; - SHA1_Update(&key->md, out + plen, SHA_DIGEST_LENGTH); - SHA1_Final(out + plen, &key->md); - - /* pad the payload|hmac */ - plen += SHA_DIGEST_LENGTH; - for (l = len - plen - 1; plen < len; plen++) - out[plen] = l; - /* encrypt HMAC|padding at once */ - aesni_cbc_encrypt(out + aes_off, out + aes_off, len - aes_off, - &key->ks, ctx->iv, 1); - } else { - aesni_cbc_encrypt(in + aes_off, out + aes_off, len - aes_off, - &key->ks, ctx->iv, 1); - } - } else { - union { - unsigned int u[SHA_DIGEST_LENGTH / sizeof(unsigned int)]; - unsigned char c[32 + SHA_DIGEST_LENGTH]; - } mac, *pmac; - - /* arrange cache line alignment */ - pmac = (void *)(((size_t)mac.c + 31) & ((size_t)0 - 32)); - - if (plen != NO_PAYLOAD_LENGTH) { /* "TLS" mode of operation */ - size_t inp_len, mask, j, i; - unsigned int res, maxpad, pad, bitlen; - int ret = 1; - union { - unsigned int u[SHA_LBLOCK]; - unsigned char c[SHA_CBLOCK]; - } *data = (void *)key->md.data; -# if defined(STITCHED_DECRYPT_CALL) - unsigned char tail_iv[AES_BLOCK_SIZE]; - int stitch = 0; -# endif - - if ((key->aux.tls_aad[plen - 4] << 8 | key->aux.tls_aad[plen - 3]) - >= TLS1_1_VERSION) { - if (len < (AES_BLOCK_SIZE + SHA_DIGEST_LENGTH + 1)) - return 0; - - /* omit explicit iv */ - memcpy(ctx->iv, in, AES_BLOCK_SIZE); - - in += AES_BLOCK_SIZE; - out += AES_BLOCK_SIZE; - len -= AES_BLOCK_SIZE; - } else if (len < (SHA_DIGEST_LENGTH + 1)) - return 0; - -# if defined(STITCHED_DECRYPT_CALL) - if (len >= 1024 && ctx->key_len == 32) { - /* decrypt last block */ - memcpy(tail_iv, in + len - 2 * AES_BLOCK_SIZE, - AES_BLOCK_SIZE); - aesni_cbc_encrypt(in + len - AES_BLOCK_SIZE, - out + len - AES_BLOCK_SIZE, AES_BLOCK_SIZE, - &key->ks, tail_iv, 0); - stitch = 1; - } else -# endif - /* decrypt HMAC|padding at once */ - aesni_cbc_encrypt(in, out, len, &key->ks, - ctx->iv, 0); - - /* figure out payload length */ - pad = out[len - 1]; - maxpad = len - (SHA_DIGEST_LENGTH + 1); - maxpad |= (255 - maxpad) >> (sizeof(maxpad) * 8 - 8); - maxpad &= 255; - - mask = constant_time_ge(maxpad, pad); - ret &= mask; - /* - * If pad is invalid then we will fail the above test but we must - * continue anyway because we are in constant time code. However, - * we'll use the maxpad value instead of the supplied pad to make - * sure we perform well defined pointer arithmetic. - */ - pad = constant_time_select(mask, pad, maxpad); - - inp_len = len - (SHA_DIGEST_LENGTH + pad + 1); - - key->aux.tls_aad[plen - 2] = inp_len >> 8; - key->aux.tls_aad[plen - 1] = inp_len; - - /* calculate HMAC */ - key->md = key->head; - SHA1_Update(&key->md, key->aux.tls_aad, plen); - -# if defined(STITCHED_DECRYPT_CALL) - if (stitch) { - blocks = (len - (256 + 32 + SHA_CBLOCK)) / SHA_CBLOCK; - aes_off = len - AES_BLOCK_SIZE - blocks * SHA_CBLOCK; - sha_off = SHA_CBLOCK - plen; - - aesni_cbc_encrypt(in, out, aes_off, &key->ks, ctx->iv, 0); - - SHA1_Update(&key->md, out, sha_off); - aesni256_cbc_sha1_dec(in + aes_off, - out + aes_off, blocks, &key->ks, - ctx->iv, &key->md, out + sha_off); - - sha_off += blocks *= SHA_CBLOCK; - out += sha_off; - len -= sha_off; - inp_len -= sha_off; - - key->md.Nl += (blocks << 3); /* at most 18 bits */ - memcpy(ctx->iv, tail_iv, AES_BLOCK_SIZE); - } -# endif - -# if 1 /* see original reference version in #else */ - len -= SHA_DIGEST_LENGTH; /* amend mac */ - if (len >= (256 + SHA_CBLOCK)) { - j = (len - (256 + SHA_CBLOCK)) & (0 - SHA_CBLOCK); - j += SHA_CBLOCK - key->md.num; - SHA1_Update(&key->md, out, j); - out += j; - len -= j; - inp_len -= j; - } - - /* but pretend as if we hashed padded payload */ - bitlen = key->md.Nl + (inp_len << 3); /* at most 18 bits */ -# ifdef BSWAP4 - bitlen = BSWAP4(bitlen); -# else - mac.c[0] = 0; - mac.c[1] = (unsigned char)(bitlen >> 16); - mac.c[2] = (unsigned char)(bitlen >> 8); - mac.c[3] = (unsigned char)bitlen; - bitlen = mac.u[0]; -# endif - - pmac->u[0] = 0; - pmac->u[1] = 0; - pmac->u[2] = 0; - pmac->u[3] = 0; - pmac->u[4] = 0; - - for (res = key->md.num, j = 0; j < len; j++) { - size_t c = out[j]; - mask = (j - inp_len) >> (sizeof(j) * 8 - 8); - c &= mask; - c |= 0x80 & ~mask & ~((inp_len - j) >> (sizeof(j) * 8 - 8)); - data->c[res++] = (unsigned char)c; - - if (res != SHA_CBLOCK) - continue; - - /* j is not incremented yet */ - mask = 0 - ((inp_len + 7 - j) >> (sizeof(j) * 8 - 1)); - data->u[SHA_LBLOCK - 1] |= bitlen & mask; - sha1_block_data_order(&key->md, data, 1); - mask &= 0 - ((j - inp_len - 72) >> (sizeof(j) * 8 - 1)); - pmac->u[0] |= key->md.h0 & mask; - pmac->u[1] |= key->md.h1 & mask; - pmac->u[2] |= key->md.h2 & mask; - pmac->u[3] |= key->md.h3 & mask; - pmac->u[4] |= key->md.h4 & mask; - res = 0; - } - - for (i = res; i < SHA_CBLOCK; i++, j++) - data->c[i] = 0; - - if (res > SHA_CBLOCK - 8) { - mask = 0 - ((inp_len + 8 - j) >> (sizeof(j) * 8 - 1)); - data->u[SHA_LBLOCK - 1] |= bitlen & mask; - sha1_block_data_order(&key->md, data, 1); - mask &= 0 - ((j - inp_len - 73) >> (sizeof(j) * 8 - 1)); - pmac->u[0] |= key->md.h0 & mask; - pmac->u[1] |= key->md.h1 & mask; - pmac->u[2] |= key->md.h2 & mask; - pmac->u[3] |= key->md.h3 & mask; - pmac->u[4] |= key->md.h4 & mask; - - memset(data, 0, SHA_CBLOCK); - j += 64; - } - data->u[SHA_LBLOCK - 1] = bitlen; - sha1_block_data_order(&key->md, data, 1); - mask = 0 - ((j - inp_len - 73) >> (sizeof(j) * 8 - 1)); - pmac->u[0] |= key->md.h0 & mask; - pmac->u[1] |= key->md.h1 & mask; - pmac->u[2] |= key->md.h2 & mask; - pmac->u[3] |= key->md.h3 & mask; - pmac->u[4] |= key->md.h4 & mask; - -# ifdef BSWAP4 - pmac->u[0] = BSWAP4(pmac->u[0]); - pmac->u[1] = BSWAP4(pmac->u[1]); - pmac->u[2] = BSWAP4(pmac->u[2]); - pmac->u[3] = BSWAP4(pmac->u[3]); - pmac->u[4] = BSWAP4(pmac->u[4]); -# else - for (i = 0; i < 5; i++) { - res = pmac->u[i]; - pmac->c[4 * i + 0] = (unsigned char)(res >> 24); - pmac->c[4 * i + 1] = (unsigned char)(res >> 16); - pmac->c[4 * i + 2] = (unsigned char)(res >> 8); - pmac->c[4 * i + 3] = (unsigned char)res; - } -# endif - len += SHA_DIGEST_LENGTH; -# else /* pre-lucky-13 reference version of above */ - SHA1_Update(&key->md, out, inp_len); - res = key->md.num; - SHA1_Final(pmac->c, &key->md); - - { - unsigned int inp_blocks, pad_blocks; - - /* but pretend as if we hashed padded payload */ - inp_blocks = - 1 + ((SHA_CBLOCK - 9 - res) >> (sizeof(res) * 8 - 1)); - res += (unsigned int)(len - inp_len); - pad_blocks = res / SHA_CBLOCK; - res %= SHA_CBLOCK; - pad_blocks += - 1 + ((SHA_CBLOCK - 9 - res) >> (sizeof(res) * 8 - 1)); - for (; inp_blocks < pad_blocks; inp_blocks++) - sha1_block_data_order(&key->md, data, 1); - } -# endif - key->md = key->tail; - SHA1_Update(&key->md, pmac->c, SHA_DIGEST_LENGTH); - SHA1_Final(pmac->c, &key->md); - - /* verify HMAC */ - out += inp_len; - len -= inp_len; -# if 1 /* see original reference version in #else */ - { - unsigned char *p = out + len - 1 - maxpad - SHA_DIGEST_LENGTH; - size_t off = out - p; - unsigned int c, cmask; - - for (res = 0, i = 0, j = 0; j < maxpad + SHA_DIGEST_LENGTH; j++) { - c = p[j]; - cmask = - ((int)(j - off - SHA_DIGEST_LENGTH)) >> (sizeof(int) * - 8 - 1); - res |= (c ^ pad) & ~cmask; /* ... and padding */ - cmask &= ((int)(off - 1 - j)) >> (sizeof(int) * 8 - 1); - res |= (c ^ pmac->c[i]) & cmask; - i += 1 & cmask; - } - - res = 0 - ((0 - res) >> (sizeof(res) * 8 - 1)); - ret &= (int)~res; - } -# else /* pre-lucky-13 reference version of above */ - for (res = 0, i = 0; i < SHA_DIGEST_LENGTH; i++) - res |= out[i] ^ pmac->c[i]; - res = 0 - ((0 - res) >> (sizeof(res) * 8 - 1)); - ret &= (int)~res; - - /* verify padding */ - pad = (pad & ~res) | (maxpad & res); - out = out + len - 1 - pad; - for (res = 0, i = 0; i < pad; i++) - res |= out[i] ^ pad; - - res = (0 - res) >> (sizeof(res) * 8 - 1); - ret &= (int)~res; -# endif - return ret; - } else { -# if defined(STITCHED_DECRYPT_CALL) - if (len >= 1024 && ctx->key_len == 32) { - if (sha_off %= SHA_CBLOCK) - blocks = (len - 3 * SHA_CBLOCK) / SHA_CBLOCK; - else - blocks = (len - 2 * SHA_CBLOCK) / SHA_CBLOCK; - aes_off = len - blocks * SHA_CBLOCK; - - aesni_cbc_encrypt(in, out, aes_off, &key->ks, ctx->iv, 0); - SHA1_Update(&key->md, out, sha_off); - aesni256_cbc_sha1_dec(in + aes_off, - out + aes_off, blocks, &key->ks, - ctx->iv, &key->md, out + sha_off); - - sha_off += blocks *= SHA_CBLOCK; - out += sha_off; - len -= sha_off; - - key->md.Nh += blocks >> 29; - key->md.Nl += blocks <<= 3; - if (key->md.Nl < (unsigned int)blocks) - key->md.Nh++; - } else -# endif - /* decrypt HMAC|padding at once */ - aesni_cbc_encrypt(in, out, len, &key->ks, - ctx->iv, 0); - - SHA1_Update(&key->md, out, len); - } - } - - return 1; -} - -static int aesni_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, - void *ptr) -{ - EVP_AES_HMAC_SHA1 *key = data(ctx); - - switch (type) { - case EVP_CTRL_AEAD_SET_MAC_KEY: - { - unsigned int i; - unsigned char hmac_key[64]; - - memset(hmac_key, 0, sizeof(hmac_key)); - - if (arg > (int)sizeof(hmac_key)) { - SHA1_Init(&key->head); - SHA1_Update(&key->head, ptr, arg); - SHA1_Final(hmac_key, &key->head); - } else { - memcpy(hmac_key, ptr, arg); - } - - for (i = 0; i < sizeof(hmac_key); i++) - hmac_key[i] ^= 0x36; /* ipad */ - SHA1_Init(&key->head); - SHA1_Update(&key->head, hmac_key, sizeof(hmac_key)); - - for (i = 0; i < sizeof(hmac_key); i++) - hmac_key[i] ^= 0x36 ^ 0x5c; /* opad */ - SHA1_Init(&key->tail); - SHA1_Update(&key->tail, hmac_key, sizeof(hmac_key)); - - OPENSSL_cleanse(hmac_key, sizeof(hmac_key)); - - return 1; - } - case EVP_CTRL_AEAD_TLS1_AAD: - { - unsigned char *p = ptr; - unsigned int len; - - if (arg != EVP_AEAD_TLS1_AAD_LEN) - return -1; - - len = p[arg - 2] << 8 | p[arg - 1]; - - if (EVP_CIPHER_CTX_is_encrypting(ctx)) { - key->payload_length = len; - if ((key->aux.tls_ver = - p[arg - 4] << 8 | p[arg - 3]) >= TLS1_1_VERSION) { - if (len < AES_BLOCK_SIZE) - return 0; - len -= AES_BLOCK_SIZE; - p[arg - 2] = len >> 8; - p[arg - 1] = len; - } - key->md = key->head; - SHA1_Update(&key->md, p, arg); - - return (int)(((len + SHA_DIGEST_LENGTH + - AES_BLOCK_SIZE) & -AES_BLOCK_SIZE) - - len); - } else { - memcpy(key->aux.tls_aad, ptr, arg); - key->payload_length = arg; - - return SHA_DIGEST_LENGTH; - } - } -# if !defined(OPENSSL_NO_MULTIBLOCK) - case EVP_CTRL_TLS1_1_MULTIBLOCK_MAX_BUFSIZE: - return (int)(5 + 16 + ((arg + 20 + 16) & -16)); - case EVP_CTRL_TLS1_1_MULTIBLOCK_AAD: - { - EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM *param = - (EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM *) ptr; - unsigned int n4x = 1, x4; - unsigned int frag, last, packlen, inp_len; - - if (arg < (int)sizeof(EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM)) - return -1; - - inp_len = param->inp[11] << 8 | param->inp[12]; - - if (EVP_CIPHER_CTX_is_encrypting(ctx)) { - if ((param->inp[9] << 8 | param->inp[10]) < TLS1_1_VERSION) - return -1; - - if (inp_len) { - if (inp_len < 4096) - return 0; /* too short */ - - if (inp_len >= 8192 && OPENSSL_ia32cap_P[2] & (1 << 5)) - n4x = 2; /* AVX2 */ - } else if ((n4x = param->interleave / 4) && n4x <= 2) - inp_len = param->len; - else - return -1; - - key->md = key->head; - SHA1_Update(&key->md, param->inp, 13); - - x4 = 4 * n4x; - n4x += 1; - - frag = inp_len >> n4x; - last = inp_len + frag - (frag << n4x); - if (last > frag && ((last + 13 + 9) % 64 < (x4 - 1))) { - frag++; - last -= x4 - 1; - } - - packlen = 5 + 16 + ((frag + 20 + 16) & -16); - packlen = (packlen << n4x) - packlen; - packlen += 5 + 16 + ((last + 20 + 16) & -16); - - param->interleave = x4; - - return (int)packlen; - } else - return -1; /* not yet */ - } - case EVP_CTRL_TLS1_1_MULTIBLOCK_ENCRYPT: - { - EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM *param = - (EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM *) ptr; - - return (int)tls1_1_multi_block_encrypt(key, param->out, - param->inp, param->len, - param->interleave / 4); - } - case EVP_CTRL_TLS1_1_MULTIBLOCK_DECRYPT: -# endif - default: - return -1; - } -} - -static EVP_CIPHER aesni_128_cbc_hmac_sha1_cipher = { -# ifdef NID_aes_128_cbc_hmac_sha1 - NID_aes_128_cbc_hmac_sha1, -# else - NID_undef, -# endif - AES_BLOCK_SIZE, 16, AES_BLOCK_SIZE, - EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1 | - EVP_CIPH_FLAG_AEAD_CIPHER | EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK, - EVP_ORIG_GLOBAL, - aesni_cbc_hmac_sha1_init_key, - aesni_cbc_hmac_sha1_cipher, - NULL, - sizeof(EVP_AES_HMAC_SHA1), - EVP_CIPH_FLAG_DEFAULT_ASN1 ? NULL : EVP_CIPHER_set_asn1_iv, - EVP_CIPH_FLAG_DEFAULT_ASN1 ? NULL : EVP_CIPHER_get_asn1_iv, - aesni_cbc_hmac_sha1_ctrl, - NULL -}; - -static EVP_CIPHER aesni_256_cbc_hmac_sha1_cipher = { -# ifdef NID_aes_256_cbc_hmac_sha1 - NID_aes_256_cbc_hmac_sha1, -# else - NID_undef, -# endif - AES_BLOCK_SIZE, 32, AES_BLOCK_SIZE, - EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1 | - EVP_CIPH_FLAG_AEAD_CIPHER | EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK, - EVP_ORIG_GLOBAL, - aesni_cbc_hmac_sha1_init_key, - aesni_cbc_hmac_sha1_cipher, - NULL, - sizeof(EVP_AES_HMAC_SHA1), - EVP_CIPH_FLAG_DEFAULT_ASN1 ? NULL : EVP_CIPHER_set_asn1_iv, - EVP_CIPH_FLAG_DEFAULT_ASN1 ? NULL : EVP_CIPHER_get_asn1_iv, - aesni_cbc_hmac_sha1_ctrl, - NULL -}; - -const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha1(void) -{ - return (OPENSSL_ia32cap_P[1] & AESNI_CAPABLE ? - &aesni_128_cbc_hmac_sha1_cipher : NULL); -} - -const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha1(void) -{ - return (OPENSSL_ia32cap_P[1] & AESNI_CAPABLE ? - &aesni_256_cbc_hmac_sha1_cipher : NULL); -} -#else -const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha1(void) -{ - return NULL; -} - -const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha1(void) -{ - return NULL; -} -#endif diff --git a/crypto/evp/e_aes_cbc_hmac_sha256.c b/crypto/evp/e_aes_cbc_hmac_sha256.c deleted file mode 100644 index 3a5f757dbff372d0361a3d70eb761a321f2f8ff0..0000000000000000000000000000000000000000 --- a/crypto/evp/e_aes_cbc_hmac_sha256.c +++ /dev/null @@ -1,955 +0,0 @@ -/* - * Copyright 2013-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * AES low level APIs are deprecated for public use, but still ok for internal - * use where we're using them to implement the higher level EVP interface, as is - * the case here. - */ -#include "internal/deprecated.h" - -#include -#include -#include -#include -#include -#include -#include -#include -#include "internal/cryptlib.h" -#include "crypto/modes.h" -#include "internal/constant_time.h" -#include "crypto/evp.h" -#include "evp_local.h" - -typedef struct { - AES_KEY ks; - SHA256_CTX head, tail, md; - size_t payload_length; /* AAD length in decrypt case */ - union { - unsigned int tls_ver; - unsigned char tls_aad[16]; /* 13 used */ - } aux; -} EVP_AES_HMAC_SHA256; - -# define NO_PAYLOAD_LENGTH ((size_t)-1) - -#if defined(AES_ASM) && ( \ - defined(__x86_64) || defined(__x86_64__) || \ - defined(_M_AMD64) || defined(_M_X64) ) - -# define AESNI_CAPABLE (1<<(57-32)) - -int aesni_set_encrypt_key(const unsigned char *userKey, int bits, - AES_KEY *key); -int aesni_set_decrypt_key(const unsigned char *userKey, int bits, - AES_KEY *key); - -void aesni_cbc_encrypt(const unsigned char *in, - unsigned char *out, - size_t length, - const AES_KEY *key, unsigned char *ivec, int enc); - -int aesni_cbc_sha256_enc(const void *inp, void *out, size_t blocks, - const AES_KEY *key, unsigned char iv[16], - SHA256_CTX *ctx, const void *in0); - -# define data(ctx) ((EVP_AES_HMAC_SHA256 *)EVP_CIPHER_CTX_get_cipher_data(ctx)) - -static int aesni_cbc_hmac_sha256_init_key(EVP_CIPHER_CTX *ctx, - const unsigned char *inkey, - const unsigned char *iv, int enc) -{ - EVP_AES_HMAC_SHA256 *key = data(ctx); - int ret; - - if (enc) - ret = aesni_set_encrypt_key(inkey, - EVP_CIPHER_CTX_get_key_length(ctx) * 8, - &key->ks); - else - ret = aesni_set_decrypt_key(inkey, - EVP_CIPHER_CTX_get_key_length(ctx) * 8, - &key->ks); - - SHA256_Init(&key->head); /* handy when benchmarking */ - key->tail = key->head; - key->md = key->head; - - key->payload_length = NO_PAYLOAD_LENGTH; - - return ret < 0 ? 0 : 1; -} - -# define STITCHED_CALL - -# if !defined(STITCHED_CALL) -# define aes_off 0 -# endif - -void sha256_block_data_order(void *c, const void *p, size_t len); - -static void sha256_update(SHA256_CTX *c, const void *data, size_t len) -{ - const unsigned char *ptr = data; - size_t res; - - if ((res = c->num)) { - res = SHA256_CBLOCK - res; - if (len < res) - res = len; - SHA256_Update(c, ptr, res); - ptr += res; - len -= res; - } - - res = len % SHA256_CBLOCK; - len -= res; - - if (len) { - sha256_block_data_order(c, ptr, len / SHA256_CBLOCK); - - ptr += len; - c->Nh += len >> 29; - c->Nl += len <<= 3; - if (c->Nl < (unsigned int)len) - c->Nh++; - } - - if (res) - SHA256_Update(c, ptr, res); -} - -# ifdef SHA256_Update -# undef SHA256_Update -# endif -# define SHA256_Update sha256_update - -# if !defined(OPENSSL_NO_MULTIBLOCK) - -typedef struct { - unsigned int A[8], B[8], C[8], D[8], E[8], F[8], G[8], H[8]; -} SHA256_MB_CTX; -typedef struct { - const unsigned char *ptr; - int blocks; -} HASH_DESC; - -void sha256_multi_block(SHA256_MB_CTX *, const HASH_DESC *, int); - -typedef struct { - const unsigned char *inp; - unsigned char *out; - int blocks; - u64 iv[2]; -} CIPH_DESC; - -void aesni_multi_cbc_encrypt(CIPH_DESC *, void *, int); - -static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA256 *key, - unsigned char *out, - const unsigned char *inp, - size_t inp_len, int n4x) -{ /* n4x is 1 or 2 */ - HASH_DESC hash_d[8], edges[8]; - CIPH_DESC ciph_d[8]; - unsigned char storage[sizeof(SHA256_MB_CTX) + 32]; - union { - u64 q[16]; - u32 d[32]; - u8 c[128]; - } blocks[8]; - SHA256_MB_CTX *ctx; - unsigned int frag, last, packlen, i, x4 = 4 * n4x, minblocks, processed = - 0; - size_t ret = 0; - u8 *IVs; -# if defined(BSWAP8) - u64 seqnum; -# endif - - /* ask for IVs in bulk */ - if (RAND_bytes((IVs = blocks[0].c), 16 * x4) <= 0) - return 0; - - /* align */ - ctx = (SHA256_MB_CTX *) (storage + 32 - ((size_t)storage % 32)); - - frag = (unsigned int)inp_len >> (1 + n4x); - last = (unsigned int)inp_len + frag - (frag << (1 + n4x)); - if (last > frag && ((last + 13 + 9) % 64) < (x4 - 1)) { - frag++; - last -= x4 - 1; - } - - packlen = 5 + 16 + ((frag + 32 + 16) & -16); - - /* populate descriptors with pointers and IVs */ - hash_d[0].ptr = inp; - ciph_d[0].inp = inp; - /* 5+16 is place for header and explicit IV */ - ciph_d[0].out = out + 5 + 16; - memcpy(ciph_d[0].out - 16, IVs, 16); - memcpy(ciph_d[0].iv, IVs, 16); - IVs += 16; - - for (i = 1; i < x4; i++) { - ciph_d[i].inp = hash_d[i].ptr = hash_d[i - 1].ptr + frag; - ciph_d[i].out = ciph_d[i - 1].out + packlen; - memcpy(ciph_d[i].out - 16, IVs, 16); - memcpy(ciph_d[i].iv, IVs, 16); - IVs += 16; - } - -# if defined(BSWAP8) - memcpy(blocks[0].c, key->md.data, 8); - seqnum = BSWAP8(blocks[0].q[0]); -# endif - for (i = 0; i < x4; i++) { - unsigned int len = (i == (x4 - 1) ? last : frag); -# if !defined(BSWAP8) - unsigned int carry, j; -# endif - - ctx->A[i] = key->md.h[0]; - ctx->B[i] = key->md.h[1]; - ctx->C[i] = key->md.h[2]; - ctx->D[i] = key->md.h[3]; - ctx->E[i] = key->md.h[4]; - ctx->F[i] = key->md.h[5]; - ctx->G[i] = key->md.h[6]; - ctx->H[i] = key->md.h[7]; - - /* fix seqnum */ -# if defined(BSWAP8) - blocks[i].q[0] = BSWAP8(seqnum + i); -# else - for (carry = i, j = 8; j--;) { - blocks[i].c[j] = ((u8 *)key->md.data)[j] + carry; - carry = (blocks[i].c[j] - carry) >> (sizeof(carry) * 8 - 1); - } -# endif - blocks[i].c[8] = ((u8 *)key->md.data)[8]; - blocks[i].c[9] = ((u8 *)key->md.data)[9]; - blocks[i].c[10] = ((u8 *)key->md.data)[10]; - /* fix length */ - blocks[i].c[11] = (u8)(len >> 8); - blocks[i].c[12] = (u8)(len); - - memcpy(blocks[i].c + 13, hash_d[i].ptr, 64 - 13); - hash_d[i].ptr += 64 - 13; - hash_d[i].blocks = (len - (64 - 13)) / 64; - - edges[i].ptr = blocks[i].c; - edges[i].blocks = 1; - } - - /* hash 13-byte headers and first 64-13 bytes of inputs */ - sha256_multi_block(ctx, edges, n4x); - /* hash bulk inputs */ -# define MAXCHUNKSIZE 2048 -# if MAXCHUNKSIZE%64 -# error "MAXCHUNKSIZE is not divisible by 64" -# elif MAXCHUNKSIZE - /* - * goal is to minimize pressure on L1 cache by moving in shorter steps, - * so that hashed data is still in the cache by the time we encrypt it - */ - minblocks = ((frag <= last ? frag : last) - (64 - 13)) / 64; - if (minblocks > MAXCHUNKSIZE / 64) { - for (i = 0; i < x4; i++) { - edges[i].ptr = hash_d[i].ptr; - edges[i].blocks = MAXCHUNKSIZE / 64; - ciph_d[i].blocks = MAXCHUNKSIZE / 16; - } - do { - sha256_multi_block(ctx, edges, n4x); - aesni_multi_cbc_encrypt(ciph_d, &key->ks, n4x); - - for (i = 0; i < x4; i++) { - edges[i].ptr = hash_d[i].ptr += MAXCHUNKSIZE; - hash_d[i].blocks -= MAXCHUNKSIZE / 64; - edges[i].blocks = MAXCHUNKSIZE / 64; - ciph_d[i].inp += MAXCHUNKSIZE; - ciph_d[i].out += MAXCHUNKSIZE; - ciph_d[i].blocks = MAXCHUNKSIZE / 16; - memcpy(ciph_d[i].iv, ciph_d[i].out - 16, 16); - } - processed += MAXCHUNKSIZE; - minblocks -= MAXCHUNKSIZE / 64; - } while (minblocks > MAXCHUNKSIZE / 64); - } -# endif -# undef MAXCHUNKSIZE - sha256_multi_block(ctx, hash_d, n4x); - - memset(blocks, 0, sizeof(blocks)); - for (i = 0; i < x4; i++) { - unsigned int len = (i == (x4 - 1) ? last : frag), - off = hash_d[i].blocks * 64; - const unsigned char *ptr = hash_d[i].ptr + off; - - off = (len - processed) - (64 - 13) - off; /* remainder actually */ - memcpy(blocks[i].c, ptr, off); - blocks[i].c[off] = 0x80; - len += 64 + 13; /* 64 is HMAC header */ - len *= 8; /* convert to bits */ - if (off < (64 - 8)) { -# ifdef BSWAP4 - blocks[i].d[15] = BSWAP4(len); -# else - PUTU32(blocks[i].c + 60, len); -# endif - edges[i].blocks = 1; - } else { -# ifdef BSWAP4 - blocks[i].d[31] = BSWAP4(len); -# else - PUTU32(blocks[i].c + 124, len); -# endif - edges[i].blocks = 2; - } - edges[i].ptr = blocks[i].c; - } - - /* hash input tails and finalize */ - sha256_multi_block(ctx, edges, n4x); - - memset(blocks, 0, sizeof(blocks)); - for (i = 0; i < x4; i++) { -# ifdef BSWAP4 - blocks[i].d[0] = BSWAP4(ctx->A[i]); - ctx->A[i] = key->tail.h[0]; - blocks[i].d[1] = BSWAP4(ctx->B[i]); - ctx->B[i] = key->tail.h[1]; - blocks[i].d[2] = BSWAP4(ctx->C[i]); - ctx->C[i] = key->tail.h[2]; - blocks[i].d[3] = BSWAP4(ctx->D[i]); - ctx->D[i] = key->tail.h[3]; - blocks[i].d[4] = BSWAP4(ctx->E[i]); - ctx->E[i] = key->tail.h[4]; - blocks[i].d[5] = BSWAP4(ctx->F[i]); - ctx->F[i] = key->tail.h[5]; - blocks[i].d[6] = BSWAP4(ctx->G[i]); - ctx->G[i] = key->tail.h[6]; - blocks[i].d[7] = BSWAP4(ctx->H[i]); - ctx->H[i] = key->tail.h[7]; - blocks[i].c[32] = 0x80; - blocks[i].d[15] = BSWAP4((64 + 32) * 8); -# else - PUTU32(blocks[i].c + 0, ctx->A[i]); - ctx->A[i] = key->tail.h[0]; - PUTU32(blocks[i].c + 4, ctx->B[i]); - ctx->B[i] = key->tail.h[1]; - PUTU32(blocks[i].c + 8, ctx->C[i]); - ctx->C[i] = key->tail.h[2]; - PUTU32(blocks[i].c + 12, ctx->D[i]); - ctx->D[i] = key->tail.h[3]; - PUTU32(blocks[i].c + 16, ctx->E[i]); - ctx->E[i] = key->tail.h[4]; - PUTU32(blocks[i].c + 20, ctx->F[i]); - ctx->F[i] = key->tail.h[5]; - PUTU32(blocks[i].c + 24, ctx->G[i]); - ctx->G[i] = key->tail.h[6]; - PUTU32(blocks[i].c + 28, ctx->H[i]); - ctx->H[i] = key->tail.h[7]; - blocks[i].c[32] = 0x80; - PUTU32(blocks[i].c + 60, (64 + 32) * 8); -# endif - edges[i].ptr = blocks[i].c; - edges[i].blocks = 1; - } - - /* finalize MACs */ - sha256_multi_block(ctx, edges, n4x); - - for (i = 0; i < x4; i++) { - unsigned int len = (i == (x4 - 1) ? last : frag), pad, j; - unsigned char *out0 = out; - - memcpy(ciph_d[i].out, ciph_d[i].inp, len - processed); - ciph_d[i].inp = ciph_d[i].out; - - out += 5 + 16 + len; - - /* write MAC */ - PUTU32(out + 0, ctx->A[i]); - PUTU32(out + 4, ctx->B[i]); - PUTU32(out + 8, ctx->C[i]); - PUTU32(out + 12, ctx->D[i]); - PUTU32(out + 16, ctx->E[i]); - PUTU32(out + 20, ctx->F[i]); - PUTU32(out + 24, ctx->G[i]); - PUTU32(out + 28, ctx->H[i]); - out += 32; - len += 32; - - /* pad */ - pad = 15 - len % 16; - for (j = 0; j <= pad; j++) - *(out++) = pad; - len += pad + 1; - - ciph_d[i].blocks = (len - processed) / 16; - len += 16; /* account for explicit iv */ - - /* arrange header */ - out0[0] = ((u8 *)key->md.data)[8]; - out0[1] = ((u8 *)key->md.data)[9]; - out0[2] = ((u8 *)key->md.data)[10]; - out0[3] = (u8)(len >> 8); - out0[4] = (u8)(len); - - ret += len + 5; - inp += frag; - } - - aesni_multi_cbc_encrypt(ciph_d, &key->ks, n4x); - - OPENSSL_cleanse(blocks, sizeof(blocks)); - OPENSSL_cleanse(ctx, sizeof(*ctx)); - - return ret; -} -# endif - -static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx, - unsigned char *out, - const unsigned char *in, size_t len) -{ - EVP_AES_HMAC_SHA256 *key = data(ctx); - unsigned int l; - size_t plen = key->payload_length, iv = 0, /* explicit IV in TLS 1.1 and - * later */ - sha_off = 0; -# if defined(STITCHED_CALL) - size_t aes_off = 0, blocks; - - sha_off = SHA256_CBLOCK - key->md.num; -# endif - - key->payload_length = NO_PAYLOAD_LENGTH; - - if (len % AES_BLOCK_SIZE) - return 0; - - if (EVP_CIPHER_CTX_is_encrypting(ctx)) { - if (plen == NO_PAYLOAD_LENGTH) - plen = len; - else if (len != - ((plen + SHA256_DIGEST_LENGTH + - AES_BLOCK_SIZE) & -AES_BLOCK_SIZE)) - return 0; - else if (key->aux.tls_ver >= TLS1_1_VERSION) - iv = AES_BLOCK_SIZE; - -# if defined(STITCHED_CALL) - /* - * Assembly stitch handles AVX-capable processors, but its - * performance is not optimal on AMD Jaguar, ~40% worse, for - * unknown reasons. Incidentally processor in question supports - * AVX, but not AMD-specific XOP extension, which can be used - * to identify it and avoid stitch invocation. So that after we - * establish that current CPU supports AVX, we even see if it's - * either even XOP-capable Bulldozer-based or GenuineIntel one. - * But SHAEXT-capable go ahead... - */ - if (((OPENSSL_ia32cap_P[2] & (1 << 29)) || /* SHAEXT? */ - ((OPENSSL_ia32cap_P[1] & (1 << (60 - 32))) && /* AVX? */ - ((OPENSSL_ia32cap_P[1] & (1 << (43 - 32))) /* XOP? */ - | (OPENSSL_ia32cap_P[0] & (1 << 30))))) && /* "Intel CPU"? */ - plen > (sha_off + iv) && - (blocks = (plen - (sha_off + iv)) / SHA256_CBLOCK)) { - SHA256_Update(&key->md, in + iv, sha_off); - - (void)aesni_cbc_sha256_enc(in, out, blocks, &key->ks, - ctx->iv, &key->md, in + iv + sha_off); - blocks *= SHA256_CBLOCK; - aes_off += blocks; - sha_off += blocks; - key->md.Nh += blocks >> 29; - key->md.Nl += blocks <<= 3; - if (key->md.Nl < (unsigned int)blocks) - key->md.Nh++; - } else { - sha_off = 0; - } -# endif - sha_off += iv; - SHA256_Update(&key->md, in + sha_off, plen - sha_off); - - if (plen != len) { /* "TLS" mode of operation */ - if (in != out) - memcpy(out + aes_off, in + aes_off, plen - aes_off); - - /* calculate HMAC and append it to payload */ - SHA256_Final(out + plen, &key->md); - key->md = key->tail; - SHA256_Update(&key->md, out + plen, SHA256_DIGEST_LENGTH); - SHA256_Final(out + plen, &key->md); - - /* pad the payload|hmac */ - plen += SHA256_DIGEST_LENGTH; - for (l = len - plen - 1; plen < len; plen++) - out[plen] = l; - /* encrypt HMAC|padding at once */ - aesni_cbc_encrypt(out + aes_off, out + aes_off, len - aes_off, - &key->ks, ctx->iv, 1); - } else { - aesni_cbc_encrypt(in + aes_off, out + aes_off, len - aes_off, - &key->ks, ctx->iv, 1); - } - } else { - union { - unsigned int u[SHA256_DIGEST_LENGTH / sizeof(unsigned int)]; - unsigned char c[64 + SHA256_DIGEST_LENGTH]; - } mac, *pmac; - - /* arrange cache line alignment */ - pmac = (void *)(((size_t)mac.c + 63) & ((size_t)0 - 64)); - - /* decrypt HMAC|padding at once */ - aesni_cbc_encrypt(in, out, len, &key->ks, - ctx->iv, 0); - - if (plen != NO_PAYLOAD_LENGTH) { /* "TLS" mode of operation */ - size_t inp_len, mask, j, i; - unsigned int res, maxpad, pad, bitlen; - int ret = 1; - union { - unsigned int u[SHA_LBLOCK]; - unsigned char c[SHA256_CBLOCK]; - } *data = (void *)key->md.data; - - if ((key->aux.tls_aad[plen - 4] << 8 | key->aux.tls_aad[plen - 3]) - >= TLS1_1_VERSION) - iv = AES_BLOCK_SIZE; - - if (len < (iv + SHA256_DIGEST_LENGTH + 1)) - return 0; - - /* omit explicit iv */ - out += iv; - len -= iv; - - /* figure out payload length */ - pad = out[len - 1]; - maxpad = len - (SHA256_DIGEST_LENGTH + 1); - maxpad |= (255 - maxpad) >> (sizeof(maxpad) * 8 - 8); - maxpad &= 255; - - mask = constant_time_ge(maxpad, pad); - ret &= mask; - /* - * If pad is invalid then we will fail the above test but we must - * continue anyway because we are in constant time code. However, - * we'll use the maxpad value instead of the supplied pad to make - * sure we perform well defined pointer arithmetic. - */ - pad = constant_time_select(mask, pad, maxpad); - - inp_len = len - (SHA256_DIGEST_LENGTH + pad + 1); - - key->aux.tls_aad[plen - 2] = inp_len >> 8; - key->aux.tls_aad[plen - 1] = inp_len; - - /* calculate HMAC */ - key->md = key->head; - SHA256_Update(&key->md, key->aux.tls_aad, plen); - -# if 1 /* see original reference version in #else */ - len -= SHA256_DIGEST_LENGTH; /* amend mac */ - if (len >= (256 + SHA256_CBLOCK)) { - j = (len - (256 + SHA256_CBLOCK)) & (0 - SHA256_CBLOCK); - j += SHA256_CBLOCK - key->md.num; - SHA256_Update(&key->md, out, j); - out += j; - len -= j; - inp_len -= j; - } - - /* but pretend as if we hashed padded payload */ - bitlen = key->md.Nl + (inp_len << 3); /* at most 18 bits */ -# ifdef BSWAP4 - bitlen = BSWAP4(bitlen); -# else - mac.c[0] = 0; - mac.c[1] = (unsigned char)(bitlen >> 16); - mac.c[2] = (unsigned char)(bitlen >> 8); - mac.c[3] = (unsigned char)bitlen; - bitlen = mac.u[0]; -# endif - - pmac->u[0] = 0; - pmac->u[1] = 0; - pmac->u[2] = 0; - pmac->u[3] = 0; - pmac->u[4] = 0; - pmac->u[5] = 0; - pmac->u[6] = 0; - pmac->u[7] = 0; - - for (res = key->md.num, j = 0; j < len; j++) { - size_t c = out[j]; - mask = (j - inp_len) >> (sizeof(j) * 8 - 8); - c &= mask; - c |= 0x80 & ~mask & ~((inp_len - j) >> (sizeof(j) * 8 - 8)); - data->c[res++] = (unsigned char)c; - - if (res != SHA256_CBLOCK) - continue; - - /* j is not incremented yet */ - mask = 0 - ((inp_len + 7 - j) >> (sizeof(j) * 8 - 1)); - data->u[SHA_LBLOCK - 1] |= bitlen & mask; - sha256_block_data_order(&key->md, data, 1); - mask &= 0 - ((j - inp_len - 72) >> (sizeof(j) * 8 - 1)); - pmac->u[0] |= key->md.h[0] & mask; - pmac->u[1] |= key->md.h[1] & mask; - pmac->u[2] |= key->md.h[2] & mask; - pmac->u[3] |= key->md.h[3] & mask; - pmac->u[4] |= key->md.h[4] & mask; - pmac->u[5] |= key->md.h[5] & mask; - pmac->u[6] |= key->md.h[6] & mask; - pmac->u[7] |= key->md.h[7] & mask; - res = 0; - } - - for (i = res; i < SHA256_CBLOCK; i++, j++) - data->c[i] = 0; - - if (res > SHA256_CBLOCK - 8) { - mask = 0 - ((inp_len + 8 - j) >> (sizeof(j) * 8 - 1)); - data->u[SHA_LBLOCK - 1] |= bitlen & mask; - sha256_block_data_order(&key->md, data, 1); - mask &= 0 - ((j - inp_len - 73) >> (sizeof(j) * 8 - 1)); - pmac->u[0] |= key->md.h[0] & mask; - pmac->u[1] |= key->md.h[1] & mask; - pmac->u[2] |= key->md.h[2] & mask; - pmac->u[3] |= key->md.h[3] & mask; - pmac->u[4] |= key->md.h[4] & mask; - pmac->u[5] |= key->md.h[5] & mask; - pmac->u[6] |= key->md.h[6] & mask; - pmac->u[7] |= key->md.h[7] & mask; - - memset(data, 0, SHA256_CBLOCK); - j += 64; - } - data->u[SHA_LBLOCK - 1] = bitlen; - sha256_block_data_order(&key->md, data, 1); - mask = 0 - ((j - inp_len - 73) >> (sizeof(j) * 8 - 1)); - pmac->u[0] |= key->md.h[0] & mask; - pmac->u[1] |= key->md.h[1] & mask; - pmac->u[2] |= key->md.h[2] & mask; - pmac->u[3] |= key->md.h[3] & mask; - pmac->u[4] |= key->md.h[4] & mask; - pmac->u[5] |= key->md.h[5] & mask; - pmac->u[6] |= key->md.h[6] & mask; - pmac->u[7] |= key->md.h[7] & mask; - -# ifdef BSWAP4 - pmac->u[0] = BSWAP4(pmac->u[0]); - pmac->u[1] = BSWAP4(pmac->u[1]); - pmac->u[2] = BSWAP4(pmac->u[2]); - pmac->u[3] = BSWAP4(pmac->u[3]); - pmac->u[4] = BSWAP4(pmac->u[4]); - pmac->u[5] = BSWAP4(pmac->u[5]); - pmac->u[6] = BSWAP4(pmac->u[6]); - pmac->u[7] = BSWAP4(pmac->u[7]); -# else - for (i = 0; i < 8; i++) { - res = pmac->u[i]; - pmac->c[4 * i + 0] = (unsigned char)(res >> 24); - pmac->c[4 * i + 1] = (unsigned char)(res >> 16); - pmac->c[4 * i + 2] = (unsigned char)(res >> 8); - pmac->c[4 * i + 3] = (unsigned char)res; - } -# endif - len += SHA256_DIGEST_LENGTH; -# else - SHA256_Update(&key->md, out, inp_len); - res = key->md.num; - SHA256_Final(pmac->c, &key->md); - - { - unsigned int inp_blocks, pad_blocks; - - /* but pretend as if we hashed padded payload */ - inp_blocks = - 1 + ((SHA256_CBLOCK - 9 - res) >> (sizeof(res) * 8 - 1)); - res += (unsigned int)(len - inp_len); - pad_blocks = res / SHA256_CBLOCK; - res %= SHA256_CBLOCK; - pad_blocks += - 1 + ((SHA256_CBLOCK - 9 - res) >> (sizeof(res) * 8 - 1)); - for (; inp_blocks < pad_blocks; inp_blocks++) - sha1_block_data_order(&key->md, data, 1); - } -# endif /* pre-lucky-13 reference version of above */ - key->md = key->tail; - SHA256_Update(&key->md, pmac->c, SHA256_DIGEST_LENGTH); - SHA256_Final(pmac->c, &key->md); - - /* verify HMAC */ - out += inp_len; - len -= inp_len; -# if 1 /* see original reference version in #else */ - { - unsigned char *p = - out + len - 1 - maxpad - SHA256_DIGEST_LENGTH; - size_t off = out - p; - unsigned int c, cmask; - - for (res = 0, i = 0, j = 0; j < maxpad + SHA256_DIGEST_LENGTH; - j++) { - c = p[j]; - cmask = - ((int)(j - off - SHA256_DIGEST_LENGTH)) >> - (sizeof(int) * 8 - 1); - res |= (c ^ pad) & ~cmask; /* ... and padding */ - cmask &= ((int)(off - 1 - j)) >> (sizeof(int) * 8 - 1); - res |= (c ^ pmac->c[i]) & cmask; - i += 1 & cmask; - } - - res = 0 - ((0 - res) >> (sizeof(res) * 8 - 1)); - ret &= (int)~res; - } -# else /* pre-lucky-13 reference version of above */ - for (res = 0, i = 0; i < SHA256_DIGEST_LENGTH; i++) - res |= out[i] ^ pmac->c[i]; - res = 0 - ((0 - res) >> (sizeof(res) * 8 - 1)); - ret &= (int)~res; - - /* verify padding */ - pad = (pad & ~res) | (maxpad & res); - out = out + len - 1 - pad; - for (res = 0, i = 0; i < pad; i++) - res |= out[i] ^ pad; - - res = (0 - res) >> (sizeof(res) * 8 - 1); - ret &= (int)~res; -# endif - return ret; - } else { - SHA256_Update(&key->md, out, len); - } - } - - return 1; -} - -static int aesni_cbc_hmac_sha256_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, - void *ptr) -{ - EVP_AES_HMAC_SHA256 *key = data(ctx); - unsigned int u_arg = (unsigned int)arg; - - switch (type) { - case EVP_CTRL_AEAD_SET_MAC_KEY: - { - unsigned int i; - unsigned char hmac_key[64]; - - memset(hmac_key, 0, sizeof(hmac_key)); - - if (arg < 0) - return -1; - - if (u_arg > sizeof(hmac_key)) { - SHA256_Init(&key->head); - SHA256_Update(&key->head, ptr, arg); - SHA256_Final(hmac_key, &key->head); - } else { - memcpy(hmac_key, ptr, arg); - } - - for (i = 0; i < sizeof(hmac_key); i++) - hmac_key[i] ^= 0x36; /* ipad */ - SHA256_Init(&key->head); - SHA256_Update(&key->head, hmac_key, sizeof(hmac_key)); - - for (i = 0; i < sizeof(hmac_key); i++) - hmac_key[i] ^= 0x36 ^ 0x5c; /* opad */ - SHA256_Init(&key->tail); - SHA256_Update(&key->tail, hmac_key, sizeof(hmac_key)); - - OPENSSL_cleanse(hmac_key, sizeof(hmac_key)); - - return 1; - } - case EVP_CTRL_AEAD_TLS1_AAD: - { - unsigned char *p = ptr; - unsigned int len; - - if (arg != EVP_AEAD_TLS1_AAD_LEN) - return -1; - - len = p[arg - 2] << 8 | p[arg - 1]; - - if (EVP_CIPHER_CTX_is_encrypting(ctx)) { - key->payload_length = len; - if ((key->aux.tls_ver = - p[arg - 4] << 8 | p[arg - 3]) >= TLS1_1_VERSION) { - if (len < AES_BLOCK_SIZE) - return 0; - len -= AES_BLOCK_SIZE; - p[arg - 2] = len >> 8; - p[arg - 1] = len; - } - key->md = key->head; - SHA256_Update(&key->md, p, arg); - - return (int)(((len + SHA256_DIGEST_LENGTH + - AES_BLOCK_SIZE) & -AES_BLOCK_SIZE) - - len); - } else { - memcpy(key->aux.tls_aad, ptr, arg); - key->payload_length = arg; - - return SHA256_DIGEST_LENGTH; - } - } -# if !defined(OPENSSL_NO_MULTIBLOCK) - case EVP_CTRL_TLS1_1_MULTIBLOCK_MAX_BUFSIZE: - return (int)(5 + 16 + ((arg + 32 + 16) & -16)); - case EVP_CTRL_TLS1_1_MULTIBLOCK_AAD: - { - EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM *param = - (EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM *) ptr; - unsigned int n4x = 1, x4; - unsigned int frag, last, packlen, inp_len; - - if (arg < 0) - return -1; - - if (u_arg < sizeof(EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM)) - return -1; - - inp_len = param->inp[11] << 8 | param->inp[12]; - - if (EVP_CIPHER_CTX_is_encrypting(ctx)) { - if ((param->inp[9] << 8 | param->inp[10]) < TLS1_1_VERSION) - return -1; - - if (inp_len) { - if (inp_len < 4096) - return 0; /* too short */ - - if (inp_len >= 8192 && OPENSSL_ia32cap_P[2] & (1 << 5)) - n4x = 2; /* AVX2 */ - } else if ((n4x = param->interleave / 4) && n4x <= 2) - inp_len = param->len; - else - return -1; - - key->md = key->head; - SHA256_Update(&key->md, param->inp, 13); - - x4 = 4 * n4x; - n4x += 1; - - frag = inp_len >> n4x; - last = inp_len + frag - (frag << n4x); - if (last > frag && ((last + 13 + 9) % 64 < (x4 - 1))) { - frag++; - last -= x4 - 1; - } - - packlen = 5 + 16 + ((frag + 32 + 16) & -16); - packlen = (packlen << n4x) - packlen; - packlen += 5 + 16 + ((last + 32 + 16) & -16); - - param->interleave = x4; - - return (int)packlen; - } else - return -1; /* not yet */ - } - case EVP_CTRL_TLS1_1_MULTIBLOCK_ENCRYPT: - { - EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM *param = - (EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM *) ptr; - - return (int)tls1_1_multi_block_encrypt(key, param->out, - param->inp, param->len, - param->interleave / 4); - } - case EVP_CTRL_TLS1_1_MULTIBLOCK_DECRYPT: -# endif - default: - return -1; - } -} - -static EVP_CIPHER aesni_128_cbc_hmac_sha256_cipher = { -# ifdef NID_aes_128_cbc_hmac_sha256 - NID_aes_128_cbc_hmac_sha256, -# else - NID_undef, -# endif - AES_BLOCK_SIZE, 16, AES_BLOCK_SIZE, - EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1 | - EVP_CIPH_FLAG_AEAD_CIPHER | EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK, - EVP_ORIG_GLOBAL, - aesni_cbc_hmac_sha256_init_key, - aesni_cbc_hmac_sha256_cipher, - NULL, - sizeof(EVP_AES_HMAC_SHA256), - EVP_CIPH_FLAG_DEFAULT_ASN1 ? NULL : EVP_CIPHER_set_asn1_iv, - EVP_CIPH_FLAG_DEFAULT_ASN1 ? NULL : EVP_CIPHER_get_asn1_iv, - aesni_cbc_hmac_sha256_ctrl, - NULL -}; - -static EVP_CIPHER aesni_256_cbc_hmac_sha256_cipher = { -# ifdef NID_aes_256_cbc_hmac_sha256 - NID_aes_256_cbc_hmac_sha256, -# else - NID_undef, -# endif - AES_BLOCK_SIZE, 32, AES_BLOCK_SIZE, - EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1 | - EVP_CIPH_FLAG_AEAD_CIPHER | EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK, - EVP_ORIG_GLOBAL, - aesni_cbc_hmac_sha256_init_key, - aesni_cbc_hmac_sha256_cipher, - NULL, - sizeof(EVP_AES_HMAC_SHA256), - EVP_CIPH_FLAG_DEFAULT_ASN1 ? NULL : EVP_CIPHER_set_asn1_iv, - EVP_CIPH_FLAG_DEFAULT_ASN1 ? NULL : EVP_CIPHER_get_asn1_iv, - aesni_cbc_hmac_sha256_ctrl, - NULL -}; - -const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha256(void) -{ - return ((OPENSSL_ia32cap_P[1] & AESNI_CAPABLE) && - aesni_cbc_sha256_enc(NULL, NULL, 0, NULL, NULL, NULL, NULL) ? - &aesni_128_cbc_hmac_sha256_cipher : NULL); -} - -const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha256(void) -{ - return ((OPENSSL_ia32cap_P[1] & AESNI_CAPABLE) && - aesni_cbc_sha256_enc(NULL, NULL, 0, NULL, NULL, NULL, NULL) ? - &aesni_256_cbc_hmac_sha256_cipher : NULL); -} -#else -const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha256(void) -{ - return NULL; -} - -const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha256(void) -{ - return NULL; -} -#endif diff --git a/crypto/evp/e_aria.c b/crypto/evp/e_aria.c deleted file mode 100644 index 7e1fda33e1211137572372e979f03565ff80672c..0000000000000000000000000000000000000000 --- a/crypto/evp/e_aria.c +++ /dev/null @@ -1,790 +0,0 @@ -/* - * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. - * Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include "internal/deprecated.h" - -#include "internal/cryptlib.h" -#ifndef OPENSSL_NO_ARIA -# include -# include -# include -# include "crypto/aria.h" -# include "crypto/evp.h" -# include "crypto/modes.h" -# include "evp_local.h" - -/* ARIA subkey Structure */ -typedef struct { - ARIA_KEY ks; -} EVP_ARIA_KEY; - -/* ARIA GCM context */ -typedef struct { - union { - OSSL_UNION_ALIGN; - ARIA_KEY ks; - } ks; /* ARIA subkey to use */ - int key_set; /* Set if key initialised */ - int iv_set; /* Set if an iv is set */ - GCM128_CONTEXT gcm; - unsigned char *iv; /* Temporary IV store */ - int ivlen; /* IV length */ - int taglen; - int iv_gen; /* It is OK to generate IVs */ - int tls_aad_len; /* TLS AAD length */ -} EVP_ARIA_GCM_CTX; - -/* ARIA CCM context */ -typedef struct { - union { - OSSL_UNION_ALIGN; - ARIA_KEY ks; - } ks; /* ARIA key schedule to use */ - int key_set; /* Set if key initialised */ - int iv_set; /* Set if an iv is set */ - int tag_set; /* Set if tag is valid */ - int len_set; /* Set if message length set */ - int L, M; /* L and M parameters from RFC3610 */ - int tls_aad_len; /* TLS AAD length */ - CCM128_CONTEXT ccm; - ccm128_f str; -} EVP_ARIA_CCM_CTX; - -/* The subkey for ARIA is generated. */ -static int aria_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) -{ - int ret; - int mode = EVP_CIPHER_CTX_get_mode(ctx); - - if (enc || (mode != EVP_CIPH_ECB_MODE && mode != EVP_CIPH_CBC_MODE)) - ret = ossl_aria_set_encrypt_key(key, - EVP_CIPHER_CTX_get_key_length(ctx) * 8, - EVP_CIPHER_CTX_get_cipher_data(ctx)); - else - ret = ossl_aria_set_decrypt_key(key, - EVP_CIPHER_CTX_get_key_length(ctx) * 8, - EVP_CIPHER_CTX_get_cipher_data(ctx)); - if (ret < 0) { - ERR_raise(ERR_LIB_EVP,EVP_R_ARIA_KEY_SETUP_FAILED); - return 0; - } - return 1; -} - -static void aria_cbc_encrypt(const unsigned char *in, unsigned char *out, - size_t len, const ARIA_KEY *key, - unsigned char *ivec, const int enc) -{ - - if (enc) - CRYPTO_cbc128_encrypt(in, out, len, key, ivec, - (block128_f) ossl_aria_encrypt); - else - CRYPTO_cbc128_decrypt(in, out, len, key, ivec, - (block128_f) ossl_aria_encrypt); -} - -static void aria_cfb128_encrypt(const unsigned char *in, unsigned char *out, - size_t length, const ARIA_KEY *key, - unsigned char *ivec, int *num, const int enc) -{ - - CRYPTO_cfb128_encrypt(in, out, length, key, ivec, num, enc, - (block128_f) ossl_aria_encrypt); -} - -static void aria_cfb1_encrypt(const unsigned char *in, unsigned char *out, - size_t length, const ARIA_KEY *key, - unsigned char *ivec, int *num, const int enc) -{ - CRYPTO_cfb128_1_encrypt(in, out, length, key, ivec, num, enc, - (block128_f) ossl_aria_encrypt); -} - -static void aria_cfb8_encrypt(const unsigned char *in, unsigned char *out, - size_t length, const ARIA_KEY *key, - unsigned char *ivec, int *num, const int enc) -{ - CRYPTO_cfb128_8_encrypt(in, out, length, key, ivec, num, enc, - (block128_f) ossl_aria_encrypt); -} - -static void aria_ecb_encrypt(const unsigned char *in, unsigned char *out, - const ARIA_KEY *key, const int enc) -{ - ossl_aria_encrypt(in, out, key); -} - -static void aria_ofb128_encrypt(const unsigned char *in, unsigned char *out, - size_t length, const ARIA_KEY *key, - unsigned char *ivec, int *num) -{ - CRYPTO_ofb128_encrypt(in, out, length, key, ivec, num, - (block128_f) ossl_aria_encrypt); -} - -IMPLEMENT_BLOCK_CIPHER(aria_128, ks, aria, EVP_ARIA_KEY, - NID_aria_128, 16, 16, 16, 128, - 0, aria_init_key, NULL, - EVP_CIPHER_set_asn1_iv, - EVP_CIPHER_get_asn1_iv, - NULL) -IMPLEMENT_BLOCK_CIPHER(aria_192, ks, aria, EVP_ARIA_KEY, - NID_aria_192, 16, 24, 16, 128, - 0, aria_init_key, NULL, - EVP_CIPHER_set_asn1_iv, - EVP_CIPHER_get_asn1_iv, - NULL) -IMPLEMENT_BLOCK_CIPHER(aria_256, ks, aria, EVP_ARIA_KEY, - NID_aria_256, 16, 32, 16, 128, - 0, aria_init_key, NULL, - EVP_CIPHER_set_asn1_iv, - EVP_CIPHER_get_asn1_iv, - NULL) - -# define IMPLEMENT_ARIA_CFBR(ksize,cbits) \ - IMPLEMENT_CFBR(aria,aria,EVP_ARIA_KEY,ks,ksize,cbits,16,0) -IMPLEMENT_ARIA_CFBR(128,1) -IMPLEMENT_ARIA_CFBR(192,1) -IMPLEMENT_ARIA_CFBR(256,1) -IMPLEMENT_ARIA_CFBR(128,8) -IMPLEMENT_ARIA_CFBR(192,8) -IMPLEMENT_ARIA_CFBR(256,8) - -# define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \ -static const EVP_CIPHER aria_##keylen##_##mode = { \ - nid##_##keylen##_##nmode,blocksize,keylen/8,ivlen, \ - flags|EVP_CIPH_##MODE##_MODE, \ - EVP_ORIG_GLOBAL, \ - aria_init_key, \ - aria_##mode##_cipher, \ - NULL, \ - sizeof(EVP_ARIA_KEY), \ - NULL,NULL,NULL,NULL }; \ -const EVP_CIPHER *EVP_aria_##keylen##_##mode(void) \ -{ return &aria_##keylen##_##mode; } - -static int aria_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len) -{ - int n = EVP_CIPHER_CTX_get_num(ctx); - unsigned int num; - EVP_ARIA_KEY *dat = EVP_C_DATA(EVP_ARIA_KEY, ctx); - - if (n < 0) - return 0; - num = (unsigned int)n; - - CRYPTO_ctr128_encrypt(in, out, len, &dat->ks, ctx->iv, - EVP_CIPHER_CTX_buf_noconst(ctx), &num, - (block128_f) ossl_aria_encrypt); - EVP_CIPHER_CTX_set_num(ctx, num); - return 1; -} - -BLOCK_CIPHER_generic(NID_aria, 128, 1, 16, ctr, ctr, CTR, 0) -BLOCK_CIPHER_generic(NID_aria, 192, 1, 16, ctr, ctr, CTR, 0) -BLOCK_CIPHER_generic(NID_aria, 256, 1, 16, ctr, ctr, CTR, 0) - -/* Authenticated cipher modes (GCM/CCM) */ - -/* increment counter (64-bit int) by 1 */ -static void ctr64_inc(unsigned char *counter) -{ - int n = 8; - unsigned char c; - - do { - --n; - c = counter[n]; - ++c; - counter[n] = c; - if (c) - return; - } while (n); -} - -static int aria_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) -{ - int ret; - EVP_ARIA_GCM_CTX *gctx = EVP_C_DATA(EVP_ARIA_GCM_CTX,ctx); - - if (!iv && !key) - return 1; - if (key) { - ret = ossl_aria_set_encrypt_key(key, - EVP_CIPHER_CTX_get_key_length(ctx) * 8, - &gctx->ks.ks); - CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks, - (block128_f) ossl_aria_encrypt); - if (ret < 0) { - ERR_raise(ERR_LIB_EVP,EVP_R_ARIA_KEY_SETUP_FAILED); - return 0; - } - - /* - * If we have an iv can set it directly, otherwise use saved IV. - */ - if (iv == NULL && gctx->iv_set) - iv = gctx->iv; - if (iv) { - CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen); - gctx->iv_set = 1; - } - gctx->key_set = 1; - } else { - /* If key set use IV, otherwise copy */ - if (gctx->key_set) - CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen); - else - memcpy(gctx->iv, iv, gctx->ivlen); - gctx->iv_set = 1; - gctx->iv_gen = 0; - } - return 1; -} - -static int aria_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) -{ - EVP_ARIA_GCM_CTX *gctx = EVP_C_DATA(EVP_ARIA_GCM_CTX,c); - - switch (type) { - case EVP_CTRL_INIT: - gctx->key_set = 0; - gctx->iv_set = 0; - gctx->ivlen = EVP_CIPHER_get_iv_length(c->cipher); - gctx->iv = c->iv; - gctx->taglen = -1; - gctx->iv_gen = 0; - gctx->tls_aad_len = -1; - return 1; - - case EVP_CTRL_GET_IVLEN: - *(int *)ptr = gctx->ivlen; - return 1; - - case EVP_CTRL_AEAD_SET_IVLEN: - if (arg <= 0) - return 0; - /* Allocate memory for IV if needed */ - if ((arg > EVP_MAX_IV_LENGTH) && (arg > gctx->ivlen)) { - if (gctx->iv != c->iv) - OPENSSL_free(gctx->iv); - if ((gctx->iv = OPENSSL_malloc(arg)) == NULL) { - ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE); - return 0; - } - } - gctx->ivlen = arg; - return 1; - - case EVP_CTRL_AEAD_SET_TAG: - if (arg <= 0 || arg > 16 || EVP_CIPHER_CTX_is_encrypting(c)) - return 0; - memcpy(EVP_CIPHER_CTX_buf_noconst(c), ptr, arg); - gctx->taglen = arg; - return 1; - - case EVP_CTRL_AEAD_GET_TAG: - if (arg <= 0 || arg > 16 || !EVP_CIPHER_CTX_is_encrypting(c) - || gctx->taglen < 0) - return 0; - memcpy(ptr, EVP_CIPHER_CTX_buf_noconst(c), arg); - return 1; - - case EVP_CTRL_GCM_SET_IV_FIXED: - /* Special case: -1 length restores whole IV */ - if (arg == -1) { - memcpy(gctx->iv, ptr, gctx->ivlen); - gctx->iv_gen = 1; - return 1; - } - /* - * Fixed field must be at least 4 bytes and invocation field at least - * 8. - */ - if ((arg < 4) || (gctx->ivlen - arg) < 8) - return 0; - if (arg) - memcpy(gctx->iv, ptr, arg); - if (EVP_CIPHER_CTX_is_encrypting(c) - && RAND_bytes(gctx->iv + arg, gctx->ivlen - arg) <= 0) - return 0; - gctx->iv_gen = 1; - return 1; - - case EVP_CTRL_GCM_IV_GEN: - if (gctx->iv_gen == 0 || gctx->key_set == 0) - return 0; - CRYPTO_gcm128_setiv(&gctx->gcm, gctx->iv, gctx->ivlen); - if (arg <= 0 || arg > gctx->ivlen) - arg = gctx->ivlen; - memcpy(ptr, gctx->iv + gctx->ivlen - arg, arg); - /* - * Invocation field will be at least 8 bytes in size and so no need - * to check wrap around or increment more than last 8 bytes. - */ - ctr64_inc(gctx->iv + gctx->ivlen - 8); - gctx->iv_set = 1; - return 1; - - case EVP_CTRL_GCM_SET_IV_INV: - if (gctx->iv_gen == 0 || gctx->key_set == 0 - || EVP_CIPHER_CTX_is_encrypting(c)) - return 0; - memcpy(gctx->iv + gctx->ivlen - arg, ptr, arg); - CRYPTO_gcm128_setiv(&gctx->gcm, gctx->iv, gctx->ivlen); - gctx->iv_set = 1; - return 1; - - case EVP_CTRL_AEAD_TLS1_AAD: - /* Save the AAD for later use */ - if (arg != EVP_AEAD_TLS1_AAD_LEN) - return 0; - memcpy(EVP_CIPHER_CTX_buf_noconst(c), ptr, arg); - gctx->tls_aad_len = arg; - { - unsigned int len = - EVP_CIPHER_CTX_buf_noconst(c)[arg - 2] << 8 - | EVP_CIPHER_CTX_buf_noconst(c)[arg - 1]; - /* Correct length for explicit IV */ - if (len < EVP_GCM_TLS_EXPLICIT_IV_LEN) - return 0; - len -= EVP_GCM_TLS_EXPLICIT_IV_LEN; - /* If decrypting correct for tag too */ - if (!EVP_CIPHER_CTX_is_encrypting(c)) { - if (len < EVP_GCM_TLS_TAG_LEN) - return 0; - len -= EVP_GCM_TLS_TAG_LEN; - } - EVP_CIPHER_CTX_buf_noconst(c)[arg - 2] = len >> 8; - EVP_CIPHER_CTX_buf_noconst(c)[arg - 1] = len & 0xff; - } - /* Extra padding: tag appended to record */ - return EVP_GCM_TLS_TAG_LEN; - - case EVP_CTRL_COPY: - { - EVP_CIPHER_CTX *out = ptr; - EVP_ARIA_GCM_CTX *gctx_out = EVP_C_DATA(EVP_ARIA_GCM_CTX,out); - if (gctx->gcm.key) { - if (gctx->gcm.key != &gctx->ks) - return 0; - gctx_out->gcm.key = &gctx_out->ks; - } - if (gctx->iv == c->iv) - gctx_out->iv = out->iv; - else { - if ((gctx_out->iv = OPENSSL_malloc(gctx->ivlen)) == NULL) { - ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE); - return 0; - } - memcpy(gctx_out->iv, gctx->iv, gctx->ivlen); - } - return 1; - } - - default: - return -1; - - } -} - -static int aria_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len) -{ - EVP_ARIA_GCM_CTX *gctx = EVP_C_DATA(EVP_ARIA_GCM_CTX,ctx); - int rv = -1; - - /* Encrypt/decrypt must be performed in place */ - if (out != in - || len < (EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN)) - return -1; - /* - * Set IV from start of buffer or generate IV and write to start of - * buffer. - */ - if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CIPHER_CTX_is_encrypting(ctx) ? - EVP_CTRL_GCM_IV_GEN : EVP_CTRL_GCM_SET_IV_INV, - EVP_GCM_TLS_EXPLICIT_IV_LEN, out) <= 0) - goto err; - /* Use saved AAD */ - if (CRYPTO_gcm128_aad(&gctx->gcm, EVP_CIPHER_CTX_buf_noconst(ctx), - gctx->tls_aad_len)) - goto err; - /* Fix buffer and length to point to payload */ - in += EVP_GCM_TLS_EXPLICIT_IV_LEN; - out += EVP_GCM_TLS_EXPLICIT_IV_LEN; - len -= EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN; - if (EVP_CIPHER_CTX_is_encrypting(ctx)) { - /* Encrypt payload */ - if (CRYPTO_gcm128_encrypt(&gctx->gcm, in, out, len)) - goto err; - out += len; - /* Finally write tag */ - CRYPTO_gcm128_tag(&gctx->gcm, out, EVP_GCM_TLS_TAG_LEN); - rv = len + EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN; - } else { - /* Decrypt */ - if (CRYPTO_gcm128_decrypt(&gctx->gcm, in, out, len)) - goto err; - /* Retrieve tag */ - CRYPTO_gcm128_tag(&gctx->gcm, EVP_CIPHER_CTX_buf_noconst(ctx), - EVP_GCM_TLS_TAG_LEN); - /* If tag mismatch wipe buffer */ - if (CRYPTO_memcmp(EVP_CIPHER_CTX_buf_noconst(ctx), in + len, - EVP_GCM_TLS_TAG_LEN)) { - OPENSSL_cleanse(out, len); - goto err; - } - rv = len; - } - - err: - gctx->iv_set = 0; - gctx->tls_aad_len = -1; - return rv; -} - -static int aria_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len) -{ - EVP_ARIA_GCM_CTX *gctx = EVP_C_DATA(EVP_ARIA_GCM_CTX,ctx); - - /* If not set up, return error */ - if (!gctx->key_set) - return -1; - - if (gctx->tls_aad_len >= 0) - return aria_gcm_tls_cipher(ctx, out, in, len); - - if (!gctx->iv_set) - return -1; - if (in) { - if (out == NULL) { - if (CRYPTO_gcm128_aad(&gctx->gcm, in, len)) - return -1; - } else if (EVP_CIPHER_CTX_is_encrypting(ctx)) { - if (CRYPTO_gcm128_encrypt(&gctx->gcm, in, out, len)) - return -1; - } else { - if (CRYPTO_gcm128_decrypt(&gctx->gcm, in, out, len)) - return -1; - } - return len; - } - if (!EVP_CIPHER_CTX_is_encrypting(ctx)) { - if (gctx->taglen < 0) - return -1; - if (CRYPTO_gcm128_finish(&gctx->gcm, - EVP_CIPHER_CTX_buf_noconst(ctx), - gctx->taglen) != 0) - return -1; - gctx->iv_set = 0; - return 0; - } - CRYPTO_gcm128_tag(&gctx->gcm, EVP_CIPHER_CTX_buf_noconst(ctx), 16); - gctx->taglen = 16; - /* Don't reuse the IV */ - gctx->iv_set = 0; - return 0; -} - -static int aria_gcm_cleanup(EVP_CIPHER_CTX *ctx) -{ - EVP_ARIA_GCM_CTX *gctx = EVP_C_DATA(EVP_ARIA_GCM_CTX, ctx); - - if (gctx->iv != ctx->iv) - OPENSSL_free(gctx->iv); - - return 1; -} - -static int aria_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) -{ - int ret; - EVP_ARIA_CCM_CTX *cctx = EVP_C_DATA(EVP_ARIA_CCM_CTX,ctx); - - if (!iv && !key) - return 1; - - if (key) { - ret = ossl_aria_set_encrypt_key(key, - EVP_CIPHER_CTX_get_key_length(ctx) * 8, - &cctx->ks.ks); - CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L, - &cctx->ks, (block128_f) ossl_aria_encrypt); - if (ret < 0) { - ERR_raise(ERR_LIB_EVP,EVP_R_ARIA_KEY_SETUP_FAILED); - return 0; - } - cctx->str = NULL; - cctx->key_set = 1; - } - if (iv) { - memcpy(ctx->iv, iv, 15 - cctx->L); - cctx->iv_set = 1; - } - return 1; -} - -static int aria_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) -{ - EVP_ARIA_CCM_CTX *cctx = EVP_C_DATA(EVP_ARIA_CCM_CTX,c); - - switch (type) { - case EVP_CTRL_INIT: - cctx->key_set = 0; - cctx->iv_set = 0; - cctx->L = 8; - cctx->M = 12; - cctx->tag_set = 0; - cctx->len_set = 0; - cctx->tls_aad_len = -1; - return 1; - - case EVP_CTRL_GET_IVLEN: - *(int *)ptr = 15 - cctx->L; - return 1; - - case EVP_CTRL_AEAD_TLS1_AAD: - /* Save the AAD for later use */ - if (arg != EVP_AEAD_TLS1_AAD_LEN) - return 0; - memcpy(EVP_CIPHER_CTX_buf_noconst(c), ptr, arg); - cctx->tls_aad_len = arg; - { - uint16_t len = - EVP_CIPHER_CTX_buf_noconst(c)[arg - 2] << 8 - | EVP_CIPHER_CTX_buf_noconst(c)[arg - 1]; - /* Correct length for explicit IV */ - if (len < EVP_CCM_TLS_EXPLICIT_IV_LEN) - return 0; - len -= EVP_CCM_TLS_EXPLICIT_IV_LEN; - /* If decrypting correct for tag too */ - if (!EVP_CIPHER_CTX_is_encrypting(c)) { - if (len < cctx->M) - return 0; - len -= cctx->M; - } - EVP_CIPHER_CTX_buf_noconst(c)[arg - 2] = len >> 8; - EVP_CIPHER_CTX_buf_noconst(c)[arg - 1] = len & 0xff; - } - /* Extra padding: tag appended to record */ - return cctx->M; - - case EVP_CTRL_CCM_SET_IV_FIXED: - /* Sanity check length */ - if (arg != EVP_CCM_TLS_FIXED_IV_LEN) - return 0; - /* Just copy to first part of IV */ - memcpy(c->iv, ptr, arg); - return 1; - - case EVP_CTRL_AEAD_SET_IVLEN: - arg = 15 - arg; - /* fall thru */ - case EVP_CTRL_CCM_SET_L: - if (arg < 2 || arg > 8) - return 0; - cctx->L = arg; - return 1; - case EVP_CTRL_AEAD_SET_TAG: - if ((arg & 1) || arg < 4 || arg > 16) - return 0; - if (EVP_CIPHER_CTX_is_encrypting(c) && ptr) - return 0; - if (ptr) { - cctx->tag_set = 1; - memcpy(EVP_CIPHER_CTX_buf_noconst(c), ptr, arg); - } - cctx->M = arg; - return 1; - - case EVP_CTRL_AEAD_GET_TAG: - if (!EVP_CIPHER_CTX_is_encrypting(c) || !cctx->tag_set) - return 0; - if (!CRYPTO_ccm128_tag(&cctx->ccm, ptr, (size_t)arg)) - return 0; - cctx->tag_set = 0; - cctx->iv_set = 0; - cctx->len_set = 0; - return 1; - - case EVP_CTRL_COPY: - { - EVP_CIPHER_CTX *out = ptr; - EVP_ARIA_CCM_CTX *cctx_out = EVP_C_DATA(EVP_ARIA_CCM_CTX,out); - if (cctx->ccm.key) { - if (cctx->ccm.key != &cctx->ks) - return 0; - cctx_out->ccm.key = &cctx_out->ks; - } - return 1; - } - - default: - return -1; - } -} - -static int aria_ccm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len) -{ - EVP_ARIA_CCM_CTX *cctx = EVP_C_DATA(EVP_ARIA_CCM_CTX,ctx); - CCM128_CONTEXT *ccm = &cctx->ccm; - - /* Encrypt/decrypt must be performed in place */ - if (out != in || len < (EVP_CCM_TLS_EXPLICIT_IV_LEN + (size_t)cctx->M)) - return -1; - /* If encrypting set explicit IV from sequence number (start of AAD) */ - if (EVP_CIPHER_CTX_is_encrypting(ctx)) - memcpy(out, EVP_CIPHER_CTX_buf_noconst(ctx), - EVP_CCM_TLS_EXPLICIT_IV_LEN); - /* Get rest of IV from explicit IV */ - memcpy(ctx->iv + EVP_CCM_TLS_FIXED_IV_LEN, in, - EVP_CCM_TLS_EXPLICIT_IV_LEN); - /* Correct length value */ - len -= EVP_CCM_TLS_EXPLICIT_IV_LEN + cctx->M; - if (CRYPTO_ccm128_setiv(ccm, ctx->iv, 15 - cctx->L, - len)) - return -1; - /* Use saved AAD */ - CRYPTO_ccm128_aad(ccm, EVP_CIPHER_CTX_buf_noconst(ctx), - cctx->tls_aad_len); - /* Fix buffer to point to payload */ - in += EVP_CCM_TLS_EXPLICIT_IV_LEN; - out += EVP_CCM_TLS_EXPLICIT_IV_LEN; - if (EVP_CIPHER_CTX_is_encrypting(ctx)) { - if (cctx->str ? CRYPTO_ccm128_encrypt_ccm64(ccm, in, out, len, cctx->str) - : CRYPTO_ccm128_encrypt(ccm, in, out, len)) - return -1; - if (!CRYPTO_ccm128_tag(ccm, out + len, cctx->M)) - return -1; - return len + EVP_CCM_TLS_EXPLICIT_IV_LEN + cctx->M; - } else { - if (cctx->str ? !CRYPTO_ccm128_decrypt_ccm64(ccm, in, out, len, cctx->str) - : !CRYPTO_ccm128_decrypt(ccm, in, out, len)) { - unsigned char tag[16]; - if (CRYPTO_ccm128_tag(ccm, tag, cctx->M)) { - if (!CRYPTO_memcmp(tag, in + len, cctx->M)) - return len; - } - } - OPENSSL_cleanse(out, len); - return -1; - } -} - -static int aria_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len) -{ - EVP_ARIA_CCM_CTX *cctx = EVP_C_DATA(EVP_ARIA_CCM_CTX,ctx); - CCM128_CONTEXT *ccm = &cctx->ccm; - - /* If not set up, return error */ - if (!cctx->key_set) - return -1; - - if (cctx->tls_aad_len >= 0) - return aria_ccm_tls_cipher(ctx, out, in, len); - - /* EVP_*Final() doesn't return any data */ - if (in == NULL && out != NULL) - return 0; - - if (!cctx->iv_set) - return -1; - - if (!out) { - if (!in) { - if (CRYPTO_ccm128_setiv(ccm, ctx->iv, 15 - cctx->L, len)) - return -1; - cctx->len_set = 1; - return len; - } - /* If have AAD need message length */ - if (!cctx->len_set && len) - return -1; - CRYPTO_ccm128_aad(ccm, in, len); - return len; - } - - /* The tag must be set before actually decrypting data */ - if (!EVP_CIPHER_CTX_is_encrypting(ctx) && !cctx->tag_set) - return -1; - - /* If not set length yet do it */ - if (!cctx->len_set) { - if (CRYPTO_ccm128_setiv(ccm, ctx->iv, 15 - cctx->L, len)) - return -1; - cctx->len_set = 1; - } - if (EVP_CIPHER_CTX_is_encrypting(ctx)) { - if (cctx->str ? CRYPTO_ccm128_encrypt_ccm64(ccm, in, out, len, cctx->str) - : CRYPTO_ccm128_encrypt(ccm, in, out, len)) - return -1; - cctx->tag_set = 1; - return len; - } else { - int rv = -1; - if (cctx->str ? !CRYPTO_ccm128_decrypt_ccm64(ccm, in, out, len, - cctx->str) : - !CRYPTO_ccm128_decrypt(ccm, in, out, len)) { - unsigned char tag[16]; - if (CRYPTO_ccm128_tag(ccm, tag, cctx->M)) { - if (!CRYPTO_memcmp(tag, EVP_CIPHER_CTX_buf_noconst(ctx), - cctx->M)) - rv = len; - } - } - if (rv == -1) - OPENSSL_cleanse(out, len); - cctx->iv_set = 0; - cctx->tag_set = 0; - cctx->len_set = 0; - return rv; - } -} - -#define aria_ccm_cleanup NULL - -#define ARIA_AUTH_FLAGS (EVP_CIPH_FLAG_DEFAULT_ASN1 \ - | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER \ - | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT \ - | EVP_CIPH_CUSTOM_COPY | EVP_CIPH_FLAG_AEAD_CIPHER \ - | EVP_CIPH_CUSTOM_IV_LENGTH) - -#define BLOCK_CIPHER_aead(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \ -static const EVP_CIPHER aria_##keylen##_##mode = { \ - nid##_##keylen##_##nmode, \ - blocksize, keylen/8, ivlen, \ - ARIA_AUTH_FLAGS|EVP_CIPH_##MODE##_MODE, \ - EVP_ORIG_GLOBAL, \ - aria_##mode##_init_key, \ - aria_##mode##_cipher, \ - aria_##mode##_cleanup, \ - sizeof(EVP_ARIA_##MODE##_CTX), \ - NULL,NULL,aria_##mode##_ctrl,NULL }; \ -const EVP_CIPHER *EVP_aria_##keylen##_##mode(void) \ -{ return (EVP_CIPHER*)&aria_##keylen##_##mode; } - -BLOCK_CIPHER_aead(NID_aria, 128, 1, 12, gcm, gcm, GCM, 0) -BLOCK_CIPHER_aead(NID_aria, 192, 1, 12, gcm, gcm, GCM, 0) -BLOCK_CIPHER_aead(NID_aria, 256, 1, 12, gcm, gcm, GCM, 0) - -BLOCK_CIPHER_aead(NID_aria, 128, 1, 12, ccm, ccm, CCM, 0) -BLOCK_CIPHER_aead(NID_aria, 192, 1, 12, ccm, ccm, CCM, 0) -BLOCK_CIPHER_aead(NID_aria, 256, 1, 12, ccm, ccm, CCM, 0) - -#endif diff --git a/crypto/evp/e_bf.c b/crypto/evp/e_bf.c deleted file mode 100644 index 2aeda2ecf07adc77e3f0c8cfe98718144b0e78ab..0000000000000000000000000000000000000000 --- a/crypto/evp/e_bf.c +++ /dev/null @@ -1,49 +0,0 @@ -/* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * BF low level APIs are deprecated for public use, but still ok for internal - * use. - */ -#include "internal/deprecated.h" - -#include -#include "internal/cryptlib.h" -#ifndef OPENSSL_NO_BF -# include -# include "crypto/evp.h" -# include -# include -# include "evp_local.h" - -static int bf_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc); - -typedef struct { - BF_KEY ks; -} EVP_BF_KEY; - -# define data(ctx) EVP_C_DATA(EVP_BF_KEY,ctx) - -IMPLEMENT_BLOCK_CIPHER(bf, ks, BF, EVP_BF_KEY, NID_bf, 8, 16, 8, 64, - EVP_CIPH_VARIABLE_LENGTH, bf_init_key, NULL, - EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL) - -static int bf_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) -{ - int len = EVP_CIPHER_CTX_get_key_length(ctx); - - if (len < 0) - return 0; - BF_set_key(&data(ctx)->ks, len, key); - return 1; -} - -#endif diff --git a/crypto/evp/e_camellia.c b/crypto/evp/e_camellia.c deleted file mode 100644 index 4f1f4822dc92ba2180f1936352fa7c4c4f1f2023..0000000000000000000000000000000000000000 --- a/crypto/evp/e_camellia.c +++ /dev/null @@ -1,349 +0,0 @@ -/* - * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * Camellia low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include - -#include -#include -#include -#include -#include -#include "crypto/evp.h" -#include "crypto/modes.h" -#include "crypto/cmll_platform.h" -#include "evp_local.h" - -static int camellia_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc); - -/* Camellia subkey Structure */ -typedef struct { - CAMELLIA_KEY ks; - block128_f block; - union { - cbc128_f cbc; - ctr128_f ctr; - } stream; -} EVP_CAMELLIA_KEY; - -#define MAXBITCHUNK ((size_t)1<<(sizeof(size_t)*8-4)) - -/* Attribute operation for Camellia */ -#define data(ctx) EVP_C_DATA(EVP_CAMELLIA_KEY,ctx) - -#if defined(AES_ASM) && (defined(__sparc) || defined(__sparc__)) -/* ---------^^^ this is not a typo, just a way to detect that - * assembler support was in general requested... */ -# include "crypto/sparc_arch.h" - -static int cmll_t4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) -{ - int ret, mode, bits; - EVP_CAMELLIA_KEY *dat = - (EVP_CAMELLIA_KEY *)EVP_CIPHER_CTX_get_cipher_data(ctx); - - mode = EVP_CIPHER_CTX_get_mode(ctx); - bits = EVP_CIPHER_CTX_get_key_length(ctx) * 8; - - cmll_t4_set_key(key, bits, &dat->ks); - - if ((mode == EVP_CIPH_ECB_MODE || mode == EVP_CIPH_CBC_MODE) - && !enc) { - ret = 0; - dat->block = (block128_f) cmll_t4_decrypt; - switch (bits) { - case 128: - dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ? - (cbc128_f) cmll128_t4_cbc_decrypt : NULL; - break; - case 192: - case 256: - dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ? - (cbc128_f) cmll256_t4_cbc_decrypt : NULL; - break; - default: - ret = -1; - } - } else { - ret = 0; - dat->block = (block128_f) cmll_t4_encrypt; - switch (bits) { - case 128: - if (mode == EVP_CIPH_CBC_MODE) - dat->stream.cbc = (cbc128_f) cmll128_t4_cbc_encrypt; - else if (mode == EVP_CIPH_CTR_MODE) - dat->stream.ctr = (ctr128_f) cmll128_t4_ctr32_encrypt; - else - dat->stream.cbc = NULL; - break; - case 192: - case 256: - if (mode == EVP_CIPH_CBC_MODE) - dat->stream.cbc = (cbc128_f) cmll256_t4_cbc_encrypt; - else if (mode == EVP_CIPH_CTR_MODE) - dat->stream.ctr = (ctr128_f) cmll256_t4_ctr32_encrypt; - else - dat->stream.cbc = NULL; - break; - default: - ret = -1; - } - } - - if (ret < 0) { - ERR_raise(ERR_LIB_EVP, EVP_R_CAMELLIA_KEY_SETUP_FAILED); - return 0; - } - - return 1; -} - -# define cmll_t4_cbc_cipher camellia_cbc_cipher -static int cmll_t4_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len); - -# define cmll_t4_ecb_cipher camellia_ecb_cipher -static int cmll_t4_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len); - -# define cmll_t4_ofb_cipher camellia_ofb_cipher -static int cmll_t4_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len); - -# define cmll_t4_cfb_cipher camellia_cfb_cipher -static int cmll_t4_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len); - -# define cmll_t4_cfb8_cipher camellia_cfb8_cipher -static int cmll_t4_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len); - -# define cmll_t4_cfb1_cipher camellia_cfb1_cipher -static int cmll_t4_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len); - -# define cmll_t4_ctr_cipher camellia_ctr_cipher -static int cmll_t4_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len); - -# define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \ -static const EVP_CIPHER cmll_t4_##keylen##_##mode = { \ - nid##_##keylen##_##nmode,blocksize,keylen/8,ivlen, \ - flags|EVP_CIPH_##MODE##_MODE, \ - EVP_ORIG_GLOBAL, \ - cmll_t4_init_key, \ - cmll_t4_##mode##_cipher, \ - NULL, \ - sizeof(EVP_CAMELLIA_KEY), \ - NULL,NULL,NULL,NULL }; \ -static const EVP_CIPHER camellia_##keylen##_##mode = { \ - nid##_##keylen##_##nmode,blocksize, \ - keylen/8,ivlen, \ - flags|EVP_CIPH_##MODE##_MODE, \ - EVP_ORIG_GLOBAL, \ - camellia_init_key, \ - camellia_##mode##_cipher, \ - NULL, \ - sizeof(EVP_CAMELLIA_KEY), \ - NULL,NULL,NULL,NULL }; \ -const EVP_CIPHER *EVP_camellia_##keylen##_##mode(void) \ -{ return SPARC_CMLL_CAPABLE?&cmll_t4_##keylen##_##mode:&camellia_##keylen##_##mode; } - -#else - -# define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \ -static const EVP_CIPHER camellia_##keylen##_##mode = { \ - nid##_##keylen##_##nmode,blocksize,keylen/8,ivlen, \ - flags|EVP_CIPH_##MODE##_MODE, \ - EVP_ORIG_GLOBAL, \ - camellia_init_key, \ - camellia_##mode##_cipher, \ - NULL, \ - sizeof(EVP_CAMELLIA_KEY), \ - NULL,NULL,NULL,NULL }; \ -const EVP_CIPHER *EVP_camellia_##keylen##_##mode(void) \ -{ return &camellia_##keylen##_##mode; } - -#endif - -#define BLOCK_CIPHER_generic_pack(nid,keylen,flags) \ - BLOCK_CIPHER_generic(nid,keylen,16,16,cbc,cbc,CBC,flags|EVP_CIPH_FLAG_DEFAULT_ASN1) \ - BLOCK_CIPHER_generic(nid,keylen,16,0,ecb,ecb,ECB,flags|EVP_CIPH_FLAG_DEFAULT_ASN1) \ - BLOCK_CIPHER_generic(nid,keylen,1,16,ofb128,ofb,OFB,flags|EVP_CIPH_FLAG_DEFAULT_ASN1) \ - BLOCK_CIPHER_generic(nid,keylen,1,16,cfb128,cfb,CFB,flags|EVP_CIPH_FLAG_DEFAULT_ASN1) \ - BLOCK_CIPHER_generic(nid,keylen,1,16,cfb1,cfb1,CFB,flags) \ - BLOCK_CIPHER_generic(nid,keylen,1,16,cfb8,cfb8,CFB,flags) \ - BLOCK_CIPHER_generic(nid, keylen, 1, 16, ctr, ctr, CTR, flags) - -/* The subkey for Camellia is generated. */ -static int camellia_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) -{ - int ret, mode; - EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY,ctx); - - ret = Camellia_set_key(key, EVP_CIPHER_CTX_get_key_length(ctx) * 8, - &dat->ks); - if (ret < 0) { - ERR_raise(ERR_LIB_EVP, EVP_R_CAMELLIA_KEY_SETUP_FAILED); - return 0; - } - - mode = EVP_CIPHER_CTX_get_mode(ctx); - if ((mode == EVP_CIPH_ECB_MODE || mode == EVP_CIPH_CBC_MODE) - && !enc) { - dat->block = (block128_f) Camellia_decrypt; - dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ? - (cbc128_f) Camellia_cbc_encrypt : NULL; - } else { - dat->block = (block128_f) Camellia_encrypt; - dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ? - (cbc128_f) Camellia_cbc_encrypt : NULL; - } - - return 1; -} - -static int camellia_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len) -{ - EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY,ctx); - - if (dat->stream.cbc) - (*dat->stream.cbc) (in, out, len, &dat->ks, ctx->iv, - EVP_CIPHER_CTX_is_encrypting(ctx)); - else if (EVP_CIPHER_CTX_is_encrypting(ctx)) - CRYPTO_cbc128_encrypt(in, out, len, &dat->ks, ctx->iv, dat->block); - else - CRYPTO_cbc128_decrypt(in, out, len, &dat->ks, ctx->iv, dat->block); - - return 1; -} - -static int camellia_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len) -{ - size_t bl = EVP_CIPHER_CTX_get_block_size(ctx); - size_t i; - EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY,ctx); - - if (len < bl) - return 1; - - for (i = 0, len -= bl; i <= len; i += bl) - (*dat->block) (in + i, out + i, &dat->ks); - - return 1; -} - -static int camellia_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len) -{ - EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY,ctx); - - int num = EVP_CIPHER_CTX_get_num(ctx); - CRYPTO_ofb128_encrypt(in, out, len, &dat->ks, ctx->iv, &num, dat->block); - EVP_CIPHER_CTX_set_num(ctx, num); - return 1; -} - -static int camellia_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len) -{ - EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY,ctx); - - int num = EVP_CIPHER_CTX_get_num(ctx); - CRYPTO_cfb128_encrypt(in, out, len, &dat->ks, ctx->iv, &num, - EVP_CIPHER_CTX_is_encrypting(ctx), dat->block); - EVP_CIPHER_CTX_set_num(ctx, num); - return 1; -} - -static int camellia_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len) -{ - EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY,ctx); - - int num = EVP_CIPHER_CTX_get_num(ctx); - CRYPTO_cfb128_8_encrypt(in, out, len, &dat->ks, ctx->iv, &num, - EVP_CIPHER_CTX_is_encrypting(ctx), dat->block); - EVP_CIPHER_CTX_set_num(ctx, num); - return 1; -} - -static int camellia_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len) -{ - EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY,ctx); - - if (EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS)) { - int num = EVP_CIPHER_CTX_get_num(ctx); - CRYPTO_cfb128_1_encrypt(in, out, len, &dat->ks, ctx->iv, &num, - EVP_CIPHER_CTX_is_encrypting(ctx), - dat->block); - EVP_CIPHER_CTX_set_num(ctx, num); - return 1; - } - - while (len >= MAXBITCHUNK) { - int num = EVP_CIPHER_CTX_get_num(ctx); - CRYPTO_cfb128_1_encrypt(in, out, MAXBITCHUNK * 8, &dat->ks, - ctx->iv, &num, - EVP_CIPHER_CTX_is_encrypting(ctx), - dat->block); - EVP_CIPHER_CTX_set_num(ctx, num); - len -= MAXBITCHUNK; - out += MAXBITCHUNK; - in += MAXBITCHUNK; - } - if (len) { - int num = EVP_CIPHER_CTX_get_num(ctx); - CRYPTO_cfb128_1_encrypt(in, out, len * 8, &dat->ks, - ctx->iv, &num, - EVP_CIPHER_CTX_is_encrypting(ctx), - dat->block); - EVP_CIPHER_CTX_set_num(ctx, num); - } - - return 1; -} - -static int camellia_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len) -{ - int snum = EVP_CIPHER_CTX_get_num(ctx); - unsigned int num; - EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY,ctx); - - if (snum < 0) - return 0; - num = snum; - if (dat->stream.ctr) - CRYPTO_ctr128_encrypt_ctr32(in, out, len, &dat->ks, ctx->iv, - EVP_CIPHER_CTX_buf_noconst(ctx), - &num, - dat->stream.ctr); - else - CRYPTO_ctr128_encrypt(in, out, len, &dat->ks, ctx->iv, - EVP_CIPHER_CTX_buf_noconst(ctx), &num, - dat->block); - EVP_CIPHER_CTX_set_num(ctx, num); - return 1; -} - -BLOCK_CIPHER_generic_pack(NID_camellia, 128, 0) - BLOCK_CIPHER_generic_pack(NID_camellia, 192, 0) - BLOCK_CIPHER_generic_pack(NID_camellia, 256, 0) diff --git a/crypto/evp/e_cast.c b/crypto/evp/e_cast.c deleted file mode 100644 index 5e9be2dc7dd5707e86d6aa3a3f4cb9abe3b80ed1..0000000000000000000000000000000000000000 --- a/crypto/evp/e_cast.c +++ /dev/null @@ -1,51 +0,0 @@ -/* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * CAST low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include -#include "internal/cryptlib.h" - -#ifndef OPENSSL_NO_CAST -# include -# include -# include "crypto/evp.h" -# include -# include "evp_local.h" - -static int cast_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc); - -typedef struct { - CAST_KEY ks; -} EVP_CAST_KEY; - -# define data(ctx) EVP_C_DATA(EVP_CAST_KEY,ctx) - -IMPLEMENT_BLOCK_CIPHER(cast5, ks, CAST, EVP_CAST_KEY, - NID_cast5, 8, CAST_KEY_LENGTH, 8, 64, - EVP_CIPH_VARIABLE_LENGTH, cast_init_key, NULL, - EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL) - -static int cast_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) -{ - int keylen = EVP_CIPHER_CTX_get_key_length(ctx); - - if (keylen <= 0) - return 0; - CAST_set_key(&data(ctx)->ks, keylen, key); - return 1; -} - -#endif diff --git a/crypto/evp/e_chacha20_poly1305.c b/crypto/evp/e_chacha20_poly1305.c deleted file mode 100644 index 18e1c0b5ac0697ecb846ab7ed9a37011da0c580a..0000000000000000000000000000000000000000 --- a/crypto/evp/e_chacha20_poly1305.c +++ /dev/null @@ -1,634 +0,0 @@ -/* - * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/cryptlib.h" -#include "internal/endian.h" - -#ifndef OPENSSL_NO_CHACHA - -# include -# include -# include "crypto/evp.h" -# include "evp_local.h" -# include "crypto/chacha.h" - -typedef struct { - union { - OSSL_UNION_ALIGN; /* this ensures even sizeof(EVP_CHACHA_KEY)%8==0 */ - unsigned int d[CHACHA_KEY_SIZE / 4]; - } key; - unsigned int counter[CHACHA_CTR_SIZE / 4]; - unsigned char buf[CHACHA_BLK_SIZE]; - unsigned int partial_len; -} EVP_CHACHA_KEY; - -#define data(ctx) ((EVP_CHACHA_KEY *)(ctx)->cipher_data) - -#define CHACHA20_POLY1305_MAX_IVLEN 12 - -static int chacha_init_key(EVP_CIPHER_CTX *ctx, - const unsigned char user_key[CHACHA_KEY_SIZE], - const unsigned char iv[CHACHA_CTR_SIZE], int enc) -{ - EVP_CHACHA_KEY *key = data(ctx); - unsigned int i; - - if (user_key) - for (i = 0; i < CHACHA_KEY_SIZE; i+=4) { - key->key.d[i/4] = CHACHA_U8TOU32(user_key+i); - } - - if (iv) - for (i = 0; i < CHACHA_CTR_SIZE; i+=4) { - key->counter[i/4] = CHACHA_U8TOU32(iv+i); - } - - key->partial_len = 0; - - return 1; -} - -static int chacha_cipher(EVP_CIPHER_CTX * ctx, unsigned char *out, - const unsigned char *inp, size_t len) -{ - EVP_CHACHA_KEY *key = data(ctx); - unsigned int n, rem, ctr32; - - if ((n = key->partial_len)) { - while (len && n < CHACHA_BLK_SIZE) { - *out++ = *inp++ ^ key->buf[n++]; - len--; - } - key->partial_len = n; - - if (len == 0) - return 1; - - if (n == CHACHA_BLK_SIZE) { - key->partial_len = 0; - key->counter[0]++; - if (key->counter[0] == 0) - key->counter[1]++; - } - } - - rem = (unsigned int)(len % CHACHA_BLK_SIZE); - len -= rem; - ctr32 = key->counter[0]; - while (len >= CHACHA_BLK_SIZE) { - size_t blocks = len / CHACHA_BLK_SIZE; - /* - * 1<<28 is just a not-so-small yet not-so-large number... - * Below condition is practically never met, but it has to - * be checked for code correctness. - */ - if (sizeof(size_t)>sizeof(unsigned int) && blocks>(1U<<28)) - blocks = (1U<<28); - - /* - * As ChaCha20_ctr32 operates on 32-bit counter, caller - * has to handle overflow. 'if' below detects the - * overflow, which is then handled by limiting the - * amount of blocks to the exact overflow point... - */ - ctr32 += (unsigned int)blocks; - if (ctr32 < blocks) { - blocks -= ctr32; - ctr32 = 0; - } - blocks *= CHACHA_BLK_SIZE; - ChaCha20_ctr32(out, inp, blocks, key->key.d, key->counter); - len -= blocks; - inp += blocks; - out += blocks; - - key->counter[0] = ctr32; - if (ctr32 == 0) key->counter[1]++; - } - - if (rem) { - memset(key->buf, 0, sizeof(key->buf)); - ChaCha20_ctr32(key->buf, key->buf, CHACHA_BLK_SIZE, - key->key.d, key->counter); - for (n = 0; n < rem; n++) - out[n] = inp[n] ^ key->buf[n]; - key->partial_len = rem; - } - - return 1; -} - -static const EVP_CIPHER chacha20 = { - NID_chacha20, - 1, /* block_size */ - CHACHA_KEY_SIZE, /* key_len */ - CHACHA_CTR_SIZE, /* iv_len, 128-bit counter in the context */ - EVP_CIPH_CUSTOM_IV | EVP_CIPH_ALWAYS_CALL_INIT, - EVP_ORIG_GLOBAL, - chacha_init_key, - chacha_cipher, - NULL, - sizeof(EVP_CHACHA_KEY), - NULL, - NULL, - NULL, - NULL -}; - -const EVP_CIPHER *EVP_chacha20(void) -{ - return &chacha20; -} - -# ifndef OPENSSL_NO_POLY1305 -# include "crypto/poly1305.h" - -typedef struct { - EVP_CHACHA_KEY key; - unsigned int nonce[12/4]; - unsigned char tag[POLY1305_BLOCK_SIZE]; - unsigned char tls_aad[POLY1305_BLOCK_SIZE]; - struct { uint64_t aad, text; } len; - int aad, mac_inited, tag_len, nonce_len; - size_t tls_payload_length; -} EVP_CHACHA_AEAD_CTX; - -# define NO_TLS_PAYLOAD_LENGTH ((size_t)-1) -# define aead_data(ctx) ((EVP_CHACHA_AEAD_CTX *)(ctx)->cipher_data) -# define POLY1305_ctx(actx) ((POLY1305 *)(actx + 1)) - -static int chacha20_poly1305_init_key(EVP_CIPHER_CTX *ctx, - const unsigned char *inkey, - const unsigned char *iv, int enc) -{ - EVP_CHACHA_AEAD_CTX *actx = aead_data(ctx); - - if (!inkey && !iv) - return 1; - - actx->len.aad = 0; - actx->len.text = 0; - actx->aad = 0; - actx->mac_inited = 0; - actx->tls_payload_length = NO_TLS_PAYLOAD_LENGTH; - - if (iv != NULL) { - unsigned char temp[CHACHA_CTR_SIZE] = { 0 }; - - /* pad on the left */ - if (actx->nonce_len <= CHACHA_CTR_SIZE) - memcpy(temp + CHACHA_CTR_SIZE - actx->nonce_len, iv, - actx->nonce_len); - - chacha_init_key(ctx, inkey, temp, enc); - - actx->nonce[0] = actx->key.counter[1]; - actx->nonce[1] = actx->key.counter[2]; - actx->nonce[2] = actx->key.counter[3]; - } else { - chacha_init_key(ctx, inkey, NULL, enc); - } - - return 1; -} - -# if !defined(OPENSSL_SMALL_FOOTPRINT) - -# if defined(POLY1305_ASM) && (defined(__x86_64) || defined(__x86_64__) || \ - defined(_M_AMD64) || defined(_M_X64)) -# define XOR128_HELPERS -void *xor128_encrypt_n_pad(void *out, const void *inp, void *otp, size_t len); -void *xor128_decrypt_n_pad(void *out, const void *inp, void *otp, size_t len); -static const unsigned char zero[4 * CHACHA_BLK_SIZE] = { 0 }; -# else -static const unsigned char zero[2 * CHACHA_BLK_SIZE] = { 0 }; -# endif - -static int chacha20_poly1305_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len) -{ - EVP_CHACHA_AEAD_CTX *actx = aead_data(ctx); - size_t tail, tohash_len, buf_len, plen = actx->tls_payload_length; - unsigned char *buf, *tohash, *ctr, storage[sizeof(zero) + 32]; - - if (len != plen + POLY1305_BLOCK_SIZE) - return -1; - - buf = storage + ((0 - (size_t)storage) & 15); /* align */ - ctr = buf + CHACHA_BLK_SIZE; - tohash = buf + CHACHA_BLK_SIZE - POLY1305_BLOCK_SIZE; - -# ifdef XOR128_HELPERS - if (plen <= 3 * CHACHA_BLK_SIZE) { - actx->key.counter[0] = 0; - buf_len = (plen + 2 * CHACHA_BLK_SIZE - 1) & (0 - CHACHA_BLK_SIZE); - ChaCha20_ctr32(buf, zero, buf_len, actx->key.key.d, - actx->key.counter); - Poly1305_Init(POLY1305_ctx(actx), buf); - actx->key.partial_len = 0; - memcpy(tohash, actx->tls_aad, POLY1305_BLOCK_SIZE); - tohash_len = POLY1305_BLOCK_SIZE; - actx->len.aad = EVP_AEAD_TLS1_AAD_LEN; - actx->len.text = plen; - - if (plen) { - if (ctx->encrypt) - ctr = xor128_encrypt_n_pad(out, in, ctr, plen); - else - ctr = xor128_decrypt_n_pad(out, in, ctr, plen); - - in += plen; - out += plen; - tohash_len = (size_t)(ctr - tohash); - } - } -# else - if (plen <= CHACHA_BLK_SIZE) { - size_t i; - - actx->key.counter[0] = 0; - ChaCha20_ctr32(buf, zero, (buf_len = 2 * CHACHA_BLK_SIZE), - actx->key.key.d, actx->key.counter); - Poly1305_Init(POLY1305_ctx(actx), buf); - actx->key.partial_len = 0; - memcpy(tohash, actx->tls_aad, POLY1305_BLOCK_SIZE); - tohash_len = POLY1305_BLOCK_SIZE; - actx->len.aad = EVP_AEAD_TLS1_AAD_LEN; - actx->len.text = plen; - - if (ctx->encrypt) { - for (i = 0; i < plen; i++) { - out[i] = ctr[i] ^= in[i]; - } - } else { - for (i = 0; i < plen; i++) { - unsigned char c = in[i]; - out[i] = ctr[i] ^ c; - ctr[i] = c; - } - } - - in += i; - out += i; - - tail = (0 - i) & (POLY1305_BLOCK_SIZE - 1); - memset(ctr + i, 0, tail); - ctr += i + tail; - tohash_len += i + tail; - } -# endif - else { - actx->key.counter[0] = 0; - ChaCha20_ctr32(buf, zero, (buf_len = CHACHA_BLK_SIZE), - actx->key.key.d, actx->key.counter); - Poly1305_Init(POLY1305_ctx(actx), buf); - actx->key.counter[0] = 1; - actx->key.partial_len = 0; - Poly1305_Update(POLY1305_ctx(actx), actx->tls_aad, POLY1305_BLOCK_SIZE); - tohash = ctr; - tohash_len = 0; - actx->len.aad = EVP_AEAD_TLS1_AAD_LEN; - actx->len.text = plen; - - if (ctx->encrypt) { - ChaCha20_ctr32(out, in, plen, actx->key.key.d, actx->key.counter); - Poly1305_Update(POLY1305_ctx(actx), out, plen); - } else { - Poly1305_Update(POLY1305_ctx(actx), in, plen); - ChaCha20_ctr32(out, in, plen, actx->key.key.d, actx->key.counter); - } - - in += plen; - out += plen; - tail = (0 - plen) & (POLY1305_BLOCK_SIZE - 1); - Poly1305_Update(POLY1305_ctx(actx), zero, tail); - } - - { - DECLARE_IS_ENDIAN; - - if (IS_LITTLE_ENDIAN) { - memcpy(ctr, (unsigned char *)&actx->len, POLY1305_BLOCK_SIZE); - } else { - ctr[0] = (unsigned char)(actx->len.aad); - ctr[1] = (unsigned char)(actx->len.aad>>8); - ctr[2] = (unsigned char)(actx->len.aad>>16); - ctr[3] = (unsigned char)(actx->len.aad>>24); - ctr[4] = (unsigned char)(actx->len.aad>>32); - ctr[5] = (unsigned char)(actx->len.aad>>40); - ctr[6] = (unsigned char)(actx->len.aad>>48); - ctr[7] = (unsigned char)(actx->len.aad>>56); - - ctr[8] = (unsigned char)(actx->len.text); - ctr[9] = (unsigned char)(actx->len.text>>8); - ctr[10] = (unsigned char)(actx->len.text>>16); - ctr[11] = (unsigned char)(actx->len.text>>24); - ctr[12] = (unsigned char)(actx->len.text>>32); - ctr[13] = (unsigned char)(actx->len.text>>40); - ctr[14] = (unsigned char)(actx->len.text>>48); - ctr[15] = (unsigned char)(actx->len.text>>56); - } - tohash_len += POLY1305_BLOCK_SIZE; - } - - Poly1305_Update(POLY1305_ctx(actx), tohash, tohash_len); - OPENSSL_cleanse(buf, buf_len); - Poly1305_Final(POLY1305_ctx(actx), ctx->encrypt ? actx->tag - : tohash); - - actx->tls_payload_length = NO_TLS_PAYLOAD_LENGTH; - - if (ctx->encrypt) { - memcpy(out, actx->tag, POLY1305_BLOCK_SIZE); - } else { - if (CRYPTO_memcmp(tohash, in, POLY1305_BLOCK_SIZE)) { - memset(out - (len - POLY1305_BLOCK_SIZE), 0, - len - POLY1305_BLOCK_SIZE); - return -1; - } - } - - return len; -} -# else -static const unsigned char zero[CHACHA_BLK_SIZE] = { 0 }; -# endif - -static int chacha20_poly1305_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len) -{ - EVP_CHACHA_AEAD_CTX *actx = aead_data(ctx); - size_t rem, plen = actx->tls_payload_length; - - if (!actx->mac_inited) { -# if !defined(OPENSSL_SMALL_FOOTPRINT) - if (plen != NO_TLS_PAYLOAD_LENGTH && out != NULL) - return chacha20_poly1305_tls_cipher(ctx, out, in, len); -# endif - actx->key.counter[0] = 0; - ChaCha20_ctr32(actx->key.buf, zero, CHACHA_BLK_SIZE, - actx->key.key.d, actx->key.counter); - Poly1305_Init(POLY1305_ctx(actx), actx->key.buf); - actx->key.counter[0] = 1; - actx->key.partial_len = 0; - actx->len.aad = actx->len.text = 0; - actx->mac_inited = 1; - if (plen != NO_TLS_PAYLOAD_LENGTH) { - Poly1305_Update(POLY1305_ctx(actx), actx->tls_aad, - EVP_AEAD_TLS1_AAD_LEN); - actx->len.aad = EVP_AEAD_TLS1_AAD_LEN; - actx->aad = 1; - } - } - - if (in) { /* aad or text */ - if (out == NULL) { /* aad */ - Poly1305_Update(POLY1305_ctx(actx), in, len); - actx->len.aad += len; - actx->aad = 1; - return len; - } else { /* plain- or ciphertext */ - if (actx->aad) { /* wrap up aad */ - if ((rem = (size_t)actx->len.aad % POLY1305_BLOCK_SIZE)) - Poly1305_Update(POLY1305_ctx(actx), zero, - POLY1305_BLOCK_SIZE - rem); - actx->aad = 0; - } - - actx->tls_payload_length = NO_TLS_PAYLOAD_LENGTH; - if (plen == NO_TLS_PAYLOAD_LENGTH) - plen = len; - else if (len != plen + POLY1305_BLOCK_SIZE) - return -1; - - if (ctx->encrypt) { /* plaintext */ - chacha_cipher(ctx, out, in, plen); - Poly1305_Update(POLY1305_ctx(actx), out, plen); - in += plen; - out += plen; - actx->len.text += plen; - } else { /* ciphertext */ - Poly1305_Update(POLY1305_ctx(actx), in, plen); - chacha_cipher(ctx, out, in, plen); - in += plen; - out += plen; - actx->len.text += plen; - } - } - } - if (in == NULL /* explicit final */ - || plen != len) { /* or tls mode */ - DECLARE_IS_ENDIAN; - unsigned char temp[POLY1305_BLOCK_SIZE]; - - if (actx->aad) { /* wrap up aad */ - if ((rem = (size_t)actx->len.aad % POLY1305_BLOCK_SIZE)) - Poly1305_Update(POLY1305_ctx(actx), zero, - POLY1305_BLOCK_SIZE - rem); - actx->aad = 0; - } - - if ((rem = (size_t)actx->len.text % POLY1305_BLOCK_SIZE)) - Poly1305_Update(POLY1305_ctx(actx), zero, - POLY1305_BLOCK_SIZE - rem); - - if (IS_LITTLE_ENDIAN) { - Poly1305_Update(POLY1305_ctx(actx), - (unsigned char *)&actx->len, POLY1305_BLOCK_SIZE); - } else { - temp[0] = (unsigned char)(actx->len.aad); - temp[1] = (unsigned char)(actx->len.aad>>8); - temp[2] = (unsigned char)(actx->len.aad>>16); - temp[3] = (unsigned char)(actx->len.aad>>24); - temp[4] = (unsigned char)(actx->len.aad>>32); - temp[5] = (unsigned char)(actx->len.aad>>40); - temp[6] = (unsigned char)(actx->len.aad>>48); - temp[7] = (unsigned char)(actx->len.aad>>56); - - temp[8] = (unsigned char)(actx->len.text); - temp[9] = (unsigned char)(actx->len.text>>8); - temp[10] = (unsigned char)(actx->len.text>>16); - temp[11] = (unsigned char)(actx->len.text>>24); - temp[12] = (unsigned char)(actx->len.text>>32); - temp[13] = (unsigned char)(actx->len.text>>40); - temp[14] = (unsigned char)(actx->len.text>>48); - temp[15] = (unsigned char)(actx->len.text>>56); - - Poly1305_Update(POLY1305_ctx(actx), temp, POLY1305_BLOCK_SIZE); - } - Poly1305_Final(POLY1305_ctx(actx), ctx->encrypt ? actx->tag - : temp); - actx->mac_inited = 0; - - if (in != NULL && len != plen) { /* tls mode */ - if (ctx->encrypt) { - memcpy(out, actx->tag, POLY1305_BLOCK_SIZE); - } else { - if (CRYPTO_memcmp(temp, in, POLY1305_BLOCK_SIZE)) { - memset(out - plen, 0, plen); - return -1; - } - } - } - else if (!ctx->encrypt) { - if (CRYPTO_memcmp(temp, actx->tag, actx->tag_len)) - return -1; - } - } - return len; -} - -static int chacha20_poly1305_cleanup(EVP_CIPHER_CTX *ctx) -{ - EVP_CHACHA_AEAD_CTX *actx = aead_data(ctx); - if (actx) - OPENSSL_cleanse(ctx->cipher_data, sizeof(*actx) + Poly1305_ctx_size()); - return 1; -} - -static int chacha20_poly1305_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, - void *ptr) -{ - EVP_CHACHA_AEAD_CTX *actx = aead_data(ctx); - - switch(type) { - case EVP_CTRL_INIT: - if (actx == NULL) - actx = ctx->cipher_data - = OPENSSL_zalloc(sizeof(*actx) + Poly1305_ctx_size()); - if (actx == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); - return 0; - } - actx->len.aad = 0; - actx->len.text = 0; - actx->aad = 0; - actx->mac_inited = 0; - actx->tag_len = 0; - actx->nonce_len = 12; - actx->tls_payload_length = NO_TLS_PAYLOAD_LENGTH; - memset(actx->tls_aad, 0, POLY1305_BLOCK_SIZE); - return 1; - - case EVP_CTRL_COPY: - if (actx) { - EVP_CIPHER_CTX *dst = (EVP_CIPHER_CTX *)ptr; - - dst->cipher_data = - OPENSSL_memdup(actx, sizeof(*actx) + Poly1305_ctx_size()); - if (dst->cipher_data == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_COPY_ERROR); - return 0; - } - } - return 1; - - case EVP_CTRL_GET_IVLEN: - *(int *)ptr = actx->nonce_len; - return 1; - - case EVP_CTRL_AEAD_SET_IVLEN: - if (arg <= 0 || arg > CHACHA20_POLY1305_MAX_IVLEN) - return 0; - actx->nonce_len = arg; - return 1; - - case EVP_CTRL_AEAD_SET_IV_FIXED: - if (arg != 12) - return 0; - actx->nonce[0] = actx->key.counter[1] - = CHACHA_U8TOU32((unsigned char *)ptr); - actx->nonce[1] = actx->key.counter[2] - = CHACHA_U8TOU32((unsigned char *)ptr+4); - actx->nonce[2] = actx->key.counter[3] - = CHACHA_U8TOU32((unsigned char *)ptr+8); - return 1; - - case EVP_CTRL_AEAD_SET_TAG: - if (arg <= 0 || arg > POLY1305_BLOCK_SIZE) - return 0; - if (ptr != NULL) { - memcpy(actx->tag, ptr, arg); - actx->tag_len = arg; - } - return 1; - - case EVP_CTRL_AEAD_GET_TAG: - if (arg <= 0 || arg > POLY1305_BLOCK_SIZE || !ctx->encrypt) - return 0; - memcpy(ptr, actx->tag, arg); - return 1; - - case EVP_CTRL_AEAD_TLS1_AAD: - if (arg != EVP_AEAD_TLS1_AAD_LEN) - return 0; - { - unsigned int len; - unsigned char *aad = ptr; - - memcpy(actx->tls_aad, ptr, EVP_AEAD_TLS1_AAD_LEN); - len = aad[EVP_AEAD_TLS1_AAD_LEN - 2] << 8 | - aad[EVP_AEAD_TLS1_AAD_LEN - 1]; - aad = actx->tls_aad; - if (!ctx->encrypt) { - if (len < POLY1305_BLOCK_SIZE) - return 0; - len -= POLY1305_BLOCK_SIZE; /* discount attached tag */ - aad[EVP_AEAD_TLS1_AAD_LEN - 2] = (unsigned char)(len >> 8); - aad[EVP_AEAD_TLS1_AAD_LEN - 1] = (unsigned char)len; - } - actx->tls_payload_length = len; - - /* - * merge record sequence number as per RFC7905 - */ - actx->key.counter[1] = actx->nonce[0]; - actx->key.counter[2] = actx->nonce[1] ^ CHACHA_U8TOU32(aad); - actx->key.counter[3] = actx->nonce[2] ^ CHACHA_U8TOU32(aad+4); - actx->mac_inited = 0; - - return POLY1305_BLOCK_SIZE; /* tag length */ - } - - case EVP_CTRL_AEAD_SET_MAC_KEY: - /* no-op */ - return 1; - - default: - return -1; - } -} - -static EVP_CIPHER chacha20_poly1305 = { - NID_chacha20_poly1305, - 1, /* block_size */ - CHACHA_KEY_SIZE, /* key_len */ - 12, /* iv_len, 96-bit nonce in the context */ - EVP_CIPH_FLAG_AEAD_CIPHER | EVP_CIPH_CUSTOM_IV | - EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT | - EVP_CIPH_CUSTOM_COPY | EVP_CIPH_FLAG_CUSTOM_CIPHER | - EVP_CIPH_CUSTOM_IV_LENGTH, - EVP_ORIG_GLOBAL, - chacha20_poly1305_init_key, - chacha20_poly1305_cipher, - chacha20_poly1305_cleanup, - 0, /* 0 moves context-specific structure allocation to ctrl */ - NULL, /* set_asn1_parameters */ - NULL, /* get_asn1_parameters */ - chacha20_poly1305_ctrl, - NULL /* app_data */ -}; - -const EVP_CIPHER *EVP_chacha20_poly1305(void) -{ - return(&chacha20_poly1305); -} -# endif -#endif diff --git a/crypto/evp/e_des.c b/crypto/evp/e_des.c deleted file mode 100644 index cd6e5af8d0e41ac89259951b245c9fb8eea8d0fe..0000000000000000000000000000000000000000 --- a/crypto/evp/e_des.c +++ /dev/null @@ -1,246 +0,0 @@ -/* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * DES low level APIs are deprecated for public use, but still ok for internal - * use. - */ -#include "internal/deprecated.h" - -#include -#include "internal/cryptlib.h" -#ifndef OPENSSL_NO_DES -# include -# include -# include "crypto/evp.h" -# include -# include -# include "evp_local.h" - -typedef struct { - union { - OSSL_UNION_ALIGN; - DES_key_schedule ks; - } ks; - union { - void (*cbc) (const void *, void *, size_t, - const DES_key_schedule *, unsigned char *); - } stream; -} EVP_DES_KEY; - -# if defined(AES_ASM) && (defined(__sparc) || defined(__sparc__)) -/* ----------^^^ this is not a typo, just a way to detect that - * assembler support was in general requested... */ -# include "crypto/sparc_arch.h" - -# define SPARC_DES_CAPABLE (OPENSSL_sparcv9cap_P[1] & CFR_DES) - -void des_t4_key_expand(const void *key, DES_key_schedule *ks); -void des_t4_cbc_encrypt(const void *inp, void *out, size_t len, - const DES_key_schedule *ks, unsigned char iv[8]); -void des_t4_cbc_decrypt(const void *inp, void *out, size_t len, - const DES_key_schedule *ks, unsigned char iv[8]); -# endif - -static int des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc); -static int des_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr); - -/* - * Because of various casts and different names can't use - * IMPLEMENT_BLOCK_CIPHER - */ - -static int des_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl) -{ - BLOCK_CIPHER_ecb_loop() - DES_ecb_encrypt((DES_cblock *)(in + i), (DES_cblock *)(out + i), - EVP_CIPHER_CTX_get_cipher_data(ctx), - EVP_CIPHER_CTX_is_encrypting(ctx)); - return 1; -} - -static int des_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl) -{ - while (inl >= EVP_MAXCHUNK) { - int num = EVP_CIPHER_CTX_get_num(ctx); - DES_ofb64_encrypt(in, out, (long)EVP_MAXCHUNK, - EVP_CIPHER_CTX_get_cipher_data(ctx), - (DES_cblock *)ctx->iv, &num); - EVP_CIPHER_CTX_set_num(ctx, num); - inl -= EVP_MAXCHUNK; - in += EVP_MAXCHUNK; - out += EVP_MAXCHUNK; - } - if (inl) { - int num = EVP_CIPHER_CTX_get_num(ctx); - DES_ofb64_encrypt(in, out, (long)inl, - EVP_CIPHER_CTX_get_cipher_data(ctx), - (DES_cblock *)ctx->iv, &num); - EVP_CIPHER_CTX_set_num(ctx, num); - } - return 1; -} - -static int des_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl) -{ - EVP_DES_KEY *dat = (EVP_DES_KEY *) EVP_CIPHER_CTX_get_cipher_data(ctx); - - if (dat->stream.cbc != NULL) { - (*dat->stream.cbc) (in, out, inl, &dat->ks.ks, ctx->iv); - return 1; - } - while (inl >= EVP_MAXCHUNK) { - DES_ncbc_encrypt(in, out, (long)EVP_MAXCHUNK, - EVP_CIPHER_CTX_get_cipher_data(ctx), - (DES_cblock *)ctx->iv, - EVP_CIPHER_CTX_is_encrypting(ctx)); - inl -= EVP_MAXCHUNK; - in += EVP_MAXCHUNK; - out += EVP_MAXCHUNK; - } - if (inl) - DES_ncbc_encrypt(in, out, (long)inl, - EVP_CIPHER_CTX_get_cipher_data(ctx), - (DES_cblock *)ctx->iv, - EVP_CIPHER_CTX_is_encrypting(ctx)); - return 1; -} - -static int des_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl) -{ - while (inl >= EVP_MAXCHUNK) { - int num = EVP_CIPHER_CTX_get_num(ctx); - DES_cfb64_encrypt(in, out, (long)EVP_MAXCHUNK, - EVP_CIPHER_CTX_get_cipher_data(ctx), - (DES_cblock *)ctx->iv, &num, - EVP_CIPHER_CTX_is_encrypting(ctx)); - EVP_CIPHER_CTX_set_num(ctx, num); - inl -= EVP_MAXCHUNK; - in += EVP_MAXCHUNK; - out += EVP_MAXCHUNK; - } - if (inl) { - int num = EVP_CIPHER_CTX_get_num(ctx); - DES_cfb64_encrypt(in, out, (long)inl, - EVP_CIPHER_CTX_get_cipher_data(ctx), - (DES_cblock *)ctx->iv, &num, - EVP_CIPHER_CTX_is_encrypting(ctx)); - EVP_CIPHER_CTX_set_num(ctx, num); - } - return 1; -} - -/* - * Although we have a CFB-r implementation for DES, it doesn't pack the right - * way, so wrap it here - */ -static int des_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl) -{ - size_t n, chunk = EVP_MAXCHUNK / 8; - unsigned char c[1], d[1]; - - if (inl < chunk) - chunk = inl; - - while (inl && inl >= chunk) { - for (n = 0; n < chunk * 8; ++n) { - c[0] = (in[n / 8] & (1 << (7 - n % 8))) ? 0x80 : 0; - DES_cfb_encrypt(c, d, 1, 1, EVP_CIPHER_CTX_get_cipher_data(ctx), - (DES_cblock *)ctx->iv, - EVP_CIPHER_CTX_is_encrypting(ctx)); - out[n / 8] = - (out[n / 8] & ~(0x80 >> (unsigned int)(n % 8))) | - ((d[0] & 0x80) >> (unsigned int)(n % 8)); - } - inl -= chunk; - in += chunk; - out += chunk; - if (inl < chunk) - chunk = inl; - } - - return 1; -} - -static int des_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl) -{ - while (inl >= EVP_MAXCHUNK) { - DES_cfb_encrypt(in, out, 8, (long)EVP_MAXCHUNK, - EVP_CIPHER_CTX_get_cipher_data(ctx), - (DES_cblock *)ctx->iv, - EVP_CIPHER_CTX_is_encrypting(ctx)); - inl -= EVP_MAXCHUNK; - in += EVP_MAXCHUNK; - out += EVP_MAXCHUNK; - } - if (inl) - DES_cfb_encrypt(in, out, 8, (long)inl, - EVP_CIPHER_CTX_get_cipher_data(ctx), - (DES_cblock *)ctx->iv, - EVP_CIPHER_CTX_is_encrypting(ctx)); - return 1; -} - -BLOCK_CIPHER_defs(des, EVP_DES_KEY, NID_des, 8, 8, 8, 64, - EVP_CIPH_RAND_KEY, des_init_key, NULL, - EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, des_ctrl) - - BLOCK_CIPHER_def_cfb(des, EVP_DES_KEY, NID_des, 8, 8, 1, - EVP_CIPH_RAND_KEY, des_init_key, NULL, - EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, des_ctrl) - - BLOCK_CIPHER_def_cfb(des, EVP_DES_KEY, NID_des, 8, 8, 8, - EVP_CIPH_RAND_KEY, des_init_key, NULL, - EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, des_ctrl) - -static int des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) -{ - DES_cblock *deskey = (DES_cblock *)key; - EVP_DES_KEY *dat = (EVP_DES_KEY *) EVP_CIPHER_CTX_get_cipher_data(ctx); - - dat->stream.cbc = NULL; -# if defined(SPARC_DES_CAPABLE) - if (SPARC_DES_CAPABLE) { - int mode = EVP_CIPHER_CTX_get_mode(ctx); - - if (mode == EVP_CIPH_CBC_MODE) { - des_t4_key_expand(key, &dat->ks.ks); - dat->stream.cbc = enc ? des_t4_cbc_encrypt : des_t4_cbc_decrypt; - return 1; - } - } -# endif - DES_set_key_unchecked(deskey, EVP_CIPHER_CTX_get_cipher_data(ctx)); - return 1; -} - -static int des_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) -{ - - switch (type) { - case EVP_CTRL_RAND_KEY: - if (RAND_priv_bytes(ptr, 8) <= 0) - return 0; - DES_set_odd_parity((DES_cblock *)ptr); - return 1; - - default: - return -1; - } -} - -#endif diff --git a/crypto/evp/e_des3.c b/crypto/evp/e_des3.c deleted file mode 100644 index 1e1591834402ca1b8e6891fa926cea7018dc9358..0000000000000000000000000000000000000000 --- a/crypto/evp/e_des3.c +++ /dev/null @@ -1,425 +0,0 @@ -/* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * DES low level APIs are deprecated for public use, but still ok for internal - * use. - */ -#include "internal/deprecated.h" - -#include -#include "internal/cryptlib.h" -#ifndef OPENSSL_NO_DES -# include -# include "crypto/evp.h" -# include "crypto/sha.h" -# include -# include -# include "evp_local.h" - -typedef struct { - union { - OSSL_UNION_ALIGN; - DES_key_schedule ks[3]; - } ks; - union { - void (*cbc) (const void *, void *, size_t, - const DES_key_schedule *, unsigned char *); - } stream; -} DES_EDE_KEY; -# define ks1 ks.ks[0] -# define ks2 ks.ks[1] -# define ks3 ks.ks[2] - -# if defined(AES_ASM) && (defined(__sparc) || defined(__sparc__)) -/* ---------^^^ this is not a typo, just a way to detect that - * assembler support was in general requested... */ -# include "crypto/sparc_arch.h" - -# define SPARC_DES_CAPABLE (OPENSSL_sparcv9cap_P[1] & CFR_DES) - -void des_t4_key_expand(const void *key, DES_key_schedule *ks); -void des_t4_ede3_cbc_encrypt(const void *inp, void *out, size_t len, - const DES_key_schedule ks[3], unsigned char iv[8]); -void des_t4_ede3_cbc_decrypt(const void *inp, void *out, size_t len, - const DES_key_schedule ks[3], unsigned char iv[8]); -# endif - -static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc); - -static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc); - -static int des3_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr); - -# define data(ctx) EVP_C_DATA(DES_EDE_KEY,ctx) - -/* - * Because of various casts and different args can't use - * IMPLEMENT_BLOCK_CIPHER - */ - -static int des_ede_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl) -{ - BLOCK_CIPHER_ecb_loop() - DES_ecb3_encrypt((const_DES_cblock *)(in + i), - (DES_cblock *)(out + i), - &data(ctx)->ks1, &data(ctx)->ks2, - &data(ctx)->ks3, EVP_CIPHER_CTX_is_encrypting(ctx)); - return 1; -} - -static int des_ede_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl) -{ - while (inl >= EVP_MAXCHUNK) { - int num = EVP_CIPHER_CTX_get_num(ctx); - DES_ede3_ofb64_encrypt(in, out, (long)EVP_MAXCHUNK, - &data(ctx)->ks1, &data(ctx)->ks2, - &data(ctx)->ks3, - (DES_cblock *)ctx->iv, - &num); - EVP_CIPHER_CTX_set_num(ctx, num); - inl -= EVP_MAXCHUNK; - in += EVP_MAXCHUNK; - out += EVP_MAXCHUNK; - } - if (inl) { - int num = EVP_CIPHER_CTX_get_num(ctx); - DES_ede3_ofb64_encrypt(in, out, (long)inl, - &data(ctx)->ks1, &data(ctx)->ks2, - &data(ctx)->ks3, - (DES_cblock *)ctx->iv, - &num); - EVP_CIPHER_CTX_set_num(ctx, num); - } - return 1; -} - -static int des_ede_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl) -{ - DES_EDE_KEY *dat = data(ctx); - - if (dat->stream.cbc != NULL) { - (*dat->stream.cbc) (in, out, inl, dat->ks.ks, - ctx->iv); - return 1; - } - - while (inl >= EVP_MAXCHUNK) { - DES_ede3_cbc_encrypt(in, out, (long)EVP_MAXCHUNK, - &dat->ks1, &dat->ks2, &dat->ks3, - (DES_cblock *)ctx->iv, - EVP_CIPHER_CTX_is_encrypting(ctx)); - inl -= EVP_MAXCHUNK; - in += EVP_MAXCHUNK; - out += EVP_MAXCHUNK; - } - if (inl) - DES_ede3_cbc_encrypt(in, out, (long)inl, - &dat->ks1, &dat->ks2, &dat->ks3, - (DES_cblock *)ctx->iv, - EVP_CIPHER_CTX_is_encrypting(ctx)); - return 1; -} - -static int des_ede_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl) -{ - while (inl >= EVP_MAXCHUNK) { - int num = EVP_CIPHER_CTX_get_num(ctx); - DES_ede3_cfb64_encrypt(in, out, (long)EVP_MAXCHUNK, - &data(ctx)->ks1, &data(ctx)->ks2, - &data(ctx)->ks3, (DES_cblock *)ctx->iv, - &num, EVP_CIPHER_CTX_is_encrypting(ctx)); - EVP_CIPHER_CTX_set_num(ctx, num); - inl -= EVP_MAXCHUNK; - in += EVP_MAXCHUNK; - out += EVP_MAXCHUNK; - } - if (inl) { - int num = EVP_CIPHER_CTX_get_num(ctx); - DES_ede3_cfb64_encrypt(in, out, (long)inl, - &data(ctx)->ks1, &data(ctx)->ks2, - &data(ctx)->ks3, (DES_cblock *)ctx->iv, - &num, EVP_CIPHER_CTX_is_encrypting(ctx)); - EVP_CIPHER_CTX_set_num(ctx, num); - } - return 1; -} - -/* - * Although we have a CFB-r implementation for 3-DES, it doesn't pack the - * right way, so wrap it here - */ -static int des_ede3_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl) -{ - size_t n; - unsigned char c[1], d[1]; - - if (!EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS)) - inl *= 8; - for (n = 0; n < inl; ++n) { - c[0] = (in[n / 8] & (1 << (7 - n % 8))) ? 0x80 : 0; - DES_ede3_cfb_encrypt(c, d, 1, 1, - &data(ctx)->ks1, &data(ctx)->ks2, - &data(ctx)->ks3, (DES_cblock *)ctx->iv, - EVP_CIPHER_CTX_is_encrypting(ctx)); - out[n / 8] = (out[n / 8] & ~(0x80 >> (unsigned int)(n % 8))) - | ((d[0] & 0x80) >> (unsigned int)(n % 8)); - } - - return 1; -} - -static int des_ede3_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl) -{ - while (inl >= EVP_MAXCHUNK) { - DES_ede3_cfb_encrypt(in, out, 8, (long)EVP_MAXCHUNK, - &data(ctx)->ks1, &data(ctx)->ks2, - &data(ctx)->ks3, (DES_cblock *)ctx->iv, - EVP_CIPHER_CTX_is_encrypting(ctx)); - inl -= EVP_MAXCHUNK; - in += EVP_MAXCHUNK; - out += EVP_MAXCHUNK; - } - if (inl) - DES_ede3_cfb_encrypt(in, out, 8, (long)inl, - &data(ctx)->ks1, &data(ctx)->ks2, - &data(ctx)->ks3, (DES_cblock *)ctx->iv, - EVP_CIPHER_CTX_is_encrypting(ctx)); - return 1; -} - -BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, NID_des_ede, 8, 16, 8, 64, - EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_DEFAULT_ASN1, - des_ede_init_key, NULL, NULL, NULL, des3_ctrl) -# define des_ede3_cfb64_cipher des_ede_cfb64_cipher -# define des_ede3_ofb_cipher des_ede_ofb_cipher -# define des_ede3_cbc_cipher des_ede_cbc_cipher -# define des_ede3_ecb_cipher des_ede_ecb_cipher - BLOCK_CIPHER_defs(des_ede3, DES_EDE_KEY, NID_des_ede3, 8, 24, 8, 64, - EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_DEFAULT_ASN1, - des_ede3_init_key, NULL, NULL, NULL, des3_ctrl) - - BLOCK_CIPHER_def_cfb(des_ede3, DES_EDE_KEY, NID_des_ede3, 24, 8, 1, - EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_DEFAULT_ASN1, - des_ede3_init_key, NULL, NULL, NULL, des3_ctrl) - - BLOCK_CIPHER_def_cfb(des_ede3, DES_EDE_KEY, NID_des_ede3, 24, 8, 8, - EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_DEFAULT_ASN1, - des_ede3_init_key, NULL, NULL, NULL, des3_ctrl) - -static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) -{ - DES_cblock *deskey = (DES_cblock *)key; - DES_EDE_KEY *dat = data(ctx); - - dat->stream.cbc = NULL; -# if defined(SPARC_DES_CAPABLE) - if (SPARC_DES_CAPABLE) { - int mode = EVP_CIPHER_CTX_get_mode(ctx); - - if (mode == EVP_CIPH_CBC_MODE) { - des_t4_key_expand(&deskey[0], &dat->ks1); - des_t4_key_expand(&deskey[1], &dat->ks2); - memcpy(&dat->ks3, &dat->ks1, sizeof(dat->ks1)); - dat->stream.cbc = enc ? des_t4_ede3_cbc_encrypt : - des_t4_ede3_cbc_decrypt; - return 1; - } - } -# endif - DES_set_key_unchecked(&deskey[0], &dat->ks1); - DES_set_key_unchecked(&deskey[1], &dat->ks2); - memcpy(&dat->ks3, &dat->ks1, sizeof(dat->ks1)); - return 1; -} - -static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) -{ - DES_cblock *deskey = (DES_cblock *)key; - DES_EDE_KEY *dat = data(ctx); - - dat->stream.cbc = NULL; -# if defined(SPARC_DES_CAPABLE) - if (SPARC_DES_CAPABLE) { - int mode = EVP_CIPHER_CTX_get_mode(ctx); - - if (mode == EVP_CIPH_CBC_MODE) { - des_t4_key_expand(&deskey[0], &dat->ks1); - des_t4_key_expand(&deskey[1], &dat->ks2); - des_t4_key_expand(&deskey[2], &dat->ks3); - dat->stream.cbc = enc ? des_t4_ede3_cbc_encrypt : - des_t4_ede3_cbc_decrypt; - return 1; - } - } -# endif - DES_set_key_unchecked(&deskey[0], &dat->ks1); - DES_set_key_unchecked(&deskey[1], &dat->ks2); - DES_set_key_unchecked(&deskey[2], &dat->ks3); - return 1; -} - -static int des3_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr) -{ - - DES_cblock *deskey = ptr; - int kl; - - switch (type) { - case EVP_CTRL_RAND_KEY: - kl = EVP_CIPHER_CTX_get_key_length(ctx); - if (kl < 0 || RAND_priv_bytes(ptr, kl) <= 0) - return 0; - DES_set_odd_parity(deskey); - if (kl >= 16) - DES_set_odd_parity(deskey + 1); - if (kl >= 24) - DES_set_odd_parity(deskey + 2); - return 1; - - default: - return -1; - } -} - -const EVP_CIPHER *EVP_des_ede(void) -{ - return &des_ede_ecb; -} - -const EVP_CIPHER *EVP_des_ede3(void) -{ - return &des_ede3_ecb; -} - - -# include - -static const unsigned char wrap_iv[8] = - { 0x4a, 0xdd, 0xa2, 0x2c, 0x79, 0xe8, 0x21, 0x05 }; - -static int des_ede3_unwrap(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl) -{ - unsigned char icv[8], iv[8], sha1tmp[SHA_DIGEST_LENGTH]; - int rv = -1; - if (inl < 24) - return -1; - if (out == NULL) - return inl - 16; - memcpy(ctx->iv, wrap_iv, 8); - /* Decrypt first block which will end up as icv */ - des_ede_cbc_cipher(ctx, icv, in, 8); - /* Decrypt central blocks */ - /* - * If decrypting in place move whole output along a block so the next - * des_ede_cbc_cipher is in place. - */ - if (out == in) { - memmove(out, out + 8, inl - 8); - in -= 8; - } - des_ede_cbc_cipher(ctx, out, in + 8, inl - 16); - /* Decrypt final block which will be IV */ - des_ede_cbc_cipher(ctx, iv, in + inl - 8, 8); - /* Reverse order of everything */ - BUF_reverse(icv, NULL, 8); - BUF_reverse(out, NULL, inl - 16); - BUF_reverse(ctx->iv, iv, 8); - /* Decrypt again using new IV */ - des_ede_cbc_cipher(ctx, out, out, inl - 16); - des_ede_cbc_cipher(ctx, icv, icv, 8); - if (ossl_sha1(out, inl - 16, sha1tmp) /* Work out hash of first portion */ - && CRYPTO_memcmp(sha1tmp, icv, 8) == 0) - rv = inl - 16; - OPENSSL_cleanse(icv, 8); - OPENSSL_cleanse(sha1tmp, SHA_DIGEST_LENGTH); - OPENSSL_cleanse(iv, 8); - OPENSSL_cleanse(ctx->iv, 8); - if (rv == -1) - OPENSSL_cleanse(out, inl - 16); - - return rv; -} - -static int des_ede3_wrap(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl) -{ - unsigned char sha1tmp[SHA_DIGEST_LENGTH]; - if (out == NULL) - return inl + 16; - /* Copy input to output buffer + 8 so we have space for IV */ - memmove(out + 8, in, inl); - /* Work out ICV */ - if (!ossl_sha1(in, inl, sha1tmp)) - return -1; - memcpy(out + inl + 8, sha1tmp, 8); - OPENSSL_cleanse(sha1tmp, SHA_DIGEST_LENGTH); - /* Generate random IV */ - if (RAND_bytes(ctx->iv, 8) <= 0) - return -1; - memcpy(out, ctx->iv, 8); - /* Encrypt everything after IV in place */ - des_ede_cbc_cipher(ctx, out + 8, out + 8, inl + 8); - BUF_reverse(out, NULL, inl + 16); - memcpy(ctx->iv, wrap_iv, 8); - des_ede_cbc_cipher(ctx, out, out, inl + 16); - return inl + 16; -} - -static int des_ede3_wrap_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl) -{ - /* - * Sanity check input length: we typically only wrap keys so EVP_MAXCHUNK - * is more than will ever be needed. Also input length must be a multiple - * of 8 bits. - */ - if (inl >= EVP_MAXCHUNK || inl % 8) - return -1; - - if (ossl_is_partially_overlapping(out, in, inl)) { - ERR_raise(ERR_LIB_EVP, EVP_R_PARTIALLY_OVERLAPPING); - return 0; - } - - if (EVP_CIPHER_CTX_is_encrypting(ctx)) - return des_ede3_wrap(ctx, out, in, inl); - else - return des_ede3_unwrap(ctx, out, in, inl); -} - -static const EVP_CIPHER des3_wrap = { - NID_id_smime_alg_CMS3DESwrap, - 8, 24, 0, - EVP_CIPH_WRAP_MODE | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER - | EVP_CIPH_FLAG_DEFAULT_ASN1, - EVP_ORIG_GLOBAL, - des_ede3_init_key, des_ede3_wrap_cipher, - NULL, - sizeof(DES_EDE_KEY), - NULL, NULL, NULL, NULL -}; - -const EVP_CIPHER *EVP_des_ede3_wrap(void) -{ - return &des3_wrap; -} - -#endif diff --git a/crypto/evp/e_idea.c b/crypto/evp/e_idea.c deleted file mode 100644 index 4a4df4b92510d22c48da790508457167c1519b90..0000000000000000000000000000000000000000 --- a/crypto/evp/e_idea.c +++ /dev/null @@ -1,78 +0,0 @@ -/* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * IDEA low level APIs are deprecated for public use, but still ok for internal - * use where we're using them to implement the higher level EVP interface, as is - * the case here. - */ -#include "internal/deprecated.h" - -#include -#include "internal/cryptlib.h" - -#ifndef OPENSSL_NO_IDEA -# include -# include -# include "crypto/evp.h" -# include -# include "evp_local.h" - -/* Can't use IMPLEMENT_BLOCK_CIPHER because IDEA_ecb_encrypt is different */ - -typedef struct { - IDEA_KEY_SCHEDULE ks; -} EVP_IDEA_KEY; - -static int idea_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc); - -/* - * NB IDEA_ecb_encrypt doesn't take an 'encrypt' argument so we treat it as a - * special case - */ - -static int idea_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl) -{ - BLOCK_CIPHER_ecb_loop() - IDEA_ecb_encrypt(in + i, out + i, &EVP_C_DATA(EVP_IDEA_KEY,ctx)->ks); - return 1; -} - -BLOCK_CIPHER_func_cbc(idea, IDEA, EVP_IDEA_KEY, ks) -BLOCK_CIPHER_func_ofb(idea, IDEA, 64, EVP_IDEA_KEY, ks) -BLOCK_CIPHER_func_cfb(idea, IDEA, 64, EVP_IDEA_KEY, ks) - -BLOCK_CIPHER_defs(idea, IDEA_KEY_SCHEDULE, NID_idea, 8, 16, 8, 64, - 0, idea_init_key, NULL, - EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL) - -static int idea_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) -{ - if (!enc) { - if (EVP_CIPHER_CTX_get_mode(ctx) == EVP_CIPH_OFB_MODE) - enc = 1; - else if (EVP_CIPHER_CTX_get_mode(ctx) == EVP_CIPH_CFB_MODE) - enc = 1; - } - if (enc) - IDEA_set_encrypt_key(key, &EVP_C_DATA(EVP_IDEA_KEY,ctx)->ks); - else { - IDEA_KEY_SCHEDULE tmp; - - IDEA_set_encrypt_key(key, &tmp); - IDEA_set_decrypt_key(&tmp, &EVP_C_DATA(EVP_IDEA_KEY,ctx)->ks); - OPENSSL_cleanse((unsigned char *)&tmp, sizeof(IDEA_KEY_SCHEDULE)); - } - return 1; -} - -#endif diff --git a/crypto/evp/e_null.c b/crypto/evp/e_null.c deleted file mode 100644 index af900c52989f83eeb9b29b8ddcd83e405b027fde..0000000000000000000000000000000000000000 --- a/crypto/evp/e_null.c +++ /dev/null @@ -1,51 +0,0 @@ -/* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/cryptlib.h" -#include -#include -#include "crypto/evp.h" - -static int null_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc); -static int null_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl); -static const EVP_CIPHER n_cipher = { - NID_undef, - 1, 0, 0, 0, - EVP_ORIG_GLOBAL, - null_init_key, - null_cipher, - NULL, - 0, - NULL, - NULL, - NULL, - NULL -}; - -const EVP_CIPHER *EVP_enc_null(void) -{ - return &n_cipher; -} - -static int null_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) -{ - return 1; -} - -static int null_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl) -{ - if (in != out) - memcpy(out, in, inl); - return 1; -} diff --git a/crypto/evp/e_old.c b/crypto/evp/e_old.c deleted file mode 100644 index e9c9f22119bf4994a801c6b91703738750e462bb..0000000000000000000000000000000000000000 --- a/crypto/evp/e_old.c +++ /dev/null @@ -1,108 +0,0 @@ -/* - * Copyright 2004-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include - -#include - -/* - * Define some deprecated functions, so older programs don't crash and burn - * too quickly. On Windows and VMS, these will never be used, since - * functions and variables in shared libraries are selected by entry point - * location, not by name. - */ - -#ifndef OPENSSL_NO_BF -# undef EVP_bf_cfb -const EVP_CIPHER *EVP_bf_cfb(void); -const EVP_CIPHER *EVP_bf_cfb(void) -{ - return EVP_bf_cfb64(); -} -#endif - -#ifndef OPENSSL_NO_DES -# undef EVP_des_cfb -const EVP_CIPHER *EVP_des_cfb(void); -const EVP_CIPHER *EVP_des_cfb(void) -{ - return EVP_des_cfb64(); -} - -# undef EVP_des_ede3_cfb -const EVP_CIPHER *EVP_des_ede3_cfb(void); -const EVP_CIPHER *EVP_des_ede3_cfb(void) -{ - return EVP_des_ede3_cfb64(); -} - -# undef EVP_des_ede_cfb -const EVP_CIPHER *EVP_des_ede_cfb(void); -const EVP_CIPHER *EVP_des_ede_cfb(void) -{ - return EVP_des_ede_cfb64(); -} -#endif - -#ifndef OPENSSL_NO_IDEA -# undef EVP_idea_cfb -const EVP_CIPHER *EVP_idea_cfb(void); -const EVP_CIPHER *EVP_idea_cfb(void) -{ - return EVP_idea_cfb64(); -} -#endif - -#ifndef OPENSSL_NO_RC2 -# undef EVP_rc2_cfb -const EVP_CIPHER *EVP_rc2_cfb(void); -const EVP_CIPHER *EVP_rc2_cfb(void) -{ - return EVP_rc2_cfb64(); -} -#endif - -#ifndef OPENSSL_NO_CAST -# undef EVP_cast5_cfb -const EVP_CIPHER *EVP_cast5_cfb(void); -const EVP_CIPHER *EVP_cast5_cfb(void) -{ - return EVP_cast5_cfb64(); -} -#endif - -#ifndef OPENSSL_NO_RC5 -# undef EVP_rc5_32_12_16_cfb -const EVP_CIPHER *EVP_rc5_32_12_16_cfb(void); -const EVP_CIPHER *EVP_rc5_32_12_16_cfb(void) -{ - return EVP_rc5_32_12_16_cfb64(); -} -#endif - -#undef EVP_aes_128_cfb -const EVP_CIPHER *EVP_aes_128_cfb(void); -const EVP_CIPHER *EVP_aes_128_cfb(void) -{ - return EVP_aes_128_cfb128(); -} - -#undef EVP_aes_192_cfb -const EVP_CIPHER *EVP_aes_192_cfb(void); -const EVP_CIPHER *EVP_aes_192_cfb(void) -{ - return EVP_aes_192_cfb128(); -} - -#undef EVP_aes_256_cfb -const EVP_CIPHER *EVP_aes_256_cfb(void); -const EVP_CIPHER *EVP_aes_256_cfb(void) -{ - return EVP_aes_256_cfb128(); -} diff --git a/crypto/evp/e_rc2.c b/crypto/evp/e_rc2.c deleted file mode 100644 index ffeb17fb1e5acfcabfc277cec0e172349c1b5fc2..0000000000000000000000000000000000000000 --- a/crypto/evp/e_rc2.c +++ /dev/null @@ -1,198 +0,0 @@ -/* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * RC2 low level APIs are deprecated for public use, but still ok for internal - * use. - */ -#include "internal/deprecated.h" - -#include -#include "internal/cryptlib.h" - -#ifndef OPENSSL_NO_RC2 - -# include -# include -# include "crypto/evp.h" -# include -# include "evp_local.h" - -static int rc2_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc); -static int rc2_meth_to_magic(EVP_CIPHER_CTX *ctx); -static int rc2_magic_to_meth(int i); -static int rc2_set_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type); -static int rc2_get_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type); -static int rc2_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr); - -typedef struct { - int key_bits; /* effective key bits */ - RC2_KEY ks; /* key schedule */ -} EVP_RC2_KEY; - -# define data(ctx) EVP_C_DATA(EVP_RC2_KEY,ctx) - -IMPLEMENT_BLOCK_CIPHER(rc2, ks, RC2, EVP_RC2_KEY, NID_rc2, - 8, - RC2_KEY_LENGTH, 8, 64, - EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT, - rc2_init_key, NULL, - rc2_set_asn1_type_and_iv, rc2_get_asn1_type_and_iv, - rc2_ctrl) -# define RC2_40_MAGIC 0xa0 -# define RC2_64_MAGIC 0x78 -# define RC2_128_MAGIC 0x3a -static const EVP_CIPHER r2_64_cbc_cipher = { - NID_rc2_64_cbc, - 8, 8 /* 64 bit */ , 8, - EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT, - EVP_ORIG_GLOBAL, - rc2_init_key, - rc2_cbc_cipher, - NULL, - sizeof(EVP_RC2_KEY), - rc2_set_asn1_type_and_iv, - rc2_get_asn1_type_and_iv, - rc2_ctrl, - NULL -}; - -static const EVP_CIPHER r2_40_cbc_cipher = { - NID_rc2_40_cbc, - 8, 5 /* 40 bit */ , 8, - EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT, - EVP_ORIG_GLOBAL, - rc2_init_key, - rc2_cbc_cipher, - NULL, - sizeof(EVP_RC2_KEY), - rc2_set_asn1_type_and_iv, - rc2_get_asn1_type_and_iv, - rc2_ctrl, - NULL -}; - -const EVP_CIPHER *EVP_rc2_64_cbc(void) -{ - return &r2_64_cbc_cipher; -} - -const EVP_CIPHER *EVP_rc2_40_cbc(void) -{ - return &r2_40_cbc_cipher; -} - -static int rc2_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) -{ - RC2_set_key(&data(ctx)->ks, EVP_CIPHER_CTX_get_key_length(ctx), - key, data(ctx)->key_bits); - return 1; -} - -static int rc2_meth_to_magic(EVP_CIPHER_CTX *e) -{ - int i; - - if (EVP_CIPHER_CTX_ctrl(e, EVP_CTRL_GET_RC2_KEY_BITS, 0, &i) <= 0) - return 0; - if (i == 128) - return RC2_128_MAGIC; - else if (i == 64) - return RC2_64_MAGIC; - else if (i == 40) - return RC2_40_MAGIC; - else - return 0; -} - -static int rc2_magic_to_meth(int i) -{ - if (i == RC2_128_MAGIC) - return 128; - else if (i == RC2_64_MAGIC) - return 64; - else if (i == RC2_40_MAGIC) - return 40; - else { - ERR_raise(ERR_LIB_EVP, EVP_R_UNSUPPORTED_KEY_SIZE); - return 0; - } -} - -static int rc2_get_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) -{ - long num = 0; - int i = 0; - int key_bits; - unsigned int l; - unsigned char iv[EVP_MAX_IV_LENGTH]; - - if (type != NULL) { - l = EVP_CIPHER_CTX_get_iv_length(c); - OPENSSL_assert(l <= sizeof(iv)); - i = ASN1_TYPE_get_int_octetstring(type, &num, iv, l); - if (i != (int)l) - return -1; - key_bits = rc2_magic_to_meth((int)num); - if (!key_bits) - return -1; - if (i > 0 && !EVP_CipherInit_ex(c, NULL, NULL, NULL, iv, -1)) - return -1; - if (EVP_CIPHER_CTX_ctrl(c, EVP_CTRL_SET_RC2_KEY_BITS, key_bits, - NULL) <= 0 - || EVP_CIPHER_CTX_set_key_length(c, key_bits / 8) <= 0) - return -1; - } - return i; -} - -static int rc2_set_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) -{ - long num; - int i = 0, j; - - if (type != NULL) { - num = rc2_meth_to_magic(c); - j = EVP_CIPHER_CTX_get_iv_length(c); - i = ASN1_TYPE_set_int_octetstring(type, num, c->oiv, j); - } - return i; -} - -static int rc2_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) -{ - switch (type) { - case EVP_CTRL_INIT: - data(c)->key_bits = EVP_CIPHER_CTX_get_key_length(c) * 8; - return 1; - - case EVP_CTRL_GET_RC2_KEY_BITS: - *(int *)ptr = data(c)->key_bits; - return 1; - - case EVP_CTRL_SET_RC2_KEY_BITS: - if (arg > 0) { - data(c)->key_bits = arg; - return 1; - } - return 0; -# ifdef PBE_PRF_TEST - case EVP_CTRL_PBE_PRF_NID: - *(int *)ptr = NID_hmacWithMD5; - return 1; -# endif - - default: - return -1; - } -} - -#endif diff --git a/crypto/evp/e_rc4.c b/crypto/evp/e_rc4.c deleted file mode 100644 index e22e81d467525ebde3443408a7dffe1c30b237c7..0000000000000000000000000000000000000000 --- a/crypto/evp/e_rc4.c +++ /dev/null @@ -1,94 +0,0 @@ -/* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * RC4 low level APIs are deprecated for public use, but still ok for internal - * use. - */ -#include "internal/deprecated.h" - -#include -#include "internal/cryptlib.h" - -#ifndef OPENSSL_NO_RC4 - -# include -# include -# include - -# include "crypto/evp.h" - -typedef struct { - RC4_KEY ks; /* working key */ -} EVP_RC4_KEY; - -# define data(ctx) ((EVP_RC4_KEY *)EVP_CIPHER_CTX_get_cipher_data(ctx)) - -static int rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc); -static int rc4_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl); -static const EVP_CIPHER r4_cipher = { - NID_rc4, - 1, EVP_RC4_KEY_SIZE, 0, - EVP_CIPH_VARIABLE_LENGTH, - EVP_ORIG_GLOBAL, - rc4_init_key, - rc4_cipher, - NULL, - sizeof(EVP_RC4_KEY), - NULL, - NULL, - NULL, - NULL -}; - -static const EVP_CIPHER r4_40_cipher = { - NID_rc4_40, - 1, 5 /* 40 bit */ , 0, - EVP_CIPH_VARIABLE_LENGTH, - EVP_ORIG_GLOBAL, - rc4_init_key, - rc4_cipher, - NULL, - sizeof(EVP_RC4_KEY), - NULL, - NULL, - NULL, - NULL -}; - -const EVP_CIPHER *EVP_rc4(void) -{ - return &r4_cipher; -} - -const EVP_CIPHER *EVP_rc4_40(void) -{ - return &r4_40_cipher; -} - -static int rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) -{ - int keylen; - - if ((keylen = EVP_CIPHER_CTX_get_key_length(ctx)) <= 0) - return 0; - RC4_set_key(&data(ctx)->ks, keylen, key); - return 1; -} - -static int rc4_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl) -{ - RC4(&data(ctx)->ks, inl, in, out); - return 1; -} -#endif diff --git a/crypto/evp/e_rc4_hmac_md5.c b/crypto/evp/e_rc4_hmac_md5.c deleted file mode 100644 index 183ecefcec6522dff58abb2f6db439d5879614bb..0000000000000000000000000000000000000000 --- a/crypto/evp/e_rc4_hmac_md5.c +++ /dev/null @@ -1,273 +0,0 @@ -/* - * Copyright 2011-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * MD5 and RC4 low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include "internal/cryptlib.h" -#include - -#include -#include - -#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_MD5) - -# include -# include -# include -# include -# include -# include "crypto/evp.h" - -typedef struct { - RC4_KEY ks; - MD5_CTX head, tail, md; - size_t payload_length; -} EVP_RC4_HMAC_MD5; - -# define NO_PAYLOAD_LENGTH ((size_t)-1) - -void rc4_md5_enc(RC4_KEY *key, const void *in0, void *out, - MD5_CTX *ctx, const void *inp, size_t blocks); - -# define data(ctx) ((EVP_RC4_HMAC_MD5 *)EVP_CIPHER_CTX_get_cipher_data(ctx)) - -static int rc4_hmac_md5_init_key(EVP_CIPHER_CTX *ctx, - const unsigned char *inkey, - const unsigned char *iv, int enc) -{ - EVP_RC4_HMAC_MD5 *key = data(ctx); - const int keylen = EVP_CIPHER_CTX_get_key_length(ctx); - - if (keylen <= 0) - return 0; - - RC4_set_key(&key->ks, keylen, inkey); - - MD5_Init(&key->head); /* handy when benchmarking */ - key->tail = key->head; - key->md = key->head; - - key->payload_length = NO_PAYLOAD_LENGTH; - - return 1; -} - -# if defined(RC4_ASM) && defined(MD5_ASM) && ( \ - defined(__x86_64) || defined(__x86_64__) || \ - defined(_M_AMD64) || defined(_M_X64) ) -# define STITCHED_CALL -# endif - -# if !defined(STITCHED_CALL) -# define rc4_off 0 -# define md5_off 0 -# endif - -static int rc4_hmac_md5_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len) -{ - EVP_RC4_HMAC_MD5 *key = data(ctx); -# if defined(STITCHED_CALL) - size_t rc4_off = 32 - 1 - (key->ks.x & (32 - 1)), /* 32 is $MOD from - * rc4_md5-x86_64.pl */ - md5_off = MD5_CBLOCK - key->md.num, blocks; - unsigned int l; -# endif - size_t plen = key->payload_length; - - if (plen != NO_PAYLOAD_LENGTH && len != (plen + MD5_DIGEST_LENGTH)) - return 0; - - if (EVP_CIPHER_CTX_is_encrypting(ctx)) { - if (plen == NO_PAYLOAD_LENGTH) - plen = len; -# if defined(STITCHED_CALL) - /* cipher has to "fall behind" */ - if (rc4_off > md5_off) - md5_off += MD5_CBLOCK; - - if (plen > md5_off && (blocks = (plen - md5_off) / MD5_CBLOCK) && - (OPENSSL_ia32cap_P[0] & (1 << 20)) == 0) { - MD5_Update(&key->md, in, md5_off); - RC4(&key->ks, rc4_off, in, out); - - rc4_md5_enc(&key->ks, in + rc4_off, out + rc4_off, - &key->md, in + md5_off, blocks); - blocks *= MD5_CBLOCK; - rc4_off += blocks; - md5_off += blocks; - key->md.Nh += blocks >> 29; - key->md.Nl += blocks <<= 3; - if (key->md.Nl < (unsigned int)blocks) - key->md.Nh++; - } else { - rc4_off = 0; - md5_off = 0; - } -# endif - MD5_Update(&key->md, in + md5_off, plen - md5_off); - - if (plen != len) { /* "TLS" mode of operation */ - if (in != out) - memcpy(out + rc4_off, in + rc4_off, plen - rc4_off); - - /* calculate HMAC and append it to payload */ - MD5_Final(out + plen, &key->md); - key->md = key->tail; - MD5_Update(&key->md, out + plen, MD5_DIGEST_LENGTH); - MD5_Final(out + plen, &key->md); - /* encrypt HMAC at once */ - RC4(&key->ks, len - rc4_off, out + rc4_off, out + rc4_off); - } else { - RC4(&key->ks, len - rc4_off, in + rc4_off, out + rc4_off); - } - } else { - unsigned char mac[MD5_DIGEST_LENGTH]; -# if defined(STITCHED_CALL) - /* digest has to "fall behind" */ - if (md5_off > rc4_off) - rc4_off += 2 * MD5_CBLOCK; - else - rc4_off += MD5_CBLOCK; - - if (len > rc4_off && (blocks = (len - rc4_off) / MD5_CBLOCK) && - (OPENSSL_ia32cap_P[0] & (1 << 20)) == 0) { - RC4(&key->ks, rc4_off, in, out); - MD5_Update(&key->md, out, md5_off); - - rc4_md5_enc(&key->ks, in + rc4_off, out + rc4_off, - &key->md, out + md5_off, blocks); - blocks *= MD5_CBLOCK; - rc4_off += blocks; - md5_off += blocks; - l = (key->md.Nl + (blocks << 3)) & 0xffffffffU; - if (l < key->md.Nl) - key->md.Nh++; - key->md.Nl = l; - key->md.Nh += blocks >> 29; - } else { - md5_off = 0; - rc4_off = 0; - } -# endif - /* decrypt HMAC at once */ - RC4(&key->ks, len - rc4_off, in + rc4_off, out + rc4_off); - if (plen != NO_PAYLOAD_LENGTH) { /* "TLS" mode of operation */ - MD5_Update(&key->md, out + md5_off, plen - md5_off); - - /* calculate HMAC and verify it */ - MD5_Final(mac, &key->md); - key->md = key->tail; - MD5_Update(&key->md, mac, MD5_DIGEST_LENGTH); - MD5_Final(mac, &key->md); - - if (CRYPTO_memcmp(out + plen, mac, MD5_DIGEST_LENGTH)) - return 0; - } else { - MD5_Update(&key->md, out + md5_off, len - md5_off); - } - } - - key->payload_length = NO_PAYLOAD_LENGTH; - - return 1; -} - -static int rc4_hmac_md5_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, - void *ptr) -{ - EVP_RC4_HMAC_MD5 *key = data(ctx); - - switch (type) { - case EVP_CTRL_AEAD_SET_MAC_KEY: - { - unsigned int i; - unsigned char hmac_key[64]; - - memset(hmac_key, 0, sizeof(hmac_key)); - - if (arg > (int)sizeof(hmac_key)) { - MD5_Init(&key->head); - MD5_Update(&key->head, ptr, arg); - MD5_Final(hmac_key, &key->head); - } else { - memcpy(hmac_key, ptr, arg); - } - - for (i = 0; i < sizeof(hmac_key); i++) - hmac_key[i] ^= 0x36; /* ipad */ - MD5_Init(&key->head); - MD5_Update(&key->head, hmac_key, sizeof(hmac_key)); - - for (i = 0; i < sizeof(hmac_key); i++) - hmac_key[i] ^= 0x36 ^ 0x5c; /* opad */ - MD5_Init(&key->tail); - MD5_Update(&key->tail, hmac_key, sizeof(hmac_key)); - - OPENSSL_cleanse(hmac_key, sizeof(hmac_key)); - - return 1; - } - case EVP_CTRL_AEAD_TLS1_AAD: - { - unsigned char *p = ptr; - unsigned int len; - - if (arg != EVP_AEAD_TLS1_AAD_LEN) - return -1; - - len = p[arg - 2] << 8 | p[arg - 1]; - - if (!EVP_CIPHER_CTX_is_encrypting(ctx)) { - if (len < MD5_DIGEST_LENGTH) - return -1; - len -= MD5_DIGEST_LENGTH; - p[arg - 2] = len >> 8; - p[arg - 1] = len; - } - key->payload_length = len; - key->md = key->head; - MD5_Update(&key->md, p, arg); - - return MD5_DIGEST_LENGTH; - } - default: - return -1; - } -} - -static EVP_CIPHER r4_hmac_md5_cipher = { -# ifdef NID_rc4_hmac_md5 - NID_rc4_hmac_md5, -# else - NID_undef, -# endif - 1, EVP_RC4_KEY_SIZE, 0, - EVP_CIPH_STREAM_CIPHER | EVP_CIPH_VARIABLE_LENGTH | - EVP_CIPH_FLAG_AEAD_CIPHER, - EVP_ORIG_GLOBAL, - rc4_hmac_md5_init_key, - rc4_hmac_md5_cipher, - NULL, - sizeof(EVP_RC4_HMAC_MD5), - NULL, - NULL, - rc4_hmac_md5_ctrl, - NULL -}; - -const EVP_CIPHER *EVP_rc4_hmac_md5(void) -{ - return &r4_hmac_md5_cipher; -} -#endif diff --git a/crypto/evp/e_rc5.c b/crypto/evp/e_rc5.c deleted file mode 100644 index 3496a701931c9a1cbb8b6500e35cdf4362d48d5b..0000000000000000000000000000000000000000 --- a/crypto/evp/e_rc5.c +++ /dev/null @@ -1,84 +0,0 @@ -/* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * RC5 low level APIs are deprecated for public use, but still ok for internal - * use. - */ -#include "internal/deprecated.h" - -#include -#include "internal/cryptlib.h" - -#ifndef OPENSSL_NO_RC5 - -# include -# include "crypto/evp.h" -# include -# include "evp_local.h" -# include - -static int r_32_12_16_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc); -static int rc5_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr); - -typedef struct { - int rounds; /* number of rounds */ - RC5_32_KEY ks; /* key schedule */ -} EVP_RC5_KEY; - -# define data(ctx) EVP_C_DATA(EVP_RC5_KEY,ctx) - -IMPLEMENT_BLOCK_CIPHER(rc5_32_12_16, ks, RC5_32, EVP_RC5_KEY, NID_rc5, - 8, RC5_32_KEY_LENGTH, 8, 64, - EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT, - r_32_12_16_init_key, NULL, NULL, NULL, rc5_ctrl) - -static int rc5_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) -{ - switch (type) { - case EVP_CTRL_INIT: - data(c)->rounds = RC5_12_ROUNDS; - return 1; - - case EVP_CTRL_GET_RC5_ROUNDS: - *(int *)ptr = data(c)->rounds; - return 1; - - case EVP_CTRL_SET_RC5_ROUNDS: - switch (arg) { - case RC5_8_ROUNDS: - case RC5_12_ROUNDS: - case RC5_16_ROUNDS: - data(c)->rounds = arg; - return 1; - - default: - ERR_raise(ERR_LIB_EVP, EVP_R_UNSUPPORTED_NUMBER_OF_ROUNDS); - return 0; - } - - default: - return -1; - } -} - -static int r_32_12_16_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) -{ - const int key_len = EVP_CIPHER_CTX_get_key_length(ctx); - - if (key_len > 255 || key_len < 0) { - ERR_raise(ERR_LIB_EVP, EVP_R_BAD_KEY_LENGTH); - return 0; - } - return RC5_32_set_key(&data(ctx)->ks, key_len, key, data(ctx)->rounds); -} - -#endif diff --git a/crypto/evp/e_seed.c b/crypto/evp/e_seed.c deleted file mode 100644 index 98c7385f61da7a665e9bdb4a44a14f0feac7b7eb..0000000000000000000000000000000000000000 --- a/crypto/evp/e_seed.c +++ /dev/null @@ -1,41 +0,0 @@ -/* - * Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * SEED low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include -#include -#include -#include -#include -#include -#include "crypto/evp.h" -#include "evp_local.h" - -static int seed_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc); - -typedef struct { - SEED_KEY_SCHEDULE ks; -} EVP_SEED_KEY; - -IMPLEMENT_BLOCK_CIPHER(seed, ks, SEED, EVP_SEED_KEY, NID_seed, - 16, 16, 16, 128, EVP_CIPH_FLAG_DEFAULT_ASN1, - seed_init_key, 0, 0, 0, 0) - -static int seed_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) -{ - SEED_set_key(key, &EVP_C_DATA(EVP_SEED_KEY,ctx)->ks); - return 1; -} diff --git a/crypto/evp/e_sm4.c b/crypto/evp/e_sm4.c deleted file mode 100644 index abd603015c714ce96251ce22e3c2f59d462d5907..0000000000000000000000000000000000000000 --- a/crypto/evp/e_sm4.c +++ /dev/null @@ -1,108 +0,0 @@ -/* - * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. - * Copyright 2017 Ribose Inc. All Rights Reserved. - * Ported from Ribose contributions from Botan. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include "internal/deprecated.h" - -#include "internal/cryptlib.h" -#ifndef OPENSSL_NO_SM4 -# include -# include -# include "crypto/sm4.h" -# include "crypto/evp.h" -# include "evp_local.h" - -typedef struct { - SM4_KEY ks; -} EVP_SM4_KEY; - -static int sm4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) -{ - ossl_sm4_set_key(key, EVP_CIPHER_CTX_get_cipher_data(ctx)); - return 1; -} - -static void sm4_cbc_encrypt(const unsigned char *in, unsigned char *out, - size_t len, const SM4_KEY *key, - unsigned char *ivec, const int enc) -{ - if (enc) - CRYPTO_cbc128_encrypt(in, out, len, key, ivec, - (block128_f)ossl_sm4_encrypt); - else - CRYPTO_cbc128_decrypt(in, out, len, key, ivec, - (block128_f)ossl_sm4_decrypt); -} - -static void sm4_cfb128_encrypt(const unsigned char *in, unsigned char *out, - size_t length, const SM4_KEY *key, - unsigned char *ivec, int *num, const int enc) -{ - CRYPTO_cfb128_encrypt(in, out, length, key, ivec, num, enc, - (block128_f)ossl_sm4_encrypt); -} - -static void sm4_ecb_encrypt(const unsigned char *in, unsigned char *out, - const SM4_KEY *key, const int enc) -{ - if (enc) - ossl_sm4_encrypt(in, out, key); - else - ossl_sm4_decrypt(in, out, key); -} - -static void sm4_ofb128_encrypt(const unsigned char *in, unsigned char *out, - size_t length, const SM4_KEY *key, - unsigned char *ivec, int *num) -{ - CRYPTO_ofb128_encrypt(in, out, length, key, ivec, num, - (block128_f)ossl_sm4_encrypt); -} - -IMPLEMENT_BLOCK_CIPHER(sm4, ks, sm4, EVP_SM4_KEY, NID_sm4, - 16, 16, 16, 128, EVP_CIPH_FLAG_DEFAULT_ASN1, - sm4_init_key, 0, 0, 0, 0) - -static int sm4_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t len) -{ - int n = EVP_CIPHER_CTX_get_num(ctx); - unsigned int num; - EVP_SM4_KEY *dat = EVP_C_DATA(EVP_SM4_KEY, ctx); - - if (n < 0) - return 0; - num = (unsigned int)n; - - CRYPTO_ctr128_encrypt(in, out, len, &dat->ks, ctx->iv, - EVP_CIPHER_CTX_buf_noconst(ctx), &num, - (block128_f)ossl_sm4_encrypt); - EVP_CIPHER_CTX_set_num(ctx, num); - return 1; -} - -static const EVP_CIPHER sm4_ctr_mode = { - NID_sm4_ctr, 1, 16, 16, - EVP_CIPH_CTR_MODE, - EVP_ORIG_GLOBAL, - sm4_init_key, - sm4_ctr_cipher, - NULL, - sizeof(EVP_SM4_KEY), - NULL, NULL, NULL, NULL -}; - -const EVP_CIPHER *EVP_sm4_ctr(void) -{ - return &sm4_ctr_mode; -} - -#endif diff --git a/crypto/evp/e_xcbc_d.c b/crypto/evp/e_xcbc_d.c deleted file mode 100644 index f930941887a36217b4c80d30881eeb170f9ddf8d..0000000000000000000000000000000000000000 --- a/crypto/evp/e_xcbc_d.c +++ /dev/null @@ -1,91 +0,0 @@ -/* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * DES low level APIs are deprecated for public use, but still ok for internal - * use. - */ -#include "internal/deprecated.h" - -#include -#include "internal/cryptlib.h" - -#ifndef OPENSSL_NO_DES - -# include -# include -# include "crypto/evp.h" -# include -# include "evp_local.h" - -static int desx_cbc_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc); -static int desx_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl); - -typedef struct { - DES_key_schedule ks; /* key schedule */ - DES_cblock inw; - DES_cblock outw; -} DESX_CBC_KEY; - -# define data(ctx) EVP_C_DATA(DESX_CBC_KEY,ctx) - -static const EVP_CIPHER d_xcbc_cipher = { - NID_desx_cbc, - 8, 24, 8, - EVP_CIPH_CBC_MODE, - EVP_ORIG_GLOBAL, - desx_cbc_init_key, - desx_cbc_cipher, - NULL, - sizeof(DESX_CBC_KEY), - EVP_CIPHER_set_asn1_iv, - EVP_CIPHER_get_asn1_iv, - NULL, - NULL -}; - -const EVP_CIPHER *EVP_desx_cbc(void) -{ - return &d_xcbc_cipher; -} - -static int desx_cbc_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) -{ - DES_cblock *deskey = (DES_cblock *)key; - - DES_set_key_unchecked(deskey, &data(ctx)->ks); - memcpy(&data(ctx)->inw[0], &key[8], 8); - memcpy(&data(ctx)->outw[0], &key[16], 8); - - return 1; -} - -static int desx_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl) -{ - while (inl >= EVP_MAXCHUNK) { - DES_xcbc_encrypt(in, out, (long)EVP_MAXCHUNK, &data(ctx)->ks, - (DES_cblock *)ctx->iv, - &data(ctx)->inw, &data(ctx)->outw, - EVP_CIPHER_CTX_is_encrypting(ctx)); - inl -= EVP_MAXCHUNK; - in += EVP_MAXCHUNK; - out += EVP_MAXCHUNK; - } - if (inl) - DES_xcbc_encrypt(in, out, (long)inl, &data(ctx)->ks, - (DES_cblock *)ctx->iv, - &data(ctx)->inw, &data(ctx)->outw, - EVP_CIPHER_CTX_is_encrypting(ctx)); - return 1; -} -#endif diff --git a/crypto/evp/ec_ctrl.c b/crypto/evp/ec_ctrl.c deleted file mode 100644 index 404358ab97f1484c0f9312ff2f205ed169d2f96c..0000000000000000000000000000000000000000 --- a/crypto/evp/ec_ctrl.c +++ /dev/null @@ -1,300 +0,0 @@ -/* - * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include "internal/deprecated.h" - -#include -#include -#include -#include "crypto/evp.h" -#include "crypto/ec.h" - -/* - * This file is meant to contain functions to provide EVP_PKEY support for EC - * keys. - */ - -static ossl_inline -int evp_pkey_ctx_getset_ecdh_param_checks(const EVP_PKEY_CTX *ctx) -{ - if (ctx == NULL || !EVP_PKEY_CTX_IS_DERIVE_OP(ctx)) { - ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED); - /* Uses the same return values as EVP_PKEY_CTX_ctrl */ - return -2; - } - - /* If key type not EC return error */ - if (evp_pkey_ctx_is_legacy(ctx) - && ctx->pmeth != NULL && ctx->pmeth->pkey_id != EVP_PKEY_EC) - return -1; - - return 1; -} - -int EVP_PKEY_CTX_set_ecdh_cofactor_mode(EVP_PKEY_CTX *ctx, int cofactor_mode) -{ - int ret; - OSSL_PARAM params[2], *p = params; - - ret = evp_pkey_ctx_getset_ecdh_param_checks(ctx); - if (ret != 1) - return ret; - - /* - * Valid input values are: - * * 0 for disable - * * 1 for enable - * * -1 for reset to default for associated priv key - */ - if (cofactor_mode < -1 || cofactor_mode > 1) { - /* Uses the same return value of pkey_ec_ctrl() */ - return -2; - } - - *p++ = OSSL_PARAM_construct_int(OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE, - &cofactor_mode); - *p++ = OSSL_PARAM_construct_end(); - - ret = evp_pkey_ctx_set_params_strict(ctx, params); - if (ret == -2) - ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED); - return ret; -} - -int EVP_PKEY_CTX_get_ecdh_cofactor_mode(EVP_PKEY_CTX *ctx) -{ - int ret, mode; - OSSL_PARAM params[2], *p = params; - - ret = evp_pkey_ctx_getset_ecdh_param_checks(ctx); - if (ret != 1) - return ret; - - *p++ = OSSL_PARAM_construct_int(OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE, - &mode); - *p++ = OSSL_PARAM_construct_end(); - - ret = evp_pkey_ctx_get_params_strict(ctx, params); - - switch (ret) { - case -2: - ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED); - break; - case 1: - ret = mode; - if (mode < 0 || mode > 1) { - /* - * The provider should return either 0 or 1, any other value is a - * provider error. - */ - ret = -1; - } - break; - default: - ret = -1; - break; - } - - return ret; -} - -/* - * This one is currently implemented as an EVP_PKEY_CTX_ctrl() wrapper, - * simply because that's easier. - */ -int EVP_PKEY_CTX_set_ecdh_kdf_type(EVP_PKEY_CTX *ctx, int kdf) -{ - return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, EVP_PKEY_OP_DERIVE, - EVP_PKEY_CTRL_EC_KDF_TYPE, kdf, NULL); -} - -/* - * This one is currently implemented as an EVP_PKEY_CTX_ctrl() wrapper, - * simply because that's easier. - */ -int EVP_PKEY_CTX_get_ecdh_kdf_type(EVP_PKEY_CTX *ctx) -{ - return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, EVP_PKEY_OP_DERIVE, - EVP_PKEY_CTRL_EC_KDF_TYPE, -2, NULL); -} - -/* - * This one is currently implemented as an EVP_PKEY_CTX_ctrl() wrapper, - * simply because that's easier. - */ -int EVP_PKEY_CTX_set_ecdh_kdf_md(EVP_PKEY_CTX *ctx, const EVP_MD *md) -{ - return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, EVP_PKEY_OP_DERIVE, - EVP_PKEY_CTRL_EC_KDF_MD, 0, (void *)(md)); -} - -/* - * This one is currently implemented as an EVP_PKEY_CTX_ctrl() wrapper, - * simply because that's easier. - */ -int EVP_PKEY_CTX_get_ecdh_kdf_md(EVP_PKEY_CTX *ctx, const EVP_MD **pmd) -{ - return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, EVP_PKEY_OP_DERIVE, - EVP_PKEY_CTRL_GET_EC_KDF_MD, 0, (void *)(pmd)); -} - -int EVP_PKEY_CTX_set_ecdh_kdf_outlen(EVP_PKEY_CTX *ctx, int outlen) -{ - int ret; - size_t len = outlen; - OSSL_PARAM params[2], *p = params; - - ret = evp_pkey_ctx_getset_ecdh_param_checks(ctx); - if (ret != 1) - return ret; - - if (outlen <= 0) { - /* - * This would ideally be -1 or 0, but we have to retain compatibility - * with legacy behaviour of EVP_PKEY_CTX_ctrl() which returned -2 if - * in <= 0 - */ - return -2; - } - - *p++ = OSSL_PARAM_construct_size_t(OSSL_EXCHANGE_PARAM_KDF_OUTLEN, - &len); - *p++ = OSSL_PARAM_construct_end(); - - ret = evp_pkey_ctx_set_params_strict(ctx, params); - if (ret == -2) - ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED); - return ret; -} - -int EVP_PKEY_CTX_get_ecdh_kdf_outlen(EVP_PKEY_CTX *ctx, int *plen) -{ - size_t len = UINT_MAX; - int ret; - OSSL_PARAM params[2], *p = params; - - ret = evp_pkey_ctx_getset_ecdh_param_checks(ctx); - if (ret != 1) - return ret; - - *p++ = OSSL_PARAM_construct_size_t(OSSL_EXCHANGE_PARAM_KDF_OUTLEN, - &len); - *p++ = OSSL_PARAM_construct_end(); - - ret = evp_pkey_ctx_get_params_strict(ctx, params); - - switch (ret) { - case -2: - ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED); - break; - case 1: - if (len <= INT_MAX) - *plen = (int)len; - else - ret = -1; - break; - default: - ret = -1; - break; - } - - return ret; -} - -int EVP_PKEY_CTX_set0_ecdh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char *ukm, int len) -{ - int ret; - OSSL_PARAM params[2], *p = params; - - ret = evp_pkey_ctx_getset_ecdh_param_checks(ctx); - if (ret != 1) - return ret; - - *p++ = OSSL_PARAM_construct_octet_string(OSSL_EXCHANGE_PARAM_KDF_UKM, - /* - * Cast away the const. This is read - * only so should be safe - */ - (void *)ukm, - (size_t)len); - *p++ = OSSL_PARAM_construct_end(); - - ret = evp_pkey_ctx_set_params_strict(ctx, params); - - switch (ret) { - case -2: - ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED); - break; - case 1: - OPENSSL_free(ukm); - break; - } - - return ret; -} - -#ifndef OPENSSL_NO_DEPRECATED_3_0 -int EVP_PKEY_CTX_get0_ecdh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char **pukm) -{ - size_t ukmlen; - int ret; - OSSL_PARAM params[2], *p = params; - - ret = evp_pkey_ctx_getset_ecdh_param_checks(ctx); - if (ret != 1) - return ret; - - *p++ = OSSL_PARAM_construct_octet_ptr(OSSL_EXCHANGE_PARAM_KDF_UKM, - (void **)pukm, 0); - *p++ = OSSL_PARAM_construct_end(); - - ret = evp_pkey_ctx_get_params_strict(ctx, params); - - switch (ret) { - case -2: - ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED); - break; - case 1: - ret = -1; - ukmlen = params[0].return_size; - if (ukmlen <= INT_MAX) - ret = (int)ukmlen; - break; - default: - ret = -1; - break; - } - - return ret; -} -#endif - -#ifndef FIPS_MODULE -/* - * This one is currently implemented as an EVP_PKEY_CTX_ctrl() wrapper, - * simply because that's easier. - * ASN1_OBJECT (which would be converted to text internally)? - */ -int EVP_PKEY_CTX_set_ec_paramgen_curve_nid(EVP_PKEY_CTX *ctx, int nid) -{ - return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, EVP_PKEY_OP_TYPE_GEN, - EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID, - nid, NULL); -} - -/* - * This one is currently implemented as an EVP_PKEY_CTX_ctrl() wrapper, - * simply because that's easier. - */ -int EVP_PKEY_CTX_set_ec_param_enc(EVP_PKEY_CTX *ctx, int param_enc) -{ - return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, EVP_PKEY_OP_TYPE_GEN, - EVP_PKEY_CTRL_EC_PARAM_ENC, param_enc, NULL); -} -#endif diff --git a/crypto/evp/ec_support.c b/crypto/evp/ec_support.c deleted file mode 100644 index 1ec10143d2de789cb298fa91f562f38f69823cd0..0000000000000000000000000000000000000000 --- a/crypto/evp/ec_support.c +++ /dev/null @@ -1,188 +0,0 @@ -/* - * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include "crypto/ec.h" -#include "internal/nelem.h" - -typedef struct ec_name2nid_st { - const char *name; - int nid; -} EC_NAME2NID; - -static const EC_NAME2NID curve_list[] = { - /* prime field curves */ - /* secg curves */ - {"secp112r1", NID_secp112r1 }, - {"secp112r2", NID_secp112r2 }, - {"secp128r1", NID_secp128r1 }, - {"secp128r2", NID_secp128r2 }, - {"secp160k1", NID_secp160k1 }, - {"secp160r1", NID_secp160r1 }, - {"secp160r2", NID_secp160r2 }, - {"secp192k1", NID_secp192k1 }, - {"secp224k1", NID_secp224k1 }, - {"secp224r1", NID_secp224r1 }, - {"secp256k1", NID_secp256k1 }, - {"secp384r1", NID_secp384r1 }, - {"secp521r1", NID_secp521r1 }, - /* X9.62 curves */ - {"prime192v1", NID_X9_62_prime192v1 }, - {"prime192v2", NID_X9_62_prime192v2 }, - {"prime192v3", NID_X9_62_prime192v3 }, - {"prime239v1", NID_X9_62_prime239v1 }, - {"prime239v2", NID_X9_62_prime239v2 }, - {"prime239v3", NID_X9_62_prime239v3 }, - {"prime256v1", NID_X9_62_prime256v1 }, - /* characteristic two field curves */ - /* NIST/SECG curves */ - {"sect113r1", NID_sect113r1 }, - {"sect113r2", NID_sect113r2 }, - {"sect131r1", NID_sect131r1 }, - {"sect131r2", NID_sect131r2 }, - {"sect163k1", NID_sect163k1 }, - {"sect163r1", NID_sect163r1 }, - {"sect163r2", NID_sect163r2 }, - {"sect193r1", NID_sect193r1 }, - {"sect193r2", NID_sect193r2 }, - {"sect233k1", NID_sect233k1 }, - {"sect233r1", NID_sect233r1 }, - {"sect239k1", NID_sect239k1 }, - {"sect283k1", NID_sect283k1 }, - {"sect283r1", NID_sect283r1 }, - {"sect409k1", NID_sect409k1 }, - {"sect409r1", NID_sect409r1 }, - {"sect571k1", NID_sect571k1 }, - {"sect571r1", NID_sect571r1 }, - /* X9.62 curves */ - {"c2pnb163v1", NID_X9_62_c2pnb163v1 }, - {"c2pnb163v2", NID_X9_62_c2pnb163v2 }, - {"c2pnb163v3", NID_X9_62_c2pnb163v3 }, - {"c2pnb176v1", NID_X9_62_c2pnb176v1 }, - {"c2tnb191v1", NID_X9_62_c2tnb191v1 }, - {"c2tnb191v2", NID_X9_62_c2tnb191v2 }, - {"c2tnb191v3", NID_X9_62_c2tnb191v3 }, - {"c2pnb208w1", NID_X9_62_c2pnb208w1 }, - {"c2tnb239v1", NID_X9_62_c2tnb239v1 }, - {"c2tnb239v2", NID_X9_62_c2tnb239v2 }, - {"c2tnb239v3", NID_X9_62_c2tnb239v3 }, - {"c2pnb272w1", NID_X9_62_c2pnb272w1 }, - {"c2pnb304w1", NID_X9_62_c2pnb304w1 }, - {"c2tnb359v1", NID_X9_62_c2tnb359v1 }, - {"c2pnb368w1", NID_X9_62_c2pnb368w1 }, - {"c2tnb431r1", NID_X9_62_c2tnb431r1 }, - /* - * the WAP/WTLS curves [unlike SECG, spec has its own OIDs for curves - * from X9.62] - */ - {"wap-wsg-idm-ecid-wtls1", NID_wap_wsg_idm_ecid_wtls1 }, - {"wap-wsg-idm-ecid-wtls3", NID_wap_wsg_idm_ecid_wtls3 }, - {"wap-wsg-idm-ecid-wtls4", NID_wap_wsg_idm_ecid_wtls4 }, - {"wap-wsg-idm-ecid-wtls5", NID_wap_wsg_idm_ecid_wtls5 }, - {"wap-wsg-idm-ecid-wtls6", NID_wap_wsg_idm_ecid_wtls6 }, - {"wap-wsg-idm-ecid-wtls7", NID_wap_wsg_idm_ecid_wtls7 }, - {"wap-wsg-idm-ecid-wtls8", NID_wap_wsg_idm_ecid_wtls8 }, - {"wap-wsg-idm-ecid-wtls9", NID_wap_wsg_idm_ecid_wtls9 }, - {"wap-wsg-idm-ecid-wtls10", NID_wap_wsg_idm_ecid_wtls10 }, - {"wap-wsg-idm-ecid-wtls11", NID_wap_wsg_idm_ecid_wtls11 }, - {"wap-wsg-idm-ecid-wtls12", NID_wap_wsg_idm_ecid_wtls12 }, - /* IPSec curves */ - {"Oakley-EC2N-3", NID_ipsec3 }, - {"Oakley-EC2N-4", NID_ipsec4 }, - /* brainpool curves */ - {"brainpoolP160r1", NID_brainpoolP160r1 }, - {"brainpoolP160t1", NID_brainpoolP160t1 }, - {"brainpoolP192r1", NID_brainpoolP192r1 }, - {"brainpoolP192t1", NID_brainpoolP192t1 }, - {"brainpoolP224r1", NID_brainpoolP224r1 }, - {"brainpoolP224t1", NID_brainpoolP224t1 }, - {"brainpoolP256r1", NID_brainpoolP256r1 }, - {"brainpoolP256t1", NID_brainpoolP256t1 }, - {"brainpoolP320r1", NID_brainpoolP320r1 }, - {"brainpoolP320t1", NID_brainpoolP320t1 }, - {"brainpoolP384r1", NID_brainpoolP384r1 }, - {"brainpoolP384t1", NID_brainpoolP384t1 }, - {"brainpoolP512r1", NID_brainpoolP512r1 }, - {"brainpoolP512t1", NID_brainpoolP512t1 }, - /* SM2 curve */ - {"SM2", NID_sm2 }, -}; - -const char *OSSL_EC_curve_nid2name(int nid) -{ - size_t i; - - if (nid <= 0) - return NULL; - - for (i = 0; i < OSSL_NELEM(curve_list); i++) { - if (curve_list[i].nid == nid) - return curve_list[i].name; - } - return NULL; -} - -int ossl_ec_curve_name2nid(const char *name) -{ - size_t i; - int nid; - - if (name != NULL) { - if ((nid = ossl_ec_curve_nist2nid_int(name)) != NID_undef) - return nid; - - for (i = 0; i < OSSL_NELEM(curve_list); i++) { - if (OPENSSL_strcasecmp(curve_list[i].name, name) == 0) - return curve_list[i].nid; - } - } - - return NID_undef; -} - -/* Functions to translate between common NIST curve names and NIDs */ - -static const EC_NAME2NID nist_curves[] = { - {"B-163", NID_sect163r2}, - {"B-233", NID_sect233r1}, - {"B-283", NID_sect283r1}, - {"B-409", NID_sect409r1}, - {"B-571", NID_sect571r1}, - {"K-163", NID_sect163k1}, - {"K-233", NID_sect233k1}, - {"K-283", NID_sect283k1}, - {"K-409", NID_sect409k1}, - {"K-571", NID_sect571k1}, - {"P-192", NID_X9_62_prime192v1}, - {"P-224", NID_secp224r1}, - {"P-256", NID_X9_62_prime256v1}, - {"P-384", NID_secp384r1}, - {"P-521", NID_secp521r1} -}; - -const char *ossl_ec_curve_nid2nist_int(int nid) -{ - size_t i; - for (i = 0; i < OSSL_NELEM(nist_curves); i++) { - if (nist_curves[i].nid == nid) - return nist_curves[i].name; - } - return NULL; -} - -int ossl_ec_curve_nist2nid_int(const char *name) -{ - size_t i; - for (i = 0; i < OSSL_NELEM(nist_curves); i++) { - if (strcmp(nist_curves[i].name, name) == 0) - return nist_curves[i].nid; - } - return NID_undef; -} diff --git a/crypto/evp/encode.c b/crypto/evp/encode.c deleted file mode 100644 index 2c047fa039ae49b4fc41e3967015d48de95ef550..0000000000000000000000000000000000000000 --- a/crypto/evp/encode.c +++ /dev/null @@ -1,478 +0,0 @@ -/* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include "internal/cryptlib.h" -#include -#include "crypto/evp.h" -#include "evp_local.h" - -static unsigned char conv_ascii2bin(unsigned char a, - const unsigned char *table); -static int evp_encodeblock_int(EVP_ENCODE_CTX *ctx, unsigned char *t, - const unsigned char *f, int dlen); -static int evp_decodeblock_int(EVP_ENCODE_CTX *ctx, unsigned char *t, - const unsigned char *f, int n); - -#ifndef CHARSET_EBCDIC -# define conv_bin2ascii(a, table) ((table)[(a)&0x3f]) -#else -/* - * We assume that PEM encoded files are EBCDIC files (i.e., printable text - * files). Convert them here while decoding. When encoding, output is EBCDIC - * (text) format again. (No need for conversion in the conv_bin2ascii macro, - * as the underlying textstring data_bin2ascii[] is already EBCDIC) - */ -# define conv_bin2ascii(a, table) ((table)[(a)&0x3f]) -#endif - -/*- - * 64 char lines - * pad input with 0 - * left over chars are set to = - * 1 byte => xx== - * 2 bytes => xxx= - * 3 bytes => xxxx - */ -#define BIN_PER_LINE (64/4*3) -#define CHUNKS_PER_LINE (64/4) -#define CHAR_PER_LINE (64+1) - -static const unsigned char data_bin2ascii[65] = - "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; - -/* SRP uses a different base64 alphabet */ -static const unsigned char srpdata_bin2ascii[65] = - "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz./"; - - -/*- - * 0xF0 is a EOLN - * 0xF1 is ignore but next needs to be 0xF0 (for \r\n processing). - * 0xF2 is EOF - * 0xE0 is ignore at start of line. - * 0xFF is error - */ - -#define B64_EOLN 0xF0 -#define B64_CR 0xF1 -#define B64_EOF 0xF2 -#define B64_WS 0xE0 -#define B64_ERROR 0xFF -#define B64_NOT_BASE64(a) (((a)|0x13) == 0xF3) -#define B64_BASE64(a) (!B64_NOT_BASE64(a)) - -static const unsigned char data_ascii2bin[128] = { - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xFF, 0xE0, 0xF0, 0xFF, 0xFF, 0xF1, 0xFF, 0xFF, - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xE0, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xFF, 0xFF, 0xFF, 0x3E, 0xFF, 0xF2, 0xFF, 0x3F, - 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x3B, - 0x3C, 0x3D, 0xFF, 0xFF, 0xFF, 0x00, 0xFF, 0xFF, - 0xFF, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, - 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, - 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, - 0x17, 0x18, 0x19, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xFF, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20, - 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, - 0x29, 0x2A, 0x2B, 0x2C, 0x2D, 0x2E, 0x2F, 0x30, - 0x31, 0x32, 0x33, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, -}; - -static const unsigned char srpdata_ascii2bin[128] = { - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xFF, 0xE0, 0xF0, 0xFF, 0xFF, 0xF1, 0xFF, 0xFF, - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xE0, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xF2, 0x3E, 0x3F, - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0xFF, 0xFF, 0xFF, 0x00, 0xFF, 0xFF, - 0xFF, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10, - 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, - 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20, - 0x21, 0x22, 0x23, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xFF, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, - 0x2B, 0x2C, 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, - 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, - 0x3B, 0x3C, 0x3D, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, -}; - -#ifndef CHARSET_EBCDIC -static unsigned char conv_ascii2bin(unsigned char a, const unsigned char *table) -{ - if (a & 0x80) - return B64_ERROR; - return table[a]; -} -#else -static unsigned char conv_ascii2bin(unsigned char a, const unsigned char *table) -{ - a = os_toascii[a]; - if (a & 0x80) - return B64_ERROR; - return table[a]; -} -#endif - -EVP_ENCODE_CTX *EVP_ENCODE_CTX_new(void) -{ - return OPENSSL_zalloc(sizeof(EVP_ENCODE_CTX)); -} - -void EVP_ENCODE_CTX_free(EVP_ENCODE_CTX *ctx) -{ - OPENSSL_free(ctx); -} - -int EVP_ENCODE_CTX_copy(EVP_ENCODE_CTX *dctx, const EVP_ENCODE_CTX *sctx) -{ - memcpy(dctx, sctx, sizeof(EVP_ENCODE_CTX)); - - return 1; -} - -int EVP_ENCODE_CTX_num(EVP_ENCODE_CTX *ctx) -{ - return ctx->num; -} - -void evp_encode_ctx_set_flags(EVP_ENCODE_CTX *ctx, unsigned int flags) -{ - ctx->flags = flags; -} - -void EVP_EncodeInit(EVP_ENCODE_CTX *ctx) -{ - ctx->length = 48; - ctx->num = 0; - ctx->line_num = 0; - ctx->flags = 0; -} - -int EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, - const unsigned char *in, int inl) -{ - int i, j; - size_t total = 0; - - *outl = 0; - if (inl <= 0) - return 0; - OPENSSL_assert(ctx->length <= (int)sizeof(ctx->enc_data)); - if (ctx->length - ctx->num > inl) { - memcpy(&(ctx->enc_data[ctx->num]), in, inl); - ctx->num += inl; - return 1; - } - if (ctx->num != 0) { - i = ctx->length - ctx->num; - memcpy(&(ctx->enc_data[ctx->num]), in, i); - in += i; - inl -= i; - j = evp_encodeblock_int(ctx, out, ctx->enc_data, ctx->length); - ctx->num = 0; - out += j; - total = j; - if ((ctx->flags & EVP_ENCODE_CTX_NO_NEWLINES) == 0) { - *(out++) = '\n'; - total++; - } - *out = '\0'; - } - while (inl >= ctx->length && total <= INT_MAX) { - j = evp_encodeblock_int(ctx, out, in, ctx->length); - in += ctx->length; - inl -= ctx->length; - out += j; - total += j; - if ((ctx->flags & EVP_ENCODE_CTX_NO_NEWLINES) == 0) { - *(out++) = '\n'; - total++; - } - *out = '\0'; - } - if (total > INT_MAX) { - /* Too much output data! */ - *outl = 0; - return 0; - } - if (inl != 0) - memcpy(&(ctx->enc_data[0]), in, inl); - ctx->num = inl; - *outl = total; - - return 1; -} - -void EVP_EncodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl) -{ - unsigned int ret = 0; - - if (ctx->num != 0) { - ret = evp_encodeblock_int(ctx, out, ctx->enc_data, ctx->num); - if ((ctx->flags & EVP_ENCODE_CTX_NO_NEWLINES) == 0) - out[ret++] = '\n'; - out[ret] = '\0'; - ctx->num = 0; - } - *outl = ret; -} - -static int evp_encodeblock_int(EVP_ENCODE_CTX *ctx, unsigned char *t, - const unsigned char *f, int dlen) -{ - int i, ret = 0; - unsigned long l; - const unsigned char *table; - - if (ctx != NULL && (ctx->flags & EVP_ENCODE_CTX_USE_SRP_ALPHABET) != 0) - table = srpdata_bin2ascii; - else - table = data_bin2ascii; - - for (i = dlen; i > 0; i -= 3) { - if (i >= 3) { - l = (((unsigned long)f[0]) << 16L) | - (((unsigned long)f[1]) << 8L) | f[2]; - *(t++) = conv_bin2ascii(l >> 18L, table); - *(t++) = conv_bin2ascii(l >> 12L, table); - *(t++) = conv_bin2ascii(l >> 6L, table); - *(t++) = conv_bin2ascii(l, table); - } else { - l = ((unsigned long)f[0]) << 16L; - if (i == 2) - l |= ((unsigned long)f[1] << 8L); - - *(t++) = conv_bin2ascii(l >> 18L, table); - *(t++) = conv_bin2ascii(l >> 12L, table); - *(t++) = (i == 1) ? '=' : conv_bin2ascii(l >> 6L, table); - *(t++) = '='; - } - ret += 4; - f += 3; - } - - *t = '\0'; - return ret; -} - -int EVP_EncodeBlock(unsigned char *t, const unsigned char *f, int dlen) -{ - return evp_encodeblock_int(NULL, t, f, dlen); -} - -void EVP_DecodeInit(EVP_ENCODE_CTX *ctx) -{ - /* Only ctx->num and ctx->flags are used during decoding. */ - ctx->num = 0; - ctx->length = 0; - ctx->line_num = 0; - ctx->flags = 0; -} - -/*- - * -1 for error - * 0 for last line - * 1 for full line - * - * Note: even though EVP_DecodeUpdate attempts to detect and report end of - * content, the context doesn't currently remember it and will accept more data - * in the next call. Therefore, the caller is responsible for checking and - * rejecting a 0 return value in the middle of content. - * - * Note: even though EVP_DecodeUpdate has historically tried to detect end of - * content based on line length, this has never worked properly. Therefore, - * we now return 0 when one of the following is true: - * - Padding or B64_EOF was detected and the last block is complete. - * - Input has zero-length. - * -1 is returned if: - * - Invalid characters are detected. - * - There is extra trailing padding, or data after padding. - * - B64_EOF is detected after an incomplete base64 block. - */ -int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, - const unsigned char *in, int inl) -{ - int seof = 0, eof = 0, rv = -1, ret = 0, i, v, tmp, n, decoded_len; - unsigned char *d; - const unsigned char *table; - - n = ctx->num; - d = ctx->enc_data; - - if (n > 0 && d[n - 1] == '=') { - eof++; - if (n > 1 && d[n - 2] == '=') - eof++; - } - - /* Legacy behaviour: an empty input chunk signals end of input. */ - if (inl == 0) { - rv = 0; - goto end; - } - - if ((ctx->flags & EVP_ENCODE_CTX_USE_SRP_ALPHABET) != 0) - table = srpdata_ascii2bin; - else - table = data_ascii2bin; - - for (i = 0; i < inl; i++) { - tmp = *(in++); - v = conv_ascii2bin(tmp, table); - if (v == B64_ERROR) { - rv = -1; - goto end; - } - - if (tmp == '=') { - eof++; - } else if (eof > 0 && B64_BASE64(v)) { - /* More data after padding. */ - rv = -1; - goto end; - } - - if (eof > 2) { - rv = -1; - goto end; - } - - if (v == B64_EOF) { - seof = 1; - goto tail; - } - - /* Only save valid base64 characters. */ - if (B64_BASE64(v)) { - if (n >= 64) { - /* - * We increment n once per loop, and empty the buffer as soon as - * we reach 64 characters, so this can only happen if someone's - * manually messed with the ctx. Refuse to write any more data. - */ - rv = -1; - goto end; - } - OPENSSL_assert(n < (int)sizeof(ctx->enc_data)); - d[n++] = tmp; - } - - if (n == 64) { - decoded_len = evp_decodeblock_int(ctx, out, d, n); - n = 0; - if (decoded_len < 0 || eof > decoded_len) { - rv = -1; - goto end; - } - ret += decoded_len - eof; - out += decoded_len - eof; - } - } - - /* - * Legacy behaviour: if the current line is a full base64-block (i.e., has - * 0 mod 4 base64 characters), it is processed immediately. We keep this - * behaviour as applications may not be calling EVP_DecodeFinal properly. - */ -tail: - if (n > 0) { - if ((n & 3) == 0) { - decoded_len = evp_decodeblock_int(ctx, out, d, n); - n = 0; - if (decoded_len < 0 || eof > decoded_len) { - rv = -1; - goto end; - } - ret += (decoded_len - eof); - } else if (seof) { - /* EOF in the middle of a base64 block. */ - rv = -1; - goto end; - } - } - - rv = seof || (n == 0 && eof) ? 0 : 1; -end: - /* Legacy behaviour. This should probably rather be zeroed on error. */ - *outl = ret; - ctx->num = n; - return rv; -} - -static int evp_decodeblock_int(EVP_ENCODE_CTX *ctx, unsigned char *t, - const unsigned char *f, int n) -{ - int i, ret = 0, a, b, c, d; - unsigned long l; - const unsigned char *table; - - if (ctx != NULL && (ctx->flags & EVP_ENCODE_CTX_USE_SRP_ALPHABET) != 0) - table = srpdata_ascii2bin; - else - table = data_ascii2bin; - - /* trim whitespace from the start of the line. */ - while ((n > 0) && (conv_ascii2bin(*f, table) == B64_WS)) { - f++; - n--; - } - - /* - * strip off stuff at the end of the line ascii2bin values B64_WS, - * B64_EOLN, B64_EOLN and B64_EOF - */ - while ((n > 3) && (B64_NOT_BASE64(conv_ascii2bin(f[n - 1], table)))) - n--; - - if (n % 4 != 0) - return -1; - - for (i = 0; i < n; i += 4) { - a = conv_ascii2bin(*(f++), table); - b = conv_ascii2bin(*(f++), table); - c = conv_ascii2bin(*(f++), table); - d = conv_ascii2bin(*(f++), table); - if ((a & 0x80) || (b & 0x80) || (c & 0x80) || (d & 0x80)) - return -1; - l = ((((unsigned long)a) << 18L) | - (((unsigned long)b) << 12L) | - (((unsigned long)c) << 6L) | (((unsigned long)d))); - *(t++) = (unsigned char)(l >> 16L) & 0xff; - *(t++) = (unsigned char)(l >> 8L) & 0xff; - *(t++) = (unsigned char)(l) & 0xff; - ret += 3; - } - return ret; -} - -int EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n) -{ - return evp_decodeblock_int(NULL, t, f, n); -} - -int EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl) -{ - int i; - - *outl = 0; - if (ctx->num != 0) { - i = evp_decodeblock_int(ctx, out, ctx->enc_data, ctx->num); - if (i < 0) - return -1; - ctx->num = 0; - *outl = i; - return 1; - } else - return 1; -} diff --git a/crypto/evp/evp_cnf.c b/crypto/evp/evp_cnf.c deleted file mode 100644 index 0e7fe64cf92e4b73b3bf873895e73fa9646df86d..0000000000000000000000000000000000000000 --- a/crypto/evp/evp_cnf.c +++ /dev/null @@ -1,74 +0,0 @@ -/* - * Copyright 2012-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include "internal/cryptlib.h" -#include -#include -#include -#include -#include "crypto/evp.h" - -/* Algorithm configuration module. */ - -static int alg_module_init(CONF_IMODULE *md, const CONF *cnf) -{ - int i; - const char *oid_section; - STACK_OF(CONF_VALUE) *sktmp; - CONF_VALUE *oval; - - OSSL_TRACE2(CONF, "Loading EVP module: name %s, value %s\n", - CONF_imodule_get_name(md), CONF_imodule_get_value(md)); - - oid_section = CONF_imodule_get_value(md); - if ((sktmp = NCONF_get_section(cnf, oid_section)) == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_ERROR_LOADING_SECTION); - return 0; - } - for (i = 0; i < sk_CONF_VALUE_num(sktmp); i++) { - oval = sk_CONF_VALUE_value(sktmp, i); - if (strcmp(oval->name, "fips_mode") == 0) { - int m; - - /* Detailed error already reported. */ - if (!X509V3_get_value_bool(oval, &m)) - return 0; - - /* - * fips_mode is deprecated and should not be used in new - * configurations. - */ - if (!evp_default_properties_enable_fips_int( - NCONF_get0_libctx((CONF *)cnf), m > 0, 0)) { - ERR_raise(ERR_LIB_EVP, EVP_R_SET_DEFAULT_PROPERTY_FAILURE); - return 0; - } - } else if (strcmp(oval->name, "default_properties") == 0) { - if (!evp_set_default_properties_int(NCONF_get0_libctx((CONF *)cnf), - oval->value, 0, 0)) { - ERR_raise(ERR_LIB_EVP, EVP_R_SET_DEFAULT_PROPERTY_FAILURE); - return 0; - } - } else { - ERR_raise_data(ERR_LIB_EVP, EVP_R_UNKNOWN_OPTION, - "name=%s, value=%s", oval->name, oval->value); - return 0; - } - - } - return 1; -} - -void EVP_add_alg_module(void) -{ - OSSL_TRACE(CONF, "Adding config module 'alg_section'\n"); - CONF_module_add("alg_section", alg_module_init, 0); -} diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c deleted file mode 100644 index b178d1086473f1a42f43afa230aab949cac074a5..0000000000000000000000000000000000000000 --- a/crypto/evp/evp_enc.c +++ /dev/null @@ -1,1677 +0,0 @@ -/* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* We need to use some engine deprecated APIs */ -#define OPENSSL_SUPPRESS_DEPRECATED - -#include -#include -#include -#include -#include -#include -#ifndef FIPS_MODULE -# include -#endif -#include -#include -#include "internal/cryptlib.h" -#include "internal/provider.h" -#include "internal/core.h" -#include "crypto/evp.h" -#include "evp_local.h" - -int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *ctx) -{ - if (ctx == NULL) - return 1; - - if (ctx->cipher == NULL || ctx->cipher->prov == NULL) - goto legacy; - - if (ctx->algctx != NULL) { - if (ctx->cipher->freectx != NULL) - ctx->cipher->freectx(ctx->algctx); - ctx->algctx = NULL; - } - if (ctx->fetched_cipher != NULL) - EVP_CIPHER_free(ctx->fetched_cipher); - memset(ctx, 0, sizeof(*ctx)); - ctx->iv_len = -1; - - return 1; - - /* Remove legacy code below when legacy support is removed. */ - legacy: - - if (ctx->cipher != NULL) { - if (ctx->cipher->cleanup && !ctx->cipher->cleanup(ctx)) - return 0; - /* Cleanse cipher context data */ - if (ctx->cipher_data && ctx->cipher->ctx_size) - OPENSSL_cleanse(ctx->cipher_data, ctx->cipher->ctx_size); - } - OPENSSL_free(ctx->cipher_data); -#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE) - ENGINE_finish(ctx->engine); -#endif - memset(ctx, 0, sizeof(*ctx)); - ctx->iv_len = -1; - return 1; -} - -EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void) -{ - return OPENSSL_zalloc(sizeof(EVP_CIPHER_CTX)); -} - -void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx) -{ - if (ctx == NULL) - return; - EVP_CIPHER_CTX_reset(ctx); - OPENSSL_free(ctx); -} - -static int evp_cipher_init_internal(EVP_CIPHER_CTX *ctx, - const EVP_CIPHER *cipher, - ENGINE *impl, const unsigned char *key, - const unsigned char *iv, int enc, - const OSSL_PARAM params[]) -{ - int n; -#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE) - ENGINE *tmpimpl = NULL; -#endif - - ctx->iv_len = -1; - - /* - * enc == 1 means we are encrypting. - * enc == 0 means we are decrypting. - * enc == -1 means, use the previously initialised value for encrypt/decrypt - */ - if (enc == -1) { - enc = ctx->encrypt; - } else { - if (enc) - enc = 1; - ctx->encrypt = enc; - } - - if (cipher == NULL && ctx->cipher == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_NO_CIPHER_SET); - return 0; - } - - /* Code below to be removed when legacy support is dropped. */ - -#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE) - /* - * Whether it's nice or not, "Inits" can be used on "Final"'d contexts so - * this context may already have an ENGINE! Try to avoid releasing the - * previous handle, re-querying for an ENGINE, and having a - * reinitialisation, when it may all be unnecessary. - */ - if (ctx->engine && ctx->cipher - && (cipher == NULL || cipher->nid == ctx->cipher->nid)) - goto skip_to_init; - - if (cipher != NULL && impl == NULL) { - /* Ask if an ENGINE is reserved for this job */ - tmpimpl = ENGINE_get_cipher_engine(cipher->nid); - } -#endif - - /* - * If there are engines involved then we should use legacy handling for now. - */ - if (ctx->engine != NULL -#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE) - || tmpimpl != NULL -#endif - || impl != NULL - || (cipher != NULL && cipher->origin == EVP_ORIG_METH) - || (cipher == NULL && ctx->cipher != NULL - && ctx->cipher->origin == EVP_ORIG_METH)) { - if (ctx->cipher == ctx->fetched_cipher) - ctx->cipher = NULL; - EVP_CIPHER_free(ctx->fetched_cipher); - ctx->fetched_cipher = NULL; - goto legacy; - } - /* - * Ensure a context left lying around from last time is cleared - * (legacy code) - */ - if (cipher != NULL && ctx->cipher != NULL) { - if (ctx->cipher->cleanup != NULL && !ctx->cipher->cleanup(ctx)) - return 0; - OPENSSL_clear_free(ctx->cipher_data, ctx->cipher->ctx_size); - ctx->cipher_data = NULL; - } - - /* Start of non-legacy code below */ - - /* Ensure a context left lying around from last time is cleared */ - if (cipher != NULL && ctx->cipher != NULL) { - unsigned long flags = ctx->flags; - - EVP_CIPHER_CTX_reset(ctx); - /* Restore encrypt and flags */ - ctx->encrypt = enc; - ctx->flags = flags; - } - - if (cipher == NULL) - cipher = ctx->cipher; - - if (cipher->prov == NULL) { -#ifdef FIPS_MODULE - /* We only do explicit fetches inside the FIPS module */ - ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); - return 0; -#else - EVP_CIPHER *provciph = - EVP_CIPHER_fetch(NULL, - cipher->nid == NID_undef ? "NULL" - : OBJ_nid2sn(cipher->nid), - ""); - - if (provciph == NULL) - return 0; - cipher = provciph; - EVP_CIPHER_free(ctx->fetched_cipher); - ctx->fetched_cipher = provciph; -#endif - } - - if (cipher->prov != NULL) { - if (!EVP_CIPHER_up_ref((EVP_CIPHER *)cipher)) { - ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); - return 0; - } - EVP_CIPHER_free(ctx->fetched_cipher); - ctx->fetched_cipher = (EVP_CIPHER *)cipher; - } - ctx->cipher = cipher; - if (ctx->algctx == NULL) { - ctx->algctx = ctx->cipher->newctx(ossl_provider_ctx(cipher->prov)); - if (ctx->algctx == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); - return 0; - } - } - - if ((ctx->flags & EVP_CIPH_NO_PADDING) != 0) { - /* - * If this ctx was already set up for no padding then we need to tell - * the new cipher about it. - */ - if (!EVP_CIPHER_CTX_set_padding(ctx, 0)) - return 0; - } - - if (enc) { - if (ctx->cipher->einit == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); - return 0; - } - - return ctx->cipher->einit(ctx->algctx, - key, - key == NULL ? 0 - : EVP_CIPHER_CTX_get_key_length(ctx), - iv, - iv == NULL ? 0 - : EVP_CIPHER_CTX_get_iv_length(ctx), - params); - } - - if (ctx->cipher->dinit == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); - return 0; - } - - return ctx->cipher->dinit(ctx->algctx, - key, - key == NULL ? 0 - : EVP_CIPHER_CTX_get_key_length(ctx), - iv, - iv == NULL ? 0 - : EVP_CIPHER_CTX_get_iv_length(ctx), - params); - - /* Code below to be removed when legacy support is dropped. */ - legacy: - - if (cipher != NULL) { - /* - * Ensure a context left lying around from last time is cleared (we - * previously attempted to avoid this if the same ENGINE and - * EVP_CIPHER could be used). - */ - if (ctx->cipher) { - unsigned long flags = ctx->flags; - EVP_CIPHER_CTX_reset(ctx); - /* Restore encrypt and flags */ - ctx->encrypt = enc; - ctx->flags = flags; - } -#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE) - if (impl != NULL) { - if (!ENGINE_init(impl)) { - ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); - return 0; - } - } else { - impl = tmpimpl; - } - if (impl != NULL) { - /* There's an ENGINE for this job ... (apparently) */ - const EVP_CIPHER *c = ENGINE_get_cipher(impl, cipher->nid); - - if (c == NULL) { - /* - * One positive side-effect of US's export control history, - * is that we should at least be able to avoid using US - * misspellings of "initialisation"? - */ - ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); - return 0; - } - /* We'll use the ENGINE's private cipher definition */ - cipher = c; - /* - * Store the ENGINE functional reference so we know 'cipher' came - * from an ENGINE and we need to release it when done. - */ - ctx->engine = impl; - } else { - ctx->engine = NULL; - } -#endif - - ctx->cipher = cipher; - if (ctx->cipher->ctx_size) { - ctx->cipher_data = OPENSSL_zalloc(ctx->cipher->ctx_size); - if (ctx->cipher_data == NULL) { - ctx->cipher = NULL; - ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE); - return 0; - } - } else { - ctx->cipher_data = NULL; - } - ctx->key_len = cipher->key_len; - /* Preserve wrap enable flag, zero everything else */ - ctx->flags &= EVP_CIPHER_CTX_FLAG_WRAP_ALLOW; - if (ctx->cipher->flags & EVP_CIPH_CTRL_INIT) { - if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL) <= 0) { - ctx->cipher = NULL; - ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); - return 0; - } - } - } -#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE) - skip_to_init: -#endif - if (ctx->cipher == NULL) - return 0; - - /* we assume block size is a power of 2 in *cryptUpdate */ - OPENSSL_assert(ctx->cipher->block_size == 1 - || ctx->cipher->block_size == 8 - || ctx->cipher->block_size == 16); - - if (!(ctx->flags & EVP_CIPHER_CTX_FLAG_WRAP_ALLOW) - && EVP_CIPHER_CTX_get_mode(ctx) == EVP_CIPH_WRAP_MODE) { - ERR_raise(ERR_LIB_EVP, EVP_R_WRAP_MODE_NOT_ALLOWED); - return 0; - } - - if ((EVP_CIPHER_get_flags(EVP_CIPHER_CTX_get0_cipher(ctx)) - & EVP_CIPH_CUSTOM_IV) == 0) { - switch (EVP_CIPHER_CTX_get_mode(ctx)) { - - case EVP_CIPH_STREAM_CIPHER: - case EVP_CIPH_ECB_MODE: - break; - - case EVP_CIPH_CFB_MODE: - case EVP_CIPH_OFB_MODE: - - ctx->num = 0; - /* fall-through */ - - case EVP_CIPH_CBC_MODE: - n = EVP_CIPHER_CTX_get_iv_length(ctx); - if (n < 0 || n > (int)sizeof(ctx->iv)) { - ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_IV_LENGTH); - return 0; - } - if (iv != NULL) - memcpy(ctx->oiv, iv, n); - memcpy(ctx->iv, ctx->oiv, n); - break; - - case EVP_CIPH_CTR_MODE: - ctx->num = 0; - /* Don't reuse IV for CTR mode */ - if (iv != NULL) { - n = EVP_CIPHER_CTX_get_iv_length(ctx); - if (n <= 0 || n > (int)sizeof(ctx->iv)) { - ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_IV_LENGTH); - return 0; - } - memcpy(ctx->iv, iv, n); - } - break; - - default: - return 0; - } - } - - if (key != NULL || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) { - if (!ctx->cipher->init(ctx, key, iv, enc)) - return 0; - } - ctx->buf_len = 0; - ctx->final_used = 0; - ctx->block_mask = ctx->cipher->block_size - 1; - return 1; -} - -int EVP_CipherInit_ex2(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, - const unsigned char *key, const unsigned char *iv, - int enc, const OSSL_PARAM params[]) -{ - return evp_cipher_init_internal(ctx, cipher, NULL, key, iv, enc, params); -} - -int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, - const unsigned char *key, const unsigned char *iv, int enc) -{ - if (cipher != NULL) - EVP_CIPHER_CTX_reset(ctx); - return evp_cipher_init_internal(ctx, cipher, NULL, key, iv, enc, NULL); -} - -int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, - ENGINE *impl, const unsigned char *key, - const unsigned char *iv, int enc) -{ - return evp_cipher_init_internal(ctx, cipher, impl, key, iv, enc, NULL); -} - -int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, - const unsigned char *in, int inl) -{ - if (ctx->encrypt) - return EVP_EncryptUpdate(ctx, out, outl, in, inl); - else - return EVP_DecryptUpdate(ctx, out, outl, in, inl); -} - -int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) -{ - if (ctx->encrypt) - return EVP_EncryptFinal_ex(ctx, out, outl); - else - return EVP_DecryptFinal_ex(ctx, out, outl); -} - -int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) -{ - if (ctx->encrypt) - return EVP_EncryptFinal(ctx, out, outl); - else - return EVP_DecryptFinal(ctx, out, outl); -} - -int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, - const unsigned char *key, const unsigned char *iv) -{ - return EVP_CipherInit(ctx, cipher, key, iv, 1); -} - -int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, - ENGINE *impl, const unsigned char *key, - const unsigned char *iv) -{ - return EVP_CipherInit_ex(ctx, cipher, impl, key, iv, 1); -} - -int EVP_EncryptInit_ex2(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, - const unsigned char *key, const unsigned char *iv, - const OSSL_PARAM params[]) -{ - return EVP_CipherInit_ex2(ctx, cipher, key, iv, 1, params); -} - -int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, - const unsigned char *key, const unsigned char *iv) -{ - return EVP_CipherInit(ctx, cipher, key, iv, 0); -} - -int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, - ENGINE *impl, const unsigned char *key, - const unsigned char *iv) -{ - return EVP_CipherInit_ex(ctx, cipher, impl, key, iv, 0); -} - -int EVP_DecryptInit_ex2(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, - const unsigned char *key, const unsigned char *iv, - const OSSL_PARAM params[]) -{ - return EVP_CipherInit_ex2(ctx, cipher, key, iv, 0, params); -} - -/* - * According to the letter of standard difference between pointers - * is specified to be valid only within same object. This makes - * it formally challenging to determine if input and output buffers - * are not partially overlapping with standard pointer arithmetic. - */ -#ifdef PTRDIFF_T -# undef PTRDIFF_T -#endif -#if defined(OPENSSL_SYS_VMS) && __INITIAL_POINTER_SIZE==64 -/* - * Then we have VMS that distinguishes itself by adhering to - * sizeof(size_t)==4 even in 64-bit builds, which means that - * difference between two pointers might be truncated to 32 bits. - * In the context one can even wonder how comparison for - * equality is implemented. To be on the safe side we adhere to - * PTRDIFF_T even for comparison for equality. - */ -# define PTRDIFF_T uint64_t -#else -# define PTRDIFF_T size_t -#endif - -int ossl_is_partially_overlapping(const void *ptr1, const void *ptr2, int len) -{ - PTRDIFF_T diff = (PTRDIFF_T)ptr1-(PTRDIFF_T)ptr2; - /* - * Check for partially overlapping buffers. [Binary logical - * operations are used instead of boolean to minimize number - * of conditional branches.] - */ - int overlapped = (len > 0) & (diff != 0) & ((diff < (PTRDIFF_T)len) | - (diff > (0 - (PTRDIFF_T)len))); - - return overlapped; -} - -static int evp_EncryptDecryptUpdate(EVP_CIPHER_CTX *ctx, - unsigned char *out, int *outl, - const unsigned char *in, int inl) -{ - int i, j, bl, cmpl = inl; - - if (EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS)) - cmpl = (cmpl + 7) / 8; - - bl = ctx->cipher->block_size; - - if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) { - /* If block size > 1 then the cipher will have to do this check */ - if (bl == 1 && ossl_is_partially_overlapping(out, in, cmpl)) { - ERR_raise(ERR_LIB_EVP, EVP_R_PARTIALLY_OVERLAPPING); - return 0; - } - - i = ctx->cipher->do_cipher(ctx, out, in, inl); - if (i < 0) - return 0; - else - *outl = i; - return 1; - } - - if (inl <= 0) { - *outl = 0; - return inl == 0; - } - if (ossl_is_partially_overlapping(out + ctx->buf_len, in, cmpl)) { - ERR_raise(ERR_LIB_EVP, EVP_R_PARTIALLY_OVERLAPPING); - return 0; - } - - if (ctx->buf_len == 0 && (inl & (ctx->block_mask)) == 0) { - if (ctx->cipher->do_cipher(ctx, out, in, inl)) { - *outl = inl; - return 1; - } else { - *outl = 0; - return 0; - } - } - i = ctx->buf_len; - OPENSSL_assert(bl <= (int)sizeof(ctx->buf)); - if (i != 0) { - if (bl - i > inl) { - memcpy(&(ctx->buf[i]), in, inl); - ctx->buf_len += inl; - *outl = 0; - return 1; - } else { - j = bl - i; - - /* - * Once we've processed the first j bytes from in, the amount of - * data left that is a multiple of the block length is: - * (inl - j) & ~(bl - 1) - * We must ensure that this amount of data, plus the one block that - * we process from ctx->buf does not exceed INT_MAX - */ - if (((inl - j) & ~(bl - 1)) > INT_MAX - bl) { - ERR_raise(ERR_LIB_EVP, EVP_R_OUTPUT_WOULD_OVERFLOW); - return 0; - } - memcpy(&(ctx->buf[i]), in, j); - inl -= j; - in += j; - if (!ctx->cipher->do_cipher(ctx, out, ctx->buf, bl)) - return 0; - out += bl; - *outl = bl; - } - } else - *outl = 0; - i = inl & (bl - 1); - inl -= i; - if (inl > 0) { - if (!ctx->cipher->do_cipher(ctx, out, in, inl)) - return 0; - *outl += inl; - } - - if (i != 0) - memcpy(ctx->buf, &(in[inl]), i); - ctx->buf_len = i; - return 1; -} - - -int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, - const unsigned char *in, int inl) -{ - int ret; - size_t soutl, inl_ = (size_t)inl; - int blocksize; - - if (outl != NULL) { - *outl = 0; - } else { - ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - - /* Prevent accidental use of decryption context when encrypting */ - if (!ctx->encrypt) { - ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_OPERATION); - return 0; - } - - if (ctx->cipher == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_NO_CIPHER_SET); - return 0; - } - - if (ctx->cipher->prov == NULL) - goto legacy; - - blocksize = ctx->cipher->block_size; - - if (ctx->cipher->cupdate == NULL || blocksize < 1) { - ERR_raise(ERR_LIB_EVP, EVP_R_UPDATE_ERROR); - return 0; - } - - ret = ctx->cipher->cupdate(ctx->algctx, out, &soutl, - inl_ + (size_t)(blocksize == 1 ? 0 : blocksize), - in, inl_); - - if (ret) { - if (soutl > INT_MAX) { - ERR_raise(ERR_LIB_EVP, EVP_R_UPDATE_ERROR); - return 0; - } - *outl = soutl; - } - - return ret; - - /* Code below to be removed when legacy support is dropped. */ - legacy: - - return evp_EncryptDecryptUpdate(ctx, out, outl, in, inl); -} - -int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) -{ - int ret; - ret = EVP_EncryptFinal_ex(ctx, out, outl); - return ret; -} - -int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) -{ - int n, ret; - unsigned int i, b, bl; - size_t soutl; - int blocksize; - - if (outl != NULL) { - *outl = 0; - } else { - ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - - /* Prevent accidental use of decryption context when encrypting */ - if (!ctx->encrypt) { - ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_OPERATION); - return 0; - } - - if (ctx->cipher == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_NO_CIPHER_SET); - return 0; - } - if (ctx->cipher->prov == NULL) - goto legacy; - - blocksize = EVP_CIPHER_CTX_get_block_size(ctx); - - if (blocksize < 1 || ctx->cipher->cfinal == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_FINAL_ERROR); - return 0; - } - - ret = ctx->cipher->cfinal(ctx->algctx, out, &soutl, - blocksize == 1 ? 0 : blocksize); - - if (ret) { - if (soutl > INT_MAX) { - ERR_raise(ERR_LIB_EVP, EVP_R_FINAL_ERROR); - return 0; - } - *outl = soutl; - } - - return ret; - - /* Code below to be removed when legacy support is dropped. */ - legacy: - - if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) { - ret = ctx->cipher->do_cipher(ctx, out, NULL, 0); - if (ret < 0) - return 0; - else - *outl = ret; - return 1; - } - - b = ctx->cipher->block_size; - OPENSSL_assert(b <= sizeof(ctx->buf)); - if (b == 1) { - *outl = 0; - return 1; - } - bl = ctx->buf_len; - if (ctx->flags & EVP_CIPH_NO_PADDING) { - if (bl) { - ERR_raise(ERR_LIB_EVP, EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH); - return 0; - } - *outl = 0; - return 1; - } - - n = b - bl; - for (i = bl; i < b; i++) - ctx->buf[i] = n; - ret = ctx->cipher->do_cipher(ctx, out, ctx->buf, b); - - if (ret) - *outl = b; - - return ret; -} - -int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, - const unsigned char *in, int inl) -{ - int fix_len, cmpl = inl, ret; - unsigned int b; - size_t soutl, inl_ = (size_t)inl; - int blocksize; - - if (outl != NULL) { - *outl = 0; - } else { - ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - - /* Prevent accidental use of encryption context when decrypting */ - if (ctx->encrypt) { - ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_OPERATION); - return 0; - } - - if (ctx->cipher == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_NO_CIPHER_SET); - return 0; - } - if (ctx->cipher->prov == NULL) - goto legacy; - - blocksize = EVP_CIPHER_CTX_get_block_size(ctx); - - if (ctx->cipher->cupdate == NULL || blocksize < 1) { - ERR_raise(ERR_LIB_EVP, EVP_R_UPDATE_ERROR); - return 0; - } - ret = ctx->cipher->cupdate(ctx->algctx, out, &soutl, - inl_ + (size_t)(blocksize == 1 ? 0 : blocksize), - in, inl_); - - if (ret) { - if (soutl > INT_MAX) { - ERR_raise(ERR_LIB_EVP, EVP_R_UPDATE_ERROR); - return 0; - } - *outl = soutl; - } - - return ret; - - /* Code below to be removed when legacy support is dropped. */ - legacy: - - b = ctx->cipher->block_size; - - if (EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS)) - cmpl = (cmpl + 7) / 8; - - if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) { - if (b == 1 && ossl_is_partially_overlapping(out, in, cmpl)) { - ERR_raise(ERR_LIB_EVP, EVP_R_PARTIALLY_OVERLAPPING); - return 0; - } - - fix_len = ctx->cipher->do_cipher(ctx, out, in, inl); - if (fix_len < 0) { - *outl = 0; - return 0; - } else - *outl = fix_len; - return 1; - } - - if (inl <= 0) { - *outl = 0; - return inl == 0; - } - - if (ctx->flags & EVP_CIPH_NO_PADDING) - return evp_EncryptDecryptUpdate(ctx, out, outl, in, inl); - - OPENSSL_assert(b <= sizeof(ctx->final)); - - if (ctx->final_used) { - /* see comment about PTRDIFF_T comparison above */ - if (((PTRDIFF_T)out == (PTRDIFF_T)in) - || ossl_is_partially_overlapping(out, in, b)) { - ERR_raise(ERR_LIB_EVP, EVP_R_PARTIALLY_OVERLAPPING); - return 0; - } - /* - * final_used is only ever set if buf_len is 0. Therefore the maximum - * length output we will ever see from evp_EncryptDecryptUpdate is - * the maximum multiple of the block length that is <= inl, or just: - * inl & ~(b - 1) - * Since final_used has been set then the final output length is: - * (inl & ~(b - 1)) + b - * This must never exceed INT_MAX - */ - if ((inl & ~(b - 1)) > INT_MAX - b) { - ERR_raise(ERR_LIB_EVP, EVP_R_OUTPUT_WOULD_OVERFLOW); - return 0; - } - memcpy(out, ctx->final, b); - out += b; - fix_len = 1; - } else - fix_len = 0; - - if (!evp_EncryptDecryptUpdate(ctx, out, outl, in, inl)) - return 0; - - /* - * if we have 'decrypted' a multiple of block size, make sure we have a - * copy of this last block - */ - if (b > 1 && !ctx->buf_len) { - *outl -= b; - ctx->final_used = 1; - memcpy(ctx->final, &out[*outl], b); - } else - ctx->final_used = 0; - - if (fix_len) - *outl += b; - - return 1; -} - -int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) -{ - int ret; - ret = EVP_DecryptFinal_ex(ctx, out, outl); - return ret; -} - -int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) -{ - int i, n; - unsigned int b; - size_t soutl; - int ret; - int blocksize; - - if (outl != NULL) { - *outl = 0; - } else { - ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - - /* Prevent accidental use of encryption context when decrypting */ - if (ctx->encrypt) { - ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_OPERATION); - return 0; - } - - if (ctx->cipher == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_NO_CIPHER_SET); - return 0; - } - - if (ctx->cipher->prov == NULL) - goto legacy; - - blocksize = EVP_CIPHER_CTX_get_block_size(ctx); - - if (blocksize < 1 || ctx->cipher->cfinal == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_FINAL_ERROR); - return 0; - } - - ret = ctx->cipher->cfinal(ctx->algctx, out, &soutl, - blocksize == 1 ? 0 : blocksize); - - if (ret) { - if (soutl > INT_MAX) { - ERR_raise(ERR_LIB_EVP, EVP_R_FINAL_ERROR); - return 0; - } - *outl = soutl; - } - - return ret; - - /* Code below to be removed when legacy support is dropped. */ - legacy: - - *outl = 0; - if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) { - i = ctx->cipher->do_cipher(ctx, out, NULL, 0); - if (i < 0) - return 0; - else - *outl = i; - return 1; - } - - b = ctx->cipher->block_size; - if (ctx->flags & EVP_CIPH_NO_PADDING) { - if (ctx->buf_len) { - ERR_raise(ERR_LIB_EVP, EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH); - return 0; - } - *outl = 0; - return 1; - } - if (b > 1) { - if (ctx->buf_len || !ctx->final_used) { - ERR_raise(ERR_LIB_EVP, EVP_R_WRONG_FINAL_BLOCK_LENGTH); - return 0; - } - OPENSSL_assert(b <= sizeof(ctx->final)); - - /* - * The following assumes that the ciphertext has been authenticated. - * Otherwise it provides a padding oracle. - */ - n = ctx->final[b - 1]; - if (n == 0 || n > (int)b) { - ERR_raise(ERR_LIB_EVP, EVP_R_BAD_DECRYPT); - return 0; - } - for (i = 0; i < n; i++) { - if (ctx->final[--b] != n) { - ERR_raise(ERR_LIB_EVP, EVP_R_BAD_DECRYPT); - return 0; - } - } - n = ctx->cipher->block_size - n; - for (i = 0; i < n; i++) - out[i] = ctx->final[i]; - *outl = n; - } else - *outl = 0; - return 1; -} - -int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *c, int keylen) -{ - if (c->cipher->prov != NULL) { - int ok; - OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; - size_t len = keylen; - - if (EVP_CIPHER_CTX_get_key_length(c) == keylen) - return 1; - - /* Check the cipher actually understands this parameter */ - if (OSSL_PARAM_locate_const(EVP_CIPHER_settable_ctx_params(c->cipher), - OSSL_CIPHER_PARAM_KEYLEN) == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_KEY_LENGTH); - return 0; - } - - params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN, &len); - ok = evp_do_ciph_ctx_setparams(c->cipher, c->algctx, params); - - return ok > 0 ? 1 : 0; - } - - /* Code below to be removed when legacy support is dropped. */ - - /* - * Note there have never been any built-in ciphers that define this flag - * since it was first introduced. - */ - if (c->cipher->flags & EVP_CIPH_CUSTOM_KEY_LENGTH) - return EVP_CIPHER_CTX_ctrl(c, EVP_CTRL_SET_KEY_LENGTH, keylen, NULL); - if (EVP_CIPHER_CTX_get_key_length(c) == keylen) - return 1; - if ((keylen > 0) && (c->cipher->flags & EVP_CIPH_VARIABLE_LENGTH)) { - c->key_len = keylen; - return 1; - } - ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_KEY_LENGTH); - return 0; -} - -int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *ctx, int pad) -{ - int ok; - OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; - unsigned int pd = pad; - - if (pad) - ctx->flags &= ~EVP_CIPH_NO_PADDING; - else - ctx->flags |= EVP_CIPH_NO_PADDING; - - if (ctx->cipher != NULL && ctx->cipher->prov == NULL) - return 1; - params[0] = OSSL_PARAM_construct_uint(OSSL_CIPHER_PARAM_PADDING, &pd); - ok = evp_do_ciph_ctx_setparams(ctx->cipher, ctx->algctx, params); - - return ok != 0; -} - -int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr) -{ - int ret = EVP_CTRL_RET_UNSUPPORTED; - int set_params = 1; - size_t sz = arg; - unsigned int i; - OSSL_PARAM params[4] = { - OSSL_PARAM_END, OSSL_PARAM_END, OSSL_PARAM_END, OSSL_PARAM_END - }; - - if (ctx == NULL || ctx->cipher == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_NO_CIPHER_SET); - return 0; - } - - if (ctx->cipher->prov == NULL) - goto legacy; - - switch (type) { - case EVP_CTRL_SET_KEY_LENGTH: - params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN, &sz); - break; - case EVP_CTRL_RAND_KEY: /* Used by DES */ - set_params = 0; - params[0] = - OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_RANDOM_KEY, - ptr, sz); - break; - - case EVP_CTRL_INIT: - /* - * EVP_CTRL_INIT is purely legacy, no provider counterpart. - * As a matter of fact, this should be dead code, but some caller - * might still do a direct control call with this command, so... - * Legacy methods return 1 except for exceptional circumstances, so - * we do the same here to not be disruptive. - */ - return 1; - case EVP_CTRL_SET_PIPELINE_OUTPUT_BUFS: /* Used by DASYNC */ - default: - goto end; - case EVP_CTRL_AEAD_SET_IVLEN: - if (arg < 0) - return 0; - params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_IVLEN, &sz); - ctx->iv_len = -1; - break; - case EVP_CTRL_CCM_SET_L: - if (arg < 2 || arg > 8) - return 0; - sz = 15 - arg; - params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_IVLEN, &sz); - ctx->iv_len = -1; - break; - case EVP_CTRL_AEAD_SET_IV_FIXED: - params[0] = OSSL_PARAM_construct_octet_string( - OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED, ptr, sz); - break; - case EVP_CTRL_GCM_IV_GEN: - set_params = 0; - if (arg < 0) - sz = 0; /* special case that uses the iv length */ - params[0] = OSSL_PARAM_construct_octet_string( - OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN, ptr, sz); - break; - case EVP_CTRL_GCM_SET_IV_INV: - if (arg < 0) - return 0; - params[0] = OSSL_PARAM_construct_octet_string( - OSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV, ptr, sz); - break; - case EVP_CTRL_GET_RC5_ROUNDS: - set_params = 0; /* Fall thru */ - case EVP_CTRL_SET_RC5_ROUNDS: - if (arg < 0) - return 0; - i = (unsigned int)arg; - params[0] = OSSL_PARAM_construct_uint(OSSL_CIPHER_PARAM_ROUNDS, &i); - break; - case EVP_CTRL_SET_SPEED: - if (arg < 0) - return 0; - i = (unsigned int)arg; - params[0] = OSSL_PARAM_construct_uint(OSSL_CIPHER_PARAM_SPEED, &i); - break; - case EVP_CTRL_AEAD_GET_TAG: - set_params = 0; /* Fall thru */ - case EVP_CTRL_AEAD_SET_TAG: - params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG, - ptr, sz); - break; - case EVP_CTRL_AEAD_TLS1_AAD: - /* This one does a set and a get - since it returns a size */ - params[0] = - OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TLS1_AAD, - ptr, sz); - ret = evp_do_ciph_ctx_setparams(ctx->cipher, ctx->algctx, params); - if (ret <= 0) - goto end; - params[0] = - OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD, &sz); - ret = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->algctx, params); - if (ret <= 0) - goto end; - return sz; -#ifndef OPENSSL_NO_RC2 - case EVP_CTRL_GET_RC2_KEY_BITS: - set_params = 0; /* Fall thru */ - case EVP_CTRL_SET_RC2_KEY_BITS: - params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_RC2_KEYBITS, &sz); - break; -#endif /* OPENSSL_NO_RC2 */ -#if !defined(OPENSSL_NO_MULTIBLOCK) - case EVP_CTRL_TLS1_1_MULTIBLOCK_MAX_BUFSIZE: - params[0] = OSSL_PARAM_construct_size_t( - OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT, &sz); - ret = evp_do_ciph_ctx_setparams(ctx->cipher, ctx->algctx, params); - if (ret <= 0) - return 0; - - params[0] = OSSL_PARAM_construct_size_t( - OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE, &sz); - params[1] = OSSL_PARAM_construct_end(); - ret = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->algctx, params); - if (ret <= 0) - return 0; - return sz; - case EVP_CTRL_TLS1_1_MULTIBLOCK_AAD: { - EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM *p = - (EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM *)ptr; - - if (arg < (int)sizeof(EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM)) - return 0; - - params[0] = OSSL_PARAM_construct_octet_string( - OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD, (void*)p->inp, p->len); - params[1] = OSSL_PARAM_construct_uint( - OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE, &p->interleave); - ret = evp_do_ciph_ctx_setparams(ctx->cipher, ctx->algctx, params); - if (ret <= 0) - return ret; - /* Retrieve the return values changed by the set */ - params[0] = OSSL_PARAM_construct_size_t( - OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN, &sz); - params[1] = OSSL_PARAM_construct_uint( - OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE, &p->interleave); - params[2] = OSSL_PARAM_construct_end(); - ret = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->algctx, params); - if (ret <= 0) - return 0; - return sz; - } - case EVP_CTRL_TLS1_1_MULTIBLOCK_ENCRYPT: { - EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM *p = - (EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM *)ptr; - - params[0] = OSSL_PARAM_construct_octet_string( - OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC, p->out, p->len); - - params[1] = OSSL_PARAM_construct_octet_string( - OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN, (void*)p->inp, - p->len); - params[2] = OSSL_PARAM_construct_uint( - OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE, &p->interleave); - ret = evp_do_ciph_ctx_setparams(ctx->cipher, ctx->algctx, params); - if (ret <= 0) - return ret; - params[0] = OSSL_PARAM_construct_size_t( - OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN, &sz); - params[1] = OSSL_PARAM_construct_end(); - ret = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->algctx, params); - if (ret <= 0) - return 0; - return sz; - } -#endif /* OPENSSL_NO_MULTIBLOCK */ - case EVP_CTRL_AEAD_SET_MAC_KEY: - if (arg < 0) - return -1; - params[0] = OSSL_PARAM_construct_octet_string( - OSSL_CIPHER_PARAM_AEAD_MAC_KEY, ptr, sz); - break; - } - - if (set_params) - ret = evp_do_ciph_ctx_setparams(ctx->cipher, ctx->algctx, params); - else - ret = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->algctx, params); - goto end; - - /* Code below to be removed when legacy support is dropped. */ -legacy: - if (ctx->cipher->ctrl == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_CTRL_NOT_IMPLEMENTED); - return 0; - } - - ret = ctx->cipher->ctrl(ctx, type, arg, ptr); - - end: - if (ret == EVP_CTRL_RET_UNSUPPORTED) { - ERR_raise(ERR_LIB_EVP, EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED); - return 0; - } - return ret; -} - -int EVP_CIPHER_get_params(EVP_CIPHER *cipher, OSSL_PARAM params[]) -{ - if (cipher != NULL && cipher->get_params != NULL) - return cipher->get_params(params); - return 0; -} - -int EVP_CIPHER_CTX_set_params(EVP_CIPHER_CTX *ctx, const OSSL_PARAM params[]) -{ - if (ctx->cipher != NULL && ctx->cipher->set_ctx_params != NULL) { - ctx->iv_len = -1; - return ctx->cipher->set_ctx_params(ctx->algctx, params); - } - return 0; -} - -int EVP_CIPHER_CTX_get_params(EVP_CIPHER_CTX *ctx, OSSL_PARAM params[]) -{ - if (ctx->cipher != NULL && ctx->cipher->get_ctx_params != NULL) - return ctx->cipher->get_ctx_params(ctx->algctx, params); - return 0; -} - -const OSSL_PARAM *EVP_CIPHER_gettable_params(const EVP_CIPHER *cipher) -{ - if (cipher != NULL && cipher->gettable_params != NULL) - return cipher->gettable_params( - ossl_provider_ctx(EVP_CIPHER_get0_provider(cipher))); - return NULL; -} - -const OSSL_PARAM *EVP_CIPHER_settable_ctx_params(const EVP_CIPHER *cipher) -{ - void *provctx; - - if (cipher != NULL && cipher->settable_ctx_params != NULL) { - provctx = ossl_provider_ctx(EVP_CIPHER_get0_provider(cipher)); - return cipher->settable_ctx_params(NULL, provctx); - } - return NULL; -} - -const OSSL_PARAM *EVP_CIPHER_gettable_ctx_params(const EVP_CIPHER *cipher) -{ - void *provctx; - - if (cipher != NULL && cipher->gettable_ctx_params != NULL) { - provctx = ossl_provider_ctx(EVP_CIPHER_get0_provider(cipher)); - return cipher->gettable_ctx_params(NULL, provctx); - } - return NULL; -} - -const OSSL_PARAM *EVP_CIPHER_CTX_settable_params(EVP_CIPHER_CTX *cctx) -{ - void *alg; - - if (cctx != NULL && cctx->cipher->settable_ctx_params != NULL) { - alg = ossl_provider_ctx(EVP_CIPHER_get0_provider(cctx->cipher)); - return cctx->cipher->settable_ctx_params(cctx->algctx, alg); - } - return NULL; -} - -const OSSL_PARAM *EVP_CIPHER_CTX_gettable_params(EVP_CIPHER_CTX *cctx) -{ - void *provctx; - - if (cctx != NULL && cctx->cipher->gettable_ctx_params != NULL) { - provctx = ossl_provider_ctx(EVP_CIPHER_get0_provider(cctx->cipher)); - return cctx->cipher->gettable_ctx_params(cctx->algctx, provctx); - } - return NULL; -} - -#ifndef FIPS_MODULE -static OSSL_LIB_CTX *EVP_CIPHER_CTX_get_libctx(EVP_CIPHER_CTX *ctx) -{ - const EVP_CIPHER *cipher = ctx->cipher; - const OSSL_PROVIDER *prov; - - if (cipher == NULL) - return NULL; - - prov = EVP_CIPHER_get0_provider(cipher); - return ossl_provider_libctx(prov); -} -#endif - -int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key) -{ - if (ctx->cipher->flags & EVP_CIPH_RAND_KEY) - return EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_RAND_KEY, 0, key); - -#ifdef FIPS_MODULE - return 0; -#else - { - int kl; - OSSL_LIB_CTX *libctx = EVP_CIPHER_CTX_get_libctx(ctx); - - kl = EVP_CIPHER_CTX_get_key_length(ctx); - if (kl <= 0 || RAND_priv_bytes_ex(libctx, key, kl, 0) <= 0) - return 0; - return 1; - } -#endif /* FIPS_MODULE */ -} - -int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in) -{ - if ((in == NULL) || (in->cipher == NULL)) { - ERR_raise(ERR_LIB_EVP, EVP_R_INPUT_NOT_INITIALIZED); - return 0; - } - - if (in->cipher->prov == NULL) - goto legacy; - - if (in->cipher->dupctx == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_NOT_ABLE_TO_COPY_CTX); - return 0; - } - - EVP_CIPHER_CTX_reset(out); - - *out = *in; - out->algctx = NULL; - - if (in->fetched_cipher != NULL && !EVP_CIPHER_up_ref(in->fetched_cipher)) { - out->fetched_cipher = NULL; - return 0; - } - - out->algctx = in->cipher->dupctx(in->algctx); - if (out->algctx == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_NOT_ABLE_TO_COPY_CTX); - return 0; - } - - return 1; - - /* Code below to be removed when legacy support is dropped. */ - legacy: - -#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE) - /* Make sure it's safe to copy a cipher context using an ENGINE */ - if (in->engine && !ENGINE_init(in->engine)) { - ERR_raise(ERR_LIB_EVP, ERR_R_ENGINE_LIB); - return 0; - } -#endif - - EVP_CIPHER_CTX_reset(out); - memcpy(out, in, sizeof(*out)); - - if (in->cipher_data && in->cipher->ctx_size) { - out->cipher_data = OPENSSL_malloc(in->cipher->ctx_size); - if (out->cipher_data == NULL) { - out->cipher = NULL; - ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE); - return 0; - } - memcpy(out->cipher_data, in->cipher_data, in->cipher->ctx_size); - } - - if (in->cipher->flags & EVP_CIPH_CUSTOM_COPY) - if (!in->cipher->ctrl((EVP_CIPHER_CTX *)in, EVP_CTRL_COPY, 0, out)) { - out->cipher = NULL; - ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); - return 0; - } - return 1; -} - -EVP_CIPHER *evp_cipher_new(void) -{ - EVP_CIPHER *cipher = OPENSSL_zalloc(sizeof(EVP_CIPHER)); - - if (cipher != NULL) { - cipher->lock = CRYPTO_THREAD_lock_new(); - if (cipher->lock == NULL) { - OPENSSL_free(cipher); - return NULL; - } - cipher->refcnt = 1; - } - return cipher; -} - -/* - * FIPS module note: since internal fetches will be entirely - * provider based, we know that none of its code depends on legacy - * NIDs or any functionality that use them. - */ -#ifndef FIPS_MODULE -/* After removal of legacy support get rid of the need for legacy NIDs */ -static void set_legacy_nid(const char *name, void *vlegacy_nid) -{ - int nid; - int *legacy_nid = vlegacy_nid; - /* - * We use lowest level function to get the associated method, because - * higher level functions such as EVP_get_cipherbyname() have changed - * to look at providers too. - */ - const void *legacy_method = OBJ_NAME_get(name, OBJ_NAME_TYPE_CIPHER_METH); - - if (*legacy_nid == -1) /* We found a clash already */ - return; - if (legacy_method == NULL) - return; - nid = EVP_CIPHER_get_nid(legacy_method); - if (*legacy_nid != NID_undef && *legacy_nid != nid) { - *legacy_nid = -1; - return; - } - *legacy_nid = nid; -} -#endif - -static void *evp_cipher_from_algorithm(const int name_id, - const OSSL_ALGORITHM *algodef, - OSSL_PROVIDER *prov) -{ - const OSSL_DISPATCH *fns = algodef->implementation; - EVP_CIPHER *cipher = NULL; - int fnciphcnt = 0, fnctxcnt = 0; - - if ((cipher = evp_cipher_new()) == NULL) { - ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE); - return NULL; - } - -#ifndef FIPS_MODULE - cipher->nid = NID_undef; - if (!evp_names_do_all(prov, name_id, set_legacy_nid, &cipher->nid) - || cipher->nid == -1) { - ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR); - EVP_CIPHER_free(cipher); - return NULL; - } -#endif - - cipher->name_id = name_id; - if ((cipher->type_name = ossl_algorithm_get1_first_name(algodef)) == NULL) { - EVP_CIPHER_free(cipher); - return NULL; - } - cipher->description = algodef->algorithm_description; - - for (; fns->function_id != 0; fns++) { - switch (fns->function_id) { - case OSSL_FUNC_CIPHER_NEWCTX: - if (cipher->newctx != NULL) - break; - cipher->newctx = OSSL_FUNC_cipher_newctx(fns); - fnctxcnt++; - break; - case OSSL_FUNC_CIPHER_ENCRYPT_INIT: - if (cipher->einit != NULL) - break; - cipher->einit = OSSL_FUNC_cipher_encrypt_init(fns); - fnciphcnt++; - break; - case OSSL_FUNC_CIPHER_DECRYPT_INIT: - if (cipher->dinit != NULL) - break; - cipher->dinit = OSSL_FUNC_cipher_decrypt_init(fns); - fnciphcnt++; - break; - case OSSL_FUNC_CIPHER_UPDATE: - if (cipher->cupdate != NULL) - break; - cipher->cupdate = OSSL_FUNC_cipher_update(fns); - fnciphcnt++; - break; - case OSSL_FUNC_CIPHER_FINAL: - if (cipher->cfinal != NULL) - break; - cipher->cfinal = OSSL_FUNC_cipher_final(fns); - fnciphcnt++; - break; - case OSSL_FUNC_CIPHER_CIPHER: - if (cipher->ccipher != NULL) - break; - cipher->ccipher = OSSL_FUNC_cipher_cipher(fns); - break; - case OSSL_FUNC_CIPHER_FREECTX: - if (cipher->freectx != NULL) - break; - cipher->freectx = OSSL_FUNC_cipher_freectx(fns); - fnctxcnt++; - break; - case OSSL_FUNC_CIPHER_DUPCTX: - if (cipher->dupctx != NULL) - break; - cipher->dupctx = OSSL_FUNC_cipher_dupctx(fns); - break; - case OSSL_FUNC_CIPHER_GET_PARAMS: - if (cipher->get_params != NULL) - break; - cipher->get_params = OSSL_FUNC_cipher_get_params(fns); - break; - case OSSL_FUNC_CIPHER_GET_CTX_PARAMS: - if (cipher->get_ctx_params != NULL) - break; - cipher->get_ctx_params = OSSL_FUNC_cipher_get_ctx_params(fns); - break; - case OSSL_FUNC_CIPHER_SET_CTX_PARAMS: - if (cipher->set_ctx_params != NULL) - break; - cipher->set_ctx_params = OSSL_FUNC_cipher_set_ctx_params(fns); - break; - case OSSL_FUNC_CIPHER_GETTABLE_PARAMS: - if (cipher->gettable_params != NULL) - break; - cipher->gettable_params = OSSL_FUNC_cipher_gettable_params(fns); - break; - case OSSL_FUNC_CIPHER_GETTABLE_CTX_PARAMS: - if (cipher->gettable_ctx_params != NULL) - break; - cipher->gettable_ctx_params = - OSSL_FUNC_cipher_gettable_ctx_params(fns); - break; - case OSSL_FUNC_CIPHER_SETTABLE_CTX_PARAMS: - if (cipher->settable_ctx_params != NULL) - break; - cipher->settable_ctx_params = - OSSL_FUNC_cipher_settable_ctx_params(fns); - break; - } - } - if ((fnciphcnt != 0 && fnciphcnt != 3 && fnciphcnt != 4) - || (fnciphcnt == 0 && cipher->ccipher == NULL) - || fnctxcnt != 2) { - /* - * In order to be a consistent set of functions we must have at least - * a complete set of "encrypt" functions, or a complete set of "decrypt" - * functions, or a single "cipher" function. In all cases we need both - * the "newctx" and "freectx" functions. - */ - EVP_CIPHER_free(cipher); - ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS); - return NULL; - } - cipher->prov = prov; - if (prov != NULL) - ossl_provider_up_ref(prov); - - if (!evp_cipher_cache_constants(cipher)) { - EVP_CIPHER_free(cipher); - ERR_raise(ERR_LIB_EVP, EVP_R_CACHE_CONSTANTS_FAILED); - cipher = NULL; - } - - return cipher; -} - -static int evp_cipher_up_ref(void *cipher) -{ - return EVP_CIPHER_up_ref(cipher); -} - -static void evp_cipher_free(void *cipher) -{ - EVP_CIPHER_free(cipher); -} - -EVP_CIPHER *EVP_CIPHER_fetch(OSSL_LIB_CTX *ctx, const char *algorithm, - const char *properties) -{ - EVP_CIPHER *cipher = - evp_generic_fetch(ctx, OSSL_OP_CIPHER, algorithm, properties, - evp_cipher_from_algorithm, evp_cipher_up_ref, - evp_cipher_free); - - return cipher; -} - -int EVP_CIPHER_up_ref(EVP_CIPHER *cipher) -{ - int ref = 0; - - if (cipher->origin == EVP_ORIG_DYNAMIC) - CRYPTO_UP_REF(&cipher->refcnt, &ref, cipher->lock); - return 1; -} - -void evp_cipher_free_int(EVP_CIPHER *cipher) -{ - OPENSSL_free(cipher->type_name); - ossl_provider_free(cipher->prov); - CRYPTO_THREAD_lock_free(cipher->lock); - OPENSSL_free(cipher); -} - -void EVP_CIPHER_free(EVP_CIPHER *cipher) -{ - int i; - - if (cipher == NULL || cipher->origin != EVP_ORIG_DYNAMIC) - return; - - CRYPTO_DOWN_REF(&cipher->refcnt, &i, cipher->lock); - if (i > 0) - return; - evp_cipher_free_int(cipher); -} - -void EVP_CIPHER_do_all_provided(OSSL_LIB_CTX *libctx, - void (*fn)(EVP_CIPHER *mac, void *arg), - void *arg) -{ - evp_generic_do_all(libctx, OSSL_OP_CIPHER, - (void (*)(void *, void *))fn, arg, - evp_cipher_from_algorithm, evp_cipher_up_ref, - evp_cipher_free); -} diff --git a/crypto/evp/evp_err.c b/crypto/evp/evp_err.c deleted file mode 100644 index c0d92321032fa9ec3724d450cab3331a656f1001..0000000000000000000000000000000000000000 --- a/crypto/evp/evp_err.c +++ /dev/null @@ -1,208 +0,0 @@ -/* - * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include "crypto/evperr.h" - -#ifndef OPENSSL_NO_ERR - -static const ERR_STRING_DATA EVP_str_reasons[] = { - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_AES_KEY_SETUP_FAILED), - "aes key setup failed"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_ARIA_KEY_SETUP_FAILED), - "aria key setup failed"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_BAD_ALGORITHM_NAME), "bad algorithm name"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_BAD_DECRYPT), "bad decrypt"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_BAD_KEY_LENGTH), "bad key length"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_BUFFER_TOO_SMALL), "buffer too small"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_CACHE_CONSTANTS_FAILED), - "cache constants failed"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_CAMELLIA_KEY_SETUP_FAILED), - "camellia key setup failed"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_CANNOT_GET_PARAMETERS), - "cannot get parameters"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_CANNOT_SET_PARAMETERS), - "cannot set parameters"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_CIPHER_NOT_GCM_MODE), - "cipher not gcm mode"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_CIPHER_PARAMETER_ERROR), - "cipher parameter error"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_COMMAND_NOT_SUPPORTED), - "command not supported"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_CONFLICTING_ALGORITHM_NAME), - "conflicting algorithm name"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_COPY_ERROR), "copy error"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_CTRL_NOT_IMPLEMENTED), - "ctrl not implemented"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED), - "ctrl operation not implemented"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH), - "data not multiple of block length"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_DECODE_ERROR), "decode error"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_DEFAULT_QUERY_PARSE_ERROR), - "default query parse error"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_DIFFERENT_KEY_TYPES), - "different key types"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_DIFFERENT_PARAMETERS), - "different parameters"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_ERROR_LOADING_SECTION), - "error loading section"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_EXPECTING_AN_HMAC_KEY), - "expecting an hmac key"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_EXPECTING_AN_RSA_KEY), - "expecting an rsa key"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_EXPECTING_A_DH_KEY), "expecting a dh key"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_EXPECTING_A_DSA_KEY), - "expecting a dsa key"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_EXPECTING_A_ECX_KEY), - "expecting an ecx key"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_EXPECTING_A_EC_KEY), "expecting an ec key"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_EXPECTING_A_POLY1305_KEY), - "expecting a poly1305 key"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_EXPECTING_A_SIPHASH_KEY), - "expecting a siphash key"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_FINAL_ERROR), "final error"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_GENERATE_ERROR), "generate error"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_GET_RAW_KEY_FAILED), "get raw key failed"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_ILLEGAL_SCRYPT_PARAMETERS), - "illegal scrypt parameters"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INACCESSIBLE_DOMAIN_PARAMETERS), - "inaccessible domain parameters"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INACCESSIBLE_KEY), "inaccessible key"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INITIALIZATION_ERROR), - "initialization error"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INPUT_NOT_INITIALIZED), - "input not initialized"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_CUSTOM_LENGTH), - "invalid custom length"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_DIGEST), "invalid digest"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_IV_LENGTH), "invalid iv length"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_KEY), "invalid key"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_KEY_LENGTH), "invalid key length"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_LENGTH), "invalid length"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_NULL_ALGORITHM), - "invalid null algorithm"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_OPERATION), "invalid operation"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_PROVIDER_FUNCTIONS), - "invalid provider functions"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_SALT_LENGTH), - "invalid salt length"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_SECRET_LENGTH), - "invalid secret length"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_SEED_LENGTH), - "invalid seed length"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_VALUE), "invalid value"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_KEYMGMT_EXPORT_FAILURE), - "keymgmt export failure"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_KEY_SETUP_FAILED), "key setup failed"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_LOCKING_NOT_SUPPORTED), - "locking not supported"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_MEMORY_LIMIT_EXCEEDED), - "memory limit exceeded"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_MESSAGE_DIGEST_IS_NULL), - "message digest is null"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_METHOD_NOT_SUPPORTED), - "method not supported"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_MISSING_PARAMETERS), "missing parameters"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_NOT_ABLE_TO_COPY_CTX), - "not able to copy ctx"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_NOT_XOF_OR_INVALID_LENGTH), - "not XOF or invalid length"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_NO_CIPHER_SET), "no cipher set"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_NO_DEFAULT_DIGEST), "no default digest"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_NO_DIGEST_SET), "no digest set"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_NO_IMPORT_FUNCTION), "no import function"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_NO_KEYMGMT_AVAILABLE), - "no keymgmt available"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_NO_KEYMGMT_PRESENT), "no keymgmt present"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_NO_KEY_SET), "no key set"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_NO_OPERATION_SET), "no operation set"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_NULL_MAC_PKEY_CTX), "null mac pkey ctx"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_ONLY_ONESHOT_SUPPORTED), - "only oneshot supported"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_OPERATION_NOT_INITIALIZED), - "operation not initialized"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE), - "operation not supported for this keytype"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_OUTPUT_WOULD_OVERFLOW), - "output would overflow"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PARAMETER_TOO_LARGE), - "parameter too large"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PARTIALLY_OVERLAPPING), - "partially overlapping buffers"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PBKDF2_ERROR), "pbkdf2 error"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED), - "pkey application asn1 method already registered"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PRIVATE_KEY_DECODE_ERROR), - "private key decode error"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PRIVATE_KEY_ENCODE_ERROR), - "private key encode error"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PUBLIC_KEY_NOT_RSA), "public key not rsa"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_SETTING_XOF_FAILED), "setting xof failed"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_SET_DEFAULT_PROPERTY_FAILURE), - "set default property failure"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_TOO_MANY_RECORDS), "too many records"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNABLE_TO_ENABLE_LOCKING), - "unable to enable locking"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNABLE_TO_GET_MAXIMUM_REQUEST_SIZE), - "unable to get maximum request size"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNABLE_TO_GET_RANDOM_STRENGTH), - "unable to get random strength"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNABLE_TO_LOCK_CONTEXT), - "unable to lock context"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNABLE_TO_SET_CALLBACKS), - "unable to set callbacks"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNKNOWN_CIPHER), "unknown cipher"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNKNOWN_DIGEST), "unknown digest"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNKNOWN_KEY_TYPE), "unknown key type"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNKNOWN_OPTION), "unknown option"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNKNOWN_PBE_ALGORITHM), - "unknown pbe algorithm"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNSUPPORTED_ALGORITHM), - "unsupported algorithm"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNSUPPORTED_CIPHER), "unsupported cipher"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNSUPPORTED_KEYLENGTH), - "unsupported keylength"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION), - "unsupported key derivation function"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNSUPPORTED_KEY_SIZE), - "unsupported key size"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNSUPPORTED_KEY_TYPE), - "unsupported key type"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNSUPPORTED_NUMBER_OF_ROUNDS), - "unsupported number of rounds"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNSUPPORTED_PRF), "unsupported prf"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM), - "unsupported private key algorithm"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNSUPPORTED_SALT_TYPE), - "unsupported salt type"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UPDATE_ERROR), "update error"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_WRAP_MODE_NOT_ALLOWED), - "wrap mode not allowed"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_WRONG_FINAL_BLOCK_LENGTH), - "wrong final block length"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_XTS_DATA_UNIT_IS_TOO_LARGE), - "xts data unit is too large"}, - {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_XTS_DUPLICATED_KEYS), - "xts duplicated keys"}, - {0, NULL} -}; - -#endif - -int ossl_err_load_EVP_strings(void) -{ -#ifndef OPENSSL_NO_ERR - if (ERR_reason_error_string(EVP_str_reasons[0].error) == NULL) - ERR_load_strings_const(EVP_str_reasons); -#endif - return 1; -} diff --git a/crypto/evp/evp_fetch.c b/crypto/evp/evp_fetch.c deleted file mode 100644 index aafd927e63f98c97ce6e8ca7c85e88b428d01274..0000000000000000000000000000000000000000 --- a/crypto/evp/evp_fetch.c +++ /dev/null @@ -1,690 +0,0 @@ -/* - * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include -#include "internal/cryptlib.h" -#include "internal/thread_once.h" -#include "internal/property.h" -#include "internal/core.h" -#include "internal/provider.h" -#include "internal/namemap.h" -#include "internal/property.h" -#include "crypto/evp.h" /* evp_local.h needs it */ -#include "evp_local.h" - -#define NAME_SEPARATOR ':' - -static void evp_method_store_free(void *vstore) -{ - ossl_method_store_free(vstore); -} - -static void *evp_method_store_new(OSSL_LIB_CTX *ctx) -{ - return ossl_method_store_new(ctx); -} - - -static const OSSL_LIB_CTX_METHOD evp_method_store_method = { - /* We want evp_method_store to be cleaned up before the provider store */ - OSSL_LIB_CTX_METHOD_PRIORITY_2, - evp_method_store_new, - evp_method_store_free, -}; - -/* Data to be passed through ossl_method_construct() */ -struct evp_method_data_st { - OSSL_LIB_CTX *libctx; - int operation_id; /* For get_evp_method_from_store() */ - int name_id; /* For get_evp_method_from_store() */ - const char *names; /* For get_evp_method_from_store() */ - const char *propquery; /* For get_evp_method_from_store() */ - - OSSL_METHOD_STORE *tmp_store; /* For get_tmp_evp_method_store() */ - - unsigned int flag_construct_error_occurred : 1; - - void *(*method_from_algorithm)(int name_id, const OSSL_ALGORITHM *, - OSSL_PROVIDER *); - int (*refcnt_up_method)(void *method); - void (*destruct_method)(void *method); -}; - -/* - * Generic routines to fetch / create EVP methods with ossl_method_construct() - */ -static void *get_tmp_evp_method_store(void *data) -{ - struct evp_method_data_st *methdata = data; - - if (methdata->tmp_store == NULL) - methdata->tmp_store = ossl_method_store_new(methdata->libctx); - return methdata->tmp_store; -} - - static void dealloc_tmp_evp_method_store(void *store) -{ - if (store != NULL) - ossl_method_store_free(store); -} - -static OSSL_METHOD_STORE *get_evp_method_store(OSSL_LIB_CTX *libctx) -{ - return ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_EVP_METHOD_STORE_INDEX, - &evp_method_store_method); -} - -static int reserve_evp_method_store(void *store, void *data) -{ - struct evp_method_data_st *methdata = data; - - if (store == NULL - && (store = get_evp_method_store(methdata->libctx)) == NULL) - return 0; - - return ossl_method_lock_store(store); -} - -static int unreserve_evp_method_store(void *store, void *data) -{ - struct evp_method_data_st *methdata = data; - - if (store == NULL - && (store = get_evp_method_store(methdata->libctx)) == NULL) - return 0; - - return ossl_method_unlock_store(store); -} - -/* - * To identify the method in the EVP method store, we mix the name identity - * with the operation identity, under the assumption that we don't have more - * than 2^23 names or more than 2^8 operation types. - * - * The resulting identity is a 31-bit integer, composed like this: - * - * +---------23 bits--------+-8 bits-+ - * | name identity | op id | - * +------------------------+--------+ - * - * We limit this composite number to 31 bits, thus leaving the top uint32_t - * bit always zero, to avoid negative sign extension when downshifting after - * this number happens to be passed to an int (which happens as soon as it's - * passed to ossl_method_store_cache_set(), and it's in that form that it - * gets passed along to filter_on_operation_id(), defined further down. - */ -#define METHOD_ID_OPERATION_MASK 0x000000FF -#define METHOD_ID_OPERATION_MAX ((1 << 8) - 1) -#define METHOD_ID_NAME_MASK 0x7FFFFF00 -#define METHOD_ID_NAME_OFFSET 8 -#define METHOD_ID_NAME_MAX ((1 << 23) - 1) -static uint32_t evp_method_id(int name_id, unsigned int operation_id) -{ - if (!ossl_assert(name_id > 0 && name_id <= METHOD_ID_NAME_MAX) - || !ossl_assert(operation_id > 0 - && operation_id <= METHOD_ID_OPERATION_MAX)) - return 0; - return (((name_id << METHOD_ID_NAME_OFFSET) & METHOD_ID_NAME_MASK) - | (operation_id & METHOD_ID_OPERATION_MASK)); -} - -static void *get_evp_method_from_store(void *store, const OSSL_PROVIDER **prov, - void *data) -{ - struct evp_method_data_st *methdata = data; - void *method = NULL; - int name_id = 0; - uint32_t meth_id; - - /* - * get_evp_method_from_store() is only called to try and get the method - * that evp_generic_fetch() is asking for, and the operation id as well - * as the name or name id are passed via methdata. - */ - if ((name_id = methdata->name_id) == 0 && methdata->names != NULL) { - OSSL_NAMEMAP *namemap = ossl_namemap_stored(methdata->libctx); - const char *names = methdata->names; - const char *q = strchr(names, NAME_SEPARATOR); - size_t l = (q == NULL ? strlen(names) : (size_t)(q - names)); - - if (namemap == 0) - return NULL; - name_id = ossl_namemap_name2num_n(namemap, names, l); - } - - if (name_id == 0 - || (meth_id = evp_method_id(name_id, methdata->operation_id)) == 0) - return NULL; - - if (store == NULL - && (store = get_evp_method_store(methdata->libctx)) == NULL) - return NULL; - - if (!ossl_method_store_fetch(store, meth_id, methdata->propquery, prov, - &method)) - return NULL; - return method; -} - -static int put_evp_method_in_store(void *store, void *method, - const OSSL_PROVIDER *prov, - const char *names, const char *propdef, - void *data) -{ - struct evp_method_data_st *methdata = data; - OSSL_NAMEMAP *namemap; - int name_id; - uint32_t meth_id; - size_t l = 0; - - /* - * put_evp_method_in_store() is only called with an EVP method that was - * successfully created by construct_method() below, which means that - * all the names should already be stored in the namemap with the same - * numeric identity, so just use the first to get that identity. - */ - if (names != NULL) { - const char *q = strchr(names, NAME_SEPARATOR); - - l = (q == NULL ? strlen(names) : (size_t)(q - names)); - } - - if ((namemap = ossl_namemap_stored(methdata->libctx)) == NULL - || (name_id = ossl_namemap_name2num_n(namemap, names, l)) == 0 - || (meth_id = evp_method_id(name_id, methdata->operation_id)) == 0) - return 0; - - if (store == NULL - && (store = get_evp_method_store(methdata->libctx)) == NULL) - return 0; - - return ossl_method_store_add(store, prov, meth_id, propdef, method, - methdata->refcnt_up_method, - methdata->destruct_method); -} - -/* - * The core fetching functionality passes the name of the implementation. - * This function is responsible to getting an identity number for it. - */ -static void *construct_evp_method(const OSSL_ALGORITHM *algodef, - OSSL_PROVIDER *prov, void *data) -{ - /* - * This function is only called if get_evp_method_from_store() returned - * NULL, so it's safe to say that of all the spots to create a new - * namemap entry, this is it. Should the name already exist there, we - * know that ossl_namemap_add_name() will return its corresponding - * number. - */ - struct evp_method_data_st *methdata = data; - OSSL_LIB_CTX *libctx = ossl_provider_libctx(prov); - OSSL_NAMEMAP *namemap = ossl_namemap_stored(libctx); - const char *names = algodef->algorithm_names; - int name_id = ossl_namemap_add_names(namemap, 0, names, NAME_SEPARATOR); - void *method; - - if (name_id == 0) - return NULL; - - method = methdata->method_from_algorithm(name_id, algodef, prov); - - /* - * Flag to indicate that there was actual construction errors. This - * helps inner_evp_generic_fetch() determine what error it should - * record on inaccessible algorithms. - */ - if (method == NULL) - methdata->flag_construct_error_occurred = 1; - - return method; -} - -static void destruct_evp_method(void *method, void *data) -{ - struct evp_method_data_st *methdata = data; - - methdata->destruct_method(method); -} - -static void * -inner_evp_generic_fetch(struct evp_method_data_st *methdata, - OSSL_PROVIDER *prov, int operation_id, - int name_id, const char *name, - const char *properties, - void *(*new_method)(int name_id, - const OSSL_ALGORITHM *algodef, - OSSL_PROVIDER *prov), - int (*up_ref_method)(void *), - void (*free_method)(void *)) -{ - OSSL_METHOD_STORE *store = get_evp_method_store(methdata->libctx); - OSSL_NAMEMAP *namemap = ossl_namemap_stored(methdata->libctx); - const char *const propq = properties != NULL ? properties : ""; - uint32_t meth_id = 0; - void *method = NULL; - int unsupported = 0; - - if (store == NULL || namemap == NULL) { - ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_INVALID_ARGUMENT); - return NULL; - } - - /* - * If there's ever an operation_id == 0 passed, we have an internal - * programming error. - */ - if (!ossl_assert(operation_id > 0)) { - ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR); - return NULL; - } - - /* - * If we have been passed both a name_id and a name, we have an - * internal programming error. - */ - if (!ossl_assert(name_id == 0 || name == NULL)) { - ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR); - return NULL; - } - - /* If we haven't received a name id yet, try to get one for the name */ - if (name_id == 0 && name != NULL) - name_id = ossl_namemap_name2num(namemap, name); - - /* - * If we have a name id, calculate a method id with evp_method_id(). - * - * evp_method_id returns 0 if we have too many operations (more than - * about 2^8) or too many names (more than about 2^24). In that case, - * we can't create any new method. - * For all intents and purposes, this is an internal error. - */ - if (name_id != 0 && (meth_id = evp_method_id(name_id, operation_id)) == 0) { - ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR); - return NULL; - } - - /* - * If we haven't found the name yet, chances are that the algorithm to - * be fetched is unsupported. - */ - if (name_id == 0) - unsupported = 1; - - if (meth_id == 0 - || !ossl_method_store_cache_get(store, prov, meth_id, propq, &method)) { - OSSL_METHOD_CONSTRUCT_METHOD mcm = { - get_tmp_evp_method_store, - reserve_evp_method_store, - unreserve_evp_method_store, - get_evp_method_from_store, - put_evp_method_in_store, - construct_evp_method, - destruct_evp_method - }; - - methdata->operation_id = operation_id; - methdata->name_id = name_id; - methdata->names = name; - methdata->propquery = propq; - methdata->method_from_algorithm = new_method; - methdata->refcnt_up_method = up_ref_method; - methdata->destruct_method = free_method; - methdata->flag_construct_error_occurred = 0; - if ((method = ossl_method_construct(methdata->libctx, operation_id, - &prov, 0 /* !force_cache */, - &mcm, methdata)) != NULL) { - /* - * If construction did create a method for us, we know that - * there is a correct name_id and meth_id, since those have - * already been calculated in get_evp_method_from_store() and - * put_evp_method_in_store() above. - */ - if (name_id == 0) - name_id = ossl_namemap_name2num(namemap, name); - meth_id = evp_method_id(name_id, operation_id); - if (name_id != 0) - ossl_method_store_cache_set(store, prov, meth_id, propq, - method, up_ref_method, free_method); - } - - /* - * If we never were in the constructor, the algorithm to be fetched - * is unsupported. - */ - unsupported = !methdata->flag_construct_error_occurred; - } - - if ((name_id != 0 || name != NULL) && method == NULL) { - int code = unsupported ? ERR_R_UNSUPPORTED : ERR_R_FETCH_FAILED; - - if (name == NULL) - name = ossl_namemap_num2name(namemap, name_id, 0); - ERR_raise_data(ERR_LIB_EVP, code, - "%s, Algorithm (%s : %d), Properties (%s)", - ossl_lib_ctx_get_descriptor(methdata->libctx), - name == NULL ? "" : name, name_id, - properties == NULL ? "" : properties); - } - - return method; -} - -void *evp_generic_fetch(OSSL_LIB_CTX *libctx, int operation_id, - const char *name, const char *properties, - void *(*new_method)(int name_id, - const OSSL_ALGORITHM *algodef, - OSSL_PROVIDER *prov), - int (*up_ref_method)(void *), - void (*free_method)(void *)) -{ - struct evp_method_data_st methdata; - void *method; - - methdata.libctx = libctx; - methdata.tmp_store = NULL; - method = inner_evp_generic_fetch(&methdata, NULL, operation_id, - 0, name, properties, - new_method, up_ref_method, free_method); - dealloc_tmp_evp_method_store(methdata.tmp_store); - return method; -} - -/* - * evp_generic_fetch_by_number() is special, and only returns methods for - * already known names, i.e. it refuses to work if no name_id can be found - * (it's considered an internal programming error). - * This is meant to be used when one method needs to fetch an associated - * method. - */ -void *evp_generic_fetch_by_number(OSSL_LIB_CTX *libctx, int operation_id, - int name_id, const char *properties, - void *(*new_method)(int name_id, - const OSSL_ALGORITHM *algodef, - OSSL_PROVIDER *prov), - int (*up_ref_method)(void *), - void (*free_method)(void *)) -{ - struct evp_method_data_st methdata; - void *method; - - methdata.libctx = libctx; - methdata.tmp_store = NULL; - method = inner_evp_generic_fetch(&methdata, NULL, operation_id, - name_id, NULL, properties, - new_method, up_ref_method, free_method); - dealloc_tmp_evp_method_store(methdata.tmp_store); - return method; -} - -/* - * evp_generic_fetch_from_prov() is special, and only returns methods from - * the given provider. - * This is meant to be used when one method needs to fetch an associated - * method. - */ -void *evp_generic_fetch_from_prov(OSSL_PROVIDER *prov, int operation_id, - const char *name, const char *properties, - void *(*new_method)(int name_id, - const OSSL_ALGORITHM *algodef, - OSSL_PROVIDER *prov), - int (*up_ref_method)(void *), - void (*free_method)(void *)) -{ - struct evp_method_data_st methdata; - void *method; - - methdata.libctx = ossl_provider_libctx(prov); - methdata.tmp_store = NULL; - method = inner_evp_generic_fetch(&methdata, prov, operation_id, - 0, name, properties, - new_method, up_ref_method, free_method); - dealloc_tmp_evp_method_store(methdata.tmp_store); - return method; -} - -int evp_method_store_cache_flush(OSSL_LIB_CTX *libctx) -{ - OSSL_METHOD_STORE *store = get_evp_method_store(libctx); - - if (store != NULL) - return ossl_method_store_cache_flush_all(store); - return 1; -} - -int evp_method_store_remove_all_provided(const OSSL_PROVIDER *prov) -{ - OSSL_LIB_CTX *libctx = ossl_provider_libctx(prov); - OSSL_METHOD_STORE *store = get_evp_method_store(libctx); - - if (store != NULL) - return ossl_method_store_remove_all_provided(store, prov); - return 1; -} - -static int evp_set_parsed_default_properties(OSSL_LIB_CTX *libctx, - OSSL_PROPERTY_LIST *def_prop, - int loadconfig, - int mirrored) -{ - OSSL_METHOD_STORE *store = get_evp_method_store(libctx); - OSSL_PROPERTY_LIST **plp = ossl_ctx_global_properties(libctx, loadconfig); - - if (plp != NULL && store != NULL) { -#ifndef FIPS_MODULE - char *propstr = NULL; - size_t strsz; - - if (mirrored) { - if (ossl_global_properties_no_mirrored(libctx)) - return 0; - } else { - /* - * These properties have been explicitly set on this libctx, so - * don't allow any mirroring from a parent libctx. - */ - ossl_global_properties_stop_mirroring(libctx); - } - - strsz = ossl_property_list_to_string(libctx, def_prop, NULL, 0); - if (strsz > 0) - propstr = OPENSSL_malloc(strsz); - if (propstr == NULL) { - ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR); - return 0; - } - if (ossl_property_list_to_string(libctx, def_prop, propstr, - strsz) == 0) { - OPENSSL_free(propstr); - ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR); - return 0; - } - ossl_provider_default_props_update(libctx, propstr); - OPENSSL_free(propstr); -#endif - ossl_property_free(*plp); - *plp = def_prop; - if (store != NULL) - return ossl_method_store_cache_flush_all(store); - } - ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR); - return 0; -} - -int evp_set_default_properties_int(OSSL_LIB_CTX *libctx, const char *propq, - int loadconfig, int mirrored) -{ - OSSL_PROPERTY_LIST *pl = NULL; - - if (propq != NULL && (pl = ossl_parse_query(libctx, propq, 1)) == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_DEFAULT_QUERY_PARSE_ERROR); - return 0; - } - if (!evp_set_parsed_default_properties(libctx, pl, loadconfig, mirrored)) { - ossl_property_free(pl); - return 0; - } - return 1; -} - -int EVP_set_default_properties(OSSL_LIB_CTX *libctx, const char *propq) -{ - return evp_set_default_properties_int(libctx, propq, 1, 0); -} - -static int evp_default_properties_merge(OSSL_LIB_CTX *libctx, const char *propq, - int loadconfig) -{ - OSSL_PROPERTY_LIST **plp = ossl_ctx_global_properties(libctx, loadconfig); - OSSL_PROPERTY_LIST *pl1, *pl2; - - if (propq == NULL) - return 1; - if (plp == NULL || *plp == NULL) - return evp_set_default_properties_int(libctx, propq, 0, 0); - if ((pl1 = ossl_parse_query(libctx, propq, 1)) == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_DEFAULT_QUERY_PARSE_ERROR); - return 0; - } - pl2 = ossl_property_merge(pl1, *plp); - ossl_property_free(pl1); - if (pl2 == NULL) { - ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE); - return 0; - } - if (!evp_set_parsed_default_properties(libctx, pl2, 0, 0)) { - ossl_property_free(pl2); - return 0; - } - return 1; -} - -static int evp_default_property_is_enabled(OSSL_LIB_CTX *libctx, - const char *prop_name) -{ - OSSL_PROPERTY_LIST **plp = ossl_ctx_global_properties(libctx, 1); - - return plp != NULL && ossl_property_is_enabled(libctx, prop_name, *plp); -} - -int EVP_default_properties_is_fips_enabled(OSSL_LIB_CTX *libctx) -{ - return evp_default_property_is_enabled(libctx, "fips"); -} - -int evp_default_properties_enable_fips_int(OSSL_LIB_CTX *libctx, int enable, - int loadconfig) -{ - const char *query = (enable != 0) ? "fips=yes" : "-fips"; - - return evp_default_properties_merge(libctx, query, loadconfig); -} - -int EVP_default_properties_enable_fips(OSSL_LIB_CTX *libctx, int enable) -{ - return evp_default_properties_enable_fips_int(libctx, enable, 1); -} - -char *evp_get_global_properties_str(OSSL_LIB_CTX *libctx, int loadconfig) -{ - OSSL_PROPERTY_LIST **plp = ossl_ctx_global_properties(libctx, loadconfig); - char *propstr = NULL; - size_t sz; - - if (plp == NULL) - return OPENSSL_strdup(""); - - sz = ossl_property_list_to_string(libctx, *plp, NULL, 0); - if (sz == 0) { - ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR); - return NULL; - } - - propstr = OPENSSL_malloc(sz); - if (propstr == NULL) { - ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE); - return NULL; - } - if (ossl_property_list_to_string(libctx, *plp, propstr, sz) == 0) { - ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR); - OPENSSL_free(propstr); - return NULL; - } - return propstr; -} - -struct filter_data_st { - int operation_id; - void (*user_fn)(void *method, void *arg); - void *user_arg; -}; - -static void filter_on_operation_id(int id, void *method, void *arg) -{ - struct filter_data_st *data = arg; - - if ((id & METHOD_ID_OPERATION_MASK) == data->operation_id) - data->user_fn(method, data->user_arg); -} - -void evp_generic_do_all(OSSL_LIB_CTX *libctx, int operation_id, - void (*user_fn)(void *method, void *arg), - void *user_arg, - void *(*new_method)(int name_id, - const OSSL_ALGORITHM *algodef, - OSSL_PROVIDER *prov), - int (*up_ref_method)(void *), - void (*free_method)(void *)) -{ - struct evp_method_data_st methdata; - struct filter_data_st data; - - methdata.libctx = libctx; - methdata.tmp_store = NULL; - (void)inner_evp_generic_fetch(&methdata, NULL, operation_id, 0, NULL, NULL, - new_method, up_ref_method, free_method); - - data.operation_id = operation_id; - data.user_fn = user_fn; - data.user_arg = user_arg; - if (methdata.tmp_store != NULL) - ossl_method_store_do_all(methdata.tmp_store, &filter_on_operation_id, - &data); - ossl_method_store_do_all(get_evp_method_store(libctx), - &filter_on_operation_id, &data); - dealloc_tmp_evp_method_store(methdata.tmp_store); -} - -int evp_is_a(OSSL_PROVIDER *prov, int number, - const char *legacy_name, const char *name) -{ - /* - * For a |prov| that is NULL, the library context will be NULL - */ - OSSL_LIB_CTX *libctx = ossl_provider_libctx(prov); - OSSL_NAMEMAP *namemap = ossl_namemap_stored(libctx); - - if (prov == NULL) - number = ossl_namemap_name2num(namemap, legacy_name); - return ossl_namemap_name2num(namemap, name) == number; -} - -int evp_names_do_all(OSSL_PROVIDER *prov, int number, - void (*fn)(const char *name, void *data), - void *data) -{ - OSSL_LIB_CTX *libctx = ossl_provider_libctx(prov); - OSSL_NAMEMAP *namemap = ossl_namemap_stored(libctx); - - return ossl_namemap_doall_names(namemap, number, fn, data); -} diff --git a/crypto/evp/evp_key.c b/crypto/evp/evp_key.c deleted file mode 100644 index 607d45ee23406d350cef56ccf685980b29de5b6e..0000000000000000000000000000000000000000 --- a/crypto/evp/evp_key.c +++ /dev/null @@ -1,154 +0,0 @@ -/* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/cryptlib.h" -#include -#include -#include -#include - -#ifndef BUFSIZ -# define BUFSIZ 256 -#endif - -/* should be init to zeros. */ -static char prompt_string[80]; - -void EVP_set_pw_prompt(const char *prompt) -{ - if (prompt == NULL) - prompt_string[0] = '\0'; - else { - strncpy(prompt_string, prompt, 79); - prompt_string[79] = '\0'; - } -} - -char *EVP_get_pw_prompt(void) -{ - if (prompt_string[0] == '\0') - return NULL; - else - return prompt_string; -} - -/* - * For historical reasons, the standard function for reading passwords is in - * the DES library -- if someone ever wants to disable DES, this function - * will fail - */ -int EVP_read_pw_string(char *buf, int len, const char *prompt, int verify) -{ - return EVP_read_pw_string_min(buf, 0, len, prompt, verify); -} - -int EVP_read_pw_string_min(char *buf, int min, int len, const char *prompt, - int verify) -{ - int ret = -1; - char buff[BUFSIZ]; - UI *ui; - - if ((prompt == NULL) && (prompt_string[0] != '\0')) - prompt = prompt_string; - ui = UI_new(); - if (ui == NULL) - return ret; - if (UI_add_input_string(ui, prompt, 0, buf, min, - (len >= BUFSIZ) ? BUFSIZ - 1 : len) < 0 - || (verify - && UI_add_verify_string(ui, prompt, 0, buff, min, - (len >= BUFSIZ) ? BUFSIZ - 1 : len, - buf) < 0)) - goto end; - ret = UI_process(ui); - OPENSSL_cleanse(buff, BUFSIZ); - end: - UI_free(ui); - return ret; -} - -int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md, - const unsigned char *salt, const unsigned char *data, - int datal, int count, unsigned char *key, - unsigned char *iv) -{ - EVP_MD_CTX *c; - unsigned char md_buf[EVP_MAX_MD_SIZE]; - int niv, nkey, addmd = 0; - unsigned int mds = 0, i; - int rv = 0; - nkey = EVP_CIPHER_get_key_length(type); - niv = EVP_CIPHER_get_iv_length(type); - OPENSSL_assert(nkey <= EVP_MAX_KEY_LENGTH); - OPENSSL_assert(niv <= EVP_MAX_IV_LENGTH); - - if (data == NULL) - return nkey; - - c = EVP_MD_CTX_new(); - if (c == NULL) - goto err; - for (;;) { - if (!EVP_DigestInit_ex(c, md, NULL)) - goto err; - if (addmd++) - if (!EVP_DigestUpdate(c, &(md_buf[0]), mds)) - goto err; - if (!EVP_DigestUpdate(c, data, datal)) - goto err; - if (salt != NULL) - if (!EVP_DigestUpdate(c, salt, PKCS5_SALT_LEN)) - goto err; - if (!EVP_DigestFinal_ex(c, &(md_buf[0]), &mds)) - goto err; - - for (i = 1; i < (unsigned int)count; i++) { - if (!EVP_DigestInit_ex(c, md, NULL)) - goto err; - if (!EVP_DigestUpdate(c, &(md_buf[0]), mds)) - goto err; - if (!EVP_DigestFinal_ex(c, &(md_buf[0]), &mds)) - goto err; - } - i = 0; - if (nkey) { - for (;;) { - if (nkey == 0) - break; - if (i == mds) - break; - if (key != NULL) - *(key++) = md_buf[i]; - nkey--; - i++; - } - } - if (niv && (i != mds)) { - for (;;) { - if (niv == 0) - break; - if (i == mds) - break; - if (iv != NULL) - *(iv++) = md_buf[i]; - niv--; - i++; - } - } - if ((nkey == 0) && (niv == 0)) - break; - } - rv = EVP_CIPHER_get_key_length(type); - err: - EVP_MD_CTX_free(c); - OPENSSL_cleanse(md_buf, sizeof(md_buf)); - return rv; -} diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c deleted file mode 100644 index d88066d0a2b61f41fe8d1e95db109f6eb8b7488f..0000000000000000000000000000000000000000 --- a/crypto/evp/evp_lib.c +++ /dev/null @@ -1,1215 +0,0 @@ -/* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * EVP _meth_ APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include -#include -#include "internal/cryptlib.h" -#include -#include -#include -#include -#include -#include -#include -#include "crypto/evp.h" -#include "crypto/cryptlib.h" -#include "internal/provider.h" -#include "evp_local.h" - -#if !defined(FIPS_MODULE) -# include "crypto/asn1.h" - -int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type) -{ - return evp_cipher_param_to_asn1_ex(c, type, NULL); -} - -int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type) -{ - return evp_cipher_asn1_to_param_ex(c, type, NULL); -} - -int EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *ctx, ASN1_TYPE *type) -{ - int i = 0; - unsigned int l; - - if (type != NULL) { - unsigned char iv[EVP_MAX_IV_LENGTH]; - - l = EVP_CIPHER_CTX_get_iv_length(ctx); - if (!ossl_assert(l <= sizeof(iv))) - return -1; - i = ASN1_TYPE_get_octetstring(type, iv, l); - if (i != (int)l) - return -1; - - if (!EVP_CipherInit_ex(ctx, NULL, NULL, NULL, iv, -1)) - return -1; - } - return i; -} - -int EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) -{ - int i = 0; - unsigned int j; - unsigned char *oiv = NULL; - - if (type != NULL) { - oiv = (unsigned char *)EVP_CIPHER_CTX_original_iv(c); - j = EVP_CIPHER_CTX_get_iv_length(c); - OPENSSL_assert(j <= sizeof(c->iv)); - i = ASN1_TYPE_set_octetstring(type, oiv, j); - } - return i; -} - -int evp_cipher_param_to_asn1_ex(EVP_CIPHER_CTX *c, ASN1_TYPE *type, - evp_cipher_aead_asn1_params *asn1_params) -{ - int ret = -1; /* Assume the worst */ - const EVP_CIPHER *cipher = c->cipher; - - /* - * For legacy implementations, we detect custom AlgorithmIdentifier - * parameter handling by checking if the function pointer - * cipher->set_asn1_parameters is set. We know that this pointer - * is NULL for provided implementations. - * - * Otherwise, for any implementation, we check the flag - * EVP_CIPH_FLAG_CUSTOM_ASN1. If it isn't set, we apply - * default AI parameter extraction. - * - * Otherwise, for provided implementations, we convert |type| to - * a DER encoded blob and pass to the implementation in OSSL_PARAM - * form. - * - * If none of the above applies, this operation is unsupported. - */ - if (cipher->set_asn1_parameters != NULL) { - ret = cipher->set_asn1_parameters(c, type); - } else if ((EVP_CIPHER_get_flags(cipher) & EVP_CIPH_FLAG_CUSTOM_ASN1) == 0) { - switch (EVP_CIPHER_get_mode(cipher)) { - case EVP_CIPH_WRAP_MODE: - if (EVP_CIPHER_is_a(cipher, SN_id_smime_alg_CMS3DESwrap)) - ASN1_TYPE_set(type, V_ASN1_NULL, NULL); - ret = 1; - break; - - case EVP_CIPH_GCM_MODE: - ret = evp_cipher_set_asn1_aead_params(c, type, asn1_params); - break; - - case EVP_CIPH_CCM_MODE: - case EVP_CIPH_XTS_MODE: - case EVP_CIPH_OCB_MODE: - ret = -2; - break; - - default: - ret = EVP_CIPHER_set_asn1_iv(c, type); - } - } else if (cipher->prov != NULL) { - OSSL_PARAM params[3], *p = params; - unsigned char *der = NULL, *derp; - - /* - * We make two passes, the first to get the appropriate buffer size, - * and the second to get the actual value. - */ - *p++ = OSSL_PARAM_construct_octet_string( - OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS, - NULL, 0); - *p = OSSL_PARAM_construct_end(); - - if (!EVP_CIPHER_CTX_get_params(c, params)) - goto err; - - /* ... but, we should get a return size too! */ - if (OSSL_PARAM_modified(params) - && params[0].return_size != 0 - && (der = OPENSSL_malloc(params[0].return_size)) != NULL) { - params[0].data = der; - params[0].data_size = params[0].return_size; - OSSL_PARAM_set_all_unmodified(params); - derp = der; - if (EVP_CIPHER_CTX_get_params(c, params) - && OSSL_PARAM_modified(params) - && d2i_ASN1_TYPE(&type, (const unsigned char **)&derp, - params[0].return_size) != NULL) { - ret = 1; - } - OPENSSL_free(der); - } - } else { - ret = -2; - } - - err: - if (ret == -2) - ERR_raise(ERR_LIB_EVP, EVP_R_UNSUPPORTED_CIPHER); - else if (ret <= 0) - ERR_raise(ERR_LIB_EVP, EVP_R_CIPHER_PARAMETER_ERROR); - if (ret < -1) - ret = -1; - return ret; -} - -int evp_cipher_asn1_to_param_ex(EVP_CIPHER_CTX *c, ASN1_TYPE *type, - evp_cipher_aead_asn1_params *asn1_params) -{ - int ret = -1; /* Assume the worst */ - const EVP_CIPHER *cipher = c->cipher; - - /* - * For legacy implementations, we detect custom AlgorithmIdentifier - * parameter handling by checking if there the function pointer - * cipher->get_asn1_parameters is set. We know that this pointer - * is NULL for provided implementations. - * - * Otherwise, for any implementation, we check the flag - * EVP_CIPH_FLAG_CUSTOM_ASN1. If it isn't set, we apply - * default AI parameter creation. - * - * Otherwise, for provided implementations, we get the AI parameter - * in DER encoded form from the implementation by requesting the - * appropriate OSSL_PARAM and converting the result to a ASN1_TYPE. - * - * If none of the above applies, this operation is unsupported. - */ - if (cipher->get_asn1_parameters != NULL) { - ret = cipher->get_asn1_parameters(c, type); - } else if ((EVP_CIPHER_get_flags(cipher) & EVP_CIPH_FLAG_CUSTOM_ASN1) == 0) { - switch (EVP_CIPHER_get_mode(cipher)) { - case EVP_CIPH_WRAP_MODE: - ret = 1; - break; - - case EVP_CIPH_GCM_MODE: - ret = evp_cipher_get_asn1_aead_params(c, type, asn1_params); - break; - - case EVP_CIPH_CCM_MODE: - case EVP_CIPH_XTS_MODE: - case EVP_CIPH_OCB_MODE: - ret = -2; - break; - - default: - ret = EVP_CIPHER_get_asn1_iv(c, type); - } - } else if (cipher->prov != NULL) { - OSSL_PARAM params[3], *p = params; - unsigned char *der = NULL; - int derl = -1; - - if ((derl = i2d_ASN1_TYPE(type, &der)) >= 0) { - *p++ = - OSSL_PARAM_construct_octet_string( - OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS, - der, (size_t)derl); - *p = OSSL_PARAM_construct_end(); - if (EVP_CIPHER_CTX_set_params(c, params)) - ret = 1; - OPENSSL_free(der); - } - } else { - ret = -2; - } - - if (ret == -2) - ERR_raise(ERR_LIB_EVP, EVP_R_UNSUPPORTED_CIPHER); - else if (ret <= 0) - ERR_raise(ERR_LIB_EVP, EVP_R_CIPHER_PARAMETER_ERROR); - if (ret < -1) - ret = -1; - return ret; -} - -int evp_cipher_get_asn1_aead_params(EVP_CIPHER_CTX *c, ASN1_TYPE *type, - evp_cipher_aead_asn1_params *asn1_params) -{ - int i = 0; - long tl; - unsigned char iv[EVP_MAX_IV_LENGTH]; - - if (type == NULL || asn1_params == NULL) - return 0; - - i = ossl_asn1_type_get_octetstring_int(type, &tl, NULL, EVP_MAX_IV_LENGTH); - if (i <= 0) - return -1; - ossl_asn1_type_get_octetstring_int(type, &tl, iv, i); - - memcpy(asn1_params->iv, iv, i); - asn1_params->iv_len = i; - - return i; -} - -int evp_cipher_set_asn1_aead_params(EVP_CIPHER_CTX *c, ASN1_TYPE *type, - evp_cipher_aead_asn1_params *asn1_params) -{ - if (type == NULL || asn1_params == NULL) - return 0; - - return ossl_asn1_type_set_octetstring_int(type, asn1_params->tag_len, - asn1_params->iv, - asn1_params->iv_len); -} -#endif /* !defined(FIPS_MODULE) */ - -/* Convert the various cipher NIDs and dummies to a proper OID NID */ -int EVP_CIPHER_get_type(const EVP_CIPHER *cipher) -{ - int nid; - nid = EVP_CIPHER_get_nid(cipher); - - switch (nid) { - - case NID_rc2_cbc: - case NID_rc2_64_cbc: - case NID_rc2_40_cbc: - - return NID_rc2_cbc; - - case NID_rc4: - case NID_rc4_40: - - return NID_rc4; - - case NID_aes_128_cfb128: - case NID_aes_128_cfb8: - case NID_aes_128_cfb1: - - return NID_aes_128_cfb128; - - case NID_aes_192_cfb128: - case NID_aes_192_cfb8: - case NID_aes_192_cfb1: - - return NID_aes_192_cfb128; - - case NID_aes_256_cfb128: - case NID_aes_256_cfb8: - case NID_aes_256_cfb1: - - return NID_aes_256_cfb128; - - case NID_des_cfb64: - case NID_des_cfb8: - case NID_des_cfb1: - - return NID_des_cfb64; - - case NID_des_ede3_cfb64: - case NID_des_ede3_cfb8: - case NID_des_ede3_cfb1: - - return NID_des_cfb64; - - default: -#ifdef FIPS_MODULE - return NID_undef; -#else - { - /* Check it has an OID and it is valid */ - ASN1_OBJECT *otmp = OBJ_nid2obj(nid); - - if (OBJ_get0_data(otmp) == NULL) - nid = NID_undef; - ASN1_OBJECT_free(otmp); - return nid; - } -#endif - } -} - -int evp_cipher_cache_constants(EVP_CIPHER *cipher) -{ - int ok, aead = 0, custom_iv = 0, cts = 0, multiblock = 0, randkey = 0; - size_t ivlen = 0; - size_t blksz = 0; - size_t keylen = 0; - unsigned int mode = 0; - OSSL_PARAM params[10]; - - params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_BLOCK_SIZE, &blksz); - params[1] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_IVLEN, &ivlen); - params[2] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN, &keylen); - params[3] = OSSL_PARAM_construct_uint(OSSL_CIPHER_PARAM_MODE, &mode); - params[4] = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_AEAD, &aead); - params[5] = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_CUSTOM_IV, - &custom_iv); - params[6] = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_CTS, &cts); - params[7] = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK, - &multiblock); - params[8] = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_HAS_RAND_KEY, - &randkey); - params[9] = OSSL_PARAM_construct_end(); - ok = evp_do_ciph_getparams(cipher, params) > 0; - if (ok) { - cipher->block_size = blksz; - cipher->iv_len = ivlen; - cipher->key_len = keylen; - cipher->flags = mode; - if (aead) - cipher->flags |= EVP_CIPH_FLAG_AEAD_CIPHER; - if (custom_iv) - cipher->flags |= EVP_CIPH_CUSTOM_IV; - if (cts) - cipher->flags |= EVP_CIPH_FLAG_CTS; - if (multiblock) - cipher->flags |= EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK; - if (cipher->ccipher != NULL) - cipher->flags |= EVP_CIPH_FLAG_CUSTOM_CIPHER; - if (randkey) - cipher->flags |= EVP_CIPH_RAND_KEY; - if (OSSL_PARAM_locate_const(EVP_CIPHER_gettable_ctx_params(cipher), - OSSL_CIPHER_PARAM_ALGORITHM_ID_PARAMS)) - cipher->flags |= EVP_CIPH_FLAG_CUSTOM_ASN1; - } - return ok; -} - -int EVP_CIPHER_get_block_size(const EVP_CIPHER *cipher) -{ - return cipher->block_size; -} - -int EVP_CIPHER_CTX_get_block_size(const EVP_CIPHER_CTX *ctx) -{ - return EVP_CIPHER_get_block_size(ctx->cipher); -} - -int EVP_CIPHER_impl_ctx_size(const EVP_CIPHER *e) -{ - return e->ctx_size; -} - -int EVP_Cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, unsigned int inl) -{ - if (ctx->cipher->prov != NULL) { - /* - * If the provided implementation has a ccipher function, we use it, - * and translate its return value like this: 0 => -1, 1 => outlen - * - * Otherwise, we call the cupdate function if in != NULL, or cfinal - * if in == NULL. Regardless of which, we return what we got. - */ - int ret = -1; - size_t outl = 0; - size_t blocksize = EVP_CIPHER_CTX_get_block_size(ctx); - - if (ctx->cipher->ccipher != NULL) - ret = ctx->cipher->ccipher(ctx->algctx, out, &outl, - inl + (blocksize == 1 ? 0 : blocksize), - in, (size_t)inl) - ? (int)outl : -1; - else if (in != NULL) - ret = ctx->cipher->cupdate(ctx->algctx, out, &outl, - inl + (blocksize == 1 ? 0 : blocksize), - in, (size_t)inl); - else - ret = ctx->cipher->cfinal(ctx->algctx, out, &outl, - blocksize == 1 ? 0 : blocksize); - - return ret; - } - - return ctx->cipher->do_cipher(ctx, out, in, inl); -} - -#ifndef OPENSSL_NO_DEPRECATED_3_0 -const EVP_CIPHER *EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx) -{ - if (ctx == NULL) - return NULL; - return ctx->cipher; -} -#endif - -const EVP_CIPHER *EVP_CIPHER_CTX_get0_cipher(const EVP_CIPHER_CTX *ctx) -{ - if (ctx == NULL) - return NULL; - return ctx->cipher; -} - -EVP_CIPHER *EVP_CIPHER_CTX_get1_cipher(EVP_CIPHER_CTX *ctx) -{ - EVP_CIPHER *cipher; - - if (ctx == NULL) - return NULL; - cipher = (EVP_CIPHER *)ctx->cipher; - if (!EVP_CIPHER_up_ref(cipher)) - return NULL; - return cipher; -} - -int EVP_CIPHER_CTX_is_encrypting(const EVP_CIPHER_CTX *ctx) -{ - return ctx->encrypt; -} - -unsigned long EVP_CIPHER_get_flags(const EVP_CIPHER *cipher) -{ - return cipher->flags; -} - -void *EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx) -{ - return ctx->app_data; -} - -void EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *ctx, void *data) -{ - ctx->app_data = data; -} - -void *EVP_CIPHER_CTX_get_cipher_data(const EVP_CIPHER_CTX *ctx) -{ - return ctx->cipher_data; -} - -void *EVP_CIPHER_CTX_set_cipher_data(EVP_CIPHER_CTX *ctx, void *cipher_data) -{ - void *old_cipher_data; - - old_cipher_data = ctx->cipher_data; - ctx->cipher_data = cipher_data; - - return old_cipher_data; -} - -int EVP_CIPHER_get_iv_length(const EVP_CIPHER *cipher) -{ - return cipher->iv_len; -} - -int EVP_CIPHER_CTX_get_iv_length(const EVP_CIPHER_CTX *ctx) -{ - if (ctx->iv_len < 0) { - int rv, len = EVP_CIPHER_get_iv_length(ctx->cipher); - size_t v = len; - OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; - - if (ctx->cipher->get_ctx_params != NULL) { - params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_IVLEN, - &v); - rv = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->algctx, params); - if (rv > 0) { - if (OSSL_PARAM_modified(params) - && !OSSL_PARAM_get_int(params, &len)) - return -1; - } else if (rv != EVP_CTRL_RET_UNSUPPORTED) { - return -1; - } - } - /* Code below to be removed when legacy support is dropped. */ - else if ((EVP_CIPHER_get_flags(ctx->cipher) - & EVP_CIPH_CUSTOM_IV_LENGTH) != 0) { - rv = EVP_CIPHER_CTX_ctrl((EVP_CIPHER_CTX *)ctx, EVP_CTRL_GET_IVLEN, - 0, &len); - if (rv <= 0) - return -1; - } - /*- - * Casting away the const is annoying but required here. We need to - * cache the result for performance reasons. - */ - ((EVP_CIPHER_CTX *)ctx)->iv_len = len; - } - return ctx->iv_len; -} - -int EVP_CIPHER_CTX_get_tag_length(const EVP_CIPHER_CTX *ctx) -{ - int ret; - size_t v = 0; - OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; - - params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_AEAD_TAGLEN, &v); - ret = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->algctx, params); - return ret == 1 ? (int)v : 0; -} - -#ifndef OPENSSL_NO_DEPRECATED_3_0 -const unsigned char *EVP_CIPHER_CTX_original_iv(const EVP_CIPHER_CTX *ctx) -{ - int ok; - const unsigned char *v = ctx->oiv; - OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; - - params[0] = - OSSL_PARAM_construct_octet_ptr(OSSL_CIPHER_PARAM_IV, - (void **)&v, sizeof(ctx->oiv)); - ok = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->algctx, params); - - return ok != 0 ? v : NULL; -} - -/* - * OSSL_PARAM_OCTET_PTR gets us the pointer to the running IV in the provider - */ -const unsigned char *EVP_CIPHER_CTX_iv(const EVP_CIPHER_CTX *ctx) -{ - int ok; - const unsigned char *v = ctx->iv; - OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; - - params[0] = - OSSL_PARAM_construct_octet_ptr(OSSL_CIPHER_PARAM_UPDATED_IV, - (void **)&v, sizeof(ctx->iv)); - ok = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->algctx, params); - - return ok != 0 ? v : NULL; -} - -unsigned char *EVP_CIPHER_CTX_iv_noconst(EVP_CIPHER_CTX *ctx) -{ - int ok; - unsigned char *v = ctx->iv; - OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; - - params[0] = - OSSL_PARAM_construct_octet_ptr(OSSL_CIPHER_PARAM_UPDATED_IV, - (void **)&v, sizeof(ctx->iv)); - ok = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->algctx, params); - - return ok != 0 ? v : NULL; -} -#endif /* OPENSSL_NO_DEPRECATED_3_0_0 */ - -int EVP_CIPHER_CTX_get_updated_iv(EVP_CIPHER_CTX *ctx, void *buf, size_t len) -{ - OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; - - params[0] = - OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_UPDATED_IV, buf, len); - return evp_do_ciph_ctx_getparams(ctx->cipher, ctx->algctx, params); -} - -int EVP_CIPHER_CTX_get_original_iv(EVP_CIPHER_CTX *ctx, void *buf, size_t len) -{ - OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; - - params[0] = - OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_IV, buf, len); - return evp_do_ciph_ctx_getparams(ctx->cipher, ctx->algctx, params); -} - -unsigned char *EVP_CIPHER_CTX_buf_noconst(EVP_CIPHER_CTX *ctx) -{ - return ctx->buf; -} - -int EVP_CIPHER_CTX_get_num(const EVP_CIPHER_CTX *ctx) -{ - int ok; - unsigned int v = (unsigned int)ctx->num; - OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; - - params[0] = OSSL_PARAM_construct_uint(OSSL_CIPHER_PARAM_NUM, &v); - ok = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->algctx, params); - - return ok != 0 ? (int)v : EVP_CTRL_RET_UNSUPPORTED; -} - -int EVP_CIPHER_CTX_set_num(EVP_CIPHER_CTX *ctx, int num) -{ - int ok; - unsigned int n = (unsigned int)num; - OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; - - params[0] = OSSL_PARAM_construct_uint(OSSL_CIPHER_PARAM_NUM, &n); - ok = evp_do_ciph_ctx_setparams(ctx->cipher, ctx->algctx, params); - - if (ok != 0) - ctx->num = (int)n; - return ok != 0; -} - -int EVP_CIPHER_get_key_length(const EVP_CIPHER *cipher) -{ - return cipher->key_len; -} - -int EVP_CIPHER_CTX_get_key_length(const EVP_CIPHER_CTX *ctx) -{ - int ok; - size_t v = ctx->key_len; - OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; - - params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN, &v); - ok = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->algctx, params); - - return ok != 0 ? (int)v : EVP_CTRL_RET_UNSUPPORTED; -} - -int EVP_CIPHER_get_nid(const EVP_CIPHER *cipher) -{ - return cipher->nid; -} - -int EVP_CIPHER_CTX_get_nid(const EVP_CIPHER_CTX *ctx) -{ - return ctx->cipher->nid; -} - -int EVP_CIPHER_is_a(const EVP_CIPHER *cipher, const char *name) -{ - if (cipher == NULL) - return 0; - if (cipher->prov != NULL) - return evp_is_a(cipher->prov, cipher->name_id, NULL, name); - return evp_is_a(NULL, 0, EVP_CIPHER_get0_name(cipher), name); -} - -int evp_cipher_get_number(const EVP_CIPHER *cipher) -{ - return cipher->name_id; -} - -const char *EVP_CIPHER_get0_name(const EVP_CIPHER *cipher) -{ - if (cipher->type_name != NULL) - return cipher->type_name; -#ifndef FIPS_MODULE - return OBJ_nid2sn(EVP_CIPHER_get_nid(cipher)); -#else - return NULL; -#endif -} - -const char *EVP_CIPHER_get0_description(const EVP_CIPHER *cipher) -{ - if (cipher->description != NULL) - return cipher->description; -#ifndef FIPS_MODULE - return OBJ_nid2ln(EVP_CIPHER_get_nid(cipher)); -#else - return NULL; -#endif -} - -int EVP_CIPHER_names_do_all(const EVP_CIPHER *cipher, - void (*fn)(const char *name, void *data), - void *data) -{ - if (cipher->prov != NULL) - return evp_names_do_all(cipher->prov, cipher->name_id, fn, data); - - return 1; -} - -const OSSL_PROVIDER *EVP_CIPHER_get0_provider(const EVP_CIPHER *cipher) -{ - return cipher->prov; -} - -int EVP_CIPHER_get_mode(const EVP_CIPHER *cipher) -{ - return EVP_CIPHER_get_flags(cipher) & EVP_CIPH_MODE; -} - -int EVP_MD_is_a(const EVP_MD *md, const char *name) -{ - if (md == NULL) - return 0; - if (md->prov != NULL) - return evp_is_a(md->prov, md->name_id, NULL, name); - return evp_is_a(NULL, 0, EVP_MD_get0_name(md), name); -} - -int evp_md_get_number(const EVP_MD *md) -{ - return md->name_id; -} - -const char *EVP_MD_get0_description(const EVP_MD *md) -{ - if (md->description != NULL) - return md->description; -#ifndef FIPS_MODULE - return OBJ_nid2ln(EVP_MD_nid(md)); -#else - return NULL; -#endif -} - -const char *EVP_MD_get0_name(const EVP_MD *md) -{ - if (md == NULL) - return NULL; - if (md->type_name != NULL) - return md->type_name; -#ifndef FIPS_MODULE - return OBJ_nid2sn(EVP_MD_nid(md)); -#else - return NULL; -#endif -} - -int EVP_MD_names_do_all(const EVP_MD *md, - void (*fn)(const char *name, void *data), - void *data) -{ - if (md->prov != NULL) - return evp_names_do_all(md->prov, md->name_id, fn, data); - - return 1; -} - -const OSSL_PROVIDER *EVP_MD_get0_provider(const EVP_MD *md) -{ - return md->prov; -} - -int EVP_MD_get_type(const EVP_MD *md) -{ - return md->type; -} - -int EVP_MD_get_pkey_type(const EVP_MD *md) -{ - return md->pkey_type; -} - -int EVP_MD_get_block_size(const EVP_MD *md) -{ - if (md == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_MESSAGE_DIGEST_IS_NULL); - return -1; - } - return md->block_size; -} - -int EVP_MD_get_size(const EVP_MD *md) -{ - if (md == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_MESSAGE_DIGEST_IS_NULL); - return -1; - } - return md->md_size; -} - -unsigned long EVP_MD_get_flags(const EVP_MD *md) -{ - return md->flags; -} - -EVP_MD *EVP_MD_meth_new(int md_type, int pkey_type) -{ - EVP_MD *md = evp_md_new(); - - if (md != NULL) { - md->type = md_type; - md->pkey_type = pkey_type; - md->origin = EVP_ORIG_METH; - } - return md; -} - -EVP_MD *EVP_MD_meth_dup(const EVP_MD *md) -{ - EVP_MD *to = NULL; - - /* - * Non-legacy EVP_MDs can't be duplicated like this. - * Use EVP_MD_up_ref() instead. - */ - if (md->prov != NULL) - return NULL; - - if ((to = EVP_MD_meth_new(md->type, md->pkey_type)) != NULL) { - CRYPTO_RWLOCK *lock = to->lock; - - memcpy(to, md, sizeof(*to)); - to->lock = lock; - to->origin = EVP_ORIG_METH; - } - return to; -} - -void evp_md_free_int(EVP_MD *md) -{ - OPENSSL_free(md->type_name); - ossl_provider_free(md->prov); - CRYPTO_THREAD_lock_free(md->lock); - OPENSSL_free(md); -} - -void EVP_MD_meth_free(EVP_MD *md) -{ - if (md == NULL || md->origin != EVP_ORIG_METH) - return; - - evp_md_free_int(md); -} - -int EVP_MD_meth_set_input_blocksize(EVP_MD *md, int blocksize) -{ - if (md->block_size != 0) - return 0; - - md->block_size = blocksize; - return 1; -} -int EVP_MD_meth_set_result_size(EVP_MD *md, int resultsize) -{ - if (md->md_size != 0) - return 0; - - md->md_size = resultsize; - return 1; -} -int EVP_MD_meth_set_app_datasize(EVP_MD *md, int datasize) -{ - if (md->ctx_size != 0) - return 0; - - md->ctx_size = datasize; - return 1; -} -int EVP_MD_meth_set_flags(EVP_MD *md, unsigned long flags) -{ - if (md->flags != 0) - return 0; - - md->flags = flags; - return 1; -} -int EVP_MD_meth_set_init(EVP_MD *md, int (*init)(EVP_MD_CTX *ctx)) -{ - if (md->init != NULL) - return 0; - - md->init = init; - return 1; -} -int EVP_MD_meth_set_update(EVP_MD *md, int (*update)(EVP_MD_CTX *ctx, - const void *data, - size_t count)) -{ - if (md->update != NULL) - return 0; - - md->update = update; - return 1; -} -int EVP_MD_meth_set_final(EVP_MD *md, int (*final)(EVP_MD_CTX *ctx, - unsigned char *md)) -{ - if (md->final != NULL) - return 0; - - md->final = final; - return 1; -} -int EVP_MD_meth_set_copy(EVP_MD *md, int (*copy)(EVP_MD_CTX *to, - const EVP_MD_CTX *from)) -{ - if (md->copy != NULL) - return 0; - - md->copy = copy; - return 1; -} -int EVP_MD_meth_set_cleanup(EVP_MD *md, int (*cleanup)(EVP_MD_CTX *ctx)) -{ - if (md->cleanup != NULL) - return 0; - - md->cleanup = cleanup; - return 1; -} -int EVP_MD_meth_set_ctrl(EVP_MD *md, int (*ctrl)(EVP_MD_CTX *ctx, int cmd, - int p1, void *p2)) -{ - if (md->md_ctrl != NULL) - return 0; - - md->md_ctrl = ctrl; - return 1; -} - -int EVP_MD_meth_get_input_blocksize(const EVP_MD *md) -{ - return md->block_size; -} -int EVP_MD_meth_get_result_size(const EVP_MD *md) -{ - return md->md_size; -} -int EVP_MD_meth_get_app_datasize(const EVP_MD *md) -{ - return md->ctx_size; -} -unsigned long EVP_MD_meth_get_flags(const EVP_MD *md) -{ - return md->flags; -} -int (*EVP_MD_meth_get_init(const EVP_MD *md))(EVP_MD_CTX *ctx) -{ - return md->init; -} -int (*EVP_MD_meth_get_update(const EVP_MD *md))(EVP_MD_CTX *ctx, - const void *data, - size_t count) -{ - return md->update; -} -int (*EVP_MD_meth_get_final(const EVP_MD *md))(EVP_MD_CTX *ctx, - unsigned char *md) -{ - return md->final; -} -int (*EVP_MD_meth_get_copy(const EVP_MD *md))(EVP_MD_CTX *to, - const EVP_MD_CTX *from) -{ - return md->copy; -} -int (*EVP_MD_meth_get_cleanup(const EVP_MD *md))(EVP_MD_CTX *ctx) -{ - return md->cleanup; -} -int (*EVP_MD_meth_get_ctrl(const EVP_MD *md))(EVP_MD_CTX *ctx, int cmd, - int p1, void *p2) -{ - return md->md_ctrl; -} - -#ifndef OPENSSL_NO_DEPRECATED_3_0 -const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx) -{ - if (ctx == NULL) - return NULL; - return ctx->reqdigest; -} -#endif - -const EVP_MD *EVP_MD_CTX_get0_md(const EVP_MD_CTX *ctx) -{ - if (ctx == NULL) - return NULL; - return ctx->reqdigest; -} - -EVP_MD *EVP_MD_CTX_get1_md(EVP_MD_CTX *ctx) -{ - EVP_MD *md; - - if (ctx == NULL) - return NULL; - md = (EVP_MD *)ctx->reqdigest; - if (md == NULL || !EVP_MD_up_ref(md)) - return NULL; - return md; -} - -EVP_PKEY_CTX *EVP_MD_CTX_get_pkey_ctx(const EVP_MD_CTX *ctx) -{ - return ctx->pctx; -} - -#if !defined(FIPS_MODULE) -void EVP_MD_CTX_set_pkey_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pctx) -{ - /* - * it's reasonable to set NULL pctx (a.k.a clear the ctx->pctx), so - * we have to deal with the cleanup job here. - */ - if (!EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX)) - EVP_PKEY_CTX_free(ctx->pctx); - - ctx->pctx = pctx; - - if (pctx != NULL) { - /* make sure pctx is not freed when destroying EVP_MD_CTX */ - EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX); - } else { - EVP_MD_CTX_clear_flags(ctx, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX); - } -} -#endif /* !defined(FIPS_MODULE) */ - -void *EVP_MD_CTX_get0_md_data(const EVP_MD_CTX *ctx) -{ - return ctx->md_data; -} - -int (*EVP_MD_CTX_update_fn(EVP_MD_CTX *ctx))(EVP_MD_CTX *ctx, - const void *data, size_t count) -{ - return ctx->update; -} - -void EVP_MD_CTX_set_update_fn(EVP_MD_CTX *ctx, - int (*update) (EVP_MD_CTX *ctx, - const void *data, size_t count)) -{ - ctx->update = update; -} - -void EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx, int flags) -{ - ctx->flags |= flags; -} - -void EVP_MD_CTX_clear_flags(EVP_MD_CTX *ctx, int flags) -{ - ctx->flags &= ~flags; -} - -int EVP_MD_CTX_test_flags(const EVP_MD_CTX *ctx, int flags) -{ - return (ctx->flags & flags); -} - -static int evp_cipher_ctx_enable_use_bits(EVP_CIPHER_CTX *ctx, - unsigned int enable) -{ - OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END }; - - params[0] = OSSL_PARAM_construct_uint(OSSL_CIPHER_PARAM_USE_BITS, &enable); - return EVP_CIPHER_CTX_set_params(ctx, params); -} - -void EVP_CIPHER_CTX_set_flags(EVP_CIPHER_CTX *ctx, int flags) -{ - int oldflags = ctx->flags; - - ctx->flags |= flags; - if (((oldflags ^ ctx->flags) & EVP_CIPH_FLAG_LENGTH_BITS) != 0) - evp_cipher_ctx_enable_use_bits(ctx, 1); -} - -void EVP_CIPHER_CTX_clear_flags(EVP_CIPHER_CTX *ctx, int flags) -{ - int oldflags = ctx->flags; - - ctx->flags &= ~flags; - if (((oldflags ^ ctx->flags) & EVP_CIPH_FLAG_LENGTH_BITS) != 0) - evp_cipher_ctx_enable_use_bits(ctx, 0); -} - -int EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx, int flags) -{ - return (ctx->flags & flags); -} - -#if !defined(FIPS_MODULE) - -int EVP_PKEY_CTX_set_group_name(EVP_PKEY_CTX *ctx, const char *name) -{ - OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END }; - - if (ctx == NULL || !EVP_PKEY_CTX_IS_GEN_OP(ctx)) { - ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED); - /* Uses the same return values as EVP_PKEY_CTX_ctrl */ - return -2; - } - - if (name == NULL) - return -1; - - params[0] = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME, - (char *)name, 0); - return EVP_PKEY_CTX_set_params(ctx, params); -} - -int EVP_PKEY_CTX_get_group_name(EVP_PKEY_CTX *ctx, char *name, size_t namelen) -{ - OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END }; - OSSL_PARAM *p = params; - - if (ctx == NULL || !EVP_PKEY_CTX_IS_GEN_OP(ctx)) { - /* There is no legacy support for this */ - ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED); - /* Uses the same return values as EVP_PKEY_CTX_ctrl */ - return -2; - } - - if (name == NULL) - return -1; - - *p++ = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME, - name, namelen); - if (!EVP_PKEY_CTX_get_params(ctx, params)) - return -1; - return 1; -} - -/* - * evp_pkey_keygen() abstracts from the explicit use of B - * while providing a generic way of generating a new asymmetric key pair - * of algorithm type I (e.g., C or C). - * The library context I and property query I - * are used when fetching algorithms from providers. - * The I specify algorithm-specific parameters - * such as the RSA modulus size or the name of an EC curve. - */ -static EVP_PKEY *evp_pkey_keygen(OSSL_LIB_CTX *libctx, const char *name, - const char *propq, const OSSL_PARAM *params) -{ - EVP_PKEY *pkey = NULL; - EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new_from_name(libctx, name, propq); - - if (ctx != NULL - && EVP_PKEY_keygen_init(ctx) > 0 - && EVP_PKEY_CTX_set_params(ctx, params)) - (void)EVP_PKEY_generate(ctx, &pkey); - - EVP_PKEY_CTX_free(ctx); - return pkey; -} - -EVP_PKEY *EVP_PKEY_Q_keygen(OSSL_LIB_CTX *libctx, const char *propq, - const char *type, ...) -{ - va_list args; - size_t bits; - char *name; - OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END }; - EVP_PKEY *ret = NULL; - - va_start(args, type); - - if (OPENSSL_strcasecmp(type, "RSA") == 0) { - bits = va_arg(args, size_t); - params[0] = OSSL_PARAM_construct_size_t(OSSL_PKEY_PARAM_RSA_BITS, &bits); - } else if (OPENSSL_strcasecmp(type, "EC") == 0) { - name = va_arg(args, char *); - params[0] = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME, - name, 0); - } else if (OPENSSL_strcasecmp(type, "ED25519") != 0 - && OPENSSL_strcasecmp(type, "X25519") != 0 - && OPENSSL_strcasecmp(type, "ED448") != 0 - && OPENSSL_strcasecmp(type, "X448") != 0) { - ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_INVALID_ARGUMENT); - goto end; - } - ret = evp_pkey_keygen(libctx, type, propq, params); - - end: - va_end(args); - return ret; -} - -#endif /* !defined(FIPS_MODULE) */ diff --git a/crypto/evp/evp_local.h b/crypto/evp/evp_local.h deleted file mode 100644 index 3ccfaeb37cd991c54d7bd97bb9f4006f694ce528..0000000000000000000000000000000000000000 --- a/crypto/evp/evp_local.h +++ /dev/null @@ -1,378 +0,0 @@ -/* - * Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/refcount.h" - -#define EVP_CTRL_RET_UNSUPPORTED -1 - - -struct evp_md_ctx_st { - const EVP_MD *reqdigest; /* The original requested digest */ - const EVP_MD *digest; - ENGINE *engine; /* functional reference if 'digest' is - * ENGINE-provided */ - unsigned long flags; - void *md_data; - /* Public key context for sign/verify */ - EVP_PKEY_CTX *pctx; - /* Update function: usually copied from EVP_MD */ - int (*update) (EVP_MD_CTX *ctx, const void *data, size_t count); - - /* - * Opaque ctx returned from a providers digest algorithm implementation - * OSSL_FUNC_digest_newctx() - */ - void *algctx; - EVP_MD *fetched_digest; -} /* EVP_MD_CTX */ ; - -struct evp_cipher_ctx_st { - const EVP_CIPHER *cipher; - ENGINE *engine; /* functional reference if 'cipher' is - * ENGINE-provided */ - int encrypt; /* encrypt or decrypt */ - int buf_len; /* number we have left */ - unsigned char oiv[EVP_MAX_IV_LENGTH]; /* original iv */ - unsigned char iv[EVP_MAX_IV_LENGTH]; /* working iv */ - unsigned char buf[EVP_MAX_BLOCK_LENGTH]; /* saved partial block */ - int num; /* used by cfb/ofb/ctr mode */ - /* FIXME: Should this even exist? It appears unused */ - void *app_data; /* application stuff */ - int key_len; /* May change for variable length cipher */ - int iv_len; /* IV length */ - unsigned long flags; /* Various flags */ - void *cipher_data; /* per EVP data */ - int final_used; - int block_mask; - unsigned char final[EVP_MAX_BLOCK_LENGTH]; /* possible final block */ - - /* - * Opaque ctx returned from a providers cipher algorithm implementation - * OSSL_FUNC_cipher_newctx() - */ - void *algctx; - EVP_CIPHER *fetched_cipher; -} /* EVP_CIPHER_CTX */ ; - -struct evp_mac_ctx_st { - EVP_MAC *meth; /* Method structure */ - /* - * Opaque ctx returned from a providers MAC algorithm implementation - * OSSL_FUNC_mac_newctx() - */ - void *algctx; -} /* EVP_MAC_CTX */; - -struct evp_kdf_ctx_st { - EVP_KDF *meth; /* Method structure */ - /* - * Opaque ctx returned from a providers KDF algorithm implementation - * OSSL_FUNC_kdf_newctx() - */ - void *algctx; -} /* EVP_KDF_CTX */ ; - -struct evp_rand_ctx_st { - EVP_RAND *meth; /* Method structure */ - /* - * Opaque ctx returned from a providers rand algorithm implementation - * OSSL_FUNC_rand_newctx() - */ - void *algctx; - EVP_RAND_CTX *parent; /* Parent EVP_RAND or NULL if none */ - CRYPTO_REF_COUNT refcnt; /* Context reference count */ - CRYPTO_RWLOCK *refcnt_lock; -} /* EVP_RAND_CTX */ ; - -struct evp_keymgmt_st { - int id; /* libcrypto internal */ - - int name_id; - char *type_name; - const char *description; - OSSL_PROVIDER *prov; - CRYPTO_REF_COUNT refcnt; - CRYPTO_RWLOCK *lock; - - /* Constructor(s), destructor, information */ - OSSL_FUNC_keymgmt_new_fn *new; - OSSL_FUNC_keymgmt_free_fn *free; - OSSL_FUNC_keymgmt_get_params_fn *get_params; - OSSL_FUNC_keymgmt_gettable_params_fn *gettable_params; - OSSL_FUNC_keymgmt_set_params_fn *set_params; - OSSL_FUNC_keymgmt_settable_params_fn *settable_params; - - /* Generation, a complex constructor */ - OSSL_FUNC_keymgmt_gen_init_fn *gen_init; - OSSL_FUNC_keymgmt_gen_set_template_fn *gen_set_template; - OSSL_FUNC_keymgmt_gen_set_params_fn *gen_set_params; - OSSL_FUNC_keymgmt_gen_settable_params_fn *gen_settable_params; - OSSL_FUNC_keymgmt_gen_fn *gen; - OSSL_FUNC_keymgmt_gen_cleanup_fn *gen_cleanup; - - OSSL_FUNC_keymgmt_load_fn *load; - - /* Key object checking */ - OSSL_FUNC_keymgmt_query_operation_name_fn *query_operation_name; - OSSL_FUNC_keymgmt_has_fn *has; - OSSL_FUNC_keymgmt_validate_fn *validate; - OSSL_FUNC_keymgmt_match_fn *match; - - /* Import and export routines */ - OSSL_FUNC_keymgmt_import_fn *import; - OSSL_FUNC_keymgmt_import_types_fn *import_types; - OSSL_FUNC_keymgmt_export_fn *export; - OSSL_FUNC_keymgmt_export_types_fn *export_types; - OSSL_FUNC_keymgmt_dup_fn *dup; -} /* EVP_KEYMGMT */ ; - -struct evp_keyexch_st { - int name_id; - char *type_name; - const char *description; - OSSL_PROVIDER *prov; - CRYPTO_REF_COUNT refcnt; - CRYPTO_RWLOCK *lock; - - OSSL_FUNC_keyexch_newctx_fn *newctx; - OSSL_FUNC_keyexch_init_fn *init; - OSSL_FUNC_keyexch_set_peer_fn *set_peer; - OSSL_FUNC_keyexch_derive_fn *derive; - OSSL_FUNC_keyexch_freectx_fn *freectx; - OSSL_FUNC_keyexch_dupctx_fn *dupctx; - OSSL_FUNC_keyexch_set_ctx_params_fn *set_ctx_params; - OSSL_FUNC_keyexch_settable_ctx_params_fn *settable_ctx_params; - OSSL_FUNC_keyexch_get_ctx_params_fn *get_ctx_params; - OSSL_FUNC_keyexch_gettable_ctx_params_fn *gettable_ctx_params; -} /* EVP_KEYEXCH */; - -struct evp_signature_st { - int name_id; - char *type_name; - const char *description; - OSSL_PROVIDER *prov; - CRYPTO_REF_COUNT refcnt; - CRYPTO_RWLOCK *lock; - - OSSL_FUNC_signature_newctx_fn *newctx; - OSSL_FUNC_signature_sign_init_fn *sign_init; - OSSL_FUNC_signature_sign_fn *sign; - OSSL_FUNC_signature_verify_init_fn *verify_init; - OSSL_FUNC_signature_verify_fn *verify; - OSSL_FUNC_signature_verify_recover_init_fn *verify_recover_init; - OSSL_FUNC_signature_verify_recover_fn *verify_recover; - OSSL_FUNC_signature_digest_sign_init_fn *digest_sign_init; - OSSL_FUNC_signature_digest_sign_update_fn *digest_sign_update; - OSSL_FUNC_signature_digest_sign_final_fn *digest_sign_final; - OSSL_FUNC_signature_digest_sign_fn *digest_sign; - OSSL_FUNC_signature_digest_verify_init_fn *digest_verify_init; - OSSL_FUNC_signature_digest_verify_update_fn *digest_verify_update; - OSSL_FUNC_signature_digest_verify_final_fn *digest_verify_final; - OSSL_FUNC_signature_digest_verify_fn *digest_verify; - OSSL_FUNC_signature_freectx_fn *freectx; - OSSL_FUNC_signature_dupctx_fn *dupctx; - OSSL_FUNC_signature_get_ctx_params_fn *get_ctx_params; - OSSL_FUNC_signature_gettable_ctx_params_fn *gettable_ctx_params; - OSSL_FUNC_signature_set_ctx_params_fn *set_ctx_params; - OSSL_FUNC_signature_settable_ctx_params_fn *settable_ctx_params; - OSSL_FUNC_signature_get_ctx_md_params_fn *get_ctx_md_params; - OSSL_FUNC_signature_gettable_ctx_md_params_fn *gettable_ctx_md_params; - OSSL_FUNC_signature_set_ctx_md_params_fn *set_ctx_md_params; - OSSL_FUNC_signature_settable_ctx_md_params_fn *settable_ctx_md_params; -} /* EVP_SIGNATURE */; - -struct evp_asym_cipher_st { - int name_id; - char *type_name; - const char *description; - OSSL_PROVIDER *prov; - CRYPTO_REF_COUNT refcnt; - CRYPTO_RWLOCK *lock; - - OSSL_FUNC_asym_cipher_newctx_fn *newctx; - OSSL_FUNC_asym_cipher_encrypt_init_fn *encrypt_init; - OSSL_FUNC_asym_cipher_encrypt_fn *encrypt; - OSSL_FUNC_asym_cipher_decrypt_init_fn *decrypt_init; - OSSL_FUNC_asym_cipher_decrypt_fn *decrypt; - OSSL_FUNC_asym_cipher_freectx_fn *freectx; - OSSL_FUNC_asym_cipher_dupctx_fn *dupctx; - OSSL_FUNC_asym_cipher_get_ctx_params_fn *get_ctx_params; - OSSL_FUNC_asym_cipher_gettable_ctx_params_fn *gettable_ctx_params; - OSSL_FUNC_asym_cipher_set_ctx_params_fn *set_ctx_params; - OSSL_FUNC_asym_cipher_settable_ctx_params_fn *settable_ctx_params; -} /* EVP_ASYM_CIPHER */; - -struct evp_kem_st { - int name_id; - char *type_name; - const char *description; - OSSL_PROVIDER *prov; - CRYPTO_REF_COUNT refcnt; - CRYPTO_RWLOCK *lock; - - OSSL_FUNC_kem_newctx_fn *newctx; - OSSL_FUNC_kem_encapsulate_init_fn *encapsulate_init; - OSSL_FUNC_kem_encapsulate_fn *encapsulate; - OSSL_FUNC_kem_decapsulate_init_fn *decapsulate_init; - OSSL_FUNC_kem_decapsulate_fn *decapsulate; - OSSL_FUNC_kem_freectx_fn *freectx; - OSSL_FUNC_kem_dupctx_fn *dupctx; - OSSL_FUNC_kem_get_ctx_params_fn *get_ctx_params; - OSSL_FUNC_kem_gettable_ctx_params_fn *gettable_ctx_params; - OSSL_FUNC_kem_set_ctx_params_fn *set_ctx_params; - OSSL_FUNC_kem_settable_ctx_params_fn *settable_ctx_params; -} /* EVP_KEM */; - -int PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, - int passlen, ASN1_TYPE *param, - const EVP_CIPHER *c, const EVP_MD *md, - int en_de); -int PKCS5_v2_PBKDF2_keyivgen_ex(EVP_CIPHER_CTX *ctx, const char *pass, - int passlen, ASN1_TYPE *param, - const EVP_CIPHER *c, const EVP_MD *md, - int en_de, OSSL_LIB_CTX *libctx, const char *propq); - -struct evp_Encode_Ctx_st { - /* number saved in a partial encode/decode */ - int num; - /* - * The length is either the output line length (in input bytes) or the - * shortest input line length that is ok. Once decoding begins, the - * length is adjusted up each time a longer line is decoded - */ - int length; - /* data to encode */ - unsigned char enc_data[80]; - /* number read on current line */ - int line_num; - unsigned int flags; -}; - -typedef struct evp_pbe_st EVP_PBE_CTL; -DEFINE_STACK_OF(EVP_PBE_CTL) - -int ossl_is_partially_overlapping(const void *ptr1, const void *ptr2, int len); - -#include -#include - -void *evp_generic_fetch(OSSL_LIB_CTX *ctx, int operation_id, - const char *name, const char *properties, - void *(*new_method)(int name_id, - const OSSL_ALGORITHM *algodef, - OSSL_PROVIDER *prov), - int (*up_ref_method)(void *), - void (*free_method)(void *)); -void *evp_generic_fetch_by_number(OSSL_LIB_CTX *ctx, int operation_id, - int name_id, const char *properties, - void *(*new_method)(int name_id, - const OSSL_ALGORITHM *algodef, - OSSL_PROVIDER *prov), - int (*up_ref_method)(void *), - void (*free_method)(void *)); -void *evp_generic_fetch_from_prov(OSSL_PROVIDER *prov, int operation_id, - const char *name, const char *properties, - void *(*new_method)(int name_id, - const OSSL_ALGORITHM *algodef, - OSSL_PROVIDER *prov), - int (*up_ref_method)(void *), - void (*free_method)(void *)); -void evp_generic_do_all_prefetched(OSSL_LIB_CTX *libctx, int operation_id, - void (*user_fn)(void *method, void *arg), - void *user_arg); -void evp_generic_do_all(OSSL_LIB_CTX *libctx, int operation_id, - void (*user_fn)(void *method, void *arg), - void *user_arg, - void *(*new_method)(int name_id, - const OSSL_ALGORITHM *algodef, - OSSL_PROVIDER *prov), - int (*up_ref_method)(void *), - void (*free_method)(void *)); - -/* Internal fetchers for method types that are to be combined with others */ -EVP_KEYMGMT *evp_keymgmt_fetch_by_number(OSSL_LIB_CTX *ctx, int name_id, - const char *properties); -EVP_SIGNATURE *evp_signature_fetch_from_prov(OSSL_PROVIDER *prov, - const char *name, - const char *properties); -EVP_ASYM_CIPHER *evp_asym_cipher_fetch_from_prov(OSSL_PROVIDER *prov, - const char *name, - const char *properties); -EVP_KEYEXCH *evp_keyexch_fetch_from_prov(OSSL_PROVIDER *prov, - const char *name, - const char *properties); -EVP_KEM *evp_kem_fetch_from_prov(OSSL_PROVIDER *prov, - const char *name, - const char *properties); - -/* Internal structure constructors for fetched methods */ -EVP_MD *evp_md_new(void); -EVP_CIPHER *evp_cipher_new(void); - -int evp_cipher_get_asn1_aead_params(EVP_CIPHER_CTX *c, ASN1_TYPE *type, - evp_cipher_aead_asn1_params *asn1_params); -int evp_cipher_set_asn1_aead_params(EVP_CIPHER_CTX *c, ASN1_TYPE *type, - evp_cipher_aead_asn1_params *asn1_params); - -/* Helper functions to avoid duplicating code */ - -/* - * These methods implement different ways to pass a params array to the - * provider. They will return one of these values: - * - * -2 if the method doesn't come from a provider - * (evp_do_param will return this to the called) - * -1 if the provider doesn't offer the desired function - * (evp_do_param will raise an error and return 0) - * or the return value from the desired function - * (evp_do_param will return it to the caller) - */ -int evp_do_ciph_getparams(const EVP_CIPHER *ciph, OSSL_PARAM params[]); -int evp_do_ciph_ctx_getparams(const EVP_CIPHER *ciph, void *provctx, - OSSL_PARAM params[]); -int evp_do_ciph_ctx_setparams(const EVP_CIPHER *ciph, void *provctx, - OSSL_PARAM params[]); -int evp_do_md_getparams(const EVP_MD *md, OSSL_PARAM params[]); -int evp_do_md_ctx_getparams(const EVP_MD *md, void *provctx, - OSSL_PARAM params[]); -int evp_do_md_ctx_setparams(const EVP_MD *md, void *provctx, - OSSL_PARAM params[]); - -OSSL_PARAM *evp_pkey_to_param(EVP_PKEY *pkey, size_t *sz); - -#define M_check_autoarg(ctx, arg, arglen, err) \ - if (ctx->pmeth->flags & EVP_PKEY_FLAG_AUTOARGLEN) { \ - size_t pksize = (size_t)EVP_PKEY_get_size(ctx->pkey); \ - \ - if (pksize == 0) { \ - ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_KEY); /*ckerr_ignore*/ \ - return 0; \ - } \ - if (arg == NULL) { \ - *arglen = pksize; \ - return 1; \ - } \ - if (*arglen < pksize) { \ - ERR_raise(ERR_LIB_EVP, EVP_R_BUFFER_TOO_SMALL); /*ckerr_ignore*/ \ - return 0; \ - } \ - } - -void evp_pkey_ctx_free_old_ops(EVP_PKEY_CTX *ctx); -void evp_cipher_free_int(EVP_CIPHER *md); -void evp_md_free_int(EVP_MD *md); - -/* OSSL_PROVIDER * is only used to get the library context */ -int evp_is_a(OSSL_PROVIDER *prov, int number, - const char *legacy_name, const char *name); -int evp_names_do_all(OSSL_PROVIDER *prov, int number, - void (*fn)(const char *name, void *data), - void *data); -int evp_cipher_cache_constants(EVP_CIPHER *cipher); diff --git a/crypto/evp/evp_pbe.c b/crypto/evp/evp_pbe.c deleted file mode 100644 index 5f6720d2c3f320a6d422d26db50bea68a7a63bcd..0000000000000000000000000000000000000000 --- a/crypto/evp/evp_pbe.c +++ /dev/null @@ -1,302 +0,0 @@ -/* - * Copyright 1999-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/cryptlib.h" -#include -#include -#include -#include -#include -#include "crypto/evp.h" -#include "evp_local.h" - -/* Password based encryption (PBE) functions */ - -/* Setup a cipher context from a PBE algorithm */ - -struct evp_pbe_st { - int pbe_type; - int pbe_nid; - int cipher_nid; - int md_nid; - EVP_PBE_KEYGEN *keygen; - EVP_PBE_KEYGEN_EX *keygen_ex; -}; - -static STACK_OF(EVP_PBE_CTL) *pbe_algs; - -static const EVP_PBE_CTL builtin_pbe[] = { - {EVP_PBE_TYPE_OUTER, NID_pbeWithMD2AndDES_CBC, - NID_des_cbc, NID_md2, PKCS5_PBE_keyivgen, PKCS5_PBE_keyivgen_ex}, - {EVP_PBE_TYPE_OUTER, NID_pbeWithMD5AndDES_CBC, - NID_des_cbc, NID_md5, PKCS5_PBE_keyivgen, PKCS5_PBE_keyivgen_ex}, - {EVP_PBE_TYPE_OUTER, NID_pbeWithSHA1AndRC2_CBC, - NID_rc2_64_cbc, NID_sha1, PKCS5_PBE_keyivgen, PKCS5_PBE_keyivgen_ex}, - - {EVP_PBE_TYPE_OUTER, NID_id_pbkdf2, -1, -1, PKCS5_v2_PBKDF2_keyivgen}, - - {EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And128BitRC4, - NID_rc4, NID_sha1, PKCS12_PBE_keyivgen, &PKCS12_PBE_keyivgen_ex}, - {EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And40BitRC4, - NID_rc4_40, NID_sha1, PKCS12_PBE_keyivgen, &PKCS12_PBE_keyivgen_ex}, - {EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And3_Key_TripleDES_CBC, - NID_des_ede3_cbc, NID_sha1, PKCS12_PBE_keyivgen, &PKCS12_PBE_keyivgen_ex}, - {EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And2_Key_TripleDES_CBC, - NID_des_ede_cbc, NID_sha1, PKCS12_PBE_keyivgen, &PKCS12_PBE_keyivgen_ex}, - {EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And128BitRC2_CBC, - NID_rc2_cbc, NID_sha1, PKCS12_PBE_keyivgen, &PKCS12_PBE_keyivgen_ex}, - {EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And40BitRC2_CBC, - NID_rc2_40_cbc, NID_sha1, PKCS12_PBE_keyivgen, &PKCS12_PBE_keyivgen_ex}, - - {EVP_PBE_TYPE_OUTER, NID_pbes2, -1, -1, PKCS5_v2_PBE_keyivgen, &PKCS5_v2_PBE_keyivgen_ex}, - - {EVP_PBE_TYPE_OUTER, NID_pbeWithMD2AndRC2_CBC, - NID_rc2_64_cbc, NID_md2, PKCS5_PBE_keyivgen, PKCS5_PBE_keyivgen_ex}, - {EVP_PBE_TYPE_OUTER, NID_pbeWithMD5AndRC2_CBC, - NID_rc2_64_cbc, NID_md5, PKCS5_PBE_keyivgen, PKCS5_PBE_keyivgen_ex}, - {EVP_PBE_TYPE_OUTER, NID_pbeWithSHA1AndDES_CBC, - NID_des_cbc, NID_sha1, PKCS5_PBE_keyivgen, PKCS5_PBE_keyivgen_ex}, - - {EVP_PBE_TYPE_PRF, NID_hmacWithSHA1, -1, NID_sha1, 0}, - {EVP_PBE_TYPE_PRF, NID_hmac_md5, -1, NID_md5, 0}, - {EVP_PBE_TYPE_PRF, NID_hmac_sha1, -1, NID_sha1, 0}, - {EVP_PBE_TYPE_PRF, NID_hmacWithMD5, -1, NID_md5, 0}, - {EVP_PBE_TYPE_PRF, NID_hmacWithSHA224, -1, NID_sha224, 0}, - {EVP_PBE_TYPE_PRF, NID_hmacWithSHA256, -1, NID_sha256, 0}, - {EVP_PBE_TYPE_PRF, NID_hmacWithSHA384, -1, NID_sha384, 0}, - {EVP_PBE_TYPE_PRF, NID_hmacWithSHA512, -1, NID_sha512, 0}, - {EVP_PBE_TYPE_PRF, NID_id_HMACGostR3411_94, -1, NID_id_GostR3411_94, 0}, - {EVP_PBE_TYPE_PRF, NID_id_tc26_hmac_gost_3411_2012_256, -1, - NID_id_GostR3411_2012_256, 0}, - {EVP_PBE_TYPE_PRF, NID_id_tc26_hmac_gost_3411_2012_512, -1, - NID_id_GostR3411_2012_512, 0}, - {EVP_PBE_TYPE_PRF, NID_hmacWithSHA512_224, -1, NID_sha512_224, 0}, - {EVP_PBE_TYPE_PRF, NID_hmacWithSHA512_256, -1, NID_sha512_256, 0}, - {EVP_PBE_TYPE_KDF, NID_id_pbkdf2, -1, -1, PKCS5_v2_PBKDF2_keyivgen, &PKCS5_v2_PBKDF2_keyivgen_ex}, -#ifndef OPENSSL_NO_SCRYPT - {EVP_PBE_TYPE_KDF, NID_id_scrypt, -1, -1, PKCS5_v2_scrypt_keyivgen, &PKCS5_v2_scrypt_keyivgen_ex} -#endif -}; - - -int EVP_PBE_CipherInit_ex(ASN1_OBJECT *pbe_obj, const char *pass, int passlen, - ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de, - OSSL_LIB_CTX *libctx, const char *propq) -{ - const EVP_CIPHER *cipher = NULL; - EVP_CIPHER *cipher_fetch = NULL; - const EVP_MD *md = NULL; - EVP_MD *md_fetch = NULL; - int ret = 0, cipher_nid, md_nid; - EVP_PBE_KEYGEN_EX *keygen_ex; - EVP_PBE_KEYGEN *keygen; - - if (!EVP_PBE_find_ex(EVP_PBE_TYPE_OUTER, OBJ_obj2nid(pbe_obj), - &cipher_nid, &md_nid, &keygen, &keygen_ex)) { - char obj_tmp[80]; - - if (pbe_obj == NULL) - OPENSSL_strlcpy(obj_tmp, "NULL", sizeof(obj_tmp)); - else - i2t_ASN1_OBJECT(obj_tmp, sizeof(obj_tmp), pbe_obj); - ERR_raise_data(ERR_LIB_EVP, EVP_R_UNKNOWN_PBE_ALGORITHM, - "TYPE=%s", obj_tmp); - goto err; - } - - if (pass == NULL) - passlen = 0; - else if (passlen == -1) - passlen = strlen(pass); - - if (cipher_nid != -1) { - (void)ERR_set_mark(); - cipher = cipher_fetch = EVP_CIPHER_fetch(libctx, OBJ_nid2sn(cipher_nid), propq); - /* Fallback to legacy method */ - if (cipher == NULL) - cipher = EVP_get_cipherbynid(cipher_nid); - if (cipher == NULL) { - (void)ERR_clear_last_mark(); - ERR_raise_data(ERR_LIB_EVP, EVP_R_UNKNOWN_CIPHER, - OBJ_nid2sn(cipher_nid)); - goto err; - } - (void)ERR_pop_to_mark(); - } - - if (md_nid != -1) { - (void)ERR_set_mark(); - md = md_fetch = EVP_MD_fetch(libctx, OBJ_nid2sn(md_nid), propq); - /* Fallback to legacy method */ - if (md == NULL) - EVP_get_digestbynid(md_nid); - - if (md == NULL) { - (void)ERR_clear_last_mark(); - ERR_raise(ERR_LIB_EVP, EVP_R_UNKNOWN_DIGEST); - goto err; - } - (void)ERR_pop_to_mark(); - } - - /* Try extended keygen with libctx/propq first, fall back to legacy keygen */ - if (keygen_ex != NULL) - ret = keygen_ex(ctx, pass, passlen, param, cipher, md, en_de, libctx, propq); - else - ret = keygen(ctx, pass, passlen, param, cipher, md, en_de); - -err: - EVP_CIPHER_free(cipher_fetch); - EVP_MD_free(md_fetch); - - return ret; -} - -int EVP_PBE_CipherInit(ASN1_OBJECT *pbe_obj, const char *pass, int passlen, - ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de) -{ - return EVP_PBE_CipherInit_ex(pbe_obj, pass, passlen, param, ctx, en_de, NULL, NULL); -} - -DECLARE_OBJ_BSEARCH_CMP_FN(EVP_PBE_CTL, EVP_PBE_CTL, pbe2); - -static int pbe2_cmp(const EVP_PBE_CTL *pbe1, const EVP_PBE_CTL *pbe2) -{ - int ret = pbe1->pbe_type - pbe2->pbe_type; - if (ret) - return ret; - else - return pbe1->pbe_nid - pbe2->pbe_nid; -} - -IMPLEMENT_OBJ_BSEARCH_CMP_FN(EVP_PBE_CTL, EVP_PBE_CTL, pbe2); - -static int pbe_cmp(const EVP_PBE_CTL *const *a, const EVP_PBE_CTL *const *b) -{ - int ret = (*a)->pbe_type - (*b)->pbe_type; - if (ret) - return ret; - else - return (*a)->pbe_nid - (*b)->pbe_nid; -} - -/* Add a PBE algorithm */ - -int EVP_PBE_alg_add_type(int pbe_type, int pbe_nid, int cipher_nid, - int md_nid, EVP_PBE_KEYGEN *keygen) -{ - EVP_PBE_CTL *pbe_tmp; - - if (pbe_algs == NULL) { - pbe_algs = sk_EVP_PBE_CTL_new(pbe_cmp); - if (pbe_algs == NULL) - goto err; - } - - if ((pbe_tmp = OPENSSL_zalloc(sizeof(*pbe_tmp))) == NULL) - goto err; - - pbe_tmp->pbe_type = pbe_type; - pbe_tmp->pbe_nid = pbe_nid; - pbe_tmp->cipher_nid = cipher_nid; - pbe_tmp->md_nid = md_nid; - pbe_tmp->keygen = keygen; - - if (!sk_EVP_PBE_CTL_push(pbe_algs, pbe_tmp)) { - OPENSSL_free(pbe_tmp); - goto err; - } - return 1; - - err: - ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE); - return 0; -} - -int EVP_PBE_alg_add(int nid, const EVP_CIPHER *cipher, const EVP_MD *md, - EVP_PBE_KEYGEN *keygen) -{ - int cipher_nid, md_nid; - - if (cipher) - cipher_nid = EVP_CIPHER_get_nid(cipher); - else - cipher_nid = -1; - if (md) - md_nid = EVP_MD_get_type(md); - else - md_nid = -1; - - return EVP_PBE_alg_add_type(EVP_PBE_TYPE_OUTER, nid, - cipher_nid, md_nid, keygen); -} - -int EVP_PBE_find_ex(int type, int pbe_nid, int *pcnid, int *pmnid, - EVP_PBE_KEYGEN **pkeygen, EVP_PBE_KEYGEN_EX **pkeygen_ex) -{ - EVP_PBE_CTL *pbetmp = NULL, pbelu; - int i; - if (pbe_nid == NID_undef) - return 0; - - pbelu.pbe_type = type; - pbelu.pbe_nid = pbe_nid; - - if (pbe_algs != NULL) { - i = sk_EVP_PBE_CTL_find(pbe_algs, &pbelu); - pbetmp = sk_EVP_PBE_CTL_value(pbe_algs, i); - } - if (pbetmp == NULL) { - pbetmp = OBJ_bsearch_pbe2(&pbelu, builtin_pbe, OSSL_NELEM(builtin_pbe)); - } - if (pbetmp == NULL) - return 0; - if (pcnid != NULL) - *pcnid = pbetmp->cipher_nid; - if (pmnid != NULL) - *pmnid = pbetmp->md_nid; - if (pkeygen != NULL) - *pkeygen = pbetmp->keygen; - if (pkeygen_ex != NULL) - *pkeygen_ex = pbetmp->keygen_ex; - return 1; -} - -int EVP_PBE_find(int type, int pbe_nid, - int *pcnid, int *pmnid, EVP_PBE_KEYGEN **pkeygen) -{ - return EVP_PBE_find_ex(type, pbe_nid, pcnid, pmnid, pkeygen, NULL); -} - -static void free_evp_pbe_ctl(EVP_PBE_CTL *pbe) -{ - OPENSSL_free(pbe); -} - -void EVP_PBE_cleanup(void) -{ - sk_EVP_PBE_CTL_pop_free(pbe_algs, free_evp_pbe_ctl); - pbe_algs = NULL; -} - -int EVP_PBE_get(int *ptype, int *ppbe_nid, size_t num) -{ - const EVP_PBE_CTL *tpbe; - - if (num >= OSSL_NELEM(builtin_pbe)) - return 0; - - tpbe = builtin_pbe + num; - if (ptype) - *ptype = tpbe->pbe_type; - if (ppbe_nid) - *ppbe_nid = tpbe->pbe_nid; - return 1; -} diff --git a/crypto/evp/evp_pkey.c b/crypto/evp/evp_pkey.c deleted file mode 100644 index 8f3f1503756c09fdae33b43421111a4d0c4bf44b..0000000000000000000000000000000000000000 --- a/crypto/evp/evp_pkey.c +++ /dev/null @@ -1,246 +0,0 @@ -/* - * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include "internal/cryptlib.h" -#include -#include -#include -#include -#include "internal/provider.h" -#include "crypto/asn1.h" -#include "crypto/evp.h" -#include "crypto/x509.h" - -/* Extract a private key from a PKCS8 structure */ - -EVP_PKEY *evp_pkcs82pkey_legacy(const PKCS8_PRIV_KEY_INFO *p8, OSSL_LIB_CTX *libctx, - const char *propq) -{ - EVP_PKEY *pkey = NULL; - const ASN1_OBJECT *algoid; - char obj_tmp[80]; - - if (!PKCS8_pkey_get0(&algoid, NULL, NULL, NULL, p8)) - return NULL; - - if ((pkey = EVP_PKEY_new()) == NULL) { - ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE); - return NULL; - } - - if (!EVP_PKEY_set_type(pkey, OBJ_obj2nid(algoid))) { - i2t_ASN1_OBJECT(obj_tmp, 80, algoid); - ERR_raise_data(ERR_LIB_EVP, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM, - "TYPE=%s", obj_tmp); - goto error; - } - - if (pkey->ameth->priv_decode_ex != NULL) { - if (!pkey->ameth->priv_decode_ex(pkey, p8, libctx, propq)) - goto error; - } else if (pkey->ameth->priv_decode != NULL) { - if (!pkey->ameth->priv_decode(pkey, p8)) { - ERR_raise(ERR_LIB_EVP, EVP_R_PRIVATE_KEY_DECODE_ERROR); - goto error; - } - } else { - ERR_raise(ERR_LIB_EVP, EVP_R_METHOD_NOT_SUPPORTED); - goto error; - } - - return pkey; - - error: - EVP_PKEY_free(pkey); - return NULL; -} - -EVP_PKEY *EVP_PKCS82PKEY_ex(const PKCS8_PRIV_KEY_INFO *p8, OSSL_LIB_CTX *libctx, - const char *propq) -{ - EVP_PKEY *pkey = NULL; - const unsigned char *p8_data = NULL; - unsigned char *encoded_data = NULL; - int encoded_len; - int selection; - size_t len; - OSSL_DECODER_CTX *dctx = NULL; - - if ((encoded_len = i2d_PKCS8_PRIV_KEY_INFO(p8, &encoded_data)) <= 0 - || encoded_data == NULL) - return NULL; - - p8_data = encoded_data; - len = encoded_len; - selection = EVP_PKEY_KEYPAIR | EVP_PKEY_KEY_PARAMETERS; - dctx = OSSL_DECODER_CTX_new_for_pkey(&pkey, "DER", "PrivateKeyInfo", - NULL, selection, libctx, propq); - if (dctx == NULL - || !OSSL_DECODER_from_data(dctx, &p8_data, &len)) - /* try legacy */ - pkey = evp_pkcs82pkey_legacy(p8, libctx, propq); - - OPENSSL_clear_free(encoded_data, encoded_len); - OSSL_DECODER_CTX_free(dctx); - return pkey; -} - -EVP_PKEY *EVP_PKCS82PKEY(const PKCS8_PRIV_KEY_INFO *p8) -{ - return EVP_PKCS82PKEY_ex(p8, NULL, NULL); -} - -/* Turn a private key into a PKCS8 structure */ - -PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(const EVP_PKEY *pkey) -{ - PKCS8_PRIV_KEY_INFO *p8 = NULL; - OSSL_ENCODER_CTX *ctx = NULL; - - /* - * The implementation for provider-native keys is to encode the - * key to a DER encoded PKCS#8 structure, then convert it to a - * PKCS8_PRIV_KEY_INFO with good old d2i functions. - */ - if (evp_pkey_is_provided(pkey)) { - int selection = OSSL_KEYMGMT_SELECT_ALL; - unsigned char *der = NULL; - size_t derlen = 0; - const unsigned char *pp; - - if ((ctx = OSSL_ENCODER_CTX_new_for_pkey(pkey, selection, - "DER", "PrivateKeyInfo", - NULL)) == NULL - || !OSSL_ENCODER_to_data(ctx, &der, &derlen)) - goto error; - - pp = der; - p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, &pp, (long)derlen); - OPENSSL_free(der); - if (p8 == NULL) - goto error; - } else { - p8 = PKCS8_PRIV_KEY_INFO_new(); - if (p8 == NULL) { - ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE); - return NULL; - } - - if (pkey->ameth != NULL) { - if (pkey->ameth->priv_encode != NULL) { - if (!pkey->ameth->priv_encode(p8, pkey)) { - ERR_raise(ERR_LIB_EVP, EVP_R_PRIVATE_KEY_ENCODE_ERROR); - goto error; - } - } else { - ERR_raise(ERR_LIB_EVP, EVP_R_METHOD_NOT_SUPPORTED); - goto error; - } - } else { - ERR_raise(ERR_LIB_EVP, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM); - goto error; - } - } - goto end; - error: - PKCS8_PRIV_KEY_INFO_free(p8); - p8 = NULL; - end: - OSSL_ENCODER_CTX_free(ctx); - return p8; - -} - -/* EVP_PKEY attribute functions */ - -int EVP_PKEY_get_attr_count(const EVP_PKEY *key) -{ - return X509at_get_attr_count(key->attributes); -} - -int EVP_PKEY_get_attr_by_NID(const EVP_PKEY *key, int nid, int lastpos) -{ - return X509at_get_attr_by_NID(key->attributes, nid, lastpos); -} - -int EVP_PKEY_get_attr_by_OBJ(const EVP_PKEY *key, const ASN1_OBJECT *obj, - int lastpos) -{ - return X509at_get_attr_by_OBJ(key->attributes, obj, lastpos); -} - -X509_ATTRIBUTE *EVP_PKEY_get_attr(const EVP_PKEY *key, int loc) -{ - return X509at_get_attr(key->attributes, loc); -} - -X509_ATTRIBUTE *EVP_PKEY_delete_attr(EVP_PKEY *key, int loc) -{ - return X509at_delete_attr(key->attributes, loc); -} - -int EVP_PKEY_add1_attr(EVP_PKEY *key, X509_ATTRIBUTE *attr) -{ - if (X509at_add1_attr(&key->attributes, attr)) - return 1; - return 0; -} - -int EVP_PKEY_add1_attr_by_OBJ(EVP_PKEY *key, - const ASN1_OBJECT *obj, int type, - const unsigned char *bytes, int len) -{ - if (X509at_add1_attr_by_OBJ(&key->attributes, obj, type, bytes, len)) - return 1; - return 0; -} - -int EVP_PKEY_add1_attr_by_NID(EVP_PKEY *key, - int nid, int type, - const unsigned char *bytes, int len) -{ - if (X509at_add1_attr_by_NID(&key->attributes, nid, type, bytes, len)) - return 1; - return 0; -} - -int EVP_PKEY_add1_attr_by_txt(EVP_PKEY *key, - const char *attrname, int type, - const unsigned char *bytes, int len) -{ - if (X509at_add1_attr_by_txt(&key->attributes, attrname, type, bytes, len)) - return 1; - return 0; -} - -const char *EVP_PKEY_get0_type_name(const EVP_PKEY *key) -{ - const EVP_PKEY_ASN1_METHOD *ameth; - const char *name = NULL; - - if (key->keymgmt != NULL) - return EVP_KEYMGMT_get0_name(key->keymgmt); - - /* Otherwise fallback to legacy */ - ameth = EVP_PKEY_get0_asn1(key); - if (ameth != NULL) - EVP_PKEY_asn1_get0_info(NULL, NULL, - NULL, NULL, &name, ameth); - - return name; -} - -const OSSL_PROVIDER *EVP_PKEY_get0_provider(const EVP_PKEY *key) -{ - if (evp_pkey_is_provided(key)) - return EVP_KEYMGMT_get0_provider(key->keymgmt); - return NULL; -} diff --git a/crypto/evp/evp_rand.c b/crypto/evp/evp_rand.c deleted file mode 100644 index c36dbdc56c775367ce50f2a47f0fc0fd989ed2f8..0000000000000000000000000000000000000000 --- a/crypto/evp/evp_rand.c +++ /dev/null @@ -1,682 +0,0 @@ -/* - * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include -#include -#include -#include -#include "internal/cryptlib.h" -#include "internal/numbers.h" -#include "internal/provider.h" -#include "internal/core.h" -#include "crypto/evp.h" -#include "evp_local.h" - -struct evp_rand_st { - OSSL_PROVIDER *prov; - int name_id; - char *type_name; - const char *description; - CRYPTO_REF_COUNT refcnt; - CRYPTO_RWLOCK *refcnt_lock; - - const OSSL_DISPATCH *dispatch; - OSSL_FUNC_rand_newctx_fn *newctx; - OSSL_FUNC_rand_freectx_fn *freectx; - OSSL_FUNC_rand_instantiate_fn *instantiate; - OSSL_FUNC_rand_uninstantiate_fn *uninstantiate; - OSSL_FUNC_rand_generate_fn *generate; - OSSL_FUNC_rand_reseed_fn *reseed; - OSSL_FUNC_rand_nonce_fn *nonce; - OSSL_FUNC_rand_enable_locking_fn *enable_locking; - OSSL_FUNC_rand_lock_fn *lock; - OSSL_FUNC_rand_unlock_fn *unlock; - OSSL_FUNC_rand_gettable_params_fn *gettable_params; - OSSL_FUNC_rand_gettable_ctx_params_fn *gettable_ctx_params; - OSSL_FUNC_rand_settable_ctx_params_fn *settable_ctx_params; - OSSL_FUNC_rand_get_params_fn *get_params; - OSSL_FUNC_rand_get_ctx_params_fn *get_ctx_params; - OSSL_FUNC_rand_set_ctx_params_fn *set_ctx_params; - OSSL_FUNC_rand_verify_zeroization_fn *verify_zeroization; -} /* EVP_RAND */ ; - -static int evp_rand_up_ref(void *vrand) -{ - EVP_RAND *rand = (EVP_RAND *)vrand; - int ref = 0; - - if (rand != NULL) - return CRYPTO_UP_REF(&rand->refcnt, &ref, rand->refcnt_lock); - return 1; -} - -static void evp_rand_free(void *vrand) -{ - EVP_RAND *rand = (EVP_RAND *)vrand; - int ref = 0; - - if (rand == NULL) - return; - CRYPTO_DOWN_REF(&rand->refcnt, &ref, rand->refcnt_lock); - if (ref > 0) - return; - OPENSSL_free(rand->type_name); - ossl_provider_free(rand->prov); - CRYPTO_THREAD_lock_free(rand->refcnt_lock); - OPENSSL_free(rand); -} - -static void *evp_rand_new(void) -{ - EVP_RAND *rand = OPENSSL_zalloc(sizeof(*rand)); - - if (rand == NULL - || (rand->refcnt_lock = CRYPTO_THREAD_lock_new()) == NULL) { - OPENSSL_free(rand); - return NULL; - } - rand->refcnt = 1; - return rand; -} - -/* Enable locking of the underlying DRBG/RAND if available */ -int EVP_RAND_enable_locking(EVP_RAND_CTX *rand) -{ - if (rand->meth->enable_locking != NULL) - return rand->meth->enable_locking(rand->algctx); - ERR_raise(ERR_LIB_EVP, EVP_R_LOCKING_NOT_SUPPORTED); - return 0; -} - -/* Lock the underlying DRBG/RAND if available */ -static int evp_rand_lock(EVP_RAND_CTX *rand) -{ - if (rand->meth->lock != NULL) - return rand->meth->lock(rand->algctx); - return 1; -} - -/* Unlock the underlying DRBG/RAND if available */ -static void evp_rand_unlock(EVP_RAND_CTX *rand) -{ - if (rand->meth->unlock != NULL) - rand->meth->unlock(rand->algctx); -} - -static void *evp_rand_from_algorithm(int name_id, - const OSSL_ALGORITHM *algodef, - OSSL_PROVIDER *prov) -{ - const OSSL_DISPATCH *fns = algodef->implementation; - EVP_RAND *rand = NULL; - int fnrandcnt = 0, fnctxcnt = 0, fnlockcnt = 0, fnenablelockcnt = 0; -#ifdef FIPS_MODULE - int fnzeroizecnt = 0; -#endif - - if ((rand = evp_rand_new()) == NULL) { - ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE); - return NULL; - } - rand->name_id = name_id; - if ((rand->type_name = ossl_algorithm_get1_first_name(algodef)) == NULL) { - evp_rand_free(rand); - return NULL; - } - rand->description = algodef->algorithm_description; - rand->dispatch = fns; - for (; fns->function_id != 0; fns++) { - switch (fns->function_id) { - case OSSL_FUNC_RAND_NEWCTX: - if (rand->newctx != NULL) - break; - rand->newctx = OSSL_FUNC_rand_newctx(fns); - fnctxcnt++; - break; - case OSSL_FUNC_RAND_FREECTX: - if (rand->freectx != NULL) - break; - rand->freectx = OSSL_FUNC_rand_freectx(fns); - fnctxcnt++; - break; - case OSSL_FUNC_RAND_INSTANTIATE: - if (rand->instantiate != NULL) - break; - rand->instantiate = OSSL_FUNC_rand_instantiate(fns); - fnrandcnt++; - break; - case OSSL_FUNC_RAND_UNINSTANTIATE: - if (rand->uninstantiate != NULL) - break; - rand->uninstantiate = OSSL_FUNC_rand_uninstantiate(fns); - fnrandcnt++; - break; - case OSSL_FUNC_RAND_GENERATE: - if (rand->generate != NULL) - break; - rand->generate = OSSL_FUNC_rand_generate(fns); - fnrandcnt++; - break; - case OSSL_FUNC_RAND_RESEED: - if (rand->reseed != NULL) - break; - rand->reseed = OSSL_FUNC_rand_reseed(fns); - break; - case OSSL_FUNC_RAND_NONCE: - if (rand->nonce != NULL) - break; - rand->nonce = OSSL_FUNC_rand_nonce(fns); - break; - case OSSL_FUNC_RAND_ENABLE_LOCKING: - if (rand->enable_locking != NULL) - break; - rand->enable_locking = OSSL_FUNC_rand_enable_locking(fns); - fnenablelockcnt++; - break; - case OSSL_FUNC_RAND_LOCK: - if (rand->lock != NULL) - break; - rand->lock = OSSL_FUNC_rand_lock(fns); - fnlockcnt++; - break; - case OSSL_FUNC_RAND_UNLOCK: - if (rand->unlock != NULL) - break; - rand->unlock = OSSL_FUNC_rand_unlock(fns); - fnlockcnt++; - break; - case OSSL_FUNC_RAND_GETTABLE_PARAMS: - if (rand->gettable_params != NULL) - break; - rand->gettable_params = - OSSL_FUNC_rand_gettable_params(fns); - break; - case OSSL_FUNC_RAND_GETTABLE_CTX_PARAMS: - if (rand->gettable_ctx_params != NULL) - break; - rand->gettable_ctx_params = - OSSL_FUNC_rand_gettable_ctx_params(fns); - break; - case OSSL_FUNC_RAND_SETTABLE_CTX_PARAMS: - if (rand->settable_ctx_params != NULL) - break; - rand->settable_ctx_params = - OSSL_FUNC_rand_settable_ctx_params(fns); - break; - case OSSL_FUNC_RAND_GET_PARAMS: - if (rand->get_params != NULL) - break; - rand->get_params = OSSL_FUNC_rand_get_params(fns); - break; - case OSSL_FUNC_RAND_GET_CTX_PARAMS: - if (rand->get_ctx_params != NULL) - break; - rand->get_ctx_params = OSSL_FUNC_rand_get_ctx_params(fns); - fnctxcnt++; - break; - case OSSL_FUNC_RAND_SET_CTX_PARAMS: - if (rand->set_ctx_params != NULL) - break; - rand->set_ctx_params = OSSL_FUNC_rand_set_ctx_params(fns); - break; - case OSSL_FUNC_RAND_VERIFY_ZEROIZATION: - if (rand->verify_zeroization != NULL) - break; - rand->verify_zeroization = OSSL_FUNC_rand_verify_zeroization(fns); -#ifdef FIPS_MODULE - fnzeroizecnt++; -#endif - break; - } - } - /* - * In order to be a consistent set of functions we must have at least - * a complete set of "rand" functions and a complete set of context - * management functions. In FIPS mode, we also require the zeroization - * verification function. - * - * In addition, if locking can be enabled, we need a complete set of - * locking functions. - */ - if (fnrandcnt != 3 - || fnctxcnt != 3 - || (fnenablelockcnt != 0 && fnenablelockcnt != 1) - || (fnlockcnt != 0 && fnlockcnt != 2) -#ifdef FIPS_MODULE - || fnzeroizecnt != 1 -#endif - ) { - evp_rand_free(rand); - ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS); - return NULL; - } - - if (prov != NULL && !ossl_provider_up_ref(prov)) { - evp_rand_free(rand); - ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR); - return NULL; - } - rand->prov = prov; - - return rand; -} - -EVP_RAND *EVP_RAND_fetch(OSSL_LIB_CTX *libctx, const char *algorithm, - const char *properties) -{ - return evp_generic_fetch(libctx, OSSL_OP_RAND, algorithm, properties, - evp_rand_from_algorithm, evp_rand_up_ref, - evp_rand_free); -} - -int EVP_RAND_up_ref(EVP_RAND *rand) -{ - return evp_rand_up_ref(rand); -} - -void EVP_RAND_free(EVP_RAND *rand) -{ - evp_rand_free(rand); -} - -int evp_rand_get_number(const EVP_RAND *rand) -{ - return rand->name_id; -} - -const char *EVP_RAND_get0_name(const EVP_RAND *rand) -{ - return rand->type_name; -} - -const char *EVP_RAND_get0_description(const EVP_RAND *rand) -{ - return rand->description; -} - -int EVP_RAND_is_a(const EVP_RAND *rand, const char *name) -{ - return rand != NULL && evp_is_a(rand->prov, rand->name_id, NULL, name); -} - -const OSSL_PROVIDER *EVP_RAND_get0_provider(const EVP_RAND *rand) -{ - return rand->prov; -} - -int EVP_RAND_get_params(EVP_RAND *rand, OSSL_PARAM params[]) -{ - if (rand->get_params != NULL) - return rand->get_params(params); - return 1; -} - -static int evp_rand_ctx_up_ref(EVP_RAND_CTX *ctx) -{ - int ref = 0; - - return CRYPTO_UP_REF(&ctx->refcnt, &ref, ctx->refcnt_lock); -} - -EVP_RAND_CTX *EVP_RAND_CTX_new(EVP_RAND *rand, EVP_RAND_CTX *parent) -{ - EVP_RAND_CTX *ctx; - void *parent_ctx = NULL; - const OSSL_DISPATCH *parent_dispatch = NULL; - - if (rand == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_NULL_ALGORITHM); - return NULL; - } - - ctx = OPENSSL_zalloc(sizeof(*ctx)); - if (ctx == NULL || (ctx->refcnt_lock = CRYPTO_THREAD_lock_new()) == NULL) { - OPENSSL_free(ctx); - ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE); - return NULL; - } - if (parent != NULL) { - if (!evp_rand_ctx_up_ref(parent)) { - ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR); - CRYPTO_THREAD_lock_free(ctx->refcnt_lock); - OPENSSL_free(ctx); - return NULL; - } - parent_ctx = parent->algctx; - parent_dispatch = parent->meth->dispatch; - } - if ((ctx->algctx = rand->newctx(ossl_provider_ctx(rand->prov), parent_ctx, - parent_dispatch)) == NULL - || !EVP_RAND_up_ref(rand)) { - ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE); - rand->freectx(ctx->algctx); - CRYPTO_THREAD_lock_free(ctx->refcnt_lock); - OPENSSL_free(ctx); - EVP_RAND_CTX_free(parent); - return NULL; - } - ctx->meth = rand; - ctx->parent = parent; - ctx->refcnt = 1; - return ctx; -} - -void EVP_RAND_CTX_free(EVP_RAND_CTX *ctx) -{ - int ref = 0; - EVP_RAND_CTX *parent; - - if (ctx == NULL) - return; - - CRYPTO_DOWN_REF(&ctx->refcnt, &ref, ctx->refcnt_lock); - if (ref > 0) - return; - parent = ctx->parent; - ctx->meth->freectx(ctx->algctx); - ctx->algctx = NULL; - EVP_RAND_free(ctx->meth); - CRYPTO_THREAD_lock_free(ctx->refcnt_lock); - OPENSSL_free(ctx); - EVP_RAND_CTX_free(parent); -} - -EVP_RAND *EVP_RAND_CTX_get0_rand(EVP_RAND_CTX *ctx) -{ - return ctx->meth; -} - -static int evp_rand_get_ctx_params_locked(EVP_RAND_CTX *ctx, - OSSL_PARAM params[]) -{ - return ctx->meth->get_ctx_params(ctx->algctx, params); -} - -int EVP_RAND_CTX_get_params(EVP_RAND_CTX *ctx, OSSL_PARAM params[]) -{ - int res; - - if (!evp_rand_lock(ctx)) - return 0; - res = evp_rand_get_ctx_params_locked(ctx, params); - evp_rand_unlock(ctx); - return res; -} - -static int evp_rand_set_ctx_params_locked(EVP_RAND_CTX *ctx, - const OSSL_PARAM params[]) -{ - if (ctx->meth->set_ctx_params != NULL) - return ctx->meth->set_ctx_params(ctx->algctx, params); - return 1; -} - -int EVP_RAND_CTX_set_params(EVP_RAND_CTX *ctx, const OSSL_PARAM params[]) -{ - int res; - - if (!evp_rand_lock(ctx)) - return 0; - res = evp_rand_set_ctx_params_locked(ctx, params); - evp_rand_unlock(ctx); - return res; -} - -const OSSL_PARAM *EVP_RAND_gettable_params(const EVP_RAND *rand) -{ - if (rand->gettable_params == NULL) - return NULL; - return rand->gettable_params(ossl_provider_ctx(EVP_RAND_get0_provider(rand))); -} - -const OSSL_PARAM *EVP_RAND_gettable_ctx_params(const EVP_RAND *rand) -{ - void *provctx; - - if (rand->gettable_ctx_params == NULL) - return NULL; - provctx = ossl_provider_ctx(EVP_RAND_get0_provider(rand)); - return rand->gettable_ctx_params(NULL, provctx); -} - -const OSSL_PARAM *EVP_RAND_settable_ctx_params(const EVP_RAND *rand) -{ - void *provctx; - - if (rand->settable_ctx_params == NULL) - return NULL; - provctx = ossl_provider_ctx(EVP_RAND_get0_provider(rand)); - return rand->settable_ctx_params(NULL, provctx); -} - -const OSSL_PARAM *EVP_RAND_CTX_gettable_params(EVP_RAND_CTX *ctx) -{ - void *provctx; - - if (ctx->meth->gettable_ctx_params == NULL) - return NULL; - provctx = ossl_provider_ctx(EVP_RAND_get0_provider(ctx->meth)); - return ctx->meth->gettable_ctx_params(ctx->algctx, provctx); -} - -const OSSL_PARAM *EVP_RAND_CTX_settable_params(EVP_RAND_CTX *ctx) -{ - void *provctx; - - if (ctx->meth->settable_ctx_params == NULL) - return NULL; - provctx = ossl_provider_ctx(EVP_RAND_get0_provider(ctx->meth)); - return ctx->meth->settable_ctx_params(ctx->algctx, provctx); -} - -void EVP_RAND_do_all_provided(OSSL_LIB_CTX *libctx, - void (*fn)(EVP_RAND *rand, void *arg), - void *arg) -{ - evp_generic_do_all(libctx, OSSL_OP_RAND, - (void (*)(void *, void *))fn, arg, - evp_rand_from_algorithm, evp_rand_up_ref, - evp_rand_free); -} - -int EVP_RAND_names_do_all(const EVP_RAND *rand, - void (*fn)(const char *name, void *data), - void *data) -{ - if (rand->prov != NULL) - return evp_names_do_all(rand->prov, rand->name_id, fn, data); - - return 1; -} - -static int evp_rand_instantiate_locked - (EVP_RAND_CTX *ctx, unsigned int strength, int prediction_resistance, - const unsigned char *pstr, size_t pstr_len, const OSSL_PARAM params[]) -{ - return ctx->meth->instantiate(ctx->algctx, strength, prediction_resistance, - pstr, pstr_len, params); -} - -int EVP_RAND_instantiate(EVP_RAND_CTX *ctx, unsigned int strength, - int prediction_resistance, - const unsigned char *pstr, size_t pstr_len, - const OSSL_PARAM params[]) -{ - int res; - - if (!evp_rand_lock(ctx)) - return 0; - res = evp_rand_instantiate_locked(ctx, strength, prediction_resistance, - pstr, pstr_len, params); - evp_rand_unlock(ctx); - return res; -} - -static int evp_rand_uninstantiate_locked(EVP_RAND_CTX *ctx) -{ - return ctx->meth->uninstantiate(ctx->algctx); -} - -int EVP_RAND_uninstantiate(EVP_RAND_CTX *ctx) -{ - int res; - - if (!evp_rand_lock(ctx)) - return 0; - res = evp_rand_uninstantiate_locked(ctx); - evp_rand_unlock(ctx); - return res; -} - -static int evp_rand_generate_locked(EVP_RAND_CTX *ctx, unsigned char *out, - size_t outlen, unsigned int strength, - int prediction_resistance, - const unsigned char *addin, - size_t addin_len) -{ - size_t chunk, max_request = 0; - OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; - - params[0] = OSSL_PARAM_construct_size_t(OSSL_RAND_PARAM_MAX_REQUEST, - &max_request); - if (!evp_rand_get_ctx_params_locked(ctx, params) - || max_request == 0) { - ERR_raise(ERR_LIB_EVP, EVP_R_UNABLE_TO_GET_MAXIMUM_REQUEST_SIZE); - return 0; - } - for (; outlen > 0; outlen -= chunk, out += chunk) { - chunk = outlen > max_request ? max_request : outlen; - if (!ctx->meth->generate(ctx->algctx, out, chunk, strength, - prediction_resistance, addin, addin_len)) { - ERR_raise(ERR_LIB_EVP, EVP_R_GENERATE_ERROR); - return 0; - } - /* - * Prediction resistance is only relevant the first time around, - * subsequently, the DRBG has already been properly reseeded. - */ - prediction_resistance = 0; - } - return 1; -} - -int EVP_RAND_generate(EVP_RAND_CTX *ctx, unsigned char *out, size_t outlen, - unsigned int strength, int prediction_resistance, - const unsigned char *addin, size_t addin_len) -{ - int res; - - if (!evp_rand_lock(ctx)) - return 0; - res = evp_rand_generate_locked(ctx, out, outlen, strength, - prediction_resistance, addin, addin_len); - evp_rand_unlock(ctx); - return res; -} - -static int evp_rand_reseed_locked(EVP_RAND_CTX *ctx, int prediction_resistance, - const unsigned char *ent, size_t ent_len, - const unsigned char *addin, size_t addin_len) -{ - if (ctx->meth->reseed != NULL) - return ctx->meth->reseed(ctx->algctx, prediction_resistance, - ent, ent_len, addin, addin_len); - return 1; -} - -int EVP_RAND_reseed(EVP_RAND_CTX *ctx, int prediction_resistance, - const unsigned char *ent, size_t ent_len, - const unsigned char *addin, size_t addin_len) -{ - int res; - - if (!evp_rand_lock(ctx)) - return 0; - res = evp_rand_reseed_locked(ctx, prediction_resistance, - ent, ent_len, addin, addin_len); - evp_rand_unlock(ctx); - return res; -} - -static unsigned int evp_rand_strength_locked(EVP_RAND_CTX *ctx) -{ - OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; - unsigned int strength = 0; - - params[0] = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_STRENGTH, &strength); - if (!evp_rand_get_ctx_params_locked(ctx, params)) - return 0; - return strength; -} - -unsigned int EVP_RAND_get_strength(EVP_RAND_CTX *ctx) -{ - unsigned int res; - - if (!evp_rand_lock(ctx)) - return 0; - res = evp_rand_strength_locked(ctx); - evp_rand_unlock(ctx); - return res; -} - -static int evp_rand_nonce_locked(EVP_RAND_CTX *ctx, unsigned char *out, - size_t outlen) -{ - unsigned int str = evp_rand_strength_locked(ctx); - - if (ctx->meth->nonce == NULL) - return 0; - if (ctx->meth->nonce(ctx->algctx, out, str, outlen, outlen)) - return 1; - return evp_rand_generate_locked(ctx, out, outlen, str, 0, NULL, 0); -} - -int EVP_RAND_nonce(EVP_RAND_CTX *ctx, unsigned char *out, size_t outlen) -{ - int res; - - if (!evp_rand_lock(ctx)) - return 0; - res = evp_rand_nonce_locked(ctx, out, outlen); - evp_rand_unlock(ctx); - return res; -} - -int EVP_RAND_get_state(EVP_RAND_CTX *ctx) -{ - OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; - int state; - - params[0] = OSSL_PARAM_construct_int(OSSL_RAND_PARAM_STATE, &state); - if (!EVP_RAND_CTX_get_params(ctx, params)) - state = EVP_RAND_STATE_ERROR; - return state; -} - -static int evp_rand_verify_zeroization_locked(EVP_RAND_CTX *ctx) -{ - if (ctx->meth->verify_zeroization != NULL) - return ctx->meth->verify_zeroization(ctx->algctx); - return 0; -} - -int EVP_RAND_verify_zeroization(EVP_RAND_CTX *ctx) -{ - int res; - - if (!evp_rand_lock(ctx)) - return 0; - res = evp_rand_verify_zeroization_locked(ctx); - evp_rand_unlock(ctx); - return res; -} diff --git a/crypto/evp/evp_utils.c b/crypto/evp/evp_utils.c deleted file mode 100644 index 3cc17921f8f49993f8739e742b3f1405773f0db4..0000000000000000000000000000000000000000 --- a/crypto/evp/evp_utils.c +++ /dev/null @@ -1,81 +0,0 @@ -/* - * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* Internal EVP utility functions */ - -#include -#include -#include -#include /* evp_local.h needs it */ -#include /* evp_local.h needs it */ -#include "crypto/evp.h" /* evp_local.h needs it */ -#include "evp_local.h" - -/* - * EVP_CTRL_RET_UNSUPPORTED = -1 is the returned value from any ctrl function - * where the control command isn't supported, and an alternative code path - * may be chosen. - * Since these functions are used to implement ctrl functionality, we - * use the same value, and other callers will have to compensate. - */ -#define PARAM_CHECK(obj, func, errfunc) \ - if (obj == NULL) \ - return 0; \ - if (obj->prov == NULL) \ - return EVP_CTRL_RET_UNSUPPORTED; \ - if (obj->func == NULL) { \ - errfunc(); \ - return 0; \ - } - -#define PARAM_FUNC(name, func, type, err) \ -int name (const type *obj, OSSL_PARAM params[]) \ -{ \ - PARAM_CHECK(obj, func, err) \ - return obj->func(params); \ -} - -#define PARAM_CTX_FUNC(name, func, type, err) \ -int name (const type *obj, void *algctx, OSSL_PARAM params[]) \ -{ \ - PARAM_CHECK(obj, func, err) \ - return obj->func(algctx, params); \ -} - -#define PARAM_FUNCTIONS(type, \ - getname, getfunc, \ - getctxname, getctxfunc, \ - setctxname, setctxfunc) \ - PARAM_FUNC(getname, getfunc, type, geterr) \ - PARAM_CTX_FUNC(getctxname, getctxfunc, type, geterr) \ - PARAM_CTX_FUNC(setctxname, setctxfunc, type, seterr) - -/* - * These error functions are a workaround for the error scripts, which - * currently require that XXXerr method appears inside a function (not a macro). - */ -static void geterr(void) -{ - ERR_raise(ERR_LIB_EVP, EVP_R_CANNOT_GET_PARAMETERS); -} - -static void seterr(void) -{ - ERR_raise(ERR_LIB_EVP, EVP_R_CANNOT_SET_PARAMETERS); -} - -PARAM_FUNCTIONS(EVP_CIPHER, - evp_do_ciph_getparams, get_params, - evp_do_ciph_ctx_getparams, get_ctx_params, - evp_do_ciph_ctx_setparams, set_ctx_params) - -PARAM_FUNCTIONS(EVP_MD, - evp_do_md_getparams, get_params, - evp_do_md_ctx_getparams, get_ctx_params, - evp_do_md_ctx_setparams, set_ctx_params) diff --git a/crypto/evp/exchange.c b/crypto/evp/exchange.c deleted file mode 100644 index d7a4ad142aa75c990e9ce9cf3e7a82af1912bf52..0000000000000000000000000000000000000000 --- a/crypto/evp/exchange.c +++ /dev/null @@ -1,597 +0,0 @@ -/* - * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include "internal/cryptlib.h" -#include "internal/refcount.h" -#include "internal/provider.h" -#include "internal/core.h" -#include "internal/numbers.h" /* includes SIZE_MAX */ -#include "crypto/evp.h" -#include "evp_local.h" - -static EVP_KEYEXCH *evp_keyexch_new(OSSL_PROVIDER *prov) -{ - EVP_KEYEXCH *exchange = OPENSSL_zalloc(sizeof(EVP_KEYEXCH)); - - if (exchange == NULL) { - ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE); - return NULL; - } - - exchange->lock = CRYPTO_THREAD_lock_new(); - if (exchange->lock == NULL) { - ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE); - OPENSSL_free(exchange); - return NULL; - } - exchange->prov = prov; - ossl_provider_up_ref(prov); - exchange->refcnt = 1; - - return exchange; -} - -static void *evp_keyexch_from_algorithm(int name_id, - const OSSL_ALGORITHM *algodef, - OSSL_PROVIDER *prov) -{ - const OSSL_DISPATCH *fns = algodef->implementation; - EVP_KEYEXCH *exchange = NULL; - int fncnt = 0, sparamfncnt = 0, gparamfncnt = 0; - - if ((exchange = evp_keyexch_new(prov)) == NULL) { - ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE); - goto err; - } - - exchange->name_id = name_id; - if ((exchange->type_name = ossl_algorithm_get1_first_name(algodef)) == NULL) - goto err; - exchange->description = algodef->algorithm_description; - - for (; fns->function_id != 0; fns++) { - switch (fns->function_id) { - case OSSL_FUNC_KEYEXCH_NEWCTX: - if (exchange->newctx != NULL) - break; - exchange->newctx = OSSL_FUNC_keyexch_newctx(fns); - fncnt++; - break; - case OSSL_FUNC_KEYEXCH_INIT: - if (exchange->init != NULL) - break; - exchange->init = OSSL_FUNC_keyexch_init(fns); - fncnt++; - break; - case OSSL_FUNC_KEYEXCH_SET_PEER: - if (exchange->set_peer != NULL) - break; - exchange->set_peer = OSSL_FUNC_keyexch_set_peer(fns); - break; - case OSSL_FUNC_KEYEXCH_DERIVE: - if (exchange->derive != NULL) - break; - exchange->derive = OSSL_FUNC_keyexch_derive(fns); - fncnt++; - break; - case OSSL_FUNC_KEYEXCH_FREECTX: - if (exchange->freectx != NULL) - break; - exchange->freectx = OSSL_FUNC_keyexch_freectx(fns); - fncnt++; - break; - case OSSL_FUNC_KEYEXCH_DUPCTX: - if (exchange->dupctx != NULL) - break; - exchange->dupctx = OSSL_FUNC_keyexch_dupctx(fns); - break; - case OSSL_FUNC_KEYEXCH_GET_CTX_PARAMS: - if (exchange->get_ctx_params != NULL) - break; - exchange->get_ctx_params = OSSL_FUNC_keyexch_get_ctx_params(fns); - gparamfncnt++; - break; - case OSSL_FUNC_KEYEXCH_GETTABLE_CTX_PARAMS: - if (exchange->gettable_ctx_params != NULL) - break; - exchange->gettable_ctx_params - = OSSL_FUNC_keyexch_gettable_ctx_params(fns); - gparamfncnt++; - break; - case OSSL_FUNC_KEYEXCH_SET_CTX_PARAMS: - if (exchange->set_ctx_params != NULL) - break; - exchange->set_ctx_params = OSSL_FUNC_keyexch_set_ctx_params(fns); - sparamfncnt++; - break; - case OSSL_FUNC_KEYEXCH_SETTABLE_CTX_PARAMS: - if (exchange->settable_ctx_params != NULL) - break; - exchange->settable_ctx_params - = OSSL_FUNC_keyexch_settable_ctx_params(fns); - sparamfncnt++; - break; - } - } - if (fncnt != 4 - || (gparamfncnt != 0 && gparamfncnt != 2) - || (sparamfncnt != 0 && sparamfncnt != 2)) { - /* - * In order to be a consistent set of functions we must have at least - * a complete set of "exchange" functions: init, derive, newctx, - * and freectx. The set_ctx_params and settable_ctx_params functions are - * optional, but if one of them is present then the other one must also - * be present. Same goes for get_ctx_params and gettable_ctx_params. - * The dupctx and set_peer functions are optional. - */ - ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS); - goto err; - } - - return exchange; - - err: - EVP_KEYEXCH_free(exchange); - return NULL; -} - -void EVP_KEYEXCH_free(EVP_KEYEXCH *exchange) -{ - int i; - - if (exchange == NULL) - return; - CRYPTO_DOWN_REF(&exchange->refcnt, &i, exchange->lock); - if (i > 0) - return; - OPENSSL_free(exchange->type_name); - ossl_provider_free(exchange->prov); - CRYPTO_THREAD_lock_free(exchange->lock); - OPENSSL_free(exchange); -} - -int EVP_KEYEXCH_up_ref(EVP_KEYEXCH *exchange) -{ - int ref = 0; - - CRYPTO_UP_REF(&exchange->refcnt, &ref, exchange->lock); - return 1; -} - -OSSL_PROVIDER *EVP_KEYEXCH_get0_provider(const EVP_KEYEXCH *exchange) -{ - return exchange->prov; -} - -EVP_KEYEXCH *EVP_KEYEXCH_fetch(OSSL_LIB_CTX *ctx, const char *algorithm, - const char *properties) -{ - return evp_generic_fetch(ctx, OSSL_OP_KEYEXCH, algorithm, properties, - evp_keyexch_from_algorithm, - (int (*)(void *))EVP_KEYEXCH_up_ref, - (void (*)(void *))EVP_KEYEXCH_free); -} - -EVP_KEYEXCH *evp_keyexch_fetch_from_prov(OSSL_PROVIDER *prov, - const char *algorithm, - const char *properties) -{ - return evp_generic_fetch_from_prov(prov, OSSL_OP_KEYEXCH, - algorithm, properties, - evp_keyexch_from_algorithm, - (int (*)(void *))EVP_KEYEXCH_up_ref, - (void (*)(void *))EVP_KEYEXCH_free); -} - -int EVP_PKEY_derive_init(EVP_PKEY_CTX *ctx) -{ - return EVP_PKEY_derive_init_ex(ctx, NULL); -} - -int EVP_PKEY_derive_init_ex(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[]) -{ - int ret; - void *provkey = NULL; - EVP_KEYEXCH *exchange = NULL; - EVP_KEYMGMT *tmp_keymgmt = NULL; - const OSSL_PROVIDER *tmp_prov = NULL; - const char *supported_exch = NULL; - int iter; - - if (ctx == NULL) { - ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER); - return -2; - } - - evp_pkey_ctx_free_old_ops(ctx); - ctx->operation = EVP_PKEY_OP_DERIVE; - - ERR_set_mark(); - - if (evp_pkey_ctx_is_legacy(ctx)) - goto legacy; - - /* - * Some algorithms (e.g. legacy KDFs) don't have a pkey - so we create - * a blank one. - */ - if (ctx->pkey == NULL) { - EVP_PKEY *pkey = EVP_PKEY_new(); - - if (pkey == NULL - || !EVP_PKEY_set_type_by_keymgmt(pkey, ctx->keymgmt) - || (pkey->keydata = evp_keymgmt_newdata(ctx->keymgmt)) == NULL) { - ERR_clear_last_mark(); - EVP_PKEY_free(pkey); - ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); - goto err; - } - ctx->pkey = pkey; - } - - /* - * Try to derive the supported exch from |ctx->keymgmt|. - */ - if (!ossl_assert(ctx->pkey->keymgmt == NULL - || ctx->pkey->keymgmt == ctx->keymgmt)) { - ERR_clear_last_mark(); - ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR); - goto err; - } - supported_exch = evp_keymgmt_util_query_operation_name(ctx->keymgmt, - OSSL_OP_KEYEXCH); - if (supported_exch == NULL) { - ERR_clear_last_mark(); - ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); - goto err; - } - - - /* - * We perform two iterations: - * - * 1. Do the normal exchange fetch, using the fetching data given by - * the EVP_PKEY_CTX. - * 2. Do the provider specific exchange fetch, from the same provider - * as |ctx->keymgmt| - * - * We then try to fetch the keymgmt from the same provider as the - * exchange, and try to export |ctx->pkey| to that keymgmt (when - * this keymgmt happens to be the same as |ctx->keymgmt|, the export - * is a no-op, but we call it anyway to not complicate the code even - * more). - * If the export call succeeds (returns a non-NULL provider key pointer), - * we're done and can perform the operation itself. If not, we perform - * the second iteration, or jump to legacy. - */ - for (iter = 1, provkey = NULL; iter < 3 && provkey == NULL; iter++) { - EVP_KEYMGMT *tmp_keymgmt_tofree = NULL; - - /* - * If we're on the second iteration, free the results from the first. - * They are NULL on the first iteration, so no need to check what - * iteration we're on. - */ - EVP_KEYEXCH_free(exchange); - EVP_KEYMGMT_free(tmp_keymgmt); - - switch (iter) { - case 1: - exchange = - EVP_KEYEXCH_fetch(ctx->libctx, supported_exch, ctx->propquery); - if (exchange != NULL) - tmp_prov = EVP_KEYEXCH_get0_provider(exchange); - break; - case 2: - tmp_prov = EVP_KEYMGMT_get0_provider(ctx->keymgmt); - exchange = - evp_keyexch_fetch_from_prov((OSSL_PROVIDER *)tmp_prov, - supported_exch, ctx->propquery); - if (exchange == NULL) - goto legacy; - break; - } - if (exchange == NULL) - continue; - - /* - * Ensure that the key is provided, either natively, or as a cached - * export. We start by fetching the keymgmt with the same name as - * |ctx->keymgmt|, but from the provider of the exchange method, using - * the same property query as when fetching the exchange method. - * With the keymgmt we found (if we did), we try to export |ctx->pkey| - * to it (evp_pkey_export_to_provider() is smart enough to only actually - * export it if |tmp_keymgmt| is different from |ctx->pkey|'s keymgmt) - */ - tmp_keymgmt_tofree = tmp_keymgmt = - evp_keymgmt_fetch_from_prov((OSSL_PROVIDER *)tmp_prov, - EVP_KEYMGMT_get0_name(ctx->keymgmt), - ctx->propquery); - if (tmp_keymgmt != NULL) - provkey = evp_pkey_export_to_provider(ctx->pkey, ctx->libctx, - &tmp_keymgmt, ctx->propquery); - if (tmp_keymgmt == NULL) - EVP_KEYMGMT_free(tmp_keymgmt_tofree); - } - - if (provkey == NULL) { - EVP_KEYEXCH_free(exchange); - goto legacy; - } - - ERR_pop_to_mark(); - - /* No more legacy from here down to legacy: */ - - ctx->op.kex.exchange = exchange; - ctx->op.kex.algctx = exchange->newctx(ossl_provider_ctx(exchange->prov)); - if (ctx->op.kex.algctx == NULL) { - /* The provider key can stay in the cache */ - ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); - goto err; - } - ret = exchange->init(ctx->op.kex.algctx, provkey, params); - - EVP_KEYMGMT_free(tmp_keymgmt); - return ret ? 1 : 0; - err: - evp_pkey_ctx_free_old_ops(ctx); - ctx->operation = EVP_PKEY_OP_UNDEFINED; - EVP_KEYMGMT_free(tmp_keymgmt); - return 0; - - legacy: - /* - * If we don't have the full support we need with provided methods, - * let's go see if legacy does. - */ - ERR_pop_to_mark(); - -#ifdef FIPS_MODULE - return 0; -#else - if (ctx->pmeth == NULL || ctx->pmeth->derive == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); - return -2; - } - - if (ctx->pmeth->derive_init == NULL) - return 1; - ret = ctx->pmeth->derive_init(ctx); - if (ret <= 0) - ctx->operation = EVP_PKEY_OP_UNDEFINED; - EVP_KEYMGMT_free(tmp_keymgmt); - return ret; -#endif -} - -int EVP_PKEY_derive_set_peer_ex(EVP_PKEY_CTX *ctx, EVP_PKEY *peer, - int validate_peer) -{ - int ret = 0, check; - void *provkey = NULL; - EVP_PKEY_CTX *check_ctx = NULL; - EVP_KEYMGMT *tmp_keymgmt = NULL, *tmp_keymgmt_tofree = NULL; - - if (ctx == NULL) { - ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER); - return -1; - } - - if (!EVP_PKEY_CTX_IS_DERIVE_OP(ctx) || ctx->op.kex.algctx == NULL) - goto legacy; - - if (ctx->op.kex.exchange->set_peer == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); - return -2; - } - - if (validate_peer) { - check_ctx = EVP_PKEY_CTX_new_from_pkey(ctx->libctx, peer, ctx->propquery); - if (check_ctx == NULL) - return -1; - check = EVP_PKEY_public_check(check_ctx); - EVP_PKEY_CTX_free(check_ctx); - if (check <= 0) - return -1; - } - - /* - * Ensure that the |peer| is provided, either natively, or as a cached - * export. We start by fetching the keymgmt with the same name as - * |ctx->keymgmt|, but from the provider of the exchange method, using - * the same property query as when fetching the exchange method. - * With the keymgmt we found (if we did), we try to export |peer| - * to it (evp_pkey_export_to_provider() is smart enough to only actually - * export it if |tmp_keymgmt| is different from |peer|'s keymgmt) - */ - tmp_keymgmt_tofree = tmp_keymgmt = - evp_keymgmt_fetch_from_prov((OSSL_PROVIDER *) - EVP_KEYEXCH_get0_provider(ctx->op.kex.exchange), - EVP_KEYMGMT_get0_name(ctx->keymgmt), - ctx->propquery); - if (tmp_keymgmt != NULL) - provkey = evp_pkey_export_to_provider(peer, ctx->libctx, - &tmp_keymgmt, ctx->propquery); - EVP_KEYMGMT_free(tmp_keymgmt_tofree); - - /* - * If making the key provided wasn't possible, legacy may be able to pick - * it up - */ - if (provkey == NULL) - goto legacy; - return ctx->op.kex.exchange->set_peer(ctx->op.kex.algctx, provkey); - - legacy: -#ifdef FIPS_MODULE - return ret; -#else - if (ctx->pmeth == NULL - || !(ctx->pmeth->derive != NULL - || ctx->pmeth->encrypt != NULL - || ctx->pmeth->decrypt != NULL) - || ctx->pmeth->ctrl == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); - return -2; - } - if (ctx->operation != EVP_PKEY_OP_DERIVE - && ctx->operation != EVP_PKEY_OP_ENCRYPT - && ctx->operation != EVP_PKEY_OP_DECRYPT) { - ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_INITIALIZED); - return -1; - } - - ret = ctx->pmeth->ctrl(ctx, EVP_PKEY_CTRL_PEER_KEY, 0, peer); - - if (ret <= 0) - return ret; - - if (ret == 2) - return 1; - - if (ctx->pkey == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_NO_KEY_SET); - return -1; - } - - if (ctx->pkey->type != peer->type) { - ERR_raise(ERR_LIB_EVP, EVP_R_DIFFERENT_KEY_TYPES); - return -1; - } - - /* - * For clarity. The error is if parameters in peer are - * present (!missing) but don't match. EVP_PKEY_parameters_eq may return - * 1 (match), 0 (don't match) and -2 (comparison is not defined). -1 - * (different key types) is impossible here because it is checked earlier. - * -2 is OK for us here, as well as 1, so we can check for 0 only. - */ - if (!EVP_PKEY_missing_parameters(peer) && - !EVP_PKEY_parameters_eq(ctx->pkey, peer)) { - ERR_raise(ERR_LIB_EVP, EVP_R_DIFFERENT_PARAMETERS); - return -1; - } - - EVP_PKEY_free(ctx->peerkey); - ctx->peerkey = peer; - - ret = ctx->pmeth->ctrl(ctx, EVP_PKEY_CTRL_PEER_KEY, 1, peer); - - if (ret <= 0) { - ctx->peerkey = NULL; - return ret; - } - - EVP_PKEY_up_ref(peer); - return 1; -#endif -} - -int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer) -{ - return EVP_PKEY_derive_set_peer_ex(ctx, peer, 1); -} - -int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *pkeylen) -{ - int ret; - - if (ctx == NULL || pkeylen == NULL) { - ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER); - return -1; - } - - if (!EVP_PKEY_CTX_IS_DERIVE_OP(ctx)) { - ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_INITIALIZED); - return -1; - } - - if (ctx->op.kex.algctx == NULL) - goto legacy; - - ret = ctx->op.kex.exchange->derive(ctx->op.kex.algctx, key, pkeylen, - key != NULL ? *pkeylen : 0); - - return ret; - legacy: - if (ctx->pmeth == NULL || ctx->pmeth->derive == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); - return -2; - } - - M_check_autoarg(ctx, key, pkeylen, EVP_F_EVP_PKEY_DERIVE) - return ctx->pmeth->derive(ctx, key, pkeylen); -} - -int evp_keyexch_get_number(const EVP_KEYEXCH *keyexch) -{ - return keyexch->name_id; -} - -const char *EVP_KEYEXCH_get0_name(const EVP_KEYEXCH *keyexch) -{ - return keyexch->type_name; -} - -const char *EVP_KEYEXCH_get0_description(const EVP_KEYEXCH *keyexch) -{ - return keyexch->description; -} - -int EVP_KEYEXCH_is_a(const EVP_KEYEXCH *keyexch, const char *name) -{ - return keyexch != NULL - && evp_is_a(keyexch->prov, keyexch->name_id, NULL, name); -} - -void EVP_KEYEXCH_do_all_provided(OSSL_LIB_CTX *libctx, - void (*fn)(EVP_KEYEXCH *keyexch, void *arg), - void *arg) -{ - evp_generic_do_all(libctx, OSSL_OP_KEYEXCH, - (void (*)(void *, void *))fn, arg, - evp_keyexch_from_algorithm, - (int (*)(void *))EVP_KEYEXCH_up_ref, - (void (*)(void *))EVP_KEYEXCH_free); -} - -int EVP_KEYEXCH_names_do_all(const EVP_KEYEXCH *keyexch, - void (*fn)(const char *name, void *data), - void *data) -{ - if (keyexch->prov != NULL) - return evp_names_do_all(keyexch->prov, keyexch->name_id, fn, data); - - return 1; -} - -const OSSL_PARAM *EVP_KEYEXCH_gettable_ctx_params(const EVP_KEYEXCH *keyexch) -{ - void *provctx; - - if (keyexch == NULL || keyexch->gettable_ctx_params == NULL) - return NULL; - - provctx = ossl_provider_ctx(EVP_KEYEXCH_get0_provider(keyexch)); - return keyexch->gettable_ctx_params(NULL, provctx); -} - -const OSSL_PARAM *EVP_KEYEXCH_settable_ctx_params(const EVP_KEYEXCH *keyexch) -{ - void *provctx; - - if (keyexch == NULL || keyexch->settable_ctx_params == NULL) - return NULL; - provctx = ossl_provider_ctx(EVP_KEYEXCH_get0_provider(keyexch)); - return keyexch->settable_ctx_params(NULL, provctx); -} diff --git a/crypto/evp/kdf_lib.c b/crypto/evp/kdf_lib.c deleted file mode 100644 index 6a6bb31e6372118c09d0043230d5ca06cef71f5b..0000000000000000000000000000000000000000 --- a/crypto/evp/kdf_lib.c +++ /dev/null @@ -1,184 +0,0 @@ -/* - * Copyright 2018-2022 The OpenSSL Project Authors. All Rights Reserved. - * Copyright (c) 2018-2019, Oracle and/or its affiliates. All rights reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include "internal/cryptlib.h" -#include -#include -#include -#include -#include "crypto/evp.h" -#include "internal/numbers.h" -#include "internal/provider.h" -#include "evp_local.h" - -EVP_KDF_CTX *EVP_KDF_CTX_new(EVP_KDF *kdf) -{ - EVP_KDF_CTX *ctx = NULL; - - if (kdf == NULL) - return NULL; - - ctx = OPENSSL_zalloc(sizeof(EVP_KDF_CTX)); - if (ctx == NULL - || (ctx->algctx = kdf->newctx(ossl_provider_ctx(kdf->prov))) == NULL - || !EVP_KDF_up_ref(kdf)) { - ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE); - if (ctx != NULL) - kdf->freectx(ctx->algctx); - OPENSSL_free(ctx); - ctx = NULL; - } else { - ctx->meth = kdf; - } - return ctx; -} - -void EVP_KDF_CTX_free(EVP_KDF_CTX *ctx) -{ - if (ctx == NULL) - return; - ctx->meth->freectx(ctx->algctx); - ctx->algctx = NULL; - EVP_KDF_free(ctx->meth); - OPENSSL_free(ctx); -} - -EVP_KDF_CTX *EVP_KDF_CTX_dup(const EVP_KDF_CTX *src) -{ - EVP_KDF_CTX *dst; - - if (src == NULL || src->algctx == NULL || src->meth->dupctx == NULL) - return NULL; - - dst = OPENSSL_malloc(sizeof(*dst)); - if (dst == NULL) { - ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE); - return NULL; - } - - memcpy(dst, src, sizeof(*dst)); - if (!EVP_KDF_up_ref(dst->meth)) { - ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE); - OPENSSL_free(dst); - return NULL; - } - - dst->algctx = src->meth->dupctx(src->algctx); - if (dst->algctx == NULL) { - EVP_KDF_CTX_free(dst); - return NULL; - } - return dst; -} - -int evp_kdf_get_number(const EVP_KDF *kdf) -{ - return kdf->name_id; -} - -const char *EVP_KDF_get0_name(const EVP_KDF *kdf) -{ - return kdf->type_name; -} - -const char *EVP_KDF_get0_description(const EVP_KDF *kdf) -{ - return kdf->description; -} - -int EVP_KDF_is_a(const EVP_KDF *kdf, const char *name) -{ - return kdf != NULL && evp_is_a(kdf->prov, kdf->name_id, NULL, name); -} - -const OSSL_PROVIDER *EVP_KDF_get0_provider(const EVP_KDF *kdf) -{ - return kdf->prov; -} - -const EVP_KDF *EVP_KDF_CTX_kdf(EVP_KDF_CTX *ctx) -{ - return ctx->meth; -} - -void EVP_KDF_CTX_reset(EVP_KDF_CTX *ctx) -{ - if (ctx == NULL) - return; - - if (ctx->meth->reset != NULL) - ctx->meth->reset(ctx->algctx); -} - -size_t EVP_KDF_CTX_get_kdf_size(EVP_KDF_CTX *ctx) -{ - OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; - size_t s = 0; - - if (ctx == NULL) - return 0; - - *params = OSSL_PARAM_construct_size_t(OSSL_KDF_PARAM_SIZE, &s); - if (ctx->meth->get_ctx_params != NULL - && ctx->meth->get_ctx_params(ctx->algctx, params)) - return s; - if (ctx->meth->get_params != NULL - && ctx->meth->get_params(params)) - return s; - return 0; -} - -int EVP_KDF_derive(EVP_KDF_CTX *ctx, unsigned char *key, size_t keylen, - const OSSL_PARAM params[]) -{ - if (ctx == NULL) - return 0; - - return ctx->meth->derive(ctx->algctx, key, keylen, params); -} - -/* - * The {get,set}_params functions return 1 if there is no corresponding - * function in the implementation. This is the same as if there was one, - * but it didn't recognise any of the given params, i.e. nothing in the - * bag of parameters was useful. - */ -int EVP_KDF_get_params(EVP_KDF *kdf, OSSL_PARAM params[]) -{ - if (kdf->get_params != NULL) - return kdf->get_params(params); - return 1; -} - -int EVP_KDF_CTX_get_params(EVP_KDF_CTX *ctx, OSSL_PARAM params[]) -{ - if (ctx->meth->get_ctx_params != NULL) - return ctx->meth->get_ctx_params(ctx->algctx, params); - return 1; -} - -int EVP_KDF_CTX_set_params(EVP_KDF_CTX *ctx, const OSSL_PARAM params[]) -{ - if (ctx->meth->set_ctx_params != NULL) - return ctx->meth->set_ctx_params(ctx->algctx, params); - return 1; -} - -int EVP_KDF_names_do_all(const EVP_KDF *kdf, - void (*fn)(const char *name, void *data), - void *data) -{ - if (kdf->prov != NULL) - return evp_names_do_all(kdf->prov, kdf->name_id, fn, data); - - return 1; -} diff --git a/crypto/evp/kdf_meth.c b/crypto/evp/kdf_meth.c deleted file mode 100644 index 94af5d40a091e682d318a277aa992eefdf72c64c..0000000000000000000000000000000000000000 --- a/crypto/evp/kdf_meth.c +++ /dev/null @@ -1,232 +0,0 @@ -/* - * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include -#include -#include "internal/provider.h" -#include "internal/core.h" -#include "crypto/evp.h" -#include "evp_local.h" - -static int evp_kdf_up_ref(void *vkdf) -{ - EVP_KDF *kdf = (EVP_KDF *)vkdf; - int ref = 0; - - CRYPTO_UP_REF(&kdf->refcnt, &ref, kdf->lock); - return 1; -} - -static void evp_kdf_free(void *vkdf) -{ - EVP_KDF *kdf = (EVP_KDF *)vkdf; - int ref = 0; - - if (kdf == NULL) - return; - - CRYPTO_DOWN_REF(&kdf->refcnt, &ref, kdf->lock); - if (ref > 0) - return; - OPENSSL_free(kdf->type_name); - ossl_provider_free(kdf->prov); - CRYPTO_THREAD_lock_free(kdf->lock); - OPENSSL_free(kdf); -} - -static void *evp_kdf_new(void) -{ - EVP_KDF *kdf = NULL; - - if ((kdf = OPENSSL_zalloc(sizeof(*kdf))) == NULL - || (kdf->lock = CRYPTO_THREAD_lock_new()) == NULL) { - OPENSSL_free(kdf); - return NULL; - } - kdf->refcnt = 1; - return kdf; -} - -static void *evp_kdf_from_algorithm(int name_id, - const OSSL_ALGORITHM *algodef, - OSSL_PROVIDER *prov) -{ - const OSSL_DISPATCH *fns = algodef->implementation; - EVP_KDF *kdf = NULL; - int fnkdfcnt = 0, fnctxcnt = 0; - - if ((kdf = evp_kdf_new()) == NULL) { - ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE); - return NULL; - } - kdf->name_id = name_id; - if ((kdf->type_name = ossl_algorithm_get1_first_name(algodef)) == NULL) { - evp_kdf_free(kdf); - return NULL; - } - kdf->description = algodef->algorithm_description; - - for (; fns->function_id != 0; fns++) { - switch (fns->function_id) { - case OSSL_FUNC_KDF_NEWCTX: - if (kdf->newctx != NULL) - break; - kdf->newctx = OSSL_FUNC_kdf_newctx(fns); - fnctxcnt++; - break; - case OSSL_FUNC_KDF_DUPCTX: - if (kdf->dupctx != NULL) - break; - kdf->dupctx = OSSL_FUNC_kdf_dupctx(fns); - break; - case OSSL_FUNC_KDF_FREECTX: - if (kdf->freectx != NULL) - break; - kdf->freectx = OSSL_FUNC_kdf_freectx(fns); - fnctxcnt++; - break; - case OSSL_FUNC_KDF_RESET: - if (kdf->reset != NULL) - break; - kdf->reset = OSSL_FUNC_kdf_reset(fns); - break; - case OSSL_FUNC_KDF_DERIVE: - if (kdf->derive != NULL) - break; - kdf->derive = OSSL_FUNC_kdf_derive(fns); - fnkdfcnt++; - break; - case OSSL_FUNC_KDF_GETTABLE_PARAMS: - if (kdf->gettable_params != NULL) - break; - kdf->gettable_params = - OSSL_FUNC_kdf_gettable_params(fns); - break; - case OSSL_FUNC_KDF_GETTABLE_CTX_PARAMS: - if (kdf->gettable_ctx_params != NULL) - break; - kdf->gettable_ctx_params = - OSSL_FUNC_kdf_gettable_ctx_params(fns); - break; - case OSSL_FUNC_KDF_SETTABLE_CTX_PARAMS: - if (kdf->settable_ctx_params != NULL) - break; - kdf->settable_ctx_params = - OSSL_FUNC_kdf_settable_ctx_params(fns); - break; - case OSSL_FUNC_KDF_GET_PARAMS: - if (kdf->get_params != NULL) - break; - kdf->get_params = OSSL_FUNC_kdf_get_params(fns); - break; - case OSSL_FUNC_KDF_GET_CTX_PARAMS: - if (kdf->get_ctx_params != NULL) - break; - kdf->get_ctx_params = OSSL_FUNC_kdf_get_ctx_params(fns); - break; - case OSSL_FUNC_KDF_SET_CTX_PARAMS: - if (kdf->set_ctx_params != NULL) - break; - kdf->set_ctx_params = OSSL_FUNC_kdf_set_ctx_params(fns); - break; - } - } - if (fnkdfcnt != 1 || fnctxcnt != 2) { - /* - * In order to be a consistent set of functions we must have at least - * a derive function, and a complete set of context management - * functions. - */ - evp_kdf_free(kdf); - ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS); - return NULL; - } - kdf->prov = prov; - if (prov != NULL) - ossl_provider_up_ref(prov); - - return kdf; -} - -EVP_KDF *EVP_KDF_fetch(OSSL_LIB_CTX *libctx, const char *algorithm, - const char *properties) -{ - return evp_generic_fetch(libctx, OSSL_OP_KDF, algorithm, properties, - evp_kdf_from_algorithm, evp_kdf_up_ref, - evp_kdf_free); -} - -int EVP_KDF_up_ref(EVP_KDF *kdf) -{ - return evp_kdf_up_ref(kdf); -} - -void EVP_KDF_free(EVP_KDF *kdf) -{ - evp_kdf_free(kdf); -} - -const OSSL_PARAM *EVP_KDF_gettable_params(const EVP_KDF *kdf) -{ - if (kdf->gettable_params == NULL) - return NULL; - return kdf->gettable_params(ossl_provider_ctx(EVP_KDF_get0_provider(kdf))); -} - -const OSSL_PARAM *EVP_KDF_gettable_ctx_params(const EVP_KDF *kdf) -{ - void *alg; - - if (kdf->gettable_ctx_params == NULL) - return NULL; - alg = ossl_provider_ctx(EVP_KDF_get0_provider(kdf)); - return kdf->gettable_ctx_params(NULL, alg); -} - -const OSSL_PARAM *EVP_KDF_settable_ctx_params(const EVP_KDF *kdf) -{ - void *alg; - - if (kdf->settable_ctx_params == NULL) - return NULL; - alg = ossl_provider_ctx(EVP_KDF_get0_provider(kdf)); - return kdf->settable_ctx_params(NULL, alg); -} - -const OSSL_PARAM *EVP_KDF_CTX_gettable_params(EVP_KDF_CTX *ctx) -{ - void *alg; - - if (ctx->meth->gettable_ctx_params == NULL) - return NULL; - alg = ossl_provider_ctx(EVP_KDF_get0_provider(ctx->meth)); - return ctx->meth->gettable_ctx_params(ctx->algctx, alg); -} - -const OSSL_PARAM *EVP_KDF_CTX_settable_params(EVP_KDF_CTX *ctx) -{ - void *alg; - - if (ctx->meth->settable_ctx_params == NULL) - return NULL; - alg = ossl_provider_ctx(EVP_KDF_get0_provider(ctx->meth)); - return ctx->meth->settable_ctx_params(ctx->algctx, alg); -} - -void EVP_KDF_do_all_provided(OSSL_LIB_CTX *libctx, - void (*fn)(EVP_KDF *kdf, void *arg), - void *arg) -{ - evp_generic_do_all(libctx, OSSL_OP_KDF, - (void (*)(void *, void *))fn, arg, - evp_kdf_from_algorithm, evp_kdf_up_ref, evp_kdf_free); -} diff --git a/crypto/evp/kem.c b/crypto/evp/kem.c deleted file mode 100644 index 1786ae6553bfe8c57092e442cdabba4e4d58d478..0000000000000000000000000000000000000000 --- a/crypto/evp/kem.c +++ /dev/null @@ -1,482 +0,0 @@ -/* - * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include -#include "internal/cryptlib.h" -#include "internal/provider.h" -#include "internal/core.h" -#include "crypto/evp.h" -#include "evp_local.h" - -static int evp_kem_init(EVP_PKEY_CTX *ctx, int operation, - const OSSL_PARAM params[]) -{ - int ret = 0; - EVP_KEM *kem = NULL; - EVP_KEYMGMT *tmp_keymgmt = NULL; - const OSSL_PROVIDER *tmp_prov = NULL; - void *provkey = NULL; - const char *supported_kem = NULL; - int iter; - - if (ctx == NULL || ctx->keytype == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); - return 0; - } - - evp_pkey_ctx_free_old_ops(ctx); - ctx->operation = operation; - - if (ctx->pkey == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_NO_KEY_SET); - goto err; - } - - /* - * Try to derive the supported kem from |ctx->keymgmt|. - */ - if (!ossl_assert(ctx->pkey->keymgmt == NULL - || ctx->pkey->keymgmt == ctx->keymgmt)) { - ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR); - goto err; - } - supported_kem = evp_keymgmt_util_query_operation_name(ctx->keymgmt, - OSSL_OP_KEM); - if (supported_kem == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); - goto err; - } - - /* - * Because we cleared out old ops, we shouldn't need to worry about - * checking if kem is already there. - * We perform two iterations: - * - * 1. Do the normal kem fetch, using the fetching data given by - * the EVP_PKEY_CTX. - * 2. Do the provider specific kem fetch, from the same provider - * as |ctx->keymgmt| - * - * We then try to fetch the keymgmt from the same provider as the - * kem, and try to export |ctx->pkey| to that keymgmt (when this - * keymgmt happens to be the same as |ctx->keymgmt|, the export is - * a no-op, but we call it anyway to not complicate the code even - * more). - * If the export call succeeds (returns a non-NULL provider key pointer), - * we're done and can perform the operation itself. If not, we perform - * the second iteration, or jump to legacy. - */ - for (iter = 1, provkey = NULL; iter < 3 && provkey == NULL; iter++) { - EVP_KEYMGMT *tmp_keymgmt_tofree = NULL; - - /* - * If we're on the second iteration, free the results from the first. - * They are NULL on the first iteration, so no need to check what - * iteration we're on. - */ - EVP_KEM_free(kem); - EVP_KEYMGMT_free(tmp_keymgmt); - - switch (iter) { - case 1: - kem = EVP_KEM_fetch(ctx->libctx, supported_kem, ctx->propquery); - if (kem != NULL) - tmp_prov = EVP_KEM_get0_provider(kem); - break; - case 2: - tmp_prov = EVP_KEYMGMT_get0_provider(ctx->keymgmt); - kem = evp_kem_fetch_from_prov((OSSL_PROVIDER *)tmp_prov, - supported_kem, ctx->propquery); - - if (kem == NULL) { - ERR_raise(ERR_LIB_EVP, - EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); - ret = -2; - goto err; - } - } - if (kem == NULL) - continue; - - /* - * Ensure that the key is provided, either natively, or as a cached - * export. We start by fetching the keymgmt with the same name as - * |ctx->pkey|, but from the provider of the kem method, using the - * same property query as when fetching the kem method. - * With the keymgmt we found (if we did), we try to export |ctx->pkey| - * to it (evp_pkey_export_to_provider() is smart enough to only actually - - * export it if |tmp_keymgmt| is different from |ctx->pkey|'s keymgmt) - */ - tmp_keymgmt_tofree = tmp_keymgmt = - evp_keymgmt_fetch_from_prov((OSSL_PROVIDER *)tmp_prov, - EVP_KEYMGMT_get0_name(ctx->keymgmt), - ctx->propquery); - if (tmp_keymgmt != NULL) - provkey = evp_pkey_export_to_provider(ctx->pkey, ctx->libctx, - &tmp_keymgmt, ctx->propquery); - if (tmp_keymgmt == NULL) - EVP_KEYMGMT_free(tmp_keymgmt_tofree); - } - - if (provkey == NULL) { - EVP_KEM_free(kem); - ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); - goto err; - } - - ctx->op.encap.kem = kem; - ctx->op.encap.algctx = kem->newctx(ossl_provider_ctx(kem->prov)); - if (ctx->op.encap.algctx == NULL) { - /* The provider key can stay in the cache */ - ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); - goto err; - } - - switch (operation) { - case EVP_PKEY_OP_ENCAPSULATE: - if (kem->encapsulate_init == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); - ret = -2; - goto err; - } - ret = kem->encapsulate_init(ctx->op.encap.algctx, provkey, params); - break; - case EVP_PKEY_OP_DECAPSULATE: - if (kem->decapsulate_init == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); - ret = -2; - goto err; - } - ret = kem->decapsulate_init(ctx->op.encap.algctx, provkey, params); - break; - default: - ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); - goto err; - } - - EVP_KEYMGMT_free(tmp_keymgmt); - tmp_keymgmt = NULL; - - if (ret > 0) - return 1; - err: - if (ret <= 0) { - evp_pkey_ctx_free_old_ops(ctx); - ctx->operation = EVP_PKEY_OP_UNDEFINED; - } - EVP_KEYMGMT_free(tmp_keymgmt); - return ret; -} - -int EVP_PKEY_encapsulate_init(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[]) -{ - return evp_kem_init(ctx, EVP_PKEY_OP_ENCAPSULATE, params); -} - -int EVP_PKEY_encapsulate(EVP_PKEY_CTX *ctx, - unsigned char *out, size_t *outlen, - unsigned char *secret, size_t *secretlen) -{ - if (ctx == NULL) - return 0; - - if (ctx->operation != EVP_PKEY_OP_ENCAPSULATE) { - ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_INITIALIZED); - return -1; - } - - if (ctx->op.encap.algctx == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); - return -2; - } - - if (out != NULL && secret == NULL) - return 0; - - return ctx->op.encap.kem->encapsulate(ctx->op.encap.algctx, - out, outlen, secret, secretlen); -} - -int EVP_PKEY_decapsulate_init(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[]) -{ - return evp_kem_init(ctx, EVP_PKEY_OP_DECAPSULATE, params); -} - -int EVP_PKEY_decapsulate(EVP_PKEY_CTX *ctx, - unsigned char *secret, size_t *secretlen, - const unsigned char *in, size_t inlen) -{ - if (ctx == NULL - || (in == NULL || inlen == 0) - || (secret == NULL && secretlen == NULL)) - return 0; - - if (ctx->operation != EVP_PKEY_OP_DECAPSULATE) { - ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_INITIALIZED); - return -1; - } - - if (ctx->op.encap.algctx == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); - return -2; - } - return ctx->op.encap.kem->decapsulate(ctx->op.encap.algctx, - secret, secretlen, in, inlen); -} - -static EVP_KEM *evp_kem_new(OSSL_PROVIDER *prov) -{ - EVP_KEM *kem = OPENSSL_zalloc(sizeof(EVP_KEM)); - - if (kem == NULL) { - ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE); - return NULL; - } - - kem->lock = CRYPTO_THREAD_lock_new(); - if (kem->lock == NULL) { - ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE); - OPENSSL_free(kem); - return NULL; - } - kem->prov = prov; - ossl_provider_up_ref(prov); - kem->refcnt = 1; - - return kem; -} - -static void *evp_kem_from_algorithm(int name_id, const OSSL_ALGORITHM *algodef, - OSSL_PROVIDER *prov) -{ - const OSSL_DISPATCH *fns = algodef->implementation; - EVP_KEM *kem = NULL; - int ctxfncnt = 0, encfncnt = 0, decfncnt = 0; - int gparamfncnt = 0, sparamfncnt = 0; - - if ((kem = evp_kem_new(prov)) == NULL) { - ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE); - goto err; - } - - kem->name_id = name_id; - if ((kem->type_name = ossl_algorithm_get1_first_name(algodef)) == NULL) - goto err; - kem->description = algodef->algorithm_description; - - for (; fns->function_id != 0; fns++) { - switch (fns->function_id) { - case OSSL_FUNC_KEM_NEWCTX: - if (kem->newctx != NULL) - break; - kem->newctx = OSSL_FUNC_kem_newctx(fns); - ctxfncnt++; - break; - case OSSL_FUNC_KEM_ENCAPSULATE_INIT: - if (kem->encapsulate_init != NULL) - break; - kem->encapsulate_init = OSSL_FUNC_kem_encapsulate_init(fns); - encfncnt++; - break; - case OSSL_FUNC_KEM_ENCAPSULATE: - if (kem->encapsulate != NULL) - break; - kem->encapsulate = OSSL_FUNC_kem_encapsulate(fns); - encfncnt++; - break; - case OSSL_FUNC_KEM_DECAPSULATE_INIT: - if (kem->decapsulate_init != NULL) - break; - kem->decapsulate_init = OSSL_FUNC_kem_decapsulate_init(fns); - decfncnt++; - break; - case OSSL_FUNC_KEM_DECAPSULATE: - if (kem->decapsulate != NULL) - break; - kem->decapsulate = OSSL_FUNC_kem_decapsulate(fns); - decfncnt++; - break; - case OSSL_FUNC_KEM_FREECTX: - if (kem->freectx != NULL) - break; - kem->freectx = OSSL_FUNC_kem_freectx(fns); - ctxfncnt++; - break; - case OSSL_FUNC_KEM_DUPCTX: - if (kem->dupctx != NULL) - break; - kem->dupctx = OSSL_FUNC_kem_dupctx(fns); - break; - case OSSL_FUNC_KEM_GET_CTX_PARAMS: - if (kem->get_ctx_params != NULL) - break; - kem->get_ctx_params - = OSSL_FUNC_kem_get_ctx_params(fns); - gparamfncnt++; - break; - case OSSL_FUNC_KEM_GETTABLE_CTX_PARAMS: - if (kem->gettable_ctx_params != NULL) - break; - kem->gettable_ctx_params - = OSSL_FUNC_kem_gettable_ctx_params(fns); - gparamfncnt++; - break; - case OSSL_FUNC_KEM_SET_CTX_PARAMS: - if (kem->set_ctx_params != NULL) - break; - kem->set_ctx_params - = OSSL_FUNC_kem_set_ctx_params(fns); - sparamfncnt++; - break; - case OSSL_FUNC_KEM_SETTABLE_CTX_PARAMS: - if (kem->settable_ctx_params != NULL) - break; - kem->settable_ctx_params - = OSSL_FUNC_kem_settable_ctx_params(fns); - sparamfncnt++; - break; - } - } - if (ctxfncnt != 2 - || (encfncnt != 0 && encfncnt != 2) - || (decfncnt != 0 && decfncnt != 2) - || (encfncnt != 2 && decfncnt != 2) - || (gparamfncnt != 0 && gparamfncnt != 2) - || (sparamfncnt != 0 && sparamfncnt != 2)) { - /* - * In order to be a consistent set of functions we must have at least - * a set of context functions (newctx and freectx) as well as a pair of - * "kem" functions: (encapsulate_init, encapsulate) or - * (decapsulate_init, decapsulate). set_ctx_params and settable_ctx_params are - * optional, but if one of them is present then the other one must also - * be present. The same applies to get_ctx_params and - * gettable_ctx_params. The dupctx function is optional. - */ - ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS); - goto err; - } - - return kem; - err: - EVP_KEM_free(kem); - return NULL; -} - -void EVP_KEM_free(EVP_KEM *kem) -{ - int i; - - if (kem == NULL) - return; - - CRYPTO_DOWN_REF(&kem->refcnt, &i, kem->lock); - if (i > 0) - return; - OPENSSL_free(kem->type_name); - ossl_provider_free(kem->prov); - CRYPTO_THREAD_lock_free(kem->lock); - OPENSSL_free(kem); -} - -int EVP_KEM_up_ref(EVP_KEM *kem) -{ - int ref = 0; - - CRYPTO_UP_REF(&kem->refcnt, &ref, kem->lock); - return 1; -} - -OSSL_PROVIDER *EVP_KEM_get0_provider(const EVP_KEM *kem) -{ - return kem->prov; -} - -EVP_KEM *EVP_KEM_fetch(OSSL_LIB_CTX *ctx, const char *algorithm, - const char *properties) -{ - return evp_generic_fetch(ctx, OSSL_OP_KEM, algorithm, properties, - evp_kem_from_algorithm, - (int (*)(void *))EVP_KEM_up_ref, - (void (*)(void *))EVP_KEM_free); -} - -EVP_KEM *evp_kem_fetch_from_prov(OSSL_PROVIDER *prov, const char *algorithm, - const char *properties) -{ - return evp_generic_fetch_from_prov(prov, OSSL_OP_KEM, algorithm, properties, - evp_kem_from_algorithm, - (int (*)(void *))EVP_KEM_up_ref, - (void (*)(void *))EVP_KEM_free); -} - -int EVP_KEM_is_a(const EVP_KEM *kem, const char *name) -{ - return kem != NULL && evp_is_a(kem->prov, kem->name_id, NULL, name); -} - -int evp_kem_get_number(const EVP_KEM *kem) -{ - return kem->name_id; -} - -const char *EVP_KEM_get0_name(const EVP_KEM *kem) -{ - return kem->type_name; -} - -const char *EVP_KEM_get0_description(const EVP_KEM *kem) -{ - return kem->description; -} - -void EVP_KEM_do_all_provided(OSSL_LIB_CTX *libctx, - void (*fn)(EVP_KEM *kem, void *arg), - void *arg) -{ - evp_generic_do_all(libctx, OSSL_OP_KEM, (void (*)(void *, void *))fn, arg, - evp_kem_from_algorithm, - (int (*)(void *))EVP_KEM_up_ref, - (void (*)(void *))EVP_KEM_free); -} - -int EVP_KEM_names_do_all(const EVP_KEM *kem, - void (*fn)(const char *name, void *data), - void *data) -{ - if (kem->prov != NULL) - return evp_names_do_all(kem->prov, kem->name_id, fn, data); - - return 1; -} - -const OSSL_PARAM *EVP_KEM_gettable_ctx_params(const EVP_KEM *kem) -{ - void *provctx; - - if (kem == NULL || kem->gettable_ctx_params == NULL) - return NULL; - - provctx = ossl_provider_ctx(EVP_KEM_get0_provider(kem)); - return kem->gettable_ctx_params(NULL, provctx); -} - -const OSSL_PARAM *EVP_KEM_settable_ctx_params(const EVP_KEM *kem) -{ - void *provctx; - - if (kem == NULL || kem->settable_ctx_params == NULL) - return NULL; - - provctx = ossl_provider_ctx(EVP_KEM_get0_provider(kem)); - return kem->settable_ctx_params(NULL, provctx); -} diff --git a/crypto/evp/keymgmt_lib.c b/crypto/evp/keymgmt_lib.c deleted file mode 100644 index 82aa771c381e3575e4dd710b54c157fb33cf2f68..0000000000000000000000000000000000000000 --- a/crypto/evp/keymgmt_lib.c +++ /dev/null @@ -1,583 +0,0 @@ -/* - * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/cryptlib.h" -#include "internal/nelem.h" -#include "crypto/evp.h" -#include "internal/core.h" -#include "internal/provider.h" -#include "evp_local.h" - -/* - * match_type() checks if two EVP_KEYMGMT are matching key types. This - * function assumes that the caller has made all the necessary NULL checks. - */ -static int match_type(const EVP_KEYMGMT *keymgmt1, const EVP_KEYMGMT *keymgmt2) -{ - const char *name2 = EVP_KEYMGMT_get0_name(keymgmt2); - - return EVP_KEYMGMT_is_a(keymgmt1, name2); -} - -int evp_keymgmt_util_try_import(const OSSL_PARAM params[], void *arg) -{ - struct evp_keymgmt_util_try_import_data_st *data = arg; - int delete_on_error = 0; - - /* Just in time creation of keydata */ - if (data->keydata == NULL) { - if ((data->keydata = evp_keymgmt_newdata(data->keymgmt)) == NULL) { - ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE); - return 0; - } - delete_on_error = 1; - } - - /* - * It's fine if there was no data to transfer, we just end up with an - * empty destination key. - */ - if (params[0].key == NULL) - return 1; - - if (evp_keymgmt_import(data->keymgmt, data->keydata, data->selection, - params)) - return 1; - if (delete_on_error) { - evp_keymgmt_freedata(data->keymgmt, data->keydata); - data->keydata = NULL; - } - return 0; -} - -int evp_keymgmt_util_assign_pkey(EVP_PKEY *pkey, EVP_KEYMGMT *keymgmt, - void *keydata) -{ - if (pkey == NULL || keymgmt == NULL || keydata == NULL - || !EVP_PKEY_set_type_by_keymgmt(pkey, keymgmt)) { - ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR); - return 0; - } - pkey->keydata = keydata; - evp_keymgmt_util_cache_keyinfo(pkey); - return 1; -} - -EVP_PKEY *evp_keymgmt_util_make_pkey(EVP_KEYMGMT *keymgmt, void *keydata) -{ - EVP_PKEY *pkey = NULL; - - if (keymgmt == NULL - || keydata == NULL - || (pkey = EVP_PKEY_new()) == NULL - || !evp_keymgmt_util_assign_pkey(pkey, keymgmt, keydata)) { - EVP_PKEY_free(pkey); - return NULL; - } - return pkey; -} - -int evp_keymgmt_util_export(const EVP_PKEY *pk, int selection, - OSSL_CALLBACK *export_cb, void *export_cbarg) -{ - if (pk == NULL || export_cb == NULL) - return 0; - return evp_keymgmt_export(pk->keymgmt, pk->keydata, selection, - export_cb, export_cbarg); -} - -void *evp_keymgmt_util_export_to_provider(EVP_PKEY *pk, EVP_KEYMGMT *keymgmt) -{ - struct evp_keymgmt_util_try_import_data_st import_data; - OP_CACHE_ELEM *op; - - /* Export to where? */ - if (keymgmt == NULL) - return NULL; - - /* If we have an unassigned key, give up */ - if (pk->keydata == NULL) - return NULL; - - /* - * If |keymgmt| matches the "origin" |keymgmt|, there is no more to do. - * The "origin" is determined by the |keymgmt| pointers being identical - * or when the provider and the name ID match. The latter case handles the - * situation where the fetch cache is flushed and a "new" key manager is - * created. - */ - if (pk->keymgmt == keymgmt - || (pk->keymgmt->name_id == keymgmt->name_id - && pk->keymgmt->prov == keymgmt->prov)) - return pk->keydata; - - if (!CRYPTO_THREAD_read_lock(pk->lock)) - return NULL; - /* - * If the provider native "origin" hasn't changed since last time, we - * try to find our keymgmt in the operation cache. If it has changed - * and our keymgmt isn't found, we will clear the cache further down. - */ - if (pk->dirty_cnt == pk->dirty_cnt_copy) { - /* If this key is already exported to |keymgmt|, no more to do */ - op = evp_keymgmt_util_find_operation_cache(pk, keymgmt); - if (op != NULL && op->keymgmt != NULL) { - void *ret = op->keydata; - - CRYPTO_THREAD_unlock(pk->lock); - return ret; - } - } - CRYPTO_THREAD_unlock(pk->lock); - - /* If the "origin" |keymgmt| doesn't support exporting, give up */ - if (pk->keymgmt->export == NULL) - return NULL; - - /* - * Make sure that the type of the keymgmt to export to matches the type - * of the "origin" - */ - if (!ossl_assert(match_type(pk->keymgmt, keymgmt))) - return NULL; - - /* - * We look at the already cached provider keys, and import from the - * first that supports it (i.e. use its export function), and export - * the imported data to the new provider. - */ - - /* Setup for the export callback */ - import_data.keydata = NULL; /* evp_keymgmt_util_try_import will create it */ - import_data.keymgmt = keymgmt; - import_data.selection = OSSL_KEYMGMT_SELECT_ALL; - - /* - * The export function calls the callback (evp_keymgmt_util_try_import), - * which does the import for us. If successful, we're done. - */ - if (!evp_keymgmt_util_export(pk, OSSL_KEYMGMT_SELECT_ALL, - &evp_keymgmt_util_try_import, &import_data)) - /* If there was an error, bail out */ - return NULL; - - if (!CRYPTO_THREAD_write_lock(pk->lock)) { - evp_keymgmt_freedata(keymgmt, import_data.keydata); - return NULL; - } - /* Check to make sure some other thread didn't get there first */ - op = evp_keymgmt_util_find_operation_cache(pk, keymgmt); - if (op != NULL && op->keydata != NULL) { - void *ret = op->keydata; - - CRYPTO_THREAD_unlock(pk->lock); - - /* - * Another thread seemms to have already exported this so we abandon - * all the work we just did. - */ - evp_keymgmt_freedata(keymgmt, import_data.keydata); - - return ret; - } - - /* - * If the dirty counter changed since last time, then clear the - * operation cache. In that case, we know that |i| is zero. - */ - if (pk->dirty_cnt != pk->dirty_cnt_copy) - evp_keymgmt_util_clear_operation_cache(pk, 0); - - /* Add the new export to the operation cache */ - if (!evp_keymgmt_util_cache_keydata(pk, keymgmt, import_data.keydata)) { - CRYPTO_THREAD_unlock(pk->lock); - evp_keymgmt_freedata(keymgmt, import_data.keydata); - return NULL; - } - - /* Synchronize the dirty count */ - pk->dirty_cnt_copy = pk->dirty_cnt; - - CRYPTO_THREAD_unlock(pk->lock); - - return import_data.keydata; -} - -static void op_cache_free(OP_CACHE_ELEM *e) -{ - evp_keymgmt_freedata(e->keymgmt, e->keydata); - EVP_KEYMGMT_free(e->keymgmt); - OPENSSL_free(e); -} - -int evp_keymgmt_util_clear_operation_cache(EVP_PKEY *pk, int locking) -{ - if (pk != NULL) { - if (locking && pk->lock != NULL && !CRYPTO_THREAD_write_lock(pk->lock)) - return 0; - sk_OP_CACHE_ELEM_pop_free(pk->operation_cache, op_cache_free); - pk->operation_cache = NULL; - if (locking && pk->lock != NULL) - CRYPTO_THREAD_unlock(pk->lock); - } - - return 1; -} - -OP_CACHE_ELEM *evp_keymgmt_util_find_operation_cache(EVP_PKEY *pk, - EVP_KEYMGMT *keymgmt) -{ - int i, end = sk_OP_CACHE_ELEM_num(pk->operation_cache); - OP_CACHE_ELEM *p; - - /* - * A comparison and sk_P_CACHE_ELEM_find() are avoided to not cause - * problems when we've only a read lock. - */ - for (i = 0; i < end; i++) { - p = sk_OP_CACHE_ELEM_value(pk->operation_cache, i); - if (keymgmt == p->keymgmt) - return p; - } - return NULL; -} - -int evp_keymgmt_util_cache_keydata(EVP_PKEY *pk, - EVP_KEYMGMT *keymgmt, void *keydata) -{ - OP_CACHE_ELEM *p = NULL; - - if (keydata != NULL) { - if (pk->operation_cache == NULL) { - pk->operation_cache = sk_OP_CACHE_ELEM_new_null(); - if (pk->operation_cache == NULL) - return 0; - } - - p = OPENSSL_malloc(sizeof(*p)); - if (p == NULL) - return 0; - p->keydata = keydata; - p->keymgmt = keymgmt; - - if (!EVP_KEYMGMT_up_ref(keymgmt)) { - OPENSSL_free(p); - return 0; - } - - if (!sk_OP_CACHE_ELEM_push(pk->operation_cache, p)) { - EVP_KEYMGMT_free(keymgmt); - OPENSSL_free(p); - return 0; - } - } - return 1; -} - -void evp_keymgmt_util_cache_keyinfo(EVP_PKEY *pk) -{ - /* - * Cache information about the provider "origin" key. - * - * This services functions like EVP_PKEY_get_size, EVP_PKEY_get_bits, etc - */ - if (pk->keydata != NULL) { - int bits = 0; - int security_bits = 0; - int size = 0; - OSSL_PARAM params[4]; - - params[0] = OSSL_PARAM_construct_int(OSSL_PKEY_PARAM_BITS, &bits); - params[1] = OSSL_PARAM_construct_int(OSSL_PKEY_PARAM_SECURITY_BITS, - &security_bits); - params[2] = OSSL_PARAM_construct_int(OSSL_PKEY_PARAM_MAX_SIZE, &size); - params[3] = OSSL_PARAM_construct_end(); - if (evp_keymgmt_get_params(pk->keymgmt, pk->keydata, params)) { - pk->cache.size = size; - pk->cache.bits = bits; - pk->cache.security_bits = security_bits; - } - } -} - -void *evp_keymgmt_util_fromdata(EVP_PKEY *target, EVP_KEYMGMT *keymgmt, - int selection, const OSSL_PARAM params[]) -{ - void *keydata = NULL; - - if ((keydata = evp_keymgmt_newdata(keymgmt)) == NULL - || !evp_keymgmt_import(keymgmt, keydata, selection, params) - || !evp_keymgmt_util_assign_pkey(target, keymgmt, keydata)) { - evp_keymgmt_freedata(keymgmt, keydata); - keydata = NULL; - } - return keydata; -} - -int evp_keymgmt_util_has(EVP_PKEY *pk, int selection) -{ - /* Check if key is even assigned */ - if (pk->keymgmt == NULL) - return 0; - - return evp_keymgmt_has(pk->keymgmt, pk->keydata, selection); -} - -/* - * evp_keymgmt_util_match() doesn't just look at the provider side "origin", - * but also in the operation cache to see if there's any common keymgmt that - * supplies OP_keymgmt_match. - * - * evp_keymgmt_util_match() adheres to the return values that EVP_PKEY_eq() - * and EVP_PKEY_parameters_eq() return, i.e.: - * - * 1 same key - * 0 not same key - * -1 not same key type - * -2 unsupported operation - */ -int evp_keymgmt_util_match(EVP_PKEY *pk1, EVP_PKEY *pk2, int selection) -{ - EVP_KEYMGMT *keymgmt1 = NULL, *keymgmt2 = NULL; - void *keydata1 = NULL, *keydata2 = NULL; - - if (pk1 == NULL || pk2 == NULL) { - if (pk1 == NULL && pk2 == NULL) - return 1; - return 0; - } - - keymgmt1 = pk1->keymgmt; - keydata1 = pk1->keydata; - keymgmt2 = pk2->keymgmt; - keydata2 = pk2->keydata; - - if (keymgmt1 != keymgmt2) { - /* - * The condition for a successful cross export is that the - * keydata to be exported is NULL (typed, but otherwise empty - * EVP_PKEY), or that it was possible to export it with - * evp_keymgmt_util_export_to_provider(). - * - * We use |ok| to determine if it's ok to cross export one way, - * but also to determine if we should attempt a cross export - * the other way. There's no point doing it both ways. - */ - int ok = 0; - - /* Complex case, where the keymgmt differ */ - if (keymgmt1 != NULL - && keymgmt2 != NULL - && !match_type(keymgmt1, keymgmt2)) { - ERR_raise(ERR_LIB_EVP, EVP_R_DIFFERENT_KEY_TYPES); - return -1; /* Not the same type */ - } - - /* - * The key types are determined to match, so we try cross export, - * but only to keymgmt's that supply a matching function. - */ - if (keymgmt2 != NULL - && keymgmt2->match != NULL) { - void *tmp_keydata = NULL; - - ok = 1; - if (keydata1 != NULL) { - tmp_keydata = - evp_keymgmt_util_export_to_provider(pk1, keymgmt2); - ok = (tmp_keydata != NULL); - } - if (ok) { - keymgmt1 = keymgmt2; - keydata1 = tmp_keydata; - } - } - /* - * If we've successfully cross exported one way, there's no point - * doing it the other way, hence the |!ok| check. - */ - if (!ok - && keymgmt1 != NULL - && keymgmt1->match != NULL) { - void *tmp_keydata = NULL; - - ok = 1; - if (keydata2 != NULL) { - tmp_keydata = - evp_keymgmt_util_export_to_provider(pk2, keymgmt1); - ok = (tmp_keydata != NULL); - } - if (ok) { - keymgmt2 = keymgmt1; - keydata2 = tmp_keydata; - } - } - } - - /* If we still don't have matching keymgmt implementations, we give up */ - if (keymgmt1 != keymgmt2) - return -2; - - /* If both keydata are NULL, then they're the same key */ - if (keydata1 == NULL && keydata2 == NULL) - return 1; - /* If only one of the keydata is NULL, then they're different keys */ - if (keydata1 == NULL || keydata2 == NULL) - return 0; - /* If both keydata are non-NULL, we let the backend decide */ - return evp_keymgmt_match(keymgmt1, keydata1, keydata2, selection); -} - -int evp_keymgmt_util_copy(EVP_PKEY *to, EVP_PKEY *from, int selection) -{ - /* Save copies of pointers we want to play with without affecting |to| */ - EVP_KEYMGMT *to_keymgmt = to->keymgmt; - void *to_keydata = to->keydata, *alloc_keydata = NULL; - - /* An unassigned key can't be copied */ - if (from == NULL || from->keydata == NULL) - return 0; - - /* - * If |to| is unassigned, ensure it gets the same KEYMGMT as |from|, - * Note that the final setting of KEYMGMT is done further down, with - * EVP_PKEY_set_type_by_keymgmt(); we don't want to do that prematurely. - */ - if (to_keymgmt == NULL) - to_keymgmt = from->keymgmt; - - if (to_keymgmt == from->keymgmt && to_keymgmt->dup != NULL - && to_keydata == NULL) { - to_keydata = alloc_keydata = evp_keymgmt_dup(to_keymgmt, - from->keydata, - selection); - if (to_keydata == NULL) - return 0; - } else if (match_type(to_keymgmt, from->keymgmt)) { - struct evp_keymgmt_util_try_import_data_st import_data; - - import_data.keymgmt = to_keymgmt; - import_data.keydata = to_keydata; - import_data.selection = selection; - - if (!evp_keymgmt_util_export(from, selection, - &evp_keymgmt_util_try_import, - &import_data)) - return 0; - - /* - * In case to_keydata was previously unallocated, - * evp_keymgmt_util_try_import() may have created it for us. - */ - if (to_keydata == NULL) - to_keydata = alloc_keydata = import_data.keydata; - } else { - ERR_raise(ERR_LIB_EVP, EVP_R_DIFFERENT_KEY_TYPES); - return 0; - } - - /* - * We only need to set the |to| type when its |keymgmt| isn't set. - * We can then just set its |keydata| to what we have, which might - * be exactly what it had when entering this function. - * This is a bit different from using evp_keymgmt_util_assign_pkey(), - * which isn't as careful with |to|'s original |keymgmt|, since it's - * meant to forcibly reassign an EVP_PKEY no matter what, which is - * why we don't use that one here. - */ - if (to->keymgmt == NULL - && !EVP_PKEY_set_type_by_keymgmt(to, to_keymgmt)) { - evp_keymgmt_freedata(to_keymgmt, alloc_keydata); - return 0; - } - to->keydata = to_keydata; - evp_keymgmt_util_cache_keyinfo(to); - - return 1; -} - -void *evp_keymgmt_util_gen(EVP_PKEY *target, EVP_KEYMGMT *keymgmt, - void *genctx, OSSL_CALLBACK *cb, void *cbarg) -{ - void *keydata = NULL; - - if ((keydata = evp_keymgmt_gen(keymgmt, genctx, cb, cbarg)) == NULL - || !evp_keymgmt_util_assign_pkey(target, keymgmt, keydata)) { - evp_keymgmt_freedata(keymgmt, keydata); - keydata = NULL; - } - - return keydata; -} - -/* - * Returns the same numbers as EVP_PKEY_get_default_digest_name() - * When the string from the EVP_KEYMGMT implementation is "", we use - * SN_undef, since that corresponds to what EVP_PKEY_get_default_nid() - * returns for no digest. - */ -int evp_keymgmt_util_get_deflt_digest_name(EVP_KEYMGMT *keymgmt, - void *keydata, - char *mdname, size_t mdname_sz) -{ - OSSL_PARAM params[3]; - char mddefault[100] = ""; - char mdmandatory[100] = ""; - char *result = NULL; - int rv = -2; - - params[0] = - OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_DEFAULT_DIGEST, - mddefault, sizeof(mddefault)); - params[1] = - OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_MANDATORY_DIGEST, - mdmandatory, - sizeof(mdmandatory)); - params[2] = OSSL_PARAM_construct_end(); - - if (!evp_keymgmt_get_params(keymgmt, keydata, params)) - return 0; - - if (OSSL_PARAM_modified(params + 1)) { - if (params[1].return_size <= 1) /* Only a NUL byte */ - result = SN_undef; - else - result = mdmandatory; - rv = 2; - } else if (OSSL_PARAM_modified(params)) { - if (params[0].return_size <= 1) /* Only a NUL byte */ - result = SN_undef; - else - result = mddefault; - rv = 1; - } - if (rv > 0) - OPENSSL_strlcpy(mdname, result, mdname_sz); - return rv; -} - -/* - * If |keymgmt| has the method function |query_operation_name|, use it to get - * the name of a supported operation identity. Otherwise, return the keytype, - * assuming that it works as a default operation name. - */ -const char *evp_keymgmt_util_query_operation_name(EVP_KEYMGMT *keymgmt, - int op_id) -{ - const char *name = NULL; - - if (keymgmt != NULL) { - if (keymgmt->query_operation_name != NULL) - name = keymgmt->query_operation_name(op_id); - if (name == NULL) - name = EVP_KEYMGMT_get0_name(keymgmt); - } - return name; -} diff --git a/crypto/evp/keymgmt_meth.c b/crypto/evp/keymgmt_meth.c deleted file mode 100644 index 90fd8068dc427a3aca2bb27ff6af4dbb5104b8df..0000000000000000000000000000000000000000 --- a/crypto/evp/keymgmt_meth.c +++ /dev/null @@ -1,496 +0,0 @@ -/* - * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include -#include "internal/provider.h" -#include "internal/refcount.h" -#include "internal/core.h" -#include "crypto/evp.h" -#include "evp_local.h" - -static void *keymgmt_new(void) -{ - EVP_KEYMGMT *keymgmt = NULL; - - if ((keymgmt = OPENSSL_zalloc(sizeof(*keymgmt))) == NULL - || (keymgmt->lock = CRYPTO_THREAD_lock_new()) == NULL) { - EVP_KEYMGMT_free(keymgmt); - ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE); - return NULL; - } - - keymgmt->refcnt = 1; - - return keymgmt; -} - -static void *keymgmt_from_algorithm(int name_id, - const OSSL_ALGORITHM *algodef, - OSSL_PROVIDER *prov) -{ - const OSSL_DISPATCH *fns = algodef->implementation; - EVP_KEYMGMT *keymgmt = NULL; - int setparamfncnt = 0, getparamfncnt = 0; - int setgenparamfncnt = 0; - int importfncnt = 0, exportfncnt = 0; - - if ((keymgmt = keymgmt_new()) == NULL) - return NULL; - - keymgmt->name_id = name_id; - if ((keymgmt->type_name = ossl_algorithm_get1_first_name(algodef)) == NULL) { - EVP_KEYMGMT_free(keymgmt); - return NULL; - } - keymgmt->description = algodef->algorithm_description; - - for (; fns->function_id != 0; fns++) { - switch (fns->function_id) { - case OSSL_FUNC_KEYMGMT_NEW: - if (keymgmt->new == NULL) - keymgmt->new = OSSL_FUNC_keymgmt_new(fns); - break; - case OSSL_FUNC_KEYMGMT_GEN_INIT: - if (keymgmt->gen_init == NULL) - keymgmt->gen_init = OSSL_FUNC_keymgmt_gen_init(fns); - break; - case OSSL_FUNC_KEYMGMT_GEN_SET_TEMPLATE: - if (keymgmt->gen_set_template == NULL) - keymgmt->gen_set_template = - OSSL_FUNC_keymgmt_gen_set_template(fns); - break; - case OSSL_FUNC_KEYMGMT_GEN_SET_PARAMS: - if (keymgmt->gen_set_params == NULL) { - setgenparamfncnt++; - keymgmt->gen_set_params = - OSSL_FUNC_keymgmt_gen_set_params(fns); - } - break; - case OSSL_FUNC_KEYMGMT_GEN_SETTABLE_PARAMS: - if (keymgmt->gen_settable_params == NULL) { - setgenparamfncnt++; - keymgmt->gen_settable_params = - OSSL_FUNC_keymgmt_gen_settable_params(fns); - } - break; - case OSSL_FUNC_KEYMGMT_GEN: - if (keymgmt->gen == NULL) - keymgmt->gen = OSSL_FUNC_keymgmt_gen(fns); - break; - case OSSL_FUNC_KEYMGMT_GEN_CLEANUP: - if (keymgmt->gen_cleanup == NULL) - keymgmt->gen_cleanup = OSSL_FUNC_keymgmt_gen_cleanup(fns); - break; - case OSSL_FUNC_KEYMGMT_FREE: - if (keymgmt->free == NULL) - keymgmt->free = OSSL_FUNC_keymgmt_free(fns); - break; - case OSSL_FUNC_KEYMGMT_LOAD: - if (keymgmt->load == NULL) - keymgmt->load = OSSL_FUNC_keymgmt_load(fns); - break; - case OSSL_FUNC_KEYMGMT_GET_PARAMS: - if (keymgmt->get_params == NULL) { - getparamfncnt++; - keymgmt->get_params = OSSL_FUNC_keymgmt_get_params(fns); - } - break; - case OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS: - if (keymgmt->gettable_params == NULL) { - getparamfncnt++; - keymgmt->gettable_params = - OSSL_FUNC_keymgmt_gettable_params(fns); - } - break; - case OSSL_FUNC_KEYMGMT_SET_PARAMS: - if (keymgmt->set_params == NULL) { - setparamfncnt++; - keymgmt->set_params = OSSL_FUNC_keymgmt_set_params(fns); - } - break; - case OSSL_FUNC_KEYMGMT_SETTABLE_PARAMS: - if (keymgmt->settable_params == NULL) { - setparamfncnt++; - keymgmt->settable_params = - OSSL_FUNC_keymgmt_settable_params(fns); - } - break; - case OSSL_FUNC_KEYMGMT_QUERY_OPERATION_NAME: - if (keymgmt->query_operation_name == NULL) - keymgmt->query_operation_name = - OSSL_FUNC_keymgmt_query_operation_name(fns); - break; - case OSSL_FUNC_KEYMGMT_HAS: - if (keymgmt->has == NULL) - keymgmt->has = OSSL_FUNC_keymgmt_has(fns); - break; - case OSSL_FUNC_KEYMGMT_DUP: - if (keymgmt->dup == NULL) - keymgmt->dup = OSSL_FUNC_keymgmt_dup(fns); - break; - case OSSL_FUNC_KEYMGMT_VALIDATE: - if (keymgmt->validate == NULL) - keymgmt->validate = OSSL_FUNC_keymgmt_validate(fns); - break; - case OSSL_FUNC_KEYMGMT_MATCH: - if (keymgmt->match == NULL) - keymgmt->match = OSSL_FUNC_keymgmt_match(fns); - break; - case OSSL_FUNC_KEYMGMT_IMPORT: - if (keymgmt->import == NULL) { - importfncnt++; - keymgmt->import = OSSL_FUNC_keymgmt_import(fns); - } - break; - case OSSL_FUNC_KEYMGMT_IMPORT_TYPES: - if (keymgmt->import_types == NULL) { - importfncnt++; - keymgmt->import_types = OSSL_FUNC_keymgmt_import_types(fns); - } - break; - case OSSL_FUNC_KEYMGMT_EXPORT: - if (keymgmt->export == NULL) { - exportfncnt++; - keymgmt->export = OSSL_FUNC_keymgmt_export(fns); - } - break; - case OSSL_FUNC_KEYMGMT_EXPORT_TYPES: - if (keymgmt->export_types == NULL) { - exportfncnt++; - keymgmt->export_types = OSSL_FUNC_keymgmt_export_types(fns); - } - break; - } - } - /* - * Try to check that the method is sensible. - * At least one constructor and the destructor are MANDATORY - * The functions 'has' is MANDATORY - * It makes no sense being able to free stuff if you can't create it. - * It makes no sense providing OSSL_PARAM descriptors for import and - * export if you can't import or export. - */ - if (keymgmt->free == NULL - || (keymgmt->new == NULL - && keymgmt->gen == NULL - && keymgmt->load == NULL) - || keymgmt->has == NULL - || (getparamfncnt != 0 && getparamfncnt != 2) - || (setparamfncnt != 0 && setparamfncnt != 2) - || (setgenparamfncnt != 0 && setgenparamfncnt != 2) - || (importfncnt != 0 && importfncnt != 2) - || (exportfncnt != 0 && exportfncnt != 2) - || (keymgmt->gen != NULL - && (keymgmt->gen_init == NULL - || keymgmt->gen_cleanup == NULL))) { - EVP_KEYMGMT_free(keymgmt); - ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS); - return NULL; - } - keymgmt->prov = prov; - if (prov != NULL) - ossl_provider_up_ref(prov); - - return keymgmt; -} - -EVP_KEYMGMT *evp_keymgmt_fetch_by_number(OSSL_LIB_CTX *ctx, int name_id, - const char *properties) -{ - return evp_generic_fetch_by_number(ctx, - OSSL_OP_KEYMGMT, name_id, properties, - keymgmt_from_algorithm, - (int (*)(void *))EVP_KEYMGMT_up_ref, - (void (*)(void *))EVP_KEYMGMT_free); -} - -EVP_KEYMGMT *evp_keymgmt_fetch_from_prov(OSSL_PROVIDER *prov, - const char *name, - const char *properties) -{ - return evp_generic_fetch_from_prov(prov, OSSL_OP_KEYMGMT, - name, properties, - keymgmt_from_algorithm, - (int (*)(void *))EVP_KEYMGMT_up_ref, - (void (*)(void *))EVP_KEYMGMT_free); -} - -EVP_KEYMGMT *EVP_KEYMGMT_fetch(OSSL_LIB_CTX *ctx, const char *algorithm, - const char *properties) -{ - return evp_generic_fetch(ctx, OSSL_OP_KEYMGMT, algorithm, properties, - keymgmt_from_algorithm, - (int (*)(void *))EVP_KEYMGMT_up_ref, - (void (*)(void *))EVP_KEYMGMT_free); -} - -int EVP_KEYMGMT_up_ref(EVP_KEYMGMT *keymgmt) -{ - int ref = 0; - - CRYPTO_UP_REF(&keymgmt->refcnt, &ref, keymgmt->lock); - return 1; -} - -void EVP_KEYMGMT_free(EVP_KEYMGMT *keymgmt) -{ - int ref = 0; - - if (keymgmt == NULL) - return; - - CRYPTO_DOWN_REF(&keymgmt->refcnt, &ref, keymgmt->lock); - if (ref > 0) - return; - OPENSSL_free(keymgmt->type_name); - ossl_provider_free(keymgmt->prov); - CRYPTO_THREAD_lock_free(keymgmt->lock); - OPENSSL_free(keymgmt); -} - -const OSSL_PROVIDER *EVP_KEYMGMT_get0_provider(const EVP_KEYMGMT *keymgmt) -{ - return keymgmt->prov; -} - -int evp_keymgmt_get_number(const EVP_KEYMGMT *keymgmt) -{ - return keymgmt->name_id; -} - -const char *EVP_KEYMGMT_get0_description(const EVP_KEYMGMT *keymgmt) -{ - return keymgmt->description; -} - -const char *EVP_KEYMGMT_get0_name(const EVP_KEYMGMT *keymgmt) -{ - return keymgmt->type_name; -} - -int EVP_KEYMGMT_is_a(const EVP_KEYMGMT *keymgmt, const char *name) -{ - return keymgmt != NULL - && evp_is_a(keymgmt->prov, keymgmt->name_id, NULL, name); -} - -void EVP_KEYMGMT_do_all_provided(OSSL_LIB_CTX *libctx, - void (*fn)(EVP_KEYMGMT *keymgmt, void *arg), - void *arg) -{ - evp_generic_do_all(libctx, OSSL_OP_KEYMGMT, - (void (*)(void *, void *))fn, arg, - keymgmt_from_algorithm, - (int (*)(void *))EVP_KEYMGMT_up_ref, - (void (*)(void *))EVP_KEYMGMT_free); -} - -int EVP_KEYMGMT_names_do_all(const EVP_KEYMGMT *keymgmt, - void (*fn)(const char *name, void *data), - void *data) -{ - if (keymgmt->prov != NULL) - return evp_names_do_all(keymgmt->prov, keymgmt->name_id, fn, data); - - return 1; -} - -/* - * Internal API that interfaces with the method function pointers - */ -void *evp_keymgmt_newdata(const EVP_KEYMGMT *keymgmt) -{ - void *provctx = ossl_provider_ctx(EVP_KEYMGMT_get0_provider(keymgmt)); - - /* - * 'new' is currently mandatory on its own, but when new - * constructors appear, it won't be quite as mandatory, - * so we have a check for future cases. - */ - if (keymgmt->new == NULL) - return NULL; - return keymgmt->new(provctx); -} - -void evp_keymgmt_freedata(const EVP_KEYMGMT *keymgmt, void *keydata) -{ - /* This is mandatory, no need to check for its presence */ - keymgmt->free(keydata); -} - -void *evp_keymgmt_gen_init(const EVP_KEYMGMT *keymgmt, int selection, - const OSSL_PARAM params[]) -{ - void *provctx = ossl_provider_ctx(EVP_KEYMGMT_get0_provider(keymgmt)); - - if (keymgmt->gen_init == NULL) - return NULL; - return keymgmt->gen_init(provctx, selection, params); -} - -int evp_keymgmt_gen_set_template(const EVP_KEYMGMT *keymgmt, void *genctx, - void *template) -{ - /* - * It's arguable if we actually should return success in this case, as - * it allows the caller to set a template key, which is then ignored. - * However, this is how the legacy methods (EVP_PKEY_METHOD) operate, - * so we do this in the interest of backward compatibility. - */ - if (keymgmt->gen_set_template == NULL) - return 1; - return keymgmt->gen_set_template(genctx, template); -} - -int evp_keymgmt_gen_set_params(const EVP_KEYMGMT *keymgmt, void *genctx, - const OSSL_PARAM params[]) -{ - if (keymgmt->gen_set_params == NULL) - return 0; - return keymgmt->gen_set_params(genctx, params); -} - -const OSSL_PARAM *EVP_KEYMGMT_gen_settable_params(const EVP_KEYMGMT *keymgmt) -{ - void *provctx = ossl_provider_ctx(EVP_KEYMGMT_get0_provider(keymgmt)); - - if (keymgmt->gen_settable_params == NULL) - return NULL; - return keymgmt->gen_settable_params(NULL, provctx); -} - -void *evp_keymgmt_gen(const EVP_KEYMGMT *keymgmt, void *genctx, - OSSL_CALLBACK *cb, void *cbarg) -{ - if (keymgmt->gen == NULL) - return NULL; - return keymgmt->gen(genctx, cb, cbarg); -} - -void evp_keymgmt_gen_cleanup(const EVP_KEYMGMT *keymgmt, void *genctx) -{ - if (keymgmt->gen != NULL) - keymgmt->gen_cleanup(genctx); -} - -int evp_keymgmt_has_load(const EVP_KEYMGMT *keymgmt) -{ - return keymgmt != NULL && keymgmt->load != NULL; -} - -void *evp_keymgmt_load(const EVP_KEYMGMT *keymgmt, - const void *objref, size_t objref_sz) -{ - if (evp_keymgmt_has_load(keymgmt)) - return keymgmt->load(objref, objref_sz); - return NULL; -} - -int evp_keymgmt_get_params(const EVP_KEYMGMT *keymgmt, void *keydata, - OSSL_PARAM params[]) -{ - if (keymgmt->get_params == NULL) - return 1; - return keymgmt->get_params(keydata, params); -} - -const OSSL_PARAM *EVP_KEYMGMT_gettable_params(const EVP_KEYMGMT *keymgmt) -{ - void *provctx = ossl_provider_ctx(EVP_KEYMGMT_get0_provider(keymgmt)); - - if (keymgmt->gettable_params == NULL) - return NULL; - return keymgmt->gettable_params(provctx); -} - -int evp_keymgmt_set_params(const EVP_KEYMGMT *keymgmt, void *keydata, - const OSSL_PARAM params[]) -{ - if (keymgmt->set_params == NULL) - return 1; - return keymgmt->set_params(keydata, params); -} - -const OSSL_PARAM *EVP_KEYMGMT_settable_params(const EVP_KEYMGMT *keymgmt) -{ - void *provctx = ossl_provider_ctx(EVP_KEYMGMT_get0_provider(keymgmt)); - - if (keymgmt->settable_params == NULL) - return NULL; - return keymgmt->settable_params(provctx); -} - -int evp_keymgmt_has(const EVP_KEYMGMT *keymgmt, void *keydata, int selection) -{ - /* This is mandatory, no need to check for its presence */ - return keymgmt->has(keydata, selection); -} - -int evp_keymgmt_validate(const EVP_KEYMGMT *keymgmt, void *keydata, - int selection, int checktype) -{ - /* We assume valid if the implementation doesn't have a function */ - if (keymgmt->validate == NULL) - return 1; - return keymgmt->validate(keydata, selection, checktype); -} - -int evp_keymgmt_match(const EVP_KEYMGMT *keymgmt, - const void *keydata1, const void *keydata2, - int selection) -{ - /* We assume no match if the implementation doesn't have a function */ - if (keymgmt->match == NULL) - return 0; - return keymgmt->match(keydata1, keydata2, selection); -} - -int evp_keymgmt_import(const EVP_KEYMGMT *keymgmt, void *keydata, - int selection, const OSSL_PARAM params[]) -{ - if (keymgmt->import == NULL) - return 0; - return keymgmt->import(keydata, selection, params); -} - -const OSSL_PARAM *evp_keymgmt_import_types(const EVP_KEYMGMT *keymgmt, - int selection) -{ - if (keymgmt->import_types == NULL) - return NULL; - return keymgmt->import_types(selection); -} - -int evp_keymgmt_export(const EVP_KEYMGMT *keymgmt, void *keydata, - int selection, OSSL_CALLBACK *param_cb, void *cbarg) -{ - if (keymgmt->export == NULL) - return 0; - return keymgmt->export(keydata, selection, param_cb, cbarg); -} - -const OSSL_PARAM *evp_keymgmt_export_types(const EVP_KEYMGMT *keymgmt, - int selection) -{ - if (keymgmt->export_types == NULL) - return NULL; - return keymgmt->export_types(selection); -} - -void *evp_keymgmt_dup(const EVP_KEYMGMT *keymgmt, const void *keydata_from, - int selection) -{ - /* We assume no dup if the implementation doesn't have a function */ - if (keymgmt->dup == NULL) - return NULL; - return keymgmt->dup(keydata_from, selection); -} diff --git a/crypto/evp/legacy_blake2.c b/crypto/evp/legacy_blake2.c deleted file mode 100644 index 6a18e5fe01b6a7192c1d67bd489b3f024ac189a6..0000000000000000000000000000000000000000 --- a/crypto/evp/legacy_blake2.c +++ /dev/null @@ -1,48 +0,0 @@ -/* - * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include "crypto/evp.h" -#include "prov/blake2.h" /* diverse BLAKE2 macros */ -#include "legacy_meth.h" - -#define ossl_blake2b_init ossl_blake2b512_init -#define ossl_blake2s_init ossl_blake2s256_init - -IMPLEMENT_LEGACY_EVP_MD_METH_LC(blake2s_int, ossl_blake2s) -IMPLEMENT_LEGACY_EVP_MD_METH_LC(blake2b_int, ossl_blake2b) - -static const EVP_MD blake2b_md = { - NID_blake2b512, - 0, - BLAKE2B_DIGEST_LENGTH, - 0, - EVP_ORIG_GLOBAL, - LEGACY_EVP_MD_METH_TABLE(blake2b_int_init, blake2b_int_update, - blake2b_int_final, NULL, BLAKE2B_BLOCKBYTES), -}; - -const EVP_MD *EVP_blake2b512(void) -{ - return &blake2b_md; -} - -static const EVP_MD blake2s_md = { - NID_blake2s256, - 0, - BLAKE2S_DIGEST_LENGTH, - 0, - EVP_ORIG_GLOBAL, - LEGACY_EVP_MD_METH_TABLE(blake2s_int_init, blake2s_int_update, - blake2s_int_final, NULL, BLAKE2S_BLOCKBYTES), -}; - -const EVP_MD *EVP_blake2s256(void) -{ - return &blake2s_md; -} diff --git a/crypto/evp/legacy_md2.c b/crypto/evp/legacy_md2.c deleted file mode 100644 index 72cc99ad704435d121e38b59253ddefa6ad31b7c..0000000000000000000000000000000000000000 --- a/crypto/evp/legacy_md2.c +++ /dev/null @@ -1,34 +0,0 @@ -/* - * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * MD2 low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include -#include "crypto/evp.h" -#include "legacy_meth.h" - -IMPLEMENT_LEGACY_EVP_MD_METH(md2, MD2) - -static const EVP_MD md2_md = { - NID_md2, - NID_md2WithRSAEncryption, - MD2_DIGEST_LENGTH, - 0, - EVP_ORIG_GLOBAL, - LEGACY_EVP_MD_METH_TABLE(md2_init, md2_update, md2_final, NULL, MD2_BLOCK) -}; - -const EVP_MD *EVP_md2(void) -{ - return &md2_md; -} diff --git a/crypto/evp/legacy_md4.c b/crypto/evp/legacy_md4.c deleted file mode 100644 index 4bc852b5209a32bc86d35d9ccec1be83ff490d81..0000000000000000000000000000000000000000 --- a/crypto/evp/legacy_md4.c +++ /dev/null @@ -1,34 +0,0 @@ -/* - * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * MD4 low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include -#include "crypto/evp.h" -#include "legacy_meth.h" - -IMPLEMENT_LEGACY_EVP_MD_METH(md4, MD4) - -static const EVP_MD md4_md = { - NID_md4, - NID_md4WithRSAEncryption, - MD4_DIGEST_LENGTH, - 0, - EVP_ORIG_GLOBAL, - LEGACY_EVP_MD_METH_TABLE(md4_init, md4_update, md4_final, NULL, MD4_CBLOCK), -}; - -const EVP_MD *EVP_md4(void) -{ - return &md4_md; -} diff --git a/crypto/evp/legacy_md5.c b/crypto/evp/legacy_md5.c deleted file mode 100644 index a67be9fef74b04f73ee3dd65d40ae9d3fd63cb6d..0000000000000000000000000000000000000000 --- a/crypto/evp/legacy_md5.c +++ /dev/null @@ -1,34 +0,0 @@ -/* - * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * MD5 low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include -#include "crypto/evp.h" -#include "legacy_meth.h" - -IMPLEMENT_LEGACY_EVP_MD_METH(md5, MD5) - -static const EVP_MD md5_md = { - NID_md5, - NID_md5WithRSAEncryption, - MD5_DIGEST_LENGTH, - 0, - EVP_ORIG_GLOBAL, - LEGACY_EVP_MD_METH_TABLE(md5_init, md5_update, md5_final, NULL, MD5_CBLOCK) -}; - -const EVP_MD *EVP_md5(void) -{ - return &md5_md; -} diff --git a/crypto/evp/legacy_md5_sha1.c b/crypto/evp/legacy_md5_sha1.c deleted file mode 100644 index b84bf3deaaf487be63e05dd373dfd68361942104..0000000000000000000000000000000000000000 --- a/crypto/evp/legacy_md5_sha1.c +++ /dev/null @@ -1,41 +0,0 @@ -/* - * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * MD5 and SHA-1 low level APIs are deprecated for public use, but still ok for - * internal use. The prov/md5_sha1.h include requires this, but this must - * be the first include loaded. - */ -#include "internal/deprecated.h" - -#include "crypto/evp.h" -#include "prov/md5_sha1.h" /* diverse MD5_SHA1 macros */ -#include "legacy_meth.h" - -IMPLEMENT_LEGACY_EVP_MD_METH_LC(md5_sha1_int, ossl_md5_sha1) -static int md5_sha1_int_ctrl(EVP_MD_CTX *ctx, int cmd, int mslen, void *ms) -{ - return ossl_md5_sha1_ctrl(EVP_MD_CTX_get0_md_data(ctx), cmd, mslen, ms); -} - -static const EVP_MD md5_sha1_md = { - NID_md5_sha1, - NID_md5_sha1, - MD5_SHA1_DIGEST_LENGTH, - 0, - EVP_ORIG_GLOBAL, - LEGACY_EVP_MD_METH_TABLE(md5_sha1_int_init, md5_sha1_int_update, - md5_sha1_int_final, md5_sha1_int_ctrl, - MD5_SHA1_CBLOCK), -}; - -const EVP_MD *EVP_md5_sha1(void) -{ - return &md5_sha1_md; -} diff --git a/crypto/evp/legacy_mdc2.c b/crypto/evp/legacy_mdc2.c deleted file mode 100644 index 317d87c61b1452086ee86c0278bd11aeba0b9b9a..0000000000000000000000000000000000000000 --- a/crypto/evp/legacy_mdc2.c +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * MDC2 low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include -#include "crypto/evp.h" -#include "legacy_meth.h" - -IMPLEMENT_LEGACY_EVP_MD_METH(mdc2, MDC2) - -static const EVP_MD mdc2_md = { - NID_mdc2, - NID_mdc2WithRSA, - MDC2_DIGEST_LENGTH, - 0, - EVP_ORIG_GLOBAL, - LEGACY_EVP_MD_METH_TABLE(mdc2_init, mdc2_update, mdc2_final, NULL, - MDC2_BLOCK), -}; - -const EVP_MD *EVP_mdc2(void) -{ - return &mdc2_md; -} diff --git a/crypto/evp/legacy_meth.h b/crypto/evp/legacy_meth.h deleted file mode 100644 index a6e58bc824e2c5caf2cb5067b38368386cd8f5bd..0000000000000000000000000000000000000000 --- a/crypto/evp/legacy_meth.h +++ /dev/null @@ -1,40 +0,0 @@ -/* - * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#define IMPLEMENT_LEGACY_EVP_MD_METH(nm, fn) \ -static int nm##_init(EVP_MD_CTX *ctx) \ -{ \ - return fn##_Init(EVP_MD_CTX_get0_md_data(ctx)); \ -} \ -static int nm##_update(EVP_MD_CTX *ctx, const void *data, size_t count) \ -{ \ - return fn##_Update(EVP_MD_CTX_get0_md_data(ctx), data, count); \ -} \ -static int nm##_final(EVP_MD_CTX *ctx, unsigned char *md) \ -{ \ - return fn##_Final(md, EVP_MD_CTX_get0_md_data(ctx)); \ -} - -#define IMPLEMENT_LEGACY_EVP_MD_METH_LC(nm, fn) \ -static int nm##_init(EVP_MD_CTX *ctx) \ -{ \ - return fn##_init(EVP_MD_CTX_get0_md_data(ctx)); \ -} \ -static int nm##_update(EVP_MD_CTX *ctx, const void *data, size_t count) \ -{ \ - return fn##_update(EVP_MD_CTX_get0_md_data(ctx), data, count); \ -} \ -static int nm##_final(EVP_MD_CTX *ctx, unsigned char *md) \ -{ \ - return fn##_final(md, EVP_MD_CTX_get0_md_data(ctx)); \ -} - - -#define LEGACY_EVP_MD_METH_TABLE(init, update, final, ctrl, blksz) \ - init, update, final, NULL, NULL, blksz, 0, ctrl diff --git a/crypto/evp/legacy_ripemd.c b/crypto/evp/legacy_ripemd.c deleted file mode 100644 index 1fa1ebc04998a7c9d25f4055327461099b5a7245..0000000000000000000000000000000000000000 --- a/crypto/evp/legacy_ripemd.c +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * RIPEMD160 low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include -#include "crypto/evp.h" -#include "legacy_meth.h" - -IMPLEMENT_LEGACY_EVP_MD_METH(ripe, RIPEMD160) - -static const EVP_MD ripemd160_md = { - NID_ripemd160, - NID_ripemd160WithRSA, - RIPEMD160_DIGEST_LENGTH, - 0, - EVP_ORIG_GLOBAL, - LEGACY_EVP_MD_METH_TABLE(ripe_init, ripe_update, ripe_final, NULL, - RIPEMD160_CBLOCK), -}; - -const EVP_MD *EVP_ripemd160(void) -{ - return &ripemd160_md; -} diff --git a/crypto/evp/legacy_sha.c b/crypto/evp/legacy_sha.c deleted file mode 100644 index 3859286eeb2046e6532919a19fdba3e5174715d5..0000000000000000000000000000000000000000 --- a/crypto/evp/legacy_sha.c +++ /dev/null @@ -1,228 +0,0 @@ -/* - * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * All SHA low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include /* diverse SHA macros */ -#include "internal/sha3.h" /* KECCAK1600_WIDTH */ -#include "crypto/evp.h" -/* Used by legacy methods */ -#include "crypto/sha.h" -#include "legacy_meth.h" -#include "evp_local.h" - -/*- - * LEGACY methods for SHA. - * These only remain to support engines that can get these methods. - * Hardware support for SHA3 has been removed from these legacy cases. - */ -#define IMPLEMENT_LEGACY_EVP_MD_METH_SHA3(nm, fn, tag) \ -static int nm##_init(EVP_MD_CTX *ctx) \ -{ \ - return fn##_init(EVP_MD_CTX_get0_md_data(ctx), tag, ctx->digest->md_size * 8); \ -} \ -static int nm##_update(EVP_MD_CTX *ctx, const void *data, size_t count) \ -{ \ - return fn##_update(EVP_MD_CTX_get0_md_data(ctx), data, count); \ -} \ -static int nm##_final(EVP_MD_CTX *ctx, unsigned char *md) \ -{ \ - return fn##_final(md, EVP_MD_CTX_get0_md_data(ctx)); \ -} -#define IMPLEMENT_LEGACY_EVP_MD_METH_SHAKE(nm, fn, tag) \ -static int nm##_init(EVP_MD_CTX *ctx) \ -{ \ - return fn##_init(EVP_MD_CTX_get0_md_data(ctx), tag, ctx->digest->md_size * 8); \ -} \ - -#define sha512_224_Init sha512_224_init -#define sha512_256_Init sha512_256_init - -#define sha512_224_Update SHA512_Update -#define sha512_224_Final SHA512_Final -#define sha512_256_Update SHA512_Update -#define sha512_256_Final SHA512_Final - -IMPLEMENT_LEGACY_EVP_MD_METH(sha1, SHA1) -IMPLEMENT_LEGACY_EVP_MD_METH(sha224, SHA224) -IMPLEMENT_LEGACY_EVP_MD_METH(sha256, SHA256) -IMPLEMENT_LEGACY_EVP_MD_METH(sha384, SHA384) -IMPLEMENT_LEGACY_EVP_MD_METH(sha512, SHA512) -IMPLEMENT_LEGACY_EVP_MD_METH(sha512_224_int, sha512_224) -IMPLEMENT_LEGACY_EVP_MD_METH(sha512_256_int, sha512_256) -IMPLEMENT_LEGACY_EVP_MD_METH_SHA3(sha3_int, ossl_sha3, '\x06') -IMPLEMENT_LEGACY_EVP_MD_METH_SHAKE(shake, ossl_sha3, '\x1f') - -static int sha1_int_ctrl(EVP_MD_CTX *ctx, int cmd, int p1, void *p2) -{ - return ossl_sha1_ctrl(ctx != NULL ? EVP_MD_CTX_get0_md_data(ctx) : NULL, - cmd, p1, p2); -} - -static int shake_ctrl(EVP_MD_CTX *evp_ctx, int cmd, int p1, void *p2) -{ - KECCAK1600_CTX *ctx = evp_ctx->md_data; - - switch (cmd) { - case EVP_MD_CTRL_XOF_LEN: - ctx->md_size = p1; - return 1; - default: - return 0; - } -} - - - -static const EVP_MD sha1_md = { - NID_sha1, - NID_sha1WithRSAEncryption, - SHA_DIGEST_LENGTH, - EVP_MD_FLAG_DIGALGID_ABSENT, - EVP_ORIG_GLOBAL, - LEGACY_EVP_MD_METH_TABLE(sha1_init, sha1_update, sha1_final, sha1_int_ctrl, - SHA_CBLOCK), -}; - -const EVP_MD *EVP_sha1(void) -{ - return &sha1_md; -} - -static const EVP_MD sha224_md = { - NID_sha224, - NID_sha224WithRSAEncryption, - SHA224_DIGEST_LENGTH, - EVP_MD_FLAG_DIGALGID_ABSENT, - EVP_ORIG_GLOBAL, - LEGACY_EVP_MD_METH_TABLE(sha224_init, sha224_update, sha224_final, NULL, - SHA256_CBLOCK), -}; - -const EVP_MD *EVP_sha224(void) -{ - return &sha224_md; -} - -static const EVP_MD sha256_md = { - NID_sha256, - NID_sha256WithRSAEncryption, - SHA256_DIGEST_LENGTH, - EVP_MD_FLAG_DIGALGID_ABSENT, - EVP_ORIG_GLOBAL, - LEGACY_EVP_MD_METH_TABLE(sha256_init, sha256_update, sha256_final, NULL, - SHA256_CBLOCK), -}; - -const EVP_MD *EVP_sha256(void) -{ - return &sha256_md; -} - -static const EVP_MD sha512_224_md = { - NID_sha512_224, - NID_sha512_224WithRSAEncryption, - SHA224_DIGEST_LENGTH, - EVP_MD_FLAG_DIGALGID_ABSENT, - EVP_ORIG_GLOBAL, - LEGACY_EVP_MD_METH_TABLE(sha512_224_int_init, sha512_224_int_update, - sha512_224_int_final, NULL, SHA512_CBLOCK), -}; - -const EVP_MD *EVP_sha512_224(void) -{ - return &sha512_224_md; -} - -static const EVP_MD sha512_256_md = { - NID_sha512_256, - NID_sha512_256WithRSAEncryption, - SHA256_DIGEST_LENGTH, - EVP_MD_FLAG_DIGALGID_ABSENT, - EVP_ORIG_GLOBAL, - LEGACY_EVP_MD_METH_TABLE(sha512_256_int_init, sha512_256_int_update, - sha512_256_int_final, NULL, SHA512_CBLOCK), -}; - -const EVP_MD *EVP_sha512_256(void) -{ - return &sha512_256_md; -} - -static const EVP_MD sha384_md = { - NID_sha384, - NID_sha384WithRSAEncryption, - SHA384_DIGEST_LENGTH, - EVP_MD_FLAG_DIGALGID_ABSENT, - EVP_ORIG_GLOBAL, - LEGACY_EVP_MD_METH_TABLE(sha384_init, sha384_update, sha384_final, NULL, - SHA512_CBLOCK), -}; - -const EVP_MD *EVP_sha384(void) -{ - return &sha384_md; -} - -static const EVP_MD sha512_md = { - NID_sha512, - NID_sha512WithRSAEncryption, - SHA512_DIGEST_LENGTH, - EVP_MD_FLAG_DIGALGID_ABSENT, - EVP_ORIG_GLOBAL, - LEGACY_EVP_MD_METH_TABLE(sha512_init, sha512_update, sha512_final, NULL, - SHA512_CBLOCK), -}; - -const EVP_MD *EVP_sha512(void) -{ - return &sha512_md; -} - -#define EVP_MD_SHA3(bitlen) \ -const EVP_MD *EVP_sha3_##bitlen(void) \ -{ \ - static const EVP_MD sha3_##bitlen##_md = { \ - NID_sha3_##bitlen, \ - NID_RSA_SHA3_##bitlen, \ - bitlen / 8, \ - EVP_MD_FLAG_DIGALGID_ABSENT, \ - EVP_ORIG_GLOBAL, \ - LEGACY_EVP_MD_METH_TABLE(sha3_int_init, sha3_int_update, \ - sha3_int_final, NULL, \ - (KECCAK1600_WIDTH - bitlen * 2) / 8), \ - }; \ - return &sha3_##bitlen##_md; \ -} -#define EVP_MD_SHAKE(bitlen) \ -const EVP_MD *EVP_shake##bitlen(void) \ -{ \ - static const EVP_MD shake##bitlen##_md = { \ - NID_shake##bitlen, \ - 0, \ - bitlen / 8, \ - EVP_MD_FLAG_XOF, \ - EVP_ORIG_GLOBAL, \ - LEGACY_EVP_MD_METH_TABLE(shake_init, sha3_int_update, sha3_int_final, \ - shake_ctrl, (KECCAK1600_WIDTH - bitlen * 2) / 8), \ - }; \ - return &shake##bitlen##_md; \ -} - -EVP_MD_SHA3(224) -EVP_MD_SHA3(256) -EVP_MD_SHA3(384) -EVP_MD_SHA3(512) - -EVP_MD_SHAKE(128) -EVP_MD_SHAKE(256) diff --git a/crypto/evp/legacy_wp.c b/crypto/evp/legacy_wp.c deleted file mode 100644 index 3976ff73fb2d74f2b18982723d8593eae1657b86..0000000000000000000000000000000000000000 --- a/crypto/evp/legacy_wp.c +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Copyright 2005-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * Whirlpool low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include -#include "crypto/evp.h" -#include "legacy_meth.h" - -IMPLEMENT_LEGACY_EVP_MD_METH(wp, WHIRLPOOL) - -static const EVP_MD whirlpool_md = { - NID_whirlpool, - 0, - WHIRLPOOL_DIGEST_LENGTH, - 0, - EVP_ORIG_GLOBAL, - LEGACY_EVP_MD_METH_TABLE(wp_init, wp_update, wp_final, NULL, - WHIRLPOOL_BBLOCK / 8), -}; - -const EVP_MD *EVP_whirlpool(void) -{ - return &whirlpool_md; -} diff --git a/crypto/evp/m_null.c b/crypto/evp/m_null.c deleted file mode 100644 index 7b310d70477eca53e23b538074557d400f5ebdb5..0000000000000000000000000000000000000000 --- a/crypto/evp/m_null.c +++ /dev/null @@ -1,50 +0,0 @@ -/* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/cryptlib.h" -#include -#include -#include -#include "crypto/evp.h" - -static int init(EVP_MD_CTX *ctx) -{ - return 1; -} - -static int update(EVP_MD_CTX *ctx, const void *data, size_t count) -{ - return 1; -} - -static int final(EVP_MD_CTX *ctx, unsigned char *md) -{ - return 1; -} - -static const EVP_MD null_md = { - NID_undef, - NID_undef, - 0, - 0, - EVP_ORIG_GLOBAL, - init, - update, - final, - NULL, - NULL, - 0, - sizeof(EVP_MD *), -}; - -const EVP_MD *EVP_md_null(void) -{ - return &null_md; -} diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c deleted file mode 100644 index 76a6814b424bec3479bdf61374f0178b9cd96ded..0000000000000000000000000000000000000000 --- a/crypto/evp/m_sigver.c +++ /dev/null @@ -1,683 +0,0 @@ -/* - * Copyright 2006-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/cryptlib.h" -#include -#include -#include "crypto/evp.h" -#include "internal/provider.h" -#include "internal/numbers.h" /* includes SIZE_MAX */ -#include "evp_local.h" - -#ifndef FIPS_MODULE - -static int update(EVP_MD_CTX *ctx, const void *data, size_t datalen) -{ - ERR_raise(ERR_LIB_EVP, EVP_R_ONLY_ONESHOT_SUPPORTED); - return 0; -} - -/* - * If we get the "NULL" md then the name comes back as "UNDEF". We want to use - * NULL for this. - */ -static const char *canon_mdname(const char *mdname) -{ - if (mdname != NULL && strcmp(mdname, "UNDEF") == 0) - return NULL; - - return mdname; -} - -static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, - const EVP_MD *type, const char *mdname, - OSSL_LIB_CTX *libctx, const char *props, - ENGINE *e, EVP_PKEY *pkey, int ver, - const OSSL_PARAM params[]) -{ - EVP_PKEY_CTX *locpctx = NULL; - EVP_SIGNATURE *signature = NULL; - EVP_KEYMGMT *tmp_keymgmt = NULL; - const OSSL_PROVIDER *tmp_prov = NULL; - const char *supported_sig = NULL; - char locmdname[80] = ""; /* 80 chars should be enough */ - void *provkey = NULL; - int ret, iter, reinit = 1; - - if (ctx->algctx != NULL) { - if (!ossl_assert(ctx->digest != NULL)) { - ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); - return 0; - } - if (ctx->digest->freectx != NULL) - ctx->digest->freectx(ctx->algctx); - ctx->algctx = NULL; - } - - if (ctx->pctx == NULL) { - reinit = 0; - if (e == NULL) - ctx->pctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, props); - else - ctx->pctx = EVP_PKEY_CTX_new(pkey, e); - } - if (ctx->pctx == NULL) - return 0; - - locpctx = ctx->pctx; - ERR_set_mark(); - - if (evp_pkey_ctx_is_legacy(locpctx)) - goto legacy; - - /* do not reinitialize if pkey is set or operation is different */ - if (reinit - && (pkey != NULL - || locpctx->operation != (ver ? EVP_PKEY_OP_VERIFYCTX - : EVP_PKEY_OP_SIGNCTX) - || (signature = locpctx->op.sig.signature) == NULL - || locpctx->op.sig.algctx == NULL)) - reinit = 0; - - if (props == NULL) - props = locpctx->propquery; - - if (locpctx->pkey == NULL) { - ERR_clear_last_mark(); - ERR_raise(ERR_LIB_EVP, EVP_R_NO_KEY_SET); - goto err; - } - - if (!reinit) { - evp_pkey_ctx_free_old_ops(locpctx); - } else { - if (mdname == NULL && type == NULL) - mdname = canon_mdname(EVP_MD_get0_name(ctx->reqdigest)); - goto reinitialize; - } - - /* - * Try to derive the supported signature from |locpctx->keymgmt|. - */ - if (!ossl_assert(locpctx->pkey->keymgmt == NULL - || locpctx->pkey->keymgmt == locpctx->keymgmt)) { - ERR_clear_last_mark(); - ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR); - goto err; - } - supported_sig = evp_keymgmt_util_query_operation_name(locpctx->keymgmt, - OSSL_OP_SIGNATURE); - if (supported_sig == NULL) { - ERR_clear_last_mark(); - ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); - goto err; - } - - /* - * We perform two iterations: - * - * 1. Do the normal signature fetch, using the fetching data given by - * the EVP_PKEY_CTX. - * 2. Do the provider specific signature fetch, from the same provider - * as |ctx->keymgmt| - * - * We then try to fetch the keymgmt from the same provider as the - * signature, and try to export |ctx->pkey| to that keymgmt (when - * this keymgmt happens to be the same as |ctx->keymgmt|, the export - * is a no-op, but we call it anyway to not complicate the code even - * more). - * If the export call succeeds (returns a non-NULL provider key pointer), - * we're done and can perform the operation itself. If not, we perform - * the second iteration, or jump to legacy. - */ - for (iter = 1, provkey = NULL; iter < 3 && provkey == NULL; iter++) { - EVP_KEYMGMT *tmp_keymgmt_tofree = NULL; - - /* - * If we're on the second iteration, free the results from the first. - * They are NULL on the first iteration, so no need to check what - * iteration we're on. - */ - EVP_SIGNATURE_free(signature); - EVP_KEYMGMT_free(tmp_keymgmt); - - switch (iter) { - case 1: - signature = EVP_SIGNATURE_fetch(locpctx->libctx, supported_sig, - locpctx->propquery); - if (signature != NULL) - tmp_prov = EVP_SIGNATURE_get0_provider(signature); - break; - case 2: - tmp_prov = EVP_KEYMGMT_get0_provider(locpctx->keymgmt); - signature = - evp_signature_fetch_from_prov((OSSL_PROVIDER *)tmp_prov, - supported_sig, locpctx->propquery); - if (signature == NULL) - goto legacy; - break; - } - if (signature == NULL) - continue; - - /* - * Ensure that the key is provided, either natively, or as a cached - * export. We start by fetching the keymgmt with the same name as - * |locpctx->pkey|, but from the provider of the signature method, using - * the same property query as when fetching the signature method. - * With the keymgmt we found (if we did), we try to export |locpctx->pkey| - * to it (evp_pkey_export_to_provider() is smart enough to only actually - - * export it if |tmp_keymgmt| is different from |locpctx->pkey|'s keymgmt) - */ - tmp_keymgmt_tofree = tmp_keymgmt = - evp_keymgmt_fetch_from_prov((OSSL_PROVIDER *)tmp_prov, - EVP_KEYMGMT_get0_name(locpctx->keymgmt), - locpctx->propquery); - if (tmp_keymgmt != NULL) - provkey = evp_pkey_export_to_provider(locpctx->pkey, locpctx->libctx, - &tmp_keymgmt, locpctx->propquery); - if (tmp_keymgmt == NULL) - EVP_KEYMGMT_free(tmp_keymgmt_tofree); - } - - if (provkey == NULL) { - EVP_SIGNATURE_free(signature); - ERR_clear_last_mark(); - ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); - goto err; - } - - ERR_pop_to_mark(); - - /* No more legacy from here down to legacy: */ - - locpctx->op.sig.signature = signature; - locpctx->operation = ver ? EVP_PKEY_OP_VERIFYCTX - : EVP_PKEY_OP_SIGNCTX; - locpctx->op.sig.algctx - = signature->newctx(ossl_provider_ctx(signature->prov), props); - if (locpctx->op.sig.algctx == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); - goto err; - } - - reinitialize: - if (pctx != NULL) - *pctx = locpctx; - - if (type != NULL) { - ctx->reqdigest = type; - if (mdname == NULL) - mdname = canon_mdname(EVP_MD_get0_name(type)); - } else { - if (mdname == NULL && !reinit) { - if (evp_keymgmt_util_get_deflt_digest_name(tmp_keymgmt, provkey, - locmdname, - sizeof(locmdname)) > 0) { - mdname = canon_mdname(locmdname); - } - } - - if (mdname != NULL) { - /* - * We're about to get a new digest so clear anything associated with - * an old digest. - */ - evp_md_ctx_clear_digest(ctx, 1, 0); - - /* legacy code support for engines */ - ERR_set_mark(); - /* - * This might be requested by a later call to EVP_MD_CTX_get0_md(). - * In that case the "explicit fetch" rules apply for that - * function (as per man pages), i.e. the ref count is not updated - * so the EVP_MD should not be used beyound the lifetime of the - * EVP_MD_CTX. - */ - ctx->fetched_digest = EVP_MD_fetch(locpctx->libctx, mdname, props); - if (ctx->fetched_digest != NULL) { - ctx->digest = ctx->reqdigest = ctx->fetched_digest; - } else { - /* legacy engine support : remove the mark when this is deleted */ - ctx->reqdigest = ctx->digest = EVP_get_digestbyname(mdname); - if (ctx->digest == NULL) { - (void)ERR_clear_last_mark(); - ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); - goto err; - } - } - (void)ERR_pop_to_mark(); - } - } - - if (ver) { - if (signature->digest_verify_init == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); - goto err; - } - ret = signature->digest_verify_init(locpctx->op.sig.algctx, - mdname, provkey, params); - } else { - if (signature->digest_sign_init == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); - goto err; - } - ret = signature->digest_sign_init(locpctx->op.sig.algctx, - mdname, provkey, params); - } - - /* - * If the operation was not a success and no digest was found, an error - * needs to be raised. - */ - if (ret > 0 || mdname != NULL) - goto end; - if (type == NULL) /* This check is redundant but clarifies matters */ - ERR_raise(ERR_LIB_EVP, EVP_R_NO_DEFAULT_DIGEST); - - err: - evp_pkey_ctx_free_old_ops(locpctx); - locpctx->operation = EVP_PKEY_OP_UNDEFINED; - EVP_KEYMGMT_free(tmp_keymgmt); - return 0; - - legacy: - /* - * If we don't have the full support we need with provided methods, - * let's go see if legacy does. - */ - ERR_pop_to_mark(); - EVP_KEYMGMT_free(tmp_keymgmt); - tmp_keymgmt = NULL; - - if (type == NULL && mdname != NULL) - type = evp_get_digestbyname_ex(locpctx->libctx, mdname); - - if (ctx->pctx->pmeth == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); - return 0; - } - - if (!(ctx->pctx->pmeth->flags & EVP_PKEY_FLAG_SIGCTX_CUSTOM)) { - - if (type == NULL) { - int def_nid; - if (EVP_PKEY_get_default_digest_nid(pkey, &def_nid) > 0) - type = EVP_get_digestbynid(def_nid); - } - - if (type == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_NO_DEFAULT_DIGEST); - return 0; - } - } - - if (ver) { - if (ctx->pctx->pmeth->verifyctx_init) { - if (ctx->pctx->pmeth->verifyctx_init(ctx->pctx, ctx) <= 0) - return 0; - ctx->pctx->operation = EVP_PKEY_OP_VERIFYCTX; - } else if (ctx->pctx->pmeth->digestverify != 0) { - ctx->pctx->operation = EVP_PKEY_OP_VERIFY; - ctx->update = update; - } else if (EVP_PKEY_verify_init(ctx->pctx) <= 0) { - return 0; - } - } else { - if (ctx->pctx->pmeth->signctx_init) { - if (ctx->pctx->pmeth->signctx_init(ctx->pctx, ctx) <= 0) - return 0; - ctx->pctx->operation = EVP_PKEY_OP_SIGNCTX; - } else if (ctx->pctx->pmeth->digestsign != 0) { - ctx->pctx->operation = EVP_PKEY_OP_SIGN; - ctx->update = update; - } else if (EVP_PKEY_sign_init(ctx->pctx) <= 0) { - return 0; - } - } - if (EVP_PKEY_CTX_set_signature_md(ctx->pctx, type) <= 0) - return 0; - if (pctx) - *pctx = ctx->pctx; - if (ctx->pctx->pmeth->flags & EVP_PKEY_FLAG_SIGCTX_CUSTOM) - return 1; - if (!EVP_DigestInit_ex(ctx, type, e)) - return 0; - /* - * This indicates the current algorithm requires - * special treatment before hashing the tbs-message. - */ - ctx->pctx->flag_call_digest_custom = 0; - if (ctx->pctx->pmeth->digest_custom != NULL) - ctx->pctx->flag_call_digest_custom = 1; - - ret = 1; - - end: -#ifndef FIPS_MODULE - if (ret > 0) - ret = evp_pkey_ctx_use_cached_data(locpctx); -#endif - - EVP_KEYMGMT_free(tmp_keymgmt); - return ret > 0 ? 1 : 0; -} - -int EVP_DigestSignInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, - const char *mdname, OSSL_LIB_CTX *libctx, - const char *props, EVP_PKEY *pkey, - const OSSL_PARAM params[]) -{ - return do_sigver_init(ctx, pctx, NULL, mdname, libctx, props, NULL, pkey, 0, - params); -} - -int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, - const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey) -{ - return do_sigver_init(ctx, pctx, type, NULL, NULL, NULL, e, pkey, 0, - NULL); -} - -int EVP_DigestVerifyInit_ex(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, - const char *mdname, OSSL_LIB_CTX *libctx, - const char *props, EVP_PKEY *pkey, - const OSSL_PARAM params[]) -{ - return do_sigver_init(ctx, pctx, NULL, mdname, libctx, props, NULL, pkey, 1, - params); -} - -int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, - const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey) -{ - return do_sigver_init(ctx, pctx, type, NULL, NULL, NULL, e, pkey, 1, - NULL); -} -#endif /* FIPS_MDOE */ - -int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize) -{ - EVP_PKEY_CTX *pctx = ctx->pctx; - - if (pctx == NULL - || pctx->operation != EVP_PKEY_OP_SIGNCTX - || pctx->op.sig.algctx == NULL - || pctx->op.sig.signature == NULL) - goto legacy; - - if (pctx->op.sig.signature->digest_sign_update == NULL) { - ERR_raise(ERR_LIB_EVP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return 0; - } - - return pctx->op.sig.signature->digest_sign_update(pctx->op.sig.algctx, - data, dsize); - - legacy: - if (pctx != NULL) { - /* do_sigver_init() checked that |digest_custom| is non-NULL */ - if (pctx->flag_call_digest_custom - && !ctx->pctx->pmeth->digest_custom(ctx->pctx, ctx)) - return 0; - pctx->flag_call_digest_custom = 0; - } - - return EVP_DigestUpdate(ctx, data, dsize); -} - -int EVP_DigestVerifyUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize) -{ - EVP_PKEY_CTX *pctx = ctx->pctx; - - if (pctx == NULL - || pctx->operation != EVP_PKEY_OP_VERIFYCTX - || pctx->op.sig.algctx == NULL - || pctx->op.sig.signature == NULL) - goto legacy; - - if (pctx->op.sig.signature->digest_verify_update == NULL) { - ERR_raise(ERR_LIB_EVP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return 0; - } - - return pctx->op.sig.signature->digest_verify_update(pctx->op.sig.algctx, - data, dsize); - - legacy: - if (pctx != NULL) { - /* do_sigver_init() checked that |digest_custom| is non-NULL */ - if (pctx->flag_call_digest_custom - && !ctx->pctx->pmeth->digest_custom(ctx->pctx, ctx)) - return 0; - pctx->flag_call_digest_custom = 0; - } - - return EVP_DigestUpdate(ctx, data, dsize); -} - -#ifndef FIPS_MODULE -int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, - size_t *siglen) -{ - int sctx = 0, r = 0; - EVP_PKEY_CTX *dctx, *pctx = ctx->pctx; - - if (pctx == NULL - || pctx->operation != EVP_PKEY_OP_SIGNCTX - || pctx->op.sig.algctx == NULL - || pctx->op.sig.signature == NULL) - goto legacy; - - if (sigret == NULL || (ctx->flags & EVP_MD_CTX_FLAG_FINALISE) != 0) - return pctx->op.sig.signature->digest_sign_final(pctx->op.sig.algctx, - sigret, siglen, - sigret == NULL ? 0 : *siglen); - dctx = EVP_PKEY_CTX_dup(pctx); - if (dctx == NULL) - return 0; - - r = dctx->op.sig.signature->digest_sign_final(dctx->op.sig.algctx, - sigret, siglen, - *siglen); - EVP_PKEY_CTX_free(dctx); - return r; - - legacy: - if (pctx == NULL || pctx->pmeth == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); - return 0; - } - - /* do_sigver_init() checked that |digest_custom| is non-NULL */ - if (pctx->flag_call_digest_custom - && !ctx->pctx->pmeth->digest_custom(ctx->pctx, ctx)) - return 0; - pctx->flag_call_digest_custom = 0; - - if (pctx->pmeth->flags & EVP_PKEY_FLAG_SIGCTX_CUSTOM) { - if (sigret == NULL) - return pctx->pmeth->signctx(pctx, sigret, siglen, ctx); - if (ctx->flags & EVP_MD_CTX_FLAG_FINALISE) - r = pctx->pmeth->signctx(pctx, sigret, siglen, ctx); - else { - dctx = EVP_PKEY_CTX_dup(pctx); - if (dctx == NULL) - return 0; - r = dctx->pmeth->signctx(dctx, sigret, siglen, ctx); - EVP_PKEY_CTX_free(dctx); - } - return r; - } - if (pctx->pmeth->signctx != NULL) - sctx = 1; - else - sctx = 0; - if (sigret != NULL) { - unsigned char md[EVP_MAX_MD_SIZE]; - unsigned int mdlen = 0; - - if (ctx->flags & EVP_MD_CTX_FLAG_FINALISE) { - if (sctx) - r = pctx->pmeth->signctx(pctx, sigret, siglen, ctx); - else - r = EVP_DigestFinal_ex(ctx, md, &mdlen); - } else { - EVP_MD_CTX *tmp_ctx = EVP_MD_CTX_new(); - - if (tmp_ctx == NULL) - return 0; - if (!EVP_MD_CTX_copy_ex(tmp_ctx, ctx)) { - EVP_MD_CTX_free(tmp_ctx); - return 0; - } - if (sctx) - r = tmp_ctx->pctx->pmeth->signctx(tmp_ctx->pctx, - sigret, siglen, tmp_ctx); - else - r = EVP_DigestFinal_ex(tmp_ctx, md, &mdlen); - EVP_MD_CTX_free(tmp_ctx); - } - if (sctx || !r) - return r; - if (EVP_PKEY_sign(pctx, sigret, siglen, md, mdlen) <= 0) - return 0; - } else { - if (sctx) { - if (pctx->pmeth->signctx(pctx, sigret, siglen, ctx) <= 0) - return 0; - } else { - int s = EVP_MD_get_size(ctx->digest); - - if (s < 0 || EVP_PKEY_sign(pctx, sigret, siglen, NULL, s) <= 0) - return 0; - } - } - return 1; -} - -int EVP_DigestSign(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen, - const unsigned char *tbs, size_t tbslen) -{ - EVP_PKEY_CTX *pctx = ctx->pctx; - - if (pctx != NULL - && pctx->operation == EVP_PKEY_OP_SIGNCTX - && pctx->op.sig.algctx != NULL - && pctx->op.sig.signature != NULL) { - if (pctx->op.sig.signature->digest_sign != NULL) - return pctx->op.sig.signature->digest_sign(pctx->op.sig.algctx, - sigret, siglen, - sigret == NULL ? 0 : *siglen, - tbs, tbslen); - } else { - /* legacy */ - if (ctx->pctx->pmeth != NULL && ctx->pctx->pmeth->digestsign != NULL) - return ctx->pctx->pmeth->digestsign(ctx, sigret, siglen, tbs, tbslen); - } - - if (sigret != NULL && EVP_DigestSignUpdate(ctx, tbs, tbslen) <= 0) - return 0; - return EVP_DigestSignFinal(ctx, sigret, siglen); -} - -int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig, - size_t siglen) -{ - unsigned char md[EVP_MAX_MD_SIZE]; - int r = 0; - unsigned int mdlen = 0; - int vctx = 0; - EVP_PKEY_CTX *dctx, *pctx = ctx->pctx; - - if (pctx == NULL - || pctx->operation != EVP_PKEY_OP_VERIFYCTX - || pctx->op.sig.algctx == NULL - || pctx->op.sig.signature == NULL) - goto legacy; - - if ((ctx->flags & EVP_MD_CTX_FLAG_FINALISE) != 0) - return pctx->op.sig.signature->digest_verify_final(pctx->op.sig.algctx, - sig, siglen); - dctx = EVP_PKEY_CTX_dup(pctx); - if (dctx == NULL) - return 0; - - r = dctx->op.sig.signature->digest_verify_final(dctx->op.sig.algctx, - sig, siglen); - EVP_PKEY_CTX_free(dctx); - return r; - - legacy: - if (pctx == NULL || pctx->pmeth == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); - return 0; - } - - /* do_sigver_init() checked that |digest_custom| is non-NULL */ - if (pctx->flag_call_digest_custom - && !ctx->pctx->pmeth->digest_custom(ctx->pctx, ctx)) - return 0; - pctx->flag_call_digest_custom = 0; - - if (pctx->pmeth->verifyctx != NULL) - vctx = 1; - else - vctx = 0; - if (ctx->flags & EVP_MD_CTX_FLAG_FINALISE) { - if (vctx) - r = pctx->pmeth->verifyctx(pctx, sig, siglen, ctx); - else - r = EVP_DigestFinal_ex(ctx, md, &mdlen); - } else { - EVP_MD_CTX *tmp_ctx = EVP_MD_CTX_new(); - if (tmp_ctx == NULL) - return -1; - if (!EVP_MD_CTX_copy_ex(tmp_ctx, ctx)) { - EVP_MD_CTX_free(tmp_ctx); - return -1; - } - if (vctx) - r = tmp_ctx->pctx->pmeth->verifyctx(tmp_ctx->pctx, - sig, siglen, tmp_ctx); - else - r = EVP_DigestFinal_ex(tmp_ctx, md, &mdlen); - EVP_MD_CTX_free(tmp_ctx); - } - if (vctx || !r) - return r; - return EVP_PKEY_verify(pctx, sig, siglen, md, mdlen); -} - -int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret, - size_t siglen, const unsigned char *tbs, size_t tbslen) -{ - EVP_PKEY_CTX *pctx = ctx->pctx; - - if (pctx != NULL - && pctx->operation == EVP_PKEY_OP_VERIFYCTX - && pctx->op.sig.algctx != NULL - && pctx->op.sig.signature != NULL) { - if (pctx->op.sig.signature->digest_verify != NULL) - return pctx->op.sig.signature->digest_verify(pctx->op.sig.algctx, - sigret, siglen, - tbs, tbslen); - } else { - /* legacy */ - if (ctx->pctx->pmeth != NULL && ctx->pctx->pmeth->digestverify != NULL) - return ctx->pctx->pmeth->digestverify(ctx, sigret, siglen, tbs, tbslen); - } - - if (EVP_DigestVerifyUpdate(ctx, tbs, tbslen) <= 0) - return -1; - return EVP_DigestVerifyFinal(ctx, sigret, siglen); -} -#endif /* FIPS_MODULE */ diff --git a/crypto/evp/mac_lib.c b/crypto/evp/mac_lib.c deleted file mode 100644 index 90c79715d757cc7436d79f65764163717532e8e8..0000000000000000000000000000000000000000 --- a/crypto/evp/mac_lib.c +++ /dev/null @@ -1,303 +0,0 @@ -/* - * Copyright 2018-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include -#include -#include -#include -#include "internal/nelem.h" -#include "crypto/evp.h" -#include "internal/provider.h" -#include "evp_local.h" - -EVP_MAC_CTX *EVP_MAC_CTX_new(EVP_MAC *mac) -{ - EVP_MAC_CTX *ctx = OPENSSL_zalloc(sizeof(EVP_MAC_CTX)); - - if (ctx == NULL - || (ctx->algctx = mac->newctx(ossl_provider_ctx(mac->prov))) == NULL - || !EVP_MAC_up_ref(mac)) { - ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE); - if (ctx != NULL) - mac->freectx(ctx->algctx); - OPENSSL_free(ctx); - ctx = NULL; - } else { - ctx->meth = mac; - } - return ctx; -} - -void EVP_MAC_CTX_free(EVP_MAC_CTX *ctx) -{ - if (ctx == NULL) - return; - ctx->meth->freectx(ctx->algctx); - ctx->algctx = NULL; - /* refcnt-- */ - EVP_MAC_free(ctx->meth); - OPENSSL_free(ctx); -} - -EVP_MAC_CTX *EVP_MAC_CTX_dup(const EVP_MAC_CTX *src) -{ - EVP_MAC_CTX *dst; - - if (src->algctx == NULL) - return NULL; - - dst = OPENSSL_malloc(sizeof(*dst)); - if (dst == NULL) { - ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE); - return NULL; - } - - *dst = *src; - if (!EVP_MAC_up_ref(dst->meth)) { - ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE); - OPENSSL_free(dst); - return NULL; - } - - dst->algctx = src->meth->dupctx(src->algctx); - if (dst->algctx == NULL) { - EVP_MAC_CTX_free(dst); - return NULL; - } - - return dst; -} - -EVP_MAC *EVP_MAC_CTX_get0_mac(EVP_MAC_CTX *ctx) -{ - return ctx->meth; -} - -static size_t get_size_t_ctx_param(EVP_MAC_CTX *ctx, const char *name) -{ - size_t sz = 0; - - if (ctx->algctx != NULL) { - OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; - - params[0] = OSSL_PARAM_construct_size_t(name, &sz); - if (ctx->meth->get_ctx_params != NULL) { - if (ctx->meth->get_ctx_params(ctx->algctx, params)) - return sz; - } else if (ctx->meth->get_params != NULL) { - if (ctx->meth->get_params(params)) - return sz; - } - } - /* - * If the MAC hasn't been initialized yet, or there is no size to get, - * we return zero - */ - return 0; -} - -size_t EVP_MAC_CTX_get_mac_size(EVP_MAC_CTX *ctx) -{ - return get_size_t_ctx_param(ctx, OSSL_MAC_PARAM_SIZE); -} - -size_t EVP_MAC_CTX_get_block_size(EVP_MAC_CTX *ctx) -{ - return get_size_t_ctx_param(ctx, OSSL_MAC_PARAM_BLOCK_SIZE); -} - -int EVP_MAC_init(EVP_MAC_CTX *ctx, const unsigned char *key, size_t keylen, - const OSSL_PARAM params[]) -{ - return ctx->meth->init(ctx->algctx, key, keylen, params); -} - -int EVP_MAC_update(EVP_MAC_CTX *ctx, const unsigned char *data, size_t datalen) -{ - return ctx->meth->update(ctx->algctx, data, datalen); -} - -static int evp_mac_final(EVP_MAC_CTX *ctx, int xof, - unsigned char *out, size_t *outl, size_t outsize) -{ - size_t l; - int res; - OSSL_PARAM params[2]; - size_t macsize; - - if (ctx == NULL || ctx->meth == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_NULL_ALGORITHM); - return 0; - } - if (ctx->meth->final == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_FINAL_ERROR); - return 0; - } - - macsize = EVP_MAC_CTX_get_mac_size(ctx); - if (out == NULL) { - if (outl == NULL) { - ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - *outl = macsize; - return 1; - } - if (outsize < macsize) { - ERR_raise(ERR_LIB_EVP, EVP_R_BUFFER_TOO_SMALL); - return 0; - } - if (xof) { - params[0] = OSSL_PARAM_construct_int(OSSL_MAC_PARAM_XOF, &xof); - params[1] = OSSL_PARAM_construct_end(); - - if (EVP_MAC_CTX_set_params(ctx, params) <= 0) { - ERR_raise(ERR_LIB_EVP, EVP_R_SETTING_XOF_FAILED); - return 0; - } - } - res = ctx->meth->final(ctx->algctx, out, &l, outsize); - if (outl != NULL) - *outl = l; - return res; -} - -int EVP_MAC_final(EVP_MAC_CTX *ctx, - unsigned char *out, size_t *outl, size_t outsize) -{ - return evp_mac_final(ctx, 0, out, outl, outsize); -} - -int EVP_MAC_finalXOF(EVP_MAC_CTX *ctx, unsigned char *out, size_t outsize) -{ - return evp_mac_final(ctx, 1, out, NULL, outsize); -} - -/* - * The {get,set}_params functions return 1 if there is no corresponding - * function in the implementation. This is the same as if there was one, - * but it didn't recognise any of the given params, i.e. nothing in the - * bag of parameters was useful. - */ -int EVP_MAC_get_params(EVP_MAC *mac, OSSL_PARAM params[]) -{ - if (mac->get_params != NULL) - return mac->get_params(params); - return 1; -} - -int EVP_MAC_CTX_get_params(EVP_MAC_CTX *ctx, OSSL_PARAM params[]) -{ - if (ctx->meth->get_ctx_params != NULL) - return ctx->meth->get_ctx_params(ctx->algctx, params); - return 1; -} - -int EVP_MAC_CTX_set_params(EVP_MAC_CTX *ctx, const OSSL_PARAM params[]) -{ - if (ctx->meth->set_ctx_params != NULL) - return ctx->meth->set_ctx_params(ctx->algctx, params); - return 1; -} - -int evp_mac_get_number(const EVP_MAC *mac) -{ - return mac->name_id; -} - -const char *EVP_MAC_get0_name(const EVP_MAC *mac) -{ - return mac->type_name; -} - -const char *EVP_MAC_get0_description(const EVP_MAC *mac) -{ - return mac->description; -} - -int EVP_MAC_is_a(const EVP_MAC *mac, const char *name) -{ - return mac != NULL && evp_is_a(mac->prov, mac->name_id, NULL, name); -} - -int EVP_MAC_names_do_all(const EVP_MAC *mac, - void (*fn)(const char *name, void *data), - void *data) -{ - if (mac->prov != NULL) - return evp_names_do_all(mac->prov, mac->name_id, fn, data); - - return 1; -} - -unsigned char *EVP_Q_mac(OSSL_LIB_CTX *libctx, - const char *name, const char *propq, - const char *subalg, const OSSL_PARAM *params, - const void *key, size_t keylen, - const unsigned char *data, size_t datalen, - unsigned char *out, size_t outsize, size_t *outlen) -{ - EVP_MAC *mac = EVP_MAC_fetch(libctx, name, propq); - OSSL_PARAM subalg_param[] = { OSSL_PARAM_END, OSSL_PARAM_END }; - EVP_MAC_CTX *ctx = NULL; - size_t len = 0; - unsigned char *res = NULL; - - if (outlen != NULL) - *outlen = 0; - if (mac == NULL) - return NULL; - if (subalg != NULL) { - const OSSL_PARAM *defined_params = EVP_MAC_settable_ctx_params(mac); - const char *param_name = OSSL_MAC_PARAM_DIGEST; - - /* - * The underlying algorithm may be a cipher or a digest. - * We don't know which it is, but we can ask the MAC what it - * should be and bet on that. - */ - if (OSSL_PARAM_locate_const(defined_params, param_name) == NULL) { - param_name = OSSL_MAC_PARAM_CIPHER; - if (OSSL_PARAM_locate_const(defined_params, param_name) == NULL) { - ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_INVALID_ARGUMENT); - goto err; - } - } - subalg_param[0] = - OSSL_PARAM_construct_utf8_string(param_name, (char *)subalg, 0); - } - /* Single-shot - on NULL key input, set dummy key value for EVP_MAC_Init. */ - if (key == NULL && keylen == 0) - key = data; - if ((ctx = EVP_MAC_CTX_new(mac)) != NULL - && EVP_MAC_CTX_set_params(ctx, subalg_param) - && EVP_MAC_CTX_set_params(ctx, params) - && EVP_MAC_init(ctx, key, keylen, params) - && EVP_MAC_update(ctx, data, datalen) - && EVP_MAC_final(ctx, out, &len, outsize)) { - if (out == NULL) { - out = OPENSSL_malloc(len); - if (out != NULL && !EVP_MAC_final(ctx, out, NULL, len)) { - OPENSSL_free(out); - out = NULL; - } - } - res = out; - if (res != NULL && outlen != NULL) - *outlen = len; - } - - err: - EVP_MAC_CTX_free(ctx); - EVP_MAC_free(mac); - return res; -} diff --git a/crypto/evp/mac_meth.c b/crypto/evp/mac_meth.c deleted file mode 100644 index 85fe7704fde27a616a5e22ee4ef6a1f27600bfb7..0000000000000000000000000000000000000000 --- a/crypto/evp/mac_meth.c +++ /dev/null @@ -1,246 +0,0 @@ -/* - * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include -#include "internal/provider.h" -#include "internal/core.h" -#include "crypto/evp.h" -#include "evp_local.h" - -static int evp_mac_up_ref(void *vmac) -{ - EVP_MAC *mac = vmac; - int ref = 0; - - CRYPTO_UP_REF(&mac->refcnt, &ref, mac->lock); - return 1; -} - -static void evp_mac_free(void *vmac) -{ - EVP_MAC *mac = vmac; - int ref = 0; - - if (mac == NULL) - return; - - CRYPTO_DOWN_REF(&mac->refcnt, &ref, mac->lock); - if (ref > 0) - return; - OPENSSL_free(mac->type_name); - ossl_provider_free(mac->prov); - CRYPTO_THREAD_lock_free(mac->lock); - OPENSSL_free(mac); -} - -static void *evp_mac_new(void) -{ - EVP_MAC *mac = NULL; - - if ((mac = OPENSSL_zalloc(sizeof(*mac))) == NULL - || (mac->lock = CRYPTO_THREAD_lock_new()) == NULL) { - evp_mac_free(mac); - return NULL; - } - - mac->refcnt = 1; - - return mac; -} - -static void *evp_mac_from_algorithm(int name_id, - const OSSL_ALGORITHM *algodef, - OSSL_PROVIDER *prov) -{ - const OSSL_DISPATCH *fns = algodef->implementation; - EVP_MAC *mac = NULL; - int fnmaccnt = 0, fnctxcnt = 0; - - if ((mac = evp_mac_new()) == NULL) { - ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE); - return NULL; - } - mac->name_id = name_id; - if ((mac->type_name = ossl_algorithm_get1_first_name(algodef)) == NULL) { - evp_mac_free(mac); - return NULL; - } - mac->description = algodef->algorithm_description; - - for (; fns->function_id != 0; fns++) { - switch (fns->function_id) { - case OSSL_FUNC_MAC_NEWCTX: - if (mac->newctx != NULL) - break; - mac->newctx = OSSL_FUNC_mac_newctx(fns); - fnctxcnt++; - break; - case OSSL_FUNC_MAC_DUPCTX: - if (mac->dupctx != NULL) - break; - mac->dupctx = OSSL_FUNC_mac_dupctx(fns); - break; - case OSSL_FUNC_MAC_FREECTX: - if (mac->freectx != NULL) - break; - mac->freectx = OSSL_FUNC_mac_freectx(fns); - fnctxcnt++; - break; - case OSSL_FUNC_MAC_INIT: - if (mac->init != NULL) - break; - mac->init = OSSL_FUNC_mac_init(fns); - fnmaccnt++; - break; - case OSSL_FUNC_MAC_UPDATE: - if (mac->update != NULL) - break; - mac->update = OSSL_FUNC_mac_update(fns); - fnmaccnt++; - break; - case OSSL_FUNC_MAC_FINAL: - if (mac->final != NULL) - break; - mac->final = OSSL_FUNC_mac_final(fns); - fnmaccnt++; - break; - case OSSL_FUNC_MAC_GETTABLE_PARAMS: - if (mac->gettable_params != NULL) - break; - mac->gettable_params = - OSSL_FUNC_mac_gettable_params(fns); - break; - case OSSL_FUNC_MAC_GETTABLE_CTX_PARAMS: - if (mac->gettable_ctx_params != NULL) - break; - mac->gettable_ctx_params = - OSSL_FUNC_mac_gettable_ctx_params(fns); - break; - case OSSL_FUNC_MAC_SETTABLE_CTX_PARAMS: - if (mac->settable_ctx_params != NULL) - break; - mac->settable_ctx_params = - OSSL_FUNC_mac_settable_ctx_params(fns); - break; - case OSSL_FUNC_MAC_GET_PARAMS: - if (mac->get_params != NULL) - break; - mac->get_params = OSSL_FUNC_mac_get_params(fns); - break; - case OSSL_FUNC_MAC_GET_CTX_PARAMS: - if (mac->get_ctx_params != NULL) - break; - mac->get_ctx_params = OSSL_FUNC_mac_get_ctx_params(fns); - break; - case OSSL_FUNC_MAC_SET_CTX_PARAMS: - if (mac->set_ctx_params != NULL) - break; - mac->set_ctx_params = OSSL_FUNC_mac_set_ctx_params(fns); - break; - } - } - if (fnmaccnt != 3 - || fnctxcnt != 2) { - /* - * In order to be a consistent set of functions we must have at least - * a complete set of "mac" functions, and a complete set of context - * management functions, as well as the size function. - */ - evp_mac_free(mac); - ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS); - return NULL; - } - mac->prov = prov; - if (prov != NULL) - ossl_provider_up_ref(prov); - - return mac; -} - -EVP_MAC *EVP_MAC_fetch(OSSL_LIB_CTX *libctx, const char *algorithm, - const char *properties) -{ - return evp_generic_fetch(libctx, OSSL_OP_MAC, algorithm, properties, - evp_mac_from_algorithm, evp_mac_up_ref, - evp_mac_free); -} - -int EVP_MAC_up_ref(EVP_MAC *mac) -{ - return evp_mac_up_ref(mac); -} - -void EVP_MAC_free(EVP_MAC *mac) -{ - evp_mac_free(mac); -} - -const OSSL_PROVIDER *EVP_MAC_get0_provider(const EVP_MAC *mac) -{ - return mac->prov; -} - -const OSSL_PARAM *EVP_MAC_gettable_params(const EVP_MAC *mac) -{ - if (mac->gettable_params == NULL) - return NULL; - return mac->gettable_params(ossl_provider_ctx(EVP_MAC_get0_provider(mac))); -} - -const OSSL_PARAM *EVP_MAC_gettable_ctx_params(const EVP_MAC *mac) -{ - void *alg; - - if (mac->gettable_ctx_params == NULL) - return NULL; - alg = ossl_provider_ctx(EVP_MAC_get0_provider(mac)); - return mac->gettable_ctx_params(NULL, alg); -} - -const OSSL_PARAM *EVP_MAC_settable_ctx_params(const EVP_MAC *mac) -{ - void *alg; - - if (mac->settable_ctx_params == NULL) - return NULL; - alg = ossl_provider_ctx(EVP_MAC_get0_provider(mac)); - return mac->settable_ctx_params(NULL, alg); -} - -const OSSL_PARAM *EVP_MAC_CTX_gettable_params(EVP_MAC_CTX *ctx) -{ - void *alg; - - if (ctx->meth->gettable_ctx_params == NULL) - return NULL; - alg = ossl_provider_ctx(EVP_MAC_get0_provider(ctx->meth)); - return ctx->meth->gettable_ctx_params(ctx->algctx, alg); -} - -const OSSL_PARAM *EVP_MAC_CTX_settable_params(EVP_MAC_CTX *ctx) -{ - void *alg; - - if (ctx->meth->settable_ctx_params == NULL) - return NULL; - alg = ossl_provider_ctx(EVP_MAC_get0_provider(ctx->meth)); - return ctx->meth->settable_ctx_params(ctx->algctx, alg); -} - -void EVP_MAC_do_all_provided(OSSL_LIB_CTX *libctx, - void (*fn)(EVP_MAC *mac, void *arg), - void *arg) -{ - evp_generic_do_all(libctx, OSSL_OP_MAC, - (void (*)(void *, void *))fn, arg, - evp_mac_from_algorithm, evp_mac_up_ref, evp_mac_free); -} diff --git a/crypto/evp/names.c b/crypto/evp/names.c deleted file mode 100644 index 19c03a3085e843211eafc7b402851ae2636b7468..0000000000000000000000000000000000000000 --- a/crypto/evp/names.c +++ /dev/null @@ -1,254 +0,0 @@ -/* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include -#include "internal/cryptlib.h" -#include "internal/namemap.h" -#include "crypto/objects.h" -#include "crypto/evp.h" - -int EVP_add_cipher(const EVP_CIPHER *c) -{ - int r; - - if (c == NULL) - return 0; - - r = OBJ_NAME_add(OBJ_nid2sn(c->nid), OBJ_NAME_TYPE_CIPHER_METH, - (const char *)c); - if (r == 0) - return 0; - r = OBJ_NAME_add(OBJ_nid2ln(c->nid), OBJ_NAME_TYPE_CIPHER_METH, - (const char *)c); - return r; -} - -int EVP_add_digest(const EVP_MD *md) -{ - int r; - const char *name; - - name = OBJ_nid2sn(md->type); - r = OBJ_NAME_add(name, OBJ_NAME_TYPE_MD_METH, (const char *)md); - if (r == 0) - return 0; - r = OBJ_NAME_add(OBJ_nid2ln(md->type), OBJ_NAME_TYPE_MD_METH, - (const char *)md); - if (r == 0) - return 0; - - if (md->pkey_type && md->type != md->pkey_type) { - r = OBJ_NAME_add(OBJ_nid2sn(md->pkey_type), - OBJ_NAME_TYPE_MD_METH | OBJ_NAME_ALIAS, name); - if (r == 0) - return 0; - r = OBJ_NAME_add(OBJ_nid2ln(md->pkey_type), - OBJ_NAME_TYPE_MD_METH | OBJ_NAME_ALIAS, name); - } - return r; -} - -static void cipher_from_name(const char *name, void *data) -{ - const EVP_CIPHER **cipher = data; - - if (*cipher != NULL) - return; - - *cipher = (const EVP_CIPHER *)OBJ_NAME_get(name, OBJ_NAME_TYPE_CIPHER_METH); -} - -const EVP_CIPHER *EVP_get_cipherbyname(const char *name) -{ - return evp_get_cipherbyname_ex(NULL, name); -} - -const EVP_CIPHER *evp_get_cipherbyname_ex(OSSL_LIB_CTX *libctx, - const char *name) -{ - const EVP_CIPHER *cp; - OSSL_NAMEMAP *namemap; - int id; - - if (!OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS, NULL)) - return NULL; - - cp = (const EVP_CIPHER *)OBJ_NAME_get(name, OBJ_NAME_TYPE_CIPHER_METH); - - if (cp != NULL) - return cp; - - /* - * It's not in the method database, but it might be there under a different - * name. So we check for aliases in the EVP namemap and try all of those - * in turn. - */ - - namemap = ossl_namemap_stored(libctx); - id = ossl_namemap_name2num(namemap, name); - if (id == 0) - return NULL; - - if (!ossl_namemap_doall_names(namemap, id, cipher_from_name, &cp)) - return NULL; - - return cp; -} - -static void digest_from_name(const char *name, void *data) -{ - const EVP_MD **md = data; - - if (*md != NULL) - return; - - *md = (const EVP_MD *)OBJ_NAME_get(name, OBJ_NAME_TYPE_MD_METH); -} - -const EVP_MD *EVP_get_digestbyname(const char *name) -{ - return evp_get_digestbyname_ex(NULL, name); -} - -const EVP_MD *evp_get_digestbyname_ex(OSSL_LIB_CTX *libctx, const char *name) -{ - const EVP_MD *dp; - OSSL_NAMEMAP *namemap; - int id; - - if (!OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_DIGESTS, NULL)) - return NULL; - - dp = (const EVP_MD *)OBJ_NAME_get(name, OBJ_NAME_TYPE_MD_METH); - - if (dp != NULL) - return dp; - - /* - * It's not in the method database, but it might be there under a different - * name. So we check for aliases in the EVP namemap and try all of those - * in turn. - */ - - namemap = ossl_namemap_stored(libctx); - id = ossl_namemap_name2num(namemap, name); - if (id == 0) - return NULL; - - if (!ossl_namemap_doall_names(namemap, id, digest_from_name, &dp)) - return NULL; - - return dp; -} - -void evp_cleanup_int(void) -{ - OBJ_NAME_cleanup(OBJ_NAME_TYPE_KDF_METH); - OBJ_NAME_cleanup(OBJ_NAME_TYPE_CIPHER_METH); - OBJ_NAME_cleanup(OBJ_NAME_TYPE_MD_METH); - /* - * The above calls will only clean out the contents of the name hash - * table, but not the hash table itself. The following line does that - * part. -- Richard Levitte - */ - OBJ_NAME_cleanup(-1); - - EVP_PBE_cleanup(); - OBJ_sigid_free(); - - evp_app_cleanup_int(); -} - -struct doall_cipher { - void *arg; - void (*fn) (const EVP_CIPHER *ciph, - const char *from, const char *to, void *arg); -}; - -static void do_all_cipher_fn(const OBJ_NAME *nm, void *arg) -{ - struct doall_cipher *dc = arg; - if (nm->alias) - dc->fn(NULL, nm->name, nm->data, dc->arg); - else - dc->fn((const EVP_CIPHER *)nm->data, nm->name, NULL, dc->arg); -} - -void EVP_CIPHER_do_all(void (*fn) (const EVP_CIPHER *ciph, - const char *from, const char *to, void *x), - void *arg) -{ - struct doall_cipher dc; - - /* Ignore errors */ - OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS, NULL); - - dc.fn = fn; - dc.arg = arg; - OBJ_NAME_do_all(OBJ_NAME_TYPE_CIPHER_METH, do_all_cipher_fn, &dc); -} - -void EVP_CIPHER_do_all_sorted(void (*fn) (const EVP_CIPHER *ciph, - const char *from, const char *to, - void *x), void *arg) -{ - struct doall_cipher dc; - - /* Ignore errors */ - OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS, NULL); - - dc.fn = fn; - dc.arg = arg; - OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_CIPHER_METH, do_all_cipher_fn, &dc); -} - -struct doall_md { - void *arg; - void (*fn) (const EVP_MD *ciph, - const char *from, const char *to, void *arg); -}; - -static void do_all_md_fn(const OBJ_NAME *nm, void *arg) -{ - struct doall_md *dc = arg; - if (nm->alias) - dc->fn(NULL, nm->name, nm->data, dc->arg); - else - dc->fn((const EVP_MD *)nm->data, nm->name, NULL, dc->arg); -} - -void EVP_MD_do_all(void (*fn) (const EVP_MD *md, - const char *from, const char *to, void *x), - void *arg) -{ - struct doall_md dc; - - /* Ignore errors */ - OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_DIGESTS, NULL); - - dc.fn = fn; - dc.arg = arg; - OBJ_NAME_do_all(OBJ_NAME_TYPE_MD_METH, do_all_md_fn, &dc); -} - -void EVP_MD_do_all_sorted(void (*fn) (const EVP_MD *md, - const char *from, const char *to, - void *x), void *arg) -{ - struct doall_md dc; - - OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_DIGESTS, NULL); - - dc.fn = fn; - dc.arg = arg; - OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_MD_METH, do_all_md_fn, &dc); -} diff --git a/crypto/evp/p5_crpt.c b/crypto/evp/p5_crpt.c deleted file mode 100644 index f3ac675ff2e3581ce64b336896b10b2c8d1e4730..0000000000000000000000000000000000000000 --- a/crypto/evp/p5_crpt.c +++ /dev/null @@ -1,120 +0,0 @@ -/* - * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include "internal/cryptlib.h" -#include -#include -#include -#include - -/* - * Doesn't do anything now: Builtin PBE algorithms in static table. - */ - -void PKCS5_PBE_add(void) -{ -} - -int PKCS5_PBE_keyivgen_ex(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, - ASN1_TYPE *param, const EVP_CIPHER *cipher, - const EVP_MD *md, int en_de, OSSL_LIB_CTX *libctx, - const char *propq) -{ - unsigned char md_tmp[EVP_MAX_MD_SIZE]; - unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH]; - int ivl, kl; - PBEPARAM *pbe = NULL; - int saltlen, iter; - unsigned char *salt; - int mdsize; - int rv = 0; - EVP_KDF *kdf; - EVP_KDF_CTX *kctx = NULL; - OSSL_PARAM params[5], *p = params; - const char *mdname = EVP_MD_name(md); - - /* Extract useful info from parameter */ - if (param == NULL || param->type != V_ASN1_SEQUENCE || - param->value.sequence == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_DECODE_ERROR); - return 0; - } - - pbe = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(PBEPARAM), param); - if (pbe == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_DECODE_ERROR); - return 0; - } - - ivl = EVP_CIPHER_get_iv_length(cipher); - if (ivl < 0 || ivl > 16) { - ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_IV_LENGTH); - goto err; - } - kl = EVP_CIPHER_get_key_length(cipher); - if (kl < 0 || kl > (int)sizeof(md_tmp)) { - ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_KEY_LENGTH); - goto err; - } - - if (pbe->iter == NULL) - iter = 1; - else - iter = ASN1_INTEGER_get(pbe->iter); - salt = pbe->salt->data; - saltlen = pbe->salt->length; - - if (pass == NULL) - passlen = 0; - else if (passlen == -1) - passlen = strlen(pass); - - mdsize = EVP_MD_get_size(md); - if (mdsize < 0) - goto err; - - kdf = EVP_KDF_fetch(libctx, OSSL_KDF_NAME_PBKDF1, propq); - kctx = EVP_KDF_CTX_new(kdf); - EVP_KDF_free(kdf); - if (kctx == NULL) - goto err; - *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_PASSWORD, - (char *)pass, (size_t)passlen); - *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT, - salt, saltlen); - *p++ = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_ITER, &iter); - *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, - (char *)mdname, 0); - *p = OSSL_PARAM_construct_end(); - if (EVP_KDF_derive(kctx, md_tmp, mdsize, params) != 1) - goto err; - memcpy(key, md_tmp, kl); - memcpy(iv, md_tmp + (16 - ivl), ivl); - if (!EVP_CipherInit_ex(cctx, cipher, NULL, key, iv, en_de)) - goto err; - OPENSSL_cleanse(md_tmp, EVP_MAX_MD_SIZE); - OPENSSL_cleanse(key, EVP_MAX_KEY_LENGTH); - OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH); - rv = 1; - err: - EVP_KDF_CTX_free(kctx); - PBEPARAM_free(pbe); - return rv; -} - -int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, - ASN1_TYPE *param, const EVP_CIPHER *cipher, - const EVP_MD *md, int en_de) -{ - return PKCS5_PBE_keyivgen_ex(cctx, pass, passlen, param, cipher, md, en_de, - NULL, NULL); -} - diff --git a/crypto/evp/p5_crpt2.c b/crypto/evp/p5_crpt2.c deleted file mode 100644 index 8e3fccb213fdfaa7c5e713530e51d22f4db489eb..0000000000000000000000000000000000000000 --- a/crypto/evp/p5_crpt2.c +++ /dev/null @@ -1,268 +0,0 @@ -/* - * Copyright 1999-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include "internal/cryptlib.h" -#include -#include -#include -#include -#include -#include -#include "crypto/evp.h" -#include "evp_local.h" - -int ossl_pkcs5_pbkdf2_hmac_ex(const char *pass, int passlen, - const unsigned char *salt, int saltlen, int iter, - const EVP_MD *digest, int keylen, unsigned char *out, - OSSL_LIB_CTX *libctx, const char *propq) -{ - const char *empty = ""; - int rv = 1, mode = 1; - EVP_KDF *kdf; - EVP_KDF_CTX *kctx; - const char *mdname = EVP_MD_get0_name(digest); - OSSL_PARAM params[6], *p = params; - - /* Keep documented behaviour. */ - if (pass == NULL) { - pass = empty; - passlen = 0; - } else if (passlen == -1) { - passlen = strlen(pass); - } - if (salt == NULL && saltlen == 0) - salt = (unsigned char *)empty; - - kdf = EVP_KDF_fetch(libctx, OSSL_KDF_NAME_PBKDF2, propq); - if (kdf == NULL) - return 0; - kctx = EVP_KDF_CTX_new(kdf); - EVP_KDF_free(kdf); - if (kctx == NULL) - return 0; - *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_PASSWORD, - (char *)pass, (size_t)passlen); - *p++ = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_PKCS5, &mode); - *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT, - (unsigned char *)salt, saltlen); - *p++ = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_ITER, &iter); - *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, - (char *)mdname, 0); - *p = OSSL_PARAM_construct_end(); - if (EVP_KDF_derive(kctx, out, keylen, params) != 1) - rv = 0; - - EVP_KDF_CTX_free(kctx); - - OSSL_TRACE_BEGIN(PKCS5V2) { - BIO_printf(trc_out, "Password:\n"); - BIO_hex_string(trc_out, - 0, passlen, pass, passlen); - BIO_printf(trc_out, "\n"); - BIO_printf(trc_out, "Salt:\n"); - BIO_hex_string(trc_out, - 0, saltlen, salt, saltlen); - BIO_printf(trc_out, "\n"); - BIO_printf(trc_out, "Iteration count %d\n", iter); - BIO_printf(trc_out, "Key:\n"); - BIO_hex_string(trc_out, - 0, keylen, out, keylen); - BIO_printf(trc_out, "\n"); - } OSSL_TRACE_END(PKCS5V2); - return rv; -} - -int PKCS5_PBKDF2_HMAC(const char *pass, int passlen, const unsigned char *salt, - int saltlen, int iter, const EVP_MD *digest, int keylen, - unsigned char *out) -{ - return ossl_pkcs5_pbkdf2_hmac_ex(pass, passlen, salt, saltlen, iter, digest, - keylen, out, NULL, NULL); -} - - -int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen, - const unsigned char *salt, int saltlen, int iter, - int keylen, unsigned char *out) -{ - EVP_MD *digest; - int r = 0; - - if ((digest = EVP_MD_fetch(NULL, SN_sha1, NULL)) != NULL) - r = ossl_pkcs5_pbkdf2_hmac_ex(pass, passlen, salt, saltlen, iter, - digest, keylen, out, NULL, NULL); - EVP_MD_free(digest); - return r; -} - -/* - * Now the key derivation function itself. This is a bit evil because it has - * to check the ASN1 parameters are valid: and there are quite a few of - * them... - */ - -int PKCS5_v2_PBE_keyivgen_ex(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, - ASN1_TYPE *param, const EVP_CIPHER *c, - const EVP_MD *md, int en_de, - OSSL_LIB_CTX *libctx, const char *propq) -{ - PBE2PARAM *pbe2 = NULL; - char ciph_name[80]; - const EVP_CIPHER *cipher = NULL; - EVP_CIPHER *cipher_fetch = NULL; - EVP_PBE_KEYGEN_EX *kdf; - - int rv = 0; - - pbe2 = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(PBE2PARAM), param); - if (pbe2 == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_DECODE_ERROR); - goto err; - } - - /* See if we recognise the key derivation function */ - if (!EVP_PBE_find_ex(EVP_PBE_TYPE_KDF, OBJ_obj2nid(pbe2->keyfunc->algorithm), - NULL, NULL, NULL, &kdf)) { - ERR_raise(ERR_LIB_EVP, EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION); - goto err; - } - - /* - * lets see if we recognise the encryption algorithm. - */ - if (OBJ_obj2txt(ciph_name, sizeof(ciph_name), pbe2->encryption->algorithm, 0) <= 0) { - ERR_raise(ERR_LIB_EVP, EVP_R_UNSUPPORTED_CIPHER); - goto err; - } - - (void)ERR_set_mark(); - cipher = cipher_fetch = EVP_CIPHER_fetch(libctx, ciph_name, propq); - /* Fallback to legacy method */ - if (cipher == NULL) - cipher = EVP_get_cipherbyname(ciph_name); - - if (cipher == NULL) { - (void)ERR_clear_last_mark(); - ERR_raise(ERR_LIB_EVP, EVP_R_UNSUPPORTED_CIPHER); - goto err; - } - (void)ERR_pop_to_mark(); - - /* Fixup cipher based on AlgorithmIdentifier */ - if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, en_de)) - goto err; - if (EVP_CIPHER_asn1_to_param(ctx, pbe2->encryption->parameter) < 0) { - ERR_raise(ERR_LIB_EVP, EVP_R_CIPHER_PARAMETER_ERROR); - goto err; - } - rv = kdf(ctx, pass, passlen, pbe2->keyfunc->parameter, NULL, NULL, en_de, libctx, propq); - err: - EVP_CIPHER_free(cipher_fetch); - PBE2PARAM_free(pbe2); - return rv; -} - -int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, - ASN1_TYPE *param, const EVP_CIPHER *c, - const EVP_MD *md, int en_de) -{ - return PKCS5_v2_PBE_keyivgen_ex(ctx, pass, passlen, param, c, md, en_de, NULL, NULL); -} - -int PKCS5_v2_PBKDF2_keyivgen_ex(EVP_CIPHER_CTX *ctx, const char *pass, - int passlen, ASN1_TYPE *param, - const EVP_CIPHER *c, const EVP_MD *md, int en_de, - OSSL_LIB_CTX *libctx, const char *propq) -{ - unsigned char *salt, key[EVP_MAX_KEY_LENGTH]; - int saltlen, iter, t; - int rv = 0; - unsigned int keylen = 0; - int prf_nid, hmac_md_nid; - PBKDF2PARAM *kdf = NULL; - const EVP_MD *prfmd = NULL; - EVP_MD *prfmd_fetch = NULL; - - if (EVP_CIPHER_CTX_get0_cipher(ctx) == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_NO_CIPHER_SET); - goto err; - } - keylen = EVP_CIPHER_CTX_get_key_length(ctx); - OPENSSL_assert(keylen <= sizeof(key)); - - /* Decode parameter */ - - kdf = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(PBKDF2PARAM), param); - - if (kdf == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_DECODE_ERROR); - goto err; - } - - t = EVP_CIPHER_CTX_get_key_length(ctx); - if (t < 0) { - ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_KEY_LENGTH); - goto err; - } - keylen = t; - - /* Now check the parameters of the kdf */ - - if (kdf->keylength && (ASN1_INTEGER_get(kdf->keylength) != (int)keylen)) { - ERR_raise(ERR_LIB_EVP, EVP_R_UNSUPPORTED_KEYLENGTH); - goto err; - } - - if (kdf->prf) - prf_nid = OBJ_obj2nid(kdf->prf->algorithm); - else - prf_nid = NID_hmacWithSHA1; - - if (!EVP_PBE_find(EVP_PBE_TYPE_PRF, prf_nid, NULL, &hmac_md_nid, 0)) { - ERR_raise(ERR_LIB_EVP, EVP_R_UNSUPPORTED_PRF); - goto err; - } - - prfmd = prfmd_fetch = EVP_MD_fetch(libctx, OBJ_nid2sn(hmac_md_nid), propq); - if (prfmd == NULL) - prfmd = EVP_get_digestbynid(hmac_md_nid); - if (prfmd == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_UNSUPPORTED_PRF); - goto err; - } - - if (kdf->salt->type != V_ASN1_OCTET_STRING) { - ERR_raise(ERR_LIB_EVP, EVP_R_UNSUPPORTED_SALT_TYPE); - goto err; - } - - /* it seems that its all OK */ - salt = kdf->salt->value.octet_string->data; - saltlen = kdf->salt->value.octet_string->length; - iter = ASN1_INTEGER_get(kdf->iter); - if (!ossl_pkcs5_pbkdf2_hmac_ex(pass, passlen, salt, saltlen, iter, prfmd, - keylen, key, libctx, propq)) - goto err; - rv = EVP_CipherInit_ex(ctx, NULL, NULL, key, NULL, en_de); - err: - OPENSSL_cleanse(key, keylen); - PBKDF2PARAM_free(kdf); - EVP_MD_free(prfmd_fetch); - return rv; -} - -int PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, - int passlen, ASN1_TYPE *param, - const EVP_CIPHER *c, const EVP_MD *md, int en_de) -{ - return PKCS5_v2_PBKDF2_keyivgen_ex(ctx, pass, passlen, param, c, md, en_de, - NULL, NULL); -} diff --git a/crypto/evp/p_dec.c b/crypto/evp/p_dec.c deleted file mode 100644 index d77eed14284f169cf87c06a1af4530039b246581..0000000000000000000000000000000000000000 --- a/crypto/evp/p_dec.c +++ /dev/null @@ -1,40 +0,0 @@ -/* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* We need to use the deprecated RSA low level calls */ -#define OPENSSL_SUPPRESS_DEPRECATED - -#include -#include "internal/cryptlib.h" -#include -#include -#include -#include -#include "crypto/evp.h" - -int EVP_PKEY_decrypt_old(unsigned char *key, const unsigned char *ek, int ekl, - EVP_PKEY *priv) -{ - int ret = -1; - RSA *rsa = NULL; - - if (EVP_PKEY_get_id(priv) != EVP_PKEY_RSA) { - ERR_raise(ERR_LIB_EVP, EVP_R_PUBLIC_KEY_NOT_RSA); - goto err; - } - - rsa = evp_pkey_get0_RSA_int(priv); - if (rsa == NULL) - goto err; - - ret = - RSA_private_decrypt(ekl, ek, key, rsa, RSA_PKCS1_PADDING); - err: - return ret; -} diff --git a/crypto/evp/p_enc.c b/crypto/evp/p_enc.c deleted file mode 100644 index 433c1a9e171099d92b2355f64e15daa980dc7bd3..0000000000000000000000000000000000000000 --- a/crypto/evp/p_enc.c +++ /dev/null @@ -1,40 +0,0 @@ -/* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* We need to use the deprecated RSA low level calls */ -#define OPENSSL_SUPPRESS_DEPRECATED - -#include -#include "internal/cryptlib.h" -#include -#include -#include -#include -#include "crypto/evp.h" - -int EVP_PKEY_encrypt_old(unsigned char *ek, const unsigned char *key, - int key_len, EVP_PKEY *pubk) -{ - int ret = 0; - RSA *rsa = NULL; - - if (EVP_PKEY_get_id(pubk) != EVP_PKEY_RSA) { - ERR_raise(ERR_LIB_EVP, EVP_R_PUBLIC_KEY_NOT_RSA); - goto err; - } - - rsa = evp_pkey_get0_RSA_int(pubk); - if (rsa == NULL) - goto err; - - ret = - RSA_public_encrypt(key_len, key, ek, rsa, RSA_PKCS1_PADDING); - err: - return ret; -} diff --git a/crypto/evp/p_legacy.c b/crypto/evp/p_legacy.c deleted file mode 100644 index 6c65e7e1947a5e6aa020ef72af1a6a7cba88c84b..0000000000000000000000000000000000000000 --- a/crypto/evp/p_legacy.c +++ /dev/null @@ -1,91 +0,0 @@ -/* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * Legacy EVP_PKEY assign/set/get APIs are deprecated for public use, but - * still ok for internal use, particularly in providers. - */ -#include "internal/deprecated.h" - -#include -#include -#include -#include -#include -#include "crypto/types.h" -#include "crypto/evp.h" -#include "evp_local.h" - -int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, RSA *key) -{ - int ret = EVP_PKEY_assign_RSA(pkey, key); - - if (ret) - RSA_up_ref(key); - return ret; -} - -RSA *evp_pkey_get0_RSA_int(const EVP_PKEY *pkey) -{ - if (pkey->type != EVP_PKEY_RSA && pkey->type != EVP_PKEY_RSA_PSS) { - ERR_raise(ERR_LIB_EVP, EVP_R_EXPECTING_AN_RSA_KEY); - return NULL; - } - return evp_pkey_get_legacy((EVP_PKEY *)pkey); -} - -const RSA *EVP_PKEY_get0_RSA(const EVP_PKEY *pkey) -{ - return evp_pkey_get0_RSA_int(pkey); -} - -RSA *EVP_PKEY_get1_RSA(EVP_PKEY *pkey) -{ - RSA *ret = evp_pkey_get0_RSA_int(pkey); - - if (ret != NULL) - RSA_up_ref(ret); - return ret; -} - -#ifndef OPENSSL_NO_EC -int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, EC_KEY *key) -{ - if (!EC_KEY_up_ref(key)) - return 0; - if (!EVP_PKEY_assign_EC_KEY(pkey, key)) { - EC_KEY_free(key); - return 0; - } - return 1; -} - -EC_KEY *evp_pkey_get0_EC_KEY_int(const EVP_PKEY *pkey) -{ - if (EVP_PKEY_get_base_id(pkey) != EVP_PKEY_EC) { - ERR_raise(ERR_LIB_EVP, EVP_R_EXPECTING_A_EC_KEY); - return NULL; - } - return evp_pkey_get_legacy((EVP_PKEY *)pkey); -} - -const EC_KEY *EVP_PKEY_get0_EC_KEY(const EVP_PKEY *pkey) -{ - return evp_pkey_get0_EC_KEY_int(pkey); -} - -EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey) -{ - EC_KEY *ret = evp_pkey_get0_EC_KEY_int(pkey); - - if (ret != NULL && !EC_KEY_up_ref(ret)) - ret = NULL; - return ret; -} -#endif /* OPENSSL_NO_EC */ diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c deleted file mode 100644 index c8c342b3e94bd6293bf06234332dc589816cc1ce..0000000000000000000000000000000000000000 --- a/crypto/evp/p_lib.c +++ /dev/null @@ -1,2457 +0,0 @@ -/* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * DSA low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include -#include -#include "internal/cryptlib.h" -#include "internal/refcount.h" -#include "internal/namemap.h" -#include -#include -#include -#include -#include -#include -#include -#include -#include -#ifndef FIPS_MODULE -# include -#endif -#include -#include -#include -#include - -#include "internal/numbers.h" /* includes SIZE_MAX */ -#include "internal/ffc.h" -#include "crypto/evp.h" -#include "crypto/dh.h" -#include "crypto/dsa.h" -#include "crypto/ec.h" -#include "crypto/ecx.h" -#include "crypto/rsa.h" -#ifndef FIPS_MODULE -# include "crypto/asn1.h" -# include "crypto/x509.h" -#endif -#include "internal/provider.h" -#include "evp_local.h" - -static int pkey_set_type(EVP_PKEY *pkey, ENGINE *e, int type, const char *str, - int len, EVP_KEYMGMT *keymgmt); -static void evp_pkey_free_it(EVP_PKEY *key); - -#ifndef FIPS_MODULE - -/* The type of parameters selected in key parameter functions */ -# define SELECT_PARAMETERS OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS - -int EVP_PKEY_get_bits(const EVP_PKEY *pkey) -{ - int size = 0; - - if (pkey != NULL) { - size = pkey->cache.bits; - if (pkey->ameth != NULL && pkey->ameth->pkey_bits != NULL) - size = pkey->ameth->pkey_bits(pkey); - } - return size < 0 ? 0 : size; -} - -int EVP_PKEY_get_security_bits(const EVP_PKEY *pkey) -{ - int size = 0; - - if (pkey != NULL) { - size = pkey->cache.security_bits; - if (pkey->ameth != NULL && pkey->ameth->pkey_security_bits != NULL) - size = pkey->ameth->pkey_security_bits(pkey); - } - return size < 0 ? 0 : size; -} - -int EVP_PKEY_save_parameters(EVP_PKEY *pkey, int mode) -{ -# ifndef OPENSSL_NO_DSA - if (pkey->type == EVP_PKEY_DSA) { - int ret = pkey->save_parameters; - - if (mode >= 0) - pkey->save_parameters = mode; - return ret; - } -# endif -# ifndef OPENSSL_NO_EC - if (pkey->type == EVP_PKEY_EC) { - int ret = pkey->save_parameters; - - if (mode >= 0) - pkey->save_parameters = mode; - return ret; - } -# endif - return 0; -} - -int EVP_PKEY_set_ex_data(EVP_PKEY *key, int idx, void *arg) -{ - return CRYPTO_set_ex_data(&key->ex_data, idx, arg); -} - -void *EVP_PKEY_get_ex_data(const EVP_PKEY *key, int idx) -{ - return CRYPTO_get_ex_data(&key->ex_data, idx); -} - -int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from) -{ - /* - * Clean up legacy stuff from this function when legacy support is gone. - */ - - EVP_PKEY *downgraded_from = NULL; - int ok = 0; - - /* - * If |to| is a legacy key and |from| isn't, we must make a downgraded - * copy of |from|. If that fails, this function fails. - */ - if (evp_pkey_is_legacy(to) && evp_pkey_is_provided(from)) { - if (!evp_pkey_copy_downgraded(&downgraded_from, from)) - goto end; - from = downgraded_from; - } - - /* - * Make sure |to| is typed. Content is less important at this early - * stage. - * - * 1. If |to| is untyped, assign |from|'s key type to it. - * 2. If |to| contains a legacy key, compare its |type| to |from|'s. - * (|from| was already downgraded above) - * - * If |to| is a provided key, there's nothing more to do here, functions - * like evp_keymgmt_util_copy() and evp_pkey_export_to_provider() called - * further down help us find out if they are the same or not. - */ - if (evp_pkey_is_blank(to)) { - if (evp_pkey_is_legacy(from)) { - if (EVP_PKEY_set_type(to, from->type) == 0) - goto end; - } else { - if (EVP_PKEY_set_type_by_keymgmt(to, from->keymgmt) == 0) - goto end; - } - } else if (evp_pkey_is_legacy(to)) { - if (to->type != from->type) { - ERR_raise(ERR_LIB_EVP, EVP_R_DIFFERENT_KEY_TYPES); - goto end; - } - } - - if (EVP_PKEY_missing_parameters(from)) { - ERR_raise(ERR_LIB_EVP, EVP_R_MISSING_PARAMETERS); - goto end; - } - - if (!EVP_PKEY_missing_parameters(to)) { - if (EVP_PKEY_parameters_eq(to, from) == 1) - ok = 1; - else - ERR_raise(ERR_LIB_EVP, EVP_R_DIFFERENT_PARAMETERS); - goto end; - } - - /* For purely provided keys, we just call the keymgmt utility */ - if (to->keymgmt != NULL && from->keymgmt != NULL) { - ok = evp_keymgmt_util_copy(to, (EVP_PKEY *)from, SELECT_PARAMETERS); - goto end; - } - - /* - * If |to| is provided, we know that |from| is legacy at this point. - * Try exporting |from| to |to|'s keymgmt, then use evp_keymgmt_dup() - * to copy the appropriate data to |to|'s keydata. - * We cannot override existing data so do it only if there is no keydata - * in |to| yet. - */ - if (to->keymgmt != NULL && to->keydata == NULL) { - EVP_KEYMGMT *to_keymgmt = to->keymgmt; - void *from_keydata = - evp_pkey_export_to_provider((EVP_PKEY *)from, NULL, &to_keymgmt, - NULL); - - /* - * If we get a NULL, it could be an internal error, or it could be - * that there's a key mismatch. We're pretending the latter... - */ - if (from_keydata == NULL) - ERR_raise(ERR_LIB_EVP, EVP_R_DIFFERENT_KEY_TYPES); - else - ok = (to->keydata = evp_keymgmt_dup(to->keymgmt, - from_keydata, - SELECT_PARAMETERS)) != NULL; - goto end; - } - - /* Both keys are legacy */ - if (from->ameth != NULL && from->ameth->param_copy != NULL) - ok = from->ameth->param_copy(to, from); - end: - EVP_PKEY_free(downgraded_from); - return ok; -} - -int EVP_PKEY_missing_parameters(const EVP_PKEY *pkey) -{ - if (pkey != NULL) { - if (pkey->keymgmt != NULL) - return !evp_keymgmt_util_has((EVP_PKEY *)pkey, SELECT_PARAMETERS); - else if (pkey->ameth != NULL && pkey->ameth->param_missing != NULL) - return pkey->ameth->param_missing(pkey); - } - return 0; -} - -/* - * This function is called for any mixture of keys except pure legacy pair. - * When legacy keys are gone, we replace a call to this functions with - * a call to evp_keymgmt_util_match(). - */ -static int evp_pkey_cmp_any(const EVP_PKEY *a, const EVP_PKEY *b, - int selection) -{ - EVP_KEYMGMT *keymgmt1 = NULL, *keymgmt2 = NULL; - void *keydata1 = NULL, *keydata2 = NULL, *tmp_keydata = NULL; - - /* If none of them are provided, this function shouldn't have been called */ - if (!ossl_assert(evp_pkey_is_provided(a) || evp_pkey_is_provided(b))) - return -2; - - /* For purely provided keys, we just call the keymgmt utility */ - if (evp_pkey_is_provided(a) && evp_pkey_is_provided(b)) - return evp_keymgmt_util_match((EVP_PKEY *)a, (EVP_PKEY *)b, selection); - - /* - * At this point, one of them is provided, the other not. This allows - * us to compare types using legacy NIDs. - */ - if (evp_pkey_is_legacy(a) - && !EVP_KEYMGMT_is_a(b->keymgmt, OBJ_nid2sn(a->type))) - return -1; /* not the same key type */ - if (evp_pkey_is_legacy(b) - && !EVP_KEYMGMT_is_a(a->keymgmt, OBJ_nid2sn(b->type))) - return -1; /* not the same key type */ - - /* - * We've determined that they both are the same keytype, so the next - * step is to do a bit of cross export to ensure we have keydata for - * both keys in the same keymgmt. - */ - keymgmt1 = a->keymgmt; - keydata1 = a->keydata; - keymgmt2 = b->keymgmt; - keydata2 = b->keydata; - - if (keymgmt2 != NULL && keymgmt2->match != NULL) { - tmp_keydata = - evp_pkey_export_to_provider((EVP_PKEY *)a, NULL, &keymgmt2, NULL); - if (tmp_keydata != NULL) { - keymgmt1 = keymgmt2; - keydata1 = tmp_keydata; - } - } - if (tmp_keydata == NULL && keymgmt1 != NULL && keymgmt1->match != NULL) { - tmp_keydata = - evp_pkey_export_to_provider((EVP_PKEY *)b, NULL, &keymgmt1, NULL); - if (tmp_keydata != NULL) { - keymgmt2 = keymgmt1; - keydata2 = tmp_keydata; - } - } - - /* If we still don't have matching keymgmt implementations, we give up */ - if (keymgmt1 != keymgmt2) - return -2; - - /* If the keymgmt implementations are NULL, the export failed */ - if (keymgmt1 == NULL) - return -2; - - return evp_keymgmt_match(keymgmt1, keydata1, keydata2, selection); -} - -# ifndef OPENSSL_NO_DEPRECATED_3_0 -int EVP_PKEY_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b) -{ - return EVP_PKEY_parameters_eq(a, b); -} -#endif - -int EVP_PKEY_parameters_eq(const EVP_PKEY *a, const EVP_PKEY *b) -{ - /* - * This will just call evp_keymgmt_util_match when legacy support - * is gone. - */ - - if (a->keymgmt != NULL || b->keymgmt != NULL) - return evp_pkey_cmp_any(a, b, SELECT_PARAMETERS); - - /* All legacy keys */ - if (a->type != b->type) - return -1; - if (a->ameth != NULL && a->ameth->param_cmp != NULL) - return a->ameth->param_cmp(a, b); - return -2; -} - -# ifndef OPENSSL_NO_DEPRECATED_3_0 -int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b) -{ - return EVP_PKEY_eq(a, b); -} -#endif - -int EVP_PKEY_eq(const EVP_PKEY *a, const EVP_PKEY *b) -{ - /* - * This will just call evp_keymgmt_util_match when legacy support - * is gone. - */ - - /* Trivial shortcuts */ - if (a == b) - return 1; - if (a == NULL || b == NULL) - return 0; - - if (a->keymgmt != NULL || b->keymgmt != NULL) { - int selection = SELECT_PARAMETERS; - - if (evp_keymgmt_util_has((EVP_PKEY *)a, OSSL_KEYMGMT_SELECT_PUBLIC_KEY) - && evp_keymgmt_util_has((EVP_PKEY *)b, OSSL_KEYMGMT_SELECT_PUBLIC_KEY)) - selection |= OSSL_KEYMGMT_SELECT_PUBLIC_KEY; - else - selection |= OSSL_KEYMGMT_SELECT_KEYPAIR; - return evp_pkey_cmp_any(a, b, selection); - } - - /* All legacy keys */ - if (a->type != b->type) - return -1; - - if (a->ameth != NULL) { - int ret; - /* Compare parameters if the algorithm has them */ - if (a->ameth->param_cmp != NULL) { - ret = a->ameth->param_cmp(a, b); - if (ret <= 0) - return ret; - } - - if (a->ameth->pub_cmp != NULL) - return a->ameth->pub_cmp(a, b); - } - - return -2; -} - - -static EVP_PKEY *new_raw_key_int(OSSL_LIB_CTX *libctx, - const char *strtype, - const char *propq, - int nidtype, - ENGINE *e, - const unsigned char *key, - size_t len, - int key_is_priv) -{ - EVP_PKEY *pkey = NULL; - EVP_PKEY_CTX *ctx = NULL; - const EVP_PKEY_ASN1_METHOD *ameth = NULL; - int result = 0; - -# ifndef OPENSSL_NO_ENGINE - /* Check if there is an Engine for this type */ - if (e == NULL) { - ENGINE *tmpe = NULL; - - if (strtype != NULL) - ameth = EVP_PKEY_asn1_find_str(&tmpe, strtype, -1); - else if (nidtype != EVP_PKEY_NONE) - ameth = EVP_PKEY_asn1_find(&tmpe, nidtype); - - /* If tmpe is NULL then no engine is claiming to support this type */ - if (tmpe == NULL) - ameth = NULL; - - ENGINE_finish(tmpe); - } -# endif - - if (e == NULL && ameth == NULL) { - /* - * No engine is claiming to support this type, so lets see if we have - * a provider. - */ - ctx = EVP_PKEY_CTX_new_from_name(libctx, - strtype != NULL ? strtype - : OBJ_nid2sn(nidtype), - propq); - if (ctx == NULL) - goto err; - /* May fail if no provider available */ - ERR_set_mark(); - if (EVP_PKEY_fromdata_init(ctx) == 1) { - OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END }; - - ERR_clear_last_mark(); - params[0] = OSSL_PARAM_construct_octet_string( - key_is_priv ? OSSL_PKEY_PARAM_PRIV_KEY - : OSSL_PKEY_PARAM_PUB_KEY, - (void *)key, len); - - if (EVP_PKEY_fromdata(ctx, &pkey, EVP_PKEY_KEYPAIR, params) != 1) { - ERR_raise(ERR_LIB_EVP, EVP_R_KEY_SETUP_FAILED); - goto err; - } - - EVP_PKEY_CTX_free(ctx); - - return pkey; - } - ERR_pop_to_mark(); - /* else not supported so fallback to legacy */ - } - - /* Legacy code path */ - - pkey = EVP_PKEY_new(); - if (pkey == NULL) { - ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE); - goto err; - } - - if (!pkey_set_type(pkey, e, nidtype, strtype, -1, NULL)) { - /* EVPerr already called */ - goto err; - } - - if (!ossl_assert(pkey->ameth != NULL)) - goto err; - - if (key_is_priv) { - if (pkey->ameth->set_priv_key == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); - goto err; - } - - if (!pkey->ameth->set_priv_key(pkey, key, len)) { - ERR_raise(ERR_LIB_EVP, EVP_R_KEY_SETUP_FAILED); - goto err; - } - } else { - if (pkey->ameth->set_pub_key == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); - goto err; - } - - if (!pkey->ameth->set_pub_key(pkey, key, len)) { - ERR_raise(ERR_LIB_EVP, EVP_R_KEY_SETUP_FAILED); - goto err; - } - } - - result = 1; - err: - if (!result) { - EVP_PKEY_free(pkey); - pkey = NULL; - } - EVP_PKEY_CTX_free(ctx); - return pkey; -} - -EVP_PKEY *EVP_PKEY_new_raw_private_key_ex(OSSL_LIB_CTX *libctx, - const char *keytype, - const char *propq, - const unsigned char *priv, size_t len) -{ - return new_raw_key_int(libctx, keytype, propq, EVP_PKEY_NONE, NULL, priv, - len, 1); -} - -EVP_PKEY *EVP_PKEY_new_raw_private_key(int type, ENGINE *e, - const unsigned char *priv, - size_t len) -{ - return new_raw_key_int(NULL, NULL, NULL, type, e, priv, len, 1); -} - -EVP_PKEY *EVP_PKEY_new_raw_public_key_ex(OSSL_LIB_CTX *libctx, - const char *keytype, const char *propq, - const unsigned char *pub, size_t len) -{ - return new_raw_key_int(libctx, keytype, propq, EVP_PKEY_NONE, NULL, pub, - len, 0); -} - -EVP_PKEY *EVP_PKEY_new_raw_public_key(int type, ENGINE *e, - const unsigned char *pub, - size_t len) -{ - return new_raw_key_int(NULL, NULL, NULL, type, e, pub, len, 0); -} - -struct raw_key_details_st -{ - unsigned char **key; - size_t *len; - int selection; -}; - -static OSSL_CALLBACK get_raw_key_details; -static int get_raw_key_details(const OSSL_PARAM params[], void *arg) -{ - const OSSL_PARAM *p = NULL; - struct raw_key_details_st *raw_key = arg; - - if (raw_key->selection == OSSL_KEYMGMT_SELECT_PRIVATE_KEY) { - if ((p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PRIV_KEY)) - != NULL) - return OSSL_PARAM_get_octet_string(p, (void **)raw_key->key, - raw_key->key == NULL ? 0 : *raw_key->len, - raw_key->len); - } else if (raw_key->selection == OSSL_KEYMGMT_SELECT_PUBLIC_KEY) { - if ((p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PUB_KEY)) - != NULL) - return OSSL_PARAM_get_octet_string(p, (void **)raw_key->key, - raw_key->key == NULL ? 0 : *raw_key->len, - raw_key->len); - } - - return 0; -} - -int EVP_PKEY_get_raw_private_key(const EVP_PKEY *pkey, unsigned char *priv, - size_t *len) -{ - if (pkey->keymgmt != NULL) { - struct raw_key_details_st raw_key; - - raw_key.key = priv == NULL ? NULL : &priv; - raw_key.len = len; - raw_key.selection = OSSL_KEYMGMT_SELECT_PRIVATE_KEY; - - return evp_keymgmt_util_export(pkey, OSSL_KEYMGMT_SELECT_PRIVATE_KEY, - get_raw_key_details, &raw_key); - } - - if (pkey->ameth == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); - return 0; - } - - if (pkey->ameth->get_priv_key == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); - return 0; - } - - if (!pkey->ameth->get_priv_key(pkey, priv, len)) { - ERR_raise(ERR_LIB_EVP, EVP_R_GET_RAW_KEY_FAILED); - return 0; - } - - return 1; -} - -int EVP_PKEY_get_raw_public_key(const EVP_PKEY *pkey, unsigned char *pub, - size_t *len) -{ - if (pkey->keymgmt != NULL) { - struct raw_key_details_st raw_key; - - raw_key.key = pub == NULL ? NULL : &pub; - raw_key.len = len; - raw_key.selection = OSSL_KEYMGMT_SELECT_PUBLIC_KEY; - - return evp_keymgmt_util_export(pkey, OSSL_KEYMGMT_SELECT_PUBLIC_KEY, - get_raw_key_details, &raw_key); - } - - if (pkey->ameth == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); - return 0; - } - - if (pkey->ameth->get_pub_key == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); - return 0; - } - - if (!pkey->ameth->get_pub_key(pkey, pub, len)) { - ERR_raise(ERR_LIB_EVP, EVP_R_GET_RAW_KEY_FAILED); - return 0; - } - - return 1; -} - -static EVP_PKEY *new_cmac_key_int(const unsigned char *priv, size_t len, - const char *cipher_name, - const EVP_CIPHER *cipher, - OSSL_LIB_CTX *libctx, - const char *propq, ENGINE *e) -{ -# ifndef OPENSSL_NO_CMAC -# ifndef OPENSSL_NO_ENGINE - const char *engine_id = e != NULL ? ENGINE_get_id(e) : NULL; -# endif - OSSL_PARAM params[5], *p = params; - EVP_PKEY *pkey = NULL; - EVP_PKEY_CTX *ctx; - - if (cipher != NULL) - cipher_name = EVP_CIPHER_get0_name(cipher); - - if (cipher_name == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_KEY_SETUP_FAILED); - return NULL; - } - - ctx = EVP_PKEY_CTX_new_from_name(libctx, "CMAC", propq); - if (ctx == NULL) - goto err; - - if (EVP_PKEY_fromdata_init(ctx) <= 0) { - ERR_raise(ERR_LIB_EVP, EVP_R_KEY_SETUP_FAILED); - goto err; - } - - *p++ = OSSL_PARAM_construct_octet_string(OSSL_PKEY_PARAM_PRIV_KEY, - (void *)priv, len); - *p++ = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_CIPHER, - (char *)cipher_name, 0); - if (propq != NULL) - *p++ = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_PROPERTIES, - (char *)propq, 0); -# ifndef OPENSSL_NO_ENGINE - if (engine_id != NULL) - *p++ = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_ENGINE, - (char *)engine_id, 0); -# endif - *p = OSSL_PARAM_construct_end(); - - if (EVP_PKEY_fromdata(ctx, &pkey, EVP_PKEY_KEYPAIR, params) <= 0) { - ERR_raise(ERR_LIB_EVP, EVP_R_KEY_SETUP_FAILED); - goto err; - } - - err: - EVP_PKEY_CTX_free(ctx); - - return pkey; -# else - ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); - return NULL; -# endif -} - -EVP_PKEY *EVP_PKEY_new_CMAC_key(ENGINE *e, const unsigned char *priv, - size_t len, const EVP_CIPHER *cipher) -{ - return new_cmac_key_int(priv, len, NULL, cipher, NULL, NULL, e); -} - -int EVP_PKEY_set_type(EVP_PKEY *pkey, int type) -{ - return pkey_set_type(pkey, NULL, type, NULL, -1, NULL); -} - -int EVP_PKEY_set_type_str(EVP_PKEY *pkey, const char *str, int len) -{ - return pkey_set_type(pkey, NULL, EVP_PKEY_NONE, str, len, NULL); -} - -# ifndef OPENSSL_NO_ENGINE -int EVP_PKEY_set1_engine(EVP_PKEY *pkey, ENGINE *e) -{ - if (e != NULL) { - if (!ENGINE_init(e)) { - ERR_raise(ERR_LIB_EVP, ERR_R_ENGINE_LIB); - return 0; - } - if (ENGINE_get_pkey_meth(e, pkey->type) == NULL) { - ENGINE_finish(e); - ERR_raise(ERR_LIB_EVP, EVP_R_UNSUPPORTED_ALGORITHM); - return 0; - } - } - ENGINE_finish(pkey->pmeth_engine); - pkey->pmeth_engine = e; - return 1; -} - -ENGINE *EVP_PKEY_get0_engine(const EVP_PKEY *pkey) -{ - return pkey->engine; -} -# endif - -# ifndef OPENSSL_NO_DEPRECATED_3_0 -static void detect_foreign_key(EVP_PKEY *pkey) -{ - switch (pkey->type) { - case EVP_PKEY_RSA: - pkey->foreign = pkey->pkey.rsa != NULL - && ossl_rsa_is_foreign(pkey->pkey.rsa); - break; -# ifndef OPENSSL_NO_EC - case EVP_PKEY_SM2: - case EVP_PKEY_EC: - pkey->foreign = pkey->pkey.ec != NULL - && ossl_ec_key_is_foreign(pkey->pkey.ec); - break; -# endif -# ifndef OPENSSL_NO_DSA - case EVP_PKEY_DSA: - pkey->foreign = pkey->pkey.dsa != NULL - && ossl_dsa_is_foreign(pkey->pkey.dsa); - break; -#endif -# ifndef OPENSSL_NO_DH - case EVP_PKEY_DH: - pkey->foreign = pkey->pkey.dh != NULL - && ossl_dh_is_foreign(pkey->pkey.dh); - break; -#endif - default: - pkey->foreign = 0; - break; - } -} - -int EVP_PKEY_assign(EVP_PKEY *pkey, int type, void *key) -{ -# ifndef OPENSSL_NO_EC - int pktype; - - pktype = EVP_PKEY_type(type); - if ((key != NULL) && (pktype == EVP_PKEY_EC || pktype == EVP_PKEY_SM2)) { - const EC_GROUP *group = EC_KEY_get0_group(key); - - if (group != NULL) { - int curve = EC_GROUP_get_curve_name(group); - - /* - * Regardless of what is requested the SM2 curve must be SM2 type, - * and non SM2 curves are EC type. - */ - if (curve == NID_sm2 && pktype == EVP_PKEY_EC) - type = EVP_PKEY_SM2; - else if(curve != NID_sm2 && pktype == EVP_PKEY_SM2) - type = EVP_PKEY_EC; - } - } -# endif - - if (pkey == NULL || !EVP_PKEY_set_type(pkey, type)) - return 0; - - pkey->pkey.ptr = key; - detect_foreign_key(pkey); - - return (key != NULL); -} -# endif - -void *EVP_PKEY_get0(const EVP_PKEY *pkey) -{ - if (pkey == NULL) - return NULL; - - if (!evp_pkey_is_provided(pkey)) - return pkey->pkey.ptr; - - return NULL; -} - -const unsigned char *EVP_PKEY_get0_hmac(const EVP_PKEY *pkey, size_t *len) -{ - const ASN1_OCTET_STRING *os = NULL; - if (pkey->type != EVP_PKEY_HMAC) { - ERR_raise(ERR_LIB_EVP, EVP_R_EXPECTING_AN_HMAC_KEY); - return NULL; - } - os = evp_pkey_get_legacy((EVP_PKEY *)pkey); - if (os != NULL) { - *len = os->length; - return os->data; - } - return NULL; -} - -# ifndef OPENSSL_NO_POLY1305 -const unsigned char *EVP_PKEY_get0_poly1305(const EVP_PKEY *pkey, size_t *len) -{ - const ASN1_OCTET_STRING *os = NULL; - if (pkey->type != EVP_PKEY_POLY1305) { - ERR_raise(ERR_LIB_EVP, EVP_R_EXPECTING_A_POLY1305_KEY); - return NULL; - } - os = evp_pkey_get_legacy((EVP_PKEY *)pkey); - if (os != NULL) { - *len = os->length; - return os->data; - } - return NULL; -} -# endif - -# ifndef OPENSSL_NO_SIPHASH -const unsigned char *EVP_PKEY_get0_siphash(const EVP_PKEY *pkey, size_t *len) -{ - const ASN1_OCTET_STRING *os = NULL; - - if (pkey->type != EVP_PKEY_SIPHASH) { - ERR_raise(ERR_LIB_EVP, EVP_R_EXPECTING_A_SIPHASH_KEY); - return NULL; - } - os = evp_pkey_get_legacy((EVP_PKEY *)pkey); - if (os != NULL) { - *len = os->length; - return os->data; - } - return NULL; -} -# endif - -# ifndef OPENSSL_NO_DSA -static DSA *evp_pkey_get0_DSA_int(const EVP_PKEY *pkey) -{ - if (pkey->type != EVP_PKEY_DSA) { - ERR_raise(ERR_LIB_EVP, EVP_R_EXPECTING_A_DSA_KEY); - return NULL; - } - return evp_pkey_get_legacy((EVP_PKEY *)pkey); -} - -const DSA *EVP_PKEY_get0_DSA(const EVP_PKEY *pkey) -{ - return evp_pkey_get0_DSA_int(pkey); -} - -int EVP_PKEY_set1_DSA(EVP_PKEY *pkey, DSA *key) -{ - int ret = EVP_PKEY_assign_DSA(pkey, key); - if (ret) - DSA_up_ref(key); - return ret; -} -DSA *EVP_PKEY_get1_DSA(EVP_PKEY *pkey) -{ - DSA *ret = evp_pkey_get0_DSA_int(pkey); - - if (ret != NULL) - DSA_up_ref(ret); - return ret; -} -# endif /* OPENSSL_NO_DSA */ - -# ifndef OPENSSL_NO_EC -static const ECX_KEY *evp_pkey_get0_ECX_KEY(const EVP_PKEY *pkey, int type) -{ - if (EVP_PKEY_get_base_id(pkey) != type) { - ERR_raise(ERR_LIB_EVP, EVP_R_EXPECTING_A_ECX_KEY); - return NULL; - } - return evp_pkey_get_legacy((EVP_PKEY *)pkey); -} - -static ECX_KEY *evp_pkey_get1_ECX_KEY(EVP_PKEY *pkey, int type) -{ - ECX_KEY *ret = (ECX_KEY *)evp_pkey_get0_ECX_KEY(pkey, type); - - if (ret != NULL && !ossl_ecx_key_up_ref(ret)) - ret = NULL; - return ret; -} - -# define IMPLEMENT_ECX_VARIANT(NAME) \ - ECX_KEY *ossl_evp_pkey_get1_##NAME(EVP_PKEY *pkey) \ - { \ - return evp_pkey_get1_ECX_KEY(pkey, EVP_PKEY_##NAME); \ - } -IMPLEMENT_ECX_VARIANT(X25519) -IMPLEMENT_ECX_VARIANT(X448) -IMPLEMENT_ECX_VARIANT(ED25519) -IMPLEMENT_ECX_VARIANT(ED448) - -# endif - -# if !defined(OPENSSL_NO_DH) && !defined(OPENSSL_NO_DEPRECATED_3_0) - -int EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *dhkey) -{ - int ret, type; - - /* - * ossl_dh_is_named_safe_prime_group() returns 1 for named safe prime groups - * related to ffdhe and modp (which cache q = (p - 1) / 2), - * and returns 0 for all other dh parameter generation types including - * RFC5114 named groups. - * - * The EVP_PKEY_DH type is used for dh parameter generation types: - * - named safe prime groups related to ffdhe and modp - * - safe prime generator - * - * The type EVP_PKEY_DHX is used for dh parameter generation types - * - fips186-4 and fips186-2 - * - rfc5114 named groups. - * - * The EVP_PKEY_DH type is used to save PKCS#3 data than can be stored - * without a q value. - * The EVP_PKEY_DHX type is used to save X9.42 data that requires the - * q value to be stored. - */ - if (ossl_dh_is_named_safe_prime_group(dhkey)) - type = EVP_PKEY_DH; - else - type = DH_get0_q(dhkey) == NULL ? EVP_PKEY_DH : EVP_PKEY_DHX; - - ret = EVP_PKEY_assign(pkey, type, dhkey); - - if (ret) - DH_up_ref(dhkey); - return ret; -} - -DH *evp_pkey_get0_DH_int(const EVP_PKEY *pkey) -{ - if (pkey->type != EVP_PKEY_DH && pkey->type != EVP_PKEY_DHX) { - ERR_raise(ERR_LIB_EVP, EVP_R_EXPECTING_A_DH_KEY); - return NULL; - } - return evp_pkey_get_legacy((EVP_PKEY *)pkey); -} - -const DH *EVP_PKEY_get0_DH(const EVP_PKEY *pkey) -{ - return evp_pkey_get0_DH_int(pkey); -} - -DH *EVP_PKEY_get1_DH(EVP_PKEY *pkey) -{ - DH *ret = evp_pkey_get0_DH_int(pkey); - - if (ret != NULL) - DH_up_ref(ret); - return ret; -} -# endif - -int EVP_PKEY_type(int type) -{ - int ret; - const EVP_PKEY_ASN1_METHOD *ameth; - ENGINE *e; - ameth = EVP_PKEY_asn1_find(&e, type); - if (ameth) - ret = ameth->pkey_id; - else - ret = NID_undef; -# ifndef OPENSSL_NO_ENGINE - ENGINE_finish(e); -# endif - return ret; -} - -int EVP_PKEY_get_id(const EVP_PKEY *pkey) -{ - return pkey->type; -} - -int EVP_PKEY_get_base_id(const EVP_PKEY *pkey) -{ - return EVP_PKEY_type(pkey->type); -} - -/* - * These hard coded cases are pure hackery to get around the fact - * that names in crypto/objects/objects.txt are a mess. There is - * no "EC", and "RSA" leads to the NID for 2.5.8.1.1, an OID that's - * fallen out in favor of { pkcs-1 1 }, i.e. 1.2.840.113549.1.1.1, - * the NID of which is used for EVP_PKEY_RSA. Strangely enough, - * "DSA" is accurate... but still, better be safe and hard-code - * names that we know. - * On a similar topic, EVP_PKEY_type(EVP_PKEY_SM2) will result in - * EVP_PKEY_EC, because of aliasing. - * This should be cleaned away along with all other #legacy support. - */ -static const OSSL_ITEM standard_name2type[] = { - { EVP_PKEY_RSA, "RSA" }, - { EVP_PKEY_RSA_PSS, "RSA-PSS" }, - { EVP_PKEY_EC, "EC" }, - { EVP_PKEY_ED25519, "ED25519" }, - { EVP_PKEY_ED448, "ED448" }, - { EVP_PKEY_X25519, "X25519" }, - { EVP_PKEY_X448, "X448" }, - { EVP_PKEY_SM2, "SM2" }, - { EVP_PKEY_DH, "DH" }, - { EVP_PKEY_DHX, "X9.42 DH" }, - { EVP_PKEY_DHX, "DHX" }, - { EVP_PKEY_DSA, "DSA" }, -}; - -int evp_pkey_name2type(const char *name) -{ - int type; - size_t i; - - for (i = 0; i < OSSL_NELEM(standard_name2type); i++) { - if (OPENSSL_strcasecmp(name, standard_name2type[i].ptr) == 0) - return (int)standard_name2type[i].id; - } - - if ((type = EVP_PKEY_type(OBJ_sn2nid(name))) != NID_undef) - return type; - return EVP_PKEY_type(OBJ_ln2nid(name)); -} - -const char *evp_pkey_type2name(int type) -{ - size_t i; - - for (i = 0; i < OSSL_NELEM(standard_name2type); i++) { - if (type == (int)standard_name2type[i].id) - return standard_name2type[i].ptr; - } - - return OBJ_nid2sn(type); -} - -int EVP_PKEY_is_a(const EVP_PKEY *pkey, const char *name) -{ - if (pkey == NULL) - return 0; - if (pkey->keymgmt == NULL) - return pkey->type == evp_pkey_name2type(name); - return EVP_KEYMGMT_is_a(pkey->keymgmt, name); -} - -int EVP_PKEY_type_names_do_all(const EVP_PKEY *pkey, - void (*fn)(const char *name, void *data), - void *data) -{ - if (!evp_pkey_is_typed(pkey)) - return 0; - - if (!evp_pkey_is_provided(pkey)) { - const char *name = OBJ_nid2sn(EVP_PKEY_get_id(pkey)); - - fn(name, data); - return 1; - } - return EVP_KEYMGMT_names_do_all(pkey->keymgmt, fn, data); -} - -int EVP_PKEY_can_sign(const EVP_PKEY *pkey) -{ - if (pkey->keymgmt == NULL) { - switch (EVP_PKEY_get_base_id(pkey)) { - case EVP_PKEY_RSA: - return 1; -# ifndef OPENSSL_NO_DSA - case EVP_PKEY_DSA: - return 1; -# endif -# ifndef OPENSSL_NO_EC - case EVP_PKEY_ED25519: - case EVP_PKEY_ED448: - return 1; - case EVP_PKEY_EC: /* Including SM2 */ - return EC_KEY_can_sign(pkey->pkey.ec); -# endif - default: - break; - } - } else { - const OSSL_PROVIDER *prov = EVP_KEYMGMT_get0_provider(pkey->keymgmt); - OSSL_LIB_CTX *libctx = ossl_provider_libctx(prov); - const char *supported_sig = - pkey->keymgmt->query_operation_name != NULL - ? pkey->keymgmt->query_operation_name(OSSL_OP_SIGNATURE) - : EVP_KEYMGMT_get0_name(pkey->keymgmt); - EVP_SIGNATURE *signature = NULL; - - signature = EVP_SIGNATURE_fetch(libctx, supported_sig, NULL); - if (signature != NULL) { - EVP_SIGNATURE_free(signature); - return 1; - } - } - return 0; -} - -static int print_reset_indent(BIO **out, int pop_f_prefix, long saved_indent) -{ - BIO_set_indent(*out, saved_indent); - if (pop_f_prefix) { - BIO *next = BIO_pop(*out); - - BIO_free(*out); - *out = next; - } - return 1; -} - -static int print_set_indent(BIO **out, int *pop_f_prefix, long *saved_indent, - long indent) -{ - *pop_f_prefix = 0; - *saved_indent = 0; - if (indent > 0) { - long i = BIO_get_indent(*out); - - *saved_indent = (i < 0 ? 0 : i); - if (BIO_set_indent(*out, indent) <= 0) { - BIO *prefbio = BIO_new(BIO_f_prefix()); - - if (prefbio == NULL) - return 0; - *out = BIO_push(prefbio, *out); - *pop_f_prefix = 1; - } - if (BIO_set_indent(*out, indent) <= 0) { - print_reset_indent(out, *pop_f_prefix, *saved_indent); - return 0; - } - } - return 1; -} - -static int unsup_alg(BIO *out, const EVP_PKEY *pkey, int indent, - const char *kstr) -{ - return BIO_indent(out, indent, 128) - && BIO_printf(out, "%s algorithm \"%s\" unsupported\n", - kstr, OBJ_nid2ln(pkey->type)) > 0; -} - -static int print_pkey(const EVP_PKEY *pkey, BIO *out, int indent, - int selection /* For provided encoding */, - const char *propquery /* For provided encoding */, - int (*legacy_print)(BIO *out, const EVP_PKEY *pkey, - int indent, ASN1_PCTX *pctx), - ASN1_PCTX *legacy_pctx /* For legacy print */) -{ - int pop_f_prefix; - long saved_indent; - OSSL_ENCODER_CTX *ctx = NULL; - int ret = -2; /* default to unsupported */ - - if (!print_set_indent(&out, &pop_f_prefix, &saved_indent, indent)) - return 0; - - ctx = OSSL_ENCODER_CTX_new_for_pkey(pkey, selection, "TEXT", NULL, - propquery); - if (OSSL_ENCODER_CTX_get_num_encoders(ctx) != 0) - ret = OSSL_ENCODER_to_bio(ctx, out); - OSSL_ENCODER_CTX_free(ctx); - - if (ret != -2) - goto end; - - /* legacy fallback */ - if (legacy_print != NULL) - ret = legacy_print(out, pkey, 0, legacy_pctx); - else - ret = unsup_alg(out, pkey, 0, "Public Key"); - - end: - print_reset_indent(&out, pop_f_prefix, saved_indent); - return ret; -} - -int EVP_PKEY_print_public(BIO *out, const EVP_PKEY *pkey, - int indent, ASN1_PCTX *pctx) -{ - return print_pkey(pkey, out, indent, EVP_PKEY_PUBLIC_KEY, NULL, - (pkey->ameth != NULL ? pkey->ameth->pub_print : NULL), - pctx); -} - -int EVP_PKEY_print_private(BIO *out, const EVP_PKEY *pkey, - int indent, ASN1_PCTX *pctx) -{ - return print_pkey(pkey, out, indent, EVP_PKEY_KEYPAIR, NULL, - (pkey->ameth != NULL ? pkey->ameth->priv_print : NULL), - pctx); -} - -int EVP_PKEY_print_params(BIO *out, const EVP_PKEY *pkey, - int indent, ASN1_PCTX *pctx) -{ - return print_pkey(pkey, out, indent, EVP_PKEY_KEY_PARAMETERS, NULL, - (pkey->ameth != NULL ? pkey->ameth->param_print : NULL), - pctx); -} - -# ifndef OPENSSL_NO_STDIO -int EVP_PKEY_print_public_fp(FILE *fp, const EVP_PKEY *pkey, - int indent, ASN1_PCTX *pctx) -{ - int ret; - BIO *b = BIO_new_fp(fp, BIO_NOCLOSE); - - if (b == NULL) - return 0; - ret = EVP_PKEY_print_public(b, pkey, indent, pctx); - BIO_free(b); - return ret; -} - -int EVP_PKEY_print_private_fp(FILE *fp, const EVP_PKEY *pkey, - int indent, ASN1_PCTX *pctx) -{ - int ret; - BIO *b = BIO_new_fp(fp, BIO_NOCLOSE); - - if (b == NULL) - return 0; - ret = EVP_PKEY_print_private(b, pkey, indent, pctx); - BIO_free(b); - return ret; -} - -int EVP_PKEY_print_params_fp(FILE *fp, const EVP_PKEY *pkey, - int indent, ASN1_PCTX *pctx) -{ - int ret; - BIO *b = BIO_new_fp(fp, BIO_NOCLOSE); - - if (b == NULL) - return 0; - ret = EVP_PKEY_print_params(b, pkey, indent, pctx); - BIO_free(b); - return ret; -} -# endif - -static void mdname2nid(const char *mdname, void *data) -{ - int *nid = (int *)data; - - if (*nid != NID_undef) - return; - - *nid = OBJ_sn2nid(mdname); - if (*nid == NID_undef) - *nid = OBJ_ln2nid(mdname); -} - -static int legacy_asn1_ctrl_to_param(EVP_PKEY *pkey, int op, - int arg1, void *arg2) -{ - if (pkey->keymgmt == NULL) - return 0; - switch (op) { - case ASN1_PKEY_CTRL_DEFAULT_MD_NID: - { - char mdname[80] = ""; - int rv = EVP_PKEY_get_default_digest_name(pkey, mdname, - sizeof(mdname)); - - if (rv > 0) { - int mdnum; - OSSL_LIB_CTX *libctx = ossl_provider_libctx(pkey->keymgmt->prov); - /* Make sure the MD is in the namemap if available */ - EVP_MD *md; - OSSL_NAMEMAP *namemap; - int nid = NID_undef; - - (void)ERR_set_mark(); - md = EVP_MD_fetch(libctx, mdname, NULL); - (void)ERR_pop_to_mark(); - namemap = ossl_namemap_stored(libctx); - - /* - * The only reason to fetch the MD was to make sure it is in the - * namemap. We can immediately free it. - */ - EVP_MD_free(md); - mdnum = ossl_namemap_name2num(namemap, mdname); - if (mdnum == 0) - return 0; - - /* - * We have the namemap number - now we need to find the - * associated nid - */ - if (!ossl_namemap_doall_names(namemap, mdnum, mdname2nid, &nid)) - return 0; - *(int *)arg2 = nid; - } - return rv; - } - default: - return -2; - } -} - -static int evp_pkey_asn1_ctrl(EVP_PKEY *pkey, int op, int arg1, void *arg2) -{ - if (pkey->ameth == NULL) - return legacy_asn1_ctrl_to_param(pkey, op, arg1, arg2); - if (pkey->ameth->pkey_ctrl == NULL) - return -2; - return pkey->ameth->pkey_ctrl(pkey, op, arg1, arg2); -} - -int EVP_PKEY_get_default_digest_nid(EVP_PKEY *pkey, int *pnid) -{ - return evp_pkey_asn1_ctrl(pkey, ASN1_PKEY_CTRL_DEFAULT_MD_NID, 0, pnid); -} - -int EVP_PKEY_get_default_digest_name(EVP_PKEY *pkey, - char *mdname, size_t mdname_sz) -{ - if (pkey->ameth == NULL) - return evp_keymgmt_util_get_deflt_digest_name(pkey->keymgmt, - pkey->keydata, - mdname, mdname_sz); - - { - int nid = NID_undef; - int rv = EVP_PKEY_get_default_digest_nid(pkey, &nid); - const char *name = rv > 0 ? OBJ_nid2sn(nid) : NULL; - - if (rv > 0) - OPENSSL_strlcpy(mdname, name, mdname_sz); - return rv; - } -} - -int EVP_PKEY_get_group_name(const EVP_PKEY *pkey, char *gname, size_t gname_sz, - size_t *gname_len) -{ - return EVP_PKEY_get_utf8_string_param(pkey, OSSL_PKEY_PARAM_GROUP_NAME, - gname, gname_sz, gname_len); -} - -int EVP_PKEY_digestsign_supports_digest(EVP_PKEY *pkey, OSSL_LIB_CTX *libctx, - const char *name, const char *propq) -{ - int rv; - EVP_MD_CTX *ctx = NULL; - - if ((ctx = EVP_MD_CTX_new()) == NULL) - return -1; - - ERR_set_mark(); - rv = EVP_DigestSignInit_ex(ctx, NULL, name, libctx, - propq, pkey, NULL); - ERR_pop_to_mark(); - - EVP_MD_CTX_free(ctx); - return rv; -} - -int EVP_PKEY_set1_encoded_public_key(EVP_PKEY *pkey, const unsigned char *pub, - size_t publen) -{ - if (pkey != NULL && evp_pkey_is_provided(pkey)) - return - EVP_PKEY_set_octet_string_param(pkey, - OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY, - (unsigned char *)pub, publen); - - if (publen > INT_MAX) - return 0; - /* Historically this function was EVP_PKEY_set1_tls_encodedpoint */ - if (evp_pkey_asn1_ctrl(pkey, ASN1_PKEY_CTRL_SET1_TLS_ENCPT, publen, - (void *)pub) <= 0) - return 0; - return 1; -} - -size_t EVP_PKEY_get1_encoded_public_key(EVP_PKEY *pkey, unsigned char **ppub) -{ - int rv; - - if (pkey != NULL && evp_pkey_is_provided(pkey)) { - size_t return_size = OSSL_PARAM_UNMODIFIED; - unsigned char *buf; - - /* - * We know that this is going to fail, but it will give us a size - * to allocate. - */ - EVP_PKEY_get_octet_string_param(pkey, - OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY, - NULL, 0, &return_size); - if (return_size == OSSL_PARAM_UNMODIFIED) - return 0; - - *ppub = NULL; - buf = OPENSSL_malloc(return_size); - if (buf == NULL) - return 0; - - if (!EVP_PKEY_get_octet_string_param(pkey, - OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY, - buf, return_size, NULL)) { - OPENSSL_free(buf); - return 0; - } - *ppub = buf; - return return_size; - } - - - rv = evp_pkey_asn1_ctrl(pkey, ASN1_PKEY_CTRL_GET1_TLS_ENCPT, 0, ppub); - if (rv <= 0) - return 0; - return rv; -} - -#endif /* FIPS_MODULE */ - -/*- All methods below can also be used in FIPS_MODULE */ - -EVP_PKEY *EVP_PKEY_new(void) -{ - EVP_PKEY *ret = OPENSSL_zalloc(sizeof(*ret)); - - if (ret == NULL) { - ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE); - return NULL; - } - - ret->type = EVP_PKEY_NONE; - ret->save_type = EVP_PKEY_NONE; - ret->references = 1; - - ret->lock = CRYPTO_THREAD_lock_new(); - if (ret->lock == NULL) { - EVPerr(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE); - goto err; - } - -#ifndef FIPS_MODULE - ret->save_parameters = 1; - if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_EVP_PKEY, ret, &ret->ex_data)) { - ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE); - goto err; - } -#endif - return ret; - - err: - CRYPTO_THREAD_lock_free(ret->lock); - OPENSSL_free(ret); - return NULL; -} - -/* - * Setup a public key management method. - * - * For legacy keys, either |type| or |str| is expected to have the type - * information. In this case, the setup consists of finding an ASN1 method - * and potentially an ENGINE, and setting those fields in |pkey|. - * - * For provider side keys, |keymgmt| is expected to be non-NULL. In this - * case, the setup consists of setting the |keymgmt| field in |pkey|. - * - * If pkey is NULL just return 1 or 0 if the key management method exists. - */ - -static int pkey_set_type(EVP_PKEY *pkey, ENGINE *e, int type, const char *str, - int len, EVP_KEYMGMT *keymgmt) -{ -#ifndef FIPS_MODULE - const EVP_PKEY_ASN1_METHOD *ameth = NULL; - ENGINE **eptr = (e == NULL) ? &e : NULL; -#endif - - /* - * The setups can't set both legacy and provider side methods. - * It is forbidden - */ - if (!ossl_assert(type == EVP_PKEY_NONE || keymgmt == NULL) - || !ossl_assert(e == NULL || keymgmt == NULL)) { - ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR); - return 0; - } - - if (pkey != NULL) { - int free_it = 0; - -#ifndef FIPS_MODULE - free_it = free_it || pkey->pkey.ptr != NULL; -#endif - free_it = free_it || pkey->keydata != NULL; - if (free_it) - evp_pkey_free_it(pkey); -#ifndef FIPS_MODULE - /* - * If key type matches and a method exists then this lookup has - * succeeded once so just indicate success. - */ - if (pkey->type != EVP_PKEY_NONE - && type == pkey->save_type - && pkey->ameth != NULL) - return 1; -# ifndef OPENSSL_NO_ENGINE - /* If we have ENGINEs release them */ - ENGINE_finish(pkey->engine); - pkey->engine = NULL; - ENGINE_finish(pkey->pmeth_engine); - pkey->pmeth_engine = NULL; -# endif -#endif - } -#ifndef FIPS_MODULE - if (str != NULL) - ameth = EVP_PKEY_asn1_find_str(eptr, str, len); - else if (type != EVP_PKEY_NONE) - ameth = EVP_PKEY_asn1_find(eptr, type); -# ifndef OPENSSL_NO_ENGINE - if (pkey == NULL && eptr != NULL) - ENGINE_finish(e); -# endif -#endif - - - { - int check = 1; - -#ifndef FIPS_MODULE - check = check && ameth == NULL; -#endif - check = check && keymgmt == NULL; - if (check) { - ERR_raise(ERR_LIB_EVP, EVP_R_UNSUPPORTED_ALGORITHM); - return 0; - } - } - if (pkey != NULL) { - if (keymgmt != NULL && !EVP_KEYMGMT_up_ref(keymgmt)) { - ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR); - return 0; - } - - pkey->keymgmt = keymgmt; - - pkey->save_type = type; - pkey->type = type; - -#ifndef FIPS_MODULE - /* - * If the internal "origin" key is provider side, don't save |ameth|. - * The main reason is that |ameth| is one factor to detect that the - * internal "origin" key is a legacy one. - */ - if (keymgmt == NULL) - pkey->ameth = ameth; - - /* - * The EVP_PKEY_ASN1_METHOD |pkey_id| retains its legacy key purpose - * for any key type that has a legacy implementation, regardless of - * if the internal key is a legacy or a provider side one. When - * there is no legacy implementation for the key, the type becomes - * EVP_PKEY_KEYMGMT, which indicates that one should be cautious - * with functions that expect legacy internal keys. - */ - if (ameth != NULL) { - if (type == EVP_PKEY_NONE) - pkey->type = ameth->pkey_id; - } else { - pkey->type = EVP_PKEY_KEYMGMT; - } -# ifndef OPENSSL_NO_ENGINE - if (eptr == NULL && e != NULL && !ENGINE_init(e)) { - ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); - return 0; - } -# endif - pkey->engine = e; -#endif - } - return 1; -} - -#ifndef FIPS_MODULE -static void find_ameth(const char *name, void *data) -{ - const char **str = data; - - /* - * The error messages from pkey_set_type() are uninteresting here, - * and misleading. - */ - ERR_set_mark(); - - if (pkey_set_type(NULL, NULL, EVP_PKEY_NONE, name, strlen(name), - NULL)) { - if (str[0] == NULL) - str[0] = name; - else if (str[1] == NULL) - str[1] = name; - } - - ERR_pop_to_mark(); -} -#endif - -int EVP_PKEY_set_type_by_keymgmt(EVP_PKEY *pkey, EVP_KEYMGMT *keymgmt) -{ -#ifndef FIPS_MODULE -# define EVP_PKEY_TYPE_STR str[0] -# define EVP_PKEY_TYPE_STRLEN (str[0] == NULL ? -1 : (int)strlen(str[0])) - /* - * Find at most two strings that have an associated EVP_PKEY_ASN1_METHOD - * Ideally, only one should be found. If two (or more) are found, the - * match is ambiguous. This should never happen, but... - */ - const char *str[2] = { NULL, NULL }; - - if (!EVP_KEYMGMT_names_do_all(keymgmt, find_ameth, &str) - || str[1] != NULL) { - ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR); - return 0; - } -#else -# define EVP_PKEY_TYPE_STR NULL -# define EVP_PKEY_TYPE_STRLEN -1 -#endif - return pkey_set_type(pkey, NULL, EVP_PKEY_NONE, - EVP_PKEY_TYPE_STR, EVP_PKEY_TYPE_STRLEN, - keymgmt); - -#undef EVP_PKEY_TYPE_STR -#undef EVP_PKEY_TYPE_STRLEN -} - -int EVP_PKEY_up_ref(EVP_PKEY *pkey) -{ - int i; - - if (CRYPTO_UP_REF(&pkey->references, &i, pkey->lock) <= 0) - return 0; - - REF_PRINT_COUNT("EVP_PKEY", pkey); - REF_ASSERT_ISNT(i < 2); - return ((i > 1) ? 1 : 0); -} - -#ifndef FIPS_MODULE -EVP_PKEY *EVP_PKEY_dup(EVP_PKEY *pkey) -{ - EVP_PKEY *dup_pk; - - if (pkey == NULL) { - ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER); - return NULL; - } - - if ((dup_pk = EVP_PKEY_new()) == NULL) - return NULL; - - if (evp_pkey_is_blank(pkey)) - goto done; - - if (evp_pkey_is_provided(pkey)) { - if (!evp_keymgmt_util_copy(dup_pk, pkey, - OSSL_KEYMGMT_SELECT_ALL)) - goto err; - goto done; - } - - if (evp_pkey_is_legacy(pkey)) { - const EVP_PKEY_ASN1_METHOD *ameth = pkey->ameth; - - if (ameth == NULL || ameth->copy == NULL) { - if (pkey->pkey.ptr == NULL /* empty key, just set type */ - && EVP_PKEY_set_type(dup_pk, pkey->type) != 0) - goto done; - ERR_raise(ERR_LIB_EVP, EVP_R_UNSUPPORTED_KEY_TYPE); - goto err; - } - if (!ameth->copy(dup_pk, pkey)) - goto err; - goto done; - } - - goto err; -done: - /* copy auxiliary data */ - if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_EVP_PKEY, - &dup_pk->ex_data, &pkey->ex_data)) - goto err; - - if (pkey->attributes != NULL) { - if ((dup_pk->attributes = ossl_x509at_dup(pkey->attributes)) == NULL) - goto err; - } - return dup_pk; -err: - EVP_PKEY_free(dup_pk); - return NULL; -} - -void evp_pkey_free_legacy(EVP_PKEY *x) -{ - const EVP_PKEY_ASN1_METHOD *ameth = x->ameth; - ENGINE *tmpe = NULL; - - if (ameth == NULL && x->legacy_cache_pkey.ptr != NULL) - ameth = EVP_PKEY_asn1_find(&tmpe, x->type); - - if (ameth != NULL) { - if (x->legacy_cache_pkey.ptr != NULL) { - /* - * We should never have both a legacy origin key, and a key in the - * legacy cache. - */ - assert(x->pkey.ptr == NULL); - /* - * For the purposes of freeing we make the legacy cache look like - * a legacy origin key. - */ - x->pkey = x->legacy_cache_pkey; - x->legacy_cache_pkey.ptr = NULL; - } - if (ameth->pkey_free != NULL) - ameth->pkey_free(x); - x->pkey.ptr = NULL; - } -# ifndef OPENSSL_NO_ENGINE - ENGINE_finish(tmpe); - ENGINE_finish(x->engine); - x->engine = NULL; - ENGINE_finish(x->pmeth_engine); - x->pmeth_engine = NULL; -# endif -} -#endif /* FIPS_MODULE */ - -static void evp_pkey_free_it(EVP_PKEY *x) -{ - /* internal function; x is never NULL */ - evp_keymgmt_util_clear_operation_cache(x, 1); -#ifndef FIPS_MODULE - evp_pkey_free_legacy(x); -#endif - - if (x->keymgmt != NULL) { - evp_keymgmt_freedata(x->keymgmt, x->keydata); - EVP_KEYMGMT_free(x->keymgmt); - x->keymgmt = NULL; - x->keydata = NULL; - } - x->type = EVP_PKEY_NONE; -} - -void EVP_PKEY_free(EVP_PKEY *x) -{ - int i; - - if (x == NULL) - return; - - CRYPTO_DOWN_REF(&x->references, &i, x->lock); - REF_PRINT_COUNT("EVP_PKEY", x); - if (i > 0) - return; - REF_ASSERT_ISNT(i < 0); - evp_pkey_free_it(x); -#ifndef FIPS_MODULE - CRYPTO_free_ex_data(CRYPTO_EX_INDEX_EVP_PKEY, x, &x->ex_data); -#endif - CRYPTO_THREAD_lock_free(x->lock); -#ifndef FIPS_MODULE - sk_X509_ATTRIBUTE_pop_free(x->attributes, X509_ATTRIBUTE_free); -#endif - OPENSSL_free(x); -} - -int EVP_PKEY_get_size(const EVP_PKEY *pkey) -{ - int size = 0; - - if (pkey != NULL) { - size = pkey->cache.size; -#ifndef FIPS_MODULE - if (pkey->ameth != NULL && pkey->ameth->pkey_size != NULL) - size = pkey->ameth->pkey_size(pkey); -#endif - } - return size < 0 ? 0 : size; -} - -const char *EVP_PKEY_get0_description(const EVP_PKEY *pkey) -{ - if (!evp_pkey_is_assigned(pkey)) - return NULL; - - if (evp_pkey_is_provided(pkey) && pkey->keymgmt->description != NULL) - return pkey->keymgmt->description; -#ifndef FIPS_MODULE - if (pkey->ameth != NULL) - return pkey->ameth->info; -#endif - return NULL; -} - -void *evp_pkey_export_to_provider(EVP_PKEY *pk, OSSL_LIB_CTX *libctx, - EVP_KEYMGMT **keymgmt, - const char *propquery) -{ - EVP_KEYMGMT *allocated_keymgmt = NULL; - EVP_KEYMGMT *tmp_keymgmt = NULL; - void *keydata = NULL; - int check; - - if (pk == NULL) - return NULL; - - /* No key data => nothing to export */ - check = 1; -#ifndef FIPS_MODULE - check = check && pk->pkey.ptr == NULL; -#endif - check = check && pk->keydata == NULL; - if (check) - return NULL; - -#ifndef FIPS_MODULE - if (pk->pkey.ptr != NULL) { - /* - * If the legacy key doesn't have an dirty counter or export function, - * give up - */ - if (pk->ameth->dirty_cnt == NULL || pk->ameth->export_to == NULL) - return NULL; - } -#endif - - if (keymgmt != NULL) { - tmp_keymgmt = *keymgmt; - *keymgmt = NULL; - } - - /* - * If no keymgmt was given or found, get a default keymgmt. We do so by - * letting EVP_PKEY_CTX_new_from_pkey() do it for us, then we steal it. - */ - if (tmp_keymgmt == NULL) { - EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pk, propquery); - - if (ctx == NULL) - goto end; - allocated_keymgmt = tmp_keymgmt = ctx->keymgmt; - ctx->keymgmt = NULL; - EVP_PKEY_CTX_free(ctx); - } - - /* If there's still no keymgmt to be had, give up */ - if (tmp_keymgmt == NULL) - goto end; - -#ifndef FIPS_MODULE - if (pk->pkey.ptr != NULL) { - OP_CACHE_ELEM *op; - - /* - * If the legacy "origin" hasn't changed since last time, we try - * to find our keymgmt in the operation cache. If it has changed, - * |i| remains zero, and we will clear the cache further down. - */ - if (pk->ameth->dirty_cnt(pk) == pk->dirty_cnt_copy) { - if (!CRYPTO_THREAD_read_lock(pk->lock)) - goto end; - op = evp_keymgmt_util_find_operation_cache(pk, tmp_keymgmt); - - /* - * If |tmp_keymgmt| is present in the operation cache, it means - * that export doesn't need to be redone. In that case, we take - * token copies of the cached pointers, to have token success - * values to return. - */ - if (op != NULL && op->keymgmt != NULL) { - keydata = op->keydata; - CRYPTO_THREAD_unlock(pk->lock); - goto end; - } - CRYPTO_THREAD_unlock(pk->lock); - } - - /* Make sure that the keymgmt key type matches the legacy NID */ - if (!EVP_KEYMGMT_is_a(tmp_keymgmt, OBJ_nid2sn(pk->type))) - goto end; - - if ((keydata = evp_keymgmt_newdata(tmp_keymgmt)) == NULL) - goto end; - - if (!pk->ameth->export_to(pk, keydata, tmp_keymgmt->import, - libctx, propquery)) { - evp_keymgmt_freedata(tmp_keymgmt, keydata); - keydata = NULL; - goto end; - } - - /* - * If the dirty counter changed since last time, then clear the - * operation cache. In that case, we know that |i| is zero. Just - * in case this is a re-export, we increment then decrement the - * keymgmt reference counter. - */ - if (!EVP_KEYMGMT_up_ref(tmp_keymgmt)) { /* refcnt++ */ - evp_keymgmt_freedata(tmp_keymgmt, keydata); - keydata = NULL; - goto end; - } - - if (!CRYPTO_THREAD_write_lock(pk->lock)) - goto end; - if (pk->ameth->dirty_cnt(pk) != pk->dirty_cnt_copy - && !evp_keymgmt_util_clear_operation_cache(pk, 0)) { - CRYPTO_THREAD_unlock(pk->lock); - evp_keymgmt_freedata(tmp_keymgmt, keydata); - keydata = NULL; - EVP_KEYMGMT_free(tmp_keymgmt); - goto end; - } - EVP_KEYMGMT_free(tmp_keymgmt); /* refcnt-- */ - - /* Check to make sure some other thread didn't get there first */ - op = evp_keymgmt_util_find_operation_cache(pk, tmp_keymgmt); - if (op != NULL && op->keymgmt != NULL) { - void *tmp_keydata = op->keydata; - - CRYPTO_THREAD_unlock(pk->lock); - evp_keymgmt_freedata(tmp_keymgmt, keydata); - keydata = tmp_keydata; - goto end; - } - - /* Add the new export to the operation cache */ - if (!evp_keymgmt_util_cache_keydata(pk, tmp_keymgmt, keydata)) { - CRYPTO_THREAD_unlock(pk->lock); - evp_keymgmt_freedata(tmp_keymgmt, keydata); - keydata = NULL; - goto end; - } - - /* Synchronize the dirty count */ - pk->dirty_cnt_copy = pk->ameth->dirty_cnt(pk); - - CRYPTO_THREAD_unlock(pk->lock); - goto end; - } -#endif /* FIPS_MODULE */ - - keydata = evp_keymgmt_util_export_to_provider(pk, tmp_keymgmt); - - end: - /* - * If nothing was exported, |tmp_keymgmt| might point at a freed - * EVP_KEYMGMT, so we clear it to be safe. It shouldn't be useful for - * the caller either way in that case. - */ - if (keydata == NULL) - tmp_keymgmt = NULL; - - if (keymgmt != NULL && tmp_keymgmt != NULL) { - *keymgmt = tmp_keymgmt; - allocated_keymgmt = NULL; - } - - EVP_KEYMGMT_free(allocated_keymgmt); - return keydata; -} - -#ifndef FIPS_MODULE -int evp_pkey_copy_downgraded(EVP_PKEY **dest, const EVP_PKEY *src) -{ - EVP_PKEY *allocpkey = NULL; - - if (!ossl_assert(dest != NULL)) - return 0; - - if (evp_pkey_is_assigned(src) && evp_pkey_is_provided(src)) { - EVP_KEYMGMT *keymgmt = src->keymgmt; - void *keydata = src->keydata; - int type = src->type; - const char *keytype = NULL; - - keytype = EVP_KEYMGMT_get0_name(keymgmt); - - /* - * If the type is EVP_PKEY_NONE, then we have a problem somewhere - * else in our code. If it's not one of the well known EVP_PKEY_xxx - * values, it should at least be EVP_PKEY_KEYMGMT at this point. - * The check is kept as a safety measure. - */ - if (!ossl_assert(type != EVP_PKEY_NONE)) { - ERR_raise_data(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR, - "keymgmt key type = %s but legacy type = EVP_PKEY_NONE", - keytype); - return 0; - } - - /* Prefer the legacy key type name for error reporting */ - if (type != EVP_PKEY_KEYMGMT) - keytype = OBJ_nid2sn(type); - - /* Make sure we have a clean slate to copy into */ - if (*dest == NULL) { - allocpkey = *dest = EVP_PKEY_new(); - if (*dest == NULL) { - ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE); - return 0; - } - } else { - evp_pkey_free_it(*dest); - } - - if (EVP_PKEY_set_type(*dest, type)) { - /* If the key is typed but empty, we're done */ - if (keydata == NULL) - return 1; - - if ((*dest)->ameth->import_from == NULL) { - ERR_raise_data(ERR_LIB_EVP, EVP_R_NO_IMPORT_FUNCTION, - "key type = %s", keytype); - } else { - /* - * We perform the export in the same libctx as the keymgmt - * that we are using. - */ - OSSL_LIB_CTX *libctx = - ossl_provider_libctx(keymgmt->prov); - EVP_PKEY_CTX *pctx = - EVP_PKEY_CTX_new_from_pkey(libctx, *dest, NULL); - - if (pctx == NULL) - ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE); - - if (pctx != NULL - && evp_keymgmt_export(keymgmt, keydata, - OSSL_KEYMGMT_SELECT_ALL, - (*dest)->ameth->import_from, - pctx)) { - /* Synchronize the dirty count */ - (*dest)->dirty_cnt_copy = (*dest)->ameth->dirty_cnt(*dest); - - EVP_PKEY_CTX_free(pctx); - return 1; - } - EVP_PKEY_CTX_free(pctx); - } - - ERR_raise_data(ERR_LIB_EVP, EVP_R_KEYMGMT_EXPORT_FAILURE, - "key type = %s", keytype); - } - } - - if (allocpkey != NULL) { - EVP_PKEY_free(allocpkey); - *dest = NULL; - } - return 0; -} - -void *evp_pkey_get_legacy(EVP_PKEY *pk) -{ - EVP_PKEY *tmp_copy = NULL; - void *ret = NULL; - - if (!ossl_assert(pk != NULL)) - return NULL; - - /* - * If this isn't an assigned provider side key, we just use any existing - * origin legacy key. - */ - if (!evp_pkey_is_assigned(pk)) - return NULL; - if (!evp_pkey_is_provided(pk)) - return pk->pkey.ptr; - - if (!CRYPTO_THREAD_read_lock(pk->lock)) - return NULL; - - ret = pk->legacy_cache_pkey.ptr; - - if (!CRYPTO_THREAD_unlock(pk->lock)) - return NULL; - - if (ret != NULL) - return ret; - - if (!evp_pkey_copy_downgraded(&tmp_copy, pk)) - goto err; - - if (!CRYPTO_THREAD_write_lock(pk->lock)) - goto err; - - /* Check again in case some other thread has updated it in the meantime */ - ret = pk->legacy_cache_pkey.ptr; - if (ret == NULL) { - /* Steal the legacy key reference from the temporary copy */ - ret = pk->legacy_cache_pkey.ptr = tmp_copy->pkey.ptr; - tmp_copy->pkey.ptr = NULL; - } - - if (!CRYPTO_THREAD_unlock(pk->lock)) { - ret = NULL; - goto err; - } - - err: - EVP_PKEY_free(tmp_copy); - - return ret; -} -#endif /* FIPS_MODULE */ - -int EVP_PKEY_get_bn_param(const EVP_PKEY *pkey, const char *key_name, - BIGNUM **bn) -{ - int ret = 0; - OSSL_PARAM params[2]; - unsigned char buffer[2048]; - unsigned char *buf = NULL; - size_t buf_sz = 0; - - if (key_name == NULL - || bn == NULL) - return 0; - - memset(buffer, 0, sizeof(buffer)); - params[0] = OSSL_PARAM_construct_BN(key_name, buffer, sizeof(buffer)); - params[1] = OSSL_PARAM_construct_end(); - if (!EVP_PKEY_get_params(pkey, params)) { - if (!OSSL_PARAM_modified(params) || params[0].return_size == 0) - return 0; - buf_sz = params[0].return_size; - /* - * If it failed because the buffer was too small then allocate the - * required buffer size and retry. - */ - buf = OPENSSL_zalloc(buf_sz); - if (buf == NULL) - return 0; - params[0].data = buf; - params[0].data_size = buf_sz; - - if (!EVP_PKEY_get_params(pkey, params)) - goto err; - } - /* Fail if the param was not found */ - if (!OSSL_PARAM_modified(params)) - goto err; - ret = OSSL_PARAM_get_BN(params, bn); -err: - OPENSSL_free(buf); - return ret; -} - -int EVP_PKEY_get_octet_string_param(const EVP_PKEY *pkey, const char *key_name, - unsigned char *buf, size_t max_buf_sz, - size_t *out_len) -{ - OSSL_PARAM params[2]; - int ret1 = 0, ret2 = 0; - - if (key_name == NULL) - return 0; - - params[0] = OSSL_PARAM_construct_octet_string(key_name, buf, max_buf_sz); - params[1] = OSSL_PARAM_construct_end(); - if ((ret1 = EVP_PKEY_get_params(pkey, params))) - ret2 = OSSL_PARAM_modified(params); - if (ret2 && out_len != NULL) - *out_len = params[0].return_size; - return ret1 && ret2; -} - -int EVP_PKEY_get_utf8_string_param(const EVP_PKEY *pkey, const char *key_name, - char *str, size_t max_buf_sz, - size_t *out_len) -{ - OSSL_PARAM params[2]; - int ret1 = 0, ret2 = 0; - - if (key_name == NULL) - return 0; - - params[0] = OSSL_PARAM_construct_utf8_string(key_name, str, max_buf_sz); - params[1] = OSSL_PARAM_construct_end(); - if ((ret1 = EVP_PKEY_get_params(pkey, params))) - ret2 = OSSL_PARAM_modified(params); - if (ret2 && out_len != NULL) - *out_len = params[0].return_size; - - if (ret2 && params[0].return_size == max_buf_sz) - /* There was no space for a NUL byte */ - return 0; - /* Add a terminating NUL byte for good measure */ - if (ret2 && str != NULL) - str[params[0].return_size] = '\0'; - - return ret1 && ret2; -} - -int EVP_PKEY_get_int_param(const EVP_PKEY *pkey, const char *key_name, - int *out) -{ - OSSL_PARAM params[2]; - - if (key_name == NULL) - return 0; - - params[0] = OSSL_PARAM_construct_int(key_name, out); - params[1] = OSSL_PARAM_construct_end(); - return EVP_PKEY_get_params(pkey, params) - && OSSL_PARAM_modified(params); -} - -int EVP_PKEY_get_size_t_param(const EVP_PKEY *pkey, const char *key_name, - size_t *out) -{ - OSSL_PARAM params[2]; - - if (key_name == NULL) - return 0; - - params[0] = OSSL_PARAM_construct_size_t(key_name, out); - params[1] = OSSL_PARAM_construct_end(); - return EVP_PKEY_get_params(pkey, params) - && OSSL_PARAM_modified(params); -} - -int EVP_PKEY_set_int_param(EVP_PKEY *pkey, const char *key_name, int in) -{ - OSSL_PARAM params[2]; - - if (key_name == NULL) - return 0; - - params[0] = OSSL_PARAM_construct_int(key_name, &in); - params[1] = OSSL_PARAM_construct_end(); - return EVP_PKEY_set_params(pkey, params); -} - -int EVP_PKEY_set_size_t_param(EVP_PKEY *pkey, const char *key_name, size_t in) -{ - OSSL_PARAM params[2]; - - if (key_name == NULL) - return 0; - - params[0] = OSSL_PARAM_construct_size_t(key_name, &in); - params[1] = OSSL_PARAM_construct_end(); - return EVP_PKEY_set_params(pkey, params); -} - -int EVP_PKEY_set_bn_param(EVP_PKEY *pkey, const char *key_name, - const BIGNUM *bn) -{ - OSSL_PARAM params[2]; - unsigned char buffer[2048]; - int bsize = 0; - - if (key_name == NULL - || bn == NULL - || pkey == NULL - || !evp_pkey_is_assigned(pkey)) - return 0; - - bsize = BN_num_bytes(bn); - if (!ossl_assert(bsize <= (int)sizeof(buffer))) - return 0; - - if (BN_bn2nativepad(bn, buffer, bsize) < 0) - return 0; - params[0] = OSSL_PARAM_construct_BN(key_name, buffer, bsize); - params[1] = OSSL_PARAM_construct_end(); - return EVP_PKEY_set_params(pkey, params); -} - -int EVP_PKEY_set_utf8_string_param(EVP_PKEY *pkey, const char *key_name, - const char *str) -{ - OSSL_PARAM params[2]; - - if (key_name == NULL) - return 0; - - params[0] = OSSL_PARAM_construct_utf8_string(key_name, (char *)str, 0); - params[1] = OSSL_PARAM_construct_end(); - return EVP_PKEY_set_params(pkey, params); -} - -int EVP_PKEY_set_octet_string_param(EVP_PKEY *pkey, const char *key_name, - const unsigned char *buf, size_t bsize) -{ - OSSL_PARAM params[2]; - - if (key_name == NULL) - return 0; - - params[0] = OSSL_PARAM_construct_octet_string(key_name, - (unsigned char *)buf, bsize); - params[1] = OSSL_PARAM_construct_end(); - return EVP_PKEY_set_params(pkey, params); -} - -const OSSL_PARAM *EVP_PKEY_settable_params(const EVP_PKEY *pkey) -{ - return (pkey != NULL && evp_pkey_is_provided(pkey)) - ? EVP_KEYMGMT_settable_params(pkey->keymgmt) - : NULL; -} - -int EVP_PKEY_set_params(EVP_PKEY *pkey, OSSL_PARAM params[]) -{ - if (pkey != NULL) { - if (evp_pkey_is_provided(pkey)) { - pkey->dirty_cnt++; - return evp_keymgmt_set_params(pkey->keymgmt, pkey->keydata, params); - } -#ifndef FIPS_MODULE - /* - * We will hopefully never find the need to set individual data in - * EVP_PKEYs with a legacy internal key, but we can't be entirely - * sure. This bit of code can be enabled if we find the need. If - * not, it can safely be removed when #legacy support is removed. - */ -# if 0 - else if (evp_pkey_is_legacy(pkey)) { - return evp_pkey_set_params_to_ctrl(pkey, params); - } -# endif -#endif - } - ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_KEY); - return 0; -} - -const OSSL_PARAM *EVP_PKEY_gettable_params(const EVP_PKEY *pkey) -{ - return (pkey != NULL && evp_pkey_is_provided(pkey)) - ? EVP_KEYMGMT_gettable_params(pkey->keymgmt) - : NULL; -} - -int EVP_PKEY_get_params(const EVP_PKEY *pkey, OSSL_PARAM params[]) -{ - if (pkey != NULL) { - if (evp_pkey_is_provided(pkey)) - return evp_keymgmt_get_params(pkey->keymgmt, pkey->keydata, params) > 0; -#ifndef FIPS_MODULE - else if (evp_pkey_is_legacy(pkey)) - return evp_pkey_get_params_to_ctrl(pkey, params) > 0; -#endif - } - ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_KEY); - return 0; -} - -#ifndef FIPS_MODULE -int EVP_PKEY_get_ec_point_conv_form(const EVP_PKEY *pkey) -{ - char name[80]; - size_t name_len; - - if (pkey == NULL) - return 0; - - if (pkey->keymgmt == NULL - || pkey->keydata == NULL) { -# ifndef OPENSSL_NO_EC - /* Might work through the legacy route */ - const EC_KEY *ec = EVP_PKEY_get0_EC_KEY(pkey); - - if (ec == NULL) - return 0; - - return EC_KEY_get_conv_form(ec); -# else - return 0; -# endif - } - - if (!EVP_PKEY_get_utf8_string_param(pkey, - OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT, - name, sizeof(name), &name_len)) - return 0; - - if (strcmp(name, "uncompressed") == 0) - return POINT_CONVERSION_UNCOMPRESSED; - - if (strcmp(name, "compressed") == 0) - return POINT_CONVERSION_COMPRESSED; - - if (strcmp(name, "hybrid") == 0) - return POINT_CONVERSION_HYBRID; - - return 0; -} - -int EVP_PKEY_get_field_type(const EVP_PKEY *pkey) -{ - char fstr[80]; - size_t fstrlen; - - if (pkey == NULL) - return 0; - - if (pkey->keymgmt == NULL - || pkey->keydata == NULL) { -# ifndef OPENSSL_NO_EC - /* Might work through the legacy route */ - const EC_KEY *ec = EVP_PKEY_get0_EC_KEY(pkey); - const EC_GROUP *grp; - - if (ec == NULL) - return 0; - grp = EC_KEY_get0_group(ec); - if (grp == NULL) - return 0; - - return EC_GROUP_get_field_type(grp); -# else - return 0; -# endif - } - - if (!EVP_PKEY_get_utf8_string_param(pkey, OSSL_PKEY_PARAM_EC_FIELD_TYPE, - fstr, sizeof(fstr), &fstrlen)) - return 0; - - if (strcmp(fstr, SN_X9_62_prime_field) == 0) - return NID_X9_62_prime_field; - else if (strcmp(fstr, SN_X9_62_characteristic_two_field)) - return NID_X9_62_characteristic_two_field; - - return 0; -} -#endif diff --git a/crypto/evp/p_open.c b/crypto/evp/p_open.c deleted file mode 100644 index 8ee8b7a0276bad3e5e341b3129450bd9904ed113..0000000000000000000000000000000000000000 --- a/crypto/evp/p_open.c +++ /dev/null @@ -1,72 +0,0 @@ -/* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include "internal/cryptlib.h" - -#include -#include -#include -#include -#include - -int EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, - const unsigned char *ek, int ekl, const unsigned char *iv, - EVP_PKEY *priv) -{ - unsigned char *key = NULL; - size_t keylen = 0; - int ret = 0; - EVP_PKEY_CTX *pctx = NULL; - - if (type) { - EVP_CIPHER_CTX_reset(ctx); - if (!EVP_DecryptInit_ex(ctx, type, NULL, NULL, NULL)) - goto err; - } - - if (priv == NULL) - return 1; - - if ((pctx = EVP_PKEY_CTX_new(priv, NULL)) == NULL) { - ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE); - goto err; - } - - if (EVP_PKEY_decrypt_init(pctx) <= 0 - || EVP_PKEY_decrypt(pctx, NULL, &keylen, ek, ekl) <= 0) - goto err; - - if ((key = OPENSSL_malloc(keylen)) == NULL) { - ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE); - goto err; - } - - if (EVP_PKEY_decrypt(pctx, key, &keylen, ek, ekl) <= 0) - goto err; - - if (EVP_CIPHER_CTX_set_key_length(ctx, keylen) <= 0 - || !EVP_DecryptInit_ex(ctx, NULL, NULL, key, iv)) - goto err; - - ret = 1; - err: - EVP_PKEY_CTX_free(pctx); - OPENSSL_clear_free(key, keylen); - return ret; -} - -int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) -{ - int i; - - i = EVP_DecryptFinal_ex(ctx, out, outl); - if (i) - i = EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, NULL); - return i; -} diff --git a/crypto/evp/p_seal.c b/crypto/evp/p_seal.c deleted file mode 100644 index 475082d431161d89f186e6b3810e7f0a584b068f..0000000000000000000000000000000000000000 --- a/crypto/evp/p_seal.c +++ /dev/null @@ -1,87 +0,0 @@ -/* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/cryptlib.h" -#include "internal/provider.h" -#include -#include -#include -#include -#include -#include - -int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, - unsigned char **ek, int *ekl, unsigned char *iv, - EVP_PKEY **pubk, int npubk) -{ - unsigned char key[EVP_MAX_KEY_LENGTH]; - const OSSL_PROVIDER *prov; - OSSL_LIB_CTX *libctx = NULL; - EVP_PKEY_CTX *pctx = NULL; - const EVP_CIPHER *cipher; - int i, len; - int rv = 0; - - if (type != NULL) { - EVP_CIPHER_CTX_reset(ctx); - if (!EVP_EncryptInit_ex(ctx, type, NULL, NULL, NULL)) - return 0; - } - if ((cipher = EVP_CIPHER_CTX_get0_cipher(ctx)) != NULL - && (prov = EVP_CIPHER_get0_provider(cipher)) != NULL) - libctx = ossl_provider_libctx(prov); - if ((npubk <= 0) || !pubk) - return 1; - - if (EVP_CIPHER_CTX_rand_key(ctx, key) <= 0) - return 0; - - len = EVP_CIPHER_CTX_get_iv_length(ctx); - if (len < 0 || RAND_priv_bytes_ex(libctx, iv, len, 0) <= 0) - goto err; - - len = EVP_CIPHER_CTX_get_key_length(ctx); - if (len < 0) - goto err; - - if (!EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv)) - goto err; - - for (i = 0; i < npubk; i++) { - size_t keylen = len; - - pctx = EVP_PKEY_CTX_new_from_pkey(libctx, pubk[i], NULL); - if (pctx == NULL) { - ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE); - goto err; - } - - if (EVP_PKEY_encrypt_init(pctx) <= 0 - || EVP_PKEY_encrypt(pctx, ek[i], &keylen, key, keylen) <= 0) - goto err; - ekl[i] = (int)keylen; - EVP_PKEY_CTX_free(pctx); - } - pctx = NULL; - rv = npubk; -err: - EVP_PKEY_CTX_free(pctx); - OPENSSL_cleanse(key, sizeof(key)); - return rv; -} - -int EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) -{ - int i; - i = EVP_EncryptFinal_ex(ctx, out, outl); - if (i) - i = EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL); - return i; -} diff --git a/crypto/evp/p_sign.c b/crypto/evp/p_sign.c deleted file mode 100644 index 8e430f4704b20944cca14490c011cea9546da2b2..0000000000000000000000000000000000000000 --- a/crypto/evp/p_sign.c +++ /dev/null @@ -1,69 +0,0 @@ -/* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/cryptlib.h" -#include -#include -#include -#include "crypto/evp.h" - -int EVP_SignFinal_ex(EVP_MD_CTX *ctx, unsigned char *sigret, - unsigned int *siglen, EVP_PKEY *pkey, OSSL_LIB_CTX *libctx, - const char *propq) -{ - unsigned char m[EVP_MAX_MD_SIZE]; - unsigned int m_len = 0; - int i = 0; - size_t sltmp; - EVP_PKEY_CTX *pkctx = NULL; - - *siglen = 0; - if (EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_FINALISE)) { - if (!EVP_DigestFinal_ex(ctx, m, &m_len)) - goto err; - } else { - int rv = 0; - EVP_MD_CTX *tmp_ctx = EVP_MD_CTX_new(); - - if (tmp_ctx == NULL) { - ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE); - return 0; - } - rv = EVP_MD_CTX_copy_ex(tmp_ctx, ctx); - if (rv) - rv = EVP_DigestFinal_ex(tmp_ctx, m, &m_len); - EVP_MD_CTX_free(tmp_ctx); - if (!rv) - return 0; - } - - sltmp = (size_t)EVP_PKEY_get_size(pkey); - i = 0; - pkctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, propq); - if (pkctx == NULL) - goto err; - if (EVP_PKEY_sign_init(pkctx) <= 0) - goto err; - if (EVP_PKEY_CTX_set_signature_md(pkctx, EVP_MD_CTX_get0_md(ctx)) <= 0) - goto err; - if (EVP_PKEY_sign(pkctx, sigret, &sltmp, m, m_len) <= 0) - goto err; - *siglen = sltmp; - i = 1; - err: - EVP_PKEY_CTX_free(pkctx); - return i; -} - -int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, - unsigned int *siglen, EVP_PKEY *pkey) -{ - return EVP_SignFinal_ex(ctx, sigret, siglen, pkey, NULL, NULL); -} diff --git a/crypto/evp/p_verify.c b/crypto/evp/p_verify.c deleted file mode 100644 index e5667afb7cca7d69dbd3dd57b535567d2820b8d2..0000000000000000000000000000000000000000 --- a/crypto/evp/p_verify.c +++ /dev/null @@ -1,63 +0,0 @@ -/* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/cryptlib.h" -#include -#include -#include -#include "crypto/evp.h" - -int EVP_VerifyFinal_ex(EVP_MD_CTX *ctx, const unsigned char *sigbuf, - unsigned int siglen, EVP_PKEY *pkey, OSSL_LIB_CTX *libctx, - const char *propq) -{ - unsigned char m[EVP_MAX_MD_SIZE]; - unsigned int m_len = 0; - int i = 0; - EVP_PKEY_CTX *pkctx = NULL; - - if (EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_FINALISE)) { - if (!EVP_DigestFinal_ex(ctx, m, &m_len)) - goto err; - } else { - int rv = 0; - EVP_MD_CTX *tmp_ctx = EVP_MD_CTX_new(); - - if (tmp_ctx == NULL) { - ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE); - return 0; - } - rv = EVP_MD_CTX_copy_ex(tmp_ctx, ctx); - if (rv) - rv = EVP_DigestFinal_ex(tmp_ctx, m, &m_len); - EVP_MD_CTX_free(tmp_ctx); - if (!rv) - return 0; - } - - i = -1; - pkctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, propq); - if (pkctx == NULL) - goto err; - if (EVP_PKEY_verify_init(pkctx) <= 0) - goto err; - if (EVP_PKEY_CTX_set_signature_md(pkctx, EVP_MD_CTX_get0_md(ctx)) <= 0) - goto err; - i = EVP_PKEY_verify(pkctx, sigbuf, siglen, m, m_len); - err: - EVP_PKEY_CTX_free(pkctx); - return i; -} - -int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf, - unsigned int siglen, EVP_PKEY *pkey) -{ - return EVP_VerifyFinal_ex(ctx, sigbuf, siglen, pkey, NULL, NULL); -} diff --git a/crypto/evp/pbe_scrypt.c b/crypto/evp/pbe_scrypt.c deleted file mode 100644 index 78b2d13ec9e10de74de463e8dbc04ca9e3f76935..0000000000000000000000000000000000000000 --- a/crypto/evp/pbe_scrypt.c +++ /dev/null @@ -1,99 +0,0 @@ -/* - * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include -#include "internal/numbers.h" - -#ifndef OPENSSL_NO_SCRYPT - -/* - * Maximum permitted memory allow this to be overridden with Configuration - * option: e.g. -DSCRYPT_MAX_MEM=0 for maximum possible. - */ - -#ifdef SCRYPT_MAX_MEM -# if SCRYPT_MAX_MEM == 0 -# undef SCRYPT_MAX_MEM -/* - * Although we could theoretically allocate SIZE_MAX memory that would leave - * no memory available for anything else so set limit as half that. - */ -# define SCRYPT_MAX_MEM (SIZE_MAX/2) -# endif -#else -/* Default memory limit: 32 MB */ -# define SCRYPT_MAX_MEM (1024 * 1024 * 32) -#endif - -int EVP_PBE_scrypt_ex(const char *pass, size_t passlen, - const unsigned char *salt, size_t saltlen, - uint64_t N, uint64_t r, uint64_t p, uint64_t maxmem, - unsigned char *key, size_t keylen, - OSSL_LIB_CTX *ctx, const char *propq) -{ - const char *empty = ""; - int rv = 1; - EVP_KDF *kdf; - EVP_KDF_CTX *kctx; - OSSL_PARAM params[7], *z = params; - - if (r > UINT32_MAX || p > UINT32_MAX) { - ERR_raise(ERR_LIB_EVP, EVP_R_PARAMETER_TOO_LARGE); - return 0; - } - - /* Maintain existing behaviour. */ - if (pass == NULL) { - pass = empty; - passlen = 0; - } - if (salt == NULL) { - salt = (const unsigned char *)empty; - saltlen = 0; - } - if (maxmem == 0) - maxmem = SCRYPT_MAX_MEM; - - /* Use OSSL_LIB_CTX_set0_default() if you need a library context */ - kdf = EVP_KDF_fetch(ctx, OSSL_KDF_NAME_SCRYPT, propq); - kctx = EVP_KDF_CTX_new(kdf); - EVP_KDF_free(kdf); - if (kctx == NULL) - return 0; - - *z++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_PASSWORD, - (unsigned char *)pass, - passlen); - *z++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT, - (unsigned char *)salt, saltlen); - *z++ = OSSL_PARAM_construct_uint64(OSSL_KDF_PARAM_SCRYPT_N, &N); - *z++ = OSSL_PARAM_construct_uint64(OSSL_KDF_PARAM_SCRYPT_R, &r); - *z++ = OSSL_PARAM_construct_uint64(OSSL_KDF_PARAM_SCRYPT_P, &p); - *z++ = OSSL_PARAM_construct_uint64(OSSL_KDF_PARAM_SCRYPT_MAXMEM, &maxmem); - *z = OSSL_PARAM_construct_end(); - if (EVP_KDF_derive(kctx, key, keylen, params) != 1) - rv = 0; - - EVP_KDF_CTX_free(kctx); - return rv; -} - -int EVP_PBE_scrypt(const char *pass, size_t passlen, - const unsigned char *salt, size_t saltlen, - uint64_t N, uint64_t r, uint64_t p, uint64_t maxmem, - unsigned char *key, size_t keylen) -{ - return EVP_PBE_scrypt_ex(pass, passlen, salt, saltlen, N, r, p, maxmem, - key, keylen, NULL, NULL); -} - -#endif diff --git a/crypto/evp/pmeth_check.c b/crypto/evp/pmeth_check.c deleted file mode 100644 index 7f3a2e3a1c805a5b1c81f53465862d8273572468..0000000000000000000000000000000000000000 --- a/crypto/evp/pmeth_check.c +++ /dev/null @@ -1,193 +0,0 @@ -/* - * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include "internal/cryptlib.h" -#include -#include -#include "crypto/bn.h" -#ifndef FIPS_MODULE -# include "crypto/asn1.h" -#endif -#include "crypto/evp.h" -#include "evp_local.h" - -/* - * Returns: - * 1 True - * 0 False - * -1 Unsupported (use legacy path) - */ -static int try_provided_check(EVP_PKEY_CTX *ctx, int selection, int checktype) -{ - EVP_KEYMGMT *keymgmt; - void *keydata; - - if (evp_pkey_ctx_is_legacy(ctx)) - return -1; - - keymgmt = ctx->keymgmt; - keydata = evp_pkey_export_to_provider(ctx->pkey, ctx->libctx, - &keymgmt, ctx->propquery); - if (keydata == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); - return 0; - } - - return evp_keymgmt_validate(keymgmt, keydata, selection, checktype); -} - -static int evp_pkey_public_check_combined(EVP_PKEY_CTX *ctx, int checktype) -{ - EVP_PKEY *pkey = ctx->pkey; - int ok; - - if (pkey == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_NO_KEY_SET); - return 0; - } - - if ((ok = try_provided_check(ctx, OSSL_KEYMGMT_SELECT_PUBLIC_KEY, - checktype)) != -1) - return ok; - - if (pkey->type == EVP_PKEY_NONE) - goto not_supported; - -#ifndef FIPS_MODULE - /* legacy */ - /* call customized public key check function first */ - if (ctx->pmeth->public_check != NULL) - return ctx->pmeth->public_check(pkey); - - /* use default public key check function in ameth */ - if (pkey->ameth == NULL || pkey->ameth->pkey_public_check == NULL) - goto not_supported; - - return pkey->ameth->pkey_public_check(pkey); -#endif - not_supported: - ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); - return -2; -} - -int EVP_PKEY_public_check(EVP_PKEY_CTX *ctx) -{ - return evp_pkey_public_check_combined(ctx, OSSL_KEYMGMT_VALIDATE_FULL_CHECK); -} - -int EVP_PKEY_public_check_quick(EVP_PKEY_CTX *ctx) -{ - return evp_pkey_public_check_combined(ctx, OSSL_KEYMGMT_VALIDATE_QUICK_CHECK); -} - -static int evp_pkey_param_check_combined(EVP_PKEY_CTX *ctx, int checktype) -{ - EVP_PKEY *pkey = ctx->pkey; - int ok; - - if (pkey == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_NO_KEY_SET); - return 0; - } - - if ((ok = try_provided_check(ctx, - OSSL_KEYMGMT_SELECT_ALL_PARAMETERS, - checktype)) != -1) - return ok; - - if (pkey->type == EVP_PKEY_NONE) - goto not_supported; - -#ifndef FIPS_MODULE - /* legacy */ - /* call customized param check function first */ - if (ctx->pmeth->param_check != NULL) - return ctx->pmeth->param_check(pkey); - - /* use default param check function in ameth */ - if (pkey->ameth == NULL || pkey->ameth->pkey_param_check == NULL) - goto not_supported; - - return pkey->ameth->pkey_param_check(pkey); -#endif - not_supported: - ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); - return -2; -} - -int EVP_PKEY_param_check(EVP_PKEY_CTX *ctx) -{ - return evp_pkey_param_check_combined(ctx, OSSL_KEYMGMT_VALIDATE_FULL_CHECK); -} - -int EVP_PKEY_param_check_quick(EVP_PKEY_CTX *ctx) -{ - return evp_pkey_param_check_combined(ctx, OSSL_KEYMGMT_VALIDATE_QUICK_CHECK); -} - -int EVP_PKEY_private_check(EVP_PKEY_CTX *ctx) -{ - EVP_PKEY *pkey = ctx->pkey; - int ok; - - if (pkey == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_NO_KEY_SET); - return 0; - } - - if ((ok = try_provided_check(ctx, OSSL_KEYMGMT_SELECT_PRIVATE_KEY, - OSSL_KEYMGMT_VALIDATE_FULL_CHECK)) != -1) - return ok; - - /* not supported for legacy keys */ - ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); - return -2; -} - -int EVP_PKEY_check(EVP_PKEY_CTX *ctx) -{ - return EVP_PKEY_pairwise_check(ctx); -} - -int EVP_PKEY_pairwise_check(EVP_PKEY_CTX *ctx) -{ - EVP_PKEY *pkey = ctx->pkey; - int ok; - - if (pkey == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_NO_KEY_SET); - return 0; - } - - if ((ok = try_provided_check(ctx, OSSL_KEYMGMT_SELECT_KEYPAIR, - OSSL_KEYMGMT_VALIDATE_FULL_CHECK)) != -1) - return ok; - - if (pkey->type == EVP_PKEY_NONE) - goto not_supported; - -#ifndef FIPS_MODULE - /* legacy */ - /* call customized check function first */ - if (ctx->pmeth->check != NULL) - return ctx->pmeth->check(pkey); - - /* use default check function in ameth */ - if (pkey->ameth == NULL || pkey->ameth->pkey_check == NULL) - goto not_supported; - - return pkey->ameth->pkey_check(pkey); -#endif - not_supported: - ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); - return -2; -} - diff --git a/crypto/evp/pmeth_gn.c b/crypto/evp/pmeth_gn.c deleted file mode 100644 index 8e4940ed5956207aff46c72d9625a3f26bba14f0..0000000000000000000000000000000000000000 --- a/crypto/evp/pmeth_gn.c +++ /dev/null @@ -1,461 +0,0 @@ -/* - * Copyright 2006-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include -#include "internal/cryptlib.h" -#include "internal/core.h" -#include -#include -#include "crypto/bn.h" -#ifndef FIPS_MODULE -# include "crypto/asn1.h" -#endif -#include "crypto/evp.h" -#include "evp_local.h" - -static int gen_init(EVP_PKEY_CTX *ctx, int operation) -{ - int ret = 0; - - if (ctx == NULL) - goto not_supported; - - evp_pkey_ctx_free_old_ops(ctx); - ctx->operation = operation; - - if (ctx->keymgmt == NULL || ctx->keymgmt->gen_init == NULL) - goto legacy; - - switch (operation) { - case EVP_PKEY_OP_PARAMGEN: - ctx->op.keymgmt.genctx = - evp_keymgmt_gen_init(ctx->keymgmt, - OSSL_KEYMGMT_SELECT_ALL_PARAMETERS, NULL); - break; - case EVP_PKEY_OP_KEYGEN: - ctx->op.keymgmt.genctx = - evp_keymgmt_gen_init(ctx->keymgmt, OSSL_KEYMGMT_SELECT_KEYPAIR, - NULL); - break; - } - - if (ctx->op.keymgmt.genctx == NULL) - ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); - else - ret = 1; - goto end; - - legacy: -#ifdef FIPS_MODULE - goto not_supported; -#else - if (ctx->pmeth == NULL - || (operation == EVP_PKEY_OP_PARAMGEN - && ctx->pmeth->paramgen == NULL) - || (operation == EVP_PKEY_OP_KEYGEN - && ctx->pmeth->keygen == NULL)) - goto not_supported; - - ret = 1; - switch (operation) { - case EVP_PKEY_OP_PARAMGEN: - if (ctx->pmeth->paramgen_init != NULL) - ret = ctx->pmeth->paramgen_init(ctx); - break; - case EVP_PKEY_OP_KEYGEN: - if (ctx->pmeth->keygen_init != NULL) - ret = ctx->pmeth->keygen_init(ctx); - break; - } -#endif - - end: - if (ret <= 0 && ctx != NULL) { - evp_pkey_ctx_free_old_ops(ctx); - ctx->operation = EVP_PKEY_OP_UNDEFINED; - } - return ret; - - not_supported: - ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); - ret = -2; - goto end; -} - -int EVP_PKEY_paramgen_init(EVP_PKEY_CTX *ctx) -{ - return gen_init(ctx, EVP_PKEY_OP_PARAMGEN); -} - -int EVP_PKEY_keygen_init(EVP_PKEY_CTX *ctx) -{ - return gen_init(ctx, EVP_PKEY_OP_KEYGEN); -} - -static int ossl_callback_to_pkey_gencb(const OSSL_PARAM params[], void *arg) -{ - EVP_PKEY_CTX *ctx = arg; - const OSSL_PARAM *param = NULL; - int p = -1, n = -1; - - if (ctx->pkey_gencb == NULL) - return 1; /* No callback? That's fine */ - - if ((param = OSSL_PARAM_locate_const(params, OSSL_GEN_PARAM_POTENTIAL)) - == NULL - || !OSSL_PARAM_get_int(param, &p)) - return 0; - if ((param = OSSL_PARAM_locate_const(params, OSSL_GEN_PARAM_ITERATION)) - == NULL - || !OSSL_PARAM_get_int(param, &n)) - return 0; - - ctx->keygen_info[0] = p; - ctx->keygen_info[1] = n; - - return ctx->pkey_gencb(ctx); -} - -int EVP_PKEY_generate(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey) -{ - int ret = 0; - EVP_PKEY *allocated_pkey = NULL; - /* Legacy compatible keygen callback info, only used with provider impls */ - int gentmp[2]; - - if (ppkey == NULL) - return -1; - - if (ctx == NULL) - goto not_supported; - - if ((ctx->operation & EVP_PKEY_OP_TYPE_GEN) == 0) - goto not_initialized; - - if (*ppkey == NULL) - *ppkey = allocated_pkey = EVP_PKEY_new(); - - if (*ppkey == NULL) { - ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE); - return -1; - } - - if (ctx->op.keymgmt.genctx == NULL) - goto legacy; - - /* - * Asssigning gentmp to ctx->keygen_info is something our legacy - * implementations do. Because the provider implementations aren't - * allowed to reach into our EVP_PKEY_CTX, we need to provide similar - * space for backward compatibility. It's ok that we attach a local - * variable, as it should only be useful in the calls down from here. - * This is cleared as soon as it isn't useful any more, i.e. directly - * after the evp_keymgmt_util_gen() call. - */ - ctx->keygen_info = gentmp; - ctx->keygen_info_count = 2; - - ret = 1; - if (ctx->pkey != NULL) { - EVP_KEYMGMT *tmp_keymgmt = ctx->keymgmt; - void *keydata = - evp_pkey_export_to_provider(ctx->pkey, ctx->libctx, - &tmp_keymgmt, ctx->propquery); - - if (tmp_keymgmt == NULL) - goto not_supported; - /* - * It's ok if keydata is NULL here. The backend is expected to deal - * with that as it sees fit. - */ - ret = evp_keymgmt_gen_set_template(ctx->keymgmt, - ctx->op.keymgmt.genctx, keydata); - } - - /* - * the returned value from evp_keymgmt_util_gen() is cached in *ppkey, - * so we do not need to save it, just check it. - */ - ret = ret - && (evp_keymgmt_util_gen(*ppkey, ctx->keymgmt, ctx->op.keymgmt.genctx, - ossl_callback_to_pkey_gencb, ctx) - != NULL); - - ctx->keygen_info = NULL; - -#ifndef FIPS_MODULE - /* In case |*ppkey| was originally a legacy key */ - if (ret) - evp_pkey_free_legacy(*ppkey); -#endif - - /* - * Because we still have legacy keys - */ - (*ppkey)->type = ctx->legacy_keytype; - - goto end; - - legacy: -#ifdef FIPS_MODULE - goto not_supported; -#else - /* - * If we get here then we're using legacy paramgen/keygen. In that case - * the pkey in ctx (if there is one) had better not be provided (because the - * legacy methods may not know how to handle it). However we can only get - * here if ctx->op.keymgmt.genctx == NULL, but that should never be the case - * if ctx->pkey is provided because we don't allow this when we initialise - * the ctx. - */ - if (ctx->pkey != NULL && !ossl_assert(!evp_pkey_is_provided(ctx->pkey))) - goto not_accessible; - - switch (ctx->operation) { - case EVP_PKEY_OP_PARAMGEN: - ret = ctx->pmeth->paramgen(ctx, *ppkey); - break; - case EVP_PKEY_OP_KEYGEN: - ret = ctx->pmeth->keygen(ctx, *ppkey); - break; - default: - goto not_supported; - } -#endif - - end: - if (ret <= 0) { - if (allocated_pkey != NULL) - *ppkey = NULL; - EVP_PKEY_free(allocated_pkey); - } - return ret; - - not_supported: - ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); - ret = -2; - goto end; - not_initialized: - ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_INITIALIZED); - ret = -1; - goto end; -#ifndef FIPS_MODULE - not_accessible: - ERR_raise(ERR_LIB_EVP, EVP_R_INACCESSIBLE_DOMAIN_PARAMETERS); - ret = -1; - goto end; -#endif -} - -int EVP_PKEY_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey) -{ - if (ctx->operation != EVP_PKEY_OP_PARAMGEN) { - ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_INITIALIZED); - return -1; - } - return EVP_PKEY_generate(ctx, ppkey); -} - -int EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey) -{ - if (ctx->operation != EVP_PKEY_OP_KEYGEN) { - ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_INITIALIZED); - return -1; - } - return EVP_PKEY_generate(ctx, ppkey); -} - -void EVP_PKEY_CTX_set_cb(EVP_PKEY_CTX *ctx, EVP_PKEY_gen_cb *cb) -{ - ctx->pkey_gencb = cb; -} - -EVP_PKEY_gen_cb *EVP_PKEY_CTX_get_cb(EVP_PKEY_CTX *ctx) -{ - return ctx->pkey_gencb; -} - -/* - * "translation callback" to call EVP_PKEY_CTX callbacks using BN_GENCB style - * callbacks. - */ - -static int trans_cb(int a, int b, BN_GENCB *gcb) -{ - EVP_PKEY_CTX *ctx = BN_GENCB_get_arg(gcb); - ctx->keygen_info[0] = a; - ctx->keygen_info[1] = b; - return ctx->pkey_gencb(ctx); -} - -void evp_pkey_set_cb_translate(BN_GENCB *cb, EVP_PKEY_CTX *ctx) -{ - BN_GENCB_set(cb, trans_cb, ctx); -} - -int EVP_PKEY_CTX_get_keygen_info(EVP_PKEY_CTX *ctx, int idx) -{ - if (idx == -1) - return ctx->keygen_info_count; - if (idx < 0 || idx > ctx->keygen_info_count) - return 0; - return ctx->keygen_info[idx]; -} - -#ifndef FIPS_MODULE - -EVP_PKEY *EVP_PKEY_new_mac_key(int type, ENGINE *e, - const unsigned char *key, int keylen) -{ - EVP_PKEY_CTX *mac_ctx = NULL; - EVP_PKEY *mac_key = NULL; - mac_ctx = EVP_PKEY_CTX_new_id(type, e); - if (!mac_ctx) - return NULL; - if (EVP_PKEY_keygen_init(mac_ctx) <= 0) - goto merr; - if (EVP_PKEY_CTX_set_mac_key(mac_ctx, key, keylen) <= 0) - goto merr; - if (EVP_PKEY_keygen(mac_ctx, &mac_key) <= 0) - goto merr; - merr: - EVP_PKEY_CTX_free(mac_ctx); - return mac_key; -} - -#endif /* FIPS_MODULE */ - -/*- All methods below can also be used in FIPS_MODULE */ - -static int fromdata_init(EVP_PKEY_CTX *ctx, int operation) -{ - if (ctx == NULL || ctx->keytype == NULL) - goto not_supported; - - evp_pkey_ctx_free_old_ops(ctx); - if (ctx->keymgmt == NULL) - goto not_supported; - - ctx->operation = operation; - return 1; - - not_supported: - if (ctx != NULL) - ctx->operation = EVP_PKEY_OP_UNDEFINED; - ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); - return -2; -} - -int EVP_PKEY_fromdata_init(EVP_PKEY_CTX *ctx) -{ - return fromdata_init(ctx, EVP_PKEY_OP_FROMDATA); -} - -int EVP_PKEY_fromdata(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey, int selection, - OSSL_PARAM params[]) -{ - void *keydata = NULL; - EVP_PKEY *allocated_pkey = NULL; - - if (ctx == NULL || (ctx->operation & EVP_PKEY_OP_FROMDATA) == 0) { - ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); - return -2; - } - - if (ppkey == NULL) - return -1; - - if (*ppkey == NULL) - allocated_pkey = *ppkey = EVP_PKEY_new(); - - if (*ppkey == NULL) { - ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE); - return -1; - } - - keydata = evp_keymgmt_util_fromdata(*ppkey, ctx->keymgmt, selection, params); - if (keydata == NULL) { - if (allocated_pkey != NULL) { - *ppkey = NULL; - EVP_PKEY_free(allocated_pkey); - } - return 0; - } - /* keydata is cached in *ppkey, so we need not bother with it further */ - return 1; -} - -const OSSL_PARAM *EVP_PKEY_fromdata_settable(EVP_PKEY_CTX *ctx, int selection) -{ - /* We call fromdata_init to get ctx->keymgmt populated */ - if (fromdata_init(ctx, EVP_PKEY_OP_UNDEFINED) == 1) - return evp_keymgmt_import_types(ctx->keymgmt, selection); - return NULL; -} - -static OSSL_CALLBACK ossl_pkey_todata_cb; - -static int ossl_pkey_todata_cb(const OSSL_PARAM params[], void *arg) -{ - OSSL_PARAM **ret = arg; - - *ret = OSSL_PARAM_dup(params); - return 1; -} - -int EVP_PKEY_todata(const EVP_PKEY *pkey, int selection, OSSL_PARAM **params) -{ - if (params == NULL) - return 0; - return EVP_PKEY_export(pkey, selection, ossl_pkey_todata_cb, params); -} - -#ifndef FIPS_MODULE -struct fake_import_data_st { - OSSL_CALLBACK *export_cb; - void *export_cbarg; -}; - -static OSSL_FUNC_keymgmt_import_fn pkey_fake_import; -static int pkey_fake_import(void *fake_keydata, int ignored_selection, - const OSSL_PARAM params[]) -{ - struct fake_import_data_st *data = fake_keydata; - - return data->export_cb(params, data->export_cbarg); -} -#endif - -int EVP_PKEY_export(const EVP_PKEY *pkey, int selection, - OSSL_CALLBACK *export_cb, void *export_cbarg) -{ - if (pkey == NULL) { - ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } -#ifndef FIPS_MODULE - if (evp_pkey_is_legacy(pkey)) { - struct fake_import_data_st data; - - data.export_cb = export_cb; - data.export_cbarg = export_cbarg; - - /* - * We don't need to care about libctx or propq here, as we're only - * interested in the resulting OSSL_PARAM array. - */ - return pkey->ameth->export_to(pkey, &data, pkey_fake_import, - NULL, NULL); - } -#endif - return evp_keymgmt_util_export(pkey, selection, export_cb, export_cbarg); -} diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c deleted file mode 100644 index da367ed05fbe42abb328c6e23cafe99e76d26819..0000000000000000000000000000000000000000 --- a/crypto/evp/pmeth_lib.c +++ /dev/null @@ -1,2056 +0,0 @@ -/* - * Copyright 2006-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * Low level key APIs (DH etc) are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include -#include -#ifndef FIPS_MODULE -# include -#endif -#include -#include -#include -#include -#include -#include "internal/cryptlib.h" -#ifndef FIPS_MODULE -# include "crypto/asn1.h" -#endif -#include "crypto/evp.h" -#include "crypto/dh.h" -#include "crypto/ec.h" -#include "internal/ffc.h" -#include "internal/numbers.h" -#include "internal/provider.h" -#include "evp_local.h" - -#ifndef FIPS_MODULE - -static int evp_pkey_ctx_store_cached_data(EVP_PKEY_CTX *ctx, - int keytype, int optype, - int cmd, const char *name, - const void *data, size_t data_len); -static void evp_pkey_ctx_free_cached_data(EVP_PKEY_CTX *ctx, - int cmd, const char *name); -static void evp_pkey_ctx_free_all_cached_data(EVP_PKEY_CTX *ctx); - -typedef const EVP_PKEY_METHOD *(*pmeth_fn)(void); -typedef int sk_cmp_fn_type(const char *const *a, const char *const *b); - -static STACK_OF(EVP_PKEY_METHOD) *app_pkey_methods = NULL; - -/* This array needs to be in order of NIDs */ -static pmeth_fn standard_methods[] = { - ossl_rsa_pkey_method, -# ifndef OPENSSL_NO_DH - ossl_dh_pkey_method, -# endif -# ifndef OPENSSL_NO_DSA - ossl_dsa_pkey_method, -# endif -# ifndef OPENSSL_NO_EC - ossl_ec_pkey_method, -# endif - ossl_rsa_pss_pkey_method, -# ifndef OPENSSL_NO_DH - ossl_dhx_pkey_method, -# endif -# ifndef OPENSSL_NO_EC - ossl_ecx25519_pkey_method, - ossl_ecx448_pkey_method, -# endif -# ifndef OPENSSL_NO_EC - ossl_ed25519_pkey_method, - ossl_ed448_pkey_method, -# endif -}; - -DECLARE_OBJ_BSEARCH_CMP_FN(const EVP_PKEY_METHOD *, pmeth_fn, pmeth_func); - -static int pmeth_func_cmp(const EVP_PKEY_METHOD *const *a, pmeth_fn const *b) -{ - return ((*a)->pkey_id - ((**b)())->pkey_id); -} - -IMPLEMENT_OBJ_BSEARCH_CMP_FN(const EVP_PKEY_METHOD *, pmeth_fn, pmeth_func); - -static int pmeth_cmp(const EVP_PKEY_METHOD *const *a, - const EVP_PKEY_METHOD *const *b) -{ - return ((*a)->pkey_id - (*b)->pkey_id); -} - -static const EVP_PKEY_METHOD *evp_pkey_meth_find_added_by_application(int type) -{ - if (app_pkey_methods != NULL) { - int idx; - EVP_PKEY_METHOD tmp; - - tmp.pkey_id = type; - idx = sk_EVP_PKEY_METHOD_find(app_pkey_methods, &tmp); - if (idx >= 0) - return sk_EVP_PKEY_METHOD_value(app_pkey_methods, idx); - } - return NULL; -} - -const EVP_PKEY_METHOD *EVP_PKEY_meth_find(int type) -{ - pmeth_fn *ret; - EVP_PKEY_METHOD tmp; - const EVP_PKEY_METHOD *t; - - if ((t = evp_pkey_meth_find_added_by_application(type)) != NULL) - return t; - - tmp.pkey_id = type; - t = &tmp; - ret = OBJ_bsearch_pmeth_func(&t, standard_methods, - OSSL_NELEM(standard_methods)); - if (ret == NULL || *ret == NULL) - return NULL; - return (**ret)(); -} - -EVP_PKEY_METHOD *EVP_PKEY_meth_new(int id, int flags) -{ - EVP_PKEY_METHOD *pmeth; - - pmeth = OPENSSL_zalloc(sizeof(*pmeth)); - if (pmeth == NULL) { - ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE); - return NULL; - } - - pmeth->pkey_id = id; - pmeth->flags = flags | EVP_PKEY_FLAG_DYNAMIC; - return pmeth; -} - -static void help_get_legacy_alg_type_from_keymgmt(const char *keytype, - void *arg) -{ - int *type = arg; - - if (*type == NID_undef) - *type = evp_pkey_name2type(keytype); -} - -static int get_legacy_alg_type_from_keymgmt(const EVP_KEYMGMT *keymgmt) -{ - int type = NID_undef; - - EVP_KEYMGMT_names_do_all(keymgmt, help_get_legacy_alg_type_from_keymgmt, - &type); - return type; -} -#endif /* FIPS_MODULE */ - -int evp_pkey_ctx_state(const EVP_PKEY_CTX *ctx) -{ - if (ctx->operation == EVP_PKEY_OP_UNDEFINED) - return EVP_PKEY_STATE_UNKNOWN; - - if ((EVP_PKEY_CTX_IS_DERIVE_OP(ctx) - && ctx->op.kex.algctx != NULL) - || (EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx) - && ctx->op.sig.algctx != NULL) - || (EVP_PKEY_CTX_IS_ASYM_CIPHER_OP(ctx) - && ctx->op.ciph.algctx != NULL) - || (EVP_PKEY_CTX_IS_GEN_OP(ctx) - && ctx->op.keymgmt.genctx != NULL) - || (EVP_PKEY_CTX_IS_KEM_OP(ctx) - && ctx->op.encap.algctx != NULL)) - return EVP_PKEY_STATE_PROVIDER; - - return EVP_PKEY_STATE_LEGACY; -} - -static EVP_PKEY_CTX *int_ctx_new(OSSL_LIB_CTX *libctx, - EVP_PKEY *pkey, ENGINE *e, - const char *keytype, const char *propquery, - int id) - -{ - EVP_PKEY_CTX *ret = NULL; - const EVP_PKEY_METHOD *pmeth = NULL, *app_pmeth = NULL; - EVP_KEYMGMT *keymgmt = NULL; - - /* Code below to be removed when legacy support is dropped. */ - /* BEGIN legacy */ - if (id == -1) { - if (pkey != NULL && !evp_pkey_is_provided(pkey)) { - id = pkey->type; - } else { - if (pkey != NULL) { - /* Must be provided if we get here */ - keytype = EVP_KEYMGMT_get0_name(pkey->keymgmt); - } -#ifndef FIPS_MODULE - if (keytype != NULL) { - id = evp_pkey_name2type(keytype); - if (id == NID_undef) - id = -1; - } -#endif - } - } - /* If no ID was found here, we can only resort to find a keymgmt */ - if (id == -1) { -#ifndef FIPS_MODULE - /* Using engine with a key without id will not work */ - if (e != NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_UNSUPPORTED_ALGORITHM); - return NULL; - } -#endif - goto common; - } - -#ifndef FIPS_MODULE - /* - * Here, we extract what information we can for the purpose of - * supporting usage with implementations from providers, to make - * for a smooth transition from legacy stuff to provider based stuff. - * - * If an engine is given, this is entirely legacy, and we should not - * pretend anything else, so we clear the name. - */ - if (e != NULL) - keytype = NULL; - if (e == NULL && (pkey == NULL || pkey->foreign == 0)) - keytype = OBJ_nid2sn(id); - -# ifndef OPENSSL_NO_ENGINE - if (e == NULL && pkey != NULL) - e = pkey->pmeth_engine != NULL ? pkey->pmeth_engine : pkey->engine; - /* Try to find an ENGINE which implements this method */ - if (e != NULL) { - if (!ENGINE_init(e)) { - ERR_raise(ERR_LIB_EVP, ERR_R_ENGINE_LIB); - return NULL; - } - } else { - e = ENGINE_get_pkey_meth_engine(id); - } - - /* - * If an ENGINE handled this method look it up. Otherwise use internal - * tables. - */ - if (e != NULL) - pmeth = ENGINE_get_pkey_meth(e, id); - else if (pkey != NULL && pkey->foreign) - pmeth = EVP_PKEY_meth_find(id); - else -# endif - app_pmeth = pmeth = evp_pkey_meth_find_added_by_application(id); - - /* END legacy */ -#endif /* FIPS_MODULE */ - common: - /* - * If there's no engine and no app supplied pmeth and there's a name, we try - * fetching a provider implementation. - */ - if (e == NULL && app_pmeth == NULL && keytype != NULL) { - /* - * If |pkey| is given and is provided, we take a reference to its - * keymgmt. Otherwise, we fetch one for the keytype we got. This - * is to ensure that operation init functions can access what they - * need through this single pointer. - */ - if (pkey != NULL && pkey->keymgmt != NULL) { - if (!EVP_KEYMGMT_up_ref(pkey->keymgmt)) - ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); - else - keymgmt = pkey->keymgmt; - } else { - keymgmt = EVP_KEYMGMT_fetch(libctx, keytype, propquery); - } - if (keymgmt == NULL) - return NULL; /* EVP_KEYMGMT_fetch() recorded an error */ - -#ifndef FIPS_MODULE - /* - * Chase down the legacy NID, as that might be needed for diverse - * purposes, such as ensure that EVP_PKEY_type() can return sensible - * values. We go through all keymgmt names, because the keytype - * that's passed to this function doesn't necessarily translate - * directly. - */ - if (keymgmt != NULL) { - int tmp_id = get_legacy_alg_type_from_keymgmt(keymgmt); - - if (tmp_id != NID_undef) { - if (id == -1) { - id = tmp_id; - } else { - /* - * It really really shouldn't differ. If it still does, - * something is very wrong. - */ - if (!ossl_assert(id == tmp_id)) { - ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR); - EVP_KEYMGMT_free(keymgmt); - return NULL; - } - } - } - } -#endif - } - - if (pmeth == NULL && keymgmt == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_UNSUPPORTED_ALGORITHM); - } else { - ret = OPENSSL_zalloc(sizeof(*ret)); - if (ret == NULL) - ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE); - } - -#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE) - if ((ret == NULL || pmeth == NULL) && e != NULL) - ENGINE_finish(e); -#endif - - if (ret == NULL) { - EVP_KEYMGMT_free(keymgmt); - return NULL; - } - if (propquery != NULL) { - ret->propquery = OPENSSL_strdup(propquery); - if (ret->propquery == NULL) { - OPENSSL_free(ret); - EVP_KEYMGMT_free(keymgmt); - return NULL; - } - } - ret->libctx = libctx; - ret->keytype = keytype; - ret->keymgmt = keymgmt; - ret->legacy_keytype = id; - ret->engine = e; - ret->pmeth = pmeth; - ret->operation = EVP_PKEY_OP_UNDEFINED; - ret->pkey = pkey; - if (pkey != NULL) - EVP_PKEY_up_ref(pkey); - - if (pmeth != NULL && pmeth->init != NULL) { - if (pmeth->init(ret) <= 0) { - ret->pmeth = NULL; - EVP_PKEY_CTX_free(ret); - return NULL; - } - } - - return ret; -} - -/*- All methods below can also be used in FIPS_MODULE */ - -EVP_PKEY_CTX *EVP_PKEY_CTX_new_from_name(OSSL_LIB_CTX *libctx, - const char *name, - const char *propquery) -{ - return int_ctx_new(libctx, NULL, NULL, name, propquery, -1); -} - -EVP_PKEY_CTX *EVP_PKEY_CTX_new_from_pkey(OSSL_LIB_CTX *libctx, EVP_PKEY *pkey, - const char *propquery) -{ - return int_ctx_new(libctx, pkey, NULL, NULL, propquery, -1); -} - -void evp_pkey_ctx_free_old_ops(EVP_PKEY_CTX *ctx) -{ - if (EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx)) { - if (ctx->op.sig.algctx != NULL && ctx->op.sig.signature != NULL) - ctx->op.sig.signature->freectx(ctx->op.sig.algctx); - EVP_SIGNATURE_free(ctx->op.sig.signature); - ctx->op.sig.algctx = NULL; - ctx->op.sig.signature = NULL; - } else if (EVP_PKEY_CTX_IS_DERIVE_OP(ctx)) { - if (ctx->op.kex.algctx != NULL && ctx->op.kex.exchange != NULL) - ctx->op.kex.exchange->freectx(ctx->op.kex.algctx); - EVP_KEYEXCH_free(ctx->op.kex.exchange); - ctx->op.kex.algctx = NULL; - ctx->op.kex.exchange = NULL; - } else if (EVP_PKEY_CTX_IS_KEM_OP(ctx)) { - if (ctx->op.encap.algctx != NULL && ctx->op.encap.kem != NULL) - ctx->op.encap.kem->freectx(ctx->op.encap.algctx); - EVP_KEM_free(ctx->op.encap.kem); - ctx->op.encap.algctx = NULL; - ctx->op.encap.kem = NULL; - } - else if (EVP_PKEY_CTX_IS_ASYM_CIPHER_OP(ctx)) { - if (ctx->op.ciph.algctx != NULL && ctx->op.ciph.cipher != NULL) - ctx->op.ciph.cipher->freectx(ctx->op.ciph.algctx); - EVP_ASYM_CIPHER_free(ctx->op.ciph.cipher); - ctx->op.ciph.algctx = NULL; - ctx->op.ciph.cipher = NULL; - } else if (EVP_PKEY_CTX_IS_GEN_OP(ctx)) { - if (ctx->op.keymgmt.genctx != NULL && ctx->keymgmt != NULL) - evp_keymgmt_gen_cleanup(ctx->keymgmt, ctx->op.keymgmt.genctx); - } -} - -void EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx) -{ - if (ctx == NULL) - return; - if (ctx->pmeth && ctx->pmeth->cleanup) - ctx->pmeth->cleanup(ctx); - - evp_pkey_ctx_free_old_ops(ctx); -#ifndef FIPS_MODULE - evp_pkey_ctx_free_all_cached_data(ctx); -#endif - EVP_KEYMGMT_free(ctx->keymgmt); - - OPENSSL_free(ctx->propquery); - EVP_PKEY_free(ctx->pkey); - EVP_PKEY_free(ctx->peerkey); -#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE) - ENGINE_finish(ctx->engine); -#endif - BN_free(ctx->rsa_pubexp); - OPENSSL_free(ctx); -} - -#ifndef FIPS_MODULE - -void EVP_PKEY_meth_get0_info(int *ppkey_id, int *pflags, - const EVP_PKEY_METHOD *meth) -{ - if (ppkey_id) - *ppkey_id = meth->pkey_id; - if (pflags) - *pflags = meth->flags; -} - -void EVP_PKEY_meth_copy(EVP_PKEY_METHOD *dst, const EVP_PKEY_METHOD *src) -{ - int pkey_id = dst->pkey_id; - int flags = dst->flags; - - *dst = *src; - - /* We only copy the function pointers so restore the other values */ - dst->pkey_id = pkey_id; - dst->flags = flags; -} - -void EVP_PKEY_meth_free(EVP_PKEY_METHOD *pmeth) -{ - if (pmeth && (pmeth->flags & EVP_PKEY_FLAG_DYNAMIC)) - OPENSSL_free(pmeth); -} - -EVP_PKEY_CTX *EVP_PKEY_CTX_new(EVP_PKEY *pkey, ENGINE *e) -{ - return int_ctx_new(NULL, pkey, e, NULL, NULL, -1); -} - -EVP_PKEY_CTX *EVP_PKEY_CTX_new_id(int id, ENGINE *e) -{ - return int_ctx_new(NULL, NULL, e, NULL, NULL, id); -} - -EVP_PKEY_CTX *EVP_PKEY_CTX_dup(const EVP_PKEY_CTX *pctx) -{ - EVP_PKEY_CTX *rctx; - -# ifndef OPENSSL_NO_ENGINE - /* Make sure it's safe to copy a pkey context using an ENGINE */ - if (pctx->engine && !ENGINE_init(pctx->engine)) { - ERR_raise(ERR_LIB_EVP, ERR_R_ENGINE_LIB); - return 0; - } -# endif - rctx = OPENSSL_zalloc(sizeof(*rctx)); - if (rctx == NULL) { - ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE); - return NULL; - } - - if (pctx->pkey != NULL) - EVP_PKEY_up_ref(pctx->pkey); - rctx->pkey = pctx->pkey; - rctx->operation = pctx->operation; - rctx->libctx = pctx->libctx; - rctx->keytype = pctx->keytype; - rctx->propquery = NULL; - if (pctx->propquery != NULL) { - rctx->propquery = OPENSSL_strdup(pctx->propquery); - if (rctx->propquery == NULL) - goto err; - } - rctx->legacy_keytype = pctx->legacy_keytype; - - if (EVP_PKEY_CTX_IS_DERIVE_OP(pctx)) { - if (pctx->op.kex.exchange != NULL) { - rctx->op.kex.exchange = pctx->op.kex.exchange; - if (!EVP_KEYEXCH_up_ref(rctx->op.kex.exchange)) - goto err; - } - if (pctx->op.kex.algctx != NULL) { - if (!ossl_assert(pctx->op.kex.exchange != NULL)) - goto err; - rctx->op.kex.algctx - = pctx->op.kex.exchange->dupctx(pctx->op.kex.algctx); - if (rctx->op.kex.algctx == NULL) { - EVP_KEYEXCH_free(rctx->op.kex.exchange); - rctx->op.kex.exchange = NULL; - goto err; - } - return rctx; - } - } else if (EVP_PKEY_CTX_IS_SIGNATURE_OP(pctx)) { - if (pctx->op.sig.signature != NULL) { - rctx->op.sig.signature = pctx->op.sig.signature; - if (!EVP_SIGNATURE_up_ref(rctx->op.sig.signature)) - goto err; - } - if (pctx->op.sig.algctx != NULL) { - if (!ossl_assert(pctx->op.sig.signature != NULL)) - goto err; - rctx->op.sig.algctx - = pctx->op.sig.signature->dupctx(pctx->op.sig.algctx); - if (rctx->op.sig.algctx == NULL) { - EVP_SIGNATURE_free(rctx->op.sig.signature); - rctx->op.sig.signature = NULL; - goto err; - } - return rctx; - } - } else if (EVP_PKEY_CTX_IS_ASYM_CIPHER_OP(pctx)) { - if (pctx->op.ciph.cipher != NULL) { - rctx->op.ciph.cipher = pctx->op.ciph.cipher; - if (!EVP_ASYM_CIPHER_up_ref(rctx->op.ciph.cipher)) - goto err; - } - if (pctx->op.ciph.algctx != NULL) { - if (!ossl_assert(pctx->op.ciph.cipher != NULL)) - goto err; - rctx->op.ciph.algctx - = pctx->op.ciph.cipher->dupctx(pctx->op.ciph.algctx); - if (rctx->op.ciph.algctx == NULL) { - EVP_ASYM_CIPHER_free(rctx->op.ciph.cipher); - rctx->op.ciph.cipher = NULL; - goto err; - } - return rctx; - } - } else if (EVP_PKEY_CTX_IS_KEM_OP(pctx)) { - if (pctx->op.encap.kem != NULL) { - rctx->op.encap.kem = pctx->op.encap.kem; - if (!EVP_KEM_up_ref(rctx->op.encap.kem)) - goto err; - } - if (pctx->op.encap.algctx != NULL) { - if (!ossl_assert(pctx->op.encap.kem != NULL)) - goto err; - rctx->op.encap.algctx - = pctx->op.encap.kem->dupctx(pctx->op.encap.algctx); - if (rctx->op.encap.algctx == NULL) { - EVP_KEM_free(rctx->op.encap.kem); - rctx->op.encap.kem = NULL; - goto err; - } - return rctx; - } - } else if (EVP_PKEY_CTX_IS_GEN_OP(pctx)) { - /* Not supported - This would need a gen_dupctx() to work */ - goto err; - } - - rctx->pmeth = pctx->pmeth; -# ifndef OPENSSL_NO_ENGINE - rctx->engine = pctx->engine; -# endif - - if (pctx->peerkey != NULL) - EVP_PKEY_up_ref(pctx->peerkey); - rctx->peerkey = pctx->peerkey; - - if (pctx->pmeth == NULL) { - if (rctx->operation == EVP_PKEY_OP_UNDEFINED) { - EVP_KEYMGMT *tmp_keymgmt = pctx->keymgmt; - void *provkey; - - provkey = evp_pkey_export_to_provider(pctx->pkey, pctx->libctx, - &tmp_keymgmt, pctx->propquery); - if (provkey == NULL) - goto err; - if (!EVP_KEYMGMT_up_ref(tmp_keymgmt)) - goto err; - EVP_KEYMGMT_free(rctx->keymgmt); - rctx->keymgmt = tmp_keymgmt; - return rctx; - } - } else if (pctx->pmeth->copy(rctx, pctx) > 0) { - return rctx; - } -err: - rctx->pmeth = NULL; - EVP_PKEY_CTX_free(rctx); - return NULL; -} - -int EVP_PKEY_meth_add0(const EVP_PKEY_METHOD *pmeth) -{ - if (app_pkey_methods == NULL) { - app_pkey_methods = sk_EVP_PKEY_METHOD_new(pmeth_cmp); - if (app_pkey_methods == NULL){ - ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE); - return 0; - } - } - if (!sk_EVP_PKEY_METHOD_push(app_pkey_methods, pmeth)) { - ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE); - return 0; - } - sk_EVP_PKEY_METHOD_sort(app_pkey_methods); - return 1; -} - -void evp_app_cleanup_int(void) -{ - if (app_pkey_methods != NULL) - sk_EVP_PKEY_METHOD_pop_free(app_pkey_methods, EVP_PKEY_meth_free); -} - -int EVP_PKEY_meth_remove(const EVP_PKEY_METHOD *pmeth) -{ - const EVP_PKEY_METHOD *ret; - - ret = sk_EVP_PKEY_METHOD_delete_ptr(app_pkey_methods, pmeth); - - return ret == NULL ? 0 : 1; -} - -size_t EVP_PKEY_meth_get_count(void) -{ - size_t rv = OSSL_NELEM(standard_methods); - - if (app_pkey_methods) - rv += sk_EVP_PKEY_METHOD_num(app_pkey_methods); - return rv; -} - -const EVP_PKEY_METHOD *EVP_PKEY_meth_get0(size_t idx) -{ - if (idx < OSSL_NELEM(standard_methods)) - return (standard_methods[idx])(); - if (app_pkey_methods == NULL) - return NULL; - idx -= OSSL_NELEM(standard_methods); - if (idx >= (size_t)sk_EVP_PKEY_METHOD_num(app_pkey_methods)) - return NULL; - return sk_EVP_PKEY_METHOD_value(app_pkey_methods, idx); -} -#endif - -int EVP_PKEY_CTX_is_a(EVP_PKEY_CTX *ctx, const char *keytype) -{ -#ifndef FIPS_MODULE - if (evp_pkey_ctx_is_legacy(ctx)) - return (ctx->pmeth->pkey_id == evp_pkey_name2type(keytype)); -#endif - return EVP_KEYMGMT_is_a(ctx->keymgmt, keytype); -} - -int EVP_PKEY_CTX_set_params(EVP_PKEY_CTX *ctx, const OSSL_PARAM *params) -{ - switch (evp_pkey_ctx_state(ctx)) { - case EVP_PKEY_STATE_PROVIDER: - if (EVP_PKEY_CTX_IS_DERIVE_OP(ctx) - && ctx->op.kex.exchange != NULL - && ctx->op.kex.exchange->set_ctx_params != NULL) - return - ctx->op.kex.exchange->set_ctx_params(ctx->op.kex.algctx, - params); - if (EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx) - && ctx->op.sig.signature != NULL - && ctx->op.sig.signature->set_ctx_params != NULL) - return - ctx->op.sig.signature->set_ctx_params(ctx->op.sig.algctx, - params); - if (EVP_PKEY_CTX_IS_ASYM_CIPHER_OP(ctx) - && ctx->op.ciph.cipher != NULL - && ctx->op.ciph.cipher->set_ctx_params != NULL) - return - ctx->op.ciph.cipher->set_ctx_params(ctx->op.ciph.algctx, - params); - if (EVP_PKEY_CTX_IS_GEN_OP(ctx) - && ctx->keymgmt != NULL - && ctx->keymgmt->gen_set_params != NULL) - return - evp_keymgmt_gen_set_params(ctx->keymgmt, ctx->op.keymgmt.genctx, - params); - if (EVP_PKEY_CTX_IS_KEM_OP(ctx) - && ctx->op.encap.kem != NULL - && ctx->op.encap.kem->set_ctx_params != NULL) - return - ctx->op.encap.kem->set_ctx_params(ctx->op.encap.algctx, - params); - break; -#ifndef FIPS_MODULE - case EVP_PKEY_STATE_UNKNOWN: - case EVP_PKEY_STATE_LEGACY: - return evp_pkey_ctx_set_params_to_ctrl(ctx, params); -#endif - } - return 0; -} - -int EVP_PKEY_CTX_get_params(EVP_PKEY_CTX *ctx, OSSL_PARAM *params) -{ - switch (evp_pkey_ctx_state(ctx)) { - case EVP_PKEY_STATE_PROVIDER: - if (EVP_PKEY_CTX_IS_DERIVE_OP(ctx) - && ctx->op.kex.exchange != NULL - && ctx->op.kex.exchange->get_ctx_params != NULL) - return - ctx->op.kex.exchange->get_ctx_params(ctx->op.kex.algctx, - params); - if (EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx) - && ctx->op.sig.signature != NULL - && ctx->op.sig.signature->get_ctx_params != NULL) - return - ctx->op.sig.signature->get_ctx_params(ctx->op.sig.algctx, - params); - if (EVP_PKEY_CTX_IS_ASYM_CIPHER_OP(ctx) - && ctx->op.ciph.cipher != NULL - && ctx->op.ciph.cipher->get_ctx_params != NULL) - return - ctx->op.ciph.cipher->get_ctx_params(ctx->op.ciph.algctx, - params); - if (EVP_PKEY_CTX_IS_KEM_OP(ctx) - && ctx->op.encap.kem != NULL - && ctx->op.encap.kem->get_ctx_params != NULL) - return - ctx->op.encap.kem->get_ctx_params(ctx->op.encap.algctx, - params); - break; -#ifndef FIPS_MODULE - case EVP_PKEY_STATE_UNKNOWN: - case EVP_PKEY_STATE_LEGACY: - return evp_pkey_ctx_get_params_to_ctrl(ctx, params); -#endif - } - return 0; -} - -#ifndef FIPS_MODULE -const OSSL_PARAM *EVP_PKEY_CTX_gettable_params(const EVP_PKEY_CTX *ctx) -{ - void *provctx; - - if (EVP_PKEY_CTX_IS_DERIVE_OP(ctx) - && ctx->op.kex.exchange != NULL - && ctx->op.kex.exchange->gettable_ctx_params != NULL) { - provctx = ossl_provider_ctx(EVP_KEYEXCH_get0_provider(ctx->op.kex.exchange)); - return ctx->op.kex.exchange->gettable_ctx_params(ctx->op.kex.algctx, - provctx); - } - if (EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx) - && ctx->op.sig.signature != NULL - && ctx->op.sig.signature->gettable_ctx_params != NULL) { - provctx = ossl_provider_ctx( - EVP_SIGNATURE_get0_provider(ctx->op.sig.signature)); - return ctx->op.sig.signature->gettable_ctx_params(ctx->op.sig.algctx, - provctx); - } - if (EVP_PKEY_CTX_IS_ASYM_CIPHER_OP(ctx) - && ctx->op.ciph.cipher != NULL - && ctx->op.ciph.cipher->gettable_ctx_params != NULL) { - provctx = ossl_provider_ctx( - EVP_ASYM_CIPHER_get0_provider(ctx->op.ciph.cipher)); - return ctx->op.ciph.cipher->gettable_ctx_params(ctx->op.ciph.algctx, - provctx); - } - if (EVP_PKEY_CTX_IS_KEM_OP(ctx) - && ctx->op.encap.kem != NULL - && ctx->op.encap.kem->gettable_ctx_params != NULL) { - provctx = ossl_provider_ctx(EVP_KEM_get0_provider(ctx->op.encap.kem)); - return ctx->op.encap.kem->gettable_ctx_params(ctx->op.encap.algctx, - provctx); - } - return NULL; -} - -const OSSL_PARAM *EVP_PKEY_CTX_settable_params(const EVP_PKEY_CTX *ctx) -{ - void *provctx; - - if (EVP_PKEY_CTX_IS_DERIVE_OP(ctx) - && ctx->op.kex.exchange != NULL - && ctx->op.kex.exchange->settable_ctx_params != NULL) { - provctx = ossl_provider_ctx(EVP_KEYEXCH_get0_provider(ctx->op.kex.exchange)); - return ctx->op.kex.exchange->settable_ctx_params(ctx->op.kex.algctx, - provctx); - } - if (EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx) - && ctx->op.sig.signature != NULL - && ctx->op.sig.signature->settable_ctx_params != NULL) { - provctx = ossl_provider_ctx( - EVP_SIGNATURE_get0_provider(ctx->op.sig.signature)); - return ctx->op.sig.signature->settable_ctx_params(ctx->op.sig.algctx, - provctx); - } - if (EVP_PKEY_CTX_IS_ASYM_CIPHER_OP(ctx) - && ctx->op.ciph.cipher != NULL - && ctx->op.ciph.cipher->settable_ctx_params != NULL) { - provctx = ossl_provider_ctx( - EVP_ASYM_CIPHER_get0_provider(ctx->op.ciph.cipher)); - return ctx->op.ciph.cipher->settable_ctx_params(ctx->op.ciph.algctx, - provctx); - } - if (EVP_PKEY_CTX_IS_GEN_OP(ctx) - && ctx->keymgmt != NULL - && ctx->keymgmt->gen_settable_params != NULL) { - provctx = ossl_provider_ctx(EVP_KEYMGMT_get0_provider(ctx->keymgmt)); - return ctx->keymgmt->gen_settable_params(ctx->op.keymgmt.genctx, - provctx); - } - if (EVP_PKEY_CTX_IS_KEM_OP(ctx) - && ctx->op.encap.kem != NULL - && ctx->op.encap.kem->settable_ctx_params != NULL) { - provctx = ossl_provider_ctx(EVP_KEM_get0_provider(ctx->op.encap.kem)); - return ctx->op.encap.kem->settable_ctx_params(ctx->op.encap.algctx, - provctx); - } - return NULL; -} - -/* - * Internal helpers for stricter EVP_PKEY_CTX_{set,get}_params(). - * - * Return 1 on success, 0 or negative for errors. - * - * In particular they return -2 if any of the params is not supported. - * - * They are not available in FIPS_MODULE as they depend on - * - EVP_PKEY_CTX_{get,set}_params() - * - EVP_PKEY_CTX_{gettable,settable}_params() - * - */ -int evp_pkey_ctx_set_params_strict(EVP_PKEY_CTX *ctx, OSSL_PARAM *params) -{ - if (ctx == NULL || params == NULL) - return 0; - - /* - * We only check for provider side EVP_PKEY_CTX. For #legacy, we - * depend on the translation that happens in EVP_PKEY_CTX_set_params() - * call, and that the resulting ctrl call will return -2 if it doesn't - * known the ctrl command number. - */ - if (evp_pkey_ctx_is_provided(ctx)) { - const OSSL_PARAM *settable = EVP_PKEY_CTX_settable_params(ctx); - const OSSL_PARAM *p; - - for (p = params; p->key != NULL; p++) { - /* Check the ctx actually understands this parameter */ - if (OSSL_PARAM_locate_const(settable, p->key) == NULL ) - return -2; - } - } - - return EVP_PKEY_CTX_set_params(ctx, params); -} - -int evp_pkey_ctx_get_params_strict(EVP_PKEY_CTX *ctx, OSSL_PARAM *params) -{ - if (ctx == NULL || params == NULL) - return 0; - - /* - * We only check for provider side EVP_PKEY_CTX. For #legacy, we - * depend on the translation that happens in EVP_PKEY_CTX_get_params() - * call, and that the resulting ctrl call will return -2 if it doesn't - * known the ctrl command number. - */ - if (evp_pkey_ctx_is_provided(ctx)) { - const OSSL_PARAM *gettable = EVP_PKEY_CTX_gettable_params(ctx); - const OSSL_PARAM *p; - - for (p = params; p->key != NULL; p++ ) { - /* Check the ctx actually understands this parameter */ - if (OSSL_PARAM_locate_const(gettable, p->key) == NULL ) - return -2; - } - } - - return EVP_PKEY_CTX_get_params(ctx, params); -} - -int EVP_PKEY_CTX_get_signature_md(EVP_PKEY_CTX *ctx, const EVP_MD **md) -{ - OSSL_PARAM sig_md_params[2], *p = sig_md_params; - /* 80 should be big enough */ - char name[80] = ""; - const EVP_MD *tmp; - - if (ctx == NULL || !EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx)) { - ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED); - /* Uses the same return values as EVP_PKEY_CTX_ctrl */ - return -2; - } - - if (ctx->op.sig.algctx == NULL) - return EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_TYPE_SIG, - EVP_PKEY_CTRL_GET_MD, 0, (void *)(md)); - - *p++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST, - name, - sizeof(name)); - *p = OSSL_PARAM_construct_end(); - - if (!EVP_PKEY_CTX_get_params(ctx, sig_md_params)) - return 0; - - tmp = evp_get_digestbyname_ex(ctx->libctx, name); - if (tmp == NULL) - return 0; - - *md = tmp; - - return 1; -} - -static int evp_pkey_ctx_set_md(EVP_PKEY_CTX *ctx, const EVP_MD *md, - int fallback, const char *param, int op, - int ctrl) -{ - OSSL_PARAM md_params[2], *p = md_params; - const char *name; - - if (ctx == NULL || (ctx->operation & op) == 0) { - ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED); - /* Uses the same return values as EVP_PKEY_CTX_ctrl */ - return -2; - } - - if (fallback) - return EVP_PKEY_CTX_ctrl(ctx, -1, op, ctrl, 0, (void *)(md)); - - if (md == NULL) { - name = ""; - } else { - name = EVP_MD_get0_name(md); - } - - *p++ = OSSL_PARAM_construct_utf8_string(param, - /* - * Cast away the const. This is read - * only so should be safe - */ - (char *)name, 0); - *p = OSSL_PARAM_construct_end(); - - return EVP_PKEY_CTX_set_params(ctx, md_params); -} - -int EVP_PKEY_CTX_set_signature_md(EVP_PKEY_CTX *ctx, const EVP_MD *md) -{ - return evp_pkey_ctx_set_md(ctx, md, ctx->op.sig.algctx == NULL, - OSSL_SIGNATURE_PARAM_DIGEST, - EVP_PKEY_OP_TYPE_SIG, EVP_PKEY_CTRL_MD); -} - -int EVP_PKEY_CTX_set_tls1_prf_md(EVP_PKEY_CTX *ctx, const EVP_MD *md) -{ - return evp_pkey_ctx_set_md(ctx, md, ctx->op.kex.algctx == NULL, - OSSL_KDF_PARAM_DIGEST, - EVP_PKEY_OP_DERIVE, EVP_PKEY_CTRL_TLS_MD); -} - -static int evp_pkey_ctx_set1_octet_string(EVP_PKEY_CTX *ctx, int fallback, - const char *param, int op, int ctrl, - const unsigned char *data, - int datalen) -{ - OSSL_PARAM octet_string_params[2], *p = octet_string_params; - - if (ctx == NULL || (ctx->operation & op) == 0) { - ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED); - /* Uses the same return values as EVP_PKEY_CTX_ctrl */ - return -2; - } - - /* Code below to be removed when legacy support is dropped. */ - if (fallback) - return EVP_PKEY_CTX_ctrl(ctx, -1, op, ctrl, datalen, (void *)(data)); - /* end of legacy support */ - - if (datalen < 0) { - ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_LENGTH); - return 0; - } - - *p++ = OSSL_PARAM_construct_octet_string(param, - /* - * Cast away the const. This is read - * only so should be safe - */ - (unsigned char *)data, - (size_t)datalen); - *p = OSSL_PARAM_construct_end(); - - return EVP_PKEY_CTX_set_params(ctx, octet_string_params); -} - -int EVP_PKEY_CTX_set1_tls1_prf_secret(EVP_PKEY_CTX *ctx, - const unsigned char *sec, int seclen) -{ - return evp_pkey_ctx_set1_octet_string(ctx, ctx->op.kex.algctx == NULL, - OSSL_KDF_PARAM_SECRET, - EVP_PKEY_OP_DERIVE, - EVP_PKEY_CTRL_TLS_SECRET, - sec, seclen); -} - -int EVP_PKEY_CTX_add1_tls1_prf_seed(EVP_PKEY_CTX *ctx, - const unsigned char *seed, int seedlen) -{ - return evp_pkey_ctx_set1_octet_string(ctx, ctx->op.kex.algctx == NULL, - OSSL_KDF_PARAM_SEED, - EVP_PKEY_OP_DERIVE, - EVP_PKEY_CTRL_TLS_SEED, - seed, seedlen); -} - -int EVP_PKEY_CTX_set_hkdf_md(EVP_PKEY_CTX *ctx, const EVP_MD *md) -{ - return evp_pkey_ctx_set_md(ctx, md, ctx->op.kex.algctx == NULL, - OSSL_KDF_PARAM_DIGEST, - EVP_PKEY_OP_DERIVE, EVP_PKEY_CTRL_HKDF_MD); -} - -int EVP_PKEY_CTX_set1_hkdf_salt(EVP_PKEY_CTX *ctx, - const unsigned char *salt, int saltlen) -{ - return evp_pkey_ctx_set1_octet_string(ctx, ctx->op.kex.algctx == NULL, - OSSL_KDF_PARAM_SALT, - EVP_PKEY_OP_DERIVE, - EVP_PKEY_CTRL_HKDF_SALT, - salt, saltlen); -} - -int EVP_PKEY_CTX_set1_hkdf_key(EVP_PKEY_CTX *ctx, - const unsigned char *key, int keylen) -{ - return evp_pkey_ctx_set1_octet_string(ctx, ctx->op.kex.algctx == NULL, - OSSL_KDF_PARAM_KEY, - EVP_PKEY_OP_DERIVE, - EVP_PKEY_CTRL_HKDF_KEY, - key, keylen); -} - -int EVP_PKEY_CTX_add1_hkdf_info(EVP_PKEY_CTX *ctx, - const unsigned char *info, int infolen) -{ - return evp_pkey_ctx_set1_octet_string(ctx, ctx->op.kex.algctx == NULL, - OSSL_KDF_PARAM_INFO, - EVP_PKEY_OP_DERIVE, - EVP_PKEY_CTRL_HKDF_INFO, - info, infolen); -} - -int EVP_PKEY_CTX_set_hkdf_mode(EVP_PKEY_CTX *ctx, int mode) -{ - OSSL_PARAM int_params[2], *p = int_params; - - if (ctx == NULL || !EVP_PKEY_CTX_IS_DERIVE_OP(ctx)) { - ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED); - /* Uses the same return values as EVP_PKEY_CTX_ctrl */ - return -2; - } - - /* Code below to be removed when legacy support is dropped. */ - if (ctx->op.kex.algctx == NULL) - return EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_DERIVE, - EVP_PKEY_CTRL_HKDF_MODE, mode, NULL); - /* end of legacy support */ - - if (mode < 0) { - ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_VALUE); - return 0; - } - - *p++ = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_MODE, &mode); - *p = OSSL_PARAM_construct_end(); - - return EVP_PKEY_CTX_set_params(ctx, int_params); -} - -int EVP_PKEY_CTX_set1_pbe_pass(EVP_PKEY_CTX *ctx, const char *pass, - int passlen) -{ - return evp_pkey_ctx_set1_octet_string(ctx, ctx->op.kex.algctx == NULL, - OSSL_KDF_PARAM_PASSWORD, - EVP_PKEY_OP_DERIVE, - EVP_PKEY_CTRL_PASS, - (const unsigned char *)pass, passlen); -} - -int EVP_PKEY_CTX_set1_scrypt_salt(EVP_PKEY_CTX *ctx, - const unsigned char *salt, int saltlen) -{ - return evp_pkey_ctx_set1_octet_string(ctx, ctx->op.kex.algctx == NULL, - OSSL_KDF_PARAM_SALT, - EVP_PKEY_OP_DERIVE, - EVP_PKEY_CTRL_SCRYPT_SALT, - salt, saltlen); -} - -static int evp_pkey_ctx_set_uint64(EVP_PKEY_CTX *ctx, const char *param, - int op, int ctrl, uint64_t val) -{ - OSSL_PARAM uint64_params[2], *p = uint64_params; - - if (ctx == NULL || !EVP_PKEY_CTX_IS_DERIVE_OP(ctx)) { - ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED); - /* Uses the same return values as EVP_PKEY_CTX_ctrl */ - return -2; - } - - /* Code below to be removed when legacy support is dropped. */ - if (ctx->op.kex.algctx == NULL) - return EVP_PKEY_CTX_ctrl_uint64(ctx, -1, op, ctrl, val); - /* end of legacy support */ - - *p++ = OSSL_PARAM_construct_uint64(param, &val); - *p = OSSL_PARAM_construct_end(); - - return EVP_PKEY_CTX_set_params(ctx, uint64_params); -} - -int EVP_PKEY_CTX_set_scrypt_N(EVP_PKEY_CTX *ctx, uint64_t n) -{ - return evp_pkey_ctx_set_uint64(ctx, OSSL_KDF_PARAM_SCRYPT_N, - EVP_PKEY_OP_DERIVE, EVP_PKEY_CTRL_SCRYPT_N, - n); -} - -int EVP_PKEY_CTX_set_scrypt_r(EVP_PKEY_CTX *ctx, uint64_t r) -{ - return evp_pkey_ctx_set_uint64(ctx, OSSL_KDF_PARAM_SCRYPT_R, - EVP_PKEY_OP_DERIVE, EVP_PKEY_CTRL_SCRYPT_R, - r); -} - -int EVP_PKEY_CTX_set_scrypt_p(EVP_PKEY_CTX *ctx, uint64_t p) -{ - return evp_pkey_ctx_set_uint64(ctx, OSSL_KDF_PARAM_SCRYPT_P, - EVP_PKEY_OP_DERIVE, EVP_PKEY_CTRL_SCRYPT_P, - p); -} - -int EVP_PKEY_CTX_set_scrypt_maxmem_bytes(EVP_PKEY_CTX *ctx, - uint64_t maxmem_bytes) -{ - return evp_pkey_ctx_set_uint64(ctx, OSSL_KDF_PARAM_SCRYPT_MAXMEM, - EVP_PKEY_OP_DERIVE, - EVP_PKEY_CTRL_SCRYPT_MAXMEM_BYTES, - maxmem_bytes); -} - -int EVP_PKEY_CTX_set_mac_key(EVP_PKEY_CTX *ctx, const unsigned char *key, - int keylen) -{ - return evp_pkey_ctx_set1_octet_string(ctx, ctx->op.keymgmt.genctx == NULL, - OSSL_PKEY_PARAM_PRIV_KEY, - EVP_PKEY_OP_KEYGEN, - EVP_PKEY_CTRL_SET_MAC_KEY, - key, keylen); -} - -int EVP_PKEY_CTX_set_kem_op(EVP_PKEY_CTX *ctx, const char *op) -{ - OSSL_PARAM params[2], *p = params; - - if (ctx == NULL || op == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_VALUE); - return 0; - } - if (!EVP_PKEY_CTX_IS_KEM_OP(ctx)) { - ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED); - return -2; - } - *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KEM_PARAM_OPERATION, - (char *)op, 0); - *p = OSSL_PARAM_construct_end(); - return EVP_PKEY_CTX_set_params(ctx, params); -} - -int evp_pkey_ctx_set1_id_prov(EVP_PKEY_CTX *ctx, const void *id, int len) -{ - OSSL_PARAM params[2], *p = params; - int ret; - - if (!EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx)) { - ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED); - /* Uses the same return values as EVP_PKEY_CTX_ctrl */ - return -2; - } - - *p++ = OSSL_PARAM_construct_octet_string(OSSL_PKEY_PARAM_DIST_ID, - /* - * Cast away the const. This is - * read only so should be safe - */ - (void *)id, (size_t)len); - *p++ = OSSL_PARAM_construct_end(); - - ret = evp_pkey_ctx_set_params_strict(ctx, params); - if (ret == -2) - ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED); - return ret; -} - -int EVP_PKEY_CTX_set1_id(EVP_PKEY_CTX *ctx, const void *id, int len) -{ - return EVP_PKEY_CTX_ctrl(ctx, -1, -1, - EVP_PKEY_CTRL_SET1_ID, (int)len, (void*)(id)); -} - -static int get1_id_data(EVP_PKEY_CTX *ctx, void *id, size_t *id_len) -{ - int ret; - void *tmp_id = NULL; - OSSL_PARAM params[2], *p = params; - - if (!EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx)) { - ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED); - /* Uses the same return values as EVP_PKEY_CTX_ctrl */ - return -2; - } - - *p++ = OSSL_PARAM_construct_octet_ptr(OSSL_PKEY_PARAM_DIST_ID, - &tmp_id, 0); - *p++ = OSSL_PARAM_construct_end(); - - ret = evp_pkey_ctx_get_params_strict(ctx, params); - if (ret == -2) { - ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED); - } else if (ret > 0) { - size_t tmp_id_len = params[0].return_size; - - if (id != NULL) - memcpy(id, tmp_id, tmp_id_len); - if (id_len != NULL) - *id_len = tmp_id_len; - } - return ret; -} - -int evp_pkey_ctx_get1_id_prov(EVP_PKEY_CTX *ctx, void *id) -{ - return get1_id_data(ctx, id, NULL); -} - -int evp_pkey_ctx_get1_id_len_prov(EVP_PKEY_CTX *ctx, size_t *id_len) -{ - return get1_id_data(ctx, NULL, id_len); -} - -int EVP_PKEY_CTX_get1_id(EVP_PKEY_CTX *ctx, void *id) -{ - return EVP_PKEY_CTX_ctrl(ctx, -1, -1, EVP_PKEY_CTRL_GET1_ID, 0, (void*)id); -} - -int EVP_PKEY_CTX_get1_id_len(EVP_PKEY_CTX *ctx, size_t *id_len) -{ - return EVP_PKEY_CTX_ctrl(ctx, -1, -1, - EVP_PKEY_CTRL_GET1_ID_LEN, 0, (void*)id_len); -} - -static int evp_pkey_ctx_ctrl_int(EVP_PKEY_CTX *ctx, int keytype, int optype, - int cmd, int p1, void *p2) -{ - int ret = 0; - - /* - * If the method has a |digest_custom| function, we can relax the - * operation type check, since this can be called before the operation - * is initialized. - */ - if (ctx->pmeth == NULL || ctx->pmeth->digest_custom == NULL) { - if (ctx->operation == EVP_PKEY_OP_UNDEFINED) { - ERR_raise(ERR_LIB_EVP, EVP_R_NO_OPERATION_SET); - return -1; - } - - if ((optype != -1) && !(ctx->operation & optype)) { - ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_OPERATION); - return -1; - } - } - - switch (evp_pkey_ctx_state(ctx)) { - case EVP_PKEY_STATE_PROVIDER: - return evp_pkey_ctx_ctrl_to_param(ctx, keytype, optype, cmd, p1, p2); - case EVP_PKEY_STATE_UNKNOWN: - case EVP_PKEY_STATE_LEGACY: - if (ctx->pmeth == NULL || ctx->pmeth->ctrl == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED); - return -2; - } - if ((keytype != -1) && (ctx->pmeth->pkey_id != keytype)) - return -1; - - ret = ctx->pmeth->ctrl(ctx, cmd, p1, p2); - - if (ret == -2) - ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED); - break; - } - return ret; -} - -int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype, - int cmd, int p1, void *p2) -{ - int ret = 0; - - if (ctx == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED); - return -2; - } - /* If unsupported, we don't want that reported here */ - ERR_set_mark(); - ret = evp_pkey_ctx_store_cached_data(ctx, keytype, optype, - cmd, NULL, p2, p1); - if (ret == -2) { - ERR_pop_to_mark(); - } else { - ERR_clear_last_mark(); - /* - * If there was an error, there was an error. - * If the operation isn't initialized yet, we also return, as - * the saved values will be used then anyway. - */ - if (ret < 1 || ctx->operation == EVP_PKEY_OP_UNDEFINED) - return ret; - } - return evp_pkey_ctx_ctrl_int(ctx, keytype, optype, cmd, p1, p2); -} - -int EVP_PKEY_CTX_ctrl_uint64(EVP_PKEY_CTX *ctx, int keytype, int optype, - int cmd, uint64_t value) -{ - return EVP_PKEY_CTX_ctrl(ctx, keytype, optype, cmd, 0, &value); -} - - -static int evp_pkey_ctx_ctrl_str_int(EVP_PKEY_CTX *ctx, - const char *name, const char *value) -{ - int ret = 0; - - if (ctx == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED); - return -2; - } - - switch (evp_pkey_ctx_state(ctx)) { - case EVP_PKEY_STATE_PROVIDER: - return evp_pkey_ctx_ctrl_str_to_param(ctx, name, value); - case EVP_PKEY_STATE_UNKNOWN: - case EVP_PKEY_STATE_LEGACY: - if (ctx == NULL || ctx->pmeth == NULL || ctx->pmeth->ctrl_str == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED); - return -2; - } - if (strcmp(name, "digest") == 0) - ret = EVP_PKEY_CTX_md(ctx, - EVP_PKEY_OP_TYPE_SIG | EVP_PKEY_OP_TYPE_CRYPT, - EVP_PKEY_CTRL_MD, value); - else - ret = ctx->pmeth->ctrl_str(ctx, name, value); - break; - } - - return ret; -} - -int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx, - const char *name, const char *value) -{ - int ret = 0; - - /* If unsupported, we don't want that reported here */ - ERR_set_mark(); - ret = evp_pkey_ctx_store_cached_data(ctx, -1, -1, -1, - name, value, strlen(value) + 1); - if (ret == -2) { - ERR_pop_to_mark(); - } else { - ERR_clear_last_mark(); - /* - * If there was an error, there was an error. - * If the operation isn't initialized yet, we also return, as - * the saved values will be used then anyway. - */ - if (ret < 1 || ctx->operation == EVP_PKEY_OP_UNDEFINED) - return ret; - } - - return evp_pkey_ctx_ctrl_str_int(ctx, name, value); -} - -static int decode_cmd(int cmd, const char *name) -{ - if (cmd == -1) { - /* - * The consequence of the assertion not being true is that this - * function will return -1, which will cause the calling functions - * to signal that the command is unsupported... in non-debug mode. - */ - if (ossl_assert(name != NULL)) - if (strcmp(name, "distid") == 0 || strcmp(name, "hexdistid") == 0) - cmd = EVP_PKEY_CTRL_SET1_ID; - } - - return cmd; -} - -static int evp_pkey_ctx_store_cached_data(EVP_PKEY_CTX *ctx, - int keytype, int optype, - int cmd, const char *name, - const void *data, size_t data_len) -{ - /* - * Check that it's one of the supported commands. The ctrl commands - * number cases here must correspond to the cases in the bottom switch - * in this function. - */ - switch (cmd = decode_cmd(cmd, name)) { - case EVP_PKEY_CTRL_SET1_ID: - break; - default: - ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED); - return -2; - } - - if (keytype != -1) { - switch (evp_pkey_ctx_state(ctx)) { - case EVP_PKEY_STATE_PROVIDER: - if (ctx->keymgmt == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED); - return -2; - } - if (!EVP_KEYMGMT_is_a(ctx->keymgmt, - evp_pkey_type2name(keytype))) { - ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_OPERATION); - return -1; - } - break; - case EVP_PKEY_STATE_UNKNOWN: - case EVP_PKEY_STATE_LEGACY: - if (ctx->pmeth == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED); - return -2; - } - if (EVP_PKEY_type(ctx->pmeth->pkey_id) != EVP_PKEY_type(keytype)) { - ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_OPERATION); - return -1; - } - break; - } - } - if (optype != -1 && (ctx->operation & optype) == 0) { - ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_OPERATION); - return -1; - } - - switch (cmd) { - case EVP_PKEY_CTRL_SET1_ID: - evp_pkey_ctx_free_cached_data(ctx, cmd, name); - if (name != NULL) { - ctx->cached_parameters.dist_id_name = OPENSSL_strdup(name); - if (ctx->cached_parameters.dist_id_name == NULL) { - ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE); - return 0; - } - } - if (data_len > 0) { - ctx->cached_parameters.dist_id = OPENSSL_memdup(data, data_len); - if (ctx->cached_parameters.dist_id == NULL) { - ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE); - return 0; - } - } - ctx->cached_parameters.dist_id_set = 1; - ctx->cached_parameters.dist_id_len = data_len; - break; - } - return 1; -} - -static void evp_pkey_ctx_free_cached_data(EVP_PKEY_CTX *ctx, - int cmd, const char *name) -{ - cmd = decode_cmd(cmd, name); - switch (cmd) { - case EVP_PKEY_CTRL_SET1_ID: - OPENSSL_free(ctx->cached_parameters.dist_id); - OPENSSL_free(ctx->cached_parameters.dist_id_name); - ctx->cached_parameters.dist_id = NULL; - ctx->cached_parameters.dist_id_name = NULL; - break; - } -} - -static void evp_pkey_ctx_free_all_cached_data(EVP_PKEY_CTX *ctx) -{ - evp_pkey_ctx_free_cached_data(ctx, EVP_PKEY_CTRL_SET1_ID, NULL); -} - -int evp_pkey_ctx_use_cached_data(EVP_PKEY_CTX *ctx) -{ - int ret = 1; - - if (ret && ctx->cached_parameters.dist_id_set) { - const char *name = ctx->cached_parameters.dist_id_name; - const void *val = ctx->cached_parameters.dist_id; - size_t len = ctx->cached_parameters.dist_id_len; - - if (name != NULL) - ret = evp_pkey_ctx_ctrl_str_int(ctx, name, val); - else - ret = evp_pkey_ctx_ctrl_int(ctx, -1, ctx->operation, - EVP_PKEY_CTRL_SET1_ID, - (int)len, (void *)val); - } - - return ret; -} - -OSSL_LIB_CTX *EVP_PKEY_CTX_get0_libctx(EVP_PKEY_CTX *ctx) -{ - return ctx->libctx; -} - -const char *EVP_PKEY_CTX_get0_propq(const EVP_PKEY_CTX *ctx) -{ - return ctx->propquery; -} - -const OSSL_PROVIDER *EVP_PKEY_CTX_get0_provider(const EVP_PKEY_CTX *ctx) -{ - if (EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx)) { - if (ctx->op.sig.signature != NULL) - return EVP_SIGNATURE_get0_provider(ctx->op.sig.signature); - } else if (EVP_PKEY_CTX_IS_DERIVE_OP(ctx)) { - if (ctx->op.kex.exchange != NULL) - return EVP_KEYEXCH_get0_provider(ctx->op.kex.exchange); - } else if (EVP_PKEY_CTX_IS_KEM_OP(ctx)) { - if (ctx->op.encap.kem != NULL) - return EVP_KEM_get0_provider(ctx->op.encap.kem); - } else if (EVP_PKEY_CTX_IS_ASYM_CIPHER_OP(ctx)) { - if (ctx->op.ciph.cipher != NULL) - return EVP_ASYM_CIPHER_get0_provider(ctx->op.ciph.cipher); - } else if (EVP_PKEY_CTX_IS_GEN_OP(ctx)) { - if (ctx->keymgmt != NULL) - return EVP_KEYMGMT_get0_provider(ctx->keymgmt); - } - - return NULL; -} - -/* Utility functions to send a string of hex string to a ctrl */ - -int EVP_PKEY_CTX_str2ctrl(EVP_PKEY_CTX *ctx, int cmd, const char *str) -{ - size_t len; - - len = strlen(str); - if (len > INT_MAX) - return -1; - return ctx->pmeth->ctrl(ctx, cmd, len, (void *)str); -} - -int EVP_PKEY_CTX_hex2ctrl(EVP_PKEY_CTX *ctx, int cmd, const char *hex) -{ - unsigned char *bin; - long binlen; - int rv = -1; - - bin = OPENSSL_hexstr2buf(hex, &binlen); - if (bin == NULL) - return 0; - if (binlen <= INT_MAX) - rv = ctx->pmeth->ctrl(ctx, cmd, binlen, bin); - OPENSSL_free(bin); - return rv; -} - -/* Pass a message digest to a ctrl */ -int EVP_PKEY_CTX_md(EVP_PKEY_CTX *ctx, int optype, int cmd, const char *md) -{ - const EVP_MD *m; - - if (md == NULL || (m = EVP_get_digestbyname(md)) == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_DIGEST); - return 0; - } - return EVP_PKEY_CTX_ctrl(ctx, -1, optype, cmd, 0, (void *)m); -} - -int EVP_PKEY_CTX_get_operation(EVP_PKEY_CTX *ctx) -{ - return ctx->operation; -} - -void EVP_PKEY_CTX_set0_keygen_info(EVP_PKEY_CTX *ctx, int *dat, int datlen) -{ - ctx->keygen_info = dat; - ctx->keygen_info_count = datlen; -} - -void EVP_PKEY_CTX_set_data(EVP_PKEY_CTX *ctx, void *data) -{ - ctx->data = data; -} - -void *EVP_PKEY_CTX_get_data(const EVP_PKEY_CTX *ctx) -{ - return ctx->data; -} - -EVP_PKEY *EVP_PKEY_CTX_get0_pkey(EVP_PKEY_CTX *ctx) -{ - return ctx->pkey; -} - -EVP_PKEY *EVP_PKEY_CTX_get0_peerkey(EVP_PKEY_CTX *ctx) -{ - return ctx->peerkey; -} - -void EVP_PKEY_CTX_set_app_data(EVP_PKEY_CTX *ctx, void *data) -{ - ctx->app_data = data; -} - -void *EVP_PKEY_CTX_get_app_data(EVP_PKEY_CTX *ctx) -{ - return ctx->app_data; -} - -void EVP_PKEY_meth_set_init(EVP_PKEY_METHOD *pmeth, - int (*init) (EVP_PKEY_CTX *ctx)) -{ - pmeth->init = init; -} - -void EVP_PKEY_meth_set_copy(EVP_PKEY_METHOD *pmeth, - int (*copy) (EVP_PKEY_CTX *dst, - const EVP_PKEY_CTX *src)) -{ - pmeth->copy = copy; -} - -void EVP_PKEY_meth_set_cleanup(EVP_PKEY_METHOD *pmeth, - void (*cleanup) (EVP_PKEY_CTX *ctx)) -{ - pmeth->cleanup = cleanup; -} - -void EVP_PKEY_meth_set_paramgen(EVP_PKEY_METHOD *pmeth, - int (*paramgen_init) (EVP_PKEY_CTX *ctx), - int (*paramgen) (EVP_PKEY_CTX *ctx, - EVP_PKEY *pkey)) -{ - pmeth->paramgen_init = paramgen_init; - pmeth->paramgen = paramgen; -} - -void EVP_PKEY_meth_set_keygen(EVP_PKEY_METHOD *pmeth, - int (*keygen_init) (EVP_PKEY_CTX *ctx), - int (*keygen) (EVP_PKEY_CTX *ctx, - EVP_PKEY *pkey)) -{ - pmeth->keygen_init = keygen_init; - pmeth->keygen = keygen; -} - -void EVP_PKEY_meth_set_sign(EVP_PKEY_METHOD *pmeth, - int (*sign_init) (EVP_PKEY_CTX *ctx), - int (*sign) (EVP_PKEY_CTX *ctx, - unsigned char *sig, size_t *siglen, - const unsigned char *tbs, - size_t tbslen)) -{ - pmeth->sign_init = sign_init; - pmeth->sign = sign; -} - -void EVP_PKEY_meth_set_verify(EVP_PKEY_METHOD *pmeth, - int (*verify_init) (EVP_PKEY_CTX *ctx), - int (*verify) (EVP_PKEY_CTX *ctx, - const unsigned char *sig, - size_t siglen, - const unsigned char *tbs, - size_t tbslen)) -{ - pmeth->verify_init = verify_init; - pmeth->verify = verify; -} - -void EVP_PKEY_meth_set_verify_recover(EVP_PKEY_METHOD *pmeth, - int (*verify_recover_init) (EVP_PKEY_CTX - *ctx), - int (*verify_recover) (EVP_PKEY_CTX - *ctx, - unsigned char - *sig, - size_t *siglen, - const unsigned - char *tbs, - size_t tbslen)) -{ - pmeth->verify_recover_init = verify_recover_init; - pmeth->verify_recover = verify_recover; -} - -void EVP_PKEY_meth_set_signctx(EVP_PKEY_METHOD *pmeth, - int (*signctx_init) (EVP_PKEY_CTX *ctx, - EVP_MD_CTX *mctx), - int (*signctx) (EVP_PKEY_CTX *ctx, - unsigned char *sig, - size_t *siglen, - EVP_MD_CTX *mctx)) -{ - pmeth->signctx_init = signctx_init; - pmeth->signctx = signctx; -} - -void EVP_PKEY_meth_set_verifyctx(EVP_PKEY_METHOD *pmeth, - int (*verifyctx_init) (EVP_PKEY_CTX *ctx, - EVP_MD_CTX *mctx), - int (*verifyctx) (EVP_PKEY_CTX *ctx, - const unsigned char *sig, - int siglen, - EVP_MD_CTX *mctx)) -{ - pmeth->verifyctx_init = verifyctx_init; - pmeth->verifyctx = verifyctx; -} - -void EVP_PKEY_meth_set_encrypt(EVP_PKEY_METHOD *pmeth, - int (*encrypt_init) (EVP_PKEY_CTX *ctx), - int (*encryptfn) (EVP_PKEY_CTX *ctx, - unsigned char *out, - size_t *outlen, - const unsigned char *in, - size_t inlen)) -{ - pmeth->encrypt_init = encrypt_init; - pmeth->encrypt = encryptfn; -} - -void EVP_PKEY_meth_set_decrypt(EVP_PKEY_METHOD *pmeth, - int (*decrypt_init) (EVP_PKEY_CTX *ctx), - int (*decrypt) (EVP_PKEY_CTX *ctx, - unsigned char *out, - size_t *outlen, - const unsigned char *in, - size_t inlen)) -{ - pmeth->decrypt_init = decrypt_init; - pmeth->decrypt = decrypt; -} - -void EVP_PKEY_meth_set_derive(EVP_PKEY_METHOD *pmeth, - int (*derive_init) (EVP_PKEY_CTX *ctx), - int (*derive) (EVP_PKEY_CTX *ctx, - unsigned char *key, - size_t *keylen)) -{ - pmeth->derive_init = derive_init; - pmeth->derive = derive; -} - -void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth, - int (*ctrl) (EVP_PKEY_CTX *ctx, int type, int p1, - void *p2), - int (*ctrl_str) (EVP_PKEY_CTX *ctx, - const char *type, - const char *value)) -{ - pmeth->ctrl = ctrl; - pmeth->ctrl_str = ctrl_str; -} - -void EVP_PKEY_meth_set_digestsign(EVP_PKEY_METHOD *pmeth, - int (*digestsign) (EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen, - const unsigned char *tbs, size_t tbslen)) -{ - pmeth->digestsign = digestsign; -} - -void EVP_PKEY_meth_set_digestverify(EVP_PKEY_METHOD *pmeth, - int (*digestverify) (EVP_MD_CTX *ctx, const unsigned char *sig, - size_t siglen, const unsigned char *tbs, - size_t tbslen)) -{ - pmeth->digestverify = digestverify; -} - -void EVP_PKEY_meth_set_check(EVP_PKEY_METHOD *pmeth, - int (*check) (EVP_PKEY *pkey)) -{ - pmeth->check = check; -} - -void EVP_PKEY_meth_set_public_check(EVP_PKEY_METHOD *pmeth, - int (*check) (EVP_PKEY *pkey)) -{ - pmeth->public_check = check; -} - -void EVP_PKEY_meth_set_param_check(EVP_PKEY_METHOD *pmeth, - int (*check) (EVP_PKEY *pkey)) -{ - pmeth->param_check = check; -} - -void EVP_PKEY_meth_set_digest_custom(EVP_PKEY_METHOD *pmeth, - int (*digest_custom) (EVP_PKEY_CTX *ctx, - EVP_MD_CTX *mctx)) -{ - pmeth->digest_custom = digest_custom; -} - -void EVP_PKEY_meth_get_init(const EVP_PKEY_METHOD *pmeth, - int (**pinit) (EVP_PKEY_CTX *ctx)) -{ - *pinit = pmeth->init; -} - -void EVP_PKEY_meth_get_copy(const EVP_PKEY_METHOD *pmeth, - int (**pcopy) (EVP_PKEY_CTX *dst, - const EVP_PKEY_CTX *src)) -{ - *pcopy = pmeth->copy; -} - -void EVP_PKEY_meth_get_cleanup(const EVP_PKEY_METHOD *pmeth, - void (**pcleanup) (EVP_PKEY_CTX *ctx)) -{ - *pcleanup = pmeth->cleanup; -} - -void EVP_PKEY_meth_get_paramgen(const EVP_PKEY_METHOD *pmeth, - int (**pparamgen_init) (EVP_PKEY_CTX *ctx), - int (**pparamgen) (EVP_PKEY_CTX *ctx, - EVP_PKEY *pkey)) -{ - if (pparamgen_init) - *pparamgen_init = pmeth->paramgen_init; - if (pparamgen) - *pparamgen = pmeth->paramgen; -} - -void EVP_PKEY_meth_get_keygen(const EVP_PKEY_METHOD *pmeth, - int (**pkeygen_init) (EVP_PKEY_CTX *ctx), - int (**pkeygen) (EVP_PKEY_CTX *ctx, - EVP_PKEY *pkey)) -{ - if (pkeygen_init) - *pkeygen_init = pmeth->keygen_init; - if (pkeygen) - *pkeygen = pmeth->keygen; -} - -void EVP_PKEY_meth_get_sign(const EVP_PKEY_METHOD *pmeth, - int (**psign_init) (EVP_PKEY_CTX *ctx), - int (**psign) (EVP_PKEY_CTX *ctx, - unsigned char *sig, size_t *siglen, - const unsigned char *tbs, - size_t tbslen)) -{ - if (psign_init) - *psign_init = pmeth->sign_init; - if (psign) - *psign = pmeth->sign; -} - -void EVP_PKEY_meth_get_verify(const EVP_PKEY_METHOD *pmeth, - int (**pverify_init) (EVP_PKEY_CTX *ctx), - int (**pverify) (EVP_PKEY_CTX *ctx, - const unsigned char *sig, - size_t siglen, - const unsigned char *tbs, - size_t tbslen)) -{ - if (pverify_init) - *pverify_init = pmeth->verify_init; - if (pverify) - *pverify = pmeth->verify; -} - -void EVP_PKEY_meth_get_verify_recover(const EVP_PKEY_METHOD *pmeth, - int (**pverify_recover_init) (EVP_PKEY_CTX - *ctx), - int (**pverify_recover) (EVP_PKEY_CTX - *ctx, - unsigned char - *sig, - size_t *siglen, - const unsigned - char *tbs, - size_t tbslen)) -{ - if (pverify_recover_init) - *pverify_recover_init = pmeth->verify_recover_init; - if (pverify_recover) - *pverify_recover = pmeth->verify_recover; -} - -void EVP_PKEY_meth_get_signctx(const EVP_PKEY_METHOD *pmeth, - int (**psignctx_init) (EVP_PKEY_CTX *ctx, - EVP_MD_CTX *mctx), - int (**psignctx) (EVP_PKEY_CTX *ctx, - unsigned char *sig, - size_t *siglen, - EVP_MD_CTX *mctx)) -{ - if (psignctx_init) - *psignctx_init = pmeth->signctx_init; - if (psignctx) - *psignctx = pmeth->signctx; -} - -void EVP_PKEY_meth_get_verifyctx(const EVP_PKEY_METHOD *pmeth, - int (**pverifyctx_init) (EVP_PKEY_CTX *ctx, - EVP_MD_CTX *mctx), - int (**pverifyctx) (EVP_PKEY_CTX *ctx, - const unsigned char *sig, - int siglen, - EVP_MD_CTX *mctx)) -{ - if (pverifyctx_init) - *pverifyctx_init = pmeth->verifyctx_init; - if (pverifyctx) - *pverifyctx = pmeth->verifyctx; -} - -void EVP_PKEY_meth_get_encrypt(const EVP_PKEY_METHOD *pmeth, - int (**pencrypt_init) (EVP_PKEY_CTX *ctx), - int (**pencryptfn) (EVP_PKEY_CTX *ctx, - unsigned char *out, - size_t *outlen, - const unsigned char *in, - size_t inlen)) -{ - if (pencrypt_init) - *pencrypt_init = pmeth->encrypt_init; - if (pencryptfn) - *pencryptfn = pmeth->encrypt; -} - -void EVP_PKEY_meth_get_decrypt(const EVP_PKEY_METHOD *pmeth, - int (**pdecrypt_init) (EVP_PKEY_CTX *ctx), - int (**pdecrypt) (EVP_PKEY_CTX *ctx, - unsigned char *out, - size_t *outlen, - const unsigned char *in, - size_t inlen)) -{ - if (pdecrypt_init) - *pdecrypt_init = pmeth->decrypt_init; - if (pdecrypt) - *pdecrypt = pmeth->decrypt; -} - -void EVP_PKEY_meth_get_derive(const EVP_PKEY_METHOD *pmeth, - int (**pderive_init) (EVP_PKEY_CTX *ctx), - int (**pderive) (EVP_PKEY_CTX *ctx, - unsigned char *key, - size_t *keylen)) -{ - if (pderive_init) - *pderive_init = pmeth->derive_init; - if (pderive) - *pderive = pmeth->derive; -} - -void EVP_PKEY_meth_get_ctrl(const EVP_PKEY_METHOD *pmeth, - int (**pctrl) (EVP_PKEY_CTX *ctx, int type, int p1, - void *p2), - int (**pctrl_str) (EVP_PKEY_CTX *ctx, - const char *type, - const char *value)) -{ - if (pctrl) - *pctrl = pmeth->ctrl; - if (pctrl_str) - *pctrl_str = pmeth->ctrl_str; -} - -void EVP_PKEY_meth_get_digestsign(const EVP_PKEY_METHOD *pmeth, - int (**digestsign) (EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen, - const unsigned char *tbs, size_t tbslen)) -{ - if (digestsign) - *digestsign = pmeth->digestsign; -} - -void EVP_PKEY_meth_get_digestverify(const EVP_PKEY_METHOD *pmeth, - int (**digestverify) (EVP_MD_CTX *ctx, const unsigned char *sig, - size_t siglen, const unsigned char *tbs, - size_t tbslen)) -{ - if (digestverify) - *digestverify = pmeth->digestverify; -} - -void EVP_PKEY_meth_get_check(const EVP_PKEY_METHOD *pmeth, - int (**pcheck) (EVP_PKEY *pkey)) -{ - if (pcheck != NULL) - *pcheck = pmeth->check; -} - -void EVP_PKEY_meth_get_public_check(const EVP_PKEY_METHOD *pmeth, - int (**pcheck) (EVP_PKEY *pkey)) -{ - if (pcheck != NULL) - *pcheck = pmeth->public_check; -} - -void EVP_PKEY_meth_get_param_check(const EVP_PKEY_METHOD *pmeth, - int (**pcheck) (EVP_PKEY *pkey)) -{ - if (pcheck != NULL) - *pcheck = pmeth->param_check; -} - -void EVP_PKEY_meth_get_digest_custom(const EVP_PKEY_METHOD *pmeth, - int (**pdigest_custom) (EVP_PKEY_CTX *ctx, - EVP_MD_CTX *mctx)) -{ - if (pdigest_custom != NULL) - *pdigest_custom = pmeth->digest_custom; -} - -#endif /* FIPS_MODULE */ diff --git a/crypto/evp/signature.c b/crypto/evp/signature.c deleted file mode 100644 index fb269b3bfd07178febcd4c7054e214dbd1ba1b26..0000000000000000000000000000000000000000 --- a/crypto/evp/signature.c +++ /dev/null @@ -1,748 +0,0 @@ -/* - * Copyright 2006-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include -#include "internal/numbers.h" /* includes SIZE_MAX */ -#include "internal/cryptlib.h" -#include "internal/provider.h" -#include "internal/core.h" -#include "crypto/evp.h" -#include "evp_local.h" - -static EVP_SIGNATURE *evp_signature_new(OSSL_PROVIDER *prov) -{ - EVP_SIGNATURE *signature = OPENSSL_zalloc(sizeof(EVP_SIGNATURE)); - - if (signature == NULL) { - ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE); - return NULL; - } - - signature->lock = CRYPTO_THREAD_lock_new(); - if (signature->lock == NULL) { - ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE); - OPENSSL_free(signature); - return NULL; - } - signature->prov = prov; - ossl_provider_up_ref(prov); - signature->refcnt = 1; - - return signature; -} - -static void *evp_signature_from_algorithm(int name_id, - const OSSL_ALGORITHM *algodef, - OSSL_PROVIDER *prov) -{ - const OSSL_DISPATCH *fns = algodef->implementation; - EVP_SIGNATURE *signature = NULL; - int ctxfncnt = 0, signfncnt = 0, verifyfncnt = 0, verifyrecfncnt = 0; - int digsignfncnt = 0, digverifyfncnt = 0; - int gparamfncnt = 0, sparamfncnt = 0, gmdparamfncnt = 0, smdparamfncnt = 0; - - if ((signature = evp_signature_new(prov)) == NULL) { - ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE); - goto err; - } - - signature->name_id = name_id; - if ((signature->type_name = ossl_algorithm_get1_first_name(algodef)) == NULL) - goto err; - signature->description = algodef->algorithm_description; - - for (; fns->function_id != 0; fns++) { - switch (fns->function_id) { - case OSSL_FUNC_SIGNATURE_NEWCTX: - if (signature->newctx != NULL) - break; - signature->newctx = OSSL_FUNC_signature_newctx(fns); - ctxfncnt++; - break; - case OSSL_FUNC_SIGNATURE_SIGN_INIT: - if (signature->sign_init != NULL) - break; - signature->sign_init = OSSL_FUNC_signature_sign_init(fns); - signfncnt++; - break; - case OSSL_FUNC_SIGNATURE_SIGN: - if (signature->sign != NULL) - break; - signature->sign = OSSL_FUNC_signature_sign(fns); - signfncnt++; - break; - case OSSL_FUNC_SIGNATURE_VERIFY_INIT: - if (signature->verify_init != NULL) - break; - signature->verify_init = OSSL_FUNC_signature_verify_init(fns); - verifyfncnt++; - break; - case OSSL_FUNC_SIGNATURE_VERIFY: - if (signature->verify != NULL) - break; - signature->verify = OSSL_FUNC_signature_verify(fns); - verifyfncnt++; - break; - case OSSL_FUNC_SIGNATURE_VERIFY_RECOVER_INIT: - if (signature->verify_recover_init != NULL) - break; - signature->verify_recover_init - = OSSL_FUNC_signature_verify_recover_init(fns); - verifyrecfncnt++; - break; - case OSSL_FUNC_SIGNATURE_VERIFY_RECOVER: - if (signature->verify_recover != NULL) - break; - signature->verify_recover - = OSSL_FUNC_signature_verify_recover(fns); - verifyrecfncnt++; - break; - case OSSL_FUNC_SIGNATURE_DIGEST_SIGN_INIT: - if (signature->digest_sign_init != NULL) - break; - signature->digest_sign_init - = OSSL_FUNC_signature_digest_sign_init(fns); - break; - case OSSL_FUNC_SIGNATURE_DIGEST_SIGN_UPDATE: - if (signature->digest_sign_update != NULL) - break; - signature->digest_sign_update - = OSSL_FUNC_signature_digest_sign_update(fns); - digsignfncnt++; - break; - case OSSL_FUNC_SIGNATURE_DIGEST_SIGN_FINAL: - if (signature->digest_sign_final != NULL) - break; - signature->digest_sign_final - = OSSL_FUNC_signature_digest_sign_final(fns); - digsignfncnt++; - break; - case OSSL_FUNC_SIGNATURE_DIGEST_SIGN: - if (signature->digest_sign != NULL) - break; - signature->digest_sign - = OSSL_FUNC_signature_digest_sign(fns); - break; - case OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_INIT: - if (signature->digest_verify_init != NULL) - break; - signature->digest_verify_init - = OSSL_FUNC_signature_digest_verify_init(fns); - break; - case OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_UPDATE: - if (signature->digest_verify_update != NULL) - break; - signature->digest_verify_update - = OSSL_FUNC_signature_digest_verify_update(fns); - digverifyfncnt++; - break; - case OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_FINAL: - if (signature->digest_verify_final != NULL) - break; - signature->digest_verify_final - = OSSL_FUNC_signature_digest_verify_final(fns); - digverifyfncnt++; - break; - case OSSL_FUNC_SIGNATURE_DIGEST_VERIFY: - if (signature->digest_verify != NULL) - break; - signature->digest_verify - = OSSL_FUNC_signature_digest_verify(fns); - break; - case OSSL_FUNC_SIGNATURE_FREECTX: - if (signature->freectx != NULL) - break; - signature->freectx = OSSL_FUNC_signature_freectx(fns); - ctxfncnt++; - break; - case OSSL_FUNC_SIGNATURE_DUPCTX: - if (signature->dupctx != NULL) - break; - signature->dupctx = OSSL_FUNC_signature_dupctx(fns); - break; - case OSSL_FUNC_SIGNATURE_GET_CTX_PARAMS: - if (signature->get_ctx_params != NULL) - break; - signature->get_ctx_params - = OSSL_FUNC_signature_get_ctx_params(fns); - gparamfncnt++; - break; - case OSSL_FUNC_SIGNATURE_GETTABLE_CTX_PARAMS: - if (signature->gettable_ctx_params != NULL) - break; - signature->gettable_ctx_params - = OSSL_FUNC_signature_gettable_ctx_params(fns); - gparamfncnt++; - break; - case OSSL_FUNC_SIGNATURE_SET_CTX_PARAMS: - if (signature->set_ctx_params != NULL) - break; - signature->set_ctx_params - = OSSL_FUNC_signature_set_ctx_params(fns); - sparamfncnt++; - break; - case OSSL_FUNC_SIGNATURE_SETTABLE_CTX_PARAMS: - if (signature->settable_ctx_params != NULL) - break; - signature->settable_ctx_params - = OSSL_FUNC_signature_settable_ctx_params(fns); - sparamfncnt++; - break; - case OSSL_FUNC_SIGNATURE_GET_CTX_MD_PARAMS: - if (signature->get_ctx_md_params != NULL) - break; - signature->get_ctx_md_params - = OSSL_FUNC_signature_get_ctx_md_params(fns); - gmdparamfncnt++; - break; - case OSSL_FUNC_SIGNATURE_GETTABLE_CTX_MD_PARAMS: - if (signature->gettable_ctx_md_params != NULL) - break; - signature->gettable_ctx_md_params - = OSSL_FUNC_signature_gettable_ctx_md_params(fns); - gmdparamfncnt++; - break; - case OSSL_FUNC_SIGNATURE_SET_CTX_MD_PARAMS: - if (signature->set_ctx_md_params != NULL) - break; - signature->set_ctx_md_params - = OSSL_FUNC_signature_set_ctx_md_params(fns); - smdparamfncnt++; - break; - case OSSL_FUNC_SIGNATURE_SETTABLE_CTX_MD_PARAMS: - if (signature->settable_ctx_md_params != NULL) - break; - signature->settable_ctx_md_params - = OSSL_FUNC_signature_settable_ctx_md_params(fns); - smdparamfncnt++; - break; - } - } - if (ctxfncnt != 2 - || (signfncnt == 0 - && verifyfncnt == 0 - && verifyrecfncnt == 0 - && digsignfncnt == 0 - && digverifyfncnt == 0 - && signature->digest_sign == NULL - && signature->digest_verify == NULL) - || (signfncnt != 0 && signfncnt != 2) - || (verifyfncnt != 0 && verifyfncnt != 2) - || (verifyrecfncnt != 0 && verifyrecfncnt != 2) - || (digsignfncnt != 0 && digsignfncnt != 2) - || (digsignfncnt == 2 && signature->digest_sign_init == NULL) - || (digverifyfncnt != 0 && digverifyfncnt != 2) - || (digverifyfncnt == 2 && signature->digest_verify_init == NULL) - || (signature->digest_sign != NULL - && signature->digest_sign_init == NULL) - || (signature->digest_verify != NULL - && signature->digest_verify_init == NULL) - || (gparamfncnt != 0 && gparamfncnt != 2) - || (sparamfncnt != 0 && sparamfncnt != 2) - || (gmdparamfncnt != 0 && gmdparamfncnt != 2) - || (smdparamfncnt != 0 && smdparamfncnt != 2)) { - /* - * In order to be a consistent set of functions we must have at least - * a set of context functions (newctx and freectx) as well as a set of - * "signature" functions: - * (sign_init, sign) or - * (verify_init verify) or - * (verify_recover_init, verify_recover) or - * (digest_sign_init, digest_sign_update, digest_sign_final) or - * (digest_verify_init, digest_verify_update, digest_verify_final) or - * (digest_sign_init, digest_sign) or - * (digest_verify_init, digest_verify). - * - * set_ctx_params and settable_ctx_params are optional, but if one of - * them is present then the other one must also be present. The same - * applies to get_ctx_params and gettable_ctx_params. The same rules - * apply to the "md_params" functions. The dupctx function is optional. - */ - ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS); - goto err; - } - - return signature; - err: - EVP_SIGNATURE_free(signature); - return NULL; -} - -void EVP_SIGNATURE_free(EVP_SIGNATURE *signature) -{ - int i; - - if (signature == NULL) - return; - CRYPTO_DOWN_REF(&signature->refcnt, &i, signature->lock); - if (i > 0) - return; - OPENSSL_free(signature->type_name); - ossl_provider_free(signature->prov); - CRYPTO_THREAD_lock_free(signature->lock); - OPENSSL_free(signature); -} - -int EVP_SIGNATURE_up_ref(EVP_SIGNATURE *signature) -{ - int ref = 0; - - CRYPTO_UP_REF(&signature->refcnt, &ref, signature->lock); - return 1; -} - -OSSL_PROVIDER *EVP_SIGNATURE_get0_provider(const EVP_SIGNATURE *signature) -{ - return signature->prov; -} - -EVP_SIGNATURE *EVP_SIGNATURE_fetch(OSSL_LIB_CTX *ctx, const char *algorithm, - const char *properties) -{ - return evp_generic_fetch(ctx, OSSL_OP_SIGNATURE, algorithm, properties, - evp_signature_from_algorithm, - (int (*)(void *))EVP_SIGNATURE_up_ref, - (void (*)(void *))EVP_SIGNATURE_free); -} - -EVP_SIGNATURE *evp_signature_fetch_from_prov(OSSL_PROVIDER *prov, - const char *algorithm, - const char *properties) -{ - return evp_generic_fetch_from_prov(prov, OSSL_OP_SIGNATURE, - algorithm, properties, - evp_signature_from_algorithm, - (int (*)(void *))EVP_SIGNATURE_up_ref, - (void (*)(void *))EVP_SIGNATURE_free); -} - -int EVP_SIGNATURE_is_a(const EVP_SIGNATURE *signature, const char *name) -{ - return signature != NULL - && evp_is_a(signature->prov, signature->name_id, NULL, name); -} - -int evp_signature_get_number(const EVP_SIGNATURE *signature) -{ - return signature->name_id; -} - -const char *EVP_SIGNATURE_get0_name(const EVP_SIGNATURE *signature) -{ - return signature->type_name; -} - -const char *EVP_SIGNATURE_get0_description(const EVP_SIGNATURE *signature) -{ - return signature->description; -} - -void EVP_SIGNATURE_do_all_provided(OSSL_LIB_CTX *libctx, - void (*fn)(EVP_SIGNATURE *signature, - void *arg), - void *arg) -{ - evp_generic_do_all(libctx, OSSL_OP_SIGNATURE, - (void (*)(void *, void *))fn, arg, - evp_signature_from_algorithm, - (int (*)(void *))EVP_SIGNATURE_up_ref, - (void (*)(void *))EVP_SIGNATURE_free); -} - - -int EVP_SIGNATURE_names_do_all(const EVP_SIGNATURE *signature, - void (*fn)(const char *name, void *data), - void *data) -{ - if (signature->prov != NULL) - return evp_names_do_all(signature->prov, signature->name_id, fn, data); - - return 1; -} - -const OSSL_PARAM *EVP_SIGNATURE_gettable_ctx_params(const EVP_SIGNATURE *sig) -{ - void *provctx; - - if (sig == NULL || sig->gettable_ctx_params == NULL) - return NULL; - - provctx = ossl_provider_ctx(EVP_SIGNATURE_get0_provider(sig)); - return sig->gettable_ctx_params(NULL, provctx); -} - -const OSSL_PARAM *EVP_SIGNATURE_settable_ctx_params(const EVP_SIGNATURE *sig) -{ - void *provctx; - - if (sig == NULL || sig->settable_ctx_params == NULL) - return NULL; - - provctx = ossl_provider_ctx(EVP_SIGNATURE_get0_provider(sig)); - return sig->settable_ctx_params(NULL, provctx); -} - -static int evp_pkey_signature_init(EVP_PKEY_CTX *ctx, int operation, - const OSSL_PARAM params[]) -{ - int ret = 0; - void *provkey = NULL; - EVP_SIGNATURE *signature = NULL; - EVP_KEYMGMT *tmp_keymgmt = NULL; - const OSSL_PROVIDER *tmp_prov = NULL; - const char *supported_sig = NULL; - int iter; - - if (ctx == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); - return -2; - } - - evp_pkey_ctx_free_old_ops(ctx); - ctx->operation = operation; - - ERR_set_mark(); - - if (evp_pkey_ctx_is_legacy(ctx)) - goto legacy; - - if (ctx->pkey == NULL) { - ERR_clear_last_mark(); - ERR_raise(ERR_LIB_EVP, EVP_R_NO_KEY_SET); - goto err; - } - - /* - * Try to derive the supported signature from |ctx->keymgmt|. - */ - if (!ossl_assert(ctx->pkey->keymgmt == NULL - || ctx->pkey->keymgmt == ctx->keymgmt)) { - ERR_clear_last_mark(); - ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR); - goto err; - } - supported_sig = evp_keymgmt_util_query_operation_name(ctx->keymgmt, - OSSL_OP_SIGNATURE); - if (supported_sig == NULL) { - ERR_clear_last_mark(); - ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); - goto err; - } - - /* - * We perform two iterations: - * - * 1. Do the normal signature fetch, using the fetching data given by - * the EVP_PKEY_CTX. - * 2. Do the provider specific signature fetch, from the same provider - * as |ctx->keymgmt| - * - * We then try to fetch the keymgmt from the same provider as the - * signature, and try to export |ctx->pkey| to that keymgmt (when - * this keymgmt happens to be the same as |ctx->keymgmt|, the export - * is a no-op, but we call it anyway to not complicate the code even - * more). - * If the export call succeeds (returns a non-NULL provider key pointer), - * we're done and can perform the operation itself. If not, we perform - * the second iteration, or jump to legacy. - */ - for (iter = 1; iter < 3 && provkey == NULL; iter++) { - EVP_KEYMGMT *tmp_keymgmt_tofree = NULL; - - /* - * If we're on the second iteration, free the results from the first. - * They are NULL on the first iteration, so no need to check what - * iteration we're on. - */ - EVP_SIGNATURE_free(signature); - EVP_KEYMGMT_free(tmp_keymgmt); - - switch (iter) { - case 1: - signature = - EVP_SIGNATURE_fetch(ctx->libctx, supported_sig, ctx->propquery); - if (signature != NULL) - tmp_prov = EVP_SIGNATURE_get0_provider(signature); - break; - case 2: - tmp_prov = EVP_KEYMGMT_get0_provider(ctx->keymgmt); - signature = - evp_signature_fetch_from_prov((OSSL_PROVIDER *)tmp_prov, - supported_sig, ctx->propquery); - if (signature == NULL) - goto legacy; - break; - } - if (signature == NULL) - continue; - - /* - * Ensure that the key is provided, either natively, or as a cached - * export. We start by fetching the keymgmt with the same name as - * |ctx->pkey|, but from the provider of the signature method, using - * the same property query as when fetching the signature method. - * With the keymgmt we found (if we did), we try to export |ctx->pkey| - * to it (evp_pkey_export_to_provider() is smart enough to only actually - - * export it if |tmp_keymgmt| is different from |ctx->pkey|'s keymgmt) - */ - tmp_keymgmt_tofree = tmp_keymgmt = - evp_keymgmt_fetch_from_prov((OSSL_PROVIDER *)tmp_prov, - EVP_KEYMGMT_get0_name(ctx->keymgmt), - ctx->propquery); - if (tmp_keymgmt != NULL) - provkey = evp_pkey_export_to_provider(ctx->pkey, ctx->libctx, - &tmp_keymgmt, ctx->propquery); - if (tmp_keymgmt == NULL) - EVP_KEYMGMT_free(tmp_keymgmt_tofree); - } - - if (provkey == NULL) { - EVP_SIGNATURE_free(signature); - goto legacy; - } - - ERR_pop_to_mark(); - - /* No more legacy from here down to legacy: */ - - ctx->op.sig.signature = signature; - ctx->op.sig.algctx = - signature->newctx(ossl_provider_ctx(signature->prov), ctx->propquery); - if (ctx->op.sig.algctx == NULL) { - /* The provider key can stay in the cache */ - ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); - goto err; - } - - switch (operation) { - case EVP_PKEY_OP_SIGN: - if (signature->sign_init == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); - ret = -2; - goto err; - } - ret = signature->sign_init(ctx->op.sig.algctx, provkey, params); - break; - case EVP_PKEY_OP_VERIFY: - if (signature->verify_init == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); - ret = -2; - goto err; - } - ret = signature->verify_init(ctx->op.sig.algctx, provkey, params); - break; - case EVP_PKEY_OP_VERIFYRECOVER: - if (signature->verify_recover_init == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); - ret = -2; - goto err; - } - ret = signature->verify_recover_init(ctx->op.sig.algctx, provkey, - params); - break; - default: - ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); - goto err; - } - - if (ret <= 0) { - signature->freectx(ctx->op.sig.algctx); - ctx->op.sig.algctx = NULL; - goto err; - } - goto end; - - legacy: - /* - * If we don't have the full support we need with provided methods, - * let's go see if legacy does. - */ - ERR_pop_to_mark(); - EVP_KEYMGMT_free(tmp_keymgmt); - tmp_keymgmt = NULL; - - if (ctx->pmeth == NULL - || (operation == EVP_PKEY_OP_SIGN && ctx->pmeth->sign == NULL) - || (operation == EVP_PKEY_OP_VERIFY && ctx->pmeth->verify == NULL) - || (operation == EVP_PKEY_OP_VERIFYRECOVER - && ctx->pmeth->verify_recover == NULL)) { - ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); - return -2; - } - - switch (operation) { - case EVP_PKEY_OP_SIGN: - if (ctx->pmeth->sign_init == NULL) - return 1; - ret = ctx->pmeth->sign_init(ctx); - break; - case EVP_PKEY_OP_VERIFY: - if (ctx->pmeth->verify_init == NULL) - return 1; - ret = ctx->pmeth->verify_init(ctx); - break; - case EVP_PKEY_OP_VERIFYRECOVER: - if (ctx->pmeth->verify_recover_init == NULL) - return 1; - ret = ctx->pmeth->verify_recover_init(ctx); - break; - default: - ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); - goto err; - } - if (ret <= 0) - goto err; - end: -#ifndef FIPS_MODULE - if (ret > 0) - ret = evp_pkey_ctx_use_cached_data(ctx); -#endif - - EVP_KEYMGMT_free(tmp_keymgmt); - return ret; - err: - evp_pkey_ctx_free_old_ops(ctx); - ctx->operation = EVP_PKEY_OP_UNDEFINED; - EVP_KEYMGMT_free(tmp_keymgmt); - return ret; -} - -int EVP_PKEY_sign_init(EVP_PKEY_CTX *ctx) -{ - return evp_pkey_signature_init(ctx, EVP_PKEY_OP_SIGN, NULL); -} - -int EVP_PKEY_sign_init_ex(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[]) -{ - return evp_pkey_signature_init(ctx, EVP_PKEY_OP_SIGN, params); -} - -int EVP_PKEY_sign(EVP_PKEY_CTX *ctx, - unsigned char *sig, size_t *siglen, - const unsigned char *tbs, size_t tbslen) -{ - int ret; - - if (ctx == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); - return -2; - } - - if (ctx->operation != EVP_PKEY_OP_SIGN) { - ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_INITIALIZED); - return -1; - } - - if (ctx->op.sig.algctx == NULL) - goto legacy; - - ret = ctx->op.sig.signature->sign(ctx->op.sig.algctx, sig, siglen, - (sig == NULL) ? 0 : *siglen, tbs, tbslen); - - return ret; - legacy: - - if (ctx->pmeth == NULL || ctx->pmeth->sign == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); - return -2; - } - - M_check_autoarg(ctx, sig, siglen, EVP_F_EVP_PKEY_SIGN) - return ctx->pmeth->sign(ctx, sig, siglen, tbs, tbslen); -} - -int EVP_PKEY_verify_init(EVP_PKEY_CTX *ctx) -{ - return evp_pkey_signature_init(ctx, EVP_PKEY_OP_VERIFY, NULL); -} - -int EVP_PKEY_verify_init_ex(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[]) -{ - return evp_pkey_signature_init(ctx, EVP_PKEY_OP_VERIFY, params); -} - -int EVP_PKEY_verify(EVP_PKEY_CTX *ctx, - const unsigned char *sig, size_t siglen, - const unsigned char *tbs, size_t tbslen) -{ - int ret; - - if (ctx == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); - return -2; - } - - if (ctx->operation != EVP_PKEY_OP_VERIFY) { - ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_INITIALIZED); - return -1; - } - - if (ctx->op.sig.algctx == NULL) - goto legacy; - - ret = ctx->op.sig.signature->verify(ctx->op.sig.algctx, sig, siglen, - tbs, tbslen); - - return ret; - legacy: - if (ctx->pmeth == NULL || ctx->pmeth->verify == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); - return -2; - } - - return ctx->pmeth->verify(ctx, sig, siglen, tbs, tbslen); -} - -int EVP_PKEY_verify_recover_init(EVP_PKEY_CTX *ctx) -{ - return evp_pkey_signature_init(ctx, EVP_PKEY_OP_VERIFYRECOVER, NULL); -} - -int EVP_PKEY_verify_recover_init_ex(EVP_PKEY_CTX *ctx, - const OSSL_PARAM params[]) -{ - return evp_pkey_signature_init(ctx, EVP_PKEY_OP_VERIFYRECOVER, params); -} - -int EVP_PKEY_verify_recover(EVP_PKEY_CTX *ctx, - unsigned char *rout, size_t *routlen, - const unsigned char *sig, size_t siglen) -{ - int ret; - - if (ctx == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); - return -2; - } - - if (ctx->operation != EVP_PKEY_OP_VERIFYRECOVER) { - ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_INITIALIZED); - return -1; - } - - if (ctx->op.sig.algctx == NULL) - goto legacy; - - ret = ctx->op.sig.signature->verify_recover(ctx->op.sig.algctx, rout, - routlen, - (rout == NULL ? 0 : *routlen), - sig, siglen); - return ret; - legacy: - if (ctx->pmeth == NULL || ctx->pmeth->verify_recover == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); - return -2; - } - M_check_autoarg(ctx, rout, routlen, EVP_F_EVP_PKEY_VERIFY_RECOVER) - return ctx->pmeth->verify_recover(ctx, rout, routlen, sig, siglen); -} diff --git a/crypto/ex_data.c b/crypto/ex_data.c deleted file mode 100644 index 40223f06e4ecb695d234f4c533e3033a3f81167b..0000000000000000000000000000000000000000 --- a/crypto/ex_data.c +++ /dev/null @@ -1,504 +0,0 @@ -/* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "crypto/cryptlib.h" -#include "internal/thread_once.h" - -int ossl_do_ex_data_init(OSSL_LIB_CTX *ctx) -{ - OSSL_EX_DATA_GLOBAL *global = ossl_lib_ctx_get_ex_data_global(ctx); - - if (global == NULL) - return 0; - - global->ex_data_lock = CRYPTO_THREAD_lock_new(); - return global->ex_data_lock != NULL; -} - -/* - * Return the EX_CALLBACKS from the |ex_data| array that corresponds to - * a given class. On success, *holds the lock.* - * The |global| parameter is assumed to be non null (checked by the caller). - */ -static EX_CALLBACKS *get_and_lock(OSSL_EX_DATA_GLOBAL *global, int class_index) -{ - EX_CALLBACKS *ip; - - if (class_index < 0 || class_index >= CRYPTO_EX_INDEX__COUNT) { - ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_INVALID_ARGUMENT); - return NULL; - } - - if (global->ex_data_lock == NULL) { - /* - * If we get here, someone (who?) cleaned up the lock, so just - * treat it as an error. - */ - return NULL; - } - - if (!CRYPTO_THREAD_write_lock(global->ex_data_lock)) - return NULL; - ip = &global->ex_data[class_index]; - return ip; -} - -static void cleanup_cb(EX_CALLBACK *funcs) -{ - OPENSSL_free(funcs); -} - -/* - * Release all "ex_data" state to prevent memory leaks. This can't be made - * thread-safe without overhauling a lot of stuff, and shouldn't really be - * called under potential race-conditions anyway (it's for program shutdown - * after all). - */ -void ossl_crypto_cleanup_all_ex_data_int(OSSL_LIB_CTX *ctx) -{ - int i; - OSSL_EX_DATA_GLOBAL *global = ossl_lib_ctx_get_ex_data_global(ctx); - - if (global == NULL) - return; - - for (i = 0; i < CRYPTO_EX_INDEX__COUNT; ++i) { - EX_CALLBACKS *ip = &global->ex_data[i]; - - sk_EX_CALLBACK_pop_free(ip->meth, cleanup_cb); - ip->meth = NULL; - } - - CRYPTO_THREAD_lock_free(global->ex_data_lock); - global->ex_data_lock = NULL; -} - - -/* - * Unregister a new index by replacing the callbacks with no-ops. - * Any in-use instances are leaked. - */ -static void dummy_new(void *parent, void *ptr, CRYPTO_EX_DATA *ad, int idx, - long argl, void *argp) -{ -} - -static void dummy_free(void *parent, void *ptr, CRYPTO_EX_DATA *ad, int idx, - long argl, void *argp) -{ -} - -static int dummy_dup(CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from, - void **from_d, int idx, - long argl, void *argp) -{ - return 1; -} - -int ossl_crypto_free_ex_index_ex(OSSL_LIB_CTX *ctx, int class_index, int idx) -{ - EX_CALLBACKS *ip; - EX_CALLBACK *a; - int toret = 0; - OSSL_EX_DATA_GLOBAL *global = ossl_lib_ctx_get_ex_data_global(ctx); - - if (global == NULL) - return 0; - - ip = get_and_lock(global, class_index); - if (ip == NULL) - return 0; - - if (idx < 0 || idx >= sk_EX_CALLBACK_num(ip->meth)) - goto err; - a = sk_EX_CALLBACK_value(ip->meth, idx); - if (a == NULL) - goto err; - a->new_func = dummy_new; - a->dup_func = dummy_dup; - a->free_func = dummy_free; - toret = 1; -err: - CRYPTO_THREAD_unlock(global->ex_data_lock); - return toret; -} - -int CRYPTO_free_ex_index(int class_index, int idx) -{ - return ossl_crypto_free_ex_index_ex(NULL, class_index, idx); -} - -/* - * Register a new index. - */ -int ossl_crypto_get_ex_new_index_ex(OSSL_LIB_CTX *ctx, int class_index, - long argl, void *argp, - CRYPTO_EX_new *new_func, - CRYPTO_EX_dup *dup_func, - CRYPTO_EX_free *free_func, - int priority) -{ - int toret = -1; - EX_CALLBACK *a; - EX_CALLBACKS *ip; - OSSL_EX_DATA_GLOBAL *global = ossl_lib_ctx_get_ex_data_global(ctx); - - if (global == NULL) - return -1; - - ip = get_and_lock(global, class_index); - if (ip == NULL) - return -1; - - if (ip->meth == NULL) { - ip->meth = sk_EX_CALLBACK_new_null(); - /* We push an initial value on the stack because the SSL - * "app_data" routines use ex_data index zero. See RT 3710. */ - if (ip->meth == NULL - || !sk_EX_CALLBACK_push(ip->meth, NULL)) { - ERR_raise(ERR_LIB_CRYPTO, ERR_R_MALLOC_FAILURE); - goto err; - } - } - - a = (EX_CALLBACK *)OPENSSL_malloc(sizeof(*a)); - if (a == NULL) { - ERR_raise(ERR_LIB_CRYPTO, ERR_R_MALLOC_FAILURE); - goto err; - } - a->argl = argl; - a->argp = argp; - a->new_func = new_func; - a->dup_func = dup_func; - a->free_func = free_func; - a->priority = priority; - - if (!sk_EX_CALLBACK_push(ip->meth, NULL)) { - ERR_raise(ERR_LIB_CRYPTO, ERR_R_MALLOC_FAILURE); - OPENSSL_free(a); - goto err; - } - toret = sk_EX_CALLBACK_num(ip->meth) - 1; - (void)sk_EX_CALLBACK_set(ip->meth, toret, a); - - err: - CRYPTO_THREAD_unlock(global->ex_data_lock); - return toret; -} - -int CRYPTO_get_ex_new_index(int class_index, long argl, void *argp, - CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, - CRYPTO_EX_free *free_func) -{ - return ossl_crypto_get_ex_new_index_ex(NULL, class_index, argl, argp, - new_func, dup_func, free_func, 0); -} - -/* - * Initialise a new CRYPTO_EX_DATA for use in a particular class - including - * calling new() callbacks for each index in the class used by this variable - * Thread-safe by copying a class's array of "EX_CALLBACK" entries - * in the lock, then using them outside the lock. Note this only applies - * to the global "ex_data" state (ie. class definitions), not 'ad' itself. - */ -int ossl_crypto_new_ex_data_ex(OSSL_LIB_CTX *ctx, int class_index, void *obj, - CRYPTO_EX_DATA *ad) -{ - int mx, i; - void *ptr; - EX_CALLBACK **storage = NULL; - EX_CALLBACK *stack[10]; - EX_CALLBACKS *ip; - OSSL_EX_DATA_GLOBAL *global = ossl_lib_ctx_get_ex_data_global(ctx); - - if (global == NULL) - return 0; - - ip = get_and_lock(global, class_index); - if (ip == NULL) - return 0; - - ad->ctx = ctx; - ad->sk = NULL; - mx = sk_EX_CALLBACK_num(ip->meth); - if (mx > 0) { - if (mx < (int)OSSL_NELEM(stack)) - storage = stack; - else - storage = OPENSSL_malloc(sizeof(*storage) * mx); - if (storage != NULL) - for (i = 0; i < mx; i++) - storage[i] = sk_EX_CALLBACK_value(ip->meth, i); - } - CRYPTO_THREAD_unlock(global->ex_data_lock); - - if (mx > 0 && storage == NULL) { - ERR_raise(ERR_LIB_CRYPTO, ERR_R_MALLOC_FAILURE); - return 0; - } - for (i = 0; i < mx; i++) { - if (storage[i] != NULL && storage[i]->new_func != NULL) { - ptr = CRYPTO_get_ex_data(ad, i); - storage[i]->new_func(obj, ptr, ad, i, - storage[i]->argl, storage[i]->argp); - } - } - if (storage != stack) - OPENSSL_free(storage); - return 1; -} - -int CRYPTO_new_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad) -{ - return ossl_crypto_new_ex_data_ex(NULL, class_index, obj, ad); -} - -/* - * Duplicate a CRYPTO_EX_DATA variable - including calling dup() callbacks - * for each index in the class used by this variable - */ -int CRYPTO_dup_ex_data(int class_index, CRYPTO_EX_DATA *to, - const CRYPTO_EX_DATA *from) -{ - int mx, j, i; - void *ptr; - EX_CALLBACK *stack[10]; - EX_CALLBACK **storage = NULL; - EX_CALLBACKS *ip; - int toret = 0; - OSSL_EX_DATA_GLOBAL *global; - - to->ctx = from->ctx; - if (from->sk == NULL) - /* Nothing to copy over */ - return 1; - - global = ossl_lib_ctx_get_ex_data_global(from->ctx); - if (global == NULL) - return 0; - - ip = get_and_lock(global, class_index); - if (ip == NULL) - return 0; - - mx = sk_EX_CALLBACK_num(ip->meth); - j = sk_void_num(from->sk); - if (j < mx) - mx = j; - if (mx > 0) { - if (mx < (int)OSSL_NELEM(stack)) - storage = stack; - else - storage = OPENSSL_malloc(sizeof(*storage) * mx); - if (storage != NULL) - for (i = 0; i < mx; i++) - storage[i] = sk_EX_CALLBACK_value(ip->meth, i); - } - CRYPTO_THREAD_unlock(global->ex_data_lock); - - if (mx == 0) - return 1; - if (storage == NULL) { - ERR_raise(ERR_LIB_CRYPTO, ERR_R_MALLOC_FAILURE); - return 0; - } - /* - * Make sure the ex_data stack is at least |mx| elements long to avoid - * issues in the for loop that follows; so go get the |mx|'th element - * (if it does not exist CRYPTO_get_ex_data() returns NULL), and assign - * to itself. This is normally a no-op; but ensures the stack is the - * proper size - */ - if (!CRYPTO_set_ex_data(to, mx - 1, CRYPTO_get_ex_data(to, mx - 1))) - goto err; - - for (i = 0; i < mx; i++) { - ptr = CRYPTO_get_ex_data(from, i); - if (storage[i] != NULL && storage[i]->dup_func != NULL) - if (!storage[i]->dup_func(to, from, &ptr, i, - storage[i]->argl, storage[i]->argp)) - goto err; - CRYPTO_set_ex_data(to, i, ptr); - } - toret = 1; - err: - if (storage != stack) - OPENSSL_free(storage); - return toret; -} - -struct ex_callback_entry { - const EX_CALLBACK *excb; - int index; -}; - -static int ex_callback_compare(const void *a, const void *b) -{ - const struct ex_callback_entry *ap = (const struct ex_callback_entry *)a; - const struct ex_callback_entry *bp = (const struct ex_callback_entry *)b; - - if (ap->excb == bp->excb) - return 0; - - if (ap->excb == NULL) - return 1; - if (bp->excb == NULL) - return -1; - if (ap->excb->priority == bp->excb->priority) - return 0; - return ap->excb->priority > bp->excb->priority ? -1 : 1; -} - -/* - * Cleanup a CRYPTO_EX_DATA variable - including calling free() callbacks for - * each index in the class used by this variable - */ -void CRYPTO_free_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad) -{ - int mx, i; - EX_CALLBACKS *ip; - void *ptr; - const EX_CALLBACK *f; - struct ex_callback_entry stack[10]; - struct ex_callback_entry *storage = NULL; - OSSL_EX_DATA_GLOBAL *global = ossl_lib_ctx_get_ex_data_global(ad->ctx); - - if (global == NULL) - goto err; - - ip = get_and_lock(global, class_index); - if (ip == NULL) - goto err; - - mx = sk_EX_CALLBACK_num(ip->meth); - if (mx > 0) { - if (mx < (int)OSSL_NELEM(stack)) - storage = stack; - else - storage = OPENSSL_malloc(sizeof(*storage) * mx); - if (storage != NULL) - for (i = 0; i < mx; i++) { - storage[i].excb = sk_EX_CALLBACK_value(ip->meth, i); - storage[i].index = i; - } - } - CRYPTO_THREAD_unlock(global->ex_data_lock); - - if (storage != NULL) { - /* Sort according to priority. High priority first */ - qsort(storage, mx, sizeof(*storage), ex_callback_compare); - for (i = 0; i < mx; i++) { - f = storage[i].excb; - - if (f != NULL && f->free_func != NULL) { - ptr = CRYPTO_get_ex_data(ad, storage[i].index); - f->free_func(obj, ptr, ad, storage[i].index, f->argl, f->argp); - } - } - } - - if (storage != stack) - OPENSSL_free(storage); - err: - sk_void_free(ad->sk); - ad->sk = NULL; - ad->ctx = NULL; -} - -/* - * Allocate a given CRYPTO_EX_DATA item using the class specific allocation - * function - */ -int CRYPTO_alloc_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad, - int idx) -{ - void *curval; - - curval = CRYPTO_get_ex_data(ad, idx); - /* Already there, no need to allocate */ - if (curval != NULL) - return 1; - - return ossl_crypto_alloc_ex_data_intern(class_index, obj, ad, idx); -} - -int ossl_crypto_alloc_ex_data_intern(int class_index, void *obj, - CRYPTO_EX_DATA *ad, int idx) -{ - EX_CALLBACK *f; - EX_CALLBACKS *ip; - OSSL_EX_DATA_GLOBAL *global; - - global = ossl_lib_ctx_get_ex_data_global(ad->ctx); - if (global == NULL) - return 0; - - ip = get_and_lock(global, class_index); - if (ip == NULL) - return 0; - f = sk_EX_CALLBACK_value(ip->meth, idx); - CRYPTO_THREAD_unlock(global->ex_data_lock); - - /* - * This should end up calling CRYPTO_set_ex_data(), which allocates - * everything necessary to support placing the new data in the right spot. - */ - if (f->new_func == NULL) - return 0; - - f->new_func(obj, NULL, ad, idx, f->argl, f->argp); - - return 1; -} - -/* - * For a given CRYPTO_EX_DATA variable, set the value corresponding to a - * particular index in the class used by this variable - */ -int CRYPTO_set_ex_data(CRYPTO_EX_DATA *ad, int idx, void *val) -{ - int i; - - if (ad->sk == NULL) { - if ((ad->sk = sk_void_new_null()) == NULL) { - ERR_raise(ERR_LIB_CRYPTO, ERR_R_MALLOC_FAILURE); - return 0; - } - } - - for (i = sk_void_num(ad->sk); i <= idx; ++i) { - if (!sk_void_push(ad->sk, NULL)) { - ERR_raise(ERR_LIB_CRYPTO, ERR_R_MALLOC_FAILURE); - return 0; - } - } - if (sk_void_set(ad->sk, idx, val) != val) { - /* Probably the index is out of bounds */ - ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_INVALID_ARGUMENT); - return 0; - } - return 1; -} - -/* - * For a given CRYPTO_EX_DATA_ variable, get the value corresponding to a - * particular index in the class used by this variable - */ -void *CRYPTO_get_ex_data(const CRYPTO_EX_DATA *ad, int idx) -{ - if (ad->sk == NULL || idx >= sk_void_num(ad->sk)) - return NULL; - return sk_void_value(ad->sk, idx); -} - -OSSL_LIB_CTX *ossl_crypto_ex_data_get_ossl_lib_ctx(const CRYPTO_EX_DATA *ad) -{ - return ad->ctx; -} diff --git a/crypto/ffc/build.info b/crypto/ffc/build.info deleted file mode 100644 index 61cca17c5fe849f83249dc10ead603f097407444..0000000000000000000000000000000000000000 --- a/crypto/ffc/build.info +++ /dev/null @@ -1,8 +0,0 @@ -LIBS=../../libcrypto - -$COMMON=ffc_params.c ffc_params_generate.c ffc_key_generate.c \ - ffc_params_validate.c ffc_key_validate.c ffc_backend.c \ - ffc_dh.c - -SOURCE[../../libcrypto]=$COMMON -SOURCE[../../providers/libfips.a]=$COMMON diff --git a/crypto/ffc/ffc_backend.c b/crypto/ffc/ffc_backend.c deleted file mode 100644 index dbd28b0e66bd7ad49906572b3cb7fca5617f6a77..0000000000000000000000000000000000000000 --- a/crypto/ffc/ffc_backend.c +++ /dev/null @@ -1,129 +0,0 @@ -/* - * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/ffc.h" -#include "internal/sizes.h" - -/* - * The intention with the "backend" source file is to offer backend support - * for legacy backends (EVP_PKEY_ASN1_METHOD and EVP_PKEY_METHOD) and provider - * implementations alike. - */ - -int ossl_ffc_params_fromdata(FFC_PARAMS *ffc, const OSSL_PARAM params[]) -{ - const OSSL_PARAM *prm; - const OSSL_PARAM *param_p, *param_q, *param_g; - BIGNUM *p = NULL, *q = NULL, *g = NULL, *j = NULL; - int i; - - if (ffc == NULL) - return 0; - - prm = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_GROUP_NAME); - if (prm != NULL) { - /* - * In a no-dh build we just go straight to err because we have no - * support for this. - */ -#ifndef OPENSSL_NO_DH - const DH_NAMED_GROUP *group = NULL; - - if (prm->data_type != OSSL_PARAM_UTF8_STRING - || prm->data == NULL - || (group = ossl_ffc_name_to_dh_named_group(prm->data)) == NULL - || !ossl_ffc_named_group_set(ffc, group)) -#endif - goto err; - } - - param_p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_P); - param_g = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_G); - param_q = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_Q); - - if ((param_p != NULL && !OSSL_PARAM_get_BN(param_p, &p)) - || (param_q != NULL && !OSSL_PARAM_get_BN(param_q, &q)) - || (param_g != NULL && !OSSL_PARAM_get_BN(param_g, &g))) - goto err; - - prm = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_GINDEX); - if (prm != NULL) { - if (!OSSL_PARAM_get_int(prm, &i)) - goto err; - ffc->gindex = i; - } - prm = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_PCOUNTER); - if (prm != NULL) { - if (!OSSL_PARAM_get_int(prm, &i)) - goto err; - ffc->pcounter = i; - } - prm = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_COFACTOR); - if (prm != NULL && !OSSL_PARAM_get_BN(prm, &j)) - goto err; - prm = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_H); - if (prm != NULL) { - if (!OSSL_PARAM_get_int(prm, &i)) - goto err; - ffc->h = i; - } - prm = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_SEED); - if (prm != NULL) { - if (prm->data_type != OSSL_PARAM_OCTET_STRING) - goto err; - if (!ossl_ffc_params_set_seed(ffc, prm->data, prm->data_size)) - goto err; - } - prm = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_VALIDATE_PQ); - if (prm != NULL) { - if (!OSSL_PARAM_get_int(prm, &i)) - goto err; - ossl_ffc_params_enable_flags(ffc, FFC_PARAM_FLAG_VALIDATE_PQ, i); - } - prm = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_VALIDATE_G); - if (prm != NULL) { - if (!OSSL_PARAM_get_int(prm, &i)) - goto err; - ossl_ffc_params_enable_flags(ffc, FFC_PARAM_FLAG_VALIDATE_G, i); - } - prm = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_VALIDATE_LEGACY); - if (prm != NULL) { - if (!OSSL_PARAM_get_int(prm, &i)) - goto err; - ossl_ffc_params_enable_flags(ffc, FFC_PARAM_FLAG_VALIDATE_LEGACY, i); - } - - prm = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_DIGEST); - if (prm != NULL) { - const OSSL_PARAM *p1; - const char *props = NULL; - - if (prm->data_type != OSSL_PARAM_UTF8_STRING) - goto err; - p1 = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_DIGEST_PROPS); - if (p1 != NULL) { - if (p1->data_type != OSSL_PARAM_UTF8_STRING) - goto err; - } - if (!ossl_ffc_set_digest(ffc, prm->data, props)) - goto err; - } - - ossl_ffc_params_set0_pqg(ffc, p, q, g); - ossl_ffc_params_set0_j(ffc, j); - return 1; - - err: - BN_free(j); - BN_free(p); - BN_free(q); - BN_free(g); - return 0; -} diff --git a/crypto/ffc/ffc_dh.c b/crypto/ffc/ffc_dh.c deleted file mode 100644 index df07e173bcb8c1f4039a5257e0ad5d9c9e179f71..0000000000000000000000000000000000000000 --- a/crypto/ffc/ffc_dh.c +++ /dev/null @@ -1,173 +0,0 @@ -/* - * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include "internal/ffc.h" -#include "internal/nelem.h" -#include "crypto/bn_dh.h" - -#ifndef OPENSSL_NO_DH - -# define FFDHE(sz, keylength) { \ - SN_ffdhe##sz, NID_ffdhe##sz, \ - sz, \ - keylength, \ - &ossl_bignum_ffdhe##sz##_p, &ossl_bignum_ffdhe##sz##_q, \ - &ossl_bignum_const_2, \ - } - -# define MODP(sz, keylength) { \ - SN_modp_##sz, NID_modp_##sz, \ - sz, \ - keylength, \ - &ossl_bignum_modp_##sz##_p, &ossl_bignum_modp_##sz##_q, \ - &ossl_bignum_const_2 \ - } - -# define RFC5114(name, uid, sz, tag) { \ - name, uid, \ - sz, \ - 0, \ - &ossl_bignum_dh##tag##_p, &ossl_bignum_dh##tag##_q, \ - &ossl_bignum_dh##tag##_g \ - } - -#else - -# define FFDHE(sz, keylength) { SN_ffdhe##sz, NID_ffdhe##sz } -# define MODP(sz, keylength) { SN_modp_##sz, NID_modp_##sz } -# define RFC5114(name, uid, sz, tag) { name, uid } - -#endif - -struct dh_named_group_st { - const char *name; - int uid; -#ifndef OPENSSL_NO_DH - int32_t nbits; - int keylength; - const BIGNUM *p; - const BIGNUM *q; - const BIGNUM *g; -#endif -}; - -/* - * The private key length values are taken from RFC7919 with the values for - * MODP primes given the same lengths as the equivalent FFDHE. - * The MODP 1536 value is approximated. - */ -static const DH_NAMED_GROUP dh_named_groups[] = { - FFDHE(2048, 225), - FFDHE(3072, 275), - FFDHE(4096, 325), - FFDHE(6144, 375), - FFDHE(8192, 400), -#ifndef FIPS_MODULE - MODP(1536, 200), -#endif - MODP(2048, 225), - MODP(3072, 275), - MODP(4096, 325), - MODP(6144, 375), - MODP(8192, 400), - /* - * Additional dh named groups from RFC 5114 that have a different g. - * The uid can be any unique identifier. - */ -#ifndef FIPS_MODULE - RFC5114("dh_1024_160", 1, 1024, 1024_160), - RFC5114("dh_2048_224", 2, 2048, 2048_224), - RFC5114("dh_2048_256", 3, 2048, 2048_256), -#endif -}; - -const DH_NAMED_GROUP *ossl_ffc_name_to_dh_named_group(const char *name) -{ - size_t i; - - for (i = 0; i < OSSL_NELEM(dh_named_groups); ++i) { - if (OPENSSL_strcasecmp(dh_named_groups[i].name, name) == 0) - return &dh_named_groups[i]; - } - return NULL; -} - -const DH_NAMED_GROUP *ossl_ffc_uid_to_dh_named_group(int uid) -{ - size_t i; - - for (i = 0; i < OSSL_NELEM(dh_named_groups); ++i) { - if (dh_named_groups[i].uid == uid) - return &dh_named_groups[i]; - } - return NULL; -} - -#ifndef OPENSSL_NO_DH -const DH_NAMED_GROUP *ossl_ffc_numbers_to_dh_named_group(const BIGNUM *p, - const BIGNUM *q, - const BIGNUM *g) -{ - size_t i; - - for (i = 0; i < OSSL_NELEM(dh_named_groups); ++i) { - /* Keep searching until a matching p and g is found */ - if (BN_cmp(p, dh_named_groups[i].p) == 0 - && BN_cmp(g, dh_named_groups[i].g) == 0 - /* Verify q is correct if it exists */ - && (q == NULL || BN_cmp(q, dh_named_groups[i].q) == 0)) - return &dh_named_groups[i]; - } - return NULL; -} -#endif - -int ossl_ffc_named_group_get_uid(const DH_NAMED_GROUP *group) -{ - if (group == NULL) - return NID_undef; - return group->uid; -} - -const char *ossl_ffc_named_group_get_name(const DH_NAMED_GROUP *group) -{ - if (group == NULL) - return NULL; - return group->name; -} - -#ifndef OPENSSL_NO_DH -int ossl_ffc_named_group_get_keylength(const DH_NAMED_GROUP *group) -{ - if (group == NULL) - return 0; - return group->keylength; -} - -const BIGNUM *ossl_ffc_named_group_get_q(const DH_NAMED_GROUP *group) -{ - if (group == NULL) - return NULL; - return group->q; -} - -int ossl_ffc_named_group_set(FFC_PARAMS *ffc, const DH_NAMED_GROUP *group) -{ - if (ffc == NULL || group == NULL) - return 0; - - ossl_ffc_params_set0_pqg(ffc, (BIGNUM *)group->p, (BIGNUM *)group->q, - (BIGNUM *)group->g); - ffc->keylength = group->keylength; - - /* flush the cached nid, The DH layer is responsible for caching */ - ffc->nid = NID_undef; - return 1; -} -#endif diff --git a/crypto/ffc/ffc_key_generate.c b/crypto/ffc/ffc_key_generate.c deleted file mode 100644 index d02c6575274d4816f9b6e962f55a63f1963d8b47..0000000000000000000000000000000000000000 --- a/crypto/ffc/ffc_key_generate.c +++ /dev/null @@ -1,60 +0,0 @@ -/* - * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include "internal/ffc.h" - -/* - * SP800-56Ar3 5.6.1.1.4 Key pair generation by testing candidates. - * Generates a private key in the interval [1, min(2 ^ N - 1, q - 1)]. - * - * ctx must be set up with a libctx (for fips mode). - * params contains the FFC domain parameters p, q and g (for DH or DSA). - * N is the maximum bit length of the generated private key, - * s is the security strength. - * priv_key is the returned private key, - */ -int ossl_ffc_generate_private_key(BN_CTX *ctx, const FFC_PARAMS *params, - int N, int s, BIGNUM *priv) -{ - int ret = 0, qbits = BN_num_bits(params->q); - BIGNUM *m, *two_powN = NULL; - - /* Deal with the edge cases where the value of N and/or s is not set */ - if (s == 0) - goto err; - if (N == 0) - N = params->keylength ? params->keylength : 2 * s; - - /* Step (2) : check range of N */ - if (N < 2 * s || N > qbits) - return 0; - - two_powN = BN_new(); - /* 2^N */ - if (two_powN == NULL || !BN_lshift(two_powN, BN_value_one(), N)) - goto err; - - /* Step (5) : M = min(2 ^ N, q) */ - m = (BN_cmp(two_powN, params->q) > 0) ? params->q : two_powN; - - do { - /* Steps (3, 4 & 7) : c + 1 = 1 + random[0..2^N - 1] */ - if (!BN_priv_rand_range_ex(priv, two_powN, 0, ctx) - || !BN_add_word(priv, 1)) - goto err; - /* Step (6) : loop if c > M - 2 (i.e. c + 1 >= M) */ - if (BN_cmp(priv, m) < 0) - break; - } while (1); - - ret = 1; -err: - BN_free(two_powN); - return ret; -} diff --git a/crypto/ffc/ffc_params.c b/crypto/ffc/ffc_params.c deleted file mode 100644 index fb558f8221f6c81517f5d0430435f40a192e5928..0000000000000000000000000000000000000000 --- a/crypto/ffc/ffc_params.c +++ /dev/null @@ -1,322 +0,0 @@ -/* - * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include /* memset */ -#include -#include "internal/ffc.h" -#include "internal/param_build_set.h" -#include "internal/nelem.h" - -#ifndef FIPS_MODULE -# include /* ossl_ffc_params_print */ -#endif - -void ossl_ffc_params_init(FFC_PARAMS *params) -{ - memset(params, 0, sizeof(*params)); - params->pcounter = -1; - params->gindex = FFC_UNVERIFIABLE_GINDEX; - params->flags = FFC_PARAM_FLAG_VALIDATE_PQG; -} - -void ossl_ffc_params_cleanup(FFC_PARAMS *params) -{ - BN_free(params->p); - BN_free(params->q); - BN_free(params->g); - BN_free(params->j); - OPENSSL_free(params->seed); - ossl_ffc_params_init(params); -} - -void ossl_ffc_params_set0_pqg(FFC_PARAMS *d, BIGNUM *p, BIGNUM *q, BIGNUM *g) -{ - if (p != NULL && p != d->p) { - BN_free(d->p); - d->p = p; - } - if (q != NULL && q != d->q) { - BN_free(d->q); - d->q = q; - } - if (g != NULL && g != d->g) { - BN_free(d->g); - d->g = g; - } -} - -void ossl_ffc_params_get0_pqg(const FFC_PARAMS *d, const BIGNUM **p, - const BIGNUM **q, const BIGNUM **g) -{ - if (p != NULL) - *p = d->p; - if (q != NULL) - *q = d->q; - if (g != NULL) - *g = d->g; -} - - -/* j is the 'cofactor' that is optionally output for ASN1. */ -void ossl_ffc_params_set0_j(FFC_PARAMS *d, BIGNUM *j) -{ - BN_free(d->j); - d->j = NULL; - if (j != NULL) - d->j = j; -} - -int ossl_ffc_params_set_seed(FFC_PARAMS *params, - const unsigned char *seed, size_t seedlen) -{ - if (params == NULL) - return 0; - - if (params->seed != NULL) { - if (params->seed == seed) - return 1; - OPENSSL_free(params->seed); - } - - if (seed != NULL && seedlen > 0) { - params->seed = OPENSSL_memdup(seed, seedlen); - if (params->seed == NULL) - return 0; - params->seedlen = seedlen; - } else { - params->seed = NULL; - params->seedlen = 0; - } - return 1; -} - -void ossl_ffc_params_set_gindex(FFC_PARAMS *params, int index) -{ - params->gindex = index; -} - -void ossl_ffc_params_set_pcounter(FFC_PARAMS *params, int index) -{ - params->pcounter = index; -} - -void ossl_ffc_params_set_h(FFC_PARAMS *params, int index) -{ - params->h = index; -} - -void ossl_ffc_params_set_flags(FFC_PARAMS *params, unsigned int flags) -{ - params->flags = flags; -} - -void ossl_ffc_params_enable_flags(FFC_PARAMS *params, unsigned int flags, - int enable) -{ - if (enable) - params->flags |= flags; - else - params->flags &= ~flags; -} - -int ossl_ffc_set_digest(FFC_PARAMS *params, const char *alg, const char *props) -{ - params->mdname = alg; - params->mdprops = props; - return 1; -} - -int ossl_ffc_params_set_validate_params(FFC_PARAMS *params, - const unsigned char *seed, - size_t seedlen, int counter) -{ - if (!ossl_ffc_params_set_seed(params, seed, seedlen)) - return 0; - params->pcounter = counter; - return 1; -} - -void ossl_ffc_params_get_validate_params(const FFC_PARAMS *params, - unsigned char **seed, size_t *seedlen, - int *pcounter) -{ - if (seed != NULL) - *seed = params->seed; - if (seedlen != NULL) - *seedlen = params->seedlen; - if (pcounter != NULL) - *pcounter = params->pcounter; -} - -static int ffc_bn_cpy(BIGNUM **dst, const BIGNUM *src) -{ - BIGNUM *a; - - /* - * If source is read only just copy the pointer, so - * we don't have to reallocate it. - */ - if (src == NULL) - a = NULL; - else if (BN_get_flags(src, BN_FLG_STATIC_DATA) - && !BN_get_flags(src, BN_FLG_MALLOCED)) - a = (BIGNUM *)src; - else if ((a = BN_dup(src)) == NULL) - return 0; - BN_clear_free(*dst); - *dst = a; - return 1; -} - -int ossl_ffc_params_copy(FFC_PARAMS *dst, const FFC_PARAMS *src) -{ - if (!ffc_bn_cpy(&dst->p, src->p) - || !ffc_bn_cpy(&dst->g, src->g) - || !ffc_bn_cpy(&dst->q, src->q) - || !ffc_bn_cpy(&dst->j, src->j)) - return 0; - - OPENSSL_free(dst->seed); - dst->seedlen = src->seedlen; - if (src->seed != NULL) { - dst->seed = OPENSSL_memdup(src->seed, src->seedlen); - if (dst->seed == NULL) - return 0; - } else { - dst->seed = NULL; - } - dst->nid = src->nid; - dst->pcounter = src->pcounter; - dst->h = src->h; - dst->gindex = src->gindex; - dst->flags = src->flags; - dst->keylength = src->keylength; - return 1; -} - -int ossl_ffc_params_cmp(const FFC_PARAMS *a, const FFC_PARAMS *b, int ignore_q) -{ - return BN_cmp(a->p, b->p) == 0 - && BN_cmp(a->g, b->g) == 0 - && (ignore_q || BN_cmp(a->q, b->q) == 0); /* Note: q may be NULL */ -} - -int ossl_ffc_params_todata(const FFC_PARAMS *ffc, OSSL_PARAM_BLD *bld, - OSSL_PARAM params[]) -{ - int test_flags; - - if (ffc == NULL) - return 0; - - if (ffc->p != NULL - && !ossl_param_build_set_bn(bld, params, OSSL_PKEY_PARAM_FFC_P, ffc->p)) - return 0; - if (ffc->q != NULL - && !ossl_param_build_set_bn(bld, params, OSSL_PKEY_PARAM_FFC_Q, ffc->q)) - return 0; - if (ffc->g != NULL - && !ossl_param_build_set_bn(bld, params, OSSL_PKEY_PARAM_FFC_G, ffc->g)) - return 0; - if (ffc->j != NULL - && !ossl_param_build_set_bn(bld, params, OSSL_PKEY_PARAM_FFC_COFACTOR, - ffc->j)) - return 0; - if (!ossl_param_build_set_int(bld, params, OSSL_PKEY_PARAM_FFC_GINDEX, - ffc->gindex)) - return 0; - if (!ossl_param_build_set_int(bld, params, OSSL_PKEY_PARAM_FFC_PCOUNTER, - ffc->pcounter)) - return 0; - if (!ossl_param_build_set_int(bld, params, OSSL_PKEY_PARAM_FFC_H, ffc->h)) - return 0; - if (ffc->seed != NULL - && !ossl_param_build_set_octet_string(bld, params, - OSSL_PKEY_PARAM_FFC_SEED, - ffc->seed, ffc->seedlen)) - return 0; - if (ffc->nid != NID_undef) { - const DH_NAMED_GROUP *group = ossl_ffc_uid_to_dh_named_group(ffc->nid); - const char *name = ossl_ffc_named_group_get_name(group); - - if (name == NULL - || !ossl_param_build_set_utf8_string(bld, params, - OSSL_PKEY_PARAM_GROUP_NAME, - name)) - return 0; - } - test_flags = ((ffc->flags & FFC_PARAM_FLAG_VALIDATE_PQ) != 0); - if (!ossl_param_build_set_int(bld, params, - OSSL_PKEY_PARAM_FFC_VALIDATE_PQ, test_flags)) - return 0; - test_flags = ((ffc->flags & FFC_PARAM_FLAG_VALIDATE_G) != 0); - if (!ossl_param_build_set_int(bld, params, - OSSL_PKEY_PARAM_FFC_VALIDATE_G, test_flags)) - return 0; - test_flags = ((ffc->flags & FFC_PARAM_FLAG_VALIDATE_LEGACY) != 0); - if (!ossl_param_build_set_int(bld, params, - OSSL_PKEY_PARAM_FFC_VALIDATE_LEGACY, - test_flags)) - return 0; - - if (ffc->mdname != NULL - && !ossl_param_build_set_utf8_string(bld, params, - OSSL_PKEY_PARAM_FFC_DIGEST, - ffc->mdname)) - return 0; - if (ffc->mdprops != NULL - && !ossl_param_build_set_utf8_string(bld, params, - OSSL_PKEY_PARAM_FFC_DIGEST_PROPS, - ffc->mdprops)) - return 0; - return 1; -} - -#ifndef FIPS_MODULE -int ossl_ffc_params_print(BIO *bp, const FFC_PARAMS *ffc, int indent) -{ - if (!ASN1_bn_print(bp, "prime P:", ffc->p, NULL, indent)) - goto err; - if (!ASN1_bn_print(bp, "generator G:", ffc->g, NULL, indent)) - goto err; - if (ffc->q != NULL - && !ASN1_bn_print(bp, "subgroup order Q:", ffc->q, NULL, indent)) - goto err; - if (ffc->j != NULL - && !ASN1_bn_print(bp, "subgroup factor:", ffc->j, NULL, indent)) - goto err; - if (ffc->seed != NULL) { - size_t i; - - if (!BIO_indent(bp, indent, 128) - || BIO_puts(bp, "seed:") <= 0) - goto err; - for (i = 0; i < ffc->seedlen; i++) { - if ((i % 15) == 0) { - if (BIO_puts(bp, "\n") <= 0 - || !BIO_indent(bp, indent + 4, 128)) - goto err; - } - if (BIO_printf(bp, "%02x%s", ffc->seed[i], - ((i + 1) == ffc->seedlen) ? "" : ":") <= 0) - goto err; - } - if (BIO_write(bp, "\n", 1) <= 0) - return 0; - } - if (ffc->pcounter != -1) { - if (!BIO_indent(bp, indent, 128) - || BIO_printf(bp, "counter: %d\n", ffc->pcounter) <= 0) - goto err; - } - return 1; -err: - return 0; -} -#endif /* FIPS_MODULE */ diff --git a/crypto/ffc/ffc_params_generate.c b/crypto/ffc/ffc_params_generate.c deleted file mode 100644 index f0601e1644c39f1bbea4214e2b2b7c10de194220..0000000000000000000000000000000000000000 --- a/crypto/ffc/ffc_params_generate.c +++ /dev/null @@ -1,1057 +0,0 @@ -/* - * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * For the prime check.. - * FIPS 186-4 Section C.3 Table C.1 - * Returns the minimum number of Miller Rabin iterations for a L,N pair - * (where L = len(p), N = len(q)) - * L N Min - * 1024 160 40 - * 2048 224 56 - * 2048 256 56 - * 3072 256 64 - * - * BN_check_prime() uses: - * 64 iterations for L <= 2048 OR - * 128 iterations for L > 2048 - * So this satisfies the requirement. - */ - -#include /* memset */ -#include /* SHA_DIGEST_LENGTH */ -#include -#include -#include -#include -#include "crypto/bn.h" -#include "internal/ffc.h" - -/* - * Verify that the passed in L, N pair for DH or DSA is valid. - * Returns 0 if invalid, otherwise it returns the security strength. - */ - -#ifdef FIPS_MODULE -static int ffc_validate_LN(size_t L, size_t N, int type, int verify) -{ - if (type == FFC_PARAM_TYPE_DH) { - /* Valid DH L,N parameters from SP800-56Ar3 5.5.1 Table 1 */ - if (L == 2048 && (N == 224 || N == 256)) - return 112; -# ifndef OPENSSL_NO_DH - ERR_raise(ERR_LIB_DH, DH_R_BAD_FFC_PARAMETERS); -# endif - } else if (type == FFC_PARAM_TYPE_DSA) { - /* Valid DSA L,N parameters from FIPS 186-4 Section 4.2 */ - /* In fips mode 1024/160 can only be used for verification */ - if (verify && L == 1024 && N == 160) - return 80; - if (L == 2048 && (N == 224 || N == 256)) - return 112; - if (L == 3072 && N == 256) - return 128; -# ifndef OPENSSL_NO_DSA - ERR_raise(ERR_LIB_DSA, DSA_R_BAD_FFC_PARAMETERS); -# endif - } - return 0; -} -#else -static int ffc_validate_LN(size_t L, size_t N, int type, int verify) -{ - if (type == FFC_PARAM_TYPE_DH) { - /* Allow legacy 1024/160 in non fips mode */ - if (L == 1024 && N == 160) - return 80; - /* Valid DH L,N parameters from SP800-56Ar3 5.5.1 Table 1 */ - if (L == 2048 && (N == 224 || N == 256)) - return 112; -# ifndef OPENSSL_NO_DH - ERR_raise(ERR_LIB_DH, DH_R_BAD_FFC_PARAMETERS); -# endif - } else if (type == FFC_PARAM_TYPE_DSA) { - if (L >= 3072 && N >= 256) - return 128; - if (L >= 2048 && N >= 224) - return 112; - if (L >= 1024 && N >= 160) - return 80; -# ifndef OPENSSL_NO_DSA - ERR_raise(ERR_LIB_DSA, DSA_R_BAD_FFC_PARAMETERS); -# endif - } - return 0; -} -#endif /* FIPS_MODULE */ - -/* FIPS186-4 A.2.1 Unverifiable Generation of Generator g */ -static int generate_unverifiable_g(BN_CTX *ctx, BN_MONT_CTX *mont, BIGNUM *g, - BIGNUM *hbn, const BIGNUM *p, - const BIGNUM *e,const BIGNUM *pm1, - int *hret) -{ - int h = 2; - - /* Step (2): choose h (where 1 < h)*/ - if (!BN_set_word(hbn, h)) - return 0; - - for (;;) { - /* Step (3): g = h^e % p */ - if (!BN_mod_exp_mont(g, hbn, e, p, ctx, mont)) - return 0; - /* Step (4): Finish if g > 1 */ - if (BN_cmp(g, BN_value_one()) > 0) - break; - - /* Step (2) Choose any h in the range 1 < h < (p-1) */ - if (!BN_add_word(hbn, 1) || BN_cmp(hbn, pm1) >= 0) - return 0; - ++h; - } - *hret = h; - return 1; -} - -/* - * FIPS186-4 A.2 Generation of canonical generator g. - * - * It requires the following values as input: - * 'evpmd' digest, 'p' prime, 'e' cofactor, gindex and seed. - * tmp is a passed in temporary BIGNUM. - * mont is used in a BN_mod_exp_mont() with a modulus of p. - * Returns a value in g. - */ -static int generate_canonical_g(BN_CTX *ctx, BN_MONT_CTX *mont, - const EVP_MD *evpmd, BIGNUM *g, BIGNUM *tmp, - const BIGNUM *p, const BIGNUM *e, - int gindex, unsigned char *seed, size_t seedlen) -{ - int ret = 0; - int counter = 1; - unsigned char md[EVP_MAX_MD_SIZE]; - EVP_MD_CTX *mctx = NULL; - int mdsize; - - mdsize = EVP_MD_get_size(evpmd); - if (mdsize <= 0) - return 0; - - mctx = EVP_MD_CTX_new(); - if (mctx == NULL) - return 0; - - /* - * A.2.3 Step (4) & (5) - * A.2.4 Step (6) & (7) - * counter = 0; counter += 1 - */ - for (counter = 1; counter <= 0xFFFF; ++counter) { - /* - * A.2.3 Step (7) & (8) & (9) - * A.2.4 Step (9) & (10) & (11) - * W = Hash(seed || "ggen" || index || counter) - * g = W^e % p - */ - static const unsigned char ggen[4] = { 0x67, 0x67, 0x65, 0x6e }; - - md[0] = (unsigned char)(gindex & 0xff); - md[1] = (unsigned char)((counter >> 8) & 0xff); - md[2] = (unsigned char)(counter & 0xff); - if (!EVP_DigestInit_ex(mctx, evpmd, NULL) - || !EVP_DigestUpdate(mctx, seed, seedlen) - || !EVP_DigestUpdate(mctx, ggen, sizeof(ggen)) - || !EVP_DigestUpdate(mctx, md, 3) - || !EVP_DigestFinal_ex(mctx, md, NULL) - || (BN_bin2bn(md, mdsize, tmp) == NULL) - || !BN_mod_exp_mont(g, tmp, e, p, ctx, mont)) - break; /* exit on failure */ - /* - * A.2.3 Step (10) - * A.2.4 Step (12) - * Found a value for g if (g >= 2) - */ - if (BN_cmp(g, BN_value_one()) > 0) { - ret = 1; - break; /* found g */ - } - } - EVP_MD_CTX_free(mctx); - return ret; -} - -/* Generation of p is the same for FIPS 186-4 & FIPS 186-2 */ -static int generate_p(BN_CTX *ctx, const EVP_MD *evpmd, int max_counter, int n, - unsigned char *buf, size_t buf_len, const BIGNUM *q, - BIGNUM *p, int L, BN_GENCB *cb, int *counter, - int *res) -{ - int ret = -1; - int i, j, k, r; - unsigned char md[EVP_MAX_MD_SIZE]; - int mdsize; - BIGNUM *W, *X, *tmp, *c, *test; - - BN_CTX_start(ctx); - W = BN_CTX_get(ctx); - X = BN_CTX_get(ctx); - c = BN_CTX_get(ctx); - test = BN_CTX_get(ctx); - tmp = BN_CTX_get(ctx); - if (tmp == NULL) - goto err; - - if (!BN_lshift(test, BN_value_one(), L - 1)) - goto err; - - mdsize = EVP_MD_get_size(evpmd); - if (mdsize <= 0) - goto err; - - /* A.1.1.2 Step (10) AND - * A.1.1.2 Step (12) - * offset = 1 (this is handled below) - */ - /* - * A.1.1.2 Step (11) AND - * A.1.1.3 Step (13) - */ - for (i = 0; i <= max_counter; i++) { - if ((i != 0) && !BN_GENCB_call(cb, 0, i)) - goto err; - - BN_zero(W); - /* seed_tmp buffer contains "seed + offset - 1" */ - for (j = 0; j <= n; j++) { - /* obtain "seed + offset + j" by incrementing by 1: */ - for (k = (int)buf_len - 1; k >= 0; k--) { - buf[k]++; - if (buf[k] != 0) - break; - } - /* - * A.1.1.2 Step (11.1) AND - * A.1.1.3 Step (13.1) - * tmp = V(j) = Hash((seed + offset + j) % 2^seedlen) - */ - if (!EVP_Digest(buf, buf_len, md, NULL, evpmd, NULL) - || (BN_bin2bn(md, mdsize, tmp) == NULL) - /* - * A.1.1.2 Step (11.2) - * A.1.1.3 Step (13.2) - * W += V(j) * 2^(outlen * j) - */ - || !BN_lshift(tmp, tmp, (mdsize << 3) * j) - || !BN_add(W, W, tmp)) - goto err; - } - - /* - * A.1.1.2 Step (11.3) AND - * A.1.1.3 Step (13.3) - * X = W + 2^(L-1) where W < 2^(L-1) - */ - if (!BN_mask_bits(W, L - 1) - || !BN_copy(X, W) - || !BN_add(X, X, test) - /* - * A.1.1.2 Step (11.4) AND - * A.1.1.3 Step (13.4) - * c = X mod 2q - */ - || !BN_lshift1(tmp, q) - || !BN_mod(c, X, tmp, ctx) - /* - * A.1.1.2 Step (11.5) AND - * A.1.1.3 Step (13.5) - * p = X - (c - 1) - */ - || !BN_sub(tmp, c, BN_value_one()) - || !BN_sub(p, X, tmp)) - goto err; - - /* - * A.1.1.2 Step (11.6) AND - * A.1.1.3 Step (13.6) - * if (p < 2 ^ (L-1)) continue - * This makes sure the top bit is set. - */ - if (BN_cmp(p, test) >= 0) { - /* - * A.1.1.2 Step (11.7) AND - * A.1.1.3 Step (13.7) - * Test if p is prime - * (This also makes sure the bottom bit is set) - */ - r = BN_check_prime(p, ctx, cb); - /* A.1.1.2 Step (11.8) : Return if p is prime */ - if (r > 0) { - *counter = i; - ret = 1; /* return success */ - goto err; - } - if (r != 0) - goto err; - } - /* Step (11.9) : offset = offset + n + 1 is done auto-magically */ - } - /* No prime P found */ - ret = 0; - *res |= FFC_CHECK_P_NOT_PRIME; -err: - BN_CTX_end(ctx); - return ret; -} - -static int generate_q_fips186_4(BN_CTX *ctx, BIGNUM *q, const EVP_MD *evpmd, - int qsize, unsigned char *seed, size_t seedlen, - int generate_seed, int *retm, int *res, - BN_GENCB *cb) -{ - int ret = 0, r; - int m = *retm; - unsigned char md[EVP_MAX_MD_SIZE]; - int mdsize = EVP_MD_get_size(evpmd); - unsigned char *pmd; - OSSL_LIB_CTX *libctx = ossl_bn_get_libctx(ctx); - - /* find q */ - for (;;) { - if(!BN_GENCB_call(cb, 0, m++)) - goto err; - - /* A.1.1.2 Step (5) : generate seed with size seed_len */ - if (generate_seed - && RAND_bytes_ex(libctx, seed, seedlen, 0) < 0) - goto err; - /* - * A.1.1.2 Step (6) AND - * A.1.1.3 Step (7) - * U = Hash(seed) % (2^(N-1)) - */ - if (!EVP_Digest(seed, seedlen, md, NULL, evpmd, NULL)) - goto err; - /* Take least significant bits of md */ - if (mdsize > qsize) - pmd = md + mdsize - qsize; - else - pmd = md; - if (mdsize < qsize) - memset(md + mdsize, 0, qsize - mdsize); - - /* - * A.1.1.2 Step (7) AND - * A.1.1.3 Step (8) - * q = U + 2^(N-1) + (1 - U %2) (This sets top and bottom bits) - */ - pmd[0] |= 0x80; - pmd[qsize-1] |= 0x01; - if (!BN_bin2bn(pmd, qsize, q)) - goto err; - - /* - * A.1.1.2 Step (8) AND - * A.1.1.3 Step (9) - * Test if q is prime - */ - r = BN_check_prime(q, ctx, cb); - if (r > 0) { - ret = 1; - goto err; - } - /* - * A.1.1.3 Step (9) : If the provided seed didn't produce a prime q - * return an error. - */ - if (!generate_seed) { - *res |= FFC_CHECK_Q_NOT_PRIME; - goto err; - } - if (r != 0) - goto err; - /* A.1.1.2 Step (9) : if q is not prime, try another q */ - } -err: - *retm = m; - return ret; -} - -static int generate_q_fips186_2(BN_CTX *ctx, BIGNUM *q, const EVP_MD *evpmd, - unsigned char *buf, unsigned char *seed, - size_t qsize, int generate_seed, int *retm, - int *res, BN_GENCB *cb) -{ - unsigned char buf2[EVP_MAX_MD_SIZE]; - unsigned char md[EVP_MAX_MD_SIZE]; - int i, r, ret = 0, m = *retm; - OSSL_LIB_CTX *libctx = ossl_bn_get_libctx(ctx); - - /* find q */ - for (;;) { - /* step 1 */ - if (!BN_GENCB_call(cb, 0, m++)) - goto err; - - if (generate_seed && RAND_bytes_ex(libctx, seed, qsize, 0) <= 0) - goto err; - - memcpy(buf, seed, qsize); - memcpy(buf2, seed, qsize); - - /* precompute "SEED + 1" for step 7: */ - for (i = (int)qsize - 1; i >= 0; i--) { - buf[i]++; - if (buf[i] != 0) - break; - } - - /* step 2 */ - if (!EVP_Digest(seed, qsize, md, NULL, evpmd, NULL)) - goto err; - if (!EVP_Digest(buf, qsize, buf2, NULL, evpmd, NULL)) - goto err; - for (i = 0; i < (int)qsize; i++) - md[i] ^= buf2[i]; - - /* step 3 */ - md[0] |= 0x80; - md[qsize - 1] |= 0x01; - if (!BN_bin2bn(md, (int)qsize, q)) - goto err; - - /* step 4 */ - r = BN_check_prime(q, ctx, cb); - if (r > 0) { - /* Found a prime */ - ret = 1; - goto err; - } - if (r != 0) - goto err; /* Exit if error */ - /* Try another iteration if it wasnt prime - was in old code.. */ - generate_seed = 1; - } -err: - *retm = m; - return ret; -} - -static const char *default_mdname(size_t N) -{ - if (N == 160) - return "SHA1"; - else if (N == 224) - return "SHA-224"; - else if (N == 256) - return "SHA-256"; - return NULL; -} - -/* - * FIPS 186-4 FFC parameter generation (as defined in Appendix A). - * The same code is used for validation (when validate_flags != 0) - * - * The primes p & q are generated/validated using: - * A.1.1.2 Generation of probable primes p & q using approved hash. - * A.1.1.3 Validation of generated probable primes - * - * Generator 'g' has 2 types in FIPS 186-4: - * (1) A.2.1 unverifiable generation of generator g. - * A.2.2 Assurance of the validity of unverifiable generator g. - * (2) A.2.3 Verifiable Canonical Generation of the generator g. - * A.2.4 Validation for Canonical Generation of the generator g. - * - * Notes: - * (1) is only a partial validation of g, The validation of (2) requires - * the seed and index used during generation as input. - * - * params: used to pass in values for generation and validation. - * params->md: is the digest to use, If this value is NULL, then the digest is - * chosen using the value of N. - * params->flags: - * For validation one of: - * -FFC_PARAM_FLAG_VALIDATE_PQ - * -FFC_PARAM_FLAG_VALIDATE_G - * -FFC_PARAM_FLAG_VALIDATE_PQG - * For generation of p & q: - * - This is skipped if p & q are passed in. - * - If the seed is passed in then generation of p & q uses this seed (and if - * this fails an error will occur). - * - Otherwise the seed is generated, and values of p & q are generated and - * the value of seed and counter are optionally returned. - * For the generation of g (after the generation of p, q): - * - If the seed has been generated or passed in and a valid gindex is passed - * in then canonical generation of g is used otherwise unverifiable - * generation of g is chosen. - * For validation of p & q: - * - p, q, and the seed and counter used for generation must be passed in. - * For validation of g: - * - For a partial validation : p, q and g are required. - * - For a canonical validation : the gindex and seed used for generation are - * also required. - * mode: The mode - either FFC_PARAM_MODE_GENERATE or FFC_PARAM_MODE_VERIFY. - * type: The key type - FFC_PARAM_TYPE_DSA or FFC_PARAM_TYPE_DH. - * L: is the size of the prime p in bits (e.g 2048) - * N: is the size of the prime q in bits (e.g 256) - * res: A returned failure reason (One of FFC_CHECK_XXXX), - * or 0 for general failures. - * cb: A callback (can be NULL) that is called during different phases - * - * Returns: - * - FFC_PARAM_RET_STATUS_FAILED: if there was an error, or validation failed. - * - FFC_PARAM_RET_STATUS_SUCCESS if the generation or validation succeeded. - * - FFC_PARAM_RET_STATUS_UNVERIFIABLE_G if the validation of G succeeded, - * but G is unverifiable. - */ -int ossl_ffc_params_FIPS186_4_gen_verify(OSSL_LIB_CTX *libctx, - FFC_PARAMS *params, int mode, int type, - size_t L, size_t N, int *res, - BN_GENCB *cb) -{ - int ok = FFC_PARAM_RET_STATUS_FAILED; - unsigned char *seed = NULL, *seed_tmp = NULL; - int mdsize, counter = 0, pcounter = 0, r = 0; - size_t seedlen = 0; - BIGNUM *tmp, *pm1, *e, *test; - BIGNUM *g = NULL, *q = NULL, *p = NULL; - BN_MONT_CTX *mont = NULL; - int n = 0, m = 0, qsize; - int canonical_g = 0, hret = 0; - BN_CTX *ctx = NULL; - EVP_MD_CTX *mctx = NULL; - EVP_MD *md = NULL; - int verify = (mode == FFC_PARAM_MODE_VERIFY); - unsigned int flags = verify ? params->flags : 0; - const char *def_name; - - *res = 0; - - if (params->mdname != NULL) { - md = EVP_MD_fetch(libctx, params->mdname, params->mdprops); - } else { - if (N == 0) - N = (L >= 2048 ? SHA256_DIGEST_LENGTH : SHA_DIGEST_LENGTH) * 8; - def_name = default_mdname(N); - if (def_name == NULL) { - *res = FFC_CHECK_INVALID_Q_VALUE; - goto err; - } - md = EVP_MD_fetch(libctx, def_name, params->mdprops); - } - if (md == NULL) - goto err; - mdsize = EVP_MD_get_size(md); - if (mdsize <= 0) - goto err; - - if (N == 0) - N = mdsize * 8; - qsize = N >> 3; - - /* - * A.1.1.2 Step (1) AND - * A.1.1.3 Step (3) - * Check that the L,N pair is an acceptable pair. - */ - if (L <= N || !ffc_validate_LN(L, N, type, verify)) { - *res = FFC_CHECK_BAD_LN_PAIR; - goto err; - } - - mctx = EVP_MD_CTX_new(); - if (mctx == NULL) - goto err; - - if ((ctx = BN_CTX_new_ex(libctx)) == NULL) - goto err; - - BN_CTX_start(ctx); - g = BN_CTX_get(ctx); - pm1 = BN_CTX_get(ctx); - e = BN_CTX_get(ctx); - test = BN_CTX_get(ctx); - tmp = BN_CTX_get(ctx); - if (tmp == NULL) - goto err; - - seedlen = params->seedlen; - if (seedlen == 0) - seedlen = (size_t)mdsize; - /* If the seed was passed in - use this value as the seed */ - if (params->seed != NULL) - seed = params->seed; - - if (!verify) { - /* For generation: p & q must both be NULL or NON-NULL */ - if ((params->p == NULL) != (params->q == NULL)) { - *res = FFC_CHECK_INVALID_PQ; - goto err; - } - } else { - /* Validation of p,q requires seed and counter to be valid */ - if ((flags & FFC_PARAM_FLAG_VALIDATE_PQ) != 0) { - if (seed == NULL || params->pcounter < 0) { - *res = FFC_CHECK_MISSING_SEED_OR_COUNTER; - goto err; - } - } - if ((flags & FFC_PARAM_FLAG_VALIDATE_G) != 0) { - /* validation of g also requires g to be set */ - if (params->g == NULL) { - *res = FFC_CHECK_INVALID_G; - goto err; - } - } - } - - /* - * If p & q are passed in and - * validate_flags = 0 then skip the generation of PQ. - * validate_flags = VALIDATE_G then also skip the validation of PQ. - */ - if (params->p != NULL && ((flags & FFC_PARAM_FLAG_VALIDATE_PQ) == 0)) { - /* p and q already exists so only generate g */ - p = params->p; - q = params->q; - goto g_only; - /* otherwise fall thru to validate p & q */ - } - - /* p & q will be used for generation and validation */ - p = BN_CTX_get(ctx); - q = BN_CTX_get(ctx); - if (q == NULL) - goto err; - - /* - * A.1.1.2 Step (2) AND - * A.1.1.3 Step (6) - * Return invalid if seedlen < N - */ - if ((seedlen * 8) < N) { - *res = FFC_CHECK_INVALID_SEED_SIZE; - goto err; - } - - seed_tmp = OPENSSL_malloc(seedlen); - if (seed_tmp == NULL) - goto err; - - if (seed == NULL) { - /* Validation requires the seed to be supplied */ - if (verify) { - *res = FFC_CHECK_MISSING_SEED_OR_COUNTER; - goto err; - } - /* if the seed is not supplied then alloc a seed buffer */ - seed = OPENSSL_malloc(seedlen); - if (seed == NULL) - goto err; - } - - /* A.1.1.2 Step (11): max loop count = 4L - 1 */ - counter = 4 * L - 1; - /* Validation requires the counter to be supplied */ - if (verify) { - /* A.1.1.3 Step (4) : if (counter > (4L -1)) return INVALID */ - if (params->pcounter > counter) { - *res = FFC_CHECK_INVALID_COUNTER; - goto err; - } - counter = params->pcounter; - } - - /* - * A.1.1.2 Step (3) AND - * A.1.1.3 Step (10) - * n = floor(L / hash_outlen) - 1 - */ - n = (L - 1 ) / (mdsize << 3); - - /* Calculate 2^(L-1): Used in step A.1.1.2 Step (11.3) */ - if (!BN_lshift(test, BN_value_one(), L - 1)) - goto err; - - for (;;) { - if (!generate_q_fips186_4(ctx, q, md, qsize, seed, seedlen, - seed != params->seed, &m, res, cb)) - goto err; - /* A.1.1.3 Step (9): Verify that q matches the expected value */ - if (verify && (BN_cmp(q, params->q) != 0)) { - *res = FFC_CHECK_Q_MISMATCH; - goto err; - } - if(!BN_GENCB_call(cb, 2, 0)) - goto err; - if(!BN_GENCB_call(cb, 3, 0)) - goto err; - - memcpy(seed_tmp, seed, seedlen); - r = generate_p(ctx, md, counter, n, seed_tmp, seedlen, q, p, L, - cb, &pcounter, res); - if (r > 0) - break; /* found p */ - if (r < 0) - goto err; - /* - * A.1.1.3 Step (14): - * If we get here we failed to get a p for the given seed. If the - * seed is not random then it needs to fail (as it will always fail). - */ - if (seed == params->seed) { - *res = FFC_CHECK_P_NOT_PRIME; - goto err; - } - } - if(!BN_GENCB_call(cb, 2, 1)) - goto err; - /* - * Gets here if we found p. - * A.1.1.3 Step (14): return error if i != counter OR computed_p != known_p. - */ - if (verify && (pcounter != counter || (BN_cmp(p, params->p) != 0))) - goto err; - - /* If validating p & q only then skip the g validation test */ - if ((flags & FFC_PARAM_FLAG_VALIDATE_PQG) == FFC_PARAM_FLAG_VALIDATE_PQ) - goto pass; -g_only: - if ((mont = BN_MONT_CTX_new()) == NULL) - goto err; - if (!BN_MONT_CTX_set(mont, p, ctx)) - goto err; - - if (((flags & FFC_PARAM_FLAG_VALIDATE_G) != 0) - && !ossl_ffc_params_validate_unverifiable_g(ctx, mont, p, q, params->g, - tmp, res)) - goto err; - - /* - * A.2.1 Step (1) AND - * A.2.3 Step (3) AND - * A.2.4 Step (5) - * e = (p - 1) / q (i.e- Cofactor 'e' is given by p = q * e + 1) - */ - if (!(BN_sub(pm1, p, BN_value_one()) && BN_div(e, NULL, pm1, q, ctx))) - goto err; - - /* Canonical g requires a seed and index to be set */ - if ((seed != NULL) && (params->gindex != FFC_UNVERIFIABLE_GINDEX)) { - canonical_g = 1; - if (!generate_canonical_g(ctx, mont, md, g, tmp, p, e, - params->gindex, seed, seedlen)) { - *res = FFC_CHECK_INVALID_G; - goto err; - } - /* A.2.4 Step (13): Return valid if computed_g == g */ - if (verify && BN_cmp(g, params->g) != 0) { - *res = FFC_CHECK_G_MISMATCH; - goto err; - } - } else if (!verify) { - if (!generate_unverifiable_g(ctx, mont, g, tmp, p, e, pm1, &hret)) - goto err; - } - - if (!BN_GENCB_call(cb, 3, 1)) - goto err; - - if (!verify) { - if (p != params->p) { - BN_free(params->p); - params->p = BN_dup(p); - } - if (q != params->q) { - BN_free(params->q); - params->q = BN_dup(q); - } - if (g != params->g) { - BN_free(params->g); - params->g = BN_dup(g); - } - if (params->p == NULL || params->q == NULL || params->g == NULL) - goto err; - if (!ossl_ffc_params_set_validate_params(params, seed, seedlen, - pcounter)) - goto err; - params->h = hret; - } -pass: - if ((flags & FFC_PARAM_FLAG_VALIDATE_G) != 0 && (canonical_g == 0)) - /* Return for the case where g is partially valid */ - ok = FFC_PARAM_RET_STATUS_UNVERIFIABLE_G; - else - ok = FFC_PARAM_RET_STATUS_SUCCESS; -err: - if (seed != params->seed) - OPENSSL_free(seed); - OPENSSL_free(seed_tmp); - if (ctx != NULL) - BN_CTX_end(ctx); - BN_CTX_free(ctx); - BN_MONT_CTX_free(mont); - EVP_MD_CTX_free(mctx); - EVP_MD_free(md); - return ok; -} - -/* Note this function is only used for verification in fips mode */ -int ossl_ffc_params_FIPS186_2_gen_verify(OSSL_LIB_CTX *libctx, - FFC_PARAMS *params, int mode, int type, - size_t L, size_t N, int *res, - BN_GENCB *cb) -{ - int ok = FFC_PARAM_RET_STATUS_FAILED; - unsigned char seed[SHA256_DIGEST_LENGTH]; - unsigned char buf[SHA256_DIGEST_LENGTH]; - BIGNUM *r0, *test, *tmp, *g = NULL, *q = NULL, *p = NULL; - BN_MONT_CTX *mont = NULL; - EVP_MD *md = NULL; - size_t qsize; - int n = 0, m = 0; - int counter = 0, pcounter = 0, use_random_seed; - int rv; - BN_CTX *ctx = NULL; - int hret = -1; - unsigned char *seed_in = params->seed; - size_t seed_len = params->seedlen; - int verify = (mode == FFC_PARAM_MODE_VERIFY); - unsigned int flags = verify ? params->flags : 0; - const char *def_name; - - *res = 0; - - if (params->mdname != NULL) { - md = EVP_MD_fetch(libctx, params->mdname, params->mdprops); - } else { - if (N == 0) - N = (L >= 2048 ? SHA256_DIGEST_LENGTH : SHA_DIGEST_LENGTH) * 8; - def_name = default_mdname(N); - if (def_name == NULL) { - *res = FFC_CHECK_INVALID_Q_VALUE; - goto err; - } - md = EVP_MD_fetch(libctx, def_name, params->mdprops); - } - if (md == NULL) - goto err; - if (N == 0) - N = EVP_MD_get_size(md) * 8; - qsize = N >> 3; - - /* - * The original spec allowed L = 512 + 64*j (j = 0.. 8) - * https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar2.pdf - * says that 512 can be used for legacy verification. - */ - if (L < 512) { - *res = FFC_CHECK_BAD_LN_PAIR; - goto err; - } - if (qsize != SHA_DIGEST_LENGTH - && qsize != SHA224_DIGEST_LENGTH - && qsize != SHA256_DIGEST_LENGTH) { - /* invalid q size */ - *res = FFC_CHECK_INVALID_Q_VALUE; - goto err; - } - - L = (L + 63) / 64 * 64; - - if (seed_in != NULL) { - if (seed_len < qsize) { - *res = FFC_CHECK_INVALID_SEED_SIZE; - goto err; - } - /* Only consume as much seed as is expected. */ - if (seed_len > qsize) - seed_len = qsize; - memcpy(seed, seed_in, seed_len); - } - - ctx = BN_CTX_new_ex(libctx); - if (ctx == NULL) - goto err; - - BN_CTX_start(ctx); - - r0 = BN_CTX_get(ctx); - g = BN_CTX_get(ctx); - q = BN_CTX_get(ctx); - p = BN_CTX_get(ctx); - tmp = BN_CTX_get(ctx); - test = BN_CTX_get(ctx); - if (test == NULL) - goto err; - - if (!BN_lshift(test, BN_value_one(), L - 1)) - goto err; - - if (!verify) { - /* For generation: p & q must both be NULL or NON-NULL */ - if ((params->p != NULL) != (params->q != NULL)) { - *res = FFC_CHECK_INVALID_PQ; - goto err; - } - } else { - if ((flags & FFC_PARAM_FLAG_VALIDATE_PQ) != 0) { - /* Validation of p,q requires seed and counter to be valid */ - if (seed_in == NULL || params->pcounter < 0) { - *res = FFC_CHECK_MISSING_SEED_OR_COUNTER; - goto err; - } - } - if ((flags & FFC_PARAM_FLAG_VALIDATE_G) != 0) { - /* validation of g also requires g to be set */ - if (params->g == NULL) { - *res = FFC_CHECK_INVALID_G; - goto err; - } - } - } - - if (params->p != NULL && ((flags & FFC_PARAM_FLAG_VALIDATE_PQ) == 0)) { - /* p and q already exists so only generate g */ - p = params->p; - q = params->q; - goto g_only; - /* otherwise fall thru to validate p and q */ - } - - use_random_seed = (seed_in == NULL); - for (;;) { - if (!generate_q_fips186_2(ctx, q, md, buf, seed, qsize, - use_random_seed, &m, res, cb)) - goto err; - - if (!BN_GENCB_call(cb, 2, 0)) - goto err; - if (!BN_GENCB_call(cb, 3, 0)) - goto err; - - /* step 6 */ - n = (L - 1) / 160; - counter = 4 * L - 1; /* Was 4096 */ - /* Validation requires the counter to be supplied */ - if (verify) { - if (params->pcounter > counter) { - *res = FFC_CHECK_INVALID_COUNTER; - goto err; - } - counter = params->pcounter; - } - - rv = generate_p(ctx, md, counter, n, buf, qsize, q, p, L, cb, - &pcounter, res); - if (rv > 0) - break; /* found it */ - if (rv == -1) - goto err; - /* This is what the old code did - probably not a good idea! */ - use_random_seed = 1; - } - - if (!BN_GENCB_call(cb, 2, 1)) - goto err; - - if (verify) { - if (pcounter != counter) { - *res = FFC_CHECK_COUNTER_MISMATCH; - goto err; - } - if (BN_cmp(p, params->p) != 0) { - *res = FFC_CHECK_P_MISMATCH; - goto err; - } - } - /* If validating p & q only then skip the g validation test */ - if ((flags & FFC_PARAM_FLAG_VALIDATE_PQG) == FFC_PARAM_FLAG_VALIDATE_PQ) - goto pass; -g_only: - if ((mont = BN_MONT_CTX_new()) == NULL) - goto err; - if (!BN_MONT_CTX_set(mont, p, ctx)) - goto err; - - if (!verify) { - /* We now need to generate g */ - /* set test = p - 1 */ - if (!BN_sub(test, p, BN_value_one())) - goto err; - /* Set r0 = (p - 1) / q */ - if (!BN_div(r0, NULL, test, q, ctx)) - goto err; - if (!generate_unverifiable_g(ctx, mont, g, tmp, p, r0, test, &hret)) - goto err; - } else if (((flags & FFC_PARAM_FLAG_VALIDATE_G) != 0) - && !ossl_ffc_params_validate_unverifiable_g(ctx, mont, p, q, - params->g, tmp, - res)) { - goto err; - } - - if (!BN_GENCB_call(cb, 3, 1)) - goto err; - - if (!verify) { - if (p != params->p) { - BN_free(params->p); - params->p = BN_dup(p); - } - if (q != params->q) { - BN_free(params->q); - params->q = BN_dup(q); - } - if (g != params->g) { - BN_free(params->g); - params->g = BN_dup(g); - } - if (params->p == NULL || params->q == NULL || params->g == NULL) - goto err; - if (!ossl_ffc_params_set_validate_params(params, seed, qsize, pcounter)) - goto err; - params->h = hret; - } -pass: - if ((flags & FFC_PARAM_FLAG_VALIDATE_G) != 0) - ok = FFC_PARAM_RET_STATUS_UNVERIFIABLE_G; - else - ok = FFC_PARAM_RET_STATUS_SUCCESS; -err: - if (ctx != NULL) - BN_CTX_end(ctx); - BN_CTX_free(ctx); - BN_MONT_CTX_free(mont); - EVP_MD_free(md); - return ok; -} - -int ossl_ffc_params_FIPS186_4_generate(OSSL_LIB_CTX *libctx, FFC_PARAMS *params, - int type, size_t L, size_t N, - int *res, BN_GENCB *cb) -{ - return ossl_ffc_params_FIPS186_4_gen_verify(libctx, params, - FFC_PARAM_MODE_GENERATE, - type, L, N, res, cb); -} - -/* This should no longer be used in FIPS mode */ -int ossl_ffc_params_FIPS186_2_generate(OSSL_LIB_CTX *libctx, FFC_PARAMS *params, - int type, size_t L, size_t N, - int *res, BN_GENCB *cb) -{ - if (!ossl_ffc_params_FIPS186_2_gen_verify(libctx, params, - FFC_PARAM_MODE_GENERATE, - type, L, N, res, cb)) - return 0; - - ossl_ffc_params_enable_flags(params, FFC_PARAM_FLAG_VALIDATE_LEGACY, 1); - return 1; -} diff --git a/crypto/ffc/ffc_params_validate.c b/crypto/ffc/ffc_params_validate.c deleted file mode 100644 index c1b4cf05d200bf1c0c0b297c98d95171a44d50eb..0000000000000000000000000000000000000000 --- a/crypto/ffc/ffc_params_validate.c +++ /dev/null @@ -1,187 +0,0 @@ -/* - * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * Finite Field cryptography (FFC) is used for DSA and DH. - * This file contains methods for validation of FFC parameters. - * It calls the same functions as the generation as the code is very similar. - */ - -#include -#include -#include -#include -#include "internal/ffc.h" - -/* FIPS186-4 A.2.2 Unverifiable partial validation of Generator g */ -int ossl_ffc_params_validate_unverifiable_g(BN_CTX *ctx, BN_MONT_CTX *mont, - const BIGNUM *p, const BIGNUM *q, - const BIGNUM *g, BIGNUM *tmp, - int *ret) -{ - /* - * A.2.2 Step (1) AND - * A.2.4 Step (2) - * Verify that 2 <= g <= (p - 1) - */ - if (BN_cmp(g, BN_value_one()) <= 0 || BN_cmp(g, p) >= 0) { - *ret |= FFC_ERROR_NOT_SUITABLE_GENERATOR; - return 0; - } - - /* - * A.2.2 Step (2) AND - * A.2.4 Step (3) - * Check g^q mod p = 1 - */ - if (!BN_mod_exp_mont(tmp, g, q, p, ctx, mont)) - return 0; - if (BN_cmp(tmp, BN_value_one()) != 0) { - *ret |= FFC_ERROR_NOT_SUITABLE_GENERATOR; - return 0; - } - return 1; -} - -int ossl_ffc_params_FIPS186_4_validate(OSSL_LIB_CTX *libctx, - const FFC_PARAMS *params, int type, - int *res, BN_GENCB *cb) -{ - size_t L, N; - - if (params == NULL || params->p == NULL || params->q == NULL) - return FFC_PARAM_RET_STATUS_FAILED; - - /* A.1.1.3 Step (1..2) : L = len(p), N = len(q) */ - L = BN_num_bits(params->p); - N = BN_num_bits(params->q); - return ossl_ffc_params_FIPS186_4_gen_verify(libctx, (FFC_PARAMS *)params, - FFC_PARAM_MODE_VERIFY, type, - L, N, res, cb); -} - -/* This may be used in FIPS mode to validate deprecated FIPS-186-2 Params */ -int ossl_ffc_params_FIPS186_2_validate(OSSL_LIB_CTX *libctx, - const FFC_PARAMS *params, int type, - int *res, BN_GENCB *cb) -{ - size_t L, N; - - if (params == NULL || params->p == NULL || params->q == NULL) { - *res = FFC_CHECK_INVALID_PQ; - return FFC_PARAM_RET_STATUS_FAILED; - } - - /* A.1.1.3 Step (1..2) : L = len(p), N = len(q) */ - L = BN_num_bits(params->p); - N = BN_num_bits(params->q); - return ossl_ffc_params_FIPS186_2_gen_verify(libctx, (FFC_PARAMS *)params, - FFC_PARAM_MODE_VERIFY, type, - L, N, res, cb); -} - -/* - * This does a simple check of L and N and partial g. - * It makes no attempt to do a full validation of p, q or g since these require - * extra parameters such as the digest and seed, which may not be available for - * this test. - */ -int ossl_ffc_params_simple_validate(OSSL_LIB_CTX *libctx, const FFC_PARAMS *params, - int paramstype, int *res) -{ - int ret; - int tmpres = 0; - FFC_PARAMS tmpparams = {0}; - - if (params == NULL) - return 0; - - if (res == NULL) - res = &tmpres; - - if (!ossl_ffc_params_copy(&tmpparams, params)) - return 0; - - tmpparams.flags = FFC_PARAM_FLAG_VALIDATE_G; - tmpparams.gindex = FFC_UNVERIFIABLE_GINDEX; - -#ifndef FIPS_MODULE - if (params->flags & FFC_PARAM_FLAG_VALIDATE_LEGACY) - ret = ossl_ffc_params_FIPS186_2_validate(libctx, &tmpparams, paramstype, - res, NULL); - else -#endif - ret = ossl_ffc_params_FIPS186_4_validate(libctx, &tmpparams, paramstype, - res, NULL); -#ifndef OPENSSL_NO_DH - if (ret == FFC_PARAM_RET_STATUS_FAILED - && (*res & FFC_ERROR_NOT_SUITABLE_GENERATOR) != 0) { - ERR_raise(ERR_LIB_DH, DH_R_NOT_SUITABLE_GENERATOR); - } -#endif - - ossl_ffc_params_cleanup(&tmpparams); - - return ret != FFC_PARAM_RET_STATUS_FAILED; -} - -/* - * If possible (or always in FIPS_MODULE) do full FIPS 186-4 validation. - * Otherwise do simple check but in addition also check the primality of the - * p and q. - */ -int ossl_ffc_params_full_validate(OSSL_LIB_CTX *libctx, const FFC_PARAMS *params, - int paramstype, int *res) -{ - int tmpres = 0; - - if (params == NULL) - return 0; - - if (res == NULL) - res = &tmpres; - -#ifdef FIPS_MODULE - return ossl_ffc_params_FIPS186_4_validate(libctx, params, paramstype, - res, NULL); -#else - if (params->seed != NULL) { - if (params->flags & FFC_PARAM_FLAG_VALIDATE_LEGACY) - return ossl_ffc_params_FIPS186_2_validate(libctx, params, paramstype, - res, NULL); - else - return ossl_ffc_params_FIPS186_4_validate(libctx, params, paramstype, - res, NULL); - } else { - int ret = 0; - - ret = ossl_ffc_params_simple_validate(libctx, params, paramstype, res); - if (ret) { - BN_CTX *ctx; - - if ((ctx = BN_CTX_new_ex(libctx)) == NULL) - return 0; - if (BN_check_prime(params->q, ctx, NULL) != 1) { -# ifndef OPENSSL_NO_DSA - ERR_raise(ERR_LIB_DSA, DSA_R_Q_NOT_PRIME); -# endif - ret = 0; - } - if (ret && BN_check_prime(params->p, ctx, NULL) != 1) { -# ifndef OPENSSL_NO_DSA - ERR_raise(ERR_LIB_DSA, DSA_R_P_NOT_PRIME); -# endif - ret = 0; - } - BN_CTX_free(ctx); - } - return ret; - } -#endif -} diff --git a/crypto/getenv.c b/crypto/getenv.c deleted file mode 100644 index e79b6cc1618f43728b0bab18d36aa23de4fa5fcd..0000000000000000000000000000000000000000 --- a/crypto/getenv.c +++ /dev/null @@ -1,103 +0,0 @@ -/* - * Copyright 2018-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#ifndef _GNU_SOURCE -# define _GNU_SOURCE -#endif - -#include -#include "internal/cryptlib.h" -#include "e_os.h" - -char *ossl_safe_getenv(const char *name) -{ -#if defined(_WIN32) && defined(CP_UTF8) && !defined(_WIN32_WCE) - if (GetEnvironmentVariableW(L"OPENSSL_WIN32_UTF8", NULL, 0) != 0) { - char *val = NULL; - int vallen = 0; - WCHAR *namew = NULL; - WCHAR *valw = NULL; - DWORD envlen = 0; - DWORD dwFlags = MB_ERR_INVALID_CHARS; - int rsize, fsize; - UINT curacp; - - curacp = GetACP(); - - /* - * For the code pages listed below, dwFlags must be set to 0. - * Otherwise, the function fails with ERROR_INVALID_FLAGS. - */ - if (curacp == 50220 || curacp == 50221 || curacp == 50222 || - curacp == 50225 || curacp == 50227 || curacp == 50229 || - (57002 <= curacp && curacp <=57011) || curacp == 65000 || - curacp == 42) - dwFlags = 0; - - /* query for buffer len */ - rsize = MultiByteToWideChar(curacp, dwFlags, name, -1, NULL, 0); - /* if name is valid string and can be converted to wide string */ - if (rsize > 0) - namew = _malloca(rsize * sizeof(WCHAR)); - - if (NULL != namew) { - /* convert name to wide string */ - fsize = MultiByteToWideChar(curacp, dwFlags, name, -1, namew, rsize); - /* if conversion is ok, then determine value string size in wchars */ - if (fsize > 0) - envlen = GetEnvironmentVariableW(namew, NULL, 0); - } - - if (envlen > 0) - valw = _malloca(envlen * sizeof(WCHAR)); - - if (NULL != valw) { - /* if can get env value as wide string */ - if (GetEnvironmentVariableW(namew, valw, envlen) < envlen) { - /* determine value string size in utf-8 */ - vallen = WideCharToMultiByte(CP_UTF8, 0, valw, -1, NULL, 0, - NULL, NULL); - } - } - - if (vallen > 0) - val = OPENSSL_malloc(vallen); - - if (NULL != val) { - /* convert value string from wide to utf-8 */ - if (WideCharToMultiByte(CP_UTF8, 0, valw, -1, val, vallen, - NULL, NULL) == 0) { - OPENSSL_free(val); - val = NULL; - } - } - - if (NULL != namew) - _freea(namew); - - if (NULL != valw) - _freea(valw); - - return val; - } -#endif - -#if defined(__GLIBC__) && defined(__GLIBC_PREREQ) -# if __GLIBC_PREREQ(2, 17) -# define SECURE_GETENV - return secure_getenv(name); -# endif -#endif - -#ifndef SECURE_GETENV - if (OPENSSL_issetugid()) - return NULL; - return getenv(name); -#endif -} diff --git a/crypto/hmac/build.info b/crypto/hmac/build.info deleted file mode 100644 index b828ab122e49cd16d085a0ada9bd42a4f96d117f..0000000000000000000000000000000000000000 --- a/crypto/hmac/build.info +++ /dev/null @@ -1,6 +0,0 @@ -LIBS=../../libcrypto - -$COMMON=hmac.c - -SOURCE[../../libcrypto]=$COMMON -SOURCE[../../providers/libfips.a]=$COMMON diff --git a/crypto/hmac/hmac.c b/crypto/hmac/hmac.c deleted file mode 100644 index 940d867ca6525082514e1a5519d57231c6bb8418..0000000000000000000000000000000000000000 --- a/crypto/hmac/hmac.c +++ /dev/null @@ -1,250 +0,0 @@ -/* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * HMAC low level APIs are deprecated for public use, but still ok for internal - * use. - */ -#include "internal/deprecated.h" - -#include -#include -#include -#include "internal/cryptlib.h" -#include -#include -#include -#include "hmac_local.h" - -int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, - const EVP_MD *md, ENGINE *impl) -{ - int rv = 0, reset = 0; - int i, j; - unsigned char pad[HMAC_MAX_MD_CBLOCK_SIZE]; - unsigned int keytmp_length; - unsigned char keytmp[HMAC_MAX_MD_CBLOCK_SIZE]; - - /* If we are changing MD then we must have a key */ - if (md != NULL && md != ctx->md && (key == NULL || len < 0)) - return 0; - - if (md != NULL) - ctx->md = md; - else if (ctx->md != NULL) - md = ctx->md; - else - return 0; - - /* - * The HMAC construction is not allowed to be used with the - * extendable-output functions (XOF) shake128 and shake256. - */ - if ((EVP_MD_get_flags(md) & EVP_MD_FLAG_XOF) != 0) - return 0; - - if (key != NULL) { - reset = 1; - - j = EVP_MD_get_block_size(md); - if (!ossl_assert(j <= (int)sizeof(keytmp))) - return 0; - if (j < 0) - return 0; - if (j < len) { - if (!EVP_DigestInit_ex(ctx->md_ctx, md, impl) - || !EVP_DigestUpdate(ctx->md_ctx, key, len) - || !EVP_DigestFinal_ex(ctx->md_ctx, keytmp, - &keytmp_length)) - return 0; - } else { - if (len < 0 || len > (int)sizeof(keytmp)) - return 0; - memcpy(keytmp, key, len); - keytmp_length = len; - } - if (keytmp_length != HMAC_MAX_MD_CBLOCK_SIZE) - memset(&keytmp[keytmp_length], 0, - HMAC_MAX_MD_CBLOCK_SIZE - keytmp_length); - - for (i = 0; i < HMAC_MAX_MD_CBLOCK_SIZE; i++) - pad[i] = 0x36 ^ keytmp[i]; - if (!EVP_DigestInit_ex(ctx->i_ctx, md, impl) - || !EVP_DigestUpdate(ctx->i_ctx, pad, - EVP_MD_get_block_size(md))) - goto err; - - for (i = 0; i < HMAC_MAX_MD_CBLOCK_SIZE; i++) - pad[i] = 0x5c ^ keytmp[i]; - if (!EVP_DigestInit_ex(ctx->o_ctx, md, impl) - || !EVP_DigestUpdate(ctx->o_ctx, pad, - EVP_MD_get_block_size(md))) - goto err; - } - if (!EVP_MD_CTX_copy_ex(ctx->md_ctx, ctx->i_ctx)) - goto err; - rv = 1; - err: - if (reset) { - OPENSSL_cleanse(keytmp, sizeof(keytmp)); - OPENSSL_cleanse(pad, sizeof(pad)); - } - return rv; -} - -#ifndef OPENSSL_NO_DEPRECATED_1_1_0 -int HMAC_Init(HMAC_CTX *ctx, const void *key, int len, const EVP_MD *md) -{ - if (key && md) - HMAC_CTX_reset(ctx); - return HMAC_Init_ex(ctx, key, len, md, NULL); -} -#endif - -int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len) -{ - if (!ctx->md) - return 0; - return EVP_DigestUpdate(ctx->md_ctx, data, len); -} - -int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len) -{ - unsigned int i; - unsigned char buf[EVP_MAX_MD_SIZE]; - - if (!ctx->md) - goto err; - - if (!EVP_DigestFinal_ex(ctx->md_ctx, buf, &i)) - goto err; - if (!EVP_MD_CTX_copy_ex(ctx->md_ctx, ctx->o_ctx)) - goto err; - if (!EVP_DigestUpdate(ctx->md_ctx, buf, i)) - goto err; - if (!EVP_DigestFinal_ex(ctx->md_ctx, md, len)) - goto err; - return 1; - err: - return 0; -} - -size_t HMAC_size(const HMAC_CTX *ctx) -{ - int size = EVP_MD_get_size((ctx)->md); - - return (size < 0) ? 0 : size; -} - -HMAC_CTX *HMAC_CTX_new(void) -{ - HMAC_CTX *ctx = OPENSSL_zalloc(sizeof(HMAC_CTX)); - - if (ctx != NULL) { - if (!HMAC_CTX_reset(ctx)) { - HMAC_CTX_free(ctx); - return NULL; - } - } - return ctx; -} - -static void hmac_ctx_cleanup(HMAC_CTX *ctx) -{ - EVP_MD_CTX_reset(ctx->i_ctx); - EVP_MD_CTX_reset(ctx->o_ctx); - EVP_MD_CTX_reset(ctx->md_ctx); - ctx->md = NULL; -} - -void HMAC_CTX_free(HMAC_CTX *ctx) -{ - if (ctx != NULL) { - hmac_ctx_cleanup(ctx); - EVP_MD_CTX_free(ctx->i_ctx); - EVP_MD_CTX_free(ctx->o_ctx); - EVP_MD_CTX_free(ctx->md_ctx); - OPENSSL_free(ctx); - } -} - -static int hmac_ctx_alloc_mds(HMAC_CTX *ctx) -{ - if (ctx->i_ctx == NULL) - ctx->i_ctx = EVP_MD_CTX_new(); - if (ctx->i_ctx == NULL) - return 0; - if (ctx->o_ctx == NULL) - ctx->o_ctx = EVP_MD_CTX_new(); - if (ctx->o_ctx == NULL) - return 0; - if (ctx->md_ctx == NULL) - ctx->md_ctx = EVP_MD_CTX_new(); - if (ctx->md_ctx == NULL) - return 0; - return 1; -} - -int HMAC_CTX_reset(HMAC_CTX *ctx) -{ - hmac_ctx_cleanup(ctx); - if (!hmac_ctx_alloc_mds(ctx)) { - hmac_ctx_cleanup(ctx); - return 0; - } - return 1; -} - -int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx) -{ - if (!hmac_ctx_alloc_mds(dctx)) - goto err; - if (!EVP_MD_CTX_copy_ex(dctx->i_ctx, sctx->i_ctx)) - goto err; - if (!EVP_MD_CTX_copy_ex(dctx->o_ctx, sctx->o_ctx)) - goto err; - if (!EVP_MD_CTX_copy_ex(dctx->md_ctx, sctx->md_ctx)) - goto err; - dctx->md = sctx->md; - return 1; - err: - hmac_ctx_cleanup(dctx); - return 0; -} - -unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len, - const unsigned char *data, size_t data_len, - unsigned char *md, unsigned int *md_len) -{ - static unsigned char static_md[EVP_MAX_MD_SIZE]; - int size = EVP_MD_get_size(evp_md); - size_t temp_md_len = 0; - unsigned char *ret = NULL; - - if (size >= 0) { - ret = EVP_Q_mac(NULL, "HMAC", NULL, EVP_MD_get0_name(evp_md), NULL, - key, key_len, data, data_len, - md == NULL ? static_md : md, size, &temp_md_len); - if (md_len != NULL) - *md_len = (unsigned int)temp_md_len; - } - return ret; -} - -void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags) -{ - EVP_MD_CTX_set_flags(ctx->i_ctx, flags); - EVP_MD_CTX_set_flags(ctx->o_ctx, flags); - EVP_MD_CTX_set_flags(ctx->md_ctx, flags); -} - -const EVP_MD *HMAC_CTX_get_md(const HMAC_CTX *ctx) -{ - return ctx->md; -} diff --git a/crypto/hmac/hmac_local.h b/crypto/hmac/hmac_local.h deleted file mode 100644 index 495b8593ffc6951103c38846bdd2a47265a8769a..0000000000000000000000000000000000000000 --- a/crypto/hmac/hmac_local.h +++ /dev/null @@ -1,23 +0,0 @@ -/* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#ifndef OSSL_CRYPTO_HMAC_LOCAL_H -# define OSSL_CRYPTO_HMAC_LOCAL_H - -/* The current largest case is for SHA3-224 */ -#define HMAC_MAX_MD_CBLOCK_SIZE 144 - -struct hmac_ctx_st { - const EVP_MD *md; - EVP_MD_CTX *md_ctx; - EVP_MD_CTX *i_ctx; - EVP_MD_CTX *o_ctx; -}; - -#endif diff --git a/crypto/http/build.info b/crypto/http/build.info deleted file mode 100644 index b4626b13de7f961b7f66dadf53265258a2e7db9c..0000000000000000000000000000000000000000 --- a/crypto/http/build.info +++ /dev/null @@ -1,2 +0,0 @@ -LIBS=../../libcrypto -SOURCE[../../libcrypto]=http_client.c http_err.c http_lib.c diff --git a/crypto/http/http_client.c b/crypto/http/http_client.c deleted file mode 100644 index 0d62f1c7bf16f49cd0e4ca4e410d81e1e0e01846..0000000000000000000000000000000000000000 --- a/crypto/http/http_client.c +++ /dev/null @@ -1,1422 +0,0 @@ -/* - * Copyright 2001-2022 The OpenSSL Project Authors. All Rights Reserved. - * Copyright Siemens AG 2018-2020 - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include "e_os.h" -#include -#include -#include "crypto/ctype.h" -#include -#include -#include -#include -#include -#include -#include -#include -#include "internal/sockets.h" -#include "internal/cryptlib.h" /* for ossl_assert() */ - -#define HAS_PREFIX(str, prefix) (strncmp(str, prefix, sizeof(prefix) - 1) == 0) -#define HTTP_PREFIX "HTTP/" -#define HTTP_VERSION_PATT "1." /* allow 1.x */ -#define HTTP_VERSION_STR_LEN sizeof(HTTP_VERSION_PATT) /* == strlen("1.0") */ -#define HTTP_PREFIX_VERSION HTTP_PREFIX""HTTP_VERSION_PATT -#define HTTP_1_0 HTTP_PREFIX_VERSION"0" /* "HTTP/1.0" */ -#define HTTP_LINE1_MINLEN (sizeof(HTTP_PREFIX_VERSION "x 200\n") - 1) -#define HTTP_VERSION_MAX_REDIRECTIONS 50 - -#define HTTP_STATUS_CODE_OK 200 -#define HTTP_STATUS_CODE_MOVED_PERMANENTLY 301 -#define HTTP_STATUS_CODE_FOUND 302 - -/* Stateful HTTP request code, supporting blocking and non-blocking I/O */ - -/* Opaque HTTP request status structure */ - -struct ossl_http_req_ctx_st { - int state; /* Current I/O state */ - unsigned char *buf; /* Buffer to write request or read response */ - int buf_size; /* Buffer size */ - int free_wbio; /* wbio allocated internally, free with ctx */ - BIO *wbio; /* BIO to write/send request to */ - BIO *rbio; /* BIO to read/receive response from */ - OSSL_HTTP_bio_cb_t upd_fn; /* Optional BIO update callback used for TLS */ - void *upd_arg; /* Optional arg for update callback function */ - int use_ssl; /* Use HTTPS */ - char *proxy; /* Optional proxy name or URI */ - char *server; /* Optional server host name */ - char *port; /* Optional server port */ - BIO *mem; /* Mem BIO holding request header or response */ - BIO *req; /* BIO holding the request provided by caller */ - int method_POST; /* HTTP method is POST (else GET) */ - char *expected_ct; /* Optional expected Content-Type */ - int expect_asn1; /* Response must be ASN.1-encoded */ - unsigned char *pos; /* Current position sending data */ - long len_to_send; /* Number of bytes still to send */ - size_t resp_len; /* Length of response */ - size_t max_resp_len; /* Maximum length of response, or 0 */ - int keep_alive; /* Persistent conn. 0=no, 1=prefer, 2=require */ - time_t max_time; /* Maximum end time of current transfer, or 0 */ - time_t max_total_time; /* Maximum end time of total transfer, or 0 */ - char *redirection_url; /* Location obtained from HTTP status 301/302 */ -}; - -/* HTTP states */ - -#define OHS_NOREAD 0x1000 /* If set no reading should be performed */ -#define OHS_ERROR (0 | OHS_NOREAD) /* Error condition */ -#define OHS_ADD_HEADERS (1 | OHS_NOREAD) /* Adding header lines to request */ -#define OHS_WRITE_INIT (2 | OHS_NOREAD) /* 1st call: ready to start send */ -#define OHS_WRITE_HDR (3 | OHS_NOREAD) /* Request header being sent */ -#define OHS_WRITE_REQ (4 | OHS_NOREAD) /* Request contents being sent */ -#define OHS_FLUSH (5 | OHS_NOREAD) /* Request being flushed */ -#define OHS_FIRSTLINE 1 /* First line of response being read */ -#define OHS_HEADERS 2 /* MIME headers of response being read */ -#define OHS_REDIRECT 3 /* MIME headers being read, expecting Location */ -#define OHS_ASN1_HEADER 4 /* ASN1 sequence header (tag+length) being read */ -#define OHS_ASN1_CONTENT 5 /* ASN1 content octets being read */ -#define OHS_ASN1_DONE (6 | OHS_NOREAD) /* ASN1 content read completed */ -#define OHS_STREAM (7 | OHS_NOREAD) /* HTTP content stream to be read */ - -/* Low-level HTTP API implementation */ - -OSSL_HTTP_REQ_CTX *OSSL_HTTP_REQ_CTX_new(BIO *wbio, BIO *rbio, int buf_size) -{ - OSSL_HTTP_REQ_CTX *rctx; - - if (wbio == NULL || rbio == NULL) { - ERR_raise(ERR_LIB_HTTP, ERR_R_PASSED_NULL_PARAMETER); - return NULL; - } - - if ((rctx = OPENSSL_zalloc(sizeof(*rctx))) == NULL) - return NULL; - rctx->state = OHS_ERROR; - rctx->buf_size = buf_size > 0 ? buf_size : OSSL_HTTP_DEFAULT_MAX_LINE_LEN; - rctx->buf = OPENSSL_malloc(rctx->buf_size); - rctx->wbio = wbio; - rctx->rbio = rbio; - if (rctx->buf == NULL) { - OPENSSL_free(rctx); - return NULL; - } - rctx->max_resp_len = OSSL_HTTP_DEFAULT_MAX_RESP_LEN; - /* everything else is 0, e.g. rctx->len_to_send, or NULL, e.g. rctx->mem */ - return rctx; -} - -void OSSL_HTTP_REQ_CTX_free(OSSL_HTTP_REQ_CTX *rctx) -{ - if (rctx == NULL) - return; - /* - * Use BIO_free_all() because bio_update_fn may prepend or append to cbio. - * This also frees any (e.g., SSL/TLS) BIOs linked with bio and, - * like BIO_reset(bio), calls SSL_shutdown() to notify/alert the peer. - */ - if (rctx->free_wbio) - BIO_free_all(rctx->wbio); - /* do not free rctx->rbio */ - BIO_free(rctx->mem); - BIO_free(rctx->req); - OPENSSL_free(rctx->buf); - OPENSSL_free(rctx->proxy); - OPENSSL_free(rctx->server); - OPENSSL_free(rctx->port); - OPENSSL_free(rctx->expected_ct); - OPENSSL_free(rctx); -} - -BIO *OSSL_HTTP_REQ_CTX_get0_mem_bio(const OSSL_HTTP_REQ_CTX *rctx) -{ - if (rctx == NULL) { - ERR_raise(ERR_LIB_HTTP, ERR_R_PASSED_NULL_PARAMETER); - return NULL; - } - return rctx->mem; -} - -size_t OSSL_HTTP_REQ_CTX_get_resp_len(const OSSL_HTTP_REQ_CTX *rctx) -{ - if (rctx == NULL) { - ERR_raise(ERR_LIB_HTTP, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - return rctx->resp_len; -} - -void OSSL_HTTP_REQ_CTX_set_max_response_length(OSSL_HTTP_REQ_CTX *rctx, - unsigned long len) -{ - if (rctx == NULL) { - ERR_raise(ERR_LIB_HTTP, ERR_R_PASSED_NULL_PARAMETER); - return; - } - rctx->max_resp_len = len != 0 ? (size_t)len : OSSL_HTTP_DEFAULT_MAX_RESP_LEN; -} - -/* - * Create request line using |rctx| and |path| (or "/" in case |path| is NULL). - * Server name (and port) must be given if and only if plain HTTP proxy is used. - */ -int OSSL_HTTP_REQ_CTX_set_request_line(OSSL_HTTP_REQ_CTX *rctx, int method_POST, - const char *server, const char *port, - const char *path) -{ - if (rctx == NULL) { - ERR_raise(ERR_LIB_HTTP, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - BIO_free(rctx->mem); - if ((rctx->mem = BIO_new(BIO_s_mem())) == NULL) - return 0; - - rctx->method_POST = method_POST != 0; - if (BIO_printf(rctx->mem, "%s ", rctx->method_POST ? "POST" : "GET") <= 0) - return 0; - - if (server != NULL) { /* HTTP (but not HTTPS) proxy is used */ - /* - * Section 5.1.2 of RFC 1945 states that the absoluteURI form is only - * allowed when using a proxy - */ - if (BIO_printf(rctx->mem, OSSL_HTTP_PREFIX"%s", server) <= 0) - return 0; - if (port != NULL && BIO_printf(rctx->mem, ":%s", port) <= 0) - return 0; - } - - /* Make sure path includes a forward slash */ - if (path == NULL) - path = "/"; - if (path[0] != '/' && BIO_printf(rctx->mem, "/") <= 0) - return 0; - /* - * Add (the rest of) the path and the HTTP version, - * which is fixed to 1.0 for straightforward implementation of keep-alive - */ - if (BIO_printf(rctx->mem, "%s "HTTP_1_0"\r\n", path) <= 0) - return 0; - - rctx->resp_len = 0; - rctx->state = OHS_ADD_HEADERS; - return 1; -} - -int OSSL_HTTP_REQ_CTX_add1_header(OSSL_HTTP_REQ_CTX *rctx, - const char *name, const char *value) -{ - if (rctx == NULL || name == NULL) { - ERR_raise(ERR_LIB_HTTP, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - if (rctx->mem == NULL) { - ERR_raise(ERR_LIB_HTTP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return 0; - } - - if (BIO_puts(rctx->mem, name) <= 0) - return 0; - if (value != NULL) { - if (BIO_write(rctx->mem, ": ", 2) != 2) - return 0; - if (BIO_puts(rctx->mem, value) <= 0) - return 0; - } - return BIO_write(rctx->mem, "\r\n", 2) == 2; -} - -int OSSL_HTTP_REQ_CTX_set_expected(OSSL_HTTP_REQ_CTX *rctx, - const char *content_type, int asn1, - int timeout, int keep_alive) -{ - if (rctx == NULL) { - ERR_raise(ERR_LIB_HTTP, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - if (keep_alive != 0 - && rctx->state != OHS_ERROR && rctx->state != OHS_ADD_HEADERS) { - /* Cannot anymore set keep-alive in request header */ - ERR_raise(ERR_LIB_HTTP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return 0; - } - - OPENSSL_free(rctx->expected_ct); - rctx->expected_ct = NULL; - if (content_type != NULL - && (rctx->expected_ct = OPENSSL_strdup(content_type)) == NULL) - return 0; - - rctx->expect_asn1 = asn1; - if (timeout >= 0) - rctx->max_time = timeout > 0 ? time(NULL) + timeout : 0; - else /* take over any |overall_timeout| arg of OSSL_HTTP_open(), else 0 */ - rctx->max_time = rctx->max_total_time; - rctx->keep_alive = keep_alive; - return 1; -} - -static int set1_content(OSSL_HTTP_REQ_CTX *rctx, - const char *content_type, BIO *req) -{ - long req_len = 0; -#ifndef OPENSSL_NO_STDIO - FILE *fp = NULL; -#endif - - if (rctx == NULL || (req == NULL && content_type != NULL)) { - ERR_raise(ERR_LIB_HTTP, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - - if (rctx->keep_alive != 0 - && !OSSL_HTTP_REQ_CTX_add1_header(rctx, "Connection", "keep-alive")) - return 0; - - BIO_free(rctx->req); - rctx->req = NULL; - if (req == NULL) - return 1; - if (!rctx->method_POST) { - ERR_raise(ERR_LIB_HTTP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return 0; - } - - if (content_type != NULL - && BIO_printf(rctx->mem, "Content-Type: %s\r\n", content_type) <= 0) - return 0; - - /* - * BIO_CTRL_INFO yields the data length at least for memory BIOs, but for - * file-based BIOs it gives the current position, which is not what we need. - */ - if (BIO_method_type(req) == BIO_TYPE_FILE) { -#ifndef OPENSSL_NO_STDIO - if (BIO_get_fp(req, &fp) == 1 && fseek(fp, 0, SEEK_END) == 0) { - req_len = ftell(fp); - (void)fseek(fp, 0, SEEK_SET); - } else { - fp = NULL; - } -#endif - } else { - req_len = BIO_ctrl(req, BIO_CTRL_INFO, 0, NULL); - /* - * Streaming BIOs likely will not support querying the size at all, - * and we assume we got a correct value if req_len > 0. - */ - } - if (( -#ifndef OPENSSL_NO_STDIO - fp != NULL /* definitely correct req_len */ || -#endif - req_len > 0) - && BIO_printf(rctx->mem, "Content-Length: %ld\r\n", req_len) < 0) - return 0; - - if (!BIO_up_ref(req)) - return 0; - rctx->req = req; - return 1; -} - -int OSSL_HTTP_REQ_CTX_set1_req(OSSL_HTTP_REQ_CTX *rctx, const char *content_type, - const ASN1_ITEM *it, const ASN1_VALUE *req) -{ - BIO *mem = NULL; - int res = 1; - - if (req != NULL) - res = (mem = ASN1_item_i2d_mem_bio(it, req)) != NULL; - res = res && set1_content(rctx, content_type, mem); - BIO_free(mem); - return res; -} - -static int add1_headers(OSSL_HTTP_REQ_CTX *rctx, - const STACK_OF(CONF_VALUE) *headers, const char *host) -{ - int i; - int add_host = host != NULL && *host != '\0'; - CONF_VALUE *hdr; - - for (i = 0; i < sk_CONF_VALUE_num(headers); i++) { - hdr = sk_CONF_VALUE_value(headers, i); - if (add_host && OPENSSL_strcasecmp("host", hdr->name) == 0) - add_host = 0; - if (!OSSL_HTTP_REQ_CTX_add1_header(rctx, hdr->name, hdr->value)) - return 0; - } - - if (add_host && !OSSL_HTTP_REQ_CTX_add1_header(rctx, "Host", host)) - return 0; - return 1; -} - -/* Create OSSL_HTTP_REQ_CTX structure using the values provided. */ -static OSSL_HTTP_REQ_CTX *http_req_ctx_new(int free_wbio, BIO *wbio, BIO *rbio, - OSSL_HTTP_bio_cb_t bio_update_fn, - void *arg, int use_ssl, - const char *proxy, - const char *server, const char *port, - int buf_size, int overall_timeout) -{ - OSSL_HTTP_REQ_CTX *rctx = OSSL_HTTP_REQ_CTX_new(wbio, rbio, buf_size); - - if (rctx == NULL) - return NULL; - rctx->free_wbio = free_wbio; - rctx->upd_fn = bio_update_fn; - rctx->upd_arg = arg; - rctx->use_ssl = use_ssl; - if (proxy != NULL - && (rctx->proxy = OPENSSL_strdup(proxy)) == NULL) - goto err; - if (server != NULL - && (rctx->server = OPENSSL_strdup(server)) == NULL) - goto err; - if (port != NULL - && (rctx->port = OPENSSL_strdup(port)) == NULL) - goto err; - rctx->max_total_time = - overall_timeout > 0 ? time(NULL) + overall_timeout : 0; - return rctx; - - err: - OSSL_HTTP_REQ_CTX_free(rctx); - return NULL; -} - -/* - * Parse first HTTP response line. This should be like this: "HTTP/1.0 200 OK". - * We need to obtain the status code and (optional) informational message. - * Return any received HTTP response status code, or 0 on fatal error. - */ - -static int parse_http_line1(char *line, int *found_keep_alive) -{ - int i, retcode, err; - char *code, *reason, *end; - - if (!HAS_PREFIX(line, HTTP_PREFIX_VERSION)) - goto err; - /* above HTTP 1.0, connection persistence is the default */ - *found_keep_alive = line[strlen(HTTP_PREFIX_VERSION)] > '0'; - - /* Skip to first whitespace (past protocol info) */ - for (code = line; *code != '\0' && !ossl_isspace(*code); code++) - continue; - if (*code == '\0') - goto err; - - /* Skip past whitespace to start of response code */ - while (*code != '\0' && ossl_isspace(*code)) - code++; - if (*code == '\0') - goto err; - - /* Find end of response code: first whitespace after start of code */ - for (reason = code; *reason != '\0' && !ossl_isspace(*reason); reason++) - continue; - - if (*reason == '\0') - goto err; - - /* Set end of response code and start of message */ - *reason++ = '\0'; - - /* Attempt to parse numeric code */ - retcode = strtoul(code, &end, 10); - if (*end != '\0') - goto err; - - /* Skip over any leading whitespace in message */ - while (*reason != '\0' && ossl_isspace(*reason)) - reason++; - - if (*reason != '\0') { - /* - * Finally zap any trailing whitespace in message (include CRLF) - */ - - /* chop any trailing whitespace from reason */ - /* We know reason has a non-whitespace character so this is OK */ - for (end = reason + strlen(reason) - 1; ossl_isspace(*end); end--) - *end = '\0'; - } - - switch (retcode) { - case HTTP_STATUS_CODE_OK: - case HTTP_STATUS_CODE_MOVED_PERMANENTLY: - case HTTP_STATUS_CODE_FOUND: - return retcode; - default: - err = HTTP_R_RECEIVED_ERROR; - if (retcode < 400) - err = HTTP_R_STATUS_CODE_UNSUPPORTED; - if (*reason == '\0') - ERR_raise_data(ERR_LIB_HTTP, err, "code=%s", code); - else - ERR_raise_data(ERR_LIB_HTTP, err, "code=%s, reason=%s", code, - reason); - return retcode; - } - - err: - for (i = 0; i < 60 && line[i] != '\0'; i++) - if (!ossl_isprint(line[i])) - line[i] = ' '; - line[i] = '\0'; - ERR_raise_data(ERR_LIB_HTTP, HTTP_R_HEADER_PARSE_ERROR, "content=%s", line); - return 0; -} - -static int check_set_resp_len(OSSL_HTTP_REQ_CTX *rctx, size_t len) -{ - if (rctx->max_resp_len != 0 && len > rctx->max_resp_len) - ERR_raise_data(ERR_LIB_HTTP, HTTP_R_MAX_RESP_LEN_EXCEEDED, - "length=%zu, max=%zu", len, rctx->max_resp_len); - if (rctx->resp_len != 0 && rctx->resp_len != len) - ERR_raise_data(ERR_LIB_HTTP, HTTP_R_INCONSISTENT_CONTENT_LENGTH, - "ASN.1 length=%zu, Content-Length=%zu", - len, rctx->resp_len); - rctx->resp_len = len; - return 1; -} - -static int may_still_retry(time_t max_time, int *ptimeout) -{ - time_t time_diff, now = time(NULL); - - if (max_time != 0) { - if (max_time < now) { - ERR_raise(ERR_LIB_HTTP, HTTP_R_RETRY_TIMEOUT); - return 0; - } - time_diff = max_time - now; - *ptimeout = time_diff > INT_MAX ? INT_MAX : (int)time_diff; - } - return 1; -} - -/* - * Try exchanging request and response via HTTP on (non-)blocking BIO in rctx. - * Returns 1 on success, 0 on error or redirection, -1 on BIO_should_retry. - */ -int OSSL_HTTP_REQ_CTX_nbio(OSSL_HTTP_REQ_CTX *rctx) -{ - int i, found_expected_ct = 0, found_keep_alive = 0; - long n; - size_t resp_len; - const unsigned char *p; - char *buf, *key, *value, *line_end = NULL; - - if (rctx == NULL) { - ERR_raise(ERR_LIB_HTTP, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - if (rctx->mem == NULL || rctx->wbio == NULL || rctx->rbio == NULL) { - ERR_raise(ERR_LIB_HTTP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return 0; - } - - rctx->redirection_url = NULL; - next_io: - buf = (char *)rctx->buf; - if ((rctx->state & OHS_NOREAD) == 0) { - if (rctx->expect_asn1) { - n = BIO_read(rctx->rbio, rctx->buf, rctx->buf_size); - } else { - (void)ERR_set_mark(); - n = BIO_gets(rctx->rbio, buf, rctx->buf_size); - if (n == -2) { /* unsupported method */ - (void)ERR_pop_to_mark(); - n = BIO_get_line(rctx->rbio, buf, rctx->buf_size); - } else { - (void)ERR_clear_last_mark(); - } - } - if (n <= 0) { - if (BIO_should_retry(rctx->rbio)) - return -1; - ERR_raise(ERR_LIB_HTTP, HTTP_R_FAILED_READING_DATA); - return 0; - } - - /* Write data to memory BIO */ - if (BIO_write(rctx->mem, rctx->buf, n) != n) - return 0; - } - - switch (rctx->state) { - case OHS_ADD_HEADERS: - /* Last operation was adding headers: need a final \r\n */ - if (BIO_write(rctx->mem, "\r\n", 2) != 2) { - rctx->state = OHS_ERROR; - return 0; - } - rctx->state = OHS_WRITE_INIT; - - /* fall thru */ - case OHS_WRITE_INIT: - rctx->len_to_send = BIO_get_mem_data(rctx->mem, &rctx->pos); - rctx->state = OHS_WRITE_HDR; - - /* fall thru */ - case OHS_WRITE_HDR: - /* Copy some chunk of data from rctx->mem to rctx->wbio */ - case OHS_WRITE_REQ: - /* Copy some chunk of data from rctx->req to rctx->wbio */ - - if (rctx->len_to_send > 0) { - i = BIO_write(rctx->wbio, rctx->pos, rctx->len_to_send); - if (i <= 0) { - if (BIO_should_retry(rctx->wbio)) - return -1; - rctx->state = OHS_ERROR; - return 0; - } - rctx->pos += i; - rctx->len_to_send -= i; - goto next_io; - } - if (rctx->state == OHS_WRITE_HDR) { - (void)BIO_reset(rctx->mem); - rctx->state = OHS_WRITE_REQ; - } - if (rctx->req != NULL && !BIO_eof(rctx->req)) { - n = BIO_read(rctx->req, rctx->buf, rctx->buf_size); - if (n <= 0) { - if (BIO_should_retry(rctx->req)) - return -1; - ERR_raise(ERR_LIB_HTTP, HTTP_R_FAILED_READING_DATA); - return 0; - } - rctx->pos = rctx->buf; - rctx->len_to_send = n; - goto next_io; - } - rctx->state = OHS_FLUSH; - - /* fall thru */ - case OHS_FLUSH: - - i = BIO_flush(rctx->wbio); - - if (i > 0) { - rctx->state = OHS_FIRSTLINE; - goto next_io; - } - - if (BIO_should_retry(rctx->wbio)) - return -1; - - rctx->state = OHS_ERROR; - return 0; - - case OHS_ERROR: - return 0; - - case OHS_FIRSTLINE: - case OHS_HEADERS: - case OHS_REDIRECT: - - /* Attempt to read a line in */ - next_line: - /* - * Due to strange memory BIO behavior with BIO_gets we have to check - * there's a complete line in there before calling BIO_gets or we'll - * just get a partial read. - */ - n = BIO_get_mem_data(rctx->mem, &p); - if (n <= 0 || memchr(p, '\n', n) == 0) { - if (n >= rctx->buf_size) { - rctx->state = OHS_ERROR; - return 0; - } - goto next_io; - } - n = BIO_gets(rctx->mem, buf, rctx->buf_size); - - if (n <= 0) { - if (BIO_should_retry(rctx->mem)) - goto next_io; - rctx->state = OHS_ERROR; - return 0; - } - - /* Don't allow excessive lines */ - if (n == rctx->buf_size) { - ERR_raise(ERR_LIB_HTTP, HTTP_R_RESPONSE_LINE_TOO_LONG); - rctx->state = OHS_ERROR; - return 0; - } - - /* First line */ - if (rctx->state == OHS_FIRSTLINE) { - switch (parse_http_line1(buf, &found_keep_alive)) { - case HTTP_STATUS_CODE_OK: - rctx->state = OHS_HEADERS; - goto next_line; - case HTTP_STATUS_CODE_MOVED_PERMANENTLY: - case HTTP_STATUS_CODE_FOUND: /* i.e., moved temporarily */ - if (!rctx->method_POST) { /* method is GET */ - rctx->state = OHS_REDIRECT; - goto next_line; - } - ERR_raise(ERR_LIB_HTTP, HTTP_R_REDIRECTION_NOT_ENABLED); - /* redirection is not supported/recommended for POST */ - /* fall through */ - default: - rctx->state = OHS_ERROR; - goto next_line; - } - } - key = buf; - value = strchr(key, ':'); - if (value != NULL) { - *(value++) = '\0'; - while (ossl_isspace(*value)) - value++; - line_end = strchr(value, '\r'); - if (line_end == NULL) - line_end = strchr(value, '\n'); - if (line_end != NULL) - *line_end = '\0'; - } - if (value != NULL && line_end != NULL) { - if (rctx->state == OHS_REDIRECT - && OPENSSL_strcasecmp(key, "Location") == 0) { - rctx->redirection_url = value; - return 0; - } - if (rctx->state == OHS_HEADERS && rctx->expected_ct != NULL - && OPENSSL_strcasecmp(key, "Content-Type") == 0) { - if (OPENSSL_strcasecmp(rctx->expected_ct, value) != 0) { - ERR_raise_data(ERR_LIB_HTTP, HTTP_R_UNEXPECTED_CONTENT_TYPE, - "expected=%s, actual=%s", - rctx->expected_ct, value); - return 0; - } - found_expected_ct = 1; - } - - /* https://tools.ietf.org/html/rfc7230#section-6.3 Persistence */ - if (OPENSSL_strcasecmp(key, "Connection") == 0) { - if (OPENSSL_strcasecmp(value, "keep-alive") == 0) - found_keep_alive = 1; - else if (OPENSSL_strcasecmp(value, "close") == 0) - found_keep_alive = 0; - } else if (OPENSSL_strcasecmp(key, "Content-Length") == 0) { - resp_len = (size_t)strtoul(value, &line_end, 10); - if (line_end == value || *line_end != '\0') { - ERR_raise_data(ERR_LIB_HTTP, - HTTP_R_ERROR_PARSING_CONTENT_LENGTH, - "input=%s", value); - return 0; - } - if (!check_set_resp_len(rctx, resp_len)) - return 0; - } - } - - /* Look for blank line indicating end of headers */ - for (p = rctx->buf; *p != '\0'; p++) { - if (*p != '\r' && *p != '\n') - break; - } - if (*p != '\0') /* not end of headers */ - goto next_line; - - if (rctx->keep_alive != 0 /* do not let server initiate keep_alive */ - && !found_keep_alive /* otherwise there is no change */) { - if (rctx->keep_alive == 2) { - rctx->keep_alive = 0; - ERR_raise(ERR_LIB_HTTP, HTTP_R_SERVER_CANCELED_CONNECTION); - return 0; - } - rctx->keep_alive = 0; - } - - if (rctx->state == OHS_ERROR) - return 0; - - if (rctx->expected_ct != NULL && !found_expected_ct) { - ERR_raise_data(ERR_LIB_HTTP, HTTP_R_MISSING_CONTENT_TYPE, - "expected=%s", rctx->expected_ct); - return 0; - } - if (rctx->state == OHS_REDIRECT) { - /* http status code indicated redirect but there was no Location */ - ERR_raise(ERR_LIB_HTTP, HTTP_R_MISSING_REDIRECT_LOCATION); - return 0; - } - - if (!rctx->expect_asn1) { - rctx->state = OHS_STREAM; - return 1; - } - - rctx->state = OHS_ASN1_HEADER; - - /* Fall thru */ - case OHS_ASN1_HEADER: - /* - * Now reading ASN1 header: can read at least 2 bytes which is enough - * for ASN1 SEQUENCE header and either length field or at least the - * length of the length field. - */ - n = BIO_get_mem_data(rctx->mem, &p); - if (n < 2) - goto next_io; - - /* Check it is an ASN1 SEQUENCE */ - if (*p++ != (V_ASN1_SEQUENCE | V_ASN1_CONSTRUCTED)) { - ERR_raise(ERR_LIB_HTTP, HTTP_R_MISSING_ASN1_ENCODING); - return 0; - } - - /* Check out length field */ - if ((*p & 0x80) != 0) { - /* - * If MSB set on initial length octet we can now always read 6 - * octets: make sure we have them. - */ - if (n < 6) - goto next_io; - n = *p & 0x7F; - /* Not NDEF or excessive length */ - if (n == 0 || (n > 4)) { - ERR_raise(ERR_LIB_HTTP, HTTP_R_ERROR_PARSING_ASN1_LENGTH); - return 0; - } - p++; - resp_len = 0; - for (i = 0; i < n; i++) { - resp_len <<= 8; - resp_len |= *p++; - } - resp_len += n + 2; - } else { - resp_len = *p + 2; - } - if (!check_set_resp_len(rctx, resp_len)) - return 0; - - rctx->state = OHS_ASN1_CONTENT; - - /* Fall thru */ - case OHS_ASN1_CONTENT: - default: - n = BIO_get_mem_data(rctx->mem, NULL); - if (n < 0 || (size_t)n < rctx->resp_len) - goto next_io; - - rctx->state = OHS_ASN1_DONE; - return 1; - } -} - -int OSSL_HTTP_REQ_CTX_nbio_d2i(OSSL_HTTP_REQ_CTX *rctx, - ASN1_VALUE **pval, const ASN1_ITEM *it) -{ - const unsigned char *p; - int rv; - - *pval = NULL; - if ((rv = OSSL_HTTP_REQ_CTX_nbio(rctx)) != 1) - return rv; - *pval = ASN1_item_d2i(NULL, &p, BIO_get_mem_data(rctx->mem, &p), it); - return *pval != NULL; - -} - -#ifndef OPENSSL_NO_SOCK - -/* set up a new connection BIO, to HTTP server or to HTTP(S) proxy if given */ -static BIO *http_new_bio(const char *server /* optionally includes ":port" */, - const char *server_port /* explicit server port */, - int use_ssl, - const char *proxy /* optionally includes ":port" */, - const char *proxy_port /* explicit proxy port */) -{ - const char *host = server; - const char *port = server_port; - BIO *cbio; - - if (!ossl_assert(server != NULL)) - return NULL; - - if (proxy != NULL) { - host = proxy; - port = proxy_port; - } - - if (port == NULL && strchr(host, ':') == NULL) - port = use_ssl ? OSSL_HTTPS_PORT : OSSL_HTTP_PORT; - - cbio = BIO_new_connect(host /* optionally includes ":port" */); - if (cbio == NULL) - goto end; - if (port != NULL) - (void)BIO_set_conn_port(cbio, port); - - end: - return cbio; -} -#endif /* OPENSSL_NO_SOCK */ - -/* Exchange request and response via HTTP on (non-)blocking BIO */ -BIO *OSSL_HTTP_REQ_CTX_exchange(OSSL_HTTP_REQ_CTX *rctx) -{ - int rv; - - if (rctx == NULL) { - ERR_raise(ERR_LIB_HTTP, ERR_R_PASSED_NULL_PARAMETER); - return NULL; - } - - for (;;) { - rv = OSSL_HTTP_REQ_CTX_nbio(rctx); - if (rv != -1) - break; - /* BIO_should_retry was true */ - /* will not actually wait if rctx->max_time == 0 */ - if (BIO_wait(rctx->rbio, rctx->max_time, 100 /* milliseconds */) <= 0) - return NULL; - } - - if (rv == 0) { - if (rctx->redirection_url == NULL) { /* an error occurred */ - if (rctx->len_to_send > 0) - ERR_raise(ERR_LIB_HTTP, HTTP_R_ERROR_SENDING); - else - ERR_raise(ERR_LIB_HTTP, HTTP_R_ERROR_RECEIVING); - } - return NULL; - } - return rctx->state == OHS_STREAM ? rctx->rbio : rctx->mem; -} - -int OSSL_HTTP_is_alive(const OSSL_HTTP_REQ_CTX *rctx) -{ - return rctx != NULL && rctx->keep_alive != 0; -} - -/* High-level HTTP API implementation */ - -/* Initiate an HTTP session using bio, else use given server, proxy, etc. */ -OSSL_HTTP_REQ_CTX *OSSL_HTTP_open(const char *server, const char *port, - const char *proxy, const char *no_proxy, - int use_ssl, BIO *bio, BIO *rbio, - OSSL_HTTP_bio_cb_t bio_update_fn, void *arg, - int buf_size, int overall_timeout) -{ - BIO *cbio; /* == bio if supplied, used as connection BIO if rbio is NULL */ - OSSL_HTTP_REQ_CTX *rctx = NULL; - - if (use_ssl && bio_update_fn == NULL) { - ERR_raise(ERR_LIB_HTTP, HTTP_R_TLS_NOT_ENABLED); - return NULL; - } - if (rbio != NULL && (bio == NULL || bio_update_fn != NULL)) { - ERR_raise(ERR_LIB_HTTP, ERR_R_PASSED_INVALID_ARGUMENT); - return NULL; - } - - if (bio != NULL) { - cbio = bio; - if (proxy != NULL || no_proxy != NULL) { - ERR_raise(ERR_LIB_HTTP, ERR_R_PASSED_INVALID_ARGUMENT); - return NULL; - } - } else { -#ifndef OPENSSL_NO_SOCK - char *proxy_host = NULL, *proxy_port = NULL; - - if (server == NULL) { - ERR_raise(ERR_LIB_HTTP, ERR_R_PASSED_NULL_PARAMETER); - return NULL; - } - if (port != NULL && *port == '\0') - port = NULL; - if (port == NULL && strchr(server, ':') == NULL) - port = use_ssl ? OSSL_HTTPS_PORT : OSSL_HTTP_PORT; - proxy = OSSL_HTTP_adapt_proxy(proxy, no_proxy, server, use_ssl); - if (proxy != NULL - && !OSSL_HTTP_parse_url(proxy, NULL /* use_ssl */, NULL /* user */, - &proxy_host, &proxy_port, NULL /* num */, - NULL /* path */, NULL, NULL)) - return NULL; - cbio = http_new_bio(server, port, use_ssl, proxy_host, proxy_port); - OPENSSL_free(proxy_host); - OPENSSL_free(proxy_port); - if (cbio == NULL) - return NULL; -#else - ERR_raise(ERR_LIB_HTTP, HTTP_R_SOCK_NOT_SUPPORTED); - return NULL; -#endif - } - - (void)ERR_set_mark(); /* prepare removing any spurious libssl errors */ - if (rbio == NULL && BIO_do_connect_retry(cbio, overall_timeout, -1) <= 0) { - if (bio == NULL) /* cbio was not provided by caller */ - BIO_free_all(cbio); - goto end; - } - /* now overall_timeout is guaranteed to be >= 0 */ - - /* adapt in order to fix callback design flaw, see #17088 */ - /* callback can be used to wrap or prepend TLS session */ - if (bio_update_fn != NULL) { - BIO *orig_bio = cbio; - - cbio = (*bio_update_fn)(cbio, arg, 1 /* connect */, use_ssl != 0); - if (cbio == NULL) { - if (bio == NULL) /* cbio was not provided by caller */ - BIO_free_all(orig_bio); - goto end; - } - } - - rctx = http_req_ctx_new(bio == NULL, cbio, rbio != NULL ? rbio : cbio, - bio_update_fn, arg, use_ssl, proxy, server, port, - buf_size, overall_timeout); - - end: - if (rctx != NULL) - /* remove any spurious error queue entries by ssl_add_cert_chain() */ - (void)ERR_pop_to_mark(); - else - (void)ERR_clear_last_mark(); - - return rctx; -} - -int OSSL_HTTP_set1_request(OSSL_HTTP_REQ_CTX *rctx, const char *path, - const STACK_OF(CONF_VALUE) *headers, - const char *content_type, BIO *req, - const char *expected_content_type, int expect_asn1, - size_t max_resp_len, int timeout, int keep_alive) -{ - int use_http_proxy; - - if (rctx == NULL) { - ERR_raise(ERR_LIB_HTTP, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - use_http_proxy = rctx->proxy != NULL && !rctx->use_ssl; - if (use_http_proxy && rctx->server == NULL) { - ERR_raise(ERR_LIB_HTTP, ERR_R_PASSED_INVALID_ARGUMENT); - return 0; - } - rctx->max_resp_len = max_resp_len; /* allows for 0: indefinite */ - - return OSSL_HTTP_REQ_CTX_set_request_line(rctx, req != NULL, - use_http_proxy ? rctx->server - : NULL, rctx->port, path) - && add1_headers(rctx, headers, rctx->server) - && OSSL_HTTP_REQ_CTX_set_expected(rctx, expected_content_type, - expect_asn1, timeout, keep_alive) - && set1_content(rctx, content_type, req); -} - -/*- - * Exchange single HTTP request and response according to rctx. - * If rctx->method_POST then use POST, else use GET and ignore content_type. - * The redirection_url output (freed by caller) parameter is used only for GET. - */ -BIO *OSSL_HTTP_exchange(OSSL_HTTP_REQ_CTX *rctx, char **redirection_url) -{ - BIO *resp; - - if (rctx == NULL) { - ERR_raise(ERR_LIB_HTTP, ERR_R_PASSED_NULL_PARAMETER); - return NULL; - } - - if (redirection_url != NULL) - *redirection_url = NULL; /* do this beforehand to prevent dbl free */ - - resp = OSSL_HTTP_REQ_CTX_exchange(rctx); - if (resp == NULL) { - if (rctx->redirection_url != NULL) { - if (redirection_url == NULL) - ERR_raise(ERR_LIB_HTTP, HTTP_R_REDIRECTION_NOT_ENABLED); - else - /* may be NULL if out of memory: */ - *redirection_url = OPENSSL_strdup(rctx->redirection_url); - } else { - char buf[200]; - unsigned long err = ERR_peek_error(); - int lib = ERR_GET_LIB(err); - int reason = ERR_GET_REASON(err); - - if (lib == ERR_LIB_SSL || lib == ERR_LIB_HTTP - || (lib == ERR_LIB_BIO && reason == BIO_R_CONNECT_TIMEOUT) - || (lib == ERR_LIB_BIO && reason == BIO_R_CONNECT_ERROR) -#ifndef OPENSSL_NO_CMP - || (lib == ERR_LIB_CMP - && reason == CMP_R_POTENTIALLY_INVALID_CERTIFICATE) -#endif - ) { - if (rctx->server != NULL) { - BIO_snprintf(buf, sizeof(buf), "server=http%s://%s%s%s", - rctx->use_ssl ? "s" : "", rctx->server, - rctx->port != NULL ? ":" : "", - rctx->port != NULL ? rctx->port : ""); - ERR_add_error_data(1, buf); - } - if (rctx->proxy != NULL) - ERR_add_error_data(2, " proxy=", rctx->proxy); - if (err == 0) { - BIO_snprintf(buf, sizeof(buf), " peer has disconnected%s", - rctx->use_ssl ? " violating the protocol" : - ", likely because it requires the use of TLS"); - ERR_add_error_data(1, buf); - } - } - } - } - - if (resp != NULL && !BIO_up_ref(resp)) - resp = NULL; - return resp; -} - -static int redirection_ok(int n_redir, const char *old_url, const char *new_url) -{ - if (n_redir >= HTTP_VERSION_MAX_REDIRECTIONS) { - ERR_raise(ERR_LIB_HTTP, HTTP_R_TOO_MANY_REDIRECTIONS); - return 0; - } - if (*new_url == '/') /* redirection to same server => same protocol */ - return 1; - if (HAS_PREFIX(old_url, OSSL_HTTPS_NAME":") && - !HAS_PREFIX(new_url, OSSL_HTTPS_NAME":")) { - ERR_raise(ERR_LIB_HTTP, HTTP_R_REDIRECTION_FROM_HTTPS_TO_HTTP); - return 0; - } - return 1; -} - -/* Get data via HTTP from server at given URL, potentially with redirection */ -BIO *OSSL_HTTP_get(const char *url, const char *proxy, const char *no_proxy, - BIO *bio, BIO *rbio, - OSSL_HTTP_bio_cb_t bio_update_fn, void *arg, - int buf_size, const STACK_OF(CONF_VALUE) *headers, - const char *expected_ct, int expect_asn1, - size_t max_resp_len, int timeout) -{ - char *current_url, *redirection_url = NULL; - int n_redirs = 0; - char *host; - char *port; - char *path; - int use_ssl; - OSSL_HTTP_REQ_CTX *rctx; - BIO *resp = NULL; - time_t max_time = timeout > 0 ? time(NULL) + timeout : 0; - - if (url == NULL) { - ERR_raise(ERR_LIB_HTTP, ERR_R_PASSED_NULL_PARAMETER); - return NULL; - } - if ((current_url = OPENSSL_strdup(url)) == NULL) - return NULL; - - for (;;) { - if (!OSSL_HTTP_parse_url(current_url, &use_ssl, NULL /* user */, &host, - &port, NULL /* port_num */, &path, NULL, NULL)) - break; - - rctx = OSSL_HTTP_open(host, port, proxy, no_proxy, - use_ssl, bio, rbio, bio_update_fn, arg, - buf_size, timeout); - new_rpath: - if (rctx != NULL) { - if (!OSSL_HTTP_set1_request(rctx, path, headers, - NULL /* content_type */, - NULL /* req */, - expected_ct, expect_asn1, max_resp_len, - -1 /* use same max time (timeout) */, - 0 /* no keep_alive */)) - OSSL_HTTP_REQ_CTX_free(rctx); - else - resp = OSSL_HTTP_exchange(rctx, &redirection_url); - } - OPENSSL_free(path); - if (resp == NULL && redirection_url != NULL) { - if (redirection_ok(++n_redirs, current_url, redirection_url) - && may_still_retry(max_time, &timeout)) { - (void)BIO_reset(bio); - OPENSSL_free(current_url); - current_url = redirection_url; - if (*redirection_url == '/') { /* redirection to same server */ - path = OPENSSL_strdup(redirection_url); - if (path == NULL) { - OPENSSL_free(host); - OPENSSL_free(port); - (void)OSSL_HTTP_close(rctx, 1); - BIO_free(resp); - OPENSSL_free(current_url); - return NULL; - } - goto new_rpath; - } - OPENSSL_free(host); - OPENSSL_free(port); - (void)OSSL_HTTP_close(rctx, 1); - continue; - } - /* if redirection not allowed, ignore it */ - OPENSSL_free(redirection_url); - } - OPENSSL_free(host); - OPENSSL_free(port); - if (!OSSL_HTTP_close(rctx, resp != NULL)) { - BIO_free(resp); - resp = NULL; - } - break; - } - OPENSSL_free(current_url); - return resp; -} - -/* Exchange request and response over a connection managed via |prctx| */ -BIO *OSSL_HTTP_transfer(OSSL_HTTP_REQ_CTX **prctx, - const char *server, const char *port, - const char *path, int use_ssl, - const char *proxy, const char *no_proxy, - BIO *bio, BIO *rbio, - OSSL_HTTP_bio_cb_t bio_update_fn, void *arg, - int buf_size, const STACK_OF(CONF_VALUE) *headers, - const char *content_type, BIO *req, - const char *expected_ct, int expect_asn1, - size_t max_resp_len, int timeout, int keep_alive) -{ - OSSL_HTTP_REQ_CTX *rctx = prctx == NULL ? NULL : *prctx; - BIO *resp = NULL; - - if (rctx == NULL) { - rctx = OSSL_HTTP_open(server, port, proxy, no_proxy, - use_ssl, bio, rbio, bio_update_fn, arg, - buf_size, timeout); - timeout = -1; /* Already set during opening the connection */ - } - if (rctx != NULL) { - if (OSSL_HTTP_set1_request(rctx, path, headers, content_type, req, - expected_ct, expect_asn1, - max_resp_len, timeout, keep_alive)) - resp = OSSL_HTTP_exchange(rctx, NULL); - if (resp == NULL || !OSSL_HTTP_is_alive(rctx)) { - if (!OSSL_HTTP_close(rctx, resp != NULL)) { - BIO_free(resp); - resp = NULL; - } - rctx = NULL; - } - } - if (prctx != NULL) - *prctx = rctx; - return resp; -} - -int OSSL_HTTP_close(OSSL_HTTP_REQ_CTX *rctx, int ok) -{ - BIO *wbio; - int ret = 1; - - /* callback can be used to finish TLS session and free its BIO */ - if (rctx != NULL && rctx->upd_fn != NULL) { - wbio = (*rctx->upd_fn)(rctx->wbio, rctx->upd_arg, - 0 /* disconnect */, ok); - ret = wbio != NULL; - if (ret) - rctx->wbio = wbio; - } - OSSL_HTTP_REQ_CTX_free(rctx); - return ret; -} - -/* BASE64 encoder used for encoding basic proxy authentication credentials */ -static char *base64encode(const void *buf, size_t len) -{ - int i; - size_t outl; - char *out; - - /* Calculate size of encoded data */ - outl = (len / 3); - if (len % 3 > 0) - outl++; - outl <<= 2; - out = OPENSSL_malloc(outl + 1); - if (out == NULL) - return 0; - - i = EVP_EncodeBlock((unsigned char *)out, buf, len); - if (!ossl_assert(0 <= i && (size_t)i <= outl)) { - OPENSSL_free(out); - return NULL; - } - return out; -} - -/* - * Promote the given connection BIO using the CONNECT method for a TLS proxy. - * This is typically called by an app, so bio_err and prog are used unless NULL - * to print additional diagnostic information in a user-oriented way. - */ -int OSSL_HTTP_proxy_connect(BIO *bio, const char *server, const char *port, - const char *proxyuser, const char *proxypass, - int timeout, BIO *bio_err, const char *prog) -{ -#undef BUF_SIZE -#define BUF_SIZE (8 * 1024) - char *mbuf = OPENSSL_malloc(BUF_SIZE); - char *mbufp; - int read_len = 0; - int ret = 0; - BIO *fbio = BIO_new(BIO_f_buffer()); - int rv; - time_t max_time = timeout > 0 ? time(NULL) + timeout : 0; - - if (bio == NULL || server == NULL - || (bio_err != NULL && prog == NULL)) { - ERR_raise(ERR_LIB_HTTP, ERR_R_PASSED_NULL_PARAMETER); - goto end; - } - if (port == NULL || *port == '\0') - port = OSSL_HTTPS_PORT; - - if (mbuf == NULL || fbio == NULL) { - BIO_printf(bio_err /* may be NULL */, "%s: out of memory", prog); - goto end; - } - BIO_push(fbio, bio); - - BIO_printf(fbio, "CONNECT %s:%s "HTTP_1_0"\r\n", server, port); - - /* - * Workaround for broken proxies which would otherwise close - * the connection when entering tunnel mode (e.g., Squid 2.6) - */ - BIO_printf(fbio, "Proxy-Connection: Keep-Alive\r\n"); - - /* Support for basic (base64) proxy authentication */ - if (proxyuser != NULL) { - size_t len = strlen(proxyuser) + 1; - char *proxyauth, *proxyauthenc = NULL; - - if (proxypass != NULL) - len += strlen(proxypass); - proxyauth = OPENSSL_malloc(len + 1); - if (proxyauth == NULL) - goto end; - if (BIO_snprintf(proxyauth, len + 1, "%s:%s", proxyuser, - proxypass != NULL ? proxypass : "") != (int)len) - goto proxy_end; - proxyauthenc = base64encode(proxyauth, len); - if (proxyauthenc != NULL) { - BIO_printf(fbio, "Proxy-Authorization: Basic %s\r\n", proxyauthenc); - OPENSSL_clear_free(proxyauthenc, strlen(proxyauthenc)); - } - proxy_end: - OPENSSL_clear_free(proxyauth, len); - if (proxyauthenc == NULL) - goto end; - } - - /* Terminate the HTTP CONNECT request */ - BIO_printf(fbio, "\r\n"); - - for (;;) { - if (BIO_flush(fbio) != 0) - break; - /* potentially needs to be retried if BIO is non-blocking */ - if (!BIO_should_retry(fbio)) - break; - } - - for (;;) { - /* will not actually wait if timeout == 0 */ - rv = BIO_wait(fbio, max_time, 100 /* milliseconds */); - if (rv <= 0) { - BIO_printf(bio_err, "%s: HTTP CONNECT %s\n", prog, - rv == 0 ? "timed out" : "failed waiting for data"); - goto end; - } - - /*- - * The first line is the HTTP response. - * According to RFC 7230, it is formatted exactly like this: - * HTTP/d.d ddd reason text\r\n - */ - read_len = BIO_gets(fbio, mbuf, BUF_SIZE); - /* the BIO may not block, so we must wait for the 1st line to come in */ - if (read_len < (int)HTTP_LINE1_MINLEN) - continue; - - /* Check for HTTP/1.x */ - if (!HAS_PREFIX(mbuf, HTTP_PREFIX) != 0) { - ERR_raise(ERR_LIB_HTTP, HTTP_R_HEADER_PARSE_ERROR); - BIO_printf(bio_err, "%s: HTTP CONNECT failed, non-HTTP response\n", - prog); - /* Wrong protocol, not even HTTP, so stop reading headers */ - goto end; - } - mbufp = mbuf + strlen(HTTP_PREFIX); - if (!HAS_PREFIX(mbufp, HTTP_VERSION_PATT) != 0) { - ERR_raise(ERR_LIB_HTTP, HTTP_R_RECEIVED_WRONG_HTTP_VERSION); - BIO_printf(bio_err, - "%s: HTTP CONNECT failed, bad HTTP version %.*s\n", - prog, (int)HTTP_VERSION_STR_LEN, mbufp); - goto end; - } - mbufp += HTTP_VERSION_STR_LEN; - - /* RFC 7231 4.3.6: any 2xx status code is valid */ - if (!HAS_PREFIX(mbufp, " 2")) { - /* chop any trailing whitespace */ - while (read_len > 0 && ossl_isspace(mbuf[read_len - 1])) - read_len--; - mbuf[read_len] = '\0'; - ERR_raise_data(ERR_LIB_HTTP, HTTP_R_CONNECT_FAILURE, - "reason=%s", mbufp); - BIO_printf(bio_err, "%s: HTTP CONNECT failed, reason=%s\n", - prog, mbufp); - goto end; - } - ret = 1; - break; - } - - /* Read past all following headers */ - do { - /* - * This does not necessarily catch the case when the full - * HTTP response came in in more than a single TCP message. - */ - read_len = BIO_gets(fbio, mbuf, BUF_SIZE); - } while (read_len > 2); - - end: - if (fbio != NULL) { - (void)BIO_flush(fbio); - BIO_pop(fbio); - BIO_free(fbio); - } - OPENSSL_free(mbuf); - return ret; -#undef BUF_SIZE -} diff --git a/crypto/http/http_err.c b/crypto/http/http_err.c deleted file mode 100644 index 332ad926d3672a16bff46818d697e19a6569dc32..0000000000000000000000000000000000000000 --- a/crypto/http/http_err.c +++ /dev/null @@ -1,82 +0,0 @@ -/* - * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include "crypto/httperr.h" - -#ifndef OPENSSL_NO_ERR - -static const ERR_STRING_DATA HTTP_str_reasons[] = { - {ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_ASN1_LEN_EXCEEDS_MAX_RESP_LEN), - "asn1 len exceeds max resp len"}, - {ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_CONNECT_FAILURE), "connect failure"}, - {ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_ERROR_PARSING_ASN1_LENGTH), - "error parsing asn1 length"}, - {ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_ERROR_PARSING_CONTENT_LENGTH), - "error parsing content length"}, - {ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_ERROR_PARSING_URL), "error parsing url"}, - {ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_ERROR_RECEIVING), "error receiving"}, - {ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_ERROR_SENDING), "error sending"}, - {ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_FAILED_READING_DATA), - "failed reading data"}, - {ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_HEADER_PARSE_ERROR), - "header parse error"}, - {ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_INCONSISTENT_CONTENT_LENGTH), - "inconsistent content length"}, - {ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_INVALID_PORT_NUMBER), - "invalid port number"}, - {ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_INVALID_URL_PATH), "invalid url path"}, - {ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_INVALID_URL_SCHEME), - "invalid url scheme"}, - {ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_MAX_RESP_LEN_EXCEEDED), - "max resp len exceeded"}, - {ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_MISSING_ASN1_ENCODING), - "missing asn1 encoding"}, - {ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_MISSING_CONTENT_TYPE), - "missing content type"}, - {ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_MISSING_REDIRECT_LOCATION), - "missing redirect location"}, - {ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_RECEIVED_ERROR), "received error"}, - {ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_RECEIVED_WRONG_HTTP_VERSION), - "received wrong http version"}, - {ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_REDIRECTION_FROM_HTTPS_TO_HTTP), - "redirection from https to http"}, - {ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_REDIRECTION_NOT_ENABLED), - "redirection not enabled"}, - {ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_RESPONSE_LINE_TOO_LONG), - "response line too long"}, - {ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_RESPONSE_PARSE_ERROR), - "response parse error"}, - {ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_RETRY_TIMEOUT), "retry timeout"}, - {ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_SERVER_CANCELED_CONNECTION), - "server canceled connection"}, - {ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_SOCK_NOT_SUPPORTED), - "sock not supported"}, - {ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_STATUS_CODE_UNSUPPORTED), - "status code unsupported"}, - {ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_TLS_NOT_ENABLED), "tls not enabled"}, - {ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_TOO_MANY_REDIRECTIONS), - "too many redirections"}, - {ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_UNEXPECTED_CONTENT_TYPE), - "unexpected content type"}, - {0, NULL} -}; - -#endif - -int ossl_err_load_HTTP_strings(void) -{ -#ifndef OPENSSL_NO_ERR - if (ERR_reason_error_string(HTTP_str_reasons[0].error) == NULL) - ERR_load_strings_const(HTTP_str_reasons); -#endif - return 1; -} diff --git a/crypto/http/http_lib.c b/crypto/http/http_lib.c deleted file mode 100644 index bd9c096b989cf58e4c037cbe679b68fa441ab040..0000000000000000000000000000000000000000 --- a/crypto/http/http_lib.c +++ /dev/null @@ -1,286 +0,0 @@ -/* - * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include /* for sscanf() */ -#include -#include -#include -#include /* for BIO_snprintf() */ -#include -#include "internal/cryptlib.h" /* for ossl_assert() */ - -static void init_pstring(char **pstr) -{ - if (pstr != NULL) { - *pstr = NULL; - } -} - -static int copy_substring(char **dest, const char *start, const char *end) -{ - return dest == NULL - || (*dest = OPENSSL_strndup(start, end - start)) != NULL; -} - -static void free_pstring(char **pstr) -{ - if (pstr != NULL) { - OPENSSL_free(*pstr); - *pstr = NULL; - } -} - -int OSSL_parse_url(const char *url, char **pscheme, char **puser, char **phost, - char **pport, int *pport_num, - char **ppath, char **pquery, char **pfrag) -{ - const char *p, *tmp; - const char *scheme, *scheme_end; - const char *user, *user_end; - const char *host, *host_end; - const char *port, *port_end; - unsigned int portnum; - const char *path, *path_end; - const char *query, *query_end; - const char *frag, *frag_end; - - init_pstring(pscheme); - init_pstring(puser); - init_pstring(phost); - init_pstring(pport); - init_pstring(ppath); - init_pstring(pfrag); - init_pstring(pquery); - - if (url == NULL) { - ERR_raise(ERR_LIB_HTTP, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - - /* check for optional prefix "://" */ - scheme = scheme_end = url; - p = strstr(url, "://"); - if (p == NULL) { - p = url; - } else { - scheme_end = p; - if (scheme_end == scheme) - goto parse_err; - p += strlen("://"); - } - - /* parse optional "userinfo@" */ - user = user_end = host = p; - host = strchr(p, '@'); - if (host != NULL) - user_end = host++; - else - host = p; - - /* parse host name/address as far as needed here */ - if (host[0] == '[') { - /* ipv6 literal, which may include ':' */ - host_end = strchr(host + 1, ']'); - if (host_end == NULL) - goto parse_err; - p = ++host_end; - } else { - /* look for start of optional port, path, query, or fragment */ - host_end = strchr(host, ':'); - if (host_end == NULL) - host_end = strchr(host, '/'); - if (host_end == NULL) - host_end = strchr(host, '?'); - if (host_end == NULL) - host_end = strchr(host, '#'); - if (host_end == NULL) /* the remaining string is just the hostname */ - host_end = host + strlen(host); - p = host_end; - } - - /* parse optional port specification starting with ':' */ - port = "0"; /* default */ - if (*p == ':') - port = ++p; - /* remaining port spec handling is also done for the default values */ - /* make sure a decimal port number is given */ - if (!sscanf(port, "%u", &portnum) || portnum > 65535) { - ERR_raise_data(ERR_LIB_HTTP, HTTP_R_INVALID_PORT_NUMBER, "%s", port); - goto err; - } - for (port_end = port; '0' <= *port_end && *port_end <= '9'; port_end++) - ; - if (port == p) /* port was given explicitly */ - p += port_end - port; - - /* check for optional path starting with '/' or '?'. Else must start '#' */ - path = p; - if (*path != '\0' && *path != '/' && *path != '?' && *path != '#') { - ERR_raise(ERR_LIB_HTTP, HTTP_R_INVALID_URL_PATH); - goto parse_err; - } - path_end = query = query_end = frag = frag_end = path + strlen(path); - - /* parse optional "?query" */ - tmp = strchr(p, '?'); - if (tmp != NULL) { - p = tmp; - if (pquery != NULL) { - path_end = p; - query = p + 1; - } - } - - /* parse optional "#fragment" */ - tmp = strchr(p, '#'); - if (tmp != NULL) { - if (query == path_end) /* we did not record a query component */ - path_end = tmp; - query_end = tmp; - frag = tmp + 1; - } - - if (!copy_substring(pscheme, scheme, scheme_end) - || !copy_substring(phost, host, host_end) - || !copy_substring(pport, port, port_end) - || !copy_substring(puser, user, user_end) - || !copy_substring(pquery, query, query_end) - || !copy_substring(pfrag, frag, frag_end)) - goto err; - if (pport_num != NULL) - *pport_num = (int)portnum; - if (*path == '/') { - if (!copy_substring(ppath, path, path_end)) - goto err; - } else if (ppath != NULL) { /* must prepend '/' */ - size_t buflen = 1 + path_end - path + 1; - - if ((*ppath = OPENSSL_malloc(buflen)) == NULL) - goto err; - BIO_snprintf(*ppath, buflen, "/%s", path); - } - return 1; - - parse_err: - ERR_raise(ERR_LIB_HTTP, HTTP_R_ERROR_PARSING_URL); - - err: - free_pstring(pscheme); - free_pstring(puser); - free_pstring(phost); - free_pstring(pport); - free_pstring(ppath); - free_pstring(pquery); - free_pstring(pfrag); - return 0; -} - -int OSSL_HTTP_parse_url(const char *url, int *pssl, char **puser, char **phost, - char **pport, int *pport_num, - char **ppath, char **pquery, char **pfrag) -{ - char *scheme, *port; - int ssl = 0, portnum; - - init_pstring(pport); - if (pssl != NULL) - *pssl = 0; - if (!OSSL_parse_url(url, &scheme, puser, phost, &port, pport_num, - ppath, pquery, pfrag)) - return 0; - - /* check for optional HTTP scheme "http[s]" */ - if (strcmp(scheme, OSSL_HTTPS_NAME) == 0) { - ssl = 1; - if (pssl != NULL) - *pssl = ssl; - } else if (*scheme != '\0' && strcmp(scheme, OSSL_HTTP_NAME) != 0) { - ERR_raise(ERR_LIB_HTTP, HTTP_R_INVALID_URL_SCHEME); - OPENSSL_free(scheme); - OPENSSL_free(port); - goto err; - } - OPENSSL_free(scheme); - - if (strcmp(port, "0") == 0) { - /* set default port */ - OPENSSL_free(port); - port = ssl ? OSSL_HTTPS_PORT : OSSL_HTTP_PORT; - if (!ossl_assert(sscanf(port, "%d", &portnum) == 1)) - goto err; - if (pport_num != NULL) - *pport_num = portnum; - if (pport != NULL) { - *pport = OPENSSL_strdup(port); - if (*pport == NULL) - goto err; - } - } else { - if (pport != NULL) - *pport = port; - else - OPENSSL_free(port); - } - return 1; - - err: - free_pstring(puser); - free_pstring(phost); - free_pstring(ppath); - free_pstring(pquery); - free_pstring(pfrag); - return 0; -} - -/* Respect no_proxy, taking default value from environment variable(s) */ -static int use_proxy(const char *no_proxy, const char *server) -{ - size_t sl; - const char *found = NULL; - - if (!ossl_assert(server != NULL)) - return 0; - sl = strlen(server); - - /* - * using environment variable names, both lowercase and uppercase variants, - * compatible with other HTTP client implementations like wget, curl and git - */ - if (no_proxy == NULL) - no_proxy = getenv("no_proxy"); - if (no_proxy == NULL) - no_proxy = getenv(OPENSSL_NO_PROXY); - - if (no_proxy != NULL) - found = strstr(no_proxy, server); - while (found != NULL - && ((found != no_proxy && found[-1] != ' ' && found[-1] != ',') - || (found[sl] != '\0' && found[sl] != ' ' && found[sl] != ','))) - found = strstr(found + 1, server); - return found == NULL; -} - -/* Take default value from environment variable(s), respect no_proxy */ -const char *OSSL_HTTP_adapt_proxy(const char *proxy, const char *no_proxy, - const char *server, int use_ssl) -{ - /* - * using environment variable names, both lowercase and uppercase variants, - * compatible with other HTTP client implementations like wget, curl and git - */ - if (proxy == NULL) - proxy = getenv(use_ssl ? "https_proxy" : "http_proxy"); - if (proxy == NULL) - proxy = getenv(use_ssl ? OPENSSL_HTTP_PROXY : - OPENSSL_HTTPS_PROXY); - - if (proxy == NULL || *proxy == '\0' || !use_proxy(no_proxy, server)) - return NULL; - return proxy; -} diff --git a/crypto/ia64cpuid.S b/crypto/ia64cpuid.S deleted file mode 100644 index a09f8556372d58e40ee126ef2b3baac73e2f6e5a..0000000000000000000000000000000000000000 --- a/crypto/ia64cpuid.S +++ /dev/null @@ -1,297 +0,0 @@ -// Copyright 2004-2017 The OpenSSL Project Authors. All Rights Reserved. -// -// Licensed under the Apache License 2.0 (the "License"). You may not use -// this file except in compliance with the License. You can obtain a copy -// in the file LICENSE in the source distribution or at -// https://www.openssl.org/source/license.html -// Works on all IA-64 platforms: Linux, HP-UX, Win64i... -// On Win64i compile with ias.exe. -.text - -#if defined(_HPUX_SOURCE) && !defined(_LP64) -#define ADDP addp4 -#else -#define ADDP add -#endif - -.global OPENSSL_cpuid_setup# -.proc OPENSSL_cpuid_setup# -OPENSSL_cpuid_setup: -{ .mib; br.ret.sptk.many b0 };; -.endp OPENSSL_cpuid_setup# - -.global OPENSSL_rdtsc# -.proc OPENSSL_rdtsc# -OPENSSL_rdtsc: -{ .mib; mov r8=ar.itc - br.ret.sptk.many b0 };; -.endp OPENSSL_rdtsc# - -.global OPENSSL_atomic_add# -.proc OPENSSL_atomic_add# -.align 32 -OPENSSL_atomic_add: -{ .mii; ld4 r2=[r32] - nop.i 0 - nop.i 0 };; -.Lspin: -{ .mii; mov ar.ccv=r2 - add r8=r2,r33 - mov r3=r2 };; -{ .mmi; mf;; - cmpxchg4.acq r2=[r32],r8,ar.ccv - nop.i 0 };; -{ .mib; cmp.ne p6,p0=r2,r3 - nop.i 0 -(p6) br.dpnt .Lspin };; -{ .mib; nop.m 0 - sxt4 r8=r8 - br.ret.sptk.many b0 };; -.endp OPENSSL_atomic_add# - -// Returns a structure comprising pointer to the top of stack of -// the caller and pointer beyond backing storage for the current -// register frame. The latter is required, because it might be -// insufficient to wipe backing storage for the current frame -// (as this procedure does), one might have to go further, toward -// higher addresses to reach for whole "retroactively" saved -// context... -.global OPENSSL_wipe_cpu# -.proc OPENSSL_wipe_cpu# -.align 32 -OPENSSL_wipe_cpu: - .prologue - .fframe 0 - .save ar.pfs,r2 - .save ar.lc,r3 -{ .mib; alloc r2=ar.pfs,0,96,0,96 - mov r3=ar.lc - brp.loop.imp .L_wipe_top,.L_wipe_end-16 - };; -{ .mii; mov r9=ar.bsp - mov r8=pr - mov ar.lc=96 };; - .body -{ .mii; add r9=96*8-8,r9 - mov ar.ec=1 };; - -// One can sweep double as fast, but then we can't guarantee -// that backing storage is wiped... -.L_wipe_top: -{ .mfi; st8 [r9]=r0,-8 - mov f127=f0 - mov r127=r0 } -{ .mfb; nop.m 0 - nop.f 0 - br.ctop.sptk .L_wipe_top };; -.L_wipe_end: - -{ .mfi; mov r11=r0 - mov f6=f0 - mov r14=r0 } -{ .mfi; mov r15=r0 - mov f7=f0 - mov r16=r0 } -{ .mfi; mov r17=r0 - mov f8=f0 - mov r18=r0 } -{ .mfi; mov r19=r0 - mov f9=f0 - mov r20=r0 } -{ .mfi; mov r21=r0 - mov f10=f0 - mov r22=r0 } -{ .mfi; mov r23=r0 - mov f11=f0 - mov r24=r0 } -{ .mfi; mov r25=r0 - mov f12=f0 - mov r26=r0 } -{ .mfi; mov r27=r0 - mov f13=f0 - mov r28=r0 } -{ .mfi; mov r29=r0 - mov f14=f0 - mov r30=r0 } -{ .mfi; mov r31=r0 - mov f15=f0 - nop.i 0 } -{ .mfi; mov f16=f0 } -{ .mfi; mov f17=f0 } -{ .mfi; mov f18=f0 } -{ .mfi; mov f19=f0 } -{ .mfi; mov f20=f0 } -{ .mfi; mov f21=f0 } -{ .mfi; mov f22=f0 } -{ .mfi; mov f23=f0 } -{ .mfi; mov f24=f0 } -{ .mfi; mov f25=f0 } -{ .mfi; mov f26=f0 } -{ .mfi; mov f27=f0 } -{ .mfi; mov f28=f0 } -{ .mfi; mov f29=f0 } -{ .mfi; mov f30=f0 } -{ .mfi; add r9=96*8+8,r9 - mov f31=f0 - mov pr=r8,0x1ffff } -{ .mib; mov r8=sp - mov ar.lc=r3 - br.ret.sptk b0 };; -.endp OPENSSL_wipe_cpu# - -.global OPENSSL_cleanse# -.proc OPENSSL_cleanse# -OPENSSL_cleanse: -{ .mib; cmp.eq p6,p0=0,r33 // len==0 - ADDP r32=0,r32 -(p6) br.ret.spnt b0 };; -{ .mib; and r2=7,r32 - cmp.leu p6,p0=15,r33 // len>=15 -(p6) br.cond.dptk .Lot };; - -.Little: -{ .mib; st1 [r32]=r0,1 - cmp.ltu p6,p7=1,r33 } // len>1 -{ .mbb; add r33=-1,r33 // len-- -(p6) br.cond.dptk .Little -(p7) br.ret.sptk.many b0 };; - -.Lot: -{ .mib; cmp.eq p6,p0=0,r2 -(p6) br.cond.dptk .Laligned };; -{ .mmi; st1 [r32]=r0,1;; - and r2=7,r32 } -{ .mib; add r33=-1,r33 - br .Lot };; - -.Laligned: -{ .mmi; st8 [r32]=r0,8 - and r2=-8,r33 // len&~7 - add r33=-8,r33 };; // len-=8 -{ .mib; cmp.ltu p6,p0=8,r2 // ((len+8)&~7)>8 -(p6) br.cond.dptk .Laligned };; - -{ .mbb; cmp.eq p6,p7=r0,r33 -(p7) br.cond.dpnt .Little -(p6) br.ret.sptk.many b0 };; -.endp OPENSSL_cleanse# - -.global CRYPTO_memcmp# -.proc CRYPTO_memcmp# -.align 32 -.skip 16 -CRYPTO_memcmp: - .prologue -{ .mib; mov r8=0 - cmp.eq p6,p0=0,r34 // len==0? -(p6) br.ret.spnt b0 };; - .save ar.pfs,r2 -{ .mib; alloc r2=ar.pfs,3,5,0,8 - .save ar.lc,r3 - mov r3=ar.lc - brp.loop.imp .Loop_cmp_ctop,.Loop_cmp_cend-16 - } -{ .mib; sub r10=r34,r0,1 - .save pr,r9 - mov r9=pr };; -{ .mii; ADDP r16=0,r32 - mov ar.lc=r10 - mov ar.ec=4 } -{ .mib; ADDP r17=0,r33 - mov pr.rot=1<<16 };; - -.Loop_cmp_ctop: -{ .mib; (p16) ld1 r32=[r16],1 - (p18) xor r34=r34,r38 } -{ .mib; (p16) ld1 r36=[r17],1 - (p19) or r8=r8,r35 - br.ctop.sptk .Loop_cmp_ctop };; -.Loop_cmp_cend: - -{ .mib; cmp.ne p6,p0=0,r8 - mov ar.lc=r3 };; -{ .mib; -(p6) mov r8=1 - mov pr=r9,0x1ffff - br.ret.sptk.many b0 };; -.endp CRYPTO_memcmp# - -.global OPENSSL_instrument_bus# -.proc OPENSSL_instrument_bus# -OPENSSL_instrument_bus: -{ .mmi; mov r2=r33 - ADDP r32=0,r32 } -{ .mmi; mov r8=ar.itc;; - mov r10=r0 - mov r9=r8 };; - -{ .mmi; fc r32;; - ld4 r8=[r32] };; -{ .mmi; mf - mov ar.ccv=r8 - add r8=r8,r10 };; -{ .mmi; cmpxchg4.acq r3=[r32],r8,ar.ccv - };; -.Loop: -{ .mmi; mov r8=ar.itc;; - sub r10=r8,r9 // diff=tick-lasttick - mov r9=r8 };; // lasttick=tick -{ .mmi; fc r32;; - ld4 r8=[r32] };; -{ .mmi; mf - mov ar.ccv=r8 - add r8=r8,r10 };; -{ .mmi; cmpxchg4.acq r3=[r32],r8,ar.ccv - add r33=-1,r33 - add r32=4,r32 };; -{ .mib; cmp4.ne p6,p0=0,r33 -(p6) br.cond.dptk .Loop };; - -{ .mib; sub r8=r2,r33 - br.ret.sptk.many b0 };; -.endp OPENSSL_instrument_bus# - -.global OPENSSL_instrument_bus2# -.proc OPENSSL_instrument_bus2# -OPENSSL_instrument_bus2: -{ .mmi; mov r2=r33 // put aside cnt - ADDP r32=0,r32 } -{ .mmi; mov r8=ar.itc;; - mov r10=r0 - mov r9=r8 };; - -{ .mmi; fc r32;; - ld4 r8=[r32] };; -{ .mmi; mf - mov ar.ccv=r8 - add r8=r8,r10 };; -{ .mmi; cmpxchg4.acq r3=[r32],r8,ar.ccv - };; - -{ .mmi; mov r8=ar.itc;; - sub r10=r8,r9 - mov r9=r8 };; -.Loop2: -{ .mmi; mov r11=r10 // lastdiff=diff - add r34=-1,r34 };; // --max -{ .mmi; fc r32;; - ld4 r8=[r32] - cmp4.eq p6,p0=0,r34 };; -{ .mmi; mf - mov ar.ccv=r8 - add r8=r8,r10 };; -{ .mmb; cmpxchg4.acq r3=[r32],r8,ar.ccv -(p6) br.cond.spnt .Ldone2 };; - -{ .mmi; mov r8=ar.itc;; - sub r10=r8,r9 // diff=tick-lasttick - mov r9=r8 };; // lasttick=tick -{ .mmi; cmp.ne p6,p0=r10,r11;; // diff!=lastdiff -(p6) add r33=-1,r33 };; // conditional --cnt -{ .mib; cmp4.ne p7,p0=0,r33 -(p6) add r32=4,r32 // conditional ++out -(p7) br.cond.dptk .Loop2 };; -.Ldone2: -{ .mib; sub r8=r2,r33 - br.ret.sptk.many b0 };; -.endp OPENSSL_instrument_bus2# diff --git a/crypto/idea/build.info b/crypto/idea/build.info deleted file mode 100644 index 5441351b9cd76ae44db246604783a9f19b0eee88..0000000000000000000000000000000000000000 --- a/crypto/idea/build.info +++ /dev/null @@ -1,10 +0,0 @@ -LIBS=../../libcrypto -$ALL=i_cbc.c i_cfb64.c i_ofb64.c i_ecb.c i_skey.c - -SOURCE[../../libcrypto]=$ALL - -# When all deprecated symbols are removed, libcrypto doesn't export the -# idea functions, so we must include them directly in liblegacy.a -IF[{- $disabled{'deprecated-3.0'} -}] - SOURCE[../../providers/liblegacy.a]=$ALL -ENDIF diff --git a/crypto/idea/i_cbc.c b/crypto/idea/i_cbc.c deleted file mode 100644 index e9608e82f561d289a46ce3c4391c0ccc7c4fd642..0000000000000000000000000000000000000000 --- a/crypto/idea/i_cbc.c +++ /dev/null @@ -1,129 +0,0 @@ -/* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * IDEA low level APIs are deprecated for public use, but still ok for internal - * use where we're using them to implement the higher level EVP interface, as is - * the case here. - */ -#include "internal/deprecated.h" - -#include -#include "idea_local.h" - -void IDEA_cbc_encrypt(const unsigned char *in, unsigned char *out, - long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv, - int encrypt) -{ - register unsigned long tin0, tin1; - register unsigned long tout0, tout1, xor0, xor1; - register long l = length; - unsigned long tin[2]; - - if (encrypt) { - n2l(iv, tout0); - n2l(iv, tout1); - iv -= 8; - for (l -= 8; l >= 0; l -= 8) { - n2l(in, tin0); - n2l(in, tin1); - tin0 ^= tout0; - tin1 ^= tout1; - tin[0] = tin0; - tin[1] = tin1; - IDEA_encrypt(tin, ks); - tout0 = tin[0]; - l2n(tout0, out); - tout1 = tin[1]; - l2n(tout1, out); - } - if (l != -8) { - n2ln(in, tin0, tin1, l + 8); - tin0 ^= tout0; - tin1 ^= tout1; - tin[0] = tin0; - tin[1] = tin1; - IDEA_encrypt(tin, ks); - tout0 = tin[0]; - l2n(tout0, out); - tout1 = tin[1]; - l2n(tout1, out); - } - l2n(tout0, iv); - l2n(tout1, iv); - } else { - n2l(iv, xor0); - n2l(iv, xor1); - iv -= 8; - for (l -= 8; l >= 0; l -= 8) { - n2l(in, tin0); - tin[0] = tin0; - n2l(in, tin1); - tin[1] = tin1; - IDEA_encrypt(tin, ks); - tout0 = tin[0] ^ xor0; - tout1 = tin[1] ^ xor1; - l2n(tout0, out); - l2n(tout1, out); - xor0 = tin0; - xor1 = tin1; - } - if (l != -8) { - n2l(in, tin0); - tin[0] = tin0; - n2l(in, tin1); - tin[1] = tin1; - IDEA_encrypt(tin, ks); - tout0 = tin[0] ^ xor0; - tout1 = tin[1] ^ xor1; - l2nn(tout0, tout1, out, l + 8); - xor0 = tin0; - xor1 = tin1; - } - l2n(xor0, iv); - l2n(xor1, iv); - } - tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0; - tin[0] = tin[1] = 0; -} - -void IDEA_encrypt(unsigned long *d, IDEA_KEY_SCHEDULE *key) -{ - register IDEA_INT *p; - register unsigned long x1, x2, x3, x4, t0, t1, ul; - - x2 = d[0]; - x1 = (x2 >> 16); - x4 = d[1]; - x3 = (x4 >> 16); - - p = &(key->data[0][0]); - - E_IDEA(0); - E_IDEA(1); - E_IDEA(2); - E_IDEA(3); - E_IDEA(4); - E_IDEA(5); - E_IDEA(6); - E_IDEA(7); - - x1 &= 0xffff; - idea_mul(x1, x1, *p, ul); - p++; - - t0 = x3 + *(p++); - t1 = x2 + *(p++); - - x4 &= 0xffff; - idea_mul(x4, x4, *p, ul); - - d[0] = (t0 & 0xffff) | ((x1 & 0xffff) << 16); - d[1] = (x4 & 0xffff) | ((t1 & 0xffff) << 16); -} diff --git a/crypto/idea/i_cfb64.c b/crypto/idea/i_cfb64.c deleted file mode 100644 index afea89edfa08d29ef2ede98c300ef2969fe48dab..0000000000000000000000000000000000000000 --- a/crypto/idea/i_cfb64.c +++ /dev/null @@ -1,86 +0,0 @@ -/* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * IDEA low level APIs are deprecated for public use, but still ok for internal - * use where we're using them to implement the higher level EVP interface, as is - * the case here. - */ -#include "internal/deprecated.h" - -#include -#include "idea_local.h" - -/* - * The input and output encrypted as though 64bit cfb mode is being used. - * The extra state information to record how much of the 64bit block we have - * used is contained in *num; - */ - -void IDEA_cfb64_encrypt(const unsigned char *in, unsigned char *out, - long length, IDEA_KEY_SCHEDULE *schedule, - unsigned char *ivec, int *num, int encrypt) -{ - register unsigned long v0, v1, t; - register int n = *num; - register long l = length; - unsigned long ti[2]; - unsigned char *iv, c, cc; - - if (n < 0) { - *num = -1; - return; - } - - iv = (unsigned char *)ivec; - if (encrypt) { - while (l--) { - if (n == 0) { - n2l(iv, v0); - ti[0] = v0; - n2l(iv, v1); - ti[1] = v1; - IDEA_encrypt((unsigned long *)ti, schedule); - iv = (unsigned char *)ivec; - t = ti[0]; - l2n(t, iv); - t = ti[1]; - l2n(t, iv); - iv = (unsigned char *)ivec; - } - c = *(in++) ^ iv[n]; - *(out++) = c; - iv[n] = c; - n = (n + 1) & 0x07; - } - } else { - while (l--) { - if (n == 0) { - n2l(iv, v0); - ti[0] = v0; - n2l(iv, v1); - ti[1] = v1; - IDEA_encrypt((unsigned long *)ti, schedule); - iv = (unsigned char *)ivec; - t = ti[0]; - l2n(t, iv); - t = ti[1]; - l2n(t, iv); - iv = (unsigned char *)ivec; - } - cc = *(in++); - c = iv[n]; - iv[n] = cc; - *(out++) = c ^ cc; - n = (n + 1) & 0x07; - } - } - v0 = v1 = ti[0] = ti[1] = t = c = cc = 0; - *num = n; -} diff --git a/crypto/idea/i_ecb.c b/crypto/idea/i_ecb.c deleted file mode 100644 index 6304e6cac80285bf006004a0d6f26f59fe48fee7..0000000000000000000000000000000000000000 --- a/crypto/idea/i_ecb.c +++ /dev/null @@ -1,41 +0,0 @@ -/* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * IDEA low level APIs are deprecated for public use, but still ok for internal - * use where we're using them to implement the higher level EVP interface, as is - * the case here. - */ -#include "internal/deprecated.h" - -#include -#include "idea_local.h" -#include - -const char *IDEA_options(void) -{ - return "idea(int)"; -} - -void IDEA_ecb_encrypt(const unsigned char *in, unsigned char *out, - IDEA_KEY_SCHEDULE *ks) -{ - unsigned long l0, l1, d[2]; - - n2l(in, l0); - d[0] = l0; - n2l(in, l1); - d[1] = l1; - IDEA_encrypt(d, ks); - l0 = d[0]; - l2n(l0, out); - l1 = d[1]; - l2n(l1, out); - l0 = l1 = d[0] = d[1] = 0; -} diff --git a/crypto/idea/i_ofb64.c b/crypto/idea/i_ofb64.c deleted file mode 100644 index a6a149764dbeec1fefb757b1f5e6c1dfff831c51..0000000000000000000000000000000000000000 --- a/crypto/idea/i_ofb64.c +++ /dev/null @@ -1,73 +0,0 @@ -/* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * IDEA low level APIs are deprecated for public use, but still ok for internal - * use where we're using them to implement the higher level EVP interface, as is - * the case here. - */ -#include "internal/deprecated.h" - -#include -#include "idea_local.h" - -/* - * The input and output encrypted as though 64bit ofb mode is being used. - * The extra state information to record how much of the 64bit block we have - * used is contained in *num; - */ -void IDEA_ofb64_encrypt(const unsigned char *in, unsigned char *out, - long length, IDEA_KEY_SCHEDULE *schedule, - unsigned char *ivec, int *num) -{ - register unsigned long v0, v1, t; - register int n = *num; - register long l = length; - unsigned char d[8]; - register char *dp; - unsigned long ti[2]; - unsigned char *iv; - int save = 0; - - if (n < 0) { - *num = -1; - return; - } - - iv = (unsigned char *)ivec; - n2l(iv, v0); - n2l(iv, v1); - ti[0] = v0; - ti[1] = v1; - dp = (char *)d; - l2n(v0, dp); - l2n(v1, dp); - while (l--) { - if (n == 0) { - IDEA_encrypt((unsigned long *)ti, schedule); - dp = (char *)d; - t = ti[0]; - l2n(t, dp); - t = ti[1]; - l2n(t, dp); - save++; - } - *(out++) = *(in++) ^ d[n]; - n = (n + 1) & 0x07; - } - if (save) { - v0 = ti[0]; - v1 = ti[1]; - iv = (unsigned char *)ivec; - l2n(v0, iv); - l2n(v1, iv); - } - t = v0 = v1 = ti[0] = ti[1] = 0; - *num = n; -} diff --git a/crypto/idea/i_skey.c b/crypto/idea/i_skey.c deleted file mode 100644 index 7564bce5b1318bbef528ab732f9703cc082fc572..0000000000000000000000000000000000000000 --- a/crypto/idea/i_skey.c +++ /dev/null @@ -1,119 +0,0 @@ -/* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * IDEA low level APIs are deprecated for public use, but still ok for internal - * use where we're using them to implement the higher level EVP interface, as is - * the case here. - */ -#include "internal/deprecated.h" - -#include -#include "idea_local.h" - -static IDEA_INT inverse(unsigned int xin); -void IDEA_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks) -{ - int i; - register IDEA_INT *kt, *kf, r0, r1, r2; - - kt = &(ks->data[0][0]); - n2s(key, kt[0]); - n2s(key, kt[1]); - n2s(key, kt[2]); - n2s(key, kt[3]); - n2s(key, kt[4]); - n2s(key, kt[5]); - n2s(key, kt[6]); - n2s(key, kt[7]); - - kf = kt; - kt += 8; - for (i = 0; i < 6; i++) { - r2 = kf[1]; - r1 = kf[2]; - *(kt++) = ((r2 << 9) | (r1 >> 7)) & 0xffff; - r0 = kf[3]; - *(kt++) = ((r1 << 9) | (r0 >> 7)) & 0xffff; - r1 = kf[4]; - *(kt++) = ((r0 << 9) | (r1 >> 7)) & 0xffff; - r0 = kf[5]; - *(kt++) = ((r1 << 9) | (r0 >> 7)) & 0xffff; - r1 = kf[6]; - *(kt++) = ((r0 << 9) | (r1 >> 7)) & 0xffff; - r0 = kf[7]; - *(kt++) = ((r1 << 9) | (r0 >> 7)) & 0xffff; - r1 = kf[0]; - if (i >= 5) - break; - *(kt++) = ((r0 << 9) | (r1 >> 7)) & 0xffff; - *(kt++) = ((r1 << 9) | (r2 >> 7)) & 0xffff; - kf += 8; - } -} - -void IDEA_set_decrypt_key(IDEA_KEY_SCHEDULE *ek, IDEA_KEY_SCHEDULE *dk) -{ - int r; - register IDEA_INT *fp, *tp, t; - - tp = &(dk->data[0][0]); - fp = &(ek->data[8][0]); - for (r = 0; r < 9; r++) { - *(tp++) = inverse(fp[0]); - *(tp++) = ((int)(0x10000L - fp[2]) & 0xffff); - *(tp++) = ((int)(0x10000L - fp[1]) & 0xffff); - *(tp++) = inverse(fp[3]); - if (r == 8) - break; - fp -= 6; - *(tp++) = fp[4]; - *(tp++) = fp[5]; - } - - tp = &(dk->data[0][0]); - t = tp[1]; - tp[1] = tp[2]; - tp[2] = t; - - t = tp[49]; - tp[49] = tp[50]; - tp[50] = t; -} - -/* taken directly from the 'paper' I'll have a look at it later */ -static IDEA_INT inverse(unsigned int xin) -{ - long n1, n2, q, r, b1, b2, t; - - if (xin == 0) - b2 = 0; - else { - n1 = 0x10001; - n2 = xin; - b2 = 1; - b1 = 0; - - do { - r = (n1 % n2); - q = (n1 - r) / n2; - if (r == 0) { - if (b2 < 0) - b2 = 0x10001 + b2; - } else { - n1 = n2; - n2 = r; - t = b2; - b2 = b1 - q * b2; - b1 = t; - } - } while (r != 0); - } - return (IDEA_INT)b2; -} diff --git a/crypto/idea/idea_local.h b/crypto/idea/idea_local.h deleted file mode 100644 index 3c9ffa0827d0c325f970074f1fdaa17c0f7570b4..0000000000000000000000000000000000000000 --- a/crypto/idea/idea_local.h +++ /dev/null @@ -1,102 +0,0 @@ -/* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#define idea_mul(r,a,b,ul) \ -ul=(unsigned long)a*b; \ -if (ul != 0) \ - { \ - r=(ul&0xffff)-(ul>>16); \ - r-=((r)>>16); \ - } \ -else \ - r=(-(int)a-b+1); /* assuming a or b is 0 and in range */ - -/* NOTE - c is not incremented as per n2l */ -#define n2ln(c,l1,l2,n) { \ - c+=n; \ - l1=l2=0; \ - switch (n) { \ - case 8: l2 =((unsigned long)(*(--(c)))) ; \ - /* fall thru */ \ - case 7: l2|=((unsigned long)(*(--(c))))<< 8; \ - /* fall thru */ \ - case 6: l2|=((unsigned long)(*(--(c))))<<16; \ - /* fall thru */ \ - case 5: l2|=((unsigned long)(*(--(c))))<<24; \ - /* fall thru */ \ - case 4: l1 =((unsigned long)(*(--(c)))) ; \ - /* fall thru */ \ - case 3: l1|=((unsigned long)(*(--(c))))<< 8; \ - /* fall thru */ \ - case 2: l1|=((unsigned long)(*(--(c))))<<16; \ - /* fall thru */ \ - case 1: l1|=((unsigned long)(*(--(c))))<<24; \ - } \ - } - -/* NOTE - c is not incremented as per l2n */ -#define l2nn(l1,l2,c,n) { \ - c+=n; \ - switch (n) { \ - case 8: *(--(c))=(unsigned char)(((l2) )&0xff); \ - /* fall thru */ \ - case 7: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \ - /* fall thru */ \ - case 6: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \ - /* fall thru */ \ - case 5: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \ - /* fall thru */ \ - case 4: *(--(c))=(unsigned char)(((l1) )&0xff); \ - /* fall thru */ \ - case 3: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \ - /* fall thru */ \ - case 2: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \ - /* fall thru */ \ - case 1: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \ - } \ - } - -#undef n2l -#define n2l(c,l) (l =((unsigned long)(*((c)++)))<<24L, \ - l|=((unsigned long)(*((c)++)))<<16L, \ - l|=((unsigned long)(*((c)++)))<< 8L, \ - l|=((unsigned long)(*((c)++)))) - -#undef l2n -#define l2n(l,c) (*((c)++)=(unsigned char)(((l)>>24L)&0xff), \ - *((c)++)=(unsigned char)(((l)>>16L)&0xff), \ - *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \ - *((c)++)=(unsigned char)(((l) )&0xff)) - -#undef s2n -#define s2n(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \ - *((c)++)=(unsigned char)(((l)>> 8L)&0xff)) - -#undef n2s -#define n2s(c,l) (l =((IDEA_INT)(*((c)++)))<< 8L, \ - l|=((IDEA_INT)(*((c)++))) ) - - -#define E_IDEA(num) \ - x1&=0xffff; \ - idea_mul(x1,x1,*p,ul); p++; \ - x2+= *(p++); \ - x3+= *(p++); \ - x4&=0xffff; \ - idea_mul(x4,x4,*p,ul); p++; \ - t0=(x1^x3)&0xffff; \ - idea_mul(t0,t0,*p,ul); p++; \ - t1=(t0+(x2^x4))&0xffff; \ - idea_mul(t1,t1,*p,ul); p++; \ - t0+=t1; \ - x1^=t1; \ - x4^=t0; \ - ul=x2^t0; /* do the swap to x3 */ \ - x2=x3^t1; \ - x3=ul; diff --git a/crypto/info.c b/crypto/info.c deleted file mode 100644 index a106e8c885910ace331792b634fd375e765132dd..0000000000000000000000000000000000000000 --- a/crypto/info.c +++ /dev/null @@ -1,207 +0,0 @@ -/* - * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "crypto/rand.h" -#include "crypto/dso_conf.h" -#include "internal/thread_once.h" -#include "internal/cryptlib.h" -#include "e_os.h" -#include "buildinf.h" - -#if defined(__arm__) || defined(__arm) || defined(__aarch64__) -# include "arm_arch.h" -# define CPU_INFO_STR_LEN 128 -#elif defined(__s390__) || defined(__s390x__) -# include "s390x_arch.h" -# define CPU_INFO_STR_LEN 2048 -#else -# define CPU_INFO_STR_LEN 128 -#endif - -/* extern declaration to avoid warning */ -extern char ossl_cpu_info_str[]; - -static char *seed_sources = NULL; - -char ossl_cpu_info_str[CPU_INFO_STR_LEN] = ""; -#define CPUINFO_PREFIX "CPUINFO: " - -static CRYPTO_ONCE init_info = CRYPTO_ONCE_STATIC_INIT; - -DEFINE_RUN_ONCE_STATIC(init_info_strings) -{ -#if defined(OPENSSL_CPUID_OBJ) -# if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \ - defined(__x86_64) || defined(__x86_64__) || \ - defined(_M_AMD64) || defined(_M_X64) - const char *env; - - BIO_snprintf(ossl_cpu_info_str, sizeof(ossl_cpu_info_str), - CPUINFO_PREFIX "OPENSSL_ia32cap=0x%llx:0x%llx", - (long long)OPENSSL_ia32cap_P[0] | - (long long)OPENSSL_ia32cap_P[1] << 32, - (long long)OPENSSL_ia32cap_P[2] | - (long long)OPENSSL_ia32cap_P[3] << 32); - if ((env = getenv("OPENSSL_ia32cap")) != NULL) - BIO_snprintf(ossl_cpu_info_str + strlen(ossl_cpu_info_str), - sizeof(ossl_cpu_info_str) - strlen(ossl_cpu_info_str), - " env:%s", env); -# elif defined(__arm__) || defined(__arm) || defined(__aarch64__) - const char *env; - - BIO_snprintf(ossl_cpu_info_str, sizeof(ossl_cpu_info_str), - CPUINFO_PREFIX "OPENSSL_armcap=0x%x", OPENSSL_armcap_P); - if ((env = getenv("OPENSSL_armcap")) != NULL) - BIO_snprintf(ossl_cpu_info_str + strlen(ossl_cpu_info_str), - sizeof(ossl_cpu_info_str) - strlen(ossl_cpu_info_str), - " env:%s", env); -# elif defined(__s390__) || defined(__s390x__) - const char *env; - - BIO_snprintf(ossl_cpu_info_str, sizeof(ossl_cpu_info_str), - CPUINFO_PREFIX "OPENSSL_s390xcap=" - "stfle:0x%llx:0x%llx:0x%llx:0x%llx:" - "kimd:0x%llx:0x%llx:" - "klmd:0x%llx:0x%llx:" - "km:0x%llx:0x%llx:" - "kmc:0x%llx:0x%llx:" - "kmac:0x%llx:0x%llx:" - "kmctr:0x%llx:0x%llx:" - "kmo:0x%llx:0x%llx:" - "kmf:0x%llx:0x%llx:" - "prno:0x%llx:0x%llx:" - "kma:0x%llx:0x%llx:" - "pcc:0x%llx:0x%llx:" - "kdsa:0x%llx:0x%llx", - OPENSSL_s390xcap_P.stfle[0], OPENSSL_s390xcap_P.stfle[1], - OPENSSL_s390xcap_P.stfle[2], OPENSSL_s390xcap_P.stfle[3], - OPENSSL_s390xcap_P.kimd[0], OPENSSL_s390xcap_P.kimd[1], - OPENSSL_s390xcap_P.klmd[0], OPENSSL_s390xcap_P.klmd[1], - OPENSSL_s390xcap_P.km[0], OPENSSL_s390xcap_P.km[1], - OPENSSL_s390xcap_P.kmc[0], OPENSSL_s390xcap_P.kmc[1], - OPENSSL_s390xcap_P.kmac[0], OPENSSL_s390xcap_P.kmac[1], - OPENSSL_s390xcap_P.kmctr[0], OPENSSL_s390xcap_P.kmctr[1], - OPENSSL_s390xcap_P.kmo[0], OPENSSL_s390xcap_P.kmo[1], - OPENSSL_s390xcap_P.kmf[0], OPENSSL_s390xcap_P.kmf[1], - OPENSSL_s390xcap_P.prno[0], OPENSSL_s390xcap_P.prno[1], - OPENSSL_s390xcap_P.kma[0], OPENSSL_s390xcap_P.kma[1], - OPENSSL_s390xcap_P.pcc[0], OPENSSL_s390xcap_P.pcc[1], - OPENSSL_s390xcap_P.kdsa[0], OPENSSL_s390xcap_P.kdsa[1]); - if ((env = getenv("OPENSSL_s390xcap")) != NULL) - BIO_snprintf(ossl_cpu_info_str + strlen(ossl_cpu_info_str), - sizeof(ossl_cpu_info_str) - strlen(ossl_cpu_info_str), - " env:%s", env); -# endif -#endif - - { - static char seeds[512] = ""; - -#define add_seeds_string(str) \ - do { \ - if (seeds[0] != '\0') \ - OPENSSL_strlcat(seeds, " ", sizeof(seeds)); \ - OPENSSL_strlcat(seeds, str, sizeof(seeds)); \ - } while (0) -#define add_seeds_stringlist(label, strlist) \ - do { \ - add_seeds_string(label "("); \ - { \ - const char *dev[] = { strlist, NULL }; \ - const char **p; \ - int first = 1; \ - \ - for (p = dev; *p != NULL; p++) { \ - if (!first) \ - OPENSSL_strlcat(seeds, " ", sizeof(seeds)); \ - first = 0; \ - OPENSSL_strlcat(seeds, *p, sizeof(seeds)); \ - } \ - } \ - OPENSSL_strlcat(seeds, ")", sizeof(seeds)); \ - } while (0) - -#ifdef OPENSSL_RAND_SEED_NONE - add_seeds_string("none"); -#endif -#ifdef OPENSSL_RAND_SEED_RTDSC - add_seeds_string("stdsc"); -#endif -#ifdef OPENSSL_RAND_SEED_RDCPU - add_seeds_string("rdrand ( rdseed rdrand )"); -#endif -#ifdef OPENSSL_RAND_SEED_LIBRANDOM - add_seeds_string("C-library-random"); -#endif -#ifdef OPENSSL_RAND_SEED_GETRANDOM - add_seeds_string("getrandom-syscall"); -#endif -#ifdef OPENSSL_RAND_SEED_DEVRANDOM - add_seeds_stringlist("random-device", DEVRANDOM); -#endif -#ifdef OPENSSL_RAND_SEED_EGD - add_seeds_stringlist("EGD", DEVRANDOM_EGD); -#endif -#ifdef OPENSSL_RAND_SEED_OS - add_seeds_string("os-specific"); -#endif - seed_sources = seeds; - } - return 1; -} - -const char *OPENSSL_info(int t) -{ - /* - * We don't care about the result. Worst case scenario, the strings - * won't be initialised, i.e. remain NULL, which means that the info - * isn't available anyway... - */ - (void)RUN_ONCE(&init_info, init_info_strings); - - switch (t) { - case OPENSSL_INFO_CONFIG_DIR: - return OPENSSLDIR; - case OPENSSL_INFO_ENGINES_DIR: - return ENGINESDIR; - case OPENSSL_INFO_MODULES_DIR: - return MODULESDIR; - case OPENSSL_INFO_DSO_EXTENSION: - return DSO_EXTENSION; - case OPENSSL_INFO_DIR_FILENAME_SEPARATOR: -#if defined(_WIN32) - return "\\"; -#elif defined(__VMS) - return ""; -#else /* Assume POSIX */ - return "/"; -#endif - case OPENSSL_INFO_LIST_SEPARATOR: - { - static const char list_sep[] = { LIST_SEPARATOR_CHAR, '\0' }; - return list_sep; - } - case OPENSSL_INFO_SEED_SOURCE: - return seed_sources; - case OPENSSL_INFO_CPU_SETTINGS: - /* - * If successfully initialized, ossl_cpu_info_str will start - * with CPUINFO_PREFIX, if failed it will be an empty string. - * Strip away the CPUINFO_PREFIX which we don't need here. - */ - if (ossl_cpu_info_str[0] != '\0') - return ossl_cpu_info_str + strlen(CPUINFO_PREFIX); - break; - default: - break; - } - /* Not an error */ - return NULL; -} diff --git a/crypto/init.c b/crypto/init.c deleted file mode 100644 index cacf637c89f8e8c264400cc8ae443fb35192f042..0000000000000000000000000000000000000000 --- a/crypto/init.c +++ /dev/null @@ -1,720 +0,0 @@ -/* - * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* We need to use some engine deprecated APIs */ -#define OPENSSL_SUPPRESS_DEPRECATED - -#include "e_os.h" -#include "crypto/cryptlib.h" -#include -#include "crypto/rand.h" -#include "internal/bio.h" -#include -#include "crypto/evp.h" -#include "internal/conf.h" -#include "crypto/async.h" -#include "crypto/engine.h" -#include "internal/comp.h" -#include "internal/err.h" -#include "crypto/err.h" -#include "crypto/objects.h" -#include -#include -#include "internal/thread_once.h" -#include "crypto/dso_conf.h" -#include "internal/dso.h" -#include "crypto/store.h" -#include /* for OSSL_CMP_log_close() */ -#include -#include "crypto/ctype.h" - -static int stopped = 0; -static uint64_t optsdone = 0; - -typedef struct ossl_init_stop_st OPENSSL_INIT_STOP; -struct ossl_init_stop_st { - void (*handler)(void); - OPENSSL_INIT_STOP *next; -}; - -static OPENSSL_INIT_STOP *stop_handlers = NULL; -/* Guards access to the optsdone variable on platforms without atomics */ -static CRYPTO_RWLOCK *optsdone_lock = NULL; -/* Guards simultaneous INIT_LOAD_CONFIG calls with non-NULL settings */ -static CRYPTO_RWLOCK *init_lock = NULL; -static CRYPTO_THREAD_LOCAL in_init_config_local; - -static CRYPTO_ONCE base = CRYPTO_ONCE_STATIC_INIT; -static int base_inited = 0; -DEFINE_RUN_ONCE_STATIC(ossl_init_base) -{ - /* no need to init trace */ - - OSSL_TRACE(INIT, "ossl_init_base: setting up stop handlers\n"); -#ifndef OPENSSL_NO_CRYPTO_MDEBUG - ossl_malloc_setup_failures(); -#endif - - if ((optsdone_lock = CRYPTO_THREAD_lock_new()) == NULL - || (init_lock = CRYPTO_THREAD_lock_new()) == NULL) - goto err; - - OPENSSL_cpuid_setup(); - - if (!ossl_init_thread()) - goto err; - - if (!CRYPTO_THREAD_init_local(&in_init_config_local, NULL)) - goto err; - - base_inited = 1; - return 1; - -err: - OSSL_TRACE(INIT, "ossl_init_base failed!\n"); - CRYPTO_THREAD_lock_free(optsdone_lock); - optsdone_lock = NULL; - CRYPTO_THREAD_lock_free(init_lock); - init_lock = NULL; - - return 0; -} - -static CRYPTO_ONCE register_atexit = CRYPTO_ONCE_STATIC_INIT; -#if !defined(OPENSSL_SYS_UEFI) && defined(_WIN32) -static int win32atexit(void) -{ - OPENSSL_cleanup(); - return 0; -} -#endif - -DEFINE_RUN_ONCE_STATIC(ossl_init_register_atexit) -{ -#ifdef OPENSSL_INIT_DEBUG - fprintf(stderr, "OPENSSL_INIT: ossl_init_register_atexit()\n"); -#endif -#ifndef OPENSSL_SYS_UEFI -# if defined(_WIN32) && !defined(__BORLANDC__) - /* We use _onexit() in preference because it gets called on DLL unload */ - if (_onexit(win32atexit) == NULL) - return 0; -# else - if (atexit(OPENSSL_cleanup) != 0) - return 0; -# endif -#endif - - return 1; -} - -DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_register_atexit, - ossl_init_register_atexit) -{ -#ifdef OPENSSL_INIT_DEBUG - fprintf(stderr, "OPENSSL_INIT: ossl_init_no_register_atexit ok!\n"); -#endif - /* Do nothing in this case */ - return 1; -} - -static CRYPTO_ONCE load_crypto_nodelete = CRYPTO_ONCE_STATIC_INIT; -DEFINE_RUN_ONCE_STATIC(ossl_init_load_crypto_nodelete) -{ - OSSL_TRACE(INIT, "ossl_init_load_crypto_nodelete()\n"); - -#if !defined(OPENSSL_USE_NODELETE) \ - && !defined(OPENSSL_NO_PINSHARED) -# if defined(DSO_WIN32) && !defined(_WIN32_WCE) - { - HMODULE handle = NULL; - BOOL ret; - - /* We don't use the DSO route for WIN32 because there is a better way */ - ret = GetModuleHandleEx(GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS - | GET_MODULE_HANDLE_EX_FLAG_PIN, - (void *)&base_inited, &handle); - - OSSL_TRACE1(INIT, - "ossl_init_load_crypto_nodelete: " - "obtained DSO reference? %s\n", - (ret == TRUE ? "No!" : "Yes.")); - return (ret == TRUE) ? 1 : 0; - } -# elif !defined(DSO_NONE) - /* - * Deliberately leak a reference to ourselves. This will force the library - * to remain loaded until the atexit() handler is run at process exit. - */ - { - DSO *dso; - void *err; - - if (!err_shelve_state(&err)) - return 0; - - dso = DSO_dsobyaddr(&base_inited, DSO_FLAG_NO_UNLOAD_ON_FREE); - /* - * In case of No!, it is uncertain our exit()-handlers can still be - * called. After dlclose() the whole library might have been unloaded - * already. - */ - OSSL_TRACE1(INIT, "obtained DSO reference? %s\n", - (dso == NULL ? "No!" : "Yes.")); - DSO_free(dso); - err_unshelve_state(err); - } -# endif -#endif - - return 1; -} - -static CRYPTO_ONCE load_crypto_strings = CRYPTO_ONCE_STATIC_INIT; - -DEFINE_RUN_ONCE_STATIC(ossl_init_load_crypto_strings) -{ - int ret = 1; - /* - * OPENSSL_NO_AUTOERRINIT is provided here to prevent at compile time - * pulling in all the error strings during static linking - */ -#if !defined(OPENSSL_NO_ERR) && !defined(OPENSSL_NO_AUTOERRINIT) - OSSL_TRACE(INIT, "ossl_err_load_crypto_strings()\n"); - ret = ossl_err_load_crypto_strings(); -#endif - return ret; -} - -DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_load_crypto_strings, - ossl_init_load_crypto_strings) -{ - /* Do nothing in this case */ - return 1; -} - -static CRYPTO_ONCE add_all_ciphers = CRYPTO_ONCE_STATIC_INIT; -DEFINE_RUN_ONCE_STATIC(ossl_init_add_all_ciphers) -{ - /* - * OPENSSL_NO_AUTOALGINIT is provided here to prevent at compile time - * pulling in all the ciphers during static linking - */ -#ifndef OPENSSL_NO_AUTOALGINIT - OSSL_TRACE(INIT, "openssl_add_all_ciphers_int()\n"); - openssl_add_all_ciphers_int(); -#endif - return 1; -} - -DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_add_all_ciphers, - ossl_init_add_all_ciphers) -{ - /* Do nothing */ - return 1; -} - -static CRYPTO_ONCE add_all_digests = CRYPTO_ONCE_STATIC_INIT; -DEFINE_RUN_ONCE_STATIC(ossl_init_add_all_digests) -{ - /* - * OPENSSL_NO_AUTOALGINIT is provided here to prevent at compile time - * pulling in all the ciphers during static linking - */ -#ifndef OPENSSL_NO_AUTOALGINIT - OSSL_TRACE(INIT, "openssl_add_all_digests()\n"); - openssl_add_all_digests_int(); -#endif - return 1; -} - -DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_add_all_digests, - ossl_init_add_all_digests) -{ - /* Do nothing */ - return 1; -} - -static CRYPTO_ONCE config = CRYPTO_ONCE_STATIC_INIT; -static int config_inited = 0; -static const OPENSSL_INIT_SETTINGS *conf_settings = NULL; -DEFINE_RUN_ONCE_STATIC(ossl_init_config) -{ - int ret = ossl_config_int(NULL); - - config_inited = 1; - return ret; -} -DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_config_settings, ossl_init_config) -{ - int ret = ossl_config_int(conf_settings); - - config_inited = 1; - return ret; -} -DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_config, ossl_init_config) -{ - OSSL_TRACE(INIT, "ossl_no_config_int()\n"); - ossl_no_config_int(); - config_inited = 1; - return 1; -} - -static CRYPTO_ONCE async = CRYPTO_ONCE_STATIC_INIT; -static int async_inited = 0; -DEFINE_RUN_ONCE_STATIC(ossl_init_async) -{ - OSSL_TRACE(INIT, "async_init()\n"); - if (!async_init()) - return 0; - async_inited = 1; - return 1; -} - -#ifndef OPENSSL_NO_ENGINE -static CRYPTO_ONCE engine_openssl = CRYPTO_ONCE_STATIC_INIT; -DEFINE_RUN_ONCE_STATIC(ossl_init_engine_openssl) -{ - OSSL_TRACE(INIT, "engine_load_openssl_int()\n"); - engine_load_openssl_int(); - return 1; -} -# ifndef OPENSSL_NO_RDRAND -static CRYPTO_ONCE engine_rdrand = CRYPTO_ONCE_STATIC_INIT; -DEFINE_RUN_ONCE_STATIC(ossl_init_engine_rdrand) -{ - OSSL_TRACE(INIT, "engine_load_rdrand_int()\n"); - engine_load_rdrand_int(); - return 1; -} -# endif -static CRYPTO_ONCE engine_dynamic = CRYPTO_ONCE_STATIC_INIT; -DEFINE_RUN_ONCE_STATIC(ossl_init_engine_dynamic) -{ - OSSL_TRACE(INIT, "engine_load_dynamic_int()\n"); - engine_load_dynamic_int(); - return 1; -} -# ifndef OPENSSL_NO_STATIC_ENGINE -# ifndef OPENSSL_NO_DEVCRYPTOENG -static CRYPTO_ONCE engine_devcrypto = CRYPTO_ONCE_STATIC_INIT; -DEFINE_RUN_ONCE_STATIC(ossl_init_engine_devcrypto) -{ - OSSL_TRACE(INIT, "engine_load_devcrypto_int()\n"); - engine_load_devcrypto_int(); - return 1; -} -# endif -# if !defined(OPENSSL_NO_PADLOCKENG) -static CRYPTO_ONCE engine_padlock = CRYPTO_ONCE_STATIC_INIT; -DEFINE_RUN_ONCE_STATIC(ossl_init_engine_padlock) -{ - OSSL_TRACE(INIT, "engine_load_padlock_int()\n"); - engine_load_padlock_int(); - return 1; -} -# endif -# if defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_NO_CAPIENG) -static CRYPTO_ONCE engine_capi = CRYPTO_ONCE_STATIC_INIT; -DEFINE_RUN_ONCE_STATIC(ossl_init_engine_capi) -{ - OSSL_TRACE(INIT, "engine_load_capi_int()\n"); - engine_load_capi_int(); - return 1; -} -# endif -# if !defined(OPENSSL_NO_AFALGENG) -static CRYPTO_ONCE engine_afalg = CRYPTO_ONCE_STATIC_INIT; -DEFINE_RUN_ONCE_STATIC(ossl_init_engine_afalg) -{ - OSSL_TRACE(INIT, "engine_load_afalg_int()\n"); - engine_load_afalg_int(); - return 1; -} -# endif -# endif -#endif - -void OPENSSL_cleanup(void) -{ - OPENSSL_INIT_STOP *currhandler, *lasthandler; - - /* - * At some point we should consider looking at this function with a view to - * moving most/all of this into onfree handlers in OSSL_LIB_CTX. - */ - - /* If we've not been inited then no need to deinit */ - if (!base_inited) - return; - - /* Might be explicitly called and also by atexit */ - if (stopped) - return; - stopped = 1; - - /* - * Thread stop may not get automatically called by the thread library for - * the very last thread in some situations, so call it directly. - */ - OPENSSL_thread_stop(); - - currhandler = stop_handlers; - while (currhandler != NULL) { - currhandler->handler(); - lasthandler = currhandler; - currhandler = currhandler->next; - OPENSSL_free(lasthandler); - } - stop_handlers = NULL; - - CRYPTO_THREAD_lock_free(optsdone_lock); - optsdone_lock = NULL; - CRYPTO_THREAD_lock_free(init_lock); - init_lock = NULL; - - CRYPTO_THREAD_cleanup_local(&in_init_config_local); - - /* - * We assume we are single-threaded for this function, i.e. no race - * conditions for the various "*_inited" vars below. - */ - -#ifndef OPENSSL_NO_COMP - OSSL_TRACE(INIT, "OPENSSL_cleanup: ossl_comp_zlib_cleanup()\n"); - ossl_comp_zlib_cleanup(); -#endif - - if (async_inited) { - OSSL_TRACE(INIT, "OPENSSL_cleanup: async_deinit()\n"); - async_deinit(); - } - - /* - * Note that cleanup order is important: - * - ossl_rand_cleanup_int could call an ENGINE's RAND cleanup function so - * must be called before engine_cleanup_int() - * - ENGINEs use CRYPTO_EX_DATA and therefore, must be cleaned up - * before the ex data handlers are wiped during default ossl_lib_ctx deinit. - * - ossl_config_modules_free() can end up in ENGINE code so must be called - * before engine_cleanup_int() - * - ENGINEs and additional EVP algorithms might use added OIDs names so - * ossl_obj_cleanup_int() must be called last - */ - OSSL_TRACE(INIT, "OPENSSL_cleanup: ossl_rand_cleanup_int()\n"); - ossl_rand_cleanup_int(); - - OSSL_TRACE(INIT, "OPENSSL_cleanup: ossl_config_modules_free()\n"); - ossl_config_modules_free(); - -#ifndef OPENSSL_NO_ENGINE - OSSL_TRACE(INIT, "OPENSSL_cleanup: engine_cleanup_int()\n"); - engine_cleanup_int(); -#endif - -#ifndef OPENSSL_NO_DEPRECATED_3_0 - OSSL_TRACE(INIT, "OPENSSL_cleanup: ossl_store_cleanup_int()\n"); - ossl_store_cleanup_int(); -#endif - - OSSL_TRACE(INIT, "OPENSSL_cleanup: ossl_lib_ctx_default_deinit()\n"); - ossl_lib_ctx_default_deinit(); - - ossl_cleanup_thread(); - - OSSL_TRACE(INIT, "OPENSSL_cleanup: bio_cleanup()\n"); - bio_cleanup(); - - OSSL_TRACE(INIT, "OPENSSL_cleanup: evp_cleanup_int()\n"); - evp_cleanup_int(); - - OSSL_TRACE(INIT, "OPENSSL_cleanup: ossl_obj_cleanup_int()\n"); - ossl_obj_cleanup_int(); - - OSSL_TRACE(INIT, "OPENSSL_cleanup: err_int()\n"); - err_cleanup(); - - OSSL_TRACE(INIT, "OPENSSL_cleanup: CRYPTO_secure_malloc_done()\n"); - CRYPTO_secure_malloc_done(); - -#ifndef OPENSSL_NO_CMP - OSSL_TRACE(INIT, "OPENSSL_cleanup: OSSL_CMP_log_close()\n"); - OSSL_CMP_log_close(); -#endif - - OSSL_TRACE(INIT, "OPENSSL_cleanup: ossl_trace_cleanup()\n"); - ossl_trace_cleanup(); - - base_inited = 0; -} - -/* - * If this function is called with a non NULL settings value then it must be - * called prior to any threads making calls to any OpenSSL functions, - * i.e. passing a non-null settings value is assumed to be single-threaded. - */ -int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings) -{ - uint64_t tmp; - int aloaddone = 0; - - /* Applications depend on 0 being returned when cleanup was already done */ - if (stopped) { - if (!(opts & OPENSSL_INIT_BASE_ONLY)) - ERR_raise(ERR_LIB_CRYPTO, ERR_R_INIT_FAIL); - return 0; - } - - /* - * We ignore failures from this function. It is probably because we are - * on a platform that doesn't support lockless atomic loads (we may not - * have created optsdone_lock yet so we can't use it). This is just an - * optimisation to skip the full checks in this function if we don't need - * to, so we carry on regardless in the event of failure. - * - * There could be a race here with other threads, so that optsdone has not - * been updated yet, even though the options have in fact been initialised. - * This doesn't matter - it just means we will run the full function - * unnecessarily - but all the critical code is contained in RUN_ONCE - * functions anyway so we are safe. - */ - if (CRYPTO_atomic_load(&optsdone, &tmp, NULL)) { - if ((tmp & opts) == opts) - return 1; - aloaddone = 1; - } - - /* - * At some point we should look at this function with a view to moving - * most/all of this into OSSL_LIB_CTX. - * - * When the caller specifies OPENSSL_INIT_BASE_ONLY, that should be the - * *only* option specified. With that option we return immediately after - * doing the requested limited initialization. Note that - * err_shelve_state() called by us via ossl_init_load_crypto_nodelete() - * re-enters OPENSSL_init_crypto() with OPENSSL_INIT_BASE_ONLY, but with - * base already initialized this is a harmless NOOP. - * - * If we remain the only caller of err_shelve_state() the recursion should - * perhaps be removed, but if in doubt, it can be left in place. - */ - if (!RUN_ONCE(&base, ossl_init_base)) - return 0; - - if (opts & OPENSSL_INIT_BASE_ONLY) - return 1; - - /* - * optsdone_lock should definitely be set up now, so we can now repeat the - * same check from above but be sure that it will work even on platforms - * without lockless CRYPTO_atomic_load - */ - if (!aloaddone) { - if (!CRYPTO_atomic_load(&optsdone, &tmp, optsdone_lock)) - return 0; - if ((tmp & opts) == opts) - return 1; - } - - /* - * Now we don't always set up exit handlers, the INIT_BASE_ONLY calls - * should not have the side-effect of setting up exit handlers, and - * therefore, this code block is below the INIT_BASE_ONLY-conditioned early - * return above. - */ - if ((opts & OPENSSL_INIT_NO_ATEXIT) != 0) { - if (!RUN_ONCE_ALT(®ister_atexit, ossl_init_no_register_atexit, - ossl_init_register_atexit)) - return 0; - } else if (!RUN_ONCE(®ister_atexit, ossl_init_register_atexit)) { - return 0; - } - - if (!RUN_ONCE(&load_crypto_nodelete, ossl_init_load_crypto_nodelete)) - return 0; - - if ((opts & OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS) - && !RUN_ONCE_ALT(&load_crypto_strings, - ossl_init_no_load_crypto_strings, - ossl_init_load_crypto_strings)) - return 0; - - if ((opts & OPENSSL_INIT_LOAD_CRYPTO_STRINGS) - && !RUN_ONCE(&load_crypto_strings, ossl_init_load_crypto_strings)) - return 0; - - if ((opts & OPENSSL_INIT_NO_ADD_ALL_CIPHERS) - && !RUN_ONCE_ALT(&add_all_ciphers, ossl_init_no_add_all_ciphers, - ossl_init_add_all_ciphers)) - return 0; - - if ((opts & OPENSSL_INIT_ADD_ALL_CIPHERS) - && !RUN_ONCE(&add_all_ciphers, ossl_init_add_all_ciphers)) - return 0; - - if ((opts & OPENSSL_INIT_NO_ADD_ALL_DIGESTS) - && !RUN_ONCE_ALT(&add_all_digests, ossl_init_no_add_all_digests, - ossl_init_add_all_digests)) - return 0; - - if ((opts & OPENSSL_INIT_ADD_ALL_DIGESTS) - && !RUN_ONCE(&add_all_digests, ossl_init_add_all_digests)) - return 0; - - if ((opts & OPENSSL_INIT_ATFORK) - && !openssl_init_fork_handlers()) - return 0; - - if ((opts & OPENSSL_INIT_NO_LOAD_CONFIG) - && !RUN_ONCE_ALT(&config, ossl_init_no_config, ossl_init_config)) - return 0; - - if (opts & OPENSSL_INIT_LOAD_CONFIG) { - int loading = CRYPTO_THREAD_get_local(&in_init_config_local) != NULL; - - /* If called recursively from OBJ_ calls, just skip it. */ - if (!loading) { - int ret; - - if (!CRYPTO_THREAD_set_local(&in_init_config_local, (void *)-1)) - return 0; - if (settings == NULL) { - ret = RUN_ONCE(&config, ossl_init_config); - } else { - if (!CRYPTO_THREAD_write_lock(init_lock)) - return 0; - conf_settings = settings; - ret = RUN_ONCE_ALT(&config, ossl_init_config_settings, - ossl_init_config); - conf_settings = NULL; - CRYPTO_THREAD_unlock(init_lock); - } - - if (ret <= 0) - return 0; - } - } - - if ((opts & OPENSSL_INIT_ASYNC) - && !RUN_ONCE(&async, ossl_init_async)) - return 0; - -#ifndef OPENSSL_NO_ENGINE - if ((opts & OPENSSL_INIT_ENGINE_OPENSSL) - && !RUN_ONCE(&engine_openssl, ossl_init_engine_openssl)) - return 0; -# ifndef OPENSSL_NO_RDRAND - if ((opts & OPENSSL_INIT_ENGINE_RDRAND) - && !RUN_ONCE(&engine_rdrand, ossl_init_engine_rdrand)) - return 0; -# endif - if ((opts & OPENSSL_INIT_ENGINE_DYNAMIC) - && !RUN_ONCE(&engine_dynamic, ossl_init_engine_dynamic)) - return 0; -# ifndef OPENSSL_NO_STATIC_ENGINE -# ifndef OPENSSL_NO_DEVCRYPTOENG - if ((opts & OPENSSL_INIT_ENGINE_CRYPTODEV) - && !RUN_ONCE(&engine_devcrypto, ossl_init_engine_devcrypto)) - return 0; -# endif -# if !defined(OPENSSL_NO_PADLOCKENG) - if ((opts & OPENSSL_INIT_ENGINE_PADLOCK) - && !RUN_ONCE(&engine_padlock, ossl_init_engine_padlock)) - return 0; -# endif -# if defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_NO_CAPIENG) - if ((opts & OPENSSL_INIT_ENGINE_CAPI) - && !RUN_ONCE(&engine_capi, ossl_init_engine_capi)) - return 0; -# endif -# if !defined(OPENSSL_NO_AFALGENG) - if ((opts & OPENSSL_INIT_ENGINE_AFALG) - && !RUN_ONCE(&engine_afalg, ossl_init_engine_afalg)) - return 0; -# endif -# endif - if (opts & (OPENSSL_INIT_ENGINE_ALL_BUILTIN - | OPENSSL_INIT_ENGINE_OPENSSL - | OPENSSL_INIT_ENGINE_AFALG)) { - ENGINE_register_all_complete(); - } -#endif - - if (!CRYPTO_atomic_or(&optsdone, opts, &tmp, optsdone_lock)) - return 0; - - return 1; -} - -int OPENSSL_atexit(void (*handler)(void)) -{ - OPENSSL_INIT_STOP *newhand; - -#if !defined(OPENSSL_USE_NODELETE)\ - && !defined(OPENSSL_NO_PINSHARED) - { -# if defined(DSO_WIN32) && !defined(_WIN32_WCE) - HMODULE handle = NULL; - BOOL ret; - union { - void *sym; - void (*func)(void); - } handlersym; - - handlersym.func = handler; - - /* - * We don't use the DSO route for WIN32 because there is a better - * way - */ - ret = GetModuleHandleEx(GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS - | GET_MODULE_HANDLE_EX_FLAG_PIN, - handlersym.sym, &handle); - - if (!ret) - return 0; -# elif !defined(DSO_NONE) - /* - * Deliberately leak a reference to the handler. This will force the - * library/code containing the handler to remain loaded until we run the - * atexit handler. If -znodelete has been used then this is - * unnecessary. - */ - DSO *dso = NULL; - union { - void *sym; - void (*func)(void); - } handlersym; - - handlersym.func = handler; - - ERR_set_mark(); - dso = DSO_dsobyaddr(handlersym.sym, DSO_FLAG_NO_UNLOAD_ON_FREE); - /* See same code above in ossl_init_base() for an explanation. */ - OSSL_TRACE1(INIT, - "atexit: obtained DSO reference? %s\n", - (dso == NULL ? "No!" : "Yes.")); - DSO_free(dso); - ERR_pop_to_mark(); -# endif - } -#endif - - if ((newhand = OPENSSL_malloc(sizeof(*newhand))) == NULL) { - ERR_raise(ERR_LIB_CRYPTO, ERR_R_MALLOC_FAILURE); - return 0; - } - - newhand->handler = handler; - newhand->next = stop_handlers; - stop_handlers = newhand; - - return 1; -} - diff --git a/crypto/initthread.c b/crypto/initthread.c deleted file mode 100644 index 1bdaeda9fc8ed60d0773421eceb70faa97a9f07b..0000000000000000000000000000000000000000 --- a/crypto/initthread.c +++ /dev/null @@ -1,467 +0,0 @@ -/* - * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include "crypto/cryptlib.h" -#include "prov/providercommon.h" -#include "internal/thread_once.h" - -#ifdef FIPS_MODULE -#include "prov/provider_ctx.h" - -/* - * Thread aware code may want to be told about thread stop events. We register - * to hear about those thread stop events when we see a new thread has started. - * We call the ossl_init_thread_start function to do that. In the FIPS provider - * we have our own copy of ossl_init_thread_start, which cascades notifications - * about threads stopping from libcrypto to all the code in the FIPS provider - * that needs to know about it. - * - * The FIPS provider tells libcrypto about which threads it is interested in - * by calling "c_thread_start" which is a function pointer created during - * provider initialisation (i.e. OSSL_init_provider). - */ -extern OSSL_FUNC_core_thread_start_fn *c_thread_start; -#endif - -typedef struct thread_event_handler_st THREAD_EVENT_HANDLER; -struct thread_event_handler_st { -#ifndef FIPS_MODULE - const void *index; -#endif - void *arg; - OSSL_thread_stop_handler_fn handfn; - THREAD_EVENT_HANDLER *next; -}; - -#ifndef FIPS_MODULE -DEFINE_SPECIAL_STACK_OF(THREAD_EVENT_HANDLER_PTR, THREAD_EVENT_HANDLER *) - -typedef struct global_tevent_register_st GLOBAL_TEVENT_REGISTER; -struct global_tevent_register_st { - STACK_OF(THREAD_EVENT_HANDLER_PTR) *skhands; - CRYPTO_RWLOCK *lock; -}; - -static GLOBAL_TEVENT_REGISTER *glob_tevent_reg = NULL; - -static CRYPTO_ONCE tevent_register_runonce = CRYPTO_ONCE_STATIC_INIT; - -DEFINE_RUN_ONCE_STATIC(create_global_tevent_register) -{ - glob_tevent_reg = OPENSSL_zalloc(sizeof(*glob_tevent_reg)); - if (glob_tevent_reg == NULL) - return 0; - - glob_tevent_reg->skhands = sk_THREAD_EVENT_HANDLER_PTR_new_null(); - glob_tevent_reg->lock = CRYPTO_THREAD_lock_new(); - if (glob_tevent_reg->skhands == NULL || glob_tevent_reg->lock == NULL) { - sk_THREAD_EVENT_HANDLER_PTR_free(glob_tevent_reg->skhands); - CRYPTO_THREAD_lock_free(glob_tevent_reg->lock); - OPENSSL_free(glob_tevent_reg); - glob_tevent_reg = NULL; - return 0; - } - - return 1; -} - -static GLOBAL_TEVENT_REGISTER *get_global_tevent_register(void) -{ - if (!RUN_ONCE(&tevent_register_runonce, create_global_tevent_register)) - return NULL; - return glob_tevent_reg; -} -#endif - -#ifndef FIPS_MODULE -static int init_thread_push_handlers(THREAD_EVENT_HANDLER **hands); -static void init_thread_remove_handlers(THREAD_EVENT_HANDLER **handsin); -static void init_thread_destructor(void *hands); -static int init_thread_deregister(void *arg, int all); -#endif -static void init_thread_stop(void *arg, THREAD_EVENT_HANDLER **hands); - -static THREAD_EVENT_HANDLER ** -init_get_thread_local(CRYPTO_THREAD_LOCAL *local, int alloc, int keep) -{ - THREAD_EVENT_HANDLER **hands = CRYPTO_THREAD_get_local(local); - - if (alloc) { - if (hands == NULL) { - - if ((hands = OPENSSL_zalloc(sizeof(*hands))) == NULL) - return NULL; - - if (!CRYPTO_THREAD_set_local(local, hands)) { - OPENSSL_free(hands); - return NULL; - } - -#ifndef FIPS_MODULE - if (!init_thread_push_handlers(hands)) { - CRYPTO_THREAD_set_local(local, NULL); - OPENSSL_free(hands); - return NULL; - } -#endif - } - } else if (!keep) { - CRYPTO_THREAD_set_local(local, NULL); - } - - return hands; -} - -#ifndef FIPS_MODULE -/* - * Since per-thread-specific-data destructors are not universally - * available, i.e. not on Windows, only below CRYPTO_THREAD_LOCAL key - * is assumed to have destructor associated. And then an effort is made - * to call this single destructor on non-pthread platform[s]. - * - * Initial value is "impossible". It is used as guard value to shortcut - * destructor for threads terminating before libcrypto is initialized or - * after it's de-initialized. Access to the key doesn't have to be - * serialized for the said threads, because they didn't use libcrypto - * and it doesn't matter if they pick "impossible" or dereference real - * key value and pull NULL past initialization in the first thread that - * intends to use libcrypto. - */ -static union { - long sane; - CRYPTO_THREAD_LOCAL value; -} destructor_key = { -1 }; - -/* - * The thread event handler list is a thread specific linked list - * of callback functions which are invoked in list order by the - * current thread in case of certain events. (Currently, there is - * only one type of event, the 'thread stop' event.) - * - * We also keep a global reference to that linked list, so that we - * can deregister handlers if necessary before all the threads are - * stopped. - */ -static int init_thread_push_handlers(THREAD_EVENT_HANDLER **hands) -{ - int ret; - GLOBAL_TEVENT_REGISTER *gtr; - - gtr = get_global_tevent_register(); - if (gtr == NULL) - return 0; - - if (!CRYPTO_THREAD_write_lock(gtr->lock)) - return 0; - ret = (sk_THREAD_EVENT_HANDLER_PTR_push(gtr->skhands, hands) != 0); - CRYPTO_THREAD_unlock(gtr->lock); - - return ret; -} - -static void init_thread_remove_handlers(THREAD_EVENT_HANDLER **handsin) -{ - GLOBAL_TEVENT_REGISTER *gtr; - int i; - - gtr = get_global_tevent_register(); - if (gtr == NULL) - return; - if (!CRYPTO_THREAD_write_lock(gtr->lock)) - return; - for (i = 0; i < sk_THREAD_EVENT_HANDLER_PTR_num(gtr->skhands); i++) { - THREAD_EVENT_HANDLER **hands - = sk_THREAD_EVENT_HANDLER_PTR_value(gtr->skhands, i); - - if (hands == handsin) { - sk_THREAD_EVENT_HANDLER_PTR_delete(gtr->skhands, i); - CRYPTO_THREAD_unlock(gtr->lock); - return; - } - } - CRYPTO_THREAD_unlock(gtr->lock); - return; -} - -static void init_thread_destructor(void *hands) -{ - init_thread_stop(NULL, (THREAD_EVENT_HANDLER **)hands); - init_thread_remove_handlers(hands); - OPENSSL_free(hands); -} - -int ossl_init_thread(void) -{ - if (!CRYPTO_THREAD_init_local(&destructor_key.value, - init_thread_destructor)) - return 0; - - return 1; -} - -void ossl_cleanup_thread(void) -{ - init_thread_deregister(NULL, 1); - CRYPTO_THREAD_cleanup_local(&destructor_key.value); - destructor_key.sane = -1; -} - -void OPENSSL_thread_stop_ex(OSSL_LIB_CTX *ctx) -{ - ctx = ossl_lib_ctx_get_concrete(ctx); - /* - * It would be nice if we could figure out a way to do this on all threads - * that have used the OSSL_LIB_CTX when the context is freed. This is - * currently not possible due to the use of thread local variables. - */ - ossl_ctx_thread_stop(ctx); -} - -void OPENSSL_thread_stop(void) -{ - if (destructor_key.sane != -1) { - THREAD_EVENT_HANDLER **hands - = init_get_thread_local(&destructor_key.value, 0, 0); - init_thread_stop(NULL, hands); - - init_thread_remove_handlers(hands); - OPENSSL_free(hands); - } -} - -void ossl_ctx_thread_stop(OSSL_LIB_CTX *ctx) -{ - if (destructor_key.sane != -1) { - THREAD_EVENT_HANDLER **hands - = init_get_thread_local(&destructor_key.value, 0, 1); - init_thread_stop(ctx, hands); - } -} - -#else - -static void *thread_event_ossl_ctx_new(OSSL_LIB_CTX *libctx) -{ - THREAD_EVENT_HANDLER **hands = NULL; - CRYPTO_THREAD_LOCAL *tlocal = OPENSSL_zalloc(sizeof(*tlocal)); - - if (tlocal == NULL) - return NULL; - - if (!CRYPTO_THREAD_init_local(tlocal, NULL)) { - goto err; - } - - hands = OPENSSL_zalloc(sizeof(*hands)); - if (hands == NULL) - goto err; - - if (!CRYPTO_THREAD_set_local(tlocal, hands)) - goto err; - - return tlocal; - err: - OPENSSL_free(hands); - OPENSSL_free(tlocal); - return NULL; -} - -static void thread_event_ossl_ctx_free(void *tlocal) -{ - OPENSSL_free(tlocal); -} - -static const OSSL_LIB_CTX_METHOD thread_event_ossl_ctx_method = { - OSSL_LIB_CTX_METHOD_DEFAULT_PRIORITY, - thread_event_ossl_ctx_new, - thread_event_ossl_ctx_free, -}; - -static void ossl_arg_thread_stop(void *arg) -{ - ossl_ctx_thread_stop((OSSL_LIB_CTX *)arg); -} - -void ossl_ctx_thread_stop(OSSL_LIB_CTX *ctx) -{ - THREAD_EVENT_HANDLER **hands; - CRYPTO_THREAD_LOCAL *local - = ossl_lib_ctx_get_data(ctx, OSSL_LIB_CTX_THREAD_EVENT_HANDLER_INDEX, - &thread_event_ossl_ctx_method); - - if (local == NULL) - return; - hands = init_get_thread_local(local, 0, 0); - init_thread_stop(ctx, hands); - OPENSSL_free(hands); -} -#endif /* FIPS_MODULE */ - - -static void init_thread_stop(void *arg, THREAD_EVENT_HANDLER **hands) -{ - THREAD_EVENT_HANDLER *curr, *prev = NULL, *tmp; -#ifndef FIPS_MODULE - GLOBAL_TEVENT_REGISTER *gtr; -#endif - - /* Can't do much about this */ - if (hands == NULL) - return; - -#ifndef FIPS_MODULE - gtr = get_global_tevent_register(); - if (gtr == NULL) - return; - - if (!CRYPTO_THREAD_write_lock(gtr->lock)) - return; -#endif - - curr = *hands; - while (curr != NULL) { - if (arg != NULL && curr->arg != arg) { - prev = curr; - curr = curr->next; - continue; - } - curr->handfn(curr->arg); - if (prev == NULL) - *hands = curr->next; - else - prev->next = curr->next; - - tmp = curr; - curr = curr->next; - - OPENSSL_free(tmp); - } -#ifndef FIPS_MODULE - CRYPTO_THREAD_unlock(gtr->lock); -#endif -} - -int ossl_init_thread_start(const void *index, void *arg, - OSSL_thread_stop_handler_fn handfn) -{ - THREAD_EVENT_HANDLER **hands; - THREAD_EVENT_HANDLER *hand; -#ifdef FIPS_MODULE - OSSL_LIB_CTX *ctx = arg; - - /* - * In FIPS mode the list of THREAD_EVENT_HANDLERs is unique per combination - * of OSSL_LIB_CTX and thread. This is because in FIPS mode each - * OSSL_LIB_CTX gets informed about thread stop events individually. - */ - CRYPTO_THREAD_LOCAL *local - = ossl_lib_ctx_get_data(ctx, OSSL_LIB_CTX_THREAD_EVENT_HANDLER_INDEX, - &thread_event_ossl_ctx_method); -#else - /* - * Outside of FIPS mode the list of THREAD_EVENT_HANDLERs is unique per - * thread, but may hold multiple OSSL_LIB_CTXs. We only get told about - * thread stop events globally, so we have to ensure all affected - * OSSL_LIB_CTXs are informed. - */ - CRYPTO_THREAD_LOCAL *local = &destructor_key.value; -#endif - - hands = init_get_thread_local(local, 1, 0); - if (hands == NULL) - return 0; - -#ifdef FIPS_MODULE - if (*hands == NULL) { - /* - * We've not yet registered any handlers for this thread. We need to get - * libcrypto to tell us about later thread stop events. c_thread_start - * is a callback to libcrypto defined in fipsprov.c - */ - if (!c_thread_start(FIPS_get_core_handle(ctx), ossl_arg_thread_stop, - ctx)) - return 0; - } -#endif - - hand = OPENSSL_malloc(sizeof(*hand)); - if (hand == NULL) - return 0; - - hand->handfn = handfn; - hand->arg = arg; -#ifndef FIPS_MODULE - hand->index = index; -#endif - hand->next = *hands; - *hands = hand; - - return 1; -} - -#ifndef FIPS_MODULE -static int init_thread_deregister(void *index, int all) -{ - GLOBAL_TEVENT_REGISTER *gtr; - int i; - - gtr = get_global_tevent_register(); - if (gtr == NULL) - return 0; - if (!all) { - if (!CRYPTO_THREAD_write_lock(gtr->lock)) - return 0; - } else { - glob_tevent_reg = NULL; - } - for (i = 0; i < sk_THREAD_EVENT_HANDLER_PTR_num(gtr->skhands); i++) { - THREAD_EVENT_HANDLER **hands - = sk_THREAD_EVENT_HANDLER_PTR_value(gtr->skhands, i); - THREAD_EVENT_HANDLER *curr = NULL, *prev = NULL, *tmp; - - if (hands == NULL) { - if (!all) - CRYPTO_THREAD_unlock(gtr->lock); - return 0; - } - curr = *hands; - while (curr != NULL) { - if (all || curr->index == index) { - if (prev != NULL) - prev->next = curr->next; - else - *hands = curr->next; - tmp = curr; - curr = curr->next; - OPENSSL_free(tmp); - continue; - } - prev = curr; - curr = curr->next; - } - if (all) - OPENSSL_free(hands); - } - if (all) { - CRYPTO_THREAD_lock_free(gtr->lock); - sk_THREAD_EVENT_HANDLER_PTR_free(gtr->skhands); - OPENSSL_free(gtr); - } else { - CRYPTO_THREAD_unlock(gtr->lock); - } - return 1; -} - -int ossl_init_thread_deregister(void *index) -{ - return init_thread_deregister(index, 0); -} -#endif diff --git a/crypto/kdf/build.info b/crypto/kdf/build.info deleted file mode 100644 index 7707c00988bb439c23c09e6530b5d90c48163766..0000000000000000000000000000000000000000 --- a/crypto/kdf/build.info +++ /dev/null @@ -1,2 +0,0 @@ -LIBS=../../libcrypto -SOURCE[../../libcrypto]=kdf_err.c diff --git a/crypto/kdf/kdf_err.c b/crypto/kdf/kdf_err.c deleted file mode 100644 index 5b794285e47a8176bec1b32fb434ff286bf88c69..0000000000000000000000000000000000000000 --- a/crypto/kdf/kdf_err.c +++ /dev/null @@ -1,19 +0,0 @@ -/* - * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include - -#ifndef OPENSSL_NO_DEPRECATED_3_0 -int ERR_load_KDF_strings(void) -{ - return 1; -} -#endif diff --git a/crypto/lhash/build.info b/crypto/lhash/build.info deleted file mode 100644 index b3176b8358d4cc5a729f62b706b9dd99382a3e41..0000000000000000000000000000000000000000 --- a/crypto/lhash/build.info +++ /dev/null @@ -1,5 +0,0 @@ -LIBS=../../libcrypto -SOURCE[../../libcrypto]=\ - lhash.c lh_stats.c -SOURCE[../../providers/libfips.a]=\ - lhash.c diff --git a/crypto/lhash/lh_stats.c b/crypto/lhash/lh_stats.c deleted file mode 100644 index ba4d4ea8970830a86988d0b9a32fde60d1524bef..0000000000000000000000000000000000000000 --- a/crypto/lhash/lh_stats.c +++ /dev/null @@ -1,117 +0,0 @@ -/* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -/* - * If you wish to build this outside of OpenSSL, remove the following lines - * and things should work as expected - */ -#include "internal/cryptlib.h" - -#include -#include -#include "lhash_local.h" - -# ifndef OPENSSL_NO_STDIO -void OPENSSL_LH_stats(const OPENSSL_LHASH *lh, FILE *fp) -{ - BIO *bp; - - bp = BIO_new(BIO_s_file()); - if (bp == NULL) - return; - BIO_set_fp(bp, fp, BIO_NOCLOSE); - OPENSSL_LH_stats_bio(lh, bp); - BIO_free(bp); -} - -void OPENSSL_LH_node_stats(const OPENSSL_LHASH *lh, FILE *fp) -{ - BIO *bp; - - bp = BIO_new(BIO_s_file()); - if (bp == NULL) - return; - BIO_set_fp(bp, fp, BIO_NOCLOSE); - OPENSSL_LH_node_stats_bio(lh, bp); - BIO_free(bp); -} - -void OPENSSL_LH_node_usage_stats(const OPENSSL_LHASH *lh, FILE *fp) -{ - BIO *bp; - - bp = BIO_new(BIO_s_file()); - if (bp == NULL) - return; - BIO_set_fp(bp, fp, BIO_NOCLOSE); - OPENSSL_LH_node_usage_stats_bio(lh, bp); - BIO_free(bp); -} - -# endif - -void OPENSSL_LH_stats_bio(const OPENSSL_LHASH *lh, BIO *out) -{ - BIO_printf(out, "num_items = %lu\n", lh->num_items); - BIO_printf(out, "num_nodes = %u\n", lh->num_nodes); - BIO_printf(out, "num_alloc_nodes = %u\n", lh->num_alloc_nodes); - BIO_printf(out, "num_expands = 0\n"); - BIO_printf(out, "num_expand_reallocs = 0\n"); - BIO_printf(out, "num_contracts = 0\n"); - BIO_printf(out, "num_contract_reallocs = 0\n"); - BIO_printf(out, "num_hash_calls = 0\n"); - BIO_printf(out, "num_comp_calls = 0\n"); - BIO_printf(out, "num_insert = 0\n"); - BIO_printf(out, "num_replace = 0\n"); - BIO_printf(out, "num_delete = 0\n"); - BIO_printf(out, "num_no_delete = 0\n"); - BIO_printf(out, "num_retrieve = 0\n"); - BIO_printf(out, "num_retrieve_miss = 0\n"); - BIO_printf(out, "num_hash_comps = 0\n"); -} - -void OPENSSL_LH_node_stats_bio(const OPENSSL_LHASH *lh, BIO *out) -{ - OPENSSL_LH_NODE *n; - unsigned int i, num; - - for (i = 0; i < lh->num_nodes; i++) { - for (n = lh->b[i], num = 0; n != NULL; n = n->next) - num++; - BIO_printf(out, "node %6u -> %3u\n", i, num); - } -} - -void OPENSSL_LH_node_usage_stats_bio(const OPENSSL_LHASH *lh, BIO *out) -{ - OPENSSL_LH_NODE *n; - unsigned long num; - unsigned int i; - unsigned long total = 0, n_used = 0; - - for (i = 0; i < lh->num_nodes; i++) { - for (n = lh->b[i], num = 0; n != NULL; n = n->next) - num++; - if (num != 0) { - n_used++; - total += num; - } - } - BIO_printf(out, "%lu nodes used out of %u\n", n_used, lh->num_nodes); - BIO_printf(out, "%lu items\n", total); - if (n_used == 0) - return; - BIO_printf(out, "load %d.%02d actual load %d.%02d\n", - (int)(total / lh->num_nodes), - (int)((total % lh->num_nodes) * 100 / lh->num_nodes), - (int)(total / n_used), (int)((total % n_used) * 100 / n_used)); -} diff --git a/crypto/lhash/lhash.c b/crypto/lhash/lhash.c deleted file mode 100644 index 1cd988f01fc76a59267281b459a0ca68efee0a8f..0000000000000000000000000000000000000000 --- a/crypto/lhash/lhash.c +++ /dev/null @@ -1,387 +0,0 @@ -/* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include -#include -#include -#include "crypto/ctype.h" -#include "crypto/lhash.h" -#include "lhash_local.h" - -/* - * A hashing implementation that appears to be based on the linear hashing - * algorithm: - * https://en.wikipedia.org/wiki/Linear_hashing - * - * Litwin, Witold (1980), "Linear hashing: A new tool for file and table - * addressing", Proc. 6th Conference on Very Large Databases: 212-223 - * https://hackthology.com/pdfs/Litwin-1980-Linear_Hashing.pdf - * - * From the Wikipedia article "Linear hashing is used in the BDB Berkeley - * database system, which in turn is used by many software systems such as - * OpenLDAP, using a C implementation derived from the CACM article and first - * published on the Usenet in 1988 by Esmond Pitt." - * - * The CACM paper is available here: - * https://pdfs.semanticscholar.org/ff4d/1c5deca6269cc316bfd952172284dbf610ee.pdf - */ - -#undef MIN_NODES -#define MIN_NODES 16 -#define UP_LOAD (2*LH_LOAD_MULT) /* load times 256 (default 2) */ -#define DOWN_LOAD (LH_LOAD_MULT) /* load times 256 (default 1) */ - -static int expand(OPENSSL_LHASH *lh); -static void contract(OPENSSL_LHASH *lh); -static OPENSSL_LH_NODE **getrn(OPENSSL_LHASH *lh, const void *data, unsigned long *rhash); - -OPENSSL_LHASH *OPENSSL_LH_new(OPENSSL_LH_HASHFUNC h, OPENSSL_LH_COMPFUNC c) -{ - OPENSSL_LHASH *ret; - - if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL) { - /* - * Do not set the error code, because the ERR code uses LHASH - * and we want to avoid possible endless error loop. - * ERR_raise(ERR_LIB_CRYPTO, ERR_R_MALLOC_FAILURE); - */ - return NULL; - } - if ((ret->b = OPENSSL_zalloc(sizeof(*ret->b) * MIN_NODES)) == NULL) - goto err; - ret->comp = ((c == NULL) ? (OPENSSL_LH_COMPFUNC)strcmp : c); - ret->hash = ((h == NULL) ? (OPENSSL_LH_HASHFUNC)OPENSSL_LH_strhash : h); - ret->num_nodes = MIN_NODES / 2; - ret->num_alloc_nodes = MIN_NODES; - ret->pmax = MIN_NODES / 2; - ret->up_load = UP_LOAD; - ret->down_load = DOWN_LOAD; - return ret; - -err: - OPENSSL_free(ret->b); - OPENSSL_free(ret); - return NULL; -} - -void OPENSSL_LH_free(OPENSSL_LHASH *lh) -{ - if (lh == NULL) - return; - - OPENSSL_LH_flush(lh); - OPENSSL_free(lh->b); - OPENSSL_free(lh); -} - -void OPENSSL_LH_flush(OPENSSL_LHASH *lh) -{ - unsigned int i; - OPENSSL_LH_NODE *n, *nn; - - if (lh == NULL) - return; - - for (i = 0; i < lh->num_nodes; i++) { - n = lh->b[i]; - while (n != NULL) { - nn = n->next; - OPENSSL_free(n); - n = nn; - } - lh->b[i] = NULL; - } - - lh->num_items = 0; -} - -void *OPENSSL_LH_insert(OPENSSL_LHASH *lh, void *data) -{ - unsigned long hash; - OPENSSL_LH_NODE *nn, **rn; - void *ret; - - lh->error = 0; - if ((lh->up_load <= (lh->num_items * LH_LOAD_MULT / lh->num_nodes)) && !expand(lh)) - return NULL; /* 'lh->error++' already done in 'expand' */ - - rn = getrn(lh, data, &hash); - - if (*rn == NULL) { - if ((nn = OPENSSL_malloc(sizeof(*nn))) == NULL) { - lh->error++; - return NULL; - } - nn->data = data; - nn->next = NULL; - nn->hash = hash; - *rn = nn; - ret = NULL; - lh->num_items++; - } else { /* replace same key */ - ret = (*rn)->data; - (*rn)->data = data; - } - return ret; -} - -void *OPENSSL_LH_delete(OPENSSL_LHASH *lh, const void *data) -{ - unsigned long hash; - OPENSSL_LH_NODE *nn, **rn; - void *ret; - - lh->error = 0; - rn = getrn(lh, data, &hash); - - if (*rn == NULL) { - return NULL; - } else { - nn = *rn; - *rn = nn->next; - ret = nn->data; - OPENSSL_free(nn); - } - - lh->num_items--; - if ((lh->num_nodes > MIN_NODES) && - (lh->down_load >= (lh->num_items * LH_LOAD_MULT / lh->num_nodes))) - contract(lh); - - return ret; -} - -void *OPENSSL_LH_retrieve(OPENSSL_LHASH *lh, const void *data) -{ - unsigned long hash; - OPENSSL_LH_NODE **rn; - - if (lh->error != 0) - lh->error = 0; - - rn = getrn(lh, data, &hash); - - return *rn == NULL ? NULL : (*rn)->data; -} - -static void doall_util_fn(OPENSSL_LHASH *lh, int use_arg, - OPENSSL_LH_DOALL_FUNC func, - OPENSSL_LH_DOALL_FUNCARG func_arg, void *arg) -{ - int i; - OPENSSL_LH_NODE *a, *n; - - if (lh == NULL) - return; - - /* - * reverse the order so we search from 'top to bottom' We were having - * memory leaks otherwise - */ - for (i = lh->num_nodes - 1; i >= 0; i--) { - a = lh->b[i]; - while (a != NULL) { - n = a->next; - if (use_arg) - func_arg(a->data, arg); - else - func(a->data); - a = n; - } - } -} - -void OPENSSL_LH_doall(OPENSSL_LHASH *lh, OPENSSL_LH_DOALL_FUNC func) -{ - doall_util_fn(lh, 0, func, (OPENSSL_LH_DOALL_FUNCARG)0, NULL); -} - -void OPENSSL_LH_doall_arg(OPENSSL_LHASH *lh, OPENSSL_LH_DOALL_FUNCARG func, void *arg) -{ - doall_util_fn(lh, 1, (OPENSSL_LH_DOALL_FUNC)0, func, arg); -} - -static int expand(OPENSSL_LHASH *lh) -{ - OPENSSL_LH_NODE **n, **n1, **n2, *np; - unsigned int p, pmax, nni, j; - unsigned long hash; - - nni = lh->num_alloc_nodes; - p = lh->p; - pmax = lh->pmax; - if (p + 1 >= pmax) { - j = nni * 2; - n = OPENSSL_realloc(lh->b, sizeof(OPENSSL_LH_NODE *) * j); - if (n == NULL) { - lh->error++; - return 0; - } - lh->b = n; - memset(n + nni, 0, sizeof(*n) * (j - nni)); - lh->pmax = nni; - lh->num_alloc_nodes = j; - lh->p = 0; - } else { - lh->p++; - } - - lh->num_nodes++; - n1 = &(lh->b[p]); - n2 = &(lh->b[p + pmax]); - *n2 = NULL; - - for (np = *n1; np != NULL;) { - hash = np->hash; - if ((hash % nni) != p) { /* move it */ - *n1 = (*n1)->next; - np->next = *n2; - *n2 = np; - } else - n1 = &((*n1)->next); - np = *n1; - } - - return 1; -} - -static void contract(OPENSSL_LHASH *lh) -{ - OPENSSL_LH_NODE **n, *n1, *np; - - np = lh->b[lh->p + lh->pmax - 1]; - lh->b[lh->p + lh->pmax - 1] = NULL; /* 24/07-92 - eay - weird but :-( */ - if (lh->p == 0) { - n = OPENSSL_realloc(lh->b, - (unsigned int)(sizeof(OPENSSL_LH_NODE *) * lh->pmax)); - if (n == NULL) { - /* fputs("realloc error in lhash",stderr); */ - lh->error++; - return; - } - lh->num_alloc_nodes /= 2; - lh->pmax /= 2; - lh->p = lh->pmax - 1; - lh->b = n; - } else - lh->p--; - - lh->num_nodes--; - - n1 = lh->b[(int)lh->p]; - if (n1 == NULL) - lh->b[(int)lh->p] = np; - else { - while (n1->next != NULL) - n1 = n1->next; - n1->next = np; - } -} - -static OPENSSL_LH_NODE **getrn(OPENSSL_LHASH *lh, - const void *data, unsigned long *rhash) -{ - OPENSSL_LH_NODE **ret, *n1; - unsigned long hash, nn; - OPENSSL_LH_COMPFUNC cf; - - hash = (*(lh->hash)) (data); - *rhash = hash; - - nn = hash % lh->pmax; - if (nn < lh->p) - nn = hash % lh->num_alloc_nodes; - - cf = lh->comp; - ret = &(lh->b[(int)nn]); - for (n1 = *ret; n1 != NULL; n1 = n1->next) { - if (n1->hash != hash) { - ret = &(n1->next); - continue; - } - if (cf(n1->data, data) == 0) - break; - ret = &(n1->next); - } - return ret; -} - -/* - * The following hash seems to work very well on normal text strings no - * collisions on /usr/dict/words and it distributes on %2^n quite well, not - * as good as MD5, but still good. - */ -unsigned long OPENSSL_LH_strhash(const char *c) -{ - unsigned long ret = 0; - long n; - unsigned long v; - int r; - - if ((c == NULL) || (*c == '\0')) - return ret; - - n = 0x100; - while (*c) { - v = n | (*c); - n += 0x100; - r = (int)((v >> 2) ^ v) & 0x0f; - /* cast to uint64_t to avoid 32 bit shift of 32 bit value */ - ret = (ret << r) | (unsigned long)((uint64_t)ret >> (32 - r)); - ret &= 0xFFFFFFFFL; - ret ^= v * v; - c++; - } - return (ret >> 16) ^ ret; -} - -unsigned long ossl_lh_strcasehash(const char *c) -{ - unsigned long ret = 0; - long n; - unsigned long v; - int r; - - if (c == NULL || *c == '\0') - return ret; - - for (n = 0x100; *c != '\0'; n += 0x100) { - v = n | ossl_tolower(*c); - r = (int)((v >> 2) ^ v) & 0x0f; - /* cast to uint64_t to avoid 32 bit shift of 32 bit value */ - ret = (ret << r) | (unsigned long)((uint64_t)ret >> (32 - r)); - ret &= 0xFFFFFFFFL; - ret ^= v * v; - c++; - } - return (ret >> 16) ^ ret; -} - -unsigned long OPENSSL_LH_num_items(const OPENSSL_LHASH *lh) -{ - return lh ? lh->num_items : 0; -} - -unsigned long OPENSSL_LH_get_down_load(const OPENSSL_LHASH *lh) -{ - return lh->down_load; -} - -void OPENSSL_LH_set_down_load(OPENSSL_LHASH *lh, unsigned long down_load) -{ - lh->down_load = down_load; -} - -int OPENSSL_LH_error(OPENSSL_LHASH *lh) -{ - return lh->error; -} diff --git a/crypto/lhash/lhash_local.h b/crypto/lhash/lhash_local.h deleted file mode 100644 index 088ac94d2e63d84358d64be2ef319c6b2da7e837..0000000000000000000000000000000000000000 --- a/crypto/lhash/lhash_local.h +++ /dev/null @@ -1,31 +0,0 @@ -/* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ -#include - -#include "internal/tsan_assist.h" - -struct lhash_node_st { - void *data; - struct lhash_node_st *next; - unsigned long hash; -}; - -struct lhash_st { - OPENSSL_LH_NODE **b; - OPENSSL_LH_COMPFUNC comp; - OPENSSL_LH_HASHFUNC hash; - unsigned int num_nodes; - unsigned int num_alloc_nodes; - unsigned int p; - unsigned int pmax; - unsigned long up_load; /* load times 256 */ - unsigned long down_load; /* load times 256 */ - unsigned long num_items; - int error; -}; diff --git a/crypto/md2/build.info b/crypto/md2/build.info deleted file mode 100644 index a1bb42109457c214e2674b3e2fbb5701407faed6..0000000000000000000000000000000000000000 --- a/crypto/md2/build.info +++ /dev/null @@ -1,9 +0,0 @@ -LIBS=../../libcrypto - -SOURCE[../../libcrypto]=md2_dgst.c md2_one.c - -# When all deprecated symbols are removed, libcrypto doesn't export the -# MD2 functions, so we must include them directly in liblegacy.a -IF[{- $disabled{'deprecated-3.0'} -}] - SOURCE[../../providers/liblegacy.a]=md2_dgst.c md2_one.c -ENDIF diff --git a/crypto/md2/md2_dgst.c b/crypto/md2/md2_dgst.c deleted file mode 100644 index 0b0033543881245eadccf6d4184ca3b9abbfb621..0000000000000000000000000000000000000000 --- a/crypto/md2/md2_dgst.c +++ /dev/null @@ -1,179 +0,0 @@ -/* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * MD2 low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include -#include -#include -#include -#include -#include - -/* - * Implemented from RFC1319 The MD2 Message-Digest Algorithm - */ - -#define UCHAR unsigned char - -static void md2_block(MD2_CTX *c, const unsigned char *d); -/* - * The magic S table - I have converted it to hex since it is basically just - * a random byte string. - */ -static const MD2_INT S[256] = { - 0x29, 0x2E, 0x43, 0xC9, 0xA2, 0xD8, 0x7C, 0x01, - 0x3D, 0x36, 0x54, 0xA1, 0xEC, 0xF0, 0x06, 0x13, - 0x62, 0xA7, 0x05, 0xF3, 0xC0, 0xC7, 0x73, 0x8C, - 0x98, 0x93, 0x2B, 0xD9, 0xBC, 0x4C, 0x82, 0xCA, - 0x1E, 0x9B, 0x57, 0x3C, 0xFD, 0xD4, 0xE0, 0x16, - 0x67, 0x42, 0x6F, 0x18, 0x8A, 0x17, 0xE5, 0x12, - 0xBE, 0x4E, 0xC4, 0xD6, 0xDA, 0x9E, 0xDE, 0x49, - 0xA0, 0xFB, 0xF5, 0x8E, 0xBB, 0x2F, 0xEE, 0x7A, - 0xA9, 0x68, 0x79, 0x91, 0x15, 0xB2, 0x07, 0x3F, - 0x94, 0xC2, 0x10, 0x89, 0x0B, 0x22, 0x5F, 0x21, - 0x80, 0x7F, 0x5D, 0x9A, 0x5A, 0x90, 0x32, 0x27, - 0x35, 0x3E, 0xCC, 0xE7, 0xBF, 0xF7, 0x97, 0x03, - 0xFF, 0x19, 0x30, 0xB3, 0x48, 0xA5, 0xB5, 0xD1, - 0xD7, 0x5E, 0x92, 0x2A, 0xAC, 0x56, 0xAA, 0xC6, - 0x4F, 0xB8, 0x38, 0xD2, 0x96, 0xA4, 0x7D, 0xB6, - 0x76, 0xFC, 0x6B, 0xE2, 0x9C, 0x74, 0x04, 0xF1, - 0x45, 0x9D, 0x70, 0x59, 0x64, 0x71, 0x87, 0x20, - 0x86, 0x5B, 0xCF, 0x65, 0xE6, 0x2D, 0xA8, 0x02, - 0x1B, 0x60, 0x25, 0xAD, 0xAE, 0xB0, 0xB9, 0xF6, - 0x1C, 0x46, 0x61, 0x69, 0x34, 0x40, 0x7E, 0x0F, - 0x55, 0x47, 0xA3, 0x23, 0xDD, 0x51, 0xAF, 0x3A, - 0xC3, 0x5C, 0xF9, 0xCE, 0xBA, 0xC5, 0xEA, 0x26, - 0x2C, 0x53, 0x0D, 0x6E, 0x85, 0x28, 0x84, 0x09, - 0xD3, 0xDF, 0xCD, 0xF4, 0x41, 0x81, 0x4D, 0x52, - 0x6A, 0xDC, 0x37, 0xC8, 0x6C, 0xC1, 0xAB, 0xFA, - 0x24, 0xE1, 0x7B, 0x08, 0x0C, 0xBD, 0xB1, 0x4A, - 0x78, 0x88, 0x95, 0x8B, 0xE3, 0x63, 0xE8, 0x6D, - 0xE9, 0xCB, 0xD5, 0xFE, 0x3B, 0x00, 0x1D, 0x39, - 0xF2, 0xEF, 0xB7, 0x0E, 0x66, 0x58, 0xD0, 0xE4, - 0xA6, 0x77, 0x72, 0xF8, 0xEB, 0x75, 0x4B, 0x0A, - 0x31, 0x44, 0x50, 0xB4, 0x8F, 0xED, 0x1F, 0x1A, - 0xDB, 0x99, 0x8D, 0x33, 0x9F, 0x11, 0x83, 0x14, -}; - -const char *MD2_options(void) -{ - if (sizeof(MD2_INT) == 1) - return "md2(char)"; - else - return "md2(int)"; -} - -int MD2_Init(MD2_CTX *c) -{ - c->num = 0; - memset(c->state, 0, sizeof(c->state)); - memset(c->cksm, 0, sizeof(c->cksm)); - memset(c->data, 0, sizeof(c->data)); - return 1; -} - -int MD2_Update(MD2_CTX *c, const unsigned char *data, size_t len) -{ - register UCHAR *p; - - if (len == 0) - return 1; - - p = c->data; - if (c->num != 0) { - if ((c->num + len) >= MD2_BLOCK) { - memcpy(&(p[c->num]), data, MD2_BLOCK - c->num); - md2_block(c, c->data); - data += (MD2_BLOCK - c->num); - len -= (MD2_BLOCK - c->num); - c->num = 0; - /* drop through and do the rest */ - } else { - memcpy(&(p[c->num]), data, len); - /* data+=len; */ - c->num += (int)len; - return 1; - } - } - /* - * we now can process the input data in blocks of MD2_BLOCK chars and - * save the leftovers to c->data. - */ - while (len >= MD2_BLOCK) { - md2_block(c, data); - data += MD2_BLOCK; - len -= MD2_BLOCK; - } - memcpy(p, data, len); - c->num = (int)len; - return 1; -} - -static void md2_block(MD2_CTX *c, const unsigned char *d) -{ - register MD2_INT t, *sp1, *sp2; - register int i, j; - MD2_INT state[48]; - - sp1 = c->state; - sp2 = c->cksm; - j = sp2[MD2_BLOCK - 1]; - for (i = 0; i < 16; i++) { - state[i] = sp1[i]; - state[i + 16] = t = d[i]; - state[i + 32] = (t ^ sp1[i]); - j = sp2[i] ^= S[t ^ j]; - } - t = 0; - for (i = 0; i < 18; i++) { - for (j = 0; j < 48; j += 8) { - t = state[j + 0] ^= S[t]; - t = state[j + 1] ^= S[t]; - t = state[j + 2] ^= S[t]; - t = state[j + 3] ^= S[t]; - t = state[j + 4] ^= S[t]; - t = state[j + 5] ^= S[t]; - t = state[j + 6] ^= S[t]; - t = state[j + 7] ^= S[t]; - } - t = (t + i) & 0xff; - } - memcpy(sp1, state, 16 * sizeof(MD2_INT)); - OPENSSL_cleanse(state, 48 * sizeof(MD2_INT)); -} - -int MD2_Final(unsigned char *md, MD2_CTX *c) -{ - int i, v; - register UCHAR *cp; - register MD2_INT *p1, *p2; - - cp = c->data; - p1 = c->state; - p2 = c->cksm; - v = MD2_BLOCK - c->num; - for (i = c->num; i < MD2_BLOCK; i++) - cp[i] = (UCHAR) v; - - md2_block(c, cp); - - for (i = 0; i < MD2_BLOCK; i++) - cp[i] = (UCHAR) p2[i]; - md2_block(c, cp); - - for (i = 0; i < 16; i++) - md[i] = (UCHAR) (p1[i] & 0xff); - OPENSSL_cleanse(c, sizeof(*c)); - return 1; -} diff --git a/crypto/md2/md2_one.c b/crypto/md2/md2_one.c deleted file mode 100644 index f9be692732e0677107668d50be7f82dad527778e..0000000000000000000000000000000000000000 --- a/crypto/md2/md2_one.c +++ /dev/null @@ -1,53 +0,0 @@ -/* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * MD2 low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include -#include "internal/cryptlib.h" -#include - -/* - * This is a separate file so that #defines in cryptlib.h can map my MD - * functions to different names - */ - -unsigned char *MD2(const unsigned char *d, size_t n, unsigned char *md) -{ - MD2_CTX c; - static unsigned char m[MD2_DIGEST_LENGTH]; - - if (md == NULL) - md = m; - if (!MD2_Init(&c)) - return NULL; -#ifndef CHARSET_EBCDIC - MD2_Update(&c, d, n); -#else - { - char temp[1024]; - unsigned long chunk; - - while (n > 0) { - chunk = (n > sizeof(temp)) ? sizeof(temp) : n; - ebcdic2ascii(temp, d, chunk); - MD2_Update(&c, temp, chunk); - n -= chunk; - d += chunk; - } - } -#endif - MD2_Final(md, &c); - OPENSSL_cleanse(&c, sizeof(c)); /* Security consideration */ - return md; -} diff --git a/crypto/md4/build.info b/crypto/md4/build.info deleted file mode 100644 index bed9c0bd40cade79702409f619c0c043e9d6baab..0000000000000000000000000000000000000000 --- a/crypto/md4/build.info +++ /dev/null @@ -1,9 +0,0 @@ -LIBS=../../libcrypto - -SOURCE[../../libcrypto]=md4_dgst.c md4_one.c - -# When all deprecated symbols are removed, libcrypto doesn't export the -# MD4 functions, so we must include them directly in liblegacy.a -IF[{- $disabled{'deprecated-3.0'} -}] - SOURCE[../../providers/liblegacy.a]=md4_dgst.c md4_one.c -ENDIF diff --git a/crypto/md4/md4_dgst.c b/crypto/md4/md4_dgst.c deleted file mode 100644 index aefe6a3a3770bdf2df7222729be8353a925bd44f..0000000000000000000000000000000000000000 --- a/crypto/md4/md4_dgst.c +++ /dev/null @@ -1,153 +0,0 @@ -/* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * MD4 low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include -#include -#include "md4_local.h" - -/* - * Implemented from RFC1186 The MD4 Message-Digest Algorithm - */ - -#define INIT_DATA_A (unsigned long)0x67452301L -#define INIT_DATA_B (unsigned long)0xefcdab89L -#define INIT_DATA_C (unsigned long)0x98badcfeL -#define INIT_DATA_D (unsigned long)0x10325476L - -int MD4_Init(MD4_CTX *c) -{ - memset(c, 0, sizeof(*c)); - c->A = INIT_DATA_A; - c->B = INIT_DATA_B; - c->C = INIT_DATA_C; - c->D = INIT_DATA_D; - return 1; -} - -#ifndef md4_block_data_order -# ifdef X -# undef X -# endif -void md4_block_data_order(MD4_CTX *c, const void *data_, size_t num) -{ - const unsigned char *data = data_; - register unsigned MD32_REG_T A, B, C, D, l; -# ifndef MD32_XARRAY - /* See comment in crypto/sha/sha_local.h for details. */ - unsigned MD32_REG_T XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7, - XX8, XX9, XX10, XX11, XX12, XX13, XX14, XX15; -# define X(i) XX##i -# else - MD4_LONG XX[MD4_LBLOCK]; -# define X(i) XX[i] -# endif - - A = c->A; - B = c->B; - C = c->C; - D = c->D; - - for (; num--;) { - (void)HOST_c2l(data, l); - X(0) = l; - (void)HOST_c2l(data, l); - X(1) = l; - /* Round 0 */ - R0(A, B, C, D, X(0), 3, 0); - (void)HOST_c2l(data, l); - X(2) = l; - R0(D, A, B, C, X(1), 7, 0); - (void)HOST_c2l(data, l); - X(3) = l; - R0(C, D, A, B, X(2), 11, 0); - (void)HOST_c2l(data, l); - X(4) = l; - R0(B, C, D, A, X(3), 19, 0); - (void)HOST_c2l(data, l); - X(5) = l; - R0(A, B, C, D, X(4), 3, 0); - (void)HOST_c2l(data, l); - X(6) = l; - R0(D, A, B, C, X(5), 7, 0); - (void)HOST_c2l(data, l); - X(7) = l; - R0(C, D, A, B, X(6), 11, 0); - (void)HOST_c2l(data, l); - X(8) = l; - R0(B, C, D, A, X(7), 19, 0); - (void)HOST_c2l(data, l); - X(9) = l; - R0(A, B, C, D, X(8), 3, 0); - (void)HOST_c2l(data, l); - X(10) = l; - R0(D, A, B, C, X(9), 7, 0); - (void)HOST_c2l(data, l); - X(11) = l; - R0(C, D, A, B, X(10), 11, 0); - (void)HOST_c2l(data, l); - X(12) = l; - R0(B, C, D, A, X(11), 19, 0); - (void)HOST_c2l(data, l); - X(13) = l; - R0(A, B, C, D, X(12), 3, 0); - (void)HOST_c2l(data, l); - X(14) = l; - R0(D, A, B, C, X(13), 7, 0); - (void)HOST_c2l(data, l); - X(15) = l; - R0(C, D, A, B, X(14), 11, 0); - R0(B, C, D, A, X(15), 19, 0); - /* Round 1 */ - R1(A, B, C, D, X(0), 3, 0x5A827999L); - R1(D, A, B, C, X(4), 5, 0x5A827999L); - R1(C, D, A, B, X(8), 9, 0x5A827999L); - R1(B, C, D, A, X(12), 13, 0x5A827999L); - R1(A, B, C, D, X(1), 3, 0x5A827999L); - R1(D, A, B, C, X(5), 5, 0x5A827999L); - R1(C, D, A, B, X(9), 9, 0x5A827999L); - R1(B, C, D, A, X(13), 13, 0x5A827999L); - R1(A, B, C, D, X(2), 3, 0x5A827999L); - R1(D, A, B, C, X(6), 5, 0x5A827999L); - R1(C, D, A, B, X(10), 9, 0x5A827999L); - R1(B, C, D, A, X(14), 13, 0x5A827999L); - R1(A, B, C, D, X(3), 3, 0x5A827999L); - R1(D, A, B, C, X(7), 5, 0x5A827999L); - R1(C, D, A, B, X(11), 9, 0x5A827999L); - R1(B, C, D, A, X(15), 13, 0x5A827999L); - /* Round 2 */ - R2(A, B, C, D, X(0), 3, 0x6ED9EBA1L); - R2(D, A, B, C, X(8), 9, 0x6ED9EBA1L); - R2(C, D, A, B, X(4), 11, 0x6ED9EBA1L); - R2(B, C, D, A, X(12), 15, 0x6ED9EBA1L); - R2(A, B, C, D, X(2), 3, 0x6ED9EBA1L); - R2(D, A, B, C, X(10), 9, 0x6ED9EBA1L); - R2(C, D, A, B, X(6), 11, 0x6ED9EBA1L); - R2(B, C, D, A, X(14), 15, 0x6ED9EBA1L); - R2(A, B, C, D, X(1), 3, 0x6ED9EBA1L); - R2(D, A, B, C, X(9), 9, 0x6ED9EBA1L); - R2(C, D, A, B, X(5), 11, 0x6ED9EBA1L); - R2(B, C, D, A, X(13), 15, 0x6ED9EBA1L); - R2(A, B, C, D, X(3), 3, 0x6ED9EBA1L); - R2(D, A, B, C, X(11), 9, 0x6ED9EBA1L); - R2(C, D, A, B, X(7), 11, 0x6ED9EBA1L); - R2(B, C, D, A, X(15), 15, 0x6ED9EBA1L); - - A = c->A += A; - B = c->B += B; - C = c->C += C; - D = c->D += D; - } -} -#endif diff --git a/crypto/md4/md4_local.h b/crypto/md4/md4_local.h deleted file mode 100644 index 66aa5e4038978c42d183f4da00c9677ee9bc6bea..0000000000000000000000000000000000000000 --- a/crypto/md4/md4_local.h +++ /dev/null @@ -1,60 +0,0 @@ -/* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include - -void md4_block_data_order(MD4_CTX *c, const void *p, size_t num); - -#define DATA_ORDER_IS_LITTLE_ENDIAN - -#define HASH_LONG MD4_LONG -#define HASH_CTX MD4_CTX -#define HASH_CBLOCK MD4_CBLOCK -#define HASH_UPDATE MD4_Update -#define HASH_TRANSFORM MD4_Transform -#define HASH_FINAL MD4_Final -#define HASH_MAKE_STRING(c,s) do { \ - unsigned long ll; \ - ll=(c)->A; (void)HOST_l2c(ll,(s)); \ - ll=(c)->B; (void)HOST_l2c(ll,(s)); \ - ll=(c)->C; (void)HOST_l2c(ll,(s)); \ - ll=(c)->D; (void)HOST_l2c(ll,(s)); \ - } while (0) -#define HASH_BLOCK_DATA_ORDER md4_block_data_order - -#include "crypto/md32_common.h" - -/*- -#define F(x,y,z) (((x) & (y)) | ((~(x)) & (z))) -#define G(x,y,z) (((x) & (y)) | ((x) & ((z))) | ((y) & ((z)))) -*/ - -/* - * As pointed out by Wei Dai, the above can be simplified to the code - * below. Wei attributes these optimizations to Peter Gutmann's SHS code, - * and he attributes it to Rich Schroeppel. - */ -#define F(b,c,d) ((((c) ^ (d)) & (b)) ^ (d)) -#define G(b,c,d) (((b) & (c)) | ((b) & (d)) | ((c) & (d))) -#define H(b,c,d) ((b) ^ (c) ^ (d)) - -#define R0(a,b,c,d,k,s,t) { \ - a+=((k)+(t)+F((b),(c),(d))); \ - a=ROTATE(a,s); }; - -#define R1(a,b,c,d,k,s,t) { \ - a+=((k)+(t)+G((b),(c),(d))); \ - a=ROTATE(a,s); }; - -#define R2(a,b,c,d,k,s,t) { \ - a+=((k)+(t)+H((b),(c),(d))); \ - a=ROTATE(a,s); }; diff --git a/crypto/md4/md4_one.c b/crypto/md4/md4_one.c deleted file mode 100644 index 36fa88dd4166b5dab2cf5a7eb87bf4e4b8e7cb98..0000000000000000000000000000000000000000 --- a/crypto/md4/md4_one.c +++ /dev/null @@ -1,53 +0,0 @@ -/* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * MD4 low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include -#include -#include -#include - -#ifdef CHARSET_EBCDIC -# include -#endif - -unsigned char *MD4(const unsigned char *d, size_t n, unsigned char *md) -{ - MD4_CTX c; - static unsigned char m[MD4_DIGEST_LENGTH]; - - if (md == NULL) - md = m; - if (!MD4_Init(&c)) - return NULL; -#ifndef CHARSET_EBCDIC - MD4_Update(&c, d, n); -#else - { - char temp[1024]; - unsigned long chunk; - - while (n > 0) { - chunk = (n > sizeof(temp)) ? sizeof(temp) : n; - ebcdic2ascii(temp, d, chunk); - MD4_Update(&c, temp, chunk); - n -= chunk; - d += chunk; - } - } -#endif - MD4_Final(md, &c); - OPENSSL_cleanse(&c, sizeof(c)); /* security consideration */ - return md; -} diff --git a/crypto/md5/asm/md5-586.pl b/crypto/md5/asm/md5-586.pl deleted file mode 100644 index 8dd8fa0cf765755d0b227780754147e2e3b98ac5..0000000000000000000000000000000000000000 --- a/crypto/md5/asm/md5-586.pl +++ /dev/null @@ -1,320 +0,0 @@ -#! /usr/bin/env perl -# Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - - -# Normal is the -# md5_block_x86(MD5_CTX *c, ULONG *X); -# version, non-normal is the -# md5_block_x86(MD5_CTX *c, ULONG *X,int blocks); - -$normal=0; - -$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; -push(@INC,"${dir}","${dir}../../perlasm"); -require "x86asm.pl"; - -# $output is the last argument if it looks like a file (it has an extension) -$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; - -$output and open STDOUT,">$output"; - -&asm_init($ARGV[0]); - -$A="eax"; -$B="ebx"; -$C="ecx"; -$D="edx"; -$tmp1="edi"; -$tmp2="ebp"; -$X="esi"; - -# What we need to load into $tmp for the next round -%Ltmp1=("R0",&Np($C), "R1",&Np($C), "R2",&Np($C), "R3",&Np($D)); -@xo=( - 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, # R0 - 1, 6, 11, 0, 5, 10, 15, 4, 9, 14, 3, 8, 13, 2, 7, 12, # R1 - 5, 8, 11, 14, 1, 4, 7, 10, 13, 0, 3, 6, 9, 12, 15, 2, # R2 - 0, 7, 14, 5, 12, 3, 10, 1, 8, 15, 6, 13, 4, 11, 2, 9, # R3 - ); - -&md5_block("ossl_md5_block_asm_data_order"); -&asm_finish(); - -close STDOUT or die "error closing STDOUT: $!"; - -sub Np - { - local($p)=@_; - local(%n)=($A,$D,$B,$A,$C,$B,$D,$C); - return($n{$p}); - } - -sub R0 - { - local($pos,$a,$b,$c,$d,$K,$ki,$s,$t)=@_; - - &mov($tmp1,$C) if $pos < 0; - &mov($tmp2,&DWP($xo[$ki]*4,$K,"",0)) if $pos < 0; # very first one - - # body proper - - &comment("R0 $ki"); - &xor($tmp1,$d); # F function - part 2 - - &and($tmp1,$b); # F function - part 3 - &lea($a,&DWP($t,$a,$tmp2,1)); - - &xor($tmp1,$d); # F function - part 4 - &mov($tmp2,&DWP($xo[$ki+1]*4,$K,"",0)) if ($pos != 2); - - &add($a,$tmp1); - - &rotl($a,$s); - - &mov($tmp1,&Np($c)) if $pos < 1; # next tmp1 for R0 - &mov($tmp1,&Np($c)) if $pos == 1; # next tmp1 for R1 - - &add($a,$b); - } - -sub R1 - { - local($pos,$a,$b,$c,$d,$K,$ki,$s,$t)=@_; - - &comment("R1 $ki"); - - &xor($tmp1,$b); # G function - part 2 - &and($tmp1,$d); # G function - part 3 - &lea($a,&DWP($t,$a,$tmp2,1)); - - &xor($tmp1,$c); # G function - part 4 - &mov($tmp2,&DWP($xo[$ki+1]*4,$K,"",0)) if ($pos != 2); - - &add($a,$tmp1); - &mov($tmp1,&Np($c)) if $pos < 1; # G function - part 1 - &mov($tmp1,&Np($c)) if $pos == 1; # G function - part 1 - - &rotl($a,$s); - - &add($a,$b); - } - -sub R2 - { - local($n,$pos,$a,$b,$c,$d,$K,$ki,$s,$t)=@_; - # This one is different, only 3 logical operations - -if (($n & 1) == 0) - { - &comment("R2 $ki"); - # make sure to do 'D' first, not 'B', else we clash with - # the last add from the previous round. - - &xor($tmp1,$d); # H function - part 2 - - &xor($tmp1,$b); # H function - part 3 - &lea($a,&DWP($t,$a,$tmp2,1)); - - &add($a,$tmp1); - &mov($tmp2,&DWP($xo[$ki+1]*4,$K,"",0)); - - &rotl($a,$s); - - &mov($tmp1,&Np($c)); - } -else - { - &comment("R2 $ki"); - # make sure to do 'D' first, not 'B', else we clash with - # the last add from the previous round. - - &add($b,$c); # MOVED FORWARD - &xor($tmp1,$d); # H function - part 2 - - &lea($a,&DWP($t,$a,$tmp2,1)); - - &xor($tmp1,$b); # H function - part 3 - &mov($tmp2,&DWP($xo[$ki+1]*4,$K,"",0)) if ($pos != 2); - - &add($a,$tmp1); - &mov($tmp1,&Np($c)) if $pos < 1; # H function - part 1 - &mov($tmp1,-1) if $pos == 1; # I function - part 1 - - &rotl($a,$s); - - &add($a,$b); - } - } - -sub R3 - { - local($pos,$a,$b,$c,$d,$K,$ki,$s,$t)=@_; - - &comment("R3 $ki"); - - # ¬($tmp1) - &xor($tmp1,$d) if $pos < 0; # I function - part 2 - - &or($tmp1,$b); # I function - part 3 - &lea($a,&DWP($t,$a,$tmp2,1)); - - &xor($tmp1,$c); # I function - part 4 - &mov($tmp2,&DWP($xo[$ki+1]*4,$K,"",0)) if $pos != 2; # load X/k value - &mov($tmp2,&wparam(0)) if $pos == 2; - - &add($a,$tmp1); - &mov($tmp1,-1) if $pos < 1; # H function - part 1 - &add($K,64) if $pos >=1 && !$normal; - - &rotl($a,$s); - - &xor($tmp1,&Np($d)) if $pos <= 0; # I function - part = first time - &mov($tmp1,&DWP( 0,$tmp2,"",0)) if $pos > 0; - &add($a,$b); - } - - -sub md5_block - { - local($name)=@_; - - &function_begin_B($name,"",3); - - # parameter 1 is the MD5_CTX structure. - # A 0 - # B 4 - # C 8 - # D 12 - - &push("esi"); - &push("edi"); - &mov($tmp1, &wparam(0)); # edi - &mov($X, &wparam(1)); # esi - &mov($C, &wparam(2)); - &push("ebp"); - &shl($C, 6); - &push("ebx"); - &add($C, $X); # offset we end at - &sub($C, 64); - &mov($A, &DWP( 0,$tmp1,"",0)); - &push($C); # Put on the TOS - &mov($B, &DWP( 4,$tmp1,"",0)); - &mov($C, &DWP( 8,$tmp1,"",0)); - &mov($D, &DWP(12,$tmp1,"",0)); - - &set_label("start") unless $normal; - &comment(""); - &comment("R0 section"); - - &R0(-2,$A,$B,$C,$D,$X, 0, 7,0xd76aa478); - &R0( 0,$D,$A,$B,$C,$X, 1,12,0xe8c7b756); - &R0( 0,$C,$D,$A,$B,$X, 2,17,0x242070db); - &R0( 0,$B,$C,$D,$A,$X, 3,22,0xc1bdceee); - &R0( 0,$A,$B,$C,$D,$X, 4, 7,0xf57c0faf); - &R0( 0,$D,$A,$B,$C,$X, 5,12,0x4787c62a); - &R0( 0,$C,$D,$A,$B,$X, 6,17,0xa8304613); - &R0( 0,$B,$C,$D,$A,$X, 7,22,0xfd469501); - &R0( 0,$A,$B,$C,$D,$X, 8, 7,0x698098d8); - &R0( 0,$D,$A,$B,$C,$X, 9,12,0x8b44f7af); - &R0( 0,$C,$D,$A,$B,$X,10,17,0xffff5bb1); - &R0( 0,$B,$C,$D,$A,$X,11,22,0x895cd7be); - &R0( 0,$A,$B,$C,$D,$X,12, 7,0x6b901122); - &R0( 0,$D,$A,$B,$C,$X,13,12,0xfd987193); - &R0( 0,$C,$D,$A,$B,$X,14,17,0xa679438e); - &R0( 1,$B,$C,$D,$A,$X,15,22,0x49b40821); - - &comment(""); - &comment("R1 section"); - &R1(-1,$A,$B,$C,$D,$X,16, 5,0xf61e2562); - &R1( 0,$D,$A,$B,$C,$X,17, 9,0xc040b340); - &R1( 0,$C,$D,$A,$B,$X,18,14,0x265e5a51); - &R1( 0,$B,$C,$D,$A,$X,19,20,0xe9b6c7aa); - &R1( 0,$A,$B,$C,$D,$X,20, 5,0xd62f105d); - &R1( 0,$D,$A,$B,$C,$X,21, 9,0x02441453); - &R1( 0,$C,$D,$A,$B,$X,22,14,0xd8a1e681); - &R1( 0,$B,$C,$D,$A,$X,23,20,0xe7d3fbc8); - &R1( 0,$A,$B,$C,$D,$X,24, 5,0x21e1cde6); - &R1( 0,$D,$A,$B,$C,$X,25, 9,0xc33707d6); - &R1( 0,$C,$D,$A,$B,$X,26,14,0xf4d50d87); - &R1( 0,$B,$C,$D,$A,$X,27,20,0x455a14ed); - &R1( 0,$A,$B,$C,$D,$X,28, 5,0xa9e3e905); - &R1( 0,$D,$A,$B,$C,$X,29, 9,0xfcefa3f8); - &R1( 0,$C,$D,$A,$B,$X,30,14,0x676f02d9); - &R1( 1,$B,$C,$D,$A,$X,31,20,0x8d2a4c8a); - - &comment(""); - &comment("R2 section"); - &R2( 0,-1,$A,$B,$C,$D,$X,32, 4,0xfffa3942); - &R2( 1, 0,$D,$A,$B,$C,$X,33,11,0x8771f681); - &R2( 2, 0,$C,$D,$A,$B,$X,34,16,0x6d9d6122); - &R2( 3, 0,$B,$C,$D,$A,$X,35,23,0xfde5380c); - &R2( 4, 0,$A,$B,$C,$D,$X,36, 4,0xa4beea44); - &R2( 5, 0,$D,$A,$B,$C,$X,37,11,0x4bdecfa9); - &R2( 6, 0,$C,$D,$A,$B,$X,38,16,0xf6bb4b60); - &R2( 7, 0,$B,$C,$D,$A,$X,39,23,0xbebfbc70); - &R2( 8, 0,$A,$B,$C,$D,$X,40, 4,0x289b7ec6); - &R2( 9, 0,$D,$A,$B,$C,$X,41,11,0xeaa127fa); - &R2(10, 0,$C,$D,$A,$B,$X,42,16,0xd4ef3085); - &R2(11, 0,$B,$C,$D,$A,$X,43,23,0x04881d05); - &R2(12, 0,$A,$B,$C,$D,$X,44, 4,0xd9d4d039); - &R2(13, 0,$D,$A,$B,$C,$X,45,11,0xe6db99e5); - &R2(14, 0,$C,$D,$A,$B,$X,46,16,0x1fa27cf8); - &R2(15, 1,$B,$C,$D,$A,$X,47,23,0xc4ac5665); - - &comment(""); - &comment("R3 section"); - &R3(-1,$A,$B,$C,$D,$X,48, 6,0xf4292244); - &R3( 0,$D,$A,$B,$C,$X,49,10,0x432aff97); - &R3( 0,$C,$D,$A,$B,$X,50,15,0xab9423a7); - &R3( 0,$B,$C,$D,$A,$X,51,21,0xfc93a039); - &R3( 0,$A,$B,$C,$D,$X,52, 6,0x655b59c3); - &R3( 0,$D,$A,$B,$C,$X,53,10,0x8f0ccc92); - &R3( 0,$C,$D,$A,$B,$X,54,15,0xffeff47d); - &R3( 0,$B,$C,$D,$A,$X,55,21,0x85845dd1); - &R3( 0,$A,$B,$C,$D,$X,56, 6,0x6fa87e4f); - &R3( 0,$D,$A,$B,$C,$X,57,10,0xfe2ce6e0); - &R3( 0,$C,$D,$A,$B,$X,58,15,0xa3014314); - &R3( 0,$B,$C,$D,$A,$X,59,21,0x4e0811a1); - &R3( 0,$A,$B,$C,$D,$X,60, 6,0xf7537e82); - &R3( 0,$D,$A,$B,$C,$X,61,10,0xbd3af235); - &R3( 0,$C,$D,$A,$B,$X,62,15,0x2ad7d2bb); - &R3( 2,$B,$C,$D,$A,$X,63,21,0xeb86d391); - - # &mov($tmp2,&wparam(0)); # done in the last R3 - # &mov($tmp1, &DWP( 0,$tmp2,"",0)); # done is the last R3 - - &add($A,$tmp1); - &mov($tmp1, &DWP( 4,$tmp2,"",0)); - - &add($B,$tmp1); - &mov($tmp1, &DWP( 8,$tmp2,"",0)); - - &add($C,$tmp1); - &mov($tmp1, &DWP(12,$tmp2,"",0)); - - &add($D,$tmp1); - &mov(&DWP( 0,$tmp2,"",0),$A); - - &mov(&DWP( 4,$tmp2,"",0),$B); - &mov($tmp1,&swtmp(0)) unless $normal; - - &mov(&DWP( 8,$tmp2,"",0),$C); - &mov(&DWP(12,$tmp2,"",0),$D); - - &cmp($tmp1,$X) unless $normal; # check count - &jae(&label("start")) unless $normal; - - &pop("eax"); # pop the temp variable off the stack - &pop("ebx"); - &pop("ebp"); - &pop("edi"); - &pop("esi"); - &ret(); - &function_end_B($name); - } - diff --git a/crypto/md5/asm/md5-sparcv9.pl b/crypto/md5/asm/md5-sparcv9.pl deleted file mode 100644 index c41ccf6ba901bcb275d25bf6a90445d6d7ac70d0..0000000000000000000000000000000000000000 --- a/crypto/md5/asm/md5-sparcv9.pl +++ /dev/null @@ -1,442 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2012-2021 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - - -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# -# Hardware SPARC T4 support by David S. Miller. -# ==================================================================== - -# MD5 for SPARCv9, 6.9 cycles per byte on UltraSPARC, >40% faster than -# code generated by Sun C 5.2. - -# SPARC T4 MD5 hardware achieves 3.20 cycles per byte, which is 2.1x -# faster than software. Multi-process benchmark saturates at 12x -# single-process result on 8-core processor, or ~11GBps per 2.85GHz -# socket. - -# $output is the last argument if it looks like a file (it has an extension) -$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; - -$output and open STDOUT,">$output"; - -use integer; - -($ctx,$inp,$len)=("%i0","%i1","%i2"); # input arguments - -# 64-bit values -@X=("%o0","%o1","%o2","%o3","%o4","%o5","%o7","%g1","%g2"); -$tx="%g3"; -($AB,$CD)=("%g4","%g5"); - -# 32-bit values -@V=($A,$B,$C,$D)=map("%l$_",(0..3)); -($t1,$t2,$t3,$saved_asi)=map("%l$_",(4..7)); -($shr,$shl1,$shl2)=("%i3","%i4","%i5"); - -my @K=( 0xd76aa478,0xe8c7b756,0x242070db,0xc1bdceee, - 0xf57c0faf,0x4787c62a,0xa8304613,0xfd469501, - 0x698098d8,0x8b44f7af,0xffff5bb1,0x895cd7be, - 0x6b901122,0xfd987193,0xa679438e,0x49b40821, - - 0xf61e2562,0xc040b340,0x265e5a51,0xe9b6c7aa, - 0xd62f105d,0x02441453,0xd8a1e681,0xe7d3fbc8, - 0x21e1cde6,0xc33707d6,0xf4d50d87,0x455a14ed, - 0xa9e3e905,0xfcefa3f8,0x676f02d9,0x8d2a4c8a, - - 0xfffa3942,0x8771f681,0x6d9d6122,0xfde5380c, - 0xa4beea44,0x4bdecfa9,0xf6bb4b60,0xbebfbc70, - 0x289b7ec6,0xeaa127fa,0xd4ef3085,0x04881d05, - 0xd9d4d039,0xe6db99e5,0x1fa27cf8,0xc4ac5665, - - 0xf4292244,0x432aff97,0xab9423a7,0xfc93a039, - 0x655b59c3,0x8f0ccc92,0xffeff47d,0x85845dd1, - 0x6fa87e4f,0xfe2ce6e0,0xa3014314,0x4e0811a1, - 0xf7537e82,0xbd3af235,0x2ad7d2bb,0xeb86d391, 0 ); - -sub R0 { - my ($i,$a,$b,$c,$d) = @_; - my $rot = (7,12,17,22)[$i%4]; - my $j = ($i+1)/2; - - if ($i&1) { - $code.=<<___; - srlx @X[$j],$shr,@X[$j] ! align X[`$i+1`] - and $b,$t1,$t1 ! round $i - sllx @X[$j+1],$shl1,$tx - add $t2,$a,$a - sllx $tx,$shl2,$tx - xor $d,$t1,$t1 - or $tx,@X[$j],@X[$j] - sethi %hi(@K[$i+1]),$t2 - add $t1,$a,$a - or $t2,%lo(@K[$i+1]),$t2 - sll $a,$rot,$t3 - add @X[$j],$t2,$t2 ! X[`$i+1`]+K[`$i+1`] - srl $a,32-$rot,$a - add $b,$t3,$t3 - xor $b,$c,$t1 - add $t3,$a,$a -___ - } else { - $code.=<<___; - srlx @X[$j],32,$tx ! extract X[`2*$j+1`] - and $b,$t1,$t1 ! round $i - add $t2,$a,$a - xor $d,$t1,$t1 - sethi %hi(@K[$i+1]),$t2 - add $t1,$a,$a - or $t2,%lo(@K[$i+1]),$t2 - sll $a,$rot,$t3 - add $tx,$t2,$t2 ! X[`2*$j+1`]+K[`$i+1`] - srl $a,32-$rot,$a - add $b,$t3,$t3 - xor $b,$c,$t1 - add $t3,$a,$a -___ - } -} - -sub R0_1 { - my ($i,$a,$b,$c,$d) = @_; - my $rot = (7,12,17,22)[$i%4]; - -$code.=<<___; - srlx @X[0],32,$tx ! extract X[1] - and $b,$t1,$t1 ! round $i - add $t2,$a,$a - xor $d,$t1,$t1 - sethi %hi(@K[$i+1]),$t2 - add $t1,$a,$a - or $t2,%lo(@K[$i+1]),$t2 - sll $a,$rot,$t3 - add $tx,$t2,$t2 ! X[1]+K[`$i+1`] - srl $a,32-$rot,$a - add $b,$t3,$t3 - andn $b,$c,$t1 - add $t3,$a,$a -___ -} - -sub R1 { - my ($i,$a,$b,$c,$d) = @_; - my $rot = (5,9,14,20)[$i%4]; - my $j = $i<31 ? (1+5*($i+1))%16 : (5+3*($i+1))%16; - my $xi = @X[$j/2]; - -$code.=<<___ if ($j&1 && ($xi=$tx)); - srlx @X[$j/2],32,$xi ! extract X[$j] -___ -$code.=<<___; - and $b,$d,$t3 ! round $i - add $t2,$a,$a - or $t3,$t1,$t1 - sethi %hi(@K[$i+1]),$t2 - add $t1,$a,$a - or $t2,%lo(@K[$i+1]),$t2 - sll $a,$rot,$t3 - add $xi,$t2,$t2 ! X[$j]+K[`$i+1`] - srl $a,32-$rot,$a - add $b,$t3,$t3 - `$i<31?"andn":"xor"` $b,$c,$t1 - add $t3,$a,$a -___ -} - -sub R2 { - my ($i,$a,$b,$c,$d) = @_; - my $rot = (4,11,16,23)[$i%4]; - my $j = $i<47 ? (5+3*($i+1))%16 : (0+7*($i+1))%16; - my $xi = @X[$j/2]; - -$code.=<<___ if ($j&1 && ($xi=$tx)); - srlx @X[$j/2],32,$xi ! extract X[$j] -___ -$code.=<<___; - add $t2,$a,$a ! round $i - xor $b,$t1,$t1 - sethi %hi(@K[$i+1]),$t2 - add $t1,$a,$a - or $t2,%lo(@K[$i+1]),$t2 - sll $a,$rot,$t3 - add $xi,$t2,$t2 ! X[$j]+K[`$i+1`] - srl $a,32-$rot,$a - add $b,$t3,$t3 - xor $b,$c,$t1 - add $t3,$a,$a -___ -} - -sub R3 { - my ($i,$a,$b,$c,$d) = @_; - my $rot = (6,10,15,21)[$i%4]; - my $j = (0+7*($i+1))%16; - my $xi = @X[$j/2]; - -$code.=<<___; - add $t2,$a,$a ! round $i -___ -$code.=<<___ if ($j&1 && ($xi=$tx)); - srlx @X[$j/2],32,$xi ! extract X[$j] -___ -$code.=<<___; - orn $b,$d,$t1 - sethi %hi(@K[$i+1]),$t2 - xor $c,$t1,$t1 - or $t2,%lo(@K[$i+1]),$t2 - add $t1,$a,$a - sll $a,$rot,$t3 - add $xi,$t2,$t2 ! X[$j]+K[`$i+1`] - srl $a,32-$rot,$a - add $b,$t3,$t3 - add $t3,$a,$a -___ -} - -$code.=<<___; -#ifndef __ASSEMBLER__ -# define __ASSEMBLER__ 1 -#endif -#include "crypto/sparc_arch.h" - -#ifdef __arch64__ -.register %g2,#scratch -.register %g3,#scratch -#endif - -.section ".text",#alloc,#execinstr - -#ifdef __PIC__ -SPARC_PIC_THUNK(%g1) -#endif - -.globl ossl_md5_block_asm_data_order -.align 32 -ossl_md5_block_asm_data_order: - SPARC_LOAD_ADDRESS_LEAF(OPENSSL_sparcv9cap_P,%g1,%g5) - ld [%g1+4],%g1 ! OPENSSL_sparcv9cap_P[1] - - andcc %g1, CFR_MD5, %g0 - be .Lsoftware - nop - - mov 4, %g1 - andcc %o1, 0x7, %g0 - lda [%o0 + %g0]0x88, %f0 ! load context - lda [%o0 + %g1]0x88, %f1 - add %o0, 8, %o0 - lda [%o0 + %g0]0x88, %f2 - lda [%o0 + %g1]0x88, %f3 - bne,pn %icc, .Lhwunaligned - sub %o0, 8, %o0 - -.Lhw_loop: - ldd [%o1 + 0x00], %f8 - ldd [%o1 + 0x08], %f10 - ldd [%o1 + 0x10], %f12 - ldd [%o1 + 0x18], %f14 - ldd [%o1 + 0x20], %f16 - ldd [%o1 + 0x28], %f18 - ldd [%o1 + 0x30], %f20 - subcc %o2, 1, %o2 ! done yet? - ldd [%o1 + 0x38], %f22 - add %o1, 0x40, %o1 - prefetch [%o1 + 63], 20 - - .word 0x81b02800 ! MD5 - - bne,pt SIZE_T_CC, .Lhw_loop - nop - -.Lhwfinish: - sta %f0, [%o0 + %g0]0x88 ! store context - sta %f1, [%o0 + %g1]0x88 - add %o0, 8, %o0 - sta %f2, [%o0 + %g0]0x88 - sta %f3, [%o0 + %g1]0x88 - retl - nop - -.align 8 -.Lhwunaligned: - alignaddr %o1, %g0, %o1 - - ldd [%o1 + 0x00], %f10 -.Lhwunaligned_loop: - ldd [%o1 + 0x08], %f12 - ldd [%o1 + 0x10], %f14 - ldd [%o1 + 0x18], %f16 - ldd [%o1 + 0x20], %f18 - ldd [%o1 + 0x28], %f20 - ldd [%o1 + 0x30], %f22 - ldd [%o1 + 0x38], %f24 - subcc %o2, 1, %o2 ! done yet? - ldd [%o1 + 0x40], %f26 - add %o1, 0x40, %o1 - prefetch [%o1 + 63], 20 - - faligndata %f10, %f12, %f8 - faligndata %f12, %f14, %f10 - faligndata %f14, %f16, %f12 - faligndata %f16, %f18, %f14 - faligndata %f18, %f20, %f16 - faligndata %f20, %f22, %f18 - faligndata %f22, %f24, %f20 - faligndata %f24, %f26, %f22 - - .word 0x81b02800 ! MD5 - - bne,pt SIZE_T_CC, .Lhwunaligned_loop - for %f26, %f26, %f10 ! %f10=%f26 - - ba .Lhwfinish - nop - -.align 16 -.Lsoftware: - save %sp,-STACK_FRAME,%sp - - rd %asi,$saved_asi - wr %g0,0x88,%asi ! ASI_PRIMARY_LITTLE - and $inp,7,$shr - andn $inp,7,$inp - - sll $shr,3,$shr ! *=8 - mov 56,$shl2 - ld [$ctx+0],$A - sub $shl2,$shr,$shl2 - ld [$ctx+4],$B - and $shl2,32,$shl1 - add $shl2,8,$shl2 - ld [$ctx+8],$C - sub $shl2,$shl1,$shl2 ! shr+shl1+shl2==64 - ld [$ctx+12],$D - nop - -.Loop: - cmp $shr,0 ! was inp aligned? - ldxa [$inp+0]%asi,@X[0] ! load little-endian input - ldxa [$inp+8]%asi,@X[1] - ldxa [$inp+16]%asi,@X[2] - ldxa [$inp+24]%asi,@X[3] - ldxa [$inp+32]%asi,@X[4] - sllx $A,32,$AB ! pack A,B - ldxa [$inp+40]%asi,@X[5] - sllx $C,32,$CD ! pack C,D - ldxa [$inp+48]%asi,@X[6] - or $B,$AB,$AB - ldxa [$inp+56]%asi,@X[7] - or $D,$CD,$CD - bnz,a,pn %icc,.+8 - ldxa [$inp+64]%asi,@X[8] - - srlx @X[0],$shr,@X[0] ! align X[0] - sllx @X[1],$shl1,$tx - sethi %hi(@K[0]),$t2 - sllx $tx,$shl2,$tx - or $t2,%lo(@K[0]),$t2 - or $tx,@X[0],@X[0] - xor $C,$D,$t1 - add @X[0],$t2,$t2 ! X[0]+K[0] -___ - for ($i=0;$i<15;$i++) { &R0($i,@V); unshift(@V,pop(@V)); } - for (;$i<16;$i++) { &R0_1($i,@V); unshift(@V,pop(@V)); } - for (;$i<32;$i++) { &R1($i,@V); unshift(@V,pop(@V)); } - for (;$i<48;$i++) { &R2($i,@V); unshift(@V,pop(@V)); } - for (;$i<64;$i++) { &R3($i,@V); unshift(@V,pop(@V)); } -$code.=<<___; - srlx $AB,32,$t1 ! unpack A,B,C,D and accumulate - add $inp,64,$inp ! advance inp - srlx $CD,32,$t2 - add $t1,$A,$A - subcc $len,1,$len ! done yet? - add $AB,$B,$B - add $t2,$C,$C - add $CD,$D,$D - srl $B,0,$B ! clruw $B - bne SIZE_T_CC,.Loop - srl $D,0,$D ! clruw $D - - st $A,[$ctx+0] ! write out ctx - st $B,[$ctx+4] - st $C,[$ctx+8] - st $D,[$ctx+12] - - wr %g0,$saved_asi,%asi - ret - restore -.type ossl_md5_block_asm_data_order,#function -.size ossl_md5_block_asm_data_order,(.-ossl_md5_block_asm_data_order) - -.asciz "MD5 block transform for SPARCv9, CRYPTOGAMS by " -.align 4 -___ - -# Purpose of these subroutines is to explicitly encode VIS instructions, -# so that one can compile the module without having to specify VIS -# extensions on compiler command line, e.g. -xarch=v9 vs. -xarch=v9a. -# Idea is to reserve for option to produce "universal" binary and let -# programmer detect if current CPU is VIS capable at run-time. -sub unvis { -my ($mnemonic,$rs1,$rs2,$rd)=@_; -my $ref,$opf; -my %visopf = ( "faligndata" => 0x048, - "for" => 0x07c ); - - $ref = "$mnemonic\t$rs1,$rs2,$rd"; - - if ($opf=$visopf{$mnemonic}) { - foreach ($rs1,$rs2,$rd) { - return $ref if (!/%f([0-9]{1,2})/); - $_=$1; - if ($1>=32) { - return $ref if ($1&1); - # re-encode for upper double register addressing - $_=($1|$1>>5)&31; - } - } - - return sprintf ".word\t0x%08x !%s", - 0x81b00000|$rd<<25|$rs1<<14|$opf<<5|$rs2, - $ref; - } else { - return $ref; - } -} -sub unalignaddr { -my ($mnemonic,$rs1,$rs2,$rd)=@_; -my %bias = ( "g" => 0, "o" => 8, "l" => 16, "i" => 24 ); -my $ref="$mnemonic\t$rs1,$rs2,$rd"; - - foreach ($rs1,$rs2,$rd) { - if (/%([goli])([0-7])/) { $_=$bias{$1}+$2; } - else { return $ref; } - } - return sprintf ".word\t0x%08x !%s", - 0x81b00300|$rd<<25|$rs1<<14|$rs2, - $ref; -} - -foreach (split("\n",$code)) { - s/\`([^\`]*)\`/eval $1/ge; - - s/\b(f[^\s]*)\s+(%f[0-9]{1,2}),\s*(%f[0-9]{1,2}),\s*(%f[0-9]{1,2})/ - &unvis($1,$2,$3,$4) - /ge; - s/\b(alignaddr)\s+(%[goli][0-7]),\s*(%[goli][0-7]),\s*(%[goli][0-7])/ - &unalignaddr($1,$2,$3,$4) - /ge; - - print $_,"\n"; -} - -close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/md5/asm/md5-x86_64.pl b/crypto/md5/asm/md5-x86_64.pl deleted file mode 100755 index 6625fb7d08aa2197133a6a96549599999cc0374f..0000000000000000000000000000000000000000 --- a/crypto/md5/asm/md5-x86_64.pl +++ /dev/null @@ -1,395 +0,0 @@ -#! /usr/bin/env perl -# Author: Marc Bevand -# Copyright 2005-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - -# MD5 optimized for AMD64. - -use strict; - -my $code; - -# round1_step() does: -# dst = x + ((dst + F(x,y,z) + X[k] + T_i) <<< s) -# %r10d = X[k_next] -# %r11d = z' (copy of z for the next step) -# Each round1_step() takes about 5.3 clocks (9 instructions, 1.7 IPC) -sub round1_step -{ - my ($pos, $dst, $x, $y, $z, $k_next, $T_i, $s) = @_; - $code .= " mov 0*4(%rsi), %r10d /* (NEXT STEP) X[0] */\n" if ($pos == -1); - $code .= " mov %edx, %r11d /* (NEXT STEP) z' = %edx */\n" if ($pos == -1); - $code .= <= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; -my $flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef; - -my $win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/); - -$0 =~ m/(.*[\/\\])[^\/\\]+$/; my $dir=$1; my $xlate; -( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or -( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or -die "can't locate x86_64-xlate.pl"; - -open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"" - or die "can't call $xlate: $!"; -*STDOUT=*OUT; - -$code .= <A - mov 1*4(%rbp), %ebx # ebx = ctx->B - mov 2*4(%rbp), %ecx # ecx = ctx->C - mov 3*4(%rbp), %edx # edx = ctx->D - # end is 'rdi' - # ptr is 'rsi' - # A is 'eax' - # B is 'ebx' - # C is 'ecx' - # D is 'edx' - - cmp %rdi, %rsi # cmp end with ptr - je .Lend # jmp if ptr == end - - # BEGIN of loop over 16-word blocks -.Lloop: # save old values of A, B, C, D - mov %eax, %r8d - mov %ebx, %r9d - mov %ecx, %r14d - mov %edx, %r15d -EOF -round1_step(-1,'%eax','%ebx','%ecx','%edx', '1','0xd76aa478', '7'); -round1_step( 0,'%edx','%eax','%ebx','%ecx', '2','0xe8c7b756','12'); -round1_step( 0,'%ecx','%edx','%eax','%ebx', '3','0x242070db','17'); -round1_step( 0,'%ebx','%ecx','%edx','%eax', '4','0xc1bdceee','22'); -round1_step( 0,'%eax','%ebx','%ecx','%edx', '5','0xf57c0faf', '7'); -round1_step( 0,'%edx','%eax','%ebx','%ecx', '6','0x4787c62a','12'); -round1_step( 0,'%ecx','%edx','%eax','%ebx', '7','0xa8304613','17'); -round1_step( 0,'%ebx','%ecx','%edx','%eax', '8','0xfd469501','22'); -round1_step( 0,'%eax','%ebx','%ecx','%edx', '9','0x698098d8', '7'); -round1_step( 0,'%edx','%eax','%ebx','%ecx','10','0x8b44f7af','12'); -round1_step( 0,'%ecx','%edx','%eax','%ebx','11','0xffff5bb1','17'); -round1_step( 0,'%ebx','%ecx','%edx','%eax','12','0x895cd7be','22'); -round1_step( 0,'%eax','%ebx','%ecx','%edx','13','0x6b901122', '7'); -round1_step( 0,'%edx','%eax','%ebx','%ecx','14','0xfd987193','12'); -round1_step( 0,'%ecx','%edx','%eax','%ebx','15','0xa679438e','17'); -round1_step( 1,'%ebx','%ecx','%edx','%eax', '1','0x49b40821','22'); - -round2_step(-1,'%eax','%ebx','%ecx','%edx', '6','0xf61e2562', '5'); -round2_step( 0,'%edx','%eax','%ebx','%ecx','11','0xc040b340', '9'); -round2_step( 0,'%ecx','%edx','%eax','%ebx', '0','0x265e5a51','14'); -round2_step( 0,'%ebx','%ecx','%edx','%eax', '5','0xe9b6c7aa','20'); -round2_step( 0,'%eax','%ebx','%ecx','%edx','10','0xd62f105d', '5'); -round2_step( 0,'%edx','%eax','%ebx','%ecx','15', '0x2441453', '9'); -round2_step( 0,'%ecx','%edx','%eax','%ebx', '4','0xd8a1e681','14'); -round2_step( 0,'%ebx','%ecx','%edx','%eax', '9','0xe7d3fbc8','20'); -round2_step( 0,'%eax','%ebx','%ecx','%edx','14','0x21e1cde6', '5'); -round2_step( 0,'%edx','%eax','%ebx','%ecx', '3','0xc33707d6', '9'); -round2_step( 0,'%ecx','%edx','%eax','%ebx', '8','0xf4d50d87','14'); -round2_step( 0,'%ebx','%ecx','%edx','%eax','13','0x455a14ed','20'); -round2_step( 0,'%eax','%ebx','%ecx','%edx', '2','0xa9e3e905', '5'); -round2_step( 0,'%edx','%eax','%ebx','%ecx', '7','0xfcefa3f8', '9'); -round2_step( 0,'%ecx','%edx','%eax','%ebx','12','0x676f02d9','14'); -round2_step( 1,'%ebx','%ecx','%edx','%eax', '5','0x8d2a4c8a','20'); - -round3_step(-1,'%eax','%ebx','%ecx','%edx', '8','0xfffa3942', '4'); -round3_step( 0,'%edx','%eax','%ebx','%ecx','11','0x8771f681','11'); -round3_step( 0,'%ecx','%edx','%eax','%ebx','14','0x6d9d6122','16'); -round3_step( 0,'%ebx','%ecx','%edx','%eax', '1','0xfde5380c','23'); -round3_step( 0,'%eax','%ebx','%ecx','%edx', '4','0xa4beea44', '4'); -round3_step( 0,'%edx','%eax','%ebx','%ecx', '7','0x4bdecfa9','11'); -round3_step( 0,'%ecx','%edx','%eax','%ebx','10','0xf6bb4b60','16'); -round3_step( 0,'%ebx','%ecx','%edx','%eax','13','0xbebfbc70','23'); -round3_step( 0,'%eax','%ebx','%ecx','%edx', '0','0x289b7ec6', '4'); -round3_step( 0,'%edx','%eax','%ebx','%ecx', '3','0xeaa127fa','11'); -round3_step( 0,'%ecx','%edx','%eax','%ebx', '6','0xd4ef3085','16'); -round3_step( 0,'%ebx','%ecx','%edx','%eax', '9', '0x4881d05','23'); -round3_step( 0,'%eax','%ebx','%ecx','%edx','12','0xd9d4d039', '4'); -round3_step( 0,'%edx','%eax','%ebx','%ecx','15','0xe6db99e5','11'); -round3_step( 0,'%ecx','%edx','%eax','%ebx', '2','0x1fa27cf8','16'); -round3_step( 1,'%ebx','%ecx','%edx','%eax', '0','0xc4ac5665','23'); - -round4_step(-1,'%eax','%ebx','%ecx','%edx', '7','0xf4292244', '6'); -round4_step( 0,'%edx','%eax','%ebx','%ecx','14','0x432aff97','10'); -round4_step( 0,'%ecx','%edx','%eax','%ebx', '5','0xab9423a7','15'); -round4_step( 0,'%ebx','%ecx','%edx','%eax','12','0xfc93a039','21'); -round4_step( 0,'%eax','%ebx','%ecx','%edx', '3','0x655b59c3', '6'); -round4_step( 0,'%edx','%eax','%ebx','%ecx','10','0x8f0ccc92','10'); -round4_step( 0,'%ecx','%edx','%eax','%ebx', '1','0xffeff47d','15'); -round4_step( 0,'%ebx','%ecx','%edx','%eax', '8','0x85845dd1','21'); -round4_step( 0,'%eax','%ebx','%ecx','%edx','15','0x6fa87e4f', '6'); -round4_step( 0,'%edx','%eax','%ebx','%ecx', '6','0xfe2ce6e0','10'); -round4_step( 0,'%ecx','%edx','%eax','%ebx','13','0xa3014314','15'); -round4_step( 0,'%ebx','%ecx','%edx','%eax', '4','0x4e0811a1','21'); -round4_step( 0,'%eax','%ebx','%ecx','%edx','11','0xf7537e82', '6'); -round4_step( 0,'%edx','%eax','%ebx','%ecx', '2','0xbd3af235','10'); -round4_step( 0,'%ecx','%edx','%eax','%ebx', '9','0x2ad7d2bb','15'); -round4_step( 1,'%ebx','%ecx','%edx','%eax', '0','0xeb86d391','21'); -$code .= <A = A - mov %ebx, 1*4(%rbp) # ctx->B = B - mov %ecx, 2*4(%rbp) # ctx->C = C - mov %edx, 3*4(%rbp) # ctx->D = D - - mov (%rsp),%r15 -.cfi_restore %r15 - mov 8(%rsp),%r14 -.cfi_restore %r14 - mov 16(%rsp),%r12 -.cfi_restore %r12 - mov 24(%rsp),%rbx -.cfi_restore %rbx - mov 32(%rsp),%rbp -.cfi_restore %rbp - add \$40,%rsp -.cfi_adjust_cfa_offset -40 -.Lepilogue: - ret -.cfi_endproc -.size ossl_md5_block_asm_data_order,.-ossl_md5_block_asm_data_order -EOF - -# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame, -# CONTEXT *context,DISPATCHER_CONTEXT *disp) -if ($win64) { -my $rec="%rcx"; -my $frame="%rdx"; -my $context="%r8"; -my $disp="%r9"; - -$code.=<<___; -.extern __imp_RtlVirtualUnwind -.type se_handler,\@abi-omnipotent -.align 16 -se_handler: - push %rsi - push %rdi - push %rbx - push %rbp - push %r12 - push %r13 - push %r14 - push %r15 - pushfq - sub \$64,%rsp - - mov 120($context),%rax # pull context->Rax - mov 248($context),%rbx # pull context->Rip - - lea .Lprologue(%rip),%r10 - cmp %r10,%rbx # context->Rip<.Lprologue - jb .Lin_prologue - - mov 152($context),%rax # pull context->Rsp - - lea .Lepilogue(%rip),%r10 - cmp %r10,%rbx # context->Rip>=.Lepilogue - jae .Lin_prologue - - lea 40(%rax),%rax - - mov -8(%rax),%rbp - mov -16(%rax),%rbx - mov -24(%rax),%r12 - mov -32(%rax),%r14 - mov -40(%rax),%r15 - mov %rbx,144($context) # restore context->Rbx - mov %rbp,160($context) # restore context->Rbp - mov %r12,216($context) # restore context->R12 - mov %r14,232($context) # restore context->R14 - mov %r15,240($context) # restore context->R15 - -.Lin_prologue: - mov 8(%rax),%rdi - mov 16(%rax),%rsi - mov %rax,152($context) # restore context->Rsp - mov %rsi,168($context) # restore context->Rsi - mov %rdi,176($context) # restore context->Rdi - - mov 40($disp),%rdi # disp->ContextRecord - mov $context,%rsi # context - mov \$154,%ecx # sizeof(CONTEXT) - .long 0xa548f3fc # cld; rep movsq - - mov $disp,%rsi - xor %rcx,%rcx # arg1, UNW_FLAG_NHANDLER - mov 8(%rsi),%rdx # arg2, disp->ImageBase - mov 0(%rsi),%r8 # arg3, disp->ControlPc - mov 16(%rsi),%r9 # arg4, disp->FunctionEntry - mov 40(%rsi),%r10 # disp->ContextRecord - lea 56(%rsi),%r11 # &disp->HandlerData - lea 24(%rsi),%r12 # &disp->EstablisherFrame - mov %r10,32(%rsp) # arg5 - mov %r11,40(%rsp) # arg6 - mov %r12,48(%rsp) # arg7 - mov %rcx,56(%rsp) # arg8, (NULL) - call *__imp_RtlVirtualUnwind(%rip) - - mov \$1,%eax # ExceptionContinueSearch - add \$64,%rsp - popfq - pop %r15 - pop %r14 - pop %r13 - pop %r12 - pop %rbp - pop %rbx - pop %rdi - pop %rsi - ret -.size se_handler,.-se_handler - -.section .pdata -.align 4 - .rva .LSEH_begin_ossl_md5_block_asm_data_order - .rva .LSEH_end_ossl_md5_block_asm_data_order - .rva .LSEH_info_ossl_md5_block_asm_data_order - -.section .xdata -.align 8 -.LSEH_info_ossl_md5_block_asm_data_order: - .byte 9,0,0,0 - .rva se_handler -___ -} - -print $code; - -close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/md5/build.info b/crypto/md5/build.info deleted file mode 100644 index a1e28c81532976b3de80ab0230b12980fa5b3af7..0000000000000000000000000000000000000000 --- a/crypto/md5/build.info +++ /dev/null @@ -1,40 +0,0 @@ -LIBS=../../libcrypto - -$MD5ASM= -IF[{- !$disabled{asm} -}] - $MD5ASM_x86=md5-586.S - $MD5ASM_x86_64=md5-x86_64.s - $MD5ASM_sparcv9=md5-sparcv9.S - - # Now that we have defined all the arch specific variables, use the - # appropriate one, and define the appropriate macros - IF[$MD5ASM_{- $target{asm_arch} -}] - $MD5ASM=$MD5ASM_{- $target{asm_arch} -} - $MD5DEF=MD5_ASM - ENDIF -ENDIF - -$COMMON=md5_dgst.c md5_one.c md5_sha1.c $MD5ASM -SOURCE[../../libcrypto]=$COMMON - -# A no-deprecated no-shared build ends up with double function definitions -# without conditioning this on dso. The issue is MD5 which is needed in the -# legacy provider for one of the spliced algorithms, however it resides in the -# default provider. A no-deprecated build removes the external definition from -# libcrypto and this means that the code needs to be in liblegacy. However, -# when building without 'dso', liblegacy is included in libcrypto. -IF[{- !$disabled{dso} -}] - SOURCE[../../providers/liblegacy.a]=$COMMON -ENDIF - -# Implementations are now spread across several libraries, so the defines -# need to be applied to all affected libraries and modules. -DEFINE[../../libcrypto]=$MD5DEF -DEFINE[../../providers/liblegacy.a]=$MD5DEF - -GENERATE[md5-586.S]=asm/md5-586.pl - -GENERATE[md5-x86_64.s]=asm/md5-x86_64.pl - -GENERATE[md5-sparcv9.S]=asm/md5-sparcv9.pl -INCLUDE[md5-sparcv9.o]=.. diff --git a/crypto/md5/md5_dgst.c b/crypto/md5/md5_dgst.c deleted file mode 100644 index 913b1ea5cad6f0f104ef04c5bd1f4187dbadaa6f..0000000000000000000000000000000000000000 --- a/crypto/md5/md5_dgst.c +++ /dev/null @@ -1,170 +0,0 @@ -/* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * MD5 low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include -#include "md5_local.h" -#include - -/* - * Implemented from RFC1321 The MD5 Message-Digest Algorithm - */ - -#define INIT_DATA_A (unsigned long)0x67452301L -#define INIT_DATA_B (unsigned long)0xefcdab89L -#define INIT_DATA_C (unsigned long)0x98badcfeL -#define INIT_DATA_D (unsigned long)0x10325476L - -int MD5_Init(MD5_CTX *c) -{ - memset(c, 0, sizeof(*c)); - c->A = INIT_DATA_A; - c->B = INIT_DATA_B; - c->C = INIT_DATA_C; - c->D = INIT_DATA_D; - return 1; -} - -#ifndef md5_block_data_order -# ifdef X -# undef X -# endif -void md5_block_data_order(MD5_CTX *c, const void *data_, size_t num) -{ - const unsigned char *data = data_; - register unsigned MD32_REG_T A, B, C, D, l; -# ifndef MD32_XARRAY - /* See comment in crypto/sha/sha_local.h for details. */ - unsigned MD32_REG_T XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7, - XX8, XX9, XX10, XX11, XX12, XX13, XX14, XX15; -# define X(i) XX##i -# else - MD5_LONG XX[MD5_LBLOCK]; -# define X(i) XX[i] -# endif - - A = c->A; - B = c->B; - C = c->C; - D = c->D; - - for (; num--;) { - (void)HOST_c2l(data, l); - X(0) = l; - (void)HOST_c2l(data, l); - X(1) = l; - /* Round 0 */ - R0(A, B, C, D, X(0), 7, 0xd76aa478L); - (void)HOST_c2l(data, l); - X(2) = l; - R0(D, A, B, C, X(1), 12, 0xe8c7b756L); - (void)HOST_c2l(data, l); - X(3) = l; - R0(C, D, A, B, X(2), 17, 0x242070dbL); - (void)HOST_c2l(data, l); - X(4) = l; - R0(B, C, D, A, X(3), 22, 0xc1bdceeeL); - (void)HOST_c2l(data, l); - X(5) = l; - R0(A, B, C, D, X(4), 7, 0xf57c0fafL); - (void)HOST_c2l(data, l); - X(6) = l; - R0(D, A, B, C, X(5), 12, 0x4787c62aL); - (void)HOST_c2l(data, l); - X(7) = l; - R0(C, D, A, B, X(6), 17, 0xa8304613L); - (void)HOST_c2l(data, l); - X(8) = l; - R0(B, C, D, A, X(7), 22, 0xfd469501L); - (void)HOST_c2l(data, l); - X(9) = l; - R0(A, B, C, D, X(8), 7, 0x698098d8L); - (void)HOST_c2l(data, l); - X(10) = l; - R0(D, A, B, C, X(9), 12, 0x8b44f7afL); - (void)HOST_c2l(data, l); - X(11) = l; - R0(C, D, A, B, X(10), 17, 0xffff5bb1L); - (void)HOST_c2l(data, l); - X(12) = l; - R0(B, C, D, A, X(11), 22, 0x895cd7beL); - (void)HOST_c2l(data, l); - X(13) = l; - R0(A, B, C, D, X(12), 7, 0x6b901122L); - (void)HOST_c2l(data, l); - X(14) = l; - R0(D, A, B, C, X(13), 12, 0xfd987193L); - (void)HOST_c2l(data, l); - X(15) = l; - R0(C, D, A, B, X(14), 17, 0xa679438eL); - R0(B, C, D, A, X(15), 22, 0x49b40821L); - /* Round 1 */ - R1(A, B, C, D, X(1), 5, 0xf61e2562L); - R1(D, A, B, C, X(6), 9, 0xc040b340L); - R1(C, D, A, B, X(11), 14, 0x265e5a51L); - R1(B, C, D, A, X(0), 20, 0xe9b6c7aaL); - R1(A, B, C, D, X(5), 5, 0xd62f105dL); - R1(D, A, B, C, X(10), 9, 0x02441453L); - R1(C, D, A, B, X(15), 14, 0xd8a1e681L); - R1(B, C, D, A, X(4), 20, 0xe7d3fbc8L); - R1(A, B, C, D, X(9), 5, 0x21e1cde6L); - R1(D, A, B, C, X(14), 9, 0xc33707d6L); - R1(C, D, A, B, X(3), 14, 0xf4d50d87L); - R1(B, C, D, A, X(8), 20, 0x455a14edL); - R1(A, B, C, D, X(13), 5, 0xa9e3e905L); - R1(D, A, B, C, X(2), 9, 0xfcefa3f8L); - R1(C, D, A, B, X(7), 14, 0x676f02d9L); - R1(B, C, D, A, X(12), 20, 0x8d2a4c8aL); - /* Round 2 */ - R2(A, B, C, D, X(5), 4, 0xfffa3942L); - R2(D, A, B, C, X(8), 11, 0x8771f681L); - R2(C, D, A, B, X(11), 16, 0x6d9d6122L); - R2(B, C, D, A, X(14), 23, 0xfde5380cL); - R2(A, B, C, D, X(1), 4, 0xa4beea44L); - R2(D, A, B, C, X(4), 11, 0x4bdecfa9L); - R2(C, D, A, B, X(7), 16, 0xf6bb4b60L); - R2(B, C, D, A, X(10), 23, 0xbebfbc70L); - R2(A, B, C, D, X(13), 4, 0x289b7ec6L); - R2(D, A, B, C, X(0), 11, 0xeaa127faL); - R2(C, D, A, B, X(3), 16, 0xd4ef3085L); - R2(B, C, D, A, X(6), 23, 0x04881d05L); - R2(A, B, C, D, X(9), 4, 0xd9d4d039L); - R2(D, A, B, C, X(12), 11, 0xe6db99e5L); - R2(C, D, A, B, X(15), 16, 0x1fa27cf8L); - R2(B, C, D, A, X(2), 23, 0xc4ac5665L); - /* Round 3 */ - R3(A, B, C, D, X(0), 6, 0xf4292244L); - R3(D, A, B, C, X(7), 10, 0x432aff97L); - R3(C, D, A, B, X(14), 15, 0xab9423a7L); - R3(B, C, D, A, X(5), 21, 0xfc93a039L); - R3(A, B, C, D, X(12), 6, 0x655b59c3L); - R3(D, A, B, C, X(3), 10, 0x8f0ccc92L); - R3(C, D, A, B, X(10), 15, 0xffeff47dL); - R3(B, C, D, A, X(1), 21, 0x85845dd1L); - R3(A, B, C, D, X(8), 6, 0x6fa87e4fL); - R3(D, A, B, C, X(15), 10, 0xfe2ce6e0L); - R3(C, D, A, B, X(6), 15, 0xa3014314L); - R3(B, C, D, A, X(13), 21, 0x4e0811a1L); - R3(A, B, C, D, X(4), 6, 0xf7537e82L); - R3(D, A, B, C, X(11), 10, 0xbd3af235L); - R3(C, D, A, B, X(2), 15, 0x2ad7d2bbL); - R3(B, C, D, A, X(9), 21, 0xeb86d391L); - - A = c->A += A; - B = c->B += B; - C = c->C += C; - D = c->D += D; - } -} -#endif diff --git a/crypto/md5/md5_local.h b/crypto/md5/md5_local.h deleted file mode 100644 index 22a0e0f62aed12b1bdc0f9a85f79078c141a8c7b..0000000000000000000000000000000000000000 --- a/crypto/md5/md5_local.h +++ /dev/null @@ -1,80 +0,0 @@ -/* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include - -#ifdef MD5_ASM -# if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \ - defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64) || defined(_M_X64) -# define md5_block_data_order ossl_md5_block_asm_data_order -# elif defined(__ia64) || defined(__ia64__) || defined(_M_IA64) -# define md5_block_data_order ossl_md5_block_asm_data_order -# elif defined(__sparc) || defined(__sparc__) -# define md5_block_data_order ossl_md5_block_asm_data_order -# endif -#endif - -void md5_block_data_order(MD5_CTX *c, const void *p, size_t num); - -#define DATA_ORDER_IS_LITTLE_ENDIAN - -#define HASH_LONG MD5_LONG -#define HASH_CTX MD5_CTX -#define HASH_CBLOCK MD5_CBLOCK -#define HASH_UPDATE MD5_Update -#define HASH_TRANSFORM MD5_Transform -#define HASH_FINAL MD5_Final -#define HASH_MAKE_STRING(c,s) do { \ - unsigned long ll; \ - ll=(c)->A; (void)HOST_l2c(ll,(s)); \ - ll=(c)->B; (void)HOST_l2c(ll,(s)); \ - ll=(c)->C; (void)HOST_l2c(ll,(s)); \ - ll=(c)->D; (void)HOST_l2c(ll,(s)); \ - } while (0) -#define HASH_BLOCK_DATA_ORDER md5_block_data_order - -#include "crypto/md32_common.h" - -/*- -#define F(x,y,z) (((x) & (y)) | ((~(x)) & (z))) -#define G(x,y,z) (((x) & (z)) | ((y) & (~(z)))) -*/ - -/* - * As pointed out by Wei Dai, the above can be simplified to the code - * below. Wei attributes these optimizations to Peter Gutmann's - * SHS code, and he attributes it to Rich Schroeppel. - */ -#define F(b,c,d) ((((c) ^ (d)) & (b)) ^ (d)) -#define G(b,c,d) ((((b) ^ (c)) & (d)) ^ (c)) -#define H(b,c,d) ((b) ^ (c) ^ (d)) -#define I(b,c,d) (((~(d)) | (b)) ^ (c)) - -#define R0(a,b,c,d,k,s,t) { \ - a+=((k)+(t)+F((b),(c),(d))); \ - a=ROTATE(a,s); \ - a+=b; }; - -#define R1(a,b,c,d,k,s,t) { \ - a+=((k)+(t)+G((b),(c),(d))); \ - a=ROTATE(a,s); \ - a+=b; }; - -#define R2(a,b,c,d,k,s,t) { \ - a+=((k)+(t)+H((b),(c),(d))); \ - a=ROTATE(a,s); \ - a+=b; }; - -#define R3(a,b,c,d,k,s,t) { \ - a+=((k)+(t)+I((b),(c),(d))); \ - a=ROTATE(a,s); \ - a+=b; }; diff --git a/crypto/md5/md5_one.c b/crypto/md5/md5_one.c deleted file mode 100644 index fe9b3df29e83fa20d040b59c4abf4c7f44bcaff4..0000000000000000000000000000000000000000 --- a/crypto/md5/md5_one.c +++ /dev/null @@ -1,53 +0,0 @@ -/* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * MD5 low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include -#include -#include -#include - -#ifdef CHARSET_EBCDIC -# include -#endif - -unsigned char *MD5(const unsigned char *d, size_t n, unsigned char *md) -{ - MD5_CTX c; - static unsigned char m[MD5_DIGEST_LENGTH]; - - if (md == NULL) - md = m; - if (!MD5_Init(&c)) - return NULL; -#ifndef CHARSET_EBCDIC - MD5_Update(&c, d, n); -#else - { - char temp[1024]; - unsigned long chunk; - - while (n > 0) { - chunk = (n > sizeof(temp)) ? sizeof(temp) : n; - ebcdic2ascii(temp, d, chunk); - MD5_Update(&c, temp, chunk); - n -= chunk; - d += chunk; - } - } -#endif - MD5_Final(md, &c); - OPENSSL_cleanse(&c, sizeof(c)); /* security consideration */ - return md; -} diff --git a/crypto/md5/md5_sha1.c b/crypto/md5/md5_sha1.c deleted file mode 100644 index 56defab163fa52fede0bd12d070012e797aa5899..0000000000000000000000000000000000000000 --- a/crypto/md5/md5_sha1.c +++ /dev/null @@ -1,108 +0,0 @@ -/* - * Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * MD5 and SHA-1 low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include -#include "prov/md5_sha1.h" -#include - -int ossl_md5_sha1_init(MD5_SHA1_CTX *mctx) -{ - if (!MD5_Init(&mctx->md5)) - return 0; - return SHA1_Init(&mctx->sha1); -} - -int ossl_md5_sha1_update(MD5_SHA1_CTX *mctx, const void *data, size_t count) -{ - if (!MD5_Update(&mctx->md5, data, count)) - return 0; - return SHA1_Update(&mctx->sha1, data, count); -} - -int ossl_md5_sha1_final(unsigned char *md, MD5_SHA1_CTX *mctx) -{ - if (!MD5_Final(md, &mctx->md5)) - return 0; - return SHA1_Final(md + MD5_DIGEST_LENGTH, &mctx->sha1); -} - -int ossl_md5_sha1_ctrl(MD5_SHA1_CTX *mctx, int cmd, int mslen, void *ms) -{ - unsigned char padtmp[48]; - unsigned char md5tmp[MD5_DIGEST_LENGTH]; - unsigned char sha1tmp[SHA_DIGEST_LENGTH]; - - if (cmd != EVP_CTRL_SSL3_MASTER_SECRET) - return -2; - - if (mctx == NULL) - return 0; - - /* SSLv3 client auth handling: see RFC-6101 5.6.8 */ - if (mslen != 48) - return 0; - - /* At this point hash contains all handshake messages, update - * with master secret and pad_1. - */ - - if (ossl_md5_sha1_update(mctx, ms, mslen) <= 0) - return 0; - - /* Set padtmp to pad_1 value */ - memset(padtmp, 0x36, sizeof(padtmp)); - - if (!MD5_Update(&mctx->md5, padtmp, sizeof(padtmp))) - return 0; - - if (!MD5_Final(md5tmp, &mctx->md5)) - return 0; - - if (!SHA1_Update(&mctx->sha1, padtmp, 40)) - return 0; - - if (!SHA1_Final(sha1tmp, &mctx->sha1)) - return 0; - - /* Reinitialise context */ - - if (!ossl_md5_sha1_init(mctx)) - return 0; - - if (ossl_md5_sha1_update(mctx, ms, mslen) <= 0) - return 0; - - /* Set padtmp to pad_2 value */ - memset(padtmp, 0x5c, sizeof(padtmp)); - - if (!MD5_Update(&mctx->md5, padtmp, sizeof(padtmp))) - return 0; - - if (!MD5_Update(&mctx->md5, md5tmp, sizeof(md5tmp))) - return 0; - - if (!SHA1_Update(&mctx->sha1, padtmp, 40)) - return 0; - - if (!SHA1_Update(&mctx->sha1, sha1tmp, sizeof(sha1tmp))) - return 0; - - /* Now when ctx is finalised it will return the SSL v3 hash value */ - - OPENSSL_cleanse(md5tmp, sizeof(md5tmp)); - OPENSSL_cleanse(sha1tmp, sizeof(sha1tmp)); - - return 1; -} diff --git a/crypto/mdc2/build.info b/crypto/mdc2/build.info deleted file mode 100644 index 76aa0705e465a2d55767518f89aa8bff2af71211..0000000000000000000000000000000000000000 --- a/crypto/mdc2/build.info +++ /dev/null @@ -1,9 +0,0 @@ -LIBS=../../libcrypto - -SOURCE[../../libcrypto]=mdc2dgst.c mdc2_one.c - -# When all deprecated symbols are removed, libcrypto doesn't export the -# MDC2 functions, so we must include them directly in liblegacy.a -IF[{- $disabled{'deprecated-3.0'} -}] - SOURCE[../../providers/liblegacy.a]=mdc2dgst.c mdc2_one.c -ENDIF diff --git a/crypto/mdc2/mdc2_one.c b/crypto/mdc2/mdc2_one.c deleted file mode 100644 index cb978263ed5d48562d6f1d8cb4a88cfa3318644d..0000000000000000000000000000000000000000 --- a/crypto/mdc2/mdc2_one.c +++ /dev/null @@ -1,33 +0,0 @@ -/* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * MD2 low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include -#include "internal/cryptlib.h" -#include - -unsigned char *MDC2(const unsigned char *d, size_t n, unsigned char *md) -{ - MDC2_CTX c; - static unsigned char m[MDC2_DIGEST_LENGTH]; - - if (md == NULL) - md = m; - if (!MDC2_Init(&c)) - return NULL; - MDC2_Update(&c, d, n); - MDC2_Final(md, &c); - OPENSSL_cleanse(&c, sizeof(c)); /* security consideration */ - return md; -} diff --git a/crypto/mdc2/mdc2dgst.c b/crypto/mdc2/mdc2dgst.c deleted file mode 100644 index 607f9fc73a3ec73b07cca2a8f0e690285a2e9a93..0000000000000000000000000000000000000000 --- a/crypto/mdc2/mdc2dgst.c +++ /dev/null @@ -1,132 +0,0 @@ -/* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * MD2 low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include -#include -#include -#include -#include -#include - -#undef c2l -#define c2l(c,l) (l =((DES_LONG)(*((c)++))) , \ - l|=((DES_LONG)(*((c)++)))<< 8L, \ - l|=((DES_LONG)(*((c)++)))<<16L, \ - l|=((DES_LONG)(*((c)++)))<<24L) - -#undef l2c -#define l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \ - *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \ - *((c)++)=(unsigned char)(((l)>>16L)&0xff), \ - *((c)++)=(unsigned char)(((l)>>24L)&0xff)) - -static void mdc2_body(MDC2_CTX *c, const unsigned char *in, size_t len); -int MDC2_Init(MDC2_CTX *c) -{ - c->num = 0; - c->pad_type = 1; - memset(&(c->h[0]), 0x52, MDC2_BLOCK); - memset(&(c->hh[0]), 0x25, MDC2_BLOCK); - return 1; -} - -int MDC2_Update(MDC2_CTX *c, const unsigned char *in, size_t len) -{ - size_t i, j; - - i = c->num; - if (i != 0) { - if (len < MDC2_BLOCK - i) { - /* partial block */ - memcpy(&(c->data[i]), in, len); - c->num += (int)len; - return 1; - } else { - /* filled one */ - j = MDC2_BLOCK - i; - memcpy(&(c->data[i]), in, j); - len -= j; - in += j; - c->num = 0; - mdc2_body(c, &(c->data[0]), MDC2_BLOCK); - } - } - i = len & ~((size_t)MDC2_BLOCK - 1); - if (i > 0) - mdc2_body(c, in, i); - j = len - i; - if (j > 0) { - memcpy(&(c->data[0]), &(in[i]), j); - c->num = (int)j; - } - return 1; -} - -static void mdc2_body(MDC2_CTX *c, const unsigned char *in, size_t len) -{ - register DES_LONG tin0, tin1; - register DES_LONG ttin0, ttin1; - DES_LONG d[2], dd[2]; - DES_key_schedule k; - unsigned char *p; - size_t i; - - for (i = 0; i < len; i += 8) { - c2l(in, tin0); - d[0] = dd[0] = tin0; - c2l(in, tin1); - d[1] = dd[1] = tin1; - c->h[0] = (c->h[0] & 0x9f) | 0x40; - c->hh[0] = (c->hh[0] & 0x9f) | 0x20; - - DES_set_odd_parity(&c->h); - DES_set_key_unchecked(&c->h, &k); - DES_encrypt1(d, &k, 1); - - DES_set_odd_parity(&c->hh); - DES_set_key_unchecked(&c->hh, &k); - DES_encrypt1(dd, &k, 1); - - ttin0 = tin0 ^ dd[0]; - ttin1 = tin1 ^ dd[1]; - tin0 ^= d[0]; - tin1 ^= d[1]; - - p = c->h; - l2c(tin0, p); - l2c(ttin1, p); - p = c->hh; - l2c(ttin0, p); - l2c(tin1, p); - } -} - -int MDC2_Final(unsigned char *md, MDC2_CTX *c) -{ - unsigned int i; - int j; - - i = c->num; - j = c->pad_type; - if ((i > 0) || (j == 2)) { - if (j == 2) - c->data[i++] = 0x80; - memset(&(c->data[i]), 0, MDC2_BLOCK - i); - mdc2_body(c, c->data, MDC2_BLOCK); - } - memcpy(md, (char *)c->h, MDC2_BLOCK); - memcpy(&(md[MDC2_BLOCK]), (char *)c->hh, MDC2_BLOCK); - return 1; -} diff --git a/crypto/mem.c b/crypto/mem.c deleted file mode 100644 index f6cdcf5a423ec79ed4fff785788e315f5a5ead27..0000000000000000000000000000000000000000 --- a/crypto/mem.c +++ /dev/null @@ -1,337 +0,0 @@ -/* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include "e_os.h" -#include "internal/cryptlib.h" -#include "crypto/cryptlib.h" -#include -#include -#include -#include - -/* - * the following pointers may be changed as long as 'allow_customize' is set - */ -static int allow_customize = 1; -static CRYPTO_malloc_fn malloc_impl = CRYPTO_malloc; -static CRYPTO_realloc_fn realloc_impl = CRYPTO_realloc; -static CRYPTO_free_fn free_impl = CRYPTO_free; - -#if !defined(OPENSSL_NO_CRYPTO_MDEBUG) && !defined(FIPS_MODULE) -# include "internal/tsan_assist.h" - -# ifdef TSAN_REQUIRES_LOCKING -# define INCREMENT(x) /* empty */ -# define LOAD(x) 0 -# else /* TSAN_REQUIRES_LOCKING */ -static TSAN_QUALIFIER int malloc_count; -static TSAN_QUALIFIER int realloc_count; -static TSAN_QUALIFIER int free_count; - -# define INCREMENT(x) tsan_counter(&(x)) -# define LOAD(x) tsan_load(&x) -# endif /* TSAN_REQUIRES_LOCKING */ - -static char *md_failstring; -static long md_count; -static int md_fail_percent = 0; -static int md_tracefd = -1; - -static void parseit(void); -static int shouldfail(void); - -# define FAILTEST() if (shouldfail()) return NULL - -#else - -# define INCREMENT(x) /* empty */ -# define FAILTEST() /* empty */ -#endif - -int CRYPTO_set_mem_functions(CRYPTO_malloc_fn malloc_fn, - CRYPTO_realloc_fn realloc_fn, - CRYPTO_free_fn free_fn) -{ - if (!allow_customize) - return 0; - if (malloc_fn != NULL) - malloc_impl = malloc_fn; - if (realloc_fn != NULL) - realloc_impl = realloc_fn; - if (free_fn != NULL) - free_impl = free_fn; - return 1; -} - -void CRYPTO_get_mem_functions(CRYPTO_malloc_fn *malloc_fn, - CRYPTO_realloc_fn *realloc_fn, - CRYPTO_free_fn *free_fn) -{ - if (malloc_fn != NULL) - *malloc_fn = malloc_impl; - if (realloc_fn != NULL) - *realloc_fn = realloc_impl; - if (free_fn != NULL) - *free_fn = free_impl; -} - -#if !defined(OPENSSL_NO_CRYPTO_MDEBUG) && !defined(FIPS_MODULE) -void CRYPTO_get_alloc_counts(int *mcount, int *rcount, int *fcount) -{ - if (mcount != NULL) - *mcount = LOAD(malloc_count); - if (rcount != NULL) - *rcount = LOAD(realloc_count); - if (fcount != NULL) - *fcount = LOAD(free_count); -} - -/* - * Parse a "malloc failure spec" string. This likes like a set of fields - * separated by semicolons. Each field has a count and an optional failure - * percentage. For example: - * 100@0;100@25;0@0 - * or 100;100@25;0 - * This means 100 mallocs succeed, then next 100 fail 25% of the time, and - * all remaining (count is zero) succeed. - */ -static void parseit(void) -{ - char *semi = strchr(md_failstring, ';'); - char *atsign; - - if (semi != NULL) - *semi++ = '\0'; - - /* Get the count (atol will stop at the @ if there), and percentage */ - md_count = atol(md_failstring); - atsign = strchr(md_failstring, '@'); - md_fail_percent = atsign == NULL ? 0 : atoi(atsign + 1); - - if (semi != NULL) - md_failstring = semi; -} - -/* - * Windows doesn't have random(), but it has rand() - * Some rand() implementations aren't good, but we're not - * dealing with secure randomness here. - */ -# ifdef _WIN32 -# define random() rand() -# endif -/* - * See if the current malloc should fail. - */ -static int shouldfail(void) -{ - int roll = (int)(random() % 100); - int shoulditfail = roll < md_fail_percent; -# ifndef _WIN32 -/* suppressed on Windows as POSIX-like file descriptors are non-inheritable */ - int len; - char buff[80]; - - if (md_tracefd > 0) { - BIO_snprintf(buff, sizeof(buff), - "%c C%ld %%%d R%d\n", - shoulditfail ? '-' : '+', md_count, md_fail_percent, roll); - len = strlen(buff); - if (write(md_tracefd, buff, len) != len) - perror("shouldfail write failed"); - } -# endif - - if (md_count) { - /* If we used up this one, go to the next. */ - if (--md_count == 0) - parseit(); - } - - return shoulditfail; -} - -void ossl_malloc_setup_failures(void) -{ - const char *cp = getenv("OPENSSL_MALLOC_FAILURES"); - - if (cp != NULL && (md_failstring = strdup(cp)) != NULL) - parseit(); - if ((cp = getenv("OPENSSL_MALLOC_FD")) != NULL) - md_tracefd = atoi(cp); -} -#endif - -void *CRYPTO_malloc(size_t num, const char *file, int line) -{ - INCREMENT(malloc_count); - if (malloc_impl != CRYPTO_malloc) - return malloc_impl(num, file, line); - - if (num == 0) - return NULL; - - FAILTEST(); - if (allow_customize) { - /* - * Disallow customization after the first allocation. We only set this - * if necessary to avoid a store to the same cache line on every - * allocation. - */ - allow_customize = 0; - } - - return malloc(num); -} - -void *CRYPTO_zalloc(size_t num, const char *file, int line) -{ - void *ret; - - ret = CRYPTO_malloc(num, file, line); - FAILTEST(); - if (ret != NULL) - memset(ret, 0, num); - - return ret; -} - -void *CRYPTO_realloc(void *str, size_t num, const char *file, int line) -{ - INCREMENT(realloc_count); - if (realloc_impl != CRYPTO_realloc) - return realloc_impl(str, num, file, line); - - FAILTEST(); - if (str == NULL) - return CRYPTO_malloc(num, file, line); - - if (num == 0) { - CRYPTO_free(str, file, line); - return NULL; - } - - return realloc(str, num); -} - -void *CRYPTO_clear_realloc(void *str, size_t old_len, size_t num, - const char *file, int line) -{ - void *ret = NULL; - - if (str == NULL) - return CRYPTO_malloc(num, file, line); - - if (num == 0) { - CRYPTO_clear_free(str, old_len, file, line); - return NULL; - } - - /* Can't shrink the buffer since memcpy below copies |old_len| bytes. */ - if (num < old_len) { - OPENSSL_cleanse((char*)str + num, old_len - num); - return str; - } - - ret = CRYPTO_malloc(num, file, line); - if (ret != NULL) { - memcpy(ret, str, old_len); - CRYPTO_clear_free(str, old_len, file, line); - } - return ret; -} - -void CRYPTO_free(void *str, const char *file, int line) -{ - INCREMENT(free_count); - if (free_impl != CRYPTO_free) { - free_impl(str, file, line); - return; - } - - free(str); -} - -void CRYPTO_clear_free(void *str, size_t num, const char *file, int line) -{ - if (str == NULL) - return; - if (num) - OPENSSL_cleanse(str, num); - CRYPTO_free(str, file, line); -} - -#if !defined(OPENSSL_NO_CRYPTO_MDEBUG) - -# ifndef OPENSSL_NO_DEPRECATED_3_0 -int CRYPTO_mem_ctrl(int mode) -{ - (void)mode; - return -1; -} - -int CRYPTO_set_mem_debug(int flag) -{ - (void)flag; - return -1; -} - -int CRYPTO_mem_debug_push(const char *info, const char *file, int line) -{ - (void)info; (void)file; (void)line; - return 0; -} - -int CRYPTO_mem_debug_pop(void) -{ - return 0; -} - -void CRYPTO_mem_debug_malloc(void *addr, size_t num, int flag, - const char *file, int line) -{ - (void)addr; (void)num; (void)flag; (void)file; (void)line; -} - -void CRYPTO_mem_debug_realloc(void *addr1, void *addr2, size_t num, int flag, - const char *file, int line) -{ - (void)addr1; (void)addr2; (void)num; (void)flag; (void)file; (void)line; -} - -void CRYPTO_mem_debug_free(void *addr, int flag, - const char *file, int line) -{ - (void)addr; (void)flag; (void)file; (void)line; -} - -int CRYPTO_mem_leaks(BIO *b) -{ - (void)b; - return -1; -} - -# ifndef OPENSSL_NO_STDIO -int CRYPTO_mem_leaks_fp(FILE *fp) -{ - (void)fp; - return -1; -} -# endif - -int CRYPTO_mem_leaks_cb(int (*cb)(const char *str, size_t len, void *u), - void *u) -{ - (void)cb; (void)u; - return -1; -} - -# endif - -#endif diff --git a/crypto/mem_clr.c b/crypto/mem_clr.c deleted file mode 100644 index d76ef73179d050f5517ec00cfa5abc917fc7106c..0000000000000000000000000000000000000000 --- a/crypto/mem_clr.c +++ /dev/null @@ -1,25 +0,0 @@ -/* - * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include - -/* - * Pointer to memset is volatile so that compiler must de-reference - * the pointer and can't assume that it points to any function in - * particular (such as memset, which it then might further "optimize") - */ -typedef void *(*memset_t)(void *, int, size_t); - -static volatile memset_t memset_func = memset; - -void OPENSSL_cleanse(void *ptr, size_t len) -{ - memset_func(ptr, 0, len); -} diff --git a/crypto/mem_sec.c b/crypto/mem_sec.c deleted file mode 100644 index 711d35f40962334b49f0583eb7bddfa08bb12c3d..0000000000000000000000000000000000000000 --- a/crypto/mem_sec.c +++ /dev/null @@ -1,722 +0,0 @@ -/* - * Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved. - * Copyright 2004-2014, Akamai Technologies. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * This file is in two halves. The first half implements the public API - * to be used by external consumers, and to be used by OpenSSL to store - * data in a "secure arena." The second half implements the secure arena. - * For details on that implementation, see below (look for uppercase - * "SECURE HEAP IMPLEMENTATION"). - */ -#include "e_os.h" -#include - -#include - -#ifndef OPENSSL_NO_SECURE_MEMORY -# if defined(_WIN32) -# include -# if defined(WINAPI_FAMILY_PARTITION) \ - && !WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_DESKTOP | WINAPI_PARTITION_SYSTEM) -/* - * While VirtualLock is available under the app partition (e.g. UWP), - * the headers do not define the API. Define it ourselves instead. - */ -WINBASEAPI -BOOL -WINAPI -VirtualLock( - _In_ LPVOID lpAddress, - _In_ SIZE_T dwSize - ); -# endif -# endif -# include -# include -# if defined(OPENSSL_SYS_UNIX) -# include -# endif -# include -# if defined(OPENSSL_SYS_UNIX) -# include -# if defined(__FreeBSD__) -# define MADV_DONTDUMP MADV_NOCORE -# endif -# if !defined(MAP_CONCEAL) -# define MAP_CONCEAL 0 -# endif -# endif -# if defined(OPENSSL_SYS_LINUX) -# include -# if defined(SYS_mlock2) -# include -# include -# endif -# include -# endif -# include -# include -#endif - -#define CLEAR(p, s) OPENSSL_cleanse(p, s) -#ifndef PAGE_SIZE -# define PAGE_SIZE 4096 -#endif -#if !defined(MAP_ANON) && defined(MAP_ANONYMOUS) -# define MAP_ANON MAP_ANONYMOUS -#endif - -#ifndef OPENSSL_NO_SECURE_MEMORY -static size_t secure_mem_used; - -static int secure_mem_initialized; - -static CRYPTO_RWLOCK *sec_malloc_lock = NULL; - -/* - * These are the functions that must be implemented by a secure heap (sh). - */ -static int sh_init(size_t size, size_t minsize); -static void *sh_malloc(size_t size); -static void sh_free(void *ptr); -static void sh_done(void); -static size_t sh_actual_size(char *ptr); -static int sh_allocated(const char *ptr); -#endif - -int CRYPTO_secure_malloc_init(size_t size, size_t minsize) -{ -#ifndef OPENSSL_NO_SECURE_MEMORY - int ret = 0; - - if (!secure_mem_initialized) { - sec_malloc_lock = CRYPTO_THREAD_lock_new(); - if (sec_malloc_lock == NULL) - return 0; - if ((ret = sh_init(size, minsize)) != 0) { - secure_mem_initialized = 1; - } else { - CRYPTO_THREAD_lock_free(sec_malloc_lock); - sec_malloc_lock = NULL; - } - } - - return ret; -#else - return 0; -#endif /* OPENSSL_NO_SECURE_MEMORY */ -} - -int CRYPTO_secure_malloc_done(void) -{ -#ifndef OPENSSL_NO_SECURE_MEMORY - if (secure_mem_used == 0) { - sh_done(); - secure_mem_initialized = 0; - CRYPTO_THREAD_lock_free(sec_malloc_lock); - sec_malloc_lock = NULL; - return 1; - } -#endif /* OPENSSL_NO_SECURE_MEMORY */ - return 0; -} - -int CRYPTO_secure_malloc_initialized(void) -{ -#ifndef OPENSSL_NO_SECURE_MEMORY - return secure_mem_initialized; -#else - return 0; -#endif /* OPENSSL_NO_SECURE_MEMORY */ -} - -void *CRYPTO_secure_malloc(size_t num, const char *file, int line) -{ -#ifndef OPENSSL_NO_SECURE_MEMORY - void *ret; - size_t actual_size; - - if (!secure_mem_initialized) { - return CRYPTO_malloc(num, file, line); - } - if (!CRYPTO_THREAD_write_lock(sec_malloc_lock)) - return NULL; - ret = sh_malloc(num); - actual_size = ret ? sh_actual_size(ret) : 0; - secure_mem_used += actual_size; - CRYPTO_THREAD_unlock(sec_malloc_lock); - return ret; -#else - return CRYPTO_malloc(num, file, line); -#endif /* OPENSSL_NO_SECURE_MEMORY */ -} - -void *CRYPTO_secure_zalloc(size_t num, const char *file, int line) -{ -#ifndef OPENSSL_NO_SECURE_MEMORY - if (secure_mem_initialized) - /* CRYPTO_secure_malloc() zeroes allocations when it is implemented */ - return CRYPTO_secure_malloc(num, file, line); -#endif - return CRYPTO_zalloc(num, file, line); -} - -void CRYPTO_secure_free(void *ptr, const char *file, int line) -{ -#ifndef OPENSSL_NO_SECURE_MEMORY - size_t actual_size; - - if (ptr == NULL) - return; - if (!CRYPTO_secure_allocated(ptr)) { - CRYPTO_free(ptr, file, line); - return; - } - if (!CRYPTO_THREAD_write_lock(sec_malloc_lock)) - return; - actual_size = sh_actual_size(ptr); - CLEAR(ptr, actual_size); - secure_mem_used -= actual_size; - sh_free(ptr); - CRYPTO_THREAD_unlock(sec_malloc_lock); -#else - CRYPTO_free(ptr, file, line); -#endif /* OPENSSL_NO_SECURE_MEMORY */ -} - -void CRYPTO_secure_clear_free(void *ptr, size_t num, - const char *file, int line) -{ -#ifndef OPENSSL_NO_SECURE_MEMORY - size_t actual_size; - - if (ptr == NULL) - return; - if (!CRYPTO_secure_allocated(ptr)) { - OPENSSL_cleanse(ptr, num); - CRYPTO_free(ptr, file, line); - return; - } - if (!CRYPTO_THREAD_write_lock(sec_malloc_lock)) - return; - actual_size = sh_actual_size(ptr); - CLEAR(ptr, actual_size); - secure_mem_used -= actual_size; - sh_free(ptr); - CRYPTO_THREAD_unlock(sec_malloc_lock); -#else - if (ptr == NULL) - return; - OPENSSL_cleanse(ptr, num); - CRYPTO_free(ptr, file, line); -#endif /* OPENSSL_NO_SECURE_MEMORY */ -} - -int CRYPTO_secure_allocated(const void *ptr) -{ -#ifndef OPENSSL_NO_SECURE_MEMORY - if (!secure_mem_initialized) - return 0; - /* - * Only read accesses to the arena take place in sh_allocated() and this - * is only changed by the sh_init() and sh_done() calls which are not - * locked. Hence, it is safe to make this check without a lock too. - */ - return sh_allocated(ptr); -#else - return 0; -#endif /* OPENSSL_NO_SECURE_MEMORY */ -} - -size_t CRYPTO_secure_used(void) -{ -#ifndef OPENSSL_NO_SECURE_MEMORY - return secure_mem_used; -#else - return 0; -#endif /* OPENSSL_NO_SECURE_MEMORY */ -} - -size_t CRYPTO_secure_actual_size(void *ptr) -{ -#ifndef OPENSSL_NO_SECURE_MEMORY - size_t actual_size; - - if (!CRYPTO_THREAD_write_lock(sec_malloc_lock)) - return 0; - actual_size = sh_actual_size(ptr); - CRYPTO_THREAD_unlock(sec_malloc_lock); - return actual_size; -#else - return 0; -#endif -} - -/* - * SECURE HEAP IMPLEMENTATION - */ -#ifndef OPENSSL_NO_SECURE_MEMORY - - -/* - * The implementation provided here uses a fixed-sized mmap() heap, - * which is locked into memory, not written to core files, and protected - * on either side by an unmapped page, which will catch pointer overruns - * (or underruns) and an attempt to read data out of the secure heap. - * Free'd memory is zero'd or otherwise cleansed. - * - * This is a pretty standard buddy allocator. We keep areas in a multiple - * of "sh.minsize" units. The freelist and bitmaps are kept separately, - * so all (and only) data is kept in the mmap'd heap. - * - * This code assumes eight-bit bytes. The numbers 3 and 7 are all over the - * place. - */ - -#define ONE ((size_t)1) - -# define TESTBIT(t, b) (t[(b) >> 3] & (ONE << ((b) & 7))) -# define SETBIT(t, b) (t[(b) >> 3] |= (ONE << ((b) & 7))) -# define CLEARBIT(t, b) (t[(b) >> 3] &= (0xFF & ~(ONE << ((b) & 7)))) - -#define WITHIN_ARENA(p) \ - ((char*)(p) >= sh.arena && (char*)(p) < &sh.arena[sh.arena_size]) -#define WITHIN_FREELIST(p) \ - ((char*)(p) >= (char*)sh.freelist && (char*)(p) < (char*)&sh.freelist[sh.freelist_size]) - - -typedef struct sh_list_st -{ - struct sh_list_st *next; - struct sh_list_st **p_next; -} SH_LIST; - -typedef struct sh_st -{ - char* map_result; - size_t map_size; - char *arena; - size_t arena_size; - char **freelist; - ossl_ssize_t freelist_size; - size_t minsize; - unsigned char *bittable; - unsigned char *bitmalloc; - size_t bittable_size; /* size in bits */ -} SH; - -static SH sh; - -static size_t sh_getlist(char *ptr) -{ - ossl_ssize_t list = sh.freelist_size - 1; - size_t bit = (sh.arena_size + ptr - sh.arena) / sh.minsize; - - for (; bit; bit >>= 1, list--) { - if (TESTBIT(sh.bittable, bit)) - break; - OPENSSL_assert((bit & 1) == 0); - } - - return list; -} - - -static int sh_testbit(char *ptr, int list, unsigned char *table) -{ - size_t bit; - - OPENSSL_assert(list >= 0 && list < sh.freelist_size); - OPENSSL_assert(((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0); - bit = (ONE << list) + ((ptr - sh.arena) / (sh.arena_size >> list)); - OPENSSL_assert(bit > 0 && bit < sh.bittable_size); - return TESTBIT(table, bit); -} - -static void sh_clearbit(char *ptr, int list, unsigned char *table) -{ - size_t bit; - - OPENSSL_assert(list >= 0 && list < sh.freelist_size); - OPENSSL_assert(((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0); - bit = (ONE << list) + ((ptr - sh.arena) / (sh.arena_size >> list)); - OPENSSL_assert(bit > 0 && bit < sh.bittable_size); - OPENSSL_assert(TESTBIT(table, bit)); - CLEARBIT(table, bit); -} - -static void sh_setbit(char *ptr, int list, unsigned char *table) -{ - size_t bit; - - OPENSSL_assert(list >= 0 && list < sh.freelist_size); - OPENSSL_assert(((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0); - bit = (ONE << list) + ((ptr - sh.arena) / (sh.arena_size >> list)); - OPENSSL_assert(bit > 0 && bit < sh.bittable_size); - OPENSSL_assert(!TESTBIT(table, bit)); - SETBIT(table, bit); -} - -static void sh_add_to_list(char **list, char *ptr) -{ - SH_LIST *temp; - - OPENSSL_assert(WITHIN_FREELIST(list)); - OPENSSL_assert(WITHIN_ARENA(ptr)); - - temp = (SH_LIST *)ptr; - temp->next = *(SH_LIST **)list; - OPENSSL_assert(temp->next == NULL || WITHIN_ARENA(temp->next)); - temp->p_next = (SH_LIST **)list; - - if (temp->next != NULL) { - OPENSSL_assert((char **)temp->next->p_next == list); - temp->next->p_next = &(temp->next); - } - - *list = ptr; -} - -static void sh_remove_from_list(char *ptr) -{ - SH_LIST *temp, *temp2; - - temp = (SH_LIST *)ptr; - if (temp->next != NULL) - temp->next->p_next = temp->p_next; - *temp->p_next = temp->next; - if (temp->next == NULL) - return; - - temp2 = temp->next; - OPENSSL_assert(WITHIN_FREELIST(temp2->p_next) || WITHIN_ARENA(temp2->p_next)); -} - - -static int sh_init(size_t size, size_t minsize) -{ - int ret; - size_t i; - size_t pgsize; - size_t aligned; -#if defined(_WIN32) - DWORD flOldProtect; - SYSTEM_INFO systemInfo; -#endif - - memset(&sh, 0, sizeof(sh)); - - /* make sure size is a powers of 2 */ - OPENSSL_assert(size > 0); - OPENSSL_assert((size & (size - 1)) == 0); - if (size == 0 || (size & (size - 1)) != 0) - goto err; - - if (minsize <= sizeof(SH_LIST)) { - OPENSSL_assert(sizeof(SH_LIST) <= 65536); - /* - * Compute the minimum possible allocation size. - * This must be a power of 2 and at least as large as the SH_LIST - * structure. - */ - minsize = sizeof(SH_LIST) - 1; - minsize |= minsize >> 1; - minsize |= minsize >> 2; - if (sizeof(SH_LIST) > 16) - minsize |= minsize >> 4; - if (sizeof(SH_LIST) > 256) - minsize |= minsize >> 8; - minsize++; - } else { - /* make sure minsize is a powers of 2 */ - OPENSSL_assert((minsize & (minsize - 1)) == 0); - if ((minsize & (minsize - 1)) != 0) - goto err; - } - - sh.arena_size = size; - sh.minsize = minsize; - sh.bittable_size = (sh.arena_size / sh.minsize) * 2; - - /* Prevent allocations of size 0 later on */ - if (sh.bittable_size >> 3 == 0) - goto err; - - sh.freelist_size = -1; - for (i = sh.bittable_size; i; i >>= 1) - sh.freelist_size++; - - sh.freelist = OPENSSL_zalloc(sh.freelist_size * sizeof(char *)); - OPENSSL_assert(sh.freelist != NULL); - if (sh.freelist == NULL) - goto err; - - sh.bittable = OPENSSL_zalloc(sh.bittable_size >> 3); - OPENSSL_assert(sh.bittable != NULL); - if (sh.bittable == NULL) - goto err; - - sh.bitmalloc = OPENSSL_zalloc(sh.bittable_size >> 3); - OPENSSL_assert(sh.bitmalloc != NULL); - if (sh.bitmalloc == NULL) - goto err; - - /* Allocate space for heap, and two extra pages as guards */ -#if defined(_SC_PAGE_SIZE) || defined (_SC_PAGESIZE) - { -# if defined(_SC_PAGE_SIZE) - long tmppgsize = sysconf(_SC_PAGE_SIZE); -# else - long tmppgsize = sysconf(_SC_PAGESIZE); -# endif - if (tmppgsize < 1) - pgsize = PAGE_SIZE; - else - pgsize = (size_t)tmppgsize; - } -#elif defined(_WIN32) - GetSystemInfo(&systemInfo); - pgsize = (size_t)systemInfo.dwPageSize; -#else - pgsize = PAGE_SIZE; -#endif - sh.map_size = pgsize + sh.arena_size + pgsize; - -#if !defined(_WIN32) -# ifdef MAP_ANON - sh.map_result = mmap(NULL, sh.map_size, - PROT_READ|PROT_WRITE, MAP_ANON|MAP_PRIVATE|MAP_CONCEAL, -1, 0); -# else - { - int fd; - - sh.map_result = MAP_FAILED; - if ((fd = open("/dev/zero", O_RDWR)) >= 0) { - sh.map_result = mmap(NULL, sh.map_size, - PROT_READ|PROT_WRITE, MAP_PRIVATE, fd, 0); - close(fd); - } - } -# endif - if (sh.map_result == MAP_FAILED) - goto err; -#else - sh.map_result = VirtualAlloc(NULL, sh.map_size, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE); - - if (sh.map_result == NULL) - goto err; -#endif - - sh.arena = (char *)(sh.map_result + pgsize); - sh_setbit(sh.arena, 0, sh.bittable); - sh_add_to_list(&sh.freelist[0], sh.arena); - - /* Now try to add guard pages and lock into memory. */ - ret = 1; - -#if !defined(_WIN32) - /* Starting guard is already aligned from mmap. */ - if (mprotect(sh.map_result, pgsize, PROT_NONE) < 0) - ret = 2; -#else - if (VirtualProtect(sh.map_result, pgsize, PAGE_NOACCESS, &flOldProtect) == FALSE) - ret = 2; -#endif - - /* Ending guard page - need to round up to page boundary */ - aligned = (pgsize + sh.arena_size + (pgsize - 1)) & ~(pgsize - 1); -#if !defined(_WIN32) - if (mprotect(sh.map_result + aligned, pgsize, PROT_NONE) < 0) - ret = 2; -#else - if (VirtualProtect(sh.map_result + aligned, pgsize, PAGE_NOACCESS, &flOldProtect) == FALSE) - ret = 2; -#endif - -#if defined(OPENSSL_SYS_LINUX) && defined(MLOCK_ONFAULT) && defined(SYS_mlock2) - if (syscall(SYS_mlock2, sh.arena, sh.arena_size, MLOCK_ONFAULT) < 0) { - if (errno == ENOSYS) { - if (mlock(sh.arena, sh.arena_size) < 0) - ret = 2; - } else { - ret = 2; - } - } -#elif defined(_WIN32) - if (VirtualLock(sh.arena, sh.arena_size) == FALSE) - ret = 2; -#else - if (mlock(sh.arena, sh.arena_size) < 0) - ret = 2; -#endif -#ifdef MADV_DONTDUMP - if (madvise(sh.arena, sh.arena_size, MADV_DONTDUMP) < 0) - ret = 2; -#endif - - return ret; - - err: - sh_done(); - return 0; -} - -static void sh_done(void) -{ - OPENSSL_free(sh.freelist); - OPENSSL_free(sh.bittable); - OPENSSL_free(sh.bitmalloc); -#if !defined(_WIN32) - if (sh.map_result != MAP_FAILED && sh.map_size) - munmap(sh.map_result, sh.map_size); -#else - if (sh.map_result != NULL && sh.map_size) - VirtualFree(sh.map_result, 0, MEM_RELEASE); -#endif - memset(&sh, 0, sizeof(sh)); -} - -static int sh_allocated(const char *ptr) -{ - return WITHIN_ARENA(ptr) ? 1 : 0; -} - -static char *sh_find_my_buddy(char *ptr, int list) -{ - size_t bit; - char *chunk = NULL; - - bit = (ONE << list) + (ptr - sh.arena) / (sh.arena_size >> list); - bit ^= 1; - - if (TESTBIT(sh.bittable, bit) && !TESTBIT(sh.bitmalloc, bit)) - chunk = sh.arena + ((bit & ((ONE << list) - 1)) * (sh.arena_size >> list)); - - return chunk; -} - -static void *sh_malloc(size_t size) -{ - ossl_ssize_t list, slist; - size_t i; - char *chunk; - - if (size > sh.arena_size) - return NULL; - - list = sh.freelist_size - 1; - for (i = sh.minsize; i < size; i <<= 1) - list--; - if (list < 0) - return NULL; - - /* try to find a larger entry to split */ - for (slist = list; slist >= 0; slist--) - if (sh.freelist[slist] != NULL) - break; - if (slist < 0) - return NULL; - - /* split larger entry */ - while (slist != list) { - char *temp = sh.freelist[slist]; - - /* remove from bigger list */ - OPENSSL_assert(!sh_testbit(temp, slist, sh.bitmalloc)); - sh_clearbit(temp, slist, sh.bittable); - sh_remove_from_list(temp); - OPENSSL_assert(temp != sh.freelist[slist]); - - /* done with bigger list */ - slist++; - - /* add to smaller list */ - OPENSSL_assert(!sh_testbit(temp, slist, sh.bitmalloc)); - sh_setbit(temp, slist, sh.bittable); - sh_add_to_list(&sh.freelist[slist], temp); - OPENSSL_assert(sh.freelist[slist] == temp); - - /* split in 2 */ - temp += sh.arena_size >> slist; - OPENSSL_assert(!sh_testbit(temp, slist, sh.bitmalloc)); - sh_setbit(temp, slist, sh.bittable); - sh_add_to_list(&sh.freelist[slist], temp); - OPENSSL_assert(sh.freelist[slist] == temp); - - OPENSSL_assert(temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist)); - } - - /* peel off memory to hand back */ - chunk = sh.freelist[list]; - OPENSSL_assert(sh_testbit(chunk, list, sh.bittable)); - sh_setbit(chunk, list, sh.bitmalloc); - sh_remove_from_list(chunk); - - OPENSSL_assert(WITHIN_ARENA(chunk)); - - /* zero the free list header as a precaution against information leakage */ - memset(chunk, 0, sizeof(SH_LIST)); - - return chunk; -} - -static void sh_free(void *ptr) -{ - size_t list; - void *buddy; - - if (ptr == NULL) - return; - OPENSSL_assert(WITHIN_ARENA(ptr)); - if (!WITHIN_ARENA(ptr)) - return; - - list = sh_getlist(ptr); - OPENSSL_assert(sh_testbit(ptr, list, sh.bittable)); - sh_clearbit(ptr, list, sh.bitmalloc); - sh_add_to_list(&sh.freelist[list], ptr); - - /* Try to coalesce two adjacent free areas. */ - while ((buddy = sh_find_my_buddy(ptr, list)) != NULL) { - OPENSSL_assert(ptr == sh_find_my_buddy(buddy, list)); - OPENSSL_assert(ptr != NULL); - OPENSSL_assert(!sh_testbit(ptr, list, sh.bitmalloc)); - sh_clearbit(ptr, list, sh.bittable); - sh_remove_from_list(ptr); - OPENSSL_assert(!sh_testbit(ptr, list, sh.bitmalloc)); - sh_clearbit(buddy, list, sh.bittable); - sh_remove_from_list(buddy); - - list--; - - /* Zero the higher addressed block's free list pointers */ - memset(ptr > buddy ? ptr : buddy, 0, sizeof(SH_LIST)); - if (ptr > buddy) - ptr = buddy; - - OPENSSL_assert(!sh_testbit(ptr, list, sh.bitmalloc)); - sh_setbit(ptr, list, sh.bittable); - sh_add_to_list(&sh.freelist[list], ptr); - OPENSSL_assert(sh.freelist[list] == ptr); - } -} - -static size_t sh_actual_size(char *ptr) -{ - int list; - - OPENSSL_assert(WITHIN_ARENA(ptr)); - if (!WITHIN_ARENA(ptr)) - return 0; - list = sh_getlist(ptr); - OPENSSL_assert(sh_testbit(ptr, list, sh.bittable)); - return sh.arena_size / (ONE << list); -} -#endif /* OPENSSL_NO_SECURE_MEMORY */ diff --git a/crypto/mips_arch.h b/crypto/mips_arch.h deleted file mode 100644 index 12a27615f14f7916e92f8a7f997dea8ef0ebd6c5..0000000000000000000000000000000000000000 --- a/crypto/mips_arch.h +++ /dev/null @@ -1,40 +0,0 @@ -/* - * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#ifndef OSSL_CRYPTO_MIPS_ARCH_H -# define OSSL_CRYPTO_MIPS_ARCH_H - -# if (defined(__mips_smartmips) || defined(_MIPS_ARCH_MIPS32R3) || \ - defined(_MIPS_ARCH_MIPS32R5) || defined(_MIPS_ARCH_MIPS32R6)) \ - && !defined(_MIPS_ARCH_MIPS32R2) -# define _MIPS_ARCH_MIPS32R2 -# endif - -# if (defined(_MIPS_ARCH_MIPS64R3) || defined(_MIPS_ARCH_MIPS64R5) || \ - defined(_MIPS_ARCH_MIPS64R6)) \ - && !defined(_MIPS_ARCH_MIPS64R2) -# define _MIPS_ARCH_MIPS64R2 -# endif - -# if defined(_MIPS_ARCH_MIPS64R6) -# define dmultu(rs,rt) -# define mflo(rd,rs,rt) dmulu rd,rs,rt -# define mfhi(rd,rs,rt) dmuhu rd,rs,rt -# elif defined(_MIPS_ARCH_MIPS32R6) -# define multu(rs,rt) -# define mflo(rd,rs,rt) mulu rd,rs,rt -# define mfhi(rd,rs,rt) muhu rd,rs,rt -# else -# define dmultu(rs,rt) dmultu rs,rt -# define multu(rs,rt) multu rs,rt -# define mflo(rd,rs,rt) mflo rd -# define mfhi(rd,rs,rt) mfhi rd -# endif - -#endif diff --git a/crypto/modes/asm/aes-gcm-armv8_64.pl b/crypto/modes/asm/aes-gcm-armv8_64.pl deleted file mode 100755 index 3b9d5b6511930aa212120079c11f914b38a669ee..0000000000000000000000000000000000000000 --- a/crypto/modes/asm/aes-gcm-armv8_64.pl +++ /dev/null @@ -1,5722 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - -# -#======================================================================== -# Written by Fangming Fang for the OpenSSL project, -# derived from https://github.com/ARM-software/AArch64cryptolib, original -# author Samuel Lee . The module is, however, dual -# licensed under OpenSSL and CRYPTOGAMS licenses depending on where you -# obtain it. For further details see http://www.openssl.org/~appro/cryptogams/. -#======================================================================== -# -# Approach - assume we don't want to reload constants, so reserve ~half of vector register file for constants -# -# main loop to act on 4 16B blocks per iteration, and then do modulo of the accumulated intermediate hashes from the 4 blocks -# -# ____________________________________________________ -# | | -# | PRE | -# |____________________________________________________| -# | | | | -# | CTR block 4k+8 | AES block 4k+4 | GHASH block 4k+0 | -# |________________|________________|__________________| -# | | | | -# | CTR block 4k+9 | AES block 4k+5 | GHASH block 4k+1 | -# |________________|________________|__________________| -# | | | | -# | CTR block 4k+10| AES block 4k+6 | GHASH block 4k+2 | -# |________________|________________|__________________| -# | | | | -# | CTR block 4k+11| AES block 4k+7 | GHASH block 4k+3 | -# |________________|____(mostly)____|__________________| -# | | -# | MODULO | -# |____________________________________________________| -# -# PRE: -# Ensure previous generated intermediate hash is aligned and merged with result for GHASH 4k+0 -# EXT low_acc, low_acc, low_acc, #8 -# EOR res_curr (4k+0), res_curr (4k+0), low_acc -# -# CTR block: -# Increment and byte reverse counter in scalar registers and transfer to SIMD registers -# REV ctr32, rev_ctr32 -# ORR ctr64, constctr96_top32, ctr32, LSL #32 -# INS ctr_next.d[0], constctr96_bottom64 // Keeping this in scalar registers to free up space in SIMD RF -# INS ctr_next.d[1], ctr64X -# ADD rev_ctr32, #1 -# -# AES block: -# Do AES encryption/decryption on CTR block X and EOR it with input block X. Take 256 bytes key below for example. -# Doing small trick here of loading input in scalar registers, EORing with last key and then transferring -# Given we are very constrained in our ASIMD registers this is quite important -# -# Encrypt: -# LDR input_low, [ input_ptr ], #8 -# LDR input_high, [ input_ptr ], #8 -# EOR input_low, k14_low -# EOR input_high, k14_high -# INS res_curr.d[0], input_low -# INS res_curr.d[1], input_high -# AESE ctr_curr, k0; AESMC ctr_curr, ctr_curr -# AESE ctr_curr, k1; AESMC ctr_curr, ctr_curr -# AESE ctr_curr, k2; AESMC ctr_curr, ctr_curr -# AESE ctr_curr, k3; AESMC ctr_curr, ctr_curr -# AESE ctr_curr, k4; AESMC ctr_curr, ctr_curr -# AESE ctr_curr, k5; AESMC ctr_curr, ctr_curr -# AESE ctr_curr, k6; AESMC ctr_curr, ctr_curr -# AESE ctr_curr, k7; AESMC ctr_curr, ctr_curr -# AESE ctr_curr, k8; AESMC ctr_curr, ctr_curr -# AESE ctr_curr, k9; AESMC ctr_curr, ctr_curr -# AESE ctr_curr, k10; AESMC ctr_curr, ctr_curr -# AESE ctr_curr, k11; AESMC ctr_curr, ctr_curr -# AESE ctr_curr, k12; AESMC ctr_curr, ctr_curr -# AESE ctr_curr, k13 -# EOR res_curr, res_curr, ctr_curr -# ST1 { res_curr.16b }, [ output_ptr ], #16 -# -# Decrypt: -# AESE ctr_curr, k0; AESMC ctr_curr, ctr_curr -# AESE ctr_curr, k1; AESMC ctr_curr, ctr_curr -# AESE ctr_curr, k2; AESMC ctr_curr, ctr_curr -# AESE ctr_curr, k3; AESMC ctr_curr, ctr_curr -# AESE ctr_curr, k4; AESMC ctr_curr, ctr_curr -# AESE ctr_curr, k5; AESMC ctr_curr, ctr_curr -# AESE ctr_curr, k6; AESMC ctr_curr, ctr_curr -# AESE ctr_curr, k7; AESMC ctr_curr, ctr_curr -# AESE ctr_curr, k8; AESMC ctr_curr, ctr_curr -# AESE ctr_curr, k9; AESMC ctr_curr, ctr_curr -# AESE ctr_curr, k10; AESMC ctr_curr, ctr_curr -# AESE ctr_curr, k11; AESMC ctr_curr, ctr_curr -# AESE ctr_curr, k12; AESMC ctr_curr, ctr_curr -# AESE ctr_curr, k13 -# LDR res_curr, [ input_ptr ], #16 -# EOR res_curr, res_curr, ctr_curr -# MOV output_low, res_curr.d[0] -# MOV output_high, res_curr.d[1] -# EOR output_low, k14_low -# EOR output_high, k14_high -# STP output_low, output_high, [ output_ptr ], #16 -# -# GHASH block X: -# do 128b karatsuba polynomial multiplication on block -# We only have 64b->128b polynomial multipliers, naively that means we need to do 4 64b multiplies to generate a 128b -# -# multiplication: -# Pmull(A,B) == (Pmull(Ah,Bh)<<128 | Pmull(Al,Bl)) ^ (Pmull(Ah,Bl) ^ Pmull(Al,Bh))<<64 -# -# The idea behind Karatsuba multiplication is that we can do just 3 64b multiplies: -# Pmull(A,B) == (Pmull(Ah,Bh)<<128 | Pmull(Al,Bl)) ^ (Pmull(Ah^Al,Bh^Bl) ^ Pmull(Ah,Bh) ^ Pmull(Al,Bl))<<64 -# -# There is some complication here because the bit order of GHASH's PMULL is reversed compared to elsewhere, so we are -# multiplying with "twisted" powers of H -# -# Note: We can PMULL directly into the acc_x in first GHASH of the loop -# Note: For scheduling big cores we want to split the processing to happen over two loop iterations - otherwise the critical -# path latency dominates the performance -# -# This has a knock on effect on register pressure, so we have to be a bit more clever with our temporary registers -# than indicated here -# REV64 res_curr, res_curr -# INS t_m.d[0], res_curr.d[1] -# EOR t_m.8B, t_m.8B, res_curr.8B -# PMULL2 t_h, res_curr, HX -# PMULL t_l, res_curr, HX -# PMULL t_m, t_m, HX_k -# EOR acc_h, acc_h, t_h -# EOR acc_l, acc_l, t_l -# EOR acc_m, acc_m, t_m -# -# MODULO: take the partial accumulators (~representing sum of 256b multiplication results), from GHASH and do modulo reduction on them -# There is some complication here because the bit order of GHASH's PMULL is reversed compared to elsewhere, so we are doing modulo -# with a reversed constant -# EOR acc_m, acc_m, acc_h -# EOR acc_m, acc_m, acc_l // Finish off karatsuba processing -# PMULL t_mod, acc_h, mod_constant -# EXT acc_h, acc_h, acc_h, #8 -# EOR acc_m, acc_m, acc_h -# EOR acc_m, acc_m, t_mod -# PMULL acc_h, acc_m, mod_constant -# EXT acc_m, acc_m, acc_m, #8 -# EOR acc_l, acc_l, acc_h -# EOR acc_l, acc_l, acc_m - -$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; -$flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef; - -$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; -( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or -( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate ) or -die "can't locate arm-xlate.pl"; - -open OUT,"| \"$^X\" $xlate $flavour $output"; -*STDOUT=*OUT; - -$input_ptr="x0"; #argument block -$bit_length="x1"; -$output_ptr="x2"; -$current_tag="x3"; -$counter="x16"; -$cc="x8"; - -{ -my ($end_input_ptr,$main_end_input_ptr,$input_l0,$input_h0)=map("x$_",(4..7)); -my ($input_l1,$input_h1,$input_l2,$input_h2,$input_l3,$input_h3)=map("x$_",(19..24)); -my ($output_l1,$output_h1,$output_l2,$output_h2,$output_l3,$output_h3)=map("x$_",(19..24)); -my ($output_l0,$output_h0)=map("x$_",(6..7)); - -my $ctr32w="w9"; -my ($ctr32x,$ctr96_b64x,$ctr96_t32x,$rctr32x,$rk10_l,$rk10_h,$len)=map("x$_",(9..15)); -my ($ctr96_t32w,$rctr32w)=map("w$_",(11..12)); - -my ($ctr0b,$ctr1b,$ctr2b,$ctr3b,$res0b,$res1b,$res2b,$res3b)=map("v$_.16b",(0..7)); -my ($ctr0,$ctr1,$ctr2,$ctr3,$res0,$res1,$res2,$res3)=map("v$_",(0..7)); -my ($ctr0d,$ctr1d,$ctr2d,$ctr3d,$res0d,$res1d,$res2d,$res3d)=map("d$_",(0..7)); -my ($res0q,$res1q,$res2q,$res3q)=map("q$_",(4..7)); - -my ($acc_hb,$acc_mb,$acc_lb)=map("v$_.16b",(9..11)); -my ($acc_h,$acc_m,$acc_l)=map("v$_",(9..11)); -my ($acc_hd,$acc_md,$acc_ld)=map("d$_",(9..11)); - -my ($h1,$h2,$h3,$h4,$h12k,$h34k)=map("v$_",(12..17)); -my ($h1q,$h2q,$h3q,$h4q)=map("q$_",(12..15)); -my ($h1b,$h2b,$h3b,$h4b)=map("v$_.16b",(12..15)); - -my $t0="v8"; -my $t0d="d8"; - -my ($t1,$t2,$t3)=map("v$_",(28..30)); -my ($t1d,$t2d,$t3d)=map("d$_",(28..30)); - -my $t4="v8"; -my $t4d="d8"; -my $t5="v28"; -my $t5d="d28"; -my $t6="v31"; -my $t6d="d31"; - -my $t7="v4"; -my $t7d="d4"; -my $t8="v29"; -my $t8d="d29"; -my $t9="v30"; -my $t9d="d30"; - -my ($ctr_t0,$ctr_t1,$ctr_t2,$ctr_t3)=map("v$_",(4..7)); -my ($ctr_t0d,$ctr_t1d,$ctr_t2d,$ctr_t3d)=map("d$_",(4..7)); -my ($ctr_t0b,$ctr_t1b,$ctr_t2b,$ctr_t3b)=map("v$_.16b",(4..7)); - -my $mod_constantd="d8"; -my $mod_constant="v8"; -my $mod_t="v31"; - -my ($rk0,$rk1,$rk2,$rk3,$rk4,$rk5,$rk6,$rk7,$rk8,$rk9)=map("v$_.16b",(18..27)); -my ($rk0q,$rk1q,$rk2q,$rk3q,$rk4q,$rk5q,$rk6q,$rk7q,$rk8q,$rk9q)=map("q$_",(18..27)); -my $rk2q1="v20.1q"; -my $rk3q1="v21.1q"; -my $rk4v="v22"; -my $rk4d="d22"; - -$code=<<___; -#include "arm_arch.h" - -#if __ARM_MAX_ARCH__>=8 -___ -$code.=".arch armv8-a+crypto\n.text\n" if ($flavour =~ /64/); -$code.=<<___ if ($flavour !~ /64/); -.fpu neon -#ifdef __thumb2__ -.syntax unified -.thumb -# define INST(a,b,c,d) $_byte c,0xef,a,b -#else -.code 32 -# define INST(a,b,c,d) $_byte a,b,c,0xf2 -#endif - -.text -___ - -######################################################################################### -# size_t aes_gcm_enc_128_kernel(const unsigned char *in, -# size_t len, -# unsigned char *out, -# const void *key, -# unsigned char ivec[16], -# u64 *Xi); -# -$code.=<<___; -.global aes_gcm_enc_128_kernel -.type aes_gcm_enc_128_kernel,%function -.align 4 -aes_gcm_enc_128_kernel: - cbz x1, .L128_enc_ret - stp x19, x20, [sp, #-112]! - mov x16, x4 - mov x8, x5 - stp x21, x22, [sp, #16] - stp x23, x24, [sp, #32] - stp d8, d9, [sp, #48] - stp d10, d11, [sp, #64] - stp d12, d13, [sp, #80] - stp d14, d15, [sp, #96] - - ldp $ctr96_b64x, $ctr96_t32x, [$counter] @ ctr96_b64, ctr96_t32 - ldp $rk10_l, $rk10_h, [$cc, #160] @ load rk10 - - ld1 {$acc_lb}, [$current_tag] - ext $acc_lb, $acc_lb, $acc_lb, #8 - rev64 $acc_lb, $acc_lb - lsr $main_end_input_ptr, $bit_length, #3 @ byte_len - mov $len, $main_end_input_ptr - - ldr $rk9q, [$cc, #144] @ load rk9 - add $end_input_ptr, $input_ptr, $bit_length, lsr #3 @ end_input_ptr - sub $main_end_input_ptr, $main_end_input_ptr, #1 @ byte_len - 1 - - lsr $rctr32x, $ctr96_t32x, #32 - ldr $h4q, [$current_tag, #112] @ load h4l | h4h - ext $h4b, $h4b, $h4b, #8 - - fmov $ctr1d, $ctr96_b64x @ CTR block 1 - rev $rctr32w, $rctr32w @ rev_ctr32 - - add $rctr32w, $rctr32w, #1 @ increment rev_ctr32 - orr $ctr96_t32w, $ctr96_t32w, $ctr96_t32w - ldr $rk0q, [$cc, #0] @ load rk0 - - rev $ctr32w, $rctr32w @ CTR block 1 - add $rctr32w, $rctr32w, #1 @ CTR block 1 - fmov $ctr3d, $ctr96_b64x @ CTR block 3 - - orr $ctr32x, $ctr96_t32x, $ctr32x, lsl #32 @ CTR block 1 - ld1 { $ctr0b}, [$counter] @ special case vector load initial counter so we can start first AES block as quickly as possible - - fmov $ctr1.d[1], $ctr32x @ CTR block 1 - rev $ctr32w, $rctr32w @ CTR block 2 - - fmov $ctr2d, $ctr96_b64x @ CTR block 2 - orr $ctr32x, $ctr96_t32x, $ctr32x, lsl #32 @ CTR block 2 - add $rctr32w, $rctr32w, #1 @ CTR block 2 - - fmov $ctr2.d[1], $ctr32x @ CTR block 2 - rev $ctr32w, $rctr32w @ CTR block 3 - - orr $ctr32x, $ctr96_t32x, $ctr32x, lsl #32 @ CTR block 3 - ldr $rk1q, [$cc, #16] @ load rk1 - - add $rctr32w, $rctr32w, #1 @ CTR block 3 - fmov $ctr3.d[1], $ctr32x @ CTR block 3 - - ldr $h3q, [$current_tag, #80] @ load h3l | h3h - ext $h3b, $h3b, $h3b, #8 - - aese $ctr1b, $rk0 \n aesmc $ctr1b, $ctr1b @ AES block 1 - round 0 - ldr $rk2q, [$cc, #32] @ load rk2 - - aese $ctr2b, $rk0 \n aesmc $ctr2b, $ctr2b @ AES block 2 - round 0 - ldr $h1q, [$current_tag, #32] @ load h1l | h1h - ext $h1b, $h1b, $h1b, #8 - - aese $ctr0b, $rk0 \n aesmc $ctr0b, $ctr0b @ AES block 0 - round 0 - ldr $rk8q, [$cc, #128] @ load rk8 - - aese $ctr3b, $rk0 \n aesmc $ctr3b, $ctr3b @ AES block 3 - round 0 - ldr $rk3q, [$cc, #48] @ load rk3 - - aese $ctr2b, $rk1 \n aesmc $ctr2b, $ctr2b @ AES block 2 - round 1 - trn2 $h34k.2d, $h3.2d, $h4.2d @ h4l | h3l - - aese $ctr0b, $rk1 \n aesmc $ctr0b, $ctr0b @ AES block 0 - round 1 - ldr $rk6q, [$cc, #96] @ load rk6 - - aese $ctr1b, $rk1 \n aesmc $ctr1b, $ctr1b @ AES block 1 - round 1 - ldr $rk7q, [$cc, #112] @ load rk7 - - aese $ctr3b, $rk1 \n aesmc $ctr3b, $ctr3b @ AES block 3 - round 1 - trn1 $acc_h.2d, $h3.2d, $h4.2d @ h4h | h3h - - aese $ctr0b, $rk2 \n aesmc $ctr0b, $ctr0b @ AES block 0 - round 2 - ldr $rk5q, [$cc, #80] @ load rk5 - - aese $ctr1b, $rk2 \n aesmc $ctr1b, $ctr1b @ AES block 1 - round 2 - ldr $h2q, [$current_tag, #64] @ load h2l | h2h - ext $h2b, $h2b, $h2b, #8 - - aese $ctr3b, $rk2 \n aesmc $ctr3b, $ctr3b @ AES block 3 - round 2 - - aese $ctr2b, $rk2 \n aesmc $ctr2b, $ctr2b @ AES block 2 - round 2 - eor $h34k.16b, $h34k.16b, $acc_h.16b @ h4k | h3k - - aese $ctr0b, $rk3 \n aesmc $ctr0b, $ctr0b @ AES block 0 - round 3 - - aese $ctr1b, $rk3 \n aesmc $ctr1b, $ctr1b @ AES block 1 - round 3 - - aese $ctr2b, $rk3 \n aesmc $ctr2b, $ctr2b @ AES block 2 - round 3 - ldr $rk4q, [$cc, #64] @ load rk4 - - aese $ctr3b, $rk3 \n aesmc $ctr3b, $ctr3b @ AES block 3 - round 3 - - and $main_end_input_ptr, $main_end_input_ptr, #0xffffffffffffffc0 @ number of bytes to be processed in main loop (at least 1 byte must be handled by tail) - trn2 $h12k.2d, $h1.2d, $h2.2d @ h2l | h1l - - aese $ctr3b, $rk4 \n aesmc $ctr3b, $ctr3b @ AES block 3 - round 4 - add $main_end_input_ptr, $main_end_input_ptr, $input_ptr - - aese $ctr2b, $rk4 \n aesmc $ctr2b, $ctr2b @ AES block 2 - round 4 - cmp $input_ptr, $main_end_input_ptr @ check if we have <= 4 blocks - - aese $ctr0b, $rk4 \n aesmc $ctr0b, $ctr0b @ AES block 0 - round 4 - - aese $ctr3b, $rk5 \n aesmc $ctr3b, $ctr3b @ AES block 3 - round 5 - - aese $ctr2b, $rk5 \n aesmc $ctr2b, $ctr2b @ AES block 2 - round 5 - - aese $ctr0b, $rk5 \n aesmc $ctr0b, $ctr0b @ AES block 0 - round 5 - - aese $ctr3b, $rk6 \n aesmc $ctr3b, $ctr3b @ AES block 3 - round 6 - - aese $ctr1b, $rk4 \n aesmc $ctr1b, $ctr1b @ AES block 1 - round 4 - - aese $ctr2b, $rk6 \n aesmc $ctr2b, $ctr2b @ AES block 2 - round 6 - trn1 $t0.2d, $h1.2d, $h2.2d @ h2h | h1h - - aese $ctr0b, $rk6 \n aesmc $ctr0b, $ctr0b @ AES block 0 - round 6 - - aese $ctr1b, $rk5 \n aesmc $ctr1b, $ctr1b @ AES block 1 - round 5 - - aese $ctr3b, $rk7 \n aesmc $ctr3b, $ctr3b @ AES block 3 - round 7 - - aese $ctr0b, $rk7 \n aesmc $ctr0b, $ctr0b @ AES block 0 - round 7 - - aese $ctr1b, $rk6 \n aesmc $ctr1b, $ctr1b @ AES block 1 - round 6 - - aese $ctr2b, $rk7 \n aesmc $ctr2b, $ctr2b @ AES block 2 - round 7 - - aese $ctr0b, $rk8 \n aesmc $ctr0b, $ctr0b @ AES block 0 - round 8 - - aese $ctr1b, $rk7 \n aesmc $ctr1b, $ctr1b @ AES block 1 - round 7 - - aese $ctr2b, $rk8 \n aesmc $ctr2b, $ctr2b @ AES block 2 - round 8 - - aese $ctr3b, $rk8 \n aesmc $ctr3b, $ctr3b @ AES block 3 - round 8 - - aese $ctr1b, $rk8 \n aesmc $ctr1b, $ctr1b @ AES block 1 - round 8 - - aese $ctr2b, $rk9 @ AES block 2 - round 9 - - aese $ctr0b, $rk9 @ AES block 0 - round 9 - - eor $h12k.16b, $h12k.16b, $t0.16b @ h2k | h1k - - aese $ctr1b, $rk9 @ AES block 1 - round 9 - - aese $ctr3b, $rk9 @ AES block 3 - round 9 - b.ge .L128_enc_tail @ handle tail - - ldp $input_l0, $input_h0, [$input_ptr, #0] @ AES block 0 - load plaintext - - ldp $input_l2, $input_h2, [$input_ptr, #32] @ AES block 2 - load plaintext - - ldp $input_l1, $input_h1, [$input_ptr, #16] @ AES block 1 - load plaintext - - ldp $input_l3, $input_h3, [$input_ptr, #48] @ AES block 3 - load plaintext - - eor $input_l0, $input_l0, $rk10_l @ AES block 0 - round 10 low - eor $input_h0, $input_h0, $rk10_h @ AES block 0 - round 10 high - - eor $input_l2, $input_l2, $rk10_l @ AES block 2 - round 10 low - fmov $ctr_t0d, $input_l0 @ AES block 0 - mov low - - eor $input_l1, $input_l1, $rk10_l @ AES block 1 - round 10 low - eor $input_h2, $input_h2, $rk10_h @ AES block 2 - round 10 high - fmov $ctr_t0.d[1], $input_h0 @ AES block 0 - mov high - - fmov $ctr_t1d, $input_l1 @ AES block 1 - mov low - eor $input_h1, $input_h1, $rk10_h @ AES block 1 - round 10 high - - eor $input_l3, $input_l3, $rk10_l @ AES block 3 - round 10 low - fmov $ctr_t1.d[1], $input_h1 @ AES block 1 - mov high - - fmov $ctr_t2d, $input_l2 @ AES block 2 - mov low - eor $input_h3, $input_h3, $rk10_h @ AES block 3 - round 10 high - rev $ctr32w, $rctr32w @ CTR block 4 - - fmov $ctr_t2.d[1], $input_h2 @ AES block 2 - mov high - orr $ctr32x, $ctr96_t32x, $ctr32x, lsl #32 @ CTR block 4 - - eor $res0b, $ctr_t0b, $ctr0b @ AES block 0 - result - fmov $ctr0d, $ctr96_b64x @ CTR block 4 - add $rctr32w, $rctr32w, #1 @ CTR block 4 - - fmov $ctr0.d[1], $ctr32x @ CTR block 4 - rev $ctr32w, $rctr32w @ CTR block 5 - - eor $res1b, $ctr_t1b, $ctr1b @ AES block 1 - result - fmov $ctr1d, $ctr96_b64x @ CTR block 5 - orr $ctr32x, $ctr96_t32x, $ctr32x, lsl #32 @ CTR block 5 - - add $rctr32w, $rctr32w, #1 @ CTR block 5 - add $input_ptr, $input_ptr, #64 @ AES input_ptr update - fmov $ctr1.d[1], $ctr32x @ CTR block 5 - - fmov $ctr_t3d, $input_l3 @ AES block 3 - mov low - rev $ctr32w, $rctr32w @ CTR block 6 - st1 { $res0b}, [$output_ptr], #16 @ AES block 0 - store result - - fmov $ctr_t3.d[1], $input_h3 @ AES block 3 - mov high - orr $ctr32x, $ctr96_t32x, $ctr32x, lsl #32 @ CTR block 6 - - add $rctr32w, $rctr32w, #1 @ CTR block 6 - eor $res2b, $ctr_t2b, $ctr2b @ AES block 2 - result - st1 { $res1b}, [$output_ptr], #16 @ AES block 1 - store result - - fmov $ctr2d, $ctr96_b64x @ CTR block 6 - cmp $input_ptr, $main_end_input_ptr @ check if we have <= 8 blocks - - fmov $ctr2.d[1], $ctr32x @ CTR block 6 - rev $ctr32w, $rctr32w @ CTR block 7 - st1 { $res2b}, [$output_ptr], #16 @ AES block 2 - store result - - orr $ctr32x, $ctr96_t32x, $ctr32x, lsl #32 @ CTR block 7 - - eor $res3b, $ctr_t3b, $ctr3b @ AES block 3 - result - st1 { $res3b}, [$output_ptr], #16 @ AES block 3 - store result - b.ge .L128_enc_prepretail @ do prepretail - - .L128_enc_main_loop: @ main loop start - ldp $input_l3, $input_h3, [$input_ptr, #48] @ AES block 4k+3 - load plaintext - rev64 $res0b, $res0b @ GHASH block 4k (only t0 is free) - rev64 $res2b, $res2b @ GHASH block 4k+2 (t0, t1, and t2 free) - - aese $ctr2b, $rk0 \n aesmc $ctr2b, $ctr2b @ AES block 4k+6 - round 0 - fmov $ctr3d, $ctr96_b64x @ CTR block 4k+3 - - ext $acc_lb, $acc_lb, $acc_lb, #8 @ PRE 0 - rev64 $res1b, $res1b @ GHASH block 4k+1 (t0 and t1 free) - - aese $ctr1b, $rk0 \n aesmc $ctr1b, $ctr1b @ AES block 4k+5 - round 0 - add $rctr32w, $rctr32w, #1 @ CTR block 4k+3 - fmov $ctr3.d[1], $ctr32x @ CTR block 4k+3 - - aese $ctr0b, $rk0 \n aesmc $ctr0b, $ctr0b @ AES block 4k+4 - round 0 - mov $t6d, $res2.d[1] @ GHASH block 4k+2 - mid - - aese $ctr2b, $rk1 \n aesmc $ctr2b, $ctr2b @ AES block 4k+6 - round 1 - mov $t3d, $res1.d[1] @ GHASH block 4k+1 - mid - - aese $ctr1b, $rk1 \n aesmc $ctr1b, $ctr1b @ AES block 4k+5 - round 1 - eor $res0b, $res0b, $acc_lb @ PRE 1 - - aese $ctr3b, $rk0 \n aesmc $ctr3b, $ctr3b @ AES block 4k+7 - round 0 - eor $input_h3, $input_h3, $rk10_h @ AES block 4k+3 - round 10 high - - pmull2 $t1.1q, $res1.2d, $h3.2d @ GHASH block 4k+1 - high - eor $t6.8b, $t6.8b, $res2.8b @ GHASH block 4k+2 - mid - ldp $input_l0, $input_h0, [$input_ptr, #0] @ AES block 4k+4 - load plaintext - - aese $ctr0b, $rk1 \n aesmc $ctr0b, $ctr0b @ AES block 4k+4 - round 1 - rev $ctr32w, $rctr32w @ CTR block 4k+8 - - eor $t3.8b, $t3.8b, $res1.8b @ GHASH block 4k+1 - mid - mov $t0d, $res0.d[1] @ GHASH block 4k - mid - orr $ctr32x, $ctr96_t32x, $ctr32x, lsl #32 @ CTR block 4k+8 - - pmull2 $acc_h.1q, $res0.2d, $h4.2d @ GHASH block 4k - high - add $rctr32w, $rctr32w, #1 @ CTR block 4k+8 - mov $acc_md, $h34k.d[1] @ GHASH block 4k - mid - - aese $ctr0b, $rk2 \n aesmc $ctr0b, $ctr0b @ AES block 4k+4 - round 2 - - pmull $acc_l.1q, $res0.1d, $h4.1d @ GHASH block 4k - low - eor $t0.8b, $t0.8b, $res0.8b @ GHASH block 4k - mid - - aese $ctr1b, $rk2 \n aesmc $ctr1b, $ctr1b @ AES block 4k+5 - round 2 - - aese $ctr0b, $rk3 \n aesmc $ctr0b, $ctr0b @ AES block 4k+4 - round 3 - eor $acc_hb, $acc_hb, $t1.16b @ GHASH block 4k+1 - high - - pmull $t5.1q, $res2.1d, $h2.1d @ GHASH block 4k+2 - low - - pmull $acc_m.1q, $t0.1d, $acc_m.1d @ GHASH block 4k - mid - rev64 $res3b, $res3b @ GHASH block 4k+3 (t0, t1, t2 and t3 free) - - pmull $t3.1q, $t3.1d, $h34k.1d @ GHASH block 4k+1 - mid - - pmull $t2.1q, $res1.1d, $h3.1d @ GHASH block 4k+1 - low - ins $t6.d[1], $t6.d[0] @ GHASH block 4k+2 - mid - - pmull2 $t4.1q, $res2.2d, $h2.2d @ GHASH block 4k+2 - high - eor $input_h0, $input_h0, $rk10_h @ AES block 4k+4 - round 10 high - - eor $acc_mb, $acc_mb, $t3.16b @ GHASH block 4k+1 - mid - mov $t9d, $res3.d[1] @ GHASH block 4k+3 - mid - - aese $ctr3b, $rk1 \n aesmc $ctr3b, $ctr3b @ AES block 4k+7 - round 1 - eor $acc_lb, $acc_lb, $t2.16b @ GHASH block 4k+1 - low - - aese $ctr2b, $rk2 \n aesmc $ctr2b, $ctr2b @ AES block 4k+6 - round 2 - eor $input_l0, $input_l0, $rk10_l @ AES block 4k+4 - round 10 low - - aese $ctr1b, $rk3 \n aesmc $ctr1b, $ctr1b @ AES block 4k+5 - round 3 - eor $t9.8b, $t9.8b, $res3.8b @ GHASH block 4k+3 - mid - - pmull2 $t7.1q, $res3.2d, $h1.2d @ GHASH block 4k+3 - high - - aese $ctr2b, $rk3 \n aesmc $ctr2b, $ctr2b @ AES block 4k+6 - round 3 - eor $acc_hb, $acc_hb, $t4.16b @ GHASH block 4k+2 - high - - pmull2 $t6.1q, $t6.2d, $h12k.2d @ GHASH block 4k+2 - mid - - pmull $t8.1q, $res3.1d, $h1.1d @ GHASH block 4k+3 - low - movi $mod_constant.8b, #0xc2 - - pmull $t9.1q, $t9.1d, $h12k.1d @ GHASH block 4k+3 - mid - eor $acc_lb, $acc_lb, $t5.16b @ GHASH block 4k+2 - low - - aese $ctr1b, $rk4 \n aesmc $ctr1b, $ctr1b @ AES block 4k+5 - round 4 - - aese $ctr3b, $rk2 \n aesmc $ctr3b, $ctr3b @ AES block 4k+7 - round 2 - shl $mod_constantd, $mod_constantd, #56 @ mod_constant - - aese $ctr0b, $rk4 \n aesmc $ctr0b, $ctr0b @ AES block 4k+4 - round 4 - eor $acc_hb, $acc_hb, $t7.16b @ GHASH block 4k+3 - high - - aese $ctr1b, $rk5 \n aesmc $ctr1b, $ctr1b @ AES block 4k+5 - round 5 - ldp $input_l1, $input_h1, [$input_ptr, #16] @ AES block 4k+5 - load plaintext - - aese $ctr3b, $rk3 \n aesmc $ctr3b, $ctr3b @ AES block 4k+7 - round 3 - eor $acc_mb, $acc_mb, $t6.16b @ GHASH block 4k+2 - mid - - aese $ctr0b, $rk5 \n aesmc $ctr0b, $ctr0b @ AES block 4k+4 - round 5 - ldp $input_l2, $input_h2, [$input_ptr, #32] @ AES block 4k+6 - load plaintext - - pmull $mod_t.1q, $acc_h.1d, $mod_constant.1d @ MODULO - top 64b align with mid - eor $acc_lb, $acc_lb, $t8.16b @ GHASH block 4k+3 - low - - aese $ctr2b, $rk4 \n aesmc $ctr2b, $ctr2b @ AES block 4k+6 - round 4 - eor $input_l1, $input_l1, $rk10_l @ AES block 4k+5 - round 10 low - - aese $ctr3b, $rk4 \n aesmc $ctr3b, $ctr3b @ AES block 4k+7 - round 4 - eor $acc_mb, $acc_mb, $t9.16b @ GHASH block 4k+3 - mid - - aese $ctr1b, $rk6 \n aesmc $ctr1b, $ctr1b @ AES block 4k+5 - round 6 - eor $input_l3, $input_l3, $rk10_l @ AES block 4k+3 - round 10 low - - aese $ctr2b, $rk5 \n aesmc $ctr2b, $ctr2b @ AES block 4k+6 - round 5 - eor $t9.16b, $acc_lb, $acc_hb @ MODULO - karatsuba tidy up - - fmov $ctr_t0d, $input_l0 @ AES block 4k+4 - mov low - aese $ctr0b, $rk6 \n aesmc $ctr0b, $ctr0b @ AES block 4k+4 - round 6 - fmov $ctr_t0.d[1], $input_h0 @ AES block 4k+4 - mov high - - add $input_ptr, $input_ptr, #64 @ AES input_ptr update - fmov $ctr_t3d, $input_l3 @ AES block 4k+3 - mov low - ext $acc_hb, $acc_hb, $acc_hb, #8 @ MODULO - other top alignment - - aese $ctr3b, $rk5 \n aesmc $ctr3b, $ctr3b @ AES block 4k+7 - round 5 - fmov $ctr_t1d, $input_l1 @ AES block 4k+5 - mov low - - aese $ctr0b, $rk7 \n aesmc $ctr0b, $ctr0b @ AES block 4k+4 - round 7 - eor $acc_mb, $acc_mb, $t9.16b @ MODULO - karatsuba tidy up - - aese $ctr2b, $rk6 \n aesmc $ctr2b, $ctr2b @ AES block 4k+6 - round 6 - eor $input_h1, $input_h1, $rk10_h @ AES block 4k+5 - round 10 high - - aese $ctr1b, $rk7 \n aesmc $ctr1b, $ctr1b @ AES block 4k+5 - round 7 - fmov $ctr_t1.d[1], $input_h1 @ AES block 4k+5 - mov high - - aese $ctr0b, $rk8 \n aesmc $ctr0b, $ctr0b @ AES block 4k+4 - round 8 - fmov $ctr_t3.d[1], $input_h3 @ AES block 4k+3 - mov high - - aese $ctr3b, $rk6 \n aesmc $ctr3b, $ctr3b @ AES block 4k+7 - round 6 - cmp $input_ptr, $main_end_input_ptr @ LOOP CONTROL - - aese $ctr1b, $rk8 \n aesmc $ctr1b, $ctr1b @ AES block 4k+5 - round 8 - eor $acc_mb, $acc_mb, $mod_t.16b @ MODULO - fold into mid - - aese $ctr0b, $rk9 @ AES block 4k+4 - round 9 - eor $input_l2, $input_l2, $rk10_l @ AES block 4k+6 - round 10 low - eor $input_h2, $input_h2, $rk10_h @ AES block 4k+6 - round 10 high - - aese $ctr3b, $rk7 \n aesmc $ctr3b, $ctr3b @ AES block 4k+7 - round 7 - fmov $ctr_t2d, $input_l2 @ AES block 4k+6 - mov low - - aese $ctr1b, $rk9 @ AES block 4k+5 - round 9 - fmov $ctr_t2.d[1], $input_h2 @ AES block 4k+6 - mov high - - aese $ctr2b, $rk7 \n aesmc $ctr2b, $ctr2b @ AES block 4k+6 - round 7 - eor $res0b, $ctr_t0b, $ctr0b @ AES block 4k+4 - result - - fmov $ctr0d, $ctr96_b64x @ CTR block 4k+8 - aese $ctr3b, $rk8 \n aesmc $ctr3b, $ctr3b @ AES block 4k+7 - round 8 - - fmov $ctr0.d[1], $ctr32x @ CTR block 4k+8 - rev $ctr32w, $rctr32w @ CTR block 4k+9 - eor $acc_mb, $acc_mb, $acc_hb @ MODULO - fold into mid - - aese $ctr2b, $rk8 \n aesmc $ctr2b, $ctr2b @ AES block 4k+6 - round 8 - eor $res1b, $ctr_t1b, $ctr1b @ AES block 4k+5 - result - - add $rctr32w, $rctr32w, #1 @ CTR block 4k+9 - orr $ctr32x, $ctr96_t32x, $ctr32x, lsl #32 @ CTR block 4k+9 - fmov $ctr1d, $ctr96_b64x @ CTR block 4k+9 - - pmull $acc_h.1q, $acc_m.1d, $mod_constant.1d @ MODULO - mid 64b align with low - fmov $ctr1.d[1], $ctr32x @ CTR block 4k+9 - rev $ctr32w, $rctr32w @ CTR block 4k+10 - - aese $ctr2b, $rk9 @ AES block 4k+6 - round 9 - st1 { $res0b}, [$output_ptr], #16 @ AES block 4k+4 - store result - eor $res2b, $ctr_t2b, $ctr2b @ AES block 4k+6 - result - orr $ctr32x, $ctr96_t32x, $ctr32x, lsl #32 @ CTR block 4k+10 - - aese $ctr3b, $rk9 @ AES block 4k+7 - round 9 - add $rctr32w, $rctr32w, #1 @ CTR block 4k+10 - ext $acc_mb, $acc_mb, $acc_mb, #8 @ MODULO - other mid alignment - fmov $ctr2d, $ctr96_b64x @ CTR block 4k+10 - - eor $acc_lb, $acc_lb, $acc_hb @ MODULO - fold into low - st1 { $res1b}, [$output_ptr], #16 @ AES block 4k+5 - store result - - fmov $ctr2.d[1], $ctr32x @ CTR block 4k+10 - st1 { $res2b}, [$output_ptr], #16 @ AES block 4k+6 - store result - rev $ctr32w, $rctr32w @ CTR block 4k+11 - - orr $ctr32x, $ctr96_t32x, $ctr32x, lsl #32 @ CTR block 4k+11 - eor $res3b, $ctr_t3b, $ctr3b @ AES block 4k+3 - result - - eor $acc_lb, $acc_lb, $acc_mb @ MODULO - fold into low - st1 { $res3b}, [$output_ptr], #16 @ AES block 4k+3 - store result - b.lt .L128_enc_main_loop - - .L128_enc_prepretail: @ PREPRETAIL - rev64 $res0b, $res0b @ GHASH block 4k (only t0 is free) - fmov $ctr3d, $ctr96_b64x @ CTR block 4k+3 - rev64 $res1b, $res1b @ GHASH block 4k+1 (t0 and t1 free) - - ext $acc_lb, $acc_lb, $acc_lb, #8 @ PRE 0 - add $rctr32w, $rctr32w, #1 @ CTR block 4k+3 - fmov $ctr3.d[1], $ctr32x @ CTR block 4k+3 - - aese $ctr1b, $rk0 \n aesmc $ctr1b, $ctr1b @ AES block 4k+5 - round 0 - rev64 $res2b, $res2b @ GHASH block 4k+2 (t0, t1, and t2 free) - - pmull $t2.1q, $res1.1d, $h3.1d @ GHASH block 4k+1 - low - - rev64 $res3b, $res3b @ GHASH block 4k+3 (t0, t1, t2 and t3 free) - eor $res0b, $res0b, $acc_lb @ PRE 1 - - pmull2 $t1.1q, $res1.2d, $h3.2d @ GHASH block 4k+1 - high - - aese $ctr3b, $rk0 \n aesmc $ctr3b, $ctr3b @ AES block 4k+7 - round 0 - mov $t3d, $res1.d[1] @ GHASH block 4k+1 - mid - - pmull $acc_l.1q, $res0.1d, $h4.1d @ GHASH block 4k - low - mov $t0d, $res0.d[1] @ GHASH block 4k - mid - - mov $t6d, $res2.d[1] @ GHASH block 4k+2 - mid - mov $acc_md, $h34k.d[1] @ GHASH block 4k - mid - - aese $ctr1b, $rk1 \n aesmc $ctr1b, $ctr1b @ AES block 4k+5 - round 1 - eor $t3.8b, $t3.8b, $res1.8b @ GHASH block 4k+1 - mid - - eor $t0.8b, $t0.8b, $res0.8b @ GHASH block 4k - mid - - pmull2 $acc_h.1q, $res0.2d, $h4.2d @ GHASH block 4k - high - eor $t6.8b, $t6.8b, $res2.8b @ GHASH block 4k+2 - mid - - aese $ctr3b, $rk1 \n aesmc $ctr3b, $ctr3b @ AES block 4k+7 - round 1 - - pmull $t3.1q, $t3.1d, $h34k.1d @ GHASH block 4k+1 - mid - eor $acc_lb, $acc_lb, $t2.16b @ GHASH block 4k+1 - low - - pmull $acc_m.1q, $t0.1d, $acc_m.1d @ GHASH block 4k - mid - - aese $ctr0b, $rk0 \n aesmc $ctr0b, $ctr0b @ AES block 4k+4 - round 0 - ins $t6.d[1], $t6.d[0] @ GHASH block 4k+2 - mid - - aese $ctr2b, $rk0 \n aesmc $ctr2b, $ctr2b @ AES block 4k+6 - round 0 - - eor $acc_mb, $acc_mb, $t3.16b @ GHASH block 4k+1 - mid - mov $t9d, $res3.d[1] @ GHASH block 4k+3 - mid - - aese $ctr0b, $rk1 \n aesmc $ctr0b, $ctr0b @ AES block 4k+4 - round 1 - eor $acc_hb, $acc_hb, $t1.16b @ GHASH block 4k+1 - high - - pmull2 $t6.1q, $t6.2d, $h12k.2d @ GHASH block 4k+2 - mid - - pmull2 $t4.1q, $res2.2d, $h2.2d @ GHASH block 4k+2 - high - eor $t9.8b, $t9.8b, $res3.8b @ GHASH block 4k+3 - mid - - pmull2 $t7.1q, $res3.2d, $h1.2d @ GHASH block 4k+3 - high - - pmull $t5.1q, $res2.1d, $h2.1d @ GHASH block 4k+2 - low - - aese $ctr2b, $rk1 \n aesmc $ctr2b, $ctr2b @ AES block 4k+6 - round 1 - eor $acc_hb, $acc_hb, $t4.16b @ GHASH block 4k+2 - high - - aese $ctr0b, $rk2 \n aesmc $ctr0b, $ctr0b @ AES block 4k+4 - round 2 - - pmull $t8.1q, $res3.1d, $h1.1d @ GHASH block 4k+3 - low - movi $mod_constant.8b, #0xc2 - - aese $ctr2b, $rk2 \n aesmc $ctr2b, $ctr2b @ AES block 4k+6 - round 2 - eor $acc_lb, $acc_lb, $t5.16b @ GHASH block 4k+2 - low - - aese $ctr3b, $rk2 \n aesmc $ctr3b, $ctr3b @ AES block 4k+7 - round 2 - - pmull $t9.1q, $t9.1d, $h12k.1d @ GHASH block 4k+3 - mid - eor $acc_mb, $acc_mb, $t6.16b @ GHASH block 4k+2 - mid - - aese $ctr2b, $rk3 \n aesmc $ctr2b, $ctr2b @ AES block 4k+6 - round 3 - - aese $ctr1b, $rk2 \n aesmc $ctr1b, $ctr1b @ AES block 4k+5 - round 2 - eor $acc_hb, $acc_hb, $t7.16b @ GHASH block 4k+3 - high - - aese $ctr0b, $rk3 \n aesmc $ctr0b, $ctr0b @ AES block 4k+4 - round 3 - - eor $acc_mb, $acc_mb, $t9.16b @ GHASH block 4k+3 - mid - shl $mod_constantd, $mod_constantd, #56 @ mod_constant - - aese $ctr1b, $rk3 \n aesmc $ctr1b, $ctr1b @ AES block 4k+5 - round 3 - eor $acc_lb, $acc_lb, $t8.16b @ GHASH block 4k+3 - low - - aese $ctr0b, $rk4 \n aesmc $ctr0b, $ctr0b @ AES block 4k+4 - round 4 - - pmull $t1.1q, $acc_h.1d, $mod_constant.1d - eor $acc_mb, $acc_mb, $acc_hb @ karatsuba tidy up - - aese $ctr1b, $rk4 \n aesmc $ctr1b, $ctr1b @ AES block 4k+5 - round 4 - - aese $ctr0b, $rk5 \n aesmc $ctr0b, $ctr0b @ AES block 4k+4 - round 5 - ext $acc_hb, $acc_hb, $acc_hb, #8 - - aese $ctr3b, $rk3 \n aesmc $ctr3b, $ctr3b @ AES block 4k+7 - round 3 - - aese $ctr2b, $rk4 \n aesmc $ctr2b, $ctr2b @ AES block 4k+6 - round 4 - eor $acc_mb, $acc_mb, $acc_lb - - aese $ctr0b, $rk6 \n aesmc $ctr0b, $ctr0b @ AES block 4k+4 - round 6 - - aese $ctr3b, $rk4 \n aesmc $ctr3b, $ctr3b @ AES block 4k+7 - round 4 - - aese $ctr1b, $rk5 \n aesmc $ctr1b, $ctr1b @ AES block 4k+5 - round 5 - - aese $ctr2b, $rk5 \n aesmc $ctr2b, $ctr2b @ AES block 4k+6 - round 5 - eor $acc_mb, $acc_mb, $t1.16b - - aese $ctr3b, $rk5 \n aesmc $ctr3b, $ctr3b @ AES block 4k+7 - round 5 - - aese $ctr1b, $rk6 \n aesmc $ctr1b, $ctr1b @ AES block 4k+5 - round 6 - - aese $ctr2b, $rk6 \n aesmc $ctr2b, $ctr2b @ AES block 4k+6 - round 6 - - aese $ctr3b, $rk6 \n aesmc $ctr3b, $ctr3b @ AES block 4k+7 - round 6 - eor $acc_mb, $acc_mb, $acc_hb - - aese $ctr0b, $rk7 \n aesmc $ctr0b, $ctr0b @ AES block 4k+4 - round 7 - - aese $ctr2b, $rk7 \n aesmc $ctr2b, $ctr2b @ AES block 4k+6 - round 7 - - aese $ctr3b, $rk7 \n aesmc $ctr3b, $ctr3b @ AES block 4k+7 - round 7 - - pmull $t1.1q, $acc_m.1d, $mod_constant.1d - - aese $ctr1b, $rk7 \n aesmc $ctr1b, $ctr1b @ AES block 4k+5 - round 7 - ext $acc_mb, $acc_mb, $acc_mb, #8 - - aese $ctr3b, $rk8 \n aesmc $ctr3b, $ctr3b @ AES block 4k+7 - round 8 - - aese $ctr0b, $rk8 \n aesmc $ctr0b, $ctr0b @ AES block 4k+4 - round 8 - eor $acc_lb, $acc_lb, $t1.16b - - aese $ctr1b, $rk8 \n aesmc $ctr1b, $ctr1b @ AES block 4k+5 - round 8 - - aese $ctr3b, $rk9 @ AES block 4k+7 - round 9 - - aese $ctr2b, $rk8 \n aesmc $ctr2b, $ctr2b @ AES block 4k+6 - round 8 - - aese $ctr0b, $rk9 @ AES block 4k+4 - round 9 - - aese $ctr1b, $rk9 @ AES block 4k+5 - round 9 - eor $acc_lb, $acc_lb, $acc_mb - - aese $ctr2b, $rk9 @ AES block 4k+6 - round 9 - .L128_enc_tail: @ TAIL - - sub $main_end_input_ptr, $end_input_ptr, $input_ptr @ main_end_input_ptr is number of bytes left to process - ldp $input_l0, $input_h0, [$input_ptr], #16 @ AES block 4k+4 - load plaintext - - cmp $main_end_input_ptr, #48 - - ext $t0.16b, $acc_lb, $acc_lb, #8 @ prepare final partial tag - eor $input_l0, $input_l0, $rk10_l @ AES block 4k+4 - round 10 low - eor $input_h0, $input_h0, $rk10_h @ AES block 4k+4 - round 10 high - - fmov $ctr_t0d, $input_l0 @ AES block 4k+4 - mov low - - fmov $ctr_t0.d[1], $input_h0 @ AES block 4k+4 - mov high - - eor $res1b, $ctr_t0b, $ctr0b @ AES block 4k+4 - result - - b.gt .L128_enc_blocks_more_than_3 - - sub $rctr32w, $rctr32w, #1 - movi $acc_l.8b, #0 - mov $ctr3b, $ctr2b - - cmp $main_end_input_ptr, #32 - mov $ctr2b, $ctr1b - movi $acc_h.8b, #0 - - movi $acc_m.8b, #0 - b.gt .L128_enc_blocks_more_than_2 - - mov $ctr3b, $ctr1b - cmp $main_end_input_ptr, #16 - - sub $rctr32w, $rctr32w, #1 - b.gt .L128_enc_blocks_more_than_1 - - sub $rctr32w, $rctr32w, #1 - b .L128_enc_blocks_less_than_1 - .L128_enc_blocks_more_than_3: @ blocks left > 3 - st1 { $res1b}, [$output_ptr], #16 @ AES final-3 block - store result - - ldp $input_l0, $input_h0, [$input_ptr], #16 @ AES final-2 block - load input low & high - - rev64 $res0b, $res1b @ GHASH final-3 block - - eor $res0b, $res0b, $t0.16b @ feed in partial tag - eor $input_h0, $input_h0, $rk10_h @ AES final-2 block - round 10 high - eor $input_l0, $input_l0, $rk10_l @ AES final-2 block - round 10 low - - fmov $res1d, $input_l0 @ AES final-2 block - mov low - - movi $t0.8b, #0 @ suppress further partial tag feed in - fmov $res1.d[1], $input_h0 @ AES final-2 block - mov high - - pmull $acc_l.1q, $res0.1d, $h4.1d @ GHASH final-3 block - low - mov $rk4d, $res0.d[1] @ GHASH final-3 block - mid - - pmull2 $acc_h.1q, $res0.2d, $h4.2d @ GHASH final-3 block - high - - mov $acc_md, $h34k.d[1] @ GHASH final-3 block - mid - - eor $res1b, $res1b, $ctr1b @ AES final-2 block - result - eor $rk4v.8b, $rk4v.8b, $res0.8b @ GHASH final-3 block - mid - - pmull $acc_m.1q, $rk4v.1d, $acc_m.1d @ GHASH final-3 block - mid - .L128_enc_blocks_more_than_2: @ blocks left > 2 - - st1 { $res1b}, [$output_ptr], #16 @ AES final-2 block - store result - - rev64 $res0b, $res1b @ GHASH final-2 block - ldp $input_l0, $input_h0, [$input_ptr], #16 @ AES final-1 block - load input low & high - - eor $res0b, $res0b, $t0.16b @ feed in partial tag - - eor $input_l0, $input_l0, $rk10_l @ AES final-1 block - round 10 low - - fmov $res1d, $input_l0 @ AES final-1 block - mov low - eor $input_h0, $input_h0, $rk10_h @ AES final-1 block - round 10 high - - pmull2 $rk2q1, $res0.2d, $h3.2d @ GHASH final-2 block - high - fmov $res1.d[1], $input_h0 @ AES final-1 block - mov high - - mov $rk4d, $res0.d[1] @ GHASH final-2 block - mid - - pmull $rk3q1, $res0.1d, $h3.1d @ GHASH final-2 block - low - - eor $acc_hb, $acc_hb, $rk2 @ GHASH final-2 block - high - - eor $rk4v.8b, $rk4v.8b, $res0.8b @ GHASH final-2 block - mid - - eor $res1b, $res1b, $ctr2b @ AES final-1 block - result - - eor $acc_lb, $acc_lb, $rk3 @ GHASH final-2 block - low - - pmull $rk4v.1q, $rk4v.1d, $h34k.1d @ GHASH final-2 block - mid - - movi $t0.8b, #0 @ suppress further partial tag feed in - - eor $acc_mb, $acc_mb, $rk4v.16b @ GHASH final-2 block - mid - .L128_enc_blocks_more_than_1: @ blocks left > 1 - - st1 { $res1b}, [$output_ptr], #16 @ AES final-1 block - store result - - rev64 $res0b, $res1b @ GHASH final-1 block - ldp $input_l0, $input_h0, [$input_ptr], #16 @ AES final block - load input low & high - - eor $res0b, $res0b, $t0.16b @ feed in partial tag - - eor $input_h0, $input_h0, $rk10_h @ AES final block - round 10 high - eor $input_l0, $input_l0, $rk10_l @ AES final block - round 10 low - - fmov $res1d, $input_l0 @ AES final block - mov low - - pmull2 $rk2q1, $res0.2d, $h2.2d @ GHASH final-1 block - high - fmov $res1.d[1], $input_h0 @ AES final block - mov high - - mov $rk4d, $res0.d[1] @ GHASH final-1 block - mid - - pmull $rk3q1, $res0.1d, $h2.1d @ GHASH final-1 block - low - - eor $rk4v.8b, $rk4v.8b, $res0.8b @ GHASH final-1 block - mid - - eor $res1b, $res1b, $ctr3b @ AES final block - result - - ins $rk4v.d[1], $rk4v.d[0] @ GHASH final-1 block - mid - - pmull2 $rk4v.1q, $rk4v.2d, $h12k.2d @ GHASH final-1 block - mid - - eor $acc_lb, $acc_lb, $rk3 @ GHASH final-1 block - low - - eor $acc_hb, $acc_hb, $rk2 @ GHASH final-1 block - high - - eor $acc_mb, $acc_mb, $rk4v.16b @ GHASH final-1 block - mid - movi $t0.8b, #0 @ suppress further partial tag feed in - .L128_enc_blocks_less_than_1: @ blocks left <= 1 - - and $bit_length, $bit_length, #127 @ bit_length %= 128 - mvn $rk10_l, xzr @ rk10_l = 0xffffffffffffffff - - mvn $rk10_h, xzr @ rk10_h = 0xffffffffffffffff - sub $bit_length, $bit_length, #128 @ bit_length -= 128 - - neg $bit_length, $bit_length @ bit_length = 128 - #bits in input (in range [1,128]) - - and $bit_length, $bit_length, #127 @ bit_length %= 128 - - lsr $rk10_h, $rk10_h, $bit_length @ rk10_h is mask for top 64b of last block - cmp $bit_length, #64 - - csel $input_l0, $rk10_l, $rk10_h, lt - csel $input_h0, $rk10_h, xzr, lt - - fmov $ctr0d, $input_l0 @ ctr0b is mask for last block - - fmov $ctr0.d[1], $input_h0 - - and $res1b, $res1b, $ctr0b @ possibly partial last block has zeroes in highest bits - - rev64 $res0b, $res1b @ GHASH final block - - eor $res0b, $res0b, $t0.16b @ feed in partial tag - - mov $t0d, $res0.d[1] @ GHASH final block - mid - - pmull $rk3q1, $res0.1d, $h1.1d @ GHASH final block - low - ld1 { $rk0}, [$output_ptr] @ load existing bytes where the possibly partial last block is to be stored - - eor $t0.8b, $t0.8b, $res0.8b @ GHASH final block - mid - - rev $ctr32w, $rctr32w - - pmull2 $rk2q1, $res0.2d, $h1.2d @ GHASH final block - high - - pmull $t0.1q, $t0.1d, $h12k.1d @ GHASH final block - mid - - eor $acc_lb, $acc_lb, $rk3 @ GHASH final block - low - - eor $acc_hb, $acc_hb, $rk2 @ GHASH final block - high - - eor $acc_mb, $acc_mb, $t0.16b @ GHASH final block - mid - movi $mod_constant.8b, #0xc2 - - eor $t9.16b, $acc_lb, $acc_hb @ MODULO - karatsuba tidy up - - shl $mod_constantd, $mod_constantd, #56 @ mod_constant - - eor $acc_mb, $acc_mb, $t9.16b @ MODULO - karatsuba tidy up - - pmull $mod_t.1q, $acc_h.1d, $mod_constant.1d @ MODULO - top 64b align with mid - - ext $acc_hb, $acc_hb, $acc_hb, #8 @ MODULO - other top alignment - - eor $acc_mb, $acc_mb, $mod_t.16b @ MODULO - fold into mid - - eor $acc_mb, $acc_mb, $acc_hb @ MODULO - fold into mid - - pmull $acc_h.1q, $acc_m.1d, $mod_constant.1d @ MODULO - mid 64b align with low - - ext $acc_mb, $acc_mb, $acc_mb, #8 @ MODULO - other mid alignment - - bif $res1b, $rk0, $ctr0b @ insert existing bytes in top end of result before storing - - eor $acc_lb, $acc_lb, $acc_hb @ MODULO - fold into low - st1 { $res1b}, [$output_ptr] @ store all 16B - - str $ctr32w, [$counter, #12] @ store the updated counter - - eor $acc_lb, $acc_lb, $acc_mb @ MODULO - fold into low - ext $acc_lb, $acc_lb, $acc_lb, #8 - rev64 $acc_lb, $acc_lb - mov x0, $len - st1 { $acc_l.16b }, [$current_tag] - ldp x21, x22, [sp, #16] - ldp x23, x24, [sp, #32] - ldp d8, d9, [sp, #48] - ldp d10, d11, [sp, #64] - ldp d12, d13, [sp, #80] - ldp d14, d15, [sp, #96] - ldp x19, x20, [sp], #112 - ret - -.L128_enc_ret: - mov w0, #0x0 - ret -.size aes_gcm_enc_128_kernel,.-aes_gcm_enc_128_kernel -___ - -######################################################################################### -# size_t aes_gcm_dec_128_kernel(const unsigned char *in, -# size_t len, -# unsigned char *out, -# const void *key, -# unsigned char ivec[16], -# u64 *Xi); -# -$code.=<<___; -.global aes_gcm_dec_128_kernel -.type aes_gcm_dec_128_kernel,%function -.align 4 -aes_gcm_dec_128_kernel: - cbz x1, .L128_dec_ret - stp x19, x20, [sp, #-112]! - mov x16, x4 - mov x8, x5 - stp x21, x22, [sp, #16] - stp x23, x24, [sp, #32] - stp d8, d9, [sp, #48] - stp d10, d11, [sp, #64] - stp d12, d13, [sp, #80] - stp d14, d15, [sp, #96] - - lsr $main_end_input_ptr, $bit_length, #3 @ byte_len - mov $len, $main_end_input_ptr - ldp $ctr96_b64x, $ctr96_t32x, [$counter] @ ctr96_b64, ctr96_t32 - - sub $main_end_input_ptr, $main_end_input_ptr, #1 @ byte_len - 1 - ldr $rk0q, [$cc, #0] @ load rk0 - - and $main_end_input_ptr, $main_end_input_ptr, #0xffffffffffffffc0 @ number of bytes to be processed in main loop (at least 1 byte must be handled by tail) - ld1 { $ctr0b}, [$counter] @ special case vector load initial counter so we can start first AES block as quickly as possible - - ldr $h2q, [$current_tag, #64] @ load h2l | h2h - ext $h2b, $h2b, $h2b, #8 - - lsr $rctr32x, $ctr96_t32x, #32 - fmov $ctr2d, $ctr96_b64x @ CTR block 2 - - ldr $rk1q, [$cc, #16] @ load rk1 - orr $ctr96_t32w, $ctr96_t32w, $ctr96_t32w - rev $rctr32w, $rctr32w @ rev_ctr32 - - fmov $ctr1d, $ctr96_b64x @ CTR block 1 - add $rctr32w, $rctr32w, #1 @ increment rev_ctr32 - - aese $ctr0b, $rk0 \n aesmc $ctr0b, $ctr0b @ AES block 0 - round 0 - rev $ctr32w, $rctr32w @ CTR block 1 - - orr $ctr32x, $ctr96_t32x, $ctr32x, lsl #32 @ CTR block 1 - ldr $rk2q, [$cc, #32] @ load rk2 - add $rctr32w, $rctr32w, #1 @ CTR block 1 - - fmov $ctr1.d[1], $ctr32x @ CTR block 1 - rev $ctr32w, $rctr32w @ CTR block 2 - add $rctr32w, $rctr32w, #1 @ CTR block 2 - - aese $ctr0b, $rk1 \n aesmc $ctr0b, $ctr0b @ AES block 0 - round 1 - orr $ctr32x, $ctr96_t32x, $ctr32x, lsl #32 @ CTR block 2 - - fmov $ctr2.d[1], $ctr32x @ CTR block 2 - rev $ctr32w, $rctr32w @ CTR block 3 - - fmov $ctr3d, $ctr96_b64x @ CTR block 3 - orr $ctr32x, $ctr96_t32x, $ctr32x, lsl #32 @ CTR block 3 - add $rctr32w, $rctr32w, #1 @ CTR block 3 - - fmov $ctr3.d[1], $ctr32x @ CTR block 3 - add $end_input_ptr, $input_ptr, $bit_length, lsr #3 @ end_input_ptr - - aese $ctr1b, $rk0 \n aesmc $ctr1b, $ctr1b @ AES block 1 - round 0 - ldr $rk3q, [$cc, #48] @ load rk3 - - aese $ctr0b, $rk2 \n aesmc $ctr0b, $ctr0b @ AES block 0 - round 2 - ldr $rk6q, [$cc, #96] @ load rk6 - - aese $ctr2b, $rk0 \n aesmc $ctr2b, $ctr2b @ AES block 2 - round 0 - ldr $rk7q, [$cc, #112] @ load rk7 - - aese $ctr1b, $rk1 \n aesmc $ctr1b, $ctr1b @ AES block 1 - round 1 - ldr $rk4q, [$cc, #64] @ load rk4 - - aese $ctr3b, $rk0 \n aesmc $ctr3b, $ctr3b @ AES block 3 - round 0 - - aese $ctr2b, $rk1 \n aesmc $ctr2b, $ctr2b @ AES block 2 - round 1 - - aese $ctr1b, $rk2 \n aesmc $ctr1b, $ctr1b @ AES block 1 - round 2 - ldp $rk10_l, $rk10_h, [$cc, #160] @ load rk10 - - aese $ctr3b, $rk1 \n aesmc $ctr3b, $ctr3b @ AES block 3 - round 1 - ld1 { $acc_lb}, [$current_tag] - ext $acc_lb, $acc_lb, $acc_lb, #8 - rev64 $acc_lb, $acc_lb - - aese $ctr0b, $rk3 \n aesmc $ctr0b, $ctr0b @ AES block 0 - round 3 - ldr $rk5q, [$cc, #80] @ load rk5 - - aese $ctr1b, $rk3 \n aesmc $ctr1b, $ctr1b @ AES block 1 - round 3 - - aese $ctr3b, $rk2 \n aesmc $ctr3b, $ctr3b @ AES block 3 - round 2 - - aese $ctr2b, $rk2 \n aesmc $ctr2b, $ctr2b @ AES block 2 - round 2 - ldr $rk9q, [$cc, #144] @ load rk9 - - aese $ctr1b, $rk4 \n aesmc $ctr1b, $ctr1b @ AES block 1 - round 4 - - aese $ctr3b, $rk3 \n aesmc $ctr3b, $ctr3b @ AES block 3 - round 3 - - aese $ctr2b, $rk3 \n aesmc $ctr2b, $ctr2b @ AES block 2 - round 3 - ldr $h3q, [$current_tag, #80] @ load h3l | h3h - ext $h3b, $h3b, $h3b, #8 - - aese $ctr0b, $rk4 \n aesmc $ctr0b, $ctr0b @ AES block 0 - round 4 - ldr $rk8q, [$cc, #128] @ load rk8 - - aese $ctr1b, $rk5 \n aesmc $ctr1b, $ctr1b @ AES block 1 - round 5 - - aese $ctr2b, $rk4 \n aesmc $ctr2b, $ctr2b @ AES block 2 - round 4 - - aese $ctr3b, $rk4 \n aesmc $ctr3b, $ctr3b @ AES block 3 - round 4 - - aese $ctr0b, $rk5 \n aesmc $ctr0b, $ctr0b @ AES block 0 - round 5 - - aese $ctr2b, $rk5 \n aesmc $ctr2b, $ctr2b @ AES block 2 - round 5 - ldr $h1q, [$current_tag, #32] @ load h1l | h1h - ext $h1b, $h1b, $h1b, #8 - - aese $ctr3b, $rk5 \n aesmc $ctr3b, $ctr3b @ AES block 3 - round 5 - - aese $ctr0b, $rk6 \n aesmc $ctr0b, $ctr0b @ AES block 0 - round 6 - - aese $ctr1b, $rk6 \n aesmc $ctr1b, $ctr1b @ AES block 1 - round 6 - - aese $ctr3b, $rk6 \n aesmc $ctr3b, $ctr3b @ AES block 3 - round 6 - - aese $ctr2b, $rk6 \n aesmc $ctr2b, $ctr2b @ AES block 2 - round 6 - trn1 $t0.2d, $h1.2d, $h2.2d @ h2h | h1h - - ldr $h4q, [$current_tag, #112] @ load h4l | h4h - ext $h4b, $h4b, $h4b, #8 - trn2 $h12k.2d, $h1.2d, $h2.2d @ h2l | h1l - add $main_end_input_ptr, $main_end_input_ptr, $input_ptr - - aese $ctr1b, $rk7 \n aesmc $ctr1b, $ctr1b @ AES block 1 - round 7 - - aese $ctr2b, $rk7 \n aesmc $ctr2b, $ctr2b @ AES block 2 - round 7 - - aese $ctr0b, $rk7 \n aesmc $ctr0b, $ctr0b @ AES block 0 - round 7 - eor $h12k.16b, $h12k.16b, $t0.16b @ h2k | h1k - - aese $ctr3b, $rk7 \n aesmc $ctr3b, $ctr3b @ AES block 3 - round 7 - - aese $ctr1b, $rk8 \n aesmc $ctr1b, $ctr1b @ AES block 1 - round 8 - trn2 $h34k.2d, $h3.2d, $h4.2d @ h4l | h3l - - aese $ctr2b, $rk8 \n aesmc $ctr2b, $ctr2b @ AES block 2 - round 8 - - aese $ctr3b, $rk8 \n aesmc $ctr3b, $ctr3b @ AES block 3 - round 8 - - aese $ctr0b, $rk8 \n aesmc $ctr0b, $ctr0b @ AES block 0 - round 8 - trn1 $acc_h.2d, $h3.2d, $h4.2d @ h4h | h3h - - aese $ctr2b, $rk9 @ AES block 2 - round 9 - - aese $ctr3b, $rk9 @ AES block 3 - round 9 - - aese $ctr0b, $rk9 @ AES block 0 - round 9 - cmp $input_ptr, $main_end_input_ptr @ check if we have <= 4 blocks - - aese $ctr1b, $rk9 @ AES block 1 - round 9 - eor $h34k.16b, $h34k.16b, $acc_h.16b @ h4k | h3k - b.ge .L128_dec_tail @ handle tail - - ldr $res1q, [$input_ptr, #16] @ AES block 1 - load ciphertext - - ldr $res0q, [$input_ptr, #0] @ AES block 0 - load ciphertext - - eor $ctr1b, $res1b, $ctr1b @ AES block 1 - result - ldr $res2q, [$input_ptr, #32] @ AES block 2 - load ciphertext - - eor $ctr0b, $res0b, $ctr0b @ AES block 0 - result - rev64 $res0b, $res0b @ GHASH block 0 - rev $ctr32w, $rctr32w @ CTR block 4 - - orr $ctr32x, $ctr96_t32x, $ctr32x, lsl #32 @ CTR block 4 - add $rctr32w, $rctr32w, #1 @ CTR block 4 - ldr $res3q, [$input_ptr, #48] @ AES block 3 - load ciphertext - - rev64 $res1b, $res1b @ GHASH block 1 - add $input_ptr, $input_ptr, #64 @ AES input_ptr update - mov $output_l1, $ctr1.d[0] @ AES block 1 - mov low - - mov $output_h1, $ctr1.d[1] @ AES block 1 - mov high - - mov $output_l0, $ctr0.d[0] @ AES block 0 - mov low - cmp $input_ptr, $main_end_input_ptr @ check if we have <= 8 blocks - - mov $output_h0, $ctr0.d[1] @ AES block 0 - mov high - - fmov $ctr0d, $ctr96_b64x @ CTR block 4 - - fmov $ctr0.d[1], $ctr32x @ CTR block 4 - rev $ctr32w, $rctr32w @ CTR block 5 - eor $output_l1, $output_l1, $rk10_l @ AES block 1 - round 10 low - - fmov $ctr1d, $ctr96_b64x @ CTR block 5 - add $rctr32w, $rctr32w, #1 @ CTR block 5 - orr $ctr32x, $ctr96_t32x, $ctr32x, lsl #32 @ CTR block 5 - - fmov $ctr1.d[1], $ctr32x @ CTR block 5 - rev $ctr32w, $rctr32w @ CTR block 6 - add $rctr32w, $rctr32w, #1 @ CTR block 6 - - orr $ctr32x, $ctr96_t32x, $ctr32x, lsl #32 @ CTR block 6 - - eor $output_h1, $output_h1, $rk10_h @ AES block 1 - round 10 high - eor $output_l0, $output_l0, $rk10_l @ AES block 0 - round 10 low - eor $ctr2b, $res2b, $ctr2b @ AES block 2 - result - - eor $output_h0, $output_h0, $rk10_h @ AES block 0 - round 10 high - stp $output_l0, $output_h0, [$output_ptr], #16 @ AES block 0 - store result - - stp $output_l1, $output_h1, [$output_ptr], #16 @ AES block 1 - store result - b.ge .L128_dec_prepretail @ do prepretail - - .L128_dec_main_loop: @ main loop start - eor $ctr3b, $res3b, $ctr3b @ AES block 4k+3 - result - ext $acc_lb, $acc_lb, $acc_lb, #8 @ PRE 0 - mov $output_l2, $ctr2.d[0] @ AES block 4k+2 - mov low - - pmull2 $t1.1q, $res1.2d, $h3.2d @ GHASH block 4k+1 - high - mov $output_h2, $ctr2.d[1] @ AES block 4k+2 - mov high - - aese $ctr1b, $rk0 \n aesmc $ctr1b, $ctr1b @ AES block 4k+5 - round 0 - fmov $ctr2d, $ctr96_b64x @ CTR block 4k+6 - - rev64 $res2b, $res2b @ GHASH block 4k+2 - fmov $ctr2.d[1], $ctr32x @ CTR block 4k+6 - rev $ctr32w, $rctr32w @ CTR block 4k+7 - - mov $output_l3, $ctr3.d[0] @ AES block 4k+3 - mov low - eor $res0b, $res0b, $acc_lb @ PRE 1 - mov $t3d, $res1.d[1] @ GHASH block 4k+1 - mid - - aese $ctr1b, $rk1 \n aesmc $ctr1b, $ctr1b @ AES block 4k+5 - round 1 - rev64 $res3b, $res3b @ GHASH block 4k+3 - - pmull $t2.1q, $res1.1d, $h3.1d @ GHASH block 4k+1 - low - mov $output_h3, $ctr3.d[1] @ AES block 4k+3 - mov high - orr $ctr32x, $ctr96_t32x, $ctr32x, lsl #32 @ CTR block 4k+7 - - pmull $acc_l.1q, $res0.1d, $h4.1d @ GHASH block 4k - low - fmov $ctr3d, $ctr96_b64x @ CTR block 4k+7 - eor $t3.8b, $t3.8b, $res1.8b @ GHASH block 4k+1 - mid - - aese $ctr1b, $rk2 \n aesmc $ctr1b, $ctr1b @ AES block 4k+5 - round 2 - fmov $ctr3.d[1], $ctr32x @ CTR block 4k+7 - - aese $ctr2b, $rk0 \n aesmc $ctr2b, $ctr2b @ AES block 4k+6 - round 0 - mov $acc_md, $h34k.d[1] @ GHASH block 4k - mid - - pmull2 $acc_h.1q, $res0.2d, $h4.2d @ GHASH block 4k - high - eor $acc_lb, $acc_lb, $t2.16b @ GHASH block 4k+1 - low - - pmull $t8.1q, $res3.1d, $h1.1d @ GHASH block 4k+3 - low - - aese $ctr1b, $rk3 \n aesmc $ctr1b, $ctr1b @ AES block 4k+5 - round 3 - mov $t0d, $res0.d[1] @ GHASH block 4k - mid - - aese $ctr3b, $rk0 \n aesmc $ctr3b, $ctr3b @ AES block 4k+7 - round 0 - eor $acc_hb, $acc_hb, $t1.16b @ GHASH block 4k+1 - high - - aese $ctr0b, $rk0 \n aesmc $ctr0b, $ctr0b @ AES block 4k+4 - round 0 - - pmull $t5.1q, $res2.1d, $h2.1d @ GHASH block 4k+2 - low - eor $t0.8b, $t0.8b, $res0.8b @ GHASH block 4k - mid - - aese $ctr3b, $rk1 \n aesmc $ctr3b, $ctr3b @ AES block 4k+7 - round 1 - eor $output_l3, $output_l3, $rk10_l @ AES block 4k+3 - round 10 low - - pmull $t3.1q, $t3.1d, $h34k.1d @ GHASH block 4k+1 - mid - eor $output_h2, $output_h2, $rk10_h @ AES block 4k+2 - round 10 high - mov $t6d, $res2.d[1] @ GHASH block 4k+2 - mid - - aese $ctr0b, $rk1 \n aesmc $ctr0b, $ctr0b @ AES block 4k+4 - round 1 - eor $acc_lb, $acc_lb, $t5.16b @ GHASH block 4k+2 - low - - pmull $acc_m.1q, $t0.1d, $acc_m.1d @ GHASH block 4k - mid - - aese $ctr3b, $rk2 \n aesmc $ctr3b, $ctr3b @ AES block 4k+7 - round 2 - eor $t6.8b, $t6.8b, $res2.8b @ GHASH block 4k+2 - mid - - aese $ctr0b, $rk2 \n aesmc $ctr0b, $ctr0b @ AES block 4k+4 - round 2 - - aese $ctr1b, $rk4 \n aesmc $ctr1b, $ctr1b @ AES block 4k+5 - round 4 - eor $acc_mb, $acc_mb, $t3.16b @ GHASH block 4k+1 - mid - - pmull2 $t4.1q, $res2.2d, $h2.2d @ GHASH block 4k+2 - high - - aese $ctr0b, $rk3 \n aesmc $ctr0b, $ctr0b @ AES block 4k+4 - round 3 - ins $t6.d[1], $t6.d[0] @ GHASH block 4k+2 - mid - - pmull2 $t7.1q, $res3.2d, $h1.2d @ GHASH block 4k+3 - high - - aese $ctr2b, $rk1 \n aesmc $ctr2b, $ctr2b @ AES block 4k+6 - round 1 - mov $t9d, $res3.d[1] @ GHASH block 4k+3 - mid - - aese $ctr0b, $rk4 \n aesmc $ctr0b, $ctr0b @ AES block 4k+4 - round 4 - eor $acc_hb, $acc_hb, $t4.16b @ GHASH block 4k+2 - high - - pmull2 $t6.1q, $t6.2d, $h12k.2d @ GHASH block 4k+2 - mid - eor $output_h3, $output_h3, $rk10_h @ AES block 4k+3 - round 10 high - - aese $ctr2b, $rk2 \n aesmc $ctr2b, $ctr2b @ AES block 4k+6 - round 2 - eor $t9.8b, $t9.8b, $res3.8b @ GHASH block 4k+3 - mid - - aese $ctr1b, $rk5 \n aesmc $ctr1b, $ctr1b @ AES block 4k+5 - round 5 - eor $output_l2, $output_l2, $rk10_l @ AES block 4k+2 - round 10 low - - aese $ctr0b, $rk5 \n aesmc $ctr0b, $ctr0b @ AES block 4k+4 - round 5 - movi $mod_constant.8b, #0xc2 - - aese $ctr2b, $rk3 \n aesmc $ctr2b, $ctr2b @ AES block 4k+6 - round 3 - eor $acc_lb, $acc_lb, $t8.16b @ GHASH block 4k+3 - low - - aese $ctr1b, $rk6 \n aesmc $ctr1b, $ctr1b @ AES block 4k+5 - round 6 - - aese $ctr0b, $rk6 \n aesmc $ctr0b, $ctr0b @ AES block 4k+4 - round 6 - eor $acc_mb, $acc_mb, $t6.16b @ GHASH block 4k+2 - mid - - aese $ctr2b, $rk4 \n aesmc $ctr2b, $ctr2b @ AES block 4k+6 - round 4 - stp $output_l2, $output_h2, [$output_ptr], #16 @ AES block 4k+2 - store result - - pmull $t9.1q, $t9.1d, $h12k.1d @ GHASH block 4k+3 - mid - eor $acc_hb, $acc_hb, $t7.16b @ GHASH block 4k+3 - high - ldr $res0q, [$input_ptr, #0] @ AES block 4k+4 - load ciphertext - - aese $ctr1b, $rk7 \n aesmc $ctr1b, $ctr1b @ AES block 4k+5 - round 7 - add $rctr32w, $rctr32w, #1 @ CTR block 4k+7 - - aese $ctr0b, $rk7 \n aesmc $ctr0b, $ctr0b @ AES block 4k+4 - round 7 - shl $mod_constantd, $mod_constantd, #56 @ mod_constant - - aese $ctr2b, $rk5 \n aesmc $ctr2b, $ctr2b @ AES block 4k+6 - round 5 - eor $acc_mb, $acc_mb, $t9.16b @ GHASH block 4k+3 - mid - - aese $ctr1b, $rk8 \n aesmc $ctr1b, $ctr1b @ AES block 4k+5 - round 8 - stp $output_l3, $output_h3, [$output_ptr], #16 @ AES block 4k+3 - store result - - aese $ctr0b, $rk8 \n aesmc $ctr0b, $ctr0b @ AES block 4k+4 - round 8 - eor $t9.16b, $acc_lb, $acc_hb @ MODULO - karatsuba tidy up - - aese $ctr3b, $rk3 \n aesmc $ctr3b, $ctr3b @ AES block 4k+7 - round 3 - rev $ctr32w, $rctr32w @ CTR block 4k+8 - - pmull $mod_t.1q, $acc_h.1d, $mod_constant.1d @ MODULO - top 64b align with mid - ldr $res1q, [$input_ptr, #16] @ AES block 4k+5 - load ciphertext - ext $acc_hb, $acc_hb, $acc_hb, #8 @ MODULO - other top alignment - - aese $ctr0b, $rk9 @ AES block 4k+4 - round 9 - orr $ctr32x, $ctr96_t32x, $ctr32x, lsl #32 @ CTR block 4k+8 - - aese $ctr3b, $rk4 \n aesmc $ctr3b, $ctr3b @ AES block 4k+7 - round 4 - eor $acc_mb, $acc_mb, $t9.16b @ MODULO - karatsuba tidy up - - aese $ctr1b, $rk9 @ AES block 4k+5 - round 9 - - aese $ctr2b, $rk6 \n aesmc $ctr2b, $ctr2b @ AES block 4k+6 - round 6 - eor $ctr0b, $res0b, $ctr0b @ AES block 4k+4 - result - - aese $ctr3b, $rk5 \n aesmc $ctr3b, $ctr3b @ AES block 4k+7 - round 5 - ldr $res2q, [$input_ptr, #32] @ AES block 4k+6 - load ciphertext - - add $rctr32w, $rctr32w, #1 @ CTR block 4k+8 - eor $acc_mb, $acc_mb, $mod_t.16b @ MODULO - fold into mid - eor $ctr1b, $res1b, $ctr1b @ AES block 4k+5 - result - - aese $ctr2b, $rk7 \n aesmc $ctr2b, $ctr2b @ AES block 4k+6 - round 7 - ldr $res3q, [$input_ptr, #48] @ AES block 4k+3 - load ciphertext - - aese $ctr3b, $rk6 \n aesmc $ctr3b, $ctr3b @ AES block 4k+7 - round 6 - add $input_ptr, $input_ptr, #64 @ AES input_ptr update - - rev64 $res1b, $res1b @ GHASH block 4k+5 - eor $acc_mb, $acc_mb, $acc_hb @ MODULO - fold into mid - mov $output_h0, $ctr0.d[1] @ AES block 4k+4 - mov high - - aese $ctr2b, $rk8 \n aesmc $ctr2b, $ctr2b @ AES block 4k+6 - round 8 - mov $output_l0, $ctr0.d[0] @ AES block 4k+4 - mov low - - aese $ctr3b, $rk7 \n aesmc $ctr3b, $ctr3b @ AES block 4k+7 - round 7 - fmov $ctr0d, $ctr96_b64x @ CTR block 4k+8 - - pmull $mod_constant.1q, $acc_m.1d, $mod_constant.1d @ MODULO - mid 64b align with low - fmov $ctr0.d[1], $ctr32x @ CTR block 4k+8 - rev $ctr32w, $rctr32w @ CTR block 4k+9 - - aese $ctr2b, $rk9 @ AES block 4k+6 - round 9 - orr $ctr32x, $ctr96_t32x, $ctr32x, lsl #32 @ CTR block 4k+9 - ext $acc_mb, $acc_mb, $acc_mb, #8 @ MODULO - other mid alignment - - aese $ctr3b, $rk8 \n aesmc $ctr3b, $ctr3b @ AES block 4k+7 - round 8 - eor $output_h0, $output_h0, $rk10_h @ AES block 4k+4 - round 10 high - - eor $acc_lb, $acc_lb, $mod_constant.16b @ MODULO - fold into low - mov $output_h1, $ctr1.d[1] @ AES block 4k+5 - mov high - eor $output_l0, $output_l0, $rk10_l @ AES block 4k+4 - round 10 low - - eor $ctr2b, $res2b, $ctr2b @ AES block 4k+6 - result - mov $output_l1, $ctr1.d[0] @ AES block 4k+5 - mov low - add $rctr32w, $rctr32w, #1 @ CTR block 4k+9 - - aese $ctr3b, $rk9 @ AES block 4k+7 - round 9 - fmov $ctr1d, $ctr96_b64x @ CTR block 4k+9 - cmp $input_ptr, $main_end_input_ptr @ LOOP CONTROL - - rev64 $res0b, $res0b @ GHASH block 4k+4 - eor $acc_lb, $acc_lb, $acc_mb @ MODULO - fold into low - fmov $ctr1.d[1], $ctr32x @ CTR block 4k+9 - - rev $ctr32w, $rctr32w @ CTR block 4k+10 - add $rctr32w, $rctr32w, #1 @ CTR block 4k+10 - - eor $output_h1, $output_h1, $rk10_h @ AES block 4k+5 - round 10 high - stp $output_l0, $output_h0, [$output_ptr], #16 @ AES block 4k+4 - store result - - eor $output_l1, $output_l1, $rk10_l @ AES block 4k+5 - round 10 low - stp $output_l1, $output_h1, [$output_ptr], #16 @ AES block 4k+5 - store result - - orr $ctr32x, $ctr96_t32x, $ctr32x, lsl #32 @ CTR block 4k+10 - b.lt L128_dec_main_loop - - .L128_dec_prepretail: @ PREPRETAIL - ext $acc_lb, $acc_lb, $acc_lb, #8 @ PRE 0 - mov $output_l2, $ctr2.d[0] @ AES block 4k+2 - mov low - mov $t3d, $res1.d[1] @ GHASH block 4k+1 - mid - - aese $ctr0b, $rk0 \n aesmc $ctr0b, $ctr0b @ AES block 4k+4 - round 0 - eor $ctr3b, $res3b, $ctr3b @ AES block 4k+3 - result - - aese $ctr1b, $rk0 \n aesmc $ctr1b, $ctr1b @ AES block 4k+5 - round 0 - mov $output_h2, $ctr2.d[1] @ AES block 4k+2 - mov high - - eor $res0b, $res0b, $acc_lb @ PRE 1 - fmov $ctr2d, $ctr96_b64x @ CTR block 4k+6 - rev64 $res2b, $res2b @ GHASH block 4k+2 - - aese $ctr0b, $rk1 \n aesmc $ctr0b, $ctr0b @ AES block 4k+4 - round 1 - fmov $ctr2.d[1], $ctr32x @ CTR block 4k+6 - - rev $ctr32w, $rctr32w @ CTR block 4k+7 - mov $output_l3, $ctr3.d[0] @ AES block 4k+3 - mov low - eor $t3.8b, $t3.8b, $res1.8b @ GHASH block 4k+1 - mid - - pmull $acc_l.1q, $res0.1d, $h4.1d @ GHASH block 4k - low - mov $acc_md, $h34k.d[1] @ GHASH block 4k - mid - mov $output_h3, $ctr3.d[1] @ AES block 4k+3 - mov high - - aese $ctr1b, $rk1 \n aesmc $ctr1b, $ctr1b @ AES block 4k+5 - round 1 - mov $t6d, $res2.d[1] @ GHASH block 4k+2 - mid - - aese $ctr0b, $rk2 \n aesmc $ctr0b, $ctr0b @ AES block 4k+4 - round 2 - orr $ctr32x, $ctr96_t32x, $ctr32x, lsl #32 @ CTR block 4k+7 - - pmull $t2.1q, $res1.1d, $h3.1d @ GHASH block 4k+1 - low - mov $t0d, $res0.d[1] @ GHASH block 4k - mid - fmov $ctr3d, $ctr96_b64x @ CTR block 4k+7 - - aese $ctr2b, $rk0 \n aesmc $ctr2b, $ctr2b @ AES block 4k+6 - round 0 - fmov $ctr3.d[1], $ctr32x @ CTR block 4k+7 - - pmull $t3.1q, $t3.1d, $h34k.1d @ GHASH block 4k+1 - mid - eor $t6.8b, $t6.8b, $res2.8b @ GHASH block 4k+2 - mid - - rev64 $res3b, $res3b @ GHASH block 4k+3 - - aese $ctr2b, $rk1 \n aesmc $ctr2b, $ctr2b @ AES block 4k+6 - round 1 - eor $t0.8b, $t0.8b, $res0.8b @ GHASH block 4k - mid - - pmull2 $acc_h.1q, $res0.2d, $h4.2d @ GHASH block 4k - high - - aese $ctr3b, $rk0 \n aesmc $ctr3b, $ctr3b @ AES block 4k+7 - round 0 - ins $t6.d[1], $t6.d[0] @ GHASH block 4k+2 - mid - - pmull2 $t1.1q, $res1.2d, $h3.2d @ GHASH block 4k+1 - high - - pmull $acc_m.1q, $t0.1d, $acc_m.1d @ GHASH block 4k - mid - eor $acc_lb, $acc_lb, $t2.16b @ GHASH block 4k+1 - low - - pmull $t8.1q, $res3.1d, $h1.1d @ GHASH block 4k+3 - low - - pmull2 $t6.1q, $t6.2d, $h12k.2d @ GHASH block 4k+2 - mid - eor $acc_hb, $acc_hb, $t1.16b @ GHASH block 4k+1 - high - - eor $acc_mb, $acc_mb, $t3.16b @ GHASH block 4k+1 - mid - - pmull2 $t7.1q, $res3.2d, $h1.2d @ GHASH block 4k+3 - high - - pmull2 $t4.1q, $res2.2d, $h2.2d @ GHASH block 4k+2 - high - mov $t9d, $res3.d[1] @ GHASH block 4k+3 - mid - - aese $ctr1b, $rk2 \n aesmc $ctr1b, $ctr1b @ AES block 4k+5 - round 2 - eor $acc_mb, $acc_mb, $t6.16b @ GHASH block 4k+2 - mid - - pmull $t5.1q, $res2.1d, $h2.1d @ GHASH block 4k+2 - low - - eor $acc_hb, $acc_hb, $t4.16b @ GHASH block 4k+2 - high - movi $mod_constant.8b, #0xc2 - - aese $ctr3b, $rk1 \n aesmc $ctr3b, $ctr3b @ AES block 4k+7 - round 1 - eor $t9.8b, $t9.8b, $res3.8b @ GHASH block 4k+3 - mid - - eor $acc_lb, $acc_lb, $t5.16b @ GHASH block 4k+2 - low - - aese $ctr2b, $rk2 \n aesmc $ctr2b, $ctr2b @ AES block 4k+6 - round 2 - eor $acc_hb, $acc_hb, $t7.16b @ GHASH block 4k+3 - high - - aese $ctr3b, $rk2 \n aesmc $ctr3b, $ctr3b @ AES block 4k+7 - round 2 - eor $output_l3, $output_l3, $rk10_l @ AES block 4k+3 - round 10 low - - pmull $t9.1q, $t9.1d, $h12k.1d @ GHASH block 4k+3 - mid - eor $output_l2, $output_l2, $rk10_l @ AES block 4k+2 - round 10 low - eor $acc_lb, $acc_lb, $t8.16b @ GHASH block 4k+3 - low - - aese $ctr2b, $rk3 \n aesmc $ctr2b, $ctr2b @ AES block 4k+6 - round 3 - - aese $ctr1b, $rk3 \n aesmc $ctr1b, $ctr1b @ AES block 4k+5 - round 3 - shl $mod_constantd, $mod_constantd, #56 @ mod_constant - - aese $ctr0b, $rk3 \n aesmc $ctr0b, $ctr0b @ AES block 4k+4 - round 3 - - aese $ctr2b, $rk4 \n aesmc $ctr2b, $ctr2b @ AES block 4k+6 - round 4 - eor $acc_mb, $acc_mb, $t9.16b @ GHASH block 4k+3 - mid - - aese $ctr1b, $rk4 \n aesmc $ctr1b, $ctr1b @ AES block 4k+5 - round 4 - - aese $ctr3b, $rk3 \n aesmc $ctr3b, $ctr3b @ AES block 4k+7 - round 3 - eor $t9.16b, $acc_lb, $acc_hb @ MODULO - karatsuba tidy up - - aese $ctr2b, $rk5 \n aesmc $ctr2b, $ctr2b @ AES block 4k+6 - round 5 - - aese $ctr1b, $rk5 \n aesmc $ctr1b, $ctr1b @ AES block 4k+5 - round 5 - - aese $ctr3b, $rk4 \n aesmc $ctr3b, $ctr3b @ AES block 4k+7 - round 4 - - aese $ctr0b, $rk4 \n aesmc $ctr0b, $ctr0b @ AES block 4k+4 - round 4 - eor $acc_mb, $acc_mb, $t9.16b @ MODULO - karatsuba tidy up - - pmull $mod_t.1q, $acc_h.1d, $mod_constant.1d @ MODULO - top 64b align with mid - - aese $ctr1b, $rk6 \n aesmc $ctr1b, $ctr1b @ AES block 4k+5 - round 6 - ext $acc_hb, $acc_hb, $acc_hb, #8 @ MODULO - other top alignment - - aese $ctr3b, $rk5 \n aesmc $ctr3b, $ctr3b @ AES block 4k+7 - round 5 - - aese $ctr0b, $rk5 \n aesmc $ctr0b, $ctr0b @ AES block 4k+4 - round 5 - eor $acc_mb, $acc_mb, $mod_t.16b @ MODULO - fold into mid - - aese $ctr1b, $rk7 \n aesmc $ctr1b, $ctr1b @ AES block 4k+5 - round 7 - - aese $ctr2b, $rk6 \n aesmc $ctr2b, $ctr2b @ AES block 4k+6 - round 6 - - aese $ctr0b, $rk6 \n aesmc $ctr0b, $ctr0b @ AES block 4k+4 - round 6 - - aese $ctr1b, $rk8 \n aesmc $ctr1b, $ctr1b @ AES block 4k+5 - round 8 - eor $acc_mb, $acc_mb, $acc_hb @ MODULO - fold into mid - - aese $ctr3b, $rk6 \n aesmc $ctr3b, $ctr3b @ AES block 4k+7 - round 6 - - aese $ctr0b, $rk7 \n aesmc $ctr0b, $ctr0b @ AES block 4k+4 - round 7 - - aese $ctr1b, $rk9 @ AES block 4k+5 - round 9 - - pmull $mod_constant.1q, $acc_m.1d, $mod_constant.1d @ MODULO - mid 64b align with low - eor $output_h3, $output_h3, $rk10_h @ AES block 4k+3 - round 10 high - - aese $ctr2b, $rk7 \n aesmc $ctr2b, $ctr2b @ AES block 4k+6 - round 7 - ext $acc_mb, $acc_mb, $acc_mb, #8 @ MODULO - other mid alignment - - aese $ctr3b, $rk7 \n aesmc $ctr3b, $ctr3b @ AES block 4k+7 - round 7 - - aese $ctr0b, $rk8 \n aesmc $ctr0b, $ctr0b @ AES block 4k+4 - round 8 - eor $acc_lb, $acc_lb, $mod_constant.16b @ MODULO - fold into low - - aese $ctr2b, $rk8 \n aesmc $ctr2b, $ctr2b @ AES block 4k+6 - round 8 - - aese $ctr3b, $rk8 \n aesmc $ctr3b, $ctr3b @ AES block 4k+7 - round 8 - eor $output_h2, $output_h2, $rk10_h @ AES block 4k+2 - round 10 high - - aese $ctr0b, $rk9 @ AES block 4k+4 - round 9 - stp $output_l2, $output_h2, [$output_ptr], #16 @ AES block 4k+2 - store result - - aese $ctr2b, $rk9 @ AES block 4k+6 - round 9 - add $rctr32w, $rctr32w, #1 @ CTR block 4k+7 - stp $output_l3, $output_h3, [$output_ptr], #16 @ AES block 4k+3 - store result - - aese $ctr3b, $rk9 @ AES block 4k+7 - round 9 - eor $acc_lb, $acc_lb, $acc_mb @ MODULO - fold into low - .L128_dec_tail: @ TAIL - - sub $main_end_input_ptr, $end_input_ptr, $input_ptr @ main_end_input_ptr is number of bytes left to process - ld1 { $res1b}, [$input_ptr], #16 @ AES block 4k+4 - load ciphertext - - eor $ctr0b, $res1b, $ctr0b @ AES block 4k+4 - result - - mov $output_h0, $ctr0.d[1] @ AES block 4k+4 - mov high - - mov $output_l0, $ctr0.d[0] @ AES block 4k+4 - mov low - - cmp $main_end_input_ptr, #48 - - eor $output_h0, $output_h0, $rk10_h @ AES block 4k+4 - round 10 high - - ext $t0.16b, $acc_lb, $acc_lb, #8 @ prepare final partial tag - eor $output_l0, $output_l0, $rk10_l @ AES block 4k+4 - round 10 low - b.gt .L128_dec_blocks_more_than_3 - - mov $ctr3b, $ctr2b - sub $rctr32w, $rctr32w, #1 - movi $acc_l.8b, #0 - - movi $acc_h.8b, #0 - mov $ctr2b, $ctr1b - - movi $acc_m.8b, #0 - cmp $main_end_input_ptr, #32 - b.gt .L128_dec_blocks_more_than_2 - - cmp $main_end_input_ptr, #16 - - mov $ctr3b, $ctr1b - sub $rctr32w, $rctr32w, #1 - b.gt .L128_dec_blocks_more_than_1 - - sub $rctr32w, $rctr32w, #1 - b .L128_dec_blocks_less_than_1 - .L128_dec_blocks_more_than_3: @ blocks left > 3 - rev64 $res0b, $res1b @ GHASH final-3 block - ld1 { $res1b}, [$input_ptr], #16 @ AES final-2 block - load ciphertext - - eor $res0b, $res0b, $t0.16b @ feed in partial tag - - mov $acc_md, $h34k.d[1] @ GHASH final-3 block - mid - stp $output_l0, $output_h0, [$output_ptr], #16 @ AES final-3 block - store result - eor $ctr0b, $res1b, $ctr1b @ AES final-2 block - result - - mov $rk4d, $res0.d[1] @ GHASH final-3 block - mid - mov $output_h0, $ctr0.d[1] @ AES final-2 block - mov high - - pmull $acc_l.1q, $res0.1d, $h4.1d @ GHASH final-3 block - low - mov $output_l0, $ctr0.d[0] @ AES final-2 block - mov low - - pmull2 $acc_h.1q, $res0.2d, $h4.2d @ GHASH final-3 block - high - - eor $rk4v.8b, $rk4v.8b, $res0.8b @ GHASH final-3 block - mid - - movi $t0.8b, #0 @ suppress further partial tag feed in - eor $output_h0, $output_h0, $rk10_h @ AES final-2 block - round 10 high - - pmull $acc_m.1q, $rk4v.1d, $acc_m.1d @ GHASH final-3 block - mid - eor $output_l0, $output_l0, $rk10_l @ AES final-2 block - round 10 low - .L128_dec_blocks_more_than_2: @ blocks left > 2 - - rev64 $res0b, $res1b @ GHASH final-2 block - ld1 { $res1b}, [$input_ptr], #16 @ AES final-1 block - load ciphertext - - eor $res0b, $res0b, $t0.16b @ feed in partial tag - - eor $ctr0b, $res1b, $ctr2b @ AES final-1 block - result - stp $output_l0, $output_h0, [$output_ptr], #16 @ AES final-2 block - store result - - mov $rk4d, $res0.d[1] @ GHASH final-2 block - mid - - pmull $rk3q1, $res0.1d, $h3.1d @ GHASH final-2 block - low - - pmull2 $rk2q1, $res0.2d, $h3.2d @ GHASH final-2 block - high - mov $output_l0, $ctr0.d[0] @ AES final-1 block - mov low - - mov $output_h0, $ctr0.d[1] @ AES final-1 block - mov high - eor $rk4v.8b, $rk4v.8b, $res0.8b @ GHASH final-2 block - mid - - movi $t0.8b, #0 @ suppress further partial tag feed in - - pmull $rk4v.1q, $rk4v.1d, $h34k.1d @ GHASH final-2 block - mid - - eor $output_l0, $output_l0, $rk10_l @ AES final-1 block - round 10 low - eor $acc_lb, $acc_lb, $rk3 @ GHASH final-2 block - low - - eor $acc_hb, $acc_hb, $rk2 @ GHASH final-2 block - high - - eor $acc_mb, $acc_mb, $rk4v.16b @ GHASH final-2 block - mid - eor $output_h0, $output_h0, $rk10_h @ AES final-1 block - round 10 high - .L128_dec_blocks_more_than_1: @ blocks left > 1 - - rev64 $res0b, $res1b @ GHASH final-1 block - - ld1 { $res1b}, [$input_ptr], #16 @ AES final block - load ciphertext - eor $res0b, $res0b, $t0.16b @ feed in partial tag - - mov $rk4d, $res0.d[1] @ GHASH final-1 block - mid - - eor $ctr0b, $res1b, $ctr3b @ AES final block - result - - eor $rk4v.8b, $rk4v.8b, $res0.8b @ GHASH final-1 block - mid - - stp $output_l0, $output_h0, [$output_ptr], #16 @ AES final-1 block - store result - mov $output_l0, $ctr0.d[0] @ AES final block - mov low - - mov $output_h0, $ctr0.d[1] @ AES final block - mov high - ins $rk4v.d[1], $rk4v.d[0] @ GHASH final-1 block - mid - - pmull $rk3q1, $res0.1d, $h2.1d @ GHASH final-1 block - low - - pmull2 $rk2q1, $res0.2d, $h2.2d @ GHASH final-1 block - high - - pmull2 $rk4v.1q, $rk4v.2d, $h12k.2d @ GHASH final-1 block - mid - movi $t0.8b, #0 @ suppress further partial tag feed in - - eor $acc_lb, $acc_lb, $rk3 @ GHASH final-1 block - low - - eor $acc_hb, $acc_hb, $rk2 @ GHASH final-1 block - high - eor $output_h0, $output_h0, $rk10_h @ AES final block - round 10 high - - eor $output_l0, $output_l0, $rk10_l @ AES final block - round 10 low - eor $acc_mb, $acc_mb, $rk4v.16b @ GHASH final-1 block - mid - .L128_dec_blocks_less_than_1: @ blocks left <= 1 - - mvn $rk10_h, xzr @ rk10_h = 0xffffffffffffffff - and $bit_length, $bit_length, #127 @ bit_length %= 128 - - mvn $rk10_l, xzr @ rk10_l = 0xffffffffffffffff - sub $bit_length, $bit_length, #128 @ bit_length -= 128 - - neg $bit_length, $bit_length @ bit_length = 128 - #bits in input (in range [1,128]) - - and $bit_length, $bit_length, #127 @ bit_length %= 128 - - lsr $rk10_h, $rk10_h, $bit_length @ rk10_h is mask for top 64b of last block - cmp $bit_length, #64 - - csel $ctr96_b64x, $rk10_h, xzr, lt - csel $ctr32x, $rk10_l, $rk10_h, lt - - fmov $ctr0d, $ctr32x @ ctr0b is mask for last block - - mov $ctr0.d[1], $ctr96_b64x - - and $res1b, $res1b, $ctr0b @ possibly partial last block has zeroes in highest bits - - rev64 $res0b, $res1b @ GHASH final block - - eor $res0b, $res0b, $t0.16b @ feed in partial tag - - ldp $end_input_ptr, $main_end_input_ptr, [$output_ptr] @ load existing bytes we need to not overwrite - - and $output_h0, $output_h0, $ctr96_b64x - - pmull2 $rk2q1, $res0.2d, $h1.2d @ GHASH final block - high - mov $t0d, $res0.d[1] @ GHASH final block - mid - - eor $t0.8b, $t0.8b, $res0.8b @ GHASH final block - mid - eor $acc_hb, $acc_hb, $rk2 @ GHASH final block - high - - pmull $t0.1q, $t0.1d, $h12k.1d @ GHASH final block - mid - - pmull $rk3q1, $res0.1d, $h1.1d @ GHASH final block - low - bic $end_input_ptr, $end_input_ptr, $ctr32x @ mask out low existing bytes - and $output_l0, $output_l0, $ctr32x - - rev $ctr32w, $rctr32w - - eor $acc_mb, $acc_mb, $t0.16b @ GHASH final block - mid - movi $mod_constant.8b, #0xc2 - - eor $acc_lb, $acc_lb, $rk3 @ GHASH final block - low - - bic $main_end_input_ptr, $main_end_input_ptr, $ctr96_b64x @ mask out high existing bytes - shl $mod_constantd, $mod_constantd, #56 @ mod_constant - - eor $t9.16b, $acc_lb, $acc_hb @ MODULO - karatsuba tidy up - - pmull $mod_t.1q, $acc_h.1d, $mod_constant.1d @ MODULO - top 64b align with mid - - eor $acc_mb, $acc_mb, $t9.16b @ MODULO - karatsuba tidy up - - orr $output_l0, $output_l0, $end_input_ptr - str $ctr32w, [$counter, #12] @ store the updated counter - - orr $output_h0, $output_h0, $main_end_input_ptr - stp $output_l0, $output_h0, [$output_ptr] - ext $acc_hb, $acc_hb, $acc_hb, #8 @ MODULO - other top alignment - - eor $acc_mb, $acc_mb, $mod_t.16b @ MODULO - fold into mid - - eor $acc_mb, $acc_mb, $acc_hb @ MODULO - fold into mid - - pmull $mod_constant.1q, $acc_m.1d, $mod_constant.1d @ MODULO - mid 64b align with low - ext $acc_mb, $acc_mb, $acc_mb, #8 @ MODULO - other mid alignment - - eor $acc_lb, $acc_lb, $mod_constant.16b @ MODULO - fold into low - - eor $acc_lb, $acc_lb, $acc_mb @ MODULO - fold into low - ext $acc_lb, $acc_lb, $acc_lb, #8 - rev64 $acc_lb, $acc_lb - mov x0, $len - st1 { $acc_l.16b }, [$current_tag] - - ldp x21, x22, [sp, #16] - ldp x23, x24, [sp, #32] - ldp d8, d9, [sp, #48] - ldp d10, d11, [sp, #64] - ldp d12, d13, [sp, #80] - ldp d14, d15, [sp, #96] - ldp x19, x20, [sp], #112 - ret - - .L128_dec_ret: - mov w0, #0x0 - ret -.size aes_gcm_dec_128_kernel,.-aes_gcm_dec_128_kernel -___ -} - -{ -my ($end_input_ptr,$main_end_input_ptr,$input_l0,$input_h0)=map("x$_",(4..7)); -my ($input_l1,$input_h1,$input_l2,$input_h2,$input_l3,$input_h3)=map("x$_",(19..24)); -my ($output_l1,$output_h1,$output_l2,$output_h2,$output_l3,$output_h3)=map("x$_",(19..24)); -my ($output_l0,$output_h0)=map("x$_",(6..7)); - -my $ctr32w="w9"; -my ($ctr32x,$ctr96_b64x,$ctr96_t32x,$rctr32x,$rk12_l,$rk12_h,$len)=map("x$_",(9..15)); -my ($ctr96_t32w,$rctr32w)=map("w$_",(11..12)); - -my ($ctr0b,$ctr1b,$ctr2b,$ctr3b,$res0b,$res1b,$res2b,$res3b)=map("v$_.16b",(0..7)); -my ($ctr0,$ctr1,$ctr2,$ctr3,$res0,$res1,$res2,$res3)=map("v$_",(0..7)); -my ($ctr0d,$ctr1d,$ctr2d,$ctr3d,$res0d,$res1d,$res2d,$res3d)=map("d$_",(0..7)); -my ($res0q,$res1q,$res2q,$res3q)=map("q$_",(4..7)); - -my ($acc_hb,$acc_mb,$acc_lb)=map("v$_.16b",(9..11)); -my ($acc_h,$acc_m,$acc_l)=map("v$_",(9..11)); -my ($acc_hd,$acc_md,$acc_ld)=map("d$_",(9..11)); - -my ($h1,$h2,$h3,$h4,$h12k,$h34k)=map("v$_",(12..17)); -my ($h1q,$h2q,$h3q,$h4q)=map("q$_",(12..15)); -my ($h1b,$h2b,$h3b,$h4b)=map("v$_.16b",(12..15)); - -my $t0="v8"; -my $t0d="d8"; -my $t3="v4"; -my $t3d="d4"; - -my ($t1,$t2)=map("v$_",(30..31)); -my ($t1d,$t2d)=map("d$_",(30..31)); - -my $t4="v30"; -my $t4d="d30"; -my $t5="v8"; -my $t5d="d8"; -my $t6="v31"; -my $t6d="d31"; - -my $t7="v5"; -my $t7d="d5"; -my $t8="v6"; -my $t8d="d6"; -my $t9="v30"; -my $t9d="d30"; - -my ($ctr_t0,$ctr_t1,$ctr_t2,$ctr_t3)=map("v$_",(4..7)); -my ($ctr_t0d,$ctr_t1d,$ctr_t2d,$ctr_t3d)=map("d$_",(4..7)); -my ($ctr_t0b,$ctr_t1b,$ctr_t2b,$ctr_t3b)=map("v$_.16b",(4..7)); - -my $mod_constantd="d8"; -my $mod_constant="v8"; -my $mod_t="v31"; - -my ($rk0,$rk1,$rk2,$rk3,$rk4,$rk5,$rk6,$rk7,$rk8,$rk9,$rk10,$rk11)=map("v$_.16b",(18..29)); -my ($rk0q,$rk1q,$rk2q,$rk3q,$rk4q,$rk5q,$rk6q,$rk7q,$rk8q,$rk9q,$rk10q,$rk11q)=map("q$_",(18..29)); -my $rk2q1="v20.1q"; -my $rk3q1="v21.1q"; -my $rk4v="v22"; -my $rk4d="d22"; - -######################################################################################### -# size_t aes_gcm_enc_192_kernel(const unsigned char *in, -# size_t len, -# unsigned char *out, -# const void *key, -# unsigned char ivec[16], -# u64 *Xi); -# -$code.=<<___; -.global aes_gcm_enc_192_kernel -.type aes_gcm_enc_192_kernel,%function -.align 4 -aes_gcm_enc_192_kernel: - cbz x1, .L192_enc_ret - stp x19, x20, [sp, #-112]! - mov x16, x4 - mov x8, x5 - stp x21, x22, [sp, #16] - stp x23, x24, [sp, #32] - stp d8, d9, [sp, #48] - stp d10, d11, [sp, #64] - stp d12, d13, [sp, #80] - stp d14, d15, [sp, #96] - - ldp $ctr96_b64x, $ctr96_t32x, [$counter] @ ctr96_b64, ctr96_t32 - - ldr $rk5q, [$cc, #80] @ load rk5 - - ldr $rk4q, [$cc, #64] @ load rk4 - - ldr $rk8q, [$cc, #128] @ load rk8 - - lsr $rctr32x, $ctr96_t32x, #32 - ldr $rk6q, [$cc, #96] @ load rk6 - orr $ctr96_t32w, $ctr96_t32w, $ctr96_t32w - - ldr $rk7q, [$cc, #112] @ load rk7 - rev $rctr32w, $rctr32w @ rev_ctr32 - - add $rctr32w, $rctr32w, #1 @ increment rev_ctr32 - fmov $ctr3d, $ctr96_b64x @ CTR block 3 - - rev $ctr32w, $rctr32w @ CTR block 1 - add $rctr32w, $rctr32w, #1 @ CTR block 1 - fmov $ctr1d, $ctr96_b64x @ CTR block 1 - - orr $ctr32x, $ctr96_t32x, $ctr32x, lsl #32 @ CTR block 1 - ld1 { $ctr0b}, [$counter] @ special case vector load initial counter so we can start first AES block as quickly as possible - - fmov $ctr1.d[1], $ctr32x @ CTR block 1 - rev $ctr32w, $rctr32w @ CTR block 2 - add $rctr32w, $rctr32w, #1 @ CTR block 2 - - fmov $ctr2d, $ctr96_b64x @ CTR block 2 - orr $ctr32x, $ctr96_t32x, $ctr32x, lsl #32 @ CTR block 2 - - fmov $ctr2.d[1], $ctr32x @ CTR block 2 - rev $ctr32w, $rctr32w @ CTR block 3 - - orr $ctr32x, $ctr96_t32x, $ctr32x, lsl #32 @ CTR block 3 - ldr $rk0q, [$cc, #0] @ load rk0 - - fmov $ctr3.d[1], $ctr32x @ CTR block 3 - - ldr $rk3q, [$cc, #48] @ load rk3 - - ldp $rk12_l, $rk12_h, [$cc, #192] @ load rk12 - - ldr $rk1q, [$cc, #16] @ load rk1 - - aese $ctr0b, $rk0 \n aesmc $ctr0b, $ctr0b @ AES block 0 - round 0 - ld1 { $acc_lb}, [$current_tag] - ext $acc_lb, $acc_lb, $acc_lb, #8 - rev64 $acc_lb, $acc_lb - - aese $ctr3b, $rk0 \n aesmc $ctr3b, $ctr3b @ AES block 3 - round 0 - ldr $rk11q, [$cc, #176] @ load rk11 - - aese $ctr1b, $rk0 \n aesmc $ctr1b, $ctr1b @ AES block 1 - round 0 - ldr $h4q, [$current_tag, #112] @ load h4l | h4h - ext $h4b, $h4b, $h4b, #8 - - aese $ctr2b, $rk0 \n aesmc $ctr2b, $ctr2b @ AES block 2 - round 0 - ldr $rk2q, [$cc, #32] @ load rk2 - - aese $ctr0b, $rk1 \n aesmc $ctr0b, $ctr0b @ AES block 0 - round 1 - ldr $rk10q, [$cc, #160] @ load rk10 - - aese $ctr1b, $rk1 \n aesmc $ctr1b, $ctr1b @ AES block 1 - round 1 - ldr $h1q, [$current_tag, #32] @ load h1l | h1h - ext $h1b, $h1b, $h1b, #8 - - aese $ctr2b, $rk1 \n aesmc $ctr2b, $ctr2b @ AES block 2 - round 1 - ldr $rk9q, [$cc, #144] @ load rk9 - - aese $ctr3b, $rk1 \n aesmc $ctr3b, $ctr3b @ AES block 3 - round 1 - ldr $h3q, [$current_tag, #80] @ load h3l | h3h - ext $h3b, $h3b, $h3b, #8 - - aese $ctr0b, $rk2 \n aesmc $ctr0b, $ctr0b @ AES block 0 - round 2 - - aese $ctr2b, $rk2 \n aesmc $ctr2b, $ctr2b @ AES block 2 - round 2 - - aese $ctr3b, $rk2 \n aesmc $ctr3b, $ctr3b @ AES block 3 - round 2 - - aese $ctr0b, $rk3 \n aesmc $ctr0b, $ctr0b @ AES block 0 - round 3 - trn1 $acc_h.2d, $h3.2d, $h4.2d @ h4h | h3h - - aese $ctr2b, $rk3 \n aesmc $ctr2b, $ctr2b @ AES block 2 - round 3 - - aese $ctr1b, $rk2 \n aesmc $ctr1b, $ctr1b @ AES block 1 - round 2 - trn2 $h34k.2d, $h3.2d, $h4.2d @ h4l | h3l - - aese $ctr0b, $rk4 \n aesmc $ctr0b, $ctr0b @ AES block 0 - round 4 - - aese $ctr3b, $rk3 \n aesmc $ctr3b, $ctr3b @ AES block 3 - round 3 - - aese $ctr1b, $rk3 \n aesmc $ctr1b, $ctr1b @ AES block 1 - round 3 - - aese $ctr0b, $rk5 \n aesmc $ctr0b, $ctr0b @ AES block 0 - round 5 - - aese $ctr2b, $rk4 \n aesmc $ctr2b, $ctr2b @ AES block 2 - round 4 - - aese $ctr1b, $rk4 \n aesmc $ctr1b, $ctr1b @ AES block 1 - round 4 - - aese $ctr0b, $rk6 \n aesmc $ctr0b, $ctr0b @ AES block 0 - round 6 - - aese $ctr3b, $rk4 \n aesmc $ctr3b, $ctr3b @ AES block 3 - round 4 - - aese $ctr2b, $rk5 \n aesmc $ctr2b, $ctr2b @ AES block 2 - round 5 - - aese $ctr1b, $rk5 \n aesmc $ctr1b, $ctr1b @ AES block 1 - round 5 - - aese $ctr3b, $rk5 \n aesmc $ctr3b, $ctr3b @ AES block 3 - round 5 - - aese $ctr2b, $rk6 \n aesmc $ctr2b, $ctr2b @ AES block 2 - round 6 - ldr $h2q, [$current_tag, #64] @ load h2l | h2h - ext $h2b, $h2b, $h2b, #8 - - aese $ctr1b, $rk6 \n aesmc $ctr1b, $ctr1b @ AES block 1 - round 6 - - aese $ctr3b, $rk6 \n aesmc $ctr3b, $ctr3b @ AES block 3 - round 6 - - aese $ctr0b, $rk7 \n aesmc $ctr0b, $ctr0b @ AES block 0 - round 7 - - aese $ctr1b, $rk7 \n aesmc $ctr1b, $ctr1b @ AES block 1 - round 7 - trn2 $h12k.2d, $h1.2d, $h2.2d @ h2l | h1l - - aese $ctr3b, $rk7 \n aesmc $ctr3b, $ctr3b @ AES block 3 - round 7 - - aese $ctr0b, $rk8 \n aesmc $ctr0b, $ctr0b @ AES block 0 - round 8 - - aese $ctr2b, $rk7 \n aesmc $ctr2b, $ctr2b @ AES block 2 - round 7 - trn1 $t0.2d, $h1.2d, $h2.2d @ h2h | h1h - - aese $ctr1b, $rk8 \n aesmc $ctr1b, $ctr1b @ AES block 1 - round 8 - - aese $ctr3b, $rk8 \n aesmc $ctr3b, $ctr3b @ AES block 3 - round 8 - - aese $ctr2b, $rk8 \n aesmc $ctr2b, $ctr2b @ AES block 2 - round 8 - - aese $ctr0b, $rk9 \n aesmc $ctr0b, $ctr0b @ AES block 0 - round 9 - - aese $ctr3b, $rk9 \n aesmc $ctr3b, $ctr3b @ AES block 3 - round 9 - - aese $ctr2b, $rk9 \n aesmc $ctr2b, $ctr2b @ AES block 2 - round 9 - - aese $ctr1b, $rk9 \n aesmc $ctr1b, $ctr1b @ AES block 1 - round 9 - - aese $ctr0b, $rk10 \n aesmc $ctr0b, $ctr0b @ AES block 0 - round 10 - - aese $ctr2b, $rk10 \n aesmc $ctr2b, $ctr2b @ AES block 2 - round 10 - - aese $ctr1b, $rk10 \n aesmc $ctr1b, $ctr1b @ AES block 1 - round 10 - lsr $main_end_input_ptr, $bit_length, #3 @ byte_len - mov $len, $main_end_input_ptr - - aese $ctr3b, $rk10 \n aesmc $ctr3b, $ctr3b @ AES block 3 - round 10 - sub $main_end_input_ptr, $main_end_input_ptr, #1 @ byte_len - 1 - - eor $h12k.16b, $h12k.16b, $t0.16b @ h2k | h1k - and $main_end_input_ptr, $main_end_input_ptr, #0xffffffffffffffc0 @ number of bytes to be processed in main loop (at least 1 byte must be handled by tail) - - eor $h34k.16b, $h34k.16b, $acc_h.16b @ h4k | h3k - - aese $ctr2b, $rk11 @ AES block 2 - round 11 - add $end_input_ptr, $input_ptr, $bit_length, lsr #3 @ end_input_ptr - add $main_end_input_ptr, $main_end_input_ptr, $input_ptr - - aese $ctr1b, $rk11 @ AES block 1 - round 11 - cmp $input_ptr, $main_end_input_ptr @ check if we have <= 4 blocks - - aese $ctr0b, $rk11 @ AES block 0 - round 11 - add $rctr32w, $rctr32w, #1 @ CTR block 3 - - aese $ctr3b, $rk11 @ AES block 3 - round 11 - b.ge .L192_enc_tail @ handle tail - - rev $ctr32w, $rctr32w @ CTR block 4 - ldp $input_l0, $input_h0, [$input_ptr, #0] @ AES block 0 - load plaintext - - orr $ctr32x, $ctr96_t32x, $ctr32x, lsl #32 @ CTR block 4 - ldp $input_l2, $input_h2, [$input_ptr, #32] @ AES block 2 - load plaintext - - ldp $input_l3, $input_h3, [$input_ptr, #48] @ AES block 3 - load plaintext - - ldp $input_l1, $input_h1, [$input_ptr, #16] @ AES block 1 - load plaintext - add $input_ptr, $input_ptr, #64 @ AES input_ptr update - cmp $input_ptr, $main_end_input_ptr @ check if we have <= 8 blocks - - eor $input_l0, $input_l0, $rk12_l @ AES block 0 - round 12 low - - eor $input_h0, $input_h0, $rk12_h @ AES block 0 - round 12 high - eor $input_h2, $input_h2, $rk12_h @ AES block 2 - round 12 high - fmov $ctr_t0d, $input_l0 @ AES block 0 - mov low - - eor $input_h3, $input_h3, $rk12_h @ AES block 3 - round 12 high - fmov $ctr_t0.d[1], $input_h0 @ AES block 0 - mov high - - eor $input_l2, $input_l2, $rk12_l @ AES block 2 - round 12 low - eor $input_l1, $input_l1, $rk12_l @ AES block 1 - round 12 low - - fmov $ctr_t1d, $input_l1 @ AES block 1 - mov low - eor $input_h1, $input_h1, $rk12_h @ AES block 1 - round 12 high - - fmov $ctr_t1.d[1], $input_h1 @ AES block 1 - mov high - - eor $input_l3, $input_l3, $rk12_l @ AES block 3 - round 12 low - fmov $ctr_t2d, $input_l2 @ AES block 2 - mov low - - add $rctr32w, $rctr32w, #1 @ CTR block 4 - eor $res0b, $ctr_t0b, $ctr0b @ AES block 0 - result - fmov $ctr0d, $ctr96_b64x @ CTR block 4 - - fmov $ctr0.d[1], $ctr32x @ CTR block 4 - rev $ctr32w, $rctr32w @ CTR block 5 - - orr $ctr32x, $ctr96_t32x, $ctr32x, lsl #32 @ CTR block 5 - add $rctr32w, $rctr32w, #1 @ CTR block 5 - - fmov $ctr_t3d, $input_l3 @ AES block 3 - mov low - st1 { $res0b}, [$output_ptr], #16 @ AES block 0 - store result - - fmov $ctr_t2.d[1], $input_h2 @ AES block 2 - mov high - - eor $res1b, $ctr_t1b, $ctr1b @ AES block 1 - result - fmov $ctr1d, $ctr96_b64x @ CTR block 5 - st1 { $res1b}, [$output_ptr], #16 @ AES block 1 - store result - - fmov $ctr_t3.d[1], $input_h3 @ AES block 3 - mov high - - fmov $ctr1.d[1], $ctr32x @ CTR block 5 - rev $ctr32w, $rctr32w @ CTR block 6 - - orr $ctr32x, $ctr96_t32x, $ctr32x, lsl #32 @ CTR block 6 - - add $rctr32w, $rctr32w, #1 @ CTR block 6 - eor $res2b, $ctr_t2b, $ctr2b @ AES block 2 - result - fmov $ctr2d, $ctr96_b64x @ CTR block 6 - - fmov $ctr2.d[1], $ctr32x @ CTR block 6 - rev $ctr32w, $rctr32w @ CTR block 7 - - orr $ctr32x, $ctr96_t32x, $ctr32x, lsl #32 @ CTR block 7 - st1 { $res2b}, [$output_ptr], #16 @ AES block 2 - store result - - eor $res3b, $ctr_t3b, $ctr3b @ AES block 3 - result - st1 { $res3b}, [$output_ptr], #16 @ AES block 3 - store result - b.ge .L192_enc_prepretail @ do prepretail - - .L192_enc_main_loop: @ main loop start - aese $ctr2b, $rk0 \n aesmc $ctr2b, $ctr2b @ AES block 4k+6 - round 0 - rev64 $res1b, $res1b @ GHASH block 4k+1 (t0 and t1 free) - - aese $ctr1b, $rk0 \n aesmc $ctr1b, $ctr1b @ AES block 4k+5 - round 0 - ldp $input_l1, $input_h1, [$input_ptr, #16] @ AES block 4k+5 - load plaintext - - ext $acc_lb, $acc_lb, $acc_lb, #8 @ PRE 0 - fmov $ctr3d, $ctr96_b64x @ CTR block 4k+3 - rev64 $res0b, $res0b @ GHASH block 4k (only t0 is free) - - aese $ctr2b, $rk1 \n aesmc $ctr2b, $ctr2b @ AES block 4k+6 - round 1 - fmov $ctr3.d[1], $ctr32x @ CTR block 4k+3 - - pmull2 $t1.1q, $res1.2d, $h3.2d @ GHASH block 4k+1 - high - rev64 $res3b, $res3b @ GHASH block 4k+3 (t0, t1, t2 and t3 free) - ldp $input_l2, $input_h2, [$input_ptr, #32] @ AES block 4k+6 - load plaintext - - aese $ctr0b, $rk0 \n aesmc $ctr0b, $ctr0b @ AES block 4k+4 - round 0 - ldp $input_l3, $input_h3, [$input_ptr, #48] @ AES block 4k+3 - load plaintext - - pmull $t2.1q, $res1.1d, $h3.1d @ GHASH block 4k+1 - low - eor $res0b, $res0b, $acc_lb @ PRE 1 - - aese $ctr1b, $rk1 \n aesmc $ctr1b, $ctr1b @ AES block 4k+5 - round 1 - - aese $ctr0b, $rk1 \n aesmc $ctr0b, $ctr0b @ AES block 4k+4 - round 1 - rev64 $res2b, $res2b @ GHASH block 4k+2 (t0, t1, and t2 free) - - aese $ctr3b, $rk0 \n aesmc $ctr3b, $ctr3b @ AES block 4k+7 - round 0 - eor $input_h3, $input_h3, $rk12_h @ AES block 4k+3 - round 12 high - - pmull $acc_l.1q, $res0.1d, $h4.1d @ GHASH block 4k - low - mov $t0d, $res0.d[1] @ GHASH block 4k - mid - - aese $ctr0b, $rk2 \n aesmc $ctr0b, $ctr0b @ AES block 4k+4 - round 2 - - aese $ctr3b, $rk1 \n aesmc $ctr3b, $ctr3b @ AES block 4k+7 - round 1 - eor $input_l2, $input_l2, $rk12_l @ AES block 4k+6 - round 12 low - - eor $t0.8b, $t0.8b, $res0.8b @ GHASH block 4k - mid - eor $acc_lb, $acc_lb, $t2.16b @ GHASH block 4k+1 - low - - aese $ctr0b, $rk3 \n aesmc $ctr0b, $ctr0b @ AES block 4k+4 - round 3 - eor $input_l1, $input_l1, $rk12_l @ AES block 4k+5 - round 12 low - - aese $ctr1b, $rk2 \n aesmc $ctr1b, $ctr1b @ AES block 4k+5 - round 2 - mov $t6d, $res2.d[1] @ GHASH block 4k+2 - mid - - pmull2 $acc_h.1q, $res0.2d, $h4.2d @ GHASH block 4k - high - mov $t3d, $res1.d[1] @ GHASH block 4k+1 - mid - - aese $ctr2b, $rk2 \n aesmc $ctr2b, $ctr2b @ AES block 4k+6 - round 2 - - aese $ctr1b, $rk3 \n aesmc $ctr1b, $ctr1b @ AES block 4k+5 - round 3 - - mov $acc_md, $h34k.d[1] @ GHASH block 4k - mid - eor $acc_hb, $acc_hb, $t1.16b @ GHASH block 4k+1 - high - - aese $ctr3b, $rk2 \n aesmc $ctr3b, $ctr3b @ AES block 4k+7 - round 2 - eor $t6.8b, $t6.8b, $res2.8b @ GHASH block 4k+2 - mid - - pmull2 $t4.1q, $res2.2d, $h2.2d @ GHASH block 4k+2 - high - - aese $ctr0b, $rk4 \n aesmc $ctr0b, $ctr0b @ AES block 4k+4 - round 4 - eor $t3.8b, $t3.8b, $res1.8b @ GHASH block 4k+1 - mid - - aese $ctr3b, $rk3 \n aesmc $ctr3b, $ctr3b @ AES block 4k+7 - round 3 - - pmull2 $t7.1q, $res3.2d, $h1.2d @ GHASH block 4k+3 - high - eor $input_h1, $input_h1, $rk12_h @ AES block 4k+5 - round 12 high - ins $t6.d[1], $t6.d[0] @ GHASH block 4k+2 - mid - - aese $ctr0b, $rk5 \n aesmc $ctr0b, $ctr0b @ AES block 4k+4 - round 5 - add $rctr32w, $rctr32w, #1 @ CTR block 4k+3 - - aese $ctr3b, $rk4 \n aesmc $ctr3b, $ctr3b @ AES block 4k+7 - round 4 - eor $acc_hb, $acc_hb, $t4.16b @ GHASH block 4k+2 - high - - pmull $t3.1q, $t3.1d, $h34k.1d @ GHASH block 4k+1 - mid - eor $input_h2, $input_h2, $rk12_h @ AES block 4k+6 - round 12 high - - pmull2 $t6.1q, $t6.2d, $h12k.2d @ GHASH block 4k+2 - mid - eor $input_l3, $input_l3, $rk12_l @ AES block 4k+3 - round 12 low - mov $t9d, $res3.d[1] @ GHASH block 4k+3 - mid - - pmull $acc_m.1q, $t0.1d, $acc_m.1d @ GHASH block 4k - mid - rev $ctr32w, $rctr32w @ CTR block 4k+8 - - pmull $t5.1q, $res2.1d, $h2.1d @ GHASH block 4k+2 - low - orr $ctr32x, $ctr96_t32x, $ctr32x, lsl #32 @ CTR block 4k+8 - - aese $ctr2b, $rk3 \n aesmc $ctr2b, $ctr2b @ AES block 4k+6 - round 3 - eor $t9.8b, $t9.8b, $res3.8b @ GHASH block 4k+3 - mid - - aese $ctr1b, $rk4 \n aesmc $ctr1b, $ctr1b @ AES block 4k+5 - round 4 - ldp $input_l0, $input_h0, [$input_ptr, #0] @ AES block 4k+4 - load plaintext - - aese $ctr0b, $rk6 \n aesmc $ctr0b, $ctr0b @ AES block 4k+4 - round 6 - eor $acc_lb, $acc_lb, $t5.16b @ GHASH block 4k+2 - low - - aese $ctr2b, $rk4 \n aesmc $ctr2b, $ctr2b @ AES block 4k+6 - round 4 - add $input_ptr, $input_ptr, #64 @ AES input_ptr update - - aese $ctr1b, $rk5 \n aesmc $ctr1b, $ctr1b @ AES block 4k+5 - round 5 - movi $mod_constant.8b, #0xc2 - - pmull $t8.1q, $res3.1d, $h1.1d @ GHASH block 4k+3 - low - eor $input_h0, $input_h0, $rk12_h @ AES block 4k+4 - round 12 high - eor $acc_mb, $acc_mb, $t3.16b @ GHASH block 4k+1 - mid - - aese $ctr2b, $rk5 \n aesmc $ctr2b, $ctr2b @ AES block 4k+6 - round 5 - eor $input_l0, $input_l0, $rk12_l @ AES block 4k+4 - round 12 low - - aese $ctr1b, $rk6 \n aesmc $ctr1b, $ctr1b @ AES block 4k+5 - round 6 - shl $mod_constantd, $mod_constantd, #56 @ mod_constant - - aese $ctr3b, $rk5 \n aesmc $ctr3b, $ctr3b @ AES block 4k+7 - round 5 - eor $acc_hb, $acc_hb, $t7.16b @ GHASH block 4k+3 - high - - aese $ctr0b, $rk7 \n aesmc $ctr0b, $ctr0b @ AES block 4k+4 - round 7 - fmov $ctr_t1d, $input_l1 @ AES block 4k+5 - mov low - - aese $ctr1b, $rk7 \n aesmc $ctr1b, $ctr1b @ AES block 4k+5 - round 7 - eor $acc_mb, $acc_mb, $t6.16b @ GHASH block 4k+2 - mid - - aese $ctr3b, $rk6 \n aesmc $ctr3b, $ctr3b @ AES block 4k+7 - round 6 - fmov $ctr_t1.d[1], $input_h1 @ AES block 4k+5 - mov high - - aese $ctr0b, $rk8 \n aesmc $ctr0b, $ctr0b @ AES block 4k+4 - round 8 - eor $acc_lb, $acc_lb, $t8.16b @ GHASH block 4k+3 - low - - pmull $t9.1q, $t9.1d, $h12k.1d @ GHASH block 4k+3 - mid - cmp $input_ptr, $main_end_input_ptr @ LOOP CONTROL - fmov $ctr_t0d, $input_l0 @ AES block 4k+4 - mov low - - aese $ctr2b, $rk6 \n aesmc $ctr2b, $ctr2b @ AES block 4k+6 - round 6 - fmov $ctr_t0.d[1], $input_h0 @ AES block 4k+4 - mov high - - aese $ctr1b, $rk8 \n aesmc $ctr1b, $ctr1b @ AES block 4k+5 - round 8 - fmov $ctr_t3d, $input_l3 @ AES block 4k+3 - mov low - - eor $acc_mb, $acc_mb, $t9.16b @ GHASH block 4k+3 - mid - eor $t9.16b, $acc_lb, $acc_hb @ MODULO - karatsuba tidy up - add $rctr32w, $rctr32w, #1 @ CTR block 4k+8 - - aese $ctr2b, $rk7 \n aesmc $ctr2b, $ctr2b @ AES block 4k+6 - round 7 - fmov $ctr_t3.d[1], $input_h3 @ AES block 4k+3 - mov high - - pmull $mod_t.1q, $acc_h.1d, $mod_constant.1d @ MODULO - top 64b align with mid - ext $acc_hb, $acc_hb, $acc_hb, #8 @ MODULO - other top alignment - fmov $ctr_t2d, $input_l2 @ AES block 4k+6 - mov low - - aese $ctr3b, $rk7 \n aesmc $ctr3b, $ctr3b @ AES block 4k+7 - round 7 - - aese $ctr0b, $rk9 \n aesmc $ctr0b, $ctr0b @ AES block 4k+4 - round 9 - eor $acc_mb, $acc_mb, $t9.16b @ MODULO - karatsuba tidy up - - aese $ctr2b, $rk8 \n aesmc $ctr2b, $ctr2b @ AES block 4k+6 - round 8 - - aese $ctr3b, $rk8 \n aesmc $ctr3b, $ctr3b @ AES block 4k+7 - round 8 - - aese $ctr1b, $rk9 \n aesmc $ctr1b, $ctr1b @ AES block 4k+5 - round 9 - - aese $ctr0b, $rk10 \n aesmc $ctr0b, $ctr0b @ AES block 4k+4 - round 10 - eor $acc_mb, $acc_mb, $mod_t.16b @ MODULO - fold into mid - - aese $ctr3b, $rk9 \n aesmc $ctr3b, $ctr3b @ AES block 4k+7 - round 9 - - aese $ctr2b, $rk9 \n aesmc $ctr2b, $ctr2b @ AES block 4k+6 - round 9 - - aese $ctr0b, $rk11 @ AES block 4k+4 - round 11 - - aese $ctr1b, $rk10 \n aesmc $ctr1b, $ctr1b @ AES block 4k+5 - round 10 - eor $acc_mb, $acc_mb, $acc_hb @ MODULO - fold into mid - - aese $ctr2b, $rk10 \n aesmc $ctr2b, $ctr2b @ AES block 4k+6 - round 10 - - eor $res0b, $ctr_t0b, $ctr0b @ AES block 4k+4 - result - fmov $ctr0d, $ctr96_b64x @ CTR block 4k+8 - - aese $ctr1b, $rk11 @ AES block 4k+5 - round 11 - fmov $ctr0.d[1], $ctr32x @ CTR block 4k+8 - rev $ctr32w, $rctr32w @ CTR block 4k+9 - - pmull $acc_h.1q, $acc_m.1d, $mod_constant.1d @ MODULO - mid 64b align with low - fmov $ctr_t2.d[1], $input_h2 @ AES block 4k+6 - mov high - st1 { $res0b}, [$output_ptr], #16 @ AES block 4k+4 - store result - - aese $ctr3b, $rk10 \n aesmc $ctr3b, $ctr3b @ AES block 4k+7 - round 10 - orr $ctr32x, $ctr96_t32x, $ctr32x, lsl #32 @ CTR block 4k+9 - - eor $res1b, $ctr_t1b, $ctr1b @ AES block 4k+5 - result - add $rctr32w, $rctr32w, #1 @ CTR block 4k+9 - fmov $ctr1d, $ctr96_b64x @ CTR block 4k+9 - - aese $ctr2b, $rk11 @ AES block 4k+6 - round 11 - fmov $ctr1.d[1], $ctr32x @ CTR block 4k+9 - rev $ctr32w, $rctr32w @ CTR block 4k+10 - - add $rctr32w, $rctr32w, #1 @ CTR block 4k+10 - ext $acc_mb, $acc_mb, $acc_mb, #8 @ MODULO - other mid alignment - orr $ctr32x, $ctr96_t32x, $ctr32x, lsl #32 @ CTR block 4k+10 - - st1 { $res1b}, [$output_ptr], #16 @ AES block 4k+5 - store result - eor $acc_lb, $acc_lb, $acc_hb @ MODULO - fold into low - - aese $ctr3b, $rk11 @ AES block 4k+7 - round 11 - eor $res2b, $ctr_t2b, $ctr2b @ AES block 4k+6 - result - fmov $ctr2d, $ctr96_b64x @ CTR block 4k+10 - - st1 { $res2b}, [$output_ptr], #16 @ AES block 4k+6 - store result - fmov $ctr2.d[1], $ctr32x @ CTR block 4k+10 - rev $ctr32w, $rctr32w @ CTR block 4k+11 - - eor $acc_lb, $acc_lb, $acc_mb @ MODULO - fold into low - orr $ctr32x, $ctr96_t32x, $ctr32x, lsl #32 @ CTR block 4k+11 - - eor $res3b, $ctr_t3b, $ctr3b @ AES block 4k+3 - result - st1 { $res3b}, [$output_ptr], #16 @ AES block 4k+3 - store result - b.lt .L192_enc_main_loop - - .L192_enc_prepretail: @ PREPRETAIL - aese $ctr0b, $rk0 \n aesmc $ctr0b, $ctr0b @ AES block 4k+4 - round 0 - rev64 $res0b, $res0b @ GHASH block 4k (only t0 is free) - - fmov $ctr3d, $ctr96_b64x @ CTR block 4k+3 - ext $acc_lb, $acc_lb, $acc_lb, #8 @ PRE 0 - add $rctr32w, $rctr32w, #1 @ CTR block 4k+3 - - aese $ctr1b, $rk0 \n aesmc $ctr1b, $ctr1b @ AES block 4k+5 - round 0 - rev64 $res1b, $res1b @ GHASH block 4k+1 (t0 and t1 free) - - aese $ctr2b, $rk0 \n aesmc $ctr2b, $ctr2b @ AES block 4k+6 - round 0 - - fmov $ctr3.d[1], $ctr32x @ CTR block 4k+3 - eor $res0b, $res0b, $acc_lb @ PRE 1 - mov $acc_md, $h34k.d[1] @ GHASH block 4k - mid - - aese $ctr1b, $rk1 \n aesmc $ctr1b, $ctr1b @ AES block 4k+5 - round 1 - rev64 $res2b, $res2b @ GHASH block 4k+2 (t0, t1, and t2 free) - - pmull2 $t1.1q, $res1.2d, $h3.2d @ GHASH block 4k+1 - high - - pmull $acc_l.1q, $res0.1d, $h4.1d @ GHASH block 4k - low - mov $t0d, $res0.d[1] @ GHASH block 4k - mid - - pmull $t2.1q, $res1.1d, $h3.1d @ GHASH block 4k+1 - low - rev64 $res3b, $res3b @ GHASH block 4k+3 (t0, t1, t2 and t3 free) - - pmull2 $acc_h.1q, $res0.2d, $h4.2d @ GHASH block 4k - high - - eor $t0.8b, $t0.8b, $res0.8b @ GHASH block 4k - mid - mov $t3d, $res1.d[1] @ GHASH block 4k+1 - mid - - eor $acc_lb, $acc_lb, $t2.16b @ GHASH block 4k+1 - low - mov $t6d, $res2.d[1] @ GHASH block 4k+2 - mid - - aese $ctr3b, $rk0 \n aesmc $ctr3b, $ctr3b @ AES block 4k+7 - round 0 - eor $acc_hb, $acc_hb, $t1.16b @ GHASH block 4k+1 - high - - pmull2 $t4.1q, $res2.2d, $h2.2d @ GHASH block 4k+2 - high - - eor $t3.8b, $t3.8b, $res1.8b @ GHASH block 4k+1 - mid - eor $t6.8b, $t6.8b, $res2.8b @ GHASH block 4k+2 - mid - - aese $ctr3b, $rk1 \n aesmc $ctr3b, $ctr3b @ AES block 4k+7 - round 1 - - aese $ctr2b, $rk1 \n aesmc $ctr2b, $ctr2b @ AES block 4k+6 - round 1 - eor $acc_hb, $acc_hb, $t4.16b @ GHASH block 4k+2 - high - - aese $ctr0b, $rk1 \n aesmc $ctr0b, $ctr0b @ AES block 4k+4 - round 1 - - aese $ctr1b, $rk2 \n aesmc $ctr1b, $ctr1b @ AES block 4k+5 - round 2 - mov $t9d, $res3.d[1] @ GHASH block 4k+3 - mid - - pmull2 $t7.1q, $res3.2d, $h1.2d @ GHASH block 4k+3 - high - ins $t6.d[1], $t6.d[0] @ GHASH block 4k+2 - mid - - aese $ctr0b, $rk2 \n aesmc $ctr0b, $ctr0b @ AES block 4k+4 - round 2 - - pmull $acc_m.1q, $t0.1d, $acc_m.1d @ GHASH block 4k - mid - eor $t9.8b, $t9.8b, $res3.8b @ GHASH block 4k+3 - mid - - aese $ctr1b, $rk3 \n aesmc $ctr1b, $ctr1b @ AES block 4k+5 - round 3 - - pmull2 $t6.1q, $t6.2d, $h12k.2d @ GHASH block 4k+2 - mid - - pmull $t3.1q, $t3.1d, $h34k.1d @ GHASH block 4k+1 - mid - - pmull $t9.1q, $t9.1d, $h12k.1d @ GHASH block 4k+3 - mid - eor $acc_hb, $acc_hb, $t7.16b @ GHASH block 4k+3 - high - - pmull $t5.1q, $res2.1d, $h2.1d @ GHASH block 4k+2 - low - - aese $ctr0b, $rk3 \n aesmc $ctr0b, $ctr0b @ AES block 4k+4 - round 3 - eor $acc_mb, $acc_mb, $t3.16b @ GHASH block 4k+1 - mid - - aese $ctr3b, $rk2 \n aesmc $ctr3b, $ctr3b @ AES block 4k+7 - round 2 - - aese $ctr2b, $rk2 \n aesmc $ctr2b, $ctr2b @ AES block 4k+6 - round 2 - eor $acc_lb, $acc_lb, $t5.16b @ GHASH block 4k+2 - low - - aese $ctr0b, $rk4 \n aesmc $ctr0b, $ctr0b @ AES block 4k+4 - round 4 - - aese $ctr3b, $rk3 \n aesmc $ctr3b, $ctr3b @ AES block 4k+7 - round 3 - eor $acc_mb, $acc_mb, $t6.16b @ GHASH block 4k+2 - mid - - aese $ctr2b, $rk3 \n aesmc $ctr2b, $ctr2b @ AES block 4k+6 - round 3 - - pmull $t8.1q, $res3.1d, $h1.1d @ GHASH block 4k+3 - low - movi $mod_constant.8b, #0xc2 - - aese $ctr3b, $rk4 \n aesmc $ctr3b, $ctr3b @ AES block 4k+7 - round 4 - - aese $ctr2b, $rk4 \n aesmc $ctr2b, $ctr2b @ AES block 4k+6 - round 4 - - aese $ctr1b, $rk4 \n aesmc $ctr1b, $ctr1b @ AES block 4k+5 - round 4 - eor $acc_mb, $acc_mb, $t9.16b @ GHASH block 4k+3 - mid - - aese $ctr3b, $rk5 \n aesmc $ctr3b, $ctr3b @ AES block 4k+7 - round 5 - - aese $ctr2b, $rk5 \n aesmc $ctr2b, $ctr2b @ AES block 4k+6 - round 5 - - aese $ctr1b, $rk5 \n aesmc $ctr1b, $ctr1b @ AES block 4k+5 - round 5 - eor $acc_lb, $acc_lb, $t8.16b @ GHASH block 4k+3 - low - - aese $ctr0b, $rk5 \n aesmc $ctr0b, $ctr0b @ AES block 4k+4 - round 5 - - aese $ctr3b, $rk6 \n aesmc $ctr3b, $ctr3b @ AES block 4k+7 - round 6 - eor $acc_mb, $acc_mb, $acc_hb @ karatsuba tidy up - - aese $ctr1b, $rk6 \n aesmc $ctr1b, $ctr1b @ AES block 4k+5 - round 6 - - aese $ctr0b, $rk6 \n aesmc $ctr0b, $ctr0b @ AES block 4k+4 - round 6 - shl $mod_constantd, $mod_constantd, #56 @ mod_constant - - aese $ctr3b, $rk7 \n aesmc $ctr3b, $ctr3b @ AES block 4k+7 - round 7 - - aese $ctr1b, $rk7 \n aesmc $ctr1b, $ctr1b @ AES block 4k+5 - round 7 - eor $acc_mb, $acc_mb, $acc_lb - - aese $ctr0b, $rk7 \n aesmc $ctr0b, $ctr0b @ AES block 4k+4 - round 7 - - pmull $t1.1q, $acc_h.1d, $mod_constant.1d - - aese $ctr2b, $rk6 \n aesmc $ctr2b, $ctr2b @ AES block 4k+6 - round 6 - ext $acc_hb, $acc_hb, $acc_hb, #8 - - aese $ctr0b, $rk8 \n aesmc $ctr0b, $ctr0b @ AES block 4k+4 - round 8 - - aese $ctr1b, $rk8 \n aesmc $ctr1b, $ctr1b @ AES block 4k+5 - round 8 - eor $acc_mb, $acc_mb, $t1.16b - - aese $ctr2b, $rk7 \n aesmc $ctr2b, $ctr2b @ AES block 4k+6 - round 7 - - aese $ctr3b, $rk8 \n aesmc $ctr3b, $ctr3b @ AES block 4k+7 - round 8 - - aese $ctr0b, $rk9 \n aesmc $ctr0b, $ctr0b @ AES block 4k+4 - round 9 - - aese $ctr2b, $rk8 \n aesmc $ctr2b, $ctr2b @ AES block 4k+6 - round 8 - eor $acc_mb, $acc_mb, $acc_hb - - aese $ctr3b, $rk9 \n aesmc $ctr3b, $ctr3b @ AES block 4k+7 - round 9 - - aese $ctr1b, $rk9 \n aesmc $ctr1b, $ctr1b @ AES block 4k+5 - round 9 - - aese $ctr2b, $rk9 \n aesmc $ctr2b, $ctr2b @ AES block 4k+6 - round 9 - - pmull $t1.1q, $acc_m.1d, $mod_constant.1d - - ext $acc_mb, $acc_mb, $acc_mb, #8 - - aese $ctr3b, $rk10 \n aesmc $ctr3b, $ctr3b @ AES block 4k+7 - round 10 - - aese $ctr0b, $rk10 \n aesmc $ctr0b, $ctr0b @ AES block 4k+4 - round 10 - - aese $ctr2b, $rk10 \n aesmc $ctr2b, $ctr2b @ AES block 4k+6 - round 10 - - aese $ctr1b, $rk10 \n aesmc $ctr1b, $ctr1b @ AES block 4k+5 - round 10 - eor $acc_lb, $acc_lb, $t1.16b - - aese $ctr0b, $rk11 @ AES block 4k+4 - round 11 - - aese $ctr3b, $rk11 @ AES block 4k+7 - round 11 - - aese $ctr2b, $rk11 @ AES block 4k+6 - round 11 - - aese $ctr1b, $rk11 @ AES block 4k+5 - round 11 - eor $acc_lb, $acc_lb, $acc_mb - .L192_enc_tail: @ TAIL - - sub $main_end_input_ptr, $end_input_ptr, $input_ptr @ main_end_input_ptr is number of bytes left to process - ldp $input_l0, $input_h0, [$input_ptr], #16 @ AES block 4k+4 - load plaintext - - eor $input_l0, $input_l0, $rk12_l @ AES block 4k+4 - round 12 low - eor $input_h0, $input_h0, $rk12_h @ AES block 4k+4 - round 12 high - - fmov $ctr_t0d, $input_l0 @ AES block 4k+4 - mov low - - fmov $ctr_t0.d[1], $input_h0 @ AES block 4k+4 - mov high - cmp $main_end_input_ptr, #48 - - eor $res1b, $ctr_t0b, $ctr0b @ AES block 4k+4 - result - - ext $t0.16b, $acc_lb, $acc_lb, #8 @ prepare final partial tag - b.gt .L192_enc_blocks_more_than_3 - - sub $rctr32w, $rctr32w, #1 - movi $acc_m.8b, #0 - - mov $ctr3b, $ctr2b - movi $acc_h.8b, #0 - cmp $main_end_input_ptr, #32 - - mov $ctr2b, $ctr1b - movi $acc_l.8b, #0 - b.gt .L192_enc_blocks_more_than_2 - - sub $rctr32w, $rctr32w, #1 - - mov $ctr3b, $ctr1b - cmp $main_end_input_ptr, #16 - b.gt .L192_enc_blocks_more_than_1 - - sub $rctr32w, $rctr32w, #1 - b .L192_enc_blocks_less_than_1 - .L192_enc_blocks_more_than_3: @ blocks left > 3 - st1 { $res1b}, [$output_ptr], #16 @ AES final-3 block - store result - - ldp $input_l0, $input_h0, [$input_ptr], #16 @ AES final-2 block - load input low & high - - rev64 $res0b, $res1b @ GHASH final-3 block - - eor $input_l0, $input_l0, $rk12_l @ AES final-2 block - round 12 low - eor $res0b, $res0b, $t0.16b @ feed in partial tag - - eor $input_h0, $input_h0, $rk12_h @ AES final-2 block - round 12 high - fmov $res1d, $input_l0 @ AES final-2 block - mov low - - fmov $res1.d[1], $input_h0 @ AES final-2 block - mov high - - mov $rk4d, $res0.d[1] @ GHASH final-3 block - mid - - pmull $acc_l.1q, $res0.1d, $h4.1d @ GHASH final-3 block - low - - mov $acc_md, $h34k.d[1] @ GHASH final-3 block - mid - - eor $rk4v.8b, $rk4v.8b, $res0.8b @ GHASH final-3 block - mid - - movi $t0.8b, #0 @ suppress further partial tag feed in - - pmull2 $acc_h.1q, $res0.2d, $h4.2d @ GHASH final-3 block - high - - pmull $acc_m.1q, $rk4v.1d, $acc_m.1d @ GHASH final-3 block - mid - eor $res1b, $res1b, $ctr1b @ AES final-2 block - result - .L192_enc_blocks_more_than_2: @ blocks left > 2 - - st1 { $res1b}, [$output_ptr], #16 @ AES final-2 block - store result - - rev64 $res0b, $res1b @ GHASH final-2 block - ldp $input_l0, $input_h0, [$input_ptr], #16 @ AES final-1 block - load input low & high - - eor $res0b, $res0b, $t0.16b @ feed in partial tag - - eor $input_h0, $input_h0, $rk12_h @ AES final-1 block - round 12 high - - pmull2 $rk2q1, $res0.2d, $h3.2d @ GHASH final-2 block - high - mov $rk4d, $res0.d[1] @ GHASH final-2 block - mid - - pmull $rk3q1, $res0.1d, $h3.1d @ GHASH final-2 block - low - eor $input_l0, $input_l0, $rk12_l @ AES final-1 block - round 12 low - - fmov $res1d, $input_l0 @ AES final-1 block - mov low - - fmov $res1.d[1], $input_h0 @ AES final-1 block - mov high - eor $acc_hb, $acc_hb, $rk2 @ GHASH final-2 block - high - eor $rk4v.8b, $rk4v.8b, $res0.8b @ GHASH final-2 block - mid - - eor $acc_lb, $acc_lb, $rk3 @ GHASH final-2 block - low - - pmull $rk4v.1q, $rk4v.1d, $h34k.1d @ GHASH final-2 block - mid - - movi $t0.8b, #0 @ suppress further partial tag feed in - - eor $res1b, $res1b, $ctr2b @ AES final-1 block - result - - eor $acc_mb, $acc_mb, $rk4v.16b @ GHASH final-2 block - mid - .L192_enc_blocks_more_than_1: @ blocks left > 1 - - st1 { $res1b}, [$output_ptr], #16 @ AES final-1 block - store result - - ldp $input_l0, $input_h0, [$input_ptr], #16 @ AES final block - load input low & high - - rev64 $res0b, $res1b @ GHASH final-1 block - - eor $input_l0, $input_l0, $rk12_l @ AES final block - round 12 low - eor $res0b, $res0b, $t0.16b @ feed in partial tag - movi $t0.8b, #0 @ suppress further partial tag feed in - - mov $rk4d, $res0.d[1] @ GHASH final-1 block - mid - - eor $rk4v.8b, $rk4v.8b, $res0.8b @ GHASH final-1 block - mid - eor $input_h0, $input_h0, $rk12_h @ AES final block - round 12 high - fmov $res1d, $input_l0 @ AES final block - mov low - - pmull2 $rk2q1, $res0.2d, $h2.2d @ GHASH final-1 block - high - fmov $res1.d[1], $input_h0 @ AES final block - mov high - - ins $rk4v.d[1], $rk4v.d[0] @ GHASH final-1 block - mid - - eor $acc_hb, $acc_hb, $rk2 @ GHASH final-1 block - high - - pmull $rk3q1, $res0.1d, $h2.1d @ GHASH final-1 block - low - - pmull2 $rk4v.1q, $rk4v.2d, $h12k.2d @ GHASH final-1 block - mid - - eor $res1b, $res1b, $ctr3b @ AES final block - result - - eor $acc_lb, $acc_lb, $rk3 @ GHASH final-1 block - low - - eor $acc_mb, $acc_mb, $rk4v.16b @ GHASH final-1 block - mid - .L192_enc_blocks_less_than_1: @ blocks left <= 1 - - ld1 { $rk0}, [$output_ptr] @ load existing bytes where the possibly partial last block is to be stored - rev $ctr32w, $rctr32w - and $bit_length, $bit_length, #127 @ bit_length %= 128 - - sub $bit_length, $bit_length, #128 @ bit_length -= 128 - mvn $rk12_h, xzr @ rk12_h = 0xffffffffffffffff - - neg $bit_length, $bit_length @ bit_length = 128 - #bits in input (in range [1,128]) - mvn $rk12_l, xzr @ rk12_l = 0xffffffffffffffff - - and $bit_length, $bit_length, #127 @ bit_length %= 128 - - lsr $rk12_h, $rk12_h, $bit_length @ rk12_h is mask for top 64b of last block - cmp $bit_length, #64 - - csel $input_l0, $rk12_l, $rk12_h, lt - csel $input_h0, $rk12_h, xzr, lt - - fmov $ctr0d, $input_l0 @ ctr0b is mask for last block - - fmov $ctr0.d[1], $input_h0 - - and $res1b, $res1b, $ctr0b @ possibly partial last block has zeroes in highest bits - - rev64 $res0b, $res1b @ GHASH final block - - eor $res0b, $res0b, $t0.16b @ feed in partial tag - - mov $t0d, $res0.d[1] @ GHASH final block - mid - - pmull $rk3q1, $res0.1d, $h1.1d @ GHASH final block - low - - pmull2 $rk2q1, $res0.2d, $h1.2d @ GHASH final block - high - - eor $t0.8b, $t0.8b, $res0.8b @ GHASH final block - mid - - eor $acc_lb, $acc_lb, $rk3 @ GHASH final block - low - - eor $acc_hb, $acc_hb, $rk2 @ GHASH final block - high - - pmull $t0.1q, $t0.1d, $h12k.1d @ GHASH final block - mid - - eor $acc_mb, $acc_mb, $t0.16b @ GHASH final block - mid - movi $mod_constant.8b, #0xc2 - - eor $t9.16b, $acc_lb, $acc_hb @ MODULO - karatsuba tidy up - - shl $mod_constantd, $mod_constantd, #56 @ mod_constant - - bif $res1b, $rk0, $ctr0b @ insert existing bytes in top end of result before storing - - eor $acc_mb, $acc_mb, $t9.16b @ MODULO - karatsuba tidy up - - pmull $mod_t.1q, $acc_h.1d, $mod_constant.1d @ MODULO - top 64b align with mid - - ext $acc_hb, $acc_hb, $acc_hb, #8 @ MODULO - other top alignment - - eor $acc_mb, $acc_mb, $mod_t.16b @ MODULO - fold into mid - - eor $acc_mb, $acc_mb, $acc_hb @ MODULO - fold into mid - - pmull $acc_h.1q, $acc_m.1d, $mod_constant.1d @ MODULO - mid 64b align with low - - ext $acc_mb, $acc_mb, $acc_mb, #8 @ MODULO - other mid alignment - - eor $acc_lb, $acc_lb, $acc_hb @ MODULO - fold into low - str $ctr32w, [$counter, #12] @ store the updated counter - - st1 { $res1b}, [$output_ptr] @ store all 16B - - eor $acc_lb, $acc_lb, $acc_mb @ MODULO - fold into low - ext $acc_lb, $acc_lb, $acc_lb, #8 - rev64 $acc_lb, $acc_lb - mov x0, $len - st1 { $acc_l.16b }, [$current_tag] - - ldp x21, x22, [sp, #16] - ldp x23, x24, [sp, #32] - ldp d8, d9, [sp, #48] - ldp d10, d11, [sp, #64] - ldp d12, d13, [sp, #80] - ldp d14, d15, [sp, #96] - ldp x19, x20, [sp], #112 - ret - -.L192_enc_ret: - mov w0, #0x0 - ret -.size aes_gcm_enc_192_kernel,.-aes_gcm_enc_192_kernel -___ - -######################################################################################### -# size_t aes_gcm_dec_192_kernel(const unsigned char *in, -# size_t len, -# unsigned char *out, -# const void *key, -# unsigned char ivec[16], -# u64 *Xi); -# -$code.=<<___; -.global aes_gcm_dec_192_kernel -.type aes_gcm_dec_192_kernel,%function -.align 4 -aes_gcm_dec_192_kernel: - cbz x1, .L192_dec_ret - stp x19, x20, [sp, #-112]! - mov x16, x4 - mov x8, x5 - stp x21, x22, [sp, #16] - stp x23, x24, [sp, #32] - stp d8, d9, [sp, #48] - stp d10, d11, [sp, #64] - stp d12, d13, [sp, #80] - stp d14, d15, [sp, #96] - - add $end_input_ptr, $input_ptr, $bit_length, lsr #3 @ end_input_ptr - ldp $ctr96_b64x, $ctr96_t32x, [$counter] @ ctr96_b64, ctr96_t32 - - ld1 { $ctr0b}, [$counter] @ special case vector load initial counter so we can start first AES block as quickly as possible - - ldr $rk0q, [$cc, #0] @ load rk0 - - lsr $main_end_input_ptr, $bit_length, #3 @ byte_len - mov $len, $main_end_input_ptr - ldr $rk2q, [$cc, #32] @ load rk2 - - lsr $rctr32x, $ctr96_t32x, #32 - orr $ctr96_t32w, $ctr96_t32w, $ctr96_t32w - fmov $ctr3d, $ctr96_b64x @ CTR block 3 - - rev $rctr32w, $rctr32w @ rev_ctr32 - fmov $ctr1d, $ctr96_b64x @ CTR block 1 - - add $rctr32w, $rctr32w, #1 @ increment rev_ctr32 - ldr $rk1q, [$cc, #16] @ load rk1 - - aese $ctr0b, $rk0 \n aesmc $ctr0b, $ctr0b @ AES block 0 - round 0 - rev $ctr32w, $rctr32w @ CTR block 1 - - add $rctr32w, $rctr32w, #1 @ CTR block 1 - orr $ctr32x, $ctr96_t32x, $ctr32x, lsl #32 @ CTR block 1 - ldr $rk3q, [$cc, #48] @ load rk3 - - fmov $ctr1.d[1], $ctr32x @ CTR block 1 - rev $ctr32w, $rctr32w @ CTR block 2 - add $rctr32w, $rctr32w, #1 @ CTR block 2 - - fmov $ctr2d, $ctr96_b64x @ CTR block 2 - orr $ctr32x, $ctr96_t32x, $ctr32x, lsl #32 @ CTR block 2 - - fmov $ctr2.d[1], $ctr32x @ CTR block 2 - rev $ctr32w, $rctr32w @ CTR block 3 - - aese $ctr0b, $rk1 \n aesmc $ctr0b, $ctr0b @ AES block 0 - round 1 - orr $ctr32x, $ctr96_t32x, $ctr32x, lsl #32 @ CTR block 3 - - fmov $ctr3.d[1], $ctr32x @ CTR block 3 - - ldr $rk8q, [$cc, #128] @ load rk8 - - aese $ctr0b, $rk2 \n aesmc $ctr0b, $ctr0b @ AES block 0 - round 2 - - aese $ctr2b, $rk0 \n aesmc $ctr2b, $ctr2b @ AES block 2 - round 0 - ldr $rk11q, [$cc, #176] @ load rk11 - - aese $ctr1b, $rk0 \n aesmc $ctr1b, $ctr1b @ AES block 1 - round 0 - ldr $h4q, [$current_tag, #112] @ load h4l | h4h - ext $h4b, $h4b, $h4b, #8 - - aese $ctr3b, $rk0 \n aesmc $ctr3b, $ctr3b @ AES block 3 - round 0 - ldr $h2q, [$current_tag, #64] @ load h2l | h2h - ext $h2b, $h2b, $h2b, #8 - - aese $ctr2b, $rk1 \n aesmc $ctr2b, $ctr2b @ AES block 2 - round 1 - ldr $h3q, [$current_tag, #80] @ load h3l | h3h - ext $h3b, $h3b, $h3b, #8 - - aese $ctr1b, $rk1 \n aesmc $ctr1b, $ctr1b @ AES block 1 - round 1 - ldp $rk12_l, $rk12_h, [$cc, #192] @ load rk12 - - aese $ctr3b, $rk1 \n aesmc $ctr3b, $ctr3b @ AES block 3 - round 1 - ldr $h1q, [$current_tag, #32] @ load h1l | h1h - ext $h1b, $h1b, $h1b, #8 - - aese $ctr2b, $rk2 \n aesmc $ctr2b, $ctr2b @ AES block 2 - round 2 - ldr $rk10q, [$cc, #160] @ load rk10 - - aese $ctr0b, $rk3 \n aesmc $ctr0b, $ctr0b @ AES block 0 - round 3 - ldr $rk9q, [$cc, #144] @ load rk9 - - aese $ctr1b, $rk2 \n aesmc $ctr1b, $ctr1b @ AES block 1 - round 2 - ldr $rk7q, [$cc, #112] @ load rk7 - - aese $ctr3b, $rk2 \n aesmc $ctr3b, $ctr3b @ AES block 3 - round 2 - ldr $rk4q, [$cc, #64] @ load rk4 - - aese $ctr2b, $rk3 \n aesmc $ctr2b, $ctr2b @ AES block 2 - round 3 - ld1 { $acc_lb}, [$current_tag] - ext $acc_lb, $acc_lb, $acc_lb, #8 - rev64 $acc_lb, $acc_lb - - aese $ctr1b, $rk3 \n aesmc $ctr1b, $ctr1b @ AES block 1 - round 3 - add $rctr32w, $rctr32w, #1 @ CTR block 3 - - aese $ctr3b, $rk3 \n aesmc $ctr3b, $ctr3b @ AES block 3 - round 3 - trn1 $acc_h.2d, $h3.2d, $h4.2d @ h4h | h3h - - aese $ctr0b, $rk4 \n aesmc $ctr0b, $ctr0b @ AES block 0 - round 4 - ldr $rk5q, [$cc, #80] @ load rk5 - - aese $ctr1b, $rk4 \n aesmc $ctr1b, $ctr1b @ AES block 1 - round 4 - trn2 $h34k.2d, $h3.2d, $h4.2d @ h4l | h3l - - aese $ctr2b, $rk4 \n aesmc $ctr2b, $ctr2b @ AES block 2 - round 4 - - aese $ctr3b, $rk4 \n aesmc $ctr3b, $ctr3b @ AES block 3 - round 4 - trn2 $h12k.2d, $h1.2d, $h2.2d @ h2l | h1l - - aese $ctr0b, $rk5 \n aesmc $ctr0b, $ctr0b @ AES block 0 - round 5 - ldr $rk6q, [$cc, #96] @ load rk6 - - aese $ctr1b, $rk5 \n aesmc $ctr1b, $ctr1b @ AES block 1 - round 5 - - aese $ctr2b, $rk5 \n aesmc $ctr2b, $ctr2b @ AES block 2 - round 5 - - aese $ctr3b, $rk5 \n aesmc $ctr3b, $ctr3b @ AES block 3 - round 5 - - aese $ctr0b, $rk6 \n aesmc $ctr0b, $ctr0b @ AES block 0 - round 6 - - aese $ctr2b, $rk6 \n aesmc $ctr2b, $ctr2b @ AES block 2 - round 6 - - aese $ctr3b, $rk6 \n aesmc $ctr3b, $ctr3b @ AES block 3 - round 6 - - aese $ctr0b, $rk7 \n aesmc $ctr0b, $ctr0b @ AES block 0 - round 7 - - aese $ctr2b, $rk7 \n aesmc $ctr2b, $ctr2b @ AES block 2 - round 7 - - aese $ctr3b, $rk7 \n aesmc $ctr3b, $ctr3b @ AES block 3 - round 7 - - aese $ctr1b, $rk6 \n aesmc $ctr1b, $ctr1b @ AES block 1 - round 6 - - aese $ctr2b, $rk8 \n aesmc $ctr2b, $ctr2b @ AES block 2 - round 8 - - aese $ctr3b, $rk8 \n aesmc $ctr3b, $ctr3b @ AES block 3 - round 8 - - aese $ctr1b, $rk7 \n aesmc $ctr1b, $ctr1b @ AES block 1 - round 7 - - aese $ctr2b, $rk9 \n aesmc $ctr2b, $ctr2b @ AES block 2 - round 9 - - aese $ctr3b, $rk9 \n aesmc $ctr3b, $ctr3b @ AES block 3 - round 9 - - aese $ctr1b, $rk8 \n aesmc $ctr1b, $ctr1b @ AES block 1 - round 8 - sub $main_end_input_ptr, $main_end_input_ptr, #1 @ byte_len - 1 - - aese $ctr0b, $rk8 \n aesmc $ctr0b, $ctr0b @ AES block 0 - round 8 - and $main_end_input_ptr, $main_end_input_ptr, #0xffffffffffffffc0 @ number of bytes to be processed in main loop (at least 1 byte must be handled by tail) - - aese $ctr3b, $rk10 \n aesmc $ctr3b, $ctr3b @ AES block 3 - round 10 - add $main_end_input_ptr, $main_end_input_ptr, $input_ptr - - aese $ctr1b, $rk9 \n aesmc $ctr1b, $ctr1b @ AES block 1 - round 9 - cmp $input_ptr, $main_end_input_ptr @ check if we have <= 4 blocks - - aese $ctr0b, $rk9 \n aesmc $ctr0b, $ctr0b @ AES block 0 - round 9 - trn1 $t0.2d, $h1.2d, $h2.2d @ h2h | h1h - - aese $ctr3b, $rk11 @ AES block 3 - round 11 - - aese $ctr2b, $rk10 \n aesmc $ctr2b, $ctr2b @ AES block 2 - round 10 - - aese $ctr1b, $rk10 \n aesmc $ctr1b, $ctr1b @ AES block 1 - round 10 - - aese $ctr0b, $rk10 \n aesmc $ctr0b, $ctr0b @ AES block 0 - round 10 - eor $h12k.16b, $h12k.16b, $t0.16b @ h2k | h1k - - aese $ctr2b, $rk11 @ AES block 2 - round 11 - - aese $ctr1b, $rk11 @ AES block 1 - round 11 - eor $h34k.16b, $h34k.16b, $acc_h.16b @ h4k | h3k - - aese $ctr0b, $rk11 @ AES block 0 - round 11 - b.ge .L192_dec_tail @ handle tail - - ldr $res1q, [$input_ptr, #16] @ AES block 1 - load ciphertext - - ldr $res0q, [$input_ptr, #0] @ AES block 0 - load ciphertext - - eor $ctr1b, $res1b, $ctr1b @ AES block 1 - result - - eor $ctr0b, $res0b, $ctr0b @ AES block 0 - result - rev $ctr32w, $rctr32w @ CTR block 4 - ldr $res3q, [$input_ptr, #48] @ AES block 3 - load ciphertext - - ldr $res2q, [$input_ptr, #32] @ AES block 2 - load ciphertext - - mov $output_l1, $ctr1.d[0] @ AES block 1 - mov low - - mov $output_h1, $ctr1.d[1] @ AES block 1 - mov high - - mov $output_l0, $ctr0.d[0] @ AES block 0 - mov low - orr $ctr32x, $ctr96_t32x, $ctr32x, lsl #32 @ CTR block 4 - add $rctr32w, $rctr32w, #1 @ CTR block 4 - - mov $output_h0, $ctr0.d[1] @ AES block 0 - mov high - rev64 $res0b, $res0b @ GHASH block 0 - add $input_ptr, $input_ptr, #64 @ AES input_ptr update - - fmov $ctr0d, $ctr96_b64x @ CTR block 4 - rev64 $res1b, $res1b @ GHASH block 1 - cmp $input_ptr, $main_end_input_ptr @ check if we have <= 8 blocks - - eor $output_l1, $output_l1, $rk12_l @ AES block 1 - round 12 low - fmov $ctr0.d[1], $ctr32x @ CTR block 4 - rev $ctr32w, $rctr32w @ CTR block 5 - - orr $ctr32x, $ctr96_t32x, $ctr32x, lsl #32 @ CTR block 5 - fmov $ctr1d, $ctr96_b64x @ CTR block 5 - eor $output_h1, $output_h1, $rk12_h @ AES block 1 - round 12 high - - add $rctr32w, $rctr32w, #1 @ CTR block 5 - fmov $ctr1.d[1], $ctr32x @ CTR block 5 - eor $output_l0, $output_l0, $rk12_l @ AES block 0 - round 12 low - - rev $ctr32w, $rctr32w @ CTR block 6 - eor $output_h0, $output_h0, $rk12_h @ AES block 0 - round 12 high - - stp $output_l0, $output_h0, [$output_ptr], #16 @ AES block 0 - store result - orr $ctr32x, $ctr96_t32x, $ctr32x, lsl #32 @ CTR block 6 - - stp $output_l1, $output_h1, [$output_ptr], #16 @ AES block 1 - store result - - add $rctr32w, $rctr32w, #1 @ CTR block 6 - eor $ctr2b, $res2b, $ctr2b @ AES block 2 - result - b.ge .L192_dec_prepretail @ do prepretail - - .L192_dec_main_loop: @ main loop start - aese $ctr1b, $rk0 \n aesmc $ctr1b, $ctr1b @ AES block 4k+5 - round 0 - ext $acc_lb, $acc_lb, $acc_lb, #8 @ PRE 0 - - pmull $t2.1q, $res1.1d, $h3.1d @ GHASH block 4k+1 - low - mov $output_l2, $ctr2.d[0] @ AES block 4k+2 - mov low - - mov $output_h2, $ctr2.d[1] @ AES block 4k+2 - mov high - eor $ctr3b, $res3b, $ctr3b @ AES block 4k+3 - result - rev64 $res3b, $res3b @ GHASH block 4k+3 - - aese $ctr1b, $rk1 \n aesmc $ctr1b, $ctr1b @ AES block 4k+5 - round 1 - fmov $ctr2d, $ctr96_b64x @ CTR block 4k+6 - - aese $ctr0b, $rk0 \n aesmc $ctr0b, $ctr0b @ AES block 4k+4 - round 0 - eor $res0b, $res0b, $acc_lb @ PRE 1 - - pmull2 $t1.1q, $res1.2d, $h3.2d @ GHASH block 4k+1 - high - fmov $ctr2.d[1], $ctr32x @ CTR block 4k+6 - - aese $ctr1b, $rk2 \n aesmc $ctr1b, $ctr1b @ AES block 4k+5 - round 2 - mov $output_h3, $ctr3.d[1] @ AES block 4k+3 - mov high - - aese $ctr0b, $rk1 \n aesmc $ctr0b, $ctr0b @ AES block 4k+4 - round 1 - mov $output_l3, $ctr3.d[0] @ AES block 4k+3 - mov low - - pmull2 $acc_h.1q, $res0.2d, $h4.2d @ GHASH block 4k - high - fmov $ctr3d, $ctr96_b64x @ CTR block 4k+7 - mov $t0d, $res0.d[1] @ GHASH block 4k - mid - - pmull $acc_l.1q, $res0.1d, $h4.1d @ GHASH block 4k - low - mov $acc_md, $h34k.d[1] @ GHASH block 4k - mid - rev $ctr32w, $rctr32w @ CTR block 4k+7 - - aese $ctr2b, $rk0 \n aesmc $ctr2b, $ctr2b @ AES block 4k+6 - round 0 - orr $ctr32x, $ctr96_t32x, $ctr32x, lsl #32 @ CTR block 4k+7 - - fmov $ctr3.d[1], $ctr32x @ CTR block 4k+7 - eor $t0.8b, $t0.8b, $res0.8b @ GHASH block 4k - mid - mov $t3d, $res1.d[1] @ GHASH block 4k+1 - mid - - aese $ctr1b, $rk3 \n aesmc $ctr1b, $ctr1b @ AES block 4k+5 - round 3 - - aese $ctr0b, $rk2 \n aesmc $ctr0b, $ctr0b @ AES block 4k+4 - round 2 - eor $output_h2, $output_h2, $rk12_h @ AES block 4k+2 - round 12 high - - aese $ctr2b, $rk1 \n aesmc $ctr2b, $ctr2b @ AES block 4k+6 - round 1 - eor $t3.8b, $t3.8b, $res1.8b @ GHASH block 4k+1 - mid - - pmull $acc_m.1q, $t0.1d, $acc_m.1d @ GHASH block 4k - mid - - aese $ctr3b, $rk0 \n aesmc $ctr3b, $ctr3b @ AES block 4k+7 - round 0 - rev64 $res2b, $res2b @ GHASH block 4k+2 - - aese $ctr2b, $rk2 \n aesmc $ctr2b, $ctr2b @ AES block 4k+6 - round 2 - - pmull $t3.1q, $t3.1d, $h34k.1d @ GHASH block 4k+1 - mid - eor $acc_lb, $acc_lb, $t2.16b @ GHASH block 4k+1 - low - eor $output_l2, $output_l2, $rk12_l @ AES block 4k+2 - round 12 low - - aese $ctr1b, $rk4 \n aesmc $ctr1b, $ctr1b @ AES block 4k+5 - round 4 - - aese $ctr0b, $rk3 \n aesmc $ctr0b, $ctr0b @ AES block 4k+4 - round 3 - - eor $acc_mb, $acc_mb, $t3.16b @ GHASH block 4k+1 - mid - mov $t6d, $res2.d[1] @ GHASH block 4k+2 - mid - - aese $ctr3b, $rk1 \n aesmc $ctr3b, $ctr3b @ AES block 4k+7 - round 1 - eor $acc_hb, $acc_hb, $t1.16b @ GHASH block 4k+1 - high - - aese $ctr0b, $rk4 \n aesmc $ctr0b, $ctr0b @ AES block 4k+4 - round 4 - - pmull2 $t4.1q, $res2.2d, $h2.2d @ GHASH block 4k+2 - high - eor $t6.8b, $t6.8b, $res2.8b @ GHASH block 4k+2 - mid - - pmull $t5.1q, $res2.1d, $h2.1d @ GHASH block 4k+2 - low - - aese $ctr0b, $rk5 \n aesmc $ctr0b, $ctr0b @ AES block 4k+4 - round 5 - - eor $acc_hb, $acc_hb, $t4.16b @ GHASH block 4k+2 - high - mov $t9d, $res3.d[1] @ GHASH block 4k+3 - mid - - aese $ctr1b, $rk5 \n aesmc $ctr1b, $ctr1b @ AES block 4k+5 - round 5 - - pmull2 $t7.1q, $res3.2d, $h1.2d @ GHASH block 4k+3 - high - - aese $ctr3b, $rk2 \n aesmc $ctr3b, $ctr3b @ AES block 4k+7 - round 2 - eor $t9.8b, $t9.8b, $res3.8b @ GHASH block 4k+3 - mid - - aese $ctr1b, $rk6 \n aesmc $ctr1b, $ctr1b @ AES block 4k+5 - round 6 - - aese $ctr0b, $rk6 \n aesmc $ctr0b, $ctr0b @ AES block 4k+4 - round 6 - ins $t6.d[1], $t6.d[0] @ GHASH block 4k+2 - mid - - aese $ctr3b, $rk3 \n aesmc $ctr3b, $ctr3b @ AES block 4k+7 - round 3 - - pmull $t9.1q, $t9.1d, $h12k.1d @ GHASH block 4k+3 - mid - eor $acc_lb, $acc_lb, $t5.16b @ GHASH block 4k+2 - low - - aese $ctr0b, $rk7 \n aesmc $ctr0b, $ctr0b @ AES block 4k+4 - round 7 - - pmull2 $t6.1q, $t6.2d, $h12k.2d @ GHASH block 4k+2 - mid - eor $acc_hb, $acc_hb, $t7.16b @ GHASH block 4k+3 - high - - aese $ctr1b, $rk7 \n aesmc $ctr1b, $ctr1b @ AES block 4k+5 - round 7 - - aese $ctr0b, $rk8 \n aesmc $ctr0b, $ctr0b @ AES block 4k+4 - round 8 - movi $mod_constant.8b, #0xc2 - - pmull $t8.1q, $res3.1d, $h1.1d @ GHASH block 4k+3 - low - - aese $ctr1b, $rk8 \n aesmc $ctr1b, $ctr1b @ AES block 4k+5 - round 8 - eor $acc_mb, $acc_mb, $t6.16b @ GHASH block 4k+2 - mid - - aese $ctr2b, $rk3 \n aesmc $ctr2b, $ctr2b @ AES block 4k+6 - round 3 - - aese $ctr0b, $rk9 \n aesmc $ctr0b, $ctr0b @ AES block 4k+4 - round 9 - eor $acc_lb, $acc_lb, $t8.16b @ GHASH block 4k+3 - low - - aese $ctr3b, $rk4 \n aesmc $ctr3b, $ctr3b @ AES block 4k+7 - round 4 - - aese $ctr2b, $rk4 \n aesmc $ctr2b, $ctr2b @ AES block 4k+6 - round 4 - eor $acc_mb, $acc_mb, $t9.16b @ GHASH block 4k+3 - mid - - aese $ctr0b, $rk10 \n aesmc $ctr0b, $ctr0b @ AES block 4k+4 - round 10 - - aese $ctr1b, $rk9 \n aesmc $ctr1b, $ctr1b @ AES block 4k+5 - round 9 - eor $t9.16b, $acc_lb, $acc_hb @ MODULO - karatsuba tidy up - - aese $ctr2b, $rk5 \n aesmc $ctr2b, $ctr2b @ AES block 4k+6 - round 5 - - aese $ctr3b, $rk5 \n aesmc $ctr3b, $ctr3b @ AES block 4k+7 - round 5 - shl $mod_constantd, $mod_constantd, #56 @ mod_constant - - aese $ctr1b, $rk10 \n aesmc $ctr1b, $ctr1b @ AES block 4k+5 - round 10 - - aese $ctr2b, $rk6 \n aesmc $ctr2b, $ctr2b @ AES block 4k+6 - round 6 - ldr $res2q, [$input_ptr, #32] @ AES block 4k+6 - load ciphertext - - aese $ctr3b, $rk6 \n aesmc $ctr3b, $ctr3b @ AES block 4k+7 - round 6 - eor $acc_mb, $acc_mb, $t9.16b @ MODULO - karatsuba tidy up - - pmull $mod_t.1q, $acc_h.1d, $mod_constant.1d @ MODULO - top 64b align with mid - ldr $res3q, [$input_ptr, #48] @ AES block 4k+7 - load ciphertext - eor $output_l3, $output_l3, $rk12_l @ AES block 4k+3 - round 12 low - - aese $ctr2b, $rk7 \n aesmc $ctr2b, $ctr2b @ AES block 4k+6 - round 7 - ext $acc_hb, $acc_hb, $acc_hb, #8 @ MODULO - other top alignment - - aese $ctr0b, $rk11 @ AES block 4k+4 - round 11 - add $rctr32w, $rctr32w, #1 @ CTR block 4k+7 - - aese $ctr3b, $rk7 \n aesmc $ctr3b, $ctr3b @ AES block 4k+7 - round 7 - eor $acc_mb, $acc_mb, $mod_t.16b @ MODULO - fold into mid - - aese $ctr2b, $rk8 \n aesmc $ctr2b, $ctr2b @ AES block 4k+6 - round 8 - ldr $res0q, [$input_ptr, #0] @ AES block 4k+4 - load ciphertext - - aese $ctr1b, $rk11 @ AES block 4k+5 - round 11 - ldr $res1q, [$input_ptr, #16] @ AES block 4k+5 - load ciphertext - rev $ctr32w, $rctr32w @ CTR block 4k+8 - - aese $ctr3b, $rk8 \n aesmc $ctr3b, $ctr3b @ AES block 4k+7 - round 8 - stp $output_l2, $output_h2, [$output_ptr], #16 @ AES block 4k+2 - store result - - aese $ctr2b, $rk9 \n aesmc $ctr2b, $ctr2b @ AES block 4k+6 - round 9 - eor $acc_mb, $acc_mb, $acc_hb @ MODULO - fold into mid - - add $input_ptr, $input_ptr, #64 @ AES input_ptr update - cmp $input_ptr, $main_end_input_ptr @ LOOP CONTROL - - eor $ctr0b, $res0b, $ctr0b @ AES block 4k+4 - result - eor $output_h3, $output_h3, $rk12_h @ AES block 4k+3 - round 12 high - eor $ctr1b, $res1b, $ctr1b @ AES block 4k+5 - result - - aese $ctr2b, $rk10 \n aesmc $ctr2b, $ctr2b @ AES block 4k+6 - round 10 - orr $ctr32x, $ctr96_t32x, $ctr32x, lsl #32 @ CTR block 4k+8 - - aese $ctr3b, $rk9 \n aesmc $ctr3b, $ctr3b @ AES block 4k+7 - round 9 - - pmull $mod_constant.1q, $acc_m.1d, $mod_constant.1d @ MODULO - mid 64b align with low - mov $output_l1, $ctr1.d[0] @ AES block 4k+5 - mov low - - mov $output_l0, $ctr0.d[0] @ AES block 4k+4 - mov low - stp $output_l3, $output_h3, [$output_ptr], #16 @ AES block 4k+3 - store result - rev64 $res1b, $res1b @ GHASH block 4k+5 - - aese $ctr2b, $rk11 @ AES block 4k+6 - round 11 - mov $output_h0, $ctr0.d[1] @ AES block 4k+4 - mov high - - aese $ctr3b, $rk10 \n aesmc $ctr3b, $ctr3b @ AES block 4k+7 - round 10 - mov $output_h1, $ctr1.d[1] @ AES block 4k+5 - mov high - - fmov $ctr0d, $ctr96_b64x @ CTR block 4k+8 - add $rctr32w, $rctr32w, #1 @ CTR block 4k+8 - ext $acc_mb, $acc_mb, $acc_mb, #8 @ MODULO - other mid alignment - - eor $ctr2b, $res2b, $ctr2b @ AES block 4k+6 - result - fmov $ctr0.d[1], $ctr32x @ CTR block 4k+8 - rev $ctr32w, $rctr32w @ CTR block 4k+9 - - eor $output_l0, $output_l0, $rk12_l @ AES block 4k+4 - round 12 low - orr $ctr32x, $ctr96_t32x, $ctr32x, lsl #32 @ CTR block 4k+9 - eor $acc_lb, $acc_lb, $mod_constant.16b @ MODULO - fold into low - - fmov $ctr1d, $ctr96_b64x @ CTR block 4k+9 - add $rctr32w, $rctr32w, #1 @ CTR block 4k+9 - eor $output_l1, $output_l1, $rk12_l @ AES block 4k+5 - round 12 low - - fmov $ctr1.d[1], $ctr32x @ CTR block 4k+9 - rev $ctr32w, $rctr32w @ CTR block 4k+10 - eor $output_h1, $output_h1, $rk12_h @ AES block 4k+5 - round 12 high - - eor $output_h0, $output_h0, $rk12_h @ AES block 4k+4 - round 12 high - stp $output_l0, $output_h0, [$output_ptr], #16 @ AES block 4k+4 - store result - eor $acc_lb, $acc_lb, $acc_mb @ MODULO - fold into low - - add $rctr32w, $rctr32w, #1 @ CTR block 4k+10 - rev64 $res0b, $res0b @ GHASH block 4k+4 - orr $ctr32x, $ctr96_t32x, $ctr32x, lsl #32 @ CTR block 4k+10 - - aese $ctr3b, $rk11 @ AES block 4k+7 - round 11 - stp $output_l1, $output_h1, [$output_ptr], #16 @ AES block 4k+5 - store result - b.lt .L192_dec_main_loop - - .L192_dec_prepretail: @ PREPRETAIL - mov $output_h2, $ctr2.d[1] @ AES block 4k+2 - mov high - ext $acc_lb, $acc_lb, $acc_lb, #8 @ PRE 0 - eor $ctr3b, $res3b, $ctr3b @ AES block 4k+3 - result - - aese $ctr1b, $rk0 \n aesmc $ctr1b, $ctr1b @ AES block 4k+5 - round 0 - mov $output_l2, $ctr2.d[0] @ AES block 4k+2 - mov low - - aese $ctr0b, $rk0 \n aesmc $ctr0b, $ctr0b @ AES block 4k+4 - round 0 - mov $acc_md, $h34k.d[1] @ GHASH block 4k - mid - - eor $res0b, $res0b, $acc_lb @ PRE 1 - fmov $ctr2d, $ctr96_b64x @ CTR block 4k+6 - - aese $ctr1b, $rk1 \n aesmc $ctr1b, $ctr1b @ AES block 4k+5 - round 1 - mov $output_l3, $ctr3.d[0] @ AES block 4k+3 - mov low - - aese $ctr0b, $rk1 \n aesmc $ctr0b, $ctr0b @ AES block 4k+4 - round 1 - mov $output_h3, $ctr3.d[1] @ AES block 4k+3 - mov high - - pmull $acc_l.1q, $res0.1d, $h4.1d @ GHASH block 4k - low - mov $t0d, $res0.d[1] @ GHASH block 4k - mid - fmov $ctr3d, $ctr96_b64x @ CTR block 4k+7 - - aese $ctr1b, $rk2 \n aesmc $ctr1b, $ctr1b @ AES block 4k+5 - round 2 - rev64 $res2b, $res2b @ GHASH block 4k+2 - - pmull2 $acc_h.1q, $res0.2d, $h4.2d @ GHASH block 4k - high - fmov $ctr2.d[1], $ctr32x @ CTR block 4k+6 - rev $ctr32w, $rctr32w @ CTR block 4k+7 - - orr $ctr32x, $ctr96_t32x, $ctr32x, lsl #32 @ CTR block 4k+7 - eor $t0.8b, $t0.8b, $res0.8b @ GHASH block 4k - mid - mov $t3d, $res1.d[1] @ GHASH block 4k+1 - mid - - pmull $t2.1q, $res1.1d, $h3.1d @ GHASH block 4k+1 - low - eor $output_h3, $output_h3, $rk12_h @ AES block 4k+3 - round 12 high - fmov $ctr3.d[1], $ctr32x @ CTR block 4k+7 - - aese $ctr0b, $rk2 \n aesmc $ctr0b, $ctr0b @ AES block 4k+4 - round 2 - eor $output_l2, $output_l2, $rk12_l @ AES block 4k+2 - round 12 low - - pmull2 $t1.1q, $res1.2d, $h3.2d @ GHASH block 4k+1 - high - eor $output_h2, $output_h2, $rk12_h @ AES block 4k+2 - round 12 high - eor $t3.8b, $t3.8b, $res1.8b @ GHASH block 4k+1 - mid - - pmull $acc_m.1q, $t0.1d, $acc_m.1d @ GHASH block 4k - mid - eor $output_l3, $output_l3, $rk12_l @ AES block 4k+3 - round 12 low - stp $output_l2, $output_h2, [$output_ptr], #16 @ AES block 4k+2 - store result - - rev64 $res3b, $res3b @ GHASH block 4k+3 - stp $output_l3, $output_h3, [$output_ptr], #16 @ AES block 4k+3 - store result - - aese $ctr3b, $rk0 \n aesmc $ctr3b, $ctr3b @ AES block 4k+7 - round 0 - eor $acc_hb, $acc_hb, $t1.16b @ GHASH block 4k+1 - high - - pmull $t3.1q, $t3.1d, $h34k.1d @ GHASH block 4k+1 - mid - add $rctr32w, $rctr32w, #1 @ CTR block 4k+7 - - pmull2 $t4.1q, $res2.2d, $h2.2d @ GHASH block 4k+2 - high - eor $acc_lb, $acc_lb, $t2.16b @ GHASH block 4k+1 - low - - aese $ctr2b, $rk0 \n aesmc $ctr2b, $ctr2b @ AES block 4k+6 - round 0 - - eor $acc_mb, $acc_mb, $t3.16b @ GHASH block 4k+1 - mid - mov $t6d, $res2.d[1] @ GHASH block 4k+2 - mid - - aese $ctr3b, $rk1 \n aesmc $ctr3b, $ctr3b @ AES block 4k+7 - round 1 - - aese $ctr2b, $rk1 \n aesmc $ctr2b, $ctr2b @ AES block 4k+6 - round 1 - eor $acc_hb, $acc_hb, $t4.16b @ GHASH block 4k+2 - high - - eor $t6.8b, $t6.8b, $res2.8b @ GHASH block 4k+2 - mid - - pmull $t5.1q, $res2.1d, $h2.1d @ GHASH block 4k+2 - low - - aese $ctr2b, $rk2 \n aesmc $ctr2b, $ctr2b @ AES block 4k+6 - round 2 - mov $t9d, $res3.d[1] @ GHASH block 4k+3 - mid - - aese $ctr3b, $rk2 \n aesmc $ctr3b, $ctr3b @ AES block 4k+7 - round 2 - ins $t6.d[1], $t6.d[0] @ GHASH block 4k+2 - mid - - pmull $t8.1q, $res3.1d, $h1.1d @ GHASH block 4k+3 - low - - aese $ctr0b, $rk3 \n aesmc $ctr0b, $ctr0b @ AES block 4k+4 - round 3 - eor $t9.8b, $t9.8b, $res3.8b @ GHASH block 4k+3 - mid - - aese $ctr1b, $rk3 \n aesmc $ctr1b, $ctr1b @ AES block 4k+5 - round 3 - - pmull2 $t6.1q, $t6.2d, $h12k.2d @ GHASH block 4k+2 - mid - eor $acc_lb, $acc_lb, $t5.16b @ GHASH block 4k+2 - low - - aese $ctr0b, $rk4 \n aesmc $ctr0b, $ctr0b @ AES block 4k+4 - round 4 - - pmull2 $t7.1q, $res3.2d, $h1.2d @ GHASH block 4k+3 - high - movi $mod_constant.8b, #0xc2 - - pmull $t9.1q, $t9.1d, $h12k.1d @ GHASH block 4k+3 - mid - - aese $ctr2b, $rk3 \n aesmc $ctr2b, $ctr2b @ AES block 4k+6 - round 3 - - shl $mod_constantd, $mod_constantd, #56 @ mod_constant - eor $acc_hb, $acc_hb, $t7.16b @ GHASH block 4k+3 - high - - aese $ctr0b, $rk5 \n aesmc $ctr0b, $ctr0b @ AES block 4k+4 - round 5 - eor $acc_mb, $acc_mb, $t6.16b @ GHASH block 4k+2 - mid - - aese $ctr2b, $rk4 \n aesmc $ctr2b, $ctr2b @ AES block 4k+6 - round 4 - - pmull $mod_t.1q, $acc_h.1d, $mod_constant.1d @ MODULO - top 64b align with mid - eor $acc_lb, $acc_lb, $t8.16b @ GHASH block 4k+3 - low - - aese $ctr0b, $rk6 \n aesmc $ctr0b, $ctr0b @ AES block 4k+4 - round 6 - - aese $ctr3b, $rk3 \n aesmc $ctr3b, $ctr3b @ AES block 4k+7 - round 3 - eor $acc_mb, $acc_mb, $t9.16b @ GHASH block 4k+3 - mid - - aese $ctr2b, $rk5 \n aesmc $ctr2b, $ctr2b @ AES block 4k+6 - round 5 - - aese $ctr0b, $rk7 \n aesmc $ctr0b, $ctr0b @ AES block 4k+4 - round 7 - eor $t9.16b, $acc_lb, $acc_hb @ MODULO - karatsuba tidy up - - aese $ctr3b, $rk4 \n aesmc $ctr3b, $ctr3b @ AES block 4k+7 - round 4 - - aese $ctr2b, $rk6 \n aesmc $ctr2b, $ctr2b @ AES block 4k+6 - round 6 - ext $acc_hb, $acc_hb, $acc_hb, #8 @ MODULO - other top alignment - - aese $ctr0b, $rk8 \n aesmc $ctr0b, $ctr0b @ AES block 4k+4 - round 8 - - aese $ctr3b, $rk5 \n aesmc $ctr3b, $ctr3b @ AES block 4k+7 - round 5 - eor $acc_mb, $acc_mb, $t9.16b @ MODULO - karatsuba tidy up - - aese $ctr1b, $rk4 \n aesmc $ctr1b, $ctr1b @ AES block 4k+5 - round 4 - - aese $ctr2b, $rk7 \n aesmc $ctr2b, $ctr2b @ AES block 4k+6 - round 7 - - aese $ctr0b, $rk9 \n aesmc $ctr0b, $ctr0b @ AES block 4k+4 - round 9 - - aese $ctr1b, $rk5 \n aesmc $ctr1b, $ctr1b @ AES block 4k+5 - round 5 - - aese $ctr3b, $rk6 \n aesmc $ctr3b, $ctr3b @ AES block 4k+7 - round 6 - eor $acc_mb, $acc_mb, $mod_t.16b @ MODULO - fold into mid - - aese $ctr0b, $rk10 \n aesmc $ctr0b, $ctr0b @ AES block 4k+4 - round 10 - - aese $ctr1b, $rk6 \n aesmc $ctr1b, $ctr1b @ AES block 4k+5 - round 6 - - aese $ctr3b, $rk7 \n aesmc $ctr3b, $ctr3b @ AES block 4k+7 - round 7 - - aese $ctr2b, $rk8 \n aesmc $ctr2b, $ctr2b @ AES block 4k+6 - round 8 - eor $acc_mb, $acc_mb, $acc_hb @ MODULO - fold into mid - - aese $ctr1b, $rk7 \n aesmc $ctr1b, $ctr1b @ AES block 4k+5 - round 7 - - aese $ctr3b, $rk8 \n aesmc $ctr3b, $ctr3b @ AES block 4k+7 - round 8 - - aese $ctr2b, $rk9 \n aesmc $ctr2b, $ctr2b @ AES block 4k+6 - round 9 - - aese $ctr1b, $rk8 \n aesmc $ctr1b, $ctr1b @ AES block 4k+5 - round 8 - - aese $ctr3b, $rk9 \n aesmc $ctr3b, $ctr3b @ AES block 4k+7 - round 9 - - pmull $mod_constant.1q, $acc_m.1d, $mod_constant.1d @ MODULO - mid 64b align with low - - aese $ctr1b, $rk9 \n aesmc $ctr1b, $ctr1b @ AES block 4k+5 - round 9 - - aese $ctr2b, $rk10 \n aesmc $ctr2b, $ctr2b @ AES block 4k+6 - round 10 - - aese $ctr3b, $rk10 \n aesmc $ctr3b, $ctr3b @ AES block 4k+7 - round 10 - ext $acc_mb, $acc_mb, $acc_mb, #8 @ MODULO - other mid alignment - - aese $ctr1b, $rk10 \n aesmc $ctr1b, $ctr1b @ AES block 4k+5 - round 10 - - aese $ctr0b, $rk11 - eor $acc_lb, $acc_lb, $mod_constant.16b @ MODULO - fold into low - - aese $ctr2b, $rk11 - - aese $ctr1b, $rk11 - - aese $ctr3b, $rk11 - - eor $acc_lb, $acc_lb, $acc_mb @ MODULO - fold into low - .L192_dec_tail: @ TAIL - - sub $main_end_input_ptr, $end_input_ptr, $input_ptr @ main_end_input_ptr is number of bytes left to process - ld1 { $res1b}, [$input_ptr], #16 @ AES block 4k+4 - load ciphertext - - eor $ctr0b, $res1b, $ctr0b @ AES block 4k+4 - result - - mov $output_h0, $ctr0.d[1] @ AES block 4k+4 - mov high - - mov $output_l0, $ctr0.d[0] @ AES block 4k+4 - mov low - - ext $t0.16b, $acc_lb, $acc_lb, #8 @ prepare final partial tag - - cmp $main_end_input_ptr, #48 - - eor $output_h0, $output_h0, $rk12_h @ AES block 4k+4 - round 12 high - - eor $output_l0, $output_l0, $rk12_l @ AES block 4k+4 - round 12 low - b.gt .L192_dec_blocks_more_than_3 - - movi $acc_l.8b, #0 - movi $acc_h.8b, #0 - - mov $ctr3b, $ctr2b - mov $ctr2b, $ctr1b - sub $rctr32w, $rctr32w, #1 - - movi $acc_m.8b, #0 - cmp $main_end_input_ptr, #32 - b.gt .L192_dec_blocks_more_than_2 - - mov $ctr3b, $ctr1b - cmp $main_end_input_ptr, #16 - sub $rctr32w, $rctr32w, #1 - - b.gt .L192_dec_blocks_more_than_1 - - sub $rctr32w, $rctr32w, #1 - b .L192_dec_blocks_less_than_1 - .L192_dec_blocks_more_than_3: @ blocks left > 3 - rev64 $res0b, $res1b @ GHASH final-3 block - ld1 { $res1b}, [$input_ptr], #16 @ AES final-2 block - load ciphertext - - stp $output_l0, $output_h0, [$output_ptr], #16 @ AES final-3 block - store result - - eor $res0b, $res0b, $t0.16b @ feed in partial tag - - eor $ctr0b, $res1b, $ctr1b @ AES final-2 block - result - - pmull $acc_l.1q, $res0.1d, $h4.1d @ GHASH final-3 block - low - mov $output_l0, $ctr0.d[0] @ AES final-2 block - mov low - mov $rk4d, $res0.d[1] @ GHASH final-3 block - mid - - mov $output_h0, $ctr0.d[1] @ AES final-2 block - mov high - - mov $acc_md, $h34k.d[1] @ GHASH final-3 block - mid - eor $rk4v.8b, $rk4v.8b, $res0.8b @ GHASH final-3 block - mid - - pmull2 $acc_h.1q, $res0.2d, $h4.2d @ GHASH final-3 block - high - - eor $output_l0, $output_l0, $rk12_l @ AES final-2 block - round 12 low - movi $t0.8b, #0 @ suppress further partial tag feed in - - pmull $acc_m.1q, $rk4v.1d, $acc_m.1d @ GHASH final-3 block - mid - eor $output_h0, $output_h0, $rk12_h @ AES final-2 block - round 12 high - .L192_dec_blocks_more_than_2: @ blocks left > 2 - - rev64 $res0b, $res1b @ GHASH final-2 block - ld1 { $res1b}, [$input_ptr], #16 @ AES final-1 block - load ciphertext - - eor $res0b, $res0b, $t0.16b @ feed in partial tag - - movi $t0.8b, #0 @ suppress further partial tag feed in - - eor $ctr0b, $res1b, $ctr2b @ AES final-1 block - result - - mov $rk4d, $res0.d[1] @ GHASH final-2 block - mid - - pmull $rk3q1, $res0.1d, $h3.1d @ GHASH final-2 block - low - - stp $output_l0, $output_h0, [$output_ptr], #16 @ AES final-2 block - store result - - eor $rk4v.8b, $rk4v.8b, $res0.8b @ GHASH final-2 block - mid - mov $output_h0, $ctr0.d[1] @ AES final-1 block - mov high - - eor $acc_lb, $acc_lb, $rk3 @ GHASH final-2 block - low - mov $output_l0, $ctr0.d[0] @ AES final-1 block - mov low - - pmull2 $rk2q1, $res0.2d, $h3.2d @ GHASH final-2 block - high - - pmull $rk4v.1q, $rk4v.1d, $h34k.1d @ GHASH final-2 block - mid - - eor $acc_hb, $acc_hb, $rk2 @ GHASH final-2 block - high - eor $output_h0, $output_h0, $rk12_h @ AES final-1 block - round 12 high - - eor $output_l0, $output_l0, $rk12_l @ AES final-1 block - round 12 low - eor $acc_mb, $acc_mb, $rk4v.16b @ GHASH final-2 block - mid - .L192_dec_blocks_more_than_1: @ blocks left > 1 - - rev64 $res0b, $res1b @ GHASH final-1 block - - eor $res0b, $res0b, $t0.16b @ feed in partial tag - ld1 { $res1b}, [$input_ptr], #16 @ AES final block - load ciphertext - - mov $rk4d, $res0.d[1] @ GHASH final-1 block - mid - - pmull2 $rk2q1, $res0.2d, $h2.2d @ GHASH final-1 block - high - - eor $ctr0b, $res1b, $ctr3b @ AES final block - result - stp $output_l0, $output_h0, [$output_ptr], #16 @ AES final-1 block - store result - - eor $rk4v.8b, $rk4v.8b, $res0.8b @ GHASH final-1 block - mid - - eor $acc_hb, $acc_hb, $rk2 @ GHASH final-1 block - high - - pmull $rk3q1, $res0.1d, $h2.1d @ GHASH final-1 block - low - mov $output_h0, $ctr0.d[1] @ AES final block - mov high - - ins $rk4v.d[1], $rk4v.d[0] @ GHASH final-1 block - mid - mov $output_l0, $ctr0.d[0] @ AES final block - mov low - - pmull2 $rk4v.1q, $rk4v.2d, $h12k.2d @ GHASH final-1 block - mid - - movi $t0.8b, #0 @ suppress further partial tag feed in - eor $acc_lb, $acc_lb, $rk3 @ GHASH final-1 block - low - eor $output_h0, $output_h0, $rk12_h @ AES final block - round 12 high - - eor $output_l0, $output_l0, $rk12_l @ AES final block - round 12 low - - eor $acc_mb, $acc_mb, $rk4v.16b @ GHASH final-1 block - mid - .L192_dec_blocks_less_than_1: @ blocks left <= 1 - - mvn $rk12_l, xzr @ rk12_l = 0xffffffffffffffff - ldp $end_input_ptr, $main_end_input_ptr, [$output_ptr] @ load existing bytes we need to not overwrite - and $bit_length, $bit_length, #127 @ bit_length %= 128 - - sub $bit_length, $bit_length, #128 @ bit_length -= 128 - - neg $bit_length, $bit_length @ bit_length = 128 - #bits in input (in range [1,128]) - - and $bit_length, $bit_length, #127 @ bit_length %= 128 - mvn $rk12_h, xzr @ rk12_h = 0xffffffffffffffff - - lsr $rk12_h, $rk12_h, $bit_length @ rk12_h is mask for top 64b of last block - cmp $bit_length, #64 - - csel $ctr32x, $rk12_l, $rk12_h, lt - csel $ctr96_b64x, $rk12_h, xzr, lt - - fmov $ctr0d, $ctr32x @ ctr0b is mask for last block - and $output_l0, $output_l0, $ctr32x - bic $end_input_ptr, $end_input_ptr, $ctr32x @ mask out low existing bytes - - orr $output_l0, $output_l0, $end_input_ptr - mov $ctr0.d[1], $ctr96_b64x - - rev $ctr32w, $rctr32w - - and $res1b, $res1b, $ctr0b @ possibly partial last block has zeroes in highest bits - str $ctr32w, [$counter, #12] @ store the updated counter - - rev64 $res0b, $res1b @ GHASH final block - - eor $res0b, $res0b, $t0.16b @ feed in partial tag - bic $main_end_input_ptr, $main_end_input_ptr, $ctr96_b64x @ mask out high existing bytes - - and $output_h0, $output_h0, $ctr96_b64x - - pmull2 $rk2q1, $res0.2d, $h1.2d @ GHASH final block - high - mov $t0d, $res0.d[1] @ GHASH final block - mid - - pmull $rk3q1, $res0.1d, $h1.1d @ GHASH final block - low - - eor $t0.8b, $t0.8b, $res0.8b @ GHASH final block - mid - - eor $acc_hb, $acc_hb, $rk2 @ GHASH final block - high - - pmull $t0.1q, $t0.1d, $h12k.1d @ GHASH final block - mid - - eor $acc_lb, $acc_lb, $rk3 @ GHASH final block - low - - eor $acc_mb, $acc_mb, $t0.16b @ GHASH final block - mid - movi $mod_constant.8b, #0xc2 - - eor $t9.16b, $acc_lb, $acc_hb @ MODULO - karatsuba tidy up - - shl $mod_constantd, $mod_constantd, #56 @ mod_constant - - eor $acc_mb, $acc_mb, $t9.16b @ MODULO - karatsuba tidy up - - pmull $mod_t.1q, $acc_h.1d, $mod_constant.1d @ MODULO - top 64b align with mid - orr $output_h0, $output_h0, $main_end_input_ptr - stp $output_l0, $output_h0, [$output_ptr] - - ext $acc_hb, $acc_hb, $acc_hb, #8 @ MODULO - other top alignment - - eor $acc_mb, $acc_mb, $mod_t.16b @ MODULO - fold into mid - - eor $acc_mb, $acc_mb, $acc_hb @ MODULO - fold into mid - - pmull $mod_constant.1q, $acc_m.1d, $mod_constant.1d @ MODULO - mid 64b align with low - - eor $acc_lb, $acc_lb, $mod_constant.16b @ MODULO - fold into low - - ext $acc_mb, $acc_mb, $acc_mb, #8 @ MODULO - other mid alignment - - eor $acc_lb, $acc_lb, $acc_mb @ MODULO - fold into low - ext $acc_lb, $acc_lb, $acc_lb, #8 - rev64 $acc_lb, $acc_lb - mov x0, $len - st1 { $acc_l.16b }, [$current_tag] - - ldp x21, x22, [sp, #16] - ldp x23, x24, [sp, #32] - ldp d8, d9, [sp, #48] - ldp d10, d11, [sp, #64] - ldp d12, d13, [sp, #80] - ldp d14, d15, [sp, #96] - ldp x19, x20, [sp], #112 - ret - -.L192_dec_ret: - mov w0, #0x0 - ret -.size aes_gcm_dec_192_kernel,.-aes_gcm_dec_192_kernel -___ -} - -{ -my ($end_input_ptr,$main_end_input_ptr,$input_l0,$input_h0)=map("x$_",(4..7)); -my ($input_l1,$input_h1,$input_l2,$input_h2,$input_l3,$input_h3)=map("x$_",(19..24)); -my ($output_l1,$output_h1,$output_l2,$output_h2,$output_l3,$output_h3)=map("x$_",(19..24)); -my ($output_l0,$output_h0)=map("x$_",(6..7)); - -my $ctr32w="w9"; -my ($ctr32x,$ctr96_b64x,$ctr96_t32x,$rctr32x,$rk14_l,$rk14_h,$len)=map("x$_",(9..15)); -my ($ctr96_t32w,$rctr32w)=map("w$_",(11..12)); - -my ($ctr0b,$ctr1b,$ctr2b,$ctr3b,$res0b,$res1b,$res2b,$res3b)=map("v$_.16b",(0..7)); -my ($ctr0,$ctr1,$ctr2,$ctr3,$res0,$res1,$res2,$res3)=map("v$_",(0..7)); -my ($ctr0d,$ctr1d,$ctr2d,$ctr3d,$res0d,$res1d,$res2d,$res3d)=map("d$_",(0..7)); -my ($res0q,$res1q,$res2q,$res3q)=map("q$_",(4..7)); - -my ($acc_hb,$acc_mb,$acc_lb)=map("v$_.16b",(9..11)); -my ($acc_h,$acc_m,$acc_l)=map("v$_",(9..11)); -my ($acc_hd,$acc_md,$acc_ld)=map("d$_",(9..11)); - -my ($h1,$h2,$h3,$h4,$h12k,$h34k)=map("v$_",(12..17)); -my ($h1q,$h2q,$h3q,$h4q)=map("q$_",(12..15)); -my ($h1b,$h2b,$h3b,$h4b)=map("v$_.16b",(12..15)); - -my $t0="v8"; -my $t0d="d8"; -my $t1="v4"; -my $t1d="d4"; -my $t2="v8"; -my $t2d="d8"; -my $t3="v4"; -my $t3d="d4"; -my $t4="v4"; -my $t4d="d4"; -my $t5="v5"; -my $t5d="d5"; -my $t6="v8"; -my $t6d="d8"; -my $t7="v5"; -my $t7d="d5"; -my $t8="v6"; -my $t8d="d6"; -my $t9="v4"; -my $t9d="d4"; - -my ($ctr_t0,$ctr_t1,$ctr_t2,$ctr_t3)=map("v$_",(4..7)); -my ($ctr_t0d,$ctr_t1d,$ctr_t2d,$ctr_t3d)=map("d$_",(4..7)); -my ($ctr_t0b,$ctr_t1b,$ctr_t2b,$ctr_t3b)=map("v$_.16b",(4..7)); - -my $mod_constantd="d8"; -my $mod_constant="v8"; -my $mod_t="v7"; - -my ($rk0,$rk1,$rk2,$rk3,$rk4,$rk5,$rk6,$rk7,$rk8,$rk9,$rk10,$rk11,$rk12,$rk13)=map("v$_.16b",(18..31)); -my ($rk0q,$rk1q,$rk2q,$rk3q,$rk4q,$rk5q,$rk6q,$rk7q,$rk8q,$rk9q,$rk10q,$rk11q,$rk12q,$rk13q)=map("q$_",(18..31)); -my $rk2q1="v20.1q"; -my $rk3q1="v21.1q"; -my $rk4v="v22"; -my $rk4d="d22"; - -######################################################################################### -# size_t aes_gcm_enc_256_kernel(const unsigned char *in, -# size_t len, -# unsigned char *out, -# const void *key, -# unsigned char ivec[16], -# u64 *Xi); -# -$code.=<<___; -.global aes_gcm_enc_256_kernel -.type aes_gcm_enc_256_kernel,%function -.align 4 -aes_gcm_enc_256_kernel: - cbz x1, .L256_enc_ret - stp x19, x20, [sp, #-112]! - mov x16, x4 - mov x8, x5 - stp x21, x22, [sp, #16] - stp x23, x24, [sp, #32] - stp d8, d9, [sp, #48] - stp d10, d11, [sp, #64] - stp d12, d13, [sp, #80] - stp d14, d15, [sp, #96] - - add $end_input_ptr, $input_ptr, $bit_length, lsr #3 @ end_input_ptr - lsr $main_end_input_ptr, $bit_length, #3 @ byte_len - mov $len, $main_end_input_ptr - ldp $ctr96_b64x, $ctr96_t32x, [$counter] @ ctr96_b64, ctr96_t32 - - ld1 { $ctr0b}, [$counter] @ special case vector load initial counter so we can start first AES block as quickly as possible - sub $main_end_input_ptr, $main_end_input_ptr, #1 @ byte_len - 1 - - ldr $rk0q, [$cc, #0] @ load rk0 - and $main_end_input_ptr, $main_end_input_ptr, #0xffffffffffffffc0 @ number of bytes to be processed in main loop (at least 1 byte must be handled by tail) - - ldr $rk7q, [$cc, #112] @ load rk7 - add $main_end_input_ptr, $main_end_input_ptr, $input_ptr - - lsr $rctr32x, $ctr96_t32x, #32 - fmov $ctr2d, $ctr96_b64x @ CTR block 2 - orr $ctr96_t32w, $ctr96_t32w, $ctr96_t32w - - rev $rctr32w, $rctr32w @ rev_ctr32 - cmp $input_ptr, $main_end_input_ptr @ check if we have <= 4 blocks - fmov $ctr1d, $ctr96_b64x @ CTR block 1 - - aese $ctr0b, $rk0 \n aesmc $ctr0b, $ctr0b @ AES block 0 - round 0 - add $rctr32w, $rctr32w, #1 @ increment rev_ctr32 - - rev $ctr32w, $rctr32w @ CTR block 1 - fmov $ctr3d, $ctr96_b64x @ CTR block 3 - - orr $ctr32x, $ctr96_t32x, $ctr32x, lsl #32 @ CTR block 1 - add $rctr32w, $rctr32w, #1 @ CTR block 1 - ldr $rk1q, [$cc, #16] @ load rk1 - - fmov $ctr1.d[1], $ctr32x @ CTR block 1 - rev $ctr32w, $rctr32w @ CTR block 2 - add $rctr32w, $rctr32w, #1 @ CTR block 2 - - orr $ctr32x, $ctr96_t32x, $ctr32x, lsl #32 @ CTR block 2 - ldr $rk2q, [$cc, #32] @ load rk2 - - fmov $ctr2.d[1], $ctr32x @ CTR block 2 - rev $ctr32w, $rctr32w @ CTR block 3 - - aese $ctr0b, $rk1 \n aesmc $ctr0b, $ctr0b @ AES block 0 - round 1 - orr $ctr32x, $ctr96_t32x, $ctr32x, lsl #32 @ CTR block 3 - - fmov $ctr3.d[1], $ctr32x @ CTR block 3 - - aese $ctr1b, $rk0 \n aesmc $ctr1b, $ctr1b @ AES block 1 - round 0 - ldr $rk3q, [$cc, #48] @ load rk3 - - aese $ctr0b, $rk2 \n aesmc $ctr0b, $ctr0b @ AES block 0 - round 2 - ldr $rk6q, [$cc, #96] @ load rk6 - - aese $ctr2b, $rk0 \n aesmc $ctr2b, $ctr2b @ AES block 2 - round 0 - ldr $rk5q, [$cc, #80] @ load rk5 - - aese $ctr1b, $rk1 \n aesmc $ctr1b, $ctr1b @ AES block 1 - round 1 - ldr $h3q, [$current_tag, #80] @ load h3l | h3h - ext $h3b, $h3b, $h3b, #8 - - aese $ctr3b, $rk0 \n aesmc $ctr3b, $ctr3b @ AES block 3 - round 0 - ldr $rk13q, [$cc, #208] @ load rk13 - - aese $ctr2b, $rk1 \n aesmc $ctr2b, $ctr2b @ AES block 2 - round 1 - ldr $rk4q, [$cc, #64] @ load rk4 - - aese $ctr1b, $rk2 \n aesmc $ctr1b, $ctr1b @ AES block 1 - round 2 - ldr $h2q, [$current_tag, #64] @ load h2l | h2h - ext $h2b, $h2b, $h2b, #8 - - aese $ctr3b, $rk1 \n aesmc $ctr3b, $ctr3b @ AES block 3 - round 1 - ldr $rk12q, [$cc, #192] @ load rk12 - - aese $ctr2b, $rk2 \n aesmc $ctr2b, $ctr2b @ AES block 2 - round 2 - ldr $h4q, [$current_tag, #112] @ load h4l | h4h - ext $h4b, $h4b, $h4b, #8 - - aese $ctr1b, $rk3 \n aesmc $ctr1b, $ctr1b @ AES block 1 - round 3 - ldr $rk11q, [$cc, #176] @ load rk11 - - aese $ctr3b, $rk2 \n aesmc $ctr3b, $ctr3b @ AES block 3 - round 2 - ldr $rk8q, [$cc, #128] @ load rk8 - - aese $ctr2b, $rk3 \n aesmc $ctr2b, $ctr2b @ AES block 2 - round 3 - add $rctr32w, $rctr32w, #1 @ CTR block 3 - - aese $ctr0b, $rk3 \n aesmc $ctr0b, $ctr0b @ AES block 0 - round 3 - ldp $rk14_l, $rk14_h, [$cc, #224] @ load rk14 - - aese $ctr3b, $rk3 \n aesmc $ctr3b, $ctr3b @ AES block 3 - round 3 - ld1 { $acc_lb}, [$current_tag] - ext $acc_lb, $acc_lb, $acc_lb, #8 - rev64 $acc_lb, $acc_lb - - aese $ctr2b, $rk4 \n aesmc $ctr2b, $ctr2b @ AES block 2 - round 4 - - aese $ctr0b, $rk4 \n aesmc $ctr0b, $ctr0b @ AES block 0 - round 4 - - aese $ctr1b, $rk4 \n aesmc $ctr1b, $ctr1b @ AES block 1 - round 4 - - aese $ctr3b, $rk4 \n aesmc $ctr3b, $ctr3b @ AES block 3 - round 4 - - aese $ctr0b, $rk5 \n aesmc $ctr0b, $ctr0b @ AES block 0 - round 5 - - aese $ctr1b, $rk5 \n aesmc $ctr1b, $ctr1b @ AES block 1 - round 5 - - aese $ctr3b, $rk5 \n aesmc $ctr3b, $ctr3b @ AES block 3 - round 5 - - aese $ctr2b, $rk5 \n aesmc $ctr2b, $ctr2b @ AES block 2 - round 5 - - aese $ctr1b, $rk6 \n aesmc $ctr1b, $ctr1b @ AES block 1 - round 6 - trn2 $h34k.2d, $h3.2d, $h4.2d @ h4l | h3l - - aese $ctr3b, $rk6 \n aesmc $ctr3b, $ctr3b @ AES block 3 - round 6 - ldr $rk9q, [$cc, #144] @ load rk9 - - aese $ctr0b, $rk6 \n aesmc $ctr0b, $ctr0b @ AES block 0 - round 6 - ldr $h1q, [$current_tag, #32] @ load h1l | h1h - ext $h1b, $h1b, $h1b, #8 - - aese $ctr2b, $rk6 \n aesmc $ctr2b, $ctr2b @ AES block 2 - round 6 - ldr $rk10q, [$cc, #160] @ load rk10 - - aese $ctr1b, $rk7 \n aesmc $ctr1b, $ctr1b @ AES block 1 - round 7 - trn1 $acc_h.2d, $h3.2d, $h4.2d @ h4h | h3h - - aese $ctr0b, $rk7 \n aesmc $ctr0b, $ctr0b @ AES block 0 - round 7 - - aese $ctr2b, $rk7 \n aesmc $ctr2b, $ctr2b @ AES block 2 - round 7 - - aese $ctr3b, $rk7 \n aesmc $ctr3b, $ctr3b @ AES block 3 - round 7 - trn2 $h12k.2d, $h1.2d, $h2.2d @ h2l | h1l - - aese $ctr1b, $rk8 \n aesmc $ctr1b, $ctr1b @ AES block 1 - round 8 - - aese $ctr2b, $rk8 \n aesmc $ctr2b, $ctr2b @ AES block 2 - round 8 - - aese $ctr3b, $rk8 \n aesmc $ctr3b, $ctr3b @ AES block 3 - round 8 - - aese $ctr1b, $rk9 \n aesmc $ctr1b, $ctr1b @ AES block 1 - round 9 - - aese $ctr2b, $rk9 \n aesmc $ctr2b, $ctr2b @ AES block 2 - round 9 - - aese $ctr0b, $rk8 \n aesmc $ctr0b, $ctr0b @ AES block 0 - round 8 - - aese $ctr1b, $rk10 \n aesmc $ctr1b, $ctr1b @ AES block 1 - round 10 - - aese $ctr3b, $rk9 \n aesmc $ctr3b, $ctr3b @ AES block 3 - round 9 - - aese $ctr0b, $rk9 \n aesmc $ctr0b, $ctr0b @ AES block 0 - round 9 - - aese $ctr2b, $rk10 \n aesmc $ctr2b, $ctr2b @ AES block 2 - round 10 - - aese $ctr3b, $rk10 \n aesmc $ctr3b, $ctr3b @ AES block 3 - round 10 - - aese $ctr1b, $rk11 \n aesmc $ctr1b, $ctr1b @ AES block 1 - round 11 - - aese $ctr2b, $rk11 \n aesmc $ctr2b, $ctr2b @ AES block 2 - round 11 - - aese $ctr0b, $rk10 \n aesmc $ctr0b, $ctr0b @ AES block 0 - round 10 - - aese $ctr1b, $rk12 \n aesmc $ctr1b, $ctr1b @ AES block 1 - round 12 - - aese $ctr2b, $rk12 \n aesmc $ctr2b, $ctr2b @ AES block 2 - round 12 - - aese $ctr0b, $rk11 \n aesmc $ctr0b, $ctr0b @ AES block 0 - round 11 - eor $h34k.16b, $h34k.16b, $acc_h.16b @ h4k | h3k - - aese $ctr3b, $rk11 \n aesmc $ctr3b, $ctr3b @ AES block 3 - round 11 - - aese $ctr2b, $rk13 @ AES block 2 - round 13 - trn1 $t0.2d, $h1.2d, $h2.2d @ h2h | h1h - - aese $ctr0b, $rk12 \n aesmc $ctr0b, $ctr0b @ AES block 0 - round 12 - - aese $ctr3b, $rk12 \n aesmc $ctr3b, $ctr3b @ AES block 3 - round 12 - - aese $ctr1b, $rk13 @ AES block 1 - round 13 - - aese $ctr0b, $rk13 @ AES block 0 - round 13 - - aese $ctr3b, $rk13 @ AES block 3 - round 13 - eor $h12k.16b, $h12k.16b, $t0.16b @ h2k | h1k - b.ge .L256_enc_tail @ handle tail - - ldp $input_l1, $input_h1, [$input_ptr, #16] @ AES block 1 - load plaintext - - rev $ctr32w, $rctr32w @ CTR block 4 - ldp $input_l0, $input_h0, [$input_ptr, #0] @ AES block 0 - load plaintext - - ldp $input_l3, $input_h3, [$input_ptr, #48] @ AES block 3 - load plaintext - - ldp $input_l2, $input_h2, [$input_ptr, #32] @ AES block 2 - load plaintext - add $input_ptr, $input_ptr, #64 @ AES input_ptr update - - eor $input_l1, $input_l1, $rk14_l @ AES block 1 - round 14 low - eor $input_h1, $input_h1, $rk14_h @ AES block 1 - round 14 high - - fmov $ctr_t1d, $input_l1 @ AES block 1 - mov low - eor $input_l0, $input_l0, $rk14_l @ AES block 0 - round 14 low - - eor $input_h0, $input_h0, $rk14_h @ AES block 0 - round 14 high - eor $input_h3, $input_h3, $rk14_h @ AES block 3 - round 14 high - fmov $ctr_t0d, $input_l0 @ AES block 0 - mov low - - cmp $input_ptr, $main_end_input_ptr @ check if we have <= 8 blocks - fmov $ctr_t0.d[1], $input_h0 @ AES block 0 - mov high - eor $input_l3, $input_l3, $rk14_l @ AES block 3 - round 14 low - - eor $input_l2, $input_l2, $rk14_l @ AES block 2 - round 14 low - fmov $ctr_t1.d[1], $input_h1 @ AES block 1 - mov high - - fmov $ctr_t2d, $input_l2 @ AES block 2 - mov low - add $rctr32w, $rctr32w, #1 @ CTR block 4 - - orr $ctr32x, $ctr96_t32x, $ctr32x, lsl #32 @ CTR block 4 - fmov $ctr_t3d, $input_l3 @ AES block 3 - mov low - eor $input_h2, $input_h2, $rk14_h @ AES block 2 - round 14 high - - fmov $ctr_t2.d[1], $input_h2 @ AES block 2 - mov high - - eor $res0b, $ctr_t0b, $ctr0b @ AES block 0 - result - fmov $ctr0d, $ctr96_b64x @ CTR block 4 - - fmov $ctr0.d[1], $ctr32x @ CTR block 4 - rev $ctr32w, $rctr32w @ CTR block 5 - add $rctr32w, $rctr32w, #1 @ CTR block 5 - - eor $res1b, $ctr_t1b, $ctr1b @ AES block 1 - result - fmov $ctr1d, $ctr96_b64x @ CTR block 5 - orr $ctr32x, $ctr96_t32x, $ctr32x, lsl #32 @ CTR block 5 - - fmov $ctr1.d[1], $ctr32x @ CTR block 5 - rev $ctr32w, $rctr32w @ CTR block 6 - st1 { $res0b}, [$output_ptr], #16 @ AES block 0 - store result - - fmov $ctr_t3.d[1], $input_h3 @ AES block 3 - mov high - orr $ctr32x, $ctr96_t32x, $ctr32x, lsl #32 @ CTR block 6 - eor $res2b, $ctr_t2b, $ctr2b @ AES block 2 - result - - st1 { $res1b}, [$output_ptr], #16 @ AES block 1 - store result - - add $rctr32w, $rctr32w, #1 @ CTR block 6 - fmov $ctr2d, $ctr96_b64x @ CTR block 6 - - fmov $ctr2.d[1], $ctr32x @ CTR block 6 - st1 { $res2b}, [$output_ptr], #16 @ AES block 2 - store result - rev $ctr32w, $rctr32w @ CTR block 7 - - orr $ctr32x, $ctr96_t32x, $ctr32x, lsl #32 @ CTR block 7 - - eor $res3b, $ctr_t3b, $ctr3b @ AES block 3 - result - st1 { $res3b}, [$output_ptr], #16 @ AES block 3 - store result - b.ge L256_enc_prepretail @ do prepretail - - .L256_enc_main_loop: @ main loop start - aese $ctr0b, $rk0 \n aesmc $ctr0b, $ctr0b @ AES block 4k+4 - round 0 - rev64 $res0b, $res0b @ GHASH block 4k (only t0 is free) - - aese $ctr1b, $rk0 \n aesmc $ctr1b, $ctr1b @ AES block 4k+5 - round 0 - fmov $ctr3d, $ctr96_b64x @ CTR block 4k+3 - - aese $ctr2b, $rk0 \n aesmc $ctr2b, $ctr2b @ AES block 4k+6 - round 0 - ext $acc_lb, $acc_lb, $acc_lb, #8 @ PRE 0 - - aese $ctr0b, $rk1 \n aesmc $ctr0b, $ctr0b @ AES block 4k+4 - round 1 - fmov $ctr3.d[1], $ctr32x @ CTR block 4k+3 - - aese $ctr1b, $rk1 \n aesmc $ctr1b, $ctr1b @ AES block 4k+5 - round 1 - ldp $input_l3, $input_h3, [$input_ptr, #48] @ AES block 4k+7 - load plaintext - - aese $ctr2b, $rk1 \n aesmc $ctr2b, $ctr2b @ AES block 4k+6 - round 1 - ldp $input_l2, $input_h2, [$input_ptr, #32] @ AES block 4k+6 - load plaintext - - aese $ctr0b, $rk2 \n aesmc $ctr0b, $ctr0b @ AES block 4k+4 - round 2 - eor $res0b, $res0b, $acc_lb @ PRE 1 - - aese $ctr1b, $rk2 \n aesmc $ctr1b, $ctr1b @ AES block 4k+5 - round 2 - - aese $ctr3b, $rk0 \n aesmc $ctr3b, $ctr3b @ AES block 4k+7 - round 0 - eor $input_l3, $input_l3, $rk14_l @ AES block 4k+7 - round 14 low - - aese $ctr0b, $rk3 \n aesmc $ctr0b, $ctr0b @ AES block 4k+4 - round 3 - mov $acc_md, $h34k.d[1] @ GHASH block 4k - mid - - pmull2 $acc_h.1q, $res0.2d, $h4.2d @ GHASH block 4k - high - eor $input_h2, $input_h2, $rk14_h @ AES block 4k+6 - round 14 high - mov $t0d, $res0.d[1] @ GHASH block 4k - mid - - aese $ctr3b, $rk1 \n aesmc $ctr3b, $ctr3b @ AES block 4k+7 - round 1 - rev64 $res1b, $res1b @ GHASH block 4k+1 (t0 and t1 free) - - aese $ctr0b, $rk4 \n aesmc $ctr0b, $ctr0b @ AES block 4k+4 - round 4 - - pmull $acc_l.1q, $res0.1d, $h4.1d @ GHASH block 4k - low - eor $t0.8b, $t0.8b, $res0.8b @ GHASH block 4k - mid - - aese $ctr2b, $rk2 \n aesmc $ctr2b, $ctr2b @ AES block 4k+6 - round 2 - - aese $ctr0b, $rk5 \n aesmc $ctr0b, $ctr0b @ AES block 4k+4 - round 5 - rev64 $res3b, $res3b @ GHASH block 4k+3 (t0, t1, t2 and t3 free) - - pmull2 $t1.1q, $res1.2d, $h3.2d @ GHASH block 4k+1 - high - - pmull $acc_m.1q, $t0.1d, $acc_m.1d @ GHASH block 4k - mid - rev64 $res2b, $res2b @ GHASH block 4k+2 (t0, t1, and t2 free) - - pmull $t2.1q, $res1.1d, $h3.1d @ GHASH block 4k+1 - low - - eor $acc_hb, $acc_hb, $t1.16b @ GHASH block 4k+1 - high - mov $t3d, $res1.d[1] @ GHASH block 4k+1 - mid - - aese $ctr1b, $rk3 \n aesmc $ctr1b, $ctr1b @ AES block 4k+5 - round 3 - - aese $ctr3b, $rk2 \n aesmc $ctr3b, $ctr3b @ AES block 4k+7 - round 2 - eor $acc_lb, $acc_lb, $t2.16b @ GHASH block 4k+1 - low - - aese $ctr2b, $rk3 \n aesmc $ctr2b, $ctr2b @ AES block 4k+6 - round 3 - - aese $ctr1b, $rk4 \n aesmc $ctr1b, $ctr1b @ AES block 4k+5 - round 4 - mov $t6d, $res2.d[1] @ GHASH block 4k+2 - mid - - aese $ctr3b, $rk3 \n aesmc $ctr3b, $ctr3b @ AES block 4k+7 - round 3 - eor $t3.8b, $t3.8b, $res1.8b @ GHASH block 4k+1 - mid - - aese $ctr2b, $rk4 \n aesmc $ctr2b, $ctr2b @ AES block 4k+6 - round 4 - - aese $ctr0b, $rk6 \n aesmc $ctr0b, $ctr0b @ AES block 4k+4 - round 6 - eor $t6.8b, $t6.8b, $res2.8b @ GHASH block 4k+2 - mid - - aese $ctr3b, $rk4 \n aesmc $ctr3b, $ctr3b @ AES block 4k+7 - round 4 - - pmull $t3.1q, $t3.1d, $h34k.1d @ GHASH block 4k+1 - mid - - aese $ctr0b, $rk7 \n aesmc $ctr0b, $ctr0b @ AES block 4k+4 - round 7 - - aese $ctr3b, $rk5 \n aesmc $ctr3b, $ctr3b @ AES block 4k+7 - round 5 - ins $t6.d[1], $t6.d[0] @ GHASH block 4k+2 - mid - - aese $ctr1b, $rk5 \n aesmc $ctr1b, $ctr1b @ AES block 4k+5 - round 5 - - aese $ctr0b, $rk8 \n aesmc $ctr0b, $ctr0b @ AES block 4k+4 - round 8 - - aese $ctr2b, $rk5 \n aesmc $ctr2b, $ctr2b @ AES block 4k+6 - round 5 - - aese $ctr1b, $rk6 \n aesmc $ctr1b, $ctr1b @ AES block 4k+5 - round 6 - eor $acc_mb, $acc_mb, $t3.16b @ GHASH block 4k+1 - mid - - pmull2 $t4.1q, $res2.2d, $h2.2d @ GHASH block 4k+2 - high - - pmull $t5.1q, $res2.1d, $h2.1d @ GHASH block 4k+2 - low - - aese $ctr1b, $rk7 \n aesmc $ctr1b, $ctr1b @ AES block 4k+5 - round 7 - - pmull $t8.1q, $res3.1d, $h1.1d @ GHASH block 4k+3 - low - eor $acc_hb, $acc_hb, $t4.16b @ GHASH block 4k+2 - high - - aese $ctr3b, $rk6 \n aesmc $ctr3b, $ctr3b @ AES block 4k+7 - round 6 - ldp $input_l1, $input_h1, [$input_ptr, #16] @ AES block 4k+5 - load plaintext - - aese $ctr1b, $rk8 \n aesmc $ctr1b, $ctr1b @ AES block 4k+5 - round 8 - mov $t9d, $res3.d[1] @ GHASH block 4k+3 - mid - - aese $ctr2b, $rk6 \n aesmc $ctr2b, $ctr2b @ AES block 4k+6 - round 6 - eor $acc_lb, $acc_lb, $t5.16b @ GHASH block 4k+2 - low - - pmull2 $t6.1q, $t6.2d, $h12k.2d @ GHASH block 4k+2 - mid - - pmull2 $t7.1q, $res3.2d, $h1.2d @ GHASH block 4k+3 - high - eor $t9.8b, $t9.8b, $res3.8b @ GHASH block 4k+3 - mid - - aese $ctr2b, $rk7 \n aesmc $ctr2b, $ctr2b @ AES block 4k+6 - round 7 - eor $input_l1, $input_l1, $rk14_l @ AES block 4k+5 - round 14 low - - aese $ctr1b, $rk9 \n aesmc $ctr1b, $ctr1b @ AES block 4k+5 - round 9 - eor $acc_mb, $acc_mb, $t6.16b @ GHASH block 4k+2 - mid - - aese $ctr3b, $rk7 \n aesmc $ctr3b, $ctr3b @ AES block 4k+7 - round 7 - eor $input_l2, $input_l2, $rk14_l @ AES block 4k+6 - round 14 low - - aese $ctr0b, $rk9 \n aesmc $ctr0b, $ctr0b @ AES block 4k+4 - round 9 - movi $mod_constant.8b, #0xc2 - - pmull $t9.1q, $t9.1d, $h12k.1d @ GHASH block 4k+3 - mid - eor $acc_hb, $acc_hb, $t7.16b @ GHASH block 4k+3 - high - fmov $ctr_t1d, $input_l1 @ AES block 4k+5 - mov low - - aese $ctr2b, $rk8 \n aesmc $ctr2b, $ctr2b @ AES block 4k+6 - round 8 - ldp $input_l0, $input_h0, [$input_ptr, #0] @ AES block 4k+4 - load plaintext - - aese $ctr0b, $rk10 \n aesmc $ctr0b, $ctr0b @ AES block 4k+4 - round 10 - shl $mod_constantd, $mod_constantd, #56 @ mod_constant - - aese $ctr3b, $rk8 \n aesmc $ctr3b, $ctr3b @ AES block 4k+7 - round 8 - eor $acc_lb, $acc_lb, $t8.16b @ GHASH block 4k+3 - low - - aese $ctr2b, $rk9 \n aesmc $ctr2b, $ctr2b @ AES block 4k+6 - round 9 - - aese $ctr1b, $rk10 \n aesmc $ctr1b, $ctr1b @ AES block 4k+5 - round 10 - eor $acc_mb, $acc_mb, $t9.16b @ GHASH block 4k+3 - mid - - aese $ctr3b, $rk9 \n aesmc $ctr3b, $ctr3b @ AES block 4k+7 - round 9 - add $rctr32w, $rctr32w, #1 @ CTR block 4k+3 - - aese $ctr0b, $rk11 \n aesmc $ctr0b, $ctr0b @ AES block 4k+4 - round 11 - eor $t9.16b, $acc_lb, $acc_hb @ MODULO - karatsuba tidy up - - aese $ctr1b, $rk11 \n aesmc $ctr1b, $ctr1b @ AES block 4k+5 - round 11 - add $input_ptr, $input_ptr, #64 @ AES input_ptr update - - pmull $mod_t.1q, $acc_h.1d, $mod_constant.1d @ MODULO - top 64b align with mid - rev $ctr32w, $rctr32w @ CTR block 4k+8 - ext $acc_hb, $acc_hb, $acc_hb, #8 @ MODULO - other top alignment - - aese $ctr2b, $rk10 \n aesmc $ctr2b, $ctr2b @ AES block 4k+6 - round 10 - eor $input_l0, $input_l0, $rk14_l @ AES block 4k+4 - round 14 low - - aese $ctr1b, $rk12 \n aesmc $ctr1b, $ctr1b @ AES block 4k+5 - round 12 - eor $acc_mb, $acc_mb, $t9.16b @ MODULO - karatsuba tidy up - - aese $ctr3b, $rk10 \n aesmc $ctr3b, $ctr3b @ AES block 4k+7 - round 10 - eor $input_h0, $input_h0, $rk14_h @ AES block 4k+4 - round 14 high - - fmov $ctr_t0d, $input_l0 @ AES block 4k+4 - mov low - orr $ctr32x, $ctr96_t32x, $ctr32x, lsl #32 @ CTR block 4k+8 - eor $mod_t.16b, $acc_hb, $mod_t.16b @ MODULO - fold into mid - - aese $ctr0b, $rk12 \n aesmc $ctr0b, $ctr0b @ AES block 4k+4 - round 12 - eor $input_h1, $input_h1, $rk14_h @ AES block 4k+5 - round 14 high - - aese $ctr2b, $rk11 \n aesmc $ctr2b, $ctr2b @ AES block 4k+6 - round 11 - eor $input_h3, $input_h3, $rk14_h @ AES block 4k+7 - round 14 high - - aese $ctr3b, $rk11 \n aesmc $ctr3b, $ctr3b @ AES block 4k+7 - round 11 - add $rctr32w, $rctr32w, #1 @ CTR block 4k+8 - - aese $ctr0b, $rk13 @ AES block 4k+4 - round 13 - fmov $ctr_t0.d[1], $input_h0 @ AES block 4k+4 - mov high - eor $acc_mb, $acc_mb, $mod_t.16b @ MODULO - fold into mid - - aese $ctr2b, $rk12 \n aesmc $ctr2b, $ctr2b @ AES block 4k+6 - round 12 - fmov $ctr_t3d, $input_l3 @ AES block 4k+7 - mov low - - aese $ctr1b, $rk13 @ AES block 4k+5 - round 13 - fmov $ctr_t1.d[1], $input_h1 @ AES block 4k+5 - mov high - - fmov $ctr_t2d, $input_l2 @ AES block 4k+6 - mov low - cmp $input_ptr, $main_end_input_ptr @ LOOP CONTROL - - fmov $ctr_t2.d[1], $input_h2 @ AES block 4k+6 - mov high - - pmull $acc_h.1q, $acc_m.1d, $mod_constant.1d @ MODULO - mid 64b align with low - eor $res0b, $ctr_t0b, $ctr0b @ AES block 4k+4 - result - fmov $ctr0d, $ctr96_b64x @ CTR block 4k+8 - - fmov $ctr0.d[1], $ctr32x @ CTR block 4k+8 - rev $ctr32w, $rctr32w @ CTR block 4k+9 - add $rctr32w, $rctr32w, #1 @ CTR block 4k+9 - - eor $res1b, $ctr_t1b, $ctr1b @ AES block 4k+5 - result - fmov $ctr1d, $ctr96_b64x @ CTR block 4k+9 - orr $ctr32x, $ctr96_t32x, $ctr32x, lsl #32 @ CTR block 4k+9 - - aese $ctr3b, $rk12 \n aesmc $ctr3b, $ctr3b @ AES block 4k+7 - round 12 - fmov $ctr1.d[1], $ctr32x @ CTR block 4k+9 - - aese $ctr2b, $rk13 @ AES block 4k+6 - round 13 - rev $ctr32w, $rctr32w @ CTR block 4k+10 - st1 { $res0b}, [$output_ptr], #16 @ AES block 4k+4 - store result - - orr $ctr32x, $ctr96_t32x, $ctr32x, lsl #32 @ CTR block 4k+10 - eor $acc_lb, $acc_lb, $acc_hb @ MODULO - fold into low - fmov $ctr_t3.d[1], $input_h3 @ AES block 4k+7 - mov high - - ext $acc_mb, $acc_mb, $acc_mb, #8 @ MODULO - other mid alignment - st1 { $res1b}, [$output_ptr], #16 @ AES block 4k+5 - store result - add $rctr32w, $rctr32w, #1 @ CTR block 4k+10 - - aese $ctr3b, $rk13 @ AES block 4k+7 - round 13 - eor $res2b, $ctr_t2b, $ctr2b @ AES block 4k+6 - result - fmov $ctr2d, $ctr96_b64x @ CTR block 4k+10 - - st1 { $res2b}, [$output_ptr], #16 @ AES block 4k+6 - store result - fmov $ctr2.d[1], $ctr32x @ CTR block 4k+10 - rev $ctr32w, $rctr32w @ CTR block 4k+11 - - eor $acc_lb, $acc_lb, $acc_mb @ MODULO - fold into low - orr $ctr32x, $ctr96_t32x, $ctr32x, lsl #32 @ CTR block 4k+11 - - eor $res3b, $ctr_t3b, $ctr3b @ AES block 4k+7 - result - st1 { $res3b}, [$output_ptr], #16 @ AES block 4k+7 - store result - b.lt L256_enc_main_loop - - .L256_enc_prepretail: @ PREPRETAIL - aese $ctr1b, $rk0 \n aesmc $ctr1b, $ctr1b @ AES block 4k+5 - round 0 - rev64 $res2b, $res2b @ GHASH block 4k+2 (t0, t1, and t2 free) - - aese $ctr2b, $rk0 \n aesmc $ctr2b, $ctr2b @ AES block 4k+6 - round 0 - fmov $ctr3d, $ctr96_b64x @ CTR block 4k+3 - - aese $ctr0b, $rk0 \n aesmc $ctr0b, $ctr0b @ AES block 4k+4 - round 0 - rev64 $res0b, $res0b @ GHASH block 4k (only t0 is free) - - fmov $ctr3.d[1], $ctr32x @ CTR block 4k+3 - ext $acc_lb, $acc_lb, $acc_lb, #8 @ PRE 0 - - aese $ctr2b, $rk1 \n aesmc $ctr2b, $ctr2b @ AES block 4k+6 - round 1 - - aese $ctr0b, $rk1 \n aesmc $ctr0b, $ctr0b @ AES block 4k+4 - round 1 - - eor $res0b, $res0b, $acc_lb @ PRE 1 - rev64 $res1b, $res1b @ GHASH block 4k+1 (t0 and t1 free) - - aese $ctr2b, $rk2 \n aesmc $ctr2b, $ctr2b @ AES block 4k+6 - round 2 - - aese $ctr3b, $rk0 \n aesmc $ctr3b, $ctr3b @ AES block 4k+7 - round 0 - mov $acc_md, $h34k.d[1] @ GHASH block 4k - mid - - aese $ctr1b, $rk1 \n aesmc $ctr1b, $ctr1b @ AES block 4k+5 - round 1 - - pmull $acc_l.1q, $res0.1d, $h4.1d @ GHASH block 4k - low - mov $t0d, $res0.d[1] @ GHASH block 4k - mid - - pmull2 $acc_h.1q, $res0.2d, $h4.2d @ GHASH block 4k - high - - aese $ctr2b, $rk3 \n aesmc $ctr2b, $ctr2b @ AES block 4k+6 - round 3 - - aese $ctr1b, $rk2 \n aesmc $ctr1b, $ctr1b @ AES block 4k+5 - round 2 - eor $t0.8b, $t0.8b, $res0.8b @ GHASH block 4k - mid - - aese $ctr0b, $rk2 \n aesmc $ctr0b, $ctr0b @ AES block 4k+4 - round 2 - - aese $ctr3b, $rk1 \n aesmc $ctr3b, $ctr3b @ AES block 4k+7 - round 1 - - aese $ctr1b, $rk3 \n aesmc $ctr1b, $ctr1b @ AES block 4k+5 - round 3 - - pmull $acc_m.1q, $t0.1d, $acc_m.1d @ GHASH block 4k - mid - - pmull2 $t1.1q, $res1.2d, $h3.2d @ GHASH block 4k+1 - high - - pmull $t2.1q, $res1.1d, $h3.1d @ GHASH block 4k+1 - low - - aese $ctr3b, $rk2 \n aesmc $ctr3b, $ctr3b @ AES block 4k+7 - round 2 - - eor $acc_hb, $acc_hb, $t1.16b @ GHASH block 4k+1 - high - mov $t3d, $res1.d[1] @ GHASH block 4k+1 - mid - - aese $ctr0b, $rk3 \n aesmc $ctr0b, $ctr0b @ AES block 4k+4 - round 3 - eor $acc_lb, $acc_lb, $t2.16b @ GHASH block 4k+1 - low - - aese $ctr3b, $rk3 \n aesmc $ctr3b, $ctr3b @ AES block 4k+7 - round 3 - - eor $t3.8b, $t3.8b, $res1.8b @ GHASH block 4k+1 - mid - mov $t6d, $res2.d[1] @ GHASH block 4k+2 - mid - - aese $ctr0b, $rk4 \n aesmc $ctr0b, $ctr0b @ AES block 4k+4 - round 4 - rev64 $res3b, $res3b @ GHASH block 4k+3 (t0, t1, t2 and t3 free) - - aese $ctr3b, $rk4 \n aesmc $ctr3b, $ctr3b @ AES block 4k+7 - round 4 - - pmull $t3.1q, $t3.1d, $h34k.1d @ GHASH block 4k+1 - mid - eor $t6.8b, $t6.8b, $res2.8b @ GHASH block 4k+2 - mid - add $rctr32w, $rctr32w, #1 @ CTR block 4k+3 - - pmull $t5.1q, $res2.1d, $h2.1d @ GHASH block 4k+2 - low - - aese $ctr3b, $rk5 \n aesmc $ctr3b, $ctr3b @ AES block 4k+7 - round 5 - - aese $ctr2b, $rk4 \n aesmc $ctr2b, $ctr2b @ AES block 4k+6 - round 4 - eor $acc_mb, $acc_mb, $t3.16b @ GHASH block 4k+1 - mid - - pmull2 $t4.1q, $res2.2d, $h2.2d @ GHASH block 4k+2 - high - - eor $acc_lb, $acc_lb, $t5.16b @ GHASH block 4k+2 - low - ins $t6.d[1], $t6.d[0] @ GHASH block 4k+2 - mid - - aese $ctr2b, $rk5 \n aesmc $ctr2b, $ctr2b @ AES block 4k+6 - round 5 - - eor $acc_hb, $acc_hb, $t4.16b @ GHASH block 4k+2 - high - mov $t9d, $res3.d[1] @ GHASH block 4k+3 - mid - - aese $ctr1b, $rk4 \n aesmc $ctr1b, $ctr1b @ AES block 4k+5 - round 4 - - pmull2 $t6.1q, $t6.2d, $h12k.2d @ GHASH block 4k+2 - mid - - eor $t9.8b, $t9.8b, $res3.8b @ GHASH block 4k+3 - mid - - pmull2 $t7.1q, $res3.2d, $h1.2d @ GHASH block 4k+3 - high - - aese $ctr1b, $rk5 \n aesmc $ctr1b, $ctr1b @ AES block 4k+5 - round 5 - - pmull $t9.1q, $t9.1d, $h12k.1d @ GHASH block 4k+3 - mid - eor $acc_mb, $acc_mb, $t6.16b @ GHASH block 4k+2 - mid - - aese $ctr0b, $rk5 \n aesmc $ctr0b, $ctr0b @ AES block 4k+4 - round 5 - - aese $ctr1b, $rk6 \n aesmc $ctr1b, $ctr1b @ AES block 4k+5 - round 6 - - aese $ctr2b, $rk6 \n aesmc $ctr2b, $ctr2b @ AES block 4k+6 - round 6 - - aese $ctr0b, $rk6 \n aesmc $ctr0b, $ctr0b @ AES block 4k+4 - round 6 - movi $mod_constant.8b, #0xc2 - - aese $ctr3b, $rk6 \n aesmc $ctr3b, $ctr3b @ AES block 4k+7 - round 6 - - aese $ctr1b, $rk7 \n aesmc $ctr1b, $ctr1b @ AES block 4k+5 - round 7 - eor $acc_hb, $acc_hb, $t7.16b @ GHASH block 4k+3 - high - - aese $ctr0b, $rk7 \n aesmc $ctr0b, $ctr0b @ AES block 4k+4 - round 7 - - aese $ctr3b, $rk7 \n aesmc $ctr3b, $ctr3b @ AES block 4k+7 - round 7 - shl $mod_constantd, $mod_constantd, #56 @ mod_constant - - aese $ctr1b, $rk8 \n aesmc $ctr1b, $ctr1b @ AES block 4k+5 - round 8 - eor $acc_mb, $acc_mb, $t9.16b @ GHASH block 4k+3 - mid - - pmull $t8.1q, $res3.1d, $h1.1d @ GHASH block 4k+3 - low - - aese $ctr3b, $rk8 \n aesmc $ctr3b, $ctr3b @ AES block 4k+7 - round 8 - - aese $ctr1b, $rk9 \n aesmc $ctr1b, $ctr1b @ AES block 4k+5 - round 9 - - aese $ctr0b, $rk8 \n aesmc $ctr0b, $ctr0b @ AES block 4k+4 - round 8 - eor $acc_lb, $acc_lb, $t8.16b @ GHASH block 4k+3 - low - - aese $ctr3b, $rk9 \n aesmc $ctr3b, $ctr3b @ AES block 4k+7 - round 9 - - eor $acc_mb, $acc_mb, $acc_hb @ karatsuba tidy up - - pmull $t1.1q, $acc_h.1d, $mod_constant.1d - ext $acc_hb, $acc_hb, $acc_hb, #8 - - aese $ctr3b, $rk10 \n aesmc $ctr3b, $ctr3b @ AES block 4k+7 - round 10 - - aese $ctr2b, $rk7 \n aesmc $ctr2b, $ctr2b @ AES block 4k+6 - round 7 - eor $acc_mb, $acc_mb, $acc_lb - - aese $ctr1b, $rk10 \n aesmc $ctr1b, $ctr1b @ AES block 4k+5 - round 10 - - aese $ctr0b, $rk9 \n aesmc $ctr0b, $ctr0b @ AES block 4k+4 - round 9 - - aese $ctr2b, $rk8 \n aesmc $ctr2b, $ctr2b @ AES block 4k+6 - round 8 - - aese $ctr1b, $rk11 \n aesmc $ctr1b, $ctr1b @ AES block 4k+5 - round 11 - eor $acc_mb, $acc_mb, $t1.16b - - aese $ctr0b, $rk10 \n aesmc $ctr0b, $ctr0b @ AES block 4k+4 - round 10 - - aese $ctr2b, $rk9 \n aesmc $ctr2b, $ctr2b @ AES block 4k+6 - round 9 - - aese $ctr1b, $rk12 \n aesmc $ctr1b, $ctr1b @ AES block 4k+5 - round 12 - - aese $ctr0b, $rk11 \n aesmc $ctr0b, $ctr0b @ AES block 4k+4 - round 11 - eor $acc_mb, $acc_mb, $acc_hb - - aese $ctr3b, $rk11 \n aesmc $ctr3b, $ctr3b @ AES block 4k+7 - round 11 - - aese $ctr2b, $rk10 \n aesmc $ctr2b, $ctr2b @ AES block 4k+6 - round 10 - - aese $ctr0b, $rk12 \n aesmc $ctr0b, $ctr0b @ AES block 4k+4 - round 12 - - pmull $t1.1q, $acc_m.1d, $mod_constant.1d - - aese $ctr2b, $rk11 \n aesmc $ctr2b, $ctr2b @ AES block 4k+6 - round 11 - ext $acc_mb, $acc_mb, $acc_mb, #8 - - aese $ctr3b, $rk12 \n aesmc $ctr3b, $ctr3b @ AES block 4k+7 - round 12 - - aese $ctr1b, $rk13 @ AES block 4k+5 - round 13 - eor $acc_lb, $acc_lb, $t1.16b - - aese $ctr2b, $rk12 \n aesmc $ctr2b, $ctr2b @ AES block 4k+6 - round 12 - - aese $ctr3b, $rk13 @ AES block 4k+7 - round 13 - - aese $ctr0b, $rk13 @ AES block 4k+4 - round 13 - - aese $ctr2b, $rk13 @ AES block 4k+6 - round 13 - eor $acc_lb, $acc_lb, $acc_mb - .L256_enc_tail: @ TAIL - - ext $t0.16b, $acc_lb, $acc_lb, #8 @ prepare final partial tag - sub $main_end_input_ptr, $end_input_ptr, $input_ptr @ main_end_input_ptr is number of bytes left to process - ldp $input_l0, $input_h0, [$input_ptr], #16 @ AES block 4k+4 - load plaintext - - eor $input_l0, $input_l0, $rk14_l @ AES block 4k+4 - round 14 low - eor $input_h0, $input_h0, $rk14_h @ AES block 4k+4 - round 14 high - - cmp $main_end_input_ptr, #48 - fmov $ctr_t0d, $input_l0 @ AES block 4k+4 - mov low - - fmov $ctr_t0.d[1], $input_h0 @ AES block 4k+4 - mov high - - eor $res1b, $ctr_t0b, $ctr0b @ AES block 4k+4 - result - b.gt .L256_enc_blocks_more_than_3 - - cmp $main_end_input_ptr, #32 - mov $ctr3b, $ctr2b - movi $acc_l.8b, #0 - - movi $acc_h.8b, #0 - sub $rctr32w, $rctr32w, #1 - - mov $ctr2b, $ctr1b - movi $acc_m.8b, #0 - b.gt .L256_enc_blocks_more_than_2 - - mov $ctr3b, $ctr1b - sub $rctr32w, $rctr32w, #1 - cmp $main_end_input_ptr, #16 - - b.gt .L256_enc_blocks_more_than_1 - - sub $rctr32w, $rctr32w, #1 - b .L256_enc_blocks_less_than_1 - .L256_enc_blocks_more_than_3: @ blocks left > 3 - st1 { $res1b}, [$output_ptr], #16 @ AES final-3 block - store result - - ldp $input_l0, $input_h0, [$input_ptr], #16 @ AES final-2 block - load input low & high - - rev64 $res0b, $res1b @ GHASH final-3 block - - eor $input_l0, $input_l0, $rk14_l @ AES final-2 block - round 14 low - eor $res0b, $res0b, $t0.16b @ feed in partial tag - - eor $input_h0, $input_h0, $rk14_h @ AES final-2 block - round 14 high - - mov $rk4d, $res0.d[1] @ GHASH final-3 block - mid - fmov $res1d, $input_l0 @ AES final-2 block - mov low - - fmov $res1.d[1], $input_h0 @ AES final-2 block - mov high - - eor $rk4v.8b, $rk4v.8b, $res0.8b @ GHASH final-3 block - mid - movi $t0.8b, #0 @ suppress further partial tag feed in - - mov $acc_md, $h34k.d[1] @ GHASH final-3 block - mid - - pmull $acc_l.1q, $res0.1d, $h4.1d @ GHASH final-3 block - low - - pmull2 $acc_h.1q, $res0.2d, $h4.2d @ GHASH final-3 block - high - - pmull $acc_m.1q, $rk4v.1d, $acc_m.1d @ GHASH final-3 block - mid - eor $res1b, $res1b, $ctr1b @ AES final-2 block - result - .L256_enc_blocks_more_than_2: @ blocks left > 2 - - st1 { $res1b}, [$output_ptr], #16 @ AES final-2 block - store result - - ldp $input_l0, $input_h0, [$input_ptr], #16 @ AES final-1 block - load input low & high - - rev64 $res0b, $res1b @ GHASH final-2 block - - eor $input_l0, $input_l0, $rk14_l @ AES final-1 block - round 14 low - eor $res0b, $res0b, $t0.16b @ feed in partial tag - - fmov $res1d, $input_l0 @ AES final-1 block - mov low - eor $input_h0, $input_h0, $rk14_h @ AES final-1 block - round 14 high - - fmov $res1.d[1], $input_h0 @ AES final-1 block - mov high - - movi $t0.8b, #0 @ suppress further partial tag feed in - - pmull2 $rk2q1, $res0.2d, $h3.2d @ GHASH final-2 block - high - mov $rk4d, $res0.d[1] @ GHASH final-2 block - mid - - pmull $rk3q1, $res0.1d, $h3.1d @ GHASH final-2 block - low - - eor $rk4v.8b, $rk4v.8b, $res0.8b @ GHASH final-2 block - mid - - eor $res1b, $res1b, $ctr2b @ AES final-1 block - result - - eor $acc_hb, $acc_hb, $rk2 @ GHASH final-2 block - high - - pmull $rk4v.1q, $rk4v.1d, $h34k.1d @ GHASH final-2 block - mid - - eor $acc_lb, $acc_lb, $rk3 @ GHASH final-2 block - low - - eor $acc_mb, $acc_mb, $rk4v.16b @ GHASH final-2 block - mid - .L256_enc_blocks_more_than_1: @ blocks left > 1 - - st1 { $res1b}, [$output_ptr], #16 @ AES final-1 block - store result - - rev64 $res0b, $res1b @ GHASH final-1 block - - ldp $input_l0, $input_h0, [$input_ptr], #16 @ AES final block - load input low & high - - eor $res0b, $res0b, $t0.16b @ feed in partial tag - - movi $t0.8b, #0 @ suppress further partial tag feed in - - eor $input_l0, $input_l0, $rk14_l @ AES final block - round 14 low - mov $rk4d, $res0.d[1] @ GHASH final-1 block - mid - - pmull2 $rk2q1, $res0.2d, $h2.2d @ GHASH final-1 block - high - eor $input_h0, $input_h0, $rk14_h @ AES final block - round 14 high - - eor $rk4v.8b, $rk4v.8b, $res0.8b @ GHASH final-1 block - mid - - eor $acc_hb, $acc_hb, $rk2 @ GHASH final-1 block - high - - ins $rk4v.d[1], $rk4v.d[0] @ GHASH final-1 block - mid - fmov $res1d, $input_l0 @ AES final block - mov low - - fmov $res1.d[1], $input_h0 @ AES final block - mov high - - pmull2 $rk4v.1q, $rk4v.2d, $h12k.2d @ GHASH final-1 block - mid - - pmull $rk3q1, $res0.1d, $h2.1d @ GHASH final-1 block - low - - eor $res1b, $res1b, $ctr3b @ AES final block - result - eor $acc_mb, $acc_mb, $rk4v.16b @ GHASH final-1 block - mid - - eor $acc_lb, $acc_lb, $rk3 @ GHASH final-1 block - low - .L256_enc_blocks_less_than_1: @ blocks left <= 1 - - and $bit_length, $bit_length, #127 @ bit_length %= 128 - - mvn $rk14_l, xzr @ rk14_l = 0xffffffffffffffff - sub $bit_length, $bit_length, #128 @ bit_length -= 128 - - neg $bit_length, $bit_length @ bit_length = 128 - #bits in input (in range [1,128]) - ld1 { $rk0}, [$output_ptr] @ load existing bytes where the possibly partial last block is to be stored - - mvn $rk14_h, xzr @ rk14_h = 0xffffffffffffffff - and $bit_length, $bit_length, #127 @ bit_length %= 128 - - lsr $rk14_h, $rk14_h, $bit_length @ rk14_h is mask for top 64b of last block - cmp $bit_length, #64 - - csel $input_l0, $rk14_l, $rk14_h, lt - csel $input_h0, $rk14_h, xzr, lt - - fmov $ctr0d, $input_l0 @ ctr0b is mask for last block - - fmov $ctr0.d[1], $input_h0 - - and $res1b, $res1b, $ctr0b @ possibly partial last block has zeroes in highest bits - - rev64 $res0b, $res1b @ GHASH final block - - eor $res0b, $res0b, $t0.16b @ feed in partial tag - - bif $res1b, $rk0, $ctr0b @ insert existing bytes in top end of result before storing - - pmull2 $rk2q1, $res0.2d, $h1.2d @ GHASH final block - high - mov $t0d, $res0.d[1] @ GHASH final block - mid - rev $ctr32w, $rctr32w - - pmull $rk3q1, $res0.1d, $h1.1d @ GHASH final block - low - - eor $acc_hb, $acc_hb, $rk2 @ GHASH final block - high - eor $t0.8b, $t0.8b, $res0.8b @ GHASH final block - mid - - pmull $t0.1q, $t0.1d, $h12k.1d @ GHASH final block - mid - - eor $acc_lb, $acc_lb, $rk3 @ GHASH final block - low - - eor $acc_mb, $acc_mb, $t0.16b @ GHASH final block - mid - movi $mod_constant.8b, #0xc2 - - eor $t9.16b, $acc_lb, $acc_hb @ MODULO - karatsuba tidy up - - shl $mod_constantd, $mod_constantd, #56 @ mod_constant - - eor $acc_mb, $acc_mb, $t9.16b @ MODULO - karatsuba tidy up - - pmull $mod_t.1q, $acc_h.1d, $mod_constant.1d @ MODULO - top 64b align with mid - - ext $acc_hb, $acc_hb, $acc_hb, #8 @ MODULO - other top alignment - - eor $acc_mb, $acc_mb, $mod_t.16b @ MODULO - fold into mid - - eor $acc_mb, $acc_mb, $acc_hb @ MODULO - fold into mid - - pmull $acc_h.1q, $acc_m.1d, $mod_constant.1d @ MODULO - mid 64b align with low - - ext $acc_mb, $acc_mb, $acc_mb, #8 @ MODULO - other mid alignment - - str $ctr32w, [$counter, #12] @ store the updated counter - - st1 { $res1b}, [$output_ptr] @ store all 16B - eor $acc_lb, $acc_lb, $acc_hb @ MODULO - fold into low - - eor $acc_lb, $acc_lb, $acc_mb @ MODULO - fold into low - ext $acc_lb, $acc_lb, $acc_lb, #8 - rev64 $acc_lb, $acc_lb - mov x0, $len - st1 { $acc_l.16b }, [$current_tag] - - ldp x21, x22, [sp, #16] - ldp x23, x24, [sp, #32] - ldp d8, d9, [sp, #48] - ldp d10, d11, [sp, #64] - ldp d12, d13, [sp, #80] - ldp d14, d15, [sp, #96] - ldp x19, x20, [sp], #112 - ret - -.L256_enc_ret: - mov w0, #0x0 - ret -.size aes_gcm_enc_256_kernel,.-aes_gcm_enc_256_kernel -___ - -{ -my $t8="v4"; -my $t8d="d4"; -my $t9="v6"; -my $t9d="d6"; -######################################################################################### -# size_t aes_gcm_dec_256_kernel(const unsigned char *in, -# size_t len, -# unsigned char *out, -# const void *key, -# unsigned char ivec[16], -# u64 *Xi); -# -$code.=<<___; -.global aes_gcm_dec_256_kernel -.type aes_gcm_dec_256_kernel,%function -.align 4 -aes_gcm_dec_256_kernel: - cbz x1, .L256_dec_ret - stp x19, x20, [sp, #-112]! - mov x16, x4 - mov x8, x5 - stp x21, x22, [sp, #16] - stp x23, x24, [sp, #32] - stp d8, d9, [sp, #48] - stp d10, d11, [sp, #64] - stp d12, d13, [sp, #80] - stp d14, d15, [sp, #96] - - lsr $main_end_input_ptr, $bit_length, #3 @ byte_len - mov $len, $main_end_input_ptr - ldp $ctr96_b64x, $ctr96_t32x, [$counter] @ ctr96_b64, ctr96_t32 - - ldr $rk8q, [$cc, #128] @ load rk8 - sub $main_end_input_ptr, $main_end_input_ptr, #1 @ byte_len - 1 - - ldr $rk7q, [$cc, #112] @ load rk7 - and $main_end_input_ptr, $main_end_input_ptr, #0xffffffffffffffc0 @ number of bytes to be processed in main loop (at least 1 byte must be handled by tail) - - add $end_input_ptr, $input_ptr, $bit_length, lsr #3 @ end_input_ptr - ldr $rk6q, [$cc, #96] @ load rk6 - - lsr $rctr32x, $ctr96_t32x, #32 - ldr $rk5q, [$cc, #80] @ load rk5 - orr $ctr96_t32w, $ctr96_t32w, $ctr96_t32w - - ldr $rk3q, [$cc, #48] @ load rk3 - add $main_end_input_ptr, $main_end_input_ptr, $input_ptr - rev $rctr32w, $rctr32w @ rev_ctr32 - - add $rctr32w, $rctr32w, #1 @ increment rev_ctr32 - fmov $ctr3d, $ctr96_b64x @ CTR block 3 - - rev $ctr32w, $rctr32w @ CTR block 1 - add $rctr32w, $rctr32w, #1 @ CTR block 1 - fmov $ctr1d, $ctr96_b64x @ CTR block 1 - - orr $ctr32x, $ctr96_t32x, $ctr32x, lsl #32 @ CTR block 1 - ld1 { $ctr0b}, [$counter] @ special case vector load initial counter so we can start first AES block as quickly as possible - - fmov $ctr1.d[1], $ctr32x @ CTR block 1 - rev $ctr32w, $rctr32w @ CTR block 2 - add $rctr32w, $rctr32w, #1 @ CTR block 2 - - fmov $ctr2d, $ctr96_b64x @ CTR block 2 - orr $ctr32x, $ctr96_t32x, $ctr32x, lsl #32 @ CTR block 2 - - fmov $ctr2.d[1], $ctr32x @ CTR block 2 - rev $ctr32w, $rctr32w @ CTR block 3 - - orr $ctr32x, $ctr96_t32x, $ctr32x, lsl #32 @ CTR block 3 - ldr $rk0q, [$cc, #0] @ load rk0 - - fmov $ctr3.d[1], $ctr32x @ CTR block 3 - add $rctr32w, $rctr32w, #1 @ CTR block 3 - - ldr $rk4q, [$cc, #64] @ load rk4 - - ldr $rk13q, [$cc, #208] @ load rk13 - - ldr $rk1q, [$cc, #16] @ load rk1 - - aese $ctr0b, $rk0 \n aesmc $ctr0b, $ctr0b @ AES block 0 - round 0 - ldr $h3q, [$current_tag, #80] @ load h3l | h3h - ext $h3b, $h3b, $h3b, #8 - - aese $ctr3b, $rk0 \n aesmc $ctr3b, $ctr3b @ AES block 3 - round 0 - ldr $h4q, [$current_tag, #112] @ load h4l | h4h - ext $h4b, $h4b, $h4b, #8 - - aese $ctr1b, $rk0 \n aesmc $ctr1b, $ctr1b @ AES block 1 - round 0 - ldr $h2q, [$current_tag, #64] @ load h2l | h2h - ext $h2b, $h2b, $h2b, #8 - - aese $ctr2b, $rk0 \n aesmc $ctr2b, $ctr2b @ AES block 2 - round 0 - ldr $rk2q, [$cc, #32] @ load rk2 - - aese $ctr0b, $rk1 \n aesmc $ctr0b, $ctr0b @ AES block 0 - round 1 - ldp $rk14_l, $rk14_h, [$cc, #224] @ load rk14 - - aese $ctr1b, $rk1 \n aesmc $ctr1b, $ctr1b @ AES block 1 - round 1 - ld1 { $acc_lb}, [$current_tag] - ext $acc_lb, $acc_lb, $acc_lb, #8 - rev64 $acc_lb, $acc_lb - - aese $ctr2b, $rk1 \n aesmc $ctr2b, $ctr2b @ AES block 2 - round 1 - ldr $rk9q, [$cc, #144] @ load rk9 - - aese $ctr3b, $rk1 \n aesmc $ctr3b, $ctr3b @ AES block 3 - round 1 - ldr $rk12q, [$cc, #192] @ load rk12 - - aese $ctr0b, $rk2 \n aesmc $ctr0b, $ctr0b @ AES block 0 - round 2 - ldr $h1q, [$current_tag, #32] @ load h1l | h1h - ext $h1b, $h1b, $h1b, #8 - - aese $ctr2b, $rk2 \n aesmc $ctr2b, $ctr2b @ AES block 2 - round 2 - ldr $rk10q, [$cc, #160] @ load rk10 - - aese $ctr3b, $rk2 \n aesmc $ctr3b, $ctr3b @ AES block 3 - round 2 - - aese $ctr0b, $rk3 \n aesmc $ctr0b, $ctr0b @ AES block 0 - round 3 - - aese $ctr1b, $rk2 \n aesmc $ctr1b, $ctr1b @ AES block 1 - round 2 - - aese $ctr3b, $rk3 \n aesmc $ctr3b, $ctr3b @ AES block 3 - round 3 - - aese $ctr0b, $rk4 \n aesmc $ctr0b, $ctr0b @ AES block 0 - round 4 - cmp $input_ptr, $main_end_input_ptr @ check if we have <= 4 blocks - - aese $ctr2b, $rk3 \n aesmc $ctr2b, $ctr2b @ AES block 2 - round 3 - - aese $ctr1b, $rk3 \n aesmc $ctr1b, $ctr1b @ AES block 1 - round 3 - - aese $ctr3b, $rk4 \n aesmc $ctr3b, $ctr3b @ AES block 3 - round 4 - - aese $ctr2b, $rk4 \n aesmc $ctr2b, $ctr2b @ AES block 2 - round 4 - - aese $ctr1b, $rk4 \n aesmc $ctr1b, $ctr1b @ AES block 1 - round 4 - - aese $ctr3b, $rk5 \n aesmc $ctr3b, $ctr3b @ AES block 3 - round 5 - - aese $ctr0b, $rk5 \n aesmc $ctr0b, $ctr0b @ AES block 0 - round 5 - - aese $ctr1b, $rk5 \n aesmc $ctr1b, $ctr1b @ AES block 1 - round 5 - - aese $ctr2b, $rk5 \n aesmc $ctr2b, $ctr2b @ AES block 2 - round 5 - - aese $ctr0b, $rk6 \n aesmc $ctr0b, $ctr0b @ AES block 0 - round 6 - - aese $ctr3b, $rk6 \n aesmc $ctr3b, $ctr3b @ AES block 3 - round 6 - - aese $ctr1b, $rk6 \n aesmc $ctr1b, $ctr1b @ AES block 1 - round 6 - - aese $ctr2b, $rk6 \n aesmc $ctr2b, $ctr2b @ AES block 2 - round 6 - - aese $ctr0b, $rk7 \n aesmc $ctr0b, $ctr0b @ AES block 0 - round 7 - - aese $ctr1b, $rk7 \n aesmc $ctr1b, $ctr1b @ AES block 1 - round 7 - - aese $ctr3b, $rk7 \n aesmc $ctr3b, $ctr3b @ AES block 3 - round 7 - - aese $ctr0b, $rk8 \n aesmc $ctr0b, $ctr0b @ AES block 0 - round 8 - - aese $ctr2b, $rk7 \n aesmc $ctr2b, $ctr2b @ AES block 2 - round 7 - - aese $ctr3b, $rk8 \n aesmc $ctr3b, $ctr3b @ AES block 3 - round 8 - - aese $ctr1b, $rk8 \n aesmc $ctr1b, $ctr1b @ AES block 1 - round 8 - - aese $ctr0b, $rk9 \n aesmc $ctr0b, $ctr0b @ AES block 0 - round 9 - - aese $ctr2b, $rk8 \n aesmc $ctr2b, $ctr2b @ AES block 2 - round 8 - ldr $rk11q, [$cc, #176] @ load rk11 - - aese $ctr1b, $rk9 \n aesmc $ctr1b, $ctr1b @ AES block 1 - round 9 - - aese $ctr0b, $rk10 \n aesmc $ctr0b, $ctr0b @ AES block 0 - round 10 - - aese $ctr3b, $rk9 \n aesmc $ctr3b, $ctr3b @ AES block 3 - round 9 - - aese $ctr1b, $rk10 \n aesmc $ctr1b, $ctr1b @ AES block 1 - round 10 - - aese $ctr2b, $rk9 \n aesmc $ctr2b, $ctr2b @ AES block 2 - round 9 - - aese $ctr3b, $rk10 \n aesmc $ctr3b, $ctr3b @ AES block 3 - round 10 - - aese $ctr0b, $rk11 \n aesmc $ctr0b, $ctr0b @ AES block 0 - round 11 - - aese $ctr2b, $rk10 \n aesmc $ctr2b, $ctr2b @ AES block 2 - round 10 - - aese $ctr3b, $rk11 \n aesmc $ctr3b, $ctr3b @ AES block 3 - round 11 - - aese $ctr1b, $rk11 \n aesmc $ctr1b, $ctr1b @ AES block 1 - round 11 - - aese $ctr2b, $rk11 \n aesmc $ctr2b, $ctr2b @ AES block 2 - round 11 - - trn1 $acc_h.2d, $h3.2d, $h4.2d @ h4h | h3h - - trn2 $h34k.2d, $h3.2d, $h4.2d @ h4l | h3l - - trn1 $t0.2d, $h1.2d, $h2.2d @ h2h | h1h - trn2 $h12k.2d, $h1.2d, $h2.2d @ h2l | h1l - - aese $ctr1b, $rk12 \n aesmc $ctr1b, $ctr1b @ AES block 1 - round 12 - - aese $ctr0b, $rk12 \n aesmc $ctr0b, $ctr0b @ AES block 0 - round 12 - - aese $ctr2b, $rk12 \n aesmc $ctr2b, $ctr2b @ AES block 2 - round 12 - - aese $ctr3b, $rk12 \n aesmc $ctr3b, $ctr3b @ AES block 3 - round 12 - eor $h34k.16b, $h34k.16b, $acc_h.16b @ h4k | h3k - - aese $ctr1b, $rk13 @ AES block 1 - round 13 - - aese $ctr2b, $rk13 @ AES block 2 - round 13 - eor $h12k.16b, $h12k.16b, $t0.16b @ h2k | h1k - - aese $ctr3b, $rk13 @ AES block 3 - round 13 - - aese $ctr0b, $rk13 @ AES block 0 - round 13 - b.ge .L256_dec_tail @ handle tail - - ldr $res0q, [$input_ptr, #0] @ AES block 0 - load ciphertext - - ldr $res1q, [$input_ptr, #16] @ AES block 1 - load ciphertext - - rev $ctr32w, $rctr32w @ CTR block 4 - - eor $ctr0b, $res0b, $ctr0b @ AES block 0 - result - - eor $ctr1b, $res1b, $ctr1b @ AES block 1 - result - rev64 $res1b, $res1b @ GHASH block 1 - ldr $res3q, [$input_ptr, #48] @ AES block 3 - load ciphertext - - mov $output_h0, $ctr0.d[1] @ AES block 0 - mov high - - mov $output_l0, $ctr0.d[0] @ AES block 0 - mov low - rev64 $res0b, $res0b @ GHASH block 0 - add $rctr32w, $rctr32w, #1 @ CTR block 4 - - fmov $ctr0d, $ctr96_b64x @ CTR block 4 - orr $ctr32x, $ctr96_t32x, $ctr32x, lsl #32 @ CTR block 4 - - fmov $ctr0.d[1], $ctr32x @ CTR block 4 - rev $ctr32w, $rctr32w @ CTR block 5 - add $rctr32w, $rctr32w, #1 @ CTR block 5 - - mov $output_l1, $ctr1.d[0] @ AES block 1 - mov low - - orr $ctr32x, $ctr96_t32x, $ctr32x, lsl #32 @ CTR block 5 - mov $output_h1, $ctr1.d[1] @ AES block 1 - mov high - eor $output_h0, $output_h0, $rk14_h @ AES block 0 - round 14 high - - eor $output_l0, $output_l0, $rk14_l @ AES block 0 - round 14 low - stp $output_l0, $output_h0, [$output_ptr], #16 @ AES block 0 - store result - fmov $ctr1d, $ctr96_b64x @ CTR block 5 - - ldr $res2q, [$input_ptr, #32] @ AES block 2 - load ciphertext - add $input_ptr, $input_ptr, #64 @ AES input_ptr update - - fmov $ctr1.d[1], $ctr32x @ CTR block 5 - rev $ctr32w, $rctr32w @ CTR block 6 - add $rctr32w, $rctr32w, #1 @ CTR block 6 - - eor $output_l1, $output_l1, $rk14_l @ AES block 1 - round 14 low - orr $ctr32x, $ctr96_t32x, $ctr32x, lsl #32 @ CTR block 6 - - eor $output_h1, $output_h1, $rk14_h @ AES block 1 - round 14 high - stp $output_l1, $output_h1, [$output_ptr], #16 @ AES block 1 - store result - - eor $ctr2b, $res2b, $ctr2b @ AES block 2 - result - cmp $input_ptr, $main_end_input_ptr @ check if we have <= 8 blocks - b.ge .L256_dec_prepretail @ do prepretail - - .L256_dec_main_loop: @ main loop start - mov $output_l2, $ctr2.d[0] @ AES block 4k+2 - mov low - ext $acc_lb, $acc_lb, $acc_lb, #8 @ PRE 0 - eor $ctr3b, $res3b, $ctr3b @ AES block 4k+3 - result - - aese $ctr0b, $rk0 \n aesmc $ctr0b, $ctr0b @ AES block 4k+4 - round 0 - mov $output_h2, $ctr2.d[1] @ AES block 4k+2 - mov high - - aese $ctr1b, $rk0 \n aesmc $ctr1b, $ctr1b @ AES block 4k+5 - round 0 - fmov $ctr2d, $ctr96_b64x @ CTR block 4k+6 - - fmov $ctr2.d[1], $ctr32x @ CTR block 4k+6 - eor $res0b, $res0b, $acc_lb @ PRE 1 - rev $ctr32w, $rctr32w @ CTR block 4k+7 - - aese $ctr0b, $rk1 \n aesmc $ctr0b, $ctr0b @ AES block 4k+4 - round 1 - mov $output_h3, $ctr3.d[1] @ AES block 4k+3 - mov high - - aese $ctr1b, $rk1 \n aesmc $ctr1b, $ctr1b @ AES block 4k+5 - round 1 - mov $output_l3, $ctr3.d[0] @ AES block 4k+3 - mov low - - pmull2 $acc_h.1q, $res0.2d, $h4.2d @ GHASH block 4k - high - mov $t0d, $res0.d[1] @ GHASH block 4k - mid - fmov $ctr3d, $ctr96_b64x @ CTR block 4k+7 - - aese $ctr0b, $rk2 \n aesmc $ctr0b, $ctr0b @ AES block 4k+4 - round 2 - orr $ctr32x, $ctr96_t32x, $ctr32x, lsl #32 @ CTR block 4k+7 - - aese $ctr2b, $rk0 \n aesmc $ctr2b, $ctr2b @ AES block 4k+6 - round 0 - fmov $ctr3.d[1], $ctr32x @ CTR block 4k+7 - - aese $ctr1b, $rk2 \n aesmc $ctr1b, $ctr1b @ AES block 4k+5 - round 2 - eor $t0.8b, $t0.8b, $res0.8b @ GHASH block 4k - mid - - aese $ctr0b, $rk3 \n aesmc $ctr0b, $ctr0b @ AES block 4k+4 - round 3 - eor $output_h2, $output_h2, $rk14_h @ AES block 4k+2 - round 14 high - - aese $ctr2b, $rk1 \n aesmc $ctr2b, $ctr2b @ AES block 4k+6 - round 1 - mov $acc_md, $h34k.d[1] @ GHASH block 4k - mid - - aese $ctr1b, $rk3 \n aesmc $ctr1b, $ctr1b @ AES block 4k+5 - round 3 - rev64 $res2b, $res2b @ GHASH block 4k+2 - - aese $ctr3b, $rk0 \n aesmc $ctr3b, $ctr3b @ AES block 4k+7 - round 0 - eor $output_l2, $output_l2, $rk14_l @ AES block 4k+2 - round 14 low - - aese $ctr2b, $rk2 \n aesmc $ctr2b, $ctr2b @ AES block 4k+6 - round 2 - stp $output_l2, $output_h2, [$output_ptr], #16 @ AES block 4k+2 - store result - - pmull $acc_l.1q, $res0.1d, $h4.1d @ GHASH block 4k - low - - pmull2 $t1.1q, $res1.2d, $h3.2d @ GHASH block 4k+1 - high - - aese $ctr2b, $rk3 \n aesmc $ctr2b, $ctr2b @ AES block 4k+6 - round 3 - rev64 $res3b, $res3b @ GHASH block 4k+3 - - pmull $acc_m.1q, $t0.1d, $acc_m.1d @ GHASH block 4k - mid - eor $output_l3, $output_l3, $rk14_l @ AES block 4k+3 - round 14 low - - pmull $t2.1q, $res1.1d, $h3.1d @ GHASH block 4k+1 - low - eor $output_h3, $output_h3, $rk14_h @ AES block 4k+3 - round 14 high - eor $acc_hb, $acc_hb, $t1.16b @ GHASH block 4k+1 - high - - aese $ctr2b, $rk4 \n aesmc $ctr2b, $ctr2b @ AES block 4k+6 - round 4 - - aese $ctr3b, $rk1 \n aesmc $ctr3b, $ctr3b @ AES block 4k+7 - round 1 - mov $t3d, $res1.d[1] @ GHASH block 4k+1 - mid - - aese $ctr0b, $rk4 \n aesmc $ctr0b, $ctr0b @ AES block 4k+4 - round 4 - eor $acc_lb, $acc_lb, $t2.16b @ GHASH block 4k+1 - low - - aese $ctr2b, $rk5 \n aesmc $ctr2b, $ctr2b @ AES block 4k+6 - round 5 - add $rctr32w, $rctr32w, #1 @ CTR block 4k+7 - - aese $ctr3b, $rk2 \n aesmc $ctr3b, $ctr3b @ AES block 4k+7 - round 2 - mov $t6d, $res2.d[1] @ GHASH block 4k+2 - mid - - aese $ctr1b, $rk4 \n aesmc $ctr1b, $ctr1b @ AES block 4k+5 - round 4 - eor $t3.8b, $t3.8b, $res1.8b @ GHASH block 4k+1 - mid - - pmull $t5.1q, $res2.1d, $h2.1d @ GHASH block 4k+2 - low - - aese $ctr3b, $rk3 \n aesmc $ctr3b, $ctr3b @ AES block 4k+7 - round 3 - eor $t6.8b, $t6.8b, $res2.8b @ GHASH block 4k+2 - mid - - aese $ctr1b, $rk5 \n aesmc $ctr1b, $ctr1b @ AES block 4k+5 - round 5 - - aese $ctr0b, $rk5 \n aesmc $ctr0b, $ctr0b @ AES block 4k+4 - round 5 - eor $acc_lb, $acc_lb, $t5.16b @ GHASH block 4k+2 - low - - pmull $t3.1q, $t3.1d, $h34k.1d @ GHASH block 4k+1 - mid - rev $ctr32w, $rctr32w @ CTR block 4k+8 - - aese $ctr1b, $rk6 \n aesmc $ctr1b, $ctr1b @ AES block 4k+5 - round 6 - ins $t6.d[1], $t6.d[0] @ GHASH block 4k+2 - mid - - aese $ctr0b, $rk6 \n aesmc $ctr0b, $ctr0b @ AES block 4k+4 - round 6 - add $rctr32w, $rctr32w, #1 @ CTR block 4k+8 - - aese $ctr3b, $rk4 \n aesmc $ctr3b, $ctr3b @ AES block 4k+7 - round 4 - - aese $ctr1b, $rk7 \n aesmc $ctr1b, $ctr1b @ AES block 4k+5 - round 7 - eor $acc_mb, $acc_mb, $t3.16b @ GHASH block 4k+1 - mid - - aese $ctr0b, $rk7 \n aesmc $ctr0b, $ctr0b @ AES block 4k+4 - round 7 - - pmull2 $t4.1q, $res2.2d, $h2.2d @ GHASH block 4k+2 - high - mov $t9d, $res3.d[1] @ GHASH block 4k+3 - mid - - aese $ctr3b, $rk5 \n aesmc $ctr3b, $ctr3b @ AES block 4k+7 - round 5 - - pmull2 $t6.1q, $t6.2d, $h12k.2d @ GHASH block 4k+2 - mid - - aese $ctr0b, $rk8 \n aesmc $ctr0b, $ctr0b @ AES block 4k+4 - round 8 - eor $acc_hb, $acc_hb, $t4.16b @ GHASH block 4k+2 - high - - aese $ctr3b, $rk6 \n aesmc $ctr3b, $ctr3b @ AES block 4k+7 - round 6 - - pmull $t8.1q, $res3.1d, $h1.1d @ GHASH block 4k+3 - low - orr $ctr32x, $ctr96_t32x, $ctr32x, lsl #32 @ CTR block 4k+8 - eor $acc_mb, $acc_mb, $t6.16b @ GHASH block 4k+2 - mid - - pmull2 $t7.1q, $res3.2d, $h1.2d @ GHASH block 4k+3 - high - - aese $ctr0b, $rk9 \n aesmc $ctr0b, $ctr0b @ AES block 4k+4 - round 9 - eor $t9.8b, $t9.8b, $res3.8b @ GHASH block 4k+3 - mid - - aese $ctr1b, $rk8 \n aesmc $ctr1b, $ctr1b @ AES block 4k+5 - round 8 - - aese $ctr2b, $rk6 \n aesmc $ctr2b, $ctr2b @ AES block 4k+6 - round 6 - eor $acc_hb, $acc_hb, $t7.16b @ GHASH block 4k+3 - high - - aese $ctr0b, $rk10 \n aesmc $ctr0b, $ctr0b @ AES block 4k+4 - round 10 - - pmull $t9.1q, $t9.1d, $h12k.1d @ GHASH block 4k+3 - mid - movi $mod_constant.8b, #0xc2 - - aese $ctr2b, $rk7 \n aesmc $ctr2b, $ctr2b @ AES block 4k+6 - round 7 - eor $acc_lb, $acc_lb, $t8.16b @ GHASH block 4k+3 - low - - aese $ctr0b, $rk11 \n aesmc $ctr0b, $ctr0b @ AES block 4k+4 - round 11 - - aese $ctr3b, $rk7 \n aesmc $ctr3b, $ctr3b @ AES block 4k+7 - round 7 - shl $mod_constantd, $mod_constantd, #56 @ mod_constant - - aese $ctr2b, $rk8 \n aesmc $ctr2b, $ctr2b @ AES block 4k+6 - round 8 - eor $acc_mb, $acc_mb, $t9.16b @ GHASH block 4k+3 - mid - - aese $ctr0b, $rk12 \n aesmc $ctr0b, $ctr0b @ AES block 4k+4 - round 12 - - pmull $mod_t.1q, $acc_h.1d, $mod_constant.1d @ MODULO - top 64b align with mid - eor $t9.16b, $acc_lb, $acc_hb @ MODULO - karatsuba tidy up - - aese $ctr1b, $rk9 \n aesmc $ctr1b, $ctr1b @ AES block 4k+5 - round 9 - ldr $res0q, [$input_ptr, #0] @ AES block 4k+4 - load ciphertext - - aese $ctr0b, $rk13 @ AES block 4k+4 - round 13 - ext $acc_hb, $acc_hb, $acc_hb, #8 @ MODULO - other top alignment - - aese $ctr1b, $rk10 \n aesmc $ctr1b, $ctr1b @ AES block 4k+5 - round 10 - eor $acc_mb, $acc_mb, $t9.16b @ MODULO - karatsuba tidy up - - aese $ctr2b, $rk9 \n aesmc $ctr2b, $ctr2b @ AES block 4k+6 - round 9 - ldr $res1q, [$input_ptr, #16] @ AES block 4k+5 - load ciphertext - - aese $ctr3b, $rk8 \n aesmc $ctr3b, $ctr3b @ AES block 4k+7 - round 8 - eor $ctr0b, $res0b, $ctr0b @ AES block 4k+4 - result - - aese $ctr1b, $rk11 \n aesmc $ctr1b, $ctr1b @ AES block 4k+5 - round 11 - stp $output_l3, $output_h3, [$output_ptr], #16 @ AES block 4k+3 - store result - - aese $ctr2b, $rk10 \n aesmc $ctr2b, $ctr2b @ AES block 4k+6 - round 10 - eor $acc_mb, $acc_mb, $mod_t.16b @ MODULO - fold into mid - - aese $ctr3b, $rk9 \n aesmc $ctr3b, $ctr3b @ AES block 4k+7 - round 9 - ldr $res3q, [$input_ptr, #48] @ AES block 4k+7 - load ciphertext - - aese $ctr1b, $rk12 \n aesmc $ctr1b, $ctr1b @ AES block 4k+5 - round 12 - ldr $res2q, [$input_ptr, #32] @ AES block 4k+6 - load ciphertext - - aese $ctr2b, $rk11 \n aesmc $ctr2b, $ctr2b @ AES block 4k+6 - round 11 - mov $output_h0, $ctr0.d[1] @ AES block 4k+4 - mov high - - aese $ctr3b, $rk10 \n aesmc $ctr3b, $ctr3b @ AES block 4k+7 - round 10 - eor $acc_mb, $acc_mb, $acc_hb @ MODULO - fold into mid - - aese $ctr1b, $rk13 @ AES block 4k+5 - round 13 - add $input_ptr, $input_ptr, #64 @ AES input_ptr update - mov $output_l0, $ctr0.d[0] @ AES block 4k+4 - mov low - - aese $ctr2b, $rk12 \n aesmc $ctr2b, $ctr2b @ AES block 4k+6 - round 12 - fmov $ctr0d, $ctr96_b64x @ CTR block 4k+8 - - aese $ctr3b, $rk11 \n aesmc $ctr3b, $ctr3b @ AES block 4k+7 - round 11 - fmov $ctr0.d[1], $ctr32x @ CTR block 4k+8 - - pmull $mod_constant.1q, $acc_m.1d, $mod_constant.1d @ MODULO - mid 64b align with low - eor $ctr1b, $res1b, $ctr1b @ AES block 4k+5 - result - rev $ctr32w, $rctr32w @ CTR block 4k+9 - - aese $ctr2b, $rk13 @ AES block 4k+6 - round 13 - orr $ctr32x, $ctr96_t32x, $ctr32x, lsl #32 @ CTR block 4k+9 - cmp $input_ptr, $main_end_input_ptr @ LOOP CONTROL - - add $rctr32w, $rctr32w, #1 @ CTR block 4k+9 - - eor $output_l0, $output_l0, $rk14_l @ AES block 4k+4 - round 14 low - eor $output_h0, $output_h0, $rk14_h @ AES block 4k+4 - round 14 high - - mov $output_h1, $ctr1.d[1] @ AES block 4k+5 - mov high - eor $ctr2b, $res2b, $ctr2b @ AES block 4k+6 - result - eor $acc_lb, $acc_lb, $mod_constant.16b @ MODULO - fold into low - - aese $ctr3b, $rk12 \n aesmc $ctr3b, $ctr3b @ AES block 4k+7 - round 12 - mov $output_l1, $ctr1.d[0] @ AES block 4k+5 - mov low - - fmov $ctr1d, $ctr96_b64x @ CTR block 4k+9 - ext $acc_mb, $acc_mb, $acc_mb, #8 @ MODULO - other mid alignment - - fmov $ctr1.d[1], $ctr32x @ CTR block 4k+9 - rev $ctr32w, $rctr32w @ CTR block 4k+10 - add $rctr32w, $rctr32w, #1 @ CTR block 4k+10 - - aese $ctr3b, $rk13 @ AES block 4k+7 - round 13 - orr $ctr32x, $ctr96_t32x, $ctr32x, lsl #32 @ CTR block 4k+10 - - rev64 $res1b, $res1b @ GHASH block 4k+5 - eor $output_h1, $output_h1, $rk14_h @ AES block 4k+5 - round 14 high - stp $output_l0, $output_h0, [$output_ptr], #16 @ AES block 4k+4 - store result - - eor $output_l1, $output_l1, $rk14_l @ AES block 4k+5 - round 14 low - stp $output_l1, $output_h1, [$output_ptr], #16 @ AES block 4k+5 - store result - - rev64 $res0b, $res0b @ GHASH block 4k+4 - eor $acc_lb, $acc_lb, $acc_mb @ MODULO - fold into low - b.lt .L256_dec_main_loop - - - .L256_dec_prepretail: @ PREPRETAIL - ext $acc_lb, $acc_lb, $acc_lb, #8 @ PRE 0 - mov $output_l2, $ctr2.d[0] @ AES block 4k+2 - mov low - eor $ctr3b, $res3b, $ctr3b @ AES block 4k+3 - result - - aese $ctr0b, $rk0 \n aesmc $ctr0b, $ctr0b @ AES block 4k+4 - round 0 - mov $output_h2, $ctr2.d[1] @ AES block 4k+2 - mov high - - aese $ctr1b, $rk0 \n aesmc $ctr1b, $ctr1b @ AES block 4k+5 - round 0 - fmov $ctr2d, $ctr96_b64x @ CTR block 4k+6 - - fmov $ctr2.d[1], $ctr32x @ CTR block 4k+6 - rev $ctr32w, $rctr32w @ CTR block 4k+7 - eor $res0b, $res0b, $acc_lb @ PRE 1 - - rev64 $res2b, $res2b @ GHASH block 4k+2 - orr $ctr32x, $ctr96_t32x, $ctr32x, lsl #32 @ CTR block 4k+7 - mov $output_l3, $ctr3.d[0] @ AES block 4k+3 - mov low - - aese $ctr1b, $rk1 \n aesmc $ctr1b, $ctr1b @ AES block 4k+5 - round 1 - mov $output_h3, $ctr3.d[1] @ AES block 4k+3 - mov high - - pmull $acc_l.1q, $res0.1d, $h4.1d @ GHASH block 4k - low - mov $t0d, $res0.d[1] @ GHASH block 4k - mid - fmov $ctr3d, $ctr96_b64x @ CTR block 4k+7 - - pmull2 $acc_h.1q, $res0.2d, $h4.2d @ GHASH block 4k - high - fmov $ctr3.d[1], $ctr32x @ CTR block 4k+7 - - aese $ctr2b, $rk0 \n aesmc $ctr2b, $ctr2b @ AES block 4k+6 - round 0 - mov $acc_md, $h34k.d[1] @ GHASH block 4k - mid - - aese $ctr0b, $rk1 \n aesmc $ctr0b, $ctr0b @ AES block 4k+4 - round 1 - eor $t0.8b, $t0.8b, $res0.8b @ GHASH block 4k - mid - - pmull2 $t1.1q, $res1.2d, $h3.2d @ GHASH block 4k+1 - high - - aese $ctr2b, $rk1 \n aesmc $ctr2b, $ctr2b @ AES block 4k+6 - round 1 - rev64 $res3b, $res3b @ GHASH block 4k+3 - - aese $ctr3b, $rk0 \n aesmc $ctr3b, $ctr3b @ AES block 4k+7 - round 0 - - pmull $acc_m.1q, $t0.1d, $acc_m.1d @ GHASH block 4k - mid - eor $acc_hb, $acc_hb, $t1.16b @ GHASH block 4k+1 - high - - pmull $t2.1q, $res1.1d, $h3.1d @ GHASH block 4k+1 - low - - aese $ctr3b, $rk1 \n aesmc $ctr3b, $ctr3b @ AES block 4k+7 - round 1 - mov $t3d, $res1.d[1] @ GHASH block 4k+1 - mid - - aese $ctr0b, $rk2 \n aesmc $ctr0b, $ctr0b @ AES block 4k+4 - round 2 - - aese $ctr1b, $rk2 \n aesmc $ctr1b, $ctr1b @ AES block 4k+5 - round 2 - eor $acc_lb, $acc_lb, $t2.16b @ GHASH block 4k+1 - low - - aese $ctr2b, $rk2 \n aesmc $ctr2b, $ctr2b @ AES block 4k+6 - round 2 - - aese $ctr0b, $rk3 \n aesmc $ctr0b, $ctr0b @ AES block 4k+4 - round 3 - mov $t6d, $res2.d[1] @ GHASH block 4k+2 - mid - - aese $ctr3b, $rk2 \n aesmc $ctr3b, $ctr3b @ AES block 4k+7 - round 2 - eor $t3.8b, $t3.8b, $res1.8b @ GHASH block 4k+1 - mid - - pmull $t5.1q, $res2.1d, $h2.1d @ GHASH block 4k+2 - low - - aese $ctr0b, $rk4 \n aesmc $ctr0b, $ctr0b @ AES block 4k+4 - round 4 - - aese $ctr3b, $rk3 \n aesmc $ctr3b, $ctr3b @ AES block 4k+7 - round 3 - eor $t6.8b, $t6.8b, $res2.8b @ GHASH block 4k+2 - mid - - pmull $t3.1q, $t3.1d, $h34k.1d @ GHASH block 4k+1 - mid - - aese $ctr0b, $rk5 \n aesmc $ctr0b, $ctr0b @ AES block 4k+4 - round 5 - eor $acc_lb, $acc_lb, $t5.16b @ GHASH block 4k+2 - low - - aese $ctr3b, $rk4 \n aesmc $ctr3b, $ctr3b @ AES block 4k+7 - round 4 - - pmull2 $t7.1q, $res3.2d, $h1.2d @ GHASH block 4k+3 - high - eor $acc_mb, $acc_mb, $t3.16b @ GHASH block 4k+1 - mid - - pmull2 $t4.1q, $res2.2d, $h2.2d @ GHASH block 4k+2 - high - - aese $ctr3b, $rk5 \n aesmc $ctr3b, $ctr3b @ AES block 4k+7 - round 5 - ins $t6.d[1], $t6.d[0] @ GHASH block 4k+2 - mid - - aese $ctr2b, $rk3 \n aesmc $ctr2b, $ctr2b @ AES block 4k+6 - round 3 - - aese $ctr1b, $rk3 \n aesmc $ctr1b, $ctr1b @ AES block 4k+5 - round 3 - eor $acc_hb, $acc_hb, $t4.16b @ GHASH block 4k+2 - high - - pmull $t8.1q, $res3.1d, $h1.1d @ GHASH block 4k+3 - low - - aese $ctr2b, $rk4 \n aesmc $ctr2b, $ctr2b @ AES block 4k+6 - round 4 - mov $t9d, $res3.d[1] @ GHASH block 4k+3 - mid - - aese $ctr1b, $rk4 \n aesmc $ctr1b, $ctr1b @ AES block 4k+5 - round 4 - - pmull2 $t6.1q, $t6.2d, $h12k.2d @ GHASH block 4k+2 - mid - - aese $ctr2b, $rk5 \n aesmc $ctr2b, $ctr2b @ AES block 4k+6 - round 5 - eor $t9.8b, $t9.8b, $res3.8b @ GHASH block 4k+3 - mid - - aese $ctr1b, $rk5 \n aesmc $ctr1b, $ctr1b @ AES block 4k+5 - round 5 - - aese $ctr3b, $rk6 \n aesmc $ctr3b, $ctr3b @ AES block 4k+7 - round 6 - eor $acc_mb, $acc_mb, $t6.16b @ GHASH block 4k+2 - mid - - aese $ctr2b, $rk6 \n aesmc $ctr2b, $ctr2b @ AES block 4k+6 - round 6 - - aese $ctr0b, $rk6 \n aesmc $ctr0b, $ctr0b @ AES block 4k+4 - round 6 - movi $mod_constant.8b, #0xc2 - - aese $ctr1b, $rk6 \n aesmc $ctr1b, $ctr1b @ AES block 4k+5 - round 6 - eor $acc_lb, $acc_lb, $t8.16b @ GHASH block 4k+3 - low - - pmull $t9.1q, $t9.1d, $h12k.1d @ GHASH block 4k+3 - mid - - aese $ctr3b, $rk7 \n aesmc $ctr3b, $ctr3b @ AES block 4k+7 - round 7 - eor $acc_hb, $acc_hb, $t7.16b @ GHASH block 4k+3 - high - - aese $ctr1b, $rk7 \n aesmc $ctr1b, $ctr1b @ AES block 4k+5 - round 7 - - aese $ctr0b, $rk7 \n aesmc $ctr0b, $ctr0b @ AES block 4k+4 - round 7 - eor $acc_mb, $acc_mb, $t9.16b @ GHASH block 4k+3 - mid - - aese $ctr3b, $rk8 \n aesmc $ctr3b, $ctr3b @ AES block 4k+7 - round 8 - - aese $ctr2b, $rk7 \n aesmc $ctr2b, $ctr2b @ AES block 4k+6 - round 7 - eor $t9.16b, $acc_lb, $acc_hb @ MODULO - karatsuba tidy up - - aese $ctr1b, $rk8 \n aesmc $ctr1b, $ctr1b @ AES block 4k+5 - round 8 - - aese $ctr0b, $rk8 \n aesmc $ctr0b, $ctr0b @ AES block 4k+4 - round 8 - shl $mod_constantd, $mod_constantd, #56 @ mod_constant - - aese $ctr2b, $rk8 \n aesmc $ctr2b, $ctr2b @ AES block 4k+6 - round 8 - - aese $ctr1b, $rk9 \n aesmc $ctr1b, $ctr1b @ AES block 4k+5 - round 9 - eor $acc_mb, $acc_mb, $t9.16b @ MODULO - karatsuba tidy up - - pmull $mod_t.1q, $acc_h.1d, $mod_constant.1d @ MODULO - top 64b align with mid - - aese $ctr2b, $rk9 \n aesmc $ctr2b, $ctr2b @ AES block 4k+6 - round 9 - ext $acc_hb, $acc_hb, $acc_hb, #8 @ MODULO - other top alignment - - aese $ctr3b, $rk9 \n aesmc $ctr3b, $ctr3b @ AES block 4k+7 - round 9 - - aese $ctr0b, $rk9 \n aesmc $ctr0b, $ctr0b @ AES block 4k+4 - round 9 - eor $acc_mb, $acc_mb, $mod_t.16b @ MODULO - fold into mid - - aese $ctr2b, $rk10 \n aesmc $ctr2b, $ctr2b @ AES block 4k+6 - round 10 - - aese $ctr3b, $rk10 \n aesmc $ctr3b, $ctr3b @ AES block 4k+7 - round 10 - - aese $ctr0b, $rk10 \n aesmc $ctr0b, $ctr0b @ AES block 4k+4 - round 10 - eor $output_h2, $output_h2, $rk14_h @ AES block 4k+2 - round 14 high - - aese $ctr1b, $rk10 \n aesmc $ctr1b, $ctr1b @ AES block 4k+5 - round 10 - eor $output_l3, $output_l3, $rk14_l @ AES block 4k+3 - round 14 low - - aese $ctr2b, $rk11 \n aesmc $ctr2b, $ctr2b @ AES block 4k+6 - round 11 - eor $acc_mb, $acc_mb, $acc_hb @ MODULO - fold into mid - - aese $ctr0b, $rk11 \n aesmc $ctr0b, $ctr0b @ AES block 4k+4 - round 11 - add $rctr32w, $rctr32w, #1 @ CTR block 4k+7 - - aese $ctr1b, $rk11 \n aesmc $ctr1b, $ctr1b @ AES block 4k+5 - round 11 - eor $output_l2, $output_l2, $rk14_l @ AES block 4k+2 - round 14 low - - aese $ctr2b, $rk12 \n aesmc $ctr2b, $ctr2b @ AES block 4k+6 - round 12 - - pmull $mod_constant.1q, $acc_m.1d, $mod_constant.1d @ MODULO - mid 64b align with low - eor $output_h3, $output_h3, $rk14_h @ AES block 4k+3 - round 14 high - - aese $ctr3b, $rk11 \n aesmc $ctr3b, $ctr3b @ AES block 4k+7 - round 11 - stp $output_l2, $output_h2, [$output_ptr], #16 @ AES block 4k+2 - store result - - aese $ctr1b, $rk12 \n aesmc $ctr1b, $ctr1b @ AES block 4k+5 - round 12 - ext $acc_mb, $acc_mb, $acc_mb, #8 @ MODULO - other mid alignment - - aese $ctr0b, $rk12 \n aesmc $ctr0b, $ctr0b @ AES block 4k+4 - round 12 - stp $output_l3, $output_h3, [$output_ptr], #16 @ AES block 4k+3 - store result - - aese $ctr3b, $rk12 \n aesmc $ctr3b, $ctr3b @ AES block 4k+7 - round 12 - eor $acc_lb, $acc_lb, $mod_constant.16b @ MODULO - fold into low - - aese $ctr1b, $rk13 @ AES block 4k+5 - round 13 - - aese $ctr0b, $rk13 @ AES block 4k+4 - round 13 - - aese $ctr3b, $rk13 @ AES block 4k+7 - round 13 - - aese $ctr2b, $rk13 @ AES block 4k+6 - round 13 - eor $acc_lb, $acc_lb, $acc_mb @ MODULO - fold into low - .L256_dec_tail: @ TAIL - - sub $main_end_input_ptr, $end_input_ptr, $input_ptr @ main_end_input_ptr is number of bytes left to process - ld1 { $res1b}, [$input_ptr], #16 @ AES block 4k+4 - load ciphertext - - eor $ctr0b, $res1b, $ctr0b @ AES block 4k+4 - result - - mov $output_l0, $ctr0.d[0] @ AES block 4k+4 - mov low - - mov $output_h0, $ctr0.d[1] @ AES block 4k+4 - mov high - ext $t0.16b, $acc_lb, $acc_lb, #8 @ prepare final partial tag - - cmp $main_end_input_ptr, #48 - - eor $output_l0, $output_l0, $rk14_l @ AES block 4k+4 - round 14 low - - eor $output_h0, $output_h0, $rk14_h @ AES block 4k+4 - round 14 high - b.gt .L256_dec_blocks_more_than_3 - - sub $rctr32w, $rctr32w, #1 - mov $ctr3b, $ctr2b - movi $acc_m.8b, #0 - - movi $acc_l.8b, #0 - cmp $main_end_input_ptr, #32 - - movi $acc_h.8b, #0 - mov $ctr2b, $ctr1b - b.gt .L256_dec_blocks_more_than_2 - - sub $rctr32w, $rctr32w, #1 - - mov $ctr3b, $ctr1b - cmp $main_end_input_ptr, #16 - b.gt .L256_dec_blocks_more_than_1 - - sub $rctr32w, $rctr32w, #1 - b .L256_dec_blocks_less_than_1 - .L256_dec_blocks_more_than_3: @ blocks left > 3 - rev64 $res0b, $res1b @ GHASH final-3 block - ld1 { $res1b}, [$input_ptr], #16 @ AES final-2 block - load ciphertext - - stp $output_l0, $output_h0, [$output_ptr], #16 @ AES final-3 block - store result - - mov $acc_md, $h34k.d[1] @ GHASH final-3 block - mid - - eor $res0b, $res0b, $t0.16b @ feed in partial tag - - eor $ctr0b, $res1b, $ctr1b @ AES final-2 block - result - - mov $rk4d, $res0.d[1] @ GHASH final-3 block - mid - - mov $output_l0, $ctr0.d[0] @ AES final-2 block - mov low - - mov $output_h0, $ctr0.d[1] @ AES final-2 block - mov high - - eor $rk4v.8b, $rk4v.8b, $res0.8b @ GHASH final-3 block - mid - - movi $t0.8b, #0 @ suppress further partial tag feed in - - pmull2 $acc_h.1q, $res0.2d, $h4.2d @ GHASH final-3 block - high - - pmull $acc_m.1q, $rk4v.1d, $acc_m.1d @ GHASH final-3 block - mid - eor $output_l0, $output_l0, $rk14_l @ AES final-2 block - round 14 low - - pmull $acc_l.1q, $res0.1d, $h4.1d @ GHASH final-3 block - low - eor $output_h0, $output_h0, $rk14_h @ AES final-2 block - round 14 high - .L256_dec_blocks_more_than_2: @ blocks left > 2 - - rev64 $res0b, $res1b @ GHASH final-2 block - ld1 { $res1b}, [$input_ptr], #16 @ AES final-1 block - load ciphertext - - eor $res0b, $res0b, $t0.16b @ feed in partial tag - stp $output_l0, $output_h0, [$output_ptr], #16 @ AES final-2 block - store result - - eor $ctr0b, $res1b, $ctr2b @ AES final-1 block - result - - mov $rk4d, $res0.d[1] @ GHASH final-2 block - mid - - pmull $rk3q1, $res0.1d, $h3.1d @ GHASH final-2 block - low - - pmull2 $rk2q1, $res0.2d, $h3.2d @ GHASH final-2 block - high - - eor $rk4v.8b, $rk4v.8b, $res0.8b @ GHASH final-2 block - mid - mov $output_l0, $ctr0.d[0] @ AES final-1 block - mov low - - mov $output_h0, $ctr0.d[1] @ AES final-1 block - mov high - eor $acc_lb, $acc_lb, $rk3 @ GHASH final-2 block - low - movi $t0.8b, #0 @ suppress further partial tag feed in - - pmull $rk4v.1q, $rk4v.1d, $h34k.1d @ GHASH final-2 block - mid - - eor $acc_hb, $acc_hb, $rk2 @ GHASH final-2 block - high - eor $output_l0, $output_l0, $rk14_l @ AES final-1 block - round 14 low - - eor $acc_mb, $acc_mb, $rk4v.16b @ GHASH final-2 block - mid - eor $output_h0, $output_h0, $rk14_h @ AES final-1 block - round 14 high - .L256_dec_blocks_more_than_1: @ blocks left > 1 - - stp $output_l0, $output_h0, [$output_ptr], #16 @ AES final-1 block - store result - rev64 $res0b, $res1b @ GHASH final-1 block - - ld1 { $res1b}, [$input_ptr], #16 @ AES final block - load ciphertext - - eor $res0b, $res0b, $t0.16b @ feed in partial tag - movi $t0.8b, #0 @ suppress further partial tag feed in - - mov $rk4d, $res0.d[1] @ GHASH final-1 block - mid - - eor $ctr0b, $res1b, $ctr3b @ AES final block - result - - pmull2 $rk2q1, $res0.2d, $h2.2d @ GHASH final-1 block - high - - eor $rk4v.8b, $rk4v.8b, $res0.8b @ GHASH final-1 block - mid - - pmull $rk3q1, $res0.1d, $h2.1d @ GHASH final-1 block - low - mov $output_l0, $ctr0.d[0] @ AES final block - mov low - - ins $rk4v.d[1], $rk4v.d[0] @ GHASH final-1 block - mid - - mov $output_h0, $ctr0.d[1] @ AES final block - mov high - - pmull2 $rk4v.1q, $rk4v.2d, $h12k.2d @ GHASH final-1 block - mid - eor $output_l0, $output_l0, $rk14_l @ AES final block - round 14 low - - eor $acc_lb, $acc_lb, $rk3 @ GHASH final-1 block - low - - eor $acc_hb, $acc_hb, $rk2 @ GHASH final-1 block - high - - eor $acc_mb, $acc_mb, $rk4v.16b @ GHASH final-1 block - mid - eor $output_h0, $output_h0, $rk14_h @ AES final block - round 14 high - .L256_dec_blocks_less_than_1: @ blocks left <= 1 - - and $bit_length, $bit_length, #127 @ bit_length %= 128 - mvn $rk14_h, xzr @ rk14_h = 0xffffffffffffffff - - sub $bit_length, $bit_length, #128 @ bit_length -= 128 - mvn $rk14_l, xzr @ rk14_l = 0xffffffffffffffff - - ldp $end_input_ptr, $main_end_input_ptr, [$output_ptr] @ load existing bytes we need to not overwrite - neg $bit_length, $bit_length @ bit_length = 128 - #bits in input (in range [1,128]) - - and $bit_length, $bit_length, #127 @ bit_length %= 128 - - lsr $rk14_h, $rk14_h, $bit_length @ rk14_h is mask for top 64b of last block - cmp $bit_length, #64 - - csel $ctr32x, $rk14_l, $rk14_h, lt - csel $ctr96_b64x, $rk14_h, xzr, lt - - fmov $ctr0d, $ctr32x @ ctr0b is mask for last block - and $output_l0, $output_l0, $ctr32x - - mov $ctr0.d[1], $ctr96_b64x - bic $end_input_ptr, $end_input_ptr, $ctr32x @ mask out low existing bytes - - rev $ctr32w, $rctr32w - - bic $main_end_input_ptr, $main_end_input_ptr, $ctr96_b64x @ mask out high existing bytes - - orr $output_l0, $output_l0, $end_input_ptr - - and $output_h0, $output_h0, $ctr96_b64x - - orr $output_h0, $output_h0, $main_end_input_ptr - - and $res1b, $res1b, $ctr0b @ possibly partial last block has zeroes in highest bits - - rev64 $res0b, $res1b @ GHASH final block - - eor $res0b, $res0b, $t0.16b @ feed in partial tag - - pmull $rk3q1, $res0.1d, $h1.1d @ GHASH final block - low - - mov $t0d, $res0.d[1] @ GHASH final block - mid - - eor $t0.8b, $t0.8b, $res0.8b @ GHASH final block - mid - - pmull2 $rk2q1, $res0.2d, $h1.2d @ GHASH final block - high - - pmull $t0.1q, $t0.1d, $h12k.1d @ GHASH final block - mid - - eor $acc_hb, $acc_hb, $rk2 @ GHASH final block - high - - eor $acc_lb, $acc_lb, $rk3 @ GHASH final block - low - - eor $acc_mb, $acc_mb, $t0.16b @ GHASH final block - mid - movi $mod_constant.8b, #0xc2 - - eor $t9.16b, $acc_lb, $acc_hb @ MODULO - karatsuba tidy up - - shl $mod_constantd, $mod_constantd, #56 @ mod_constant - - eor $acc_mb, $acc_mb, $t9.16b @ MODULO - karatsuba tidy up - - pmull $mod_t.1q, $acc_h.1d, $mod_constant.1d @ MODULO - top 64b align with mid - - ext $acc_hb, $acc_hb, $acc_hb, #8 @ MODULO - other top alignment - - eor $acc_mb, $acc_mb, $mod_t.16b @ MODULO - fold into mid - - eor $acc_mb, $acc_mb, $acc_hb @ MODULO - fold into mid - - pmull $mod_constant.1q, $acc_m.1d, $mod_constant.1d @ MODULO - mid 64b align with low - - ext $acc_mb, $acc_mb, $acc_mb, #8 @ MODULO - other mid alignment - - eor $acc_lb, $acc_lb, $mod_constant.16b @ MODULO - fold into low - - stp $output_l0, $output_h0, [$output_ptr] - - str $ctr32w, [$counter, #12] @ store the updated counter - - eor $acc_lb, $acc_lb, $acc_mb @ MODULO - fold into low - ext $acc_lb, $acc_lb, $acc_lb, #8 - rev64 $acc_lb, $acc_lb - mov x0, $len - st1 { $acc_l.16b }, [$current_tag] - - ldp x21, x22, [sp, #16] - ldp x23, x24, [sp, #32] - ldp d8, d9, [sp, #48] - ldp d10, d11, [sp, #64] - ldp d12, d13, [sp, #80] - ldp d14, d15, [sp, #96] - ldp x19, x20, [sp], #112 - ret - -.L256_dec_ret: - mov w0, #0x0 - ret -.size aes_gcm_dec_256_kernel,.-aes_gcm_dec_256_kernel -___ -} -} - -$code.=<<___; -.asciz "GHASH for ARMv8, CRYPTOGAMS by " -.align 2 -#endif -___ - -if ($flavour =~ /64/) { ######## 64-bit code - sub unvmov { - my $arg=shift; - - $arg =~ m/q([0-9]+)#(lo|hi),\s*q([0-9]+)#(lo|hi)/o && - sprintf "ins v%d.d[%d],v%d.d[%d]",$1<8?$1:$1+8,($2 eq "lo")?0:1, - $3<8?$3:$3+8,($4 eq "lo")?0:1; - } - foreach(split("\n",$code)) { - s/@\s/\/\//o; # old->new style commentary - print $_,"\n"; - } -} else { ######## 32-bit code - sub unvdup32 { - my $arg=shift; - - $arg =~ m/q([0-9]+),\s*q([0-9]+)\[([0-3])\]/o && - sprintf "vdup.32 q%d,d%d[%d]",$1,2*$2+($3>>1),$3&1; - } - sub unvpmullp64 { - my ($mnemonic,$arg)=@_; - - if ($arg =~ m/q([0-9]+),\s*q([0-9]+),\s*q([0-9]+)/o) { - my $word = 0xf2a00e00|(($1&7)<<13)|(($1&8)<<19) - |(($2&7)<<17)|(($2&8)<<4) - |(($3&7)<<1) |(($3&8)<<2); - $word |= 0x00010001 if ($mnemonic =~ "2"); - # since ARMv7 instructions are always encoded little-endian. - # correct solution is to use .inst directive, but older%%%% - # assemblers don't implement it:-( - sprintf "INST(0x%02x,0x%02x,0x%02x,0x%02x)\t@ %s %s", - $word&0xff,($word>>8)&0xff, - ($word>>16)&0xff,($word>>24)&0xff, - $mnemonic,$arg; - } - } - - foreach(split("\n",$code)) { - s/\b[wx]([0-9]+)\b/r$1/go; # new->old registers - s/\bv([0-9])\.[12468]+[bsd]\b/q$1/go; # new->old registers - s/\/\/\s?/@ /o; # new->old style commentary - - # fix up remaining new-style suffixes - s/\],#[0-9]+/]!/o; - - s/cclr\s+([^,]+),\s*([a-z]+)/mov.$2 $1,#0/o or - s/vdup\.32\s+(.*)/unvdup32($1)/geo or - s/v?(pmull2?)\.p64\s+(.*)/unvpmullp64($1,$2)/geo or - s/\bq([0-9]+)#(lo|hi)/sprintf "d%d",2*$1+($2 eq "hi")/geo or - s/^(\s+)b\./$1b/o or - s/^(\s+)ret/$1bx\tlr/o; - - if (s/^(\s+)mov\.([a-z]+)/$1mov$2/) { - print " it $2\n"; - } - - print $_,"\n"; - } -} - -close STDOUT or die "error closing STDOUT: $!"; # enforce flush diff --git a/crypto/modes/asm/aesni-gcm-x86_64.pl b/crypto/modes/asm/aesni-gcm-x86_64.pl deleted file mode 100644 index eaf4d9c755fbb2566bde0e3d636ff86149a03027..0000000000000000000000000000000000000000 --- a/crypto/modes/asm/aesni-gcm-x86_64.pl +++ /dev/null @@ -1,1109 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2013-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - -# -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# ==================================================================== -# -# -# AES-NI-CTR+GHASH stitch. -# -# February 2013 -# -# OpenSSL GCM implementation is organized in such way that its -# performance is rather close to the sum of its streamed components, -# in the context parallelized AES-NI CTR and modulo-scheduled -# PCLMULQDQ-enabled GHASH. Unfortunately, as no stitch implementation -# was observed to perform significantly better than the sum of the -# components on contemporary CPUs, the effort was deemed impossible to -# justify. This module is based on combination of Intel submissions, -# [1] and [2], with MOVBE twist suggested by Ilya Albrekht and Max -# Locktyukhin of Intel Corp. who verified that it reduces shuffles -# pressure with notable relative improvement, achieving 1.0 cycle per -# byte processed with 128-bit key on Haswell processor, 0.74 - on -# Broadwell, 0.63 - on Skylake... [Mentioned results are raw profiled -# measurements for favourable packet size, one divisible by 96. -# Applications using the EVP interface will observe a few percent -# worse performance.] -# -# Knights Landing processes 1 byte in 1.25 cycles (measured with EVP). -# -# [1] http://rt.openssl.org/Ticket/Display.html?id=2900&user=guest&pass=guest -# [2] http://www.intel.com/content/dam/www/public/us/en/documents/software-support/enabling-high-performance-gcm.pdf - -# $output is the last argument if it looks like a file (it has an extension) -# $flavour is the first argument if it doesn't look like a file -$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; -$flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef; - -$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/); - -$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; -( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or -( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or -die "can't locate x86_64-xlate.pl"; - -if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1` - =~ /GNU assembler version ([2-9]\.[0-9]+)/) { - $avx = ($1>=2.20) + ($1>=2.22); -} - -if (!$avx && $win64 && ($flavour =~ /nasm/ || $ENV{ASM} =~ /nasm/) && - `nasm -v 2>&1` =~ /NASM version ([2-9]\.[0-9]+)/) { - $avx = ($1>=2.09) + ($1>=2.10); -} - -if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) && - `ml64 2>&1` =~ /Version ([0-9]+)\./) { - $avx = ($1>=10) + ($1>=11); -} - -if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:clang|LLVM) version|.*based on LLVM) ([0-9]+\.[0-9]+)/) { - $avx = ($2>=3.0) + ($2>3.0); -} - -open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"" - or die "can't call $xlate: $!"; -*STDOUT=*OUT; - -if ($avx>1) {{{ - -($inp,$out,$len,$key,$ivp,$Xip)=("%rdi","%rsi","%rdx","%rcx","%r8","%r9"); - -($Ii,$T1,$T2,$Hkey, - $Z0,$Z1,$Z2,$Z3,$Xi) = map("%xmm$_",(0..8)); - -($inout0,$inout1,$inout2,$inout3,$inout4,$inout5,$rndkey) = map("%xmm$_",(9..15)); - -($counter,$rounds,$ret,$const,$in0,$end0)=("%ebx","%ebp","%r10","%r11","%r14","%r15"); - -$code=<<___; -.text - -.type _aesni_ctr32_ghash_6x,\@abi-omnipotent -.align 32 -_aesni_ctr32_ghash_6x: -.cfi_startproc - vmovdqu 0x20($const),$T2 # borrow $T2, .Lone_msb - sub \$6,$len - vpxor $Z0,$Z0,$Z0 # $Z0 = 0 - vmovdqu 0x00-0x80($key),$rndkey - vpaddb $T2,$T1,$inout1 - vpaddb $T2,$inout1,$inout2 - vpaddb $T2,$inout2,$inout3 - vpaddb $T2,$inout3,$inout4 - vpaddb $T2,$inout4,$inout5 - vpxor $rndkey,$T1,$inout0 - vmovdqu $Z0,16+8(%rsp) # "$Z3" = 0 - jmp .Loop6x - -.align 32 -.Loop6x: - add \$`6<<24`,$counter - jc .Lhandle_ctr32 # discard $inout[1-5]? - vmovdqu 0x00-0x20($Xip),$Hkey # $Hkey^1 - vpaddb $T2,$inout5,$T1 # next counter value - vpxor $rndkey,$inout1,$inout1 - vpxor $rndkey,$inout2,$inout2 - -.Lresume_ctr32: - vmovdqu $T1,($ivp) # save next counter value - vpclmulqdq \$0x10,$Hkey,$Z3,$Z1 - vpxor $rndkey,$inout3,$inout3 - vmovups 0x10-0x80($key),$T2 # borrow $T2 for $rndkey - vpclmulqdq \$0x01,$Hkey,$Z3,$Z2 - xor %r12,%r12 - cmp $in0,$end0 - - vaesenc $T2,$inout0,$inout0 - vmovdqu 0x30+8(%rsp),$Ii # I[4] - vpxor $rndkey,$inout4,$inout4 - vpclmulqdq \$0x00,$Hkey,$Z3,$T1 - vaesenc $T2,$inout1,$inout1 - vpxor $rndkey,$inout5,$inout5 - setnc %r12b - vpclmulqdq \$0x11,$Hkey,$Z3,$Z3 - vaesenc $T2,$inout2,$inout2 - vmovdqu 0x10-0x20($Xip),$Hkey # $Hkey^2 - neg %r12 - vaesenc $T2,$inout3,$inout3 - vpxor $Z1,$Z2,$Z2 - vpclmulqdq \$0x00,$Hkey,$Ii,$Z1 - vpxor $Z0,$Xi,$Xi # modulo-scheduled - vaesenc $T2,$inout4,$inout4 - vpxor $Z1,$T1,$Z0 - and \$0x60,%r12 - vmovups 0x20-0x80($key),$rndkey - vpclmulqdq \$0x10,$Hkey,$Ii,$T1 - vaesenc $T2,$inout5,$inout5 - - vpclmulqdq \$0x01,$Hkey,$Ii,$T2 - lea ($in0,%r12),$in0 - vaesenc $rndkey,$inout0,$inout0 - vpxor 16+8(%rsp),$Xi,$Xi # modulo-scheduled [vpxor $Z3,$Xi,$Xi] - vpclmulqdq \$0x11,$Hkey,$Ii,$Hkey - vmovdqu 0x40+8(%rsp),$Ii # I[3] - vaesenc $rndkey,$inout1,$inout1 - movbe 0x58($in0),%r13 - vaesenc $rndkey,$inout2,$inout2 - movbe 0x50($in0),%r12 - vaesenc $rndkey,$inout3,$inout3 - mov %r13,0x20+8(%rsp) - vaesenc $rndkey,$inout4,$inout4 - mov %r12,0x28+8(%rsp) - vmovdqu 0x30-0x20($Xip),$Z1 # borrow $Z1 for $Hkey^3 - vaesenc $rndkey,$inout5,$inout5 - - vmovups 0x30-0x80($key),$rndkey - vpxor $T1,$Z2,$Z2 - vpclmulqdq \$0x00,$Z1,$Ii,$T1 - vaesenc $rndkey,$inout0,$inout0 - vpxor $T2,$Z2,$Z2 - vpclmulqdq \$0x10,$Z1,$Ii,$T2 - vaesenc $rndkey,$inout1,$inout1 - vpxor $Hkey,$Z3,$Z3 - vpclmulqdq \$0x01,$Z1,$Ii,$Hkey - vaesenc $rndkey,$inout2,$inout2 - vpclmulqdq \$0x11,$Z1,$Ii,$Z1 - vmovdqu 0x50+8(%rsp),$Ii # I[2] - vaesenc $rndkey,$inout3,$inout3 - vaesenc $rndkey,$inout4,$inout4 - vpxor $T1,$Z0,$Z0 - vmovdqu 0x40-0x20($Xip),$T1 # borrow $T1 for $Hkey^4 - vaesenc $rndkey,$inout5,$inout5 - - vmovups 0x40-0x80($key),$rndkey - vpxor $T2,$Z2,$Z2 - vpclmulqdq \$0x00,$T1,$Ii,$T2 - vaesenc $rndkey,$inout0,$inout0 - vpxor $Hkey,$Z2,$Z2 - vpclmulqdq \$0x10,$T1,$Ii,$Hkey - vaesenc $rndkey,$inout1,$inout1 - movbe 0x48($in0),%r13 - vpxor $Z1,$Z3,$Z3 - vpclmulqdq \$0x01,$T1,$Ii,$Z1 - vaesenc $rndkey,$inout2,$inout2 - movbe 0x40($in0),%r12 - vpclmulqdq \$0x11,$T1,$Ii,$T1 - vmovdqu 0x60+8(%rsp),$Ii # I[1] - vaesenc $rndkey,$inout3,$inout3 - mov %r13,0x30+8(%rsp) - vaesenc $rndkey,$inout4,$inout4 - mov %r12,0x38+8(%rsp) - vpxor $T2,$Z0,$Z0 - vmovdqu 0x60-0x20($Xip),$T2 # borrow $T2 for $Hkey^5 - vaesenc $rndkey,$inout5,$inout5 - - vmovups 0x50-0x80($key),$rndkey - vpxor $Hkey,$Z2,$Z2 - vpclmulqdq \$0x00,$T2,$Ii,$Hkey - vaesenc $rndkey,$inout0,$inout0 - vpxor $Z1,$Z2,$Z2 - vpclmulqdq \$0x10,$T2,$Ii,$Z1 - vaesenc $rndkey,$inout1,$inout1 - movbe 0x38($in0),%r13 - vpxor $T1,$Z3,$Z3 - vpclmulqdq \$0x01,$T2,$Ii,$T1 - vpxor 0x70+8(%rsp),$Xi,$Xi # accumulate I[0] - vaesenc $rndkey,$inout2,$inout2 - movbe 0x30($in0),%r12 - vpclmulqdq \$0x11,$T2,$Ii,$T2 - vaesenc $rndkey,$inout3,$inout3 - mov %r13,0x40+8(%rsp) - vaesenc $rndkey,$inout4,$inout4 - mov %r12,0x48+8(%rsp) - vpxor $Hkey,$Z0,$Z0 - vmovdqu 0x70-0x20($Xip),$Hkey # $Hkey^6 - vaesenc $rndkey,$inout5,$inout5 - - vmovups 0x60-0x80($key),$rndkey - vpxor $Z1,$Z2,$Z2 - vpclmulqdq \$0x10,$Hkey,$Xi,$Z1 - vaesenc $rndkey,$inout0,$inout0 - vpxor $T1,$Z2,$Z2 - vpclmulqdq \$0x01,$Hkey,$Xi,$T1 - vaesenc $rndkey,$inout1,$inout1 - movbe 0x28($in0),%r13 - vpxor $T2,$Z3,$Z3 - vpclmulqdq \$0x00,$Hkey,$Xi,$T2 - vaesenc $rndkey,$inout2,$inout2 - movbe 0x20($in0),%r12 - vpclmulqdq \$0x11,$Hkey,$Xi,$Xi - vaesenc $rndkey,$inout3,$inout3 - mov %r13,0x50+8(%rsp) - vaesenc $rndkey,$inout4,$inout4 - mov %r12,0x58+8(%rsp) - vpxor $Z1,$Z2,$Z2 - vaesenc $rndkey,$inout5,$inout5 - vpxor $T1,$Z2,$Z2 - - vmovups 0x70-0x80($key),$rndkey - vpslldq \$8,$Z2,$Z1 - vpxor $T2,$Z0,$Z0 - vmovdqu 0x10($const),$Hkey # .Lpoly - - vaesenc $rndkey,$inout0,$inout0 - vpxor $Xi,$Z3,$Z3 - vaesenc $rndkey,$inout1,$inout1 - vpxor $Z1,$Z0,$Z0 - movbe 0x18($in0),%r13 - vaesenc $rndkey,$inout2,$inout2 - movbe 0x10($in0),%r12 - vpalignr \$8,$Z0,$Z0,$Ii # 1st phase - vpclmulqdq \$0x10,$Hkey,$Z0,$Z0 - mov %r13,0x60+8(%rsp) - vaesenc $rndkey,$inout3,$inout3 - mov %r12,0x68+8(%rsp) - vaesenc $rndkey,$inout4,$inout4 - vmovups 0x80-0x80($key),$T1 # borrow $T1 for $rndkey - vaesenc $rndkey,$inout5,$inout5 - - vaesenc $T1,$inout0,$inout0 - vmovups 0x90-0x80($key),$rndkey - vaesenc $T1,$inout1,$inout1 - vpsrldq \$8,$Z2,$Z2 - vaesenc $T1,$inout2,$inout2 - vpxor $Z2,$Z3,$Z3 - vaesenc $T1,$inout3,$inout3 - vpxor $Ii,$Z0,$Z0 - movbe 0x08($in0),%r13 - vaesenc $T1,$inout4,$inout4 - movbe 0x00($in0),%r12 - vaesenc $T1,$inout5,$inout5 - vmovups 0xa0-0x80($key),$T1 - cmp \$11,$rounds - jb .Lenc_tail # 128-bit key - - vaesenc $rndkey,$inout0,$inout0 - vaesenc $rndkey,$inout1,$inout1 - vaesenc $rndkey,$inout2,$inout2 - vaesenc $rndkey,$inout3,$inout3 - vaesenc $rndkey,$inout4,$inout4 - vaesenc $rndkey,$inout5,$inout5 - - vaesenc $T1,$inout0,$inout0 - vaesenc $T1,$inout1,$inout1 - vaesenc $T1,$inout2,$inout2 - vaesenc $T1,$inout3,$inout3 - vaesenc $T1,$inout4,$inout4 - vmovups 0xb0-0x80($key),$rndkey - vaesenc $T1,$inout5,$inout5 - vmovups 0xc0-0x80($key),$T1 - je .Lenc_tail # 192-bit key - - vaesenc $rndkey,$inout0,$inout0 - vaesenc $rndkey,$inout1,$inout1 - vaesenc $rndkey,$inout2,$inout2 - vaesenc $rndkey,$inout3,$inout3 - vaesenc $rndkey,$inout4,$inout4 - vaesenc $rndkey,$inout5,$inout5 - - vaesenc $T1,$inout0,$inout0 - vaesenc $T1,$inout1,$inout1 - vaesenc $T1,$inout2,$inout2 - vaesenc $T1,$inout3,$inout3 - vaesenc $T1,$inout4,$inout4 - vmovups 0xd0-0x80($key),$rndkey - vaesenc $T1,$inout5,$inout5 - vmovups 0xe0-0x80($key),$T1 - jmp .Lenc_tail # 256-bit key - -.align 32 -.Lhandle_ctr32: - vmovdqu ($const),$Ii # borrow $Ii for .Lbswap_mask - vpshufb $Ii,$T1,$Z2 # byte-swap counter - vmovdqu 0x30($const),$Z1 # borrow $Z1, .Ltwo_lsb - vpaddd 0x40($const),$Z2,$inout1 # .Lone_lsb - vpaddd $Z1,$Z2,$inout2 - vmovdqu 0x00-0x20($Xip),$Hkey # $Hkey^1 - vpaddd $Z1,$inout1,$inout3 - vpshufb $Ii,$inout1,$inout1 - vpaddd $Z1,$inout2,$inout4 - vpshufb $Ii,$inout2,$inout2 - vpxor $rndkey,$inout1,$inout1 - vpaddd $Z1,$inout3,$inout5 - vpshufb $Ii,$inout3,$inout3 - vpxor $rndkey,$inout2,$inout2 - vpaddd $Z1,$inout4,$T1 # byte-swapped next counter value - vpshufb $Ii,$inout4,$inout4 - vpshufb $Ii,$inout5,$inout5 - vpshufb $Ii,$T1,$T1 # next counter value - jmp .Lresume_ctr32 - -.align 32 -.Lenc_tail: - vaesenc $rndkey,$inout0,$inout0 - vmovdqu $Z3,16+8(%rsp) # postpone vpxor $Z3,$Xi,$Xi - vpalignr \$8,$Z0,$Z0,$Xi # 2nd phase - vaesenc $rndkey,$inout1,$inout1 - vpclmulqdq \$0x10,$Hkey,$Z0,$Z0 - vpxor 0x00($inp),$T1,$T2 - vaesenc $rndkey,$inout2,$inout2 - vpxor 0x10($inp),$T1,$Ii - vaesenc $rndkey,$inout3,$inout3 - vpxor 0x20($inp),$T1,$Z1 - vaesenc $rndkey,$inout4,$inout4 - vpxor 0x30($inp),$T1,$Z2 - vaesenc $rndkey,$inout5,$inout5 - vpxor 0x40($inp),$T1,$Z3 - vpxor 0x50($inp),$T1,$Hkey - vmovdqu ($ivp),$T1 # load next counter value - - vaesenclast $T2,$inout0,$inout0 - vmovdqu 0x20($const),$T2 # borrow $T2, .Lone_msb - vaesenclast $Ii,$inout1,$inout1 - vpaddb $T2,$T1,$Ii - mov %r13,0x70+8(%rsp) - lea 0x60($inp),$inp - vaesenclast $Z1,$inout2,$inout2 - vpaddb $T2,$Ii,$Z1 - mov %r12,0x78+8(%rsp) - lea 0x60($out),$out - vmovdqu 0x00-0x80($key),$rndkey - vaesenclast $Z2,$inout3,$inout3 - vpaddb $T2,$Z1,$Z2 - vaesenclast $Z3, $inout4,$inout4 - vpaddb $T2,$Z2,$Z3 - vaesenclast $Hkey,$inout5,$inout5 - vpaddb $T2,$Z3,$Hkey - - add \$0x60,$ret - sub \$0x6,$len - jc .L6x_done - - vmovups $inout0,-0x60($out) # save output - vpxor $rndkey,$T1,$inout0 - vmovups $inout1,-0x50($out) - vmovdqa $Ii,$inout1 # 0 latency - vmovups $inout2,-0x40($out) - vmovdqa $Z1,$inout2 # 0 latency - vmovups $inout3,-0x30($out) - vmovdqa $Z2,$inout3 # 0 latency - vmovups $inout4,-0x20($out) - vmovdqa $Z3,$inout4 # 0 latency - vmovups $inout5,-0x10($out) - vmovdqa $Hkey,$inout5 # 0 latency - vmovdqu 0x20+8(%rsp),$Z3 # I[5] - jmp .Loop6x - -.L6x_done: - vpxor 16+8(%rsp),$Xi,$Xi # modulo-scheduled - vpxor $Z0,$Xi,$Xi # modulo-scheduled - - ret -.cfi_endproc -.size _aesni_ctr32_ghash_6x,.-_aesni_ctr32_ghash_6x -___ -###################################################################### -# -# size_t aesni_gcm_[en|de]crypt(const void *inp, void *out, size_t len, -# const AES_KEY *key, unsigned char iv[16], -# struct { u128 Xi,H,Htbl[9]; } *Xip); -$code.=<<___; -.globl aesni_gcm_decrypt -.type aesni_gcm_decrypt,\@function,6 -.align 32 -aesni_gcm_decrypt: -.cfi_startproc - xor $ret,$ret - cmp \$0x60,$len # minimal accepted length - jb .Lgcm_dec_abort - - lea (%rsp),%rax # save stack pointer -.cfi_def_cfa_register %rax - push %rbx -.cfi_push %rbx - push %rbp -.cfi_push %rbp - push %r12 -.cfi_push %r12 - push %r13 -.cfi_push %r13 - push %r14 -.cfi_push %r14 - push %r15 -.cfi_push %r15 -___ -$code.=<<___ if ($win64); - lea -0xa8(%rsp),%rsp - movaps %xmm6,-0xd8(%rax) - movaps %xmm7,-0xc8(%rax) - movaps %xmm8,-0xb8(%rax) - movaps %xmm9,-0xa8(%rax) - movaps %xmm10,-0x98(%rax) - movaps %xmm11,-0x88(%rax) - movaps %xmm12,-0x78(%rax) - movaps %xmm13,-0x68(%rax) - movaps %xmm14,-0x58(%rax) - movaps %xmm15,-0x48(%rax) -.Lgcm_dec_body: -___ -$code.=<<___; - vzeroupper - - vmovdqu ($ivp),$T1 # input counter value - add \$-128,%rsp - mov 12($ivp),$counter - lea .Lbswap_mask(%rip),$const - lea -0x80($key),$in0 # borrow $in0 - mov \$0xf80,$end0 # borrow $end0 - vmovdqu ($Xip),$Xi # load Xi - and \$-128,%rsp # ensure stack alignment - vmovdqu ($const),$Ii # borrow $Ii for .Lbswap_mask - lea 0x80($key),$key # size optimization - lea 0x20+0x20($Xip),$Xip # size optimization - mov 0xf0-0x80($key),$rounds - vpshufb $Ii,$Xi,$Xi - - and $end0,$in0 - and %rsp,$end0 - sub $in0,$end0 - jc .Ldec_no_key_aliasing - cmp \$768,$end0 - jnc .Ldec_no_key_aliasing - sub $end0,%rsp # avoid aliasing with key -.Ldec_no_key_aliasing: - - vmovdqu 0x50($inp),$Z3 # I[5] - lea ($inp),$in0 - vmovdqu 0x40($inp),$Z0 - lea -0xc0($inp,$len),$end0 - vmovdqu 0x30($inp),$Z1 - shr \$4,$len - xor $ret,$ret - vmovdqu 0x20($inp),$Z2 - vpshufb $Ii,$Z3,$Z3 # passed to _aesni_ctr32_ghash_6x - vmovdqu 0x10($inp),$T2 - vpshufb $Ii,$Z0,$Z0 - vmovdqu ($inp),$Hkey - vpshufb $Ii,$Z1,$Z1 - vmovdqu $Z0,0x30(%rsp) - vpshufb $Ii,$Z2,$Z2 - vmovdqu $Z1,0x40(%rsp) - vpshufb $Ii,$T2,$T2 - vmovdqu $Z2,0x50(%rsp) - vpshufb $Ii,$Hkey,$Hkey - vmovdqu $T2,0x60(%rsp) - vmovdqu $Hkey,0x70(%rsp) - - call _aesni_ctr32_ghash_6x - - vmovups $inout0,-0x60($out) # save output - vmovups $inout1,-0x50($out) - vmovups $inout2,-0x40($out) - vmovups $inout3,-0x30($out) - vmovups $inout4,-0x20($out) - vmovups $inout5,-0x10($out) - - vpshufb ($const),$Xi,$Xi # .Lbswap_mask - vmovdqu $Xi,-0x40($Xip) # output Xi - - vzeroupper -___ -$code.=<<___ if ($win64); - movaps -0xd8(%rax),%xmm6 - movaps -0xc8(%rax),%xmm7 - movaps -0xb8(%rax),%xmm8 - movaps -0xa8(%rax),%xmm9 - movaps -0x98(%rax),%xmm10 - movaps -0x88(%rax),%xmm11 - movaps -0x78(%rax),%xmm12 - movaps -0x68(%rax),%xmm13 - movaps -0x58(%rax),%xmm14 - movaps -0x48(%rax),%xmm15 -___ -$code.=<<___; - mov -48(%rax),%r15 -.cfi_restore %r15 - mov -40(%rax),%r14 -.cfi_restore %r14 - mov -32(%rax),%r13 -.cfi_restore %r13 - mov -24(%rax),%r12 -.cfi_restore %r12 - mov -16(%rax),%rbp -.cfi_restore %rbp - mov -8(%rax),%rbx -.cfi_restore %rbx - lea (%rax),%rsp # restore %rsp -.cfi_def_cfa_register %rsp -.Lgcm_dec_abort: - mov $ret,%rax # return value - ret -.cfi_endproc -.size aesni_gcm_decrypt,.-aesni_gcm_decrypt -___ - -$code.=<<___; -.type _aesni_ctr32_6x,\@abi-omnipotent -.align 32 -_aesni_ctr32_6x: -.cfi_startproc - vmovdqu 0x00-0x80($key),$Z0 # borrow $Z0 for $rndkey - vmovdqu 0x20($const),$T2 # borrow $T2, .Lone_msb - lea -1($rounds),%r13 - vmovups 0x10-0x80($key),$rndkey - lea 0x20-0x80($key),%r12 - vpxor $Z0,$T1,$inout0 - add \$`6<<24`,$counter - jc .Lhandle_ctr32_2 - vpaddb $T2,$T1,$inout1 - vpaddb $T2,$inout1,$inout2 - vpxor $Z0,$inout1,$inout1 - vpaddb $T2,$inout2,$inout3 - vpxor $Z0,$inout2,$inout2 - vpaddb $T2,$inout3,$inout4 - vpxor $Z0,$inout3,$inout3 - vpaddb $T2,$inout4,$inout5 - vpxor $Z0,$inout4,$inout4 - vpaddb $T2,$inout5,$T1 - vpxor $Z0,$inout5,$inout5 - jmp .Loop_ctr32 - -.align 16 -.Loop_ctr32: - vaesenc $rndkey,$inout0,$inout0 - vaesenc $rndkey,$inout1,$inout1 - vaesenc $rndkey,$inout2,$inout2 - vaesenc $rndkey,$inout3,$inout3 - vaesenc $rndkey,$inout4,$inout4 - vaesenc $rndkey,$inout5,$inout5 - vmovups (%r12),$rndkey - lea 0x10(%r12),%r12 - dec %r13d - jnz .Loop_ctr32 - - vmovdqu (%r12),$Hkey # last round key - vaesenc $rndkey,$inout0,$inout0 - vpxor 0x00($inp),$Hkey,$Z0 - vaesenc $rndkey,$inout1,$inout1 - vpxor 0x10($inp),$Hkey,$Z1 - vaesenc $rndkey,$inout2,$inout2 - vpxor 0x20($inp),$Hkey,$Z2 - vaesenc $rndkey,$inout3,$inout3 - vpxor 0x30($inp),$Hkey,$Xi - vaesenc $rndkey,$inout4,$inout4 - vpxor 0x40($inp),$Hkey,$T2 - vaesenc $rndkey,$inout5,$inout5 - vpxor 0x50($inp),$Hkey,$Hkey - lea 0x60($inp),$inp - - vaesenclast $Z0,$inout0,$inout0 - vaesenclast $Z1,$inout1,$inout1 - vaesenclast $Z2,$inout2,$inout2 - vaesenclast $Xi,$inout3,$inout3 - vaesenclast $T2,$inout4,$inout4 - vaesenclast $Hkey,$inout5,$inout5 - vmovups $inout0,0x00($out) - vmovups $inout1,0x10($out) - vmovups $inout2,0x20($out) - vmovups $inout3,0x30($out) - vmovups $inout4,0x40($out) - vmovups $inout5,0x50($out) - lea 0x60($out),$out - - ret -.align 32 -.Lhandle_ctr32_2: - vpshufb $Ii,$T1,$Z2 # byte-swap counter - vmovdqu 0x30($const),$Z1 # borrow $Z1, .Ltwo_lsb - vpaddd 0x40($const),$Z2,$inout1 # .Lone_lsb - vpaddd $Z1,$Z2,$inout2 - vpaddd $Z1,$inout1,$inout3 - vpshufb $Ii,$inout1,$inout1 - vpaddd $Z1,$inout2,$inout4 - vpshufb $Ii,$inout2,$inout2 - vpxor $Z0,$inout1,$inout1 - vpaddd $Z1,$inout3,$inout5 - vpshufb $Ii,$inout3,$inout3 - vpxor $Z0,$inout2,$inout2 - vpaddd $Z1,$inout4,$T1 # byte-swapped next counter value - vpshufb $Ii,$inout4,$inout4 - vpxor $Z0,$inout3,$inout3 - vpshufb $Ii,$inout5,$inout5 - vpxor $Z0,$inout4,$inout4 - vpshufb $Ii,$T1,$T1 # next counter value - vpxor $Z0,$inout5,$inout5 - jmp .Loop_ctr32 -.cfi_endproc -.size _aesni_ctr32_6x,.-_aesni_ctr32_6x - -.globl aesni_gcm_encrypt -.type aesni_gcm_encrypt,\@function,6 -.align 32 -aesni_gcm_encrypt: -.cfi_startproc - xor $ret,$ret - cmp \$0x60*3,$len # minimal accepted length - jb .Lgcm_enc_abort - - lea (%rsp),%rax # save stack pointer -.cfi_def_cfa_register %rax - push %rbx -.cfi_push %rbx - push %rbp -.cfi_push %rbp - push %r12 -.cfi_push %r12 - push %r13 -.cfi_push %r13 - push %r14 -.cfi_push %r14 - push %r15 -.cfi_push %r15 -___ -$code.=<<___ if ($win64); - lea -0xa8(%rsp),%rsp - movaps %xmm6,-0xd8(%rax) - movaps %xmm7,-0xc8(%rax) - movaps %xmm8,-0xb8(%rax) - movaps %xmm9,-0xa8(%rax) - movaps %xmm10,-0x98(%rax) - movaps %xmm11,-0x88(%rax) - movaps %xmm12,-0x78(%rax) - movaps %xmm13,-0x68(%rax) - movaps %xmm14,-0x58(%rax) - movaps %xmm15,-0x48(%rax) -.Lgcm_enc_body: -___ -$code.=<<___; - vzeroupper - - vmovdqu ($ivp),$T1 # input counter value - add \$-128,%rsp - mov 12($ivp),$counter - lea .Lbswap_mask(%rip),$const - lea -0x80($key),$in0 # borrow $in0 - mov \$0xf80,$end0 # borrow $end0 - lea 0x80($key),$key # size optimization - vmovdqu ($const),$Ii # borrow $Ii for .Lbswap_mask - and \$-128,%rsp # ensure stack alignment - mov 0xf0-0x80($key),$rounds - - and $end0,$in0 - and %rsp,$end0 - sub $in0,$end0 - jc .Lenc_no_key_aliasing - cmp \$768,$end0 - jnc .Lenc_no_key_aliasing - sub $end0,%rsp # avoid aliasing with key -.Lenc_no_key_aliasing: - - lea ($out),$in0 - lea -0xc0($out,$len),$end0 - shr \$4,$len - - call _aesni_ctr32_6x - vpshufb $Ii,$inout0,$Xi # save bswapped output on stack - vpshufb $Ii,$inout1,$T2 - vmovdqu $Xi,0x70(%rsp) - vpshufb $Ii,$inout2,$Z0 - vmovdqu $T2,0x60(%rsp) - vpshufb $Ii,$inout3,$Z1 - vmovdqu $Z0,0x50(%rsp) - vpshufb $Ii,$inout4,$Z2 - vmovdqu $Z1,0x40(%rsp) - vpshufb $Ii,$inout5,$Z3 # passed to _aesni_ctr32_ghash_6x - vmovdqu $Z2,0x30(%rsp) - - call _aesni_ctr32_6x - - vmovdqu ($Xip),$Xi # load Xi - lea 0x20+0x20($Xip),$Xip # size optimization - sub \$12,$len - mov \$0x60*2,$ret - vpshufb $Ii,$Xi,$Xi - - call _aesni_ctr32_ghash_6x - vmovdqu 0x20(%rsp),$Z3 # I[5] - vmovdqu ($const),$Ii # borrow $Ii for .Lbswap_mask - vmovdqu 0x00-0x20($Xip),$Hkey # $Hkey^1 - vpunpckhqdq $Z3,$Z3,$T1 - vmovdqu 0x20-0x20($Xip),$rndkey # borrow $rndkey for $HK - vmovups $inout0,-0x60($out) # save output - vpshufb $Ii,$inout0,$inout0 # but keep bswapped copy - vpxor $Z3,$T1,$T1 - vmovups $inout1,-0x50($out) - vpshufb $Ii,$inout1,$inout1 - vmovups $inout2,-0x40($out) - vpshufb $Ii,$inout2,$inout2 - vmovups $inout3,-0x30($out) - vpshufb $Ii,$inout3,$inout3 - vmovups $inout4,-0x20($out) - vpshufb $Ii,$inout4,$inout4 - vmovups $inout5,-0x10($out) - vpshufb $Ii,$inout5,$inout5 - vmovdqu $inout0,0x10(%rsp) # free $inout0 -___ -{ my ($HK,$T3)=($rndkey,$inout0); - -$code.=<<___; - vmovdqu 0x30(%rsp),$Z2 # I[4] - vmovdqu 0x10-0x20($Xip),$Ii # borrow $Ii for $Hkey^2 - vpunpckhqdq $Z2,$Z2,$T2 - vpclmulqdq \$0x00,$Hkey,$Z3,$Z1 - vpxor $Z2,$T2,$T2 - vpclmulqdq \$0x11,$Hkey,$Z3,$Z3 - vpclmulqdq \$0x00,$HK,$T1,$T1 - - vmovdqu 0x40(%rsp),$T3 # I[3] - vpclmulqdq \$0x00,$Ii,$Z2,$Z0 - vmovdqu 0x30-0x20($Xip),$Hkey # $Hkey^3 - vpxor $Z1,$Z0,$Z0 - vpunpckhqdq $T3,$T3,$Z1 - vpclmulqdq \$0x11,$Ii,$Z2,$Z2 - vpxor $T3,$Z1,$Z1 - vpxor $Z3,$Z2,$Z2 - vpclmulqdq \$0x10,$HK,$T2,$T2 - vmovdqu 0x50-0x20($Xip),$HK - vpxor $T1,$T2,$T2 - - vmovdqu 0x50(%rsp),$T1 # I[2] - vpclmulqdq \$0x00,$Hkey,$T3,$Z3 - vmovdqu 0x40-0x20($Xip),$Ii # borrow $Ii for $Hkey^4 - vpxor $Z0,$Z3,$Z3 - vpunpckhqdq $T1,$T1,$Z0 - vpclmulqdq \$0x11,$Hkey,$T3,$T3 - vpxor $T1,$Z0,$Z0 - vpxor $Z2,$T3,$T3 - vpclmulqdq \$0x00,$HK,$Z1,$Z1 - vpxor $T2,$Z1,$Z1 - - vmovdqu 0x60(%rsp),$T2 # I[1] - vpclmulqdq \$0x00,$Ii,$T1,$Z2 - vmovdqu 0x60-0x20($Xip),$Hkey # $Hkey^5 - vpxor $Z3,$Z2,$Z2 - vpunpckhqdq $T2,$T2,$Z3 - vpclmulqdq \$0x11,$Ii,$T1,$T1 - vpxor $T2,$Z3,$Z3 - vpxor $T3,$T1,$T1 - vpclmulqdq \$0x10,$HK,$Z0,$Z0 - vmovdqu 0x80-0x20($Xip),$HK - vpxor $Z1,$Z0,$Z0 - - vpxor 0x70(%rsp),$Xi,$Xi # accumulate I[0] - vpclmulqdq \$0x00,$Hkey,$T2,$Z1 - vmovdqu 0x70-0x20($Xip),$Ii # borrow $Ii for $Hkey^6 - vpunpckhqdq $Xi,$Xi,$T3 - vpxor $Z2,$Z1,$Z1 - vpclmulqdq \$0x11,$Hkey,$T2,$T2 - vpxor $Xi,$T3,$T3 - vpxor $T1,$T2,$T2 - vpclmulqdq \$0x00,$HK,$Z3,$Z3 - vpxor $Z0,$Z3,$Z0 - - vpclmulqdq \$0x00,$Ii,$Xi,$Z2 - vmovdqu 0x00-0x20($Xip),$Hkey # $Hkey^1 - vpunpckhqdq $inout5,$inout5,$T1 - vpclmulqdq \$0x11,$Ii,$Xi,$Xi - vpxor $inout5,$T1,$T1 - vpxor $Z1,$Z2,$Z1 - vpclmulqdq \$0x10,$HK,$T3,$T3 - vmovdqu 0x20-0x20($Xip),$HK - vpxor $T2,$Xi,$Z3 - vpxor $Z0,$T3,$Z2 - - vmovdqu 0x10-0x20($Xip),$Ii # borrow $Ii for $Hkey^2 - vpxor $Z1,$Z3,$T3 # aggregated Karatsuba post-processing - vpclmulqdq \$0x00,$Hkey,$inout5,$Z0 - vpxor $T3,$Z2,$Z2 - vpunpckhqdq $inout4,$inout4,$T2 - vpclmulqdq \$0x11,$Hkey,$inout5,$inout5 - vpxor $inout4,$T2,$T2 - vpslldq \$8,$Z2,$T3 - vpclmulqdq \$0x00,$HK,$T1,$T1 - vpxor $T3,$Z1,$Xi - vpsrldq \$8,$Z2,$Z2 - vpxor $Z2,$Z3,$Z3 - - vpclmulqdq \$0x00,$Ii,$inout4,$Z1 - vmovdqu 0x30-0x20($Xip),$Hkey # $Hkey^3 - vpxor $Z0,$Z1,$Z1 - vpunpckhqdq $inout3,$inout3,$T3 - vpclmulqdq \$0x11,$Ii,$inout4,$inout4 - vpxor $inout3,$T3,$T3 - vpxor $inout5,$inout4,$inout4 - vpalignr \$8,$Xi,$Xi,$inout5 # 1st phase - vpclmulqdq \$0x10,$HK,$T2,$T2 - vmovdqu 0x50-0x20($Xip),$HK - vpxor $T1,$T2,$T2 - - vpclmulqdq \$0x00,$Hkey,$inout3,$Z0 - vmovdqu 0x40-0x20($Xip),$Ii # borrow $Ii for $Hkey^4 - vpxor $Z1,$Z0,$Z0 - vpunpckhqdq $inout2,$inout2,$T1 - vpclmulqdq \$0x11,$Hkey,$inout3,$inout3 - vpxor $inout2,$T1,$T1 - vpxor $inout4,$inout3,$inout3 - vxorps 0x10(%rsp),$Z3,$Z3 # accumulate $inout0 - vpclmulqdq \$0x00,$HK,$T3,$T3 - vpxor $T2,$T3,$T3 - - vpclmulqdq \$0x10,0x10($const),$Xi,$Xi - vxorps $inout5,$Xi,$Xi - - vpclmulqdq \$0x00,$Ii,$inout2,$Z1 - vmovdqu 0x60-0x20($Xip),$Hkey # $Hkey^5 - vpxor $Z0,$Z1,$Z1 - vpunpckhqdq $inout1,$inout1,$T2 - vpclmulqdq \$0x11,$Ii,$inout2,$inout2 - vpxor $inout1,$T2,$T2 - vpalignr \$8,$Xi,$Xi,$inout5 # 2nd phase - vpxor $inout3,$inout2,$inout2 - vpclmulqdq \$0x10,$HK,$T1,$T1 - vmovdqu 0x80-0x20($Xip),$HK - vpxor $T3,$T1,$T1 - - vxorps $Z3,$inout5,$inout5 - vpclmulqdq \$0x10,0x10($const),$Xi,$Xi - vxorps $inout5,$Xi,$Xi - - vpclmulqdq \$0x00,$Hkey,$inout1,$Z0 - vmovdqu 0x70-0x20($Xip),$Ii # borrow $Ii for $Hkey^6 - vpxor $Z1,$Z0,$Z0 - vpunpckhqdq $Xi,$Xi,$T3 - vpclmulqdq \$0x11,$Hkey,$inout1,$inout1 - vpxor $Xi,$T3,$T3 - vpxor $inout2,$inout1,$inout1 - vpclmulqdq \$0x00,$HK,$T2,$T2 - vpxor $T1,$T2,$T2 - - vpclmulqdq \$0x00,$Ii,$Xi,$Z1 - vpclmulqdq \$0x11,$Ii,$Xi,$Z3 - vpxor $Z0,$Z1,$Z1 - vpclmulqdq \$0x10,$HK,$T3,$Z2 - vpxor $inout1,$Z3,$Z3 - vpxor $T2,$Z2,$Z2 - - vpxor $Z1,$Z3,$Z0 # aggregated Karatsuba post-processing - vpxor $Z0,$Z2,$Z2 - vpslldq \$8,$Z2,$T1 - vmovdqu 0x10($const),$Hkey # .Lpoly - vpsrldq \$8,$Z2,$Z2 - vpxor $T1,$Z1,$Xi - vpxor $Z2,$Z3,$Z3 - - vpalignr \$8,$Xi,$Xi,$T2 # 1st phase - vpclmulqdq \$0x10,$Hkey,$Xi,$Xi - vpxor $T2,$Xi,$Xi - - vpalignr \$8,$Xi,$Xi,$T2 # 2nd phase - vpclmulqdq \$0x10,$Hkey,$Xi,$Xi - vpxor $Z3,$T2,$T2 - vpxor $T2,$Xi,$Xi -___ -} -$code.=<<___; - vpshufb ($const),$Xi,$Xi # .Lbswap_mask - vmovdqu $Xi,-0x40($Xip) # output Xi - - vzeroupper -___ -$code.=<<___ if ($win64); - movaps -0xd8(%rax),%xmm6 - movaps -0xc8(%rax),%xmm7 - movaps -0xb8(%rax),%xmm8 - movaps -0xa8(%rax),%xmm9 - movaps -0x98(%rax),%xmm10 - movaps -0x88(%rax),%xmm11 - movaps -0x78(%rax),%xmm12 - movaps -0x68(%rax),%xmm13 - movaps -0x58(%rax),%xmm14 - movaps -0x48(%rax),%xmm15 -___ -$code.=<<___; - mov -48(%rax),%r15 -.cfi_restore %r15 - mov -40(%rax),%r14 -.cfi_restore %r14 - mov -32(%rax),%r13 -.cfi_restore %r13 - mov -24(%rax),%r12 -.cfi_restore %r12 - mov -16(%rax),%rbp -.cfi_restore %rbp - mov -8(%rax),%rbx -.cfi_restore %rbx - lea (%rax),%rsp # restore %rsp -.cfi_def_cfa_register %rsp -.Lgcm_enc_abort: - mov $ret,%rax # return value - ret -.cfi_endproc -.size aesni_gcm_encrypt,.-aesni_gcm_encrypt -___ - -$code.=<<___; -.align 64 -.Lbswap_mask: - .byte 15,14,13,12,11,10,9,8,7,6,5,4,3,2,1,0 -.Lpoly: - .byte 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0xc2 -.Lone_msb: - .byte 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1 -.Ltwo_lsb: - .byte 2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 -.Lone_lsb: - .byte 1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 -.asciz "AES-NI GCM module for x86_64, CRYPTOGAMS by " -.align 64 -___ -if ($win64) { -$rec="%rcx"; -$frame="%rdx"; -$context="%r8"; -$disp="%r9"; - -$code.=<<___ -.extern __imp_RtlVirtualUnwind -.type gcm_se_handler,\@abi-omnipotent -.align 16 -gcm_se_handler: - push %rsi - push %rdi - push %rbx - push %rbp - push %r12 - push %r13 - push %r14 - push %r15 - pushfq - sub \$64,%rsp - - mov 120($context),%rax # pull context->Rax - mov 248($context),%rbx # pull context->Rip - - mov 8($disp),%rsi # disp->ImageBase - mov 56($disp),%r11 # disp->HandlerData - - mov 0(%r11),%r10d # HandlerData[0] - lea (%rsi,%r10),%r10 # prologue label - cmp %r10,%rbx # context->RipRsp - - mov 4(%r11),%r10d # HandlerData[1] - lea (%rsi,%r10),%r10 # epilogue label - cmp %r10,%rbx # context->Rip>=epilogue label - jae .Lcommon_seh_tail - - mov 120($context),%rax # pull context->Rax - - mov -48(%rax),%r15 - mov -40(%rax),%r14 - mov -32(%rax),%r13 - mov -24(%rax),%r12 - mov -16(%rax),%rbp - mov -8(%rax),%rbx - mov %r15,240($context) - mov %r14,232($context) - mov %r13,224($context) - mov %r12,216($context) - mov %rbp,160($context) - mov %rbx,144($context) - - lea -0xd8(%rax),%rsi # %xmm save area - lea 512($context),%rdi # & context.Xmm6 - mov \$20,%ecx # 10*sizeof(%xmm0)/sizeof(%rax) - .long 0xa548f3fc # cld; rep movsq - -.Lcommon_seh_tail: - mov 8(%rax),%rdi - mov 16(%rax),%rsi - mov %rax,152($context) # restore context->Rsp - mov %rsi,168($context) # restore context->Rsi - mov %rdi,176($context) # restore context->Rdi - - mov 40($disp),%rdi # disp->ContextRecord - mov $context,%rsi # context - mov \$154,%ecx # sizeof(CONTEXT) - .long 0xa548f3fc # cld; rep movsq - - mov $disp,%rsi - xor %rcx,%rcx # arg1, UNW_FLAG_NHANDLER - mov 8(%rsi),%rdx # arg2, disp->ImageBase - mov 0(%rsi),%r8 # arg3, disp->ControlPc - mov 16(%rsi),%r9 # arg4, disp->FunctionEntry - mov 40(%rsi),%r10 # disp->ContextRecord - lea 56(%rsi),%r11 # &disp->HandlerData - lea 24(%rsi),%r12 # &disp->EstablisherFrame - mov %r10,32(%rsp) # arg5 - mov %r11,40(%rsp) # arg6 - mov %r12,48(%rsp) # arg7 - mov %rcx,56(%rsp) # arg8, (NULL) - call *__imp_RtlVirtualUnwind(%rip) - - mov \$1,%eax # ExceptionContinueSearch - add \$64,%rsp - popfq - pop %r15 - pop %r14 - pop %r13 - pop %r12 - pop %rbp - pop %rbx - pop %rdi - pop %rsi - ret -.size gcm_se_handler,.-gcm_se_handler - -.section .pdata -.align 4 - .rva .LSEH_begin_aesni_gcm_decrypt - .rva .LSEH_end_aesni_gcm_decrypt - .rva .LSEH_gcm_dec_info - - .rva .LSEH_begin_aesni_gcm_encrypt - .rva .LSEH_end_aesni_gcm_encrypt - .rva .LSEH_gcm_enc_info -.section .xdata -.align 8 -.LSEH_gcm_dec_info: - .byte 9,0,0,0 - .rva gcm_se_handler - .rva .Lgcm_dec_body,.Lgcm_dec_abort -.LSEH_gcm_enc_info: - .byte 9,0,0,0 - .rva gcm_se_handler - .rva .Lgcm_enc_body,.Lgcm_enc_abort -___ -} -}}} else {{{ -$code=<<___; # assembler is too old -.text - -.globl aesni_gcm_encrypt -.type aesni_gcm_encrypt,\@abi-omnipotent -aesni_gcm_encrypt: -.cfi_startproc - xor %eax,%eax - ret -.cfi_endproc -.size aesni_gcm_encrypt,.-aesni_gcm_encrypt - -.globl aesni_gcm_decrypt -.type aesni_gcm_decrypt,\@abi-omnipotent -aesni_gcm_decrypt: -.cfi_startproc - xor %eax,%eax - ret -.cfi_endproc -.size aesni_gcm_decrypt,.-aesni_gcm_decrypt -___ -}}} - -$code =~ s/\`([^\`]*)\`/eval($1)/gem; - -print $code; - -close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/modes/asm/ghash-alpha.pl b/crypto/modes/asm/ghash-alpha.pl deleted file mode 100644 index c350e9015550ea01973bf1ea18e3e904b901cfcd..0000000000000000000000000000000000000000 --- a/crypto/modes/asm/ghash-alpha.pl +++ /dev/null @@ -1,467 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2010-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - -# -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# ==================================================================== -# -# March 2010 -# -# The module implements "4-bit" GCM GHASH function and underlying -# single multiplication operation in GF(2^128). "4-bit" means that it -# uses 256 bytes per-key table [+128 bytes shared table]. Even though -# loops are aggressively modulo-scheduled in respect to references to -# Htbl and Z.hi updates for 8 cycles per byte, measured performance is -# ~12 cycles per processed byte on 21264 CPU. It seems to be a dynamic -# scheduling "glitch," because uprofile(1) indicates uniform sample -# distribution, as if all instruction bundles execute in 1.5 cycles. -# Meaning that it could have been even faster, yet 12 cycles is ~60% -# better than gcc-generated code and ~80% than code generated by vendor -# compiler. - -$cnt="v0"; # $0 -$t0="t0"; -$t1="t1"; -$t2="t2"; -$Thi0="t3"; # $4 -$Tlo0="t4"; -$Thi1="t5"; -$Tlo1="t6"; -$rem="t7"; # $8 -################# -$Xi="a0"; # $16, input argument block -$Htbl="a1"; -$inp="a2"; -$len="a3"; -$nlo="a4"; # $20 -$nhi="a5"; -$Zhi="t8"; -$Zlo="t9"; -$Xhi="t10"; # $24 -$Xlo="t11"; -$remp="t12"; -$rem_4bit="AT"; # $28 - -{ my $N; - sub loop() { - - $N++; -$code.=<<___; -.align 4 - extbl $Xlo,7,$nlo - and $nlo,0xf0,$nhi - sll $nlo,4,$nlo - and $nlo,0xf0,$nlo - - addq $nlo,$Htbl,$nlo - ldq $Zlo,8($nlo) - addq $nhi,$Htbl,$nhi - ldq $Zhi,0($nlo) - - and $Zlo,0x0f,$remp - sll $Zhi,60,$t0 - lda $cnt,6(zero) - extbl $Xlo,6,$nlo - - ldq $Tlo1,8($nhi) - s8addq $remp,$rem_4bit,$remp - ldq $Thi1,0($nhi) - srl $Zlo,4,$Zlo - - ldq $rem,0($remp) - srl $Zhi,4,$Zhi - xor $t0,$Zlo,$Zlo - and $nlo,0xf0,$nhi - - xor $Tlo1,$Zlo,$Zlo - sll $nlo,4,$nlo - xor $Thi1,$Zhi,$Zhi - and $nlo,0xf0,$nlo - - addq $nlo,$Htbl,$nlo - ldq $Tlo0,8($nlo) - addq $nhi,$Htbl,$nhi - ldq $Thi0,0($nlo) - -.Looplo$N: - and $Zlo,0x0f,$remp - sll $Zhi,60,$t0 - subq $cnt,1,$cnt - srl $Zlo,4,$Zlo - - ldq $Tlo1,8($nhi) - xor $rem,$Zhi,$Zhi - ldq $Thi1,0($nhi) - s8addq $remp,$rem_4bit,$remp - - ldq $rem,0($remp) - srl $Zhi,4,$Zhi - xor $t0,$Zlo,$Zlo - extbl $Xlo,$cnt,$nlo - - and $nlo,0xf0,$nhi - xor $Thi0,$Zhi,$Zhi - xor $Tlo0,$Zlo,$Zlo - sll $nlo,4,$nlo - - - and $Zlo,0x0f,$remp - sll $Zhi,60,$t0 - and $nlo,0xf0,$nlo - srl $Zlo,4,$Zlo - - s8addq $remp,$rem_4bit,$remp - xor $rem,$Zhi,$Zhi - addq $nlo,$Htbl,$nlo - addq $nhi,$Htbl,$nhi - - ldq $rem,0($remp) - srl $Zhi,4,$Zhi - ldq $Tlo0,8($nlo) - xor $t0,$Zlo,$Zlo - - xor $Tlo1,$Zlo,$Zlo - xor $Thi1,$Zhi,$Zhi - ldq $Thi0,0($nlo) - bne $cnt,.Looplo$N - - - and $Zlo,0x0f,$remp - sll $Zhi,60,$t0 - lda $cnt,7(zero) - srl $Zlo,4,$Zlo - - ldq $Tlo1,8($nhi) - xor $rem,$Zhi,$Zhi - ldq $Thi1,0($nhi) - s8addq $remp,$rem_4bit,$remp - - ldq $rem,0($remp) - srl $Zhi,4,$Zhi - xor $t0,$Zlo,$Zlo - extbl $Xhi,$cnt,$nlo - - and $nlo,0xf0,$nhi - xor $Thi0,$Zhi,$Zhi - xor $Tlo0,$Zlo,$Zlo - sll $nlo,4,$nlo - - and $Zlo,0x0f,$remp - sll $Zhi,60,$t0 - and $nlo,0xf0,$nlo - srl $Zlo,4,$Zlo - - s8addq $remp,$rem_4bit,$remp - xor $rem,$Zhi,$Zhi - addq $nlo,$Htbl,$nlo - addq $nhi,$Htbl,$nhi - - ldq $rem,0($remp) - srl $Zhi,4,$Zhi - ldq $Tlo0,8($nlo) - xor $t0,$Zlo,$Zlo - - xor $Tlo1,$Zlo,$Zlo - xor $Thi1,$Zhi,$Zhi - ldq $Thi0,0($nlo) - unop - - -.Loophi$N: - and $Zlo,0x0f,$remp - sll $Zhi,60,$t0 - subq $cnt,1,$cnt - srl $Zlo,4,$Zlo - - ldq $Tlo1,8($nhi) - xor $rem,$Zhi,$Zhi - ldq $Thi1,0($nhi) - s8addq $remp,$rem_4bit,$remp - - ldq $rem,0($remp) - srl $Zhi,4,$Zhi - xor $t0,$Zlo,$Zlo - extbl $Xhi,$cnt,$nlo - - and $nlo,0xf0,$nhi - xor $Thi0,$Zhi,$Zhi - xor $Tlo0,$Zlo,$Zlo - sll $nlo,4,$nlo - - - and $Zlo,0x0f,$remp - sll $Zhi,60,$t0 - and $nlo,0xf0,$nlo - srl $Zlo,4,$Zlo - - s8addq $remp,$rem_4bit,$remp - xor $rem,$Zhi,$Zhi - addq $nlo,$Htbl,$nlo - addq $nhi,$Htbl,$nhi - - ldq $rem,0($remp) - srl $Zhi,4,$Zhi - ldq $Tlo0,8($nlo) - xor $t0,$Zlo,$Zlo - - xor $Tlo1,$Zlo,$Zlo - xor $Thi1,$Zhi,$Zhi - ldq $Thi0,0($nlo) - bne $cnt,.Loophi$N - - - and $Zlo,0x0f,$remp - sll $Zhi,60,$t0 - srl $Zlo,4,$Zlo - - ldq $Tlo1,8($nhi) - xor $rem,$Zhi,$Zhi - ldq $Thi1,0($nhi) - s8addq $remp,$rem_4bit,$remp - - ldq $rem,0($remp) - srl $Zhi,4,$Zhi - xor $t0,$Zlo,$Zlo - - xor $Tlo0,$Zlo,$Zlo - xor $Thi0,$Zhi,$Zhi - - and $Zlo,0x0f,$remp - sll $Zhi,60,$t0 - srl $Zlo,4,$Zlo - - s8addq $remp,$rem_4bit,$remp - xor $rem,$Zhi,$Zhi - - ldq $rem,0($remp) - srl $Zhi,4,$Zhi - xor $Tlo1,$Zlo,$Zlo - xor $Thi1,$Zhi,$Zhi - xor $t0,$Zlo,$Zlo - xor $rem,$Zhi,$Zhi -___ -}} - -$code=<<___; -#ifdef __linux__ -#include -#else -#include -#include -#endif - -.text - -.set noat -.set noreorder -.globl gcm_gmult_4bit -.align 4 -.ent gcm_gmult_4bit -gcm_gmult_4bit: - .frame sp,0,ra - .prologue 0 - - ldq $Xlo,8($Xi) - ldq $Xhi,0($Xi) - - bsr $t0,picmeup - nop -___ - - &loop(); - -$code.=<<___; - srl $Zlo,24,$t0 # byte swap - srl $Zlo,8,$t1 - - sll $Zlo,8,$t2 - sll $Zlo,24,$Zlo - zapnot $t0,0x11,$t0 - zapnot $t1,0x22,$t1 - - zapnot $Zlo,0x88,$Zlo - or $t0,$t1,$t0 - zapnot $t2,0x44,$t2 - - or $Zlo,$t0,$Zlo - srl $Zhi,24,$t0 - srl $Zhi,8,$t1 - - or $Zlo,$t2,$Zlo - sll $Zhi,8,$t2 - sll $Zhi,24,$Zhi - - srl $Zlo,32,$Xlo - sll $Zlo,32,$Zlo - - zapnot $t0,0x11,$t0 - zapnot $t1,0x22,$t1 - or $Zlo,$Xlo,$Xlo - - zapnot $Zhi,0x88,$Zhi - or $t0,$t1,$t0 - zapnot $t2,0x44,$t2 - - or $Zhi,$t0,$Zhi - or $Zhi,$t2,$Zhi - - srl $Zhi,32,$Xhi - sll $Zhi,32,$Zhi - - or $Zhi,$Xhi,$Xhi - stq $Xlo,8($Xi) - stq $Xhi,0($Xi) - - ret (ra) -.end gcm_gmult_4bit -___ - -$inhi="s0"; -$inlo="s1"; - -$code.=<<___; -.globl gcm_ghash_4bit -.align 4 -.ent gcm_ghash_4bit -gcm_ghash_4bit: - lda sp,-32(sp) - stq ra,0(sp) - stq s0,8(sp) - stq s1,16(sp) - .mask 0x04000600,-32 - .frame sp,32,ra - .prologue 0 - - ldq_u $inhi,0($inp) - ldq_u $Thi0,7($inp) - ldq_u $inlo,8($inp) - ldq_u $Tlo0,15($inp) - ldq $Xhi,0($Xi) - ldq $Xlo,8($Xi) - - bsr $t0,picmeup - nop - -.Louter: - extql $inhi,$inp,$inhi - extqh $Thi0,$inp,$Thi0 - or $inhi,$Thi0,$inhi - lda $inp,16($inp) - - extql $inlo,$inp,$inlo - extqh $Tlo0,$inp,$Tlo0 - or $inlo,$Tlo0,$inlo - subq $len,16,$len - - xor $Xlo,$inlo,$Xlo - xor $Xhi,$inhi,$Xhi -___ - - &loop(); - -$code.=<<___; - srl $Zlo,24,$t0 # byte swap - srl $Zlo,8,$t1 - - sll $Zlo,8,$t2 - sll $Zlo,24,$Zlo - zapnot $t0,0x11,$t0 - zapnot $t1,0x22,$t1 - - zapnot $Zlo,0x88,$Zlo - or $t0,$t1,$t0 - zapnot $t2,0x44,$t2 - - or $Zlo,$t0,$Zlo - srl $Zhi,24,$t0 - srl $Zhi,8,$t1 - - or $Zlo,$t2,$Zlo - sll $Zhi,8,$t2 - sll $Zhi,24,$Zhi - - srl $Zlo,32,$Xlo - sll $Zlo,32,$Zlo - beq $len,.Ldone - - zapnot $t0,0x11,$t0 - zapnot $t1,0x22,$t1 - or $Zlo,$Xlo,$Xlo - ldq_u $inhi,0($inp) - - zapnot $Zhi,0x88,$Zhi - or $t0,$t1,$t0 - zapnot $t2,0x44,$t2 - ldq_u $Thi0,7($inp) - - or $Zhi,$t0,$Zhi - or $Zhi,$t2,$Zhi - ldq_u $inlo,8($inp) - ldq_u $Tlo0,15($inp) - - srl $Zhi,32,$Xhi - sll $Zhi,32,$Zhi - - or $Zhi,$Xhi,$Xhi - br zero,.Louter - -.Ldone: - zapnot $t0,0x11,$t0 - zapnot $t1,0x22,$t1 - or $Zlo,$Xlo,$Xlo - - zapnot $Zhi,0x88,$Zhi - or $t0,$t1,$t0 - zapnot $t2,0x44,$t2 - - or $Zhi,$t0,$Zhi - or $Zhi,$t2,$Zhi - - srl $Zhi,32,$Xhi - sll $Zhi,32,$Zhi - - or $Zhi,$Xhi,$Xhi - - stq $Xlo,8($Xi) - stq $Xhi,0($Xi) - - .set noreorder - /*ldq ra,0(sp)*/ - ldq s0,8(sp) - ldq s1,16(sp) - lda sp,32(sp) - ret (ra) -.end gcm_ghash_4bit - -.align 4 -.ent picmeup -picmeup: - .frame sp,0,$t0 - .prologue 0 - br $rem_4bit,.Lpic -.Lpic: lda $rem_4bit,12($rem_4bit) - ret ($t0) -.end picmeup - nop -rem_4bit: - .long 0,0x0000<<16, 0,0x1C20<<16, 0,0x3840<<16, 0,0x2460<<16 - .long 0,0x7080<<16, 0,0x6CA0<<16, 0,0x48C0<<16, 0,0x54E0<<16 - .long 0,0xE100<<16, 0,0xFD20<<16, 0,0xD940<<16, 0,0xC560<<16 - .long 0,0x9180<<16, 0,0x8DA0<<16, 0,0xA9C0<<16, 0,0xB5E0<<16 -.ascii "GHASH for Alpha, CRYPTOGAMS by " -.align 4 - -___ -$output=pop and open STDOUT,">$output"; -print $code; -close STDOUT or die "error closing STDOUT: $!"; - diff --git a/crypto/modes/asm/ghash-armv4.pl b/crypto/modes/asm/ghash-armv4.pl deleted file mode 100644 index 044f86f143f91d2340a1d1962833f8fcfc9c27d3..0000000000000000000000000000000000000000 --- a/crypto/modes/asm/ghash-armv4.pl +++ /dev/null @@ -1,554 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2010-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - -# -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# ==================================================================== -# -# April 2010 -# -# The module implements "4-bit" GCM GHASH function and underlying -# single multiplication operation in GF(2^128). "4-bit" means that it -# uses 256 bytes per-key table [+32 bytes shared table]. There is no -# experimental performance data available yet. The only approximation -# that can be made at this point is based on code size. Inner loop is -# 32 instructions long and on single-issue core should execute in <40 -# cycles. Having verified that gcc 3.4 didn't unroll corresponding -# loop, this assembler loop body was found to be ~3x smaller than -# compiler-generated one... -# -# July 2010 -# -# Rescheduling for dual-issue pipeline resulted in 8.5% improvement on -# Cortex A8 core and ~25 cycles per processed byte (which was observed -# to be ~3 times faster than gcc-generated code:-) -# -# February 2011 -# -# Profiler-assisted and platform-specific optimization resulted in 7% -# improvement on Cortex A8 core and ~23.5 cycles per byte. -# -# March 2011 -# -# Add NEON implementation featuring polynomial multiplication, i.e. no -# lookup tables involved. On Cortex A8 it was measured to process one -# byte in 15 cycles or 55% faster than integer-only code. -# -# April 2014 -# -# Switch to multiplication algorithm suggested in paper referred -# below and combine it with reduction algorithm from x86 module. -# Performance improvement over previous version varies from 65% on -# Snapdragon S4 to 110% on Cortex A9. In absolute terms Cortex A8 -# processes one byte in 8.45 cycles, A9 - in 10.2, A15 - in 7.63, -# Snapdragon S4 - in 9.33. -# -# Câmara, D.; Gouvêa, C. P. L.; López, J. & Dahab, R.: Fast Software -# Polynomial Multiplication on ARM Processors using the NEON Engine. -# -# http://conradoplg.cryptoland.net/files/2010/12/mocrysen13.pdf - -# ==================================================================== -# Note about "528B" variant. In ARM case it makes lesser sense to -# implement it for following reasons: -# -# - performance improvement won't be anywhere near 50%, because 128- -# bit shift operation is neatly fused with 128-bit xor here, and -# "538B" variant would eliminate only 4-5 instructions out of 32 -# in the inner loop (meaning that estimated improvement is ~15%); -# - ARM-based systems are often embedded ones and extra memory -# consumption might be unappreciated (for so little improvement); -# -# Byte order [in]dependence. ========================================= -# -# Caller is expected to maintain specific *dword* order in Htable, -# namely with *least* significant dword of 128-bit value at *lower* -# address. This differs completely from C code and has everything to -# do with ldm instruction and order in which dwords are "consumed" by -# algorithm. *Byte* order within these dwords in turn is whatever -# *native* byte order on current platform. See gcm128.c for working -# example... - -# $output is the last argument if it looks like a file (it has an extension) -# $flavour is the first argument if it doesn't look like a file -$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; -$flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef; - -if ($flavour && $flavour ne "void") { - $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; - ( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or - ( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or - die "can't locate arm-xlate.pl"; - - open STDOUT,"| \"$^X\" $xlate $flavour \"$output\"" - or die "can't call $xlate: $!"; -} else { - $output and open STDOUT,">$output"; -} - -$Xi="r0"; # argument block -$Htbl="r1"; -$inp="r2"; -$len="r3"; - -$Zll="r4"; # variables -$Zlh="r5"; -$Zhl="r6"; -$Zhh="r7"; -$Tll="r8"; -$Tlh="r9"; -$Thl="r10"; -$Thh="r11"; -$nlo="r12"; -################# r13 is stack pointer -$nhi="r14"; -################# r15 is program counter - -$rem_4bit=$inp; # used in gcm_gmult_4bit -$cnt=$len; - -sub Zsmash() { - my $i=12; - my @args=@_; - for ($Zll,$Zlh,$Zhl,$Zhh) { - $code.=<<___; -#if __ARM_ARCH__>=7 && defined(__ARMEL__) - rev $_,$_ - str $_,[$Xi,#$i] -#elif defined(__ARMEB__) - str $_,[$Xi,#$i] -#else - mov $Tlh,$_,lsr#8 - strb $_,[$Xi,#$i+3] - mov $Thl,$_,lsr#16 - strb $Tlh,[$Xi,#$i+2] - mov $Thh,$_,lsr#24 - strb $Thl,[$Xi,#$i+1] - strb $Thh,[$Xi,#$i] -#endif -___ - $code.="\t".shift(@args)."\n"; - $i-=4; - } -} - -$code=<<___; -#include "arm_arch.h" - -#if defined(__thumb2__) || defined(__clang__) -.syntax unified -#define ldrplb ldrbpl -#define ldrneb ldrbne -#endif -#if defined(__thumb2__) -.thumb -#else -.code 32 -#endif - -.text - -.type rem_4bit,%object -.align 5 -rem_4bit: -.short 0x0000,0x1C20,0x3840,0x2460 -.short 0x7080,0x6CA0,0x48C0,0x54E0 -.short 0xE100,0xFD20,0xD940,0xC560 -.short 0x9180,0x8DA0,0xA9C0,0xB5E0 -.size rem_4bit,.-rem_4bit - -.type rem_4bit_get,%function -rem_4bit_get: -#if defined(__thumb2__) - adr $rem_4bit,rem_4bit -#else - sub $rem_4bit,pc,#8+32 @ &rem_4bit -#endif - b .Lrem_4bit_got - nop - nop -.size rem_4bit_get,.-rem_4bit_get - -.global gcm_ghash_4bit -.type gcm_ghash_4bit,%function -.align 4 -gcm_ghash_4bit: -#if defined(__thumb2__) - adr r12,rem_4bit -#else - sub r12,pc,#8+48 @ &rem_4bit -#endif - add $len,$inp,$len @ $len to point at the end - stmdb sp!,{r3-r11,lr} @ save $len/end too - - ldmia r12,{r4-r11} @ copy rem_4bit ... - stmdb sp!,{r4-r11} @ ... to stack - - ldrb $nlo,[$inp,#15] - ldrb $nhi,[$Xi,#15] -.Louter: - eor $nlo,$nlo,$nhi - and $nhi,$nlo,#0xf0 - and $nlo,$nlo,#0x0f - mov $cnt,#14 - - add $Zhh,$Htbl,$nlo,lsl#4 - ldmia $Zhh,{$Zll-$Zhh} @ load Htbl[nlo] - add $Thh,$Htbl,$nhi - ldrb $nlo,[$inp,#14] - - and $nhi,$Zll,#0xf @ rem - ldmia $Thh,{$Tll-$Thh} @ load Htbl[nhi] - add $nhi,$nhi,$nhi - eor $Zll,$Tll,$Zll,lsr#4 - ldrh $Tll,[sp,$nhi] @ rem_4bit[rem] - eor $Zll,$Zll,$Zlh,lsl#28 - ldrb $nhi,[$Xi,#14] - eor $Zlh,$Tlh,$Zlh,lsr#4 - eor $Zlh,$Zlh,$Zhl,lsl#28 - eor $Zhl,$Thl,$Zhl,lsr#4 - eor $Zhl,$Zhl,$Zhh,lsl#28 - eor $Zhh,$Thh,$Zhh,lsr#4 - eor $nlo,$nlo,$nhi - and $nhi,$nlo,#0xf0 - and $nlo,$nlo,#0x0f - eor $Zhh,$Zhh,$Tll,lsl#16 - -.Linner: - add $Thh,$Htbl,$nlo,lsl#4 - and $nlo,$Zll,#0xf @ rem - subs $cnt,$cnt,#1 - add $nlo,$nlo,$nlo - ldmia $Thh,{$Tll-$Thh} @ load Htbl[nlo] - eor $Zll,$Tll,$Zll,lsr#4 - eor $Zll,$Zll,$Zlh,lsl#28 - eor $Zlh,$Tlh,$Zlh,lsr#4 - eor $Zlh,$Zlh,$Zhl,lsl#28 - ldrh $Tll,[sp,$nlo] @ rem_4bit[rem] - eor $Zhl,$Thl,$Zhl,lsr#4 -#ifdef __thumb2__ - it pl -#endif - ldrplb $nlo,[$inp,$cnt] - eor $Zhl,$Zhl,$Zhh,lsl#28 - eor $Zhh,$Thh,$Zhh,lsr#4 - - add $Thh,$Htbl,$nhi - and $nhi,$Zll,#0xf @ rem - eor $Zhh,$Zhh,$Tll,lsl#16 @ ^= rem_4bit[rem] - add $nhi,$nhi,$nhi - ldmia $Thh,{$Tll-$Thh} @ load Htbl[nhi] - eor $Zll,$Tll,$Zll,lsr#4 -#ifdef __thumb2__ - it pl -#endif - ldrplb $Tll,[$Xi,$cnt] - eor $Zll,$Zll,$Zlh,lsl#28 - eor $Zlh,$Tlh,$Zlh,lsr#4 - ldrh $Tlh,[sp,$nhi] - eor $Zlh,$Zlh,$Zhl,lsl#28 - eor $Zhl,$Thl,$Zhl,lsr#4 - eor $Zhl,$Zhl,$Zhh,lsl#28 -#ifdef __thumb2__ - it pl -#endif - eorpl $nlo,$nlo,$Tll - eor $Zhh,$Thh,$Zhh,lsr#4 -#ifdef __thumb2__ - itt pl -#endif - andpl $nhi,$nlo,#0xf0 - andpl $nlo,$nlo,#0x0f - eor $Zhh,$Zhh,$Tlh,lsl#16 @ ^= rem_4bit[rem] - bpl .Linner - - ldr $len,[sp,#32] @ re-load $len/end - add $inp,$inp,#16 - mov $nhi,$Zll -___ - &Zsmash("cmp\t$inp,$len","\n". - "#ifdef __thumb2__\n". - " it ne\n". - "#endif\n". - " ldrneb $nlo,[$inp,#15]"); -$code.=<<___; - bne .Louter - - add sp,sp,#36 -#if __ARM_ARCH__>=5 - ldmia sp!,{r4-r11,pc} -#else - ldmia sp!,{r4-r11,lr} - tst lr,#1 - moveq pc,lr @ be binary compatible with V4, yet - bx lr @ interoperable with Thumb ISA:-) -#endif -.size gcm_ghash_4bit,.-gcm_ghash_4bit - -.global gcm_gmult_4bit -.type gcm_gmult_4bit,%function -gcm_gmult_4bit: - stmdb sp!,{r4-r11,lr} - ldrb $nlo,[$Xi,#15] - b rem_4bit_get -.Lrem_4bit_got: - and $nhi,$nlo,#0xf0 - and $nlo,$nlo,#0x0f - mov $cnt,#14 - - add $Zhh,$Htbl,$nlo,lsl#4 - ldmia $Zhh,{$Zll-$Zhh} @ load Htbl[nlo] - ldrb $nlo,[$Xi,#14] - - add $Thh,$Htbl,$nhi - and $nhi,$Zll,#0xf @ rem - ldmia $Thh,{$Tll-$Thh} @ load Htbl[nhi] - add $nhi,$nhi,$nhi - eor $Zll,$Tll,$Zll,lsr#4 - ldrh $Tll,[$rem_4bit,$nhi] @ rem_4bit[rem] - eor $Zll,$Zll,$Zlh,lsl#28 - eor $Zlh,$Tlh,$Zlh,lsr#4 - eor $Zlh,$Zlh,$Zhl,lsl#28 - eor $Zhl,$Thl,$Zhl,lsr#4 - eor $Zhl,$Zhl,$Zhh,lsl#28 - eor $Zhh,$Thh,$Zhh,lsr#4 - and $nhi,$nlo,#0xf0 - eor $Zhh,$Zhh,$Tll,lsl#16 - and $nlo,$nlo,#0x0f - -.Loop: - add $Thh,$Htbl,$nlo,lsl#4 - and $nlo,$Zll,#0xf @ rem - subs $cnt,$cnt,#1 - add $nlo,$nlo,$nlo - ldmia $Thh,{$Tll-$Thh} @ load Htbl[nlo] - eor $Zll,$Tll,$Zll,lsr#4 - eor $Zll,$Zll,$Zlh,lsl#28 - eor $Zlh,$Tlh,$Zlh,lsr#4 - eor $Zlh,$Zlh,$Zhl,lsl#28 - ldrh $Tll,[$rem_4bit,$nlo] @ rem_4bit[rem] - eor $Zhl,$Thl,$Zhl,lsr#4 -#ifdef __thumb2__ - it pl -#endif - ldrplb $nlo,[$Xi,$cnt] - eor $Zhl,$Zhl,$Zhh,lsl#28 - eor $Zhh,$Thh,$Zhh,lsr#4 - - add $Thh,$Htbl,$nhi - and $nhi,$Zll,#0xf @ rem - eor $Zhh,$Zhh,$Tll,lsl#16 @ ^= rem_4bit[rem] - add $nhi,$nhi,$nhi - ldmia $Thh,{$Tll-$Thh} @ load Htbl[nhi] - eor $Zll,$Tll,$Zll,lsr#4 - eor $Zll,$Zll,$Zlh,lsl#28 - eor $Zlh,$Tlh,$Zlh,lsr#4 - ldrh $Tll,[$rem_4bit,$nhi] @ rem_4bit[rem] - eor $Zlh,$Zlh,$Zhl,lsl#28 - eor $Zhl,$Thl,$Zhl,lsr#4 - eor $Zhl,$Zhl,$Zhh,lsl#28 - eor $Zhh,$Thh,$Zhh,lsr#4 -#ifdef __thumb2__ - itt pl -#endif - andpl $nhi,$nlo,#0xf0 - andpl $nlo,$nlo,#0x0f - eor $Zhh,$Zhh,$Tll,lsl#16 @ ^= rem_4bit[rem] - bpl .Loop -___ - &Zsmash(); -$code.=<<___; -#if __ARM_ARCH__>=5 - ldmia sp!,{r4-r11,pc} -#else - ldmia sp!,{r4-r11,lr} - tst lr,#1 - moveq pc,lr @ be binary compatible with V4, yet - bx lr @ interoperable with Thumb ISA:-) -#endif -.size gcm_gmult_4bit,.-gcm_gmult_4bit -___ -{ -my ($Xl,$Xm,$Xh,$IN)=map("q$_",(0..3)); -my ($t0,$t1,$t2,$t3)=map("q$_",(8..12)); -my ($Hlo,$Hhi,$Hhl,$k48,$k32,$k16)=map("d$_",(26..31)); - -sub clmul64x64 { -my ($r,$a,$b)=@_; -$code.=<<___; - vext.8 $t0#lo, $a, $a, #1 @ A1 - vmull.p8 $t0, $t0#lo, $b @ F = A1*B - vext.8 $r#lo, $b, $b, #1 @ B1 - vmull.p8 $r, $a, $r#lo @ E = A*B1 - vext.8 $t1#lo, $a, $a, #2 @ A2 - vmull.p8 $t1, $t1#lo, $b @ H = A2*B - vext.8 $t3#lo, $b, $b, #2 @ B2 - vmull.p8 $t3, $a, $t3#lo @ G = A*B2 - vext.8 $t2#lo, $a, $a, #3 @ A3 - veor $t0, $t0, $r @ L = E + F - vmull.p8 $t2, $t2#lo, $b @ J = A3*B - vext.8 $r#lo, $b, $b, #3 @ B3 - veor $t1, $t1, $t3 @ M = G + H - vmull.p8 $r, $a, $r#lo @ I = A*B3 - veor $t0#lo, $t0#lo, $t0#hi @ t0 = (L) (P0 + P1) << 8 - vand $t0#hi, $t0#hi, $k48 - vext.8 $t3#lo, $b, $b, #4 @ B4 - veor $t1#lo, $t1#lo, $t1#hi @ t1 = (M) (P2 + P3) << 16 - vand $t1#hi, $t1#hi, $k32 - vmull.p8 $t3, $a, $t3#lo @ K = A*B4 - veor $t2, $t2, $r @ N = I + J - veor $t0#lo, $t0#lo, $t0#hi - veor $t1#lo, $t1#lo, $t1#hi - veor $t2#lo, $t2#lo, $t2#hi @ t2 = (N) (P4 + P5) << 24 - vand $t2#hi, $t2#hi, $k16 - vext.8 $t0, $t0, $t0, #15 - veor $t3#lo, $t3#lo, $t3#hi @ t3 = (K) (P6 + P7) << 32 - vmov.i64 $t3#hi, #0 - vext.8 $t1, $t1, $t1, #14 - veor $t2#lo, $t2#lo, $t2#hi - vmull.p8 $r, $a, $b @ D = A*B - vext.8 $t3, $t3, $t3, #12 - vext.8 $t2, $t2, $t2, #13 - veor $t0, $t0, $t1 - veor $t2, $t2, $t3 - veor $r, $r, $t0 - veor $r, $r, $t2 -___ -} - -$code.=<<___; -#if __ARM_MAX_ARCH__>=7 -.arch armv7-a -.fpu neon - -.global gcm_init_neon -.type gcm_init_neon,%function -.align 4 -gcm_init_neon: - vld1.64 $IN#hi,[r1]! @ load H - vmov.i8 $t0,#0xe1 - vld1.64 $IN#lo,[r1] - vshl.i64 $t0#hi,#57 - vshr.u64 $t0#lo,#63 @ t0=0xc2....01 - vdup.8 $t1,$IN#hi[7] - vshr.u64 $Hlo,$IN#lo,#63 - vshr.s8 $t1,#7 @ broadcast carry bit - vshl.i64 $IN,$IN,#1 - vand $t0,$t0,$t1 - vorr $IN#hi,$Hlo @ H<<<=1 - veor $IN,$IN,$t0 @ twisted H - vstmia r0,{$IN} - - ret @ bx lr -.size gcm_init_neon,.-gcm_init_neon - -.global gcm_gmult_neon -.type gcm_gmult_neon,%function -.align 4 -gcm_gmult_neon: - vld1.64 $IN#hi,[$Xi]! @ load Xi - vld1.64 $IN#lo,[$Xi]! - vmov.i64 $k48,#0x0000ffffffffffff - vldmia $Htbl,{$Hlo-$Hhi} @ load twisted H - vmov.i64 $k32,#0x00000000ffffffff -#ifdef __ARMEL__ - vrev64.8 $IN,$IN -#endif - vmov.i64 $k16,#0x000000000000ffff - veor $Hhl,$Hlo,$Hhi @ Karatsuba pre-processing - mov $len,#16 - b .Lgmult_neon -.size gcm_gmult_neon,.-gcm_gmult_neon - -.global gcm_ghash_neon -.type gcm_ghash_neon,%function -.align 4 -gcm_ghash_neon: - vld1.64 $Xl#hi,[$Xi]! @ load Xi - vld1.64 $Xl#lo,[$Xi]! - vmov.i64 $k48,#0x0000ffffffffffff - vldmia $Htbl,{$Hlo-$Hhi} @ load twisted H - vmov.i64 $k32,#0x00000000ffffffff -#ifdef __ARMEL__ - vrev64.8 $Xl,$Xl -#endif - vmov.i64 $k16,#0x000000000000ffff - veor $Hhl,$Hlo,$Hhi @ Karatsuba pre-processing - -.Loop_neon: - vld1.64 $IN#hi,[$inp]! @ load inp - vld1.64 $IN#lo,[$inp]! -#ifdef __ARMEL__ - vrev64.8 $IN,$IN -#endif - veor $IN,$Xl @ inp^=Xi -.Lgmult_neon: -___ - &clmul64x64 ($Xl,$Hlo,"$IN#lo"); # H.lo·Xi.lo -$code.=<<___; - veor $IN#lo,$IN#lo,$IN#hi @ Karatsuba pre-processing -___ - &clmul64x64 ($Xm,$Hhl,"$IN#lo"); # (H.lo+H.hi)·(Xi.lo+Xi.hi) - &clmul64x64 ($Xh,$Hhi,"$IN#hi"); # H.hi·Xi.hi -$code.=<<___; - veor $Xm,$Xm,$Xl @ Karatsuba post-processing - veor $Xm,$Xm,$Xh - veor $Xl#hi,$Xl#hi,$Xm#lo - veor $Xh#lo,$Xh#lo,$Xm#hi @ Xh|Xl - 256-bit result - - @ equivalent of reduction_avx from ghash-x86_64.pl - vshl.i64 $t1,$Xl,#57 @ 1st phase - vshl.i64 $t2,$Xl,#62 - veor $t2,$t2,$t1 @ - vshl.i64 $t1,$Xl,#63 - veor $t2, $t2, $t1 @ - veor $Xl#hi,$Xl#hi,$t2#lo @ - veor $Xh#lo,$Xh#lo,$t2#hi - - vshr.u64 $t2,$Xl,#1 @ 2nd phase - veor $Xh,$Xh,$Xl - veor $Xl,$Xl,$t2 @ - vshr.u64 $t2,$t2,#6 - vshr.u64 $Xl,$Xl,#1 @ - veor $Xl,$Xl,$Xh @ - veor $Xl,$Xl,$t2 @ - - subs $len,#16 - bne .Loop_neon - -#ifdef __ARMEL__ - vrev64.8 $Xl,$Xl -#endif - sub $Xi,#16 - vst1.64 $Xl#hi,[$Xi]! @ write out Xi - vst1.64 $Xl#lo,[$Xi] - - ret @ bx lr -.size gcm_ghash_neon,.-gcm_ghash_neon -#endif -___ -} -$code.=<<___; -.asciz "GHASH for ARMv4/NEON, CRYPTOGAMS by " -.align 2 -___ - -foreach (split("\n",$code)) { - s/\`([^\`]*)\`/eval $1/geo; - - s/\bq([0-9]+)#(lo|hi)/sprintf "d%d",2*$1+($2 eq "hi")/geo or - s/\bret\b/bx lr/go or - s/\bbx\s+lr\b/.word\t0xe12fff1e/go; # make it possible to compile with -march=armv4 - - print $_,"\n"; -} -close STDOUT or die "error closing STDOUT: $!"; # enforce flush diff --git a/crypto/modes/asm/ghash-c64xplus.pl b/crypto/modes/asm/ghash-c64xplus.pl deleted file mode 100644 index ded2f779e669c3ca39e4e8e1fd0af4647adfbbb0..0000000000000000000000000000000000000000 --- a/crypto/modes/asm/ghash-c64xplus.pl +++ /dev/null @@ -1,246 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2012-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - -# -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# ==================================================================== -# -# December 2011 -# -# The module implements GCM GHASH function and underlying single -# multiplication operation in GF(2^128). Even though subroutines -# have _4bit suffix, they are not using any tables, but rely on -# hardware Galois Field Multiply support. Streamed GHASH processes -# byte in ~7 cycles, which is >6x faster than "4-bit" table-driven -# code compiled with TI's cl6x 6.0 with -mv6400+ -o2 flags. We are -# comparing apples vs. oranges, but compiler surely could have done -# better, because theoretical [though not necessarily achievable] -# estimate for "4-bit" table-driven implementation is ~12 cycles. - -$output = pop and open STDOUT,">$output"; - -($Xip,$Htable,$inp,$len)=("A4","B4","A6","B6"); # arguments - -($Z0,$Z1,$Z2,$Z3, $H0, $H1, $H2, $H3, - $H0x,$H1x,$H2x,$H3x)=map("A$_",(16..27)); -($H01u,$H01y,$H2u,$H3u, $H0y,$H1y,$H2y,$H3y, - $H0z,$H1z,$H2z,$H3z)=map("B$_",(16..27)); -($FF000000,$E10000)=("B30","B31"); -($xip,$x0,$x1,$xib)=map("B$_",(6..9)); # $xip zaps $len - $xia="A9"; -($rem,$res)=("B4","B5"); # $rem zaps $Htable - -$code.=<<___; - .text - - .if .ASSEMBLER_VERSION<7000000 - .asg 0,__TI_EABI__ - .endif - .if __TI_EABI__ - .asg gcm_gmult_1bit,_gcm_gmult_1bit - .asg gcm_gmult_4bit,_gcm_gmult_4bit - .asg gcm_ghash_4bit,_gcm_ghash_4bit - .endif - - .asg B3,RA - - .if 0 - .global _gcm_gmult_1bit -_gcm_gmult_1bit: - ADDAD $Htable,2,$Htable - .endif - .global _gcm_gmult_4bit -_gcm_gmult_4bit: - .asmfunc - LDDW *${Htable}[-1],$H1:$H0 ; H.lo - LDDW *${Htable}[-2],$H3:$H2 ; H.hi -|| MV $Xip,${xip} ; reassign Xi -|| MVK 15,B1 ; SPLOOPD constant - - MVK 0xE1,$E10000 -|| LDBU *++${xip}[15],$x1 ; Xi[15] - MVK 0xFF,$FF000000 -|| LDBU *--${xip},$x0 ; Xi[14] - SHL $E10000,16,$E10000 ; [pre-shifted] reduction polynomial - SHL $FF000000,24,$FF000000 ; upper byte mask -|| BNOP ghash_loop? -|| MVK 1,B0 ; take a single spin - - PACKH2 $H0,$H1,$xia ; pack H0' and H1's upper bytes - AND $H2,$FF000000,$H2u ; H2's upper byte - AND $H3,$FF000000,$H3u ; H3's upper byte -|| SHRU $H2u,8,$H2u - SHRU $H3u,8,$H3u -|| ZERO $Z1:$Z0 - SHRU2 $xia,8,$H01u -|| ZERO $Z3:$Z2 - .endasmfunc - - .global _gcm_ghash_4bit -_gcm_ghash_4bit: - .asmfunc - LDDW *${Htable}[-1],$H1:$H0 ; H.lo -|| SHRU $len,4,B0 ; reassign len - LDDW *${Htable}[-2],$H3:$H2 ; H.hi -|| MV $Xip,${xip} ; reassign Xi -|| MVK 15,B1 ; SPLOOPD constant - - MVK 0xE1,$E10000 -|| [B0] LDNDW *${inp}[1],$H1x:$H0x - MVK 0xFF,$FF000000 -|| [B0] LDNDW *${inp}++[2],$H3x:$H2x - SHL $E10000,16,$E10000 ; [pre-shifted] reduction polynomial -|| LDDW *${xip}[1],$Z1:$Z0 - SHL $FF000000,24,$FF000000 ; upper byte mask -|| LDDW *${xip}[0],$Z3:$Z2 - - PACKH2 $H0,$H1,$xia ; pack H0' and H1's upper bytes - AND $H2,$FF000000,$H2u ; H2's upper byte - AND $H3,$FF000000,$H3u ; H3's upper byte -|| SHRU $H2u,8,$H2u - SHRU $H3u,8,$H3u - SHRU2 $xia,8,$H01u - -|| [B0] XOR $H0x,$Z0,$Z0 ; Xi^=inp -|| [B0] XOR $H1x,$Z1,$Z1 - .if .LITTLE_ENDIAN - [B0] XOR $H2x,$Z2,$Z2 -|| [B0] XOR $H3x,$Z3,$Z3 -|| [B0] SHRU $Z1,24,$xia ; Xi[15], avoid cross-path stall - STDW $Z1:$Z0,*${xip}[1] -|| [B0] SHRU $Z1,16,$x0 ; Xi[14] -|| [B0] ZERO $Z1:$Z0 - .else - [B0] XOR $H2x,$Z2,$Z2 -|| [B0] XOR $H3x,$Z3,$Z3 -|| [B0] MV $Z0,$xia ; Xi[15], avoid cross-path stall - STDW $Z1:$Z0,*${xip}[1] -|| [B0] SHRU $Z0,8,$x0 ; Xi[14] -|| [B0] ZERO $Z1:$Z0 - .endif - STDW $Z3:$Z2,*${xip}[0] -|| [B0] ZERO $Z3:$Z2 -|| [B0] MV $xia,$x1 - [B0] ADDK 14,${xip} - -ghash_loop?: - SPLOOPD 6 ; 6*16+7 -|| MVC B1,ILC -|| [B0] SUB B0,1,B0 -|| ZERO A0 -|| ADD $x1,$x1,$xib ; SHL $x1,1,$xib -|| SHL $x1,1,$xia -___ - -########____________________________ -# 0 D2. M1 M2 | -# 1 M1 | -# 2 M1 M2 | -# 3 D1. M1 M2 | -# 4 S1. L1 | -# 5 S2 S1x L1 D2 L2 |____________________________ -# 6/0 L1 S1 L2 S2x |D2. M1 M2 | -# 7/1 L1 S1 D1x S2 M2 | M1 | -# 8/2 S1 L1x S2 | M1 M2 | -# 9/3 S1 L1x | D1. M1 M2 | -# 10/4 D1x | S1. L1 | -# 11/5 |S2 S1x L1 D2 L2 |____________ -# 12/6/0 D1x __| L1 S1 L2 S2x |D2. .... -# 7/1 L1 S1 D1x S2 M2 | .... -# 8/2 S1 L1x S2 | .... -#####... ................|............ -$code.=<<___; - XORMPY $H0,$xia,$H0x ; 0 ; H·(Xi[i]<<1) -|| XORMPY $H01u,$xib,$H01y -|| [A0] LDBU *--${xip},$x0 - XORMPY $H1,$xia,$H1x ; 1 - XORMPY $H2,$xia,$H2x ; 2 -|| XORMPY $H2u,$xib,$H2y - XORMPY $H3,$xia,$H3x ; 3 -|| XORMPY $H3u,$xib,$H3y -||[!A0] MVK.D 15,A0 ; *--${xip} counter - XOR.L $H0x,$Z0,$Z0 ; 4 ; Z^=H·(Xi[i]<<1) -|| [A0] SUB.S A0,1,A0 - XOR.L $H1x,$Z1,$Z1 ; 5 -|| AND.D $H01y,$FF000000,$H0z -|| SWAP2.L $H01y,$H1y ; ; SHL $H01y,16,$H1y -|| SHL $x0,1,$xib -|| SHL $x0,1,$xia - - XOR.L $H2x,$Z2,$Z2 ; 6/0 ; [0,0] in epilogue -|| SHL $Z0,1,$rem ; ; rem=Z<<1 -|| SHRMB.S $Z1,$Z0,$Z0 ; ; Z>>=8 -|| AND.L $H1y,$FF000000,$H1z - XOR.L $H3x,$Z3,$Z3 ; 7/1 -|| SHRMB.S $Z2,$Z1,$Z1 -|| XOR.D $H0z,$Z0,$Z0 ; merge upper byte products -|| AND.S $H2y,$FF000000,$H2z -|| XORMPY $E10000,$rem,$res ; ; implicit rem&0x1FE - XOR.L $H1z,$Z1,$Z1 ; 8/2 -|| SHRMB.S $Z3,$Z2,$Z2 -|| AND.S $H3y,$FF000000,$H3z - XOR.L $H2z,$Z2,$Z2 ; 9/3 -|| SHRU $Z3,8,$Z3 - XOR.D $H3z,$Z3,$Z3 ; 10/4 - NOP ; 11/5 - - SPKERNEL 0,2 -|| XOR.D $res,$Z3,$Z3 ; 12/6/0; Z^=res - - ; input pre-fetch is possible where D1 slot is available... - [B0] LDNDW *${inp}[1],$H1x:$H0x ; 8/- - [B0] LDNDW *${inp}++[2],$H3x:$H2x ; 9/- - NOP ; 10/- - .if .LITTLE_ENDIAN - SWAP2 $Z0,$Z1 ; 11/- -|| SWAP4 $Z1,$Z0 - SWAP4 $Z1,$Z1 ; 12/- -|| SWAP2 $Z0,$Z0 - SWAP2 $Z2,$Z3 -|| SWAP4 $Z3,$Z2 -||[!B0] BNOP RA - SWAP4 $Z3,$Z3 -|| SWAP2 $Z2,$Z2 -|| [B0] BNOP ghash_loop? - [B0] XOR $H0x,$Z0,$Z0 ; Xi^=inp -|| [B0] XOR $H1x,$Z1,$Z1 - [B0] XOR $H2x,$Z2,$Z2 -|| [B0] XOR $H3x,$Z3,$Z3 -|| [B0] SHRU $Z1,24,$xia ; Xi[15], avoid cross-path stall - STDW $Z1:$Z0,*${xip}[1] -|| [B0] SHRU $Z1,16,$x0 ; Xi[14] -|| [B0] ZERO $Z1:$Z0 - .else - [!B0] BNOP RA ; 11/- - [B0] BNOP ghash_loop? ; 12/- - [B0] XOR $H0x,$Z0,$Z0 ; Xi^=inp -|| [B0] XOR $H1x,$Z1,$Z1 - [B0] XOR $H2x,$Z2,$Z2 -|| [B0] XOR $H3x,$Z3,$Z3 -|| [B0] MV $Z0,$xia ; Xi[15], avoid cross-path stall - STDW $Z1:$Z0,*${xip}[1] -|| [B0] SHRU $Z0,8,$x0 ; Xi[14] -|| [B0] ZERO $Z1:$Z0 - .endif - STDW $Z3:$Z2,*${xip}[0] -|| [B0] ZERO $Z3:$Z2 -|| [B0] MV $xia,$x1 - [B0] ADDK 14,${xip} - .endasmfunc - - .sect .const - .cstring "GHASH for C64x+, CRYPTOGAMS by " - .align 4 -___ - -print $code; -close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/modes/asm/ghash-ia64.pl b/crypto/modes/asm/ghash-ia64.pl deleted file mode 100755 index 74b88176b8424c3ebd61921fc6748378069ab6d1..0000000000000000000000000000000000000000 --- a/crypto/modes/asm/ghash-ia64.pl +++ /dev/null @@ -1,470 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2010-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - - -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# ==================================================================== -# -# March 2010 -# -# The module implements "4-bit" GCM GHASH function and underlying -# single multiplication operation in GF(2^128). "4-bit" means that it -# uses 256 bytes per-key table [+128 bytes shared table]. Streamed -# GHASH performance was measured to be 6.67 cycles per processed byte -# on Itanium 2, which is >90% better than Microsoft compiler generated -# code. To anchor to something else sha1-ia64.pl module processes one -# byte in 5.7 cycles. On Itanium GHASH should run at ~8.5 cycles per -# byte. - -# September 2010 -# -# It was originally thought that it makes lesser sense to implement -# "528B" variant on Itanium 2 for following reason. Because number of -# functional units is naturally limited, it appeared impossible to -# implement "528B" loop in 4 cycles, only in 5. This would mean that -# theoretically performance improvement couldn't be more than 20%. -# But occasionally you prove yourself wrong:-) I figured out a way to -# fold couple of instructions and having freed yet another instruction -# slot by unrolling the loop... Resulting performance is 4.45 cycles -# per processed byte and 50% better than "256B" version. On original -# Itanium performance should remain the same as the "256B" version, -# i.e. ~8.5 cycles. - -$output=pop and (open STDOUT,">$output" or die "can't open $output: $!"); - -if ($^O eq "hpux") { - $ADDP="addp4"; - for (@ARGV) { $ADDP="add" if (/[\+DD|\-mlp]64/); } -} else { $ADDP="add"; } -for (@ARGV) { $big_endian=1 if (/\-DB_ENDIAN/); - $big_endian=0 if (/\-DL_ENDIAN/); } -if (!defined($big_endian)) - { $big_endian=(unpack('L',pack('N',1))==1); } - -sub loop() { -my $label=shift; -my ($p16,$p17)=(shift)?("p63","p63"):("p16","p17"); # mask references to inp - -# Loop is scheduled for 6 ticks on Itanium 2 and 8 on Itanium, i.e. -# in scalable manner;-) Naturally assuming data in L1 cache... -# Special note about 'dep' instruction, which is used to construct -# &rem_4bit[Zlo&0xf]. It works, because rem_4bit is aligned at 128 -# bytes boundary and lower 7 bits of its address are guaranteed to -# be zero. -$code.=<<___; -$label: -{ .mfi; (p18) ld8 Hlo=[Hi[1]],-8 - (p19) dep rem=Zlo,rem_4bitp,3,4 } -{ .mfi; (p19) xor Zhi=Zhi,Hhi - ($p17) xor xi[1]=xi[1],in[1] };; -{ .mfi; (p18) ld8 Hhi=[Hi[1]] - (p19) shrp Zlo=Zhi,Zlo,4 } -{ .mfi; (p19) ld8 rem=[rem] - (p18) and Hi[1]=mask0xf0,xi[2] };; -{ .mmi; ($p16) ld1 in[0]=[inp],-1 - (p18) xor Zlo=Zlo,Hlo - (p19) shr.u Zhi=Zhi,4 } -{ .mib; (p19) xor Hhi=Hhi,rem - (p18) add Hi[1]=Htbl,Hi[1] };; - -{ .mfi; (p18) ld8 Hlo=[Hi[1]],-8 - (p18) dep rem=Zlo,rem_4bitp,3,4 } -{ .mfi; (p17) shladd Hi[0]=xi[1],4,r0 - (p18) xor Zhi=Zhi,Hhi };; -{ .mfi; (p18) ld8 Hhi=[Hi[1]] - (p18) shrp Zlo=Zhi,Zlo,4 } -{ .mfi; (p18) ld8 rem=[rem] - (p17) and Hi[0]=mask0xf0,Hi[0] };; -{ .mmi; (p16) ld1 xi[0]=[Xi],-1 - (p18) xor Zlo=Zlo,Hlo - (p18) shr.u Zhi=Zhi,4 } -{ .mib; (p18) xor Hhi=Hhi,rem - (p17) add Hi[0]=Htbl,Hi[0] - br.ctop.sptk $label };; -___ -} - -$code=<<___; -.explicit -.text - -prevfs=r2; prevlc=r3; prevpr=r8; -mask0xf0=r21; -rem=r22; rem_4bitp=r23; -Xi=r24; Htbl=r25; -inp=r26; end=r27; -Hhi=r28; Hlo=r29; -Zhi=r30; Zlo=r31; - -.align 128 -.skip 16 // aligns loop body -.global gcm_gmult_4bit# -.proc gcm_gmult_4bit# -gcm_gmult_4bit: - .prologue -{ .mmi; .save ar.pfs,prevfs - alloc prevfs=ar.pfs,2,6,0,8 - $ADDP Xi=15,in0 // &Xi[15] - mov rem_4bitp=ip } -{ .mii; $ADDP Htbl=8,in1 // &Htbl[0].lo - .save ar.lc,prevlc - mov prevlc=ar.lc - .save pr,prevpr - mov prevpr=pr };; - - .body - .rotr in[3],xi[3],Hi[2] - -{ .mib; ld1 xi[2]=[Xi],-1 // Xi[15] - mov mask0xf0=0xf0 - brp.loop.imp .Loop1,.Lend1-16};; -{ .mmi; ld1 xi[1]=[Xi],-1 // Xi[14] - };; -{ .mii; shladd Hi[1]=xi[2],4,r0 - mov pr.rot=0x7<<16 - mov ar.lc=13 };; -{ .mii; and Hi[1]=mask0xf0,Hi[1] - mov ar.ec=3 - xor Zlo=Zlo,Zlo };; -{ .mii; add Hi[1]=Htbl,Hi[1] // &Htbl[nlo].lo - add rem_4bitp=rem_4bit#-gcm_gmult_4bit#,rem_4bitp - xor Zhi=Zhi,Zhi };; -___ - &loop (".Loop1",1); -$code.=<<___; -.Lend1: -{ .mib; xor Zhi=Zhi,Hhi };; // modulo-scheduling artefact -{ .mib; mux1 Zlo=Zlo,\@rev };; -{ .mib; mux1 Zhi=Zhi,\@rev };; -{ .mmi; add Hlo=9,Xi;; // ;; is here to prevent - add Hhi=1,Xi };; // pipeline flush on Itanium -{ .mib; st8 [Hlo]=Zlo - mov pr=prevpr,0x1ffff };; -{ .mib; st8 [Hhi]=Zhi - mov ar.lc=prevlc - br.ret.sptk.many b0 };; -.endp gcm_gmult_4bit# -___ - -###################################################################### -# "528B" (well, "512B" actually) streamed GHASH -# -$Xip="in0"; -$Htbl="in1"; -$inp="in2"; -$len="in3"; -$rem_8bit="loc0"; -$mask0xff="loc1"; -($sum,$rum) = $big_endian ? ("nop.m","nop.m") : ("sum","rum"); - -sub load_htable() { - for (my $i=0;$i<8;$i++) { - $code.=<<___; -{ .mmi; ld8 r`16+2*$i+1`=[r8],16 // Htable[$i].hi - ld8 r`16+2*$i`=[r9],16 } // Htable[$i].lo -{ .mmi; ldf8 f`32+2*$i+1`=[r10],16 // Htable[`8+$i`].hi - ldf8 f`32+2*$i`=[r11],16 // Htable[`8+$i`].lo -___ - $code.=shift if (($i+$#_)==7); - $code.="\t};;\n" - } -} - -$code.=<<___; -prevsp=r3; - -.align 32 -.skip 16 // aligns loop body -.global gcm_ghash_4bit# -.proc gcm_ghash_4bit# -gcm_ghash_4bit: - .prologue -{ .mmi; .save ar.pfs,prevfs - alloc prevfs=ar.pfs,4,2,0,0 - .vframe prevsp - mov prevsp=sp - mov $rem_8bit=ip };; - .body -{ .mfi; $ADDP r8=0+0,$Htbl - $ADDP r9=0+8,$Htbl } -{ .mfi; $ADDP r10=128+0,$Htbl - $ADDP r11=128+8,$Htbl };; -___ - &load_htable( - " $ADDP $Xip=15,$Xip", # &Xi[15] - " $ADDP $len=$len,$inp", # &inp[len] - " $ADDP $inp=15,$inp", # &inp[15] - " mov $mask0xff=0xff", - " add sp=-512,sp", - " andcm sp=sp,$mask0xff", # align stack frame - " add r14=0,sp", - " add r15=8,sp"); -$code.=<<___; -{ .mmi; $sum 1<<1 // go big-endian - add r8=256+0,sp - add r9=256+8,sp } -{ .mmi; add r10=256+128+0,sp - add r11=256+128+8,sp - add $len=-17,$len };; -___ -for($i=0;$i<8;$i++) { # generate first half of Hshr4[] -my ($rlo,$rhi)=("r".eval(16+2*$i),"r".eval(16+2*$i+1)); -$code.=<<___; -{ .mmi; st8 [r8]=$rlo,16 // Htable[$i].lo - st8 [r9]=$rhi,16 // Htable[$i].hi - shrp $rlo=$rhi,$rlo,4 }//;; -{ .mmi; stf8 [r10]=f`32+2*$i`,16 // Htable[`8+$i`].lo - stf8 [r11]=f`32+2*$i+1`,16 // Htable[`8+$i`].hi - shr.u $rhi=$rhi,4 };; -{ .mmi; st8 [r14]=$rlo,16 // Htable[$i].lo>>4 - st8 [r15]=$rhi,16 }//;; // Htable[$i].hi>>4 -___ -} -$code.=<<___; -{ .mmi; ld8 r16=[r8],16 // Htable[8].lo - ld8 r17=[r9],16 };; // Htable[8].hi -{ .mmi; ld8 r18=[r8],16 // Htable[9].lo - ld8 r19=[r9],16 } // Htable[9].hi -{ .mmi; rum 1<<5 // clear um.mfh - shrp r16=r17,r16,4 };; -___ -for($i=0;$i<6;$i++) { # generate second half of Hshr4[] -$code.=<<___; -{ .mmi; ld8 r`20+2*$i`=[r8],16 // Htable[`10+$i`].lo - ld8 r`20+2*$i+1`=[r9],16 // Htable[`10+$i`].hi - shr.u r`16+2*$i+1`=r`16+2*$i+1`,4 };; -{ .mmi; st8 [r14]=r`16+2*$i`,16 // Htable[`8+$i`].lo>>4 - st8 [r15]=r`16+2*$i+1`,16 // Htable[`8+$i`].hi>>4 - shrp r`18+2*$i`=r`18+2*$i+1`,r`18+2*$i`,4 } -___ -} -$code.=<<___; -{ .mmi; shr.u r`16+2*$i+1`=r`16+2*$i+1`,4 };; -{ .mmi; st8 [r14]=r`16+2*$i`,16 // Htable[`8+$i`].lo>>4 - st8 [r15]=r`16+2*$i+1`,16 // Htable[`8+$i`].hi>>4 - shrp r`18+2*$i`=r`18+2*$i+1`,r`18+2*$i`,4 } -{ .mmi; add $Htbl=256,sp // &Htable[0] - add $rem_8bit=rem_8bit#-gcm_ghash_4bit#,$rem_8bit - shr.u r`18+2*$i+1`=r`18+2*$i+1`,4 };; -{ .mmi; st8 [r14]=r`18+2*$i` // Htable[`8+$i`].lo>>4 - st8 [r15]=r`18+2*$i+1` } // Htable[`8+$i`].hi>>4 -___ - -$in="r15"; -@xi=("r16","r17"); -@rem=("r18","r19"); -($Alo,$Ahi,$Blo,$Bhi,$Zlo,$Zhi)=("r20","r21","r22","r23","r24","r25"); -($Atbl,$Btbl)=("r26","r27"); - -$code.=<<___; # (p16) -{ .mmi; ld1 $in=[$inp],-1 //(p16) *inp-- - ld1 $xi[0]=[$Xip],-1 //(p16) *Xi-- - cmp.eq p0,p6=r0,r0 };; // clear p6 -___ -push (@xi,shift(@xi)); push (@rem,shift(@rem)); # "rotate" registers - -$code.=<<___; # (p16),(p17) -{ .mmi; ld1 $xi[0]=[$Xip],-1 //(p16) *Xi-- - xor $xi[1]=$xi[1],$in };; //(p17) xi=$xi[i]^inp[i] -{ .mii; ld1 $in=[$inp],-1 //(p16) *inp-- - dep $Atbl=$xi[1],$Htbl,4,4 //(p17) &Htable[nlo].lo - and $xi[1]=-16,$xi[1] };; //(p17) nhi=xi&0xf0 -.align 32 -.LOOP: -{ .mmi; -(p6) st8 [$Xip]=$Zhi,13 - xor $Zlo=$Zlo,$Zlo - add $Btbl=$xi[1],$Htbl };; //(p17) &Htable[nhi].lo -___ -push (@xi,shift(@xi)); push (@rem,shift(@rem)); # "rotate" registers - -$code.=<<___; # (p16),(p17),(p18) -{ .mmi; ld8 $Alo=[$Atbl],8 //(p18) Htable[nlo].lo,&Htable[nlo].hi - ld8 $rem[0]=[$Btbl],-256 //(p18) Htable[nhi].lo,&Hshr4[nhi].lo - xor $xi[1]=$xi[1],$in };; //(p17) xi=$xi[i]^inp[i] -{ .mfi; ld8 $Ahi=[$Atbl] //(p18) Htable[nlo].hi - dep $Atbl=$xi[1],$Htbl,4,4 } //(p17) &Htable[nlo].lo -{ .mfi; shladd $rem[0]=$rem[0],4,r0 //(p18) Htable[nhi].lo<<4 - xor $Zlo=$Zlo,$Alo };; //(p18) Z.lo^=Htable[nlo].lo -{ .mmi; ld8 $Blo=[$Btbl],8 //(p18) Hshr4[nhi].lo,&Hshr4[nhi].hi - ld1 $in=[$inp],-1 } //(p16) *inp-- -{ .mmi; xor $rem[0]=$rem[0],$Zlo //(p18) Z.lo^(Htable[nhi].lo<<4) - mov $Zhi=$Ahi //(p18) Z.hi^=Htable[nlo].hi - and $xi[1]=-16,$xi[1] };; //(p17) nhi=xi&0xf0 -{ .mmi; ld8 $Bhi=[$Btbl] //(p18) Hshr4[nhi].hi - ld1 $xi[0]=[$Xip],-1 //(p16) *Xi-- - shrp $Zlo=$Zhi,$Zlo,8 } //(p18) Z.lo=(Z.hi<<56)|(Z.lo>>8) -{ .mmi; and $rem[0]=$rem[0],$mask0xff //(p18) rem=($Zlo^(Htable[nhi].lo<<4))&0xff - add $Btbl=$xi[1],$Htbl };; //(p17) &Htable[nhi] -___ -push (@xi,shift(@xi)); push (@rem,shift(@rem)); # "rotate" registers - -for ($i=1;$i<14;$i++) { -# Above and below fragments are derived from this one by removing -# unsuitable (p??) instructions. -$code.=<<___; # (p16),(p17),(p18),(p19) -{ .mmi; ld8 $Alo=[$Atbl],8 //(p18) Htable[nlo].lo,&Htable[nlo].hi - ld8 $rem[0]=[$Btbl],-256 //(p18) Htable[nhi].lo,&Hshr4[nhi].lo - shr.u $Zhi=$Zhi,8 } //(p19) Z.hi>>=8 -{ .mmi; shladd $rem[1]=$rem[1],1,$rem_8bit //(p19) &rem_8bit[rem] - xor $Zlo=$Zlo,$Blo //(p19) Z.lo^=Hshr4[nhi].lo - xor $xi[1]=$xi[1],$in };; //(p17) xi=$xi[i]^inp[i] -{ .mmi; ld8 $Ahi=[$Atbl] //(p18) Htable[nlo].hi - ld2 $rem[1]=[$rem[1]] //(p19) rem_8bit[rem] - dep $Atbl=$xi[1],$Htbl,4,4 } //(p17) &Htable[nlo].lo -{ .mmi; shladd $rem[0]=$rem[0],4,r0 //(p18) Htable[nhi].lo<<4 - xor $Zlo=$Zlo,$Alo //(p18) Z.lo^=Htable[nlo].lo - xor $Zhi=$Zhi,$Bhi };; //(p19) Z.hi^=Hshr4[nhi].hi -{ .mmi; ld8 $Blo=[$Btbl],8 //(p18) Hshr4[nhi].lo,&Hshr4[nhi].hi - ld1 $in=[$inp],-1 //(p16) *inp-- - shl $rem[1]=$rem[1],48 } //(p19) rem_8bit[rem]<<48 -{ .mmi; xor $rem[0]=$rem[0],$Zlo //(p18) Z.lo^(Htable[nhi].lo<<4) - xor $Zhi=$Zhi,$Ahi //(p18) Z.hi^=Htable[nlo].hi - and $xi[1]=-16,$xi[1] };; //(p17) nhi=xi&0xf0 -{ .mmi; ld8 $Bhi=[$Btbl] //(p18) Hshr4[nhi].hi - ld1 $xi[0]=[$Xip],-1 //(p16) *Xi-- - shrp $Zlo=$Zhi,$Zlo,8 } //(p18) Z.lo=(Z.hi<<56)|(Z.lo>>8) -{ .mmi; and $rem[0]=$rem[0],$mask0xff //(p18) rem=($Zlo^(Htable[nhi].lo<<4))&0xff - xor $Zhi=$Zhi,$rem[1] //(p19) Z.hi^=rem_8bit[rem]<<48 - add $Btbl=$xi[1],$Htbl };; //(p17) &Htable[nhi] -___ -push (@xi,shift(@xi)); push (@rem,shift(@rem)); # "rotate" registers -} - -$code.=<<___; # (p17),(p18),(p19) -{ .mmi; ld8 $Alo=[$Atbl],8 //(p18) Htable[nlo].lo,&Htable[nlo].hi - ld8 $rem[0]=[$Btbl],-256 //(p18) Htable[nhi].lo,&Hshr4[nhi].lo - shr.u $Zhi=$Zhi,8 } //(p19) Z.hi>>=8 -{ .mmi; shladd $rem[1]=$rem[1],1,$rem_8bit //(p19) &rem_8bit[rem] - xor $Zlo=$Zlo,$Blo //(p19) Z.lo^=Hshr4[nhi].lo - xor $xi[1]=$xi[1],$in };; //(p17) xi=$xi[i]^inp[i] -{ .mmi; ld8 $Ahi=[$Atbl] //(p18) Htable[nlo].hi - ld2 $rem[1]=[$rem[1]] //(p19) rem_8bit[rem] - dep $Atbl=$xi[1],$Htbl,4,4 };; //(p17) &Htable[nlo].lo -{ .mmi; shladd $rem[0]=$rem[0],4,r0 //(p18) Htable[nhi].lo<<4 - xor $Zlo=$Zlo,$Alo //(p18) Z.lo^=Htable[nlo].lo - xor $Zhi=$Zhi,$Bhi };; //(p19) Z.hi^=Hshr4[nhi].hi -{ .mmi; ld8 $Blo=[$Btbl],8 //(p18) Hshr4[nhi].lo,&Hshr4[nhi].hi - shl $rem[1]=$rem[1],48 } //(p19) rem_8bit[rem]<<48 -{ .mmi; xor $rem[0]=$rem[0],$Zlo //(p18) Z.lo^(Htable[nhi].lo<<4) - xor $Zhi=$Zhi,$Ahi //(p18) Z.hi^=Htable[nlo].hi - and $xi[1]=-16,$xi[1] };; //(p17) nhi=xi&0xf0 -{ .mmi; ld8 $Bhi=[$Btbl] //(p18) Hshr4[nhi].hi - shrp $Zlo=$Zhi,$Zlo,8 } //(p18) Z.lo=(Z.hi<<56)|(Z.lo>>8) -{ .mmi; and $rem[0]=$rem[0],$mask0xff //(p18) rem=($Zlo^(Htable[nhi].lo<<4))&0xff - xor $Zhi=$Zhi,$rem[1] //(p19) Z.hi^=rem_8bit[rem]<<48 - add $Btbl=$xi[1],$Htbl };; //(p17) &Htable[nhi] -___ -push (@xi,shift(@xi)); push (@rem,shift(@rem)); # "rotate" registers - -$code.=<<___; # (p18),(p19) -{ .mfi; ld8 $Alo=[$Atbl],8 //(p18) Htable[nlo].lo,&Htable[nlo].hi - shr.u $Zhi=$Zhi,8 } //(p19) Z.hi>>=8 -{ .mfi; shladd $rem[1]=$rem[1],1,$rem_8bit //(p19) &rem_8bit[rem] - xor $Zlo=$Zlo,$Blo };; //(p19) Z.lo^=Hshr4[nhi].lo -{ .mfi; ld8 $Ahi=[$Atbl] //(p18) Htable[nlo].hi - xor $Zlo=$Zlo,$Alo } //(p18) Z.lo^=Htable[nlo].lo -{ .mfi; ld2 $rem[1]=[$rem[1]] //(p19) rem_8bit[rem] - xor $Zhi=$Zhi,$Bhi };; //(p19) Z.hi^=Hshr4[nhi].hi -{ .mfi; ld8 $Blo=[$Btbl],8 //(p18) Htable[nhi].lo,&Htable[nhi].hi - shl $rem[1]=$rem[1],48 } //(p19) rem_8bit[rem]<<48 -{ .mfi; shladd $rem[0]=$Zlo,4,r0 //(p18) Z.lo<<4 - xor $Zhi=$Zhi,$Ahi };; //(p18) Z.hi^=Htable[nlo].hi -{ .mfi; ld8 $Bhi=[$Btbl] //(p18) Htable[nhi].hi - shrp $Zlo=$Zhi,$Zlo,4 } //(p18) Z.lo=(Z.hi<<60)|(Z.lo>>4) -{ .mfi; and $rem[0]=$rem[0],$mask0xff //(p18) rem=($Zlo^(Htable[nhi].lo<<4))&0xff - xor $Zhi=$Zhi,$rem[1] };; //(p19) Z.hi^=rem_8bit[rem]<<48 -___ -push (@xi,shift(@xi)); push (@rem,shift(@rem)); # "rotate" registers - -$code.=<<___; # (p19) -{ .mmi; cmp.ltu p6,p0=$inp,$len - add $inp=32,$inp - shr.u $Zhi=$Zhi,4 } //(p19) Z.hi>>=4 -{ .mmi; shladd $rem[1]=$rem[1],1,$rem_8bit //(p19) &rem_8bit[rem] - xor $Zlo=$Zlo,$Blo //(p19) Z.lo^=Hshr4[nhi].lo - add $Xip=9,$Xip };; // &Xi.lo -{ .mmi; ld2 $rem[1]=[$rem[1]] //(p19) rem_8bit[rem] -(p6) ld1 $in=[$inp],-1 //[p16] *inp-- -(p6) extr.u $xi[1]=$Zlo,8,8 } //[p17] Xi[14] -{ .mmi; xor $Zhi=$Zhi,$Bhi //(p19) Z.hi^=Hshr4[nhi].hi -(p6) and $xi[0]=$Zlo,$mask0xff };; //[p16] Xi[15] -{ .mmi; st8 [$Xip]=$Zlo,-8 -(p6) xor $xi[0]=$xi[0],$in //[p17] xi=$xi[i]^inp[i] - shl $rem[1]=$rem[1],48 };; //(p19) rem_8bit[rem]<<48 -{ .mmi; -(p6) ld1 $in=[$inp],-1 //[p16] *inp-- - xor $Zhi=$Zhi,$rem[1] //(p19) Z.hi^=rem_8bit[rem]<<48 -(p6) dep $Atbl=$xi[0],$Htbl,4,4 } //[p17] &Htable[nlo].lo -{ .mib; -(p6) and $xi[0]=-16,$xi[0] //[p17] nhi=xi&0xf0 -(p6) br.cond.dptk.many .LOOP };; - -{ .mib; st8 [$Xip]=$Zhi };; -{ .mib; $rum 1<<1 // return to little-endian - .restore sp - mov sp=prevsp - br.ret.sptk.many b0 };; -.endp gcm_ghash_4bit# -___ -$code.=<<___; -.align 128 -.type rem_4bit#,\@object -rem_4bit: - data8 0x0000<<48, 0x1C20<<48, 0x3840<<48, 0x2460<<48 - data8 0x7080<<48, 0x6CA0<<48, 0x48C0<<48, 0x54E0<<48 - data8 0xE100<<48, 0xFD20<<48, 0xD940<<48, 0xC560<<48 - data8 0x9180<<48, 0x8DA0<<48, 0xA9C0<<48, 0xB5E0<<48 -.size rem_4bit#,128 -.type rem_8bit#,\@object -rem_8bit: - data1 0x00,0x00, 0x01,0xC2, 0x03,0x84, 0x02,0x46, 0x07,0x08, 0x06,0xCA, 0x04,0x8C, 0x05,0x4E - data1 0x0E,0x10, 0x0F,0xD2, 0x0D,0x94, 0x0C,0x56, 0x09,0x18, 0x08,0xDA, 0x0A,0x9C, 0x0B,0x5E - data1 0x1C,0x20, 0x1D,0xE2, 0x1F,0xA4, 0x1E,0x66, 0x1B,0x28, 0x1A,0xEA, 0x18,0xAC, 0x19,0x6E - data1 0x12,0x30, 0x13,0xF2, 0x11,0xB4, 0x10,0x76, 0x15,0x38, 0x14,0xFA, 0x16,0xBC, 0x17,0x7E - data1 0x38,0x40, 0x39,0x82, 0x3B,0xC4, 0x3A,0x06, 0x3F,0x48, 0x3E,0x8A, 0x3C,0xCC, 0x3D,0x0E - data1 0x36,0x50, 0x37,0x92, 0x35,0xD4, 0x34,0x16, 0x31,0x58, 0x30,0x9A, 0x32,0xDC, 0x33,0x1E - data1 0x24,0x60, 0x25,0xA2, 0x27,0xE4, 0x26,0x26, 0x23,0x68, 0x22,0xAA, 0x20,0xEC, 0x21,0x2E - data1 0x2A,0x70, 0x2B,0xB2, 0x29,0xF4, 0x28,0x36, 0x2D,0x78, 0x2C,0xBA, 0x2E,0xFC, 0x2F,0x3E - data1 0x70,0x80, 0x71,0x42, 0x73,0x04, 0x72,0xC6, 0x77,0x88, 0x76,0x4A, 0x74,0x0C, 0x75,0xCE - data1 0x7E,0x90, 0x7F,0x52, 0x7D,0x14, 0x7C,0xD6, 0x79,0x98, 0x78,0x5A, 0x7A,0x1C, 0x7B,0xDE - data1 0x6C,0xA0, 0x6D,0x62, 0x6F,0x24, 0x6E,0xE6, 0x6B,0xA8, 0x6A,0x6A, 0x68,0x2C, 0x69,0xEE - data1 0x62,0xB0, 0x63,0x72, 0x61,0x34, 0x60,0xF6, 0x65,0xB8, 0x64,0x7A, 0x66,0x3C, 0x67,0xFE - data1 0x48,0xC0, 0x49,0x02, 0x4B,0x44, 0x4A,0x86, 0x4F,0xC8, 0x4E,0x0A, 0x4C,0x4C, 0x4D,0x8E - data1 0x46,0xD0, 0x47,0x12, 0x45,0x54, 0x44,0x96, 0x41,0xD8, 0x40,0x1A, 0x42,0x5C, 0x43,0x9E - data1 0x54,0xE0, 0x55,0x22, 0x57,0x64, 0x56,0xA6, 0x53,0xE8, 0x52,0x2A, 0x50,0x6C, 0x51,0xAE - data1 0x5A,0xF0, 0x5B,0x32, 0x59,0x74, 0x58,0xB6, 0x5D,0xF8, 0x5C,0x3A, 0x5E,0x7C, 0x5F,0xBE - data1 0xE1,0x00, 0xE0,0xC2, 0xE2,0x84, 0xE3,0x46, 0xE6,0x08, 0xE7,0xCA, 0xE5,0x8C, 0xE4,0x4E - data1 0xEF,0x10, 0xEE,0xD2, 0xEC,0x94, 0xED,0x56, 0xE8,0x18, 0xE9,0xDA, 0xEB,0x9C, 0xEA,0x5E - data1 0xFD,0x20, 0xFC,0xE2, 0xFE,0xA4, 0xFF,0x66, 0xFA,0x28, 0xFB,0xEA, 0xF9,0xAC, 0xF8,0x6E - data1 0xF3,0x30, 0xF2,0xF2, 0xF0,0xB4, 0xF1,0x76, 0xF4,0x38, 0xF5,0xFA, 0xF7,0xBC, 0xF6,0x7E - data1 0xD9,0x40, 0xD8,0x82, 0xDA,0xC4, 0xDB,0x06, 0xDE,0x48, 0xDF,0x8A, 0xDD,0xCC, 0xDC,0x0E - data1 0xD7,0x50, 0xD6,0x92, 0xD4,0xD4, 0xD5,0x16, 0xD0,0x58, 0xD1,0x9A, 0xD3,0xDC, 0xD2,0x1E - data1 0xC5,0x60, 0xC4,0xA2, 0xC6,0xE4, 0xC7,0x26, 0xC2,0x68, 0xC3,0xAA, 0xC1,0xEC, 0xC0,0x2E - data1 0xCB,0x70, 0xCA,0xB2, 0xC8,0xF4, 0xC9,0x36, 0xCC,0x78, 0xCD,0xBA, 0xCF,0xFC, 0xCE,0x3E - data1 0x91,0x80, 0x90,0x42, 0x92,0x04, 0x93,0xC6, 0x96,0x88, 0x97,0x4A, 0x95,0x0C, 0x94,0xCE - data1 0x9F,0x90, 0x9E,0x52, 0x9C,0x14, 0x9D,0xD6, 0x98,0x98, 0x99,0x5A, 0x9B,0x1C, 0x9A,0xDE - data1 0x8D,0xA0, 0x8C,0x62, 0x8E,0x24, 0x8F,0xE6, 0x8A,0xA8, 0x8B,0x6A, 0x89,0x2C, 0x88,0xEE - data1 0x83,0xB0, 0x82,0x72, 0x80,0x34, 0x81,0xF6, 0x84,0xB8, 0x85,0x7A, 0x87,0x3C, 0x86,0xFE - data1 0xA9,0xC0, 0xA8,0x02, 0xAA,0x44, 0xAB,0x86, 0xAE,0xC8, 0xAF,0x0A, 0xAD,0x4C, 0xAC,0x8E - data1 0xA7,0xD0, 0xA6,0x12, 0xA4,0x54, 0xA5,0x96, 0xA0,0xD8, 0xA1,0x1A, 0xA3,0x5C, 0xA2,0x9E - data1 0xB5,0xE0, 0xB4,0x22, 0xB6,0x64, 0xB7,0xA6, 0xB2,0xE8, 0xB3,0x2A, 0xB1,0x6C, 0xB0,0xAE - data1 0xBB,0xF0, 0xBA,0x32, 0xB8,0x74, 0xB9,0xB6, 0xBC,0xF8, 0xBD,0x3A, 0xBF,0x7C, 0xBE,0xBE -.size rem_8bit#,512 -stringz "GHASH for IA64, CRYPTOGAMS by " -___ - -$code =~ s/mux1(\s+)\S+\@rev/nop.i$1 0x0/gm if ($big_endian); -$code =~ s/\`([^\`]*)\`/eval $1/gem; - -print $code; -close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/modes/asm/ghash-parisc.pl b/crypto/modes/asm/ghash-parisc.pl deleted file mode 100644 index 7b5cc2f16e38c0516c55c06ae23514b3bc4b6fb5..0000000000000000000000000000000000000000 --- a/crypto/modes/asm/ghash-parisc.pl +++ /dev/null @@ -1,751 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2010-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - -# -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# ==================================================================== -# -# April 2010 -# -# The module implements "4-bit" GCM GHASH function and underlying -# single multiplication operation in GF(2^128). "4-bit" means that it -# uses 256 bytes per-key table [+128 bytes shared table]. On PA-7100LC -# it processes one byte in 19.6 cycles, which is more than twice as -# fast as code generated by gcc 3.2. PA-RISC 2.0 loop is scheduled for -# 8 cycles, but measured performance on PA-8600 system is ~9 cycles per -# processed byte. This is ~2.2x faster than 64-bit code generated by -# vendor compiler (which used to be very hard to beat:-). -# -# Special thanks to polarhome.com for providing HP-UX account. - -# $output is the last argument if it looks like a file (it has an extension) -# $flavour is the first argument if it doesn't look like a file -$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; -$flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef; - -$output and open STDOUT,">$output"; - -if ($flavour =~ /64/) { - $LEVEL ="2.0W"; - $SIZE_T =8; - $FRAME_MARKER =80; - $SAVED_RP =16; - $PUSH ="std"; - $PUSHMA ="std,ma"; - $POP ="ldd"; - $POPMB ="ldd,mb"; - $NREGS =6; -} else { - $LEVEL ="1.0"; #"\n\t.ALLOW\t2.0"; - $SIZE_T =4; - $FRAME_MARKER =48; - $SAVED_RP =20; - $PUSH ="stw"; - $PUSHMA ="stwm"; - $POP ="ldw"; - $POPMB ="ldwm"; - $NREGS =11; -} - -$FRAME=10*$SIZE_T+$FRAME_MARKER;# NREGS saved regs + frame marker - # [+ argument transfer] - -################# volatile registers -$Xi="%r26"; # argument block -$Htbl="%r25"; -$inp="%r24"; -$len="%r23"; -$Hhh=$Htbl; # variables -$Hll="%r22"; -$Zhh="%r21"; -$Zll="%r20"; -$cnt="%r19"; -$rem_4bit="%r28"; -$rem="%r29"; -$mask0xf0="%r31"; - -################# preserved registers -$Thh="%r1"; -$Tll="%r2"; -$nlo="%r3"; -$nhi="%r4"; -$byte="%r5"; -if ($SIZE_T==4) { - $Zhl="%r6"; - $Zlh="%r7"; - $Hhl="%r8"; - $Hlh="%r9"; - $Thl="%r10"; - $Tlh="%r11"; -} -$rem2="%r6"; # used in PA-RISC 2.0 code - -$code.=<<___; - .LEVEL $LEVEL - .SPACE \$TEXT\$ - .SUBSPA \$CODE\$,QUAD=0,ALIGN=8,ACCESS=0x2C,CODE_ONLY - - .EXPORT gcm_gmult_4bit,ENTRY,ARGW0=GR,ARGW1=GR - .ALIGN 64 -gcm_gmult_4bit - .PROC - .CALLINFO FRAME=`$FRAME-10*$SIZE_T`,NO_CALLS,SAVE_RP,ENTRY_GR=$NREGS - .ENTRY - $PUSH %r2,-$SAVED_RP(%sp) ; standard prologue - $PUSHMA %r3,$FRAME(%sp) - $PUSH %r4,`-$FRAME+1*$SIZE_T`(%sp) - $PUSH %r5,`-$FRAME+2*$SIZE_T`(%sp) - $PUSH %r6,`-$FRAME+3*$SIZE_T`(%sp) -___ -$code.=<<___ if ($SIZE_T==4); - $PUSH %r7,`-$FRAME+4*$SIZE_T`(%sp) - $PUSH %r8,`-$FRAME+5*$SIZE_T`(%sp) - $PUSH %r9,`-$FRAME+6*$SIZE_T`(%sp) - $PUSH %r10,`-$FRAME+7*$SIZE_T`(%sp) - $PUSH %r11,`-$FRAME+8*$SIZE_T`(%sp) -___ -$code.=<<___; - blr %r0,$rem_4bit - ldi 3,$rem -L\$pic_gmult - andcm $rem_4bit,$rem,$rem_4bit - addl $inp,$len,$len - ldo L\$rem_4bit-L\$pic_gmult($rem_4bit),$rem_4bit - ldi 0xf0,$mask0xf0 -___ -$code.=<<___ if ($SIZE_T==4); - ldi 31,$rem - mtctl $rem,%cr11 - extrd,u,*= $rem,%sar,1,$rem ; executes on PA-RISC 1.0 - b L\$parisc1_gmult - nop -___ - -$code.=<<___; - ldb 15($Xi),$nlo - ldo 8($Htbl),$Hll - - and $mask0xf0,$nlo,$nhi - depd,z $nlo,59,4,$nlo - - ldd $nlo($Hll),$Zll - ldd $nlo($Hhh),$Zhh - - depd,z $Zll,60,4,$rem - shrpd $Zhh,$Zll,4,$Zll - extrd,u $Zhh,59,60,$Zhh - ldb 14($Xi),$nlo - - ldd $nhi($Hll),$Tll - ldd $nhi($Hhh),$Thh - and $mask0xf0,$nlo,$nhi - depd,z $nlo,59,4,$nlo - - xor $Tll,$Zll,$Zll - xor $Thh,$Zhh,$Zhh - ldd $rem($rem_4bit),$rem - b L\$oop_gmult_pa2 - ldi 13,$cnt - - .ALIGN 8 -L\$oop_gmult_pa2 - xor $rem,$Zhh,$Zhh ; moved here to work around gas bug - depd,z $Zll,60,4,$rem - - shrpd $Zhh,$Zll,4,$Zll - extrd,u $Zhh,59,60,$Zhh - ldd $nlo($Hll),$Tll - ldd $nlo($Hhh),$Thh - - xor $Tll,$Zll,$Zll - xor $Thh,$Zhh,$Zhh - ldd $rem($rem_4bit),$rem - - xor $rem,$Zhh,$Zhh - depd,z $Zll,60,4,$rem - ldbx $cnt($Xi),$nlo - - shrpd $Zhh,$Zll,4,$Zll - extrd,u $Zhh,59,60,$Zhh - ldd $nhi($Hll),$Tll - ldd $nhi($Hhh),$Thh - - and $mask0xf0,$nlo,$nhi - depd,z $nlo,59,4,$nlo - ldd $rem($rem_4bit),$rem - - xor $Tll,$Zll,$Zll - addib,uv -1,$cnt,L\$oop_gmult_pa2 - xor $Thh,$Zhh,$Zhh - - xor $rem,$Zhh,$Zhh - depd,z $Zll,60,4,$rem - - shrpd $Zhh,$Zll,4,$Zll - extrd,u $Zhh,59,60,$Zhh - ldd $nlo($Hll),$Tll - ldd $nlo($Hhh),$Thh - - xor $Tll,$Zll,$Zll - xor $Thh,$Zhh,$Zhh - ldd $rem($rem_4bit),$rem - - xor $rem,$Zhh,$Zhh - depd,z $Zll,60,4,$rem - - shrpd $Zhh,$Zll,4,$Zll - extrd,u $Zhh,59,60,$Zhh - ldd $nhi($Hll),$Tll - ldd $nhi($Hhh),$Thh - - xor $Tll,$Zll,$Zll - xor $Thh,$Zhh,$Zhh - ldd $rem($rem_4bit),$rem - - xor $rem,$Zhh,$Zhh - std $Zll,8($Xi) - std $Zhh,0($Xi) -___ - -$code.=<<___ if ($SIZE_T==4); - b L\$done_gmult - nop - -L\$parisc1_gmult - ldb 15($Xi),$nlo - ldo 12($Htbl),$Hll - ldo 8($Htbl),$Hlh - ldo 4($Htbl),$Hhl - - and $mask0xf0,$nlo,$nhi - zdep $nlo,27,4,$nlo - - ldwx $nlo($Hll),$Zll - ldwx $nlo($Hlh),$Zlh - ldwx $nlo($Hhl),$Zhl - ldwx $nlo($Hhh),$Zhh - zdep $Zll,28,4,$rem - ldb 14($Xi),$nlo - ldwx $rem($rem_4bit),$rem - shrpw $Zlh,$Zll,4,$Zll - ldwx $nhi($Hll),$Tll - shrpw $Zhl,$Zlh,4,$Zlh - ldwx $nhi($Hlh),$Tlh - shrpw $Zhh,$Zhl,4,$Zhl - ldwx $nhi($Hhl),$Thl - extru $Zhh,27,28,$Zhh - ldwx $nhi($Hhh),$Thh - xor $rem,$Zhh,$Zhh - and $mask0xf0,$nlo,$nhi - zdep $nlo,27,4,$nlo - - xor $Tll,$Zll,$Zll - ldwx $nlo($Hll),$Tll - xor $Tlh,$Zlh,$Zlh - ldwx $nlo($Hlh),$Tlh - xor $Thl,$Zhl,$Zhl - b L\$oop_gmult_pa1 - ldi 13,$cnt - - .ALIGN 8 -L\$oop_gmult_pa1 - zdep $Zll,28,4,$rem - ldwx $nlo($Hhl),$Thl - xor $Thh,$Zhh,$Zhh - ldwx $rem($rem_4bit),$rem - shrpw $Zlh,$Zll,4,$Zll - ldwx $nlo($Hhh),$Thh - shrpw $Zhl,$Zlh,4,$Zlh - ldbx $cnt($Xi),$nlo - xor $Tll,$Zll,$Zll - ldwx $nhi($Hll),$Tll - shrpw $Zhh,$Zhl,4,$Zhl - xor $Tlh,$Zlh,$Zlh - ldwx $nhi($Hlh),$Tlh - extru $Zhh,27,28,$Zhh - xor $Thl,$Zhl,$Zhl - ldwx $nhi($Hhl),$Thl - xor $rem,$Zhh,$Zhh - zdep $Zll,28,4,$rem - xor $Thh,$Zhh,$Zhh - ldwx $nhi($Hhh),$Thh - shrpw $Zlh,$Zll,4,$Zll - ldwx $rem($rem_4bit),$rem - shrpw $Zhl,$Zlh,4,$Zlh - shrpw $Zhh,$Zhl,4,$Zhl - and $mask0xf0,$nlo,$nhi - extru $Zhh,27,28,$Zhh - zdep $nlo,27,4,$nlo - xor $Tll,$Zll,$Zll - ldwx $nlo($Hll),$Tll - xor $Tlh,$Zlh,$Zlh - ldwx $nlo($Hlh),$Tlh - xor $rem,$Zhh,$Zhh - addib,uv -1,$cnt,L\$oop_gmult_pa1 - xor $Thl,$Zhl,$Zhl - - zdep $Zll,28,4,$rem - ldwx $nlo($Hhl),$Thl - xor $Thh,$Zhh,$Zhh - ldwx $rem($rem_4bit),$rem - shrpw $Zlh,$Zll,4,$Zll - ldwx $nlo($Hhh),$Thh - shrpw $Zhl,$Zlh,4,$Zlh - xor $Tll,$Zll,$Zll - ldwx $nhi($Hll),$Tll - shrpw $Zhh,$Zhl,4,$Zhl - xor $Tlh,$Zlh,$Zlh - ldwx $nhi($Hlh),$Tlh - extru $Zhh,27,28,$Zhh - xor $rem,$Zhh,$Zhh - xor $Thl,$Zhl,$Zhl - ldwx $nhi($Hhl),$Thl - xor $Thh,$Zhh,$Zhh - ldwx $nhi($Hhh),$Thh - zdep $Zll,28,4,$rem - ldwx $rem($rem_4bit),$rem - shrpw $Zlh,$Zll,4,$Zll - shrpw $Zhl,$Zlh,4,$Zlh - shrpw $Zhh,$Zhl,4,$Zhl - extru $Zhh,27,28,$Zhh - xor $Tll,$Zll,$Zll - xor $Tlh,$Zlh,$Zlh - xor $rem,$Zhh,$Zhh - stw $Zll,12($Xi) - xor $Thl,$Zhl,$Zhl - stw $Zlh,8($Xi) - xor $Thh,$Zhh,$Zhh - stw $Zhl,4($Xi) - stw $Zhh,0($Xi) -___ -$code.=<<___; -L\$done_gmult - $POP `-$FRAME-$SAVED_RP`(%sp),%r2 ; standard epilogue - $POP `-$FRAME+1*$SIZE_T`(%sp),%r4 - $POP `-$FRAME+2*$SIZE_T`(%sp),%r5 - $POP `-$FRAME+3*$SIZE_T`(%sp),%r6 -___ -$code.=<<___ if ($SIZE_T==4); - $POP `-$FRAME+4*$SIZE_T`(%sp),%r7 - $POP `-$FRAME+5*$SIZE_T`(%sp),%r8 - $POP `-$FRAME+6*$SIZE_T`(%sp),%r9 - $POP `-$FRAME+7*$SIZE_T`(%sp),%r10 - $POP `-$FRAME+8*$SIZE_T`(%sp),%r11 -___ -$code.=<<___; - bv (%r2) - .EXIT - $POPMB -$FRAME(%sp),%r3 - .PROCEND - - .EXPORT gcm_ghash_4bit,ENTRY,ARGW0=GR,ARGW1=GR,ARGW2=GR,ARGW3=GR - .ALIGN 64 -gcm_ghash_4bit - .PROC - .CALLINFO FRAME=`$FRAME-10*$SIZE_T`,NO_CALLS,SAVE_RP,ENTRY_GR=11 - .ENTRY - $PUSH %r2,-$SAVED_RP(%sp) ; standard prologue - $PUSHMA %r3,$FRAME(%sp) - $PUSH %r4,`-$FRAME+1*$SIZE_T`(%sp) - $PUSH %r5,`-$FRAME+2*$SIZE_T`(%sp) - $PUSH %r6,`-$FRAME+3*$SIZE_T`(%sp) -___ -$code.=<<___ if ($SIZE_T==4); - $PUSH %r7,`-$FRAME+4*$SIZE_T`(%sp) - $PUSH %r8,`-$FRAME+5*$SIZE_T`(%sp) - $PUSH %r9,`-$FRAME+6*$SIZE_T`(%sp) - $PUSH %r10,`-$FRAME+7*$SIZE_T`(%sp) - $PUSH %r11,`-$FRAME+8*$SIZE_T`(%sp) -___ -$code.=<<___; - blr %r0,$rem_4bit - ldi 3,$rem -L\$pic_ghash - andcm $rem_4bit,$rem,$rem_4bit - addl $inp,$len,$len - ldo L\$rem_4bit-L\$pic_ghash($rem_4bit),$rem_4bit - ldi 0xf0,$mask0xf0 -___ -$code.=<<___ if ($SIZE_T==4); - ldi 31,$rem - mtctl $rem,%cr11 - extrd,u,*= $rem,%sar,1,$rem ; executes on PA-RISC 1.0 - b L\$parisc1_ghash - nop -___ - -$code.=<<___; - ldb 15($Xi),$nlo - ldo 8($Htbl),$Hll - -L\$outer_ghash_pa2 - ldb 15($inp),$nhi - xor $nhi,$nlo,$nlo - and $mask0xf0,$nlo,$nhi - depd,z $nlo,59,4,$nlo - - ldd $nlo($Hll),$Zll - ldd $nlo($Hhh),$Zhh - - depd,z $Zll,60,4,$rem - shrpd $Zhh,$Zll,4,$Zll - extrd,u $Zhh,59,60,$Zhh - ldb 14($Xi),$nlo - ldb 14($inp),$byte - - ldd $nhi($Hll),$Tll - ldd $nhi($Hhh),$Thh - xor $byte,$nlo,$nlo - and $mask0xf0,$nlo,$nhi - depd,z $nlo,59,4,$nlo - - xor $Tll,$Zll,$Zll - xor $Thh,$Zhh,$Zhh - ldd $rem($rem_4bit),$rem - b L\$oop_ghash_pa2 - ldi 13,$cnt - - .ALIGN 8 -L\$oop_ghash_pa2 - xor $rem,$Zhh,$Zhh ; moved here to work around gas bug - depd,z $Zll,60,4,$rem2 - - shrpd $Zhh,$Zll,4,$Zll - extrd,u $Zhh,59,60,$Zhh - ldd $nlo($Hll),$Tll - ldd $nlo($Hhh),$Thh - - xor $Tll,$Zll,$Zll - xor $Thh,$Zhh,$Zhh - ldbx $cnt($Xi),$nlo - ldbx $cnt($inp),$byte - - depd,z $Zll,60,4,$rem - shrpd $Zhh,$Zll,4,$Zll - ldd $rem2($rem_4bit),$rem2 - - xor $rem2,$Zhh,$Zhh - xor $byte,$nlo,$nlo - ldd $nhi($Hll),$Tll - ldd $nhi($Hhh),$Thh - - and $mask0xf0,$nlo,$nhi - depd,z $nlo,59,4,$nlo - - extrd,u $Zhh,59,60,$Zhh - xor $Tll,$Zll,$Zll - - ldd $rem($rem_4bit),$rem - addib,uv -1,$cnt,L\$oop_ghash_pa2 - xor $Thh,$Zhh,$Zhh - - xor $rem,$Zhh,$Zhh - depd,z $Zll,60,4,$rem2 - - shrpd $Zhh,$Zll,4,$Zll - extrd,u $Zhh,59,60,$Zhh - ldd $nlo($Hll),$Tll - ldd $nlo($Hhh),$Thh - - xor $Tll,$Zll,$Zll - xor $Thh,$Zhh,$Zhh - - depd,z $Zll,60,4,$rem - shrpd $Zhh,$Zll,4,$Zll - ldd $rem2($rem_4bit),$rem2 - - xor $rem2,$Zhh,$Zhh - ldd $nhi($Hll),$Tll - ldd $nhi($Hhh),$Thh - - extrd,u $Zhh,59,60,$Zhh - xor $Tll,$Zll,$Zll - xor $Thh,$Zhh,$Zhh - ldd $rem($rem_4bit),$rem - - xor $rem,$Zhh,$Zhh - std $Zll,8($Xi) - ldo 16($inp),$inp - std $Zhh,0($Xi) - cmpb,*<> $inp,$len,L\$outer_ghash_pa2 - copy $Zll,$nlo -___ - -$code.=<<___ if ($SIZE_T==4); - b L\$done_ghash - nop - -L\$parisc1_ghash - ldb 15($Xi),$nlo - ldo 12($Htbl),$Hll - ldo 8($Htbl),$Hlh - ldo 4($Htbl),$Hhl - -L\$outer_ghash_pa1 - ldb 15($inp),$byte - xor $byte,$nlo,$nlo - and $mask0xf0,$nlo,$nhi - zdep $nlo,27,4,$nlo - - ldwx $nlo($Hll),$Zll - ldwx $nlo($Hlh),$Zlh - ldwx $nlo($Hhl),$Zhl - ldwx $nlo($Hhh),$Zhh - zdep $Zll,28,4,$rem - ldb 14($Xi),$nlo - ldb 14($inp),$byte - ldwx $rem($rem_4bit),$rem - shrpw $Zlh,$Zll,4,$Zll - ldwx $nhi($Hll),$Tll - shrpw $Zhl,$Zlh,4,$Zlh - ldwx $nhi($Hlh),$Tlh - shrpw $Zhh,$Zhl,4,$Zhl - ldwx $nhi($Hhl),$Thl - extru $Zhh,27,28,$Zhh - ldwx $nhi($Hhh),$Thh - xor $byte,$nlo,$nlo - xor $rem,$Zhh,$Zhh - and $mask0xf0,$nlo,$nhi - zdep $nlo,27,4,$nlo - - xor $Tll,$Zll,$Zll - ldwx $nlo($Hll),$Tll - xor $Tlh,$Zlh,$Zlh - ldwx $nlo($Hlh),$Tlh - xor $Thl,$Zhl,$Zhl - b L\$oop_ghash_pa1 - ldi 13,$cnt - - .ALIGN 8 -L\$oop_ghash_pa1 - zdep $Zll,28,4,$rem - ldwx $nlo($Hhl),$Thl - xor $Thh,$Zhh,$Zhh - ldwx $rem($rem_4bit),$rem - shrpw $Zlh,$Zll,4,$Zll - ldwx $nlo($Hhh),$Thh - shrpw $Zhl,$Zlh,4,$Zlh - ldbx $cnt($Xi),$nlo - xor $Tll,$Zll,$Zll - ldwx $nhi($Hll),$Tll - shrpw $Zhh,$Zhl,4,$Zhl - ldbx $cnt($inp),$byte - xor $Tlh,$Zlh,$Zlh - ldwx $nhi($Hlh),$Tlh - extru $Zhh,27,28,$Zhh - xor $Thl,$Zhl,$Zhl - ldwx $nhi($Hhl),$Thl - xor $rem,$Zhh,$Zhh - zdep $Zll,28,4,$rem - xor $Thh,$Zhh,$Zhh - ldwx $nhi($Hhh),$Thh - shrpw $Zlh,$Zll,4,$Zll - ldwx $rem($rem_4bit),$rem - shrpw $Zhl,$Zlh,4,$Zlh - xor $byte,$nlo,$nlo - shrpw $Zhh,$Zhl,4,$Zhl - and $mask0xf0,$nlo,$nhi - extru $Zhh,27,28,$Zhh - zdep $nlo,27,4,$nlo - xor $Tll,$Zll,$Zll - ldwx $nlo($Hll),$Tll - xor $Tlh,$Zlh,$Zlh - ldwx $nlo($Hlh),$Tlh - xor $rem,$Zhh,$Zhh - addib,uv -1,$cnt,L\$oop_ghash_pa1 - xor $Thl,$Zhl,$Zhl - - zdep $Zll,28,4,$rem - ldwx $nlo($Hhl),$Thl - xor $Thh,$Zhh,$Zhh - ldwx $rem($rem_4bit),$rem - shrpw $Zlh,$Zll,4,$Zll - ldwx $nlo($Hhh),$Thh - shrpw $Zhl,$Zlh,4,$Zlh - xor $Tll,$Zll,$Zll - ldwx $nhi($Hll),$Tll - shrpw $Zhh,$Zhl,4,$Zhl - xor $Tlh,$Zlh,$Zlh - ldwx $nhi($Hlh),$Tlh - extru $Zhh,27,28,$Zhh - xor $rem,$Zhh,$Zhh - xor $Thl,$Zhl,$Zhl - ldwx $nhi($Hhl),$Thl - xor $Thh,$Zhh,$Zhh - ldwx $nhi($Hhh),$Thh - zdep $Zll,28,4,$rem - ldwx $rem($rem_4bit),$rem - shrpw $Zlh,$Zll,4,$Zll - shrpw $Zhl,$Zlh,4,$Zlh - shrpw $Zhh,$Zhl,4,$Zhl - extru $Zhh,27,28,$Zhh - xor $Tll,$Zll,$Zll - xor $Tlh,$Zlh,$Zlh - xor $rem,$Zhh,$Zhh - stw $Zll,12($Xi) - xor $Thl,$Zhl,$Zhl - stw $Zlh,8($Xi) - xor $Thh,$Zhh,$Zhh - stw $Zhl,4($Xi) - ldo 16($inp),$inp - stw $Zhh,0($Xi) - comb,<> $inp,$len,L\$outer_ghash_pa1 - copy $Zll,$nlo -___ -$code.=<<___; -L\$done_ghash - $POP `-$FRAME-$SAVED_RP`(%sp),%r2 ; standard epilogue - $POP `-$FRAME+1*$SIZE_T`(%sp),%r4 - $POP `-$FRAME+2*$SIZE_T`(%sp),%r5 - $POP `-$FRAME+3*$SIZE_T`(%sp),%r6 -___ -$code.=<<___ if ($SIZE_T==4); - $POP `-$FRAME+4*$SIZE_T`(%sp),%r7 - $POP `-$FRAME+5*$SIZE_T`(%sp),%r8 - $POP `-$FRAME+6*$SIZE_T`(%sp),%r9 - $POP `-$FRAME+7*$SIZE_T`(%sp),%r10 - $POP `-$FRAME+8*$SIZE_T`(%sp),%r11 -___ -$code.=<<___; - bv (%r2) - .EXIT - $POPMB -$FRAME(%sp),%r3 - .PROCEND - - .ALIGN 64 -L\$rem_4bit - .WORD `0x0000<<16`,0,`0x1C20<<16`,0,`0x3840<<16`,0,`0x2460<<16`,0 - .WORD `0x7080<<16`,0,`0x6CA0<<16`,0,`0x48C0<<16`,0,`0x54E0<<16`,0 - .WORD `0xE100<<16`,0,`0xFD20<<16`,0,`0xD940<<16`,0,`0xC560<<16`,0 - .WORD `0x9180<<16`,0,`0x8DA0<<16`,0,`0xA9C0<<16`,0,`0xB5E0<<16`,0 - .STRINGZ "GHASH for PA-RISC, GRYPTOGAMS by " - .ALIGN 64 -___ - -# Explicitly encode PA-RISC 2.0 instructions used in this module, so -# that it can be compiled with .LEVEL 1.0. It should be noted that I -# wouldn't have to do this, if GNU assembler understood .ALLOW 2.0 -# directive... - -my $ldd = sub { - my ($mod,$args) = @_; - my $orig = "ldd$mod\t$args"; - - if ($args =~ /%r([0-9]+)\(%r([0-9]+)\),%r([0-9]+)/) # format 4 - { my $opcode=(0x03<<26)|($2<<21)|($1<<16)|(3<<6)|$3; - sprintf "\t.WORD\t0x%08x\t; %s",$opcode,$orig; - } - elsif ($args =~ /(\-?[0-9]+)\(%r([0-9]+)\),%r([0-9]+)/) # format 5 - { my $opcode=(0x03<<26)|($2<<21)|(1<<12)|(3<<6)|$3; - $opcode|=(($1&0xF)<<17)|(($1&0x10)<<12); # encode offset - $opcode|=(1<<5) if ($mod =~ /^,m/); - $opcode|=(1<<13) if ($mod =~ /^,mb/); - sprintf "\t.WORD\t0x%08x\t; %s",$opcode,$orig; - } - else { "\t".$orig; } -}; - -my $std = sub { - my ($mod,$args) = @_; - my $orig = "std$mod\t$args"; - - if ($args =~ /%r([0-9]+),(\-?[0-9]+)\(%r([0-9]+)\)/) # format 3 suffices - { my $opcode=(0x1c<<26)|($3<<21)|($1<<16)|(($2&0x1FF8)<<1)|(($2>>13)&1); - sprintf "\t.WORD\t0x%08x\t; %s",$opcode,$orig; - } - else { "\t".$orig; } -}; - -my $extrd = sub { - my ($mod,$args) = @_; - my $orig = "extrd$mod\t$args"; - - # I only have ",u" completer, it's implicitly encoded... - if ($args =~ /%r([0-9]+),([0-9]+),([0-9]+),%r([0-9]+)/) # format 15 - { my $opcode=(0x36<<26)|($1<<21)|($4<<16); - my $len=32-$3; - $opcode |= (($2&0x20)<<6)|(($2&0x1f)<<5); # encode pos - $opcode |= (($len&0x20)<<7)|($len&0x1f); # encode len - sprintf "\t.WORD\t0x%08x\t; %s",$opcode,$orig; - } - elsif ($args =~ /%r([0-9]+),%sar,([0-9]+),%r([0-9]+)/) # format 12 - { my $opcode=(0x34<<26)|($1<<21)|($3<<16)|(2<<11)|(1<<9); - my $len=32-$2; - $opcode |= (($len&0x20)<<3)|($len&0x1f); # encode len - $opcode |= (1<<13) if ($mod =~ /,\**=/); - sprintf "\t.WORD\t0x%08x\t; %s",$opcode,$orig; - } - else { "\t".$orig; } -}; - -my $shrpd = sub { - my ($mod,$args) = @_; - my $orig = "shrpd$mod\t$args"; - - if ($args =~ /%r([0-9]+),%r([0-9]+),([0-9]+),%r([0-9]+)/) # format 14 - { my $opcode=(0x34<<26)|($2<<21)|($1<<16)|(1<<10)|$4; - my $cpos=63-$3; - $opcode |= (($cpos&0x20)<<6)|(($cpos&0x1f)<<5); # encode sa - sprintf "\t.WORD\t0x%08x\t; %s",$opcode,$orig; - } - elsif ($args =~ /%r([0-9]+),%r([0-9]+),%sar,%r([0-9]+)/) # format 11 - { sprintf "\t.WORD\t0x%08x\t; %s", - (0x34<<26)|($2<<21)|($1<<16)|(1<<9)|$3,$orig; - } - else { "\t".$orig; } -}; - -my $depd = sub { - my ($mod,$args) = @_; - my $orig = "depd$mod\t$args"; - - # I only have ",z" completer, it's implicitly encoded... - if ($args =~ /%r([0-9]+),([0-9]+),([0-9]+),%r([0-9]+)/) # format 16 - { my $opcode=(0x3c<<26)|($4<<21)|($1<<16); - my $cpos=63-$2; - my $len=32-$3; - $opcode |= (($cpos&0x20)<<6)|(($cpos&0x1f)<<5); # encode pos - $opcode |= (($len&0x20)<<7)|($len&0x1f); # encode len - sprintf "\t.WORD\t0x%08x\t; %s",$opcode,$orig; - } - else { "\t".$orig; } -}; - -sub assemble { - my ($mnemonic,$mod,$args)=@_; - my $opcode = eval("\$$mnemonic"); - - ref($opcode) eq 'CODE' ? &$opcode($mod,$args) : "\t$mnemonic$mod\t$args"; -} - -if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1` - =~ /GNU assembler/) { - $gnuas = 1; -} - -foreach (split("\n",$code)) { - s/\`([^\`]*)\`/eval $1/ge; - if ($SIZE_T==4) { - s/^\s+([a-z]+)([\S]*)\s+([\S]*)/&assemble($1,$2,$3)/e; - s/cmpb,\*/comb,/; - s/,\*/,/; - } - - s/(\.LEVEL\s+2\.0)W/$1w/ if ($gnuas && $SIZE_T==8); - s/\.SPACE\s+\$TEXT\$/.text/ if ($gnuas && $SIZE_T==8); - s/\.SUBSPA.*// if ($gnuas && $SIZE_T==8); - s/\bbv\b/bve/ if ($SIZE_T==8); - - print $_,"\n"; -} - -close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/modes/asm/ghash-s390x.pl b/crypto/modes/asm/ghash-s390x.pl deleted file mode 100644 index ba9c5b4a4f4fb5890cca2e39638e659478361472..0000000000000000000000000000000000000000 --- a/crypto/modes/asm/ghash-s390x.pl +++ /dev/null @@ -1,264 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2010-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - - -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# ==================================================================== - -# September 2010. -# -# The module implements "4-bit" GCM GHASH function and underlying -# single multiplication operation in GF(2^128). "4-bit" means that it -# uses 256 bytes per-key table [+128 bytes shared table]. Performance -# was measured to be ~18 cycles per processed byte on z10, which is -# almost 40% better than gcc-generated code. It should be noted that -# 18 cycles is worse result than expected: loop is scheduled for 12 -# and the result should be close to 12. In the lack of instruction- -# level profiling data it's impossible to tell why... - -# November 2010. -# -# Adapt for -m31 build. If kernel supports what's called "highgprs" -# feature on Linux [see /proc/cpuinfo], it's possible to use 64-bit -# instructions and achieve "64-bit" performance even in 31-bit legacy -# application context. The feature is not specific to any particular -# processor, as long as it's "z-CPU". Latter implies that the code -# remains z/Architecture specific. On z990 it was measured to perform -# 2.8x better than 32-bit code generated by gcc 4.3. - -# March 2011. -# -# Support for hardware KIMD-GHASH is verified to produce correct -# result and therefore is engaged. On z196 it was measured to process -# 8KB buffer ~7 faster than software implementation. It's not as -# impressive for smaller buffer sizes and for smallest 16-bytes buffer -# it's actually almost 2 times slower. Which is the reason why -# KIMD-GHASH is not used in gcm_gmult_4bit. - -# $output is the last argument if it looks like a file (it has an extension) -# $flavour is the first argument if it doesn't look like a file -$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; -$flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef; - -if ($flavour =~ /3[12]/) { - $SIZE_T=4; - $g=""; -} else { - $SIZE_T=8; - $g="g"; -} - -$output and open STDOUT,">$output"; - -$softonly=0; - -$Zhi="%r0"; -$Zlo="%r1"; - -$Xi="%r2"; # argument block -$Htbl="%r3"; -$inp="%r4"; -$len="%r5"; - -$rem0="%r6"; # variables -$rem1="%r7"; -$nlo="%r8"; -$nhi="%r9"; -$xi="%r10"; -$cnt="%r11"; -$tmp="%r12"; -$x78="%r13"; -$rem_4bit="%r14"; - -$sp="%r15"; - -$code.=<<___; -#include "s390x_arch.h" - -.text - -.globl gcm_gmult_4bit -.align 32 -gcm_gmult_4bit: -___ -$code.=<<___ if(!$softonly && 0); # hardware is slow for single block... - larl %r1,OPENSSL_s390xcap_P - lghi %r0,0 - lg %r1,S390X_KIMD+8(%r1) # load second word of kimd capabilities - # vector - tmhh %r1,0x4000 # check for function 65 - jz .Lsoft_gmult - stg %r0,16($sp) # arrange 16 bytes of zero input - stg %r0,24($sp) - lghi %r0,S390X_GHASH # function 65 - la %r1,0($Xi) # H lies right after Xi in gcm128_context - la $inp,16($sp) - lghi $len,16 - .long 0xb93e0004 # kimd %r0,$inp - brc 1,.-4 # pay attention to "partial completion" - br %r14 -.align 32 -.Lsoft_gmult: -___ -$code.=<<___; - stm${g} %r6,%r14,6*$SIZE_T($sp) - - aghi $Xi,-1 - lghi $len,1 - lghi $x78,`0xf<<3` - larl $rem_4bit,rem_4bit - - lg $Zlo,8+1($Xi) # Xi - j .Lgmult_shortcut -.type gcm_gmult_4bit,\@function -.size gcm_gmult_4bit,(.-gcm_gmult_4bit) - -.globl gcm_ghash_4bit -.align 32 -gcm_ghash_4bit: -___ -$code.=<<___ if(!$softonly); - larl %r1,OPENSSL_s390xcap_P - lg %r0,S390X_KIMD+8(%r1) # load second word of kimd capabilities - # vector - tmhh %r0,0x4000 # check for function 65 - jz .Lsoft_ghash - lghi %r0,S390X_GHASH # function 65 - la %r1,0($Xi) # H lies right after Xi in gcm128_context - .long 0xb93e0004 # kimd %r0,$inp - brc 1,.-4 # pay attention to "partial completion" - br %r14 -.align 32 -.Lsoft_ghash: -___ -$code.=<<___ if ($flavour =~ /3[12]/); - llgfr $len,$len -___ -$code.=<<___; - stm${g} %r6,%r14,6*$SIZE_T($sp) - - aghi $Xi,-1 - srlg $len,$len,4 - lghi $x78,`0xf<<3` - larl $rem_4bit,rem_4bit - - lg $Zlo,8+1($Xi) # Xi - lg $Zhi,0+1($Xi) - lghi $tmp,0 -.Louter: - xg $Zhi,0($inp) # Xi ^= inp - xg $Zlo,8($inp) - xgr $Zhi,$tmp - stg $Zlo,8+1($Xi) - stg $Zhi,0+1($Xi) - -.Lgmult_shortcut: - lghi $tmp,0xf0 - sllg $nlo,$Zlo,4 - srlg $xi,$Zlo,8 # extract second byte - ngr $nlo,$tmp - lgr $nhi,$Zlo - lghi $cnt,14 - ngr $nhi,$tmp - - lg $Zlo,8($nlo,$Htbl) - lg $Zhi,0($nlo,$Htbl) - - sllg $nlo,$xi,4 - sllg $rem0,$Zlo,3 - ngr $nlo,$tmp - ngr $rem0,$x78 - ngr $xi,$tmp - - sllg $tmp,$Zhi,60 - srlg $Zlo,$Zlo,4 - srlg $Zhi,$Zhi,4 - xg $Zlo,8($nhi,$Htbl) - xg $Zhi,0($nhi,$Htbl) - lgr $nhi,$xi - sllg $rem1,$Zlo,3 - xgr $Zlo,$tmp - ngr $rem1,$x78 - sllg $tmp,$Zhi,60 - j .Lghash_inner -.align 16 -.Lghash_inner: - srlg $Zlo,$Zlo,4 - srlg $Zhi,$Zhi,4 - xg $Zlo,8($nlo,$Htbl) - llgc $xi,0($cnt,$Xi) - xg $Zhi,0($nlo,$Htbl) - sllg $nlo,$xi,4 - xg $Zhi,0($rem0,$rem_4bit) - nill $nlo,0xf0 - sllg $rem0,$Zlo,3 - xgr $Zlo,$tmp - ngr $rem0,$x78 - nill $xi,0xf0 - - sllg $tmp,$Zhi,60 - srlg $Zlo,$Zlo,4 - srlg $Zhi,$Zhi,4 - xg $Zlo,8($nhi,$Htbl) - xg $Zhi,0($nhi,$Htbl) - lgr $nhi,$xi - xg $Zhi,0($rem1,$rem_4bit) - sllg $rem1,$Zlo,3 - xgr $Zlo,$tmp - ngr $rem1,$x78 - sllg $tmp,$Zhi,60 - brct $cnt,.Lghash_inner - - srlg $Zlo,$Zlo,4 - srlg $Zhi,$Zhi,4 - xg $Zlo,8($nlo,$Htbl) - xg $Zhi,0($nlo,$Htbl) - sllg $xi,$Zlo,3 - xg $Zhi,0($rem0,$rem_4bit) - xgr $Zlo,$tmp - ngr $xi,$x78 - - sllg $tmp,$Zhi,60 - srlg $Zlo,$Zlo,4 - srlg $Zhi,$Zhi,4 - xg $Zlo,8($nhi,$Htbl) - xg $Zhi,0($nhi,$Htbl) - xgr $Zlo,$tmp - xg $Zhi,0($rem1,$rem_4bit) - - lg $tmp,0($xi,$rem_4bit) - la $inp,16($inp) - sllg $tmp,$tmp,4 # correct last rem_4bit[rem] - brctg $len,.Louter - - xgr $Zhi,$tmp - stg $Zlo,8+1($Xi) - stg $Zhi,0+1($Xi) - lm${g} %r6,%r14,6*$SIZE_T($sp) - br %r14 -.type gcm_ghash_4bit,\@function -.size gcm_ghash_4bit,(.-gcm_ghash_4bit) - -.align 64 -rem_4bit: - .long `0x0000<<12`,0,`0x1C20<<12`,0,`0x3840<<12`,0,`0x2460<<12`,0 - .long `0x7080<<12`,0,`0x6CA0<<12`,0,`0x48C0<<12`,0,`0x54E0<<12`,0 - .long `0xE100<<12`,0,`0xFD20<<12`,0,`0xD940<<12`,0,`0xC560<<12`,0 - .long `0x9180<<12`,0,`0x8DA0<<12`,0,`0xA9C0<<12`,0,`0xB5E0<<12`,0 -.type rem_4bit,\@object -.size rem_4bit,(.-rem_4bit) -.string "GHASH for s390x, CRYPTOGAMS by " -___ - -$code =~ s/\`([^\`]*)\`/eval $1/gem; -print $code; -close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/modes/asm/ghash-sparcv9.pl b/crypto/modes/asm/ghash-sparcv9.pl deleted file mode 100644 index e35064237f46a6281338999328f4fa5c2f99436b..0000000000000000000000000000000000000000 --- a/crypto/modes/asm/ghash-sparcv9.pl +++ /dev/null @@ -1,583 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2010-2021 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - - -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# ==================================================================== - -# March 2010 -# -# The module implements "4-bit" GCM GHASH function and underlying -# single multiplication operation in GF(2^128). "4-bit" means that it -# uses 256 bytes per-key table [+128 bytes shared table]. Performance -# results are for streamed GHASH subroutine on UltraSPARC pre-Tx CPU -# and are expressed in cycles per processed byte, less is better: -# -# gcc 3.3.x cc 5.2 this assembler -# -# 32-bit build 81.4 43.3 12.6 (+546%/+244%) -# 64-bit build 20.2 21.2 12.6 (+60%/+68%) -# -# Here is data collected on UltraSPARC T1 system running Linux: -# -# gcc 4.4.1 this assembler -# -# 32-bit build 566 50 (+1000%) -# 64-bit build 56 50 (+12%) -# -# I don't quite understand why difference between 32-bit and 64-bit -# compiler-generated code is so big. Compilers *were* instructed to -# generate code for UltraSPARC and should have used 64-bit registers -# for Z vector (see C code) even in 32-bit build... Oh well, it only -# means more impressive improvement coefficients for this assembler -# module;-) Loops are aggressively modulo-scheduled in respect to -# references to input data and Z.hi updates to achieve 12 cycles -# timing. To anchor to something else, sha1-sparcv9.pl spends 11.6 -# cycles to process one byte on UltraSPARC pre-Tx CPU and ~24 on T1. -# -# October 2012 -# -# Add VIS3 lookup-table-free implementation using polynomial -# multiplication xmulx[hi] and extended addition addxc[cc] -# instructions. 4.52/7.63x improvement on T3/T4 or in absolute -# terms 7.90/2.14 cycles per byte. On T4 multi-process benchmark -# saturates at ~15.5x single-process result on 8-core processor, -# or ~20.5GBps per 2.85GHz socket. - -$output=pop and open STDOUT,">$output"; - -$frame="STACK_FRAME"; -$bias="STACK_BIAS"; - -$Zhi="%o0"; # 64-bit values -$Zlo="%o1"; -$Thi="%o2"; -$Tlo="%o3"; -$rem="%o4"; -$tmp="%o5"; - -$nhi="%l0"; # small values and pointers -$nlo="%l1"; -$xi0="%l2"; -$xi1="%l3"; -$rem_4bit="%l4"; -$remi="%l5"; -$Htblo="%l6"; -$cnt="%l7"; - -$Xi="%i0"; # input argument block -$Htbl="%i1"; -$inp="%i2"; -$len="%i3"; - -$code.=<<___; -#ifndef __ASSEMBLER__ -# define __ASSEMBLER__ 1 -#endif -#include "crypto/sparc_arch.h" - -#ifdef __arch64__ -.register %g2,#scratch -.register %g3,#scratch -#endif - -.section ".text",#alloc,#execinstr - -.align 64 -rem_4bit: - .long `0x0000<<16`,0,`0x1C20<<16`,0,`0x3840<<16`,0,`0x2460<<16`,0 - .long `0x7080<<16`,0,`0x6CA0<<16`,0,`0x48C0<<16`,0,`0x54E0<<16`,0 - .long `0xE100<<16`,0,`0xFD20<<16`,0,`0xD940<<16`,0,`0xC560<<16`,0 - .long `0x9180<<16`,0,`0x8DA0<<16`,0,`0xA9C0<<16`,0,`0xB5E0<<16`,0 -.type rem_4bit,#object -.size rem_4bit,(.-rem_4bit) - -.globl gcm_ghash_4bit -.align 32 -gcm_ghash_4bit: - save %sp,-$frame,%sp - ldub [$inp+15],$nlo - ldub [$Xi+15],$xi0 - ldub [$Xi+14],$xi1 - add $len,$inp,$len - add $Htbl,8,$Htblo - -1: call .+8 - add %o7,rem_4bit-1b,$rem_4bit - -.Louter: - xor $xi0,$nlo,$nlo - and $nlo,0xf0,$nhi - and $nlo,0x0f,$nlo - sll $nlo,4,$nlo - ldx [$Htblo+$nlo],$Zlo - ldx [$Htbl+$nlo],$Zhi - - ldub [$inp+14],$nlo - - ldx [$Htblo+$nhi],$Tlo - and $Zlo,0xf,$remi - ldx [$Htbl+$nhi],$Thi - sll $remi,3,$remi - ldx [$rem_4bit+$remi],$rem - srlx $Zlo,4,$Zlo - mov 13,$cnt - sllx $Zhi,60,$tmp - xor $Tlo,$Zlo,$Zlo - srlx $Zhi,4,$Zhi - xor $Zlo,$tmp,$Zlo - - xor $xi1,$nlo,$nlo - and $Zlo,0xf,$remi - and $nlo,0xf0,$nhi - and $nlo,0x0f,$nlo - ba .Lghash_inner - sll $nlo,4,$nlo -.align 32 -.Lghash_inner: - ldx [$Htblo+$nlo],$Tlo - sll $remi,3,$remi - xor $Thi,$Zhi,$Zhi - ldx [$Htbl+$nlo],$Thi - srlx $Zlo,4,$Zlo - xor $rem,$Zhi,$Zhi - ldx [$rem_4bit+$remi],$rem - sllx $Zhi,60,$tmp - xor $Tlo,$Zlo,$Zlo - ldub [$inp+$cnt],$nlo - srlx $Zhi,4,$Zhi - xor $Zlo,$tmp,$Zlo - ldub [$Xi+$cnt],$xi1 - xor $Thi,$Zhi,$Zhi - and $Zlo,0xf,$remi - - ldx [$Htblo+$nhi],$Tlo - sll $remi,3,$remi - xor $rem,$Zhi,$Zhi - ldx [$Htbl+$nhi],$Thi - srlx $Zlo,4,$Zlo - ldx [$rem_4bit+$remi],$rem - sllx $Zhi,60,$tmp - xor $xi1,$nlo,$nlo - srlx $Zhi,4,$Zhi - and $nlo,0xf0,$nhi - addcc $cnt,-1,$cnt - xor $Zlo,$tmp,$Zlo - and $nlo,0x0f,$nlo - xor $Tlo,$Zlo,$Zlo - sll $nlo,4,$nlo - blu .Lghash_inner - and $Zlo,0xf,$remi - - ldx [$Htblo+$nlo],$Tlo - sll $remi,3,$remi - xor $Thi,$Zhi,$Zhi - ldx [$Htbl+$nlo],$Thi - srlx $Zlo,4,$Zlo - xor $rem,$Zhi,$Zhi - ldx [$rem_4bit+$remi],$rem - sllx $Zhi,60,$tmp - xor $Tlo,$Zlo,$Zlo - srlx $Zhi,4,$Zhi - xor $Zlo,$tmp,$Zlo - xor $Thi,$Zhi,$Zhi - - add $inp,16,$inp - cmp $inp,$len - be,pn SIZE_T_CC,.Ldone - and $Zlo,0xf,$remi - - ldx [$Htblo+$nhi],$Tlo - sll $remi,3,$remi - xor $rem,$Zhi,$Zhi - ldx [$Htbl+$nhi],$Thi - srlx $Zlo,4,$Zlo - ldx [$rem_4bit+$remi],$rem - sllx $Zhi,60,$tmp - xor $Tlo,$Zlo,$Zlo - ldub [$inp+15],$nlo - srlx $Zhi,4,$Zhi - xor $Zlo,$tmp,$Zlo - xor $Thi,$Zhi,$Zhi - stx $Zlo,[$Xi+8] - xor $rem,$Zhi,$Zhi - stx $Zhi,[$Xi] - srl $Zlo,8,$xi1 - and $Zlo,0xff,$xi0 - ba .Louter - and $xi1,0xff,$xi1 -.align 32 -.Ldone: - ldx [$Htblo+$nhi],$Tlo - sll $remi,3,$remi - xor $rem,$Zhi,$Zhi - ldx [$Htbl+$nhi],$Thi - srlx $Zlo,4,$Zlo - ldx [$rem_4bit+$remi],$rem - sllx $Zhi,60,$tmp - xor $Tlo,$Zlo,$Zlo - srlx $Zhi,4,$Zhi - xor $Zlo,$tmp,$Zlo - xor $Thi,$Zhi,$Zhi - stx $Zlo,[$Xi+8] - xor $rem,$Zhi,$Zhi - stx $Zhi,[$Xi] - - ret - restore -.type gcm_ghash_4bit,#function -.size gcm_ghash_4bit,(.-gcm_ghash_4bit) -___ - -undef $inp; -undef $len; - -$code.=<<___; -.globl gcm_gmult_4bit -.align 32 -gcm_gmult_4bit: - save %sp,-$frame,%sp - ldub [$Xi+15],$nlo - add $Htbl,8,$Htblo - -1: call .+8 - add %o7,rem_4bit-1b,$rem_4bit - - and $nlo,0xf0,$nhi - and $nlo,0x0f,$nlo - sll $nlo,4,$nlo - ldx [$Htblo+$nlo],$Zlo - ldx [$Htbl+$nlo],$Zhi - - ldub [$Xi+14],$nlo - - ldx [$Htblo+$nhi],$Tlo - and $Zlo,0xf,$remi - ldx [$Htbl+$nhi],$Thi - sll $remi,3,$remi - ldx [$rem_4bit+$remi],$rem - srlx $Zlo,4,$Zlo - mov 13,$cnt - sllx $Zhi,60,$tmp - xor $Tlo,$Zlo,$Zlo - srlx $Zhi,4,$Zhi - xor $Zlo,$tmp,$Zlo - - and $Zlo,0xf,$remi - and $nlo,0xf0,$nhi - and $nlo,0x0f,$nlo - ba .Lgmult_inner - sll $nlo,4,$nlo -.align 32 -.Lgmult_inner: - ldx [$Htblo+$nlo],$Tlo - sll $remi,3,$remi - xor $Thi,$Zhi,$Zhi - ldx [$Htbl+$nlo],$Thi - srlx $Zlo,4,$Zlo - xor $rem,$Zhi,$Zhi - ldx [$rem_4bit+$remi],$rem - sllx $Zhi,60,$tmp - xor $Tlo,$Zlo,$Zlo - ldub [$Xi+$cnt],$nlo - srlx $Zhi,4,$Zhi - xor $Zlo,$tmp,$Zlo - xor $Thi,$Zhi,$Zhi - and $Zlo,0xf,$remi - - ldx [$Htblo+$nhi],$Tlo - sll $remi,3,$remi - xor $rem,$Zhi,$Zhi - ldx [$Htbl+$nhi],$Thi - srlx $Zlo,4,$Zlo - ldx [$rem_4bit+$remi],$rem - sllx $Zhi,60,$tmp - srlx $Zhi,4,$Zhi - and $nlo,0xf0,$nhi - addcc $cnt,-1,$cnt - xor $Zlo,$tmp,$Zlo - and $nlo,0x0f,$nlo - xor $Tlo,$Zlo,$Zlo - sll $nlo,4,$nlo - blu .Lgmult_inner - and $Zlo,0xf,$remi - - ldx [$Htblo+$nlo],$Tlo - sll $remi,3,$remi - xor $Thi,$Zhi,$Zhi - ldx [$Htbl+$nlo],$Thi - srlx $Zlo,4,$Zlo - xor $rem,$Zhi,$Zhi - ldx [$rem_4bit+$remi],$rem - sllx $Zhi,60,$tmp - xor $Tlo,$Zlo,$Zlo - srlx $Zhi,4,$Zhi - xor $Zlo,$tmp,$Zlo - xor $Thi,$Zhi,$Zhi - and $Zlo,0xf,$remi - - ldx [$Htblo+$nhi],$Tlo - sll $remi,3,$remi - xor $rem,$Zhi,$Zhi - ldx [$Htbl+$nhi],$Thi - srlx $Zlo,4,$Zlo - ldx [$rem_4bit+$remi],$rem - sllx $Zhi,60,$tmp - xor $Tlo,$Zlo,$Zlo - srlx $Zhi,4,$Zhi - xor $Zlo,$tmp,$Zlo - xor $Thi,$Zhi,$Zhi - stx $Zlo,[$Xi+8] - xor $rem,$Zhi,$Zhi - stx $Zhi,[$Xi] - - ret - restore -.type gcm_gmult_4bit,#function -.size gcm_gmult_4bit,(.-gcm_gmult_4bit) -___ - -{{{ -# Straightforward 128x128-bit multiplication using Karatsuba algorithm -# followed by pair of 64-bit reductions [with a shortcut in first one, -# which allowed to break dependency between reductions and remove one -# multiplication from critical path]. While it might be suboptimal -# with regard to sheer number of multiplications, other methods [such -# as aggregate reduction] would require more 64-bit registers, which -# we don't have in 32-bit application context. - -($Xip,$Htable,$inp,$len)=map("%i$_",(0..3)); - -($Hhl,$Hlo,$Hhi,$Xlo,$Xhi,$xE1,$sqr, $C0,$C1,$C2,$C3,$V)= - (map("%o$_",(0..5,7)),map("%g$_",(1..5))); - -($shl,$shr)=map("%l$_",(0..7)); - -# For details regarding "twisted H" see ghash-x86.pl. -$code.=<<___; -.globl gcm_init_vis3 -.align 32 -gcm_init_vis3: - save %sp,-$frame,%sp - - ldx [%i1+0],$Hhi - ldx [%i1+8],$Hlo - mov 0xE1,$Xhi - mov 1,$Xlo - sllx $Xhi,57,$Xhi - srax $Hhi,63,$C0 ! broadcast carry - addcc $Hlo,$Hlo,$Hlo ! H<<=1 - addxc $Hhi,$Hhi,$Hhi - and $C0,$Xlo,$Xlo - and $C0,$Xhi,$Xhi - xor $Xlo,$Hlo,$Hlo - xor $Xhi,$Hhi,$Hhi - stx $Hlo,[%i0+8] ! save twisted H - stx $Hhi,[%i0+0] - - sethi %hi(0xA0406080),$V - sethi %hi(0x20C0E000),%l0 - or $V,%lo(0xA0406080),$V - or %l0,%lo(0x20C0E000),%l0 - sllx $V,32,$V - or %l0,$V,$V ! (0xE0·i)&0xff=0xA040608020C0E000 - stx $V,[%i0+16] - - ret - restore -.type gcm_init_vis3,#function -.size gcm_init_vis3,.-gcm_init_vis3 - -.globl gcm_gmult_vis3 -.align 32 -gcm_gmult_vis3: - save %sp,-$frame,%sp - - ldx [$Xip+8],$Xlo ! load Xi - ldx [$Xip+0],$Xhi - ldx [$Htable+8],$Hlo ! load twisted H - ldx [$Htable+0],$Hhi - - mov 0xE1,%l7 - sllx %l7,57,$xE1 ! 57 is not a typo - ldx [$Htable+16],$V ! (0xE0·i)&0xff=0xA040608020C0E000 - - xor $Hhi,$Hlo,$Hhl ! Karatsuba pre-processing - xmulx $Xlo,$Hlo,$C0 - xor $Xlo,$Xhi,$C2 ! Karatsuba pre-processing - xmulx $C2,$Hhl,$C1 - xmulxhi $Xlo,$Hlo,$Xlo - xmulxhi $C2,$Hhl,$C2 - xmulxhi $Xhi,$Hhi,$C3 - xmulx $Xhi,$Hhi,$Xhi - - sll $C0,3,$sqr - srlx $V,$sqr,$sqr ! ·0xE0 [implicit &(7<<3)] - xor $C0,$sqr,$sqr - sllx $sqr,57,$sqr ! ($C0·0xE1)<<1<<56 [implicit &0x7f] - - xor $C0,$C1,$C1 ! Karatsuba post-processing - xor $Xlo,$C2,$C2 - xor $sqr,$Xlo,$Xlo ! real destination is $C1 - xor $C3,$C2,$C2 - xor $Xlo,$C1,$C1 - xor $Xhi,$C2,$C2 - xor $Xhi,$C1,$C1 - - xmulxhi $C0,$xE1,$Xlo ! ·0xE1<<1<<56 - xor $C0,$C2,$C2 - xmulx $C1,$xE1,$C0 - xor $C1,$C3,$C3 - xmulxhi $C1,$xE1,$C1 - - xor $Xlo,$C2,$C2 - xor $C0,$C2,$C2 - xor $C1,$C3,$C3 - - stx $C2,[$Xip+8] ! save Xi - stx $C3,[$Xip+0] - - ret - restore -.type gcm_gmult_vis3,#function -.size gcm_gmult_vis3,.-gcm_gmult_vis3 - -.globl gcm_ghash_vis3 -.align 32 -gcm_ghash_vis3: - save %sp,-$frame,%sp - nop - srln $len,0,$len ! needed on v8+, "nop" on v9 - - ldx [$Xip+8],$C2 ! load Xi - ldx [$Xip+0],$C3 - ldx [$Htable+8],$Hlo ! load twisted H - ldx [$Htable+0],$Hhi - - mov 0xE1,%l7 - sllx %l7,57,$xE1 ! 57 is not a typo - ldx [$Htable+16],$V ! (0xE0·i)&0xff=0xA040608020C0E000 - - and $inp,7,$shl - andn $inp,7,$inp - sll $shl,3,$shl - prefetch [$inp+63], 20 - sub %g0,$shl,$shr - - xor $Hhi,$Hlo,$Hhl ! Karatsuba pre-processing -.Loop: - ldx [$inp+8],$Xlo - brz,pt $shl,1f - ldx [$inp+0],$Xhi - - ldx [$inp+16],$C1 ! align data - srlx $Xlo,$shr,$C0 - sllx $Xlo,$shl,$Xlo - sllx $Xhi,$shl,$Xhi - srlx $C1,$shr,$C1 - or $C0,$Xhi,$Xhi - or $C1,$Xlo,$Xlo -1: - add $inp,16,$inp - sub $len,16,$len - xor $C2,$Xlo,$Xlo - xor $C3,$Xhi,$Xhi - prefetch [$inp+63], 20 - - xmulx $Xlo,$Hlo,$C0 - xor $Xlo,$Xhi,$C2 ! Karatsuba pre-processing - xmulx $C2,$Hhl,$C1 - xmulxhi $Xlo,$Hlo,$Xlo - xmulxhi $C2,$Hhl,$C2 - xmulxhi $Xhi,$Hhi,$C3 - xmulx $Xhi,$Hhi,$Xhi - - sll $C0,3,$sqr - srlx $V,$sqr,$sqr ! ·0xE0 [implicit &(7<<3)] - xor $C0,$sqr,$sqr - sllx $sqr,57,$sqr ! ($C0·0xE1)<<1<<56 [implicit &0x7f] - - xor $C0,$C1,$C1 ! Karatsuba post-processing - xor $Xlo,$C2,$C2 - xor $sqr,$Xlo,$Xlo ! real destination is $C1 - xor $C3,$C2,$C2 - xor $Xlo,$C1,$C1 - xor $Xhi,$C2,$C2 - xor $Xhi,$C1,$C1 - - xmulxhi $C0,$xE1,$Xlo ! ·0xE1<<1<<56 - xor $C0,$C2,$C2 - xmulx $C1,$xE1,$C0 - xor $C1,$C3,$C3 - xmulxhi $C1,$xE1,$C1 - - xor $Xlo,$C2,$C2 - xor $C0,$C2,$C2 - brnz,pt $len,.Loop - xor $C1,$C3,$C3 - - stx $C2,[$Xip+8] ! save Xi - stx $C3,[$Xip+0] - - ret - restore -.type gcm_ghash_vis3,#function -.size gcm_ghash_vis3,.-gcm_ghash_vis3 -___ -}}} -$code.=<<___; -.asciz "GHASH for SPARCv9/VIS3, CRYPTOGAMS by " -.align 4 -___ - - -# Purpose of these subroutines is to explicitly encode VIS instructions, -# so that one can compile the module without having to specify VIS -# extensions on compiler command line, e.g. -xarch=v9 vs. -xarch=v9a. -# Idea is to reserve for option to produce "universal" binary and let -# programmer detect if current CPU is VIS capable at run-time. -sub unvis3 { -my ($mnemonic,$rs1,$rs2,$rd)=@_; -my %bias = ( "g" => 0, "o" => 8, "l" => 16, "i" => 24 ); -my ($ref,$opf); -my %visopf = ( "addxc" => 0x011, - "addxccc" => 0x013, - "xmulx" => 0x115, - "xmulxhi" => 0x116 ); - - $ref = "$mnemonic\t$rs1,$rs2,$rd"; - - if ($opf=$visopf{$mnemonic}) { - foreach ($rs1,$rs2,$rd) { - return $ref if (!/%([goli])([0-9])/); - $_=$bias{$1}+$2; - } - - return sprintf ".word\t0x%08x !%s", - 0x81b00000|$rd<<25|$rs1<<14|$opf<<5|$rs2, - $ref; - } else { - return $ref; - } -} - -foreach (split("\n",$code)) { - s/\`([^\`]*)\`/eval $1/ge; - - s/\b(xmulx[hi]*|addxc[c]{0,2})\s+(%[goli][0-7]),\s*(%[goli][0-7]),\s*(%[goli][0-7])/ - &unvis3($1,$2,$3,$4) - /ge; - - print $_,"\n"; -} - -close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/modes/asm/ghash-x86.pl b/crypto/modes/asm/ghash-x86.pl deleted file mode 100644 index c796107c7f97eb33004b815d15b5021eb15eab91..0000000000000000000000000000000000000000 --- a/crypto/modes/asm/ghash-x86.pl +++ /dev/null @@ -1,1403 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2010-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - -# -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# ==================================================================== -# -# March, May, June 2010 -# -# The module implements "4-bit" GCM GHASH function and underlying -# single multiplication operation in GF(2^128). "4-bit" means that it -# uses 256 bytes per-key table [+64/128 bytes fixed table]. It has two -# code paths: vanilla x86 and vanilla SSE. Former will be executed on -# 486 and Pentium, latter on all others. SSE GHASH features so called -# "528B" variant of "4-bit" method utilizing additional 256+16 bytes -# of per-key storage [+512 bytes shared table]. Performance results -# are for streamed GHASH subroutine and are expressed in cycles per -# processed byte, less is better: -# -# gcc 2.95.3(*) SSE assembler x86 assembler -# -# Pentium 105/111(**) - 50 -# PIII 68 /75 12.2 24 -# P4 125/125 17.8 84(***) -# Opteron 66 /70 10.1 30 -# Core2 54 /67 8.4 18 -# Atom 105/105 16.8 53 -# VIA Nano 69 /71 13.0 27 -# -# (*) gcc 3.4.x was observed to generate few percent slower code, -# which is one of reasons why 2.95.3 results were chosen, -# another reason is lack of 3.4.x results for older CPUs; -# comparison with SSE results is not completely fair, because C -# results are for vanilla "256B" implementation, while -# assembler results are for "528B";-) -# (**) second number is result for code compiled with -fPIC flag, -# which is actually more relevant, because assembler code is -# position-independent; -# (***) see comment in non-MMX routine for further details; -# -# To summarize, it's >2-5 times faster than gcc-generated code. To -# anchor it to something else SHA1 assembler processes one byte in -# ~7 cycles on contemporary x86 cores. As for choice of MMX/SSE -# in particular, see comment at the end of the file... - -# May 2010 -# -# Add PCLMULQDQ version performing at 2.10 cycles per processed byte. -# The question is how close is it to theoretical limit? The pclmulqdq -# instruction latency appears to be 14 cycles and there can't be more -# than 2 of them executing at any given time. This means that single -# Karatsuba multiplication would take 28 cycles *plus* few cycles for -# pre- and post-processing. Then multiplication has to be followed by -# modulo-reduction. Given that aggregated reduction method [see -# "Carry-less Multiplication and Its Usage for Computing the GCM Mode" -# white paper by Intel] allows you to perform reduction only once in -# a while we can assume that asymptotic performance can be estimated -# as (28+Tmod/Naggr)/16, where Tmod is time to perform reduction -# and Naggr is the aggregation factor. -# -# Before we proceed to this implementation let's have closer look at -# the best-performing code suggested by Intel in their white paper. -# By tracing inter-register dependencies Tmod is estimated as ~19 -# cycles and Naggr chosen by Intel is 4, resulting in 2.05 cycles per -# processed byte. As implied, this is quite optimistic estimate, -# because it does not account for Karatsuba pre- and post-processing, -# which for a single multiplication is ~5 cycles. Unfortunately Intel -# does not provide performance data for GHASH alone. But benchmarking -# AES_GCM_encrypt ripped out of Fig. 15 of the white paper with aadt -# alone resulted in 2.46 cycles per byte of out 16KB buffer. Note that -# the result accounts even for pre-computing of degrees of the hash -# key H, but its portion is negligible at 16KB buffer size. -# -# Moving on to the implementation in question. Tmod is estimated as -# ~13 cycles and Naggr is 2, giving asymptotic performance of ... -# 2.16. How is it possible that measured performance is better than -# optimistic theoretical estimate? There is one thing Intel failed -# to recognize. By serializing GHASH with CTR in same subroutine -# former's performance is really limited to above (Tmul + Tmod/Naggr) -# equation. But if GHASH procedure is detached, the modulo-reduction -# can be interleaved with Naggr-1 multiplications at instruction level -# and under ideal conditions even disappear from the equation. So that -# optimistic theoretical estimate for this implementation is ... -# 28/16=1.75, and not 2.16. Well, it's probably way too optimistic, -# at least for such small Naggr. I'd argue that (28+Tproc/Naggr), -# where Tproc is time required for Karatsuba pre- and post-processing, -# is more realistic estimate. In this case it gives ... 1.91 cycles. -# Or in other words, depending on how well we can interleave reduction -# and one of the two multiplications the performance should be between -# 1.91 and 2.16. As already mentioned, this implementation processes -# one byte out of 8KB buffer in 2.10 cycles, while x86_64 counterpart -# - in 2.02. x86_64 performance is better, because larger register -# bank allows to interleave reduction and multiplication better. -# -# Does it make sense to increase Naggr? To start with it's virtually -# impossible in 32-bit mode, because of limited register bank -# capacity. Otherwise improvement has to be weighed against slower -# setup, as well as code size and complexity increase. As even -# optimistic estimate doesn't promise 30% performance improvement, -# there are currently no plans to increase Naggr. -# -# Special thanks to David Woodhouse for providing access to a -# Westmere-based system on behalf of Intel Open Source Technology Centre. - -# January 2010 -# -# Tweaked to optimize transitions between integer and FP operations -# on same XMM register, PCLMULQDQ subroutine was measured to process -# one byte in 2.07 cycles on Sandy Bridge, and in 2.12 - on Westmere. -# The minor regression on Westmere is outweighed by ~15% improvement -# on Sandy Bridge. Strangely enough attempt to modify 64-bit code in -# similar manner resulted in almost 20% degradation on Sandy Bridge, -# where original 64-bit code processes one byte in 1.95 cycles. - -##################################################################### -# For reference, AMD Bulldozer processes one byte in 1.98 cycles in -# 32-bit mode and 1.89 in 64-bit. - -# February 2013 -# -# Overhaul: aggregate Karatsuba post-processing, improve ILP in -# reduction_alg9. Resulting performance is 1.96 cycles per byte on -# Westmere, 1.95 - on Sandy/Ivy Bridge, 1.76 - on Bulldozer. - -$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; -push(@INC,"${dir}","${dir}../../perlasm"); -require "x86asm.pl"; - -$output=pop and open STDOUT,">$output"; - -&asm_init($ARGV[0],$x86only = $ARGV[$#ARGV] eq "386"); - -$sse2=0; -for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); } - -($Zhh,$Zhl,$Zlh,$Zll) = ("ebp","edx","ecx","ebx"); -$inp = "edi"; -$Htbl = "esi"; - -$unroll = 0; # Affects x86 loop. Folded loop performs ~7% worse - # than unrolled, which has to be weighted against - # 2.5x x86-specific code size reduction. - -sub x86_loop { - my $off = shift; - my $rem = "eax"; - - &mov ($Zhh,&DWP(4,$Htbl,$Zll)); - &mov ($Zhl,&DWP(0,$Htbl,$Zll)); - &mov ($Zlh,&DWP(12,$Htbl,$Zll)); - &mov ($Zll,&DWP(8,$Htbl,$Zll)); - &xor ($rem,$rem); # avoid partial register stalls on PIII - - # shrd practically kills P4, 2.5x deterioration, but P4 has - # MMX code-path to execute. shrd runs tad faster [than twice - # the shifts, move's and or's] on pre-MMX Pentium (as well as - # PIII and Core2), *but* minimizes code size, spares register - # and thus allows to fold the loop... - if (!$unroll) { - my $cnt = $inp; - &mov ($cnt,15); - &jmp (&label("x86_loop")); - &set_label("x86_loop",16); - for($i=1;$i<=2;$i++) { - &mov (&LB($rem),&LB($Zll)); - &shrd ($Zll,$Zlh,4); - &and (&LB($rem),0xf); - &shrd ($Zlh,$Zhl,4); - &shrd ($Zhl,$Zhh,4); - &shr ($Zhh,4); - &xor ($Zhh,&DWP($off+16,"esp",$rem,4)); - - &mov (&LB($rem),&BP($off,"esp",$cnt)); - if ($i&1) { - &and (&LB($rem),0xf0); - } else { - &shl (&LB($rem),4); - } - - &xor ($Zll,&DWP(8,$Htbl,$rem)); - &xor ($Zlh,&DWP(12,$Htbl,$rem)); - &xor ($Zhl,&DWP(0,$Htbl,$rem)); - &xor ($Zhh,&DWP(4,$Htbl,$rem)); - - if ($i&1) { - &dec ($cnt); - &js (&label("x86_break")); - } else { - &jmp (&label("x86_loop")); - } - } - &set_label("x86_break",16); - } else { - for($i=1;$i<32;$i++) { - &comment($i); - &mov (&LB($rem),&LB($Zll)); - &shrd ($Zll,$Zlh,4); - &and (&LB($rem),0xf); - &shrd ($Zlh,$Zhl,4); - &shrd ($Zhl,$Zhh,4); - &shr ($Zhh,4); - &xor ($Zhh,&DWP($off+16,"esp",$rem,4)); - - if ($i&1) { - &mov (&LB($rem),&BP($off+15-($i>>1),"esp")); - &and (&LB($rem),0xf0); - } else { - &mov (&LB($rem),&BP($off+15-($i>>1),"esp")); - &shl (&LB($rem),4); - } - - &xor ($Zll,&DWP(8,$Htbl,$rem)); - &xor ($Zlh,&DWP(12,$Htbl,$rem)); - &xor ($Zhl,&DWP(0,$Htbl,$rem)); - &xor ($Zhh,&DWP(4,$Htbl,$rem)); - } - } - &bswap ($Zll); - &bswap ($Zlh); - &bswap ($Zhl); - if (!$x86only) { - &bswap ($Zhh); - } else { - &mov ("eax",$Zhh); - &bswap ("eax"); - &mov ($Zhh,"eax"); - } -} - -if ($unroll) { - &function_begin_B("_x86_gmult_4bit_inner"); - &x86_loop(4); - &ret (); - &function_end_B("_x86_gmult_4bit_inner"); -} - -sub deposit_rem_4bit { - my $bias = shift; - - &mov (&DWP($bias+0, "esp"),0x0000<<16); - &mov (&DWP($bias+4, "esp"),0x1C20<<16); - &mov (&DWP($bias+8, "esp"),0x3840<<16); - &mov (&DWP($bias+12,"esp"),0x2460<<16); - &mov (&DWP($bias+16,"esp"),0x7080<<16); - &mov (&DWP($bias+20,"esp"),0x6CA0<<16); - &mov (&DWP($bias+24,"esp"),0x48C0<<16); - &mov (&DWP($bias+28,"esp"),0x54E0<<16); - &mov (&DWP($bias+32,"esp"),0xE100<<16); - &mov (&DWP($bias+36,"esp"),0xFD20<<16); - &mov (&DWP($bias+40,"esp"),0xD940<<16); - &mov (&DWP($bias+44,"esp"),0xC560<<16); - &mov (&DWP($bias+48,"esp"),0x9180<<16); - &mov (&DWP($bias+52,"esp"),0x8DA0<<16); - &mov (&DWP($bias+56,"esp"),0xA9C0<<16); - &mov (&DWP($bias+60,"esp"),0xB5E0<<16); -} - -$suffix = $x86only ? "" : "_x86"; - -&function_begin("gcm_gmult_4bit".$suffix); - &stack_push(16+4+1); # +1 for stack alignment - &mov ($inp,&wparam(0)); # load Xi - &mov ($Htbl,&wparam(1)); # load Htable - - &mov ($Zhh,&DWP(0,$inp)); # load Xi[16] - &mov ($Zhl,&DWP(4,$inp)); - &mov ($Zlh,&DWP(8,$inp)); - &mov ($Zll,&DWP(12,$inp)); - - &deposit_rem_4bit(16); - - &mov (&DWP(0,"esp"),$Zhh); # copy Xi[16] on stack - &mov (&DWP(4,"esp"),$Zhl); - &mov (&DWP(8,"esp"),$Zlh); - &mov (&DWP(12,"esp"),$Zll); - &shr ($Zll,20); - &and ($Zll,0xf0); - - if ($unroll) { - &call ("_x86_gmult_4bit_inner"); - } else { - &x86_loop(0); - &mov ($inp,&wparam(0)); - } - - &mov (&DWP(12,$inp),$Zll); - &mov (&DWP(8,$inp),$Zlh); - &mov (&DWP(4,$inp),$Zhl); - &mov (&DWP(0,$inp),$Zhh); - &stack_pop(16+4+1); -&function_end("gcm_gmult_4bit".$suffix); - -&function_begin("gcm_ghash_4bit".$suffix); - &stack_push(16+4+1); # +1 for 64-bit alignment - &mov ($Zll,&wparam(0)); # load Xi - &mov ($Htbl,&wparam(1)); # load Htable - &mov ($inp,&wparam(2)); # load in - &mov ("ecx",&wparam(3)); # load len - &add ("ecx",$inp); - &mov (&wparam(3),"ecx"); - - &mov ($Zhh,&DWP(0,$Zll)); # load Xi[16] - &mov ($Zhl,&DWP(4,$Zll)); - &mov ($Zlh,&DWP(8,$Zll)); - &mov ($Zll,&DWP(12,$Zll)); - - &deposit_rem_4bit(16); - - &set_label("x86_outer_loop",16); - &xor ($Zll,&DWP(12,$inp)); # xor with input - &xor ($Zlh,&DWP(8,$inp)); - &xor ($Zhl,&DWP(4,$inp)); - &xor ($Zhh,&DWP(0,$inp)); - &mov (&DWP(12,"esp"),$Zll); # dump it on stack - &mov (&DWP(8,"esp"),$Zlh); - &mov (&DWP(4,"esp"),$Zhl); - &mov (&DWP(0,"esp"),$Zhh); - - &shr ($Zll,20); - &and ($Zll,0xf0); - - if ($unroll) { - &call ("_x86_gmult_4bit_inner"); - } else { - &x86_loop(0); - &mov ($inp,&wparam(2)); - } - &lea ($inp,&DWP(16,$inp)); - &cmp ($inp,&wparam(3)); - &mov (&wparam(2),$inp) if (!$unroll); - &jb (&label("x86_outer_loop")); - - &mov ($inp,&wparam(0)); # load Xi - &mov (&DWP(12,$inp),$Zll); - &mov (&DWP(8,$inp),$Zlh); - &mov (&DWP(4,$inp),$Zhl); - &mov (&DWP(0,$inp),$Zhh); - &stack_pop(16+4+1); -&function_end("gcm_ghash_4bit".$suffix); - -if (!$x86only) {{{ - -&static_label("rem_4bit"); - -if (!$sse2) {{ # pure-MMX "May" version... - -$S=12; # shift factor for rem_4bit - -&function_begin_B("_mmx_gmult_4bit_inner"); -# MMX version performs 3.5 times better on P4 (see comment in non-MMX -# routine for further details), 100% better on Opteron, ~70% better -# on Core2 and PIII... In other words effort is considered to be well -# spent... Since initial release the loop was unrolled in order to -# "liberate" register previously used as loop counter. Instead it's -# used to optimize critical path in 'Z.hi ^= rem_4bit[Z.lo&0xf]'. -# The path involves move of Z.lo from MMX to integer register, -# effective address calculation and finally merge of value to Z.hi. -# Reference to rem_4bit is scheduled so late that I had to >>4 -# rem_4bit elements. This resulted in 20-45% procent improvement -# on contemporary µ-archs. -{ - my $cnt; - my $rem_4bit = "eax"; - my @rem = ($Zhh,$Zll); - my $nhi = $Zhl; - my $nlo = $Zlh; - - my ($Zlo,$Zhi) = ("mm0","mm1"); - my $tmp = "mm2"; - - &xor ($nlo,$nlo); # avoid partial register stalls on PIII - &mov ($nhi,$Zll); - &mov (&LB($nlo),&LB($nhi)); - &shl (&LB($nlo),4); - &and ($nhi,0xf0); - &movq ($Zlo,&QWP(8,$Htbl,$nlo)); - &movq ($Zhi,&QWP(0,$Htbl,$nlo)); - &movd ($rem[0],$Zlo); - - for ($cnt=28;$cnt>=-2;$cnt--) { - my $odd = $cnt&1; - my $nix = $odd ? $nlo : $nhi; - - &shl (&LB($nlo),4) if ($odd); - &psrlq ($Zlo,4); - &movq ($tmp,$Zhi); - &psrlq ($Zhi,4); - &pxor ($Zlo,&QWP(8,$Htbl,$nix)); - &mov (&LB($nlo),&BP($cnt/2,$inp)) if (!$odd && $cnt>=0); - &psllq ($tmp,60); - &and ($nhi,0xf0) if ($odd); - &pxor ($Zhi,&QWP(0,$rem_4bit,$rem[1],8)) if ($cnt<28); - &and ($rem[0],0xf); - &pxor ($Zhi,&QWP(0,$Htbl,$nix)); - &mov ($nhi,$nlo) if (!$odd && $cnt>=0); - &movd ($rem[1],$Zlo); - &pxor ($Zlo,$tmp); - - push (@rem,shift(@rem)); # "rotate" registers - } - - &mov ($inp,&DWP(4,$rem_4bit,$rem[1],8)); # last rem_4bit[rem] - - &psrlq ($Zlo,32); # lower part of Zlo is already there - &movd ($Zhl,$Zhi); - &psrlq ($Zhi,32); - &movd ($Zlh,$Zlo); - &movd ($Zhh,$Zhi); - &shl ($inp,4); # compensate for rem_4bit[i] being >>4 - - &bswap ($Zll); - &bswap ($Zhl); - &bswap ($Zlh); - &xor ($Zhh,$inp); - &bswap ($Zhh); - - &ret (); -} -&function_end_B("_mmx_gmult_4bit_inner"); - -&function_begin("gcm_gmult_4bit_mmx"); - &mov ($inp,&wparam(0)); # load Xi - &mov ($Htbl,&wparam(1)); # load Htable - - &call (&label("pic_point")); - &set_label("pic_point"); - &blindpop("eax"); - &lea ("eax",&DWP(&label("rem_4bit")."-".&label("pic_point"),"eax")); - - &movz ($Zll,&BP(15,$inp)); - - &call ("_mmx_gmult_4bit_inner"); - - &mov ($inp,&wparam(0)); # load Xi - &emms (); - &mov (&DWP(12,$inp),$Zll); - &mov (&DWP(4,$inp),$Zhl); - &mov (&DWP(8,$inp),$Zlh); - &mov (&DWP(0,$inp),$Zhh); -&function_end("gcm_gmult_4bit_mmx"); - -# Streamed version performs 20% better on P4, 7% on Opteron, -# 10% on Core2 and PIII... -&function_begin("gcm_ghash_4bit_mmx"); - &mov ($Zhh,&wparam(0)); # load Xi - &mov ($Htbl,&wparam(1)); # load Htable - &mov ($inp,&wparam(2)); # load in - &mov ($Zlh,&wparam(3)); # load len - - &call (&label("pic_point")); - &set_label("pic_point"); - &blindpop("eax"); - &lea ("eax",&DWP(&label("rem_4bit")."-".&label("pic_point"),"eax")); - - &add ($Zlh,$inp); - &mov (&wparam(3),$Zlh); # len to point at the end of input - &stack_push(4+1); # +1 for stack alignment - - &mov ($Zll,&DWP(12,$Zhh)); # load Xi[16] - &mov ($Zhl,&DWP(4,$Zhh)); - &mov ($Zlh,&DWP(8,$Zhh)); - &mov ($Zhh,&DWP(0,$Zhh)); - &jmp (&label("mmx_outer_loop")); - - &set_label("mmx_outer_loop",16); - &xor ($Zll,&DWP(12,$inp)); - &xor ($Zhl,&DWP(4,$inp)); - &xor ($Zlh,&DWP(8,$inp)); - &xor ($Zhh,&DWP(0,$inp)); - &mov (&wparam(2),$inp); - &mov (&DWP(12,"esp"),$Zll); - &mov (&DWP(4,"esp"),$Zhl); - &mov (&DWP(8,"esp"),$Zlh); - &mov (&DWP(0,"esp"),$Zhh); - - &mov ($inp,"esp"); - &shr ($Zll,24); - - &call ("_mmx_gmult_4bit_inner"); - - &mov ($inp,&wparam(2)); - &lea ($inp,&DWP(16,$inp)); - &cmp ($inp,&wparam(3)); - &jb (&label("mmx_outer_loop")); - - &mov ($inp,&wparam(0)); # load Xi - &emms (); - &mov (&DWP(12,$inp),$Zll); - &mov (&DWP(4,$inp),$Zhl); - &mov (&DWP(8,$inp),$Zlh); - &mov (&DWP(0,$inp),$Zhh); - - &stack_pop(4+1); -&function_end("gcm_ghash_4bit_mmx"); - -}} else {{ # "June" MMX version... - # ... has slower "April" gcm_gmult_4bit_mmx with folded - # loop. This is done to conserve code size... -$S=16; # shift factor for rem_4bit - -sub mmx_loop() { -# MMX version performs 2.8 times better on P4 (see comment in non-MMX -# routine for further details), 40% better on Opteron and Core2, 50% -# better on PIII... In other words effort is considered to be well -# spent... - my $inp = shift; - my $rem_4bit = shift; - my $cnt = $Zhh; - my $nhi = $Zhl; - my $nlo = $Zlh; - my $rem = $Zll; - - my ($Zlo,$Zhi) = ("mm0","mm1"); - my $tmp = "mm2"; - - &xor ($nlo,$nlo); # avoid partial register stalls on PIII - &mov ($nhi,$Zll); - &mov (&LB($nlo),&LB($nhi)); - &mov ($cnt,14); - &shl (&LB($nlo),4); - &and ($nhi,0xf0); - &movq ($Zlo,&QWP(8,$Htbl,$nlo)); - &movq ($Zhi,&QWP(0,$Htbl,$nlo)); - &movd ($rem,$Zlo); - &jmp (&label("mmx_loop")); - - &set_label("mmx_loop",16); - &psrlq ($Zlo,4); - &and ($rem,0xf); - &movq ($tmp,$Zhi); - &psrlq ($Zhi,4); - &pxor ($Zlo,&QWP(8,$Htbl,$nhi)); - &mov (&LB($nlo),&BP(0,$inp,$cnt)); - &psllq ($tmp,60); - &pxor ($Zhi,&QWP(0,$rem_4bit,$rem,8)); - &dec ($cnt); - &movd ($rem,$Zlo); - &pxor ($Zhi,&QWP(0,$Htbl,$nhi)); - &mov ($nhi,$nlo); - &pxor ($Zlo,$tmp); - &js (&label("mmx_break")); - - &shl (&LB($nlo),4); - &and ($rem,0xf); - &psrlq ($Zlo,4); - &and ($nhi,0xf0); - &movq ($tmp,$Zhi); - &psrlq ($Zhi,4); - &pxor ($Zlo,&QWP(8,$Htbl,$nlo)); - &psllq ($tmp,60); - &pxor ($Zhi,&QWP(0,$rem_4bit,$rem,8)); - &movd ($rem,$Zlo); - &pxor ($Zhi,&QWP(0,$Htbl,$nlo)); - &pxor ($Zlo,$tmp); - &jmp (&label("mmx_loop")); - - &set_label("mmx_break",16); - &shl (&LB($nlo),4); - &and ($rem,0xf); - &psrlq ($Zlo,4); - &and ($nhi,0xf0); - &movq ($tmp,$Zhi); - &psrlq ($Zhi,4); - &pxor ($Zlo,&QWP(8,$Htbl,$nlo)); - &psllq ($tmp,60); - &pxor ($Zhi,&QWP(0,$rem_4bit,$rem,8)); - &movd ($rem,$Zlo); - &pxor ($Zhi,&QWP(0,$Htbl,$nlo)); - &pxor ($Zlo,$tmp); - - &psrlq ($Zlo,4); - &and ($rem,0xf); - &movq ($tmp,$Zhi); - &psrlq ($Zhi,4); - &pxor ($Zlo,&QWP(8,$Htbl,$nhi)); - &psllq ($tmp,60); - &pxor ($Zhi,&QWP(0,$rem_4bit,$rem,8)); - &movd ($rem,$Zlo); - &pxor ($Zhi,&QWP(0,$Htbl,$nhi)); - &pxor ($Zlo,$tmp); - - &psrlq ($Zlo,32); # lower part of Zlo is already there - &movd ($Zhl,$Zhi); - &psrlq ($Zhi,32); - &movd ($Zlh,$Zlo); - &movd ($Zhh,$Zhi); - - &bswap ($Zll); - &bswap ($Zhl); - &bswap ($Zlh); - &bswap ($Zhh); -} - -&function_begin("gcm_gmult_4bit_mmx"); - &mov ($inp,&wparam(0)); # load Xi - &mov ($Htbl,&wparam(1)); # load Htable - - &call (&label("pic_point")); - &set_label("pic_point"); - &blindpop("eax"); - &lea ("eax",&DWP(&label("rem_4bit")."-".&label("pic_point"),"eax")); - - &movz ($Zll,&BP(15,$inp)); - - &mmx_loop($inp,"eax"); - - &emms (); - &mov (&DWP(12,$inp),$Zll); - &mov (&DWP(4,$inp),$Zhl); - &mov (&DWP(8,$inp),$Zlh); - &mov (&DWP(0,$inp),$Zhh); -&function_end("gcm_gmult_4bit_mmx"); - -###################################################################### -# Below subroutine is "528B" variant of "4-bit" GCM GHASH function -# (see gcm128.c for details). It provides further 20-40% performance -# improvement over above mentioned "May" version. - -&static_label("rem_8bit"); - -&function_begin("gcm_ghash_4bit_mmx"); -{ my ($Zlo,$Zhi) = ("mm7","mm6"); - my $rem_8bit = "esi"; - my $Htbl = "ebx"; - - # parameter block - &mov ("eax",&wparam(0)); # Xi - &mov ("ebx",&wparam(1)); # Htable - &mov ("ecx",&wparam(2)); # inp - &mov ("edx",&wparam(3)); # len - &mov ("ebp","esp"); # original %esp - &call (&label("pic_point")); - &set_label ("pic_point"); - &blindpop ($rem_8bit); - &lea ($rem_8bit,&DWP(&label("rem_8bit")."-".&label("pic_point"),$rem_8bit)); - - &sub ("esp",512+16+16); # allocate stack frame... - &and ("esp",-64); # ...and align it - &sub ("esp",16); # place for (u8)(H[]<<4) - - &add ("edx","ecx"); # pointer to the end of input - &mov (&DWP(528+16+0,"esp"),"eax"); # save Xi - &mov (&DWP(528+16+8,"esp"),"edx"); # save inp+len - &mov (&DWP(528+16+12,"esp"),"ebp"); # save original %esp - - { my @lo = ("mm0","mm1","mm2"); - my @hi = ("mm3","mm4","mm5"); - my @tmp = ("mm6","mm7"); - my ($off1,$off2,$i) = (0,0,); - - &add ($Htbl,128); # optimize for size - &lea ("edi",&DWP(16+128,"esp")); - &lea ("ebp",&DWP(16+256+128,"esp")); - - # decompose Htable (low and high parts are kept separately), - # generate Htable[]>>4, (u8)(Htable[]<<4), save to stack... - for ($i=0;$i<18;$i++) { - - &mov ("edx",&DWP(16*$i+8-128,$Htbl)) if ($i<16); - &movq ($lo[0],&QWP(16*$i+8-128,$Htbl)) if ($i<16); - &psllq ($tmp[1],60) if ($i>1); - &movq ($hi[0],&QWP(16*$i+0-128,$Htbl)) if ($i<16); - &por ($lo[2],$tmp[1]) if ($i>1); - &movq (&QWP($off1-128,"edi"),$lo[1]) if ($i>0 && $i<17); - &psrlq ($lo[1],4) if ($i>0 && $i<17); - &movq (&QWP($off1,"edi"),$hi[1]) if ($i>0 && $i<17); - &movq ($tmp[0],$hi[1]) if ($i>0 && $i<17); - &movq (&QWP($off2-128,"ebp"),$lo[2]) if ($i>1); - &psrlq ($hi[1],4) if ($i>0 && $i<17); - &movq (&QWP($off2,"ebp"),$hi[2]) if ($i>1); - &shl ("edx",4) if ($i<16); - &mov (&BP($i,"esp"),&LB("edx")) if ($i<16); - - unshift (@lo,pop(@lo)); # "rotate" registers - unshift (@hi,pop(@hi)); - unshift (@tmp,pop(@tmp)); - $off1 += 8 if ($i>0); - $off2 += 8 if ($i>1); - } - } - - &movq ($Zhi,&QWP(0,"eax")); - &mov ("ebx",&DWP(8,"eax")); - &mov ("edx",&DWP(12,"eax")); # load Xi - -&set_label("outer",16); - { my $nlo = "eax"; - my $dat = "edx"; - my @nhi = ("edi","ebp"); - my @rem = ("ebx","ecx"); - my @red = ("mm0","mm1","mm2"); - my $tmp = "mm3"; - - &xor ($dat,&DWP(12,"ecx")); # merge input data - &xor ("ebx",&DWP(8,"ecx")); - &pxor ($Zhi,&QWP(0,"ecx")); - &lea ("ecx",&DWP(16,"ecx")); # inp+=16 - #&mov (&DWP(528+12,"esp"),$dat); # save inp^Xi - &mov (&DWP(528+8,"esp"),"ebx"); - &movq (&QWP(528+0,"esp"),$Zhi); - &mov (&DWP(528+16+4,"esp"),"ecx"); # save inp - - &xor ($nlo,$nlo); - &rol ($dat,8); - &mov (&LB($nlo),&LB($dat)); - &mov ($nhi[1],$nlo); - &and (&LB($nlo),0x0f); - &shr ($nhi[1],4); - &pxor ($red[0],$red[0]); - &rol ($dat,8); # next byte - &pxor ($red[1],$red[1]); - &pxor ($red[2],$red[2]); - - # Just like in "May" version modulo-schedule for critical path in - # 'Z.hi ^= rem_8bit[Z.lo&0xff^((u8)H[nhi]<<4)]<<48'. Final 'pxor' - # is scheduled so late that rem_8bit[] has to be shifted *right* - # by 16, which is why last argument to pinsrw is 2, which - # corresponds to <<32=<<48>>16... - for ($j=11,$i=0;$i<15;$i++) { - - if ($i>0) { - &pxor ($Zlo,&QWP(16,"esp",$nlo,8)); # Z^=H[nlo] - &rol ($dat,8); # next byte - &pxor ($Zhi,&QWP(16+128,"esp",$nlo,8)); - - &pxor ($Zlo,$tmp); - &pxor ($Zhi,&QWP(16+256+128,"esp",$nhi[0],8)); - &xor (&LB($rem[1]),&BP(0,"esp",$nhi[0])); # rem^(H[nhi]<<4) - } else { - &movq ($Zlo,&QWP(16,"esp",$nlo,8)); - &movq ($Zhi,&QWP(16+128,"esp",$nlo,8)); - } - - &mov (&LB($nlo),&LB($dat)); - &mov ($dat,&DWP(528+$j,"esp")) if (--$j%4==0); - - &movd ($rem[0],$Zlo); - &movz ($rem[1],&LB($rem[1])) if ($i>0); - &psrlq ($Zlo,8); # Z>>=8 - - &movq ($tmp,$Zhi); - &mov ($nhi[0],$nlo); - &psrlq ($Zhi,8); - - &pxor ($Zlo,&QWP(16+256+0,"esp",$nhi[1],8)); # Z^=H[nhi]>>4 - &and (&LB($nlo),0x0f); - &psllq ($tmp,56); - - &pxor ($Zhi,$red[1]) if ($i>1); - &shr ($nhi[0],4); - &pinsrw ($red[0],&WP(0,$rem_8bit,$rem[1],2),2) if ($i>0); - - unshift (@red,pop(@red)); # "rotate" registers - unshift (@rem,pop(@rem)); - unshift (@nhi,pop(@nhi)); - } - - &pxor ($Zlo,&QWP(16,"esp",$nlo,8)); # Z^=H[nlo] - &pxor ($Zhi,&QWP(16+128,"esp",$nlo,8)); - &xor (&LB($rem[1]),&BP(0,"esp",$nhi[0])); # rem^(H[nhi]<<4) - - &pxor ($Zlo,$tmp); - &pxor ($Zhi,&QWP(16+256+128,"esp",$nhi[0],8)); - &movz ($rem[1],&LB($rem[1])); - - &pxor ($red[2],$red[2]); # clear 2nd word - &psllq ($red[1],4); - - &movd ($rem[0],$Zlo); - &psrlq ($Zlo,4); # Z>>=4 - - &movq ($tmp,$Zhi); - &psrlq ($Zhi,4); - &shl ($rem[0],4); # rem<<4 - - &pxor ($Zlo,&QWP(16,"esp",$nhi[1],8)); # Z^=H[nhi] - &psllq ($tmp,60); - &movz ($rem[0],&LB($rem[0])); - - &pxor ($Zlo,$tmp); - &pxor ($Zhi,&QWP(16+128,"esp",$nhi[1],8)); - - &pinsrw ($red[0],&WP(0,$rem_8bit,$rem[1],2),2); - &pxor ($Zhi,$red[1]); - - &movd ($dat,$Zlo); - &pinsrw ($red[2],&WP(0,$rem_8bit,$rem[0],2),3); # last is <<48 - - &psllq ($red[0],12); # correct by <<16>>4 - &pxor ($Zhi,$red[0]); - &psrlq ($Zlo,32); - &pxor ($Zhi,$red[2]); - - &mov ("ecx",&DWP(528+16+4,"esp")); # restore inp - &movd ("ebx",$Zlo); - &movq ($tmp,$Zhi); # 01234567 - &psllw ($Zhi,8); # 1.3.5.7. - &psrlw ($tmp,8); # .0.2.4.6 - &por ($Zhi,$tmp); # 10325476 - &bswap ($dat); - &pshufw ($Zhi,$Zhi,0b00011011); # 76543210 - &bswap ("ebx"); - - &cmp ("ecx",&DWP(528+16+8,"esp")); # are we done? - &jne (&label("outer")); - } - - &mov ("eax",&DWP(528+16+0,"esp")); # restore Xi - &mov (&DWP(12,"eax"),"edx"); - &mov (&DWP(8,"eax"),"ebx"); - &movq (&QWP(0,"eax"),$Zhi); - - &mov ("esp",&DWP(528+16+12,"esp")); # restore original %esp - &emms (); -} -&function_end("gcm_ghash_4bit_mmx"); -}} - -if ($sse2) {{ -###################################################################### -# PCLMULQDQ version. - -$Xip="eax"; -$Htbl="edx"; -$const="ecx"; -$inp="esi"; -$len="ebx"; - -($Xi,$Xhi)=("xmm0","xmm1"); $Hkey="xmm2"; -($T1,$T2,$T3)=("xmm3","xmm4","xmm5"); -($Xn,$Xhn)=("xmm6","xmm7"); - -&static_label("bswap"); - -sub clmul64x64_T2 { # minimal "register" pressure -my ($Xhi,$Xi,$Hkey,$HK)=@_; - - &movdqa ($Xhi,$Xi); # - &pshufd ($T1,$Xi,0b01001110); - &pshufd ($T2,$Hkey,0b01001110) if (!defined($HK)); - &pxor ($T1,$Xi); # - &pxor ($T2,$Hkey) if (!defined($HK)); - $HK=$T2 if (!defined($HK)); - - &pclmulqdq ($Xi,$Hkey,0x00); ####### - &pclmulqdq ($Xhi,$Hkey,0x11); ####### - &pclmulqdq ($T1,$HK,0x00); ####### - &xorps ($T1,$Xi); # - &xorps ($T1,$Xhi); # - - &movdqa ($T2,$T1); # - &psrldq ($T1,8); - &pslldq ($T2,8); # - &pxor ($Xhi,$T1); - &pxor ($Xi,$T2); # -} - -sub clmul64x64_T3 { -# Even though this subroutine offers visually better ILP, it -# was empirically found to be a tad slower than above version. -# At least in gcm_ghash_clmul context. But it's just as well, -# because loop modulo-scheduling is possible only thanks to -# minimized "register" pressure... -my ($Xhi,$Xi,$Hkey)=@_; - - &movdqa ($T1,$Xi); # - &movdqa ($Xhi,$Xi); - &pclmulqdq ($Xi,$Hkey,0x00); ####### - &pclmulqdq ($Xhi,$Hkey,0x11); ####### - &pshufd ($T2,$T1,0b01001110); # - &pshufd ($T3,$Hkey,0b01001110); - &pxor ($T2,$T1); # - &pxor ($T3,$Hkey); - &pclmulqdq ($T2,$T3,0x00); ####### - &pxor ($T2,$Xi); # - &pxor ($T2,$Xhi); # - - &movdqa ($T3,$T2); # - &psrldq ($T2,8); - &pslldq ($T3,8); # - &pxor ($Xhi,$T2); - &pxor ($Xi,$T3); # -} - -if (1) { # Algorithm 9 with <<1 twist. - # Reduction is shorter and uses only two - # temporary registers, which makes it better - # candidate for interleaving with 64x64 - # multiplication. Pre-modulo-scheduled loop - # was found to be ~20% faster than Algorithm 5 - # below. Algorithm 9 was therefore chosen for - # further optimization... - -sub reduction_alg9 { # 17/11 times faster than Intel version -my ($Xhi,$Xi) = @_; - - # 1st phase - &movdqa ($T2,$Xi); # - &movdqa ($T1,$Xi); - &psllq ($Xi,5); - &pxor ($T1,$Xi); # - &psllq ($Xi,1); - &pxor ($Xi,$T1); # - &psllq ($Xi,57); # - &movdqa ($T1,$Xi); # - &pslldq ($Xi,8); - &psrldq ($T1,8); # - &pxor ($Xi,$T2); - &pxor ($Xhi,$T1); # - - # 2nd phase - &movdqa ($T2,$Xi); - &psrlq ($Xi,1); - &pxor ($Xhi,$T2); # - &pxor ($T2,$Xi); - &psrlq ($Xi,5); - &pxor ($Xi,$T2); # - &psrlq ($Xi,1); # - &pxor ($Xi,$Xhi) # -} - -&function_begin_B("gcm_init_clmul"); - &mov ($Htbl,&wparam(0)); - &mov ($Xip,&wparam(1)); - - &call (&label("pic")); -&set_label("pic"); - &blindpop ($const); - &lea ($const,&DWP(&label("bswap")."-".&label("pic"),$const)); - - &movdqu ($Hkey,&QWP(0,$Xip)); - &pshufd ($Hkey,$Hkey,0b01001110);# dword swap - - # <<1 twist - &pshufd ($T2,$Hkey,0b11111111); # broadcast uppermost dword - &movdqa ($T1,$Hkey); - &psllq ($Hkey,1); - &pxor ($T3,$T3); # - &psrlq ($T1,63); - &pcmpgtd ($T3,$T2); # broadcast carry bit - &pslldq ($T1,8); - &por ($Hkey,$T1); # H<<=1 - - # magic reduction - &pand ($T3,&QWP(16,$const)); # 0x1c2_polynomial - &pxor ($Hkey,$T3); # if(carry) H^=0x1c2_polynomial - - # calculate H^2 - &movdqa ($Xi,$Hkey); - &clmul64x64_T2 ($Xhi,$Xi,$Hkey); - &reduction_alg9 ($Xhi,$Xi); - - &pshufd ($T1,$Hkey,0b01001110); - &pshufd ($T2,$Xi,0b01001110); - &pxor ($T1,$Hkey); # Karatsuba pre-processing - &movdqu (&QWP(0,$Htbl),$Hkey); # save H - &pxor ($T2,$Xi); # Karatsuba pre-processing - &movdqu (&QWP(16,$Htbl),$Xi); # save H^2 - &palignr ($T2,$T1,8); # low part is H.lo^H.hi - &movdqu (&QWP(32,$Htbl),$T2); # save Karatsuba "salt" - - &ret (); -&function_end_B("gcm_init_clmul"); - -&function_begin_B("gcm_gmult_clmul"); - &mov ($Xip,&wparam(0)); - &mov ($Htbl,&wparam(1)); - - &call (&label("pic")); -&set_label("pic"); - &blindpop ($const); - &lea ($const,&DWP(&label("bswap")."-".&label("pic"),$const)); - - &movdqu ($Xi,&QWP(0,$Xip)); - &movdqa ($T3,&QWP(0,$const)); - &movups ($Hkey,&QWP(0,$Htbl)); - &pshufb ($Xi,$T3); - &movups ($T2,&QWP(32,$Htbl)); - - &clmul64x64_T2 ($Xhi,$Xi,$Hkey,$T2); - &reduction_alg9 ($Xhi,$Xi); - - &pshufb ($Xi,$T3); - &movdqu (&QWP(0,$Xip),$Xi); - - &ret (); -&function_end_B("gcm_gmult_clmul"); - -&function_begin("gcm_ghash_clmul"); - &mov ($Xip,&wparam(0)); - &mov ($Htbl,&wparam(1)); - &mov ($inp,&wparam(2)); - &mov ($len,&wparam(3)); - - &call (&label("pic")); -&set_label("pic"); - &blindpop ($const); - &lea ($const,&DWP(&label("bswap")."-".&label("pic"),$const)); - - &movdqu ($Xi,&QWP(0,$Xip)); - &movdqa ($T3,&QWP(0,$const)); - &movdqu ($Hkey,&QWP(0,$Htbl)); - &pshufb ($Xi,$T3); - - &sub ($len,0x10); - &jz (&label("odd_tail")); - - ####### - # Xi+2 =[H*(Ii+1 + Xi+1)] mod P = - # [(H*Ii+1) + (H*Xi+1)] mod P = - # [(H*Ii+1) + H^2*(Ii+Xi)] mod P - # - &movdqu ($T1,&QWP(0,$inp)); # Ii - &movdqu ($Xn,&QWP(16,$inp)); # Ii+1 - &pshufb ($T1,$T3); - &pshufb ($Xn,$T3); - &movdqu ($T3,&QWP(32,$Htbl)); - &pxor ($Xi,$T1); # Ii+Xi - - &pshufd ($T1,$Xn,0b01001110); # H*Ii+1 - &movdqa ($Xhn,$Xn); - &pxor ($T1,$Xn); # - &lea ($inp,&DWP(32,$inp)); # i+=2 - - &pclmulqdq ($Xn,$Hkey,0x00); ####### - &pclmulqdq ($Xhn,$Hkey,0x11); ####### - &pclmulqdq ($T1,$T3,0x00); ####### - &movups ($Hkey,&QWP(16,$Htbl)); # load H^2 - &nop (); - - &sub ($len,0x20); - &jbe (&label("even_tail")); - &jmp (&label("mod_loop")); - -&set_label("mod_loop",32); - &pshufd ($T2,$Xi,0b01001110); # H^2*(Ii+Xi) - &movdqa ($Xhi,$Xi); - &pxor ($T2,$Xi); # - &nop (); - - &pclmulqdq ($Xi,$Hkey,0x00); ####### - &pclmulqdq ($Xhi,$Hkey,0x11); ####### - &pclmulqdq ($T2,$T3,0x10); ####### - &movups ($Hkey,&QWP(0,$Htbl)); # load H - - &xorps ($Xi,$Xn); # (H*Ii+1) + H^2*(Ii+Xi) - &movdqa ($T3,&QWP(0,$const)); - &xorps ($Xhi,$Xhn); - &movdqu ($Xhn,&QWP(0,$inp)); # Ii - &pxor ($T1,$Xi); # aggregated Karatsuba post-processing - &movdqu ($Xn,&QWP(16,$inp)); # Ii+1 - &pxor ($T1,$Xhi); # - - &pshufb ($Xhn,$T3); - &pxor ($T2,$T1); # - - &movdqa ($T1,$T2); # - &psrldq ($T2,8); - &pslldq ($T1,8); # - &pxor ($Xhi,$T2); - &pxor ($Xi,$T1); # - &pshufb ($Xn,$T3); - &pxor ($Xhi,$Xhn); # "Ii+Xi", consume early - - &movdqa ($Xhn,$Xn); #&clmul64x64_TX ($Xhn,$Xn,$Hkey); H*Ii+1 - &movdqa ($T2,$Xi); #&reduction_alg9($Xhi,$Xi); 1st phase - &movdqa ($T1,$Xi); - &psllq ($Xi,5); - &pxor ($T1,$Xi); # - &psllq ($Xi,1); - &pxor ($Xi,$T1); # - &pclmulqdq ($Xn,$Hkey,0x00); ####### - &movups ($T3,&QWP(32,$Htbl)); - &psllq ($Xi,57); # - &movdqa ($T1,$Xi); # - &pslldq ($Xi,8); - &psrldq ($T1,8); # - &pxor ($Xi,$T2); - &pxor ($Xhi,$T1); # - &pshufd ($T1,$Xhn,0b01001110); - &movdqa ($T2,$Xi); # 2nd phase - &psrlq ($Xi,1); - &pxor ($T1,$Xhn); - &pxor ($Xhi,$T2); # - &pclmulqdq ($Xhn,$Hkey,0x11); ####### - &movups ($Hkey,&QWP(16,$Htbl)); # load H^2 - &pxor ($T2,$Xi); - &psrlq ($Xi,5); - &pxor ($Xi,$T2); # - &psrlq ($Xi,1); # - &pxor ($Xi,$Xhi) # - &pclmulqdq ($T1,$T3,0x00); ####### - - &lea ($inp,&DWP(32,$inp)); - &sub ($len,0x20); - &ja (&label("mod_loop")); - -&set_label("even_tail"); - &pshufd ($T2,$Xi,0b01001110); # H^2*(Ii+Xi) - &movdqa ($Xhi,$Xi); - &pxor ($T2,$Xi); # - - &pclmulqdq ($Xi,$Hkey,0x00); ####### - &pclmulqdq ($Xhi,$Hkey,0x11); ####### - &pclmulqdq ($T2,$T3,0x10); ####### - &movdqa ($T3,&QWP(0,$const)); - - &xorps ($Xi,$Xn); # (H*Ii+1) + H^2*(Ii+Xi) - &xorps ($Xhi,$Xhn); - &pxor ($T1,$Xi); # aggregated Karatsuba post-processing - &pxor ($T1,$Xhi); # - - &pxor ($T2,$T1); # - - &movdqa ($T1,$T2); # - &psrldq ($T2,8); - &pslldq ($T1,8); # - &pxor ($Xhi,$T2); - &pxor ($Xi,$T1); # - - &reduction_alg9 ($Xhi,$Xi); - - &test ($len,$len); - &jnz (&label("done")); - - &movups ($Hkey,&QWP(0,$Htbl)); # load H -&set_label("odd_tail"); - &movdqu ($T1,&QWP(0,$inp)); # Ii - &pshufb ($T1,$T3); - &pxor ($Xi,$T1); # Ii+Xi - - &clmul64x64_T2 ($Xhi,$Xi,$Hkey); # H*(Ii+Xi) - &reduction_alg9 ($Xhi,$Xi); - -&set_label("done"); - &pshufb ($Xi,$T3); - &movdqu (&QWP(0,$Xip),$Xi); -&function_end("gcm_ghash_clmul"); - -} else { # Algorithm 5. Kept for reference purposes. - -sub reduction_alg5 { # 19/16 times faster than Intel version -my ($Xhi,$Xi)=@_; - - # <<1 - &movdqa ($T1,$Xi); # - &movdqa ($T2,$Xhi); - &pslld ($Xi,1); - &pslld ($Xhi,1); # - &psrld ($T1,31); - &psrld ($T2,31); # - &movdqa ($T3,$T1); - &pslldq ($T1,4); - &psrldq ($T3,12); # - &pslldq ($T2,4); - &por ($Xhi,$T3); # - &por ($Xi,$T1); - &por ($Xhi,$T2); # - - # 1st phase - &movdqa ($T1,$Xi); - &movdqa ($T2,$Xi); - &movdqa ($T3,$Xi); # - &pslld ($T1,31); - &pslld ($T2,30); - &pslld ($Xi,25); # - &pxor ($T1,$T2); - &pxor ($T1,$Xi); # - &movdqa ($T2,$T1); # - &pslldq ($T1,12); - &psrldq ($T2,4); # - &pxor ($T3,$T1); - - # 2nd phase - &pxor ($Xhi,$T3); # - &movdqa ($Xi,$T3); - &movdqa ($T1,$T3); - &psrld ($Xi,1); # - &psrld ($T1,2); - &psrld ($T3,7); # - &pxor ($Xi,$T1); - &pxor ($Xhi,$T2); - &pxor ($Xi,$T3); # - &pxor ($Xi,$Xhi); # -} - -&function_begin_B("gcm_init_clmul"); - &mov ($Htbl,&wparam(0)); - &mov ($Xip,&wparam(1)); - - &call (&label("pic")); -&set_label("pic"); - &blindpop ($const); - &lea ($const,&DWP(&label("bswap")."-".&label("pic"),$const)); - - &movdqu ($Hkey,&QWP(0,$Xip)); - &pshufd ($Hkey,$Hkey,0b01001110);# dword swap - - # calculate H^2 - &movdqa ($Xi,$Hkey); - &clmul64x64_T3 ($Xhi,$Xi,$Hkey); - &reduction_alg5 ($Xhi,$Xi); - - &movdqu (&QWP(0,$Htbl),$Hkey); # save H - &movdqu (&QWP(16,$Htbl),$Xi); # save H^2 - - &ret (); -&function_end_B("gcm_init_clmul"); - -&function_begin_B("gcm_gmult_clmul"); - &mov ($Xip,&wparam(0)); - &mov ($Htbl,&wparam(1)); - - &call (&label("pic")); -&set_label("pic"); - &blindpop ($const); - &lea ($const,&DWP(&label("bswap")."-".&label("pic"),$const)); - - &movdqu ($Xi,&QWP(0,$Xip)); - &movdqa ($Xn,&QWP(0,$const)); - &movdqu ($Hkey,&QWP(0,$Htbl)); - &pshufb ($Xi,$Xn); - - &clmul64x64_T3 ($Xhi,$Xi,$Hkey); - &reduction_alg5 ($Xhi,$Xi); - - &pshufb ($Xi,$Xn); - &movdqu (&QWP(0,$Xip),$Xi); - - &ret (); -&function_end_B("gcm_gmult_clmul"); - -&function_begin("gcm_ghash_clmul"); - &mov ($Xip,&wparam(0)); - &mov ($Htbl,&wparam(1)); - &mov ($inp,&wparam(2)); - &mov ($len,&wparam(3)); - - &call (&label("pic")); -&set_label("pic"); - &blindpop ($const); - &lea ($const,&DWP(&label("bswap")."-".&label("pic"),$const)); - - &movdqu ($Xi,&QWP(0,$Xip)); - &movdqa ($T3,&QWP(0,$const)); - &movdqu ($Hkey,&QWP(0,$Htbl)); - &pshufb ($Xi,$T3); - - &sub ($len,0x10); - &jz (&label("odd_tail")); - - ####### - # Xi+2 =[H*(Ii+1 + Xi+1)] mod P = - # [(H*Ii+1) + (H*Xi+1)] mod P = - # [(H*Ii+1) + H^2*(Ii+Xi)] mod P - # - &movdqu ($T1,&QWP(0,$inp)); # Ii - &movdqu ($Xn,&QWP(16,$inp)); # Ii+1 - &pshufb ($T1,$T3); - &pshufb ($Xn,$T3); - &pxor ($Xi,$T1); # Ii+Xi - - &clmul64x64_T3 ($Xhn,$Xn,$Hkey); # H*Ii+1 - &movdqu ($Hkey,&QWP(16,$Htbl)); # load H^2 - - &sub ($len,0x20); - &lea ($inp,&DWP(32,$inp)); # i+=2 - &jbe (&label("even_tail")); - -&set_label("mod_loop"); - &clmul64x64_T3 ($Xhi,$Xi,$Hkey); # H^2*(Ii+Xi) - &movdqu ($Hkey,&QWP(0,$Htbl)); # load H - - &pxor ($Xi,$Xn); # (H*Ii+1) + H^2*(Ii+Xi) - &pxor ($Xhi,$Xhn); - - &reduction_alg5 ($Xhi,$Xi); - - ####### - &movdqa ($T3,&QWP(0,$const)); - &movdqu ($T1,&QWP(0,$inp)); # Ii - &movdqu ($Xn,&QWP(16,$inp)); # Ii+1 - &pshufb ($T1,$T3); - &pshufb ($Xn,$T3); - &pxor ($Xi,$T1); # Ii+Xi - - &clmul64x64_T3 ($Xhn,$Xn,$Hkey); # H*Ii+1 - &movdqu ($Hkey,&QWP(16,$Htbl)); # load H^2 - - &sub ($len,0x20); - &lea ($inp,&DWP(32,$inp)); - &ja (&label("mod_loop")); - -&set_label("even_tail"); - &clmul64x64_T3 ($Xhi,$Xi,$Hkey); # H^2*(Ii+Xi) - - &pxor ($Xi,$Xn); # (H*Ii+1) + H^2*(Ii+Xi) - &pxor ($Xhi,$Xhn); - - &reduction_alg5 ($Xhi,$Xi); - - &movdqa ($T3,&QWP(0,$const)); - &test ($len,$len); - &jnz (&label("done")); - - &movdqu ($Hkey,&QWP(0,$Htbl)); # load H -&set_label("odd_tail"); - &movdqu ($T1,&QWP(0,$inp)); # Ii - &pshufb ($T1,$T3); - &pxor ($Xi,$T1); # Ii+Xi - - &clmul64x64_T3 ($Xhi,$Xi,$Hkey); # H*(Ii+Xi) - &reduction_alg5 ($Xhi,$Xi); - - &movdqa ($T3,&QWP(0,$const)); -&set_label("done"); - &pshufb ($Xi,$T3); - &movdqu (&QWP(0,$Xip),$Xi); -&function_end("gcm_ghash_clmul"); - -} - -&set_label("bswap",64); - &data_byte(15,14,13,12,11,10,9,8,7,6,5,4,3,2,1,0); - &data_byte(1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0xc2); # 0x1c2_polynomial -&set_label("rem_8bit",64); - &data_short(0x0000,0x01C2,0x0384,0x0246,0x0708,0x06CA,0x048C,0x054E); - &data_short(0x0E10,0x0FD2,0x0D94,0x0C56,0x0918,0x08DA,0x0A9C,0x0B5E); - &data_short(0x1C20,0x1DE2,0x1FA4,0x1E66,0x1B28,0x1AEA,0x18AC,0x196E); - &data_short(0x1230,0x13F2,0x11B4,0x1076,0x1538,0x14FA,0x16BC,0x177E); - &data_short(0x3840,0x3982,0x3BC4,0x3A06,0x3F48,0x3E8A,0x3CCC,0x3D0E); - &data_short(0x3650,0x3792,0x35D4,0x3416,0x3158,0x309A,0x32DC,0x331E); - &data_short(0x2460,0x25A2,0x27E4,0x2626,0x2368,0x22AA,0x20EC,0x212E); - &data_short(0x2A70,0x2BB2,0x29F4,0x2836,0x2D78,0x2CBA,0x2EFC,0x2F3E); - &data_short(0x7080,0x7142,0x7304,0x72C6,0x7788,0x764A,0x740C,0x75CE); - &data_short(0x7E90,0x7F52,0x7D14,0x7CD6,0x7998,0x785A,0x7A1C,0x7BDE); - &data_short(0x6CA0,0x6D62,0x6F24,0x6EE6,0x6BA8,0x6A6A,0x682C,0x69EE); - &data_short(0x62B0,0x6372,0x6134,0x60F6,0x65B8,0x647A,0x663C,0x67FE); - &data_short(0x48C0,0x4902,0x4B44,0x4A86,0x4FC8,0x4E0A,0x4C4C,0x4D8E); - &data_short(0x46D0,0x4712,0x4554,0x4496,0x41D8,0x401A,0x425C,0x439E); - &data_short(0x54E0,0x5522,0x5764,0x56A6,0x53E8,0x522A,0x506C,0x51AE); - &data_short(0x5AF0,0x5B32,0x5974,0x58B6,0x5DF8,0x5C3A,0x5E7C,0x5FBE); - &data_short(0xE100,0xE0C2,0xE284,0xE346,0xE608,0xE7CA,0xE58C,0xE44E); - &data_short(0xEF10,0xEED2,0xEC94,0xED56,0xE818,0xE9DA,0xEB9C,0xEA5E); - &data_short(0xFD20,0xFCE2,0xFEA4,0xFF66,0xFA28,0xFBEA,0xF9AC,0xF86E); - &data_short(0xF330,0xF2F2,0xF0B4,0xF176,0xF438,0xF5FA,0xF7BC,0xF67E); - &data_short(0xD940,0xD882,0xDAC4,0xDB06,0xDE48,0xDF8A,0xDDCC,0xDC0E); - &data_short(0xD750,0xD692,0xD4D4,0xD516,0xD058,0xD19A,0xD3DC,0xD21E); - &data_short(0xC560,0xC4A2,0xC6E4,0xC726,0xC268,0xC3AA,0xC1EC,0xC02E); - &data_short(0xCB70,0xCAB2,0xC8F4,0xC936,0xCC78,0xCDBA,0xCFFC,0xCE3E); - &data_short(0x9180,0x9042,0x9204,0x93C6,0x9688,0x974A,0x950C,0x94CE); - &data_short(0x9F90,0x9E52,0x9C14,0x9DD6,0x9898,0x995A,0x9B1C,0x9ADE); - &data_short(0x8DA0,0x8C62,0x8E24,0x8FE6,0x8AA8,0x8B6A,0x892C,0x88EE); - &data_short(0x83B0,0x8272,0x8034,0x81F6,0x84B8,0x857A,0x873C,0x86FE); - &data_short(0xA9C0,0xA802,0xAA44,0xAB86,0xAEC8,0xAF0A,0xAD4C,0xAC8E); - &data_short(0xA7D0,0xA612,0xA454,0xA596,0xA0D8,0xA11A,0xA35C,0xA29E); - &data_short(0xB5E0,0xB422,0xB664,0xB7A6,0xB2E8,0xB32A,0xB16C,0xB0AE); - &data_short(0xBBF0,0xBA32,0xB874,0xB9B6,0xBCF8,0xBD3A,0xBF7C,0xBEBE); -}} # $sse2 - -&set_label("rem_4bit",64); - &data_word(0,0x0000<<$S,0,0x1C20<<$S,0,0x3840<<$S,0,0x2460<<$S); - &data_word(0,0x7080<<$S,0,0x6CA0<<$S,0,0x48C0<<$S,0,0x54E0<<$S); - &data_word(0,0xE100<<$S,0,0xFD20<<$S,0,0xD940<<$S,0,0xC560<<$S); - &data_word(0,0x9180<<$S,0,0x8DA0<<$S,0,0xA9C0<<$S,0,0xB5E0<<$S); -}}} # !$x86only - -&asciz("GHASH for x86, CRYPTOGAMS by "); -&asm_finish(); - -close STDOUT or die "error closing STDOUT: $!"; - -# A question was risen about choice of vanilla MMX. Or rather why wasn't -# SSE2 chosen instead? In addition to the fact that MMX runs on legacy -# CPUs such as PIII, "4-bit" MMX version was observed to provide better -# performance than *corresponding* SSE2 one even on contemporary CPUs. -# SSE2 results were provided by Peter-Michael Hager. He maintains SSE2 -# implementation featuring full range of lookup-table sizes, but with -# per-invocation lookup table setup. Latter means that table size is -# chosen depending on how much data is to be hashed in every given call, -# more data - larger table. Best reported result for Core2 is ~4 cycles -# per processed byte out of 64KB block. This number accounts even for -# 64KB table setup overhead. As discussed in gcm128.c we choose to be -# more conservative in respect to lookup table sizes, but how do the -# results compare? Minimalistic "256B" MMX version delivers ~11 cycles -# on same platform. As also discussed in gcm128.c, next in line "8-bit -# Shoup's" or "4KB" method should deliver twice the performance of -# "256B" one, in other words not worse than ~6 cycles per byte. It -# should be also be noted that in SSE2 case improvement can be "super- -# linear," i.e. more than twice, mostly because >>8 maps to single -# instruction on SSE2 register. This is unlike "4-bit" case when >>4 -# maps to same amount of instructions in both MMX and SSE2 cases. -# Bottom line is that switch to SSE2 is considered to be justifiable -# only in case we choose to implement "8-bit" method... diff --git a/crypto/modes/asm/ghash-x86_64.pl b/crypto/modes/asm/ghash-x86_64.pl deleted file mode 100644 index 6709f96492ed3719fe0c199df037b96da35f035e..0000000000000000000000000000000000000000 --- a/crypto/modes/asm/ghash-x86_64.pl +++ /dev/null @@ -1,1826 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2010-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - -# -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# ==================================================================== -# -# March, June 2010 -# -# The module implements "4-bit" GCM GHASH function and underlying -# single multiplication operation in GF(2^128). "4-bit" means that -# it uses 256 bytes per-key table [+128 bytes shared table]. GHASH -# function features so called "528B" variant utilizing additional -# 256+16 bytes of per-key storage [+512 bytes shared table]. -# Performance results are for this streamed GHASH subroutine and are -# expressed in cycles per processed byte, less is better: -# -# gcc 3.4.x(*) assembler -# -# P4 28.6 14.0 +100% -# Opteron 19.3 7.7 +150% -# Core2 17.8 8.1(**) +120% -# Atom 31.6 16.8 +88% -# VIA Nano 21.8 10.1 +115% -# -# (*) comparison is not completely fair, because C results are -# for vanilla "256B" implementation, while assembler results -# are for "528B";-) -# (**) it's mystery [to me] why Core2 result is not same as for -# Opteron; - -# May 2010 -# -# Add PCLMULQDQ version performing at 2.02 cycles per processed byte. -# See ghash-x86.pl for background information and details about coding -# techniques. -# -# Special thanks to David Woodhouse for providing access to a -# Westmere-based system on behalf of Intel Open Source Technology Centre. - -# December 2012 -# -# Overhaul: aggregate Karatsuba post-processing, improve ILP in -# reduction_alg9, increase reduction aggregate factor to 4x. As for -# the latter. ghash-x86.pl discusses that it makes lesser sense to -# increase aggregate factor. Then why increase here? Critical path -# consists of 3 independent pclmulqdq instructions, Karatsuba post- -# processing and reduction. "On top" of this we lay down aggregated -# multiplication operations, triplets of independent pclmulqdq's. As -# issue rate for pclmulqdq is limited, it makes lesser sense to -# aggregate more multiplications than it takes to perform remaining -# non-multiplication operations. 2x is near-optimal coefficient for -# contemporary Intel CPUs (therefore modest improvement coefficient), -# but not for Bulldozer. Latter is because logical SIMD operations -# are twice as slow in comparison to Intel, so that critical path is -# longer. A CPU with higher pclmulqdq issue rate would also benefit -# from higher aggregate factor... -# -# Westmere 1.78(+13%) -# Sandy Bridge 1.80(+8%) -# Ivy Bridge 1.80(+7%) -# Haswell 0.55(+93%) (if system doesn't support AVX) -# Broadwell 0.45(+110%)(if system doesn't support AVX) -# Skylake 0.44(+110%)(if system doesn't support AVX) -# Bulldozer 1.49(+27%) -# Silvermont 2.88(+13%) -# Knights L 2.12(-) (if system doesn't support AVX) -# Goldmont 1.08(+24%) - -# March 2013 -# -# ... 8x aggregate factor AVX code path is using reduction algorithm -# suggested by Shay Gueron[1]. Even though contemporary AVX-capable -# CPUs such as Sandy and Ivy Bridge can execute it, the code performs -# sub-optimally in comparison to above mentioned version. But thanks -# to Ilya Albrekht and Max Locktyukhin of Intel Corp. we knew that -# it performs in 0.41 cycles per byte on Haswell processor, in -# 0.29 on Broadwell, and in 0.36 on Skylake. -# -# Knights Landing achieves 1.09 cpb. -# -# [1] http://rt.openssl.org/Ticket/Display.html?id=2900&user=guest&pass=guest - -# $output is the last argument if it looks like a file (it has an extension) -# $flavour is the first argument if it doesn't look like a file -$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; -$flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef; - -$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/); - -$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; -( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or -( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or -die "can't locate x86_64-xlate.pl"; - -if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1` - =~ /GNU assembler version ([2-9]\.[0-9]+)/) { - $avx = ($1>=2.20) + ($1>=2.22); -} - -if (!$avx && $win64 && ($flavour =~ /nasm/ || $ENV{ASM} =~ /nasm/) && - `nasm -v 2>&1` =~ /NASM version ([2-9]\.[0-9]+)/) { - $avx = ($1>=2.09) + ($1>=2.10); -} - -if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) && - `ml64 2>&1` =~ /Version ([0-9]+)\./) { - $avx = ($1>=10) + ($1>=11); -} - -if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:clang|LLVM) version|.*based on LLVM) ([0-9]+\.[0-9]+)/) { - $avx = ($2>=3.0) + ($2>3.0); -} - -open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"" - or die "can't call $xlate: $!"; -*STDOUT=*OUT; - -$do4xaggr=1; - -# common register layout -$nlo="%rax"; -$nhi="%rbx"; -$Zlo="%r8"; -$Zhi="%r9"; -$tmp="%r10"; -$rem_4bit = "%r11"; - -$Xi="%rdi"; -$Htbl="%rsi"; - -# per-function register layout -$cnt="%rcx"; -$rem="%rdx"; - -sub LB() { my $r=shift; $r =~ s/%[er]([a-d])x/%\1l/ or - $r =~ s/%[er]([sd]i)/%\1l/ or - $r =~ s/%[er](bp)/%\1l/ or - $r =~ s/%(r[0-9]+)[d]?/%\1b/; $r; } - -sub AUTOLOAD() # thunk [simplified] 32-bit style perlasm -{ my $opcode = $AUTOLOAD; $opcode =~ s/.*:://; - my $arg = pop; - $arg = "\$$arg" if ($arg*1 eq $arg); - $code .= "\t$opcode\t".join(',',$arg,reverse @_)."\n"; -} - -{ my $N; - sub loop() { - my $inp = shift; - - $N++; -$code.=<<___; - xor $nlo,$nlo - xor $nhi,$nhi - mov `&LB("$Zlo")`,`&LB("$nlo")` - mov `&LB("$Zlo")`,`&LB("$nhi")` - shl \$4,`&LB("$nlo")` - mov \$14,$cnt - mov 8($Htbl,$nlo),$Zlo - mov ($Htbl,$nlo),$Zhi - and \$0xf0,`&LB("$nhi")` - mov $Zlo,$rem - jmp .Loop$N - -.align 16 -.Loop$N: - shr \$4,$Zlo - and \$0xf,$rem - mov $Zhi,$tmp - mov ($inp,$cnt),`&LB("$nlo")` - shr \$4,$Zhi - xor 8($Htbl,$nhi),$Zlo - shl \$60,$tmp - xor ($Htbl,$nhi),$Zhi - mov `&LB("$nlo")`,`&LB("$nhi")` - xor ($rem_4bit,$rem,8),$Zhi - mov $Zlo,$rem - shl \$4,`&LB("$nlo")` - xor $tmp,$Zlo - dec $cnt - js .Lbreak$N - - shr \$4,$Zlo - and \$0xf,$rem - mov $Zhi,$tmp - shr \$4,$Zhi - xor 8($Htbl,$nlo),$Zlo - shl \$60,$tmp - xor ($Htbl,$nlo),$Zhi - and \$0xf0,`&LB("$nhi")` - xor ($rem_4bit,$rem,8),$Zhi - mov $Zlo,$rem - xor $tmp,$Zlo - jmp .Loop$N - -.align 16 -.Lbreak$N: - shr \$4,$Zlo - and \$0xf,$rem - mov $Zhi,$tmp - shr \$4,$Zhi - xor 8($Htbl,$nlo),$Zlo - shl \$60,$tmp - xor ($Htbl,$nlo),$Zhi - and \$0xf0,`&LB("$nhi")` - xor ($rem_4bit,$rem,8),$Zhi - mov $Zlo,$rem - xor $tmp,$Zlo - - shr \$4,$Zlo - and \$0xf,$rem - mov $Zhi,$tmp - shr \$4,$Zhi - xor 8($Htbl,$nhi),$Zlo - shl \$60,$tmp - xor ($Htbl,$nhi),$Zhi - xor $tmp,$Zlo - xor ($rem_4bit,$rem,8),$Zhi - - bswap $Zlo - bswap $Zhi -___ -}} - -$code=<<___; -.text -.extern OPENSSL_ia32cap_P - -.globl gcm_gmult_4bit -.type gcm_gmult_4bit,\@function,2 -.align 16 -gcm_gmult_4bit: -.cfi_startproc - endbranch - push %rbx -.cfi_push %rbx - push %rbp # %rbp and others are pushed exclusively in -.cfi_push %rbp - push %r12 # order to reuse Win64 exception handler... -.cfi_push %r12 - push %r13 -.cfi_push %r13 - push %r14 -.cfi_push %r14 - push %r15 -.cfi_push %r15 - sub \$280,%rsp -.cfi_adjust_cfa_offset 280 -.Lgmult_prologue: - - movzb 15($Xi),$Zlo - lea .Lrem_4bit(%rip),$rem_4bit -___ - &loop ($Xi); -$code.=<<___; - mov $Zlo,8($Xi) - mov $Zhi,($Xi) - - lea 280+48(%rsp),%rsi -.cfi_def_cfa %rsi,8 - mov -8(%rsi),%rbx -.cfi_restore %rbx - lea (%rsi),%rsp -.cfi_def_cfa_register %rsp -.Lgmult_epilogue: - ret -.cfi_endproc -.size gcm_gmult_4bit,.-gcm_gmult_4bit -___ - -# per-function register layout -$inp="%rdx"; -$len="%rcx"; -$rem_8bit=$rem_4bit; - -$code.=<<___; -.globl gcm_ghash_4bit -.type gcm_ghash_4bit,\@function,4 -.align 16 -gcm_ghash_4bit: -.cfi_startproc - endbranch - push %rbx -.cfi_push %rbx - push %rbp -.cfi_push %rbp - push %r12 -.cfi_push %r12 - push %r13 -.cfi_push %r13 - push %r14 -.cfi_push %r14 - push %r15 -.cfi_push %r15 - sub \$280,%rsp -.cfi_adjust_cfa_offset 280 -.Lghash_prologue: - mov $inp,%r14 # reassign couple of args - mov $len,%r15 -___ -{ my $inp="%r14"; - my $dat="%edx"; - my $len="%r15"; - my @nhi=("%ebx","%ecx"); - my @rem=("%r12","%r13"); - my $Hshr4="%rbp"; - - &sub ($Htbl,-128); # size optimization - &lea ($Hshr4,"16+128(%rsp)"); - { my @lo =($nlo,$nhi); - my @hi =($Zlo,$Zhi); - - &xor ($dat,$dat); - for ($i=0,$j=-2;$i<18;$i++,$j++) { - &mov ("$j(%rsp)",&LB($dat)) if ($i>1); - &or ($lo[0],$tmp) if ($i>1); - &mov (&LB($dat),&LB($lo[1])) if ($i>0 && $i<17); - &shr ($lo[1],4) if ($i>0 && $i<17); - &mov ($tmp,$hi[1]) if ($i>0 && $i<17); - &shr ($hi[1],4) if ($i>0 && $i<17); - &mov ("8*$j($Hshr4)",$hi[0]) if ($i>1); - &mov ($hi[0],"16*$i+0-128($Htbl)") if ($i<16); - &shl (&LB($dat),4) if ($i>0 && $i<17); - &mov ("8*$j-128($Hshr4)",$lo[0]) if ($i>1); - &mov ($lo[0],"16*$i+8-128($Htbl)") if ($i<16); - &shl ($tmp,60) if ($i>0 && $i<17); - - push (@lo,shift(@lo)); - push (@hi,shift(@hi)); - } - } - &add ($Htbl,-128); - &mov ($Zlo,"8($Xi)"); - &mov ($Zhi,"0($Xi)"); - &add ($len,$inp); # pointer to the end of data - &lea ($rem_8bit,".Lrem_8bit(%rip)"); - &jmp (".Louter_loop"); - -$code.=".align 16\n.Louter_loop:\n"; - &xor ($Zhi,"($inp)"); - &mov ("%rdx","8($inp)"); - &lea ($inp,"16($inp)"); - &xor ("%rdx",$Zlo); - &mov ("($Xi)",$Zhi); - &mov ("8($Xi)","%rdx"); - &shr ("%rdx",32); - - &xor ($nlo,$nlo); - &rol ($dat,8); - &mov (&LB($nlo),&LB($dat)); - &movz ($nhi[0],&LB($dat)); - &shl (&LB($nlo),4); - &shr ($nhi[0],4); - - for ($j=11,$i=0;$i<15;$i++) { - &rol ($dat,8); - &xor ($Zlo,"8($Htbl,$nlo)") if ($i>0); - &xor ($Zhi,"($Htbl,$nlo)") if ($i>0); - &mov ($Zlo,"8($Htbl,$nlo)") if ($i==0); - &mov ($Zhi,"($Htbl,$nlo)") if ($i==0); - - &mov (&LB($nlo),&LB($dat)); - &xor ($Zlo,$tmp) if ($i>0); - &movzw ($rem[1],"($rem_8bit,$rem[1],2)") if ($i>0); - - &movz ($nhi[1],&LB($dat)); - &shl (&LB($nlo),4); - &movzb ($rem[0],"(%rsp,$nhi[0])"); - - &shr ($nhi[1],4) if ($i<14); - &and ($nhi[1],0xf0) if ($i==14); - &shl ($rem[1],48) if ($i>0); - &xor ($rem[0],$Zlo); - - &mov ($tmp,$Zhi); - &xor ($Zhi,$rem[1]) if ($i>0); - &shr ($Zlo,8); - - &movz ($rem[0],&LB($rem[0])); - &mov ($dat,"$j($Xi)") if (--$j%4==0); - &shr ($Zhi,8); - - &xor ($Zlo,"-128($Hshr4,$nhi[0],8)"); - &shl ($tmp,56); - &xor ($Zhi,"($Hshr4,$nhi[0],8)"); - - unshift (@nhi,pop(@nhi)); # "rotate" registers - unshift (@rem,pop(@rem)); - } - &movzw ($rem[1],"($rem_8bit,$rem[1],2)"); - &xor ($Zlo,"8($Htbl,$nlo)"); - &xor ($Zhi,"($Htbl,$nlo)"); - - &shl ($rem[1],48); - &xor ($Zlo,$tmp); - - &xor ($Zhi,$rem[1]); - &movz ($rem[0],&LB($Zlo)); - &shr ($Zlo,4); - - &mov ($tmp,$Zhi); - &shl (&LB($rem[0]),4); - &shr ($Zhi,4); - - &xor ($Zlo,"8($Htbl,$nhi[0])"); - &movzw ($rem[0],"($rem_8bit,$rem[0],2)"); - &shl ($tmp,60); - - &xor ($Zhi,"($Htbl,$nhi[0])"); - &xor ($Zlo,$tmp); - &shl ($rem[0],48); - - &bswap ($Zlo); - &xor ($Zhi,$rem[0]); - - &bswap ($Zhi); - &cmp ($inp,$len); - &jb (".Louter_loop"); -} -$code.=<<___; - mov $Zlo,8($Xi) - mov $Zhi,($Xi) - - lea 280+48(%rsp),%rsi -.cfi_def_cfa %rsi,8 - mov -48(%rsi),%r15 -.cfi_restore %r15 - mov -40(%rsi),%r14 -.cfi_restore %r14 - mov -32(%rsi),%r13 -.cfi_restore %r13 - mov -24(%rsi),%r12 -.cfi_restore %r12 - mov -16(%rsi),%rbp -.cfi_restore %rbp - mov -8(%rsi),%rbx -.cfi_restore %rbx - lea 0(%rsi),%rsp -.cfi_def_cfa_register %rsp -.Lghash_epilogue: - ret -.cfi_endproc -.size gcm_ghash_4bit,.-gcm_ghash_4bit -___ - -###################################################################### -# PCLMULQDQ version. - -@_4args=$win64? ("%rcx","%rdx","%r8", "%r9") : # Win64 order - ("%rdi","%rsi","%rdx","%rcx"); # Unix order - -($Xi,$Xhi)=("%xmm0","%xmm1"); $Hkey="%xmm2"; -($T1,$T2,$T3)=("%xmm3","%xmm4","%xmm5"); - -sub clmul64x64_T2 { # minimal register pressure -my ($Xhi,$Xi,$Hkey,$HK)=@_; - -if (!defined($HK)) { $HK = $T2; -$code.=<<___; - movdqa $Xi,$Xhi # - pshufd \$0b01001110,$Xi,$T1 - pshufd \$0b01001110,$Hkey,$T2 - pxor $Xi,$T1 # - pxor $Hkey,$T2 -___ -} else { -$code.=<<___; - movdqa $Xi,$Xhi # - pshufd \$0b01001110,$Xi,$T1 - pxor $Xi,$T1 # -___ -} -$code.=<<___; - pclmulqdq \$0x00,$Hkey,$Xi ####### - pclmulqdq \$0x11,$Hkey,$Xhi ####### - pclmulqdq \$0x00,$HK,$T1 ####### - pxor $Xi,$T1 # - pxor $Xhi,$T1 # - - movdqa $T1,$T2 # - psrldq \$8,$T1 - pslldq \$8,$T2 # - pxor $T1,$Xhi - pxor $T2,$Xi # -___ -} - -sub reduction_alg9 { # 17/11 times faster than Intel version -my ($Xhi,$Xi) = @_; - -$code.=<<___; - # 1st phase - movdqa $Xi,$T2 # - movdqa $Xi,$T1 - psllq \$5,$Xi - pxor $Xi,$T1 # - psllq \$1,$Xi - pxor $T1,$Xi # - psllq \$57,$Xi # - movdqa $Xi,$T1 # - pslldq \$8,$Xi - psrldq \$8,$T1 # - pxor $T2,$Xi - pxor $T1,$Xhi # - - # 2nd phase - movdqa $Xi,$T2 - psrlq \$1,$Xi - pxor $T2,$Xhi # - pxor $Xi,$T2 - psrlq \$5,$Xi - pxor $T2,$Xi # - psrlq \$1,$Xi # - pxor $Xhi,$Xi # -___ -} - -{ my ($Htbl,$Xip)=@_4args; - my $HK="%xmm6"; - -$code.=<<___; -.globl gcm_init_clmul -.type gcm_init_clmul,\@abi-omnipotent -.align 16 -gcm_init_clmul: -.cfi_startproc -.L_init_clmul: -___ -$code.=<<___ if ($win64); -.LSEH_begin_gcm_init_clmul: - # I can't trust assembler to use specific encoding:-( - .byte 0x48,0x83,0xec,0x18 #sub $0x18,%rsp - .byte 0x0f,0x29,0x34,0x24 #movaps %xmm6,(%rsp) -___ -$code.=<<___; - movdqu ($Xip),$Hkey - pshufd \$0b01001110,$Hkey,$Hkey # dword swap - - # <<1 twist - pshufd \$0b11111111,$Hkey,$T2 # broadcast uppermost dword - movdqa $Hkey,$T1 - psllq \$1,$Hkey - pxor $T3,$T3 # - psrlq \$63,$T1 - pcmpgtd $T2,$T3 # broadcast carry bit - pslldq \$8,$T1 - por $T1,$Hkey # H<<=1 - - # magic reduction - pand .L0x1c2_polynomial(%rip),$T3 - pxor $T3,$Hkey # if(carry) H^=0x1c2_polynomial - - # calculate H^2 - pshufd \$0b01001110,$Hkey,$HK - movdqa $Hkey,$Xi - pxor $Hkey,$HK -___ - &clmul64x64_T2 ($Xhi,$Xi,$Hkey,$HK); - &reduction_alg9 ($Xhi,$Xi); -$code.=<<___; - pshufd \$0b01001110,$Hkey,$T1 - pshufd \$0b01001110,$Xi,$T2 - pxor $Hkey,$T1 # Karatsuba pre-processing - movdqu $Hkey,0x00($Htbl) # save H - pxor $Xi,$T2 # Karatsuba pre-processing - movdqu $Xi,0x10($Htbl) # save H^2 - palignr \$8,$T1,$T2 # low part is H.lo^H.hi... - movdqu $T2,0x20($Htbl) # save Karatsuba "salt" -___ -if ($do4xaggr) { - &clmul64x64_T2 ($Xhi,$Xi,$Hkey,$HK); # H^3 - &reduction_alg9 ($Xhi,$Xi); -$code.=<<___; - movdqa $Xi,$T3 -___ - &clmul64x64_T2 ($Xhi,$Xi,$Hkey,$HK); # H^4 - &reduction_alg9 ($Xhi,$Xi); -$code.=<<___; - pshufd \$0b01001110,$T3,$T1 - pshufd \$0b01001110,$Xi,$T2 - pxor $T3,$T1 # Karatsuba pre-processing - movdqu $T3,0x30($Htbl) # save H^3 - pxor $Xi,$T2 # Karatsuba pre-processing - movdqu $Xi,0x40($Htbl) # save H^4 - palignr \$8,$T1,$T2 # low part is H^3.lo^H^3.hi... - movdqu $T2,0x50($Htbl) # save Karatsuba "salt" -___ -} -$code.=<<___ if ($win64); - movaps (%rsp),%xmm6 - lea 0x18(%rsp),%rsp -.LSEH_end_gcm_init_clmul: -___ -$code.=<<___; - ret -.cfi_endproc -.size gcm_init_clmul,.-gcm_init_clmul -___ -} - -{ my ($Xip,$Htbl)=@_4args; - -$code.=<<___; -.globl gcm_gmult_clmul -.type gcm_gmult_clmul,\@abi-omnipotent -.align 16 -gcm_gmult_clmul: -.cfi_startproc - endbranch -.L_gmult_clmul: - movdqu ($Xip),$Xi - movdqa .Lbswap_mask(%rip),$T3 - movdqu ($Htbl),$Hkey - movdqu 0x20($Htbl),$T2 - pshufb $T3,$Xi -___ - &clmul64x64_T2 ($Xhi,$Xi,$Hkey,$T2); -$code.=<<___ if (0 || (&reduction_alg9($Xhi,$Xi)&&0)); - # experimental alternative. special thing about is that there - # no dependency between the two multiplications... - mov \$`0xE1<<1`,%eax - mov \$0xA040608020C0E000,%r10 # ((7..0)·0xE0)&0xff - mov \$0x07,%r11d - movq %rax,$T1 - movq %r10,$T2 - movq %r11,$T3 # borrow $T3 - pand $Xi,$T3 - pshufb $T3,$T2 # ($Xi&7)·0xE0 - movq %rax,$T3 - pclmulqdq \$0x00,$Xi,$T1 # ·(0xE1<<1) - pxor $Xi,$T2 - pslldq \$15,$T2 - paddd $T2,$T2 # <<(64+56+1) - pxor $T2,$Xi - pclmulqdq \$0x01,$T3,$Xi - movdqa .Lbswap_mask(%rip),$T3 # reload $T3 - psrldq \$1,$T1 - pxor $T1,$Xhi - pslldq \$7,$Xi - pxor $Xhi,$Xi -___ -$code.=<<___; - pshufb $T3,$Xi - movdqu $Xi,($Xip) - ret -.cfi_endproc -.size gcm_gmult_clmul,.-gcm_gmult_clmul -___ -} - -{ my ($Xip,$Htbl,$inp,$len)=@_4args; - my ($Xln,$Xmn,$Xhn,$Hkey2,$HK) = map("%xmm$_",(3..7)); - my ($T1,$T2,$T3)=map("%xmm$_",(8..10)); - -$code.=<<___; -.globl gcm_ghash_clmul -.type gcm_ghash_clmul,\@abi-omnipotent -.align 32 -gcm_ghash_clmul: -.cfi_startproc - endbranch -.L_ghash_clmul: -___ -$code.=<<___ if ($win64); - lea -0x88(%rsp),%rax -.LSEH_begin_gcm_ghash_clmul: - # I can't trust assembler to use specific encoding:-( - .byte 0x48,0x8d,0x60,0xe0 #lea -0x20(%rax),%rsp - .byte 0x0f,0x29,0x70,0xe0 #movaps %xmm6,-0x20(%rax) - .byte 0x0f,0x29,0x78,0xf0 #movaps %xmm7,-0x10(%rax) - .byte 0x44,0x0f,0x29,0x00 #movaps %xmm8,0(%rax) - .byte 0x44,0x0f,0x29,0x48,0x10 #movaps %xmm9,0x10(%rax) - .byte 0x44,0x0f,0x29,0x50,0x20 #movaps %xmm10,0x20(%rax) - .byte 0x44,0x0f,0x29,0x58,0x30 #movaps %xmm11,0x30(%rax) - .byte 0x44,0x0f,0x29,0x60,0x40 #movaps %xmm12,0x40(%rax) - .byte 0x44,0x0f,0x29,0x68,0x50 #movaps %xmm13,0x50(%rax) - .byte 0x44,0x0f,0x29,0x70,0x60 #movaps %xmm14,0x60(%rax) - .byte 0x44,0x0f,0x29,0x78,0x70 #movaps %xmm15,0x70(%rax) -___ -$code.=<<___; - movdqa .Lbswap_mask(%rip),$T3 - - movdqu ($Xip),$Xi - movdqu ($Htbl),$Hkey - movdqu 0x20($Htbl),$HK - pshufb $T3,$Xi - - sub \$0x10,$len - jz .Lodd_tail - - movdqu 0x10($Htbl),$Hkey2 -___ -if ($do4xaggr) { -my ($Xl,$Xm,$Xh,$Hkey3,$Hkey4)=map("%xmm$_",(11..15)); - -$code.=<<___; - mov OPENSSL_ia32cap_P+4(%rip),%eax - cmp \$0x30,$len - jb .Lskip4x - - and \$`1<<26|1<<22`,%eax # isolate MOVBE+XSAVE - cmp \$`1<<22`,%eax # check for MOVBE without XSAVE - je .Lskip4x - - sub \$0x30,$len - mov \$0xA040608020C0E000,%rax # ((7..0)·0xE0)&0xff - movdqu 0x30($Htbl),$Hkey3 - movdqu 0x40($Htbl),$Hkey4 - - ####### - # Xi+4 =[(H*Ii+3) + (H^2*Ii+2) + (H^3*Ii+1) + H^4*(Ii+Xi)] mod P - # - movdqu 0x30($inp),$Xln - movdqu 0x20($inp),$Xl - pshufb $T3,$Xln - pshufb $T3,$Xl - movdqa $Xln,$Xhn - pshufd \$0b01001110,$Xln,$Xmn - pxor $Xln,$Xmn - pclmulqdq \$0x00,$Hkey,$Xln - pclmulqdq \$0x11,$Hkey,$Xhn - pclmulqdq \$0x00,$HK,$Xmn - - movdqa $Xl,$Xh - pshufd \$0b01001110,$Xl,$Xm - pxor $Xl,$Xm - pclmulqdq \$0x00,$Hkey2,$Xl - pclmulqdq \$0x11,$Hkey2,$Xh - pclmulqdq \$0x10,$HK,$Xm - xorps $Xl,$Xln - xorps $Xh,$Xhn - movups 0x50($Htbl),$HK - xorps $Xm,$Xmn - - movdqu 0x10($inp),$Xl - movdqu 0($inp),$T1 - pshufb $T3,$Xl - pshufb $T3,$T1 - movdqa $Xl,$Xh - pshufd \$0b01001110,$Xl,$Xm - pxor $T1,$Xi - pxor $Xl,$Xm - pclmulqdq \$0x00,$Hkey3,$Xl - movdqa $Xi,$Xhi - pshufd \$0b01001110,$Xi,$T1 - pxor $Xi,$T1 - pclmulqdq \$0x11,$Hkey3,$Xh - pclmulqdq \$0x00,$HK,$Xm - xorps $Xl,$Xln - xorps $Xh,$Xhn - - lea 0x40($inp),$inp - sub \$0x40,$len - jc .Ltail4x - - jmp .Lmod4_loop -.align 32 -.Lmod4_loop: - pclmulqdq \$0x00,$Hkey4,$Xi - xorps $Xm,$Xmn - movdqu 0x30($inp),$Xl - pshufb $T3,$Xl - pclmulqdq \$0x11,$Hkey4,$Xhi - xorps $Xln,$Xi - movdqu 0x20($inp),$Xln - movdqa $Xl,$Xh - pclmulqdq \$0x10,$HK,$T1 - pshufd \$0b01001110,$Xl,$Xm - xorps $Xhn,$Xhi - pxor $Xl,$Xm - pshufb $T3,$Xln - movups 0x20($Htbl),$HK - xorps $Xmn,$T1 - pclmulqdq \$0x00,$Hkey,$Xl - pshufd \$0b01001110,$Xln,$Xmn - - pxor $Xi,$T1 # aggregated Karatsuba post-processing - movdqa $Xln,$Xhn - pxor $Xhi,$T1 # - pxor $Xln,$Xmn - movdqa $T1,$T2 # - pclmulqdq \$0x11,$Hkey,$Xh - pslldq \$8,$T1 - psrldq \$8,$T2 # - pxor $T1,$Xi - movdqa .L7_mask(%rip),$T1 - pxor $T2,$Xhi # - movq %rax,$T2 - - pand $Xi,$T1 # 1st phase - pshufb $T1,$T2 # - pxor $Xi,$T2 # - pclmulqdq \$0x00,$HK,$Xm - psllq \$57,$T2 # - movdqa $T2,$T1 # - pslldq \$8,$T2 - pclmulqdq \$0x00,$Hkey2,$Xln - psrldq \$8,$T1 # - pxor $T2,$Xi - pxor $T1,$Xhi # - movdqu 0($inp),$T1 - - movdqa $Xi,$T2 # 2nd phase - psrlq \$1,$Xi - pclmulqdq \$0x11,$Hkey2,$Xhn - xorps $Xl,$Xln - movdqu 0x10($inp),$Xl - pshufb $T3,$Xl - pclmulqdq \$0x10,$HK,$Xmn - xorps $Xh,$Xhn - movups 0x50($Htbl),$HK - pshufb $T3,$T1 - pxor $T2,$Xhi # - pxor $Xi,$T2 - psrlq \$5,$Xi - - movdqa $Xl,$Xh - pxor $Xm,$Xmn - pshufd \$0b01001110,$Xl,$Xm - pxor $T2,$Xi # - pxor $T1,$Xhi - pxor $Xl,$Xm - pclmulqdq \$0x00,$Hkey3,$Xl - psrlq \$1,$Xi # - pxor $Xhi,$Xi # - movdqa $Xi,$Xhi - pclmulqdq \$0x11,$Hkey3,$Xh - xorps $Xl,$Xln - pshufd \$0b01001110,$Xi,$T1 - pxor $Xi,$T1 - - pclmulqdq \$0x00,$HK,$Xm - xorps $Xh,$Xhn - - lea 0x40($inp),$inp - sub \$0x40,$len - jnc .Lmod4_loop - -.Ltail4x: - pclmulqdq \$0x00,$Hkey4,$Xi - pclmulqdq \$0x11,$Hkey4,$Xhi - pclmulqdq \$0x10,$HK,$T1 - xorps $Xm,$Xmn - xorps $Xln,$Xi - xorps $Xhn,$Xhi - pxor $Xi,$Xhi # aggregated Karatsuba post-processing - pxor $Xmn,$T1 - - pxor $Xhi,$T1 # - pxor $Xi,$Xhi - - movdqa $T1,$T2 # - psrldq \$8,$T1 - pslldq \$8,$T2 # - pxor $T1,$Xhi - pxor $T2,$Xi # -___ - &reduction_alg9($Xhi,$Xi); -$code.=<<___; - add \$0x40,$len - jz .Ldone - movdqu 0x20($Htbl),$HK - sub \$0x10,$len - jz .Lodd_tail -.Lskip4x: -___ -} -$code.=<<___; - ####### - # Xi+2 =[H*(Ii+1 + Xi+1)] mod P = - # [(H*Ii+1) + (H*Xi+1)] mod P = - # [(H*Ii+1) + H^2*(Ii+Xi)] mod P - # - movdqu ($inp),$T1 # Ii - movdqu 16($inp),$Xln # Ii+1 - pshufb $T3,$T1 - pshufb $T3,$Xln - pxor $T1,$Xi # Ii+Xi - - movdqa $Xln,$Xhn - pshufd \$0b01001110,$Xln,$Xmn - pxor $Xln,$Xmn - pclmulqdq \$0x00,$Hkey,$Xln - pclmulqdq \$0x11,$Hkey,$Xhn - pclmulqdq \$0x00,$HK,$Xmn - - lea 32($inp),$inp # i+=2 - nop - sub \$0x20,$len - jbe .Leven_tail - nop - jmp .Lmod_loop - -.align 32 -.Lmod_loop: - movdqa $Xi,$Xhi - movdqa $Xmn,$T1 - pshufd \$0b01001110,$Xi,$Xmn # - pxor $Xi,$Xmn # - - pclmulqdq \$0x00,$Hkey2,$Xi - pclmulqdq \$0x11,$Hkey2,$Xhi - pclmulqdq \$0x10,$HK,$Xmn - - pxor $Xln,$Xi # (H*Ii+1) + H^2*(Ii+Xi) - pxor $Xhn,$Xhi - movdqu ($inp),$T2 # Ii - pxor $Xi,$T1 # aggregated Karatsuba post-processing - pshufb $T3,$T2 - movdqu 16($inp),$Xln # Ii+1 - - pxor $Xhi,$T1 - pxor $T2,$Xhi # "Ii+Xi", consume early - pxor $T1,$Xmn - pshufb $T3,$Xln - movdqa $Xmn,$T1 # - psrldq \$8,$T1 - pslldq \$8,$Xmn # - pxor $T1,$Xhi - pxor $Xmn,$Xi # - - movdqa $Xln,$Xhn # - - movdqa $Xi,$T2 # 1st phase - movdqa $Xi,$T1 - psllq \$5,$Xi - pxor $Xi,$T1 # - pclmulqdq \$0x00,$Hkey,$Xln ####### - psllq \$1,$Xi - pxor $T1,$Xi # - psllq \$57,$Xi # - movdqa $Xi,$T1 # - pslldq \$8,$Xi - psrldq \$8,$T1 # - pxor $T2,$Xi - pshufd \$0b01001110,$Xhn,$Xmn - pxor $T1,$Xhi # - pxor $Xhn,$Xmn # - - movdqa $Xi,$T2 # 2nd phase - psrlq \$1,$Xi - pclmulqdq \$0x11,$Hkey,$Xhn ####### - pxor $T2,$Xhi # - pxor $Xi,$T2 - psrlq \$5,$Xi - pxor $T2,$Xi # - lea 32($inp),$inp - psrlq \$1,$Xi # - pclmulqdq \$0x00,$HK,$Xmn ####### - pxor $Xhi,$Xi # - - sub \$0x20,$len - ja .Lmod_loop - -.Leven_tail: - movdqa $Xi,$Xhi - movdqa $Xmn,$T1 - pshufd \$0b01001110,$Xi,$Xmn # - pxor $Xi,$Xmn # - - pclmulqdq \$0x00,$Hkey2,$Xi - pclmulqdq \$0x11,$Hkey2,$Xhi - pclmulqdq \$0x10,$HK,$Xmn - - pxor $Xln,$Xi # (H*Ii+1) + H^2*(Ii+Xi) - pxor $Xhn,$Xhi - pxor $Xi,$T1 - pxor $Xhi,$T1 - pxor $T1,$Xmn - movdqa $Xmn,$T1 # - psrldq \$8,$T1 - pslldq \$8,$Xmn # - pxor $T1,$Xhi - pxor $Xmn,$Xi # -___ - &reduction_alg9 ($Xhi,$Xi); -$code.=<<___; - test $len,$len - jnz .Ldone - -.Lodd_tail: - movdqu ($inp),$T1 # Ii - pshufb $T3,$T1 - pxor $T1,$Xi # Ii+Xi -___ - &clmul64x64_T2 ($Xhi,$Xi,$Hkey,$HK); # H*(Ii+Xi) - &reduction_alg9 ($Xhi,$Xi); -$code.=<<___; -.Ldone: - pshufb $T3,$Xi - movdqu $Xi,($Xip) -___ -$code.=<<___ if ($win64); - movaps (%rsp),%xmm6 - movaps 0x10(%rsp),%xmm7 - movaps 0x20(%rsp),%xmm8 - movaps 0x30(%rsp),%xmm9 - movaps 0x40(%rsp),%xmm10 - movaps 0x50(%rsp),%xmm11 - movaps 0x60(%rsp),%xmm12 - movaps 0x70(%rsp),%xmm13 - movaps 0x80(%rsp),%xmm14 - movaps 0x90(%rsp),%xmm15 - lea 0xa8(%rsp),%rsp -.LSEH_end_gcm_ghash_clmul: -___ -$code.=<<___; - ret -.cfi_endproc -.size gcm_ghash_clmul,.-gcm_ghash_clmul -___ -} - -$code.=<<___; -.globl gcm_init_avx -.type gcm_init_avx,\@abi-omnipotent -.align 32 -gcm_init_avx: -.cfi_startproc -___ -if ($avx) { -my ($Htbl,$Xip)=@_4args; -my $HK="%xmm6"; - -$code.=<<___ if ($win64); -.LSEH_begin_gcm_init_avx: - # I can't trust assembler to use specific encoding:-( - .byte 0x48,0x83,0xec,0x18 #sub $0x18,%rsp - .byte 0x0f,0x29,0x34,0x24 #movaps %xmm6,(%rsp) -___ -$code.=<<___; - vzeroupper - - vmovdqu ($Xip),$Hkey - vpshufd \$0b01001110,$Hkey,$Hkey # dword swap - - # <<1 twist - vpshufd \$0b11111111,$Hkey,$T2 # broadcast uppermost dword - vpsrlq \$63,$Hkey,$T1 - vpsllq \$1,$Hkey,$Hkey - vpxor $T3,$T3,$T3 # - vpcmpgtd $T2,$T3,$T3 # broadcast carry bit - vpslldq \$8,$T1,$T1 - vpor $T1,$Hkey,$Hkey # H<<=1 - - # magic reduction - vpand .L0x1c2_polynomial(%rip),$T3,$T3 - vpxor $T3,$Hkey,$Hkey # if(carry) H^=0x1c2_polynomial - - vpunpckhqdq $Hkey,$Hkey,$HK - vmovdqa $Hkey,$Xi - vpxor $Hkey,$HK,$HK - mov \$4,%r10 # up to H^8 - jmp .Linit_start_avx -___ - -sub clmul64x64_avx { -my ($Xhi,$Xi,$Hkey,$HK)=@_; - -if (!defined($HK)) { $HK = $T2; -$code.=<<___; - vpunpckhqdq $Xi,$Xi,$T1 - vpunpckhqdq $Hkey,$Hkey,$T2 - vpxor $Xi,$T1,$T1 # - vpxor $Hkey,$T2,$T2 -___ -} else { -$code.=<<___; - vpunpckhqdq $Xi,$Xi,$T1 - vpxor $Xi,$T1,$T1 # -___ -} -$code.=<<___; - vpclmulqdq \$0x11,$Hkey,$Xi,$Xhi ####### - vpclmulqdq \$0x00,$Hkey,$Xi,$Xi ####### - vpclmulqdq \$0x00,$HK,$T1,$T1 ####### - vpxor $Xi,$Xhi,$T2 # - vpxor $T2,$T1,$T1 # - - vpslldq \$8,$T1,$T2 # - vpsrldq \$8,$T1,$T1 - vpxor $T2,$Xi,$Xi # - vpxor $T1,$Xhi,$Xhi -___ -} - -sub reduction_avx { -my ($Xhi,$Xi) = @_; - -$code.=<<___; - vpsllq \$57,$Xi,$T1 # 1st phase - vpsllq \$62,$Xi,$T2 - vpxor $T1,$T2,$T2 # - vpsllq \$63,$Xi,$T1 - vpxor $T1,$T2,$T2 # - vpslldq \$8,$T2,$T1 # - vpsrldq \$8,$T2,$T2 - vpxor $T1,$Xi,$Xi # - vpxor $T2,$Xhi,$Xhi - - vpsrlq \$1,$Xi,$T2 # 2nd phase - vpxor $Xi,$Xhi,$Xhi - vpxor $T2,$Xi,$Xi # - vpsrlq \$5,$T2,$T2 - vpxor $T2,$Xi,$Xi # - vpsrlq \$1,$Xi,$Xi # - vpxor $Xhi,$Xi,$Xi # -___ -} - -$code.=<<___; -.align 32 -.Linit_loop_avx: - vpalignr \$8,$T1,$T2,$T3 # low part is H.lo^H.hi... - vmovdqu $T3,-0x10($Htbl) # save Karatsuba "salt" -___ - &clmul64x64_avx ($Xhi,$Xi,$Hkey,$HK); # calculate H^3,5,7 - &reduction_avx ($Xhi,$Xi); -$code.=<<___; -.Linit_start_avx: - vmovdqa $Xi,$T3 -___ - &clmul64x64_avx ($Xhi,$Xi,$Hkey,$HK); # calculate H^2,4,6,8 - &reduction_avx ($Xhi,$Xi); -$code.=<<___; - vpshufd \$0b01001110,$T3,$T1 - vpshufd \$0b01001110,$Xi,$T2 - vpxor $T3,$T1,$T1 # Karatsuba pre-processing - vmovdqu $T3,0x00($Htbl) # save H^1,3,5,7 - vpxor $Xi,$T2,$T2 # Karatsuba pre-processing - vmovdqu $Xi,0x10($Htbl) # save H^2,4,6,8 - lea 0x30($Htbl),$Htbl - sub \$1,%r10 - jnz .Linit_loop_avx - - vpalignr \$8,$T2,$T1,$T3 # last "salt" is flipped - vmovdqu $T3,-0x10($Htbl) - - vzeroupper -___ -$code.=<<___ if ($win64); - movaps (%rsp),%xmm6 - lea 0x18(%rsp),%rsp -.LSEH_end_gcm_init_avx: -___ -$code.=<<___; - ret -.cfi_endproc -.size gcm_init_avx,.-gcm_init_avx -___ -} else { -$code.=<<___; - jmp .L_init_clmul -.cfi_endproc -.size gcm_init_avx,.-gcm_init_avx -___ -} - -$code.=<<___; -.globl gcm_gmult_avx -.type gcm_gmult_avx,\@abi-omnipotent -.align 32 -gcm_gmult_avx: -.cfi_startproc - endbranch - jmp .L_gmult_clmul -.cfi_endproc -.size gcm_gmult_avx,.-gcm_gmult_avx -___ - -$code.=<<___; -.globl gcm_ghash_avx -.type gcm_ghash_avx,\@abi-omnipotent -.align 32 -gcm_ghash_avx: -.cfi_startproc - endbranch -___ -if ($avx) { -my ($Xip,$Htbl,$inp,$len)=@_4args; -my ($Xlo,$Xhi,$Xmi, - $Zlo,$Zhi,$Zmi, - $Hkey,$HK,$T1,$T2, - $Xi,$Xo,$Tred,$bswap,$Ii,$Ij) = map("%xmm$_",(0..15)); - -$code.=<<___ if ($win64); - lea -0x88(%rsp),%rax -.LSEH_begin_gcm_ghash_avx: - # I can't trust assembler to use specific encoding:-( - .byte 0x48,0x8d,0x60,0xe0 #lea -0x20(%rax),%rsp - .byte 0x0f,0x29,0x70,0xe0 #movaps %xmm6,-0x20(%rax) - .byte 0x0f,0x29,0x78,0xf0 #movaps %xmm7,-0x10(%rax) - .byte 0x44,0x0f,0x29,0x00 #movaps %xmm8,0(%rax) - .byte 0x44,0x0f,0x29,0x48,0x10 #movaps %xmm9,0x10(%rax) - .byte 0x44,0x0f,0x29,0x50,0x20 #movaps %xmm10,0x20(%rax) - .byte 0x44,0x0f,0x29,0x58,0x30 #movaps %xmm11,0x30(%rax) - .byte 0x44,0x0f,0x29,0x60,0x40 #movaps %xmm12,0x40(%rax) - .byte 0x44,0x0f,0x29,0x68,0x50 #movaps %xmm13,0x50(%rax) - .byte 0x44,0x0f,0x29,0x70,0x60 #movaps %xmm14,0x60(%rax) - .byte 0x44,0x0f,0x29,0x78,0x70 #movaps %xmm15,0x70(%rax) -___ -$code.=<<___; - vzeroupper - - vmovdqu ($Xip),$Xi # load $Xi - lea .L0x1c2_polynomial(%rip),%r10 - lea 0x40($Htbl),$Htbl # size optimization - vmovdqu .Lbswap_mask(%rip),$bswap - vpshufb $bswap,$Xi,$Xi - cmp \$0x80,$len - jb .Lshort_avx - sub \$0x80,$len - - vmovdqu 0x70($inp),$Ii # I[7] - vmovdqu 0x00-0x40($Htbl),$Hkey # $Hkey^1 - vpshufb $bswap,$Ii,$Ii - vmovdqu 0x20-0x40($Htbl),$HK - - vpunpckhqdq $Ii,$Ii,$T2 - vmovdqu 0x60($inp),$Ij # I[6] - vpclmulqdq \$0x00,$Hkey,$Ii,$Xlo - vpxor $Ii,$T2,$T2 - vpshufb $bswap,$Ij,$Ij - vpclmulqdq \$0x11,$Hkey,$Ii,$Xhi - vmovdqu 0x10-0x40($Htbl),$Hkey # $Hkey^2 - vpunpckhqdq $Ij,$Ij,$T1 - vmovdqu 0x50($inp),$Ii # I[5] - vpclmulqdq \$0x00,$HK,$T2,$Xmi - vpxor $Ij,$T1,$T1 - - vpshufb $bswap,$Ii,$Ii - vpclmulqdq \$0x00,$Hkey,$Ij,$Zlo - vpunpckhqdq $Ii,$Ii,$T2 - vpclmulqdq \$0x11,$Hkey,$Ij,$Zhi - vmovdqu 0x30-0x40($Htbl),$Hkey # $Hkey^3 - vpxor $Ii,$T2,$T2 - vmovdqu 0x40($inp),$Ij # I[4] - vpclmulqdq \$0x10,$HK,$T1,$Zmi - vmovdqu 0x50-0x40($Htbl),$HK - - vpshufb $bswap,$Ij,$Ij - vpxor $Xlo,$Zlo,$Zlo - vpclmulqdq \$0x00,$Hkey,$Ii,$Xlo - vpxor $Xhi,$Zhi,$Zhi - vpunpckhqdq $Ij,$Ij,$T1 - vpclmulqdq \$0x11,$Hkey,$Ii,$Xhi - vmovdqu 0x40-0x40($Htbl),$Hkey # $Hkey^4 - vpxor $Xmi,$Zmi,$Zmi - vpclmulqdq \$0x00,$HK,$T2,$Xmi - vpxor $Ij,$T1,$T1 - - vmovdqu 0x30($inp),$Ii # I[3] - vpxor $Zlo,$Xlo,$Xlo - vpclmulqdq \$0x00,$Hkey,$Ij,$Zlo - vpxor $Zhi,$Xhi,$Xhi - vpshufb $bswap,$Ii,$Ii - vpclmulqdq \$0x11,$Hkey,$Ij,$Zhi - vmovdqu 0x60-0x40($Htbl),$Hkey # $Hkey^5 - vpxor $Zmi,$Xmi,$Xmi - vpunpckhqdq $Ii,$Ii,$T2 - vpclmulqdq \$0x10,$HK,$T1,$Zmi - vmovdqu 0x80-0x40($Htbl),$HK - vpxor $Ii,$T2,$T2 - - vmovdqu 0x20($inp),$Ij # I[2] - vpxor $Xlo,$Zlo,$Zlo - vpclmulqdq \$0x00,$Hkey,$Ii,$Xlo - vpxor $Xhi,$Zhi,$Zhi - vpshufb $bswap,$Ij,$Ij - vpclmulqdq \$0x11,$Hkey,$Ii,$Xhi - vmovdqu 0x70-0x40($Htbl),$Hkey # $Hkey^6 - vpxor $Xmi,$Zmi,$Zmi - vpunpckhqdq $Ij,$Ij,$T1 - vpclmulqdq \$0x00,$HK,$T2,$Xmi - vpxor $Ij,$T1,$T1 - - vmovdqu 0x10($inp),$Ii # I[1] - vpxor $Zlo,$Xlo,$Xlo - vpclmulqdq \$0x00,$Hkey,$Ij,$Zlo - vpxor $Zhi,$Xhi,$Xhi - vpshufb $bswap,$Ii,$Ii - vpclmulqdq \$0x11,$Hkey,$Ij,$Zhi - vmovdqu 0x90-0x40($Htbl),$Hkey # $Hkey^7 - vpxor $Zmi,$Xmi,$Xmi - vpunpckhqdq $Ii,$Ii,$T2 - vpclmulqdq \$0x10,$HK,$T1,$Zmi - vmovdqu 0xb0-0x40($Htbl),$HK - vpxor $Ii,$T2,$T2 - - vmovdqu ($inp),$Ij # I[0] - vpxor $Xlo,$Zlo,$Zlo - vpclmulqdq \$0x00,$Hkey,$Ii,$Xlo - vpxor $Xhi,$Zhi,$Zhi - vpshufb $bswap,$Ij,$Ij - vpclmulqdq \$0x11,$Hkey,$Ii,$Xhi - vmovdqu 0xa0-0x40($Htbl),$Hkey # $Hkey^8 - vpxor $Xmi,$Zmi,$Zmi - vpclmulqdq \$0x10,$HK,$T2,$Xmi - - lea 0x80($inp),$inp - cmp \$0x80,$len - jb .Ltail_avx - - vpxor $Xi,$Ij,$Ij # accumulate $Xi - sub \$0x80,$len - jmp .Loop8x_avx - -.align 32 -.Loop8x_avx: - vpunpckhqdq $Ij,$Ij,$T1 - vmovdqu 0x70($inp),$Ii # I[7] - vpxor $Xlo,$Zlo,$Zlo - vpxor $Ij,$T1,$T1 - vpclmulqdq \$0x00,$Hkey,$Ij,$Xi - vpshufb $bswap,$Ii,$Ii - vpxor $Xhi,$Zhi,$Zhi - vpclmulqdq \$0x11,$Hkey,$Ij,$Xo - vmovdqu 0x00-0x40($Htbl),$Hkey # $Hkey^1 - vpunpckhqdq $Ii,$Ii,$T2 - vpxor $Xmi,$Zmi,$Zmi - vpclmulqdq \$0x00,$HK,$T1,$Tred - vmovdqu 0x20-0x40($Htbl),$HK - vpxor $Ii,$T2,$T2 - - vmovdqu 0x60($inp),$Ij # I[6] - vpclmulqdq \$0x00,$Hkey,$Ii,$Xlo - vpxor $Zlo,$Xi,$Xi # collect result - vpshufb $bswap,$Ij,$Ij - vpclmulqdq \$0x11,$Hkey,$Ii,$Xhi - vxorps $Zhi,$Xo,$Xo - vmovdqu 0x10-0x40($Htbl),$Hkey # $Hkey^2 - vpunpckhqdq $Ij,$Ij,$T1 - vpclmulqdq \$0x00,$HK, $T2,$Xmi - vpxor $Zmi,$Tred,$Tred - vxorps $Ij,$T1,$T1 - - vmovdqu 0x50($inp),$Ii # I[5] - vpxor $Xi,$Tred,$Tred # aggregated Karatsuba post-processing - vpclmulqdq \$0x00,$Hkey,$Ij,$Zlo - vpxor $Xo,$Tred,$Tred - vpslldq \$8,$Tred,$T2 - vpxor $Xlo,$Zlo,$Zlo - vpclmulqdq \$0x11,$Hkey,$Ij,$Zhi - vpsrldq \$8,$Tred,$Tred - vpxor $T2, $Xi, $Xi - vmovdqu 0x30-0x40($Htbl),$Hkey # $Hkey^3 - vpshufb $bswap,$Ii,$Ii - vxorps $Tred,$Xo, $Xo - vpxor $Xhi,$Zhi,$Zhi - vpunpckhqdq $Ii,$Ii,$T2 - vpclmulqdq \$0x10,$HK, $T1,$Zmi - vmovdqu 0x50-0x40($Htbl),$HK - vpxor $Ii,$T2,$T2 - vpxor $Xmi,$Zmi,$Zmi - - vmovdqu 0x40($inp),$Ij # I[4] - vpalignr \$8,$Xi,$Xi,$Tred # 1st phase - vpclmulqdq \$0x00,$Hkey,$Ii,$Xlo - vpshufb $bswap,$Ij,$Ij - vpxor $Zlo,$Xlo,$Xlo - vpclmulqdq \$0x11,$Hkey,$Ii,$Xhi - vmovdqu 0x40-0x40($Htbl),$Hkey # $Hkey^4 - vpunpckhqdq $Ij,$Ij,$T1 - vpxor $Zhi,$Xhi,$Xhi - vpclmulqdq \$0x00,$HK, $T2,$Xmi - vxorps $Ij,$T1,$T1 - vpxor $Zmi,$Xmi,$Xmi - - vmovdqu 0x30($inp),$Ii # I[3] - vpclmulqdq \$0x10,(%r10),$Xi,$Xi - vpclmulqdq \$0x00,$Hkey,$Ij,$Zlo - vpshufb $bswap,$Ii,$Ii - vpxor $Xlo,$Zlo,$Zlo - vpclmulqdq \$0x11,$Hkey,$Ij,$Zhi - vmovdqu 0x60-0x40($Htbl),$Hkey # $Hkey^5 - vpunpckhqdq $Ii,$Ii,$T2 - vpxor $Xhi,$Zhi,$Zhi - vpclmulqdq \$0x10,$HK, $T1,$Zmi - vmovdqu 0x80-0x40($Htbl),$HK - vpxor $Ii,$T2,$T2 - vpxor $Xmi,$Zmi,$Zmi - - vmovdqu 0x20($inp),$Ij # I[2] - vpclmulqdq \$0x00,$Hkey,$Ii,$Xlo - vpshufb $bswap,$Ij,$Ij - vpxor $Zlo,$Xlo,$Xlo - vpclmulqdq \$0x11,$Hkey,$Ii,$Xhi - vmovdqu 0x70-0x40($Htbl),$Hkey # $Hkey^6 - vpunpckhqdq $Ij,$Ij,$T1 - vpxor $Zhi,$Xhi,$Xhi - vpclmulqdq \$0x00,$HK, $T2,$Xmi - vpxor $Ij,$T1,$T1 - vpxor $Zmi,$Xmi,$Xmi - vxorps $Tred,$Xi,$Xi - - vmovdqu 0x10($inp),$Ii # I[1] - vpalignr \$8,$Xi,$Xi,$Tred # 2nd phase - vpclmulqdq \$0x00,$Hkey,$Ij,$Zlo - vpshufb $bswap,$Ii,$Ii - vpxor $Xlo,$Zlo,$Zlo - vpclmulqdq \$0x11,$Hkey,$Ij,$Zhi - vmovdqu 0x90-0x40($Htbl),$Hkey # $Hkey^7 - vpclmulqdq \$0x10,(%r10),$Xi,$Xi - vxorps $Xo,$Tred,$Tred - vpunpckhqdq $Ii,$Ii,$T2 - vpxor $Xhi,$Zhi,$Zhi - vpclmulqdq \$0x10,$HK, $T1,$Zmi - vmovdqu 0xb0-0x40($Htbl),$HK - vpxor $Ii,$T2,$T2 - vpxor $Xmi,$Zmi,$Zmi - - vmovdqu ($inp),$Ij # I[0] - vpclmulqdq \$0x00,$Hkey,$Ii,$Xlo - vpshufb $bswap,$Ij,$Ij - vpclmulqdq \$0x11,$Hkey,$Ii,$Xhi - vmovdqu 0xa0-0x40($Htbl),$Hkey # $Hkey^8 - vpxor $Tred,$Ij,$Ij - vpclmulqdq \$0x10,$HK, $T2,$Xmi - vpxor $Xi,$Ij,$Ij # accumulate $Xi - - lea 0x80($inp),$inp - sub \$0x80,$len - jnc .Loop8x_avx - - add \$0x80,$len - jmp .Ltail_no_xor_avx - -.align 32 -.Lshort_avx: - vmovdqu -0x10($inp,$len),$Ii # very last word - lea ($inp,$len),$inp - vmovdqu 0x00-0x40($Htbl),$Hkey # $Hkey^1 - vmovdqu 0x20-0x40($Htbl),$HK - vpshufb $bswap,$Ii,$Ij - - vmovdqa $Xlo,$Zlo # subtle way to zero $Zlo, - vmovdqa $Xhi,$Zhi # $Zhi and - vmovdqa $Xmi,$Zmi # $Zmi - sub \$0x10,$len - jz .Ltail_avx - - vpunpckhqdq $Ij,$Ij,$T1 - vpxor $Xlo,$Zlo,$Zlo - vpclmulqdq \$0x00,$Hkey,$Ij,$Xlo - vpxor $Ij,$T1,$T1 - vmovdqu -0x20($inp),$Ii - vpxor $Xhi,$Zhi,$Zhi - vpclmulqdq \$0x11,$Hkey,$Ij,$Xhi - vmovdqu 0x10-0x40($Htbl),$Hkey # $Hkey^2 - vpshufb $bswap,$Ii,$Ij - vpxor $Xmi,$Zmi,$Zmi - vpclmulqdq \$0x00,$HK,$T1,$Xmi - vpsrldq \$8,$HK,$HK - sub \$0x10,$len - jz .Ltail_avx - - vpunpckhqdq $Ij,$Ij,$T1 - vpxor $Xlo,$Zlo,$Zlo - vpclmulqdq \$0x00,$Hkey,$Ij,$Xlo - vpxor $Ij,$T1,$T1 - vmovdqu -0x30($inp),$Ii - vpxor $Xhi,$Zhi,$Zhi - vpclmulqdq \$0x11,$Hkey,$Ij,$Xhi - vmovdqu 0x30-0x40($Htbl),$Hkey # $Hkey^3 - vpshufb $bswap,$Ii,$Ij - vpxor $Xmi,$Zmi,$Zmi - vpclmulqdq \$0x00,$HK,$T1,$Xmi - vmovdqu 0x50-0x40($Htbl),$HK - sub \$0x10,$len - jz .Ltail_avx - - vpunpckhqdq $Ij,$Ij,$T1 - vpxor $Xlo,$Zlo,$Zlo - vpclmulqdq \$0x00,$Hkey,$Ij,$Xlo - vpxor $Ij,$T1,$T1 - vmovdqu -0x40($inp),$Ii - vpxor $Xhi,$Zhi,$Zhi - vpclmulqdq \$0x11,$Hkey,$Ij,$Xhi - vmovdqu 0x40-0x40($Htbl),$Hkey # $Hkey^4 - vpshufb $bswap,$Ii,$Ij - vpxor $Xmi,$Zmi,$Zmi - vpclmulqdq \$0x00,$HK,$T1,$Xmi - vpsrldq \$8,$HK,$HK - sub \$0x10,$len - jz .Ltail_avx - - vpunpckhqdq $Ij,$Ij,$T1 - vpxor $Xlo,$Zlo,$Zlo - vpclmulqdq \$0x00,$Hkey,$Ij,$Xlo - vpxor $Ij,$T1,$T1 - vmovdqu -0x50($inp),$Ii - vpxor $Xhi,$Zhi,$Zhi - vpclmulqdq \$0x11,$Hkey,$Ij,$Xhi - vmovdqu 0x60-0x40($Htbl),$Hkey # $Hkey^5 - vpshufb $bswap,$Ii,$Ij - vpxor $Xmi,$Zmi,$Zmi - vpclmulqdq \$0x00,$HK,$T1,$Xmi - vmovdqu 0x80-0x40($Htbl),$HK - sub \$0x10,$len - jz .Ltail_avx - - vpunpckhqdq $Ij,$Ij,$T1 - vpxor $Xlo,$Zlo,$Zlo - vpclmulqdq \$0x00,$Hkey,$Ij,$Xlo - vpxor $Ij,$T1,$T1 - vmovdqu -0x60($inp),$Ii - vpxor $Xhi,$Zhi,$Zhi - vpclmulqdq \$0x11,$Hkey,$Ij,$Xhi - vmovdqu 0x70-0x40($Htbl),$Hkey # $Hkey^6 - vpshufb $bswap,$Ii,$Ij - vpxor $Xmi,$Zmi,$Zmi - vpclmulqdq \$0x00,$HK,$T1,$Xmi - vpsrldq \$8,$HK,$HK - sub \$0x10,$len - jz .Ltail_avx - - vpunpckhqdq $Ij,$Ij,$T1 - vpxor $Xlo,$Zlo,$Zlo - vpclmulqdq \$0x00,$Hkey,$Ij,$Xlo - vpxor $Ij,$T1,$T1 - vmovdqu -0x70($inp),$Ii - vpxor $Xhi,$Zhi,$Zhi - vpclmulqdq \$0x11,$Hkey,$Ij,$Xhi - vmovdqu 0x90-0x40($Htbl),$Hkey # $Hkey^7 - vpshufb $bswap,$Ii,$Ij - vpxor $Xmi,$Zmi,$Zmi - vpclmulqdq \$0x00,$HK,$T1,$Xmi - vmovq 0xb8-0x40($Htbl),$HK - sub \$0x10,$len - jmp .Ltail_avx - -.align 32 -.Ltail_avx: - vpxor $Xi,$Ij,$Ij # accumulate $Xi -.Ltail_no_xor_avx: - vpunpckhqdq $Ij,$Ij,$T1 - vpxor $Xlo,$Zlo,$Zlo - vpclmulqdq \$0x00,$Hkey,$Ij,$Xlo - vpxor $Ij,$T1,$T1 - vpxor $Xhi,$Zhi,$Zhi - vpclmulqdq \$0x11,$Hkey,$Ij,$Xhi - vpxor $Xmi,$Zmi,$Zmi - vpclmulqdq \$0x00,$HK,$T1,$Xmi - - vmovdqu (%r10),$Tred - - vpxor $Xlo,$Zlo,$Xi - vpxor $Xhi,$Zhi,$Xo - vpxor $Xmi,$Zmi,$Zmi - - vpxor $Xi, $Zmi,$Zmi # aggregated Karatsuba post-processing - vpxor $Xo, $Zmi,$Zmi - vpslldq \$8, $Zmi,$T2 - vpsrldq \$8, $Zmi,$Zmi - vpxor $T2, $Xi, $Xi - vpxor $Zmi,$Xo, $Xo - - vpclmulqdq \$0x10,$Tred,$Xi,$T2 # 1st phase - vpalignr \$8,$Xi,$Xi,$Xi - vpxor $T2,$Xi,$Xi - - vpclmulqdq \$0x10,$Tred,$Xi,$T2 # 2nd phase - vpalignr \$8,$Xi,$Xi,$Xi - vpxor $Xo,$Xi,$Xi - vpxor $T2,$Xi,$Xi - - cmp \$0,$len - jne .Lshort_avx - - vpshufb $bswap,$Xi,$Xi - vmovdqu $Xi,($Xip) - vzeroupper -___ -$code.=<<___ if ($win64); - movaps (%rsp),%xmm6 - movaps 0x10(%rsp),%xmm7 - movaps 0x20(%rsp),%xmm8 - movaps 0x30(%rsp),%xmm9 - movaps 0x40(%rsp),%xmm10 - movaps 0x50(%rsp),%xmm11 - movaps 0x60(%rsp),%xmm12 - movaps 0x70(%rsp),%xmm13 - movaps 0x80(%rsp),%xmm14 - movaps 0x90(%rsp),%xmm15 - lea 0xa8(%rsp),%rsp -.LSEH_end_gcm_ghash_avx: -___ -$code.=<<___; - ret -.cfi_endproc -.size gcm_ghash_avx,.-gcm_ghash_avx -___ -} else { -$code.=<<___; - jmp .L_ghash_clmul -.cfi_endproc -.size gcm_ghash_avx,.-gcm_ghash_avx -___ -} - -$code.=<<___; -.align 64 -.Lbswap_mask: - .byte 15,14,13,12,11,10,9,8,7,6,5,4,3,2,1,0 -.L0x1c2_polynomial: - .byte 1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0xc2 -.L7_mask: - .long 7,0,7,0 -.L7_mask_poly: - .long 7,0,`0xE1<<1`,0 -.align 64 -.type .Lrem_4bit,\@object -.Lrem_4bit: - .long 0,`0x0000<<16`,0,`0x1C20<<16`,0,`0x3840<<16`,0,`0x2460<<16` - .long 0,`0x7080<<16`,0,`0x6CA0<<16`,0,`0x48C0<<16`,0,`0x54E0<<16` - .long 0,`0xE100<<16`,0,`0xFD20<<16`,0,`0xD940<<16`,0,`0xC560<<16` - .long 0,`0x9180<<16`,0,`0x8DA0<<16`,0,`0xA9C0<<16`,0,`0xB5E0<<16` -.type .Lrem_8bit,\@object -.Lrem_8bit: - .value 0x0000,0x01C2,0x0384,0x0246,0x0708,0x06CA,0x048C,0x054E - .value 0x0E10,0x0FD2,0x0D94,0x0C56,0x0918,0x08DA,0x0A9C,0x0B5E - .value 0x1C20,0x1DE2,0x1FA4,0x1E66,0x1B28,0x1AEA,0x18AC,0x196E - .value 0x1230,0x13F2,0x11B4,0x1076,0x1538,0x14FA,0x16BC,0x177E - .value 0x3840,0x3982,0x3BC4,0x3A06,0x3F48,0x3E8A,0x3CCC,0x3D0E - .value 0x3650,0x3792,0x35D4,0x3416,0x3158,0x309A,0x32DC,0x331E - .value 0x2460,0x25A2,0x27E4,0x2626,0x2368,0x22AA,0x20EC,0x212E - .value 0x2A70,0x2BB2,0x29F4,0x2836,0x2D78,0x2CBA,0x2EFC,0x2F3E - .value 0x7080,0x7142,0x7304,0x72C6,0x7788,0x764A,0x740C,0x75CE - .value 0x7E90,0x7F52,0x7D14,0x7CD6,0x7998,0x785A,0x7A1C,0x7BDE - .value 0x6CA0,0x6D62,0x6F24,0x6EE6,0x6BA8,0x6A6A,0x682C,0x69EE - .value 0x62B0,0x6372,0x6134,0x60F6,0x65B8,0x647A,0x663C,0x67FE - .value 0x48C0,0x4902,0x4B44,0x4A86,0x4FC8,0x4E0A,0x4C4C,0x4D8E - .value 0x46D0,0x4712,0x4554,0x4496,0x41D8,0x401A,0x425C,0x439E - .value 0x54E0,0x5522,0x5764,0x56A6,0x53E8,0x522A,0x506C,0x51AE - .value 0x5AF0,0x5B32,0x5974,0x58B6,0x5DF8,0x5C3A,0x5E7C,0x5FBE - .value 0xE100,0xE0C2,0xE284,0xE346,0xE608,0xE7CA,0xE58C,0xE44E - .value 0xEF10,0xEED2,0xEC94,0xED56,0xE818,0xE9DA,0xEB9C,0xEA5E - .value 0xFD20,0xFCE2,0xFEA4,0xFF66,0xFA28,0xFBEA,0xF9AC,0xF86E - .value 0xF330,0xF2F2,0xF0B4,0xF176,0xF438,0xF5FA,0xF7BC,0xF67E - .value 0xD940,0xD882,0xDAC4,0xDB06,0xDE48,0xDF8A,0xDDCC,0xDC0E - .value 0xD750,0xD692,0xD4D4,0xD516,0xD058,0xD19A,0xD3DC,0xD21E - .value 0xC560,0xC4A2,0xC6E4,0xC726,0xC268,0xC3AA,0xC1EC,0xC02E - .value 0xCB70,0xCAB2,0xC8F4,0xC936,0xCC78,0xCDBA,0xCFFC,0xCE3E - .value 0x9180,0x9042,0x9204,0x93C6,0x9688,0x974A,0x950C,0x94CE - .value 0x9F90,0x9E52,0x9C14,0x9DD6,0x9898,0x995A,0x9B1C,0x9ADE - .value 0x8DA0,0x8C62,0x8E24,0x8FE6,0x8AA8,0x8B6A,0x892C,0x88EE - .value 0x83B0,0x8272,0x8034,0x81F6,0x84B8,0x857A,0x873C,0x86FE - .value 0xA9C0,0xA802,0xAA44,0xAB86,0xAEC8,0xAF0A,0xAD4C,0xAC8E - .value 0xA7D0,0xA612,0xA454,0xA596,0xA0D8,0xA11A,0xA35C,0xA29E - .value 0xB5E0,0xB422,0xB664,0xB7A6,0xB2E8,0xB32A,0xB16C,0xB0AE - .value 0xBBF0,0xBA32,0xB874,0xB9B6,0xBCF8,0xBD3A,0xBF7C,0xBEBE - -.asciz "GHASH for x86_64, CRYPTOGAMS by " -.align 64 -___ - -# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame, -# CONTEXT *context,DISPATCHER_CONTEXT *disp) -if ($win64) { -$rec="%rcx"; -$frame="%rdx"; -$context="%r8"; -$disp="%r9"; - -$code.=<<___; -.extern __imp_RtlVirtualUnwind -.type se_handler,\@abi-omnipotent -.align 16 -se_handler: - push %rsi - push %rdi - push %rbx - push %rbp - push %r12 - push %r13 - push %r14 - push %r15 - pushfq - sub \$64,%rsp - - mov 120($context),%rax # pull context->Rax - mov 248($context),%rbx # pull context->Rip - - mov 8($disp),%rsi # disp->ImageBase - mov 56($disp),%r11 # disp->HandlerData - - mov 0(%r11),%r10d # HandlerData[0] - lea (%rsi,%r10),%r10 # prologue label - cmp %r10,%rbx # context->RipRsp - - mov 4(%r11),%r10d # HandlerData[1] - lea (%rsi,%r10),%r10 # epilogue label - cmp %r10,%rbx # context->Rip>=epilogue label - jae .Lin_prologue - - lea 48+280(%rax),%rax # adjust "rsp" - - mov -8(%rax),%rbx - mov -16(%rax),%rbp - mov -24(%rax),%r12 - mov -32(%rax),%r13 - mov -40(%rax),%r14 - mov -48(%rax),%r15 - mov %rbx,144($context) # restore context->Rbx - mov %rbp,160($context) # restore context->Rbp - mov %r12,216($context) # restore context->R12 - mov %r13,224($context) # restore context->R13 - mov %r14,232($context) # restore context->R14 - mov %r15,240($context) # restore context->R15 - -.Lin_prologue: - mov 8(%rax),%rdi - mov 16(%rax),%rsi - mov %rax,152($context) # restore context->Rsp - mov %rsi,168($context) # restore context->Rsi - mov %rdi,176($context) # restore context->Rdi - - mov 40($disp),%rdi # disp->ContextRecord - mov $context,%rsi # context - mov \$`1232/8`,%ecx # sizeof(CONTEXT) - .long 0xa548f3fc # cld; rep movsq - - mov $disp,%rsi - xor %rcx,%rcx # arg1, UNW_FLAG_NHANDLER - mov 8(%rsi),%rdx # arg2, disp->ImageBase - mov 0(%rsi),%r8 # arg3, disp->ControlPc - mov 16(%rsi),%r9 # arg4, disp->FunctionEntry - mov 40(%rsi),%r10 # disp->ContextRecord - lea 56(%rsi),%r11 # &disp->HandlerData - lea 24(%rsi),%r12 # &disp->EstablisherFrame - mov %r10,32(%rsp) # arg5 - mov %r11,40(%rsp) # arg6 - mov %r12,48(%rsp) # arg7 - mov %rcx,56(%rsp) # arg8, (NULL) - call *__imp_RtlVirtualUnwind(%rip) - - mov \$1,%eax # ExceptionContinueSearch - add \$64,%rsp - popfq - pop %r15 - pop %r14 - pop %r13 - pop %r12 - pop %rbp - pop %rbx - pop %rdi - pop %rsi - ret -.size se_handler,.-se_handler - -.section .pdata -.align 4 - .rva .LSEH_begin_gcm_gmult_4bit - .rva .LSEH_end_gcm_gmult_4bit - .rva .LSEH_info_gcm_gmult_4bit - - .rva .LSEH_begin_gcm_ghash_4bit - .rva .LSEH_end_gcm_ghash_4bit - .rva .LSEH_info_gcm_ghash_4bit - - .rva .LSEH_begin_gcm_init_clmul - .rva .LSEH_end_gcm_init_clmul - .rva .LSEH_info_gcm_init_clmul - - .rva .LSEH_begin_gcm_ghash_clmul - .rva .LSEH_end_gcm_ghash_clmul - .rva .LSEH_info_gcm_ghash_clmul -___ -$code.=<<___ if ($avx); - .rva .LSEH_begin_gcm_init_avx - .rva .LSEH_end_gcm_init_avx - .rva .LSEH_info_gcm_init_clmul - - .rva .LSEH_begin_gcm_ghash_avx - .rva .LSEH_end_gcm_ghash_avx - .rva .LSEH_info_gcm_ghash_clmul -___ -$code.=<<___; -.section .xdata -.align 8 -.LSEH_info_gcm_gmult_4bit: - .byte 9,0,0,0 - .rva se_handler - .rva .Lgmult_prologue,.Lgmult_epilogue # HandlerData -.LSEH_info_gcm_ghash_4bit: - .byte 9,0,0,0 - .rva se_handler - .rva .Lghash_prologue,.Lghash_epilogue # HandlerData -.LSEH_info_gcm_init_clmul: - .byte 0x01,0x08,0x03,0x00 - .byte 0x08,0x68,0x00,0x00 #movaps 0x00(rsp),xmm6 - .byte 0x04,0x22,0x00,0x00 #sub rsp,0x18 -.LSEH_info_gcm_ghash_clmul: - .byte 0x01,0x33,0x16,0x00 - .byte 0x33,0xf8,0x09,0x00 #movaps 0x90(rsp),xmm15 - .byte 0x2e,0xe8,0x08,0x00 #movaps 0x80(rsp),xmm14 - .byte 0x29,0xd8,0x07,0x00 #movaps 0x70(rsp),xmm13 - .byte 0x24,0xc8,0x06,0x00 #movaps 0x60(rsp),xmm12 - .byte 0x1f,0xb8,0x05,0x00 #movaps 0x50(rsp),xmm11 - .byte 0x1a,0xa8,0x04,0x00 #movaps 0x40(rsp),xmm10 - .byte 0x15,0x98,0x03,0x00 #movaps 0x30(rsp),xmm9 - .byte 0x10,0x88,0x02,0x00 #movaps 0x20(rsp),xmm8 - .byte 0x0c,0x78,0x01,0x00 #movaps 0x10(rsp),xmm7 - .byte 0x08,0x68,0x00,0x00 #movaps 0x00(rsp),xmm6 - .byte 0x04,0x01,0x15,0x00 #sub rsp,0xa8 -___ -} - -$code =~ s/\`([^\`]*)\`/eval($1)/gem; - -print $code; - -close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/modes/asm/ghashp8-ppc.pl b/crypto/modes/asm/ghashp8-ppc.pl deleted file mode 100755 index 20f611dabd4316eef94aab41c21dbcaef9faf16e..0000000000000000000000000000000000000000 --- a/crypto/modes/asm/ghashp8-ppc.pl +++ /dev/null @@ -1,674 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2014-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - -# -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# ==================================================================== -# -# GHASH for for PowerISA v2.07. -# -# July 2014 -# -# Accurate performance measurements are problematic, because it's -# always virtualized setup with possibly throttled processor. -# Relative comparison is therefore more informative. This initial -# version is ~2.1x slower than hardware-assisted AES-128-CTR, ~12x -# faster than "4-bit" integer-only compiler-generated 64-bit code. -# "Initial version" means that there is room for further improvement. - -# May 2016 -# -# 2x aggregated reduction improves performance by 50% (resulting -# performance on POWER8 is 1 cycle per processed byte), and 4x -# aggregated reduction - by 170% or 2.7x (resulting in 0.55 cpb). -# POWER9 delivers 0.51 cpb. - -# $output is the last argument if it looks like a file (it has an extension) -# $flavour is the first argument if it doesn't look like a file -$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; -$flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef; - -if ($flavour =~ /64/) { - $SIZE_T=8; - $LRSAVE=2*$SIZE_T; - $STU="stdu"; - $POP="ld"; - $PUSH="std"; - $UCMP="cmpld"; - $SHRI="srdi"; -} elsif ($flavour =~ /32/) { - $SIZE_T=4; - $LRSAVE=$SIZE_T; - $STU="stwu"; - $POP="lwz"; - $PUSH="stw"; - $UCMP="cmplw"; - $SHRI="srwi"; -} else { die "nonsense $flavour"; } - -$sp="r1"; -$FRAME=6*$SIZE_T+13*16; # 13*16 is for v20-v31 offload - -$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; -( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or -( $xlate="${dir}../../perlasm/ppc-xlate.pl" and -f $xlate) or -die "can't locate ppc-xlate.pl"; - -open STDOUT,"| $^X $xlate $flavour \"$output\"" - or die "can't call $xlate: $!"; - -my ($Xip,$Htbl,$inp,$len)=map("r$_",(3..6)); # argument block - -my ($Xl,$Xm,$Xh,$IN)=map("v$_",(0..3)); -my ($zero,$t0,$t1,$t2,$xC2,$H,$Hh,$Hl,$lemask)=map("v$_",(4..12)); -my ($Xl1,$Xm1,$Xh1,$IN1,$H2,$H2h,$H2l)=map("v$_",(13..19)); -my $vrsave="r12"; - -$code=<<___; -.machine "any" - -.text - -.globl .gcm_init_p8 -.align 5 -.gcm_init_p8: - li r0,-4096 - li r8,0x10 - mfspr $vrsave,256 - li r9,0x20 - mtspr 256,r0 - li r10,0x30 - lvx_u $H,0,r4 # load H - - vspltisb $xC2,-16 # 0xf0 - vspltisb $t0,1 # one - vaddubm $xC2,$xC2,$xC2 # 0xe0 - vxor $zero,$zero,$zero - vor $xC2,$xC2,$t0 # 0xe1 - vsldoi $xC2,$xC2,$zero,15 # 0xe1... - vsldoi $t1,$zero,$t0,1 # ...1 - vaddubm $xC2,$xC2,$xC2 # 0xc2... - vspltisb $t2,7 - vor $xC2,$xC2,$t1 # 0xc2....01 - vspltb $t1,$H,0 # most significant byte - vsl $H,$H,$t0 # H<<=1 - vsrab $t1,$t1,$t2 # broadcast carry bit - vand $t1,$t1,$xC2 - vxor $IN,$H,$t1 # twisted H - - vsldoi $H,$IN,$IN,8 # twist even more ... - vsldoi $xC2,$zero,$xC2,8 # 0xc2.0 - vsldoi $Hl,$zero,$H,8 # ... and split - vsldoi $Hh,$H,$zero,8 - - stvx_u $xC2,0,r3 # save pre-computed table - stvx_u $Hl,r8,r3 - li r8,0x40 - stvx_u $H, r9,r3 - li r9,0x50 - stvx_u $Hh,r10,r3 - li r10,0x60 - - vpmsumd $Xl,$IN,$Hl # H.lo·H.lo - vpmsumd $Xm,$IN,$H # H.hi·H.lo+H.lo·H.hi - vpmsumd $Xh,$IN,$Hh # H.hi·H.hi - - vpmsumd $t2,$Xl,$xC2 # 1st reduction phase - - vsldoi $t0,$Xm,$zero,8 - vsldoi $t1,$zero,$Xm,8 - vxor $Xl,$Xl,$t0 - vxor $Xh,$Xh,$t1 - - vsldoi $Xl,$Xl,$Xl,8 - vxor $Xl,$Xl,$t2 - - vsldoi $t1,$Xl,$Xl,8 # 2nd reduction phase - vpmsumd $Xl,$Xl,$xC2 - vxor $t1,$t1,$Xh - vxor $IN1,$Xl,$t1 - - vsldoi $H2,$IN1,$IN1,8 - vsldoi $H2l,$zero,$H2,8 - vsldoi $H2h,$H2,$zero,8 - - stvx_u $H2l,r8,r3 # save H^2 - li r8,0x70 - stvx_u $H2,r9,r3 - li r9,0x80 - stvx_u $H2h,r10,r3 - li r10,0x90 -___ -{ -my ($t4,$t5,$t6) = ($Hl,$H,$Hh); -$code.=<<___; - vpmsumd $Xl,$IN,$H2l # H.lo·H^2.lo - vpmsumd $Xl1,$IN1,$H2l # H^2.lo·H^2.lo - vpmsumd $Xm,$IN,$H2 # H.hi·H^2.lo+H.lo·H^2.hi - vpmsumd $Xm1,$IN1,$H2 # H^2.hi·H^2.lo+H^2.lo·H^2.hi - vpmsumd $Xh,$IN,$H2h # H.hi·H^2.hi - vpmsumd $Xh1,$IN1,$H2h # H^2.hi·H^2.hi - - vpmsumd $t2,$Xl,$xC2 # 1st reduction phase - vpmsumd $t6,$Xl1,$xC2 # 1st reduction phase - - vsldoi $t0,$Xm,$zero,8 - vsldoi $t1,$zero,$Xm,8 - vsldoi $t4,$Xm1,$zero,8 - vsldoi $t5,$zero,$Xm1,8 - vxor $Xl,$Xl,$t0 - vxor $Xh,$Xh,$t1 - vxor $Xl1,$Xl1,$t4 - vxor $Xh1,$Xh1,$t5 - - vsldoi $Xl,$Xl,$Xl,8 - vsldoi $Xl1,$Xl1,$Xl1,8 - vxor $Xl,$Xl,$t2 - vxor $Xl1,$Xl1,$t6 - - vsldoi $t1,$Xl,$Xl,8 # 2nd reduction phase - vsldoi $t5,$Xl1,$Xl1,8 # 2nd reduction phase - vpmsumd $Xl,$Xl,$xC2 - vpmsumd $Xl1,$Xl1,$xC2 - vxor $t1,$t1,$Xh - vxor $t5,$t5,$Xh1 - vxor $Xl,$Xl,$t1 - vxor $Xl1,$Xl1,$t5 - - vsldoi $H,$Xl,$Xl,8 - vsldoi $H2,$Xl1,$Xl1,8 - vsldoi $Hl,$zero,$H,8 - vsldoi $Hh,$H,$zero,8 - vsldoi $H2l,$zero,$H2,8 - vsldoi $H2h,$H2,$zero,8 - - stvx_u $Hl,r8,r3 # save H^3 - li r8,0xa0 - stvx_u $H,r9,r3 - li r9,0xb0 - stvx_u $Hh,r10,r3 - li r10,0xc0 - stvx_u $H2l,r8,r3 # save H^4 - stvx_u $H2,r9,r3 - stvx_u $H2h,r10,r3 - - mtspr 256,$vrsave - blr - .long 0 - .byte 0,12,0x14,0,0,0,2,0 - .long 0 -.size .gcm_init_p8,.-.gcm_init_p8 -___ -} -$code.=<<___; -.globl .gcm_gmult_p8 -.align 5 -.gcm_gmult_p8: - lis r0,0xfff8 - li r8,0x10 - mfspr $vrsave,256 - li r9,0x20 - mtspr 256,r0 - li r10,0x30 - lvx_u $IN,0,$Xip # load Xi - - lvx_u $Hl,r8,$Htbl # load pre-computed table - le?lvsl $lemask,r0,r0 - lvx_u $H, r9,$Htbl - le?vspltisb $t0,0x07 - lvx_u $Hh,r10,$Htbl - le?vxor $lemask,$lemask,$t0 - lvx_u $xC2,0,$Htbl - le?vperm $IN,$IN,$IN,$lemask - vxor $zero,$zero,$zero - - vpmsumd $Xl,$IN,$Hl # H.lo·Xi.lo - vpmsumd $Xm,$IN,$H # H.hi·Xi.lo+H.lo·Xi.hi - vpmsumd $Xh,$IN,$Hh # H.hi·Xi.hi - - vpmsumd $t2,$Xl,$xC2 # 1st reduction phase - - vsldoi $t0,$Xm,$zero,8 - vsldoi $t1,$zero,$Xm,8 - vxor $Xl,$Xl,$t0 - vxor $Xh,$Xh,$t1 - - vsldoi $Xl,$Xl,$Xl,8 - vxor $Xl,$Xl,$t2 - - vsldoi $t1,$Xl,$Xl,8 # 2nd reduction phase - vpmsumd $Xl,$Xl,$xC2 - vxor $t1,$t1,$Xh - vxor $Xl,$Xl,$t1 - - le?vperm $Xl,$Xl,$Xl,$lemask - stvx_u $Xl,0,$Xip # write out Xi - - mtspr 256,$vrsave - blr - .long 0 - .byte 0,12,0x14,0,0,0,2,0 - .long 0 -.size .gcm_gmult_p8,.-.gcm_gmult_p8 - -.globl .gcm_ghash_p8 -.align 5 -.gcm_ghash_p8: - li r0,-4096 - li r8,0x10 - mfspr $vrsave,256 - li r9,0x20 - mtspr 256,r0 - li r10,0x30 - lvx_u $Xl,0,$Xip # load Xi - - lvx_u $Hl,r8,$Htbl # load pre-computed table - li r8,0x40 - le?lvsl $lemask,r0,r0 - lvx_u $H, r9,$Htbl - li r9,0x50 - le?vspltisb $t0,0x07 - lvx_u $Hh,r10,$Htbl - li r10,0x60 - le?vxor $lemask,$lemask,$t0 - lvx_u $xC2,0,$Htbl - le?vperm $Xl,$Xl,$Xl,$lemask - vxor $zero,$zero,$zero - - ${UCMP}i $len,64 - bge Lgcm_ghash_p8_4x - - lvx_u $IN,0,$inp - addi $inp,$inp,16 - subic. $len,$len,16 - le?vperm $IN,$IN,$IN,$lemask - vxor $IN,$IN,$Xl - beq Lshort - - lvx_u $H2l,r8,$Htbl # load H^2 - li r8,16 - lvx_u $H2, r9,$Htbl - add r9,$inp,$len # end of input - lvx_u $H2h,r10,$Htbl - be?b Loop_2x - -.align 5 -Loop_2x: - lvx_u $IN1,0,$inp - le?vperm $IN1,$IN1,$IN1,$lemask - - subic $len,$len,32 - vpmsumd $Xl,$IN,$H2l # H^2.lo·Xi.lo - vpmsumd $Xl1,$IN1,$Hl # H.lo·Xi+1.lo - subfe r0,r0,r0 # borrow?-1:0 - vpmsumd $Xm,$IN,$H2 # H^2.hi·Xi.lo+H^2.lo·Xi.hi - vpmsumd $Xm1,$IN1,$H # H.hi·Xi+1.lo+H.lo·Xi+1.hi - and r0,r0,$len - vpmsumd $Xh,$IN,$H2h # H^2.hi·Xi.hi - vpmsumd $Xh1,$IN1,$Hh # H.hi·Xi+1.hi - add $inp,$inp,r0 - - vxor $Xl,$Xl,$Xl1 - vxor $Xm,$Xm,$Xm1 - - vpmsumd $t2,$Xl,$xC2 # 1st reduction phase - - vsldoi $t0,$Xm,$zero,8 - vsldoi $t1,$zero,$Xm,8 - vxor $Xh,$Xh,$Xh1 - vxor $Xl,$Xl,$t0 - vxor $Xh,$Xh,$t1 - - vsldoi $Xl,$Xl,$Xl,8 - vxor $Xl,$Xl,$t2 - lvx_u $IN,r8,$inp - addi $inp,$inp,32 - - vsldoi $t1,$Xl,$Xl,8 # 2nd reduction phase - vpmsumd $Xl,$Xl,$xC2 - le?vperm $IN,$IN,$IN,$lemask - vxor $t1,$t1,$Xh - vxor $IN,$IN,$t1 - vxor $IN,$IN,$Xl - $UCMP r9,$inp - bgt Loop_2x # done yet? - - cmplwi $len,0 - bne Leven - -Lshort: - vpmsumd $Xl,$IN,$Hl # H.lo·Xi.lo - vpmsumd $Xm,$IN,$H # H.hi·Xi.lo+H.lo·Xi.hi - vpmsumd $Xh,$IN,$Hh # H.hi·Xi.hi - - vpmsumd $t2,$Xl,$xC2 # 1st reduction phase - - vsldoi $t0,$Xm,$zero,8 - vsldoi $t1,$zero,$Xm,8 - vxor $Xl,$Xl,$t0 - vxor $Xh,$Xh,$t1 - - vsldoi $Xl,$Xl,$Xl,8 - vxor $Xl,$Xl,$t2 - - vsldoi $t1,$Xl,$Xl,8 # 2nd reduction phase - vpmsumd $Xl,$Xl,$xC2 - vxor $t1,$t1,$Xh - -Leven: - vxor $Xl,$Xl,$t1 - le?vperm $Xl,$Xl,$Xl,$lemask - stvx_u $Xl,0,$Xip # write out Xi - - mtspr 256,$vrsave - blr - .long 0 - .byte 0,12,0x14,0,0,0,4,0 - .long 0 -___ -{ -my ($Xl3,$Xm2,$IN2,$H3l,$H3,$H3h, - $Xh3,$Xm3,$IN3,$H4l,$H4,$H4h) = map("v$_",(20..31)); -my $IN0=$IN; -my ($H21l,$H21h,$loperm,$hiperm) = ($Hl,$Hh,$H2l,$H2h); - -$code.=<<___; -.align 5 -.gcm_ghash_p8_4x: -Lgcm_ghash_p8_4x: - $STU $sp,-$FRAME($sp) - li r10,`15+6*$SIZE_T` - li r11,`31+6*$SIZE_T` - stvx v20,r10,$sp - addi r10,r10,32 - stvx v21,r11,$sp - addi r11,r11,32 - stvx v22,r10,$sp - addi r10,r10,32 - stvx v23,r11,$sp - addi r11,r11,32 - stvx v24,r10,$sp - addi r10,r10,32 - stvx v25,r11,$sp - addi r11,r11,32 - stvx v26,r10,$sp - addi r10,r10,32 - stvx v27,r11,$sp - addi r11,r11,32 - stvx v28,r10,$sp - addi r10,r10,32 - stvx v29,r11,$sp - addi r11,r11,32 - stvx v30,r10,$sp - li r10,0x60 - stvx v31,r11,$sp - li r0,-1 - stw $vrsave,`$FRAME-4`($sp) # save vrsave - mtspr 256,r0 # preserve all AltiVec registers - - lvsl $t0,0,r8 # 0x0001..0e0f - #lvx_u $H2l,r8,$Htbl # load H^2 - li r8,0x70 - lvx_u $H2, r9,$Htbl - li r9,0x80 - vspltisb $t1,8 # 0x0808..0808 - #lvx_u $H2h,r10,$Htbl - li r10,0x90 - lvx_u $H3l,r8,$Htbl # load H^3 - li r8,0xa0 - lvx_u $H3, r9,$Htbl - li r9,0xb0 - lvx_u $H3h,r10,$Htbl - li r10,0xc0 - lvx_u $H4l,r8,$Htbl # load H^4 - li r8,0x10 - lvx_u $H4, r9,$Htbl - li r9,0x20 - lvx_u $H4h,r10,$Htbl - li r10,0x30 - - vsldoi $t2,$zero,$t1,8 # 0x0000..0808 - vaddubm $hiperm,$t0,$t2 # 0x0001..1617 - vaddubm $loperm,$t1,$hiperm # 0x0809..1e1f - - $SHRI $len,$len,4 # this allows to use sign bit - # as carry - lvx_u $IN0,0,$inp # load input - lvx_u $IN1,r8,$inp - subic. $len,$len,8 - lvx_u $IN2,r9,$inp - lvx_u $IN3,r10,$inp - addi $inp,$inp,0x40 - le?vperm $IN0,$IN0,$IN0,$lemask - le?vperm $IN1,$IN1,$IN1,$lemask - le?vperm $IN2,$IN2,$IN2,$lemask - le?vperm $IN3,$IN3,$IN3,$lemask - - vxor $Xh,$IN0,$Xl - - vpmsumd $Xl1,$IN1,$H3l - vpmsumd $Xm1,$IN1,$H3 - vpmsumd $Xh1,$IN1,$H3h - - vperm $H21l,$H2,$H,$hiperm - vperm $t0,$IN2,$IN3,$loperm - vperm $H21h,$H2,$H,$loperm - vperm $t1,$IN2,$IN3,$hiperm - vpmsumd $Xm2,$IN2,$H2 # H^2.lo·Xi+2.hi+H^2.hi·Xi+2.lo - vpmsumd $Xl3,$t0,$H21l # H^2.lo·Xi+2.lo+H.lo·Xi+3.lo - vpmsumd $Xm3,$IN3,$H # H.hi·Xi+3.lo +H.lo·Xi+3.hi - vpmsumd $Xh3,$t1,$H21h # H^2.hi·Xi+2.hi+H.hi·Xi+3.hi - - vxor $Xm2,$Xm2,$Xm1 - vxor $Xl3,$Xl3,$Xl1 - vxor $Xm3,$Xm3,$Xm2 - vxor $Xh3,$Xh3,$Xh1 - - blt Ltail_4x - -Loop_4x: - lvx_u $IN0,0,$inp - lvx_u $IN1,r8,$inp - subic. $len,$len,4 - lvx_u $IN2,r9,$inp - lvx_u $IN3,r10,$inp - addi $inp,$inp,0x40 - le?vperm $IN1,$IN1,$IN1,$lemask - le?vperm $IN2,$IN2,$IN2,$lemask - le?vperm $IN3,$IN3,$IN3,$lemask - le?vperm $IN0,$IN0,$IN0,$lemask - - vpmsumd $Xl,$Xh,$H4l # H^4.lo·Xi.lo - vpmsumd $Xm,$Xh,$H4 # H^4.hi·Xi.lo+H^4.lo·Xi.hi - vpmsumd $Xh,$Xh,$H4h # H^4.hi·Xi.hi - vpmsumd $Xl1,$IN1,$H3l - vpmsumd $Xm1,$IN1,$H3 - vpmsumd $Xh1,$IN1,$H3h - - vxor $Xl,$Xl,$Xl3 - vxor $Xm,$Xm,$Xm3 - vxor $Xh,$Xh,$Xh3 - vperm $t0,$IN2,$IN3,$loperm - vperm $t1,$IN2,$IN3,$hiperm - - vpmsumd $t2,$Xl,$xC2 # 1st reduction phase - vpmsumd $Xl3,$t0,$H21l # H.lo·Xi+3.lo +H^2.lo·Xi+2.lo - vpmsumd $Xh3,$t1,$H21h # H.hi·Xi+3.hi +H^2.hi·Xi+2.hi - - vsldoi $t0,$Xm,$zero,8 - vsldoi $t1,$zero,$Xm,8 - vxor $Xl,$Xl,$t0 - vxor $Xh,$Xh,$t1 - - vsldoi $Xl,$Xl,$Xl,8 - vxor $Xl,$Xl,$t2 - - vsldoi $t1,$Xl,$Xl,8 # 2nd reduction phase - vpmsumd $Xm2,$IN2,$H2 # H^2.hi·Xi+2.lo+H^2.lo·Xi+2.hi - vpmsumd $Xm3,$IN3,$H # H.hi·Xi+3.lo +H.lo·Xi+3.hi - vpmsumd $Xl,$Xl,$xC2 - - vxor $Xl3,$Xl3,$Xl1 - vxor $Xh3,$Xh3,$Xh1 - vxor $Xh,$Xh,$IN0 - vxor $Xm2,$Xm2,$Xm1 - vxor $Xh,$Xh,$t1 - vxor $Xm3,$Xm3,$Xm2 - vxor $Xh,$Xh,$Xl - bge Loop_4x - -Ltail_4x: - vpmsumd $Xl,$Xh,$H4l # H^4.lo·Xi.lo - vpmsumd $Xm,$Xh,$H4 # H^4.hi·Xi.lo+H^4.lo·Xi.hi - vpmsumd $Xh,$Xh,$H4h # H^4.hi·Xi.hi - - vxor $Xl,$Xl,$Xl3 - vxor $Xm,$Xm,$Xm3 - - vpmsumd $t2,$Xl,$xC2 # 1st reduction phase - - vsldoi $t0,$Xm,$zero,8 - vsldoi $t1,$zero,$Xm,8 - vxor $Xh,$Xh,$Xh3 - vxor $Xl,$Xl,$t0 - vxor $Xh,$Xh,$t1 - - vsldoi $Xl,$Xl,$Xl,8 - vxor $Xl,$Xl,$t2 - - vsldoi $t1,$Xl,$Xl,8 # 2nd reduction phase - vpmsumd $Xl,$Xl,$xC2 - vxor $t1,$t1,$Xh - vxor $Xl,$Xl,$t1 - - addic. $len,$len,4 - beq Ldone_4x - - lvx_u $IN0,0,$inp - ${UCMP}i $len,2 - li $len,-4 - blt Lone - lvx_u $IN1,r8,$inp - beq Ltwo - -Lthree: - lvx_u $IN2,r9,$inp - le?vperm $IN0,$IN0,$IN0,$lemask - le?vperm $IN1,$IN1,$IN1,$lemask - le?vperm $IN2,$IN2,$IN2,$lemask - - vxor $Xh,$IN0,$Xl - vmr $H4l,$H3l - vmr $H4, $H3 - vmr $H4h,$H3h - - vperm $t0,$IN1,$IN2,$loperm - vperm $t1,$IN1,$IN2,$hiperm - vpmsumd $Xm2,$IN1,$H2 # H^2.lo·Xi+1.hi+H^2.hi·Xi+1.lo - vpmsumd $Xm3,$IN2,$H # H.hi·Xi+2.lo +H.lo·Xi+2.hi - vpmsumd $Xl3,$t0,$H21l # H^2.lo·Xi+1.lo+H.lo·Xi+2.lo - vpmsumd $Xh3,$t1,$H21h # H^2.hi·Xi+1.hi+H.hi·Xi+2.hi - - vxor $Xm3,$Xm3,$Xm2 - b Ltail_4x - -.align 4 -Ltwo: - le?vperm $IN0,$IN0,$IN0,$lemask - le?vperm $IN1,$IN1,$IN1,$lemask - - vxor $Xh,$IN0,$Xl - vperm $t0,$zero,$IN1,$loperm - vperm $t1,$zero,$IN1,$hiperm - - vsldoi $H4l,$zero,$H2,8 - vmr $H4, $H2 - vsldoi $H4h,$H2,$zero,8 - - vpmsumd $Xl3,$t0, $H21l # H.lo·Xi+1.lo - vpmsumd $Xm3,$IN1,$H # H.hi·Xi+1.lo+H.lo·Xi+2.hi - vpmsumd $Xh3,$t1, $H21h # H.hi·Xi+1.hi - - b Ltail_4x - -.align 4 -Lone: - le?vperm $IN0,$IN0,$IN0,$lemask - - vsldoi $H4l,$zero,$H,8 - vmr $H4, $H - vsldoi $H4h,$H,$zero,8 - - vxor $Xh,$IN0,$Xl - vxor $Xl3,$Xl3,$Xl3 - vxor $Xm3,$Xm3,$Xm3 - vxor $Xh3,$Xh3,$Xh3 - - b Ltail_4x - -Ldone_4x: - le?vperm $Xl,$Xl,$Xl,$lemask - stvx_u $Xl,0,$Xip # write out Xi - - li r10,`15+6*$SIZE_T` - li r11,`31+6*$SIZE_T` - mtspr 256,$vrsave - lvx v20,r10,$sp - addi r10,r10,32 - lvx v21,r11,$sp - addi r11,r11,32 - lvx v22,r10,$sp - addi r10,r10,32 - lvx v23,r11,$sp - addi r11,r11,32 - lvx v24,r10,$sp - addi r10,r10,32 - lvx v25,r11,$sp - addi r11,r11,32 - lvx v26,r10,$sp - addi r10,r10,32 - lvx v27,r11,$sp - addi r11,r11,32 - lvx v28,r10,$sp - addi r10,r10,32 - lvx v29,r11,$sp - addi r11,r11,32 - lvx v30,r10,$sp - lvx v31,r11,$sp - addi $sp,$sp,$FRAME - blr - .long 0 - .byte 0,12,0x04,0,0x80,0,4,0 - .long 0 -___ -} -$code.=<<___; -.size .gcm_ghash_p8,.-.gcm_ghash_p8 - -.asciz "GHASH for PowerISA 2.07, CRYPTOGAMS by " -.align 2 -___ - -foreach (split("\n",$code)) { - s/\`([^\`]*)\`/eval $1/geo; - - if ($flavour =~ /le$/o) { # little-endian - s/le\?//o or - s/be\?/#be#/o; - } else { - s/le\?/#le#/o or - s/be\?//o; - } - print $_,"\n"; -} - -close STDOUT or die "error closing STDOUT: $!"; # enforce flush diff --git a/crypto/modes/asm/ghashv8-armx.pl b/crypto/modes/asm/ghashv8-armx.pl deleted file mode 100644 index b1d35d25b5b19ff97874ce577857574b01eccab7..0000000000000000000000000000000000000000 --- a/crypto/modes/asm/ghashv8-armx.pl +++ /dev/null @@ -1,797 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2014-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - -# -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# ==================================================================== -# -# GHASH for ARMv8 Crypto Extension, 64-bit polynomial multiplication. -# -# June 2014 -# -# Initial version was developed in tight cooperation with Ard -# Biesheuvel of Linaro from bits-n-pieces from other assembly modules. -# Just like aesv8-armx.pl this module supports both AArch32 and -# AArch64 execution modes. -# -# July 2014 -# -# Implement 2x aggregated reduction [see ghash-x86.pl for background -# information]. -# -# November 2017 -# -# AArch64 register bank to "accommodate" 4x aggregated reduction and -# improve performance by 20-70% depending on processor. -# -# Current performance in cycles per processed byte: -# -# 64-bit PMULL 32-bit PMULL 32-bit NEON(*) -# Apple A7 0.58 0.92 5.62 -# Cortex-A53 0.85 1.01 8.39 -# Cortex-A57 0.73 1.17 7.61 -# Denver 0.51 0.65 6.02 -# Mongoose 0.65 1.10 8.06 -# Kryo 0.76 1.16 8.00 -# ThunderX2 1.05 -# -# (*) presented for reference/comparison purposes; - -# $output is the last argument if it looks like a file (it has an extension) -# $flavour is the first argument if it doesn't look like a file -$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; -$flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef; - -$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; -( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or -( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or -die "can't locate arm-xlate.pl"; - -open OUT,"| \"$^X\" $xlate $flavour \"$output\"" - or die "can't call $xlate: $!"; -*STDOUT=*OUT; - -$Xi="x0"; # argument block -$Htbl="x1"; -$inp="x2"; -$len="x3"; - -$inc="x12"; - -{ -my ($Xl,$Xm,$Xh,$IN)=map("q$_",(0..3)); -my ($t0,$t1,$t2,$xC2,$H,$Hhl,$H2)=map("q$_",(8..14)); -my $_byte = ($flavour =~ /win/ ? "DCB" : ".byte"); - -$code=<<___; -#include "arm_arch.h" - -#if __ARM_MAX_ARCH__>=7 -___ -$code.=".arch armv8-a+crypto\n.text\n" if ($flavour =~ /64/); -$code.=<<___ if ($flavour !~ /64/); -.fpu neon -#ifdef __thumb2__ -.syntax unified -.thumb -# define INST(a,b,c,d) $_byte c,0xef,a,b -#else -.code 32 -# define INST(a,b,c,d) $_byte a,b,c,0xf2 -#endif - -.text -___ - -################################################################################ -# void gcm_init_v8(u128 Htable[16],const u64 H[2]); -# -# input: 128-bit H - secret parameter E(K,0^128) -# output: precomputed table filled with degrees of twisted H; -# H is twisted to handle reverse bitness of GHASH; -# only few of 16 slots of Htable[16] are used; -# data is opaque to outside world (which allows to -# optimize the code independently); -# -$code.=<<___; -.global gcm_init_v8 -.type gcm_init_v8,%function -.align 4 -gcm_init_v8: - vld1.64 {$t1},[x1] @ load input H - vmov.i8 $xC2,#0xe1 - vshl.i64 $xC2,$xC2,#57 @ 0xc2.0 - vext.8 $IN,$t1,$t1,#8 - vshr.u64 $t2,$xC2,#63 - vdup.32 $t1,${t1}[1] - vext.8 $t0,$t2,$xC2,#8 @ t0=0xc2....01 - vshr.u64 $t2,$IN,#63 - vshr.s32 $t1,$t1,#31 @ broadcast carry bit - vand $t2,$t2,$t0 - vshl.i64 $IN,$IN,#1 - vext.8 $t2,$t2,$t2,#8 - vand $t0,$t0,$t1 - vorr $IN,$IN,$t2 @ H<<<=1 - veor $H,$IN,$t0 @ twisted H - vst1.64 {$H},[x0],#16 @ store Htable[0] - - @ calculate H^2 - vext.8 $t0,$H,$H,#8 @ Karatsuba pre-processing - vpmull.p64 $Xl,$H,$H - veor $t0,$t0,$H - vpmull2.p64 $Xh,$H,$H - vpmull.p64 $Xm,$t0,$t0 - - vext.8 $t1,$Xl,$Xh,#8 @ Karatsuba post-processing - veor $t2,$Xl,$Xh - veor $Xm,$Xm,$t1 - veor $Xm,$Xm,$t2 - vpmull.p64 $t2,$Xl,$xC2 @ 1st phase - - vmov $Xh#lo,$Xm#hi @ Xh|Xm - 256-bit result - vmov $Xm#hi,$Xl#lo @ Xm is rotated Xl - veor $Xl,$Xm,$t2 - - vext.8 $t2,$Xl,$Xl,#8 @ 2nd phase - vpmull.p64 $Xl,$Xl,$xC2 - veor $t2,$t2,$Xh - veor $H2,$Xl,$t2 - - vext.8 $t1,$H2,$H2,#8 @ Karatsuba pre-processing - veor $t1,$t1,$H2 - vext.8 $Hhl,$t0,$t1,#8 @ pack Karatsuba pre-processed - vst1.64 {$Hhl-$H2},[x0],#32 @ store Htable[1..2] -___ -if ($flavour =~ /64/) { -my ($t3,$Yl,$Ym,$Yh) = map("q$_",(4..7)); - -$code.=<<___; - @ calculate H^3 and H^4 - vpmull.p64 $Xl,$H, $H2 - vpmull.p64 $Yl,$H2,$H2 - vpmull2.p64 $Xh,$H, $H2 - vpmull2.p64 $Yh,$H2,$H2 - vpmull.p64 $Xm,$t0,$t1 - vpmull.p64 $Ym,$t1,$t1 - - vext.8 $t0,$Xl,$Xh,#8 @ Karatsuba post-processing - vext.8 $t1,$Yl,$Yh,#8 - veor $t2,$Xl,$Xh - veor $Xm,$Xm,$t0 - veor $t3,$Yl,$Yh - veor $Ym,$Ym,$t1 - veor $Xm,$Xm,$t2 - vpmull.p64 $t2,$Xl,$xC2 @ 1st phase - veor $Ym,$Ym,$t3 - vpmull.p64 $t3,$Yl,$xC2 - - vmov $Xh#lo,$Xm#hi @ Xh|Xm - 256-bit result - vmov $Yh#lo,$Ym#hi - vmov $Xm#hi,$Xl#lo @ Xm is rotated Xl - vmov $Ym#hi,$Yl#lo - veor $Xl,$Xm,$t2 - veor $Yl,$Ym,$t3 - - vext.8 $t2,$Xl,$Xl,#8 @ 2nd phase - vext.8 $t3,$Yl,$Yl,#8 - vpmull.p64 $Xl,$Xl,$xC2 - vpmull.p64 $Yl,$Yl,$xC2 - veor $t2,$t2,$Xh - veor $t3,$t3,$Yh - veor $H, $Xl,$t2 @ H^3 - veor $H2,$Yl,$t3 @ H^4 - - vext.8 $t0,$H, $H,#8 @ Karatsuba pre-processing - vext.8 $t1,$H2,$H2,#8 - veor $t0,$t0,$H - veor $t1,$t1,$H2 - vext.8 $Hhl,$t0,$t1,#8 @ pack Karatsuba pre-processed - vst1.64 {$H-$H2},[x0] @ store Htable[3..5] -___ -} -$code.=<<___; - ret -.size gcm_init_v8,.-gcm_init_v8 -___ -################################################################################ -# void gcm_gmult_v8(u64 Xi[2],const u128 Htable[16]); -# -# input: Xi - current hash value; -# Htable - table precomputed in gcm_init_v8; -# output: Xi - next hash value Xi; -# -$code.=<<___; -.global gcm_gmult_v8 -.type gcm_gmult_v8,%function -.align 4 -gcm_gmult_v8: - vld1.64 {$t1},[$Xi] @ load Xi - vmov.i8 $xC2,#0xe1 - vld1.64 {$H-$Hhl},[$Htbl] @ load twisted H, ... - vshl.u64 $xC2,$xC2,#57 -#ifndef __ARMEB__ - vrev64.8 $t1,$t1 -#endif - vext.8 $IN,$t1,$t1,#8 - - vpmull.p64 $Xl,$H,$IN @ H.lo·Xi.lo - veor $t1,$t1,$IN @ Karatsuba pre-processing - vpmull2.p64 $Xh,$H,$IN @ H.hi·Xi.hi - vpmull.p64 $Xm,$Hhl,$t1 @ (H.lo+H.hi)·(Xi.lo+Xi.hi) - - vext.8 $t1,$Xl,$Xh,#8 @ Karatsuba post-processing - veor $t2,$Xl,$Xh - veor $Xm,$Xm,$t1 - veor $Xm,$Xm,$t2 - vpmull.p64 $t2,$Xl,$xC2 @ 1st phase of reduction - - vmov $Xh#lo,$Xm#hi @ Xh|Xm - 256-bit result - vmov $Xm#hi,$Xl#lo @ Xm is rotated Xl - veor $Xl,$Xm,$t2 - - vext.8 $t2,$Xl,$Xl,#8 @ 2nd phase of reduction - vpmull.p64 $Xl,$Xl,$xC2 - veor $t2,$t2,$Xh - veor $Xl,$Xl,$t2 - -#ifndef __ARMEB__ - vrev64.8 $Xl,$Xl -#endif - vext.8 $Xl,$Xl,$Xl,#8 - vst1.64 {$Xl},[$Xi] @ write out Xi - - ret -.size gcm_gmult_v8,.-gcm_gmult_v8 -___ -################################################################################ -# void gcm_ghash_v8(u64 Xi[2],const u128 Htable[16],const u8 *inp,size_t len); -# -# input: table precomputed in gcm_init_v8; -# current hash value Xi; -# pointer to input data; -# length of input data in bytes, but divisible by block size; -# output: next hash value Xi; -# -$code.=<<___; -.global gcm_ghash_v8 -.type gcm_ghash_v8,%function -.align 4 -gcm_ghash_v8: -___ -$code.=<<___ if ($flavour =~ /64/); - cmp $len,#64 - b.hs .Lgcm_ghash_v8_4x -___ -$code.=<<___ if ($flavour !~ /64/); - vstmdb sp!,{d8-d15} @ 32-bit ABI says so -___ -$code.=<<___; - vld1.64 {$Xl},[$Xi] @ load [rotated] Xi - @ "[rotated]" means that - @ loaded value would have - @ to be rotated in order to - @ make it appear as in - @ algorithm specification - subs $len,$len,#32 @ see if $len is 32 or larger - mov $inc,#16 @ $inc is used as post- - @ increment for input pointer; - @ as loop is modulo-scheduled - @ $inc is zeroed just in time - @ to preclude overstepping - @ inp[len], which means that - @ last block[s] are actually - @ loaded twice, but last - @ copy is not processed - vld1.64 {$H-$Hhl},[$Htbl],#32 @ load twisted H, ..., H^2 - vmov.i8 $xC2,#0xe1 - vld1.64 {$H2},[$Htbl] - cclr $inc,eq @ is it time to zero $inc? - vext.8 $Xl,$Xl,$Xl,#8 @ rotate Xi - vld1.64 {$t0},[$inp],#16 @ load [rotated] I[0] - vshl.u64 $xC2,$xC2,#57 @ compose 0xc2.0 constant -#ifndef __ARMEB__ - vrev64.8 $t0,$t0 - vrev64.8 $Xl,$Xl -#endif - vext.8 $IN,$t0,$t0,#8 @ rotate I[0] - b.lo .Lodd_tail_v8 @ $len was less than 32 -___ -{ my ($Xln,$Xmn,$Xhn,$In) = map("q$_",(4..7)); - ####### - # Xi+2 =[H*(Ii+1 + Xi+1)] mod P = - # [(H*Ii+1) + (H*Xi+1)] mod P = - # [(H*Ii+1) + H^2*(Ii+Xi)] mod P - # -$code.=<<___; - vld1.64 {$t1},[$inp],$inc @ load [rotated] I[1] -#ifndef __ARMEB__ - vrev64.8 $t1,$t1 -#endif - vext.8 $In,$t1,$t1,#8 - veor $IN,$IN,$Xl @ I[i]^=Xi - vpmull.p64 $Xln,$H,$In @ H·Ii+1 - veor $t1,$t1,$In @ Karatsuba pre-processing - vpmull2.p64 $Xhn,$H,$In - b .Loop_mod2x_v8 - -.align 4 -.Loop_mod2x_v8: - vext.8 $t2,$IN,$IN,#8 - subs $len,$len,#32 @ is there more data? - vpmull.p64 $Xl,$H2,$IN @ H^2.lo·Xi.lo - cclr $inc,lo @ is it time to zero $inc? - - vpmull.p64 $Xmn,$Hhl,$t1 - veor $t2,$t2,$IN @ Karatsuba pre-processing - vpmull2.p64 $Xh,$H2,$IN @ H^2.hi·Xi.hi - veor $Xl,$Xl,$Xln @ accumulate - vpmull2.p64 $Xm,$Hhl,$t2 @ (H^2.lo+H^2.hi)·(Xi.lo+Xi.hi) - vld1.64 {$t0},[$inp],$inc @ load [rotated] I[i+2] - - veor $Xh,$Xh,$Xhn - cclr $inc,eq @ is it time to zero $inc? - veor $Xm,$Xm,$Xmn - - vext.8 $t1,$Xl,$Xh,#8 @ Karatsuba post-processing - veor $t2,$Xl,$Xh - veor $Xm,$Xm,$t1 - vld1.64 {$t1},[$inp],$inc @ load [rotated] I[i+3] -#ifndef __ARMEB__ - vrev64.8 $t0,$t0 -#endif - veor $Xm,$Xm,$t2 - vpmull.p64 $t2,$Xl,$xC2 @ 1st phase of reduction - -#ifndef __ARMEB__ - vrev64.8 $t1,$t1 -#endif - vmov $Xh#lo,$Xm#hi @ Xh|Xm - 256-bit result - vmov $Xm#hi,$Xl#lo @ Xm is rotated Xl - vext.8 $In,$t1,$t1,#8 - vext.8 $IN,$t0,$t0,#8 - veor $Xl,$Xm,$t2 - vpmull.p64 $Xln,$H,$In @ H·Ii+1 - veor $IN,$IN,$Xh @ accumulate $IN early - - vext.8 $t2,$Xl,$Xl,#8 @ 2nd phase of reduction - vpmull.p64 $Xl,$Xl,$xC2 - veor $IN,$IN,$t2 - veor $t1,$t1,$In @ Karatsuba pre-processing - veor $IN,$IN,$Xl - vpmull2.p64 $Xhn,$H,$In - b.hs .Loop_mod2x_v8 @ there was at least 32 more bytes - - veor $Xh,$Xh,$t2 - vext.8 $IN,$t0,$t0,#8 @ re-construct $IN - adds $len,$len,#32 @ re-construct $len - veor $Xl,$Xl,$Xh @ re-construct $Xl - b.eq .Ldone_v8 @ is $len zero? -___ -} -$code.=<<___; -.Lodd_tail_v8: - vext.8 $t2,$Xl,$Xl,#8 - veor $IN,$IN,$Xl @ inp^=Xi - veor $t1,$t0,$t2 @ $t1 is rotated inp^Xi - - vpmull.p64 $Xl,$H,$IN @ H.lo·Xi.lo - veor $t1,$t1,$IN @ Karatsuba pre-processing - vpmull2.p64 $Xh,$H,$IN @ H.hi·Xi.hi - vpmull.p64 $Xm,$Hhl,$t1 @ (H.lo+H.hi)·(Xi.lo+Xi.hi) - - vext.8 $t1,$Xl,$Xh,#8 @ Karatsuba post-processing - veor $t2,$Xl,$Xh - veor $Xm,$Xm,$t1 - veor $Xm,$Xm,$t2 - vpmull.p64 $t2,$Xl,$xC2 @ 1st phase of reduction - - vmov $Xh#lo,$Xm#hi @ Xh|Xm - 256-bit result - vmov $Xm#hi,$Xl#lo @ Xm is rotated Xl - veor $Xl,$Xm,$t2 - - vext.8 $t2,$Xl,$Xl,#8 @ 2nd phase of reduction - vpmull.p64 $Xl,$Xl,$xC2 - veor $t2,$t2,$Xh - veor $Xl,$Xl,$t2 - -.Ldone_v8: -#ifndef __ARMEB__ - vrev64.8 $Xl,$Xl -#endif - vext.8 $Xl,$Xl,$Xl,#8 - vst1.64 {$Xl},[$Xi] @ write out Xi - -___ -$code.=<<___ if ($flavour !~ /64/); - vldmia sp!,{d8-d15} @ 32-bit ABI says so -___ -$code.=<<___; - ret -.size gcm_ghash_v8,.-gcm_ghash_v8 -___ - -if ($flavour =~ /64/) { # 4x subroutine -my ($I0,$j1,$j2,$j3, - $I1,$I2,$I3,$H3,$H34,$H4,$Yl,$Ym,$Yh) = map("q$_",(4..7,15..23)); - -$code.=<<___; -.type gcm_ghash_v8_4x,%function -.align 4 -gcm_ghash_v8_4x: -.Lgcm_ghash_v8_4x: - vld1.64 {$Xl},[$Xi] @ load [rotated] Xi - vld1.64 {$H-$H2},[$Htbl],#48 @ load twisted H, ..., H^2 - vmov.i8 $xC2,#0xe1 - vld1.64 {$H3-$H4},[$Htbl] @ load twisted H^3, ..., H^4 - vshl.u64 $xC2,$xC2,#57 @ compose 0xc2.0 constant - - vld1.64 {$I0-$j3},[$inp],#64 -#ifndef __ARMEB__ - vrev64.8 $Xl,$Xl - vrev64.8 $j1,$j1 - vrev64.8 $j2,$j2 - vrev64.8 $j3,$j3 - vrev64.8 $I0,$I0 -#endif - vext.8 $I3,$j3,$j3,#8 - vext.8 $I2,$j2,$j2,#8 - vext.8 $I1,$j1,$j1,#8 - - vpmull.p64 $Yl,$H,$I3 @ H·Ii+3 - veor $j3,$j3,$I3 - vpmull2.p64 $Yh,$H,$I3 - vpmull.p64 $Ym,$Hhl,$j3 - - vpmull.p64 $t0,$H2,$I2 @ H^2·Ii+2 - veor $j2,$j2,$I2 - vpmull2.p64 $I2,$H2,$I2 - vpmull2.p64 $j2,$Hhl,$j2 - - veor $Yl,$Yl,$t0 - veor $Yh,$Yh,$I2 - veor $Ym,$Ym,$j2 - - vpmull.p64 $j3,$H3,$I1 @ H^3·Ii+1 - veor $j1,$j1,$I1 - vpmull2.p64 $I1,$H3,$I1 - vpmull.p64 $j1,$H34,$j1 - - veor $Yl,$Yl,$j3 - veor $Yh,$Yh,$I1 - veor $Ym,$Ym,$j1 - - subs $len,$len,#128 - b.lo .Ltail4x - - b .Loop4x - -.align 4 -.Loop4x: - veor $t0,$I0,$Xl - vld1.64 {$I0-$j3},[$inp],#64 - vext.8 $IN,$t0,$t0,#8 -#ifndef __ARMEB__ - vrev64.8 $j1,$j1 - vrev64.8 $j2,$j2 - vrev64.8 $j3,$j3 - vrev64.8 $I0,$I0 -#endif - - vpmull.p64 $Xl,$H4,$IN @ H^4·(Xi+Ii) - veor $t0,$t0,$IN - vpmull2.p64 $Xh,$H4,$IN - vext.8 $I3,$j3,$j3,#8 - vpmull2.p64 $Xm,$H34,$t0 - - veor $Xl,$Xl,$Yl - veor $Xh,$Xh,$Yh - vext.8 $I2,$j2,$j2,#8 - veor $Xm,$Xm,$Ym - vext.8 $I1,$j1,$j1,#8 - - vext.8 $t1,$Xl,$Xh,#8 @ Karatsuba post-processing - veor $t2,$Xl,$Xh - vpmull.p64 $Yl,$H,$I3 @ H·Ii+3 - veor $j3,$j3,$I3 - veor $Xm,$Xm,$t1 - vpmull2.p64 $Yh,$H,$I3 - veor $Xm,$Xm,$t2 - vpmull.p64 $Ym,$Hhl,$j3 - - vpmull.p64 $t2,$Xl,$xC2 @ 1st phase of reduction - vmov $Xh#lo,$Xm#hi @ Xh|Xm - 256-bit result - vmov $Xm#hi,$Xl#lo @ Xm is rotated Xl - vpmull.p64 $t0,$H2,$I2 @ H^2·Ii+2 - veor $j2,$j2,$I2 - vpmull2.p64 $I2,$H2,$I2 - veor $Xl,$Xm,$t2 - vpmull2.p64 $j2,$Hhl,$j2 - - veor $Yl,$Yl,$t0 - veor $Yh,$Yh,$I2 - veor $Ym,$Ym,$j2 - - vext.8 $t2,$Xl,$Xl,#8 @ 2nd phase of reduction - vpmull.p64 $Xl,$Xl,$xC2 - vpmull.p64 $j3,$H3,$I1 @ H^3·Ii+1 - veor $j1,$j1,$I1 - veor $t2,$t2,$Xh - vpmull2.p64 $I1,$H3,$I1 - vpmull.p64 $j1,$H34,$j1 - - veor $Xl,$Xl,$t2 - veor $Yl,$Yl,$j3 - veor $Yh,$Yh,$I1 - vext.8 $Xl,$Xl,$Xl,#8 - veor $Ym,$Ym,$j1 - - subs $len,$len,#64 - b.hs .Loop4x - -.Ltail4x: - veor $t0,$I0,$Xl - vext.8 $IN,$t0,$t0,#8 - - vpmull.p64 $Xl,$H4,$IN @ H^4·(Xi+Ii) - veor $t0,$t0,$IN - vpmull2.p64 $Xh,$H4,$IN - vpmull2.p64 $Xm,$H34,$t0 - - veor $Xl,$Xl,$Yl - veor $Xh,$Xh,$Yh - veor $Xm,$Xm,$Ym - - adds $len,$len,#64 - b.eq .Ldone4x - - cmp $len,#32 - b.lo .Lone - b.eq .Ltwo -.Lthree: - vext.8 $t1,$Xl,$Xh,#8 @ Karatsuba post-processing - veor $t2,$Xl,$Xh - veor $Xm,$Xm,$t1 - vld1.64 {$I0-$j2},[$inp] - veor $Xm,$Xm,$t2 -#ifndef __ARMEB__ - vrev64.8 $j1,$j1 - vrev64.8 $j2,$j2 - vrev64.8 $I0,$I0 -#endif - - vpmull.p64 $t2,$Xl,$xC2 @ 1st phase of reduction - vmov $Xh#lo,$Xm#hi @ Xh|Xm - 256-bit result - vmov $Xm#hi,$Xl#lo @ Xm is rotated Xl - vext.8 $I2,$j2,$j2,#8 - vext.8 $I1,$j1,$j1,#8 - veor $Xl,$Xm,$t2 - - vpmull.p64 $Yl,$H,$I2 @ H·Ii+2 - veor $j2,$j2,$I2 - - vext.8 $t2,$Xl,$Xl,#8 @ 2nd phase of reduction - vpmull.p64 $Xl,$Xl,$xC2 - veor $t2,$t2,$Xh - vpmull2.p64 $Yh,$H,$I2 - vpmull.p64 $Ym,$Hhl,$j2 - veor $Xl,$Xl,$t2 - vpmull.p64 $j3,$H2,$I1 @ H^2·Ii+1 - veor $j1,$j1,$I1 - vext.8 $Xl,$Xl,$Xl,#8 - - vpmull2.p64 $I1,$H2,$I1 - veor $t0,$I0,$Xl - vpmull2.p64 $j1,$Hhl,$j1 - vext.8 $IN,$t0,$t0,#8 - - veor $Yl,$Yl,$j3 - veor $Yh,$Yh,$I1 - veor $Ym,$Ym,$j1 - - vpmull.p64 $Xl,$H3,$IN @ H^3·(Xi+Ii) - veor $t0,$t0,$IN - vpmull2.p64 $Xh,$H3,$IN - vpmull.p64 $Xm,$H34,$t0 - - veor $Xl,$Xl,$Yl - veor $Xh,$Xh,$Yh - veor $Xm,$Xm,$Ym - b .Ldone4x - -.align 4 -.Ltwo: - vext.8 $t1,$Xl,$Xh,#8 @ Karatsuba post-processing - veor $t2,$Xl,$Xh - veor $Xm,$Xm,$t1 - vld1.64 {$I0-$j1},[$inp] - veor $Xm,$Xm,$t2 -#ifndef __ARMEB__ - vrev64.8 $j1,$j1 - vrev64.8 $I0,$I0 -#endif - - vpmull.p64 $t2,$Xl,$xC2 @ 1st phase of reduction - vmov $Xh#lo,$Xm#hi @ Xh|Xm - 256-bit result - vmov $Xm#hi,$Xl#lo @ Xm is rotated Xl - vext.8 $I1,$j1,$j1,#8 - veor $Xl,$Xm,$t2 - - vext.8 $t2,$Xl,$Xl,#8 @ 2nd phase of reduction - vpmull.p64 $Xl,$Xl,$xC2 - veor $t2,$t2,$Xh - veor $Xl,$Xl,$t2 - vext.8 $Xl,$Xl,$Xl,#8 - - vpmull.p64 $Yl,$H,$I1 @ H·Ii+1 - veor $j1,$j1,$I1 - - veor $t0,$I0,$Xl - vext.8 $IN,$t0,$t0,#8 - - vpmull2.p64 $Yh,$H,$I1 - vpmull.p64 $Ym,$Hhl,$j1 - - vpmull.p64 $Xl,$H2,$IN @ H^2·(Xi+Ii) - veor $t0,$t0,$IN - vpmull2.p64 $Xh,$H2,$IN - vpmull2.p64 $Xm,$Hhl,$t0 - - veor $Xl,$Xl,$Yl - veor $Xh,$Xh,$Yh - veor $Xm,$Xm,$Ym - b .Ldone4x - -.align 4 -.Lone: - vext.8 $t1,$Xl,$Xh,#8 @ Karatsuba post-processing - veor $t2,$Xl,$Xh - veor $Xm,$Xm,$t1 - vld1.64 {$I0},[$inp] - veor $Xm,$Xm,$t2 -#ifndef __ARMEB__ - vrev64.8 $I0,$I0 -#endif - - vpmull.p64 $t2,$Xl,$xC2 @ 1st phase of reduction - vmov $Xh#lo,$Xm#hi @ Xh|Xm - 256-bit result - vmov $Xm#hi,$Xl#lo @ Xm is rotated Xl - veor $Xl,$Xm,$t2 - - vext.8 $t2,$Xl,$Xl,#8 @ 2nd phase of reduction - vpmull.p64 $Xl,$Xl,$xC2 - veor $t2,$t2,$Xh - veor $Xl,$Xl,$t2 - vext.8 $Xl,$Xl,$Xl,#8 - - veor $t0,$I0,$Xl - vext.8 $IN,$t0,$t0,#8 - - vpmull.p64 $Xl,$H,$IN - veor $t0,$t0,$IN - vpmull2.p64 $Xh,$H,$IN - vpmull.p64 $Xm,$Hhl,$t0 - -.Ldone4x: - vext.8 $t1,$Xl,$Xh,#8 @ Karatsuba post-processing - veor $t2,$Xl,$Xh - veor $Xm,$Xm,$t1 - veor $Xm,$Xm,$t2 - - vpmull.p64 $t2,$Xl,$xC2 @ 1st phase of reduction - vmov $Xh#lo,$Xm#hi @ Xh|Xm - 256-bit result - vmov $Xm#hi,$Xl#lo @ Xm is rotated Xl - veor $Xl,$Xm,$t2 - - vext.8 $t2,$Xl,$Xl,#8 @ 2nd phase of reduction - vpmull.p64 $Xl,$Xl,$xC2 - veor $t2,$t2,$Xh - veor $Xl,$Xl,$t2 - vext.8 $Xl,$Xl,$Xl,#8 - -#ifndef __ARMEB__ - vrev64.8 $Xl,$Xl -#endif - vst1.64 {$Xl},[$Xi] @ write out Xi - - ret -.size gcm_ghash_v8_4x,.-gcm_ghash_v8_4x -___ - -} -} - -$code.=<<___; -.asciz "GHASH for ARMv8, CRYPTOGAMS by " -.align 2 -#endif -___ - -if ($flavour =~ /64/) { ######## 64-bit code - sub unvmov { - my $arg=shift; - - $arg =~ m/q([0-9]+)#(lo|hi),\s*q([0-9]+)#(lo|hi)/o && - sprintf "ins v%d.d[%d],v%d.d[%d]",$1<8?$1:$1+8,($2 eq "lo")?0:1, - $3<8?$3:$3+8,($4 eq "lo")?0:1; - } - foreach(split("\n",$code)) { - s/cclr\s+([wx])([^,]+),\s*([a-z]+)/csel $1$2,$1zr,$1$2,$3/o or - s/vmov\.i8/movi/o or # fix up legacy mnemonics - s/vmov\s+(.*)/unvmov($1)/geo or - s/vext\.8/ext/o or - s/vshr\.s/sshr\.s/o or - s/vshr/ushr/o or - s/^(\s+)v/$1/o or # strip off v prefix - s/\bbx\s+lr\b/ret/o; - - s/\bq([0-9]+)\b/"v".($1<8?$1:$1+8).".16b"/geo; # old->new registers - s/@\s/\/\//o; # old->new style commentary - - # fix up remaining legacy suffixes - s/\.[ui]?8(\s)/$1/o; - s/\.[uis]?32//o and s/\.16b/\.4s/go; - m/\.p64/o and s/\.16b/\.1q/o; # 1st pmull argument - m/l\.p64/o and s/\.16b/\.1d/go; # 2nd and 3rd pmull arguments - s/\.[uisp]?64//o and s/\.16b/\.2d/go; - s/\.[42]([sd])\[([0-3])\]/\.$1\[$2\]/o; - - print $_,"\n"; - } -} else { ######## 32-bit code - sub unvdup32 { - my $arg=shift; - - $arg =~ m/q([0-9]+),\s*q([0-9]+)\[([0-3])\]/o && - sprintf "vdup.32 q%d,d%d[%d]",$1,2*$2+($3>>1),$3&1; - } - sub unvpmullp64 { - my ($mnemonic,$arg)=@_; - - if ($arg =~ m/q([0-9]+),\s*q([0-9]+),\s*q([0-9]+)/o) { - my $word = 0xf2a00e00|(($1&7)<<13)|(($1&8)<<19) - |(($2&7)<<17)|(($2&8)<<4) - |(($3&7)<<1) |(($3&8)<<2); - $word |= 0x00010001 if ($mnemonic =~ "2"); - # since ARMv7 instructions are always encoded little-endian. - # correct solution is to use .inst directive, but older - # assemblers don't implement it:-( - sprintf "INST(0x%02x,0x%02x,0x%02x,0x%02x)\t@ %s %s", - $word&0xff,($word>>8)&0xff, - ($word>>16)&0xff,($word>>24)&0xff, - $mnemonic,$arg; - } - } - - foreach(split("\n",$code)) { - s/\b[wx]([0-9]+)\b/r$1/go; # new->old registers - s/\bv([0-9])\.[12468]+[bsd]\b/q$1/go; # new->old registers - s/\/\/\s?/@ /o; # new->old style commentary - - # fix up remaining new-style suffixes - s/\],#[0-9]+/]!/o; - - s/cclr\s+([^,]+),\s*([a-z]+)/mov.$2 $1,#0/o or - s/vdup\.32\s+(.*)/unvdup32($1)/geo or - s/v?(pmull2?)\.p64\s+(.*)/unvpmullp64($1,$2)/geo or - s/\bq([0-9]+)#(lo|hi)/sprintf "d%d",2*$1+($2 eq "hi")/geo or - s/^(\s+)b\./$1b/o or - s/^(\s+)ret/$1bx\tlr/o; - - if (s/^(\s+)mov\.([a-z]+)/$1mov$2/) { - print " it $2\n"; - } - - print $_,"\n"; - } -} - -close STDOUT or die "error closing STDOUT: $!"; # enforce flush diff --git a/crypto/modes/build.info b/crypto/modes/build.info deleted file mode 100644 index f3558fa1a4658ed203083afdefda424c43f31d2b..0000000000000000000000000000000000000000 --- a/crypto/modes/build.info +++ /dev/null @@ -1,82 +0,0 @@ -LIBS=../../libcrypto - -$MODESASM= -IF[{- !$disabled{asm} -}] - $MODESASM_x86=ghash-x86.S - $MODESDEF_x86=GHASH_ASM - $MODESASM_x86_64=ghash-x86_64.s aesni-gcm-x86_64.s - $MODESDEF_x86_64=GHASH_ASM - - # ghash-ia64.s doesn't work on VMS - IF[{- $config{target} !~ /^vms-/ -}] - $MODESASM_ia64=ghash-ia64.s - $MODESDEF_ia64=GHASH_ASM - ENDIF - - $MODESASM_sparcv9=ghash-sparcv9.S - $MODESDEF_sparcv9=GHASH_ASM - - $MODESASM_alpha=ghash-alpha.S - $MODESDEF_alpha=GHASH_ASM - - $MODESASM_s390x=ghash-s390x.S - $MODESDEF_s390x=GHASH_ASM - - $MODESASM_armv4=ghash-armv4.S ghashv8-armx.S - $MODESDEF_armv4=GHASH_ASM - $MODESASM_aarch64=ghashv8-armx.S aes-gcm-armv8_64.S - $MODESDEF_aarch64= - - $MODESASM_parisc11=ghash-parisc.s - $MODESDEF_parisc11=GHASH_ASM - $MODESASM_parisc20_64=$MODESASM_parisc11 - $MODESDEF_parisc20_64=$MODESDEF_parisc11 - - $MODESASM_ppc32=ghashp8-ppc.s - $MODESDEF_ppc32= - $MODESASM_ppc64=$MODESASM_ppc32 - $MODESDEF_ppc64=$MODESDEF_ppc32 - - $MODESASM_c64xplus=ghash-c64xplus.s - $MODESDEF_c64xplus=GHASH_ASM - - # Now that we have defined all the arch specific variables, use the - # appropriate one, and define the appropriate macros - IF[$MODESASM_{- $target{asm_arch} -}] - $MODESASM=$MODESASM_{- $target{asm_arch} -} - $MODESDEF=$MODESDEF_{- $target{asm_arch} -} - ENDIF -ENDIF - -$COMMON=cbc128.c ctr128.c cfb128.c ofb128.c gcm128.c ccm128.c xts128.c \ - wrap128.c $MODESASM -SOURCE[../../libcrypto]=$COMMON \ - cts128.c ocb128.c siv128.c -SOURCE[../../providers/libfips.a]=$COMMON - -# Implementations are now spread across several libraries, so the defines -# need to be applied to all affected libraries and modules. -DEFINE[../../libcrypto]=$MODESDEF -DEFINE[../../providers/libfips.a]=$MODESDEF - - -INCLUDE[gcm128.o]=.. - -GENERATE[ghash-ia64.s]=asm/ghash-ia64.pl -GENERATE[ghash-x86.S]=asm/ghash-x86.pl -GENERATE[ghash-x86_64.s]=asm/ghash-x86_64.pl -GENERATE[aesni-gcm-x86_64.s]=asm/aesni-gcm-x86_64.pl -GENERATE[ghash-sparcv9.S]=asm/ghash-sparcv9.pl -INCLUDE[ghash-sparcv9.o]=.. -GENERATE[ghash-alpha.S]=asm/ghash-alpha.pl -GENERATE[ghash-parisc.s]=asm/ghash-parisc.pl -GENERATE[ghashp8-ppc.s]=asm/ghashp8-ppc.pl -GENERATE[ghash-armv4.S]=asm/ghash-armv4.pl -INCLUDE[ghash-armv4.o]=.. -GENERATE[ghashv8-armx.S]=asm/ghashv8-armx.pl -INCLUDE[ghashv8-armx.o]=.. -GENERATE[aes-gcm-armv8_64.S]=asm/aes-gcm-armv8_64.pl -INCLUDE[aes-gcm-armv8_64.o]=.. -GENERATE[ghash-s390x.S]=asm/ghash-s390x.pl -INCLUDE[ghash-s390x.o]=.. -GENERATE[ghash-c64xplus.S]=asm/ghash-c64xplus.pl diff --git a/crypto/modes/cbc128.c b/crypto/modes/cbc128.c deleted file mode 100644 index f3818032a490186a336212c4321a474cf1b5ae56..0000000000000000000000000000000000000000 --- a/crypto/modes/cbc128.c +++ /dev/null @@ -1,172 +0,0 @@ -/* - * Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include "crypto/modes.h" - -#if !defined(STRICT_ALIGNMENT) && !defined(PEDANTIC) -# define STRICT_ALIGNMENT 0 -#endif - -#if defined(__GNUC__) && !STRICT_ALIGNMENT -typedef size_t size_t_aX __attribute((__aligned__(1))); -#else -typedef size_t size_t_aX; -#endif - -void CRYPTO_cbc128_encrypt(const unsigned char *in, unsigned char *out, - size_t len, const void *key, - unsigned char ivec[16], block128_f block) -{ - size_t n; - const unsigned char *iv = ivec; - - if (len == 0) - return; - -#if !defined(OPENSSL_SMALL_FOOTPRINT) - if (STRICT_ALIGNMENT && - ((size_t)in | (size_t)out | (size_t)ivec) % sizeof(size_t) != 0) { - while (len >= 16) { - for (n = 0; n < 16; ++n) - out[n] = in[n] ^ iv[n]; - (*block) (out, out, key); - iv = out; - len -= 16; - in += 16; - out += 16; - } - } else { - while (len >= 16) { - for (n = 0; n < 16; n += sizeof(size_t)) - *(size_t_aX *)(out + n) = - *(size_t_aX *)(in + n) ^ *(size_t_aX *)(iv + n); - (*block) (out, out, key); - iv = out; - len -= 16; - in += 16; - out += 16; - } - } -#endif - while (len) { - for (n = 0; n < 16 && n < len; ++n) - out[n] = in[n] ^ iv[n]; - for (; n < 16; ++n) - out[n] = iv[n]; - (*block) (out, out, key); - iv = out; - if (len <= 16) - break; - len -= 16; - in += 16; - out += 16; - } - if (ivec != iv) - memcpy(ivec, iv, 16); -} - -void CRYPTO_cbc128_decrypt(const unsigned char *in, unsigned char *out, - size_t len, const void *key, - unsigned char ivec[16], block128_f block) -{ - size_t n; - union { - size_t t[16 / sizeof(size_t)]; - unsigned char c[16]; - } tmp; - - if (len == 0) - return; - -#if !defined(OPENSSL_SMALL_FOOTPRINT) - if (in != out) { - const unsigned char *iv = ivec; - - if (STRICT_ALIGNMENT && - ((size_t)in | (size_t)out | (size_t)ivec) % sizeof(size_t) != 0) { - while (len >= 16) { - (*block) (in, out, key); - for (n = 0; n < 16; ++n) - out[n] ^= iv[n]; - iv = in; - len -= 16; - in += 16; - out += 16; - } - } else if (16 % sizeof(size_t) == 0) { /* always true */ - while (len >= 16) { - size_t_aX *out_t = (size_t_aX *)out; - size_t_aX *iv_t = (size_t_aX *)iv; - - (*block) (in, out, key); - for (n = 0; n < 16 / sizeof(size_t); n++) - out_t[n] ^= iv_t[n]; - iv = in; - len -= 16; - in += 16; - out += 16; - } - } - if (ivec != iv) - memcpy(ivec, iv, 16); - } else { - if (STRICT_ALIGNMENT && - ((size_t)in | (size_t)out | (size_t)ivec) % sizeof(size_t) != 0) { - unsigned char c; - while (len >= 16) { - (*block) (in, tmp.c, key); - for (n = 0; n < 16; ++n) { - c = in[n]; - out[n] = tmp.c[n] ^ ivec[n]; - ivec[n] = c; - } - len -= 16; - in += 16; - out += 16; - } - } else if (16 % sizeof(size_t) == 0) { /* always true */ - while (len >= 16) { - size_t c; - size_t_aX *out_t = (size_t_aX *)out; - size_t_aX *ivec_t = (size_t_aX *)ivec; - const size_t_aX *in_t = (const size_t_aX *)in; - - (*block) (in, tmp.c, key); - for (n = 0; n < 16 / sizeof(size_t); n++) { - c = in_t[n]; - out_t[n] = tmp.t[n] ^ ivec_t[n]; - ivec_t[n] = c; - } - len -= 16; - in += 16; - out += 16; - } - } - } -#endif - while (len) { - unsigned char c; - (*block) (in, tmp.c, key); - for (n = 0; n < 16 && n < len; ++n) { - c = in[n]; - out[n] = tmp.c[n] ^ ivec[n]; - ivec[n] = c; - } - if (len <= 16) { - for (; n < 16; ++n) - ivec[n] = in[n]; - break; - } - len -= 16; - in += 16; - out += 16; - } -} diff --git a/crypto/modes/ccm128.c b/crypto/modes/ccm128.c deleted file mode 100644 index eee7a69c3ab79204d2d00c18cc59487a3538dac7..0000000000000000000000000000000000000000 --- a/crypto/modes/ccm128.c +++ /dev/null @@ -1,442 +0,0 @@ -/* - * Copyright 2011-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include "crypto/modes.h" - -#ifndef STRICT_ALIGNMENT -# ifdef __GNUC__ -typedef u64 u64_a1 __attribute((__aligned__(1))); -# else -typedef u64 u64_a1; -# endif -#endif - -/* - * First you setup M and L parameters and pass the key schedule. This is - * called once per session setup... - */ -void CRYPTO_ccm128_init(CCM128_CONTEXT *ctx, - unsigned int M, unsigned int L, void *key, - block128_f block) -{ - memset(ctx->nonce.c, 0, sizeof(ctx->nonce.c)); - ctx->nonce.c[0] = ((u8)(L - 1) & 7) | (u8)(((M - 2) / 2) & 7) << 3; - ctx->blocks = 0; - ctx->block = block; - ctx->key = key; -} - -/* !!! Following interfaces are to be called *once* per packet !!! */ - -/* Then you setup per-message nonce and pass the length of the message */ -int CRYPTO_ccm128_setiv(CCM128_CONTEXT *ctx, - const unsigned char *nonce, size_t nlen, size_t mlen) -{ - unsigned int L = ctx->nonce.c[0] & 7; /* the L parameter */ - - if (nlen < (14 - L)) - return -1; /* nonce is too short */ - - if (sizeof(mlen) == 8 && L >= 3) { - ctx->nonce.c[8] = (u8)(mlen >> (56 % (sizeof(mlen) * 8))); - ctx->nonce.c[9] = (u8)(mlen >> (48 % (sizeof(mlen) * 8))); - ctx->nonce.c[10] = (u8)(mlen >> (40 % (sizeof(mlen) * 8))); - ctx->nonce.c[11] = (u8)(mlen >> (32 % (sizeof(mlen) * 8))); - } else - ctx->nonce.u[1] = 0; - - ctx->nonce.c[12] = (u8)(mlen >> 24); - ctx->nonce.c[13] = (u8)(mlen >> 16); - ctx->nonce.c[14] = (u8)(mlen >> 8); - ctx->nonce.c[15] = (u8)mlen; - - ctx->nonce.c[0] &= ~0x40; /* clear Adata flag */ - memcpy(&ctx->nonce.c[1], nonce, 14 - L); - - return 0; -} - -/* Then you pass additional authentication data, this is optional */ -void CRYPTO_ccm128_aad(CCM128_CONTEXT *ctx, - const unsigned char *aad, size_t alen) -{ - unsigned int i; - block128_f block = ctx->block; - - if (alen == 0) - return; - - ctx->nonce.c[0] |= 0x40; /* set Adata flag */ - (*block) (ctx->nonce.c, ctx->cmac.c, ctx->key), ctx->blocks++; - - if (alen < (0x10000 - 0x100)) { - ctx->cmac.c[0] ^= (u8)(alen >> 8); - ctx->cmac.c[1] ^= (u8)alen; - i = 2; - } else if (sizeof(alen) == 8 - && alen >= (size_t)1 << (32 % (sizeof(alen) * 8))) { - ctx->cmac.c[0] ^= 0xFF; - ctx->cmac.c[1] ^= 0xFF; - ctx->cmac.c[2] ^= (u8)(alen >> (56 % (sizeof(alen) * 8))); - ctx->cmac.c[3] ^= (u8)(alen >> (48 % (sizeof(alen) * 8))); - ctx->cmac.c[4] ^= (u8)(alen >> (40 % (sizeof(alen) * 8))); - ctx->cmac.c[5] ^= (u8)(alen >> (32 % (sizeof(alen) * 8))); - ctx->cmac.c[6] ^= (u8)(alen >> 24); - ctx->cmac.c[7] ^= (u8)(alen >> 16); - ctx->cmac.c[8] ^= (u8)(alen >> 8); - ctx->cmac.c[9] ^= (u8)alen; - i = 10; - } else { - ctx->cmac.c[0] ^= 0xFF; - ctx->cmac.c[1] ^= 0xFE; - ctx->cmac.c[2] ^= (u8)(alen >> 24); - ctx->cmac.c[3] ^= (u8)(alen >> 16); - ctx->cmac.c[4] ^= (u8)(alen >> 8); - ctx->cmac.c[5] ^= (u8)alen; - i = 6; - } - - do { - for (; i < 16 && alen; ++i, ++aad, --alen) - ctx->cmac.c[i] ^= *aad; - (*block) (ctx->cmac.c, ctx->cmac.c, ctx->key), ctx->blocks++; - i = 0; - } while (alen); -} - -/* Finally you encrypt or decrypt the message */ - -/* - * counter part of nonce may not be larger than L*8 bits, L is not larger - * than 8, therefore 64-bit counter... - */ -static void ctr64_inc(unsigned char *counter) -{ - unsigned int n = 8; - u8 c; - - counter += 8; - do { - --n; - c = counter[n]; - ++c; - counter[n] = c; - if (c) - return; - } while (n); -} - -int CRYPTO_ccm128_encrypt(CCM128_CONTEXT *ctx, - const unsigned char *inp, unsigned char *out, - size_t len) -{ - size_t n; - unsigned int i, L; - unsigned char flags0 = ctx->nonce.c[0]; - block128_f block = ctx->block; - void *key = ctx->key; - union { - u64 u[2]; - u8 c[16]; - } scratch; - - if (!(flags0 & 0x40)) - (*block) (ctx->nonce.c, ctx->cmac.c, key), ctx->blocks++; - - ctx->nonce.c[0] = L = flags0 & 7; - for (n = 0, i = 15 - L; i < 15; ++i) { - n |= ctx->nonce.c[i]; - ctx->nonce.c[i] = 0; - n <<= 8; - } - n |= ctx->nonce.c[15]; /* reconstructed length */ - ctx->nonce.c[15] = 1; - - if (n != len) - return -1; /* length mismatch */ - - ctx->blocks += ((len + 15) >> 3) | 1; - if (ctx->blocks > (U64(1) << 61)) - return -2; /* too much data */ - - while (len >= 16) { -#if defined(STRICT_ALIGNMENT) - union { - u64 u[2]; - u8 c[16]; - } temp; - - memcpy(temp.c, inp, 16); - ctx->cmac.u[0] ^= temp.u[0]; - ctx->cmac.u[1] ^= temp.u[1]; -#else - ctx->cmac.u[0] ^= ((u64_a1 *)inp)[0]; - ctx->cmac.u[1] ^= ((u64_a1 *)inp)[1]; -#endif - (*block) (ctx->cmac.c, ctx->cmac.c, key); - (*block) (ctx->nonce.c, scratch.c, key); - ctr64_inc(ctx->nonce.c); -#if defined(STRICT_ALIGNMENT) - temp.u[0] ^= scratch.u[0]; - temp.u[1] ^= scratch.u[1]; - memcpy(out, temp.c, 16); -#else - ((u64_a1 *)out)[0] = scratch.u[0] ^ ((u64_a1 *)inp)[0]; - ((u64_a1 *)out)[1] = scratch.u[1] ^ ((u64_a1 *)inp)[1]; -#endif - inp += 16; - out += 16; - len -= 16; - } - - if (len) { - for (i = 0; i < len; ++i) - ctx->cmac.c[i] ^= inp[i]; - (*block) (ctx->cmac.c, ctx->cmac.c, key); - (*block) (ctx->nonce.c, scratch.c, key); - for (i = 0; i < len; ++i) - out[i] = scratch.c[i] ^ inp[i]; - } - - for (i = 15 - L; i < 16; ++i) - ctx->nonce.c[i] = 0; - - (*block) (ctx->nonce.c, scratch.c, key); - ctx->cmac.u[0] ^= scratch.u[0]; - ctx->cmac.u[1] ^= scratch.u[1]; - - ctx->nonce.c[0] = flags0; - - return 0; -} - -int CRYPTO_ccm128_decrypt(CCM128_CONTEXT *ctx, - const unsigned char *inp, unsigned char *out, - size_t len) -{ - size_t n; - unsigned int i, L; - unsigned char flags0 = ctx->nonce.c[0]; - block128_f block = ctx->block; - void *key = ctx->key; - union { - u64 u[2]; - u8 c[16]; - } scratch; - - if (!(flags0 & 0x40)) - (*block) (ctx->nonce.c, ctx->cmac.c, key); - - ctx->nonce.c[0] = L = flags0 & 7; - for (n = 0, i = 15 - L; i < 15; ++i) { - n |= ctx->nonce.c[i]; - ctx->nonce.c[i] = 0; - n <<= 8; - } - n |= ctx->nonce.c[15]; /* reconstructed length */ - ctx->nonce.c[15] = 1; - - if (n != len) - return -1; - - while (len >= 16) { -#if defined(STRICT_ALIGNMENT) - union { - u64 u[2]; - u8 c[16]; - } temp; -#endif - (*block) (ctx->nonce.c, scratch.c, key); - ctr64_inc(ctx->nonce.c); -#if defined(STRICT_ALIGNMENT) - memcpy(temp.c, inp, 16); - ctx->cmac.u[0] ^= (scratch.u[0] ^= temp.u[0]); - ctx->cmac.u[1] ^= (scratch.u[1] ^= temp.u[1]); - memcpy(out, scratch.c, 16); -#else - ctx->cmac.u[0] ^= (((u64_a1 *)out)[0] - = scratch.u[0] ^ ((u64_a1 *)inp)[0]); - ctx->cmac.u[1] ^= (((u64_a1 *)out)[1] - = scratch.u[1] ^ ((u64_a1 *)inp)[1]); -#endif - (*block) (ctx->cmac.c, ctx->cmac.c, key); - - inp += 16; - out += 16; - len -= 16; - } - - if (len) { - (*block) (ctx->nonce.c, scratch.c, key); - for (i = 0; i < len; ++i) - ctx->cmac.c[i] ^= (out[i] = scratch.c[i] ^ inp[i]); - (*block) (ctx->cmac.c, ctx->cmac.c, key); - } - - for (i = 15 - L; i < 16; ++i) - ctx->nonce.c[i] = 0; - - (*block) (ctx->nonce.c, scratch.c, key); - ctx->cmac.u[0] ^= scratch.u[0]; - ctx->cmac.u[1] ^= scratch.u[1]; - - ctx->nonce.c[0] = flags0; - - return 0; -} - -static void ctr64_add(unsigned char *counter, size_t inc) -{ - size_t n = 8, val = 0; - - counter += 8; - do { - --n; - val += counter[n] + (inc & 0xff); - counter[n] = (unsigned char)val; - val >>= 8; /* carry bit */ - inc >>= 8; - } while (n && (inc || val)); -} - -int CRYPTO_ccm128_encrypt_ccm64(CCM128_CONTEXT *ctx, - const unsigned char *inp, unsigned char *out, - size_t len, ccm128_f stream) -{ - size_t n; - unsigned int i, L; - unsigned char flags0 = ctx->nonce.c[0]; - block128_f block = ctx->block; - void *key = ctx->key; - union { - u64 u[2]; - u8 c[16]; - } scratch; - - if (!(flags0 & 0x40)) - (*block) (ctx->nonce.c, ctx->cmac.c, key), ctx->blocks++; - - ctx->nonce.c[0] = L = flags0 & 7; - for (n = 0, i = 15 - L; i < 15; ++i) { - n |= ctx->nonce.c[i]; - ctx->nonce.c[i] = 0; - n <<= 8; - } - n |= ctx->nonce.c[15]; /* reconstructed length */ - ctx->nonce.c[15] = 1; - - if (n != len) - return -1; /* length mismatch */ - - ctx->blocks += ((len + 15) >> 3) | 1; - if (ctx->blocks > (U64(1) << 61)) - return -2; /* too much data */ - - if ((n = len / 16)) { - (*stream) (inp, out, n, key, ctx->nonce.c, ctx->cmac.c); - n *= 16; - inp += n; - out += n; - len -= n; - if (len) - ctr64_add(ctx->nonce.c, n / 16); - } - - if (len) { - for (i = 0; i < len; ++i) - ctx->cmac.c[i] ^= inp[i]; - (*block) (ctx->cmac.c, ctx->cmac.c, key); - (*block) (ctx->nonce.c, scratch.c, key); - for (i = 0; i < len; ++i) - out[i] = scratch.c[i] ^ inp[i]; - } - - for (i = 15 - L; i < 16; ++i) - ctx->nonce.c[i] = 0; - - (*block) (ctx->nonce.c, scratch.c, key); - ctx->cmac.u[0] ^= scratch.u[0]; - ctx->cmac.u[1] ^= scratch.u[1]; - - ctx->nonce.c[0] = flags0; - - return 0; -} - -int CRYPTO_ccm128_decrypt_ccm64(CCM128_CONTEXT *ctx, - const unsigned char *inp, unsigned char *out, - size_t len, ccm128_f stream) -{ - size_t n; - unsigned int i, L; - unsigned char flags0 = ctx->nonce.c[0]; - block128_f block = ctx->block; - void *key = ctx->key; - union { - u64 u[2]; - u8 c[16]; - } scratch; - - if (!(flags0 & 0x40)) - (*block) (ctx->nonce.c, ctx->cmac.c, key); - - ctx->nonce.c[0] = L = flags0 & 7; - for (n = 0, i = 15 - L; i < 15; ++i) { - n |= ctx->nonce.c[i]; - ctx->nonce.c[i] = 0; - n <<= 8; - } - n |= ctx->nonce.c[15]; /* reconstructed length */ - ctx->nonce.c[15] = 1; - - if (n != len) - return -1; - - if ((n = len / 16)) { - (*stream) (inp, out, n, key, ctx->nonce.c, ctx->cmac.c); - n *= 16; - inp += n; - out += n; - len -= n; - if (len) - ctr64_add(ctx->nonce.c, n / 16); - } - - if (len) { - (*block) (ctx->nonce.c, scratch.c, key); - for (i = 0; i < len; ++i) - ctx->cmac.c[i] ^= (out[i] = scratch.c[i] ^ inp[i]); - (*block) (ctx->cmac.c, ctx->cmac.c, key); - } - - for (i = 15 - L; i < 16; ++i) - ctx->nonce.c[i] = 0; - - (*block) (ctx->nonce.c, scratch.c, key); - ctx->cmac.u[0] ^= scratch.u[0]; - ctx->cmac.u[1] ^= scratch.u[1]; - - ctx->nonce.c[0] = flags0; - - return 0; -} - -size_t CRYPTO_ccm128_tag(CCM128_CONTEXT *ctx, unsigned char *tag, size_t len) -{ - unsigned int M = (ctx->nonce.c[0] >> 3) & 7; /* the M parameter */ - - M *= 2; - M += 2; - if (len != M) - return 0; - memcpy(tag, ctx->cmac.c, M); - return M; -} diff --git a/crypto/modes/cfb128.c b/crypto/modes/cfb128.c deleted file mode 100644 index 2d37bcb586fd8eceaed87bd656d1b9d77e8bc73d..0000000000000000000000000000000000000000 --- a/crypto/modes/cfb128.c +++ /dev/null @@ -1,211 +0,0 @@ -/* - * Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include "crypto/modes.h" - -#if defined(__GNUC__) && !defined(STRICT_ALIGNMENT) -typedef size_t size_t_aX __attribute((__aligned__(1))); -#else -typedef size_t size_t_aX; -#endif - -/* - * The input and output encrypted as though 128bit cfb mode is being used. - * The extra state information to record how much of the 128bit block we have - * used is contained in *num; - */ -void CRYPTO_cfb128_encrypt(const unsigned char *in, unsigned char *out, - size_t len, const void *key, - unsigned char ivec[16], int *num, - int enc, block128_f block) -{ - unsigned int n; - size_t l = 0; - - if (*num < 0) { - /* There is no good way to signal an error return from here */ - *num = -1; - return; - } - n = *num; - - if (enc) { -#if !defined(OPENSSL_SMALL_FOOTPRINT) - if (16 % sizeof(size_t) == 0) { /* always true actually */ - do { - while (n && len) { - *(out++) = ivec[n] ^= *(in++); - --len; - n = (n + 1) % 16; - } -# if defined(STRICT_ALIGNMENT) - if (((size_t)in | (size_t)out | (size_t)ivec) % - sizeof(size_t) != 0) - break; -# endif - while (len >= 16) { - (*block) (ivec, ivec, key); - for (; n < 16; n += sizeof(size_t)) { - *(size_t_aX *)(out + n) = - *(size_t_aX *)(ivec + n) - ^= *(size_t_aX *)(in + n); - } - len -= 16; - out += 16; - in += 16; - n = 0; - } - if (len) { - (*block) (ivec, ivec, key); - while (len--) { - out[n] = ivec[n] ^= in[n]; - ++n; - } - } - *num = n; - return; - } while (0); - } - /* the rest would be commonly eliminated by x86* compiler */ -#endif - while (l < len) { - if (n == 0) { - (*block) (ivec, ivec, key); - } - out[l] = ivec[n] ^= in[l]; - ++l; - n = (n + 1) % 16; - } - *num = n; - } else { -#if !defined(OPENSSL_SMALL_FOOTPRINT) - if (16 % sizeof(size_t) == 0) { /* always true actually */ - do { - while (n && len) { - unsigned char c; - *(out++) = ivec[n] ^ (c = *(in++)); - ivec[n] = c; - --len; - n = (n + 1) % 16; - } -# if defined(STRICT_ALIGNMENT) - if (((size_t)in | (size_t)out | (size_t)ivec) % - sizeof(size_t) != 0) - break; -# endif - while (len >= 16) { - (*block) (ivec, ivec, key); - for (; n < 16; n += sizeof(size_t)) { - size_t t = *(size_t_aX *)(in + n); - *(size_t_aX *)(out + n) - = *(size_t_aX *)(ivec + n) ^ t; - *(size_t_aX *)(ivec + n) = t; - } - len -= 16; - out += 16; - in += 16; - n = 0; - } - if (len) { - (*block) (ivec, ivec, key); - while (len--) { - unsigned char c; - out[n] = ivec[n] ^ (c = in[n]); - ivec[n] = c; - ++n; - } - } - *num = n; - return; - } while (0); - } - /* the rest would be commonly eliminated by x86* compiler */ -#endif - while (l < len) { - unsigned char c; - if (n == 0) { - (*block) (ivec, ivec, key); - } - out[l] = ivec[n] ^ (c = in[l]); - ivec[n] = c; - ++l; - n = (n + 1) % 16; - } - *num = n; - } -} - -/* - * This expects a single block of size nbits for both in and out. Note that - * it corrupts any extra bits in the last byte of out - */ -static void cfbr_encrypt_block(const unsigned char *in, unsigned char *out, - int nbits, const void *key, - unsigned char ivec[16], int enc, - block128_f block) -{ - int n, rem, num; - unsigned char ovec[16 * 2 + 1]; /* +1 because we dereference (but don't - * use) one byte off the end */ - - if (nbits <= 0 || nbits > 128) - return; - - /* fill in the first half of the new IV with the current IV */ - memcpy(ovec, ivec, 16); - /* construct the new IV */ - (*block) (ivec, ivec, key); - num = (nbits + 7) / 8; - if (enc) /* encrypt the input */ - for (n = 0; n < num; ++n) - out[n] = (ovec[16 + n] = in[n] ^ ivec[n]); - else /* decrypt the input */ - for (n = 0; n < num; ++n) - out[n] = (ovec[16 + n] = in[n]) ^ ivec[n]; - /* shift ovec left... */ - rem = nbits % 8; - num = nbits / 8; - if (rem == 0) - memcpy(ivec, ovec + num, 16); - else - for (n = 0; n < 16; ++n) - ivec[n] = ovec[n + num] << rem | ovec[n + num + 1] >> (8 - rem); - - /* it is not necessary to cleanse ovec, since the IV is not secret */ -} - -/* N.B. This expects the input to be packed, MS bit first */ -void CRYPTO_cfb128_1_encrypt(const unsigned char *in, unsigned char *out, - size_t bits, const void *key, - unsigned char ivec[16], int *num, - int enc, block128_f block) -{ - size_t n; - unsigned char c[1], d[1]; - - for (n = 0; n < bits; ++n) { - c[0] = (in[n / 8] & (1 << (7 - n % 8))) ? 0x80 : 0; - cfbr_encrypt_block(c, d, 1, key, ivec, enc, block); - out[n / 8] = (out[n / 8] & ~(1 << (unsigned int)(7 - n % 8))) | - ((d[0] & 0x80) >> (unsigned int)(n % 8)); - } -} - -void CRYPTO_cfb128_8_encrypt(const unsigned char *in, unsigned char *out, - size_t length, const void *key, - unsigned char ivec[16], int *num, - int enc, block128_f block) -{ - size_t n; - - for (n = 0; n < length; ++n) - cfbr_encrypt_block(&in[n], &out[n], 8, key, ivec, enc, block); -} diff --git a/crypto/modes/ctr128.c b/crypto/modes/ctr128.c deleted file mode 100644 index 58014e76e275d44de0b41d60270f5cc409228c66..0000000000000000000000000000000000000000 --- a/crypto/modes/ctr128.c +++ /dev/null @@ -1,212 +0,0 @@ -/* - * Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include "internal/endian.h" -#include "crypto/modes.h" - -#if defined(__GNUC__) && !defined(STRICT_ALIGNMENT) -typedef size_t size_t_aX __attribute((__aligned__(1))); -#else -typedef size_t size_t_aX; -#endif - -/* - * NOTE: the IV/counter CTR mode is big-endian. The code itself is - * endian-neutral. - */ - -/* increment counter (128-bit int) by 1 */ -static void ctr128_inc(unsigned char *counter) -{ - u32 n = 16, c = 1; - - do { - --n; - c += counter[n]; - counter[n] = (u8)c; - c >>= 8; - } while (n); -} - -#if !defined(OPENSSL_SMALL_FOOTPRINT) -static void ctr128_inc_aligned(unsigned char *counter) -{ - size_t *data, c, d, n; - DECLARE_IS_ENDIAN; - - if (IS_LITTLE_ENDIAN || ((size_t)counter % sizeof(size_t)) != 0) { - ctr128_inc(counter); - return; - } - - data = (size_t *)counter; - c = 1; - n = 16 / sizeof(size_t); - do { - --n; - d = data[n] += c; - /* did addition carry? */ - c = ((d - c) & ~d) >> (sizeof(size_t) * 8 - 1); - } while (n); -} -#endif - -/* - * The input encrypted as though 128bit counter mode is being used. The - * extra state information to record how much of the 128bit block we have - * used is contained in *num, and the encrypted counter is kept in - * ecount_buf. Both *num and ecount_buf must be initialised with zeros - * before the first call to CRYPTO_ctr128_encrypt(). This algorithm assumes - * that the counter is in the x lower bits of the IV (ivec), and that the - * application has full control over overflow and the rest of the IV. This - * implementation takes NO responsibility for checking that the counter - * doesn't overflow into the rest of the IV when incremented. - */ -void CRYPTO_ctr128_encrypt(const unsigned char *in, unsigned char *out, - size_t len, const void *key, - unsigned char ivec[16], - unsigned char ecount_buf[16], unsigned int *num, - block128_f block) -{ - unsigned int n; - size_t l = 0; - - n = *num; - -#if !defined(OPENSSL_SMALL_FOOTPRINT) - if (16 % sizeof(size_t) == 0) { /* always true actually */ - do { - while (n && len) { - *(out++) = *(in++) ^ ecount_buf[n]; - --len; - n = (n + 1) % 16; - } - -# if defined(STRICT_ALIGNMENT) - if (((size_t)in | (size_t)out | (size_t)ecount_buf) - % sizeof(size_t) != 0) - break; -# endif - while (len >= 16) { - (*block) (ivec, ecount_buf, key); - ctr128_inc_aligned(ivec); - for (n = 0; n < 16; n += sizeof(size_t)) - *(size_t_aX *)(out + n) = - *(size_t_aX *)(in + n) - ^ *(size_t_aX *)(ecount_buf + n); - len -= 16; - out += 16; - in += 16; - n = 0; - } - if (len) { - (*block) (ivec, ecount_buf, key); - ctr128_inc_aligned(ivec); - while (len--) { - out[n] = in[n] ^ ecount_buf[n]; - ++n; - } - } - *num = n; - return; - } while (0); - } - /* the rest would be commonly eliminated by x86* compiler */ -#endif - while (l < len) { - if (n == 0) { - (*block) (ivec, ecount_buf, key); - ctr128_inc(ivec); - } - out[l] = in[l] ^ ecount_buf[n]; - ++l; - n = (n + 1) % 16; - } - - *num = n; -} - -/* increment upper 96 bits of 128-bit counter by 1 */ -static void ctr96_inc(unsigned char *counter) -{ - u32 n = 12, c = 1; - - do { - --n; - c += counter[n]; - counter[n] = (u8)c; - c >>= 8; - } while (n); -} - -void CRYPTO_ctr128_encrypt_ctr32(const unsigned char *in, unsigned char *out, - size_t len, const void *key, - unsigned char ivec[16], - unsigned char ecount_buf[16], - unsigned int *num, ctr128_f func) -{ - unsigned int n, ctr32; - - n = *num; - - while (n && len) { - *(out++) = *(in++) ^ ecount_buf[n]; - --len; - n = (n + 1) % 16; - } - - ctr32 = GETU32(ivec + 12); - while (len >= 16) { - size_t blocks = len / 16; - /* - * 1<<28 is just a not-so-small yet not-so-large number... - * Below condition is practically never met, but it has to - * be checked for code correctness. - */ - if (sizeof(size_t) > sizeof(unsigned int) && blocks > (1U << 28)) - blocks = (1U << 28); - /* - * As (*func) operates on 32-bit counter, caller - * has to handle overflow. 'if' below detects the - * overflow, which is then handled by limiting the - * amount of blocks to the exact overflow point... - */ - ctr32 += (u32)blocks; - if (ctr32 < blocks) { - blocks -= ctr32; - ctr32 = 0; - } - (*func) (in, out, blocks, key, ivec); - /* (*ctr) does not update ivec, caller does: */ - PUTU32(ivec + 12, ctr32); - /* ... overflow was detected, propagate carry. */ - if (ctr32 == 0) - ctr96_inc(ivec); - blocks *= 16; - len -= blocks; - out += blocks; - in += blocks; - } - if (len) { - memset(ecount_buf, 0, 16); - (*func) (ecount_buf, ecount_buf, 1, key, ivec); - ++ctr32; - PUTU32(ivec + 12, ctr32); - if (ctr32 == 0) - ctr96_inc(ivec); - while (len--) { - out[n] = in[n] ^ ecount_buf[n]; - ++n; - } - } - - *num = n; -} diff --git a/crypto/modes/cts128.c b/crypto/modes/cts128.c deleted file mode 100644 index 5600d9c54b1b31f565bba080ff54a118d996cddd..0000000000000000000000000000000000000000 --- a/crypto/modes/cts128.c +++ /dev/null @@ -1,330 +0,0 @@ -/* - * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include "crypto/modes.h" - -/* - * Trouble with Ciphertext Stealing, CTS, mode is that there is no - * common official specification, but couple of cipher/application - * specific ones: RFC2040 and RFC3962. Then there is 'Proposal to - * Extend CBC Mode By "Ciphertext Stealing"' at NIST site, which - * deviates from mentioned RFCs. Most notably it allows input to be - * of block length and it doesn't flip the order of the last two - * blocks. CTS is being discussed even in ECB context, but it's not - * adopted for any known application. This implementation provides - * two interfaces: one compliant with above mentioned RFCs and one - * compliant with the NIST proposal, both extending CBC mode. - */ - -size_t CRYPTO_cts128_encrypt_block(const unsigned char *in, - unsigned char *out, size_t len, - const void *key, unsigned char ivec[16], - block128_f block) -{ - size_t residue, n; - - if (len <= 16) - return 0; - - if ((residue = len % 16) == 0) - residue = 16; - - len -= residue; - - CRYPTO_cbc128_encrypt(in, out, len, key, ivec, block); - - in += len; - out += len; - - for (n = 0; n < residue; ++n) - ivec[n] ^= in[n]; - (*block) (ivec, ivec, key); - memcpy(out, out - 16, residue); - memcpy(out - 16, ivec, 16); - - return len + residue; -} - -size_t CRYPTO_nistcts128_encrypt_block(const unsigned char *in, - unsigned char *out, size_t len, - const void *key, - unsigned char ivec[16], - block128_f block) -{ - size_t residue, n; - - if (len < 16) - return 0; - - residue = len % 16; - - len -= residue; - - CRYPTO_cbc128_encrypt(in, out, len, key, ivec, block); - - if (residue == 0) - return len; - - in += len; - out += len; - - for (n = 0; n < residue; ++n) - ivec[n] ^= in[n]; - (*block) (ivec, ivec, key); - memcpy(out - 16 + residue, ivec, 16); - - return len + residue; -} - -size_t CRYPTO_cts128_encrypt(const unsigned char *in, unsigned char *out, - size_t len, const void *key, - unsigned char ivec[16], cbc128_f cbc) -{ - size_t residue; - union { - size_t align; - unsigned char c[16]; - } tmp; - - if (len <= 16) - return 0; - - if ((residue = len % 16) == 0) - residue = 16; - - len -= residue; - - (*cbc) (in, out, len, key, ivec, 1); - - in += len; - out += len; - -#if defined(CBC_HANDLES_TRUNCATED_IO) - memcpy(tmp.c, out - 16, 16); - (*cbc) (in, out - 16, residue, key, ivec, 1); - memcpy(out, tmp.c, residue); -#else - memset(tmp.c, 0, sizeof(tmp)); - memcpy(tmp.c, in, residue); - memcpy(out, out - 16, residue); - (*cbc) (tmp.c, out - 16, 16, key, ivec, 1); -#endif - return len + residue; -} - -size_t CRYPTO_nistcts128_encrypt(const unsigned char *in, unsigned char *out, - size_t len, const void *key, - unsigned char ivec[16], cbc128_f cbc) -{ - size_t residue; - union { - size_t align; - unsigned char c[16]; - } tmp; - - if (len < 16) - return 0; - - residue = len % 16; - - len -= residue; - - (*cbc) (in, out, len, key, ivec, 1); - - if (residue == 0) - return len; - - in += len; - out += len; - -#if defined(CBC_HANDLES_TRUNCATED_IO) - (*cbc) (in, out - 16 + residue, residue, key, ivec, 1); -#else - memset(tmp.c, 0, sizeof(tmp)); - memcpy(tmp.c, in, residue); - (*cbc) (tmp.c, out - 16 + residue, 16, key, ivec, 1); -#endif - return len + residue; -} - -size_t CRYPTO_cts128_decrypt_block(const unsigned char *in, - unsigned char *out, size_t len, - const void *key, unsigned char ivec[16], - block128_f block) -{ - size_t residue, n; - union { - size_t align; - unsigned char c[32]; - } tmp; - - if (len <= 16) - return 0; - - if ((residue = len % 16) == 0) - residue = 16; - - len -= 16 + residue; - - if (len) { - CRYPTO_cbc128_decrypt(in, out, len, key, ivec, block); - in += len; - out += len; - } - - (*block) (in, tmp.c + 16, key); - - memcpy(tmp.c, tmp.c + 16, 16); - memcpy(tmp.c, in + 16, residue); - (*block) (tmp.c, tmp.c, key); - - for (n = 0; n < 16; ++n) { - unsigned char c = in[n]; - out[n] = tmp.c[n] ^ ivec[n]; - ivec[n] = c; - } - for (residue += 16; n < residue; ++n) - out[n] = tmp.c[n] ^ in[n]; - - return 16 + len + residue; -} - -size_t CRYPTO_nistcts128_decrypt_block(const unsigned char *in, - unsigned char *out, size_t len, - const void *key, - unsigned char ivec[16], - block128_f block) -{ - size_t residue, n; - union { - size_t align; - unsigned char c[32]; - } tmp; - - if (len < 16) - return 0; - - residue = len % 16; - - if (residue == 0) { - CRYPTO_cbc128_decrypt(in, out, len, key, ivec, block); - return len; - } - - len -= 16 + residue; - - if (len) { - CRYPTO_cbc128_decrypt(in, out, len, key, ivec, block); - in += len; - out += len; - } - - (*block) (in + residue, tmp.c + 16, key); - - memcpy(tmp.c, tmp.c + 16, 16); - memcpy(tmp.c, in, residue); - (*block) (tmp.c, tmp.c, key); - - for (n = 0; n < 16; ++n) { - unsigned char c = in[n]; - out[n] = tmp.c[n] ^ ivec[n]; - ivec[n] = in[n + residue]; - tmp.c[n] = c; - } - for (residue += 16; n < residue; ++n) - out[n] = tmp.c[n] ^ tmp.c[n - 16]; - - return 16 + len + residue; -} - -size_t CRYPTO_cts128_decrypt(const unsigned char *in, unsigned char *out, - size_t len, const void *key, - unsigned char ivec[16], cbc128_f cbc) -{ - size_t residue; - union { - size_t align; - unsigned char c[32]; - } tmp; - - if (len <= 16) - return 0; - - if ((residue = len % 16) == 0) - residue = 16; - - len -= 16 + residue; - - if (len) { - (*cbc) (in, out, len, key, ivec, 0); - in += len; - out += len; - } - - memset(tmp.c, 0, sizeof(tmp)); - /* - * this places in[16] at &tmp.c[16] and decrypted block at &tmp.c[0] - */ - (*cbc) (in, tmp.c, 16, key, tmp.c + 16, 0); - - memcpy(tmp.c, in + 16, residue); -#if defined(CBC_HANDLES_TRUNCATED_IO) - (*cbc) (tmp.c, out, 16 + residue, key, ivec, 0); -#else - (*cbc) (tmp.c, tmp.c, 32, key, ivec, 0); - memcpy(out, tmp.c, 16 + residue); -#endif - return 16 + len + residue; -} - -size_t CRYPTO_nistcts128_decrypt(const unsigned char *in, unsigned char *out, - size_t len, const void *key, - unsigned char ivec[16], cbc128_f cbc) -{ - size_t residue; - union { - size_t align; - unsigned char c[32]; - } tmp; - - if (len < 16) - return 0; - - residue = len % 16; - - if (residue == 0) { - (*cbc) (in, out, len, key, ivec, 0); - return len; - } - - len -= 16 + residue; - - if (len) { - (*cbc) (in, out, len, key, ivec, 0); - in += len; - out += len; - } - - memset(tmp.c, 0, sizeof(tmp)); - /* - * this places in[16] at &tmp.c[16] and decrypted block at &tmp.c[0] - */ - (*cbc) (in + residue, tmp.c, 16, key, tmp.c + 16, 0); - - memcpy(tmp.c, in, residue); -#if defined(CBC_HANDLES_TRUNCATED_IO) - (*cbc) (tmp.c, out, 16 + residue, key, ivec, 0); -#else - (*cbc) (tmp.c, tmp.c, 32, key, ivec, 0); - memcpy(out, tmp.c, 16 + residue); -#endif - return 16 + len + residue; -} diff --git a/crypto/modes/gcm128.c b/crypto/modes/gcm128.c deleted file mode 100644 index e7e719fc0e262c96cf7559677926e052f886fbe3..0000000000000000000000000000000000000000 --- a/crypto/modes/gcm128.c +++ /dev/null @@ -1,1858 +0,0 @@ -/* - * Copyright 2010-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include "internal/cryptlib.h" -#include "internal/endian.h" -#include "crypto/modes.h" - -#if defined(__GNUC__) && !defined(STRICT_ALIGNMENT) -typedef size_t size_t_aX __attribute((__aligned__(1))); -#else -typedef size_t size_t_aX; -#endif - -#if defined(BSWAP4) && defined(STRICT_ALIGNMENT) -/* redefine, because alignment is ensured */ -# undef GETU32 -# define GETU32(p) BSWAP4(*(const u32 *)(p)) -# undef PUTU32 -# define PUTU32(p,v) *(u32 *)(p) = BSWAP4(v) -#endif - -#define PACK(s) ((size_t)(s)<<(sizeof(size_t)*8-16)) -#define REDUCE1BIT(V) do { \ - if (sizeof(size_t)==8) { \ - u64 T = U64(0xe100000000000000) & (0-(V.lo&1)); \ - V.lo = (V.hi<<63)|(V.lo>>1); \ - V.hi = (V.hi>>1 )^T; \ - } \ - else { \ - u32 T = 0xe1000000U & (0-(u32)(V.lo&1)); \ - V.lo = (V.hi<<63)|(V.lo>>1); \ - V.hi = (V.hi>>1 )^((u64)T<<32); \ - } \ -} while(0) - -/*- - * Even though permitted values for TABLE_BITS are 8, 4 and 1, it should - * never be set to 8. 8 is effectively reserved for testing purposes. - * TABLE_BITS>1 are lookup-table-driven implementations referred to as - * "Shoup's" in GCM specification. In other words OpenSSL does not cover - * whole spectrum of possible table driven implementations. Why? In - * non-"Shoup's" case memory access pattern is segmented in such manner, - * that it's trivial to see that cache timing information can reveal - * fair portion of intermediate hash value. Given that ciphertext is - * always available to attacker, it's possible for him to attempt to - * deduce secret parameter H and if successful, tamper with messages - * [which is nothing but trivial in CTR mode]. In "Shoup's" case it's - * not as trivial, but there is no reason to believe that it's resistant - * to cache-timing attack. And the thing about "8-bit" implementation is - * that it consumes 16 (sixteen) times more memory, 4KB per individual - * key + 1KB shared. Well, on pros side it should be twice as fast as - * "4-bit" version. And for gcc-generated x86[_64] code, "8-bit" version - * was observed to run ~75% faster, closer to 100% for commercial - * compilers... Yet "4-bit" procedure is preferred, because it's - * believed to provide better security-performance balance and adequate - * all-round performance. "All-round" refers to things like: - * - * - shorter setup time effectively improves overall timing for - * handling short messages; - * - larger table allocation can become unbearable because of VM - * subsystem penalties (for example on Windows large enough free - * results in VM working set trimming, meaning that consequent - * malloc would immediately incur working set expansion); - * - larger table has larger cache footprint, which can affect - * performance of other code paths (not necessarily even from same - * thread in Hyper-Threading world); - * - * Value of 1 is not appropriate for performance reasons. - */ -#if TABLE_BITS==8 - -static void gcm_init_8bit(u128 Htable[256], u64 H[2]) -{ - int i, j; - u128 V; - - Htable[0].hi = 0; - Htable[0].lo = 0; - V.hi = H[0]; - V.lo = H[1]; - - for (Htable[128] = V, i = 64; i > 0; i >>= 1) { - REDUCE1BIT(V); - Htable[i] = V; - } - - for (i = 2; i < 256; i <<= 1) { - u128 *Hi = Htable + i, H0 = *Hi; - for (j = 1; j < i; ++j) { - Hi[j].hi = H0.hi ^ Htable[j].hi; - Hi[j].lo = H0.lo ^ Htable[j].lo; - } - } -} - -static void gcm_gmult_8bit(u64 Xi[2], const u128 Htable[256]) -{ - u128 Z = { 0, 0 }; - const u8 *xi = (const u8 *)Xi + 15; - size_t rem, n = *xi; - DECLARE_IS_ENDIAN; - static const size_t rem_8bit[256] = { - PACK(0x0000), PACK(0x01C2), PACK(0x0384), PACK(0x0246), - PACK(0x0708), PACK(0x06CA), PACK(0x048C), PACK(0x054E), - PACK(0x0E10), PACK(0x0FD2), PACK(0x0D94), PACK(0x0C56), - PACK(0x0918), PACK(0x08DA), PACK(0x0A9C), PACK(0x0B5E), - PACK(0x1C20), PACK(0x1DE2), PACK(0x1FA4), PACK(0x1E66), - PACK(0x1B28), PACK(0x1AEA), PACK(0x18AC), PACK(0x196E), - PACK(0x1230), PACK(0x13F2), PACK(0x11B4), PACK(0x1076), - PACK(0x1538), PACK(0x14FA), PACK(0x16BC), PACK(0x177E), - PACK(0x3840), PACK(0x3982), PACK(0x3BC4), PACK(0x3A06), - PACK(0x3F48), PACK(0x3E8A), PACK(0x3CCC), PACK(0x3D0E), - PACK(0x3650), PACK(0x3792), PACK(0x35D4), PACK(0x3416), - PACK(0x3158), PACK(0x309A), PACK(0x32DC), PACK(0x331E), - PACK(0x2460), PACK(0x25A2), PACK(0x27E4), PACK(0x2626), - PACK(0x2368), PACK(0x22AA), PACK(0x20EC), PACK(0x212E), - PACK(0x2A70), PACK(0x2BB2), PACK(0x29F4), PACK(0x2836), - PACK(0x2D78), PACK(0x2CBA), PACK(0x2EFC), PACK(0x2F3E), - PACK(0x7080), PACK(0x7142), PACK(0x7304), PACK(0x72C6), - PACK(0x7788), PACK(0x764A), PACK(0x740C), PACK(0x75CE), - PACK(0x7E90), PACK(0x7F52), PACK(0x7D14), PACK(0x7CD6), - PACK(0x7998), PACK(0x785A), PACK(0x7A1C), PACK(0x7BDE), - PACK(0x6CA0), PACK(0x6D62), PACK(0x6F24), PACK(0x6EE6), - PACK(0x6BA8), PACK(0x6A6A), PACK(0x682C), PACK(0x69EE), - PACK(0x62B0), PACK(0x6372), PACK(0x6134), PACK(0x60F6), - PACK(0x65B8), PACK(0x647A), PACK(0x663C), PACK(0x67FE), - PACK(0x48C0), PACK(0x4902), PACK(0x4B44), PACK(0x4A86), - PACK(0x4FC8), PACK(0x4E0A), PACK(0x4C4C), PACK(0x4D8E), - PACK(0x46D0), PACK(0x4712), PACK(0x4554), PACK(0x4496), - PACK(0x41D8), PACK(0x401A), PACK(0x425C), PACK(0x439E), - PACK(0x54E0), PACK(0x5522), PACK(0x5764), PACK(0x56A6), - PACK(0x53E8), PACK(0x522A), PACK(0x506C), PACK(0x51AE), - PACK(0x5AF0), PACK(0x5B32), PACK(0x5974), PACK(0x58B6), - PACK(0x5DF8), PACK(0x5C3A), PACK(0x5E7C), PACK(0x5FBE), - PACK(0xE100), PACK(0xE0C2), PACK(0xE284), PACK(0xE346), - PACK(0xE608), PACK(0xE7CA), PACK(0xE58C), PACK(0xE44E), - PACK(0xEF10), PACK(0xEED2), PACK(0xEC94), PACK(0xED56), - PACK(0xE818), PACK(0xE9DA), PACK(0xEB9C), PACK(0xEA5E), - PACK(0xFD20), PACK(0xFCE2), PACK(0xFEA4), PACK(0xFF66), - PACK(0xFA28), PACK(0xFBEA), PACK(0xF9AC), PACK(0xF86E), - PACK(0xF330), PACK(0xF2F2), PACK(0xF0B4), PACK(0xF176), - PACK(0xF438), PACK(0xF5FA), PACK(0xF7BC), PACK(0xF67E), - PACK(0xD940), PACK(0xD882), PACK(0xDAC4), PACK(0xDB06), - PACK(0xDE48), PACK(0xDF8A), PACK(0xDDCC), PACK(0xDC0E), - PACK(0xD750), PACK(0xD692), PACK(0xD4D4), PACK(0xD516), - PACK(0xD058), PACK(0xD19A), PACK(0xD3DC), PACK(0xD21E), - PACK(0xC560), PACK(0xC4A2), PACK(0xC6E4), PACK(0xC726), - PACK(0xC268), PACK(0xC3AA), PACK(0xC1EC), PACK(0xC02E), - PACK(0xCB70), PACK(0xCAB2), PACK(0xC8F4), PACK(0xC936), - PACK(0xCC78), PACK(0xCDBA), PACK(0xCFFC), PACK(0xCE3E), - PACK(0x9180), PACK(0x9042), PACK(0x9204), PACK(0x93C6), - PACK(0x9688), PACK(0x974A), PACK(0x950C), PACK(0x94CE), - PACK(0x9F90), PACK(0x9E52), PACK(0x9C14), PACK(0x9DD6), - PACK(0x9898), PACK(0x995A), PACK(0x9B1C), PACK(0x9ADE), - PACK(0x8DA0), PACK(0x8C62), PACK(0x8E24), PACK(0x8FE6), - PACK(0x8AA8), PACK(0x8B6A), PACK(0x892C), PACK(0x88EE), - PACK(0x83B0), PACK(0x8272), PACK(0x8034), PACK(0x81F6), - PACK(0x84B8), PACK(0x857A), PACK(0x873C), PACK(0x86FE), - PACK(0xA9C0), PACK(0xA802), PACK(0xAA44), PACK(0xAB86), - PACK(0xAEC8), PACK(0xAF0A), PACK(0xAD4C), PACK(0xAC8E), - PACK(0xA7D0), PACK(0xA612), PACK(0xA454), PACK(0xA596), - PACK(0xA0D8), PACK(0xA11A), PACK(0xA35C), PACK(0xA29E), - PACK(0xB5E0), PACK(0xB422), PACK(0xB664), PACK(0xB7A6), - PACK(0xB2E8), PACK(0xB32A), PACK(0xB16C), PACK(0xB0AE), - PACK(0xBBF0), PACK(0xBA32), PACK(0xB874), PACK(0xB9B6), - PACK(0xBCF8), PACK(0xBD3A), PACK(0xBF7C), PACK(0xBEBE) - }; - - while (1) { - Z.hi ^= Htable[n].hi; - Z.lo ^= Htable[n].lo; - - if ((u8 *)Xi == xi) - break; - - n = *(--xi); - - rem = (size_t)Z.lo & 0xff; - Z.lo = (Z.hi << 56) | (Z.lo >> 8); - Z.hi = (Z.hi >> 8); - if (sizeof(size_t) == 8) - Z.hi ^= rem_8bit[rem]; - else - Z.hi ^= (u64)rem_8bit[rem] << 32; - } - - if (IS_LITTLE_ENDIAN) { -# ifdef BSWAP8 - Xi[0] = BSWAP8(Z.hi); - Xi[1] = BSWAP8(Z.lo); -# else - u8 *p = (u8 *)Xi; - u32 v; - v = (u32)(Z.hi >> 32); - PUTU32(p, v); - v = (u32)(Z.hi); - PUTU32(p + 4, v); - v = (u32)(Z.lo >> 32); - PUTU32(p + 8, v); - v = (u32)(Z.lo); - PUTU32(p + 12, v); -# endif - } else { - Xi[0] = Z.hi; - Xi[1] = Z.lo; - } -} - -# define GCM_MUL(ctx) gcm_gmult_8bit(ctx->Xi.u,ctx->Htable) - -#elif TABLE_BITS==4 - -static void gcm_init_4bit(u128 Htable[16], u64 H[2]) -{ - u128 V; -# if defined(OPENSSL_SMALL_FOOTPRINT) - int i; -# endif - - Htable[0].hi = 0; - Htable[0].lo = 0; - V.hi = H[0]; - V.lo = H[1]; - -# if defined(OPENSSL_SMALL_FOOTPRINT) - for (Htable[8] = V, i = 4; i > 0; i >>= 1) { - REDUCE1BIT(V); - Htable[i] = V; - } - - for (i = 2; i < 16; i <<= 1) { - u128 *Hi = Htable + i; - int j; - for (V = *Hi, j = 1; j < i; ++j) { - Hi[j].hi = V.hi ^ Htable[j].hi; - Hi[j].lo = V.lo ^ Htable[j].lo; - } - } -# else - Htable[8] = V; - REDUCE1BIT(V); - Htable[4] = V; - REDUCE1BIT(V); - Htable[2] = V; - REDUCE1BIT(V); - Htable[1] = V; - Htable[3].hi = V.hi ^ Htable[2].hi, Htable[3].lo = V.lo ^ Htable[2].lo; - V = Htable[4]; - Htable[5].hi = V.hi ^ Htable[1].hi, Htable[5].lo = V.lo ^ Htable[1].lo; - Htable[6].hi = V.hi ^ Htable[2].hi, Htable[6].lo = V.lo ^ Htable[2].lo; - Htable[7].hi = V.hi ^ Htable[3].hi, Htable[7].lo = V.lo ^ Htable[3].lo; - V = Htable[8]; - Htable[9].hi = V.hi ^ Htable[1].hi, Htable[9].lo = V.lo ^ Htable[1].lo; - Htable[10].hi = V.hi ^ Htable[2].hi, Htable[10].lo = V.lo ^ Htable[2].lo; - Htable[11].hi = V.hi ^ Htable[3].hi, Htable[11].lo = V.lo ^ Htable[3].lo; - Htable[12].hi = V.hi ^ Htable[4].hi, Htable[12].lo = V.lo ^ Htable[4].lo; - Htable[13].hi = V.hi ^ Htable[5].hi, Htable[13].lo = V.lo ^ Htable[5].lo; - Htable[14].hi = V.hi ^ Htable[6].hi, Htable[14].lo = V.lo ^ Htable[6].lo; - Htable[15].hi = V.hi ^ Htable[7].hi, Htable[15].lo = V.lo ^ Htable[7].lo; -# endif -# if defined(GHASH_ASM) && (defined(__arm__) || defined(__arm)) - /* - * ARM assembler expects specific dword order in Htable. - */ - { - int j; - DECLARE_IS_ENDIAN; - - if (IS_LITTLE_ENDIAN) - for (j = 0; j < 16; ++j) { - V = Htable[j]; - Htable[j].hi = V.lo; - Htable[j].lo = V.hi; - } else - for (j = 0; j < 16; ++j) { - V = Htable[j]; - Htable[j].hi = V.lo << 32 | V.lo >> 32; - Htable[j].lo = V.hi << 32 | V.hi >> 32; - } - } -# endif -} - -# ifndef GHASH_ASM -static const size_t rem_4bit[16] = { - PACK(0x0000), PACK(0x1C20), PACK(0x3840), PACK(0x2460), - PACK(0x7080), PACK(0x6CA0), PACK(0x48C0), PACK(0x54E0), - PACK(0xE100), PACK(0xFD20), PACK(0xD940), PACK(0xC560), - PACK(0x9180), PACK(0x8DA0), PACK(0xA9C0), PACK(0xB5E0) -}; - -static void gcm_gmult_4bit(u64 Xi[2], const u128 Htable[16]) -{ - u128 Z; - int cnt = 15; - size_t rem, nlo, nhi; - DECLARE_IS_ENDIAN; - - nlo = ((const u8 *)Xi)[15]; - nhi = nlo >> 4; - nlo &= 0xf; - - Z.hi = Htable[nlo].hi; - Z.lo = Htable[nlo].lo; - - while (1) { - rem = (size_t)Z.lo & 0xf; - Z.lo = (Z.hi << 60) | (Z.lo >> 4); - Z.hi = (Z.hi >> 4); - if (sizeof(size_t) == 8) - Z.hi ^= rem_4bit[rem]; - else - Z.hi ^= (u64)rem_4bit[rem] << 32; - - Z.hi ^= Htable[nhi].hi; - Z.lo ^= Htable[nhi].lo; - - if (--cnt < 0) - break; - - nlo = ((const u8 *)Xi)[cnt]; - nhi = nlo >> 4; - nlo &= 0xf; - - rem = (size_t)Z.lo & 0xf; - Z.lo = (Z.hi << 60) | (Z.lo >> 4); - Z.hi = (Z.hi >> 4); - if (sizeof(size_t) == 8) - Z.hi ^= rem_4bit[rem]; - else - Z.hi ^= (u64)rem_4bit[rem] << 32; - - Z.hi ^= Htable[nlo].hi; - Z.lo ^= Htable[nlo].lo; - } - - if (IS_LITTLE_ENDIAN) { -# ifdef BSWAP8 - Xi[0] = BSWAP8(Z.hi); - Xi[1] = BSWAP8(Z.lo); -# else - u8 *p = (u8 *)Xi; - u32 v; - v = (u32)(Z.hi >> 32); - PUTU32(p, v); - v = (u32)(Z.hi); - PUTU32(p + 4, v); - v = (u32)(Z.lo >> 32); - PUTU32(p + 8, v); - v = (u32)(Z.lo); - PUTU32(p + 12, v); -# endif - } else { - Xi[0] = Z.hi; - Xi[1] = Z.lo; - } -} - -# if !defined(OPENSSL_SMALL_FOOTPRINT) -/* - * Streamed gcm_mult_4bit, see CRYPTO_gcm128_[en|de]crypt for - * details... Compiler-generated code doesn't seem to give any - * performance improvement, at least not on x86[_64]. It's here - * mostly as reference and a placeholder for possible future - * non-trivial optimization[s]... - */ -static void gcm_ghash_4bit(u64 Xi[2], const u128 Htable[16], - const u8 *inp, size_t len) -{ - u128 Z; - int cnt; - size_t rem, nlo, nhi; - DECLARE_IS_ENDIAN; - -# if 1 - do { - cnt = 15; - nlo = ((const u8 *)Xi)[15]; - nlo ^= inp[15]; - nhi = nlo >> 4; - nlo &= 0xf; - - Z.hi = Htable[nlo].hi; - Z.lo = Htable[nlo].lo; - - while (1) { - rem = (size_t)Z.lo & 0xf; - Z.lo = (Z.hi << 60) | (Z.lo >> 4); - Z.hi = (Z.hi >> 4); - if (sizeof(size_t) == 8) - Z.hi ^= rem_4bit[rem]; - else - Z.hi ^= (u64)rem_4bit[rem] << 32; - - Z.hi ^= Htable[nhi].hi; - Z.lo ^= Htable[nhi].lo; - - if (--cnt < 0) - break; - - nlo = ((const u8 *)Xi)[cnt]; - nlo ^= inp[cnt]; - nhi = nlo >> 4; - nlo &= 0xf; - - rem = (size_t)Z.lo & 0xf; - Z.lo = (Z.hi << 60) | (Z.lo >> 4); - Z.hi = (Z.hi >> 4); - if (sizeof(size_t) == 8) - Z.hi ^= rem_4bit[rem]; - else - Z.hi ^= (u64)rem_4bit[rem] << 32; - - Z.hi ^= Htable[nlo].hi; - Z.lo ^= Htable[nlo].lo; - } -# else - /* - * Extra 256+16 bytes per-key plus 512 bytes shared tables - * [should] give ~50% improvement... One could have PACK()-ed - * the rem_8bit even here, but the priority is to minimize - * cache footprint... - */ - u128 Hshr4[16]; /* Htable shifted right by 4 bits */ - u8 Hshl4[16]; /* Htable shifted left by 4 bits */ - static const unsigned short rem_8bit[256] = { - 0x0000, 0x01C2, 0x0384, 0x0246, 0x0708, 0x06CA, 0x048C, 0x054E, - 0x0E10, 0x0FD2, 0x0D94, 0x0C56, 0x0918, 0x08DA, 0x0A9C, 0x0B5E, - 0x1C20, 0x1DE2, 0x1FA4, 0x1E66, 0x1B28, 0x1AEA, 0x18AC, 0x196E, - 0x1230, 0x13F2, 0x11B4, 0x1076, 0x1538, 0x14FA, 0x16BC, 0x177E, - 0x3840, 0x3982, 0x3BC4, 0x3A06, 0x3F48, 0x3E8A, 0x3CCC, 0x3D0E, - 0x3650, 0x3792, 0x35D4, 0x3416, 0x3158, 0x309A, 0x32DC, 0x331E, - 0x2460, 0x25A2, 0x27E4, 0x2626, 0x2368, 0x22AA, 0x20EC, 0x212E, - 0x2A70, 0x2BB2, 0x29F4, 0x2836, 0x2D78, 0x2CBA, 0x2EFC, 0x2F3E, - 0x7080, 0x7142, 0x7304, 0x72C6, 0x7788, 0x764A, 0x740C, 0x75CE, - 0x7E90, 0x7F52, 0x7D14, 0x7CD6, 0x7998, 0x785A, 0x7A1C, 0x7BDE, - 0x6CA0, 0x6D62, 0x6F24, 0x6EE6, 0x6BA8, 0x6A6A, 0x682C, 0x69EE, - 0x62B0, 0x6372, 0x6134, 0x60F6, 0x65B8, 0x647A, 0x663C, 0x67FE, - 0x48C0, 0x4902, 0x4B44, 0x4A86, 0x4FC8, 0x4E0A, 0x4C4C, 0x4D8E, - 0x46D0, 0x4712, 0x4554, 0x4496, 0x41D8, 0x401A, 0x425C, 0x439E, - 0x54E0, 0x5522, 0x5764, 0x56A6, 0x53E8, 0x522A, 0x506C, 0x51AE, - 0x5AF0, 0x5B32, 0x5974, 0x58B6, 0x5DF8, 0x5C3A, 0x5E7C, 0x5FBE, - 0xE100, 0xE0C2, 0xE284, 0xE346, 0xE608, 0xE7CA, 0xE58C, 0xE44E, - 0xEF10, 0xEED2, 0xEC94, 0xED56, 0xE818, 0xE9DA, 0xEB9C, 0xEA5E, - 0xFD20, 0xFCE2, 0xFEA4, 0xFF66, 0xFA28, 0xFBEA, 0xF9AC, 0xF86E, - 0xF330, 0xF2F2, 0xF0B4, 0xF176, 0xF438, 0xF5FA, 0xF7BC, 0xF67E, - 0xD940, 0xD882, 0xDAC4, 0xDB06, 0xDE48, 0xDF8A, 0xDDCC, 0xDC0E, - 0xD750, 0xD692, 0xD4D4, 0xD516, 0xD058, 0xD19A, 0xD3DC, 0xD21E, - 0xC560, 0xC4A2, 0xC6E4, 0xC726, 0xC268, 0xC3AA, 0xC1EC, 0xC02E, - 0xCB70, 0xCAB2, 0xC8F4, 0xC936, 0xCC78, 0xCDBA, 0xCFFC, 0xCE3E, - 0x9180, 0x9042, 0x9204, 0x93C6, 0x9688, 0x974A, 0x950C, 0x94CE, - 0x9F90, 0x9E52, 0x9C14, 0x9DD6, 0x9898, 0x995A, 0x9B1C, 0x9ADE, - 0x8DA0, 0x8C62, 0x8E24, 0x8FE6, 0x8AA8, 0x8B6A, 0x892C, 0x88EE, - 0x83B0, 0x8272, 0x8034, 0x81F6, 0x84B8, 0x857A, 0x873C, 0x86FE, - 0xA9C0, 0xA802, 0xAA44, 0xAB86, 0xAEC8, 0xAF0A, 0xAD4C, 0xAC8E, - 0xA7D0, 0xA612, 0xA454, 0xA596, 0xA0D8, 0xA11A, 0xA35C, 0xA29E, - 0xB5E0, 0xB422, 0xB664, 0xB7A6, 0xB2E8, 0xB32A, 0xB16C, 0xB0AE, - 0xBBF0, 0xBA32, 0xB874, 0xB9B6, 0xBCF8, 0xBD3A, 0xBF7C, 0xBEBE - }; - /* - * This pre-processing phase slows down procedure by approximately - * same time as it makes each loop spin faster. In other words - * single block performance is approximately same as straightforward - * "4-bit" implementation, and then it goes only faster... - */ - for (cnt = 0; cnt < 16; ++cnt) { - Z.hi = Htable[cnt].hi; - Z.lo = Htable[cnt].lo; - Hshr4[cnt].lo = (Z.hi << 60) | (Z.lo >> 4); - Hshr4[cnt].hi = (Z.hi >> 4); - Hshl4[cnt] = (u8)(Z.lo << 4); - } - - do { - for (Z.lo = 0, Z.hi = 0, cnt = 15; cnt; --cnt) { - nlo = ((const u8 *)Xi)[cnt]; - nlo ^= inp[cnt]; - nhi = nlo >> 4; - nlo &= 0xf; - - Z.hi ^= Htable[nlo].hi; - Z.lo ^= Htable[nlo].lo; - - rem = (size_t)Z.lo & 0xff; - - Z.lo = (Z.hi << 56) | (Z.lo >> 8); - Z.hi = (Z.hi >> 8); - - Z.hi ^= Hshr4[nhi].hi; - Z.lo ^= Hshr4[nhi].lo; - Z.hi ^= (u64)rem_8bit[rem ^ Hshl4[nhi]] << 48; - } - - nlo = ((const u8 *)Xi)[0]; - nlo ^= inp[0]; - nhi = nlo >> 4; - nlo &= 0xf; - - Z.hi ^= Htable[nlo].hi; - Z.lo ^= Htable[nlo].lo; - - rem = (size_t)Z.lo & 0xf; - - Z.lo = (Z.hi << 60) | (Z.lo >> 4); - Z.hi = (Z.hi >> 4); - - Z.hi ^= Htable[nhi].hi; - Z.lo ^= Htable[nhi].lo; - Z.hi ^= ((u64)rem_8bit[rem << 4]) << 48; -# endif - - if (IS_LITTLE_ENDIAN) { -# ifdef BSWAP8 - Xi[0] = BSWAP8(Z.hi); - Xi[1] = BSWAP8(Z.lo); -# else - u8 *p = (u8 *)Xi; - u32 v; - v = (u32)(Z.hi >> 32); - PUTU32(p, v); - v = (u32)(Z.hi); - PUTU32(p + 4, v); - v = (u32)(Z.lo >> 32); - PUTU32(p + 8, v); - v = (u32)(Z.lo); - PUTU32(p + 12, v); -# endif - } else { - Xi[0] = Z.hi; - Xi[1] = Z.lo; - } - } while (inp += 16, len -= 16); -} -# endif -# else -void gcm_gmult_4bit(u64 Xi[2], const u128 Htable[16]); -void gcm_ghash_4bit(u64 Xi[2], const u128 Htable[16], const u8 *inp, - size_t len); -# endif - -# define GCM_MUL(ctx) gcm_gmult_4bit(ctx->Xi.u,ctx->Htable) -# if defined(GHASH_ASM) || !defined(OPENSSL_SMALL_FOOTPRINT) -# define GHASH(ctx,in,len) gcm_ghash_4bit((ctx)->Xi.u,(ctx)->Htable,in,len) -/* - * GHASH_CHUNK is "stride parameter" missioned to mitigate cache trashing - * effect. In other words idea is to hash data while it's still in L1 cache - * after encryption pass... - */ -# define GHASH_CHUNK (3*1024) -# endif - -#else /* TABLE_BITS */ - -static void gcm_gmult_1bit(u64 Xi[2], const u64 H[2]) -{ - u128 V, Z = { 0, 0 }; - long X; - int i, j; - const long *xi = (const long *)Xi; - DECLARE_IS_ENDIAN; - - V.hi = H[0]; /* H is in host byte order, no byte swapping */ - V.lo = H[1]; - - for (j = 0; j < 16 / sizeof(long); ++j) { - if (IS_LITTLE_ENDIAN) { - if (sizeof(long) == 8) { -# ifdef BSWAP8 - X = (long)(BSWAP8(xi[j])); -# else - const u8 *p = (const u8 *)(xi + j); - X = (long)((u64)GETU32(p) << 32 | GETU32(p + 4)); -# endif - } else { - const u8 *p = (const u8 *)(xi + j); - X = (long)GETU32(p); - } - } else - X = xi[j]; - - for (i = 0; i < 8 * sizeof(long); ++i, X <<= 1) { - u64 M = (u64)(X >> (8 * sizeof(long) - 1)); - Z.hi ^= V.hi & M; - Z.lo ^= V.lo & M; - - REDUCE1BIT(V); - } - } - - if (IS_LITTLE_ENDIAN) { -# ifdef BSWAP8 - Xi[0] = BSWAP8(Z.hi); - Xi[1] = BSWAP8(Z.lo); -# else - u8 *p = (u8 *)Xi; - u32 v; - v = (u32)(Z.hi >> 32); - PUTU32(p, v); - v = (u32)(Z.hi); - PUTU32(p + 4, v); - v = (u32)(Z.lo >> 32); - PUTU32(p + 8, v); - v = (u32)(Z.lo); - PUTU32(p + 12, v); -# endif - } else { - Xi[0] = Z.hi; - Xi[1] = Z.lo; - } -} - -# define GCM_MUL(ctx) gcm_gmult_1bit(ctx->Xi.u,ctx->H.u) - -#endif - -#if TABLE_BITS==4 && (defined(GHASH_ASM) || defined(OPENSSL_CPUID_OBJ)) -# if !defined(I386_ONLY) && \ - (defined(__i386) || defined(__i386__) || \ - defined(__x86_64) || defined(__x86_64__) || \ - defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64)) -# define GHASH_ASM_X86_OR_64 -# define GCM_FUNCREF_4BIT - -void gcm_init_clmul(u128 Htable[16], const u64 Xi[2]); -void gcm_gmult_clmul(u64 Xi[2], const u128 Htable[16]); -void gcm_ghash_clmul(u64 Xi[2], const u128 Htable[16], const u8 *inp, - size_t len); - -# if defined(__i386) || defined(__i386__) || defined(_M_IX86) -# define gcm_init_avx gcm_init_clmul -# define gcm_gmult_avx gcm_gmult_clmul -# define gcm_ghash_avx gcm_ghash_clmul -# else -void gcm_init_avx(u128 Htable[16], const u64 Xi[2]); -void gcm_gmult_avx(u64 Xi[2], const u128 Htable[16]); -void gcm_ghash_avx(u64 Xi[2], const u128 Htable[16], const u8 *inp, - size_t len); -# endif - -# if defined(__i386) || defined(__i386__) || defined(_M_IX86) -# define GHASH_ASM_X86 -void gcm_gmult_4bit_mmx(u64 Xi[2], const u128 Htable[16]); -void gcm_ghash_4bit_mmx(u64 Xi[2], const u128 Htable[16], const u8 *inp, - size_t len); - -void gcm_gmult_4bit_x86(u64 Xi[2], const u128 Htable[16]); -void gcm_ghash_4bit_x86(u64 Xi[2], const u128 Htable[16], const u8 *inp, - size_t len); -# endif -# elif defined(__arm__) || defined(__arm) || defined(__aarch64__) -# include "arm_arch.h" -# if __ARM_MAX_ARCH__>=7 -# define GHASH_ASM_ARM -# define GCM_FUNCREF_4BIT -# define PMULL_CAPABLE (OPENSSL_armcap_P & ARMV8_PMULL) -# if defined(__arm__) || defined(__arm) -# define NEON_CAPABLE (OPENSSL_armcap_P & ARMV7_NEON) -# endif -void gcm_init_neon(u128 Htable[16], const u64 Xi[2]); -void gcm_gmult_neon(u64 Xi[2], const u128 Htable[16]); -void gcm_ghash_neon(u64 Xi[2], const u128 Htable[16], const u8 *inp, - size_t len); -void gcm_init_v8(u128 Htable[16], const u64 Xi[2]); -void gcm_gmult_v8(u64 Xi[2], const u128 Htable[16]); -void gcm_ghash_v8(u64 Xi[2], const u128 Htable[16], const u8 *inp, - size_t len); -# endif -# elif defined(__sparc__) || defined(__sparc) -# include "crypto/sparc_arch.h" -# define GHASH_ASM_SPARC -# define GCM_FUNCREF_4BIT -void gcm_init_vis3(u128 Htable[16], const u64 Xi[2]); -void gcm_gmult_vis3(u64 Xi[2], const u128 Htable[16]); -void gcm_ghash_vis3(u64 Xi[2], const u128 Htable[16], const u8 *inp, - size_t len); -# elif defined(OPENSSL_CPUID_OBJ) && (defined(__powerpc__) || defined(__ppc__) || defined(_ARCH_PPC)) -# include "crypto/ppc_arch.h" -# define GHASH_ASM_PPC -# define GCM_FUNCREF_4BIT -void gcm_init_p8(u128 Htable[16], const u64 Xi[2]); -void gcm_gmult_p8(u64 Xi[2], const u128 Htable[16]); -void gcm_ghash_p8(u64 Xi[2], const u128 Htable[16], const u8 *inp, - size_t len); -# endif -#endif - -#ifdef GCM_FUNCREF_4BIT -# undef GCM_MUL -# define GCM_MUL(ctx) (*gcm_gmult_p)(ctx->Xi.u,ctx->Htable) -# ifdef GHASH -# undef GHASH -# define GHASH(ctx,in,len) (*gcm_ghash_p)(ctx->Xi.u,ctx->Htable,in,len) -# endif -#endif - -void CRYPTO_gcm128_init(GCM128_CONTEXT *ctx, void *key, block128_f block) -{ - DECLARE_IS_ENDIAN; - - memset(ctx, 0, sizeof(*ctx)); - ctx->block = block; - ctx->key = key; - - (*block) (ctx->H.c, ctx->H.c, key); - - if (IS_LITTLE_ENDIAN) { - /* H is stored in host byte order */ -#ifdef BSWAP8 - ctx->H.u[0] = BSWAP8(ctx->H.u[0]); - ctx->H.u[1] = BSWAP8(ctx->H.u[1]); -#else - u8 *p = ctx->H.c; - u64 hi, lo; - hi = (u64)GETU32(p) << 32 | GETU32(p + 4); - lo = (u64)GETU32(p + 8) << 32 | GETU32(p + 12); - ctx->H.u[0] = hi; - ctx->H.u[1] = lo; -#endif - } -#if TABLE_BITS==8 - gcm_init_8bit(ctx->Htable, ctx->H.u); -#elif TABLE_BITS==4 -# if defined(GHASH) -# define CTX__GHASH(f) (ctx->ghash = (f)) -# else -# define CTX__GHASH(f) (ctx->ghash = NULL) -# endif -# if defined(GHASH_ASM_X86_OR_64) -# if !defined(GHASH_ASM_X86) || defined(OPENSSL_IA32_SSE2) - if (OPENSSL_ia32cap_P[1] & (1 << 1)) { /* check PCLMULQDQ bit */ - if (((OPENSSL_ia32cap_P[1] >> 22) & 0x41) == 0x41) { /* AVX+MOVBE */ - gcm_init_avx(ctx->Htable, ctx->H.u); - ctx->gmult = gcm_gmult_avx; - CTX__GHASH(gcm_ghash_avx); - } else { - gcm_init_clmul(ctx->Htable, ctx->H.u); - ctx->gmult = gcm_gmult_clmul; - CTX__GHASH(gcm_ghash_clmul); - } - return; - } -# endif - gcm_init_4bit(ctx->Htable, ctx->H.u); -# if defined(GHASH_ASM_X86) /* x86 only */ -# if defined(OPENSSL_IA32_SSE2) - if (OPENSSL_ia32cap_P[0] & (1 << 25)) { /* check SSE bit */ -# else - if (OPENSSL_ia32cap_P[0] & (1 << 23)) { /* check MMX bit */ -# endif - ctx->gmult = gcm_gmult_4bit_mmx; - CTX__GHASH(gcm_ghash_4bit_mmx); - } else { - ctx->gmult = gcm_gmult_4bit_x86; - CTX__GHASH(gcm_ghash_4bit_x86); - } -# else - ctx->gmult = gcm_gmult_4bit; - CTX__GHASH(gcm_ghash_4bit); -# endif -# elif defined(GHASH_ASM_ARM) -# ifdef PMULL_CAPABLE - if (PMULL_CAPABLE) { - gcm_init_v8(ctx->Htable, ctx->H.u); - ctx->gmult = gcm_gmult_v8; - CTX__GHASH(gcm_ghash_v8); - } else -# endif -# ifdef NEON_CAPABLE - if (NEON_CAPABLE) { - gcm_init_neon(ctx->Htable, ctx->H.u); - ctx->gmult = gcm_gmult_neon; - CTX__GHASH(gcm_ghash_neon); - } else -# endif - { - gcm_init_4bit(ctx->Htable, ctx->H.u); - ctx->gmult = gcm_gmult_4bit; - CTX__GHASH(gcm_ghash_4bit); - } -# elif defined(GHASH_ASM_SPARC) - if (OPENSSL_sparcv9cap_P[0] & SPARCV9_VIS3) { - gcm_init_vis3(ctx->Htable, ctx->H.u); - ctx->gmult = gcm_gmult_vis3; - CTX__GHASH(gcm_ghash_vis3); - } else { - gcm_init_4bit(ctx->Htable, ctx->H.u); - ctx->gmult = gcm_gmult_4bit; - CTX__GHASH(gcm_ghash_4bit); - } -# elif defined(GHASH_ASM_PPC) - if (OPENSSL_ppccap_P & PPC_CRYPTO207) { - gcm_init_p8(ctx->Htable, ctx->H.u); - ctx->gmult = gcm_gmult_p8; - CTX__GHASH(gcm_ghash_p8); - } else { - gcm_init_4bit(ctx->Htable, ctx->H.u); - ctx->gmult = gcm_gmult_4bit; - CTX__GHASH(gcm_ghash_4bit); - } -# else - gcm_init_4bit(ctx->Htable, ctx->H.u); -# endif -# undef CTX__GHASH -#endif -} - -void CRYPTO_gcm128_setiv(GCM128_CONTEXT *ctx, const unsigned char *iv, - size_t len) -{ - DECLARE_IS_ENDIAN; - unsigned int ctr; -#ifdef GCM_FUNCREF_4BIT - void (*gcm_gmult_p) (u64 Xi[2], const u128 Htable[16]) = ctx->gmult; -#endif - - ctx->len.u[0] = 0; /* AAD length */ - ctx->len.u[1] = 0; /* message length */ - ctx->ares = 0; - ctx->mres = 0; - - if (len == 12) { - memcpy(ctx->Yi.c, iv, 12); - ctx->Yi.c[12] = 0; - ctx->Yi.c[13] = 0; - ctx->Yi.c[14] = 0; - ctx->Yi.c[15] = 1; - ctr = 1; - } else { - size_t i; - u64 len0 = len; - - /* Borrow ctx->Xi to calculate initial Yi */ - ctx->Xi.u[0] = 0; - ctx->Xi.u[1] = 0; - - while (len >= 16) { - for (i = 0; i < 16; ++i) - ctx->Xi.c[i] ^= iv[i]; - GCM_MUL(ctx); - iv += 16; - len -= 16; - } - if (len) { - for (i = 0; i < len; ++i) - ctx->Xi.c[i] ^= iv[i]; - GCM_MUL(ctx); - } - len0 <<= 3; - if (IS_LITTLE_ENDIAN) { -#ifdef BSWAP8 - ctx->Xi.u[1] ^= BSWAP8(len0); -#else - ctx->Xi.c[8] ^= (u8)(len0 >> 56); - ctx->Xi.c[9] ^= (u8)(len0 >> 48); - ctx->Xi.c[10] ^= (u8)(len0 >> 40); - ctx->Xi.c[11] ^= (u8)(len0 >> 32); - ctx->Xi.c[12] ^= (u8)(len0 >> 24); - ctx->Xi.c[13] ^= (u8)(len0 >> 16); - ctx->Xi.c[14] ^= (u8)(len0 >> 8); - ctx->Xi.c[15] ^= (u8)(len0); -#endif - } else { - ctx->Xi.u[1] ^= len0; - } - - GCM_MUL(ctx); - - if (IS_LITTLE_ENDIAN) -#ifdef BSWAP4 - ctr = BSWAP4(ctx->Xi.d[3]); -#else - ctr = GETU32(ctx->Xi.c + 12); -#endif - else - ctr = ctx->Xi.d[3]; - - /* Copy borrowed Xi to Yi */ - ctx->Yi.u[0] = ctx->Xi.u[0]; - ctx->Yi.u[1] = ctx->Xi.u[1]; - } - - ctx->Xi.u[0] = 0; - ctx->Xi.u[1] = 0; - - (*ctx->block) (ctx->Yi.c, ctx->EK0.c, ctx->key); - ++ctr; - if (IS_LITTLE_ENDIAN) -#ifdef BSWAP4 - ctx->Yi.d[3] = BSWAP4(ctr); -#else - PUTU32(ctx->Yi.c + 12, ctr); -#endif - else - ctx->Yi.d[3] = ctr; -} - -int CRYPTO_gcm128_aad(GCM128_CONTEXT *ctx, const unsigned char *aad, - size_t len) -{ - size_t i; - unsigned int n; - u64 alen = ctx->len.u[0]; -#ifdef GCM_FUNCREF_4BIT - void (*gcm_gmult_p) (u64 Xi[2], const u128 Htable[16]) = ctx->gmult; -# ifdef GHASH - void (*gcm_ghash_p) (u64 Xi[2], const u128 Htable[16], - const u8 *inp, size_t len) = ctx->ghash; -# endif -#endif - - if (ctx->len.u[1]) - return -2; - - alen += len; - if (alen > (U64(1) << 61) || (sizeof(len) == 8 && alen < len)) - return -1; - ctx->len.u[0] = alen; - - n = ctx->ares; - if (n) { - while (n && len) { - ctx->Xi.c[n] ^= *(aad++); - --len; - n = (n + 1) % 16; - } - if (n == 0) - GCM_MUL(ctx); - else { - ctx->ares = n; - return 0; - } - } -#ifdef GHASH - if ((i = (len & (size_t)-16))) { - GHASH(ctx, aad, i); - aad += i; - len -= i; - } -#else - while (len >= 16) { - for (i = 0; i < 16; ++i) - ctx->Xi.c[i] ^= aad[i]; - GCM_MUL(ctx); - aad += 16; - len -= 16; - } -#endif - if (len) { - n = (unsigned int)len; - for (i = 0; i < len; ++i) - ctx->Xi.c[i] ^= aad[i]; - } - - ctx->ares = n; - return 0; -} - -int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx, - const unsigned char *in, unsigned char *out, - size_t len) -{ - DECLARE_IS_ENDIAN; - unsigned int n, ctr, mres; - size_t i; - u64 mlen = ctx->len.u[1]; - block128_f block = ctx->block; - void *key = ctx->key; -#ifdef GCM_FUNCREF_4BIT - void (*gcm_gmult_p) (u64 Xi[2], const u128 Htable[16]) = ctx->gmult; -# if defined(GHASH) && !defined(OPENSSL_SMALL_FOOTPRINT) - void (*gcm_ghash_p) (u64 Xi[2], const u128 Htable[16], - const u8 *inp, size_t len) = ctx->ghash; -# endif -#endif - - mlen += len; - if (mlen > ((U64(1) << 36) - 32) || (sizeof(len) == 8 && mlen < len)) - return -1; - ctx->len.u[1] = mlen; - - mres = ctx->mres; - - if (ctx->ares) { - /* First call to encrypt finalizes GHASH(AAD) */ -#if defined(GHASH) && !defined(OPENSSL_SMALL_FOOTPRINT) - if (len == 0) { - GCM_MUL(ctx); - ctx->ares = 0; - return 0; - } - memcpy(ctx->Xn, ctx->Xi.c, sizeof(ctx->Xi)); - ctx->Xi.u[0] = 0; - ctx->Xi.u[1] = 0; - mres = sizeof(ctx->Xi); -#else - GCM_MUL(ctx); -#endif - ctx->ares = 0; - } - - if (IS_LITTLE_ENDIAN) -#ifdef BSWAP4 - ctr = BSWAP4(ctx->Yi.d[3]); -#else - ctr = GETU32(ctx->Yi.c + 12); -#endif - else - ctr = ctx->Yi.d[3]; - - n = mres % 16; -#if !defined(OPENSSL_SMALL_FOOTPRINT) - if (16 % sizeof(size_t) == 0) { /* always true actually */ - do { - if (n) { -# if defined(GHASH) - while (n && len) { - ctx->Xn[mres++] = *(out++) = *(in++) ^ ctx->EKi.c[n]; - --len; - n = (n + 1) % 16; - } - if (n == 0) { - GHASH(ctx, ctx->Xn, mres); - mres = 0; - } else { - ctx->mres = mres; - return 0; - } -# else - while (n && len) { - ctx->Xi.c[n] ^= *(out++) = *(in++) ^ ctx->EKi.c[n]; - --len; - n = (n + 1) % 16; - } - if (n == 0) { - GCM_MUL(ctx); - mres = 0; - } else { - ctx->mres = n; - return 0; - } -# endif - } -# if defined(STRICT_ALIGNMENT) - if (((size_t)in | (size_t)out) % sizeof(size_t) != 0) - break; -# endif -# if defined(GHASH) - if (len >= 16 && mres) { - GHASH(ctx, ctx->Xn, mres); - mres = 0; - } -# if defined(GHASH_CHUNK) - while (len >= GHASH_CHUNK) { - size_t j = GHASH_CHUNK; - - while (j) { - size_t_aX *out_t = (size_t_aX *)out; - const size_t_aX *in_t = (const size_t_aX *)in; - - (*block) (ctx->Yi.c, ctx->EKi.c, key); - ++ctr; - if (IS_LITTLE_ENDIAN) -# ifdef BSWAP4 - ctx->Yi.d[3] = BSWAP4(ctr); -# else - PUTU32(ctx->Yi.c + 12, ctr); -# endif - else - ctx->Yi.d[3] = ctr; - for (i = 0; i < 16 / sizeof(size_t); ++i) - out_t[i] = in_t[i] ^ ctx->EKi.t[i]; - out += 16; - in += 16; - j -= 16; - } - GHASH(ctx, out - GHASH_CHUNK, GHASH_CHUNK); - len -= GHASH_CHUNK; - } -# endif - if ((i = (len & (size_t)-16))) { - size_t j = i; - - while (len >= 16) { - size_t_aX *out_t = (size_t_aX *)out; - const size_t_aX *in_t = (const size_t_aX *)in; - - (*block) (ctx->Yi.c, ctx->EKi.c, key); - ++ctr; - if (IS_LITTLE_ENDIAN) -# ifdef BSWAP4 - ctx->Yi.d[3] = BSWAP4(ctr); -# else - PUTU32(ctx->Yi.c + 12, ctr); -# endif - else - ctx->Yi.d[3] = ctr; - for (i = 0; i < 16 / sizeof(size_t); ++i) - out_t[i] = in_t[i] ^ ctx->EKi.t[i]; - out += 16; - in += 16; - len -= 16; - } - GHASH(ctx, out - j, j); - } -# else - while (len >= 16) { - size_t *out_t = (size_t *)out; - const size_t *in_t = (const size_t *)in; - - (*block) (ctx->Yi.c, ctx->EKi.c, key); - ++ctr; - if (IS_LITTLE_ENDIAN) -# ifdef BSWAP4 - ctx->Yi.d[3] = BSWAP4(ctr); -# else - PUTU32(ctx->Yi.c + 12, ctr); -# endif - else - ctx->Yi.d[3] = ctr; - for (i = 0; i < 16 / sizeof(size_t); ++i) - ctx->Xi.t[i] ^= out_t[i] = in_t[i] ^ ctx->EKi.t[i]; - GCM_MUL(ctx); - out += 16; - in += 16; - len -= 16; - } -# endif - if (len) { - (*block) (ctx->Yi.c, ctx->EKi.c, key); - ++ctr; - if (IS_LITTLE_ENDIAN) -# ifdef BSWAP4 - ctx->Yi.d[3] = BSWAP4(ctr); -# else - PUTU32(ctx->Yi.c + 12, ctr); -# endif - else - ctx->Yi.d[3] = ctr; -# if defined(GHASH) - while (len--) { - ctx->Xn[mres++] = out[n] = in[n] ^ ctx->EKi.c[n]; - ++n; - } -# else - while (len--) { - ctx->Xi.c[n] ^= out[n] = in[n] ^ ctx->EKi.c[n]; - ++n; - } - mres = n; -# endif - } - - ctx->mres = mres; - return 0; - } while (0); - } -#endif - for (i = 0; i < len; ++i) { - if (n == 0) { - (*block) (ctx->Yi.c, ctx->EKi.c, key); - ++ctr; - if (IS_LITTLE_ENDIAN) -#ifdef BSWAP4 - ctx->Yi.d[3] = BSWAP4(ctr); -#else - PUTU32(ctx->Yi.c + 12, ctr); -#endif - else - ctx->Yi.d[3] = ctr; - } -#if defined(GHASH) && !defined(OPENSSL_SMALL_FOOTPRINT) - ctx->Xn[mres++] = out[i] = in[i] ^ ctx->EKi.c[n]; - n = (n + 1) % 16; - if (mres == sizeof(ctx->Xn)) { - GHASH(ctx,ctx->Xn,sizeof(ctx->Xn)); - mres = 0; - } -#else - ctx->Xi.c[n] ^= out[i] = in[i] ^ ctx->EKi.c[n]; - mres = n = (n + 1) % 16; - if (n == 0) - GCM_MUL(ctx); -#endif - } - - ctx->mres = mres; - return 0; -} - -int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx, - const unsigned char *in, unsigned char *out, - size_t len) -{ - DECLARE_IS_ENDIAN; - unsigned int n, ctr, mres; - size_t i; - u64 mlen = ctx->len.u[1]; - block128_f block = ctx->block; - void *key = ctx->key; -#ifdef GCM_FUNCREF_4BIT - void (*gcm_gmult_p) (u64 Xi[2], const u128 Htable[16]) = ctx->gmult; -# if defined(GHASH) && !defined(OPENSSL_SMALL_FOOTPRINT) - void (*gcm_ghash_p) (u64 Xi[2], const u128 Htable[16], - const u8 *inp, size_t len) = ctx->ghash; -# endif -#endif - - mlen += len; - if (mlen > ((U64(1) << 36) - 32) || (sizeof(len) == 8 && mlen < len)) - return -1; - ctx->len.u[1] = mlen; - - mres = ctx->mres; - - if (ctx->ares) { - /* First call to decrypt finalizes GHASH(AAD) */ -#if defined(GHASH) && !defined(OPENSSL_SMALL_FOOTPRINT) - if (len == 0) { - GCM_MUL(ctx); - ctx->ares = 0; - return 0; - } - memcpy(ctx->Xn, ctx->Xi.c, sizeof(ctx->Xi)); - ctx->Xi.u[0] = 0; - ctx->Xi.u[1] = 0; - mres = sizeof(ctx->Xi); -#else - GCM_MUL(ctx); -#endif - ctx->ares = 0; - } - - if (IS_LITTLE_ENDIAN) -#ifdef BSWAP4 - ctr = BSWAP4(ctx->Yi.d[3]); -#else - ctr = GETU32(ctx->Yi.c + 12); -#endif - else - ctr = ctx->Yi.d[3]; - - n = mres % 16; -#if !defined(OPENSSL_SMALL_FOOTPRINT) - if (16 % sizeof(size_t) == 0) { /* always true actually */ - do { - if (n) { -# if defined(GHASH) - while (n && len) { - *(out++) = (ctx->Xn[mres++] = *(in++)) ^ ctx->EKi.c[n]; - --len; - n = (n + 1) % 16; - } - if (n == 0) { - GHASH(ctx, ctx->Xn, mres); - mres = 0; - } else { - ctx->mres = mres; - return 0; - } -# else - while (n && len) { - u8 c = *(in++); - *(out++) = c ^ ctx->EKi.c[n]; - ctx->Xi.c[n] ^= c; - --len; - n = (n + 1) % 16; - } - if (n == 0) { - GCM_MUL(ctx); - mres = 0; - } else { - ctx->mres = n; - return 0; - } -# endif - } -# if defined(STRICT_ALIGNMENT) - if (((size_t)in | (size_t)out) % sizeof(size_t) != 0) - break; -# endif -# if defined(GHASH) - if (len >= 16 && mres) { - GHASH(ctx, ctx->Xn, mres); - mres = 0; - } -# if defined(GHASH_CHUNK) - while (len >= GHASH_CHUNK) { - size_t j = GHASH_CHUNK; - - GHASH(ctx, in, GHASH_CHUNK); - while (j) { - size_t_aX *out_t = (size_t_aX *)out; - const size_t_aX *in_t = (const size_t_aX *)in; - - (*block) (ctx->Yi.c, ctx->EKi.c, key); - ++ctr; - if (IS_LITTLE_ENDIAN) -# ifdef BSWAP4 - ctx->Yi.d[3] = BSWAP4(ctr); -# else - PUTU32(ctx->Yi.c + 12, ctr); -# endif - else - ctx->Yi.d[3] = ctr; - for (i = 0; i < 16 / sizeof(size_t); ++i) - out_t[i] = in_t[i] ^ ctx->EKi.t[i]; - out += 16; - in += 16; - j -= 16; - } - len -= GHASH_CHUNK; - } -# endif - if ((i = (len & (size_t)-16))) { - GHASH(ctx, in, i); - while (len >= 16) { - size_t_aX *out_t = (size_t_aX *)out; - const size_t_aX *in_t = (const size_t_aX *)in; - - (*block) (ctx->Yi.c, ctx->EKi.c, key); - ++ctr; - if (IS_LITTLE_ENDIAN) -# ifdef BSWAP4 - ctx->Yi.d[3] = BSWAP4(ctr); -# else - PUTU32(ctx->Yi.c + 12, ctr); -# endif - else - ctx->Yi.d[3] = ctr; - for (i = 0; i < 16 / sizeof(size_t); ++i) - out_t[i] = in_t[i] ^ ctx->EKi.t[i]; - out += 16; - in += 16; - len -= 16; - } - } -# else - while (len >= 16) { - size_t *out_t = (size_t *)out; - const size_t *in_t = (const size_t *)in; - - (*block) (ctx->Yi.c, ctx->EKi.c, key); - ++ctr; - if (IS_LITTLE_ENDIAN) -# ifdef BSWAP4 - ctx->Yi.d[3] = BSWAP4(ctr); -# else - PUTU32(ctx->Yi.c + 12, ctr); -# endif - else - ctx->Yi.d[3] = ctr; - for (i = 0; i < 16 / sizeof(size_t); ++i) { - size_t c = in_t[i]; - out_t[i] = c ^ ctx->EKi.t[i]; - ctx->Xi.t[i] ^= c; - } - GCM_MUL(ctx); - out += 16; - in += 16; - len -= 16; - } -# endif - if (len) { - (*block) (ctx->Yi.c, ctx->EKi.c, key); - ++ctr; - if (IS_LITTLE_ENDIAN) -# ifdef BSWAP4 - ctx->Yi.d[3] = BSWAP4(ctr); -# else - PUTU32(ctx->Yi.c + 12, ctr); -# endif - else - ctx->Yi.d[3] = ctr; -# if defined(GHASH) - while (len--) { - out[n] = (ctx->Xn[mres++] = in[n]) ^ ctx->EKi.c[n]; - ++n; - } -# else - while (len--) { - u8 c = in[n]; - ctx->Xi.c[n] ^= c; - out[n] = c ^ ctx->EKi.c[n]; - ++n; - } - mres = n; -# endif - } - - ctx->mres = mres; - return 0; - } while (0); - } -#endif - for (i = 0; i < len; ++i) { - u8 c; - if (n == 0) { - (*block) (ctx->Yi.c, ctx->EKi.c, key); - ++ctr; - if (IS_LITTLE_ENDIAN) -#ifdef BSWAP4 - ctx->Yi.d[3] = BSWAP4(ctr); -#else - PUTU32(ctx->Yi.c + 12, ctr); -#endif - else - ctx->Yi.d[3] = ctr; - } -#if defined(GHASH) && !defined(OPENSSL_SMALL_FOOTPRINT) - out[i] = (ctx->Xn[mres++] = c = in[i]) ^ ctx->EKi.c[n]; - n = (n + 1) % 16; - if (mres == sizeof(ctx->Xn)) { - GHASH(ctx,ctx->Xn,sizeof(ctx->Xn)); - mres = 0; - } -#else - c = in[i]; - out[i] = c ^ ctx->EKi.c[n]; - ctx->Xi.c[n] ^= c; - mres = n = (n + 1) % 16; - if (n == 0) - GCM_MUL(ctx); -#endif - } - - ctx->mres = mres; - return 0; -} - -int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx, - const unsigned char *in, unsigned char *out, - size_t len, ctr128_f stream) -{ -#if defined(OPENSSL_SMALL_FOOTPRINT) - return CRYPTO_gcm128_encrypt(ctx, in, out, len); -#else - DECLARE_IS_ENDIAN; - unsigned int n, ctr, mres; - size_t i; - u64 mlen = ctx->len.u[1]; - void *key = ctx->key; -# ifdef GCM_FUNCREF_4BIT - void (*gcm_gmult_p) (u64 Xi[2], const u128 Htable[16]) = ctx->gmult; -# ifdef GHASH - void (*gcm_ghash_p) (u64 Xi[2], const u128 Htable[16], - const u8 *inp, size_t len) = ctx->ghash; -# endif -# endif - - mlen += len; - if (mlen > ((U64(1) << 36) - 32) || (sizeof(len) == 8 && mlen < len)) - return -1; - ctx->len.u[1] = mlen; - - mres = ctx->mres; - - if (ctx->ares) { - /* First call to encrypt finalizes GHASH(AAD) */ -#if defined(GHASH) - if (len == 0) { - GCM_MUL(ctx); - ctx->ares = 0; - return 0; - } - memcpy(ctx->Xn, ctx->Xi.c, sizeof(ctx->Xi)); - ctx->Xi.u[0] = 0; - ctx->Xi.u[1] = 0; - mres = sizeof(ctx->Xi); -#else - GCM_MUL(ctx); -#endif - ctx->ares = 0; - } - - if (IS_LITTLE_ENDIAN) -# ifdef BSWAP4 - ctr = BSWAP4(ctx->Yi.d[3]); -# else - ctr = GETU32(ctx->Yi.c + 12); -# endif - else - ctr = ctx->Yi.d[3]; - - n = mres % 16; - if (n) { -# if defined(GHASH) - while (n && len) { - ctx->Xn[mres++] = *(out++) = *(in++) ^ ctx->EKi.c[n]; - --len; - n = (n + 1) % 16; - } - if (n == 0) { - GHASH(ctx, ctx->Xn, mres); - mres = 0; - } else { - ctx->mres = mres; - return 0; - } -# else - while (n && len) { - ctx->Xi.c[n] ^= *(out++) = *(in++) ^ ctx->EKi.c[n]; - --len; - n = (n + 1) % 16; - } - if (n == 0) { - GCM_MUL(ctx); - mres = 0; - } else { - ctx->mres = n; - return 0; - } -# endif - } -# if defined(GHASH) - if (len >= 16 && mres) { - GHASH(ctx, ctx->Xn, mres); - mres = 0; - } -# if defined(GHASH_CHUNK) - while (len >= GHASH_CHUNK) { - (*stream) (in, out, GHASH_CHUNK / 16, key, ctx->Yi.c); - ctr += GHASH_CHUNK / 16; - if (IS_LITTLE_ENDIAN) -# ifdef BSWAP4 - ctx->Yi.d[3] = BSWAP4(ctr); -# else - PUTU32(ctx->Yi.c + 12, ctr); -# endif - else - ctx->Yi.d[3] = ctr; - GHASH(ctx, out, GHASH_CHUNK); - out += GHASH_CHUNK; - in += GHASH_CHUNK; - len -= GHASH_CHUNK; - } -# endif -# endif - if ((i = (len & (size_t)-16))) { - size_t j = i / 16; - - (*stream) (in, out, j, key, ctx->Yi.c); - ctr += (unsigned int)j; - if (IS_LITTLE_ENDIAN) -# ifdef BSWAP4 - ctx->Yi.d[3] = BSWAP4(ctr); -# else - PUTU32(ctx->Yi.c + 12, ctr); -# endif - else - ctx->Yi.d[3] = ctr; - in += i; - len -= i; -# if defined(GHASH) - GHASH(ctx, out, i); - out += i; -# else - while (j--) { - for (i = 0; i < 16; ++i) - ctx->Xi.c[i] ^= out[i]; - GCM_MUL(ctx); - out += 16; - } -# endif - } - if (len) { - (*ctx->block) (ctx->Yi.c, ctx->EKi.c, key); - ++ctr; - if (IS_LITTLE_ENDIAN) -# ifdef BSWAP4 - ctx->Yi.d[3] = BSWAP4(ctr); -# else - PUTU32(ctx->Yi.c + 12, ctr); -# endif - else - ctx->Yi.d[3] = ctr; - while (len--) { -# if defined(GHASH) - ctx->Xn[mres++] = out[n] = in[n] ^ ctx->EKi.c[n]; -# else - ctx->Xi.c[mres++] ^= out[n] = in[n] ^ ctx->EKi.c[n]; -# endif - ++n; - } - } - - ctx->mres = mres; - return 0; -#endif -} - -int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx, - const unsigned char *in, unsigned char *out, - size_t len, ctr128_f stream) -{ -#if defined(OPENSSL_SMALL_FOOTPRINT) - return CRYPTO_gcm128_decrypt(ctx, in, out, len); -#else - DECLARE_IS_ENDIAN; - unsigned int n, ctr, mres; - size_t i; - u64 mlen = ctx->len.u[1]; - void *key = ctx->key; -# ifdef GCM_FUNCREF_4BIT - void (*gcm_gmult_p) (u64 Xi[2], const u128 Htable[16]) = ctx->gmult; -# ifdef GHASH - void (*gcm_ghash_p) (u64 Xi[2], const u128 Htable[16], - const u8 *inp, size_t len) = ctx->ghash; -# endif -# endif - - mlen += len; - if (mlen > ((U64(1) << 36) - 32) || (sizeof(len) == 8 && mlen < len)) - return -1; - ctx->len.u[1] = mlen; - - mres = ctx->mres; - - if (ctx->ares) { - /* First call to decrypt finalizes GHASH(AAD) */ -# if defined(GHASH) - if (len == 0) { - GCM_MUL(ctx); - ctx->ares = 0; - return 0; - } - memcpy(ctx->Xn, ctx->Xi.c, sizeof(ctx->Xi)); - ctx->Xi.u[0] = 0; - ctx->Xi.u[1] = 0; - mres = sizeof(ctx->Xi); -# else - GCM_MUL(ctx); -# endif - ctx->ares = 0; - } - - if (IS_LITTLE_ENDIAN) -# ifdef BSWAP4 - ctr = BSWAP4(ctx->Yi.d[3]); -# else - ctr = GETU32(ctx->Yi.c + 12); -# endif - else - ctr = ctx->Yi.d[3]; - - n = mres % 16; - if (n) { -# if defined(GHASH) - while (n && len) { - *(out++) = (ctx->Xn[mres++] = *(in++)) ^ ctx->EKi.c[n]; - --len; - n = (n + 1) % 16; - } - if (n == 0) { - GHASH(ctx, ctx->Xn, mres); - mres = 0; - } else { - ctx->mres = mres; - return 0; - } -# else - while (n && len) { - u8 c = *(in++); - *(out++) = c ^ ctx->EKi.c[n]; - ctx->Xi.c[n] ^= c; - --len; - n = (n + 1) % 16; - } - if (n == 0) { - GCM_MUL(ctx); - mres = 0; - } else { - ctx->mres = n; - return 0; - } -# endif - } -# if defined(GHASH) - if (len >= 16 && mres) { - GHASH(ctx, ctx->Xn, mres); - mres = 0; - } -# if defined(GHASH_CHUNK) - while (len >= GHASH_CHUNK) { - GHASH(ctx, in, GHASH_CHUNK); - (*stream) (in, out, GHASH_CHUNK / 16, key, ctx->Yi.c); - ctr += GHASH_CHUNK / 16; - if (IS_LITTLE_ENDIAN) -# ifdef BSWAP4 - ctx->Yi.d[3] = BSWAP4(ctr); -# else - PUTU32(ctx->Yi.c + 12, ctr); -# endif - else - ctx->Yi.d[3] = ctr; - out += GHASH_CHUNK; - in += GHASH_CHUNK; - len -= GHASH_CHUNK; - } -# endif -# endif - if ((i = (len & (size_t)-16))) { - size_t j = i / 16; - -# if defined(GHASH) - GHASH(ctx, in, i); -# else - while (j--) { - size_t k; - for (k = 0; k < 16; ++k) - ctx->Xi.c[k] ^= in[k]; - GCM_MUL(ctx); - in += 16; - } - j = i / 16; - in -= i; -# endif - (*stream) (in, out, j, key, ctx->Yi.c); - ctr += (unsigned int)j; - if (IS_LITTLE_ENDIAN) -# ifdef BSWAP4 - ctx->Yi.d[3] = BSWAP4(ctr); -# else - PUTU32(ctx->Yi.c + 12, ctr); -# endif - else - ctx->Yi.d[3] = ctr; - out += i; - in += i; - len -= i; - } - if (len) { - (*ctx->block) (ctx->Yi.c, ctx->EKi.c, key); - ++ctr; - if (IS_LITTLE_ENDIAN) -# ifdef BSWAP4 - ctx->Yi.d[3] = BSWAP4(ctr); -# else - PUTU32(ctx->Yi.c + 12, ctr); -# endif - else - ctx->Yi.d[3] = ctr; - while (len--) { -# if defined(GHASH) - out[n] = (ctx->Xn[mres++] = in[n]) ^ ctx->EKi.c[n]; -# else - u8 c = in[n]; - ctx->Xi.c[mres++] ^= c; - out[n] = c ^ ctx->EKi.c[n]; -# endif - ++n; - } - } - - ctx->mres = mres; - return 0; -#endif -} - -int CRYPTO_gcm128_finish(GCM128_CONTEXT *ctx, const unsigned char *tag, - size_t len) -{ - DECLARE_IS_ENDIAN; - u64 alen = ctx->len.u[0] << 3; - u64 clen = ctx->len.u[1] << 3; -#ifdef GCM_FUNCREF_4BIT - void (*gcm_gmult_p) (u64 Xi[2], const u128 Htable[16]) = ctx->gmult; -# if defined(GHASH) && !defined(OPENSSL_SMALL_FOOTPRINT) - void (*gcm_ghash_p) (u64 Xi[2], const u128 Htable[16], - const u8 *inp, size_t len) = ctx->ghash; -# endif -#endif - -#if defined(GHASH) && !defined(OPENSSL_SMALL_FOOTPRINT) - u128 bitlen; - unsigned int mres = ctx->mres; - - if (mres) { - unsigned blocks = (mres + 15) & -16; - - memset(ctx->Xn + mres, 0, blocks - mres); - mres = blocks; - if (mres == sizeof(ctx->Xn)) { - GHASH(ctx, ctx->Xn, mres); - mres = 0; - } - } else if (ctx->ares) { - GCM_MUL(ctx); - } -#else - if (ctx->mres || ctx->ares) - GCM_MUL(ctx); -#endif - - if (IS_LITTLE_ENDIAN) { -#ifdef BSWAP8 - alen = BSWAP8(alen); - clen = BSWAP8(clen); -#else - u8 *p = ctx->len.c; - - ctx->len.u[0] = alen; - ctx->len.u[1] = clen; - - alen = (u64)GETU32(p) << 32 | GETU32(p + 4); - clen = (u64)GETU32(p + 8) << 32 | GETU32(p + 12); -#endif - } - -#if defined(GHASH) && !defined(OPENSSL_SMALL_FOOTPRINT) - bitlen.hi = alen; - bitlen.lo = clen; - memcpy(ctx->Xn + mres, &bitlen, sizeof(bitlen)); - mres += sizeof(bitlen); - GHASH(ctx, ctx->Xn, mres); -#else - ctx->Xi.u[0] ^= alen; - ctx->Xi.u[1] ^= clen; - GCM_MUL(ctx); -#endif - - ctx->Xi.u[0] ^= ctx->EK0.u[0]; - ctx->Xi.u[1] ^= ctx->EK0.u[1]; - - if (tag && len <= sizeof(ctx->Xi)) - return CRYPTO_memcmp(ctx->Xi.c, tag, len); - else - return -1; -} - -void CRYPTO_gcm128_tag(GCM128_CONTEXT *ctx, unsigned char *tag, size_t len) -{ - CRYPTO_gcm128_finish(ctx, NULL, 0); - memcpy(tag, ctx->Xi.c, - len <= sizeof(ctx->Xi.c) ? len : sizeof(ctx->Xi.c)); -} - -GCM128_CONTEXT *CRYPTO_gcm128_new(void *key, block128_f block) -{ - GCM128_CONTEXT *ret; - - if ((ret = OPENSSL_malloc(sizeof(*ret))) != NULL) - CRYPTO_gcm128_init(ret, key, block); - - return ret; -} - -void CRYPTO_gcm128_release(GCM128_CONTEXT *ctx) -{ - OPENSSL_clear_free(ctx, sizeof(*ctx)); -} diff --git a/crypto/modes/ocb128.c b/crypto/modes/ocb128.c deleted file mode 100644 index b5202ba5bd56f3cd817c2d7824653c7f3c109247..0000000000000000000000000000000000000000 --- a/crypto/modes/ocb128.c +++ /dev/null @@ -1,562 +0,0 @@ -/* - * Copyright 2014-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include "crypto/modes.h" - -#ifndef OPENSSL_NO_OCB - -/* - * Calculate the number of binary trailing zero's in any given number - */ -static u32 ocb_ntz(u64 n) -{ - u32 cnt = 0; - - /* - * We do a right-to-left simple sequential search. This is surprisingly - * efficient as the distribution of trailing zeros is not uniform, - * e.g. the number of possible inputs with no trailing zeros is equal to - * the number with 1 or more; the number with exactly 1 is equal to the - * number with 2 or more, etc. Checking the last two bits covers 75% of - * all numbers. Checking the last three covers 87.5% - */ - while (!(n & 1)) { - n >>= 1; - cnt++; - } - return cnt; -} - -/* - * Shift a block of 16 bytes left by shift bits - */ -static void ocb_block_lshift(const unsigned char *in, size_t shift, - unsigned char *out) -{ - int i; - unsigned char carry = 0, carry_next; - - for (i = 15; i >= 0; i--) { - carry_next = in[i] >> (8 - shift); - out[i] = (in[i] << shift) | carry; - carry = carry_next; - } -} - -/* - * Perform a "double" operation as per OCB spec - */ -static void ocb_double(OCB_BLOCK *in, OCB_BLOCK *out) -{ - unsigned char mask; - - /* - * Calculate the mask based on the most significant bit. There are more - * efficient ways to do this - but this way is constant time - */ - mask = in->c[0] & 0x80; - mask >>= 7; - mask = (0 - mask) & 0x87; - - ocb_block_lshift(in->c, 1, out->c); - - out->c[15] ^= mask; -} - -/* - * Perform an xor on in1 and in2 - each of len bytes. Store result in out - */ -static void ocb_block_xor(const unsigned char *in1, - const unsigned char *in2, size_t len, - unsigned char *out) -{ - size_t i; - for (i = 0; i < len; i++) { - out[i] = in1[i] ^ in2[i]; - } -} - -/* - * Lookup L_index in our lookup table. If we haven't already got it we need to - * calculate it - */ -static OCB_BLOCK *ocb_lookup_l(OCB128_CONTEXT *ctx, size_t idx) -{ - size_t l_index = ctx->l_index; - - if (idx <= l_index) { - return ctx->l + idx; - } - - /* We don't have it - so calculate it */ - if (idx >= ctx->max_l_index) { - void *tmp_ptr; - /* - * Each additional entry allows to process almost double as - * much data, so that in linear world the table will need to - * be expanded with smaller and smaller increments. Originally - * it was doubling in size, which was a waste. Growing it - * linearly is not formally optimal, but is simpler to implement. - * We grow table by minimally required 4*n that would accommodate - * the index. - */ - ctx->max_l_index += (idx - ctx->max_l_index + 4) & ~3; - tmp_ptr = OPENSSL_realloc(ctx->l, ctx->max_l_index * sizeof(OCB_BLOCK)); - if (tmp_ptr == NULL) /* prevent ctx->l from being clobbered */ - return NULL; - ctx->l = tmp_ptr; - } - while (l_index < idx) { - ocb_double(ctx->l + l_index, ctx->l + l_index + 1); - l_index++; - } - ctx->l_index = l_index; - - return ctx->l + idx; -} - -/* - * Create a new OCB128_CONTEXT - */ -OCB128_CONTEXT *CRYPTO_ocb128_new(void *keyenc, void *keydec, - block128_f encrypt, block128_f decrypt, - ocb128_f stream) -{ - OCB128_CONTEXT *octx; - int ret; - - if ((octx = OPENSSL_malloc(sizeof(*octx))) != NULL) { - ret = CRYPTO_ocb128_init(octx, keyenc, keydec, encrypt, decrypt, - stream); - if (ret) - return octx; - OPENSSL_free(octx); - } - - return NULL; -} - -/* - * Initialise an existing OCB128_CONTEXT - */ -int CRYPTO_ocb128_init(OCB128_CONTEXT *ctx, void *keyenc, void *keydec, - block128_f encrypt, block128_f decrypt, - ocb128_f stream) -{ - memset(ctx, 0, sizeof(*ctx)); - ctx->l_index = 0; - ctx->max_l_index = 5; - if ((ctx->l = OPENSSL_malloc(ctx->max_l_index * 16)) == NULL) { - ERR_raise(ERR_LIB_CRYPTO, ERR_R_MALLOC_FAILURE); - return 0; - } - - /* - * We set both the encryption and decryption key schedules - decryption - * needs both. Don't really need decryption schedule if only doing - * encryption - but it simplifies things to take it anyway - */ - ctx->encrypt = encrypt; - ctx->decrypt = decrypt; - ctx->stream = stream; - ctx->keyenc = keyenc; - ctx->keydec = keydec; - - /* L_* = ENCIPHER(K, zeros(128)) */ - ctx->encrypt(ctx->l_star.c, ctx->l_star.c, ctx->keyenc); - - /* L_$ = double(L_*) */ - ocb_double(&ctx->l_star, &ctx->l_dollar); - - /* L_0 = double(L_$) */ - ocb_double(&ctx->l_dollar, ctx->l); - - /* L_{i} = double(L_{i-1}) */ - ocb_double(ctx->l, ctx->l+1); - ocb_double(ctx->l+1, ctx->l+2); - ocb_double(ctx->l+2, ctx->l+3); - ocb_double(ctx->l+3, ctx->l+4); - ctx->l_index = 4; /* enough to process up to 496 bytes */ - - return 1; -} - -/* - * Copy an OCB128_CONTEXT object - */ -int CRYPTO_ocb128_copy_ctx(OCB128_CONTEXT *dest, OCB128_CONTEXT *src, - void *keyenc, void *keydec) -{ - memcpy(dest, src, sizeof(OCB128_CONTEXT)); - if (keyenc) - dest->keyenc = keyenc; - if (keydec) - dest->keydec = keydec; - if (src->l) { - if ((dest->l = OPENSSL_malloc(src->max_l_index * 16)) == NULL) { - ERR_raise(ERR_LIB_CRYPTO, ERR_R_MALLOC_FAILURE); - return 0; - } - memcpy(dest->l, src->l, (src->l_index + 1) * 16); - } - return 1; -} - -/* - * Set the IV to be used for this operation. Must be 1 - 15 bytes. - */ -int CRYPTO_ocb128_setiv(OCB128_CONTEXT *ctx, const unsigned char *iv, - size_t len, size_t taglen) -{ - unsigned char ktop[16], tmp[16], mask; - unsigned char stretch[24], nonce[16]; - size_t bottom, shift; - - /* - * Spec says IV is 120 bits or fewer - it allows non byte aligned lengths. - * We don't support this at this stage - */ - if ((len > 15) || (len < 1) || (taglen > 16) || (taglen < 1)) { - return -1; - } - - /* Reset nonce-dependent variables */ - memset(&ctx->sess, 0, sizeof(ctx->sess)); - - /* Nonce = num2str(TAGLEN mod 128,7) || zeros(120-bitlen(N)) || 1 || N */ - nonce[0] = ((taglen * 8) % 128) << 1; - memset(nonce + 1, 0, 15); - memcpy(nonce + 16 - len, iv, len); - nonce[15 - len] |= 1; - - /* Ktop = ENCIPHER(K, Nonce[1..122] || zeros(6)) */ - memcpy(tmp, nonce, 16); - tmp[15] &= 0xc0; - ctx->encrypt(tmp, ktop, ctx->keyenc); - - /* Stretch = Ktop || (Ktop[1..64] xor Ktop[9..72]) */ - memcpy(stretch, ktop, 16); - ocb_block_xor(ktop, ktop + 1, 8, stretch + 16); - - /* bottom = str2num(Nonce[123..128]) */ - bottom = nonce[15] & 0x3f; - - /* Offset_0 = Stretch[1+bottom..128+bottom] */ - shift = bottom % 8; - ocb_block_lshift(stretch + (bottom / 8), shift, ctx->sess.offset.c); - mask = 0xff; - mask <<= 8 - shift; - ctx->sess.offset.c[15] |= - (*(stretch + (bottom / 8) + 16) & mask) >> (8 - shift); - - return 1; -} - -/* - * Provide any AAD. This can be called multiple times. Only the final time can - * have a partial block - */ -int CRYPTO_ocb128_aad(OCB128_CONTEXT *ctx, const unsigned char *aad, - size_t len) -{ - u64 i, all_num_blocks; - size_t num_blocks, last_len; - OCB_BLOCK tmp; - - /* Calculate the number of blocks of AAD provided now, and so far */ - num_blocks = len / 16; - all_num_blocks = num_blocks + ctx->sess.blocks_hashed; - - /* Loop through all full blocks of AAD */ - for (i = ctx->sess.blocks_hashed + 1; i <= all_num_blocks; i++) { - OCB_BLOCK *lookup; - - /* Offset_i = Offset_{i-1} xor L_{ntz(i)} */ - lookup = ocb_lookup_l(ctx, ocb_ntz(i)); - if (lookup == NULL) - return 0; - ocb_block16_xor(&ctx->sess.offset_aad, lookup, &ctx->sess.offset_aad); - - memcpy(tmp.c, aad, 16); - aad += 16; - - /* Sum_i = Sum_{i-1} xor ENCIPHER(K, A_i xor Offset_i) */ - ocb_block16_xor(&ctx->sess.offset_aad, &tmp, &tmp); - ctx->encrypt(tmp.c, tmp.c, ctx->keyenc); - ocb_block16_xor(&tmp, &ctx->sess.sum, &ctx->sess.sum); - } - - /* - * Check if we have any partial blocks left over. This is only valid in the - * last call to this function - */ - last_len = len % 16; - - if (last_len > 0) { - /* Offset_* = Offset_m xor L_* */ - ocb_block16_xor(&ctx->sess.offset_aad, &ctx->l_star, - &ctx->sess.offset_aad); - - /* CipherInput = (A_* || 1 || zeros(127-bitlen(A_*))) xor Offset_* */ - memset(tmp.c, 0, 16); - memcpy(tmp.c, aad, last_len); - tmp.c[last_len] = 0x80; - ocb_block16_xor(&ctx->sess.offset_aad, &tmp, &tmp); - - /* Sum = Sum_m xor ENCIPHER(K, CipherInput) */ - ctx->encrypt(tmp.c, tmp.c, ctx->keyenc); - ocb_block16_xor(&tmp, &ctx->sess.sum, &ctx->sess.sum); - } - - ctx->sess.blocks_hashed = all_num_blocks; - - return 1; -} - -/* - * Provide any data to be encrypted. This can be called multiple times. Only - * the final time can have a partial block - */ -int CRYPTO_ocb128_encrypt(OCB128_CONTEXT *ctx, - const unsigned char *in, unsigned char *out, - size_t len) -{ - u64 i, all_num_blocks; - size_t num_blocks, last_len; - - /* - * Calculate the number of blocks of data to be encrypted provided now, and - * so far - */ - num_blocks = len / 16; - all_num_blocks = num_blocks + ctx->sess.blocks_processed; - - if (num_blocks && all_num_blocks == (size_t)all_num_blocks - && ctx->stream != NULL) { - size_t max_idx = 0, top = (size_t)all_num_blocks; - - /* - * See how many L_{i} entries we need to process data at hand - * and pre-compute missing entries in the table [if any]... - */ - while (top >>= 1) - max_idx++; - if (ocb_lookup_l(ctx, max_idx) == NULL) - return 0; - - ctx->stream(in, out, num_blocks, ctx->keyenc, - (size_t)ctx->sess.blocks_processed + 1, ctx->sess.offset.c, - (const unsigned char (*)[16])ctx->l, ctx->sess.checksum.c); - } else { - /* Loop through all full blocks to be encrypted */ - for (i = ctx->sess.blocks_processed + 1; i <= all_num_blocks; i++) { - OCB_BLOCK *lookup; - OCB_BLOCK tmp; - - /* Offset_i = Offset_{i-1} xor L_{ntz(i)} */ - lookup = ocb_lookup_l(ctx, ocb_ntz(i)); - if (lookup == NULL) - return 0; - ocb_block16_xor(&ctx->sess.offset, lookup, &ctx->sess.offset); - - memcpy(tmp.c, in, 16); - in += 16; - - /* Checksum_i = Checksum_{i-1} xor P_i */ - ocb_block16_xor(&tmp, &ctx->sess.checksum, &ctx->sess.checksum); - - /* C_i = Offset_i xor ENCIPHER(K, P_i xor Offset_i) */ - ocb_block16_xor(&ctx->sess.offset, &tmp, &tmp); - ctx->encrypt(tmp.c, tmp.c, ctx->keyenc); - ocb_block16_xor(&ctx->sess.offset, &tmp, &tmp); - - memcpy(out, tmp.c, 16); - out += 16; - } - } - - /* - * Check if we have any partial blocks left over. This is only valid in the - * last call to this function - */ - last_len = len % 16; - - if (last_len > 0) { - OCB_BLOCK pad; - - /* Offset_* = Offset_m xor L_* */ - ocb_block16_xor(&ctx->sess.offset, &ctx->l_star, &ctx->sess.offset); - - /* Pad = ENCIPHER(K, Offset_*) */ - ctx->encrypt(ctx->sess.offset.c, pad.c, ctx->keyenc); - - /* C_* = P_* xor Pad[1..bitlen(P_*)] */ - ocb_block_xor(in, pad.c, last_len, out); - - /* Checksum_* = Checksum_m xor (P_* || 1 || zeros(127-bitlen(P_*))) */ - memset(pad.c, 0, 16); /* borrow pad */ - memcpy(pad.c, in, last_len); - pad.c[last_len] = 0x80; - ocb_block16_xor(&pad, &ctx->sess.checksum, &ctx->sess.checksum); - } - - ctx->sess.blocks_processed = all_num_blocks; - - return 1; -} - -/* - * Provide any data to be decrypted. This can be called multiple times. Only - * the final time can have a partial block - */ -int CRYPTO_ocb128_decrypt(OCB128_CONTEXT *ctx, - const unsigned char *in, unsigned char *out, - size_t len) -{ - u64 i, all_num_blocks; - size_t num_blocks, last_len; - - /* - * Calculate the number of blocks of data to be decrypted provided now, and - * so far - */ - num_blocks = len / 16; - all_num_blocks = num_blocks + ctx->sess.blocks_processed; - - if (num_blocks && all_num_blocks == (size_t)all_num_blocks - && ctx->stream != NULL) { - size_t max_idx = 0, top = (size_t)all_num_blocks; - - /* - * See how many L_{i} entries we need to process data at hand - * and pre-compute missing entries in the table [if any]... - */ - while (top >>= 1) - max_idx++; - if (ocb_lookup_l(ctx, max_idx) == NULL) - return 0; - - ctx->stream(in, out, num_blocks, ctx->keydec, - (size_t)ctx->sess.blocks_processed + 1, ctx->sess.offset.c, - (const unsigned char (*)[16])ctx->l, ctx->sess.checksum.c); - } else { - OCB_BLOCK tmp; - - /* Loop through all full blocks to be decrypted */ - for (i = ctx->sess.blocks_processed + 1; i <= all_num_blocks; i++) { - - /* Offset_i = Offset_{i-1} xor L_{ntz(i)} */ - OCB_BLOCK *lookup = ocb_lookup_l(ctx, ocb_ntz(i)); - if (lookup == NULL) - return 0; - ocb_block16_xor(&ctx->sess.offset, lookup, &ctx->sess.offset); - - memcpy(tmp.c, in, 16); - in += 16; - - /* P_i = Offset_i xor DECIPHER(K, C_i xor Offset_i) */ - ocb_block16_xor(&ctx->sess.offset, &tmp, &tmp); - ctx->decrypt(tmp.c, tmp.c, ctx->keydec); - ocb_block16_xor(&ctx->sess.offset, &tmp, &tmp); - - /* Checksum_i = Checksum_{i-1} xor P_i */ - ocb_block16_xor(&tmp, &ctx->sess.checksum, &ctx->sess.checksum); - - memcpy(out, tmp.c, 16); - out += 16; - } - } - - /* - * Check if we have any partial blocks left over. This is only valid in the - * last call to this function - */ - last_len = len % 16; - - if (last_len > 0) { - OCB_BLOCK pad; - - /* Offset_* = Offset_m xor L_* */ - ocb_block16_xor(&ctx->sess.offset, &ctx->l_star, &ctx->sess.offset); - - /* Pad = ENCIPHER(K, Offset_*) */ - ctx->encrypt(ctx->sess.offset.c, pad.c, ctx->keyenc); - - /* P_* = C_* xor Pad[1..bitlen(C_*)] */ - ocb_block_xor(in, pad.c, last_len, out); - - /* Checksum_* = Checksum_m xor (P_* || 1 || zeros(127-bitlen(P_*))) */ - memset(pad.c, 0, 16); /* borrow pad */ - memcpy(pad.c, out, last_len); - pad.c[last_len] = 0x80; - ocb_block16_xor(&pad, &ctx->sess.checksum, &ctx->sess.checksum); - } - - ctx->sess.blocks_processed = all_num_blocks; - - return 1; -} - -static int ocb_finish(OCB128_CONTEXT *ctx, unsigned char *tag, size_t len, - int write) -{ - OCB_BLOCK tmp; - - if (len > 16 || len < 1) { - return -1; - } - - /* - * Tag = ENCIPHER(K, Checksum_* xor Offset_* xor L_$) xor HASH(K,A) - */ - ocb_block16_xor(&ctx->sess.checksum, &ctx->sess.offset, &tmp); - ocb_block16_xor(&ctx->l_dollar, &tmp, &tmp); - ctx->encrypt(tmp.c, tmp.c, ctx->keyenc); - ocb_block16_xor(&tmp, &ctx->sess.sum, &tmp); - - if (write) { - memcpy(tag, &tmp, len); - return 1; - } else { - return CRYPTO_memcmp(&tmp, tag, len); - } -} - -/* - * Calculate the tag and verify it against the supplied tag - */ -int CRYPTO_ocb128_finish(OCB128_CONTEXT *ctx, const unsigned char *tag, - size_t len) -{ - return ocb_finish(ctx, (unsigned char*)tag, len, 0); -} - -/* - * Retrieve the calculated tag - */ -int CRYPTO_ocb128_tag(OCB128_CONTEXT *ctx, unsigned char *tag, size_t len) -{ - return ocb_finish(ctx, tag, len, 1); -} - -/* - * Release all resources - */ -void CRYPTO_ocb128_cleanup(OCB128_CONTEXT *ctx) -{ - if (ctx) { - OPENSSL_clear_free(ctx->l, ctx->max_l_index * 16); - OPENSSL_cleanse(ctx, sizeof(*ctx)); - } -} - -#endif /* OPENSSL_NO_OCB */ diff --git a/crypto/modes/ofb128.c b/crypto/modes/ofb128.c deleted file mode 100644 index d8319f861ed4a062495629fd47d3f6d2d8191516..0000000000000000000000000000000000000000 --- a/crypto/modes/ofb128.c +++ /dev/null @@ -1,86 +0,0 @@ -/* - * Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include "crypto/modes.h" - -#if defined(__GNUC__) && !defined(STRICT_ALIGNMENT) -typedef size_t size_t_aX __attribute((__aligned__(1))); -#else -typedef size_t size_t_aX; -#endif - -/* - * The input and output encrypted as though 128bit ofb mode is being used. - * The extra state information to record how much of the 128bit block we have - * used is contained in *num; - */ -void CRYPTO_ofb128_encrypt(const unsigned char *in, unsigned char *out, - size_t len, const void *key, - unsigned char ivec[16], int *num, block128_f block) -{ - unsigned int n; - size_t l = 0; - - if (*num < 0) { - /* There is no good way to signal an error return from here */ - *num = -1; - return; - } - n = *num; - -#if !defined(OPENSSL_SMALL_FOOTPRINT) - if (16 % sizeof(size_t) == 0) { /* always true actually */ - do { - while (n && len) { - *(out++) = *(in++) ^ ivec[n]; - --len; - n = (n + 1) % 16; - } -# if defined(STRICT_ALIGNMENT) - if (((size_t)in | (size_t)out | (size_t)ivec) % sizeof(size_t) != - 0) - break; -# endif - while (len >= 16) { - (*block) (ivec, ivec, key); - for (; n < 16; n += sizeof(size_t)) - *(size_t_aX *)(out + n) = - *(size_t_aX *)(in + n) - ^ *(size_t_aX *)(ivec + n); - len -= 16; - out += 16; - in += 16; - n = 0; - } - if (len) { - (*block) (ivec, ivec, key); - while (len--) { - out[n] = in[n] ^ ivec[n]; - ++n; - } - } - *num = n; - return; - } while (0); - } - /* the rest would be commonly eliminated by x86* compiler */ -#endif - while (l < len) { - if (n == 0) { - (*block) (ivec, ivec, key); - } - out[l] = in[l] ^ ivec[n]; - ++l; - n = (n + 1) % 16; - } - - *num = n; -} diff --git a/crypto/modes/siv128.c b/crypto/modes/siv128.c deleted file mode 100644 index e6348a8d3753cc818ea681616d43f0880f1d0616..0000000000000000000000000000000000000000 --- a/crypto/modes/siv128.c +++ /dev/null @@ -1,393 +0,0 @@ -/* - * Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include -#include -#include -#include "internal/endian.h" -#include "crypto/modes.h" -#include "crypto/siv.h" - -#ifndef OPENSSL_NO_SIV - -__owur static ossl_inline uint32_t rotl8(uint32_t x) -{ - return (x << 8) | (x >> 24); -} - -__owur static ossl_inline uint32_t rotr8(uint32_t x) -{ - return (x >> 8) | (x << 24); -} - -__owur static ossl_inline uint64_t byteswap8(uint64_t x) -{ - uint32_t high = (uint32_t)(x >> 32); - uint32_t low = (uint32_t)x; - - high = (rotl8(high) & 0x00ff00ff) | (rotr8(high) & 0xff00ff00); - low = (rotl8(low) & 0x00ff00ff) | (rotr8(low) & 0xff00ff00); - return ((uint64_t)low) << 32 | (uint64_t)high; -} - -__owur static ossl_inline uint64_t siv128_getword(SIV_BLOCK const *b, size_t i) -{ - DECLARE_IS_ENDIAN; - - if (IS_LITTLE_ENDIAN) - return byteswap8(b->word[i]); - return b->word[i]; -} - -static ossl_inline void siv128_putword(SIV_BLOCK *b, size_t i, uint64_t x) -{ - DECLARE_IS_ENDIAN; - - if (IS_LITTLE_ENDIAN) - b->word[i] = byteswap8(x); - else - b->word[i] = x; -} - -static ossl_inline void siv128_xorblock(SIV_BLOCK *x, - SIV_BLOCK const *y) -{ - x->word[0] ^= y->word[0]; - x->word[1] ^= y->word[1]; -} - -/* - * Doubles |b|, which is 16 bytes representing an element - * of GF(2**128) modulo the irreducible polynomial - * x**128 + x**7 + x**2 + x + 1. - * Assumes two's-complement arithmetic - */ -static ossl_inline void siv128_dbl(SIV_BLOCK *b) -{ - uint64_t high = siv128_getword(b, 0); - uint64_t low = siv128_getword(b, 1); - uint64_t high_carry = high & (((uint64_t)1) << 63); - uint64_t low_carry = low & (((uint64_t)1) << 63); - int64_t low_mask = -((int64_t)(high_carry >> 63)) & 0x87; - uint64_t high_mask = low_carry >> 63; - - high = (high << 1) | high_mask; - low = (low << 1) ^ (uint64_t)low_mask; - siv128_putword(b, 0, high); - siv128_putword(b, 1, low); -} - -__owur static ossl_inline int siv128_do_s2v_p(SIV128_CONTEXT *ctx, SIV_BLOCK *out, - unsigned char const* in, size_t len) -{ - SIV_BLOCK t; - size_t out_len = sizeof(out->byte); - EVP_MAC_CTX *mac_ctx; - int ret = 0; - - mac_ctx = EVP_MAC_CTX_dup(ctx->mac_ctx_init); - if (mac_ctx == NULL) - return 0; - - if (len >= SIV_LEN) { - if (!EVP_MAC_update(mac_ctx, in, len - SIV_LEN)) - goto err; - memcpy(&t, in + (len-SIV_LEN), SIV_LEN); - siv128_xorblock(&t, &ctx->d); - if (!EVP_MAC_update(mac_ctx, t.byte, SIV_LEN)) - goto err; - } else { - memset(&t, 0, sizeof(t)); - memcpy(&t, in, len); - t.byte[len] = 0x80; - siv128_dbl(&ctx->d); - siv128_xorblock(&t, &ctx->d); - if (!EVP_MAC_update(mac_ctx, t.byte, SIV_LEN)) - goto err; - } - if (!EVP_MAC_final(mac_ctx, out->byte, &out_len, sizeof(out->byte)) - || out_len != SIV_LEN) - goto err; - - ret = 1; - -err: - EVP_MAC_CTX_free(mac_ctx); - return ret; -} - - -__owur static ossl_inline int siv128_do_encrypt(EVP_CIPHER_CTX *ctx, unsigned char *out, - unsigned char const *in, size_t len, - SIV_BLOCK *icv) -{ - int out_len = (int)len; - - if (!EVP_CipherInit_ex(ctx, NULL, NULL, NULL, icv->byte, 1)) - return 0; - return EVP_EncryptUpdate(ctx, out, &out_len, in, out_len); -} - -/* - * Create a new SIV128_CONTEXT - */ -SIV128_CONTEXT *ossl_siv128_new(const unsigned char *key, int klen, - EVP_CIPHER *cbc, EVP_CIPHER *ctr, - OSSL_LIB_CTX *libctx, const char *propq) -{ - SIV128_CONTEXT *ctx; - int ret; - - if ((ctx = OPENSSL_malloc(sizeof(*ctx))) != NULL) { - ret = ossl_siv128_init(ctx, key, klen, cbc, ctr, libctx, propq); - if (ret) - return ctx; - OPENSSL_free(ctx); - } - - return NULL; -} - -/* - * Initialise an existing SIV128_CONTEXT - */ -int ossl_siv128_init(SIV128_CONTEXT *ctx, const unsigned char *key, int klen, - const EVP_CIPHER *cbc, const EVP_CIPHER *ctr, - OSSL_LIB_CTX *libctx, const char *propq) -{ - static const unsigned char zero[SIV_LEN] = { 0 }; - size_t out_len = SIV_LEN; - EVP_MAC_CTX *mac_ctx = NULL; - OSSL_PARAM params[3]; - const char *cbc_name; - - if (ctx == NULL) - return 0; - - memset(&ctx->d, 0, sizeof(ctx->d)); - EVP_CIPHER_CTX_free(ctx->cipher_ctx); - EVP_MAC_CTX_free(ctx->mac_ctx_init); - EVP_MAC_free(ctx->mac); - ctx->mac = NULL; - ctx->cipher_ctx = NULL; - ctx->mac_ctx_init = NULL; - - if (key == NULL || cbc == NULL || ctr == NULL) - return 0; - - cbc_name = EVP_CIPHER_get0_name(cbc); - params[0] = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_CIPHER, - (char *)cbc_name, 0); - params[1] = OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_KEY, - (void *)key, klen); - params[2] = OSSL_PARAM_construct_end(); - - if ((ctx->cipher_ctx = EVP_CIPHER_CTX_new()) == NULL - || (ctx->mac = - EVP_MAC_fetch(libctx, OSSL_MAC_NAME_CMAC, propq)) == NULL - || (ctx->mac_ctx_init = EVP_MAC_CTX_new(ctx->mac)) == NULL - || !EVP_MAC_CTX_set_params(ctx->mac_ctx_init, params) - || !EVP_EncryptInit_ex(ctx->cipher_ctx, ctr, NULL, key + klen, NULL) - || (mac_ctx = EVP_MAC_CTX_dup(ctx->mac_ctx_init)) == NULL - || !EVP_MAC_update(mac_ctx, zero, sizeof(zero)) - || !EVP_MAC_final(mac_ctx, ctx->d.byte, &out_len, - sizeof(ctx->d.byte))) { - EVP_CIPHER_CTX_free(ctx->cipher_ctx); - EVP_MAC_CTX_free(ctx->mac_ctx_init); - EVP_MAC_CTX_free(mac_ctx); - EVP_MAC_free(ctx->mac); - return 0; - } - EVP_MAC_CTX_free(mac_ctx); - - ctx->final_ret = -1; - ctx->crypto_ok = 1; - - return 1; -} - -/* - * Copy an SIV128_CONTEXT object - */ -int ossl_siv128_copy_ctx(SIV128_CONTEXT *dest, SIV128_CONTEXT *src) -{ - memcpy(&dest->d, &src->d, sizeof(src->d)); - if (dest->cipher_ctx == NULL) { - dest->cipher_ctx = EVP_CIPHER_CTX_new(); - if (dest->cipher_ctx == NULL) - return 0; - } - if (!EVP_CIPHER_CTX_copy(dest->cipher_ctx, src->cipher_ctx)) - return 0; - EVP_MAC_CTX_free(dest->mac_ctx_init); - dest->mac_ctx_init = EVP_MAC_CTX_dup(src->mac_ctx_init); - if (dest->mac_ctx_init == NULL) - return 0; - dest->mac = src->mac; - if (dest->mac != NULL) - EVP_MAC_up_ref(dest->mac); - return 1; -} - -/* - * Provide any AAD. This can be called multiple times. - * Per RFC5297, the last piece of associated data - * is the nonce, but it's not treated special - */ -int ossl_siv128_aad(SIV128_CONTEXT *ctx, const unsigned char *aad, - size_t len) -{ - SIV_BLOCK mac_out; - size_t out_len = SIV_LEN; - EVP_MAC_CTX *mac_ctx; - - siv128_dbl(&ctx->d); - - if ((mac_ctx = EVP_MAC_CTX_dup(ctx->mac_ctx_init)) == NULL - || !EVP_MAC_update(mac_ctx, aad, len) - || !EVP_MAC_final(mac_ctx, mac_out.byte, &out_len, - sizeof(mac_out.byte)) - || out_len != SIV_LEN) { - EVP_MAC_CTX_free(mac_ctx); - return 0; - } - EVP_MAC_CTX_free(mac_ctx); - - siv128_xorblock(&ctx->d, &mac_out); - - return 1; -} - -/* - * Provide any data to be encrypted. This can be called once. - */ -int ossl_siv128_encrypt(SIV128_CONTEXT *ctx, - const unsigned char *in, unsigned char *out, - size_t len) -{ - SIV_BLOCK q; - - /* can only do one crypto operation */ - if (ctx->crypto_ok == 0) - return 0; - ctx->crypto_ok--; - - if (!siv128_do_s2v_p(ctx, &q, in, len)) - return 0; - - memcpy(ctx->tag.byte, &q, SIV_LEN); - q.byte[8] &= 0x7f; - q.byte[12] &= 0x7f; - - if (!siv128_do_encrypt(ctx->cipher_ctx, out, in, len, &q)) - return 0; - ctx->final_ret = 0; - return len; -} - -/* - * Provide any data to be decrypted. This can be called once. - */ -int ossl_siv128_decrypt(SIV128_CONTEXT *ctx, - const unsigned char *in, unsigned char *out, - size_t len) -{ - unsigned char* p; - SIV_BLOCK t, q; - int i; - - /* can only do one crypto operation */ - if (ctx->crypto_ok == 0) - return 0; - ctx->crypto_ok--; - - memcpy(&q, ctx->tag.byte, SIV_LEN); - q.byte[8] &= 0x7f; - q.byte[12] &= 0x7f; - - if (!siv128_do_encrypt(ctx->cipher_ctx, out, in, len, &q) - || !siv128_do_s2v_p(ctx, &t, out, len)) - return 0; - - p = ctx->tag.byte; - for (i = 0; i < SIV_LEN; i++) - t.byte[i] ^= p[i]; - - if ((t.word[0] | t.word[1]) != 0) { - OPENSSL_cleanse(out, len); - return 0; - } - ctx->final_ret = 0; - return len; -} - -/* - * Return the already calculated final result. - */ -int ossl_siv128_finish(SIV128_CONTEXT *ctx) -{ - return ctx->final_ret; -} - -/* - * Set the tag - */ -int ossl_siv128_set_tag(SIV128_CONTEXT *ctx, const unsigned char *tag, size_t len) -{ - if (len != SIV_LEN) - return 0; - - /* Copy the tag from the supplied buffer */ - memcpy(ctx->tag.byte, tag, len); - return 1; -} - -/* - * Retrieve the calculated tag - */ -int ossl_siv128_get_tag(SIV128_CONTEXT *ctx, unsigned char *tag, size_t len) -{ - if (len != SIV_LEN) - return 0; - - /* Copy the tag into the supplied buffer */ - memcpy(tag, ctx->tag.byte, len); - return 1; -} - -/* - * Release all resources - */ -int ossl_siv128_cleanup(SIV128_CONTEXT *ctx) -{ - if (ctx != NULL) { - EVP_CIPHER_CTX_free(ctx->cipher_ctx); - ctx->cipher_ctx = NULL; - EVP_MAC_CTX_free(ctx->mac_ctx_init); - ctx->mac_ctx_init = NULL; - EVP_MAC_free(ctx->mac); - ctx->mac = NULL; - OPENSSL_cleanse(&ctx->d, sizeof(ctx->d)); - OPENSSL_cleanse(&ctx->tag, sizeof(ctx->tag)); - ctx->final_ret = -1; - ctx->crypto_ok = 1; - } - return 1; -} - -int ossl_siv128_speed(SIV128_CONTEXT *ctx, int arg) -{ - ctx->crypto_ok = (arg == 1) ? -1 : 1; - return 1; -} - -#endif /* OPENSSL_NO_SIV */ diff --git a/crypto/modes/wrap128.c b/crypto/modes/wrap128.c deleted file mode 100644 index a9622c16bd7627eaabacaa92833887b76e7e24e5..0000000000000000000000000000000000000000 --- a/crypto/modes/wrap128.c +++ /dev/null @@ -1,331 +0,0 @@ -/* - * Copyright 2013-2018 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/** Beware! - * - * Following wrapping modes were designed for AES but this implementation - * allows you to use them for any 128 bit block cipher. - */ - -#include "internal/cryptlib.h" -#include - -/** RFC 3394 section 2.2.3.1 Default Initial Value */ -static const unsigned char default_iv[] = { - 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, -}; - -/** RFC 5649 section 3 Alternative Initial Value 32-bit constant */ -static const unsigned char default_aiv[] = { - 0xA6, 0x59, 0x59, 0xA6 -}; - -/** Input size limit: lower than maximum of standards but far larger than - * anything that will be used in practice. - */ -#define CRYPTO128_WRAP_MAX (1UL << 31) - -/** Wrapping according to RFC 3394 section 2.2.1. - * - * @param[in] key Key value. - * @param[in] iv IV value. Length = 8 bytes. NULL = use default_iv. - * @param[in] in Plaintext as n 64-bit blocks, n >= 2. - * @param[in] inlen Length of in. - * @param[out] out Ciphertext. Minimal buffer length = (inlen + 8) bytes. - * Input and output buffers can overlap if block function - * supports that. - * @param[in] block Block processing function. - * @return 0 if inlen does not consist of n 64-bit blocks, n >= 2. - * or if inlen > CRYPTO128_WRAP_MAX. - * Output length if wrapping succeeded. - */ -size_t CRYPTO_128_wrap(void *key, const unsigned char *iv, - unsigned char *out, - const unsigned char *in, size_t inlen, - block128_f block) -{ - unsigned char *A, B[16], *R; - size_t i, j, t; - if ((inlen & 0x7) || (inlen < 16) || (inlen > CRYPTO128_WRAP_MAX)) - return 0; - A = B; - t = 1; - memmove(out + 8, in, inlen); - if (!iv) - iv = default_iv; - - memcpy(A, iv, 8); - - for (j = 0; j < 6; j++) { - R = out + 8; - for (i = 0; i < inlen; i += 8, t++, R += 8) { - memcpy(B + 8, R, 8); - block(B, B, key); - A[7] ^= (unsigned char)(t & 0xff); - if (t > 0xff) { - A[6] ^= (unsigned char)((t >> 8) & 0xff); - A[5] ^= (unsigned char)((t >> 16) & 0xff); - A[4] ^= (unsigned char)((t >> 24) & 0xff); - } - memcpy(R, B + 8, 8); - } - } - memcpy(out, A, 8); - return inlen + 8; -} - -/** Unwrapping according to RFC 3394 section 2.2.2 steps 1-2. - * The IV check (step 3) is responsibility of the caller. - * - * @param[in] key Key value. - * @param[out] iv Unchecked IV value. Minimal buffer length = 8 bytes. - * @param[out] out Plaintext without IV. - * Minimal buffer length = (inlen - 8) bytes. - * Input and output buffers can overlap if block function - * supports that. - * @param[in] in Ciphertext as n 64-bit blocks. - * @param[in] inlen Length of in. - * @param[in] block Block processing function. - * @return 0 if inlen is out of range [24, CRYPTO128_WRAP_MAX] - * or if inlen is not a multiple of 8. - * Output length otherwise. - */ -static size_t crypto_128_unwrap_raw(void *key, unsigned char *iv, - unsigned char *out, - const unsigned char *in, size_t inlen, - block128_f block) -{ - unsigned char *A, B[16], *R; - size_t i, j, t; - inlen -= 8; - if ((inlen & 0x7) || (inlen < 16) || (inlen > CRYPTO128_WRAP_MAX)) - return 0; - A = B; - t = 6 * (inlen >> 3); - memcpy(A, in, 8); - memmove(out, in + 8, inlen); - for (j = 0; j < 6; j++) { - R = out + inlen - 8; - for (i = 0; i < inlen; i += 8, t--, R -= 8) { - A[7] ^= (unsigned char)(t & 0xff); - if (t > 0xff) { - A[6] ^= (unsigned char)((t >> 8) & 0xff); - A[5] ^= (unsigned char)((t >> 16) & 0xff); - A[4] ^= (unsigned char)((t >> 24) & 0xff); - } - memcpy(B + 8, R, 8); - block(B, B, key); - memcpy(R, B + 8, 8); - } - } - memcpy(iv, A, 8); - return inlen; -} - -/** Unwrapping according to RFC 3394 section 2.2.2, including the IV check. - * The first block of plaintext has to match the supplied IV, otherwise an - * error is returned. - * - * @param[in] key Key value. - * @param[out] iv IV value to match against. Length = 8 bytes. - * NULL = use default_iv. - * @param[out] out Plaintext without IV. - * Minimal buffer length = (inlen - 8) bytes. - * Input and output buffers can overlap if block function - * supports that. - * @param[in] in Ciphertext as n 64-bit blocks. - * @param[in] inlen Length of in. - * @param[in] block Block processing function. - * @return 0 if inlen is out of range [24, CRYPTO128_WRAP_MAX] - * or if inlen is not a multiple of 8 - * or if IV doesn't match expected value. - * Output length otherwise. - */ -size_t CRYPTO_128_unwrap(void *key, const unsigned char *iv, - unsigned char *out, const unsigned char *in, - size_t inlen, block128_f block) -{ - size_t ret; - unsigned char got_iv[8]; - - ret = crypto_128_unwrap_raw(key, got_iv, out, in, inlen, block); - if (ret == 0) - return 0; - - if (!iv) - iv = default_iv; - if (CRYPTO_memcmp(got_iv, iv, 8)) { - OPENSSL_cleanse(out, ret); - return 0; - } - return ret; -} - -/** Wrapping according to RFC 5649 section 4.1. - * - * @param[in] key Key value. - * @param[in] icv (Non-standard) IV, 4 bytes. NULL = use default_aiv. - * @param[out] out Ciphertext. Minimal buffer length = (inlen + 15) bytes. - * Input and output buffers can overlap if block function - * supports that. - * @param[in] in Plaintext as n 64-bit blocks, n >= 2. - * @param[in] inlen Length of in. - * @param[in] block Block processing function. - * @return 0 if inlen is out of range [1, CRYPTO128_WRAP_MAX]. - * Output length if wrapping succeeded. - */ -size_t CRYPTO_128_wrap_pad(void *key, const unsigned char *icv, - unsigned char *out, - const unsigned char *in, size_t inlen, - block128_f block) -{ - /* n: number of 64-bit blocks in the padded key data - * - * If length of plain text is not a multiple of 8, pad the plain text octet - * string on the right with octets of zeros, where final length is the - * smallest multiple of 8 that is greater than length of plain text. - * If length of plain text is a multiple of 8, then there is no padding. */ - const size_t blocks_padded = (inlen + 7) / 8; /* CEILING(m/8) */ - const size_t padded_len = blocks_padded * 8; - const size_t padding_len = padded_len - inlen; - /* RFC 5649 section 3: Alternative Initial Value */ - unsigned char aiv[8]; - int ret; - - /* Section 1: use 32-bit fixed field for plaintext octet length */ - if (inlen == 0 || inlen >= CRYPTO128_WRAP_MAX) - return 0; - - /* Section 3: Alternative Initial Value */ - if (!icv) - memcpy(aiv, default_aiv, 4); - else - memcpy(aiv, icv, 4); /* Standard doesn't mention this. */ - - aiv[4] = (inlen >> 24) & 0xFF; - aiv[5] = (inlen >> 16) & 0xFF; - aiv[6] = (inlen >> 8) & 0xFF; - aiv[7] = inlen & 0xFF; - - if (padded_len == 8) { - /* - * Section 4.1 - special case in step 2: If the padded plaintext - * contains exactly eight octets, then prepend the AIV and encrypt - * the resulting 128-bit block using AES in ECB mode. - */ - memmove(out + 8, in, inlen); - memcpy(out, aiv, 8); - memset(out + 8 + inlen, 0, padding_len); - block(out, out, key); - ret = 16; /* AIV + padded input */ - } else { - memmove(out, in, inlen); - memset(out + inlen, 0, padding_len); /* Section 4.1 step 1 */ - ret = CRYPTO_128_wrap(key, aiv, out, out, padded_len, block); - } - - return ret; -} - -/** Unwrapping according to RFC 5649 section 4.2. - * - * @param[in] key Key value. - * @param[in] icv (Non-standard) IV, 4 bytes. NULL = use default_aiv. - * @param[out] out Plaintext. Minimal buffer length = (inlen - 8) bytes. - * Input and output buffers can overlap if block function - * supports that. - * @param[in] in Ciphertext as n 64-bit blocks. - * @param[in] inlen Length of in. - * @param[in] block Block processing function. - * @return 0 if inlen is out of range [16, CRYPTO128_WRAP_MAX], - * or if inlen is not a multiple of 8 - * or if IV and message length indicator doesn't match. - * Output length if unwrapping succeeded and IV matches. - */ -size_t CRYPTO_128_unwrap_pad(void *key, const unsigned char *icv, - unsigned char *out, - const unsigned char *in, size_t inlen, - block128_f block) -{ - /* n: number of 64-bit blocks in the padded key data */ - size_t n = inlen / 8 - 1; - size_t padded_len; - size_t padding_len; - size_t ptext_len; - /* RFC 5649 section 3: Alternative Initial Value */ - unsigned char aiv[8]; - static unsigned char zeros[8] = { 0x0 }; - size_t ret; - - /* Section 4.2: Ciphertext length has to be (n+1) 64-bit blocks. */ - if ((inlen & 0x7) != 0 || inlen < 16 || inlen >= CRYPTO128_WRAP_MAX) - return 0; - - if (inlen == 16) { - /* - * Section 4.2 - special case in step 1: When n=1, the ciphertext - * contains exactly two 64-bit blocks and they are decrypted as a - * single AES block using AES in ECB mode: AIV | P[1] = DEC(K, C[0] | - * C[1]) - */ - unsigned char buff[16]; - - block(in, buff, key); - memcpy(aiv, buff, 8); - /* Remove AIV */ - memcpy(out, buff + 8, 8); - padded_len = 8; - OPENSSL_cleanse(buff, inlen); - } else { - padded_len = inlen - 8; - ret = crypto_128_unwrap_raw(key, aiv, out, in, inlen, block); - if (padded_len != ret) { - OPENSSL_cleanse(out, inlen); - return 0; - } - } - - /* - * Section 3: AIV checks: Check that MSB(32,A) = A65959A6. Optionally a - * user-supplied value can be used (even if standard doesn't mention - * this). - */ - if ((!icv && CRYPTO_memcmp(aiv, default_aiv, 4)) - || (icv && CRYPTO_memcmp(aiv, icv, 4))) { - OPENSSL_cleanse(out, inlen); - return 0; - } - - /* - * Check that 8*(n-1) < LSB(32,AIV) <= 8*n. If so, let ptext_len = - * LSB(32,AIV). - */ - - ptext_len = ((unsigned int)aiv[4] << 24) - | ((unsigned int)aiv[5] << 16) - | ((unsigned int)aiv[6] << 8) - | (unsigned int)aiv[7]; - if (8 * (n - 1) >= ptext_len || ptext_len > 8 * n) { - OPENSSL_cleanse(out, inlen); - return 0; - } - - /* - * Check that the rightmost padding_len octets of the output data are - * zero. - */ - padding_len = padded_len - ptext_len; - if (CRYPTO_memcmp(out + ptext_len, zeros, padding_len) != 0) { - OPENSSL_cleanse(out, inlen); - return 0; - } - - /* Section 4.2 step 3: Remove padding */ - return ptext_len; -} diff --git a/crypto/modes/xts128.c b/crypto/modes/xts128.c deleted file mode 100644 index 55b81366bf82d909adfd5e2c47aac78f67065109..0000000000000000000000000000000000000000 --- a/crypto/modes/xts128.c +++ /dev/null @@ -1,161 +0,0 @@ -/* - * Copyright 2011-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include "internal/endian.h" -#include "crypto/modes.h" - -#ifndef STRICT_ALIGNMENT -# ifdef __GNUC__ -typedef u64 u64_a1 __attribute((__aligned__(1))); -# else -typedef u64 u64_a1; -# endif -#endif - -int CRYPTO_xts128_encrypt(const XTS128_CONTEXT *ctx, - const unsigned char iv[16], - const unsigned char *inp, unsigned char *out, - size_t len, int enc) -{ - DECLARE_IS_ENDIAN; - union { - u64 u[2]; - u32 d[4]; - u8 c[16]; - } tweak, scratch; - unsigned int i; - - if (len < 16) - return -1; - - memcpy(tweak.c, iv, 16); - - (*ctx->block2) (tweak.c, tweak.c, ctx->key2); - - if (!enc && (len % 16)) - len -= 16; - - while (len >= 16) { -#if defined(STRICT_ALIGNMENT) - memcpy(scratch.c, inp, 16); - scratch.u[0] ^= tweak.u[0]; - scratch.u[1] ^= tweak.u[1]; -#else - scratch.u[0] = ((u64_a1 *)inp)[0] ^ tweak.u[0]; - scratch.u[1] = ((u64_a1 *)inp)[1] ^ tweak.u[1]; -#endif - (*ctx->block1) (scratch.c, scratch.c, ctx->key1); -#if defined(STRICT_ALIGNMENT) - scratch.u[0] ^= tweak.u[0]; - scratch.u[1] ^= tweak.u[1]; - memcpy(out, scratch.c, 16); -#else - ((u64_a1 *)out)[0] = scratch.u[0] ^= tweak.u[0]; - ((u64_a1 *)out)[1] = scratch.u[1] ^= tweak.u[1]; -#endif - inp += 16; - out += 16; - len -= 16; - - if (len == 0) - return 0; - - if (IS_LITTLE_ENDIAN) { - unsigned int carry, res; - - res = 0x87 & (((int)tweak.d[3]) >> 31); - carry = (unsigned int)(tweak.u[0] >> 63); - tweak.u[0] = (tweak.u[0] << 1) ^ res; - tweak.u[1] = (tweak.u[1] << 1) | carry; - } else { - size_t c; - - for (c = 0, i = 0; i < 16; ++i) { - /* - * + substitutes for |, because c is 1 bit - */ - c += ((size_t)tweak.c[i]) << 1; - tweak.c[i] = (u8)c; - c = c >> 8; - } - tweak.c[0] ^= (u8)(0x87 & (0 - c)); - } - } - if (enc) { - for (i = 0; i < len; ++i) { - u8 c = inp[i]; - out[i] = scratch.c[i]; - scratch.c[i] = c; - } - scratch.u[0] ^= tweak.u[0]; - scratch.u[1] ^= tweak.u[1]; - (*ctx->block1) (scratch.c, scratch.c, ctx->key1); - scratch.u[0] ^= tweak.u[0]; - scratch.u[1] ^= tweak.u[1]; - memcpy(out - 16, scratch.c, 16); - } else { - union { - u64 u[2]; - u8 c[16]; - } tweak1; - - if (IS_LITTLE_ENDIAN) { - unsigned int carry, res; - - res = 0x87 & (((int)tweak.d[3]) >> 31); - carry = (unsigned int)(tweak.u[0] >> 63); - tweak1.u[0] = (tweak.u[0] << 1) ^ res; - tweak1.u[1] = (tweak.u[1] << 1) | carry; - } else { - size_t c; - - for (c = 0, i = 0; i < 16; ++i) { - /* - * + substitutes for |, because c is 1 bit - */ - c += ((size_t)tweak.c[i]) << 1; - tweak1.c[i] = (u8)c; - c = c >> 8; - } - tweak1.c[0] ^= (u8)(0x87 & (0 - c)); - } -#if defined(STRICT_ALIGNMENT) - memcpy(scratch.c, inp, 16); - scratch.u[0] ^= tweak1.u[0]; - scratch.u[1] ^= tweak1.u[1]; -#else - scratch.u[0] = ((u64_a1 *)inp)[0] ^ tweak1.u[0]; - scratch.u[1] = ((u64_a1 *)inp)[1] ^ tweak1.u[1]; -#endif - (*ctx->block1) (scratch.c, scratch.c, ctx->key1); - scratch.u[0] ^= tweak1.u[0]; - scratch.u[1] ^= tweak1.u[1]; - - for (i = 0; i < len; ++i) { - u8 c = inp[16 + i]; - out[16 + i] = scratch.c[i]; - scratch.c[i] = c; - } - scratch.u[0] ^= tweak.u[0]; - scratch.u[1] ^= tweak.u[1]; - (*ctx->block1) (scratch.c, scratch.c, ctx->key1); -#if defined(STRICT_ALIGNMENT) - scratch.u[0] ^= tweak.u[0]; - scratch.u[1] ^= tweak.u[1]; - memcpy(out, scratch.c, 16); -#else - ((u64_a1 *)out)[0] = scratch.u[0] ^ tweak.u[0]; - ((u64_a1 *)out)[1] = scratch.u[1] ^ tweak.u[1]; -#endif - } - - return 0; -} diff --git a/crypto/o_dir.c b/crypto/o_dir.c deleted file mode 100644 index 6857a2e17d4fcc1d6efd32b7bfc58ed684e9e8e3..0000000000000000000000000000000000000000 --- a/crypto/o_dir.c +++ /dev/null @@ -1,37 +0,0 @@ -/* - * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include "e_os.h" -#include - -/* - * The routines really come from the Levitte Programming, so to make life - * simple, let's just use the raw files and hack the symbols to fit our - * namespace. - */ -#define LP_DIR_CTX OPENSSL_DIR_CTX -#define LP_dir_context_st OPENSSL_dir_context_st -#define LP_find_file OPENSSL_DIR_read -#define LP_find_file_end OPENSSL_DIR_end - -#include "internal/o_dir.h" - -#define LPDIR_H -#if defined OPENSSL_SYS_UNIX || defined DJGPP \ - || (defined __VMS_VER && __VMS_VER >= 70000000) -# include "LPdir_unix.c" -#elif defined OPENSSL_SYS_VMS -# include "LPdir_vms.c" -#elif defined OPENSSL_SYS_WIN32 -# include "LPdir_win32.c" -#elif defined OPENSSL_SYS_WINCE -# include "LPdir_wince.c" -#else -# include "LPdir_nyi.c" -#endif diff --git a/crypto/o_fopen.c b/crypto/o_fopen.c deleted file mode 100644 index 8095fffbe0c9fca6684cc1b15524073f68a7e6ad..0000000000000000000000000000000000000000 --- a/crypto/o_fopen.c +++ /dev/null @@ -1,126 +0,0 @@ -/* - * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -# if defined(__linux) || defined(__sun) || defined(__hpux) -/* - * Following definition aliases fopen to fopen64 on above mentioned - * platforms. This makes it possible to open and sequentially access files - * larger than 2GB from 32-bit application. It does not allow to traverse - * them beyond 2GB with fseek/ftell, but on the other hand *no* 32-bit - * platform permits that, not with fseek/ftell. Not to mention that breaking - * 2GB limit for seeking would require surgery to *our* API. But sequential - * access suffices for practical cases when you can run into large files, - * such as fingerprinting, so we can let API alone. For reference, the list - * of 32-bit platforms which allow for sequential access of large files - * without extra "magic" comprise *BSD, Darwin, IRIX... - */ -# ifndef _FILE_OFFSET_BITS -# define _FILE_OFFSET_BITS 64 -# endif -# endif - -#include "e_os.h" -#include "internal/cryptlib.h" - -#if !defined(OPENSSL_NO_STDIO) - -# include -# ifdef __DJGPP__ -# include -# endif - -FILE *openssl_fopen(const char *filename, const char *mode) -{ - FILE *file = NULL; -# if defined(_WIN32) && defined(CP_UTF8) - int sz, len_0 = (int)strlen(filename) + 1; - DWORD flags; - - /* - * Basically there are three cases to cover: a) filename is - * pure ASCII string; b) actual UTF-8 encoded string and - * c) locale-ized string, i.e. one containing 8-bit - * characters that are meaningful in current system locale. - * If filename is pure ASCII or real UTF-8 encoded string, - * MultiByteToWideChar succeeds and _wfopen works. If - * filename is locale-ized string, chances are that - * MultiByteToWideChar fails reporting - * ERROR_NO_UNICODE_TRANSLATION, in which case we fall - * back to fopen... - */ - if ((sz = MultiByteToWideChar(CP_UTF8, (flags = MB_ERR_INVALID_CHARS), - filename, len_0, NULL, 0)) > 0 || - (GetLastError() == ERROR_INVALID_FLAGS && - (sz = MultiByteToWideChar(CP_UTF8, (flags = 0), - filename, len_0, NULL, 0)) > 0) - ) { - WCHAR wmode[8]; - WCHAR *wfilename = _alloca(sz * sizeof(WCHAR)); - - if (MultiByteToWideChar(CP_UTF8, flags, - filename, len_0, wfilename, sz) && - MultiByteToWideChar(CP_UTF8, 0, mode, strlen(mode) + 1, - wmode, OSSL_NELEM(wmode)) && - (file = _wfopen(wfilename, wmode)) == NULL && - (errno == ENOENT || errno == EBADF) - ) { - /* - * UTF-8 decode succeeded, but no file, filename - * could still have been locale-ized... - */ - file = fopen(filename, mode); - } - } else if (GetLastError() == ERROR_NO_UNICODE_TRANSLATION) { - file = fopen(filename, mode); - } -# elif defined(__DJGPP__) - { - char *newname = NULL; - - if (pathconf(filename, _PC_NAME_MAX) <= 12) { /* 8.3 file system? */ - char *iterator; - char lastchar; - - if ((newname = OPENSSL_malloc(strlen(filename) + 1)) == NULL) { - ERR_raise(ERR_LIB_CRYPTO, ERR_R_MALLOC_FAILURE); - return NULL; - } - - for (iterator = newname, lastchar = '\0'; - *filename; filename++, iterator++) { - if (lastchar == '/' && filename[0] == '.' - && filename[1] != '.' && filename[1] != '/') { - /* Leading dots are not permitted in plain DOS. */ - *iterator = '_'; - } else { - *iterator = *filename; - } - lastchar = *filename; - } - *iterator = '\0'; - filename = newname; - } - file = fopen(filename, mode); - - OPENSSL_free(newname); - } -# else - file = fopen(filename, mode); -# endif - return file; -} - -#else - -void *openssl_fopen(const char *filename, const char *mode) -{ - return NULL; -} - -#endif diff --git a/crypto/o_init.c b/crypto/o_init.c deleted file mode 100644 index a0b4256f78f6a07d05becf2d2ae22edeaec264a8..0000000000000000000000000000000000000000 --- a/crypto/o_init.c +++ /dev/null @@ -1,21 +0,0 @@ -/* - * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include "e_os.h" -#include - -/* - * Perform any essential OpenSSL initialization operations. Currently does - * nothing. - */ - -void OPENSSL_init(void) -{ - return; -} diff --git a/crypto/o_str.c b/crypto/o_str.c deleted file mode 100644 index 7fa487dd5fcdec5ebaa0d95d4357c1a3b62bc908..0000000000000000000000000000000000000000 --- a/crypto/o_str.c +++ /dev/null @@ -1,366 +0,0 @@ -/* - * Copyright 2003-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include "e_os.h" -#include -#include -#include -#include "crypto/ctype.h" -#include "internal/cryptlib.h" -#include "internal/thread_once.h" - -#define DEFAULT_SEPARATOR ':' -#define CH_ZERO '\0' - -char *CRYPTO_strdup(const char *str, const char* file, int line) -{ - char *ret; - - if (str == NULL) - return NULL; - ret = CRYPTO_malloc(strlen(str) + 1, file, line); - if (ret != NULL) - strcpy(ret, str); - return ret; -} - -char *CRYPTO_strndup(const char *str, size_t s, const char* file, int line) -{ - size_t maxlen; - char *ret; - - if (str == NULL) - return NULL; - - maxlen = OPENSSL_strnlen(str, s); - - ret = CRYPTO_malloc(maxlen + 1, file, line); - if (ret) { - memcpy(ret, str, maxlen); - ret[maxlen] = CH_ZERO; - } - return ret; -} - -void *CRYPTO_memdup(const void *data, size_t siz, const char* file, int line) -{ - void *ret; - - if (data == NULL || siz >= INT_MAX) - return NULL; - - ret = CRYPTO_malloc(siz, file, line); - if (ret == NULL) { - ERR_raise(ERR_LIB_CRYPTO, ERR_R_MALLOC_FAILURE); - return NULL; - } - return memcpy(ret, data, siz); -} - -size_t OPENSSL_strnlen(const char *str, size_t maxlen) -{ - const char *p; - - for (p = str; maxlen-- != 0 && *p != CH_ZERO; ++p) ; - - return p - str; -} - -size_t OPENSSL_strlcpy(char *dst, const char *src, size_t size) -{ - size_t l = 0; - for (; size > 1 && *src; size--) { - *dst++ = *src++; - l++; - } - if (size) - *dst = CH_ZERO; - return l + strlen(src); -} - -size_t OPENSSL_strlcat(char *dst, const char *src, size_t size) -{ - size_t l = 0; - for (; size > 0 && *dst; size--, dst++) - l++; - return l + OPENSSL_strlcpy(dst, src, size); -} - -int OPENSSL_hexchar2int(unsigned char c) -{ -#ifdef CHARSET_EBCDIC - c = os_toebcdic[c]; -#endif - - switch (c) { - case '0': - return 0; - case '1': - return 1; - case '2': - return 2; - case '3': - return 3; - case '4': - return 4; - case '5': - return 5; - case '6': - return 6; - case '7': - return 7; - case '8': - return 8; - case '9': - return 9; - case 'a': case 'A': - return 0x0A; - case 'b': case 'B': - return 0x0B; - case 'c': case 'C': - return 0x0C; - case 'd': case 'D': - return 0x0D; - case 'e': case 'E': - return 0x0E; - case 'f': case 'F': - return 0x0F; - } - return -1; -} - -static int hexstr2buf_sep(unsigned char *buf, size_t buf_n, size_t *buflen, - const char *str, const char sep) -{ - unsigned char *q; - unsigned char ch, cl; - int chi, cli; - const unsigned char *p; - size_t cnt; - - for (p = (const unsigned char *)str, q = buf, cnt = 0; *p; ) { - ch = *p++; - /* A separator of CH_ZERO means there is no separator */ - if (ch == sep && sep != CH_ZERO) - continue; - cl = *p++; - if (!cl) { - ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_ODD_NUMBER_OF_DIGITS); - return 0; - } - cli = OPENSSL_hexchar2int(cl); - chi = OPENSSL_hexchar2int(ch); - if (cli < 0 || chi < 0) { - ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_ILLEGAL_HEX_DIGIT); - return 0; - } - cnt++; - if (q != NULL) { - if (cnt > buf_n) { - ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_TOO_SMALL_BUFFER); - return 0; - } - *q++ = (unsigned char)((chi << 4) | cli); - } - } - - if (buflen != NULL) - *buflen = cnt; - return 1; -} - -/* - * Given a string of hex digits convert to a buffer - */ -int OPENSSL_hexstr2buf_ex(unsigned char *buf, size_t buf_n, size_t *buflen, - const char *str, const char sep) -{ - return hexstr2buf_sep(buf, buf_n, buflen, str, sep); -} - -unsigned char *ossl_hexstr2buf_sep(const char *str, long *buflen, - const char sep) -{ - unsigned char *buf; - size_t buf_n, tmp_buflen; - - buf_n = strlen(str); - if (buf_n <= 1) { - ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_HEX_STRING_TOO_SHORT); - return NULL; - } - buf_n /= 2; - if ((buf = OPENSSL_malloc(buf_n)) == NULL) { - ERR_raise(ERR_LIB_CRYPTO, ERR_R_MALLOC_FAILURE); - return NULL; - } - - if (buflen != NULL) - *buflen = 0; - tmp_buflen = 0; - if (hexstr2buf_sep(buf, buf_n, &tmp_buflen, str, sep)) { - if (buflen != NULL) - *buflen = (long)tmp_buflen; - return buf; - } - OPENSSL_free(buf); - return NULL; -} - -unsigned char *OPENSSL_hexstr2buf(const char *str, long *buflen) -{ - return ossl_hexstr2buf_sep(str, buflen, DEFAULT_SEPARATOR); -} - -static int buf2hexstr_sep(char *str, size_t str_n, size_t *strlength, - const unsigned char *buf, size_t buflen, - const char sep) -{ - static const char hexdig[] = "0123456789ABCDEF"; - const unsigned char *p; - char *q; - size_t i; - int has_sep = (sep != CH_ZERO); - size_t len = has_sep ? buflen * 3 : 1 + buflen * 2; - - if (strlength != NULL) - *strlength = len; - if (str == NULL) - return 1; - - if (str_n < (unsigned long)len) { - ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_TOO_SMALL_BUFFER); - return 0; - } - - q = str; - for (i = 0, p = buf; i < buflen; i++, p++) { - *q++ = hexdig[(*p >> 4) & 0xf]; - *q++ = hexdig[*p & 0xf]; - if (has_sep) - *q++ = sep; - } - if (has_sep) - --q; - *q = CH_ZERO; - -#ifdef CHARSET_EBCDIC - ebcdic2ascii(str, str, q - str - 1); -#endif - return 1; -} - -int OPENSSL_buf2hexstr_ex(char *str, size_t str_n, size_t *strlength, - const unsigned char *buf, size_t buflen, - const char sep) -{ - return buf2hexstr_sep(str, str_n, strlength, buf, buflen, sep); -} - -char *ossl_buf2hexstr_sep(const unsigned char *buf, long buflen, char sep) -{ - char *tmp; - size_t tmp_n; - - if (buflen == 0) - return OPENSSL_zalloc(1); - - tmp_n = (sep != CH_ZERO) ? buflen * 3 : 1 + buflen * 2; - if ((tmp = OPENSSL_malloc(tmp_n)) == NULL) { - ERR_raise(ERR_LIB_CRYPTO, ERR_R_MALLOC_FAILURE); - return NULL; - } - - if (buf2hexstr_sep(tmp, tmp_n, NULL, buf, buflen, sep)) - return tmp; - OPENSSL_free(tmp); - return NULL; -} - - -/* - * Given a buffer of length 'len' return a OPENSSL_malloc'ed string with its - * hex representation @@@ (Contents of buffer are always kept in ASCII, also - * on EBCDIC machines) - */ -char *OPENSSL_buf2hexstr(const unsigned char *buf, long buflen) -{ - return ossl_buf2hexstr_sep(buf, buflen, ':'); -} - -int openssl_strerror_r(int errnum, char *buf, size_t buflen) -{ -#if defined(_MSC_VER) && _MSC_VER>=1400 && !defined(_WIN32_WCE) - return !strerror_s(buf, buflen, errnum); -#elif defined(_GNU_SOURCE) - char *err; - - /* - * GNU strerror_r may not actually set buf. - * It can return a pointer to some (immutable) static string in which case - * buf is left unused. - */ - err = strerror_r(errnum, buf, buflen); - if (err == NULL || buflen == 0) - return 0; - /* - * If err is statically allocated, err != buf and we need to copy the data. - * If err points somewhere inside buf, OPENSSL_strlcpy can handle this, - * since src and dest are not annotated with __restrict and the function - * reads src byte for byte and writes to dest. - * If err == buf we do not have to copy anything. - */ - if (err != buf) - OPENSSL_strlcpy(buf, err, buflen); - return 1; -#elif (defined(_POSIX_C_SOURCE) && _POSIX_C_SOURCE >= 200112L) || \ - (defined(_XOPEN_SOURCE) && _XOPEN_SOURCE >= 600) - /* - * We can use "real" strerror_r. The OpenSSL version differs in that it - * gives 1 on success and 0 on failure for consistency with other OpenSSL - * functions. Real strerror_r does it the other way around - */ - return !strerror_r(errnum, buf, buflen); -#else - char *err; - - /* Fall back to non-thread safe strerror()...its all we can do */ - if (buflen < 2) - return 0; - err = strerror(errnum); - /* Can this ever happen? */ - if (err == NULL) - return 0; - OPENSSL_strlcpy(buf, err, buflen); - return 1; -#endif -} - -int OPENSSL_strcasecmp(const char *s1, const char *s2) -{ - int t; - - while ((t = ossl_tolower(*s1) - ossl_tolower(*s2++)) == 0) - if (*s1++ == '\0') - return 0; - return t; -} - -int OPENSSL_strncasecmp(const char *s1, const char *s2, size_t n) -{ - int t; - size_t i; - - for (i = 0; i < n; i++) - if ((t = ossl_tolower(*s1) - ossl_tolower(*s2++)) != 0) - return t; - else if (*s1++ == '\0') - return 0; - return 0; -} diff --git a/crypto/o_time.c b/crypto/o_time.c deleted file mode 100644 index 23ffe162453ea89263bd9a7c611cf463b75b91eb..0000000000000000000000000000000000000000 --- a/crypto/o_time.c +++ /dev/null @@ -1,200 +0,0 @@ -/* - * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include - -struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result) -{ - struct tm *ts = NULL; - -#if defined(OPENSSL_THREADS) && defined(OPENSSL_SYS_VMS) - { - /* - * On VMS, gmtime_r() takes a 32-bit pointer as second argument. - * Since we can't know that |result| is in a space that can easily - * translate to a 32-bit pointer, we must store temporarily on stack - * and copy the result. The stack is always reachable with 32-bit - * pointers. - */ -#if defined(OPENSSL_SYS_VMS) && __INITIAL_POINTER_SIZE -# pragma pointer_size save -# pragma pointer_size 32 -#endif - struct tm data, *ts2 = &data; -#if defined OPENSSL_SYS_VMS && __INITIAL_POINTER_SIZE -# pragma pointer_size restore -#endif - if (gmtime_r(timer, ts2) == NULL) - return NULL; - memcpy(result, ts2, sizeof(struct tm)); - ts = result; - } -#elif defined(OPENSSL_THREADS) && !defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_SYS_MACOSX) - if (gmtime_r(timer, result) == NULL) - return NULL; - ts = result; -#elif defined (OPENSSL_SYS_WINDOWS) && defined(_MSC_VER) && _MSC_VER >= 1400 && !defined(_WIN32_WCE) - if (gmtime_s(result, timer)) - return NULL; - ts = result; -#else - ts = gmtime(timer); - if (ts == NULL) - return NULL; - - memcpy(result, ts, sizeof(struct tm)); - ts = result; -#endif - return ts; -} - -/* - * Take a tm structure and add an offset to it. This avoids any OS issues - * with restricted date types and overflows which cause the year 2038 - * problem. - */ - -#define SECS_PER_DAY (24 * 60 * 60) - -static long date_to_julian(int y, int m, int d); -static void julian_to_date(long jd, int *y, int *m, int *d); -static int julian_adj(const struct tm *tm, int off_day, long offset_sec, - long *pday, int *psec); - -int OPENSSL_gmtime_adj(struct tm *tm, int off_day, long offset_sec) -{ - int time_sec, time_year, time_month, time_day; - long time_jd; - - /* Convert time and offset into Julian day and seconds */ - if (!julian_adj(tm, off_day, offset_sec, &time_jd, &time_sec)) - return 0; - - /* Convert Julian day back to date */ - - julian_to_date(time_jd, &time_year, &time_month, &time_day); - - if (time_year < 1900 || time_year > 9999) - return 0; - - /* Update tm structure */ - - tm->tm_year = time_year - 1900; - tm->tm_mon = time_month - 1; - tm->tm_mday = time_day; - - tm->tm_hour = time_sec / 3600; - tm->tm_min = (time_sec / 60) % 60; - tm->tm_sec = time_sec % 60; - - return 1; - -} - -int OPENSSL_gmtime_diff(int *pday, int *psec, - const struct tm *from, const struct tm *to) -{ - int from_sec, to_sec, diff_sec; - long from_jd, to_jd, diff_day; - if (!julian_adj(from, 0, 0, &from_jd, &from_sec)) - return 0; - if (!julian_adj(to, 0, 0, &to_jd, &to_sec)) - return 0; - diff_day = to_jd - from_jd; - diff_sec = to_sec - from_sec; - /* Adjust differences so both positive or both negative */ - if (diff_day > 0 && diff_sec < 0) { - diff_day--; - diff_sec += SECS_PER_DAY; - } - if (diff_day < 0 && diff_sec > 0) { - diff_day++; - diff_sec -= SECS_PER_DAY; - } - - if (pday) - *pday = (int)diff_day; - if (psec) - *psec = diff_sec; - - return 1; - -} - -/* Convert tm structure and offset into julian day and seconds */ -static int julian_adj(const struct tm *tm, int off_day, long offset_sec, - long *pday, int *psec) -{ - int offset_hms; - long offset_day, time_jd; - int time_year, time_month, time_day; - /* split offset into days and day seconds */ - offset_day = offset_sec / SECS_PER_DAY; - /* Avoid sign issues with % operator */ - offset_hms = offset_sec - (offset_day * SECS_PER_DAY); - offset_day += off_day; - /* Add current time seconds to offset */ - offset_hms += tm->tm_hour * 3600 + tm->tm_min * 60 + tm->tm_sec; - /* Adjust day seconds if overflow */ - if (offset_hms >= SECS_PER_DAY) { - offset_day++; - offset_hms -= SECS_PER_DAY; - } else if (offset_hms < 0) { - offset_day--; - offset_hms += SECS_PER_DAY; - } - - /* - * Convert date of time structure into a Julian day number. - */ - - time_year = tm->tm_year + 1900; - time_month = tm->tm_mon + 1; - time_day = tm->tm_mday; - - time_jd = date_to_julian(time_year, time_month, time_day); - - /* Work out Julian day of new date */ - time_jd += offset_day; - - if (time_jd < 0) - return 0; - - *pday = time_jd; - *psec = offset_hms; - return 1; -} - -/* - * Convert date to and from julian day Uses Fliegel & Van Flandern algorithm - */ -static long date_to_julian(int y, int m, int d) -{ - return (1461 * (y + 4800 + (m - 14) / 12)) / 4 + - (367 * (m - 2 - 12 * ((m - 14) / 12))) / 12 - - (3 * ((y + 4900 + (m - 14) / 12) / 100)) / 4 + d - 32075; -} - -static void julian_to_date(long jd, int *y, int *m, int *d) -{ - long L = jd + 68569; - long n = (4 * L) / 146097; - long i, j; - - L = L - (146097 * n + 3) / 4; - i = (4000 * (L + 1)) / 1461001; - L = L - (1461 * i) / 4 + 31; - j = (80 * L) / 2447; - *d = L - (2447 * j) / 80; - L = j / 11; - *m = j + 2 - (12 * L); - *y = 100 * (n - 49) + i + L; -} diff --git a/crypto/objects/README.md b/crypto/objects/README.md deleted file mode 100644 index 49c749887d2f017af7b14e1bea6f53ba5e3a6955..0000000000000000000000000000000000000000 --- a/crypto/objects/README.md +++ /dev/null @@ -1,43 +0,0 @@ -objects.txt syntax -================== - -To cover all the naming hacks that were previously in `objects.h` needed some -kind of hacks in `objects.txt`. - -The basic syntax for adding an object is as follows: - - 1 2 3 4 : shortName : Long Name - - If Long Name contains only word characters and hyphen-minus - (0x2D) or full stop (0x2E) then Long Name is used as basis - for the base name in C. Otherwise, the shortName is used. - - The base name (let's call it 'base') will then be used to - create the C macros SN_base, LN_base, NID_base and OBJ_base. - - Note that if the base name contains spaces, dashes or periods, - those will be converted to underscore. - -Then there are some extra commands: - - !Alias foo 1 2 3 4 - - This just makes a name foo for an OID. The C macro - OBJ_foo will be created as a result. - - !Cname foo - - This makes sure that the name foo will be used as base name - in C. - - !module foo - 1 2 3 4 : shortName : Long Name - !global - - The !module command was meant to define a kind of modularity. - What it does is to make sure the module name is prepended - to the base name. !global turns this off. This construction - is not recursive. - -Lines starting with `#` are treated as comments, as well as any line starting -with ! and not matching the commands above. diff --git a/crypto/objects/o_names.c b/crypto/objects/o_names.c deleted file mode 100644 index 791f2b011e353652a26ed5c5fc8b515eb2dec4e1..0000000000000000000000000000000000000000 --- a/crypto/objects/o_names.c +++ /dev/null @@ -1,389 +0,0 @@ -/* - * Copyright 1998-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include - -#include -#include -#include -#include -#include -#include "internal/thread_once.h" -#include "crypto/lhash.h" -#include "obj_local.h" -#include "e_os.h" - -/* - * I use the ex_data stuff to manage the identifiers for the obj_name_types - * that applications may define. I only really use the free function field. - */ -static LHASH_OF(OBJ_NAME) *names_lh = NULL; -static int names_type_num = OBJ_NAME_TYPE_NUM; -static CRYPTO_RWLOCK *obj_lock = NULL; - -struct name_funcs_st { - unsigned long (*hash_func) (const char *name); - int (*cmp_func) (const char *a, const char *b); - void (*free_func) (const char *, int, const char *); -}; - -static STACK_OF(NAME_FUNCS) *name_funcs_stack; - -/* - * The LHASH callbacks now use the raw "void *" prototypes and do - * per-variable casting in the functions. This prevents function pointer - * casting without the need for macro-generated wrapper functions. - */ - -static unsigned long obj_name_hash(const OBJ_NAME *a); -static int obj_name_cmp(const OBJ_NAME *a, const OBJ_NAME *b); - -static CRYPTO_ONCE init = CRYPTO_ONCE_STATIC_INIT; -DEFINE_RUN_ONCE_STATIC(o_names_init) -{ - names_lh = NULL; - obj_lock = CRYPTO_THREAD_lock_new(); - if (obj_lock != NULL) - names_lh = lh_OBJ_NAME_new(obj_name_hash, obj_name_cmp); - if (names_lh == NULL) { - CRYPTO_THREAD_lock_free(obj_lock); - obj_lock = NULL; - } - return names_lh != NULL && obj_lock != NULL; -} - -int OBJ_NAME_init(void) -{ - return RUN_ONCE(&init, o_names_init); -} - -int OBJ_NAME_new_index(unsigned long (*hash_func) (const char *), - int (*cmp_func) (const char *, const char *), - void (*free_func) (const char *, int, const char *)) -{ - int ret = 0, i, push; - NAME_FUNCS *name_funcs; - - if (!OBJ_NAME_init()) - return 0; - - if (!CRYPTO_THREAD_write_lock(obj_lock)) - return 0; - - if (name_funcs_stack == NULL) - name_funcs_stack = sk_NAME_FUNCS_new_null(); - if (name_funcs_stack == NULL) { - /* ERROR */ - goto out; - } - ret = names_type_num; - names_type_num++; - for (i = sk_NAME_FUNCS_num(name_funcs_stack); i < names_type_num; i++) { - name_funcs = OPENSSL_zalloc(sizeof(*name_funcs)); - if (name_funcs == NULL) { - ERR_raise(ERR_LIB_OBJ, ERR_R_MALLOC_FAILURE); - ret = 0; - goto out; - } - name_funcs->hash_func = ossl_lh_strcasehash; - name_funcs->cmp_func = OPENSSL_strcasecmp; - push = sk_NAME_FUNCS_push(name_funcs_stack, name_funcs); - - if (!push) { - ERR_raise(ERR_LIB_OBJ, ERR_R_MALLOC_FAILURE); - OPENSSL_free(name_funcs); - ret = 0; - goto out; - } - } - name_funcs = sk_NAME_FUNCS_value(name_funcs_stack, ret); - if (hash_func != NULL) - name_funcs->hash_func = hash_func; - if (cmp_func != NULL) - name_funcs->cmp_func = cmp_func; - if (free_func != NULL) - name_funcs->free_func = free_func; - -out: - CRYPTO_THREAD_unlock(obj_lock); - return ret; -} - -static int obj_name_cmp(const OBJ_NAME *a, const OBJ_NAME *b) -{ - int ret; - - ret = a->type - b->type; - if (ret == 0) { - if ((name_funcs_stack != NULL) - && (sk_NAME_FUNCS_num(name_funcs_stack) > a->type)) { - ret = sk_NAME_FUNCS_value(name_funcs_stack, - a->type)->cmp_func(a->name, b->name); - } else - ret = OPENSSL_strcasecmp(a->name, b->name); - } - return ret; -} - -static unsigned long obj_name_hash(const OBJ_NAME *a) -{ - unsigned long ret; - - if ((name_funcs_stack != NULL) - && (sk_NAME_FUNCS_num(name_funcs_stack) > a->type)) { - ret = - sk_NAME_FUNCS_value(name_funcs_stack, - a->type)->hash_func(a->name); - } else { - ret = ossl_lh_strcasehash(a->name); - } - ret ^= a->type; - return ret; -} - -const char *OBJ_NAME_get(const char *name, int type) -{ - OBJ_NAME on, *ret; - int num = 0, alias; - const char *value = NULL; - - if (name == NULL) - return NULL; - if (!OBJ_NAME_init()) - return NULL; - if (!CRYPTO_THREAD_read_lock(obj_lock)) - return NULL; - - alias = type & OBJ_NAME_ALIAS; - type &= ~OBJ_NAME_ALIAS; - - on.name = name; - on.type = type; - - for (;;) { - ret = lh_OBJ_NAME_retrieve(names_lh, &on); - if (ret == NULL) - break; - if ((ret->alias) && !alias) { - if (++num > 10) - break; - on.name = ret->data; - } else { - value = ret->data; - break; - } - } - - CRYPTO_THREAD_unlock(obj_lock); - return value; -} - -int OBJ_NAME_add(const char *name, int type, const char *data) -{ - OBJ_NAME *onp, *ret; - int alias, ok = 0; - - if (!OBJ_NAME_init()) - return 0; - - alias = type & OBJ_NAME_ALIAS; - type &= ~OBJ_NAME_ALIAS; - - onp = OPENSSL_malloc(sizeof(*onp)); - if (onp == NULL) - return 0; - - onp->name = name; - onp->alias = alias; - onp->type = type; - onp->data = data; - - if (!CRYPTO_THREAD_write_lock(obj_lock)) { - OPENSSL_free(onp); - return 0; - } - - ret = lh_OBJ_NAME_insert(names_lh, onp); - if (ret != NULL) { - /* free things */ - if ((name_funcs_stack != NULL) - && (sk_NAME_FUNCS_num(name_funcs_stack) > ret->type)) { - /* - * XXX: I'm not sure I understand why the free function should - * get three arguments... -- Richard Levitte - */ - sk_NAME_FUNCS_value(name_funcs_stack, - ret->type)->free_func(ret->name, ret->type, - ret->data); - } - OPENSSL_free(ret); - } else { - if (lh_OBJ_NAME_error(names_lh)) { - /* ERROR */ - OPENSSL_free(onp); - goto unlock; - } - } - - ok = 1; - -unlock: - CRYPTO_THREAD_unlock(obj_lock); - return ok; -} - -int OBJ_NAME_remove(const char *name, int type) -{ - OBJ_NAME on, *ret; - int ok = 0; - - if (!OBJ_NAME_init()) - return 0; - - if (!CRYPTO_THREAD_write_lock(obj_lock)) - return 0; - - type &= ~OBJ_NAME_ALIAS; - on.name = name; - on.type = type; - ret = lh_OBJ_NAME_delete(names_lh, &on); - if (ret != NULL) { - /* free things */ - if ((name_funcs_stack != NULL) - && (sk_NAME_FUNCS_num(name_funcs_stack) > ret->type)) { - /* - * XXX: I'm not sure I understand why the free function should - * get three arguments... -- Richard Levitte - */ - sk_NAME_FUNCS_value(name_funcs_stack, - ret->type)->free_func(ret->name, ret->type, - ret->data); - } - OPENSSL_free(ret); - ok = 1; - } - - CRYPTO_THREAD_unlock(obj_lock); - return ok; -} - -typedef struct { - int type; - void (*fn) (const OBJ_NAME *, void *arg); - void *arg; -} OBJ_DOALL; - -static void do_all_fn(const OBJ_NAME *name, OBJ_DOALL *d) -{ - if (name->type == d->type) - d->fn(name, d->arg); -} - -IMPLEMENT_LHASH_DOALL_ARG_CONST(OBJ_NAME, OBJ_DOALL); - -void OBJ_NAME_do_all(int type, void (*fn) (const OBJ_NAME *, void *arg), - void *arg) -{ - OBJ_DOALL d; - - d.type = type; - d.fn = fn; - d.arg = arg; - - lh_OBJ_NAME_doall_OBJ_DOALL(names_lh, do_all_fn, &d); -} - -struct doall_sorted { - int type; - int n; - const OBJ_NAME **names; -}; - -static void do_all_sorted_fn(const OBJ_NAME *name, void *d_) -{ - struct doall_sorted *d = d_; - - if (name->type != d->type) - return; - - d->names[d->n++] = name; -} - -static int do_all_sorted_cmp(const void *n1_, const void *n2_) -{ - const OBJ_NAME *const *n1 = n1_; - const OBJ_NAME *const *n2 = n2_; - - return strcmp((*n1)->name, (*n2)->name); -} - -void OBJ_NAME_do_all_sorted(int type, - void (*fn) (const OBJ_NAME *, void *arg), - void *arg) -{ - struct doall_sorted d; - int n; - - d.type = type; - d.names = - OPENSSL_malloc(sizeof(*d.names) * lh_OBJ_NAME_num_items(names_lh)); - /* Really should return an error if !d.names...but its a void function! */ - if (d.names != NULL) { - d.n = 0; - OBJ_NAME_do_all(type, do_all_sorted_fn, &d); - - qsort((void *)d.names, d.n, sizeof(*d.names), do_all_sorted_cmp); - - for (n = 0; n < d.n; ++n) - fn(d.names[n], arg); - - OPENSSL_free((void *)d.names); - } -} - -static int free_type; - -static void names_lh_free_doall(OBJ_NAME *onp) -{ - if (onp == NULL) - return; - - if (free_type < 0 || free_type == onp->type) - OBJ_NAME_remove(onp->name, onp->type); -} - -static void name_funcs_free(NAME_FUNCS *ptr) -{ - OPENSSL_free(ptr); -} - -void OBJ_NAME_cleanup(int type) -{ - unsigned long down_load; - - if (names_lh == NULL) - return; - - free_type = type; - down_load = lh_OBJ_NAME_get_down_load(names_lh); - lh_OBJ_NAME_set_down_load(names_lh, 0); - - lh_OBJ_NAME_doall(names_lh, names_lh_free_doall); - if (type < 0) { - lh_OBJ_NAME_free(names_lh); - sk_NAME_FUNCS_pop_free(name_funcs_stack, name_funcs_free); - CRYPTO_THREAD_lock_free(obj_lock); - names_lh = NULL; - name_funcs_stack = NULL; - obj_lock = NULL; - } else - lh_OBJ_NAME_set_down_load(names_lh, down_load); -} diff --git a/crypto/objects/obj_compat.h b/crypto/objects/obj_compat.h deleted file mode 100644 index 7d890d1c0b85cddc57fef8b0578e8b66ca7daf79..0000000000000000000000000000000000000000 --- a/crypto/objects/obj_compat.h +++ /dev/null @@ -1,54 +0,0 @@ -/* - * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#ifndef OPENSSL_NO_DEPRECATED_3_0 - -#define SN_id_tc26_cipher_gostr3412_2015_magma_ctracpkm SN_magma_ctr_acpkm -#define NID_id_tc26_cipher_gostr3412_2015_magma_ctracpkm NID_magma_ctr_acpkm -#define OBJ_id_tc26_cipher_gostr3412_2015_magma_ctracpkm OBJ_magma_ctr_acpkm - -#define SN_id_tc26_cipher_gostr3412_2015_magma_ctracpkm_omac SN_magma_ctr_acpkm_omac -#define NID_id_tc26_cipher_gostr3412_2015_magma_ctracpkm_omac NID_magma_ctr_acpkm_omac -#define OBJ_id_tc26_cipher_gostr3412_2015_magma_ctracpkm_omac OBJ_magma_ctr_acpkm_omac - -#define SN_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm SN_kuznyechik_ctr_acpkm -#define NID_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm NID_kuznyechik_ctr_acpkm -#define OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm OBJ_kuznyechik_ctr_acpkm - -#define SN_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac SN_kuznyechik_ctr_acpkm_omac -#define NID_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac NID_kuznyechik_ctr_acpkm_omac -#define OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac OBJ_kuznyechik_ctr_acpkm_omac - -#define SN_id_tc26_wrap_gostr3412_2015_magma_kexp15 SN_magma_kexp15 -#define NID_id_tc26_wrap_gostr3412_2015_magma_kexp15 NID_magma_kexp15 -#define OBJ_id_tc26_wrap_gostr3412_2015_magma_kexp15 OBJ_magma_kexp15 - -#define SN_id_tc26_wrap_gostr3412_2015_kuznyechik_kexp15 SN_kuznyechik_kexp15 -#define NID_id_tc26_wrap_gostr3412_2015_kuznyechik_kexp15 NID_kuznyechik_kexp15 -#define OBJ_id_tc26_wrap_gostr3412_2015_kuznyechik_kexp15 OBJ_kuznyechik_kexp15 - -#define SN_grasshopper_ecb SN_kuznyechik_ecb -#define NID_grasshopper_ecb NID_kuznyechik_ecb - -#define SN_grasshopper_ctr SN_kuznyechik_ctr -#define NID_grasshopper_ctr NID_kuznyechik_ctr - -#define SN_grasshopper_ofb SN_kuznyechik_ofb -#define NID_grasshopper_ofb NID_kuznyechik_ofb - -#define SN_grasshopper_cbc SN_kuznyechik_cbc -#define NID_grasshopper_cbc NID_kuznyechik_cbc - -#define SN_grasshopper_cfb SN_kuznyechik_cfb -#define NID_grasshopper_cfb NID_kuznyechik_cfb - -#define SN_grasshopper_mac SN_kuznyechik_mac -#define NID_grasshopper_mac NID_kuznyechik_mac - -#endif /* OPENSSL_NO_DEPRECATED_3_0 */ diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h deleted file mode 100644 index 59d156117a00310d4bc1028c0cafcc042e9b8c77..0000000000000000000000000000000000000000 --- a/crypto/objects/obj_dat.h +++ /dev/null @@ -1,5970 +0,0 @@ -/* - * WARNING: do not edit! - * Generated by crypto/objects/obj_dat.pl - * - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* Serialized OID's */ -static const unsigned char so[8076] = { - 0x2A,0x86,0x48,0x86,0xF7,0x0D, /* [ 0] OBJ_rsadsi */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, /* [ 6] OBJ_pkcs */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x02, /* [ 13] OBJ_md2 */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x05, /* [ 21] OBJ_md5 */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x04, /* [ 29] OBJ_rc4 */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x01, /* [ 37] OBJ_rsaEncryption */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x02, /* [ 46] OBJ_md2WithRSAEncryption */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x04, /* [ 55] OBJ_md5WithRSAEncryption */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x01, /* [ 64] OBJ_pbeWithMD2AndDES_CBC */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x03, /* [ 73] OBJ_pbeWithMD5AndDES_CBC */ - 0x55, /* [ 82] OBJ_X500 */ - 0x55,0x04, /* [ 83] OBJ_X509 */ - 0x55,0x04,0x03, /* [ 85] OBJ_commonName */ - 0x55,0x04,0x06, /* [ 88] OBJ_countryName */ - 0x55,0x04,0x07, /* [ 91] OBJ_localityName */ - 0x55,0x04,0x08, /* [ 94] OBJ_stateOrProvinceName */ - 0x55,0x04,0x0A, /* [ 97] OBJ_organizationName */ - 0x55,0x04,0x0B, /* [ 100] OBJ_organizationalUnitName */ - 0x55,0x08,0x01,0x01, /* [ 103] OBJ_rsa */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07, /* [ 107] OBJ_pkcs7 */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x01, /* [ 115] OBJ_pkcs7_data */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x02, /* [ 124] OBJ_pkcs7_signed */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x03, /* [ 133] OBJ_pkcs7_enveloped */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x04, /* [ 142] OBJ_pkcs7_signedAndEnveloped */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x05, /* [ 151] OBJ_pkcs7_digest */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x06, /* [ 160] OBJ_pkcs7_encrypted */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x03, /* [ 169] OBJ_pkcs3 */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x03,0x01, /* [ 177] OBJ_dhKeyAgreement */ - 0x2B,0x0E,0x03,0x02,0x06, /* [ 186] OBJ_des_ecb */ - 0x2B,0x0E,0x03,0x02,0x09, /* [ 191] OBJ_des_cfb64 */ - 0x2B,0x0E,0x03,0x02,0x07, /* [ 196] OBJ_des_cbc */ - 0x2B,0x0E,0x03,0x02,0x11, /* [ 201] OBJ_des_ede_ecb */ - 0x2B,0x06,0x01,0x04,0x01,0x81,0x3C,0x07,0x01,0x01,0x02, /* [ 206] OBJ_idea_cbc */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x02, /* [ 217] OBJ_rc2_cbc */ - 0x2B,0x0E,0x03,0x02,0x12, /* [ 225] OBJ_sha */ - 0x2B,0x0E,0x03,0x02,0x0F, /* [ 230] OBJ_shaWithRSAEncryption */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x07, /* [ 235] OBJ_des_ede3_cbc */ - 0x2B,0x0E,0x03,0x02,0x08, /* [ 243] OBJ_des_ofb64 */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09, /* [ 248] OBJ_pkcs9 */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x01, /* [ 256] OBJ_pkcs9_emailAddress */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x02, /* [ 265] OBJ_pkcs9_unstructuredName */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x03, /* [ 274] OBJ_pkcs9_contentType */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x04, /* [ 283] OBJ_pkcs9_messageDigest */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x05, /* [ 292] OBJ_pkcs9_signingTime */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x06, /* [ 301] OBJ_pkcs9_countersignature */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x07, /* [ 310] OBJ_pkcs9_challengePassword */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x08, /* [ 319] OBJ_pkcs9_unstructuredAddress */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x09, /* [ 328] OBJ_pkcs9_extCertAttributes */ - 0x60,0x86,0x48,0x01,0x86,0xF8,0x42, /* [ 337] OBJ_netscape */ - 0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01, /* [ 344] OBJ_netscape_cert_extension */ - 0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x02, /* [ 352] OBJ_netscape_data_type */ - 0x2B,0x0E,0x03,0x02,0x1A, /* [ 360] OBJ_sha1 */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x05, /* [ 365] OBJ_sha1WithRSAEncryption */ - 0x2B,0x0E,0x03,0x02,0x0D, /* [ 374] OBJ_dsaWithSHA */ - 0x2B,0x0E,0x03,0x02,0x0C, /* [ 379] OBJ_dsa_2 */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0B, /* [ 384] OBJ_pbeWithSHA1AndRC2_CBC */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0C, /* [ 393] OBJ_id_pbkdf2 */ - 0x2B,0x0E,0x03,0x02,0x1B, /* [ 402] OBJ_dsaWithSHA1_2 */ - 0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x01, /* [ 407] OBJ_netscape_cert_type */ - 0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x02, /* [ 416] OBJ_netscape_base_url */ - 0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x03, /* [ 425] OBJ_netscape_revocation_url */ - 0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x04, /* [ 434] OBJ_netscape_ca_revocation_url */ - 0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x07, /* [ 443] OBJ_netscape_renewal_url */ - 0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x08, /* [ 452] OBJ_netscape_ca_policy_url */ - 0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x0C, /* [ 461] OBJ_netscape_ssl_server_name */ - 0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x0D, /* [ 470] OBJ_netscape_comment */ - 0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x02,0x05, /* [ 479] OBJ_netscape_cert_sequence */ - 0x55,0x1D, /* [ 488] OBJ_id_ce */ - 0x55,0x1D,0x0E, /* [ 490] OBJ_subject_key_identifier */ - 0x55,0x1D,0x0F, /* [ 493] OBJ_key_usage */ - 0x55,0x1D,0x10, /* [ 496] OBJ_private_key_usage_period */ - 0x55,0x1D,0x11, /* [ 499] OBJ_subject_alt_name */ - 0x55,0x1D,0x12, /* [ 502] OBJ_issuer_alt_name */ - 0x55,0x1D,0x13, /* [ 505] OBJ_basic_constraints */ - 0x55,0x1D,0x14, /* [ 508] OBJ_crl_number */ - 0x55,0x1D,0x20, /* [ 511] OBJ_certificate_policies */ - 0x55,0x1D,0x23, /* [ 514] OBJ_authority_key_identifier */ - 0x2B,0x06,0x01,0x04,0x01,0x97,0x55,0x01,0x02, /* [ 517] OBJ_bf_cbc */ - 0x55,0x08,0x03,0x65, /* [ 526] OBJ_mdc2 */ - 0x55,0x08,0x03,0x64, /* [ 530] OBJ_mdc2WithRSA */ - 0x55,0x04,0x2A, /* [ 534] OBJ_givenName */ - 0x55,0x04,0x04, /* [ 537] OBJ_surname */ - 0x55,0x04,0x2B, /* [ 540] OBJ_initials */ - 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2C, /* [ 543] OBJ_uniqueIdentifier */ - 0x55,0x1D,0x1F, /* [ 553] OBJ_crl_distribution_points */ - 0x2B,0x0E,0x03,0x02,0x03, /* [ 556] OBJ_md5WithRSA */ - 0x55,0x04,0x05, /* [ 561] OBJ_serialNumber */ - 0x55,0x04,0x0C, /* [ 564] OBJ_title */ - 0x55,0x04,0x0D, /* [ 567] OBJ_description */ - 0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x42,0x0A, /* [ 570] OBJ_cast5_cbc */ - 0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x42,0x0C, /* [ 579] OBJ_pbeWithMD5AndCast5_CBC */ - 0x2A,0x86,0x48,0xCE,0x38,0x04,0x03, /* [ 588] OBJ_dsaWithSHA1 */ - 0x2B,0x0E,0x03,0x02,0x1D, /* [ 595] OBJ_sha1WithRSA */ - 0x2A,0x86,0x48,0xCE,0x38,0x04,0x01, /* [ 600] OBJ_dsa */ - 0x2B,0x24,0x03,0x02,0x01, /* [ 607] OBJ_ripemd160 */ - 0x2B,0x24,0x03,0x03,0x01,0x02, /* [ 612] OBJ_ripemd160WithRSA */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x08, /* [ 618] OBJ_rc5_cbc */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x08, /* [ 626] OBJ_zlib_compression */ - 0x55,0x1D,0x25, /* [ 637] OBJ_ext_key_usage */ - 0x2B,0x06,0x01,0x05,0x05,0x07, /* [ 640] OBJ_id_pkix */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x03, /* [ 646] OBJ_id_kp */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x01, /* [ 653] OBJ_server_auth */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x02, /* [ 661] OBJ_client_auth */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x03, /* [ 669] OBJ_code_sign */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x04, /* [ 677] OBJ_email_protect */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x08, /* [ 685] OBJ_time_stamp */ - 0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x15, /* [ 693] OBJ_ms_code_ind */ - 0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x16, /* [ 703] OBJ_ms_code_com */ - 0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x01, /* [ 713] OBJ_ms_ctl_sign */ - 0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x03, /* [ 723] OBJ_ms_sgc */ - 0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x04, /* [ 733] OBJ_ms_efs */ - 0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x04,0x01, /* [ 743] OBJ_ns_sgc */ - 0x55,0x1D,0x1B, /* [ 752] OBJ_delta_crl */ - 0x55,0x1D,0x15, /* [ 755] OBJ_crl_reason */ - 0x55,0x1D,0x18, /* [ 758] OBJ_invalidity_date */ - 0x2B,0x65,0x01,0x04,0x01, /* [ 761] OBJ_sxnet */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x01, /* [ 766] OBJ_pbe_WithSHA1And128BitRC4 */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x02, /* [ 776] OBJ_pbe_WithSHA1And40BitRC4 */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x03, /* [ 786] OBJ_pbe_WithSHA1And3_Key_TripleDES_CBC */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x04, /* [ 796] OBJ_pbe_WithSHA1And2_Key_TripleDES_CBC */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x05, /* [ 806] OBJ_pbe_WithSHA1And128BitRC2_CBC */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x06, /* [ 816] OBJ_pbe_WithSHA1And40BitRC2_CBC */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x01, /* [ 826] OBJ_keyBag */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x02, /* [ 837] OBJ_pkcs8ShroudedKeyBag */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x03, /* [ 848] OBJ_certBag */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x04, /* [ 859] OBJ_crlBag */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x05, /* [ 870] OBJ_secretBag */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x06, /* [ 881] OBJ_safeContentsBag */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x14, /* [ 892] OBJ_friendlyName */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x15, /* [ 901] OBJ_localKeyID */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x16,0x01, /* [ 910] OBJ_x509Certificate */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x16,0x02, /* [ 920] OBJ_sdsiCertificate */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x17,0x01, /* [ 930] OBJ_x509Crl */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0D, /* [ 940] OBJ_pbes2 */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0E, /* [ 949] OBJ_pbmac1 */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x07, /* [ 958] OBJ_hmacWithSHA1 */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x01, /* [ 966] OBJ_id_qt_cps */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x02, /* [ 974] OBJ_id_qt_unotice */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x0F, /* [ 982] OBJ_SMIMECapabilities */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x04, /* [ 991] OBJ_pbeWithMD2AndRC2_CBC */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x06, /* [ 1000] OBJ_pbeWithMD5AndRC2_CBC */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0A, /* [ 1009] OBJ_pbeWithSHA1AndDES_CBC */ - 0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x0E, /* [ 1018] OBJ_ms_ext_req */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x0E, /* [ 1028] OBJ_ext_req */ - 0x55,0x04,0x29, /* [ 1037] OBJ_name */ - 0x55,0x04,0x2E, /* [ 1040] OBJ_dnQualifier */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x01, /* [ 1043] OBJ_id_pe */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x30, /* [ 1050] OBJ_id_ad */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x01, /* [ 1057] OBJ_info_access */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01, /* [ 1065] OBJ_ad_OCSP */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x02, /* [ 1073] OBJ_ad_ca_issuers */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x09, /* [ 1081] OBJ_OCSP_sign */ - 0x2A, /* [ 1089] OBJ_member_body */ - 0x2A,0x86,0x48, /* [ 1090] OBJ_ISO_US */ - 0x2A,0x86,0x48,0xCE,0x38, /* [ 1093] OBJ_X9_57 */ - 0x2A,0x86,0x48,0xCE,0x38,0x04, /* [ 1098] OBJ_X9cm */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01, /* [ 1104] OBJ_pkcs1 */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05, /* [ 1112] OBJ_pkcs5 */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10, /* [ 1120] OBJ_SMIME */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00, /* [ 1129] OBJ_id_smime_mod */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01, /* [ 1139] OBJ_id_smime_ct */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02, /* [ 1149] OBJ_id_smime_aa */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03, /* [ 1159] OBJ_id_smime_alg */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x04, /* [ 1169] OBJ_id_smime_cd */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x05, /* [ 1179] OBJ_id_smime_spq */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06, /* [ 1189] OBJ_id_smime_cti */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x01, /* [ 1199] OBJ_id_smime_mod_cms */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x02, /* [ 1210] OBJ_id_smime_mod_ess */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x03, /* [ 1221] OBJ_id_smime_mod_oid */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x04, /* [ 1232] OBJ_id_smime_mod_msg_v3 */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x05, /* [ 1243] OBJ_id_smime_mod_ets_eSignature_88 */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x06, /* [ 1254] OBJ_id_smime_mod_ets_eSignature_97 */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x07, /* [ 1265] OBJ_id_smime_mod_ets_eSigPolicy_88 */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x08, /* [ 1276] OBJ_id_smime_mod_ets_eSigPolicy_97 */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x01, /* [ 1287] OBJ_id_smime_ct_receipt */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x02, /* [ 1298] OBJ_id_smime_ct_authData */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x03, /* [ 1309] OBJ_id_smime_ct_publishCert */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x04, /* [ 1320] OBJ_id_smime_ct_TSTInfo */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x05, /* [ 1331] OBJ_id_smime_ct_TDTInfo */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x06, /* [ 1342] OBJ_id_smime_ct_contentInfo */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x07, /* [ 1353] OBJ_id_smime_ct_DVCSRequestData */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x08, /* [ 1364] OBJ_id_smime_ct_DVCSResponseData */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x01, /* [ 1375] OBJ_id_smime_aa_receiptRequest */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x02, /* [ 1386] OBJ_id_smime_aa_securityLabel */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x03, /* [ 1397] OBJ_id_smime_aa_mlExpandHistory */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x04, /* [ 1408] OBJ_id_smime_aa_contentHint */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x05, /* [ 1419] OBJ_id_smime_aa_msgSigDigest */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x06, /* [ 1430] OBJ_id_smime_aa_encapContentType */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x07, /* [ 1441] OBJ_id_smime_aa_contentIdentifier */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x08, /* [ 1452] OBJ_id_smime_aa_macValue */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x09, /* [ 1463] OBJ_id_smime_aa_equivalentLabels */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0A, /* [ 1474] OBJ_id_smime_aa_contentReference */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0B, /* [ 1485] OBJ_id_smime_aa_encrypKeyPref */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0C, /* [ 1496] OBJ_id_smime_aa_signingCertificate */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0D, /* [ 1507] OBJ_id_smime_aa_smimeEncryptCerts */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0E, /* [ 1518] OBJ_id_smime_aa_timeStampToken */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0F, /* [ 1529] OBJ_id_smime_aa_ets_sigPolicyId */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x10, /* [ 1540] OBJ_id_smime_aa_ets_commitmentType */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x11, /* [ 1551] OBJ_id_smime_aa_ets_signerLocation */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x12, /* [ 1562] OBJ_id_smime_aa_ets_signerAttr */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x13, /* [ 1573] OBJ_id_smime_aa_ets_otherSigCert */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x14, /* [ 1584] OBJ_id_smime_aa_ets_contentTimestamp */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x15, /* [ 1595] OBJ_id_smime_aa_ets_CertificateRefs */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x16, /* [ 1606] OBJ_id_smime_aa_ets_RevocationRefs */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x17, /* [ 1617] OBJ_id_smime_aa_ets_certValues */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x18, /* [ 1628] OBJ_id_smime_aa_ets_revocationValues */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x19, /* [ 1639] OBJ_id_smime_aa_ets_escTimeStamp */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1A, /* [ 1650] OBJ_id_smime_aa_ets_certCRLTimestamp */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1B, /* [ 1661] OBJ_id_smime_aa_ets_archiveTimeStamp */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1C, /* [ 1672] OBJ_id_smime_aa_signatureType */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1D, /* [ 1683] OBJ_id_smime_aa_dvcs_dvc */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x01, /* [ 1694] OBJ_id_smime_alg_ESDHwith3DES */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x02, /* [ 1705] OBJ_id_smime_alg_ESDHwithRC2 */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x03, /* [ 1716] OBJ_id_smime_alg_3DESwrap */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x04, /* [ 1727] OBJ_id_smime_alg_RC2wrap */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x05, /* [ 1738] OBJ_id_smime_alg_ESDH */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x06, /* [ 1749] OBJ_id_smime_alg_CMS3DESwrap */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x07, /* [ 1760] OBJ_id_smime_alg_CMSRC2wrap */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x04,0x01, /* [ 1771] OBJ_id_smime_cd_ldap */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x05,0x01, /* [ 1782] OBJ_id_smime_spq_ets_sqt_uri */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x05,0x02, /* [ 1793] OBJ_id_smime_spq_ets_sqt_unotice */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x01, /* [ 1804] OBJ_id_smime_cti_ets_proofOfOrigin */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x02, /* [ 1815] OBJ_id_smime_cti_ets_proofOfReceipt */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x03, /* [ 1826] OBJ_id_smime_cti_ets_proofOfDelivery */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x04, /* [ 1837] OBJ_id_smime_cti_ets_proofOfSender */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x05, /* [ 1848] OBJ_id_smime_cti_ets_proofOfApproval */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x06, /* [ 1859] OBJ_id_smime_cti_ets_proofOfCreation */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x04, /* [ 1870] OBJ_md4 */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x00, /* [ 1878] OBJ_id_pkix_mod */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x02, /* [ 1885] OBJ_id_qt */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x04, /* [ 1892] OBJ_id_it */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x05, /* [ 1899] OBJ_id_pkip */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x06, /* [ 1906] OBJ_id_alg */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x07, /* [ 1913] OBJ_id_cmc */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x08, /* [ 1920] OBJ_id_on */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x09, /* [ 1927] OBJ_id_pda */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x0A, /* [ 1934] OBJ_id_aca */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x0B, /* [ 1941] OBJ_id_qcs */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x0C, /* [ 1948] OBJ_id_cct */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x01, /* [ 1955] OBJ_id_pkix1_explicit_88 */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x02, /* [ 1963] OBJ_id_pkix1_implicit_88 */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x03, /* [ 1971] OBJ_id_pkix1_explicit_93 */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x04, /* [ 1979] OBJ_id_pkix1_implicit_93 */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x05, /* [ 1987] OBJ_id_mod_crmf */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x06, /* [ 1995] OBJ_id_mod_cmc */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x07, /* [ 2003] OBJ_id_mod_kea_profile_88 */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x08, /* [ 2011] OBJ_id_mod_kea_profile_93 */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x09, /* [ 2019] OBJ_id_mod_cmp */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0A, /* [ 2027] OBJ_id_mod_qualified_cert_88 */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0B, /* [ 2035] OBJ_id_mod_qualified_cert_93 */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0C, /* [ 2043] OBJ_id_mod_attribute_cert */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0D, /* [ 2051] OBJ_id_mod_timestamp_protocol */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0E, /* [ 2059] OBJ_id_mod_ocsp */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0F, /* [ 2067] OBJ_id_mod_dvcs */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x10, /* [ 2075] OBJ_id_mod_cmp2000 */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x02, /* [ 2083] OBJ_biometricInfo */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x03, /* [ 2091] OBJ_qcStatements */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x04, /* [ 2099] OBJ_ac_auditEntity */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x05, /* [ 2107] OBJ_ac_targeting */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x06, /* [ 2115] OBJ_aaControls */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x07, /* [ 2123] OBJ_sbgp_ipAddrBlock */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x08, /* [ 2131] OBJ_sbgp_autonomousSysNum */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x09, /* [ 2139] OBJ_sbgp_routerIdentifier */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x03, /* [ 2147] OBJ_textNotice */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x05, /* [ 2155] OBJ_ipsecEndSystem */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x06, /* [ 2163] OBJ_ipsecTunnel */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x07, /* [ 2171] OBJ_ipsecUser */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x0A, /* [ 2179] OBJ_dvcs */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x01, /* [ 2187] OBJ_id_it_caProtEncCert */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x02, /* [ 2195] OBJ_id_it_signKeyPairTypes */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x03, /* [ 2203] OBJ_id_it_encKeyPairTypes */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x04, /* [ 2211] OBJ_id_it_preferredSymmAlg */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x05, /* [ 2219] OBJ_id_it_caKeyUpdateInfo */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x06, /* [ 2227] OBJ_id_it_currentCRL */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x07, /* [ 2235] OBJ_id_it_unsupportedOIDs */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x08, /* [ 2243] OBJ_id_it_subscriptionRequest */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x09, /* [ 2251] OBJ_id_it_subscriptionResponse */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0A, /* [ 2259] OBJ_id_it_keyPairParamReq */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0B, /* [ 2267] OBJ_id_it_keyPairParamRep */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0C, /* [ 2275] OBJ_id_it_revPassphrase */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0D, /* [ 2283] OBJ_id_it_implicitConfirm */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0E, /* [ 2291] OBJ_id_it_confirmWaitTime */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0F, /* [ 2299] OBJ_id_it_origPKIMessage */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01, /* [ 2307] OBJ_id_regCtrl */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x02, /* [ 2315] OBJ_id_regInfo */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x01, /* [ 2323] OBJ_id_regCtrl_regToken */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x02, /* [ 2332] OBJ_id_regCtrl_authenticator */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x03, /* [ 2341] OBJ_id_regCtrl_pkiPublicationInfo */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x04, /* [ 2350] OBJ_id_regCtrl_pkiArchiveOptions */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x05, /* [ 2359] OBJ_id_regCtrl_oldCertID */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x06, /* [ 2368] OBJ_id_regCtrl_protocolEncrKey */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x02,0x01, /* [ 2377] OBJ_id_regInfo_utf8Pairs */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x02,0x02, /* [ 2386] OBJ_id_regInfo_certReq */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x01, /* [ 2395] OBJ_id_alg_des40 */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x02, /* [ 2403] OBJ_id_alg_noSignature */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x03, /* [ 2411] OBJ_id_alg_dh_sig_hmac_sha1 */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x04, /* [ 2419] OBJ_id_alg_dh_pop */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x01, /* [ 2427] OBJ_id_cmc_statusInfo */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x02, /* [ 2435] OBJ_id_cmc_identification */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x03, /* [ 2443] OBJ_id_cmc_identityProof */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x04, /* [ 2451] OBJ_id_cmc_dataReturn */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x05, /* [ 2459] OBJ_id_cmc_transactionId */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x06, /* [ 2467] OBJ_id_cmc_senderNonce */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x07, /* [ 2475] OBJ_id_cmc_recipientNonce */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x08, /* [ 2483] OBJ_id_cmc_addExtensions */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x09, /* [ 2491] OBJ_id_cmc_encryptedPOP */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x0A, /* [ 2499] OBJ_id_cmc_decryptedPOP */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x0B, /* [ 2507] OBJ_id_cmc_lraPOPWitness */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x0F, /* [ 2515] OBJ_id_cmc_getCert */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x10, /* [ 2523] OBJ_id_cmc_getCRL */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x11, /* [ 2531] OBJ_id_cmc_revokeRequest */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x12, /* [ 2539] OBJ_id_cmc_regInfo */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x13, /* [ 2547] OBJ_id_cmc_responseInfo */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x15, /* [ 2555] OBJ_id_cmc_queryPending */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x16, /* [ 2563] OBJ_id_cmc_popLinkRandom */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x17, /* [ 2571] OBJ_id_cmc_popLinkWitness */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x18, /* [ 2579] OBJ_id_cmc_confirmCertAcceptance */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x08,0x01, /* [ 2587] OBJ_id_on_personalData */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x01, /* [ 2595] OBJ_id_pda_dateOfBirth */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x02, /* [ 2603] OBJ_id_pda_placeOfBirth */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x03, /* [ 2611] OBJ_id_pda_gender */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x04, /* [ 2619] OBJ_id_pda_countryOfCitizenship */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x05, /* [ 2627] OBJ_id_pda_countryOfResidence */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x01, /* [ 2635] OBJ_id_aca_authenticationInfo */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x02, /* [ 2643] OBJ_id_aca_accessIdentity */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x03, /* [ 2651] OBJ_id_aca_chargingIdentity */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x04, /* [ 2659] OBJ_id_aca_group */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x05, /* [ 2667] OBJ_id_aca_role */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x0B,0x01, /* [ 2675] OBJ_id_qcs_pkixQCSyntax_v1 */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x01, /* [ 2683] OBJ_id_cct_crs */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x02, /* [ 2691] OBJ_id_cct_PKIData */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x03, /* [ 2699] OBJ_id_cct_PKIResponse */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x03, /* [ 2707] OBJ_ad_timeStamping */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x04, /* [ 2715] OBJ_ad_dvcs */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x01, /* [ 2723] OBJ_id_pkix_OCSP_basic */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x02, /* [ 2732] OBJ_id_pkix_OCSP_Nonce */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x03, /* [ 2741] OBJ_id_pkix_OCSP_CrlID */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x04, /* [ 2750] OBJ_id_pkix_OCSP_acceptableResponses */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x05, /* [ 2759] OBJ_id_pkix_OCSP_noCheck */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x06, /* [ 2768] OBJ_id_pkix_OCSP_archiveCutoff */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x07, /* [ 2777] OBJ_id_pkix_OCSP_serviceLocator */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x08, /* [ 2786] OBJ_id_pkix_OCSP_extendedStatus */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x09, /* [ 2795] OBJ_id_pkix_OCSP_valid */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x0A, /* [ 2804] OBJ_id_pkix_OCSP_path */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x0B, /* [ 2813] OBJ_id_pkix_OCSP_trustRoot */ - 0x2B,0x0E,0x03,0x02, /* [ 2822] OBJ_algorithm */ - 0x2B,0x0E,0x03,0x02,0x0B, /* [ 2826] OBJ_rsaSignature */ - 0x55,0x08, /* [ 2831] OBJ_X500algorithms */ - 0x2B, /* [ 2833] OBJ_org */ - 0x2B,0x06, /* [ 2834] OBJ_dod */ - 0x2B,0x06,0x01, /* [ 2836] OBJ_iana */ - 0x2B,0x06,0x01,0x01, /* [ 2839] OBJ_Directory */ - 0x2B,0x06,0x01,0x02, /* [ 2843] OBJ_Management */ - 0x2B,0x06,0x01,0x03, /* [ 2847] OBJ_Experimental */ - 0x2B,0x06,0x01,0x04, /* [ 2851] OBJ_Private */ - 0x2B,0x06,0x01,0x05, /* [ 2855] OBJ_Security */ - 0x2B,0x06,0x01,0x06, /* [ 2859] OBJ_SNMPv2 */ - 0x2B,0x06,0x01,0x07, /* [ 2863] OBJ_Mail */ - 0x2B,0x06,0x01,0x04,0x01, /* [ 2867] OBJ_Enterprises */ - 0x2B,0x06,0x01,0x04,0x01,0x8B,0x3A,0x82,0x58, /* [ 2872] OBJ_dcObject */ - 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x19, /* [ 2881] OBJ_domainComponent */ - 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0D, /* [ 2891] OBJ_Domain */ - 0x55,0x01,0x05, /* [ 2901] OBJ_selected_attribute_types */ - 0x55,0x01,0x05,0x37, /* [ 2904] OBJ_clearance */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x03, /* [ 2908] OBJ_md4WithRSAEncryption */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0A, /* [ 2917] OBJ_ac_proxying */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0B, /* [ 2925] OBJ_sinfo_access */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x06, /* [ 2933] OBJ_id_aca_encAttrs */ - 0x55,0x04,0x48, /* [ 2941] OBJ_role */ - 0x55,0x1D,0x24, /* [ 2944] OBJ_policy_constraints */ - 0x55,0x1D,0x37, /* [ 2947] OBJ_target_information */ - 0x55,0x1D,0x38, /* [ 2950] OBJ_no_rev_avail */ - 0x2A,0x86,0x48,0xCE,0x3D, /* [ 2953] OBJ_ansi_X9_62 */ - 0x2A,0x86,0x48,0xCE,0x3D,0x01,0x01, /* [ 2958] OBJ_X9_62_prime_field */ - 0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02, /* [ 2965] OBJ_X9_62_characteristic_two_field */ - 0x2A,0x86,0x48,0xCE,0x3D,0x02,0x01, /* [ 2972] OBJ_X9_62_id_ecPublicKey */ - 0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x01, /* [ 2979] OBJ_X9_62_prime192v1 */ - 0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x02, /* [ 2987] OBJ_X9_62_prime192v2 */ - 0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x03, /* [ 2995] OBJ_X9_62_prime192v3 */ - 0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x04, /* [ 3003] OBJ_X9_62_prime239v1 */ - 0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x05, /* [ 3011] OBJ_X9_62_prime239v2 */ - 0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x06, /* [ 3019] OBJ_X9_62_prime239v3 */ - 0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x07, /* [ 3027] OBJ_X9_62_prime256v1 */ - 0x2A,0x86,0x48,0xCE,0x3D,0x04,0x01, /* [ 3035] OBJ_ecdsa_with_SHA1 */ - 0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x11,0x01, /* [ 3042] OBJ_ms_csp_name */ - 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x01, /* [ 3051] OBJ_aes_128_ecb */ - 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x02, /* [ 3060] OBJ_aes_128_cbc */ - 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x03, /* [ 3069] OBJ_aes_128_ofb128 */ - 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x04, /* [ 3078] OBJ_aes_128_cfb128 */ - 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x15, /* [ 3087] OBJ_aes_192_ecb */ - 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x16, /* [ 3096] OBJ_aes_192_cbc */ - 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x17, /* [ 3105] OBJ_aes_192_ofb128 */ - 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x18, /* [ 3114] OBJ_aes_192_cfb128 */ - 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x29, /* [ 3123] OBJ_aes_256_ecb */ - 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2A, /* [ 3132] OBJ_aes_256_cbc */ - 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2B, /* [ 3141] OBJ_aes_256_ofb128 */ - 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2C, /* [ 3150] OBJ_aes_256_cfb128 */ - 0x55,0x1D,0x17, /* [ 3159] OBJ_hold_instruction_code */ - 0x2A,0x86,0x48,0xCE,0x38,0x02,0x01, /* [ 3162] OBJ_hold_instruction_none */ - 0x2A,0x86,0x48,0xCE,0x38,0x02,0x02, /* [ 3169] OBJ_hold_instruction_call_issuer */ - 0x2A,0x86,0x48,0xCE,0x38,0x02,0x03, /* [ 3176] OBJ_hold_instruction_reject */ - 0x09, /* [ 3183] OBJ_data */ - 0x09,0x92,0x26, /* [ 3184] OBJ_pss */ - 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C, /* [ 3187] OBJ_ucl */ - 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64, /* [ 3194] OBJ_pilot */ - 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01, /* [ 3202] OBJ_pilotAttributeType */ - 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x03, /* [ 3211] OBJ_pilotAttributeSyntax */ - 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04, /* [ 3220] OBJ_pilotObjectClass */ - 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x0A, /* [ 3229] OBJ_pilotGroups */ - 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x03,0x04, /* [ 3238] OBJ_iA5StringSyntax */ - 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x03,0x05, /* [ 3248] OBJ_caseIgnoreIA5StringSyntax */ - 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x03, /* [ 3258] OBJ_pilotObject */ - 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x04, /* [ 3268] OBJ_pilotPerson */ - 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x05, /* [ 3278] OBJ_account */ - 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x06, /* [ 3288] OBJ_document */ - 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x07, /* [ 3298] OBJ_room */ - 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x09, /* [ 3308] OBJ_documentSeries */ - 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0E, /* [ 3318] OBJ_rFC822localPart */ - 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0F, /* [ 3328] OBJ_dNSDomain */ - 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x11, /* [ 3338] OBJ_domainRelatedObject */ - 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x12, /* [ 3348] OBJ_friendlyCountry */ - 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x13, /* [ 3358] OBJ_simpleSecurityObject */ - 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x14, /* [ 3368] OBJ_pilotOrganization */ - 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x15, /* [ 3378] OBJ_pilotDSA */ - 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x16, /* [ 3388] OBJ_qualityLabelledData */ - 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x01, /* [ 3398] OBJ_userId */ - 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x02, /* [ 3408] OBJ_textEncodedORAddress */ - 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x03, /* [ 3418] OBJ_rfc822Mailbox */ - 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x04, /* [ 3428] OBJ_info */ - 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x05, /* [ 3438] OBJ_favouriteDrink */ - 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x06, /* [ 3448] OBJ_roomNumber */ - 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x07, /* [ 3458] OBJ_photo */ - 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x08, /* [ 3468] OBJ_userClass */ - 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x09, /* [ 3478] OBJ_host */ - 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0A, /* [ 3488] OBJ_manager */ - 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0B, /* [ 3498] OBJ_documentIdentifier */ - 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0C, /* [ 3508] OBJ_documentTitle */ - 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0D, /* [ 3518] OBJ_documentVersion */ - 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0E, /* [ 3528] OBJ_documentAuthor */ - 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0F, /* [ 3538] OBJ_documentLocation */ - 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x14, /* [ 3548] OBJ_homeTelephoneNumber */ - 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x15, /* [ 3558] OBJ_secretary */ - 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x16, /* [ 3568] OBJ_otherMailbox */ - 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x17, /* [ 3578] OBJ_lastModifiedTime */ - 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x18, /* [ 3588] OBJ_lastModifiedBy */ - 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1A, /* [ 3598] OBJ_aRecord */ - 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1B, /* [ 3608] OBJ_pilotAttributeType27 */ - 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1C, /* [ 3618] OBJ_mXRecord */ - 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1D, /* [ 3628] OBJ_nSRecord */ - 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1E, /* [ 3638] OBJ_sOARecord */ - 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1F, /* [ 3648] OBJ_cNAMERecord */ - 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x25, /* [ 3658] OBJ_associatedDomain */ - 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x26, /* [ 3668] OBJ_associatedName */ - 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x27, /* [ 3678] OBJ_homePostalAddress */ - 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x28, /* [ 3688] OBJ_personalTitle */ - 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x29, /* [ 3698] OBJ_mobileTelephoneNumber */ - 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2A, /* [ 3708] OBJ_pagerTelephoneNumber */ - 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2B, /* [ 3718] OBJ_friendlyCountryName */ - 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2D, /* [ 3728] OBJ_organizationalStatus */ - 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2E, /* [ 3738] OBJ_janetMailbox */ - 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2F, /* [ 3748] OBJ_mailPreferenceOption */ - 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x30, /* [ 3758] OBJ_buildingName */ - 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x31, /* [ 3768] OBJ_dSAQuality */ - 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x32, /* [ 3778] OBJ_singleLevelQuality */ - 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x33, /* [ 3788] OBJ_subtreeMinimumQuality */ - 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x34, /* [ 3798] OBJ_subtreeMaximumQuality */ - 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x35, /* [ 3808] OBJ_personalSignature */ - 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x36, /* [ 3818] OBJ_dITRedirect */ - 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x37, /* [ 3828] OBJ_audio */ - 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x38, /* [ 3838] OBJ_documentPublisher */ - 0x55,0x04,0x2D, /* [ 3848] OBJ_x500UniqueIdentifier */ - 0x2B,0x06,0x01,0x07,0x01, /* [ 3851] OBJ_mime_mhs */ - 0x2B,0x06,0x01,0x07,0x01,0x01, /* [ 3856] OBJ_mime_mhs_headings */ - 0x2B,0x06,0x01,0x07,0x01,0x02, /* [ 3862] OBJ_mime_mhs_bodies */ - 0x2B,0x06,0x01,0x07,0x01,0x01,0x01, /* [ 3868] OBJ_id_hex_partial_message */ - 0x2B,0x06,0x01,0x07,0x01,0x01,0x02, /* [ 3875] OBJ_id_hex_multipart_message */ - 0x55,0x04,0x2C, /* [ 3882] OBJ_generationQualifier */ - 0x55,0x04,0x41, /* [ 3885] OBJ_pseudonym */ - 0x67,0x2A, /* [ 3888] OBJ_id_set */ - 0x67,0x2A,0x00, /* [ 3890] OBJ_set_ctype */ - 0x67,0x2A,0x01, /* [ 3893] OBJ_set_msgExt */ - 0x67,0x2A,0x03, /* [ 3896] OBJ_set_attr */ - 0x67,0x2A,0x05, /* [ 3899] OBJ_set_policy */ - 0x67,0x2A,0x07, /* [ 3902] OBJ_set_certExt */ - 0x67,0x2A,0x08, /* [ 3905] OBJ_set_brand */ - 0x67,0x2A,0x00,0x00, /* [ 3908] OBJ_setct_PANData */ - 0x67,0x2A,0x00,0x01, /* [ 3912] OBJ_setct_PANToken */ - 0x67,0x2A,0x00,0x02, /* [ 3916] OBJ_setct_PANOnly */ - 0x67,0x2A,0x00,0x03, /* [ 3920] OBJ_setct_OIData */ - 0x67,0x2A,0x00,0x04, /* [ 3924] OBJ_setct_PI */ - 0x67,0x2A,0x00,0x05, /* [ 3928] OBJ_setct_PIData */ - 0x67,0x2A,0x00,0x06, /* [ 3932] OBJ_setct_PIDataUnsigned */ - 0x67,0x2A,0x00,0x07, /* [ 3936] OBJ_setct_HODInput */ - 0x67,0x2A,0x00,0x08, /* [ 3940] OBJ_setct_AuthResBaggage */ - 0x67,0x2A,0x00,0x09, /* [ 3944] OBJ_setct_AuthRevReqBaggage */ - 0x67,0x2A,0x00,0x0A, /* [ 3948] OBJ_setct_AuthRevResBaggage */ - 0x67,0x2A,0x00,0x0B, /* [ 3952] OBJ_setct_CapTokenSeq */ - 0x67,0x2A,0x00,0x0C, /* [ 3956] OBJ_setct_PInitResData */ - 0x67,0x2A,0x00,0x0D, /* [ 3960] OBJ_setct_PI_TBS */ - 0x67,0x2A,0x00,0x0E, /* [ 3964] OBJ_setct_PResData */ - 0x67,0x2A,0x00,0x10, /* [ 3968] OBJ_setct_AuthReqTBS */ - 0x67,0x2A,0x00,0x11, /* [ 3972] OBJ_setct_AuthResTBS */ - 0x67,0x2A,0x00,0x12, /* [ 3976] OBJ_setct_AuthResTBSX */ - 0x67,0x2A,0x00,0x13, /* [ 3980] OBJ_setct_AuthTokenTBS */ - 0x67,0x2A,0x00,0x14, /* [ 3984] OBJ_setct_CapTokenData */ - 0x67,0x2A,0x00,0x15, /* [ 3988] OBJ_setct_CapTokenTBS */ - 0x67,0x2A,0x00,0x16, /* [ 3992] OBJ_setct_AcqCardCodeMsg */ - 0x67,0x2A,0x00,0x17, /* [ 3996] OBJ_setct_AuthRevReqTBS */ - 0x67,0x2A,0x00,0x18, /* [ 4000] OBJ_setct_AuthRevResData */ - 0x67,0x2A,0x00,0x19, /* [ 4004] OBJ_setct_AuthRevResTBS */ - 0x67,0x2A,0x00,0x1A, /* [ 4008] OBJ_setct_CapReqTBS */ - 0x67,0x2A,0x00,0x1B, /* [ 4012] OBJ_setct_CapReqTBSX */ - 0x67,0x2A,0x00,0x1C, /* [ 4016] OBJ_setct_CapResData */ - 0x67,0x2A,0x00,0x1D, /* [ 4020] OBJ_setct_CapRevReqTBS */ - 0x67,0x2A,0x00,0x1E, /* [ 4024] OBJ_setct_CapRevReqTBSX */ - 0x67,0x2A,0x00,0x1F, /* [ 4028] OBJ_setct_CapRevResData */ - 0x67,0x2A,0x00,0x20, /* [ 4032] OBJ_setct_CredReqTBS */ - 0x67,0x2A,0x00,0x21, /* [ 4036] OBJ_setct_CredReqTBSX */ - 0x67,0x2A,0x00,0x22, /* [ 4040] OBJ_setct_CredResData */ - 0x67,0x2A,0x00,0x23, /* [ 4044] OBJ_setct_CredRevReqTBS */ - 0x67,0x2A,0x00,0x24, /* [ 4048] OBJ_setct_CredRevReqTBSX */ - 0x67,0x2A,0x00,0x25, /* [ 4052] OBJ_setct_CredRevResData */ - 0x67,0x2A,0x00,0x26, /* [ 4056] OBJ_setct_PCertReqData */ - 0x67,0x2A,0x00,0x27, /* [ 4060] OBJ_setct_PCertResTBS */ - 0x67,0x2A,0x00,0x28, /* [ 4064] OBJ_setct_BatchAdminReqData */ - 0x67,0x2A,0x00,0x29, /* [ 4068] OBJ_setct_BatchAdminResData */ - 0x67,0x2A,0x00,0x2A, /* [ 4072] OBJ_setct_CardCInitResTBS */ - 0x67,0x2A,0x00,0x2B, /* [ 4076] OBJ_setct_MeAqCInitResTBS */ - 0x67,0x2A,0x00,0x2C, /* [ 4080] OBJ_setct_RegFormResTBS */ - 0x67,0x2A,0x00,0x2D, /* [ 4084] OBJ_setct_CertReqData */ - 0x67,0x2A,0x00,0x2E, /* [ 4088] OBJ_setct_CertReqTBS */ - 0x67,0x2A,0x00,0x2F, /* [ 4092] OBJ_setct_CertResData */ - 0x67,0x2A,0x00,0x30, /* [ 4096] OBJ_setct_CertInqReqTBS */ - 0x67,0x2A,0x00,0x31, /* [ 4100] OBJ_setct_ErrorTBS */ - 0x67,0x2A,0x00,0x32, /* [ 4104] OBJ_setct_PIDualSignedTBE */ - 0x67,0x2A,0x00,0x33, /* [ 4108] OBJ_setct_PIUnsignedTBE */ - 0x67,0x2A,0x00,0x34, /* [ 4112] OBJ_setct_AuthReqTBE */ - 0x67,0x2A,0x00,0x35, /* [ 4116] OBJ_setct_AuthResTBE */ - 0x67,0x2A,0x00,0x36, /* [ 4120] OBJ_setct_AuthResTBEX */ - 0x67,0x2A,0x00,0x37, /* [ 4124] OBJ_setct_AuthTokenTBE */ - 0x67,0x2A,0x00,0x38, /* [ 4128] OBJ_setct_CapTokenTBE */ - 0x67,0x2A,0x00,0x39, /* [ 4132] OBJ_setct_CapTokenTBEX */ - 0x67,0x2A,0x00,0x3A, /* [ 4136] OBJ_setct_AcqCardCodeMsgTBE */ - 0x67,0x2A,0x00,0x3B, /* [ 4140] OBJ_setct_AuthRevReqTBE */ - 0x67,0x2A,0x00,0x3C, /* [ 4144] OBJ_setct_AuthRevResTBE */ - 0x67,0x2A,0x00,0x3D, /* [ 4148] OBJ_setct_AuthRevResTBEB */ - 0x67,0x2A,0x00,0x3E, /* [ 4152] OBJ_setct_CapReqTBE */ - 0x67,0x2A,0x00,0x3F, /* [ 4156] OBJ_setct_CapReqTBEX */ - 0x67,0x2A,0x00,0x40, /* [ 4160] OBJ_setct_CapResTBE */ - 0x67,0x2A,0x00,0x41, /* [ 4164] OBJ_setct_CapRevReqTBE */ - 0x67,0x2A,0x00,0x42, /* [ 4168] OBJ_setct_CapRevReqTBEX */ - 0x67,0x2A,0x00,0x43, /* [ 4172] OBJ_setct_CapRevResTBE */ - 0x67,0x2A,0x00,0x44, /* [ 4176] OBJ_setct_CredReqTBE */ - 0x67,0x2A,0x00,0x45, /* [ 4180] OBJ_setct_CredReqTBEX */ - 0x67,0x2A,0x00,0x46, /* [ 4184] OBJ_setct_CredResTBE */ - 0x67,0x2A,0x00,0x47, /* [ 4188] OBJ_setct_CredRevReqTBE */ - 0x67,0x2A,0x00,0x48, /* [ 4192] OBJ_setct_CredRevReqTBEX */ - 0x67,0x2A,0x00,0x49, /* [ 4196] OBJ_setct_CredRevResTBE */ - 0x67,0x2A,0x00,0x4A, /* [ 4200] OBJ_setct_BatchAdminReqTBE */ - 0x67,0x2A,0x00,0x4B, /* [ 4204] OBJ_setct_BatchAdminResTBE */ - 0x67,0x2A,0x00,0x4C, /* [ 4208] OBJ_setct_RegFormReqTBE */ - 0x67,0x2A,0x00,0x4D, /* [ 4212] OBJ_setct_CertReqTBE */ - 0x67,0x2A,0x00,0x4E, /* [ 4216] OBJ_setct_CertReqTBEX */ - 0x67,0x2A,0x00,0x4F, /* [ 4220] OBJ_setct_CertResTBE */ - 0x67,0x2A,0x00,0x50, /* [ 4224] OBJ_setct_CRLNotificationTBS */ - 0x67,0x2A,0x00,0x51, /* [ 4228] OBJ_setct_CRLNotificationResTBS */ - 0x67,0x2A,0x00,0x52, /* [ 4232] OBJ_setct_BCIDistributionTBS */ - 0x67,0x2A,0x01,0x01, /* [ 4236] OBJ_setext_genCrypt */ - 0x67,0x2A,0x01,0x03, /* [ 4240] OBJ_setext_miAuth */ - 0x67,0x2A,0x01,0x04, /* [ 4244] OBJ_setext_pinSecure */ - 0x67,0x2A,0x01,0x05, /* [ 4248] OBJ_setext_pinAny */ - 0x67,0x2A,0x01,0x07, /* [ 4252] OBJ_setext_track2 */ - 0x67,0x2A,0x01,0x08, /* [ 4256] OBJ_setext_cv */ - 0x67,0x2A,0x05,0x00, /* [ 4260] OBJ_set_policy_root */ - 0x67,0x2A,0x07,0x00, /* [ 4264] OBJ_setCext_hashedRoot */ - 0x67,0x2A,0x07,0x01, /* [ 4268] OBJ_setCext_certType */ - 0x67,0x2A,0x07,0x02, /* [ 4272] OBJ_setCext_merchData */ - 0x67,0x2A,0x07,0x03, /* [ 4276] OBJ_setCext_cCertRequired */ - 0x67,0x2A,0x07,0x04, /* [ 4280] OBJ_setCext_tunneling */ - 0x67,0x2A,0x07,0x05, /* [ 4284] OBJ_setCext_setExt */ - 0x67,0x2A,0x07,0x06, /* [ 4288] OBJ_setCext_setQualf */ - 0x67,0x2A,0x07,0x07, /* [ 4292] OBJ_setCext_PGWYcapabilities */ - 0x67,0x2A,0x07,0x08, /* [ 4296] OBJ_setCext_TokenIdentifier */ - 0x67,0x2A,0x07,0x09, /* [ 4300] OBJ_setCext_Track2Data */ - 0x67,0x2A,0x07,0x0A, /* [ 4304] OBJ_setCext_TokenType */ - 0x67,0x2A,0x07,0x0B, /* [ 4308] OBJ_setCext_IssuerCapabilities */ - 0x67,0x2A,0x03,0x00, /* [ 4312] OBJ_setAttr_Cert */ - 0x67,0x2A,0x03,0x01, /* [ 4316] OBJ_setAttr_PGWYcap */ - 0x67,0x2A,0x03,0x02, /* [ 4320] OBJ_setAttr_TokenType */ - 0x67,0x2A,0x03,0x03, /* [ 4324] OBJ_setAttr_IssCap */ - 0x67,0x2A,0x03,0x00,0x00, /* [ 4328] OBJ_set_rootKeyThumb */ - 0x67,0x2A,0x03,0x00,0x01, /* [ 4333] OBJ_set_addPolicy */ - 0x67,0x2A,0x03,0x02,0x01, /* [ 4338] OBJ_setAttr_Token_EMV */ - 0x67,0x2A,0x03,0x02,0x02, /* [ 4343] OBJ_setAttr_Token_B0Prime */ - 0x67,0x2A,0x03,0x03,0x03, /* [ 4348] OBJ_setAttr_IssCap_CVM */ - 0x67,0x2A,0x03,0x03,0x04, /* [ 4353] OBJ_setAttr_IssCap_T2 */ - 0x67,0x2A,0x03,0x03,0x05, /* [ 4358] OBJ_setAttr_IssCap_Sig */ - 0x67,0x2A,0x03,0x03,0x03,0x01, /* [ 4363] OBJ_setAttr_GenCryptgrm */ - 0x67,0x2A,0x03,0x03,0x04,0x01, /* [ 4369] OBJ_setAttr_T2Enc */ - 0x67,0x2A,0x03,0x03,0x04,0x02, /* [ 4375] OBJ_setAttr_T2cleartxt */ - 0x67,0x2A,0x03,0x03,0x05,0x01, /* [ 4381] OBJ_setAttr_TokICCsig */ - 0x67,0x2A,0x03,0x03,0x05,0x02, /* [ 4387] OBJ_setAttr_SecDevSig */ - 0x67,0x2A,0x08,0x01, /* [ 4393] OBJ_set_brand_IATA_ATA */ - 0x67,0x2A,0x08,0x1E, /* [ 4397] OBJ_set_brand_Diners */ - 0x67,0x2A,0x08,0x22, /* [ 4401] OBJ_set_brand_AmericanExpress */ - 0x67,0x2A,0x08,0x23, /* [ 4405] OBJ_set_brand_JCB */ - 0x67,0x2A,0x08,0x04, /* [ 4409] OBJ_set_brand_Visa */ - 0x67,0x2A,0x08,0x05, /* [ 4413] OBJ_set_brand_MasterCard */ - 0x67,0x2A,0x08,0xAE,0x7B, /* [ 4417] OBJ_set_brand_Novus */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x0A, /* [ 4422] OBJ_des_cdmf */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x06, /* [ 4430] OBJ_rsaOAEPEncryptionSET */ - 0x67, /* [ 4439] OBJ_international_organizations */ - 0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x14,0x02,0x02, /* [ 4440] OBJ_ms_smartcard_login */ - 0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x14,0x02,0x03, /* [ 4450] OBJ_ms_upn */ - 0x55,0x04,0x09, /* [ 4460] OBJ_streetAddress */ - 0x55,0x04,0x11, /* [ 4463] OBJ_postalCode */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x15, /* [ 4466] OBJ_id_ppl */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0E, /* [ 4473] OBJ_proxyCertInfo */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x15,0x00, /* [ 4481] OBJ_id_ppl_anyLanguage */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x15,0x01, /* [ 4489] OBJ_id_ppl_inheritAll */ - 0x55,0x1D,0x1E, /* [ 4497] OBJ_name_constraints */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x15,0x02, /* [ 4500] OBJ_Independent */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0B, /* [ 4508] OBJ_sha256WithRSAEncryption */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0C, /* [ 4517] OBJ_sha384WithRSAEncryption */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0D, /* [ 4526] OBJ_sha512WithRSAEncryption */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0E, /* [ 4535] OBJ_sha224WithRSAEncryption */ - 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x01, /* [ 4544] OBJ_sha256 */ - 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x02, /* [ 4553] OBJ_sha384 */ - 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x03, /* [ 4562] OBJ_sha512 */ - 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x04, /* [ 4571] OBJ_sha224 */ - 0x2B, /* [ 4580] OBJ_identified_organization */ - 0x2B,0x81,0x04, /* [ 4581] OBJ_certicom_arc */ - 0x67,0x2B, /* [ 4584] OBJ_wap */ - 0x67,0x2B,0x01, /* [ 4586] OBJ_wap_wsg */ - 0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03, /* [ 4589] OBJ_X9_62_id_characteristic_two_basis */ - 0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,0x01, /* [ 4597] OBJ_X9_62_onBasis */ - 0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,0x02, /* [ 4606] OBJ_X9_62_tpBasis */ - 0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,0x03, /* [ 4615] OBJ_X9_62_ppBasis */ - 0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x01, /* [ 4624] OBJ_X9_62_c2pnb163v1 */ - 0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x02, /* [ 4632] OBJ_X9_62_c2pnb163v2 */ - 0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x03, /* [ 4640] OBJ_X9_62_c2pnb163v3 */ - 0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x04, /* [ 4648] OBJ_X9_62_c2pnb176v1 */ - 0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x05, /* [ 4656] OBJ_X9_62_c2tnb191v1 */ - 0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x06, /* [ 4664] OBJ_X9_62_c2tnb191v2 */ - 0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x07, /* [ 4672] OBJ_X9_62_c2tnb191v3 */ - 0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x08, /* [ 4680] OBJ_X9_62_c2onb191v4 */ - 0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x09, /* [ 4688] OBJ_X9_62_c2onb191v5 */ - 0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0A, /* [ 4696] OBJ_X9_62_c2pnb208w1 */ - 0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0B, /* [ 4704] OBJ_X9_62_c2tnb239v1 */ - 0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0C, /* [ 4712] OBJ_X9_62_c2tnb239v2 */ - 0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0D, /* [ 4720] OBJ_X9_62_c2tnb239v3 */ - 0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0E, /* [ 4728] OBJ_X9_62_c2onb239v4 */ - 0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0F, /* [ 4736] OBJ_X9_62_c2onb239v5 */ - 0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x10, /* [ 4744] OBJ_X9_62_c2pnb272w1 */ - 0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x11, /* [ 4752] OBJ_X9_62_c2pnb304w1 */ - 0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x12, /* [ 4760] OBJ_X9_62_c2tnb359v1 */ - 0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x13, /* [ 4768] OBJ_X9_62_c2pnb368w1 */ - 0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x14, /* [ 4776] OBJ_X9_62_c2tnb431r1 */ - 0x2B,0x81,0x04,0x00,0x06, /* [ 4784] OBJ_secp112r1 */ - 0x2B,0x81,0x04,0x00,0x07, /* [ 4789] OBJ_secp112r2 */ - 0x2B,0x81,0x04,0x00,0x1C, /* [ 4794] OBJ_secp128r1 */ - 0x2B,0x81,0x04,0x00,0x1D, /* [ 4799] OBJ_secp128r2 */ - 0x2B,0x81,0x04,0x00,0x09, /* [ 4804] OBJ_secp160k1 */ - 0x2B,0x81,0x04,0x00,0x08, /* [ 4809] OBJ_secp160r1 */ - 0x2B,0x81,0x04,0x00,0x1E, /* [ 4814] OBJ_secp160r2 */ - 0x2B,0x81,0x04,0x00,0x1F, /* [ 4819] OBJ_secp192k1 */ - 0x2B,0x81,0x04,0x00,0x20, /* [ 4824] OBJ_secp224k1 */ - 0x2B,0x81,0x04,0x00,0x21, /* [ 4829] OBJ_secp224r1 */ - 0x2B,0x81,0x04,0x00,0x0A, /* [ 4834] OBJ_secp256k1 */ - 0x2B,0x81,0x04,0x00,0x22, /* [ 4839] OBJ_secp384r1 */ - 0x2B,0x81,0x04,0x00,0x23, /* [ 4844] OBJ_secp521r1 */ - 0x2B,0x81,0x04,0x00,0x04, /* [ 4849] OBJ_sect113r1 */ - 0x2B,0x81,0x04,0x00,0x05, /* [ 4854] OBJ_sect113r2 */ - 0x2B,0x81,0x04,0x00,0x16, /* [ 4859] OBJ_sect131r1 */ - 0x2B,0x81,0x04,0x00,0x17, /* [ 4864] OBJ_sect131r2 */ - 0x2B,0x81,0x04,0x00,0x01, /* [ 4869] OBJ_sect163k1 */ - 0x2B,0x81,0x04,0x00,0x02, /* [ 4874] OBJ_sect163r1 */ - 0x2B,0x81,0x04,0x00,0x0F, /* [ 4879] OBJ_sect163r2 */ - 0x2B,0x81,0x04,0x00,0x18, /* [ 4884] OBJ_sect193r1 */ - 0x2B,0x81,0x04,0x00,0x19, /* [ 4889] OBJ_sect193r2 */ - 0x2B,0x81,0x04,0x00,0x1A, /* [ 4894] OBJ_sect233k1 */ - 0x2B,0x81,0x04,0x00,0x1B, /* [ 4899] OBJ_sect233r1 */ - 0x2B,0x81,0x04,0x00,0x03, /* [ 4904] OBJ_sect239k1 */ - 0x2B,0x81,0x04,0x00,0x10, /* [ 4909] OBJ_sect283k1 */ - 0x2B,0x81,0x04,0x00,0x11, /* [ 4914] OBJ_sect283r1 */ - 0x2B,0x81,0x04,0x00,0x24, /* [ 4919] OBJ_sect409k1 */ - 0x2B,0x81,0x04,0x00,0x25, /* [ 4924] OBJ_sect409r1 */ - 0x2B,0x81,0x04,0x00,0x26, /* [ 4929] OBJ_sect571k1 */ - 0x2B,0x81,0x04,0x00,0x27, /* [ 4934] OBJ_sect571r1 */ - 0x67,0x2B,0x01,0x04,0x01, /* [ 4939] OBJ_wap_wsg_idm_ecid_wtls1 */ - 0x67,0x2B,0x01,0x04,0x03, /* [ 4944] OBJ_wap_wsg_idm_ecid_wtls3 */ - 0x67,0x2B,0x01,0x04,0x04, /* [ 4949] OBJ_wap_wsg_idm_ecid_wtls4 */ - 0x67,0x2B,0x01,0x04,0x05, /* [ 4954] OBJ_wap_wsg_idm_ecid_wtls5 */ - 0x67,0x2B,0x01,0x04,0x06, /* [ 4959] OBJ_wap_wsg_idm_ecid_wtls6 */ - 0x67,0x2B,0x01,0x04,0x07, /* [ 4964] OBJ_wap_wsg_idm_ecid_wtls7 */ - 0x67,0x2B,0x01,0x04,0x08, /* [ 4969] OBJ_wap_wsg_idm_ecid_wtls8 */ - 0x67,0x2B,0x01,0x04,0x09, /* [ 4974] OBJ_wap_wsg_idm_ecid_wtls9 */ - 0x67,0x2B,0x01,0x04,0x0A, /* [ 4979] OBJ_wap_wsg_idm_ecid_wtls10 */ - 0x67,0x2B,0x01,0x04,0x0B, /* [ 4984] OBJ_wap_wsg_idm_ecid_wtls11 */ - 0x67,0x2B,0x01,0x04,0x0C, /* [ 4989] OBJ_wap_wsg_idm_ecid_wtls12 */ - 0x55,0x1D,0x20,0x00, /* [ 4994] OBJ_any_policy */ - 0x55,0x1D,0x21, /* [ 4998] OBJ_policy_mappings */ - 0x55,0x1D,0x36, /* [ 5001] OBJ_inhibit_any_policy */ - 0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x01,0x02, /* [ 5004] OBJ_camellia_128_cbc */ - 0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x01,0x03, /* [ 5015] OBJ_camellia_192_cbc */ - 0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x01,0x04, /* [ 5026] OBJ_camellia_256_cbc */ - 0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x01, /* [ 5037] OBJ_camellia_128_ecb */ - 0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x15, /* [ 5045] OBJ_camellia_192_ecb */ - 0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x29, /* [ 5053] OBJ_camellia_256_ecb */ - 0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x04, /* [ 5061] OBJ_camellia_128_cfb128 */ - 0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x18, /* [ 5069] OBJ_camellia_192_cfb128 */ - 0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x2C, /* [ 5077] OBJ_camellia_256_cfb128 */ - 0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x03, /* [ 5085] OBJ_camellia_128_ofb128 */ - 0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x17, /* [ 5093] OBJ_camellia_192_ofb128 */ - 0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x2B, /* [ 5101] OBJ_camellia_256_ofb128 */ - 0x55,0x1D,0x09, /* [ 5109] OBJ_subject_directory_attributes */ - 0x55,0x1D,0x1C, /* [ 5112] OBJ_issuing_distribution_point */ - 0x55,0x1D,0x1D, /* [ 5115] OBJ_certificate_issuer */ - 0x2A,0x83,0x1A,0x8C,0x9A,0x44, /* [ 5118] OBJ_kisa */ - 0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x03, /* [ 5124] OBJ_seed_ecb */ - 0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x04, /* [ 5132] OBJ_seed_cbc */ - 0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x06, /* [ 5140] OBJ_seed_ofb128 */ - 0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x05, /* [ 5148] OBJ_seed_cfb128 */ - 0x2B,0x06,0x01,0x05,0x05,0x08,0x01,0x01, /* [ 5156] OBJ_hmac_md5 */ - 0x2B,0x06,0x01,0x05,0x05,0x08,0x01,0x02, /* [ 5164] OBJ_hmac_sha1 */ - 0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x42,0x0D, /* [ 5172] OBJ_id_PasswordBasedMAC */ - 0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x42,0x1E, /* [ 5181] OBJ_id_DHBasedMac */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x10, /* [ 5190] OBJ_id_it_suppLangTags */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x05, /* [ 5198] OBJ_caRepository */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x09, /* [ 5206] OBJ_id_smime_ct_compressedData */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x1B, /* [ 5217] OBJ_id_ct_asciiTextWithCRLF */ - 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x05, /* [ 5228] OBJ_id_aes128_wrap */ - 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x19, /* [ 5237] OBJ_id_aes192_wrap */ - 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2D, /* [ 5246] OBJ_id_aes256_wrap */ - 0x2A,0x86,0x48,0xCE,0x3D,0x04,0x02, /* [ 5255] OBJ_ecdsa_with_Recommended */ - 0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03, /* [ 5262] OBJ_ecdsa_with_Specified */ - 0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x01, /* [ 5269] OBJ_ecdsa_with_SHA224 */ - 0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x02, /* [ 5277] OBJ_ecdsa_with_SHA256 */ - 0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x03, /* [ 5285] OBJ_ecdsa_with_SHA384 */ - 0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x04, /* [ 5293] OBJ_ecdsa_with_SHA512 */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x06, /* [ 5301] OBJ_hmacWithMD5 */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x08, /* [ 5309] OBJ_hmacWithSHA224 */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x09, /* [ 5317] OBJ_hmacWithSHA256 */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x0A, /* [ 5325] OBJ_hmacWithSHA384 */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x0B, /* [ 5333] OBJ_hmacWithSHA512 */ - 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x01, /* [ 5341] OBJ_dsa_with_SHA224 */ - 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x02, /* [ 5350] OBJ_dsa_with_SHA256 */ - 0x28,0xCF,0x06,0x03,0x00,0x37, /* [ 5359] OBJ_whirlpool */ - 0x2A,0x85,0x03,0x02,0x02, /* [ 5365] OBJ_cryptopro */ - 0x2A,0x85,0x03,0x02,0x09, /* [ 5370] OBJ_cryptocom */ - 0x2A,0x85,0x03,0x02,0x02,0x03, /* [ 5375] OBJ_id_GostR3411_94_with_GostR3410_2001 */ - 0x2A,0x85,0x03,0x02,0x02,0x04, /* [ 5381] OBJ_id_GostR3411_94_with_GostR3410_94 */ - 0x2A,0x85,0x03,0x02,0x02,0x09, /* [ 5387] OBJ_id_GostR3411_94 */ - 0x2A,0x85,0x03,0x02,0x02,0x0A, /* [ 5393] OBJ_id_HMACGostR3411_94 */ - 0x2A,0x85,0x03,0x02,0x02,0x13, /* [ 5399] OBJ_id_GostR3410_2001 */ - 0x2A,0x85,0x03,0x02,0x02,0x14, /* [ 5405] OBJ_id_GostR3410_94 */ - 0x2A,0x85,0x03,0x02,0x02,0x15, /* [ 5411] OBJ_id_Gost28147_89 */ - 0x2A,0x85,0x03,0x02,0x02,0x16, /* [ 5417] OBJ_id_Gost28147_89_MAC */ - 0x2A,0x85,0x03,0x02,0x02,0x17, /* [ 5423] OBJ_id_GostR3411_94_prf */ - 0x2A,0x85,0x03,0x02,0x02,0x62, /* [ 5429] OBJ_id_GostR3410_2001DH */ - 0x2A,0x85,0x03,0x02,0x02,0x63, /* [ 5435] OBJ_id_GostR3410_94DH */ - 0x2A,0x85,0x03,0x02,0x02,0x0E,0x01, /* [ 5441] OBJ_id_Gost28147_89_CryptoPro_KeyMeshing */ - 0x2A,0x85,0x03,0x02,0x02,0x0E,0x00, /* [ 5448] OBJ_id_Gost28147_89_None_KeyMeshing */ - 0x2A,0x85,0x03,0x02,0x02,0x1E,0x00, /* [ 5455] OBJ_id_GostR3411_94_TestParamSet */ - 0x2A,0x85,0x03,0x02,0x02,0x1E,0x01, /* [ 5462] OBJ_id_GostR3411_94_CryptoProParamSet */ - 0x2A,0x85,0x03,0x02,0x02,0x1F,0x00, /* [ 5469] OBJ_id_Gost28147_89_TestParamSet */ - 0x2A,0x85,0x03,0x02,0x02,0x1F,0x01, /* [ 5476] OBJ_id_Gost28147_89_CryptoPro_A_ParamSet */ - 0x2A,0x85,0x03,0x02,0x02,0x1F,0x02, /* [ 5483] OBJ_id_Gost28147_89_CryptoPro_B_ParamSet */ - 0x2A,0x85,0x03,0x02,0x02,0x1F,0x03, /* [ 5490] OBJ_id_Gost28147_89_CryptoPro_C_ParamSet */ - 0x2A,0x85,0x03,0x02,0x02,0x1F,0x04, /* [ 5497] OBJ_id_Gost28147_89_CryptoPro_D_ParamSet */ - 0x2A,0x85,0x03,0x02,0x02,0x1F,0x05, /* [ 5504] OBJ_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet */ - 0x2A,0x85,0x03,0x02,0x02,0x1F,0x06, /* [ 5511] OBJ_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet */ - 0x2A,0x85,0x03,0x02,0x02,0x1F,0x07, /* [ 5518] OBJ_id_Gost28147_89_CryptoPro_RIC_1_ParamSet */ - 0x2A,0x85,0x03,0x02,0x02,0x20,0x00, /* [ 5525] OBJ_id_GostR3410_94_TestParamSet */ - 0x2A,0x85,0x03,0x02,0x02,0x20,0x02, /* [ 5532] OBJ_id_GostR3410_94_CryptoPro_A_ParamSet */ - 0x2A,0x85,0x03,0x02,0x02,0x20,0x03, /* [ 5539] OBJ_id_GostR3410_94_CryptoPro_B_ParamSet */ - 0x2A,0x85,0x03,0x02,0x02,0x20,0x04, /* [ 5546] OBJ_id_GostR3410_94_CryptoPro_C_ParamSet */ - 0x2A,0x85,0x03,0x02,0x02,0x20,0x05, /* [ 5553] OBJ_id_GostR3410_94_CryptoPro_D_ParamSet */ - 0x2A,0x85,0x03,0x02,0x02,0x21,0x01, /* [ 5560] OBJ_id_GostR3410_94_CryptoPro_XchA_ParamSet */ - 0x2A,0x85,0x03,0x02,0x02,0x21,0x02, /* [ 5567] OBJ_id_GostR3410_94_CryptoPro_XchB_ParamSet */ - 0x2A,0x85,0x03,0x02,0x02,0x21,0x03, /* [ 5574] OBJ_id_GostR3410_94_CryptoPro_XchC_ParamSet */ - 0x2A,0x85,0x03,0x02,0x02,0x23,0x00, /* [ 5581] OBJ_id_GostR3410_2001_TestParamSet */ - 0x2A,0x85,0x03,0x02,0x02,0x23,0x01, /* [ 5588] OBJ_id_GostR3410_2001_CryptoPro_A_ParamSet */ - 0x2A,0x85,0x03,0x02,0x02,0x23,0x02, /* [ 5595] OBJ_id_GostR3410_2001_CryptoPro_B_ParamSet */ - 0x2A,0x85,0x03,0x02,0x02,0x23,0x03, /* [ 5602] OBJ_id_GostR3410_2001_CryptoPro_C_ParamSet */ - 0x2A,0x85,0x03,0x02,0x02,0x24,0x00, /* [ 5609] OBJ_id_GostR3410_2001_CryptoPro_XchA_ParamSet */ - 0x2A,0x85,0x03,0x02,0x02,0x24,0x01, /* [ 5616] OBJ_id_GostR3410_2001_CryptoPro_XchB_ParamSet */ - 0x2A,0x85,0x03,0x02,0x02,0x14,0x01, /* [ 5623] OBJ_id_GostR3410_94_a */ - 0x2A,0x85,0x03,0x02,0x02,0x14,0x02, /* [ 5630] OBJ_id_GostR3410_94_aBis */ - 0x2A,0x85,0x03,0x02,0x02,0x14,0x03, /* [ 5637] OBJ_id_GostR3410_94_b */ - 0x2A,0x85,0x03,0x02,0x02,0x14,0x04, /* [ 5644] OBJ_id_GostR3410_94_bBis */ - 0x2A,0x85,0x03,0x02,0x09,0x01,0x06,0x01, /* [ 5651] OBJ_id_Gost28147_89_cc */ - 0x2A,0x85,0x03,0x02,0x09,0x01,0x05,0x03, /* [ 5659] OBJ_id_GostR3410_94_cc */ - 0x2A,0x85,0x03,0x02,0x09,0x01,0x05,0x04, /* [ 5667] OBJ_id_GostR3410_2001_cc */ - 0x2A,0x85,0x03,0x02,0x09,0x01,0x03,0x03, /* [ 5675] OBJ_id_GostR3411_94_with_GostR3410_94_cc */ - 0x2A,0x85,0x03,0x02,0x09,0x01,0x03,0x04, /* [ 5683] OBJ_id_GostR3411_94_with_GostR3410_2001_cc */ - 0x2A,0x85,0x03,0x02,0x09,0x01,0x08,0x01, /* [ 5691] OBJ_id_GostR3410_2001_ParamSet_cc */ - 0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x11,0x02, /* [ 5699] OBJ_LocalKeySet */ - 0x55,0x1D,0x2E, /* [ 5708] OBJ_freshest_crl */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x08,0x03, /* [ 5711] OBJ_id_on_permanentIdentifier */ - 0x55,0x04,0x0E, /* [ 5719] OBJ_searchGuide */ - 0x55,0x04,0x0F, /* [ 5722] OBJ_businessCategory */ - 0x55,0x04,0x10, /* [ 5725] OBJ_postalAddress */ - 0x55,0x04,0x12, /* [ 5728] OBJ_postOfficeBox */ - 0x55,0x04,0x13, /* [ 5731] OBJ_physicalDeliveryOfficeName */ - 0x55,0x04,0x14, /* [ 5734] OBJ_telephoneNumber */ - 0x55,0x04,0x15, /* [ 5737] OBJ_telexNumber */ - 0x55,0x04,0x16, /* [ 5740] OBJ_teletexTerminalIdentifier */ - 0x55,0x04,0x17, /* [ 5743] OBJ_facsimileTelephoneNumber */ - 0x55,0x04,0x18, /* [ 5746] OBJ_x121Address */ - 0x55,0x04,0x19, /* [ 5749] OBJ_internationaliSDNNumber */ - 0x55,0x04,0x1A, /* [ 5752] OBJ_registeredAddress */ - 0x55,0x04,0x1B, /* [ 5755] OBJ_destinationIndicator */ - 0x55,0x04,0x1C, /* [ 5758] OBJ_preferredDeliveryMethod */ - 0x55,0x04,0x1D, /* [ 5761] OBJ_presentationAddress */ - 0x55,0x04,0x1E, /* [ 5764] OBJ_supportedApplicationContext */ - 0x55,0x04,0x1F, /* [ 5767] OBJ_member */ - 0x55,0x04,0x20, /* [ 5770] OBJ_owner */ - 0x55,0x04,0x21, /* [ 5773] OBJ_roleOccupant */ - 0x55,0x04,0x22, /* [ 5776] OBJ_seeAlso */ - 0x55,0x04,0x23, /* [ 5779] OBJ_userPassword */ - 0x55,0x04,0x24, /* [ 5782] OBJ_userCertificate */ - 0x55,0x04,0x25, /* [ 5785] OBJ_cACertificate */ - 0x55,0x04,0x26, /* [ 5788] OBJ_authorityRevocationList */ - 0x55,0x04,0x27, /* [ 5791] OBJ_certificateRevocationList */ - 0x55,0x04,0x28, /* [ 5794] OBJ_crossCertificatePair */ - 0x55,0x04,0x2F, /* [ 5797] OBJ_enhancedSearchGuide */ - 0x55,0x04,0x30, /* [ 5800] OBJ_protocolInformation */ - 0x55,0x04,0x31, /* [ 5803] OBJ_distinguishedName */ - 0x55,0x04,0x32, /* [ 5806] OBJ_uniqueMember */ - 0x55,0x04,0x33, /* [ 5809] OBJ_houseIdentifier */ - 0x55,0x04,0x34, /* [ 5812] OBJ_supportedAlgorithms */ - 0x55,0x04,0x35, /* [ 5815] OBJ_deltaRevocationList */ - 0x55,0x04,0x36, /* [ 5818] OBJ_dmdName */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x09, /* [ 5821] OBJ_id_alg_PWRI_KEK */ - 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x06, /* [ 5832] OBJ_aes_128_gcm */ - 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x07, /* [ 5841] OBJ_aes_128_ccm */ - 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x08, /* [ 5850] OBJ_id_aes128_wrap_pad */ - 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x1A, /* [ 5859] OBJ_aes_192_gcm */ - 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x1B, /* [ 5868] OBJ_aes_192_ccm */ - 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x1C, /* [ 5877] OBJ_id_aes192_wrap_pad */ - 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2E, /* [ 5886] OBJ_aes_256_gcm */ - 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2F, /* [ 5895] OBJ_aes_256_ccm */ - 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x30, /* [ 5904] OBJ_id_aes256_wrap_pad */ - 0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x03,0x02, /* [ 5913] OBJ_id_camellia128_wrap */ - 0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x03,0x03, /* [ 5924] OBJ_id_camellia192_wrap */ - 0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x03,0x04, /* [ 5935] OBJ_id_camellia256_wrap */ - 0x55,0x1D,0x25,0x00, /* [ 5946] OBJ_anyExtendedKeyUsage */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x08, /* [ 5950] OBJ_mgf1 */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0A, /* [ 5959] OBJ_rsassaPss */ - 0x2B,0x6F,0x02,0x8C,0x53,0x00,0x01,0x01, /* [ 5968] OBJ_aes_128_xts */ - 0x2B,0x6F,0x02,0x8C,0x53,0x00,0x01,0x02, /* [ 5976] OBJ_aes_256_xts */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x07, /* [ 5984] OBJ_rsaesOaep */ - 0x2A,0x86,0x48,0xCE,0x3E,0x02,0x01, /* [ 5993] OBJ_dhpublicnumber */ - 0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x01, /* [ 6000] OBJ_brainpoolP160r1 */ - 0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x02, /* [ 6009] OBJ_brainpoolP160t1 */ - 0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x03, /* [ 6018] OBJ_brainpoolP192r1 */ - 0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x04, /* [ 6027] OBJ_brainpoolP192t1 */ - 0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x05, /* [ 6036] OBJ_brainpoolP224r1 */ - 0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x06, /* [ 6045] OBJ_brainpoolP224t1 */ - 0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x07, /* [ 6054] OBJ_brainpoolP256r1 */ - 0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x08, /* [ 6063] OBJ_brainpoolP256t1 */ - 0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x09, /* [ 6072] OBJ_brainpoolP320r1 */ - 0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x0A, /* [ 6081] OBJ_brainpoolP320t1 */ - 0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x0B, /* [ 6090] OBJ_brainpoolP384r1 */ - 0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x0C, /* [ 6099] OBJ_brainpoolP384t1 */ - 0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x0D, /* [ 6108] OBJ_brainpoolP512r1 */ - 0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x0E, /* [ 6117] OBJ_brainpoolP512t1 */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x09, /* [ 6126] OBJ_pSpecified */ - 0x2B,0x81,0x05,0x10,0x86,0x48,0x3F,0x00,0x02, /* [ 6135] OBJ_dhSinglePass_stdDH_sha1kdf_scheme */ - 0x2B,0x81,0x04,0x01,0x0B,0x00, /* [ 6144] OBJ_dhSinglePass_stdDH_sha224kdf_scheme */ - 0x2B,0x81,0x04,0x01,0x0B,0x01, /* [ 6150] OBJ_dhSinglePass_stdDH_sha256kdf_scheme */ - 0x2B,0x81,0x04,0x01,0x0B,0x02, /* [ 6156] OBJ_dhSinglePass_stdDH_sha384kdf_scheme */ - 0x2B,0x81,0x04,0x01,0x0B,0x03, /* [ 6162] OBJ_dhSinglePass_stdDH_sha512kdf_scheme */ - 0x2B,0x81,0x05,0x10,0x86,0x48,0x3F,0x00,0x03, /* [ 6168] OBJ_dhSinglePass_cofactorDH_sha1kdf_scheme */ - 0x2B,0x81,0x04,0x01,0x0E,0x00, /* [ 6177] OBJ_dhSinglePass_cofactorDH_sha224kdf_scheme */ - 0x2B,0x81,0x04,0x01,0x0E,0x01, /* [ 6183] OBJ_dhSinglePass_cofactorDH_sha256kdf_scheme */ - 0x2B,0x81,0x04,0x01,0x0E,0x02, /* [ 6189] OBJ_dhSinglePass_cofactorDH_sha384kdf_scheme */ - 0x2B,0x81,0x04,0x01,0x0E,0x03, /* [ 6195] OBJ_dhSinglePass_cofactorDH_sha512kdf_scheme */ - 0x2B,0x06,0x01,0x04,0x01,0xD6,0x79,0x02,0x04,0x02, /* [ 6201] OBJ_ct_precert_scts */ - 0x2B,0x06,0x01,0x04,0x01,0xD6,0x79,0x02,0x04,0x03, /* [ 6211] OBJ_ct_precert_poison */ - 0x2B,0x06,0x01,0x04,0x01,0xD6,0x79,0x02,0x04,0x04, /* [ 6221] OBJ_ct_precert_signer */ - 0x2B,0x06,0x01,0x04,0x01,0xD6,0x79,0x02,0x04,0x05, /* [ 6231] OBJ_ct_cert_scts */ - 0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x3C,0x02,0x01,0x01, /* [ 6241] OBJ_jurisdictionLocalityName */ - 0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x3C,0x02,0x01,0x02, /* [ 6252] OBJ_jurisdictionStateOrProvinceName */ - 0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x3C,0x02,0x01,0x03, /* [ 6263] OBJ_jurisdictionCountryName */ - 0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x06, /* [ 6274] OBJ_camellia_128_gcm */ - 0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x07, /* [ 6282] OBJ_camellia_128_ccm */ - 0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x09, /* [ 6290] OBJ_camellia_128_ctr */ - 0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x0A, /* [ 6298] OBJ_camellia_128_cmac */ - 0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x1A, /* [ 6306] OBJ_camellia_192_gcm */ - 0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x1B, /* [ 6314] OBJ_camellia_192_ccm */ - 0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x1D, /* [ 6322] OBJ_camellia_192_ctr */ - 0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x1E, /* [ 6330] OBJ_camellia_192_cmac */ - 0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x2E, /* [ 6338] OBJ_camellia_256_gcm */ - 0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x2F, /* [ 6346] OBJ_camellia_256_ccm */ - 0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x31, /* [ 6354] OBJ_camellia_256_ctr */ - 0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x32, /* [ 6362] OBJ_camellia_256_cmac */ - 0x2B,0x06,0x01,0x04,0x01,0xDA,0x47,0x04,0x0B, /* [ 6370] OBJ_id_scrypt */ - 0x2A,0x85,0x03,0x07,0x01, /* [ 6379] OBJ_id_tc26 */ - 0x2A,0x85,0x03,0x07,0x01,0x01, /* [ 6384] OBJ_id_tc26_algorithms */ - 0x2A,0x85,0x03,0x07,0x01,0x01,0x01, /* [ 6390] OBJ_id_tc26_sign */ - 0x2A,0x85,0x03,0x07,0x01,0x01,0x01,0x01, /* [ 6397] OBJ_id_GostR3410_2012_256 */ - 0x2A,0x85,0x03,0x07,0x01,0x01,0x01,0x02, /* [ 6405] OBJ_id_GostR3410_2012_512 */ - 0x2A,0x85,0x03,0x07,0x01,0x01,0x02, /* [ 6413] OBJ_id_tc26_digest */ - 0x2A,0x85,0x03,0x07,0x01,0x01,0x02,0x02, /* [ 6420] OBJ_id_GostR3411_2012_256 */ - 0x2A,0x85,0x03,0x07,0x01,0x01,0x02,0x03, /* [ 6428] OBJ_id_GostR3411_2012_512 */ - 0x2A,0x85,0x03,0x07,0x01,0x01,0x03, /* [ 6436] OBJ_id_tc26_signwithdigest */ - 0x2A,0x85,0x03,0x07,0x01,0x01,0x03,0x02, /* [ 6443] OBJ_id_tc26_signwithdigest_gost3410_2012_256 */ - 0x2A,0x85,0x03,0x07,0x01,0x01,0x03,0x03, /* [ 6451] OBJ_id_tc26_signwithdigest_gost3410_2012_512 */ - 0x2A,0x85,0x03,0x07,0x01,0x01,0x04, /* [ 6459] OBJ_id_tc26_mac */ - 0x2A,0x85,0x03,0x07,0x01,0x01,0x04,0x01, /* [ 6466] OBJ_id_tc26_hmac_gost_3411_2012_256 */ - 0x2A,0x85,0x03,0x07,0x01,0x01,0x04,0x02, /* [ 6474] OBJ_id_tc26_hmac_gost_3411_2012_512 */ - 0x2A,0x85,0x03,0x07,0x01,0x01,0x05, /* [ 6482] OBJ_id_tc26_cipher */ - 0x2A,0x85,0x03,0x07,0x01,0x01,0x06, /* [ 6489] OBJ_id_tc26_agreement */ - 0x2A,0x85,0x03,0x07,0x01,0x01,0x06,0x01, /* [ 6496] OBJ_id_tc26_agreement_gost_3410_2012_256 */ - 0x2A,0x85,0x03,0x07,0x01,0x01,0x06,0x02, /* [ 6504] OBJ_id_tc26_agreement_gost_3410_2012_512 */ - 0x2A,0x85,0x03,0x07,0x01,0x02, /* [ 6512] OBJ_id_tc26_constants */ - 0x2A,0x85,0x03,0x07,0x01,0x02,0x01, /* [ 6518] OBJ_id_tc26_sign_constants */ - 0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x02, /* [ 6525] OBJ_id_tc26_gost_3410_2012_512_constants */ - 0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x02,0x00, /* [ 6533] OBJ_id_tc26_gost_3410_2012_512_paramSetTest */ - 0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x02,0x01, /* [ 6542] OBJ_id_tc26_gost_3410_2012_512_paramSetA */ - 0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x02,0x02, /* [ 6551] OBJ_id_tc26_gost_3410_2012_512_paramSetB */ - 0x2A,0x85,0x03,0x07,0x01,0x02,0x02, /* [ 6560] OBJ_id_tc26_digest_constants */ - 0x2A,0x85,0x03,0x07,0x01,0x02,0x05, /* [ 6567] OBJ_id_tc26_cipher_constants */ - 0x2A,0x85,0x03,0x07,0x01,0x02,0x05,0x01, /* [ 6574] OBJ_id_tc26_gost_28147_constants */ - 0x2A,0x85,0x03,0x07,0x01,0x02,0x05,0x01,0x01, /* [ 6582] OBJ_id_tc26_gost_28147_param_Z */ - 0x2A,0x85,0x03,0x03,0x81,0x03,0x01,0x01, /* [ 6591] OBJ_INN */ - 0x2A,0x85,0x03,0x64,0x01, /* [ 6599] OBJ_OGRN */ - 0x2A,0x85,0x03,0x64,0x03, /* [ 6604] OBJ_SNILS */ - 0x2A,0x85,0x03,0x64,0x6F, /* [ 6609] OBJ_subjectSignTool */ - 0x2A,0x85,0x03,0x64,0x70, /* [ 6614] OBJ_issuerSignTool */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x18, /* [ 6619] OBJ_tlsfeature */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x11, /* [ 6627] OBJ_ipsec_IKE */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x12, /* [ 6635] OBJ_capwapAC */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x13, /* [ 6643] OBJ_capwapWTP */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x15, /* [ 6651] OBJ_sshClient */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x16, /* [ 6659] OBJ_sshServer */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x17, /* [ 6667] OBJ_sendRouter */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x18, /* [ 6675] OBJ_sendProxiedRouter */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x19, /* [ 6683] OBJ_sendOwner */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x1A, /* [ 6691] OBJ_sendProxiedOwner */ - 0x2B,0x06,0x01,0x05,0x02,0x03, /* [ 6699] OBJ_id_pkinit */ - 0x2B,0x06,0x01,0x05,0x02,0x03,0x04, /* [ 6705] OBJ_pkInitClientAuth */ - 0x2B,0x06,0x01,0x05,0x02,0x03,0x05, /* [ 6712] OBJ_pkInitKDC */ - 0x2B,0x65,0x6E, /* [ 6719] OBJ_X25519 */ - 0x2B,0x65,0x6F, /* [ 6722] OBJ_X448 */ - 0x2B,0x06,0x01,0x04,0x01,0x8D,0x3A,0x0C,0x02,0x01,0x10, /* [ 6725] OBJ_blake2b512 */ - 0x2B,0x06,0x01,0x04,0x01,0x8D,0x3A,0x0C,0x02,0x02,0x08, /* [ 6736] OBJ_blake2s256 */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x13, /* [ 6747] OBJ_id_smime_ct_contentCollection */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x17, /* [ 6758] OBJ_id_smime_ct_authEnvelopedData */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x1C, /* [ 6769] OBJ_id_ct_xml */ - 0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x01, /* [ 6780] OBJ_aria_128_ecb */ - 0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x02, /* [ 6789] OBJ_aria_128_cbc */ - 0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x03, /* [ 6798] OBJ_aria_128_cfb128 */ - 0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x04, /* [ 6807] OBJ_aria_128_ofb128 */ - 0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x05, /* [ 6816] OBJ_aria_128_ctr */ - 0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x06, /* [ 6825] OBJ_aria_192_ecb */ - 0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x07, /* [ 6834] OBJ_aria_192_cbc */ - 0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x08, /* [ 6843] OBJ_aria_192_cfb128 */ - 0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x09, /* [ 6852] OBJ_aria_192_ofb128 */ - 0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x0A, /* [ 6861] OBJ_aria_192_ctr */ - 0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x0B, /* [ 6870] OBJ_aria_256_ecb */ - 0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x0C, /* [ 6879] OBJ_aria_256_cbc */ - 0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x0D, /* [ 6888] OBJ_aria_256_cfb128 */ - 0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x0E, /* [ 6897] OBJ_aria_256_ofb128 */ - 0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x0F, /* [ 6906] OBJ_aria_256_ctr */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x2F, /* [ 6915] OBJ_id_smime_aa_signingCertificateV2 */ - 0x2B,0x65,0x70, /* [ 6926] OBJ_ED25519 */ - 0x2B,0x65,0x71, /* [ 6929] OBJ_ED448 */ - 0x55,0x04,0x61, /* [ 6932] OBJ_organizationIdentifier */ - 0x55,0x04,0x62, /* [ 6935] OBJ_countryCode3c */ - 0x55,0x04,0x63, /* [ 6938] OBJ_countryCode3n */ - 0x55,0x04,0x64, /* [ 6941] OBJ_dnsName */ - 0x2B,0x24,0x08,0x03,0x03, /* [ 6944] OBJ_x509ExtAdmission */ - 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x05, /* [ 6949] OBJ_sha512_224 */ - 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x06, /* [ 6958] OBJ_sha512_256 */ - 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x07, /* [ 6967] OBJ_sha3_224 */ - 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x08, /* [ 6976] OBJ_sha3_256 */ - 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x09, /* [ 6985] OBJ_sha3_384 */ - 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x0A, /* [ 6994] OBJ_sha3_512 */ - 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x0B, /* [ 7003] OBJ_shake128 */ - 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x0C, /* [ 7012] OBJ_shake256 */ - 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x0D, /* [ 7021] OBJ_hmac_sha3_224 */ - 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x0E, /* [ 7030] OBJ_hmac_sha3_256 */ - 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x0F, /* [ 7039] OBJ_hmac_sha3_384 */ - 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x10, /* [ 7048] OBJ_hmac_sha3_512 */ - 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x03, /* [ 7057] OBJ_dsa_with_SHA384 */ - 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x04, /* [ 7066] OBJ_dsa_with_SHA512 */ - 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x05, /* [ 7075] OBJ_dsa_with_SHA3_224 */ - 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x06, /* [ 7084] OBJ_dsa_with_SHA3_256 */ - 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x07, /* [ 7093] OBJ_dsa_with_SHA3_384 */ - 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x08, /* [ 7102] OBJ_dsa_with_SHA3_512 */ - 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x09, /* [ 7111] OBJ_ecdsa_with_SHA3_224 */ - 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x0A, /* [ 7120] OBJ_ecdsa_with_SHA3_256 */ - 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x0B, /* [ 7129] OBJ_ecdsa_with_SHA3_384 */ - 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x0C, /* [ 7138] OBJ_ecdsa_with_SHA3_512 */ - 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x0D, /* [ 7147] OBJ_RSA_SHA3_224 */ - 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x0E, /* [ 7156] OBJ_RSA_SHA3_256 */ - 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x0F, /* [ 7165] OBJ_RSA_SHA3_384 */ - 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x10, /* [ 7174] OBJ_RSA_SHA3_512 */ - 0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x25, /* [ 7183] OBJ_aria_128_ccm */ - 0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x26, /* [ 7192] OBJ_aria_192_ccm */ - 0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x27, /* [ 7201] OBJ_aria_256_ccm */ - 0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x22, /* [ 7210] OBJ_aria_128_gcm */ - 0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x23, /* [ 7219] OBJ_aria_192_gcm */ - 0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x24, /* [ 7228] OBJ_aria_256_gcm */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x1B, /* [ 7237] OBJ_cmcCA */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x1C, /* [ 7245] OBJ_cmcRA */ - 0x2A,0x81,0x1C,0xCF,0x55,0x01,0x68,0x01, /* [ 7253] OBJ_sm4_ecb */ - 0x2A,0x81,0x1C,0xCF,0x55,0x01,0x68,0x02, /* [ 7261] OBJ_sm4_cbc */ - 0x2A,0x81,0x1C,0xCF,0x55,0x01,0x68,0x03, /* [ 7269] OBJ_sm4_ofb128 */ - 0x2A,0x81,0x1C,0xCF,0x55,0x01,0x68,0x05, /* [ 7277] OBJ_sm4_cfb1 */ - 0x2A,0x81,0x1C,0xCF,0x55,0x01,0x68,0x04, /* [ 7285] OBJ_sm4_cfb128 */ - 0x2A,0x81,0x1C,0xCF,0x55,0x01,0x68,0x06, /* [ 7293] OBJ_sm4_cfb8 */ - 0x2A,0x81,0x1C,0xCF,0x55,0x01,0x68,0x07, /* [ 7301] OBJ_sm4_ctr */ - 0x2A,0x81,0x1C, /* [ 7309] OBJ_ISO_CN */ - 0x2A,0x81,0x1C,0xCF,0x55, /* [ 7312] OBJ_oscca */ - 0x2A,0x81,0x1C,0xCF,0x55,0x01, /* [ 7317] OBJ_sm_scheme */ - 0x2A,0x81,0x1C,0xCF,0x55,0x01,0x83,0x11, /* [ 7323] OBJ_sm3 */ - 0x2A,0x81,0x1C,0xCF,0x55,0x01,0x83,0x78, /* [ 7331] OBJ_sm3WithRSAEncryption */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0F, /* [ 7339] OBJ_sha512_224WithRSAEncryption */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x10, /* [ 7348] OBJ_sha512_256WithRSAEncryption */ - 0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x01, /* [ 7357] OBJ_id_tc26_gost_3410_2012_256_constants */ - 0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x01,0x01, /* [ 7365] OBJ_id_tc26_gost_3410_2012_256_paramSetA */ - 0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x02,0x03, /* [ 7374] OBJ_id_tc26_gost_3410_2012_512_paramSetC */ - 0x2A,0x86,0x24, /* [ 7383] OBJ_ISO_UA */ - 0x2A,0x86,0x24,0x02,0x01,0x01,0x01, /* [ 7386] OBJ_ua_pki */ - 0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x01,0x01, /* [ 7393] OBJ_dstu28147 */ - 0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x01,0x01,0x02, /* [ 7403] OBJ_dstu28147_ofb */ - 0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x01,0x01,0x03, /* [ 7414] OBJ_dstu28147_cfb */ - 0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x01,0x01,0x05, /* [ 7425] OBJ_dstu28147_wrap */ - 0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x01,0x02, /* [ 7436] OBJ_hmacWithDstu34311 */ - 0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x02,0x01, /* [ 7446] OBJ_dstu34311 */ - 0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x03,0x01,0x01, /* [ 7456] OBJ_dstu4145le */ - 0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x03,0x01,0x01,0x01,0x01, /* [ 7467] OBJ_dstu4145be */ - 0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x03,0x01,0x01,0x02,0x00, /* [ 7480] OBJ_uacurve0 */ - 0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x03,0x01,0x01,0x02,0x01, /* [ 7493] OBJ_uacurve1 */ - 0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x03,0x01,0x01,0x02,0x02, /* [ 7506] OBJ_uacurve2 */ - 0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x03,0x01,0x01,0x02,0x03, /* [ 7519] OBJ_uacurve3 */ - 0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x03,0x01,0x01,0x02,0x04, /* [ 7532] OBJ_uacurve4 */ - 0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x03,0x01,0x01,0x02,0x05, /* [ 7545] OBJ_uacurve5 */ - 0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x03,0x01,0x01,0x02,0x06, /* [ 7558] OBJ_uacurve6 */ - 0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x03,0x01,0x01,0x02,0x07, /* [ 7571] OBJ_uacurve7 */ - 0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x03,0x01,0x01,0x02,0x08, /* [ 7584] OBJ_uacurve8 */ - 0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x03,0x01,0x01,0x02,0x09, /* [ 7597] OBJ_uacurve9 */ - 0x2B,0x6F, /* [ 7610] OBJ_ieee */ - 0x2B,0x6F,0x02,0x8C,0x53, /* [ 7612] OBJ_ieee_siswg */ - 0x2A,0x81,0x1C,0xCF,0x55,0x01,0x82,0x2D, /* [ 7617] OBJ_sm2 */ - 0x2A,0x85,0x03,0x07,0x01,0x01,0x05,0x01, /* [ 7625] OBJ_id_tc26_cipher_gostr3412_2015_magma */ - 0x2A,0x85,0x03,0x07,0x01,0x01,0x05,0x01,0x01, /* [ 7633] OBJ_magma_ctr_acpkm */ - 0x2A,0x85,0x03,0x07,0x01,0x01,0x05,0x01,0x02, /* [ 7642] OBJ_magma_ctr_acpkm_omac */ - 0x2A,0x85,0x03,0x07,0x01,0x01,0x05,0x02, /* [ 7651] OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik */ - 0x2A,0x85,0x03,0x07,0x01,0x01,0x05,0x02,0x01, /* [ 7659] OBJ_kuznyechik_ctr_acpkm */ - 0x2A,0x85,0x03,0x07,0x01,0x01,0x05,0x02,0x02, /* [ 7668] OBJ_kuznyechik_ctr_acpkm_omac */ - 0x2A,0x85,0x03,0x07,0x01,0x01,0x07, /* [ 7677] OBJ_id_tc26_wrap */ - 0x2A,0x85,0x03,0x07,0x01,0x01,0x07,0x01, /* [ 7684] OBJ_id_tc26_wrap_gostr3412_2015_magma */ - 0x2A,0x85,0x03,0x07,0x01,0x01,0x07,0x01,0x01, /* [ 7692] OBJ_magma_kexp15 */ - 0x2A,0x85,0x03,0x07,0x01,0x01,0x07,0x02, /* [ 7701] OBJ_id_tc26_wrap_gostr3412_2015_kuznyechik */ - 0x2A,0x85,0x03,0x07,0x01,0x01,0x07,0x02,0x01, /* [ 7709] OBJ_kuznyechik_kexp15 */ - 0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x01,0x02, /* [ 7718] OBJ_id_tc26_gost_3410_2012_256_paramSetB */ - 0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x01,0x03, /* [ 7727] OBJ_id_tc26_gost_3410_2012_256_paramSetC */ - 0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x01,0x04, /* [ 7736] OBJ_id_tc26_gost_3410_2012_256_paramSetD */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x0C, /* [ 7745] OBJ_hmacWithSHA512_224 */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x0D, /* [ 7753] OBJ_hmacWithSHA512_256 */ - 0x28,0xCC,0x45,0x03,0x04, /* [ 7761] OBJ_gmac */ - 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x13, /* [ 7766] OBJ_kmac128 */ - 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x14, /* [ 7775] OBJ_kmac256 */ - 0x2B,0x06,0x01,0x04,0x01,0x8D,0x3A,0x0C,0x02,0x01, /* [ 7784] OBJ_blake2bmac */ - 0x2B,0x06,0x01,0x04,0x01,0x8D,0x3A,0x0C,0x02,0x02, /* [ 7794] OBJ_blake2smac */ - 0x2A,0x81,0x1C,0xCF,0x55,0x01,0x83,0x75, /* [ 7804] OBJ_SM2_with_SM3 */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x08,0x09, /* [ 7812] OBJ_id_on_SmtpUTF8Mailbox */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x08,0x05, /* [ 7820] OBJ_XmppAddr */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x08,0x07, /* [ 7828] OBJ_SRVName */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x08,0x08, /* [ 7836] OBJ_NAIRealm */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x1D, /* [ 7844] OBJ_cmcArchive */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x1E, /* [ 7852] OBJ_id_kp_bgpsec_router */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x1F, /* [ 7860] OBJ_id_kp_BrandIndicatorforMessageIdentification */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x20, /* [ 7868] OBJ_cmKGA */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x11, /* [ 7876] OBJ_id_it_caCerts */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x12, /* [ 7884] OBJ_id_it_rootCaKeyUpdate */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x13, /* [ 7892] OBJ_id_it_certReqTemplate */ - 0x2A,0x85,0x03,0x64,0x05, /* [ 7900] OBJ_OGRNIP */ - 0x2A,0x85,0x03,0x64,0x71, /* [ 7905] OBJ_classSignTool */ - 0x2A,0x85,0x03,0x64,0x71,0x01, /* [ 7910] OBJ_classSignToolKC1 */ - 0x2A,0x85,0x03,0x64,0x71,0x02, /* [ 7916] OBJ_classSignToolKC2 */ - 0x2A,0x85,0x03,0x64,0x71,0x03, /* [ 7922] OBJ_classSignToolKC3 */ - 0x2A,0x85,0x03,0x64,0x71,0x04, /* [ 7928] OBJ_classSignToolKB1 */ - 0x2A,0x85,0x03,0x64,0x71,0x05, /* [ 7934] OBJ_classSignToolKB2 */ - 0x2A,0x85,0x03,0x64,0x71,0x06, /* [ 7940] OBJ_classSignToolKA1 */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x18, /* [ 7946] OBJ_id_ct_routeOriginAuthz */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x1A, /* [ 7957] OBJ_id_ct_rpkiManifest */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x23, /* [ 7968] OBJ_id_ct_rpkiGhostbusters */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x24, /* [ 7979] OBJ_id_ct_resourceTaggedAttest */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x0E, /* [ 7990] OBJ_id_cp */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x1C, /* [ 7997] OBJ_sbgp_ipAddrBlockv2 */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x1D, /* [ 8005] OBJ_sbgp_autonomousSysNumv2 */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x0E,0x02, /* [ 8013] OBJ_ipAddr_asNumber */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x0E,0x03, /* [ 8021] OBJ_ipAddr_asNumberv2 */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x0A, /* [ 8029] OBJ_rpkiManifest */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x0B, /* [ 8037] OBJ_signedObject */ - 0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x0D, /* [ 8045] OBJ_rpkiNotify */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x2F, /* [ 8053] OBJ_id_ct_geofeedCSVwithCRLF */ - 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x30, /* [ 8064] OBJ_id_ct_signedChecklist */ -}; - -#define NUM_NID 1248 -static const ASN1_OBJECT nid_objs[NUM_NID] = { - {"UNDEF", "undefined", NID_undef}, - {"rsadsi", "RSA Data Security, Inc.", NID_rsadsi, 6, &so[0]}, - {"pkcs", "RSA Data Security, Inc. PKCS", NID_pkcs, 7, &so[6]}, - {"MD2", "md2", NID_md2, 8, &so[13]}, - {"MD5", "md5", NID_md5, 8, &so[21]}, - {"RC4", "rc4", NID_rc4, 8, &so[29]}, - {"rsaEncryption", "rsaEncryption", NID_rsaEncryption, 9, &so[37]}, - {"RSA-MD2", "md2WithRSAEncryption", NID_md2WithRSAEncryption, 9, &so[46]}, - {"RSA-MD5", "md5WithRSAEncryption", NID_md5WithRSAEncryption, 9, &so[55]}, - {"PBE-MD2-DES", "pbeWithMD2AndDES-CBC", NID_pbeWithMD2AndDES_CBC, 9, &so[64]}, - {"PBE-MD5-DES", "pbeWithMD5AndDES-CBC", NID_pbeWithMD5AndDES_CBC, 9, &so[73]}, - {"X500", "directory services (X.500)", NID_X500, 1, &so[82]}, - {"X509", "X509", NID_X509, 2, &so[83]}, - {"CN", "commonName", NID_commonName, 3, &so[85]}, - {"C", "countryName", NID_countryName, 3, &so[88]}, - {"L", "localityName", NID_localityName, 3, &so[91]}, - {"ST", "stateOrProvinceName", NID_stateOrProvinceName, 3, &so[94]}, - {"O", "organizationName", NID_organizationName, 3, &so[97]}, - {"OU", "organizationalUnitName", NID_organizationalUnitName, 3, &so[100]}, - {"RSA", "rsa", NID_rsa, 4, &so[103]}, - {"pkcs7", "pkcs7", NID_pkcs7, 8, &so[107]}, - {"pkcs7-data", "pkcs7-data", NID_pkcs7_data, 9, &so[115]}, - {"pkcs7-signedData", "pkcs7-signedData", NID_pkcs7_signed, 9, &so[124]}, - {"pkcs7-envelopedData", "pkcs7-envelopedData", NID_pkcs7_enveloped, 9, &so[133]}, - {"pkcs7-signedAndEnvelopedData", "pkcs7-signedAndEnvelopedData", NID_pkcs7_signedAndEnveloped, 9, &so[142]}, - {"pkcs7-digestData", "pkcs7-digestData", NID_pkcs7_digest, 9, &so[151]}, - {"pkcs7-encryptedData", "pkcs7-encryptedData", NID_pkcs7_encrypted, 9, &so[160]}, - {"pkcs3", "pkcs3", NID_pkcs3, 8, &so[169]}, - {"dhKeyAgreement", "dhKeyAgreement", NID_dhKeyAgreement, 9, &so[177]}, - {"DES-ECB", "des-ecb", NID_des_ecb, 5, &so[186]}, - {"DES-CFB", "des-cfb", NID_des_cfb64, 5, &so[191]}, - {"DES-CBC", "des-cbc", NID_des_cbc, 5, &so[196]}, - {"DES-EDE", "des-ede", NID_des_ede_ecb, 5, &so[201]}, - {"DES-EDE3", "des-ede3", NID_des_ede3_ecb}, - {"IDEA-CBC", "idea-cbc", NID_idea_cbc, 11, &so[206]}, - {"IDEA-CFB", "idea-cfb", NID_idea_cfb64}, - {"IDEA-ECB", "idea-ecb", NID_idea_ecb}, - {"RC2-CBC", "rc2-cbc", NID_rc2_cbc, 8, &so[217]}, - {"RC2-ECB", "rc2-ecb", NID_rc2_ecb}, - {"RC2-CFB", "rc2-cfb", NID_rc2_cfb64}, - {"RC2-OFB", "rc2-ofb", NID_rc2_ofb64}, - {"SHA", "sha", NID_sha, 5, &so[225]}, - {"RSA-SHA", "shaWithRSAEncryption", NID_shaWithRSAEncryption, 5, &so[230]}, - {"DES-EDE-CBC", "des-ede-cbc", NID_des_ede_cbc}, - {"DES-EDE3-CBC", "des-ede3-cbc", NID_des_ede3_cbc, 8, &so[235]}, - {"DES-OFB", "des-ofb", NID_des_ofb64, 5, &so[243]}, - {"IDEA-OFB", "idea-ofb", NID_idea_ofb64}, - {"pkcs9", "pkcs9", NID_pkcs9, 8, &so[248]}, - {"emailAddress", "emailAddress", NID_pkcs9_emailAddress, 9, &so[256]}, - {"unstructuredName", "unstructuredName", NID_pkcs9_unstructuredName, 9, &so[265]}, - {"contentType", "contentType", NID_pkcs9_contentType, 9, &so[274]}, - {"messageDigest", "messageDigest", NID_pkcs9_messageDigest, 9, &so[283]}, - {"signingTime", "signingTime", NID_pkcs9_signingTime, 9, &so[292]}, - {"countersignature", "countersignature", NID_pkcs9_countersignature, 9, &so[301]}, - {"challengePassword", "challengePassword", NID_pkcs9_challengePassword, 9, &so[310]}, - {"unstructuredAddress", "unstructuredAddress", NID_pkcs9_unstructuredAddress, 9, &so[319]}, - {"extendedCertificateAttributes", "extendedCertificateAttributes", NID_pkcs9_extCertAttributes, 9, &so[328]}, - {"Netscape", "Netscape Communications Corp.", NID_netscape, 7, &so[337]}, - {"nsCertExt", "Netscape Certificate Extension", NID_netscape_cert_extension, 8, &so[344]}, - {"nsDataType", "Netscape Data Type", NID_netscape_data_type, 8, &so[352]}, - {"DES-EDE-CFB", "des-ede-cfb", NID_des_ede_cfb64}, - {"DES-EDE3-CFB", "des-ede3-cfb", NID_des_ede3_cfb64}, - {"DES-EDE-OFB", "des-ede-ofb", NID_des_ede_ofb64}, - {"DES-EDE3-OFB", "des-ede3-ofb", NID_des_ede3_ofb64}, - {"SHA1", "sha1", NID_sha1, 5, &so[360]}, - {"RSA-SHA1", "sha1WithRSAEncryption", NID_sha1WithRSAEncryption, 9, &so[365]}, - {"DSA-SHA", "dsaWithSHA", NID_dsaWithSHA, 5, &so[374]}, - {"DSA-old", "dsaEncryption-old", NID_dsa_2, 5, &so[379]}, - {"PBE-SHA1-RC2-64", "pbeWithSHA1AndRC2-CBC", NID_pbeWithSHA1AndRC2_CBC, 9, &so[384]}, - {"PBKDF2", "PBKDF2", NID_id_pbkdf2, 9, &so[393]}, - {"DSA-SHA1-old", "dsaWithSHA1-old", NID_dsaWithSHA1_2, 5, &so[402]}, - {"nsCertType", "Netscape Cert Type", NID_netscape_cert_type, 9, &so[407]}, - {"nsBaseUrl", "Netscape Base Url", NID_netscape_base_url, 9, &so[416]}, - {"nsRevocationUrl", "Netscape Revocation Url", NID_netscape_revocation_url, 9, &so[425]}, - {"nsCaRevocationUrl", "Netscape CA Revocation Url", NID_netscape_ca_revocation_url, 9, &so[434]}, - {"nsRenewalUrl", "Netscape Renewal Url", NID_netscape_renewal_url, 9, &so[443]}, - {"nsCaPolicyUrl", "Netscape CA Policy Url", NID_netscape_ca_policy_url, 9, &so[452]}, - {"nsSslServerName", "Netscape SSL Server Name", NID_netscape_ssl_server_name, 9, &so[461]}, - {"nsComment", "Netscape Comment", NID_netscape_comment, 9, &so[470]}, - {"nsCertSequence", "Netscape Certificate Sequence", NID_netscape_cert_sequence, 9, &so[479]}, - {"DESX-CBC", "desx-cbc", NID_desx_cbc}, - {"id-ce", "id-ce", NID_id_ce, 2, &so[488]}, - {"subjectKeyIdentifier", "X509v3 Subject Key Identifier", NID_subject_key_identifier, 3, &so[490]}, - {"keyUsage", "X509v3 Key Usage", NID_key_usage, 3, &so[493]}, - {"privateKeyUsagePeriod", "X509v3 Private Key Usage Period", NID_private_key_usage_period, 3, &so[496]}, - {"subjectAltName", "X509v3 Subject Alternative Name", NID_subject_alt_name, 3, &so[499]}, - {"issuerAltName", "X509v3 Issuer Alternative Name", NID_issuer_alt_name, 3, &so[502]}, - {"basicConstraints", "X509v3 Basic Constraints", NID_basic_constraints, 3, &so[505]}, - {"crlNumber", "X509v3 CRL Number", NID_crl_number, 3, &so[508]}, - {"certificatePolicies", "X509v3 Certificate Policies", NID_certificate_policies, 3, &so[511]}, - {"authorityKeyIdentifier", "X509v3 Authority Key Identifier", NID_authority_key_identifier, 3, &so[514]}, - {"BF-CBC", "bf-cbc", NID_bf_cbc, 9, &so[517]}, - {"BF-ECB", "bf-ecb", NID_bf_ecb}, - {"BF-CFB", "bf-cfb", NID_bf_cfb64}, - {"BF-OFB", "bf-ofb", NID_bf_ofb64}, - {"MDC2", "mdc2", NID_mdc2, 4, &so[526]}, - {"RSA-MDC2", "mdc2WithRSA", NID_mdc2WithRSA, 4, &so[530]}, - {"RC4-40", "rc4-40", NID_rc4_40}, - {"RC2-40-CBC", "rc2-40-cbc", NID_rc2_40_cbc}, - {"GN", "givenName", NID_givenName, 3, &so[534]}, - {"SN", "surname", NID_surname, 3, &so[537]}, - {"initials", "initials", NID_initials, 3, &so[540]}, - {"uid", "uniqueIdentifier", NID_uniqueIdentifier, 10, &so[543]}, - {"crlDistributionPoints", "X509v3 CRL Distribution Points", NID_crl_distribution_points, 3, &so[553]}, - {"RSA-NP-MD5", "md5WithRSA", NID_md5WithRSA, 5, &so[556]}, - {"serialNumber", "serialNumber", NID_serialNumber, 3, &so[561]}, - {"title", "title", NID_title, 3, &so[564]}, - {"description", "description", NID_description, 3, &so[567]}, - {"CAST5-CBC", "cast5-cbc", NID_cast5_cbc, 9, &so[570]}, - {"CAST5-ECB", "cast5-ecb", NID_cast5_ecb}, - {"CAST5-CFB", "cast5-cfb", NID_cast5_cfb64}, - {"CAST5-OFB", "cast5-ofb", NID_cast5_ofb64}, - {"pbeWithMD5AndCast5CBC", "pbeWithMD5AndCast5CBC", NID_pbeWithMD5AndCast5_CBC, 9, &so[579]}, - {"DSA-SHA1", "dsaWithSHA1", NID_dsaWithSHA1, 7, &so[588]}, - {"MD5-SHA1", "md5-sha1", NID_md5_sha1}, - {"RSA-SHA1-2", "sha1WithRSA", NID_sha1WithRSA, 5, &so[595]}, - {"DSA", "dsaEncryption", NID_dsa, 7, &so[600]}, - {"RIPEMD160", "ripemd160", NID_ripemd160, 5, &so[607]}, - { NULL, NULL, NID_undef }, - {"RSA-RIPEMD160", "ripemd160WithRSA", NID_ripemd160WithRSA, 6, &so[612]}, - {"RC5-CBC", "rc5-cbc", NID_rc5_cbc, 8, &so[618]}, - {"RC5-ECB", "rc5-ecb", NID_rc5_ecb}, - {"RC5-CFB", "rc5-cfb", NID_rc5_cfb64}, - {"RC5-OFB", "rc5-ofb", NID_rc5_ofb64}, - { NULL, NULL, NID_undef }, - {"ZLIB", "zlib compression", NID_zlib_compression, 11, &so[626]}, - {"extendedKeyUsage", "X509v3 Extended Key Usage", NID_ext_key_usage, 3, &so[637]}, - {"PKIX", "PKIX", NID_id_pkix, 6, &so[640]}, - {"id-kp", "id-kp", NID_id_kp, 7, &so[646]}, - {"serverAuth", "TLS Web Server Authentication", NID_server_auth, 8, &so[653]}, - {"clientAuth", "TLS Web Client Authentication", NID_client_auth, 8, &so[661]}, - {"codeSigning", "Code Signing", NID_code_sign, 8, &so[669]}, - {"emailProtection", "E-mail Protection", NID_email_protect, 8, &so[677]}, - {"timeStamping", "Time Stamping", NID_time_stamp, 8, &so[685]}, - {"msCodeInd", "Microsoft Individual Code Signing", NID_ms_code_ind, 10, &so[693]}, - {"msCodeCom", "Microsoft Commercial Code Signing", NID_ms_code_com, 10, &so[703]}, - {"msCTLSign", "Microsoft Trust List Signing", NID_ms_ctl_sign, 10, &so[713]}, - {"msSGC", "Microsoft Server Gated Crypto", NID_ms_sgc, 10, &so[723]}, - {"msEFS", "Microsoft Encrypted File System", NID_ms_efs, 10, &so[733]}, - {"nsSGC", "Netscape Server Gated Crypto", NID_ns_sgc, 9, &so[743]}, - {"deltaCRL", "X509v3 Delta CRL Indicator", NID_delta_crl, 3, &so[752]}, - {"CRLReason", "X509v3 CRL Reason Code", NID_crl_reason, 3, &so[755]}, - {"invalidityDate", "Invalidity Date", NID_invalidity_date, 3, &so[758]}, - {"SXNetID", "Strong Extranet ID", NID_sxnet, 5, &so[761]}, - {"PBE-SHA1-RC4-128", "pbeWithSHA1And128BitRC4", NID_pbe_WithSHA1And128BitRC4, 10, &so[766]}, - {"PBE-SHA1-RC4-40", "pbeWithSHA1And40BitRC4", NID_pbe_WithSHA1And40BitRC4, 10, &so[776]}, - {"PBE-SHA1-3DES", "pbeWithSHA1And3-KeyTripleDES-CBC", NID_pbe_WithSHA1And3_Key_TripleDES_CBC, 10, &so[786]}, - {"PBE-SHA1-2DES", "pbeWithSHA1And2-KeyTripleDES-CBC", NID_pbe_WithSHA1And2_Key_TripleDES_CBC, 10, &so[796]}, - {"PBE-SHA1-RC2-128", "pbeWithSHA1And128BitRC2-CBC", NID_pbe_WithSHA1And128BitRC2_CBC, 10, &so[806]}, - {"PBE-SHA1-RC2-40", "pbeWithSHA1And40BitRC2-CBC", NID_pbe_WithSHA1And40BitRC2_CBC, 10, &so[816]}, - {"keyBag", "keyBag", NID_keyBag, 11, &so[826]}, - {"pkcs8ShroudedKeyBag", "pkcs8ShroudedKeyBag", NID_pkcs8ShroudedKeyBag, 11, &so[837]}, - {"certBag", "certBag", NID_certBag, 11, &so[848]}, - {"crlBag", "crlBag", NID_crlBag, 11, &so[859]}, - {"secretBag", "secretBag", NID_secretBag, 11, &so[870]}, - {"safeContentsBag", "safeContentsBag", NID_safeContentsBag, 11, &so[881]}, - {"friendlyName", "friendlyName", NID_friendlyName, 9, &so[892]}, - {"localKeyID", "localKeyID", NID_localKeyID, 9, &so[901]}, - {"x509Certificate", "x509Certificate", NID_x509Certificate, 10, &so[910]}, - {"sdsiCertificate", "sdsiCertificate", NID_sdsiCertificate, 10, &so[920]}, - {"x509Crl", "x509Crl", NID_x509Crl, 10, &so[930]}, - {"PBES2", "PBES2", NID_pbes2, 9, &so[940]}, - {"PBMAC1", "PBMAC1", NID_pbmac1, 9, &so[949]}, - {"hmacWithSHA1", "hmacWithSHA1", NID_hmacWithSHA1, 8, &so[958]}, - {"id-qt-cps", "Policy Qualifier CPS", NID_id_qt_cps, 8, &so[966]}, - {"id-qt-unotice", "Policy Qualifier User Notice", NID_id_qt_unotice, 8, &so[974]}, - {"RC2-64-CBC", "rc2-64-cbc", NID_rc2_64_cbc}, - {"SMIME-CAPS", "S/MIME Capabilities", NID_SMIMECapabilities, 9, &so[982]}, - {"PBE-MD2-RC2-64", "pbeWithMD2AndRC2-CBC", NID_pbeWithMD2AndRC2_CBC, 9, &so[991]}, - {"PBE-MD5-RC2-64", "pbeWithMD5AndRC2-CBC", NID_pbeWithMD5AndRC2_CBC, 9, &so[1000]}, - {"PBE-SHA1-DES", "pbeWithSHA1AndDES-CBC", NID_pbeWithSHA1AndDES_CBC, 9, &so[1009]}, - {"msExtReq", "Microsoft Extension Request", NID_ms_ext_req, 10, &so[1018]}, - {"extReq", "Extension Request", NID_ext_req, 9, &so[1028]}, - {"name", "name", NID_name, 3, &so[1037]}, - {"dnQualifier", "dnQualifier", NID_dnQualifier, 3, &so[1040]}, - {"id-pe", "id-pe", NID_id_pe, 7, &so[1043]}, - {"id-ad", "id-ad", NID_id_ad, 7, &so[1050]}, - {"authorityInfoAccess", "Authority Information Access", NID_info_access, 8, &so[1057]}, - {"OCSP", "OCSP", NID_ad_OCSP, 8, &so[1065]}, - {"caIssuers", "CA Issuers", NID_ad_ca_issuers, 8, &so[1073]}, - {"OCSPSigning", "OCSP Signing", NID_OCSP_sign, 8, &so[1081]}, - {"ISO", "iso", NID_iso}, - {"member-body", "ISO Member Body", NID_member_body, 1, &so[1089]}, - {"ISO-US", "ISO US Member Body", NID_ISO_US, 3, &so[1090]}, - {"X9-57", "X9.57", NID_X9_57, 5, &so[1093]}, - {"X9cm", "X9.57 CM ?", NID_X9cm, 6, &so[1098]}, - {"pkcs1", "pkcs1", NID_pkcs1, 8, &so[1104]}, - {"pkcs5", "pkcs5", NID_pkcs5, 8, &so[1112]}, - {"SMIME", "S/MIME", NID_SMIME, 9, &so[1120]}, - {"id-smime-mod", "id-smime-mod", NID_id_smime_mod, 10, &so[1129]}, - {"id-smime-ct", "id-smime-ct", NID_id_smime_ct, 10, &so[1139]}, - {"id-smime-aa", "id-smime-aa", NID_id_smime_aa, 10, &so[1149]}, - {"id-smime-alg", "id-smime-alg", NID_id_smime_alg, 10, &so[1159]}, - {"id-smime-cd", "id-smime-cd", NID_id_smime_cd, 10, &so[1169]}, - {"id-smime-spq", "id-smime-spq", NID_id_smime_spq, 10, &so[1179]}, - {"id-smime-cti", "id-smime-cti", NID_id_smime_cti, 10, &so[1189]}, - {"id-smime-mod-cms", "id-smime-mod-cms", NID_id_smime_mod_cms, 11, &so[1199]}, - {"id-smime-mod-ess", "id-smime-mod-ess", NID_id_smime_mod_ess, 11, &so[1210]}, - {"id-smime-mod-oid", "id-smime-mod-oid", NID_id_smime_mod_oid, 11, &so[1221]}, - {"id-smime-mod-msg-v3", "id-smime-mod-msg-v3", NID_id_smime_mod_msg_v3, 11, &so[1232]}, - {"id-smime-mod-ets-eSignature-88", "id-smime-mod-ets-eSignature-88", NID_id_smime_mod_ets_eSignature_88, 11, &so[1243]}, - {"id-smime-mod-ets-eSignature-97", "id-smime-mod-ets-eSignature-97", NID_id_smime_mod_ets_eSignature_97, 11, &so[1254]}, - {"id-smime-mod-ets-eSigPolicy-88", "id-smime-mod-ets-eSigPolicy-88", NID_id_smime_mod_ets_eSigPolicy_88, 11, &so[1265]}, - {"id-smime-mod-ets-eSigPolicy-97", "id-smime-mod-ets-eSigPolicy-97", NID_id_smime_mod_ets_eSigPolicy_97, 11, &so[1276]}, - {"id-smime-ct-receipt", "id-smime-ct-receipt", NID_id_smime_ct_receipt, 11, &so[1287]}, - {"id-smime-ct-authData", "id-smime-ct-authData", NID_id_smime_ct_authData, 11, &so[1298]}, - {"id-smime-ct-publishCert", "id-smime-ct-publishCert", NID_id_smime_ct_publishCert, 11, &so[1309]}, - {"id-smime-ct-TSTInfo", "id-smime-ct-TSTInfo", NID_id_smime_ct_TSTInfo, 11, &so[1320]}, - {"id-smime-ct-TDTInfo", "id-smime-ct-TDTInfo", NID_id_smime_ct_TDTInfo, 11, &so[1331]}, - {"id-smime-ct-contentInfo", "id-smime-ct-contentInfo", NID_id_smime_ct_contentInfo, 11, &so[1342]}, - {"id-smime-ct-DVCSRequestData", "id-smime-ct-DVCSRequestData", NID_id_smime_ct_DVCSRequestData, 11, &so[1353]}, - {"id-smime-ct-DVCSResponseData", "id-smime-ct-DVCSResponseData", NID_id_smime_ct_DVCSResponseData, 11, &so[1364]}, - {"id-smime-aa-receiptRequest", "id-smime-aa-receiptRequest", NID_id_smime_aa_receiptRequest, 11, &so[1375]}, - {"id-smime-aa-securityLabel", "id-smime-aa-securityLabel", NID_id_smime_aa_securityLabel, 11, &so[1386]}, - {"id-smime-aa-mlExpandHistory", "id-smime-aa-mlExpandHistory", NID_id_smime_aa_mlExpandHistory, 11, &so[1397]}, - {"id-smime-aa-contentHint", "id-smime-aa-contentHint", NID_id_smime_aa_contentHint, 11, &so[1408]}, - {"id-smime-aa-msgSigDigest", "id-smime-aa-msgSigDigest", NID_id_smime_aa_msgSigDigest, 11, &so[1419]}, - {"id-smime-aa-encapContentType", "id-smime-aa-encapContentType", NID_id_smime_aa_encapContentType, 11, &so[1430]}, - {"id-smime-aa-contentIdentifier", "id-smime-aa-contentIdentifier", NID_id_smime_aa_contentIdentifier, 11, &so[1441]}, - {"id-smime-aa-macValue", "id-smime-aa-macValue", NID_id_smime_aa_macValue, 11, &so[1452]}, - {"id-smime-aa-equivalentLabels", "id-smime-aa-equivalentLabels", NID_id_smime_aa_equivalentLabels, 11, &so[1463]}, - {"id-smime-aa-contentReference", "id-smime-aa-contentReference", NID_id_smime_aa_contentReference, 11, &so[1474]}, - {"id-smime-aa-encrypKeyPref", "id-smime-aa-encrypKeyPref", NID_id_smime_aa_encrypKeyPref, 11, &so[1485]}, - {"id-smime-aa-signingCertificate", "id-smime-aa-signingCertificate", NID_id_smime_aa_signingCertificate, 11, &so[1496]}, - {"id-smime-aa-smimeEncryptCerts", "id-smime-aa-smimeEncryptCerts", NID_id_smime_aa_smimeEncryptCerts, 11, &so[1507]}, - {"id-smime-aa-timeStampToken", "id-smime-aa-timeStampToken", NID_id_smime_aa_timeStampToken, 11, &so[1518]}, - {"id-smime-aa-ets-sigPolicyId", "id-smime-aa-ets-sigPolicyId", NID_id_smime_aa_ets_sigPolicyId, 11, &so[1529]}, - {"id-smime-aa-ets-commitmentType", "id-smime-aa-ets-commitmentType", NID_id_smime_aa_ets_commitmentType, 11, &so[1540]}, - {"id-smime-aa-ets-signerLocation", "id-smime-aa-ets-signerLocation", NID_id_smime_aa_ets_signerLocation, 11, &so[1551]}, - {"id-smime-aa-ets-signerAttr", "id-smime-aa-ets-signerAttr", NID_id_smime_aa_ets_signerAttr, 11, &so[1562]}, - {"id-smime-aa-ets-otherSigCert", "id-smime-aa-ets-otherSigCert", NID_id_smime_aa_ets_otherSigCert, 11, &so[1573]}, - {"id-smime-aa-ets-contentTimestamp", "id-smime-aa-ets-contentTimestamp", NID_id_smime_aa_ets_contentTimestamp, 11, &so[1584]}, - {"id-smime-aa-ets-CertificateRefs", "id-smime-aa-ets-CertificateRefs", NID_id_smime_aa_ets_CertificateRefs, 11, &so[1595]}, - {"id-smime-aa-ets-RevocationRefs", "id-smime-aa-ets-RevocationRefs", NID_id_smime_aa_ets_RevocationRefs, 11, &so[1606]}, - {"id-smime-aa-ets-certValues", "id-smime-aa-ets-certValues", NID_id_smime_aa_ets_certValues, 11, &so[1617]}, - {"id-smime-aa-ets-revocationValues", "id-smime-aa-ets-revocationValues", NID_id_smime_aa_ets_revocationValues, 11, &so[1628]}, - {"id-smime-aa-ets-escTimeStamp", "id-smime-aa-ets-escTimeStamp", NID_id_smime_aa_ets_escTimeStamp, 11, &so[1639]}, - {"id-smime-aa-ets-certCRLTimestamp", "id-smime-aa-ets-certCRLTimestamp", NID_id_smime_aa_ets_certCRLTimestamp, 11, &so[1650]}, - {"id-smime-aa-ets-archiveTimeStamp", "id-smime-aa-ets-archiveTimeStamp", NID_id_smime_aa_ets_archiveTimeStamp, 11, &so[1661]}, - {"id-smime-aa-signatureType", "id-smime-aa-signatureType", NID_id_smime_aa_signatureType, 11, &so[1672]}, - {"id-smime-aa-dvcs-dvc", "id-smime-aa-dvcs-dvc", NID_id_smime_aa_dvcs_dvc, 11, &so[1683]}, - {"id-smime-alg-ESDHwith3DES", "id-smime-alg-ESDHwith3DES", NID_id_smime_alg_ESDHwith3DES, 11, &so[1694]}, - {"id-smime-alg-ESDHwithRC2", "id-smime-alg-ESDHwithRC2", NID_id_smime_alg_ESDHwithRC2, 11, &so[1705]}, - {"id-smime-alg-3DESwrap", "id-smime-alg-3DESwrap", NID_id_smime_alg_3DESwrap, 11, &so[1716]}, - {"id-smime-alg-RC2wrap", "id-smime-alg-RC2wrap", NID_id_smime_alg_RC2wrap, 11, &so[1727]}, - {"id-smime-alg-ESDH", "id-smime-alg-ESDH", NID_id_smime_alg_ESDH, 11, &so[1738]}, - {"id-smime-alg-CMS3DESwrap", "id-smime-alg-CMS3DESwrap", NID_id_smime_alg_CMS3DESwrap, 11, &so[1749]}, - {"id-smime-alg-CMSRC2wrap", "id-smime-alg-CMSRC2wrap", NID_id_smime_alg_CMSRC2wrap, 11, &so[1760]}, - {"id-smime-cd-ldap", "id-smime-cd-ldap", NID_id_smime_cd_ldap, 11, &so[1771]}, - {"id-smime-spq-ets-sqt-uri", "id-smime-spq-ets-sqt-uri", NID_id_smime_spq_ets_sqt_uri, 11, &so[1782]}, - {"id-smime-spq-ets-sqt-unotice", "id-smime-spq-ets-sqt-unotice", NID_id_smime_spq_ets_sqt_unotice, 11, &so[1793]}, - {"id-smime-cti-ets-proofOfOrigin", "id-smime-cti-ets-proofOfOrigin", NID_id_smime_cti_ets_proofOfOrigin, 11, &so[1804]}, - {"id-smime-cti-ets-proofOfReceipt", "id-smime-cti-ets-proofOfReceipt", NID_id_smime_cti_ets_proofOfReceipt, 11, &so[1815]}, - {"id-smime-cti-ets-proofOfDelivery", "id-smime-cti-ets-proofOfDelivery", NID_id_smime_cti_ets_proofOfDelivery, 11, &so[1826]}, - {"id-smime-cti-ets-proofOfSender", "id-smime-cti-ets-proofOfSender", NID_id_smime_cti_ets_proofOfSender, 11, &so[1837]}, - {"id-smime-cti-ets-proofOfApproval", "id-smime-cti-ets-proofOfApproval", NID_id_smime_cti_ets_proofOfApproval, 11, &so[1848]}, - {"id-smime-cti-ets-proofOfCreation", "id-smime-cti-ets-proofOfCreation", NID_id_smime_cti_ets_proofOfCreation, 11, &so[1859]}, - {"MD4", "md4", NID_md4, 8, &so[1870]}, - {"id-pkix-mod", "id-pkix-mod", NID_id_pkix_mod, 7, &so[1878]}, - {"id-qt", "id-qt", NID_id_qt, 7, &so[1885]}, - {"id-it", "id-it", NID_id_it, 7, &so[1892]}, - {"id-pkip", "id-pkip", NID_id_pkip, 7, &so[1899]}, - {"id-alg", "id-alg", NID_id_alg, 7, &so[1906]}, - {"id-cmc", "id-cmc", NID_id_cmc, 7, &so[1913]}, - {"id-on", "id-on", NID_id_on, 7, &so[1920]}, - {"id-pda", "id-pda", NID_id_pda, 7, &so[1927]}, - {"id-aca", "id-aca", NID_id_aca, 7, &so[1934]}, - {"id-qcs", "id-qcs", NID_id_qcs, 7, &so[1941]}, - {"id-cct", "id-cct", NID_id_cct, 7, &so[1948]}, - {"id-pkix1-explicit-88", "id-pkix1-explicit-88", NID_id_pkix1_explicit_88, 8, &so[1955]}, - {"id-pkix1-implicit-88", "id-pkix1-implicit-88", NID_id_pkix1_implicit_88, 8, &so[1963]}, - {"id-pkix1-explicit-93", "id-pkix1-explicit-93", NID_id_pkix1_explicit_93, 8, &so[1971]}, - {"id-pkix1-implicit-93", "id-pkix1-implicit-93", NID_id_pkix1_implicit_93, 8, &so[1979]}, - {"id-mod-crmf", "id-mod-crmf", NID_id_mod_crmf, 8, &so[1987]}, - {"id-mod-cmc", "id-mod-cmc", NID_id_mod_cmc, 8, &so[1995]}, - {"id-mod-kea-profile-88", "id-mod-kea-profile-88", NID_id_mod_kea_profile_88, 8, &so[2003]}, - {"id-mod-kea-profile-93", "id-mod-kea-profile-93", NID_id_mod_kea_profile_93, 8, &so[2011]}, - {"id-mod-cmp", "id-mod-cmp", NID_id_mod_cmp, 8, &so[2019]}, - {"id-mod-qualified-cert-88", "id-mod-qualified-cert-88", NID_id_mod_qualified_cert_88, 8, &so[2027]}, - {"id-mod-qualified-cert-93", "id-mod-qualified-cert-93", NID_id_mod_qualified_cert_93, 8, &so[2035]}, - {"id-mod-attribute-cert", "id-mod-attribute-cert", NID_id_mod_attribute_cert, 8, &so[2043]}, - {"id-mod-timestamp-protocol", "id-mod-timestamp-protocol", NID_id_mod_timestamp_protocol, 8, &so[2051]}, - {"id-mod-ocsp", "id-mod-ocsp", NID_id_mod_ocsp, 8, &so[2059]}, - {"id-mod-dvcs", "id-mod-dvcs", NID_id_mod_dvcs, 8, &so[2067]}, - {"id-mod-cmp2000", "id-mod-cmp2000", NID_id_mod_cmp2000, 8, &so[2075]}, - {"biometricInfo", "Biometric Info", NID_biometricInfo, 8, &so[2083]}, - {"qcStatements", "qcStatements", NID_qcStatements, 8, &so[2091]}, - {"ac-auditEntity", "ac-auditEntity", NID_ac_auditEntity, 8, &so[2099]}, - {"ac-targeting", "ac-targeting", NID_ac_targeting, 8, &so[2107]}, - {"aaControls", "aaControls", NID_aaControls, 8, &so[2115]}, - {"sbgp-ipAddrBlock", "sbgp-ipAddrBlock", NID_sbgp_ipAddrBlock, 8, &so[2123]}, - {"sbgp-autonomousSysNum", "sbgp-autonomousSysNum", NID_sbgp_autonomousSysNum, 8, &so[2131]}, - {"sbgp-routerIdentifier", "sbgp-routerIdentifier", NID_sbgp_routerIdentifier, 8, &so[2139]}, - {"textNotice", "textNotice", NID_textNotice, 8, &so[2147]}, - {"ipsecEndSystem", "IPSec End System", NID_ipsecEndSystem, 8, &so[2155]}, - {"ipsecTunnel", "IPSec Tunnel", NID_ipsecTunnel, 8, &so[2163]}, - {"ipsecUser", "IPSec User", NID_ipsecUser, 8, &so[2171]}, - {"DVCS", "dvcs", NID_dvcs, 8, &so[2179]}, - {"id-it-caProtEncCert", "id-it-caProtEncCert", NID_id_it_caProtEncCert, 8, &so[2187]}, - {"id-it-signKeyPairTypes", "id-it-signKeyPairTypes", NID_id_it_signKeyPairTypes, 8, &so[2195]}, - {"id-it-encKeyPairTypes", "id-it-encKeyPairTypes", NID_id_it_encKeyPairTypes, 8, &so[2203]}, - {"id-it-preferredSymmAlg", "id-it-preferredSymmAlg", NID_id_it_preferredSymmAlg, 8, &so[2211]}, - {"id-it-caKeyUpdateInfo", "id-it-caKeyUpdateInfo", NID_id_it_caKeyUpdateInfo, 8, &so[2219]}, - {"id-it-currentCRL", "id-it-currentCRL", NID_id_it_currentCRL, 8, &so[2227]}, - {"id-it-unsupportedOIDs", "id-it-unsupportedOIDs", NID_id_it_unsupportedOIDs, 8, &so[2235]}, - {"id-it-subscriptionRequest", "id-it-subscriptionRequest", NID_id_it_subscriptionRequest, 8, &so[2243]}, - {"id-it-subscriptionResponse", "id-it-subscriptionResponse", NID_id_it_subscriptionResponse, 8, &so[2251]}, - {"id-it-keyPairParamReq", "id-it-keyPairParamReq", NID_id_it_keyPairParamReq, 8, &so[2259]}, - {"id-it-keyPairParamRep", "id-it-keyPairParamRep", NID_id_it_keyPairParamRep, 8, &so[2267]}, - {"id-it-revPassphrase", "id-it-revPassphrase", NID_id_it_revPassphrase, 8, &so[2275]}, - {"id-it-implicitConfirm", "id-it-implicitConfirm", NID_id_it_implicitConfirm, 8, &so[2283]}, - {"id-it-confirmWaitTime", "id-it-confirmWaitTime", NID_id_it_confirmWaitTime, 8, &so[2291]}, - {"id-it-origPKIMessage", "id-it-origPKIMessage", NID_id_it_origPKIMessage, 8, &so[2299]}, - {"id-regCtrl", "id-regCtrl", NID_id_regCtrl, 8, &so[2307]}, - {"id-regInfo", "id-regInfo", NID_id_regInfo, 8, &so[2315]}, - {"id-regCtrl-regToken", "id-regCtrl-regToken", NID_id_regCtrl_regToken, 9, &so[2323]}, - {"id-regCtrl-authenticator", "id-regCtrl-authenticator", NID_id_regCtrl_authenticator, 9, &so[2332]}, - {"id-regCtrl-pkiPublicationInfo", "id-regCtrl-pkiPublicationInfo", NID_id_regCtrl_pkiPublicationInfo, 9, &so[2341]}, - {"id-regCtrl-pkiArchiveOptions", "id-regCtrl-pkiArchiveOptions", NID_id_regCtrl_pkiArchiveOptions, 9, &so[2350]}, - {"id-regCtrl-oldCertID", "id-regCtrl-oldCertID", NID_id_regCtrl_oldCertID, 9, &so[2359]}, - {"id-regCtrl-protocolEncrKey", "id-regCtrl-protocolEncrKey", NID_id_regCtrl_protocolEncrKey, 9, &so[2368]}, - {"id-regInfo-utf8Pairs", "id-regInfo-utf8Pairs", NID_id_regInfo_utf8Pairs, 9, &so[2377]}, - {"id-regInfo-certReq", "id-regInfo-certReq", NID_id_regInfo_certReq, 9, &so[2386]}, - {"id-alg-des40", "id-alg-des40", NID_id_alg_des40, 8, &so[2395]}, - {"id-alg-noSignature", "id-alg-noSignature", NID_id_alg_noSignature, 8, &so[2403]}, - {"id-alg-dh-sig-hmac-sha1", "id-alg-dh-sig-hmac-sha1", NID_id_alg_dh_sig_hmac_sha1, 8, &so[2411]}, - {"id-alg-dh-pop", "id-alg-dh-pop", NID_id_alg_dh_pop, 8, &so[2419]}, - {"id-cmc-statusInfo", "id-cmc-statusInfo", NID_id_cmc_statusInfo, 8, &so[2427]}, - {"id-cmc-identification", "id-cmc-identification", NID_id_cmc_identification, 8, &so[2435]}, - {"id-cmc-identityProof", "id-cmc-identityProof", NID_id_cmc_identityProof, 8, &so[2443]}, - {"id-cmc-dataReturn", "id-cmc-dataReturn", NID_id_cmc_dataReturn, 8, &so[2451]}, - {"id-cmc-transactionId", "id-cmc-transactionId", NID_id_cmc_transactionId, 8, &so[2459]}, - {"id-cmc-senderNonce", "id-cmc-senderNonce", NID_id_cmc_senderNonce, 8, &so[2467]}, - {"id-cmc-recipientNonce", "id-cmc-recipientNonce", NID_id_cmc_recipientNonce, 8, &so[2475]}, - {"id-cmc-addExtensions", "id-cmc-addExtensions", NID_id_cmc_addExtensions, 8, &so[2483]}, - {"id-cmc-encryptedPOP", "id-cmc-encryptedPOP", NID_id_cmc_encryptedPOP, 8, &so[2491]}, - {"id-cmc-decryptedPOP", "id-cmc-decryptedPOP", NID_id_cmc_decryptedPOP, 8, &so[2499]}, - {"id-cmc-lraPOPWitness", "id-cmc-lraPOPWitness", NID_id_cmc_lraPOPWitness, 8, &so[2507]}, - {"id-cmc-getCert", "id-cmc-getCert", NID_id_cmc_getCert, 8, &so[2515]}, - {"id-cmc-getCRL", "id-cmc-getCRL", NID_id_cmc_getCRL, 8, &so[2523]}, - {"id-cmc-revokeRequest", "id-cmc-revokeRequest", NID_id_cmc_revokeRequest, 8, &so[2531]}, - {"id-cmc-regInfo", "id-cmc-regInfo", NID_id_cmc_regInfo, 8, &so[2539]}, - {"id-cmc-responseInfo", "id-cmc-responseInfo", NID_id_cmc_responseInfo, 8, &so[2547]}, - {"id-cmc-queryPending", "id-cmc-queryPending", NID_id_cmc_queryPending, 8, &so[2555]}, - {"id-cmc-popLinkRandom", "id-cmc-popLinkRandom", NID_id_cmc_popLinkRandom, 8, &so[2563]}, - {"id-cmc-popLinkWitness", "id-cmc-popLinkWitness", NID_id_cmc_popLinkWitness, 8, &so[2571]}, - {"id-cmc-confirmCertAcceptance", "id-cmc-confirmCertAcceptance", NID_id_cmc_confirmCertAcceptance, 8, &so[2579]}, - {"id-on-personalData", "id-on-personalData", NID_id_on_personalData, 8, &so[2587]}, - {"id-pda-dateOfBirth", "id-pda-dateOfBirth", NID_id_pda_dateOfBirth, 8, &so[2595]}, - {"id-pda-placeOfBirth", "id-pda-placeOfBirth", NID_id_pda_placeOfBirth, 8, &so[2603]}, - { NULL, NULL, NID_undef }, - {"id-pda-gender", "id-pda-gender", NID_id_pda_gender, 8, &so[2611]}, - {"id-pda-countryOfCitizenship", "id-pda-countryOfCitizenship", NID_id_pda_countryOfCitizenship, 8, &so[2619]}, - {"id-pda-countryOfResidence", "id-pda-countryOfResidence", NID_id_pda_countryOfResidence, 8, &so[2627]}, - {"id-aca-authenticationInfo", "id-aca-authenticationInfo", NID_id_aca_authenticationInfo, 8, &so[2635]}, - {"id-aca-accessIdentity", "id-aca-accessIdentity", NID_id_aca_accessIdentity, 8, &so[2643]}, - {"id-aca-chargingIdentity", "id-aca-chargingIdentity", NID_id_aca_chargingIdentity, 8, &so[2651]}, - {"id-aca-group", "id-aca-group", NID_id_aca_group, 8, &so[2659]}, - {"id-aca-role", "id-aca-role", NID_id_aca_role, 8, &so[2667]}, - {"id-qcs-pkixQCSyntax-v1", "id-qcs-pkixQCSyntax-v1", NID_id_qcs_pkixQCSyntax_v1, 8, &so[2675]}, - {"id-cct-crs", "id-cct-crs", NID_id_cct_crs, 8, &so[2683]}, - {"id-cct-PKIData", "id-cct-PKIData", NID_id_cct_PKIData, 8, &so[2691]}, - {"id-cct-PKIResponse", "id-cct-PKIResponse", NID_id_cct_PKIResponse, 8, &so[2699]}, - {"ad_timestamping", "AD Time Stamping", NID_ad_timeStamping, 8, &so[2707]}, - {"AD_DVCS", "ad dvcs", NID_ad_dvcs, 8, &so[2715]}, - {"basicOCSPResponse", "Basic OCSP Response", NID_id_pkix_OCSP_basic, 9, &so[2723]}, - {"Nonce", "OCSP Nonce", NID_id_pkix_OCSP_Nonce, 9, &so[2732]}, - {"CrlID", "OCSP CRL ID", NID_id_pkix_OCSP_CrlID, 9, &so[2741]}, - {"acceptableResponses", "Acceptable OCSP Responses", NID_id_pkix_OCSP_acceptableResponses, 9, &so[2750]}, - {"noCheck", "OCSP No Check", NID_id_pkix_OCSP_noCheck, 9, &so[2759]}, - {"archiveCutoff", "OCSP Archive Cutoff", NID_id_pkix_OCSP_archiveCutoff, 9, &so[2768]}, - {"serviceLocator", "OCSP Service Locator", NID_id_pkix_OCSP_serviceLocator, 9, &so[2777]}, - {"extendedStatus", "Extended OCSP Status", NID_id_pkix_OCSP_extendedStatus, 9, &so[2786]}, - {"valid", "valid", NID_id_pkix_OCSP_valid, 9, &so[2795]}, - {"path", "path", NID_id_pkix_OCSP_path, 9, &so[2804]}, - {"trustRoot", "Trust Root", NID_id_pkix_OCSP_trustRoot, 9, &so[2813]}, - {"algorithm", "algorithm", NID_algorithm, 4, &so[2822]}, - {"rsaSignature", "rsaSignature", NID_rsaSignature, 5, &so[2826]}, - {"X500algorithms", "directory services - algorithms", NID_X500algorithms, 2, &so[2831]}, - {"ORG", "org", NID_org, 1, &so[2833]}, - {"DOD", "dod", NID_dod, 2, &so[2834]}, - {"IANA", "iana", NID_iana, 3, &so[2836]}, - {"directory", "Directory", NID_Directory, 4, &so[2839]}, - {"mgmt", "Management", NID_Management, 4, &so[2843]}, - {"experimental", "Experimental", NID_Experimental, 4, &so[2847]}, - {"private", "Private", NID_Private, 4, &so[2851]}, - {"security", "Security", NID_Security, 4, &so[2855]}, - {"snmpv2", "SNMPv2", NID_SNMPv2, 4, &so[2859]}, - {"Mail", "Mail", NID_Mail, 4, &so[2863]}, - {"enterprises", "Enterprises", NID_Enterprises, 5, &so[2867]}, - {"dcobject", "dcObject", NID_dcObject, 9, &so[2872]}, - {"DC", "domainComponent", NID_domainComponent, 10, &so[2881]}, - {"domain", "Domain", NID_Domain, 10, &so[2891]}, - {"NULL", "NULL", NID_joint_iso_ccitt}, - {"selected-attribute-types", "Selected Attribute Types", NID_selected_attribute_types, 3, &so[2901]}, - {"clearance", "clearance", NID_clearance, 4, &so[2904]}, - {"RSA-MD4", "md4WithRSAEncryption", NID_md4WithRSAEncryption, 9, &so[2908]}, - {"ac-proxying", "ac-proxying", NID_ac_proxying, 8, &so[2917]}, - {"subjectInfoAccess", "Subject Information Access", NID_sinfo_access, 8, &so[2925]}, - {"id-aca-encAttrs", "id-aca-encAttrs", NID_id_aca_encAttrs, 8, &so[2933]}, - {"role", "role", NID_role, 3, &so[2941]}, - {"policyConstraints", "X509v3 Policy Constraints", NID_policy_constraints, 3, &so[2944]}, - {"targetInformation", "X509v3 AC Targeting", NID_target_information, 3, &so[2947]}, - {"noRevAvail", "X509v3 No Revocation Available", NID_no_rev_avail, 3, &so[2950]}, - {"NULL", "NULL", NID_ccitt}, - {"ansi-X9-62", "ANSI X9.62", NID_ansi_X9_62, 5, &so[2953]}, - {"prime-field", "prime-field", NID_X9_62_prime_field, 7, &so[2958]}, - {"characteristic-two-field", "characteristic-two-field", NID_X9_62_characteristic_two_field, 7, &so[2965]}, - {"id-ecPublicKey", "id-ecPublicKey", NID_X9_62_id_ecPublicKey, 7, &so[2972]}, - {"prime192v1", "prime192v1", NID_X9_62_prime192v1, 8, &so[2979]}, - {"prime192v2", "prime192v2", NID_X9_62_prime192v2, 8, &so[2987]}, - {"prime192v3", "prime192v3", NID_X9_62_prime192v3, 8, &so[2995]}, - {"prime239v1", "prime239v1", NID_X9_62_prime239v1, 8, &so[3003]}, - {"prime239v2", "prime239v2", NID_X9_62_prime239v2, 8, &so[3011]}, - {"prime239v3", "prime239v3", NID_X9_62_prime239v3, 8, &so[3019]}, - {"prime256v1", "prime256v1", NID_X9_62_prime256v1, 8, &so[3027]}, - {"ecdsa-with-SHA1", "ecdsa-with-SHA1", NID_ecdsa_with_SHA1, 7, &so[3035]}, - {"CSPName", "Microsoft CSP Name", NID_ms_csp_name, 9, &so[3042]}, - {"AES-128-ECB", "aes-128-ecb", NID_aes_128_ecb, 9, &so[3051]}, - {"AES-128-CBC", "aes-128-cbc", NID_aes_128_cbc, 9, &so[3060]}, - {"AES-128-OFB", "aes-128-ofb", NID_aes_128_ofb128, 9, &so[3069]}, - {"AES-128-CFB", "aes-128-cfb", NID_aes_128_cfb128, 9, &so[3078]}, - {"AES-192-ECB", "aes-192-ecb", NID_aes_192_ecb, 9, &so[3087]}, - {"AES-192-CBC", "aes-192-cbc", NID_aes_192_cbc, 9, &so[3096]}, - {"AES-192-OFB", "aes-192-ofb", NID_aes_192_ofb128, 9, &so[3105]}, - {"AES-192-CFB", "aes-192-cfb", NID_aes_192_cfb128, 9, &so[3114]}, - {"AES-256-ECB", "aes-256-ecb", NID_aes_256_ecb, 9, &so[3123]}, - {"AES-256-CBC", "aes-256-cbc", NID_aes_256_cbc, 9, &so[3132]}, - {"AES-256-OFB", "aes-256-ofb", NID_aes_256_ofb128, 9, &so[3141]}, - {"AES-256-CFB", "aes-256-cfb", NID_aes_256_cfb128, 9, &so[3150]}, - {"holdInstructionCode", "Hold Instruction Code", NID_hold_instruction_code, 3, &so[3159]}, - {"holdInstructionNone", "Hold Instruction None", NID_hold_instruction_none, 7, &so[3162]}, - {"holdInstructionCallIssuer", "Hold Instruction Call Issuer", NID_hold_instruction_call_issuer, 7, &so[3169]}, - {"holdInstructionReject", "Hold Instruction Reject", NID_hold_instruction_reject, 7, &so[3176]}, - {"data", "data", NID_data, 1, &so[3183]}, - {"pss", "pss", NID_pss, 3, &so[3184]}, - {"ucl", "ucl", NID_ucl, 7, &so[3187]}, - {"pilot", "pilot", NID_pilot, 8, &so[3194]}, - {"pilotAttributeType", "pilotAttributeType", NID_pilotAttributeType, 9, &so[3202]}, - {"pilotAttributeSyntax", "pilotAttributeSyntax", NID_pilotAttributeSyntax, 9, &so[3211]}, - {"pilotObjectClass", "pilotObjectClass", NID_pilotObjectClass, 9, &so[3220]}, - {"pilotGroups", "pilotGroups", NID_pilotGroups, 9, &so[3229]}, - {"iA5StringSyntax", "iA5StringSyntax", NID_iA5StringSyntax, 10, &so[3238]}, - {"caseIgnoreIA5StringSyntax", "caseIgnoreIA5StringSyntax", NID_caseIgnoreIA5StringSyntax, 10, &so[3248]}, - {"pilotObject", "pilotObject", NID_pilotObject, 10, &so[3258]}, - {"pilotPerson", "pilotPerson", NID_pilotPerson, 10, &so[3268]}, - {"account", "account", NID_account, 10, &so[3278]}, - {"document", "document", NID_document, 10, &so[3288]}, - {"room", "room", NID_room, 10, &so[3298]}, - {"documentSeries", "documentSeries", NID_documentSeries, 10, &so[3308]}, - {"rFC822localPart", "rFC822localPart", NID_rFC822localPart, 10, &so[3318]}, - {"dNSDomain", "dNSDomain", NID_dNSDomain, 10, &so[3328]}, - {"domainRelatedObject", "domainRelatedObject", NID_domainRelatedObject, 10, &so[3338]}, - {"friendlyCountry", "friendlyCountry", NID_friendlyCountry, 10, &so[3348]}, - {"simpleSecurityObject", "simpleSecurityObject", NID_simpleSecurityObject, 10, &so[3358]}, - {"pilotOrganization", "pilotOrganization", NID_pilotOrganization, 10, &so[3368]}, - {"pilotDSA", "pilotDSA", NID_pilotDSA, 10, &so[3378]}, - {"qualityLabelledData", "qualityLabelledData", NID_qualityLabelledData, 10, &so[3388]}, - {"UID", "userId", NID_userId, 10, &so[3398]}, - {"textEncodedORAddress", "textEncodedORAddress", NID_textEncodedORAddress, 10, &so[3408]}, - {"mail", "rfc822Mailbox", NID_rfc822Mailbox, 10, &so[3418]}, - {"info", "info", NID_info, 10, &so[3428]}, - {"favouriteDrink", "favouriteDrink", NID_favouriteDrink, 10, &so[3438]}, - {"roomNumber", "roomNumber", NID_roomNumber, 10, &so[3448]}, - {"photo", "photo", NID_photo, 10, &so[3458]}, - {"userClass", "userClass", NID_userClass, 10, &so[3468]}, - {"host", "host", NID_host, 10, &so[3478]}, - {"manager", "manager", NID_manager, 10, &so[3488]}, - {"documentIdentifier", "documentIdentifier", NID_documentIdentifier, 10, &so[3498]}, - {"documentTitle", "documentTitle", NID_documentTitle, 10, &so[3508]}, - {"documentVersion", "documentVersion", NID_documentVersion, 10, &so[3518]}, - {"documentAuthor", "documentAuthor", NID_documentAuthor, 10, &so[3528]}, - {"documentLocation", "documentLocation", NID_documentLocation, 10, &so[3538]}, - {"homeTelephoneNumber", "homeTelephoneNumber", NID_homeTelephoneNumber, 10, &so[3548]}, - {"secretary", "secretary", NID_secretary, 10, &so[3558]}, - {"otherMailbox", "otherMailbox", NID_otherMailbox, 10, &so[3568]}, - {"lastModifiedTime", "lastModifiedTime", NID_lastModifiedTime, 10, &so[3578]}, - {"lastModifiedBy", "lastModifiedBy", NID_lastModifiedBy, 10, &so[3588]}, - {"aRecord", "aRecord", NID_aRecord, 10, &so[3598]}, - {"pilotAttributeType27", "pilotAttributeType27", NID_pilotAttributeType27, 10, &so[3608]}, - {"mXRecord", "mXRecord", NID_mXRecord, 10, &so[3618]}, - {"nSRecord", "nSRecord", NID_nSRecord, 10, &so[3628]}, - {"sOARecord", "sOARecord", NID_sOARecord, 10, &so[3638]}, - {"cNAMERecord", "cNAMERecord", NID_cNAMERecord, 10, &so[3648]}, - {"associatedDomain", "associatedDomain", NID_associatedDomain, 10, &so[3658]}, - {"associatedName", "associatedName", NID_associatedName, 10, &so[3668]}, - {"homePostalAddress", "homePostalAddress", NID_homePostalAddress, 10, &so[3678]}, - {"personalTitle", "personalTitle", NID_personalTitle, 10, &so[3688]}, - {"mobileTelephoneNumber", "mobileTelephoneNumber", NID_mobileTelephoneNumber, 10, &so[3698]}, - {"pagerTelephoneNumber", "pagerTelephoneNumber", NID_pagerTelephoneNumber, 10, &so[3708]}, - {"friendlyCountryName", "friendlyCountryName", NID_friendlyCountryName, 10, &so[3718]}, - {"organizationalStatus", "organizationalStatus", NID_organizationalStatus, 10, &so[3728]}, - {"janetMailbox", "janetMailbox", NID_janetMailbox, 10, &so[3738]}, - {"mailPreferenceOption", "mailPreferenceOption", NID_mailPreferenceOption, 10, &so[3748]}, - {"buildingName", "buildingName", NID_buildingName, 10, &so[3758]}, - {"dSAQuality", "dSAQuality", NID_dSAQuality, 10, &so[3768]}, - {"singleLevelQuality", "singleLevelQuality", NID_singleLevelQuality, 10, &so[3778]}, - {"subtreeMinimumQuality", "subtreeMinimumQuality", NID_subtreeMinimumQuality, 10, &so[3788]}, - {"subtreeMaximumQuality", "subtreeMaximumQuality", NID_subtreeMaximumQuality, 10, &so[3798]}, - {"personalSignature", "personalSignature", NID_personalSignature, 10, &so[3808]}, - {"dITRedirect", "dITRedirect", NID_dITRedirect, 10, &so[3818]}, - {"audio", "audio", NID_audio, 10, &so[3828]}, - {"documentPublisher", "documentPublisher", NID_documentPublisher, 10, &so[3838]}, - {"x500UniqueIdentifier", "x500UniqueIdentifier", NID_x500UniqueIdentifier, 3, &so[3848]}, - {"mime-mhs", "MIME MHS", NID_mime_mhs, 5, &so[3851]}, - {"mime-mhs-headings", "mime-mhs-headings", NID_mime_mhs_headings, 6, &so[3856]}, - {"mime-mhs-bodies", "mime-mhs-bodies", NID_mime_mhs_bodies, 6, &so[3862]}, - {"id-hex-partial-message", "id-hex-partial-message", NID_id_hex_partial_message, 7, &so[3868]}, - {"id-hex-multipart-message", "id-hex-multipart-message", NID_id_hex_multipart_message, 7, &so[3875]}, - {"generationQualifier", "generationQualifier", NID_generationQualifier, 3, &so[3882]}, - {"pseudonym", "pseudonym", NID_pseudonym, 3, &so[3885]}, - { NULL, NULL, NID_undef }, - {"id-set", "Secure Electronic Transactions", NID_id_set, 2, &so[3888]}, - {"set-ctype", "content types", NID_set_ctype, 3, &so[3890]}, - {"set-msgExt", "message extensions", NID_set_msgExt, 3, &so[3893]}, - {"set-attr", "set-attr", NID_set_attr, 3, &so[3896]}, - {"set-policy", "set-policy", NID_set_policy, 3, &so[3899]}, - {"set-certExt", "certificate extensions", NID_set_certExt, 3, &so[3902]}, - {"set-brand", "set-brand", NID_set_brand, 3, &so[3905]}, - {"setct-PANData", "setct-PANData", NID_setct_PANData, 4, &so[3908]}, - {"setct-PANToken", "setct-PANToken", NID_setct_PANToken, 4, &so[3912]}, - {"setct-PANOnly", "setct-PANOnly", NID_setct_PANOnly, 4, &so[3916]}, - {"setct-OIData", "setct-OIData", NID_setct_OIData, 4, &so[3920]}, - {"setct-PI", "setct-PI", NID_setct_PI, 4, &so[3924]}, - {"setct-PIData", "setct-PIData", NID_setct_PIData, 4, &so[3928]}, - {"setct-PIDataUnsigned", "setct-PIDataUnsigned", NID_setct_PIDataUnsigned, 4, &so[3932]}, - {"setct-HODInput", "setct-HODInput", NID_setct_HODInput, 4, &so[3936]}, - {"setct-AuthResBaggage", "setct-AuthResBaggage", NID_setct_AuthResBaggage, 4, &so[3940]}, - {"setct-AuthRevReqBaggage", "setct-AuthRevReqBaggage", NID_setct_AuthRevReqBaggage, 4, &so[3944]}, - {"setct-AuthRevResBaggage", "setct-AuthRevResBaggage", NID_setct_AuthRevResBaggage, 4, &so[3948]}, - {"setct-CapTokenSeq", "setct-CapTokenSeq", NID_setct_CapTokenSeq, 4, &so[3952]}, - {"setct-PInitResData", "setct-PInitResData", NID_setct_PInitResData, 4, &so[3956]}, - {"setct-PI-TBS", "setct-PI-TBS", NID_setct_PI_TBS, 4, &so[3960]}, - {"setct-PResData", "setct-PResData", NID_setct_PResData, 4, &so[3964]}, - {"setct-AuthReqTBS", "setct-AuthReqTBS", NID_setct_AuthReqTBS, 4, &so[3968]}, - {"setct-AuthResTBS", "setct-AuthResTBS", NID_setct_AuthResTBS, 4, &so[3972]}, - {"setct-AuthResTBSX", "setct-AuthResTBSX", NID_setct_AuthResTBSX, 4, &so[3976]}, - {"setct-AuthTokenTBS", "setct-AuthTokenTBS", NID_setct_AuthTokenTBS, 4, &so[3980]}, - {"setct-CapTokenData", "setct-CapTokenData", NID_setct_CapTokenData, 4, &so[3984]}, - {"setct-CapTokenTBS", "setct-CapTokenTBS", NID_setct_CapTokenTBS, 4, &so[3988]}, - {"setct-AcqCardCodeMsg", "setct-AcqCardCodeMsg", NID_setct_AcqCardCodeMsg, 4, &so[3992]}, - {"setct-AuthRevReqTBS", "setct-AuthRevReqTBS", NID_setct_AuthRevReqTBS, 4, &so[3996]}, - {"setct-AuthRevResData", "setct-AuthRevResData", NID_setct_AuthRevResData, 4, &so[4000]}, - {"setct-AuthRevResTBS", "setct-AuthRevResTBS", NID_setct_AuthRevResTBS, 4, &so[4004]}, - {"setct-CapReqTBS", "setct-CapReqTBS", NID_setct_CapReqTBS, 4, &so[4008]}, - {"setct-CapReqTBSX", "setct-CapReqTBSX", NID_setct_CapReqTBSX, 4, &so[4012]}, - {"setct-CapResData", "setct-CapResData", NID_setct_CapResData, 4, &so[4016]}, - {"setct-CapRevReqTBS", "setct-CapRevReqTBS", NID_setct_CapRevReqTBS, 4, &so[4020]}, - {"setct-CapRevReqTBSX", "setct-CapRevReqTBSX", NID_setct_CapRevReqTBSX, 4, &so[4024]}, - {"setct-CapRevResData", "setct-CapRevResData", NID_setct_CapRevResData, 4, &so[4028]}, - {"setct-CredReqTBS", "setct-CredReqTBS", NID_setct_CredReqTBS, 4, &so[4032]}, - {"setct-CredReqTBSX", "setct-CredReqTBSX", NID_setct_CredReqTBSX, 4, &so[4036]}, - {"setct-CredResData", "setct-CredResData", NID_setct_CredResData, 4, &so[4040]}, - {"setct-CredRevReqTBS", "setct-CredRevReqTBS", NID_setct_CredRevReqTBS, 4, &so[4044]}, - {"setct-CredRevReqTBSX", "setct-CredRevReqTBSX", NID_setct_CredRevReqTBSX, 4, &so[4048]}, - {"setct-CredRevResData", "setct-CredRevResData", NID_setct_CredRevResData, 4, &so[4052]}, - {"setct-PCertReqData", "setct-PCertReqData", NID_setct_PCertReqData, 4, &so[4056]}, - {"setct-PCertResTBS", "setct-PCertResTBS", NID_setct_PCertResTBS, 4, &so[4060]}, - {"setct-BatchAdminReqData", "setct-BatchAdminReqData", NID_setct_BatchAdminReqData, 4, &so[4064]}, - {"setct-BatchAdminResData", "setct-BatchAdminResData", NID_setct_BatchAdminResData, 4, &so[4068]}, - {"setct-CardCInitResTBS", "setct-CardCInitResTBS", NID_setct_CardCInitResTBS, 4, &so[4072]}, - {"setct-MeAqCInitResTBS", "setct-MeAqCInitResTBS", NID_setct_MeAqCInitResTBS, 4, &so[4076]}, - {"setct-RegFormResTBS", "setct-RegFormResTBS", NID_setct_RegFormResTBS, 4, &so[4080]}, - {"setct-CertReqData", "setct-CertReqData", NID_setct_CertReqData, 4, &so[4084]}, - {"setct-CertReqTBS", "setct-CertReqTBS", NID_setct_CertReqTBS, 4, &so[4088]}, - {"setct-CertResData", "setct-CertResData", NID_setct_CertResData, 4, &so[4092]}, - {"setct-CertInqReqTBS", "setct-CertInqReqTBS", NID_setct_CertInqReqTBS, 4, &so[4096]}, - {"setct-ErrorTBS", "setct-ErrorTBS", NID_setct_ErrorTBS, 4, &so[4100]}, - {"setct-PIDualSignedTBE", "setct-PIDualSignedTBE", NID_setct_PIDualSignedTBE, 4, &so[4104]}, - {"setct-PIUnsignedTBE", "setct-PIUnsignedTBE", NID_setct_PIUnsignedTBE, 4, &so[4108]}, - {"setct-AuthReqTBE", "setct-AuthReqTBE", NID_setct_AuthReqTBE, 4, &so[4112]}, - {"setct-AuthResTBE", "setct-AuthResTBE", NID_setct_AuthResTBE, 4, &so[4116]}, - {"setct-AuthResTBEX", "setct-AuthResTBEX", NID_setct_AuthResTBEX, 4, &so[4120]}, - {"setct-AuthTokenTBE", "setct-AuthTokenTBE", NID_setct_AuthTokenTBE, 4, &so[4124]}, - {"setct-CapTokenTBE", "setct-CapTokenTBE", NID_setct_CapTokenTBE, 4, &so[4128]}, - {"setct-CapTokenTBEX", "setct-CapTokenTBEX", NID_setct_CapTokenTBEX, 4, &so[4132]}, - {"setct-AcqCardCodeMsgTBE", "setct-AcqCardCodeMsgTBE", NID_setct_AcqCardCodeMsgTBE, 4, &so[4136]}, - {"setct-AuthRevReqTBE", "setct-AuthRevReqTBE", NID_setct_AuthRevReqTBE, 4, &so[4140]}, - {"setct-AuthRevResTBE", "setct-AuthRevResTBE", NID_setct_AuthRevResTBE, 4, &so[4144]}, - {"setct-AuthRevResTBEB", "setct-AuthRevResTBEB", NID_setct_AuthRevResTBEB, 4, &so[4148]}, - {"setct-CapReqTBE", "setct-CapReqTBE", NID_setct_CapReqTBE, 4, &so[4152]}, - {"setct-CapReqTBEX", "setct-CapReqTBEX", NID_setct_CapReqTBEX, 4, &so[4156]}, - {"setct-CapResTBE", "setct-CapResTBE", NID_setct_CapResTBE, 4, &so[4160]}, - {"setct-CapRevReqTBE", "setct-CapRevReqTBE", NID_setct_CapRevReqTBE, 4, &so[4164]}, - {"setct-CapRevReqTBEX", "setct-CapRevReqTBEX", NID_setct_CapRevReqTBEX, 4, &so[4168]}, - {"setct-CapRevResTBE", "setct-CapRevResTBE", NID_setct_CapRevResTBE, 4, &so[4172]}, - {"setct-CredReqTBE", "setct-CredReqTBE", NID_setct_CredReqTBE, 4, &so[4176]}, - {"setct-CredReqTBEX", "setct-CredReqTBEX", NID_setct_CredReqTBEX, 4, &so[4180]}, - {"setct-CredResTBE", "setct-CredResTBE", NID_setct_CredResTBE, 4, &so[4184]}, - {"setct-CredRevReqTBE", "setct-CredRevReqTBE", NID_setct_CredRevReqTBE, 4, &so[4188]}, - {"setct-CredRevReqTBEX", "setct-CredRevReqTBEX", NID_setct_CredRevReqTBEX, 4, &so[4192]}, - {"setct-CredRevResTBE", "setct-CredRevResTBE", NID_setct_CredRevResTBE, 4, &so[4196]}, - {"setct-BatchAdminReqTBE", "setct-BatchAdminReqTBE", NID_setct_BatchAdminReqTBE, 4, &so[4200]}, - {"setct-BatchAdminResTBE", "setct-BatchAdminResTBE", NID_setct_BatchAdminResTBE, 4, &so[4204]}, - {"setct-RegFormReqTBE", "setct-RegFormReqTBE", NID_setct_RegFormReqTBE, 4, &so[4208]}, - {"setct-CertReqTBE", "setct-CertReqTBE", NID_setct_CertReqTBE, 4, &so[4212]}, - {"setct-CertReqTBEX", "setct-CertReqTBEX", NID_setct_CertReqTBEX, 4, &so[4216]}, - {"setct-CertResTBE", "setct-CertResTBE", NID_setct_CertResTBE, 4, &so[4220]}, - {"setct-CRLNotificationTBS", "setct-CRLNotificationTBS", NID_setct_CRLNotificationTBS, 4, &so[4224]}, - {"setct-CRLNotificationResTBS", "setct-CRLNotificationResTBS", NID_setct_CRLNotificationResTBS, 4, &so[4228]}, - {"setct-BCIDistributionTBS", "setct-BCIDistributionTBS", NID_setct_BCIDistributionTBS, 4, &so[4232]}, - {"setext-genCrypt", "generic cryptogram", NID_setext_genCrypt, 4, &so[4236]}, - {"setext-miAuth", "merchant initiated auth", NID_setext_miAuth, 4, &so[4240]}, - {"setext-pinSecure", "setext-pinSecure", NID_setext_pinSecure, 4, &so[4244]}, - {"setext-pinAny", "setext-pinAny", NID_setext_pinAny, 4, &so[4248]}, - {"setext-track2", "setext-track2", NID_setext_track2, 4, &so[4252]}, - {"setext-cv", "additional verification", NID_setext_cv, 4, &so[4256]}, - {"set-policy-root", "set-policy-root", NID_set_policy_root, 4, &so[4260]}, - {"setCext-hashedRoot", "setCext-hashedRoot", NID_setCext_hashedRoot, 4, &so[4264]}, - {"setCext-certType", "setCext-certType", NID_setCext_certType, 4, &so[4268]}, - {"setCext-merchData", "setCext-merchData", NID_setCext_merchData, 4, &so[4272]}, - {"setCext-cCertRequired", "setCext-cCertRequired", NID_setCext_cCertRequired, 4, &so[4276]}, - {"setCext-tunneling", "setCext-tunneling", NID_setCext_tunneling, 4, &so[4280]}, - {"setCext-setExt", "setCext-setExt", NID_setCext_setExt, 4, &so[4284]}, - {"setCext-setQualf", "setCext-setQualf", NID_setCext_setQualf, 4, &so[4288]}, - {"setCext-PGWYcapabilities", "setCext-PGWYcapabilities", NID_setCext_PGWYcapabilities, 4, &so[4292]}, - {"setCext-TokenIdentifier", "setCext-TokenIdentifier", NID_setCext_TokenIdentifier, 4, &so[4296]}, - {"setCext-Track2Data", "setCext-Track2Data", NID_setCext_Track2Data, 4, &so[4300]}, - {"setCext-TokenType", "setCext-TokenType", NID_setCext_TokenType, 4, &so[4304]}, - {"setCext-IssuerCapabilities", "setCext-IssuerCapabilities", NID_setCext_IssuerCapabilities, 4, &so[4308]}, - {"setAttr-Cert", "setAttr-Cert", NID_setAttr_Cert, 4, &so[4312]}, - {"setAttr-PGWYcap", "payment gateway capabilities", NID_setAttr_PGWYcap, 4, &so[4316]}, - {"setAttr-TokenType", "setAttr-TokenType", NID_setAttr_TokenType, 4, &so[4320]}, - {"setAttr-IssCap", "issuer capabilities", NID_setAttr_IssCap, 4, &so[4324]}, - {"set-rootKeyThumb", "set-rootKeyThumb", NID_set_rootKeyThumb, 5, &so[4328]}, - {"set-addPolicy", "set-addPolicy", NID_set_addPolicy, 5, &so[4333]}, - {"setAttr-Token-EMV", "setAttr-Token-EMV", NID_setAttr_Token_EMV, 5, &so[4338]}, - {"setAttr-Token-B0Prime", "setAttr-Token-B0Prime", NID_setAttr_Token_B0Prime, 5, &so[4343]}, - {"setAttr-IssCap-CVM", "setAttr-IssCap-CVM", NID_setAttr_IssCap_CVM, 5, &so[4348]}, - {"setAttr-IssCap-T2", "setAttr-IssCap-T2", NID_setAttr_IssCap_T2, 5, &so[4353]}, - {"setAttr-IssCap-Sig", "setAttr-IssCap-Sig", NID_setAttr_IssCap_Sig, 5, &so[4358]}, - {"setAttr-GenCryptgrm", "generate cryptogram", NID_setAttr_GenCryptgrm, 6, &so[4363]}, - {"setAttr-T2Enc", "encrypted track 2", NID_setAttr_T2Enc, 6, &so[4369]}, - {"setAttr-T2cleartxt", "cleartext track 2", NID_setAttr_T2cleartxt, 6, &so[4375]}, - {"setAttr-TokICCsig", "ICC or token signature", NID_setAttr_TokICCsig, 6, &so[4381]}, - {"setAttr-SecDevSig", "secure device signature", NID_setAttr_SecDevSig, 6, &so[4387]}, - {"set-brand-IATA-ATA", "set-brand-IATA-ATA", NID_set_brand_IATA_ATA, 4, &so[4393]}, - {"set-brand-Diners", "set-brand-Diners", NID_set_brand_Diners, 4, &so[4397]}, - {"set-brand-AmericanExpress", "set-brand-AmericanExpress", NID_set_brand_AmericanExpress, 4, &so[4401]}, - {"set-brand-JCB", "set-brand-JCB", NID_set_brand_JCB, 4, &so[4405]}, - {"set-brand-Visa", "set-brand-Visa", NID_set_brand_Visa, 4, &so[4409]}, - {"set-brand-MasterCard", "set-brand-MasterCard", NID_set_brand_MasterCard, 4, &so[4413]}, - {"set-brand-Novus", "set-brand-Novus", NID_set_brand_Novus, 5, &so[4417]}, - {"DES-CDMF", "des-cdmf", NID_des_cdmf, 8, &so[4422]}, - {"rsaOAEPEncryptionSET", "rsaOAEPEncryptionSET", NID_rsaOAEPEncryptionSET, 9, &so[4430]}, - {"ITU-T", "itu-t", NID_itu_t}, - {"JOINT-ISO-ITU-T", "joint-iso-itu-t", NID_joint_iso_itu_t}, - {"international-organizations", "International Organizations", NID_international_organizations, 1, &so[4439]}, - {"msSmartcardLogin", "Microsoft Smartcard Login", NID_ms_smartcard_login, 10, &so[4440]}, - {"msUPN", "Microsoft User Principal Name", NID_ms_upn, 10, &so[4450]}, - {"AES-128-CFB1", "aes-128-cfb1", NID_aes_128_cfb1}, - {"AES-192-CFB1", "aes-192-cfb1", NID_aes_192_cfb1}, - {"AES-256-CFB1", "aes-256-cfb1", NID_aes_256_cfb1}, - {"AES-128-CFB8", "aes-128-cfb8", NID_aes_128_cfb8}, - {"AES-192-CFB8", "aes-192-cfb8", NID_aes_192_cfb8}, - {"AES-256-CFB8", "aes-256-cfb8", NID_aes_256_cfb8}, - {"DES-CFB1", "des-cfb1", NID_des_cfb1}, - {"DES-CFB8", "des-cfb8", NID_des_cfb8}, - {"DES-EDE3-CFB1", "des-ede3-cfb1", NID_des_ede3_cfb1}, - {"DES-EDE3-CFB8", "des-ede3-cfb8", NID_des_ede3_cfb8}, - {"street", "streetAddress", NID_streetAddress, 3, &so[4460]}, - {"postalCode", "postalCode", NID_postalCode, 3, &so[4463]}, - {"id-ppl", "id-ppl", NID_id_ppl, 7, &so[4466]}, - {"proxyCertInfo", "Proxy Certificate Information", NID_proxyCertInfo, 8, &so[4473]}, - {"id-ppl-anyLanguage", "Any language", NID_id_ppl_anyLanguage, 8, &so[4481]}, - {"id-ppl-inheritAll", "Inherit all", NID_id_ppl_inheritAll, 8, &so[4489]}, - {"nameConstraints", "X509v3 Name Constraints", NID_name_constraints, 3, &so[4497]}, - {"id-ppl-independent", "Independent", NID_Independent, 8, &so[4500]}, - {"RSA-SHA256", "sha256WithRSAEncryption", NID_sha256WithRSAEncryption, 9, &so[4508]}, - {"RSA-SHA384", "sha384WithRSAEncryption", NID_sha384WithRSAEncryption, 9, &so[4517]}, - {"RSA-SHA512", "sha512WithRSAEncryption", NID_sha512WithRSAEncryption, 9, &so[4526]}, - {"RSA-SHA224", "sha224WithRSAEncryption", NID_sha224WithRSAEncryption, 9, &so[4535]}, - {"SHA256", "sha256", NID_sha256, 9, &so[4544]}, - {"SHA384", "sha384", NID_sha384, 9, &so[4553]}, - {"SHA512", "sha512", NID_sha512, 9, &so[4562]}, - {"SHA224", "sha224", NID_sha224, 9, &so[4571]}, - {"identified-organization", "identified-organization", NID_identified_organization, 1, &so[4580]}, - {"certicom-arc", "certicom-arc", NID_certicom_arc, 3, &so[4581]}, - {"wap", "wap", NID_wap, 2, &so[4584]}, - {"wap-wsg", "wap-wsg", NID_wap_wsg, 3, &so[4586]}, - {"id-characteristic-two-basis", "id-characteristic-two-basis", NID_X9_62_id_characteristic_two_basis, 8, &so[4589]}, - {"onBasis", "onBasis", NID_X9_62_onBasis, 9, &so[4597]}, - {"tpBasis", "tpBasis", NID_X9_62_tpBasis, 9, &so[4606]}, - {"ppBasis", "ppBasis", NID_X9_62_ppBasis, 9, &so[4615]}, - {"c2pnb163v1", "c2pnb163v1", NID_X9_62_c2pnb163v1, 8, &so[4624]}, - {"c2pnb163v2", "c2pnb163v2", NID_X9_62_c2pnb163v2, 8, &so[4632]}, - {"c2pnb163v3", "c2pnb163v3", NID_X9_62_c2pnb163v3, 8, &so[4640]}, - {"c2pnb176v1", "c2pnb176v1", NID_X9_62_c2pnb176v1, 8, &so[4648]}, - {"c2tnb191v1", "c2tnb191v1", NID_X9_62_c2tnb191v1, 8, &so[4656]}, - {"c2tnb191v2", "c2tnb191v2", NID_X9_62_c2tnb191v2, 8, &so[4664]}, - {"c2tnb191v3", "c2tnb191v3", NID_X9_62_c2tnb191v3, 8, &so[4672]}, - {"c2onb191v4", "c2onb191v4", NID_X9_62_c2onb191v4, 8, &so[4680]}, - {"c2onb191v5", "c2onb191v5", NID_X9_62_c2onb191v5, 8, &so[4688]}, - {"c2pnb208w1", "c2pnb208w1", NID_X9_62_c2pnb208w1, 8, &so[4696]}, - {"c2tnb239v1", "c2tnb239v1", NID_X9_62_c2tnb239v1, 8, &so[4704]}, - {"c2tnb239v2", "c2tnb239v2", NID_X9_62_c2tnb239v2, 8, &so[4712]}, - {"c2tnb239v3", "c2tnb239v3", NID_X9_62_c2tnb239v3, 8, &so[4720]}, - {"c2onb239v4", "c2onb239v4", NID_X9_62_c2onb239v4, 8, &so[4728]}, - {"c2onb239v5", "c2onb239v5", NID_X9_62_c2onb239v5, 8, &so[4736]}, - {"c2pnb272w1", "c2pnb272w1", NID_X9_62_c2pnb272w1, 8, &so[4744]}, - {"c2pnb304w1", "c2pnb304w1", NID_X9_62_c2pnb304w1, 8, &so[4752]}, - {"c2tnb359v1", "c2tnb359v1", NID_X9_62_c2tnb359v1, 8, &so[4760]}, - {"c2pnb368w1", "c2pnb368w1", NID_X9_62_c2pnb368w1, 8, &so[4768]}, - {"c2tnb431r1", "c2tnb431r1", NID_X9_62_c2tnb431r1, 8, &so[4776]}, - {"secp112r1", "secp112r1", NID_secp112r1, 5, &so[4784]}, - {"secp112r2", "secp112r2", NID_secp112r2, 5, &so[4789]}, - {"secp128r1", "secp128r1", NID_secp128r1, 5, &so[4794]}, - {"secp128r2", "secp128r2", NID_secp128r2, 5, &so[4799]}, - {"secp160k1", "secp160k1", NID_secp160k1, 5, &so[4804]}, - {"secp160r1", "secp160r1", NID_secp160r1, 5, &so[4809]}, - {"secp160r2", "secp160r2", NID_secp160r2, 5, &so[4814]}, - {"secp192k1", "secp192k1", NID_secp192k1, 5, &so[4819]}, - {"secp224k1", "secp224k1", NID_secp224k1, 5, &so[4824]}, - {"secp224r1", "secp224r1", NID_secp224r1, 5, &so[4829]}, - {"secp256k1", "secp256k1", NID_secp256k1, 5, &so[4834]}, - {"secp384r1", "secp384r1", NID_secp384r1, 5, &so[4839]}, - {"secp521r1", "secp521r1", NID_secp521r1, 5, &so[4844]}, - {"sect113r1", "sect113r1", NID_sect113r1, 5, &so[4849]}, - {"sect113r2", "sect113r2", NID_sect113r2, 5, &so[4854]}, - {"sect131r1", "sect131r1", NID_sect131r1, 5, &so[4859]}, - {"sect131r2", "sect131r2", NID_sect131r2, 5, &so[4864]}, - {"sect163k1", "sect163k1", NID_sect163k1, 5, &so[4869]}, - {"sect163r1", "sect163r1", NID_sect163r1, 5, &so[4874]}, - {"sect163r2", "sect163r2", NID_sect163r2, 5, &so[4879]}, - {"sect193r1", "sect193r1", NID_sect193r1, 5, &so[4884]}, - {"sect193r2", "sect193r2", NID_sect193r2, 5, &so[4889]}, - {"sect233k1", "sect233k1", NID_sect233k1, 5, &so[4894]}, - {"sect233r1", "sect233r1", NID_sect233r1, 5, &so[4899]}, - {"sect239k1", "sect239k1", NID_sect239k1, 5, &so[4904]}, - {"sect283k1", "sect283k1", NID_sect283k1, 5, &so[4909]}, - {"sect283r1", "sect283r1", NID_sect283r1, 5, &so[4914]}, - {"sect409k1", "sect409k1", NID_sect409k1, 5, &so[4919]}, - {"sect409r1", "sect409r1", NID_sect409r1, 5, &so[4924]}, - {"sect571k1", "sect571k1", NID_sect571k1, 5, &so[4929]}, - {"sect571r1", "sect571r1", NID_sect571r1, 5, &so[4934]}, - {"wap-wsg-idm-ecid-wtls1", "wap-wsg-idm-ecid-wtls1", NID_wap_wsg_idm_ecid_wtls1, 5, &so[4939]}, - {"wap-wsg-idm-ecid-wtls3", "wap-wsg-idm-ecid-wtls3", NID_wap_wsg_idm_ecid_wtls3, 5, &so[4944]}, - {"wap-wsg-idm-ecid-wtls4", "wap-wsg-idm-ecid-wtls4", NID_wap_wsg_idm_ecid_wtls4, 5, &so[4949]}, - {"wap-wsg-idm-ecid-wtls5", "wap-wsg-idm-ecid-wtls5", NID_wap_wsg_idm_ecid_wtls5, 5, &so[4954]}, - {"wap-wsg-idm-ecid-wtls6", "wap-wsg-idm-ecid-wtls6", NID_wap_wsg_idm_ecid_wtls6, 5, &so[4959]}, - {"wap-wsg-idm-ecid-wtls7", "wap-wsg-idm-ecid-wtls7", NID_wap_wsg_idm_ecid_wtls7, 5, &so[4964]}, - {"wap-wsg-idm-ecid-wtls8", "wap-wsg-idm-ecid-wtls8", NID_wap_wsg_idm_ecid_wtls8, 5, &so[4969]}, - {"wap-wsg-idm-ecid-wtls9", "wap-wsg-idm-ecid-wtls9", NID_wap_wsg_idm_ecid_wtls9, 5, &so[4974]}, - {"wap-wsg-idm-ecid-wtls10", "wap-wsg-idm-ecid-wtls10", NID_wap_wsg_idm_ecid_wtls10, 5, &so[4979]}, - {"wap-wsg-idm-ecid-wtls11", "wap-wsg-idm-ecid-wtls11", NID_wap_wsg_idm_ecid_wtls11, 5, &so[4984]}, - {"wap-wsg-idm-ecid-wtls12", "wap-wsg-idm-ecid-wtls12", NID_wap_wsg_idm_ecid_wtls12, 5, &so[4989]}, - {"anyPolicy", "X509v3 Any Policy", NID_any_policy, 4, &so[4994]}, - {"policyMappings", "X509v3 Policy Mappings", NID_policy_mappings, 3, &so[4998]}, - {"inhibitAnyPolicy", "X509v3 Inhibit Any Policy", NID_inhibit_any_policy, 3, &so[5001]}, - {"Oakley-EC2N-3", "ipsec3", NID_ipsec3}, - {"Oakley-EC2N-4", "ipsec4", NID_ipsec4}, - {"CAMELLIA-128-CBC", "camellia-128-cbc", NID_camellia_128_cbc, 11, &so[5004]}, - {"CAMELLIA-192-CBC", "camellia-192-cbc", NID_camellia_192_cbc, 11, &so[5015]}, - {"CAMELLIA-256-CBC", "camellia-256-cbc", NID_camellia_256_cbc, 11, &so[5026]}, - {"CAMELLIA-128-ECB", "camellia-128-ecb", NID_camellia_128_ecb, 8, &so[5037]}, - {"CAMELLIA-192-ECB", "camellia-192-ecb", NID_camellia_192_ecb, 8, &so[5045]}, - {"CAMELLIA-256-ECB", "camellia-256-ecb", NID_camellia_256_ecb, 8, &so[5053]}, - {"CAMELLIA-128-CFB", "camellia-128-cfb", NID_camellia_128_cfb128, 8, &so[5061]}, - {"CAMELLIA-192-CFB", "camellia-192-cfb", NID_camellia_192_cfb128, 8, &so[5069]}, - {"CAMELLIA-256-CFB", "camellia-256-cfb", NID_camellia_256_cfb128, 8, &so[5077]}, - {"CAMELLIA-128-CFB1", "camellia-128-cfb1", NID_camellia_128_cfb1}, - {"CAMELLIA-192-CFB1", "camellia-192-cfb1", NID_camellia_192_cfb1}, - {"CAMELLIA-256-CFB1", "camellia-256-cfb1", NID_camellia_256_cfb1}, - {"CAMELLIA-128-CFB8", "camellia-128-cfb8", NID_camellia_128_cfb8}, - {"CAMELLIA-192-CFB8", "camellia-192-cfb8", NID_camellia_192_cfb8}, - {"CAMELLIA-256-CFB8", "camellia-256-cfb8", NID_camellia_256_cfb8}, - {"CAMELLIA-128-OFB", "camellia-128-ofb", NID_camellia_128_ofb128, 8, &so[5085]}, - {"CAMELLIA-192-OFB", "camellia-192-ofb", NID_camellia_192_ofb128, 8, &so[5093]}, - {"CAMELLIA-256-OFB", "camellia-256-ofb", NID_camellia_256_ofb128, 8, &so[5101]}, - {"subjectDirectoryAttributes", "X509v3 Subject Directory Attributes", NID_subject_directory_attributes, 3, &so[5109]}, - {"issuingDistributionPoint", "X509v3 Issuing Distribution Point", NID_issuing_distribution_point, 3, &so[5112]}, - {"certificateIssuer", "X509v3 Certificate Issuer", NID_certificate_issuer, 3, &so[5115]}, - { NULL, NULL, NID_undef }, - {"KISA", "kisa", NID_kisa, 6, &so[5118]}, - { NULL, NULL, NID_undef }, - { NULL, NULL, NID_undef }, - {"SEED-ECB", "seed-ecb", NID_seed_ecb, 8, &so[5124]}, - {"SEED-CBC", "seed-cbc", NID_seed_cbc, 8, &so[5132]}, - {"SEED-OFB", "seed-ofb", NID_seed_ofb128, 8, &so[5140]}, - {"SEED-CFB", "seed-cfb", NID_seed_cfb128, 8, &so[5148]}, - {"HMAC-MD5", "hmac-md5", NID_hmac_md5, 8, &so[5156]}, - {"HMAC-SHA1", "hmac-sha1", NID_hmac_sha1, 8, &so[5164]}, - {"id-PasswordBasedMAC", "password based MAC", NID_id_PasswordBasedMAC, 9, &so[5172]}, - {"id-DHBasedMac", "Diffie-Hellman based MAC", NID_id_DHBasedMac, 9, &so[5181]}, - {"id-it-suppLangTags", "id-it-suppLangTags", NID_id_it_suppLangTags, 8, &so[5190]}, - {"caRepository", "CA Repository", NID_caRepository, 8, &so[5198]}, - {"id-smime-ct-compressedData", "id-smime-ct-compressedData", NID_id_smime_ct_compressedData, 11, &so[5206]}, - {"id-ct-asciiTextWithCRLF", "id-ct-asciiTextWithCRLF", NID_id_ct_asciiTextWithCRLF, 11, &so[5217]}, - {"id-aes128-wrap", "id-aes128-wrap", NID_id_aes128_wrap, 9, &so[5228]}, - {"id-aes192-wrap", "id-aes192-wrap", NID_id_aes192_wrap, 9, &so[5237]}, - {"id-aes256-wrap", "id-aes256-wrap", NID_id_aes256_wrap, 9, &so[5246]}, - {"ecdsa-with-Recommended", "ecdsa-with-Recommended", NID_ecdsa_with_Recommended, 7, &so[5255]}, - {"ecdsa-with-Specified", "ecdsa-with-Specified", NID_ecdsa_with_Specified, 7, &so[5262]}, - {"ecdsa-with-SHA224", "ecdsa-with-SHA224", NID_ecdsa_with_SHA224, 8, &so[5269]}, - {"ecdsa-with-SHA256", "ecdsa-with-SHA256", NID_ecdsa_with_SHA256, 8, &so[5277]}, - {"ecdsa-with-SHA384", "ecdsa-with-SHA384", NID_ecdsa_with_SHA384, 8, &so[5285]}, - {"ecdsa-with-SHA512", "ecdsa-with-SHA512", NID_ecdsa_with_SHA512, 8, &so[5293]}, - {"hmacWithMD5", "hmacWithMD5", NID_hmacWithMD5, 8, &so[5301]}, - {"hmacWithSHA224", "hmacWithSHA224", NID_hmacWithSHA224, 8, &so[5309]}, - {"hmacWithSHA256", "hmacWithSHA256", NID_hmacWithSHA256, 8, &so[5317]}, - {"hmacWithSHA384", "hmacWithSHA384", NID_hmacWithSHA384, 8, &so[5325]}, - {"hmacWithSHA512", "hmacWithSHA512", NID_hmacWithSHA512, 8, &so[5333]}, - {"dsa_with_SHA224", "dsa_with_SHA224", NID_dsa_with_SHA224, 9, &so[5341]}, - {"dsa_with_SHA256", "dsa_with_SHA256", NID_dsa_with_SHA256, 9, &so[5350]}, - {"whirlpool", "whirlpool", NID_whirlpool, 6, &so[5359]}, - {"cryptopro", "cryptopro", NID_cryptopro, 5, &so[5365]}, - {"cryptocom", "cryptocom", NID_cryptocom, 5, &so[5370]}, - {"id-GostR3411-94-with-GostR3410-2001", "GOST R 34.11-94 with GOST R 34.10-2001", NID_id_GostR3411_94_with_GostR3410_2001, 6, &so[5375]}, - {"id-GostR3411-94-with-GostR3410-94", "GOST R 34.11-94 with GOST R 34.10-94", NID_id_GostR3411_94_with_GostR3410_94, 6, &so[5381]}, - {"md_gost94", "GOST R 34.11-94", NID_id_GostR3411_94, 6, &so[5387]}, - {"id-HMACGostR3411-94", "HMAC GOST 34.11-94", NID_id_HMACGostR3411_94, 6, &so[5393]}, - {"gost2001", "GOST R 34.10-2001", NID_id_GostR3410_2001, 6, &so[5399]}, - {"gost94", "GOST R 34.10-94", NID_id_GostR3410_94, 6, &so[5405]}, - {"gost89", "GOST 28147-89", NID_id_Gost28147_89, 6, &so[5411]}, - {"gost89-cnt", "gost89-cnt", NID_gost89_cnt}, - {"gost-mac", "GOST 28147-89 MAC", NID_id_Gost28147_89_MAC, 6, &so[5417]}, - {"prf-gostr3411-94", "GOST R 34.11-94 PRF", NID_id_GostR3411_94_prf, 6, &so[5423]}, - {"id-GostR3410-2001DH", "GOST R 34.10-2001 DH", NID_id_GostR3410_2001DH, 6, &so[5429]}, - {"id-GostR3410-94DH", "GOST R 34.10-94 DH", NID_id_GostR3410_94DH, 6, &so[5435]}, - {"id-Gost28147-89-CryptoPro-KeyMeshing", "id-Gost28147-89-CryptoPro-KeyMeshing", NID_id_Gost28147_89_CryptoPro_KeyMeshing, 7, &so[5441]}, - {"id-Gost28147-89-None-KeyMeshing", "id-Gost28147-89-None-KeyMeshing", NID_id_Gost28147_89_None_KeyMeshing, 7, &so[5448]}, - {"id-GostR3411-94-TestParamSet", "id-GostR3411-94-TestParamSet", NID_id_GostR3411_94_TestParamSet, 7, &so[5455]}, - {"id-GostR3411-94-CryptoProParamSet", "id-GostR3411-94-CryptoProParamSet", NID_id_GostR3411_94_CryptoProParamSet, 7, &so[5462]}, - {"id-Gost28147-89-TestParamSet", "id-Gost28147-89-TestParamSet", NID_id_Gost28147_89_TestParamSet, 7, &so[5469]}, - {"id-Gost28147-89-CryptoPro-A-ParamSet", "id-Gost28147-89-CryptoPro-A-ParamSet", NID_id_Gost28147_89_CryptoPro_A_ParamSet, 7, &so[5476]}, - {"id-Gost28147-89-CryptoPro-B-ParamSet", "id-Gost28147-89-CryptoPro-B-ParamSet", NID_id_Gost28147_89_CryptoPro_B_ParamSet, 7, &so[5483]}, - {"id-Gost28147-89-CryptoPro-C-ParamSet", "id-Gost28147-89-CryptoPro-C-ParamSet", NID_id_Gost28147_89_CryptoPro_C_ParamSet, 7, &so[5490]}, - {"id-Gost28147-89-CryptoPro-D-ParamSet", "id-Gost28147-89-CryptoPro-D-ParamSet", NID_id_Gost28147_89_CryptoPro_D_ParamSet, 7, &so[5497]}, - {"id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet", "id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet", NID_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet, 7, &so[5504]}, - {"id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet", "id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet", NID_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet, 7, &so[5511]}, - {"id-Gost28147-89-CryptoPro-RIC-1-ParamSet", "id-Gost28147-89-CryptoPro-RIC-1-ParamSet", NID_id_Gost28147_89_CryptoPro_RIC_1_ParamSet, 7, &so[5518]}, - {"id-GostR3410-94-TestParamSet", "id-GostR3410-94-TestParamSet", NID_id_GostR3410_94_TestParamSet, 7, &so[5525]}, - {"id-GostR3410-94-CryptoPro-A-ParamSet", "id-GostR3410-94-CryptoPro-A-ParamSet", NID_id_GostR3410_94_CryptoPro_A_ParamSet, 7, &so[5532]}, - {"id-GostR3410-94-CryptoPro-B-ParamSet", "id-GostR3410-94-CryptoPro-B-ParamSet", NID_id_GostR3410_94_CryptoPro_B_ParamSet, 7, &so[5539]}, - {"id-GostR3410-94-CryptoPro-C-ParamSet", "id-GostR3410-94-CryptoPro-C-ParamSet", NID_id_GostR3410_94_CryptoPro_C_ParamSet, 7, &so[5546]}, - {"id-GostR3410-94-CryptoPro-D-ParamSet", "id-GostR3410-94-CryptoPro-D-ParamSet", NID_id_GostR3410_94_CryptoPro_D_ParamSet, 7, &so[5553]}, - {"id-GostR3410-94-CryptoPro-XchA-ParamSet", "id-GostR3410-94-CryptoPro-XchA-ParamSet", NID_id_GostR3410_94_CryptoPro_XchA_ParamSet, 7, &so[5560]}, - {"id-GostR3410-94-CryptoPro-XchB-ParamSet", "id-GostR3410-94-CryptoPro-XchB-ParamSet", NID_id_GostR3410_94_CryptoPro_XchB_ParamSet, 7, &so[5567]}, - {"id-GostR3410-94-CryptoPro-XchC-ParamSet", "id-GostR3410-94-CryptoPro-XchC-ParamSet", NID_id_GostR3410_94_CryptoPro_XchC_ParamSet, 7, &so[5574]}, - {"id-GostR3410-2001-TestParamSet", "id-GostR3410-2001-TestParamSet", NID_id_GostR3410_2001_TestParamSet, 7, &so[5581]}, - {"id-GostR3410-2001-CryptoPro-A-ParamSet", "id-GostR3410-2001-CryptoPro-A-ParamSet", NID_id_GostR3410_2001_CryptoPro_A_ParamSet, 7, &so[5588]}, - {"id-GostR3410-2001-CryptoPro-B-ParamSet", "id-GostR3410-2001-CryptoPro-B-ParamSet", NID_id_GostR3410_2001_CryptoPro_B_ParamSet, 7, &so[5595]}, - {"id-GostR3410-2001-CryptoPro-C-ParamSet", "id-GostR3410-2001-CryptoPro-C-ParamSet", NID_id_GostR3410_2001_CryptoPro_C_ParamSet, 7, &so[5602]}, - {"id-GostR3410-2001-CryptoPro-XchA-ParamSet", "id-GostR3410-2001-CryptoPro-XchA-ParamSet", NID_id_GostR3410_2001_CryptoPro_XchA_ParamSet, 7, &so[5609]}, - {"id-GostR3410-2001-CryptoPro-XchB-ParamSet", "id-GostR3410-2001-CryptoPro-XchB-ParamSet", NID_id_GostR3410_2001_CryptoPro_XchB_ParamSet, 7, &so[5616]}, - {"id-GostR3410-94-a", "id-GostR3410-94-a", NID_id_GostR3410_94_a, 7, &so[5623]}, - {"id-GostR3410-94-aBis", "id-GostR3410-94-aBis", NID_id_GostR3410_94_aBis, 7, &so[5630]}, - {"id-GostR3410-94-b", "id-GostR3410-94-b", NID_id_GostR3410_94_b, 7, &so[5637]}, - {"id-GostR3410-94-bBis", "id-GostR3410-94-bBis", NID_id_GostR3410_94_bBis, 7, &so[5644]}, - {"id-Gost28147-89-cc", "GOST 28147-89 Cryptocom ParamSet", NID_id_Gost28147_89_cc, 8, &so[5651]}, - {"gost94cc", "GOST 34.10-94 Cryptocom", NID_id_GostR3410_94_cc, 8, &so[5659]}, - {"gost2001cc", "GOST 34.10-2001 Cryptocom", NID_id_GostR3410_2001_cc, 8, &so[5667]}, - {"id-GostR3411-94-with-GostR3410-94-cc", "GOST R 34.11-94 with GOST R 34.10-94 Cryptocom", NID_id_GostR3411_94_with_GostR3410_94_cc, 8, &so[5675]}, - {"id-GostR3411-94-with-GostR3410-2001-cc", "GOST R 34.11-94 with GOST R 34.10-2001 Cryptocom", NID_id_GostR3411_94_with_GostR3410_2001_cc, 8, &so[5683]}, - {"id-GostR3410-2001-ParamSet-cc", "GOST R 3410-2001 Parameter Set Cryptocom", NID_id_GostR3410_2001_ParamSet_cc, 8, &so[5691]}, - {"HMAC", "hmac", NID_hmac}, - {"LocalKeySet", "Microsoft Local Key set", NID_LocalKeySet, 9, &so[5699]}, - {"freshestCRL", "X509v3 Freshest CRL", NID_freshest_crl, 3, &so[5708]}, - {"id-on-permanentIdentifier", "Permanent Identifier", NID_id_on_permanentIdentifier, 8, &so[5711]}, - {"searchGuide", "searchGuide", NID_searchGuide, 3, &so[5719]}, - {"businessCategory", "businessCategory", NID_businessCategory, 3, &so[5722]}, - {"postalAddress", "postalAddress", NID_postalAddress, 3, &so[5725]}, - {"postOfficeBox", "postOfficeBox", NID_postOfficeBox, 3, &so[5728]}, - {"physicalDeliveryOfficeName", "physicalDeliveryOfficeName", NID_physicalDeliveryOfficeName, 3, &so[5731]}, - {"telephoneNumber", "telephoneNumber", NID_telephoneNumber, 3, &so[5734]}, - {"telexNumber", "telexNumber", NID_telexNumber, 3, &so[5737]}, - {"teletexTerminalIdentifier", "teletexTerminalIdentifier", NID_teletexTerminalIdentifier, 3, &so[5740]}, - {"facsimileTelephoneNumber", "facsimileTelephoneNumber", NID_facsimileTelephoneNumber, 3, &so[5743]}, - {"x121Address", "x121Address", NID_x121Address, 3, &so[5746]}, - {"internationaliSDNNumber", "internationaliSDNNumber", NID_internationaliSDNNumber, 3, &so[5749]}, - {"registeredAddress", "registeredAddress", NID_registeredAddress, 3, &so[5752]}, - {"destinationIndicator", "destinationIndicator", NID_destinationIndicator, 3, &so[5755]}, - {"preferredDeliveryMethod", "preferredDeliveryMethod", NID_preferredDeliveryMethod, 3, &so[5758]}, - {"presentationAddress", "presentationAddress", NID_presentationAddress, 3, &so[5761]}, - {"supportedApplicationContext", "supportedApplicationContext", NID_supportedApplicationContext, 3, &so[5764]}, - {"member", "member", NID_member, 3, &so[5767]}, - {"owner", "owner", NID_owner, 3, &so[5770]}, - {"roleOccupant", "roleOccupant", NID_roleOccupant, 3, &so[5773]}, - {"seeAlso", "seeAlso", NID_seeAlso, 3, &so[5776]}, - {"userPassword", "userPassword", NID_userPassword, 3, &so[5779]}, - {"userCertificate", "userCertificate", NID_userCertificate, 3, &so[5782]}, - {"cACertificate", "cACertificate", NID_cACertificate, 3, &so[5785]}, - {"authorityRevocationList", "authorityRevocationList", NID_authorityRevocationList, 3, &so[5788]}, - {"certificateRevocationList", "certificateRevocationList", NID_certificateRevocationList, 3, &so[5791]}, - {"crossCertificatePair", "crossCertificatePair", NID_crossCertificatePair, 3, &so[5794]}, - {"enhancedSearchGuide", "enhancedSearchGuide", NID_enhancedSearchGuide, 3, &so[5797]}, - {"protocolInformation", "protocolInformation", NID_protocolInformation, 3, &so[5800]}, - {"distinguishedName", "distinguishedName", NID_distinguishedName, 3, &so[5803]}, - {"uniqueMember", "uniqueMember", NID_uniqueMember, 3, &so[5806]}, - {"houseIdentifier", "houseIdentifier", NID_houseIdentifier, 3, &so[5809]}, - {"supportedAlgorithms", "supportedAlgorithms", NID_supportedAlgorithms, 3, &so[5812]}, - {"deltaRevocationList", "deltaRevocationList", NID_deltaRevocationList, 3, &so[5815]}, - {"dmdName", "dmdName", NID_dmdName, 3, &so[5818]}, - {"id-alg-PWRI-KEK", "id-alg-PWRI-KEK", NID_id_alg_PWRI_KEK, 11, &so[5821]}, - {"CMAC", "cmac", NID_cmac}, - {"id-aes128-GCM", "aes-128-gcm", NID_aes_128_gcm, 9, &so[5832]}, - {"id-aes128-CCM", "aes-128-ccm", NID_aes_128_ccm, 9, &so[5841]}, - {"id-aes128-wrap-pad", "id-aes128-wrap-pad", NID_id_aes128_wrap_pad, 9, &so[5850]}, - {"id-aes192-GCM", "aes-192-gcm", NID_aes_192_gcm, 9, &so[5859]}, - {"id-aes192-CCM", "aes-192-ccm", NID_aes_192_ccm, 9, &so[5868]}, - {"id-aes192-wrap-pad", "id-aes192-wrap-pad", NID_id_aes192_wrap_pad, 9, &so[5877]}, - {"id-aes256-GCM", "aes-256-gcm", NID_aes_256_gcm, 9, &so[5886]}, - {"id-aes256-CCM", "aes-256-ccm", NID_aes_256_ccm, 9, &so[5895]}, - {"id-aes256-wrap-pad", "id-aes256-wrap-pad", NID_id_aes256_wrap_pad, 9, &so[5904]}, - {"AES-128-CTR", "aes-128-ctr", NID_aes_128_ctr}, - {"AES-192-CTR", "aes-192-ctr", NID_aes_192_ctr}, - {"AES-256-CTR", "aes-256-ctr", NID_aes_256_ctr}, - {"id-camellia128-wrap", "id-camellia128-wrap", NID_id_camellia128_wrap, 11, &so[5913]}, - {"id-camellia192-wrap", "id-camellia192-wrap", NID_id_camellia192_wrap, 11, &so[5924]}, - {"id-camellia256-wrap", "id-camellia256-wrap", NID_id_camellia256_wrap, 11, &so[5935]}, - {"anyExtendedKeyUsage", "Any Extended Key Usage", NID_anyExtendedKeyUsage, 4, &so[5946]}, - {"MGF1", "mgf1", NID_mgf1, 9, &so[5950]}, - {"RSASSA-PSS", "rsassaPss", NID_rsassaPss, 9, &so[5959]}, - {"AES-128-XTS", "aes-128-xts", NID_aes_128_xts, 8, &so[5968]}, - {"AES-256-XTS", "aes-256-xts", NID_aes_256_xts, 8, &so[5976]}, - {"RC4-HMAC-MD5", "rc4-hmac-md5", NID_rc4_hmac_md5}, - {"AES-128-CBC-HMAC-SHA1", "aes-128-cbc-hmac-sha1", NID_aes_128_cbc_hmac_sha1}, - {"AES-192-CBC-HMAC-SHA1", "aes-192-cbc-hmac-sha1", NID_aes_192_cbc_hmac_sha1}, - {"AES-256-CBC-HMAC-SHA1", "aes-256-cbc-hmac-sha1", NID_aes_256_cbc_hmac_sha1}, - {"RSAES-OAEP", "rsaesOaep", NID_rsaesOaep, 9, &so[5984]}, - {"dhpublicnumber", "X9.42 DH", NID_dhpublicnumber, 7, &so[5993]}, - {"brainpoolP160r1", "brainpoolP160r1", NID_brainpoolP160r1, 9, &so[6000]}, - {"brainpoolP160t1", "brainpoolP160t1", NID_brainpoolP160t1, 9, &so[6009]}, - {"brainpoolP192r1", "brainpoolP192r1", NID_brainpoolP192r1, 9, &so[6018]}, - {"brainpoolP192t1", "brainpoolP192t1", NID_brainpoolP192t1, 9, &so[6027]}, - {"brainpoolP224r1", "brainpoolP224r1", NID_brainpoolP224r1, 9, &so[6036]}, - {"brainpoolP224t1", "brainpoolP224t1", NID_brainpoolP224t1, 9, &so[6045]}, - {"brainpoolP256r1", "brainpoolP256r1", NID_brainpoolP256r1, 9, &so[6054]}, - {"brainpoolP256t1", "brainpoolP256t1", NID_brainpoolP256t1, 9, &so[6063]}, - {"brainpoolP320r1", "brainpoolP320r1", NID_brainpoolP320r1, 9, &so[6072]}, - {"brainpoolP320t1", "brainpoolP320t1", NID_brainpoolP320t1, 9, &so[6081]}, - {"brainpoolP384r1", "brainpoolP384r1", NID_brainpoolP384r1, 9, &so[6090]}, - {"brainpoolP384t1", "brainpoolP384t1", NID_brainpoolP384t1, 9, &so[6099]}, - {"brainpoolP512r1", "brainpoolP512r1", NID_brainpoolP512r1, 9, &so[6108]}, - {"brainpoolP512t1", "brainpoolP512t1", NID_brainpoolP512t1, 9, &so[6117]}, - {"PSPECIFIED", "pSpecified", NID_pSpecified, 9, &so[6126]}, - {"dhSinglePass-stdDH-sha1kdf-scheme", "dhSinglePass-stdDH-sha1kdf-scheme", NID_dhSinglePass_stdDH_sha1kdf_scheme, 9, &so[6135]}, - {"dhSinglePass-stdDH-sha224kdf-scheme", "dhSinglePass-stdDH-sha224kdf-scheme", NID_dhSinglePass_stdDH_sha224kdf_scheme, 6, &so[6144]}, - {"dhSinglePass-stdDH-sha256kdf-scheme", "dhSinglePass-stdDH-sha256kdf-scheme", NID_dhSinglePass_stdDH_sha256kdf_scheme, 6, &so[6150]}, - {"dhSinglePass-stdDH-sha384kdf-scheme", "dhSinglePass-stdDH-sha384kdf-scheme", NID_dhSinglePass_stdDH_sha384kdf_scheme, 6, &so[6156]}, - {"dhSinglePass-stdDH-sha512kdf-scheme", "dhSinglePass-stdDH-sha512kdf-scheme", NID_dhSinglePass_stdDH_sha512kdf_scheme, 6, &so[6162]}, - {"dhSinglePass-cofactorDH-sha1kdf-scheme", "dhSinglePass-cofactorDH-sha1kdf-scheme", NID_dhSinglePass_cofactorDH_sha1kdf_scheme, 9, &so[6168]}, - {"dhSinglePass-cofactorDH-sha224kdf-scheme", "dhSinglePass-cofactorDH-sha224kdf-scheme", NID_dhSinglePass_cofactorDH_sha224kdf_scheme, 6, &so[6177]}, - {"dhSinglePass-cofactorDH-sha256kdf-scheme", "dhSinglePass-cofactorDH-sha256kdf-scheme", NID_dhSinglePass_cofactorDH_sha256kdf_scheme, 6, &so[6183]}, - {"dhSinglePass-cofactorDH-sha384kdf-scheme", "dhSinglePass-cofactorDH-sha384kdf-scheme", NID_dhSinglePass_cofactorDH_sha384kdf_scheme, 6, &so[6189]}, - {"dhSinglePass-cofactorDH-sha512kdf-scheme", "dhSinglePass-cofactorDH-sha512kdf-scheme", NID_dhSinglePass_cofactorDH_sha512kdf_scheme, 6, &so[6195]}, - {"dh-std-kdf", "dh-std-kdf", NID_dh_std_kdf}, - {"dh-cofactor-kdf", "dh-cofactor-kdf", NID_dh_cofactor_kdf}, - {"AES-128-CBC-HMAC-SHA256", "aes-128-cbc-hmac-sha256", NID_aes_128_cbc_hmac_sha256}, - {"AES-192-CBC-HMAC-SHA256", "aes-192-cbc-hmac-sha256", NID_aes_192_cbc_hmac_sha256}, - {"AES-256-CBC-HMAC-SHA256", "aes-256-cbc-hmac-sha256", NID_aes_256_cbc_hmac_sha256}, - {"ct_precert_scts", "CT Precertificate SCTs", NID_ct_precert_scts, 10, &so[6201]}, - {"ct_precert_poison", "CT Precertificate Poison", NID_ct_precert_poison, 10, &so[6211]}, - {"ct_precert_signer", "CT Precertificate Signer", NID_ct_precert_signer, 10, &so[6221]}, - {"ct_cert_scts", "CT Certificate SCTs", NID_ct_cert_scts, 10, &so[6231]}, - {"jurisdictionL", "jurisdictionLocalityName", NID_jurisdictionLocalityName, 11, &so[6241]}, - {"jurisdictionST", "jurisdictionStateOrProvinceName", NID_jurisdictionStateOrProvinceName, 11, &so[6252]}, - {"jurisdictionC", "jurisdictionCountryName", NID_jurisdictionCountryName, 11, &so[6263]}, - {"AES-128-OCB", "aes-128-ocb", NID_aes_128_ocb}, - {"AES-192-OCB", "aes-192-ocb", NID_aes_192_ocb}, - {"AES-256-OCB", "aes-256-ocb", NID_aes_256_ocb}, - {"CAMELLIA-128-GCM", "camellia-128-gcm", NID_camellia_128_gcm, 8, &so[6274]}, - {"CAMELLIA-128-CCM", "camellia-128-ccm", NID_camellia_128_ccm, 8, &so[6282]}, - {"CAMELLIA-128-CTR", "camellia-128-ctr", NID_camellia_128_ctr, 8, &so[6290]}, - {"CAMELLIA-128-CMAC", "camellia-128-cmac", NID_camellia_128_cmac, 8, &so[6298]}, - {"CAMELLIA-192-GCM", "camellia-192-gcm", NID_camellia_192_gcm, 8, &so[6306]}, - {"CAMELLIA-192-CCM", "camellia-192-ccm", NID_camellia_192_ccm, 8, &so[6314]}, - {"CAMELLIA-192-CTR", "camellia-192-ctr", NID_camellia_192_ctr, 8, &so[6322]}, - {"CAMELLIA-192-CMAC", "camellia-192-cmac", NID_camellia_192_cmac, 8, &so[6330]}, - {"CAMELLIA-256-GCM", "camellia-256-gcm", NID_camellia_256_gcm, 8, &so[6338]}, - {"CAMELLIA-256-CCM", "camellia-256-ccm", NID_camellia_256_ccm, 8, &so[6346]}, - {"CAMELLIA-256-CTR", "camellia-256-ctr", NID_camellia_256_ctr, 8, &so[6354]}, - {"CAMELLIA-256-CMAC", "camellia-256-cmac", NID_camellia_256_cmac, 8, &so[6362]}, - {"id-scrypt", "scrypt", NID_id_scrypt, 9, &so[6370]}, - {"id-tc26", "id-tc26", NID_id_tc26, 5, &so[6379]}, - {"gost89-cnt-12", "gost89-cnt-12", NID_gost89_cnt_12}, - {"gost-mac-12", "gost-mac-12", NID_gost_mac_12}, - {"id-tc26-algorithms", "id-tc26-algorithms", NID_id_tc26_algorithms, 6, &so[6384]}, - {"id-tc26-sign", "id-tc26-sign", NID_id_tc26_sign, 7, &so[6390]}, - {"gost2012_256", "GOST R 34.10-2012 with 256 bit modulus", NID_id_GostR3410_2012_256, 8, &so[6397]}, - {"gost2012_512", "GOST R 34.10-2012 with 512 bit modulus", NID_id_GostR3410_2012_512, 8, &so[6405]}, - {"id-tc26-digest", "id-tc26-digest", NID_id_tc26_digest, 7, &so[6413]}, - {"md_gost12_256", "GOST R 34.11-2012 with 256 bit hash", NID_id_GostR3411_2012_256, 8, &so[6420]}, - {"md_gost12_512", "GOST R 34.11-2012 with 512 bit hash", NID_id_GostR3411_2012_512, 8, &so[6428]}, - {"id-tc26-signwithdigest", "id-tc26-signwithdigest", NID_id_tc26_signwithdigest, 7, &so[6436]}, - {"id-tc26-signwithdigest-gost3410-2012-256", "GOST R 34.10-2012 with GOST R 34.11-2012 (256 bit)", NID_id_tc26_signwithdigest_gost3410_2012_256, 8, &so[6443]}, - {"id-tc26-signwithdigest-gost3410-2012-512", "GOST R 34.10-2012 with GOST R 34.11-2012 (512 bit)", NID_id_tc26_signwithdigest_gost3410_2012_512, 8, &so[6451]}, - {"id-tc26-mac", "id-tc26-mac", NID_id_tc26_mac, 7, &so[6459]}, - {"id-tc26-hmac-gost-3411-2012-256", "HMAC GOST 34.11-2012 256 bit", NID_id_tc26_hmac_gost_3411_2012_256, 8, &so[6466]}, - {"id-tc26-hmac-gost-3411-2012-512", "HMAC GOST 34.11-2012 512 bit", NID_id_tc26_hmac_gost_3411_2012_512, 8, &so[6474]}, - {"id-tc26-cipher", "id-tc26-cipher", NID_id_tc26_cipher, 7, &so[6482]}, - {"id-tc26-agreement", "id-tc26-agreement", NID_id_tc26_agreement, 7, &so[6489]}, - {"id-tc26-agreement-gost-3410-2012-256", "id-tc26-agreement-gost-3410-2012-256", NID_id_tc26_agreement_gost_3410_2012_256, 8, &so[6496]}, - {"id-tc26-agreement-gost-3410-2012-512", "id-tc26-agreement-gost-3410-2012-512", NID_id_tc26_agreement_gost_3410_2012_512, 8, &so[6504]}, - {"id-tc26-constants", "id-tc26-constants", NID_id_tc26_constants, 6, &so[6512]}, - {"id-tc26-sign-constants", "id-tc26-sign-constants", NID_id_tc26_sign_constants, 7, &so[6518]}, - {"id-tc26-gost-3410-2012-512-constants", "id-tc26-gost-3410-2012-512-constants", NID_id_tc26_gost_3410_2012_512_constants, 8, &so[6525]}, - {"id-tc26-gost-3410-2012-512-paramSetTest", "GOST R 34.10-2012 (512 bit) testing parameter set", NID_id_tc26_gost_3410_2012_512_paramSetTest, 9, &so[6533]}, - {"id-tc26-gost-3410-2012-512-paramSetA", "GOST R 34.10-2012 (512 bit) ParamSet A", NID_id_tc26_gost_3410_2012_512_paramSetA, 9, &so[6542]}, - {"id-tc26-gost-3410-2012-512-paramSetB", "GOST R 34.10-2012 (512 bit) ParamSet B", NID_id_tc26_gost_3410_2012_512_paramSetB, 9, &so[6551]}, - {"id-tc26-digest-constants", "id-tc26-digest-constants", NID_id_tc26_digest_constants, 7, &so[6560]}, - {"id-tc26-cipher-constants", "id-tc26-cipher-constants", NID_id_tc26_cipher_constants, 7, &so[6567]}, - {"id-tc26-gost-28147-constants", "id-tc26-gost-28147-constants", NID_id_tc26_gost_28147_constants, 8, &so[6574]}, - {"id-tc26-gost-28147-param-Z", "GOST 28147-89 TC26 parameter set", NID_id_tc26_gost_28147_param_Z, 9, &so[6582]}, - {"INN", "INN", NID_INN, 8, &so[6591]}, - {"OGRN", "OGRN", NID_OGRN, 5, &so[6599]}, - {"SNILS", "SNILS", NID_SNILS, 5, &so[6604]}, - {"subjectSignTool", "Signing Tool of Subject", NID_subjectSignTool, 5, &so[6609]}, - {"issuerSignTool", "Signing Tool of Issuer", NID_issuerSignTool, 5, &so[6614]}, - {"gost89-cbc", "gost89-cbc", NID_gost89_cbc}, - {"gost89-ecb", "gost89-ecb", NID_gost89_ecb}, - {"gost89-ctr", "gost89-ctr", NID_gost89_ctr}, - {"kuznyechik-ecb", "kuznyechik-ecb", NID_kuznyechik_ecb}, - {"kuznyechik-ctr", "kuznyechik-ctr", NID_kuznyechik_ctr}, - {"kuznyechik-ofb", "kuznyechik-ofb", NID_kuznyechik_ofb}, - {"kuznyechik-cbc", "kuznyechik-cbc", NID_kuznyechik_cbc}, - {"kuznyechik-cfb", "kuznyechik-cfb", NID_kuznyechik_cfb}, - {"kuznyechik-mac", "kuznyechik-mac", NID_kuznyechik_mac}, - {"ChaCha20-Poly1305", "chacha20-poly1305", NID_chacha20_poly1305}, - {"ChaCha20", "chacha20", NID_chacha20}, - {"tlsfeature", "TLS Feature", NID_tlsfeature, 8, &so[6619]}, - {"TLS1-PRF", "tls1-prf", NID_tls1_prf}, - {"ipsecIKE", "ipsec Internet Key Exchange", NID_ipsec_IKE, 8, &so[6627]}, - {"capwapAC", "Ctrl/provision WAP Access", NID_capwapAC, 8, &so[6635]}, - {"capwapWTP", "Ctrl/Provision WAP Termination", NID_capwapWTP, 8, &so[6643]}, - {"secureShellClient", "SSH Client", NID_sshClient, 8, &so[6651]}, - {"secureShellServer", "SSH Server", NID_sshServer, 8, &so[6659]}, - {"sendRouter", "Send Router", NID_sendRouter, 8, &so[6667]}, - {"sendProxiedRouter", "Send Proxied Router", NID_sendProxiedRouter, 8, &so[6675]}, - {"sendOwner", "Send Owner", NID_sendOwner, 8, &so[6683]}, - {"sendProxiedOwner", "Send Proxied Owner", NID_sendProxiedOwner, 8, &so[6691]}, - {"id-pkinit", "id-pkinit", NID_id_pkinit, 6, &so[6699]}, - {"pkInitClientAuth", "PKINIT Client Auth", NID_pkInitClientAuth, 7, &so[6705]}, - {"pkInitKDC", "Signing KDC Response", NID_pkInitKDC, 7, &so[6712]}, - {"X25519", "X25519", NID_X25519, 3, &so[6719]}, - {"X448", "X448", NID_X448, 3, &so[6722]}, - {"HKDF", "hkdf", NID_hkdf}, - {"KxRSA", "kx-rsa", NID_kx_rsa}, - {"KxECDHE", "kx-ecdhe", NID_kx_ecdhe}, - {"KxDHE", "kx-dhe", NID_kx_dhe}, - {"KxECDHE-PSK", "kx-ecdhe-psk", NID_kx_ecdhe_psk}, - {"KxDHE-PSK", "kx-dhe-psk", NID_kx_dhe_psk}, - {"KxRSA_PSK", "kx-rsa-psk", NID_kx_rsa_psk}, - {"KxPSK", "kx-psk", NID_kx_psk}, - {"KxSRP", "kx-srp", NID_kx_srp}, - {"KxGOST", "kx-gost", NID_kx_gost}, - {"AuthRSA", "auth-rsa", NID_auth_rsa}, - {"AuthECDSA", "auth-ecdsa", NID_auth_ecdsa}, - {"AuthPSK", "auth-psk", NID_auth_psk}, - {"AuthDSS", "auth-dss", NID_auth_dss}, - {"AuthGOST01", "auth-gost01", NID_auth_gost01}, - {"AuthGOST12", "auth-gost12", NID_auth_gost12}, - {"AuthSRP", "auth-srp", NID_auth_srp}, - {"AuthNULL", "auth-null", NID_auth_null}, - { NULL, NULL, NID_undef }, - { NULL, NULL, NID_undef }, - {"BLAKE2b512", "blake2b512", NID_blake2b512, 11, &so[6725]}, - {"BLAKE2s256", "blake2s256", NID_blake2s256, 11, &so[6736]}, - {"id-smime-ct-contentCollection", "id-smime-ct-contentCollection", NID_id_smime_ct_contentCollection, 11, &so[6747]}, - {"id-smime-ct-authEnvelopedData", "id-smime-ct-authEnvelopedData", NID_id_smime_ct_authEnvelopedData, 11, &so[6758]}, - {"id-ct-xml", "id-ct-xml", NID_id_ct_xml, 11, &so[6769]}, - {"Poly1305", "poly1305", NID_poly1305}, - {"SipHash", "siphash", NID_siphash}, - {"KxANY", "kx-any", NID_kx_any}, - {"AuthANY", "auth-any", NID_auth_any}, - {"ARIA-128-ECB", "aria-128-ecb", NID_aria_128_ecb, 9, &so[6780]}, - {"ARIA-128-CBC", "aria-128-cbc", NID_aria_128_cbc, 9, &so[6789]}, - {"ARIA-128-CFB", "aria-128-cfb", NID_aria_128_cfb128, 9, &so[6798]}, - {"ARIA-128-OFB", "aria-128-ofb", NID_aria_128_ofb128, 9, &so[6807]}, - {"ARIA-128-CTR", "aria-128-ctr", NID_aria_128_ctr, 9, &so[6816]}, - {"ARIA-192-ECB", "aria-192-ecb", NID_aria_192_ecb, 9, &so[6825]}, - {"ARIA-192-CBC", "aria-192-cbc", NID_aria_192_cbc, 9, &so[6834]}, - {"ARIA-192-CFB", "aria-192-cfb", NID_aria_192_cfb128, 9, &so[6843]}, - {"ARIA-192-OFB", "aria-192-ofb", NID_aria_192_ofb128, 9, &so[6852]}, - {"ARIA-192-CTR", "aria-192-ctr", NID_aria_192_ctr, 9, &so[6861]}, - {"ARIA-256-ECB", "aria-256-ecb", NID_aria_256_ecb, 9, &so[6870]}, - {"ARIA-256-CBC", "aria-256-cbc", NID_aria_256_cbc, 9, &so[6879]}, - {"ARIA-256-CFB", "aria-256-cfb", NID_aria_256_cfb128, 9, &so[6888]}, - {"ARIA-256-OFB", "aria-256-ofb", NID_aria_256_ofb128, 9, &so[6897]}, - {"ARIA-256-CTR", "aria-256-ctr", NID_aria_256_ctr, 9, &so[6906]}, - {"ARIA-128-CFB1", "aria-128-cfb1", NID_aria_128_cfb1}, - {"ARIA-192-CFB1", "aria-192-cfb1", NID_aria_192_cfb1}, - {"ARIA-256-CFB1", "aria-256-cfb1", NID_aria_256_cfb1}, - {"ARIA-128-CFB8", "aria-128-cfb8", NID_aria_128_cfb8}, - {"ARIA-192-CFB8", "aria-192-cfb8", NID_aria_192_cfb8}, - {"ARIA-256-CFB8", "aria-256-cfb8", NID_aria_256_cfb8}, - {"id-smime-aa-signingCertificateV2", "id-smime-aa-signingCertificateV2", NID_id_smime_aa_signingCertificateV2, 11, &so[6915]}, - {"ED25519", "ED25519", NID_ED25519, 3, &so[6926]}, - {"ED448", "ED448", NID_ED448, 3, &so[6929]}, - {"organizationIdentifier", "organizationIdentifier", NID_organizationIdentifier, 3, &so[6932]}, - {"c3", "countryCode3c", NID_countryCode3c, 3, &so[6935]}, - {"n3", "countryCode3n", NID_countryCode3n, 3, &so[6938]}, - {"dnsName", "dnsName", NID_dnsName, 3, &so[6941]}, - {"x509ExtAdmission", "Professional Information or basis for Admission", NID_x509ExtAdmission, 5, &so[6944]}, - {"SHA512-224", "sha512-224", NID_sha512_224, 9, &so[6949]}, - {"SHA512-256", "sha512-256", NID_sha512_256, 9, &so[6958]}, - {"SHA3-224", "sha3-224", NID_sha3_224, 9, &so[6967]}, - {"SHA3-256", "sha3-256", NID_sha3_256, 9, &so[6976]}, - {"SHA3-384", "sha3-384", NID_sha3_384, 9, &so[6985]}, - {"SHA3-512", "sha3-512", NID_sha3_512, 9, &so[6994]}, - {"SHAKE128", "shake128", NID_shake128, 9, &so[7003]}, - {"SHAKE256", "shake256", NID_shake256, 9, &so[7012]}, - {"id-hmacWithSHA3-224", "hmac-sha3-224", NID_hmac_sha3_224, 9, &so[7021]}, - {"id-hmacWithSHA3-256", "hmac-sha3-256", NID_hmac_sha3_256, 9, &so[7030]}, - {"id-hmacWithSHA3-384", "hmac-sha3-384", NID_hmac_sha3_384, 9, &so[7039]}, - {"id-hmacWithSHA3-512", "hmac-sha3-512", NID_hmac_sha3_512, 9, &so[7048]}, - {"id-dsa-with-sha384", "dsa_with_SHA384", NID_dsa_with_SHA384, 9, &so[7057]}, - {"id-dsa-with-sha512", "dsa_with_SHA512", NID_dsa_with_SHA512, 9, &so[7066]}, - {"id-dsa-with-sha3-224", "dsa_with_SHA3-224", NID_dsa_with_SHA3_224, 9, &so[7075]}, - {"id-dsa-with-sha3-256", "dsa_with_SHA3-256", NID_dsa_with_SHA3_256, 9, &so[7084]}, - {"id-dsa-with-sha3-384", "dsa_with_SHA3-384", NID_dsa_with_SHA3_384, 9, &so[7093]}, - {"id-dsa-with-sha3-512", "dsa_with_SHA3-512", NID_dsa_with_SHA3_512, 9, &so[7102]}, - {"id-ecdsa-with-sha3-224", "ecdsa_with_SHA3-224", NID_ecdsa_with_SHA3_224, 9, &so[7111]}, - {"id-ecdsa-with-sha3-256", "ecdsa_with_SHA3-256", NID_ecdsa_with_SHA3_256, 9, &so[7120]}, - {"id-ecdsa-with-sha3-384", "ecdsa_with_SHA3-384", NID_ecdsa_with_SHA3_384, 9, &so[7129]}, - {"id-ecdsa-with-sha3-512", "ecdsa_with_SHA3-512", NID_ecdsa_with_SHA3_512, 9, &so[7138]}, - {"id-rsassa-pkcs1-v1_5-with-sha3-224", "RSA-SHA3-224", NID_RSA_SHA3_224, 9, &so[7147]}, - {"id-rsassa-pkcs1-v1_5-with-sha3-256", "RSA-SHA3-256", NID_RSA_SHA3_256, 9, &so[7156]}, - {"id-rsassa-pkcs1-v1_5-with-sha3-384", "RSA-SHA3-384", NID_RSA_SHA3_384, 9, &so[7165]}, - {"id-rsassa-pkcs1-v1_5-with-sha3-512", "RSA-SHA3-512", NID_RSA_SHA3_512, 9, &so[7174]}, - {"ARIA-128-CCM", "aria-128-ccm", NID_aria_128_ccm, 9, &so[7183]}, - {"ARIA-192-CCM", "aria-192-ccm", NID_aria_192_ccm, 9, &so[7192]}, - {"ARIA-256-CCM", "aria-256-ccm", NID_aria_256_ccm, 9, &so[7201]}, - {"ARIA-128-GCM", "aria-128-gcm", NID_aria_128_gcm, 9, &so[7210]}, - {"ARIA-192-GCM", "aria-192-gcm", NID_aria_192_gcm, 9, &so[7219]}, - {"ARIA-256-GCM", "aria-256-gcm", NID_aria_256_gcm, 9, &so[7228]}, - {"ffdhe2048", "ffdhe2048", NID_ffdhe2048}, - {"ffdhe3072", "ffdhe3072", NID_ffdhe3072}, - {"ffdhe4096", "ffdhe4096", NID_ffdhe4096}, - {"ffdhe6144", "ffdhe6144", NID_ffdhe6144}, - {"ffdhe8192", "ffdhe8192", NID_ffdhe8192}, - {"cmcCA", "CMC Certificate Authority", NID_cmcCA, 8, &so[7237]}, - {"cmcRA", "CMC Registration Authority", NID_cmcRA, 8, &so[7245]}, - {"SM4-ECB", "sm4-ecb", NID_sm4_ecb, 8, &so[7253]}, - {"SM4-CBC", "sm4-cbc", NID_sm4_cbc, 8, &so[7261]}, - {"SM4-OFB", "sm4-ofb", NID_sm4_ofb128, 8, &so[7269]}, - {"SM4-CFB1", "sm4-cfb1", NID_sm4_cfb1, 8, &so[7277]}, - {"SM4-CFB", "sm4-cfb", NID_sm4_cfb128, 8, &so[7285]}, - {"SM4-CFB8", "sm4-cfb8", NID_sm4_cfb8, 8, &so[7293]}, - {"SM4-CTR", "sm4-ctr", NID_sm4_ctr, 8, &so[7301]}, - {"ISO-CN", "ISO CN Member Body", NID_ISO_CN, 3, &so[7309]}, - {"oscca", "oscca", NID_oscca, 5, &so[7312]}, - {"sm-scheme", "sm-scheme", NID_sm_scheme, 6, &so[7317]}, - {"SM3", "sm3", NID_sm3, 8, &so[7323]}, - {"RSA-SM3", "sm3WithRSAEncryption", NID_sm3WithRSAEncryption, 8, &so[7331]}, - {"RSA-SHA512/224", "sha512-224WithRSAEncryption", NID_sha512_224WithRSAEncryption, 9, &so[7339]}, - {"RSA-SHA512/256", "sha512-256WithRSAEncryption", NID_sha512_256WithRSAEncryption, 9, &so[7348]}, - {"id-tc26-gost-3410-2012-256-constants", "id-tc26-gost-3410-2012-256-constants", NID_id_tc26_gost_3410_2012_256_constants, 8, &so[7357]}, - {"id-tc26-gost-3410-2012-256-paramSetA", "GOST R 34.10-2012 (256 bit) ParamSet A", NID_id_tc26_gost_3410_2012_256_paramSetA, 9, &so[7365]}, - {"id-tc26-gost-3410-2012-512-paramSetC", "GOST R 34.10-2012 (512 bit) ParamSet C", NID_id_tc26_gost_3410_2012_512_paramSetC, 9, &so[7374]}, - {"ISO-UA", "ISO-UA", NID_ISO_UA, 3, &so[7383]}, - {"ua-pki", "ua-pki", NID_ua_pki, 7, &so[7386]}, - {"dstu28147", "DSTU Gost 28147-2009", NID_dstu28147, 10, &so[7393]}, - {"dstu28147-ofb", "DSTU Gost 28147-2009 OFB mode", NID_dstu28147_ofb, 11, &so[7403]}, - {"dstu28147-cfb", "DSTU Gost 28147-2009 CFB mode", NID_dstu28147_cfb, 11, &so[7414]}, - {"dstu28147-wrap", "DSTU Gost 28147-2009 key wrap", NID_dstu28147_wrap, 11, &so[7425]}, - {"hmacWithDstu34311", "HMAC DSTU Gost 34311-95", NID_hmacWithDstu34311, 10, &so[7436]}, - {"dstu34311", "DSTU Gost 34311-95", NID_dstu34311, 10, &so[7446]}, - {"dstu4145le", "DSTU 4145-2002 little endian", NID_dstu4145le, 11, &so[7456]}, - {"dstu4145be", "DSTU 4145-2002 big endian", NID_dstu4145be, 13, &so[7467]}, - {"uacurve0", "DSTU curve 0", NID_uacurve0, 13, &so[7480]}, - {"uacurve1", "DSTU curve 1", NID_uacurve1, 13, &so[7493]}, - {"uacurve2", "DSTU curve 2", NID_uacurve2, 13, &so[7506]}, - {"uacurve3", "DSTU curve 3", NID_uacurve3, 13, &so[7519]}, - {"uacurve4", "DSTU curve 4", NID_uacurve4, 13, &so[7532]}, - {"uacurve5", "DSTU curve 5", NID_uacurve5, 13, &so[7545]}, - {"uacurve6", "DSTU curve 6", NID_uacurve6, 13, &so[7558]}, - {"uacurve7", "DSTU curve 7", NID_uacurve7, 13, &so[7571]}, - {"uacurve8", "DSTU curve 8", NID_uacurve8, 13, &so[7584]}, - {"uacurve9", "DSTU curve 9", NID_uacurve9, 13, &so[7597]}, - {"ieee", "ieee", NID_ieee, 2, &so[7610]}, - {"ieee-siswg", "IEEE Security in Storage Working Group", NID_ieee_siswg, 5, &so[7612]}, - {"SM2", "sm2", NID_sm2, 8, &so[7617]}, - {"id-tc26-cipher-gostr3412-2015-magma", "id-tc26-cipher-gostr3412-2015-magma", NID_id_tc26_cipher_gostr3412_2015_magma, 8, &so[7625]}, - {"magma-ctr-acpkm", "magma-ctr-acpkm", NID_magma_ctr_acpkm, 9, &so[7633]}, - {"magma-ctr-acpkm-omac", "magma-ctr-acpkm-omac", NID_magma_ctr_acpkm_omac, 9, &so[7642]}, - {"id-tc26-cipher-gostr3412-2015-kuznyechik", "id-tc26-cipher-gostr3412-2015-kuznyechik", NID_id_tc26_cipher_gostr3412_2015_kuznyechik, 8, &so[7651]}, - {"kuznyechik-ctr-acpkm", "kuznyechik-ctr-acpkm", NID_kuznyechik_ctr_acpkm, 9, &so[7659]}, - {"kuznyechik-ctr-acpkm-omac", "kuznyechik-ctr-acpkm-omac", NID_kuznyechik_ctr_acpkm_omac, 9, &so[7668]}, - {"id-tc26-wrap", "id-tc26-wrap", NID_id_tc26_wrap, 7, &so[7677]}, - {"id-tc26-wrap-gostr3412-2015-magma", "id-tc26-wrap-gostr3412-2015-magma", NID_id_tc26_wrap_gostr3412_2015_magma, 8, &so[7684]}, - {"magma-kexp15", "magma-kexp15", NID_magma_kexp15, 9, &so[7692]}, - {"id-tc26-wrap-gostr3412-2015-kuznyechik", "id-tc26-wrap-gostr3412-2015-kuznyechik", NID_id_tc26_wrap_gostr3412_2015_kuznyechik, 8, &so[7701]}, - {"kuznyechik-kexp15", "kuznyechik-kexp15", NID_kuznyechik_kexp15, 9, &so[7709]}, - {"id-tc26-gost-3410-2012-256-paramSetB", "GOST R 34.10-2012 (256 bit) ParamSet B", NID_id_tc26_gost_3410_2012_256_paramSetB, 9, &so[7718]}, - {"id-tc26-gost-3410-2012-256-paramSetC", "GOST R 34.10-2012 (256 bit) ParamSet C", NID_id_tc26_gost_3410_2012_256_paramSetC, 9, &so[7727]}, - {"id-tc26-gost-3410-2012-256-paramSetD", "GOST R 34.10-2012 (256 bit) ParamSet D", NID_id_tc26_gost_3410_2012_256_paramSetD, 9, &so[7736]}, - {"magma-ecb", "magma-ecb", NID_magma_ecb}, - {"magma-ctr", "magma-ctr", NID_magma_ctr}, - {"magma-ofb", "magma-ofb", NID_magma_ofb}, - {"magma-cbc", "magma-cbc", NID_magma_cbc}, - {"magma-cfb", "magma-cfb", NID_magma_cfb}, - {"magma-mac", "magma-mac", NID_magma_mac}, - {"hmacWithSHA512-224", "hmacWithSHA512-224", NID_hmacWithSHA512_224, 8, &so[7745]}, - {"hmacWithSHA512-256", "hmacWithSHA512-256", NID_hmacWithSHA512_256, 8, &so[7753]}, - {"GMAC", "gmac", NID_gmac, 5, &so[7761]}, - {"KMAC128", "kmac128", NID_kmac128, 9, &so[7766]}, - {"KMAC256", "kmac256", NID_kmac256, 9, &so[7775]}, - {"AES-128-SIV", "aes-128-siv", NID_aes_128_siv}, - {"AES-192-SIV", "aes-192-siv", NID_aes_192_siv}, - {"AES-256-SIV", "aes-256-siv", NID_aes_256_siv}, - {"BLAKE2BMAC", "blake2bmac", NID_blake2bmac, 10, &so[7784]}, - {"BLAKE2SMAC", "blake2smac", NID_blake2smac, 10, &so[7794]}, - {"SSHKDF", "sshkdf", NID_sshkdf}, - {"SM2-SM3", "SM2-with-SM3", NID_SM2_with_SM3, 8, &so[7804]}, - {"SSKDF", "sskdf", NID_sskdf}, - {"X963KDF", "x963kdf", NID_x963kdf}, - {"X942KDF", "x942kdf", NID_x942kdf}, - {"id-on-SmtpUTF8Mailbox", "Smtp UTF8 Mailbox", NID_id_on_SmtpUTF8Mailbox, 8, &so[7812]}, - {"id-on-xmppAddr", "XmppAddr", NID_XmppAddr, 8, &so[7820]}, - {"id-on-dnsSRV", "SRVName", NID_SRVName, 8, &so[7828]}, - {"id-on-NAIRealm", "NAIRealm", NID_NAIRealm, 8, &so[7836]}, - {"modp_1536", "modp_1536", NID_modp_1536}, - {"modp_2048", "modp_2048", NID_modp_2048}, - {"modp_3072", "modp_3072", NID_modp_3072}, - {"modp_4096", "modp_4096", NID_modp_4096}, - {"modp_6144", "modp_6144", NID_modp_6144}, - {"modp_8192", "modp_8192", NID_modp_8192}, - {"KxGOST18", "kx-gost18", NID_kx_gost18}, - {"cmcArchive", "CMC Archive Server", NID_cmcArchive, 8, &so[7844]}, - {"id-kp-bgpsec-router", "BGPsec Router", NID_id_kp_bgpsec_router, 8, &so[7852]}, - {"id-kp-BrandIndicatorforMessageIdentification", "Brand Indicator for Message Identification", NID_id_kp_BrandIndicatorforMessageIdentification, 8, &so[7860]}, - {"cmKGA", "Certificate Management Key Generation Authority", NID_cmKGA, 8, &so[7868]}, - {"id-it-caCerts", "id-it-caCerts", NID_id_it_caCerts, 8, &so[7876]}, - {"id-it-rootCaKeyUpdate", "id-it-rootCaKeyUpdate", NID_id_it_rootCaKeyUpdate, 8, &so[7884]}, - {"id-it-certReqTemplate", "id-it-certReqTemplate", NID_id_it_certReqTemplate, 8, &so[7892]}, - {"OGRNIP", "OGRNIP", NID_OGRNIP, 5, &so[7900]}, - {"classSignTool", "Class of Signing Tool", NID_classSignTool, 5, &so[7905]}, - {"classSignToolKC1", "Class of Signing Tool KC1", NID_classSignToolKC1, 6, &so[7910]}, - {"classSignToolKC2", "Class of Signing Tool KC2", NID_classSignToolKC2, 6, &so[7916]}, - {"classSignToolKC3", "Class of Signing Tool KC3", NID_classSignToolKC3, 6, &so[7922]}, - {"classSignToolKB1", "Class of Signing Tool KB1", NID_classSignToolKB1, 6, &so[7928]}, - {"classSignToolKB2", "Class of Signing Tool KB2", NID_classSignToolKB2, 6, &so[7934]}, - {"classSignToolKA1", "Class of Signing Tool KA1", NID_classSignToolKA1, 6, &so[7940]}, - {"id-ct-routeOriginAuthz", "id-ct-routeOriginAuthz", NID_id_ct_routeOriginAuthz, 11, &so[7946]}, - {"id-ct-rpkiManifest", "id-ct-rpkiManifest", NID_id_ct_rpkiManifest, 11, &so[7957]}, - {"id-ct-rpkiGhostbusters", "id-ct-rpkiGhostbusters", NID_id_ct_rpkiGhostbusters, 11, &so[7968]}, - {"id-ct-resourceTaggedAttest", "id-ct-resourceTaggedAttest", NID_id_ct_resourceTaggedAttest, 11, &so[7979]}, - {"id-cp", "id-cp", NID_id_cp, 7, &so[7990]}, - {"sbgp-ipAddrBlockv2", "sbgp-ipAddrBlockv2", NID_sbgp_ipAddrBlockv2, 8, &so[7997]}, - {"sbgp-autonomousSysNumv2", "sbgp-autonomousSysNumv2", NID_sbgp_autonomousSysNumv2, 8, &so[8005]}, - {"ipAddr-asNumber", "ipAddr-asNumber", NID_ipAddr_asNumber, 8, &so[8013]}, - {"ipAddr-asNumberv2", "ipAddr-asNumberv2", NID_ipAddr_asNumberv2, 8, &so[8021]}, - {"rpkiManifest", "RPKI Manifest", NID_rpkiManifest, 8, &so[8029]}, - {"signedObject", "Signed Object", NID_signedObject, 8, &so[8037]}, - {"rpkiNotify", "RPKI Notify", NID_rpkiNotify, 8, &so[8045]}, - {"id-ct-geofeedCSVwithCRLF", "id-ct-geofeedCSVwithCRLF", NID_id_ct_geofeedCSVwithCRLF, 11, &so[8053]}, - {"id-ct-signedChecklist", "id-ct-signedChecklist", NID_id_ct_signedChecklist, 11, &so[8064]}, -}; - -#define NUM_SN 1239 -static const unsigned int sn_objs[NUM_SN] = { - 364, /* "AD_DVCS" */ - 419, /* "AES-128-CBC" */ - 916, /* "AES-128-CBC-HMAC-SHA1" */ - 948, /* "AES-128-CBC-HMAC-SHA256" */ - 421, /* "AES-128-CFB" */ - 650, /* "AES-128-CFB1" */ - 653, /* "AES-128-CFB8" */ - 904, /* "AES-128-CTR" */ - 418, /* "AES-128-ECB" */ - 958, /* "AES-128-OCB" */ - 420, /* "AES-128-OFB" */ - 1198, /* "AES-128-SIV" */ - 913, /* "AES-128-XTS" */ - 423, /* "AES-192-CBC" */ - 917, /* "AES-192-CBC-HMAC-SHA1" */ - 949, /* "AES-192-CBC-HMAC-SHA256" */ - 425, /* "AES-192-CFB" */ - 651, /* "AES-192-CFB1" */ - 654, /* "AES-192-CFB8" */ - 905, /* "AES-192-CTR" */ - 422, /* "AES-192-ECB" */ - 959, /* "AES-192-OCB" */ - 424, /* "AES-192-OFB" */ - 1199, /* "AES-192-SIV" */ - 427, /* "AES-256-CBC" */ - 918, /* "AES-256-CBC-HMAC-SHA1" */ - 950, /* "AES-256-CBC-HMAC-SHA256" */ - 429, /* "AES-256-CFB" */ - 652, /* "AES-256-CFB1" */ - 655, /* "AES-256-CFB8" */ - 906, /* "AES-256-CTR" */ - 426, /* "AES-256-ECB" */ - 960, /* "AES-256-OCB" */ - 428, /* "AES-256-OFB" */ - 1200, /* "AES-256-SIV" */ - 914, /* "AES-256-XTS" */ - 1066, /* "ARIA-128-CBC" */ - 1120, /* "ARIA-128-CCM" */ - 1067, /* "ARIA-128-CFB" */ - 1080, /* "ARIA-128-CFB1" */ - 1083, /* "ARIA-128-CFB8" */ - 1069, /* "ARIA-128-CTR" */ - 1065, /* "ARIA-128-ECB" */ - 1123, /* "ARIA-128-GCM" */ - 1068, /* "ARIA-128-OFB" */ - 1071, /* "ARIA-192-CBC" */ - 1121, /* "ARIA-192-CCM" */ - 1072, /* "ARIA-192-CFB" */ - 1081, /* "ARIA-192-CFB1" */ - 1084, /* "ARIA-192-CFB8" */ - 1074, /* "ARIA-192-CTR" */ - 1070, /* "ARIA-192-ECB" */ - 1124, /* "ARIA-192-GCM" */ - 1073, /* "ARIA-192-OFB" */ - 1076, /* "ARIA-256-CBC" */ - 1122, /* "ARIA-256-CCM" */ - 1077, /* "ARIA-256-CFB" */ - 1082, /* "ARIA-256-CFB1" */ - 1085, /* "ARIA-256-CFB8" */ - 1079, /* "ARIA-256-CTR" */ - 1075, /* "ARIA-256-ECB" */ - 1125, /* "ARIA-256-GCM" */ - 1078, /* "ARIA-256-OFB" */ - 1064, /* "AuthANY" */ - 1049, /* "AuthDSS" */ - 1047, /* "AuthECDSA" */ - 1050, /* "AuthGOST01" */ - 1051, /* "AuthGOST12" */ - 1053, /* "AuthNULL" */ - 1048, /* "AuthPSK" */ - 1046, /* "AuthRSA" */ - 1052, /* "AuthSRP" */ - 91, /* "BF-CBC" */ - 93, /* "BF-CFB" */ - 92, /* "BF-ECB" */ - 94, /* "BF-OFB" */ - 1201, /* "BLAKE2BMAC" */ - 1202, /* "BLAKE2SMAC" */ - 1056, /* "BLAKE2b512" */ - 1057, /* "BLAKE2s256" */ - 14, /* "C" */ - 751, /* "CAMELLIA-128-CBC" */ - 962, /* "CAMELLIA-128-CCM" */ - 757, /* "CAMELLIA-128-CFB" */ - 760, /* "CAMELLIA-128-CFB1" */ - 763, /* "CAMELLIA-128-CFB8" */ - 964, /* "CAMELLIA-128-CMAC" */ - 963, /* "CAMELLIA-128-CTR" */ - 754, /* "CAMELLIA-128-ECB" */ - 961, /* "CAMELLIA-128-GCM" */ - 766, /* "CAMELLIA-128-OFB" */ - 752, /* "CAMELLIA-192-CBC" */ - 966, /* "CAMELLIA-192-CCM" */ - 758, /* "CAMELLIA-192-CFB" */ - 761, /* "CAMELLIA-192-CFB1" */ - 764, /* "CAMELLIA-192-CFB8" */ - 968, /* "CAMELLIA-192-CMAC" */ - 967, /* "CAMELLIA-192-CTR" */ - 755, /* "CAMELLIA-192-ECB" */ - 965, /* "CAMELLIA-192-GCM" */ - 767, /* "CAMELLIA-192-OFB" */ - 753, /* "CAMELLIA-256-CBC" */ - 970, /* "CAMELLIA-256-CCM" */ - 759, /* "CAMELLIA-256-CFB" */ - 762, /* "CAMELLIA-256-CFB1" */ - 765, /* "CAMELLIA-256-CFB8" */ - 972, /* "CAMELLIA-256-CMAC" */ - 971, /* "CAMELLIA-256-CTR" */ - 756, /* "CAMELLIA-256-ECB" */ - 969, /* "CAMELLIA-256-GCM" */ - 768, /* "CAMELLIA-256-OFB" */ - 108, /* "CAST5-CBC" */ - 110, /* "CAST5-CFB" */ - 109, /* "CAST5-ECB" */ - 111, /* "CAST5-OFB" */ - 894, /* "CMAC" */ - 13, /* "CN" */ - 141, /* "CRLReason" */ - 417, /* "CSPName" */ - 1019, /* "ChaCha20" */ - 1018, /* "ChaCha20-Poly1305" */ - 367, /* "CrlID" */ - 391, /* "DC" */ - 31, /* "DES-CBC" */ - 643, /* "DES-CDMF" */ - 30, /* "DES-CFB" */ - 656, /* "DES-CFB1" */ - 657, /* "DES-CFB8" */ - 29, /* "DES-ECB" */ - 32, /* "DES-EDE" */ - 43, /* "DES-EDE-CBC" */ - 60, /* "DES-EDE-CFB" */ - 62, /* "DES-EDE-OFB" */ - 33, /* "DES-EDE3" */ - 44, /* "DES-EDE3-CBC" */ - 61, /* "DES-EDE3-CFB" */ - 658, /* "DES-EDE3-CFB1" */ - 659, /* "DES-EDE3-CFB8" */ - 63, /* "DES-EDE3-OFB" */ - 45, /* "DES-OFB" */ - 80, /* "DESX-CBC" */ - 380, /* "DOD" */ - 116, /* "DSA" */ - 66, /* "DSA-SHA" */ - 113, /* "DSA-SHA1" */ - 70, /* "DSA-SHA1-old" */ - 67, /* "DSA-old" */ - 297, /* "DVCS" */ - 1087, /* "ED25519" */ - 1088, /* "ED448" */ - 1195, /* "GMAC" */ - 99, /* "GN" */ - 1036, /* "HKDF" */ - 855, /* "HMAC" */ - 780, /* "HMAC-MD5" */ - 781, /* "HMAC-SHA1" */ - 381, /* "IANA" */ - 34, /* "IDEA-CBC" */ - 35, /* "IDEA-CFB" */ - 36, /* "IDEA-ECB" */ - 46, /* "IDEA-OFB" */ - 1004, /* "INN" */ - 181, /* "ISO" */ - 1140, /* "ISO-CN" */ - 1150, /* "ISO-UA" */ - 183, /* "ISO-US" */ - 645, /* "ITU-T" */ - 646, /* "JOINT-ISO-ITU-T" */ - 773, /* "KISA" */ - 1196, /* "KMAC128" */ - 1197, /* "KMAC256" */ - 1063, /* "KxANY" */ - 1039, /* "KxDHE" */ - 1041, /* "KxDHE-PSK" */ - 1038, /* "KxECDHE" */ - 1040, /* "KxECDHE-PSK" */ - 1045, /* "KxGOST" */ - 1218, /* "KxGOST18" */ - 1043, /* "KxPSK" */ - 1037, /* "KxRSA" */ - 1042, /* "KxRSA_PSK" */ - 1044, /* "KxSRP" */ - 15, /* "L" */ - 856, /* "LocalKeySet" */ - 3, /* "MD2" */ - 257, /* "MD4" */ - 4, /* "MD5" */ - 114, /* "MD5-SHA1" */ - 95, /* "MDC2" */ - 911, /* "MGF1" */ - 388, /* "Mail" */ - 393, /* "NULL" */ - 404, /* "NULL" */ - 57, /* "Netscape" */ - 366, /* "Nonce" */ - 17, /* "O" */ - 178, /* "OCSP" */ - 180, /* "OCSPSigning" */ - 1005, /* "OGRN" */ - 1226, /* "OGRNIP" */ - 379, /* "ORG" */ - 18, /* "OU" */ - 749, /* "Oakley-EC2N-3" */ - 750, /* "Oakley-EC2N-4" */ - 9, /* "PBE-MD2-DES" */ - 168, /* "PBE-MD2-RC2-64" */ - 10, /* "PBE-MD5-DES" */ - 169, /* "PBE-MD5-RC2-64" */ - 147, /* "PBE-SHA1-2DES" */ - 146, /* "PBE-SHA1-3DES" */ - 170, /* "PBE-SHA1-DES" */ - 148, /* "PBE-SHA1-RC2-128" */ - 149, /* "PBE-SHA1-RC2-40" */ - 68, /* "PBE-SHA1-RC2-64" */ - 144, /* "PBE-SHA1-RC4-128" */ - 145, /* "PBE-SHA1-RC4-40" */ - 161, /* "PBES2" */ - 69, /* "PBKDF2" */ - 162, /* "PBMAC1" */ - 127, /* "PKIX" */ - 935, /* "PSPECIFIED" */ - 1061, /* "Poly1305" */ - 98, /* "RC2-40-CBC" */ - 166, /* "RC2-64-CBC" */ - 37, /* "RC2-CBC" */ - 39, /* "RC2-CFB" */ - 38, /* "RC2-ECB" */ - 40, /* "RC2-OFB" */ - 5, /* "RC4" */ - 97, /* "RC4-40" */ - 915, /* "RC4-HMAC-MD5" */ - 120, /* "RC5-CBC" */ - 122, /* "RC5-CFB" */ - 121, /* "RC5-ECB" */ - 123, /* "RC5-OFB" */ - 117, /* "RIPEMD160" */ - 19, /* "RSA" */ - 7, /* "RSA-MD2" */ - 396, /* "RSA-MD4" */ - 8, /* "RSA-MD5" */ - 96, /* "RSA-MDC2" */ - 104, /* "RSA-NP-MD5" */ - 119, /* "RSA-RIPEMD160" */ - 42, /* "RSA-SHA" */ - 65, /* "RSA-SHA1" */ - 115, /* "RSA-SHA1-2" */ - 671, /* "RSA-SHA224" */ - 668, /* "RSA-SHA256" */ - 669, /* "RSA-SHA384" */ - 670, /* "RSA-SHA512" */ - 1145, /* "RSA-SHA512/224" */ - 1146, /* "RSA-SHA512/256" */ - 1144, /* "RSA-SM3" */ - 919, /* "RSAES-OAEP" */ - 912, /* "RSASSA-PSS" */ - 777, /* "SEED-CBC" */ - 779, /* "SEED-CFB" */ - 776, /* "SEED-ECB" */ - 778, /* "SEED-OFB" */ - 41, /* "SHA" */ - 64, /* "SHA1" */ - 675, /* "SHA224" */ - 672, /* "SHA256" */ - 1096, /* "SHA3-224" */ - 1097, /* "SHA3-256" */ - 1098, /* "SHA3-384" */ - 1099, /* "SHA3-512" */ - 673, /* "SHA384" */ - 674, /* "SHA512" */ - 1094, /* "SHA512-224" */ - 1095, /* "SHA512-256" */ - 1100, /* "SHAKE128" */ - 1101, /* "SHAKE256" */ - 1172, /* "SM2" */ - 1204, /* "SM2-SM3" */ - 1143, /* "SM3" */ - 1134, /* "SM4-CBC" */ - 1137, /* "SM4-CFB" */ - 1136, /* "SM4-CFB1" */ - 1138, /* "SM4-CFB8" */ - 1139, /* "SM4-CTR" */ - 1133, /* "SM4-ECB" */ - 1135, /* "SM4-OFB" */ - 188, /* "SMIME" */ - 167, /* "SMIME-CAPS" */ - 100, /* "SN" */ - 1006, /* "SNILS" */ - 1203, /* "SSHKDF" */ - 1205, /* "SSKDF" */ - 16, /* "ST" */ - 143, /* "SXNetID" */ - 1062, /* "SipHash" */ - 1021, /* "TLS1-PRF" */ - 458, /* "UID" */ - 0, /* "UNDEF" */ - 1034, /* "X25519" */ - 1035, /* "X448" */ - 11, /* "X500" */ - 378, /* "X500algorithms" */ - 12, /* "X509" */ - 184, /* "X9-57" */ - 1207, /* "X942KDF" */ - 1206, /* "X963KDF" */ - 185, /* "X9cm" */ - 125, /* "ZLIB" */ - 478, /* "aRecord" */ - 289, /* "aaControls" */ - 287, /* "ac-auditEntity" */ - 397, /* "ac-proxying" */ - 288, /* "ac-targeting" */ - 368, /* "acceptableResponses" */ - 446, /* "account" */ - 363, /* "ad_timestamping" */ - 376, /* "algorithm" */ - 405, /* "ansi-X9-62" */ - 910, /* "anyExtendedKeyUsage" */ - 746, /* "anyPolicy" */ - 370, /* "archiveCutoff" */ - 484, /* "associatedDomain" */ - 485, /* "associatedName" */ - 501, /* "audio" */ - 177, /* "authorityInfoAccess" */ - 90, /* "authorityKeyIdentifier" */ - 882, /* "authorityRevocationList" */ - 87, /* "basicConstraints" */ - 365, /* "basicOCSPResponse" */ - 285, /* "biometricInfo" */ - 921, /* "brainpoolP160r1" */ - 922, /* "brainpoolP160t1" */ - 923, /* "brainpoolP192r1" */ - 924, /* "brainpoolP192t1" */ - 925, /* "brainpoolP224r1" */ - 926, /* "brainpoolP224t1" */ - 927, /* "brainpoolP256r1" */ - 928, /* "brainpoolP256t1" */ - 929, /* "brainpoolP320r1" */ - 930, /* "brainpoolP320t1" */ - 931, /* "brainpoolP384r1" */ - 932, /* "brainpoolP384t1" */ - 933, /* "brainpoolP512r1" */ - 934, /* "brainpoolP512t1" */ - 494, /* "buildingName" */ - 860, /* "businessCategory" */ - 691, /* "c2onb191v4" */ - 692, /* "c2onb191v5" */ - 697, /* "c2onb239v4" */ - 698, /* "c2onb239v5" */ - 684, /* "c2pnb163v1" */ - 685, /* "c2pnb163v2" */ - 686, /* "c2pnb163v3" */ - 687, /* "c2pnb176v1" */ - 693, /* "c2pnb208w1" */ - 699, /* "c2pnb272w1" */ - 700, /* "c2pnb304w1" */ - 702, /* "c2pnb368w1" */ - 688, /* "c2tnb191v1" */ - 689, /* "c2tnb191v2" */ - 690, /* "c2tnb191v3" */ - 694, /* "c2tnb239v1" */ - 695, /* "c2tnb239v2" */ - 696, /* "c2tnb239v3" */ - 701, /* "c2tnb359v1" */ - 703, /* "c2tnb431r1" */ - 1090, /* "c3" */ - 881, /* "cACertificate" */ - 483, /* "cNAMERecord" */ - 179, /* "caIssuers" */ - 785, /* "caRepository" */ - 1023, /* "capwapAC" */ - 1024, /* "capwapWTP" */ - 443, /* "caseIgnoreIA5StringSyntax" */ - 152, /* "certBag" */ - 677, /* "certicom-arc" */ - 771, /* "certificateIssuer" */ - 89, /* "certificatePolicies" */ - 883, /* "certificateRevocationList" */ - 54, /* "challengePassword" */ - 407, /* "characteristic-two-field" */ - 1227, /* "classSignTool" */ - 1233, /* "classSignToolKA1" */ - 1231, /* "classSignToolKB1" */ - 1232, /* "classSignToolKB2" */ - 1228, /* "classSignToolKC1" */ - 1229, /* "classSignToolKC2" */ - 1230, /* "classSignToolKC3" */ - 395, /* "clearance" */ - 130, /* "clientAuth" */ - 1222, /* "cmKGA" */ - 1219, /* "cmcArchive" */ - 1131, /* "cmcCA" */ - 1132, /* "cmcRA" */ - 131, /* "codeSigning" */ - 50, /* "contentType" */ - 53, /* "countersignature" */ - 153, /* "crlBag" */ - 103, /* "crlDistributionPoints" */ - 88, /* "crlNumber" */ - 884, /* "crossCertificatePair" */ - 806, /* "cryptocom" */ - 805, /* "cryptopro" */ - 954, /* "ct_cert_scts" */ - 952, /* "ct_precert_poison" */ - 951, /* "ct_precert_scts" */ - 953, /* "ct_precert_signer" */ - 500, /* "dITRedirect" */ - 451, /* "dNSDomain" */ - 495, /* "dSAQuality" */ - 434, /* "data" */ - 390, /* "dcobject" */ - 140, /* "deltaCRL" */ - 891, /* "deltaRevocationList" */ - 107, /* "description" */ - 871, /* "destinationIndicator" */ - 947, /* "dh-cofactor-kdf" */ - 946, /* "dh-std-kdf" */ - 28, /* "dhKeyAgreement" */ - 941, /* "dhSinglePass-cofactorDH-sha1kdf-scheme" */ - 942, /* "dhSinglePass-cofactorDH-sha224kdf-scheme" */ - 943, /* "dhSinglePass-cofactorDH-sha256kdf-scheme" */ - 944, /* "dhSinglePass-cofactorDH-sha384kdf-scheme" */ - 945, /* "dhSinglePass-cofactorDH-sha512kdf-scheme" */ - 936, /* "dhSinglePass-stdDH-sha1kdf-scheme" */ - 937, /* "dhSinglePass-stdDH-sha224kdf-scheme" */ - 938, /* "dhSinglePass-stdDH-sha256kdf-scheme" */ - 939, /* "dhSinglePass-stdDH-sha384kdf-scheme" */ - 940, /* "dhSinglePass-stdDH-sha512kdf-scheme" */ - 920, /* "dhpublicnumber" */ - 382, /* "directory" */ - 887, /* "distinguishedName" */ - 892, /* "dmdName" */ - 174, /* "dnQualifier" */ - 1092, /* "dnsName" */ - 447, /* "document" */ - 471, /* "documentAuthor" */ - 468, /* "documentIdentifier" */ - 472, /* "documentLocation" */ - 502, /* "documentPublisher" */ - 449, /* "documentSeries" */ - 469, /* "documentTitle" */ - 470, /* "documentVersion" */ - 392, /* "domain" */ - 452, /* "domainRelatedObject" */ - 802, /* "dsa_with_SHA224" */ - 803, /* "dsa_with_SHA256" */ - 1152, /* "dstu28147" */ - 1154, /* "dstu28147-cfb" */ - 1153, /* "dstu28147-ofb" */ - 1155, /* "dstu28147-wrap" */ - 1157, /* "dstu34311" */ - 1159, /* "dstu4145be" */ - 1158, /* "dstu4145le" */ - 791, /* "ecdsa-with-Recommended" */ - 416, /* "ecdsa-with-SHA1" */ - 793, /* "ecdsa-with-SHA224" */ - 794, /* "ecdsa-with-SHA256" */ - 795, /* "ecdsa-with-SHA384" */ - 796, /* "ecdsa-with-SHA512" */ - 792, /* "ecdsa-with-Specified" */ - 48, /* "emailAddress" */ - 132, /* "emailProtection" */ - 885, /* "enhancedSearchGuide" */ - 389, /* "enterprises" */ - 384, /* "experimental" */ - 172, /* "extReq" */ - 56, /* "extendedCertificateAttributes" */ - 126, /* "extendedKeyUsage" */ - 372, /* "extendedStatus" */ - 867, /* "facsimileTelephoneNumber" */ - 462, /* "favouriteDrink" */ - 1126, /* "ffdhe2048" */ - 1127, /* "ffdhe3072" */ - 1128, /* "ffdhe4096" */ - 1129, /* "ffdhe6144" */ - 1130, /* "ffdhe8192" */ - 857, /* "freshestCRL" */ - 453, /* "friendlyCountry" */ - 490, /* "friendlyCountryName" */ - 156, /* "friendlyName" */ - 509, /* "generationQualifier" */ - 815, /* "gost-mac" */ - 976, /* "gost-mac-12" */ - 811, /* "gost2001" */ - 851, /* "gost2001cc" */ - 979, /* "gost2012_256" */ - 980, /* "gost2012_512" */ - 813, /* "gost89" */ - 1009, /* "gost89-cbc" */ - 814, /* "gost89-cnt" */ - 975, /* "gost89-cnt-12" */ - 1011, /* "gost89-ctr" */ - 1010, /* "gost89-ecb" */ - 812, /* "gost94" */ - 850, /* "gost94cc" */ - 1156, /* "hmacWithDstu34311" */ - 797, /* "hmacWithMD5" */ - 163, /* "hmacWithSHA1" */ - 798, /* "hmacWithSHA224" */ - 799, /* "hmacWithSHA256" */ - 800, /* "hmacWithSHA384" */ - 801, /* "hmacWithSHA512" */ - 1193, /* "hmacWithSHA512-224" */ - 1194, /* "hmacWithSHA512-256" */ - 432, /* "holdInstructionCallIssuer" */ - 430, /* "holdInstructionCode" */ - 431, /* "holdInstructionNone" */ - 433, /* "holdInstructionReject" */ - 486, /* "homePostalAddress" */ - 473, /* "homeTelephoneNumber" */ - 466, /* "host" */ - 889, /* "houseIdentifier" */ - 442, /* "iA5StringSyntax" */ - 783, /* "id-DHBasedMac" */ - 824, /* "id-Gost28147-89-CryptoPro-A-ParamSet" */ - 825, /* "id-Gost28147-89-CryptoPro-B-ParamSet" */ - 826, /* "id-Gost28147-89-CryptoPro-C-ParamSet" */ - 827, /* "id-Gost28147-89-CryptoPro-D-ParamSet" */ - 819, /* "id-Gost28147-89-CryptoPro-KeyMeshing" */ - 829, /* "id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet" */ - 828, /* "id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet" */ - 830, /* "id-Gost28147-89-CryptoPro-RIC-1-ParamSet" */ - 820, /* "id-Gost28147-89-None-KeyMeshing" */ - 823, /* "id-Gost28147-89-TestParamSet" */ - 849, /* "id-Gost28147-89-cc" */ - 840, /* "id-GostR3410-2001-CryptoPro-A-ParamSet" */ - 841, /* "id-GostR3410-2001-CryptoPro-B-ParamSet" */ - 842, /* "id-GostR3410-2001-CryptoPro-C-ParamSet" */ - 843, /* "id-GostR3410-2001-CryptoPro-XchA-ParamSet" */ - 844, /* "id-GostR3410-2001-CryptoPro-XchB-ParamSet" */ - 854, /* "id-GostR3410-2001-ParamSet-cc" */ - 839, /* "id-GostR3410-2001-TestParamSet" */ - 817, /* "id-GostR3410-2001DH" */ - 832, /* "id-GostR3410-94-CryptoPro-A-ParamSet" */ - 833, /* "id-GostR3410-94-CryptoPro-B-ParamSet" */ - 834, /* "id-GostR3410-94-CryptoPro-C-ParamSet" */ - 835, /* "id-GostR3410-94-CryptoPro-D-ParamSet" */ - 836, /* "id-GostR3410-94-CryptoPro-XchA-ParamSet" */ - 837, /* "id-GostR3410-94-CryptoPro-XchB-ParamSet" */ - 838, /* "id-GostR3410-94-CryptoPro-XchC-ParamSet" */ - 831, /* "id-GostR3410-94-TestParamSet" */ - 845, /* "id-GostR3410-94-a" */ - 846, /* "id-GostR3410-94-aBis" */ - 847, /* "id-GostR3410-94-b" */ - 848, /* "id-GostR3410-94-bBis" */ - 818, /* "id-GostR3410-94DH" */ - 822, /* "id-GostR3411-94-CryptoProParamSet" */ - 821, /* "id-GostR3411-94-TestParamSet" */ - 807, /* "id-GostR3411-94-with-GostR3410-2001" */ - 853, /* "id-GostR3411-94-with-GostR3410-2001-cc" */ - 808, /* "id-GostR3411-94-with-GostR3410-94" */ - 852, /* "id-GostR3411-94-with-GostR3410-94-cc" */ - 810, /* "id-HMACGostR3411-94" */ - 782, /* "id-PasswordBasedMAC" */ - 266, /* "id-aca" */ - 355, /* "id-aca-accessIdentity" */ - 354, /* "id-aca-authenticationInfo" */ - 356, /* "id-aca-chargingIdentity" */ - 399, /* "id-aca-encAttrs" */ - 357, /* "id-aca-group" */ - 358, /* "id-aca-role" */ - 176, /* "id-ad" */ - 896, /* "id-aes128-CCM" */ - 895, /* "id-aes128-GCM" */ - 788, /* "id-aes128-wrap" */ - 897, /* "id-aes128-wrap-pad" */ - 899, /* "id-aes192-CCM" */ - 898, /* "id-aes192-GCM" */ - 789, /* "id-aes192-wrap" */ - 900, /* "id-aes192-wrap-pad" */ - 902, /* "id-aes256-CCM" */ - 901, /* "id-aes256-GCM" */ - 790, /* "id-aes256-wrap" */ - 903, /* "id-aes256-wrap-pad" */ - 262, /* "id-alg" */ - 893, /* "id-alg-PWRI-KEK" */ - 323, /* "id-alg-des40" */ - 326, /* "id-alg-dh-pop" */ - 325, /* "id-alg-dh-sig-hmac-sha1" */ - 324, /* "id-alg-noSignature" */ - 907, /* "id-camellia128-wrap" */ - 908, /* "id-camellia192-wrap" */ - 909, /* "id-camellia256-wrap" */ - 268, /* "id-cct" */ - 361, /* "id-cct-PKIData" */ - 362, /* "id-cct-PKIResponse" */ - 360, /* "id-cct-crs" */ - 81, /* "id-ce" */ - 680, /* "id-characteristic-two-basis" */ - 263, /* "id-cmc" */ - 334, /* "id-cmc-addExtensions" */ - 346, /* "id-cmc-confirmCertAcceptance" */ - 330, /* "id-cmc-dataReturn" */ - 336, /* "id-cmc-decryptedPOP" */ - 335, /* "id-cmc-encryptedPOP" */ - 339, /* "id-cmc-getCRL" */ - 338, /* "id-cmc-getCert" */ - 328, /* "id-cmc-identification" */ - 329, /* "id-cmc-identityProof" */ - 337, /* "id-cmc-lraPOPWitness" */ - 344, /* "id-cmc-popLinkRandom" */ - 345, /* "id-cmc-popLinkWitness" */ - 343, /* "id-cmc-queryPending" */ - 333, /* "id-cmc-recipientNonce" */ - 341, /* "id-cmc-regInfo" */ - 342, /* "id-cmc-responseInfo" */ - 340, /* "id-cmc-revokeRequest" */ - 332, /* "id-cmc-senderNonce" */ - 327, /* "id-cmc-statusInfo" */ - 331, /* "id-cmc-transactionId" */ - 1238, /* "id-cp" */ - 787, /* "id-ct-asciiTextWithCRLF" */ - 1246, /* "id-ct-geofeedCSVwithCRLF" */ - 1237, /* "id-ct-resourceTaggedAttest" */ - 1234, /* "id-ct-routeOriginAuthz" */ - 1236, /* "id-ct-rpkiGhostbusters" */ - 1235, /* "id-ct-rpkiManifest" */ - 1247, /* "id-ct-signedChecklist" */ - 1060, /* "id-ct-xml" */ - 1108, /* "id-dsa-with-sha3-224" */ - 1109, /* "id-dsa-with-sha3-256" */ - 1110, /* "id-dsa-with-sha3-384" */ - 1111, /* "id-dsa-with-sha3-512" */ - 1106, /* "id-dsa-with-sha384" */ - 1107, /* "id-dsa-with-sha512" */ - 408, /* "id-ecPublicKey" */ - 1112, /* "id-ecdsa-with-sha3-224" */ - 1113, /* "id-ecdsa-with-sha3-256" */ - 1114, /* "id-ecdsa-with-sha3-384" */ - 1115, /* "id-ecdsa-with-sha3-512" */ - 508, /* "id-hex-multipart-message" */ - 507, /* "id-hex-partial-message" */ - 1102, /* "id-hmacWithSHA3-224" */ - 1103, /* "id-hmacWithSHA3-256" */ - 1104, /* "id-hmacWithSHA3-384" */ - 1105, /* "id-hmacWithSHA3-512" */ - 260, /* "id-it" */ - 1223, /* "id-it-caCerts" */ - 302, /* "id-it-caKeyUpdateInfo" */ - 298, /* "id-it-caProtEncCert" */ - 1225, /* "id-it-certReqTemplate" */ - 311, /* "id-it-confirmWaitTime" */ - 303, /* "id-it-currentCRL" */ - 300, /* "id-it-encKeyPairTypes" */ - 310, /* "id-it-implicitConfirm" */ - 308, /* "id-it-keyPairParamRep" */ - 307, /* "id-it-keyPairParamReq" */ - 312, /* "id-it-origPKIMessage" */ - 301, /* "id-it-preferredSymmAlg" */ - 309, /* "id-it-revPassphrase" */ - 1224, /* "id-it-rootCaKeyUpdate" */ - 299, /* "id-it-signKeyPairTypes" */ - 305, /* "id-it-subscriptionRequest" */ - 306, /* "id-it-subscriptionResponse" */ - 784, /* "id-it-suppLangTags" */ - 304, /* "id-it-unsupportedOIDs" */ - 128, /* "id-kp" */ - 1221, /* "id-kp-BrandIndicatorforMessageIdentification" */ - 1220, /* "id-kp-bgpsec-router" */ - 280, /* "id-mod-attribute-cert" */ - 274, /* "id-mod-cmc" */ - 277, /* "id-mod-cmp" */ - 284, /* "id-mod-cmp2000" */ - 273, /* "id-mod-crmf" */ - 283, /* "id-mod-dvcs" */ - 275, /* "id-mod-kea-profile-88" */ - 276, /* "id-mod-kea-profile-93" */ - 282, /* "id-mod-ocsp" */ - 278, /* "id-mod-qualified-cert-88" */ - 279, /* "id-mod-qualified-cert-93" */ - 281, /* "id-mod-timestamp-protocol" */ - 264, /* "id-on" */ - 1211, /* "id-on-NAIRealm" */ - 1208, /* "id-on-SmtpUTF8Mailbox" */ - 1210, /* "id-on-dnsSRV" */ - 858, /* "id-on-permanentIdentifier" */ - 347, /* "id-on-personalData" */ - 1209, /* "id-on-xmppAddr" */ - 265, /* "id-pda" */ - 352, /* "id-pda-countryOfCitizenship" */ - 353, /* "id-pda-countryOfResidence" */ - 348, /* "id-pda-dateOfBirth" */ - 351, /* "id-pda-gender" */ - 349, /* "id-pda-placeOfBirth" */ - 175, /* "id-pe" */ - 1031, /* "id-pkinit" */ - 261, /* "id-pkip" */ - 258, /* "id-pkix-mod" */ - 269, /* "id-pkix1-explicit-88" */ - 271, /* "id-pkix1-explicit-93" */ - 270, /* "id-pkix1-implicit-88" */ - 272, /* "id-pkix1-implicit-93" */ - 662, /* "id-ppl" */ - 664, /* "id-ppl-anyLanguage" */ - 667, /* "id-ppl-independent" */ - 665, /* "id-ppl-inheritAll" */ - 267, /* "id-qcs" */ - 359, /* "id-qcs-pkixQCSyntax-v1" */ - 259, /* "id-qt" */ - 164, /* "id-qt-cps" */ - 165, /* "id-qt-unotice" */ - 313, /* "id-regCtrl" */ - 316, /* "id-regCtrl-authenticator" */ - 319, /* "id-regCtrl-oldCertID" */ - 318, /* "id-regCtrl-pkiArchiveOptions" */ - 317, /* "id-regCtrl-pkiPublicationInfo" */ - 320, /* "id-regCtrl-protocolEncrKey" */ - 315, /* "id-regCtrl-regToken" */ - 314, /* "id-regInfo" */ - 322, /* "id-regInfo-certReq" */ - 321, /* "id-regInfo-utf8Pairs" */ - 1116, /* "id-rsassa-pkcs1-v1_5-with-sha3-224" */ - 1117, /* "id-rsassa-pkcs1-v1_5-with-sha3-256" */ - 1118, /* "id-rsassa-pkcs1-v1_5-with-sha3-384" */ - 1119, /* "id-rsassa-pkcs1-v1_5-with-sha3-512" */ - 973, /* "id-scrypt" */ - 512, /* "id-set" */ - 191, /* "id-smime-aa" */ - 215, /* "id-smime-aa-contentHint" */ - 218, /* "id-smime-aa-contentIdentifier" */ - 221, /* "id-smime-aa-contentReference" */ - 240, /* "id-smime-aa-dvcs-dvc" */ - 217, /* "id-smime-aa-encapContentType" */ - 222, /* "id-smime-aa-encrypKeyPref" */ - 220, /* "id-smime-aa-equivalentLabels" */ - 232, /* "id-smime-aa-ets-CertificateRefs" */ - 233, /* "id-smime-aa-ets-RevocationRefs" */ - 238, /* "id-smime-aa-ets-archiveTimeStamp" */ - 237, /* "id-smime-aa-ets-certCRLTimestamp" */ - 234, /* "id-smime-aa-ets-certValues" */ - 227, /* "id-smime-aa-ets-commitmentType" */ - 231, /* "id-smime-aa-ets-contentTimestamp" */ - 236, /* "id-smime-aa-ets-escTimeStamp" */ - 230, /* "id-smime-aa-ets-otherSigCert" */ - 235, /* "id-smime-aa-ets-revocationValues" */ - 226, /* "id-smime-aa-ets-sigPolicyId" */ - 229, /* "id-smime-aa-ets-signerAttr" */ - 228, /* "id-smime-aa-ets-signerLocation" */ - 219, /* "id-smime-aa-macValue" */ - 214, /* "id-smime-aa-mlExpandHistory" */ - 216, /* "id-smime-aa-msgSigDigest" */ - 212, /* "id-smime-aa-receiptRequest" */ - 213, /* "id-smime-aa-securityLabel" */ - 239, /* "id-smime-aa-signatureType" */ - 223, /* "id-smime-aa-signingCertificate" */ - 1086, /* "id-smime-aa-signingCertificateV2" */ - 224, /* "id-smime-aa-smimeEncryptCerts" */ - 225, /* "id-smime-aa-timeStampToken" */ - 192, /* "id-smime-alg" */ - 243, /* "id-smime-alg-3DESwrap" */ - 246, /* "id-smime-alg-CMS3DESwrap" */ - 247, /* "id-smime-alg-CMSRC2wrap" */ - 245, /* "id-smime-alg-ESDH" */ - 241, /* "id-smime-alg-ESDHwith3DES" */ - 242, /* "id-smime-alg-ESDHwithRC2" */ - 244, /* "id-smime-alg-RC2wrap" */ - 193, /* "id-smime-cd" */ - 248, /* "id-smime-cd-ldap" */ - 190, /* "id-smime-ct" */ - 210, /* "id-smime-ct-DVCSRequestData" */ - 211, /* "id-smime-ct-DVCSResponseData" */ - 208, /* "id-smime-ct-TDTInfo" */ - 207, /* "id-smime-ct-TSTInfo" */ - 205, /* "id-smime-ct-authData" */ - 1059, /* "id-smime-ct-authEnvelopedData" */ - 786, /* "id-smime-ct-compressedData" */ - 1058, /* "id-smime-ct-contentCollection" */ - 209, /* "id-smime-ct-contentInfo" */ - 206, /* "id-smime-ct-publishCert" */ - 204, /* "id-smime-ct-receipt" */ - 195, /* "id-smime-cti" */ - 255, /* "id-smime-cti-ets-proofOfApproval" */ - 256, /* "id-smime-cti-ets-proofOfCreation" */ - 253, /* "id-smime-cti-ets-proofOfDelivery" */ - 251, /* "id-smime-cti-ets-proofOfOrigin" */ - 252, /* "id-smime-cti-ets-proofOfReceipt" */ - 254, /* "id-smime-cti-ets-proofOfSender" */ - 189, /* "id-smime-mod" */ - 196, /* "id-smime-mod-cms" */ - 197, /* "id-smime-mod-ess" */ - 202, /* "id-smime-mod-ets-eSigPolicy-88" */ - 203, /* "id-smime-mod-ets-eSigPolicy-97" */ - 200, /* "id-smime-mod-ets-eSignature-88" */ - 201, /* "id-smime-mod-ets-eSignature-97" */ - 199, /* "id-smime-mod-msg-v3" */ - 198, /* "id-smime-mod-oid" */ - 194, /* "id-smime-spq" */ - 250, /* "id-smime-spq-ets-sqt-unotice" */ - 249, /* "id-smime-spq-ets-sqt-uri" */ - 974, /* "id-tc26" */ - 991, /* "id-tc26-agreement" */ - 992, /* "id-tc26-agreement-gost-3410-2012-256" */ - 993, /* "id-tc26-agreement-gost-3410-2012-512" */ - 977, /* "id-tc26-algorithms" */ - 990, /* "id-tc26-cipher" */ - 1001, /* "id-tc26-cipher-constants" */ - 1176, /* "id-tc26-cipher-gostr3412-2015-kuznyechik" */ - 1173, /* "id-tc26-cipher-gostr3412-2015-magma" */ - 994, /* "id-tc26-constants" */ - 981, /* "id-tc26-digest" */ - 1000, /* "id-tc26-digest-constants" */ - 1002, /* "id-tc26-gost-28147-constants" */ - 1003, /* "id-tc26-gost-28147-param-Z" */ - 1147, /* "id-tc26-gost-3410-2012-256-constants" */ - 1148, /* "id-tc26-gost-3410-2012-256-paramSetA" */ - 1184, /* "id-tc26-gost-3410-2012-256-paramSetB" */ - 1185, /* "id-tc26-gost-3410-2012-256-paramSetC" */ - 1186, /* "id-tc26-gost-3410-2012-256-paramSetD" */ - 996, /* "id-tc26-gost-3410-2012-512-constants" */ - 998, /* "id-tc26-gost-3410-2012-512-paramSetA" */ - 999, /* "id-tc26-gost-3410-2012-512-paramSetB" */ - 1149, /* "id-tc26-gost-3410-2012-512-paramSetC" */ - 997, /* "id-tc26-gost-3410-2012-512-paramSetTest" */ - 988, /* "id-tc26-hmac-gost-3411-2012-256" */ - 989, /* "id-tc26-hmac-gost-3411-2012-512" */ - 987, /* "id-tc26-mac" */ - 978, /* "id-tc26-sign" */ - 995, /* "id-tc26-sign-constants" */ - 984, /* "id-tc26-signwithdigest" */ - 985, /* "id-tc26-signwithdigest-gost3410-2012-256" */ - 986, /* "id-tc26-signwithdigest-gost3410-2012-512" */ - 1179, /* "id-tc26-wrap" */ - 1182, /* "id-tc26-wrap-gostr3412-2015-kuznyechik" */ - 1180, /* "id-tc26-wrap-gostr3412-2015-magma" */ - 676, /* "identified-organization" */ - 1170, /* "ieee" */ - 1171, /* "ieee-siswg" */ - 461, /* "info" */ - 748, /* "inhibitAnyPolicy" */ - 101, /* "initials" */ - 647, /* "international-organizations" */ - 869, /* "internationaliSDNNumber" */ - 142, /* "invalidityDate" */ - 1241, /* "ipAddr-asNumber" */ - 1242, /* "ipAddr-asNumberv2" */ - 294, /* "ipsecEndSystem" */ - 1022, /* "ipsecIKE" */ - 295, /* "ipsecTunnel" */ - 296, /* "ipsecUser" */ - 86, /* "issuerAltName" */ - 1008, /* "issuerSignTool" */ - 770, /* "issuingDistributionPoint" */ - 492, /* "janetMailbox" */ - 957, /* "jurisdictionC" */ - 955, /* "jurisdictionL" */ - 956, /* "jurisdictionST" */ - 150, /* "keyBag" */ - 83, /* "keyUsage" */ - 1015, /* "kuznyechik-cbc" */ - 1016, /* "kuznyechik-cfb" */ - 1013, /* "kuznyechik-ctr" */ - 1177, /* "kuznyechik-ctr-acpkm" */ - 1178, /* "kuznyechik-ctr-acpkm-omac" */ - 1012, /* "kuznyechik-ecb" */ - 1183, /* "kuznyechik-kexp15" */ - 1017, /* "kuznyechik-mac" */ - 1014, /* "kuznyechik-ofb" */ - 477, /* "lastModifiedBy" */ - 476, /* "lastModifiedTime" */ - 157, /* "localKeyID" */ - 480, /* "mXRecord" */ - 1190, /* "magma-cbc" */ - 1191, /* "magma-cfb" */ - 1188, /* "magma-ctr" */ - 1174, /* "magma-ctr-acpkm" */ - 1175, /* "magma-ctr-acpkm-omac" */ - 1187, /* "magma-ecb" */ - 1181, /* "magma-kexp15" */ - 1192, /* "magma-mac" */ - 1189, /* "magma-ofb" */ - 460, /* "mail" */ - 493, /* "mailPreferenceOption" */ - 467, /* "manager" */ - 982, /* "md_gost12_256" */ - 983, /* "md_gost12_512" */ - 809, /* "md_gost94" */ - 875, /* "member" */ - 182, /* "member-body" */ - 51, /* "messageDigest" */ - 383, /* "mgmt" */ - 504, /* "mime-mhs" */ - 506, /* "mime-mhs-bodies" */ - 505, /* "mime-mhs-headings" */ - 488, /* "mobileTelephoneNumber" */ - 1212, /* "modp_1536" */ - 1213, /* "modp_2048" */ - 1214, /* "modp_3072" */ - 1215, /* "modp_4096" */ - 1216, /* "modp_6144" */ - 1217, /* "modp_8192" */ - 136, /* "msCTLSign" */ - 135, /* "msCodeCom" */ - 134, /* "msCodeInd" */ - 138, /* "msEFS" */ - 171, /* "msExtReq" */ - 137, /* "msSGC" */ - 648, /* "msSmartcardLogin" */ - 649, /* "msUPN" */ - 1091, /* "n3" */ - 481, /* "nSRecord" */ - 173, /* "name" */ - 666, /* "nameConstraints" */ - 369, /* "noCheck" */ - 403, /* "noRevAvail" */ - 72, /* "nsBaseUrl" */ - 76, /* "nsCaPolicyUrl" */ - 74, /* "nsCaRevocationUrl" */ - 58, /* "nsCertExt" */ - 79, /* "nsCertSequence" */ - 71, /* "nsCertType" */ - 78, /* "nsComment" */ - 59, /* "nsDataType" */ - 75, /* "nsRenewalUrl" */ - 73, /* "nsRevocationUrl" */ - 139, /* "nsSGC" */ - 77, /* "nsSslServerName" */ - 681, /* "onBasis" */ - 1089, /* "organizationIdentifier" */ - 491, /* "organizationalStatus" */ - 1141, /* "oscca" */ - 475, /* "otherMailbox" */ - 876, /* "owner" */ - 489, /* "pagerTelephoneNumber" */ - 374, /* "path" */ - 112, /* "pbeWithMD5AndCast5CBC" */ - 499, /* "personalSignature" */ - 487, /* "personalTitle" */ - 464, /* "photo" */ - 863, /* "physicalDeliveryOfficeName" */ - 437, /* "pilot" */ - 439, /* "pilotAttributeSyntax" */ - 438, /* "pilotAttributeType" */ - 479, /* "pilotAttributeType27" */ - 456, /* "pilotDSA" */ - 441, /* "pilotGroups" */ - 444, /* "pilotObject" */ - 440, /* "pilotObjectClass" */ - 455, /* "pilotOrganization" */ - 445, /* "pilotPerson" */ - 1032, /* "pkInitClientAuth" */ - 1033, /* "pkInitKDC" */ - 2, /* "pkcs" */ - 186, /* "pkcs1" */ - 27, /* "pkcs3" */ - 187, /* "pkcs5" */ - 20, /* "pkcs7" */ - 21, /* "pkcs7-data" */ - 25, /* "pkcs7-digestData" */ - 26, /* "pkcs7-encryptedData" */ - 23, /* "pkcs7-envelopedData" */ - 24, /* "pkcs7-signedAndEnvelopedData" */ - 22, /* "pkcs7-signedData" */ - 151, /* "pkcs8ShroudedKeyBag" */ - 47, /* "pkcs9" */ - 401, /* "policyConstraints" */ - 747, /* "policyMappings" */ - 862, /* "postOfficeBox" */ - 861, /* "postalAddress" */ - 661, /* "postalCode" */ - 683, /* "ppBasis" */ - 872, /* "preferredDeliveryMethod" */ - 873, /* "presentationAddress" */ - 816, /* "prf-gostr3411-94" */ - 406, /* "prime-field" */ - 409, /* "prime192v1" */ - 410, /* "prime192v2" */ - 411, /* "prime192v3" */ - 412, /* "prime239v1" */ - 413, /* "prime239v2" */ - 414, /* "prime239v3" */ - 415, /* "prime256v1" */ - 385, /* "private" */ - 84, /* "privateKeyUsagePeriod" */ - 886, /* "protocolInformation" */ - 663, /* "proxyCertInfo" */ - 510, /* "pseudonym" */ - 435, /* "pss" */ - 286, /* "qcStatements" */ - 457, /* "qualityLabelledData" */ - 450, /* "rFC822localPart" */ - 870, /* "registeredAddress" */ - 400, /* "role" */ - 877, /* "roleOccupant" */ - 448, /* "room" */ - 463, /* "roomNumber" */ - 1243, /* "rpkiManifest" */ - 1245, /* "rpkiNotify" */ - 6, /* "rsaEncryption" */ - 644, /* "rsaOAEPEncryptionSET" */ - 377, /* "rsaSignature" */ - 1, /* "rsadsi" */ - 482, /* "sOARecord" */ - 155, /* "safeContentsBag" */ - 291, /* "sbgp-autonomousSysNum" */ - 1240, /* "sbgp-autonomousSysNumv2" */ - 290, /* "sbgp-ipAddrBlock" */ - 1239, /* "sbgp-ipAddrBlockv2" */ - 292, /* "sbgp-routerIdentifier" */ - 159, /* "sdsiCertificate" */ - 859, /* "searchGuide" */ - 704, /* "secp112r1" */ - 705, /* "secp112r2" */ - 706, /* "secp128r1" */ - 707, /* "secp128r2" */ - 708, /* "secp160k1" */ - 709, /* "secp160r1" */ - 710, /* "secp160r2" */ - 711, /* "secp192k1" */ - 712, /* "secp224k1" */ - 713, /* "secp224r1" */ - 714, /* "secp256k1" */ - 715, /* "secp384r1" */ - 716, /* "secp521r1" */ - 154, /* "secretBag" */ - 474, /* "secretary" */ - 717, /* "sect113r1" */ - 718, /* "sect113r2" */ - 719, /* "sect131r1" */ - 720, /* "sect131r2" */ - 721, /* "sect163k1" */ - 722, /* "sect163r1" */ - 723, /* "sect163r2" */ - 724, /* "sect193r1" */ - 725, /* "sect193r2" */ - 726, /* "sect233k1" */ - 727, /* "sect233r1" */ - 728, /* "sect239k1" */ - 729, /* "sect283k1" */ - 730, /* "sect283r1" */ - 731, /* "sect409k1" */ - 732, /* "sect409r1" */ - 733, /* "sect571k1" */ - 734, /* "sect571r1" */ - 1025, /* "secureShellClient" */ - 1026, /* "secureShellServer" */ - 386, /* "security" */ - 878, /* "seeAlso" */ - 394, /* "selected-attribute-types" */ - 1029, /* "sendOwner" */ - 1030, /* "sendProxiedOwner" */ - 1028, /* "sendProxiedRouter" */ - 1027, /* "sendRouter" */ - 105, /* "serialNumber" */ - 129, /* "serverAuth" */ - 371, /* "serviceLocator" */ - 625, /* "set-addPolicy" */ - 515, /* "set-attr" */ - 518, /* "set-brand" */ - 638, /* "set-brand-AmericanExpress" */ - 637, /* "set-brand-Diners" */ - 636, /* "set-brand-IATA-ATA" */ - 639, /* "set-brand-JCB" */ - 641, /* "set-brand-MasterCard" */ - 642, /* "set-brand-Novus" */ - 640, /* "set-brand-Visa" */ - 517, /* "set-certExt" */ - 513, /* "set-ctype" */ - 514, /* "set-msgExt" */ - 516, /* "set-policy" */ - 607, /* "set-policy-root" */ - 624, /* "set-rootKeyThumb" */ - 620, /* "setAttr-Cert" */ - 631, /* "setAttr-GenCryptgrm" */ - 623, /* "setAttr-IssCap" */ - 628, /* "setAttr-IssCap-CVM" */ - 630, /* "setAttr-IssCap-Sig" */ - 629, /* "setAttr-IssCap-T2" */ - 621, /* "setAttr-PGWYcap" */ - 635, /* "setAttr-SecDevSig" */ - 632, /* "setAttr-T2Enc" */ - 633, /* "setAttr-T2cleartxt" */ - 634, /* "setAttr-TokICCsig" */ - 627, /* "setAttr-Token-B0Prime" */ - 626, /* "setAttr-Token-EMV" */ - 622, /* "setAttr-TokenType" */ - 619, /* "setCext-IssuerCapabilities" */ - 615, /* "setCext-PGWYcapabilities" */ - 616, /* "setCext-TokenIdentifier" */ - 618, /* "setCext-TokenType" */ - 617, /* "setCext-Track2Data" */ - 611, /* "setCext-cCertRequired" */ - 609, /* "setCext-certType" */ - 608, /* "setCext-hashedRoot" */ - 610, /* "setCext-merchData" */ - 613, /* "setCext-setExt" */ - 614, /* "setCext-setQualf" */ - 612, /* "setCext-tunneling" */ - 540, /* "setct-AcqCardCodeMsg" */ - 576, /* "setct-AcqCardCodeMsgTBE" */ - 570, /* "setct-AuthReqTBE" */ - 534, /* "setct-AuthReqTBS" */ - 527, /* "setct-AuthResBaggage" */ - 571, /* "setct-AuthResTBE" */ - 572, /* "setct-AuthResTBEX" */ - 535, /* "setct-AuthResTBS" */ - 536, /* "setct-AuthResTBSX" */ - 528, /* "setct-AuthRevReqBaggage" */ - 577, /* "setct-AuthRevReqTBE" */ - 541, /* "setct-AuthRevReqTBS" */ - 529, /* "setct-AuthRevResBaggage" */ - 542, /* "setct-AuthRevResData" */ - 578, /* "setct-AuthRevResTBE" */ - 579, /* "setct-AuthRevResTBEB" */ - 543, /* "setct-AuthRevResTBS" */ - 573, /* "setct-AuthTokenTBE" */ - 537, /* "setct-AuthTokenTBS" */ - 600, /* "setct-BCIDistributionTBS" */ - 558, /* "setct-BatchAdminReqData" */ - 592, /* "setct-BatchAdminReqTBE" */ - 559, /* "setct-BatchAdminResData" */ - 593, /* "setct-BatchAdminResTBE" */ - 599, /* "setct-CRLNotificationResTBS" */ - 598, /* "setct-CRLNotificationTBS" */ - 580, /* "setct-CapReqTBE" */ - 581, /* "setct-CapReqTBEX" */ - 544, /* "setct-CapReqTBS" */ - 545, /* "setct-CapReqTBSX" */ - 546, /* "setct-CapResData" */ - 582, /* "setct-CapResTBE" */ - 583, /* "setct-CapRevReqTBE" */ - 584, /* "setct-CapRevReqTBEX" */ - 547, /* "setct-CapRevReqTBS" */ - 548, /* "setct-CapRevReqTBSX" */ - 549, /* "setct-CapRevResData" */ - 585, /* "setct-CapRevResTBE" */ - 538, /* "setct-CapTokenData" */ - 530, /* "setct-CapTokenSeq" */ - 574, /* "setct-CapTokenTBE" */ - 575, /* "setct-CapTokenTBEX" */ - 539, /* "setct-CapTokenTBS" */ - 560, /* "setct-CardCInitResTBS" */ - 566, /* "setct-CertInqReqTBS" */ - 563, /* "setct-CertReqData" */ - 595, /* "setct-CertReqTBE" */ - 596, /* "setct-CertReqTBEX" */ - 564, /* "setct-CertReqTBS" */ - 565, /* "setct-CertResData" */ - 597, /* "setct-CertResTBE" */ - 586, /* "setct-CredReqTBE" */ - 587, /* "setct-CredReqTBEX" */ - 550, /* "setct-CredReqTBS" */ - 551, /* "setct-CredReqTBSX" */ - 552, /* "setct-CredResData" */ - 588, /* "setct-CredResTBE" */ - 589, /* "setct-CredRevReqTBE" */ - 590, /* "setct-CredRevReqTBEX" */ - 553, /* "setct-CredRevReqTBS" */ - 554, /* "setct-CredRevReqTBSX" */ - 555, /* "setct-CredRevResData" */ - 591, /* "setct-CredRevResTBE" */ - 567, /* "setct-ErrorTBS" */ - 526, /* "setct-HODInput" */ - 561, /* "setct-MeAqCInitResTBS" */ - 522, /* "setct-OIData" */ - 519, /* "setct-PANData" */ - 521, /* "setct-PANOnly" */ - 520, /* "setct-PANToken" */ - 556, /* "setct-PCertReqData" */ - 557, /* "setct-PCertResTBS" */ - 523, /* "setct-PI" */ - 532, /* "setct-PI-TBS" */ - 524, /* "setct-PIData" */ - 525, /* "setct-PIDataUnsigned" */ - 568, /* "setct-PIDualSignedTBE" */ - 569, /* "setct-PIUnsignedTBE" */ - 531, /* "setct-PInitResData" */ - 533, /* "setct-PResData" */ - 594, /* "setct-RegFormReqTBE" */ - 562, /* "setct-RegFormResTBS" */ - 606, /* "setext-cv" */ - 601, /* "setext-genCrypt" */ - 602, /* "setext-miAuth" */ - 604, /* "setext-pinAny" */ - 603, /* "setext-pinSecure" */ - 605, /* "setext-track2" */ - 1244, /* "signedObject" */ - 52, /* "signingTime" */ - 454, /* "simpleSecurityObject" */ - 496, /* "singleLevelQuality" */ - 1142, /* "sm-scheme" */ - 387, /* "snmpv2" */ - 660, /* "street" */ - 85, /* "subjectAltName" */ - 769, /* "subjectDirectoryAttributes" */ - 398, /* "subjectInfoAccess" */ - 82, /* "subjectKeyIdentifier" */ - 1007, /* "subjectSignTool" */ - 498, /* "subtreeMaximumQuality" */ - 497, /* "subtreeMinimumQuality" */ - 890, /* "supportedAlgorithms" */ - 874, /* "supportedApplicationContext" */ - 402, /* "targetInformation" */ - 864, /* "telephoneNumber" */ - 866, /* "teletexTerminalIdentifier" */ - 865, /* "telexNumber" */ - 459, /* "textEncodedORAddress" */ - 293, /* "textNotice" */ - 133, /* "timeStamping" */ - 106, /* "title" */ - 1020, /* "tlsfeature" */ - 682, /* "tpBasis" */ - 375, /* "trustRoot" */ - 1151, /* "ua-pki" */ - 1160, /* "uacurve0" */ - 1161, /* "uacurve1" */ - 1162, /* "uacurve2" */ - 1163, /* "uacurve3" */ - 1164, /* "uacurve4" */ - 1165, /* "uacurve5" */ - 1166, /* "uacurve6" */ - 1167, /* "uacurve7" */ - 1168, /* "uacurve8" */ - 1169, /* "uacurve9" */ - 436, /* "ucl" */ - 102, /* "uid" */ - 888, /* "uniqueMember" */ - 55, /* "unstructuredAddress" */ - 49, /* "unstructuredName" */ - 880, /* "userCertificate" */ - 465, /* "userClass" */ - 879, /* "userPassword" */ - 373, /* "valid" */ - 678, /* "wap" */ - 679, /* "wap-wsg" */ - 735, /* "wap-wsg-idm-ecid-wtls1" */ - 743, /* "wap-wsg-idm-ecid-wtls10" */ - 744, /* "wap-wsg-idm-ecid-wtls11" */ - 745, /* "wap-wsg-idm-ecid-wtls12" */ - 736, /* "wap-wsg-idm-ecid-wtls3" */ - 737, /* "wap-wsg-idm-ecid-wtls4" */ - 738, /* "wap-wsg-idm-ecid-wtls5" */ - 739, /* "wap-wsg-idm-ecid-wtls6" */ - 740, /* "wap-wsg-idm-ecid-wtls7" */ - 741, /* "wap-wsg-idm-ecid-wtls8" */ - 742, /* "wap-wsg-idm-ecid-wtls9" */ - 804, /* "whirlpool" */ - 868, /* "x121Address" */ - 503, /* "x500UniqueIdentifier" */ - 158, /* "x509Certificate" */ - 160, /* "x509Crl" */ - 1093, /* "x509ExtAdmission" */ -}; - -#define NUM_LN 1239 -static const unsigned int ln_objs[NUM_LN] = { - 363, /* "AD Time Stamping" */ - 405, /* "ANSI X9.62" */ - 368, /* "Acceptable OCSP Responses" */ - 910, /* "Any Extended Key Usage" */ - 664, /* "Any language" */ - 177, /* "Authority Information Access" */ - 1220, /* "BGPsec Router" */ - 365, /* "Basic OCSP Response" */ - 285, /* "Biometric Info" */ - 1221, /* "Brand Indicator for Message Identification" */ - 179, /* "CA Issuers" */ - 785, /* "CA Repository" */ - 1219, /* "CMC Archive Server" */ - 1131, /* "CMC Certificate Authority" */ - 1132, /* "CMC Registration Authority" */ - 954, /* "CT Certificate SCTs" */ - 952, /* "CT Precertificate Poison" */ - 951, /* "CT Precertificate SCTs" */ - 953, /* "CT Precertificate Signer" */ - 1222, /* "Certificate Management Key Generation Authority" */ - 1227, /* "Class of Signing Tool" */ - 1233, /* "Class of Signing Tool KA1" */ - 1231, /* "Class of Signing Tool KB1" */ - 1232, /* "Class of Signing Tool KB2" */ - 1228, /* "Class of Signing Tool KC1" */ - 1229, /* "Class of Signing Tool KC2" */ - 1230, /* "Class of Signing Tool KC3" */ - 131, /* "Code Signing" */ - 1024, /* "Ctrl/Provision WAP Termination" */ - 1023, /* "Ctrl/provision WAP Access" */ - 1159, /* "DSTU 4145-2002 big endian" */ - 1158, /* "DSTU 4145-2002 little endian" */ - 1152, /* "DSTU Gost 28147-2009" */ - 1154, /* "DSTU Gost 28147-2009 CFB mode" */ - 1153, /* "DSTU Gost 28147-2009 OFB mode" */ - 1155, /* "DSTU Gost 28147-2009 key wrap" */ - 1157, /* "DSTU Gost 34311-95" */ - 1160, /* "DSTU curve 0" */ - 1161, /* "DSTU curve 1" */ - 1162, /* "DSTU curve 2" */ - 1163, /* "DSTU curve 3" */ - 1164, /* "DSTU curve 4" */ - 1165, /* "DSTU curve 5" */ - 1166, /* "DSTU curve 6" */ - 1167, /* "DSTU curve 7" */ - 1168, /* "DSTU curve 8" */ - 1169, /* "DSTU curve 9" */ - 783, /* "Diffie-Hellman based MAC" */ - 382, /* "Directory" */ - 392, /* "Domain" */ - 132, /* "E-mail Protection" */ - 1087, /* "ED25519" */ - 1088, /* "ED448" */ - 389, /* "Enterprises" */ - 384, /* "Experimental" */ - 372, /* "Extended OCSP Status" */ - 172, /* "Extension Request" */ - 813, /* "GOST 28147-89" */ - 849, /* "GOST 28147-89 Cryptocom ParamSet" */ - 815, /* "GOST 28147-89 MAC" */ - 1003, /* "GOST 28147-89 TC26 parameter set" */ - 851, /* "GOST 34.10-2001 Cryptocom" */ - 850, /* "GOST 34.10-94 Cryptocom" */ - 811, /* "GOST R 34.10-2001" */ - 817, /* "GOST R 34.10-2001 DH" */ - 1148, /* "GOST R 34.10-2012 (256 bit) ParamSet A" */ - 1184, /* "GOST R 34.10-2012 (256 bit) ParamSet B" */ - 1185, /* "GOST R 34.10-2012 (256 bit) ParamSet C" */ - 1186, /* "GOST R 34.10-2012 (256 bit) ParamSet D" */ - 998, /* "GOST R 34.10-2012 (512 bit) ParamSet A" */ - 999, /* "GOST R 34.10-2012 (512 bit) ParamSet B" */ - 1149, /* "GOST R 34.10-2012 (512 bit) ParamSet C" */ - 997, /* "GOST R 34.10-2012 (512 bit) testing parameter set" */ - 979, /* "GOST R 34.10-2012 with 256 bit modulus" */ - 980, /* "GOST R 34.10-2012 with 512 bit modulus" */ - 985, /* "GOST R 34.10-2012 with GOST R 34.11-2012 (256 bit)" */ - 986, /* "GOST R 34.10-2012 with GOST R 34.11-2012 (512 bit)" */ - 812, /* "GOST R 34.10-94" */ - 818, /* "GOST R 34.10-94 DH" */ - 982, /* "GOST R 34.11-2012 with 256 bit hash" */ - 983, /* "GOST R 34.11-2012 with 512 bit hash" */ - 809, /* "GOST R 34.11-94" */ - 816, /* "GOST R 34.11-94 PRF" */ - 807, /* "GOST R 34.11-94 with GOST R 34.10-2001" */ - 853, /* "GOST R 34.11-94 with GOST R 34.10-2001 Cryptocom" */ - 808, /* "GOST R 34.11-94 with GOST R 34.10-94" */ - 852, /* "GOST R 34.11-94 with GOST R 34.10-94 Cryptocom" */ - 854, /* "GOST R 3410-2001 Parameter Set Cryptocom" */ - 1156, /* "HMAC DSTU Gost 34311-95" */ - 988, /* "HMAC GOST 34.11-2012 256 bit" */ - 989, /* "HMAC GOST 34.11-2012 512 bit" */ - 810, /* "HMAC GOST 34.11-94" */ - 432, /* "Hold Instruction Call Issuer" */ - 430, /* "Hold Instruction Code" */ - 431, /* "Hold Instruction None" */ - 433, /* "Hold Instruction Reject" */ - 634, /* "ICC or token signature" */ - 1171, /* "IEEE Security in Storage Working Group" */ - 1004, /* "INN" */ - 294, /* "IPSec End System" */ - 295, /* "IPSec Tunnel" */ - 296, /* "IPSec User" */ - 1140, /* "ISO CN Member Body" */ - 182, /* "ISO Member Body" */ - 183, /* "ISO US Member Body" */ - 1150, /* "ISO-UA" */ - 667, /* "Independent" */ - 665, /* "Inherit all" */ - 647, /* "International Organizations" */ - 142, /* "Invalidity Date" */ - 504, /* "MIME MHS" */ - 388, /* "Mail" */ - 383, /* "Management" */ - 417, /* "Microsoft CSP Name" */ - 135, /* "Microsoft Commercial Code Signing" */ - 138, /* "Microsoft Encrypted File System" */ - 171, /* "Microsoft Extension Request" */ - 134, /* "Microsoft Individual Code Signing" */ - 856, /* "Microsoft Local Key set" */ - 137, /* "Microsoft Server Gated Crypto" */ - 648, /* "Microsoft Smartcard Login" */ - 136, /* "Microsoft Trust List Signing" */ - 649, /* "Microsoft User Principal Name" */ - 1211, /* "NAIRealm" */ - 393, /* "NULL" */ - 404, /* "NULL" */ - 72, /* "Netscape Base Url" */ - 76, /* "Netscape CA Policy Url" */ - 74, /* "Netscape CA Revocation Url" */ - 71, /* "Netscape Cert Type" */ - 58, /* "Netscape Certificate Extension" */ - 79, /* "Netscape Certificate Sequence" */ - 78, /* "Netscape Comment" */ - 57, /* "Netscape Communications Corp." */ - 59, /* "Netscape Data Type" */ - 75, /* "Netscape Renewal Url" */ - 73, /* "Netscape Revocation Url" */ - 77, /* "Netscape SSL Server Name" */ - 139, /* "Netscape Server Gated Crypto" */ - 178, /* "OCSP" */ - 370, /* "OCSP Archive Cutoff" */ - 367, /* "OCSP CRL ID" */ - 369, /* "OCSP No Check" */ - 366, /* "OCSP Nonce" */ - 371, /* "OCSP Service Locator" */ - 180, /* "OCSP Signing" */ - 1005, /* "OGRN" */ - 1226, /* "OGRNIP" */ - 161, /* "PBES2" */ - 69, /* "PBKDF2" */ - 162, /* "PBMAC1" */ - 1032, /* "PKINIT Client Auth" */ - 127, /* "PKIX" */ - 858, /* "Permanent Identifier" */ - 164, /* "Policy Qualifier CPS" */ - 165, /* "Policy Qualifier User Notice" */ - 385, /* "Private" */ - 1093, /* "Professional Information or basis for Admission" */ - 663, /* "Proxy Certificate Information" */ - 1243, /* "RPKI Manifest" */ - 1245, /* "RPKI Notify" */ - 1, /* "RSA Data Security, Inc." */ - 2, /* "RSA Data Security, Inc. PKCS" */ - 1116, /* "RSA-SHA3-224" */ - 1117, /* "RSA-SHA3-256" */ - 1118, /* "RSA-SHA3-384" */ - 1119, /* "RSA-SHA3-512" */ - 188, /* "S/MIME" */ - 167, /* "S/MIME Capabilities" */ - 1204, /* "SM2-with-SM3" */ - 1006, /* "SNILS" */ - 387, /* "SNMPv2" */ - 1210, /* "SRVName" */ - 1025, /* "SSH Client" */ - 1026, /* "SSH Server" */ - 512, /* "Secure Electronic Transactions" */ - 386, /* "Security" */ - 394, /* "Selected Attribute Types" */ - 1029, /* "Send Owner" */ - 1030, /* "Send Proxied Owner" */ - 1028, /* "Send Proxied Router" */ - 1027, /* "Send Router" */ - 1244, /* "Signed Object" */ - 1033, /* "Signing KDC Response" */ - 1008, /* "Signing Tool of Issuer" */ - 1007, /* "Signing Tool of Subject" */ - 1208, /* "Smtp UTF8 Mailbox" */ - 143, /* "Strong Extranet ID" */ - 398, /* "Subject Information Access" */ - 1020, /* "TLS Feature" */ - 130, /* "TLS Web Client Authentication" */ - 129, /* "TLS Web Server Authentication" */ - 133, /* "Time Stamping" */ - 375, /* "Trust Root" */ - 1034, /* "X25519" */ - 1035, /* "X448" */ - 12, /* "X509" */ - 402, /* "X509v3 AC Targeting" */ - 746, /* "X509v3 Any Policy" */ - 90, /* "X509v3 Authority Key Identifier" */ - 87, /* "X509v3 Basic Constraints" */ - 103, /* "X509v3 CRL Distribution Points" */ - 88, /* "X509v3 CRL Number" */ - 141, /* "X509v3 CRL Reason Code" */ - 771, /* "X509v3 Certificate Issuer" */ - 89, /* "X509v3 Certificate Policies" */ - 140, /* "X509v3 Delta CRL Indicator" */ - 126, /* "X509v3 Extended Key Usage" */ - 857, /* "X509v3 Freshest CRL" */ - 748, /* "X509v3 Inhibit Any Policy" */ - 86, /* "X509v3 Issuer Alternative Name" */ - 770, /* "X509v3 Issuing Distribution Point" */ - 83, /* "X509v3 Key Usage" */ - 666, /* "X509v3 Name Constraints" */ - 403, /* "X509v3 No Revocation Available" */ - 401, /* "X509v3 Policy Constraints" */ - 747, /* "X509v3 Policy Mappings" */ - 84, /* "X509v3 Private Key Usage Period" */ - 85, /* "X509v3 Subject Alternative Name" */ - 769, /* "X509v3 Subject Directory Attributes" */ - 82, /* "X509v3 Subject Key Identifier" */ - 920, /* "X9.42 DH" */ - 184, /* "X9.57" */ - 185, /* "X9.57 CM ?" */ - 1209, /* "XmppAddr" */ - 478, /* "aRecord" */ - 289, /* "aaControls" */ - 287, /* "ac-auditEntity" */ - 397, /* "ac-proxying" */ - 288, /* "ac-targeting" */ - 446, /* "account" */ - 364, /* "ad dvcs" */ - 606, /* "additional verification" */ - 419, /* "aes-128-cbc" */ - 916, /* "aes-128-cbc-hmac-sha1" */ - 948, /* "aes-128-cbc-hmac-sha256" */ - 896, /* "aes-128-ccm" */ - 421, /* "aes-128-cfb" */ - 650, /* "aes-128-cfb1" */ - 653, /* "aes-128-cfb8" */ - 904, /* "aes-128-ctr" */ - 418, /* "aes-128-ecb" */ - 895, /* "aes-128-gcm" */ - 958, /* "aes-128-ocb" */ - 420, /* "aes-128-ofb" */ - 1198, /* "aes-128-siv" */ - 913, /* "aes-128-xts" */ - 423, /* "aes-192-cbc" */ - 917, /* "aes-192-cbc-hmac-sha1" */ - 949, /* "aes-192-cbc-hmac-sha256" */ - 899, /* "aes-192-ccm" */ - 425, /* "aes-192-cfb" */ - 651, /* "aes-192-cfb1" */ - 654, /* "aes-192-cfb8" */ - 905, /* "aes-192-ctr" */ - 422, /* "aes-192-ecb" */ - 898, /* "aes-192-gcm" */ - 959, /* "aes-192-ocb" */ - 424, /* "aes-192-ofb" */ - 1199, /* "aes-192-siv" */ - 427, /* "aes-256-cbc" */ - 918, /* "aes-256-cbc-hmac-sha1" */ - 950, /* "aes-256-cbc-hmac-sha256" */ - 902, /* "aes-256-ccm" */ - 429, /* "aes-256-cfb" */ - 652, /* "aes-256-cfb1" */ - 655, /* "aes-256-cfb8" */ - 906, /* "aes-256-ctr" */ - 426, /* "aes-256-ecb" */ - 901, /* "aes-256-gcm" */ - 960, /* "aes-256-ocb" */ - 428, /* "aes-256-ofb" */ - 1200, /* "aes-256-siv" */ - 914, /* "aes-256-xts" */ - 376, /* "algorithm" */ - 1066, /* "aria-128-cbc" */ - 1120, /* "aria-128-ccm" */ - 1067, /* "aria-128-cfb" */ - 1080, /* "aria-128-cfb1" */ - 1083, /* "aria-128-cfb8" */ - 1069, /* "aria-128-ctr" */ - 1065, /* "aria-128-ecb" */ - 1123, /* "aria-128-gcm" */ - 1068, /* "aria-128-ofb" */ - 1071, /* "aria-192-cbc" */ - 1121, /* "aria-192-ccm" */ - 1072, /* "aria-192-cfb" */ - 1081, /* "aria-192-cfb1" */ - 1084, /* "aria-192-cfb8" */ - 1074, /* "aria-192-ctr" */ - 1070, /* "aria-192-ecb" */ - 1124, /* "aria-192-gcm" */ - 1073, /* "aria-192-ofb" */ - 1076, /* "aria-256-cbc" */ - 1122, /* "aria-256-ccm" */ - 1077, /* "aria-256-cfb" */ - 1082, /* "aria-256-cfb1" */ - 1085, /* "aria-256-cfb8" */ - 1079, /* "aria-256-ctr" */ - 1075, /* "aria-256-ecb" */ - 1125, /* "aria-256-gcm" */ - 1078, /* "aria-256-ofb" */ - 484, /* "associatedDomain" */ - 485, /* "associatedName" */ - 501, /* "audio" */ - 1064, /* "auth-any" */ - 1049, /* "auth-dss" */ - 1047, /* "auth-ecdsa" */ - 1050, /* "auth-gost01" */ - 1051, /* "auth-gost12" */ - 1053, /* "auth-null" */ - 1048, /* "auth-psk" */ - 1046, /* "auth-rsa" */ - 1052, /* "auth-srp" */ - 882, /* "authorityRevocationList" */ - 91, /* "bf-cbc" */ - 93, /* "bf-cfb" */ - 92, /* "bf-ecb" */ - 94, /* "bf-ofb" */ - 1056, /* "blake2b512" */ - 1201, /* "blake2bmac" */ - 1057, /* "blake2s256" */ - 1202, /* "blake2smac" */ - 921, /* "brainpoolP160r1" */ - 922, /* "brainpoolP160t1" */ - 923, /* "brainpoolP192r1" */ - 924, /* "brainpoolP192t1" */ - 925, /* "brainpoolP224r1" */ - 926, /* "brainpoolP224t1" */ - 927, /* "brainpoolP256r1" */ - 928, /* "brainpoolP256t1" */ - 929, /* "brainpoolP320r1" */ - 930, /* "brainpoolP320t1" */ - 931, /* "brainpoolP384r1" */ - 932, /* "brainpoolP384t1" */ - 933, /* "brainpoolP512r1" */ - 934, /* "brainpoolP512t1" */ - 494, /* "buildingName" */ - 860, /* "businessCategory" */ - 691, /* "c2onb191v4" */ - 692, /* "c2onb191v5" */ - 697, /* "c2onb239v4" */ - 698, /* "c2onb239v5" */ - 684, /* "c2pnb163v1" */ - 685, /* "c2pnb163v2" */ - 686, /* "c2pnb163v3" */ - 687, /* "c2pnb176v1" */ - 693, /* "c2pnb208w1" */ - 699, /* "c2pnb272w1" */ - 700, /* "c2pnb304w1" */ - 702, /* "c2pnb368w1" */ - 688, /* "c2tnb191v1" */ - 689, /* "c2tnb191v2" */ - 690, /* "c2tnb191v3" */ - 694, /* "c2tnb239v1" */ - 695, /* "c2tnb239v2" */ - 696, /* "c2tnb239v3" */ - 701, /* "c2tnb359v1" */ - 703, /* "c2tnb431r1" */ - 881, /* "cACertificate" */ - 483, /* "cNAMERecord" */ - 751, /* "camellia-128-cbc" */ - 962, /* "camellia-128-ccm" */ - 757, /* "camellia-128-cfb" */ - 760, /* "camellia-128-cfb1" */ - 763, /* "camellia-128-cfb8" */ - 964, /* "camellia-128-cmac" */ - 963, /* "camellia-128-ctr" */ - 754, /* "camellia-128-ecb" */ - 961, /* "camellia-128-gcm" */ - 766, /* "camellia-128-ofb" */ - 752, /* "camellia-192-cbc" */ - 966, /* "camellia-192-ccm" */ - 758, /* "camellia-192-cfb" */ - 761, /* "camellia-192-cfb1" */ - 764, /* "camellia-192-cfb8" */ - 968, /* "camellia-192-cmac" */ - 967, /* "camellia-192-ctr" */ - 755, /* "camellia-192-ecb" */ - 965, /* "camellia-192-gcm" */ - 767, /* "camellia-192-ofb" */ - 753, /* "camellia-256-cbc" */ - 970, /* "camellia-256-ccm" */ - 759, /* "camellia-256-cfb" */ - 762, /* "camellia-256-cfb1" */ - 765, /* "camellia-256-cfb8" */ - 972, /* "camellia-256-cmac" */ - 971, /* "camellia-256-ctr" */ - 756, /* "camellia-256-ecb" */ - 969, /* "camellia-256-gcm" */ - 768, /* "camellia-256-ofb" */ - 443, /* "caseIgnoreIA5StringSyntax" */ - 108, /* "cast5-cbc" */ - 110, /* "cast5-cfb" */ - 109, /* "cast5-ecb" */ - 111, /* "cast5-ofb" */ - 152, /* "certBag" */ - 677, /* "certicom-arc" */ - 517, /* "certificate extensions" */ - 883, /* "certificateRevocationList" */ - 1019, /* "chacha20" */ - 1018, /* "chacha20-poly1305" */ - 54, /* "challengePassword" */ - 407, /* "characteristic-two-field" */ - 395, /* "clearance" */ - 633, /* "cleartext track 2" */ - 894, /* "cmac" */ - 13, /* "commonName" */ - 513, /* "content types" */ - 50, /* "contentType" */ - 53, /* "countersignature" */ - 1090, /* "countryCode3c" */ - 1091, /* "countryCode3n" */ - 14, /* "countryName" */ - 153, /* "crlBag" */ - 884, /* "crossCertificatePair" */ - 806, /* "cryptocom" */ - 805, /* "cryptopro" */ - 500, /* "dITRedirect" */ - 451, /* "dNSDomain" */ - 495, /* "dSAQuality" */ - 434, /* "data" */ - 390, /* "dcObject" */ - 891, /* "deltaRevocationList" */ - 31, /* "des-cbc" */ - 643, /* "des-cdmf" */ - 30, /* "des-cfb" */ - 656, /* "des-cfb1" */ - 657, /* "des-cfb8" */ - 29, /* "des-ecb" */ - 32, /* "des-ede" */ - 43, /* "des-ede-cbc" */ - 60, /* "des-ede-cfb" */ - 62, /* "des-ede-ofb" */ - 33, /* "des-ede3" */ - 44, /* "des-ede3-cbc" */ - 61, /* "des-ede3-cfb" */ - 658, /* "des-ede3-cfb1" */ - 659, /* "des-ede3-cfb8" */ - 63, /* "des-ede3-ofb" */ - 45, /* "des-ofb" */ - 107, /* "description" */ - 871, /* "destinationIndicator" */ - 80, /* "desx-cbc" */ - 947, /* "dh-cofactor-kdf" */ - 946, /* "dh-std-kdf" */ - 28, /* "dhKeyAgreement" */ - 941, /* "dhSinglePass-cofactorDH-sha1kdf-scheme" */ - 942, /* "dhSinglePass-cofactorDH-sha224kdf-scheme" */ - 943, /* "dhSinglePass-cofactorDH-sha256kdf-scheme" */ - 944, /* "dhSinglePass-cofactorDH-sha384kdf-scheme" */ - 945, /* "dhSinglePass-cofactorDH-sha512kdf-scheme" */ - 936, /* "dhSinglePass-stdDH-sha1kdf-scheme" */ - 937, /* "dhSinglePass-stdDH-sha224kdf-scheme" */ - 938, /* "dhSinglePass-stdDH-sha256kdf-scheme" */ - 939, /* "dhSinglePass-stdDH-sha384kdf-scheme" */ - 940, /* "dhSinglePass-stdDH-sha512kdf-scheme" */ - 11, /* "directory services (X.500)" */ - 378, /* "directory services - algorithms" */ - 887, /* "distinguishedName" */ - 892, /* "dmdName" */ - 174, /* "dnQualifier" */ - 1092, /* "dnsName" */ - 447, /* "document" */ - 471, /* "documentAuthor" */ - 468, /* "documentIdentifier" */ - 472, /* "documentLocation" */ - 502, /* "documentPublisher" */ - 449, /* "documentSeries" */ - 469, /* "documentTitle" */ - 470, /* "documentVersion" */ - 380, /* "dod" */ - 391, /* "domainComponent" */ - 452, /* "domainRelatedObject" */ - 116, /* "dsaEncryption" */ - 67, /* "dsaEncryption-old" */ - 66, /* "dsaWithSHA" */ - 113, /* "dsaWithSHA1" */ - 70, /* "dsaWithSHA1-old" */ - 802, /* "dsa_with_SHA224" */ - 803, /* "dsa_with_SHA256" */ - 1108, /* "dsa_with_SHA3-224" */ - 1109, /* "dsa_with_SHA3-256" */ - 1110, /* "dsa_with_SHA3-384" */ - 1111, /* "dsa_with_SHA3-512" */ - 1106, /* "dsa_with_SHA384" */ - 1107, /* "dsa_with_SHA512" */ - 297, /* "dvcs" */ - 791, /* "ecdsa-with-Recommended" */ - 416, /* "ecdsa-with-SHA1" */ - 793, /* "ecdsa-with-SHA224" */ - 794, /* "ecdsa-with-SHA256" */ - 795, /* "ecdsa-with-SHA384" */ - 796, /* "ecdsa-with-SHA512" */ - 792, /* "ecdsa-with-Specified" */ - 1112, /* "ecdsa_with_SHA3-224" */ - 1113, /* "ecdsa_with_SHA3-256" */ - 1114, /* "ecdsa_with_SHA3-384" */ - 1115, /* "ecdsa_with_SHA3-512" */ - 48, /* "emailAddress" */ - 632, /* "encrypted track 2" */ - 885, /* "enhancedSearchGuide" */ - 56, /* "extendedCertificateAttributes" */ - 867, /* "facsimileTelephoneNumber" */ - 462, /* "favouriteDrink" */ - 1126, /* "ffdhe2048" */ - 1127, /* "ffdhe3072" */ - 1128, /* "ffdhe4096" */ - 1129, /* "ffdhe6144" */ - 1130, /* "ffdhe8192" */ - 453, /* "friendlyCountry" */ - 490, /* "friendlyCountryName" */ - 156, /* "friendlyName" */ - 631, /* "generate cryptogram" */ - 509, /* "generationQualifier" */ - 601, /* "generic cryptogram" */ - 99, /* "givenName" */ - 1195, /* "gmac" */ - 976, /* "gost-mac-12" */ - 1009, /* "gost89-cbc" */ - 814, /* "gost89-cnt" */ - 975, /* "gost89-cnt-12" */ - 1011, /* "gost89-ctr" */ - 1010, /* "gost89-ecb" */ - 1036, /* "hkdf" */ - 855, /* "hmac" */ - 780, /* "hmac-md5" */ - 781, /* "hmac-sha1" */ - 1102, /* "hmac-sha3-224" */ - 1103, /* "hmac-sha3-256" */ - 1104, /* "hmac-sha3-384" */ - 1105, /* "hmac-sha3-512" */ - 797, /* "hmacWithMD5" */ - 163, /* "hmacWithSHA1" */ - 798, /* "hmacWithSHA224" */ - 799, /* "hmacWithSHA256" */ - 800, /* "hmacWithSHA384" */ - 801, /* "hmacWithSHA512" */ - 1193, /* "hmacWithSHA512-224" */ - 1194, /* "hmacWithSHA512-256" */ - 486, /* "homePostalAddress" */ - 473, /* "homeTelephoneNumber" */ - 466, /* "host" */ - 889, /* "houseIdentifier" */ - 442, /* "iA5StringSyntax" */ - 381, /* "iana" */ - 824, /* "id-Gost28147-89-CryptoPro-A-ParamSet" */ - 825, /* "id-Gost28147-89-CryptoPro-B-ParamSet" */ - 826, /* "id-Gost28147-89-CryptoPro-C-ParamSet" */ - 827, /* "id-Gost28147-89-CryptoPro-D-ParamSet" */ - 819, /* "id-Gost28147-89-CryptoPro-KeyMeshing" */ - 829, /* "id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet" */ - 828, /* "id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet" */ - 830, /* "id-Gost28147-89-CryptoPro-RIC-1-ParamSet" */ - 820, /* "id-Gost28147-89-None-KeyMeshing" */ - 823, /* "id-Gost28147-89-TestParamSet" */ - 840, /* "id-GostR3410-2001-CryptoPro-A-ParamSet" */ - 841, /* "id-GostR3410-2001-CryptoPro-B-ParamSet" */ - 842, /* "id-GostR3410-2001-CryptoPro-C-ParamSet" */ - 843, /* "id-GostR3410-2001-CryptoPro-XchA-ParamSet" */ - 844, /* "id-GostR3410-2001-CryptoPro-XchB-ParamSet" */ - 839, /* "id-GostR3410-2001-TestParamSet" */ - 832, /* "id-GostR3410-94-CryptoPro-A-ParamSet" */ - 833, /* "id-GostR3410-94-CryptoPro-B-ParamSet" */ - 834, /* "id-GostR3410-94-CryptoPro-C-ParamSet" */ - 835, /* "id-GostR3410-94-CryptoPro-D-ParamSet" */ - 836, /* "id-GostR3410-94-CryptoPro-XchA-ParamSet" */ - 837, /* "id-GostR3410-94-CryptoPro-XchB-ParamSet" */ - 838, /* "id-GostR3410-94-CryptoPro-XchC-ParamSet" */ - 831, /* "id-GostR3410-94-TestParamSet" */ - 845, /* "id-GostR3410-94-a" */ - 846, /* "id-GostR3410-94-aBis" */ - 847, /* "id-GostR3410-94-b" */ - 848, /* "id-GostR3410-94-bBis" */ - 822, /* "id-GostR3411-94-CryptoProParamSet" */ - 821, /* "id-GostR3411-94-TestParamSet" */ - 266, /* "id-aca" */ - 355, /* "id-aca-accessIdentity" */ - 354, /* "id-aca-authenticationInfo" */ - 356, /* "id-aca-chargingIdentity" */ - 399, /* "id-aca-encAttrs" */ - 357, /* "id-aca-group" */ - 358, /* "id-aca-role" */ - 176, /* "id-ad" */ - 788, /* "id-aes128-wrap" */ - 897, /* "id-aes128-wrap-pad" */ - 789, /* "id-aes192-wrap" */ - 900, /* "id-aes192-wrap-pad" */ - 790, /* "id-aes256-wrap" */ - 903, /* "id-aes256-wrap-pad" */ - 262, /* "id-alg" */ - 893, /* "id-alg-PWRI-KEK" */ - 323, /* "id-alg-des40" */ - 326, /* "id-alg-dh-pop" */ - 325, /* "id-alg-dh-sig-hmac-sha1" */ - 324, /* "id-alg-noSignature" */ - 907, /* "id-camellia128-wrap" */ - 908, /* "id-camellia192-wrap" */ - 909, /* "id-camellia256-wrap" */ - 268, /* "id-cct" */ - 361, /* "id-cct-PKIData" */ - 362, /* "id-cct-PKIResponse" */ - 360, /* "id-cct-crs" */ - 81, /* "id-ce" */ - 680, /* "id-characteristic-two-basis" */ - 263, /* "id-cmc" */ - 334, /* "id-cmc-addExtensions" */ - 346, /* "id-cmc-confirmCertAcceptance" */ - 330, /* "id-cmc-dataReturn" */ - 336, /* "id-cmc-decryptedPOP" */ - 335, /* "id-cmc-encryptedPOP" */ - 339, /* "id-cmc-getCRL" */ - 338, /* "id-cmc-getCert" */ - 328, /* "id-cmc-identification" */ - 329, /* "id-cmc-identityProof" */ - 337, /* "id-cmc-lraPOPWitness" */ - 344, /* "id-cmc-popLinkRandom" */ - 345, /* "id-cmc-popLinkWitness" */ - 343, /* "id-cmc-queryPending" */ - 333, /* "id-cmc-recipientNonce" */ - 341, /* "id-cmc-regInfo" */ - 342, /* "id-cmc-responseInfo" */ - 340, /* "id-cmc-revokeRequest" */ - 332, /* "id-cmc-senderNonce" */ - 327, /* "id-cmc-statusInfo" */ - 331, /* "id-cmc-transactionId" */ - 1238, /* "id-cp" */ - 787, /* "id-ct-asciiTextWithCRLF" */ - 1246, /* "id-ct-geofeedCSVwithCRLF" */ - 1237, /* "id-ct-resourceTaggedAttest" */ - 1234, /* "id-ct-routeOriginAuthz" */ - 1236, /* "id-ct-rpkiGhostbusters" */ - 1235, /* "id-ct-rpkiManifest" */ - 1247, /* "id-ct-signedChecklist" */ - 1060, /* "id-ct-xml" */ - 408, /* "id-ecPublicKey" */ - 508, /* "id-hex-multipart-message" */ - 507, /* "id-hex-partial-message" */ - 260, /* "id-it" */ - 1223, /* "id-it-caCerts" */ - 302, /* "id-it-caKeyUpdateInfo" */ - 298, /* "id-it-caProtEncCert" */ - 1225, /* "id-it-certReqTemplate" */ - 311, /* "id-it-confirmWaitTime" */ - 303, /* "id-it-currentCRL" */ - 300, /* "id-it-encKeyPairTypes" */ - 310, /* "id-it-implicitConfirm" */ - 308, /* "id-it-keyPairParamRep" */ - 307, /* "id-it-keyPairParamReq" */ - 312, /* "id-it-origPKIMessage" */ - 301, /* "id-it-preferredSymmAlg" */ - 309, /* "id-it-revPassphrase" */ - 1224, /* "id-it-rootCaKeyUpdate" */ - 299, /* "id-it-signKeyPairTypes" */ - 305, /* "id-it-subscriptionRequest" */ - 306, /* "id-it-subscriptionResponse" */ - 784, /* "id-it-suppLangTags" */ - 304, /* "id-it-unsupportedOIDs" */ - 128, /* "id-kp" */ - 280, /* "id-mod-attribute-cert" */ - 274, /* "id-mod-cmc" */ - 277, /* "id-mod-cmp" */ - 284, /* "id-mod-cmp2000" */ - 273, /* "id-mod-crmf" */ - 283, /* "id-mod-dvcs" */ - 275, /* "id-mod-kea-profile-88" */ - 276, /* "id-mod-kea-profile-93" */ - 282, /* "id-mod-ocsp" */ - 278, /* "id-mod-qualified-cert-88" */ - 279, /* "id-mod-qualified-cert-93" */ - 281, /* "id-mod-timestamp-protocol" */ - 264, /* "id-on" */ - 347, /* "id-on-personalData" */ - 265, /* "id-pda" */ - 352, /* "id-pda-countryOfCitizenship" */ - 353, /* "id-pda-countryOfResidence" */ - 348, /* "id-pda-dateOfBirth" */ - 351, /* "id-pda-gender" */ - 349, /* "id-pda-placeOfBirth" */ - 175, /* "id-pe" */ - 1031, /* "id-pkinit" */ - 261, /* "id-pkip" */ - 258, /* "id-pkix-mod" */ - 269, /* "id-pkix1-explicit-88" */ - 271, /* "id-pkix1-explicit-93" */ - 270, /* "id-pkix1-implicit-88" */ - 272, /* "id-pkix1-implicit-93" */ - 662, /* "id-ppl" */ - 267, /* "id-qcs" */ - 359, /* "id-qcs-pkixQCSyntax-v1" */ - 259, /* "id-qt" */ - 313, /* "id-regCtrl" */ - 316, /* "id-regCtrl-authenticator" */ - 319, /* "id-regCtrl-oldCertID" */ - 318, /* "id-regCtrl-pkiArchiveOptions" */ - 317, /* "id-regCtrl-pkiPublicationInfo" */ - 320, /* "id-regCtrl-protocolEncrKey" */ - 315, /* "id-regCtrl-regToken" */ - 314, /* "id-regInfo" */ - 322, /* "id-regInfo-certReq" */ - 321, /* "id-regInfo-utf8Pairs" */ - 191, /* "id-smime-aa" */ - 215, /* "id-smime-aa-contentHint" */ - 218, /* "id-smime-aa-contentIdentifier" */ - 221, /* "id-smime-aa-contentReference" */ - 240, /* "id-smime-aa-dvcs-dvc" */ - 217, /* "id-smime-aa-encapContentType" */ - 222, /* "id-smime-aa-encrypKeyPref" */ - 220, /* "id-smime-aa-equivalentLabels" */ - 232, /* "id-smime-aa-ets-CertificateRefs" */ - 233, /* "id-smime-aa-ets-RevocationRefs" */ - 238, /* "id-smime-aa-ets-archiveTimeStamp" */ - 237, /* "id-smime-aa-ets-certCRLTimestamp" */ - 234, /* "id-smime-aa-ets-certValues" */ - 227, /* "id-smime-aa-ets-commitmentType" */ - 231, /* "id-smime-aa-ets-contentTimestamp" */ - 236, /* "id-smime-aa-ets-escTimeStamp" */ - 230, /* "id-smime-aa-ets-otherSigCert" */ - 235, /* "id-smime-aa-ets-revocationValues" */ - 226, /* "id-smime-aa-ets-sigPolicyId" */ - 229, /* "id-smime-aa-ets-signerAttr" */ - 228, /* "id-smime-aa-ets-signerLocation" */ - 219, /* "id-smime-aa-macValue" */ - 214, /* "id-smime-aa-mlExpandHistory" */ - 216, /* "id-smime-aa-msgSigDigest" */ - 212, /* "id-smime-aa-receiptRequest" */ - 213, /* "id-smime-aa-securityLabel" */ - 239, /* "id-smime-aa-signatureType" */ - 223, /* "id-smime-aa-signingCertificate" */ - 1086, /* "id-smime-aa-signingCertificateV2" */ - 224, /* "id-smime-aa-smimeEncryptCerts" */ - 225, /* "id-smime-aa-timeStampToken" */ - 192, /* "id-smime-alg" */ - 243, /* "id-smime-alg-3DESwrap" */ - 246, /* "id-smime-alg-CMS3DESwrap" */ - 247, /* "id-smime-alg-CMSRC2wrap" */ - 245, /* "id-smime-alg-ESDH" */ - 241, /* "id-smime-alg-ESDHwith3DES" */ - 242, /* "id-smime-alg-ESDHwithRC2" */ - 244, /* "id-smime-alg-RC2wrap" */ - 193, /* "id-smime-cd" */ - 248, /* "id-smime-cd-ldap" */ - 190, /* "id-smime-ct" */ - 210, /* "id-smime-ct-DVCSRequestData" */ - 211, /* "id-smime-ct-DVCSResponseData" */ - 208, /* "id-smime-ct-TDTInfo" */ - 207, /* "id-smime-ct-TSTInfo" */ - 205, /* "id-smime-ct-authData" */ - 1059, /* "id-smime-ct-authEnvelopedData" */ - 786, /* "id-smime-ct-compressedData" */ - 1058, /* "id-smime-ct-contentCollection" */ - 209, /* "id-smime-ct-contentInfo" */ - 206, /* "id-smime-ct-publishCert" */ - 204, /* "id-smime-ct-receipt" */ - 195, /* "id-smime-cti" */ - 255, /* "id-smime-cti-ets-proofOfApproval" */ - 256, /* "id-smime-cti-ets-proofOfCreation" */ - 253, /* "id-smime-cti-ets-proofOfDelivery" */ - 251, /* "id-smime-cti-ets-proofOfOrigin" */ - 252, /* "id-smime-cti-ets-proofOfReceipt" */ - 254, /* "id-smime-cti-ets-proofOfSender" */ - 189, /* "id-smime-mod" */ - 196, /* "id-smime-mod-cms" */ - 197, /* "id-smime-mod-ess" */ - 202, /* "id-smime-mod-ets-eSigPolicy-88" */ - 203, /* "id-smime-mod-ets-eSigPolicy-97" */ - 200, /* "id-smime-mod-ets-eSignature-88" */ - 201, /* "id-smime-mod-ets-eSignature-97" */ - 199, /* "id-smime-mod-msg-v3" */ - 198, /* "id-smime-mod-oid" */ - 194, /* "id-smime-spq" */ - 250, /* "id-smime-spq-ets-sqt-unotice" */ - 249, /* "id-smime-spq-ets-sqt-uri" */ - 974, /* "id-tc26" */ - 991, /* "id-tc26-agreement" */ - 992, /* "id-tc26-agreement-gost-3410-2012-256" */ - 993, /* "id-tc26-agreement-gost-3410-2012-512" */ - 977, /* "id-tc26-algorithms" */ - 990, /* "id-tc26-cipher" */ - 1001, /* "id-tc26-cipher-constants" */ - 1176, /* "id-tc26-cipher-gostr3412-2015-kuznyechik" */ - 1173, /* "id-tc26-cipher-gostr3412-2015-magma" */ - 994, /* "id-tc26-constants" */ - 981, /* "id-tc26-digest" */ - 1000, /* "id-tc26-digest-constants" */ - 1002, /* "id-tc26-gost-28147-constants" */ - 1147, /* "id-tc26-gost-3410-2012-256-constants" */ - 996, /* "id-tc26-gost-3410-2012-512-constants" */ - 987, /* "id-tc26-mac" */ - 978, /* "id-tc26-sign" */ - 995, /* "id-tc26-sign-constants" */ - 984, /* "id-tc26-signwithdigest" */ - 1179, /* "id-tc26-wrap" */ - 1182, /* "id-tc26-wrap-gostr3412-2015-kuznyechik" */ - 1180, /* "id-tc26-wrap-gostr3412-2015-magma" */ - 34, /* "idea-cbc" */ - 35, /* "idea-cfb" */ - 36, /* "idea-ecb" */ - 46, /* "idea-ofb" */ - 676, /* "identified-organization" */ - 1170, /* "ieee" */ - 461, /* "info" */ - 101, /* "initials" */ - 869, /* "internationaliSDNNumber" */ - 1241, /* "ipAddr-asNumber" */ - 1242, /* "ipAddr-asNumberv2" */ - 1022, /* "ipsec Internet Key Exchange" */ - 749, /* "ipsec3" */ - 750, /* "ipsec4" */ - 181, /* "iso" */ - 623, /* "issuer capabilities" */ - 645, /* "itu-t" */ - 492, /* "janetMailbox" */ - 646, /* "joint-iso-itu-t" */ - 957, /* "jurisdictionCountryName" */ - 955, /* "jurisdictionLocalityName" */ - 956, /* "jurisdictionStateOrProvinceName" */ - 150, /* "keyBag" */ - 773, /* "kisa" */ - 1196, /* "kmac128" */ - 1197, /* "kmac256" */ - 1015, /* "kuznyechik-cbc" */ - 1016, /* "kuznyechik-cfb" */ - 1013, /* "kuznyechik-ctr" */ - 1177, /* "kuznyechik-ctr-acpkm" */ - 1178, /* "kuznyechik-ctr-acpkm-omac" */ - 1012, /* "kuznyechik-ecb" */ - 1183, /* "kuznyechik-kexp15" */ - 1017, /* "kuznyechik-mac" */ - 1014, /* "kuznyechik-ofb" */ - 1063, /* "kx-any" */ - 1039, /* "kx-dhe" */ - 1041, /* "kx-dhe-psk" */ - 1038, /* "kx-ecdhe" */ - 1040, /* "kx-ecdhe-psk" */ - 1045, /* "kx-gost" */ - 1218, /* "kx-gost18" */ - 1043, /* "kx-psk" */ - 1037, /* "kx-rsa" */ - 1042, /* "kx-rsa-psk" */ - 1044, /* "kx-srp" */ - 477, /* "lastModifiedBy" */ - 476, /* "lastModifiedTime" */ - 157, /* "localKeyID" */ - 15, /* "localityName" */ - 480, /* "mXRecord" */ - 1190, /* "magma-cbc" */ - 1191, /* "magma-cfb" */ - 1188, /* "magma-ctr" */ - 1174, /* "magma-ctr-acpkm" */ - 1175, /* "magma-ctr-acpkm-omac" */ - 1187, /* "magma-ecb" */ - 1181, /* "magma-kexp15" */ - 1192, /* "magma-mac" */ - 1189, /* "magma-ofb" */ - 493, /* "mailPreferenceOption" */ - 467, /* "manager" */ - 3, /* "md2" */ - 7, /* "md2WithRSAEncryption" */ - 257, /* "md4" */ - 396, /* "md4WithRSAEncryption" */ - 4, /* "md5" */ - 114, /* "md5-sha1" */ - 104, /* "md5WithRSA" */ - 8, /* "md5WithRSAEncryption" */ - 95, /* "mdc2" */ - 96, /* "mdc2WithRSA" */ - 875, /* "member" */ - 602, /* "merchant initiated auth" */ - 514, /* "message extensions" */ - 51, /* "messageDigest" */ - 911, /* "mgf1" */ - 506, /* "mime-mhs-bodies" */ - 505, /* "mime-mhs-headings" */ - 488, /* "mobileTelephoneNumber" */ - 1212, /* "modp_1536" */ - 1213, /* "modp_2048" */ - 1214, /* "modp_3072" */ - 1215, /* "modp_4096" */ - 1216, /* "modp_6144" */ - 1217, /* "modp_8192" */ - 481, /* "nSRecord" */ - 173, /* "name" */ - 681, /* "onBasis" */ - 379, /* "org" */ - 1089, /* "organizationIdentifier" */ - 17, /* "organizationName" */ - 491, /* "organizationalStatus" */ - 18, /* "organizationalUnitName" */ - 1141, /* "oscca" */ - 475, /* "otherMailbox" */ - 876, /* "owner" */ - 935, /* "pSpecified" */ - 489, /* "pagerTelephoneNumber" */ - 782, /* "password based MAC" */ - 374, /* "path" */ - 621, /* "payment gateway capabilities" */ - 9, /* "pbeWithMD2AndDES-CBC" */ - 168, /* "pbeWithMD2AndRC2-CBC" */ - 112, /* "pbeWithMD5AndCast5CBC" */ - 10, /* "pbeWithMD5AndDES-CBC" */ - 169, /* "pbeWithMD5AndRC2-CBC" */ - 148, /* "pbeWithSHA1And128BitRC2-CBC" */ - 144, /* "pbeWithSHA1And128BitRC4" */ - 147, /* "pbeWithSHA1And2-KeyTripleDES-CBC" */ - 146, /* "pbeWithSHA1And3-KeyTripleDES-CBC" */ - 149, /* "pbeWithSHA1And40BitRC2-CBC" */ - 145, /* "pbeWithSHA1And40BitRC4" */ - 170, /* "pbeWithSHA1AndDES-CBC" */ - 68, /* "pbeWithSHA1AndRC2-CBC" */ - 499, /* "personalSignature" */ - 487, /* "personalTitle" */ - 464, /* "photo" */ - 863, /* "physicalDeliveryOfficeName" */ - 437, /* "pilot" */ - 439, /* "pilotAttributeSyntax" */ - 438, /* "pilotAttributeType" */ - 479, /* "pilotAttributeType27" */ - 456, /* "pilotDSA" */ - 441, /* "pilotGroups" */ - 444, /* "pilotObject" */ - 440, /* "pilotObjectClass" */ - 455, /* "pilotOrganization" */ - 445, /* "pilotPerson" */ - 186, /* "pkcs1" */ - 27, /* "pkcs3" */ - 187, /* "pkcs5" */ - 20, /* "pkcs7" */ - 21, /* "pkcs7-data" */ - 25, /* "pkcs7-digestData" */ - 26, /* "pkcs7-encryptedData" */ - 23, /* "pkcs7-envelopedData" */ - 24, /* "pkcs7-signedAndEnvelopedData" */ - 22, /* "pkcs7-signedData" */ - 151, /* "pkcs8ShroudedKeyBag" */ - 47, /* "pkcs9" */ - 1061, /* "poly1305" */ - 862, /* "postOfficeBox" */ - 861, /* "postalAddress" */ - 661, /* "postalCode" */ - 683, /* "ppBasis" */ - 872, /* "preferredDeliveryMethod" */ - 873, /* "presentationAddress" */ - 406, /* "prime-field" */ - 409, /* "prime192v1" */ - 410, /* "prime192v2" */ - 411, /* "prime192v3" */ - 412, /* "prime239v1" */ - 413, /* "prime239v2" */ - 414, /* "prime239v3" */ - 415, /* "prime256v1" */ - 886, /* "protocolInformation" */ - 510, /* "pseudonym" */ - 435, /* "pss" */ - 286, /* "qcStatements" */ - 457, /* "qualityLabelledData" */ - 450, /* "rFC822localPart" */ - 98, /* "rc2-40-cbc" */ - 166, /* "rc2-64-cbc" */ - 37, /* "rc2-cbc" */ - 39, /* "rc2-cfb" */ - 38, /* "rc2-ecb" */ - 40, /* "rc2-ofb" */ - 5, /* "rc4" */ - 97, /* "rc4-40" */ - 915, /* "rc4-hmac-md5" */ - 120, /* "rc5-cbc" */ - 122, /* "rc5-cfb" */ - 121, /* "rc5-ecb" */ - 123, /* "rc5-ofb" */ - 870, /* "registeredAddress" */ - 460, /* "rfc822Mailbox" */ - 117, /* "ripemd160" */ - 119, /* "ripemd160WithRSA" */ - 400, /* "role" */ - 877, /* "roleOccupant" */ - 448, /* "room" */ - 463, /* "roomNumber" */ - 19, /* "rsa" */ - 6, /* "rsaEncryption" */ - 644, /* "rsaOAEPEncryptionSET" */ - 377, /* "rsaSignature" */ - 919, /* "rsaesOaep" */ - 912, /* "rsassaPss" */ - 482, /* "sOARecord" */ - 155, /* "safeContentsBag" */ - 291, /* "sbgp-autonomousSysNum" */ - 1240, /* "sbgp-autonomousSysNumv2" */ - 290, /* "sbgp-ipAddrBlock" */ - 1239, /* "sbgp-ipAddrBlockv2" */ - 292, /* "sbgp-routerIdentifier" */ - 973, /* "scrypt" */ - 159, /* "sdsiCertificate" */ - 859, /* "searchGuide" */ - 704, /* "secp112r1" */ - 705, /* "secp112r2" */ - 706, /* "secp128r1" */ - 707, /* "secp128r2" */ - 708, /* "secp160k1" */ - 709, /* "secp160r1" */ - 710, /* "secp160r2" */ - 711, /* "secp192k1" */ - 712, /* "secp224k1" */ - 713, /* "secp224r1" */ - 714, /* "secp256k1" */ - 715, /* "secp384r1" */ - 716, /* "secp521r1" */ - 154, /* "secretBag" */ - 474, /* "secretary" */ - 717, /* "sect113r1" */ - 718, /* "sect113r2" */ - 719, /* "sect131r1" */ - 720, /* "sect131r2" */ - 721, /* "sect163k1" */ - 722, /* "sect163r1" */ - 723, /* "sect163r2" */ - 724, /* "sect193r1" */ - 725, /* "sect193r2" */ - 726, /* "sect233k1" */ - 727, /* "sect233r1" */ - 728, /* "sect239k1" */ - 729, /* "sect283k1" */ - 730, /* "sect283r1" */ - 731, /* "sect409k1" */ - 732, /* "sect409r1" */ - 733, /* "sect571k1" */ - 734, /* "sect571r1" */ - 635, /* "secure device signature" */ - 878, /* "seeAlso" */ - 777, /* "seed-cbc" */ - 779, /* "seed-cfb" */ - 776, /* "seed-ecb" */ - 778, /* "seed-ofb" */ - 105, /* "serialNumber" */ - 625, /* "set-addPolicy" */ - 515, /* "set-attr" */ - 518, /* "set-brand" */ - 638, /* "set-brand-AmericanExpress" */ - 637, /* "set-brand-Diners" */ - 636, /* "set-brand-IATA-ATA" */ - 639, /* "set-brand-JCB" */ - 641, /* "set-brand-MasterCard" */ - 642, /* "set-brand-Novus" */ - 640, /* "set-brand-Visa" */ - 516, /* "set-policy" */ - 607, /* "set-policy-root" */ - 624, /* "set-rootKeyThumb" */ - 620, /* "setAttr-Cert" */ - 628, /* "setAttr-IssCap-CVM" */ - 630, /* "setAttr-IssCap-Sig" */ - 629, /* "setAttr-IssCap-T2" */ - 627, /* "setAttr-Token-B0Prime" */ - 626, /* "setAttr-Token-EMV" */ - 622, /* "setAttr-TokenType" */ - 619, /* "setCext-IssuerCapabilities" */ - 615, /* "setCext-PGWYcapabilities" */ - 616, /* "setCext-TokenIdentifier" */ - 618, /* "setCext-TokenType" */ - 617, /* "setCext-Track2Data" */ - 611, /* "setCext-cCertRequired" */ - 609, /* "setCext-certType" */ - 608, /* "setCext-hashedRoot" */ - 610, /* "setCext-merchData" */ - 613, /* "setCext-setExt" */ - 614, /* "setCext-setQualf" */ - 612, /* "setCext-tunneling" */ - 540, /* "setct-AcqCardCodeMsg" */ - 576, /* "setct-AcqCardCodeMsgTBE" */ - 570, /* "setct-AuthReqTBE" */ - 534, /* "setct-AuthReqTBS" */ - 527, /* "setct-AuthResBaggage" */ - 571, /* "setct-AuthResTBE" */ - 572, /* "setct-AuthResTBEX" */ - 535, /* "setct-AuthResTBS" */ - 536, /* "setct-AuthResTBSX" */ - 528, /* "setct-AuthRevReqBaggage" */ - 577, /* "setct-AuthRevReqTBE" */ - 541, /* "setct-AuthRevReqTBS" */ - 529, /* "setct-AuthRevResBaggage" */ - 542, /* "setct-AuthRevResData" */ - 578, /* "setct-AuthRevResTBE" */ - 579, /* "setct-AuthRevResTBEB" */ - 543, /* "setct-AuthRevResTBS" */ - 573, /* "setct-AuthTokenTBE" */ - 537, /* "setct-AuthTokenTBS" */ - 600, /* "setct-BCIDistributionTBS" */ - 558, /* "setct-BatchAdminReqData" */ - 592, /* "setct-BatchAdminReqTBE" */ - 559, /* "setct-BatchAdminResData" */ - 593, /* "setct-BatchAdminResTBE" */ - 599, /* "setct-CRLNotificationResTBS" */ - 598, /* "setct-CRLNotificationTBS" */ - 580, /* "setct-CapReqTBE" */ - 581, /* "setct-CapReqTBEX" */ - 544, /* "setct-CapReqTBS" */ - 545, /* "setct-CapReqTBSX" */ - 546, /* "setct-CapResData" */ - 582, /* "setct-CapResTBE" */ - 583, /* "setct-CapRevReqTBE" */ - 584, /* "setct-CapRevReqTBEX" */ - 547, /* "setct-CapRevReqTBS" */ - 548, /* "setct-CapRevReqTBSX" */ - 549, /* "setct-CapRevResData" */ - 585, /* "setct-CapRevResTBE" */ - 538, /* "setct-CapTokenData" */ - 530, /* "setct-CapTokenSeq" */ - 574, /* "setct-CapTokenTBE" */ - 575, /* "setct-CapTokenTBEX" */ - 539, /* "setct-CapTokenTBS" */ - 560, /* "setct-CardCInitResTBS" */ - 566, /* "setct-CertInqReqTBS" */ - 563, /* "setct-CertReqData" */ - 595, /* "setct-CertReqTBE" */ - 596, /* "setct-CertReqTBEX" */ - 564, /* "setct-CertReqTBS" */ - 565, /* "setct-CertResData" */ - 597, /* "setct-CertResTBE" */ - 586, /* "setct-CredReqTBE" */ - 587, /* "setct-CredReqTBEX" */ - 550, /* "setct-CredReqTBS" */ - 551, /* "setct-CredReqTBSX" */ - 552, /* "setct-CredResData" */ - 588, /* "setct-CredResTBE" */ - 589, /* "setct-CredRevReqTBE" */ - 590, /* "setct-CredRevReqTBEX" */ - 553, /* "setct-CredRevReqTBS" */ - 554, /* "setct-CredRevReqTBSX" */ - 555, /* "setct-CredRevResData" */ - 591, /* "setct-CredRevResTBE" */ - 567, /* "setct-ErrorTBS" */ - 526, /* "setct-HODInput" */ - 561, /* "setct-MeAqCInitResTBS" */ - 522, /* "setct-OIData" */ - 519, /* "setct-PANData" */ - 521, /* "setct-PANOnly" */ - 520, /* "setct-PANToken" */ - 556, /* "setct-PCertReqData" */ - 557, /* "setct-PCertResTBS" */ - 523, /* "setct-PI" */ - 532, /* "setct-PI-TBS" */ - 524, /* "setct-PIData" */ - 525, /* "setct-PIDataUnsigned" */ - 568, /* "setct-PIDualSignedTBE" */ - 569, /* "setct-PIUnsignedTBE" */ - 531, /* "setct-PInitResData" */ - 533, /* "setct-PResData" */ - 594, /* "setct-RegFormReqTBE" */ - 562, /* "setct-RegFormResTBS" */ - 604, /* "setext-pinAny" */ - 603, /* "setext-pinSecure" */ - 605, /* "setext-track2" */ - 41, /* "sha" */ - 64, /* "sha1" */ - 115, /* "sha1WithRSA" */ - 65, /* "sha1WithRSAEncryption" */ - 675, /* "sha224" */ - 671, /* "sha224WithRSAEncryption" */ - 672, /* "sha256" */ - 668, /* "sha256WithRSAEncryption" */ - 1096, /* "sha3-224" */ - 1097, /* "sha3-256" */ - 1098, /* "sha3-384" */ - 1099, /* "sha3-512" */ - 673, /* "sha384" */ - 669, /* "sha384WithRSAEncryption" */ - 674, /* "sha512" */ - 1094, /* "sha512-224" */ - 1145, /* "sha512-224WithRSAEncryption" */ - 1095, /* "sha512-256" */ - 1146, /* "sha512-256WithRSAEncryption" */ - 670, /* "sha512WithRSAEncryption" */ - 42, /* "shaWithRSAEncryption" */ - 1100, /* "shake128" */ - 1101, /* "shake256" */ - 52, /* "signingTime" */ - 454, /* "simpleSecurityObject" */ - 496, /* "singleLevelQuality" */ - 1062, /* "siphash" */ - 1142, /* "sm-scheme" */ - 1172, /* "sm2" */ - 1143, /* "sm3" */ - 1144, /* "sm3WithRSAEncryption" */ - 1134, /* "sm4-cbc" */ - 1137, /* "sm4-cfb" */ - 1136, /* "sm4-cfb1" */ - 1138, /* "sm4-cfb8" */ - 1139, /* "sm4-ctr" */ - 1133, /* "sm4-ecb" */ - 1135, /* "sm4-ofb" */ - 1203, /* "sshkdf" */ - 1205, /* "sskdf" */ - 16, /* "stateOrProvinceName" */ - 660, /* "streetAddress" */ - 498, /* "subtreeMaximumQuality" */ - 497, /* "subtreeMinimumQuality" */ - 890, /* "supportedAlgorithms" */ - 874, /* "supportedApplicationContext" */ - 100, /* "surname" */ - 864, /* "telephoneNumber" */ - 866, /* "teletexTerminalIdentifier" */ - 865, /* "telexNumber" */ - 459, /* "textEncodedORAddress" */ - 293, /* "textNotice" */ - 106, /* "title" */ - 1021, /* "tls1-prf" */ - 682, /* "tpBasis" */ - 1151, /* "ua-pki" */ - 436, /* "ucl" */ - 0, /* "undefined" */ - 102, /* "uniqueIdentifier" */ - 888, /* "uniqueMember" */ - 55, /* "unstructuredAddress" */ - 49, /* "unstructuredName" */ - 880, /* "userCertificate" */ - 465, /* "userClass" */ - 458, /* "userId" */ - 879, /* "userPassword" */ - 373, /* "valid" */ - 678, /* "wap" */ - 679, /* "wap-wsg" */ - 735, /* "wap-wsg-idm-ecid-wtls1" */ - 743, /* "wap-wsg-idm-ecid-wtls10" */ - 744, /* "wap-wsg-idm-ecid-wtls11" */ - 745, /* "wap-wsg-idm-ecid-wtls12" */ - 736, /* "wap-wsg-idm-ecid-wtls3" */ - 737, /* "wap-wsg-idm-ecid-wtls4" */ - 738, /* "wap-wsg-idm-ecid-wtls5" */ - 739, /* "wap-wsg-idm-ecid-wtls6" */ - 740, /* "wap-wsg-idm-ecid-wtls7" */ - 741, /* "wap-wsg-idm-ecid-wtls8" */ - 742, /* "wap-wsg-idm-ecid-wtls9" */ - 804, /* "whirlpool" */ - 868, /* "x121Address" */ - 503, /* "x500UniqueIdentifier" */ - 158, /* "x509Certificate" */ - 160, /* "x509Crl" */ - 1207, /* "x942kdf" */ - 1206, /* "x963kdf" */ - 125, /* "zlib compression" */ -}; - -#define NUM_OBJ 1110 -static const unsigned int obj_objs[NUM_OBJ] = { - 0, /* OBJ_undef 0 */ - 181, /* OBJ_iso 1 */ - 393, /* OBJ_joint_iso_ccitt OBJ_joint_iso_itu_t */ - 404, /* OBJ_ccitt OBJ_itu_t */ - 645, /* OBJ_itu_t 0 */ - 646, /* OBJ_joint_iso_itu_t 2 */ - 434, /* OBJ_data 0 9 */ - 182, /* OBJ_member_body 1 2 */ - 379, /* OBJ_org 1 3 */ - 676, /* OBJ_identified_organization 1 3 */ - 11, /* OBJ_X500 2 5 */ - 647, /* OBJ_international_organizations 2 23 */ - 380, /* OBJ_dod 1 3 6 */ - 1170, /* OBJ_ieee 1 3 111 */ - 12, /* OBJ_X509 2 5 4 */ - 378, /* OBJ_X500algorithms 2 5 8 */ - 81, /* OBJ_id_ce 2 5 29 */ - 512, /* OBJ_id_set 2 23 42 */ - 678, /* OBJ_wap 2 23 43 */ - 435, /* OBJ_pss 0 9 2342 */ - 1140, /* OBJ_ISO_CN 1 2 156 */ - 1150, /* OBJ_ISO_UA 1 2 804 */ - 183, /* OBJ_ISO_US 1 2 840 */ - 381, /* OBJ_iana 1 3 6 1 */ - 1034, /* OBJ_X25519 1 3 101 110 */ - 1035, /* OBJ_X448 1 3 101 111 */ - 1087, /* OBJ_ED25519 1 3 101 112 */ - 1088, /* OBJ_ED448 1 3 101 113 */ - 677, /* OBJ_certicom_arc 1 3 132 */ - 394, /* OBJ_selected_attribute_types 2 5 1 5 */ - 13, /* OBJ_commonName 2 5 4 3 */ - 100, /* OBJ_surname 2 5 4 4 */ - 105, /* OBJ_serialNumber 2 5 4 5 */ - 14, /* OBJ_countryName 2 5 4 6 */ - 15, /* OBJ_localityName 2 5 4 7 */ - 16, /* OBJ_stateOrProvinceName 2 5 4 8 */ - 660, /* OBJ_streetAddress 2 5 4 9 */ - 17, /* OBJ_organizationName 2 5 4 10 */ - 18, /* OBJ_organizationalUnitName 2 5 4 11 */ - 106, /* OBJ_title 2 5 4 12 */ - 107, /* OBJ_description 2 5 4 13 */ - 859, /* OBJ_searchGuide 2 5 4 14 */ - 860, /* OBJ_businessCategory 2 5 4 15 */ - 861, /* OBJ_postalAddress 2 5 4 16 */ - 661, /* OBJ_postalCode 2 5 4 17 */ - 862, /* OBJ_postOfficeBox 2 5 4 18 */ - 863, /* OBJ_physicalDeliveryOfficeName 2 5 4 19 */ - 864, /* OBJ_telephoneNumber 2 5 4 20 */ - 865, /* OBJ_telexNumber 2 5 4 21 */ - 866, /* OBJ_teletexTerminalIdentifier 2 5 4 22 */ - 867, /* OBJ_facsimileTelephoneNumber 2 5 4 23 */ - 868, /* OBJ_x121Address 2 5 4 24 */ - 869, /* OBJ_internationaliSDNNumber 2 5 4 25 */ - 870, /* OBJ_registeredAddress 2 5 4 26 */ - 871, /* OBJ_destinationIndicator 2 5 4 27 */ - 872, /* OBJ_preferredDeliveryMethod 2 5 4 28 */ - 873, /* OBJ_presentationAddress 2 5 4 29 */ - 874, /* OBJ_supportedApplicationContext 2 5 4 30 */ - 875, /* OBJ_member 2 5 4 31 */ - 876, /* OBJ_owner 2 5 4 32 */ - 877, /* OBJ_roleOccupant 2 5 4 33 */ - 878, /* OBJ_seeAlso 2 5 4 34 */ - 879, /* OBJ_userPassword 2 5 4 35 */ - 880, /* OBJ_userCertificate 2 5 4 36 */ - 881, /* OBJ_cACertificate 2 5 4 37 */ - 882, /* OBJ_authorityRevocationList 2 5 4 38 */ - 883, /* OBJ_certificateRevocationList 2 5 4 39 */ - 884, /* OBJ_crossCertificatePair 2 5 4 40 */ - 173, /* OBJ_name 2 5 4 41 */ - 99, /* OBJ_givenName 2 5 4 42 */ - 101, /* OBJ_initials 2 5 4 43 */ - 509, /* OBJ_generationQualifier 2 5 4 44 */ - 503, /* OBJ_x500UniqueIdentifier 2 5 4 45 */ - 174, /* OBJ_dnQualifier 2 5 4 46 */ - 885, /* OBJ_enhancedSearchGuide 2 5 4 47 */ - 886, /* OBJ_protocolInformation 2 5 4 48 */ - 887, /* OBJ_distinguishedName 2 5 4 49 */ - 888, /* OBJ_uniqueMember 2 5 4 50 */ - 889, /* OBJ_houseIdentifier 2 5 4 51 */ - 890, /* OBJ_supportedAlgorithms 2 5 4 52 */ - 891, /* OBJ_deltaRevocationList 2 5 4 53 */ - 892, /* OBJ_dmdName 2 5 4 54 */ - 510, /* OBJ_pseudonym 2 5 4 65 */ - 400, /* OBJ_role 2 5 4 72 */ - 1089, /* OBJ_organizationIdentifier 2 5 4 97 */ - 1090, /* OBJ_countryCode3c 2 5 4 98 */ - 1091, /* OBJ_countryCode3n 2 5 4 99 */ - 1092, /* OBJ_dnsName 2 5 4 100 */ - 769, /* OBJ_subject_directory_attributes 2 5 29 9 */ - 82, /* OBJ_subject_key_identifier 2 5 29 14 */ - 83, /* OBJ_key_usage 2 5 29 15 */ - 84, /* OBJ_private_key_usage_period 2 5 29 16 */ - 85, /* OBJ_subject_alt_name 2 5 29 17 */ - 86, /* OBJ_issuer_alt_name 2 5 29 18 */ - 87, /* OBJ_basic_constraints 2 5 29 19 */ - 88, /* OBJ_crl_number 2 5 29 20 */ - 141, /* OBJ_crl_reason 2 5 29 21 */ - 430, /* OBJ_hold_instruction_code 2 5 29 23 */ - 142, /* OBJ_invalidity_date 2 5 29 24 */ - 140, /* OBJ_delta_crl 2 5 29 27 */ - 770, /* OBJ_issuing_distribution_point 2 5 29 28 */ - 771, /* OBJ_certificate_issuer 2 5 29 29 */ - 666, /* OBJ_name_constraints 2 5 29 30 */ - 103, /* OBJ_crl_distribution_points 2 5 29 31 */ - 89, /* OBJ_certificate_policies 2 5 29 32 */ - 747, /* OBJ_policy_mappings 2 5 29 33 */ - 90, /* OBJ_authority_key_identifier 2 5 29 35 */ - 401, /* OBJ_policy_constraints 2 5 29 36 */ - 126, /* OBJ_ext_key_usage 2 5 29 37 */ - 857, /* OBJ_freshest_crl 2 5 29 46 */ - 748, /* OBJ_inhibit_any_policy 2 5 29 54 */ - 402, /* OBJ_target_information 2 5 29 55 */ - 403, /* OBJ_no_rev_avail 2 5 29 56 */ - 513, /* OBJ_set_ctype 2 23 42 0 */ - 514, /* OBJ_set_msgExt 2 23 42 1 */ - 515, /* OBJ_set_attr 2 23 42 3 */ - 516, /* OBJ_set_policy 2 23 42 5 */ - 517, /* OBJ_set_certExt 2 23 42 7 */ - 518, /* OBJ_set_brand 2 23 42 8 */ - 679, /* OBJ_wap_wsg 2 23 43 1 */ - 382, /* OBJ_Directory 1 3 6 1 1 */ - 383, /* OBJ_Management 1 3 6 1 2 */ - 384, /* OBJ_Experimental 1 3 6 1 3 */ - 385, /* OBJ_Private 1 3 6 1 4 */ - 386, /* OBJ_Security 1 3 6 1 5 */ - 387, /* OBJ_SNMPv2 1 3 6 1 6 */ - 388, /* OBJ_Mail 1 3 6 1 7 */ - 376, /* OBJ_algorithm 1 3 14 3 2 */ - 395, /* OBJ_clearance 2 5 1 5 55 */ - 19, /* OBJ_rsa 2 5 8 1 1 */ - 96, /* OBJ_mdc2WithRSA 2 5 8 3 100 */ - 95, /* OBJ_mdc2 2 5 8 3 101 */ - 746, /* OBJ_any_policy 2 5 29 32 0 */ - 910, /* OBJ_anyExtendedKeyUsage 2 5 29 37 0 */ - 519, /* OBJ_setct_PANData 2 23 42 0 0 */ - 520, /* OBJ_setct_PANToken 2 23 42 0 1 */ - 521, /* OBJ_setct_PANOnly 2 23 42 0 2 */ - 522, /* OBJ_setct_OIData 2 23 42 0 3 */ - 523, /* OBJ_setct_PI 2 23 42 0 4 */ - 524, /* OBJ_setct_PIData 2 23 42 0 5 */ - 525, /* OBJ_setct_PIDataUnsigned 2 23 42 0 6 */ - 526, /* OBJ_setct_HODInput 2 23 42 0 7 */ - 527, /* OBJ_setct_AuthResBaggage 2 23 42 0 8 */ - 528, /* OBJ_setct_AuthRevReqBaggage 2 23 42 0 9 */ - 529, /* OBJ_setct_AuthRevResBaggage 2 23 42 0 10 */ - 530, /* OBJ_setct_CapTokenSeq 2 23 42 0 11 */ - 531, /* OBJ_setct_PInitResData 2 23 42 0 12 */ - 532, /* OBJ_setct_PI_TBS 2 23 42 0 13 */ - 533, /* OBJ_setct_PResData 2 23 42 0 14 */ - 534, /* OBJ_setct_AuthReqTBS 2 23 42 0 16 */ - 535, /* OBJ_setct_AuthResTBS 2 23 42 0 17 */ - 536, /* OBJ_setct_AuthResTBSX 2 23 42 0 18 */ - 537, /* OBJ_setct_AuthTokenTBS 2 23 42 0 19 */ - 538, /* OBJ_setct_CapTokenData 2 23 42 0 20 */ - 539, /* OBJ_setct_CapTokenTBS 2 23 42 0 21 */ - 540, /* OBJ_setct_AcqCardCodeMsg 2 23 42 0 22 */ - 541, /* OBJ_setct_AuthRevReqTBS 2 23 42 0 23 */ - 542, /* OBJ_setct_AuthRevResData 2 23 42 0 24 */ - 543, /* OBJ_setct_AuthRevResTBS 2 23 42 0 25 */ - 544, /* OBJ_setct_CapReqTBS 2 23 42 0 26 */ - 545, /* OBJ_setct_CapReqTBSX 2 23 42 0 27 */ - 546, /* OBJ_setct_CapResData 2 23 42 0 28 */ - 547, /* OBJ_setct_CapRevReqTBS 2 23 42 0 29 */ - 548, /* OBJ_setct_CapRevReqTBSX 2 23 42 0 30 */ - 549, /* OBJ_setct_CapRevResData 2 23 42 0 31 */ - 550, /* OBJ_setct_CredReqTBS 2 23 42 0 32 */ - 551, /* OBJ_setct_CredReqTBSX 2 23 42 0 33 */ - 552, /* OBJ_setct_CredResData 2 23 42 0 34 */ - 553, /* OBJ_setct_CredRevReqTBS 2 23 42 0 35 */ - 554, /* OBJ_setct_CredRevReqTBSX 2 23 42 0 36 */ - 555, /* OBJ_setct_CredRevResData 2 23 42 0 37 */ - 556, /* OBJ_setct_PCertReqData 2 23 42 0 38 */ - 557, /* OBJ_setct_PCertResTBS 2 23 42 0 39 */ - 558, /* OBJ_setct_BatchAdminReqData 2 23 42 0 40 */ - 559, /* OBJ_setct_BatchAdminResData 2 23 42 0 41 */ - 560, /* OBJ_setct_CardCInitResTBS 2 23 42 0 42 */ - 561, /* OBJ_setct_MeAqCInitResTBS 2 23 42 0 43 */ - 562, /* OBJ_setct_RegFormResTBS 2 23 42 0 44 */ - 563, /* OBJ_setct_CertReqData 2 23 42 0 45 */ - 564, /* OBJ_setct_CertReqTBS 2 23 42 0 46 */ - 565, /* OBJ_setct_CertResData 2 23 42 0 47 */ - 566, /* OBJ_setct_CertInqReqTBS 2 23 42 0 48 */ - 567, /* OBJ_setct_ErrorTBS 2 23 42 0 49 */ - 568, /* OBJ_setct_PIDualSignedTBE 2 23 42 0 50 */ - 569, /* OBJ_setct_PIUnsignedTBE 2 23 42 0 51 */ - 570, /* OBJ_setct_AuthReqTBE 2 23 42 0 52 */ - 571, /* OBJ_setct_AuthResTBE 2 23 42 0 53 */ - 572, /* OBJ_setct_AuthResTBEX 2 23 42 0 54 */ - 573, /* OBJ_setct_AuthTokenTBE 2 23 42 0 55 */ - 574, /* OBJ_setct_CapTokenTBE 2 23 42 0 56 */ - 575, /* OBJ_setct_CapTokenTBEX 2 23 42 0 57 */ - 576, /* OBJ_setct_AcqCardCodeMsgTBE 2 23 42 0 58 */ - 577, /* OBJ_setct_AuthRevReqTBE 2 23 42 0 59 */ - 578, /* OBJ_setct_AuthRevResTBE 2 23 42 0 60 */ - 579, /* OBJ_setct_AuthRevResTBEB 2 23 42 0 61 */ - 580, /* OBJ_setct_CapReqTBE 2 23 42 0 62 */ - 581, /* OBJ_setct_CapReqTBEX 2 23 42 0 63 */ - 582, /* OBJ_setct_CapResTBE 2 23 42 0 64 */ - 583, /* OBJ_setct_CapRevReqTBE 2 23 42 0 65 */ - 584, /* OBJ_setct_CapRevReqTBEX 2 23 42 0 66 */ - 585, /* OBJ_setct_CapRevResTBE 2 23 42 0 67 */ - 586, /* OBJ_setct_CredReqTBE 2 23 42 0 68 */ - 587, /* OBJ_setct_CredReqTBEX 2 23 42 0 69 */ - 588, /* OBJ_setct_CredResTBE 2 23 42 0 70 */ - 589, /* OBJ_setct_CredRevReqTBE 2 23 42 0 71 */ - 590, /* OBJ_setct_CredRevReqTBEX 2 23 42 0 72 */ - 591, /* OBJ_setct_CredRevResTBE 2 23 42 0 73 */ - 592, /* OBJ_setct_BatchAdminReqTBE 2 23 42 0 74 */ - 593, /* OBJ_setct_BatchAdminResTBE 2 23 42 0 75 */ - 594, /* OBJ_setct_RegFormReqTBE 2 23 42 0 76 */ - 595, /* OBJ_setct_CertReqTBE 2 23 42 0 77 */ - 596, /* OBJ_setct_CertReqTBEX 2 23 42 0 78 */ - 597, /* OBJ_setct_CertResTBE 2 23 42 0 79 */ - 598, /* OBJ_setct_CRLNotificationTBS 2 23 42 0 80 */ - 599, /* OBJ_setct_CRLNotificationResTBS 2 23 42 0 81 */ - 600, /* OBJ_setct_BCIDistributionTBS 2 23 42 0 82 */ - 601, /* OBJ_setext_genCrypt 2 23 42 1 1 */ - 602, /* OBJ_setext_miAuth 2 23 42 1 3 */ - 603, /* OBJ_setext_pinSecure 2 23 42 1 4 */ - 604, /* OBJ_setext_pinAny 2 23 42 1 5 */ - 605, /* OBJ_setext_track2 2 23 42 1 7 */ - 606, /* OBJ_setext_cv 2 23 42 1 8 */ - 620, /* OBJ_setAttr_Cert 2 23 42 3 0 */ - 621, /* OBJ_setAttr_PGWYcap 2 23 42 3 1 */ - 622, /* OBJ_setAttr_TokenType 2 23 42 3 2 */ - 623, /* OBJ_setAttr_IssCap 2 23 42 3 3 */ - 607, /* OBJ_set_policy_root 2 23 42 5 0 */ - 608, /* OBJ_setCext_hashedRoot 2 23 42 7 0 */ - 609, /* OBJ_setCext_certType 2 23 42 7 1 */ - 610, /* OBJ_setCext_merchData 2 23 42 7 2 */ - 611, /* OBJ_setCext_cCertRequired 2 23 42 7 3 */ - 612, /* OBJ_setCext_tunneling 2 23 42 7 4 */ - 613, /* OBJ_setCext_setExt 2 23 42 7 5 */ - 614, /* OBJ_setCext_setQualf 2 23 42 7 6 */ - 615, /* OBJ_setCext_PGWYcapabilities 2 23 42 7 7 */ - 616, /* OBJ_setCext_TokenIdentifier 2 23 42 7 8 */ - 617, /* OBJ_setCext_Track2Data 2 23 42 7 9 */ - 618, /* OBJ_setCext_TokenType 2 23 42 7 10 */ - 619, /* OBJ_setCext_IssuerCapabilities 2 23 42 7 11 */ - 636, /* OBJ_set_brand_IATA_ATA 2 23 42 8 1 */ - 640, /* OBJ_set_brand_Visa 2 23 42 8 4 */ - 641, /* OBJ_set_brand_MasterCard 2 23 42 8 5 */ - 637, /* OBJ_set_brand_Diners 2 23 42 8 30 */ - 638, /* OBJ_set_brand_AmericanExpress 2 23 42 8 34 */ - 639, /* OBJ_set_brand_JCB 2 23 42 8 35 */ - 1195, /* OBJ_gmac 1 0 9797 3 4 */ - 1141, /* OBJ_oscca 1 2 156 10197 */ - 805, /* OBJ_cryptopro 1 2 643 2 2 */ - 806, /* OBJ_cryptocom 1 2 643 2 9 */ - 974, /* OBJ_id_tc26 1 2 643 7 1 */ - 1005, /* OBJ_OGRN 1 2 643 100 1 */ - 1006, /* OBJ_SNILS 1 2 643 100 3 */ - 1226, /* OBJ_OGRNIP 1 2 643 100 5 */ - 1007, /* OBJ_subjectSignTool 1 2 643 100 111 */ - 1008, /* OBJ_issuerSignTool 1 2 643 100 112 */ - 1227, /* OBJ_classSignTool 1 2 643 100 113 */ - 184, /* OBJ_X9_57 1 2 840 10040 */ - 405, /* OBJ_ansi_X9_62 1 2 840 10045 */ - 389, /* OBJ_Enterprises 1 3 6 1 4 1 */ - 504, /* OBJ_mime_mhs 1 3 6 1 7 1 */ - 104, /* OBJ_md5WithRSA 1 3 14 3 2 3 */ - 29, /* OBJ_des_ecb 1 3 14 3 2 6 */ - 31, /* OBJ_des_cbc 1 3 14 3 2 7 */ - 45, /* OBJ_des_ofb64 1 3 14 3 2 8 */ - 30, /* OBJ_des_cfb64 1 3 14 3 2 9 */ - 377, /* OBJ_rsaSignature 1 3 14 3 2 11 */ - 67, /* OBJ_dsa_2 1 3 14 3 2 12 */ - 66, /* OBJ_dsaWithSHA 1 3 14 3 2 13 */ - 42, /* OBJ_shaWithRSAEncryption 1 3 14 3 2 15 */ - 32, /* OBJ_des_ede_ecb 1 3 14 3 2 17 */ - 41, /* OBJ_sha 1 3 14 3 2 18 */ - 64, /* OBJ_sha1 1 3 14 3 2 26 */ - 70, /* OBJ_dsaWithSHA1_2 1 3 14 3 2 27 */ - 115, /* OBJ_sha1WithRSA 1 3 14 3 2 29 */ - 117, /* OBJ_ripemd160 1 3 36 3 2 1 */ - 1093, /* OBJ_x509ExtAdmission 1 3 36 8 3 3 */ - 143, /* OBJ_sxnet 1 3 101 1 4 1 */ - 1171, /* OBJ_ieee_siswg 1 3 111 2 1619 */ - 721, /* OBJ_sect163k1 1 3 132 0 1 */ - 722, /* OBJ_sect163r1 1 3 132 0 2 */ - 728, /* OBJ_sect239k1 1 3 132 0 3 */ - 717, /* OBJ_sect113r1 1 3 132 0 4 */ - 718, /* OBJ_sect113r2 1 3 132 0 5 */ - 704, /* OBJ_secp112r1 1 3 132 0 6 */ - 705, /* OBJ_secp112r2 1 3 132 0 7 */ - 709, /* OBJ_secp160r1 1 3 132 0 8 */ - 708, /* OBJ_secp160k1 1 3 132 0 9 */ - 714, /* OBJ_secp256k1 1 3 132 0 10 */ - 723, /* OBJ_sect163r2 1 3 132 0 15 */ - 729, /* OBJ_sect283k1 1 3 132 0 16 */ - 730, /* OBJ_sect283r1 1 3 132 0 17 */ - 719, /* OBJ_sect131r1 1 3 132 0 22 */ - 720, /* OBJ_sect131r2 1 3 132 0 23 */ - 724, /* OBJ_sect193r1 1 3 132 0 24 */ - 725, /* OBJ_sect193r2 1 3 132 0 25 */ - 726, /* OBJ_sect233k1 1 3 132 0 26 */ - 727, /* OBJ_sect233r1 1 3 132 0 27 */ - 706, /* OBJ_secp128r1 1 3 132 0 28 */ - 707, /* OBJ_secp128r2 1 3 132 0 29 */ - 710, /* OBJ_secp160r2 1 3 132 0 30 */ - 711, /* OBJ_secp192k1 1 3 132 0 31 */ - 712, /* OBJ_secp224k1 1 3 132 0 32 */ - 713, /* OBJ_secp224r1 1 3 132 0 33 */ - 715, /* OBJ_secp384r1 1 3 132 0 34 */ - 716, /* OBJ_secp521r1 1 3 132 0 35 */ - 731, /* OBJ_sect409k1 1 3 132 0 36 */ - 732, /* OBJ_sect409r1 1 3 132 0 37 */ - 733, /* OBJ_sect571k1 1 3 132 0 38 */ - 734, /* OBJ_sect571r1 1 3 132 0 39 */ - 624, /* OBJ_set_rootKeyThumb 2 23 42 3 0 0 */ - 625, /* OBJ_set_addPolicy 2 23 42 3 0 1 */ - 626, /* OBJ_setAttr_Token_EMV 2 23 42 3 2 1 */ - 627, /* OBJ_setAttr_Token_B0Prime 2 23 42 3 2 2 */ - 628, /* OBJ_setAttr_IssCap_CVM 2 23 42 3 3 3 */ - 629, /* OBJ_setAttr_IssCap_T2 2 23 42 3 3 4 */ - 630, /* OBJ_setAttr_IssCap_Sig 2 23 42 3 3 5 */ - 642, /* OBJ_set_brand_Novus 2 23 42 8 6011 */ - 735, /* OBJ_wap_wsg_idm_ecid_wtls1 2 23 43 1 4 1 */ - 736, /* OBJ_wap_wsg_idm_ecid_wtls3 2 23 43 1 4 3 */ - 737, /* OBJ_wap_wsg_idm_ecid_wtls4 2 23 43 1 4 4 */ - 738, /* OBJ_wap_wsg_idm_ecid_wtls5 2 23 43 1 4 5 */ - 739, /* OBJ_wap_wsg_idm_ecid_wtls6 2 23 43 1 4 6 */ - 740, /* OBJ_wap_wsg_idm_ecid_wtls7 2 23 43 1 4 7 */ - 741, /* OBJ_wap_wsg_idm_ecid_wtls8 2 23 43 1 4 8 */ - 742, /* OBJ_wap_wsg_idm_ecid_wtls9 2 23 43 1 4 9 */ - 743, /* OBJ_wap_wsg_idm_ecid_wtls10 2 23 43 1 4 10 */ - 744, /* OBJ_wap_wsg_idm_ecid_wtls11 2 23 43 1 4 11 */ - 745, /* OBJ_wap_wsg_idm_ecid_wtls12 2 23 43 1 4 12 */ - 804, /* OBJ_whirlpool 1 0 10118 3 0 55 */ - 1142, /* OBJ_sm_scheme 1 2 156 10197 1 */ - 773, /* OBJ_kisa 1 2 410 200004 */ - 807, /* OBJ_id_GostR3411_94_with_GostR3410_2001 1 2 643 2 2 3 */ - 808, /* OBJ_id_GostR3411_94_with_GostR3410_94 1 2 643 2 2 4 */ - 809, /* OBJ_id_GostR3411_94 1 2 643 2 2 9 */ - 810, /* OBJ_id_HMACGostR3411_94 1 2 643 2 2 10 */ - 811, /* OBJ_id_GostR3410_2001 1 2 643 2 2 19 */ - 812, /* OBJ_id_GostR3410_94 1 2 643 2 2 20 */ - 813, /* OBJ_id_Gost28147_89 1 2 643 2 2 21 */ - 815, /* OBJ_id_Gost28147_89_MAC 1 2 643 2 2 22 */ - 816, /* OBJ_id_GostR3411_94_prf 1 2 643 2 2 23 */ - 817, /* OBJ_id_GostR3410_2001DH 1 2 643 2 2 98 */ - 818, /* OBJ_id_GostR3410_94DH 1 2 643 2 2 99 */ - 977, /* OBJ_id_tc26_algorithms 1 2 643 7 1 1 */ - 994, /* OBJ_id_tc26_constants 1 2 643 7 1 2 */ - 1228, /* OBJ_classSignToolKC1 1 2 643 100 113 1 */ - 1229, /* OBJ_classSignToolKC2 1 2 643 100 113 2 */ - 1230, /* OBJ_classSignToolKC3 1 2 643 100 113 3 */ - 1231, /* OBJ_classSignToolKB1 1 2 643 100 113 4 */ - 1232, /* OBJ_classSignToolKB2 1 2 643 100 113 5 */ - 1233, /* OBJ_classSignToolKA1 1 2 643 100 113 6 */ - 1, /* OBJ_rsadsi 1 2 840 113549 */ - 185, /* OBJ_X9cm 1 2 840 10040 4 */ - 1031, /* OBJ_id_pkinit 1 3 6 1 5 2 3 */ - 127, /* OBJ_id_pkix 1 3 6 1 5 5 7 */ - 505, /* OBJ_mime_mhs_headings 1 3 6 1 7 1 1 */ - 506, /* OBJ_mime_mhs_bodies 1 3 6 1 7 1 2 */ - 119, /* OBJ_ripemd160WithRSA 1 3 36 3 3 1 2 */ - 937, /* OBJ_dhSinglePass_stdDH_sha224kdf_scheme 1 3 132 1 11 0 */ - 938, /* OBJ_dhSinglePass_stdDH_sha256kdf_scheme 1 3 132 1 11 1 */ - 939, /* OBJ_dhSinglePass_stdDH_sha384kdf_scheme 1 3 132 1 11 2 */ - 940, /* OBJ_dhSinglePass_stdDH_sha512kdf_scheme 1 3 132 1 11 3 */ - 942, /* OBJ_dhSinglePass_cofactorDH_sha224kdf_scheme 1 3 132 1 14 0 */ - 943, /* OBJ_dhSinglePass_cofactorDH_sha256kdf_scheme 1 3 132 1 14 1 */ - 944, /* OBJ_dhSinglePass_cofactorDH_sha384kdf_scheme 1 3 132 1 14 2 */ - 945, /* OBJ_dhSinglePass_cofactorDH_sha512kdf_scheme 1 3 132 1 14 3 */ - 631, /* OBJ_setAttr_GenCryptgrm 2 23 42 3 3 3 1 */ - 632, /* OBJ_setAttr_T2Enc 2 23 42 3 3 4 1 */ - 633, /* OBJ_setAttr_T2cleartxt 2 23 42 3 3 4 2 */ - 634, /* OBJ_setAttr_TokICCsig 2 23 42 3 3 5 1 */ - 635, /* OBJ_setAttr_SecDevSig 2 23 42 3 3 5 2 */ - 436, /* OBJ_ucl 0 9 2342 19200300 */ - 820, /* OBJ_id_Gost28147_89_None_KeyMeshing 1 2 643 2 2 14 0 */ - 819, /* OBJ_id_Gost28147_89_CryptoPro_KeyMeshing 1 2 643 2 2 14 1 */ - 845, /* OBJ_id_GostR3410_94_a 1 2 643 2 2 20 1 */ - 846, /* OBJ_id_GostR3410_94_aBis 1 2 643 2 2 20 2 */ - 847, /* OBJ_id_GostR3410_94_b 1 2 643 2 2 20 3 */ - 848, /* OBJ_id_GostR3410_94_bBis 1 2 643 2 2 20 4 */ - 821, /* OBJ_id_GostR3411_94_TestParamSet 1 2 643 2 2 30 0 */ - 822, /* OBJ_id_GostR3411_94_CryptoProParamSet 1 2 643 2 2 30 1 */ - 823, /* OBJ_id_Gost28147_89_TestParamSet 1 2 643 2 2 31 0 */ - 824, /* OBJ_id_Gost28147_89_CryptoPro_A_ParamSet 1 2 643 2 2 31 1 */ - 825, /* OBJ_id_Gost28147_89_CryptoPro_B_ParamSet 1 2 643 2 2 31 2 */ - 826, /* OBJ_id_Gost28147_89_CryptoPro_C_ParamSet 1 2 643 2 2 31 3 */ - 827, /* OBJ_id_Gost28147_89_CryptoPro_D_ParamSet 1 2 643 2 2 31 4 */ - 828, /* OBJ_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet 1 2 643 2 2 31 5 */ - 829, /* OBJ_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet 1 2 643 2 2 31 6 */ - 830, /* OBJ_id_Gost28147_89_CryptoPro_RIC_1_ParamSet 1 2 643 2 2 31 7 */ - 831, /* OBJ_id_GostR3410_94_TestParamSet 1 2 643 2 2 32 0 */ - 832, /* OBJ_id_GostR3410_94_CryptoPro_A_ParamSet 1 2 643 2 2 32 2 */ - 833, /* OBJ_id_GostR3410_94_CryptoPro_B_ParamSet 1 2 643 2 2 32 3 */ - 834, /* OBJ_id_GostR3410_94_CryptoPro_C_ParamSet 1 2 643 2 2 32 4 */ - 835, /* OBJ_id_GostR3410_94_CryptoPro_D_ParamSet 1 2 643 2 2 32 5 */ - 836, /* OBJ_id_GostR3410_94_CryptoPro_XchA_ParamSet 1 2 643 2 2 33 1 */ - 837, /* OBJ_id_GostR3410_94_CryptoPro_XchB_ParamSet 1 2 643 2 2 33 2 */ - 838, /* OBJ_id_GostR3410_94_CryptoPro_XchC_ParamSet 1 2 643 2 2 33 3 */ - 839, /* OBJ_id_GostR3410_2001_TestParamSet 1 2 643 2 2 35 0 */ - 840, /* OBJ_id_GostR3410_2001_CryptoPro_A_ParamSet 1 2 643 2 2 35 1 */ - 841, /* OBJ_id_GostR3410_2001_CryptoPro_B_ParamSet 1 2 643 2 2 35 2 */ - 842, /* OBJ_id_GostR3410_2001_CryptoPro_C_ParamSet 1 2 643 2 2 35 3 */ - 843, /* OBJ_id_GostR3410_2001_CryptoPro_XchA_ParamSet 1 2 643 2 2 36 0 */ - 844, /* OBJ_id_GostR3410_2001_CryptoPro_XchB_ParamSet 1 2 643 2 2 36 1 */ - 978, /* OBJ_id_tc26_sign 1 2 643 7 1 1 1 */ - 981, /* OBJ_id_tc26_digest 1 2 643 7 1 1 2 */ - 984, /* OBJ_id_tc26_signwithdigest 1 2 643 7 1 1 3 */ - 987, /* OBJ_id_tc26_mac 1 2 643 7 1 1 4 */ - 990, /* OBJ_id_tc26_cipher 1 2 643 7 1 1 5 */ - 991, /* OBJ_id_tc26_agreement 1 2 643 7 1 1 6 */ - 1179, /* OBJ_id_tc26_wrap 1 2 643 7 1 1 7 */ - 995, /* OBJ_id_tc26_sign_constants 1 2 643 7 1 2 1 */ - 1000, /* OBJ_id_tc26_digest_constants 1 2 643 7 1 2 2 */ - 1001, /* OBJ_id_tc26_cipher_constants 1 2 643 7 1 2 5 */ - 1151, /* OBJ_ua_pki 1 2 804 2 1 1 1 */ - 2, /* OBJ_pkcs 1 2 840 113549 1 */ - 431, /* OBJ_hold_instruction_none 1 2 840 10040 2 1 */ - 432, /* OBJ_hold_instruction_call_issuer 1 2 840 10040 2 2 */ - 433, /* OBJ_hold_instruction_reject 1 2 840 10040 2 3 */ - 116, /* OBJ_dsa 1 2 840 10040 4 1 */ - 113, /* OBJ_dsaWithSHA1 1 2 840 10040 4 3 */ - 406, /* OBJ_X9_62_prime_field 1 2 840 10045 1 1 */ - 407, /* OBJ_X9_62_characteristic_two_field 1 2 840 10045 1 2 */ - 408, /* OBJ_X9_62_id_ecPublicKey 1 2 840 10045 2 1 */ - 416, /* OBJ_ecdsa_with_SHA1 1 2 840 10045 4 1 */ - 791, /* OBJ_ecdsa_with_Recommended 1 2 840 10045 4 2 */ - 792, /* OBJ_ecdsa_with_Specified 1 2 840 10045 4 3 */ - 920, /* OBJ_dhpublicnumber 1 2 840 10046 2 1 */ - 1032, /* OBJ_pkInitClientAuth 1 3 6 1 5 2 3 4 */ - 1033, /* OBJ_pkInitKDC 1 3 6 1 5 2 3 5 */ - 258, /* OBJ_id_pkix_mod 1 3 6 1 5 5 7 0 */ - 175, /* OBJ_id_pe 1 3 6 1 5 5 7 1 */ - 259, /* OBJ_id_qt 1 3 6 1 5 5 7 2 */ - 128, /* OBJ_id_kp 1 3 6 1 5 5 7 3 */ - 260, /* OBJ_id_it 1 3 6 1 5 5 7 4 */ - 261, /* OBJ_id_pkip 1 3 6 1 5 5 7 5 */ - 262, /* OBJ_id_alg 1 3 6 1 5 5 7 6 */ - 263, /* OBJ_id_cmc 1 3 6 1 5 5 7 7 */ - 264, /* OBJ_id_on 1 3 6 1 5 5 7 8 */ - 265, /* OBJ_id_pda 1 3 6 1 5 5 7 9 */ - 266, /* OBJ_id_aca 1 3 6 1 5 5 7 10 */ - 267, /* OBJ_id_qcs 1 3 6 1 5 5 7 11 */ - 268, /* OBJ_id_cct 1 3 6 1 5 5 7 12 */ - 1238, /* OBJ_id_cp 1 3 6 1 5 5 7 14 */ - 662, /* OBJ_id_ppl 1 3 6 1 5 5 7 21 */ - 176, /* OBJ_id_ad 1 3 6 1 5 5 7 48 */ - 507, /* OBJ_id_hex_partial_message 1 3 6 1 7 1 1 1 */ - 508, /* OBJ_id_hex_multipart_message 1 3 6 1 7 1 1 2 */ - 57, /* OBJ_netscape 2 16 840 1 113730 */ - 754, /* OBJ_camellia_128_ecb 0 3 4401 5 3 1 9 1 */ - 766, /* OBJ_camellia_128_ofb128 0 3 4401 5 3 1 9 3 */ - 757, /* OBJ_camellia_128_cfb128 0 3 4401 5 3 1 9 4 */ - 961, /* OBJ_camellia_128_gcm 0 3 4401 5 3 1 9 6 */ - 962, /* OBJ_camellia_128_ccm 0 3 4401 5 3 1 9 7 */ - 963, /* OBJ_camellia_128_ctr 0 3 4401 5 3 1 9 9 */ - 964, /* OBJ_camellia_128_cmac 0 3 4401 5 3 1 9 10 */ - 755, /* OBJ_camellia_192_ecb 0 3 4401 5 3 1 9 21 */ - 767, /* OBJ_camellia_192_ofb128 0 3 4401 5 3 1 9 23 */ - 758, /* OBJ_camellia_192_cfb128 0 3 4401 5 3 1 9 24 */ - 965, /* OBJ_camellia_192_gcm 0 3 4401 5 3 1 9 26 */ - 966, /* OBJ_camellia_192_ccm 0 3 4401 5 3 1 9 27 */ - 967, /* OBJ_camellia_192_ctr 0 3 4401 5 3 1 9 29 */ - 968, /* OBJ_camellia_192_cmac 0 3 4401 5 3 1 9 30 */ - 756, /* OBJ_camellia_256_ecb 0 3 4401 5 3 1 9 41 */ - 768, /* OBJ_camellia_256_ofb128 0 3 4401 5 3 1 9 43 */ - 759, /* OBJ_camellia_256_cfb128 0 3 4401 5 3 1 9 44 */ - 969, /* OBJ_camellia_256_gcm 0 3 4401 5 3 1 9 46 */ - 970, /* OBJ_camellia_256_ccm 0 3 4401 5 3 1 9 47 */ - 971, /* OBJ_camellia_256_ctr 0 3 4401 5 3 1 9 49 */ - 972, /* OBJ_camellia_256_cmac 0 3 4401 5 3 1 9 50 */ - 437, /* OBJ_pilot 0 9 2342 19200300 100 */ - 1133, /* OBJ_sm4_ecb 1 2 156 10197 1 104 1 */ - 1134, /* OBJ_sm4_cbc 1 2 156 10197 1 104 2 */ - 1135, /* OBJ_sm4_ofb128 1 2 156 10197 1 104 3 */ - 1137, /* OBJ_sm4_cfb128 1 2 156 10197 1 104 4 */ - 1136, /* OBJ_sm4_cfb1 1 2 156 10197 1 104 5 */ - 1138, /* OBJ_sm4_cfb8 1 2 156 10197 1 104 6 */ - 1139, /* OBJ_sm4_ctr 1 2 156 10197 1 104 7 */ - 1172, /* OBJ_sm2 1 2 156 10197 1 301 */ - 1143, /* OBJ_sm3 1 2 156 10197 1 401 */ - 1204, /* OBJ_SM2_with_SM3 1 2 156 10197 1 501 */ - 1144, /* OBJ_sm3WithRSAEncryption 1 2 156 10197 1 504 */ - 776, /* OBJ_seed_ecb 1 2 410 200004 1 3 */ - 777, /* OBJ_seed_cbc 1 2 410 200004 1 4 */ - 779, /* OBJ_seed_cfb128 1 2 410 200004 1 5 */ - 778, /* OBJ_seed_ofb128 1 2 410 200004 1 6 */ - 852, /* OBJ_id_GostR3411_94_with_GostR3410_94_cc 1 2 643 2 9 1 3 3 */ - 853, /* OBJ_id_GostR3411_94_with_GostR3410_2001_cc 1 2 643 2 9 1 3 4 */ - 850, /* OBJ_id_GostR3410_94_cc 1 2 643 2 9 1 5 3 */ - 851, /* OBJ_id_GostR3410_2001_cc 1 2 643 2 9 1 5 4 */ - 849, /* OBJ_id_Gost28147_89_cc 1 2 643 2 9 1 6 1 */ - 854, /* OBJ_id_GostR3410_2001_ParamSet_cc 1 2 643 2 9 1 8 1 */ - 1004, /* OBJ_INN 1 2 643 3 131 1 1 */ - 979, /* OBJ_id_GostR3410_2012_256 1 2 643 7 1 1 1 1 */ - 980, /* OBJ_id_GostR3410_2012_512 1 2 643 7 1 1 1 2 */ - 982, /* OBJ_id_GostR3411_2012_256 1 2 643 7 1 1 2 2 */ - 983, /* OBJ_id_GostR3411_2012_512 1 2 643 7 1 1 2 3 */ - 985, /* OBJ_id_tc26_signwithdigest_gost3410_2012_256 1 2 643 7 1 1 3 2 */ - 986, /* OBJ_id_tc26_signwithdigest_gost3410_2012_512 1 2 643 7 1 1 3 3 */ - 988, /* OBJ_id_tc26_hmac_gost_3411_2012_256 1 2 643 7 1 1 4 1 */ - 989, /* OBJ_id_tc26_hmac_gost_3411_2012_512 1 2 643 7 1 1 4 2 */ - 1173, /* OBJ_id_tc26_cipher_gostr3412_2015_magma 1 2 643 7 1 1 5 1 */ - 1176, /* OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik 1 2 643 7 1 1 5 2 */ - 992, /* OBJ_id_tc26_agreement_gost_3410_2012_256 1 2 643 7 1 1 6 1 */ - 993, /* OBJ_id_tc26_agreement_gost_3410_2012_512 1 2 643 7 1 1 6 2 */ - 1180, /* OBJ_id_tc26_wrap_gostr3412_2015_magma 1 2 643 7 1 1 7 1 */ - 1182, /* OBJ_id_tc26_wrap_gostr3412_2015_kuznyechik 1 2 643 7 1 1 7 2 */ - 1147, /* OBJ_id_tc26_gost_3410_2012_256_constants 1 2 643 7 1 2 1 1 */ - 996, /* OBJ_id_tc26_gost_3410_2012_512_constants 1 2 643 7 1 2 1 2 */ - 1002, /* OBJ_id_tc26_gost_28147_constants 1 2 643 7 1 2 5 1 */ - 186, /* OBJ_pkcs1 1 2 840 113549 1 1 */ - 27, /* OBJ_pkcs3 1 2 840 113549 1 3 */ - 187, /* OBJ_pkcs5 1 2 840 113549 1 5 */ - 20, /* OBJ_pkcs7 1 2 840 113549 1 7 */ - 47, /* OBJ_pkcs9 1 2 840 113549 1 9 */ - 3, /* OBJ_md2 1 2 840 113549 2 2 */ - 257, /* OBJ_md4 1 2 840 113549 2 4 */ - 4, /* OBJ_md5 1 2 840 113549 2 5 */ - 797, /* OBJ_hmacWithMD5 1 2 840 113549 2 6 */ - 163, /* OBJ_hmacWithSHA1 1 2 840 113549 2 7 */ - 798, /* OBJ_hmacWithSHA224 1 2 840 113549 2 8 */ - 799, /* OBJ_hmacWithSHA256 1 2 840 113549 2 9 */ - 800, /* OBJ_hmacWithSHA384 1 2 840 113549 2 10 */ - 801, /* OBJ_hmacWithSHA512 1 2 840 113549 2 11 */ - 1193, /* OBJ_hmacWithSHA512_224 1 2 840 113549 2 12 */ - 1194, /* OBJ_hmacWithSHA512_256 1 2 840 113549 2 13 */ - 37, /* OBJ_rc2_cbc 1 2 840 113549 3 2 */ - 5, /* OBJ_rc4 1 2 840 113549 3 4 */ - 44, /* OBJ_des_ede3_cbc 1 2 840 113549 3 7 */ - 120, /* OBJ_rc5_cbc 1 2 840 113549 3 8 */ - 643, /* OBJ_des_cdmf 1 2 840 113549 3 10 */ - 680, /* OBJ_X9_62_id_characteristic_two_basis 1 2 840 10045 1 2 3 */ - 684, /* OBJ_X9_62_c2pnb163v1 1 2 840 10045 3 0 1 */ - 685, /* OBJ_X9_62_c2pnb163v2 1 2 840 10045 3 0 2 */ - 686, /* OBJ_X9_62_c2pnb163v3 1 2 840 10045 3 0 3 */ - 687, /* OBJ_X9_62_c2pnb176v1 1 2 840 10045 3 0 4 */ - 688, /* OBJ_X9_62_c2tnb191v1 1 2 840 10045 3 0 5 */ - 689, /* OBJ_X9_62_c2tnb191v2 1 2 840 10045 3 0 6 */ - 690, /* OBJ_X9_62_c2tnb191v3 1 2 840 10045 3 0 7 */ - 691, /* OBJ_X9_62_c2onb191v4 1 2 840 10045 3 0 8 */ - 692, /* OBJ_X9_62_c2onb191v5 1 2 840 10045 3 0 9 */ - 693, /* OBJ_X9_62_c2pnb208w1 1 2 840 10045 3 0 10 */ - 694, /* OBJ_X9_62_c2tnb239v1 1 2 840 10045 3 0 11 */ - 695, /* OBJ_X9_62_c2tnb239v2 1 2 840 10045 3 0 12 */ - 696, /* OBJ_X9_62_c2tnb239v3 1 2 840 10045 3 0 13 */ - 697, /* OBJ_X9_62_c2onb239v4 1 2 840 10045 3 0 14 */ - 698, /* OBJ_X9_62_c2onb239v5 1 2 840 10045 3 0 15 */ - 699, /* OBJ_X9_62_c2pnb272w1 1 2 840 10045 3 0 16 */ - 700, /* OBJ_X9_62_c2pnb304w1 1 2 840 10045 3 0 17 */ - 701, /* OBJ_X9_62_c2tnb359v1 1 2 840 10045 3 0 18 */ - 702, /* OBJ_X9_62_c2pnb368w1 1 2 840 10045 3 0 19 */ - 703, /* OBJ_X9_62_c2tnb431r1 1 2 840 10045 3 0 20 */ - 409, /* OBJ_X9_62_prime192v1 1 2 840 10045 3 1 1 */ - 410, /* OBJ_X9_62_prime192v2 1 2 840 10045 3 1 2 */ - 411, /* OBJ_X9_62_prime192v3 1 2 840 10045 3 1 3 */ - 412, /* OBJ_X9_62_prime239v1 1 2 840 10045 3 1 4 */ - 413, /* OBJ_X9_62_prime239v2 1 2 840 10045 3 1 5 */ - 414, /* OBJ_X9_62_prime239v3 1 2 840 10045 3 1 6 */ - 415, /* OBJ_X9_62_prime256v1 1 2 840 10045 3 1 7 */ - 793, /* OBJ_ecdsa_with_SHA224 1 2 840 10045 4 3 1 */ - 794, /* OBJ_ecdsa_with_SHA256 1 2 840 10045 4 3 2 */ - 795, /* OBJ_ecdsa_with_SHA384 1 2 840 10045 4 3 3 */ - 796, /* OBJ_ecdsa_with_SHA512 1 2 840 10045 4 3 4 */ - 269, /* OBJ_id_pkix1_explicit_88 1 3 6 1 5 5 7 0 1 */ - 270, /* OBJ_id_pkix1_implicit_88 1 3 6 1 5 5 7 0 2 */ - 271, /* OBJ_id_pkix1_explicit_93 1 3 6 1 5 5 7 0 3 */ - 272, /* OBJ_id_pkix1_implicit_93 1 3 6 1 5 5 7 0 4 */ - 273, /* OBJ_id_mod_crmf 1 3 6 1 5 5 7 0 5 */ - 274, /* OBJ_id_mod_cmc 1 3 6 1 5 5 7 0 6 */ - 275, /* OBJ_id_mod_kea_profile_88 1 3 6 1 5 5 7 0 7 */ - 276, /* OBJ_id_mod_kea_profile_93 1 3 6 1 5 5 7 0 8 */ - 277, /* OBJ_id_mod_cmp 1 3 6 1 5 5 7 0 9 */ - 278, /* OBJ_id_mod_qualified_cert_88 1 3 6 1 5 5 7 0 10 */ - 279, /* OBJ_id_mod_qualified_cert_93 1 3 6 1 5 5 7 0 11 */ - 280, /* OBJ_id_mod_attribute_cert 1 3 6 1 5 5 7 0 12 */ - 281, /* OBJ_id_mod_timestamp_protocol 1 3 6 1 5 5 7 0 13 */ - 282, /* OBJ_id_mod_ocsp 1 3 6 1 5 5 7 0 14 */ - 283, /* OBJ_id_mod_dvcs 1 3 6 1 5 5 7 0 15 */ - 284, /* OBJ_id_mod_cmp2000 1 3 6 1 5 5 7 0 16 */ - 177, /* OBJ_info_access 1 3 6 1 5 5 7 1 1 */ - 285, /* OBJ_biometricInfo 1 3 6 1 5 5 7 1 2 */ - 286, /* OBJ_qcStatements 1 3 6 1 5 5 7 1 3 */ - 287, /* OBJ_ac_auditEntity 1 3 6 1 5 5 7 1 4 */ - 288, /* OBJ_ac_targeting 1 3 6 1 5 5 7 1 5 */ - 289, /* OBJ_aaControls 1 3 6 1 5 5 7 1 6 */ - 290, /* OBJ_sbgp_ipAddrBlock 1 3 6 1 5 5 7 1 7 */ - 291, /* OBJ_sbgp_autonomousSysNum 1 3 6 1 5 5 7 1 8 */ - 292, /* OBJ_sbgp_routerIdentifier 1 3 6 1 5 5 7 1 9 */ - 397, /* OBJ_ac_proxying 1 3 6 1 5 5 7 1 10 */ - 398, /* OBJ_sinfo_access 1 3 6 1 5 5 7 1 11 */ - 663, /* OBJ_proxyCertInfo 1 3 6 1 5 5 7 1 14 */ - 1020, /* OBJ_tlsfeature 1 3 6 1 5 5 7 1 24 */ - 1239, /* OBJ_sbgp_ipAddrBlockv2 1 3 6 1 5 5 7 1 28 */ - 1240, /* OBJ_sbgp_autonomousSysNumv2 1 3 6 1 5 5 7 1 29 */ - 164, /* OBJ_id_qt_cps 1 3 6 1 5 5 7 2 1 */ - 165, /* OBJ_id_qt_unotice 1 3 6 1 5 5 7 2 2 */ - 293, /* OBJ_textNotice 1 3 6 1 5 5 7 2 3 */ - 129, /* OBJ_server_auth 1 3 6 1 5 5 7 3 1 */ - 130, /* OBJ_client_auth 1 3 6 1 5 5 7 3 2 */ - 131, /* OBJ_code_sign 1 3 6 1 5 5 7 3 3 */ - 132, /* OBJ_email_protect 1 3 6 1 5 5 7 3 4 */ - 294, /* OBJ_ipsecEndSystem 1 3 6 1 5 5 7 3 5 */ - 295, /* OBJ_ipsecTunnel 1 3 6 1 5 5 7 3 6 */ - 296, /* OBJ_ipsecUser 1 3 6 1 5 5 7 3 7 */ - 133, /* OBJ_time_stamp 1 3 6 1 5 5 7 3 8 */ - 180, /* OBJ_OCSP_sign 1 3 6 1 5 5 7 3 9 */ - 297, /* OBJ_dvcs 1 3 6 1 5 5 7 3 10 */ - 1022, /* OBJ_ipsec_IKE 1 3 6 1 5 5 7 3 17 */ - 1023, /* OBJ_capwapAC 1 3 6 1 5 5 7 3 18 */ - 1024, /* OBJ_capwapWTP 1 3 6 1 5 5 7 3 19 */ - 1025, /* OBJ_sshClient 1 3 6 1 5 5 7 3 21 */ - 1026, /* OBJ_sshServer 1 3 6 1 5 5 7 3 22 */ - 1027, /* OBJ_sendRouter 1 3 6 1 5 5 7 3 23 */ - 1028, /* OBJ_sendProxiedRouter 1 3 6 1 5 5 7 3 24 */ - 1029, /* OBJ_sendOwner 1 3 6 1 5 5 7 3 25 */ - 1030, /* OBJ_sendProxiedOwner 1 3 6 1 5 5 7 3 26 */ - 1131, /* OBJ_cmcCA 1 3 6 1 5 5 7 3 27 */ - 1132, /* OBJ_cmcRA 1 3 6 1 5 5 7 3 28 */ - 1219, /* OBJ_cmcArchive 1 3 6 1 5 5 7 3 29 */ - 1220, /* OBJ_id_kp_bgpsec_router 1 3 6 1 5 5 7 3 30 */ - 1221, /* OBJ_id_kp_BrandIndicatorforMessageIdentification 1 3 6 1 5 5 7 3 31 */ - 1222, /* OBJ_cmKGA 1 3 6 1 5 5 7 3 32 */ - 298, /* OBJ_id_it_caProtEncCert 1 3 6 1 5 5 7 4 1 */ - 299, /* OBJ_id_it_signKeyPairTypes 1 3 6 1 5 5 7 4 2 */ - 300, /* OBJ_id_it_encKeyPairTypes 1 3 6 1 5 5 7 4 3 */ - 301, /* OBJ_id_it_preferredSymmAlg 1 3 6 1 5 5 7 4 4 */ - 302, /* OBJ_id_it_caKeyUpdateInfo 1 3 6 1 5 5 7 4 5 */ - 303, /* OBJ_id_it_currentCRL 1 3 6 1 5 5 7 4 6 */ - 304, /* OBJ_id_it_unsupportedOIDs 1 3 6 1 5 5 7 4 7 */ - 305, /* OBJ_id_it_subscriptionRequest 1 3 6 1 5 5 7 4 8 */ - 306, /* OBJ_id_it_subscriptionResponse 1 3 6 1 5 5 7 4 9 */ - 307, /* OBJ_id_it_keyPairParamReq 1 3 6 1 5 5 7 4 10 */ - 308, /* OBJ_id_it_keyPairParamRep 1 3 6 1 5 5 7 4 11 */ - 309, /* OBJ_id_it_revPassphrase 1 3 6 1 5 5 7 4 12 */ - 310, /* OBJ_id_it_implicitConfirm 1 3 6 1 5 5 7 4 13 */ - 311, /* OBJ_id_it_confirmWaitTime 1 3 6 1 5 5 7 4 14 */ - 312, /* OBJ_id_it_origPKIMessage 1 3 6 1 5 5 7 4 15 */ - 784, /* OBJ_id_it_suppLangTags 1 3 6 1 5 5 7 4 16 */ - 1223, /* OBJ_id_it_caCerts 1 3 6 1 5 5 7 4 17 */ - 1224, /* OBJ_id_it_rootCaKeyUpdate 1 3 6 1 5 5 7 4 18 */ - 1225, /* OBJ_id_it_certReqTemplate 1 3 6 1 5 5 7 4 19 */ - 313, /* OBJ_id_regCtrl 1 3 6 1 5 5 7 5 1 */ - 314, /* OBJ_id_regInfo 1 3 6 1 5 5 7 5 2 */ - 323, /* OBJ_id_alg_des40 1 3 6 1 5 5 7 6 1 */ - 324, /* OBJ_id_alg_noSignature 1 3 6 1 5 5 7 6 2 */ - 325, /* OBJ_id_alg_dh_sig_hmac_sha1 1 3 6 1 5 5 7 6 3 */ - 326, /* OBJ_id_alg_dh_pop 1 3 6 1 5 5 7 6 4 */ - 327, /* OBJ_id_cmc_statusInfo 1 3 6 1 5 5 7 7 1 */ - 328, /* OBJ_id_cmc_identification 1 3 6 1 5 5 7 7 2 */ - 329, /* OBJ_id_cmc_identityProof 1 3 6 1 5 5 7 7 3 */ - 330, /* OBJ_id_cmc_dataReturn 1 3 6 1 5 5 7 7 4 */ - 331, /* OBJ_id_cmc_transactionId 1 3 6 1 5 5 7 7 5 */ - 332, /* OBJ_id_cmc_senderNonce 1 3 6 1 5 5 7 7 6 */ - 333, /* OBJ_id_cmc_recipientNonce 1 3 6 1 5 5 7 7 7 */ - 334, /* OBJ_id_cmc_addExtensions 1 3 6 1 5 5 7 7 8 */ - 335, /* OBJ_id_cmc_encryptedPOP 1 3 6 1 5 5 7 7 9 */ - 336, /* OBJ_id_cmc_decryptedPOP 1 3 6 1 5 5 7 7 10 */ - 337, /* OBJ_id_cmc_lraPOPWitness 1 3 6 1 5 5 7 7 11 */ - 338, /* OBJ_id_cmc_getCert 1 3 6 1 5 5 7 7 15 */ - 339, /* OBJ_id_cmc_getCRL 1 3 6 1 5 5 7 7 16 */ - 340, /* OBJ_id_cmc_revokeRequest 1 3 6 1 5 5 7 7 17 */ - 341, /* OBJ_id_cmc_regInfo 1 3 6 1 5 5 7 7 18 */ - 342, /* OBJ_id_cmc_responseInfo 1 3 6 1 5 5 7 7 19 */ - 343, /* OBJ_id_cmc_queryPending 1 3 6 1 5 5 7 7 21 */ - 344, /* OBJ_id_cmc_popLinkRandom 1 3 6 1 5 5 7 7 22 */ - 345, /* OBJ_id_cmc_popLinkWitness 1 3 6 1 5 5 7 7 23 */ - 346, /* OBJ_id_cmc_confirmCertAcceptance 1 3 6 1 5 5 7 7 24 */ - 347, /* OBJ_id_on_personalData 1 3 6 1 5 5 7 8 1 */ - 858, /* OBJ_id_on_permanentIdentifier 1 3 6 1 5 5 7 8 3 */ - 1209, /* OBJ_XmppAddr 1 3 6 1 5 5 7 8 5 */ - 1210, /* OBJ_SRVName 1 3 6 1 5 5 7 8 7 */ - 1211, /* OBJ_NAIRealm 1 3 6 1 5 5 7 8 8 */ - 1208, /* OBJ_id_on_SmtpUTF8Mailbox 1 3 6 1 5 5 7 8 9 */ - 348, /* OBJ_id_pda_dateOfBirth 1 3 6 1 5 5 7 9 1 */ - 349, /* OBJ_id_pda_placeOfBirth 1 3 6 1 5 5 7 9 2 */ - 351, /* OBJ_id_pda_gender 1 3 6 1 5 5 7 9 3 */ - 352, /* OBJ_id_pda_countryOfCitizenship 1 3 6 1 5 5 7 9 4 */ - 353, /* OBJ_id_pda_countryOfResidence 1 3 6 1 5 5 7 9 5 */ - 354, /* OBJ_id_aca_authenticationInfo 1 3 6 1 5 5 7 10 1 */ - 355, /* OBJ_id_aca_accessIdentity 1 3 6 1 5 5 7 10 2 */ - 356, /* OBJ_id_aca_chargingIdentity 1 3 6 1 5 5 7 10 3 */ - 357, /* OBJ_id_aca_group 1 3 6 1 5 5 7 10 4 */ - 358, /* OBJ_id_aca_role 1 3 6 1 5 5 7 10 5 */ - 399, /* OBJ_id_aca_encAttrs 1 3 6 1 5 5 7 10 6 */ - 359, /* OBJ_id_qcs_pkixQCSyntax_v1 1 3 6 1 5 5 7 11 1 */ - 360, /* OBJ_id_cct_crs 1 3 6 1 5 5 7 12 1 */ - 361, /* OBJ_id_cct_PKIData 1 3 6 1 5 5 7 12 2 */ - 362, /* OBJ_id_cct_PKIResponse 1 3 6 1 5 5 7 12 3 */ - 1241, /* OBJ_ipAddr_asNumber 1 3 6 1 5 5 7 14 2 */ - 1242, /* OBJ_ipAddr_asNumberv2 1 3 6 1 5 5 7 14 3 */ - 664, /* OBJ_id_ppl_anyLanguage 1 3 6 1 5 5 7 21 0 */ - 665, /* OBJ_id_ppl_inheritAll 1 3 6 1 5 5 7 21 1 */ - 667, /* OBJ_Independent 1 3 6 1 5 5 7 21 2 */ - 178, /* OBJ_ad_OCSP 1 3 6 1 5 5 7 48 1 */ - 179, /* OBJ_ad_ca_issuers 1 3 6 1 5 5 7 48 2 */ - 363, /* OBJ_ad_timeStamping 1 3 6 1 5 5 7 48 3 */ - 364, /* OBJ_ad_dvcs 1 3 6 1 5 5 7 48 4 */ - 785, /* OBJ_caRepository 1 3 6 1 5 5 7 48 5 */ - 1243, /* OBJ_rpkiManifest 1 3 6 1 5 5 7 48 10 */ - 1244, /* OBJ_signedObject 1 3 6 1 5 5 7 48 11 */ - 1245, /* OBJ_rpkiNotify 1 3 6 1 5 5 7 48 13 */ - 780, /* OBJ_hmac_md5 1 3 6 1 5 5 8 1 1 */ - 781, /* OBJ_hmac_sha1 1 3 6 1 5 5 8 1 2 */ - 913, /* OBJ_aes_128_xts 1 3 111 2 1619 0 1 1 */ - 914, /* OBJ_aes_256_xts 1 3 111 2 1619 0 1 2 */ - 58, /* OBJ_netscape_cert_extension 2 16 840 1 113730 1 */ - 59, /* OBJ_netscape_data_type 2 16 840 1 113730 2 */ - 438, /* OBJ_pilotAttributeType 0 9 2342 19200300 100 1 */ - 439, /* OBJ_pilotAttributeSyntax 0 9 2342 19200300 100 3 */ - 440, /* OBJ_pilotObjectClass 0 9 2342 19200300 100 4 */ - 441, /* OBJ_pilotGroups 0 9 2342 19200300 100 10 */ - 1065, /* OBJ_aria_128_ecb 1 2 410 200046 1 1 1 */ - 1066, /* OBJ_aria_128_cbc 1 2 410 200046 1 1 2 */ - 1067, /* OBJ_aria_128_cfb128 1 2 410 200046 1 1 3 */ - 1068, /* OBJ_aria_128_ofb128 1 2 410 200046 1 1 4 */ - 1069, /* OBJ_aria_128_ctr 1 2 410 200046 1 1 5 */ - 1070, /* OBJ_aria_192_ecb 1 2 410 200046 1 1 6 */ - 1071, /* OBJ_aria_192_cbc 1 2 410 200046 1 1 7 */ - 1072, /* OBJ_aria_192_cfb128 1 2 410 200046 1 1 8 */ - 1073, /* OBJ_aria_192_ofb128 1 2 410 200046 1 1 9 */ - 1074, /* OBJ_aria_192_ctr 1 2 410 200046 1 1 10 */ - 1075, /* OBJ_aria_256_ecb 1 2 410 200046 1 1 11 */ - 1076, /* OBJ_aria_256_cbc 1 2 410 200046 1 1 12 */ - 1077, /* OBJ_aria_256_cfb128 1 2 410 200046 1 1 13 */ - 1078, /* OBJ_aria_256_ofb128 1 2 410 200046 1 1 14 */ - 1079, /* OBJ_aria_256_ctr 1 2 410 200046 1 1 15 */ - 1123, /* OBJ_aria_128_gcm 1 2 410 200046 1 1 34 */ - 1124, /* OBJ_aria_192_gcm 1 2 410 200046 1 1 35 */ - 1125, /* OBJ_aria_256_gcm 1 2 410 200046 1 1 36 */ - 1120, /* OBJ_aria_128_ccm 1 2 410 200046 1 1 37 */ - 1121, /* OBJ_aria_192_ccm 1 2 410 200046 1 1 38 */ - 1122, /* OBJ_aria_256_ccm 1 2 410 200046 1 1 39 */ - 1174, /* OBJ_magma_ctr_acpkm 1 2 643 7 1 1 5 1 1 */ - 1175, /* OBJ_magma_ctr_acpkm_omac 1 2 643 7 1 1 5 1 2 */ - 1177, /* OBJ_kuznyechik_ctr_acpkm 1 2 643 7 1 1 5 2 1 */ - 1178, /* OBJ_kuznyechik_ctr_acpkm_omac 1 2 643 7 1 1 5 2 2 */ - 1181, /* OBJ_magma_kexp15 1 2 643 7 1 1 7 1 1 */ - 1183, /* OBJ_kuznyechik_kexp15 1 2 643 7 1 1 7 2 1 */ - 1148, /* OBJ_id_tc26_gost_3410_2012_256_paramSetA 1 2 643 7 1 2 1 1 1 */ - 1184, /* OBJ_id_tc26_gost_3410_2012_256_paramSetB 1 2 643 7 1 2 1 1 2 */ - 1185, /* OBJ_id_tc26_gost_3410_2012_256_paramSetC 1 2 643 7 1 2 1 1 3 */ - 1186, /* OBJ_id_tc26_gost_3410_2012_256_paramSetD 1 2 643 7 1 2 1 1 4 */ - 997, /* OBJ_id_tc26_gost_3410_2012_512_paramSetTest 1 2 643 7 1 2 1 2 0 */ - 998, /* OBJ_id_tc26_gost_3410_2012_512_paramSetA 1 2 643 7 1 2 1 2 1 */ - 999, /* OBJ_id_tc26_gost_3410_2012_512_paramSetB 1 2 643 7 1 2 1 2 2 */ - 1149, /* OBJ_id_tc26_gost_3410_2012_512_paramSetC 1 2 643 7 1 2 1 2 3 */ - 1003, /* OBJ_id_tc26_gost_28147_param_Z 1 2 643 7 1 2 5 1 1 */ - 108, /* OBJ_cast5_cbc 1 2 840 113533 7 66 10 */ - 112, /* OBJ_pbeWithMD5AndCast5_CBC 1 2 840 113533 7 66 12 */ - 782, /* OBJ_id_PasswordBasedMAC 1 2 840 113533 7 66 13 */ - 783, /* OBJ_id_DHBasedMac 1 2 840 113533 7 66 30 */ - 6, /* OBJ_rsaEncryption 1 2 840 113549 1 1 1 */ - 7, /* OBJ_md2WithRSAEncryption 1 2 840 113549 1 1 2 */ - 396, /* OBJ_md4WithRSAEncryption 1 2 840 113549 1 1 3 */ - 8, /* OBJ_md5WithRSAEncryption 1 2 840 113549 1 1 4 */ - 65, /* OBJ_sha1WithRSAEncryption 1 2 840 113549 1 1 5 */ - 644, /* OBJ_rsaOAEPEncryptionSET 1 2 840 113549 1 1 6 */ - 919, /* OBJ_rsaesOaep 1 2 840 113549 1 1 7 */ - 911, /* OBJ_mgf1 1 2 840 113549 1 1 8 */ - 935, /* OBJ_pSpecified 1 2 840 113549 1 1 9 */ - 912, /* OBJ_rsassaPss 1 2 840 113549 1 1 10 */ - 668, /* OBJ_sha256WithRSAEncryption 1 2 840 113549 1 1 11 */ - 669, /* OBJ_sha384WithRSAEncryption 1 2 840 113549 1 1 12 */ - 670, /* OBJ_sha512WithRSAEncryption 1 2 840 113549 1 1 13 */ - 671, /* OBJ_sha224WithRSAEncryption 1 2 840 113549 1 1 14 */ - 1145, /* OBJ_sha512_224WithRSAEncryption 1 2 840 113549 1 1 15 */ - 1146, /* OBJ_sha512_256WithRSAEncryption 1 2 840 113549 1 1 16 */ - 28, /* OBJ_dhKeyAgreement 1 2 840 113549 1 3 1 */ - 9, /* OBJ_pbeWithMD2AndDES_CBC 1 2 840 113549 1 5 1 */ - 10, /* OBJ_pbeWithMD5AndDES_CBC 1 2 840 113549 1 5 3 */ - 168, /* OBJ_pbeWithMD2AndRC2_CBC 1 2 840 113549 1 5 4 */ - 169, /* OBJ_pbeWithMD5AndRC2_CBC 1 2 840 113549 1 5 6 */ - 170, /* OBJ_pbeWithSHA1AndDES_CBC 1 2 840 113549 1 5 10 */ - 68, /* OBJ_pbeWithSHA1AndRC2_CBC 1 2 840 113549 1 5 11 */ - 69, /* OBJ_id_pbkdf2 1 2 840 113549 1 5 12 */ - 161, /* OBJ_pbes2 1 2 840 113549 1 5 13 */ - 162, /* OBJ_pbmac1 1 2 840 113549 1 5 14 */ - 21, /* OBJ_pkcs7_data 1 2 840 113549 1 7 1 */ - 22, /* OBJ_pkcs7_signed 1 2 840 113549 1 7 2 */ - 23, /* OBJ_pkcs7_enveloped 1 2 840 113549 1 7 3 */ - 24, /* OBJ_pkcs7_signedAndEnveloped 1 2 840 113549 1 7 4 */ - 25, /* OBJ_pkcs7_digest 1 2 840 113549 1 7 5 */ - 26, /* OBJ_pkcs7_encrypted 1 2 840 113549 1 7 6 */ - 48, /* OBJ_pkcs9_emailAddress 1 2 840 113549 1 9 1 */ - 49, /* OBJ_pkcs9_unstructuredName 1 2 840 113549 1 9 2 */ - 50, /* OBJ_pkcs9_contentType 1 2 840 113549 1 9 3 */ - 51, /* OBJ_pkcs9_messageDigest 1 2 840 113549 1 9 4 */ - 52, /* OBJ_pkcs9_signingTime 1 2 840 113549 1 9 5 */ - 53, /* OBJ_pkcs9_countersignature 1 2 840 113549 1 9 6 */ - 54, /* OBJ_pkcs9_challengePassword 1 2 840 113549 1 9 7 */ - 55, /* OBJ_pkcs9_unstructuredAddress 1 2 840 113549 1 9 8 */ - 56, /* OBJ_pkcs9_extCertAttributes 1 2 840 113549 1 9 9 */ - 172, /* OBJ_ext_req 1 2 840 113549 1 9 14 */ - 167, /* OBJ_SMIMECapabilities 1 2 840 113549 1 9 15 */ - 188, /* OBJ_SMIME 1 2 840 113549 1 9 16 */ - 156, /* OBJ_friendlyName 1 2 840 113549 1 9 20 */ - 157, /* OBJ_localKeyID 1 2 840 113549 1 9 21 */ - 681, /* OBJ_X9_62_onBasis 1 2 840 10045 1 2 3 1 */ - 682, /* OBJ_X9_62_tpBasis 1 2 840 10045 1 2 3 2 */ - 683, /* OBJ_X9_62_ppBasis 1 2 840 10045 1 2 3 3 */ - 417, /* OBJ_ms_csp_name 1 3 6 1 4 1 311 17 1 */ - 856, /* OBJ_LocalKeySet 1 3 6 1 4 1 311 17 2 */ - 390, /* OBJ_dcObject 1 3 6 1 4 1 1466 344 */ - 91, /* OBJ_bf_cbc 1 3 6 1 4 1 3029 1 2 */ - 973, /* OBJ_id_scrypt 1 3 6 1 4 1 11591 4 11 */ - 315, /* OBJ_id_regCtrl_regToken 1 3 6 1 5 5 7 5 1 1 */ - 316, /* OBJ_id_regCtrl_authenticator 1 3 6 1 5 5 7 5 1 2 */ - 317, /* OBJ_id_regCtrl_pkiPublicationInfo 1 3 6 1 5 5 7 5 1 3 */ - 318, /* OBJ_id_regCtrl_pkiArchiveOptions 1 3 6 1 5 5 7 5 1 4 */ - 319, /* OBJ_id_regCtrl_oldCertID 1 3 6 1 5 5 7 5 1 5 */ - 320, /* OBJ_id_regCtrl_protocolEncrKey 1 3 6 1 5 5 7 5 1 6 */ - 321, /* OBJ_id_regInfo_utf8Pairs 1 3 6 1 5 5 7 5 2 1 */ - 322, /* OBJ_id_regInfo_certReq 1 3 6 1 5 5 7 5 2 2 */ - 365, /* OBJ_id_pkix_OCSP_basic 1 3 6 1 5 5 7 48 1 1 */ - 366, /* OBJ_id_pkix_OCSP_Nonce 1 3 6 1 5 5 7 48 1 2 */ - 367, /* OBJ_id_pkix_OCSP_CrlID 1 3 6 1 5 5 7 48 1 3 */ - 368, /* OBJ_id_pkix_OCSP_acceptableResponses 1 3 6 1 5 5 7 48 1 4 */ - 369, /* OBJ_id_pkix_OCSP_noCheck 1 3 6 1 5 5 7 48 1 5 */ - 370, /* OBJ_id_pkix_OCSP_archiveCutoff 1 3 6 1 5 5 7 48 1 6 */ - 371, /* OBJ_id_pkix_OCSP_serviceLocator 1 3 6 1 5 5 7 48 1 7 */ - 372, /* OBJ_id_pkix_OCSP_extendedStatus 1 3 6 1 5 5 7 48 1 8 */ - 373, /* OBJ_id_pkix_OCSP_valid 1 3 6 1 5 5 7 48 1 9 */ - 374, /* OBJ_id_pkix_OCSP_path 1 3 6 1 5 5 7 48 1 10 */ - 375, /* OBJ_id_pkix_OCSP_trustRoot 1 3 6 1 5 5 7 48 1 11 */ - 921, /* OBJ_brainpoolP160r1 1 3 36 3 3 2 8 1 1 1 */ - 922, /* OBJ_brainpoolP160t1 1 3 36 3 3 2 8 1 1 2 */ - 923, /* OBJ_brainpoolP192r1 1 3 36 3 3 2 8 1 1 3 */ - 924, /* OBJ_brainpoolP192t1 1 3 36 3 3 2 8 1 1 4 */ - 925, /* OBJ_brainpoolP224r1 1 3 36 3 3 2 8 1 1 5 */ - 926, /* OBJ_brainpoolP224t1 1 3 36 3 3 2 8 1 1 6 */ - 927, /* OBJ_brainpoolP256r1 1 3 36 3 3 2 8 1 1 7 */ - 928, /* OBJ_brainpoolP256t1 1 3 36 3 3 2 8 1 1 8 */ - 929, /* OBJ_brainpoolP320r1 1 3 36 3 3 2 8 1 1 9 */ - 930, /* OBJ_brainpoolP320t1 1 3 36 3 3 2 8 1 1 10 */ - 931, /* OBJ_brainpoolP384r1 1 3 36 3 3 2 8 1 1 11 */ - 932, /* OBJ_brainpoolP384t1 1 3 36 3 3 2 8 1 1 12 */ - 933, /* OBJ_brainpoolP512r1 1 3 36 3 3 2 8 1 1 13 */ - 934, /* OBJ_brainpoolP512t1 1 3 36 3 3 2 8 1 1 14 */ - 936, /* OBJ_dhSinglePass_stdDH_sha1kdf_scheme 1 3 133 16 840 63 0 2 */ - 941, /* OBJ_dhSinglePass_cofactorDH_sha1kdf_scheme 1 3 133 16 840 63 0 3 */ - 418, /* OBJ_aes_128_ecb 2 16 840 1 101 3 4 1 1 */ - 419, /* OBJ_aes_128_cbc 2 16 840 1 101 3 4 1 2 */ - 420, /* OBJ_aes_128_ofb128 2 16 840 1 101 3 4 1 3 */ - 421, /* OBJ_aes_128_cfb128 2 16 840 1 101 3 4 1 4 */ - 788, /* OBJ_id_aes128_wrap 2 16 840 1 101 3 4 1 5 */ - 895, /* OBJ_aes_128_gcm 2 16 840 1 101 3 4 1 6 */ - 896, /* OBJ_aes_128_ccm 2 16 840 1 101 3 4 1 7 */ - 897, /* OBJ_id_aes128_wrap_pad 2 16 840 1 101 3 4 1 8 */ - 422, /* OBJ_aes_192_ecb 2 16 840 1 101 3 4 1 21 */ - 423, /* OBJ_aes_192_cbc 2 16 840 1 101 3 4 1 22 */ - 424, /* OBJ_aes_192_ofb128 2 16 840 1 101 3 4 1 23 */ - 425, /* OBJ_aes_192_cfb128 2 16 840 1 101 3 4 1 24 */ - 789, /* OBJ_id_aes192_wrap 2 16 840 1 101 3 4 1 25 */ - 898, /* OBJ_aes_192_gcm 2 16 840 1 101 3 4 1 26 */ - 899, /* OBJ_aes_192_ccm 2 16 840 1 101 3 4 1 27 */ - 900, /* OBJ_id_aes192_wrap_pad 2 16 840 1 101 3 4 1 28 */ - 426, /* OBJ_aes_256_ecb 2 16 840 1 101 3 4 1 41 */ - 427, /* OBJ_aes_256_cbc 2 16 840 1 101 3 4 1 42 */ - 428, /* OBJ_aes_256_ofb128 2 16 840 1 101 3 4 1 43 */ - 429, /* OBJ_aes_256_cfb128 2 16 840 1 101 3 4 1 44 */ - 790, /* OBJ_id_aes256_wrap 2 16 840 1 101 3 4 1 45 */ - 901, /* OBJ_aes_256_gcm 2 16 840 1 101 3 4 1 46 */ - 902, /* OBJ_aes_256_ccm 2 16 840 1 101 3 4 1 47 */ - 903, /* OBJ_id_aes256_wrap_pad 2 16 840 1 101 3 4 1 48 */ - 672, /* OBJ_sha256 2 16 840 1 101 3 4 2 1 */ - 673, /* OBJ_sha384 2 16 840 1 101 3 4 2 2 */ - 674, /* OBJ_sha512 2 16 840 1 101 3 4 2 3 */ - 675, /* OBJ_sha224 2 16 840 1 101 3 4 2 4 */ - 1094, /* OBJ_sha512_224 2 16 840 1 101 3 4 2 5 */ - 1095, /* OBJ_sha512_256 2 16 840 1 101 3 4 2 6 */ - 1096, /* OBJ_sha3_224 2 16 840 1 101 3 4 2 7 */ - 1097, /* OBJ_sha3_256 2 16 840 1 101 3 4 2 8 */ - 1098, /* OBJ_sha3_384 2 16 840 1 101 3 4 2 9 */ - 1099, /* OBJ_sha3_512 2 16 840 1 101 3 4 2 10 */ - 1100, /* OBJ_shake128 2 16 840 1 101 3 4 2 11 */ - 1101, /* OBJ_shake256 2 16 840 1 101 3 4 2 12 */ - 1102, /* OBJ_hmac_sha3_224 2 16 840 1 101 3 4 2 13 */ - 1103, /* OBJ_hmac_sha3_256 2 16 840 1 101 3 4 2 14 */ - 1104, /* OBJ_hmac_sha3_384 2 16 840 1 101 3 4 2 15 */ - 1105, /* OBJ_hmac_sha3_512 2 16 840 1 101 3 4 2 16 */ - 1196, /* OBJ_kmac128 2 16 840 1 101 3 4 2 19 */ - 1197, /* OBJ_kmac256 2 16 840 1 101 3 4 2 20 */ - 802, /* OBJ_dsa_with_SHA224 2 16 840 1 101 3 4 3 1 */ - 803, /* OBJ_dsa_with_SHA256 2 16 840 1 101 3 4 3 2 */ - 1106, /* OBJ_dsa_with_SHA384 2 16 840 1 101 3 4 3 3 */ - 1107, /* OBJ_dsa_with_SHA512 2 16 840 1 101 3 4 3 4 */ - 1108, /* OBJ_dsa_with_SHA3_224 2 16 840 1 101 3 4 3 5 */ - 1109, /* OBJ_dsa_with_SHA3_256 2 16 840 1 101 3 4 3 6 */ - 1110, /* OBJ_dsa_with_SHA3_384 2 16 840 1 101 3 4 3 7 */ - 1111, /* OBJ_dsa_with_SHA3_512 2 16 840 1 101 3 4 3 8 */ - 1112, /* OBJ_ecdsa_with_SHA3_224 2 16 840 1 101 3 4 3 9 */ - 1113, /* OBJ_ecdsa_with_SHA3_256 2 16 840 1 101 3 4 3 10 */ - 1114, /* OBJ_ecdsa_with_SHA3_384 2 16 840 1 101 3 4 3 11 */ - 1115, /* OBJ_ecdsa_with_SHA3_512 2 16 840 1 101 3 4 3 12 */ - 1116, /* OBJ_RSA_SHA3_224 2 16 840 1 101 3 4 3 13 */ - 1117, /* OBJ_RSA_SHA3_256 2 16 840 1 101 3 4 3 14 */ - 1118, /* OBJ_RSA_SHA3_384 2 16 840 1 101 3 4 3 15 */ - 1119, /* OBJ_RSA_SHA3_512 2 16 840 1 101 3 4 3 16 */ - 71, /* OBJ_netscape_cert_type 2 16 840 1 113730 1 1 */ - 72, /* OBJ_netscape_base_url 2 16 840 1 113730 1 2 */ - 73, /* OBJ_netscape_revocation_url 2 16 840 1 113730 1 3 */ - 74, /* OBJ_netscape_ca_revocation_url 2 16 840 1 113730 1 4 */ - 75, /* OBJ_netscape_renewal_url 2 16 840 1 113730 1 7 */ - 76, /* OBJ_netscape_ca_policy_url 2 16 840 1 113730 1 8 */ - 77, /* OBJ_netscape_ssl_server_name 2 16 840 1 113730 1 12 */ - 78, /* OBJ_netscape_comment 2 16 840 1 113730 1 13 */ - 79, /* OBJ_netscape_cert_sequence 2 16 840 1 113730 2 5 */ - 139, /* OBJ_ns_sgc 2 16 840 1 113730 4 1 */ - 458, /* OBJ_userId 0 9 2342 19200300 100 1 1 */ - 459, /* OBJ_textEncodedORAddress 0 9 2342 19200300 100 1 2 */ - 460, /* OBJ_rfc822Mailbox 0 9 2342 19200300 100 1 3 */ - 461, /* OBJ_info 0 9 2342 19200300 100 1 4 */ - 462, /* OBJ_favouriteDrink 0 9 2342 19200300 100 1 5 */ - 463, /* OBJ_roomNumber 0 9 2342 19200300 100 1 6 */ - 464, /* OBJ_photo 0 9 2342 19200300 100 1 7 */ - 465, /* OBJ_userClass 0 9 2342 19200300 100 1 8 */ - 466, /* OBJ_host 0 9 2342 19200300 100 1 9 */ - 467, /* OBJ_manager 0 9 2342 19200300 100 1 10 */ - 468, /* OBJ_documentIdentifier 0 9 2342 19200300 100 1 11 */ - 469, /* OBJ_documentTitle 0 9 2342 19200300 100 1 12 */ - 470, /* OBJ_documentVersion 0 9 2342 19200300 100 1 13 */ - 471, /* OBJ_documentAuthor 0 9 2342 19200300 100 1 14 */ - 472, /* OBJ_documentLocation 0 9 2342 19200300 100 1 15 */ - 473, /* OBJ_homeTelephoneNumber 0 9 2342 19200300 100 1 20 */ - 474, /* OBJ_secretary 0 9 2342 19200300 100 1 21 */ - 475, /* OBJ_otherMailbox 0 9 2342 19200300 100 1 22 */ - 476, /* OBJ_lastModifiedTime 0 9 2342 19200300 100 1 23 */ - 477, /* OBJ_lastModifiedBy 0 9 2342 19200300 100 1 24 */ - 391, /* OBJ_domainComponent 0 9 2342 19200300 100 1 25 */ - 478, /* OBJ_aRecord 0 9 2342 19200300 100 1 26 */ - 479, /* OBJ_pilotAttributeType27 0 9 2342 19200300 100 1 27 */ - 480, /* OBJ_mXRecord 0 9 2342 19200300 100 1 28 */ - 481, /* OBJ_nSRecord 0 9 2342 19200300 100 1 29 */ - 482, /* OBJ_sOARecord 0 9 2342 19200300 100 1 30 */ - 483, /* OBJ_cNAMERecord 0 9 2342 19200300 100 1 31 */ - 484, /* OBJ_associatedDomain 0 9 2342 19200300 100 1 37 */ - 485, /* OBJ_associatedName 0 9 2342 19200300 100 1 38 */ - 486, /* OBJ_homePostalAddress 0 9 2342 19200300 100 1 39 */ - 487, /* OBJ_personalTitle 0 9 2342 19200300 100 1 40 */ - 488, /* OBJ_mobileTelephoneNumber 0 9 2342 19200300 100 1 41 */ - 489, /* OBJ_pagerTelephoneNumber 0 9 2342 19200300 100 1 42 */ - 490, /* OBJ_friendlyCountryName 0 9 2342 19200300 100 1 43 */ - 102, /* OBJ_uniqueIdentifier 0 9 2342 19200300 100 1 44 */ - 491, /* OBJ_organizationalStatus 0 9 2342 19200300 100 1 45 */ - 492, /* OBJ_janetMailbox 0 9 2342 19200300 100 1 46 */ - 493, /* OBJ_mailPreferenceOption 0 9 2342 19200300 100 1 47 */ - 494, /* OBJ_buildingName 0 9 2342 19200300 100 1 48 */ - 495, /* OBJ_dSAQuality 0 9 2342 19200300 100 1 49 */ - 496, /* OBJ_singleLevelQuality 0 9 2342 19200300 100 1 50 */ - 497, /* OBJ_subtreeMinimumQuality 0 9 2342 19200300 100 1 51 */ - 498, /* OBJ_subtreeMaximumQuality 0 9 2342 19200300 100 1 52 */ - 499, /* OBJ_personalSignature 0 9 2342 19200300 100 1 53 */ - 500, /* OBJ_dITRedirect 0 9 2342 19200300 100 1 54 */ - 501, /* OBJ_audio 0 9 2342 19200300 100 1 55 */ - 502, /* OBJ_documentPublisher 0 9 2342 19200300 100 1 56 */ - 442, /* OBJ_iA5StringSyntax 0 9 2342 19200300 100 3 4 */ - 443, /* OBJ_caseIgnoreIA5StringSyntax 0 9 2342 19200300 100 3 5 */ - 444, /* OBJ_pilotObject 0 9 2342 19200300 100 4 3 */ - 445, /* OBJ_pilotPerson 0 9 2342 19200300 100 4 4 */ - 446, /* OBJ_account 0 9 2342 19200300 100 4 5 */ - 447, /* OBJ_document 0 9 2342 19200300 100 4 6 */ - 448, /* OBJ_room 0 9 2342 19200300 100 4 7 */ - 449, /* OBJ_documentSeries 0 9 2342 19200300 100 4 9 */ - 392, /* OBJ_Domain 0 9 2342 19200300 100 4 13 */ - 450, /* OBJ_rFC822localPart 0 9 2342 19200300 100 4 14 */ - 451, /* OBJ_dNSDomain 0 9 2342 19200300 100 4 15 */ - 452, /* OBJ_domainRelatedObject 0 9 2342 19200300 100 4 17 */ - 453, /* OBJ_friendlyCountry 0 9 2342 19200300 100 4 18 */ - 454, /* OBJ_simpleSecurityObject 0 9 2342 19200300 100 4 19 */ - 455, /* OBJ_pilotOrganization 0 9 2342 19200300 100 4 20 */ - 456, /* OBJ_pilotDSA 0 9 2342 19200300 100 4 21 */ - 457, /* OBJ_qualityLabelledData 0 9 2342 19200300 100 4 22 */ - 1152, /* OBJ_dstu28147 1 2 804 2 1 1 1 1 1 1 */ - 1156, /* OBJ_hmacWithDstu34311 1 2 804 2 1 1 1 1 1 2 */ - 1157, /* OBJ_dstu34311 1 2 804 2 1 1 1 1 2 1 */ - 189, /* OBJ_id_smime_mod 1 2 840 113549 1 9 16 0 */ - 190, /* OBJ_id_smime_ct 1 2 840 113549 1 9 16 1 */ - 191, /* OBJ_id_smime_aa 1 2 840 113549 1 9 16 2 */ - 192, /* OBJ_id_smime_alg 1 2 840 113549 1 9 16 3 */ - 193, /* OBJ_id_smime_cd 1 2 840 113549 1 9 16 4 */ - 194, /* OBJ_id_smime_spq 1 2 840 113549 1 9 16 5 */ - 195, /* OBJ_id_smime_cti 1 2 840 113549 1 9 16 6 */ - 158, /* OBJ_x509Certificate 1 2 840 113549 1 9 22 1 */ - 159, /* OBJ_sdsiCertificate 1 2 840 113549 1 9 22 2 */ - 160, /* OBJ_x509Crl 1 2 840 113549 1 9 23 1 */ - 144, /* OBJ_pbe_WithSHA1And128BitRC4 1 2 840 113549 1 12 1 1 */ - 145, /* OBJ_pbe_WithSHA1And40BitRC4 1 2 840 113549 1 12 1 2 */ - 146, /* OBJ_pbe_WithSHA1And3_Key_TripleDES_CBC 1 2 840 113549 1 12 1 3 */ - 147, /* OBJ_pbe_WithSHA1And2_Key_TripleDES_CBC 1 2 840 113549 1 12 1 4 */ - 148, /* OBJ_pbe_WithSHA1And128BitRC2_CBC 1 2 840 113549 1 12 1 5 */ - 149, /* OBJ_pbe_WithSHA1And40BitRC2_CBC 1 2 840 113549 1 12 1 6 */ - 171, /* OBJ_ms_ext_req 1 3 6 1 4 1 311 2 1 14 */ - 134, /* OBJ_ms_code_ind 1 3 6 1 4 1 311 2 1 21 */ - 135, /* OBJ_ms_code_com 1 3 6 1 4 1 311 2 1 22 */ - 136, /* OBJ_ms_ctl_sign 1 3 6 1 4 1 311 10 3 1 */ - 137, /* OBJ_ms_sgc 1 3 6 1 4 1 311 10 3 3 */ - 138, /* OBJ_ms_efs 1 3 6 1 4 1 311 10 3 4 */ - 648, /* OBJ_ms_smartcard_login 1 3 6 1 4 1 311 20 2 2 */ - 649, /* OBJ_ms_upn 1 3 6 1 4 1 311 20 2 3 */ - 1201, /* OBJ_blake2bmac 1 3 6 1 4 1 1722 12 2 1 */ - 1202, /* OBJ_blake2smac 1 3 6 1 4 1 1722 12 2 2 */ - 951, /* OBJ_ct_precert_scts 1 3 6 1 4 1 11129 2 4 2 */ - 952, /* OBJ_ct_precert_poison 1 3 6 1 4 1 11129 2 4 3 */ - 953, /* OBJ_ct_precert_signer 1 3 6 1 4 1 11129 2 4 4 */ - 954, /* OBJ_ct_cert_scts 1 3 6 1 4 1 11129 2 4 5 */ - 751, /* OBJ_camellia_128_cbc 1 2 392 200011 61 1 1 1 2 */ - 752, /* OBJ_camellia_192_cbc 1 2 392 200011 61 1 1 1 3 */ - 753, /* OBJ_camellia_256_cbc 1 2 392 200011 61 1 1 1 4 */ - 907, /* OBJ_id_camellia128_wrap 1 2 392 200011 61 1 1 3 2 */ - 908, /* OBJ_id_camellia192_wrap 1 2 392 200011 61 1 1 3 3 */ - 909, /* OBJ_id_camellia256_wrap 1 2 392 200011 61 1 1 3 4 */ - 1153, /* OBJ_dstu28147_ofb 1 2 804 2 1 1 1 1 1 1 2 */ - 1154, /* OBJ_dstu28147_cfb 1 2 804 2 1 1 1 1 1 1 3 */ - 1155, /* OBJ_dstu28147_wrap 1 2 804 2 1 1 1 1 1 1 5 */ - 1158, /* OBJ_dstu4145le 1 2 804 2 1 1 1 1 3 1 1 */ - 196, /* OBJ_id_smime_mod_cms 1 2 840 113549 1 9 16 0 1 */ - 197, /* OBJ_id_smime_mod_ess 1 2 840 113549 1 9 16 0 2 */ - 198, /* OBJ_id_smime_mod_oid 1 2 840 113549 1 9 16 0 3 */ - 199, /* OBJ_id_smime_mod_msg_v3 1 2 840 113549 1 9 16 0 4 */ - 200, /* OBJ_id_smime_mod_ets_eSignature_88 1 2 840 113549 1 9 16 0 5 */ - 201, /* OBJ_id_smime_mod_ets_eSignature_97 1 2 840 113549 1 9 16 0 6 */ - 202, /* OBJ_id_smime_mod_ets_eSigPolicy_88 1 2 840 113549 1 9 16 0 7 */ - 203, /* OBJ_id_smime_mod_ets_eSigPolicy_97 1 2 840 113549 1 9 16 0 8 */ - 204, /* OBJ_id_smime_ct_receipt 1 2 840 113549 1 9 16 1 1 */ - 205, /* OBJ_id_smime_ct_authData 1 2 840 113549 1 9 16 1 2 */ - 206, /* OBJ_id_smime_ct_publishCert 1 2 840 113549 1 9 16 1 3 */ - 207, /* OBJ_id_smime_ct_TSTInfo 1 2 840 113549 1 9 16 1 4 */ - 208, /* OBJ_id_smime_ct_TDTInfo 1 2 840 113549 1 9 16 1 5 */ - 209, /* OBJ_id_smime_ct_contentInfo 1 2 840 113549 1 9 16 1 6 */ - 210, /* OBJ_id_smime_ct_DVCSRequestData 1 2 840 113549 1 9 16 1 7 */ - 211, /* OBJ_id_smime_ct_DVCSResponseData 1 2 840 113549 1 9 16 1 8 */ - 786, /* OBJ_id_smime_ct_compressedData 1 2 840 113549 1 9 16 1 9 */ - 1058, /* OBJ_id_smime_ct_contentCollection 1 2 840 113549 1 9 16 1 19 */ - 1059, /* OBJ_id_smime_ct_authEnvelopedData 1 2 840 113549 1 9 16 1 23 */ - 1234, /* OBJ_id_ct_routeOriginAuthz 1 2 840 113549 1 9 16 1 24 */ - 1235, /* OBJ_id_ct_rpkiManifest 1 2 840 113549 1 9 16 1 26 */ - 787, /* OBJ_id_ct_asciiTextWithCRLF 1 2 840 113549 1 9 16 1 27 */ - 1060, /* OBJ_id_ct_xml 1 2 840 113549 1 9 16 1 28 */ - 1236, /* OBJ_id_ct_rpkiGhostbusters 1 2 840 113549 1 9 16 1 35 */ - 1237, /* OBJ_id_ct_resourceTaggedAttest 1 2 840 113549 1 9 16 1 36 */ - 1246, /* OBJ_id_ct_geofeedCSVwithCRLF 1 2 840 113549 1 9 16 1 47 */ - 1247, /* OBJ_id_ct_signedChecklist 1 2 840 113549 1 9 16 1 48 */ - 212, /* OBJ_id_smime_aa_receiptRequest 1 2 840 113549 1 9 16 2 1 */ - 213, /* OBJ_id_smime_aa_securityLabel 1 2 840 113549 1 9 16 2 2 */ - 214, /* OBJ_id_smime_aa_mlExpandHistory 1 2 840 113549 1 9 16 2 3 */ - 215, /* OBJ_id_smime_aa_contentHint 1 2 840 113549 1 9 16 2 4 */ - 216, /* OBJ_id_smime_aa_msgSigDigest 1 2 840 113549 1 9 16 2 5 */ - 217, /* OBJ_id_smime_aa_encapContentType 1 2 840 113549 1 9 16 2 6 */ - 218, /* OBJ_id_smime_aa_contentIdentifier 1 2 840 113549 1 9 16 2 7 */ - 219, /* OBJ_id_smime_aa_macValue 1 2 840 113549 1 9 16 2 8 */ - 220, /* OBJ_id_smime_aa_equivalentLabels 1 2 840 113549 1 9 16 2 9 */ - 221, /* OBJ_id_smime_aa_contentReference 1 2 840 113549 1 9 16 2 10 */ - 222, /* OBJ_id_smime_aa_encrypKeyPref 1 2 840 113549 1 9 16 2 11 */ - 223, /* OBJ_id_smime_aa_signingCertificate 1 2 840 113549 1 9 16 2 12 */ - 224, /* OBJ_id_smime_aa_smimeEncryptCerts 1 2 840 113549 1 9 16 2 13 */ - 225, /* OBJ_id_smime_aa_timeStampToken 1 2 840 113549 1 9 16 2 14 */ - 226, /* OBJ_id_smime_aa_ets_sigPolicyId 1 2 840 113549 1 9 16 2 15 */ - 227, /* OBJ_id_smime_aa_ets_commitmentType 1 2 840 113549 1 9 16 2 16 */ - 228, /* OBJ_id_smime_aa_ets_signerLocation 1 2 840 113549 1 9 16 2 17 */ - 229, /* OBJ_id_smime_aa_ets_signerAttr 1 2 840 113549 1 9 16 2 18 */ - 230, /* OBJ_id_smime_aa_ets_otherSigCert 1 2 840 113549 1 9 16 2 19 */ - 231, /* OBJ_id_smime_aa_ets_contentTimestamp 1 2 840 113549 1 9 16 2 20 */ - 232, /* OBJ_id_smime_aa_ets_CertificateRefs 1 2 840 113549 1 9 16 2 21 */ - 233, /* OBJ_id_smime_aa_ets_RevocationRefs 1 2 840 113549 1 9 16 2 22 */ - 234, /* OBJ_id_smime_aa_ets_certValues 1 2 840 113549 1 9 16 2 23 */ - 235, /* OBJ_id_smime_aa_ets_revocationValues 1 2 840 113549 1 9 16 2 24 */ - 236, /* OBJ_id_smime_aa_ets_escTimeStamp 1 2 840 113549 1 9 16 2 25 */ - 237, /* OBJ_id_smime_aa_ets_certCRLTimestamp 1 2 840 113549 1 9 16 2 26 */ - 238, /* OBJ_id_smime_aa_ets_archiveTimeStamp 1 2 840 113549 1 9 16 2 27 */ - 239, /* OBJ_id_smime_aa_signatureType 1 2 840 113549 1 9 16 2 28 */ - 240, /* OBJ_id_smime_aa_dvcs_dvc 1 2 840 113549 1 9 16 2 29 */ - 1086, /* OBJ_id_smime_aa_signingCertificateV2 1 2 840 113549 1 9 16 2 47 */ - 241, /* OBJ_id_smime_alg_ESDHwith3DES 1 2 840 113549 1 9 16 3 1 */ - 242, /* OBJ_id_smime_alg_ESDHwithRC2 1 2 840 113549 1 9 16 3 2 */ - 243, /* OBJ_id_smime_alg_3DESwrap 1 2 840 113549 1 9 16 3 3 */ - 244, /* OBJ_id_smime_alg_RC2wrap 1 2 840 113549 1 9 16 3 4 */ - 245, /* OBJ_id_smime_alg_ESDH 1 2 840 113549 1 9 16 3 5 */ - 246, /* OBJ_id_smime_alg_CMS3DESwrap 1 2 840 113549 1 9 16 3 6 */ - 247, /* OBJ_id_smime_alg_CMSRC2wrap 1 2 840 113549 1 9 16 3 7 */ - 125, /* OBJ_zlib_compression 1 2 840 113549 1 9 16 3 8 */ - 893, /* OBJ_id_alg_PWRI_KEK 1 2 840 113549 1 9 16 3 9 */ - 248, /* OBJ_id_smime_cd_ldap 1 2 840 113549 1 9 16 4 1 */ - 249, /* OBJ_id_smime_spq_ets_sqt_uri 1 2 840 113549 1 9 16 5 1 */ - 250, /* OBJ_id_smime_spq_ets_sqt_unotice 1 2 840 113549 1 9 16 5 2 */ - 251, /* OBJ_id_smime_cti_ets_proofOfOrigin 1 2 840 113549 1 9 16 6 1 */ - 252, /* OBJ_id_smime_cti_ets_proofOfReceipt 1 2 840 113549 1 9 16 6 2 */ - 253, /* OBJ_id_smime_cti_ets_proofOfDelivery 1 2 840 113549 1 9 16 6 3 */ - 254, /* OBJ_id_smime_cti_ets_proofOfSender 1 2 840 113549 1 9 16 6 4 */ - 255, /* OBJ_id_smime_cti_ets_proofOfApproval 1 2 840 113549 1 9 16 6 5 */ - 256, /* OBJ_id_smime_cti_ets_proofOfCreation 1 2 840 113549 1 9 16 6 6 */ - 150, /* OBJ_keyBag 1 2 840 113549 1 12 10 1 1 */ - 151, /* OBJ_pkcs8ShroudedKeyBag 1 2 840 113549 1 12 10 1 2 */ - 152, /* OBJ_certBag 1 2 840 113549 1 12 10 1 3 */ - 153, /* OBJ_crlBag 1 2 840 113549 1 12 10 1 4 */ - 154, /* OBJ_secretBag 1 2 840 113549 1 12 10 1 5 */ - 155, /* OBJ_safeContentsBag 1 2 840 113549 1 12 10 1 6 */ - 34, /* OBJ_idea_cbc 1 3 6 1 4 1 188 7 1 1 2 */ - 955, /* OBJ_jurisdictionLocalityName 1 3 6 1 4 1 311 60 2 1 1 */ - 956, /* OBJ_jurisdictionStateOrProvinceName 1 3 6 1 4 1 311 60 2 1 2 */ - 957, /* OBJ_jurisdictionCountryName 1 3 6 1 4 1 311 60 2 1 3 */ - 1056, /* OBJ_blake2b512 1 3 6 1 4 1 1722 12 2 1 16 */ - 1057, /* OBJ_blake2s256 1 3 6 1 4 1 1722 12 2 2 8 */ - 1159, /* OBJ_dstu4145be 1 2 804 2 1 1 1 1 3 1 1 1 1 */ - 1160, /* OBJ_uacurve0 1 2 804 2 1 1 1 1 3 1 1 2 0 */ - 1161, /* OBJ_uacurve1 1 2 804 2 1 1 1 1 3 1 1 2 1 */ - 1162, /* OBJ_uacurve2 1 2 804 2 1 1 1 1 3 1 1 2 2 */ - 1163, /* OBJ_uacurve3 1 2 804 2 1 1 1 1 3 1 1 2 3 */ - 1164, /* OBJ_uacurve4 1 2 804 2 1 1 1 1 3 1 1 2 4 */ - 1165, /* OBJ_uacurve5 1 2 804 2 1 1 1 1 3 1 1 2 5 */ - 1166, /* OBJ_uacurve6 1 2 804 2 1 1 1 1 3 1 1 2 6 */ - 1167, /* OBJ_uacurve7 1 2 804 2 1 1 1 1 3 1 1 2 7 */ - 1168, /* OBJ_uacurve8 1 2 804 2 1 1 1 1 3 1 1 2 8 */ - 1169, /* OBJ_uacurve9 1 2 804 2 1 1 1 1 3 1 1 2 9 */ -}; diff --git a/crypto/objects/obj_dat.pl b/crypto/objects/obj_dat.pl deleted file mode 100644 index 60a5e5a6833e34375cb8c96e05bf4ccd4d079afb..0000000000000000000000000000000000000000 --- a/crypto/objects/obj_dat.pl +++ /dev/null @@ -1,229 +0,0 @@ -#! /usr/bin/env perl -# Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - -use integer; -use strict; -use warnings; -use FindBin; -use lib "$FindBin::Bin/../../util/perl"; -use OpenSSL::copyright; - -# Generate the DER encoding for the given OID. -sub der_it -{ - # Prologue - my ($v) = @_; - my @a = split(/\s+/, $v); - my $ret = pack("C*", $a[0] * 40 + $a[1]); - shift @a; - shift @a; - - # Loop over rest of bytes; or in 0x80 for multi-byte numbers. - my $t; - foreach (@a) { - my @r = (); - $t = 0; - while ($_ >= 128) { - my $x = $_ % 128; - $_ /= 128; - push(@r, ($t++ ? 0x80 : 0) | $x); - } - push(@r, ($t++ ? 0x80 : 0) | $_); - $ret .= pack("C*", reverse(@r)); - } - return $ret; -} - -# The year the output file is generated. -my $YEAR = OpenSSL::copyright::latest(($0, $ARGV[0])); - -# Read input, parse all #define's into OID name and value. -# Populate %ln and %sn with long and short names (%dupln and %dupsn) -# are used to watch for duplicates. Also %nid and %obj get the -# NID and OBJ entries. -my %ln; -my %sn; -my %dupln; -my %dupsn; -my %nid; -my %obj; -my %objd; -open(IN, "$ARGV[0]") || die "Can't open input file $ARGV[0], $!"; -while () { - next unless /^\#define\s+(\S+)\s+(.*)$/; - my $v = $1; - my $d = $2; - $d =~ s/^\"//; - $d =~ s/\"$//; - if ($v =~ /^SN_(.*)$/) { - if (defined $dupsn{$d}) { - print "WARNING: Duplicate short name \"$d\"\n"; - } else { - $dupsn{$d} = 1; - } - $sn{$1} = $d; - } - elsif ($v =~ /^LN_(.*)$/) { - if (defined $dupln{$d}) { - print "WARNING: Duplicate long name \"$d\"\n"; - } else { - $dupln{$d} = 1; - } - $ln{$1} = $d; - } - elsif ($v =~ /^NID_(.*)$/) { - $nid{$d} = $1; - } - elsif ($v =~ /^OBJ_(.*)$/) { - $obj{$1} = $v; - $objd{$v} = $d; - } -} -close IN; - -# For every value in %obj, recursively expand OBJ_xxx values. That is: -# #define OBJ_iso 1L -# #define OBJ_identified_organization OBJ_iso,3L -# Modify %objd values in-place. Create an %objn array that has -my $changed; -do { - $changed = 0; - foreach my $k (keys %objd) { - $changed = 1 if $objd{$k} =~ s/(OBJ_[^,]+),/$objd{$1},/; - } -} while ($changed); - -my @a = sort { $a <=> $b } keys %nid; -my $n = $a[$#a] + 1; -my @lvalues = (); -my $lvalues = 0; - -# Scan all defined objects, building up the @out array. -# %obj_der holds the DER encoding as an array of bytes, and %obj_len -# holds the length in bytes. -my @out; -my %obj_der; -my %obj_len; -for (my $i = 0; $i < $n; $i++) { - if (!defined $nid{$i}) { - push(@out, " { NULL, NULL, NID_undef },\n"); - next; - } - - my $sn = defined $sn{$nid{$i}} ? "$sn{$nid{$i}}" : "NULL"; - my $ln = defined $ln{$nid{$i}} ? "$ln{$nid{$i}}" : "NULL"; - if ($sn eq "NULL") { - $sn = $ln; - $sn{$nid{$i}} = $ln; - } - if ($ln eq "NULL") { - $ln = $sn; - $ln{$nid{$i}} = $sn; - } - - my $out = " {\"$sn\", \"$ln\", NID_$nid{$i}"; - if (defined $obj{$nid{$i}} && $objd{$obj{$nid{$i}}} =~ /,/) { - my $v = $objd{$obj{$nid{$i}}}; - $v =~ s/L//g; - $v =~ s/,/ /g; - my $r = &der_it($v); - my $z = ""; - my $length = 0; - # Format using fixed-with because we use strcmp later. - foreach (unpack("C*",$r)) { - $z .= sprintf("0x%02X,", $_); - $length++; - } - $obj_der{$obj{$nid{$i}}} = $z; - $obj_len{$obj{$nid{$i}}} = $length; - - push(@lvalues, - sprintf(" %-45s /* [%5d] %s */\n", - $z, $lvalues, $obj{$nid{$i}})); - $out .= ", $length, &so[$lvalues]"; - $lvalues += $length; - } - $out .= "},\n"; - push(@out, $out); -} - -# Finally ready to generate the output. -print <<"EOF"; -/* - * WARNING: do not edit! - * Generated by crypto/objects/obj_dat.pl - * - * Copyright 1995-$YEAR The OpenSSL Project Authors. All Rights Reserved. - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -EOF - -print "/* Serialized OID's */\n"; -printf "static const unsigned char so[%d] = {\n", $lvalues + 1; -print @lvalues; -print "};\n\n"; - -printf "#define NUM_NID %d\n", $n; -printf "static const ASN1_OBJECT nid_objs[NUM_NID] = {\n"; -print @out; -print "};\n\n"; - -{ - no warnings "uninitialized"; - @a = grep(defined $sn{$nid{$_}}, 0 .. $n); -} -printf "#define NUM_SN %d\n", $#a + 1; -printf "static const unsigned int sn_objs[NUM_SN] = {\n"; -foreach (sort { $sn{$nid{$a}} cmp $sn{$nid{$b}} } @a) { - printf " %4d, /* \"$sn{$nid{$_}}\" */\n", $_; -} -print "};\n\n"; - -{ - no warnings "uninitialized"; - @a = grep(defined $ln{$nid{$_}}, 0 .. $n); -} -printf "#define NUM_LN %d\n", $#a + 1; -printf "static const unsigned int ln_objs[NUM_LN] = {\n"; -foreach (sort { $ln{$nid{$a}} cmp $ln{$nid{$b}} } @a) { - printf " %4d, /* \"$ln{$nid{$_}}\" */\n", $_; -} -print "};\n\n"; - -{ - no warnings "uninitialized"; - @a = grep(defined $obj{$nid{$_}}, 0 .. $n); -} -printf "#define NUM_OBJ %d\n", $#a + 1; -printf "static const unsigned int obj_objs[NUM_OBJ] = {\n"; - -# Compare DER; prefer shorter; if some length, use the "smaller" encoding. -sub obj_cmp -{ - no warnings "uninitialized"; - my $A = $obj_len{$obj{$nid{$a}}}; - my $B = $obj_len{$obj{$nid{$b}}}; - my $r = $A - $B; - return $r if $r != 0; - - $A = $obj_der{$obj{$nid{$a}}}; - $B = $obj_der{$obj{$nid{$b}}}; - return $A cmp $B; -} -foreach (sort obj_cmp @a) { - my $m = $obj{$nid{$_}}; - my $v = $objd{$m}; - $v =~ s/L//g; - $v =~ s/,/ /g; - printf " %4d, /* %-32s %s */\n", $_, $m, $v; -} -print "};\n"; diff --git a/crypto/objects/obj_err.c b/crypto/objects/obj_err.c deleted file mode 100644 index b4c8df09e66b05aa3acd13034a7f210daf1ca9fc..0000000000000000000000000000000000000000 --- a/crypto/objects/obj_err.c +++ /dev/null @@ -1,34 +0,0 @@ -/* - * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include "crypto/objectserr.h" - -#ifndef OPENSSL_NO_ERR - -static const ERR_STRING_DATA OBJ_str_reasons[] = { - {ERR_PACK(ERR_LIB_OBJ, 0, OBJ_R_OID_EXISTS), "oid exists"}, - {ERR_PACK(ERR_LIB_OBJ, 0, OBJ_R_UNKNOWN_NID), "unknown nid"}, - {ERR_PACK(ERR_LIB_OBJ, 0, OBJ_R_UNKNOWN_OBJECT_NAME), - "unknown object name"}, - {0, NULL} -}; - -#endif - -int ossl_err_load_OBJ_strings(void) -{ -#ifndef OPENSSL_NO_ERR - if (ERR_reason_error_string(OBJ_str_reasons[0].error) == NULL) - ERR_load_strings_const(OBJ_str_reasons); -#endif - return 1; -} diff --git a/crypto/objects/obj_lib.c b/crypto/objects/obj_lib.c deleted file mode 100644 index 72c0c2c81dd9b44c78153b2e500fc719d432b06f..0000000000000000000000000000000000000000 --- a/crypto/objects/obj_lib.c +++ /dev/null @@ -1,65 +0,0 @@ -/* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/cryptlib.h" -#include -#include -#include "crypto/asn1.h" - -ASN1_OBJECT *OBJ_dup(const ASN1_OBJECT *o) -{ - ASN1_OBJECT *r; - - if (o == NULL) - return NULL; - /* If object isn't dynamic it's an internal OID which is never freed */ - if (!(o->flags & ASN1_OBJECT_FLAG_DYNAMIC)) - return (ASN1_OBJECT *)o; - - r = ASN1_OBJECT_new(); - if (r == NULL) { - ERR_raise(ERR_LIB_OBJ, ERR_R_ASN1_LIB); - return NULL; - } - - /* Set dynamic flags so everything gets freed up on error */ - - r->flags = o->flags | (ASN1_OBJECT_FLAG_DYNAMIC | - ASN1_OBJECT_FLAG_DYNAMIC_STRINGS | - ASN1_OBJECT_FLAG_DYNAMIC_DATA); - - if (o->length > 0 && (r->data = OPENSSL_memdup(o->data, o->length)) == NULL) - goto err; - - r->length = o->length; - r->nid = o->nid; - - if (o->ln != NULL && (r->ln = OPENSSL_strdup(o->ln)) == NULL) - goto err; - - if (o->sn != NULL && (r->sn = OPENSSL_strdup(o->sn)) == NULL) - goto err; - - return r; - err: - ASN1_OBJECT_free(r); - ERR_raise(ERR_LIB_OBJ, ERR_R_MALLOC_FAILURE); - return NULL; -} - -int OBJ_cmp(const ASN1_OBJECT *a, const ASN1_OBJECT *b) -{ - int ret; - - ret = (a->length - b->length); - if (ret) - return ret; - return memcmp(a->data, b->data, a->length); -} diff --git a/crypto/objects/obj_local.h b/crypto/objects/obj_local.h deleted file mode 100644 index 4436b799fd3b4cb6207d3f9d39eb9325a0977673..0000000000000000000000000000000000000000 --- a/crypto/objects/obj_local.h +++ /dev/null @@ -1,14 +0,0 @@ -/* - * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -typedef struct name_funcs_st NAME_FUNCS; -DEFINE_STACK_OF(NAME_FUNCS) -DEFINE_LHASH_OF(OBJ_NAME); -typedef struct added_obj_st ADDED_OBJ; -DEFINE_LHASH_OF(ADDED_OBJ); diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num deleted file mode 100644 index c626558ad5c10600ba7b18dc09d65acbef036207..0000000000000000000000000000000000000000 --- a/crypto/objects/obj_mac.num +++ /dev/null @@ -1,1247 +0,0 @@ -undef 0 -rsadsi 1 -pkcs 2 -md2 3 -md5 4 -rc4 5 -rsaEncryption 6 -md2WithRSAEncryption 7 -md5WithRSAEncryption 8 -pbeWithMD2AndDES_CBC 9 -pbeWithMD5AndDES_CBC 10 -X500 11 -X509 12 -commonName 13 -countryName 14 -localityName 15 -stateOrProvinceName 16 -organizationName 17 -organizationalUnitName 18 -rsa 19 -pkcs7 20 -pkcs7_data 21 -pkcs7_signed 22 -pkcs7_enveloped 23 -pkcs7_signedAndEnveloped 24 -pkcs7_digest 25 -pkcs7_encrypted 26 -pkcs3 27 -dhKeyAgreement 28 -des_ecb 29 -des_cfb64 30 -des_cbc 31 -des_ede_ecb 32 -des_ede3_ecb 33 -idea_cbc 34 -idea_cfb64 35 -idea_ecb 36 -rc2_cbc 37 -rc2_ecb 38 -rc2_cfb64 39 -rc2_ofb64 40 -sha 41 -shaWithRSAEncryption 42 -des_ede_cbc 43 -des_ede3_cbc 44 -des_ofb64 45 -idea_ofb64 46 -pkcs9 47 -pkcs9_emailAddress 48 -pkcs9_unstructuredName 49 -pkcs9_contentType 50 -pkcs9_messageDigest 51 -pkcs9_signingTime 52 -pkcs9_countersignature 53 -pkcs9_challengePassword 54 -pkcs9_unstructuredAddress 55 -pkcs9_extCertAttributes 56 -netscape 57 -netscape_cert_extension 58 -netscape_data_type 59 -des_ede_cfb64 60 -des_ede3_cfb64 61 -des_ede_ofb64 62 -des_ede3_ofb64 63 -sha1 64 -sha1WithRSAEncryption 65 -dsaWithSHA 66 -dsa_2 67 -pbeWithSHA1AndRC2_CBC 68 -id_pbkdf2 69 -dsaWithSHA1_2 70 -netscape_cert_type 71 -netscape_base_url 72 -netscape_revocation_url 73 -netscape_ca_revocation_url 74 -netscape_renewal_url 75 -netscape_ca_policy_url 76 -netscape_ssl_server_name 77 -netscape_comment 78 -netscape_cert_sequence 79 -desx_cbc 80 -id_ce 81 -subject_key_identifier 82 -key_usage 83 -private_key_usage_period 84 -subject_alt_name 85 -issuer_alt_name 86 -basic_constraints 87 -crl_number 88 -certificate_policies 89 -authority_key_identifier 90 -bf_cbc 91 -bf_ecb 92 -bf_cfb64 93 -bf_ofb64 94 -mdc2 95 -mdc2WithRSA 96 -rc4_40 97 -rc2_40_cbc 98 -givenName 99 -surname 100 -initials 101 -uniqueIdentifier 102 -crl_distribution_points 103 -md5WithRSA 104 -serialNumber 105 -title 106 -description 107 -cast5_cbc 108 -cast5_ecb 109 -cast5_cfb64 110 -cast5_ofb64 111 -pbeWithMD5AndCast5_CBC 112 -dsaWithSHA1 113 -md5_sha1 114 -sha1WithRSA 115 -dsa 116 -ripemd160 117 -ripemd160WithRSA 119 -rc5_cbc 120 -rc5_ecb 121 -rc5_cfb64 122 -rc5_ofb64 123 -rle_compression 124 -zlib_compression 125 -ext_key_usage 126 -id_pkix 127 -id_kp 128 -server_auth 129 -client_auth 130 -code_sign 131 -email_protect 132 -time_stamp 133 -ms_code_ind 134 -ms_code_com 135 -ms_ctl_sign 136 -ms_sgc 137 -ms_efs 138 -ns_sgc 139 -delta_crl 140 -crl_reason 141 -invalidity_date 142 -sxnet 143 -pbe_WithSHA1And128BitRC4 144 -pbe_WithSHA1And40BitRC4 145 -pbe_WithSHA1And3_Key_TripleDES_CBC 146 -pbe_WithSHA1And2_Key_TripleDES_CBC 147 -pbe_WithSHA1And128BitRC2_CBC 148 -pbe_WithSHA1And40BitRC2_CBC 149 -keyBag 150 -pkcs8ShroudedKeyBag 151 -certBag 152 -crlBag 153 -secretBag 154 -safeContentsBag 155 -friendlyName 156 -localKeyID 157 -x509Certificate 158 -sdsiCertificate 159 -x509Crl 160 -pbes2 161 -pbmac1 162 -hmacWithSHA1 163 -id_qt_cps 164 -id_qt_unotice 165 -rc2_64_cbc 166 -SMIMECapabilities 167 -pbeWithMD2AndRC2_CBC 168 -pbeWithMD5AndRC2_CBC 169 -pbeWithSHA1AndDES_CBC 170 -ms_ext_req 171 -ext_req 172 -name 173 -dnQualifier 174 -id_pe 175 -id_ad 176 -info_access 177 -ad_OCSP 178 -ad_ca_issuers 179 -OCSP_sign 180 -iso 181 -member_body 182 -ISO_US 183 -X9_57 184 -X9cm 185 -pkcs1 186 -pkcs5 187 -SMIME 188 -id_smime_mod 189 -id_smime_ct 190 -id_smime_aa 191 -id_smime_alg 192 -id_smime_cd 193 -id_smime_spq 194 -id_smime_cti 195 -id_smime_mod_cms 196 -id_smime_mod_ess 197 -id_smime_mod_oid 198 -id_smime_mod_msg_v3 199 -id_smime_mod_ets_eSignature_88 200 -id_smime_mod_ets_eSignature_97 201 -id_smime_mod_ets_eSigPolicy_88 202 -id_smime_mod_ets_eSigPolicy_97 203 -id_smime_ct_receipt 204 -id_smime_ct_authData 205 -id_smime_ct_publishCert 206 -id_smime_ct_TSTInfo 207 -id_smime_ct_TDTInfo 208 -id_smime_ct_contentInfo 209 -id_smime_ct_DVCSRequestData 210 -id_smime_ct_DVCSResponseData 211 -id_smime_aa_receiptRequest 212 -id_smime_aa_securityLabel 213 -id_smime_aa_mlExpandHistory 214 -id_smime_aa_contentHint 215 -id_smime_aa_msgSigDigest 216 -id_smime_aa_encapContentType 217 -id_smime_aa_contentIdentifier 218 -id_smime_aa_macValue 219 -id_smime_aa_equivalentLabels 220 -id_smime_aa_contentReference 221 -id_smime_aa_encrypKeyPref 222 -id_smime_aa_signingCertificate 223 -id_smime_aa_smimeEncryptCerts 224 -id_smime_aa_timeStampToken 225 -id_smime_aa_ets_sigPolicyId 226 -id_smime_aa_ets_commitmentType 227 -id_smime_aa_ets_signerLocation 228 -id_smime_aa_ets_signerAttr 229 -id_smime_aa_ets_otherSigCert 230 -id_smime_aa_ets_contentTimestamp 231 -id_smime_aa_ets_CertificateRefs 232 -id_smime_aa_ets_RevocationRefs 233 -id_smime_aa_ets_certValues 234 -id_smime_aa_ets_revocationValues 235 -id_smime_aa_ets_escTimeStamp 236 -id_smime_aa_ets_certCRLTimestamp 237 -id_smime_aa_ets_archiveTimeStamp 238 -id_smime_aa_signatureType 239 -id_smime_aa_dvcs_dvc 240 -id_smime_alg_ESDHwith3DES 241 -id_smime_alg_ESDHwithRC2 242 -id_smime_alg_3DESwrap 243 -id_smime_alg_RC2wrap 244 -id_smime_alg_ESDH 245 -id_smime_alg_CMS3DESwrap 246 -id_smime_alg_CMSRC2wrap 247 -id_smime_cd_ldap 248 -id_smime_spq_ets_sqt_uri 249 -id_smime_spq_ets_sqt_unotice 250 -id_smime_cti_ets_proofOfOrigin 251 -id_smime_cti_ets_proofOfReceipt 252 -id_smime_cti_ets_proofOfDelivery 253 -id_smime_cti_ets_proofOfSender 254 -id_smime_cti_ets_proofOfApproval 255 -id_smime_cti_ets_proofOfCreation 256 -md4 257 -id_pkix_mod 258 -id_qt 259 -id_it 260 -id_pkip 261 -id_alg 262 -id_cmc 263 -id_on 264 -id_pda 265 -id_aca 266 -id_qcs 267 -id_cct 268 -id_pkix1_explicit_88 269 -id_pkix1_implicit_88 270 -id_pkix1_explicit_93 271 -id_pkix1_implicit_93 272 -id_mod_crmf 273 -id_mod_cmc 274 -id_mod_kea_profile_88 275 -id_mod_kea_profile_93 276 -id_mod_cmp 277 -id_mod_qualified_cert_88 278 -id_mod_qualified_cert_93 279 -id_mod_attribute_cert 280 -id_mod_timestamp_protocol 281 -id_mod_ocsp 282 -id_mod_dvcs 283 -id_mod_cmp2000 284 -biometricInfo 285 -qcStatements 286 -ac_auditEntity 287 -ac_targeting 288 -aaControls 289 -sbgp_ipAddrBlock 290 -sbgp_autonomousSysNum 291 -sbgp_routerIdentifier 292 -textNotice 293 -ipsecEndSystem 294 -ipsecTunnel 295 -ipsecUser 296 -dvcs 297 -id_it_caProtEncCert 298 -id_it_signKeyPairTypes 299 -id_it_encKeyPairTypes 300 -id_it_preferredSymmAlg 301 -id_it_caKeyUpdateInfo 302 -id_it_currentCRL 303 -id_it_unsupportedOIDs 304 -id_it_subscriptionRequest 305 -id_it_subscriptionResponse 306 -id_it_keyPairParamReq 307 -id_it_keyPairParamRep 308 -id_it_revPassphrase 309 -id_it_implicitConfirm 310 -id_it_confirmWaitTime 311 -id_it_origPKIMessage 312 -id_regCtrl 313 -id_regInfo 314 -id_regCtrl_regToken 315 -id_regCtrl_authenticator 316 -id_regCtrl_pkiPublicationInfo 317 -id_regCtrl_pkiArchiveOptions 318 -id_regCtrl_oldCertID 319 -id_regCtrl_protocolEncrKey 320 -id_regInfo_utf8Pairs 321 -id_regInfo_certReq 322 -id_alg_des40 323 -id_alg_noSignature 324 -id_alg_dh_sig_hmac_sha1 325 -id_alg_dh_pop 326 -id_cmc_statusInfo 327 -id_cmc_identification 328 -id_cmc_identityProof 329 -id_cmc_dataReturn 330 -id_cmc_transactionId 331 -id_cmc_senderNonce 332 -id_cmc_recipientNonce 333 -id_cmc_addExtensions 334 -id_cmc_encryptedPOP 335 -id_cmc_decryptedPOP 336 -id_cmc_lraPOPWitness 337 -id_cmc_getCert 338 -id_cmc_getCRL 339 -id_cmc_revokeRequest 340 -id_cmc_regInfo 341 -id_cmc_responseInfo 342 -id_cmc_queryPending 343 -id_cmc_popLinkRandom 344 -id_cmc_popLinkWitness 345 -id_cmc_confirmCertAcceptance 346 -id_on_personalData 347 -id_pda_dateOfBirth 348 -id_pda_placeOfBirth 349 -id_pda_pseudonym 350 -id_pda_gender 351 -id_pda_countryOfCitizenship 352 -id_pda_countryOfResidence 353 -id_aca_authenticationInfo 354 -id_aca_accessIdentity 355 -id_aca_chargingIdentity 356 -id_aca_group 357 -id_aca_role 358 -id_qcs_pkixQCSyntax_v1 359 -id_cct_crs 360 -id_cct_PKIData 361 -id_cct_PKIResponse 362 -ad_timeStamping 363 -ad_dvcs 364 -id_pkix_OCSP_basic 365 -id_pkix_OCSP_Nonce 366 -id_pkix_OCSP_CrlID 367 -id_pkix_OCSP_acceptableResponses 368 -id_pkix_OCSP_noCheck 369 -id_pkix_OCSP_archiveCutoff 370 -id_pkix_OCSP_serviceLocator 371 -id_pkix_OCSP_extendedStatus 372 -id_pkix_OCSP_valid 373 -id_pkix_OCSP_path 374 -id_pkix_OCSP_trustRoot 375 -algorithm 376 -rsaSignature 377 -X500algorithms 378 -org 379 -dod 380 -iana 381 -Directory 382 -Management 383 -Experimental 384 -Private 385 -Security 386 -SNMPv2 387 -Mail 388 -Enterprises 389 -dcObject 390 -domainComponent 391 -Domain 392 -joint_iso_ccitt 393 -selected_attribute_types 394 -clearance 395 -md4WithRSAEncryption 396 -ac_proxying 397 -sinfo_access 398 -id_aca_encAttrs 399 -role 400 -policy_constraints 401 -target_information 402 -no_rev_avail 403 -ccitt 404 -ansi_X9_62 405 -X9_62_prime_field 406 -X9_62_characteristic_two_field 407 -X9_62_id_ecPublicKey 408 -X9_62_prime192v1 409 -X9_62_prime192v2 410 -X9_62_prime192v3 411 -X9_62_prime239v1 412 -X9_62_prime239v2 413 -X9_62_prime239v3 414 -X9_62_prime256v1 415 -ecdsa_with_SHA1 416 -ms_csp_name 417 -aes_128_ecb 418 -aes_128_cbc 419 -aes_128_ofb128 420 -aes_128_cfb128 421 -aes_192_ecb 422 -aes_192_cbc 423 -aes_192_ofb128 424 -aes_192_cfb128 425 -aes_256_ecb 426 -aes_256_cbc 427 -aes_256_ofb128 428 -aes_256_cfb128 429 -hold_instruction_code 430 -hold_instruction_none 431 -hold_instruction_call_issuer 432 -hold_instruction_reject 433 -data 434 -pss 435 -ucl 436 -pilot 437 -pilotAttributeType 438 -pilotAttributeSyntax 439 -pilotObjectClass 440 -pilotGroups 441 -iA5StringSyntax 442 -caseIgnoreIA5StringSyntax 443 -pilotObject 444 -pilotPerson 445 -account 446 -document 447 -room 448 -documentSeries 449 -rFC822localPart 450 -dNSDomain 451 -domainRelatedObject 452 -friendlyCountry 453 -simpleSecurityObject 454 -pilotOrganization 455 -pilotDSA 456 -qualityLabelledData 457 -userId 458 -textEncodedORAddress 459 -rfc822Mailbox 460 -info 461 -favouriteDrink 462 -roomNumber 463 -photo 464 -userClass 465 -host 466 -manager 467 -documentIdentifier 468 -documentTitle 469 -documentVersion 470 -documentAuthor 471 -documentLocation 472 -homeTelephoneNumber 473 -secretary 474 -otherMailbox 475 -lastModifiedTime 476 -lastModifiedBy 477 -aRecord 478 -pilotAttributeType27 479 -mXRecord 480 -nSRecord 481 -sOARecord 482 -cNAMERecord 483 -associatedDomain 484 -associatedName 485 -homePostalAddress 486 -personalTitle 487 -mobileTelephoneNumber 488 -pagerTelephoneNumber 489 -friendlyCountryName 490 -organizationalStatus 491 -janetMailbox 492 -mailPreferenceOption 493 -buildingName 494 -dSAQuality 495 -singleLevelQuality 496 -subtreeMinimumQuality 497 -subtreeMaximumQuality 498 -personalSignature 499 -dITRedirect 500 -audio 501 -documentPublisher 502 -x500UniqueIdentifier 503 -mime_mhs 504 -mime_mhs_headings 505 -mime_mhs_bodies 506 -id_hex_partial_message 507 -id_hex_multipart_message 508 -generationQualifier 509 -pseudonym 510 -InternationalRA 511 -id_set 512 -set_ctype 513 -set_msgExt 514 -set_attr 515 -set_policy 516 -set_certExt 517 -set_brand 518 -setct_PANData 519 -setct_PANToken 520 -setct_PANOnly 521 -setct_OIData 522 -setct_PI 523 -setct_PIData 524 -setct_PIDataUnsigned 525 -setct_HODInput 526 -setct_AuthResBaggage 527 -setct_AuthRevReqBaggage 528 -setct_AuthRevResBaggage 529 -setct_CapTokenSeq 530 -setct_PInitResData 531 -setct_PI_TBS 532 -setct_PResData 533 -setct_AuthReqTBS 534 -setct_AuthResTBS 535 -setct_AuthResTBSX 536 -setct_AuthTokenTBS 537 -setct_CapTokenData 538 -setct_CapTokenTBS 539 -setct_AcqCardCodeMsg 540 -setct_AuthRevReqTBS 541 -setct_AuthRevResData 542 -setct_AuthRevResTBS 543 -setct_CapReqTBS 544 -setct_CapReqTBSX 545 -setct_CapResData 546 -setct_CapRevReqTBS 547 -setct_CapRevReqTBSX 548 -setct_CapRevResData 549 -setct_CredReqTBS 550 -setct_CredReqTBSX 551 -setct_CredResData 552 -setct_CredRevReqTBS 553 -setct_CredRevReqTBSX 554 -setct_CredRevResData 555 -setct_PCertReqData 556 -setct_PCertResTBS 557 -setct_BatchAdminReqData 558 -setct_BatchAdminResData 559 -setct_CardCInitResTBS 560 -setct_MeAqCInitResTBS 561 -setct_RegFormResTBS 562 -setct_CertReqData 563 -setct_CertReqTBS 564 -setct_CertResData 565 -setct_CertInqReqTBS 566 -setct_ErrorTBS 567 -setct_PIDualSignedTBE 568 -setct_PIUnsignedTBE 569 -setct_AuthReqTBE 570 -setct_AuthResTBE 571 -setct_AuthResTBEX 572 -setct_AuthTokenTBE 573 -setct_CapTokenTBE 574 -setct_CapTokenTBEX 575 -setct_AcqCardCodeMsgTBE 576 -setct_AuthRevReqTBE 577 -setct_AuthRevResTBE 578 -setct_AuthRevResTBEB 579 -setct_CapReqTBE 580 -setct_CapReqTBEX 581 -setct_CapResTBE 582 -setct_CapRevReqTBE 583 -setct_CapRevReqTBEX 584 -setct_CapRevResTBE 585 -setct_CredReqTBE 586 -setct_CredReqTBEX 587 -setct_CredResTBE 588 -setct_CredRevReqTBE 589 -setct_CredRevReqTBEX 590 -setct_CredRevResTBE 591 -setct_BatchAdminReqTBE 592 -setct_BatchAdminResTBE 593 -setct_RegFormReqTBE 594 -setct_CertReqTBE 595 -setct_CertReqTBEX 596 -setct_CertResTBE 597 -setct_CRLNotificationTBS 598 -setct_CRLNotificationResTBS 599 -setct_BCIDistributionTBS 600 -setext_genCrypt 601 -setext_miAuth 602 -setext_pinSecure 603 -setext_pinAny 604 -setext_track2 605 -setext_cv 606 -set_policy_root 607 -setCext_hashedRoot 608 -setCext_certType 609 -setCext_merchData 610 -setCext_cCertRequired 611 -setCext_tunneling 612 -setCext_setExt 613 -setCext_setQualf 614 -setCext_PGWYcapabilities 615 -setCext_TokenIdentifier 616 -setCext_Track2Data 617 -setCext_TokenType 618 -setCext_IssuerCapabilities 619 -setAttr_Cert 620 -setAttr_PGWYcap 621 -setAttr_TokenType 622 -setAttr_IssCap 623 -set_rootKeyThumb 624 -set_addPolicy 625 -setAttr_Token_EMV 626 -setAttr_Token_B0Prime 627 -setAttr_IssCap_CVM 628 -setAttr_IssCap_T2 629 -setAttr_IssCap_Sig 630 -setAttr_GenCryptgrm 631 -setAttr_T2Enc 632 -setAttr_T2cleartxt 633 -setAttr_TokICCsig 634 -setAttr_SecDevSig 635 -set_brand_IATA_ATA 636 -set_brand_Diners 637 -set_brand_AmericanExpress 638 -set_brand_JCB 639 -set_brand_Visa 640 -set_brand_MasterCard 641 -set_brand_Novus 642 -des_cdmf 643 -rsaOAEPEncryptionSET 644 -itu_t 645 -joint_iso_itu_t 646 -international_organizations 647 -ms_smartcard_login 648 -ms_upn 649 -aes_128_cfb1 650 -aes_192_cfb1 651 -aes_256_cfb1 652 -aes_128_cfb8 653 -aes_192_cfb8 654 -aes_256_cfb8 655 -des_cfb1 656 -des_cfb8 657 -des_ede3_cfb1 658 -des_ede3_cfb8 659 -streetAddress 660 -postalCode 661 -id_ppl 662 -proxyCertInfo 663 -id_ppl_anyLanguage 664 -id_ppl_inheritAll 665 -name_constraints 666 -Independent 667 -sha256WithRSAEncryption 668 -sha384WithRSAEncryption 669 -sha512WithRSAEncryption 670 -sha224WithRSAEncryption 671 -sha256 672 -sha384 673 -sha512 674 -sha224 675 -identified_organization 676 -certicom_arc 677 -wap 678 -wap_wsg 679 -X9_62_id_characteristic_two_basis 680 -X9_62_onBasis 681 -X9_62_tpBasis 682 -X9_62_ppBasis 683 -X9_62_c2pnb163v1 684 -X9_62_c2pnb163v2 685 -X9_62_c2pnb163v3 686 -X9_62_c2pnb176v1 687 -X9_62_c2tnb191v1 688 -X9_62_c2tnb191v2 689 -X9_62_c2tnb191v3 690 -X9_62_c2onb191v4 691 -X9_62_c2onb191v5 692 -X9_62_c2pnb208w1 693 -X9_62_c2tnb239v1 694 -X9_62_c2tnb239v2 695 -X9_62_c2tnb239v3 696 -X9_62_c2onb239v4 697 -X9_62_c2onb239v5 698 -X9_62_c2pnb272w1 699 -X9_62_c2pnb304w1 700 -X9_62_c2tnb359v1 701 -X9_62_c2pnb368w1 702 -X9_62_c2tnb431r1 703 -secp112r1 704 -secp112r2 705 -secp128r1 706 -secp128r2 707 -secp160k1 708 -secp160r1 709 -secp160r2 710 -secp192k1 711 -secp224k1 712 -secp224r1 713 -secp256k1 714 -secp384r1 715 -secp521r1 716 -sect113r1 717 -sect113r2 718 -sect131r1 719 -sect131r2 720 -sect163k1 721 -sect163r1 722 -sect163r2 723 -sect193r1 724 -sect193r2 725 -sect233k1 726 -sect233r1 727 -sect239k1 728 -sect283k1 729 -sect283r1 730 -sect409k1 731 -sect409r1 732 -sect571k1 733 -sect571r1 734 -wap_wsg_idm_ecid_wtls1 735 -wap_wsg_idm_ecid_wtls3 736 -wap_wsg_idm_ecid_wtls4 737 -wap_wsg_idm_ecid_wtls5 738 -wap_wsg_idm_ecid_wtls6 739 -wap_wsg_idm_ecid_wtls7 740 -wap_wsg_idm_ecid_wtls8 741 -wap_wsg_idm_ecid_wtls9 742 -wap_wsg_idm_ecid_wtls10 743 -wap_wsg_idm_ecid_wtls11 744 -wap_wsg_idm_ecid_wtls12 745 -any_policy 746 -policy_mappings 747 -inhibit_any_policy 748 -ipsec3 749 -ipsec4 750 -camellia_128_cbc 751 -camellia_192_cbc 752 -camellia_256_cbc 753 -camellia_128_ecb 754 -camellia_192_ecb 755 -camellia_256_ecb 756 -camellia_128_cfb128 757 -camellia_192_cfb128 758 -camellia_256_cfb128 759 -camellia_128_cfb1 760 -camellia_192_cfb1 761 -camellia_256_cfb1 762 -camellia_128_cfb8 763 -camellia_192_cfb8 764 -camellia_256_cfb8 765 -camellia_128_ofb128 766 -camellia_192_ofb128 767 -camellia_256_ofb128 768 -subject_directory_attributes 769 -issuing_distribution_point 770 -certificate_issuer 771 -korea 772 -kisa 773 -kftc 774 -npki_alg 775 -seed_ecb 776 -seed_cbc 777 -seed_ofb128 778 -seed_cfb128 779 -hmac_md5 780 -hmac_sha1 781 -id_PasswordBasedMAC 782 -id_DHBasedMac 783 -id_it_suppLangTags 784 -caRepository 785 -id_smime_ct_compressedData 786 -id_ct_asciiTextWithCRLF 787 -id_aes128_wrap 788 -id_aes192_wrap 789 -id_aes256_wrap 790 -ecdsa_with_Recommended 791 -ecdsa_with_Specified 792 -ecdsa_with_SHA224 793 -ecdsa_with_SHA256 794 -ecdsa_with_SHA384 795 -ecdsa_with_SHA512 796 -hmacWithMD5 797 -hmacWithSHA224 798 -hmacWithSHA256 799 -hmacWithSHA384 800 -hmacWithSHA512 801 -dsa_with_SHA224 802 -dsa_with_SHA256 803 -whirlpool 804 -cryptopro 805 -cryptocom 806 -id_GostR3411_94_with_GostR3410_2001 807 -id_GostR3411_94_with_GostR3410_94 808 -id_GostR3411_94 809 -id_HMACGostR3411_94 810 -id_GostR3410_2001 811 -id_GostR3410_94 812 -id_Gost28147_89 813 -gost89_cnt 814 -id_Gost28147_89_MAC 815 -id_GostR3411_94_prf 816 -id_GostR3410_2001DH 817 -id_GostR3410_94DH 818 -id_Gost28147_89_CryptoPro_KeyMeshing 819 -id_Gost28147_89_None_KeyMeshing 820 -id_GostR3411_94_TestParamSet 821 -id_GostR3411_94_CryptoProParamSet 822 -id_Gost28147_89_TestParamSet 823 -id_Gost28147_89_CryptoPro_A_ParamSet 824 -id_Gost28147_89_CryptoPro_B_ParamSet 825 -id_Gost28147_89_CryptoPro_C_ParamSet 826 -id_Gost28147_89_CryptoPro_D_ParamSet 827 -id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet 828 -id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet 829 -id_Gost28147_89_CryptoPro_RIC_1_ParamSet 830 -id_GostR3410_94_TestParamSet 831 -id_GostR3410_94_CryptoPro_A_ParamSet 832 -id_GostR3410_94_CryptoPro_B_ParamSet 833 -id_GostR3410_94_CryptoPro_C_ParamSet 834 -id_GostR3410_94_CryptoPro_D_ParamSet 835 -id_GostR3410_94_CryptoPro_XchA_ParamSet 836 -id_GostR3410_94_CryptoPro_XchB_ParamSet 837 -id_GostR3410_94_CryptoPro_XchC_ParamSet 838 -id_GostR3410_2001_TestParamSet 839 -id_GostR3410_2001_CryptoPro_A_ParamSet 840 -id_GostR3410_2001_CryptoPro_B_ParamSet 841 -id_GostR3410_2001_CryptoPro_C_ParamSet 842 -id_GostR3410_2001_CryptoPro_XchA_ParamSet 843 -id_GostR3410_2001_CryptoPro_XchB_ParamSet 844 -id_GostR3410_94_a 845 -id_GostR3410_94_aBis 846 -id_GostR3410_94_b 847 -id_GostR3410_94_bBis 848 -id_Gost28147_89_cc 849 -id_GostR3410_94_cc 850 -id_GostR3410_2001_cc 851 -id_GostR3411_94_with_GostR3410_94_cc 852 -id_GostR3411_94_with_GostR3410_2001_cc 853 -id_GostR3410_2001_ParamSet_cc 854 -hmac 855 -LocalKeySet 856 -freshest_crl 857 -id_on_permanentIdentifier 858 -searchGuide 859 -businessCategory 860 -postalAddress 861 -postOfficeBox 862 -physicalDeliveryOfficeName 863 -telephoneNumber 864 -telexNumber 865 -teletexTerminalIdentifier 866 -facsimileTelephoneNumber 867 -x121Address 868 -internationaliSDNNumber 869 -registeredAddress 870 -destinationIndicator 871 -preferredDeliveryMethod 872 -presentationAddress 873 -supportedApplicationContext 874 -member 875 -owner 876 -roleOccupant 877 -seeAlso 878 -userPassword 879 -userCertificate 880 -cACertificate 881 -authorityRevocationList 882 -certificateRevocationList 883 -crossCertificatePair 884 -enhancedSearchGuide 885 -protocolInformation 886 -distinguishedName 887 -uniqueMember 888 -houseIdentifier 889 -supportedAlgorithms 890 -deltaRevocationList 891 -dmdName 892 -id_alg_PWRI_KEK 893 -cmac 894 -aes_128_gcm 895 -aes_128_ccm 896 -id_aes128_wrap_pad 897 -aes_192_gcm 898 -aes_192_ccm 899 -id_aes192_wrap_pad 900 -aes_256_gcm 901 -aes_256_ccm 902 -id_aes256_wrap_pad 903 -aes_128_ctr 904 -aes_192_ctr 905 -aes_256_ctr 906 -id_camellia128_wrap 907 -id_camellia192_wrap 908 -id_camellia256_wrap 909 -anyExtendedKeyUsage 910 -mgf1 911 -rsassaPss 912 -aes_128_xts 913 -aes_256_xts 914 -rc4_hmac_md5 915 -aes_128_cbc_hmac_sha1 916 -aes_192_cbc_hmac_sha1 917 -aes_256_cbc_hmac_sha1 918 -rsaesOaep 919 -dhpublicnumber 920 -brainpoolP160r1 921 -brainpoolP160t1 922 -brainpoolP192r1 923 -brainpoolP192t1 924 -brainpoolP224r1 925 -brainpoolP224t1 926 -brainpoolP256r1 927 -brainpoolP256t1 928 -brainpoolP320r1 929 -brainpoolP320t1 930 -brainpoolP384r1 931 -brainpoolP384t1 932 -brainpoolP512r1 933 -brainpoolP512t1 934 -pSpecified 935 -dhSinglePass_stdDH_sha1kdf_scheme 936 -dhSinglePass_stdDH_sha224kdf_scheme 937 -dhSinglePass_stdDH_sha256kdf_scheme 938 -dhSinglePass_stdDH_sha384kdf_scheme 939 -dhSinglePass_stdDH_sha512kdf_scheme 940 -dhSinglePass_cofactorDH_sha1kdf_scheme 941 -dhSinglePass_cofactorDH_sha224kdf_scheme 942 -dhSinglePass_cofactorDH_sha256kdf_scheme 943 -dhSinglePass_cofactorDH_sha384kdf_scheme 944 -dhSinglePass_cofactorDH_sha512kdf_scheme 945 -dh_std_kdf 946 -dh_cofactor_kdf 947 -aes_128_cbc_hmac_sha256 948 -aes_192_cbc_hmac_sha256 949 -aes_256_cbc_hmac_sha256 950 -ct_precert_scts 951 -ct_precert_poison 952 -ct_precert_signer 953 -ct_cert_scts 954 -jurisdictionLocalityName 955 -jurisdictionStateOrProvinceName 956 -jurisdictionCountryName 957 -aes_128_ocb 958 -aes_192_ocb 959 -aes_256_ocb 960 -camellia_128_gcm 961 -camellia_128_ccm 962 -camellia_128_ctr 963 -camellia_128_cmac 964 -camellia_192_gcm 965 -camellia_192_ccm 966 -camellia_192_ctr 967 -camellia_192_cmac 968 -camellia_256_gcm 969 -camellia_256_ccm 970 -camellia_256_ctr 971 -camellia_256_cmac 972 -id_scrypt 973 -id_tc26 974 -gost89_cnt_12 975 -gost_mac_12 976 -id_tc26_algorithms 977 -id_tc26_sign 978 -id_GostR3410_2012_256 979 -id_GostR3410_2012_512 980 -id_tc26_digest 981 -id_GostR3411_2012_256 982 -id_GostR3411_2012_512 983 -id_tc26_signwithdigest 984 -id_tc26_signwithdigest_gost3410_2012_256 985 -id_tc26_signwithdigest_gost3410_2012_512 986 -id_tc26_mac 987 -id_tc26_hmac_gost_3411_2012_256 988 -id_tc26_hmac_gost_3411_2012_512 989 -id_tc26_cipher 990 -id_tc26_agreement 991 -id_tc26_agreement_gost_3410_2012_256 992 -id_tc26_agreement_gost_3410_2012_512 993 -id_tc26_constants 994 -id_tc26_sign_constants 995 -id_tc26_gost_3410_2012_512_constants 996 -id_tc26_gost_3410_2012_512_paramSetTest 997 -id_tc26_gost_3410_2012_512_paramSetA 998 -id_tc26_gost_3410_2012_512_paramSetB 999 -id_tc26_digest_constants 1000 -id_tc26_cipher_constants 1001 -id_tc26_gost_28147_constants 1002 -id_tc26_gost_28147_param_Z 1003 -INN 1004 -OGRN 1005 -SNILS 1006 -subjectSignTool 1007 -issuerSignTool 1008 -gost89_cbc 1009 -gost89_ecb 1010 -gost89_ctr 1011 -kuznyechik_ecb 1012 -kuznyechik_ctr 1013 -kuznyechik_ofb 1014 -kuznyechik_cbc 1015 -kuznyechik_cfb 1016 -kuznyechik_mac 1017 -chacha20_poly1305 1018 -chacha20 1019 -tlsfeature 1020 -tls1_prf 1021 -ipsec_IKE 1022 -capwapAC 1023 -capwapWTP 1024 -sshClient 1025 -sshServer 1026 -sendRouter 1027 -sendProxiedRouter 1028 -sendOwner 1029 -sendProxiedOwner 1030 -id_pkinit 1031 -pkInitClientAuth 1032 -pkInitKDC 1033 -X25519 1034 -X448 1035 -hkdf 1036 -kx_rsa 1037 -kx_ecdhe 1038 -kx_dhe 1039 -kx_ecdhe_psk 1040 -kx_dhe_psk 1041 -kx_rsa_psk 1042 -kx_psk 1043 -kx_srp 1044 -kx_gost 1045 -auth_rsa 1046 -auth_ecdsa 1047 -auth_psk 1048 -auth_dss 1049 -auth_gost01 1050 -auth_gost12 1051 -auth_srp 1052 -auth_null 1053 -fips_none 1054 -fips_140_2 1055 -blake2b512 1056 -blake2s256 1057 -id_smime_ct_contentCollection 1058 -id_smime_ct_authEnvelopedData 1059 -id_ct_xml 1060 -poly1305 1061 -siphash 1062 -kx_any 1063 -auth_any 1064 -aria_128_ecb 1065 -aria_128_cbc 1066 -aria_128_cfb128 1067 -aria_128_ofb128 1068 -aria_128_ctr 1069 -aria_192_ecb 1070 -aria_192_cbc 1071 -aria_192_cfb128 1072 -aria_192_ofb128 1073 -aria_192_ctr 1074 -aria_256_ecb 1075 -aria_256_cbc 1076 -aria_256_cfb128 1077 -aria_256_ofb128 1078 -aria_256_ctr 1079 -aria_128_cfb1 1080 -aria_192_cfb1 1081 -aria_256_cfb1 1082 -aria_128_cfb8 1083 -aria_192_cfb8 1084 -aria_256_cfb8 1085 -id_smime_aa_signingCertificateV2 1086 -ED25519 1087 -ED448 1088 -organizationIdentifier 1089 -countryCode3c 1090 -countryCode3n 1091 -dnsName 1092 -x509ExtAdmission 1093 -sha512_224 1094 -sha512_256 1095 -sha3_224 1096 -sha3_256 1097 -sha3_384 1098 -sha3_512 1099 -shake128 1100 -shake256 1101 -hmac_sha3_224 1102 -hmac_sha3_256 1103 -hmac_sha3_384 1104 -hmac_sha3_512 1105 -dsa_with_SHA384 1106 -dsa_with_SHA512 1107 -dsa_with_SHA3_224 1108 -dsa_with_SHA3_256 1109 -dsa_with_SHA3_384 1110 -dsa_with_SHA3_512 1111 -ecdsa_with_SHA3_224 1112 -ecdsa_with_SHA3_256 1113 -ecdsa_with_SHA3_384 1114 -ecdsa_with_SHA3_512 1115 -RSA_SHA3_224 1116 -RSA_SHA3_256 1117 -RSA_SHA3_384 1118 -RSA_SHA3_512 1119 -aria_128_ccm 1120 -aria_192_ccm 1121 -aria_256_ccm 1122 -aria_128_gcm 1123 -aria_192_gcm 1124 -aria_256_gcm 1125 -ffdhe2048 1126 -ffdhe3072 1127 -ffdhe4096 1128 -ffdhe6144 1129 -ffdhe8192 1130 -cmcCA 1131 -cmcRA 1132 -sm4_ecb 1133 -sm4_cbc 1134 -sm4_ofb128 1135 -sm4_cfb1 1136 -sm4_cfb128 1137 -sm4_cfb8 1138 -sm4_ctr 1139 -ISO_CN 1140 -oscca 1141 -sm_scheme 1142 -sm3 1143 -sm3WithRSAEncryption 1144 -sha512_224WithRSAEncryption 1145 -sha512_256WithRSAEncryption 1146 -id_tc26_gost_3410_2012_256_constants 1147 -id_tc26_gost_3410_2012_256_paramSetA 1148 -id_tc26_gost_3410_2012_512_paramSetC 1149 -ISO_UA 1150 -ua_pki 1151 -dstu28147 1152 -dstu28147_ofb 1153 -dstu28147_cfb 1154 -dstu28147_wrap 1155 -hmacWithDstu34311 1156 -dstu34311 1157 -dstu4145le 1158 -dstu4145be 1159 -uacurve0 1160 -uacurve1 1161 -uacurve2 1162 -uacurve3 1163 -uacurve4 1164 -uacurve5 1165 -uacurve6 1166 -uacurve7 1167 -uacurve8 1168 -uacurve9 1169 -ieee 1170 -ieee_siswg 1171 -sm2 1172 -id_tc26_cipher_gostr3412_2015_magma 1173 -magma_ctr_acpkm 1174 -magma_ctr_acpkm_omac 1175 -id_tc26_cipher_gostr3412_2015_kuznyechik 1176 -kuznyechik_ctr_acpkm 1177 -kuznyechik_ctr_acpkm_omac 1178 -id_tc26_wrap 1179 -id_tc26_wrap_gostr3412_2015_magma 1180 -magma_kexp15 1181 -id_tc26_wrap_gostr3412_2015_kuznyechik 1182 -kuznyechik_kexp15 1183 -id_tc26_gost_3410_2012_256_paramSetB 1184 -id_tc26_gost_3410_2012_256_paramSetC 1185 -id_tc26_gost_3410_2012_256_paramSetD 1186 -magma_ecb 1187 -magma_ctr 1188 -magma_ofb 1189 -magma_cbc 1190 -magma_cfb 1191 -magma_mac 1192 -hmacWithSHA512_224 1193 -hmacWithSHA512_256 1194 -gmac 1195 -kmac128 1196 -kmac256 1197 -aes_128_siv 1198 -aes_192_siv 1199 -aes_256_siv 1200 -blake2bmac 1201 -blake2smac 1202 -sshkdf 1203 -SM2_with_SM3 1204 -sskdf 1205 -x963kdf 1206 -x942kdf 1207 -id_on_SmtpUTF8Mailbox 1208 -XmppAddr 1209 -SRVName 1210 -NAIRealm 1211 -modp_1536 1212 -modp_2048 1213 -modp_3072 1214 -modp_4096 1215 -modp_6144 1216 -modp_8192 1217 -kx_gost18 1218 -cmcArchive 1219 -id_kp_bgpsec_router 1220 -id_kp_BrandIndicatorforMessageIdentification 1221 -cmKGA 1222 -id_it_caCerts 1223 -id_it_rootCaKeyUpdate 1224 -id_it_certReqTemplate 1225 -OGRNIP 1226 -classSignTool 1227 -classSignToolKC1 1228 -classSignToolKC2 1229 -classSignToolKC3 1230 -classSignToolKB1 1231 -classSignToolKB2 1232 -classSignToolKA1 1233 -id_ct_routeOriginAuthz 1234 -id_ct_rpkiManifest 1235 -id_ct_rpkiGhostbusters 1236 -id_ct_resourceTaggedAttest 1237 -id_cp 1238 -sbgp_ipAddrBlockv2 1239 -sbgp_autonomousSysNumv2 1240 -ipAddr_asNumber 1241 -ipAddr_asNumberv2 1242 -rpkiManifest 1243 -signedObject 1244 -rpkiNotify 1245 -id_ct_geofeedCSVwithCRLF 1246 -id_ct_signedChecklist 1247 diff --git a/crypto/objects/obj_xref.c b/crypto/objects/obj_xref.c deleted file mode 100644 index da1035112f4f06feffa5f6b1df6950500269d40f..0000000000000000000000000000000000000000 --- a/crypto/objects/obj_xref.c +++ /dev/null @@ -1,139 +0,0 @@ -/* - * Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "obj_xref.h" -#include "internal/nelem.h" -#include - -static STACK_OF(nid_triple) *sig_app, *sigx_app; - -static int sig_cmp(const nid_triple *a, const nid_triple *b) -{ - return a->sign_id - b->sign_id; -} - -DECLARE_OBJ_BSEARCH_CMP_FN(nid_triple, nid_triple, sig); -IMPLEMENT_OBJ_BSEARCH_CMP_FN(nid_triple, nid_triple, sig); - -static int sig_sk_cmp(const nid_triple *const *a, const nid_triple *const *b) -{ - return (*a)->sign_id - (*b)->sign_id; -} - -DECLARE_OBJ_BSEARCH_CMP_FN(const nid_triple *, const nid_triple *, sigx); - -static int sigx_cmp(const nid_triple *const *a, const nid_triple *const *b) -{ - int ret; - ret = (*a)->hash_id - (*b)->hash_id; - if (ret) - return ret; - return (*a)->pkey_id - (*b)->pkey_id; -} - -IMPLEMENT_OBJ_BSEARCH_CMP_FN(const nid_triple *, const nid_triple *, sigx); - -int OBJ_find_sigid_algs(int signid, int *pdig_nid, int *ppkey_nid) -{ - nid_triple tmp; - const nid_triple *rv = NULL; - tmp.sign_id = signid; - - if (sig_app != NULL) { - int idx = sk_nid_triple_find(sig_app, &tmp); - rv = sk_nid_triple_value(sig_app, idx); - } -#ifndef OBJ_XREF_TEST2 - if (rv == NULL) { - rv = OBJ_bsearch_sig(&tmp, sigoid_srt, OSSL_NELEM(sigoid_srt)); - } -#endif - if (rv == NULL) - return 0; - if (pdig_nid) - *pdig_nid = rv->hash_id; - if (ppkey_nid) - *ppkey_nid = rv->pkey_id; - return 1; -} - -int OBJ_find_sigid_by_algs(int *psignid, int dig_nid, int pkey_nid) -{ - nid_triple tmp; - const nid_triple *t = &tmp; - const nid_triple **rv = NULL; - - tmp.hash_id = dig_nid; - tmp.pkey_id = pkey_nid; - - if (sigx_app) { - int idx = sk_nid_triple_find(sigx_app, &tmp); - if (idx >= 0) { - t = sk_nid_triple_value(sigx_app, idx); - rv = &t; - } - } -#ifndef OBJ_XREF_TEST2 - if (rv == NULL) { - rv = OBJ_bsearch_sigx(&t, sigoid_srt_xref, OSSL_NELEM(sigoid_srt_xref)); - } -#endif - if (rv == NULL) - return 0; - if (psignid) - *psignid = (*rv)->sign_id; - return 1; -} - -int OBJ_add_sigid(int signid, int dig_id, int pkey_id) -{ - nid_triple *ntr; - if (sig_app == NULL) - sig_app = sk_nid_triple_new(sig_sk_cmp); - if (sig_app == NULL) - return 0; - if (sigx_app == NULL) - sigx_app = sk_nid_triple_new(sigx_cmp); - if (sigx_app == NULL) - return 0; - if ((ntr = OPENSSL_malloc(sizeof(*ntr))) == NULL) { - ERR_raise(ERR_LIB_OBJ, ERR_R_MALLOC_FAILURE); - return 0; - } - ntr->sign_id = signid; - ntr->hash_id = dig_id; - ntr->pkey_id = pkey_id; - - if (!sk_nid_triple_push(sig_app, ntr)) { - OPENSSL_free(ntr); - return 0; - } - - if (!sk_nid_triple_push(sigx_app, ntr)) - return 0; - - sk_nid_triple_sort(sig_app); - sk_nid_triple_sort(sigx_app); - - return 1; -} - -static void sid_free(nid_triple *tt) -{ - OPENSSL_free(tt); -} - -void OBJ_sigid_free(void) -{ - sk_nid_triple_pop_free(sig_app, sid_free); - sig_app = NULL; - sk_nid_triple_free(sigx_app); - sigx_app = NULL; -} diff --git a/crypto/objects/obj_xref.h b/crypto/objects/obj_xref.h deleted file mode 100644 index 21a193ee98bc22dd10bc6bcf7261774f1fc49f13..0000000000000000000000000000000000000000 --- a/crypto/objects/obj_xref.h +++ /dev/null @@ -1,130 +0,0 @@ -/* - * WARNING: do not edit! - * Generated by objxref.pl - * - * Copyright 1998-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - - -typedef struct { - int sign_id; - int hash_id; - int pkey_id; -} nid_triple; - -DEFINE_STACK_OF(nid_triple) - -static const nid_triple sigoid_srt[] = { - {NID_md2WithRSAEncryption, NID_md2, NID_rsaEncryption}, - {NID_md5WithRSAEncryption, NID_md5, NID_rsaEncryption}, - {NID_shaWithRSAEncryption, NID_sha, NID_rsaEncryption}, - {NID_sha1WithRSAEncryption, NID_sha1, NID_rsaEncryption}, - {NID_dsaWithSHA, NID_sha, NID_dsa}, - {NID_dsaWithSHA1_2, NID_sha1, NID_dsa_2}, - {NID_mdc2WithRSA, NID_mdc2, NID_rsaEncryption}, - {NID_md5WithRSA, NID_md5, NID_rsa}, - {NID_dsaWithSHA1, NID_sha1, NID_dsa}, - {NID_sha1WithRSA, NID_sha1, NID_rsa}, - {NID_ripemd160WithRSA, NID_ripemd160, NID_rsaEncryption}, - {NID_md4WithRSAEncryption, NID_md4, NID_rsaEncryption}, - {NID_ecdsa_with_SHA1, NID_sha1, NID_X9_62_id_ecPublicKey}, - {NID_sha256WithRSAEncryption, NID_sha256, NID_rsaEncryption}, - {NID_sha384WithRSAEncryption, NID_sha384, NID_rsaEncryption}, - {NID_sha512WithRSAEncryption, NID_sha512, NID_rsaEncryption}, - {NID_sha224WithRSAEncryption, NID_sha224, NID_rsaEncryption}, - {NID_ecdsa_with_Recommended, NID_undef, NID_X9_62_id_ecPublicKey}, - {NID_ecdsa_with_Specified, NID_undef, NID_X9_62_id_ecPublicKey}, - {NID_ecdsa_with_SHA224, NID_sha224, NID_X9_62_id_ecPublicKey}, - {NID_ecdsa_with_SHA256, NID_sha256, NID_X9_62_id_ecPublicKey}, - {NID_ecdsa_with_SHA384, NID_sha384, NID_X9_62_id_ecPublicKey}, - {NID_ecdsa_with_SHA512, NID_sha512, NID_X9_62_id_ecPublicKey}, - {NID_dsa_with_SHA224, NID_sha224, NID_dsa}, - {NID_dsa_with_SHA256, NID_sha256, NID_dsa}, - {NID_id_GostR3411_94_with_GostR3410_2001, NID_id_GostR3411_94, - NID_id_GostR3410_2001}, - {NID_id_GostR3411_94_with_GostR3410_94, NID_id_GostR3411_94, - NID_id_GostR3410_94}, - {NID_id_GostR3411_94_with_GostR3410_94_cc, NID_id_GostR3411_94, - NID_id_GostR3410_94_cc}, - {NID_id_GostR3411_94_with_GostR3410_2001_cc, NID_id_GostR3411_94, - NID_id_GostR3410_2001_cc}, - {NID_rsassaPss, NID_undef, NID_rsassaPss}, - {NID_dhSinglePass_stdDH_sha1kdf_scheme, NID_sha1, NID_dh_std_kdf}, - {NID_dhSinglePass_stdDH_sha224kdf_scheme, NID_sha224, NID_dh_std_kdf}, - {NID_dhSinglePass_stdDH_sha256kdf_scheme, NID_sha256, NID_dh_std_kdf}, - {NID_dhSinglePass_stdDH_sha384kdf_scheme, NID_sha384, NID_dh_std_kdf}, - {NID_dhSinglePass_stdDH_sha512kdf_scheme, NID_sha512, NID_dh_std_kdf}, - {NID_dhSinglePass_cofactorDH_sha1kdf_scheme, NID_sha1, - NID_dh_cofactor_kdf}, - {NID_dhSinglePass_cofactorDH_sha224kdf_scheme, NID_sha224, - NID_dh_cofactor_kdf}, - {NID_dhSinglePass_cofactorDH_sha256kdf_scheme, NID_sha256, - NID_dh_cofactor_kdf}, - {NID_dhSinglePass_cofactorDH_sha384kdf_scheme, NID_sha384, - NID_dh_cofactor_kdf}, - {NID_dhSinglePass_cofactorDH_sha512kdf_scheme, NID_sha512, - NID_dh_cofactor_kdf}, - {NID_id_tc26_signwithdigest_gost3410_2012_256, NID_id_GostR3411_2012_256, - NID_id_GostR3410_2012_256}, - {NID_id_tc26_signwithdigest_gost3410_2012_512, NID_id_GostR3411_2012_512, - NID_id_GostR3410_2012_512}, - {NID_ED25519, NID_undef, NID_ED25519}, - {NID_ED448, NID_undef, NID_ED448}, - {NID_RSA_SHA3_224, NID_sha3_224, NID_rsaEncryption}, - {NID_RSA_SHA3_256, NID_sha3_256, NID_rsaEncryption}, - {NID_RSA_SHA3_384, NID_sha3_384, NID_rsaEncryption}, - {NID_RSA_SHA3_512, NID_sha3_512, NID_rsaEncryption}, - {NID_SM2_with_SM3, NID_sm3, NID_sm2}, -}; - -static const nid_triple *const sigoid_srt_xref[] = { - &sigoid_srt[0], - &sigoid_srt[1], - &sigoid_srt[7], - &sigoid_srt[2], - &sigoid_srt[4], - &sigoid_srt[3], - &sigoid_srt[9], - &sigoid_srt[5], - &sigoid_srt[8], - &sigoid_srt[12], - &sigoid_srt[30], - &sigoid_srt[35], - &sigoid_srt[6], - &sigoid_srt[10], - &sigoid_srt[11], - &sigoid_srt[13], - &sigoid_srt[24], - &sigoid_srt[20], - &sigoid_srt[32], - &sigoid_srt[37], - &sigoid_srt[14], - &sigoid_srt[21], - &sigoid_srt[33], - &sigoid_srt[38], - &sigoid_srt[15], - &sigoid_srt[22], - &sigoid_srt[34], - &sigoid_srt[39], - &sigoid_srt[16], - &sigoid_srt[23], - &sigoid_srt[19], - &sigoid_srt[31], - &sigoid_srt[36], - &sigoid_srt[25], - &sigoid_srt[26], - &sigoid_srt[27], - &sigoid_srt[28], - &sigoid_srt[40], - &sigoid_srt[41], - &sigoid_srt[44], - &sigoid_srt[45], - &sigoid_srt[46], - &sigoid_srt[47], - &sigoid_srt[48], -}; diff --git a/crypto/objects/obj_xref.txt b/crypto/objects/obj_xref.txt deleted file mode 100644 index 2a61d4db59275d5e31cd1004b8a7e7f7541f0782..0000000000000000000000000000000000000000 --- a/crypto/objects/obj_xref.txt +++ /dev/null @@ -1,68 +0,0 @@ -# OID cross reference table. -# Links signatures OIDs to their corresponding public key algorithms -# and digests. - -md2WithRSAEncryption md2 rsaEncryption -md5WithRSAEncryption md5 rsaEncryption -shaWithRSAEncryption sha rsaEncryption -sha1WithRSAEncryption sha1 rsaEncryption -md4WithRSAEncryption md4 rsaEncryption -sha256WithRSAEncryption sha256 rsaEncryption -sha384WithRSAEncryption sha384 rsaEncryption -sha512WithRSAEncryption sha512 rsaEncryption -sha224WithRSAEncryption sha224 rsaEncryption -mdc2WithRSA mdc2 rsaEncryption -ripemd160WithRSA ripemd160 rsaEncryption -RSA_SHA3_224 sha3_224 rsaEncryption -RSA_SHA3_256 sha3_256 rsaEncryption -RSA_SHA3_384 sha3_384 rsaEncryption -RSA_SHA3_512 sha3_512 rsaEncryption -# For PSS the digest algorithm can vary and depends on the included -# AlgorithmIdentifier. The digest "undef" indicates the public key -# method should handle this explicitly. -rsassaPss undef rsassaPss -ED25519 undef ED25519 -ED448 undef ED448 - -# Alternative deprecated OIDs. By using the older "rsa" OID this -# type will be recognized by not normally used. - -md5WithRSA md5 rsa -sha1WithRSA sha1 rsa - -dsaWithSHA sha dsa -dsaWithSHA1 sha1 dsa - -dsaWithSHA1_2 sha1 dsa_2 - -ecdsa_with_SHA1 sha1 X9_62_id_ecPublicKey -ecdsa_with_SHA224 sha224 X9_62_id_ecPublicKey -ecdsa_with_SHA256 sha256 X9_62_id_ecPublicKey -ecdsa_with_SHA384 sha384 X9_62_id_ecPublicKey -ecdsa_with_SHA512 sha512 X9_62_id_ecPublicKey -ecdsa_with_Recommended undef X9_62_id_ecPublicKey -ecdsa_with_Specified undef X9_62_id_ecPublicKey - -dsa_with_SHA224 sha224 dsa -dsa_with_SHA256 sha256 dsa - -id_GostR3411_94_with_GostR3410_2001 id_GostR3411_94 id_GostR3410_2001 -id_GostR3411_94_with_GostR3410_94 id_GostR3411_94 id_GostR3410_94 -id_GostR3411_94_with_GostR3410_94_cc id_GostR3411_94 id_GostR3410_94_cc -id_GostR3411_94_with_GostR3410_2001_cc id_GostR3411_94 id_GostR3410_2001_cc -id_tc26_signwithdigest_gost3410_2012_256 id_GostR3411_2012_256 id_GostR3410_2012_256 -id_tc26_signwithdigest_gost3410_2012_512 id_GostR3411_2012_512 id_GostR3410_2012_512 -# ECDH KDFs and their corresponding message digests and schemes -dhSinglePass_stdDH_sha1kdf_scheme sha1 dh_std_kdf -dhSinglePass_stdDH_sha224kdf_scheme sha224 dh_std_kdf -dhSinglePass_stdDH_sha256kdf_scheme sha256 dh_std_kdf -dhSinglePass_stdDH_sha384kdf_scheme sha384 dh_std_kdf -dhSinglePass_stdDH_sha512kdf_scheme sha512 dh_std_kdf - -dhSinglePass_cofactorDH_sha1kdf_scheme sha1 dh_cofactor_kdf -dhSinglePass_cofactorDH_sha224kdf_scheme sha224 dh_cofactor_kdf -dhSinglePass_cofactorDH_sha256kdf_scheme sha256 dh_cofactor_kdf -dhSinglePass_cofactorDH_sha384kdf_scheme sha384 dh_cofactor_kdf -dhSinglePass_cofactorDH_sha512kdf_scheme sha512 dh_cofactor_kdf - -SM2_with_SM3 sm3 sm2 diff --git a/crypto/objects/objects.pl b/crypto/objects/objects.pl deleted file mode 100644 index 51bc248b3f003c6755162d0526d8554b1ef0f16f..0000000000000000000000000000000000000000 --- a/crypto/objects/objects.pl +++ /dev/null @@ -1,211 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - -use Getopt::Std; -use FindBin; -use lib "$FindBin::Bin/../../util/perl"; -use OpenSSL::copyright; - -our($opt_n); -getopts('n'); - -# The year the output file is generated. -my $YEAR = OpenSSL::copyright::latest(($0, $ARGV[1], $ARGV[0])); - -open (NUMIN,"$ARGV[1]") || die "Can't open number file $ARGV[1]"; -$max_nid=0; -$o=0; -while() - { - s|\R$||; - $o++; - s/#.*$//; - next if /^\s*$/; - $_ = 'X'.$_; - ($Cname,$mynum) = split; - $Cname =~ s/^X//; - if (defined($nidn{$mynum})) - { die "$ARGV[1]:$o:There's already an object with NID ",$mynum," on line ",$order{$mynum},"\n"; } - if (defined($nid{$Cname})) - { die "$ARGV[1]:$o:There's already an object with name ",$Cname," on line ",$order{$nid{$Cname}},"\n"; } - $nid{$Cname} = $mynum; - $nidn{$mynum} = $Cname; - $order{$mynum} = $o; - $max_nid = $mynum if $mynum > $max_nid; - } -close NUMIN; - -open (IN,"$ARGV[0]") || die "Can't open input file $ARGV[0]"; -$Cname=""; -$o=0; -while () - { - s|\R$||; - $o++; - if (/^!module\s+(.*)$/) - { - $module = $1."-"; - $module =~ s/\./_/g; - $module =~ s/-/_/g; - } - if (/^!global$/) - { $module = ""; } - if (/^!Cname\s+(.*)$/) - { $Cname = $1; } - if (/^!Alias\s+(.+?)\s+(.*)$/) - { - $Cname = $module.$1; - $myoid = $2; - $myoid = &process_oid($myoid); - $Cname =~ s/-/_/g; - $ordern{$o} = $Cname; - $order{$Cname} = $o; - $obj{$Cname} = $myoid; - $_ = ""; - $Cname = ""; - } - s/!.*$//; - s/#.*$//; - next if /^\s*$/; - ($myoid,$mysn,$myln) = split ':'; - $mysn =~ s/^\s*//; - $mysn =~ s/\s*$//; - $myln =~ s/^\s*//; - $myln =~ s/\s*$//; - $myoid =~ s/^\s*//; - $myoid =~ s/\s*$//; - if ($myoid ne "") - { - $myoid = &process_oid($myoid); - } - - if ($Cname eq "" && ($myln =~ /^[_A-Za-z][\w.-]*$/ )) - { - $Cname = $myln; - $Cname =~ s/\./_/g; - $Cname =~ s/-/_/g; - if ($Cname ne "" && defined($ln{$module.$Cname})) - { die "objects.txt:$o:There's already an object with long name ",$ln{$module.$Cname}," on line ",$order{$module.$Cname},"\n"; } - } - if ($Cname eq "") - { - $Cname = $mysn; - $Cname =~ s/-/_/g; - if ($Cname ne "" && defined($sn{$module.$Cname})) - { die "objects.txt:$o:There's already an object with short name ",$sn{$module.$Cname}," on line ",$order{$module.$Cname},"\n"; } - } - if ($Cname eq "") - { - $Cname = $myln; - $Cname =~ s/-/_/g; - $Cname =~ s/\./_/g; - $Cname =~ s/ /_/g; - if ($Cname ne "" && defined($ln{$module.$Cname})) - { die "objects.txt:$o:There's already an object with long name ",$ln{$module.$Cname}," on line ",$order{$module.$Cname},"\n"; } - } - $Cname =~ s/\./_/g; - $Cname =~ s/-/_/g; - $Cname = $module.$Cname; - $ordern{$o} = $Cname; - $order{$Cname} = $o; - $sn{$Cname} = $mysn; - $ln{$Cname} = $myln; - $obj{$Cname} = $myoid; - if (!defined($nid{$Cname})) - { - $max_nid++; - $nid{$Cname} = $max_nid; - $nidn{$max_nid} = $Cname; -print STDERR "Added OID $Cname\n"; - } - $Cname=""; - } -close IN; - -if ( $opt_n ) { - foreach (sort { $a <=> $b } keys %nidn) - { - print $nidn{$_},"\t\t",$_,"\n"; - } - exit; -} - -print <<"EOF"; -/* - * WARNING: do not edit! - * Generated by crypto/objects/objects.pl - * - * Copyright 2000-$YEAR The OpenSSL Project Authors. All Rights Reserved. - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#ifndef OPENSSL_OBJ_MAC_H -# define OPENSSL_OBJ_MAC_H -# pragma once - -#define SN_undef "UNDEF" -#define LN_undef "undefined" -#define NID_undef 0 -#define OBJ_undef 0L -EOF - -sub expand - { - my $string = shift; - - 1 while $string =~ s/\t+/' ' x (length($&) * 8 - length($`) % 8)/e; - - return $string; - } - -foreach (sort { $a <=> $b } keys %ordern) - { - $Cname=$ordern{$_}; - print "\n"; - print expand("#define SN_$Cname\t\t\"$sn{$Cname}\"\n") if $sn{$Cname} ne ""; - print expand("#define LN_$Cname\t\t\"$ln{$Cname}\"\n") if $ln{$Cname} ne ""; - print expand("#define NID_$Cname\t\t$nid{$Cname}\n") if $nid{$Cname} ne ""; - print expand("#define OBJ_$Cname\t\t$obj{$Cname}\n") if $obj{$Cname} ne ""; - } - -print <) - { - s|\R$||; # Better chomp - my ($name, $num) = /^(\S+)\s+(\S+)$/; - $oid_tbl{$name} = $num; - } -close IN; - -open(IN, $xref_file) || die "Can't open $xref_file, $!\n"; - -my $ln = 1; - -while () - { - s|\R$||; # Better chomp - s/#.*$//; - next if (/^\S*$/); - my ($xr, $p1, $p2) = /^(\S+)\s+(\S+)\s+(\S+)/; - check_oid($xr); - check_oid($p1); - check_oid($p2); - $xref_tbl{$xr} = [$p1, $p2, $ln]; - } - -my @xrkeys = keys %xref_tbl; - -my @srt1 = sort { $oid_tbl{$a} <=> $oid_tbl{$b}} @xrkeys; - -my $i; -for($i = 0; $i <= $#srt1; $i++) - { - $xref_tbl{$srt1[$i]}[2] = $i; - } - -my @srt2 = sort - { - my$ap1 = $oid_tbl{$xref_tbl{$a}[0]}; - my$bp1 = $oid_tbl{$xref_tbl{$b}[0]}; - return $ap1 - $bp1 if ($ap1 != $bp1); - my$ap2 = $oid_tbl{$xref_tbl{$a}[1]}; - my$bp2 = $oid_tbl{$xref_tbl{$b}[1]}; - - return $ap2 - $bp2; - } @xrkeys; - -my $pname = $0; -$pname =~ s|.*/||; - -print < -#include -#include -#include "ocsp_local.h" - -ASN1_SEQUENCE(OCSP_SIGNATURE) = { - ASN1_EMBED(OCSP_SIGNATURE, signatureAlgorithm, X509_ALGOR), - ASN1_SIMPLE(OCSP_SIGNATURE, signature, ASN1_BIT_STRING), - ASN1_EXP_SEQUENCE_OF_OPT(OCSP_SIGNATURE, certs, X509, 0) -} ASN1_SEQUENCE_END(OCSP_SIGNATURE) - -IMPLEMENT_ASN1_FUNCTIONS(OCSP_SIGNATURE) - -ASN1_SEQUENCE(OCSP_CERTID) = { - ASN1_EMBED(OCSP_CERTID, hashAlgorithm, X509_ALGOR), - ASN1_EMBED(OCSP_CERTID, issuerNameHash, ASN1_OCTET_STRING), - ASN1_EMBED(OCSP_CERTID, issuerKeyHash, ASN1_OCTET_STRING), - ASN1_EMBED(OCSP_CERTID, serialNumber, ASN1_INTEGER) -} ASN1_SEQUENCE_END(OCSP_CERTID) - -IMPLEMENT_ASN1_FUNCTIONS(OCSP_CERTID) - -ASN1_SEQUENCE(OCSP_ONEREQ) = { - ASN1_SIMPLE(OCSP_ONEREQ, reqCert, OCSP_CERTID), - ASN1_EXP_SEQUENCE_OF_OPT(OCSP_ONEREQ, singleRequestExtensions, X509_EXTENSION, 0) -} ASN1_SEQUENCE_END(OCSP_ONEREQ) - -IMPLEMENT_ASN1_FUNCTIONS(OCSP_ONEREQ) - -ASN1_SEQUENCE(OCSP_REQINFO) = { - ASN1_EXP_OPT(OCSP_REQINFO, version, ASN1_INTEGER, 0), - ASN1_EXP_OPT(OCSP_REQINFO, requestorName, GENERAL_NAME, 1), - ASN1_SEQUENCE_OF(OCSP_REQINFO, requestList, OCSP_ONEREQ), - ASN1_EXP_SEQUENCE_OF_OPT(OCSP_REQINFO, requestExtensions, X509_EXTENSION, 2) -} ASN1_SEQUENCE_END(OCSP_REQINFO) - -IMPLEMENT_ASN1_FUNCTIONS(OCSP_REQINFO) - -ASN1_SEQUENCE(OCSP_REQUEST) = { - ASN1_EMBED(OCSP_REQUEST, tbsRequest, OCSP_REQINFO), - ASN1_EXP_OPT(OCSP_REQUEST, optionalSignature, OCSP_SIGNATURE, 0) -} ASN1_SEQUENCE_END(OCSP_REQUEST) - -IMPLEMENT_ASN1_FUNCTIONS(OCSP_REQUEST) - -/* OCSP_RESPONSE templates */ - -ASN1_SEQUENCE(OCSP_RESPBYTES) = { - ASN1_SIMPLE(OCSP_RESPBYTES, responseType, ASN1_OBJECT), - ASN1_SIMPLE(OCSP_RESPBYTES, response, ASN1_OCTET_STRING) -} ASN1_SEQUENCE_END(OCSP_RESPBYTES) - -IMPLEMENT_ASN1_FUNCTIONS(OCSP_RESPBYTES) - -ASN1_SEQUENCE(OCSP_RESPONSE) = { - ASN1_SIMPLE(OCSP_RESPONSE, responseStatus, ASN1_ENUMERATED), - ASN1_EXP_OPT(OCSP_RESPONSE, responseBytes, OCSP_RESPBYTES, 0) -} ASN1_SEQUENCE_END(OCSP_RESPONSE) - -IMPLEMENT_ASN1_FUNCTIONS(OCSP_RESPONSE) - -ASN1_CHOICE(OCSP_RESPID) = { - ASN1_EXP(OCSP_RESPID, value.byName, X509_NAME, 1), - ASN1_EXP(OCSP_RESPID, value.byKey, ASN1_OCTET_STRING, 2) -} ASN1_CHOICE_END(OCSP_RESPID) - -IMPLEMENT_ASN1_FUNCTIONS(OCSP_RESPID) - -ASN1_SEQUENCE(OCSP_REVOKEDINFO) = { - ASN1_SIMPLE(OCSP_REVOKEDINFO, revocationTime, ASN1_GENERALIZEDTIME), - ASN1_EXP_OPT(OCSP_REVOKEDINFO, revocationReason, ASN1_ENUMERATED, 0) -} ASN1_SEQUENCE_END(OCSP_REVOKEDINFO) - -IMPLEMENT_ASN1_FUNCTIONS(OCSP_REVOKEDINFO) - -ASN1_CHOICE(OCSP_CERTSTATUS) = { - ASN1_IMP(OCSP_CERTSTATUS, value.good, ASN1_NULL, 0), - ASN1_IMP(OCSP_CERTSTATUS, value.revoked, OCSP_REVOKEDINFO, 1), - ASN1_IMP(OCSP_CERTSTATUS, value.unknown, ASN1_NULL, 2) -} ASN1_CHOICE_END(OCSP_CERTSTATUS) - -IMPLEMENT_ASN1_FUNCTIONS(OCSP_CERTSTATUS) - -ASN1_SEQUENCE(OCSP_SINGLERESP) = { - ASN1_SIMPLE(OCSP_SINGLERESP, certId, OCSP_CERTID), - ASN1_SIMPLE(OCSP_SINGLERESP, certStatus, OCSP_CERTSTATUS), - ASN1_SIMPLE(OCSP_SINGLERESP, thisUpdate, ASN1_GENERALIZEDTIME), - ASN1_EXP_OPT(OCSP_SINGLERESP, nextUpdate, ASN1_GENERALIZEDTIME, 0), - ASN1_EXP_SEQUENCE_OF_OPT(OCSP_SINGLERESP, singleExtensions, X509_EXTENSION, 1) -} ASN1_SEQUENCE_END(OCSP_SINGLERESP) - -IMPLEMENT_ASN1_FUNCTIONS(OCSP_SINGLERESP) - -ASN1_SEQUENCE(OCSP_RESPDATA) = { - ASN1_EXP_OPT(OCSP_RESPDATA, version, ASN1_INTEGER, 0), - ASN1_EMBED(OCSP_RESPDATA, responderId, OCSP_RESPID), - ASN1_SIMPLE(OCSP_RESPDATA, producedAt, ASN1_GENERALIZEDTIME), - ASN1_SEQUENCE_OF(OCSP_RESPDATA, responses, OCSP_SINGLERESP), - ASN1_EXP_SEQUENCE_OF_OPT(OCSP_RESPDATA, responseExtensions, X509_EXTENSION, 1) -} ASN1_SEQUENCE_END(OCSP_RESPDATA) - -IMPLEMENT_ASN1_FUNCTIONS(OCSP_RESPDATA) - -ASN1_SEQUENCE(OCSP_BASICRESP) = { - ASN1_EMBED(OCSP_BASICRESP, tbsResponseData, OCSP_RESPDATA), - ASN1_EMBED(OCSP_BASICRESP, signatureAlgorithm, X509_ALGOR), - ASN1_SIMPLE(OCSP_BASICRESP, signature, ASN1_BIT_STRING), - ASN1_EXP_SEQUENCE_OF_OPT(OCSP_BASICRESP, certs, X509, 0) -} ASN1_SEQUENCE_END(OCSP_BASICRESP) - -IMPLEMENT_ASN1_FUNCTIONS(OCSP_BASICRESP) - -ASN1_SEQUENCE(OCSP_CRLID) = { - ASN1_EXP_OPT(OCSP_CRLID, crlUrl, ASN1_IA5STRING, 0), - ASN1_EXP_OPT(OCSP_CRLID, crlNum, ASN1_INTEGER, 1), - ASN1_EXP_OPT(OCSP_CRLID, crlTime, ASN1_GENERALIZEDTIME, 2) -} ASN1_SEQUENCE_END(OCSP_CRLID) - -IMPLEMENT_ASN1_FUNCTIONS(OCSP_CRLID) - -ASN1_SEQUENCE(OCSP_SERVICELOC) = { - ASN1_SIMPLE(OCSP_SERVICELOC, issuer, X509_NAME), - ASN1_SEQUENCE_OF_OPT(OCSP_SERVICELOC, locator, ACCESS_DESCRIPTION) -} ASN1_SEQUENCE_END(OCSP_SERVICELOC) - -IMPLEMENT_ASN1_FUNCTIONS(OCSP_SERVICELOC) diff --git a/crypto/ocsp/ocsp_cl.c b/crypto/ocsp/ocsp_cl.c deleted file mode 100644 index c1dda38414f2a2700f1fa85b253e211c335202dd..0000000000000000000000000000000000000000 --- a/crypto/ocsp/ocsp_cl.c +++ /dev/null @@ -1,368 +0,0 @@ -/* - * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include "internal/cryptlib.h" -#include -#include -#include -#include -#include -#include -#include "ocsp_local.h" - -/* - * Utility functions related to sending OCSP requests and extracting relevant - * information from the response. - */ - -/* - * Add an OCSP_CERTID to an OCSP request. Return new OCSP_ONEREQ pointer: - * useful if we want to add extensions. - */ -OCSP_ONEREQ *OCSP_request_add0_id(OCSP_REQUEST *req, OCSP_CERTID *cid) -{ - OCSP_ONEREQ *one = NULL; - - if ((one = OCSP_ONEREQ_new()) == NULL) - return NULL; - OCSP_CERTID_free(one->reqCert); - one->reqCert = cid; - if (req && !sk_OCSP_ONEREQ_push(req->tbsRequest.requestList, one)) { - one->reqCert = NULL; /* do not free on error */ - OCSP_ONEREQ_free(one); - return NULL; - } - return one; -} - -/* Set requestorName from an X509_NAME structure */ -int OCSP_request_set1_name(OCSP_REQUEST *req, const X509_NAME *nm) -{ - GENERAL_NAME *gen = GENERAL_NAME_new(); - - if (gen == NULL) - return 0; - if (!X509_NAME_set(&gen->d.directoryName, nm)) { - GENERAL_NAME_free(gen); - return 0; - } - gen->type = GEN_DIRNAME; - GENERAL_NAME_free(req->tbsRequest.requestorName); - req->tbsRequest.requestorName = gen; - return 1; -} - -/* Add a certificate to an OCSP request */ -int OCSP_request_add1_cert(OCSP_REQUEST *req, X509 *cert) -{ - if (req->optionalSignature == NULL - && (req->optionalSignature = OCSP_SIGNATURE_new()) == NULL) - return 0; - if (cert == NULL) - return 1; - return ossl_x509_add_cert_new(&req->optionalSignature->certs, cert, - X509_ADD_FLAG_UP_REF); -} - -/* - * Sign an OCSP request set the requestorName to the subject name of an - * optional signers certificate and include one or more optional certificates - * in the request. Behaves like PKCS7_sign(). - */ -int OCSP_request_sign(OCSP_REQUEST *req, - X509 *signer, - EVP_PKEY *key, - const EVP_MD *dgst, - STACK_OF(X509) *certs, unsigned long flags) -{ - if (!OCSP_request_set1_name(req, X509_get_subject_name(signer))) - goto err; - - if ((req->optionalSignature = OCSP_SIGNATURE_new()) == NULL) - goto err; - if (key != NULL) { - if (!X509_check_private_key(signer, key)) { - ERR_raise(ERR_LIB_OCSP, - OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE); - goto err; - } - if (!OCSP_REQUEST_sign(req, key, dgst, signer->libctx, signer->propq)) - goto err; - } - - if ((flags & OCSP_NOCERTS) == 0) { - if (!OCSP_request_add1_cert(req, signer) - || !X509_add_certs(req->optionalSignature->certs, certs, - X509_ADD_FLAG_UP_REF)) - goto err; - } - - return 1; - err: - OCSP_SIGNATURE_free(req->optionalSignature); - req->optionalSignature = NULL; - return 0; -} - -/* Get response status */ -int OCSP_response_status(OCSP_RESPONSE *resp) -{ - return ASN1_ENUMERATED_get(resp->responseStatus); -} - -/* - * Extract basic response from OCSP_RESPONSE or NULL if no basic response - * present. - */ -OCSP_BASICRESP *OCSP_response_get1_basic(OCSP_RESPONSE *resp) -{ - OCSP_RESPBYTES *rb = resp->responseBytes; - - if (rb == NULL) { - ERR_raise(ERR_LIB_OCSP, OCSP_R_NO_RESPONSE_DATA); - return NULL; - } - if (OBJ_obj2nid(rb->responseType) != NID_id_pkix_OCSP_basic) { - ERR_raise(ERR_LIB_OCSP, OCSP_R_NOT_BASIC_RESPONSE); - return NULL; - } - - return ASN1_item_unpack(rb->response, ASN1_ITEM_rptr(OCSP_BASICRESP)); -} - -const ASN1_OCTET_STRING *OCSP_resp_get0_signature(const OCSP_BASICRESP *bs) -{ - return bs->signature; -} - -const X509_ALGOR *OCSP_resp_get0_tbs_sigalg(const OCSP_BASICRESP *bs) -{ - return &bs->signatureAlgorithm; -} - -const OCSP_RESPDATA *OCSP_resp_get0_respdata(const OCSP_BASICRESP *bs) -{ - return &bs->tbsResponseData; -} - -/* Return number of OCSP_SINGLERESP responses present in a basic response */ - -int OCSP_resp_count(OCSP_BASICRESP *bs) -{ - if (bs == NULL) - return -1; - return sk_OCSP_SINGLERESP_num(bs->tbsResponseData.responses); -} - -/* Extract an OCSP_SINGLERESP response with a given index */ -OCSP_SINGLERESP *OCSP_resp_get0(OCSP_BASICRESP *bs, int idx) -{ - if (bs == NULL) - return NULL; - return sk_OCSP_SINGLERESP_value(bs->tbsResponseData.responses, idx); -} - -const ASN1_GENERALIZEDTIME *OCSP_resp_get0_produced_at(const OCSP_BASICRESP *bs) -{ - return bs->tbsResponseData.producedAt; -} - -const STACK_OF(X509) *OCSP_resp_get0_certs(const OCSP_BASICRESP *bs) -{ - return bs->certs; -} - -int OCSP_resp_get0_id(const OCSP_BASICRESP *bs, - const ASN1_OCTET_STRING **pid, - const X509_NAME **pname) -{ - const OCSP_RESPID *rid = &bs->tbsResponseData.responderId; - - if (rid->type == V_OCSP_RESPID_NAME) { - *pname = rid->value.byName; - *pid = NULL; - } else if (rid->type == V_OCSP_RESPID_KEY) { - *pid = rid->value.byKey; - *pname = NULL; - } else { - return 0; - } - return 1; -} - -int OCSP_resp_get1_id(const OCSP_BASICRESP *bs, - ASN1_OCTET_STRING **pid, - X509_NAME **pname) -{ - const OCSP_RESPID *rid = &bs->tbsResponseData.responderId; - - if (rid->type == V_OCSP_RESPID_NAME) { - *pname = X509_NAME_dup(rid->value.byName); - *pid = NULL; - } else if (rid->type == V_OCSP_RESPID_KEY) { - *pid = ASN1_OCTET_STRING_dup(rid->value.byKey); - *pname = NULL; - } else { - return 0; - } - if (*pname == NULL && *pid == NULL) - return 0; - return 1; -} - -/* Look single response matching a given certificate ID */ -int OCSP_resp_find(OCSP_BASICRESP *bs, OCSP_CERTID *id, int last) -{ - int i; - STACK_OF(OCSP_SINGLERESP) *sresp; - OCSP_SINGLERESP *single; - - if (bs == NULL) - return -1; - if (last < 0) - last = 0; - else - last++; - sresp = bs->tbsResponseData.responses; - for (i = last; i < sk_OCSP_SINGLERESP_num(sresp); i++) { - single = sk_OCSP_SINGLERESP_value(sresp, i); - if (!OCSP_id_cmp(id, single->certId)) - return i; - } - return -1; -} - -/* - * Extract status information from an OCSP_SINGLERESP structure. Note: the - * revtime and reason values are only set if the certificate status is - * revoked. Returns numerical value of status. - */ -int OCSP_single_get0_status(OCSP_SINGLERESP *single, int *reason, - ASN1_GENERALIZEDTIME **revtime, - ASN1_GENERALIZEDTIME **thisupd, - ASN1_GENERALIZEDTIME **nextupd) -{ - int ret; - OCSP_CERTSTATUS *cst; - - if (single == NULL) - return -1; - cst = single->certStatus; - ret = cst->type; - if (ret == V_OCSP_CERTSTATUS_REVOKED) { - OCSP_REVOKEDINFO *rev = cst->value.revoked; - - if (revtime) - *revtime = rev->revocationTime; - if (reason) { - if (rev->revocationReason) - *reason = ASN1_ENUMERATED_get(rev->revocationReason); - else - *reason = -1; - } - } - if (thisupd != NULL) - *thisupd = single->thisUpdate; - if (nextupd != NULL) - *nextupd = single->nextUpdate; - return ret; -} - -/* - * This function combines the previous ones: look up a certificate ID and if - * found extract status information. Return 0 is successful. - */ -int OCSP_resp_find_status(OCSP_BASICRESP *bs, OCSP_CERTID *id, int *status, - int *reason, - ASN1_GENERALIZEDTIME **revtime, - ASN1_GENERALIZEDTIME **thisupd, - ASN1_GENERALIZEDTIME **nextupd) -{ - int i = OCSP_resp_find(bs, id, -1); - OCSP_SINGLERESP *single; - - /* Maybe check for multiple responses and give an error? */ - if (i < 0) - return 0; - single = OCSP_resp_get0(bs, i); - i = OCSP_single_get0_status(single, reason, revtime, thisupd, nextupd); - if (status != NULL) - *status = i; - return 1; -} - -/* - * Check validity of thisUpdate and nextUpdate fields. It is possible that - * the request will take a few seconds to process and/or the time won't be - * totally accurate. Therefore to avoid rejecting otherwise valid time we - * allow the times to be within 'nsec' of the current time. Also to avoid - * accepting very old responses without a nextUpdate field an optional maxage - * parameter specifies the maximum age the thisUpdate field can be. - */ -int OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd, - ASN1_GENERALIZEDTIME *nextupd, long nsec, long maxsec) -{ - int ret = 1; - time_t t_now, t_tmp; - - time(&t_now); - /* Check thisUpdate is valid and not more than nsec in the future */ - if (!ASN1_GENERALIZEDTIME_check(thisupd)) { - ERR_raise(ERR_LIB_OCSP, OCSP_R_ERROR_IN_THISUPDATE_FIELD); - ret = 0; - } else { - t_tmp = t_now + nsec; - if (X509_cmp_time(thisupd, &t_tmp) > 0) { - ERR_raise(ERR_LIB_OCSP, OCSP_R_STATUS_NOT_YET_VALID); - ret = 0; - } - - /* - * If maxsec specified check thisUpdate is not more than maxsec in - * the past - */ - if (maxsec >= 0) { - t_tmp = t_now - maxsec; - if (X509_cmp_time(thisupd, &t_tmp) < 0) { - ERR_raise(ERR_LIB_OCSP, OCSP_R_STATUS_TOO_OLD); - ret = 0; - } - } - } - - if (nextupd == NULL) - return ret; - - /* Check nextUpdate is valid and not more than nsec in the past */ - if (!ASN1_GENERALIZEDTIME_check(nextupd)) { - ERR_raise(ERR_LIB_OCSP, OCSP_R_ERROR_IN_NEXTUPDATE_FIELD); - ret = 0; - } else { - t_tmp = t_now - nsec; - if (X509_cmp_time(nextupd, &t_tmp) < 0) { - ERR_raise(ERR_LIB_OCSP, OCSP_R_STATUS_EXPIRED); - ret = 0; - } - } - - /* Also don't allow nextUpdate to precede thisUpdate */ - if (ASN1_STRING_cmp(nextupd, thisupd) < 0) { - ERR_raise(ERR_LIB_OCSP, OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE); - ret = 0; - } - - return ret; -} - -const OCSP_CERTID *OCSP_SINGLERESP_get0_id(const OCSP_SINGLERESP *single) -{ - return single->certId; -} diff --git a/crypto/ocsp/ocsp_err.c b/crypto/ocsp/ocsp_err.c deleted file mode 100644 index c33a7d3e6b211d3ceccf8d383307ceace1ab347d..0000000000000000000000000000000000000000 --- a/crypto/ocsp/ocsp_err.c +++ /dev/null @@ -1,75 +0,0 @@ -/* - * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include "crypto/ocsperr.h" - -#ifndef OPENSSL_NO_OCSP - -# ifndef OPENSSL_NO_ERR - -static const ERR_STRING_DATA OCSP_str_reasons[] = { - {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_CERTIFICATE_VERIFY_ERROR), - "certificate verify error"}, - {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_DIGEST_ERR), "digest err"}, - {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_DIGEST_NAME_ERR), "digest name err"}, - {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_DIGEST_SIZE_ERR), "digest size err"}, - {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_ERROR_IN_NEXTUPDATE_FIELD), - "error in nextupdate field"}, - {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_ERROR_IN_THISUPDATE_FIELD), - "error in thisupdate field"}, - {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_MISSING_OCSPSIGNING_USAGE), - "missing ocspsigning usage"}, - {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE), - "nextupdate before thisupdate"}, - {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_NOT_BASIC_RESPONSE), - "not basic response"}, - {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_NO_CERTIFICATES_IN_CHAIN), - "no certificates in chain"}, - {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_NO_RESPONSE_DATA), "no response data"}, - {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_NO_REVOKED_TIME), "no revoked time"}, - {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_NO_SIGNER_KEY), "no signer key"}, - {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE), - "private key does not match certificate"}, - {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_REQUEST_NOT_SIGNED), - "request not signed"}, - {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA), - "response contains no revocation data"}, - {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_ROOT_CA_NOT_TRUSTED), - "root ca not trusted"}, - {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_SIGNATURE_FAILURE), "signature failure"}, - {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND), - "signer certificate not found"}, - {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_STATUS_EXPIRED), "status expired"}, - {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_STATUS_NOT_YET_VALID), - "status not yet valid"}, - {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_STATUS_TOO_OLD), "status too old"}, - {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_UNKNOWN_MESSAGE_DIGEST), - "unknown message digest"}, - {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_UNKNOWN_NID), "unknown nid"}, - {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE), - "unsupported requestorname type"}, - {0, NULL} -}; - -# endif - -int ossl_err_load_OCSP_strings(void) -{ -# ifndef OPENSSL_NO_ERR - if (ERR_reason_error_string(OCSP_str_reasons[0].error) == NULL) - ERR_load_strings_const(OCSP_str_reasons); -# endif - return 1; -} -#else -NON_EMPTY_TRANSLATION_UNIT -#endif diff --git a/crypto/ocsp/ocsp_ext.c b/crypto/ocsp/ocsp_ext.c deleted file mode 100644 index c2b61bd4f2c43a738541104667b221f395339cb6..0000000000000000000000000000000000000000 --- a/crypto/ocsp/ocsp_ext.c +++ /dev/null @@ -1,472 +0,0 @@ -/* - * Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/cryptlib.h" -#include -#include -#include -#include "ocsp_local.h" -#include -#include - -/* Standard wrapper functions for extensions */ - -/* OCSP request extensions */ - -int OCSP_REQUEST_get_ext_count(OCSP_REQUEST *x) -{ - return X509v3_get_ext_count(x->tbsRequest.requestExtensions); -} - -int OCSP_REQUEST_get_ext_by_NID(OCSP_REQUEST *x, int nid, int lastpos) -{ - return (X509v3_get_ext_by_NID - (x->tbsRequest.requestExtensions, nid, lastpos)); -} - -int OCSP_REQUEST_get_ext_by_OBJ(OCSP_REQUEST *x, const ASN1_OBJECT *obj, - int lastpos) -{ - return (X509v3_get_ext_by_OBJ - (x->tbsRequest.requestExtensions, obj, lastpos)); -} - -int OCSP_REQUEST_get_ext_by_critical(OCSP_REQUEST *x, int crit, int lastpos) -{ - return (X509v3_get_ext_by_critical - (x->tbsRequest.requestExtensions, crit, lastpos)); -} - -X509_EXTENSION *OCSP_REQUEST_get_ext(OCSP_REQUEST *x, int loc) -{ - return X509v3_get_ext(x->tbsRequest.requestExtensions, loc); -} - -X509_EXTENSION *OCSP_REQUEST_delete_ext(OCSP_REQUEST *x, int loc) -{ - return X509v3_delete_ext(x->tbsRequest.requestExtensions, loc); -} - -void *OCSP_REQUEST_get1_ext_d2i(OCSP_REQUEST *x, int nid, int *crit, int *idx) -{ - return X509V3_get_d2i(x->tbsRequest.requestExtensions, nid, crit, idx); -} - -int OCSP_REQUEST_add1_ext_i2d(OCSP_REQUEST *x, int nid, void *value, int crit, - unsigned long flags) -{ - return X509V3_add1_i2d(&x->tbsRequest.requestExtensions, nid, value, - crit, flags); -} - -int OCSP_REQUEST_add_ext(OCSP_REQUEST *x, X509_EXTENSION *ex, int loc) -{ - return (X509v3_add_ext(&(x->tbsRequest.requestExtensions), ex, loc) != - NULL); -} - -/* Single extensions */ - -int OCSP_ONEREQ_get_ext_count(OCSP_ONEREQ *x) -{ - return X509v3_get_ext_count(x->singleRequestExtensions); -} - -int OCSP_ONEREQ_get_ext_by_NID(OCSP_ONEREQ *x, int nid, int lastpos) -{ - return X509v3_get_ext_by_NID(x->singleRequestExtensions, nid, lastpos); -} - -int OCSP_ONEREQ_get_ext_by_OBJ(OCSP_ONEREQ *x, const ASN1_OBJECT *obj, - int lastpos) -{ - return X509v3_get_ext_by_OBJ(x->singleRequestExtensions, obj, lastpos); -} - -int OCSP_ONEREQ_get_ext_by_critical(OCSP_ONEREQ *x, int crit, int lastpos) -{ - return (X509v3_get_ext_by_critical - (x->singleRequestExtensions, crit, lastpos)); -} - -X509_EXTENSION *OCSP_ONEREQ_get_ext(OCSP_ONEREQ *x, int loc) -{ - return X509v3_get_ext(x->singleRequestExtensions, loc); -} - -X509_EXTENSION *OCSP_ONEREQ_delete_ext(OCSP_ONEREQ *x, int loc) -{ - return X509v3_delete_ext(x->singleRequestExtensions, loc); -} - -void *OCSP_ONEREQ_get1_ext_d2i(OCSP_ONEREQ *x, int nid, int *crit, int *idx) -{ - return X509V3_get_d2i(x->singleRequestExtensions, nid, crit, idx); -} - -int OCSP_ONEREQ_add1_ext_i2d(OCSP_ONEREQ *x, int nid, void *value, int crit, - unsigned long flags) -{ - return X509V3_add1_i2d(&x->singleRequestExtensions, nid, value, crit, - flags); -} - -int OCSP_ONEREQ_add_ext(OCSP_ONEREQ *x, X509_EXTENSION *ex, int loc) -{ - return (X509v3_add_ext(&(x->singleRequestExtensions), ex, loc) != NULL); -} - -/* OCSP Basic response */ - -int OCSP_BASICRESP_get_ext_count(OCSP_BASICRESP *x) -{ - return X509v3_get_ext_count(x->tbsResponseData.responseExtensions); -} - -int OCSP_BASICRESP_get_ext_by_NID(OCSP_BASICRESP *x, int nid, int lastpos) -{ - return (X509v3_get_ext_by_NID - (x->tbsResponseData.responseExtensions, nid, lastpos)); -} - -int OCSP_BASICRESP_get_ext_by_OBJ(OCSP_BASICRESP *x, const ASN1_OBJECT *obj, - int lastpos) -{ - return (X509v3_get_ext_by_OBJ - (x->tbsResponseData.responseExtensions, obj, lastpos)); -} - -int OCSP_BASICRESP_get_ext_by_critical(OCSP_BASICRESP *x, int crit, - int lastpos) -{ - return (X509v3_get_ext_by_critical - (x->tbsResponseData.responseExtensions, crit, lastpos)); -} - -X509_EXTENSION *OCSP_BASICRESP_get_ext(OCSP_BASICRESP *x, int loc) -{ - return X509v3_get_ext(x->tbsResponseData.responseExtensions, loc); -} - -X509_EXTENSION *OCSP_BASICRESP_delete_ext(OCSP_BASICRESP *x, int loc) -{ - return X509v3_delete_ext(x->tbsResponseData.responseExtensions, loc); -} - -void *OCSP_BASICRESP_get1_ext_d2i(OCSP_BASICRESP *x, int nid, int *crit, - int *idx) -{ - return X509V3_get_d2i(x->tbsResponseData.responseExtensions, nid, crit, - idx); -} - -int OCSP_BASICRESP_add1_ext_i2d(OCSP_BASICRESP *x, int nid, void *value, - int crit, unsigned long flags) -{ - return X509V3_add1_i2d(&x->tbsResponseData.responseExtensions, nid, - value, crit, flags); -} - -int OCSP_BASICRESP_add_ext(OCSP_BASICRESP *x, X509_EXTENSION *ex, int loc) -{ - return (X509v3_add_ext(&(x->tbsResponseData.responseExtensions), ex, loc) - != NULL); -} - -/* OCSP single response extensions */ - -int OCSP_SINGLERESP_get_ext_count(OCSP_SINGLERESP *x) -{ - return X509v3_get_ext_count(x->singleExtensions); -} - -int OCSP_SINGLERESP_get_ext_by_NID(OCSP_SINGLERESP *x, int nid, int lastpos) -{ - return X509v3_get_ext_by_NID(x->singleExtensions, nid, lastpos); -} - -int OCSP_SINGLERESP_get_ext_by_OBJ(OCSP_SINGLERESP *x, const ASN1_OBJECT *obj, - int lastpos) -{ - return X509v3_get_ext_by_OBJ(x->singleExtensions, obj, lastpos); -} - -int OCSP_SINGLERESP_get_ext_by_critical(OCSP_SINGLERESP *x, int crit, - int lastpos) -{ - return X509v3_get_ext_by_critical(x->singleExtensions, crit, lastpos); -} - -X509_EXTENSION *OCSP_SINGLERESP_get_ext(OCSP_SINGLERESP *x, int loc) -{ - return X509v3_get_ext(x->singleExtensions, loc); -} - -X509_EXTENSION *OCSP_SINGLERESP_delete_ext(OCSP_SINGLERESP *x, int loc) -{ - return X509v3_delete_ext(x->singleExtensions, loc); -} - -void *OCSP_SINGLERESP_get1_ext_d2i(OCSP_SINGLERESP *x, int nid, int *crit, - int *idx) -{ - return X509V3_get_d2i(x->singleExtensions, nid, crit, idx); -} - -int OCSP_SINGLERESP_add1_ext_i2d(OCSP_SINGLERESP *x, int nid, void *value, - int crit, unsigned long flags) -{ - return X509V3_add1_i2d(&x->singleExtensions, nid, value, crit, flags); -} - -int OCSP_SINGLERESP_add_ext(OCSP_SINGLERESP *x, X509_EXTENSION *ex, int loc) -{ - return (X509v3_add_ext(&(x->singleExtensions), ex, loc) != NULL); -} - -/* also CRL Entry Extensions */ - -/* Nonce handling functions */ - -/* - * Add a nonce to an extension stack. A nonce can be specified or if NULL a - * random nonce will be generated. Note: OpenSSL 0.9.7d and later create an - * OCTET STRING containing the nonce, previous versions used the raw nonce. - */ - -static int ocsp_add1_nonce(STACK_OF(X509_EXTENSION) **exts, - unsigned char *val, int len) -{ - unsigned char *tmpval; - ASN1_OCTET_STRING os; - int ret = 0; - if (len <= 0) - len = OCSP_DEFAULT_NONCE_LENGTH; - /* - * Create the OCTET STRING manually by writing out the header and - * appending the content octets. This avoids an extra memory allocation - * operation in some cases. Applications should *NOT* do this because it - * relies on library internals. - */ - os.length = ASN1_object_size(0, len, V_ASN1_OCTET_STRING); - if (os.length < 0) - return 0; - - os.data = OPENSSL_malloc(os.length); - if (os.data == NULL) - goto err; - tmpval = os.data; - ASN1_put_object(&tmpval, 0, len, V_ASN1_OCTET_STRING, V_ASN1_UNIVERSAL); - if (val) - memcpy(tmpval, val, len); - else if (RAND_bytes(tmpval, len) <= 0) - goto err; - if (!X509V3_add1_i2d(exts, NID_id_pkix_OCSP_Nonce, - &os, 0, X509V3_ADD_REPLACE)) - goto err; - ret = 1; - err: - OPENSSL_free(os.data); - return ret; -} - -/* Add nonce to an OCSP request */ - -int OCSP_request_add1_nonce(OCSP_REQUEST *req, unsigned char *val, int len) -{ - return ocsp_add1_nonce(&req->tbsRequest.requestExtensions, val, len); -} - -/* Same as above but for a response */ - -int OCSP_basic_add1_nonce(OCSP_BASICRESP *resp, unsigned char *val, int len) -{ - return ocsp_add1_nonce(&resp->tbsResponseData.responseExtensions, val, - len); -} - -/*- - * Check nonce validity in a request and response. - * Return value reflects result: - * 1: nonces present and equal. - * 2: nonces both absent. - * 3: nonce present in response only. - * 0: nonces both present and not equal. - * -1: nonce in request only. - * - * For most responders clients can check return > 0. - * If responder doesn't handle nonces return != 0 may be - * necessary. return == 0 is always an error. - */ - -int OCSP_check_nonce(OCSP_REQUEST *req, OCSP_BASICRESP *bs) -{ - /* - * Since we are only interested in the presence or absence of - * the nonce and comparing its value there is no need to use - * the X509V3 routines: this way we can avoid them allocating an - * ASN1_OCTET_STRING structure for the value which would be - * freed immediately anyway. - */ - - int req_idx, resp_idx; - X509_EXTENSION *req_ext, *resp_ext; - req_idx = OCSP_REQUEST_get_ext_by_NID(req, NID_id_pkix_OCSP_Nonce, -1); - resp_idx = OCSP_BASICRESP_get_ext_by_NID(bs, NID_id_pkix_OCSP_Nonce, -1); - /* Check both absent */ - if ((req_idx < 0) && (resp_idx < 0)) - return 2; - /* Check in request only */ - if ((req_idx >= 0) && (resp_idx < 0)) - return -1; - /* Check in response but not request */ - if ((req_idx < 0) && (resp_idx >= 0)) - return 3; - /* - * Otherwise nonce in request and response so retrieve the extensions - */ - req_ext = OCSP_REQUEST_get_ext(req, req_idx); - resp_ext = OCSP_BASICRESP_get_ext(bs, resp_idx); - if (ASN1_OCTET_STRING_cmp(X509_EXTENSION_get_data(req_ext), - X509_EXTENSION_get_data(resp_ext))) - return 0; - return 1; -} - -/* - * Copy the nonce value (if any) from an OCSP request to a response. - */ - -int OCSP_copy_nonce(OCSP_BASICRESP *resp, OCSP_REQUEST *req) -{ - X509_EXTENSION *req_ext; - int req_idx; - /* Check for nonce in request */ - req_idx = OCSP_REQUEST_get_ext_by_NID(req, NID_id_pkix_OCSP_Nonce, -1); - /* If no nonce that's OK */ - if (req_idx < 0) - return 2; - req_ext = OCSP_REQUEST_get_ext(req, req_idx); - return OCSP_BASICRESP_add_ext(resp, req_ext, -1); -} - -X509_EXTENSION *OCSP_crlID_new(const char *url, long *n, char *tim) -{ - X509_EXTENSION *x = NULL; - OCSP_CRLID *cid = NULL; - - if ((cid = OCSP_CRLID_new()) == NULL) - goto err; - if (url) { - if ((cid->crlUrl = ASN1_IA5STRING_new()) == NULL) - goto err; - if (!(ASN1_STRING_set(cid->crlUrl, url, -1))) - goto err; - } - if (n) { - if ((cid->crlNum = ASN1_INTEGER_new()) == NULL) - goto err; - if (!(ASN1_INTEGER_set(cid->crlNum, *n))) - goto err; - } - if (tim) { - if ((cid->crlTime = ASN1_GENERALIZEDTIME_new()) == NULL) - goto err; - if (!(ASN1_GENERALIZEDTIME_set_string(cid->crlTime, tim))) - goto err; - } - x = X509V3_EXT_i2d(NID_id_pkix_OCSP_CrlID, 0, cid); - err: - OCSP_CRLID_free(cid); - return x; -} - -/* AcceptableResponses ::= SEQUENCE OF OBJECT IDENTIFIER */ -X509_EXTENSION *OCSP_accept_responses_new(char **oids) -{ - int nid; - STACK_OF(ASN1_OBJECT) *sk = NULL; - ASN1_OBJECT *o = NULL; - X509_EXTENSION *x = NULL; - - if ((sk = sk_ASN1_OBJECT_new_null()) == NULL) - goto err; - while (oids && *oids) { - if ((nid = OBJ_txt2nid(*oids)) != NID_undef && (o = OBJ_nid2obj(nid))) - sk_ASN1_OBJECT_push(sk, o); - oids++; - } - x = X509V3_EXT_i2d(NID_id_pkix_OCSP_acceptableResponses, 0, sk); - err: - sk_ASN1_OBJECT_pop_free(sk, ASN1_OBJECT_free); - return x; -} - -/* ArchiveCutoff ::= GeneralizedTime */ -X509_EXTENSION *OCSP_archive_cutoff_new(char *tim) -{ - X509_EXTENSION *x = NULL; - ASN1_GENERALIZEDTIME *gt = NULL; - - if ((gt = ASN1_GENERALIZEDTIME_new()) == NULL) - goto err; - if (!(ASN1_GENERALIZEDTIME_set_string(gt, tim))) - goto err; - x = X509V3_EXT_i2d(NID_id_pkix_OCSP_archiveCutoff, 0, gt); - err: - ASN1_GENERALIZEDTIME_free(gt); - return x; -} - -/* - * per ACCESS_DESCRIPTION parameter are oids, of which there are currently - * two--NID_ad_ocsp, NID_id_ad_caIssuers--and GeneralName value. This method - * forces NID_ad_ocsp and uniformResourceLocator [6] IA5String. - */ -X509_EXTENSION *OCSP_url_svcloc_new(const X509_NAME *issuer, const char **urls) -{ - X509_EXTENSION *x = NULL; - ASN1_IA5STRING *ia5 = NULL; - OCSP_SERVICELOC *sloc = NULL; - ACCESS_DESCRIPTION *ad = NULL; - - if ((sloc = OCSP_SERVICELOC_new()) == NULL) - goto err; - X509_NAME_free(sloc->issuer); - if ((sloc->issuer = X509_NAME_dup(issuer)) == NULL) - goto err; - if (urls && *urls - && (sloc->locator = sk_ACCESS_DESCRIPTION_new_null()) == NULL) - goto err; - while (urls && *urls) { - if ((ad = ACCESS_DESCRIPTION_new()) == NULL) - goto err; - if ((ad->method = OBJ_nid2obj(NID_ad_OCSP)) == NULL) - goto err; - if ((ia5 = ASN1_IA5STRING_new()) == NULL) - goto err; - if (!ASN1_STRING_set((ASN1_STRING *)ia5, *urls, -1)) - goto err; - /* ad->location is allocated inside ACCESS_DESCRIPTION_new */ - ad->location->type = GEN_URI; - ad->location->d.ia5 = ia5; - ia5 = NULL; - if (!sk_ACCESS_DESCRIPTION_push(sloc->locator, ad)) - goto err; - ad = NULL; - urls++; - } - x = X509V3_EXT_i2d(NID_id_pkix_OCSP_serviceLocator, 0, sloc); - err: - ASN1_IA5STRING_free(ia5); - ACCESS_DESCRIPTION_free(ad); - OCSP_SERVICELOC_free(sloc); - return x; -} diff --git a/crypto/ocsp/ocsp_http.c b/crypto/ocsp/ocsp_http.c deleted file mode 100644 index e8b6406d3c384c4604cbf6a81b4e05a23d524315..0000000000000000000000000000000000000000 --- a/crypto/ocsp/ocsp_http.c +++ /dev/null @@ -1,68 +0,0 @@ -/* - * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include - -#ifndef OPENSSL_NO_OCSP - -OSSL_HTTP_REQ_CTX *OCSP_sendreq_new(BIO *io, const char *path, - const OCSP_REQUEST *req, int buf_size) -{ - OSSL_HTTP_REQ_CTX *rctx = OSSL_HTTP_REQ_CTX_new(io, io, buf_size); - - if (rctx == NULL) - return NULL; - /*- - * by default: - * no bio_update_fn (and consequently no arg) - * no ssl - * no proxy - * no timeout (blocking indefinitely) - * no expected content type - * max_resp_len = 100 KiB - */ - if (!OSSL_HTTP_REQ_CTX_set_request_line(rctx, 1 /* POST */, - NULL, NULL, path)) - goto err; - /* by default, no extra headers */ - if (!OSSL_HTTP_REQ_CTX_set_expected(rctx, - NULL /* content_type */, 1 /* asn1 */, - 0 /* timeout */, 0 /* keep_alive */)) - goto err; - if (req != NULL - && !OSSL_HTTP_REQ_CTX_set1_req(rctx, "application/ocsp-request", - ASN1_ITEM_rptr(OCSP_REQUEST), - (const ASN1_VALUE *)req)) - goto err; - return rctx; - - err: - OSSL_HTTP_REQ_CTX_free(rctx); - return NULL; -} - -OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, const char *path, OCSP_REQUEST *req) -{ - OCSP_RESPONSE *resp = NULL; - OSSL_HTTP_REQ_CTX *ctx; - BIO *mem; - - ctx = OCSP_sendreq_new(b, path, req, 0 /* default buf_size */); - if (ctx == NULL) - return NULL; - mem = OSSL_HTTP_REQ_CTX_exchange(ctx); - /* ASN1_item_d2i_bio handles NULL bio gracefully */ - resp = (OCSP_RESPONSE *)ASN1_item_d2i_bio(ASN1_ITEM_rptr(OCSP_RESPONSE), - mem, NULL); - - OSSL_HTTP_REQ_CTX_free(ctx); - return resp; -} -#endif /* !defined(OPENSSL_NO_OCSP) */ diff --git a/crypto/ocsp/ocsp_lib.c b/crypto/ocsp/ocsp_lib.c deleted file mode 100644 index 285634dec37b505f05f5577c732f0396e7040c6b..0000000000000000000000000000000000000000 --- a/crypto/ocsp/ocsp_lib.c +++ /dev/null @@ -1,113 +0,0 @@ -/* - * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/cryptlib.h" -#include -#include -#include -#include -#include -#include "ocsp_local.h" -#include - -/* Convert a certificate and its issuer to an OCSP_CERTID */ - -OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, const X509 *subject, - const X509 *issuer) -{ - const X509_NAME *iname; - const ASN1_INTEGER *serial; - ASN1_BIT_STRING *ikey; - - if (!dgst) - dgst = EVP_sha1(); - if (subject) { - iname = X509_get_issuer_name(subject); - serial = X509_get0_serialNumber(subject); - } else { - iname = X509_get_subject_name(issuer); - serial = NULL; - } - ikey = X509_get0_pubkey_bitstr(issuer); - return OCSP_cert_id_new(dgst, iname, ikey, serial); -} - -OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst, - const X509_NAME *issuerName, - const ASN1_BIT_STRING *issuerKey, - const ASN1_INTEGER *serialNumber) -{ - int nid; - unsigned int i; - X509_ALGOR *alg; - OCSP_CERTID *cid = NULL; - unsigned char md[EVP_MAX_MD_SIZE]; - - if ((cid = OCSP_CERTID_new()) == NULL) - goto err; - - alg = &cid->hashAlgorithm; - ASN1_OBJECT_free(alg->algorithm); - if ((nid = EVP_MD_get_type(dgst)) == NID_undef) { - ERR_raise(ERR_LIB_OCSP, OCSP_R_UNKNOWN_NID); - goto err; - } - if ((alg->algorithm = OBJ_nid2obj(nid)) == NULL) - goto err; - if ((alg->parameter = ASN1_TYPE_new()) == NULL) - goto err; - alg->parameter->type = V_ASN1_NULL; - - if (!X509_NAME_digest(issuerName, dgst, md, &i)) - goto digerr; - if (!(ASN1_OCTET_STRING_set(&cid->issuerNameHash, md, i))) - goto err; - - /* Calculate the issuerKey hash, excluding tag and length */ - if (!EVP_Digest(issuerKey->data, issuerKey->length, md, &i, dgst, NULL)) - goto err; - - if (!(ASN1_OCTET_STRING_set(&cid->issuerKeyHash, md, i))) - goto err; - - if (serialNumber) { - if (ASN1_STRING_copy(&cid->serialNumber, serialNumber) == 0) - goto err; - } - return cid; - digerr: - ERR_raise(ERR_LIB_OCSP, OCSP_R_DIGEST_ERR); - err: - OCSP_CERTID_free(cid); - return NULL; -} - -int OCSP_id_issuer_cmp(const OCSP_CERTID *a, const OCSP_CERTID *b) -{ - int ret; - ret = OBJ_cmp(a->hashAlgorithm.algorithm, b->hashAlgorithm.algorithm); - if (ret) - return ret; - ret = ASN1_OCTET_STRING_cmp(&a->issuerNameHash, &b->issuerNameHash); - if (ret) - return ret; - return ASN1_OCTET_STRING_cmp(&a->issuerKeyHash, &b->issuerKeyHash); -} - -int OCSP_id_cmp(const OCSP_CERTID *a, const OCSP_CERTID *b) -{ - int ret; - ret = OCSP_id_issuer_cmp(a, b); - if (ret) - return ret; - return ASN1_INTEGER_cmp(&a->serialNumber, &b->serialNumber); -} - -IMPLEMENT_ASN1_DUP_FUNCTION(OCSP_CERTID) diff --git a/crypto/ocsp/ocsp_local.h b/crypto/ocsp/ocsp_local.h deleted file mode 100644 index e1633403c68546ba54bcfb5f2bb45d0d21497bc1..0000000000000000000000000000000000000000 --- a/crypto/ocsp/ocsp_local.h +++ /dev/null @@ -1,246 +0,0 @@ -/* - * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include "crypto/x509.h" /* for ossl_x509_add_cert_new() */ - -/*- CertID ::= SEQUENCE { - * hashAlgorithm AlgorithmIdentifier, - * issuerNameHash OCTET STRING, -- Hash of Issuer's DN - * issuerKeyHash OCTET STRING, -- Hash of Issuers public key (excluding the tag & length fields) - * serialNumber CertificateSerialNumber } - */ -struct ocsp_cert_id_st { - X509_ALGOR hashAlgorithm; - ASN1_OCTET_STRING issuerNameHash; - ASN1_OCTET_STRING issuerKeyHash; - ASN1_INTEGER serialNumber; -}; - -/*- Request ::= SEQUENCE { - * reqCert CertID, - * singleRequestExtensions [0] EXPLICIT Extensions OPTIONAL } - */ -struct ocsp_one_request_st { - OCSP_CERTID *reqCert; - STACK_OF(X509_EXTENSION) *singleRequestExtensions; -}; - -/*- TBSRequest ::= SEQUENCE { - * version [0] EXPLICIT Version DEFAULT v1, - * requestorName [1] EXPLICIT GeneralName OPTIONAL, - * requestList SEQUENCE OF Request, - * requestExtensions [2] EXPLICIT Extensions OPTIONAL } - */ -struct ocsp_req_info_st { - ASN1_INTEGER *version; - GENERAL_NAME *requestorName; - STACK_OF(OCSP_ONEREQ) *requestList; - STACK_OF(X509_EXTENSION) *requestExtensions; -}; - -/*- Signature ::= SEQUENCE { - * signatureAlgorithm AlgorithmIdentifier, - * signature BIT STRING, - * certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL } - */ -struct ocsp_signature_st { - X509_ALGOR signatureAlgorithm; - ASN1_BIT_STRING *signature; - STACK_OF(X509) *certs; -}; - -/*- OCSPRequest ::= SEQUENCE { - * tbsRequest TBSRequest, - * optionalSignature [0] EXPLICIT Signature OPTIONAL } - */ -struct ocsp_request_st { - OCSP_REQINFO tbsRequest; - OCSP_SIGNATURE *optionalSignature; /* OPTIONAL */ -}; - -/*- OCSPResponseStatus ::= ENUMERATED { - * successful (0), --Response has valid confirmations - * malformedRequest (1), --Illegal confirmation request - * internalError (2), --Internal error in issuer - * tryLater (3), --Try again later - * --(4) is not used - * sigRequired (5), --Must sign the request - * unauthorized (6) --Request unauthorized - * } - */ - -/*- ResponseBytes ::= SEQUENCE { - * responseType OBJECT IDENTIFIER, - * response OCTET STRING } - */ -struct ocsp_resp_bytes_st { - ASN1_OBJECT *responseType; - ASN1_OCTET_STRING *response; -}; - -/*- OCSPResponse ::= SEQUENCE { - * responseStatus OCSPResponseStatus, - * responseBytes [0] EXPLICIT ResponseBytes OPTIONAL } - */ -struct ocsp_response_st { - ASN1_ENUMERATED *responseStatus; - OCSP_RESPBYTES *responseBytes; -}; - -/*- ResponderID ::= CHOICE { - * byName [1] Name, - * byKey [2] KeyHash } - */ -struct ocsp_responder_id_st { - int type; - union { - X509_NAME *byName; - ASN1_OCTET_STRING *byKey; - } value; -}; - -/*- KeyHash ::= OCTET STRING --SHA-1 hash of responder's public key - * --(excluding the tag and length fields) - */ - -/*- RevokedInfo ::= SEQUENCE { - * revocationTime GeneralizedTime, - * revocationReason [0] EXPLICIT CRLReason OPTIONAL } - */ -struct ocsp_revoked_info_st { - ASN1_GENERALIZEDTIME *revocationTime; - ASN1_ENUMERATED *revocationReason; -}; - -/*- CertStatus ::= CHOICE { - * good [0] IMPLICIT NULL, - * revoked [1] IMPLICIT RevokedInfo, - * unknown [2] IMPLICIT UnknownInfo } - */ -struct ocsp_cert_status_st { - int type; - union { - ASN1_NULL *good; - OCSP_REVOKEDINFO *revoked; - ASN1_NULL *unknown; - } value; -}; - -/*- SingleResponse ::= SEQUENCE { - * certID CertID, - * certStatus CertStatus, - * thisUpdate GeneralizedTime, - * nextUpdate [0] EXPLICIT GeneralizedTime OPTIONAL, - * singleExtensions [1] EXPLICIT Extensions OPTIONAL } - */ -struct ocsp_single_response_st { - OCSP_CERTID *certId; - OCSP_CERTSTATUS *certStatus; - ASN1_GENERALIZEDTIME *thisUpdate; - ASN1_GENERALIZEDTIME *nextUpdate; - STACK_OF(X509_EXTENSION) *singleExtensions; -}; - -/*- ResponseData ::= SEQUENCE { - * version [0] EXPLICIT Version DEFAULT v1, - * responderID ResponderID, - * producedAt GeneralizedTime, - * responses SEQUENCE OF SingleResponse, - * responseExtensions [1] EXPLICIT Extensions OPTIONAL } - */ -struct ocsp_response_data_st { - ASN1_INTEGER *version; - OCSP_RESPID responderId; - ASN1_GENERALIZEDTIME *producedAt; - STACK_OF(OCSP_SINGLERESP) *responses; - STACK_OF(X509_EXTENSION) *responseExtensions; -}; - -/*- BasicOCSPResponse ::= SEQUENCE { - * tbsResponseData ResponseData, - * signatureAlgorithm AlgorithmIdentifier, - * signature BIT STRING, - * certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL } - */ - /* - * Note 1: The value for "signature" is specified in the OCSP rfc2560 as - * follows: "The value for the signature SHALL be computed on the hash of - * the DER encoding ResponseData." This means that you must hash the - * DER-encoded tbsResponseData, and then run it through a crypto-signing - * function, which will (at least w/RSA) do a hash-'n'-private-encrypt - * operation. This seems a bit odd, but that's the spec. Also note that - * the data structures do not leave anywhere to independently specify the - * algorithm used for the initial hash. So, we look at the - * signature-specification algorithm, and try to do something intelligent. - * -- Kathy Weinhold, CertCo - */ - /* - * Note 2: It seems that the mentioned passage from RFC 2560 (section - * 4.2.1) is open for interpretation. I've done tests against another - * responder, and found that it doesn't do the double hashing that the RFC - * seems to say one should. Therefore, all relevant functions take a flag - * saying which variant should be used. -- Richard Levitte, OpenSSL team - * and CeloCom - */ -struct ocsp_basic_response_st { - OCSP_RESPDATA tbsResponseData; - X509_ALGOR signatureAlgorithm; - ASN1_BIT_STRING *signature; - STACK_OF(X509) *certs; -}; - -/*- - * CrlID ::= SEQUENCE { - * crlUrl [0] EXPLICIT IA5String OPTIONAL, - * crlNum [1] EXPLICIT INTEGER OPTIONAL, - * crlTime [2] EXPLICIT GeneralizedTime OPTIONAL } - */ -struct ocsp_crl_id_st { - ASN1_IA5STRING *crlUrl; - ASN1_INTEGER *crlNum; - ASN1_GENERALIZEDTIME *crlTime; -}; - -/*- - * ServiceLocator ::= SEQUENCE { - * issuer Name, - * locator AuthorityInfoAccessSyntax OPTIONAL } - */ -struct ocsp_service_locator_st { - X509_NAME *issuer; - STACK_OF(ACCESS_DESCRIPTION) *locator; -}; - -# define OCSP_REQUEST_sign(o, pkey, md, libctx, propq)\ - ASN1_item_sign_ex(ASN1_ITEM_rptr(OCSP_REQINFO),\ - &(o)->optionalSignature->signatureAlgorithm, NULL,\ - (o)->optionalSignature->signature, &(o)->tbsRequest,\ - NULL, pkey, md, libctx, propq) - -# define OCSP_BASICRESP_sign(o, pkey, md, d, libctx, propq)\ - ASN1_item_sign_ex(ASN1_ITEM_rptr(OCSP_RESPDATA),\ - &(o)->signatureAlgorithm, NULL,\ - (o)->signature, &(o)->tbsResponseData,\ - NULL, pkey, md, libctx, propq) - -# define OCSP_BASICRESP_sign_ctx(o, ctx, d)\ - ASN1_item_sign_ctx(ASN1_ITEM_rptr(OCSP_RESPDATA),\ - &(o)->signatureAlgorithm, NULL,\ - (o)->signature, &(o)->tbsResponseData, ctx) - -# define OCSP_REQUEST_verify(a, r, libctx, propq)\ - ASN1_item_verify_ex(ASN1_ITEM_rptr(OCSP_REQINFO),\ - &(a)->optionalSignature->signatureAlgorithm,\ - (a)->optionalSignature->signature, &(a)->tbsRequest,\ - NULL, r, libctx, propq) - -# define OCSP_BASICRESP_verify(a, r, libctx, propq)\ - ASN1_item_verify_ex(ASN1_ITEM_rptr(OCSP_RESPDATA),\ - &(a)->signatureAlgorithm, (a)->signature,\ - &(a)->tbsResponseData, NULL, r, libctx, propq) diff --git a/crypto/ocsp/ocsp_prn.c b/crypto/ocsp/ocsp_prn.c deleted file mode 100644 index 654ddbc7fff3d9e4fba25bb863bf6cf8d55fb0ce..0000000000000000000000000000000000000000 --- a/crypto/ocsp/ocsp_prn.c +++ /dev/null @@ -1,246 +0,0 @@ -/* - * Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include "ocsp_local.h" -#include "internal/cryptlib.h" -#include - -static int ocsp_certid_print(BIO *bp, OCSP_CERTID *a, int indent) -{ - BIO_printf(bp, "%*sCertificate ID:\n", indent, ""); - indent += 2; - BIO_printf(bp, "%*sHash Algorithm: ", indent, ""); - i2a_ASN1_OBJECT(bp, a->hashAlgorithm.algorithm); - BIO_printf(bp, "\n%*sIssuer Name Hash: ", indent, ""); - i2a_ASN1_STRING(bp, &a->issuerNameHash, 0); - BIO_printf(bp, "\n%*sIssuer Key Hash: ", indent, ""); - i2a_ASN1_STRING(bp, &a->issuerKeyHash, 0); - BIO_printf(bp, "\n%*sSerial Number: ", indent, ""); - i2a_ASN1_INTEGER(bp, &a->serialNumber); - BIO_printf(bp, "\n"); - return 1; -} - -typedef struct { - long t; - const char *m; -} OCSP_TBLSTR; - -static const char *do_table2string(long s, const OCSP_TBLSTR *ts, size_t len) -{ - size_t i; - for (i = 0; i < len; i++, ts++) - if (ts->t == s) - return ts->m; - return "(UNKNOWN)"; -} - -#define table2string(s, tbl) do_table2string(s, tbl, OSSL_NELEM(tbl)) - -const char *OCSP_response_status_str(long s) -{ - static const OCSP_TBLSTR rstat_tbl[] = { - {OCSP_RESPONSE_STATUS_SUCCESSFUL, "successful"}, - {OCSP_RESPONSE_STATUS_MALFORMEDREQUEST, "malformedrequest"}, - {OCSP_RESPONSE_STATUS_INTERNALERROR, "internalerror"}, - {OCSP_RESPONSE_STATUS_TRYLATER, "trylater"}, - {OCSP_RESPONSE_STATUS_SIGREQUIRED, "sigrequired"}, - {OCSP_RESPONSE_STATUS_UNAUTHORIZED, "unauthorized"} - }; - return table2string(s, rstat_tbl); -} - -const char *OCSP_cert_status_str(long s) -{ - static const OCSP_TBLSTR cstat_tbl[] = { - {V_OCSP_CERTSTATUS_GOOD, "good"}, - {V_OCSP_CERTSTATUS_REVOKED, "revoked"}, - {V_OCSP_CERTSTATUS_UNKNOWN, "unknown"} - }; - return table2string(s, cstat_tbl); -} - -const char *OCSP_crl_reason_str(long s) -{ - static const OCSP_TBLSTR reason_tbl[] = { - {OCSP_REVOKED_STATUS_UNSPECIFIED, "unspecified"}, - {OCSP_REVOKED_STATUS_KEYCOMPROMISE, "keyCompromise"}, - {OCSP_REVOKED_STATUS_CACOMPROMISE, "cACompromise"}, - {OCSP_REVOKED_STATUS_AFFILIATIONCHANGED, "affiliationChanged"}, - {OCSP_REVOKED_STATUS_SUPERSEDED, "superseded"}, - {OCSP_REVOKED_STATUS_CESSATIONOFOPERATION, "cessationOfOperation"}, - {OCSP_REVOKED_STATUS_CERTIFICATEHOLD, "certificateHold"}, - {OCSP_REVOKED_STATUS_REMOVEFROMCRL, "removeFromCRL"} - }; - return table2string(s, reason_tbl); -} - -int OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST *o, unsigned long flags) -{ - int i; - long l; - OCSP_CERTID *cid = NULL; - OCSP_ONEREQ *one = NULL; - OCSP_REQINFO *inf = &o->tbsRequest; - OCSP_SIGNATURE *sig = o->optionalSignature; - - if (BIO_write(bp, "OCSP Request Data:\n", 19) <= 0) - goto err; - l = ASN1_INTEGER_get(inf->version); - if (BIO_printf(bp, " Version: %lu (0x%lx)", l + 1, l) <= 0) - goto err; - if (inf->requestorName != NULL) { - if (BIO_write(bp, "\n Requestor Name: ", 21) <= 0) - goto err; - GENERAL_NAME_print(bp, inf->requestorName); - } - if (BIO_write(bp, "\n Requestor List:\n", 21) <= 0) - goto err; - for (i = 0; i < sk_OCSP_ONEREQ_num(inf->requestList); i++) { - one = sk_OCSP_ONEREQ_value(inf->requestList, i); - cid = one->reqCert; - ocsp_certid_print(bp, cid, 8); - if (!X509V3_extensions_print(bp, - "Request Single Extensions", - one->singleRequestExtensions, flags, 8)) - goto err; - } - if (!X509V3_extensions_print(bp, "Request Extensions", - inf->requestExtensions, flags, 4)) - goto err; - if (sig) { - X509_signature_print(bp, &sig->signatureAlgorithm, sig->signature); - for (i = 0; i < sk_X509_num(sig->certs); i++) { - X509_print(bp, sk_X509_value(sig->certs, i)); - PEM_write_bio_X509(bp, sk_X509_value(sig->certs, i)); - } - } - return 1; - err: - return 0; -} - -int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE *o, unsigned long flags) -{ - int i, ret = 0; - long l; - OCSP_CERTID *cid = NULL; - OCSP_BASICRESP *br = NULL; - OCSP_RESPID *rid = NULL; - OCSP_RESPDATA *rd = NULL; - OCSP_CERTSTATUS *cst = NULL; - OCSP_REVOKEDINFO *rev = NULL; - OCSP_SINGLERESP *single = NULL; - OCSP_RESPBYTES *rb = o->responseBytes; - - if (BIO_puts(bp, "OCSP Response Data:\n") <= 0) - goto err; - l = ASN1_ENUMERATED_get(o->responseStatus); - if (BIO_printf(bp, " OCSP Response Status: %s (0x%lx)\n", - OCSP_response_status_str(l), l) <= 0) - goto err; - if (rb == NULL) - return 1; - if (BIO_puts(bp, " Response Type: ") <= 0) - goto err; - if (i2a_ASN1_OBJECT(bp, rb->responseType) <= 0) - goto err; - if (OBJ_obj2nid(rb->responseType) != NID_id_pkix_OCSP_basic) { - BIO_puts(bp, " (unknown response type)\n"); - return 1; - } - - if ((br = OCSP_response_get1_basic(o)) == NULL) - goto err; - rd = &br->tbsResponseData; - l = ASN1_INTEGER_get(rd->version); - if (BIO_printf(bp, "\n Version: %lu (0x%lx)\n", l + 1, l) <= 0) - goto err; - if (BIO_puts(bp, " Responder Id: ") <= 0) - goto err; - - rid = &rd->responderId; - switch (rid->type) { - case V_OCSP_RESPID_NAME: - X509_NAME_print_ex(bp, rid->value.byName, 0, XN_FLAG_ONELINE); - break; - case V_OCSP_RESPID_KEY: - i2a_ASN1_STRING(bp, rid->value.byKey, 0); - break; - } - - if (BIO_printf(bp, "\n Produced At: ") <= 0) - goto err; - if (!ASN1_GENERALIZEDTIME_print(bp, rd->producedAt)) - goto err; - if (BIO_printf(bp, "\n Responses:\n") <= 0) - goto err; - for (i = 0; i < sk_OCSP_SINGLERESP_num(rd->responses); i++) { - if (!sk_OCSP_SINGLERESP_value(rd->responses, i)) - continue; - single = sk_OCSP_SINGLERESP_value(rd->responses, i); - cid = single->certId; - if (ocsp_certid_print(bp, cid, 4) <= 0) - goto err; - cst = single->certStatus; - if (BIO_printf(bp, " Cert Status: %s", - OCSP_cert_status_str(cst->type)) <= 0) - goto err; - if (cst->type == V_OCSP_CERTSTATUS_REVOKED) { - rev = cst->value.revoked; - if (BIO_printf(bp, "\n Revocation Time: ") <= 0) - goto err; - if (!ASN1_GENERALIZEDTIME_print(bp, rev->revocationTime)) - goto err; - if (rev->revocationReason) { - l = ASN1_ENUMERATED_get(rev->revocationReason); - if (BIO_printf(bp, - "\n Revocation Reason: %s (0x%lx)", - OCSP_crl_reason_str(l), l) <= 0) - goto err; - } - } - if (BIO_printf(bp, "\n This Update: ") <= 0) - goto err; - if (!ASN1_GENERALIZEDTIME_print(bp, single->thisUpdate)) - goto err; - if (single->nextUpdate) { - if (BIO_printf(bp, "\n Next Update: ") <= 0) - goto err; - if (!ASN1_GENERALIZEDTIME_print(bp, single->nextUpdate)) - goto err; - } - if (BIO_write(bp, "\n", 1) <= 0) - goto err; - if (!X509V3_extensions_print(bp, - "Response Single Extensions", - single->singleExtensions, flags, 8)) - goto err; - if (BIO_write(bp, "\n", 1) <= 0) - goto err; - } - if (!X509V3_extensions_print(bp, "Response Extensions", - rd->responseExtensions, flags, 4)) - goto err; - if (X509_signature_print(bp, &br->signatureAlgorithm, br->signature) <= 0) - goto err; - - for (i = 0; i < sk_X509_num(br->certs); i++) { - X509_print(bp, sk_X509_value(br->certs, i)); - PEM_write_bio_X509(bp, sk_X509_value(br->certs, i)); - } - - ret = 1; - err: - OCSP_BASICRESP_free(br); - return ret; -} diff --git a/crypto/ocsp/ocsp_srv.c b/crypto/ocsp/ocsp_srv.c deleted file mode 100644 index dbb6e760b20cf2dde4d787faf6951d39165b9cad..0000000000000000000000000000000000000000 --- a/crypto/ocsp/ocsp_srv.c +++ /dev/null @@ -1,327 +0,0 @@ -/* - * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/cryptlib.h" -#include -#include -#include -#include -#include -#include "ocsp_local.h" - -/* - * Utility functions related to sending OCSP responses and extracting - * relevant information from the request. - */ -int OCSP_request_onereq_count(OCSP_REQUEST *req) -{ - return sk_OCSP_ONEREQ_num(req->tbsRequest.requestList); -} - -OCSP_ONEREQ *OCSP_request_onereq_get0(OCSP_REQUEST *req, int i) -{ - return sk_OCSP_ONEREQ_value(req->tbsRequest.requestList, i); -} - -OCSP_CERTID *OCSP_onereq_get0_id(OCSP_ONEREQ *one) -{ - return one->reqCert; -} - -int OCSP_id_get0_info(ASN1_OCTET_STRING **piNameHash, ASN1_OBJECT **pmd, - ASN1_OCTET_STRING **pikeyHash, - ASN1_INTEGER **pserial, OCSP_CERTID *cid) -{ - if (!cid) - return 0; - if (pmd) - *pmd = cid->hashAlgorithm.algorithm; - if (piNameHash) - *piNameHash = &cid->issuerNameHash; - if (pikeyHash) - *pikeyHash = &cid->issuerKeyHash; - if (pserial) - *pserial = &cid->serialNumber; - return 1; -} - -int OCSP_request_is_signed(OCSP_REQUEST *req) -{ - if (req->optionalSignature) - return 1; - return 0; -} - -/* Create an OCSP response and encode an optional basic response */ -OCSP_RESPONSE *OCSP_response_create(int status, OCSP_BASICRESP *bs) -{ - OCSP_RESPONSE *rsp = NULL; - - if ((rsp = OCSP_RESPONSE_new()) == NULL) - goto err; - if (!(ASN1_ENUMERATED_set(rsp->responseStatus, status))) - goto err; - if (!bs) - return rsp; - if ((rsp->responseBytes = OCSP_RESPBYTES_new()) == NULL) - goto err; - rsp->responseBytes->responseType = OBJ_nid2obj(NID_id_pkix_OCSP_basic); - if (!ASN1_item_pack - (bs, ASN1_ITEM_rptr(OCSP_BASICRESP), &rsp->responseBytes->response)) - goto err; - return rsp; - err: - OCSP_RESPONSE_free(rsp); - return NULL; -} - -OCSP_SINGLERESP *OCSP_basic_add1_status(OCSP_BASICRESP *rsp, - OCSP_CERTID *cid, - int status, int reason, - ASN1_TIME *revtime, - ASN1_TIME *thisupd, - ASN1_TIME *nextupd) -{ - OCSP_SINGLERESP *single = NULL; - OCSP_CERTSTATUS *cs; - OCSP_REVOKEDINFO *ri; - - if (rsp->tbsResponseData.responses == NULL - && (rsp->tbsResponseData.responses - = sk_OCSP_SINGLERESP_new_null()) == NULL) - goto err; - - if ((single = OCSP_SINGLERESP_new()) == NULL) - goto err; - - if (!ASN1_TIME_to_generalizedtime(thisupd, &single->thisUpdate)) - goto err; - if (nextupd && - !ASN1_TIME_to_generalizedtime(nextupd, &single->nextUpdate)) - goto err; - - OCSP_CERTID_free(single->certId); - - if ((single->certId = OCSP_CERTID_dup(cid)) == NULL) - goto err; - - cs = single->certStatus; - switch (cs->type = status) { - case V_OCSP_CERTSTATUS_REVOKED: - if (!revtime) { - ERR_raise(ERR_LIB_OCSP, OCSP_R_NO_REVOKED_TIME); - goto err; - } - if ((cs->value.revoked = ri = OCSP_REVOKEDINFO_new()) == NULL) - goto err; - if (!ASN1_TIME_to_generalizedtime(revtime, &ri->revocationTime)) - goto err; - if (reason != OCSP_REVOKED_STATUS_NOSTATUS) { - if ((ri->revocationReason = ASN1_ENUMERATED_new()) == NULL) - goto err; - if (!(ASN1_ENUMERATED_set(ri->revocationReason, reason))) - goto err; - } - break; - - case V_OCSP_CERTSTATUS_GOOD: - if ((cs->value.good = ASN1_NULL_new()) == NULL) - goto err; - break; - - case V_OCSP_CERTSTATUS_UNKNOWN: - if ((cs->value.unknown = ASN1_NULL_new()) == NULL) - goto err; - break; - - default: - goto err; - - } - if (!(sk_OCSP_SINGLERESP_push(rsp->tbsResponseData.responses, single))) - goto err; - return single; - err: - OCSP_SINGLERESP_free(single); - return NULL; -} - -/* Add a certificate to an OCSP request */ -int OCSP_basic_add1_cert(OCSP_BASICRESP *resp, X509 *cert) -{ - return ossl_x509_add_cert_new(&resp->certs, cert, X509_ADD_FLAG_UP_REF); -} - -/* - * Sign an OCSP response using the parameters contained in the digest context, - * set the responderID to the subject name in the signer's certificate, and - * include one or more optional certificates in the response. - */ -int OCSP_basic_sign_ctx(OCSP_BASICRESP *brsp, - X509 *signer, EVP_MD_CTX *ctx, - STACK_OF(X509) *certs, unsigned long flags) -{ - OCSP_RESPID *rid; - EVP_PKEY *pkey; - - if (ctx == NULL || EVP_MD_CTX_get_pkey_ctx(ctx) == NULL) { - ERR_raise(ERR_LIB_OCSP, OCSP_R_NO_SIGNER_KEY); - goto err; - } - - pkey = EVP_PKEY_CTX_get0_pkey(EVP_MD_CTX_get_pkey_ctx(ctx)); - if (pkey == NULL || !X509_check_private_key(signer, pkey)) { - ERR_raise(ERR_LIB_OCSP, OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE); - goto err; - } - - if (!(flags & OCSP_NOCERTS)) { - if (!OCSP_basic_add1_cert(brsp, signer) - || !X509_add_certs(brsp->certs, certs, X509_ADD_FLAG_UP_REF)) - goto err; - } - - rid = &brsp->tbsResponseData.responderId; - if (flags & OCSP_RESPID_KEY) { - if (!OCSP_RESPID_set_by_key(rid, signer)) - goto err; - } else if (!OCSP_RESPID_set_by_name(rid, signer)) { - goto err; - } - - if (!(flags & OCSP_NOTIME) && - !X509_gmtime_adj(brsp->tbsResponseData.producedAt, 0)) - goto err; - - /* - * Right now, I think that not doing double hashing is the right thing. - * -- Richard Levitte - */ - if (!OCSP_BASICRESP_sign_ctx(brsp, ctx, 0)) - goto err; - - return 1; - err: - return 0; -} - -int OCSP_basic_sign(OCSP_BASICRESP *brsp, - X509 *signer, EVP_PKEY *key, const EVP_MD *dgst, - STACK_OF(X509) *certs, unsigned long flags) -{ - EVP_MD_CTX *ctx = EVP_MD_CTX_new(); - EVP_PKEY_CTX *pkctx = NULL; - int i; - - if (ctx == NULL) - return 0; - - if (!EVP_DigestSignInit_ex(ctx, &pkctx, EVP_MD_get0_name(dgst), - signer->libctx, signer->propq, key, NULL)) { - EVP_MD_CTX_free(ctx); - return 0; - } - i = OCSP_basic_sign_ctx(brsp, signer, ctx, certs, flags); - EVP_MD_CTX_free(ctx); - return i; -} - -int OCSP_RESPID_set_by_name(OCSP_RESPID *respid, X509 *cert) -{ - if (!X509_NAME_set(&respid->value.byName, X509_get_subject_name(cert))) - return 0; - - respid->type = V_OCSP_RESPID_NAME; - - return 1; -} - -int OCSP_RESPID_set_by_key_ex(OCSP_RESPID *respid, X509 *cert, - OSSL_LIB_CTX *libctx, const char *propq) -{ - ASN1_OCTET_STRING *byKey = NULL; - unsigned char md[SHA_DIGEST_LENGTH]; - EVP_MD *sha1 = EVP_MD_fetch(libctx, "SHA1", propq); - int ret = 0; - - if (sha1 == NULL) - return 0; - - /* RFC2560 requires SHA1 */ - if (!X509_pubkey_digest(cert, sha1, md, NULL)) - goto err; - - byKey = ASN1_OCTET_STRING_new(); - if (byKey == NULL) - goto err; - - if (!(ASN1_OCTET_STRING_set(byKey, md, SHA_DIGEST_LENGTH))) { - ASN1_OCTET_STRING_free(byKey); - goto err; - } - - respid->type = V_OCSP_RESPID_KEY; - respid->value.byKey = byKey; - - ret = 1; - err: - EVP_MD_free(sha1); - return ret; -} - -int OCSP_RESPID_set_by_key(OCSP_RESPID *respid, X509 *cert) -{ - if (cert == NULL) - return 0; - return OCSP_RESPID_set_by_key_ex(respid, cert, cert->libctx, cert->propq); -} - -int OCSP_RESPID_match_ex(OCSP_RESPID *respid, X509 *cert, OSSL_LIB_CTX *libctx, - const char *propq) -{ - EVP_MD *sha1 = NULL; - int ret = 0; - - if (respid->type == V_OCSP_RESPID_KEY) { - unsigned char md[SHA_DIGEST_LENGTH]; - - sha1 = EVP_MD_fetch(libctx, "SHA1", propq); - if (sha1 == NULL) - goto err; - - if (respid->value.byKey == NULL) - goto err; - - /* RFC2560 requires SHA1 */ - if (!X509_pubkey_digest(cert, sha1, md, NULL)) - goto err; - - ret = (ASN1_STRING_length(respid->value.byKey) == SHA_DIGEST_LENGTH) - && (memcmp(ASN1_STRING_get0_data(respid->value.byKey), md, - SHA_DIGEST_LENGTH) == 0); - } else if (respid->type == V_OCSP_RESPID_NAME) { - if (respid->value.byName == NULL) - return 0; - - return X509_NAME_cmp(respid->value.byName, - X509_get_subject_name(cert)) == 0; - } - - err: - EVP_MD_free(sha1); - return ret; -} - -int OCSP_RESPID_match(OCSP_RESPID *respid, X509 *cert) -{ - if (cert == NULL) - return 0; - return OCSP_RESPID_match_ex(respid, cert, cert->libctx, cert->propq); -} diff --git a/crypto/ocsp/ocsp_vfy.c b/crypto/ocsp/ocsp_vfy.c deleted file mode 100644 index fa07539d7e86deafde5589386b667647438ca8d7..0000000000000000000000000000000000000000 --- a/crypto/ocsp/ocsp_vfy.c +++ /dev/null @@ -1,440 +0,0 @@ -/* - * Copyright 2001-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include "internal/sizes.h" -#include "ocsp_local.h" - -static int ocsp_find_signer(X509 **psigner, OCSP_BASICRESP *bs, - STACK_OF(X509) *certs, unsigned long flags); -static X509 *ocsp_find_signer_sk(STACK_OF(X509) *certs, OCSP_RESPID *id); -static int ocsp_check_issuer(OCSP_BASICRESP *bs, STACK_OF(X509) *chain); -static int ocsp_check_ids(STACK_OF(OCSP_SINGLERESP) *sresp, - OCSP_CERTID **ret); -static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid, - STACK_OF(OCSP_SINGLERESP) *sresp); -static int ocsp_check_delegated(X509 *x); -static int ocsp_req_find_signer(X509 **psigner, OCSP_REQUEST *req, - const X509_NAME *nm, STACK_OF(X509) *certs, - unsigned long flags); - -/* Returns 1 on success, 0 on failure, or -1 on fatal error */ -static int ocsp_verify_signer(X509 *signer, int response, - X509_STORE *st, unsigned long flags, - STACK_OF(X509) *untrusted, STACK_OF(X509) **chain) -{ - X509_STORE_CTX *ctx = X509_STORE_CTX_new(); - X509_VERIFY_PARAM *vp; - int ret = -1; - - if (ctx == NULL) { - ERR_raise(ERR_LIB_OCSP, ERR_R_MALLOC_FAILURE); - goto end; - } - if (!X509_STORE_CTX_init(ctx, st, signer, untrusted)) { - ERR_raise(ERR_LIB_OCSP, ERR_R_X509_LIB); - goto end; - } - if ((vp = X509_STORE_CTX_get0_param(ctx)) == NULL) - goto end; - if ((flags & OCSP_PARTIAL_CHAIN) != 0) - X509_VERIFY_PARAM_set_flags(vp, X509_V_FLAG_PARTIAL_CHAIN); - if (response - && X509_get_ext_by_NID(signer, NID_id_pkix_OCSP_noCheck, -1) >= 0) - /* - * Locally disable revocation status checking for OCSP responder cert. - * Done here for CRLs; should be done also for OCSP-based checks. - */ - X509_VERIFY_PARAM_clear_flags(vp, X509_V_FLAG_CRL_CHECK); - X509_STORE_CTX_set_purpose(ctx, X509_PURPOSE_OCSP_HELPER); - X509_STORE_CTX_set_trust(ctx, X509_TRUST_OCSP_REQUEST); - - ret = X509_verify_cert(ctx); - if (ret <= 0) { - int err = X509_STORE_CTX_get_error(ctx); - - ERR_raise_data(ERR_LIB_OCSP, OCSP_R_CERTIFICATE_VERIFY_ERROR, - "Verify error: %s", X509_verify_cert_error_string(err)); - goto end; - } - if (chain != NULL) - *chain = X509_STORE_CTX_get1_chain(ctx); - - end: - X509_STORE_CTX_free(ctx); - return ret; -} - -static int ocsp_verify(OCSP_REQUEST *req, OCSP_BASICRESP *bs, - X509 *signer, unsigned long flags) -{ - EVP_PKEY *skey; - int ret = 1; - - if ((flags & OCSP_NOSIGS) == 0) { - if ((skey = X509_get0_pubkey(signer)) == NULL) { - ERR_raise(ERR_LIB_OCSP, OCSP_R_NO_SIGNER_KEY); - return -1; - } - if (req != NULL) - ret = OCSP_REQUEST_verify(req, skey, signer->libctx, signer->propq); - else - ret = OCSP_BASICRESP_verify(bs, skey, signer->libctx, signer->propq); - if (ret <= 0) - ERR_raise(ERR_LIB_OCSP, OCSP_R_SIGNATURE_FAILURE); - } - return ret; -} - -/* Verify a basic response message */ -int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, - X509_STORE *st, unsigned long flags) -{ - X509 *signer, *x; - STACK_OF(X509) *chain = NULL; - STACK_OF(X509) *untrusted = NULL; - int ret = ocsp_find_signer(&signer, bs, certs, flags); - - if (ret == 0) { - ERR_raise(ERR_LIB_OCSP, OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND); - goto end; - } - if ((ret == 2) && (flags & OCSP_TRUSTOTHER) != 0) - flags |= OCSP_NOVERIFY; - - if ((ret = ocsp_verify(NULL, bs, signer, flags)) <= 0) - goto end; - if ((flags & OCSP_NOVERIFY) == 0) { - ret = -1; - if ((flags & OCSP_NOCHAIN) == 0) { - if ((untrusted = sk_X509_dup(bs->certs)) == NULL) - goto end; - if (!X509_add_certs(untrusted, certs, X509_ADD_FLAG_DEFAULT)) - goto end; - } - ret = ocsp_verify_signer(signer, 1, st, flags, untrusted, &chain); - if (ret <= 0) - goto end; - if ((flags & OCSP_NOCHECKS) != 0) { - ret = 1; - goto end; - } - /* - * At this point we have a valid certificate chain need to verify it - * against the OCSP issuer criteria. - */ - ret = ocsp_check_issuer(bs, chain); - - /* If fatal error or valid match then finish */ - if (ret != 0) - goto end; - - /* - * Easy case: explicitly trusted. Get root CA and check for explicit - * trust - */ - if ((flags & OCSP_NOEXPLICIT) != 0) - goto end; - - x = sk_X509_value(chain, sk_X509_num(chain) - 1); - if (X509_check_trust(x, NID_OCSP_sign, 0) != X509_TRUST_TRUSTED) { - ERR_raise(ERR_LIB_OCSP, OCSP_R_ROOT_CA_NOT_TRUSTED); - ret = 0; - goto end; - } - ret = 1; - } - - end: - sk_X509_pop_free(chain, X509_free); - sk_X509_free(untrusted); - return ret; -} - -int OCSP_resp_get0_signer(OCSP_BASICRESP *bs, X509 **signer, - STACK_OF(X509) *extra_certs) -{ - return ocsp_find_signer(signer, bs, extra_certs, 0) > 0; -} - -static int ocsp_find_signer(X509 **psigner, OCSP_BASICRESP *bs, - STACK_OF(X509) *certs, unsigned long flags) -{ - X509 *signer; - OCSP_RESPID *rid = &bs->tbsResponseData.responderId; - - if ((signer = ocsp_find_signer_sk(certs, rid)) != NULL) { - *psigner = signer; - return 2; - } - if ((flags & OCSP_NOINTERN) == 0 && - (signer = ocsp_find_signer_sk(bs->certs, rid))) { - *psigner = signer; - return 1; - } - /* Maybe lookup from store if by subject name */ - - *psigner = NULL; - return 0; -} - -static X509 *ocsp_find_signer_sk(STACK_OF(X509) *certs, OCSP_RESPID *id) -{ - int i, r; - unsigned char tmphash[SHA_DIGEST_LENGTH], *keyhash; - EVP_MD *md; - X509 *x; - - /* Easy if lookup by name */ - if (id->type == V_OCSP_RESPID_NAME) - return X509_find_by_subject(certs, id->value.byName); - - /* Lookup by key hash */ - - /* If key hash isn't SHA1 length then forget it */ - if (id->value.byKey->length != SHA_DIGEST_LENGTH) - return NULL; - keyhash = id->value.byKey->data; - /* Calculate hash of each key and compare */ - for (i = 0; i < sk_X509_num(certs); i++) { - if ((x = sk_X509_value(certs, i)) != NULL) { - if ((md = EVP_MD_fetch(x->libctx, SN_sha1, x->propq)) == NULL) - break; - r = X509_pubkey_digest(x, md, tmphash, NULL); - EVP_MD_free(md); - if (!r) - break; - if (memcmp(keyhash, tmphash, SHA_DIGEST_LENGTH) == 0) - return x; - } - } - return NULL; -} - -static int ocsp_check_issuer(OCSP_BASICRESP *bs, STACK_OF(X509) *chain) -{ - STACK_OF(OCSP_SINGLERESP) *sresp = bs->tbsResponseData.responses; - X509 *signer, *sca; - OCSP_CERTID *caid = NULL; - int ret; - - if (sk_X509_num(chain) <= 0) { - ERR_raise(ERR_LIB_OCSP, OCSP_R_NO_CERTIFICATES_IN_CHAIN); - return -1; - } - - /* See if the issuer IDs match. */ - ret = ocsp_check_ids(sresp, &caid); - - /* If ID mismatch or other error then return */ - if (ret <= 0) - return ret; - - signer = sk_X509_value(chain, 0); - /* Check to see if OCSP responder CA matches request CA */ - if (sk_X509_num(chain) > 1) { - sca = sk_X509_value(chain, 1); - ret = ocsp_match_issuerid(sca, caid, sresp); - if (ret < 0) - return ret; - if (ret != 0) { - /* We have a match, if extensions OK then success */ - if (ocsp_check_delegated(signer)) - return 1; - return 0; - } - } - - /* Otherwise check if OCSP request signed directly by request CA */ - return ocsp_match_issuerid(signer, caid, sresp); -} - -/* - * Check the issuer certificate IDs for equality. If there is a mismatch with - * the same algorithm then there's no point trying to match any certificates - * against the issuer. If the issuer IDs all match then we just need to check - * equality against one of them. - */ - -static int ocsp_check_ids(STACK_OF(OCSP_SINGLERESP) *sresp, OCSP_CERTID **ret) -{ - OCSP_CERTID *tmpid, *cid; - int i, idcount; - - idcount = sk_OCSP_SINGLERESP_num(sresp); - if (idcount <= 0) { - ERR_raise(ERR_LIB_OCSP, OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA); - return -1; - } - - cid = sk_OCSP_SINGLERESP_value(sresp, 0)->certId; - - *ret = NULL; - for (i = 1; i < idcount; i++) { - tmpid = sk_OCSP_SINGLERESP_value(sresp, i)->certId; - /* Check to see if IDs match */ - if (OCSP_id_issuer_cmp(cid, tmpid)) { - /* If algorithm mismatch let caller deal with it */ - if (OBJ_cmp(tmpid->hashAlgorithm.algorithm, - cid->hashAlgorithm.algorithm)) - return 2; - /* Else mismatch */ - return 0; - } - } - - /* All IDs match: only need to check one ID */ - *ret = cid; - return 1; -} - -/* - * Match the certificate issuer ID. - * Returns -1 on fatal error, 0 if there is no match and 1 if there is a match. - */ -static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid, - STACK_OF(OCSP_SINGLERESP) *sresp) -{ - int ret = -1; - EVP_MD *dgst = NULL; - - /* If only one ID to match then do it */ - if (cid != NULL) { - char name[OSSL_MAX_NAME_SIZE]; - const X509_NAME *iname; - int mdlen; - unsigned char md[EVP_MAX_MD_SIZE]; - - OBJ_obj2txt(name, sizeof(name), cid->hashAlgorithm.algorithm, 0); - - (void)ERR_set_mark(); - dgst = EVP_MD_fetch(NULL, name, NULL); - if (dgst == NULL) - dgst = (EVP_MD *)EVP_get_digestbyname(name); - - if (dgst == NULL) { - (void)ERR_clear_last_mark(); - ERR_raise(ERR_LIB_OCSP, OCSP_R_UNKNOWN_MESSAGE_DIGEST); - goto end; - } - (void)ERR_pop_to_mark(); - - mdlen = EVP_MD_get_size(dgst); - if (mdlen < 0) { - ERR_raise(ERR_LIB_OCSP, OCSP_R_DIGEST_SIZE_ERR); - goto end; - } - if (cid->issuerNameHash.length != mdlen || - cid->issuerKeyHash.length != mdlen) { - ret = 0; - goto end; - } - iname = X509_get_subject_name(cert); - if (!X509_NAME_digest(iname, dgst, md, NULL)) - goto end; - if (memcmp(md, cid->issuerNameHash.data, mdlen) != 0) { - ret = 0; - goto end; - } - if (!X509_pubkey_digest(cert, dgst, md, NULL)) { - ERR_raise(ERR_LIB_OCSP, OCSP_R_DIGEST_ERR); - goto end; - } - ret = memcmp(md, cid->issuerKeyHash.data, mdlen) == 0; - goto end; - } else { - /* We have to match the whole lot */ - int i; - OCSP_CERTID *tmpid; - - for (i = 0; i < sk_OCSP_SINGLERESP_num(sresp); i++) { - tmpid = sk_OCSP_SINGLERESP_value(sresp, i)->certId; - ret = ocsp_match_issuerid(cert, tmpid, NULL); - if (ret <= 0) - return ret; - } - } - return 1; -end: - EVP_MD_free(dgst); - return ret; -} - -static int ocsp_check_delegated(X509 *x) -{ - if ((X509_get_extension_flags(x) & EXFLAG_XKUSAGE) - && (X509_get_extended_key_usage(x) & XKU_OCSP_SIGN)) - return 1; - ERR_raise(ERR_LIB_OCSP, OCSP_R_MISSING_OCSPSIGNING_USAGE); - return 0; -} - -/* - * Verify an OCSP request. This is much easier than OCSP response verify. - * Just find the signer's certificate and verify it against a given trust value. - * Returns 1 on success, 0 on failure and on fatal error. - */ -int OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs, - X509_STORE *store, unsigned long flags) -{ - X509 *signer; - const X509_NAME *nm; - GENERAL_NAME *gen; - int ret; - - if (!req->optionalSignature) { - ERR_raise(ERR_LIB_OCSP, OCSP_R_REQUEST_NOT_SIGNED); - return 0; - } - gen = req->tbsRequest.requestorName; - if (!gen || gen->type != GEN_DIRNAME) { - ERR_raise(ERR_LIB_OCSP, OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE); - return 0; /* not returning -1 here for backward compatibility*/ - } - nm = gen->d.directoryName; - ret = ocsp_req_find_signer(&signer, req, nm, certs, flags); - if (ret <= 0) { - ERR_raise(ERR_LIB_OCSP, OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND); - return 0; /* not returning -1 here for backward compatibility*/ - } - if ((ret == 2) && (flags & OCSP_TRUSTOTHER) != 0) - flags |= OCSP_NOVERIFY; - - if ((ret = ocsp_verify(req, NULL, signer, flags)) <= 0) - return 0; /* not returning 'ret' here for backward compatibility*/ - if ((flags & OCSP_NOVERIFY) != 0) - return 1; - return ocsp_verify_signer(signer, 0, store, flags, - (flags & OCSP_NOCHAIN) != 0 ? - NULL : req->optionalSignature->certs, NULL) > 0; - /* using '> 0' here to avoid breaking backward compatibility returning -1 */ -} - -static int ocsp_req_find_signer(X509 **psigner, OCSP_REQUEST *req, - const X509_NAME *nm, STACK_OF(X509) *certs, - unsigned long flags) -{ - X509 *signer; - - if ((flags & OCSP_NOINTERN) == 0) { - signer = X509_find_by_subject(req->optionalSignature->certs, nm); - if (signer != NULL) { - *psigner = signer; - return 1; - } - } - - if ((signer = X509_find_by_subject(certs, nm)) != NULL) { - *psigner = signer; - return 2; - } - return 0; -} diff --git a/crypto/ocsp/v3_ocsp.c b/crypto/ocsp/v3_ocsp.c deleted file mode 100644 index 2250208a1577659d57b75bc70bcccda5dd9dc782..0000000000000000000000000000000000000000 --- a/crypto/ocsp/v3_ocsp.c +++ /dev/null @@ -1,264 +0,0 @@ -/* - * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/cryptlib.h" -#include -#include -#include -#include "ocsp_local.h" -#include -#include "../x509/ext_dat.h" - -/* - * OCSP extensions and a couple of CRL entry extensions - */ - -static int i2r_ocsp_crlid(const X509V3_EXT_METHOD *method, void *nonce, - BIO *out, int indent); -static int i2r_ocsp_acutoff(const X509V3_EXT_METHOD *method, void *nonce, - BIO *out, int indent); -static int i2r_object(const X509V3_EXT_METHOD *method, void *obj, BIO *out, - int indent); - -static void *ocsp_nonce_new(void); -static int i2d_ocsp_nonce(const void *a, unsigned char **pp); -static void *d2i_ocsp_nonce(void *a, const unsigned char **pp, long length); -static void ocsp_nonce_free(void *a); -static int i2r_ocsp_nonce(const X509V3_EXT_METHOD *method, void *nonce, - BIO *out, int indent); - -static int i2r_ocsp_nocheck(const X509V3_EXT_METHOD *method, - void *nocheck, BIO *out, int indent); -static void *s2i_ocsp_nocheck(const X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, const char *str); -static int i2r_ocsp_serviceloc(const X509V3_EXT_METHOD *method, void *in, - BIO *bp, int ind); - -const X509V3_EXT_METHOD ossl_v3_ocsp_crlid = { - NID_id_pkix_OCSP_CrlID, 0, ASN1_ITEM_ref(OCSP_CRLID), - 0, 0, 0, 0, - 0, 0, - 0, 0, - i2r_ocsp_crlid, 0, - NULL -}; - -const X509V3_EXT_METHOD ossl_v3_ocsp_acutoff = { - NID_id_pkix_OCSP_archiveCutoff, 0, ASN1_ITEM_ref(ASN1_GENERALIZEDTIME), - 0, 0, 0, 0, - 0, 0, - 0, 0, - i2r_ocsp_acutoff, 0, - NULL -}; - -const X509V3_EXT_METHOD ossl_v3_crl_invdate = { - NID_invalidity_date, 0, ASN1_ITEM_ref(ASN1_GENERALIZEDTIME), - 0, 0, 0, 0, - 0, 0, - 0, 0, - i2r_ocsp_acutoff, 0, - NULL -}; - -const X509V3_EXT_METHOD ossl_v3_crl_hold = { - NID_hold_instruction_code, 0, ASN1_ITEM_ref(ASN1_OBJECT), - 0, 0, 0, 0, - 0, 0, - 0, 0, - i2r_object, 0, - NULL -}; - -const X509V3_EXT_METHOD ossl_v3_ocsp_nonce = { - NID_id_pkix_OCSP_Nonce, 0, NULL, - ocsp_nonce_new, - ocsp_nonce_free, - d2i_ocsp_nonce, - i2d_ocsp_nonce, - 0, 0, - 0, 0, - i2r_ocsp_nonce, 0, - NULL -}; - -const X509V3_EXT_METHOD ossl_v3_ocsp_nocheck = { - NID_id_pkix_OCSP_noCheck, 0, ASN1_ITEM_ref(ASN1_NULL), - 0, 0, 0, 0, - 0, s2i_ocsp_nocheck, - 0, 0, - i2r_ocsp_nocheck, 0, - NULL -}; - -const X509V3_EXT_METHOD ossl_v3_ocsp_serviceloc = { - NID_id_pkix_OCSP_serviceLocator, 0, ASN1_ITEM_ref(OCSP_SERVICELOC), - 0, 0, 0, 0, - 0, 0, - 0, 0, - i2r_ocsp_serviceloc, 0, - NULL -}; - -static int i2r_ocsp_crlid(const X509V3_EXT_METHOD *method, void *in, BIO *bp, - int ind) -{ - OCSP_CRLID *a = in; - if (a->crlUrl) { - if (BIO_printf(bp, "%*scrlUrl: ", ind, "") <= 0) - goto err; - if (!ASN1_STRING_print(bp, (ASN1_STRING *)a->crlUrl)) - goto err; - if (BIO_write(bp, "\n", 1) <= 0) - goto err; - } - if (a->crlNum) { - if (BIO_printf(bp, "%*scrlNum: ", ind, "") <= 0) - goto err; - if (i2a_ASN1_INTEGER(bp, a->crlNum) <= 0) - goto err; - if (BIO_write(bp, "\n", 1) <= 0) - goto err; - } - if (a->crlTime) { - if (BIO_printf(bp, "%*scrlTime: ", ind, "") <= 0) - goto err; - if (!ASN1_GENERALIZEDTIME_print(bp, a->crlTime)) - goto err; - if (BIO_write(bp, "\n", 1) <= 0) - goto err; - } - return 1; - err: - return 0; -} - -static int i2r_ocsp_acutoff(const X509V3_EXT_METHOD *method, void *cutoff, - BIO *bp, int ind) -{ - if (BIO_printf(bp, "%*s", ind, "") <= 0) - return 0; - if (!ASN1_GENERALIZEDTIME_print(bp, cutoff)) - return 0; - return 1; -} - -static int i2r_object(const X509V3_EXT_METHOD *method, void *oid, BIO *bp, - int ind) -{ - if (BIO_printf(bp, "%*s", ind, "") <= 0) - return 0; - if (i2a_ASN1_OBJECT(bp, oid) <= 0) - return 0; - return 1; -} - -/* - * OCSP nonce. This is needs special treatment because it doesn't have an - * ASN1 encoding at all: it just contains arbitrary data. - */ - -static void *ocsp_nonce_new(void) -{ - return ASN1_OCTET_STRING_new(); -} - -static int i2d_ocsp_nonce(const void *a, unsigned char **pp) -{ - const ASN1_OCTET_STRING *os = a; - if (pp) { - memcpy(*pp, os->data, os->length); - *pp += os->length; - } - return os->length; -} - -static void *d2i_ocsp_nonce(void *a, const unsigned char **pp, long length) -{ - ASN1_OCTET_STRING *os, **pos; - pos = a; - if (pos == NULL || *pos == NULL) { - os = ASN1_OCTET_STRING_new(); - if (os == NULL) - goto err; - } else { - os = *pos; - } - if (!ASN1_OCTET_STRING_set(os, *pp, length)) - goto err; - - *pp += length; - - if (pos) - *pos = os; - return os; - - err: - if ((pos == NULL) || (*pos != os)) - ASN1_OCTET_STRING_free(os); - ERR_raise(ERR_LIB_OCSP, ERR_R_MALLOC_FAILURE); - return NULL; -} - -static void ocsp_nonce_free(void *a) -{ - ASN1_OCTET_STRING_free(a); -} - -static int i2r_ocsp_nonce(const X509V3_EXT_METHOD *method, void *nonce, - BIO *out, int indent) -{ - if (BIO_printf(out, "%*s", indent, "") <= 0) - return 0; - if (i2a_ASN1_STRING(out, nonce, V_ASN1_OCTET_STRING) <= 0) - return 0; - return 1; -} - -/* Nocheck is just a single NULL. Don't print anything and always set it */ - -static int i2r_ocsp_nocheck(const X509V3_EXT_METHOD *method, void *nocheck, - BIO *out, int indent) -{ - return 1; -} - -static void *s2i_ocsp_nocheck(const X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, const char *str) -{ - return ASN1_NULL_new(); -} - -static int i2r_ocsp_serviceloc(const X509V3_EXT_METHOD *method, void *in, - BIO *bp, int ind) -{ - int i; - OCSP_SERVICELOC *a = in; - ACCESS_DESCRIPTION *ad; - - if (BIO_printf(bp, "%*sIssuer: ", ind, "") <= 0) - goto err; - if (X509_NAME_print_ex(bp, a->issuer, 0, XN_FLAG_ONELINE) <= 0) - goto err; - for (i = 0; i < sk_ACCESS_DESCRIPTION_num(a->locator); i++) { - ad = sk_ACCESS_DESCRIPTION_value(a->locator, i); - if (BIO_printf(bp, "\n%*s", (2 * ind), "") <= 0) - goto err; - if (i2a_ASN1_OBJECT(bp, ad->method) <= 0) - goto err; - if (BIO_puts(bp, " - ") <= 0) - goto err; - if (GENERAL_NAME_print(bp, ad->location) <= 0) - goto err; - } - return 1; - err: - return 0; -} diff --git a/crypto/packet.c b/crypto/packet.c deleted file mode 100644 index 927bb3f80f6c33354226a9118983788441627e6c..0000000000000000000000000000000000000000 --- a/crypto/packet.c +++ /dev/null @@ -1,512 +0,0 @@ -/* - * Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include "internal/cryptlib.h" -#include "internal/packet.h" -#include - -#define DEFAULT_BUF_SIZE 256 - -int WPACKET_allocate_bytes(WPACKET *pkt, size_t len, unsigned char **allocbytes) -{ - if (!WPACKET_reserve_bytes(pkt, len, allocbytes)) - return 0; - - pkt->written += len; - pkt->curr += len; - return 1; -} - -int WPACKET_sub_allocate_bytes__(WPACKET *pkt, size_t len, - unsigned char **allocbytes, size_t lenbytes) -{ - if (!WPACKET_start_sub_packet_len__(pkt, lenbytes) - || !WPACKET_allocate_bytes(pkt, len, allocbytes) - || !WPACKET_close(pkt)) - return 0; - - return 1; -} - -#define GETBUF(p) (((p)->staticbuf != NULL) \ - ? (p)->staticbuf \ - : ((p)->buf != NULL \ - ? (unsigned char *)(p)->buf->data \ - : NULL)) - -int WPACKET_reserve_bytes(WPACKET *pkt, size_t len, unsigned char **allocbytes) -{ - /* Internal API, so should not fail */ - if (!ossl_assert(pkt->subs != NULL && len != 0)) - return 0; - - if (pkt->maxsize - pkt->written < len) - return 0; - - if (pkt->buf != NULL && (pkt->buf->length - pkt->written < len)) { - size_t newlen; - size_t reflen; - - reflen = (len > pkt->buf->length) ? len : pkt->buf->length; - - if (reflen > SIZE_MAX / 2) { - newlen = SIZE_MAX; - } else { - newlen = reflen * 2; - if (newlen < DEFAULT_BUF_SIZE) - newlen = DEFAULT_BUF_SIZE; - } - if (BUF_MEM_grow(pkt->buf, newlen) == 0) - return 0; - } - if (allocbytes != NULL) { - *allocbytes = WPACKET_get_curr(pkt); - if (pkt->endfirst && *allocbytes != NULL) - *allocbytes -= len; - } - - return 1; -} - -int WPACKET_sub_reserve_bytes__(WPACKET *pkt, size_t len, - unsigned char **allocbytes, size_t lenbytes) -{ - if (pkt->endfirst && lenbytes > 0) - return 0; - - if (!WPACKET_reserve_bytes(pkt, lenbytes + len, allocbytes)) - return 0; - - if (*allocbytes != NULL) - *allocbytes += lenbytes; - - return 1; -} - -static size_t maxmaxsize(size_t lenbytes) -{ - if (lenbytes >= sizeof(size_t) || lenbytes == 0) - return SIZE_MAX; - - return ((size_t)1 << (lenbytes * 8)) - 1 + lenbytes; -} - -static int wpacket_intern_init_len(WPACKET *pkt, size_t lenbytes) -{ - unsigned char *lenchars; - - pkt->curr = 0; - pkt->written = 0; - - if ((pkt->subs = OPENSSL_zalloc(sizeof(*pkt->subs))) == NULL) { - ERR_raise(ERR_LIB_CRYPTO, ERR_R_MALLOC_FAILURE); - return 0; - } - - if (lenbytes == 0) - return 1; - - pkt->subs->pwritten = lenbytes; - pkt->subs->lenbytes = lenbytes; - - if (!WPACKET_allocate_bytes(pkt, lenbytes, &lenchars)) { - OPENSSL_free(pkt->subs); - pkt->subs = NULL; - return 0; - } - pkt->subs->packet_len = 0; - - return 1; -} - -int WPACKET_init_static_len(WPACKET *pkt, unsigned char *buf, size_t len, - size_t lenbytes) -{ - size_t max = maxmaxsize(lenbytes); - - /* Internal API, so should not fail */ - if (!ossl_assert(buf != NULL && len > 0)) - return 0; - - pkt->staticbuf = buf; - pkt->buf = NULL; - pkt->maxsize = (max < len) ? max : len; - pkt->endfirst = 0; - - return wpacket_intern_init_len(pkt, lenbytes); -} - -int WPACKET_init_der(WPACKET *pkt, unsigned char *buf, size_t len) -{ - /* Internal API, so should not fail */ - if (!ossl_assert(buf != NULL && len > 0)) - return 0; - - pkt->staticbuf = buf; - pkt->buf = NULL; - pkt->maxsize = len; - pkt->endfirst = 1; - - return wpacket_intern_init_len(pkt, 0); -} - -int WPACKET_init_len(WPACKET *pkt, BUF_MEM *buf, size_t lenbytes) -{ - /* Internal API, so should not fail */ - if (!ossl_assert(buf != NULL)) - return 0; - - pkt->staticbuf = NULL; - pkt->buf = buf; - pkt->maxsize = maxmaxsize(lenbytes); - pkt->endfirst = 0; - - return wpacket_intern_init_len(pkt, lenbytes); -} - -int WPACKET_init(WPACKET *pkt, BUF_MEM *buf) -{ - return WPACKET_init_len(pkt, buf, 0); -} - -int WPACKET_init_null(WPACKET *pkt, size_t lenbytes) -{ - pkt->staticbuf = NULL; - pkt->buf = NULL; - pkt->maxsize = maxmaxsize(lenbytes); - pkt->endfirst = 0; - - return wpacket_intern_init_len(pkt, 0); -} - -int WPACKET_init_null_der(WPACKET *pkt) -{ - pkt->staticbuf = NULL; - pkt->buf = NULL; - pkt->maxsize = SIZE_MAX; - pkt->endfirst = 1; - - return wpacket_intern_init_len(pkt, 0); -} - -int WPACKET_set_flags(WPACKET *pkt, unsigned int flags) -{ - /* Internal API, so should not fail */ - if (!ossl_assert(pkt->subs != NULL)) - return 0; - - pkt->subs->flags = flags; - - return 1; -} - -/* Store the |value| of length |len| at location |data| */ -static int put_value(unsigned char *data, uint64_t value, size_t len) -{ - if (data == NULL) - return 1; - - for (data += len - 1; len > 0; len--) { - *data = (unsigned char)(value & 0xff); - data--; - value >>= 8; - } - - /* Check whether we could fit the value in the assigned number of bytes */ - if (value > 0) - return 0; - - return 1; -} - - -/* - * Internal helper function used by WPACKET_close(), WPACKET_finish() and - * WPACKET_fill_lengths() to close a sub-packet and write out its length if - * necessary. If |doclose| is 0 then it goes through the motions of closing - * (i.e. it fills in all the lengths), but doesn't actually close anything. - */ -static int wpacket_intern_close(WPACKET *pkt, WPACKET_SUB *sub, int doclose) -{ - size_t packlen = pkt->written - sub->pwritten; - - if (packlen == 0 - && (sub->flags & WPACKET_FLAGS_NON_ZERO_LENGTH) != 0) - return 0; - - if (packlen == 0 - && sub->flags & WPACKET_FLAGS_ABANDON_ON_ZERO_LENGTH) { - /* We can't handle this case. Return an error */ - if (!doclose) - return 0; - - /* Deallocate any bytes allocated for the length of the WPACKET */ - if ((pkt->curr - sub->lenbytes) == sub->packet_len) { - pkt->written -= sub->lenbytes; - pkt->curr -= sub->lenbytes; - } - - /* Don't write out the packet length */ - sub->packet_len = 0; - sub->lenbytes = 0; - } - - /* Write out the WPACKET length if needed */ - if (sub->lenbytes > 0) { - unsigned char *buf = GETBUF(pkt); - - if (buf != NULL - && !put_value(&buf[sub->packet_len], packlen, - sub->lenbytes)) - return 0; - } else if (pkt->endfirst && sub->parent != NULL - && (packlen != 0 - || (sub->flags - & WPACKET_FLAGS_ABANDON_ON_ZERO_LENGTH) == 0)) { - size_t tmplen = packlen; - size_t numlenbytes = 1; - - while ((tmplen = tmplen >> 8) > 0) - numlenbytes++; - if (!WPACKET_put_bytes__(pkt, packlen, numlenbytes)) - return 0; - if (packlen > 0x7f) { - numlenbytes |= 0x80; - if (!WPACKET_put_bytes_u8(pkt, numlenbytes)) - return 0; - } - } - - if (doclose) { - pkt->subs = sub->parent; - OPENSSL_free(sub); - } - - return 1; -} - -int WPACKET_fill_lengths(WPACKET *pkt) -{ - WPACKET_SUB *sub; - - if (!ossl_assert(pkt->subs != NULL)) - return 0; - - for (sub = pkt->subs; sub != NULL; sub = sub->parent) { - if (!wpacket_intern_close(pkt, sub, 0)) - return 0; - } - - return 1; -} - -int WPACKET_close(WPACKET *pkt) -{ - /* - * Internal API, so should not fail - but we do negative testing of this - * so no assert (otherwise the tests fail) - */ - if (pkt->subs == NULL || pkt->subs->parent == NULL) - return 0; - - return wpacket_intern_close(pkt, pkt->subs, 1); -} - -int WPACKET_finish(WPACKET *pkt) -{ - int ret; - - /* - * Internal API, so should not fail - but we do negative testing of this - * so no assert (otherwise the tests fail) - */ - if (pkt->subs == NULL || pkt->subs->parent != NULL) - return 0; - - ret = wpacket_intern_close(pkt, pkt->subs, 1); - if (ret) { - OPENSSL_free(pkt->subs); - pkt->subs = NULL; - } - - return ret; -} - -int WPACKET_start_sub_packet_len__(WPACKET *pkt, size_t lenbytes) -{ - WPACKET_SUB *sub; - unsigned char *lenchars; - - /* Internal API, so should not fail */ - if (!ossl_assert(pkt->subs != NULL)) - return 0; - - /* We don't support lenbytes greater than 0 when doing endfirst writing */ - if (lenbytes > 0 && pkt->endfirst) - return 0; - - if ((sub = OPENSSL_zalloc(sizeof(*sub))) == NULL) { - ERR_raise(ERR_LIB_CRYPTO, ERR_R_MALLOC_FAILURE); - return 0; - } - - sub->parent = pkt->subs; - pkt->subs = sub; - sub->pwritten = pkt->written + lenbytes; - sub->lenbytes = lenbytes; - - if (lenbytes == 0) { - sub->packet_len = 0; - return 1; - } - - sub->packet_len = pkt->written; - - if (!WPACKET_allocate_bytes(pkt, lenbytes, &lenchars)) - return 0; - - return 1; -} - -int WPACKET_start_sub_packet(WPACKET *pkt) -{ - return WPACKET_start_sub_packet_len__(pkt, 0); -} - -int WPACKET_put_bytes__(WPACKET *pkt, uint64_t val, size_t size) -{ - unsigned char *data; - - /* Internal API, so should not fail */ - if (!ossl_assert(size <= sizeof(uint64_t)) - || !WPACKET_allocate_bytes(pkt, size, &data) - || !put_value(data, val, size)) - return 0; - - return 1; -} - -int WPACKET_set_max_size(WPACKET *pkt, size_t maxsize) -{ - WPACKET_SUB *sub; - size_t lenbytes; - - /* Internal API, so should not fail */ - if (!ossl_assert(pkt->subs != NULL)) - return 0; - - /* Find the WPACKET_SUB for the top level */ - for (sub = pkt->subs; sub->parent != NULL; sub = sub->parent) - continue; - - lenbytes = sub->lenbytes; - if (lenbytes == 0) - lenbytes = sizeof(pkt->maxsize); - - if (maxmaxsize(lenbytes) < maxsize || maxsize < pkt->written) - return 0; - - pkt->maxsize = maxsize; - - return 1; -} - -int WPACKET_memset(WPACKET *pkt, int ch, size_t len) -{ - unsigned char *dest; - - if (len == 0) - return 1; - - if (!WPACKET_allocate_bytes(pkt, len, &dest)) - return 0; - - if (dest != NULL) - memset(dest, ch, len); - - return 1; -} - -int WPACKET_memcpy(WPACKET *pkt, const void *src, size_t len) -{ - unsigned char *dest; - - if (len == 0) - return 1; - - if (!WPACKET_allocate_bytes(pkt, len, &dest)) - return 0; - - if (dest != NULL) - memcpy(dest, src, len); - - return 1; -} - -int WPACKET_sub_memcpy__(WPACKET *pkt, const void *src, size_t len, - size_t lenbytes) -{ - if (!WPACKET_start_sub_packet_len__(pkt, lenbytes) - || !WPACKET_memcpy(pkt, src, len) - || !WPACKET_close(pkt)) - return 0; - - return 1; -} - -int WPACKET_get_total_written(WPACKET *pkt, size_t *written) -{ - /* Internal API, so should not fail */ - if (!ossl_assert(written != NULL)) - return 0; - - *written = pkt->written; - - return 1; -} - -int WPACKET_get_length(WPACKET *pkt, size_t *len) -{ - /* Internal API, so should not fail */ - if (!ossl_assert(pkt->subs != NULL && len != NULL)) - return 0; - - *len = pkt->written - pkt->subs->pwritten; - - return 1; -} - -unsigned char *WPACKET_get_curr(WPACKET *pkt) -{ - unsigned char *buf = GETBUF(pkt); - - if (buf == NULL) - return NULL; - - if (pkt->endfirst) - return buf + pkt->maxsize - pkt->curr; - - return buf + pkt->curr; -} - -int WPACKET_is_null_buf(WPACKET *pkt) -{ - return pkt->buf == NULL && pkt->staticbuf == NULL; -} - -void WPACKET_cleanup(WPACKET *pkt) -{ - WPACKET_SUB *sub, *parent; - - for (sub = pkt->subs; sub != NULL; sub = parent) { - parent = sub->parent; - OPENSSL_free(sub); - } - pkt->subs = NULL; -} diff --git a/crypto/param_build.c b/crypto/param_build.c deleted file mode 100644 index eaece0026dea2186da710a0d54e70f07d34a0d2a..0000000000000000000000000000000000000000 --- a/crypto/param_build.c +++ /dev/null @@ -1,385 +0,0 @@ -/* - * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. - * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include -#include -#include -#include "internal/param_build_set.h" - -/* - * Special internal param type to indicate the end of an allocate OSSL_PARAM - * array. - */ - -typedef struct { - const char *key; - int type; - int secure; - size_t size; - size_t alloc_blocks; - const BIGNUM *bn; - const void *string; - union { - /* - * These fields are never directly addressed, but their sizes are - * imporant so that all native types can be copied here without overrun. - */ - ossl_intmax_t i; - ossl_uintmax_t u; - double d; - } num; -} OSSL_PARAM_BLD_DEF; - -DEFINE_STACK_OF(OSSL_PARAM_BLD_DEF) - -struct ossl_param_bld_st { - size_t total_blocks; - size_t secure_blocks; - STACK_OF(OSSL_PARAM_BLD_DEF) *params; -}; - -static OSSL_PARAM_BLD_DEF *param_push(OSSL_PARAM_BLD *bld, const char *key, - int size, size_t alloc, int type, - int secure) -{ - OSSL_PARAM_BLD_DEF *pd = OPENSSL_zalloc(sizeof(*pd)); - - if (pd == NULL) { - ERR_raise(ERR_LIB_CRYPTO, ERR_R_MALLOC_FAILURE); - return NULL; - } - pd->key = key; - pd->type = type; - pd->size = size; - pd->alloc_blocks = ossl_param_bytes_to_blocks(alloc); - if ((pd->secure = secure) != 0) - bld->secure_blocks += pd->alloc_blocks; - else - bld->total_blocks += pd->alloc_blocks; - if (sk_OSSL_PARAM_BLD_DEF_push(bld->params, pd) <= 0) { - OPENSSL_free(pd); - pd = NULL; - } - return pd; -} - -static int param_push_num(OSSL_PARAM_BLD *bld, const char *key, - void *num, size_t size, int type) -{ - OSSL_PARAM_BLD_DEF *pd = param_push(bld, key, size, size, type, 0); - - if (pd == NULL) - return 0; - if (size > sizeof(pd->num)) { - ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_TOO_MANY_BYTES); - return 0; - } - memcpy(&pd->num, num, size); - return 1; -} - -OSSL_PARAM_BLD *OSSL_PARAM_BLD_new(void) -{ - OSSL_PARAM_BLD *r = OPENSSL_zalloc(sizeof(OSSL_PARAM_BLD)); - - if (r != NULL) { - r->params = sk_OSSL_PARAM_BLD_DEF_new_null(); - if (r->params == NULL) { - OPENSSL_free(r); - r = NULL; - } - } - return r; -} - -static void free_all_params(OSSL_PARAM_BLD *bld) -{ - int i, n = sk_OSSL_PARAM_BLD_DEF_num(bld->params); - - for (i = 0; i < n; i++) - OPENSSL_free(sk_OSSL_PARAM_BLD_DEF_pop(bld->params)); -} - -void OSSL_PARAM_BLD_free(OSSL_PARAM_BLD *bld) -{ - if (bld == NULL) - return; - free_all_params(bld); - sk_OSSL_PARAM_BLD_DEF_free(bld->params); - OPENSSL_free(bld); -} - -int OSSL_PARAM_BLD_push_int(OSSL_PARAM_BLD *bld, const char *key, int num) -{ - return param_push_num(bld, key, &num, sizeof(num), OSSL_PARAM_INTEGER); -} - -int OSSL_PARAM_BLD_push_uint(OSSL_PARAM_BLD *bld, const char *key, - unsigned int num) -{ - return param_push_num(bld, key, &num, sizeof(num), - OSSL_PARAM_UNSIGNED_INTEGER); -} - -int OSSL_PARAM_BLD_push_long(OSSL_PARAM_BLD *bld, const char *key, - long int num) -{ - return param_push_num(bld, key, &num, sizeof(num), OSSL_PARAM_INTEGER); -} - -int OSSL_PARAM_BLD_push_ulong(OSSL_PARAM_BLD *bld, const char *key, - unsigned long int num) -{ - return param_push_num(bld, key, &num, sizeof(num), - OSSL_PARAM_UNSIGNED_INTEGER); -} - -int OSSL_PARAM_BLD_push_int32(OSSL_PARAM_BLD *bld, const char *key, - int32_t num) -{ - return param_push_num(bld, key, &num, sizeof(num), OSSL_PARAM_INTEGER); -} - -int OSSL_PARAM_BLD_push_uint32(OSSL_PARAM_BLD *bld, const char *key, - uint32_t num) -{ - return param_push_num(bld, key, &num, sizeof(num), - OSSL_PARAM_UNSIGNED_INTEGER); -} - -int OSSL_PARAM_BLD_push_int64(OSSL_PARAM_BLD *bld, const char *key, - int64_t num) -{ - return param_push_num(bld, key, &num, sizeof(num), OSSL_PARAM_INTEGER); -} - -int OSSL_PARAM_BLD_push_uint64(OSSL_PARAM_BLD *bld, const char *key, - uint64_t num) -{ - return param_push_num(bld, key, &num, sizeof(num), - OSSL_PARAM_UNSIGNED_INTEGER); -} - -int OSSL_PARAM_BLD_push_size_t(OSSL_PARAM_BLD *bld, const char *key, - size_t num) -{ - return param_push_num(bld, key, &num, sizeof(num), - OSSL_PARAM_UNSIGNED_INTEGER); -} - -int OSSL_PARAM_BLD_push_time_t(OSSL_PARAM_BLD *bld, const char *key, - time_t num) -{ - return param_push_num(bld, key, &num, sizeof(num), - OSSL_PARAM_INTEGER); -} - -int OSSL_PARAM_BLD_push_double(OSSL_PARAM_BLD *bld, const char *key, - double num) -{ - return param_push_num(bld, key, &num, sizeof(num), OSSL_PARAM_REAL); -} - -int OSSL_PARAM_BLD_push_BN(OSSL_PARAM_BLD *bld, const char *key, - const BIGNUM *bn) -{ - return OSSL_PARAM_BLD_push_BN_pad(bld, key, bn, - bn == NULL ? 0 : BN_num_bytes(bn)); -} - -int OSSL_PARAM_BLD_push_BN_pad(OSSL_PARAM_BLD *bld, const char *key, - const BIGNUM *bn, size_t sz) -{ - int n, secure = 0; - OSSL_PARAM_BLD_DEF *pd; - - if (bn != NULL) { - if (BN_is_negative(bn)) { - ERR_raise_data(ERR_LIB_CRYPTO, ERR_R_UNSUPPORTED, - "Negative big numbers are unsupported for OSSL_PARAM"); - return 0; - } - - n = BN_num_bytes(bn); - if (n < 0) { - ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_ZERO_LENGTH_NUMBER); - return 0; - } - if (sz < (size_t)n) { - ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_TOO_SMALL_BUFFER); - return 0; - } - if (BN_get_flags(bn, BN_FLG_SECURE) == BN_FLG_SECURE) - secure = 1; - } - pd = param_push(bld, key, sz, sz, OSSL_PARAM_UNSIGNED_INTEGER, secure); - if (pd == NULL) - return 0; - pd->bn = bn; - return 1; -} - -int OSSL_PARAM_BLD_push_utf8_string(OSSL_PARAM_BLD *bld, const char *key, - const char *buf, size_t bsize) -{ - OSSL_PARAM_BLD_DEF *pd; - int secure; - - if (bsize == 0) { - bsize = strlen(buf); - } else if (bsize > INT_MAX) { - ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_STRING_TOO_LONG); - return 0; - } - secure = CRYPTO_secure_allocated(buf); - pd = param_push(bld, key, bsize, bsize + 1, OSSL_PARAM_UTF8_STRING, secure); - if (pd == NULL) - return 0; - pd->string = buf; - return 1; -} - -int OSSL_PARAM_BLD_push_utf8_ptr(OSSL_PARAM_BLD *bld, const char *key, - char *buf, size_t bsize) -{ - OSSL_PARAM_BLD_DEF *pd; - - if (bsize == 0) { - bsize = strlen(buf); - } else if (bsize > INT_MAX) { - ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_STRING_TOO_LONG); - return 0; - } - pd = param_push(bld, key, bsize, sizeof(buf), OSSL_PARAM_UTF8_PTR, 0); - if (pd == NULL) - return 0; - pd->string = buf; - return 1; -} - -int OSSL_PARAM_BLD_push_octet_string(OSSL_PARAM_BLD *bld, const char *key, - const void *buf, size_t bsize) -{ - OSSL_PARAM_BLD_DEF *pd; - int secure; - - if (bsize > INT_MAX) { - ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_STRING_TOO_LONG); - return 0; - } - secure = CRYPTO_secure_allocated(buf); - pd = param_push(bld, key, bsize, bsize, OSSL_PARAM_OCTET_STRING, secure); - if (pd == NULL) - return 0; - pd->string = buf; - return 1; -} - -int OSSL_PARAM_BLD_push_octet_ptr(OSSL_PARAM_BLD *bld, const char *key, - void *buf, size_t bsize) -{ - OSSL_PARAM_BLD_DEF *pd; - - if (bsize > INT_MAX) { - ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_STRING_TOO_LONG); - return 0; - } - pd = param_push(bld, key, bsize, sizeof(buf), OSSL_PARAM_OCTET_PTR, 0); - if (pd == NULL) - return 0; - pd->string = buf; - return 1; -} - -static OSSL_PARAM *param_bld_convert(OSSL_PARAM_BLD *bld, OSSL_PARAM *param, - OSSL_PARAM_ALIGNED_BLOCK *blk, - OSSL_PARAM_ALIGNED_BLOCK *secure) -{ - int i, num = sk_OSSL_PARAM_BLD_DEF_num(bld->params); - OSSL_PARAM_BLD_DEF *pd; - void *p; - - for (i = 0; i < num; i++) { - pd = sk_OSSL_PARAM_BLD_DEF_value(bld->params, i); - param[i].key = pd->key; - param[i].data_type = pd->type; - param[i].data_size = pd->size; - param[i].return_size = OSSL_PARAM_UNMODIFIED; - - if (pd->secure) { - p = secure; - secure += pd->alloc_blocks; - } else { - p = blk; - blk += pd->alloc_blocks; - } - param[i].data = p; - if (pd->bn != NULL) { - /* BIGNUM */ - BN_bn2nativepad(pd->bn, (unsigned char *)p, pd->size); - } else if (pd->type == OSSL_PARAM_OCTET_PTR - || pd->type == OSSL_PARAM_UTF8_PTR) { - /* PTR */ - *(const void **)p = pd->string; - } else if (pd->type == OSSL_PARAM_OCTET_STRING - || pd->type == OSSL_PARAM_UTF8_STRING) { - if (pd->string != NULL) - memcpy(p, pd->string, pd->size); - else - memset(p, 0, pd->size); - if (pd->type == OSSL_PARAM_UTF8_STRING) - ((char *)p)[pd->size] = '\0'; - } else { - /* Number, but could also be a NULL BIGNUM */ - if (pd->size > sizeof(pd->num)) - memset(p, 0, pd->size); - else if (pd->size > 0) - memcpy(p, &pd->num, pd->size); - } - } - param[i] = OSSL_PARAM_construct_end(); - return param + i; -} - -OSSL_PARAM *OSSL_PARAM_BLD_to_param(OSSL_PARAM_BLD *bld) -{ - OSSL_PARAM_ALIGNED_BLOCK *blk, *s = NULL; - OSSL_PARAM *params, *last; - const int num = sk_OSSL_PARAM_BLD_DEF_num(bld->params); - const size_t p_blks = ossl_param_bytes_to_blocks((1 + num) * sizeof(*params)); - const size_t total = OSSL_PARAM_ALIGN_SIZE * (p_blks + bld->total_blocks); - const size_t ss = OSSL_PARAM_ALIGN_SIZE * bld->secure_blocks; - - if (ss > 0) { - s = OPENSSL_secure_malloc(ss); - if (s == NULL) { - ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_SECURE_MALLOC_FAILURE); - return NULL; - } - } - params = OPENSSL_malloc(total); - if (params == NULL) { - ERR_raise(ERR_LIB_CRYPTO, ERR_R_MALLOC_FAILURE); - OPENSSL_secure_free(s); - return NULL; - } - blk = p_blks + (OSSL_PARAM_ALIGNED_BLOCK *)(params); - last = param_bld_convert(bld, params, blk, s); - ossl_param_set_secure_block(last, s, ss); - - /* Reset builder for reuse */ - bld->total_blocks = 0; - bld->secure_blocks = 0; - free_all_params(bld); - return params; -} diff --git a/crypto/param_build_set.c b/crypto/param_build_set.c deleted file mode 100644 index 8b570ded96ebb45379fc0aa097b784b5065185c3..0000000000000000000000000000000000000000 --- a/crypto/param_build_set.c +++ /dev/null @@ -1,121 +0,0 @@ -/* - * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * Key Management utility functions to share functionality between the export() - * and get_params() methods. - * export() uses OSSL_PARAM_BLD, and get_params() used the OSSL_PARAM[] to - * fill in parameter data for the same key and data fields. - */ - -#include -#include "internal/param_build_set.h" - -DEFINE_SPECIAL_STACK_OF_CONST(BIGNUM_const, BIGNUM) - -int ossl_param_build_set_int(OSSL_PARAM_BLD *bld, OSSL_PARAM *p, - const char *key, int num) -{ - if (bld != NULL) - return OSSL_PARAM_BLD_push_int(bld, key, num); - p = OSSL_PARAM_locate(p, key); - if (p != NULL) - return OSSL_PARAM_set_int(p, num); - return 1; -} - -int ossl_param_build_set_long(OSSL_PARAM_BLD *bld, OSSL_PARAM *p, - const char *key, long num) -{ - if (bld != NULL) - return OSSL_PARAM_BLD_push_long(bld, key, num); - p = OSSL_PARAM_locate(p, key); - if (p != NULL) - return OSSL_PARAM_set_long(p, num); - return 1; -} - -int ossl_param_build_set_utf8_string(OSSL_PARAM_BLD *bld, OSSL_PARAM *p, - const char *key, const char *buf) -{ - if (bld != NULL) - return OSSL_PARAM_BLD_push_utf8_string(bld, key, buf, 0); - p = OSSL_PARAM_locate(p, key); - if (p != NULL) - return OSSL_PARAM_set_utf8_string(p, buf); - return 1; -} - -int ossl_param_build_set_octet_string(OSSL_PARAM_BLD *bld, OSSL_PARAM *p, - const char *key, - const unsigned char *data, - size_t data_len) -{ - if (bld != NULL) - return OSSL_PARAM_BLD_push_octet_string(bld, key, data, data_len); - - p = OSSL_PARAM_locate(p, key); - if (p != NULL) - return OSSL_PARAM_set_octet_string(p, data, data_len); - return 1; -} - -int ossl_param_build_set_bn_pad(OSSL_PARAM_BLD *bld, OSSL_PARAM *p, - const char *key, const BIGNUM *bn, size_t sz) -{ - if (bld != NULL) - return OSSL_PARAM_BLD_push_BN_pad(bld, key, bn, sz); - p = OSSL_PARAM_locate(p, key); - if (p != NULL) { - if (sz > p->data_size) - return 0; - p->data_size = sz; - return OSSL_PARAM_set_BN(p, bn); - } - return 1; -} - -int ossl_param_build_set_bn(OSSL_PARAM_BLD *bld, OSSL_PARAM *p, - const char *key, const BIGNUM *bn) -{ - if (bld != NULL) - return OSSL_PARAM_BLD_push_BN(bld, key, bn); - - p = OSSL_PARAM_locate(p, key); - if (p != NULL) - return OSSL_PARAM_set_BN(p, bn) > 0; - return 1; -} - -int ossl_param_build_set_multi_key_bn(OSSL_PARAM_BLD *bld, OSSL_PARAM *params, - const char *names[], - STACK_OF(BIGNUM_const) *stk) -{ - int i, sz = sk_BIGNUM_const_num(stk); - OSSL_PARAM *p; - - - if (bld != NULL) { - for (i = 0; i < sz && names[i] != NULL; ++i) { - if (!OSSL_PARAM_BLD_push_BN(bld, names[i], - sk_BIGNUM_const_value(stk, i))) - return 0; - } - return 1; - } - - for (i = 0; i < sz && names[i] != NULL; ++i) { - p = OSSL_PARAM_locate(params, names[i]); - if (p != NULL) { - if (!OSSL_PARAM_set_BN(p, sk_BIGNUM_const_value(stk, i))) - return 0; - } - } - return 1; -} diff --git a/crypto/params.c b/crypto/params.c deleted file mode 100644 index 9049041e3bbe70447a7a11e691e4b2d8ee955849..0000000000000000000000000000000000000000 --- a/crypto/params.c +++ /dev/null @@ -1,1295 +0,0 @@ -/* - * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. - * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include "internal/thread_once.h" -#include "internal/numbers.h" -#include "internal/endian.h" - -/* - * Return the number of bits in the mantissa of a double. This is used to - * shift a larger integral value to determine if it will exactly fit into a - * double. - */ -static unsigned int real_shift(void) -{ - return sizeof(double) == 4 ? 24 : 53; -} - -OSSL_PARAM *OSSL_PARAM_locate(OSSL_PARAM *p, const char *key) -{ - if (p != NULL && key != NULL) - for (; p->key != NULL; p++) - if (strcmp(key, p->key) == 0) - return p; - return NULL; -} - -const OSSL_PARAM *OSSL_PARAM_locate_const(const OSSL_PARAM *p, const char *key) -{ - return OSSL_PARAM_locate((OSSL_PARAM *)p, key); -} - -static OSSL_PARAM ossl_param_construct(const char *key, unsigned int data_type, - void *data, size_t data_size) -{ - OSSL_PARAM res; - - res.key = key; - res.data_type = data_type; - res.data = data; - res.data_size = data_size; - res.return_size = OSSL_PARAM_UNMODIFIED; - return res; -} - -int OSSL_PARAM_modified(const OSSL_PARAM *p) -{ - return p != NULL && p->return_size != OSSL_PARAM_UNMODIFIED; -} - -void OSSL_PARAM_set_all_unmodified(OSSL_PARAM *p) -{ - if (p != NULL) - while (p->key != NULL) - p++->return_size = OSSL_PARAM_UNMODIFIED; -} - -/* Return non-zero if the signed number is negative */ -static int is_negative(const void *number, size_t s) -{ - const unsigned char *n = number; - DECLARE_IS_ENDIAN; - - return 0x80 & (IS_BIG_ENDIAN ? n[0] : n[s - 1]); -} - -/* Check that all the bytes specified match the expected sign byte */ -static int check_sign_bytes(const unsigned char *p, size_t n, unsigned char s) -{ - size_t i; - - for (i = 0; i < n; i++) - if (p[i] != s) - return 0; - return 1; -} - -/* - * Copy an integer to another integer. - * Handle different length integers and signed and unsigned integers. - * Both integers are in native byte ordering. - */ -static int copy_integer(unsigned char *dest, size_t dest_len, - const unsigned char *src, size_t src_len, - unsigned char pad, int signed_int) -{ - size_t n; - DECLARE_IS_ENDIAN; - - if (IS_BIG_ENDIAN) { - if (src_len < dest_len) { - n = dest_len - src_len; - memset(dest, pad, n); - memcpy(dest + n, src, src_len); - } else { - n = src_len - dest_len; - if (!check_sign_bytes(src, n, pad) - /* - * Shortening a signed value must retain the correct sign. - * Avoiding this kind of thing: -253 = 0xff03 -> 0x03 = 3 - */ - || (signed_int && ((pad ^ src[n]) & 0x80) != 0)) - return 0; - memcpy(dest, src + n, dest_len); - } - } else /* IS_LITTLE_ENDIAN */ { - if (src_len < dest_len) { - n = dest_len - src_len; - memset(dest + src_len, pad, n); - memcpy(dest, src, src_len); - } else { - n = src_len - dest_len; - if (!check_sign_bytes(src + dest_len, n, pad) - /* - * Shortening a signed value must retain the correct sign. - * Avoiding this kind of thing: 130 = 0x0082 -> 0x82 = -126 - */ - || (signed_int && ((pad ^ src[dest_len - 1]) & 0x80) != 0)) - return 0; - memcpy(dest, src, dest_len); - } - } - return 1; -} - -/* Copy a signed number to a signed number of possibly different length */ -static int signed_from_signed(void *dest, size_t dest_len, - const void *src, size_t src_len) -{ - return copy_integer(dest, dest_len, src, src_len, - is_negative(src, src_len) ? 0xff : 0, 1); -} - -/* Copy an unsigned number to a signed number of possibly different length */ -static int signed_from_unsigned(void *dest, size_t dest_len, - const void *src, size_t src_len) -{ - return copy_integer(dest, dest_len, src, src_len, 0, 1); -} - -/* Copy a signed number to an unsigned number of possibly different length */ -static int unsigned_from_signed(void *dest, size_t dest_len, - const void *src, size_t src_len) -{ - if (is_negative(src, src_len)) - return 0; - return copy_integer(dest, dest_len, src, src_len, 0, 0); -} - -/* Copy an unsigned number to an unsigned number of possibly different length */ -static int unsigned_from_unsigned(void *dest, size_t dest_len, - const void *src, size_t src_len) -{ - return copy_integer(dest, dest_len, src, src_len, 0, 0); -} - -/* General purpose get integer parameter call that handles odd sizes */ -static int general_get_int(const OSSL_PARAM *p, void *val, size_t val_size) -{ - if (p->data_type == OSSL_PARAM_INTEGER) - return signed_from_signed(val, val_size, p->data, p->data_size); - if (p->data_type == OSSL_PARAM_UNSIGNED_INTEGER) - return signed_from_unsigned(val, val_size, p->data, p->data_size); - return 0; -} - -/* General purpose set integer parameter call that handles odd sizes */ -static int general_set_int(OSSL_PARAM *p, void *val, size_t val_size) -{ - int r = 0; - - p->return_size = val_size; /* Expected size */ - if (p->data == NULL) - return 1; - if (p->data_type == OSSL_PARAM_INTEGER) - r = signed_from_signed(p->data, p->data_size, val, val_size); - else if (p->data_type == OSSL_PARAM_UNSIGNED_INTEGER) - r = unsigned_from_signed(p->data, p->data_size, val, val_size); - p->return_size = r ? p->data_size : val_size; - return r; -} - -/* General purpose get unsigned integer parameter call that handles odd sizes */ -static int general_get_uint(const OSSL_PARAM *p, void *val, size_t val_size) -{ - if (p->data_type == OSSL_PARAM_INTEGER) - return unsigned_from_signed(val, val_size, p->data, p->data_size); - if (p->data_type == OSSL_PARAM_UNSIGNED_INTEGER) - return unsigned_from_unsigned(val, val_size, p->data, p->data_size); - return 0; -} - -/* General purpose set unsigned integer parameter call that handles odd sizes */ -static int general_set_uint(OSSL_PARAM *p, void *val, size_t val_size) -{ - int r = 0; - - p->return_size = val_size; /* Expected size */ - if (p->data == NULL) - return 1; - if (p->data_type == OSSL_PARAM_INTEGER) - r = signed_from_unsigned(p->data, p->data_size, val, val_size); - else if (p->data_type == OSSL_PARAM_UNSIGNED_INTEGER) - r = unsigned_from_unsigned(p->data, p->data_size, val, val_size); - p->return_size = r ? p->data_size : val_size; - return r; -} - -int OSSL_PARAM_get_int(const OSSL_PARAM *p, int *val) -{ -#ifndef OPENSSL_SMALL_FOOTPRINT - switch (sizeof(int)) { - case sizeof(int32_t): - return OSSL_PARAM_get_int32(p, (int32_t *)val); - case sizeof(int64_t): - return OSSL_PARAM_get_int64(p, (int64_t *)val); - } -#endif - return general_get_int(p, val, sizeof(*val)); -} - -int OSSL_PARAM_set_int(OSSL_PARAM *p, int val) -{ -#ifndef OPENSSL_SMALL_FOOTPRINT - switch (sizeof(int)) { - case sizeof(int32_t): - return OSSL_PARAM_set_int32(p, (int32_t)val); - case sizeof(int64_t): - return OSSL_PARAM_set_int64(p, (int64_t)val); - } -#endif - return general_set_int(p, &val, sizeof(val)); -} - -OSSL_PARAM OSSL_PARAM_construct_int(const char *key, int *buf) -{ - return ossl_param_construct(key, OSSL_PARAM_INTEGER, buf, sizeof(int)); -} - -int OSSL_PARAM_get_uint(const OSSL_PARAM *p, unsigned int *val) -{ -#ifndef OPENSSL_SMALL_FOOTPRINT - switch (sizeof(unsigned int)) { - case sizeof(uint32_t): - return OSSL_PARAM_get_uint32(p, (uint32_t *)val); - case sizeof(uint64_t): - return OSSL_PARAM_get_uint64(p, (uint64_t *)val); - } -#endif - return general_get_uint(p, val, sizeof(*val)); -} - -int OSSL_PARAM_set_uint(OSSL_PARAM *p, unsigned int val) -{ -#ifndef OPENSSL_SMALL_FOOTPRINT - switch (sizeof(unsigned int)) { - case sizeof(uint32_t): - return OSSL_PARAM_set_uint32(p, (uint32_t)val); - case sizeof(uint64_t): - return OSSL_PARAM_set_uint64(p, (uint64_t)val); - } -#endif - return general_set_uint(p, &val, sizeof(val)); -} - -OSSL_PARAM OSSL_PARAM_construct_uint(const char *key, unsigned int *buf) -{ - return ossl_param_construct(key, OSSL_PARAM_UNSIGNED_INTEGER, buf, - sizeof(unsigned int)); -} - -int OSSL_PARAM_get_long(const OSSL_PARAM *p, long int *val) -{ -#ifndef OPENSSL_SMALL_FOOTPRINT - switch (sizeof(long int)) { - case sizeof(int32_t): - return OSSL_PARAM_get_int32(p, (int32_t *)val); - case sizeof(int64_t): - return OSSL_PARAM_get_int64(p, (int64_t *)val); - } -#endif - return general_get_int(p, val, sizeof(*val)); -} - -int OSSL_PARAM_set_long(OSSL_PARAM *p, long int val) -{ -#ifndef OPENSSL_SMALL_FOOTPRINT - switch (sizeof(long int)) { - case sizeof(int32_t): - return OSSL_PARAM_set_int32(p, (int32_t)val); - case sizeof(int64_t): - return OSSL_PARAM_set_int64(p, (int64_t)val); - } -#endif - return general_set_int(p, &val, sizeof(val)); -} - -OSSL_PARAM OSSL_PARAM_construct_long(const char *key, long int *buf) -{ - return ossl_param_construct(key, OSSL_PARAM_INTEGER, buf, sizeof(long int)); -} - -int OSSL_PARAM_get_ulong(const OSSL_PARAM *p, unsigned long int *val) -{ -#ifndef OPENSSL_SMALL_FOOTPRINT - switch (sizeof(unsigned long int)) { - case sizeof(uint32_t): - return OSSL_PARAM_get_uint32(p, (uint32_t *)val); - case sizeof(uint64_t): - return OSSL_PARAM_get_uint64(p, (uint64_t *)val); - } -#endif - return general_get_uint(p, val, sizeof(*val)); -} - -int OSSL_PARAM_set_ulong(OSSL_PARAM *p, unsigned long int val) -{ -#ifndef OPENSSL_SMALL_FOOTPRINT - switch (sizeof(unsigned long int)) { - case sizeof(uint32_t): - return OSSL_PARAM_set_uint32(p, (uint32_t)val); - case sizeof(uint64_t): - return OSSL_PARAM_set_uint64(p, (uint64_t)val); - } -#endif - return general_set_uint(p, &val, sizeof(val)); -} - -OSSL_PARAM OSSL_PARAM_construct_ulong(const char *key, unsigned long int *buf) -{ - return ossl_param_construct(key, OSSL_PARAM_UNSIGNED_INTEGER, buf, - sizeof(unsigned long int)); -} - -int OSSL_PARAM_get_int32(const OSSL_PARAM *p, int32_t *val) -{ - double d; - - if (val == NULL || p == NULL ) - return 0; - - if (p->data_type == OSSL_PARAM_INTEGER) { -#ifndef OPENSSL_SMALL_FOOTPRINT - int64_t i64; - - switch (p->data_size) { - case sizeof(int32_t): - *val = *(const int32_t *)p->data; - return 1; - case sizeof(int64_t): - i64 = *(const int64_t *)p->data; - if (i64 >= INT32_MIN && i64 <= INT32_MAX) { - *val = (int32_t)i64; - return 1; - } - return 0; - } -#endif - return general_get_int(p, val, sizeof(*val)); - - } else if (p->data_type == OSSL_PARAM_UNSIGNED_INTEGER) { -#ifndef OPENSSL_SMALL_FOOTPRINT - uint32_t u32; - uint64_t u64; - - switch (p->data_size) { - case sizeof(uint32_t): - u32 = *(const uint32_t *)p->data; - if (u32 <= INT32_MAX) { - *val = (int32_t)u32; - return 1; - } - return 0; - case sizeof(uint64_t): - u64 = *(const uint64_t *)p->data; - if (u64 <= INT32_MAX) { - *val = (int32_t)u64; - return 1; - } - return 0; - } -#endif - return general_get_int(p, val, sizeof(*val)); - - } else if (p->data_type == OSSL_PARAM_REAL) { - switch (p->data_size) { - case sizeof(double): - d = *(const double *)p->data; - if (d >= INT32_MIN && d <= INT32_MAX && d == (int32_t)d) { - *val = (int32_t)d; - return 1; - } - break; - } - } - return 0; -} - -int OSSL_PARAM_set_int32(OSSL_PARAM *p, int32_t val) -{ - if (p == NULL) - return 0; - p->return_size = 0; - if (p->data_type == OSSL_PARAM_INTEGER) { -#ifndef OPENSSL_SMALL_FOOTPRINT - p->return_size = sizeof(int32_t); /* Minimum expected size */ - if (p->data == NULL) - return 1; - switch (p->data_size) { - case sizeof(int32_t): - *(int32_t *)p->data = val; - return 1; - case sizeof(int64_t): - p->return_size = sizeof(int64_t); - *(int64_t *)p->data = (int64_t)val; - return 1; - } -#endif - return general_set_int(p, &val, sizeof(val)); - } else if (p->data_type == OSSL_PARAM_UNSIGNED_INTEGER && val >= 0) { -#ifndef OPENSSL_SMALL_FOOTPRINT - p->return_size = sizeof(uint32_t); /* Minimum expected size */ - if (p->data == NULL) - return 1; - switch (p->data_size) { - case sizeof(uint32_t): - *(uint32_t *)p->data = (uint32_t)val; - return 1; - case sizeof(uint64_t): - p->return_size = sizeof(uint64_t); - *(uint64_t *)p->data = (uint64_t)val; - return 1; - } -#endif - return general_set_int(p, &val, sizeof(val)); - } else if (p->data_type == OSSL_PARAM_REAL) { - p->return_size = sizeof(double); - if (p->data == NULL) - return 1; - switch (p->data_size) { - case sizeof(double): - *(double *)p->data = (double)val; - return 1; - } - } - return 0; -} - -OSSL_PARAM OSSL_PARAM_construct_int32(const char *key, int32_t *buf) -{ - return ossl_param_construct(key, OSSL_PARAM_INTEGER, buf, - sizeof(int32_t)); -} - -int OSSL_PARAM_get_uint32(const OSSL_PARAM *p, uint32_t *val) -{ - double d; - - if (val == NULL || p == NULL) - return 0; - - if (p->data_type == OSSL_PARAM_UNSIGNED_INTEGER) { -#ifndef OPENSSL_SMALL_FOOTPRINT - uint64_t u64; - - switch (p->data_size) { - case sizeof(uint32_t): - *val = *(const uint32_t *)p->data; - return 1; - case sizeof(uint64_t): - u64 = *(const uint64_t *)p->data; - if (u64 <= UINT32_MAX) { - *val = (uint32_t)u64; - return 1; - } - return 0; - } -#endif - return general_get_uint(p, val, sizeof(*val)); - } else if (p->data_type == OSSL_PARAM_INTEGER) { -#ifndef OPENSSL_SMALL_FOOTPRINT - int32_t i32; - int64_t i64; - - switch (p->data_size) { - case sizeof(int32_t): - i32 = *(const int32_t *)p->data; - if (i32 >= 0) { - *val = i32; - return 1; - } - return 0; - case sizeof(int64_t): - i64 = *(const int64_t *)p->data; - if (i64 >= 0 && i64 <= UINT32_MAX) { - *val = (uint32_t)i64; - return 1; - } - return 0; - } -#endif - return general_get_uint(p, val, sizeof(*val)); - } else if (p->data_type == OSSL_PARAM_REAL) { - switch (p->data_size) { - case sizeof(double): - d = *(const double *)p->data; - if (d >= 0 && d <= UINT32_MAX && d == (uint32_t)d) { - *val = (uint32_t)d; - return 1; - } - break; - } - } - return 0; -} - -int OSSL_PARAM_set_uint32(OSSL_PARAM *p, uint32_t val) -{ - if (p == NULL) - return 0; - p->return_size = 0; - - if (p->data_type == OSSL_PARAM_UNSIGNED_INTEGER) { -#ifndef OPENSSL_SMALL_FOOTPRINT - p->return_size = sizeof(uint32_t); /* Minimum expected size */ - if (p->data == NULL) - return 1; - switch (p->data_size) { - case sizeof(uint32_t): - *(uint32_t *)p->data = val; - return 1; - case sizeof(uint64_t): - p->return_size = sizeof(uint64_t); - *(uint64_t *)p->data = val; - return 1; - } -#endif - return general_set_uint(p, &val, sizeof(val)); - } else if (p->data_type == OSSL_PARAM_INTEGER) { -#ifndef OPENSSL_SMALL_FOOTPRINT - p->return_size = sizeof(int32_t); /* Minimum expected size */ - if (p->data == NULL) - return 1; - switch (p->data_size) { - case sizeof(int32_t): - if (val <= INT32_MAX) { - *(int32_t *)p->data = (int32_t)val; - return 1; - } - return 0; - case sizeof(int64_t): - p->return_size = sizeof(int64_t); - *(int64_t *)p->data = (int64_t)val; - return 1; - } -#endif - return general_set_uint(p, &val, sizeof(val)); - } else if (p->data_type == OSSL_PARAM_REAL) { - p->return_size = sizeof(double); - if (p->data == NULL) - return 1; - switch (p->data_size) { - case sizeof(double): - *(double *)p->data = (double)val; - return 1; - } - } - return 0; -} - -OSSL_PARAM OSSL_PARAM_construct_uint32(const char *key, uint32_t *buf) -{ - return ossl_param_construct(key, OSSL_PARAM_UNSIGNED_INTEGER, buf, - sizeof(uint32_t)); -} - -int OSSL_PARAM_get_int64(const OSSL_PARAM *p, int64_t *val) -{ - double d; - - if (val == NULL || p == NULL ) - return 0; - - if (p->data_type == OSSL_PARAM_INTEGER) { -#ifndef OPENSSL_SMALL_FOOTPRINT - switch (p->data_size) { - case sizeof(int32_t): - *val = *(const int32_t *)p->data; - return 1; - case sizeof(int64_t): - *val = *(const int64_t *)p->data; - return 1; - } -#endif - return general_get_int(p, val, sizeof(*val)); - } else if (p->data_type == OSSL_PARAM_UNSIGNED_INTEGER) { -#ifndef OPENSSL_SMALL_FOOTPRINT - uint64_t u64; - - switch (p->data_size) { - case sizeof(uint32_t): - *val = *(const uint32_t *)p->data; - return 1; - case sizeof(uint64_t): - u64 = *(const uint64_t *)p->data; - if (u64 <= INT64_MAX) { - *val = (int64_t)u64; - return 1; - } - return 0; - } -#endif - return general_get_int(p, val, sizeof(*val)); - } else if (p->data_type == OSSL_PARAM_REAL) { - switch (p->data_size) { - case sizeof(double): - d = *(const double *)p->data; - if (d >= INT64_MIN - /* - * By subtracting 65535 (2^16-1) we cancel the low order - * 15 bits of INT64_MAX to avoid using imprecise floating - * point values. - */ - && d < (double)(INT64_MAX - 65535) + 65536.0 - && d == (int64_t)d) { - *val = (int64_t)d; - return 1; - } - break; - } - } - return 0; -} - -int OSSL_PARAM_set_int64(OSSL_PARAM *p, int64_t val) -{ - uint64_t u64; - - if (p == NULL) - return 0; - p->return_size = 0; - if (p->data_type == OSSL_PARAM_INTEGER) { -#ifndef OPENSSL_SMALL_FOOTPRINT - p->return_size = sizeof(int64_t); /* Expected size */ - if (p->data == NULL) - return 1; - switch (p->data_size) { - case sizeof(int32_t): - if (val >= INT32_MIN && val <= INT32_MAX) { - p->return_size = sizeof(int32_t); - *(int32_t *)p->data = (int32_t)val; - return 1; - } - return 0; - case sizeof(int64_t): - *(int64_t *)p->data = val; - return 1; - } -#endif - return general_set_int(p, &val, sizeof(val)); - } else if (p->data_type == OSSL_PARAM_UNSIGNED_INTEGER && val >= 0) { -#ifndef OPENSSL_SMALL_FOOTPRINT - p->return_size = sizeof(uint64_t); /* Expected size */ - if (p->data == NULL) - return 1; - switch (p->data_size) { - case sizeof(uint32_t): - if (val <= UINT32_MAX) { - p->return_size = sizeof(uint32_t); - *(uint32_t *)p->data = (uint32_t)val; - return 1; - } - return 0; - case sizeof(uint64_t): - *(uint64_t *)p->data = (uint64_t)val; - return 1; - } -#endif - return general_set_int(p, &val, sizeof(val)); - } else if (p->data_type == OSSL_PARAM_REAL) { - p->return_size = sizeof(double); - if (p->data == NULL) - return 1; - switch (p->data_size) { - case sizeof(double): - u64 = val < 0 ? -val : val; - if ((u64 >> real_shift()) == 0) { - *(double *)p->data = (double)val; - return 1; - } - break; - } - } - return 0; -} - -OSSL_PARAM OSSL_PARAM_construct_int64(const char *key, int64_t *buf) -{ - return ossl_param_construct(key, OSSL_PARAM_INTEGER, buf, sizeof(int64_t)); -} - -int OSSL_PARAM_get_uint64(const OSSL_PARAM *p, uint64_t *val) -{ - double d; - - if (val == NULL || p == NULL) - return 0; - - if (p->data_type == OSSL_PARAM_UNSIGNED_INTEGER) { -#ifndef OPENSSL_SMALL_FOOTPRINT - switch (p->data_size) { - case sizeof(uint32_t): - *val = *(const uint32_t *)p->data; - return 1; - case sizeof(uint64_t): - *val = *(const uint64_t *)p->data; - return 1; - } -#endif - return general_get_uint(p, val, sizeof(*val)); - } else if (p->data_type == OSSL_PARAM_INTEGER) { -#ifndef OPENSSL_SMALL_FOOTPRINT - int32_t i32; - int64_t i64; - - switch (p->data_size) { - case sizeof(int32_t): - i32 = *(const int32_t *)p->data; - if (i32 >= 0) { - *val = (uint64_t)i32; - return 1; - } - return 0; - case sizeof(int64_t): - i64 = *(const int64_t *)p->data; - if (i64 >= 0) { - *val = (uint64_t)i64; - return 1; - } - return 0; - } -#endif - return general_get_uint(p, val, sizeof(*val)); - } else if (p->data_type == OSSL_PARAM_REAL) { - switch (p->data_size) { - case sizeof(double): - d = *(const double *)p->data; - if (d >= 0 - /* - * By subtracting 65535 (2^16-1) we cancel the low order - * 15 bits of UINT64_MAX to avoid using imprecise floating - * point values. - */ - && d < (double)(UINT64_MAX - 65535) + 65536.0 - && d == (uint64_t)d) { - *val = (uint64_t)d; - return 1; - } - break; - } - } - return 0; -} - -int OSSL_PARAM_set_uint64(OSSL_PARAM *p, uint64_t val) -{ - if (p == NULL) - return 0; - p->return_size = 0; - - if (p->data_type == OSSL_PARAM_UNSIGNED_INTEGER) { -#ifndef OPENSSL_SMALL_FOOTPRINT - p->return_size = sizeof(uint64_t); /* Expected size */ - if (p->data == NULL) - return 1; - switch (p->data_size) { - case sizeof(uint32_t): - if (val <= UINT32_MAX) { - p->return_size = sizeof(uint32_t); - *(uint32_t *)p->data = (uint32_t)val; - return 1; - } - return 0; - case sizeof(uint64_t): - *(uint64_t *)p->data = val; - return 1; - } -#endif - return general_set_uint(p, &val, sizeof(val)); - } else if (p->data_type == OSSL_PARAM_INTEGER) { -#ifndef OPENSSL_SMALL_FOOTPRINT - p->return_size = sizeof(int64_t); /* Expected size */ - if (p->data == NULL) - return 1; - switch (p->data_size) { - case sizeof(int32_t): - if (val <= INT32_MAX) { - p->return_size = sizeof(int32_t); - *(int32_t *)p->data = (int32_t)val; - return 1; - } - return 0; - case sizeof(int64_t): - if (val <= INT64_MAX) { - *(int64_t *)p->data = (int64_t)val; - return 1; - } - return 0; - } -#endif - return general_set_uint(p, &val, sizeof(val)); - } else if (p->data_type == OSSL_PARAM_REAL) { - p->return_size = sizeof(double); - switch (p->data_size) { - case sizeof(double): - if ((val >> real_shift()) == 0) { - *(double *)p->data = (double)val; - return 1; - } - break; - } - } - return 0; -} - -OSSL_PARAM OSSL_PARAM_construct_uint64(const char *key, uint64_t *buf) -{ - return ossl_param_construct(key, OSSL_PARAM_UNSIGNED_INTEGER, buf, - sizeof(uint64_t)); -} - -int OSSL_PARAM_get_size_t(const OSSL_PARAM *p, size_t *val) -{ -#ifndef OPENSSL_SMALL_FOOTPRINT - switch (sizeof(size_t)) { - case sizeof(uint32_t): - return OSSL_PARAM_get_uint32(p, (uint32_t *)val); - case sizeof(uint64_t): - return OSSL_PARAM_get_uint64(p, (uint64_t *)val); - } -#endif - return general_get_uint(p, val, sizeof(*val)); -} - -int OSSL_PARAM_set_size_t(OSSL_PARAM *p, size_t val) -{ -#ifndef OPENSSL_SMALL_FOOTPRINT - switch (sizeof(size_t)) { - case sizeof(uint32_t): - return OSSL_PARAM_set_uint32(p, (uint32_t)val); - case sizeof(uint64_t): - return OSSL_PARAM_set_uint64(p, (uint64_t)val); - } -#endif - return general_set_uint(p, &val, sizeof(val)); -} - -OSSL_PARAM OSSL_PARAM_construct_size_t(const char *key, size_t *buf) -{ - return ossl_param_construct(key, OSSL_PARAM_UNSIGNED_INTEGER, buf, - sizeof(size_t)); -} - -int OSSL_PARAM_get_time_t(const OSSL_PARAM *p, time_t *val) -{ -#ifndef OPENSSL_SMALL_FOOTPRINT - switch (sizeof(time_t)) { - case sizeof(int32_t): - return OSSL_PARAM_get_int32(p, (int32_t *)val); - case sizeof(int64_t): - return OSSL_PARAM_get_int64(p, (int64_t *)val); - } -#endif - return general_get_int(p, val, sizeof(*val)); -} - -int OSSL_PARAM_set_time_t(OSSL_PARAM *p, time_t val) -{ -#ifndef OPENSSL_SMALL_FOOTPRINT - switch (sizeof(time_t)) { - case sizeof(int32_t): - return OSSL_PARAM_set_int32(p, (int32_t)val); - case sizeof(int64_t): - return OSSL_PARAM_set_int64(p, (int64_t)val); - } -#endif - return general_set_int(p, &val, sizeof(val)); -} - -OSSL_PARAM OSSL_PARAM_construct_time_t(const char *key, time_t *buf) -{ - return ossl_param_construct(key, OSSL_PARAM_INTEGER, buf, sizeof(time_t)); -} - -int OSSL_PARAM_get_BN(const OSSL_PARAM *p, BIGNUM **val) -{ - BIGNUM *b; - - if (val == NULL - || p == NULL - || p->data_type != OSSL_PARAM_UNSIGNED_INTEGER) - return 0; - - b = BN_native2bn(p->data, (int)p->data_size, *val); - if (b != NULL) { - *val = b; - return 1; - } - return 0; -} - -int OSSL_PARAM_set_BN(OSSL_PARAM *p, const BIGNUM *val) -{ - size_t bytes; - - if (p == NULL) - return 0; - p->return_size = 0; - if (val == NULL || p->data_type != OSSL_PARAM_UNSIGNED_INTEGER) - return 0; - - /* For the moment, only positive values are permitted */ - if (BN_is_negative(val)) - return 0; - - bytes = (size_t)BN_num_bytes(val); - p->return_size = bytes; - if (p->data == NULL) - return 1; - if (p->data_size >= bytes) { - p->return_size = p->data_size; - return BN_bn2nativepad(val, p->data, p->data_size) >= 0; - } - return 0; -} - -OSSL_PARAM OSSL_PARAM_construct_BN(const char *key, unsigned char *buf, - size_t bsize) -{ - return ossl_param_construct(key, OSSL_PARAM_UNSIGNED_INTEGER, - buf, bsize); -} - -int OSSL_PARAM_get_double(const OSSL_PARAM *p, double *val) -{ - int64_t i64; - uint64_t u64; - - if (val == NULL || p == NULL) - return 0; - - if (p->data_type == OSSL_PARAM_REAL) { - switch (p->data_size) { - case sizeof(double): - *val = *(const double *)p->data; - return 1; - } - } else if (p->data_type == OSSL_PARAM_UNSIGNED_INTEGER) { - switch (p->data_size) { - case sizeof(uint32_t): - *val = *(const uint32_t *)p->data; - return 1; - case sizeof(uint64_t): - u64 = *(const uint64_t *)p->data; - if ((u64 >> real_shift()) == 0) { - *val = (double)u64; - return 1; - } - break; - } - } else if (p->data_type == OSSL_PARAM_INTEGER) { - switch (p->data_size) { - case sizeof(int32_t): - *val = *(const int32_t *)p->data; - return 1; - case sizeof(int64_t): - i64 = *(const int64_t *)p->data; - u64 = i64 < 0 ? -i64 : i64; - if ((u64 >> real_shift()) == 0) { - *val = 0.0 + i64; - return 1; - } - break; - } - } - return 0; -} - -int OSSL_PARAM_set_double(OSSL_PARAM *p, double val) -{ - if (p == NULL) - return 0; - p->return_size = 0; - - if (p->data_type == OSSL_PARAM_REAL) { - p->return_size = sizeof(double); - if (p->data == NULL) - return 1; - switch (p->data_size) { - case sizeof(double): - *(double *)p->data = val; - return 1; - } - } else if (p->data_type == OSSL_PARAM_UNSIGNED_INTEGER - && val == (uint64_t)val) { - p->return_size = sizeof(double); - if (p->data == NULL) - return 1; - switch (p->data_size) { - case sizeof(uint32_t): - if (val >= 0 && val <= UINT32_MAX) { - p->return_size = sizeof(uint32_t); - *(uint32_t *)p->data = (uint32_t)val; - return 1; - } - break; - case sizeof(uint64_t): - if (val >= 0 - /* - * By subtracting 65535 (2^16-1) we cancel the low order - * 15 bits of UINT64_MAX to avoid using imprecise floating - * point values. - */ - && val < (double)(UINT64_MAX - 65535) + 65536.0) { - p->return_size = sizeof(uint64_t); - *(uint64_t *)p->data = (uint64_t)val; - return 1; - } - break; } - } else if (p->data_type == OSSL_PARAM_INTEGER && val == (int64_t)val) { - p->return_size = sizeof(double); - if (p->data == NULL) - return 1; - switch (p->data_size) { - case sizeof(int32_t): - if (val >= INT32_MIN && val <= INT32_MAX) { - p->return_size = sizeof(int32_t); - *(int32_t *)p->data = (int32_t)val; - return 1; - } - break; - case sizeof(int64_t): - if (val >= INT64_MIN - /* - * By subtracting 65535 (2^16-1) we cancel the low order - * 15 bits of INT64_MAX to avoid using imprecise floating - * point values. - */ - && val < (double)(INT64_MAX - 65535) + 65536.0) { - p->return_size = sizeof(int64_t); - *(int64_t *)p->data = (int64_t)val; - return 1; - } - break; - } - } - return 0; -} - -OSSL_PARAM OSSL_PARAM_construct_double(const char *key, double *buf) -{ - return ossl_param_construct(key, OSSL_PARAM_REAL, buf, sizeof(double)); -} - -static int get_string_internal(const OSSL_PARAM *p, void **val, - size_t *max_len, size_t *used_len, - unsigned int type) -{ - size_t sz, alloc_sz; - - if ((val == NULL && used_len == NULL) || p == NULL || p->data_type != type) - return 0; - - sz = p->data_size; - /* - * If the input size is 0, or the input string needs NUL byte - * termination, allocate an extra byte. - */ - alloc_sz = sz + (type == OSSL_PARAM_UTF8_STRING || sz == 0); - - if (used_len != NULL) - *used_len = sz; - - if (p->data == NULL) - return 0; - - if (val == NULL) - return 1; - - if (*val == NULL) { - char *const q = OPENSSL_malloc(alloc_sz); - - if (q == NULL) - return 0; - *val = q; - *max_len = alloc_sz; - } - - if (*max_len < sz) - return 0; - memcpy(*val, p->data, sz); - return 1; -} - -int OSSL_PARAM_get_utf8_string(const OSSL_PARAM *p, char **val, size_t max_len) -{ - int ret = get_string_internal(p, (void **)val, &max_len, NULL, - OSSL_PARAM_UTF8_STRING); - - /* - * We try to ensure that the copied string is terminated with a - * NUL byte. That should be easy, just place a NUL byte at - * |((char*)*val)[p->data_size]|. - * Unfortunately, we have seen cases where |p->data_size| doesn't - * correctly reflect the length of the string, and just happens - * to be out of bounds according to |max_len|, so in that case, we - * make the extra step of trying to find the true length of the - * string that |p->data| points at, and use that as an index to - * place the NUL byte in |*val|. - */ - size_t data_length = p->data_size; - - if (ret == 0) - return 0; - if (data_length >= max_len) - data_length = OPENSSL_strnlen(p->data, data_length); - if (data_length >= max_len) - return 0; /* No space for a terminating NUL byte */ - (*val)[data_length] = '\0'; - - return ret; -} - -int OSSL_PARAM_get_octet_string(const OSSL_PARAM *p, void **val, size_t max_len, - size_t *used_len) -{ - return get_string_internal(p, val, &max_len, used_len, - OSSL_PARAM_OCTET_STRING); -} - -static int set_string_internal(OSSL_PARAM *p, const void *val, size_t len, - unsigned int type) -{ - p->return_size = len; - if (p->data == NULL) - return 1; - if (p->data_type != type || p->data_size < len) - return 0; - - memcpy(p->data, val, len); - /* If possible within the size of p->data, add a NUL terminator byte */ - if (type == OSSL_PARAM_UTF8_STRING && p->data_size > len) - ((char *)p->data)[len] = '\0'; - return 1; -} - -int OSSL_PARAM_set_utf8_string(OSSL_PARAM *p, const char *val) -{ - if (p == NULL) - return 0; - - p->return_size = 0; - if (val == NULL) - return 0; - return set_string_internal(p, val, strlen(val), OSSL_PARAM_UTF8_STRING); -} - -int OSSL_PARAM_set_octet_string(OSSL_PARAM *p, const void *val, - size_t len) -{ - if (p == NULL) - return 0; - - p->return_size = 0; - if (val == NULL) - return 0; - return set_string_internal(p, val, len, OSSL_PARAM_OCTET_STRING); -} - -OSSL_PARAM OSSL_PARAM_construct_utf8_string(const char *key, char *buf, - size_t bsize) -{ - if (buf != NULL && bsize == 0) - bsize = strlen(buf); - return ossl_param_construct(key, OSSL_PARAM_UTF8_STRING, buf, bsize); -} - -OSSL_PARAM OSSL_PARAM_construct_octet_string(const char *key, void *buf, - size_t bsize) -{ - return ossl_param_construct(key, OSSL_PARAM_OCTET_STRING, buf, bsize); -} - -static int get_ptr_internal(const OSSL_PARAM *p, const void **val, - size_t *used_len, unsigned int type) -{ - if (val == NULL || p == NULL || p->data_type != type) - return 0; - if (used_len != NULL) - *used_len = p->data_size; - *val = *(const void **)p->data; - return 1; -} - -int OSSL_PARAM_get_utf8_ptr(const OSSL_PARAM *p, const char **val) -{ - return get_ptr_internal(p, (const void **)val, NULL, OSSL_PARAM_UTF8_PTR); -} - -int OSSL_PARAM_get_octet_ptr(const OSSL_PARAM *p, const void **val, - size_t *used_len) -{ - return get_ptr_internal(p, val, used_len, OSSL_PARAM_OCTET_PTR); -} - -static int set_ptr_internal(OSSL_PARAM *p, const void *val, - unsigned int type, size_t len) -{ - p->return_size = len; - if (p->data_type != type) - return 0; - if (p->data != NULL) - *(const void **)p->data = val; - return 1; -} - -int OSSL_PARAM_set_utf8_ptr(OSSL_PARAM *p, const char *val) -{ - if (p == NULL) - return 0; - p->return_size = 0; - return set_ptr_internal(p, val, OSSL_PARAM_UTF8_PTR, - val == NULL ? 0 : strlen(val)); -} - -int OSSL_PARAM_set_octet_ptr(OSSL_PARAM *p, const void *val, - size_t used_len) -{ - if (p == NULL) - return 0; - p->return_size = 0; - return set_ptr_internal(p, val, OSSL_PARAM_OCTET_PTR, used_len); -} - -OSSL_PARAM OSSL_PARAM_construct_utf8_ptr(const char *key, char **buf, - size_t bsize) -{ - return ossl_param_construct(key, OSSL_PARAM_UTF8_PTR, buf, bsize); -} - -OSSL_PARAM OSSL_PARAM_construct_octet_ptr(const char *key, void **buf, - size_t bsize) -{ - return ossl_param_construct(key, OSSL_PARAM_OCTET_PTR, buf, bsize); -} - -OSSL_PARAM OSSL_PARAM_construct_end(void) -{ - OSSL_PARAM end = OSSL_PARAM_END; - - return end; -} - -static int get_string_ptr_internal(const OSSL_PARAM *p, const void **val, - size_t *used_len, unsigned int type) -{ - if (val == NULL || p == NULL || p->data_type != type) - return 0; - if (used_len != NULL) - *used_len = p->data_size; - *val = p->data; - return 1; -} - -int OSSL_PARAM_get_utf8_string_ptr(const OSSL_PARAM *p, const char **val) -{ - return OSSL_PARAM_get_utf8_ptr(p, val) - || get_string_ptr_internal(p, (const void **)val, NULL, - OSSL_PARAM_UTF8_STRING); -} - -int OSSL_PARAM_get_octet_string_ptr(const OSSL_PARAM *p, const void **val, - size_t *used_len) -{ - return OSSL_PARAM_get_octet_ptr(p, val, used_len) - || get_string_ptr_internal(p, val, used_len, OSSL_PARAM_OCTET_STRING); -} diff --git a/crypto/params_dup.c b/crypto/params_dup.c deleted file mode 100644 index bc1546fc53cb5621d1c954efe09a6f6842b1e619..0000000000000000000000000000000000000000 --- a/crypto/params_dup.c +++ /dev/null @@ -1,235 +0,0 @@ -/* - * Copyright 2021-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include "internal/param_build_set.h" - -#define OSSL_PARAM_ALLOCATED_END 127 -#define OSSL_PARAM_MERGE_LIST_MAX 128 - -#define OSSL_PARAM_BUF_PUBLIC 0 -#define OSSL_PARAM_BUF_SECURE 1 -#define OSSL_PARAM_BUF_MAX (OSSL_PARAM_BUF_SECURE + 1) - -typedef struct { - OSSL_PARAM_ALIGNED_BLOCK *alloc; /* The allocated buffer */ - OSSL_PARAM_ALIGNED_BLOCK *cur; /* Current position in the allocated buf */ - size_t blocks; /* Number of aligned blocks */ - size_t alloc_sz; /* The size of the allocated buffer (in bytes) */ -} OSSL_PARAM_BUF; - -size_t ossl_param_bytes_to_blocks(size_t bytes) -{ - return (bytes + OSSL_PARAM_ALIGN_SIZE - 1) / OSSL_PARAM_ALIGN_SIZE; -} - -static int ossl_param_buf_alloc(OSSL_PARAM_BUF *out, size_t extra_blocks, - int is_secure) -{ - size_t sz = OSSL_PARAM_ALIGN_SIZE * (extra_blocks + out->blocks); - - out->alloc = is_secure ? OPENSSL_secure_zalloc(sz) : OPENSSL_zalloc(sz); - if (out->alloc == NULL) { - ERR_raise(ERR_LIB_CRYPTO, is_secure ? CRYPTO_R_SECURE_MALLOC_FAILURE - : ERR_R_MALLOC_FAILURE); - return 0; - } - out->alloc_sz = sz; - out->cur = out->alloc + extra_blocks; - return 1; -} - -void ossl_param_set_secure_block(OSSL_PARAM *last, void *secure_buffer, - size_t secure_buffer_sz) -{ - last->key = NULL; - last->data_size = secure_buffer_sz; - last->data = secure_buffer; - last->data_type = OSSL_PARAM_ALLOCATED_END; -} - -static OSSL_PARAM *ossl_param_dup(const OSSL_PARAM *src, OSSL_PARAM *dst, - OSSL_PARAM_BUF buf[OSSL_PARAM_BUF_MAX], - int *param_count) -{ - const OSSL_PARAM *in; - int has_dst = (dst != NULL); - int is_secure; - size_t param_sz, blks; - - for (in = src; in->key != NULL; in++) { - is_secure = CRYPTO_secure_allocated(in->data); - if (has_dst) { - *dst = *in; - dst->data = buf[is_secure].cur; - } - - if (in->data_type == OSSL_PARAM_OCTET_PTR - || in->data_type == OSSL_PARAM_UTF8_PTR) { - param_sz = sizeof(in->data); - if (has_dst) - *((const void **)dst->data) = *(const void **)in->data; - } else { - param_sz = in->data_size; - if (has_dst) - memcpy(dst->data, in->data, param_sz); - } - if (in->data_type == OSSL_PARAM_UTF8_STRING) - param_sz++; /* NULL terminator */ - blks = ossl_param_bytes_to_blocks(param_sz); - - if (has_dst) { - dst++; - buf[is_secure].cur += blks; - } else { - buf[is_secure].blocks += blks; - } - if (param_count != NULL) - ++*param_count; - } - return dst; -} - -OSSL_PARAM *OSSL_PARAM_dup(const OSSL_PARAM *src) -{ - size_t param_blocks; - OSSL_PARAM_BUF buf[OSSL_PARAM_BUF_MAX]; - OSSL_PARAM *last, *dst; - int param_count = 1; /* Include terminator in the count */ - - if (src == NULL) - return NULL; - - memset(buf, 0, sizeof(buf)); - - /* First Pass: get the param_count and block sizes required */ - (void)ossl_param_dup(src, NULL, buf, ¶m_count); - - param_blocks = ossl_param_bytes_to_blocks(param_count * sizeof(*src)); - /* - * The allocated buffer consists of an array of OSSL_PARAM followed by - * aligned data bytes that the array elements will point to. - */ - if (!ossl_param_buf_alloc(&buf[OSSL_PARAM_BUF_PUBLIC], param_blocks, 0)) - return NULL; - - /* Allocate a secure memory buffer if required */ - if (buf[OSSL_PARAM_BUF_SECURE].blocks > 0 - && !ossl_param_buf_alloc(&buf[OSSL_PARAM_BUF_SECURE], 0, 1)) { - OPENSSL_free(buf[OSSL_PARAM_BUF_PUBLIC].alloc); - return NULL; - } - - dst = (OSSL_PARAM *)buf[OSSL_PARAM_BUF_PUBLIC].alloc; - last = ossl_param_dup(src, dst, buf, NULL); - /* Store the allocated secure memory buffer in the last param block */ - ossl_param_set_secure_block(last, buf[OSSL_PARAM_BUF_SECURE].alloc, - buf[OSSL_PARAM_BUF_SECURE].alloc_sz); - return dst; -} - -static int compare_params(const void *left, const void *right) -{ - const OSSL_PARAM *l = *(const OSSL_PARAM **)left; - const OSSL_PARAM *r = *(const OSSL_PARAM **)right; - - return OPENSSL_strcasecmp(l->key, r->key); -} - -OSSL_PARAM *OSSL_PARAM_merge(const OSSL_PARAM *p1, const OSSL_PARAM *p2) -{ - const OSSL_PARAM *list1[OSSL_PARAM_MERGE_LIST_MAX + 1]; - const OSSL_PARAM *list2[OSSL_PARAM_MERGE_LIST_MAX + 1]; - const OSSL_PARAM *p = NULL; - const OSSL_PARAM **p1cur, **p2cur; - OSSL_PARAM *params, *dst; - size_t list1_sz = 0, list2_sz = 0; - int diff; - - if (p1 == NULL && p2 == NULL) - return NULL; - - /* Copy p1 to list1 */ - if (p1 != NULL) { - for (p = p1; p->key != NULL && list1_sz < OSSL_PARAM_MERGE_LIST_MAX; p++) - list1[list1_sz++] = p; - } - list1[list1_sz] = NULL; - - /* copy p2 to a list2 */ - if (p2 != NULL) { - for (p = p2; p->key != NULL && list2_sz < OSSL_PARAM_MERGE_LIST_MAX; p++) - list2[list2_sz++] = p; - } - list2[list2_sz] = NULL; - if (list1_sz == 0 && list2_sz == 0) - return NULL; - - /* Sort the 2 lists */ - qsort(list1, list1_sz, sizeof(OSSL_PARAM *), compare_params); - qsort(list2, list2_sz, sizeof(OSSL_PARAM *), compare_params); - - /* Allocate enough space to store the merged parameters */ - params = OPENSSL_zalloc((list1_sz + list2_sz + 1) * sizeof(*p1)); - if (params == NULL) { - ERR_raise(ERR_LIB_CRYPTO, ERR_R_MALLOC_FAILURE); - return NULL; - } - dst = params; - p1cur = list1; - p2cur = list2; - while (1) { - /* If list1 is finished just tack list2 onto the end */ - if (*p1cur == NULL) { - do { - *dst++ = **p2cur; - p2cur++; - } while (*p2cur != NULL); - break; - } - /* If list2 is finished just tack list1 onto the end */ - if (*p2cur == NULL) { - do { - *dst++ = **p1cur; - p1cur++; - } while (*p1cur != NULL); - break; - } - /* consume the list element with the smaller key */ - diff = OPENSSL_strcasecmp((*p1cur)->key, (*p2cur)->key); - if (diff == 0) { - /* If the keys are the same then throw away the list1 element */ - *dst++ = **p2cur; - p2cur++; - p1cur++; - } else if (diff > 0) { - *dst++ = **p2cur; - p2cur++; - } else { - *dst++ = **p1cur; - p1cur++; - } - } - return params; -} - -void OSSL_PARAM_free(OSSL_PARAM *params) -{ - if (params != NULL) { - OSSL_PARAM *p; - - for (p = params; p->key != NULL; p++) - ; - if (p->data_type == OSSL_PARAM_ALLOCATED_END) - OPENSSL_secure_clear_free(p->data, p->data_size); - OPENSSL_free(params); - } -} diff --git a/crypto/params_from_text.c b/crypto/params_from_text.c deleted file mode 100644 index 360f8933e1355725ed5c17a344de567ce63ced84..0000000000000000000000000000000000000000 --- a/crypto/params_from_text.c +++ /dev/null @@ -1,230 +0,0 @@ -/* - * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. - * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include - -/* - * When processing text to params, we're trying to be smart with numbers. - * Instead of handling each specific separate integer type, we use a bignum - * and ensure that it isn't larger than the expected size, and we then make - * sure it is the expected size... if there is one given. - * (if the size can be arbitrary, then we give whatever we have) - */ - -static int prepare_from_text(const OSSL_PARAM *paramdefs, const char *key, - const char *value, size_t value_n, - /* Output parameters */ - const OSSL_PARAM **paramdef, int *ishex, - size_t *buf_n, BIGNUM **tmpbn, int *found) -{ - const OSSL_PARAM *p; - size_t buf_bits; - int r; - - /* - * ishex is used to translate legacy style string controls in hex format - * to octet string parameters. - */ - *ishex = strncmp(key, "hex", 3) == 0; - - if (*ishex) - key += 3; - - p = *paramdef = OSSL_PARAM_locate_const(paramdefs, key); - if (found != NULL) - *found = p != NULL; - if (p == NULL) - return 0; - - switch (p->data_type) { - case OSSL_PARAM_INTEGER: - case OSSL_PARAM_UNSIGNED_INTEGER: - if (*ishex) - r = BN_hex2bn(tmpbn, value); - else - r = BN_asc2bn(tmpbn, value); - - if (r == 0 || *tmpbn == NULL) - return 0; - - if (p->data_type == OSSL_PARAM_UNSIGNED_INTEGER - && BN_is_negative(*tmpbn)) { - ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_INVALID_NEGATIVE_VALUE); - return 0; - } - - /* - * 2's complement negate, part 1 - * - * BN_bn2nativepad puts the absolute value of the number in the - * buffer, i.e. if it's negative, we need to deal with it. We do - * it by subtracting 1 here and inverting the bytes in - * construct_from_text() below. - * To subtract 1 from an absolute value of a negative number we - * actually have to add 1: -3 - 1 = -4, |-3| = 3 + 1 = 4. - */ - if (p->data_type == OSSL_PARAM_INTEGER && BN_is_negative(*tmpbn) - && !BN_add_word(*tmpbn, 1)) { - return 0; - } - - buf_bits = (size_t)BN_num_bits(*tmpbn); - - /* - * Compensate for cases where the most significant bit in - * the resulting OSSL_PARAM buffer will be set after the - * BN_bn2nativepad() call, as the implied sign may not be - * correct after the second part of the 2's complement - * negation has been performed. - * We fix these cases by extending the buffer by one byte - * (8 bits), which will give some padding. The second part - * of the 2's complement negation will do the rest. - */ - if (p->data_type == OSSL_PARAM_INTEGER && buf_bits % 8 == 0) - buf_bits += 8; - - *buf_n = (buf_bits + 7) / 8; - - /* - * A zero data size means "arbitrary size", so only do the - * range checking if a size is specified. - */ - if (p->data_size > 0) { - if (buf_bits > p->data_size * 8) { - ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_TOO_SMALL_BUFFER); - /* Since this is a different error, we don't break */ - return 0; - } - /* Change actual size to become the desired size. */ - *buf_n = p->data_size; - } - break; - case OSSL_PARAM_UTF8_STRING: - if (*ishex) { - ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_INVALID_ARGUMENT); - return 0; - } - *buf_n = strlen(value) + 1; - break; - case OSSL_PARAM_OCTET_STRING: - if (*ishex) { - *buf_n = strlen(value) >> 1; - } else { - *buf_n = value_n; - } - break; - } - - return 1; -} - -static int construct_from_text(OSSL_PARAM *to, const OSSL_PARAM *paramdef, - const char *value, size_t value_n, int ishex, - void *buf, size_t buf_n, BIGNUM *tmpbn) -{ - if (buf == NULL) - return 0; - - if (buf_n > 0) { - switch (paramdef->data_type) { - case OSSL_PARAM_INTEGER: - case OSSL_PARAM_UNSIGNED_INTEGER: - /* - { - if ((new_value = OPENSSL_malloc(new_value_n)) == NULL) { - BN_free(a); - break; - } - */ - - BN_bn2nativepad(tmpbn, buf, buf_n); - - /* - * 2's complement negation, part two. - * - * Because we did the first part on the BIGNUM itself, we can just - * invert all the bytes here and be done with it. - */ - if (paramdef->data_type == OSSL_PARAM_INTEGER - && BN_is_negative(tmpbn)) { - unsigned char *cp; - size_t i = buf_n; - - for (cp = buf; i-- > 0; cp++) - *cp ^= 0xFF; - } - break; - case OSSL_PARAM_UTF8_STRING: -#ifdef CHARSET_EBCDIC - ebcdic2ascii(buf, value, buf_n); -#else - strncpy(buf, value, buf_n); -#endif - /* Don't count the terminating NUL byte as data */ - buf_n--; - break; - case OSSL_PARAM_OCTET_STRING: - if (ishex) { - size_t l = 0; - - if (!OPENSSL_hexstr2buf_ex(buf, buf_n, &l, value, ':')) - return 0; - } else { - memcpy(buf, value, buf_n); - } - break; - } - } - - *to = *paramdef; - to->data = buf; - to->data_size = buf_n; - to->return_size = OSSL_PARAM_UNMODIFIED; - - return 1; -} - -int OSSL_PARAM_allocate_from_text(OSSL_PARAM *to, - const OSSL_PARAM *paramdefs, - const char *key, const char *value, - size_t value_n, int *found) -{ - const OSSL_PARAM *paramdef = NULL; - int ishex = 0; - void *buf = NULL; - size_t buf_n = 0; - BIGNUM *tmpbn = NULL; - int ok = 0; - - if (to == NULL || paramdefs == NULL) - return 0; - - if (!prepare_from_text(paramdefs, key, value, value_n, - ¶mdef, &ishex, &buf_n, &tmpbn, found)) - goto err; - - if ((buf = OPENSSL_zalloc(buf_n > 0 ? buf_n : 1)) == NULL) { - ERR_raise(ERR_LIB_CRYPTO, ERR_R_MALLOC_FAILURE); - goto err; - } - - ok = construct_from_text(to, paramdef, value, value_n, ishex, - buf, buf_n, tmpbn); - BN_free(tmpbn); - if (!ok) - OPENSSL_free(buf); - return ok; - err: - BN_free(tmpbn); - return 0; -} diff --git a/crypto/pariscid.pl b/crypto/pariscid.pl deleted file mode 100644 index bad337545740a4f0273149f4b5ebb85818401e0d..0000000000000000000000000000000000000000 --- a/crypto/pariscid.pl +++ /dev/null @@ -1,279 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2009-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - - -# $output is the last argument if it looks like a file (it has an extension) -# $flavour is the first argument if it doesn't look like a file -$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; -$flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef; - -$output and open STDOUT,">$output"; - -if ($flavour =~ /64/) { - $LEVEL ="2.0W"; - $SIZE_T =8; - $ST ="std"; -} else { - $LEVEL ="1.1"; - $SIZE_T =4; - $ST ="stw"; -} - -$rp="%r2"; -$sp="%r30"; -$rv="%r28"; - -$code=<<___; - .LEVEL $LEVEL - .SPACE \$TEXT\$ - .SUBSPA \$CODE\$,QUAD=0,ALIGN=8,ACCESS=0x2C,CODE_ONLY - - .EXPORT OPENSSL_cpuid_setup,ENTRY - .ALIGN 8 -OPENSSL_cpuid_setup - .PROC - .CALLINFO NO_CALLS - .ENTRY - bv ($rp) - .EXIT - nop - .PROCEND - - .EXPORT OPENSSL_rdtsc,ENTRY - .ALIGN 8 -OPENSSL_rdtsc - .PROC - .CALLINFO NO_CALLS - .ENTRY - mfctl %cr16,$rv - bv ($rp) - .EXIT - nop - .PROCEND - - .EXPORT OPENSSL_wipe_cpu,ENTRY - .ALIGN 8 -OPENSSL_wipe_cpu - .PROC - .CALLINFO NO_CALLS - .ENTRY - xor %r0,%r0,%r1 - fcpy,dbl %fr0,%fr4 - xor %r0,%r0,%r19 - fcpy,dbl %fr0,%fr5 - xor %r0,%r0,%r20 - fcpy,dbl %fr0,%fr6 - xor %r0,%r0,%r21 - fcpy,dbl %fr0,%fr7 - xor %r0,%r0,%r22 - fcpy,dbl %fr0,%fr8 - xor %r0,%r0,%r23 - fcpy,dbl %fr0,%fr9 - xor %r0,%r0,%r24 - fcpy,dbl %fr0,%fr10 - xor %r0,%r0,%r25 - fcpy,dbl %fr0,%fr11 - xor %r0,%r0,%r26 - fcpy,dbl %fr0,%fr22 - xor %r0,%r0,%r29 - fcpy,dbl %fr0,%fr23 - xor %r0,%r0,%r31 - fcpy,dbl %fr0,%fr24 - fcpy,dbl %fr0,%fr25 - fcpy,dbl %fr0,%fr26 - fcpy,dbl %fr0,%fr27 - fcpy,dbl %fr0,%fr28 - fcpy,dbl %fr0,%fr29 - fcpy,dbl %fr0,%fr30 - fcpy,dbl %fr0,%fr31 - bv ($rp) - .EXIT - ldo 0($sp),$rv - .PROCEND -___ -{ -my $inp="%r26"; -my $len="%r25"; - -$code.=<<___; - .EXPORT OPENSSL_cleanse,ENTRY,ARGW0=GR,ARGW1=GR - .ALIGN 8 -OPENSSL_cleanse - .PROC - .CALLINFO NO_CALLS - .ENTRY - cmpib,*= 0,$len,L\$done - nop - cmpib,*>>= 15,$len,L\$ittle - ldi $SIZE_T-1,%r1 - -L\$align - and,*<> $inp,%r1,%r28 - b,n L\$aligned - stb %r0,0($inp) - ldo -1($len),$len - b L\$align - ldo 1($inp),$inp - -L\$aligned - andcm $len,%r1,%r28 -L\$ot - $ST %r0,0($inp) - addib,*<> -$SIZE_T,%r28,L\$ot - ldo $SIZE_T($inp),$inp - - and,*<> $len,%r1,$len - b,n L\$done -L\$ittle - stb %r0,0($inp) - addib,*<> -1,$len,L\$ittle - ldo 1($inp),$inp -L\$done - bv ($rp) - .EXIT - nop - .PROCEND -___ -} -{ -my ($in1,$in2,$len)=("%r26","%r25","%r24"); - -$code.=<<___; - .EXPORT CRYPTO_memcmp,ENTRY,ARGW0=GR,ARGW1=GR,ARGW1=GR - .ALIGN 8 -CRYPTO_memcmp - .PROC - .CALLINFO NO_CALLS - .ENTRY - cmpib,*= 0,$len,L\$no_data - xor $rv,$rv,$rv - -L\$oop_cmp - ldb 0($in1),%r19 - ldb 0($in2),%r20 - ldo 1($in1),$in1 - ldo 1($in2),$in2 - xor %r19,%r20,%r29 - addib,*<> -1,$len,L\$oop_cmp - or %r29,$rv,$rv - - sub %r0,$rv,%r29 - extru %r29,0,1,$rv -L\$no_data - bv ($rp) - .EXIT - nop - .PROCEND -___ -} -{ -my ($out,$cnt,$max)=("%r26","%r25","%r24"); -my ($tick,$lasttick)=("%r23","%r22"); -my ($diff,$lastdiff)=("%r21","%r20"); - -$code.=<<___; - .EXPORT OPENSSL_instrument_bus,ENTRY,ARGW0=GR,ARGW1=GR - .ALIGN 8 -OPENSSL_instrument_bus - .PROC - .CALLINFO NO_CALLS - .ENTRY - copy $cnt,$rv - mfctl %cr16,$tick - copy $tick,$lasttick - ldi 0,$diff - - fdc 0($out) - ldw 0($out),$tick - add $diff,$tick,$tick - stw $tick,0($out) -L\$oop - mfctl %cr16,$tick - sub $tick,$lasttick,$diff - copy $tick,$lasttick - - fdc 0($out) - ldw 0($out),$tick - add $diff,$tick,$tick - stw $tick,0($out) - - addib,<> -1,$cnt,L\$oop - addi 4,$out,$out - - bv ($rp) - .EXIT - sub $rv,$cnt,$rv - .PROCEND - - .EXPORT OPENSSL_instrument_bus2,ENTRY,ARGW0=GR,ARGW1=GR - .ALIGN 8 -OPENSSL_instrument_bus2 - .PROC - .CALLINFO NO_CALLS - .ENTRY - copy $cnt,$rv - sub %r0,$cnt,$cnt - - mfctl %cr16,$tick - copy $tick,$lasttick - ldi 0,$diff - - fdc 0($out) - ldw 0($out),$tick - add $diff,$tick,$tick - stw $tick,0($out) - - mfctl %cr16,$tick - sub $tick,$lasttick,$diff - copy $tick,$lasttick -L\$oop2 - copy $diff,$lastdiff - fdc 0($out) - ldw 0($out),$tick - add $diff,$tick,$tick - stw $tick,0($out) - - addib,= -1,$max,L\$done2 - nop - - mfctl %cr16,$tick - sub $tick,$lasttick,$diff - copy $tick,$lasttick - cmpclr,<> $lastdiff,$diff,$tick - ldi 1,$tick - - ldi 1,%r1 - xor %r1,$tick,$tick - addb,<> $tick,$cnt,L\$oop2 - shladd,l $tick,2,$out,$out -L\$done2 - bv ($rp) - .EXIT - add $rv,$cnt,$rv - .PROCEND -___ -} - -if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1` - =~ /GNU assembler/) { - $gnuas = 1; -} - -foreach(split("\n",$code)) { - - s/(\.LEVEL\s+2\.0)W/$1w/ if ($gnuas && $SIZE_T==8); - s/\.SPACE\s+\$TEXT\$/.text/ if ($gnuas && $SIZE_T==8); - s/\.SUBSPA.*// if ($gnuas && $SIZE_T==8); - s/cmpib,\*/comib,/ if ($SIZE_T==4); - s/,\*/,/ if ($SIZE_T==4); - s/\bbv\b/bve/ if ($SIZE_T==8); - - print $_,"\n"; -} -close STDOUT or die "error closing STDOUT: $!"; - diff --git a/crypto/passphrase.c b/crypto/passphrase.c deleted file mode 100644 index fcc40f6dab5369b544a747db519bb20642f429c8..0000000000000000000000000000000000000000 --- a/crypto/passphrase.c +++ /dev/null @@ -1,353 +0,0 @@ -/* - * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include "internal/cryptlib.h" -#include "internal/passphrase.h" - -void ossl_pw_clear_passphrase_data(struct ossl_passphrase_data_st *data) -{ - if (data != NULL) { - if (data->type == is_expl_passphrase) - OPENSSL_clear_free(data->_.expl_passphrase.passphrase_copy, - data->_.expl_passphrase.passphrase_len); - ossl_pw_clear_passphrase_cache(data); - memset(data, 0, sizeof(*data)); - } -} - -void ossl_pw_clear_passphrase_cache(struct ossl_passphrase_data_st *data) -{ - OPENSSL_clear_free(data->cached_passphrase, data->cached_passphrase_len); - data->cached_passphrase = NULL; -} - -int ossl_pw_set_passphrase(struct ossl_passphrase_data_st *data, - const unsigned char *passphrase, - size_t passphrase_len) -{ - if (!ossl_assert(data != NULL && passphrase != NULL)) { - ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - ossl_pw_clear_passphrase_data(data); - data->type = is_expl_passphrase; - data->_.expl_passphrase.passphrase_copy = - passphrase_len != 0 ? OPENSSL_memdup(passphrase, passphrase_len) - : OPENSSL_malloc(1); - if (data->_.expl_passphrase.passphrase_copy == NULL) { - ERR_raise(ERR_LIB_CRYPTO, ERR_R_MALLOC_FAILURE); - return 0; - } - data->_.expl_passphrase.passphrase_len = passphrase_len; - return 1; -} - -int ossl_pw_set_pem_password_cb(struct ossl_passphrase_data_st *data, - pem_password_cb *cb, void *cbarg) -{ - if (!ossl_assert(data != NULL && cb != NULL)) { - ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - ossl_pw_clear_passphrase_data(data); - data->type = is_pem_password; - data->_.pem_password.password_cb = cb; - data->_.pem_password.password_cbarg = cbarg; - return 1; -} - -int ossl_pw_set_ossl_passphrase_cb(struct ossl_passphrase_data_st *data, - OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg) -{ - if (!ossl_assert(data != NULL && cb != NULL)) { - ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - ossl_pw_clear_passphrase_data(data); - data->type = is_ossl_passphrase; - data->_.ossl_passphrase.passphrase_cb = cb; - data->_.ossl_passphrase.passphrase_cbarg = cbarg; - return 1; -} - -int ossl_pw_set_ui_method(struct ossl_passphrase_data_st *data, - const UI_METHOD *ui_method, void *ui_data) -{ - if (!ossl_assert(data != NULL && ui_method != NULL)) { - ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - ossl_pw_clear_passphrase_data(data); - data->type = is_ui_method; - data->_.ui_method.ui_method = ui_method; - data->_.ui_method.ui_method_data = ui_data; - return 1; -} - -int ossl_pw_enable_passphrase_caching(struct ossl_passphrase_data_st *data) -{ - data->flag_cache_passphrase = 1; - return 1; -} - -int ossl_pw_disable_passphrase_caching(struct ossl_passphrase_data_st *data) -{ - data->flag_cache_passphrase = 0; - return 1; -} - - -/*- - * UI_METHOD processor. It differs from UI_UTIL_read_pw() like this: - * - * 1. It constructs a prompt on its own, based on |prompt_info|. - * 2. It allocates a buffer for password and verification on its own - * to compensate for NUL terminator in UI password strings. - * 3. It raises errors. - * 4. It reports back the length of the prompted pass phrase. - */ -static int do_ui_passphrase(char *pass, size_t pass_size, size_t *pass_len, - const char *prompt_info, int verify, - const UI_METHOD *ui_method, void *ui_data) -{ - char *prompt = NULL, *ipass = NULL, *vpass = NULL; - int prompt_idx = -1, verify_idx = -1, res; - UI *ui = NULL; - int ret = 0; - - if (!ossl_assert(pass != NULL && pass_size != 0 && pass_len != NULL)) { - ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - - if ((ui = UI_new()) == NULL) { - ERR_raise(ERR_LIB_CRYPTO, ERR_R_MALLOC_FAILURE); - return 0; - } - - if (ui_method != NULL) { - UI_set_method(ui, ui_method); - if (ui_data != NULL) - UI_add_user_data(ui, ui_data); - } - - /* Get an application constructed prompt */ - prompt = UI_construct_prompt(ui, "pass phrase", prompt_info); - if (prompt == NULL) { - ERR_raise(ERR_LIB_CRYPTO, ERR_R_MALLOC_FAILURE); - goto end; - } - - /* Get a buffer for verification prompt */ - ipass = OPENSSL_zalloc(pass_size + 1); - if (ipass == NULL) { - ERR_raise(ERR_LIB_CRYPTO, ERR_R_MALLOC_FAILURE); - goto end; - } - - prompt_idx = UI_add_input_string(ui, prompt, - UI_INPUT_FLAG_DEFAULT_PWD, - ipass, 0, pass_size) - 1; - if (prompt_idx < 0) { - ERR_raise(ERR_LIB_CRYPTO, ERR_R_UI_LIB); - goto end; - } - - if (verify) { - /* Get a buffer for verification prompt */ - vpass = OPENSSL_zalloc(pass_size + 1); - if (vpass == NULL) { - ERR_raise(ERR_LIB_CRYPTO, ERR_R_MALLOC_FAILURE); - goto end; - } - verify_idx = UI_add_verify_string(ui, prompt, - UI_INPUT_FLAG_DEFAULT_PWD, - vpass, 0, pass_size, - ipass) - 1; - if (verify_idx < 0) { - ERR_raise(ERR_LIB_CRYPTO, ERR_R_UI_LIB); - goto end; - } - } - - switch (UI_process(ui)) { - case -2: - ERR_raise(ERR_LIB_CRYPTO, ERR_R_INTERRUPTED_OR_CANCELLED); - break; - case -1: - ERR_raise(ERR_LIB_CRYPTO, ERR_R_UI_LIB); - break; - default: - res = UI_get_result_length(ui, prompt_idx); - if (res < 0) { - ERR_raise(ERR_LIB_CRYPTO, ERR_R_UI_LIB); - break; - } - *pass_len = (size_t)res; - memcpy(pass, ipass, *pass_len); - ret = 1; - break; - } - - end: - OPENSSL_clear_free(vpass, pass_size + 1); - OPENSSL_clear_free(ipass, pass_size + 1); - OPENSSL_free(prompt); - UI_free(ui); - return ret; -} - -/* Central pw prompting dispatcher */ -int ossl_pw_get_passphrase(char *pass, size_t pass_size, size_t *pass_len, - const OSSL_PARAM params[], int verify, - struct ossl_passphrase_data_st *data) -{ - const char *source = NULL; - size_t source_len = 0; - const char *prompt_info = NULL; - const UI_METHOD *ui_method = NULL; - UI_METHOD *allocated_ui_method = NULL; - void *ui_data = NULL; - const OSSL_PARAM *p = NULL; - int ret; - - /* Handle explicit and cached passphrases */ - - if (data->type == is_expl_passphrase) { - source = data->_.expl_passphrase.passphrase_copy; - source_len = data->_.expl_passphrase.passphrase_len; - } else if (data->flag_cache_passphrase && data->cached_passphrase != NULL) { - source = data->cached_passphrase; - source_len = data->cached_passphrase_len; - } - - if (source != NULL) { - if (source_len > pass_size) - source_len = pass_size; - memcpy(pass, source, source_len); - *pass_len = source_len; - return 1; - } - - /* Handle the is_ossl_passphrase case... that's pretty direct */ - - if (data->type == is_ossl_passphrase) { - OSSL_PASSPHRASE_CALLBACK *cb = data->_.ossl_passphrase.passphrase_cb; - void *cbarg = data->_.ossl_passphrase.passphrase_cbarg; - - ret = cb(pass, pass_size, pass_len, params, cbarg); - goto do_cache; - } - - /* Handle the is_pem_password and is_ui_method cases */ - - if ((p = OSSL_PARAM_locate_const(params, - OSSL_PASSPHRASE_PARAM_INFO)) != NULL) { - if (p->data_type != OSSL_PARAM_UTF8_STRING) { - ERR_raise_data(ERR_LIB_CRYPTO, ERR_R_PASSED_INVALID_ARGUMENT, - "Prompt info data type incorrect"); - return 0; - } - prompt_info = p->data; - } - - if (data->type == is_pem_password) { - /* We use a UI wrapper for PEM */ - pem_password_cb *cb = data->_.pem_password.password_cb; - - ui_method = allocated_ui_method = - UI_UTIL_wrap_read_pem_callback(cb, verify); - ui_data = data->_.pem_password.password_cbarg; - - if (ui_method == NULL) { - ERR_raise(ERR_LIB_CRYPTO, ERR_R_MALLOC_FAILURE); - return 0; - } - } else if (data->type == is_ui_method) { - ui_method = data->_.ui_method.ui_method; - ui_data = data->_.ui_method.ui_method_data; - } - - if (ui_method == NULL) { - ERR_raise_data(ERR_LIB_CRYPTO, ERR_R_PASSED_INVALID_ARGUMENT, - "No password method specified"); - return 0; - } - - ret = do_ui_passphrase(pass, pass_size, pass_len, prompt_info, verify, - ui_method, ui_data); - - UI_destroy_method(allocated_ui_method); - - do_cache: - if (ret && data->flag_cache_passphrase) { - if (data->cached_passphrase == NULL - || *pass_len > data->cached_passphrase_len) { - void *new_cache = - OPENSSL_clear_realloc(data->cached_passphrase, - data->cached_passphrase_len, - *pass_len + 1); - - if (new_cache == NULL) { - OPENSSL_cleanse(pass, *pass_len); - ERR_raise(ERR_LIB_CRYPTO, ERR_R_MALLOC_FAILURE); - return 0; - } - data->cached_passphrase = new_cache; - } - memcpy(data->cached_passphrase, pass, *pass_len); - data->cached_passphrase[*pass_len] = '\0'; - data->cached_passphrase_len = *pass_len; - } - - return ret; -} - -static int ossl_pw_get_password(char *buf, int size, int rwflag, - void *userdata, const char *info) -{ - size_t password_len = 0; - OSSL_PARAM params[] = { - OSSL_PARAM_utf8_string(OSSL_PASSPHRASE_PARAM_INFO, NULL, 0), - OSSL_PARAM_END - }; - - params[0].data = (void *)info; - if (ossl_pw_get_passphrase(buf, (size_t)size, &password_len, params, - rwflag, userdata)) - return (int)password_len; - return -1; -} - -int ossl_pw_pem_password(char *buf, int size, int rwflag, void *userdata) -{ - return ossl_pw_get_password(buf, size, rwflag, userdata, "PEM"); -} - -int ossl_pw_pvk_password(char *buf, int size, int rwflag, void *userdata) -{ - return ossl_pw_get_password(buf, size, rwflag, userdata, "PVK"); -} - -int ossl_pw_passphrase_callback_enc(char *pass, size_t pass_size, - size_t *pass_len, - const OSSL_PARAM params[], void *arg) -{ - return ossl_pw_get_passphrase(pass, pass_size, pass_len, params, 1, arg); -} - -int ossl_pw_passphrase_callback_dec(char *pass, size_t pass_size, - size_t *pass_len, - const OSSL_PARAM params[], void *arg) -{ - return ossl_pw_get_passphrase(pass, pass_size, pass_len, params, 0, arg); -} diff --git a/crypto/pem/pem_all.c b/crypto/pem/pem_all.c deleted file mode 100644 index 222af64397b4df6a0d0feb1e74503bcc2a9322ab..0000000000000000000000000000000000000000 --- a/crypto/pem/pem_all.c +++ /dev/null @@ -1,226 +0,0 @@ -/* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * DSA low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include -#include "internal/cryptlib.h" -#include -#include -#include -#include -#include -#include -#include -#include -#include "pem_local.h" - -static RSA *pkey_get_rsa(EVP_PKEY *key, RSA **rsa); -#ifndef OPENSSL_NO_DSA -static DSA *pkey_get_dsa(EVP_PKEY *key, DSA **dsa); -#endif - -#ifndef OPENSSL_NO_EC -static EC_KEY *pkey_get_eckey(EVP_PKEY *key, EC_KEY **eckey); -#endif - -IMPLEMENT_PEM_rw(X509_REQ, X509_REQ, PEM_STRING_X509_REQ, X509_REQ) - -IMPLEMENT_PEM_write(X509_REQ_NEW, X509_REQ, PEM_STRING_X509_REQ_OLD, X509_REQ) -IMPLEMENT_PEM_rw(X509_CRL, X509_CRL, PEM_STRING_X509_CRL, X509_CRL) -IMPLEMENT_PEM_rw(X509_PUBKEY, X509_PUBKEY, PEM_STRING_PUBLIC, X509_PUBKEY) -IMPLEMENT_PEM_rw(PKCS7, PKCS7, PEM_STRING_PKCS7, PKCS7) - -IMPLEMENT_PEM_rw(NETSCAPE_CERT_SEQUENCE, NETSCAPE_CERT_SEQUENCE, - PEM_STRING_X509, NETSCAPE_CERT_SEQUENCE) -#ifndef OPENSSL_NO_DEPRECATED_3_0 -/* - * We treat RSA or DSA private keys as a special case. For private keys we - * read in an EVP_PKEY structure with PEM_read_bio_PrivateKey() and extract - * the relevant private key: this means can handle "traditional" and PKCS#8 - * formats transparently. - */ -static RSA *pkey_get_rsa(EVP_PKEY *key, RSA **rsa) -{ - RSA *rtmp; - if (!key) - return NULL; - rtmp = EVP_PKEY_get1_RSA(key); - EVP_PKEY_free(key); - if (!rtmp) - return NULL; - if (rsa) { - RSA_free(*rsa); - *rsa = rtmp; - } - return rtmp; -} - -RSA *PEM_read_bio_RSAPrivateKey(BIO *bp, RSA **rsa, pem_password_cb *cb, - void *u) -{ - EVP_PKEY *pktmp; - pktmp = PEM_read_bio_PrivateKey(bp, NULL, cb, u); - return pkey_get_rsa(pktmp, rsa); -} - -# ifndef OPENSSL_NO_STDIO - -RSA *PEM_read_RSAPrivateKey(FILE *fp, RSA **rsa, pem_password_cb *cb, void *u) -{ - EVP_PKEY *pktmp; - pktmp = PEM_read_PrivateKey(fp, NULL, cb, u); - return pkey_get_rsa(pktmp, rsa); -} - -# endif - -IMPLEMENT_PEM_write_cb(RSAPrivateKey, RSA, PEM_STRING_RSA, RSAPrivateKey) -IMPLEMENT_PEM_rw(RSAPublicKey, RSA, PEM_STRING_RSA_PUBLIC, RSAPublicKey) -IMPLEMENT_PEM_rw(RSA_PUBKEY, RSA, PEM_STRING_PUBLIC, RSA_PUBKEY) -#endif -#ifndef OPENSSL_NO_DSA -static DSA *pkey_get_dsa(EVP_PKEY *key, DSA **dsa) -{ - DSA *dtmp; - if (!key) - return NULL; - dtmp = EVP_PKEY_get1_DSA(key); - EVP_PKEY_free(key); - if (!dtmp) - return NULL; - if (dsa) { - DSA_free(*dsa); - *dsa = dtmp; - } - return dtmp; -} - -DSA *PEM_read_bio_DSAPrivateKey(BIO *bp, DSA **dsa, pem_password_cb *cb, - void *u) -{ - EVP_PKEY *pktmp; - pktmp = PEM_read_bio_PrivateKey(bp, NULL, cb, u); - return pkey_get_dsa(pktmp, dsa); /* will free pktmp */ -} - -IMPLEMENT_PEM_write_cb(DSAPrivateKey, DSA, PEM_STRING_DSA, DSAPrivateKey) -IMPLEMENT_PEM_rw(DSA_PUBKEY, DSA, PEM_STRING_PUBLIC, DSA_PUBKEY) -# ifndef OPENSSL_NO_STDIO -DSA *PEM_read_DSAPrivateKey(FILE *fp, DSA **dsa, pem_password_cb *cb, void *u) -{ - EVP_PKEY *pktmp; - pktmp = PEM_read_PrivateKey(fp, NULL, cb, u); - return pkey_get_dsa(pktmp, dsa); /* will free pktmp */ -} - -# endif - -IMPLEMENT_PEM_rw(DSAparams, DSA, PEM_STRING_DSAPARAMS, DSAparams) -#endif - -#ifndef OPENSSL_NO_DEPRECATED_3_0 -# ifndef OPENSSL_NO_EC -static EC_KEY *pkey_get_eckey(EVP_PKEY *key, EC_KEY **eckey) -{ - EC_KEY *dtmp; - if (!key) - return NULL; - dtmp = EVP_PKEY_get1_EC_KEY(key); - EVP_PKEY_free(key); - if (!dtmp) - return NULL; - if (eckey) { - EC_KEY_free(*eckey); - *eckey = dtmp; - } - return dtmp; -} - -EC_KEY *PEM_read_bio_ECPrivateKey(BIO *bp, EC_KEY **key, pem_password_cb *cb, - void *u) -{ - EVP_PKEY *pktmp; - pktmp = PEM_read_bio_PrivateKey(bp, NULL, cb, u); - return pkey_get_eckey(pktmp, key); /* will free pktmp */ -} - -IMPLEMENT_PEM_rw(ECPKParameters, EC_GROUP, PEM_STRING_ECPARAMETERS, - ECPKParameters) - - -IMPLEMENT_PEM_write_cb(ECPrivateKey, EC_KEY, PEM_STRING_ECPRIVATEKEY, - ECPrivateKey) -IMPLEMENT_PEM_rw(EC_PUBKEY, EC_KEY, PEM_STRING_PUBLIC, EC_PUBKEY) -# ifndef OPENSSL_NO_STDIO -EC_KEY *PEM_read_ECPrivateKey(FILE *fp, EC_KEY **eckey, pem_password_cb *cb, - void *u) -{ - EVP_PKEY *pktmp; - pktmp = PEM_read_PrivateKey(fp, NULL, cb, u); - return pkey_get_eckey(pktmp, eckey); /* will free pktmp */ -} -# endif -# endif /* !OPENSSL_NO_EC */ -#endif /* !OPENSSL_NO_DEPRECATED_3_0 */ - -#ifndef OPENSSL_NO_DH - -IMPLEMENT_PEM_write(DHparams, DH, PEM_STRING_DHPARAMS, DHparams) -IMPLEMENT_PEM_write(DHxparams, DH, PEM_STRING_DHXPARAMS, DHxparams) - -/* Transparently read in PKCS#3 or X9.42 DH parameters */ - -DH *PEM_read_bio_DHparams(BIO *bp, DH **x, pem_password_cb *cb, void *u) -{ - char *nm = NULL; - const unsigned char *p = NULL; - unsigned char *data = NULL; - long len; - DH *ret = NULL; - - if (!PEM_bytes_read_bio(&data, &len, &nm, PEM_STRING_DHPARAMS, bp, cb, u)) - return NULL; - p = data; - - if (strcmp(nm, PEM_STRING_DHXPARAMS) == 0) - ret = d2i_DHxparams(x, &p, len); - else - ret = d2i_DHparams(x, &p, len); - - if (ret == NULL) - ERR_raise(ERR_LIB_PEM, ERR_R_ASN1_LIB); - OPENSSL_free(nm); - OPENSSL_free(data); - return ret; -} - -# ifndef OPENSSL_NO_STDIO -DH *PEM_read_DHparams(FILE *fp, DH **x, pem_password_cb *cb, void *u) -{ - BIO *b; - DH *ret; - - if ((b = BIO_new(BIO_s_file())) == NULL) { - ERR_raise(ERR_LIB_PEM, ERR_R_BUF_LIB); - return 0; - } - BIO_set_fp(b, fp, BIO_NOCLOSE); - ret = PEM_read_bio_DHparams(b, x, cb, u); - BIO_free(b); - return ret; -} -# endif - -#endif -IMPLEMENT_PEM_provided_write(PUBKEY, EVP_PKEY, pkey, PEM_STRING_PUBLIC, PUBKEY) diff --git a/crypto/pem/pem_err.c b/crypto/pem/pem_err.c deleted file mode 100644 index 5fa9fc09bec7c9228f91c3b09f6dead2d69ae150..0000000000000000000000000000000000000000 --- a/crypto/pem/pem_err.c +++ /dev/null @@ -1,74 +0,0 @@ -/* - * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include "crypto/pemerr.h" - -#ifndef OPENSSL_NO_ERR - -static const ERR_STRING_DATA PEM_str_reasons[] = { - {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_BAD_BASE64_DECODE), "bad base64 decode"}, - {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_BAD_DECRYPT), "bad decrypt"}, - {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_BAD_END_LINE), "bad end line"}, - {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_BAD_IV_CHARS), "bad iv chars"}, - {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_BAD_MAGIC_NUMBER), "bad magic number"}, - {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_BAD_PASSWORD_READ), "bad password read"}, - {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_BAD_VERSION_NUMBER), "bad version number"}, - {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_BIO_WRITE_FAILURE), "bio write failure"}, - {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_CIPHER_IS_NULL), "cipher is null"}, - {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_ERROR_CONVERTING_PRIVATE_KEY), - "error converting private key"}, - {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_EXPECTING_DSS_KEY_BLOB), - "expecting dss key blob"}, - {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_EXPECTING_PRIVATE_KEY_BLOB), - "expecting private key blob"}, - {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_EXPECTING_PUBLIC_KEY_BLOB), - "expecting public key blob"}, - {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_EXPECTING_RSA_KEY_BLOB), - "expecting rsa key blob"}, - {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_HEADER_TOO_LONG), "header too long"}, - {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_INCONSISTENT_HEADER), - "inconsistent header"}, - {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_KEYBLOB_HEADER_PARSE_ERROR), - "keyblob header parse error"}, - {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_KEYBLOB_TOO_SHORT), "keyblob too short"}, - {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_MISSING_DEK_IV), "missing dek iv"}, - {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_NOT_DEK_INFO), "not dek info"}, - {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_NOT_ENCRYPTED), "not encrypted"}, - {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_NOT_PROC_TYPE), "not proc type"}, - {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_NO_START_LINE), "no start line"}, - {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_PROBLEMS_GETTING_PASSWORD), - "problems getting password"}, - {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_PVK_DATA_TOO_SHORT), "pvk data too short"}, - {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_PVK_TOO_SHORT), "pvk too short"}, - {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_READ_KEY), "read key"}, - {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_SHORT_HEADER), "short header"}, - {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_UNEXPECTED_DEK_IV), "unexpected dek iv"}, - {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_UNSUPPORTED_CIPHER), "unsupported cipher"}, - {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_UNSUPPORTED_ENCRYPTION), - "unsupported encryption"}, - {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_UNSUPPORTED_KEY_COMPONENTS), - "unsupported key components"}, - {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_UNSUPPORTED_PUBLIC_KEY_TYPE), - "unsupported public key type"}, - {0, NULL} -}; - -#endif - -int ossl_err_load_PEM_strings(void) -{ -#ifndef OPENSSL_NO_ERR - if (ERR_reason_error_string(PEM_str_reasons[0].error) == NULL) - ERR_load_strings_const(PEM_str_reasons); -#endif - return 1; -} diff --git a/crypto/pem/pem_info.c b/crypto/pem/pem_info.c deleted file mode 100644 index 061c9b9f68c895ca1099e0c1d96c7f50445c779b..0000000000000000000000000000000000000000 --- a/crypto/pem/pem_info.c +++ /dev/null @@ -1,311 +0,0 @@ -/* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * DSA low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include -#include "internal/cryptlib.h" -#include -#include -#include -#include -#include -#include -#include -#include "crypto/evp.h" - -#ifndef OPENSSL_NO_STDIO -STACK_OF(X509_INFO) -*PEM_X509_INFO_read_ex(FILE *fp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, - void *u, OSSL_LIB_CTX *libctx, const char *propq) -{ - BIO *b; - STACK_OF(X509_INFO) *ret; - - if ((b = BIO_new(BIO_s_file())) == NULL) { - ERR_raise(ERR_LIB_PEM, ERR_R_BUF_LIB); - return 0; - } - BIO_set_fp(b, fp, BIO_NOCLOSE); - ret = PEM_X509_INFO_read_bio_ex(b, sk, cb, u, libctx, propq); - BIO_free(b); - return ret; -} - -STACK_OF(X509_INFO) *PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk, - pem_password_cb *cb, void *u) -{ - return PEM_X509_INFO_read_ex(fp, sk, cb, u, NULL, NULL); -} -#endif - -STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio_ex(BIO *bp, STACK_OF(X509_INFO) *sk, - pem_password_cb *cb, void *u, - OSSL_LIB_CTX *libctx, - const char *propq) -{ - X509_INFO *xi = NULL; - char *name = NULL, *header = NULL, *str; - void *pp; - unsigned char *data = NULL; - const unsigned char *p; - long len, error = 0; - int ok = 0; - STACK_OF(X509_INFO) *ret = NULL; - unsigned int i, raw, ptype; - d2i_of_void *d2i = 0; - - if (sk == NULL) { - if ((ret = sk_X509_INFO_new_null()) == NULL) { - ERR_raise(ERR_LIB_PEM, ERR_R_MALLOC_FAILURE); - goto err; - } - } else - ret = sk; - - if ((xi = X509_INFO_new()) == NULL) - goto err; - for (;;) { - raw = 0; - ptype = 0; - ERR_set_mark(); - i = PEM_read_bio(bp, &name, &header, &data, &len); - if (i == 0) { - error = ERR_GET_REASON(ERR_peek_last_error()); - if (error == PEM_R_NO_START_LINE) { - ERR_pop_to_mark(); - break; - } - ERR_clear_last_mark(); - goto err; - } - ERR_clear_last_mark(); - start: - if (strcmp(name, PEM_STRING_X509) == 0 - || strcmp(name, PEM_STRING_X509_OLD) == 0 - || strcmp(name, PEM_STRING_X509_TRUSTED) == 0) { - if (xi->x509 != NULL) { - if (!sk_X509_INFO_push(ret, xi)) - goto err; - if ((xi = X509_INFO_new()) == NULL) - goto err; - goto start; - } - if ((strcmp(name, PEM_STRING_X509_TRUSTED) == 0)) - d2i = (D2I_OF(void)) d2i_X509_AUX; - else - d2i = (D2I_OF(void)) d2i_X509; - xi->x509 = X509_new_ex(libctx, propq); - if (xi->x509 == NULL) - goto err; - pp = &(xi->x509); - } else if (strcmp(name, PEM_STRING_X509_CRL) == 0) { - d2i = (D2I_OF(void)) d2i_X509_CRL; - if (xi->crl != NULL) { - if (!sk_X509_INFO_push(ret, xi)) - goto err; - if ((xi = X509_INFO_new()) == NULL) - goto err; - goto start; - } - pp = &(xi->crl); - } else if ((str = strstr(name, PEM_STRING_PKCS8INF)) != NULL) { - if (xi->x_pkey != NULL) { - if (!sk_X509_INFO_push(ret, xi)) - goto err; - if ((xi = X509_INFO_new()) == NULL) - goto err; - goto start; - } - if (str == name || strcmp(name, PEM_STRING_PKCS8) == 0) { - ptype = EVP_PKEY_NONE; - } else { - /* chop " PRIVATE KEY" */ - *--str = '\0'; - ptype = evp_pkey_name2type(name); - } - xi->enc_data = NULL; - xi->enc_len = 0; - - d2i = (D2I_OF(void)) d2i_AutoPrivateKey; - xi->x_pkey = X509_PKEY_new(); - if (xi->x_pkey == NULL) - goto err; - pp = &xi->x_pkey->dec_pkey; - if ((int)strlen(header) > 10 /* assume encrypted */ - || strcmp(name, PEM_STRING_PKCS8) == 0) - raw = 1; - } else { /* unknown */ - d2i = NULL; - pp = NULL; - } - - if (d2i != NULL) { - if (!raw) { - EVP_CIPHER_INFO cipher; - - if (!PEM_get_EVP_CIPHER_INFO(header, &cipher)) - goto err; - if (!PEM_do_header(&cipher, data, &len, cb, u)) - goto err; - p = data; - if (ptype) { - if (d2i_PrivateKey_ex(ptype, pp, &p, len, - libctx, propq) == NULL) { - ERR_raise(ERR_LIB_PEM, ERR_R_ASN1_LIB); - goto err; - } - } else if (d2i(pp, &p, len) == NULL) { - ERR_raise(ERR_LIB_PEM, ERR_R_ASN1_LIB); - goto err; - } - } else { /* encrypted key data */ - if (!PEM_get_EVP_CIPHER_INFO(header, &xi->enc_cipher)) - goto err; - xi->enc_data = (char *)data; - xi->enc_len = (int)len; - data = NULL; - } - } - OPENSSL_free(name); - name = NULL; - OPENSSL_free(header); - header = NULL; - OPENSSL_free(data); - data = NULL; - } - - /* - * if the last one hasn't been pushed yet and there is anything in it - * then add it to the stack ... - */ - if ((xi->x509 != NULL) || (xi->crl != NULL) || - (xi->x_pkey != NULL) || (xi->enc_data != NULL)) { - if (!sk_X509_INFO_push(ret, xi)) - goto err; - xi = NULL; - } - ok = 1; - err: - X509_INFO_free(xi); - if (!ok) { - for (i = 0; ((int)i) < sk_X509_INFO_num(ret); i++) { - xi = sk_X509_INFO_value(ret, i); - X509_INFO_free(xi); - } - if (ret != sk) - sk_X509_INFO_free(ret); - ret = NULL; - } - - OPENSSL_free(name); - OPENSSL_free(header); - OPENSSL_free(data); - return ret; -} - -STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, - pem_password_cb *cb, void *u) -{ - return PEM_X509_INFO_read_bio_ex(bp, sk, cb, u, NULL, NULL); -} - -/* A TJH addition */ -int PEM_X509_INFO_write_bio(BIO *bp, const X509_INFO *xi, EVP_CIPHER *enc, - const unsigned char *kstr, int klen, - pem_password_cb *cb, void *u) -{ - int i, ret = 0; - unsigned char *data = NULL; - const char *objstr = NULL; - char buf[PEM_BUFSIZE]; - const unsigned char *iv = NULL; - - if (enc != NULL) { - objstr = EVP_CIPHER_get0_name(enc); - if (objstr == NULL - /* - * Check "Proc-Type: 4,Encrypted\nDEK-Info: objstr,hex-iv\n" - * fits into buf - */ - || strlen(objstr) + 23 + 2 * EVP_CIPHER_get_iv_length(enc) + 13 - > sizeof(buf)) { - ERR_raise(ERR_LIB_PEM, PEM_R_UNSUPPORTED_CIPHER); - goto err; - } - } - - /* - * now for the fun part ... if we have a private key then we have to be - * able to handle a not-yet-decrypted key being written out correctly ... - * if it is decrypted or it is non-encrypted then we use the base code - */ - if (xi->x_pkey != NULL) { - if ((xi->enc_data != NULL) && (xi->enc_len > 0)) { - if (enc == NULL) { - ERR_raise(ERR_LIB_PEM, PEM_R_CIPHER_IS_NULL); - goto err; - } - - /* copy from weirdo names into more normal things */ - iv = xi->enc_cipher.iv; - data = (unsigned char *)xi->enc_data; - i = xi->enc_len; - - /* - * we take the encryption data from the internal stuff rather - * than what the user has passed us ... as we have to match - * exactly for some strange reason - */ - objstr = EVP_CIPHER_get0_name(xi->enc_cipher.cipher); - if (objstr == NULL) { - ERR_raise(ERR_LIB_PEM, PEM_R_UNSUPPORTED_CIPHER); - goto err; - } - - /* Create the right magic header stuff */ - buf[0] = '\0'; - PEM_proc_type(buf, PEM_TYPE_ENCRYPTED); - PEM_dek_info(buf, objstr, EVP_CIPHER_get_iv_length(enc), - (const char *)iv); - - /* use the normal code to write things out */ - i = PEM_write_bio(bp, PEM_STRING_RSA, buf, data, i); - if (i <= 0) - goto err; - } else { - /* Add DSA/DH */ - /* normal optionally encrypted stuff */ - if (PEM_write_bio_RSAPrivateKey(bp, - EVP_PKEY_get0_RSA(xi->x_pkey->dec_pkey), - enc, kstr, klen, cb, u) <= 0) - goto err; - } - } - - /* if we have a certificate then write it out now */ - if ((xi->x509 != NULL) && (PEM_write_bio_X509(bp, xi->x509) <= 0)) - goto err; - - /* - * we are ignoring anything else that is loaded into the X509_INFO - * structure for the moment ... as I don't need it so I'm not coding it - * here and Eric can do it when this makes it into the base library --tjh - */ - - ret = 1; - - err: - OPENSSL_cleanse(buf, PEM_BUFSIZE); - return ret; -} diff --git a/crypto/pem/pem_local.h b/crypto/pem/pem_local.h deleted file mode 100644 index 5cc1c76fdbf7e46beb975939814e54e36546c3b6..0000000000000000000000000000000000000000 --- a/crypto/pem/pem_local.h +++ /dev/null @@ -1,167 +0,0 @@ -/* - * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include - -/* - * Selectors, named according to the ASN.1 names used throughout libcrypto. - * - * Note that these are not absolutely mandatory, they are rather a wishlist - * of sorts. The provider implementations are free to make choices that - * make sense for them, based on these selectors. - * For example, the EC backend is likely to really just output the private - * key to a PKCS#8 structure, even thought PEM_SELECTION_PrivateKey specifies - * the public key as well. This is fine, as long as the corresponding - * decoding operation can return an object that contains what libcrypto - * expects. - */ -# define PEM_SELECTION_PUBKEY EVP_PKEY_PUBLIC_KEY -# define PEM_SELECTION_PrivateKey EVP_PKEY_KEYPAIR -# define PEM_SELECTION_Parameters EVP_PKEY_KEY_PARAMETERS - -/* - * Properties, named according to the ASN.1 names used throughout libcrypto. - */ -# define PEM_STRUCTURE_PUBKEY "SubjectPublicKeyInfo" -# define PEM_STRUCTURE_PrivateKey "PrivateKeyInfo" -# define PEM_STRUCTURE_Parameters "type-specific" - -# define PEM_STRUCTURE_RSAPrivateKey "type-specific" -# define PEM_STRUCTURE_RSAPublicKey "type-specific" - -/* Alternative IMPLEMENT macros for provided encoders */ - -# define IMPLEMENT_PEM_provided_write_body_vars(type, asn1, pq) \ - int ret = 0; \ - OSSL_ENCODER_CTX *ctx = \ - OSSL_ENCODER_CTX_new_for_##type(x, PEM_SELECTION_##asn1, \ - "PEM", PEM_STRUCTURE_##asn1, \ - (pq)); \ - \ - if (OSSL_ENCODER_CTX_get_num_encoders(ctx) == 0) { \ - OSSL_ENCODER_CTX_free(ctx); \ - goto legacy; \ - } -# define IMPLEMENT_PEM_provided_write_body_pass() \ - ret = 1; \ - if (kstr == NULL && cb == NULL) { \ - if (u != NULL) { \ - kstr = u; \ - klen = strlen(u); \ - } else { \ - cb = PEM_def_callback; \ - } \ - } \ - if (enc != NULL) { \ - ret = 0; \ - if (OSSL_ENCODER_CTX_set_cipher(ctx, EVP_CIPHER_get0_name(enc), \ - NULL)) { \ - ret = 1; \ - if (kstr != NULL \ - && !OSSL_ENCODER_CTX_set_passphrase(ctx, kstr, klen)) \ - ret = 0; \ - else if (cb != NULL \ - && !OSSL_ENCODER_CTX_set_pem_password_cb(ctx, \ - cb, u)) \ - ret = 0; \ - } \ - } \ - if (!ret) { \ - OSSL_ENCODER_CTX_free(ctx); \ - return 0; \ - } -# define IMPLEMENT_PEM_provided_write_body_main(type, outtype) \ - ret = OSSL_ENCODER_to_##outtype(ctx, out); \ - OSSL_ENCODER_CTX_free(ctx); \ - return ret -# define IMPLEMENT_PEM_provided_write_body_fallback(str, asn1, \ - writename) \ - legacy: \ - return PEM_ASN1_##writename((i2d_of_void *)i2d_##asn1, str, out, \ - x, NULL, NULL, 0, NULL, NULL) -# define IMPLEMENT_PEM_provided_write_body_fallback_cb(str, asn1, \ - writename) \ - legacy: \ - return PEM_ASN1_##writename##((i2d_of_void *)i2d_##asn1, str, out, \ - x, enc, kstr, klen, cb, u) - -# define IMPLEMENT_PEM_provided_write_to(name, TYPE, type, str, asn1, \ - OUTTYPE, outtype, writename) \ - PEM_write_fnsig(name, TYPE, OUTTYPE, writename) \ - { \ - IMPLEMENT_PEM_provided_write_body_vars(type, asn1, NULL); \ - IMPLEMENT_PEM_provided_write_body_main(type, outtype); \ - IMPLEMENT_PEM_provided_write_body_fallback(str, asn1, \ - writename); \ - } \ - PEM_write_ex_fnsig(name, TYPE, OUTTYPE, writename) \ - { \ - IMPLEMENT_PEM_provided_write_body_vars(type, asn1, propq); \ - IMPLEMENT_PEM_provided_write_body_main(type, outtype); \ - IMPLEMENT_PEM_provided_write_body_fallback(str, asn1, \ - writename); \ - } - - -# define IMPLEMENT_PEM_provided_write_cb_to(name, TYPE, type, str, asn1, \ - OUTTYPE, outtype, writename) \ - PEM_write_cb_fnsig(name, TYPE, OUTTYPE, writename) \ - { \ - IMPLEMENT_PEM_provided_write_body_vars(type, asn1, NULL); \ - IMPLEMENT_PEM_provided_write_body_pass(); \ - IMPLEMENT_PEM_provided_write_body_main(type, outtype); \ - IMPLEMENT_PEM_provided_write_body_fallback_cb(str, asn1, \ - writename); \ - } \ - PEM_write_ex_cb_fnsig(name, TYPE, OUTTYPE, writename) \ - { \ - IMPLEMENT_PEM_provided_write_body_vars(type, asn1, propq); \ - IMPLEMENT_PEM_provided_write_body_pass(); \ - IMPLEMENT_PEM_provided_write_body_main(type, outtype); \ - IMPLEMENT_PEM_provided_write_body_fallback(str, asn1, \ - writename); \ - } - -# ifdef OPENSSL_NO_STDIO - -# define IMPLEMENT_PEM_provided_write_fp(name, TYPE, type, str, asn1) -# define IMPLEMENT_PEM_provided_write_cb_fp(name, TYPE, type, str, asn1) - -# else - -# define IMPLEMENT_PEM_provided_write_fp(name, TYPE, type, str, asn1) \ - IMPLEMENT_PEM_provided_write_to(name, TYPE, type, str, asn1, FILE, fp, write) -# define IMPLEMENT_PEM_provided_write_cb_fp(name, TYPE, type, str, asn1) \ - IMPLEMENT_PEM_provided_write_cb_to(name, TYPE, type, str, asn1, FILE, fp, write) - -# endif - -# define IMPLEMENT_PEM_provided_write_bio(name, TYPE, type, str, asn1) \ - IMPLEMENT_PEM_provided_write_to(name, TYPE, type, str, asn1, BIO, bio, write_bio) -# define IMPLEMENT_PEM_provided_write_cb_bio(name, TYPE, type, str, asn1) \ - IMPLEMENT_PEM_provided_write_cb_to(name, TYPE, type, str, asn1, BIO, bio, write_bio) - -# define IMPLEMENT_PEM_provided_write(name, TYPE, type, str, asn1) \ - IMPLEMENT_PEM_provided_write_bio(name, TYPE, type, str, asn1) \ - IMPLEMENT_PEM_provided_write_fp(name, TYPE, type, str, asn1) - -# define IMPLEMENT_PEM_provided_write_cb(name, TYPE, type, str, asn1) \ - IMPLEMENT_PEM_provided_write_cb_bio(name, TYPE, type, str, asn1) \ - IMPLEMENT_PEM_provided_write_cb_fp(name, TYPE, type, str, asn1) - -# define IMPLEMENT_PEM_provided_rw(name, TYPE, type, str, asn1) \ - IMPLEMENT_PEM_read(name, TYPE, str, asn1) \ - IMPLEMENT_PEM_provided_write(name, TYPE, type, str, asn1) - -# define IMPLEMENT_PEM_provided_rw_cb(name, TYPE, type, str, asn1) \ - IMPLEMENT_PEM_read(name, TYPE, str, asn1) \ - IMPLEMENT_PEM_provided_write_cb(name, TYPE, type, str, asn1) - diff --git a/crypto/pem/pem_oth.c b/crypto/pem/pem_oth.c deleted file mode 100644 index db62246174e39935d95a98ff1d4d424d08244fa7..0000000000000000000000000000000000000000 --- a/crypto/pem/pem_oth.c +++ /dev/null @@ -1,36 +0,0 @@ -/* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/cryptlib.h" -#include -#include -#include -#include -#include - -/* Handle 'other' PEMs: not private keys */ - -void *PEM_ASN1_read_bio(d2i_of_void *d2i, const char *name, BIO *bp, void **x, - pem_password_cb *cb, void *u) -{ - const unsigned char *p = NULL; - unsigned char *data = NULL; - long len; - char *ret = NULL; - - if (!PEM_bytes_read_bio(&data, &len, NULL, name, bp, cb, u)) - return NULL; - p = data; - ret = d2i(x, &p, len); - if (ret == NULL) - ERR_raise(ERR_LIB_PEM, ERR_R_ASN1_LIB); - OPENSSL_free(data); - return ret; -} diff --git a/crypto/pem/pem_pk8.c b/crypto/pem/pem_pk8.c deleted file mode 100644 index 1592e351edef1654470e6b01e65a59dd158fb3e3..0000000000000000000000000000000000000000 --- a/crypto/pem/pem_pk8.c +++ /dev/null @@ -1,273 +0,0 @@ -/* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/cryptlib.h" -#include -#include -#include -#include -#include -#include -#include -#include - -static int do_pk8pkey(BIO *bp, const EVP_PKEY *x, int isder, - int nid, const EVP_CIPHER *enc, - const char *kstr, int klen, - pem_password_cb *cb, void *u, - const char *propq); - -#ifndef OPENSSL_NO_STDIO -static int do_pk8pkey_fp(FILE *bp, const EVP_PKEY *x, int isder, - int nid, const EVP_CIPHER *enc, - const char *kstr, int klen, - pem_password_cb *cb, void *u, - const char *propq); -#endif -/* - * These functions write a private key in PKCS#8 format: it is a "drop in" - * replacement for PEM_write_bio_PrivateKey() and friends. As usual if 'enc' - * is NULL then it uses the unencrypted private key form. The 'nid' versions - * uses PKCS#5 v1.5 PBE algorithms whereas the others use PKCS#5 v2.0. - */ - -int PEM_write_bio_PKCS8PrivateKey_nid(BIO *bp, const EVP_PKEY *x, int nid, - const char *kstr, int klen, - pem_password_cb *cb, void *u) -{ - return do_pk8pkey(bp, x, 0, nid, NULL, kstr, klen, cb, u, NULL); -} - -int PEM_write_bio_PKCS8PrivateKey(BIO *bp, const EVP_PKEY *x, const EVP_CIPHER *enc, - const char *kstr, int klen, - pem_password_cb *cb, void *u) -{ - return do_pk8pkey(bp, x, 0, -1, enc, kstr, klen, cb, u, NULL); -} - -int i2d_PKCS8PrivateKey_bio(BIO *bp, const EVP_PKEY *x, const EVP_CIPHER *enc, - const char *kstr, int klen, - pem_password_cb *cb, void *u) -{ - return do_pk8pkey(bp, x, 1, -1, enc, kstr, klen, cb, u, NULL); -} - -int i2d_PKCS8PrivateKey_nid_bio(BIO *bp, const EVP_PKEY *x, int nid, - const char *kstr, int klen, - pem_password_cb *cb, void *u) -{ - return do_pk8pkey(bp, x, 1, nid, NULL, kstr, klen, cb, u, NULL); -} - -static int do_pk8pkey(BIO *bp, const EVP_PKEY *x, int isder, int nid, - const EVP_CIPHER *enc, const char *kstr, int klen, - pem_password_cb *cb, void *u, const char *propq) -{ - int ret = 0; - const char *outtype = isder ? "DER" : "PEM"; - OSSL_ENCODER_CTX *ctx = - OSSL_ENCODER_CTX_new_for_pkey(x, OSSL_KEYMGMT_SELECT_ALL, - outtype, "PrivateKeyInfo", propq); - - if (ctx == NULL) - return 0; - - /* - * If no keystring or callback is set, OpenSSL traditionally uses the - * user's cb argument as a password string, or if that's NULL, it falls - * back on PEM_def_callback(). - */ - if (kstr == NULL && cb == NULL) { - if (u != NULL) { - kstr = u; - klen = strlen(u); - } else { - cb = PEM_def_callback; - } - } - - /* - * NOTE: There is no attempt to do a EVP_CIPHER_fetch() using the nid, - * since the nid is a PBE algorithm which can't be fetched currently. - * (e.g. NID_pbe_WithSHA1And2_Key_TripleDES_CBC). Just use the legacy - * path if the NID is passed. - */ - if (nid == -1 && OSSL_ENCODER_CTX_get_num_encoders(ctx) != 0) { - ret = 1; - if (enc != NULL) { - ret = 0; - if (OSSL_ENCODER_CTX_set_cipher(ctx, EVP_CIPHER_get0_name(enc), - NULL)) { - const unsigned char *ukstr = (const unsigned char *)kstr; - - /* - * Try to pass the passphrase if one was given, or the - * passphrase callback if one was given. If none of them - * are given and that's wrong, we rely on the _to_bio() - * call to generate errors. - */ - ret = 1; - if (kstr != NULL - && !OSSL_ENCODER_CTX_set_passphrase(ctx, ukstr, klen)) - ret = 0; - else if (cb != NULL - && !OSSL_ENCODER_CTX_set_pem_password_cb(ctx, cb, u)) - ret = 0; - } - } - ret = ret && OSSL_ENCODER_to_bio(ctx, bp); - } else { - X509_SIG *p8; - PKCS8_PRIV_KEY_INFO *p8inf; - char buf[PEM_BUFSIZE]; - - ret = 0; - if ((p8inf = EVP_PKEY2PKCS8(x)) == NULL) { - ERR_raise(ERR_LIB_PEM, PEM_R_ERROR_CONVERTING_PRIVATE_KEY); - goto legacy_end; - } - if (enc || (nid != -1)) { - if (kstr == NULL) { - klen = cb(buf, PEM_BUFSIZE, 1, u); - if (klen < 0) { - ERR_raise(ERR_LIB_PEM, PEM_R_READ_KEY); - goto legacy_end; - } - - kstr = buf; - } - p8 = PKCS8_encrypt(nid, enc, kstr, klen, NULL, 0, 0, p8inf); - if (kstr == buf) - OPENSSL_cleanse(buf, klen); - if (p8 == NULL) - goto legacy_end; - if (isder) - ret = i2d_PKCS8_bio(bp, p8); - else - ret = PEM_write_bio_PKCS8(bp, p8); - X509_SIG_free(p8); - } else { - if (isder) - ret = i2d_PKCS8_PRIV_KEY_INFO_bio(bp, p8inf); - else - ret = PEM_write_bio_PKCS8_PRIV_KEY_INFO(bp, p8inf); - } - legacy_end: - PKCS8_PRIV_KEY_INFO_free(p8inf); - } - OSSL_ENCODER_CTX_free(ctx); - return ret; -} - -EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, - void *u) -{ - PKCS8_PRIV_KEY_INFO *p8inf = NULL; - X509_SIG *p8 = NULL; - int klen; - EVP_PKEY *ret; - char psbuf[PEM_BUFSIZE]; - - p8 = d2i_PKCS8_bio(bp, NULL); - if (p8 == NULL) - return NULL; - if (cb != NULL) - klen = cb(psbuf, PEM_BUFSIZE, 0, u); - else - klen = PEM_def_callback(psbuf, PEM_BUFSIZE, 0, u); - if (klen < 0) { - ERR_raise(ERR_LIB_PEM, PEM_R_BAD_PASSWORD_READ); - X509_SIG_free(p8); - return NULL; - } - p8inf = PKCS8_decrypt(p8, psbuf, klen); - X509_SIG_free(p8); - OPENSSL_cleanse(psbuf, klen); - if (p8inf == NULL) - return NULL; - ret = EVP_PKCS82PKEY(p8inf); - PKCS8_PRIV_KEY_INFO_free(p8inf); - if (!ret) - return NULL; - if (x != NULL) { - EVP_PKEY_free(*x); - *x = ret; - } - return ret; -} - -#ifndef OPENSSL_NO_STDIO - -int i2d_PKCS8PrivateKey_fp(FILE *fp, const EVP_PKEY *x, const EVP_CIPHER *enc, - const char *kstr, int klen, - pem_password_cb *cb, void *u) -{ - return do_pk8pkey_fp(fp, x, 1, -1, enc, kstr, klen, cb, u, NULL); -} - -int i2d_PKCS8PrivateKey_nid_fp(FILE *fp, const EVP_PKEY *x, int nid, - const char *kstr, int klen, - pem_password_cb *cb, void *u) -{ - return do_pk8pkey_fp(fp, x, 1, nid, NULL, kstr, klen, cb, u, NULL); -} - -int PEM_write_PKCS8PrivateKey_nid(FILE *fp, const EVP_PKEY *x, int nid, - const char *kstr, int klen, - pem_password_cb *cb, void *u) -{ - return do_pk8pkey_fp(fp, x, 0, nid, NULL, kstr, klen, cb, u, NULL); -} - -int PEM_write_PKCS8PrivateKey(FILE *fp, const EVP_PKEY *x, const EVP_CIPHER *enc, - const char *kstr, int klen, - pem_password_cb *cb, void *u) -{ - return do_pk8pkey_fp(fp, x, 0, -1, enc, kstr, klen, cb, u, NULL); -} - -static int do_pk8pkey_fp(FILE *fp, const EVP_PKEY *x, int isder, int nid, - const EVP_CIPHER *enc, const char *kstr, int klen, - pem_password_cb *cb, void *u, const char *propq) -{ - BIO *bp; - int ret; - - if ((bp = BIO_new_fp(fp, BIO_NOCLOSE)) == NULL) { - ERR_raise(ERR_LIB_PEM, ERR_R_BUF_LIB); - return 0; - } - ret = do_pk8pkey(bp, x, isder, nid, enc, kstr, klen, cb, u, propq); - BIO_free(bp); - return ret; -} - -EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, - void *u) -{ - BIO *bp; - EVP_PKEY *ret; - - if ((bp = BIO_new_fp(fp, BIO_NOCLOSE)) == NULL) { - ERR_raise(ERR_LIB_PEM, ERR_R_BUF_LIB); - return NULL; - } - ret = d2i_PKCS8PrivateKey_bio(bp, x, cb, u); - BIO_free(bp); - return ret; -} - -#endif - -IMPLEMENT_PEM_rw(PKCS8, X509_SIG, PEM_STRING_PKCS8, X509_SIG) - - -IMPLEMENT_PEM_rw(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO, PEM_STRING_PKCS8INF, - PKCS8_PRIV_KEY_INFO) diff --git a/crypto/pem/pem_pkey.c b/crypto/pem/pem_pkey.c deleted file mode 100644 index f9346486dd2f19010deb6562d3f8e64194fb5ea5..0000000000000000000000000000000000000000 --- a/crypto/pem/pem_pkey.c +++ /dev/null @@ -1,427 +0,0 @@ -/* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* We need to use some deprecated APIs */ -#define OPENSSL_SUPPRESS_DEPRECATED - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include "internal/cryptlib.h" -#include "internal/passphrase.h" -#include "crypto/asn1.h" -#include "crypto/x509.h" -#include "crypto/evp.h" -#include "pem_local.h" - -int ossl_pem_check_suffix(const char *pem_str, const char *suffix); - -static EVP_PKEY *pem_read_bio_key_decoder(BIO *bp, EVP_PKEY **x, - pem_password_cb *cb, void *u, - OSSL_LIB_CTX *libctx, - const char *propq, - int selection) -{ - EVP_PKEY *pkey = NULL; - OSSL_DECODER_CTX *dctx = NULL; - int pos, newpos; - - if ((pos = BIO_tell(bp)) < 0) - /* We can depend on BIO_tell() thanks to the BIO_f_readbuffer() */ - return NULL; - - dctx = OSSL_DECODER_CTX_new_for_pkey(&pkey, "PEM", NULL, NULL, - selection, libctx, propq); - - if (dctx == NULL) - return NULL; - - if (cb == NULL) - cb = PEM_def_callback; - - if (!OSSL_DECODER_CTX_set_pem_password_cb(dctx, cb, u)) - goto err; - - ERR_set_mark(); - while (!OSSL_DECODER_from_bio(dctx, bp) || pkey == NULL) - if (BIO_eof(bp) != 0 || (newpos = BIO_tell(bp)) < 0 || newpos <= pos) { - ERR_clear_last_mark(); - goto err; - } else { - if (ERR_GET_REASON(ERR_peek_error()) == ERR_R_UNSUPPORTED) { - /* unsupported PEM data, try again */ - ERR_pop_to_mark(); - ERR_set_mark(); - } else { - /* other error, bail out */ - ERR_clear_last_mark(); - goto err; - } - pos = newpos; - } - ERR_pop_to_mark(); - - if (!evp_keymgmt_util_has(pkey, selection)) { - EVP_PKEY_free(pkey); - pkey = NULL; - ERR_raise(ERR_LIB_PEM, PEM_R_UNSUPPORTED_KEY_COMPONENTS); - goto err; - } - - if (x != NULL) { - EVP_PKEY_free(*x); - *x = pkey; - } - - err: - OSSL_DECODER_CTX_free(dctx); - return pkey; -} - -static EVP_PKEY *pem_read_bio_key_legacy(BIO *bp, EVP_PKEY **x, - pem_password_cb *cb, void *u, - OSSL_LIB_CTX *libctx, - const char *propq, - int selection) -{ - char *nm = NULL; - const unsigned char *p = NULL; - unsigned char *data = NULL; - long len; - int slen; - EVP_PKEY *ret = NULL; - - ERR_set_mark(); /* not interested in PEM read errors */ - if (selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) { - if (!PEM_bytes_read_bio_secmem(&data, &len, &nm, - PEM_STRING_EVP_PKEY, - bp, cb, u)) { - ERR_pop_to_mark(); - return NULL; - } - } else { - const char *pem_string = PEM_STRING_PARAMETERS; - - if (selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) - pem_string = PEM_STRING_PUBLIC; - if (!PEM_bytes_read_bio(&data, &len, &nm, - pem_string, - bp, cb, u)) { - ERR_pop_to_mark(); - return NULL; - } - } - ERR_clear_last_mark(); - p = data; - - if (strcmp(nm, PEM_STRING_PKCS8INF) == 0) { - PKCS8_PRIV_KEY_INFO *p8inf; - - if ((p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, len)) == NULL) - goto p8err; - ret = evp_pkcs82pkey_legacy(p8inf, libctx, propq); - if (x != NULL) { - EVP_PKEY_free(*x); - *x = ret; - } - PKCS8_PRIV_KEY_INFO_free(p8inf); - } else if (strcmp(nm, PEM_STRING_PKCS8) == 0) { - PKCS8_PRIV_KEY_INFO *p8inf; - X509_SIG *p8; - int klen; - char psbuf[PEM_BUFSIZE]; - - if ((p8 = d2i_X509_SIG(NULL, &p, len)) == NULL) - goto p8err; - if (cb != NULL) - klen = cb(psbuf, PEM_BUFSIZE, 0, u); - else - klen = PEM_def_callback(psbuf, PEM_BUFSIZE, 0, u); - if (klen < 0) { - ERR_raise(ERR_LIB_PEM, PEM_R_BAD_PASSWORD_READ); - X509_SIG_free(p8); - goto err; - } - p8inf = PKCS8_decrypt(p8, psbuf, klen); - X509_SIG_free(p8); - OPENSSL_cleanse(psbuf, klen); - if (p8inf == NULL) - goto p8err; - ret = evp_pkcs82pkey_legacy(p8inf, libctx, propq); - if (x != NULL) { - EVP_PKEY_free(*x); - *x = ret; - } - PKCS8_PRIV_KEY_INFO_free(p8inf); - } else if ((slen = ossl_pem_check_suffix(nm, "PRIVATE KEY")) > 0) { - const EVP_PKEY_ASN1_METHOD *ameth; - ameth = EVP_PKEY_asn1_find_str(NULL, nm, slen); - if (ameth == NULL || ameth->old_priv_decode == NULL) - goto p8err; - ret = ossl_d2i_PrivateKey_legacy(ameth->pkey_id, x, &p, len, libctx, - propq); - } else if (selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) { - ret = ossl_d2i_PUBKEY_legacy(x, &p, len); - } else if ((slen = ossl_pem_check_suffix(nm, "PARAMETERS")) > 0) { - ret = EVP_PKEY_new(); - if (ret == NULL) - goto err; - if (!EVP_PKEY_set_type_str(ret, nm, slen) - || !ret->ameth->param_decode - || !ret->ameth->param_decode(ret, &p, len)) { - EVP_PKEY_free(ret); - ret = NULL; - goto err; - } - if (x) { - EVP_PKEY_free(*x); - *x = ret; - } - } - - p8err: - if (ret == NULL && ERR_peek_last_error() == 0) - /* ensure some error is reported but do not hide the real one */ - ERR_raise(ERR_LIB_PEM, ERR_R_ASN1_LIB); - err: - OPENSSL_secure_free(nm); - OPENSSL_secure_clear_free(data, len); - return ret; -} - -static EVP_PKEY *pem_read_bio_key(BIO *bp, EVP_PKEY **x, - pem_password_cb *cb, void *u, - OSSL_LIB_CTX *libctx, - const char *propq, - int selection) -{ - EVP_PKEY *ret = NULL; - BIO *new_bio = NULL; - int pos; - struct ossl_passphrase_data_st pwdata = { 0 }; - - if ((pos = BIO_tell(bp)) < 0) { - new_bio = BIO_new(BIO_f_readbuffer()); - if (new_bio == NULL) - return NULL; - bp = BIO_push(new_bio, bp); - pos = BIO_tell(bp); - } - - if (cb == NULL) - cb = PEM_def_callback; - - if (!ossl_pw_set_pem_password_cb(&pwdata, cb, u) - || !ossl_pw_enable_passphrase_caching(&pwdata)) - goto err; - - ERR_set_mark(); - ret = pem_read_bio_key_decoder(bp, x, ossl_pw_pem_password, &pwdata, - libctx, propq, selection); - if (ret == NULL - && (BIO_seek(bp, pos) < 0 - || (ret = pem_read_bio_key_legacy(bp, x, - ossl_pw_pem_password, &pwdata, - libctx, propq, - selection)) == NULL)) - ERR_clear_last_mark(); - else - ERR_pop_to_mark(); - - err: - ossl_pw_clear_passphrase_data(&pwdata); - if (new_bio != NULL) { - BIO_pop(new_bio); - BIO_free(new_bio); - } - return ret; -} - -EVP_PKEY *PEM_read_bio_PUBKEY_ex(BIO *bp, EVP_PKEY **x, - pem_password_cb *cb, void *u, - OSSL_LIB_CTX *libctx, const char *propq) -{ - return pem_read_bio_key(bp, x, cb, u, libctx, propq, - EVP_PKEY_PUBLIC_KEY); -} - -EVP_PKEY *PEM_read_bio_PUBKEY(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, - void *u) -{ - return PEM_read_bio_PUBKEY_ex(bp, x, cb, u, NULL, NULL); -} - -#ifndef OPENSSL_NO_STDIO -EVP_PKEY *PEM_read_PUBKEY_ex(FILE *fp, EVP_PKEY **x, - pem_password_cb *cb, void *u, - OSSL_LIB_CTX *libctx, const char *propq) -{ - BIO *b; - EVP_PKEY *ret; - - if ((b = BIO_new(BIO_s_file())) == NULL) { - ERR_raise(ERR_LIB_PEM, ERR_R_BUF_LIB); - return 0; - } - BIO_set_fp(b, fp, BIO_NOCLOSE); - ret = PEM_read_bio_PUBKEY_ex(b, x, cb, u, libctx, propq); - BIO_free(b); - return ret; -} - -EVP_PKEY *PEM_read_PUBKEY(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u) -{ - return PEM_read_PUBKEY_ex(fp, x, cb, u, NULL, NULL); -} -#endif - -EVP_PKEY *PEM_read_bio_PrivateKey_ex(BIO *bp, EVP_PKEY **x, - pem_password_cb *cb, void *u, - OSSL_LIB_CTX *libctx, const char *propq) -{ - return pem_read_bio_key(bp, x, cb, u, libctx, propq, - EVP_PKEY_KEYPAIR); -} - -EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, - void *u) -{ - return PEM_read_bio_PrivateKey_ex(bp, x, cb, u, NULL, NULL); -} - -PEM_write_cb_ex_fnsig(PrivateKey, EVP_PKEY, BIO, write_bio) -{ - IMPLEMENT_PEM_provided_write_body_vars(pkey, PrivateKey, propq); - - IMPLEMENT_PEM_provided_write_body_pass(); - IMPLEMENT_PEM_provided_write_body_main(pkey, bio); - - legacy: - if (x->ameth == NULL || x->ameth->priv_encode != NULL) - return PEM_write_bio_PKCS8PrivateKey(out, x, enc, - (const char *)kstr, klen, cb, u); - return PEM_write_bio_PrivateKey_traditional(out, x, enc, kstr, klen, cb, u); -} - -PEM_write_cb_fnsig(PrivateKey, EVP_PKEY, BIO, write_bio) -{ - return PEM_write_bio_PrivateKey_ex(out, x, enc, kstr, klen, cb, u, - NULL, NULL); -} - -/* - * Note: there is no way to tell a provided pkey encoder to use "traditional" - * encoding. Therefore, if the pkey is provided, we try to take a copy - */ -int PEM_write_bio_PrivateKey_traditional(BIO *bp, const EVP_PKEY *x, - const EVP_CIPHER *enc, - const unsigned char *kstr, int klen, - pem_password_cb *cb, void *u) -{ - char pem_str[80]; - EVP_PKEY *copy = NULL; - int ret; - - if (evp_pkey_is_assigned(x) - && evp_pkey_is_provided(x) - && evp_pkey_copy_downgraded(©, x)) - x = copy; - - if (x->ameth == NULL || x->ameth->old_priv_encode == NULL) { - ERR_raise(ERR_LIB_PEM, PEM_R_UNSUPPORTED_PUBLIC_KEY_TYPE); - return 0; - } - BIO_snprintf(pem_str, 80, "%s PRIVATE KEY", x->ameth->pem_str); - ret = PEM_ASN1_write_bio((i2d_of_void *)i2d_PrivateKey, - pem_str, bp, x, enc, kstr, klen, cb, u); - - EVP_PKEY_free(copy); - return ret; -} - -EVP_PKEY *PEM_read_bio_Parameters_ex(BIO *bp, EVP_PKEY **x, - OSSL_LIB_CTX *libctx, const char *propq) -{ - return pem_read_bio_key(bp, x, NULL, NULL, libctx, propq, - EVP_PKEY_KEY_PARAMETERS); -} - -EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x) -{ - return PEM_read_bio_Parameters_ex(bp, x, NULL, NULL); -} - -PEM_write_fnsig(Parameters, EVP_PKEY, BIO, write_bio) -{ - char pem_str[80]; - IMPLEMENT_PEM_provided_write_body_vars(pkey, Parameters, NULL); - - IMPLEMENT_PEM_provided_write_body_main(pkey, bio); - - legacy: - if (!x->ameth || !x->ameth->param_encode) - return 0; - - BIO_snprintf(pem_str, 80, "%s PARAMETERS", x->ameth->pem_str); - return PEM_ASN1_write_bio((i2d_of_void *)x->ameth->param_encode, - pem_str, out, x, NULL, NULL, 0, 0, NULL); -} - -#ifndef OPENSSL_NO_STDIO -EVP_PKEY *PEM_read_PrivateKey_ex(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, - void *u, OSSL_LIB_CTX *libctx, - const char *propq) -{ - BIO *b; - EVP_PKEY *ret; - - if ((b = BIO_new(BIO_s_file())) == NULL) { - ERR_raise(ERR_LIB_PEM, ERR_R_BUF_LIB); - return 0; - } - BIO_set_fp(b, fp, BIO_NOCLOSE); - ret = PEM_read_bio_PrivateKey_ex(b, x, cb, u, libctx, propq); - BIO_free(b); - return ret; -} - -EVP_PKEY *PEM_read_PrivateKey(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, - void *u) -{ - return PEM_read_PrivateKey_ex(fp, x, cb, u, NULL, NULL); -} - -PEM_write_cb_ex_fnsig(PrivateKey, EVP_PKEY, FILE, write) -{ - BIO *b; - int ret; - - if ((b = BIO_new_fp(out, BIO_NOCLOSE)) == NULL) { - ERR_raise(ERR_LIB_PEM, ERR_R_BUF_LIB); - return 0; - } - ret = PEM_write_bio_PrivateKey_ex(b, x, enc, kstr, klen, cb, u, - libctx, propq); - BIO_free(b); - return ret; -} - -PEM_write_cb_fnsig(PrivateKey, EVP_PKEY, FILE, write) -{ - return PEM_write_PrivateKey_ex(out, x, enc, kstr, klen, cb, u, NULL, NULL); -} -#endif diff --git a/crypto/pem/pem_sign.c b/crypto/pem/pem_sign.c deleted file mode 100644 index 6ad8e4303721e01ffd11986c06e28905264448a4..0000000000000000000000000000000000000000 --- a/crypto/pem/pem_sign.c +++ /dev/null @@ -1,51 +0,0 @@ -/* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/cryptlib.h" -#include -#include -#include -#include - -int PEM_SignInit(EVP_MD_CTX *ctx, EVP_MD *type) -{ - return EVP_DigestInit_ex(ctx, type, NULL); -} - -int PEM_SignUpdate(EVP_MD_CTX *ctx, - const unsigned char *data, unsigned int count) -{ - return EVP_DigestUpdate(ctx, data, count); -} - -int PEM_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, - unsigned int *siglen, EVP_PKEY *pkey) -{ - unsigned char *m; - int i, ret = 0; - unsigned int m_len; - - m = OPENSSL_malloc(EVP_PKEY_get_size(pkey)); - if (m == NULL) { - ERR_raise(ERR_LIB_PEM, ERR_R_MALLOC_FAILURE); - goto err; - } - - if (EVP_SignFinal(ctx, m, &m_len, pkey) <= 0) - goto err; - - i = EVP_EncodeBlock(sigret, m, m_len); - *siglen = i; - ret = 1; - err: - /* ctx has been zeroed by EVP_SignFinal() */ - OPENSSL_free(m); - return ret; -} diff --git a/crypto/pem/pem_x509.c b/crypto/pem/pem_x509.c deleted file mode 100644 index 93978ee245581f127518391fb1cd88f5a38f71c9..0000000000000000000000000000000000000000 --- a/crypto/pem/pem_x509.c +++ /dev/null @@ -1,18 +0,0 @@ -/* - * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/cryptlib.h" -#include -#include -#include -#include -#include - -IMPLEMENT_PEM_rw(X509, X509, PEM_STRING_X509, X509) diff --git a/crypto/pem/pem_xaux.c b/crypto/pem/pem_xaux.c deleted file mode 100644 index d416f088e39897dbae477868b3444133e07ac41d..0000000000000000000000000000000000000000 --- a/crypto/pem/pem_xaux.c +++ /dev/null @@ -1,18 +0,0 @@ -/* - * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/cryptlib.h" -#include -#include -#include -#include -#include - -IMPLEMENT_PEM_rw(X509_AUX, X509, PEM_STRING_X509_TRUSTED, X509_AUX) diff --git a/crypto/pem/pvkfmt.c b/crypto/pem/pvkfmt.c deleted file mode 100644 index 21b16f5928c1e0b8338bafc41d93ff8dc26072f3..0000000000000000000000000000000000000000 --- a/crypto/pem/pvkfmt.c +++ /dev/null @@ -1,1125 +0,0 @@ -/* - * Copyright 2005-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * Support for PVK format keys and related structures (such a PUBLICKEYBLOB - * and PRIVATEKEYBLOB). - */ - -/* - * RSA and DSA low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include -#include -#include -#include -#include -#include "internal/cryptlib.h" -#include "crypto/pem.h" -#include "crypto/evp.h" - -/* - * Utility function: read a DWORD (4 byte unsigned integer) in little endian - * format - */ - -static unsigned int read_ledword(const unsigned char **in) -{ - const unsigned char *p = *in; - unsigned int ret; - - ret = (unsigned int)*p++; - ret |= (unsigned int)*p++ << 8; - ret |= (unsigned int)*p++ << 16; - ret |= (unsigned int)*p++ << 24; - *in = p; - return ret; -} - -/* - * Read a BIGNUM in little endian format. The docs say that this should take - * up bitlen/8 bytes. - */ - -static int read_lebn(const unsigned char **in, unsigned int nbyte, BIGNUM **r) -{ - *r = BN_lebin2bn(*in, nbyte, NULL); - if (*r == NULL) - return 0; - *in += nbyte; - return 1; -} - -/* - * Create an EVP_PKEY from a type specific key. - * This takes ownership of |key|, as long as the |evp_type| is acceptable - * (EVP_PKEY_RSA or EVP_PKEY_DSA), even if the resulting EVP_PKEY wasn't - * created. - */ -#define isdss_to_evp_type(isdss) \ - (isdss == 0 ? EVP_PKEY_RSA : isdss == 1 ? EVP_PKEY_DSA : EVP_PKEY_NONE) -static EVP_PKEY *evp_pkey_new0_key(void *key, int evp_type) -{ - EVP_PKEY *pkey = NULL; - - /* - * It's assumed that if |key| is NULL, something went wrong elsewhere - * and suitable errors are already reported. - */ - if (key == NULL) - return NULL; - - if (!ossl_assert(evp_type == EVP_PKEY_RSA || evp_type == EVP_PKEY_DSA)) { - ERR_raise(ERR_LIB_PEM, ERR_R_INTERNAL_ERROR); - return NULL; - } - - if ((pkey = EVP_PKEY_new()) != NULL) { - switch (evp_type) { - case EVP_PKEY_RSA: - if (EVP_PKEY_set1_RSA(pkey, key)) - break; - EVP_PKEY_free(pkey); - pkey = NULL; - break; -#ifndef OPENSSL_NO_DSA - case EVP_PKEY_DSA: - if (EVP_PKEY_set1_DSA(pkey, key)) - break; - EVP_PKEY_free(pkey); - pkey = NULL; - break; -#endif - } - } - - switch (evp_type) { - case EVP_PKEY_RSA: - RSA_free(key); - break; -#ifndef OPENSSL_NO_DSA - case EVP_PKEY_DSA: - DSA_free(key); - break; -#endif - } - - if (pkey == NULL) - ERR_raise(ERR_LIB_PEM, ERR_R_MALLOC_FAILURE); - return pkey; -} - -/* Convert private key blob to EVP_PKEY: RSA and DSA keys supported */ - -# define MS_PUBLICKEYBLOB 0x6 -# define MS_PRIVATEKEYBLOB 0x7 -# define MS_RSA1MAGIC 0x31415352L -# define MS_RSA2MAGIC 0x32415352L -# define MS_DSS1MAGIC 0x31535344L -# define MS_DSS2MAGIC 0x32535344L - -# define MS_KEYALG_RSA_KEYX 0xa400 -# define MS_KEYALG_DSS_SIGN 0x2200 - -# define MS_KEYTYPE_KEYX 0x1 -# define MS_KEYTYPE_SIGN 0x2 - -/* The PVK file magic number: seems to spell out "bobsfile", who is Bob? */ -# define MS_PVKMAGIC 0xb0b5f11eL -/* Salt length for PVK files */ -# define PVK_SALTLEN 0x10 -/* Maximum length in PVK header */ -# define PVK_MAX_KEYLEN 102400 -/* Maximum salt length */ -# define PVK_MAX_SALTLEN 10240 - -/* - * Read the MSBLOB header and get relevant data from it. - * - * |pisdss| and |pispub| have a double role, as they can be used for - * discovery as well as to check the the blob meets expectations. - * |*pisdss| is the indicator for whether the key is a DSA key or not. - * |*pispub| is the indicator for whether the key is public or not. - * In both cases, the following input values apply: - * - * 0 Expected to not be what the variable indicates. - * 1 Expected to be what the variable indicates. - * -1 No expectations, this function will assign 0 or 1 depending on - * header data. - */ -int ossl_do_blob_header(const unsigned char **in, unsigned int length, - unsigned int *pmagic, unsigned int *pbitlen, - int *pisdss, int *pispub) -{ - const unsigned char *p = *in; - - if (length < 16) - return 0; - /* bType */ - switch (*p) { - case MS_PUBLICKEYBLOB: - if (*pispub == 0) { - ERR_raise(ERR_LIB_PEM, PEM_R_EXPECTING_PRIVATE_KEY_BLOB); - return 0; - } - *pispub = 1; - break; - - case MS_PRIVATEKEYBLOB: - if (*pispub == 1) { - ERR_raise(ERR_LIB_PEM, PEM_R_EXPECTING_PUBLIC_KEY_BLOB); - return 0; - } - *pispub = 0; - break; - - default: - return 0; - } - p++; - /* Version */ - if (*p++ != 0x2) { - ERR_raise(ERR_LIB_PEM, PEM_R_BAD_VERSION_NUMBER); - return 0; - } - /* Ignore reserved, aiKeyAlg */ - p += 6; - *pmagic = read_ledword(&p); - *pbitlen = read_ledword(&p); - - /* Consistency check for private vs public */ - switch (*pmagic) { - case MS_DSS1MAGIC: - case MS_RSA1MAGIC: - if (*pispub == 0) { - ERR_raise(ERR_LIB_PEM, PEM_R_EXPECTING_PRIVATE_KEY_BLOB); - return 0; - } - break; - - case MS_DSS2MAGIC: - case MS_RSA2MAGIC: - if (*pispub == 1) { - ERR_raise(ERR_LIB_PEM, PEM_R_EXPECTING_PUBLIC_KEY_BLOB); - return 0; - } - break; - - default: - ERR_raise(ERR_LIB_PEM, PEM_R_BAD_MAGIC_NUMBER); - return -1; - } - - /* Check that we got the expected type */ - switch (*pmagic) { - case MS_DSS1MAGIC: - case MS_DSS2MAGIC: - if (*pisdss == 0) { - ERR_raise(ERR_LIB_PEM, PEM_R_EXPECTING_DSS_KEY_BLOB); - return 0; - } - *pisdss = 1; - break; - case MS_RSA1MAGIC: - case MS_RSA2MAGIC: - if (*pisdss == 1) { - ERR_raise(ERR_LIB_PEM, PEM_R_EXPECTING_RSA_KEY_BLOB); - return 0; - } - *pisdss = 0; - break; - - default: - ERR_raise(ERR_LIB_PEM, PEM_R_BAD_MAGIC_NUMBER); - return -1; - } - *in = p; - return 1; -} - -unsigned int ossl_blob_length(unsigned bitlen, int isdss, int ispub) -{ - unsigned int nbyte = (bitlen + 7) >> 3; - unsigned int hnbyte = (bitlen + 15) >> 4; - - if (isdss) { - - /* - * Expected length: 20 for q + 3 components bitlen each + 24 for seed - * structure. - */ - if (ispub) - return 44 + 3 * nbyte; - /* - * Expected length: 20 for q, priv, 2 bitlen components + 24 for seed - * structure. - */ - else - return 64 + 2 * nbyte; - } else { - /* Expected length: 4 for 'e' + 'n' */ - if (ispub) - return 4 + nbyte; - else - /* - * Expected length: 4 for 'e' and 7 other components. 2 - * components are bitlen size, 5 are bitlen/2 - */ - return 4 + 2 * nbyte + 5 * hnbyte; - } - -} - -static void *do_b2i_key(const unsigned char **in, unsigned int length, - int *isdss, int *ispub) -{ - const unsigned char *p = *in; - unsigned int bitlen, magic; - void *key = NULL; - - if (ossl_do_blob_header(&p, length, &magic, &bitlen, isdss, ispub) <= 0) { - ERR_raise(ERR_LIB_PEM, PEM_R_KEYBLOB_HEADER_PARSE_ERROR); - return NULL; - } - length -= 16; - if (length < ossl_blob_length(bitlen, *isdss, *ispub)) { - ERR_raise(ERR_LIB_PEM, PEM_R_KEYBLOB_TOO_SHORT); - return NULL; - } - if (!*isdss) - key = ossl_b2i_RSA_after_header(&p, bitlen, *ispub); -#ifndef OPENSSL_NO_DSA - else - key = ossl_b2i_DSA_after_header(&p, bitlen, *ispub); -#endif - - if (key == NULL) { - ERR_raise(ERR_LIB_PEM, PEM_R_UNSUPPORTED_PUBLIC_KEY_TYPE); - return NULL; - } - - return key; -} - -EVP_PKEY *ossl_b2i(const unsigned char **in, unsigned int length, int *ispub) -{ - int isdss = -1; - void *key = do_b2i_key(in, length, &isdss, ispub); - - return evp_pkey_new0_key(key, isdss_to_evp_type(isdss)); -} - -EVP_PKEY *ossl_b2i_bio(BIO *in, int *ispub) -{ - const unsigned char *p; - unsigned char hdr_buf[16], *buf = NULL; - unsigned int bitlen, magic, length; - int isdss = -1; - void *key = NULL; - EVP_PKEY *pkey = NULL; - - if (BIO_read(in, hdr_buf, 16) != 16) { - ERR_raise(ERR_LIB_PEM, PEM_R_KEYBLOB_TOO_SHORT); - return NULL; - } - p = hdr_buf; - if (ossl_do_blob_header(&p, 16, &magic, &bitlen, &isdss, ispub) <= 0) - return NULL; - - length = ossl_blob_length(bitlen, isdss, *ispub); - if (length > BLOB_MAX_LENGTH) { - ERR_raise(ERR_LIB_PEM, PEM_R_HEADER_TOO_LONG); - return NULL; - } - buf = OPENSSL_malloc(length); - if (buf == NULL) { - ERR_raise(ERR_LIB_PEM, ERR_R_MALLOC_FAILURE); - goto err; - } - p = buf; - if (BIO_read(in, buf, length) != (int)length) { - ERR_raise(ERR_LIB_PEM, PEM_R_KEYBLOB_TOO_SHORT); - goto err; - } - - if (!isdss) - key = ossl_b2i_RSA_after_header(&p, bitlen, *ispub); -#ifndef OPENSSL_NO_DSA - else - key = ossl_b2i_DSA_after_header(&p, bitlen, *ispub); -#endif - - if (key == NULL) { - ERR_raise(ERR_LIB_PEM, PEM_R_UNSUPPORTED_PUBLIC_KEY_TYPE); - goto err; - } - - pkey = evp_pkey_new0_key(key, isdss_to_evp_type(isdss)); - err: - OPENSSL_free(buf); - return pkey; -} - -#ifndef OPENSSL_NO_DSA -DSA *ossl_b2i_DSA_after_header(const unsigned char **in, unsigned int bitlen, - int ispub) -{ - const unsigned char *p = *in; - DSA *dsa = NULL; - BN_CTX *ctx = NULL; - BIGNUM *pbn = NULL, *qbn = NULL, *gbn = NULL, *priv_key = NULL; - BIGNUM *pub_key = NULL; - unsigned int nbyte = (bitlen + 7) >> 3; - - dsa = DSA_new(); - if (dsa == NULL) - goto memerr; - if (!read_lebn(&p, nbyte, &pbn)) - goto memerr; - - if (!read_lebn(&p, 20, &qbn)) - goto memerr; - - if (!read_lebn(&p, nbyte, &gbn)) - goto memerr; - - if (ispub) { - if (!read_lebn(&p, nbyte, &pub_key)) - goto memerr; - } else { - if (!read_lebn(&p, 20, &priv_key)) - goto memerr; - - /* Set constant time flag before public key calculation */ - BN_set_flags(priv_key, BN_FLG_CONSTTIME); - - /* Calculate public key */ - pub_key = BN_new(); - if (pub_key == NULL) - goto memerr; - if ((ctx = BN_CTX_new()) == NULL) - goto memerr; - - if (!BN_mod_exp(pub_key, gbn, priv_key, pbn, ctx)) - goto memerr; - - BN_CTX_free(ctx); - ctx = NULL; - } - if (!DSA_set0_pqg(dsa, pbn, qbn, gbn)) - goto memerr; - pbn = qbn = gbn = NULL; - if (!DSA_set0_key(dsa, pub_key, priv_key)) - goto memerr; - pub_key = priv_key = NULL; - - *in = p; - return dsa; - - memerr: - ERR_raise(ERR_LIB_PEM, ERR_R_MALLOC_FAILURE); - DSA_free(dsa); - BN_free(pbn); - BN_free(qbn); - BN_free(gbn); - BN_free(pub_key); - BN_free(priv_key); - BN_CTX_free(ctx); - return NULL; -} -#endif - -RSA *ossl_b2i_RSA_after_header(const unsigned char **in, unsigned int bitlen, - int ispub) -{ - const unsigned char *pin = *in; - BIGNUM *e = NULL, *n = NULL, *d = NULL; - BIGNUM *p = NULL, *q = NULL, *dmp1 = NULL, *dmq1 = NULL, *iqmp = NULL; - RSA *rsa = NULL; - unsigned int nbyte = (bitlen + 7) >> 3; - unsigned int hnbyte = (bitlen + 15) >> 4; - - rsa = RSA_new(); - if (rsa == NULL) - goto memerr; - e = BN_new(); - if (e == NULL) - goto memerr; - if (!BN_set_word(e, read_ledword(&pin))) - goto memerr; - if (!read_lebn(&pin, nbyte, &n)) - goto memerr; - if (!ispub) { - if (!read_lebn(&pin, hnbyte, &p)) - goto memerr; - if (!read_lebn(&pin, hnbyte, &q)) - goto memerr; - if (!read_lebn(&pin, hnbyte, &dmp1)) - goto memerr; - if (!read_lebn(&pin, hnbyte, &dmq1)) - goto memerr; - if (!read_lebn(&pin, hnbyte, &iqmp)) - goto memerr; - if (!read_lebn(&pin, nbyte, &d)) - goto memerr; - if (!RSA_set0_factors(rsa, p, q)) - goto memerr; - p = q = NULL; - if (!RSA_set0_crt_params(rsa, dmp1, dmq1, iqmp)) - goto memerr; - dmp1 = dmq1 = iqmp = NULL; - } - if (!RSA_set0_key(rsa, n, e, d)) - goto memerr; - n = e = d = NULL; - - *in = pin; - return rsa; - memerr: - ERR_raise(ERR_LIB_PEM, ERR_R_MALLOC_FAILURE); - BN_free(e); - BN_free(n); - BN_free(p); - BN_free(q); - BN_free(dmp1); - BN_free(dmq1); - BN_free(iqmp); - BN_free(d); - RSA_free(rsa); - return NULL; -} - -EVP_PKEY *b2i_PrivateKey(const unsigned char **in, long length) -{ - int ispub = 0; - - return ossl_b2i(in, length, &ispub); -} - -EVP_PKEY *b2i_PublicKey(const unsigned char **in, long length) -{ - int ispub = 1; - - return ossl_b2i(in, length, &ispub); -} - -EVP_PKEY *b2i_PrivateKey_bio(BIO *in) -{ - int ispub = 0; - - return ossl_b2i_bio(in, &ispub); -} - -EVP_PKEY *b2i_PublicKey_bio(BIO *in) -{ - int ispub = 1; - - return ossl_b2i_bio(in, &ispub); -} - -static void write_ledword(unsigned char **out, unsigned int dw) -{ - unsigned char *p = *out; - - *p++ = dw & 0xff; - *p++ = (dw >> 8) & 0xff; - *p++ = (dw >> 16) & 0xff; - *p++ = (dw >> 24) & 0xff; - *out = p; -} - -static void write_lebn(unsigned char **out, const BIGNUM *bn, int len) -{ - BN_bn2lebinpad(bn, *out, len); - *out += len; -} - -static int check_bitlen_rsa(const RSA *rsa, int ispub, unsigned int *magic); -static void write_rsa(unsigned char **out, const RSA *rsa, int ispub); - -#ifndef OPENSSL_NO_DSA -static int check_bitlen_dsa(const DSA *dsa, int ispub, unsigned int *magic); -static void write_dsa(unsigned char **out, const DSA *dsa, int ispub); -#endif - -static int do_i2b(unsigned char **out, const EVP_PKEY *pk, int ispub) -{ - unsigned char *p; - unsigned int bitlen = 0, magic = 0, keyalg = 0; - int outlen = -1, noinc = 0; - - if (EVP_PKEY_is_a(pk, "RSA")) { - bitlen = check_bitlen_rsa(EVP_PKEY_get0_RSA(pk), ispub, &magic); - keyalg = MS_KEYALG_RSA_KEYX; -#ifndef OPENSSL_NO_DSA - } else if (EVP_PKEY_is_a(pk, "DSA")) { - bitlen = check_bitlen_dsa(EVP_PKEY_get0_DSA(pk), ispub, &magic); - keyalg = MS_KEYALG_DSS_SIGN; -#endif - } - if (bitlen == 0) { - goto end; - } - outlen = 16 - + ossl_blob_length(bitlen, keyalg == MS_KEYALG_DSS_SIGN ? 1 : 0, ispub); - if (out == NULL) - goto end; - if (*out) - p = *out; - else { - if ((p = OPENSSL_malloc(outlen)) == NULL) { - ERR_raise(ERR_LIB_PEM, ERR_R_MALLOC_FAILURE); - outlen = -1; - goto end; - } - *out = p; - noinc = 1; - } - if (ispub) - *p++ = MS_PUBLICKEYBLOB; - else - *p++ = MS_PRIVATEKEYBLOB; - *p++ = 0x2; - *p++ = 0; - *p++ = 0; - write_ledword(&p, keyalg); - write_ledword(&p, magic); - write_ledword(&p, bitlen); - if (keyalg == MS_KEYALG_RSA_KEYX) - write_rsa(&p, EVP_PKEY_get0_RSA(pk), ispub); -#ifndef OPENSSL_NO_DSA - else - write_dsa(&p, EVP_PKEY_get0_DSA(pk), ispub); -#endif - if (!noinc) - *out += outlen; - end: - return outlen; -} - -static int do_i2b_bio(BIO *out, const EVP_PKEY *pk, int ispub) -{ - unsigned char *tmp = NULL; - int outlen, wrlen; - - outlen = do_i2b(&tmp, pk, ispub); - if (outlen < 0) - return -1; - wrlen = BIO_write(out, tmp, outlen); - OPENSSL_free(tmp); - if (wrlen == outlen) - return outlen; - return -1; -} - -static int check_bitlen_rsa(const RSA *rsa, int ispub, unsigned int *pmagic) -{ - int nbyte, hnbyte, bitlen; - const BIGNUM *e; - - RSA_get0_key(rsa, NULL, &e, NULL); - if (BN_num_bits(e) > 32) - goto badkey; - bitlen = RSA_bits(rsa); - nbyte = RSA_size(rsa); - hnbyte = (bitlen + 15) >> 4; - if (ispub) { - *pmagic = MS_RSA1MAGIC; - return bitlen; - } else { - const BIGNUM *d, *p, *q, *iqmp, *dmp1, *dmq1; - - *pmagic = MS_RSA2MAGIC; - - /* - * For private key each component must fit within nbyte or hnbyte. - */ - RSA_get0_key(rsa, NULL, NULL, &d); - if (BN_num_bytes(d) > nbyte) - goto badkey; - RSA_get0_factors(rsa, &p, &q); - RSA_get0_crt_params(rsa, &dmp1, &dmq1, &iqmp); - if ((BN_num_bytes(iqmp) > hnbyte) - || (BN_num_bytes(p) > hnbyte) - || (BN_num_bytes(q) > hnbyte) - || (BN_num_bytes(dmp1) > hnbyte) - || (BN_num_bytes(dmq1) > hnbyte)) - goto badkey; - } - return bitlen; - badkey: - ERR_raise(ERR_LIB_PEM, PEM_R_UNSUPPORTED_KEY_COMPONENTS); - return 0; -} - -static void write_rsa(unsigned char **out, const RSA *rsa, int ispub) -{ - int nbyte, hnbyte; - const BIGNUM *n, *d, *e, *p, *q, *iqmp, *dmp1, *dmq1; - - nbyte = RSA_size(rsa); - hnbyte = (RSA_bits(rsa) + 15) >> 4; - RSA_get0_key(rsa, &n, &e, &d); - write_lebn(out, e, 4); - write_lebn(out, n, nbyte); - if (ispub) - return; - RSA_get0_factors(rsa, &p, &q); - RSA_get0_crt_params(rsa, &dmp1, &dmq1, &iqmp); - write_lebn(out, p, hnbyte); - write_lebn(out, q, hnbyte); - write_lebn(out, dmp1, hnbyte); - write_lebn(out, dmq1, hnbyte); - write_lebn(out, iqmp, hnbyte); - write_lebn(out, d, nbyte); -} - -#ifndef OPENSSL_NO_DSA -static int check_bitlen_dsa(const DSA *dsa, int ispub, unsigned int *pmagic) -{ - int bitlen; - const BIGNUM *p = NULL, *q = NULL, *g = NULL; - const BIGNUM *pub_key = NULL, *priv_key = NULL; - - DSA_get0_pqg(dsa, &p, &q, &g); - DSA_get0_key(dsa, &pub_key, &priv_key); - bitlen = BN_num_bits(p); - if ((bitlen & 7) || (BN_num_bits(q) != 160) - || (BN_num_bits(g) > bitlen)) - goto badkey; - if (ispub) { - if (BN_num_bits(pub_key) > bitlen) - goto badkey; - *pmagic = MS_DSS1MAGIC; - } else { - if (BN_num_bits(priv_key) > 160) - goto badkey; - *pmagic = MS_DSS2MAGIC; - } - - return bitlen; - badkey: - ERR_raise(ERR_LIB_PEM, PEM_R_UNSUPPORTED_KEY_COMPONENTS); - return 0; -} - -static void write_dsa(unsigned char **out, const DSA *dsa, int ispub) -{ - int nbyte; - const BIGNUM *p = NULL, *q = NULL, *g = NULL; - const BIGNUM *pub_key = NULL, *priv_key = NULL; - - DSA_get0_pqg(dsa, &p, &q, &g); - DSA_get0_key(dsa, &pub_key, &priv_key); - nbyte = BN_num_bytes(p); - write_lebn(out, p, nbyte); - write_lebn(out, q, 20); - write_lebn(out, g, nbyte); - if (ispub) - write_lebn(out, pub_key, nbyte); - else - write_lebn(out, priv_key, 20); - /* Set "invalid" for seed structure values */ - memset(*out, 0xff, 24); - *out += 24; - return; -} -#endif - -int i2b_PrivateKey_bio(BIO *out, const EVP_PKEY *pk) -{ - return do_i2b_bio(out, pk, 0); -} - -int i2b_PublicKey_bio(BIO *out, const EVP_PKEY *pk) -{ - return do_i2b_bio(out, pk, 1); -} - -int ossl_do_PVK_header(const unsigned char **in, unsigned int length, - int skip_magic, - unsigned int *psaltlen, unsigned int *pkeylen) -{ - const unsigned char *p = *in; - unsigned int pvk_magic, is_encrypted; - - if (skip_magic) { - if (length < 20) { - ERR_raise(ERR_LIB_PEM, PEM_R_PVK_TOO_SHORT); - return 0; - } - } else { - if (length < 24) { - ERR_raise(ERR_LIB_PEM, PEM_R_PVK_TOO_SHORT); - return 0; - } - pvk_magic = read_ledword(&p); - if (pvk_magic != MS_PVKMAGIC) { - ERR_raise(ERR_LIB_PEM, PEM_R_BAD_MAGIC_NUMBER); - return 0; - } - } - /* Skip reserved */ - p += 4; - /* - * keytype = - */ read_ledword(&p); - is_encrypted = read_ledword(&p); - *psaltlen = read_ledword(&p); - *pkeylen = read_ledword(&p); - - if (*pkeylen > PVK_MAX_KEYLEN || *psaltlen > PVK_MAX_SALTLEN) - return 0; - - if (is_encrypted && *psaltlen == 0) { - ERR_raise(ERR_LIB_PEM, PEM_R_INCONSISTENT_HEADER); - return 0; - } - - *in = p; - return 1; -} - -#ifndef OPENSSL_NO_RC4 -static int derive_pvk_key(unsigned char *key, - const unsigned char *salt, unsigned int saltlen, - const unsigned char *pass, int passlen, - OSSL_LIB_CTX *libctx, const char *propq) -{ - EVP_MD_CTX *mctx = EVP_MD_CTX_new(); - int rv = 0; - EVP_MD *sha1 = NULL; - - if ((sha1 = EVP_MD_fetch(libctx, SN_sha1, propq)) == NULL) - goto err; - - if (mctx == NULL - || !EVP_DigestInit_ex(mctx, sha1, NULL) - || !EVP_DigestUpdate(mctx, salt, saltlen) - || !EVP_DigestUpdate(mctx, pass, passlen) - || !EVP_DigestFinal_ex(mctx, key, NULL)) - goto err; - - rv = 1; -err: - EVP_MD_CTX_free(mctx); - EVP_MD_free(sha1); - return rv; -} -#endif - -static void *do_PVK_body_key(const unsigned char **in, - unsigned int saltlen, unsigned int keylen, - pem_password_cb *cb, void *u, - int *isdss, int *ispub, - OSSL_LIB_CTX *libctx, const char *propq) -{ - const unsigned char *p = *in; - unsigned char *enctmp = NULL; - unsigned char keybuf[20]; - void *key = NULL; -#ifndef OPENSSL_NO_RC4 - EVP_CIPHER *rc4 = NULL; -#endif - EVP_CIPHER_CTX *cctx = EVP_CIPHER_CTX_new(); - - if (cctx == NULL) { - ERR_raise(ERR_LIB_PEM, ERR_R_MALLOC_FAILURE); - goto err; - } - - if (saltlen) { -#ifndef OPENSSL_NO_RC4 - unsigned int magic; - char psbuf[PEM_BUFSIZE]; - int enctmplen, inlen; - unsigned char *q; - - if (cb) - inlen = cb(psbuf, PEM_BUFSIZE, 0, u); - else - inlen = PEM_def_callback(psbuf, PEM_BUFSIZE, 0, u); - if (inlen < 0) { - ERR_raise(ERR_LIB_PEM, PEM_R_BAD_PASSWORD_READ); - goto err; - } - enctmp = OPENSSL_malloc(keylen + 8); - if (enctmp == NULL) { - ERR_raise(ERR_LIB_PEM, ERR_R_MALLOC_FAILURE); - goto err; - } - if (!derive_pvk_key(keybuf, p, saltlen, - (unsigned char *)psbuf, inlen, libctx, propq)) - goto err; - p += saltlen; - /* Copy BLOBHEADER across, decrypt rest */ - memcpy(enctmp, p, 8); - p += 8; - if (keylen < 8) { - ERR_raise(ERR_LIB_PEM, PEM_R_PVK_TOO_SHORT); - goto err; - } - inlen = keylen - 8; - q = enctmp + 8; - if ((rc4 = EVP_CIPHER_fetch(libctx, "RC4", propq)) == NULL) - goto err; - if (!EVP_DecryptInit_ex(cctx, rc4, NULL, keybuf, NULL)) - goto err; - if (!EVP_DecryptUpdate(cctx, q, &enctmplen, p, inlen)) - goto err; - if (!EVP_DecryptFinal_ex(cctx, q + enctmplen, &enctmplen)) - goto err; - magic = read_ledword((const unsigned char **)&q); - if (magic != MS_RSA2MAGIC && magic != MS_DSS2MAGIC) { - q = enctmp + 8; - memset(keybuf + 5, 0, 11); - if (!EVP_DecryptInit_ex(cctx, rc4, NULL, keybuf, NULL)) - goto err; - if (!EVP_DecryptUpdate(cctx, q, &enctmplen, p, inlen)) - goto err; - if (!EVP_DecryptFinal_ex(cctx, q + enctmplen, &enctmplen)) - goto err; - magic = read_ledword((const unsigned char **)&q); - if (magic != MS_RSA2MAGIC && magic != MS_DSS2MAGIC) { - ERR_raise(ERR_LIB_PEM, PEM_R_BAD_DECRYPT); - goto err; - } - } - p = enctmp; -#else - ERR_raise(ERR_LIB_PEM, PEM_R_UNSUPPORTED_CIPHER); - goto err; -#endif - } - - key = do_b2i_key(&p, keylen, isdss, ispub); - err: - EVP_CIPHER_CTX_free(cctx); -#ifndef OPENSSL_NO_RC4 - EVP_CIPHER_free(rc4); -#endif - if (enctmp != NULL) { - OPENSSL_cleanse(keybuf, sizeof(keybuf)); - OPENSSL_free(enctmp); - } - return key; -} - -static void *do_PVK_key_bio(BIO *in, pem_password_cb *cb, void *u, - int *isdss, int *ispub, - OSSL_LIB_CTX *libctx, const char *propq) -{ - unsigned char pvk_hdr[24], *buf = NULL; - const unsigned char *p; - int buflen; - void *key = NULL; - unsigned int saltlen, keylen; - - if (BIO_read(in, pvk_hdr, 24) != 24) { - ERR_raise(ERR_LIB_PEM, PEM_R_PVK_DATA_TOO_SHORT); - return NULL; - } - p = pvk_hdr; - - if (!ossl_do_PVK_header(&p, 24, 0, &saltlen, &keylen)) - return 0; - buflen = (int)keylen + saltlen; - buf = OPENSSL_malloc(buflen); - if (buf == NULL) { - ERR_raise(ERR_LIB_PEM, ERR_R_MALLOC_FAILURE); - return 0; - } - p = buf; - if (BIO_read(in, buf, buflen) != buflen) { - ERR_raise(ERR_LIB_PEM, PEM_R_PVK_DATA_TOO_SHORT); - goto err; - } - key = do_PVK_body_key(&p, saltlen, keylen, cb, u, isdss, ispub, libctx, propq); - - err: - OPENSSL_clear_free(buf, buflen); - return key; -} - -#ifndef OPENSSL_NO_DSA -DSA *b2i_DSA_PVK_bio_ex(BIO *in, pem_password_cb *cb, void *u, - OSSL_LIB_CTX *libctx, const char *propq) -{ - int isdss = 1; - int ispub = 0; /* PVK keys are always private */ - - return do_PVK_key_bio(in, cb, u, &isdss, &ispub, libctx, propq); -} - -DSA *b2i_DSA_PVK_bio(BIO *in, pem_password_cb *cb, void *u) -{ - return b2i_DSA_PVK_bio_ex(in, cb, u, NULL, NULL); -} -#endif - -RSA *b2i_RSA_PVK_bio_ex(BIO *in, pem_password_cb *cb, void *u, - OSSL_LIB_CTX *libctx, const char *propq) -{ - int isdss = 0; - int ispub = 0; /* PVK keys are always private */ - - return do_PVK_key_bio(in, cb, u, &isdss, &ispub, libctx, propq); -} - -RSA *b2i_RSA_PVK_bio(BIO *in, pem_password_cb *cb, void *u) -{ - return b2i_RSA_PVK_bio_ex(in, cb, u, NULL, NULL); -} - -EVP_PKEY *b2i_PVK_bio_ex(BIO *in, pem_password_cb *cb, void *u, - OSSL_LIB_CTX *libctx, const char *propq) -{ - int isdss = -1; - int ispub = -1; - void *key = do_PVK_key_bio(in, cb, u, &isdss, &ispub, NULL, NULL); - - return evp_pkey_new0_key(key, isdss_to_evp_type(isdss)); -} - -EVP_PKEY *b2i_PVK_bio(BIO *in, pem_password_cb *cb, void *u) -{ - return b2i_PVK_bio_ex(in, cb, u, NULL, NULL); -} - -static int i2b_PVK(unsigned char **out, const EVP_PKEY *pk, int enclevel, - pem_password_cb *cb, void *u, OSSL_LIB_CTX *libctx, - const char *propq) -{ - int ret = -1; - int outlen = 24, pklen; - unsigned char *p = NULL, *start = NULL; - EVP_CIPHER_CTX *cctx = NULL; -#ifndef OPENSSL_NO_RC4 - unsigned char *salt = NULL; - EVP_CIPHER *rc4 = NULL; -#endif - - if (enclevel) - outlen += PVK_SALTLEN; - pklen = do_i2b(NULL, pk, 0); - if (pklen < 0) - return -1; - outlen += pklen; - if (out == NULL) - return outlen; - if (*out != NULL) { - p = *out; - } else { - start = p = OPENSSL_malloc(outlen); - if (p == NULL) { - ERR_raise(ERR_LIB_PEM, ERR_R_MALLOC_FAILURE); - return -1; - } - } - - cctx = EVP_CIPHER_CTX_new(); - if (cctx == NULL) - goto error; - - write_ledword(&p, MS_PVKMAGIC); - write_ledword(&p, 0); - if (EVP_PKEY_get_id(pk) == EVP_PKEY_RSA) - write_ledword(&p, MS_KEYTYPE_KEYX); -#ifndef OPENSSL_NO_DSA - else - write_ledword(&p, MS_KEYTYPE_SIGN); -#endif - write_ledword(&p, enclevel ? 1 : 0); - write_ledword(&p, enclevel ? PVK_SALTLEN : 0); - write_ledword(&p, pklen); - if (enclevel) { -#ifndef OPENSSL_NO_RC4 - if (RAND_bytes_ex(libctx, p, PVK_SALTLEN, 0) <= 0) - goto error; - salt = p; - p += PVK_SALTLEN; -#endif - } - do_i2b(&p, pk, 0); - if (enclevel != 0) { -#ifndef OPENSSL_NO_RC4 - char psbuf[PEM_BUFSIZE]; - unsigned char keybuf[20]; - int enctmplen, inlen; - if (cb) - inlen = cb(psbuf, PEM_BUFSIZE, 1, u); - else - inlen = PEM_def_callback(psbuf, PEM_BUFSIZE, 1, u); - if (inlen <= 0) { - ERR_raise(ERR_LIB_PEM, PEM_R_BAD_PASSWORD_READ); - goto error; - } - if (!derive_pvk_key(keybuf, salt, PVK_SALTLEN, - (unsigned char *)psbuf, inlen, libctx, propq)) - goto error; - if ((rc4 = EVP_CIPHER_fetch(libctx, "RC4", propq)) == NULL) - goto error; - if (enclevel == 1) - memset(keybuf + 5, 0, 11); - p = salt + PVK_SALTLEN + 8; - if (!EVP_EncryptInit_ex(cctx, rc4, NULL, keybuf, NULL)) - goto error; - OPENSSL_cleanse(keybuf, 20); - if (!EVP_EncryptUpdate(cctx, p, &enctmplen, p, pklen - 8)) - goto error; - if (!EVP_EncryptFinal_ex(cctx, p + enctmplen, &enctmplen)) - goto error; -#else - ERR_raise(ERR_LIB_PEM, PEM_R_UNSUPPORTED_CIPHER); - goto error; -#endif - } - - if (*out == NULL) - *out = start; - ret = outlen; - error: - EVP_CIPHER_CTX_free(cctx); -#ifndef OPENSSL_NO_RC4 - EVP_CIPHER_free(rc4); -#endif - if (*out == NULL) - OPENSSL_free(start); - - return ret; -} - -int i2b_PVK_bio_ex(BIO *out, const EVP_PKEY *pk, int enclevel, - pem_password_cb *cb, void *u, OSSL_LIB_CTX *libctx, - const char *propq) -{ - unsigned char *tmp = NULL; - int outlen, wrlen; - - outlen = i2b_PVK(&tmp, pk, enclevel, cb, u, libctx, propq); - if (outlen < 0) - return -1; - wrlen = BIO_write(out, tmp, outlen); - OPENSSL_free(tmp); - if (wrlen == outlen) { - return outlen; - } - ERR_raise(ERR_LIB_PEM, PEM_R_BIO_WRITE_FAILURE); - return -1; -} - -int i2b_PVK_bio(BIO *out, const EVP_PKEY *pk, int enclevel, - pem_password_cb *cb, void *u) -{ - return i2b_PVK_bio_ex(out, pk, enclevel, cb, u, NULL, NULL); -} - diff --git a/crypto/perlasm/README.md b/crypto/perlasm/README.md deleted file mode 100644 index 912dac7f0736f425a7785a1563df677df0343d2a..0000000000000000000000000000000000000000 --- a/crypto/perlasm/README.md +++ /dev/null @@ -1,130 +0,0 @@ -Perl scripts for assembler sources -================================== - -The perl scripts in this directory are my 'hack' to generate -multiple different assembler formats via the one original script. - -The way to use this library is to start with adding the path to this directory -and then include it. - - push(@INC,"perlasm","../../perlasm"); - require "x86asm.pl"; - -The first thing we do is setup the file and type of assembler - - &asm_init($ARGV[0]); - -The first argument is the 'type'. Currently -`cpp`, `sol`, `a.out`, `elf` or `win32`. -The second argument is the file name. - -The reciprocal function is -`&asm_finish()` which should be called at the end. - -There are two main 'packages'. `x86ms.pl`, which is the Microsoft assembler, -and `x86unix.pl` which is the unix (gas) version. - -Functions of interest are: - - &external_label("des_SPtrans"); declare and external variable - &LB(reg); Low byte for a register - &HB(reg); High byte for a register - &BP(off,base,index,scale) Byte pointer addressing - &DWP(off,base,index,scale) Word pointer addressing - &stack_push(num) Basically a 'sub esp, num*4' with extra - &stack_pop(num) inverse of stack_push - &function_begin(name,extra) Start a function with pushing of - edi, esi, ebx and ebp. extra is extra win32 - external info that may be required. - &function_begin_B(name,extra) Same as normal function_begin but no - pushing. - &function_end(name) Call at end of function. - &function_end_A(name) Standard pop and ret, for use inside - functions. - &function_end_B(name) Call at end but with pop or ret. - &swtmp(num) Address on stack temp word. - &wparam(num) Parameter number num, that was push in - C convention. This all works over pushes - and pops. - &comment("hello there") Put in a comment. - &label("loop") Refer to a label, normally a jmp target. - &set_label("loop") Set a label at this point. - &data_word(word) Put in a word of data. - -So how does this all hold together? Given - - int calc(int len, int *data) - { - int i,j=0; - - for (i=0; i$output" || die "can't open $output: $!"; - -$flavour = "linux32" if (!$flavour or $flavour eq "void"); - -my %GLOBALS; -my $dotinlocallabels=($flavour=~/linux/)?1:0; - -################################################################ -# directives which need special treatment on different platforms -################################################################ -my $arch = sub { - if ($flavour =~ /linux/) { ".arch\t".join(',',@_); } - else { ""; } -}; -my $fpu = sub { - if ($flavour =~ /linux/) { ".fpu\t".join(',',@_); } - else { ""; } -}; -my $rodata = sub { - SWITCH: for ($flavour) { - /linux/ && return ".section\t.rodata"; - /ios/ && return ".section\t__TEXT,__const"; - last; - } -}; -my $hidden = sub { - if ($flavour =~ /ios/) { ".private_extern\t".join(',',@_); } - else { ".hidden\t".join(',',@_); } -}; -my $comm = sub { - my @args = split(/,\s*/,shift); - my $name = @args[0]; - my $global = \$GLOBALS{$name}; - my $ret; - - if ($flavour =~ /ios32/) { - $ret = ".comm\t_$name,@args[1]\n"; - $ret .= ".non_lazy_symbol_pointer\n"; - $ret .= "$name:\n"; - $ret .= ".indirect_symbol\t_$name\n"; - $ret .= ".long\t0"; - $name = "_$name"; - } else { $ret = ".comm\t".join(',',@args); } - - $$global = $name; - $ret; -}; -my $globl = sub { - my $name = shift; - my $global = \$GLOBALS{$name}; - my $ret; - - SWITCH: for ($flavour) { - /ios/ && do { $name = "_$name"; - last; - }; - } - - $ret = ".globl $name" if (!$ret); - $$global = $name; - $ret; -}; -my $global = $globl; -my $extern = sub { - &$globl(@_); - return; # return nothing -}; -my $type = sub { - if ($flavour =~ /linux/) { ".type\t".join(',',@_); } - elsif ($flavour =~ /ios32/) { if (join(',',@_) =~ /(\w+),%function/) { - "#ifdef __thumb2__\n". - ".thumb_func $1\n". - "#endif"; - } - } - else { ""; } -}; -my $size = sub { - if ($flavour =~ /linux/) { ".size\t".join(',',@_); } - else { ""; } -}; -my $inst = sub { - if ($flavour =~ /linux/) { ".inst\t".join(',',@_); } - else { ".long\t".join(',',@_); } -}; -my $asciz = sub { - my $line = join(",",@_); - if ($line =~ /^"(.*)"$/) - { ".byte " . join(",",unpack("C*",$1),0) . "\n.align 2"; } - else - { ""; } -}; - -my $adrp = sub { - my ($args,$comment) = split(m|\s*//|,shift); - "\tadrp\t$args\@PAGE"; -} if ($flavour =~ /ios64/); - - -sub range { - my ($r,$sfx,$start,$end) = @_; - - join(",",map("$r$_$sfx",($start..$end))); -} - -sub expand_line { - my $line = shift; - my @ret = (); - - pos($line)=0; - - while ($line =~ m/\G[^@\/\{\"]*/g) { - if ($line =~ m/\G(@|\/\/|$)/gc) { - last; - } - elsif ($line =~ m/\G\{/gc) { - my $saved_pos = pos($line); - $line =~ s/\G([rdqv])([0-9]+)([^\-]*)\-\1([0-9]+)\3/range($1,$3,$2,$4)/e; - pos($line) = $saved_pos; - $line =~ m/\G[^\}]*\}/g; - } - elsif ($line =~ m/\G\"/gc) { - $line =~ m/\G[^\"]*\"/g; - } - } - - $line =~ s/\b(\w+)/$GLOBALS{$1} or $1/ge; - - if ($flavour =~ /ios64/) { - $line =~ s/#:lo12:(\w+)/$1\@PAGEOFF/; - } - - return $line; -} - -while(my $line=<>) { - - if ($line =~ m/^\s*(#|@|\/\/)/) { print $line; next; } - - $line =~ s|/\*.*\*/||; # get rid of C-style comments... - $line =~ s|^\s+||; # ... and skip whitespace in beginning... - $line =~ s|\s+$||; # ... and at the end - - { - $line =~ s|[\b\.]L(\w{2,})|L$1|g; # common denominator for Locallabel - $line =~ s|\bL(\w{2,})|\.L$1|g if ($dotinlocallabels); - } - - { - $line =~ s|(^[\.\w]+)\:\s*||; - my $label = $1; - if ($label) { - printf "%s:",($GLOBALS{$label} or $label); - } - } - - if ($line !~ m/^[#@]/) { - $line =~ s|^\s*(\.?)(\S+)\s*||; - my $c = $1; $c = "\t" if ($c eq ""); - my $mnemonic = $2; - my $opcode; - if ($mnemonic =~ m/([^\.]+)\.([^\.]+)/) { - $opcode = eval("\$$1_$2"); - } else { - $opcode = eval("\$$mnemonic"); - } - - my $arg=expand_line($line); - - if (ref($opcode) eq 'CODE') { - $line = &$opcode($arg); - } elsif ($mnemonic) { - $line = $c.$mnemonic; - $line.= "\t$arg" if ($arg ne ""); - } - } - - print $line if ($line); - print "\n"; -} - -close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/perlasm/cbc.pl b/crypto/perlasm/cbc.pl deleted file mode 100644 index ef09e0fd297a2123a8c352b007862a8a2f46645f..0000000000000000000000000000000000000000 --- a/crypto/perlasm/cbc.pl +++ /dev/null @@ -1,363 +0,0 @@ -#! /usr/bin/env perl -# Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - - -# void des_ncbc_encrypt(input, output, length, schedule, ivec, enc) -# des_cblock (*input); -# des_cblock (*output); -# long length; -# des_key_schedule schedule; -# des_cblock (*ivec); -# int enc; -# -# calls -# des_encrypt((DES_LONG *)tin,schedule,DES_ENCRYPT); -# - -#&cbc("des_ncbc_encrypt","des_encrypt",0); -#&cbc("BF_cbc_encrypt","BF_encrypt","BF_encrypt", -# 1,4,5,3,5,-1); -#&cbc("des_ncbc_encrypt","des_encrypt","des_encrypt", -# 0,4,5,3,5,-1); -#&cbc("des_ede3_cbc_encrypt","des_encrypt3","des_decrypt3", -# 0,6,7,3,4,5); -# -# When doing a cipher that needs bigendian order, -# for encrypt, the iv is kept in bigendian form, -# while for decrypt, it is kept in little endian. -sub cbc - { - local($name,$enc_func,$dec_func,$swap,$iv_off,$enc_off,$p1,$p2,$p3)=@_; - # name is the function name - # enc_func and dec_func and the functions to call for encrypt/decrypt - # swap is true if byte order needs to be reversed - # iv_off is parameter number for the iv - # enc_off is parameter number for the encrypt/decrypt flag - # p1,p2,p3 are the offsets for parameters to be passed to the - # underlying calls. - - &function_begin_B($name,""); - &comment(""); - - $in="esi"; - $out="edi"; - $count="ebp"; - - &push("ebp"); - &push("ebx"); - &push("esi"); - &push("edi"); - - $data_off=4; - $data_off+=4 if ($p1 > 0); - $data_off+=4 if ($p2 > 0); - $data_off+=4 if ($p3 > 0); - - &mov($count, &wparam(2)); # length - - &comment("getting iv ptr from parameter $iv_off"); - &mov("ebx", &wparam($iv_off)); # Get iv ptr - - &mov($in, &DWP(0,"ebx","",0));# iv[0] - &mov($out, &DWP(4,"ebx","",0));# iv[1] - - &push($out); - &push($in); - &push($out); # used in decrypt for iv[1] - &push($in); # used in decrypt for iv[0] - - &mov("ebx", "esp"); # This is the address of tin[2] - - &mov($in, &wparam(0)); # in - &mov($out, &wparam(1)); # out - - # We have loaded them all, how lets push things - &comment("getting encrypt flag from parameter $enc_off"); - &mov("ecx", &wparam($enc_off)); # Get enc flag - if ($p3 > 0) - { - &comment("get and push parameter $p3"); - if ($enc_off != $p3) - { &mov("eax", &wparam($p3)); &push("eax"); } - else { &push("ecx"); } - } - if ($p2 > 0) - { - &comment("get and push parameter $p2"); - if ($enc_off != $p2) - { &mov("eax", &wparam($p2)); &push("eax"); } - else { &push("ecx"); } - } - if ($p1 > 0) - { - &comment("get and push parameter $p1"); - if ($enc_off != $p1) - { &mov("eax", &wparam($p1)); &push("eax"); } - else { &push("ecx"); } - } - &push("ebx"); # push data/iv - - &cmp("ecx",0); - &jz(&label("decrypt")); - - &and($count,0xfffffff8); - &mov("eax", &DWP($data_off,"esp","",0)); # load iv[0] - &mov("ebx", &DWP($data_off+4,"esp","",0)); # load iv[1] - - &jz(&label("encrypt_finish")); - - ############################################################# - - &set_label("encrypt_loop"); - # encrypt start - # "eax" and "ebx" hold iv (or the last cipher text) - - &mov("ecx", &DWP(0,$in,"",0)); # load first 4 bytes - &mov("edx", &DWP(4,$in,"",0)); # second 4 bytes - - &xor("eax", "ecx"); - &xor("ebx", "edx"); - - &bswap("eax") if $swap; - &bswap("ebx") if $swap; - - &mov(&DWP($data_off,"esp","",0), "eax"); # put in array for call - &mov(&DWP($data_off+4,"esp","",0), "ebx"); # - - &call($enc_func); - - &mov("eax", &DWP($data_off,"esp","",0)); - &mov("ebx", &DWP($data_off+4,"esp","",0)); - - &bswap("eax") if $swap; - &bswap("ebx") if $swap; - - &mov(&DWP(0,$out,"",0),"eax"); - &mov(&DWP(4,$out,"",0),"ebx"); - - # eax and ebx are the next iv. - - &add($in, 8); - &add($out, 8); - - &sub($count, 8); - &jnz(&label("encrypt_loop")); - -###################################################################3 - &set_label("encrypt_finish"); - &mov($count, &wparam(2)); # length - &and($count, 7); - &jz(&label("finish")); - &call(&label("PIC_point")); -&set_label("PIC_point"); - &blindpop("edx"); - &lea("ecx",&DWP(&label("cbc_enc_jmp_table")."-".&label("PIC_point"),"edx")); - &mov($count,&DWP(0,"ecx",$count,4)); - &add($count,"edx"); - &xor("ecx","ecx"); - &xor("edx","edx"); - #&mov($count,&DWP(&label("cbc_enc_jmp_table"),"",$count,4)); - &jmp_ptr($count); - -&set_label("ej7"); - &endbranch() - &movb(&HB("edx"), &BP(6,$in,"",0)); - &shl("edx",8); -&set_label("ej6"); - &endbranch() - &movb(&HB("edx"), &BP(5,$in,"",0)); -&set_label("ej5"); - &endbranch() - &movb(&LB("edx"), &BP(4,$in,"",0)); -&set_label("ej4"); - &endbranch() - &mov("ecx", &DWP(0,$in,"",0)); - &jmp(&label("ejend")); -&set_label("ej3"); - &endbranch() - &movb(&HB("ecx"), &BP(2,$in,"",0)); - &shl("ecx",8); -&set_label("ej2"); - &endbranch() - &movb(&HB("ecx"), &BP(1,$in,"",0)); -&set_label("ej1"); - &endbranch() - &movb(&LB("ecx"), &BP(0,$in,"",0)); -&set_label("ejend"); - - &xor("eax", "ecx"); - &xor("ebx", "edx"); - - &bswap("eax") if $swap; - &bswap("ebx") if $swap; - - &mov(&DWP($data_off,"esp","",0), "eax"); # put in array for call - &mov(&DWP($data_off+4,"esp","",0), "ebx"); # - - &call($enc_func); - - &mov("eax", &DWP($data_off,"esp","",0)); - &mov("ebx", &DWP($data_off+4,"esp","",0)); - - &bswap("eax") if $swap; - &bswap("ebx") if $swap; - - &mov(&DWP(0,$out,"",0),"eax"); - &mov(&DWP(4,$out,"",0),"ebx"); - - &jmp(&label("finish")); - - ############################################################# - ############################################################# - &set_label("decrypt",1); - # decrypt start - &and($count,0xfffffff8); - # The next 2 instructions are only for if the jz is taken - &mov("eax", &DWP($data_off+8,"esp","",0)); # get iv[0] - &mov("ebx", &DWP($data_off+12,"esp","",0)); # get iv[1] - &jz(&label("decrypt_finish")); - - &set_label("decrypt_loop"); - &mov("eax", &DWP(0,$in,"",0)); # load first 4 bytes - &mov("ebx", &DWP(4,$in,"",0)); # second 4 bytes - - &bswap("eax") if $swap; - &bswap("ebx") if $swap; - - &mov(&DWP($data_off,"esp","",0), "eax"); # put back - &mov(&DWP($data_off+4,"esp","",0), "ebx"); # - - &call($dec_func); - - &mov("eax", &DWP($data_off,"esp","",0)); # get return - &mov("ebx", &DWP($data_off+4,"esp","",0)); # - - &bswap("eax") if $swap; - &bswap("ebx") if $swap; - - &mov("ecx", &DWP($data_off+8,"esp","",0)); # get iv[0] - &mov("edx", &DWP($data_off+12,"esp","",0)); # get iv[1] - - &xor("ecx", "eax"); - &xor("edx", "ebx"); - - &mov("eax", &DWP(0,$in,"",0)); # get old cipher text, - &mov("ebx", &DWP(4,$in,"",0)); # next iv actually - - &mov(&DWP(0,$out,"",0),"ecx"); - &mov(&DWP(4,$out,"",0),"edx"); - - &mov(&DWP($data_off+8,"esp","",0), "eax"); # save iv - &mov(&DWP($data_off+12,"esp","",0), "ebx"); # - - &add($in, 8); - &add($out, 8); - - &sub($count, 8); - &jnz(&label("decrypt_loop")); -############################ ENDIT #######################3 - &set_label("decrypt_finish"); - &mov($count, &wparam(2)); # length - &and($count, 7); - &jz(&label("finish")); - - &mov("eax", &DWP(0,$in,"",0)); # load first 4 bytes - &mov("ebx", &DWP(4,$in,"",0)); # second 4 bytes - - &bswap("eax") if $swap; - &bswap("ebx") if $swap; - - &mov(&DWP($data_off,"esp","",0), "eax"); # put back - &mov(&DWP($data_off+4,"esp","",0), "ebx"); # - - &call($dec_func); - - &mov("eax", &DWP($data_off,"esp","",0)); # get return - &mov("ebx", &DWP($data_off+4,"esp","",0)); # - - &bswap("eax") if $swap; - &bswap("ebx") if $swap; - - &mov("ecx", &DWP($data_off+8,"esp","",0)); # get iv[0] - &mov("edx", &DWP($data_off+12,"esp","",0)); # get iv[1] - - &xor("ecx", "eax"); - &xor("edx", "ebx"); - - # this is for when we exit - &mov("eax", &DWP(0,$in,"",0)); # get old cipher text, - &mov("ebx", &DWP(4,$in,"",0)); # next iv actually - -&set_label("dj7"); - &rotr("edx", 16); - &movb(&BP(6,$out,"",0), &LB("edx")); - &shr("edx",16); -&set_label("dj6"); - &movb(&BP(5,$out,"",0), &HB("edx")); -&set_label("dj5"); - &movb(&BP(4,$out,"",0), &LB("edx")); -&set_label("dj4"); - &mov(&DWP(0,$out,"",0), "ecx"); - &jmp(&label("djend")); -&set_label("dj3"); - &rotr("ecx", 16); - &movb(&BP(2,$out,"",0), &LB("ecx")); - &shl("ecx",16); -&set_label("dj2"); - &movb(&BP(1,$in,"",0), &HB("ecx")); -&set_label("dj1"); - &movb(&BP(0,$in,"",0), &LB("ecx")); -&set_label("djend"); - - # final iv is still in eax:ebx - &jmp(&label("finish")); - - -############################ FINISH #######################3 - &set_label("finish",1); - &mov("ecx", &wparam($iv_off)); # Get iv ptr - - ################################################# - $total=16+4; - $total+=4 if ($p1 > 0); - $total+=4 if ($p2 > 0); - $total+=4 if ($p3 > 0); - &add("esp",$total); - - &mov(&DWP(0,"ecx","",0), "eax"); # save iv - &mov(&DWP(4,"ecx","",0), "ebx"); # save iv - - &function_end_A($name); - - &align(64); - &set_label("cbc_enc_jmp_table"); - &data_word("0"); - &data_word(&label("ej1")."-".&label("PIC_point")); - &data_word(&label("ej2")."-".&label("PIC_point")); - &data_word(&label("ej3")."-".&label("PIC_point")); - &data_word(&label("ej4")."-".&label("PIC_point")); - &data_word(&label("ej5")."-".&label("PIC_point")); - &data_word(&label("ej6")."-".&label("PIC_point")); - &data_word(&label("ej7")."-".&label("PIC_point")); - # not used - #&set_label("cbc_dec_jmp_table",1); - #&data_word("0"); - #&data_word(&label("dj1")."-".&label("PIC_point")); - #&data_word(&label("dj2")."-".&label("PIC_point")); - #&data_word(&label("dj3")."-".&label("PIC_point")); - #&data_word(&label("dj4")."-".&label("PIC_point")); - #&data_word(&label("dj5")."-".&label("PIC_point")); - #&data_word(&label("dj6")."-".&label("PIC_point")); - #&data_word(&label("dj7")."-".&label("PIC_point")); - &align(64); - - &function_end_B($name); - - } - -1; diff --git a/crypto/perlasm/ppc-xlate.pl b/crypto/perlasm/ppc-xlate.pl deleted file mode 100755 index 2ee444045ff96329674fa24cb8cde5f0c1798b25..0000000000000000000000000000000000000000 --- a/crypto/perlasm/ppc-xlate.pl +++ /dev/null @@ -1,421 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - -my $flavour = shift; -my $output = shift; -open STDOUT,">$output" || die "can't open $output: $!"; - -my %GLOBALS; -my %TYPES; -my $dotinlocallabels=($flavour=~/linux/)?1:0; - -################################################################ -# directives which need special treatment on different platforms -################################################################ -my $type = sub { - my ($dir,$name,$type) = @_; - - $TYPES{$name} = $type; - if ($flavour =~ /linux/) { - $name =~ s|^\.||; - ".type $name,$type"; - } else { - ""; - } -}; -my $globl = sub { - my $junk = shift; - my $name = shift; - my $global = \$GLOBALS{$name}; - my $type = \$TYPES{$name}; - my $ret; - - $name =~ s|^\.||; - - SWITCH: for ($flavour) { - /aix/ && do { if (!$$type) { - $$type = "\@function"; - } - if ($$type =~ /function/) { - $name = ".$name"; - } - last; - }; - /osx/ && do { $name = "_$name"; - last; - }; - /linux.*(32|64(le|v2))/ - && do { $ret .= ".globl $name"; - if (!$$type) { - $ret .= "\n.type $name,\@function"; - $$type = "\@function"; - } - last; - }; - /linux.*64/ && do { $ret .= ".globl $name"; - if (!$$type) { - $ret .= "\n.type $name,\@function"; - $$type = "\@function"; - } - if ($$type =~ /function/) { - $ret .= "\n.section \".opd\",\"aw\""; - $ret .= "\n.align 3"; - $ret .= "\n$name:"; - $ret .= "\n.quad .$name,.TOC.\@tocbase,0"; - $ret .= "\n.previous"; - $name = ".$name"; - } - last; - }; - } - - $ret = ".globl $name" if (!$ret); - $$global = $name; - $ret; -}; -my $text = sub { - my $ret = ($flavour =~ /aix/) ? ".csect\t.text[PR],7" : ".text"; - $ret = ".abiversion 2\n".$ret if ($flavour =~ /linux.*64(le|v2)/); - $ret; -}; -my $p2align = sub { - my $ret = ($flavour =~ /aix64-as/) ? "" : ".p2align $line"; - $ret; -}; -my $machine = sub { - my $junk = shift; - my $arch = shift; - if ($flavour =~ /osx/) - { $arch =~ s/\"//g; - $arch = ($flavour=~/64/) ? "ppc970-64" : "ppc970" if ($arch eq "any"); - } - ".machine $arch"; -}; -my $size = sub { - if ($flavour =~ /linux/) - { shift; - my $name = shift; - my $real = $GLOBALS{$name} ? \$GLOBALS{$name} : \$name; - my $ret = ".size $$real,.-$$real"; - $name =~ s|^\.||; - if ($$real ne $name) { - $ret .= "\n.size $name,.-$$real"; - } - $ret; - } - else - { ""; } -}; -my $asciz = sub { - shift; - my $line = join(",",@_); - if ($line =~ /^"(.*)"$/) - { ".byte " . join(",",unpack("C*",$1),0) . "\n.align 2"; } - else - { ""; } -}; -my $quad = sub { - shift; - my @ret; - my ($hi,$lo); - for (@_) { - if (/^0x([0-9a-f]*?)([0-9a-f]{1,8})$/io) - { $hi=$1?"0x$1":"0"; $lo="0x$2"; } - elsif (/^([0-9]+)$/o) - { $hi=$1>>32; $lo=$1&0xffffffff; } # error-prone with 32-bit perl - else - { $hi=undef; $lo=$_; } - - if (defined($hi)) - { push(@ret,$flavour=~/le$/o?".long\t$lo,$hi":".long\t$hi,$lo"); } - else - { push(@ret,".quad $lo"); } - } - join("\n",@ret); -}; - -################################################################ -# vector register number hacking -################################################################ - -# It is convenient to be able to set a variable like: -# my $foo = "v33"; -# and use this in different contexts where: -# * a VSR (Vector-Scaler Register) number (i.e. "v33") is required -# * a VR (Vector Register) number (i.e. "v1") is required -# Map VSR numbering to VR number for certain vector instructions. - -# vs -> v if N > 32 -sub vsr2vr1 { - my $in = shift; - my ($prefix, $reg) = ($in =~ m/(\D*)(\d+)/); - - my $n = int($reg); - if ($n >= 32) { - $n -= 32; - } - - return "${prefix}${n}"; -} -# As above for first $num register args, returns list -sub _vsr2vr { - my $num = shift; - my @rest = @_; - my @subst = splice(@rest, 0, $num); - - @subst = map { vsr2vr1($_); } @subst; - - return (@subst, @rest); -} -# As above but 1st arg ($f) is extracted and reinserted after -# processing so that it can be ignored by a code generation function -# that consumes the result -sub vsr2vr_args { - my $num = shift; - my $f = shift; - - my @out = _vsr2vr($num, @_); - - return ($f, @out); -} -# As above but 1st arg is mnemonic, return formatted instruction -sub vsr2vr { - my $mnemonic = shift; - my $num = shift; - my $f = shift; - - my @out = _vsr2vr($num, @_); - - " ${mnemonic}${f} " . join(",", @out); -} - -# ISA 2.03 -my $vsel = sub { vsr2vr("vsel", 4, @_); }; -my $vsl = sub { vsr2vr("vsl", 3, @_); }; -my $vspltisb = sub { vsr2vr("vspltisb", 1, @_); }; -my $vspltisw = sub { vsr2vr("vspltisw", 1, @_); }; -my $vsr = sub { vsr2vr("vsr", 3, @_); }; -my $vsro = sub { vsr2vr("vsro", 3, @_); }; - -# ISA 3.0 -my $lxsd = sub { vsr2vr("lxsd", 1, @_); }; - -################################################################ -# simplified mnemonics not handled by at least one assembler -################################################################ -my $cmplw = sub { - my $f = shift; - my $cr = 0; $cr = shift if ($#_>1); - # Some out-of-date 32-bit GNU assembler just can't handle cmplw... - ($flavour =~ /linux.*32/) ? - " .long ".sprintf "0x%x",31<<26|$cr<<23|$_[0]<<16|$_[1]<<11|64 : - " cmplw ".join(',',$cr,@_); -}; -my $bdnz = sub { - my $f = shift; - my $bo = $f=~/[\+\-]/ ? 16+9 : 16; # optional "to be taken" hint - " bc $bo,0,".shift; -} if ($flavour!~/linux/); -my $bltlr = sub { - my $f = shift; - my $bo = $f=~/\-/ ? 12+2 : 12; # optional "not to be taken" hint - ($flavour =~ /linux/) ? # GNU as doesn't allow most recent hints - " .long ".sprintf "0x%x",19<<26|$bo<<21|16<<1 : - " bclr $bo,0"; -}; -my $bnelr = sub { - my $f = shift; - my $bo = $f=~/\-/ ? 4+2 : 4; # optional "not to be taken" hint - ($flavour =~ /linux/) ? # GNU as doesn't allow most recent hints - " .long ".sprintf "0x%x",19<<26|$bo<<21|2<<16|16<<1 : - " bclr $bo,2"; -}; -my $beqlr = sub { - my $f = shift; - my $bo = $f=~/-/ ? 12+2 : 12; # optional "not to be taken" hint - ($flavour =~ /linux/) ? # GNU as doesn't allow most recent hints - " .long ".sprintf "0x%X",19<<26|$bo<<21|2<<16|16<<1 : - " bclr $bo,2"; -}; -# GNU assembler can't handle extrdi rA,rS,16,48, or when sum of last two -# arguments is 64, with "operand out of range" error. -my $extrdi = sub { - my ($f,$ra,$rs,$n,$b) = @_; - $b = ($b+$n)&63; $n = 64-$n; - " rldicl $ra,$rs,$b,$n"; -}; -my $vmr = sub { - my ($f,$vx,$vy) = @_; - " vor $vx,$vy,$vy"; -}; - -# Some ABIs specify vrsave, special-purpose register #256, as reserved -# for system use. -my $no_vrsave = ($flavour =~ /aix|linux64(le|v2)/); -my $mtspr = sub { - my ($f,$idx,$ra) = @_; - if ($idx == 256 && $no_vrsave) { - " or $ra,$ra,$ra"; - } else { - " mtspr $idx,$ra"; - } -}; -my $mfspr = sub { - my ($f,$rd,$idx) = @_; - if ($idx == 256 && $no_vrsave) { - " li $rd,-1"; - } else { - " mfspr $rd,$idx"; - } -}; - -# PowerISA 2.06 stuff -sub vsxmem_op { - my ($f, $vrt, $ra, $rb, $op) = @_; - " .long ".sprintf "0x%X",(31<<26)|($vrt<<21)|($ra<<16)|($rb<<11)|($op*2+1); -} -# made-up unaligned memory reference AltiVec/VMX instructions -my $lvx_u = sub { vsxmem_op(@_, 844); }; # lxvd2x -my $stvx_u = sub { vsxmem_op(@_, 972); }; # stxvd2x -my $lvdx_u = sub { vsxmem_op(@_, 588); }; # lxsdx -my $stvdx_u = sub { vsxmem_op(@_, 716); }; # stxsdx -my $lvx_4w = sub { vsxmem_op(@_, 780); }; # lxvw4x -my $stvx_4w = sub { vsxmem_op(@_, 908); }; # stxvw4x -my $lvx_splt = sub { vsxmem_op(@_, 332); }; # lxvdsx -# VSX instruction[s] masqueraded as made-up AltiVec/VMX -my $vpermdi = sub { # xxpermdi - my ($f, $vrt, $vra, $vrb, $dm) = @_; - $dm = oct($dm) if ($dm =~ /^0/); - " .long ".sprintf "0x%X",(60<<26)|($vrt<<21)|($vra<<16)|($vrb<<11)|($dm<<8)|(10<<3)|7; -}; - -# PowerISA 2.07 stuff -sub vcrypto_op { - my ($f, $vrt, $vra, $vrb, $op) = vsr2vr_args(3, @_); - " .long ".sprintf "0x%X",(4<<26)|($vrt<<21)|($vra<<16)|($vrb<<11)|$op; -} -sub vfour { - my ($f, $vrt, $vra, $vrb, $vrc, $op) = @_; - " .long ".sprintf "0x%X",(4<<26)|($vrt<<21)|($vra<<16)|($vrb<<11)|($vrc<<6)|$op; -}; -sub vfour_vsr { - my ($f, $vrt, $vra, $vrb, $vrc, $op) = vsr2vr_args(4, @_); - " .long ".sprintf "0x%X",(4<<26)|($vrt<<21)|($vra<<16)|($vrb<<11)|($vrc<<6)|$op; -}; - -my $vcipher = sub { vcrypto_op(@_, 1288); }; -my $vcipherlast = sub { vcrypto_op(@_, 1289); }; -my $vncipher = sub { vcrypto_op(@_, 1352); }; -my $vncipherlast= sub { vcrypto_op(@_, 1353); }; -my $vsbox = sub { vcrypto_op(@_, 0, 1480); }; -my $vshasigmad = sub { my ($st,$six)=splice(@_,-2); vcrypto_op(@_, $st<<4|$six, 1730); }; -my $vshasigmaw = sub { my ($st,$six)=splice(@_,-2); vcrypto_op(@_, $st<<4|$six, 1666); }; -my $vpmsumb = sub { vcrypto_op(@_, 1032); }; -my $vpmsumd = sub { vcrypto_op(@_, 1224); }; -my $vpmsubh = sub { vcrypto_op(@_, 1096); }; -my $vpmsumw = sub { vcrypto_op(@_, 1160); }; -# These are not really crypto, but vcrypto_op template works -my $vaddudm = sub { vcrypto_op(@_, 192); }; -my $vadduqm = sub { vcrypto_op(@_, 256); }; -my $vmuleuw = sub { vcrypto_op(@_, 648); }; -my $vmulouw = sub { vcrypto_op(@_, 136); }; -my $vrld = sub { vcrypto_op(@_, 196); }; -my $vsld = sub { vcrypto_op(@_, 1476); }; -my $vsrd = sub { vcrypto_op(@_, 1732); }; -my $vsubudm = sub { vcrypto_op(@_, 1216); }; -my $vaddcuq = sub { vcrypto_op(@_, 320); }; -my $vaddeuqm = sub { vfour_vsr(@_,60); }; -my $vaddecuq = sub { vfour_vsr(@_,61); }; -my $vmrgew = sub { vfour_vsr(@_,0,1932); }; -my $vmrgow = sub { vfour_vsr(@_,0,1676); }; - -my $mtsle = sub { - my ($f, $arg) = @_; - " .long ".sprintf "0x%X",(31<<26)|($arg<<21)|(147*2); -}; - -# VSX instructions masqueraded as AltiVec/VMX -my $mtvrd = sub { - my ($f, $vrt, $ra) = @_; - " .long ".sprintf "0x%X",(31<<26)|($vrt<<21)|($ra<<16)|(179<<1)|1; -}; -my $mtvrwz = sub { - my ($f, $vrt, $ra) = @_; - " .long ".sprintf "0x%X",(31<<26)|($vrt<<21)|($ra<<16)|(243<<1)|1; -}; -my $lvwzx_u = sub { vsxmem_op(@_, 12); }; # lxsiwzx -my $stvwx_u = sub { vsxmem_op(@_, 140); }; # stxsiwx - -# PowerISA 3.0 stuff -my $maddhdu = sub { vfour(@_,49); }; -my $maddld = sub { vfour(@_,51); }; -my $darn = sub { - my ($f, $rt, $l) = @_; - " .long ".sprintf "0x%X",(31<<26)|($rt<<21)|($l<<16)|(755<<1); -}; -my $iseleq = sub { - my ($f, $rt, $ra, $rb) = @_; - " .long ".sprintf "0x%X",(31<<26)|($rt<<21)|($ra<<16)|($rb<<11)|(2<<6)|30; -}; -# VSX instruction[s] masqueraded as made-up AltiVec/VMX -my $vspltib = sub { # xxspltib - my ($f, $vrt, $imm8) = @_; - $imm8 = oct($imm8) if ($imm8 =~ /^0/); - $imm8 &= 0xff; - " .long ".sprintf "0x%X",(60<<26)|($vrt<<21)|($imm8<<11)|(360<<1)|1; -}; - -# PowerISA 3.0B stuff -my $addex = sub { - my ($f, $rt, $ra, $rb, $cy) = @_; # only cy==0 is specified in 3.0B - " .long ".sprintf "0x%X",(31<<26)|($rt<<21)|($ra<<16)|($rb<<11)|($cy<<9)|(170<<1); -}; -my $vmsumudm = sub { vfour_vsr(@_, 35); }; - -while($line=<>) { - - $line =~ s|[#!;].*$||; # get rid of asm-style comments... - $line =~ s|/\*.*\*/||; # ... and C-style comments... - $line =~ s|^\s+||; # ... and skip whitespaces in beginning... - $line =~ s|\s+$||; # ... and at the end - - { - $line =~ s|\.L(\w+)|L$1|g; # common denominator for Locallabel - $line =~ s|\bL(\w+)|\.L$1|g if ($dotinlocallabels); - } - - { - $line =~ s|(^[\.\w]+)\:\s*||; - my $label = $1; - if ($label) { - my $xlated = ($GLOBALS{$label} or $label); - print "$xlated:"; - if ($flavour =~ /linux.*64(le|v2)/) { - if ($TYPES{$label} =~ /function/) { - printf "\n.localentry %s,0\n",$xlated; - } - } - } - } - - { - $line =~ s|^\s*(\.?)(\w+)([\.\+\-]?)\s*||; - my $c = $1; $c = "\t" if ($c eq ""); - my $mnemonic = $2; - my $f = $3; - my $opcode = eval("\$$mnemonic"); - $line =~ s/\b(c?[rf]|v|vs)([0-9]+)\b/$2/g if ($c ne "." and $flavour !~ /osx/); - if (ref($opcode) eq 'CODE') { $line = &$opcode($f,split(/,\s*/,$line)); } - elsif ($mnemonic) { $line = $c.$mnemonic.$f."\t".$line; } - } - - print $line if ($line); - print "\n"; -} - -close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/perlasm/s390x.pm b/crypto/perlasm/s390x.pm deleted file mode 100644 index dbf48426813cb4e2ff0469957b47a8207fe6881c..0000000000000000000000000000000000000000 --- a/crypto/perlasm/s390x.pm +++ /dev/null @@ -1,3175 +0,0 @@ -#!/usr/bin/env perl -# Copyright 2018-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - -# Copyright IBM Corp. 2018-2019 -# Author: Patrick Steuer - -package perlasm::s390x; - -use strict; -use warnings; -use bigint; -use Carp qw(confess); -use Exporter qw(import); - -our @EXPORT=qw(PERLASM_BEGIN PERLASM_END); -our @EXPORT_OK=qw(AUTOLOAD LABEL INCLUDE stfle stck); -our %EXPORT_TAGS=( - # store-clock-fast facility - SCF => [qw(stckf)], - # general-instruction-extension facility - GE => [qw(risbg)], - # extended-immediate facility - EI => [qw(clfi clgfi lt)], - # miscellaneous-instruction-extensions facility 1 - MI1 => [qw(risbgn)], - # message-security assist - MSA => [qw(kmac km kmc kimd klmd)], - # message-security-assist extension 4 - MSA4 => [qw(kmf kmo pcc kmctr)], - # message-security-assist extension 5 - MSA5 => [qw(ppno prno)], - # message-security-assist extension 8 - MSA8 => [qw(kma)], - # message-security-assist extension 9 - MSA9 => [qw(kdsa)], - # vector facility - VX => [qw(vgef vgeg vgbm vzero vone vgm vgmb vgmh vgmf vgmg - vl vlr vlrep vlrepb vlreph vlrepf vlrepg vleb vleh vlef vleg vleib - vleih vleif vleig vlgv vlgvb vlgvh vlgvf vlgvg vllez vllezb vllezh - vllezf vllezg vlm vlbb vlvg vlvgb vlvgh vlvgf vlvgg vlvgp - vll vmrh vmrhb vmrhh vmrhf vmrhg vmrl vmrlb vmrlh vmrlf vmrlg vpk - vpkh vpkf vpkg vpks vpksh vpksf vpksg vpkshs vpksfs vpksgs vpkls - vpklsh vpklsf vpklsg vpklshs vpklsfs vpklsgs vperm vpdi vrep vrepb - vreph vrepf vrepg vrepi vrepib vrepih vrepif vrepig vscef vsceg - vsel vseg vsegb vsegh vsegf vst vsteb vsteh vstef vsteg vstm vstl - vuph vuphb vuphh vuphf vuplh vuplhb vuplhh vuplhf vupl vuplb vuplhw - vuplf vupll vupllb vupllh vupllf va vab vah vaf vag vaq vacc vaccb - vacch vaccf vaccg vaccq vac vacq vaccc vacccq vn vnc vavg vavgb - vavgh vavgf vavgg vavgl vavglb vavglh vavglf vavglg vcksm vec_ vecb - vech vecf vecg vecl veclb veclh veclf veclg vceq vceqb vceqh vceqf - vceqg vceqbs vceqhs vceqfs vceqgs vch vchb vchh vchf vchg vchbs - vchhs vchfs vchgs vchl vchlb vchlh vchlf vchlg vchlbs vchlhs vchlfs - vchlgs vclz vclzb vclzh vclzf vclzg vctz vctzb vctzh vctzf vctzg - vx vgfm vgfmb vgfmh vgfmf vgfmg vgfma vgfmab vgfmah vgfmaf vgfmag - vlc vlcb vlch vlcf vlcg vlp vlpb vlph vlpf vlpg vmx vmxb vmxh vmxf - vmxg vmxl vmxlb vmxlh vmxlf vmxlg vmn vmnb vmnh vmnf vmng vmnl - vmnlb vmnlh vmnlf vmnlg vmal vmalb vmalhw vmalf vmah vmahb vmahh - vmahf vmalh vmalhb vmalhh vmalhf vmae vmaeb vmaeh vmaef vmale - vmaleb vmaleh vmalef vmao vmaob vmaoh vmaof vmalo vmalob vmaloh - vmalof vmh vmhb vmhh vmhf vmlh vmlhb vmlhh vmlhf vml vmlb vmlhw - vmlf vme vmeb vmeh vmef vmle vmleb vmleh vmlef vmo vmob vmoh vmof - vmlo vmlob vmloh vmlof vno vnot vo vpopct verllv verllvb verllvh - verllvf verllvg verll verllb verllh verllf verllg verim verimb - verimh verimf verimg veslv veslvb veslvh veslvf veslvg vesl veslb - veslh veslf veslg vesrav vesravb vesravh vesravf vesravg vesra - vesrab vesrah vesraf vesrag vesrlv vesrlvb vesrlvh vesrlvf vesrlvg - vesrl vesrlb vesrlh vesrlf vesrlg vsl vslb vsldb vsra vsrab vsrl - vsrlb vs vsb vsh vsf vsg vsq vscbi vscbib vscbih vscbif vscbig - vscbiq vsbi vsbiq vsbcbi vsbcbiq vsumg vsumgh vsumgf vsumq vsumqf - vsumqg vsum vsumb vsumh vtm vfae vfaeb vfaeh vfaef vfaebs vfaehs - vfaefs vfaezb vfaezh vfaezf vfaezbs vfaezhs vfaezfs vfee vfeeb - vfeeh vfeef vfeebs vfeehs vfeefs vfeezb vfeezh vfeezf vfeezbs - vfeezhs vfeezfs vfene vfeneb vfeneh vfenef vfenebs vfenehs vfenefs - vfenezb vfenezh vfenezf vfenezbs vfenezhs vfenezfs vistr vistrb - vistrh vistrf vistrbs vistrhs vistrfs vstrc vstrcb vstrch vstrcf - vstrcbs vstrchs vstrcfs vstrczb vstrczh vstrczf vstrczbs vstrczhs - vstrczfs vfa vfadb wfadb wfc wfcdb wfk wfkdb vfce vfcedb wfcedb - vfcedbs wfcedbs vfch vfchdb wfchdb vfchdbs wfchdbs vfche vfchedb - wfchedb vfchedbs wfchedbs vcdg vcdgb wcdgb vcdlg vcdlgb wcdlgb vcgd - vcgdb wcgdb vclgd vclgdb wclgdb vfd vfddb wfddb vfi vfidb wfidb - vlde vldeb wldeb vled vledb wledb vfm vfmdb wfmdb vfma vfmadb - wfmadb vfms vfmsdb wfmsdb vfpso vfpsodb wfpsodb vflcdb wflcdb - vflndb wflndb vflpdb wflpdb vfsq vfsqdb wfsqdb vfs vfsdb wfsdb - vftci vftcidb wftcidb)], - # vector-enhancements facility 1 - VXE => [qw(vbperm vllezlf vmsl vmslg vnx vnn voc vpopctb vpopcth - vpopctf vpopctg vfasb wfasb wfaxb wfcsb wfcxb wfksb wfkxb vfcesb - vfcesbs wfcesb wfcesbs wfcexb wfcexbs vfchsb vfchsbs wfchsb wfchsbs - wfchxb wfchxbs vfchesb vfchesbs wfchesb wfchesbs wfchexb wfchexbs - vfdsb wfdsb wfdxb vfisb wfisb wfixb vfll vflls wflls wflld vflr - vflrd wflrd wflrx vfmax vfmaxsb vfmaxdb wfmaxsb wfmaxdb wfmaxxb - vfmin vfminsb vfmindb wfminsb wfmindb wfminxb vfmsb wfmsb wfmxb - vfnma vfnms vfmasb wfmasb wfmaxb vfmssb wfmssb wfmsxb vfnmasb - vfnmadb wfnmasb wfnmadb wfnmaxb vfnmssb vfnmsdb wfnmssb wfnmsdb - wfnmsxb vfpsosb wfpsosb vflcsb wflcsb vflnsb wflnsb vflpsb wflpsb - vfpsoxb wfpsoxb vflcxb wflcxb vflnxb wflnxb vflpxb wflpxb vfsqsb - wfsqsb wfsqxb vfssb wfssb wfsxb vftcisb wftcisb wftcixb)], - # vector-packed-decimal facility - VXD => [qw(vlrlr vlrl vstrlr vstrl vap vcp vcvb vcvbg vcvd vcvdg vdp - vlip vmp vmsp vpkz vpsop vrp vsdp vsrp vsp vtp vupkz)], -); -Exporter::export_ok_tags(qw(SCF GE EI MI1 MSA MSA4 MSA5 MSA8 MSA9 VX VXE VXD)); - -our $AUTOLOAD; - -my $GR='(?:%r)?([0-9]|1[0-5])'; -my $VR='(?:%v)?([0-9]|1[0-9]|2[0-9]|3[0-1])'; - -my ($file,$out); - -sub PERLASM_BEGIN -{ - ($file,$out)=(shift,""); -} -sub PERLASM_END -{ - if (defined($file)) { - open(my $fd,'>',$file)||die("can't open $file: $!"); - print({$fd}$out); - close($fd); - } else { - print($out); - } -} - -sub AUTOLOAD { - confess(err("PARSE")) if (grep(!defined($_),@_)); - my $token; - for ($AUTOLOAD) { - $token=lc(".$1") if (/^.*::([A-Z_]+)$/);# uppercase: directive - $token="\t$1" if (/^.*::([a-z]+)$/); # lowercase: mnemonic - confess(err("PARSE")) if (!defined($token)); - } - $token.="\t" if ($#_>=0); - $out.=$token.join(',',@_)."\n"; -} - -sub LABEL { # label directive - confess(err("ARGNUM")) if ($#_!=0); - my ($label)=@_; - $out.="$label:\n"; -} - -sub INCLUDE { - confess(err("ARGNUM")) if ($#_!=0); - my ($file)=@_; - $out.="#include \"$file\"\n"; -} - -# -# Mnemonics -# - -sub stfle { - confess(err("ARGNUM")) if ($#_!=0); - S(0xb2b0,@_); -} - -sub stck { - confess(err("ARGNUM")) if ($#_!=0); - S(0xb205,@_); -} - -# store-clock-fast facility - -sub stckf { - confess(err("ARGNUM")) if ($#_!=0); - S(0xb27c,@_); -} - -# extended-immediate facility - -sub clfi { - confess(err("ARGNUM")) if ($#_!=1); - RILa(0xc2f,@_); -} - -sub clgfi { - confess(err("ARGNUM")) if ($#_!=1); - RILa(0xc2e,@_); -} - -sub lt { - confess(err("ARGNUM")) if ($#_!=1); - RXYa(0xe312,@_); -} - -# general-instruction-extension facility - -sub risbg { - confess(err("ARGNUM")) if ($#_<3||$#_>4); - RIEf(0xec55,@_); -} - -# miscellaneous-instruction-extensions facility 1 - -sub risbgn { - confess(err("ARGNUM")) if ($#_<3||$#_>4); - RIEf(0xec59,@_); -} - -# MSA - -sub kmac { - confess(err("ARGNUM")) if ($#_!=1); - RRE(0xb91e,@_); -} - -sub km { - confess(err("ARGNUM")) if ($#_!=1); - RRE(0xb92e,@_); -} - -sub kmc { - confess(err("ARGNUM")) if ($#_!=1); - RRE(0xb92f,@_); -} - -sub kimd { - confess(err("ARGNUM")) if ($#_!=1); - RRE(0xb93e,@_); -} - -sub klmd { - confess(err("ARGNUM")) if ($#_!=1); - RRE(0xb93f,@_); -} - -# MSA4 - -sub kmf { - confess(err("ARGNUM")) if ($#_!=1); - RRE(0xb92a,@_); -} - -sub kmo { - confess(err("ARGNUM")) if ($#_!=1); - RRE(0xb92b,@_); -} - -sub pcc { - confess(err("ARGNUM")) if ($#_!=-1); - RRE(0xb92c,@_); -} - -sub kmctr { - confess(err("ARGNUM")) if ($#_!=2); - RRFb(0xb92d,@_); -} - -# MSA5 - -sub prno { - ppno(@_); -} - -sub ppno { # deprecated, use prno - confess(err("ARGNUM")) if ($#_!=1); - RRE(0xb93c,@_); -} - -# MSA8 - -sub kma { - confess(err("ARGNUM")) if ($#_!=2); - RRFb(0xb929,@_); -} - -# MSA9 - -sub kdsa { - confess(err("ARGNUM")) if ($#_!=1); - RRE(0xb93a,@_); -} - -# VX - Support Instructions - -sub vgef { - confess(err("ARGNUM")) if ($#_!=2); - VRV(0xe713,@_); -} -sub vgeg { - confess(err("ARGNUM")) if ($#_!=2); - VRV(0xe712,@_); -} - -sub vgbm { - confess(err("ARGNUM")) if ($#_!=1); - VRIa(0xe744,@_); -} -sub vzero { - vgbm(@_,0); -} -sub vone { - vgbm(@_,0xffff); -} - -sub vgm { - confess(err("ARGNUM")) if ($#_!=3); - VRIb(0xe746,@_); -} -sub vgmb { - vgm(@_,0); -} -sub vgmh { - vgm(@_,1); -} -sub vgmf { - vgm(@_,2); -} -sub vgmg { - vgm(@_,3); -} - -sub vl { - confess(err("ARGNUM")) if ($#_<1||$#_>2); - VRX(0xe706,@_); -} - -sub vlr { - confess(err("ARGNUM")) if ($#_!=1); - VRRa(0xe756,@_); -} - -sub vlrep { - confess(err("ARGNUM")) if ($#_!=2); - VRX(0xe705,@_); -} -sub vlrepb { - vlrep(@_,0); -} -sub vlreph { - vlrep(@_,1); -} -sub vlrepf { - vlrep(@_,2); -} -sub vlrepg { - vlrep(@_,3); -} - -sub vleb { - confess(err("ARGNUM")) if ($#_!=2); - VRX(0xe700,@_); -} -sub vleh { - confess(err("ARGNUM")) if ($#_!=2); - VRX(0xe701,@_); -} -sub vlef { - confess(err("ARGNUM")) if ($#_!=2); - VRX(0xe703,@_); -} -sub vleg { - confess(err("ARGNUM")) if ($#_!=2); - VRX(0xe702,@_); -} - -sub vleib { - confess(err("ARGNUM")) if ($#_!=2); - VRIa(0xe740,@_); -} -sub vleih { - confess(err("ARGNUM")) if ($#_!=2); - VRIa(0xe741,@_); -} -sub vleif { - confess(err("ARGNUM")) if ($#_!=2); - VRIa(0xe743,@_); -} -sub vleig { - confess(err("ARGNUM")) if ($#_!=2); - VRIa(0xe742,@_); -} - -sub vlgv { - confess(err("ARGNUM")) if ($#_!=3); - VRSc(0xe721,@_); -} -sub vlgvb { - vlgv(@_,0); -} -sub vlgvh { - vlgv(@_,1); -} -sub vlgvf { - vlgv(@_,2); -} -sub vlgvg { - vlgv(@_,3); -} - -sub vllez { - confess(err("ARGNUM")) if ($#_!=2); - VRX(0xe704,@_); -} -sub vllezb { - vllez(@_,0); -} -sub vllezh { - vllez(@_,1); -} -sub vllezf { - vllez(@_,2); -} -sub vllezg { - vllez(@_,3); -} - -sub vlm { - confess(err("ARGNUM")) if ($#_<2||$#_>3); - VRSa(0xe736,@_); -} - -sub vlbb { - confess(err("ARGNUM")) if ($#_!=2); - VRX(0xe707,@_); -} - -sub vlvg { - confess(err("ARGNUM")) if ($#_!=3); - VRSb(0xe722,@_); -} -sub vlvgb { - vlvg(@_,0); -} -sub vlvgh { - vlvg(@_,1); -} -sub vlvgf { - vlvg(@_,2); -} -sub vlvgg { - vlvg(@_,3); -} - -sub vlvgp { - confess(err("ARGNUM")) if ($#_!=2); - VRRf(0xe762,@_); -} - -sub vll { - confess(err("ARGNUM")) if ($#_!=2); - VRSb(0xe737,@_); -} - -sub vmrh { - confess(err("ARGNUM")) if ($#_!=3); - VRRc(0xe761,@_); -} -sub vmrhb { - vmrh(@_,0); -} -sub vmrhh { - vmrh(@_,1); -} -sub vmrhf { - vmrh(@_,2); -} -sub vmrhg { - vmrh(@_,3); -} - -sub vmrl { - confess(err("ARGNUM")) if ($#_!=3); - VRRc(0xe760,@_); -} -sub vmrlb { - vmrl(@_,0); -} -sub vmrlh { - vmrl(@_,1); -} -sub vmrlf { - vmrl(@_,2); -} -sub vmrlg { - vmrl(@_,3); -} - -sub vpk { - confess(err("ARGNUM")) if ($#_!=3); - VRRc(0xe794,@_); -} -sub vpkh { - vpk(@_,1); -} -sub vpkf { - vpk(@_,2); -} -sub vpkg { - vpk(@_,3); -} - -sub vpks { - confess(err("ARGNUM")) if ($#_!=4); - VRRb(0xe797,@_); -} -sub vpksh { - vpks(@_,1,0); -} -sub vpksf { - vpks(@_,2,0); -} -sub vpksg { - vpks(@_,3,0); -} -sub vpkshs { - vpks(@_,1,1); -} -sub vpksfs { - vpks(@_,2,1); -} -sub vpksgs { - vpks(@_,3,1); -} - -sub vpkls { - confess(err("ARGNUM")) if ($#_!=4); - VRRb(0xe795,@_); -} -sub vpklsh { - vpkls(@_,1,0); -} -sub vpklsf { - vpkls(@_,2,0); -} -sub vpklsg { - vpkls(@_,3,0); -} -sub vpklshs { - vpkls(@_,1,1); -} -sub vpklsfs { - vpkls(@_,2,1); -} -sub vpklsgs { - vpkls(@_,3,1); -} - -sub vperm { - confess(err("ARGNUM")) if ($#_!=3); - VRRe(0xe78c,@_); -} - -sub vpdi { - confess(err("ARGNUM")) if ($#_!=3); - VRRc(0xe784,@_); -} - -sub vrep { - confess(err("ARGNUM")) if ($#_!=3); - VRIc(0xe74d,@_); -} -sub vrepb { - vrep(@_,0); -} -sub vreph { - vrep(@_,1); -} -sub vrepf { - vrep(@_,2); -} -sub vrepg { - vrep(@_,3); -} - -sub vrepi { - confess(err("ARGNUM")) if ($#_!=2); - VRIa(0xe745,@_); -} -sub vrepib { - vrepi(@_,0); -} -sub vrepih { - vrepi(@_,1); -} -sub vrepif { - vrepi(@_,2); -} -sub vrepig { - vrepi(@_,3); -} - -sub vscef { - confess(err("ARGNUM")) if ($#_!=2); - VRV(0xe71b,@_); -} -sub vsceg { - confess(err("ARGNUM")) if ($#_!=2); - VRV(0xe71a,@_); -} - -sub vsel { - confess(err("ARGNUM")) if ($#_!=3); - VRRe(0xe78d,@_); -} - -sub vseg { - confess(err("ARGNUM")) if ($#_!=2); - VRRa(0xe75f,@_); -} -sub vsegb { - vseg(@_,0); -} -sub vsegh { - vseg(@_,1); -} -sub vsegf { - vseg(@_,2); -} - -sub vst { - confess(err("ARGNUM")) if ($#_<1||$#_>2); - VRX(0xe70e,@_); -} - -sub vsteb { - confess(err("ARGNUM")) if ($#_!=2); - VRX(0xe708,@_); -} -sub vsteh { - confess(err("ARGNUM")) if ($#_!=2); - VRX(0xe709,@_); -} -sub vstef { - confess(err("ARGNUM")) if ($#_!=2); - VRX(0xe70b,@_); -} -sub vsteg { - confess(err("ARGNUM")) if ($#_!=2); - VRX(0xe70a,@_); -} - -sub vstm { - confess(err("ARGNUM")) if ($#_<2||$#_>3); - VRSa(0xe73e,@_); -} - -sub vstl { - confess(err("ARGNUM")) if ($#_!=2); - VRSb(0xe73f,@_); -} - -sub vuph { - confess(err("ARGNUM")) if ($#_!=2); - VRRa(0xe7d7,@_); -} -sub vuphb { - vuph(@_,0); -} -sub vuphh { - vuph(@_,1); -} -sub vuphf { - vuph(@_,2); -} - -sub vuplh { - confess(err("ARGNUM")) if ($#_!=2); - VRRa(0xe7d5,@_); -} -sub vuplhb { - vuplh(@_,0); -} -sub vuplhh { - vuplh(@_,1); -} -sub vuplhf { - vuplh(@_,2); -} - -sub vupl { - confess(err("ARGNUM")) if ($#_!=2); - VRRa(0xe7d6,@_); -} -sub vuplb { - vupl(@_,0); -} -sub vuplhw { - vupl(@_,1); -} -sub vuplf { - vupl(@_,2); -} - -sub vupll { - confess(err("ARGNUM")) if ($#_!=2); - VRRa(0xe7d4,@_); -} -sub vupllb { - vupll(@_,0); -} -sub vupllh { - vupll(@_,1); -} -sub vupllf { - vupll(@_,2); -} - -# VX - Integer Instructions - -sub va { - confess(err("ARGNUM")) if ($#_!=3); - VRRc(0xe7f3,@_); -} -sub vab { - va(@_,0); -} -sub vah { - va(@_,1); -} -sub vaf { - va(@_,2); -} -sub vag { - va(@_,3); -} -sub vaq { - va(@_,4); -} - -sub vacc { - confess(err("ARGNUM")) if ($#_!=3); - VRRc(0xe7f1,@_); -} -sub vaccb { - vacc(@_,0); -} -sub vacch { - vacc(@_,1); -} -sub vaccf { - vacc(@_,2); -} -sub vaccg { - vacc(@_,3); -} -sub vaccq { - vacc(@_,4); -} - -sub vac { - confess(err("ARGNUM")) if ($#_!=4); - VRRd(0xe7bb,@_); -} -sub vacq { - vac(@_,4); -} - -sub vaccc { - confess(err("ARGNUM")) if ($#_!=4); - VRRd(0xe7b9,@_); -} -sub vacccq { - vaccc(@_,4); -} - -sub vn { - confess(err("ARGNUM")) if ($#_!=2); - VRRc(0xe768,@_); -} - -sub vnc { - confess(err("ARGNUM")) if ($#_!=2); - VRRc(0xe769,@_); -} - -sub vavg { - confess(err("ARGNUM")) if ($#_!=3); - VRRc(0xe7f2,@_); -} -sub vavgb { - vavg(@_,0); -} -sub vavgh { - vavg(@_,1); -} -sub vavgf { - vavg(@_,2); -} -sub vavgg { - vavg(@_,3); -} - -sub vavgl { - confess(err("ARGNUM")) if ($#_!=3); - VRRc(0xe7f0,@_); -} -sub vavglb { - vavgl(@_,0); -} -sub vavglh { - vavgl(@_,1); -} -sub vavglf { - vavgl(@_,2); -} -sub vavglg { - vavgl(@_,3); -} - -sub vcksm { - confess(err("ARGNUM")) if ($#_!=2); - VRRc(0xe766,@_); -} - -sub vec_ { - confess(err("ARGNUM")) if ($#_!=2); - VRRa(0xe7db,@_); -} -sub vecb { - vec_(@_,0); -} -sub vech { - vec_(@_,1); -} -sub vecf { - vec_(@_,2); -} -sub vecg { - vec_(@_,3); -} - -sub vecl { - confess(err("ARGNUM")) if ($#_!=2); - VRRa(0xe7d9,@_); -} -sub veclb { - vecl(@_,0); -} -sub veclh { - vecl(@_,1); -} -sub veclf { - vecl(@_,2); -} -sub veclg { - vecl(@_,3); -} - -sub vceq { - confess(err("ARGNUM")) if ($#_!=4); - VRRb(0xe7f8,@_); -} -sub vceqb { - vceq(@_,0,0); -} -sub vceqh { - vceq(@_,1,0); -} -sub vceqf { - vceq(@_,2,0); -} -sub vceqg { - vceq(@_,3,0); -} -sub vceqbs { - vceq(@_,0,1); -} -sub vceqhs { - vceq(@_,1,1); -} -sub vceqfs { - vceq(@_,2,1); -} -sub vceqgs { - vceq(@_,3,1); -} - -sub vch { - confess(err("ARGNUM")) if ($#_!=4); - VRRb(0xe7fb,@_); -} -sub vchb { - vch(@_,0,0); -} -sub vchh { - vch(@_,1,0); -} -sub vchf { - vch(@_,2,0); -} -sub vchg { - vch(@_,3,0); -} -sub vchbs { - vch(@_,0,1); -} -sub vchhs { - vch(@_,1,1); -} -sub vchfs { - vch(@_,2,1); -} -sub vchgs { - vch(@_,3,1); -} - -sub vchl { - confess(err("ARGNUM")) if ($#_!=4); - VRRb(0xe7f9,@_); -} -sub vchlb { - vchl(@_,0,0); -} -sub vchlh { - vchl(@_,1,0); -} -sub vchlf { - vchl(@_,2,0); -} -sub vchlg { - vchl(@_,3,0); -} -sub vchlbs { - vchl(@_,0,1); -} -sub vchlhs { - vchl(@_,1,1); -} -sub vchlfs { - vchl(@_,2,1); -} -sub vchlgs { - vchl(@_,3,1); -} - -sub vclz { - confess(err("ARGNUM")) if ($#_!=2); - VRRa(0xe753,@_); -} -sub vclzb { - vclz(@_,0); -} -sub vclzh { - vclz(@_,1); -} -sub vclzf { - vclz(@_,2); -} -sub vclzg { - vclz(@_,3); -} - -sub vctz { - confess(err("ARGNUM")) if ($#_!=2); - VRRa(0xe752,@_); -} -sub vctzb { - vctz(@_,0); -} -sub vctzh { - vctz(@_,1); -} -sub vctzf { - vctz(@_,2); -} -sub vctzg { - vctz(@_,3); -} - -sub vx { - confess(err("ARGNUM")) if ($#_!=2); - VRRc(0xe76d,@_); -} - -sub vgfm { - confess(err("ARGNUM")) if ($#_!=3); - VRRc(0xe7b4,@_); -} -sub vgfmb { - vgfm(@_,0); -} -sub vgfmh { - vgfm(@_,1); -} -sub vgfmf { - vgfm(@_,2); -} -sub vgfmg { - vgfm(@_,3); -} - -sub vgfma { - confess(err("ARGNUM")) if ($#_!=4); - VRRd(0xe7bc,@_); -} -sub vgfmab { - vgfma(@_,0); -} -sub vgfmah { - vgfma(@_,1); -} -sub vgfmaf { - vgfma(@_,2); -} -sub vgfmag { - vgfma(@_,3); -} - -sub vlc { - confess(err("ARGNUM")) if ($#_!=2); - VRRa(0xe7de,@_); -} -sub vlcb { - vlc(@_,0); -} -sub vlch { - vlc(@_,1); -} -sub vlcf { - vlc(@_,2); -} -sub vlcg { - vlc(@_,3); -} - -sub vlp { - confess(err("ARGNUM")) if ($#_!=2); - VRRa(0xe7df,@_); -} -sub vlpb { - vlp(@_,0); -} -sub vlph { - vlp(@_,1); -} -sub vlpf { - vlp(@_,2); -} -sub vlpg { - vlp(@_,3); -} - -sub vmx { - confess(err("ARGNUM")) if ($#_!=3); - VRRc(0xe7ff,@_); -} -sub vmxb { - vmx(@_,0); -} -sub vmxh { - vmx(@_,1); -} -sub vmxf { - vmx(@_,2); -} -sub vmxg { - vmx(@_,3); -} - -sub vmxl { - confess(err("ARGNUM")) if ($#_!=3); - VRRc(0xe7fd,@_); -} -sub vmxlb { - vmxl(@_,0); -} -sub vmxlh { - vmxl(@_,1); -} -sub vmxlf { - vmxl(@_,2); -} -sub vmxlg { - vmxl(@_,3); -} - -sub vmn { - confess(err("ARGNUM")) if ($#_!=3); - VRRc(0xe7fe,@_); -} -sub vmnb { - vmn(@_,0); -} -sub vmnh { - vmn(@_,1); -} -sub vmnf { - vmn(@_,2); -} -sub vmng { - vmn(@_,3); -} - -sub vmnl { - confess(err("ARGNUM")) if ($#_!=3); - VRRc(0xe7fc,@_); -} -sub vmnlb { - vmnl(@_,0); -} -sub vmnlh { - vmnl(@_,1); -} -sub vmnlf { - vmnl(@_,2); -} -sub vmnlg { - vmnl(@_,3); -} - -sub vmal { - confess(err("ARGNUM")) if ($#_!=4); - VRRd(0xe7aa,@_); -} -sub vmalb { - vmal(@_,0); -} -sub vmalhw { - vmal(@_,1); -} -sub vmalf { - vmal(@_,2); -} - -sub vmah { - confess(err("ARGNUM")) if ($#_!=4); - VRRd(0xe7ab,@_); -} -sub vmahb { - vmah(@_,0); -} -sub vmahh { - vmah(@_,1); -} -sub vmahf { - vmah(@_,2); -} - -sub vmalh { - confess(err("ARGNUM")) if ($#_!=4); - VRRd(0xe7a9,@_); -} -sub vmalhb { - vmalh(@_,0); -} -sub vmalhh { - vmalh(@_,1); -} -sub vmalhf { - vmalh(@_,2); -} - -sub vmae { - confess(err("ARGNUM")) if ($#_!=4); - VRRd(0xe7ae,@_); -} -sub vmaeb { - vmae(@_,0); -} -sub vmaeh { - vmae(@_,1); -} -sub vmaef { - vmae(@_,2); -} - -sub vmale { - confess(err("ARGNUM")) if ($#_!=4); - VRRd(0xe7ac,@_); -} -sub vmaleb { - vmale(@_,0); -} -sub vmaleh { - vmale(@_,1); -} -sub vmalef { - vmale(@_,2); -} - -sub vmao { - confess(err("ARGNUM")) if ($#_!=4); - VRRd(0xe7af,@_); -} -sub vmaob { - vmao(@_,0); -} -sub vmaoh { - vmao(@_,1); -} -sub vmaof { - vmao(@_,2); -} - -sub vmalo { - confess(err("ARGNUM")) if ($#_!=4); - VRRd(0xe7ad,@_); -} -sub vmalob { - vmalo(@_,0); -} -sub vmaloh { - vmalo(@_,1); -} -sub vmalof { - vmalo(@_,2); -} - -sub vmh { - confess(err("ARGNUM")) if ($#_!=3); - VRRc(0xe7a3,@_); -} -sub vmhb { - vmh(@_,0); -} -sub vmhh { - vmh(@_,1); -} -sub vmhf { - vmh(@_,2); -} - -sub vmlh { - confess(err("ARGNUM")) if ($#_!=3); - VRRc(0xe7a1,@_); -} -sub vmlhb { - vmlh(@_,0); -} -sub vmlhh { - vmlh(@_,1); -} -sub vmlhf { - vmlh(@_,2); -} - -sub vml { - confess(err("ARGNUM")) if ($#_!=3); - VRRc(0xe7a2,@_); -} -sub vmlb { - vml(@_,0); -} -sub vmlhw { - vml(@_,1); -} -sub vmlf { - vml(@_,2); -} - -sub vme { - confess(err("ARGNUM")) if ($#_!=3); - VRRc(0xe7a6,@_); -} -sub vmeb { - vme(@_,0); -} -sub vmeh { - vme(@_,1); -} -sub vmef { - vme(@_,2); -} - -sub vmle { - confess(err("ARGNUM")) if ($#_!=3); - VRRc(0xe7a4,@_); -} -sub vmleb { - vmle(@_,0); -} -sub vmleh { - vmle(@_,1); -} -sub vmlef { - vmle(@_,2); -} - -sub vmo { - confess(err("ARGNUM")) if ($#_!=3); - VRRc(0xe7a7,@_); -} -sub vmob { - vmo(@_,0); -} -sub vmoh { - vmo(@_,1); -} -sub vmof { - vmo(@_,2); -} - -sub vmlo { - confess(err("ARGNUM")) if ($#_!=3); - VRRc(0xe7a5,@_); -} -sub vmlob { - vmlo(@_,0); -} -sub vmloh { - vmlo(@_,1); -} -sub vmlof { - vmlo(@_,2); -} - -sub vno { - confess(err("ARGNUM")) if ($#_!=2); - VRRc(0xe76b,@_); -} -sub vnot { - vno(@_,$_[1]); -} - -sub vo { - confess(err("ARGNUM")) if ($#_!=2); - VRRc(0xe76a,@_); -} - -sub vpopct { - confess(err("ARGNUM")) if ($#_!=2); - VRRa(0xe750,@_); -} - -sub verllv { - confess(err("ARGNUM")) if ($#_!=3); - VRRc(0xe773,@_); -} -sub verllvb { - verllv(@_,0); -} -sub verllvh { - verllv(@_,1); -} -sub verllvf { - verllv(@_,2); -} -sub verllvg { - verllv(@_,3); -} - -sub verll { - confess(err("ARGNUM")) if ($#_!=3); - VRSa(0xe733,@_); -} -sub verllb { - verll(@_,0); -} -sub verllh { - verll(@_,1); -} -sub verllf { - verll(@_,2); -} -sub verllg { - verll(@_,3); -} - -sub verim { - confess(err("ARGNUM")) if ($#_!=4); - VRId(0xe772,@_); -} -sub verimb { - verim(@_,0); -} -sub verimh { - verim(@_,1); -} -sub verimf { - verim(@_,2); -} -sub verimg { - verim(@_,3); -} - -sub veslv { - confess(err("ARGNUM")) if ($#_!=3); - VRRc(0xe770,@_); -} -sub veslvb { - veslv(@_,0); -} -sub veslvh { - veslv(@_,1); -} -sub veslvf { - veslv(@_,2); -} -sub veslvg { - veslv(@_,3); -} - -sub vesl { - confess(err("ARGNUM")) if ($#_!=3); - VRSa(0xe730,@_); -} -sub veslb { - vesl(@_,0); -} -sub veslh { - vesl(@_,1); -} -sub veslf { - vesl(@_,2); -} -sub veslg { - vesl(@_,3); -} - -sub vesrav { - confess(err("ARGNUM")) if ($#_!=3); - VRRc(0xe77a,@_); -} -sub vesravb { - vesrav(@_,0); -} -sub vesravh { - vesrav(@_,1); -} -sub vesravf { - vesrav(@_,2); -} -sub vesravg { - vesrav(@_,3); -} - -sub vesra { - confess(err("ARGNUM")) if ($#_!=3); - VRSa(0xe73a,@_); -} -sub vesrab { - vesra(@_,0); -} -sub vesrah { - vesra(@_,1); -} -sub vesraf { - vesra(@_,2); -} -sub vesrag { - vesra(@_,3); -} - -sub vesrlv { - confess(err("ARGNUM")) if ($#_!=3); - VRRc(0xe778,@_); -} -sub vesrlvb { - vesrlv(@_,0); -} -sub vesrlvh { - vesrlv(@_,1); -} -sub vesrlvf { - vesrlv(@_,2); -} -sub vesrlvg { - vesrlv(@_,3); -} - -sub vesrl { - confess(err("ARGNUM")) if ($#_!=3); - VRSa(0xe738,@_); -} -sub vesrlb { - vesrl(@_,0); -} -sub vesrlh { - vesrl(@_,1); -} -sub vesrlf { - vesrl(@_,2); -} -sub vesrlg { - vesrl(@_,3); -} - -sub vsl { - confess(err("ARGNUM")) if ($#_!=2); - VRRc(0xe774,@_); -} - -sub vslb { - confess(err("ARGNUM")) if ($#_!=2); - VRRc(0xe775,@_); -} - -sub vsldb { - confess(err("ARGNUM")) if ($#_!=3); - VRId(0xe777,@_); -} - -sub vsra { - confess(err("ARGNUM")) if ($#_!=2); - VRRc(0xe77e,@_); -} - -sub vsrab { - confess(err("ARGNUM")) if ($#_!=2); - VRRc(0xe77f,@_); -} - -sub vsrl { - confess(err("ARGNUM")) if ($#_!=2); - VRRc(0xe77c,@_); -} - -sub vsrlb { - confess(err("ARGNUM")) if ($#_!=2); - VRRc(0xe77d,@_); -} - -sub vs { - confess(err("ARGNUM")) if ($#_!=3); - VRRc(0xe7f7,@_); -} -sub vsb { - vs(@_,0); -} -sub vsh { - vs(@_,1); -} -sub vsf { - vs(@_,2); -} -sub vsg { - vs(@_,3); -} -sub vsq { - vs(@_,4); -} - -sub vscbi { - confess(err("ARGNUM")) if ($#_!=3); - VRRc(0xe7f5,@_); -} -sub vscbib { - vscbi(@_,0); -} -sub vscbih { - vscbi(@_,1); -} -sub vscbif { - vscbi(@_,2); -} -sub vscbig { - vscbi(@_,3); -} -sub vscbiq { - vscbi(@_,4); -} - -sub vsbi { - confess(err("ARGNUM")) if ($#_!=4); - VRRd(0xe7bf,@_); -} -sub vsbiq { - vsbi(@_,4); -} - -sub vsbcbi { - confess(err("ARGNUM")) if ($#_!=4); - VRRd(0xe7bd,@_); -} -sub vsbcbiq { - vsbcbi(@_,4); -} - -sub vsumg { - confess(err("ARGNUM")) if ($#_!=3); - VRRc(0xe765,@_); -} -sub vsumgh { - vsumg(@_,1); -} -sub vsumgf { - vsumg(@_,2); -} - -sub vsumq { - confess(err("ARGNUM")) if ($#_!=3); - VRRc(0xe767,@_); -} -sub vsumqf { - vsumq(@_,2); -} -sub vsumqg { - vsumq(@_,3); -} - -sub vsum { - confess(err("ARGNUM")) if ($#_!=3); - VRRc(0xe764,@_); -} -sub vsumb { - vsum(@_,0); -} -sub vsumh { - vsum(@_,1); -} - -sub vtm { - confess(err("ARGNUM")) if ($#_!=1); - VRRa(0xe7d8,@_); -} - -# VX - String Instructions - -sub vfae { - confess(err("ARGNUM")) if ($#_<3||$#_>4); - VRRb(0xe782,@_); -} -sub vfaeb { - vfae(@_[0..2],0,$_[3]); -} -sub vfaeh { - vfae(@_[0..2],1,$_[3]); -} -sub vfaef { - vfae(@_[0..2],2,$_[3]); -} -sub vfaebs { - $_[3]=0 if (!defined($_[3])); - vfae(@_[0..2],0,0x1|$_[3]); -} -sub vfaehs { - $_[3]=0 if (!defined($_[3])); - vfae(@_[0..2],1,0x1|$_[3]); -} -sub vfaefs { - $_[3]=0 if (!defined($_[3])); - vfae(@_[0..2],2,0x1|$_[3]); -} -sub vfaezb { - $_[3]=0 if (!defined($_[3])); - vfae(@_[0..2],0,0x2|$_[3]); -} -sub vfaezh { - $_[3]=0 if (!defined($_[3])); - vfae(@_[0..2],1,0x2|$_[3]); -} -sub vfaezf { - $_[3]=0 if (!defined($_[3])); - vfae(@_[0..2],2,0x2|$_[3]); -} -sub vfaezbs { - $_[3]=0 if (!defined($_[3])); - vfae(@_[0..2],0,0x3|$_[3]); -} -sub vfaezhs { - $_[3]=0 if (!defined($_[3])); - vfae(@_[0..2],1,0x3|$_[3]); -} -sub vfaezfs { - $_[3]=0 if (!defined($_[3])); - vfae(@_[0..2],2,0x3|$_[3]); -} - -sub vfee { - confess(err("ARGNUM")) if ($#_<3||$#_>4); - VRRb(0xe780,@_); -} -sub vfeeb { - vfee(@_[0..2],0,$_[3]); -} -sub vfeeh { - vfee(@_[0..2],1,$_[3]); -} -sub vfeef { - vfee(@_[0..2],2,$_[3]); -} -sub vfeebs { - vfee(@_,0,1); -} -sub vfeehs { - vfee(@_,1,1); -} -sub vfeefs { - vfee(@_,2,1); -} -sub vfeezb { - vfee(@_,0,2); -} -sub vfeezh { - vfee(@_,1,2); -} -sub vfeezf { - vfee(@_,2,2); -} -sub vfeezbs { - vfee(@_,0,3); -} -sub vfeezhs { - vfee(@_,1,3); -} -sub vfeezfs { - vfee(@_,2,3); -} - -sub vfene { - confess(err("ARGNUM")) if ($#_<3||$#_>4); - VRRb(0xe781,@_); -} -sub vfeneb { - vfene(@_[0..2],0,$_[3]); -} -sub vfeneh { - vfene(@_[0..2],1,$_[3]); -} -sub vfenef { - vfene(@_[0..2],2,$_[3]); -} -sub vfenebs { - vfene(@_,0,1); -} -sub vfenehs { - vfene(@_,1,1); -} -sub vfenefs { - vfene(@_,2,1); -} -sub vfenezb { - vfene(@_,0,2); -} -sub vfenezh { - vfene(@_,1,2); -} -sub vfenezf { - vfene(@_,2,2); -} -sub vfenezbs { - vfene(@_,0,3); -} -sub vfenezhs { - vfene(@_,1,3); -} -sub vfenezfs { - vfene(@_,2,3); -} - -sub vistr { - confess(err("ARGNUM")) if ($#_<2||$#_>3); - VRRa(0xe75c,@_[0..2],0,$_[3]); -} -sub vistrb { - vistr(@_[0..1],0,$_[2]); -} -sub vistrh { - vistr(@_[0..1],1,$_[2]); -} -sub vistrf { - vistr(@_[0..1],2,$_[2]); -} -sub vistrbs { - vistr(@_,0,1); -} -sub vistrhs { - vistr(@_,1,1); -} -sub vistrfs { - vistr(@_,2,1); -} - -sub vstrc { - confess(err("ARGNUM")) if ($#_<4||$#_>5); - VRRd(0xe78a,@_); -} -sub vstrcb { - vstrc(@_[0..3],0,$_[4]); -} -sub vstrch { - vstrc(@_[0..3],1,$_[4]); -} -sub vstrcf { - vstrc(@_[0..3],2,$_[4]); -} -sub vstrcbs { - $_[4]=0 if (!defined($_[4])); - vstrc(@_[0..3],0,0x1|$_[4]); -} -sub vstrchs { - $_[4]=0 if (!defined($_[4])); - vstrc(@_[0..3],1,0x1|$_[4]); -} -sub vstrcfs { - $_[4]=0 if (!defined($_[4])); - vstrc(@_[0..3],2,0x1|$_[4]); -} -sub vstrczb { - $_[4]=0 if (!defined($_[4])); - vstrc(@_[0..3],0,0x2|$_[4]); -} -sub vstrczh { - $_[4]=0 if (!defined($_[4])); - vstrc(@_[0..3],1,0x2|$_[4]); -} -sub vstrczf { - $_[4]=0 if (!defined($_[4])); - vstrc(@_[0..3],2,0x2|$_[4]); -} -sub vstrczbs { - $_[4]=0 if (!defined($_[4])); - vstrc(@_[0..3],0,0x3|$_[4]); -} -sub vstrczhs { - $_[4]=0 if (!defined($_[4])); - vstrc(@_[0..3],1,0x3|$_[4]); -} -sub vstrczfs { - $_[4]=0 if (!defined($_[4])); - vstrc(@_[0..3],2,0x3|$_[4]); -} - -# VX - Floating-point Instructions - -sub vfa { - confess(err("ARGNUM")) if ($#_!=4); - VRRc(0xe7e3,@_); -} -sub vfadb { - vfa(@_,3,0); -} -sub wfadb { - vfa(@_,3,8); -} - -sub wfc { - confess(err("ARGNUM")) if ($#_!=3); - VRRa(0xe7cb,@_); -} -sub wfcdb { - wfc(@_,3,0); -} - -sub wfk { - confess(err("ARGNUM")) if ($#_!=3); - VRRa(0xe7ca,@_); -} -sub wfksb { - wfk(@_,2,0); -} -sub wfkdb { - wfk(@_,3,0); -} -sub wfkxb { - wfk(@_,4,0); -} - -sub vfce { - confess(err("ARGNUM")) if ($#_!=5); - VRRc(0xe7e8,@_); -} -sub vfcedb { - vfce(@_,3,0,0); -} -sub vfcedbs { - vfce(@_,3,0,1); -} -sub wfcedb { - vfce(@_,3,8,0); -} -sub wfcedbs { - vfce(@_,3,8,1); -} - -sub vfch { - confess(err("ARGNUM")) if ($#_!=5); - VRRc(0xe7eb,@_); -} -sub vfchdb { - vfch(@_,3,0,0); -} -sub vfchdbs { - vfch(@_,3,0,1); -} -sub wfchdb { - vfch(@_,3,8,0); -} -sub wfchdbs { - vfch(@_,3,8,1); -} - -sub vfche { - confess(err("ARGNUM")) if ($#_!=5); - VRRc(0xe7ea,@_); -} -sub vfchedb { - vfche(@_,3,0,0); -} -sub vfchedbs { - vfche(@_,3,0,1); -} -sub wfchedb { - vfche(@_,3,8,0); -} -sub wfchedbs { - vfche(@_,3,8,1); -} - -sub vcdg { - confess(err("ARGNUM")) if ($#_!=4); - VRRa(0xe7c3,@_); -} -sub vcdgb { - vcdg(@_[0..1],3,@_[2..3]); -} -sub wcdgb { - vcdg(@_[0..1],3,0x8|$_[2],$_[3]); -} - -sub vcdlg { - confess(err("ARGNUM")) if ($#_!=4); - VRRa(0xe7c1,@_); -} -sub vcdlgb { - vcdlg(@_[0..1],3,@_[2..3]); -} -sub wcdlgb { - vcdlg(@_[0..1],3,0x8|$_[2],$_[3]); -} - -sub vcgd { - confess(err("ARGNUM")) if ($#_!=4); - VRRa(0xe7c2,@_); -} -sub vcgdb { - vcgd(@_[0..1],3,@_[2..3]); -} -sub wcgdb { - vcgd(@_[0..1],3,0x8|$_[2],$_[3]); -} - -sub vclgd { - confess(err("ARGNUM")) if ($#_!=4); - VRRa(0xe7c0,@_); -} -sub vclgdb { - vclgd(@_[0..1],3,@_[2..3]); -} -sub wclgdb { - vclgd(@_[0..1],3,0x8|$_[2],$_[3]); -} - -sub vfd { - confess(err("ARGNUM")) if ($#_!=4); - VRRc(0xe7e5,@_); -} -sub vfddb { - vfd(@_,3,0); -} -sub wfddb { - vfd(@_,3,8); -} - -sub vfi { - confess(err("ARGNUM")) if ($#_!=4); - VRRa(0xe7c7,@_); -} -sub vfidb { - vfi(@_[0..1],3,@_[2..3]); -} -sub wfidb { - vfi(@_[0..1],3,0x8|$_[2],$_[3]); -} - -sub vlde { # deprecated, use vfll - confess(err("ARGNUM")) if ($#_!=3); - VRRa(0xe7c4,@_); -} -sub vldeb { # deprecated, use vflls - vlde(@_,2,0); -} -sub wldeb { # deprecated, use wflls - vlde(@_,2,8); -} - -sub vled { # deprecated, use vflr - confess(err("ARGNUM")) if ($#_!=4); - VRRa(0xe7c5,@_); -} -sub vledb { # deprecated, use vflrd - vled(@_[0..1],3,@_[2..3]); -} -sub wledb { # deprecated, use wflrd - vled(@_[0..1],3,0x8|$_[2],$_[3]); -} - -sub vfm { - confess(err("ARGNUM")) if ($#_!=4); - VRRc(0xe7e7,@_); -} -sub vfmdb { - vfm(@_,3,0); -} -sub wfmdb { - vfm(@_,3,8); -} - -sub vfma { - confess(err("ARGNUM")) if ($#_!=5); - VRRe(0xe78f,@_); -} -sub vfmadb { - vfma(@_,0,3); -} -sub wfmadb { - vfma(@_,8,3); -} - -sub vfms { - confess(err("ARGNUM")) if ($#_!=5); - VRRe(0xe78e,@_); -} -sub vfmsdb { - vfms(@_,0,3); -} -sub wfmsdb { - vfms(@_,8,3); -} - -sub vfpso { - confess(err("ARGNUM")) if ($#_!=4); - VRRa(0xe7cc,@_); -} -sub vfpsodb { - vfpso(@_[0..1],3,0,$_[2]); -} -sub wfpsodb { - vfpso(@_[0..1],3,8,$_[2]); -} -sub vflcdb { - vfpso(@_,3,0,0); -} -sub wflcdb { - vfpso(@_,3,8,0); -} -sub vflndb { - vfpso(@_,3,0,1); -} -sub wflndb { - vfpso(@_,3,8,1); -} -sub vflpdb { - vfpso(@_,3,0,2); -} -sub wflpdb { - vfpso(@_,3,8,2); -} - -sub vfsq { - confess(err("ARGNUM")) if ($#_!=3); - VRRa(0xe7ce,@_); -} -sub vfsqdb { - vfsq(@_,3,0); -} -sub wfsqdb { - vfsq(@_,3,8); -} - -sub vfs { - confess(err("ARGNUM")) if ($#_!=4); - VRRc(0xe7e2,@_); -} -sub vfsdb { - vfs(@_,3,0); -} -sub wfsdb { - vfs(@_,3,8); -} - -sub vftci { - confess(err("ARGNUM")) if ($#_!=4); - VRIe(0xe74a,@_); -} -sub vftcidb { - vftci(@_,3,0); -} -sub wftcidb { - vftci(@_,3,8); -} - -# VXE - Support Instructions - -sub vbperm { - confess(err("ARGNUM")) if ($#_!=2); - VRRc(0xe785,@_); -} - -sub vllezlf { - vllez(@_,6); -} - -# VXE - Integer Instructions - -sub vmsl { - confess(err("ARGNUM")) if ($#_!=5); - VRRd(0xe7b8,@_); -} -sub vmslg { - vmsl(@_[0..3],3,$_[4]); -} - -sub vnx { - confess(err("ARGNUM")) if ($#_!=2); - VRRc(0xe76c,@_); -} - -sub vnn { - confess(err("ARGNUM")) if ($#_!=2); - VRRc(0xe76e,@_); -} - -sub voc { - confess(err("ARGNUM")) if ($#_!=2); - VRRc(0xe76f,@_); -} - -sub vpopctb { - vpopct(@_,0); -} -sub vpopcth { - vpopct(@_,1); -} -sub vpopctf { - vpopct(@_,2); -} -sub vpopctg { - vpopct(@_,3); -} - -# VXE - Floating-Point Instructions - -sub vfasb { - vfa(@_,2,0); -} -sub wfasb { - vfa(@_,2,8); -} -sub wfaxb { - vfa(@_,4,8); -} - -sub wfcsb { - wfc(@_,2,0); -} -sub wfcxb { - wfc(@_,4,0); -} - -sub vfcesb { - vfce(@_,2,0,0); -} -sub vfcesbs { - vfce(@_,2,0,1); -} -sub wfcesb { - vfce(@_,2,8,0); -} -sub wfcesbs { - vfce(@_,2,8,1); -} -sub wfcexb { - vfce(@_,4,8,0); -} -sub wfcexbs { - vfce(@_,4,8,1); -} - -sub vfchsb { - vfch(@_,2,0,0); -} -sub vfchsbs { - vfch(@_,2,0,1); -} -sub wfchsb { - vfch(@_,2,8,0); -} -sub wfchsbs { - vfch(@_,2,8,1); -} -sub wfchxb { - vfch(@_,4,8,0); -} -sub wfchxbs { - vfch(@_,4,8,1); -} - -sub vfchesb { - vfche(@_,2,0,0); -} -sub vfchesbs { - vfche(@_,2,0,1); -} -sub wfchesb { - vfche(@_,2,8,0); -} -sub wfchesbs { - vfche(@_,2,8,1); -} -sub wfchexb { - vfche(@_,4,8,0); -} -sub wfchexbs { - vfche(@_,4,8,1); -} - -sub vfdsb { - vfd(@_,2,0); -} -sub wfdsb { - vfd(@_,2,8); -} -sub wfdxb { - vfd(@_,4,8); -} - -sub vfisb { - vfi(@_[0..1],2,@_[2..3]); -} -sub wfisb { - vfi(@_[0..1],2,0x8|$_[2],$_[3]); -} -sub wfixb { - vfi(@_[0..1],4,0x8|$_[2],$_[3]); -} - -sub vfll { - vlde(@_); -} -sub vflls { - vfll(@_,2,0); -} -sub wflls { - vfll(@_,2,8); -} -sub wflld { - vfll(@_,3,8); -} - -sub vflr { - vled(@_); -} -sub vflrd { - vflr(@_[0..1],3,@_[2..3]); -} -sub wflrd { - vflr(@_[0..1],3,0x8|$_[2],$_[3]); -} -sub wflrx { - vflr(@_[0..1],4,0x8|$_[2],$_[3]); -} - -sub vfmax { - confess(err("ARGNUM")) if ($#_!=5); - VRRc(0xe7ef,@_); -} -sub vfmaxsb { - vfmax(@_[0..2],2,0,$_[3]); -} -sub vfmaxdb { - vfmax(@_[0..2],3,0,$_[3]); -} -sub wfmaxsb { - vfmax(@_[0..2],2,8,$_[3]); -} -sub wfmaxdb { - vfmax(@_[0..2],3,8,$_[3]); -} -sub wfmaxxb { - vfmax(@_[0..2],4,8,$_[3]); -} - -sub vfmin { - confess(err("ARGNUM")) if ($#_!=5); - VRRc(0xe7ee,@_); -} -sub vfminsb { - vfmin(@_[0..2],2,0,$_[5]); -} -sub vfmindb { - vfmin(@_[0..2],3,0,$_[5]); -} -sub wfminsb { - vfmin(@_[0..2],2,8,$_[5]); -} -sub wfmindb { - vfmin(@_[0..2],3,8,$_[5]); -} -sub wfminxb { - vfmin(@_[0..2],4,8,$_[5]); -} - -sub vfmsb { - vfm(@_,2,0); -} -sub wfmsb { - vfm(@_,2,8); -} -sub wfmxb { - vfm(@_,4,8); -} - -sub vfmasb { - vfma(@_,0,2); -} -sub wfmasb { - vfma(@_,8,2); -} -sub wfmaxb { - vfma(@_,8,4); -} - -sub vfmssb { - vfms(@_,0,2); -} -sub wfmssb { - vfms(@_,8,2); -} -sub wfmsxb { - vfms(@_,8,4); -} - -sub vfnma { - confess(err("ARGNUM")) if ($#_!=5); - VRRe(0xe79f,@_); -} -sub vfnmasb { - vfnma(@_,0,2); -} -sub vfnmadb { - vfnma(@_,0,3); -} -sub wfnmasb { - vfnma(@_,8,2); -} -sub wfnmadb { - vfnma(@_,8,3); -} -sub wfnmaxb { - vfnma(@_,8,4); -} - -sub vfnms { - confess(err("ARGNUM")) if ($#_!=5); - VRRe(0xe79e,@_); -} -sub vfnmssb { - vfnms(@_,0,2); -} -sub vfnmsdb { - vfnms(@_,0,3); -} -sub wfnmssb { - vfnms(@_,8,2); -} -sub wfnmsdb { - vfnms(@_,8,3); -} -sub wfnmsxb { - vfnms(@_,8,4); -} - -sub vfpsosb { - vfpso(@_[0..1],2,0,$_[2]); -} -sub wfpsosb { - vfpso(@_[0..1],2,8,$_[2]); -} -sub vflcsb { - vfpso(@_,2,0,0); -} -sub wflcsb { - vfpso(@_,2,8,0); -} -sub vflnsb { - vfpso(@_,2,0,1); -} -sub wflnsb { - vfpso(@_,2,8,1); -} -sub vflpsb { - vfpso(@_,2,0,2); -} -sub wflpsb { - vfpso(@_,2,8,2); -} -sub vfpsoxb { - vfpso(@_[0..1],4,0,$_[2]); -} -sub wfpsoxb { - vfpso(@_[0..1],4,8,$_[2]); -} -sub vflcxb { - vfpso(@_,4,0,0); -} -sub wflcxb { - vfpso(@_,4,8,0); -} -sub vflnxb { - vfpso(@_,4,0,1); -} -sub wflnxb { - vfpso(@_,4,8,1); -} -sub vflpxb { - vfpso(@_,4,0,2); -} -sub wflpxb { - vfpso(@_,4,8,2); -} - -sub vfsqsb { - vfsq(@_,2,0); -} -sub wfsqsb { - vfsq(@_,2,8); -} -sub wfsqxb { - vfsq(@_,4,8); -} - -sub vfssb { - vfs(@_,2,0); -} -sub wfssb { - vfs(@_,2,8); -} -sub wfsxb { - vfs(@_,4,8); -} - -sub vftcisb { - vftci(@_,2,0); -} -sub wftcisb { - vftci(@_,2,8); -} -sub wftcixb { - vftci(@_,4,8); -} - -# VXD - Support Instructions - -sub vlrlr { - confess(err("ARGNUM")) if ($#_!=2); - VRSd(0xe637,@_); -} - -sub vlrl { - confess(err("ARGNUM")) if ($#_!=2); - VSI(0xe635,@_); -} - -sub vstrlr { - confess(err("ARGNUM")) if ($#_!=2); - VRSd(0xe63f,@_); -} - -sub vstrl { - confess(err("ARGNUM")) if ($#_!=2); - VSI(0xe63d,@_); -} - -sub vap { - confess(err("ARGNUM")) if ($#_!=4); - VRIf(0xe671,@_); -} - -sub vcp { - confess(err("ARGNUM")) if ($#_!=2); - VRRh(0xe677,@_); -} - -sub vcvb { - confess(err("ARGNUM")) if ($#_!=2); - VRRi(0xe650,@_); -} - -sub vcvbg { - confess(err("ARGNUM")) if ($#_!=2); - VRRi(0xe652,@_); -} - -sub vcvd { - confess(err("ARGNUM")) if ($#_!=3); - VRIi(0xe658,@_); -} - -sub vcvdg { - confess(err("ARGNUM")) if ($#_!=3); - VRIi(0xe65a,@_); -} - -sub vdp { - confess(err("ARGNUM")) if ($#_!=4); - VRIf(0xe67a,@_); -} - -sub vlip { - confess(err("ARGNUM")) if ($#_!=2); - VRIh(0xe649,@_); -} - -sub vmp { - confess(err("ARGNUM")) if ($#_!=4); - VRIf(0xe678,@_); -} - -sub vmsp { - confess(err("ARGNUM")) if ($#_!=4); - VRIf(0xe679,@_); -} - -sub vpkz { - confess(err("ARGNUM")) if ($#_!=2); - VSI(0xe634,@_); -} - -sub vpsop { - confess(err("ARGNUM")) if ($#_!=4); - VRIg(0xe65b,@_); -} - -sub vrp { - confess(err("ARGNUM")) if ($#_!=4); - VRIf(0xe67b,@_); -} - -sub vsdp { - confess(err("ARGNUM")) if ($#_!=4); - VRIf(0xe67e,@_); -} - -sub vsrp { - confess(err("ARGNUM")) if ($#_!=4); - VRIg(0xe659,@_); -} - -sub vsp { - confess(err("ARGNUM")) if ($#_!=4); - VRIf(0xe673,@_); -} - -sub vtp { - confess(err("ARGNUM")) if ($#_!=0); - VRRg(0xe65f,@_); -} - -sub vupkz { - confess(err("ARGNUM")) if ($#_!=2); - VSI(0xe63c,@_); -} - -# -# Instruction Formats -# - -sub RIEf { - confess(err("ARGNUM")) if ($#_<4||5<$#_); - my $ops=join(',',@_[1..$#_]); - my $memn=(caller(1))[3]; - $memn=~s/^.*:://; - my ($opcode,$r1,$r2,$i3,$i4,$i5)=(shift,get_R(shift),get_R(shift), - get_I(shift,8),get_I(shift,8), - get_I(shift,8)); - - $out.="\t.word\t"; - $out.=sprintf("%#06x",(($opcode>>8)<<8|$r1<<4|$r2)).","; - $out.=sprintf("%#06x",($i3<<8)|$i4).","; - $out.=sprintf("%#06x",($i5<<8)|($opcode&0xff)); - $out.="\t# $memn\t$ops\n"; -} - -sub RILa { - confess(err("ARGNUM")) if ($#_!=2); - my $ops=join(',',@_[1..$#_]); - my $memn=(caller(1))[3]; - $memn=~s/^.*:://; - my ($opcode,$r1,$i2)=(shift,get_R(shift),get_I(shift,32)); - - $out.="\t.word\t"; - $out.=sprintf("%#06x",(($opcode>>4)<<8|$r1<<4|($opcode&0xf))).","; - $out.=sprintf("%#06x",($i2>>16)).","; - $out.=sprintf("%#06x",($i2&0xffff)); - $out.="\t# $memn\t$ops\n"; -} - -sub RRE { - confess(err("ARGNUM")) if ($#_<0||2<$#_); - my $ops=join(',',@_[1..$#_]); - my $memn=(caller(1))[3]; - $memn=~s/^.*:://; - my ($opcode,$r1,$r2)=(shift,get_R(shift),get_R(shift)); - - $out.="\t.long\t".sprintf("%#010x",($opcode<<16|$r1<<4|$r2)); - $out.="\t# $memn"; - # RRE can have 0 ops e.g., pcc. - $out.="\t$ops" if ((defined($ops))&&($ops ne '')); - $out.="\n"; -} - -sub RRFb { - confess(err("ARGNUM")) if ($#_<3||4<$#_); - my $ops=join(',',@_[1..$#_]); - my $memn=(caller(1))[3]; - $memn=~s/^.*:://; - my ($opcode,$r1,$r3,$r2,$m4)=(shift,get_R(shift),get_R(shift) - ,get_R(shift),get_M(shift)); - - $out.="\t.long\t" - .sprintf("%#010x",($opcode<<16|$r3<<12|$m4<<8|$r1<<4|$r2)); - $out.="\t# $memn\t$ops\n"; -} - -sub RXYa { - confess(err("ARGNUM")) if ($#_!=2); - my $ops=join(',',@_[1..$#_]); - my $memn=(caller(1))[3]; - $memn=~s/^.*:://; - my ($opcode,$r1,$d2,$x2,$b2)=(shift,get_R(shift),get_DXB(shift)); - - $out.="\t.word\t"; - $out.=sprintf("%#06x",(($opcode>>8)<<8|$r1<<4|$x2)).","; - $out.=sprintf("%#06x",($b2<<12|($d2&0xfff))).","; - $out.=sprintf("%#06x",(($d2>>12)<<8|$opcode&0xff)); - $out.="\t# $memn\t$ops\n"; -} - -sub S { - confess(err("ARGNUM")) if ($#_<0||1<$#_); - my $ops=join(',',@_[1..$#_]); - my $memn=(caller(1))[3]; - $memn=~s/^.*:://; - my ($opcode,$d2,$b2)=(shift,get_DB(shift)); - - $out.="\t.long\t".sprintf("%#010x",($opcode<<16|$b2<<12|$d2)); - $out.="\t# $memn\t$ops\n"; -} - -sub VRIa { - confess(err("ARGNUM")) if ($#_<2||3<$#_); - my $ops=join(',',@_[1..$#_]); - my $memn=(caller(1))[3]; - $memn=~s/^.*:://; - my ($opcode,$v1,$i2,$m3)=(shift,get_V(shift),get_I(shift,16), - get_M(shift)); - - $out.="\t.word\t"; - $out.=sprintf("%#06x",($opcode&0xff00|($v1&0xf)<<4)).","; - $out.=sprintf("%#06x",$i2).","; - $out.=sprintf("%#06x",($m3<<12|RXB($v1)<<8|$opcode&0xff)); - $out.="\t# $memn\t$ops\n"; -} - -sub VRIb { - confess(err("ARGNUM")) if ($#_!=4); - my $ops=join(',',@_[1..$#_]); - my $memn=(caller(1))[3]; - $memn=~s/^.*:://; - my ($opcode,$v1,$i2,$i3,$m4)=(shift,get_V(shift),get_I(shift,8), - ,get_I(shift,8),get_M(shift)); - - $out.="\t.word\t"; - $out.=sprintf("%#06x",($opcode&0xff00|($v1&0xf)<<4)).","; - $out.=sprintf("%#06x",($i2<<8|$i3)).","; - $out.=sprintf("%#06x",($m4<<12|RXB($v1)<<8|$opcode&0xff)); - $out.="\t# $memn\t$ops\n"; -} - -sub VRIc { - confess(err("ARGNUM")) if ($#_!=4); - my $ops=join(',',@_[1..$#_]); - my $memn=(caller(1))[3]; - $memn=~s/^.*:://; - my ($opcode,$v1,$v3,$i2,$m4)=(shift,get_V(shift),get_V(shift), - ,get_I(shift,16),get_M(shift)); - - $out.="\t.word\t"; - $out.=sprintf("%#06x",($opcode&0xff00|($v1&0xf)<<4)|($v3&0xf)).","; - $out.=sprintf("%#06x",$i2).","; - $out.=sprintf("%#06x",($m4<<12|RXB($v1,$v3)<<8|$opcode&0xff)); - $out.="\t# $memn\t$ops\n"; -} - -sub VRId { - confess(err("ARGNUM")) if ($#_<4||$#_>5); - my $ops=join(',',@_[1..$#_]); - my $memn=(caller(1))[3]; - $memn=~s/^.*:://; - my ($opcode,$v1,$v2,$v3,$i4,$m5)=(shift,get_V(shift),get_V(shift), - ,get_V(shift),get_I(shift,8),get_M(shift)); - - $out.="\t.word\t"; - $out.=sprintf("%#06x",($opcode&0xff00|($v1&0xf)<<4)|($v2&0xf)).","; - $out.=sprintf("%#06x",(($v3&0xf)<<12|$i4)).","; - $out.=sprintf("%#06x",($m5<<12|RXB($v1,$v2,$v3)<<8|$opcode&0xff)); - $out.="\t# $memn\t$ops\n"; -} - -sub VRIe { - confess(err("ARGNUM")) if ($#_!=5); - my $ops=join(',',@_[1..$#_]); - my $memn=(caller(1))[3]; - $memn=~s/^.*:://; - my ($opcode,$v1,$v2,$i3,$m4,$m5)=(shift,get_V(shift),get_V(shift), - ,get_I(shift,12),get_M(shift),get_M(shift)); - - $out.="\t.word\t"; - $out.=sprintf("%#06x",($opcode&0xff00|($v1&0xf)<<4)|($v2&0xf)).","; - $out.=sprintf("%#06x",($i3<<4|$m5)).","; - $out.=sprintf("%#06x",($m4<<12|RXB($v1,$v2)<<8|$opcode&0xff)); - $out.="\t# $memn\t$ops\n"; -} - -sub VRIf { - confess(err("ARGNUM")) if ($#_!=5); - my $ops=join(',',@_[1..$#_]); - my $memn=(caller(1))[3]; - $memn=~s/^.*:://; - my ($opcode,$v1,$v2,$v3,$i4,$m5)=(shift,get_V(shift),get_V(shift), - ,get_V(shift),get_I(shift,8),get_M(shift)); - - $out.="\t.word\t"; - $out.=sprintf("%#06x",($opcode&0xff00|($v1&0xf)<<4)|($v2&0xf)).","; - $out.=sprintf("%#06x",(($v3&0xf)<<12|$m5<<4)|$i4>>4).","; - $out.=sprintf("%#06x",(($i4&0xf)<<12|RXB($v1,$v2,$v3)<<8|$opcode&0xff)); - $out.="\t# $memn\t$ops\n"; -} - -sub VRIg { - confess(err("ARGNUM")) if ($#_!=5); - my $ops=join(',',@_[1..$#_]); - my $memn=(caller(1))[3]; - $memn=~s/^.*:://; - my ($opcode,$v1,$v2,$i3,$i4,$m5)=(shift,get_V(shift),get_V(shift), - ,get_I(shift,8),get_I(shift,8),get_M(shift)); - - $out.="\t.word\t"; - $out.=sprintf("%#06x",($opcode&0xff00|($v1&0xf)<<4)|($v2&0xf)).","; - $out.=sprintf("%#06x",($i4<<8|$m5<<4|$i3>>4)).","; - $out.=sprintf("%#06x",(($i3&0xf)<<12|RXB($v1,$v2)<<8|$opcode&0xff)); - $out.="\t# $memn\t$ops\n"; -} - -sub VRIh { - confess(err("ARGNUM")) if ($#_!=3); - my $ops=join(',',@_[1..$#_]); - my $memn=(caller(1))[3]; - $memn=~s/^.*:://; - my ($opcode,$v1,$i2,$i3)=(shift,get_V(shift),get_I(shift,16), - get_I(shift,4)); - - $out.="\t.word\t"; - $out.=sprintf("%#06x",($opcode&0xff00|($v1&0xf)<<4)).","; - $out.=sprintf("%#06x",$i2).","; - $out.=sprintf("%#06x",($i3<<12|RXB($v1)<<8|$opcode&0xff)); - $out.="\t# $memn\t$ops\n"; -} - -sub VRIi { - confess(err("ARGNUM")) if ($#_!=4); - my $ops=join(',',@_[1..$#_]); - my $memn=(caller(1))[3]; - $memn=~s/^.*:://; - my ($opcode,$v1,$r2,$i3,$m4)=(shift,get_V(shift),get_R(shift), - ,get_I(shift,8),get_M(shift)); - - $out.="\t.word\t"; - $out.=sprintf("%#06x",($opcode&0xff00|($v1&0xf)<<4)|$r2).","; - $out.=sprintf("%#06x",($m4<<4|$i3>>4)).","; - $out.=sprintf("%#06x",(($i3&0xf)<<12|RXB($v1)<<8|$opcode&0xff)); - $out.="\t# $memn\t$ops\n"; -} - -sub VRRa { - confess(err("ARGNUM")) if ($#_<2||5<$#_); - my $ops=join(',',@_[1..$#_]); - my $memn=(caller(1))[3]; - $memn=~s/^.*:://; - my ($opcode,$v1,$v2,$m3,$m4,$m5)=(shift,get_V(shift),get_V(shift), - get_M(shift),get_M(shift),get_M(shift)); - - $out.="\t.word\t"; - $out.=sprintf("%#06x",($opcode&0xff00|($v1&0xf)<<4|($v2&0xf))).","; - $out.=sprintf("%#06x",($m5<<4|$m4)).","; - $out.=sprintf("%#06x",($m3<<12|RXB($v1,$v2)<<8|$opcode&0xff)); - $out.="\t# $memn\t$ops\n"; -} - -sub VRRb { - confess(err("ARGNUM")) if ($#_<3||5<$#_); - my $ops=join(',',@_[1..$#_]); - my $memn=(caller(1))[3]; - $memn=~s/^.*:://; - my ($opcode,$v1,$v2,$v3,$m4,$m5)=(shift,get_V(shift),get_V(shift), - get_V(shift),get_M(shift),get_M(shift)); - - $out.="\t.word\t"; - $out.=sprintf("%#06x",($opcode&0xff00|($v1&0xf)<<4|($v2&0xf))).","; - $out.=sprintf("%#06x",(($v3&0xf)<<12|$m5<<4)).","; - $out.=sprintf("%#06x",($m4<<12|RXB($v1,$v2,$v3)<<8|$opcode&0xff)); - $out.="\t# $memn\t$ops\n"; -} - -sub VRRc { - confess(err("ARGNUM")) if ($#_<3||6<$#_); - my $ops=join(',',@_[1..$#_]); - my $memn=(caller(1))[3]; - $memn=~s/^.*:://; - my ($opcode,$v1,$v2,$v3,$m4,$m5,$m6)=(shift,get_V(shift),get_V(shift), - get_V(shift),get_M(shift),get_M(shift),get_M(shift)); - - $out.="\t.word\t"; - $out.=sprintf("%#06x",($opcode&0xff00|($v1&0xf)<<4|($v2&0xf))).","; - $out.=sprintf("%#06x",(($v3&0xf)<<12|$m6<<4|$m5)).","; - $out.=sprintf("%#06x",($m4<<12|RXB($v1,$v2,$v3)<<8|$opcode&0xff)); - $out.="\t# $memn\t$ops\n"; -} - -sub VRRd { - confess(err("ARGNUM")) if ($#_<4||6<$#_); - my $ops=join(',',@_[1..$#_]); - my $memn=(caller(1))[3]; - $memn=~s/^.*:://; - my ($opcode,$v1,$v2,$v3,$v4,$m5,$m6)=(shift,get_V(shift),get_V(shift), - get_V(shift),get_V(shift),get_M(shift),get_M(shift)); - - $out.="\t.word\t"; - $out.=sprintf("%#06x",($opcode&0xff00|($v1&0xf)<<4|($v2&0xf))).","; - $out.=sprintf("%#06x",(($v3&0xf)<<12|$m5<<8|$m6<<4)).","; - $out.=sprintf("%#06x",(($v4&0xf)<<12|RXB($v1,$v2,$v3,$v4)<<8|$opcode&0xff)); - $out.="\t# $memn\t$ops\n"; -} - -sub VRRe { - confess(err("ARGNUM")) if ($#_<4||6<$#_); - my $ops=join(',',@_[1..$#_]); - my $memn=(caller(1))[3]; - $memn=~s/^.*:://; - my ($opcode,$v1,$v2,$v3,$v4,$m5,$m6)=(shift,get_V(shift),get_V(shift), - get_V(shift),get_V(shift),get_M(shift),get_M(shift)); - - $out.="\t.word\t"; - $out.=sprintf("%#06x",($opcode&0xff00|($v1&0xf)<<4|($v2&0xf))).","; - $out.=sprintf("%#06x",(($v3&0xf)<<12|$m6<<8|$m5)).","; - $out.=sprintf("%#06x",(($v4&0xf)<<12|RXB($v1,$v2,$v3,$v4)<<8|$opcode&0xff)); - $out.="\t# $memn\t$ops\n"; -} - -sub VRRf { - confess(err("ARGNUM")) if ($#_!=3); - my $ops=join(',',@_[1..$#_]); - my $memn=(caller(1))[3]; - $memn=~s/^.*:://; - my ($opcode,$v1,$r2,$r3)=(shift,get_V(shift),get_R(shift), - get_R(shift)); - - $out.="\t.word\t"; - $out.=sprintf("%#06x",($opcode&0xff00|($v1&0xf)<<4|$r2)).","; - $out.=sprintf("%#06x",($r3<<12)).","; - $out.=sprintf("%#06x",(RXB($v1)<<8|$opcode&0xff)); - $out.="\t# $memn\t$ops\n"; -} - -sub VRRg { - confess(err("ARGNUM")) if ($#_!=1); - my $ops=join(',',@_[1..$#_]); - my $memn=(caller(1))[3]; - $memn=~s/^.*:://; - my ($opcode,$v1)=(shift,get_V(shift)); - - $out.="\t.word\t"; - $out.=sprintf("%#06x",($opcode&0xff00|($v1&0xf))).","; - $out.=sprintf("%#06x",0x0000).","; - $out.=sprintf("%#06x",(RXB(0,$v1)<<8|$opcode&0xff)); - $out.="\t# $memn\t$ops\n"; -} - -sub VRRh { - confess(err("ARGNUM")) if ($#_<2||$#_>3); - my $ops=join(',',@_[1..$#_]); - my $memn=(caller(1))[3]; - $memn=~s/^.*:://; - my ($opcode,$v1,$v2,$m3)=(shift,get_V(shift),get_V(shift), - get_M(shift)); - - $out.="\t.word\t"; - $out.=sprintf("%#06x",($opcode&0xff00|($v1&0xf))).","; - $out.=sprintf("%#06x",(($v2&0xf)<<12|$m3<<4)).","; - $out.=sprintf("%#06x",(RXB(0,$v1,$v2)<<8|$opcode&0xff)); - $out.="\t# $memn\t$ops\n"; -} - -sub VRRi { - confess(err("ARGNUM")) if ($#_!=3); - my $ops=join(',',@_[1..$#_]); - my $memn=(caller(1))[3]; - $memn=~s/^.*:://; - my ($opcode,$r1,$v2,$m3)=(shift,get_R(shift),get_V(shift), - get_M(shift)); - - $out.="\t.word\t"; - $out.=sprintf("%#06x",($opcode&0xff00|$r1<<4|($v2&0xf))).","; - $out.=sprintf("%#06x",($m3<<4))."\,"; - $out.=sprintf("%#06x",(RXB(0,$v2)<<8|$opcode&0xff)); - $out.="\t# $memn\t$ops\n"; -} - -sub VRSa { - confess(err("ARGNUM")) if ($#_<3||$#_>4); - my $ops=join(',',@_[1..$#_]); - my $memn=(caller(1))[3]; - $memn=~s/^.*:://; - my ($opcode,$v1,$v3,$d2,$b2,$m4)=(shift,get_V(shift),get_V(shift), - get_DB(shift),get_M(shift)); - - $out.="\t.word\t"; - $out.=sprintf("%#06x",($opcode&0xff00|($v1&0xf)<<4|($v3&0xf))).","; - $out.=sprintf("%#06x",($b2<<12|$d2)).","; - $out.=sprintf("%#06x",($m4<<12|RXB($v1,$v3)<<8|$opcode&0xff)); - $out.="\t# $memn\t$ops\n"; -} - -sub VRSb { - confess(err("ARGNUM")) if ($#_<3||$#_>4); - my $ops=join(',',@_[1..$#_]); - my $memn=(caller(1))[3]; - $memn=~s/^.*:://; - my ($opcode,$v1,$r3,$d2,$b2,$m4)=(shift,get_V(shift),get_R(shift), - get_DB(shift),get_M(shift)); - - $out.="\t.word\t"; - $out.=sprintf("%#06x",($opcode&0xff00|($v1&0xf)<<4|$r3)).","; - $out.=sprintf("%#06x",($b2<<12|$d2)).","; - $out.=sprintf("%#06x",($m4<<12|RXB($v1)<<8|$opcode&0xff)); - $out.="\t# $memn\t$ops\n"; -} - -sub VRSc { - confess(err("ARGNUM")) if ($#_!=4); - my $ops=join(',',@_[1..$#_]); - my $memn=(caller(1))[3]; - $memn=~s/^.*:://; - my ($opcode,$r1,$v3,$d2,$b2,$m4)=(shift,get_R(shift),get_V(shift), - get_DB(shift),get_M(shift)); - - $out.="\t.word\t"; - $out.=sprintf("%#06x",($opcode&0xff00|$r1<<4|($v3&0xf))).","; - $out.=sprintf("%#06x",($b2<<12|$d2)).","; - $out.=sprintf("%#06x",($m4<<12|RXB(0,$v3)<<8|$opcode&0xff)); - $out.="\t# $memn\t$ops\n"; -} - -sub VRSd { - confess(err("ARGNUM")) if ($#_!=3); - my $ops=join(',',@_[1..$#_]); - my $memn=(caller(1))[3]; - $memn=~s/^.*:://; - my ($opcode,$v1,$r3,$d2,$b2)=(shift,get_V(shift),get_R(shift), - get_DB(shift)); - - $out.="\t.word\t"; - $out.=sprintf("%#06x",($opcode&0xff00|$r3)).","; - $out.=sprintf("%#06x",($b2<<12|$d2)).","; - $out.=sprintf("%#06x",(($v1&0xf)<<12|RXB(0,0,0,$v1)<<8|$opcode&0xff)); - $out.="\t# $memn\t$ops\n"; -} - -sub VRV { - confess(err("ARGNUM")) if ($#_<2||$#_>3); - my $ops=join(',',@_[1..$#_]); - my $memn=(caller(1))[3]; - $memn=~s/^.*:://; - my ($opcode,$v1,$d2,$v2,$b2,$m3)=(shift,get_V(shift),get_DVB(shift), - get_M(shift)); - - $out.="\t.word\t"; - $out.=sprintf("%#06x",($opcode&0xff00|($v1&0xf)<<4|($v2&0xf))).","; - $out.=sprintf("%#06x",($b2<<12|$d2)).","; - $out.=sprintf("%#06x",($m3<<12|RXB($v1,$v2)<<8|$opcode&0xff)); - $out.="\t# $memn\t$ops\n"; -} - -sub VRX { - confess(err("ARGNUM")) if ($#_<2||$#_>3); - my $ops=join(',',@_[1..$#_]); - my $memn=(caller(1))[3]; - $memn=~s/^.*:://; - my ($opcode,$v1,$d2,$x2,$b2,$m3)=(shift,get_V(shift),get_DXB(shift), - get_M(shift)); - - $out.="\t.word\t"; - $out.=sprintf("%#06x",($opcode&0xff00|($v1&0xf)<<4|($x2))).","; - $out.=sprintf("%#06x",($b2<<12|$d2)).","; - $out.=sprintf("%#06x",($m3<<12|RXB($v1)<<8|$opcode&0xff)); - $out.="\t# $memn\t$ops\n"; -} - -sub VSI { - confess(err("ARGNUM")) if ($#_!=3); - my $ops=join(',',@_[1..$#_]); - my $memn=(caller(1))[3]; - $memn=~s/^.*:://; - my ($opcode,$v1,$d2,$b2,$i3)=(shift,get_V(shift),get_DB(shift), - get_I(shift,8)); - - $out.="\t.word\t"; - $out.=sprintf("%#06x",($opcode&0xff00|$i3)).","; - $out.=sprintf("%#06x",($b2<<12|$d2)).","; - $out.=sprintf("%#06x",(($v1&0xf)<<12|RXB(0,0,0,$v1)<<8|$opcode&0xff)); - $out.="\t# $memn\t$ops\n"; -} - -# -# Internal -# - -sub get_R { - confess(err("ARGNUM")) if ($#_!=0); - my $r; - - for (shift) { - if (!defined) { - $r=0; - } elsif (/^$GR$/) { - $r=$1; - } else { - confess(err("PARSE")); - } - } - confess(err("ARGRANGE")) if ($r&~0xf); - - return $r; -} - -sub get_V { - confess(err("ARGNUM")) if ($#_!=0); - my $v; - - for (shift) { - if (!defined) { - $v=0; - } elsif (/^$VR$/) { - $v=$1; - } else { - confess(err("PARSE")); - } - } - confess(err("ARGRANGE")) if ($v&~0x1f); - - return $v; -} - -sub get_I { - confess(err("ARGNUM")) if ($#_!=1); - my ($i,$bits)=(shift,shift); - - $i=defined($i)?(eval($i)):(0); - confess(err("PARSE")) if (!defined($i)); - confess(err("ARGRANGE")) if (abs($i)&~(2**$bits-1)); - - return $i&(2**$bits-1); -} - -sub get_M { - confess(err("ARGNUM")) if ($#_!=0); - my $m=shift; - - $m=defined($m)?(eval($m)):(0); - confess(err("PARSE")) if (!defined($m)); - confess(err("ARGRANGE")) if ($m&~0xf); - - return $m; -} - -sub get_DB -{ - confess(err("ARGNUM")) if ($#_!=0); - my ($d,$b); - - for (shift) { - if (!defined) { - ($d,$b)=(0,0); - } elsif (/^(.+)\($GR\)$/) { - ($d,$b)=(eval($1),$2); - confess(err("PARSE")) if (!defined($d)); - } elsif (/^(.+)$/) { - ($d,$b)=(eval($1),0); - confess(err("PARSE")) if (!defined($d)); - } else { - confess(err("PARSE")); - } - } - confess(err("ARGRANGE")) if ($d&~0xfff||$b&~0xf); - - return ($d,$b); -} - -sub get_DVB -{ - confess(err("ARGNUM")) if ($#_!=0); - my ($d,$v,$b); - - for (shift) { - if (!defined) { - ($d,$v,$b)=(0,0,0); - } elsif (/^(.+)\($VR,$GR\)$/) { - ($d,$v,$b)=(eval($1),$2,$3); - confess(err("PARSE")) if (!defined($d)); - } elsif (/^(.+)\($GR\)$/) { - ($d,$v,$b)=(eval($1),0,$2); - confess(err("PARSE")) if (!defined($d)); - } elsif (/^(.+)$/) { - ($d,$v,$b)=(eval($1),0,0); - confess(err("PARSE")) if (!defined($d)); - } else { - confess(err("PARSE")); - } - } - confess(err("ARGRANGE")) if ($d&~0xfff||$v&~0x1f||$b&~0xf); - - return ($d,$v,$b); -} - -sub get_DXB -{ - confess(err("ARGNUM")) if ($#_!=0); - my ($d,$x,$b); - - for (shift) { - if (!defined) { - ($d,$x,$b)=(0,0,0); - } elsif (/^(.+)\($GR,$GR\)$/) { - ($d,$x,$b)=(eval($1),$2,$3); - confess(err("PARSE")) if (!defined($d)); - } elsif (/^(.+)\($GR\)$/) { - ($d,$x,$b)=(eval($1),0,$2); - confess(err("PARSE")) if (!defined($d)); - } elsif (/^(.+)$/) { - ($d,$x,$b)=(eval($1),0,0); - confess(err("PARSE")) if (!defined($d)); - } else { - confess(err("PARSE")); - } - } - confess(err("ARGRANGE")) if ($d&~0xfff||$x&~0xf||$b&~0xf); - - return ($d,$x,$b); -} - -sub RXB -{ - confess(err("ARGNUM")) if ($#_<0||3<$#_); - my $rxb=0; - - $rxb|=0x08 if (defined($_[0])&&($_[0]&0x10)); - $rxb|=0x04 if (defined($_[1])&&($_[1]&0x10)); - $rxb|=0x02 if (defined($_[2])&&($_[2]&0x10)); - $rxb|=0x01 if (defined($_[3])&&($_[3]&0x10)); - - return $rxb; -} - -sub err { - my %ERR = - ( - ARGNUM => 'Wrong number of arguments', - ARGRANGE=> 'Argument out of range', - PARSE => 'Parse error', - ); - confess($ERR{ARGNUM}) if ($#_!=0); - - return $ERR{$_[0]}; -} - -1; diff --git a/crypto/perlasm/sparcv9_modes.pl b/crypto/perlasm/sparcv9_modes.pl deleted file mode 100644 index 76a2727aba62ab6e66b84825823ddbf312482e84..0000000000000000000000000000000000000000 --- a/crypto/perlasm/sparcv9_modes.pl +++ /dev/null @@ -1,1702 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - - -# Specific modes implementations for SPARC Architecture 2011. There -# is T4 dependency though, an ASI value that is not specified in the -# Architecture Manual. But as SPARC universe is rather monocultural, -# we imply that processor capable of executing crypto instructions -# can handle the ASI in question as well. This means that we ought to -# keep eyes open when new processors emerge... -# -# As for above mentioned ASI. It's so called "block initializing -# store" which cancels "read" in "read-update-write" on cache lines. -# This is "cooperative" optimization, as it reduces overall pressure -# on memory interface. Benefits can't be observed/quantified with -# usual benchmarks, on the contrary you can notice that single-thread -# performance for parallelizable modes is ~1.5% worse for largest -# block sizes [though few percent better for not so long ones]. All -# this based on suggestions from David Miller. - -$::bias="STACK_BIAS"; -$::frame="STACK_FRAME"; -$::size_t_cc="SIZE_T_CC"; - -sub asm_init { # to be called with @ARGV as argument - for (@_) { $::abibits=64 if (/\-m64/ || /\-xarch\=v9/); } - if ($::abibits==64) { $::bias=2047; $::frame=192; $::size_t_cc="%xcc"; } - else { $::bias=0; $::frame=112; $::size_t_cc="%icc"; } -} - -# unified interface -my ($inp,$out,$len,$key,$ivec)=map("%i$_",(0..5)); -# local variables -my ($ileft,$iright,$ooff,$omask,$ivoff,$blk_init)=map("%l$_",(0..7)); - -sub alg_cbc_encrypt_implement { -my ($alg,$bits) = @_; - -$::code.=<<___; -.globl ${alg}${bits}_t4_cbc_encrypt -.align 32 -${alg}${bits}_t4_cbc_encrypt: - save %sp, -$::frame, %sp - cmp $len, 0 - be,pn $::size_t_cc, .L${bits}_cbc_enc_abort - srln $len, 0, $len ! needed on v8+, "nop" on v9 - sub $inp, $out, $blk_init ! $inp!=$out -___ -$::code.=<<___ if (!$::evp); - andcc $ivec, 7, $ivoff - alignaddr $ivec, %g0, $ivec - - ldd [$ivec + 0], %f0 ! load ivec - bz,pt %icc, 1f - ldd [$ivec + 8], %f2 - ldd [$ivec + 16], %f4 - faligndata %f0, %f2, %f0 - faligndata %f2, %f4, %f2 -1: -___ -$::code.=<<___ if ($::evp); - ld [$ivec + 0], %f0 - ld [$ivec + 4], %f1 - ld [$ivec + 8], %f2 - ld [$ivec + 12], %f3 -___ -$::code.=<<___; - prefetch [$inp], 20 - prefetch [$inp + 63], 20 - call _${alg}${bits}_load_enckey - and $inp, 7, $ileft - andn $inp, 7, $inp - sll $ileft, 3, $ileft - mov 64, $iright - mov 0xff, $omask - sub $iright, $ileft, $iright - and $out, 7, $ooff - cmp $len, 127 - movrnz $ooff, 0, $blk_init ! if ( $out&7 || - movleu $::size_t_cc, 0, $blk_init ! $len<128 || - brnz,pn $blk_init, .L${bits}cbc_enc_blk ! $inp==$out) - srl $omask, $ooff, $omask - - alignaddrl $out, %g0, $out - srlx $len, 4, $len - prefetch [$out], 22 - -.L${bits}_cbc_enc_loop: - ldx [$inp + 0], %o0 - brz,pt $ileft, 4f - ldx [$inp + 8], %o1 - - ldx [$inp + 16], %o2 - sllx %o0, $ileft, %o0 - srlx %o1, $iright, %g1 - sllx %o1, $ileft, %o1 - or %g1, %o0, %o0 - srlx %o2, $iright, %o2 - or %o2, %o1, %o1 -4: - xor %g4, %o0, %o0 ! ^= rk[0] - xor %g5, %o1, %o1 - movxtod %o0, %f12 - movxtod %o1, %f14 - - fxor %f12, %f0, %f0 ! ^= ivec - fxor %f14, %f2, %f2 - prefetch [$out + 63], 22 - prefetch [$inp + 16+63], 20 - call _${alg}${bits}_encrypt_1x - add $inp, 16, $inp - - brnz,pn $ooff, 2f - sub $len, 1, $len - - std %f0, [$out + 0] - std %f2, [$out + 8] - brnz,pt $len, .L${bits}_cbc_enc_loop - add $out, 16, $out -___ -$::code.=<<___ if ($::evp); - st %f0, [$ivec + 0] - st %f1, [$ivec + 4] - st %f2, [$ivec + 8] - st %f3, [$ivec + 12] -___ -$::code.=<<___ if (!$::evp); - brnz,pn $ivoff, 3f - nop - - std %f0, [$ivec + 0] ! write out ivec - std %f2, [$ivec + 8] -___ -$::code.=<<___; -.L${bits}_cbc_enc_abort: - ret - restore - -.align 16 -2: ldxa [$inp]0x82, %o0 ! avoid read-after-write hazard - ! and ~3x deterioration - ! in inp==out case - faligndata %f0, %f0, %f4 ! handle unaligned output - faligndata %f0, %f2, %f6 - faligndata %f2, %f2, %f8 - - stda %f4, [$out + $omask]0xc0 ! partial store - std %f6, [$out + 8] - add $out, 16, $out - orn %g0, $omask, $omask - stda %f8, [$out + $omask]0xc0 ! partial store - - brnz,pt $len, .L${bits}_cbc_enc_loop+4 - orn %g0, $omask, $omask -___ -$::code.=<<___ if ($::evp); - st %f0, [$ivec + 0] - st %f1, [$ivec + 4] - st %f2, [$ivec + 8] - st %f3, [$ivec + 12] -___ -$::code.=<<___ if (!$::evp); - brnz,pn $ivoff, 3f - nop - - std %f0, [$ivec + 0] ! write out ivec - std %f2, [$ivec + 8] - ret - restore - -.align 16 -3: alignaddrl $ivec, $ivoff, %g0 ! handle unaligned ivec - mov 0xff, $omask - srl $omask, $ivoff, $omask - faligndata %f0, %f0, %f4 - faligndata %f0, %f2, %f6 - faligndata %f2, %f2, %f8 - stda %f4, [$ivec + $omask]0xc0 - std %f6, [$ivec + 8] - add $ivec, 16, $ivec - orn %g0, $omask, $omask - stda %f8, [$ivec + $omask]0xc0 -___ -$::code.=<<___; - ret - restore - -!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! -.align 32 -.L${bits}cbc_enc_blk: - add $out, $len, $blk_init - and $blk_init, 63, $blk_init ! tail - sub $len, $blk_init, $len - add $blk_init, 15, $blk_init ! round up to 16n - srlx $len, 4, $len - srl $blk_init, 4, $blk_init - -.L${bits}_cbc_enc_blk_loop: - ldx [$inp + 0], %o0 - brz,pt $ileft, 5f - ldx [$inp + 8], %o1 - - ldx [$inp + 16], %o2 - sllx %o0, $ileft, %o0 - srlx %o1, $iright, %g1 - sllx %o1, $ileft, %o1 - or %g1, %o0, %o0 - srlx %o2, $iright, %o2 - or %o2, %o1, %o1 -5: - xor %g4, %o0, %o0 ! ^= rk[0] - xor %g5, %o1, %o1 - movxtod %o0, %f12 - movxtod %o1, %f14 - - fxor %f12, %f0, %f0 ! ^= ivec - fxor %f14, %f2, %f2 - prefetch [$inp + 16+63], 20 - call _${alg}${bits}_encrypt_1x - add $inp, 16, $inp - sub $len, 1, $len - - stda %f0, [$out]0xe2 ! ASI_BLK_INIT, T4-specific - add $out, 8, $out - stda %f2, [$out]0xe2 ! ASI_BLK_INIT, T4-specific - brnz,pt $len, .L${bits}_cbc_enc_blk_loop - add $out, 8, $out - - membar #StoreLoad|#StoreStore - brnz,pt $blk_init, .L${bits}_cbc_enc_loop - mov $blk_init, $len -___ -$::code.=<<___ if ($::evp); - st %f0, [$ivec + 0] - st %f1, [$ivec + 4] - st %f2, [$ivec + 8] - st %f3, [$ivec + 12] -___ -$::code.=<<___ if (!$::evp); - brnz,pn $ivoff, 3b - nop - - std %f0, [$ivec + 0] ! write out ivec - std %f2, [$ivec + 8] -___ -$::code.=<<___; - ret - restore -.type ${alg}${bits}_t4_cbc_encrypt,#function -.size ${alg}${bits}_t4_cbc_encrypt,.-${alg}${bits}_t4_cbc_encrypt -___ -} - -sub alg_cbc_decrypt_implement { -my ($alg,$bits) = @_; - -$::code.=<<___; -.globl ${alg}${bits}_t4_cbc_decrypt -.align 32 -${alg}${bits}_t4_cbc_decrypt: - save %sp, -$::frame, %sp - cmp $len, 0 - be,pn $::size_t_cc, .L${bits}_cbc_dec_abort - srln $len, 0, $len ! needed on v8+, "nop" on v9 - sub $inp, $out, $blk_init ! $inp!=$out -___ -$::code.=<<___ if (!$::evp); - andcc $ivec, 7, $ivoff - alignaddr $ivec, %g0, $ivec - - ldd [$ivec + 0], %f12 ! load ivec - bz,pt %icc, 1f - ldd [$ivec + 8], %f14 - ldd [$ivec + 16], %f0 - faligndata %f12, %f14, %f12 - faligndata %f14, %f0, %f14 -1: -___ -$::code.=<<___ if ($::evp); - ld [$ivec + 0], %f12 ! load ivec - ld [$ivec + 4], %f13 - ld [$ivec + 8], %f14 - ld [$ivec + 12], %f15 -___ -$::code.=<<___; - prefetch [$inp], 20 - prefetch [$inp + 63], 20 - call _${alg}${bits}_load_deckey - and $inp, 7, $ileft - andn $inp, 7, $inp - sll $ileft, 3, $ileft - mov 64, $iright - mov 0xff, $omask - sub $iright, $ileft, $iright - and $out, 7, $ooff - cmp $len, 255 - movrnz $ooff, 0, $blk_init ! if ( $out&7 || - movleu $::size_t_cc, 0, $blk_init ! $len<256 || - brnz,pn $blk_init, .L${bits}cbc_dec_blk ! $inp==$out) - srl $omask, $ooff, $omask - - andcc $len, 16, %g0 ! is number of blocks even? - srlx $len, 4, $len - alignaddrl $out, %g0, $out - bz %icc, .L${bits}_cbc_dec_loop2x - prefetch [$out], 22 -.L${bits}_cbc_dec_loop: - ldx [$inp + 0], %o0 - brz,pt $ileft, 4f - ldx [$inp + 8], %o1 - - ldx [$inp + 16], %o2 - sllx %o0, $ileft, %o0 - srlx %o1, $iright, %g1 - sllx %o1, $ileft, %o1 - or %g1, %o0, %o0 - srlx %o2, $iright, %o2 - or %o2, %o1, %o1 -4: - xor %g4, %o0, %o2 ! ^= rk[0] - xor %g5, %o1, %o3 - movxtod %o2, %f0 - movxtod %o3, %f2 - - prefetch [$out + 63], 22 - prefetch [$inp + 16+63], 20 - call _${alg}${bits}_decrypt_1x - add $inp, 16, $inp - - fxor %f12, %f0, %f0 ! ^= ivec - fxor %f14, %f2, %f2 - movxtod %o0, %f12 - movxtod %o1, %f14 - - brnz,pn $ooff, 2f - sub $len, 1, $len - - std %f0, [$out + 0] - std %f2, [$out + 8] - brnz,pt $len, .L${bits}_cbc_dec_loop2x - add $out, 16, $out -___ -$::code.=<<___ if ($::evp); - st %f12, [$ivec + 0] - st %f13, [$ivec + 4] - st %f14, [$ivec + 8] - st %f15, [$ivec + 12] -___ -$::code.=<<___ if (!$::evp); - brnz,pn $ivoff, .L${bits}_cbc_dec_unaligned_ivec - nop - - std %f12, [$ivec + 0] ! write out ivec - std %f14, [$ivec + 8] -___ -$::code.=<<___; -.L${bits}_cbc_dec_abort: - ret - restore - -.align 16 -2: ldxa [$inp]0x82, %o0 ! avoid read-after-write hazard - ! and ~3x deterioration - ! in inp==out case - faligndata %f0, %f0, %f4 ! handle unaligned output - faligndata %f0, %f2, %f6 - faligndata %f2, %f2, %f8 - - stda %f4, [$out + $omask]0xc0 ! partial store - std %f6, [$out + 8] - add $out, 16, $out - orn %g0, $omask, $omask - stda %f8, [$out + $omask]0xc0 ! partial store - - brnz,pt $len, .L${bits}_cbc_dec_loop2x+4 - orn %g0, $omask, $omask -___ -$::code.=<<___ if ($::evp); - st %f12, [$ivec + 0] - st %f13, [$ivec + 4] - st %f14, [$ivec + 8] - st %f15, [$ivec + 12] -___ -$::code.=<<___ if (!$::evp); - brnz,pn $ivoff, .L${bits}_cbc_dec_unaligned_ivec - nop - - std %f12, [$ivec + 0] ! write out ivec - std %f14, [$ivec + 8] -___ -$::code.=<<___; - ret - restore - -!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! -.align 32 -.L${bits}_cbc_dec_loop2x: - ldx [$inp + 0], %o0 - ldx [$inp + 8], %o1 - ldx [$inp + 16], %o2 - brz,pt $ileft, 4f - ldx [$inp + 24], %o3 - - ldx [$inp + 32], %o4 - sllx %o0, $ileft, %o0 - srlx %o1, $iright, %g1 - or %g1, %o0, %o0 - sllx %o1, $ileft, %o1 - srlx %o2, $iright, %g1 - or %g1, %o1, %o1 - sllx %o2, $ileft, %o2 - srlx %o3, $iright, %g1 - or %g1, %o2, %o2 - sllx %o3, $ileft, %o3 - srlx %o4, $iright, %o4 - or %o4, %o3, %o3 -4: - xor %g4, %o0, %o4 ! ^= rk[0] - xor %g5, %o1, %o5 - movxtod %o4, %f0 - movxtod %o5, %f2 - xor %g4, %o2, %o4 - xor %g5, %o3, %o5 - movxtod %o4, %f4 - movxtod %o5, %f6 - - prefetch [$out + 63], 22 - prefetch [$inp + 32+63], 20 - call _${alg}${bits}_decrypt_2x - add $inp, 32, $inp - - movxtod %o0, %f8 - movxtod %o1, %f10 - fxor %f12, %f0, %f0 ! ^= ivec - fxor %f14, %f2, %f2 - movxtod %o2, %f12 - movxtod %o3, %f14 - fxor %f8, %f4, %f4 - fxor %f10, %f6, %f6 - - brnz,pn $ooff, 2f - sub $len, 2, $len - - std %f0, [$out + 0] - std %f2, [$out + 8] - std %f4, [$out + 16] - std %f6, [$out + 24] - brnz,pt $len, .L${bits}_cbc_dec_loop2x - add $out, 32, $out -___ -$::code.=<<___ if ($::evp); - st %f12, [$ivec + 0] - st %f13, [$ivec + 4] - st %f14, [$ivec + 8] - st %f15, [$ivec + 12] -___ -$::code.=<<___ if (!$::evp); - brnz,pn $ivoff, .L${bits}_cbc_dec_unaligned_ivec - nop - - std %f12, [$ivec + 0] ! write out ivec - std %f14, [$ivec + 8] -___ -$::code.=<<___; - ret - restore - -.align 16 -2: ldxa [$inp]0x82, %o0 ! avoid read-after-write hazard - ! and ~3x deterioration - ! in inp==out case - faligndata %f0, %f0, %f8 ! handle unaligned output - faligndata %f0, %f2, %f0 - faligndata %f2, %f4, %f2 - faligndata %f4, %f6, %f4 - faligndata %f6, %f6, %f6 - stda %f8, [$out + $omask]0xc0 ! partial store - std %f0, [$out + 8] - std %f2, [$out + 16] - std %f4, [$out + 24] - add $out, 32, $out - orn %g0, $omask, $omask - stda %f6, [$out + $omask]0xc0 ! partial store - - brnz,pt $len, .L${bits}_cbc_dec_loop2x+4 - orn %g0, $omask, $omask -___ -$::code.=<<___ if ($::evp); - st %f12, [$ivec + 0] - st %f13, [$ivec + 4] - st %f14, [$ivec + 8] - st %f15, [$ivec + 12] -___ -$::code.=<<___ if (!$::evp); - brnz,pn $ivoff, .L${bits}_cbc_dec_unaligned_ivec - nop - - std %f12, [$ivec + 0] ! write out ivec - std %f14, [$ivec + 8] - ret - restore - -.align 16 -.L${bits}_cbc_dec_unaligned_ivec: - alignaddrl $ivec, $ivoff, %g0 ! handle unaligned ivec - mov 0xff, $omask - srl $omask, $ivoff, $omask - faligndata %f12, %f12, %f0 - faligndata %f12, %f14, %f2 - faligndata %f14, %f14, %f4 - stda %f0, [$ivec + $omask]0xc0 - std %f2, [$ivec + 8] - add $ivec, 16, $ivec - orn %g0, $omask, $omask - stda %f4, [$ivec + $omask]0xc0 -___ -$::code.=<<___; - ret - restore - -!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! -.align 32 -.L${bits}cbc_dec_blk: - add $out, $len, $blk_init - and $blk_init, 63, $blk_init ! tail - sub $len, $blk_init, $len - add $blk_init, 15, $blk_init ! round up to 16n - srlx $len, 4, $len - srl $blk_init, 4, $blk_init - sub $len, 1, $len - add $blk_init, 1, $blk_init - -.L${bits}_cbc_dec_blk_loop2x: - ldx [$inp + 0], %o0 - ldx [$inp + 8], %o1 - ldx [$inp + 16], %o2 - brz,pt $ileft, 5f - ldx [$inp + 24], %o3 - - ldx [$inp + 32], %o4 - sllx %o0, $ileft, %o0 - srlx %o1, $iright, %g1 - or %g1, %o0, %o0 - sllx %o1, $ileft, %o1 - srlx %o2, $iright, %g1 - or %g1, %o1, %o1 - sllx %o2, $ileft, %o2 - srlx %o3, $iright, %g1 - or %g1, %o2, %o2 - sllx %o3, $ileft, %o3 - srlx %o4, $iright, %o4 - or %o4, %o3, %o3 -5: - xor %g4, %o0, %o4 ! ^= rk[0] - xor %g5, %o1, %o5 - movxtod %o4, %f0 - movxtod %o5, %f2 - xor %g4, %o2, %o4 - xor %g5, %o3, %o5 - movxtod %o4, %f4 - movxtod %o5, %f6 - - prefetch [$inp + 32+63], 20 - call _${alg}${bits}_decrypt_2x - add $inp, 32, $inp - subcc $len, 2, $len - - movxtod %o0, %f8 - movxtod %o1, %f10 - fxor %f12, %f0, %f0 ! ^= ivec - fxor %f14, %f2, %f2 - movxtod %o2, %f12 - movxtod %o3, %f14 - fxor %f8, %f4, %f4 - fxor %f10, %f6, %f6 - - stda %f0, [$out]0xe2 ! ASI_BLK_INIT, T4-specific - add $out, 8, $out - stda %f2, [$out]0xe2 ! ASI_BLK_INIT, T4-specific - add $out, 8, $out - stda %f4, [$out]0xe2 ! ASI_BLK_INIT, T4-specific - add $out, 8, $out - stda %f6, [$out]0xe2 ! ASI_BLK_INIT, T4-specific - bgu,pt $::size_t_cc, .L${bits}_cbc_dec_blk_loop2x - add $out, 8, $out - - add $blk_init, $len, $len - andcc $len, 1, %g0 ! is number of blocks even? - membar #StoreLoad|#StoreStore - bnz,pt %icc, .L${bits}_cbc_dec_loop - srl $len, 0, $len - brnz,pn $len, .L${bits}_cbc_dec_loop2x - nop -___ -$::code.=<<___ if ($::evp); - st %f12, [$ivec + 0] ! write out ivec - st %f13, [$ivec + 4] - st %f14, [$ivec + 8] - st %f15, [$ivec + 12] -___ -$::code.=<<___ if (!$::evp); - brnz,pn $ivoff, 3b - nop - - std %f12, [$ivec + 0] ! write out ivec - std %f14, [$ivec + 8] -___ -$::code.=<<___; - ret - restore -.type ${alg}${bits}_t4_cbc_decrypt,#function -.size ${alg}${bits}_t4_cbc_decrypt,.-${alg}${bits}_t4_cbc_decrypt -___ -} - -sub alg_ctr32_implement { -my ($alg,$bits) = @_; - -$::code.=<<___; -.globl ${alg}${bits}_t4_ctr32_encrypt -.align 32 -${alg}${bits}_t4_ctr32_encrypt: - save %sp, -$::frame, %sp - srln $len, 0, $len ! needed on v8+, "nop" on v9 - - prefetch [$inp], 20 - prefetch [$inp + 63], 20 - call _${alg}${bits}_load_enckey - sllx $len, 4, $len - - ld [$ivec + 0], %l4 ! counter - ld [$ivec + 4], %l5 - ld [$ivec + 8], %l6 - ld [$ivec + 12], %l7 - - sllx %l4, 32, %o5 - or %l5, %o5, %o5 - sllx %l6, 32, %g1 - xor %o5, %g4, %g4 ! ^= rk[0] - xor %g1, %g5, %g5 - movxtod %g4, %f14 ! most significant 64 bits - - sub $inp, $out, $blk_init ! $inp!=$out - and $inp, 7, $ileft - andn $inp, 7, $inp - sll $ileft, 3, $ileft - mov 64, $iright - mov 0xff, $omask - sub $iright, $ileft, $iright - and $out, 7, $ooff - cmp $len, 255 - movrnz $ooff, 0, $blk_init ! if ( $out&7 || - movleu $::size_t_cc, 0, $blk_init ! $len<256 || - brnz,pn $blk_init, .L${bits}_ctr32_blk ! $inp==$out) - srl $omask, $ooff, $omask - - andcc $len, 16, %g0 ! is number of blocks even? - alignaddrl $out, %g0, $out - bz %icc, .L${bits}_ctr32_loop2x - srlx $len, 4, $len -.L${bits}_ctr32_loop: - ldx [$inp + 0], %o0 - brz,pt $ileft, 4f - ldx [$inp + 8], %o1 - - ldx [$inp + 16], %o2 - sllx %o0, $ileft, %o0 - srlx %o1, $iright, %g1 - sllx %o1, $ileft, %o1 - or %g1, %o0, %o0 - srlx %o2, $iright, %o2 - or %o2, %o1, %o1 -4: - xor %g5, %l7, %g1 ! ^= rk[0] - add %l7, 1, %l7 - movxtod %g1, %f2 - srl %l7, 0, %l7 ! clruw - prefetch [$out + 63], 22 - prefetch [$inp + 16+63], 20 -___ -$::code.=<<___ if ($alg eq "aes"); - aes_eround01 %f16, %f14, %f2, %f4 - aes_eround23 %f18, %f14, %f2, %f2 -___ -$::code.=<<___ if ($alg eq "cmll"); - camellia_f %f16, %f2, %f14, %f2 - camellia_f %f18, %f14, %f2, %f0 -___ -$::code.=<<___; - call _${alg}${bits}_encrypt_1x+8 - add $inp, 16, $inp - - movxtod %o0, %f10 - movxtod %o1, %f12 - fxor %f10, %f0, %f0 ! ^= inp - fxor %f12, %f2, %f2 - - brnz,pn $ooff, 2f - sub $len, 1, $len - - std %f0, [$out + 0] - std %f2, [$out + 8] - brnz,pt $len, .L${bits}_ctr32_loop2x - add $out, 16, $out - - ret - restore - -.align 16 -2: ldxa [$inp]0x82, %o0 ! avoid read-after-write hazard - ! and ~3x deterioration - ! in inp==out case - faligndata %f0, %f0, %f4 ! handle unaligned output - faligndata %f0, %f2, %f6 - faligndata %f2, %f2, %f8 - stda %f4, [$out + $omask]0xc0 ! partial store - std %f6, [$out + 8] - add $out, 16, $out - orn %g0, $omask, $omask - stda %f8, [$out + $omask]0xc0 ! partial store - - brnz,pt $len, .L${bits}_ctr32_loop2x+4 - orn %g0, $omask, $omask - - ret - restore - -!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! -.align 32 -.L${bits}_ctr32_loop2x: - ldx [$inp + 0], %o0 - ldx [$inp + 8], %o1 - ldx [$inp + 16], %o2 - brz,pt $ileft, 4f - ldx [$inp + 24], %o3 - - ldx [$inp + 32], %o4 - sllx %o0, $ileft, %o0 - srlx %o1, $iright, %g1 - or %g1, %o0, %o0 - sllx %o1, $ileft, %o1 - srlx %o2, $iright, %g1 - or %g1, %o1, %o1 - sllx %o2, $ileft, %o2 - srlx %o3, $iright, %g1 - or %g1, %o2, %o2 - sllx %o3, $ileft, %o3 - srlx %o4, $iright, %o4 - or %o4, %o3, %o3 -4: - xor %g5, %l7, %g1 ! ^= rk[0] - add %l7, 1, %l7 - movxtod %g1, %f2 - srl %l7, 0, %l7 ! clruw - xor %g5, %l7, %g1 - add %l7, 1, %l7 - movxtod %g1, %f6 - srl %l7, 0, %l7 ! clruw - prefetch [$out + 63], 22 - prefetch [$inp + 32+63], 20 -___ -$::code.=<<___ if ($alg eq "aes"); - aes_eround01 %f16, %f14, %f2, %f8 - aes_eround23 %f18, %f14, %f2, %f2 - aes_eround01 %f16, %f14, %f6, %f10 - aes_eround23 %f18, %f14, %f6, %f6 -___ -$::code.=<<___ if ($alg eq "cmll"); - camellia_f %f16, %f2, %f14, %f2 - camellia_f %f16, %f6, %f14, %f6 - camellia_f %f18, %f14, %f2, %f0 - camellia_f %f18, %f14, %f6, %f4 -___ -$::code.=<<___; - call _${alg}${bits}_encrypt_2x+16 - add $inp, 32, $inp - - movxtod %o0, %f8 - movxtod %o1, %f10 - movxtod %o2, %f12 - fxor %f8, %f0, %f0 ! ^= inp - movxtod %o3, %f8 - fxor %f10, %f2, %f2 - fxor %f12, %f4, %f4 - fxor %f8, %f6, %f6 - - brnz,pn $ooff, 2f - sub $len, 2, $len - - std %f0, [$out + 0] - std %f2, [$out + 8] - std %f4, [$out + 16] - std %f6, [$out + 24] - brnz,pt $len, .L${bits}_ctr32_loop2x - add $out, 32, $out - - ret - restore - -.align 16 -2: ldxa [$inp]0x82, %o0 ! avoid read-after-write hazard - ! and ~3x deterioration - ! in inp==out case - faligndata %f0, %f0, %f8 ! handle unaligned output - faligndata %f0, %f2, %f0 - faligndata %f2, %f4, %f2 - faligndata %f4, %f6, %f4 - faligndata %f6, %f6, %f6 - - stda %f8, [$out + $omask]0xc0 ! partial store - std %f0, [$out + 8] - std %f2, [$out + 16] - std %f4, [$out + 24] - add $out, 32, $out - orn %g0, $omask, $omask - stda %f6, [$out + $omask]0xc0 ! partial store - - brnz,pt $len, .L${bits}_ctr32_loop2x+4 - orn %g0, $omask, $omask - - ret - restore - -!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! -.align 32 -.L${bits}_ctr32_blk: - add $out, $len, $blk_init - and $blk_init, 63, $blk_init ! tail - sub $len, $blk_init, $len - add $blk_init, 15, $blk_init ! round up to 16n - srlx $len, 4, $len - srl $blk_init, 4, $blk_init - sub $len, 1, $len - add $blk_init, 1, $blk_init - -.L${bits}_ctr32_blk_loop2x: - ldx [$inp + 0], %o0 - ldx [$inp + 8], %o1 - ldx [$inp + 16], %o2 - brz,pt $ileft, 5f - ldx [$inp + 24], %o3 - - ldx [$inp + 32], %o4 - sllx %o0, $ileft, %o0 - srlx %o1, $iright, %g1 - or %g1, %o0, %o0 - sllx %o1, $ileft, %o1 - srlx %o2, $iright, %g1 - or %g1, %o1, %o1 - sllx %o2, $ileft, %o2 - srlx %o3, $iright, %g1 - or %g1, %o2, %o2 - sllx %o3, $ileft, %o3 - srlx %o4, $iright, %o4 - or %o4, %o3, %o3 -5: - xor %g5, %l7, %g1 ! ^= rk[0] - add %l7, 1, %l7 - movxtod %g1, %f2 - srl %l7, 0, %l7 ! clruw - xor %g5, %l7, %g1 - add %l7, 1, %l7 - movxtod %g1, %f6 - srl %l7, 0, %l7 ! clruw - prefetch [$inp + 32+63], 20 -___ -$::code.=<<___ if ($alg eq "aes"); - aes_eround01 %f16, %f14, %f2, %f8 - aes_eround23 %f18, %f14, %f2, %f2 - aes_eround01 %f16, %f14, %f6, %f10 - aes_eround23 %f18, %f14, %f6, %f6 -___ -$::code.=<<___ if ($alg eq "cmll"); - camellia_f %f16, %f2, %f14, %f2 - camellia_f %f16, %f6, %f14, %f6 - camellia_f %f18, %f14, %f2, %f0 - camellia_f %f18, %f14, %f6, %f4 -___ -$::code.=<<___; - call _${alg}${bits}_encrypt_2x+16 - add $inp, 32, $inp - subcc $len, 2, $len - - movxtod %o0, %f8 - movxtod %o1, %f10 - movxtod %o2, %f12 - fxor %f8, %f0, %f0 ! ^= inp - movxtod %o3, %f8 - fxor %f10, %f2, %f2 - fxor %f12, %f4, %f4 - fxor %f8, %f6, %f6 - - stda %f0, [$out]0xe2 ! ASI_BLK_INIT, T4-specific - add $out, 8, $out - stda %f2, [$out]0xe2 ! ASI_BLK_INIT, T4-specific - add $out, 8, $out - stda %f4, [$out]0xe2 ! ASI_BLK_INIT, T4-specific - add $out, 8, $out - stda %f6, [$out]0xe2 ! ASI_BLK_INIT, T4-specific - bgu,pt $::size_t_cc, .L${bits}_ctr32_blk_loop2x - add $out, 8, $out - - add $blk_init, $len, $len - andcc $len, 1, %g0 ! is number of blocks even? - membar #StoreLoad|#StoreStore - bnz,pt %icc, .L${bits}_ctr32_loop - srl $len, 0, $len - brnz,pn $len, .L${bits}_ctr32_loop2x - nop - - ret - restore -.type ${alg}${bits}_t4_ctr32_encrypt,#function -.size ${alg}${bits}_t4_ctr32_encrypt,.-${alg}${bits}_t4_ctr32_encrypt -___ -} - -sub alg_xts_implement { -my ($alg,$bits,$dir) = @_; -my ($inp,$out,$len,$key1,$key2,$ivec)=map("%i$_",(0..5)); -my $rem=$ivec; - -$::code.=<<___; -.globl ${alg}${bits}_t4_xts_${dir}crypt -.align 32 -${alg}${bits}_t4_xts_${dir}crypt: - save %sp, -$::frame-16, %sp - srln $len, 0, $len ! needed on v8+, "nop" on v9 - - mov $ivec, %o0 - add %fp, $::bias-16, %o1 - call ${alg}_t4_encrypt - mov $key2, %o2 - - add %fp, $::bias-16, %l7 - ldxa [%l7]0x88, %g2 - add %fp, $::bias-8, %l7 - ldxa [%l7]0x88, %g3 ! %g3:%g2 is tweak - - sethi %hi(0x76543210), %l7 - or %l7, %lo(0x76543210), %l7 - bmask %l7, %g0, %g0 ! byte swap mask - - prefetch [$inp], 20 - prefetch [$inp + 63], 20 - call _${alg}${bits}_load_${dir}ckey - and $len, 15, $rem - and $len, -16, $len -___ -$code.=<<___ if ($dir eq "de"); - mov 0, %l7 - movrnz $rem, 16, %l7 - sub $len, %l7, $len -___ -$code.=<<___; - - sub $inp, $out, $blk_init ! $inp!=$out - and $inp, 7, $ileft - andn $inp, 7, $inp - sll $ileft, 3, $ileft - mov 64, $iright - mov 0xff, $omask - sub $iright, $ileft, $iright - and $out, 7, $ooff - cmp $len, 255 - movrnz $ooff, 0, $blk_init ! if ( $out&7 || - movleu $::size_t_cc, 0, $blk_init ! $len<256 || - brnz,pn $blk_init, .L${bits}_xts_${dir}blk ! $inp==$out) - srl $omask, $ooff, $omask - - andcc $len, 16, %g0 ! is number of blocks even? -___ -$code.=<<___ if ($dir eq "de"); - brz,pn $len, .L${bits}_xts_${dir}steal -___ -$code.=<<___; - alignaddrl $out, %g0, $out - bz %icc, .L${bits}_xts_${dir}loop2x - srlx $len, 4, $len -.L${bits}_xts_${dir}loop: - ldx [$inp + 0], %o0 - brz,pt $ileft, 4f - ldx [$inp + 8], %o1 - - ldx [$inp + 16], %o2 - sllx %o0, $ileft, %o0 - srlx %o1, $iright, %g1 - sllx %o1, $ileft, %o1 - or %g1, %o0, %o0 - srlx %o2, $iright, %o2 - or %o2, %o1, %o1 -4: - movxtod %g2, %f12 - movxtod %g3, %f14 - bshuffle %f12, %f12, %f12 - bshuffle %f14, %f14, %f14 - - xor %g4, %o0, %o0 ! ^= rk[0] - xor %g5, %o1, %o1 - movxtod %o0, %f0 - movxtod %o1, %f2 - - fxor %f12, %f0, %f0 ! ^= tweak[0] - fxor %f14, %f2, %f2 - - prefetch [$out + 63], 22 - prefetch [$inp + 16+63], 20 - call _${alg}${bits}_${dir}crypt_1x - add $inp, 16, $inp - - fxor %f12, %f0, %f0 ! ^= tweak[0] - fxor %f14, %f2, %f2 - - srax %g3, 63, %l7 ! next tweak value - addcc %g2, %g2, %g2 - and %l7, 0x87, %l7 - addxc %g3, %g3, %g3 - xor %l7, %g2, %g2 - - brnz,pn $ooff, 2f - sub $len, 1, $len - - std %f0, [$out + 0] - std %f2, [$out + 8] - brnz,pt $len, .L${bits}_xts_${dir}loop2x - add $out, 16, $out - - brnz,pn $rem, .L${bits}_xts_${dir}steal - nop - - ret - restore - -.align 16 -2: ldxa [$inp]0x82, %o0 ! avoid read-after-write hazard - ! and ~3x deterioration - ! in inp==out case - faligndata %f0, %f0, %f4 ! handle unaligned output - faligndata %f0, %f2, %f6 - faligndata %f2, %f2, %f8 - stda %f4, [$out + $omask]0xc0 ! partial store - std %f6, [$out + 8] - add $out, 16, $out - orn %g0, $omask, $omask - stda %f8, [$out + $omask]0xc0 ! partial store - - brnz,pt $len, .L${bits}_xts_${dir}loop2x+4 - orn %g0, $omask, $omask - - brnz,pn $rem, .L${bits}_xts_${dir}steal - nop - - ret - restore - -!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! -.align 32 -.L${bits}_xts_${dir}loop2x: - ldx [$inp + 0], %o0 - ldx [$inp + 8], %o1 - ldx [$inp + 16], %o2 - brz,pt $ileft, 4f - ldx [$inp + 24], %o3 - - ldx [$inp + 32], %o4 - sllx %o0, $ileft, %o0 - srlx %o1, $iright, %g1 - or %g1, %o0, %o0 - sllx %o1, $ileft, %o1 - srlx %o2, $iright, %g1 - or %g1, %o1, %o1 - sllx %o2, $ileft, %o2 - srlx %o3, $iright, %g1 - or %g1, %o2, %o2 - sllx %o3, $ileft, %o3 - srlx %o4, $iright, %o4 - or %o4, %o3, %o3 -4: - movxtod %g2, %f12 - movxtod %g3, %f14 - bshuffle %f12, %f12, %f12 - bshuffle %f14, %f14, %f14 - - srax %g3, 63, %l7 ! next tweak value - addcc %g2, %g2, %g2 - and %l7, 0x87, %l7 - addxc %g3, %g3, %g3 - xor %l7, %g2, %g2 - - movxtod %g2, %f8 - movxtod %g3, %f10 - bshuffle %f8, %f8, %f8 - bshuffle %f10, %f10, %f10 - - xor %g4, %o0, %o0 ! ^= rk[0] - xor %g5, %o1, %o1 - xor %g4, %o2, %o2 ! ^= rk[0] - xor %g5, %o3, %o3 - movxtod %o0, %f0 - movxtod %o1, %f2 - movxtod %o2, %f4 - movxtod %o3, %f6 - - fxor %f12, %f0, %f0 ! ^= tweak[0] - fxor %f14, %f2, %f2 - fxor %f8, %f4, %f4 ! ^= tweak[0] - fxor %f10, %f6, %f6 - - prefetch [$out + 63], 22 - prefetch [$inp + 32+63], 20 - call _${alg}${bits}_${dir}crypt_2x - add $inp, 32, $inp - - movxtod %g2, %f8 - movxtod %g3, %f10 - - srax %g3, 63, %l7 ! next tweak value - addcc %g2, %g2, %g2 - and %l7, 0x87, %l7 - addxc %g3, %g3, %g3 - xor %l7, %g2, %g2 - - bshuffle %f8, %f8, %f8 - bshuffle %f10, %f10, %f10 - - fxor %f12, %f0, %f0 ! ^= tweak[0] - fxor %f14, %f2, %f2 - fxor %f8, %f4, %f4 - fxor %f10, %f6, %f6 - - brnz,pn $ooff, 2f - sub $len, 2, $len - - std %f0, [$out + 0] - std %f2, [$out + 8] - std %f4, [$out + 16] - std %f6, [$out + 24] - brnz,pt $len, .L${bits}_xts_${dir}loop2x - add $out, 32, $out - - fsrc2 %f4, %f0 - fsrc2 %f6, %f2 - brnz,pn $rem, .L${bits}_xts_${dir}steal - nop - - ret - restore - -.align 16 -2: ldxa [$inp]0x82, %o0 ! avoid read-after-write hazard - ! and ~3x deterioration - ! in inp==out case - faligndata %f0, %f0, %f8 ! handle unaligned output - faligndata %f0, %f2, %f10 - faligndata %f2, %f4, %f12 - faligndata %f4, %f6, %f14 - faligndata %f6, %f6, %f0 - - stda %f8, [$out + $omask]0xc0 ! partial store - std %f10, [$out + 8] - std %f12, [$out + 16] - std %f14, [$out + 24] - add $out, 32, $out - orn %g0, $omask, $omask - stda %f0, [$out + $omask]0xc0 ! partial store - - brnz,pt $len, .L${bits}_xts_${dir}loop2x+4 - orn %g0, $omask, $omask - - fsrc2 %f4, %f0 - fsrc2 %f6, %f2 - brnz,pn $rem, .L${bits}_xts_${dir}steal - nop - - ret - restore - -!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! -.align 32 -.L${bits}_xts_${dir}blk: - add $out, $len, $blk_init - and $blk_init, 63, $blk_init ! tail - sub $len, $blk_init, $len - add $blk_init, 15, $blk_init ! round up to 16n - srlx $len, 4, $len - srl $blk_init, 4, $blk_init - sub $len, 1, $len - add $blk_init, 1, $blk_init - -.L${bits}_xts_${dir}blk2x: - ldx [$inp + 0], %o0 - ldx [$inp + 8], %o1 - ldx [$inp + 16], %o2 - brz,pt $ileft, 5f - ldx [$inp + 24], %o3 - - ldx [$inp + 32], %o4 - sllx %o0, $ileft, %o0 - srlx %o1, $iright, %g1 - or %g1, %o0, %o0 - sllx %o1, $ileft, %o1 - srlx %o2, $iright, %g1 - or %g1, %o1, %o1 - sllx %o2, $ileft, %o2 - srlx %o3, $iright, %g1 - or %g1, %o2, %o2 - sllx %o3, $ileft, %o3 - srlx %o4, $iright, %o4 - or %o4, %o3, %o3 -5: - movxtod %g2, %f12 - movxtod %g3, %f14 - bshuffle %f12, %f12, %f12 - bshuffle %f14, %f14, %f14 - - srax %g3, 63, %l7 ! next tweak value - addcc %g2, %g2, %g2 - and %l7, 0x87, %l7 - addxc %g3, %g3, %g3 - xor %l7, %g2, %g2 - - movxtod %g2, %f8 - movxtod %g3, %f10 - bshuffle %f8, %f8, %f8 - bshuffle %f10, %f10, %f10 - - xor %g4, %o0, %o0 ! ^= rk[0] - xor %g5, %o1, %o1 - xor %g4, %o2, %o2 ! ^= rk[0] - xor %g5, %o3, %o3 - movxtod %o0, %f0 - movxtod %o1, %f2 - movxtod %o2, %f4 - movxtod %o3, %f6 - - fxor %f12, %f0, %f0 ! ^= tweak[0] - fxor %f14, %f2, %f2 - fxor %f8, %f4, %f4 ! ^= tweak[0] - fxor %f10, %f6, %f6 - - prefetch [$inp + 32+63], 20 - call _${alg}${bits}_${dir}crypt_2x - add $inp, 32, $inp - - movxtod %g2, %f8 - movxtod %g3, %f10 - - srax %g3, 63, %l7 ! next tweak value - addcc %g2, %g2, %g2 - and %l7, 0x87, %l7 - addxc %g3, %g3, %g3 - xor %l7, %g2, %g2 - - bshuffle %f8, %f8, %f8 - bshuffle %f10, %f10, %f10 - - fxor %f12, %f0, %f0 ! ^= tweak[0] - fxor %f14, %f2, %f2 - fxor %f8, %f4, %f4 - fxor %f10, %f6, %f6 - - subcc $len, 2, $len - stda %f0, [$out]0xe2 ! ASI_BLK_INIT, T4-specific - add $out, 8, $out - stda %f2, [$out]0xe2 ! ASI_BLK_INIT, T4-specific - add $out, 8, $out - stda %f4, [$out]0xe2 ! ASI_BLK_INIT, T4-specific - add $out, 8, $out - stda %f6, [$out]0xe2 ! ASI_BLK_INIT, T4-specific - bgu,pt $::size_t_cc, .L${bits}_xts_${dir}blk2x - add $out, 8, $out - - add $blk_init, $len, $len - andcc $len, 1, %g0 ! is number of blocks even? - membar #StoreLoad|#StoreStore - bnz,pt %icc, .L${bits}_xts_${dir}loop - srl $len, 0, $len - brnz,pn $len, .L${bits}_xts_${dir}loop2x - nop - - fsrc2 %f4, %f0 - fsrc2 %f6, %f2 - brnz,pn $rem, .L${bits}_xts_${dir}steal - nop - - ret - restore -!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! -___ -$code.=<<___ if ($dir eq "en"); -.align 32 -.L${bits}_xts_${dir}steal: - std %f0, [%fp + $::bias-16] ! copy of output - std %f2, [%fp + $::bias-8] - - srl $ileft, 3, $ileft - add %fp, $::bias-16, %l7 - add $inp, $ileft, $inp ! original $inp+$len&-15 - add $out, $ooff, $out ! original $out+$len&-15 - mov 0, $ileft - nop ! align - -.L${bits}_xts_${dir}stealing: - ldub [$inp + $ileft], %o0 - ldub [%l7 + $ileft], %o1 - dec $rem - stb %o0, [%l7 + $ileft] - stb %o1, [$out + $ileft] - brnz $rem, .L${bits}_xts_${dir}stealing - inc $ileft - - mov %l7, $inp - sub $out, 16, $out - mov 0, $ileft - sub $out, $ooff, $out - ba .L${bits}_xts_${dir}loop ! one more time - mov 1, $len ! $rem is 0 -___ -$code.=<<___ if ($dir eq "de"); -.align 32 -.L${bits}_xts_${dir}steal: - ldx [$inp + 0], %o0 - brz,pt $ileft, 8f - ldx [$inp + 8], %o1 - - ldx [$inp + 16], %o2 - sllx %o0, $ileft, %o0 - srlx %o1, $iright, %g1 - sllx %o1, $ileft, %o1 - or %g1, %o0, %o0 - srlx %o2, $iright, %o2 - or %o2, %o1, %o1 -8: - srax %g3, 63, %l7 ! next tweak value - addcc %g2, %g2, %o2 - and %l7, 0x87, %l7 - addxc %g3, %g3, %o3 - xor %l7, %o2, %o2 - - movxtod %o2, %f12 - movxtod %o3, %f14 - bshuffle %f12, %f12, %f12 - bshuffle %f14, %f14, %f14 - - xor %g4, %o0, %o0 ! ^= rk[0] - xor %g5, %o1, %o1 - movxtod %o0, %f0 - movxtod %o1, %f2 - - fxor %f12, %f0, %f0 ! ^= tweak[0] - fxor %f14, %f2, %f2 - - call _${alg}${bits}_${dir}crypt_1x - add $inp, 16, $inp - - fxor %f12, %f0, %f0 ! ^= tweak[0] - fxor %f14, %f2, %f2 - - std %f0, [%fp + $::bias-16] - std %f2, [%fp + $::bias-8] - - srl $ileft, 3, $ileft - add %fp, $::bias-16, %l7 - add $inp, $ileft, $inp ! original $inp+$len&-15 - add $out, $ooff, $out ! original $out+$len&-15 - mov 0, $ileft - add $out, 16, $out - nop ! align - -.L${bits}_xts_${dir}stealing: - ldub [$inp + $ileft], %o0 - ldub [%l7 + $ileft], %o1 - dec $rem - stb %o0, [%l7 + $ileft] - stb %o1, [$out + $ileft] - brnz $rem, .L${bits}_xts_${dir}stealing - inc $ileft - - mov %l7, $inp - sub $out, 16, $out - mov 0, $ileft - sub $out, $ooff, $out - ba .L${bits}_xts_${dir}loop ! one more time - mov 1, $len ! $rem is 0 -___ -$code.=<<___; - ret - restore -.type ${alg}${bits}_t4_xts_${dir}crypt,#function -.size ${alg}${bits}_t4_xts_${dir}crypt,.-${alg}${bits}_t4_xts_${dir}crypt -___ -} - -# Purpose of these subroutines is to explicitly encode VIS instructions, -# so that one can compile the module without having to specify VIS -# extensions on compiler command line, e.g. -xarch=v9 vs. -xarch=v9a. -# Idea is to reserve for option to produce "universal" binary and let -# programmer detect if current CPU is VIS capable at run-time. -sub unvis { -my ($mnemonic,$rs1,$rs2,$rd)=@_; -my ($ref,$opf); -my %visopf = ( "faligndata" => 0x048, - "bshuffle" => 0x04c, - "fnot2" => 0x066, - "fxor" => 0x06c, - "fsrc2" => 0x078 ); - - $ref = "$mnemonic\t$rs1,$rs2,$rd"; - - if ($opf=$visopf{$mnemonic}) { - foreach ($rs1,$rs2,$rd) { - return $ref if (!/%f([0-9]{1,2})/); - $_=$1; - if ($1>=32) { - return $ref if ($1&1); - # re-encode for upper double register addressing - $_=($1|$1>>5)&31; - } - } - - return sprintf ".word\t0x%08x !%s", - 0x81b00000|$rd<<25|$rs1<<14|$opf<<5|$rs2, - $ref; - } else { - return $ref; - } -} - -sub unvis3 { -my ($mnemonic,$rs1,$rs2,$rd)=@_; -my %bias = ( "g" => 0, "o" => 8, "l" => 16, "i" => 24 ); -my ($ref,$opf); -my %visopf = ( "addxc" => 0x011, - "addxccc" => 0x013, - "umulxhi" => 0x016, - "alignaddr" => 0x018, - "bmask" => 0x019, - "alignaddrl" => 0x01a ); - - $ref = "$mnemonic\t$rs1,$rs2,$rd"; - - if ($opf=$visopf{$mnemonic}) { - foreach ($rs1,$rs2,$rd) { - return $ref if (!/%([goli])([0-9])/); - $_=$bias{$1}+$2; - } - - return sprintf ".word\t0x%08x !%s", - 0x81b00000|$rd<<25|$rs1<<14|$opf<<5|$rs2, - $ref; - } else { - return $ref; - } -} - -sub unaes_round { # 4-argument instructions -my ($mnemonic,$rs1,$rs2,$rs3,$rd)=@_; -my ($ref,$opf); -my %aesopf = ( "aes_eround01" => 0, - "aes_eround23" => 1, - "aes_dround01" => 2, - "aes_dround23" => 3, - "aes_eround01_l"=> 4, - "aes_eround23_l"=> 5, - "aes_dround01_l"=> 6, - "aes_dround23_l"=> 7, - "aes_kexpand1" => 8 ); - - $ref = "$mnemonic\t$rs1,$rs2,$rs3,$rd"; - - if (defined($opf=$aesopf{$mnemonic})) { - $rs3 = ($rs3 =~ /%f([0-6]*[02468])/) ? (($1|$1>>5)&31) : $rs3; - foreach ($rs1,$rs2,$rd) { - return $ref if (!/%f([0-9]{1,2})/); - $_=$1; - if ($1>=32) { - return $ref if ($1&1); - # re-encode for upper double register addressing - $_=($1|$1>>5)&31; - } - } - - return sprintf ".word\t0x%08x !%s", - 2<<30|$rd<<25|0x19<<19|$rs1<<14|$rs3<<9|$opf<<5|$rs2, - $ref; - } else { - return $ref; - } -} - -sub unaes_kexpand { # 3-argument instructions -my ($mnemonic,$rs1,$rs2,$rd)=@_; -my ($ref,$opf); -my %aesopf = ( "aes_kexpand0" => 0x130, - "aes_kexpand2" => 0x131 ); - - $ref = "$mnemonic\t$rs1,$rs2,$rd"; - - if (defined($opf=$aesopf{$mnemonic})) { - foreach ($rs1,$rs2,$rd) { - return $ref if (!/%f([0-9]{1,2})/); - $_=$1; - if ($1>=32) { - return $ref if ($1&1); - # re-encode for upper double register addressing - $_=($1|$1>>5)&31; - } - } - - return sprintf ".word\t0x%08x !%s", - 2<<30|$rd<<25|0x36<<19|$rs1<<14|$opf<<5|$rs2, - $ref; - } else { - return $ref; - } -} - -sub uncamellia_f { # 4-argument instructions -my ($mnemonic,$rs1,$rs2,$rs3,$rd)=@_; -my ($ref,$opf); - - $ref = "$mnemonic\t$rs1,$rs2,$rs3,$rd"; - - if (1) { - $rs3 = ($rs3 =~ /%f([0-6]*[02468])/) ? (($1|$1>>5)&31) : $rs3; - foreach ($rs1,$rs2,$rd) { - return $ref if (!/%f([0-9]{1,2})/); - $_=$1; - if ($1>=32) { - return $ref if ($1&1); - # re-encode for upper double register addressing - $_=($1|$1>>5)&31; - } - } - - return sprintf ".word\t0x%08x !%s", - 2<<30|$rd<<25|0x19<<19|$rs1<<14|$rs3<<9|0xc<<5|$rs2, - $ref; - } else { - return $ref; - } -} - -sub uncamellia3 { # 3-argument instructions -my ($mnemonic,$rs1,$rs2,$rd)=@_; -my ($ref,$opf); -my %cmllopf = ( "camellia_fl" => 0x13c, - "camellia_fli" => 0x13d ); - - $ref = "$mnemonic\t$rs1,$rs2,$rd"; - - if (defined($opf=$cmllopf{$mnemonic})) { - foreach ($rs1,$rs2,$rd) { - return $ref if (!/%f([0-9]{1,2})/); - $_=$1; - if ($1>=32) { - return $ref if ($1&1); - # re-encode for upper double register addressing - $_=($1|$1>>5)&31; - } - } - - return sprintf ".word\t0x%08x !%s", - 2<<30|$rd<<25|0x36<<19|$rs1<<14|$opf<<5|$rs2, - $ref; - } else { - return $ref; - } -} - -sub unmovxtox { # 2-argument instructions -my ($mnemonic,$rs,$rd)=@_; -my %bias = ( "g" => 0, "o" => 8, "l" => 16, "i" => 24, "f" => 0 ); -my ($ref,$opf); -my %movxopf = ( "movdtox" => 0x110, - "movstouw" => 0x111, - "movstosw" => 0x113, - "movxtod" => 0x118, - "movwtos" => 0x119 ); - - $ref = "$mnemonic\t$rs,$rd"; - - if (defined($opf=$movxopf{$mnemonic})) { - foreach ($rs,$rd) { - return $ref if (!/%([fgoli])([0-9]{1,2})/); - $_=$bias{$1}+$2; - if ($2>=32) { - return $ref if ($2&1); - # re-encode for upper double register addressing - $_=($2|$2>>5)&31; - } - } - - return sprintf ".word\t0x%08x !%s", - 2<<30|$rd<<25|0x36<<19|$opf<<5|$rs, - $ref; - } else { - return $ref; - } -} - -sub undes { -my ($mnemonic)=shift; -my @args=@_; -my ($ref,$opf); -my %desopf = ( "des_round" => 0b1001, - "des_ip" => 0b100110100, - "des_iip" => 0b100110101, - "des_kexpand" => 0b100110110 ); - - $ref = "$mnemonic\t".join(",",@_); - - if (defined($opf=$desopf{$mnemonic})) { # 4-arg - if ($mnemonic eq "des_round") { - foreach (@args[0..3]) { - return $ref if (!/%f([0-9]{1,2})/); - $_=$1; - if ($1>=32) { - return $ref if ($1&1); - # re-encode for upper double register addressing - $_=($1|$1>>5)&31; - } - } - return sprintf ".word\t0x%08x !%s", - 2<<30|0b011001<<19|$opf<<5|$args[0]<<14|$args[1]|$args[2]<<9|$args[3]<<25, - $ref; - } elsif ($mnemonic eq "des_kexpand") { # 3-arg - foreach (@args[0..2]) { - return $ref if (!/(%f)?([0-9]{1,2})/); - $_=$2; - if ($2>=32) { - return $ref if ($2&1); - # re-encode for upper double register addressing - $_=($2|$2>>5)&31; - } - } - return sprintf ".word\t0x%08x !%s", - 2<<30|0b110110<<19|$opf<<5|$args[0]<<14|$args[1]|$args[2]<<25, - $ref; - } else { # 2-arg - foreach (@args[0..1]) { - return $ref if (!/%f([0-9]{1,2})/); - $_=$1; - if ($1>=32) { - return $ref if ($2&1); - # re-encode for upper double register addressing - $_=($1|$1>>5)&31; - } - } - return sprintf ".word\t0x%08x !%s", - 2<<30|0b110110<<19|$opf<<5|$args[0]<<14|$args[1]<<25, - $ref; - } - } else { - return $ref; - } -} - -sub emit_assembler { - foreach (split("\n",$::code)) { - s/\`([^\`]*)\`/eval $1/ge; - - s/\b(f[a-z]+2[sd]*)\s+(%f[0-9]{1,2}),\s*(%f[0-9]{1,2})\s*$/$1\t%f0,$2,$3/go; - - s/\b(aes_[edk][^\s]*)\s+(%f[0-9]{1,2}),\s*(%f[0-9]{1,2}),\s*([%fx0-9]+),\s*(%f[0-9]{1,2})/ - &unaes_round($1,$2,$3,$4,$5) - /geo or - s/\b(aes_kexpand[02])\s+(%f[0-9]{1,2}),\s*(%f[0-9]{1,2}),\s*(%f[0-9]{1,2})/ - &unaes_kexpand($1,$2,$3,$4) - /geo or - s/\b(camellia_f)\s+(%f[0-9]{1,2}),\s*(%f[0-9]{1,2}),\s*([%fx0-9]+),\s*(%f[0-9]{1,2})/ - &uncamellia_f($1,$2,$3,$4,$5) - /geo or - s/\b(camellia_[^s]+)\s+(%f[0-9]{1,2}),\s*(%f[0-9]{1,2}),\s*(%f[0-9]{1,2})/ - &uncamellia3($1,$2,$3,$4) - /geo or - s/\b(des_\w+)\s+(%f[0-9]{1,2}),\s*([%fx0-9]+)(?:,\s*(%f[0-9]{1,2})(?:,\s*(%f[0-9]{1,2}))?)?/ - &undes($1,$2,$3,$4,$5) - /geo or - s/\b(mov[ds]to\w+)\s+(%f[0-9]{1,2}),\s*(%[goli][0-7])/ - &unmovxtox($1,$2,$3) - /geo or - s/\b(mov[xw]to[ds])\s+(%[goli][0-7]),\s*(%f[0-9]{1,2})/ - &unmovxtox($1,$2,$3) - /geo or - s/\b([fb][^\s]*)\s+(%f[0-9]{1,2}),\s*(%f[0-9]{1,2}),\s*(%f[0-9]{1,2})/ - &unvis($1,$2,$3,$4) - /geo or - s/\b(umulxhi|bmask|addxc[c]{0,2}|alignaddr[l]*)\s+(%[goli][0-7]),\s*(%[goli][0-7]),\s*(%[goli][0-7])/ - &unvis3($1,$2,$3,$4) - /geo; - - print $_,"\n"; - } -} - -1; diff --git a/crypto/perlasm/x86_64-support.pl b/crypto/perlasm/x86_64-support.pl deleted file mode 100644 index 0bacb7186469c862fecc06e65c5986779b335f46..0000000000000000000000000000000000000000 --- a/crypto/perlasm/x86_64-support.pl +++ /dev/null @@ -1,51 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - - -package x86_64support; - -# require "x86_64-support.pl"; -# $ptr_size=&pointer_size($flavour); -# $ptr_reg=&pointer_register($flavour,$reg); - -sub ::pointer_size -{ - my($flavour)=@_; - my $ptr_size=8; $ptr_size=4 if ($flavour eq "elf32"); - return $ptr_size; -} - -sub ::pointer_register -{ - my($flavour,$reg)=@_; - if ($flavour eq "elf32") { - if ($reg eq "%rax") { - return "%eax"; - } elsif ($reg eq "%rbx") { - return "%ebx"; - } elsif ($reg eq "%rcx") { - return "%ecx"; - } elsif ($reg eq "%rdx") { - return "%edx"; - } elsif ($reg eq "%rdi") { - return "%edi"; - } elsif ($reg eq "%rsi") { - return "%esi"; - } elsif ($reg eq "%rbp") { - return "%ebp"; - } elsif ($reg eq "%rsp") { - return "%esp"; - } else { - return $reg."d"; - } - } else { - return $reg; - } -} - -1; diff --git a/crypto/perlasm/x86_64-xlate.pl b/crypto/perlasm/x86_64-xlate.pl deleted file mode 100755 index 1830b255659955a2d3af553b5954eab4237f002e..0000000000000000000000000000000000000000 --- a/crypto/perlasm/x86_64-xlate.pl +++ /dev/null @@ -1,1497 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2005-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - - -# Ascetic x86_64 AT&T to MASM/NASM assembler translator by . -# -# Why AT&T to MASM and not vice versa? Several reasons. Because AT&T -# format is way easier to parse. Because it's simpler to "gear" from -# Unix ABI to Windows one [see cross-reference "card" at the end of -# file]. Because Linux targets were available first... -# -# In addition the script also "distills" code suitable for GNU -# assembler, so that it can be compiled with more rigid assemblers, -# such as Solaris /usr/ccs/bin/as. -# -# This translator is not designed to convert *arbitrary* assembler -# code from AT&T format to MASM one. It's designed to convert just -# enough to provide for dual-ABI OpenSSL modules development... -# There *are* limitations and you might have to modify your assembler -# code or this script to achieve the desired result... -# -# Currently recognized limitations: -# -# - can't use multiple ops per line; -# -# Dual-ABI styling rules. -# -# 1. Adhere to Unix register and stack layout [see cross-reference -# ABI "card" at the end for explanation]. -# 2. Forget about "red zone," stick to more traditional blended -# stack frame allocation. If volatile storage is actually required -# that is. If not, just leave the stack as is. -# 3. Functions tagged with ".type name,@function" get crafted with -# unified Win64 prologue and epilogue automatically. If you want -# to take care of ABI differences yourself, tag functions as -# ".type name,@abi-omnipotent" instead. -# 4. To optimize the Win64 prologue you can specify number of input -# arguments as ".type name,@function,N." Keep in mind that if N is -# larger than 6, then you *have to* write "abi-omnipotent" code, -# because >6 cases can't be addressed with unified prologue. -# 5. Name local labels as .L*, do *not* use dynamic labels such as 1: -# (sorry about latter). -# 6. Don't use [or hand-code with .byte] "rep ret." "ret" mnemonic is -# required to identify the spots, where to inject Win64 epilogue! -# But on the pros, it's then prefixed with rep automatically:-) -# 7. Stick to explicit ip-relative addressing. If you have to use -# GOTPCREL addressing, stick to mov symbol@GOTPCREL(%rip),%r??. -# Both are recognized and translated to proper Win64 addressing -# modes. -# -# 8. In order to provide for structured exception handling unified -# Win64 prologue copies %rsp value to %rax. For further details -# see SEH paragraph at the end. -# 9. .init segment is allowed to contain calls to functions only. -# a. If function accepts more than 4 arguments *and* >4th argument -# is declared as non 64-bit value, do clear its upper part. - - -use strict; - -my $flavour = shift; -my $output = shift; -if ($flavour =~ /\./) { $output = $flavour; undef $flavour; } - -open STDOUT,">$output" || die "can't open $output: $!" - if (defined($output)); - -my $gas=1; $gas=0 if ($output =~ /\.asm$/); -my $elf=1; $elf=0 if (!$gas); -my $win64=0; -my $prefix=""; -my $decor=".L"; - -my $masmref=8 + 50727*2**-32; # 8.00.50727 shipped with VS2005 -my $masm=0; -my $PTR=" PTR"; - -my $nasmref=2.03; -my $nasm=0; - -# GNU as indicator, as opposed to $gas, which indicates acceptable -# syntax -my $gnuas=0; - -if ($flavour eq "mingw64") { $gas=1; $elf=0; $win64=1; - $prefix=`echo __USER_LABEL_PREFIX__ | $ENV{CC} -E -P -`; - $prefix =~ s|\R$||; # Better chomp - } -elsif ($flavour eq "macosx") { $gas=1; $elf=0; $prefix="_"; $decor="L\$"; } -elsif ($flavour eq "masm") { $gas=0; $elf=0; $masm=$masmref; $win64=1; $decor="\$L\$"; } -elsif ($flavour eq "nasm") { $gas=0; $elf=0; $nasm=$nasmref; $win64=1; $decor="\$L\$"; $PTR=""; } -elsif (!$gas) -{ if ($ENV{ASM} =~ m/nasm/ && `nasm -v` =~ m/version ([0-9]+)\.([0-9]+)/i) - { $nasm = $1 + $2*0.01; $PTR=""; } - elsif (`ml64 2>&1` =~ m/Version ([0-9]+)\.([0-9]+)(\.([0-9]+))?/) - { $masm = $1 + $2*2**-16 + $4*2**-32; } - die "no assembler found on %PATH%" if (!($nasm || $masm)); - $win64=1; - $elf=0; - $decor="\$L\$"; -} -# Find out if we're using GNU as -elsif (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1` - =~ /GNU assembler version ([2-9]\.[0-9]+)/) -{ - $gnuas=1; -} -elsif (`$ENV{CC} --version 2>/dev/null` - =~ /clang .*/) -{ - $gnuas=1; -} - -my $cet_property; -if ($flavour =~ /elf/) { - # Always generate .note.gnu.property section for ELF outputs to - # mark Intel CET support since all input files must be marked - # with Intel CET support in order for linker to mark output with - # Intel CET support. - my $p2align=3; $p2align=2 if ($flavour eq "elf32"); - my $section='.note.gnu.property, #alloc'; - $section='".note.gnu.property", "a"' if $gnuas; - $cet_property = <<_____; - .section $section - .p2align $p2align - .long 1f - 0f - .long 4f - 1f - .long 5 -0: - # "GNU" encoded with .byte, since .asciz isn't supported - # on Solaris. - .byte 0x47 - .byte 0x4e - .byte 0x55 - .byte 0 -1: - .p2align $p2align - .long 0xc0000002 - .long 3f - 2f -2: - .long 3 -3: - .p2align $p2align -4: -_____ -} - -my $current_segment; -my $current_function; -my %globals; - -{ package opcode; # pick up opcodes - sub re { - my ($class, $line) = @_; - my $self = {}; - my $ret; - - if ($$line =~ /^([a-z][a-z0-9]*)/i) { - bless $self,$class; - $self->{op} = $1; - $ret = $self; - $$line = substr($$line,@+[0]); $$line =~ s/^\s+//; - - undef $self->{sz}; - if ($self->{op} =~ /^(movz)x?([bw]).*/) { # movz is pain... - $self->{op} = $1; - $self->{sz} = $2; - } elsif ($self->{op} =~ /call|jmp/) { - $self->{sz} = ""; - } elsif ($self->{op} =~ /^p/ && $' !~ /^(ush|op|insrw)/) { # SSEn - $self->{sz} = ""; - } elsif ($self->{op} =~ /^[vk]/) { # VEX or k* such as kmov - $self->{sz} = ""; - } elsif ($self->{op} =~ /mov[dq]/ && $$line =~ /%xmm/) { - $self->{sz} = ""; - } elsif ($self->{op} =~ /([a-z]{3,})([qlwb])$/) { - $self->{op} = $1; - $self->{sz} = $2; - } - } - $ret; - } - sub size { - my ($self, $sz) = @_; - $self->{sz} = $sz if (defined($sz) && !defined($self->{sz})); - $self->{sz}; - } - sub out { - my $self = shift; - if ($gas) { - if ($self->{op} eq "movz") { # movz is pain... - sprintf "%s%s%s",$self->{op},$self->{sz},shift; - } elsif ($self->{op} =~ /^set/) { - "$self->{op}"; - } elsif ($self->{op} eq "ret") { - my $epilogue = ""; - if ($win64 && $current_function->{abi} eq "svr4") { - $epilogue = "movq 8(%rsp),%rdi\n\t" . - "movq 16(%rsp),%rsi\n\t"; - } - $epilogue . ".byte 0xf3,0xc3"; - } elsif ($self->{op} eq "call" && !$elf && $current_segment eq ".init") { - ".p2align\t3\n\t.quad"; - } else { - "$self->{op}$self->{sz}"; - } - } else { - $self->{op} =~ s/^movz/movzx/; - if ($self->{op} eq "ret") { - $self->{op} = ""; - if ($win64 && $current_function->{abi} eq "svr4") { - $self->{op} = "mov rdi,QWORD$PTR\[8+rsp\]\t;WIN64 epilogue\n\t". - "mov rsi,QWORD$PTR\[16+rsp\]\n\t"; - } - $self->{op} .= "DB\t0F3h,0C3h\t\t;repret"; - } elsif ($self->{op} =~ /^(pop|push)f/) { - $self->{op} .= $self->{sz}; - } elsif ($self->{op} eq "call" && $current_segment eq ".CRT\$XCU") { - $self->{op} = "\tDQ"; - } - $self->{op}; - } - } - sub mnemonic { - my ($self, $op) = @_; - $self->{op}=$op if (defined($op)); - $self->{op}; - } -} -{ package const; # pick up constants, which start with $ - sub re { - my ($class, $line) = @_; - my $self = {}; - my $ret; - - if ($$line =~ /^\$([^,]+)/) { - bless $self, $class; - $self->{value} = $1; - $ret = $self; - $$line = substr($$line,@+[0]); $$line =~ s/^\s+//; - } - $ret; - } - sub out { - my $self = shift; - - $self->{value} =~ s/\b(0b[0-1]+)/oct($1)/eig; - if ($gas) { - # Solaris /usr/ccs/bin/as can't handle multiplications - # in $self->{value} - my $value = $self->{value}; - no warnings; # oct might complain about overflow, ignore here... - $value =~ s/(?{value} = $value; - } - sprintf "\$%s",$self->{value}; - } else { - my $value = $self->{value}; - $value =~ s/0x([0-9a-f]+)/0$1h/ig if ($masm); - sprintf "%s",$value; - } - } -} -{ package ea; # pick up effective addresses: expr(%reg,%reg,scale) - - my %szmap = ( b=>"BYTE$PTR", w=>"WORD$PTR", - l=>"DWORD$PTR", d=>"DWORD$PTR", - q=>"QWORD$PTR", o=>"OWORD$PTR", - x=>"XMMWORD$PTR", y=>"YMMWORD$PTR", - z=>"ZMMWORD$PTR" ) if (!$gas); - - sub re { - my ($class, $line, $opcode) = @_; - my $self = {}; - my $ret; - - # optional * ----vvv--- appears in indirect jmp/call - if ($$line =~ /^(\*?)([^\(,]*)\(([%\w,]+)\)((?:{[^}]+})*)/) { - bless $self, $class; - $self->{asterisk} = $1; - $self->{label} = $2; - ($self->{base},$self->{index},$self->{scale})=split(/,/,$3); - $self->{scale} = 1 if (!defined($self->{scale})); - $self->{opmask} = $4; - $ret = $self; - $$line = substr($$line,@+[0]); $$line =~ s/^\s+//; - - if ($win64 && $self->{label} =~ s/\@GOTPCREL//) { - die if ($opcode->mnemonic() ne "mov"); - $opcode->mnemonic("lea"); - } - $self->{base} =~ s/^%//; - $self->{index} =~ s/^%// if (defined($self->{index})); - $self->{opcode} = $opcode; - } - $ret; - } - sub size {} - sub out { - my ($self, $sz) = @_; - - $self->{label} =~ s/([_a-z][_a-z0-9]*)/$globals{$1} or $1/gei; - $self->{label} =~ s/\.L/$decor/g; - - # Silently convert all EAs to 64-bit. This is required for - # elder GNU assembler and results in more compact code, - # *but* most importantly AES module depends on this feature! - $self->{index} =~ s/^[er](.?[0-9xpi])[d]?$/r\1/; - $self->{base} =~ s/^[er](.?[0-9xpi])[d]?$/r\1/; - - # Solaris /usr/ccs/bin/as can't handle multiplications - # in $self->{label}... - use integer; - $self->{label} =~ s/(?{label} =~ s/\b([0-9]+\s*[\*\/\%]\s*[0-9]+)\b/eval($1)/eg; - - # Some assemblers insist on signed presentation of 32-bit - # offsets, but sign extension is a tricky business in perl... - if ((1<<31)<<1) { - $self->{label} =~ s/\b([0-9]+)\b/$1<<32>>32/eg; - } else { - $self->{label} =~ s/\b([0-9]+)\b/$1>>0/eg; - } - - # if base register is %rbp or %r13, see if it's possible to - # flip base and index registers [for better performance] - if (!$self->{label} && $self->{index} && $self->{scale}==1 && - $self->{base} =~ /(rbp|r13)/) { - $self->{base} = $self->{index}; $self->{index} = $1; - } - - if ($gas) { - $self->{label} =~ s/^___imp_/__imp__/ if ($flavour eq "mingw64"); - - if (defined($self->{index})) { - sprintf "%s%s(%s,%%%s,%d)%s", - $self->{asterisk},$self->{label}, - $self->{base}?"%$self->{base}":"", - $self->{index},$self->{scale}, - $self->{opmask}; - } else { - sprintf "%s%s(%%%s)%s", $self->{asterisk},$self->{label}, - $self->{base},$self->{opmask}; - } - } else { - $self->{label} =~ s/\./\$/g; - $self->{label} =~ s/(?{label} = "($self->{label})" if ($self->{label} =~ /[\*\+\-\/]/); - - my $mnemonic = $self->{opcode}->mnemonic(); - ($self->{asterisk}) && ($sz="q") || - ($mnemonic =~ /^v?mov([qd])$/) && ($sz=$1) || - ($mnemonic =~ /^v?pinsr([qdwb])$/) && ($sz=$1) || - ($mnemonic =~ /^vpbroadcast([qdwb])$/) && ($sz=$1) || - ($mnemonic =~ /^v(?!perm)[a-z]+[fi]128$/) && ($sz="x"); - - $self->{opmask} =~ s/%(k[0-7])/$1/; - - if (defined($self->{index})) { - sprintf "%s[%s%s*%d%s]%s",$szmap{$sz}, - $self->{label}?"$self->{label}+":"", - $self->{index},$self->{scale}, - $self->{base}?"+$self->{base}":"", - $self->{opmask}; - } elsif ($self->{base} eq "rip") { - sprintf "%s[%s]",$szmap{$sz},$self->{label}; - } else { - sprintf "%s[%s%s]%s", $szmap{$sz}, - $self->{label}?"$self->{label}+":"", - $self->{base},$self->{opmask}; - } - } - } -} -{ package register; # pick up registers, which start with %. - sub re { - my ($class, $line, $opcode) = @_; - my $self = {}; - my $ret; - - # optional * ----vvv--- appears in indirect jmp/call - if ($$line =~ /^(\*?)%(\w+)((?:{[^}]+})*)/) { - bless $self,$class; - $self->{asterisk} = $1; - $self->{value} = $2; - $self->{opmask} = $3; - $opcode->size($self->size()); - $ret = $self; - $$line = substr($$line,@+[0]); $$line =~ s/^\s+//; - } - $ret; - } - sub size { - my $self = shift; - my $ret; - - if ($self->{value} =~ /^r[\d]+b$/i) { $ret="b"; } - elsif ($self->{value} =~ /^r[\d]+w$/i) { $ret="w"; } - elsif ($self->{value} =~ /^r[\d]+d$/i) { $ret="l"; } - elsif ($self->{value} =~ /^r[\w]+$/i) { $ret="q"; } - elsif ($self->{value} =~ /^[a-d][hl]$/i){ $ret="b"; } - elsif ($self->{value} =~ /^[\w]{2}l$/i) { $ret="b"; } - elsif ($self->{value} =~ /^[\w]{2}$/i) { $ret="w"; } - elsif ($self->{value} =~ /^e[a-z]{2}$/i){ $ret="l"; } - - $ret; - } - sub out { - my $self = shift; - if ($gas) { sprintf "%s%%%s%s", $self->{asterisk}, - $self->{value}, - $self->{opmask}; } - else { $self->{opmask} =~ s/%(k[0-7])/$1/; - $self->{value}.$self->{opmask}; } - } -} -{ package label; # pick up labels, which end with : - sub re { - my ($class, $line) = @_; - my $self = {}; - my $ret; - - if ($$line =~ /(^[\.\w]+)\:/) { - bless $self,$class; - $self->{value} = $1; - $ret = $self; - $$line = substr($$line,@+[0]); $$line =~ s/^\s+//; - - $self->{value} =~ s/^\.L/$decor/; - } - $ret; - } - sub out { - my $self = shift; - - if ($gas) { - my $func = ($globals{$self->{value}} or $self->{value}) . ":"; - if ($win64 && $current_function->{name} eq $self->{value} - && $current_function->{abi} eq "svr4") { - $func .= "\n"; - $func .= " movq %rdi,8(%rsp)\n"; - $func .= " movq %rsi,16(%rsp)\n"; - $func .= " movq %rsp,%rax\n"; - $func .= "${decor}SEH_begin_$current_function->{name}:\n"; - my $narg = $current_function->{narg}; - $narg=6 if (!defined($narg)); - $func .= " movq %rcx,%rdi\n" if ($narg>0); - $func .= " movq %rdx,%rsi\n" if ($narg>1); - $func .= " movq %r8,%rdx\n" if ($narg>2); - $func .= " movq %r9,%rcx\n" if ($narg>3); - $func .= " movq 40(%rsp),%r8\n" if ($narg>4); - $func .= " movq 48(%rsp),%r9\n" if ($narg>5); - } - $func; - } elsif ($self->{value} ne "$current_function->{name}") { - # Make all labels in masm global. - $self->{value} .= ":" if ($masm); - $self->{value} . ":"; - } elsif ($win64 && $current_function->{abi} eq "svr4") { - my $func = "$current_function->{name}" . - ($nasm ? ":" : "\tPROC $current_function->{scope}") . - "\n"; - $func .= " mov QWORD$PTR\[8+rsp\],rdi\t;WIN64 prologue\n"; - $func .= " mov QWORD$PTR\[16+rsp\],rsi\n"; - $func .= " mov rax,rsp\n"; - $func .= "${decor}SEH_begin_$current_function->{name}:"; - $func .= ":" if ($masm); - $func .= "\n"; - my $narg = $current_function->{narg}; - $narg=6 if (!defined($narg)); - $func .= " mov rdi,rcx\n" if ($narg>0); - $func .= " mov rsi,rdx\n" if ($narg>1); - $func .= " mov rdx,r8\n" if ($narg>2); - $func .= " mov rcx,r9\n" if ($narg>3); - $func .= " mov r8,QWORD$PTR\[40+rsp\]\n" if ($narg>4); - $func .= " mov r9,QWORD$PTR\[48+rsp\]\n" if ($narg>5); - $func .= "\n"; - } else { - "$current_function->{name}". - ($nasm ? ":" : "\tPROC $current_function->{scope}"); - } - } -} -{ package expr; # pick up expressions - sub re { - my ($class, $line, $opcode) = @_; - my $self = {}; - my $ret; - - if ($$line =~ /(^[^,]+)/) { - bless $self,$class; - $self->{value} = $1; - $ret = $self; - $$line = substr($$line,@+[0]); $$line =~ s/^\s+//; - - $self->{value} =~ s/\@PLT// if (!$elf); - $self->{value} =~ s/([_a-z][_a-z0-9]*)/$globals{$1} or $1/gei; - $self->{value} =~ s/\.L/$decor/g; - $self->{opcode} = $opcode; - } - $ret; - } - sub out { - my $self = shift; - if ($nasm && $self->{opcode}->mnemonic()=~m/^j(?![re]cxz)/) { - "NEAR ".$self->{value}; - } else { - $self->{value}; - } - } -} -{ package cfi_directive; - # CFI directives annotate instructions that are significant for - # stack unwinding procedure compliant with DWARF specification, - # see http://dwarfstd.org/. Besides naturally expected for this - # script platform-specific filtering function, this module adds - # three auxiliary synthetic directives not recognized by [GNU] - # assembler: - # - # - .cfi_push to annotate push instructions in prologue, which - # translates to .cfi_adjust_cfa_offset (if needed) and - # .cfi_offset; - # - .cfi_pop to annotate pop instructions in epilogue, which - # translates to .cfi_adjust_cfa_offset (if needed) and - # .cfi_restore; - # - [and most notably] .cfi_cfa_expression which encodes - # DW_CFA_def_cfa_expression and passes it to .cfi_escape as - # byte vector; - # - # CFA expressions were introduced in DWARF specification version - # 3 and describe how to deduce CFA, Canonical Frame Address. This - # becomes handy if your stack frame is variable and you can't - # spare register for [previous] frame pointer. Suggested directive - # syntax is made-up mix of DWARF operator suffixes [subset of] - # and references to registers with optional bias. Following example - # describes offloaded *original* stack pointer at specific offset - # from *current* stack pointer: - # - # .cfi_cfa_expression %rsp+40,deref,+8 - # - # Final +8 has everything to do with the fact that CFA is defined - # as reference to top of caller's stack, and on x86_64 call to - # subroutine pushes 8-byte return address. In other words original - # stack pointer upon entry to a subroutine is 8 bytes off from CFA. - - # Below constants are taken from "DWARF Expressions" section of the - # DWARF specification, section is numbered 7.7 in versions 3 and 4. - my %DW_OP_simple = ( # no-arg operators, mapped directly - deref => 0x06, dup => 0x12, - drop => 0x13, over => 0x14, - pick => 0x15, swap => 0x16, - rot => 0x17, xderef => 0x18, - - abs => 0x19, and => 0x1a, - div => 0x1b, minus => 0x1c, - mod => 0x1d, mul => 0x1e, - neg => 0x1f, not => 0x20, - or => 0x21, plus => 0x22, - shl => 0x24, shr => 0x25, - shra => 0x26, xor => 0x27, - ); - - my %DW_OP_complex = ( # used in specific subroutines - constu => 0x10, # uleb128 - consts => 0x11, # sleb128 - plus_uconst => 0x23, # uleb128 - lit0 => 0x30, # add 0-31 to opcode - reg0 => 0x50, # add 0-31 to opcode - breg0 => 0x70, # add 0-31 to opcole, sleb128 - regx => 0x90, # uleb28 - fbreg => 0x91, # sleb128 - bregx => 0x92, # uleb128, sleb128 - piece => 0x93, # uleb128 - ); - - # Following constants are defined in x86_64 ABI supplement, for - # example available at https://www.uclibc.org/docs/psABI-x86_64.pdf, - # see section 3.7 "Stack Unwind Algorithm". - my %DW_reg_idx = ( - "%rax"=>0, "%rdx"=>1, "%rcx"=>2, "%rbx"=>3, - "%rsi"=>4, "%rdi"=>5, "%rbp"=>6, "%rsp"=>7, - "%r8" =>8, "%r9" =>9, "%r10"=>10, "%r11"=>11, - "%r12"=>12, "%r13"=>13, "%r14"=>14, "%r15"=>15 - ); - - my ($cfa_reg, $cfa_rsp); - my @cfa_stack; - - # [us]leb128 format is variable-length integer representation base - # 2^128, with most significant bit of each byte being 0 denoting - # *last* most significant digit. See "Variable Length Data" in the - # DWARF specification, numbered 7.6 at least in versions 3 and 4. - sub sleb128 { - use integer; # get right shift extend sign - - my $val = shift; - my $sign = ($val < 0) ? -1 : 0; - my @ret = (); - - while(1) { - push @ret, $val&0x7f; - - # see if remaining bits are same and equal to most - # significant bit of the current digit, if so, it's - # last digit... - last if (($val>>6) == $sign); - - @ret[-1] |= 0x80; - $val >>= 7; - } - - return @ret; - } - sub uleb128 { - my $val = shift; - my @ret = (); - - while(1) { - push @ret, $val&0x7f; - - # see if it's last significant digit... - last if (($val >>= 7) == 0); - - @ret[-1] |= 0x80; - } - - return @ret; - } - sub const { - my $val = shift; - - if ($val >= 0 && $val < 32) { - return ($DW_OP_complex{lit0}+$val); - } - return ($DW_OP_complex{consts}, sleb128($val)); - } - sub reg { - my $val = shift; - - return if ($val !~ m/^(%r\w+)(?:([\+\-])((?:0x)?[0-9a-f]+))?/); - - my $reg = $DW_reg_idx{$1}; - my $off = eval ("0 $2 $3"); - - return (($DW_OP_complex{breg0} + $reg), sleb128($off)); - # Yes, we use DW_OP_bregX+0 to push register value and not - # DW_OP_regX, because latter would require even DW_OP_piece, - # which would be a waste under the circumstances. If you have - # to use DWP_OP_reg, use "regx:N"... - } - sub cfa_expression { - my $line = shift; - my @ret; - - foreach my $token (split(/,\s*/,$line)) { - if ($token =~ /^%r/) { - push @ret,reg($token); - } elsif ($token =~ /((?:0x)?[0-9a-f]+)\((%r\w+)\)/) { - push @ret,reg("$2+$1"); - } elsif ($token =~ /(\w+):(\-?(?:0x)?[0-9a-f]+)(U?)/i) { - my $i = 1*eval($2); - push @ret,$DW_OP_complex{$1}, ($3 ? uleb128($i) : sleb128($i)); - } elsif (my $i = 1*eval($token) or $token eq "0") { - if ($token =~ /^\+/) { - push @ret,$DW_OP_complex{plus_uconst},uleb128($i); - } else { - push @ret,const($i); - } - } else { - push @ret,$DW_OP_simple{$token}; - } - } - - # Finally we return DW_CFA_def_cfa_expression, 15, followed by - # length of the expression and of course the expression itself. - return (15,scalar(@ret),@ret); - } - sub re { - my ($class, $line) = @_; - my $self = {}; - my $ret; - - if ($$line =~ s/^\s*\.cfi_(\w+)\s*//) { - bless $self,$class; - $ret = $self; - undef $self->{value}; - my $dir = $1; - - SWITCH: for ($dir) { - # What is $cfa_rsp? Effectively it's difference between %rsp - # value and current CFA, Canonical Frame Address, which is - # why it starts with -8. Recall that CFA is top of caller's - # stack... - /startproc/ && do { ($cfa_reg, $cfa_rsp) = ("%rsp", -8); last; }; - /endproc/ && do { ($cfa_reg, $cfa_rsp) = ("%rsp", 0); - # .cfi_remember_state directives that are not - # matched with .cfi_restore_state are - # unnecessary. - die "unpaired .cfi_remember_state" if (@cfa_stack); - last; - }; - /def_cfa_register/ - && do { $cfa_reg = $$line; last; }; - /def_cfa_offset/ - && do { $cfa_rsp = -1*eval($$line) if ($cfa_reg eq "%rsp"); - last; - }; - /adjust_cfa_offset/ - && do { $cfa_rsp -= 1*eval($$line) if ($cfa_reg eq "%rsp"); - last; - }; - /def_cfa/ && do { if ($$line =~ /(%r\w+)\s*,\s*(.+)/) { - $cfa_reg = $1; - $cfa_rsp = -1*eval($2) if ($cfa_reg eq "%rsp"); - } - last; - }; - /push/ && do { $dir = undef; - $cfa_rsp -= 8; - if ($cfa_reg eq "%rsp") { - $self->{value} = ".cfi_adjust_cfa_offset\t8\n"; - } - $self->{value} .= ".cfi_offset\t$$line,$cfa_rsp"; - last; - }; - /pop/ && do { $dir = undef; - $cfa_rsp += 8; - if ($cfa_reg eq "%rsp") { - $self->{value} = ".cfi_adjust_cfa_offset\t-8\n"; - } - $self->{value} .= ".cfi_restore\t$$line"; - last; - }; - /cfa_expression/ - && do { $dir = undef; - $self->{value} = ".cfi_escape\t" . - join(",", map(sprintf("0x%02x", $_), - cfa_expression($$line))); - last; - }; - /remember_state/ - && do { push @cfa_stack, [$cfa_reg, $cfa_rsp]; - last; - }; - /restore_state/ - && do { ($cfa_reg, $cfa_rsp) = @{pop @cfa_stack}; - last; - }; - } - - $self->{value} = ".cfi_$dir\t$$line" if ($dir); - - $$line = ""; - } - - return $ret; - } - sub out { - my $self = shift; - return ($elf ? $self->{value} : undef); - } -} -{ package directive; # pick up directives, which start with . - sub re { - my ($class, $line) = @_; - my $self = {}; - my $ret; - my $dir; - - # chain-call to cfi_directive - $ret = cfi_directive->re($line) and return $ret; - - if ($$line =~ /^\s*(\.\w+)/) { - bless $self,$class; - $dir = $1; - $ret = $self; - undef $self->{value}; - $$line = substr($$line,@+[0]); $$line =~ s/^\s+//; - - SWITCH: for ($dir) { - /\.global|\.globl|\.extern/ - && do { $globals{$$line} = $prefix . $$line; - $$line = $globals{$$line} if ($prefix); - last; - }; - /\.type/ && do { my ($sym,$type,$narg) = split(',',$$line); - if ($type eq "\@function") { - undef $current_function; - $current_function->{name} = $sym; - $current_function->{abi} = "svr4"; - $current_function->{narg} = $narg; - $current_function->{scope} = defined($globals{$sym})?"PUBLIC":"PRIVATE"; - } elsif ($type eq "\@abi-omnipotent") { - undef $current_function; - $current_function->{name} = $sym; - $current_function->{scope} = defined($globals{$sym})?"PUBLIC":"PRIVATE"; - } - $$line =~ s/\@abi\-omnipotent/\@function/; - $$line =~ s/\@function.*/\@function/; - last; - }; - /\.asciz/ && do { if ($$line =~ /^"(.*)"$/) { - $dir = ".byte"; - $$line = join(",",unpack("C*",$1),0); - } - last; - }; - /\.rva|\.long|\.quad/ - && do { $$line =~ s/([_a-z][_a-z0-9]*)/$globals{$1} or $1/gei; - $$line =~ s/\.L/$decor/g; - last; - }; - } - - if ($gas) { - $self->{value} = $dir . "\t" . $$line; - - if ($dir =~ /\.extern/) { - $self->{value} = ""; # swallow extern - } elsif (!$elf && $dir =~ /\.type/) { - $self->{value} = ""; - $self->{value} = ".def\t" . ($globals{$1} or $1) . ";\t" . - (defined($globals{$1})?".scl 2;":".scl 3;") . - "\t.type 32;\t.endef" - if ($win64 && $$line =~ /([^,]+),\@function/); - } elsif (!$elf && $dir =~ /\.size/) { - $self->{value} = ""; - if (defined($current_function)) { - $self->{value} .= "${decor}SEH_end_$current_function->{name}:" - if ($win64 && $current_function->{abi} eq "svr4"); - undef $current_function; - } - } elsif (!$elf && $dir =~ /\.align/) { - $self->{value} = ".p2align\t" . (log($$line)/log(2)); - } elsif ($dir eq ".section") { - $current_segment=$$line; - if (!$elf && $current_segment eq ".init") { - if ($flavour eq "macosx") { $self->{value} = ".mod_init_func"; } - elsif ($flavour eq "mingw64") { $self->{value} = ".section\t.ctors"; } - } - } elsif ($dir =~ /\.(text|data)/) { - $current_segment=".$1"; - } elsif ($dir =~ /\.hidden/) { - if ($flavour eq "macosx") { $self->{value} = ".private_extern\t$prefix$$line"; } - elsif ($flavour eq "mingw64") { $self->{value} = ""; } - } elsif ($dir =~ /\.comm/) { - $self->{value} = "$dir\t$prefix$$line"; - $self->{value} =~ s|,([0-9]+),([0-9]+)$|",$1,".log($2)/log(2)|e if ($flavour eq "macosx"); - } - $$line = ""; - return $self; - } - - # non-gas case or nasm/masm - SWITCH: for ($dir) { - /\.text/ && do { my $v=undef; - if ($nasm) { - $v="section .text code align=64\n"; - } else { - $v="$current_segment\tENDS\n" if ($current_segment); - $current_segment = ".text\$"; - $v.="$current_segment\tSEGMENT "; - $v.=$masm>=$masmref ? "ALIGN(256)" : "PAGE"; - $v.=" 'CODE'"; - } - $self->{value} = $v; - last; - }; - /\.data/ && do { my $v=undef; - if ($nasm) { - $v="section .data data align=8\n"; - } else { - $v="$current_segment\tENDS\n" if ($current_segment); - $current_segment = "_DATA"; - $v.="$current_segment\tSEGMENT"; - } - $self->{value} = $v; - last; - }; - /\.section/ && do { my $v=undef; - $$line =~ s/([^,]*).*/$1/; - $$line = ".CRT\$XCU" if ($$line eq ".init"); - if ($nasm) { - $v="section $$line"; - if ($$line=~/\.([px])data/) { - $v.=" rdata align="; - $v.=$1 eq "p"? 4 : 8; - } elsif ($$line=~/\.CRT\$/i) { - $v.=" rdata align=8"; - } - } else { - $v="$current_segment\tENDS\n" if ($current_segment); - $v.="$$line\tSEGMENT"; - if ($$line=~/\.([px])data/) { - $v.=" READONLY"; - $v.=" ALIGN(".($1 eq "p" ? 4 : 8).")" if ($masm>=$masmref); - } elsif ($$line=~/\.CRT\$/i) { - $v.=" READONLY "; - $v.=$masm>=$masmref ? "ALIGN(8)" : "DWORD"; - } - } - $current_segment = $$line; - $self->{value} = $v; - last; - }; - /\.extern/ && do { $self->{value} = "EXTERN\t".$$line; - $self->{value} .= ":NEAR" if ($masm); - last; - }; - /\.globl|.global/ - && do { $self->{value} = $masm?"PUBLIC":"global"; - $self->{value} .= "\t".$$line; - last; - }; - /\.size/ && do { if (defined($current_function)) { - undef $self->{value}; - if ($current_function->{abi} eq "svr4") { - $self->{value}="${decor}SEH_end_$current_function->{name}:"; - $self->{value}.=":\n" if($masm); - } - $self->{value}.="$current_function->{name}\tENDP" if($masm && $current_function->{name}); - undef $current_function; - } - last; - }; - /\.align/ && do { my $max = ($masm && $masm>=$masmref) ? 256 : 4096; - $self->{value} = "ALIGN\t".($$line>$max?$max:$$line); - last; - }; - /\.(value|long|rva|quad)/ - && do { my $sz = substr($1,0,1); - my @arr = split(/,\s*/,$$line); - my $last = pop(@arr); - my $conv = sub { my $var=shift; - $var=~s/^(0b[0-1]+)/oct($1)/eig; - $var=~s/^0x([0-9a-f]+)/0$1h/ig if ($masm); - if ($sz eq "D" && ($current_segment=~/.[px]data/ || $dir eq ".rva")) - { $var=~s/^([_a-z\$\@][_a-z0-9\$\@]*)/$nasm?"$1 wrt ..imagebase":"imagerel $1"/egi; } - $var; - }; - - $sz =~ tr/bvlrq/BWDDQ/; - $self->{value} = "\tD$sz\t"; - for (@arr) { $self->{value} .= &$conv($_).","; } - $self->{value} .= &$conv($last); - last; - }; - /\.byte/ && do { my @str=split(/,\s*/,$$line); - map(s/(0b[0-1]+)/oct($1)/eig,@str); - map(s/0x([0-9a-f]+)/0$1h/ig,@str) if ($masm); - while ($#str>15) { - $self->{value}.="DB\t" - .join(",",@str[0..15])."\n"; - foreach (0..15) { shift @str; } - } - $self->{value}.="DB\t" - .join(",",@str) if (@str); - last; - }; - /\.comm/ && do { my @str=split(/,\s*/,$$line); - my $v=undef; - if ($nasm) { - $v.="common $prefix@str[0] @str[1]"; - } else { - $v="$current_segment\tENDS\n" if ($current_segment); - $current_segment = "_DATA"; - $v.="$current_segment\tSEGMENT\n"; - $v.="COMM @str[0]:DWORD:".@str[1]/4; - } - $self->{value} = $v; - last; - }; - } - $$line = ""; - } - - $ret; - } - sub out { - my $self = shift; - $self->{value}; - } -} - -# Upon initial x86_64 introduction SSE>2 extensions were not introduced -# yet. In order not to be bothered by tracing exact assembler versions, -# but at the same time to provide a bare security minimum of AES-NI, we -# hard-code some instructions. Extensions past AES-NI on the other hand -# are traced by examining assembler version in individual perlasm -# modules... - -my %regrm = ( "%eax"=>0, "%ecx"=>1, "%edx"=>2, "%ebx"=>3, - "%esp"=>4, "%ebp"=>5, "%esi"=>6, "%edi"=>7 ); - -sub rex { - my $opcode=shift; - my ($dst,$src,$rex)=@_; - - $rex|=0x04 if($dst>=8); - $rex|=0x01 if($src>=8); - push @$opcode,($rex|0x40) if ($rex); -} - -my $movq = sub { # elderly gas can't handle inter-register movq - my $arg = shift; - my @opcode=(0x66); - if ($arg =~ /%xmm([0-9]+),\s*%r(\w+)/) { - my ($src,$dst)=($1,$2); - if ($dst !~ /[0-9]+/) { $dst = $regrm{"%e$dst"}; } - rex(\@opcode,$src,$dst,0x8); - push @opcode,0x0f,0x7e; - push @opcode,0xc0|(($src&7)<<3)|($dst&7); # ModR/M - @opcode; - } elsif ($arg =~ /%r(\w+),\s*%xmm([0-9]+)/) { - my ($src,$dst)=($2,$1); - if ($dst !~ /[0-9]+/) { $dst = $regrm{"%e$dst"}; } - rex(\@opcode,$src,$dst,0x8); - push @opcode,0x0f,0x6e; - push @opcode,0xc0|(($src&7)<<3)|($dst&7); # ModR/M - @opcode; - } else { - (); - } -}; - -my $pextrd = sub { - if (shift =~ /\$([0-9]+),\s*%xmm([0-9]+),\s*(%\w+)/) { - my @opcode=(0x66); - my $imm=$1; - my $src=$2; - my $dst=$3; - if ($dst =~ /%r([0-9]+)d/) { $dst = $1; } - elsif ($dst =~ /%e/) { $dst = $regrm{$dst}; } - rex(\@opcode,$src,$dst); - push @opcode,0x0f,0x3a,0x16; - push @opcode,0xc0|(($src&7)<<3)|($dst&7); # ModR/M - push @opcode,$imm; - @opcode; - } else { - (); - } -}; - -my $pinsrd = sub { - if (shift =~ /\$([0-9]+),\s*(%\w+),\s*%xmm([0-9]+)/) { - my @opcode=(0x66); - my $imm=$1; - my $src=$2; - my $dst=$3; - if ($src =~ /%r([0-9]+)/) { $src = $1; } - elsif ($src =~ /%e/) { $src = $regrm{$src}; } - rex(\@opcode,$dst,$src); - push @opcode,0x0f,0x3a,0x22; - push @opcode,0xc0|(($dst&7)<<3)|($src&7); # ModR/M - push @opcode,$imm; - @opcode; - } else { - (); - } -}; - -my $pshufb = sub { - if (shift =~ /%xmm([0-9]+),\s*%xmm([0-9]+)/) { - my @opcode=(0x66); - rex(\@opcode,$2,$1); - push @opcode,0x0f,0x38,0x00; - push @opcode,0xc0|($1&7)|(($2&7)<<3); # ModR/M - @opcode; - } else { - (); - } -}; - -my $palignr = sub { - if (shift =~ /\$([0-9]+),\s*%xmm([0-9]+),\s*%xmm([0-9]+)/) { - my @opcode=(0x66); - rex(\@opcode,$3,$2); - push @opcode,0x0f,0x3a,0x0f; - push @opcode,0xc0|($2&7)|(($3&7)<<3); # ModR/M - push @opcode,$1; - @opcode; - } else { - (); - } -}; - -my $pclmulqdq = sub { - if (shift =~ /\$([x0-9a-f]+),\s*%xmm([0-9]+),\s*%xmm([0-9]+)/) { - my @opcode=(0x66); - rex(\@opcode,$3,$2); - push @opcode,0x0f,0x3a,0x44; - push @opcode,0xc0|($2&7)|(($3&7)<<3); # ModR/M - my $c=$1; - push @opcode,$c=~/^0/?oct($c):$c; - @opcode; - } else { - (); - } -}; - -my $rdrand = sub { - if (shift =~ /%[er](\w+)/) { - my @opcode=(); - my $dst=$1; - if ($dst !~ /[0-9]+/) { $dst = $regrm{"%e$dst"}; } - rex(\@opcode,0,$dst,8); - push @opcode,0x0f,0xc7,0xf0|($dst&7); - @opcode; - } else { - (); - } -}; - -my $rdseed = sub { - if (shift =~ /%[er](\w+)/) { - my @opcode=(); - my $dst=$1; - if ($dst !~ /[0-9]+/) { $dst = $regrm{"%e$dst"}; } - rex(\@opcode,0,$dst,8); - push @opcode,0x0f,0xc7,0xf8|($dst&7); - @opcode; - } else { - (); - } -}; - -# Not all AVX-capable assemblers recognize AMD XOP extension. Since we -# are using only two instructions hand-code them in order to be excused -# from chasing assembler versions... - -sub rxb { - my $opcode=shift; - my ($dst,$src1,$src2,$rxb)=@_; - - $rxb|=0x7<<5; - $rxb&=~(0x04<<5) if($dst>=8); - $rxb&=~(0x01<<5) if($src1>=8); - $rxb&=~(0x02<<5) if($src2>=8); - push @$opcode,$rxb; -} - -my $vprotd = sub { - if (shift =~ /\$([x0-9a-f]+),\s*%xmm([0-9]+),\s*%xmm([0-9]+)/) { - my @opcode=(0x8f); - rxb(\@opcode,$3,$2,-1,0x08); - push @opcode,0x78,0xc2; - push @opcode,0xc0|($2&7)|(($3&7)<<3); # ModR/M - my $c=$1; - push @opcode,$c=~/^0/?oct($c):$c; - @opcode; - } else { - (); - } -}; - -my $vprotq = sub { - if (shift =~ /\$([x0-9a-f]+),\s*%xmm([0-9]+),\s*%xmm([0-9]+)/) { - my @opcode=(0x8f); - rxb(\@opcode,$3,$2,-1,0x08); - push @opcode,0x78,0xc3; - push @opcode,0xc0|($2&7)|(($3&7)<<3); # ModR/M - my $c=$1; - push @opcode,$c=~/^0/?oct($c):$c; - @opcode; - } else { - (); - } -}; - -# Intel Control-flow Enforcement Technology extension. All functions and -# indirect branch targets will have to start with this instruction... - -my $endbranch = sub { - (0xf3,0x0f,0x1e,0xfa); -}; - -######################################################################## - -if ($nasm) { - print <<___; -default rel -%define XMMWORD -%define YMMWORD -%define ZMMWORD -___ -} elsif ($masm) { - print <<___; -OPTION DOTNAME -___ -} -while(defined(my $line=<>)) { - - $line =~ s|\R$||; # Better chomp - - $line =~ s|[#!].*$||; # get rid of asm-style comments... - $line =~ s|/\*.*\*/||; # ... and C-style comments... - $line =~ s|^\s+||; # ... and skip whitespaces in beginning - $line =~ s|\s+$||; # ... and at the end - - if (my $label=label->re(\$line)) { print $label->out(); } - - if (my $directive=directive->re(\$line)) { - printf "%s",$directive->out(); - } elsif (my $opcode=opcode->re(\$line)) { - my $asm = eval("\$".$opcode->mnemonic()); - - if ((ref($asm) eq 'CODE') && scalar(my @bytes=&$asm($line))) { - print $gas?".byte\t":"DB\t",join(',',@bytes),"\n"; - next; - } - - my @args; - ARGUMENT: while (1) { - my $arg; - - ($arg=register->re(\$line, $opcode))|| - ($arg=const->re(\$line)) || - ($arg=ea->re(\$line, $opcode)) || - ($arg=expr->re(\$line, $opcode)) || - last ARGUMENT; - - push @args,$arg; - - last ARGUMENT if ($line !~ /^,/); - - $line =~ s/^,\s*//; - } # ARGUMENT: - - if ($#args>=0) { - my $insn; - my $sz=$opcode->size(); - - if ($gas) { - $insn = $opcode->out($#args>=1?$args[$#args]->size():$sz); - @args = map($_->out($sz),@args); - printf "\t%s\t%s",$insn,join(",",@args); - } else { - $insn = $opcode->out(); - foreach (@args) { - my $arg = $_->out(); - # $insn.=$sz compensates for movq, pinsrw, ... - if ($arg =~ /^xmm[0-9]+$/) { $insn.=$sz; $sz="x" if(!$sz); last; } - if ($arg =~ /^ymm[0-9]+$/) { $insn.=$sz; $sz="y" if(!$sz); last; } - if ($arg =~ /^zmm[0-9]+$/) { $insn.=$sz; $sz="z" if(!$sz); last; } - if ($arg =~ /^mm[0-9]+$/) { $insn.=$sz; $sz="q" if(!$sz); last; } - } - @args = reverse(@args); - undef $sz if ($nasm && $opcode->mnemonic() eq "lea"); - printf "\t%s\t%s",$insn,join(",",map($_->out($sz),@args)); - } - } else { - printf "\t%s",$opcode->out(); - } - } - - print $line,"\n"; -} - -print "$cet_property" if ($cet_property); -print "\n$current_segment\tENDS\n" if ($current_segment && $masm); -print "END\n" if ($masm); - -close STDOUT or die "error closing STDOUT: $!;" - - ################################################# -# Cross-reference x86_64 ABI "card" -# -# Unix Win64 -# %rax * * -# %rbx - - -# %rcx #4 #1 -# %rdx #3 #2 -# %rsi #2 - -# %rdi #1 - -# %rbp - - -# %rsp - - -# %r8 #5 #3 -# %r9 #6 #4 -# %r10 * * -# %r11 * * -# %r12 - - -# %r13 - - -# %r14 - - -# %r15 - - -# -# (*) volatile register -# (-) preserved by callee -# (#) Nth argument, volatile -# -# In Unix terms top of stack is argument transfer area for arguments -# which could not be accommodated in registers. Or in other words 7th -# [integer] argument resides at 8(%rsp) upon function entry point. -# 128 bytes above %rsp constitute a "red zone" which is not touched -# by signal handlers and can be used as temporal storage without -# allocating a frame. -# -# In Win64 terms N*8 bytes on top of stack is argument transfer area, -# which belongs to/can be overwritten by callee. N is the number of -# arguments passed to callee, *but* not less than 4! This means that -# upon function entry point 5th argument resides at 40(%rsp), as well -# as that 32 bytes from 8(%rsp) can always be used as temporal -# storage [without allocating a frame]. One can actually argue that -# one can assume a "red zone" above stack pointer under Win64 as well. -# Point is that at apparently no occasion Windows kernel would alter -# the area above user stack pointer in true asynchronous manner... -# -# All the above means that if assembler programmer adheres to Unix -# register and stack layout, but disregards the "red zone" existence, -# it's possible to use following prologue and epilogue to "gear" from -# Unix to Win64 ABI in leaf functions with not more than 6 arguments. -# -# omnipotent_function: -# ifdef WIN64 -# movq %rdi,8(%rsp) -# movq %rsi,16(%rsp) -# movq %rcx,%rdi ; if 1st argument is actually present -# movq %rdx,%rsi ; if 2nd argument is actually ... -# movq %r8,%rdx ; if 3rd argument is ... -# movq %r9,%rcx ; if 4th argument ... -# movq 40(%rsp),%r8 ; if 5th ... -# movq 48(%rsp),%r9 ; if 6th ... -# endif -# ... -# ifdef WIN64 -# movq 8(%rsp),%rdi -# movq 16(%rsp),%rsi -# endif -# ret -# - ################################################# -# Win64 SEH, Structured Exception Handling. -# -# Unlike on Unix systems(*) lack of Win64 stack unwinding information -# has undesired side-effect at run-time: if an exception is raised in -# assembler subroutine such as those in question (basically we're -# referring to segmentation violations caused by malformed input -# parameters), the application is briskly terminated without invoking -# any exception handlers, most notably without generating memory dump -# or any user notification whatsoever. This poses a problem. It's -# possible to address it by registering custom language-specific -# handler that would restore processor context to the state at -# subroutine entry point and return "exception is not handled, keep -# unwinding" code. Writing such handler can be a challenge... But it's -# doable, though requires certain coding convention. Consider following -# snippet: -# -# .type function,@function -# function: -# movq %rsp,%rax # copy rsp to volatile register -# pushq %r15 # save non-volatile registers -# pushq %rbx -# pushq %rbp -# movq %rsp,%r11 -# subq %rdi,%r11 # prepare [variable] stack frame -# andq $-64,%r11 -# movq %rax,0(%r11) # check for exceptions -# movq %r11,%rsp # allocate [variable] stack frame -# movq %rax,0(%rsp) # save original rsp value -# magic_point: -# ... -# movq 0(%rsp),%rcx # pull original rsp value -# movq -24(%rcx),%rbp # restore non-volatile registers -# movq -16(%rcx),%rbx -# movq -8(%rcx),%r15 -# movq %rcx,%rsp # restore original rsp -# magic_epilogue: -# ret -# .size function,.-function -# -# The key is that up to magic_point copy of original rsp value remains -# in chosen volatile register and no non-volatile register, except for -# rsp, is modified. While past magic_point rsp remains constant till -# the very end of the function. In this case custom language-specific -# exception handler would look like this: -# -# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame, -# CONTEXT *context,DISPATCHER_CONTEXT *disp) -# { ULONG64 *rsp = (ULONG64 *)context->Rax; -# ULONG64 rip = context->Rip; -# -# if (rip >= magic_point) -# { rsp = (ULONG64 *)context->Rsp; -# if (rip < magic_epilogue) -# { rsp = (ULONG64 *)rsp[0]; -# context->Rbp = rsp[-3]; -# context->Rbx = rsp[-2]; -# context->R15 = rsp[-1]; -# } -# } -# context->Rsp = (ULONG64)rsp; -# context->Rdi = rsp[1]; -# context->Rsi = rsp[2]; -# -# memcpy (disp->ContextRecord,context,sizeof(CONTEXT)); -# RtlVirtualUnwind(UNW_FLAG_NHANDLER,disp->ImageBase, -# dips->ControlPc,disp->FunctionEntry,disp->ContextRecord, -# &disp->HandlerData,&disp->EstablisherFrame,NULL); -# return ExceptionContinueSearch; -# } -# -# It's appropriate to implement this handler in assembler, directly in -# function's module. In order to do that one has to know members' -# offsets in CONTEXT and DISPATCHER_CONTEXT structures and some constant -# values. Here they are: -# -# CONTEXT.Rax 120 -# CONTEXT.Rcx 128 -# CONTEXT.Rdx 136 -# CONTEXT.Rbx 144 -# CONTEXT.Rsp 152 -# CONTEXT.Rbp 160 -# CONTEXT.Rsi 168 -# CONTEXT.Rdi 176 -# CONTEXT.R8 184 -# CONTEXT.R9 192 -# CONTEXT.R10 200 -# CONTEXT.R11 208 -# CONTEXT.R12 216 -# CONTEXT.R13 224 -# CONTEXT.R14 232 -# CONTEXT.R15 240 -# CONTEXT.Rip 248 -# CONTEXT.Xmm6 512 -# sizeof(CONTEXT) 1232 -# DISPATCHER_CONTEXT.ControlPc 0 -# DISPATCHER_CONTEXT.ImageBase 8 -# DISPATCHER_CONTEXT.FunctionEntry 16 -# DISPATCHER_CONTEXT.EstablisherFrame 24 -# DISPATCHER_CONTEXT.TargetIp 32 -# DISPATCHER_CONTEXT.ContextRecord 40 -# DISPATCHER_CONTEXT.LanguageHandler 48 -# DISPATCHER_CONTEXT.HandlerData 56 -# UNW_FLAG_NHANDLER 0 -# ExceptionContinueSearch 1 -# -# In order to tie the handler to the function one has to compose -# couple of structures: one for .xdata segment and one for .pdata. -# -# UNWIND_INFO structure for .xdata segment would be -# -# function_unwind_info: -# .byte 9,0,0,0 -# .rva handler -# -# This structure designates exception handler for a function with -# zero-length prologue, no stack frame or frame register. -# -# To facilitate composing of .pdata structures, auto-generated "gear" -# prologue copies rsp value to rax and denotes next instruction with -# .LSEH_begin_{function_name} label. This essentially defines the SEH -# styling rule mentioned in the beginning. Position of this label is -# chosen in such manner that possible exceptions raised in the "gear" -# prologue would be accounted to caller and unwound from latter's frame. -# End of function is marked with respective .LSEH_end_{function_name} -# label. To summarize, .pdata segment would contain -# -# .rva .LSEH_begin_function -# .rva .LSEH_end_function -# .rva function_unwind_info -# -# Reference to function_unwind_info from .xdata segment is the anchor. -# In case you wonder why references are 32-bit .rvas and not 64-bit -# .quads. References put into these two segments are required to be -# *relative* to the base address of the current binary module, a.k.a. -# image base. No Win64 module, be it .exe or .dll, can be larger than -# 2GB and thus such relative references can be and are accommodated in -# 32 bits. -# -# Having reviewed the example function code, one can argue that "movq -# %rsp,%rax" above is redundant. It is not! Keep in mind that on Unix -# rax would contain an undefined value. If this "offends" you, use -# another register and refrain from modifying rax till magic_point is -# reached, i.e. as if it was a non-volatile register. If more registers -# are required prior [variable] frame setup is completed, note that -# nobody says that you can have only one "magic point." You can -# "liberate" non-volatile registers by denoting last stack off-load -# instruction and reflecting it in finer grade unwind logic in handler. -# After all, isn't it why it's called *language-specific* handler... -# -# SE handlers are also involved in unwinding stack when executable is -# profiled or debugged. Profiling implies additional limitations that -# are too subtle to discuss here. For now it's sufficient to say that -# in order to simplify handlers one should either a) offload original -# %rsp to stack (like discussed above); or b) if you have a register to -# spare for frame pointer, choose volatile one. -# -# (*) Note that we're talking about run-time, not debug-time. Lack of -# unwind information makes debugging hard on both Windows and -# Unix. "Unlike" refers to the fact that on Unix signal handler -# will always be invoked, core dumped and appropriate exit code -# returned to parent (for user notification). diff --git a/crypto/perlasm/x86asm.pl b/crypto/perlasm/x86asm.pl deleted file mode 100644 index 8dcde9eacaa3d11ef33e40f54a03f5e8524f0dc2..0000000000000000000000000000000000000000 --- a/crypto/perlasm/x86asm.pl +++ /dev/null @@ -1,305 +0,0 @@ -#! /usr/bin/env perl -# Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - - -# require 'x86asm.pl'; -# &asm_init([,$i386only]); -# &function_begin("foo"); -# ... -# &function_end("foo"); -# &asm_finish - -$out=(); -$i386=0; - -# AUTOLOAD is this context has quite unpleasant side effect, namely -# that typos in function calls effectively go to assembler output, -# but on the pros side we don't have to implement one subroutine per -# each opcode... -sub ::AUTOLOAD -{ my $opcode = $AUTOLOAD; - - die "more than 4 arguments passed to $opcode" if ($#_>3); - - $opcode =~ s/.*:://; - if ($opcode =~ /^push/) { $stack+=4; } - elsif ($opcode =~ /^pop/) { $stack-=4; } - - &generic($opcode,@_) or die "undefined subroutine \&$AUTOLOAD"; -} - -sub ::emit -{ my $opcode=shift; - - if ($#_==-1) { push(@out,"\t$opcode\n"); } - else { push(@out,"\t$opcode\t".join(',',@_)."\n"); } -} - -sub ::LB -{ $_[0] =~ m/^e?([a-d])x$/o or die "$_[0] does not have a 'low byte'"; - $1."l"; -} -sub ::HB -{ $_[0] =~ m/^e?([a-d])x$/o or die "$_[0] does not have a 'high byte'"; - $1."h"; -} -sub ::stack_push{ my $num=$_[0]*4; $stack+=$num; &sub("esp",$num); } -sub ::stack_pop { my $num=$_[0]*4; $stack-=$num; &add("esp",$num); } -sub ::blindpop { &pop($_[0]); $stack+=4; } -sub ::wparam { &DWP($stack+4*$_[0],"esp"); } -sub ::swtmp { &DWP(4*$_[0],"esp"); } - -sub ::bswap -{ if ($i386) # emulate bswap for i386 - { &comment("bswap @_"); - &xchg(&HB(@_),&LB(@_)); - &ror (@_,16); - &xchg(&HB(@_),&LB(@_)); - } - else - { &generic("bswap",@_); } -} -# These are made-up opcodes introduced over the years essentially -# by ignorance, just alias them to real ones... -sub ::movb { &mov(@_); } -sub ::xorb { &xor(@_); } -sub ::rotl { &rol(@_); } -sub ::rotr { &ror(@_); } -sub ::exch { &xchg(@_); } -sub ::halt { &hlt; } -sub ::movz { &movzx(@_); } -sub ::pushf { &pushfd; } -sub ::popf { &popfd; } - -# 3 argument instructions -sub ::movq -{ my($p1,$p2,$optimize)=@_; - - if ($optimize && $p1=~/^mm[0-7]$/ && $p2=~/^mm[0-7]$/) - # movq between mmx registers can sink Intel CPUs - { &::pshufw($p1,$p2,0xe4); } - else - { &::generic("movq",@_); } -} - -# SSE>2 instructions -my %regrm = ( "eax"=>0, "ecx"=>1, "edx"=>2, "ebx"=>3, - "esp"=>4, "ebp"=>5, "esi"=>6, "edi"=>7 ); -sub ::pextrd -{ my($dst,$src,$imm)=@_; - if ("$dst:$src" =~ /(e[a-dsd][ixp]):xmm([0-7])/) - { &::data_byte(0x66,0x0f,0x3a,0x16,0xc0|($2<<3)|$regrm{$1},$imm); } - else - { &::generic("pextrd",@_); } -} - -sub ::pinsrd -{ my($dst,$src,$imm)=@_; - if ("$dst:$src" =~ /xmm([0-7]):(e[a-dsd][ixp])/) - { &::data_byte(0x66,0x0f,0x3a,0x22,0xc0|($1<<3)|$regrm{$2},$imm); } - else - { &::generic("pinsrd",@_); } -} - -sub ::pshufb -{ my($dst,$src)=@_; - if ("$dst:$src" =~ /xmm([0-7]):xmm([0-7])/) - { &data_byte(0x66,0x0f,0x38,0x00,0xc0|($1<<3)|$2); } - else - { &::generic("pshufb",@_); } -} - -sub ::palignr -{ my($dst,$src,$imm)=@_; - if ("$dst:$src" =~ /xmm([0-7]):xmm([0-7])/) - { &::data_byte(0x66,0x0f,0x3a,0x0f,0xc0|($1<<3)|$2,$imm); } - else - { &::generic("palignr",@_); } -} - -sub ::pclmulqdq -{ my($dst,$src,$imm)=@_; - if ("$dst:$src" =~ /xmm([0-7]):xmm([0-7])/) - { &::data_byte(0x66,0x0f,0x3a,0x44,0xc0|($1<<3)|$2,$imm); } - else - { &::generic("pclmulqdq",@_); } -} - -sub ::rdrand -{ my ($dst)=@_; - if ($dst =~ /(e[a-dsd][ixp])/) - { &::data_byte(0x0f,0xc7,0xf0|$regrm{$dst}); } - else - { &::generic("rdrand",@_); } -} - -sub ::rdseed -{ my ($dst)=@_; - if ($dst =~ /(e[a-dsd][ixp])/) - { &::data_byte(0x0f,0xc7,0xf8|$regrm{$dst}); } - else - { &::generic("rdrand",@_); } -} - -sub rxb { - local *opcode=shift; - my ($dst,$src1,$src2,$rxb)=@_; - - $rxb|=0x7<<5; - $rxb&=~(0x04<<5) if($dst>=8); - $rxb&=~(0x01<<5) if($src1>=8); - $rxb&=~(0x02<<5) if($src2>=8); - push @opcode,$rxb; -} - -sub ::vprotd -{ my $args=join(',',@_); - if ($args =~ /xmm([0-7]),xmm([0-7]),([x0-9a-f]+)/) - { my @opcode=(0x8f); - rxb(\@opcode,$1,$2,-1,0x08); - push @opcode,0x78,0xc2; - push @opcode,0xc0|($2&7)|(($1&7)<<3); # ModR/M - my $c=$3; - push @opcode,$c=~/^0/?oct($c):$c; - &::data_byte(@opcode); - } - else - { &::generic("vprotd",@_); } -} - -sub ::endbranch -{ - &::generic("#ifdef __CET__\n"); - &::data_byte(0xf3,0x0f,0x1e,0xfb); - &::generic("#endif\n"); -} - -# label management -$lbdecor="L"; # local label decoration, set by package -$label="000"; - -sub ::islabel # see is argument is a known label -{ my $i; - foreach $i (values %label) { return $i if ($i eq $_[0]); } - $label{$_[0]}; # can be undef -} - -sub ::label # instantiate a function-scope label -{ if (!defined($label{$_[0]})) - { $label{$_[0]}="${lbdecor}${label}${_[0]}"; $label++; } - $label{$_[0]}; -} - -sub ::LABEL # instantiate a file-scope label -{ $label{$_[0]}=$_[1] if (!defined($label{$_[0]})); - $label{$_[0]}; -} - -sub ::static_label { &::LABEL($_[0],$lbdecor.$_[0]); } - -sub ::set_label_B { push(@out,"@_:\n"); } -sub ::set_label -{ my $label=&::label($_[0]); - &::align($_[1]) if ($_[1]>1); - &::set_label_B($label); - $label; -} - -sub ::wipe_labels # wipes function-scope labels -{ foreach $i (keys %label) - { delete $label{$i} if ($label{$i} =~ /^\Q${lbdecor}\E[0-9]{3}/); } -} - -# subroutine management -sub ::function_begin -{ &function_begin_B(@_); - $stack=4; - &push("ebp"); - &push("ebx"); - &push("esi"); - &push("edi"); -} - -sub ::function_end -{ &pop("edi"); - &pop("esi"); - &pop("ebx"); - &pop("ebp"); - &ret(); - &function_end_B(@_); - $stack=0; - &wipe_labels(); -} - -sub ::function_end_A -{ &pop("edi"); - &pop("esi"); - &pop("ebx"); - &pop("ebp"); - &ret(); - $stack+=16; # readjust esp as if we didn't pop anything -} - -sub ::asciz -{ my @str=unpack("C*",shift); - push @str,0; - while ($#str>15) { - &data_byte(@str[0..15]); - foreach (0..15) { shift @str; } - } - &data_byte(@str) if (@str); -} - -sub ::asm_finish -{ &file_end(); - print @out; -} - -sub ::asm_init -{ my ($type,$cpu)=@_; - - $i386=$cpu; - - $elf=$cpp=$coff=$aout=$macosx=$win32=$mwerks=$android=0; - if (($type eq "elf")) - { $elf=1; require "x86gas.pl"; } - elsif (($type eq "elf-1")) - { $elf=-1; require "x86gas.pl"; } - elsif (($type eq "a\.out")) - { $aout=1; require "x86gas.pl"; } - elsif (($type eq "coff" or $type eq "gaswin")) - { $coff=1; require "x86gas.pl"; } - elsif (($type eq "win32n")) - { $win32=1; require "x86nasm.pl"; } - elsif (($type eq "win32")) - { $win32=1; require "x86masm.pl"; } - elsif (($type eq "macosx")) - { $aout=1; $macosx=1; require "x86gas.pl"; } - elsif (($type eq "android")) - { $elf=1; $android=1; require "x86gas.pl"; } - else - { print STDERR <<"EOF"; -Pick one target type from - elf - Linux, FreeBSD, Solaris x86, etc. - a.out - DJGPP, elder OpenBSD, etc. - coff - GAS/COFF such as Win32 targets - win32n - Windows 95/Windows NT NASM format - macosx - Mac OS X -EOF - exit(1); - } - - $pic=0; - for (@ARGV) { $pic=1 if (/\-[fK]PIC/i); } - - &file(); -} - -sub ::hidden {} - -1; diff --git a/crypto/perlasm/x86gas.pl b/crypto/perlasm/x86gas.pl deleted file mode 100644 index 1b2b27c02286ae5e55c32ebaa5fc3735aadb001d..0000000000000000000000000000000000000000 --- a/crypto/perlasm/x86gas.pl +++ /dev/null @@ -1,286 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - - -package x86gas; - -*out=\@::out; - -$::lbdecor=$::aout?"L":".L"; # local label decoration -$nmdecor=($::aout or $::coff)?"_":""; # external name decoration - -$initseg=""; - -$align=16; -$align=log($align)/log(2) if ($::aout); -$com_start="#" if ($::aout or $::coff); - -sub opsize() -{ my $reg=shift; - if ($reg =~ m/^%e/o) { "l"; } - elsif ($reg =~ m/^%[a-d][hl]$/o) { "b"; } - elsif ($reg =~ m/^%[yxm]/o) { undef; } - else { "w"; } -} - -# swap arguments; -# expand opcode with size suffix; -# prefix numeric constants with $; -sub ::generic -{ my($opcode,@arg)=@_; - my($suffix,$dst,$src); - - @arg=reverse(@arg); - - for (@arg) - { s/^(\*?)(e?[a-dsixphl]{2})$/$1%$2/o; # gp registers - s/^([xy]?mm[0-7])$/%$1/o; # xmm/mmx registers - s/^(\-?[0-9]+)$/\$$1/o; # constants - s/^(\-?0x[0-9a-f]+)$/\$$1/o; # constants - } - - $dst = $arg[$#arg] if ($#arg>=0); - $src = $arg[$#arg-1] if ($#arg>=1); - if ($dst =~ m/^%/o) { $suffix=&opsize($dst); } - elsif ($src =~ m/^%/o) { $suffix=&opsize($src); } - else { $suffix="l"; } - undef $suffix if ($dst =~ m/^%[xm]/o || $src =~ m/^%[xm]/o); - - if ($#_==0) { &::emit($opcode); } - elsif ($#_==1 && $opcode =~ m/^(call|clflush|j|loop|set)/o) - { &::emit($opcode,@arg); } - else { &::emit($opcode.$suffix,@arg);} - - 1; -} -# -# opcodes not covered by ::generic above, mostly inconsistent namings... -# -sub ::movzx { &::movzb(@_); } -sub ::pushfd { &::pushfl; } -sub ::popfd { &::popfl; } -sub ::cpuid { &::emit(".byte\t0x0f,0xa2"); } -sub ::rdtsc { &::emit(".byte\t0x0f,0x31"); } - -sub ::call { &::emit("call",(&::islabel($_[0]) or "$nmdecor$_[0]")); } -sub ::call_ptr { &::generic("call","*$_[0]"); } -sub ::jmp_ptr { &::generic("jmp","*$_[0]"); } - -*::bswap = sub { &::emit("bswap","%$_[0]"); } if (!$::i386); - -sub ::DWP -{ my($addr,$reg1,$reg2,$idx)=@_; - my $ret=""; - - if (!defined($idx) && 1*$reg2) { $idx=$reg2; $reg2=$reg1; undef $reg1; } - - $addr =~ s/^\s+//; - # prepend global references with optional underscore - $addr =~ s/^([^\+\-0-9][^\+\-]*)/&::islabel($1) or "$nmdecor$1"/ige; - - $reg1 = "%$reg1" if ($reg1); - $reg2 = "%$reg2" if ($reg2); - - $ret .= $addr if (($addr ne "") && ($addr ne 0)); - - if ($reg2) - { $idx!= 0 or $idx=1; - $ret .= "($reg1,$reg2,$idx)"; - } - elsif ($reg1) - { $ret .= "($reg1)"; } - - $ret; -} -sub ::QWP { &::DWP(@_); } -sub ::BP { &::DWP(@_); } -sub ::WP { &::DWP(@_); } -sub ::BC { @_; } -sub ::DWC { @_; } - -sub ::file -{ push(@out,".text\n"); } - -sub ::function_begin_B -{ my $func=shift; - my $global=($func !~ /^_/); - my $begin="${::lbdecor}_${func}_begin"; - - &::LABEL($func,$global?"$begin":"$nmdecor$func"); - $func=$nmdecor.$func; - - push(@out,".globl\t$func\n") if ($global); - if ($::coff) - { push(@out,".def\t$func;\t.scl\t".(3-$global).";\t.type\t32;\t.endef\n"); } - elsif (($::aout and !$::pic) or $::macosx) - { } - else - { push(@out,".type $func,\@function\n"); } - push(@out,".align\t$align\n"); - push(@out,"$func:\n"); - push(@out,"$begin:\n") if ($global); - &::endbranch(); - $::stack=4; -} - -sub ::function_end_B -{ my $func=shift; - push(@out,".size\t$nmdecor$func,.-".&::LABEL($func)."\n") if ($::elf); - $::stack=0; - &::wipe_labels(); -} - -sub ::comment - { - if (!defined($com_start) or $::elf) - { # Regarding $::elf above... - # GNU and SVR4 as'es use different comment delimiters, - push(@out,"\n"); # so we just skip ELF comments... - return; - } - foreach (@_) - { - if (/^\s*$/) - { push(@out,"\n"); } - else - { push(@out,"\t$com_start $_ $com_end\n"); } - } - } - -sub ::external_label -{ foreach(@_) { &::LABEL($_,$nmdecor.$_); } } - -sub ::public_label -{ push(@out,".globl\t".&::LABEL($_[0],$nmdecor.$_[0])."\n"); } - -sub ::file_end -{ if ($::macosx) - { if (%non_lazy_ptr) - { push(@out,".section __IMPORT,__pointers,non_lazy_symbol_pointers\n"); - foreach $i (keys %non_lazy_ptr) - { push(@out,"$non_lazy_ptr{$i}:\n.indirect_symbol\t$i\n.long\t0\n"); } - } - } - if (grep {/\b${nmdecor}OPENSSL_ia32cap_P\b/i} @out) { - my $tmp=".comm\t${nmdecor}OPENSSL_ia32cap_P,16"; - if ($::macosx) { push (@out,"$tmp,2\n"); } - elsif ($::elf) { push (@out,"$tmp,4\n"); } - else { push (@out,"$tmp\n"); } - } - push(@out,$initseg) if ($initseg); - if ($::elf) { - push(@out," - .section \".note.gnu.property\", \"a\" - .p2align 2 - .long 1f - 0f - .long 4f - 1f - .long 5 -0: - .asciz \"GNU\" -1: - .p2align 2 - .long 0xc0000002 - .long 3f - 2f -2: - .long 3 -3: - .p2align 2 -4: -"); - } -} - -sub ::data_byte { push(@out,".byte\t".join(',',@_)."\n"); } -sub ::data_short{ push(@out,".value\t".join(',',@_)."\n"); } -sub ::data_word { push(@out,".long\t".join(',',@_)."\n"); } - -sub ::align -{ my $val=$_[0]; - if ($::aout) - { $val=int(log($val)/log(2)); - $val.=",0x90"; - } - push(@out,".align\t$val\n"); -} - -sub ::picmeup -{ my($dst,$sym,$base,$reflabel)=@_; - - if (($::pic && ($::elf || $::aout)) || $::macosx) - { if (!defined($base)) - { &::call(&::label("PIC_me_up")); - &::set_label("PIC_me_up"); - &::blindpop($dst); - $base=$dst; - $reflabel=&::label("PIC_me_up"); - } - if ($::macosx) - { my $indirect=&::static_label("$nmdecor$sym\$non_lazy_ptr"); - &::mov($dst,&::DWP("$indirect-$reflabel",$base)); - $non_lazy_ptr{"$nmdecor$sym"}=$indirect; - } - elsif ($sym eq "OPENSSL_ia32cap_P" && $::elf>0) - { &::lea($dst,&::DWP("$sym-$reflabel",$base)); } - else - { &::lea($dst,&::DWP("_GLOBAL_OFFSET_TABLE_+[.-$reflabel]", - $base)); - &::mov($dst,&::DWP("$sym\@GOT",$dst)); - } - } - else - { &::lea($dst,&::DWP($sym)); } -} - -sub ::initseg -{ my $f=$nmdecor.shift; - - if ($::android) - { $initseg.=<<___; -.section .init_array -.align 4 -.long $f -___ - } - elsif ($::elf) - { $initseg.=<<___; -.section .init - call $f -___ - } - elsif ($::coff) - { $initseg.=<<___; # applies to both Cygwin and Mingw -.section .ctors -.long $f -___ - } - elsif ($::macosx) - { $initseg.=<<___; -.mod_init_func -.align 2 -.long $f -___ - } - elsif ($::aout) - { my $ctor="${nmdecor}_GLOBAL_\$I\$$f"; - $initseg.=".text\n"; - $initseg.=".type $ctor,\@function\n" if ($::pic); - $initseg.=<<___; # OpenBSD way... -.globl $ctor -.align 2 -$ctor: - jmp $f -___ - } -} - -sub ::dataseg -{ push(@out,".data\n"); } - -*::hidden = sub { push(@out,".hidden\t$nmdecor$_[0]\n"); } if ($::elf); - -1; diff --git a/crypto/perlasm/x86masm.pl b/crypto/perlasm/x86masm.pl deleted file mode 100644 index 2dcd3f79f6ed23fcd2f52fd0f987f0f4fa2a7c96..0000000000000000000000000000000000000000 --- a/crypto/perlasm/x86masm.pl +++ /dev/null @@ -1,206 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - - -package x86masm; - -*out=\@::out; - -$::lbdecor="\$L"; # local label decoration -$nmdecor="_"; # external name decoration - -$initseg=""; -$segment=""; - -sub ::generic -{ my ($opcode,@arg)=@_; - - # fix hexadecimal constants - for (@arg) { s/(?= 0x02030000\n"); - push(@out,"safeseh ".&::LABEL($nm,$nmdecor.$nm)."\n"); - push(@out,"%endif\n"); -} - -1; diff --git a/crypto/pkcs12/p12_add.c b/crypto/pkcs12/p12_add.c deleted file mode 100644 index 6fd4184af5a5297282c6272797f4329f8875423e..0000000000000000000000000000000000000000 --- a/crypto/pkcs12/p12_add.c +++ /dev/null @@ -1,204 +0,0 @@ -/* - * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/cryptlib.h" -#include -#include -#include -#include "p12_local.h" -#include "crypto/pkcs7/pk7_local.h" - -/* Pack an object into an OCTET STRING and turn into a safebag */ - -PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it, - int nid1, int nid2) -{ - PKCS12_BAGS *bag; - PKCS12_SAFEBAG *safebag; - - if ((bag = PKCS12_BAGS_new()) == NULL) { - ERR_raise(ERR_LIB_PKCS12, ERR_R_MALLOC_FAILURE); - return NULL; - } - bag->type = OBJ_nid2obj(nid1); - if (!ASN1_item_pack(obj, it, &bag->value.octet)) { - ERR_raise(ERR_LIB_PKCS12, ERR_R_MALLOC_FAILURE); - goto err; - } - if ((safebag = PKCS12_SAFEBAG_new()) == NULL) { - ERR_raise(ERR_LIB_PKCS12, ERR_R_MALLOC_FAILURE); - goto err; - } - safebag->value.bag = bag; - safebag->type = OBJ_nid2obj(nid2); - return safebag; - - err: - PKCS12_BAGS_free(bag); - return NULL; -} - -/* Turn a stack of SAFEBAGS into a PKCS#7 data Contentinfo */ -PKCS7 *PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk) -{ - PKCS7 *p7; - - if ((p7 = PKCS7_new()) == NULL) { - ERR_raise(ERR_LIB_PKCS12, ERR_R_MALLOC_FAILURE); - return NULL; - } - p7->type = OBJ_nid2obj(NID_pkcs7_data); - if ((p7->d.data = ASN1_OCTET_STRING_new()) == NULL) { - ERR_raise(ERR_LIB_PKCS12, ERR_R_MALLOC_FAILURE); - goto err; - } - - if (!ASN1_item_pack(sk, ASN1_ITEM_rptr(PKCS12_SAFEBAGS), &p7->d.data)) { - ERR_raise(ERR_LIB_PKCS12, PKCS12_R_CANT_PACK_STRUCTURE); - goto err; - } - return p7; - - err: - PKCS7_free(p7); - return NULL; -} - -/* Unpack SAFEBAGS from PKCS#7 data ContentInfo */ -STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7data(PKCS7 *p7) -{ - if (!PKCS7_type_is_data(p7)) { - ERR_raise(ERR_LIB_PKCS12, PKCS12_R_CONTENT_TYPE_NOT_DATA); - return NULL; - } - return ASN1_item_unpack(p7->d.data, ASN1_ITEM_rptr(PKCS12_SAFEBAGS)); -} - -/* Turn a stack of SAFEBAGS into a PKCS#7 encrypted data ContentInfo */ - -PKCS7 *PKCS12_pack_p7encdata_ex(int pbe_nid, const char *pass, int passlen, - unsigned char *salt, int saltlen, int iter, - STACK_OF(PKCS12_SAFEBAG) *bags, - OSSL_LIB_CTX *ctx, const char *propq) -{ - PKCS7 *p7; - X509_ALGOR *pbe; - const EVP_CIPHER *pbe_ciph = NULL; - EVP_CIPHER *pbe_ciph_fetch = NULL; - - if ((p7 = PKCS7_new_ex(ctx, propq)) == NULL) { - ERR_raise(ERR_LIB_PKCS12, ERR_R_MALLOC_FAILURE); - return NULL; - } - if (!PKCS7_set_type(p7, NID_pkcs7_encrypted)) { - ERR_raise(ERR_LIB_PKCS12, PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE); - goto err; - } - - ERR_set_mark(); - pbe_ciph = pbe_ciph_fetch = EVP_CIPHER_fetch(ctx, OBJ_nid2sn(pbe_nid), propq); - if (pbe_ciph == NULL) - pbe_ciph = EVP_get_cipherbynid(pbe_nid); - ERR_pop_to_mark(); - - if (pbe_ciph != NULL) { - pbe = PKCS5_pbe2_set_iv_ex(pbe_ciph, iter, salt, saltlen, NULL, -1, ctx); - } else { - pbe = PKCS5_pbe_set_ex(pbe_nid, iter, salt, saltlen, ctx); - } - - if (pbe == NULL) { - ERR_raise(ERR_LIB_PKCS12, ERR_R_MALLOC_FAILURE); - goto err; - } - X509_ALGOR_free(p7->d.encrypted->enc_data->algorithm); - p7->d.encrypted->enc_data->algorithm = pbe; - ASN1_OCTET_STRING_free(p7->d.encrypted->enc_data->enc_data); - if (!(p7->d.encrypted->enc_data->enc_data = - PKCS12_item_i2d_encrypt_ex(pbe, ASN1_ITEM_rptr(PKCS12_SAFEBAGS), pass, - passlen, bags, 1, ctx, propq))) { - ERR_raise(ERR_LIB_PKCS12, PKCS12_R_ENCRYPT_ERROR); - goto err; - } - - EVP_CIPHER_free(pbe_ciph_fetch); - return p7; - - err: - PKCS7_free(p7); - EVP_CIPHER_free(pbe_ciph_fetch); - return NULL; -} - -PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen, - unsigned char *salt, int saltlen, int iter, - STACK_OF(PKCS12_SAFEBAG) *bags) -{ - return PKCS12_pack_p7encdata_ex(pbe_nid, pass, passlen, salt, saltlen, - iter, bags, NULL, NULL); -} - -STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass, - int passlen) -{ - if (!PKCS7_type_is_encrypted(p7)) - return NULL; - return PKCS12_item_decrypt_d2i_ex(p7->d.encrypted->enc_data->algorithm, - ASN1_ITEM_rptr(PKCS12_SAFEBAGS), - pass, passlen, - p7->d.encrypted->enc_data->enc_data, 1, - p7->ctx.libctx, p7->ctx.propq); -} - -PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey_ex(const PKCS12_SAFEBAG *bag, - const char *pass, int passlen, - OSSL_LIB_CTX *ctx, const char *propq) -{ - return PKCS8_decrypt_ex(bag->value.shkeybag, pass, passlen, ctx, propq); -} - -PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey(const PKCS12_SAFEBAG *bag, - const char *pass, int passlen) -{ - return PKCS12_decrypt_skey_ex(bag, pass, passlen, NULL, NULL); -} - -int PKCS12_pack_authsafes(PKCS12 *p12, STACK_OF(PKCS7) *safes) -{ - if (ASN1_item_pack(safes, ASN1_ITEM_rptr(PKCS12_AUTHSAFES), - &p12->authsafes->d.data)) - return 1; - return 0; -} - -STACK_OF(PKCS7) *PKCS12_unpack_authsafes(const PKCS12 *p12) -{ - STACK_OF(PKCS7) *p7s; - PKCS7 *p7; - int i; - - if (!PKCS7_type_is_data(p12->authsafes)) { - ERR_raise(ERR_LIB_PKCS12, PKCS12_R_CONTENT_TYPE_NOT_DATA); - return NULL; - } - p7s = ASN1_item_unpack(p12->authsafes->d.data, - ASN1_ITEM_rptr(PKCS12_AUTHSAFES)); - if (p7s != NULL) { - for (i = 0; i < sk_PKCS7_num(p7s); i++) { - p7 = sk_PKCS7_value(p7s, i); - if (!ossl_pkcs7_ctx_propagate(p12->authsafes, p7)) - goto err; - } - } - return p7s; -err: - sk_PKCS7_free(p7s); - return NULL; -} diff --git a/crypto/pkcs12/p12_asn.c b/crypto/pkcs12/p12_asn.c deleted file mode 100644 index aabbd38eefbec11159ddd8736845fe76955f2fcc..0000000000000000000000000000000000000000 --- a/crypto/pkcs12/p12_asn.c +++ /dev/null @@ -1,76 +0,0 @@ -/* - * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/cryptlib.h" -#include -#include -#include "p12_local.h" - -/* PKCS#12 ASN1 module */ - -ASN1_SEQUENCE(PKCS12) = { - ASN1_SIMPLE(PKCS12, version, ASN1_INTEGER), - ASN1_SIMPLE(PKCS12, authsafes, PKCS7), - ASN1_OPT(PKCS12, mac, PKCS12_MAC_DATA) -} ASN1_SEQUENCE_END(PKCS12) - -IMPLEMENT_ASN1_FUNCTIONS(PKCS12) - -ASN1_SEQUENCE(PKCS12_MAC_DATA) = { - ASN1_SIMPLE(PKCS12_MAC_DATA, dinfo, X509_SIG), - ASN1_SIMPLE(PKCS12_MAC_DATA, salt, ASN1_OCTET_STRING), - ASN1_OPT(PKCS12_MAC_DATA, iter, ASN1_INTEGER) -} ASN1_SEQUENCE_END(PKCS12_MAC_DATA) - -IMPLEMENT_ASN1_FUNCTIONS(PKCS12_MAC_DATA) - -ASN1_ADB_TEMPLATE(bag_default) = ASN1_EXP(PKCS12_BAGS, value.other, ASN1_ANY, 0); - -ASN1_ADB(PKCS12_BAGS) = { - ADB_ENTRY(NID_x509Certificate, ASN1_EXP(PKCS12_BAGS, value.x509cert, ASN1_OCTET_STRING, 0)), - ADB_ENTRY(NID_x509Crl, ASN1_EXP(PKCS12_BAGS, value.x509crl, ASN1_OCTET_STRING, 0)), - ADB_ENTRY(NID_sdsiCertificate, ASN1_EXP(PKCS12_BAGS, value.sdsicert, ASN1_IA5STRING, 0)), -} ASN1_ADB_END(PKCS12_BAGS, 0, type, 0, &bag_default_tt, NULL); - -ASN1_SEQUENCE(PKCS12_BAGS) = { - ASN1_SIMPLE(PKCS12_BAGS, type, ASN1_OBJECT), - ASN1_ADB_OBJECT(PKCS12_BAGS), -} ASN1_SEQUENCE_END(PKCS12_BAGS) - -IMPLEMENT_ASN1_FUNCTIONS(PKCS12_BAGS) - -ASN1_ADB_TEMPLATE(safebag_default) = ASN1_EXP(PKCS12_SAFEBAG, value.other, ASN1_ANY, 0); - -ASN1_ADB(PKCS12_SAFEBAG) = { - ADB_ENTRY(NID_keyBag, ASN1_EXP(PKCS12_SAFEBAG, value.keybag, PKCS8_PRIV_KEY_INFO, 0)), - ADB_ENTRY(NID_pkcs8ShroudedKeyBag, ASN1_EXP(PKCS12_SAFEBAG, value.shkeybag, X509_SIG, 0)), - ADB_ENTRY(NID_safeContentsBag, ASN1_EXP_SEQUENCE_OF(PKCS12_SAFEBAG, value.safes, PKCS12_SAFEBAG, 0)), - ADB_ENTRY(NID_certBag, ASN1_EXP(PKCS12_SAFEBAG, value.bag, PKCS12_BAGS, 0)), - ADB_ENTRY(NID_crlBag, ASN1_EXP(PKCS12_SAFEBAG, value.bag, PKCS12_BAGS, 0)), - ADB_ENTRY(NID_secretBag, ASN1_EXP(PKCS12_SAFEBAG, value.bag, PKCS12_BAGS, 0)) -} ASN1_ADB_END(PKCS12_SAFEBAG, 0, type, 0, &safebag_default_tt, NULL); - -ASN1_SEQUENCE(PKCS12_SAFEBAG) = { - ASN1_SIMPLE(PKCS12_SAFEBAG, type, ASN1_OBJECT), - ASN1_ADB_OBJECT(PKCS12_SAFEBAG), - ASN1_SET_OF_OPT(PKCS12_SAFEBAG, attrib, X509_ATTRIBUTE) -} ASN1_SEQUENCE_END(PKCS12_SAFEBAG) - -IMPLEMENT_ASN1_FUNCTIONS(PKCS12_SAFEBAG) - -/* SEQUENCE OF SafeBag */ -ASN1_ITEM_TEMPLATE(PKCS12_SAFEBAGS) = - ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, PKCS12_SAFEBAGS, PKCS12_SAFEBAG) -ASN1_ITEM_TEMPLATE_END(PKCS12_SAFEBAGS) - -/* Authsafes: SEQUENCE OF PKCS7 */ -ASN1_ITEM_TEMPLATE(PKCS12_AUTHSAFES) = - ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, PKCS12_AUTHSAFES, PKCS7) -ASN1_ITEM_TEMPLATE_END(PKCS12_AUTHSAFES) diff --git a/crypto/pkcs12/p12_attr.c b/crypto/pkcs12/p12_attr.c deleted file mode 100644 index da228336eb607ab0d64faa9d9374326e878a3545..0000000000000000000000000000000000000000 --- a/crypto/pkcs12/p12_attr.c +++ /dev/null @@ -1,121 +0,0 @@ -/* - * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/cryptlib.h" -#include -#include "p12_local.h" - -/* Add a local keyid to a safebag */ - -int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name, - int namelen) -{ - if (X509at_add1_attr_by_NID(&bag->attrib, NID_localKeyID, - V_ASN1_OCTET_STRING, name, namelen) != NULL) - return 1; - else - return 0; -} - -/* Add key usage to PKCS#8 structure */ - -int PKCS8_add_keyusage(PKCS8_PRIV_KEY_INFO *p8, int usage) -{ - unsigned char us_val = (unsigned char)usage; - return PKCS8_pkey_add1_attr_by_NID(p8, NID_key_usage, - V_ASN1_BIT_STRING, &us_val, 1); -} - -/* Add a friendlyname to a safebag */ - -int PKCS12_add_friendlyname_asc(PKCS12_SAFEBAG *bag, const char *name, - int namelen) -{ - if (X509at_add1_attr_by_NID(&bag->attrib, NID_friendlyName, - MBSTRING_ASC, (unsigned char *)name, namelen) != NULL) - return 1; - else - return 0; -} - -int PKCS12_add_friendlyname_utf8(PKCS12_SAFEBAG *bag, const char *name, - int namelen) -{ - if (X509at_add1_attr_by_NID(&bag->attrib, NID_friendlyName, - MBSTRING_UTF8, (unsigned char *)name, namelen) != NULL) - return 1; - else - return 0; -} - -int PKCS12_add_friendlyname_uni(PKCS12_SAFEBAG *bag, - const unsigned char *name, int namelen) -{ - if (X509at_add1_attr_by_NID(&bag->attrib, NID_friendlyName, - MBSTRING_BMP, name, namelen) != NULL) - return 1; - else - return 0; -} - -int PKCS12_add_CSPName_asc(PKCS12_SAFEBAG *bag, const char *name, int namelen) -{ - if (X509at_add1_attr_by_NID(&bag->attrib, NID_ms_csp_name, - MBSTRING_ASC, (unsigned char *)name, namelen) != NULL) - return 1; - else - return 0; -} - -int PKCS12_add1_attr_by_NID(PKCS12_SAFEBAG *bag, int nid, int type, - const unsigned char *bytes, int len) -{ - if (X509at_add1_attr_by_NID(&bag->attrib, nid, type, bytes, len) != NULL) - return 1; - else - return 0; -} - -int PKCS12_add1_attr_by_txt(PKCS12_SAFEBAG *bag, const char *attrname, int type, - const unsigned char *bytes, int len) -{ - if (X509at_add1_attr_by_txt(&bag->attrib, attrname, type, bytes, len) != NULL) - return 1; - else - return 0; -} - -ASN1_TYPE *PKCS12_get_attr_gen(const STACK_OF(X509_ATTRIBUTE) *attrs, - int attr_nid) -{ - X509_ATTRIBUTE *attrib; - int i; - i = X509at_get_attr_by_NID(attrs, attr_nid, -1); - attrib = X509at_get_attr(attrs, i); - return X509_ATTRIBUTE_get0_type(attrib, 0); -} - -char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag) -{ - const ASN1_TYPE *atype; - - if ((atype = PKCS12_SAFEBAG_get0_attr(bag, NID_friendlyName)) == NULL) - return NULL; - if (atype->type != V_ASN1_BMPSTRING) - return NULL; - return OPENSSL_uni2utf8(atype->value.bmpstring->data, - atype->value.bmpstring->length); -} - -const STACK_OF(X509_ATTRIBUTE) * -PKCS12_SAFEBAG_get0_attrs(const PKCS12_SAFEBAG *bag) -{ - return bag->attrib; -} diff --git a/crypto/pkcs12/p12_crpt.c b/crypto/pkcs12/p12_crpt.c deleted file mode 100644 index 57d1caecfce7495a8fa6bfa10dc2c765e2658a2d..0000000000000000000000000000000000000000 --- a/crypto/pkcs12/p12_crpt.c +++ /dev/null @@ -1,85 +0,0 @@ -/* - * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/cryptlib.h" -#include -#include -#include "crypto/evp.h" -#include - -/* PKCS#12 PBE algorithms now in static table */ - -void PKCS12_PBE_add(void) -{ -} - -int PKCS12_PBE_keyivgen_ex(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, - ASN1_TYPE *param, const EVP_CIPHER *cipher, - const EVP_MD *md, int en_de, - OSSL_LIB_CTX *libctx, const char *propq) -{ - PBEPARAM *pbe; - int saltlen, iter, ret; - unsigned char *salt; - unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH]; - unsigned char *piv = iv; - - if (cipher == NULL) - return 0; - - /* Extract useful info from parameter */ - - pbe = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(PBEPARAM), param); - if (pbe == NULL) { - ERR_raise(ERR_LIB_PKCS12, PKCS12_R_DECODE_ERROR); - return 0; - } - - if (pbe->iter == NULL) - iter = 1; - else - iter = ASN1_INTEGER_get(pbe->iter); - salt = pbe->salt->data; - saltlen = pbe->salt->length; - if (!PKCS12_key_gen_utf8_ex(pass, passlen, salt, saltlen, PKCS12_KEY_ID, - iter, EVP_CIPHER_get_key_length(cipher), - key, md, - libctx, propq)) { - ERR_raise(ERR_LIB_PKCS12, PKCS12_R_KEY_GEN_ERROR); - PBEPARAM_free(pbe); - return 0; - } - if (EVP_CIPHER_get_iv_length(cipher) > 0) { - if (!PKCS12_key_gen_utf8_ex(pass, passlen, salt, saltlen, PKCS12_IV_ID, - iter, EVP_CIPHER_get_iv_length(cipher), - iv, md, - libctx, propq)) { - ERR_raise(ERR_LIB_PKCS12, PKCS12_R_IV_GEN_ERROR); - PBEPARAM_free(pbe); - return 0; - } - } else { - piv = NULL; - } - PBEPARAM_free(pbe); - ret = EVP_CipherInit_ex(ctx, cipher, NULL, key, piv, en_de); - OPENSSL_cleanse(key, EVP_MAX_KEY_LENGTH); - OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH); - return ret; -} - -int PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, - ASN1_TYPE *param, const EVP_CIPHER *cipher, - const EVP_MD *md, int en_de) -{ - return PKCS12_PBE_keyivgen_ex(ctx, pass, passlen, param, cipher, md, en_de, - NULL, NULL); -} - diff --git a/crypto/pkcs12/p12_crt.c b/crypto/pkcs12/p12_crt.c deleted file mode 100644 index 00c71297463d9e9d821d3dc74c25975c415ec042..0000000000000000000000000000000000000000 --- a/crypto/pkcs12/p12_crt.c +++ /dev/null @@ -1,337 +0,0 @@ -/* - * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/cryptlib.h" -#include -#include "p12_local.h" - -static int pkcs12_add_bag(STACK_OF(PKCS12_SAFEBAG) **pbags, - PKCS12_SAFEBAG *bag); - -static int copy_bag_attr(PKCS12_SAFEBAG *bag, EVP_PKEY *pkey, int nid) -{ - int idx; - X509_ATTRIBUTE *attr; - idx = EVP_PKEY_get_attr_by_NID(pkey, nid, -1); - if (idx < 0) - return 1; - attr = EVP_PKEY_get_attr(pkey, idx); - if (!X509at_add1_attr(&bag->attrib, attr)) - return 0; - return 1; -} - -PKCS12 *PKCS12_create_ex(const char *pass, const char *name, EVP_PKEY *pkey, - X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert, - int iter, int mac_iter, int keytype, - OSSL_LIB_CTX *ctx, const char *propq) -{ - PKCS12 *p12 = NULL; - STACK_OF(PKCS7) *safes = NULL; - STACK_OF(PKCS12_SAFEBAG) *bags = NULL; - PKCS12_SAFEBAG *bag = NULL; - int i; - unsigned char keyid[EVP_MAX_MD_SIZE]; - unsigned int keyidlen = 0; - - /* Set defaults */ - if (nid_cert == NID_undef) - nid_cert = NID_aes_256_cbc; - if (nid_key == NID_undef) - nid_key = NID_aes_256_cbc; - if (!iter) - iter = PKCS12_DEFAULT_ITER; - if (!mac_iter) - mac_iter = PKCS12_DEFAULT_ITER; - - if (pkey == NULL && cert == NULL && ca == NULL) { - ERR_raise(ERR_LIB_PKCS12, PKCS12_R_INVALID_NULL_ARGUMENT); - return NULL; - } - - if (pkey && cert) { - if (!X509_check_private_key(cert, pkey)) - return NULL; - if (!X509_digest(cert, EVP_sha1(), keyid, &keyidlen)) - return NULL; - } - - if (cert) { - bag = PKCS12_add_cert(&bags, cert); - if (name && !PKCS12_add_friendlyname(bag, name, -1)) - goto err; - if (keyidlen && !PKCS12_add_localkeyid(bag, keyid, keyidlen)) - goto err; - } - - /* Add all other certificates */ - for (i = 0; i < sk_X509_num(ca); i++) { - if (!PKCS12_add_cert(&bags, sk_X509_value(ca, i))) - goto err; - } - - if (bags && !PKCS12_add_safe_ex(&safes, bags, nid_cert, iter, pass, - ctx, propq)) - goto err; - - sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); - bags = NULL; - - if (pkey) { - bag = PKCS12_add_key_ex(&bags, pkey, keytype, iter, nid_key, pass, - ctx, propq); - - if (!bag) - goto err; - - if (!copy_bag_attr(bag, pkey, NID_ms_csp_name)) - goto err; - if (!copy_bag_attr(bag, pkey, NID_LocalKeySet)) - goto err; - - if (name && !PKCS12_add_friendlyname(bag, name, -1)) - goto err; - if (keyidlen && !PKCS12_add_localkeyid(bag, keyid, keyidlen)) - goto err; - } - - if (bags && !PKCS12_add_safe(&safes, bags, -1, 0, NULL)) - goto err; - - sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); - bags = NULL; - - p12 = PKCS12_add_safes_ex(safes, 0, ctx, propq); - - if (p12 == NULL) - goto err; - - sk_PKCS7_pop_free(safes, PKCS7_free); - - safes = NULL; - - if ((mac_iter != -1) && - !PKCS12_set_mac(p12, pass, -1, NULL, 0, mac_iter, NULL)) - goto err; - - return p12; - - err: - PKCS12_free(p12); - sk_PKCS7_pop_free(safes, PKCS7_free); - sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); - return NULL; - -} - -PKCS12 *PKCS12_create(const char *pass, const char *name, EVP_PKEY *pkey, X509 *cert, - STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter, - int mac_iter, int keytype) -{ - return PKCS12_create_ex(pass, name, pkey, cert, ca, nid_key, nid_cert, - iter, mac_iter, keytype, NULL, NULL); -} - -PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert) -{ - PKCS12_SAFEBAG *bag = NULL; - char *name; - int namelen = -1; - unsigned char *keyid; - int keyidlen = -1; - - /* Add user certificate */ - if ((bag = PKCS12_SAFEBAG_create_cert(cert)) == NULL) - goto err; - - /* - * Use friendlyName and localKeyID in certificate. (if present) - */ - - name = (char *)X509_alias_get0(cert, &namelen); - - if (name && !PKCS12_add_friendlyname(bag, name, namelen)) - goto err; - - keyid = X509_keyid_get0(cert, &keyidlen); - - if (keyid && !PKCS12_add_localkeyid(bag, keyid, keyidlen)) - goto err; - - if (!pkcs12_add_bag(pbags, bag)) - goto err; - - return bag; - - err: - PKCS12_SAFEBAG_free(bag); - return NULL; - -} - -PKCS12_SAFEBAG *PKCS12_add_key_ex(STACK_OF(PKCS12_SAFEBAG) **pbags, - EVP_PKEY *key, int key_usage, int iter, - int nid_key, const char *pass, - OSSL_LIB_CTX *ctx, const char *propq) -{ - - PKCS12_SAFEBAG *bag = NULL; - PKCS8_PRIV_KEY_INFO *p8 = NULL; - - /* Make a PKCS#8 structure */ - if ((p8 = EVP_PKEY2PKCS8(key)) == NULL) - goto err; - if (key_usage && !PKCS8_add_keyusage(p8, key_usage)) - goto err; - if (nid_key != -1) { - bag = PKCS12_SAFEBAG_create_pkcs8_encrypt_ex(nid_key, pass, -1, NULL, 0, - iter, p8, ctx, propq); - PKCS8_PRIV_KEY_INFO_free(p8); - } else - bag = PKCS12_SAFEBAG_create0_p8inf(p8); - - if (!bag) - goto err; - - if (!pkcs12_add_bag(pbags, bag)) - goto err; - - return bag; - - err: - PKCS12_SAFEBAG_free(bag); - return NULL; - -} - -PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags, - EVP_PKEY *key, int key_usage, int iter, - int nid_key, const char *pass) -{ - return PKCS12_add_key_ex(pbags, key, key_usage, iter, nid_key, pass, - NULL, NULL); -} - -PKCS12_SAFEBAG *PKCS12_add_secret(STACK_OF(PKCS12_SAFEBAG) **pbags, - int nid_type, const unsigned char *value, int len) -{ - PKCS12_SAFEBAG *bag = NULL; - - /* Add secret, storing the value as an octet string */ - if ((bag = PKCS12_SAFEBAG_create_secret(nid_type, V_ASN1_OCTET_STRING, value, len)) == NULL) - goto err; - - if (!pkcs12_add_bag(pbags, bag)) - goto err; - - return bag; - err: - PKCS12_SAFEBAG_free(bag); - return NULL; -} - -int PKCS12_add_safe_ex(STACK_OF(PKCS7) **psafes, STACK_OF(PKCS12_SAFEBAG) *bags, - int nid_safe, int iter, const char *pass, - OSSL_LIB_CTX *ctx, const char *propq) -{ - PKCS7 *p7 = NULL; - int free_safes = 0; - - if (*psafes == NULL) { - *psafes = sk_PKCS7_new_null(); - if (*psafes == NULL) - return 0; - free_safes = 1; - } - - if (nid_safe == 0) -#ifdef OPENSSL_NO_RC2 - nid_safe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; -#else - nid_safe = NID_pbe_WithSHA1And40BitRC2_CBC; -#endif - - if (nid_safe == -1) - p7 = PKCS12_pack_p7data(bags); - else - p7 = PKCS12_pack_p7encdata_ex(nid_safe, pass, -1, NULL, 0, iter, bags, ctx, propq); - if (p7 == NULL) - goto err; - - if (!sk_PKCS7_push(*psafes, p7)) - goto err; - - return 1; - - err: - if (free_safes) { - sk_PKCS7_free(*psafes); - *psafes = NULL; - } - PKCS7_free(p7); - return 0; -} - -int PKCS12_add_safe(STACK_OF(PKCS7) **psafes, STACK_OF(PKCS12_SAFEBAG) *bags, - int nid_safe, int iter, const char *pass) -{ - return PKCS12_add_safe_ex(psafes, bags, nid_safe, iter, pass, NULL, NULL); -} - -static int pkcs12_add_bag(STACK_OF(PKCS12_SAFEBAG) **pbags, - PKCS12_SAFEBAG *bag) -{ - int free_bags = 0; - - if (pbags == NULL) - return 1; - if (*pbags == NULL) { - *pbags = sk_PKCS12_SAFEBAG_new_null(); - if (*pbags == NULL) - return 0; - free_bags = 1; - } - - if (!sk_PKCS12_SAFEBAG_push(*pbags, bag)) { - if (free_bags) { - sk_PKCS12_SAFEBAG_free(*pbags); - *pbags = NULL; - } - return 0; - } - - return 1; - -} - -PKCS12 *PKCS12_add_safes_ex(STACK_OF(PKCS7) *safes, int nid_p7, - OSSL_LIB_CTX *ctx, const char *propq) -{ - PKCS12 *p12; - - if (nid_p7 <= 0) - nid_p7 = NID_pkcs7_data; - p12 = PKCS12_init_ex(nid_p7, ctx, propq); - if (p12 == NULL) - return NULL; - - if (!PKCS12_pack_authsafes(p12, safes)) { - PKCS12_free(p12); - return NULL; - } - - return p12; - -} - -PKCS12 *PKCS12_add_safes(STACK_OF(PKCS7) *safes, int nid_p7) -{ - return PKCS12_add_safes_ex(safes, nid_p7, NULL, NULL); -} diff --git a/crypto/pkcs12/p12_decr.c b/crypto/pkcs12/p12_decr.c deleted file mode 100644 index a5adafa954a3f521ed4886fdc1691c484d60386a..0000000000000000000000000000000000000000 --- a/crypto/pkcs12/p12_decr.c +++ /dev/null @@ -1,212 +0,0 @@ -/* - * Copyright 1999-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/cryptlib.h" -#include -#include - -/* - * Encrypt/Decrypt a buffer based on password and algor, result in a - * OPENSSL_malloc'ed buffer - */ -unsigned char *PKCS12_pbe_crypt_ex(const X509_ALGOR *algor, - const char *pass, int passlen, - const unsigned char *in, int inlen, - unsigned char **data, int *datalen, int en_de, - OSSL_LIB_CTX *libctx, const char *propq) -{ - unsigned char *out = NULL; - int outlen, i; - EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new(); - int max_out_len, mac_len = 0; - - if (ctx == NULL) { - ERR_raise(ERR_LIB_PKCS12, ERR_R_MALLOC_FAILURE); - goto err; - } - - /* Process data */ - if (!EVP_PBE_CipherInit_ex(algor->algorithm, pass, passlen, - algor->parameter, ctx, en_de, libctx, propq)) - goto err; - - /* - * GOST algorithm specifics: - * OMAC algorithm calculate and encrypt MAC of the encrypted objects - * It's appended to encrypted text on encrypting - * MAC should be processed on decrypting separately from plain text - */ - max_out_len = inlen + EVP_CIPHER_CTX_get_block_size(ctx); - if ((EVP_CIPHER_get_flags(EVP_CIPHER_CTX_get0_cipher(ctx)) - & EVP_CIPH_FLAG_CIPHER_WITH_MAC) != 0) { - if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_TLS1_AAD, 0, &mac_len) < 0) { - ERR_raise(ERR_LIB_PKCS12, ERR_R_INTERNAL_ERROR); - goto err; - } - - if (EVP_CIPHER_CTX_is_encrypting(ctx)) { - max_out_len += mac_len; - } else { - if (inlen < mac_len) { - ERR_raise(ERR_LIB_PKCS12, PKCS12_R_UNSUPPORTED_PKCS12_MODE); - goto err; - } - inlen -= mac_len; - if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, - (int)mac_len, (unsigned char *)in+inlen) < 0) { - ERR_raise(ERR_LIB_PKCS12, ERR_R_INTERNAL_ERROR); - goto err; - } - } - } - - if ((out = OPENSSL_malloc(max_out_len)) == NULL) { - ERR_raise(ERR_LIB_PKCS12, ERR_R_MALLOC_FAILURE); - goto err; - } - - if (!EVP_CipherUpdate(ctx, out, &i, in, inlen)) { - OPENSSL_free(out); - out = NULL; - ERR_raise(ERR_LIB_PKCS12, ERR_R_EVP_LIB); - goto err; - } - - outlen = i; - if (!EVP_CipherFinal_ex(ctx, out + i, &i)) { - OPENSSL_free(out); - out = NULL; - ERR_raise_data(ERR_LIB_PKCS12, PKCS12_R_PKCS12_CIPHERFINAL_ERROR, - passlen == 0 ? "empty password" - : "maybe wrong password"); - goto err; - } - outlen += i; - if ((EVP_CIPHER_get_flags(EVP_CIPHER_CTX_get0_cipher(ctx)) - & EVP_CIPH_FLAG_CIPHER_WITH_MAC) != 0) { - if (EVP_CIPHER_CTX_is_encrypting(ctx)) { - if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, - (int)mac_len, out+outlen) < 0) { - OPENSSL_free(out); - out = NULL; - ERR_raise(ERR_LIB_PKCS12, ERR_R_INTERNAL_ERROR); - goto err; - } - outlen += mac_len; - } - } - if (datalen) - *datalen = outlen; - if (data) - *data = out; - err: - EVP_CIPHER_CTX_free(ctx); - return out; - -} - -unsigned char *PKCS12_pbe_crypt(const X509_ALGOR *algor, - const char *pass, int passlen, - const unsigned char *in, int inlen, - unsigned char **data, int *datalen, int en_de) -{ - return PKCS12_pbe_crypt_ex(algor, pass, passlen, in, inlen, data, datalen, - en_de, NULL, NULL); -} - -/* - * Decrypt an OCTET STRING and decode ASN1 structure if zbuf set zero buffer - * after use. - */ - -void *PKCS12_item_decrypt_d2i_ex(const X509_ALGOR *algor, const ASN1_ITEM *it, - const char *pass, int passlen, - const ASN1_OCTET_STRING *oct, int zbuf, - OSSL_LIB_CTX *libctx, - const char *propq) -{ - unsigned char *out = NULL; - const unsigned char *p; - void *ret; - int outlen = 0; - - if (!PKCS12_pbe_crypt_ex(algor, pass, passlen, oct->data, oct->length, - &out, &outlen, 0, libctx, propq)) - return NULL; - p = out; - OSSL_TRACE_BEGIN(PKCS12_DECRYPT) { - BIO_printf(trc_out, "\n"); - BIO_dump(trc_out, out, outlen); - BIO_printf(trc_out, "\n"); - } OSSL_TRACE_END(PKCS12_DECRYPT); - ret = ASN1_item_d2i(NULL, &p, outlen, it); - if (zbuf) - OPENSSL_cleanse(out, outlen); - if (!ret) - ERR_raise(ERR_LIB_PKCS12, PKCS12_R_DECODE_ERROR); - OPENSSL_free(out); - return ret; -} - -void *PKCS12_item_decrypt_d2i(const X509_ALGOR *algor, const ASN1_ITEM *it, - const char *pass, int passlen, - const ASN1_OCTET_STRING *oct, int zbuf) -{ - return PKCS12_item_decrypt_d2i_ex(algor, it, pass, passlen, oct, zbuf, - NULL, NULL); -} - -/* - * Encode ASN1 structure and encrypt, return OCTET STRING if zbuf set zero - * encoding. - */ - -ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt_ex(X509_ALGOR *algor, - const ASN1_ITEM *it, - const char *pass, int passlen, - void *obj, int zbuf, - OSSL_LIB_CTX *ctx, - const char *propq) -{ - ASN1_OCTET_STRING *oct = NULL; - unsigned char *in = NULL; - int inlen; - - if ((oct = ASN1_OCTET_STRING_new()) == NULL) { - ERR_raise(ERR_LIB_PKCS12, ERR_R_MALLOC_FAILURE); - goto err; - } - inlen = ASN1_item_i2d(obj, &in, it); - if (!in) { - ERR_raise(ERR_LIB_PKCS12, PKCS12_R_ENCODE_ERROR); - goto err; - } - if (!PKCS12_pbe_crypt_ex(algor, pass, passlen, in, inlen, &oct->data, - &oct->length, 1, ctx, propq)) { - ERR_raise(ERR_LIB_PKCS12, PKCS12_R_ENCRYPT_ERROR); - OPENSSL_free(in); - goto err; - } - if (zbuf) - OPENSSL_cleanse(in, inlen); - OPENSSL_free(in); - return oct; - err: - ASN1_OCTET_STRING_free(oct); - return NULL; -} - -ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt(X509_ALGOR *algor, - const ASN1_ITEM *it, - const char *pass, int passlen, - void *obj, int zbuf) -{ - return PKCS12_item_i2d_encrypt_ex(algor, it, pass, passlen, obj, zbuf, NULL, NULL); -} diff --git a/crypto/pkcs12/p12_init.c b/crypto/pkcs12/p12_init.c deleted file mode 100644 index 45aa2f9154b91b8d8a4e864b59826e339ab757f3..0000000000000000000000000000000000000000 --- a/crypto/pkcs12/p12_init.c +++ /dev/null @@ -1,58 +0,0 @@ -/* - * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/cryptlib.h" -#include -#include "crypto/pkcs7.h" -#include "p12_local.h" - -/* Initialise a PKCS12 structure to take data */ - -PKCS12 *PKCS12_init_ex(int mode, OSSL_LIB_CTX *ctx, const char *propq) -{ - PKCS12 *pkcs12; - - if ((pkcs12 = PKCS12_new()) == NULL) { - ERR_raise(ERR_LIB_PKCS12, ERR_R_MALLOC_FAILURE); - return NULL; - } - if (!ASN1_INTEGER_set(pkcs12->version, 3)) - goto err; - pkcs12->authsafes->type = OBJ_nid2obj(mode); - - ossl_pkcs7_set0_libctx(pkcs12->authsafes, ctx); - if (!ossl_pkcs7_set1_propq(pkcs12->authsafes, propq)) { - ERR_raise(ERR_LIB_PKCS12, ERR_R_MALLOC_FAILURE); - goto err; - } - - switch (mode) { - case NID_pkcs7_data: - if ((pkcs12->authsafes->d.data = ASN1_OCTET_STRING_new()) == NULL) { - ERR_raise(ERR_LIB_PKCS12, ERR_R_MALLOC_FAILURE); - goto err; - } - break; - default: - ERR_raise(ERR_LIB_PKCS12, PKCS12_R_UNSUPPORTED_PKCS12_MODE); - goto err; - } - return pkcs12; - - err: - PKCS12_free(pkcs12); - return NULL; -} - -PKCS12 *PKCS12_init(int mode) -{ - return PKCS12_init_ex(mode, NULL, NULL); -} - diff --git a/crypto/pkcs12/p12_key.c b/crypto/pkcs12/p12_key.c deleted file mode 100644 index 41a2d7293e9108618ba5e0b01597f1e38785a48c..0000000000000000000000000000000000000000 --- a/crypto/pkcs12/p12_key.c +++ /dev/null @@ -1,138 +0,0 @@ -/* - * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/cryptlib.h" -#include -#include -#include -#include -#include -#include "internal/provider.h" - -int PKCS12_key_gen_asc_ex(const char *pass, int passlen, unsigned char *salt, - int saltlen, int id, int iter, int n, - unsigned char *out, const EVP_MD *md_type, - OSSL_LIB_CTX *ctx, const char *propq) -{ - int ret; - unsigned char *unipass; - int uniplen; - - if (pass == NULL) { - unipass = NULL; - uniplen = 0; - } else if (!OPENSSL_asc2uni(pass, passlen, &unipass, &uniplen)) { - ERR_raise(ERR_LIB_PKCS12, ERR_R_MALLOC_FAILURE); - return 0; - } - ret = PKCS12_key_gen_uni_ex(unipass, uniplen, salt, saltlen, id, iter, - n, out, md_type, ctx, propq); - OPENSSL_clear_free(unipass, uniplen); - return ret > 0; -} - -int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt, - int saltlen, int id, int iter, int n, - unsigned char *out, const EVP_MD *md_type) -{ - return PKCS12_key_gen_asc_ex(pass, passlen, salt, saltlen, id, iter, n, - out, md_type, NULL, NULL); -} - -int PKCS12_key_gen_utf8_ex(const char *pass, int passlen, unsigned char *salt, - int saltlen, int id, int iter, int n, - unsigned char *out, const EVP_MD *md_type, - OSSL_LIB_CTX *ctx, const char *propq) -{ - int ret; - unsigned char *unipass; - int uniplen; - - if (pass == NULL) { - unipass = NULL; - uniplen = 0; - } else if (!OPENSSL_utf82uni(pass, passlen, &unipass, &uniplen)) { - ERR_raise(ERR_LIB_PKCS12, ERR_R_MALLOC_FAILURE); - return 0; - } - ret = PKCS12_key_gen_uni_ex(unipass, uniplen, salt, saltlen, id, iter, - n, out, md_type, ctx, propq); - OPENSSL_clear_free(unipass, uniplen); - return ret > 0; -} - -int PKCS12_key_gen_utf8(const char *pass, int passlen, unsigned char *salt, - int saltlen, int id, int iter, int n, - unsigned char *out, const EVP_MD *md_type) -{ - return PKCS12_key_gen_utf8_ex(pass, passlen, salt, saltlen, id, iter, n, - out, md_type, NULL, NULL); -} - -int PKCS12_key_gen_uni_ex(unsigned char *pass, int passlen, unsigned char *salt, - int saltlen, int id, int iter, int n, - unsigned char *out, const EVP_MD *md_type, - OSSL_LIB_CTX *libctx, const char *propq) -{ - int res = 0; - EVP_KDF *kdf; - EVP_KDF_CTX *ctx; - OSSL_PARAM params[6], *p = params; - - if (n <= 0) - return 0; - - kdf = EVP_KDF_fetch(libctx, "PKCS12KDF", propq); - if (kdf == NULL) - return 0; - ctx = EVP_KDF_CTX_new(kdf); - EVP_KDF_free(kdf); - if (ctx == NULL) - return 0; - - *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, - (char *)EVP_MD_get0_name(md_type), - 0); - *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_PASSWORD, - pass, passlen); - *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT, - salt, saltlen); - *p++ = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_PKCS12_ID, &id); - *p++ = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_ITER, &iter); - *p = OSSL_PARAM_construct_end(); - - OSSL_TRACE_BEGIN(PKCS12_KEYGEN) { - BIO_printf(trc_out, "PKCS12_key_gen_uni_ex(): ID %d, ITER %d\n", id, iter); - BIO_printf(trc_out, "Password (length %d):\n", passlen); - BIO_hex_string(trc_out, 0, passlen, pass, passlen); - BIO_printf(trc_out, "\n"); - BIO_printf(trc_out, "Salt (length %d):\n", saltlen); - BIO_hex_string(trc_out, 0, saltlen, salt, saltlen); - BIO_printf(trc_out, "\n"); - } OSSL_TRACE_END(PKCS12_KEYGEN); - - if (EVP_KDF_derive(ctx, out, (size_t)n, params)) { - res = 1; - OSSL_TRACE_BEGIN(PKCS12_KEYGEN) { - BIO_printf(trc_out, "Output KEY (length %d)\n", n); - BIO_hex_string(trc_out, 0, n, out, n); - BIO_printf(trc_out, "\n"); - } OSSL_TRACE_END(PKCS12_KEYGEN); - } - EVP_KDF_CTX_free(ctx); - return res; -} - -int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, - int saltlen, int id, int iter, int n, - unsigned char *out, const EVP_MD *md_type) -{ - return PKCS12_key_gen_uni_ex(pass, passlen, salt, saltlen, id, iter, n, out, md_type, NULL, NULL); -} diff --git a/crypto/pkcs12/p12_kiss.c b/crypto/pkcs12/p12_kiss.c deleted file mode 100644 index 229b34cf64295f577416bc4985c10a5fd74e13e3..0000000000000000000000000000000000000000 --- a/crypto/pkcs12/p12_kiss.c +++ /dev/null @@ -1,259 +0,0 @@ -/* - * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/cryptlib.h" -#include -#include "crypto/x509.h" /* for ossl_x509_add_cert_new() */ - -/* Simplified PKCS#12 routines */ - -static int parse_pk12(PKCS12 *p12, const char *pass, int passlen, - EVP_PKEY **pkey, STACK_OF(X509) *ocerts); - -static int parse_bags(const STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass, - int passlen, EVP_PKEY **pkey, STACK_OF(X509) *ocerts); - -static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen, - EVP_PKEY **pkey, STACK_OF(X509) *ocerts); - -/* - * Parse and decrypt a PKCS#12 structure returning user key, user cert and - * other (CA) certs. Note either ca should be NULL, *ca should be NULL, or it - * should point to a valid STACK structure. pkey and/or cert may be NULL; - * if non-NULL the variables they point to can be passed uninitialised. - */ - -int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, - STACK_OF(X509) **ca) -{ - STACK_OF(X509) *ocerts = NULL; - X509 *x = NULL; - - if (pkey != NULL) - *pkey = NULL; - if (cert != NULL) - *cert = NULL; - - /* Check for NULL PKCS12 structure */ - - if (p12 == NULL) { - ERR_raise(ERR_LIB_PKCS12, PKCS12_R_INVALID_NULL_PKCS12_POINTER); - return 0; - } - - /* Check the mac */ - - /* - * If password is zero length or NULL then try verifying both cases to - * determine which password is correct. The reason for this is that under - * PKCS#12 password based encryption no password and a zero length - * password are two different things... - */ - - if (pass == NULL || *pass == '\0') { - if (!PKCS12_mac_present(p12) - || PKCS12_verify_mac(p12, NULL, 0)) - pass = NULL; - else if (PKCS12_verify_mac(p12, "", 0)) - pass = ""; - else { - ERR_raise(ERR_LIB_PKCS12, PKCS12_R_MAC_VERIFY_FAILURE); - goto err; - } - } else if (!PKCS12_verify_mac(p12, pass, -1)) { - ERR_raise(ERR_LIB_PKCS12, PKCS12_R_MAC_VERIFY_FAILURE); - goto err; - } - - /* If needed, allocate stack for other certificates */ - if ((cert != NULL || ca != NULL) - && (ocerts = sk_X509_new_null()) == NULL) { - ERR_raise(ERR_LIB_PKCS12, ERR_R_MALLOC_FAILURE); - goto err; - } - - if (!parse_pk12(p12, pass, -1, pkey, ocerts)) { - int err = ERR_peek_last_error(); - - if (ERR_GET_LIB(err) != ERR_LIB_EVP - && ERR_GET_REASON(err) != EVP_R_UNSUPPORTED_ALGORITHM) - ERR_raise(ERR_LIB_PKCS12, PKCS12_R_PARSE_ERROR); - goto err; - } - - /* Split the certs in ocerts over *cert and *ca as far as requested */ - while ((x = sk_X509_shift(ocerts)) != NULL) { - if (pkey != NULL && *pkey != NULL - && cert != NULL && *cert == NULL) { - int match; - - ERR_set_mark(); - match = X509_check_private_key(x, *pkey); - ERR_pop_to_mark(); - if (match) { - *cert = x; - continue; - } - } - - if (ca != NULL) { - if (!ossl_x509_add_cert_new(ca, x, X509_ADD_FLAG_DEFAULT)) - goto err; - continue; - } - X509_free(x); - } - sk_X509_free(ocerts); - - return 1; - - err: - - if (pkey != NULL) { - EVP_PKEY_free(*pkey); - *pkey = NULL; - } - if (cert != NULL) { - X509_free(*cert); - *cert = NULL; - } - X509_free(x); - sk_X509_pop_free(ocerts, X509_free); - return 0; - -} - -/* Parse the outer PKCS#12 structure */ - -/* pkey and/or ocerts may be NULL */ -static int parse_pk12(PKCS12 *p12, const char *pass, int passlen, - EVP_PKEY **pkey, STACK_OF(X509) *ocerts) -{ - STACK_OF(PKCS7) *asafes; - STACK_OF(PKCS12_SAFEBAG) *bags; - int i, bagnid; - PKCS7 *p7; - - if ((asafes = PKCS12_unpack_authsafes(p12)) == NULL) - return 0; - for (i = 0; i < sk_PKCS7_num(asafes); i++) { - p7 = sk_PKCS7_value(asafes, i); - bagnid = OBJ_obj2nid(p7->type); - if (bagnid == NID_pkcs7_data) { - bags = PKCS12_unpack_p7data(p7); - } else if (bagnid == NID_pkcs7_encrypted) { - bags = PKCS12_unpack_p7encdata(p7, pass, passlen); - } else - continue; - if (!bags) { - sk_PKCS7_pop_free(asafes, PKCS7_free); - return 0; - } - if (!parse_bags(bags, pass, passlen, pkey, ocerts)) { - sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); - sk_PKCS7_pop_free(asafes, PKCS7_free); - return 0; - } - sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); - } - sk_PKCS7_pop_free(asafes, PKCS7_free); - return 1; -} - -/* pkey and/or ocerts may be NULL */ -static int parse_bags(const STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass, - int passlen, EVP_PKEY **pkey, STACK_OF(X509) *ocerts) -{ - int i; - for (i = 0; i < sk_PKCS12_SAFEBAG_num(bags); i++) { - if (!parse_bag(sk_PKCS12_SAFEBAG_value(bags, i), - pass, passlen, pkey, ocerts)) - return 0; - } - return 1; -} - -/* pkey and/or ocerts may be NULL */ -static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen, - EVP_PKEY **pkey, STACK_OF(X509) *ocerts) -{ - PKCS8_PRIV_KEY_INFO *p8; - X509 *x509; - const ASN1_TYPE *attrib; - ASN1_BMPSTRING *fname = NULL; - ASN1_OCTET_STRING *lkid = NULL; - - if ((attrib = PKCS12_SAFEBAG_get0_attr(bag, NID_friendlyName))) - fname = attrib->value.bmpstring; - - if ((attrib = PKCS12_SAFEBAG_get0_attr(bag, NID_localKeyID))) - lkid = attrib->value.octet_string; - - switch (PKCS12_SAFEBAG_get_nid(bag)) { - case NID_keyBag: - if (pkey == NULL || *pkey != NULL) - return 1; - *pkey = EVP_PKCS82PKEY(PKCS12_SAFEBAG_get0_p8inf(bag)); - if (*pkey == NULL) - return 0; - break; - - case NID_pkcs8ShroudedKeyBag: - if (pkey == NULL || *pkey != NULL) - return 1; - if ((p8 = PKCS12_decrypt_skey(bag, pass, passlen)) == NULL) - return 0; - *pkey = EVP_PKCS82PKEY(p8); - PKCS8_PRIV_KEY_INFO_free(p8); - if (!(*pkey)) - return 0; - break; - - case NID_certBag: - if (ocerts == NULL - || PKCS12_SAFEBAG_get_bag_nid(bag) != NID_x509Certificate) - return 1; - if ((x509 = PKCS12_SAFEBAG_get1_cert(bag)) == NULL) - return 0; - if (lkid && !X509_keyid_set1(x509, lkid->data, lkid->length)) { - X509_free(x509); - return 0; - } - if (fname) { - int len, r; - unsigned char *data; - - len = ASN1_STRING_to_UTF8(&data, fname); - if (len >= 0) { - r = X509_alias_set1(x509, data, len); - OPENSSL_free(data); - if (!r) { - X509_free(x509); - return 0; - } - } - } - - if (!sk_X509_push(ocerts, x509)) { - X509_free(x509); - return 0; - } - - break; - - case NID_safeContentsBag: - return parse_bags(PKCS12_SAFEBAG_get0_safes(bag), pass, passlen, pkey, - ocerts); - - default: - return 1; - } - return 1; -} diff --git a/crypto/pkcs12/p12_local.h b/crypto/pkcs12/p12_local.h deleted file mode 100644 index acaa27b193fa6ea19881ae64a53088fc4aba80da..0000000000000000000000000000000000000000 --- a/crypto/pkcs12/p12_local.h +++ /dev/null @@ -1,43 +0,0 @@ -/* - * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -struct PKCS12_MAC_DATA_st { - X509_SIG *dinfo; - ASN1_OCTET_STRING *salt; - ASN1_INTEGER *iter; /* defaults to 1 */ -}; - -struct PKCS12_st { - ASN1_INTEGER *version; - PKCS12_MAC_DATA *mac; - PKCS7 *authsafes; -}; - -struct PKCS12_SAFEBAG_st { - ASN1_OBJECT *type; - union { - struct pkcs12_bag_st *bag; /* secret, crl and certbag */ - struct pkcs8_priv_key_info_st *keybag; /* keybag */ - X509_SIG *shkeybag; /* shrouded key bag */ - STACK_OF(PKCS12_SAFEBAG) *safes; - ASN1_TYPE *other; - } value; - STACK_OF(X509_ATTRIBUTE) *attrib; -}; - -struct pkcs12_bag_st { - ASN1_OBJECT *type; - union { - ASN1_OCTET_STRING *x509cert; - ASN1_OCTET_STRING *x509crl; - ASN1_OCTET_STRING *octet; - ASN1_IA5STRING *sdsicert; - ASN1_TYPE *other; /* Secret or other bag */ - } value; -}; diff --git a/crypto/pkcs12/p12_mutl.c b/crypto/pkcs12/p12_mutl.c deleted file mode 100644 index afdb8d688ba3363dc722324eaaa144f866d16edf..0000000000000000000000000000000000000000 --- a/crypto/pkcs12/p12_mutl.c +++ /dev/null @@ -1,276 +0,0 @@ -/* - * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * HMAC low level APIs are deprecated for public use, but still ok for internal - * use. - */ -#include "internal/deprecated.h" - -#include -#include "internal/cryptlib.h" -#include -#include -#include -#include -#include "p12_local.h" - -int PKCS12_mac_present(const PKCS12 *p12) -{ - return p12->mac ? 1 : 0; -} - -void PKCS12_get0_mac(const ASN1_OCTET_STRING **pmac, - const X509_ALGOR **pmacalg, - const ASN1_OCTET_STRING **psalt, - const ASN1_INTEGER **piter, - const PKCS12 *p12) -{ - if (p12->mac) { - X509_SIG_get0(p12->mac->dinfo, pmacalg, pmac); - if (psalt) - *psalt = p12->mac->salt; - if (piter) - *piter = p12->mac->iter; - } else { - if (pmac) - *pmac = NULL; - if (pmacalg) - *pmacalg = NULL; - if (psalt) - *psalt = NULL; - if (piter) - *piter = NULL; - } -} - -#define TK26_MAC_KEY_LEN 32 - -static int pkcs12_gen_gost_mac_key(const char *pass, int passlen, - const unsigned char *salt, int saltlen, - int iter, int keylen, unsigned char *key, - const EVP_MD *digest) -{ - unsigned char out[96]; - - if (keylen != TK26_MAC_KEY_LEN) { - return 0; - } - - if (!PKCS5_PBKDF2_HMAC(pass, passlen, salt, saltlen, iter, - digest, sizeof(out), out)) { - return 0; - } - memcpy(key, out + sizeof(out) - TK26_MAC_KEY_LEN, TK26_MAC_KEY_LEN); - OPENSSL_cleanse(out, sizeof(out)); - return 1; -} - -/* Generate a MAC */ -static int pkcs12_gen_mac(PKCS12 *p12, const char *pass, int passlen, - unsigned char *mac, unsigned int *maclen, - int (*pkcs12_key_gen)(const char *pass, int passlen, - unsigned char *salt, int slen, - int id, int iter, int n, - unsigned char *out, - const EVP_MD *md_type)) -{ - int ret = 0; - const EVP_MD *md; - EVP_MD *md_fetch; - HMAC_CTX *hmac = NULL; - unsigned char key[EVP_MAX_MD_SIZE], *salt; - int saltlen, iter; - char md_name[80]; - int md_size = 0; - int md_nid; - const X509_ALGOR *macalg; - const ASN1_OBJECT *macoid; - - if (!PKCS7_type_is_data(p12->authsafes)) { - ERR_raise(ERR_LIB_PKCS12, PKCS12_R_CONTENT_TYPE_NOT_DATA); - return 0; - } - - salt = p12->mac->salt->data; - saltlen = p12->mac->salt->length; - if (p12->mac->iter == NULL) - iter = 1; - else - iter = ASN1_INTEGER_get(p12->mac->iter); - X509_SIG_get0(p12->mac->dinfo, &macalg, NULL); - X509_ALGOR_get0(&macoid, NULL, NULL, macalg); - if (OBJ_obj2txt(md_name, sizeof(md_name), macoid, 0) < 0) - return 0; - md = md_fetch = EVP_MD_fetch(p12->authsafes->ctx.libctx, md_name, - p12->authsafes->ctx.propq); - if (md == NULL) - md = EVP_get_digestbynid(OBJ_obj2nid(macoid)); - - if (md == NULL) { - ERR_raise(ERR_LIB_PKCS12, PKCS12_R_UNKNOWN_DIGEST_ALGORITHM); - return 0; - } - md_size = EVP_MD_get_size(md); - md_nid = EVP_MD_get_type(md); - if (md_size < 0) - goto err; - if ((md_nid == NID_id_GostR3411_94 - || md_nid == NID_id_GostR3411_2012_256 - || md_nid == NID_id_GostR3411_2012_512) - && ossl_safe_getenv("LEGACY_GOST_PKCS12") == NULL) { - md_size = TK26_MAC_KEY_LEN; - if (!pkcs12_gen_gost_mac_key(pass, passlen, salt, saltlen, iter, - md_size, key, md)) { - ERR_raise(ERR_LIB_PKCS12, PKCS12_R_KEY_GEN_ERROR); - goto err; - } - } else { - if (pkcs12_key_gen != NULL) { - if (!(*pkcs12_key_gen)(pass, passlen, salt, saltlen, PKCS12_MAC_ID, - iter, md_size, key, md)) { - ERR_raise(ERR_LIB_PKCS12, PKCS12_R_KEY_GEN_ERROR); - goto err; - } - } else { - /* Default to UTF-8 password */ - if (!PKCS12_key_gen_utf8_ex(pass, passlen, salt, saltlen, PKCS12_MAC_ID, - iter, md_size, key, md, - p12->authsafes->ctx.libctx, - p12->authsafes->ctx.propq)) { - ERR_raise(ERR_LIB_PKCS12, PKCS12_R_KEY_GEN_ERROR); - goto err; - } - } - } - if ((hmac = HMAC_CTX_new()) == NULL - || !HMAC_Init_ex(hmac, key, md_size, md, NULL) - || !HMAC_Update(hmac, p12->authsafes->d.data->data, - p12->authsafes->d.data->length) - || !HMAC_Final(hmac, mac, maclen)) { - goto err; - } - ret = 1; - -err: - OPENSSL_cleanse(key, sizeof(key)); - HMAC_CTX_free(hmac); - EVP_MD_free(md_fetch); - return ret; -} - -int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen, - unsigned char *mac, unsigned int *maclen) -{ - return pkcs12_gen_mac(p12, pass, passlen, mac, maclen, NULL); -} - -/* Verify the mac */ -int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen) -{ - unsigned char mac[EVP_MAX_MD_SIZE]; - unsigned int maclen; - const ASN1_OCTET_STRING *macoct; - - if (p12->mac == NULL) { - ERR_raise(ERR_LIB_PKCS12, PKCS12_R_MAC_ABSENT); - return 0; - } - if (!pkcs12_gen_mac(p12, pass, passlen, mac, &maclen, NULL)) { - ERR_raise(ERR_LIB_PKCS12, PKCS12_R_MAC_GENERATION_ERROR); - return 0; - } - X509_SIG_get0(p12->mac->dinfo, NULL, &macoct); - if ((maclen != (unsigned int)ASN1_STRING_length(macoct)) - || CRYPTO_memcmp(mac, ASN1_STRING_get0_data(macoct), maclen) != 0) - return 0; - - return 1; -} - -/* Set a mac */ - -int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen, - unsigned char *salt, int saltlen, int iter, - const EVP_MD *md_type) -{ - unsigned char mac[EVP_MAX_MD_SIZE]; - unsigned int maclen; - ASN1_OCTET_STRING *macoct; - - if (md_type == NULL) - /* No need to do a fetch as the md_type is used only to get a NID */ - md_type = EVP_sha256(); - if (!iter) - iter = PKCS12_DEFAULT_ITER; - if (PKCS12_setup_mac(p12, iter, salt, saltlen, md_type) == PKCS12_ERROR) { - ERR_raise(ERR_LIB_PKCS12, PKCS12_R_MAC_SETUP_ERROR); - return 0; - } - /* - * Note that output mac is forced to UTF-8... - */ - if (!pkcs12_gen_mac(p12, pass, passlen, mac, &maclen, NULL)) { - ERR_raise(ERR_LIB_PKCS12, PKCS12_R_MAC_GENERATION_ERROR); - return 0; - } - X509_SIG_getm(p12->mac->dinfo, NULL, &macoct); - if (!ASN1_OCTET_STRING_set(macoct, mac, maclen)) { - ERR_raise(ERR_LIB_PKCS12, PKCS12_R_MAC_STRING_SET_ERROR); - return 0; - } - return 1; -} - -/* Set up a mac structure */ -int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, int saltlen, - const EVP_MD *md_type) -{ - X509_ALGOR *macalg; - - PKCS12_MAC_DATA_free(p12->mac); - p12->mac = NULL; - - if ((p12->mac = PKCS12_MAC_DATA_new()) == NULL) - return PKCS12_ERROR; - if (iter > 1) { - if ((p12->mac->iter = ASN1_INTEGER_new()) == NULL) { - ERR_raise(ERR_LIB_PKCS12, ERR_R_MALLOC_FAILURE); - return 0; - } - if (!ASN1_INTEGER_set(p12->mac->iter, iter)) { - ERR_raise(ERR_LIB_PKCS12, ERR_R_MALLOC_FAILURE); - return 0; - } - } - if (saltlen == 0) - saltlen = PKCS12_SALT_LEN; - else if (saltlen < 0) - return 0; - if ((p12->mac->salt->data = OPENSSL_malloc(saltlen)) == NULL) { - ERR_raise(ERR_LIB_PKCS12, ERR_R_MALLOC_FAILURE); - return 0; - } - p12->mac->salt->length = saltlen; - if (salt == NULL) { - if (RAND_bytes_ex(p12->authsafes->ctx.libctx, p12->mac->salt->data, - (size_t)saltlen, 0) <= 0) - return 0; - } else { - memcpy(p12->mac->salt->data, salt, saltlen); - } - X509_SIG_getm(p12->mac->dinfo, &macalg, NULL); - if (!X509_ALGOR_set0(macalg, OBJ_nid2obj(EVP_MD_get_type(md_type)), - V_ASN1_NULL, NULL)) { - ERR_raise(ERR_LIB_PKCS12, ERR_R_MALLOC_FAILURE); - return 0; - } - - return 1; -} diff --git a/crypto/pkcs12/p12_npas.c b/crypto/pkcs12/p12_npas.c deleted file mode 100644 index 62230bc6187ff57d3e2a6a7bd4bd0467150f6c32..0000000000000000000000000000000000000000 --- a/crypto/pkcs12/p12_npas.c +++ /dev/null @@ -1,186 +0,0 @@ -/* - * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include -#include -#include -#include "p12_local.h" - -/* PKCS#12 password change routine */ - -static int newpass_p12(PKCS12 *p12, const char *oldpass, const char *newpass); -static int newpass_bags(STACK_OF(PKCS12_SAFEBAG) *bags, const char *oldpass, - const char *newpass); -static int newpass_bag(PKCS12_SAFEBAG *bag, const char *oldpass, - const char *newpass); -static int alg_get(const X509_ALGOR *alg, int *pnid, int *piter, - int *psaltlen); - -/* - * Change the password on a PKCS#12 structure. - */ - -int PKCS12_newpass(PKCS12 *p12, const char *oldpass, const char *newpass) -{ - /* Check for NULL PKCS12 structure */ - - if (p12 == NULL) { - ERR_raise(ERR_LIB_PKCS12, PKCS12_R_INVALID_NULL_PKCS12_POINTER); - return 0; - } - - /* Check the mac */ - - if (!PKCS12_verify_mac(p12, oldpass, -1)) { - ERR_raise(ERR_LIB_PKCS12, PKCS12_R_MAC_VERIFY_FAILURE); - return 0; - } - - if (!newpass_p12(p12, oldpass, newpass)) { - ERR_raise(ERR_LIB_PKCS12, PKCS12_R_PARSE_ERROR); - return 0; - } - - return 1; -} - -/* Parse the outer PKCS#12 structure */ - -static int newpass_p12(PKCS12 *p12, const char *oldpass, const char *newpass) -{ - STACK_OF(PKCS7) *asafes = NULL, *newsafes = NULL; - STACK_OF(PKCS12_SAFEBAG) *bags = NULL; - int i, bagnid, pbe_nid = 0, pbe_iter = 0, pbe_saltlen = 0; - PKCS7 *p7, *p7new; - ASN1_OCTET_STRING *p12_data_tmp = NULL, *macoct = NULL; - unsigned char mac[EVP_MAX_MD_SIZE]; - unsigned int maclen; - int rv = 0; - - if ((asafes = PKCS12_unpack_authsafes(p12)) == NULL) - goto err; - if ((newsafes = sk_PKCS7_new_null()) == NULL) - goto err; - for (i = 0; i < sk_PKCS7_num(asafes); i++) { - p7 = sk_PKCS7_value(asafes, i); - bagnid = OBJ_obj2nid(p7->type); - if (bagnid == NID_pkcs7_data) { - bags = PKCS12_unpack_p7data(p7); - } else if (bagnid == NID_pkcs7_encrypted) { - bags = PKCS12_unpack_p7encdata(p7, oldpass, -1); - if (!alg_get(p7->d.encrypted->enc_data->algorithm, - &pbe_nid, &pbe_iter, &pbe_saltlen)) - goto err; - } else { - continue; - } - if (bags == NULL) - goto err; - if (!newpass_bags(bags, oldpass, newpass)) - goto err; - /* Repack bag in same form with new password */ - if (bagnid == NID_pkcs7_data) - p7new = PKCS12_pack_p7data(bags); - else - p7new = PKCS12_pack_p7encdata(pbe_nid, newpass, -1, NULL, - pbe_saltlen, pbe_iter, bags); - if (p7new == NULL || !sk_PKCS7_push(newsafes, p7new)) - goto err; - sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); - bags = NULL; - } - - /* Repack safe: save old safe in case of error */ - - p12_data_tmp = p12->authsafes->d.data; - if ((p12->authsafes->d.data = ASN1_OCTET_STRING_new()) == NULL) - goto err; - if (!PKCS12_pack_authsafes(p12, newsafes)) - goto err; - - if (!PKCS12_gen_mac(p12, newpass, -1, mac, &maclen)) - goto err; - X509_SIG_getm(p12->mac->dinfo, NULL, &macoct); - if (!ASN1_OCTET_STRING_set(macoct, mac, maclen)) - goto err; - - rv = 1; - -err: - /* Restore old safe if necessary */ - if (rv == 1) { - ASN1_OCTET_STRING_free(p12_data_tmp); - } else if (p12_data_tmp != NULL) { - ASN1_OCTET_STRING_free(p12->authsafes->d.data); - p12->authsafes->d.data = p12_data_tmp; - } - sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); - sk_PKCS7_pop_free(asafes, PKCS7_free); - sk_PKCS7_pop_free(newsafes, PKCS7_free); - return rv; -} - -static int newpass_bags(STACK_OF(PKCS12_SAFEBAG) *bags, const char *oldpass, - const char *newpass) -{ - int i; - for (i = 0; i < sk_PKCS12_SAFEBAG_num(bags); i++) { - if (!newpass_bag(sk_PKCS12_SAFEBAG_value(bags, i), oldpass, newpass)) - return 0; - } - return 1; -} - -/* Change password of safebag: only needs handle shrouded keybags */ - -static int newpass_bag(PKCS12_SAFEBAG *bag, const char *oldpass, - const char *newpass) -{ - PKCS8_PRIV_KEY_INFO *p8; - X509_SIG *p8new; - int p8_nid, p8_saltlen, p8_iter; - const X509_ALGOR *shalg; - - if (PKCS12_SAFEBAG_get_nid(bag) != NID_pkcs8ShroudedKeyBag) - return 1; - - if ((p8 = PKCS8_decrypt(bag->value.shkeybag, oldpass, -1)) == NULL) - return 0; - X509_SIG_get0(bag->value.shkeybag, &shalg, NULL); - if (!alg_get(shalg, &p8_nid, &p8_iter, &p8_saltlen)) { - PKCS8_PRIV_KEY_INFO_free(p8); - return 0; - } - p8new = PKCS8_encrypt(p8_nid, NULL, newpass, -1, NULL, p8_saltlen, - p8_iter, p8); - PKCS8_PRIV_KEY_INFO_free(p8); - if (p8new == NULL) - return 0; - X509_SIG_free(bag->value.shkeybag); - bag->value.shkeybag = p8new; - return 1; -} - -static int alg_get(const X509_ALGOR *alg, int *pnid, int *piter, - int *psaltlen) -{ - PBEPARAM *pbe; - - pbe = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(PBEPARAM), alg->parameter); - if (pbe == NULL) - return 0; - *pnid = OBJ_obj2nid(alg->algorithm); - *piter = ASN1_INTEGER_get(pbe->iter); - *psaltlen = pbe->salt->length; - PBEPARAM_free(pbe); - return 1; -} diff --git a/crypto/pkcs12/p12_p8d.c b/crypto/pkcs12/p12_p8d.c deleted file mode 100644 index 449336aa2df16abeb1867afa86e25c6fc16cfd52..0000000000000000000000000000000000000000 --- a/crypto/pkcs12/p12_p8d.c +++ /dev/null @@ -1,32 +0,0 @@ -/* - * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/cryptlib.h" -#include - -PKCS8_PRIV_KEY_INFO *PKCS8_decrypt_ex(const X509_SIG *p8, const char *pass, - int passlen, OSSL_LIB_CTX *ctx, - const char *propq) -{ - const X509_ALGOR *dalg; - const ASN1_OCTET_STRING *doct; - - X509_SIG_get0(p8, &dalg, &doct); - return PKCS12_item_decrypt_d2i_ex(dalg, - ASN1_ITEM_rptr(PKCS8_PRIV_KEY_INFO), pass, - passlen, doct, 1, ctx, propq); -} - -PKCS8_PRIV_KEY_INFO *PKCS8_decrypt(const X509_SIG *p8, const char *pass, - int passlen) -{ - return PKCS8_decrypt_ex(p8, pass, passlen, NULL, NULL); -} - diff --git a/crypto/pkcs12/p12_p8e.c b/crypto/pkcs12/p12_p8e.c deleted file mode 100644 index 9c27534017865002c19cbe21b34b31fdbd00a299..0000000000000000000000000000000000000000 --- a/crypto/pkcs12/p12_p8e.c +++ /dev/null @@ -1,101 +0,0 @@ -/* - * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/cryptlib.h" -#include -#include -#include "crypto/x509.h" - -X509_SIG *PKCS8_encrypt_ex(int pbe_nid, const EVP_CIPHER *cipher, - const char *pass, int passlen, - unsigned char *salt, int saltlen, int iter, - PKCS8_PRIV_KEY_INFO *p8inf, - OSSL_LIB_CTX *libctx, const char *propq) -{ - X509_SIG *p8 = NULL; - X509_ALGOR *pbe; - - if (pbe_nid == -1) { - if (cipher == NULL) { - ERR_raise(ERR_LIB_PKCS12, ERR_R_PASSED_NULL_PARAMETER); - return NULL; - } - pbe = PKCS5_pbe2_set_iv_ex(cipher, iter, salt, saltlen, NULL, -1, - libctx); - } else { - ERR_set_mark(); - if (EVP_PBE_find(EVP_PBE_TYPE_PRF, pbe_nid, NULL, NULL, 0)) { - ERR_clear_last_mark(); - if (cipher == NULL) { - ERR_raise(ERR_LIB_PKCS12, ERR_R_PASSED_NULL_PARAMETER); - return NULL; - } - pbe = PKCS5_pbe2_set_iv_ex(cipher, iter, salt, saltlen, NULL, - pbe_nid, libctx); - } else { - ERR_pop_to_mark(); - pbe = PKCS5_pbe_set_ex(pbe_nid, iter, salt, saltlen, libctx); - } - } - if (pbe == NULL) { - ERR_raise(ERR_LIB_PKCS12, ERR_R_ASN1_LIB); - return NULL; - } - p8 = PKCS8_set0_pbe_ex(pass, passlen, p8inf, pbe, libctx, propq); - if (p8 == NULL) { - X509_ALGOR_free(pbe); - return NULL; - } - - return p8; -} - -X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher, - const char *pass, int passlen, - unsigned char *salt, int saltlen, int iter, - PKCS8_PRIV_KEY_INFO *p8inf) -{ - return PKCS8_encrypt_ex(pbe_nid, cipher, pass, passlen, salt, saltlen, iter, - p8inf, NULL, NULL); -} - -X509_SIG *PKCS8_set0_pbe_ex(const char *pass, int passlen, - PKCS8_PRIV_KEY_INFO *p8inf, X509_ALGOR *pbe, - OSSL_LIB_CTX *ctx, const char *propq) -{ - X509_SIG *p8; - ASN1_OCTET_STRING *enckey; - - enckey = - PKCS12_item_i2d_encrypt_ex(pbe, ASN1_ITEM_rptr(PKCS8_PRIV_KEY_INFO), - pass, passlen, p8inf, 1, ctx, propq); - if (!enckey) { - ERR_raise(ERR_LIB_PKCS12, PKCS12_R_ENCRYPT_ERROR); - return NULL; - } - - p8 = OPENSSL_zalloc(sizeof(*p8)); - - if (p8 == NULL) { - ERR_raise(ERR_LIB_PKCS12, ERR_R_MALLOC_FAILURE); - ASN1_OCTET_STRING_free(enckey); - return NULL; - } - p8->algor = pbe; - p8->digest = enckey; - - return p8; -} - -X509_SIG *PKCS8_set0_pbe(const char *pass, int passlen, - PKCS8_PRIV_KEY_INFO *p8inf, X509_ALGOR *pbe) -{ - return PKCS8_set0_pbe_ex(pass, passlen, p8inf, pbe, NULL, NULL); -} diff --git a/crypto/pkcs12/p12_sbag.c b/crypto/pkcs12/p12_sbag.c deleted file mode 100644 index 7574c54120c76fe48b849201fa688f9428ffda51..0000000000000000000000000000000000000000 --- a/crypto/pkcs12/p12_sbag.c +++ /dev/null @@ -1,248 +0,0 @@ -/* - * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/cryptlib.h" -#include -#include "p12_local.h" - -#ifndef OPENSSL_NO_DEPRECATED_1_1_0 -ASN1_TYPE *PKCS12_get_attr(const PKCS12_SAFEBAG *bag, int attr_nid) -{ - return PKCS12_get_attr_gen(bag->attrib, attr_nid); -} -#endif - -const ASN1_TYPE *PKCS12_SAFEBAG_get0_attr(const PKCS12_SAFEBAG *bag, - int attr_nid) -{ - return PKCS12_get_attr_gen(bag->attrib, attr_nid); -} - -ASN1_TYPE *PKCS8_get_attr(PKCS8_PRIV_KEY_INFO *p8, int attr_nid) -{ - return PKCS12_get_attr_gen(PKCS8_pkey_get0_attrs(p8), attr_nid); -} - -const PKCS8_PRIV_KEY_INFO *PKCS12_SAFEBAG_get0_p8inf(const PKCS12_SAFEBAG *bag) -{ - if (PKCS12_SAFEBAG_get_nid(bag) != NID_keyBag) - return NULL; - return bag->value.keybag; -} - -const X509_SIG *PKCS12_SAFEBAG_get0_pkcs8(const PKCS12_SAFEBAG *bag) -{ - if (OBJ_obj2nid(bag->type) != NID_pkcs8ShroudedKeyBag) - return NULL; - return bag->value.shkeybag; -} - -const STACK_OF(PKCS12_SAFEBAG) * -PKCS12_SAFEBAG_get0_safes(const PKCS12_SAFEBAG *bag) -{ - if (OBJ_obj2nid(bag->type) != NID_safeContentsBag) - return NULL; - return bag->value.safes; -} - -const ASN1_OBJECT *PKCS12_SAFEBAG_get0_type(const PKCS12_SAFEBAG *bag) -{ - return bag->type; -} - -int PKCS12_SAFEBAG_get_nid(const PKCS12_SAFEBAG *bag) -{ - return OBJ_obj2nid(bag->type); -} - -int PKCS12_SAFEBAG_get_bag_nid(const PKCS12_SAFEBAG *bag) -{ - int btype = PKCS12_SAFEBAG_get_nid(bag); - - if (btype != NID_certBag && btype != NID_crlBag && btype != NID_secretBag) - return -1; - return OBJ_obj2nid(bag->value.bag->type); -} - -const ASN1_OBJECT *PKCS12_SAFEBAG_get0_bag_type(const PKCS12_SAFEBAG *bag) -{ - return bag->value.bag->type; -} - -const ASN1_TYPE *PKCS12_SAFEBAG_get0_bag_obj(const PKCS12_SAFEBAG *bag) -{ - return bag->value.bag->value.other; -} - -X509 *PKCS12_SAFEBAG_get1_cert(const PKCS12_SAFEBAG *bag) -{ - if (PKCS12_SAFEBAG_get_nid(bag) != NID_certBag) - return NULL; - if (OBJ_obj2nid(bag->value.bag->type) != NID_x509Certificate) - return NULL; - return ASN1_item_unpack(bag->value.bag->value.octet, - ASN1_ITEM_rptr(X509)); -} - -X509_CRL *PKCS12_SAFEBAG_get1_crl(const PKCS12_SAFEBAG *bag) -{ - if (PKCS12_SAFEBAG_get_nid(bag) != NID_crlBag) - return NULL; - if (OBJ_obj2nid(bag->value.bag->type) != NID_x509Crl) - return NULL; - return ASN1_item_unpack(bag->value.bag->value.octet, - ASN1_ITEM_rptr(X509_CRL)); -} - -PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_cert(X509 *x509) -{ - return PKCS12_item_pack_safebag(x509, ASN1_ITEM_rptr(X509), - NID_x509Certificate, NID_certBag); -} - -PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_crl(X509_CRL *crl) -{ - return PKCS12_item_pack_safebag(crl, ASN1_ITEM_rptr(X509_CRL), - NID_x509Crl, NID_crlBag); -} - -PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_secret(int type, int vtype, const unsigned char *value, int len) -{ - PKCS12_BAGS *bag; - PKCS12_SAFEBAG *safebag; - - if ((bag = PKCS12_BAGS_new()) == NULL) { - ERR_raise(ERR_LIB_PKCS12, ERR_R_MALLOC_FAILURE); - return NULL; - } - bag->type = OBJ_nid2obj(type); - - switch(vtype) { - case V_ASN1_OCTET_STRING: - { - ASN1_OCTET_STRING *strtmp = ASN1_OCTET_STRING_new(); - - if (strtmp == NULL) { - ERR_raise(ERR_LIB_PKCS12, ERR_R_MALLOC_FAILURE); - goto err; - } - /* Pack data into an octet string */ - if (!ASN1_OCTET_STRING_set(strtmp, value, len)) { - ASN1_OCTET_STRING_free(strtmp); - ERR_raise(ERR_LIB_PKCS12, PKCS12_R_ENCODE_ERROR); - goto err; - } - bag->value.other = ASN1_TYPE_new(); - if (bag->value.other == NULL) { - ASN1_OCTET_STRING_free(strtmp); - ERR_raise(ERR_LIB_PKCS12, ERR_R_MALLOC_FAILURE); - goto err; - } - ASN1_TYPE_set(bag->value.other, vtype, strtmp); - } - break; - - default: - ERR_raise(ERR_LIB_PKCS12, PKCS12_R_INVALID_TYPE); - goto err; - } - - if ((safebag = PKCS12_SAFEBAG_new()) == NULL) { - ERR_raise(ERR_LIB_PKCS12, ERR_R_MALLOC_FAILURE); - goto err; - } - safebag->value.bag = bag; - safebag->type = OBJ_nid2obj(NID_secretBag); - return safebag; - - err: - PKCS12_BAGS_free(bag); - return NULL; -} - -/* Turn PKCS8 object into a keybag */ - -PKCS12_SAFEBAG *PKCS12_SAFEBAG_create0_p8inf(PKCS8_PRIV_KEY_INFO *p8) -{ - PKCS12_SAFEBAG *bag = PKCS12_SAFEBAG_new(); - - if (bag == NULL) { - ERR_raise(ERR_LIB_PKCS12, ERR_R_MALLOC_FAILURE); - return NULL; - } - bag->type = OBJ_nid2obj(NID_keyBag); - bag->value.keybag = p8; - return bag; -} - -/* Turn PKCS8 object into a shrouded keybag */ - -PKCS12_SAFEBAG *PKCS12_SAFEBAG_create0_pkcs8(X509_SIG *p8) -{ - PKCS12_SAFEBAG *bag = PKCS12_SAFEBAG_new(); - - /* Set up the safe bag */ - if (bag == NULL) { - ERR_raise(ERR_LIB_PKCS12, ERR_R_MALLOC_FAILURE); - return NULL; - } - bag->type = OBJ_nid2obj(NID_pkcs8ShroudedKeyBag); - bag->value.shkeybag = p8; - return bag; -} - -PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_pkcs8_encrypt_ex(int pbe_nid, - const char *pass, - int passlen, - unsigned char *salt, - int saltlen, int iter, - PKCS8_PRIV_KEY_INFO *p8inf, - OSSL_LIB_CTX *ctx, - const char *propq) -{ - PKCS12_SAFEBAG *bag = NULL; - const EVP_CIPHER *pbe_ciph = NULL; - EVP_CIPHER *pbe_ciph_fetch = NULL; - X509_SIG *p8; - - ERR_set_mark(); - pbe_ciph = pbe_ciph_fetch = EVP_CIPHER_fetch(ctx, OBJ_nid2sn(pbe_nid), propq); - if (pbe_ciph == NULL) - pbe_ciph = EVP_get_cipherbynid(pbe_nid); - ERR_pop_to_mark(); - - if (pbe_ciph != NULL) - pbe_nid = -1; - - p8 = PKCS8_encrypt_ex(pbe_nid, pbe_ciph, pass, passlen, salt, saltlen, iter, - p8inf, ctx, propq); - if (p8 == NULL) - goto err; - - bag = PKCS12_SAFEBAG_create0_pkcs8(p8); - if (bag == NULL) - X509_SIG_free(p8); - -err: - EVP_CIPHER_free(pbe_ciph_fetch); - return bag; -} - -PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_pkcs8_encrypt(int pbe_nid, - const char *pass, - int passlen, - unsigned char *salt, - int saltlen, int iter, - PKCS8_PRIV_KEY_INFO *p8inf) -{ - return PKCS12_SAFEBAG_create_pkcs8_encrypt_ex(pbe_nid, pass, passlen, - salt, saltlen, iter, p8inf, - NULL, NULL); -} diff --git a/crypto/pkcs12/p12_utl.c b/crypto/pkcs12/p12_utl.c deleted file mode 100644 index 3afc8b2f13c942821ea22668612d8fbb496d0c2c..0000000000000000000000000000000000000000 --- a/crypto/pkcs12/p12_utl.c +++ /dev/null @@ -1,249 +0,0 @@ -/* - * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/cryptlib.h" -#include - -/* Cheap and nasty Unicode stuff */ - -unsigned char *OPENSSL_asc2uni(const char *asc, int asclen, - unsigned char **uni, int *unilen) -{ - int ulen, i; - unsigned char *unitmp; - - if (asclen == -1) - asclen = strlen(asc); - if (asclen < 0) - return NULL; - ulen = asclen * 2 + 2; - if ((unitmp = OPENSSL_malloc(ulen)) == NULL) { - ERR_raise(ERR_LIB_PKCS12, ERR_R_MALLOC_FAILURE); - return NULL; - } - for (i = 0; i < ulen - 2; i += 2) { - unitmp[i] = 0; - unitmp[i + 1] = asc[i >> 1]; - } - /* Make result double null terminated */ - unitmp[ulen - 2] = 0; - unitmp[ulen - 1] = 0; - if (unilen) - *unilen = ulen; - if (uni) - *uni = unitmp; - return unitmp; -} - -char *OPENSSL_uni2asc(const unsigned char *uni, int unilen) -{ - int asclen, i; - char *asctmp; - - /* string must contain an even number of bytes */ - if (unilen & 1) - return NULL; - if (unilen < 0) - return NULL; - asclen = unilen / 2; - /* If no terminating zero allow for one */ - if (!unilen || uni[unilen - 1]) - asclen++; - uni++; - if ((asctmp = OPENSSL_malloc(asclen)) == NULL) { - ERR_raise(ERR_LIB_PKCS12, ERR_R_MALLOC_FAILURE); - return NULL; - } - for (i = 0; i < unilen; i += 2) - asctmp[i >> 1] = uni[i]; - asctmp[asclen - 1] = 0; - return asctmp; -} - -/* - * OPENSSL_{utf82uni|uni2utf8} perform conversion between UTF-8 and - * PKCS#12 BMPString format, which is specified as big-endian UTF-16. - * One should keep in mind that even though BMPString is passed as - * unsigned char *, it's not the kind of string you can exercise e.g. - * strlen on. Caller also has to keep in mind that its length is - * expressed not in number of UTF-16 characters, but in number of - * bytes the string occupies, and treat it, the length, accordingly. - */ -unsigned char *OPENSSL_utf82uni(const char *asc, int asclen, - unsigned char **uni, int *unilen) -{ - int ulen, i, j; - unsigned char *unitmp, *ret; - unsigned long utf32chr = 0; - - if (asclen == -1) - asclen = strlen(asc); - - for (ulen = 0, i = 0; i < asclen; i += j) { - j = UTF8_getc((const unsigned char *)asc+i, asclen-i, &utf32chr); - - /* - * Following condition is somewhat opportunistic is sense that - * decoding failure is used as *indirect* indication that input - * string might in fact be extended ASCII/ANSI/ISO-8859-X. The - * fallback is taken in hope that it would allow to process - * files created with previous OpenSSL version, which used the - * naive OPENSSL_asc2uni all along. It might be worth noting - * that probability of false positive depends on language. In - * cases covered by ISO Latin 1 probability is very low, because - * any printable non-ASCII alphabet letter followed by another - * or any ASCII character will trigger failure and fallback. - * In other cases situation can be intensified by the fact that - * English letters are not part of alternative keyboard layout, - * but even then there should be plenty of pairs that trigger - * decoding failure... - */ - if (j < 0) - return OPENSSL_asc2uni(asc, asclen, uni, unilen); - - if (utf32chr > 0x10FFFF) /* UTF-16 cap */ - return NULL; - - if (utf32chr >= 0x10000) /* pair of UTF-16 characters */ - ulen += 2*2; - else /* or just one */ - ulen += 2; - } - - ulen += 2; /* for trailing UTF16 zero */ - - if ((ret = OPENSSL_malloc(ulen)) == NULL) { - ERR_raise(ERR_LIB_PKCS12, ERR_R_MALLOC_FAILURE); - return NULL; - } - /* re-run the loop writing down UTF-16 characters in big-endian order */ - for (unitmp = ret, i = 0; i < asclen; i += j) { - j = UTF8_getc((const unsigned char *)asc+i, asclen-i, &utf32chr); - if (utf32chr >= 0x10000) { /* pair if UTF-16 characters */ - unsigned int hi, lo; - - utf32chr -= 0x10000; - hi = 0xD800 + (utf32chr>>10); - lo = 0xDC00 + (utf32chr&0x3ff); - *unitmp++ = (unsigned char)(hi>>8); - *unitmp++ = (unsigned char)(hi); - *unitmp++ = (unsigned char)(lo>>8); - *unitmp++ = (unsigned char)(lo); - } else { /* or just one */ - *unitmp++ = (unsigned char)(utf32chr>>8); - *unitmp++ = (unsigned char)(utf32chr); - } - } - /* Make result double null terminated */ - *unitmp++ = 0; - *unitmp++ = 0; - if (unilen) - *unilen = ulen; - if (uni) - *uni = ret; - return ret; -} - -static int bmp_to_utf8(char *str, const unsigned char *utf16, int len) -{ - unsigned long utf32chr; - - if (len == 0) return 0; - - if (len < 2) return -1; - - /* pull UTF-16 character in big-endian order */ - utf32chr = (utf16[0]<<8) | utf16[1]; - - if (utf32chr >= 0xD800 && utf32chr < 0xE000) { /* two chars */ - unsigned int lo; - - if (len < 4) return -1; - - utf32chr -= 0xD800; - utf32chr <<= 10; - lo = (utf16[2]<<8) | utf16[3]; - if (lo < 0xDC00 || lo >= 0xE000) return -1; - utf32chr |= lo-0xDC00; - utf32chr += 0x10000; - } - - return UTF8_putc((unsigned char *)str, len > 4 ? 4 : len, utf32chr); -} - -char *OPENSSL_uni2utf8(const unsigned char *uni, int unilen) -{ - int asclen, i, j; - char *asctmp; - - /* string must contain an even number of bytes */ - if (unilen & 1) - return NULL; - - for (asclen = 0, i = 0; i < unilen; ) { - j = bmp_to_utf8(NULL, uni+i, unilen-i); - /* - * falling back to OPENSSL_uni2asc makes lesser sense [than - * falling back to OPENSSL_asc2uni in OPENSSL_utf82uni above], - * it's done rather to maintain symmetry... - */ - if (j < 0) return OPENSSL_uni2asc(uni, unilen); - if (j == 4) i += 4; - else i += 2; - asclen += j; - } - - /* If no terminating zero allow for one */ - if (!unilen || (uni[unilen-2]||uni[unilen - 1])) - asclen++; - - if ((asctmp = OPENSSL_malloc(asclen)) == NULL) { - ERR_raise(ERR_LIB_PKCS12, ERR_R_MALLOC_FAILURE); - return NULL; - } - - /* re-run the loop emitting UTF-8 string */ - for (asclen = 0, i = 0; i < unilen; ) { - j = bmp_to_utf8(asctmp+asclen, uni+i, unilen-i); - if (j == 4) i += 4; - else i += 2; - asclen += j; - } - - /* If no terminating zero write one */ - if (!unilen || (uni[unilen-2]||uni[unilen - 1])) - asctmp[asclen] = '\0'; - - return asctmp; -} - -int i2d_PKCS12_bio(BIO *bp, const PKCS12 *p12) -{ - return ASN1_item_i2d_bio(ASN1_ITEM_rptr(PKCS12), bp, p12); -} - -#ifndef OPENSSL_NO_STDIO -int i2d_PKCS12_fp(FILE *fp, const PKCS12 *p12) -{ - return ASN1_item_i2d_fp(ASN1_ITEM_rptr(PKCS12), fp, p12); -} -#endif - -PKCS12 *d2i_PKCS12_bio(BIO *bp, PKCS12 **p12) -{ - return ASN1_item_d2i_bio(ASN1_ITEM_rptr(PKCS12), bp, p12); -} - -#ifndef OPENSSL_NO_STDIO -PKCS12 *d2i_PKCS12_fp(FILE *fp, PKCS12 **p12) -{ - return ASN1_item_d2i_fp(ASN1_ITEM_rptr(PKCS12), fp, p12); -} -#endif diff --git a/crypto/pkcs12/pk12err.c b/crypto/pkcs12/pk12err.c deleted file mode 100644 index 6e3ec78cd6ea4208142b05983051e867278b6454..0000000000000000000000000000000000000000 --- a/crypto/pkcs12/pk12err.c +++ /dev/null @@ -1,61 +0,0 @@ -/* - * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include "crypto/pkcs12err.h" - -#ifndef OPENSSL_NO_ERR - -static const ERR_STRING_DATA PKCS12_str_reasons[] = { - {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_CANT_PACK_STRUCTURE), - "cant pack structure"}, - {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_CONTENT_TYPE_NOT_DATA), - "content type not data"}, - {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_DECODE_ERROR), "decode error"}, - {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_ENCODE_ERROR), "encode error"}, - {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_ENCRYPT_ERROR), "encrypt error"}, - {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE), - "error setting encrypted data type"}, - {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_INVALID_NULL_ARGUMENT), - "invalid null argument"}, - {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_INVALID_NULL_PKCS12_POINTER), - "invalid null pkcs12 pointer"}, - {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_INVALID_TYPE), "invalid type"}, - {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_IV_GEN_ERROR), "iv gen error"}, - {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_KEY_GEN_ERROR), "key gen error"}, - {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_MAC_ABSENT), "mac absent"}, - {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_MAC_GENERATION_ERROR), - "mac generation error"}, - {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_MAC_SETUP_ERROR), "mac setup error"}, - {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_MAC_STRING_SET_ERROR), - "mac string set error"}, - {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_MAC_VERIFY_FAILURE), - "mac verify failure"}, - {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_PARSE_ERROR), "parse error"}, - {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_PKCS12_CIPHERFINAL_ERROR), - "pkcs12 cipherfinal error"}, - {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_UNKNOWN_DIGEST_ALGORITHM), - "unknown digest algorithm"}, - {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_UNSUPPORTED_PKCS12_MODE), - "unsupported pkcs12 mode"}, - {0, NULL} -}; - -#endif - -int ossl_err_load_PKCS12_strings(void) -{ -#ifndef OPENSSL_NO_ERR - if (ERR_reason_error_string(PKCS12_str_reasons[0].error) == NULL) - ERR_load_strings_const(PKCS12_str_reasons); -#endif - return 1; -} diff --git a/crypto/pkcs7/bio_pk7.c b/crypto/pkcs7/bio_pk7.c deleted file mode 100644 index 414f0da1c615a3ecbd08db8b78c87f3313c52259..0000000000000000000000000000000000000000 --- a/crypto/pkcs7/bio_pk7.c +++ /dev/null @@ -1,24 +0,0 @@ -/* - * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include - -#if !defined(OPENSSL_SYS_VXWORKS) -# include -#endif -#include - -/* Streaming encode support for PKCS#7 */ - -BIO *BIO_new_PKCS7(BIO *out, PKCS7 *p7) -{ - return BIO_new_NDEF(out, (ASN1_VALUE *)p7, ASN1_ITEM_rptr(PKCS7)); -} diff --git a/crypto/pkcs7/pk7_asn1.c b/crypto/pkcs7/pk7_asn1.c deleted file mode 100644 index 1cd867721ee1460b90e60326a6ecdf1f3524a3e3..0000000000000000000000000000000000000000 --- a/crypto/pkcs7/pk7_asn1.c +++ /dev/null @@ -1,257 +0,0 @@ -/* - * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/cryptlib.h" -#include -#include -#include -#include "pk7_local.h" - -/* PKCS#7 ASN1 module */ - -/* This is the ANY DEFINED BY table for the top level PKCS#7 structure */ - -ASN1_ADB_TEMPLATE(p7default) = ASN1_EXP_OPT(PKCS7, d.other, ASN1_ANY, 0); - -ASN1_ADB(PKCS7) = { - ADB_ENTRY(NID_pkcs7_data, ASN1_NDEF_EXP_OPT(PKCS7, d.data, ASN1_OCTET_STRING_NDEF, 0)), - ADB_ENTRY(NID_pkcs7_signed, ASN1_NDEF_EXP_OPT(PKCS7, d.sign, PKCS7_SIGNED, 0)), - ADB_ENTRY(NID_pkcs7_enveloped, ASN1_NDEF_EXP_OPT(PKCS7, d.enveloped, PKCS7_ENVELOPE, 0)), - ADB_ENTRY(NID_pkcs7_signedAndEnveloped, ASN1_NDEF_EXP_OPT(PKCS7, d.signed_and_enveloped, PKCS7_SIGN_ENVELOPE, 0)), - ADB_ENTRY(NID_pkcs7_digest, ASN1_NDEF_EXP_OPT(PKCS7, d.digest, PKCS7_DIGEST, 0)), - ADB_ENTRY(NID_pkcs7_encrypted, ASN1_NDEF_EXP_OPT(PKCS7, d.encrypted, PKCS7_ENCRYPT, 0)) -} ASN1_ADB_END(PKCS7, 0, type, 0, &p7default_tt, NULL); - -/* PKCS#7 streaming support */ -static int pk7_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, - void *exarg) -{ - ASN1_STREAM_ARG *sarg = exarg; - PKCS7 **pp7 = (PKCS7 **)pval; - - switch (operation) { - - case ASN1_OP_STREAM_PRE: - if (PKCS7_stream(&sarg->boundary, *pp7) <= 0) - return 0; - /* fall thru */ - case ASN1_OP_DETACHED_PRE: - sarg->ndef_bio = PKCS7_dataInit(*pp7, sarg->out); - if (!sarg->ndef_bio) - return 0; - break; - - case ASN1_OP_STREAM_POST: - case ASN1_OP_DETACHED_POST: - if (PKCS7_dataFinal(*pp7, sarg->ndef_bio) <= 0) - return 0; - break; - - } - return 1; -} - -ASN1_NDEF_SEQUENCE_cb(PKCS7, pk7_cb) = { - ASN1_SIMPLE(PKCS7, type, ASN1_OBJECT), - ASN1_ADB_OBJECT(PKCS7) -}ASN1_NDEF_SEQUENCE_END_cb(PKCS7, PKCS7) - -PKCS7 *d2i_PKCS7(PKCS7 **a, const unsigned char **in, long len) -{ - PKCS7 *ret; - OSSL_LIB_CTX *libctx = NULL; - const char *propq = NULL; - - if (a != NULL && *a != NULL) { - libctx = (*a)->ctx.libctx; - propq = (*a)->ctx.propq; - } - - ret = (PKCS7 *)ASN1_item_d2i_ex((ASN1_VALUE **)a, in, len, (PKCS7_it()), - libctx, propq); - if (ret != NULL) - ossl_pkcs7_resolve_libctx(ret); - return ret; -} - -int i2d_PKCS7(const PKCS7 *a, unsigned char **out) -{ - return ASN1_item_i2d((const ASN1_VALUE *)a, out, (PKCS7_it()));\ -} - -PKCS7 *PKCS7_new(void) -{ - return (PKCS7 *)ASN1_item_new(ASN1_ITEM_rptr(PKCS7)); -} - -PKCS7 *PKCS7_new_ex(OSSL_LIB_CTX *libctx, const char *propq) -{ - PKCS7 *pkcs7 = (PKCS7 *)ASN1_item_new_ex(ASN1_ITEM_rptr(PKCS7), libctx, - propq); - - if (pkcs7 != NULL) { - pkcs7->ctx.libctx = libctx; - pkcs7->ctx.propq = NULL; - if (propq != NULL) { - pkcs7->ctx.propq = OPENSSL_strdup(propq); - if (pkcs7->ctx.propq == NULL) { - PKCS7_free(pkcs7); - pkcs7 = NULL; - ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); - } - } - } - return pkcs7; -} - -void PKCS7_free(PKCS7 *p7) -{ - if (p7 != NULL) { - OPENSSL_free(p7->ctx.propq); - ASN1_item_free((ASN1_VALUE *)p7, ASN1_ITEM_rptr(PKCS7)); - } -} - -IMPLEMENT_ASN1_NDEF_FUNCTION(PKCS7) - -IMPLEMENT_ASN1_DUP_FUNCTION(PKCS7) - -ASN1_NDEF_SEQUENCE(PKCS7_SIGNED) = { - ASN1_SIMPLE(PKCS7_SIGNED, version, ASN1_INTEGER), - ASN1_SET_OF(PKCS7_SIGNED, md_algs, X509_ALGOR), - ASN1_SIMPLE(PKCS7_SIGNED, contents, PKCS7), - ASN1_IMP_SEQUENCE_OF_OPT(PKCS7_SIGNED, cert, X509, 0), - ASN1_IMP_SET_OF_OPT(PKCS7_SIGNED, crl, X509_CRL, 1), - ASN1_SET_OF(PKCS7_SIGNED, signer_info, PKCS7_SIGNER_INFO) -} ASN1_NDEF_SEQUENCE_END(PKCS7_SIGNED) - -IMPLEMENT_ASN1_FUNCTIONS(PKCS7_SIGNED) - -/* Minor tweak to operation: free up EVP_PKEY */ -static int si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, - void *exarg) -{ - if (operation == ASN1_OP_FREE_POST) { - PKCS7_SIGNER_INFO *si = (PKCS7_SIGNER_INFO *)*pval; - EVP_PKEY_free(si->pkey); - } - return 1; -} - -ASN1_SEQUENCE_cb(PKCS7_SIGNER_INFO, si_cb) = { - ASN1_SIMPLE(PKCS7_SIGNER_INFO, version, ASN1_INTEGER), - ASN1_SIMPLE(PKCS7_SIGNER_INFO, issuer_and_serial, PKCS7_ISSUER_AND_SERIAL), - ASN1_SIMPLE(PKCS7_SIGNER_INFO, digest_alg, X509_ALGOR), - /* NB this should be a SET OF but we use a SEQUENCE OF so the - * original order * is retained when the structure is reencoded. - * Since the attributes are implicitly tagged this will not affect - * the encoding. - */ - ASN1_IMP_SEQUENCE_OF_OPT(PKCS7_SIGNER_INFO, auth_attr, X509_ATTRIBUTE, 0), - ASN1_SIMPLE(PKCS7_SIGNER_INFO, digest_enc_alg, X509_ALGOR), - ASN1_SIMPLE(PKCS7_SIGNER_INFO, enc_digest, ASN1_OCTET_STRING), - ASN1_IMP_SET_OF_OPT(PKCS7_SIGNER_INFO, unauth_attr, X509_ATTRIBUTE, 1) -} ASN1_SEQUENCE_END_cb(PKCS7_SIGNER_INFO, PKCS7_SIGNER_INFO) - -IMPLEMENT_ASN1_FUNCTIONS(PKCS7_SIGNER_INFO) - -ASN1_SEQUENCE(PKCS7_ISSUER_AND_SERIAL) = { - ASN1_SIMPLE(PKCS7_ISSUER_AND_SERIAL, issuer, X509_NAME), - ASN1_SIMPLE(PKCS7_ISSUER_AND_SERIAL, serial, ASN1_INTEGER) -} ASN1_SEQUENCE_END(PKCS7_ISSUER_AND_SERIAL) - -IMPLEMENT_ASN1_FUNCTIONS(PKCS7_ISSUER_AND_SERIAL) - -ASN1_NDEF_SEQUENCE(PKCS7_ENVELOPE) = { - ASN1_SIMPLE(PKCS7_ENVELOPE, version, ASN1_INTEGER), - ASN1_SET_OF(PKCS7_ENVELOPE, recipientinfo, PKCS7_RECIP_INFO), - ASN1_SIMPLE(PKCS7_ENVELOPE, enc_data, PKCS7_ENC_CONTENT) -} ASN1_NDEF_SEQUENCE_END(PKCS7_ENVELOPE) - -IMPLEMENT_ASN1_FUNCTIONS(PKCS7_ENVELOPE) - -/* Minor tweak to operation: free up X509 */ -static int ri_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, - void *exarg) -{ - if (operation == ASN1_OP_FREE_POST) { - PKCS7_RECIP_INFO *ri = (PKCS7_RECIP_INFO *)*pval; - X509_free(ri->cert); - } - return 1; -} - -ASN1_SEQUENCE_cb(PKCS7_RECIP_INFO, ri_cb) = { - ASN1_SIMPLE(PKCS7_RECIP_INFO, version, ASN1_INTEGER), - ASN1_SIMPLE(PKCS7_RECIP_INFO, issuer_and_serial, PKCS7_ISSUER_AND_SERIAL), - ASN1_SIMPLE(PKCS7_RECIP_INFO, key_enc_algor, X509_ALGOR), - ASN1_SIMPLE(PKCS7_RECIP_INFO, enc_key, ASN1_OCTET_STRING) -} ASN1_SEQUENCE_END_cb(PKCS7_RECIP_INFO, PKCS7_RECIP_INFO) - -IMPLEMENT_ASN1_FUNCTIONS(PKCS7_RECIP_INFO) - -ASN1_NDEF_SEQUENCE(PKCS7_ENC_CONTENT) = { - ASN1_SIMPLE(PKCS7_ENC_CONTENT, content_type, ASN1_OBJECT), - ASN1_SIMPLE(PKCS7_ENC_CONTENT, algorithm, X509_ALGOR), - ASN1_IMP_OPT(PKCS7_ENC_CONTENT, enc_data, ASN1_OCTET_STRING_NDEF, 0) -} ASN1_NDEF_SEQUENCE_END(PKCS7_ENC_CONTENT) - -IMPLEMENT_ASN1_FUNCTIONS(PKCS7_ENC_CONTENT) - -ASN1_NDEF_SEQUENCE(PKCS7_SIGN_ENVELOPE) = { - ASN1_SIMPLE(PKCS7_SIGN_ENVELOPE, version, ASN1_INTEGER), - ASN1_SET_OF(PKCS7_SIGN_ENVELOPE, recipientinfo, PKCS7_RECIP_INFO), - ASN1_SET_OF(PKCS7_SIGN_ENVELOPE, md_algs, X509_ALGOR), - ASN1_SIMPLE(PKCS7_SIGN_ENVELOPE, enc_data, PKCS7_ENC_CONTENT), - ASN1_IMP_SET_OF_OPT(PKCS7_SIGN_ENVELOPE, cert, X509, 0), - ASN1_IMP_SET_OF_OPT(PKCS7_SIGN_ENVELOPE, crl, X509_CRL, 1), - ASN1_SET_OF(PKCS7_SIGN_ENVELOPE, signer_info, PKCS7_SIGNER_INFO) -} ASN1_NDEF_SEQUENCE_END(PKCS7_SIGN_ENVELOPE) - -IMPLEMENT_ASN1_FUNCTIONS(PKCS7_SIGN_ENVELOPE) - -ASN1_NDEF_SEQUENCE(PKCS7_ENCRYPT) = { - ASN1_SIMPLE(PKCS7_ENCRYPT, version, ASN1_INTEGER), - ASN1_SIMPLE(PKCS7_ENCRYPT, enc_data, PKCS7_ENC_CONTENT) -} ASN1_NDEF_SEQUENCE_END(PKCS7_ENCRYPT) - -IMPLEMENT_ASN1_FUNCTIONS(PKCS7_ENCRYPT) - -ASN1_NDEF_SEQUENCE(PKCS7_DIGEST) = { - ASN1_SIMPLE(PKCS7_DIGEST, version, ASN1_INTEGER), - ASN1_SIMPLE(PKCS7_DIGEST, md, X509_ALGOR), - ASN1_SIMPLE(PKCS7_DIGEST, contents, PKCS7), - ASN1_SIMPLE(PKCS7_DIGEST, digest, ASN1_OCTET_STRING) -} ASN1_NDEF_SEQUENCE_END(PKCS7_DIGEST) - -IMPLEMENT_ASN1_FUNCTIONS(PKCS7_DIGEST) - -/* Specials for authenticated attributes */ - -/* - * When signing attributes we want to reorder them to match the sorted - * encoding. - */ - -ASN1_ITEM_TEMPLATE(PKCS7_ATTR_SIGN) = - ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SET_ORDER, 0, PKCS7_ATTRIBUTES, X509_ATTRIBUTE) -ASN1_ITEM_TEMPLATE_END(PKCS7_ATTR_SIGN) - -/* - * When verifying attributes we need to use the received order. So we use - * SEQUENCE OF and tag it to SET OF - */ - -ASN1_ITEM_TEMPLATE(PKCS7_ATTR_VERIFY) = - ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_IMPTAG | ASN1_TFLG_UNIVERSAL, - V_ASN1_SET, PKCS7_ATTRIBUTES, X509_ATTRIBUTE) -ASN1_ITEM_TEMPLATE_END(PKCS7_ATTR_VERIFY) - -IMPLEMENT_ASN1_PRINT_FUNCTION(PKCS7) diff --git a/crypto/pkcs7/pk7_attr.c b/crypto/pkcs7/pk7_attr.c deleted file mode 100644 index e9904c5950c6df5a59801daee6fe8b5bd9bb1fd6..0000000000000000000000000000000000000000 --- a/crypto/pkcs7/pk7_attr.c +++ /dev/null @@ -1,120 +0,0 @@ -/* - * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include - -int PKCS7_add_attrib_smimecap(PKCS7_SIGNER_INFO *si, - STACK_OF(X509_ALGOR) *cap) -{ - ASN1_STRING *seq; - - if ((seq = ASN1_STRING_new()) == NULL) { - ERR_raise(ERR_LIB_PKCS7, ERR_R_MALLOC_FAILURE); - return 0; - } - seq->length = ASN1_item_i2d((ASN1_VALUE *)cap, &seq->data, - ASN1_ITEM_rptr(X509_ALGORS)); - return PKCS7_add_signed_attribute(si, NID_SMIMECapabilities, - V_ASN1_SEQUENCE, seq); -} - -STACK_OF(X509_ALGOR) *PKCS7_get_smimecap(PKCS7_SIGNER_INFO *si) -{ - ASN1_TYPE *cap; - const unsigned char *p; - - cap = PKCS7_get_signed_attribute(si, NID_SMIMECapabilities); - if (cap == NULL || (cap->type != V_ASN1_SEQUENCE)) - return NULL; - p = cap->value.sequence->data; - return (STACK_OF(X509_ALGOR) *) - ASN1_item_d2i(NULL, &p, cap->value.sequence->length, - ASN1_ITEM_rptr(X509_ALGORS)); -} - -/* Basic smime-capabilities OID and optional integer arg */ -int PKCS7_simple_smimecap(STACK_OF(X509_ALGOR) *sk, int nid, int arg) -{ - ASN1_INTEGER *nbit = NULL; - X509_ALGOR *alg; - - if ((alg = X509_ALGOR_new()) == NULL) { - ERR_raise(ERR_LIB_PKCS7, ERR_R_MALLOC_FAILURE); - return 0; - } - ASN1_OBJECT_free(alg->algorithm); - alg->algorithm = OBJ_nid2obj(nid); - if (arg > 0) { - if ((alg->parameter = ASN1_TYPE_new()) == NULL) { - goto err; - } - if ((nbit = ASN1_INTEGER_new()) == NULL) { - goto err; - } - if (!ASN1_INTEGER_set(nbit, arg)) { - goto err; - } - alg->parameter->value.integer = nbit; - alg->parameter->type = V_ASN1_INTEGER; - nbit = NULL; - } - if (!sk_X509_ALGOR_push(sk, alg)) { - goto err; - } - return 1; -err: - ERR_raise(ERR_LIB_PKCS7, ERR_R_MALLOC_FAILURE); - ASN1_INTEGER_free(nbit); - X509_ALGOR_free(alg); - return 0; -} - -int PKCS7_add_attrib_content_type(PKCS7_SIGNER_INFO *si, ASN1_OBJECT *coid) -{ - if (PKCS7_get_signed_attribute(si, NID_pkcs9_contentType)) - return 0; - if (!coid) - coid = OBJ_nid2obj(NID_pkcs7_data); - return PKCS7_add_signed_attribute(si, NID_pkcs9_contentType, - V_ASN1_OBJECT, coid); -} - -int PKCS7_add0_attrib_signing_time(PKCS7_SIGNER_INFO *si, ASN1_TIME *t) -{ - if (t == NULL && (t = X509_gmtime_adj(NULL, 0)) == NULL) { - ERR_raise(ERR_LIB_PKCS7, ERR_R_MALLOC_FAILURE); - return 0; - } - return PKCS7_add_signed_attribute(si, NID_pkcs9_signingTime, - V_ASN1_UTCTIME, t); -} - -int PKCS7_add1_attrib_digest(PKCS7_SIGNER_INFO *si, - const unsigned char *md, int mdlen) -{ - ASN1_OCTET_STRING *os; - os = ASN1_OCTET_STRING_new(); - if (os == NULL) - return 0; - if (!ASN1_STRING_set(os, md, mdlen) - || !PKCS7_add_signed_attribute(si, NID_pkcs9_messageDigest, - V_ASN1_OCTET_STRING, os)) { - ASN1_OCTET_STRING_free(os); - return 0; - } - return 1; -} diff --git a/crypto/pkcs7/pk7_local.h b/crypto/pkcs7/pk7_local.h deleted file mode 100644 index 8deb342b79134d16860b90585c7ed1ce7006beee..0000000000000000000000000000000000000000 --- a/crypto/pkcs7/pk7_local.h +++ /dev/null @@ -1,16 +0,0 @@ -/* - * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include "crypto/pkcs7.h" - -const PKCS7_CTX *ossl_pkcs7_get0_ctx(const PKCS7 *p7); -OSSL_LIB_CTX *ossl_pkcs7_ctx_get0_libctx(const PKCS7_CTX *ctx); -const char *ossl_pkcs7_ctx_get0_propq(const PKCS7_CTX *ctx); - -int ossl_pkcs7_ctx_propagate(const PKCS7 *from, PKCS7 *to); diff --git a/crypto/pkcs7/pk7_mime.c b/crypto/pkcs7/pk7_mime.c deleted file mode 100644 index 49a0da5f819c48bbef4a1d032342b090ded60f00..0000000000000000000000000000000000000000 --- a/crypto/pkcs7/pk7_mime.c +++ /dev/null @@ -1,70 +0,0 @@ -/* - * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/cryptlib.h" -#include -#include -#include "pk7_local.h" - -/* PKCS#7 wrappers round generalised stream and MIME routines */ - -int i2d_PKCS7_bio_stream(BIO *out, PKCS7 *p7, BIO *in, int flags) -{ - return i2d_ASN1_bio_stream(out, (ASN1_VALUE *)p7, in, flags, - ASN1_ITEM_rptr(PKCS7)); -} - -int PEM_write_bio_PKCS7_stream(BIO *out, PKCS7 *p7, BIO *in, int flags) -{ - return PEM_write_bio_ASN1_stream(out, (ASN1_VALUE *)p7, in, flags, - "PKCS7", ASN1_ITEM_rptr(PKCS7)); -} - -int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags) -{ - STACK_OF(X509_ALGOR) *mdalgs; - int ctype_nid = OBJ_obj2nid(p7->type); - const PKCS7_CTX *ctx = ossl_pkcs7_get0_ctx(p7); - - if (ctype_nid == NID_pkcs7_signed) - mdalgs = p7->d.sign->md_algs; - else - mdalgs = NULL; - - flags ^= SMIME_OLDMIME; - - return SMIME_write_ASN1_ex(bio, (ASN1_VALUE *)p7, data, flags, ctype_nid, - NID_undef, mdalgs, ASN1_ITEM_rptr(PKCS7), - ossl_pkcs7_ctx_get0_libctx(ctx), - ossl_pkcs7_ctx_get0_propq(ctx)); -} - -PKCS7 *SMIME_read_PKCS7_ex(BIO *bio, BIO **bcont, PKCS7 **p7) -{ - PKCS7 *ret; - OSSL_LIB_CTX *libctx = NULL; - const char *propq = NULL; - - if (p7 != NULL && *p7 != NULL) { - libctx = (*p7)->ctx.libctx; - propq = (*p7)->ctx.propq; - } - - ret = (PKCS7 *)SMIME_read_ASN1_ex(bio, 0, bcont, ASN1_ITEM_rptr(PKCS7), - (ASN1_VALUE **)p7, libctx, propq); - if (ret != NULL) - ossl_pkcs7_resolve_libctx(ret); - return ret; -} - -PKCS7 *SMIME_read_PKCS7(BIO *bio, BIO **bcont) -{ - return SMIME_read_PKCS7_ex(bio, bcont, NULL); -} diff --git a/crypto/pkcs7/pk7_smime.c b/crypto/pkcs7/pk7_smime.c deleted file mode 100644 index 4593da8f5b4148982d37f925f59391a7cee75915..0000000000000000000000000000000000000000 --- a/crypto/pkcs7/pk7_smime.c +++ /dev/null @@ -1,567 +0,0 @@ -/* - * Copyright 1999-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* Simple PKCS#7 processing functions */ - -#include -#include "internal/cryptlib.h" -#include -#include -#include "pk7_local.h" - -#define BUFFERSIZE 4096 - - -static int pkcs7_copy_existing_digest(PKCS7 *p7, PKCS7_SIGNER_INFO *si); - -PKCS7 *PKCS7_sign_ex(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, - BIO *data, int flags, OSSL_LIB_CTX *libctx, - const char *propq) -{ - PKCS7 *p7; - int i; - - if ((p7 = PKCS7_new_ex(libctx, propq)) == NULL) { - ERR_raise(ERR_LIB_PKCS7, ERR_R_MALLOC_FAILURE); - return NULL; - } - - if (!PKCS7_set_type(p7, NID_pkcs7_signed)) - goto err; - - if (!PKCS7_content_new(p7, NID_pkcs7_data)) - goto err; - - if (pkey && !PKCS7_sign_add_signer(p7, signcert, pkey, NULL, flags)) { - ERR_raise(ERR_LIB_PKCS7, PKCS7_R_PKCS7_ADD_SIGNER_ERROR); - goto err; - } - - if (!(flags & PKCS7_NOCERTS)) { - for (i = 0; i < sk_X509_num(certs); i++) { - if (!PKCS7_add_certificate(p7, sk_X509_value(certs, i))) - goto err; - } - } - - if (flags & PKCS7_DETACHED) - PKCS7_set_detached(p7, 1); - - if (flags & (PKCS7_STREAM | PKCS7_PARTIAL)) - return p7; - - if (PKCS7_final(p7, data, flags)) - return p7; - - err: - PKCS7_free(p7); - return NULL; -} - -PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, - BIO *data, int flags) -{ - return PKCS7_sign_ex(signcert, pkey, certs, data, flags, NULL, NULL); -} - - -int PKCS7_final(PKCS7 *p7, BIO *data, int flags) -{ - BIO *p7bio; - int ret = 0; - - if ((p7bio = PKCS7_dataInit(p7, NULL)) == NULL) { - ERR_raise(ERR_LIB_PKCS7, ERR_R_MALLOC_FAILURE); - return 0; - } - - if (!SMIME_crlf_copy(data, p7bio, flags)) - goto err; - - (void)BIO_flush(p7bio); - - if (!PKCS7_dataFinal(p7, p7bio)) { - ERR_raise(ERR_LIB_PKCS7, PKCS7_R_PKCS7_DATASIGN); - goto err; - } - ret = 1; -err: - BIO_free_all(p7bio); - - return ret; - -} - -/* Check to see if a cipher exists and if so add S/MIME capabilities */ - -static int add_cipher_smcap(STACK_OF(X509_ALGOR) *sk, int nid, int arg) -{ - if (EVP_get_cipherbynid(nid)) - return PKCS7_simple_smimecap(sk, nid, arg); - return 1; -} - -static int add_digest_smcap(STACK_OF(X509_ALGOR) *sk, int nid, int arg) -{ - if (EVP_get_digestbynid(nid)) - return PKCS7_simple_smimecap(sk, nid, arg); - return 1; -} - -PKCS7_SIGNER_INFO *PKCS7_sign_add_signer(PKCS7 *p7, X509 *signcert, - EVP_PKEY *pkey, const EVP_MD *md, - int flags) -{ - PKCS7_SIGNER_INFO *si = NULL; - STACK_OF(X509_ALGOR) *smcap = NULL; - - if (!X509_check_private_key(signcert, pkey)) { - ERR_raise(ERR_LIB_PKCS7, - PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE); - return NULL; - } - - if ((si = PKCS7_add_signature(p7, signcert, pkey, md)) == NULL) { - ERR_raise(ERR_LIB_PKCS7, PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR); - return NULL; - } - - si->ctx = ossl_pkcs7_get0_ctx(p7); - if (!(flags & PKCS7_NOCERTS)) { - if (!PKCS7_add_certificate(p7, signcert)) - goto err; - } - - if (!(flags & PKCS7_NOATTR)) { - if (!PKCS7_add_attrib_content_type(si, NULL)) - goto err; - /* Add SMIMECapabilities */ - if (!(flags & PKCS7_NOSMIMECAP)) { - if ((smcap = sk_X509_ALGOR_new_null()) == NULL) { - ERR_raise(ERR_LIB_PKCS7, ERR_R_MALLOC_FAILURE); - goto err; - } - if (!add_cipher_smcap(smcap, NID_aes_256_cbc, -1) - || !add_digest_smcap(smcap, NID_id_GostR3411_2012_256, -1) - || !add_digest_smcap(smcap, NID_id_GostR3411_2012_512, -1) - || !add_digest_smcap(smcap, NID_id_GostR3411_94, -1) - || !add_cipher_smcap(smcap, NID_id_Gost28147_89, -1) - || !add_cipher_smcap(smcap, NID_aes_192_cbc, -1) - || !add_cipher_smcap(smcap, NID_aes_128_cbc, -1) - || !add_cipher_smcap(smcap, NID_des_ede3_cbc, -1) - || !add_cipher_smcap(smcap, NID_rc2_cbc, 128) - || !add_cipher_smcap(smcap, NID_rc2_cbc, 64) - || !add_cipher_smcap(smcap, NID_des_cbc, -1) - || !add_cipher_smcap(smcap, NID_rc2_cbc, 40) - || !PKCS7_add_attrib_smimecap(si, smcap)) - goto err; - sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free); - smcap = NULL; - } - if (flags & PKCS7_REUSE_DIGEST) { - if (!pkcs7_copy_existing_digest(p7, si)) - goto err; - if (!(flags & PKCS7_PARTIAL) - && !PKCS7_SIGNER_INFO_sign(si)) - goto err; - } - } - return si; - err: - sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free); - return NULL; -} - -/* - * Search for a digest matching SignerInfo digest type and if found copy - * across. - */ - -static int pkcs7_copy_existing_digest(PKCS7 *p7, PKCS7_SIGNER_INFO *si) -{ - int i; - STACK_OF(PKCS7_SIGNER_INFO) *sinfos; - PKCS7_SIGNER_INFO *sitmp; - ASN1_OCTET_STRING *osdig = NULL; - sinfos = PKCS7_get_signer_info(p7); - for (i = 0; i < sk_PKCS7_SIGNER_INFO_num(sinfos); i++) { - sitmp = sk_PKCS7_SIGNER_INFO_value(sinfos, i); - if (si == sitmp) - break; - if (sk_X509_ATTRIBUTE_num(sitmp->auth_attr) <= 0) - continue; - if (!OBJ_cmp(si->digest_alg->algorithm, sitmp->digest_alg->algorithm)) { - osdig = PKCS7_digest_from_attributes(sitmp->auth_attr); - break; - } - - } - - if (osdig != NULL) - return PKCS7_add1_attrib_digest(si, osdig->data, osdig->length); - - ERR_raise(ERR_LIB_PKCS7, PKCS7_R_NO_MATCHING_DIGEST_TYPE_FOUND); - return 0; -} - -int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, - BIO *indata, BIO *out, int flags) -{ - STACK_OF(X509) *signers; - X509 *signer; - STACK_OF(PKCS7_SIGNER_INFO) *sinfos; - PKCS7_SIGNER_INFO *si; - X509_STORE_CTX *cert_ctx = NULL; - char *buf = NULL; - int i, j = 0, k, ret = 0; - BIO *p7bio = NULL; - BIO *tmpin = NULL, *tmpout = NULL; - const PKCS7_CTX *p7_ctx; - - if (p7 == NULL) { - ERR_raise(ERR_LIB_PKCS7, PKCS7_R_INVALID_NULL_POINTER); - return 0; - } - - if (!PKCS7_type_is_signed(p7)) { - ERR_raise(ERR_LIB_PKCS7, PKCS7_R_WRONG_CONTENT_TYPE); - return 0; - } - - /* Check for no data and no content: no data to verify signature */ - if (PKCS7_get_detached(p7) && !indata) { - ERR_raise(ERR_LIB_PKCS7, PKCS7_R_NO_CONTENT); - return 0; - } - - if (flags & PKCS7_NO_DUAL_CONTENT) { - /* - * This was originally "#if 0" because we thought that only old broken - * Netscape did this. It turns out that Authenticode uses this kind - * of "extended" PKCS7 format, and things like UEFI secure boot and - * tools like osslsigncode need it. In Authenticode the verification - * process is different, but the existing PKCs7 verification works. - */ - if (!PKCS7_get_detached(p7) && indata) { - ERR_raise(ERR_LIB_PKCS7, PKCS7_R_CONTENT_AND_DATA_PRESENT); - return 0; - } - } - - sinfos = PKCS7_get_signer_info(p7); - - if (!sinfos || !sk_PKCS7_SIGNER_INFO_num(sinfos)) { - ERR_raise(ERR_LIB_PKCS7, PKCS7_R_NO_SIGNATURES_ON_DATA); - return 0; - } - - signers = PKCS7_get0_signers(p7, certs, flags); - if (signers == NULL) - return 0; - - /* Now verify the certificates */ - p7_ctx = ossl_pkcs7_get0_ctx(p7); - cert_ctx = X509_STORE_CTX_new_ex(ossl_pkcs7_ctx_get0_libctx(p7_ctx), - ossl_pkcs7_ctx_get0_propq(p7_ctx)); - if (cert_ctx == NULL) - goto err; - if (!(flags & PKCS7_NOVERIFY)) - for (k = 0; k < sk_X509_num(signers); k++) { - signer = sk_X509_value(signers, k); - if (!(flags & PKCS7_NOCHAIN)) { - if (!X509_STORE_CTX_init(cert_ctx, store, signer, - p7->d.sign->cert)) { - ERR_raise(ERR_LIB_PKCS7, ERR_R_X509_LIB); - goto err; - } - if (!X509_STORE_CTX_set_default(cert_ctx, "smime_sign")) - goto err; - } else if (!X509_STORE_CTX_init(cert_ctx, store, signer, NULL)) { - ERR_raise(ERR_LIB_PKCS7, ERR_R_X509_LIB); - goto err; - } - if (!(flags & PKCS7_NOCRL)) - X509_STORE_CTX_set0_crls(cert_ctx, p7->d.sign->crl); - i = X509_verify_cert(cert_ctx); - if (i <= 0) - j = X509_STORE_CTX_get_error(cert_ctx); - if (i <= 0) { - ERR_raise_data(ERR_LIB_PKCS7, PKCS7_R_CERTIFICATE_VERIFY_ERROR, - "Verify error: %s", - X509_verify_cert_error_string(j)); - goto err; - } - /* Check for revocation status here */ - } - - /* - * Performance optimization: if the content is a memory BIO then store - * its contents in a temporary read only memory BIO. This avoids - * potentially large numbers of slow copies of data which will occur when - * reading from a read write memory BIO when signatures are calculated. - */ - - if (indata && (BIO_method_type(indata) == BIO_TYPE_MEM)) { - char *ptr; - long len; - len = BIO_get_mem_data(indata, &ptr); - tmpin = (len == 0) ? indata : BIO_new_mem_buf(ptr, len); - if (tmpin == NULL) { - ERR_raise(ERR_LIB_PKCS7, ERR_R_MALLOC_FAILURE); - goto err; - } - } else - tmpin = indata; - - if ((p7bio = PKCS7_dataInit(p7, tmpin)) == NULL) - goto err; - - if (flags & PKCS7_TEXT) { - if ((tmpout = BIO_new(BIO_s_mem())) == NULL) { - ERR_raise(ERR_LIB_PKCS7, ERR_R_MALLOC_FAILURE); - goto err; - } - BIO_set_mem_eof_return(tmpout, 0); - } else - tmpout = out; - - /* We now have to 'read' from p7bio to calculate digests etc. */ - if ((buf = OPENSSL_malloc(BUFFERSIZE)) == NULL) { - ERR_raise(ERR_LIB_PKCS7, ERR_R_MALLOC_FAILURE); - goto err; - } - for (;;) { - i = BIO_read(p7bio, buf, BUFFERSIZE); - if (i <= 0) - break; - if (tmpout) - BIO_write(tmpout, buf, i); - } - - if (flags & PKCS7_TEXT) { - if (!SMIME_text(tmpout, out)) { - ERR_raise(ERR_LIB_PKCS7, PKCS7_R_SMIME_TEXT_ERROR); - BIO_free(tmpout); - goto err; - } - BIO_free(tmpout); - } - - /* Now Verify All Signatures */ - if (!(flags & PKCS7_NOSIGS)) - for (i = 0; i < sk_PKCS7_SIGNER_INFO_num(sinfos); i++) { - si = sk_PKCS7_SIGNER_INFO_value(sinfos, i); - signer = sk_X509_value(signers, i); - j = PKCS7_signatureVerify(p7bio, p7, si, signer); - if (j <= 0) { - ERR_raise(ERR_LIB_PKCS7, PKCS7_R_SIGNATURE_FAILURE); - goto err; - } - } - - ret = 1; - - err: - X509_STORE_CTX_free(cert_ctx); - OPENSSL_free(buf); - if (tmpin == indata) { - if (indata) - BIO_pop(p7bio); - } - BIO_free_all(p7bio); - sk_X509_free(signers); - return ret; -} - -STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, - int flags) -{ - STACK_OF(X509) *signers; - STACK_OF(PKCS7_SIGNER_INFO) *sinfos; - PKCS7_SIGNER_INFO *si; - PKCS7_ISSUER_AND_SERIAL *ias; - X509 *signer; - int i; - - if (p7 == NULL) { - ERR_raise(ERR_LIB_PKCS7, PKCS7_R_INVALID_NULL_POINTER); - return NULL; - } - - if (!PKCS7_type_is_signed(p7)) { - ERR_raise(ERR_LIB_PKCS7, PKCS7_R_WRONG_CONTENT_TYPE); - return NULL; - } - - /* Collect all the signers together */ - - sinfos = PKCS7_get_signer_info(p7); - - if (sk_PKCS7_SIGNER_INFO_num(sinfos) <= 0) { - ERR_raise(ERR_LIB_PKCS7, PKCS7_R_NO_SIGNERS); - return 0; - } - - if ((signers = sk_X509_new_null()) == NULL) { - ERR_raise(ERR_LIB_PKCS7, ERR_R_MALLOC_FAILURE); - return NULL; - } - - for (i = 0; i < sk_PKCS7_SIGNER_INFO_num(sinfos); i++) { - si = sk_PKCS7_SIGNER_INFO_value(sinfos, i); - ias = si->issuer_and_serial; - signer = NULL; - /* If any certificates passed they take priority */ - if (certs) - signer = X509_find_by_issuer_and_serial(certs, - ias->issuer, ias->serial); - if (!signer && !(flags & PKCS7_NOINTERN) - && p7->d.sign->cert) - signer = - X509_find_by_issuer_and_serial(p7->d.sign->cert, - ias->issuer, ias->serial); - if (!signer) { - ERR_raise(ERR_LIB_PKCS7, PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND); - sk_X509_free(signers); - return 0; - } - - if (!sk_X509_push(signers, signer)) { - sk_X509_free(signers); - return NULL; - } - } - return signers; -} - -/* Build a complete PKCS#7 enveloped data */ - -PKCS7 *PKCS7_encrypt_ex(STACK_OF(X509) *certs, BIO *in, - const EVP_CIPHER *cipher, int flags, - OSSL_LIB_CTX *libctx, const char *propq) -{ - PKCS7 *p7; - BIO *p7bio = NULL; - int i; - X509 *x509; - - if ((p7 = PKCS7_new_ex(libctx, propq)) == NULL) { - ERR_raise(ERR_LIB_PKCS7, ERR_R_MALLOC_FAILURE); - return NULL; - } - - if (!PKCS7_set_type(p7, NID_pkcs7_enveloped)) - goto err; - if (!PKCS7_set_cipher(p7, cipher)) { - ERR_raise(ERR_LIB_PKCS7, PKCS7_R_ERROR_SETTING_CIPHER); - goto err; - } - - for (i = 0; i < sk_X509_num(certs); i++) { - x509 = sk_X509_value(certs, i); - if (!PKCS7_add_recipient(p7, x509)) { - ERR_raise(ERR_LIB_PKCS7, PKCS7_R_ERROR_ADDING_RECIPIENT); - goto err; - } - } - - if (flags & PKCS7_STREAM) - return p7; - - if (PKCS7_final(p7, in, flags)) - return p7; - - err: - - BIO_free_all(p7bio); - PKCS7_free(p7); - return NULL; - -} - -PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher, - int flags) -{ - return PKCS7_encrypt_ex(certs, in, cipher, flags, NULL, NULL); -} - - -int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags) -{ - BIO *tmpmem; - int ret = 0, i; - char *buf = NULL; - - if (p7 == NULL) { - ERR_raise(ERR_LIB_PKCS7, PKCS7_R_INVALID_NULL_POINTER); - return 0; - } - - if (!PKCS7_type_is_enveloped(p7)) { - ERR_raise(ERR_LIB_PKCS7, PKCS7_R_WRONG_CONTENT_TYPE); - return 0; - } - - if (cert && !X509_check_private_key(cert, pkey)) { - ERR_raise(ERR_LIB_PKCS7, - PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE); - return 0; - } - - if ((tmpmem = PKCS7_dataDecode(p7, pkey, NULL, cert)) == NULL) { - ERR_raise(ERR_LIB_PKCS7, PKCS7_R_DECRYPT_ERROR); - return 0; - } - - if (flags & PKCS7_TEXT) { - BIO *tmpbuf, *bread; - /* Encrypt BIOs can't do BIO_gets() so add a buffer BIO */ - if ((tmpbuf = BIO_new(BIO_f_buffer())) == NULL) { - ERR_raise(ERR_LIB_PKCS7, ERR_R_MALLOC_FAILURE); - BIO_free_all(tmpmem); - return 0; - } - if ((bread = BIO_push(tmpbuf, tmpmem)) == NULL) { - ERR_raise(ERR_LIB_PKCS7, ERR_R_MALLOC_FAILURE); - BIO_free_all(tmpbuf); - BIO_free_all(tmpmem); - return 0; - } - ret = SMIME_text(bread, data); - if (ret > 0 && BIO_method_type(tmpmem) == BIO_TYPE_CIPHER) { - if (BIO_get_cipher_status(tmpmem) <= 0) - ret = 0; - } - BIO_free_all(bread); - return ret; - } - if ((buf = OPENSSL_malloc(BUFFERSIZE)) == NULL) { - ERR_raise(ERR_LIB_PKCS7, ERR_R_MALLOC_FAILURE); - goto err; - } - for (;;) { - i = BIO_read(tmpmem, buf, BUFFERSIZE); - if (i <= 0) { - ret = 1; - if (BIO_method_type(tmpmem) == BIO_TYPE_CIPHER) { - if (BIO_get_cipher_status(tmpmem) <= 0) - ret = 0; - } - - break; - } - if (BIO_write(data, buf, i) != i) { - break; - } - } -err: - OPENSSL_free(buf); - BIO_free_all(tmpmem); - return ret; -} diff --git a/crypto/pkcs7/pkcs7err.c b/crypto/pkcs7/pkcs7err.c deleted file mode 100644 index cd839511e31c7dca284d11eb911d9315e1b1f556..0000000000000000000000000000000000000000 --- a/crypto/pkcs7/pkcs7err.c +++ /dev/null @@ -1,98 +0,0 @@ -/* - * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include "crypto/pkcs7err.h" - -#ifndef OPENSSL_NO_ERR - -static const ERR_STRING_DATA PKCS7_str_reasons[] = { - {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_CERTIFICATE_VERIFY_ERROR), - "certificate verify error"}, - {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER), - "cipher has no object identifier"}, - {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_CIPHER_NOT_INITIALIZED), - "cipher not initialized"}, - {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_CONTENT_AND_DATA_PRESENT), - "content and data present"}, - {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_CTRL_ERROR), "ctrl error"}, - {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_DECRYPT_ERROR), "decrypt error"}, - {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_DIGEST_FAILURE), "digest failure"}, - {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_ENCRYPTION_CTRL_FAILURE), - "encryption ctrl failure"}, - {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE), - "encryption not supported for this key type"}, - {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_ERROR_ADDING_RECIPIENT), - "error adding recipient"}, - {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_ERROR_SETTING_CIPHER), - "error setting cipher"}, - {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_INVALID_NULL_POINTER), - "invalid null pointer"}, - {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_INVALID_SIGNED_DATA_TYPE), - "invalid signed data type"}, - {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_NO_CONTENT), "no content"}, - {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_NO_DEFAULT_DIGEST), - "no default digest"}, - {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_NO_MATCHING_DIGEST_TYPE_FOUND), - "no matching digest type found"}, - {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE), - "no recipient matches certificate"}, - {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_NO_SIGNATURES_ON_DATA), - "no signatures on data"}, - {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_NO_SIGNERS), "no signers"}, - {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE), - "operation not supported on this type"}, - {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR), - "pkcs7 add signature error"}, - {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_PKCS7_ADD_SIGNER_ERROR), - "pkcs7 add signer error"}, - {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_PKCS7_DATASIGN), "pkcs7 datasign"}, - {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE), - "private key does not match certificate"}, - {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_SIGNATURE_FAILURE), - "signature failure"}, - {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND), - "signer certificate not found"}, - {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_SIGNING_CTRL_FAILURE), - "signing ctrl failure"}, - {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE), - "signing not supported for this key type"}, - {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_SMIME_TEXT_ERROR), "smime text error"}, - {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_UNABLE_TO_FIND_CERTIFICATE), - "unable to find certificate"}, - {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_UNABLE_TO_FIND_MEM_BIO), - "unable to find mem bio"}, - {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST), - "unable to find message digest"}, - {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_UNKNOWN_DIGEST_TYPE), - "unknown digest type"}, - {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_UNKNOWN_OPERATION), - "unknown operation"}, - {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_UNSUPPORTED_CIPHER_TYPE), - "unsupported cipher type"}, - {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_UNSUPPORTED_CONTENT_TYPE), - "unsupported content type"}, - {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_WRONG_CONTENT_TYPE), - "wrong content type"}, - {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_WRONG_PKCS7_TYPE), "wrong pkcs7 type"}, - {0, NULL} -}; - -#endif - -int ossl_err_load_PKCS7_strings(void) -{ -#ifndef OPENSSL_NO_ERR - if (ERR_reason_error_string(PKCS7_str_reasons[0].error) == NULL) - ERR_load_strings_const(PKCS7_str_reasons); -#endif - return 1; -} diff --git a/crypto/poly1305/asm/poly1305-armv4.pl b/crypto/poly1305/asm/poly1305-armv4.pl deleted file mode 100755 index 041bfd46e6990a353983b76e131e2f9ad204d110..0000000000000000000000000000000000000000 --- a/crypto/poly1305/asm/poly1305-armv4.pl +++ /dev/null @@ -1,1255 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - -# -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# ==================================================================== -# -# IALU(*)/gcc-4.4 NEON -# -# ARM11xx(ARMv6) 7.78/+100% - -# Cortex-A5 6.35/+130% 3.00 -# Cortex-A8 6.25/+115% 2.36 -# Cortex-A9 5.10/+95% 2.55 -# Cortex-A15 3.85/+85% 1.25(**) -# Snapdragon S4 5.70/+100% 1.48(**) -# -# (*) this is for -march=armv6, i.e. with bunch of ldrb loading data; -# (**) these are trade-off results, they can be improved by ~8% but at -# the cost of 15/12% regression on Cortex-A5/A7, it's even possible -# to improve Cortex-A9 result, but then A5/A7 loose more than 20%; - -# $output is the last argument if it looks like a file (it has an extension) -# $flavour is the first argument if it doesn't look like a file -$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; -$flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef; - -if ($flavour && $flavour ne "void") { - $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; - ( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or - ( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or - die "can't locate arm-xlate.pl"; - - open STDOUT,"| \"$^X\" $xlate $flavour \"$output\"" - or die "can't call $xlate: $!"; -} else { - $output and open STDOUT,">$output"; -} - -($ctx,$inp,$len,$padbit)=map("r$_",(0..3)); - -$code.=<<___; -#include "arm_arch.h" - -#if defined(__thumb2__) -.syntax unified -.thumb -#else -.code 32 -#endif - -.text - -.globl poly1305_emit -.globl poly1305_blocks -.globl poly1305_init -.type poly1305_init,%function -.align 5 -poly1305_init: -.Lpoly1305_init: - stmdb sp!,{r4-r11} - - eor r3,r3,r3 - cmp $inp,#0 - str r3,[$ctx,#0] @ zero hash value - str r3,[$ctx,#4] - str r3,[$ctx,#8] - str r3,[$ctx,#12] - str r3,[$ctx,#16] - str r3,[$ctx,#36] @ is_base2_26 - add $ctx,$ctx,#20 - -#ifdef __thumb2__ - it eq -#endif - moveq r0,#0 - beq .Lno_key - -#if __ARM_MAX_ARCH__>=7 - adr r11,.Lpoly1305_init - ldr r12,.LOPENSSL_armcap -#endif - ldrb r4,[$inp,#0] - mov r10,#0x0fffffff - ldrb r5,[$inp,#1] - and r3,r10,#-4 @ 0x0ffffffc - ldrb r6,[$inp,#2] - ldrb r7,[$inp,#3] - orr r4,r4,r5,lsl#8 - ldrb r5,[$inp,#4] - orr r4,r4,r6,lsl#16 - ldrb r6,[$inp,#5] - orr r4,r4,r7,lsl#24 - ldrb r7,[$inp,#6] - and r4,r4,r10 - -#if __ARM_MAX_ARCH__>=7 -# if !defined(_WIN32) - ldr r12,[r11,r12] @ OPENSSL_armcap_P -# endif -# if defined(__APPLE__) || defined(_WIN32) - ldr r12,[r12] -# endif -#endif - ldrb r8,[$inp,#7] - orr r5,r5,r6,lsl#8 - ldrb r6,[$inp,#8] - orr r5,r5,r7,lsl#16 - ldrb r7,[$inp,#9] - orr r5,r5,r8,lsl#24 - ldrb r8,[$inp,#10] - and r5,r5,r3 - -#if __ARM_MAX_ARCH__>=7 - tst r12,#ARMV7_NEON @ check for NEON -# ifdef __thumb2__ - adr r9,.Lpoly1305_blocks_neon - adr r11,.Lpoly1305_blocks - adr r12,.Lpoly1305_emit - adr r10,.Lpoly1305_emit_neon - itt ne - movne r11,r9 - movne r12,r10 - orr r11,r11,#1 @ thumb-ify address - orr r12,r12,#1 -# else - addeq r12,r11,#(.Lpoly1305_emit-.Lpoly1305_init) - addne r12,r11,#(.Lpoly1305_emit_neon-.Lpoly1305_init) - addeq r11,r11,#(.Lpoly1305_blocks-.Lpoly1305_init) - addne r11,r11,#(.Lpoly1305_blocks_neon-.Lpoly1305_init) -# endif -#endif - ldrb r9,[$inp,#11] - orr r6,r6,r7,lsl#8 - ldrb r7,[$inp,#12] - orr r6,r6,r8,lsl#16 - ldrb r8,[$inp,#13] - orr r6,r6,r9,lsl#24 - ldrb r9,[$inp,#14] - and r6,r6,r3 - - ldrb r10,[$inp,#15] - orr r7,r7,r8,lsl#8 - str r4,[$ctx,#0] - orr r7,r7,r9,lsl#16 - str r5,[$ctx,#4] - orr r7,r7,r10,lsl#24 - str r6,[$ctx,#8] - and r7,r7,r3 - str r7,[$ctx,#12] -#if __ARM_MAX_ARCH__>=7 - stmia r2,{r11,r12} @ fill functions table - mov r0,#1 -#else - mov r0,#0 -#endif -.Lno_key: - ldmia sp!,{r4-r11} -#if __ARM_ARCH__>=5 - ret @ bx lr -#else - tst lr,#1 - moveq pc,lr @ be binary compatible with V4, yet - bx lr @ interoperable with Thumb ISA:-) -#endif -.size poly1305_init,.-poly1305_init -___ -{ -my ($h0,$h1,$h2,$h3,$h4,$r0,$r1,$r2,$r3)=map("r$_",(4..12)); -my ($s1,$s2,$s3)=($r1,$r2,$r3); - -$code.=<<___; -.type poly1305_blocks,%function -.align 5 -poly1305_blocks: -.Lpoly1305_blocks: - stmdb sp!,{r3-r11,lr} - - ands $len,$len,#-16 - beq .Lno_data - - cmp $padbit,#0 - add $len,$len,$inp @ end pointer - sub sp,sp,#32 - - ldmia $ctx,{$h0-$r3} @ load context - - str $ctx,[sp,#12] @ offload stuff - mov lr,$inp - str $len,[sp,#16] - str $r1,[sp,#20] - str $r2,[sp,#24] - str $r3,[sp,#28] - b .Loop - -.Loop: -#if __ARM_ARCH__<7 - ldrb r0,[lr],#16 @ load input -# ifdef __thumb2__ - it hi -# endif - addhi $h4,$h4,#1 @ 1<<128 - ldrb r1,[lr,#-15] - ldrb r2,[lr,#-14] - ldrb r3,[lr,#-13] - orr r1,r0,r1,lsl#8 - ldrb r0,[lr,#-12] - orr r2,r1,r2,lsl#16 - ldrb r1,[lr,#-11] - orr r3,r2,r3,lsl#24 - ldrb r2,[lr,#-10] - adds $h0,$h0,r3 @ accumulate input - - ldrb r3,[lr,#-9] - orr r1,r0,r1,lsl#8 - ldrb r0,[lr,#-8] - orr r2,r1,r2,lsl#16 - ldrb r1,[lr,#-7] - orr r3,r2,r3,lsl#24 - ldrb r2,[lr,#-6] - adcs $h1,$h1,r3 - - ldrb r3,[lr,#-5] - orr r1,r0,r1,lsl#8 - ldrb r0,[lr,#-4] - orr r2,r1,r2,lsl#16 - ldrb r1,[lr,#-3] - orr r3,r2,r3,lsl#24 - ldrb r2,[lr,#-2] - adcs $h2,$h2,r3 - - ldrb r3,[lr,#-1] - orr r1,r0,r1,lsl#8 - str lr,[sp,#8] @ offload input pointer - orr r2,r1,r2,lsl#16 - add $s1,$r1,$r1,lsr#2 - orr r3,r2,r3,lsl#24 -#else - ldr r0,[lr],#16 @ load input -# ifdef __thumb2__ - it hi -# endif - addhi $h4,$h4,#1 @ padbit - ldr r1,[lr,#-12] - ldr r2,[lr,#-8] - ldr r3,[lr,#-4] -# ifdef __ARMEB__ - rev r0,r0 - rev r1,r1 - rev r2,r2 - rev r3,r3 -# endif - adds $h0,$h0,r0 @ accumulate input - str lr,[sp,#8] @ offload input pointer - adcs $h1,$h1,r1 - add $s1,$r1,$r1,lsr#2 - adcs $h2,$h2,r2 -#endif - add $s2,$r2,$r2,lsr#2 - adcs $h3,$h3,r3 - add $s3,$r3,$r3,lsr#2 - - umull r2,r3,$h1,$r0 - adc $h4,$h4,#0 - umull r0,r1,$h0,$r0 - umlal r2,r3,$h4,$s1 - umlal r0,r1,$h3,$s1 - ldr $r1,[sp,#20] @ reload $r1 - umlal r2,r3,$h2,$s3 - umlal r0,r1,$h1,$s3 - umlal r2,r3,$h3,$s2 - umlal r0,r1,$h2,$s2 - umlal r2,r3,$h0,$r1 - str r0,[sp,#0] @ future $h0 - mul r0,$s2,$h4 - ldr $r2,[sp,#24] @ reload $r2 - adds r2,r2,r1 @ d1+=d0>>32 - eor r1,r1,r1 - adc lr,r3,#0 @ future $h2 - str r2,[sp,#4] @ future $h1 - - mul r2,$s3,$h4 - eor r3,r3,r3 - umlal r0,r1,$h3,$s3 - ldr $r3,[sp,#28] @ reload $r3 - umlal r2,r3,$h3,$r0 - umlal r0,r1,$h2,$r0 - umlal r2,r3,$h2,$r1 - umlal r0,r1,$h1,$r1 - umlal r2,r3,$h1,$r2 - umlal r0,r1,$h0,$r2 - umlal r2,r3,$h0,$r3 - ldr $h0,[sp,#0] - mul $h4,$r0,$h4 - ldr $h1,[sp,#4] - - adds $h2,lr,r0 @ d2+=d1>>32 - ldr lr,[sp,#8] @ reload input pointer - adc r1,r1,#0 - adds $h3,r2,r1 @ d3+=d2>>32 - ldr r0,[sp,#16] @ reload end pointer - adc r3,r3,#0 - add $h4,$h4,r3 @ h4+=d3>>32 - - and r1,$h4,#-4 - and $h4,$h4,#3 - add r1,r1,r1,lsr#2 @ *=5 - adds $h0,$h0,r1 - adcs $h1,$h1,#0 - adcs $h2,$h2,#0 - adcs $h3,$h3,#0 - adc $h4,$h4,#0 - - cmp r0,lr @ done yet? - bhi .Loop - - ldr $ctx,[sp,#12] - add sp,sp,#32 - stmia $ctx,{$h0-$h4} @ store the result - -.Lno_data: -#if __ARM_ARCH__>=5 - ldmia sp!,{r3-r11,pc} -#else - ldmia sp!,{r3-r11,lr} - tst lr,#1 - moveq pc,lr @ be binary compatible with V4, yet - bx lr @ interoperable with Thumb ISA:-) -#endif -.size poly1305_blocks,.-poly1305_blocks -___ -} -{ -my ($ctx,$mac,$nonce)=map("r$_",(0..2)); -my ($h0,$h1,$h2,$h3,$h4,$g0,$g1,$g2,$g3)=map("r$_",(3..11)); -my $g4=$h4; - -$code.=<<___; -.type poly1305_emit,%function -.align 5 -poly1305_emit: -.Lpoly1305_emit: - stmdb sp!,{r4-r11} -.Lpoly1305_emit_enter: - - ldmia $ctx,{$h0-$h4} - adds $g0,$h0,#5 @ compare to modulus - adcs $g1,$h1,#0 - adcs $g2,$h2,#0 - adcs $g3,$h3,#0 - adc $g4,$h4,#0 - tst $g4,#4 @ did it carry/borrow? - -#ifdef __thumb2__ - it ne -#endif - movne $h0,$g0 - ldr $g0,[$nonce,#0] -#ifdef __thumb2__ - it ne -#endif - movne $h1,$g1 - ldr $g1,[$nonce,#4] -#ifdef __thumb2__ - it ne -#endif - movne $h2,$g2 - ldr $g2,[$nonce,#8] -#ifdef __thumb2__ - it ne -#endif - movne $h3,$g3 - ldr $g3,[$nonce,#12] - - adds $h0,$h0,$g0 - adcs $h1,$h1,$g1 - adcs $h2,$h2,$g2 - adc $h3,$h3,$g3 - -#if __ARM_ARCH__>=7 -# ifdef __ARMEB__ - rev $h0,$h0 - rev $h1,$h1 - rev $h2,$h2 - rev $h3,$h3 -# endif - str $h0,[$mac,#0] - str $h1,[$mac,#4] - str $h2,[$mac,#8] - str $h3,[$mac,#12] -#else - strb $h0,[$mac,#0] - mov $h0,$h0,lsr#8 - strb $h1,[$mac,#4] - mov $h1,$h1,lsr#8 - strb $h2,[$mac,#8] - mov $h2,$h2,lsr#8 - strb $h3,[$mac,#12] - mov $h3,$h3,lsr#8 - - strb $h0,[$mac,#1] - mov $h0,$h0,lsr#8 - strb $h1,[$mac,#5] - mov $h1,$h1,lsr#8 - strb $h2,[$mac,#9] - mov $h2,$h2,lsr#8 - strb $h3,[$mac,#13] - mov $h3,$h3,lsr#8 - - strb $h0,[$mac,#2] - mov $h0,$h0,lsr#8 - strb $h1,[$mac,#6] - mov $h1,$h1,lsr#8 - strb $h2,[$mac,#10] - mov $h2,$h2,lsr#8 - strb $h3,[$mac,#14] - mov $h3,$h3,lsr#8 - - strb $h0,[$mac,#3] - strb $h1,[$mac,#7] - strb $h2,[$mac,#11] - strb $h3,[$mac,#15] -#endif - ldmia sp!,{r4-r11} -#if __ARM_ARCH__>=5 - ret @ bx lr -#else - tst lr,#1 - moveq pc,lr @ be binary compatible with V4, yet - bx lr @ interoperable with Thumb ISA:-) -#endif -.size poly1305_emit,.-poly1305_emit -___ -{ -my ($R0,$R1,$S1,$R2,$S2,$R3,$S3,$R4,$S4) = map("d$_",(0..9)); -my ($D0,$D1,$D2,$D3,$D4, $H0,$H1,$H2,$H3,$H4) = map("q$_",(5..14)); -my ($T0,$T1,$MASK) = map("q$_",(15,4,0)); - -my ($in2,$zeros,$tbl0,$tbl1) = map("r$_",(4..7)); - -$code.=<<___; -#if __ARM_MAX_ARCH__>=7 -.fpu neon - -.type poly1305_init_neon,%function -.align 5 -poly1305_init_neon: - ldr r4,[$ctx,#20] @ load key base 2^32 - ldr r5,[$ctx,#24] - ldr r6,[$ctx,#28] - ldr r7,[$ctx,#32] - - and r2,r4,#0x03ffffff @ base 2^32 -> base 2^26 - mov r3,r4,lsr#26 - mov r4,r5,lsr#20 - orr r3,r3,r5,lsl#6 - mov r5,r6,lsr#14 - orr r4,r4,r6,lsl#12 - mov r6,r7,lsr#8 - orr r5,r5,r7,lsl#18 - and r3,r3,#0x03ffffff - and r4,r4,#0x03ffffff - and r5,r5,#0x03ffffff - - vdup.32 $R0,r2 @ r^1 in both lanes - add r2,r3,r3,lsl#2 @ *5 - vdup.32 $R1,r3 - add r3,r4,r4,lsl#2 - vdup.32 $S1,r2 - vdup.32 $R2,r4 - add r4,r5,r5,lsl#2 - vdup.32 $S2,r3 - vdup.32 $R3,r5 - add r5,r6,r6,lsl#2 - vdup.32 $S3,r4 - vdup.32 $R4,r6 - vdup.32 $S4,r5 - - mov $zeros,#2 @ counter - -.Lsquare_neon: - @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ - @ d0 = h0*r0 + h4*5*r1 + h3*5*r2 + h2*5*r3 + h1*5*r4 - @ d1 = h1*r0 + h0*r1 + h4*5*r2 + h3*5*r3 + h2*5*r4 - @ d2 = h2*r0 + h1*r1 + h0*r2 + h4*5*r3 + h3*5*r4 - @ d3 = h3*r0 + h2*r1 + h1*r2 + h0*r3 + h4*5*r4 - @ d4 = h4*r0 + h3*r1 + h2*r2 + h1*r3 + h0*r4 - - vmull.u32 $D0,$R0,${R0}[1] - vmull.u32 $D1,$R1,${R0}[1] - vmull.u32 $D2,$R2,${R0}[1] - vmull.u32 $D3,$R3,${R0}[1] - vmull.u32 $D4,$R4,${R0}[1] - - vmlal.u32 $D0,$R4,${S1}[1] - vmlal.u32 $D1,$R0,${R1}[1] - vmlal.u32 $D2,$R1,${R1}[1] - vmlal.u32 $D3,$R2,${R1}[1] - vmlal.u32 $D4,$R3,${R1}[1] - - vmlal.u32 $D0,$R3,${S2}[1] - vmlal.u32 $D1,$R4,${S2}[1] - vmlal.u32 $D3,$R1,${R2}[1] - vmlal.u32 $D2,$R0,${R2}[1] - vmlal.u32 $D4,$R2,${R2}[1] - - vmlal.u32 $D0,$R2,${S3}[1] - vmlal.u32 $D3,$R0,${R3}[1] - vmlal.u32 $D1,$R3,${S3}[1] - vmlal.u32 $D2,$R4,${S3}[1] - vmlal.u32 $D4,$R1,${R3}[1] - - vmlal.u32 $D3,$R4,${S4}[1] - vmlal.u32 $D0,$R1,${S4}[1] - vmlal.u32 $D1,$R2,${S4}[1] - vmlal.u32 $D2,$R3,${S4}[1] - vmlal.u32 $D4,$R0,${R4}[1] - - @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ - @ lazy reduction as discussed in "NEON crypto" by D.J. Bernstein - @ and P. Schwabe - @ - @ H0>>+H1>>+H2>>+H3>>+H4 - @ H3>>+H4>>*5+H0>>+H1 - @ - @ Trivia. - @ - @ Result of multiplication of n-bit number by m-bit number is - @ n+m bits wide. However! Even though 2^n is a n+1-bit number, - @ m-bit number multiplied by 2^n is still n+m bits wide. - @ - @ Sum of two n-bit numbers is n+1 bits wide, sum of three - n+2, - @ and so is sum of four. Sum of 2^m n-m-bit numbers and n-bit - @ one is n+1 bits wide. - @ - @ >>+ denotes Hnext += Hn>>26, Hn &= 0x3ffffff. This means that - @ H0, H2, H3 are guaranteed to be 26 bits wide, while H1 and H4 - @ can be 27. However! In cases when their width exceeds 26 bits - @ they are limited by 2^26+2^6. This in turn means that *sum* - @ of the products with these values can still be viewed as sum - @ of 52-bit numbers as long as the amount of addends is not a - @ power of 2. For example, - @ - @ H4 = H4*R0 + H3*R1 + H2*R2 + H1*R3 + H0 * R4, - @ - @ which can't be larger than 5 * (2^26 + 2^6) * (2^26 + 2^6), or - @ 5 * (2^52 + 2*2^32 + 2^12), which in turn is smaller than - @ 8 * (2^52) or 2^55. However, the value is then multiplied by - @ by 5, so we should be looking at 5 * 5 * (2^52 + 2^33 + 2^12), - @ which is less than 32 * (2^52) or 2^57. And when processing - @ data we are looking at triple as many addends... - @ - @ In key setup procedure pre-reduced H0 is limited by 5*4+1 and - @ 5*H4 - by 5*5 52-bit addends, or 57 bits. But when hashing the - @ input H0 is limited by (5*4+1)*3 addends, or 58 bits, while - @ 5*H4 by 5*5*3, or 59[!] bits. How is this relevant? vmlal.u32 - @ instruction accepts 2x32-bit input and writes 2x64-bit result. - @ This means that result of reduction have to be compressed upon - @ loop wrap-around. This can be done in the process of reduction - @ to minimize amount of instructions [as well as amount of - @ 128-bit instructions, which benefits low-end processors], but - @ one has to watch for H2 (which is narrower than H0) and 5*H4 - @ not being wider than 58 bits, so that result of right shift - @ by 26 bits fits in 32 bits. This is also useful on x86, - @ because it allows to use paddd in place for paddq, which - @ benefits Atom, where paddq is ridiculously slow. - - vshr.u64 $T0,$D3,#26 - vmovn.i64 $D3#lo,$D3 - vshr.u64 $T1,$D0,#26 - vmovn.i64 $D0#lo,$D0 - vadd.i64 $D4,$D4,$T0 @ h3 -> h4 - vbic.i32 $D3#lo,#0xfc000000 @ &=0x03ffffff - vadd.i64 $D1,$D1,$T1 @ h0 -> h1 - vbic.i32 $D0#lo,#0xfc000000 - - vshrn.u64 $T0#lo,$D4,#26 - vmovn.i64 $D4#lo,$D4 - vshr.u64 $T1,$D1,#26 - vmovn.i64 $D1#lo,$D1 - vadd.i64 $D2,$D2,$T1 @ h1 -> h2 - vbic.i32 $D4#lo,#0xfc000000 - vbic.i32 $D1#lo,#0xfc000000 - - vadd.i32 $D0#lo,$D0#lo,$T0#lo - vshl.u32 $T0#lo,$T0#lo,#2 - vshrn.u64 $T1#lo,$D2,#26 - vmovn.i64 $D2#lo,$D2 - vadd.i32 $D0#lo,$D0#lo,$T0#lo @ h4 -> h0 - vadd.i32 $D3#lo,$D3#lo,$T1#lo @ h2 -> h3 - vbic.i32 $D2#lo,#0xfc000000 - - vshr.u32 $T0#lo,$D0#lo,#26 - vbic.i32 $D0#lo,#0xfc000000 - vshr.u32 $T1#lo,$D3#lo,#26 - vbic.i32 $D3#lo,#0xfc000000 - vadd.i32 $D1#lo,$D1#lo,$T0#lo @ h0 -> h1 - vadd.i32 $D4#lo,$D4#lo,$T1#lo @ h3 -> h4 - - subs $zeros,$zeros,#1 - beq .Lsquare_break_neon - - add $tbl0,$ctx,#(48+0*9*4) - add $tbl1,$ctx,#(48+1*9*4) - - vtrn.32 $R0,$D0#lo @ r^2:r^1 - vtrn.32 $R2,$D2#lo - vtrn.32 $R3,$D3#lo - vtrn.32 $R1,$D1#lo - vtrn.32 $R4,$D4#lo - - vshl.u32 $S2,$R2,#2 @ *5 - vshl.u32 $S3,$R3,#2 - vshl.u32 $S1,$R1,#2 - vshl.u32 $S4,$R4,#2 - vadd.i32 $S2,$S2,$R2 - vadd.i32 $S1,$S1,$R1 - vadd.i32 $S3,$S3,$R3 - vadd.i32 $S4,$S4,$R4 - - vst4.32 {${R0}[0],${R1}[0],${S1}[0],${R2}[0]},[$tbl0]! - vst4.32 {${R0}[1],${R1}[1],${S1}[1],${R2}[1]},[$tbl1]! - vst4.32 {${S2}[0],${R3}[0],${S3}[0],${R4}[0]},[$tbl0]! - vst4.32 {${S2}[1],${R3}[1],${S3}[1],${R4}[1]},[$tbl1]! - vst1.32 {${S4}[0]},[$tbl0,:32] - vst1.32 {${S4}[1]},[$tbl1,:32] - - b .Lsquare_neon - -.align 4 -.Lsquare_break_neon: - add $tbl0,$ctx,#(48+2*4*9) - add $tbl1,$ctx,#(48+3*4*9) - - vmov $R0,$D0#lo @ r^4:r^3 - vshl.u32 $S1,$D1#lo,#2 @ *5 - vmov $R1,$D1#lo - vshl.u32 $S2,$D2#lo,#2 - vmov $R2,$D2#lo - vshl.u32 $S3,$D3#lo,#2 - vmov $R3,$D3#lo - vshl.u32 $S4,$D4#lo,#2 - vmov $R4,$D4#lo - vadd.i32 $S1,$S1,$D1#lo - vadd.i32 $S2,$S2,$D2#lo - vadd.i32 $S3,$S3,$D3#lo - vadd.i32 $S4,$S4,$D4#lo - - vst4.32 {${R0}[0],${R1}[0],${S1}[0],${R2}[0]},[$tbl0]! - vst4.32 {${R0}[1],${R1}[1],${S1}[1],${R2}[1]},[$tbl1]! - vst4.32 {${S2}[0],${R3}[0],${S3}[0],${R4}[0]},[$tbl0]! - vst4.32 {${S2}[1],${R3}[1],${S3}[1],${R4}[1]},[$tbl1]! - vst1.32 {${S4}[0]},[$tbl0] - vst1.32 {${S4}[1]},[$tbl1] - - ret @ bx lr -.size poly1305_init_neon,.-poly1305_init_neon - -.type poly1305_blocks_neon,%function -.align 5 -poly1305_blocks_neon: -.Lpoly1305_blocks_neon: - ldr ip,[$ctx,#36] @ is_base2_26 - ands $len,$len,#-16 - beq .Lno_data_neon - - cmp $len,#64 - bhs .Lenter_neon - tst ip,ip @ is_base2_26? - beq .Lpoly1305_blocks - -.Lenter_neon: - stmdb sp!,{r4-r7} - vstmdb sp!,{d8-d15} @ ABI specification says so - - tst ip,ip @ is_base2_26? - bne .Lbase2_26_neon - - stmdb sp!,{r1-r3,lr} - bl poly1305_init_neon - - ldr r4,[$ctx,#0] @ load hash value base 2^32 - ldr r5,[$ctx,#4] - ldr r6,[$ctx,#8] - ldr r7,[$ctx,#12] - ldr ip,[$ctx,#16] - - and r2,r4,#0x03ffffff @ base 2^32 -> base 2^26 - mov r3,r4,lsr#26 - veor $D0#lo,$D0#lo,$D0#lo - mov r4,r5,lsr#20 - orr r3,r3,r5,lsl#6 - veor $D1#lo,$D1#lo,$D1#lo - mov r5,r6,lsr#14 - orr r4,r4,r6,lsl#12 - veor $D2#lo,$D2#lo,$D2#lo - mov r6,r7,lsr#8 - orr r5,r5,r7,lsl#18 - veor $D3#lo,$D3#lo,$D3#lo - and r3,r3,#0x03ffffff - orr r6,r6,ip,lsl#24 - veor $D4#lo,$D4#lo,$D4#lo - and r4,r4,#0x03ffffff - mov r1,#1 - and r5,r5,#0x03ffffff - str r1,[$ctx,#36] @ is_base2_26 - - vmov.32 $D0#lo[0],r2 - vmov.32 $D1#lo[0],r3 - vmov.32 $D2#lo[0],r4 - vmov.32 $D3#lo[0],r5 - vmov.32 $D4#lo[0],r6 - adr $zeros,.Lzeros - - ldmia sp!,{r1-r3,lr} - b .Lbase2_32_neon - -.align 4 -.Lbase2_26_neon: - @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ - @ load hash value - - veor $D0#lo,$D0#lo,$D0#lo - veor $D1#lo,$D1#lo,$D1#lo - veor $D2#lo,$D2#lo,$D2#lo - veor $D3#lo,$D3#lo,$D3#lo - veor $D4#lo,$D4#lo,$D4#lo - vld4.32 {$D0#lo[0],$D1#lo[0],$D2#lo[0],$D3#lo[0]},[$ctx]! - adr $zeros,.Lzeros - vld1.32 {$D4#lo[0]},[$ctx] - sub $ctx,$ctx,#16 @ rewind - -.Lbase2_32_neon: - add $in2,$inp,#32 - mov $padbit,$padbit,lsl#24 - tst $len,#31 - beq .Leven - - vld4.32 {$H0#lo[0],$H1#lo[0],$H2#lo[0],$H3#lo[0]},[$inp]! - vmov.32 $H4#lo[0],$padbit - sub $len,$len,#16 - add $in2,$inp,#32 - -# ifdef __ARMEB__ - vrev32.8 $H0,$H0 - vrev32.8 $H3,$H3 - vrev32.8 $H1,$H1 - vrev32.8 $H2,$H2 -# endif - vsri.u32 $H4#lo,$H3#lo,#8 @ base 2^32 -> base 2^26 - vshl.u32 $H3#lo,$H3#lo,#18 - - vsri.u32 $H3#lo,$H2#lo,#14 - vshl.u32 $H2#lo,$H2#lo,#12 - vadd.i32 $H4#hi,$H4#lo,$D4#lo @ add hash value and move to #hi - - vbic.i32 $H3#lo,#0xfc000000 - vsri.u32 $H2#lo,$H1#lo,#20 - vshl.u32 $H1#lo,$H1#lo,#6 - - vbic.i32 $H2#lo,#0xfc000000 - vsri.u32 $H1#lo,$H0#lo,#26 - vadd.i32 $H3#hi,$H3#lo,$D3#lo - - vbic.i32 $H0#lo,#0xfc000000 - vbic.i32 $H1#lo,#0xfc000000 - vadd.i32 $H2#hi,$H2#lo,$D2#lo - - vadd.i32 $H0#hi,$H0#lo,$D0#lo - vadd.i32 $H1#hi,$H1#lo,$D1#lo - - mov $tbl1,$zeros - add $tbl0,$ctx,#48 - - cmp $len,$len - b .Long_tail - -.align 4 -.Leven: - subs $len,$len,#64 - it lo - movlo $in2,$zeros - - vmov.i32 $H4,#1<<24 @ padbit, yes, always - vld4.32 {$H0#lo,$H1#lo,$H2#lo,$H3#lo},[$inp] @ inp[0:1] - add $inp,$inp,#64 - vld4.32 {$H0#hi,$H1#hi,$H2#hi,$H3#hi},[$in2] @ inp[2:3] (or 0) - add $in2,$in2,#64 - itt hi - addhi $tbl1,$ctx,#(48+1*9*4) - addhi $tbl0,$ctx,#(48+3*9*4) - -# ifdef __ARMEB__ - vrev32.8 $H0,$H0 - vrev32.8 $H3,$H3 - vrev32.8 $H1,$H1 - vrev32.8 $H2,$H2 -# endif - vsri.u32 $H4,$H3,#8 @ base 2^32 -> base 2^26 - vshl.u32 $H3,$H3,#18 - - vsri.u32 $H3,$H2,#14 - vshl.u32 $H2,$H2,#12 - - vbic.i32 $H3,#0xfc000000 - vsri.u32 $H2,$H1,#20 - vshl.u32 $H1,$H1,#6 - - vbic.i32 $H2,#0xfc000000 - vsri.u32 $H1,$H0,#26 - - vbic.i32 $H0,#0xfc000000 - vbic.i32 $H1,#0xfc000000 - - bls .Lskip_loop - - vld4.32 {${R0}[1],${R1}[1],${S1}[1],${R2}[1]},[$tbl1]! @ load r^2 - vld4.32 {${R0}[0],${R1}[0],${S1}[0],${R2}[0]},[$tbl0]! @ load r^4 - vld4.32 {${S2}[1],${R3}[1],${S3}[1],${R4}[1]},[$tbl1]! - vld4.32 {${S2}[0],${R3}[0],${S3}[0],${R4}[0]},[$tbl0]! - b .Loop_neon - -.align 5 -.Loop_neon: - @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ - @ ((inp[0]*r^4+inp[2]*r^2+inp[4])*r^4+inp[6]*r^2 - @ ((inp[1]*r^4+inp[3]*r^2+inp[5])*r^3+inp[7]*r - @ \___________________/ - @ ((inp[0]*r^4+inp[2]*r^2+inp[4])*r^4+inp[6]*r^2+inp[8])*r^2 - @ ((inp[1]*r^4+inp[3]*r^2+inp[5])*r^4+inp[7]*r^2+inp[9])*r - @ \___________________/ \____________________/ - @ - @ Note that we start with inp[2:3]*r^2. This is because it - @ doesn't depend on reduction in previous iteration. - @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ - @ d4 = h4*r0 + h3*r1 + h2*r2 + h1*r3 + h0*r4 - @ d3 = h3*r0 + h2*r1 + h1*r2 + h0*r3 + h4*5*r4 - @ d2 = h2*r0 + h1*r1 + h0*r2 + h4*5*r3 + h3*5*r4 - @ d1 = h1*r0 + h0*r1 + h4*5*r2 + h3*5*r3 + h2*5*r4 - @ d0 = h0*r0 + h4*5*r1 + h3*5*r2 + h2*5*r3 + h1*5*r4 - - @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ - @ inp[2:3]*r^2 - - vadd.i32 $H2#lo,$H2#lo,$D2#lo @ accumulate inp[0:1] - vmull.u32 $D2,$H2#hi,${R0}[1] - vadd.i32 $H0#lo,$H0#lo,$D0#lo - vmull.u32 $D0,$H0#hi,${R0}[1] - vadd.i32 $H3#lo,$H3#lo,$D3#lo - vmull.u32 $D3,$H3#hi,${R0}[1] - vmlal.u32 $D2,$H1#hi,${R1}[1] - vadd.i32 $H1#lo,$H1#lo,$D1#lo - vmull.u32 $D1,$H1#hi,${R0}[1] - - vadd.i32 $H4#lo,$H4#lo,$D4#lo - vmull.u32 $D4,$H4#hi,${R0}[1] - subs $len,$len,#64 - vmlal.u32 $D0,$H4#hi,${S1}[1] - it lo - movlo $in2,$zeros - vmlal.u32 $D3,$H2#hi,${R1}[1] - vld1.32 ${S4}[1],[$tbl1,:32] - vmlal.u32 $D1,$H0#hi,${R1}[1] - vmlal.u32 $D4,$H3#hi,${R1}[1] - - vmlal.u32 $D0,$H3#hi,${S2}[1] - vmlal.u32 $D3,$H1#hi,${R2}[1] - vmlal.u32 $D4,$H2#hi,${R2}[1] - vmlal.u32 $D1,$H4#hi,${S2}[1] - vmlal.u32 $D2,$H0#hi,${R2}[1] - - vmlal.u32 $D3,$H0#hi,${R3}[1] - vmlal.u32 $D0,$H2#hi,${S3}[1] - vmlal.u32 $D4,$H1#hi,${R3}[1] - vmlal.u32 $D1,$H3#hi,${S3}[1] - vmlal.u32 $D2,$H4#hi,${S3}[1] - - vmlal.u32 $D3,$H4#hi,${S4}[1] - vmlal.u32 $D0,$H1#hi,${S4}[1] - vmlal.u32 $D4,$H0#hi,${R4}[1] - vmlal.u32 $D1,$H2#hi,${S4}[1] - vmlal.u32 $D2,$H3#hi,${S4}[1] - - vld4.32 {$H0#hi,$H1#hi,$H2#hi,$H3#hi},[$in2] @ inp[2:3] (or 0) - add $in2,$in2,#64 - - @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ - @ (hash+inp[0:1])*r^4 and accumulate - - vmlal.u32 $D3,$H3#lo,${R0}[0] - vmlal.u32 $D0,$H0#lo,${R0}[0] - vmlal.u32 $D4,$H4#lo,${R0}[0] - vmlal.u32 $D1,$H1#lo,${R0}[0] - vmlal.u32 $D2,$H2#lo,${R0}[0] - vld1.32 ${S4}[0],[$tbl0,:32] - - vmlal.u32 $D3,$H2#lo,${R1}[0] - vmlal.u32 $D0,$H4#lo,${S1}[0] - vmlal.u32 $D4,$H3#lo,${R1}[0] - vmlal.u32 $D1,$H0#lo,${R1}[0] - vmlal.u32 $D2,$H1#lo,${R1}[0] - - vmlal.u32 $D3,$H1#lo,${R2}[0] - vmlal.u32 $D0,$H3#lo,${S2}[0] - vmlal.u32 $D4,$H2#lo,${R2}[0] - vmlal.u32 $D1,$H4#lo,${S2}[0] - vmlal.u32 $D2,$H0#lo,${R2}[0] - - vmlal.u32 $D3,$H0#lo,${R3}[0] - vmlal.u32 $D0,$H2#lo,${S3}[0] - vmlal.u32 $D4,$H1#lo,${R3}[0] - vmlal.u32 $D1,$H3#lo,${S3}[0] - vmlal.u32 $D3,$H4#lo,${S4}[0] - - vmlal.u32 $D2,$H4#lo,${S3}[0] - vmlal.u32 $D0,$H1#lo,${S4}[0] - vmlal.u32 $D4,$H0#lo,${R4}[0] - vmov.i32 $H4,#1<<24 @ padbit, yes, always - vmlal.u32 $D1,$H2#lo,${S4}[0] - vmlal.u32 $D2,$H3#lo,${S4}[0] - - vld4.32 {$H0#lo,$H1#lo,$H2#lo,$H3#lo},[$inp] @ inp[0:1] - add $inp,$inp,#64 -# ifdef __ARMEB__ - vrev32.8 $H0,$H0 - vrev32.8 $H1,$H1 - vrev32.8 $H2,$H2 - vrev32.8 $H3,$H3 -# endif - - @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ - @ lazy reduction interleaved with base 2^32 -> base 2^26 of - @ inp[0:3] previously loaded to $H0-$H3 and smashed to $H0-$H4. - - vshr.u64 $T0,$D3,#26 - vmovn.i64 $D3#lo,$D3 - vshr.u64 $T1,$D0,#26 - vmovn.i64 $D0#lo,$D0 - vadd.i64 $D4,$D4,$T0 @ h3 -> h4 - vbic.i32 $D3#lo,#0xfc000000 - vsri.u32 $H4,$H3,#8 @ base 2^32 -> base 2^26 - vadd.i64 $D1,$D1,$T1 @ h0 -> h1 - vshl.u32 $H3,$H3,#18 - vbic.i32 $D0#lo,#0xfc000000 - - vshrn.u64 $T0#lo,$D4,#26 - vmovn.i64 $D4#lo,$D4 - vshr.u64 $T1,$D1,#26 - vmovn.i64 $D1#lo,$D1 - vadd.i64 $D2,$D2,$T1 @ h1 -> h2 - vsri.u32 $H3,$H2,#14 - vbic.i32 $D4#lo,#0xfc000000 - vshl.u32 $H2,$H2,#12 - vbic.i32 $D1#lo,#0xfc000000 - - vadd.i32 $D0#lo,$D0#lo,$T0#lo - vshl.u32 $T0#lo,$T0#lo,#2 - vbic.i32 $H3,#0xfc000000 - vshrn.u64 $T1#lo,$D2,#26 - vmovn.i64 $D2#lo,$D2 - vaddl.u32 $D0,$D0#lo,$T0#lo @ h4 -> h0 [widen for a sec] - vsri.u32 $H2,$H1,#20 - vadd.i32 $D3#lo,$D3#lo,$T1#lo @ h2 -> h3 - vshl.u32 $H1,$H1,#6 - vbic.i32 $D2#lo,#0xfc000000 - vbic.i32 $H2,#0xfc000000 - - vshrn.u64 $T0#lo,$D0,#26 @ re-narrow - vmovn.i64 $D0#lo,$D0 - vsri.u32 $H1,$H0,#26 - vbic.i32 $H0,#0xfc000000 - vshr.u32 $T1#lo,$D3#lo,#26 - vbic.i32 $D3#lo,#0xfc000000 - vbic.i32 $D0#lo,#0xfc000000 - vadd.i32 $D1#lo,$D1#lo,$T0#lo @ h0 -> h1 - vadd.i32 $D4#lo,$D4#lo,$T1#lo @ h3 -> h4 - vbic.i32 $H1,#0xfc000000 - - bhi .Loop_neon - -.Lskip_loop: - @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ - @ multiply (inp[0:1]+hash) or inp[2:3] by r^2:r^1 - - add $tbl1,$ctx,#(48+0*9*4) - add $tbl0,$ctx,#(48+1*9*4) - adds $len,$len,#32 - it ne - movne $len,#0 - bne .Long_tail - - vadd.i32 $H2#hi,$H2#lo,$D2#lo @ add hash value and move to #hi - vadd.i32 $H0#hi,$H0#lo,$D0#lo - vadd.i32 $H3#hi,$H3#lo,$D3#lo - vadd.i32 $H1#hi,$H1#lo,$D1#lo - vadd.i32 $H4#hi,$H4#lo,$D4#lo - -.Long_tail: - vld4.32 {${R0}[1],${R1}[1],${S1}[1],${R2}[1]},[$tbl1]! @ load r^1 - vld4.32 {${R0}[0],${R1}[0],${S1}[0],${R2}[0]},[$tbl0]! @ load r^2 - - vadd.i32 $H2#lo,$H2#lo,$D2#lo @ can be redundant - vmull.u32 $D2,$H2#hi,$R0 - vadd.i32 $H0#lo,$H0#lo,$D0#lo - vmull.u32 $D0,$H0#hi,$R0 - vadd.i32 $H3#lo,$H3#lo,$D3#lo - vmull.u32 $D3,$H3#hi,$R0 - vadd.i32 $H1#lo,$H1#lo,$D1#lo - vmull.u32 $D1,$H1#hi,$R0 - vadd.i32 $H4#lo,$H4#lo,$D4#lo - vmull.u32 $D4,$H4#hi,$R0 - - vmlal.u32 $D0,$H4#hi,$S1 - vld4.32 {${S2}[1],${R3}[1],${S3}[1],${R4}[1]},[$tbl1]! - vmlal.u32 $D3,$H2#hi,$R1 - vld4.32 {${S2}[0],${R3}[0],${S3}[0],${R4}[0]},[$tbl0]! - vmlal.u32 $D1,$H0#hi,$R1 - vmlal.u32 $D4,$H3#hi,$R1 - vmlal.u32 $D2,$H1#hi,$R1 - - vmlal.u32 $D3,$H1#hi,$R2 - vld1.32 ${S4}[1],[$tbl1,:32] - vmlal.u32 $D0,$H3#hi,$S2 - vld1.32 ${S4}[0],[$tbl0,:32] - vmlal.u32 $D4,$H2#hi,$R2 - vmlal.u32 $D1,$H4#hi,$S2 - vmlal.u32 $D2,$H0#hi,$R2 - - vmlal.u32 $D3,$H0#hi,$R3 - it ne - addne $tbl1,$ctx,#(48+2*9*4) - vmlal.u32 $D0,$H2#hi,$S3 - it ne - addne $tbl0,$ctx,#(48+3*9*4) - vmlal.u32 $D4,$H1#hi,$R3 - vmlal.u32 $D1,$H3#hi,$S3 - vmlal.u32 $D2,$H4#hi,$S3 - - vmlal.u32 $D3,$H4#hi,$S4 - vorn $MASK,$MASK,$MASK @ all-ones, can be redundant - vmlal.u32 $D0,$H1#hi,$S4 - vshr.u64 $MASK,$MASK,#38 - vmlal.u32 $D4,$H0#hi,$R4 - vmlal.u32 $D1,$H2#hi,$S4 - vmlal.u32 $D2,$H3#hi,$S4 - - beq .Lshort_tail - - @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ - @ (hash+inp[0:1])*r^4:r^3 and accumulate - - vld4.32 {${R0}[1],${R1}[1],${S1}[1],${R2}[1]},[$tbl1]! @ load r^3 - vld4.32 {${R0}[0],${R1}[0],${S1}[0],${R2}[0]},[$tbl0]! @ load r^4 - - vmlal.u32 $D2,$H2#lo,$R0 - vmlal.u32 $D0,$H0#lo,$R0 - vmlal.u32 $D3,$H3#lo,$R0 - vmlal.u32 $D1,$H1#lo,$R0 - vmlal.u32 $D4,$H4#lo,$R0 - - vmlal.u32 $D0,$H4#lo,$S1 - vld4.32 {${S2}[1],${R3}[1],${S3}[1],${R4}[1]},[$tbl1]! - vmlal.u32 $D3,$H2#lo,$R1 - vld4.32 {${S2}[0],${R3}[0],${S3}[0],${R4}[0]},[$tbl0]! - vmlal.u32 $D1,$H0#lo,$R1 - vmlal.u32 $D4,$H3#lo,$R1 - vmlal.u32 $D2,$H1#lo,$R1 - - vmlal.u32 $D3,$H1#lo,$R2 - vld1.32 ${S4}[1],[$tbl1,:32] - vmlal.u32 $D0,$H3#lo,$S2 - vld1.32 ${S4}[0],[$tbl0,:32] - vmlal.u32 $D4,$H2#lo,$R2 - vmlal.u32 $D1,$H4#lo,$S2 - vmlal.u32 $D2,$H0#lo,$R2 - - vmlal.u32 $D3,$H0#lo,$R3 - vmlal.u32 $D0,$H2#lo,$S3 - vmlal.u32 $D4,$H1#lo,$R3 - vmlal.u32 $D1,$H3#lo,$S3 - vmlal.u32 $D2,$H4#lo,$S3 - - vmlal.u32 $D3,$H4#lo,$S4 - vorn $MASK,$MASK,$MASK @ all-ones - vmlal.u32 $D0,$H1#lo,$S4 - vshr.u64 $MASK,$MASK,#38 - vmlal.u32 $D4,$H0#lo,$R4 - vmlal.u32 $D1,$H2#lo,$S4 - vmlal.u32 $D2,$H3#lo,$S4 - -.Lshort_tail: - @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ - @ horizontal addition - - vadd.i64 $D3#lo,$D3#lo,$D3#hi - vadd.i64 $D0#lo,$D0#lo,$D0#hi - vadd.i64 $D4#lo,$D4#lo,$D4#hi - vadd.i64 $D1#lo,$D1#lo,$D1#hi - vadd.i64 $D2#lo,$D2#lo,$D2#hi - - @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ - @ lazy reduction, but without narrowing - - vshr.u64 $T0,$D3,#26 - vand.i64 $D3,$D3,$MASK - vshr.u64 $T1,$D0,#26 - vand.i64 $D0,$D0,$MASK - vadd.i64 $D4,$D4,$T0 @ h3 -> h4 - vadd.i64 $D1,$D1,$T1 @ h0 -> h1 - - vshr.u64 $T0,$D4,#26 - vand.i64 $D4,$D4,$MASK - vshr.u64 $T1,$D1,#26 - vand.i64 $D1,$D1,$MASK - vadd.i64 $D2,$D2,$T1 @ h1 -> h2 - - vadd.i64 $D0,$D0,$T0 - vshl.u64 $T0,$T0,#2 - vshr.u64 $T1,$D2,#26 - vand.i64 $D2,$D2,$MASK - vadd.i64 $D0,$D0,$T0 @ h4 -> h0 - vadd.i64 $D3,$D3,$T1 @ h2 -> h3 - - vshr.u64 $T0,$D0,#26 - vand.i64 $D0,$D0,$MASK - vshr.u64 $T1,$D3,#26 - vand.i64 $D3,$D3,$MASK - vadd.i64 $D1,$D1,$T0 @ h0 -> h1 - vadd.i64 $D4,$D4,$T1 @ h3 -> h4 - - cmp $len,#0 - bne .Leven - - @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ - @ store hash value - - vst4.32 {$D0#lo[0],$D1#lo[0],$D2#lo[0],$D3#lo[0]},[$ctx]! - vst1.32 {$D4#lo[0]},[$ctx] - - vldmia sp!,{d8-d15} @ epilogue - ldmia sp!,{r4-r7} -.Lno_data_neon: - ret @ bx lr -.size poly1305_blocks_neon,.-poly1305_blocks_neon - -.type poly1305_emit_neon,%function -.align 5 -poly1305_emit_neon: -.Lpoly1305_emit_neon: - ldr ip,[$ctx,#36] @ is_base2_26 - - stmdb sp!,{r4-r11} - - tst ip,ip - beq .Lpoly1305_emit_enter - - ldmia $ctx,{$h0-$h4} - eor $g0,$g0,$g0 - - adds $h0,$h0,$h1,lsl#26 @ base 2^26 -> base 2^32 - mov $h1,$h1,lsr#6 - adcs $h1,$h1,$h2,lsl#20 - mov $h2,$h2,lsr#12 - adcs $h2,$h2,$h3,lsl#14 - mov $h3,$h3,lsr#18 - adcs $h3,$h3,$h4,lsl#8 - adc $h4,$g0,$h4,lsr#24 @ can be partially reduced ... - - and $g0,$h4,#-4 @ ... so reduce - and $h4,$h3,#3 - add $g0,$g0,$g0,lsr#2 @ *= 5 - adds $h0,$h0,$g0 - adcs $h1,$h1,#0 - adcs $h2,$h2,#0 - adcs $h3,$h3,#0 - adc $h4,$h4,#0 - - adds $g0,$h0,#5 @ compare to modulus - adcs $g1,$h1,#0 - adcs $g2,$h2,#0 - adcs $g3,$h3,#0 - adc $g4,$h4,#0 - tst $g4,#4 @ did it carry/borrow? - - it ne - movne $h0,$g0 - ldr $g0,[$nonce,#0] - it ne - movne $h1,$g1 - ldr $g1,[$nonce,#4] - it ne - movne $h2,$g2 - ldr $g2,[$nonce,#8] - it ne - movne $h3,$g3 - ldr $g3,[$nonce,#12] - - adds $h0,$h0,$g0 @ accumulate nonce - adcs $h1,$h1,$g1 - adcs $h2,$h2,$g2 - adc $h3,$h3,$g3 - -# ifdef __ARMEB__ - rev $h0,$h0 - rev $h1,$h1 - rev $h2,$h2 - rev $h3,$h3 -# endif - str $h0,[$mac,#0] @ store the result - str $h1,[$mac,#4] - str $h2,[$mac,#8] - str $h3,[$mac,#12] - - ldmia sp!,{r4-r11} - ret @ bx lr -.size poly1305_emit_neon,.-poly1305_emit_neon - -.align 5 -.Lzeros: -.long 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 -.LOPENSSL_armcap: -# ifdef _WIN32 -.word OPENSSL_armcap_P -# else -.word OPENSSL_armcap_P-.Lpoly1305_init -# endif -#endif -___ -} } -$code.=<<___; -.asciz "Poly1305 for ARMv4/NEON, CRYPTOGAMS by " -.align 2 -#if __ARM_MAX_ARCH__>=7 -.comm OPENSSL_armcap_P,4,4 -#endif -___ - -foreach (split("\n",$code)) { - s/\`([^\`]*)\`/eval $1/geo; - - s/\bq([0-9]+)#(lo|hi)/sprintf "d%d",2*$1+($2 eq "hi")/geo or - s/\bret\b/bx lr/go or - s/\bbx\s+lr\b/.word\t0xe12fff1e/go; # make it possible to compile with -march=armv4 - - print $_,"\n"; -} -close STDOUT or die "error closing STDOUT: $!"; # enforce flush diff --git a/crypto/poly1305/asm/poly1305-armv8.pl b/crypto/poly1305/asm/poly1305-armv8.pl deleted file mode 100755 index 113a2151b6fa142514231d4ca98a773c3766e2f3..0000000000000000000000000000000000000000 --- a/crypto/poly1305/asm/poly1305-armv8.pl +++ /dev/null @@ -1,947 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - -# -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# ==================================================================== -# -# This module implements Poly1305 hash for ARMv8. -# -# June 2015 -# -# Numbers are cycles per processed byte with poly1305_blocks alone. -# -# IALU/gcc-4.9 NEON -# -# Apple A7 1.86/+5% 0.72 -# Cortex-A53 2.69/+58% 1.47 -# Cortex-A57 2.70/+7% 1.14 -# Denver 1.64/+50% 1.18(*) -# X-Gene 2.13/+68% 2.27 -# Mongoose 1.77/+75% 1.12 -# Kryo 2.70/+55% 1.13 -# ThunderX2 1.17/+95% 1.36 -# -# (*) estimate based on resources availability is less than 1.0, -# i.e. measured result is worse than expected, presumably binary -# translator is not almighty; - -# $output is the last argument if it looks like a file (it has an extension) -# $flavour is the first argument if it doesn't look like a file -$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; -$flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef; - -$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; -( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or -( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or -die "can't locate arm-xlate.pl"; - -open OUT,"| \"$^X\" $xlate $flavour \"$output\"" - or die "can't call $xlate: $!"; -*STDOUT=*OUT; - -my ($ctx,$inp,$len,$padbit) = map("x$_",(0..3)); -my ($mac,$nonce)=($inp,$len); - -my ($h0,$h1,$h2,$r0,$r1,$s1,$t0,$t1,$d0,$d1,$d2) = map("x$_",(4..14)); - -$code.=<<___; -#include "arm_arch.h" - -.text - -// forward "declarations" are required for Apple -.extern OPENSSL_armcap_P -.hidden OPENSSL_armcap_P -.globl poly1305_init -.hidden poly1305_init -.globl poly1305_blocks -.hidden poly1305_blocks -.globl poly1305_emit -.hidden poly1305_emit - -.type poly1305_init,%function -.align 5 -poly1305_init: - cmp $inp,xzr - stp xzr,xzr,[$ctx] // zero hash value - stp xzr,xzr,[$ctx,#16] // [along with is_base2_26] - - csel x0,xzr,x0,eq - b.eq .Lno_key - - adrp x17,OPENSSL_armcap_P - ldr w17,[x17,#:lo12:OPENSSL_armcap_P] - - ldp $r0,$r1,[$inp] // load key - mov $s1,#0xfffffffc0fffffff - movk $s1,#0x0fff,lsl#48 -#ifdef __ARMEB__ - rev $r0,$r0 // flip bytes - rev $r1,$r1 -#endif - and $r0,$r0,$s1 // &=0ffffffc0fffffff - and $s1,$s1,#-4 - and $r1,$r1,$s1 // &=0ffffffc0ffffffc - stp $r0,$r1,[$ctx,#32] // save key value - - tst w17,#ARMV7_NEON - - adr $d0,.Lpoly1305_blocks - adr $r0,.Lpoly1305_blocks_neon - adr $d1,.Lpoly1305_emit - adr $r1,.Lpoly1305_emit_neon - - csel $d0,$d0,$r0,eq - csel $d1,$d1,$r1,eq - -#ifdef __ILP32__ - stp w12,w13,[$len] -#else - stp $d0,$d1,[$len] -#endif - - mov x0,#1 -.Lno_key: - ret -.size poly1305_init,.-poly1305_init - -.type poly1305_blocks,%function -.align 5 -poly1305_blocks: -.Lpoly1305_blocks: - ands $len,$len,#-16 - b.eq .Lno_data - - ldp $h0,$h1,[$ctx] // load hash value - ldp $r0,$r1,[$ctx,#32] // load key value - ldr $h2,[$ctx,#16] - add $s1,$r1,$r1,lsr#2 // s1 = r1 + (r1 >> 2) - b .Loop - -.align 5 -.Loop: - ldp $t0,$t1,[$inp],#16 // load input - sub $len,$len,#16 -#ifdef __ARMEB__ - rev $t0,$t0 - rev $t1,$t1 -#endif - adds $h0,$h0,$t0 // accumulate input - adcs $h1,$h1,$t1 - - mul $d0,$h0,$r0 // h0*r0 - adc $h2,$h2,$padbit - umulh $d1,$h0,$r0 - - mul $t0,$h1,$s1 // h1*5*r1 - umulh $t1,$h1,$s1 - - adds $d0,$d0,$t0 - mul $t0,$h0,$r1 // h0*r1 - adc $d1,$d1,$t1 - umulh $d2,$h0,$r1 - - adds $d1,$d1,$t0 - mul $t0,$h1,$r0 // h1*r0 - adc $d2,$d2,xzr - umulh $t1,$h1,$r0 - - adds $d1,$d1,$t0 - mul $t0,$h2,$s1 // h2*5*r1 - adc $d2,$d2,$t1 - mul $t1,$h2,$r0 // h2*r0 - - adds $d1,$d1,$t0 - adc $d2,$d2,$t1 - - and $t0,$d2,#-4 // final reduction - and $h2,$d2,#3 - add $t0,$t0,$d2,lsr#2 - adds $h0,$d0,$t0 - adcs $h1,$d1,xzr - adc $h2,$h2,xzr - - cbnz $len,.Loop - - stp $h0,$h1,[$ctx] // store hash value - str $h2,[$ctx,#16] - -.Lno_data: - ret -.size poly1305_blocks,.-poly1305_blocks - -.type poly1305_emit,%function -.align 5 -poly1305_emit: -.Lpoly1305_emit: - ldp $h0,$h1,[$ctx] // load hash base 2^64 - ldr $h2,[$ctx,#16] - ldp $t0,$t1,[$nonce] // load nonce - - adds $d0,$h0,#5 // compare to modulus - adcs $d1,$h1,xzr - adc $d2,$h2,xzr - - tst $d2,#-4 // see if it's carried/borrowed - - csel $h0,$h0,$d0,eq - csel $h1,$h1,$d1,eq - -#ifdef __ARMEB__ - ror $t0,$t0,#32 // flip nonce words - ror $t1,$t1,#32 -#endif - adds $h0,$h0,$t0 // accumulate nonce - adc $h1,$h1,$t1 -#ifdef __ARMEB__ - rev $h0,$h0 // flip output bytes - rev $h1,$h1 -#endif - stp $h0,$h1,[$mac] // write result - - ret -.size poly1305_emit,.-poly1305_emit -___ -my ($R0,$R1,$S1,$R2,$S2,$R3,$S3,$R4,$S4) = map("v$_.4s",(0..8)); -my ($IN01_0,$IN01_1,$IN01_2,$IN01_3,$IN01_4) = map("v$_.2s",(9..13)); -my ($IN23_0,$IN23_1,$IN23_2,$IN23_3,$IN23_4) = map("v$_.2s",(14..18)); -my ($ACC0,$ACC1,$ACC2,$ACC3,$ACC4) = map("v$_.2d",(19..23)); -my ($H0,$H1,$H2,$H3,$H4) = map("v$_.2s",(24..28)); -my ($T0,$T1,$MASK) = map("v$_",(29..31)); - -my ($in2,$zeros)=("x16","x17"); -my $is_base2_26 = $zeros; # borrow - -$code.=<<___; -.type poly1305_mult,%function -.align 5 -poly1305_mult: - mul $d0,$h0,$r0 // h0*r0 - umulh $d1,$h0,$r0 - - mul $t0,$h1,$s1 // h1*5*r1 - umulh $t1,$h1,$s1 - - adds $d0,$d0,$t0 - mul $t0,$h0,$r1 // h0*r1 - adc $d1,$d1,$t1 - umulh $d2,$h0,$r1 - - adds $d1,$d1,$t0 - mul $t0,$h1,$r0 // h1*r0 - adc $d2,$d2,xzr - umulh $t1,$h1,$r0 - - adds $d1,$d1,$t0 - mul $t0,$h2,$s1 // h2*5*r1 - adc $d2,$d2,$t1 - mul $t1,$h2,$r0 // h2*r0 - - adds $d1,$d1,$t0 - adc $d2,$d2,$t1 - - and $t0,$d2,#-4 // final reduction - and $h2,$d2,#3 - add $t0,$t0,$d2,lsr#2 - adds $h0,$d0,$t0 - adcs $h1,$d1,xzr - adc $h2,$h2,xzr - - ret -.size poly1305_mult,.-poly1305_mult - -.type poly1305_splat,%function -.align 5 -poly1305_splat: - and x12,$h0,#0x03ffffff // base 2^64 -> base 2^26 - ubfx x13,$h0,#26,#26 - extr x14,$h1,$h0,#52 - and x14,x14,#0x03ffffff - ubfx x15,$h1,#14,#26 - extr x16,$h2,$h1,#40 - - str w12,[$ctx,#16*0] // r0 - add w12,w13,w13,lsl#2 // r1*5 - str w13,[$ctx,#16*1] // r1 - add w13,w14,w14,lsl#2 // r2*5 - str w12,[$ctx,#16*2] // s1 - str w14,[$ctx,#16*3] // r2 - add w14,w15,w15,lsl#2 // r3*5 - str w13,[$ctx,#16*4] // s2 - str w15,[$ctx,#16*5] // r3 - add w15,w16,w16,lsl#2 // r4*5 - str w14,[$ctx,#16*6] // s3 - str w16,[$ctx,#16*7] // r4 - str w15,[$ctx,#16*8] // s4 - - ret -.size poly1305_splat,.-poly1305_splat - -.type poly1305_blocks_neon,%function -.align 5 -poly1305_blocks_neon: -.Lpoly1305_blocks_neon: - ldr $is_base2_26,[$ctx,#24] - cmp $len,#128 - b.hs .Lblocks_neon - cbz $is_base2_26,.Lpoly1305_blocks - -.Lblocks_neon: - .inst 0xd503233f // paciasp - stp x29,x30,[sp,#-80]! - add x29,sp,#0 - - ands $len,$len,#-16 - b.eq .Lno_data_neon - - cbz $is_base2_26,.Lbase2_64_neon - - ldp w10,w11,[$ctx] // load hash value base 2^26 - ldp w12,w13,[$ctx,#8] - ldr w14,[$ctx,#16] - - tst $len,#31 - b.eq .Leven_neon - - ldp $r0,$r1,[$ctx,#32] // load key value - - add $h0,x10,x11,lsl#26 // base 2^26 -> base 2^64 - lsr $h1,x12,#12 - adds $h0,$h0,x12,lsl#52 - add $h1,$h1,x13,lsl#14 - adc $h1,$h1,xzr - lsr $h2,x14,#24 - adds $h1,$h1,x14,lsl#40 - adc $d2,$h2,xzr // can be partially reduced... - - ldp $d0,$d1,[$inp],#16 // load input - sub $len,$len,#16 - add $s1,$r1,$r1,lsr#2 // s1 = r1 + (r1 >> 2) - - and $t0,$d2,#-4 // ... so reduce - and $h2,$d2,#3 - add $t0,$t0,$d2,lsr#2 - adds $h0,$h0,$t0 - adcs $h1,$h1,xzr - adc $h2,$h2,xzr - -#ifdef __ARMEB__ - rev $d0,$d0 - rev $d1,$d1 -#endif - adds $h0,$h0,$d0 // accumulate input - adcs $h1,$h1,$d1 - adc $h2,$h2,$padbit - - bl poly1305_mult - ldr x30,[sp,#8] - - cbz $padbit,.Lstore_base2_64_neon - - and x10,$h0,#0x03ffffff // base 2^64 -> base 2^26 - ubfx x11,$h0,#26,#26 - extr x12,$h1,$h0,#52 - and x12,x12,#0x03ffffff - ubfx x13,$h1,#14,#26 - extr x14,$h2,$h1,#40 - - cbnz $len,.Leven_neon - - stp w10,w11,[$ctx] // store hash value base 2^26 - stp w12,w13,[$ctx,#8] - str w14,[$ctx,#16] - b .Lno_data_neon - -.align 4 -.Lstore_base2_64_neon: - stp $h0,$h1,[$ctx] // store hash value base 2^64 - stp $h2,xzr,[$ctx,#16] // note that is_base2_26 is zeroed - b .Lno_data_neon - -.align 4 -.Lbase2_64_neon: - ldp $r0,$r1,[$ctx,#32] // load key value - - ldp $h0,$h1,[$ctx] // load hash value base 2^64 - ldr $h2,[$ctx,#16] - - tst $len,#31 - b.eq .Linit_neon - - ldp $d0,$d1,[$inp],#16 // load input - sub $len,$len,#16 - add $s1,$r1,$r1,lsr#2 // s1 = r1 + (r1 >> 2) -#ifdef __ARMEB__ - rev $d0,$d0 - rev $d1,$d1 -#endif - adds $h0,$h0,$d0 // accumulate input - adcs $h1,$h1,$d1 - adc $h2,$h2,$padbit - - bl poly1305_mult - -.Linit_neon: - and x10,$h0,#0x03ffffff // base 2^64 -> base 2^26 - ubfx x11,$h0,#26,#26 - extr x12,$h1,$h0,#52 - and x12,x12,#0x03ffffff - ubfx x13,$h1,#14,#26 - extr x14,$h2,$h1,#40 - - stp d8,d9,[sp,#16] // meet ABI requirements - stp d10,d11,[sp,#32] - stp d12,d13,[sp,#48] - stp d14,d15,[sp,#64] - - fmov ${H0},x10 - fmov ${H1},x11 - fmov ${H2},x12 - fmov ${H3},x13 - fmov ${H4},x14 - - ////////////////////////////////// initialize r^n table - mov $h0,$r0 // r^1 - add $s1,$r1,$r1,lsr#2 // s1 = r1 + (r1 >> 2) - mov $h1,$r1 - mov $h2,xzr - add $ctx,$ctx,#48+12 - bl poly1305_splat - - bl poly1305_mult // r^2 - sub $ctx,$ctx,#4 - bl poly1305_splat - - bl poly1305_mult // r^3 - sub $ctx,$ctx,#4 - bl poly1305_splat - - bl poly1305_mult // r^4 - sub $ctx,$ctx,#4 - bl poly1305_splat - ldr x30,[sp,#8] - - add $in2,$inp,#32 - adr $zeros,.Lzeros - subs $len,$len,#64 - csel $in2,$zeros,$in2,lo - - mov x4,#1 - stur x4,[$ctx,#-24] // set is_base2_26 - sub $ctx,$ctx,#48 // restore original $ctx - b .Ldo_neon - -.align 4 -.Leven_neon: - add $in2,$inp,#32 - adr $zeros,.Lzeros - subs $len,$len,#64 - csel $in2,$zeros,$in2,lo - - stp d8,d9,[sp,#16] // meet ABI requirements - stp d10,d11,[sp,#32] - stp d12,d13,[sp,#48] - stp d14,d15,[sp,#64] - - fmov ${H0},x10 - fmov ${H1},x11 - fmov ${H2},x12 - fmov ${H3},x13 - fmov ${H4},x14 - -.Ldo_neon: - ldp x8,x12,[$in2],#16 // inp[2:3] (or zero) - ldp x9,x13,[$in2],#48 - - lsl $padbit,$padbit,#24 - add x15,$ctx,#48 - -#ifdef __ARMEB__ - rev x8,x8 - rev x12,x12 - rev x9,x9 - rev x13,x13 -#endif - and x4,x8,#0x03ffffff // base 2^64 -> base 2^26 - and x5,x9,#0x03ffffff - ubfx x6,x8,#26,#26 - ubfx x7,x9,#26,#26 - add x4,x4,x5,lsl#32 // bfi x4,x5,#32,#32 - extr x8,x12,x8,#52 - extr x9,x13,x9,#52 - add x6,x6,x7,lsl#32 // bfi x6,x7,#32,#32 - fmov $IN23_0,x4 - and x8,x8,#0x03ffffff - and x9,x9,#0x03ffffff - ubfx x10,x12,#14,#26 - ubfx x11,x13,#14,#26 - add x12,$padbit,x12,lsr#40 - add x13,$padbit,x13,lsr#40 - add x8,x8,x9,lsl#32 // bfi x8,x9,#32,#32 - fmov $IN23_1,x6 - add x10,x10,x11,lsl#32 // bfi x10,x11,#32,#32 - add x12,x12,x13,lsl#32 // bfi x12,x13,#32,#32 - fmov $IN23_2,x8 - fmov $IN23_3,x10 - fmov $IN23_4,x12 - - ldp x8,x12,[$inp],#16 // inp[0:1] - ldp x9,x13,[$inp],#48 - - ld1 {$R0,$R1,$S1,$R2},[x15],#64 - ld1 {$S2,$R3,$S3,$R4},[x15],#64 - ld1 {$S4},[x15] - -#ifdef __ARMEB__ - rev x8,x8 - rev x12,x12 - rev x9,x9 - rev x13,x13 -#endif - and x4,x8,#0x03ffffff // base 2^64 -> base 2^26 - and x5,x9,#0x03ffffff - ubfx x6,x8,#26,#26 - ubfx x7,x9,#26,#26 - add x4,x4,x5,lsl#32 // bfi x4,x5,#32,#32 - extr x8,x12,x8,#52 - extr x9,x13,x9,#52 - add x6,x6,x7,lsl#32 // bfi x6,x7,#32,#32 - fmov $IN01_0,x4 - and x8,x8,#0x03ffffff - and x9,x9,#0x03ffffff - ubfx x10,x12,#14,#26 - ubfx x11,x13,#14,#26 - add x12,$padbit,x12,lsr#40 - add x13,$padbit,x13,lsr#40 - add x8,x8,x9,lsl#32 // bfi x8,x9,#32,#32 - fmov $IN01_1,x6 - add x10,x10,x11,lsl#32 // bfi x10,x11,#32,#32 - add x12,x12,x13,lsl#32 // bfi x12,x13,#32,#32 - movi $MASK.2d,#-1 - fmov $IN01_2,x8 - fmov $IN01_3,x10 - fmov $IN01_4,x12 - ushr $MASK.2d,$MASK.2d,#38 - - b.ls .Lskip_loop - -.align 4 -.Loop_neon: - //////////////////////////////////////////////////////////////// - // ((inp[0]*r^4+inp[2]*r^2+inp[4])*r^4+inp[6]*r^2 - // ((inp[1]*r^4+inp[3]*r^2+inp[5])*r^3+inp[7]*r - // \___________________/ - // ((inp[0]*r^4+inp[2]*r^2+inp[4])*r^4+inp[6]*r^2+inp[8])*r^2 - // ((inp[1]*r^4+inp[3]*r^2+inp[5])*r^4+inp[7]*r^2+inp[9])*r - // \___________________/ \____________________/ - // - // Note that we start with inp[2:3]*r^2. This is because it - // doesn't depend on reduction in previous iteration. - //////////////////////////////////////////////////////////////// - // d4 = h0*r4 + h1*r3 + h2*r2 + h3*r1 + h4*r0 - // d3 = h0*r3 + h1*r2 + h2*r1 + h3*r0 + h4*5*r4 - // d2 = h0*r2 + h1*r1 + h2*r0 + h3*5*r4 + h4*5*r3 - // d1 = h0*r1 + h1*r0 + h2*5*r4 + h3*5*r3 + h4*5*r2 - // d0 = h0*r0 + h1*5*r4 + h2*5*r3 + h3*5*r2 + h4*5*r1 - - subs $len,$len,#64 - umull $ACC4,$IN23_0,${R4}[2] - csel $in2,$zeros,$in2,lo - umull $ACC3,$IN23_0,${R3}[2] - umull $ACC2,$IN23_0,${R2}[2] - ldp x8,x12,[$in2],#16 // inp[2:3] (or zero) - umull $ACC1,$IN23_0,${R1}[2] - ldp x9,x13,[$in2],#48 - umull $ACC0,$IN23_0,${R0}[2] -#ifdef __ARMEB__ - rev x8,x8 - rev x12,x12 - rev x9,x9 - rev x13,x13 -#endif - - umlal $ACC4,$IN23_1,${R3}[2] - and x4,x8,#0x03ffffff // base 2^64 -> base 2^26 - umlal $ACC3,$IN23_1,${R2}[2] - and x5,x9,#0x03ffffff - umlal $ACC2,$IN23_1,${R1}[2] - ubfx x6,x8,#26,#26 - umlal $ACC1,$IN23_1,${R0}[2] - ubfx x7,x9,#26,#26 - umlal $ACC0,$IN23_1,${S4}[2] - add x4,x4,x5,lsl#32 // bfi x4,x5,#32,#32 - - umlal $ACC4,$IN23_2,${R2}[2] - extr x8,x12,x8,#52 - umlal $ACC3,$IN23_2,${R1}[2] - extr x9,x13,x9,#52 - umlal $ACC2,$IN23_2,${R0}[2] - add x6,x6,x7,lsl#32 // bfi x6,x7,#32,#32 - umlal $ACC1,$IN23_2,${S4}[2] - fmov $IN23_0,x4 - umlal $ACC0,$IN23_2,${S3}[2] - and x8,x8,#0x03ffffff - - umlal $ACC4,$IN23_3,${R1}[2] - and x9,x9,#0x03ffffff - umlal $ACC3,$IN23_3,${R0}[2] - ubfx x10,x12,#14,#26 - umlal $ACC2,$IN23_3,${S4}[2] - ubfx x11,x13,#14,#26 - umlal $ACC1,$IN23_3,${S3}[2] - add x8,x8,x9,lsl#32 // bfi x8,x9,#32,#32 - umlal $ACC0,$IN23_3,${S2}[2] - fmov $IN23_1,x6 - - add $IN01_2,$IN01_2,$H2 - add x12,$padbit,x12,lsr#40 - umlal $ACC4,$IN23_4,${R0}[2] - add x13,$padbit,x13,lsr#40 - umlal $ACC3,$IN23_4,${S4}[2] - add x10,x10,x11,lsl#32 // bfi x10,x11,#32,#32 - umlal $ACC2,$IN23_4,${S3}[2] - add x12,x12,x13,lsl#32 // bfi x12,x13,#32,#32 - umlal $ACC1,$IN23_4,${S2}[2] - fmov $IN23_2,x8 - umlal $ACC0,$IN23_4,${S1}[2] - fmov $IN23_3,x10 - - //////////////////////////////////////////////////////////////// - // (hash+inp[0:1])*r^4 and accumulate - - add $IN01_0,$IN01_0,$H0 - fmov $IN23_4,x12 - umlal $ACC3,$IN01_2,${R1}[0] - ldp x8,x12,[$inp],#16 // inp[0:1] - umlal $ACC0,$IN01_2,${S3}[0] - ldp x9,x13,[$inp],#48 - umlal $ACC4,$IN01_2,${R2}[0] - umlal $ACC1,$IN01_2,${S4}[0] - umlal $ACC2,$IN01_2,${R0}[0] -#ifdef __ARMEB__ - rev x8,x8 - rev x12,x12 - rev x9,x9 - rev x13,x13 -#endif - - add $IN01_1,$IN01_1,$H1 - umlal $ACC3,$IN01_0,${R3}[0] - umlal $ACC4,$IN01_0,${R4}[0] - and x4,x8,#0x03ffffff // base 2^64 -> base 2^26 - umlal $ACC2,$IN01_0,${R2}[0] - and x5,x9,#0x03ffffff - umlal $ACC0,$IN01_0,${R0}[0] - ubfx x6,x8,#26,#26 - umlal $ACC1,$IN01_0,${R1}[0] - ubfx x7,x9,#26,#26 - - add $IN01_3,$IN01_3,$H3 - add x4,x4,x5,lsl#32 // bfi x4,x5,#32,#32 - umlal $ACC3,$IN01_1,${R2}[0] - extr x8,x12,x8,#52 - umlal $ACC4,$IN01_1,${R3}[0] - extr x9,x13,x9,#52 - umlal $ACC0,$IN01_1,${S4}[0] - add x6,x6,x7,lsl#32 // bfi x6,x7,#32,#32 - umlal $ACC2,$IN01_1,${R1}[0] - fmov $IN01_0,x4 - umlal $ACC1,$IN01_1,${R0}[0] - and x8,x8,#0x03ffffff - - add $IN01_4,$IN01_4,$H4 - and x9,x9,#0x03ffffff - umlal $ACC3,$IN01_3,${R0}[0] - ubfx x10,x12,#14,#26 - umlal $ACC0,$IN01_3,${S2}[0] - ubfx x11,x13,#14,#26 - umlal $ACC4,$IN01_3,${R1}[0] - add x8,x8,x9,lsl#32 // bfi x8,x9,#32,#32 - umlal $ACC1,$IN01_3,${S3}[0] - fmov $IN01_1,x6 - umlal $ACC2,$IN01_3,${S4}[0] - add x12,$padbit,x12,lsr#40 - - umlal $ACC3,$IN01_4,${S4}[0] - add x13,$padbit,x13,lsr#40 - umlal $ACC0,$IN01_4,${S1}[0] - add x10,x10,x11,lsl#32 // bfi x10,x11,#32,#32 - umlal $ACC4,$IN01_4,${R0}[0] - add x12,x12,x13,lsl#32 // bfi x12,x13,#32,#32 - umlal $ACC1,$IN01_4,${S2}[0] - fmov $IN01_2,x8 - umlal $ACC2,$IN01_4,${S3}[0] - fmov $IN01_3,x10 - fmov $IN01_4,x12 - - ///////////////////////////////////////////////////////////////// - // lazy reduction as discussed in "NEON crypto" by D.J. Bernstein - // and P. Schwabe - // - // [see discussion in poly1305-armv4 module] - - ushr $T0.2d,$ACC3,#26 - xtn $H3,$ACC3 - ushr $T1.2d,$ACC0,#26 - and $ACC0,$ACC0,$MASK.2d - add $ACC4,$ACC4,$T0.2d // h3 -> h4 - bic $H3,#0xfc,lsl#24 // &=0x03ffffff - add $ACC1,$ACC1,$T1.2d // h0 -> h1 - - ushr $T0.2d,$ACC4,#26 - xtn $H4,$ACC4 - ushr $T1.2d,$ACC1,#26 - xtn $H1,$ACC1 - bic $H4,#0xfc,lsl#24 - add $ACC2,$ACC2,$T1.2d // h1 -> h2 - - add $ACC0,$ACC0,$T0.2d - shl $T0.2d,$T0.2d,#2 - shrn $T1.2s,$ACC2,#26 - xtn $H2,$ACC2 - add $ACC0,$ACC0,$T0.2d // h4 -> h0 - bic $H1,#0xfc,lsl#24 - add $H3,$H3,$T1.2s // h2 -> h3 - bic $H2,#0xfc,lsl#24 - - shrn $T0.2s,$ACC0,#26 - xtn $H0,$ACC0 - ushr $T1.2s,$H3,#26 - bic $H3,#0xfc,lsl#24 - bic $H0,#0xfc,lsl#24 - add $H1,$H1,$T0.2s // h0 -> h1 - add $H4,$H4,$T1.2s // h3 -> h4 - - b.hi .Loop_neon - -.Lskip_loop: - dup $IN23_2,${IN23_2}[0] - add $IN01_2,$IN01_2,$H2 - - //////////////////////////////////////////////////////////////// - // multiply (inp[0:1]+hash) or inp[2:3] by r^2:r^1 - - adds $len,$len,#32 - b.ne .Long_tail - - dup $IN23_2,${IN01_2}[0] - add $IN23_0,$IN01_0,$H0 - add $IN23_3,$IN01_3,$H3 - add $IN23_1,$IN01_1,$H1 - add $IN23_4,$IN01_4,$H4 - -.Long_tail: - dup $IN23_0,${IN23_0}[0] - umull2 $ACC0,$IN23_2,${S3} - umull2 $ACC3,$IN23_2,${R1} - umull2 $ACC4,$IN23_2,${R2} - umull2 $ACC2,$IN23_2,${R0} - umull2 $ACC1,$IN23_2,${S4} - - dup $IN23_1,${IN23_1}[0] - umlal2 $ACC0,$IN23_0,${R0} - umlal2 $ACC2,$IN23_0,${R2} - umlal2 $ACC3,$IN23_0,${R3} - umlal2 $ACC4,$IN23_0,${R4} - umlal2 $ACC1,$IN23_0,${R1} - - dup $IN23_3,${IN23_3}[0] - umlal2 $ACC0,$IN23_1,${S4} - umlal2 $ACC3,$IN23_1,${R2} - umlal2 $ACC2,$IN23_1,${R1} - umlal2 $ACC4,$IN23_1,${R3} - umlal2 $ACC1,$IN23_1,${R0} - - dup $IN23_4,${IN23_4}[0] - umlal2 $ACC3,$IN23_3,${R0} - umlal2 $ACC4,$IN23_3,${R1} - umlal2 $ACC0,$IN23_3,${S2} - umlal2 $ACC1,$IN23_3,${S3} - umlal2 $ACC2,$IN23_3,${S4} - - umlal2 $ACC3,$IN23_4,${S4} - umlal2 $ACC0,$IN23_4,${S1} - umlal2 $ACC4,$IN23_4,${R0} - umlal2 $ACC1,$IN23_4,${S2} - umlal2 $ACC2,$IN23_4,${S3} - - b.eq .Lshort_tail - - //////////////////////////////////////////////////////////////// - // (hash+inp[0:1])*r^4:r^3 and accumulate - - add $IN01_0,$IN01_0,$H0 - umlal $ACC3,$IN01_2,${R1} - umlal $ACC0,$IN01_2,${S3} - umlal $ACC4,$IN01_2,${R2} - umlal $ACC1,$IN01_2,${S4} - umlal $ACC2,$IN01_2,${R0} - - add $IN01_1,$IN01_1,$H1 - umlal $ACC3,$IN01_0,${R3} - umlal $ACC0,$IN01_0,${R0} - umlal $ACC4,$IN01_0,${R4} - umlal $ACC1,$IN01_0,${R1} - umlal $ACC2,$IN01_0,${R2} - - add $IN01_3,$IN01_3,$H3 - umlal $ACC3,$IN01_1,${R2} - umlal $ACC0,$IN01_1,${S4} - umlal $ACC4,$IN01_1,${R3} - umlal $ACC1,$IN01_1,${R0} - umlal $ACC2,$IN01_1,${R1} - - add $IN01_4,$IN01_4,$H4 - umlal $ACC3,$IN01_3,${R0} - umlal $ACC0,$IN01_3,${S2} - umlal $ACC4,$IN01_3,${R1} - umlal $ACC1,$IN01_3,${S3} - umlal $ACC2,$IN01_3,${S4} - - umlal $ACC3,$IN01_4,${S4} - umlal $ACC0,$IN01_4,${S1} - umlal $ACC4,$IN01_4,${R0} - umlal $ACC1,$IN01_4,${S2} - umlal $ACC2,$IN01_4,${S3} - -.Lshort_tail: - //////////////////////////////////////////////////////////////// - // horizontal add - - addp $ACC3,$ACC3,$ACC3 - ldp d8,d9,[sp,#16] // meet ABI requirements - addp $ACC0,$ACC0,$ACC0 - ldp d10,d11,[sp,#32] - addp $ACC4,$ACC4,$ACC4 - ldp d12,d13,[sp,#48] - addp $ACC1,$ACC1,$ACC1 - ldp d14,d15,[sp,#64] - addp $ACC2,$ACC2,$ACC2 - - //////////////////////////////////////////////////////////////// - // lazy reduction, but without narrowing - - ushr $T0.2d,$ACC3,#26 - and $ACC3,$ACC3,$MASK.2d - ushr $T1.2d,$ACC0,#26 - and $ACC0,$ACC0,$MASK.2d - - add $ACC4,$ACC4,$T0.2d // h3 -> h4 - add $ACC1,$ACC1,$T1.2d // h0 -> h1 - - ushr $T0.2d,$ACC4,#26 - and $ACC4,$ACC4,$MASK.2d - ushr $T1.2d,$ACC1,#26 - and $ACC1,$ACC1,$MASK.2d - add $ACC2,$ACC2,$T1.2d // h1 -> h2 - - add $ACC0,$ACC0,$T0.2d - shl $T0.2d,$T0.2d,#2 - ushr $T1.2d,$ACC2,#26 - and $ACC2,$ACC2,$MASK.2d - add $ACC0,$ACC0,$T0.2d // h4 -> h0 - add $ACC3,$ACC3,$T1.2d // h2 -> h3 - - ushr $T0.2d,$ACC0,#26 - and $ACC0,$ACC0,$MASK.2d - ushr $T1.2d,$ACC3,#26 - and $ACC3,$ACC3,$MASK.2d - add $ACC1,$ACC1,$T0.2d // h0 -> h1 - add $ACC4,$ACC4,$T1.2d // h3 -> h4 - - //////////////////////////////////////////////////////////////// - // write the result, can be partially reduced - - st4 {$ACC0,$ACC1,$ACC2,$ACC3}[0],[$ctx],#16 - st1 {$ACC4}[0],[$ctx] - -.Lno_data_neon: - ldr x29,[sp],#80 - .inst 0xd50323bf // autiasp - ret -.size poly1305_blocks_neon,.-poly1305_blocks_neon - -.type poly1305_emit_neon,%function -.align 5 -poly1305_emit_neon: -.Lpoly1305_emit_neon: - ldr $is_base2_26,[$ctx,#24] - cbz $is_base2_26,poly1305_emit - - ldp w10,w11,[$ctx] // load hash value base 2^26 - ldp w12,w13,[$ctx,#8] - ldr w14,[$ctx,#16] - - add $h0,x10,x11,lsl#26 // base 2^26 -> base 2^64 - lsr $h1,x12,#12 - adds $h0,$h0,x12,lsl#52 - add $h1,$h1,x13,lsl#14 - adc $h1,$h1,xzr - lsr $h2,x14,#24 - adds $h1,$h1,x14,lsl#40 - adc $h2,$h2,xzr // can be partially reduced... - - ldp $t0,$t1,[$nonce] // load nonce - - and $d0,$h2,#-4 // ... so reduce - add $d0,$d0,$h2,lsr#2 - and $h2,$h2,#3 - adds $h0,$h0,$d0 - adcs $h1,$h1,xzr - adc $h2,$h2,xzr - - adds $d0,$h0,#5 // compare to modulus - adcs $d1,$h1,xzr - adc $d2,$h2,xzr - - tst $d2,#-4 // see if it's carried/borrowed - - csel $h0,$h0,$d0,eq - csel $h1,$h1,$d1,eq - -#ifdef __ARMEB__ - ror $t0,$t0,#32 // flip nonce words - ror $t1,$t1,#32 -#endif - adds $h0,$h0,$t0 // accumulate nonce - adc $h1,$h1,$t1 -#ifdef __ARMEB__ - rev $h0,$h0 // flip output bytes - rev $h1,$h1 -#endif - stp $h0,$h1,[$mac] // write result - - ret -.size poly1305_emit_neon,.-poly1305_emit_neon - -.align 5 -.Lzeros: -.long 0,0,0,0,0,0,0,0 -.asciz "Poly1305 for ARMv8, CRYPTOGAMS by " -.align 2 -___ - -foreach (split("\n",$code)) { - s/\b(shrn\s+v[0-9]+)\.[24]d/$1.2s/ or - s/\b(fmov\s+)v([0-9]+)[^,]*,\s*x([0-9]+)/$1d$2,x$3/ or - (m/\bdup\b/ and (s/\.[24]s/.2d/g or 1)) or - (m/\b(eor|and)/ and (s/\.[248][sdh]/.16b/g or 1)) or - (m/\bum(ul|la)l\b/ and (s/\.4s/.2s/g or 1)) or - (m/\bum(ul|la)l2\b/ and (s/\.2s/.4s/g or 1)) or - (m/\bst[1-4]\s+{[^}]+}\[/ and (s/\.[24]d/.s/g or 1)); - - s/\.[124]([sd])\[/.$1\[/; - - print $_,"\n"; -} -close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/poly1305/asm/poly1305-c64xplus.pl b/crypto/poly1305/asm/poly1305-c64xplus.pl deleted file mode 100755 index 2bcdced7f45c667f4b45d58b74ce570a1978ab47..0000000000000000000000000000000000000000 --- a/crypto/poly1305/asm/poly1305-c64xplus.pl +++ /dev/null @@ -1,330 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - -# -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# ==================================================================== -# -# Poly1305 hash for C64x+. -# -# October 2015 -# -# Performance is [incredible for a 32-bit processor] 1.82 cycles per -# processed byte. Comparison to compiler-generated code is problematic, -# because results were observed to vary from 2.1 to 7.6 cpb depending -# on compiler's ability to inline small functions. Compiler also -# disables interrupts for some reason, thus making interrupt response -# time dependent on input length. This module on the other hand is free -# from such limitation. - -$output=pop and open STDOUT,">$output"; - -($CTXA,$INPB,$LEN,$PADBIT)=("A4","B4","A6","B6"); -($H0,$H1,$H2,$H3,$H4,$H4a)=("A8","B8","A10","B10","B2",$LEN); -($D0,$D1,$D2,$D3)= ("A9","B9","A11","B11"); -($R0,$R1,$R2,$R3,$S1,$S2,$S3,$S3b)=("A0","B0","A1","B1","A12","B12","A13","B13"); -($THREE,$R0b,$S2a)=("B7","B5","A5"); - -$code.=<<___; - .text - - .if .ASSEMBLER_VERSION<7000000 - .asg 0,__TI_EABI__ - .endif - .if __TI_EABI__ - .asg poly1305_init,_poly1305_init - .asg poly1305_blocks,_poly1305_blocks - .asg poly1305_emit,_poly1305_emit - .endif - - .asg B3,RA - .asg A15,FP - .asg B15,SP - - .if .LITTLE_ENDIAN - .asg MV,SWAP2 - .asg MV.L,SWAP4 - .endif - - .global _poly1305_init -_poly1305_init: - .asmfunc - LDNDW *${INPB}[0],B17:B16 ; load key material - LDNDW *${INPB}[1],A17:A16 - -|| ZERO B9:B8 -|| MVK -1,B0 - STDW B9:B8,*${CTXA}[0] ; initialize h1:h0 -|| SHRU B0,4,B0 ; 0x0fffffff -|| MVK -4,B1 - STDW B9:B8,*${CTXA}[1] ; initialize h3:h2 -|| AND B0,B1,B1 ; 0x0ffffffc - STW B8,*${CTXA}[4] ; initialize h4 - - .if .BIG_ENDIAN - SWAP2 B16,B17 -|| SWAP2 B17,B16 - SWAP2 A16,A17 -|| SWAP2 A17,A16 - SWAP4 B16,B16 -|| SWAP4 A16,A16 - SWAP4 B17,B17 -|| SWAP4 A17,A17 - .endif - - AND B16,B0,B20 ; r0 = key[0] & 0x0fffffff -|| AND B17,B1,B22 ; r1 = key[1] & 0x0ffffffc -|| EXTU B17,4,6,B16 ; r1>>2 - AND A16,B1,B21 ; r2 = key[2] & 0x0ffffffc -|| AND A17,B1,A23 ; r3 = key[3] & 0x0ffffffc -|| BNOP RA - SHRU B21,2,B18 -|| ADD B22,B16,B16 ; s1 = r1 + r1>>2 - - STDW B21:B20,*${CTXA}[3] ; save r2:r0 -|| ADD B21,B18,B18 ; s2 = r2 + r2>>2 -|| SHRU A23,2,B17 -|| MV A23,B23 - STDW B23:B22,*${CTXA}[4] ; save r3:r1 -|| ADD B23,B17,B19 ; s3 = r3 + r3>>2 -|| ADD B23,B17,B17 ; s3 = r3 + r3>>2 - STDW B17:B16,*${CTXA}[5] ; save s3:s1 - STDW B19:B18,*${CTXA}[6] ; save s3:s2 -|| ZERO A4 ; return 0 - .endasmfunc - - .global _poly1305_blocks - .align 32 -_poly1305_blocks: - .asmfunc stack_usage(40) - SHRU $LEN,4,A2 ; A2 is loop counter, number of blocks - [!A2] BNOP RA ; no data -|| [A2] STW FP,*SP--(40) ; save frame pointer and alloca(40) -|| [A2] MV SP,FP - [A2] STDW B13:B12,*SP[4] ; ABI says so -|| [A2] MV $CTXA,$S3b ; borrow $S3b - [A2] STDW B11:B10,*SP[3] -|| [A2] STDW A13:A12,*FP[-3] - [A2] STDW A11:A10,*FP[-4] - -|| [A2] LDDW *${S3b}[0],B25:B24 ; load h1:h0 - [A2] LDNW *${INPB}++[4],$D0 ; load inp[0] - [A2] LDNW *${INPB}[-3],$D1 ; load inp[1] - - LDDW *${CTXA}[1],B29:B28 ; load h3:h2, B28 is h2 - LDNW *${INPB}[-2],$D2 ; load inp[2] - LDNW *${INPB}[-1],$D3 ; load inp[3] - - LDDW *${CTXA}[3],$R2:$R0 ; load r2:r0 -|| LDDW *${S3b}[4],$R3:$R1 ; load r3:r1 -|| SWAP2 $D0,$D0 - - LDDW *${CTXA}[5],$S3:$S1 ; load s3:s1 -|| LDDW *${S3b}[6],$S3b:$S2 ; load s3:s2 -|| SWAP4 $D0,$D0 -|| SWAP2 $D1,$D1 - - ADDU $D0,B24,$D0:$H0 ; h0+=inp[0] -|| ADD $D0,B24,B27 ; B-copy of h0+inp[0] -|| SWAP4 $D1,$D1 - ADDU $D1,B25,$D1:$H1 ; h1+=inp[1] -|| MVK 3,$THREE -|| SWAP2 $D2,$D2 - LDW *${CTXA}[4],$H4 ; load h4 -|| SWAP4 $D2,$D2 -|| MV B29,B30 ; B30 is h3 - MV $R0,$R0b - -loop?: - MPY32U $H0,$R0,A17:A16 -|| MPY32U B27,$R1,B17:B16 ; MPY32U $H0,$R1,B17:B16 -|| ADDU $D0,$D1:$H1,B25:B24 ; ADDU $D0,$D1:$H1,$D1:$H1 -|| ADDU $D2,B28,$D2:$H2 ; h2+=inp[2] -|| SWAP2 $D3,$D3 - MPY32U $H0,$R2,A19:A18 -|| MPY32U B27,$R3,B19:B18 ; MPY32U $H0,$R3,B19:B18 -|| ADD $D0,$H1,A24 ; A-copy of B24 -|| SWAP4 $D3,$D3 -|| [A2] SUB A2,1,A2 ; decrement loop counter - - MPY32U A24,$S3,A21:A20 ; MPY32U $H1,$S3,A21:A20 -|| MPY32U B24,$R0b,B21:B20 ; MPY32U $H1,$R0,B21:B20 -|| ADDU B25,$D2:$H2,$D2:$H2 ; ADDU $D1,$D2:$H2,$D2:$H2 -|| ADDU $D3,B30,$D3:$H3 ; h3+=inp[3] -|| ADD B25,$H2,B25 ; B-copy of $H2 - MPY32U A24,$R1,A23:A22 ; MPY32U $H1,$R1,A23:A22 -|| MPY32U B24,$R2,B23:B22 ; MPY32U $H1,$R2,B23:B22 - - MPY32U $H2,$S2,A25:A24 -|| MPY32U B25,$S3b,B25:B24 ; MPY32U $H2,$S3,B25:B24 -|| ADDU $D2,$D3:$H3,$D3:$H3 -|| ADD $PADBIT,$H4,$H4 ; h4+=padbit - MPY32U $H2,$R0,A27:A26 -|| MPY32U $H2,$R1,B27:B26 -|| ADD $D3,$H4,$H4 -|| MV $S2,$S2a - - MPY32U $H3,$S1,A29:A28 -|| MPY32U $H3,$S2,B29:B28 -|| ADD A21,A17,A21 ; start accumulating "d3:d0" -|| ADD B21,B17,B21 -|| ADDU A20,A16,A17:A16 -|| ADDU B20,B16,B17:B16 -|| [A2] LDNW *${INPB}++[4],$D0 ; load inp[0] - MPY32U $H3,$S3,A31:A30 -|| MPY32U $H3,$R0b,B31:B30 -|| ADD A23,A19,A23 -|| ADD B23,B19,B23 -|| ADDU A22,A18,A19:A18 -|| ADDU B22,B18,B19:B18 -|| [A2] LDNW *${INPB}[-3],$D1 ; load inp[1] - - MPY32 $H4,$S1,B20 -|| MPY32 $H4,$S2a,A20 -|| ADD A25,A21,A21 -|| ADD B25,B21,B21 -|| ADDU A24,A17:A16,A17:A16 -|| ADDU B24,B17:B16,B17:B16 -|| [A2] LDNW *${INPB}[-2],$D2 ; load inp[2] - MPY32 $H4,$S3b,B22 -|| ADD A27,A23,A23 -|| ADD B27,B23,B23 -|| ADDU A26,A19:A18,A19:A18 -|| ADDU B26,B19:B18,B19:B18 -|| [A2] LDNW *${INPB}[-1],$D3 ; load inp[3] - - MPY32 $H4,$R0b,$H4 -|| ADD A29,A21,A21 ; final hi("d0") -|| ADD B29,B21,B21 ; final hi("d1") -|| ADDU A28,A17:A16,A17:A16 ; final lo("d0") -|| ADDU B28,B17:B16,B17:B16 - ADD A31,A23,A23 ; final hi("d2") -|| ADD B31,B23,B23 ; final hi("d3") -|| ADDU A30,A19:A18,A19:A18 -|| ADDU B30,B19:B18,B19:B18 - ADDU B20,B17:B16,B17:B16 ; final lo("d1") -|| ADDU A20,A19:A18,A19:A18 ; final lo("d2") - ADDU B22,B19:B18,B19:B18 ; final lo("d3") - -|| ADD A17,A21,A21 ; "flatten" "d3:d0" - MV A19,B29 ; move to avoid cross-path stalls - ADDU A21,B17:B16,B27:B26 ; B26 is h1 - ADD B21,B27,B27 -|| DMV B29,A18,B29:B28 ; move to avoid cross-path stalls - ADDU B27,B29:B28,B29:B28 ; B28 is h2 -|| [A2] SWAP2 $D0,$D0 - ADD A23,B29,B29 -|| [A2] SWAP4 $D0,$D0 - ADDU B29,B19:B18,B31:B30 ; B30 is h3 - ADD B23,B31,B31 -|| MV A16,B24 ; B24 is h0 -|| [A2] SWAP2 $D1,$D1 - ADD B31,$H4,$H4 -|| [A2] SWAP4 $D1,$D1 - - SHRU $H4,2,B16 ; last reduction step -|| AND $H4,$THREE,$H4 - ADDAW B16,B16,B16 ; 5*(h4>>2) -|| [A2] BNOP loop? - - ADDU B24,B16,B25:B24 ; B24 is h0 -|| [A2] SWAP2 $D2,$D2 - ADDU B26,B25,B27:B26 ; B26 is h1 -|| [A2] SWAP4 $D2,$D2 - ADDU B28,B27,B29:B28 ; B28 is h2 -|| [A2] ADDU $D0,B24,$D0:$H0 ; h0+=inp[0] -|| [A2] ADD $D0,B24,B27 ; B-copy of h0+inp[0] - ADDU B30,B29,B31:B30 ; B30 is h3 - ADD B31,$H4,$H4 -|| [A2] ADDU $D1,B26,$D1:$H1 ; h1+=inp[1] -;;===== branch to loop? is taken here - - LDDW *FP[-4],A11:A10 ; ABI says so - LDDW *FP[-3],A13:A12 -|| LDDW *SP[3],B11:B10 - LDDW *SP[4],B13:B12 -|| MV B26,B25 -|| BNOP RA - LDW *++SP(40),FP ; restore frame pointer -|| MV B30,B29 - STDW B25:B24,*${CTXA}[0] ; save h1:h0 - STDW B29:B28,*${CTXA}[1] ; save h3:h2 - STW $H4,*${CTXA}[4] ; save h4 - NOP 1 - .endasmfunc -___ -{ -my ($MAC,$NONCEA,$NONCEB)=($INPB,$LEN,$PADBIT); - -$code.=<<___; - .global _poly1305_emit - .align 32 -_poly1305_emit: - .asmfunc - LDDW *${CTXA}[0],A17:A16 ; load h1:h0 - LDDW *${CTXA}[1],A19:A18 ; load h3:h2 - LDW *${CTXA}[4],A20 ; load h4 - MV $NONCEA,$NONCEB - - MVK 5,A22 ; compare to modulus - ADDU A16,A22,A23:A22 -|| LDW *${NONCEA}[0],A8 -|| LDW *${NONCEB}[1],B8 - ADDU A17,A23,A25:A24 -|| LDW *${NONCEA}[2],A9 -|| LDW *${NONCEB}[3],B9 - ADDU A19,A25,A27:A26 - ADDU A19,A27,A29:A28 - ADD A20,A29,A29 - - SHRU A29,2,A2 ; check for overflow in 130-th bit - - [A2] MV A22,A16 ; select -|| [A2] MV A24,A17 - [A2] MV A26,A18 -|| [A2] MV A28,A19 - -|| ADDU A8,A16,A23:A22 ; accumulate nonce - ADDU B8,A17,A25:A24 -|| SWAP2 A22,A22 - ADDU A23,A25:A24,A25:A24 - ADDU A9,A18,A27:A26 -|| SWAP2 A24,A24 - ADDU A25,A27:A26,A27:A26 -|| ADD B9,A19,A28 - ADD A27,A28,A28 -|| SWAP2 A26,A26 - - .if .BIG_ENDIAN - SWAP2 A28,A28 -|| SWAP4 A22,A22 -|| SWAP4 A24,B24 - SWAP4 A26,A26 - SWAP4 A28,A28 -|| MV B24,A24 - .endif - - BNOP RA,1 - STNW A22,*${MAC}[0] ; write the result - STNW A24,*${MAC}[1] - STNW A26,*${MAC}[2] - STNW A28,*${MAC}[3] - .endasmfunc -___ -} -$code.=<<___; - .sect .const - .cstring "Poly1305 for C64x+, CRYPTOGAMS by " - .align 4 -___ - -print $code; diff --git a/crypto/poly1305/asm/poly1305-ia64.S b/crypto/poly1305/asm/poly1305-ia64.S deleted file mode 100644 index 54d6454f0322e4c3e007d41b229bd4ed5c11a6a3..0000000000000000000000000000000000000000 --- a/crypto/poly1305/asm/poly1305-ia64.S +++ /dev/null @@ -1,365 +0,0 @@ -// ==================================================================== -// Written by Andy Polyakov, @dot-asm, initially for use in the OpenSSL -// project. -// ==================================================================== -// -// Poly1305 for Itanium. -// -// January 2019 -// -// Performance was reported to be ~2.1 cycles per byte on Itanium 2. -// With exception for processors in 95xx family, which have higher -// floating-point instructions' latencies and deliver ~2.6 cpb. -// Comparison to compiler-generated code is not exactly fair, because -// of different radixes. But just for reference, it was observed to be -// >3x faster. Originally it was argued that floating-point base 2^32 -// implementation would be optimal. Upon closer look estimate for below -// integer base 2^64 implementation turned to be approximately same on -// Itanium 2. But floating-point code would be larger, and have higher -// overhead, which would negatively affect small-block performance... - -#if defined(_HPUX_SOURCE) -# if !defined(_LP64) -# define ADDP addp4 -# else -# define ADDP add -# endif -# define RUM rum -# define SUM sum -#else -# define ADDP add -# define RUM nop -# define SUM nop -#endif - -.text -.explicit - -.global poly1305_init# -.proc poly1305_init# -.align 64 -poly1305_init: - .prologue - .save ar.pfs,r2 -{ .mmi; alloc r2=ar.pfs,2,0,0,0 - cmp.eq p6,p7=0,r33 } // key == NULL? -{ .mmi; ADDP r9=8,r32 - ADDP r10=16,r32 - ADDP r32=0,r32 };; - .body -{ .mmi; st8 [r32]=r0,24 // ctx->h0 = 0 - st8 [r9]=r0 // ctx->h1 = 0 -(p7) ADDP r8=0,r33 } -{ .mib; st8 [r10]=r0 // ctx->h2 = 0 -(p6) mov r8=0 -(p6) br.ret.spnt b0 };; - -{ .mmi; ADDP r9=1,r33 - ADDP r10=2,r33 - ADDP r11=3,r33 };; -{ .mmi; ld1 r16=[r8],4 // load key, little-endian - ld1 r17=[r9],4 } -{ .mmi; ld1 r18=[r10],4 - ld1 r19=[r11],4 };; -{ .mmi; ld1 r20=[r8],4 - ld1 r21=[r9],4 } -{ .mmi; ld1 r22=[r10],4 - ld1 r23=[r11],4 - and r19=15,r19 };; -{ .mmi; ld1 r24=[r8],4 - ld1 r25=[r9],4 - and r20=-4,r20 } -{ .mmi; ld1 r26=[r10],4 - ld1 r27=[r11],4 - and r23=15,r23 };; -{ .mmi; ld1 r28=[r8],4 - ld1 r29=[r9],4 - and r24=-4,r24 } -{ .mmi; ld1 r30=[r10],4 - ld1 r31=[r11],4 - and r27=15,r27 };; - -{ .mii; and r28=-4,r28 - dep r16=r17,r16,8,8 - dep r18=r19,r18,8,8 };; -{ .mii; and r31=15,r31 - dep r16=r18,r16,16,16 - dep r20=r21,r20,8,8 };; -{ .mii; dep r16=r20,r16,32,16 - dep r22=r23,r22,8,8 };; -{ .mii; dep r16=r22,r16,48,16 - dep r24=r25,r24,8,8 };; -{ .mii; dep r26=r27,r26,8,8 - dep r28=r29,r28,8,8 };; -{ .mii; dep r24=r26,r24,16,16 - dep r30=r31,r30,8,8 };; -{ .mii; st8 [r32]=r16,8 // ctx->r0 - dep r24=r28,r24,32,16;; - dep r24=r30,r24,48,16 };; -{ .mii; st8 [r32]=r24,8 // ctx->r1 - shr.u r25=r24,2;; - add r25=r25,r24 };; -{ .mib; st8 [r32]=r25 // ctx->s1 - mov r8=0 - br.ret.sptk b0 };; -.endp poly1305_init# - -h0=r17; h1=r18; h2=r19; -i0=r20; i1=r21; -HF0=f8; HF1=f9; HF2=f10; -RF0=f11; RF1=f12; SF1=f13; - -.global poly1305_blocks# -.proc poly1305_blocks# -.align 64 -poly1305_blocks: - .prologue - .save ar.pfs,r2 -{ .mii; alloc r2=ar.pfs,4,1,0,0 - .save ar.lc,r3 - mov r3=ar.lc - .save pr,r36 - mov r36=pr } - - .body -{ .mmi; ADDP r8=0,r32 - ADDP r9=8,r32 - and r29=7,r33 };; -{ .mmi; ld8 h0=[r8],16 - ld8 h1=[r9],16 - and r33=-8,r33 };; -{ .mmi; ld8 h2=[r8],16 - ldf8 RF0=[r9],16 - shr.u r34=r34,4 };; -{ .mmi; ldf8 RF1=[r8],-32 - ldf8 SF1=[r9],-32 - cmp.ltu p16,p17=1,r34 };; -{ .mmi; -(p16) add r34=-2,r34 -(p17) mov r34=0 - ADDP r10=0,r33 } -{ .mii; ADDP r11=8,r33 -(p16) mov ar.ec=2 -(p17) mov ar.ec=1 };; -{ .mib; RUM 1<<1 // go little-endian - mov ar.lc=r34 - brp.loop.imp .Loop,.Lcend-16 } - -{ .mmi; cmp.eq p8,p7=0,r29 - cmp.eq p9,p0=1,r29 - cmp.eq p10,p0=2,r29 } -{ .mmi; cmp.eq p11,p0=3,r29 - cmp.eq p12,p0=4,r29 - cmp.eq p13,p0=5,r29 } -{ .mmi; cmp.eq p14,p0=6,r29 - cmp.eq p15,p0=7,r29 - add r16=16,r10 };; - -{ .mmb; -(p8) ld8 i0=[r10],16 // aligned input -(p8) ld8 i1=[r11],16 -(p8) br.cond.sptk .Loop };; - - // align first block - .pred.rel "mutex",p8,p9,p10,p11,p12,p13,p14,p15 -{ .mmi; (p7) ld8 r14=[r10],24 - (p7) ld8 r15=[r11],24 } - -{ .mii; (p7) ld8 r16=[r16] - nop.i 0;; - (p15) shrp i0=r15,r14,56 } -{ .mii; (p15) shrp i1=r16,r15,56 - (p14) shrp i0=r15,r14,48 } -{ .mii; (p14) shrp i1=r16,r15,48 - (p13) shrp i0=r15,r14,40 } -{ .mii; (p13) shrp i1=r16,r15,40 - (p12) shrp i0=r15,r14,32 } -{ .mii; (p12) shrp i1=r16,r15,32 - (p11) shrp i0=r15,r14,24 } -{ .mii; (p11) shrp i1=r16,r15,24 - (p10) shrp i0=r15,r14,16 } -{ .mii; (p10) shrp i1=r16,r15,16 - (p9) shrp i0=r15,r14,8 } -{ .mii; (p9) shrp i1=r16,r15,8 - mov r14=r16 };; - -.Loop: - .pred.rel "mutex",p8,p9,p10,p11,p12,p13,p14,p15 -{ .mmi; add h0=h0,i0 - add h1=h1,i1 - add h2=h2,r35 };; -{ .mmi; setf.sig HF0=h0 - cmp.ltu p6,p0=h0,i0 - cmp.ltu p7,p0=h1,i1 };; -{ .mmi; (p6) add h1=1,h1;; - setf.sig HF1=h1 - (p6) cmp.eq.or p7,p0=0,h1 };; -{ .mmi; (p7) add h2=1,h2;; - setf.sig HF2=h2 };; - -{ .mfi; (p16) ld8 r15=[r10],16 - xmpy.lu f32=HF0,RF0 } -{ .mfi; (p16) ld8 r16=[r11],16 - xmpy.hu f33=HF0,RF0 } -{ .mfi; xmpy.lu f36=HF0,RF1 } -{ .mfi; xmpy.hu f37=HF0,RF1 };; -{ .mfi; xmpy.lu f34=HF1,SF1 - (p15) shrp i0=r15,r14,56 } -{ .mfi; xmpy.hu f35=HF1,SF1 } -{ .mfi; xmpy.lu f38=HF1,RF0 - (p15) shrp i1=r16,r15,56 } -{ .mfi; xmpy.hu f39=HF1,RF0 } -{ .mfi; xmpy.lu f40=HF2,SF1 - (p14) shrp i0=r15,r14,48 } -{ .mfi; xmpy.lu f41=HF2,RF0 };; - -{ .mmi; getf.sig r22=f32 - getf.sig r23=f33 - (p14) shrp i1=r16,r15,48 } -{ .mmi; getf.sig r24=f34 - getf.sig r25=f35 - (p13) shrp i0=r15,r14,40 } -{ .mmi; getf.sig r26=f36 - getf.sig r27=f37 - (p13) shrp i1=r16,r15,40 } -{ .mmi; getf.sig r28=f38 - getf.sig r29=f39 - (p12) shrp i0=r15,r14,32 } -{ .mmi; getf.sig r30=f40 - getf.sig r31=f41 };; - -{ .mmi; add h0=r22,r24 - add r23=r23,r25 - (p12) shrp i1=r16,r15,32 } -{ .mmi; add h1=r26,r28 - add r27=r27,r29 - (p11) shrp i0=r15,r14,24 };; -{ .mmi; cmp.ltu p6,p0=h0,r24 - cmp.ltu p7,p0=h1,r28 - add r23=r23,r30 };; -{ .mmi; (p6) add r23=1,r23 - (p7) add r27=1,r27 - (p11) shrp i1=r16,r15,24 };; -{ .mmi; add h1=h1,r23;; - cmp.ltu p6,p7=h1,r23 - (p10) shrp i0=r15,r14,16 };; -{ .mmi; (p6) add h2=r31,r27,1 - (p7) add h2=r31,r27 - (p10) shrp i1=r16,r15,16 };; - -{ .mmi; (p8) mov i0=r15 - and r22=-4,h2 - shr.u r23=h2,2 };; -{ .mmi; add r22=r22,r23 - and h2=3,h2 - (p9) shrp i0=r15,r14,8 };; - -{ .mmi; add h0=h0,r22;; - cmp.ltu p6,p0=h0,r22 - (p9) shrp i1=r16,r15,8 };; -{ .mmi; (p8) mov i1=r16 - (p6) cmp.eq.unc p7,p0=-1,h1 - (p6) add h1=1,h1 };; -{ .mmb; (p7) add h2=1,h2 - mov r14=r16 - br.ctop.sptk .Loop };; -.Lcend: - -{ .mii; SUM 1<<1 // back to big-endian - mov ar.lc=r3 };; - -{ .mmi; st8 [r8]=h0,16 - st8 [r9]=h1 - mov pr=r36,0x1ffff };; -{ .mmb; st8 [r8]=h2 - rum 1<<5 - br.ret.sptk b0 };; -.endp poly1305_blocks# - -.global poly1305_emit# -.proc poly1305_emit# -.align 64 -poly1305_emit: - .prologue - .save ar.pfs,r2 -{ .mmi; alloc r2=ar.pfs,3,0,0,0 - ADDP r8=0,r32 - ADDP r9=8,r32 };; - - .body -{ .mmi; ld8 r16=[r8],16 // load hash - ld8 r17=[r9] - ADDP r10=0,r34 };; -{ .mmi; ld8 r18=[r8] - ld4 r24=[r10],8 // load nonce - ADDP r11=4,r34 };; - -{ .mmi; ld4 r25=[r11],8 - ld4 r26=[r10] - add r20=5,r16 };; - -{ .mmi; ld4 r27=[r11] - cmp.ltu p6,p7=r20,r16 - shl r25=r25,32 };; -{ .mmi; -(p6) add r21=1,r17 -(p7) add r21=0,r17 -(p6) cmp.eq.or.andcm p6,p7=-1,r17 };; -{ .mmi; -(p6) add r22=1,r18 -(p7) add r22=0,r18 - shl r27=r27,32 };; -{ .mmi; or r24=r24,r25 - or r26=r26,r27 - cmp.leu p6,p7=4,r22 };; -{ .mmi; -(p6) add r16=r20,r24 -(p7) add r16=r16,r24 -(p6) add r17=r21,r26 };; -{ .mii; -(p7) add r17=r17,r26 - cmp.ltu p6,p7=r16,r24;; -(p6) add r17=1,r17 };; - -{ .mmi; ADDP r8=0,r33 - ADDP r9=4,r33 - shr.u r20=r16,32 } -{ .mmi; ADDP r10=8,r33 - ADDP r11=12,r33 - shr.u r21=r17,32 };; - -{ .mmi; st1 [r8]=r16,1 // write mac, little-endian - st1 [r9]=r20,1 - shr.u r16=r16,8 } -{ .mii; st1 [r10]=r17,1 - shr.u r20=r20,8 - shr.u r17=r17,8 } -{ .mmi; st1 [r11]=r21,1 - shr.u r21=r21,8 };; - -{ .mmi; st1 [r8]=r16,1 - st1 [r9]=r20,1 - shr.u r16=r16,8 } -{ .mii; st1 [r10]=r17,1 - shr.u r20=r20,8 - shr.u r17=r17,8 } -{ .mmi; st1 [r11]=r21,1 - shr.u r21=r21,8 };; - -{ .mmi; st1 [r8]=r16,1 - st1 [r9]=r20,1 - shr.u r16=r16,8 } -{ .mii; st1 [r10]=r17,1 - shr.u r20=r20,8 - shr.u r17=r17,8 } -{ .mmi; st1 [r11]=r21,1 - shr.u r21=r21,8 };; - -{ .mmi; st1 [r8]=r16 - st1 [r9]=r20 } -{ .mmb; st1 [r10]=r17 - st1 [r11]=r21 - br.ret.sptk b0 };; -.endp poly1305_emit# - -stringz "Poly1305 for IA64, CRYPTOGAMS by \@dot-asm" diff --git a/crypto/poly1305/asm/poly1305-mips.pl b/crypto/poly1305/asm/poly1305-mips.pl deleted file mode 100755 index 6c0b3292d07c1c707264271bea2cc40853d10259..0000000000000000000000000000000000000000 --- a/crypto/poly1305/asm/poly1305-mips.pl +++ /dev/null @@ -1,441 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - - -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# ==================================================================== - -# Poly1305 hash for MIPS64. -# -# May 2016 -# -# Numbers are cycles per processed byte with poly1305_blocks alone. -# -# IALU/gcc -# R1x000 5.64/+120% (big-endian) -# Octeon II 3.80/+280% (little-endian) - -###################################################################### -# There is a number of MIPS ABI in use, O32 and N32/64 are most -# widely used. Then there is a new contender: NUBI. It appears that if -# one picks the latter, it's possible to arrange code in ABI neutral -# manner. Therefore let's stick to NUBI register layout: -# -($zero,$at,$t0,$t1,$t2)=map("\$$_",(0..2,24,25)); -($a0,$a1,$a2,$a3,$a4,$a5,$a6,$a7)=map("\$$_",(4..11)); -($s0,$s1,$s2,$s3,$s4,$s5,$s6,$s7,$s8,$s9,$s10,$s11)=map("\$$_",(12..23)); -($gp,$tp,$sp,$fp,$ra)=map("\$$_",(3,28..31)); -# -# The return value is placed in $a0. Following coding rules facilitate -# interoperability: -# -# - never ever touch $tp, "thread pointer", former $gp [o32 can be -# excluded from the rule, because it's specified volatile]; -# - copy return value to $t0, former $v0 [or to $a0 if you're adapting -# old code]; -# - on O32 populate $a4-$a7 with 'lw $aN,4*N($sp)' if necessary; -# -# For reference here is register layout for N32/64 MIPS ABIs: -# -# ($zero,$at,$v0,$v1)=map("\$$_",(0..3)); -# ($a0,$a1,$a2,$a3,$a4,$a5,$a6,$a7)=map("\$$_",(4..11)); -# ($t0,$t1,$t2,$t3,$t8,$t9)=map("\$$_",(12..15,24,25)); -# ($s0,$s1,$s2,$s3,$s4,$s5,$s6,$s7)=map("\$$_",(16..23)); -# ($gp,$sp,$fp,$ra)=map("\$$_",(28..31)); -# -# -# -###################################################################### - -# $output is the last argument if it looks like a file (it has an extension) -# $flavour is the first argument if it doesn't look like a file -$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; -# supported flavours are o32,n32,64,nubi32,nubi64, default is o32 -$flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : "o32"; - -die "MIPS64 only" unless ($flavour =~ /64|n32/i); - -$v0 = ($flavour =~ /nubi/i) ? $a0 : $t0; -$SAVED_REGS_MASK = ($flavour =~ /nubi/i) ? "0x0003f000" : "0x00030000"; - -($ctx,$inp,$len,$padbit) = ($a0,$a1,$a2,$a3); -($in0,$in1,$tmp0,$tmp1,$tmp2,$tmp3,$tmp4) = ($a4,$a5,$a6,$a7,$at,$t0,$t1); - -$code.=<<___; -#include "mips_arch.h" - -#ifdef MIPSEB -# define MSB 0 -# define LSB 7 -#else -# define MSB 7 -# define LSB 0 -#endif - -.text -.set noat -.set noreorder - -.align 5 -.globl poly1305_init -.ent poly1305_init -poly1305_init: - .frame $sp,0,$ra - .set reorder - - sd $zero,0($ctx) - sd $zero,8($ctx) - sd $zero,16($ctx) - - beqz $inp,.Lno_key - -#if defined(_MIPS_ARCH_MIPS64R6) - ld $in0,0($inp) - ld $in1,8($inp) -#else - ldl $in0,0+MSB($inp) - ldl $in1,8+MSB($inp) - ldr $in0,0+LSB($inp) - ldr $in1,8+LSB($inp) -#endif -#ifdef MIPSEB -# if defined(_MIPS_ARCH_MIPS64R2) - dsbh $in0,$in0 # byte swap - dsbh $in1,$in1 - dshd $in0,$in0 - dshd $in1,$in1 -# else - ori $tmp0,$zero,0xFF - dsll $tmp2,$tmp0,32 - or $tmp0,$tmp2 # 0x000000FF000000FF - - and $tmp1,$in0,$tmp0 # byte swap - and $tmp3,$in1,$tmp0 - dsrl $tmp2,$in0,24 - dsrl $tmp4,$in1,24 - dsll $tmp1,24 - dsll $tmp3,24 - and $tmp2,$tmp0 - and $tmp4,$tmp0 - dsll $tmp0,8 # 0x0000FF000000FF00 - or $tmp1,$tmp2 - or $tmp3,$tmp4 - and $tmp2,$in0,$tmp0 - and $tmp4,$in1,$tmp0 - dsrl $in0,8 - dsrl $in1,8 - dsll $tmp2,8 - dsll $tmp4,8 - and $in0,$tmp0 - and $in1,$tmp0 - or $tmp1,$tmp2 - or $tmp3,$tmp4 - or $in0,$tmp1 - or $in1,$tmp3 - dsrl $tmp1,$in0,32 - dsrl $tmp3,$in1,32 - dsll $in0,32 - dsll $in1,32 - or $in0,$tmp1 - or $in1,$tmp3 -# endif -#endif - li $tmp0,1 - dsll $tmp0,32 - daddiu $tmp0,-63 - dsll $tmp0,28 - daddiu $tmp0,-1 # 0ffffffc0fffffff - - and $in0,$tmp0 - daddiu $tmp0,-3 # 0ffffffc0ffffffc - and $in1,$tmp0 - - sd $in0,24($ctx) - dsrl $tmp0,$in1,2 - sd $in1,32($ctx) - daddu $tmp0,$in1 # s1 = r1 + (r1 >> 2) - sd $tmp0,40($ctx) - -.Lno_key: - li $v0,0 # return 0 - jr $ra -.end poly1305_init -___ -{ -my ($h0,$h1,$h2,$r0,$r1,$s1,$d0,$d1,$d2) = - ($s0,$s1,$s2,$s3,$s4,$s5,$in0,$in1,$t2); - -$code.=<<___; -.align 5 -.globl poly1305_blocks -.ent poly1305_blocks -poly1305_blocks: - .set noreorder - dsrl $len,4 # number of complete blocks - bnez $len,poly1305_blocks_internal - nop - jr $ra - nop -.end poly1305_blocks - -.align 5 -.ent poly1305_blocks_internal -poly1305_blocks_internal: - .frame $sp,6*8,$ra - .mask $SAVED_REGS_MASK,-8 - .set noreorder - dsubu $sp,6*8 - sd $s5,40($sp) - sd $s4,32($sp) -___ -$code.=<<___ if ($flavour =~ /nubi/i); # optimize non-nubi prologue - sd $s3,24($sp) - sd $s2,16($sp) - sd $s1,8($sp) - sd $s0,0($sp) -___ -$code.=<<___; - .set reorder - - ld $h0,0($ctx) # load hash value - ld $h1,8($ctx) - ld $h2,16($ctx) - - ld $r0,24($ctx) # load key - ld $r1,32($ctx) - ld $s1,40($ctx) - -.Loop: -#if defined(_MIPS_ARCH_MIPS64R6) - ld $in0,0($inp) # load input - ld $in1,8($inp) -#else - ldl $in0,0+MSB($inp) # load input - ldl $in1,8+MSB($inp) - ldr $in0,0+LSB($inp) - ldr $in1,8+LSB($inp) -#endif - daddiu $len,-1 - daddiu $inp,16 -#ifdef MIPSEB -# if defined(_MIPS_ARCH_MIPS64R2) - dsbh $in0,$in0 # byte swap - dsbh $in1,$in1 - dshd $in0,$in0 - dshd $in1,$in1 -# else - ori $tmp0,$zero,0xFF - dsll $tmp2,$tmp0,32 - or $tmp0,$tmp2 # 0x000000FF000000FF - - and $tmp1,$in0,$tmp0 # byte swap - and $tmp3,$in1,$tmp0 - dsrl $tmp2,$in0,24 - dsrl $tmp4,$in1,24 - dsll $tmp1,24 - dsll $tmp3,24 - and $tmp2,$tmp0 - and $tmp4,$tmp0 - dsll $tmp0,8 # 0x0000FF000000FF00 - or $tmp1,$tmp2 - or $tmp3,$tmp4 - and $tmp2,$in0,$tmp0 - and $tmp4,$in1,$tmp0 - dsrl $in0,8 - dsrl $in1,8 - dsll $tmp2,8 - dsll $tmp4,8 - and $in0,$tmp0 - and $in1,$tmp0 - or $tmp1,$tmp2 - or $tmp3,$tmp4 - or $in0,$tmp1 - or $in1,$tmp3 - dsrl $tmp1,$in0,32 - dsrl $tmp3,$in1,32 - dsll $in0,32 - dsll $in1,32 - or $in0,$tmp1 - or $in1,$tmp3 -# endif -#endif - daddu $h0,$in0 # accumulate input - daddu $h1,$in1 - sltu $tmp0,$h0,$in0 - sltu $tmp1,$h1,$in1 - daddu $h1,$tmp0 - - dmultu ($r0,$h0) # h0*r0 - daddu $h2,$padbit - sltu $tmp0,$h1,$tmp0 - mflo ($d0,$r0,$h0) - mfhi ($d1,$r0,$h0) - - dmultu ($s1,$h1) # h1*5*r1 - daddu $tmp0,$tmp1 - daddu $h2,$tmp0 - mflo ($tmp0,$s1,$h1) - mfhi ($tmp1,$s1,$h1) - - dmultu ($r1,$h0) # h0*r1 - daddu $d0,$tmp0 - daddu $d1,$tmp1 - mflo ($tmp2,$r1,$h0) - mfhi ($d2,$r1,$h0) - sltu $tmp0,$d0,$tmp0 - daddu $d1,$tmp0 - - dmultu ($r0,$h1) # h1*r0 - daddu $d1,$tmp2 - sltu $tmp2,$d1,$tmp2 - mflo ($tmp0,$r0,$h1) - mfhi ($tmp1,$r0,$h1) - daddu $d2,$tmp2 - - dmultu ($s1,$h2) # h2*5*r1 - daddu $d1,$tmp0 - daddu $d2,$tmp1 - mflo ($tmp2,$s1,$h2) - - dmultu ($r0,$h2) # h2*r0 - sltu $tmp0,$d1,$tmp0 - daddu $d2,$tmp0 - mflo ($tmp3,$r0,$h2) - - daddu $d1,$tmp2 - daddu $d2,$tmp3 - sltu $tmp2,$d1,$tmp2 - daddu $d2,$tmp2 - - li $tmp0,-4 # final reduction - and $tmp0,$d2 - dsrl $tmp1,$d2,2 - andi $h2,$d2,3 - daddu $tmp0,$tmp1 - daddu $h0,$d0,$tmp0 - sltu $tmp0,$h0,$tmp0 - daddu $h1,$d1,$tmp0 - sltu $tmp0,$h1,$tmp0 - daddu $h2,$h2,$tmp0 - - bnez $len,.Loop - - sd $h0,0($ctx) # store hash value - sd $h1,8($ctx) - sd $h2,16($ctx) - - .set noreorder - ld $s5,40($sp) # epilogue - ld $s4,32($sp) -___ -$code.=<<___ if ($flavour =~ /nubi/i); # optimize non-nubi epilogue - ld $s3,24($sp) - ld $s2,16($sp) - ld $s1,8($sp) - ld $s0,0($sp) -___ -$code.=<<___; - jr $ra - daddu $sp,6*8 -.end poly1305_blocks_internal -___ -} -{ -my ($ctx,$mac,$nonce) = ($a0,$a1,$a2); - -$code.=<<___; -.align 5 -.globl poly1305_emit -.ent poly1305_emit -poly1305_emit: - .frame $sp,0,$ra - .set reorder - - ld $tmp0,0($ctx) - ld $tmp1,8($ctx) - ld $tmp2,16($ctx) - - daddiu $in0,$tmp0,5 # compare to modulus - sltiu $tmp3,$in0,5 - daddu $in1,$tmp1,$tmp3 - sltu $tmp3,$in1,$tmp3 - daddu $tmp2,$tmp2,$tmp3 - - dsrl $tmp2,2 # see if it carried/borrowed - dsubu $tmp2,$zero,$tmp2 - nor $tmp3,$zero,$tmp2 - - and $in0,$tmp2 - and $tmp0,$tmp3 - and $in1,$tmp2 - and $tmp1,$tmp3 - or $in0,$tmp0 - or $in1,$tmp1 - - lwu $tmp0,0($nonce) # load nonce - lwu $tmp1,4($nonce) - lwu $tmp2,8($nonce) - lwu $tmp3,12($nonce) - dsll $tmp1,32 - dsll $tmp3,32 - or $tmp0,$tmp1 - or $tmp2,$tmp3 - - daddu $in0,$tmp0 # accumulate nonce - daddu $in1,$tmp2 - sltu $tmp0,$in0,$tmp0 - daddu $in1,$tmp0 - - dsrl $tmp0,$in0,8 # write mac value - dsrl $tmp1,$in0,16 - dsrl $tmp2,$in0,24 - sb $in0,0($mac) - dsrl $tmp3,$in0,32 - sb $tmp0,1($mac) - dsrl $tmp0,$in0,40 - sb $tmp1,2($mac) - dsrl $tmp1,$in0,48 - sb $tmp2,3($mac) - dsrl $tmp2,$in0,56 - sb $tmp3,4($mac) - dsrl $tmp3,$in1,8 - sb $tmp0,5($mac) - dsrl $tmp0,$in1,16 - sb $tmp1,6($mac) - dsrl $tmp1,$in1,24 - sb $tmp2,7($mac) - - sb $in1,8($mac) - dsrl $tmp2,$in1,32 - sb $tmp3,9($mac) - dsrl $tmp3,$in1,40 - sb $tmp0,10($mac) - dsrl $tmp0,$in1,48 - sb $tmp1,11($mac) - dsrl $tmp1,$in1,56 - sb $tmp2,12($mac) - sb $tmp3,13($mac) - sb $tmp0,14($mac) - sb $tmp1,15($mac) - - jr $ra -.end poly1305_emit -.rdata -.asciiz "Poly1305 for MIPS64, CRYPTOGAMS by " -.align 2 -___ -} - -$output and open STDOUT,">$output"; -print $code; -close STDOUT or die "error closing STDOUT: $!"; - diff --git a/crypto/poly1305/asm/poly1305-ppc.pl b/crypto/poly1305/asm/poly1305-ppc.pl deleted file mode 100755 index 9f86134d923fba4d37d82203c5706761b72af062..0000000000000000000000000000000000000000 --- a/crypto/poly1305/asm/poly1305-ppc.pl +++ /dev/null @@ -1,1981 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - -# -# ==================================================================== -# Written by Andy Polyakov, @dot-asm, initially for use in the OpenSSL -# project. The module is dual licensed under OpenSSL and CRYPTOGAMS -# licenses depending on where you obtain it. For further details see -# https://github.com/dot-asm/cryptogams/. -# ==================================================================== -# -# This module implements Poly1305 hash for PowerPC. -# -# June 2015 -# -# Numbers are cycles per processed byte with poly1305_blocks alone, -# and improvement coefficients relative to gcc-generated code. -# -# -m32 -m64 -# -# Freescale e300 14.8/+80% - -# PPC74x0 7.60/+60% - -# PPC970 7.00/+114% 3.51/+205% -# POWER7 3.75/+260% 1.93/+100% -# POWER8 - 2.03/+200% -# POWER9 - 2.00/+150% -# -# Do we need floating-point implementation for PPC? Results presented -# in poly1305_ieee754.c are tricky to compare to, because they are for -# compiler-generated code. On the other hand it's known that floating- -# point performance can be dominated by FPU latency, which means that -# there is limit even for ideally optimized (and even vectorized) code. -# And this limit is estimated to be higher than above -m64 results. Or -# in other words floating-point implementation can be meaningful to -# consider only in 32-bit application context. We probably have to -# recognize that 32-bit builds are getting less popular on high-end -# systems and therefore tend to target embedded ones, which might not -# even have FPU... -# -# On side note, Power ISA 2.07 enables vector base 2^26 implementation, -# and POWER8 might have capacity to break 1.0 cycle per byte barrier... -# -# January 2019 -# -# ... Unfortunately not:-( Estimate was a projection of ARM result, -# but ARM has vector multiply-n-add instruction, while PowerISA does -# not, not one usable in the context. Improvement is ~40% over -m64 -# result above and is ~1.43 on little-endian systems. - -# $output is the last argument if it looks like a file (it has an extension) -# $flavour is the first argument if it doesn't look like a file -$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; -$flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef; - -if ($flavour =~ /64/) { - $SIZE_T =8; - $LRSAVE =2*$SIZE_T; - $UCMP ="cmpld"; - $STU ="stdu"; - $POP ="ld"; - $PUSH ="std"; -} elsif ($flavour =~ /32/) { - $SIZE_T =4; - $LRSAVE =$SIZE_T; - $UCMP ="cmplw"; - $STU ="stwu"; - $POP ="lwz"; - $PUSH ="stw"; -} else { die "nonsense $flavour"; } - -# Define endianness based on flavour -# i.e.: linux64le -$LITTLE_ENDIAN = ($flavour=~/le$/) ? $SIZE_T : 0; - -$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; -( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or -( $xlate="${dir}../../perlasm/ppc-xlate.pl" and -f $xlate) or -die "can't locate ppc-xlate.pl"; - -open STDOUT,"| $^X $xlate $flavour \"$output\"" - or die "can't call $xlate: $!"; - -$FRAME=24*$SIZE_T; - -$sp="r1"; -my ($ctx,$inp,$len,$padbit) = map("r$_",(3..6)); -my ($mac,$nonce)=($inp,$len); -my $mask = "r0"; - -$code=<<___; -.machine "any" -.text -___ - if ($flavour =~ /64/) { -############################################################################### -# base 2^64 implementation - -my ($h0,$h1,$h2,$d0,$d1,$d2, $r0,$r1,$s1, $t0,$t1) = map("r$_",(7..12,27..31)); - -$code.=<<___; -.globl .poly1305_init_int -.align 4 -.poly1305_init_int: - xor r0,r0,r0 - std r0,0($ctx) # zero hash value - std r0,8($ctx) - std r0,16($ctx) - stw r0,24($ctx) # clear is_base2_26 - - $UCMP $inp,r0 - beq- Lno_key -___ -$code.=<<___ if ($LITTLE_ENDIAN); - ld $d0,0($inp) # load key material - ld $d1,8($inp) -___ -$code.=<<___ if (!$LITTLE_ENDIAN); - li $h0,4 - lwbrx $d0,0,$inp # load key material - li $d1,8 - lwbrx $h0,$h0,$inp - li $h1,12 - lwbrx $d1,$d1,$inp - lwbrx $h1,$h1,$inp - insrdi $d0,$h0,32,0 - insrdi $d1,$h1,32,0 -___ -$code.=<<___; - lis $h1,0xfff # 0x0fff0000 - ori $h1,$h1,0xfffc # 0x0ffffffc - insrdi $h1,$h1,32,0 # 0x0ffffffc0ffffffc - ori $h0,$h1,3 # 0x0ffffffc0fffffff - - and $d0,$d0,$h0 - and $d1,$d1,$h1 - - std $d0,32($ctx) # store key - std $d1,40($ctx) - -Lno_key: - xor r3,r3,r3 - blr - .long 0 - .byte 0,12,0x14,0,0,0,2,0 -.size .poly1305_init_int,.-.poly1305_init_int - -.globl .poly1305_blocks -.align 4 -.poly1305_blocks: -Lpoly1305_blocks: - srdi. $len,$len,4 - beq- Labort - - $STU $sp,-$FRAME($sp) - mflr r0 - $PUSH r27,`$FRAME-$SIZE_T*5`($sp) - $PUSH r28,`$FRAME-$SIZE_T*4`($sp) - $PUSH r29,`$FRAME-$SIZE_T*3`($sp) - $PUSH r30,`$FRAME-$SIZE_T*2`($sp) - $PUSH r31,`$FRAME-$SIZE_T*1`($sp) - $PUSH r0,`$FRAME+$LRSAVE`($sp) - - ld $r0,32($ctx) # load key - ld $r1,40($ctx) - - ld $h0,0($ctx) # load hash value - ld $h1,8($ctx) - ld $h2,16($ctx) - - srdi $s1,$r1,2 - mtctr $len - add $s1,$s1,$r1 # s1 = r1 + r1>>2 - li $mask,3 - b Loop - -.align 4 -Loop: -___ -$code.=<<___ if ($LITTLE_ENDIAN); - ld $t0,0($inp) # load input - ld $t1,8($inp) -___ -$code.=<<___ if (!$LITTLE_ENDIAN); - li $d0,4 - lwbrx $t0,0,$inp # load input - li $t1,8 - lwbrx $d0,$d0,$inp - li $d1,12 - lwbrx $t1,$t1,$inp - lwbrx $d1,$d1,$inp - insrdi $t0,$d0,32,0 - insrdi $t1,$d1,32,0 -___ -$code.=<<___; - addi $inp,$inp,16 - - addc $h0,$h0,$t0 # accumulate input - adde $h1,$h1,$t1 - - mulld $d0,$h0,$r0 # h0*r0 - mulhdu $d1,$h0,$r0 - adde $h2,$h2,$padbit - - mulld $t0,$h1,$s1 # h1*5*r1 - mulhdu $t1,$h1,$s1 - addc $d0,$d0,$t0 - adde $d1,$d1,$t1 - - mulld $t0,$h0,$r1 # h0*r1 - mulhdu $d2,$h0,$r1 - addc $d1,$d1,$t0 - addze $d2,$d2 - - mulld $t0,$h1,$r0 # h1*r0 - mulhdu $t1,$h1,$r0 - addc $d1,$d1,$t0 - adde $d2,$d2,$t1 - - mulld $t0,$h2,$s1 # h2*5*r1 - mulld $t1,$h2,$r0 # h2*r0 - addc $d1,$d1,$t0 - adde $d2,$d2,$t1 - - andc $t0,$d2,$mask # final reduction step - and $h2,$d2,$mask - srdi $t1,$t0,2 - add $t0,$t0,$t1 - addc $h0,$d0,$t0 - addze $h1,$d1 - addze $h2,$h2 - - bdnz Loop - - std $h0,0($ctx) # store hash value - std $h1,8($ctx) - std $h2,16($ctx) - - $POP r27,`$FRAME-$SIZE_T*5`($sp) - $POP r28,`$FRAME-$SIZE_T*4`($sp) - $POP r29,`$FRAME-$SIZE_T*3`($sp) - $POP r30,`$FRAME-$SIZE_T*2`($sp) - $POP r31,`$FRAME-$SIZE_T*1`($sp) - addi $sp,$sp,$FRAME -Labort: - blr - .long 0 - .byte 0,12,4,1,0x80,5,4,0 -.size .poly1305_blocks,.-.poly1305_blocks -___ -{ -my ($h0,$h1,$h2,$h3,$h4,$t0) = map("r$_",(7..12)); - -$code.=<<___; -.globl .poly1305_emit -.align 5 -.poly1305_emit: - lwz $h0,0($ctx) # load hash value base 2^26 - lwz $h1,4($ctx) - lwz $h2,8($ctx) - lwz $h3,12($ctx) - lwz $h4,16($ctx) - lwz r0,24($ctx) # is_base2_26 - - sldi $h1,$h1,26 # base 2^26 -> base 2^64 - sldi $t0,$h2,52 - srdi $h2,$h2,12 - sldi $h3,$h3,14 - add $h0,$h0,$h1 - addc $h0,$h0,$t0 - sldi $t0,$h4,40 - srdi $h4,$h4,24 - adde $h1,$h2,$h3 - addc $h1,$h1,$t0 - addze $h2,$h4 - - ld $h3,0($ctx) # load hash value base 2^64 - ld $h4,8($ctx) - ld $t0,16($ctx) - - neg r0,r0 - xor $h0,$h0,$h3 # choose between radixes - xor $h1,$h1,$h4 - xor $h2,$h2,$t0 - and $h0,$h0,r0 - and $h1,$h1,r0 - and $h2,$h2,r0 - xor $h0,$h0,$h3 - xor $h1,$h1,$h4 - xor $h2,$h2,$t0 - - addic $h3,$h0,5 # compare to modulus - addze $h4,$h1 - addze $t0,$h2 - - srdi $t0,$t0,2 # see if it carried/borrowed - neg $t0,$t0 - - andc $h0,$h0,$t0 - and $h3,$h3,$t0 - andc $h1,$h1,$t0 - and $h4,$h4,$t0 - or $h0,$h0,$h3 - or $h1,$h1,$h4 - - lwz $t0,4($nonce) - lwz $h2,12($nonce) - lwz $h3,0($nonce) - lwz $h4,8($nonce) - - insrdi $h3,$t0,32,0 - insrdi $h4,$h2,32,0 - - addc $h0,$h0,$h3 # accumulate nonce - adde $h1,$h1,$h4 - - addi $ctx,$mac,-1 - addi $mac,$mac,7 - - stbu $h0,1($ctx) # write [little-endian] result - srdi $h0,$h0,8 - stbu $h1,1($mac) - srdi $h1,$h1,8 - - stbu $h0,1($ctx) - srdi $h0,$h0,8 - stbu $h1,1($mac) - srdi $h1,$h1,8 - - stbu $h0,1($ctx) - srdi $h0,$h0,8 - stbu $h1,1($mac) - srdi $h1,$h1,8 - - stbu $h0,1($ctx) - srdi $h0,$h0,8 - stbu $h1,1($mac) - srdi $h1,$h1,8 - - stbu $h0,1($ctx) - srdi $h0,$h0,8 - stbu $h1,1($mac) - srdi $h1,$h1,8 - - stbu $h0,1($ctx) - srdi $h0,$h0,8 - stbu $h1,1($mac) - srdi $h1,$h1,8 - - stbu $h0,1($ctx) - srdi $h0,$h0,8 - stbu $h1,1($mac) - srdi $h1,$h1,8 - - stbu $h0,1($ctx) - stbu $h1,1($mac) - - blr - .long 0 - .byte 0,12,0x14,0,0,0,3,0 -.size .poly1305_emit,.-.poly1305_emit -___ -} } else { -############################################################################### -# base 2^32 implementation - -my ($h0,$h1,$h2,$h3,$h4, $r0,$r1,$r2,$r3, $s1,$s2,$s3, - $t0,$t1,$t2,$t3, $D0,$D1,$D2,$D3, $d0,$d1,$d2,$d3 - ) = map("r$_",(7..12,14..31)); - -$code.=<<___; -.globl .poly1305_init_int -.align 4 -.poly1305_init_int: - xor r0,r0,r0 - stw r0,0($ctx) # zero hash value - stw r0,4($ctx) - stw r0,8($ctx) - stw r0,12($ctx) - stw r0,16($ctx) - stw r0,24($ctx) # clear is_base2_26 - - $UCMP $inp,r0 - beq- Lno_key -___ -$code.=<<___ if ($LITTLE_ENDIAN); - lw $h0,0($inp) # load key material - lw $h1,4($inp) - lw $h2,8($inp) - lw $h3,12($inp) -___ -$code.=<<___ if (!$LITTLE_ENDIAN); - li $h1,4 - lwbrx $h0,0,$inp # load key material - li $h2,8 - lwbrx $h1,$h1,$inp - li $h3,12 - lwbrx $h2,$h2,$inp - lwbrx $h3,$h3,$inp -___ -$code.=<<___; - lis $mask,0xf000 # 0xf0000000 - li $r0,-4 - andc $r0,$r0,$mask # 0x0ffffffc - - andc $h0,$h0,$mask - and $h1,$h1,$r0 - and $h2,$h2,$r0 - and $h3,$h3,$r0 - - stw $h0,32($ctx) # store key - stw $h1,36($ctx) - stw $h2,40($ctx) - stw $h3,44($ctx) - -Lno_key: - xor r3,r3,r3 - blr - .long 0 - .byte 0,12,0x14,0,0,0,2,0 -.size .poly1305_init_int,.-.poly1305_init_int - -.globl .poly1305_blocks -.align 4 -.poly1305_blocks: -Lpoly1305_blocks: - srwi. $len,$len,4 - beq- Labort - - $STU $sp,-$FRAME($sp) - mflr r0 - $PUSH r14,`$FRAME-$SIZE_T*18`($sp) - $PUSH r15,`$FRAME-$SIZE_T*17`($sp) - $PUSH r16,`$FRAME-$SIZE_T*16`($sp) - $PUSH r17,`$FRAME-$SIZE_T*15`($sp) - $PUSH r18,`$FRAME-$SIZE_T*14`($sp) - $PUSH r19,`$FRAME-$SIZE_T*13`($sp) - $PUSH r20,`$FRAME-$SIZE_T*12`($sp) - $PUSH r21,`$FRAME-$SIZE_T*11`($sp) - $PUSH r22,`$FRAME-$SIZE_T*10`($sp) - $PUSH r23,`$FRAME-$SIZE_T*9`($sp) - $PUSH r24,`$FRAME-$SIZE_T*8`($sp) - $PUSH r25,`$FRAME-$SIZE_T*7`($sp) - $PUSH r26,`$FRAME-$SIZE_T*6`($sp) - $PUSH r27,`$FRAME-$SIZE_T*5`($sp) - $PUSH r28,`$FRAME-$SIZE_T*4`($sp) - $PUSH r29,`$FRAME-$SIZE_T*3`($sp) - $PUSH r30,`$FRAME-$SIZE_T*2`($sp) - $PUSH r31,`$FRAME-$SIZE_T*1`($sp) - $PUSH r0,`$FRAME+$LRSAVE`($sp) - - lwz $r0,32($ctx) # load key - lwz $r1,36($ctx) - lwz $r2,40($ctx) - lwz $r3,44($ctx) - - lwz $h0,0($ctx) # load hash value - lwz $h1,4($ctx) - lwz $h2,8($ctx) - lwz $h3,12($ctx) - lwz $h4,16($ctx) - - srwi $s1,$r1,2 - srwi $s2,$r2,2 - srwi $s3,$r3,2 - add $s1,$s1,$r1 # si = ri + ri>>2 - add $s2,$s2,$r2 - add $s3,$s3,$r3 - mtctr $len - li $mask,3 - b Loop - -.align 4 -Loop: -___ -$code.=<<___ if ($LITTLE_ENDIAN); - lwz $d0,0($inp) # load input - lwz $d1,4($inp) - lwz $d2,8($inp) - lwz $d3,12($inp) -___ -$code.=<<___ if (!$LITTLE_ENDIAN); - li $d1,4 - lwbrx $d0,0,$inp # load input - li $d2,8 - lwbrx $d1,$d1,$inp - li $d3,12 - lwbrx $d2,$d2,$inp - lwbrx $d3,$d3,$inp -___ -$code.=<<___; - addi $inp,$inp,16 - - addc $h0,$h0,$d0 # accumulate input - adde $h1,$h1,$d1 - adde $h2,$h2,$d2 - - mullw $d0,$h0,$r0 # h0*r0 - mulhwu $D0,$h0,$r0 - - mullw $d1,$h0,$r1 # h0*r1 - mulhwu $D1,$h0,$r1 - - mullw $d2,$h0,$r2 # h0*r2 - mulhwu $D2,$h0,$r2 - - adde $h3,$h3,$d3 - adde $h4,$h4,$padbit - - mullw $d3,$h0,$r3 # h0*r3 - mulhwu $D3,$h0,$r3 - - mullw $t0,$h1,$s3 # h1*s3 - mulhwu $t1,$h1,$s3 - - mullw $t2,$h1,$r0 # h1*r0 - mulhwu $t3,$h1,$r0 - addc $d0,$d0,$t0 - adde $D0,$D0,$t1 - - mullw $t0,$h1,$r1 # h1*r1 - mulhwu $t1,$h1,$r1 - addc $d1,$d1,$t2 - adde $D1,$D1,$t3 - - mullw $t2,$h1,$r2 # h1*r2 - mulhwu $t3,$h1,$r2 - addc $d2,$d2,$t0 - adde $D2,$D2,$t1 - - mullw $t0,$h2,$s2 # h2*s2 - mulhwu $t1,$h2,$s2 - addc $d3,$d3,$t2 - adde $D3,$D3,$t3 - - mullw $t2,$h2,$s3 # h2*s3 - mulhwu $t3,$h2,$s3 - addc $d0,$d0,$t0 - adde $D0,$D0,$t1 - - mullw $t0,$h2,$r0 # h2*r0 - mulhwu $t1,$h2,$r0 - addc $d1,$d1,$t2 - adde $D1,$D1,$t3 - - mullw $t2,$h2,$r1 # h2*r1 - mulhwu $t3,$h2,$r1 - addc $d2,$d2,$t0 - adde $D2,$D2,$t1 - - mullw $t0,$h3,$s1 # h3*s1 - mulhwu $t1,$h3,$s1 - addc $d3,$d3,$t2 - adde $D3,$D3,$t3 - - mullw $t2,$h3,$s2 # h3*s2 - mulhwu $t3,$h3,$s2 - addc $d0,$d0,$t0 - adde $D0,$D0,$t1 - - mullw $t0,$h3,$s3 # h3*s3 - mulhwu $t1,$h3,$s3 - addc $d1,$d1,$t2 - adde $D1,$D1,$t3 - - mullw $t2,$h3,$r0 # h3*r0 - mulhwu $t3,$h3,$r0 - addc $d2,$d2,$t0 - adde $D2,$D2,$t1 - - mullw $t0,$h4,$s1 # h4*s1 - addc $d3,$d3,$t2 - adde $D3,$D3,$t3 - addc $d1,$d1,$t0 - - mullw $t1,$h4,$s2 # h4*s2 - addze $D1,$D1 - addc $d2,$d2,$t1 - addze $D2,$D2 - - mullw $t2,$h4,$s3 # h4*s3 - addc $d3,$d3,$t2 - addze $D3,$D3 - - mullw $h4,$h4,$r0 # h4*r0 - - addc $h1,$d1,$D0 - adde $h2,$d2,$D1 - adde $h3,$d3,$D2 - adde $h4,$h4,$D3 - - andc $D0,$h4,$mask # final reduction step - and $h4,$h4,$mask - srwi $D1,$D0,2 - add $D0,$D0,$D1 - addc $h0,$d0,$D0 - addze $h1,$h1 - addze $h2,$h2 - addze $h3,$h3 - addze $h4,$h4 - - bdnz Loop - - stw $h0,0($ctx) # store hash value - stw $h1,4($ctx) - stw $h2,8($ctx) - stw $h3,12($ctx) - stw $h4,16($ctx) - - $POP r14,`$FRAME-$SIZE_T*18`($sp) - $POP r15,`$FRAME-$SIZE_T*17`($sp) - $POP r16,`$FRAME-$SIZE_T*16`($sp) - $POP r17,`$FRAME-$SIZE_T*15`($sp) - $POP r18,`$FRAME-$SIZE_T*14`($sp) - $POP r19,`$FRAME-$SIZE_T*13`($sp) - $POP r20,`$FRAME-$SIZE_T*12`($sp) - $POP r21,`$FRAME-$SIZE_T*11`($sp) - $POP r22,`$FRAME-$SIZE_T*10`($sp) - $POP r23,`$FRAME-$SIZE_T*9`($sp) - $POP r24,`$FRAME-$SIZE_T*8`($sp) - $POP r25,`$FRAME-$SIZE_T*7`($sp) - $POP r26,`$FRAME-$SIZE_T*6`($sp) - $POP r27,`$FRAME-$SIZE_T*5`($sp) - $POP r28,`$FRAME-$SIZE_T*4`($sp) - $POP r29,`$FRAME-$SIZE_T*3`($sp) - $POP r30,`$FRAME-$SIZE_T*2`($sp) - $POP r31,`$FRAME-$SIZE_T*1`($sp) - addi $sp,$sp,$FRAME -Labort: - blr - .long 0 - .byte 0,12,4,1,0x80,18,4,0 -.size .poly1305_blocks,.-.poly1305_blocks -___ -{ -my ($h0,$h1,$h2,$h3,$h4,$t0,$t1) = map("r$_",(6..12)); - -$code.=<<___; -.globl .poly1305_emit -.align 5 -.poly1305_emit: - lwz r0,24($ctx) # is_base2_26 - lwz $h0,0($ctx) # load hash value - lwz $h1,4($ctx) - lwz $h2,8($ctx) - lwz $h3,12($ctx) - lwz $h4,16($ctx) - cmplwi r0,0 - beq Lemit_base2_32 - - slwi $t0,$h1,26 # base 2^26 -> base 2^32 - srwi $h1,$h1,6 - slwi $t1,$h2,20 - srwi $h2,$h2,12 - addc $h0,$h0,$t0 - slwi $t0,$h3,14 - srwi $h3,$h3,18 - adde $h1,$h1,$t1 - slwi $t1,$h4,8 - srwi $h4,$h4,24 - adde $h2,$h2,$t0 - adde $h3,$h3,$t1 - addze $h4,$h4 - -Lemit_base2_32: - addic r0,$h0,5 # compare to modulus - addze r0,$h1 - addze r0,$h2 - addze r0,$h3 - addze r0,$h4 - - srwi r0,r0,2 # see if it carried/borrowed - neg r0,r0 - andi. r0,r0,5 - - addc $h0,$h0,r0 - lwz r0,0($nonce) - addze $h1,$h1 - lwz $t0,4($nonce) - addze $h2,$h2 - lwz $t1,8($nonce) - addze $h3,$h3 - lwz $h4,12($nonce) - - addc $h0,$h0,r0 # accumulate nonce - adde $h1,$h1,$t0 - adde $h2,$h2,$t1 - adde $h3,$h3,$h4 - - addi $ctx,$mac,-1 - addi $mac,$mac,7 - - stbu $h0,1($ctx) # write [little-endian] result - srwi $h0,$h0,8 - stbu $h2,1($mac) - srwi $h2,$h2,8 - - stbu $h0,1($ctx) - srwi $h0,$h0,8 - stbu $h2,1($mac) - srwi $h2,$h2,8 - - stbu $h0,1($ctx) - srwi $h0,$h0,8 - stbu $h2,1($mac) - srwi $h2,$h2,8 - - stbu $h0,1($ctx) - stbu $h2,1($mac) - - stbu $h1,1($ctx) - srwi $h1,$h1,8 - stbu $h3,1($mac) - srwi $h3,$h3,8 - - stbu $h1,1($ctx) - srwi $h1,$h1,8 - stbu $h3,1($mac) - srwi $h3,$h3,8 - - stbu $h1,1($ctx) - srwi $h1,$h1,8 - stbu $h3,1($mac) - srwi $h3,$h3,8 - - stbu $h1,1($ctx) - stbu $h3,1($mac) - - blr - .long 0 - .byte 0,12,0x14,0,0,0,3,0 -.size .poly1305_emit,.-.poly1305_emit -___ -} } -{{{ -######################################################################## -# PowerISA 2.07/VSX section # -######################################################################## - -my $LOCALS= 6*$SIZE_T; -my $VSXFRAME = $LOCALS + 6*$SIZE_T; - $VSXFRAME += 128; # local variables - $VSXFRAME += 13*16; # v20-v31 offload - -my $BIG_ENDIAN = ($flavour !~ /le/) ? 4 : 0; - -######################################################################## -# Layout of opaque area is following: -# -# unsigned __int32 h[5]; # current hash value base 2^26 -# unsigned __int32 pad; -# unsigned __int32 is_base2_26, pad; -# unsigned __int64 r[2]; # key value base 2^64 -# struct { unsigned __int32 r^2, r^4, r^1, r^3; } r[9]; -# -# where r^n are base 2^26 digits of powers of multiplier key. There are -# 5 digits, but last four are interleaved with multiples of 5, totalling -# in 9 elements: r0, r1, 5*r1, r2, 5*r2, r3, 5*r3, r4, 5*r4. Order of -# powers is as they appear in register, not memory. - -my ($H0, $H1, $H2, $H3, $H4) = map("v$_",(0..4)); -my ($I0, $I1, $I2, $I3, $I4) = map("v$_",(5..9)); -my ($R0, $R1, $S1, $R2, $S2) = map("v$_",(10..14)); -my ($R3, $S3, $R4, $S4) = ($R1, $S1, $R2, $S2); -my ($ACC0, $ACC1, $ACC2, $ACC3, $ACC4) = map("v$_",(15..19)); -my ($T0, $T1, $T2, $T3, $T4) = map("v$_",(20..24)); -my ($_26,$_4,$_40,$_14,$mask26,$padbits,$I2perm) = map("v$_",(25..31)); -my ($x00,$x60,$x70,$x10,$x20,$x30,$x40,$x50) = (0, map("r$_",(7,8,27..31))); -my ($ctx_,$_ctx,$const) = map("r$_",(10..12)); - - if ($flavour =~ /64/) { -############################################################################### -# setup phase of poly1305_blocks_vsx is different on 32- and 64-bit platforms, -# but the base 2^26 computational part is same... - -my ($h0,$h1,$h2,$d0,$d1,$d2, $r0,$r1,$s1, $t0,$t1) = map("r$_",(6..11,27..31)); -my $mask = "r0"; - -$code.=<<___; -.globl .poly1305_blocks_vsx -.align 5 -.poly1305_blocks_vsx: - lwz r7,24($ctx) # is_base2_26 - cmpldi $len,128 - bge __poly1305_blocks_vsx - - neg r0,r7 # is_base2_26 as mask - lwz r7,0($ctx) # load hash base 2^26 - lwz r8,4($ctx) - lwz r9,8($ctx) - lwz r10,12($ctx) - lwz r11,16($ctx) - - sldi r8,r8,26 # base 2^26 -> base 2^64 - sldi r12,r9,52 - add r7,r7,r8 - srdi r9,r9,12 - sldi r10,r10,14 - addc r7,r7,r12 - sldi r8,r11,40 - adde r9,r9,r10 - srdi r11,r11,24 - addc r9,r9,r8 - addze r11,r11 - - ld r8,0($ctx) # load hash base 2^64 - ld r10,8($ctx) - ld r12,16($ctx) - - xor r7,r7,r8 # select between radixes - xor r9,r9,r10 - xor r11,r11,r12 - and r7,r7,r0 - and r9,r9,r0 - and r11,r11,r0 - xor r7,r7,r8 - xor r9,r9,r10 - xor r11,r11,r12 - - li r0,0 - std r7,0($ctx) # store hash base 2^64 - std r9,8($ctx) - std r11,16($ctx) - stw r0,24($ctx) # clear is_base2_26 - - b Lpoly1305_blocks - .long 0 - .byte 0,12,0x14,0,0,0,4,0 -.size .poly1305_blocks_vsx,.-.poly1305_blocks_vsx - -.align 5 -__poly1305_mul: - mulld $d0,$h0,$r0 # h0*r0 - mulhdu $d1,$h0,$r0 - - mulld $t0,$h1,$s1 # h1*5*r1 - mulhdu $t1,$h1,$s1 - addc $d0,$d0,$t0 - adde $d1,$d1,$t1 - - mulld $t0,$h0,$r1 # h0*r1 - mulhdu $d2,$h0,$r1 - addc $d1,$d1,$t0 - addze $d2,$d2 - - mulld $t0,$h1,$r0 # h1*r0 - mulhdu $t1,$h1,$r0 - addc $d1,$d1,$t0 - adde $d2,$d2,$t1 - - mulld $t0,$h2,$s1 # h2*5*r1 - mulld $t1,$h2,$r0 # h2*r0 - addc $d1,$d1,$t0 - adde $d2,$d2,$t1 - - andc $t0,$d2,$mask # final reduction step - and $h2,$d2,$mask - srdi $t1,$t0,2 - add $t0,$t0,$t1 - addc $h0,$d0,$t0 - addze $h1,$d1 - addze $h2,$h2 - - blr - .long 0 - .byte 0,12,0x14,0,0,0,0,0 -.size __poly1305_mul,.-__poly1305_mul - -.align 5 -__poly1305_splat: - extrdi $d0,$h0,26,38 - extrdi $d1,$h0,26,12 - stw $d0,0x00($t1) - - extrdi $d2,$h0,12,0 - slwi $d0,$d1,2 - stw $d1,0x10($t1) - add $d0,$d0,$d1 # * 5 - stw $d0,0x20($t1) - - insrdi $d2,$h1,14,38 - slwi $d0,$d2,2 - stw $d2,0x30($t1) - add $d0,$d0,$d2 # * 5 - stw $d0,0x40($t1) - - extrdi $d1,$h1,26,24 - extrdi $d2,$h1,24,0 - slwi $d0,$d1,2 - stw $d1,0x50($t1) - add $d0,$d0,$d1 # * 5 - stw $d0,0x60($t1) - - insrdi $d2,$h2,3,37 - slwi $d0,$d2,2 - stw $d2,0x70($t1) - add $d0,$d0,$d2 # * 5 - stw $d0,0x80($t1) - - blr - .long 0 - .byte 0,12,0x14,0,0,0,0,0 -.size __poly1305_splat,.-__poly1305_splat - -.align 5 -__poly1305_blocks_vsx: - $STU $sp,-$VSXFRAME($sp) - mflr r0 - li r10,`15+$LOCALS+128` - li r11,`31+$LOCALS+128` - mfspr r12,256 - stvx v20,r10,$sp - addi r10,r10,32 - stvx v21,r11,$sp - addi r11,r11,32 - stvx v22,r10,$sp - addi r10,r10,32 - stvx v23,r10,$sp - addi r10,r10,32 - stvx v24,r11,$sp - addi r11,r11,32 - stvx v25,r10,$sp - addi r10,r10,32 - stvx v26,r10,$sp - addi r10,r10,32 - stvx v27,r11,$sp - addi r11,r11,32 - stvx v28,r10,$sp - addi r10,r10,32 - stvx v29,r11,$sp - addi r11,r11,32 - stvx v30,r10,$sp - stvx v31,r11,$sp - stw r12,`$VSXFRAME-$SIZE_T*5-4`($sp)# save vrsave - li r12,-1 - mtspr 256,r12 # preserve all AltiVec registers - $PUSH r27,`$VSXFRAME-$SIZE_T*5`($sp) - $PUSH r28,`$VSXFRAME-$SIZE_T*4`($sp) - $PUSH r29,`$VSXFRAME-$SIZE_T*3`($sp) - $PUSH r30,`$VSXFRAME-$SIZE_T*2`($sp) - $PUSH r31,`$VSXFRAME-$SIZE_T*1`($sp) - $PUSH r0,`$VSXFRAME+$LRSAVE`($sp) - - bl LPICmeup - - li $x10,0x10 - li $x20,0x20 - li $x30,0x30 - li $x40,0x40 - li $x50,0x50 - lvx_u $mask26,$x00,$const - lvx_u $_26,$x10,$const - lvx_u $_40,$x20,$const - lvx_u $I2perm,$x30,$const - lvx_u $padbits,$x40,$const - - cmplwi r7,0 # is_base2_26? - bne Lskip_init_vsx - - ld $r0,32($ctx) # load key base 2^64 - ld $r1,40($ctx) - srdi $s1,$r1,2 - li $mask,3 - add $s1,$s1,$r1 # s1 = r1 + r1>>2 - - mr $h0,$r0 # "calculate" r^1 - mr $h1,$r1 - li $h2,0 - addi $t1,$ctx,`48+(12^$BIG_ENDIAN)` - bl __poly1305_splat - - bl __poly1305_mul # calculate r^2 - addi $t1,$ctx,`48+(4^$BIG_ENDIAN)` - bl __poly1305_splat - - bl __poly1305_mul # calculate r^3 - addi $t1,$ctx,`48+(8^$BIG_ENDIAN)` - bl __poly1305_splat - - bl __poly1305_mul # calculate r^4 - addi $t1,$ctx,`48+(0^$BIG_ENDIAN)` - bl __poly1305_splat - - ld $h0,0($ctx) # load hash - ld $h1,8($ctx) - ld $h2,16($ctx) - - extrdi $d0,$h0,26,38 # base 2^64 -> base 2^26 - extrdi $d1,$h0,26,12 - extrdi $d2,$h0,12,0 - mtvrwz $H0,$d0 - insrdi $d2,$h1,14,38 - mtvrwz $H1,$d1 - extrdi $d1,$h1,26,24 - mtvrwz $H2,$d2 - extrdi $d2,$h1,24,0 - mtvrwz $H3,$d1 - insrdi $d2,$h2,3,37 - mtvrwz $H4,$d2 -___ - } else { -############################################################################### -# 32-bit initialization - -my ($h0,$h1,$h2,$h3,$h4,$t0,$t1) = map("r$_",(7..11,0,12)); -my ($R3,$S3,$R4,$S4)=($I1,$I2,$I3,$I4); - -$code.=<<___; -.globl .poly1305_blocks_vsx -.align 5 -.poly1305_blocks_vsx: - lwz r7,24($ctx) # is_base2_26 - cmplwi $len,128 - bge __poly1305_blocks_vsx - cmplwi r7,0 - beq Lpoly1305_blocks - - lwz $h0,0($ctx) # load hash - lwz $h1,4($ctx) - lwz $h2,8($ctx) - lwz $h3,12($ctx) - lwz $h4,16($ctx) - - slwi $t0,$h1,26 # base 2^26 -> base 2^32 - srwi $h1,$h1,6 - slwi $t1,$h2,20 - srwi $h2,$h2,12 - addc $h0,$h0,$t0 - slwi $t0,$h3,14 - srwi $h3,$h3,18 - adde $h1,$h1,$t1 - slwi $t1,$h4,8 - srwi $h4,$h4,24 - adde $h2,$h2,$t0 - li $t0,0 - adde $h3,$h3,$t1 - addze $h4,$h4 - - stw $h0,0($ctx) # store hash base 2^32 - stw $h1,4($ctx) - stw $h2,8($ctx) - stw $h3,12($ctx) - stw $h4,16($ctx) - stw $t0,24($ctx) # clear is_base2_26 - - b Lpoly1305_blocks - .long 0 - .byte 0,12,0x14,0,0,0,4,0 -.size .poly1305_blocks_vsx,.-.poly1305_blocks_vsx - -.align 5 -__poly1305_mul: - vmulouw $ACC0,$H0,$R0 - vmulouw $ACC1,$H1,$R0 - vmulouw $ACC2,$H2,$R0 - vmulouw $ACC3,$H3,$R0 - vmulouw $ACC4,$H4,$R0 - - vmulouw $T0,$H4,$S1 - vaddudm $ACC0,$ACC0,$T0 - vmulouw $T0,$H0,$R1 - vaddudm $ACC1,$ACC1,$T0 - vmulouw $T0,$H1,$R1 - vaddudm $ACC2,$ACC2,$T0 - vmulouw $T0,$H2,$R1 - vaddudm $ACC3,$ACC3,$T0 - vmulouw $T0,$H3,$R1 - vaddudm $ACC4,$ACC4,$T0 - - vmulouw $T0,$H3,$S2 - vaddudm $ACC0,$ACC0,$T0 - vmulouw $T0,$H4,$S2 - vaddudm $ACC1,$ACC1,$T0 - vmulouw $T0,$H0,$R2 - vaddudm $ACC2,$ACC2,$T0 - vmulouw $T0,$H1,$R2 - vaddudm $ACC3,$ACC3,$T0 - vmulouw $T0,$H2,$R2 - vaddudm $ACC4,$ACC4,$T0 - - vmulouw $T0,$H2,$S3 - vaddudm $ACC0,$ACC0,$T0 - vmulouw $T0,$H3,$S3 - vaddudm $ACC1,$ACC1,$T0 - vmulouw $T0,$H4,$S3 - vaddudm $ACC2,$ACC2,$T0 - vmulouw $T0,$H0,$R3 - vaddudm $ACC3,$ACC3,$T0 - vmulouw $T0,$H1,$R3 - vaddudm $ACC4,$ACC4,$T0 - - vmulouw $T0,$H1,$S4 - vaddudm $ACC0,$ACC0,$T0 - vmulouw $T0,$H2,$S4 - vaddudm $ACC1,$ACC1,$T0 - vmulouw $T0,$H3,$S4 - vaddudm $ACC2,$ACC2,$T0 - vmulouw $T0,$H4,$S4 - vaddudm $ACC3,$ACC3,$T0 - vmulouw $T0,$H0,$R4 - vaddudm $ACC4,$ACC4,$T0 - - ################################################################ - # lazy reduction - - vspltisb $T0,2 - vsrd $H4,$ACC3,$_26 - vsrd $H1,$ACC0,$_26 - vand $H3,$ACC3,$mask26 - vand $H0,$ACC0,$mask26 - vaddudm $H4,$H4,$ACC4 # h3 -> h4 - vaddudm $H1,$H1,$ACC1 # h0 -> h1 - - vsrd $ACC4,$H4,$_26 - vsrd $ACC1,$H1,$_26 - vand $H4,$H4,$mask26 - vand $H1,$H1,$mask26 - vaddudm $H0,$H0,$ACC4 - vaddudm $H2,$ACC2,$ACC1 # h1 -> h2 - - vsld $ACC4,$ACC4,$T0 # <<2 - vsrd $ACC2,$H2,$_26 - vand $H2,$H2,$mask26 - vaddudm $H0,$H0,$ACC4 # h4 -> h0 - vaddudm $H3,$H3,$ACC2 # h2 -> h3 - - vsrd $ACC0,$H0,$_26 - vsrd $ACC3,$H3,$_26 - vand $H0,$H0,$mask26 - vand $H3,$H3,$mask26 - vaddudm $H1,$H1,$ACC0 # h0 -> h1 - vaddudm $H4,$H4,$ACC3 # h3 -> h4 - - blr - .long 0 - .byte 0,12,0x14,0,0,0,0,0 -.size __poly1305_mul,.-__poly1305_mul - -.align 5 -__poly1305_blocks_vsx: - $STU $sp,-$VSXFRAME($sp) - mflr r0 - li r10,`15+$LOCALS+128` - li r11,`31+$LOCALS+128` - mfspr r12,256 - stvx v20,r10,$sp - addi r10,r10,32 - stvx v21,r11,$sp - addi r11,r11,32 - stvx v22,r10,$sp - addi r10,r10,32 - stvx v23,r10,$sp - addi r10,r10,32 - stvx v24,r11,$sp - addi r11,r11,32 - stvx v25,r10,$sp - addi r10,r10,32 - stvx v26,r10,$sp - addi r10,r10,32 - stvx v27,r11,$sp - addi r11,r11,32 - stvx v28,r10,$sp - addi r10,r10,32 - stvx v29,r11,$sp - addi r11,r11,32 - stvx v30,r10,$sp - stvx v31,r11,$sp - stw r12,`$VSXFRAME-$SIZE_T*5-4`($sp)# save vrsave - li r12,-1 - mtspr 256,r12 # preserve all AltiVec registers - $PUSH r27,`$VSXFRAME-$SIZE_T*5`($sp) - $PUSH r28,`$VSXFRAME-$SIZE_T*4`($sp) - $PUSH r29,`$VSXFRAME-$SIZE_T*3`($sp) - $PUSH r30,`$VSXFRAME-$SIZE_T*2`($sp) - $PUSH r31,`$VSXFRAME-$SIZE_T*1`($sp) - $PUSH r0,`$VSXFRAME+$LRSAVE`($sp) - - bl LPICmeup - - li $x10,0x10 - li $x20,0x20 - li $x30,0x30 - li $x40,0x40 - li $x50,0x50 - lvx_u $mask26,$x00,$const - lvx_u $_26,$x10,$const - lvx_u $_40,$x20,$const - lvx_u $I2perm,$x30,$const - lvx_u $padbits,$x40,$const - - cmplwi r7,0 # is_base2_26? - bne Lskip_init_vsx - - lwz $h1,32($ctx) # load key base 2^32 - lwz $h2,36($ctx) - lwz $h3,40($ctx) - lwz $h4,44($ctx) - - extrwi $h0,$h1,26,6 # base 2^32 -> base 2^26 - extrwi $h1,$h1,6,0 - insrwi $h1,$h2,20,6 - extrwi $h2,$h2,12,0 - insrwi $h2,$h3,14,6 - extrwi $h3,$h3,18,0 - insrwi $h3,$h4,8,6 - extrwi $h4,$h4,24,0 - - mtvrwz $R0,$h0 - slwi $h0,$h1,2 - mtvrwz $R1,$h1 - add $h1,$h1,$h0 - mtvrwz $S1,$h1 - slwi $h1,$h2,2 - mtvrwz $R2,$h2 - add $h2,$h2,$h1 - mtvrwz $S2,$h2 - slwi $h2,$h3,2 - mtvrwz $R3,$h3 - add $h3,$h3,$h2 - mtvrwz $S3,$h3 - slwi $h3,$h4,2 - mtvrwz $R4,$h4 - add $h4,$h4,$h3 - mtvrwz $S4,$h4 - - vmr $H0,$R0 - vmr $H1,$R1 - vmr $H2,$R2 - vmr $H3,$R3 - vmr $H4,$R4 - - bl __poly1305_mul # r^1:- * r^1:- - - vpermdi $R0,$H0,$R0,0b00 - vpermdi $R1,$H1,$R1,0b00 - vpermdi $R2,$H2,$R2,0b00 - vpermdi $R3,$H3,$R3,0b00 - vpermdi $R4,$H4,$R4,0b00 - vpermdi $H0,$H0,$H0,0b00 - vpermdi $H1,$H1,$H1,0b00 - vpermdi $H2,$H2,$H2,0b00 - vpermdi $H3,$H3,$H3,0b00 - vpermdi $H4,$H4,$H4,0b00 - vsld $S1,$R1,$T0 # <<2 - vsld $S2,$R2,$T0 - vsld $S3,$R3,$T0 - vsld $S4,$R4,$T0 - vaddudm $S1,$S1,$R1 - vaddudm $S2,$S2,$R2 - vaddudm $S3,$S3,$R3 - vaddudm $S4,$S4,$R4 - - bl __poly1305_mul # r^2:r^2 * r^2:r^1 - - addi $h0,$ctx,0x60 - lwz $h1,0($ctx) # load hash - lwz $h2,4($ctx) - lwz $h3,8($ctx) - lwz $h4,12($ctx) - lwz $t0,16($ctx) - - vmrgow $R0,$R0,$H0 # r^2:r^4:r^1:r^3 - vmrgow $R1,$R1,$H1 - vmrgow $R2,$R2,$H2 - vmrgow $R3,$R3,$H3 - vmrgow $R4,$R4,$H4 - vslw $S1,$R1,$T0 # <<2 - vslw $S2,$R2,$T0 - vslw $S3,$R3,$T0 - vslw $S4,$R4,$T0 - vadduwm $S1,$S1,$R1 - vadduwm $S2,$S2,$R2 - vadduwm $S3,$S3,$R3 - vadduwm $S4,$S4,$R4 - - stvx_u $R0,$x30,$ctx - stvx_u $R1,$x40,$ctx - stvx_u $S1,$x50,$ctx - stvx_u $R2,$x00,$h0 - stvx_u $S2,$x10,$h0 - stvx_u $R3,$x20,$h0 - stvx_u $S3,$x30,$h0 - stvx_u $R4,$x40,$h0 - stvx_u $S4,$x50,$h0 - - extrwi $h0,$h1,26,6 # base 2^32 -> base 2^26 - extrwi $h1,$h1,6,0 - mtvrwz $H0,$h0 - insrwi $h1,$h2,20,6 - extrwi $h2,$h2,12,0 - mtvrwz $H1,$h1 - insrwi $h2,$h3,14,6 - extrwi $h3,$h3,18,0 - mtvrwz $H2,$h2 - insrwi $h3,$h4,8,6 - extrwi $h4,$h4,24,0 - mtvrwz $H3,$h3 - insrwi $h4,$t0,3,5 - mtvrwz $H4,$h4 -___ - } -$code.=<<___; - li r0,1 - stw r0,24($ctx) # set is_base2_26 - b Loaded_vsx - -.align 4 -Lskip_init_vsx: - li $x10,4 - li $x20,8 - li $x30,12 - li $x40,16 - lvwzx_u $H0,$x00,$ctx - lvwzx_u $H1,$x10,$ctx - lvwzx_u $H2,$x20,$ctx - lvwzx_u $H3,$x30,$ctx - lvwzx_u $H4,$x40,$ctx - -Loaded_vsx: - li $x10,0x10 - li $x20,0x20 - li $x30,0x30 - li $x40,0x40 - li $x50,0x50 - li $x60,0x60 - li $x70,0x70 - addi $ctx_,$ctx,64 # &ctx->r[1] - addi $_ctx,$sp,`$LOCALS+15` # &ctx->r[1], r^2:r^4 shadow - - vxor $T0,$T0,$T0 # ensure second half is zero - vpermdi $H0,$H0,$T0,0b00 - vpermdi $H1,$H1,$T0,0b00 - vpermdi $H2,$H2,$T0,0b00 - vpermdi $H3,$H3,$T0,0b00 - vpermdi $H4,$H4,$T0,0b00 - - be?lvx_u $_4,$x50,$const # byte swap mask - lvx_u $T1,$x00,$inp # load first input block - lvx_u $T2,$x10,$inp - lvx_u $T3,$x20,$inp - lvx_u $T4,$x30,$inp - be?vperm $T1,$T1,$T1,$_4 - be?vperm $T2,$T2,$T2,$_4 - be?vperm $T3,$T3,$T3,$_4 - be?vperm $T4,$T4,$T4,$_4 - - vpermdi $I0,$T1,$T2,0b00 # smash input to base 2^26 - vspltisb $_4,4 - vperm $I2,$T1,$T2,$I2perm # 0x...0e0f0001...1e1f1011 - vspltisb $_14,14 - vpermdi $I3,$T1,$T2,0b11 - - vsrd $I1,$I0,$_26 - vsrd $I2,$I2,$_4 - vsrd $I4,$I3,$_40 - vsrd $I3,$I3,$_14 - vand $I0,$I0,$mask26 - vand $I1,$I1,$mask26 - vand $I2,$I2,$mask26 - vand $I3,$I3,$mask26 - - vpermdi $T1,$T3,$T4,0b00 - vperm $T2,$T3,$T4,$I2perm # 0x...0e0f0001...1e1f1011 - vpermdi $T3,$T3,$T4,0b11 - - vsrd $T0,$T1,$_26 - vsrd $T2,$T2,$_4 - vsrd $T4,$T3,$_40 - vsrd $T3,$T3,$_14 - vand $T1,$T1,$mask26 - vand $T0,$T0,$mask26 - vand $T2,$T2,$mask26 - vand $T3,$T3,$mask26 - - # inp[2]:inp[0]:inp[3]:inp[1] - vmrgow $I4,$T4,$I4 - vmrgow $I0,$T1,$I0 - vmrgow $I1,$T0,$I1 - vmrgow $I2,$T2,$I2 - vmrgow $I3,$T3,$I3 - vor $I4,$I4,$padbits - - lvx_splt $R0,$x30,$ctx # taking lvx_vsplt out of loop - lvx_splt $R1,$x00,$ctx_ # gives ~8% improvement - lvx_splt $S1,$x10,$ctx_ - lvx_splt $R2,$x20,$ctx_ - lvx_splt $S2,$x30,$ctx_ - lvx_splt $T1,$x40,$ctx_ - lvx_splt $T2,$x50,$ctx_ - lvx_splt $T3,$x60,$ctx_ - lvx_splt $T4,$x70,$ctx_ - stvx $R1,$x00,$_ctx - stvx $S1,$x10,$_ctx - stvx $R2,$x20,$_ctx - stvx $S2,$x30,$_ctx - stvx $T1,$x40,$_ctx - stvx $T2,$x50,$_ctx - stvx $T3,$x60,$_ctx - stvx $T4,$x70,$_ctx - - addi $inp,$inp,0x40 - addi $const,$const,0x50 - addi r0,$len,-64 - srdi r0,r0,6 - mtctr r0 - b Loop_vsx - -.align 4 -Loop_vsx: - ################################################################ - ## ((inp[0]*r^4+inp[2]*r^2+inp[4])*r^4+inp[6]*r^2 - ## ((inp[1]*r^4+inp[3]*r^2+inp[5])*r^3+inp[7]*r - ## \___________________/ - ## - ## Note that we start with inp[2:3]*r^2. This is because it - ## doesn't depend on reduction in previous iteration. - ################################################################ - ## d4 = h4*r0 + h3*r1 + h2*r2 + h1*r3 + h0*r4 - ## d3 = h3*r0 + h2*r1 + h1*r2 + h0*r3 + h4*5*r4 - ## d2 = h2*r0 + h1*r1 + h0*r2 + h4*5*r3 + h3*5*r4 - ## d1 = h1*r0 + h0*r1 + h4*5*r2 + h3*5*r3 + h2*5*r4 - ## d0 = h0*r0 + h4*5*r1 + h3*5*r2 + h2*5*r3 + h1*5*r4 - - vmuleuw $ACC0,$I0,$R0 - vmuleuw $ACC1,$I0,$R1 - vmuleuw $ACC2,$I0,$R2 - vmuleuw $ACC3,$I1,$R2 - - vmuleuw $T0,$I1,$R0 - vaddudm $ACC1,$ACC1,$T0 - vmuleuw $T0,$I1,$R1 - vaddudm $ACC2,$ACC2,$T0 - vmuleuw $ACC4,$I2,$R2 - vmuleuw $T0,$I4,$S1 - vaddudm $ACC0,$ACC0,$T0 - vmuleuw $T0,$I2,$R1 - vaddudm $ACC3,$ACC3,$T0 - lvx $S3,$x50,$_ctx - vmuleuw $T0,$I3,$R1 - vaddudm $ACC4,$ACC4,$T0 - lvx $R3,$x40,$_ctx - - vaddudm $H2,$H2,$I2 - vaddudm $H0,$H0,$I0 - vaddudm $H3,$H3,$I3 - vaddudm $H1,$H1,$I1 - vaddudm $H4,$H4,$I4 - - vmuleuw $T0,$I3,$S2 - vaddudm $ACC0,$ACC0,$T0 - vmuleuw $T0,$I4,$S2 - vaddudm $ACC1,$ACC1,$T0 - vmuleuw $T0,$I2,$R0 - vaddudm $ACC2,$ACC2,$T0 - vmuleuw $T0,$I3,$R0 - vaddudm $ACC3,$ACC3,$T0 - lvx $S4,$x70,$_ctx - vmuleuw $T0,$I4,$R0 - vaddudm $ACC4,$ACC4,$T0 - lvx $R4,$x60,$_ctx - - vmuleuw $T0,$I2,$S3 - vaddudm $ACC0,$ACC0,$T0 - vmuleuw $T0,$I3,$S3 - vaddudm $ACC1,$ACC1,$T0 - vmuleuw $T0,$I4,$S3 - vaddudm $ACC2,$ACC2,$T0 - vmuleuw $T0,$I0,$R3 - vaddudm $ACC3,$ACC3,$T0 - vmuleuw $T0,$I1,$R3 - vaddudm $ACC4,$ACC4,$T0 - - be?lvx_u $_4,$x00,$const # byte swap mask - lvx_u $T1,$x00,$inp # load next input block - lvx_u $T2,$x10,$inp - lvx_u $T3,$x20,$inp - lvx_u $T4,$x30,$inp - be?vperm $T1,$T1,$T1,$_4 - be?vperm $T2,$T2,$T2,$_4 - be?vperm $T3,$T3,$T3,$_4 - be?vperm $T4,$T4,$T4,$_4 - - vmuleuw $T0,$I1,$S4 - vaddudm $ACC0,$ACC0,$T0 - vmuleuw $T0,$I2,$S4 - vaddudm $ACC1,$ACC1,$T0 - vmuleuw $T0,$I3,$S4 - vaddudm $ACC2,$ACC2,$T0 - vmuleuw $T0,$I4,$S4 - vaddudm $ACC3,$ACC3,$T0 - vmuleuw $T0,$I0,$R4 - vaddudm $ACC4,$ACC4,$T0 - - vpermdi $I0,$T1,$T2,0b00 # smash input to base 2^26 - vspltisb $_4,4 - vperm $I2,$T1,$T2,$I2perm # 0x...0e0f0001...1e1f1011 - vpermdi $I3,$T1,$T2,0b11 - - # (hash + inp[0:1]) * r^4 - vmulouw $T0,$H0,$R0 - vaddudm $ACC0,$ACC0,$T0 - vmulouw $T0,$H1,$R0 - vaddudm $ACC1,$ACC1,$T0 - vmulouw $T0,$H2,$R0 - vaddudm $ACC2,$ACC2,$T0 - vmulouw $T0,$H3,$R0 - vaddudm $ACC3,$ACC3,$T0 - vmulouw $T0,$H4,$R0 - vaddudm $ACC4,$ACC4,$T0 - - vpermdi $T1,$T3,$T4,0b00 - vperm $T2,$T3,$T4,$I2perm # 0x...0e0f0001...1e1f1011 - vpermdi $T3,$T3,$T4,0b11 - - vmulouw $T0,$H2,$S3 - vaddudm $ACC0,$ACC0,$T0 - vmulouw $T0,$H3,$S3 - vaddudm $ACC1,$ACC1,$T0 - vmulouw $T0,$H4,$S3 - vaddudm $ACC2,$ACC2,$T0 - vmulouw $T0,$H0,$R3 - vaddudm $ACC3,$ACC3,$T0 - lvx $S1,$x10,$_ctx - vmulouw $T0,$H1,$R3 - vaddudm $ACC4,$ACC4,$T0 - lvx $R1,$x00,$_ctx - - vsrd $I1,$I0,$_26 - vsrd $I2,$I2,$_4 - vsrd $I4,$I3,$_40 - vsrd $I3,$I3,$_14 - - vmulouw $T0,$H1,$S4 - vaddudm $ACC0,$ACC0,$T0 - vmulouw $T0,$H2,$S4 - vaddudm $ACC1,$ACC1,$T0 - vmulouw $T0,$H3,$S4 - vaddudm $ACC2,$ACC2,$T0 - vmulouw $T0,$H4,$S4 - vaddudm $ACC3,$ACC3,$T0 - lvx $S2,$x30,$_ctx - vmulouw $T0,$H0,$R4 - vaddudm $ACC4,$ACC4,$T0 - lvx $R2,$x20,$_ctx - - vand $I0,$I0,$mask26 - vand $I1,$I1,$mask26 - vand $I2,$I2,$mask26 - vand $I3,$I3,$mask26 - - vmulouw $T0,$H4,$S1 - vaddudm $ACC0,$ACC0,$T0 - vmulouw $T0,$H0,$R1 - vaddudm $ACC1,$ACC1,$T0 - vmulouw $T0,$H1,$R1 - vaddudm $ACC2,$ACC2,$T0 - vmulouw $T0,$H2,$R1 - vaddudm $ACC3,$ACC3,$T0 - vmulouw $T0,$H3,$R1 - vaddudm $ACC4,$ACC4,$T0 - - vsrd $T2,$T2,$_4 - vsrd $_4,$T1,$_26 - vsrd $T4,$T3,$_40 - vsrd $T3,$T3,$_14 - - vmulouw $T0,$H3,$S2 - vaddudm $ACC0,$ACC0,$T0 - vmulouw $T0,$H4,$S2 - vaddudm $ACC1,$ACC1,$T0 - vmulouw $T0,$H0,$R2 - vaddudm $ACC2,$ACC2,$T0 - vmulouw $T0,$H1,$R2 - vaddudm $ACC3,$ACC3,$T0 - vmulouw $T0,$H2,$R2 - vaddudm $ACC4,$ACC4,$T0 - - vand $T1,$T1,$mask26 - vand $_4,$_4,$mask26 - vand $T2,$T2,$mask26 - vand $T3,$T3,$mask26 - - ################################################################ - # lazy reduction as discussed in "NEON crypto" by D.J. Bernstein - # and P. Schwabe - - vspltisb $T0,2 - vsrd $H4,$ACC3,$_26 - vsrd $H1,$ACC0,$_26 - vand $H3,$ACC3,$mask26 - vand $H0,$ACC0,$mask26 - vaddudm $H4,$H4,$ACC4 # h3 -> h4 - vaddudm $H1,$H1,$ACC1 # h0 -> h1 - - vmrgow $I4,$T4,$I4 - vmrgow $I0,$T1,$I0 - vmrgow $I1,$_4,$I1 - vmrgow $I2,$T2,$I2 - vmrgow $I3,$T3,$I3 - vor $I4,$I4,$padbits - - vsrd $ACC4,$H4,$_26 - vsrd $ACC1,$H1,$_26 - vand $H4,$H4,$mask26 - vand $H1,$H1,$mask26 - vaddudm $H0,$H0,$ACC4 - vaddudm $H2,$ACC2,$ACC1 # h1 -> h2 - - vsld $ACC4,$ACC4,$T0 # <<2 - vsrd $ACC2,$H2,$_26 - vand $H2,$H2,$mask26 - vaddudm $H0,$H0,$ACC4 # h4 -> h0 - vaddudm $H3,$H3,$ACC2 # h2 -> h3 - - vsrd $ACC0,$H0,$_26 - vsrd $ACC3,$H3,$_26 - vand $H0,$H0,$mask26 - vand $H3,$H3,$mask26 - vaddudm $H1,$H1,$ACC0 # h0 -> h1 - vaddudm $H4,$H4,$ACC3 # h3 -> h4 - - addi $inp,$inp,0x40 - bdnz Loop_vsx - - neg $len,$len - andi. $len,$len,0x30 - sub $inp,$inp,$len - - lvx_u $R0,$x30,$ctx # load all powers - lvx_u $R1,$x00,$ctx_ - lvx_u $S1,$x10,$ctx_ - lvx_u $R2,$x20,$ctx_ - lvx_u $S2,$x30,$ctx_ - -Last_vsx: - vmuleuw $ACC0,$I0,$R0 - vmuleuw $ACC1,$I1,$R0 - vmuleuw $ACC2,$I2,$R0 - vmuleuw $ACC3,$I3,$R0 - vmuleuw $ACC4,$I4,$R0 - - vmuleuw $T0,$I4,$S1 - vaddudm $ACC0,$ACC0,$T0 - vmuleuw $T0,$I0,$R1 - vaddudm $ACC1,$ACC1,$T0 - vmuleuw $T0,$I1,$R1 - vaddudm $ACC2,$ACC2,$T0 - vmuleuw $T0,$I2,$R1 - vaddudm $ACC3,$ACC3,$T0 - lvx_u $S3,$x50,$ctx_ - vmuleuw $T0,$I3,$R1 - vaddudm $ACC4,$ACC4,$T0 - lvx_u $R3,$x40,$ctx_ - - vaddudm $H2,$H2,$I2 - vaddudm $H0,$H0,$I0 - vaddudm $H3,$H3,$I3 - vaddudm $H1,$H1,$I1 - vaddudm $H4,$H4,$I4 - - vmuleuw $T0,$I3,$S2 - vaddudm $ACC0,$ACC0,$T0 - vmuleuw $T0,$I4,$S2 - vaddudm $ACC1,$ACC1,$T0 - vmuleuw $T0,$I0,$R2 - vaddudm $ACC2,$ACC2,$T0 - vmuleuw $T0,$I1,$R2 - vaddudm $ACC3,$ACC3,$T0 - lvx_u $S4,$x70,$ctx_ - vmuleuw $T0,$I2,$R2 - vaddudm $ACC4,$ACC4,$T0 - lvx_u $R4,$x60,$ctx_ - - vmuleuw $T0,$I2,$S3 - vaddudm $ACC0,$ACC0,$T0 - vmuleuw $T0,$I3,$S3 - vaddudm $ACC1,$ACC1,$T0 - vmuleuw $T0,$I4,$S3 - vaddudm $ACC2,$ACC2,$T0 - vmuleuw $T0,$I0,$R3 - vaddudm $ACC3,$ACC3,$T0 - vmuleuw $T0,$I1,$R3 - vaddudm $ACC4,$ACC4,$T0 - - vmuleuw $T0,$I1,$S4 - vaddudm $ACC0,$ACC0,$T0 - vmuleuw $T0,$I2,$S4 - vaddudm $ACC1,$ACC1,$T0 - vmuleuw $T0,$I3,$S4 - vaddudm $ACC2,$ACC2,$T0 - vmuleuw $T0,$I4,$S4 - vaddudm $ACC3,$ACC3,$T0 - vmuleuw $T0,$I0,$R4 - vaddudm $ACC4,$ACC4,$T0 - - # (hash + inp[0:1]) * r^4 - vmulouw $T0,$H0,$R0 - vaddudm $ACC0,$ACC0,$T0 - vmulouw $T0,$H1,$R0 - vaddudm $ACC1,$ACC1,$T0 - vmulouw $T0,$H2,$R0 - vaddudm $ACC2,$ACC2,$T0 - vmulouw $T0,$H3,$R0 - vaddudm $ACC3,$ACC3,$T0 - vmulouw $T0,$H4,$R0 - vaddudm $ACC4,$ACC4,$T0 - - vmulouw $T0,$H2,$S3 - vaddudm $ACC0,$ACC0,$T0 - vmulouw $T0,$H3,$S3 - vaddudm $ACC1,$ACC1,$T0 - vmulouw $T0,$H4,$S3 - vaddudm $ACC2,$ACC2,$T0 - vmulouw $T0,$H0,$R3 - vaddudm $ACC3,$ACC3,$T0 - lvx_u $S1,$x10,$ctx_ - vmulouw $T0,$H1,$R3 - vaddudm $ACC4,$ACC4,$T0 - lvx_u $R1,$x00,$ctx_ - - vmulouw $T0,$H1,$S4 - vaddudm $ACC0,$ACC0,$T0 - vmulouw $T0,$H2,$S4 - vaddudm $ACC1,$ACC1,$T0 - vmulouw $T0,$H3,$S4 - vaddudm $ACC2,$ACC2,$T0 - vmulouw $T0,$H4,$S4 - vaddudm $ACC3,$ACC3,$T0 - lvx_u $S2,$x30,$ctx_ - vmulouw $T0,$H0,$R4 - vaddudm $ACC4,$ACC4,$T0 - lvx_u $R2,$x20,$ctx_ - - vmulouw $T0,$H4,$S1 - vaddudm $ACC0,$ACC0,$T0 - vmulouw $T0,$H0,$R1 - vaddudm $ACC1,$ACC1,$T0 - vmulouw $T0,$H1,$R1 - vaddudm $ACC2,$ACC2,$T0 - vmulouw $T0,$H2,$R1 - vaddudm $ACC3,$ACC3,$T0 - vmulouw $T0,$H3,$R1 - vaddudm $ACC4,$ACC4,$T0 - - vmulouw $T0,$H3,$S2 - vaddudm $ACC0,$ACC0,$T0 - vmulouw $T0,$H4,$S2 - vaddudm $ACC1,$ACC1,$T0 - vmulouw $T0,$H0,$R2 - vaddudm $ACC2,$ACC2,$T0 - vmulouw $T0,$H1,$R2 - vaddudm $ACC3,$ACC3,$T0 - vmulouw $T0,$H2,$R2 - vaddudm $ACC4,$ACC4,$T0 - - ################################################################ - # horizontal addition - - vpermdi $H0,$ACC0,$ACC0,0b10 - vpermdi $H1,$ACC1,$ACC1,0b10 - vpermdi $H2,$ACC2,$ACC2,0b10 - vpermdi $H3,$ACC3,$ACC3,0b10 - vpermdi $H4,$ACC4,$ACC4,0b10 - vaddudm $ACC0,$ACC0,$H0 - vaddudm $ACC1,$ACC1,$H1 - vaddudm $ACC2,$ACC2,$H2 - vaddudm $ACC3,$ACC3,$H3 - vaddudm $ACC4,$ACC4,$H4 - - ################################################################ - # lazy reduction - - vspltisb $T0,2 - vsrd $H4,$ACC3,$_26 - vsrd $H1,$ACC0,$_26 - vand $H3,$ACC3,$mask26 - vand $H0,$ACC0,$mask26 - vaddudm $H4,$H4,$ACC4 # h3 -> h4 - vaddudm $H1,$H1,$ACC1 # h0 -> h1 - - vsrd $ACC4,$H4,$_26 - vsrd $ACC1,$H1,$_26 - vand $H4,$H4,$mask26 - vand $H1,$H1,$mask26 - vaddudm $H0,$H0,$ACC4 - vaddudm $H2,$ACC2,$ACC1 # h1 -> h2 - - vsld $ACC4,$ACC4,$T0 # <<2 - vsrd $ACC2,$H2,$_26 - vand $H2,$H2,$mask26 - vaddudm $H0,$H0,$ACC4 # h4 -> h0 - vaddudm $H3,$H3,$ACC2 # h2 -> h3 - - vsrd $ACC0,$H0,$_26 - vsrd $ACC3,$H3,$_26 - vand $H0,$H0,$mask26 - vand $H3,$H3,$mask26 - vaddudm $H1,$H1,$ACC0 # h0 -> h1 - vaddudm $H4,$H4,$ACC3 # h3 -> h4 - - beq Ldone_vsx - - add r6,$const,$len - - be?lvx_u $_4,$x00,$const # byte swap mask - lvx_u $T1,$x00,$inp # load last partial input block - lvx_u $T2,$x10,$inp - lvx_u $T3,$x20,$inp - lvx_u $T4,$x30,$inp - be?vperm $T1,$T1,$T1,$_4 - be?vperm $T2,$T2,$T2,$_4 - be?vperm $T3,$T3,$T3,$_4 - be?vperm $T4,$T4,$T4,$_4 - - vpermdi $I0,$T1,$T2,0b00 # smash input to base 2^26 - vspltisb $_4,4 - vperm $I2,$T1,$T2,$I2perm # 0x...0e0f0001...1e1f1011 - vpermdi $I3,$T1,$T2,0b11 - - vsrd $I1,$I0,$_26 - vsrd $I2,$I2,$_4 - vsrd $I4,$I3,$_40 - vsrd $I3,$I3,$_14 - vand $I0,$I0,$mask26 - vand $I1,$I1,$mask26 - vand $I2,$I2,$mask26 - vand $I3,$I3,$mask26 - - vpermdi $T0,$T3,$T4,0b00 - vperm $T1,$T3,$T4,$I2perm # 0x...0e0f0001...1e1f1011 - vpermdi $T2,$T3,$T4,0b11 - - lvx_u $ACC0,$x00,r6 - lvx_u $ACC1,$x30,r6 - - vsrd $T3,$T0,$_26 - vsrd $T1,$T1,$_4 - vsrd $T4,$T2,$_40 - vsrd $T2,$T2,$_14 - vand $T0,$T0,$mask26 - vand $T3,$T3,$mask26 - vand $T1,$T1,$mask26 - vand $T2,$T2,$mask26 - - # inp[2]:inp[0]:inp[3]:inp[1] - vmrgow $I4,$T4,$I4 - vmrgow $I0,$T0,$I0 - vmrgow $I1,$T3,$I1 - vmrgow $I2,$T1,$I2 - vmrgow $I3,$T2,$I3 - vor $I4,$I4,$padbits - - vperm $H0,$H0,$H0,$ACC0 # move hash to right lane - vand $I0,$I0, $ACC1 # mask redundant input lane[s] - vperm $H1,$H1,$H1,$ACC0 - vand $I1,$I1, $ACC1 - vperm $H2,$H2,$H2,$ACC0 - vand $I2,$I2, $ACC1 - vperm $H3,$H3,$H3,$ACC0 - vand $I3,$I3, $ACC1 - vperm $H4,$H4,$H4,$ACC0 - vand $I4,$I4, $ACC1 - - vaddudm $I0,$I0,$H0 # accumulate hash - vxor $H0,$H0,$H0 # wipe hash value - vaddudm $I1,$I1,$H1 - vxor $H1,$H1,$H1 - vaddudm $I2,$I2,$H2 - vxor $H2,$H2,$H2 - vaddudm $I3,$I3,$H3 - vxor $H3,$H3,$H3 - vaddudm $I4,$I4,$H4 - vxor $H4,$H4,$H4 - - xor. $len,$len,$len - b Last_vsx - -.align 4 -Ldone_vsx: - $POP r0,`$VSXFRAME+$LRSAVE`($sp) - li $x10,4 - li $x20,8 - li $x30,12 - li $x40,16 - stvwx_u $H0,$x00,$ctx # store hash - stvwx_u $H1,$x10,$ctx - stvwx_u $H2,$x20,$ctx - stvwx_u $H3,$x30,$ctx - stvwx_u $H4,$x40,$ctx - - lwz r12,`$VSXFRAME-$SIZE_T*5-4`($sp)# pull vrsave - mtlr r0 - li r10,`15+$LOCALS+128` - li r11,`31+$LOCALS+128` - mtspr 256,r12 # restore vrsave - lvx v20,r10,$sp - addi r10,r10,32 - lvx v21,r10,$sp - addi r10,r10,32 - lvx v22,r11,$sp - addi r11,r11,32 - lvx v23,r10,$sp - addi r10,r10,32 - lvx v24,r11,$sp - addi r11,r11,32 - lvx v25,r10,$sp - addi r10,r10,32 - lvx v26,r11,$sp - addi r11,r11,32 - lvx v27,r10,$sp - addi r10,r10,32 - lvx v28,r11,$sp - addi r11,r11,32 - lvx v29,r10,$sp - addi r10,r10,32 - lvx v30,r11,$sp - lvx v31,r10,$sp - $POP r27,`$VSXFRAME-$SIZE_T*5`($sp) - $POP r28,`$VSXFRAME-$SIZE_T*4`($sp) - $POP r29,`$VSXFRAME-$SIZE_T*3`($sp) - $POP r30,`$VSXFRAME-$SIZE_T*2`($sp) - $POP r31,`$VSXFRAME-$SIZE_T*1`($sp) - addi $sp,$sp,$VSXFRAME - blr - .long 0 - .byte 0,12,0x04,1,0x80,5,4,0 - .long 0 -.size __poly1305_blocks_vsx,.-__poly1305_blocks_vsx - -.align 6 -LPICmeup: - mflr r0 - bcl 20,31,\$+4 - mflr $const # vvvvvv "distance" between . and 1st data entry - addi $const,$const,`64-8` - mtlr r0 - blr - .long 0 - .byte 0,12,0x14,0,0,0,0,0 - .space `64-9*4` - -.quad 0x0000000003ffffff,0x0000000003ffffff # mask26 -.quad 0x000000000000001a,0x000000000000001a # _26 -.quad 0x0000000000000028,0x0000000000000028 # _40 -.quad 0x000000000e0f0001,0x000000001e1f1011 # I2perm -.quad 0x0100000001000000,0x0100000001000000 # padbits -.quad 0x0706050403020100,0x0f0e0d0c0b0a0908 # byte swap for big-endian - -.quad 0x0000000000000000,0x0000000004050607 # magic tail masks -.quad 0x0405060700000000,0x0000000000000000 -.quad 0x0000000000000000,0x0405060700000000 - -.quad 0xffffffff00000000,0xffffffffffffffff -.quad 0xffffffff00000000,0xffffffff00000000 -.quad 0x0000000000000000,0xffffffff00000000 -___ -}}} -$code.=<<___; -.asciz "Poly1305 for PPC, CRYPTOGAMS by \@dot-asm" -___ - -foreach (split("\n",$code)) { - s/\`([^\`]*)\`/eval($1)/ge; - - # instructions prefixed with '?' are endian-specific and need - # to be adjusted accordingly... - if ($flavour !~ /le$/) { # big-endian - s/be\?// or - s/le\?/#le#/ - } else { # little-endian - s/le\?// or - s/be\?/#be#/ - } - - print $_,"\n"; -} -close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/poly1305/asm/poly1305-ppcfp.pl b/crypto/poly1305/asm/poly1305-ppcfp.pl deleted file mode 100755 index 218708a462573d0b737d87ec1a13227e0208430e..0000000000000000000000000000000000000000 --- a/crypto/poly1305/asm/poly1305-ppcfp.pl +++ /dev/null @@ -1,743 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - -# -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# ==================================================================== -# -# This module implements Poly1305 hash for PowerPC FPU. -# -# June 2015 -# -# Numbers are cycles per processed byte with poly1305_blocks alone, -# and improvement coefficients relative to gcc-generated code. -# -# Freescale e300 9.78/+30% -# PPC74x0 6.92/+50% -# PPC970 6.03/+80% -# POWER7 3.50/+30% -# POWER8 3.75/+10% - -# $output is the last argument if it looks like a file (it has an extension) -# $flavour is the first argument if it doesn't look like a file -$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; -$flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef; - -if ($flavour =~ /64/) { - $SIZE_T =8; - $LRSAVE =2*$SIZE_T; - $UCMP ="cmpld"; - $STU ="stdu"; - $POP ="ld"; - $PUSH ="std"; -} elsif ($flavour =~ /32/) { - $SIZE_T =4; - $LRSAVE =$SIZE_T; - $UCMP ="cmplw"; - $STU ="stwu"; - $POP ="lwz"; - $PUSH ="stw"; -} else { die "nonsense $flavour"; } - -$LITTLE_ENDIAN = ($flavour=~/le$/) ? 4 : 0; - -$LWXLE = $LITTLE_ENDIAN ? "lwzx" : "lwbrx"; - -$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; -( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or -( $xlate="${dir}../../perlasm/ppc-xlate.pl" and -f $xlate) or -die "can't locate ppc-xlate.pl"; - -open STDOUT,"| $^X $xlate $flavour \"$output\"" - or die "can't call $xlate: $!"; - -$LOCALS=6*$SIZE_T; -$FRAME=$LOCALS+6*8+18*8; - -my $sp="r1"; - -my ($ctx,$inp,$len,$padbit) = map("r$_",(3..6)); -my ($in0,$in1,$in2,$in3,$i1,$i2,$i3) = map("r$_",(7..12,6)); - -my ($h0lo,$h0hi,$h1lo,$h1hi,$h2lo,$h2hi,$h3lo,$h3hi, - $two0,$two32,$two64,$two96,$two130,$five_two130, - $r0lo,$r0hi,$r1lo,$r1hi,$r2lo,$r2hi, - $s2lo,$s2hi,$s3lo,$s3hi, - $c0lo,$c0hi,$c1lo,$c1hi,$c2lo,$c2hi,$c3lo,$c3hi) = map("f$_",(0..31)); -# borrowings -my ($r3lo,$r3hi,$s1lo,$s1hi) = ($c0lo,$c0hi,$c1lo,$c1hi); -my ($x0,$x1,$x2,$x3) = ($c2lo,$c2hi,$c3lo,$c3hi); -my ($y0,$y1,$y2,$y3) = ($c3lo,$c3hi,$c1lo,$c1hi); - -$code.=<<___; -.machine "any" -.text - -.globl .poly1305_init_fpu -.align 6 -.poly1305_init_fpu: - $STU $sp,-$LOCALS($sp) # minimal frame - mflr $padbit - $PUSH $padbit,`$LOCALS+$LRSAVE`($sp) - - bl LPICmeup - - xor r0,r0,r0 - mtlr $padbit # restore lr - - lfd $two0,8*0($len) # load constants - lfd $two32,8*1($len) - lfd $two64,8*2($len) - lfd $two96,8*3($len) - lfd $two130,8*4($len) - lfd $five_two130,8*5($len) - - stfd $two0,8*0($ctx) # initial hash value, biased 0 - stfd $two32,8*1($ctx) - stfd $two64,8*2($ctx) - stfd $two96,8*3($ctx) - - $UCMP $inp,r0 - beq- Lno_key - - lfd $h3lo,8*13($len) # new fpscr - mffs $h3hi # old fpscr - - stfd $two0,8*4($ctx) # key "template" - stfd $two32,8*5($ctx) - stfd $two64,8*6($ctx) - stfd $two96,8*7($ctx) - - li $in1,4 - li $in2,8 - li $in3,12 - $LWXLE $in0,0,$inp # load key - $LWXLE $in1,$in1,$inp - $LWXLE $in2,$in2,$inp - $LWXLE $in3,$in3,$inp - - lis $i1,0xf000 # 0xf0000000 - ori $i2,$i1,3 # 0xf0000003 - andc $in0,$in0,$i1 # &=0x0fffffff - andc $in1,$in1,$i2 # &=0x0ffffffc - andc $in2,$in2,$i2 - andc $in3,$in3,$i2 - - stw $in0,`8*4+(4^$LITTLE_ENDIAN)`($ctx) # fill "template" - stw $in1,`8*5+(4^$LITTLE_ENDIAN)`($ctx) - stw $in2,`8*6+(4^$LITTLE_ENDIAN)`($ctx) - stw $in3,`8*7+(4^$LITTLE_ENDIAN)`($ctx) - - mtfsf 255,$h3lo # fpscr - stfd $two0,8*18($ctx) # copy constants to context - stfd $two32,8*19($ctx) - stfd $two64,8*20($ctx) - stfd $two96,8*21($ctx) - stfd $two130,8*22($ctx) - stfd $five_two130,8*23($ctx) - - lfd $h0lo,8*4($ctx) # load [biased] key - lfd $h1lo,8*5($ctx) - lfd $h2lo,8*6($ctx) - lfd $h3lo,8*7($ctx) - - fsub $h0lo,$h0lo,$two0 # r0 - fsub $h1lo,$h1lo,$two32 # r1 - fsub $h2lo,$h2lo,$two64 # r2 - fsub $h3lo,$h3lo,$two96 # r3 - - lfd $two0,8*6($len) # more constants - lfd $two32,8*7($len) - lfd $two64,8*8($len) - lfd $two96,8*9($len) - - fmul $h1hi,$h1lo,$five_two130 # s1 - fmul $h2hi,$h2lo,$five_two130 # s2 - stfd $h3hi,8*15($ctx) # borrow slot for original fpscr - fmul $h3hi,$h3lo,$five_two130 # s3 - - fadd $h0hi,$h0lo,$two0 - stfd $h1hi,8*12($ctx) # put aside for now - fadd $h1hi,$h1lo,$two32 - stfd $h2hi,8*13($ctx) - fadd $h2hi,$h2lo,$two64 - stfd $h3hi,8*14($ctx) - fadd $h3hi,$h3lo,$two96 - - fsub $h0hi,$h0hi,$two0 - fsub $h1hi,$h1hi,$two32 - fsub $h2hi,$h2hi,$two64 - fsub $h3hi,$h3hi,$two96 - - lfd $two0,8*10($len) # more constants - lfd $two32,8*11($len) - lfd $two64,8*12($len) - - fsub $h0lo,$h0lo,$h0hi - fsub $h1lo,$h1lo,$h1hi - fsub $h2lo,$h2lo,$h2hi - fsub $h3lo,$h3lo,$h3hi - - stfd $h0hi,8*5($ctx) # r0hi - stfd $h1hi,8*7($ctx) # r1hi - stfd $h2hi,8*9($ctx) # r2hi - stfd $h3hi,8*11($ctx) # r3hi - - stfd $h0lo,8*4($ctx) # r0lo - stfd $h1lo,8*6($ctx) # r1lo - stfd $h2lo,8*8($ctx) # r2lo - stfd $h3lo,8*10($ctx) # r3lo - - lfd $h1lo,8*12($ctx) # s1 - lfd $h2lo,8*13($ctx) # s2 - lfd $h3lo,8*14($ctx) # s3 - lfd $h0lo,8*15($ctx) # pull original fpscr - - fadd $h1hi,$h1lo,$two0 - fadd $h2hi,$h2lo,$two32 - fadd $h3hi,$h3lo,$two64 - - fsub $h1hi,$h1hi,$two0 - fsub $h2hi,$h2hi,$two32 - fsub $h3hi,$h3hi,$two64 - - fsub $h1lo,$h1lo,$h1hi - fsub $h2lo,$h2lo,$h2hi - fsub $h3lo,$h3lo,$h3hi - - stfd $h1hi,8*13($ctx) # s1hi - stfd $h2hi,8*15($ctx) # s2hi - stfd $h3hi,8*17($ctx) # s3hi - - stfd $h1lo,8*12($ctx) # s1lo - stfd $h2lo,8*14($ctx) # s2lo - stfd $h3lo,8*16($ctx) # s3lo - - mtfsf 255,$h0lo # restore fpscr -Lno_key: - xor r3,r3,r3 - addi $sp,$sp,$LOCALS - blr - .long 0 - .byte 0,12,4,1,0x80,0,2,0 -.size .poly1305_init_fpu,.-.poly1305_init_fpu - -.globl .poly1305_blocks_fpu -.align 4 -.poly1305_blocks_fpu: - srwi. $len,$len,4 - beq- Labort - - $STU $sp,-$FRAME($sp) - mflr r0 - stfd f14,`$FRAME-8*18`($sp) - stfd f15,`$FRAME-8*17`($sp) - stfd f16,`$FRAME-8*16`($sp) - stfd f17,`$FRAME-8*15`($sp) - stfd f18,`$FRAME-8*14`($sp) - stfd f19,`$FRAME-8*13`($sp) - stfd f20,`$FRAME-8*12`($sp) - stfd f21,`$FRAME-8*11`($sp) - stfd f22,`$FRAME-8*10`($sp) - stfd f23,`$FRAME-8*9`($sp) - stfd f24,`$FRAME-8*8`($sp) - stfd f25,`$FRAME-8*7`($sp) - stfd f26,`$FRAME-8*6`($sp) - stfd f27,`$FRAME-8*5`($sp) - stfd f28,`$FRAME-8*4`($sp) - stfd f29,`$FRAME-8*3`($sp) - stfd f30,`$FRAME-8*2`($sp) - stfd f31,`$FRAME-8*1`($sp) - $PUSH r0,`$FRAME+$LRSAVE`($sp) - - xor r0,r0,r0 - li $in3,1 - mtctr $len - neg $len,$len - stw r0,`$LOCALS+8*4+(0^$LITTLE_ENDIAN)`($sp) - stw $in3,`$LOCALS+8*4+(4^$LITTLE_ENDIAN)`($sp) - - lfd $two0,8*18($ctx) # load constants - lfd $two32,8*19($ctx) - lfd $two64,8*20($ctx) - lfd $two96,8*21($ctx) - lfd $two130,8*22($ctx) - lfd $five_two130,8*23($ctx) - - lfd $h0lo,8*0($ctx) # load [biased] hash value - lfd $h1lo,8*1($ctx) - lfd $h2lo,8*2($ctx) - lfd $h3lo,8*3($ctx) - - stfd $two0,`$LOCALS+8*0`($sp) # input "template" - oris $in3,$padbit,`(1023+52+96)<<4` - stfd $two32,`$LOCALS+8*1`($sp) - stfd $two64,`$LOCALS+8*2`($sp) - stw $in3,`$LOCALS+8*3+(0^$LITTLE_ENDIAN)`($sp) - - li $i1,4 - li $i2,8 - li $i3,12 - $LWXLE $in0,0,$inp # load input - $LWXLE $in1,$i1,$inp - $LWXLE $in2,$i2,$inp - $LWXLE $in3,$i3,$inp - addi $inp,$inp,16 - - stw $in0,`$LOCALS+8*0+(4^$LITTLE_ENDIAN)`($sp) # fill "template" - stw $in1,`$LOCALS+8*1+(4^$LITTLE_ENDIAN)`($sp) - stw $in2,`$LOCALS+8*2+(4^$LITTLE_ENDIAN)`($sp) - stw $in3,`$LOCALS+8*3+(4^$LITTLE_ENDIAN)`($sp) - - mffs $x0 # original fpscr - lfd $x1,`$LOCALS+8*4`($sp) # new fpscr - lfd $r0lo,8*4($ctx) # load key - lfd $r0hi,8*5($ctx) - lfd $r1lo,8*6($ctx) - lfd $r1hi,8*7($ctx) - lfd $r2lo,8*8($ctx) - lfd $r2hi,8*9($ctx) - lfd $r3lo,8*10($ctx) - lfd $r3hi,8*11($ctx) - lfd $s1lo,8*12($ctx) - lfd $s1hi,8*13($ctx) - lfd $s2lo,8*14($ctx) - lfd $s2hi,8*15($ctx) - lfd $s3lo,8*16($ctx) - lfd $s3hi,8*17($ctx) - - stfd $x0,`$LOCALS+8*4`($sp) # save original fpscr - mtfsf 255,$x1 - - addic $len,$len,1 - addze r0,r0 - slwi. r0,r0,4 - sub $inp,$inp,r0 # conditional rewind - - lfd $x0,`$LOCALS+8*0`($sp) - lfd $x1,`$LOCALS+8*1`($sp) - lfd $x2,`$LOCALS+8*2`($sp) - lfd $x3,`$LOCALS+8*3`($sp) - - fsub $h0lo,$h0lo,$two0 # de-bias hash value - $LWXLE $in0,0,$inp # modulo-scheduled input load - fsub $h1lo,$h1lo,$two32 - $LWXLE $in1,$i1,$inp - fsub $h2lo,$h2lo,$two64 - $LWXLE $in2,$i2,$inp - fsub $h3lo,$h3lo,$two96 - $LWXLE $in3,$i3,$inp - - fsub $x0,$x0,$two0 # de-bias input - addi $inp,$inp,16 - fsub $x1,$x1,$two32 - fsub $x2,$x2,$two64 - fsub $x3,$x3,$two96 - - fadd $x0,$x0,$h0lo # accumulate input - stw $in0,`$LOCALS+8*0+(4^$LITTLE_ENDIAN)`($sp) - fadd $x1,$x1,$h1lo - stw $in1,`$LOCALS+8*1+(4^$LITTLE_ENDIAN)`($sp) - fadd $x2,$x2,$h2lo - stw $in2,`$LOCALS+8*2+(4^$LITTLE_ENDIAN)`($sp) - fadd $x3,$x3,$h3lo - stw $in3,`$LOCALS+8*3+(4^$LITTLE_ENDIAN)`($sp) - - b Lentry - -.align 4 -Loop: - fsub $y0,$y0,$two0 # de-bias input - addic $len,$len,1 - fsub $y1,$y1,$two32 - addze r0,r0 - fsub $y2,$y2,$two64 - slwi. r0,r0,4 - fsub $y3,$y3,$two96 - sub $inp,$inp,r0 # conditional rewind - - fadd $h0lo,$h0lo,$y0 # accumulate input - fadd $h0hi,$h0hi,$y1 - fadd $h2lo,$h2lo,$y2 - fadd $h2hi,$h2hi,$y3 - - ######################################### base 2^48 -> base 2^32 - fadd $c1lo,$h1lo,$two64 - $LWXLE $in0,0,$inp # modulo-scheduled input load - fadd $c1hi,$h1hi,$two64 - $LWXLE $in1,$i1,$inp - fadd $c3lo,$h3lo,$two130 - $LWXLE $in2,$i2,$inp - fadd $c3hi,$h3hi,$two130 - $LWXLE $in3,$i3,$inp - fadd $c0lo,$h0lo,$two32 - addi $inp,$inp,16 - fadd $c0hi,$h0hi,$two32 - fadd $c2lo,$h2lo,$two96 - fadd $c2hi,$h2hi,$two96 - - fsub $c1lo,$c1lo,$two64 - stw $in0,`$LOCALS+8*0+(4^$LITTLE_ENDIAN)`($sp) # fill "template" - fsub $c1hi,$c1hi,$two64 - stw $in1,`$LOCALS+8*1+(4^$LITTLE_ENDIAN)`($sp) - fsub $c3lo,$c3lo,$two130 - stw $in2,`$LOCALS+8*2+(4^$LITTLE_ENDIAN)`($sp) - fsub $c3hi,$c3hi,$two130 - stw $in3,`$LOCALS+8*3+(4^$LITTLE_ENDIAN)`($sp) - fsub $c0lo,$c0lo,$two32 - fsub $c0hi,$c0hi,$two32 - fsub $c2lo,$c2lo,$two96 - fsub $c2hi,$c2hi,$two96 - - fsub $h1lo,$h1lo,$c1lo - fsub $h1hi,$h1hi,$c1hi - fsub $h3lo,$h3lo,$c3lo - fsub $h3hi,$h3hi,$c3hi - fsub $h2lo,$h2lo,$c2lo - fsub $h2hi,$h2hi,$c2hi - fsub $h0lo,$h0lo,$c0lo - fsub $h0hi,$h0hi,$c0hi - - fadd $h1lo,$h1lo,$c0lo - fadd $h1hi,$h1hi,$c0hi - fadd $h3lo,$h3lo,$c2lo - fadd $h3hi,$h3hi,$c2hi - fadd $h2lo,$h2lo,$c1lo - fadd $h2hi,$h2hi,$c1hi - fmadd $h0lo,$c3lo,$five_two130,$h0lo - fmadd $h0hi,$c3hi,$five_two130,$h0hi - - fadd $x1,$h1lo,$h1hi - lfd $s1lo,8*12($ctx) # reload constants - fadd $x3,$h3lo,$h3hi - lfd $s1hi,8*13($ctx) - fadd $x2,$h2lo,$h2hi - lfd $r3lo,8*10($ctx) - fadd $x0,$h0lo,$h0hi - lfd $r3hi,8*11($ctx) -Lentry: - fmul $h0lo,$s3lo,$x1 - fmul $h0hi,$s3hi,$x1 - fmul $h2lo,$r1lo,$x1 - fmul $h2hi,$r1hi,$x1 - fmul $h1lo,$r0lo,$x1 - fmul $h1hi,$r0hi,$x1 - fmul $h3lo,$r2lo,$x1 - fmul $h3hi,$r2hi,$x1 - - fmadd $h0lo,$s1lo,$x3,$h0lo - fmadd $h0hi,$s1hi,$x3,$h0hi - fmadd $h2lo,$s3lo,$x3,$h2lo - fmadd $h2hi,$s3hi,$x3,$h2hi - fmadd $h1lo,$s2lo,$x3,$h1lo - fmadd $h1hi,$s2hi,$x3,$h1hi - fmadd $h3lo,$r0lo,$x3,$h3lo - fmadd $h3hi,$r0hi,$x3,$h3hi - - fmadd $h0lo,$s2lo,$x2,$h0lo - fmadd $h0hi,$s2hi,$x2,$h0hi - fmadd $h2lo,$r0lo,$x2,$h2lo - fmadd $h2hi,$r0hi,$x2,$h2hi - fmadd $h1lo,$s3lo,$x2,$h1lo - fmadd $h1hi,$s3hi,$x2,$h1hi - fmadd $h3lo,$r1lo,$x2,$h3lo - fmadd $h3hi,$r1hi,$x2,$h3hi - - fmadd $h0lo,$r0lo,$x0,$h0lo - lfd $y0,`$LOCALS+8*0`($sp) # load [biased] input - fmadd $h0hi,$r0hi,$x0,$h0hi - lfd $y1,`$LOCALS+8*1`($sp) - fmadd $h2lo,$r2lo,$x0,$h2lo - lfd $y2,`$LOCALS+8*2`($sp) - fmadd $h2hi,$r2hi,$x0,$h2hi - lfd $y3,`$LOCALS+8*3`($sp) - fmadd $h1lo,$r1lo,$x0,$h1lo - fmadd $h1hi,$r1hi,$x0,$h1hi - fmadd $h3lo,$r3lo,$x0,$h3lo - fmadd $h3hi,$r3hi,$x0,$h3hi - - bdnz Loop - - ######################################### base 2^48 -> base 2^32 - fadd $c0lo,$h0lo,$two32 - fadd $c0hi,$h0hi,$two32 - fadd $c2lo,$h2lo,$two96 - fadd $c2hi,$h2hi,$two96 - fadd $c1lo,$h1lo,$two64 - fadd $c1hi,$h1hi,$two64 - fadd $c3lo,$h3lo,$two130 - fadd $c3hi,$h3hi,$two130 - - fsub $c0lo,$c0lo,$two32 - fsub $c0hi,$c0hi,$two32 - fsub $c2lo,$c2lo,$two96 - fsub $c2hi,$c2hi,$two96 - fsub $c1lo,$c1lo,$two64 - fsub $c1hi,$c1hi,$two64 - fsub $c3lo,$c3lo,$two130 - fsub $c3hi,$c3hi,$two130 - - fsub $h1lo,$h1lo,$c1lo - fsub $h1hi,$h1hi,$c1hi - fsub $h3lo,$h3lo,$c3lo - fsub $h3hi,$h3hi,$c3hi - fsub $h2lo,$h2lo,$c2lo - fsub $h2hi,$h2hi,$c2hi - fsub $h0lo,$h0lo,$c0lo - fsub $h0hi,$h0hi,$c0hi - - fadd $h1lo,$h1lo,$c0lo - fadd $h1hi,$h1hi,$c0hi - fadd $h3lo,$h3lo,$c2lo - fadd $h3hi,$h3hi,$c2hi - fadd $h2lo,$h2lo,$c1lo - fadd $h2hi,$h2hi,$c1hi - fmadd $h0lo,$c3lo,$five_two130,$h0lo - fmadd $h0hi,$c3hi,$five_two130,$h0hi - - fadd $x1,$h1lo,$h1hi - fadd $x3,$h3lo,$h3hi - fadd $x2,$h2lo,$h2hi - fadd $x0,$h0lo,$h0hi - - lfd $h0lo,`$LOCALS+8*4`($sp) # pull saved fpscr - fadd $x1,$x1,$two32 # bias - fadd $x3,$x3,$two96 - fadd $x2,$x2,$two64 - fadd $x0,$x0,$two0 - - stfd $x1,8*1($ctx) # store [biased] hash value - stfd $x3,8*3($ctx) - stfd $x2,8*2($ctx) - stfd $x0,8*0($ctx) - - mtfsf 255,$h0lo # restore original fpscr - lfd f14,`$FRAME-8*18`($sp) - lfd f15,`$FRAME-8*17`($sp) - lfd f16,`$FRAME-8*16`($sp) - lfd f17,`$FRAME-8*15`($sp) - lfd f18,`$FRAME-8*14`($sp) - lfd f19,`$FRAME-8*13`($sp) - lfd f20,`$FRAME-8*12`($sp) - lfd f21,`$FRAME-8*11`($sp) - lfd f22,`$FRAME-8*10`($sp) - lfd f23,`$FRAME-8*9`($sp) - lfd f24,`$FRAME-8*8`($sp) - lfd f25,`$FRAME-8*7`($sp) - lfd f26,`$FRAME-8*6`($sp) - lfd f27,`$FRAME-8*5`($sp) - lfd f28,`$FRAME-8*4`($sp) - lfd f29,`$FRAME-8*3`($sp) - lfd f30,`$FRAME-8*2`($sp) - lfd f31,`$FRAME-8*1`($sp) - addi $sp,$sp,$FRAME -Labort: - blr - .long 0 - .byte 0,12,4,1,0x80,0,4,0 -.size .poly1305_blocks_fpu,.-.poly1305_blocks_fpu -___ -{ -my ($mac,$nonce)=($inp,$len); - -my ($h0,$h1,$h2,$h3,$h4, $d0,$d1,$d2,$d3 - ) = map("r$_",(7..11,28..31)); -my $mask = "r0"; -my $FRAME = (6+4)*$SIZE_T; - -$code.=<<___; -.globl .poly1305_emit_fpu -.align 4 -.poly1305_emit_fpu: - $STU $sp,-$FRAME($sp) - mflr r0 - $PUSH r28,`$FRAME-$SIZE_T*4`($sp) - $PUSH r29,`$FRAME-$SIZE_T*3`($sp) - $PUSH r30,`$FRAME-$SIZE_T*2`($sp) - $PUSH r31,`$FRAME-$SIZE_T*1`($sp) - $PUSH r0,`$FRAME+$LRSAVE`($sp) - - lwz $d0,`8*0+(0^$LITTLE_ENDIAN)`($ctx) # load hash - lwz $h0,`8*0+(4^$LITTLE_ENDIAN)`($ctx) - lwz $d1,`8*1+(0^$LITTLE_ENDIAN)`($ctx) - lwz $h1,`8*1+(4^$LITTLE_ENDIAN)`($ctx) - lwz $d2,`8*2+(0^$LITTLE_ENDIAN)`($ctx) - lwz $h2,`8*2+(4^$LITTLE_ENDIAN)`($ctx) - lwz $d3,`8*3+(0^$LITTLE_ENDIAN)`($ctx) - lwz $h3,`8*3+(4^$LITTLE_ENDIAN)`($ctx) - - lis $mask,0xfff0 - andc $d0,$d0,$mask # mask exponent - andc $d1,$d1,$mask - andc $d2,$d2,$mask - andc $d3,$d3,$mask # can be partially reduced... - li $mask,3 - - srwi $padbit,$d3,2 # ... so reduce - and $h4,$d3,$mask - andc $d3,$d3,$mask - add $d3,$d3,$padbit -___ - if ($SIZE_T==4) { -$code.=<<___; - addc $h0,$h0,$d3 - adde $h1,$h1,$d0 - adde $h2,$h2,$d1 - adde $h3,$h3,$d2 - addze $h4,$h4 - - addic $d0,$h0,5 # compare to modulus - addze $d1,$h1 - addze $d2,$h2 - addze $d3,$h3 - addze $mask,$h4 - - srwi $mask,$mask,2 # did it carry/borrow? - neg $mask,$mask - srawi $mask,$mask,31 # mask - - andc $h0,$h0,$mask - and $d0,$d0,$mask - andc $h1,$h1,$mask - and $d1,$d1,$mask - or $h0,$h0,$d0 - lwz $d0,0($nonce) # load nonce - andc $h2,$h2,$mask - and $d2,$d2,$mask - or $h1,$h1,$d1 - lwz $d1,4($nonce) - andc $h3,$h3,$mask - and $d3,$d3,$mask - or $h2,$h2,$d2 - lwz $d2,8($nonce) - or $h3,$h3,$d3 - lwz $d3,12($nonce) - - addc $h0,$h0,$d0 # accumulate nonce - adde $h1,$h1,$d1 - adde $h2,$h2,$d2 - adde $h3,$h3,$d3 -___ - } else { -$code.=<<___; - add $h0,$h0,$d3 - add $h1,$h1,$d0 - add $h2,$h2,$d1 - add $h3,$h3,$d2 - - srdi $d0,$h0,32 - add $h1,$h1,$d0 - srdi $d1,$h1,32 - add $h2,$h2,$d1 - srdi $d2,$h2,32 - add $h3,$h3,$d2 - srdi $d3,$h3,32 - add $h4,$h4,$d3 - - insrdi $h0,$h1,32,0 - insrdi $h2,$h3,32,0 - - addic $d0,$h0,5 # compare to modulus - addze $d1,$h2 - addze $d2,$h4 - - srdi $mask,$d2,2 # did it carry/borrow? - neg $mask,$mask - sradi $mask,$mask,63 # mask - ld $d2,0($nonce) # load nonce - ld $d3,8($nonce) - - andc $h0,$h0,$mask - and $d0,$d0,$mask - andc $h2,$h2,$mask - and $d1,$d1,$mask - or $h0,$h0,$d0 - or $h2,$h2,$d1 -___ -$code.=<<___ if (!$LITTLE_ENDIAN); - rotldi $d2,$d2,32 # flip nonce words - rotldi $d3,$d3,32 -___ -$code.=<<___; - addc $h0,$h0,$d2 # accumulate nonce - adde $h2,$h2,$d3 - - srdi $h1,$h0,32 - srdi $h3,$h2,32 -___ - } -$code.=<<___ if ($LITTLE_ENDIAN); - stw $h0,0($mac) # write result - stw $h1,4($mac) - stw $h2,8($mac) - stw $h3,12($mac) -___ -$code.=<<___ if (!$LITTLE_ENDIAN); - li $d1,4 - stwbrx $h0,0,$mac # write result - li $d2,8 - stwbrx $h1,$d1,$mac - li $d3,12 - stwbrx $h2,$d2,$mac - stwbrx $h3,$d3,$mac -___ -$code.=<<___; - $POP r28,`$FRAME-$SIZE_T*4`($sp) - $POP r29,`$FRAME-$SIZE_T*3`($sp) - $POP r30,`$FRAME-$SIZE_T*2`($sp) - $POP r31,`$FRAME-$SIZE_T*1`($sp) - addi $sp,$sp,$FRAME - blr - .long 0 - .byte 0,12,4,1,0x80,4,3,0 -.size .poly1305_emit_fpu,.-.poly1305_emit_fpu -___ -} -# Ugly hack here, because PPC assembler syntax seem to vary too -# much from platforms to platform... -$code.=<<___; -.align 6 -LPICmeup: - mflr r0 - bcl 20,31,\$+4 - mflr $len # vvvvvv "distance" between . and 1st data entry - addi $len,$len,`64-8` # borrow $len - mtlr r0 - blr - .long 0 - .byte 0,12,0x14,0,0,0,0,0 - .space `64-9*4` - -.quad 0x4330000000000000 # 2^(52+0) -.quad 0x4530000000000000 # 2^(52+32) -.quad 0x4730000000000000 # 2^(52+64) -.quad 0x4930000000000000 # 2^(52+96) -.quad 0x4b50000000000000 # 2^(52+130) - -.quad 0x37f4000000000000 # 5/2^130 - -.quad 0x4430000000000000 # 2^(52+16+0) -.quad 0x4630000000000000 # 2^(52+16+32) -.quad 0x4830000000000000 # 2^(52+16+64) -.quad 0x4a30000000000000 # 2^(52+16+96) -.quad 0x3e30000000000000 # 2^(52+16+0-96) -.quad 0x4030000000000000 # 2^(52+16+32-96) -.quad 0x4230000000000000 # 2^(52+16+64-96) - -.quad 0x0000000000000001 # fpscr: truncate, no exceptions -.asciz "Poly1305 for PPC FPU, CRYPTOGAMS by " -.align 4 -___ - -$code =~ s/\`([^\`]*)\`/eval $1/gem; -print $code; -close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/poly1305/asm/poly1305-s390x.pl b/crypto/poly1305/asm/poly1305-s390x.pl deleted file mode 100755 index 4a93064ff663343beffc575e2414372d9a609ec8..0000000000000000000000000000000000000000 --- a/crypto/poly1305/asm/poly1305-s390x.pl +++ /dev/null @@ -1,984 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - -# -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# ==================================================================== -# -# This module implements Poly1305 hash for s390x. -# -# June 2015 -# -# ~6.6/2.3 cpb on z10/z196+, >2x improvement over compiler-generated -# code. For older compiler improvement coefficient is >3x, because -# then base 2^64 and base 2^32 implementations are compared. -# -# On side note, z13 enables vector base 2^26 implementation... - -# -# January 2019 -# -# Add vx code path (base 2^26). -# -# Copyright IBM Corp. 2019 -# Author: Patrick Steuer - -# -# January 2019 -# -# Add vector base 2^26 implementation. It's problematic to accurately -# measure performance, because reference system is hardly idle. But -# it's sub-cycle, i.e. less than 1 cycle per processed byte, and it's -# >=20% faster than IBM's submission on long inputs, and much faster on -# short ones, because calculation of key powers is postponed till we -# know that input is long enough to justify the additional overhead. - -use strict; -use FindBin qw($Bin); -use lib "$Bin/../.."; -use perlasm::s390x qw(:DEFAULT :GE :EI :MI1 :VX AUTOLOAD LABEL INCLUDE); - -# $output is the last argument if it looks like a file (it has an extension) -# $flavour is the first argument if it doesn't look like a file -my $output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; -my $flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef; - -my ($z,$SIZE_T); -if ($flavour =~ /3[12]/) { - $z=0; # S/390 ABI - $SIZE_T=4; -} else { - $z=1; # zSeries ABI - $SIZE_T=8; -} - -my $stdframe=16*$SIZE_T+4*8; -my $sp="%r15"; - -my ($ctx,$inp,$len,$padbit) = map("%r$_",(2..5)); - -PERLASM_BEGIN($output); - -INCLUDE ("s390x_arch.h"); -TEXT (); - -################ -# static void poly1305_init(void *ctx, const unsigned char key[16]) -{ -GLOBL ("poly1305_init"); -TYPE ("poly1305_init","\@function"); -ALIGN (16); -LABEL ("poly1305_init"); - lghi ("%r0",0); - lghi ("%r1",-1); - stg ("%r0","0($ctx)"); # zero hash value - stg ("%r0","8($ctx)"); - stg ("%r0","16($ctx)"); - st ("%r0","24($ctx)"); # clear is_base2_26 - lgr ("%r5",$ctx); # reassign $ctx - lghi ("%r2",0); - -&{$z? \&clgr:\&clr} ($inp,"%r0"); - je (".Lno_key"); - - lrvg ("%r2","0($inp)"); # load little-endian key - lrvg ("%r3","8($inp)"); - - nihl ("%r1",0xffc0); # 0xffffffc0ffffffff - srlg ("%r0","%r1",4); # 0x0ffffffc0fffffff - srlg ("%r1","%r1",4); - nill ("%r1",0xfffc); # 0x0ffffffc0ffffffc - - ngr ("%r2","%r0"); - ngr ("%r3","%r1"); - - stmg ("%r2","%r3","32(%r5)"); - - larl ("%r1","OPENSSL_s390xcap_P"); - lg ("%r0","16(%r1)"); - srlg ("%r0","%r0",62); - nill ("%r0",1); # extract vx bit - lcgr ("%r0","%r0"); - larl ("%r1",".Lpoly1305_blocks"); - larl ("%r2",".Lpoly1305_blocks_vx"); - larl ("%r3",".Lpoly1305_emit"); -&{$z? \&xgr:\&xr} ("%r2","%r1"); # select between scalar and vector -&{$z? \&ngr:\&nr} ("%r2","%r0"); -&{$z? \&xgr:\&xr} ("%r2","%r1"); -&{$z? \&stmg:\&stm} ("%r2","%r3","0(%r4)"); - lghi ("%r2",1); -LABEL (".Lno_key"); - br ("%r14"); -SIZE ("poly1305_init",".-poly1305_init"); -} - -################ -# static void poly1305_blocks(void *ctx, const unsigned char *inp, -# size_t len, u32 padbit) -{ -my ($d0hi,$d0lo,$d1hi,$d1lo,$t0,$h0,$t1,$h1,$h2) = map("%r$_",(6..14)); -my ($r0,$r1,$s1) = map("%r$_",(0..2)); - -GLOBL ("poly1305_blocks"); -TYPE ("poly1305_blocks","\@function"); -ALIGN (16); -LABEL ("poly1305_blocks"); -LABEL (".Lpoly1305_blocks"); -&{$z? \<gr:\<r} ("%r0",$len); - jz (".Lno_data"); - -&{$z? \&stmg:\&stm} ("%r6","%r14","6*$SIZE_T($sp)"); - - lg ($h0,"0($ctx)"); # load hash value - lg ($h1,"8($ctx)"); - lg ($h2,"16($ctx)"); - -LABEL (".Lpoly1305_blocks_entry"); -if ($z) { - srlg ($len,$len,4); -} else { - srl ($len,4); -} - llgfr ($padbit,$padbit); # clear upper half, much needed with - # non-64-bit ABI - lg ($r0,"32($ctx)"); # load key - lg ($r1,"40($ctx)"); - -&{$z? \&stg:\&st} ($ctx,"2*$SIZE_T($sp)"); # off-load $ctx - srlg ($s1,$r1,2); - algr ($s1,$r1); # s1 = r1 + r1>>2 - j (".Loop"); - -ALIGN (16); -LABEL (".Loop"); - lrvg ($d0lo,"0($inp)"); # load little-endian input - lrvg ($d1lo,"8($inp)"); - la ($inp,"16($inp)"); - - algr ($d0lo,$h0); # accumulate input - alcgr ($d1lo,$h1); - alcgr ($h2,$padbit); - - lgr ($h0,$d0lo); - mlgr ($d0hi,$r0); # h0*r0 -> $d0hi:$d0lo - lgr ($h1,$d1lo); - mlgr ($d1hi,$s1); # h1*5*r1 -> $d1hi:$d1lo - - mlgr ($t0,$r1); # h0*r1 -> $t0:$h0 - mlgr ($t1,$r0); # h1*r0 -> $t1:$h1 - - algr ($d0lo,$d1lo); - lgr ($d1lo,$h2); - alcgr ($d0hi,$d1hi); - lghi ($d1hi,0); - - algr ($h1,$h0); - alcgr ($t1,$t0); - - msgr ($d1lo,$s1); # h2*s1 - msgr ($h2,$r0); # h2*r0 - - algr ($h1,$d1lo); - alcgr ($t1,$d1hi); # $d1hi is zero - - algr ($h1,$d0hi); - alcgr ($h2,$t1); - - lghi ($h0,-4); # final reduction step - ngr ($h0,$h2); - srlg ($t0,$h2,2); - algr ($h0,$t0); - lghi ($t1,3); - ngr ($h2,$t1); - - algr ($h0,$d0lo); - alcgr ($h1,$d1hi); # $d1hi is still zero - alcgr ($h2,$d1hi); # $d1hi is still zero - -&{$z? \&brctg:\&brct} ($len,".Loop"); - -&{$z? \&lg:\&l} ($ctx,"2*$SIZE_T($sp)");# restore $ctx - - stg ($h0,"0($ctx)"); # store hash value - stg ($h1,"8($ctx)"); - stg ($h2,"16($ctx)"); - -&{$z? \&lmg:\&lm} ("%r6","%r14","6*$SIZE_T($sp)"); -LABEL (".Lno_data"); - br ("%r14"); -SIZE ("poly1305_blocks",".-poly1305_blocks"); -} - -################ -# static void poly1305_blocks_vx(void *ctx, const unsigned char *inp, -# size_t len, u32 padbit) -{ -my ($H0, $H1, $H2, $H3, $H4) = map("%v$_",(0..4)); -my ($I0, $I1, $I2, $I3, $I4) = map("%v$_",(5..9)); -my ($R0, $R1, $S1, $R2, $S2) = map("%v$_",(10..14)); -my ($R3, $S3, $R4, $S4) = map("%v$_",(15..18)); -my ($ACC0, $ACC1, $ACC2, $ACC3, $ACC4) = map("%v$_",(19..23)); -my ($T1, $T2, $T3, $T4) = map("%v$_",(24..27)); -my ($mask26,$bswaplo,$bswaphi,$bswapmi) = map("%v$_",(28..31)); - -my ($d2,$d0,$h0,$d1,$h1,$h2)=map("%r$_",(9..14)); - -TYPE ("poly1305_blocks_vx","\@function"); -ALIGN (16); -LABEL ("poly1305_blocks_vx"); -LABEL (".Lpoly1305_blocks_vx"); -&{$z? \&clgfi:\&clfi} ($len,128); - jhe ("__poly1305_blocks_vx"); - -&{$z? \&stmg:\&stm} ("%r6","%r14","6*$SIZE_T($sp)"); - - lg ($d0,"0($ctx)"); - lg ($d1,"8($ctx)"); - lg ($d2,"16($ctx)"); - - llgfr ("%r0",$d0); # base 2^26 -> base 2^64 - srlg ($h0,$d0,32); - llgfr ("%r1",$d1); - srlg ($h1,$d1,32); - srlg ($h2,$d2,32); - - sllg ("%r0","%r0",26); - algr ($h0,"%r0"); - sllg ("%r0",$h1,52); - srlg ($h1,$h1,12); - sllg ("%r1","%r1",14); - algr ($h0,"%r0"); - alcgr ($h1,"%r1"); - sllg ("%r0",$h2,40); - srlg ($h2,$h2,24); - lghi ("%r1",0); - algr ($h1,"%r0"); - alcgr ($h2,"%r1"); - - llgf ("%r0","24($ctx)"); # is_base2_26 - lcgr ("%r0","%r0"); - - xgr ($h0,$d0); # choose between radixes - xgr ($h1,$d1); - xgr ($h2,$d2); - ngr ($h0,"%r0"); - ngr ($h1,"%r0"); - ngr ($h2,"%r0"); - xgr ($h0,$d0); - xgr ($h1,$d1); - xgr ($h2,$d2); - - lhi ("%r0",0); - st ("%r0","24($ctx)"); # clear is_base2_26 - - j (".Lpoly1305_blocks_entry"); -SIZE ("poly1305_blocks_vx",".-poly1305_blocks_vx"); - -TYPE ("__poly1305_mul","\@function"); -ALIGN (16); -LABEL ("__poly1305_mul"); - vmlof ($ACC0,$H0,$R0); - vmlof ($ACC1,$H0,$R1); - vmlof ($ACC2,$H0,$R2); - vmlof ($ACC3,$H0,$R3); - vmlof ($ACC4,$H0,$R4); - - vmalof ($ACC0,$H1,$S4,$ACC0); - vmalof ($ACC1,$H1,$R0,$ACC1); - vmalof ($ACC2,$H1,$R1,$ACC2); - vmalof ($ACC3,$H1,$R2,$ACC3); - vmalof ($ACC4,$H1,$R3,$ACC4); - - vmalof ($ACC0,$H2,$S3,$ACC0); - vmalof ($ACC1,$H2,$S4,$ACC1); - vmalof ($ACC2,$H2,$R0,$ACC2); - vmalof ($ACC3,$H2,$R1,$ACC3); - vmalof ($ACC4,$H2,$R2,$ACC4); - - vmalof ($ACC0,$H3,$S2,$ACC0); - vmalof ($ACC1,$H3,$S3,$ACC1); - vmalof ($ACC2,$H3,$S4,$ACC2); - vmalof ($ACC3,$H3,$R0,$ACC3); - vmalof ($ACC4,$H3,$R1,$ACC4); - - vmalof ($ACC0,$H4,$S1,$ACC0); - vmalof ($ACC1,$H4,$S2,$ACC1); - vmalof ($ACC2,$H4,$S3,$ACC2); - vmalof ($ACC3,$H4,$S4,$ACC3); - vmalof ($ACC4,$H4,$R0,$ACC4); - - ################################################################ - # lazy reduction - - vesrlg ($H4,$ACC3,26); - vesrlg ($H1,$ACC0,26); - vn ($H3,$ACC3,$mask26); - vn ($H0,$ACC0,$mask26); - vag ($H4,$H4,$ACC4); # h3 -> h4 - vag ($H1,$H1,$ACC1); # h0 -> h1 - - vesrlg ($ACC4,$H4,26); - vesrlg ($ACC1,$H1,26); - vn ($H4,$H4,$mask26); - vn ($H1,$H1,$mask26); - vag ($H0,$H0,$ACC4); - vag ($H2,$ACC2,$ACC1); # h1 -> h2 - - veslg ($ACC4,$ACC4,2); # <<2 - vesrlg ($ACC2,$H2,26); - vn ($H2,$H2,$mask26); - vag ($H0,$H0,$ACC4); # h4 -> h0 - vag ($H3,$H3,$ACC2); # h2 -> h3 - - vesrlg ($ACC0,$H0,26); - vesrlg ($ACC3,$H3,26); - vn ($H0,$H0,$mask26); - vn ($H3,$H3,$mask26); - vag ($H1,$H1,$ACC0); # h0 -> h1 - vag ($H4,$H4,$ACC3); # h3 -> h4 - br ("%r14"); -SIZE ("__poly1305_mul",".-__poly1305_mul"); - -TYPE ("__poly1305_blocks_vx","\@function"); -ALIGN (16); -LABEL ("__poly1305_blocks_vx"); -&{$z? \&lgr:\&lr} ("%r0",$sp); -&{$z? \&stmg:\&stm} ("%r10","%r15","10*$SIZE_T($sp)"); -if (!$z) { - std ("%f4","16*$SIZE_T+2*8($sp)"); - std ("%f6","16*$SIZE_T+3*8($sp)"); - ahi ($sp,-$stdframe); - st ("%r0","0($sp)"); # back-chain - - llgfr ($len,$len); # so that srlg works on $len -} else { - aghi ($sp,"-($stdframe+8*8)"); - stg ("%r0","0($sp)"); # back-chain - - std ("%f8","$stdframe+0*8($sp)"); - std ("%f9","$stdframe+1*8($sp)"); - std ("%f10","$stdframe+2*8($sp)"); - std ("%f11","$stdframe+3*8($sp)"); - std ("%f12","$stdframe+4*8($sp)"); - std ("%f13","$stdframe+5*8($sp)"); - std ("%f14","$stdframe+6*8($sp)"); - std ("%f15","$stdframe+7*8($sp)"); -} - larl ("%r1",".Lconst"); - vgmg ($mask26,38,63); - vlm ($bswaplo,$bswapmi,"16(%r1)"); - - < ("%r0","24($ctx)"); # is_base2_26? - jnz (".Lskip_init"); - - lg ($h0,"32($ctx)"); # load key base 2^64 - lg ($h1,"40($ctx)"); - - risbg ($d0,$h0,38,0x80+63,38); # base 2^64 -> 2^26 - srlg ($d1,$h0,52); - risbg ($h0,$h0,38,0x80+63,0); - vlvgg ($R0,$h0,0); - risbg ($d1,$h1,38,51,12); - vlvgg ($R1,$d0,0); - risbg ($d0,$h1,38,63,50); - vlvgg ($R2,$d1,0); - srlg ($d1,$h1,40); - vlvgg ($R3,$d0,0); - vlvgg ($R4,$d1,0); - - veslg ($S1,$R1,2); - veslg ($S2,$R2,2); - veslg ($S3,$R3,2); - veslg ($S4,$R4,2); - vlr ($H0,$R0); - vlr ($H1,$R1); - vlr ($H2,$R2); - vlr ($H3,$R3); - vlr ($H4,$R4); - vag ($S1,$S1,$R1); # * 5 - vag ($S2,$S2,$R2); - vag ($S3,$S3,$R3); - vag ($S4,$S4,$R4); - - brasl ("%r14","__poly1305_mul"); # r^1:- * r^1:- - - vpdi ($R0,$H0,$R0,0); # r^2:r^1 - vpdi ($R1,$H1,$R1,0); - vpdi ($R2,$H2,$R2,0); - vpdi ($R3,$H3,$R3,0); - vpdi ($R4,$H4,$R4,0); - vpdi ($H0,$H0,$H0,0); # r^2:r^2 - vpdi ($H1,$H1,$H1,0); - vpdi ($H2,$H2,$H2,0); - vpdi ($H3,$H3,$H3,0); - vpdi ($H4,$H4,$H4,0); - veslg ($S1,$R1,2); - veslg ($S2,$R2,2); - veslg ($S3,$R3,2); - veslg ($S4,$R4,2); - vag ($S1,$S1,$R1); # * 5 - vag ($S2,$S2,$R2); - vag ($S3,$S3,$R3); - vag ($S4,$S4,$R4); - - brasl ("%r14,__poly1305_mul"); # r^2:r^2 * r^2:r^1 - - vl ($I0,"0(%r1)"); # borrow $I0 - vperm ($R0,$R0,$H0,$I0); # r^2:r^4:r^1:r^3 - vperm ($R1,$R1,$H1,$I0); - vperm ($R2,$R2,$H2,$I0); - vperm ($R3,$R3,$H3,$I0); - vperm ($R4,$R4,$H4,$I0); - veslf ($S1,$R1,2); - veslf ($S2,$R2,2); - veslf ($S3,$R3,2); - veslf ($S4,$R4,2); - vaf ($S1,$S1,$R1); # * 5 - vaf ($S2,$S2,$R2); - vaf ($S3,$S3,$R3); - vaf ($S4,$S4,$R4); - - lg ($h0,"0($ctx)"); # load hash base 2^64 - lg ($h1,"8($ctx)"); - lg ($h2,"16($ctx)"); - - vzero ($H0); - vzero ($H1); - vzero ($H2); - vzero ($H3); - vzero ($H4); - - risbg ($d0,$h0,38,0x80+63,38); # base 2^64 -> 2^26 - srlg ($d1,$h0,52); - risbg ($h0,$h0,38,0x80+63,0); - vlvgg ($H0,$h0,0); - risbg ($d1,$h1,38,51,12); - vlvgg ($H1,$d0,0); - risbg ($d0,$h1,38,63,50); - vlvgg ($H2,$d1,0); - srlg ($d1,$h1,40); - vlvgg ($H3,$d0,0); - risbg ($d1,$h2,37,39,24); - vlvgg ($H4,$d1,0); - - lhi ("%r0",1); - st ("%r0","24($ctx)"); # set is_base2_26 - - vstm ($R0,$S4,"48($ctx)"); # save key schedule base 2^26 - - vpdi ($R0,$R0,$R0,0); # broadcast r^2:r^4 - vpdi ($R1,$R1,$R1,0); - vpdi ($S1,$S1,$S1,0); - vpdi ($R2,$R2,$R2,0); - vpdi ($S2,$S2,$S2,0); - vpdi ($R3,$R3,$R3,0); - vpdi ($S3,$S3,$S3,0); - vpdi ($R4,$R4,$R4,0); - vpdi ($S4,$S4,$S4,0); - - j (".Loaded_hash"); - -ALIGN (16); -LABEL (".Lskip_init"); - vllezf ($H0,"0($ctx)"); # load hash base 2^26 - vllezf ($H1,"4($ctx)"); - vllezf ($H2,"8($ctx)"); - vllezf ($H3,"12($ctx)"); - vllezf ($H4,"16($ctx)"); - - vlrepg ($R0,"0x30($ctx)"); # broadcast r^2:r^4 - vlrepg ($R1,"0x40($ctx)"); - vlrepg ($S1,"0x50($ctx)"); - vlrepg ($R2,"0x60($ctx)"); - vlrepg ($S2,"0x70($ctx)"); - vlrepg ($R3,"0x80($ctx)"); - vlrepg ($S3,"0x90($ctx)"); - vlrepg ($R4,"0xa0($ctx)"); - vlrepg ($S4,"0xb0($ctx)"); - -LABEL (".Loaded_hash"); - vzero ($I1); - vzero ($I3); - - vlm ($T1,$T4,"0x00($inp)"); # load first input block - la ($inp,"0x40($inp)"); - vgmg ($mask26,6,31); - vgmf ($I4,5,5); # padbit<<2 - - vperm ($I0,$T3,$T4,$bswaplo); - vperm ($I2,$T3,$T4,$bswapmi); - vperm ($T3,$T3,$T4,$bswaphi); - - verimg ($I1,$I0,$mask26,6); # >>26 - veslg ($I0,$I0,32); - veslg ($I2,$I2,28); # >>4 - verimg ($I3,$T3,$mask26,18); # >>14 - verimg ($I4,$T3,$mask26,58); # >>38 - vn ($I0,$I0,$mask26); - vn ($I2,$I2,$mask26); - vesrlf ($I4,$I4,2); # >>2 - - vgmg ($mask26,38,63); - vperm ($T3,$T1,$T2,$bswaplo); - vperm ($T4,$T1,$T2,$bswaphi); - vperm ($T2,$T1,$T2,$bswapmi); - - verimg ($I0,$T3,$mask26,0); - verimg ($I1,$T3,$mask26,38); # >>26 - verimg ($I2,$T2,$mask26,60); # >>4 - verimg ($I3,$T4,$mask26,50); # >>14 - vesrlg ($T4,$T4,40); - vo ($I4,$I4,$T4); - - srlg ("%r0",$len,6); -&{$z? \&aghi:\&ahi} ("%r0",-1); - -ALIGN (16); -LABEL (".Loop_vx"); - vmlef ($ACC0,$I0,$R0); - vmlef ($ACC1,$I0,$R1); - vmlef ($ACC2,$I0,$R2); - vmlef ($ACC3,$I0,$R3); - vmlef ($ACC4,$I0,$R4); - - vmalef ($ACC0,$I1,$S4,$ACC0); - vmalef ($ACC1,$I1,$R0,$ACC1); - vmalef ($ACC2,$I1,$R1,$ACC2); - vmalef ($ACC3,$I1,$R2,$ACC3); - vmalef ($ACC4,$I1,$R3,$ACC4); - - vaf ($H2,$H2,$I2); - vaf ($H0,$H0,$I0); - vaf ($H3,$H3,$I3); - vaf ($H1,$H1,$I1); - vaf ($H4,$H4,$I4); - - vmalef ($ACC0,$I2,$S3,$ACC0); - vmalef ($ACC1,$I2,$S4,$ACC1); - vmalef ($ACC2,$I2,$R0,$ACC2); - vmalef ($ACC3,$I2,$R1,$ACC3); - vmalef ($ACC4,$I2,$R2,$ACC4); - - vlm ($T1,$T4,"0x00($inp)"); # load next input block - la ($inp,"0x40($inp)"); - vgmg ($mask26,6,31); - - vmalef ($ACC0,$I3,$S2,$ACC0); - vmalef ($ACC1,$I3,$S3,$ACC1); - vmalef ($ACC2,$I3,$S4,$ACC2); - vmalef ($ACC3,$I3,$R0,$ACC3); - vmalef ($ACC4,$I3,$R1,$ACC4); - - vperm ($I0,$T3,$T4,$bswaplo); - vperm ($I2,$T3,$T4,$bswapmi); - vperm ($T3,$T3,$T4,$bswaphi); - - vmalef ($ACC0,$I4,$S1,$ACC0); - vmalef ($ACC1,$I4,$S2,$ACC1); - vmalef ($ACC2,$I4,$S3,$ACC2); - vmalef ($ACC3,$I4,$S4,$ACC3); - vmalef ($ACC4,$I4,$R0,$ACC4); - - verimg ($I1,$I0,$mask26,6); # >>26 - veslg ($I0,$I0,32); - veslg ($I2,$I2,28); # >>4 - verimg ($I3,$T3,$mask26,18); # >>14 - - vmalof ($ACC0,$H0,$R0,$ACC0); - vmalof ($ACC1,$H0,$R1,$ACC1); - vmalof ($ACC2,$H0,$R2,$ACC2); - vmalof ($ACC3,$H0,$R3,$ACC3); - vmalof ($ACC4,$H0,$R4,$ACC4); - - vgmf ($I4,5,5); # padbit<<2 - verimg ($I4,$T3,$mask26,58); # >>38 - vn ($I0,$I0,$mask26); - vn ($I2,$I2,$mask26); - vesrlf ($I4,$I4,2); # >>2 - - vmalof ($ACC0,$H1,$S4,$ACC0); - vmalof ($ACC1,$H1,$R0,$ACC1); - vmalof ($ACC2,$H1,$R1,$ACC2); - vmalof ($ACC3,$H1,$R2,$ACC3); - vmalof ($ACC4,$H1,$R3,$ACC4); - - vgmg ($mask26,38,63); - vperm ($T3,$T1,$T2,$bswaplo); - vperm ($T4,$T1,$T2,$bswaphi); - vperm ($T2,$T1,$T2,$bswapmi); - - vmalof ($ACC0,$H2,$S3,$ACC0); - vmalof ($ACC1,$H2,$S4,$ACC1); - vmalof ($ACC2,$H2,$R0,$ACC2); - vmalof ($ACC3,$H2,$R1,$ACC3); - vmalof ($ACC4,$H2,$R2,$ACC4); - - verimg ($I0,$T3,$mask26,0); - verimg ($I1,$T3,$mask26,38); # >>26 - verimg ($I2,$T2,$mask26,60); # >>4 - - vmalof ($ACC0,$H3,$S2,$ACC0); - vmalof ($ACC1,$H3,$S3,$ACC1); - vmalof ($ACC2,$H3,$S4,$ACC2); - vmalof ($ACC3,$H3,$R0,$ACC3); - vmalof ($ACC4,$H3,$R1,$ACC4); - - verimg ($I3,$T4,$mask26,50); # >>14 - vesrlg ($T4,$T4,40); - vo ($I4,$I4,$T4); - - vmalof ($ACC0,$H4,$S1,$ACC0); - vmalof ($ACC1,$H4,$S2,$ACC1); - vmalof ($ACC2,$H4,$S3,$ACC2); - vmalof ($ACC3,$H4,$S4,$ACC3); - vmalof ($ACC4,$H4,$R0,$ACC4); - - ################################################################ - # lazy reduction as discussed in "NEON crypto" by D.J. Bernstein - # and P. Schwabe - - vesrlg ($H4,$ACC3,26); - vesrlg ($H1,$ACC0,26); - vn ($H3,$ACC3,$mask26); - vn ($H0,$ACC0,$mask26); - vag ($H4,$H4,$ACC4); # h3 -> h4 - vag ($H1,$H1,$ACC1); # h0 -> h1 - - vesrlg ($ACC4,$H4,26); - vesrlg ($ACC1,$H1,26); - vn ($H4,$H4,$mask26); - vn ($H1,$H1,$mask26); - vag ($H0,$H0,$ACC4); - vag ($H2,$ACC2,$ACC1); # h1 -> h2 - - veslg ($ACC4,$ACC4,2); # <<2 - vesrlg ($ACC2,$H2,26); - vn ($H2,$H2,$mask26); - vag ($H0,$H0,$ACC4); # h4 -> h0 - vag ($H3,$H3,$ACC2); # h2 -> h3 - - vesrlg ($ACC0,$H0,26); - vesrlg ($ACC3,$H3,26); - vn ($H0,$H0,$mask26); - vn ($H3,$H3,$mask26); - vag ($H1,$H1,$ACC0); # h0 -> h1 - vag ($H4,$H4,$ACC3); # h3 -> h4 - -&{$z? \&brctg:\&brct} ("%r0",".Loop_vx"); - - vlm ($R0,$S4,"48($ctx)"); # load all powers - - lghi ("%r0",0x30); -&{$z? \&lcgr:\&lcr} ($len,$len); -&{$z? \&ngr:\&nr} ($len,"%r0"); -&{$z? \&slgr:\&slr} ($inp,$len); - -LABEL (".Last"); - vmlef ($ACC0,$I0,$R0); - vmlef ($ACC1,$I0,$R1); - vmlef ($ACC2,$I0,$R2); - vmlef ($ACC3,$I0,$R3); - vmlef ($ACC4,$I0,$R4); - - vmalef ($ACC0,$I1,$S4,$ACC0); - vmalef ($ACC1,$I1,$R0,$ACC1); - vmalef ($ACC2,$I1,$R1,$ACC2); - vmalef ($ACC3,$I1,$R2,$ACC3); - vmalef ($ACC4,$I1,$R3,$ACC4); - - vaf ($H0,$H0,$I0); - vaf ($H1,$H1,$I1); - vaf ($H2,$H2,$I2); - vaf ($H3,$H3,$I3); - vaf ($H4,$H4,$I4); - - vmalef ($ACC0,$I2,$S3,$ACC0); - vmalef ($ACC1,$I2,$S4,$ACC1); - vmalef ($ACC2,$I2,$R0,$ACC2); - vmalef ($ACC3,$I2,$R1,$ACC3); - vmalef ($ACC4,$I2,$R2,$ACC4); - - vmalef ($ACC0,$I3,$S2,$ACC0); - vmalef ($ACC1,$I3,$S3,$ACC1); - vmalef ($ACC2,$I3,$S4,$ACC2); - vmalef ($ACC3,$I3,$R0,$ACC3); - vmalef ($ACC4,$I3,$R1,$ACC4); - - vmalef ($ACC0,$I4,$S1,$ACC0); - vmalef ($ACC1,$I4,$S2,$ACC1); - vmalef ($ACC2,$I4,$S3,$ACC2); - vmalef ($ACC3,$I4,$S4,$ACC3); - vmalef ($ACC4,$I4,$R0,$ACC4); - - vmalof ($ACC0,$H0,$R0,$ACC0); - vmalof ($ACC1,$H0,$R1,$ACC1); - vmalof ($ACC2,$H0,$R2,$ACC2); - vmalof ($ACC3,$H0,$R3,$ACC3); - vmalof ($ACC4,$H0,$R4,$ACC4); - - vmalof ($ACC0,$H1,$S4,$ACC0); - vmalof ($ACC1,$H1,$R0,$ACC1); - vmalof ($ACC2,$H1,$R1,$ACC2); - vmalof ($ACC3,$H1,$R2,$ACC3); - vmalof ($ACC4,$H1,$R3,$ACC4); - - vmalof ($ACC0,$H2,$S3,$ACC0); - vmalof ($ACC1,$H2,$S4,$ACC1); - vmalof ($ACC2,$H2,$R0,$ACC2); - vmalof ($ACC3,$H2,$R1,$ACC3); - vmalof ($ACC4,$H2,$R2,$ACC4); - - vmalof ($ACC0,$H3,$S2,$ACC0); - vmalof ($ACC1,$H3,$S3,$ACC1); - vmalof ($ACC2,$H3,$S4,$ACC2); - vmalof ($ACC3,$H3,$R0,$ACC3); - vmalof ($ACC4,$H3,$R1,$ACC4); - - vmalof ($ACC0,$H4,$S1,$ACC0); - vmalof ($ACC1,$H4,$S2,$ACC1); - vmalof ($ACC2,$H4,$S3,$ACC2); - vmalof ($ACC3,$H4,$S4,$ACC3); - vmalof ($ACC4,$H4,$R0,$ACC4); - - ################################################################ - # horizontal addition - - vzero ($H0); - vsumqg ($ACC0,$ACC0,$H0); - vsumqg ($ACC1,$ACC1,$H0); - vsumqg ($ACC2,$ACC2,$H0); - vsumqg ($ACC3,$ACC3,$H0); - vsumqg ($ACC4,$ACC4,$H0); - - ################################################################ - # lazy reduction - - vesrlg ($H4,$ACC3,26); - vesrlg ($H1,$ACC0,26); - vn ($H3,$ACC3,$mask26); - vn ($H0,$ACC0,$mask26); - vag ($H4,$H4,$ACC4); # h3 -> h4 - vag ($H1,$H1,$ACC1); # h0 -> h1 - - vesrlg ($ACC4,$H4,26); - vesrlg ($ACC1,$H1,26); - vn ($H4,$H4,$mask26); - vn ($H1,$H1,$mask26); - vag ($H0,$H0,$ACC4); - vag ($H2,$ACC2,$ACC1); # h1 -> h2 - - veslg ($ACC4,$ACC4,2); # <<2 - vesrlg ($ACC2,$H2,26); - vn ($H2,$H2,$mask26); - vag ($H0,$H0,$ACC4); # h4 -> h0 - vag ($H3,$H3,$ACC2); # h2 -> h3 - - vesrlg ($ACC0,$H0,26); - vesrlg ($ACC3,$H3,26); - vn ($H0,$H0,$mask26); - vn ($H3,$H3,$mask26); - vag ($H1,$H1,$ACC0); # h0 -> h1 - vag ($H4,$H4,$ACC3); # h3 -> h4 - -&{$z? \&clgfi:\&clfi} ($len,0); - je (".Ldone"); - - vlm ($T1,$T4,"0x00($inp)"); # load last partial block - vgmg ($mask26,6,31); - vgmf ($I4,5,5); # padbit<<2 - - vperm ($I0,$T3,$T4,$bswaplo); - vperm ($I2,$T3,$T4,$bswapmi); - vperm ($T3,$T3,$T4,$bswaphi); - - vl ($ACC0,"0x30($len,%r1)"); # borrow $ACC0,1 - vl ($ACC1,"0x60($len,%r1)"); - - verimg ($I1,$I0,$mask26,6); # >>26 - veslg ($I0,$I0,32); - veslg ($I2,$I2,28); # >>4 - verimg ($I3,$T3,$mask26,18); # >>14 - verimg ($I4,$T3,$mask26,58); # >>38 - vn ($I0,$I0,$mask26); - vn ($I2,$I2,$mask26); - vesrlf ($I4,$I4,2); # >>2 - - vgmg ($mask26,38,63); - vperm ($T3,$T1,$T2,$bswaplo); - vperm ($T4,$T1,$T2,$bswaphi); - vperm ($T2,$T1,$T2,$bswapmi); - - verimg ($I0,$T3,$mask26,0); - verimg ($I1,$T3,$mask26,38); # >>26 - verimg ($I2,$T2,$mask26,60); # >>4 - verimg ($I3,$T4,$mask26,50); # >>14 - vesrlg ($T4,$T4,40); - vo ($I4,$I4,$T4); - - vperm ($H0,$H0,$H0,$ACC0); # move hash to right lane - vn ($I0,$I0,$ACC1); # mask redundant lane[s] - vperm ($H1,$H1,$H1,$ACC0); - vn ($I1,$I1,$ACC1); - vperm ($H2,$H2,$H2,$ACC0); - vn ($I2,$I2,$ACC1); - vperm ($H3,$H3,$H3,$ACC0); - vn ($I3,$I3,$ACC1); - vperm ($H4,$H4,$H4,$ACC0); - vn ($I4,$I4,$ACC1); - - vaf ($I0,$I0,$H0); # accumulate hash - vzero ($H0); # wipe hash value - vaf ($I1,$I1,$H1); - vzero ($H1); - vaf ($I2,$I2,$H2); - vzero ($H2); - vaf ($I3,$I3,$H3); - vzero ($H3); - vaf ($I4,$I4,$H4); - vzero ($H4); - -&{$z? \&lghi:\&lhi} ($len,0); - j (".Last"); - # I don't bother to tell apart cases when only one multiplication - # pass is sufficient, because I argue that mispredicted branch - # penalties are comparable to overhead of sometimes redundant - # multiplication pass... - -LABEL (".Ldone"); - vstef ($H0,"0($ctx)",3); # store hash base 2^26 - vstef ($H1,"4($ctx)",3); - vstef ($H2,"8($ctx)",3); - vstef ($H3,"12($ctx)",3); - vstef ($H4,"16($ctx)",3); - -if ($z) { - ld ("%f8","$stdframe+0*8($sp)"); - ld ("%f9","$stdframe+1*8($sp)"); - ld ("%f10","$stdframe+2*8($sp)"); - ld ("%f11","$stdframe+3*8($sp)"); - ld ("%f12","$stdframe+4*8($sp)"); - ld ("%f13","$stdframe+5*8($sp)"); - ld ("%f14","$stdframe+6*8($sp)"); - ld ("%f15","$stdframe+7*8($sp)"); -&{$z? \&lmg:\&lm} ("%r10","%r15","$stdframe+8*8+10*$SIZE_T($sp)"); -} else { - ld ("%f4","$stdframe+16*$SIZE_T+2*8($sp)"); - ld ("%f6","$stdframe+16*$SIZE_T+3*8($sp)"); -&{$z? \&lmg:\&lm} ("%r10","%r15","$stdframe+10*$SIZE_T($sp)"); -} - br ("%r14"); -SIZE ("__poly1305_blocks_vx",".-__poly1305_blocks_vx"); -} - -################ -# static void poly1305_emit(void *ctx, unsigned char mac[16], -# const u32 nonce[4]) -{ -my ($mac,$nonce)=($inp,$len); -my ($h0,$h1,$h2,$d0,$d1,$d2)=map("%r$_",(5..10)); - -GLOBL ("poly1305_emit"); -TYPE ("poly1305_emit","\@function"); -ALIGN (16); -LABEL ("poly1305_emit"); -LABEL (".Lpoly1305_emit"); -&{$z? \&stmg:\&stm} ("%r6","%r10","6*$SIZE_T($sp)"); - - lg ($d0,"0($ctx)"); - lg ($d1,"8($ctx)"); - lg ($d2,"16($ctx)"); - - llgfr ("%r0",$d0); # base 2^26 -> base 2^64 - srlg ($h0,$d0,32); - llgfr ("%r1",$d1); - srlg ($h1,$d1,32); - srlg ($h2,$d2,32); - - sllg ("%r0","%r0",26); - algr ($h0,"%r0"); - sllg ("%r0",$h1,52); - srlg ($h1,$h1,12); - sllg ("%r1","%r1",14); - algr ($h0,"%r0"); - alcgr ($h1,"%r1"); - sllg ("%r0",$h2,40); - srlg ($h2,$h2,24); - lghi ("%r1",0); - algr ($h1,"%r0"); - alcgr ($h2,"%r1"); - - llgf ("%r0","24($ctx)"); # is_base2_26 - lcgr ("%r0","%r0"); - - xgr ($h0,$d0); # choose between radixes - xgr ($h1,$d1); - xgr ($h2,$d2); - ngr ($h0,"%r0"); - ngr ($h1,"%r0"); - ngr ($h2,"%r0"); - xgr ($h0,$d0); - xgr ($h1,$d1); - xgr ($h2,$d2); - - lghi ("%r0",5); - lgr ($d0,$h0); - lgr ($d1,$h1); - - algr ($h0,"%r0"); # compare to modulus - alcgr ($h1,"%r1"); - alcgr ($h2,"%r1"); - - srlg ($h2,$h2,2); # did it borrow/carry? - slgr ("%r1",$h2); # 0-$h2>>2 - lg ($d2,"0($nonce)"); # load nonce - lg ($ctx,"8($nonce)"); - - xgr ($h0,$d0); - xgr ($h1,$d1); - ngr ($h0,"%r1"); - ngr ($h1,"%r1"); - xgr ($h0,$d0); - rllg ($d0,$d2,32); # flip nonce words - xgr ($h1,$d1); - rllg ($d1,$ctx,32); - - algr ($h0,$d0); # accumulate nonce - alcgr ($h1,$d1); - - strvg ($h0,"0($mac)"); # write little-endian result - strvg ($h1,"8($mac)"); - -&{$z? \&lmg:\&lm} ("%r6","%r10","6*$SIZE_T($sp)"); - br ("%r14"); -SIZE ("poly1305_emit",".-poly1305_emit"); -} - -################ - -ALIGN (16); -LABEL (".Lconst"); -LONG (0x04050607,0x14151617,0x0c0d0e0f,0x1c1d1e1f); # merge odd -LONG (0x07060504,0x03020100,0x17161514,0x13121110); # byte swap masks -LONG (0x0f0e0d0c,0x0b0a0908,0x1f1e1d1c,0x1b1a1918); -LONG (0x00000000,0x09080706,0x00000000,0x19181716); - -LONG (0x00000000,0x00000000,0x00000000,0x0c0d0e0f); # magic tail masks -LONG (0x0c0d0e0f,0x00000000,0x00000000,0x00000000); -LONG (0x00000000,0x00000000,0x0c0d0e0f,0x00000000); - -LONG (0xffffffff,0x00000000,0xffffffff,0xffffffff); -LONG (0xffffffff,0x00000000,0xffffffff,0x00000000); -LONG (0x00000000,0x00000000,0xffffffff,0x00000000); - -STRING ("\"Poly1305 for s390x, CRYPTOGAMS by \""); - -PERLASM_END(); diff --git a/crypto/poly1305/asm/poly1305-sparcv9.pl b/crypto/poly1305/asm/poly1305-sparcv9.pl deleted file mode 100755 index dc592a07acacf23d344726cc9de264567ad20151..0000000000000000000000000000000000000000 --- a/crypto/poly1305/asm/poly1305-sparcv9.pl +++ /dev/null @@ -1,1122 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - -# -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# ==================================================================== -# -# This module implements Poly1305 hash for SPARCv9, vanilla, as well -# as VIS3 and FMA extensions. -# -# May, August 2015 -# -# Numbers are cycles per processed byte with poly1305_blocks alone. -# -# IALU(*) FMA -# -# UltraSPARC III 12.3(**) -# SPARC T3 7.92 -# SPARC T4 1.70(***) 6.55 -# SPARC64 X 5.60 3.64 -# -# (*) Comparison to compiler-generated code is really problematic, -# because latter's performance varies too much depending on too -# many variables. For example, one can measure from 5x to 15x -# improvement on T4 for gcc-4.6. Well, in T4 case it's a bit -# unfair comparison, because compiler doesn't use VIS3, but -# given same initial conditions coefficient varies from 3x to 9x. -# (**) Pre-III performance should be even worse; floating-point -# performance for UltraSPARC I-IV on the other hand is reported -# to be 4.25 for hand-coded assembly, but they are just too old -# to care about. -# (***) Multi-process benchmark saturates at ~12.5x single-process -# result on 8-core processor, or ~21GBps per 2.85GHz socket. - -# $output is the last argument if it looks like a file (it has an extension) -my $output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; - -open STDOUT,">$output" if $output; - -my ($ctx,$inp,$len,$padbit,$shl,$shr) = map("%i$_",(0..5)); -my ($r0,$r1,$r2,$r3,$s1,$s2,$s3,$h4) = map("%l$_",(0..7)); -my ($h0,$h1,$h2,$h3, $t0,$t1,$t2) = map("%o$_",(0..5,7)); -my ($d0,$d1,$d2,$d3) = map("%g$_",(1..4)); - -$code.=<<___; -#ifndef __ASSEMBLER__ -# define __ASSEMBLER__ 1 -#endif -#include "crypto/sparc_arch.h" - -#ifdef __arch64__ -.register %g2,#scratch -.register %g3,#scratch -# define STPTR stx -# define SIZE_T 8 -#else -# define STPTR st -# define SIZE_T 4 -#endif -#define LOCALS (STACK_BIAS+STACK_FRAME) - -.section ".text",#alloc,#execinstr - -#ifdef __PIC__ -SPARC_PIC_THUNK(%g1) -#endif - -.globl poly1305_init -.align 32 -poly1305_init: - save %sp,-STACK_FRAME-16,%sp - nop - - SPARC_LOAD_ADDRESS(OPENSSL_sparcv9cap_P,%g1) - ld [%g1],%g1 - - and %g1,SPARCV9_FMADD|SPARCV9_VIS3,%g1 - cmp %g1,SPARCV9_FMADD - be .Lpoly1305_init_fma - nop - - stx %g0,[$ctx+0] - stx %g0,[$ctx+8] ! zero hash value - brz,pn $inp,.Lno_key - stx %g0,[$ctx+16] - - and $inp,7,$shr ! alignment factor - andn $inp,7,$inp - sll $shr,3,$shr ! *8 - neg $shr,$shl - - sethi %hi(0x0ffffffc),$t0 - set 8,$h1 - or $t0,%lo(0x0ffffffc),$t0 - set 16,$h2 - sllx $t0,32,$t1 - or $t0,$t1,$t1 ! 0x0ffffffc0ffffffc - or $t1,3,$t0 ! 0x0ffffffc0fffffff - - ldxa [$inp+%g0]0x88,$h0 ! load little-endian key - brz,pt $shr,.Lkey_aligned - ldxa [$inp+$h1]0x88,$h1 - - ldxa [$inp+$h2]0x88,$h2 - srlx $h0,$shr,$h0 - sllx $h1,$shl,$t2 - srlx $h1,$shr,$h1 - or $t2,$h0,$h0 - sllx $h2,$shl,$h2 - or $h2,$h1,$h1 - -.Lkey_aligned: - and $t0,$h0,$h0 - and $t1,$h1,$h1 - stx $h0,[$ctx+32+0] ! store key - stx $h1,[$ctx+32+8] - - andcc %g1,SPARCV9_VIS3,%g0 - be .Lno_key - nop - -1: call .+8 - add %o7,poly1305_blocks_vis3-1b,%o7 - - add %o7,poly1305_emit-poly1305_blocks_vis3,%o5 - STPTR %o7,[%i2] - STPTR %o5,[%i2+SIZE_T] - - ret - restore %g0,1,%o0 ! return 1 - -.Lno_key: - ret - restore %g0,%g0,%o0 ! return 0 -.type poly1305_init,#function -.size poly1305_init,.-poly1305_init - -.globl poly1305_blocks -.align 32 -poly1305_blocks: - save %sp,-STACK_FRAME,%sp - srln $len,4,$len - - brz,pn $len,.Lno_data - nop - - ld [$ctx+32+0],$r1 ! load key - ld [$ctx+32+4],$r0 - ld [$ctx+32+8],$r3 - ld [$ctx+32+12],$r2 - - ld [$ctx+0],$h1 ! load hash value - ld [$ctx+4],$h0 - ld [$ctx+8],$h3 - ld [$ctx+12],$h2 - ld [$ctx+16],$h4 - - and $inp,7,$shr ! alignment factor - andn $inp,7,$inp - set 8,$d1 - sll $shr,3,$shr ! *8 - set 16,$d2 - neg $shr,$shl - - srl $r1,2,$s1 - srl $r2,2,$s2 - add $r1,$s1,$s1 - srl $r3,2,$s3 - add $r2,$s2,$s2 - add $r3,$s3,$s3 - -.Loop: - ldxa [$inp+%g0]0x88,$d0 ! load little-endian input - brz,pt $shr,.Linp_aligned - ldxa [$inp+$d1]0x88,$d1 - - ldxa [$inp+$d2]0x88,$d2 - srlx $d0,$shr,$d0 - sllx $d1,$shl,$t1 - srlx $d1,$shr,$d1 - or $t1,$d0,$d0 - sllx $d2,$shl,$d2 - or $d2,$d1,$d1 - -.Linp_aligned: - srlx $d0,32,$t0 - addcc $d0,$h0,$h0 ! accumulate input - srlx $d1,32,$t1 - addccc $t0,$h1,$h1 - addccc $d1,$h2,$h2 - addccc $t1,$h3,$h3 - addc $padbit,$h4,$h4 - - umul $r0,$h0,$d0 - umul $r1,$h0,$d1 - umul $r2,$h0,$d2 - umul $r3,$h0,$d3 - sub $len,1,$len - add $inp,16,$inp - - umul $s3,$h1,$t0 - umul $r0,$h1,$t1 - umul $r1,$h1,$t2 - add $t0,$d0,$d0 - add $t1,$d1,$d1 - umul $r2,$h1,$t0 - add $t2,$d2,$d2 - add $t0,$d3,$d3 - - umul $s2,$h2,$t1 - umul $s3,$h2,$t2 - umul $r0,$h2,$t0 - add $t1,$d0,$d0 - add $t2,$d1,$d1 - umul $r1,$h2,$t1 - add $t0,$d2,$d2 - add $t1,$d3,$d3 - - umul $s1,$h3,$t2 - umul $s2,$h3,$t0 - umul $s3,$h3,$t1 - add $t2,$d0,$d0 - add $t0,$d1,$d1 - umul $r0,$h3,$t2 - add $t1,$d2,$d2 - add $t2,$d3,$d3 - - umul $s1,$h4,$t0 - umul $s2,$h4,$t1 - umul $s3,$h4,$t2 - umul $r0,$h4,$h4 - add $t0,$d1,$d1 - add $t1,$d2,$d2 - srlx $d0,32,$h1 - add $t2,$d3,$d3 - srlx $d1,32,$h2 - - addcc $d1,$h1,$h1 - srlx $d2,32,$h3 - set 8,$d1 - addccc $d2,$h2,$h2 - srlx $d3,32,$t0 - set 16,$d2 - addccc $d3,$h3,$h3 - addc $t0,$h4,$h4 - - srl $h4,2,$t0 ! final reduction step - andn $h4,3,$t1 - and $h4,3,$h4 - add $t1,$t0,$t0 - - addcc $t0,$d0,$h0 - addccc %g0,$h1,$h1 - addccc %g0,$h2,$h2 - addccc %g0,$h3,$h3 - brnz,pt $len,.Loop - addc %g0,$h4,$h4 - - st $h1,[$ctx+0] ! store hash value - st $h0,[$ctx+4] - st $h3,[$ctx+8] - st $h2,[$ctx+12] - st $h4,[$ctx+16] - -.Lno_data: - ret - restore -.type poly1305_blocks,#function -.size poly1305_blocks,.-poly1305_blocks -___ -######################################################################## -# VIS3 has umulxhi and addxc... -{ -my ($H0,$H1,$H2,$R0,$R1,$S1,$T1) = map("%o$_",(0..5,7)); -my ($D0,$D1,$D2,$T0) = map("%g$_",(1..4)); - -$code.=<<___; -.align 32 -poly1305_blocks_vis3: - save %sp,-STACK_FRAME,%sp - srln $len,4,$len - - brz,pn $len,.Lno_data - nop - - ldx [$ctx+32+0],$R0 ! load key - ldx [$ctx+32+8],$R1 - - ldx [$ctx+0],$H0 ! load hash value - ldx [$ctx+8],$H1 - ld [$ctx+16],$H2 - - and $inp,7,$shr ! alignment factor - andn $inp,7,$inp - set 8,$r1 - sll $shr,3,$shr ! *8 - set 16,$r2 - neg $shr,$shl - - srlx $R1,2,$S1 - b .Loop_vis3 - add $R1,$S1,$S1 - -.Loop_vis3: - ldxa [$inp+%g0]0x88,$D0 ! load little-endian input - brz,pt $shr,.Linp_aligned_vis3 - ldxa [$inp+$r1]0x88,$D1 - - ldxa [$inp+$r2]0x88,$D2 - srlx $D0,$shr,$D0 - sllx $D1,$shl,$T1 - srlx $D1,$shr,$D1 - or $T1,$D0,$D0 - sllx $D2,$shl,$D2 - or $D2,$D1,$D1 - -.Linp_aligned_vis3: - addcc $D0,$H0,$H0 ! accumulate input - sub $len,1,$len - addxccc $D1,$H1,$H1 - add $inp,16,$inp - - mulx $R0,$H0,$D0 ! r0*h0 - addxc $padbit,$H2,$H2 - umulxhi $R0,$H0,$D1 - mulx $S1,$H1,$T0 ! s1*h1 - umulxhi $S1,$H1,$T1 - addcc $T0,$D0,$D0 - mulx $R1,$H0,$T0 ! r1*h0 - addxc $T1,$D1,$D1 - umulxhi $R1,$H0,$D2 - addcc $T0,$D1,$D1 - mulx $R0,$H1,$T0 ! r0*h1 - addxc %g0,$D2,$D2 - umulxhi $R0,$H1,$T1 - addcc $T0,$D1,$D1 - mulx $S1,$H2,$T0 ! s1*h2 - addxc $T1,$D2,$D2 - mulx $R0,$H2,$T1 ! r0*h2 - addcc $T0,$D1,$D1 - addxc $T1,$D2,$D2 - - srlx $D2,2,$T0 ! final reduction step - andn $D2,3,$T1 - and $D2,3,$H2 - add $T1,$T0,$T0 - - addcc $T0,$D0,$H0 - addxccc %g0,$D1,$H1 - brnz,pt $len,.Loop_vis3 - addxc %g0,$H2,$H2 - - stx $H0,[$ctx+0] ! store hash value - stx $H1,[$ctx+8] - st $H2,[$ctx+16] - - ret - restore -.type poly1305_blocks_vis3,#function -.size poly1305_blocks_vis3,.-poly1305_blocks_vis3 -___ -} -my ($mac,$nonce) = ($inp,$len); - -$code.=<<___; -.globl poly1305_emit -.align 32 -poly1305_emit: - save %sp,-STACK_FRAME,%sp - - ld [$ctx+0],$h1 ! load hash value - ld [$ctx+4],$h0 - ld [$ctx+8],$h3 - ld [$ctx+12],$h2 - ld [$ctx+16],$h4 - - addcc $h0,5,$r0 ! compare to modulus - addccc $h1,0,$r1 - addccc $h2,0,$r2 - addccc $h3,0,$r3 - addc $h4,0,$h4 - andcc $h4,4,%g0 ! did it carry/borrow? - - movnz %icc,$r0,$h0 - ld [$nonce+0],$r0 ! load nonce - movnz %icc,$r1,$h1 - ld [$nonce+4],$r1 - movnz %icc,$r2,$h2 - ld [$nonce+8],$r2 - movnz %icc,$r3,$h3 - ld [$nonce+12],$r3 - - addcc $r0,$h0,$h0 ! accumulate nonce - addccc $r1,$h1,$h1 - addccc $r2,$h2,$h2 - addc $r3,$h3,$h3 - - srl $h0,8,$r0 - stb $h0,[$mac+0] ! store little-endian result - srl $h0,16,$r1 - stb $r0,[$mac+1] - srl $h0,24,$r2 - stb $r1,[$mac+2] - stb $r2,[$mac+3] - - srl $h1,8,$r0 - stb $h1,[$mac+4] - srl $h1,16,$r1 - stb $r0,[$mac+5] - srl $h1,24,$r2 - stb $r1,[$mac+6] - stb $r2,[$mac+7] - - srl $h2,8,$r0 - stb $h2,[$mac+8] - srl $h2,16,$r1 - stb $r0,[$mac+9] - srl $h2,24,$r2 - stb $r1,[$mac+10] - stb $r2,[$mac+11] - - srl $h3,8,$r0 - stb $h3,[$mac+12] - srl $h3,16,$r1 - stb $r0,[$mac+13] - srl $h3,24,$r2 - stb $r1,[$mac+14] - stb $r2,[$mac+15] - - ret - restore -.type poly1305_emit,#function -.size poly1305_emit,.-poly1305_emit -___ - -{ -my ($ctx,$inp,$len,$padbit) = map("%i$_",(0..3)); -my ($in0,$in1,$in2,$in3,$in4) = map("%o$_",(0..4)); -my ($i1,$step,$shr,$shl) = map("%l$_",(0..7)); -my $i2=$step; - -my ($h0lo,$h0hi,$h1lo,$h1hi,$h2lo,$h2hi,$h3lo,$h3hi, - $two0,$two32,$two64,$two96,$two130,$five_two130, - $r0lo,$r0hi,$r1lo,$r1hi,$r2lo,$r2hi, - $s2lo,$s2hi,$s3lo,$s3hi, - $c0lo,$c0hi,$c1lo,$c1hi,$c2lo,$c2hi,$c3lo,$c3hi) = map("%f".2*$_,(0..31)); -# borrowings -my ($r3lo,$r3hi,$s1lo,$s1hi) = ($c0lo,$c0hi,$c1lo,$c1hi); -my ($x0,$x1,$x2,$x3) = ($c2lo,$c2hi,$c3lo,$c3hi); -my ($y0,$y1,$y2,$y3) = ($c1lo,$c1hi,$c3hi,$c3lo); - -$code.=<<___; -.align 32 -poly1305_init_fma: - save %sp,-STACK_FRAME-16,%sp - nop - -.Lpoly1305_init_fma: -1: call .+8 - add %o7,.Lconsts_fma-1b,%o7 - - ldd [%o7+8*0],$two0 ! load constants - ldd [%o7+8*1],$two32 - ldd [%o7+8*2],$two64 - ldd [%o7+8*3],$two96 - ldd [%o7+8*5],$five_two130 - - std $two0,[$ctx+8*0] ! initial hash value, biased 0 - std $two32,[$ctx+8*1] - std $two64,[$ctx+8*2] - std $two96,[$ctx+8*3] - - brz,pn $inp,.Lno_key_fma - nop - - stx %fsr,[%sp+LOCALS] ! save original %fsr - ldx [%o7+8*6],%fsr ! load new %fsr - - std $two0,[$ctx+8*4] ! key "template" - std $two32,[$ctx+8*5] - std $two64,[$ctx+8*6] - std $two96,[$ctx+8*7] - - and $inp,7,$shr - andn $inp,7,$inp ! align pointer - mov 8,$i1 - sll $shr,3,$shr - mov 16,$i2 - neg $shr,$shl - - ldxa [$inp+%g0]0x88,$in0 ! load little-endian key - ldxa [$inp+$i1]0x88,$in2 - - brz $shr,.Lkey_aligned_fma - sethi %hi(0xf0000000),$i1 ! 0xf0000000 - - ldxa [$inp+$i2]0x88,$in4 - - srlx $in0,$shr,$in0 ! align data - sllx $in2,$shl,$in1 - srlx $in2,$shr,$in2 - or $in1,$in0,$in0 - sllx $in4,$shl,$in3 - or $in3,$in2,$in2 - -.Lkey_aligned_fma: - or $i1,3,$i2 ! 0xf0000003 - srlx $in0,32,$in1 - andn $in0,$i1,$in0 ! &=0x0fffffff - andn $in1,$i2,$in1 ! &=0x0ffffffc - srlx $in2,32,$in3 - andn $in2,$i2,$in2 - andn $in3,$i2,$in3 - - st $in0,[$ctx+`8*4+4`] ! fill "template" - st $in1,[$ctx+`8*5+4`] - st $in2,[$ctx+`8*6+4`] - st $in3,[$ctx+`8*7+4`] - - ldd [$ctx+8*4],$h0lo ! load [biased] key - ldd [$ctx+8*5],$h1lo - ldd [$ctx+8*6],$h2lo - ldd [$ctx+8*7],$h3lo - - fsubd $h0lo,$two0, $h0lo ! r0 - ldd [%o7+8*7],$two0 ! more constants - fsubd $h1lo,$two32,$h1lo ! r1 - ldd [%o7+8*8],$two32 - fsubd $h2lo,$two64,$h2lo ! r2 - ldd [%o7+8*9],$two64 - fsubd $h3lo,$two96,$h3lo ! r3 - ldd [%o7+8*10],$two96 - - fmuld $five_two130,$h1lo,$s1lo ! s1 - fmuld $five_two130,$h2lo,$s2lo ! s2 - fmuld $five_two130,$h3lo,$s3lo ! s3 - - faddd $h0lo,$two0, $h0hi - faddd $h1lo,$two32,$h1hi - faddd $h2lo,$two64,$h2hi - faddd $h3lo,$two96,$h3hi - - fsubd $h0hi,$two0, $h0hi - ldd [%o7+8*11],$two0 ! more constants - fsubd $h1hi,$two32,$h1hi - ldd [%o7+8*12],$two32 - fsubd $h2hi,$two64,$h2hi - ldd [%o7+8*13],$two64 - fsubd $h3hi,$two96,$h3hi - - fsubd $h0lo,$h0hi,$h0lo - std $h0hi,[$ctx+8*5] ! r0hi - fsubd $h1lo,$h1hi,$h1lo - std $h1hi,[$ctx+8*7] ! r1hi - fsubd $h2lo,$h2hi,$h2lo - std $h2hi,[$ctx+8*9] ! r2hi - fsubd $h3lo,$h3hi,$h3lo - std $h3hi,[$ctx+8*11] ! r3hi - - faddd $s1lo,$two0, $s1hi - faddd $s2lo,$two32,$s2hi - faddd $s3lo,$two64,$s3hi - - fsubd $s1hi,$two0, $s1hi - fsubd $s2hi,$two32,$s2hi - fsubd $s3hi,$two64,$s3hi - - fsubd $s1lo,$s1hi,$s1lo - fsubd $s2lo,$s2hi,$s2lo - fsubd $s3lo,$s3hi,$s3lo - - ldx [%sp+LOCALS],%fsr ! restore %fsr - - std $h0lo,[$ctx+8*4] ! r0lo - std $h1lo,[$ctx+8*6] ! r1lo - std $h2lo,[$ctx+8*8] ! r2lo - std $h3lo,[$ctx+8*10] ! r3lo - - std $s1hi,[$ctx+8*13] - std $s2hi,[$ctx+8*15] - std $s3hi,[$ctx+8*17] - - std $s1lo,[$ctx+8*12] - std $s2lo,[$ctx+8*14] - std $s3lo,[$ctx+8*16] - - add %o7,poly1305_blocks_fma-.Lconsts_fma,%o0 - add %o7,poly1305_emit_fma-.Lconsts_fma,%o1 - STPTR %o0,[%i2] - STPTR %o1,[%i2+SIZE_T] - - ret - restore %g0,1,%o0 ! return 1 - -.Lno_key_fma: - ret - restore %g0,%g0,%o0 ! return 0 -.type poly1305_init_fma,#function -.size poly1305_init_fma,.-poly1305_init_fma - -.align 32 -poly1305_blocks_fma: - save %sp,-STACK_FRAME-48,%sp - srln $len,4,$len - - brz,pn $len,.Labort - sub $len,1,$len - -1: call .+8 - add %o7,.Lconsts_fma-1b,%o7 - - ldd [%o7+8*0],$two0 ! load constants - ldd [%o7+8*1],$two32 - ldd [%o7+8*2],$two64 - ldd [%o7+8*3],$two96 - ldd [%o7+8*4],$two130 - ldd [%o7+8*5],$five_two130 - - ldd [$ctx+8*0],$h0lo ! load [biased] hash value - ldd [$ctx+8*1],$h1lo - ldd [$ctx+8*2],$h2lo - ldd [$ctx+8*3],$h3lo - - std $two0,[%sp+LOCALS+8*0] ! input "template" - sethi %hi((1023+52+96)<<20),$in3 - std $two32,[%sp+LOCALS+8*1] - or $padbit,$in3,$in3 - std $two64,[%sp+LOCALS+8*2] - st $in3,[%sp+LOCALS+8*3] - - and $inp,7,$shr - andn $inp,7,$inp ! align pointer - mov 8,$i1 - sll $shr,3,$shr - mov 16,$step - neg $shr,$shl - - ldxa [$inp+%g0]0x88,$in0 ! load little-endian input - brz $shr,.Linp_aligned_fma - ldxa [$inp+$i1]0x88,$in2 - - ldxa [$inp+$step]0x88,$in4 - add $inp,8,$inp - - srlx $in0,$shr,$in0 ! align data - sllx $in2,$shl,$in1 - srlx $in2,$shr,$in2 - or $in1,$in0,$in0 - sllx $in4,$shl,$in3 - srlx $in4,$shr,$in4 ! pre-shift - or $in3,$in2,$in2 - -.Linp_aligned_fma: - srlx $in0,32,$in1 - movrz $len,0,$step - srlx $in2,32,$in3 - add $step,$inp,$inp ! conditional advance - - st $in0,[%sp+LOCALS+8*0+4] ! fill "template" - st $in1,[%sp+LOCALS+8*1+4] - st $in2,[%sp+LOCALS+8*2+4] - st $in3,[%sp+LOCALS+8*3+4] - - ldd [$ctx+8*4],$r0lo ! load key - ldd [$ctx+8*5],$r0hi - ldd [$ctx+8*6],$r1lo - ldd [$ctx+8*7],$r1hi - ldd [$ctx+8*8],$r2lo - ldd [$ctx+8*9],$r2hi - ldd [$ctx+8*10],$r3lo - ldd [$ctx+8*11],$r3hi - ldd [$ctx+8*12],$s1lo - ldd [$ctx+8*13],$s1hi - ldd [$ctx+8*14],$s2lo - ldd [$ctx+8*15],$s2hi - ldd [$ctx+8*16],$s3lo - ldd [$ctx+8*17],$s3hi - - stx %fsr,[%sp+LOCALS+8*4] ! save original %fsr - ldx [%o7+8*6],%fsr ! load new %fsr - - subcc $len,1,$len - movrz $len,0,$step - - ldd [%sp+LOCALS+8*0],$x0 ! load biased input - ldd [%sp+LOCALS+8*1],$x1 - ldd [%sp+LOCALS+8*2],$x2 - ldd [%sp+LOCALS+8*3],$x3 - - fsubd $h0lo,$two0, $h0lo ! de-bias hash value - fsubd $h1lo,$two32,$h1lo - ldxa [$inp+%g0]0x88,$in0 ! modulo-scheduled input load - fsubd $h2lo,$two64,$h2lo - fsubd $h3lo,$two96,$h3lo - ldxa [$inp+$i1]0x88,$in2 - - fsubd $x0,$two0, $x0 ! de-bias input - fsubd $x1,$two32,$x1 - fsubd $x2,$two64,$x2 - fsubd $x3,$two96,$x3 - - brz $shr,.Linp_aligned_fma2 - add $step,$inp,$inp ! conditional advance - - sllx $in0,$shl,$in1 ! align data - srlx $in0,$shr,$in3 - or $in1,$in4,$in0 - sllx $in2,$shl,$in1 - srlx $in2,$shr,$in4 ! pre-shift - or $in3,$in1,$in2 -.Linp_aligned_fma2: - srlx $in0,32,$in1 - srlx $in2,32,$in3 - - faddd $h0lo,$x0,$x0 ! accumulate input - stw $in0,[%sp+LOCALS+8*0+4] - faddd $h1lo,$x1,$x1 - stw $in1,[%sp+LOCALS+8*1+4] - faddd $h2lo,$x2,$x2 - stw $in2,[%sp+LOCALS+8*2+4] - faddd $h3lo,$x3,$x3 - stw $in3,[%sp+LOCALS+8*3+4] - - b .Lentry_fma - nop - -.align 16 -.Loop_fma: - ldxa [$inp+%g0]0x88,$in0 ! modulo-scheduled input load - ldxa [$inp+$i1]0x88,$in2 - movrz $len,0,$step - - faddd $y0,$h0lo,$h0lo ! accumulate input - faddd $y1,$h0hi,$h0hi - faddd $y2,$h2lo,$h2lo - faddd $y3,$h2hi,$h2hi - - brz,pn $shr,.Linp_aligned_fma3 - add $step,$inp,$inp ! conditional advance - - sllx $in0,$shl,$in1 ! align data - srlx $in0,$shr,$in3 - or $in1,$in4,$in0 - sllx $in2,$shl,$in1 - srlx $in2,$shr,$in4 ! pre-shift - or $in3,$in1,$in2 - -.Linp_aligned_fma3: - !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! base 2^48 -> base 2^32 - faddd $two64,$h1lo,$c1lo - srlx $in0,32,$in1 - faddd $two64,$h1hi,$c1hi - srlx $in2,32,$in3 - faddd $two130,$h3lo,$c3lo - st $in0,[%sp+LOCALS+8*0+4] ! fill "template" - faddd $two130,$h3hi,$c3hi - st $in1,[%sp+LOCALS+8*1+4] - faddd $two32,$h0lo,$c0lo - st $in2,[%sp+LOCALS+8*2+4] - faddd $two32,$h0hi,$c0hi - st $in3,[%sp+LOCALS+8*3+4] - faddd $two96,$h2lo,$c2lo - faddd $two96,$h2hi,$c2hi - - fsubd $c1lo,$two64,$c1lo - fsubd $c1hi,$two64,$c1hi - fsubd $c3lo,$two130,$c3lo - fsubd $c3hi,$two130,$c3hi - fsubd $c0lo,$two32,$c0lo - fsubd $c0hi,$two32,$c0hi - fsubd $c2lo,$two96,$c2lo - fsubd $c2hi,$two96,$c2hi - - fsubd $h1lo,$c1lo,$h1lo - fsubd $h1hi,$c1hi,$h1hi - fsubd $h3lo,$c3lo,$h3lo - fsubd $h3hi,$c3hi,$h3hi - fsubd $h2lo,$c2lo,$h2lo - fsubd $h2hi,$c2hi,$h2hi - fsubd $h0lo,$c0lo,$h0lo - fsubd $h0hi,$c0hi,$h0hi - - faddd $h1lo,$c0lo,$h1lo - faddd $h1hi,$c0hi,$h1hi - faddd $h3lo,$c2lo,$h3lo - faddd $h3hi,$c2hi,$h3hi - faddd $h2lo,$c1lo,$h2lo - faddd $h2hi,$c1hi,$h2hi - fmaddd $five_two130,$c3lo,$h0lo,$h0lo - fmaddd $five_two130,$c3hi,$h0hi,$h0hi - - faddd $h1lo,$h1hi,$x1 - ldd [$ctx+8*12],$s1lo ! reload constants - faddd $h3lo,$h3hi,$x3 - ldd [$ctx+8*13],$s1hi - faddd $h2lo,$h2hi,$x2 - ldd [$ctx+8*10],$r3lo - faddd $h0lo,$h0hi,$x0 - ldd [$ctx+8*11],$r3hi - -.Lentry_fma: - fmuld $x1,$s3lo,$h0lo - fmuld $x1,$s3hi,$h0hi - fmuld $x1,$r1lo,$h2lo - fmuld $x1,$r1hi,$h2hi - fmuld $x1,$r0lo,$h1lo - fmuld $x1,$r0hi,$h1hi - fmuld $x1,$r2lo,$h3lo - fmuld $x1,$r2hi,$h3hi - - fmaddd $x3,$s1lo,$h0lo,$h0lo - fmaddd $x3,$s1hi,$h0hi,$h0hi - fmaddd $x3,$s3lo,$h2lo,$h2lo - fmaddd $x3,$s3hi,$h2hi,$h2hi - fmaddd $x3,$s2lo,$h1lo,$h1lo - fmaddd $x3,$s2hi,$h1hi,$h1hi - fmaddd $x3,$r0lo,$h3lo,$h3lo - fmaddd $x3,$r0hi,$h3hi,$h3hi - - fmaddd $x2,$s2lo,$h0lo,$h0lo - fmaddd $x2,$s2hi,$h0hi,$h0hi - fmaddd $x2,$r0lo,$h2lo,$h2lo - fmaddd $x2,$r0hi,$h2hi,$h2hi - fmaddd $x2,$s3lo,$h1lo,$h1lo - ldd [%sp+LOCALS+8*0],$y0 ! load [biased] input - fmaddd $x2,$s3hi,$h1hi,$h1hi - ldd [%sp+LOCALS+8*1],$y1 - fmaddd $x2,$r1lo,$h3lo,$h3lo - ldd [%sp+LOCALS+8*2],$y2 - fmaddd $x2,$r1hi,$h3hi,$h3hi - ldd [%sp+LOCALS+8*3],$y3 - - fmaddd $x0,$r0lo,$h0lo,$h0lo - fsubd $y0,$two0, $y0 ! de-bias input - fmaddd $x0,$r0hi,$h0hi,$h0hi - fsubd $y1,$two32,$y1 - fmaddd $x0,$r2lo,$h2lo,$h2lo - fsubd $y2,$two64,$y2 - fmaddd $x0,$r2hi,$h2hi,$h2hi - fsubd $y3,$two96,$y3 - fmaddd $x0,$r1lo,$h1lo,$h1lo - fmaddd $x0,$r1hi,$h1hi,$h1hi - fmaddd $x0,$r3lo,$h3lo,$h3lo - fmaddd $x0,$r3hi,$h3hi,$h3hi - - bcc SIZE_T_CC,.Loop_fma - subcc $len,1,$len - - !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! base 2^48 -> base 2^32 - faddd $h0lo,$two32,$c0lo - faddd $h0hi,$two32,$c0hi - faddd $h2lo,$two96,$c2lo - faddd $h2hi,$two96,$c2hi - faddd $h1lo,$two64,$c1lo - faddd $h1hi,$two64,$c1hi - faddd $h3lo,$two130,$c3lo - faddd $h3hi,$two130,$c3hi - - fsubd $c0lo,$two32,$c0lo - fsubd $c0hi,$two32,$c0hi - fsubd $c2lo,$two96,$c2lo - fsubd $c2hi,$two96,$c2hi - fsubd $c1lo,$two64,$c1lo - fsubd $c1hi,$two64,$c1hi - fsubd $c3lo,$two130,$c3lo - fsubd $c3hi,$two130,$c3hi - - fsubd $h1lo,$c1lo,$h1lo - fsubd $h1hi,$c1hi,$h1hi - fsubd $h3lo,$c3lo,$h3lo - fsubd $h3hi,$c3hi,$h3hi - fsubd $h2lo,$c2lo,$h2lo - fsubd $h2hi,$c2hi,$h2hi - fsubd $h0lo,$c0lo,$h0lo - fsubd $h0hi,$c0hi,$h0hi - - faddd $h1lo,$c0lo,$h1lo - faddd $h1hi,$c0hi,$h1hi - faddd $h3lo,$c2lo,$h3lo - faddd $h3hi,$c2hi,$h3hi - faddd $h2lo,$c1lo,$h2lo - faddd $h2hi,$c1hi,$h2hi - fmaddd $five_two130,$c3lo,$h0lo,$h0lo - fmaddd $five_two130,$c3hi,$h0hi,$h0hi - - faddd $h1lo,$h1hi,$x1 - faddd $h3lo,$h3hi,$x3 - faddd $h2lo,$h2hi,$x2 - faddd $h0lo,$h0hi,$x0 - - faddd $x1,$two32,$x1 ! bias - faddd $x3,$two96,$x3 - faddd $x2,$two64,$x2 - faddd $x0,$two0, $x0 - - ldx [%sp+LOCALS+8*4],%fsr ! restore saved %fsr - - std $x1,[$ctx+8*1] ! store [biased] hash value - std $x3,[$ctx+8*3] - std $x2,[$ctx+8*2] - std $x0,[$ctx+8*0] - -.Labort: - ret - restore -.type poly1305_blocks_fma,#function -.size poly1305_blocks_fma,.-poly1305_blocks_fma -___ -{ -my ($mac,$nonce)=($inp,$len); - -my ($h0,$h1,$h2,$h3,$h4, $d0,$d1,$d2,$d3, $mask - ) = (map("%l$_",(0..5)),map("%o$_",(0..4))); - -$code.=<<___; -.align 32 -poly1305_emit_fma: - save %sp,-STACK_FRAME,%sp - - ld [$ctx+8*0+0],$d0 ! load hash - ld [$ctx+8*0+4],$h0 - ld [$ctx+8*1+0],$d1 - ld [$ctx+8*1+4],$h1 - ld [$ctx+8*2+0],$d2 - ld [$ctx+8*2+4],$h2 - ld [$ctx+8*3+0],$d3 - ld [$ctx+8*3+4],$h3 - - sethi %hi(0xfff00000),$mask - andn $d0,$mask,$d0 ! mask exponent - andn $d1,$mask,$d1 - andn $d2,$mask,$d2 - andn $d3,$mask,$d3 ! can be partially reduced... - mov 3,$mask - - srl $d3,2,$padbit ! ... so reduce - and $d3,$mask,$h4 - andn $d3,$mask,$d3 - add $padbit,$d3,$d3 - - addcc $d3,$h0,$h0 - addccc $d0,$h1,$h1 - addccc $d1,$h2,$h2 - addccc $d2,$h3,$h3 - addc %g0,$h4,$h4 - - addcc $h0,5,$d0 ! compare to modulus - addccc $h1,0,$d1 - addccc $h2,0,$d2 - addccc $h3,0,$d3 - addc $h4,0,$mask - - srl $mask,2,$mask ! did it carry/borrow? - neg $mask,$mask - sra $mask,31,$mask ! mask - - andn $h0,$mask,$h0 - and $d0,$mask,$d0 - andn $h1,$mask,$h1 - and $d1,$mask,$d1 - or $d0,$h0,$h0 - ld [$nonce+0],$d0 ! load nonce - andn $h2,$mask,$h2 - and $d2,$mask,$d2 - or $d1,$h1,$h1 - ld [$nonce+4],$d1 - andn $h3,$mask,$h3 - and $d3,$mask,$d3 - or $d2,$h2,$h2 - ld [$nonce+8],$d2 - or $d3,$h3,$h3 - ld [$nonce+12],$d3 - - addcc $d0,$h0,$h0 ! accumulate nonce - addccc $d1,$h1,$h1 - addccc $d2,$h2,$h2 - addc $d3,$h3,$h3 - - stb $h0,[$mac+0] ! write little-endian result - srl $h0,8,$h0 - stb $h1,[$mac+4] - srl $h1,8,$h1 - stb $h2,[$mac+8] - srl $h2,8,$h2 - stb $h3,[$mac+12] - srl $h3,8,$h3 - - stb $h0,[$mac+1] - srl $h0,8,$h0 - stb $h1,[$mac+5] - srl $h1,8,$h1 - stb $h2,[$mac+9] - srl $h2,8,$h2 - stb $h3,[$mac+13] - srl $h3,8,$h3 - - stb $h0,[$mac+2] - srl $h0,8,$h0 - stb $h1,[$mac+6] - srl $h1,8,$h1 - stb $h2,[$mac+10] - srl $h2,8,$h2 - stb $h3,[$mac+14] - srl $h3,8,$h3 - - stb $h0,[$mac+3] - stb $h1,[$mac+7] - stb $h2,[$mac+11] - stb $h3,[$mac+15] - - ret - restore -.type poly1305_emit_fma,#function -.size poly1305_emit_fma,.-poly1305_emit_fma -___ -} - -$code.=<<___; -.align 64 -.Lconsts_fma: -.word 0x43300000,0x00000000 ! 2^(52+0) -.word 0x45300000,0x00000000 ! 2^(52+32) -.word 0x47300000,0x00000000 ! 2^(52+64) -.word 0x49300000,0x00000000 ! 2^(52+96) -.word 0x4b500000,0x00000000 ! 2^(52+130) - -.word 0x37f40000,0x00000000 ! 5/2^130 -.word 0,1<<30 ! fsr: truncate, no exceptions - -.word 0x44300000,0x00000000 ! 2^(52+16+0) -.word 0x46300000,0x00000000 ! 2^(52+16+32) -.word 0x48300000,0x00000000 ! 2^(52+16+64) -.word 0x4a300000,0x00000000 ! 2^(52+16+96) -.word 0x3e300000,0x00000000 ! 2^(52+16+0-96) -.word 0x40300000,0x00000000 ! 2^(52+16+32-96) -.word 0x42300000,0x00000000 ! 2^(52+16+64-96) -.asciz "Poly1305 for SPARCv9/VIS3/FMA, CRYPTOGAMS by " -.align 4 -___ -} - -# Purpose of these subroutines is to explicitly encode VIS instructions, -# so that one can compile the module without having to specify VIS -# extensions on compiler command line, e.g. -xarch=v9 vs. -xarch=v9a. -# Idea is to reserve for option to produce "universal" binary and let -# programmer detect if current CPU is VIS capable at run-time. -sub unvis3 { -my ($mnemonic,$rs1,$rs2,$rd)=@_; -my %bias = ( "g" => 0, "o" => 8, "l" => 16, "i" => 24 ); -my ($ref,$opf); -my %visopf = ( "addxc" => 0x011, - "addxccc" => 0x013, - "umulxhi" => 0x016 ); - - $ref = "$mnemonic\t$rs1,$rs2,$rd"; - - if ($opf=$visopf{$mnemonic}) { - foreach ($rs1,$rs2,$rd) { - return $ref if (!/%([goli])([0-9])/); - $_=$bias{$1}+$2; - } - - return sprintf ".word\t0x%08x !%s", - 0x81b00000|$rd<<25|$rs1<<14|$opf<<5|$rs2, - $ref; - } else { - return $ref; - } -} - -sub unfma { -my ($mnemonic,$rs1,$rs2,$rs3,$rd)=@_; -my ($ref,$opf); -my %fmaopf = ( "fmadds" => 0x1, - "fmaddd" => 0x2, - "fmsubs" => 0x5, - "fmsubd" => 0x6 ); - - $ref = "$mnemonic\t$rs1,$rs2,$rs3,$rd"; - - if ($opf=$fmaopf{$mnemonic}) { - foreach ($rs1,$rs2,$rs3,$rd) { - return $ref if (!/%f([0-9]{1,2})/); - $_=$1; - if ($1>=32) { - return $ref if ($1&1); - # re-encode for upper double register addressing - $_=($1|$1>>5)&31; - } - } - - return sprintf ".word\t0x%08x !%s", - 0x81b80000|$rd<<25|$rs1<<14|$rs3<<9|$opf<<5|$rs2, - $ref; - } else { - return $ref; - } -} - -foreach (split("\n",$code)) { - s/\`([^\`]*)\`/eval $1/ge; - - s/\b(umulxhi|addxc[c]{0,2})\s+(%[goli][0-7]),\s*(%[goli][0-7]),\s*(%[goli][0-7])/ - &unvis3($1,$2,$3,$4) - /ge or - s/\b(fmadd[sd])\s+(%f[0-9]+),\s*(%f[0-9]+),\s*(%f[0-9]+),\s*(%f[0-9]+)/ - &unfma($1,$2,$3,$4,$5) - /ge; - - print $_,"\n"; -} - -close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/poly1305/asm/poly1305-x86.pl b/crypto/poly1305/asm/poly1305-x86.pl deleted file mode 100755 index c91d01fb3ba4e451e9af468aa0f50e176f11f0e6..0000000000000000000000000000000000000000 --- a/crypto/poly1305/asm/poly1305-x86.pl +++ /dev/null @@ -1,1814 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - -# -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# ==================================================================== -# -# This module implements Poly1305 hash for x86. -# -# April 2015 -# -# Numbers are cycles per processed byte with poly1305_blocks alone, -# measured with rdtsc at fixed clock frequency. -# -# IALU/gcc-3.4(*) SSE2(**) AVX2 -# Pentium 15.7/+80% - -# PIII 6.21/+90% - -# P4 19.8/+40% 3.24 -# Core 2 4.85/+90% 1.80 -# Westmere 4.58/+100% 1.43 -# Sandy Bridge 3.90/+100% 1.36 -# Haswell 3.88/+70% 1.18 0.72 -# Skylake 3.10/+60% 1.14 0.62 -# Silvermont 11.0/+40% 4.80 -# Goldmont 4.10/+200% 2.10 -# VIA Nano 6.71/+90% 2.47 -# Sledgehammer 3.51/+180% 4.27 -# Bulldozer 4.53/+140% 1.31 -# -# (*) gcc 4.8 for some reason generated worse code; -# (**) besides SSE2 there are floating-point and AVX options; FP -# is deemed unnecessary, because pre-SSE2 processor are too -# old to care about, while it's not the fastest option on -# SSE2-capable ones; AVX is omitted, because it doesn't give -# a lot of improvement, 5-10% depending on processor; - -$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; -push(@INC,"${dir}","${dir}../../perlasm"); -require "x86asm.pl"; - -$output=pop and open STDOUT,">$output"; - -&asm_init($ARGV[0],$ARGV[$#ARGV] eq "386"); - -$sse2=$avx=0; -for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); } - -if ($sse2) { - &static_label("const_sse2"); - &static_label("enter_blocks"); - &static_label("enter_emit"); - &external_label("OPENSSL_ia32cap_P"); - - if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1` - =~ /GNU assembler version ([2-9]\.[0-9]+)/) { - $avx = ($1>=2.19) + ($1>=2.22); - } - - if (!$avx && $ARGV[0] eq "win32n" && - `nasm -v 2>&1` =~ /NASM version ([2-9]\.[0-9]+)/) { - $avx = ($1>=2.09) + ($1>=2.10); - } - - if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:clang|LLVM) version|based on LLVM) ([0-9]+\.[0-9]+)/) { - $avx = ($2>=3.0) + ($2>3.0); - } -} - -######################################################################## -# Layout of opaque area is following. -# -# unsigned __int32 h[5]; # current hash value base 2^32 -# unsigned __int32 pad; # is_base2_26 in vector context -# unsigned __int32 r[4]; # key value base 2^32 - -&align(64); -&function_begin("poly1305_init"); - &mov ("edi",&wparam(0)); # context - &mov ("esi",&wparam(1)); # key - &mov ("ebp",&wparam(2)); # function table - - &xor ("eax","eax"); - &mov (&DWP(4*0,"edi"),"eax"); # zero hash value - &mov (&DWP(4*1,"edi"),"eax"); - &mov (&DWP(4*2,"edi"),"eax"); - &mov (&DWP(4*3,"edi"),"eax"); - &mov (&DWP(4*4,"edi"),"eax"); - &mov (&DWP(4*5,"edi"),"eax"); # is_base2_26 - - &cmp ("esi",0); - &je (&label("nokey")); - - if ($sse2) { - &call (&label("pic_point")); - &set_label("pic_point"); - &blindpop("ebx"); - - &lea ("eax",&DWP("poly1305_blocks-".&label("pic_point"),"ebx")); - &lea ("edx",&DWP("poly1305_emit-".&label("pic_point"),"ebx")); - - &picmeup("edi","OPENSSL_ia32cap_P","ebx",&label("pic_point")); - &mov ("ecx",&DWP(0,"edi")); - &and ("ecx",1<<26|1<<24); - &cmp ("ecx",1<<26|1<<24); # SSE2 and XMM? - &jne (&label("no_sse2")); - - &lea ("eax",&DWP("_poly1305_blocks_sse2-".&label("pic_point"),"ebx")); - &lea ("edx",&DWP("_poly1305_emit_sse2-".&label("pic_point"),"ebx")); - - if ($avx>1) { - &mov ("ecx",&DWP(8,"edi")); - &test ("ecx",1<<5); # AVX2? - &jz (&label("no_sse2")); - - &lea ("eax",&DWP("_poly1305_blocks_avx2-".&label("pic_point"),"ebx")); - } - &set_label("no_sse2"); - &mov ("edi",&wparam(0)); # reload context - &mov (&DWP(0,"ebp"),"eax"); # fill function table - &mov (&DWP(4,"ebp"),"edx"); - } - - &mov ("eax",&DWP(4*0,"esi")); # load input key - &mov ("ebx",&DWP(4*1,"esi")); - &mov ("ecx",&DWP(4*2,"esi")); - &mov ("edx",&DWP(4*3,"esi")); - &and ("eax",0x0fffffff); - &and ("ebx",0x0ffffffc); - &and ("ecx",0x0ffffffc); - &and ("edx",0x0ffffffc); - &mov (&DWP(4*6,"edi"),"eax"); - &mov (&DWP(4*7,"edi"),"ebx"); - &mov (&DWP(4*8,"edi"),"ecx"); - &mov (&DWP(4*9,"edi"),"edx"); - - &mov ("eax",$sse2); -&set_label("nokey"); -&function_end("poly1305_init"); - -($h0,$h1,$h2,$h3,$h4, - $d0,$d1,$d2,$d3, - $r0,$r1,$r2,$r3, - $s1,$s2,$s3)=map(4*$_,(0..15)); - -&function_begin("poly1305_blocks"); - &mov ("edi",&wparam(0)); # ctx - &mov ("esi",&wparam(1)); # inp - &mov ("ecx",&wparam(2)); # len -&set_label("enter_blocks"); - &and ("ecx",-15); - &jz (&label("nodata")); - - &stack_push(16); - &mov ("eax",&DWP(4*6,"edi")); # r0 - &mov ("ebx",&DWP(4*7,"edi")); # r1 - &lea ("ebp",&DWP(0,"esi","ecx")); # end of input - &mov ("ecx",&DWP(4*8,"edi")); # r2 - &mov ("edx",&DWP(4*9,"edi")); # r3 - - &mov (&wparam(2),"ebp"); - &mov ("ebp","esi"); - - &mov (&DWP($r0,"esp"),"eax"); # r0 - &mov ("eax","ebx"); - &shr ("eax",2); - &mov (&DWP($r1,"esp"),"ebx"); # r1 - &add ("eax","ebx"); # s1 - &mov ("ebx","ecx"); - &shr ("ebx",2); - &mov (&DWP($r2,"esp"),"ecx"); # r2 - &add ("ebx","ecx"); # s2 - &mov ("ecx","edx"); - &shr ("ecx",2); - &mov (&DWP($r3,"esp"),"edx"); # r3 - &add ("ecx","edx"); # s3 - &mov (&DWP($s1,"esp"),"eax"); # s1 - &mov (&DWP($s2,"esp"),"ebx"); # s2 - &mov (&DWP($s3,"esp"),"ecx"); # s3 - - &mov ("eax",&DWP(4*0,"edi")); # load hash value - &mov ("ebx",&DWP(4*1,"edi")); - &mov ("ecx",&DWP(4*2,"edi")); - &mov ("esi",&DWP(4*3,"edi")); - &mov ("edi",&DWP(4*4,"edi")); - &jmp (&label("loop")); - -&set_label("loop",32); - &add ("eax",&DWP(4*0,"ebp")); # accumulate input - &adc ("ebx",&DWP(4*1,"ebp")); - &adc ("ecx",&DWP(4*2,"ebp")); - &adc ("esi",&DWP(4*3,"ebp")); - &lea ("ebp",&DWP(4*4,"ebp")); - &adc ("edi",&wparam(3)); # padbit - - &mov (&DWP($h0,"esp"),"eax"); # put aside hash[+inp] - &mov (&DWP($h3,"esp"),"esi"); - - &mul (&DWP($r0,"esp")); # h0*r0 - &mov (&DWP($h4,"esp"),"edi"); - &mov ("edi","eax"); - &mov ("eax","ebx"); # h1 - &mov ("esi","edx"); - &mul (&DWP($s3,"esp")); # h1*s3 - &add ("edi","eax"); - &mov ("eax","ecx"); # h2 - &adc ("esi","edx"); - &mul (&DWP($s2,"esp")); # h2*s2 - &add ("edi","eax"); - &mov ("eax",&DWP($h3,"esp")); - &adc ("esi","edx"); - &mul (&DWP($s1,"esp")); # h3*s1 - &add ("edi","eax"); - &mov ("eax",&DWP($h0,"esp")); - &adc ("esi","edx"); - - &mul (&DWP($r1,"esp")); # h0*r1 - &mov (&DWP($d0,"esp"),"edi"); - &xor ("edi","edi"); - &add ("esi","eax"); - &mov ("eax","ebx"); # h1 - &adc ("edi","edx"); - &mul (&DWP($r0,"esp")); # h1*r0 - &add ("esi","eax"); - &mov ("eax","ecx"); # h2 - &adc ("edi","edx"); - &mul (&DWP($s3,"esp")); # h2*s3 - &add ("esi","eax"); - &mov ("eax",&DWP($h3,"esp")); - &adc ("edi","edx"); - &mul (&DWP($s2,"esp")); # h3*s2 - &add ("esi","eax"); - &mov ("eax",&DWP($h4,"esp")); - &adc ("edi","edx"); - &imul ("eax",&DWP($s1,"esp")); # h4*s1 - &add ("esi","eax"); - &mov ("eax",&DWP($h0,"esp")); - &adc ("edi",0); - - &mul (&DWP($r2,"esp")); # h0*r2 - &mov (&DWP($d1,"esp"),"esi"); - &xor ("esi","esi"); - &add ("edi","eax"); - &mov ("eax","ebx"); # h1 - &adc ("esi","edx"); - &mul (&DWP($r1,"esp")); # h1*r1 - &add ("edi","eax"); - &mov ("eax","ecx"); # h2 - &adc ("esi","edx"); - &mul (&DWP($r0,"esp")); # h2*r0 - &add ("edi","eax"); - &mov ("eax",&DWP($h3,"esp")); - &adc ("esi","edx"); - &mul (&DWP($s3,"esp")); # h3*s3 - &add ("edi","eax"); - &mov ("eax",&DWP($h4,"esp")); - &adc ("esi","edx"); - &imul ("eax",&DWP($s2,"esp")); # h4*s2 - &add ("edi","eax"); - &mov ("eax",&DWP($h0,"esp")); - &adc ("esi",0); - - &mul (&DWP($r3,"esp")); # h0*r3 - &mov (&DWP($d2,"esp"),"edi"); - &xor ("edi","edi"); - &add ("esi","eax"); - &mov ("eax","ebx"); # h1 - &adc ("edi","edx"); - &mul (&DWP($r2,"esp")); # h1*r2 - &add ("esi","eax"); - &mov ("eax","ecx"); # h2 - &adc ("edi","edx"); - &mul (&DWP($r1,"esp")); # h2*r1 - &add ("esi","eax"); - &mov ("eax",&DWP($h3,"esp")); - &adc ("edi","edx"); - &mul (&DWP($r0,"esp")); # h3*r0 - &add ("esi","eax"); - &mov ("ecx",&DWP($h4,"esp")); - &adc ("edi","edx"); - - &mov ("edx","ecx"); - &imul ("ecx",&DWP($s3,"esp")); # h4*s3 - &add ("esi","ecx"); - &mov ("eax",&DWP($d0,"esp")); - &adc ("edi",0); - - &imul ("edx",&DWP($r0,"esp")); # h4*r0 - &add ("edx","edi"); - - &mov ("ebx",&DWP($d1,"esp")); - &mov ("ecx",&DWP($d2,"esp")); - - &mov ("edi","edx"); # last reduction step - &shr ("edx",2); - &and ("edi",3); - &lea ("edx",&DWP(0,"edx","edx",4)); # *5 - &add ("eax","edx"); - &adc ("ebx",0); - &adc ("ecx",0); - &adc ("esi",0); - &adc ("edi",0); - - &cmp ("ebp",&wparam(2)); # done yet? - &jne (&label("loop")); - - &mov ("edx",&wparam(0)); # ctx - &stack_pop(16); - &mov (&DWP(4*0,"edx"),"eax"); # store hash value - &mov (&DWP(4*1,"edx"),"ebx"); - &mov (&DWP(4*2,"edx"),"ecx"); - &mov (&DWP(4*3,"edx"),"esi"); - &mov (&DWP(4*4,"edx"),"edi"); -&set_label("nodata"); -&function_end("poly1305_blocks"); - -&function_begin("poly1305_emit"); - &mov ("ebp",&wparam(0)); # context -&set_label("enter_emit"); - &mov ("edi",&wparam(1)); # output - &mov ("eax",&DWP(4*0,"ebp")); # load hash value - &mov ("ebx",&DWP(4*1,"ebp")); - &mov ("ecx",&DWP(4*2,"ebp")); - &mov ("edx",&DWP(4*3,"ebp")); - &mov ("esi",&DWP(4*4,"ebp")); - - &add ("eax",5); # compare to modulus - &adc ("ebx",0); - &adc ("ecx",0); - &adc ("edx",0); - &adc ("esi",0); - &shr ("esi",2); # did it carry/borrow? - &neg ("esi"); # do we choose hash-modulus? - - &and ("eax","esi"); - &and ("ebx","esi"); - &and ("ecx","esi"); - &and ("edx","esi"); - &mov (&DWP(4*0,"edi"),"eax"); - &mov (&DWP(4*1,"edi"),"ebx"); - &mov (&DWP(4*2,"edi"),"ecx"); - &mov (&DWP(4*3,"edi"),"edx"); - - ¬ ("esi"); # or original hash value? - &mov ("eax",&DWP(4*0,"ebp")); - &mov ("ebx",&DWP(4*1,"ebp")); - &mov ("ecx",&DWP(4*2,"ebp")); - &mov ("edx",&DWP(4*3,"ebp")); - &mov ("ebp",&wparam(2)); - &and ("eax","esi"); - &and ("ebx","esi"); - &and ("ecx","esi"); - &and ("edx","esi"); - &or ("eax",&DWP(4*0,"edi")); - &or ("ebx",&DWP(4*1,"edi")); - &or ("ecx",&DWP(4*2,"edi")); - &or ("edx",&DWP(4*3,"edi")); - - &add ("eax",&DWP(4*0,"ebp")); # accumulate key - &adc ("ebx",&DWP(4*1,"ebp")); - &adc ("ecx",&DWP(4*2,"ebp")); - &adc ("edx",&DWP(4*3,"ebp")); - - &mov (&DWP(4*0,"edi"),"eax"); - &mov (&DWP(4*1,"edi"),"ebx"); - &mov (&DWP(4*2,"edi"),"ecx"); - &mov (&DWP(4*3,"edi"),"edx"); -&function_end("poly1305_emit"); - -if ($sse2) { -######################################################################## -# Layout of opaque area is following. -# -# unsigned __int32 h[5]; # current hash value base 2^26 -# unsigned __int32 is_base2_26; -# unsigned __int32 r[4]; # key value base 2^32 -# unsigned __int32 pad[2]; -# struct { unsigned __int32 r^4, r^3, r^2, r^1; } r[9]; -# -# where r^n are base 2^26 digits of degrees of multiplier key. There are -# 5 digits, but last four are interleaved with multiples of 5, totalling -# in 9 elements: r0, r1, 5*r1, r2, 5*r2, r3, 5*r3, r4, 5*r4. - -my ($D0,$D1,$D2,$D3,$D4,$T0,$T1,$T2)=map("xmm$_",(0..7)); -my $MASK=$T2; # borrow and keep in mind - -&align (32); -&function_begin_B("_poly1305_init_sse2"); - &movdqu ($D4,&QWP(4*6,"edi")); # key base 2^32 - &lea ("edi",&DWP(16*3,"edi")); # size optimization - &mov ("ebp","esp"); - &sub ("esp",16*(9+5)); - &and ("esp",-16); - - #&pand ($D4,&QWP(96,"ebx")); # magic mask - &movq ($MASK,&QWP(64,"ebx")); - - &movdqa ($D0,$D4); - &movdqa ($D1,$D4); - &movdqa ($D2,$D4); - - &pand ($D0,$MASK); # -> base 2^26 - &psrlq ($D1,26); - &psrldq ($D2,6); - &pand ($D1,$MASK); - &movdqa ($D3,$D2); - &psrlq ($D2,4) - &psrlq ($D3,30); - &pand ($D2,$MASK); - &pand ($D3,$MASK); - &psrldq ($D4,13); - - &lea ("edx",&DWP(16*9,"esp")); # size optimization - &mov ("ecx",2); -&set_label("square"); - &movdqa (&QWP(16*0,"esp"),$D0); - &movdqa (&QWP(16*1,"esp"),$D1); - &movdqa (&QWP(16*2,"esp"),$D2); - &movdqa (&QWP(16*3,"esp"),$D3); - &movdqa (&QWP(16*4,"esp"),$D4); - - &movdqa ($T1,$D1); - &movdqa ($T0,$D2); - &pslld ($T1,2); - &pslld ($T0,2); - &paddd ($T1,$D1); # *5 - &paddd ($T0,$D2); # *5 - &movdqa (&QWP(16*5,"esp"),$T1); - &movdqa (&QWP(16*6,"esp"),$T0); - &movdqa ($T1,$D3); - &movdqa ($T0,$D4); - &pslld ($T1,2); - &pslld ($T0,2); - &paddd ($T1,$D3); # *5 - &paddd ($T0,$D4); # *5 - &movdqa (&QWP(16*7,"esp"),$T1); - &movdqa (&QWP(16*8,"esp"),$T0); - - &pshufd ($T1,$D0,0b01000100); - &movdqa ($T0,$D1); - &pshufd ($D1,$D1,0b01000100); - &pshufd ($D2,$D2,0b01000100); - &pshufd ($D3,$D3,0b01000100); - &pshufd ($D4,$D4,0b01000100); - &movdqa (&QWP(16*0,"edx"),$T1); - &movdqa (&QWP(16*1,"edx"),$D1); - &movdqa (&QWP(16*2,"edx"),$D2); - &movdqa (&QWP(16*3,"edx"),$D3); - &movdqa (&QWP(16*4,"edx"),$D4); - - ################################################################ - # d4 = h4*r0 + h3*r1 + h2*r2 + h1*r3 + h0*r4 - # d3 = h3*r0 + h2*r1 + h1*r2 + h0*r3 + h4*5*r4 - # d2 = h2*r0 + h1*r1 + h0*r2 + h4*5*r3 + h3*5*r4 - # d1 = h1*r0 + h0*r1 + h4*5*r2 + h3*5*r3 + h2*5*r4 - # d0 = h0*r0 + h4*5*r1 + h3*5*r2 + h2*5*r3 + h1*5*r4 - - &pmuludq ($D4,$D0); # h4*r0 - &pmuludq ($D3,$D0); # h3*r0 - &pmuludq ($D2,$D0); # h2*r0 - &pmuludq ($D1,$D0); # h1*r0 - &pmuludq ($D0,$T1); # h0*r0 - -sub pmuladd { -my $load = shift; -my $base = shift; $base = "esp" if (!defined($base)); - - ################################################################ - # As for choice to "rotate" $T0-$T2 in order to move paddq - # past next multiplication. While it makes code harder to read - # and doesn't have significant effect on most processors, it - # makes a lot of difference on Atom, up to 30% improvement. - - &movdqa ($T1,$T0); - &pmuludq ($T0,&QWP(16*3,$base)); # r1*h3 - &movdqa ($T2,$T1); - &pmuludq ($T1,&QWP(16*2,$base)); # r1*h2 - &paddq ($D4,$T0); - &movdqa ($T0,$T2); - &pmuludq ($T2,&QWP(16*1,$base)); # r1*h1 - &paddq ($D3,$T1); - &$load ($T1,5); # s1 - &pmuludq ($T0,&QWP(16*0,$base)); # r1*h0 - &paddq ($D2,$T2); - &pmuludq ($T1,&QWP(16*4,$base)); # s1*h4 - &$load ($T2,2); # r2^n - &paddq ($D1,$T0); - - &movdqa ($T0,$T2); - &pmuludq ($T2,&QWP(16*2,$base)); # r2*h2 - &paddq ($D0,$T1); - &movdqa ($T1,$T0); - &pmuludq ($T0,&QWP(16*1,$base)); # r2*h1 - &paddq ($D4,$T2); - &$load ($T2,6); # s2^n - &pmuludq ($T1,&QWP(16*0,$base)); # r2*h0 - &paddq ($D3,$T0); - &movdqa ($T0,$T2); - &pmuludq ($T2,&QWP(16*4,$base)); # s2*h4 - &paddq ($D2,$T1); - &pmuludq ($T0,&QWP(16*3,$base)); # s2*h3 - &$load ($T1,3); # r3^n - &paddq ($D1,$T2); - - &movdqa ($T2,$T1); - &pmuludq ($T1,&QWP(16*1,$base)); # r3*h1 - &paddq ($D0,$T0); - &$load ($T0,7); # s3^n - &pmuludq ($T2,&QWP(16*0,$base)); # r3*h0 - &paddq ($D4,$T1); - &movdqa ($T1,$T0); - &pmuludq ($T0,&QWP(16*4,$base)); # s3*h4 - &paddq ($D3,$T2); - &movdqa ($T2,$T1); - &pmuludq ($T1,&QWP(16*3,$base)); # s3*h3 - &paddq ($D2,$T0); - &pmuludq ($T2,&QWP(16*2,$base)); # s3*h2 - &$load ($T0,4); # r4^n - &paddq ($D1,$T1); - - &$load ($T1,8); # s4^n - &pmuludq ($T0,&QWP(16*0,$base)); # r4*h0 - &paddq ($D0,$T2); - &movdqa ($T2,$T1); - &pmuludq ($T1,&QWP(16*4,$base)); # s4*h4 - &paddq ($D4,$T0); - &movdqa ($T0,$T2); - &pmuludq ($T2,&QWP(16*1,$base)); # s4*h1 - &paddq ($D3,$T1); - &movdqa ($T1,$T0); - &pmuludq ($T0,&QWP(16*2,$base)); # s4*h2 - &paddq ($D0,$T2); - &pmuludq ($T1,&QWP(16*3,$base)); # s4*h3 - &movdqa ($MASK,&QWP(64,"ebx")); - &paddq ($D1,$T0); - &paddq ($D2,$T1); -} - &pmuladd (sub { my ($reg,$i)=@_; - &movdqa ($reg,&QWP(16*$i,"esp")); - },"edx"); - -sub lazy_reduction { -my $extra = shift; - - ################################################################ - # lazy reduction as discussed in "NEON crypto" by D.J. Bernstein - # and P. Schwabe - # - # [(*) see discussion in poly1305-armv4 module] - - &movdqa ($T0,$D3); - &pand ($D3,$MASK); - &psrlq ($T0,26); - &$extra () if (defined($extra)); - &paddq ($T0,$D4); # h3 -> h4 - &movdqa ($T1,$D0); - &pand ($D0,$MASK); - &psrlq ($T1,26); - &movdqa ($D4,$T0); - &paddq ($T1,$D1); # h0 -> h1 - &psrlq ($T0,26); - &pand ($D4,$MASK); - &movdqa ($D1,$T1); - &psrlq ($T1,26); - &paddd ($D0,$T0); # favour paddd when - # possible, because - # paddq is "broken" - # on Atom - &psllq ($T0,2); - &paddq ($T1,$D2); # h1 -> h2 - &paddq ($T0,$D0); # h4 -> h0 (*) - &pand ($D1,$MASK); - &movdqa ($D2,$T1); - &psrlq ($T1,26); - &pand ($D2,$MASK); - &paddd ($T1,$D3); # h2 -> h3 - &movdqa ($D0,$T0); - &psrlq ($T0,26); - &movdqa ($D3,$T1); - &psrlq ($T1,26); - &pand ($D0,$MASK); - &paddd ($D1,$T0); # h0 -> h1 - &pand ($D3,$MASK); - &paddd ($D4,$T1); # h3 -> h4 -} - &lazy_reduction (); - - &dec ("ecx"); - &jz (&label("square_break")); - - &punpcklqdq ($D0,&QWP(16*0,"esp")); # 0:r^1:0:r^2 - &punpcklqdq ($D1,&QWP(16*1,"esp")); - &punpcklqdq ($D2,&QWP(16*2,"esp")); - &punpcklqdq ($D3,&QWP(16*3,"esp")); - &punpcklqdq ($D4,&QWP(16*4,"esp")); - &jmp (&label("square")); - -&set_label("square_break"); - &psllq ($D0,32); # -> r^3:0:r^4:0 - &psllq ($D1,32); - &psllq ($D2,32); - &psllq ($D3,32); - &psllq ($D4,32); - &por ($D0,&QWP(16*0,"esp")); # r^3:r^1:r^4:r^2 - &por ($D1,&QWP(16*1,"esp")); - &por ($D2,&QWP(16*2,"esp")); - &por ($D3,&QWP(16*3,"esp")); - &por ($D4,&QWP(16*4,"esp")); - - &pshufd ($D0,$D0,0b10001101); # -> r^1:r^2:r^3:r^4 - &pshufd ($D1,$D1,0b10001101); - &pshufd ($D2,$D2,0b10001101); - &pshufd ($D3,$D3,0b10001101); - &pshufd ($D4,$D4,0b10001101); - - &movdqu (&QWP(16*0,"edi"),$D0); # save the table - &movdqu (&QWP(16*1,"edi"),$D1); - &movdqu (&QWP(16*2,"edi"),$D2); - &movdqu (&QWP(16*3,"edi"),$D3); - &movdqu (&QWP(16*4,"edi"),$D4); - - &movdqa ($T1,$D1); - &movdqa ($T0,$D2); - &pslld ($T1,2); - &pslld ($T0,2); - &paddd ($T1,$D1); # *5 - &paddd ($T0,$D2); # *5 - &movdqu (&QWP(16*5,"edi"),$T1); - &movdqu (&QWP(16*6,"edi"),$T0); - &movdqa ($T1,$D3); - &movdqa ($T0,$D4); - &pslld ($T1,2); - &pslld ($T0,2); - &paddd ($T1,$D3); # *5 - &paddd ($T0,$D4); # *5 - &movdqu (&QWP(16*7,"edi"),$T1); - &movdqu (&QWP(16*8,"edi"),$T0); - - &mov ("esp","ebp"); - &lea ("edi",&DWP(-16*3,"edi")); # size de-optimization - &ret (); -&function_end_B("_poly1305_init_sse2"); - -&align (32); -&function_begin("_poly1305_blocks_sse2"); - &mov ("edi",&wparam(0)); # ctx - &mov ("esi",&wparam(1)); # inp - &mov ("ecx",&wparam(2)); # len - - &mov ("eax",&DWP(4*5,"edi")); # is_base2_26 - &and ("ecx",-16); - &jz (&label("nodata")); - &cmp ("ecx",64); - &jae (&label("enter_sse2")); - &test ("eax","eax"); # is_base2_26? - &jz (&label("enter_blocks")); - -&set_label("enter_sse2",16); - &call (&label("pic_point")); -&set_label("pic_point"); - &blindpop("ebx"); - &lea ("ebx",&DWP(&label("const_sse2")."-".&label("pic_point"),"ebx")); - - &test ("eax","eax"); # is_base2_26? - &jnz (&label("base2_26")); - - &call ("_poly1305_init_sse2"); - - ################################################# base 2^32 -> base 2^26 - &mov ("eax",&DWP(0,"edi")); - &mov ("ecx",&DWP(3,"edi")); - &mov ("edx",&DWP(6,"edi")); - &mov ("esi",&DWP(9,"edi")); - &mov ("ebp",&DWP(13,"edi")); - &mov (&DWP(4*5,"edi"),1); # is_base2_26 - - &shr ("ecx",2); - &and ("eax",0x3ffffff); - &shr ("edx",4); - &and ("ecx",0x3ffffff); - &shr ("esi",6); - &and ("edx",0x3ffffff); - - &movd ($D0,"eax"); - &movd ($D1,"ecx"); - &movd ($D2,"edx"); - &movd ($D3,"esi"); - &movd ($D4,"ebp"); - - &mov ("esi",&wparam(1)); # [reload] inp - &mov ("ecx",&wparam(2)); # [reload] len - &jmp (&label("base2_32")); - -&set_label("base2_26",16); - &movd ($D0,&DWP(4*0,"edi")); # load hash value - &movd ($D1,&DWP(4*1,"edi")); - &movd ($D2,&DWP(4*2,"edi")); - &movd ($D3,&DWP(4*3,"edi")); - &movd ($D4,&DWP(4*4,"edi")); - &movdqa ($MASK,&QWP(64,"ebx")); - -&set_label("base2_32"); - &mov ("eax",&wparam(3)); # padbit - &mov ("ebp","esp"); - - &sub ("esp",16*(5+5+5+9+9)); - &and ("esp",-16); - - &lea ("edi",&DWP(16*3,"edi")); # size optimization - &shl ("eax",24); # padbit - - &test ("ecx",31); - &jz (&label("even")); - - ################################################################ - # process single block, with SSE2, because it's still faster - # even though half of result is discarded - - &movdqu ($T1,&QWP(0,"esi")); # input - &lea ("esi",&DWP(16,"esi")); - - &movdqa ($T0,$T1); # -> base 2^26 ... - &pand ($T1,$MASK); - &paddd ($D0,$T1); # ... and accumulate - - &movdqa ($T1,$T0); - &psrlq ($T0,26); - &psrldq ($T1,6); - &pand ($T0,$MASK); - &paddd ($D1,$T0); - - &movdqa ($T0,$T1); - &psrlq ($T1,4); - &pand ($T1,$MASK); - &paddd ($D2,$T1); - - &movdqa ($T1,$T0); - &psrlq ($T0,30); - &pand ($T0,$MASK); - &psrldq ($T1,7); - &paddd ($D3,$T0); - - &movd ($T0,"eax"); # padbit - &paddd ($D4,$T1); - &movd ($T1,&DWP(16*0+12,"edi")); # r0 - &paddd ($D4,$T0); - - &movdqa (&QWP(16*0,"esp"),$D0); - &movdqa (&QWP(16*1,"esp"),$D1); - &movdqa (&QWP(16*2,"esp"),$D2); - &movdqa (&QWP(16*3,"esp"),$D3); - &movdqa (&QWP(16*4,"esp"),$D4); - - ################################################################ - # d4 = h4*r0 + h3*r1 + h2*r2 + h1*r3 + h0*r4 - # d3 = h3*r0 + h2*r1 + h1*r2 + h0*r3 + h4*5*r4 - # d2 = h2*r0 + h1*r1 + h0*r2 + h4*5*r3 + h3*5*r4 - # d1 = h1*r0 + h0*r1 + h4*5*r2 + h3*5*r3 + h2*5*r4 - # d0 = h0*r0 + h4*5*r1 + h3*5*r2 + h2*5*r3 + h1*5*r4 - - &pmuludq ($D0,$T1); # h4*r0 - &pmuludq ($D1,$T1); # h3*r0 - &pmuludq ($D2,$T1); # h2*r0 - &movd ($T0,&DWP(16*1+12,"edi")); # r1 - &pmuludq ($D3,$T1); # h1*r0 - &pmuludq ($D4,$T1); # h0*r0 - - &pmuladd (sub { my ($reg,$i)=@_; - &movd ($reg,&DWP(16*$i+12,"edi")); - }); - - &lazy_reduction (); - - &sub ("ecx",16); - &jz (&label("done")); - -&set_label("even"); - &lea ("edx",&DWP(16*(5+5+5+9),"esp"));# size optimization - &lea ("eax",&DWP(-16*2,"esi")); - &sub ("ecx",64); - - ################################################################ - # expand and copy pre-calculated table to stack - - &movdqu ($T0,&QWP(16*0,"edi")); # r^1:r^2:r^3:r^4 - &pshufd ($T1,$T0,0b01000100); # duplicate r^3:r^4 - &cmovb ("esi","eax"); - &pshufd ($T0,$T0,0b11101110); # duplicate r^1:r^2 - &movdqa (&QWP(16*0,"edx"),$T1); - &lea ("eax",&DWP(16*10,"esp")); - &movdqu ($T1,&QWP(16*1,"edi")); - &movdqa (&QWP(16*(0-9),"edx"),$T0); - &pshufd ($T0,$T1,0b01000100); - &pshufd ($T1,$T1,0b11101110); - &movdqa (&QWP(16*1,"edx"),$T0); - &movdqu ($T0,&QWP(16*2,"edi")); - &movdqa (&QWP(16*(1-9),"edx"),$T1); - &pshufd ($T1,$T0,0b01000100); - &pshufd ($T0,$T0,0b11101110); - &movdqa (&QWP(16*2,"edx"),$T1); - &movdqu ($T1,&QWP(16*3,"edi")); - &movdqa (&QWP(16*(2-9),"edx"),$T0); - &pshufd ($T0,$T1,0b01000100); - &pshufd ($T1,$T1,0b11101110); - &movdqa (&QWP(16*3,"edx"),$T0); - &movdqu ($T0,&QWP(16*4,"edi")); - &movdqa (&QWP(16*(3-9),"edx"),$T1); - &pshufd ($T1,$T0,0b01000100); - &pshufd ($T0,$T0,0b11101110); - &movdqa (&QWP(16*4,"edx"),$T1); - &movdqu ($T1,&QWP(16*5,"edi")); - &movdqa (&QWP(16*(4-9),"edx"),$T0); - &pshufd ($T0,$T1,0b01000100); - &pshufd ($T1,$T1,0b11101110); - &movdqa (&QWP(16*5,"edx"),$T0); - &movdqu ($T0,&QWP(16*6,"edi")); - &movdqa (&QWP(16*(5-9),"edx"),$T1); - &pshufd ($T1,$T0,0b01000100); - &pshufd ($T0,$T0,0b11101110); - &movdqa (&QWP(16*6,"edx"),$T1); - &movdqu ($T1,&QWP(16*7,"edi")); - &movdqa (&QWP(16*(6-9),"edx"),$T0); - &pshufd ($T0,$T1,0b01000100); - &pshufd ($T1,$T1,0b11101110); - &movdqa (&QWP(16*7,"edx"),$T0); - &movdqu ($T0,&QWP(16*8,"edi")); - &movdqa (&QWP(16*(7-9),"edx"),$T1); - &pshufd ($T1,$T0,0b01000100); - &pshufd ($T0,$T0,0b11101110); - &movdqa (&QWP(16*8,"edx"),$T1); - &movdqa (&QWP(16*(8-9),"edx"),$T0); - -sub load_input { -my ($inpbase,$offbase)=@_; - - &movdqu ($T0,&QWP($inpbase+0,"esi")); # load input - &movdqu ($T1,&QWP($inpbase+16,"esi")); - &lea ("esi",&DWP(16*2,"esi")); - - &movdqa (&QWP($offbase+16*2,"esp"),$D2); - &movdqa (&QWP($offbase+16*3,"esp"),$D3); - &movdqa (&QWP($offbase+16*4,"esp"),$D4); - - &movdqa ($D2,$T0); # splat input - &movdqa ($D3,$T1); - &psrldq ($D2,6); - &psrldq ($D3,6); - &movdqa ($D4,$T0); - &punpcklqdq ($D2,$D3); # 2:3 - &punpckhqdq ($D4,$T1); # 4 - &punpcklqdq ($T0,$T1); # 0:1 - - &movdqa ($D3,$D2); - &psrlq ($D2,4); - &psrlq ($D3,30); - &movdqa ($T1,$T0); - &psrlq ($D4,40); # 4 - &psrlq ($T1,26); - &pand ($T0,$MASK); # 0 - &pand ($T1,$MASK); # 1 - &pand ($D2,$MASK); # 2 - &pand ($D3,$MASK); # 3 - &por ($D4,&QWP(0,"ebx")); # padbit, yes, always - - &movdqa (&QWP($offbase+16*0,"esp"),$D0) if ($offbase); - &movdqa (&QWP($offbase+16*1,"esp"),$D1) if ($offbase); -} - &load_input (16*2,16*5); - - &jbe (&label("skip_loop")); - &jmp (&label("loop")); - -&set_label("loop",32); - ################################################################ - # ((inp[0]*r^4+inp[2]*r^2+inp[4])*r^4+inp[6]*r^2 - # ((inp[1]*r^4+inp[3]*r^2+inp[5])*r^3+inp[7]*r - # \___________________/ - # ((inp[0]*r^4+inp[2]*r^2+inp[4])*r^4+inp[6]*r^2+inp[8])*r^2 - # ((inp[1]*r^4+inp[3]*r^2+inp[5])*r^4+inp[7]*r^2+inp[9])*r - # \___________________/ \____________________/ - ################################################################ - - &movdqa ($T2,&QWP(16*(0-9),"edx")); # r0^2 - &movdqa (&QWP(16*1,"eax"),$T1); - &movdqa (&QWP(16*2,"eax"),$D2); - &movdqa (&QWP(16*3,"eax"),$D3); - &movdqa (&QWP(16*4,"eax"),$D4); - - ################################################################ - # d4 = h4*r0 + h0*r4 + h1*r3 + h2*r2 + h3*r1 - # d3 = h3*r0 + h0*r3 + h1*r2 + h2*r1 + h4*5*r4 - # d2 = h2*r0 + h0*r2 + h1*r1 + h3*5*r4 + h4*5*r3 - # d1 = h1*r0 + h0*r1 + h2*5*r4 + h3*5*r3 + h4*5*r2 - # d0 = h0*r0 + h1*5*r4 + h2*5*r3 + h3*5*r2 + h4*5*r1 - - &movdqa ($D1,$T0); - &pmuludq ($T0,$T2); # h0*r0 - &movdqa ($D0,$T1); - &pmuludq ($T1,$T2); # h1*r0 - &pmuludq ($D2,$T2); # h2*r0 - &pmuludq ($D3,$T2); # h3*r0 - &pmuludq ($D4,$T2); # h4*r0 - -sub pmuladd_alt { -my $addr = shift; - - &pmuludq ($D0,&$addr(8)); # h1*s4 - &movdqa ($T2,$D1); - &pmuludq ($D1,&$addr(1)); # h0*r1 - &paddq ($D0,$T0); - &movdqa ($T0,$T2); - &pmuludq ($T2,&$addr(2)); # h0*r2 - &paddq ($D1,$T1); - &movdqa ($T1,$T0); - &pmuludq ($T0,&$addr(3)); # h0*r3 - &paddq ($D2,$T2); - &movdqa ($T2,&QWP(16*1,"eax")); # pull h1 - &pmuludq ($T1,&$addr(4)); # h0*r4 - &paddq ($D3,$T0); - - &movdqa ($T0,$T2); - &pmuludq ($T2,&$addr(1)); # h1*r1 - &paddq ($D4,$T1); - &movdqa ($T1,$T0); - &pmuludq ($T0,&$addr(2)); # h1*r2 - &paddq ($D2,$T2); - &movdqa ($T2,&QWP(16*2,"eax")); # pull h2 - &pmuludq ($T1,&$addr(3)); # h1*r3 - &paddq ($D3,$T0); - &movdqa ($T0,$T2); - &pmuludq ($T2,&$addr(7)); # h2*s3 - &paddq ($D4,$T1); - &movdqa ($T1,$T0); - &pmuludq ($T0,&$addr(8)); # h2*s4 - &paddq ($D0,$T2); - - &movdqa ($T2,$T1); - &pmuludq ($T1,&$addr(1)); # h2*r1 - &paddq ($D1,$T0); - &movdqa ($T0,&QWP(16*3,"eax")); # pull h3 - &pmuludq ($T2,&$addr(2)); # h2*r2 - &paddq ($D3,$T1); - &movdqa ($T1,$T0); - &pmuludq ($T0,&$addr(6)); # h3*s2 - &paddq ($D4,$T2); - &movdqa ($T2,$T1); - &pmuludq ($T1,&$addr(7)); # h3*s3 - &paddq ($D0,$T0); - &movdqa ($T0,$T2); - &pmuludq ($T2,&$addr(8)); # h3*s4 - &paddq ($D1,$T1); - - &movdqa ($T1,&QWP(16*4,"eax")); # pull h4 - &pmuludq ($T0,&$addr(1)); # h3*r1 - &paddq ($D2,$T2); - &movdqa ($T2,$T1); - &pmuludq ($T1,&$addr(8)); # h4*s4 - &paddq ($D4,$T0); - &movdqa ($T0,$T2); - &pmuludq ($T2,&$addr(5)); # h4*s1 - &paddq ($D3,$T1); - &movdqa ($T1,$T0); - &pmuludq ($T0,&$addr(6)); # h4*s2 - &paddq ($D0,$T2); - &movdqa ($MASK,&QWP(64,"ebx")); - &pmuludq ($T1,&$addr(7)); # h4*s3 - &paddq ($D1,$T0); - &paddq ($D2,$T1); -} - &pmuladd_alt (sub { my $i=shift; &QWP(16*($i-9),"edx"); }); - - &load_input (-16*2,0); - &lea ("eax",&DWP(-16*2,"esi")); - &sub ("ecx",64); - - &paddd ($T0,&QWP(16*(5+0),"esp")); # add hash value - &paddd ($T1,&QWP(16*(5+1),"esp")); - &paddd ($D2,&QWP(16*(5+2),"esp")); - &paddd ($D3,&QWP(16*(5+3),"esp")); - &paddd ($D4,&QWP(16*(5+4),"esp")); - - &cmovb ("esi","eax"); - &lea ("eax",&DWP(16*10,"esp")); - - &movdqa ($T2,&QWP(16*0,"edx")); # r0^4 - &movdqa (&QWP(16*1,"esp"),$D1); - &movdqa (&QWP(16*1,"eax"),$T1); - &movdqa (&QWP(16*2,"eax"),$D2); - &movdqa (&QWP(16*3,"eax"),$D3); - &movdqa (&QWP(16*4,"eax"),$D4); - - ################################################################ - # d4 += h4*r0 + h0*r4 + h1*r3 + h2*r2 + h3*r1 - # d3 += h3*r0 + h0*r3 + h1*r2 + h2*r1 + h4*5*r4 - # d2 += h2*r0 + h0*r2 + h1*r1 + h3*5*r4 + h4*5*r3 - # d1 += h1*r0 + h0*r1 + h2*5*r4 + h3*5*r3 + h4*5*r2 - # d0 += h0*r0 + h1*5*r4 + h2*5*r3 + h3*5*r2 + h4*5*r1 - - &movdqa ($D1,$T0); - &pmuludq ($T0,$T2); # h0*r0 - &paddq ($T0,$D0); - &movdqa ($D0,$T1); - &pmuludq ($T1,$T2); # h1*r0 - &pmuludq ($D2,$T2); # h2*r0 - &pmuludq ($D3,$T2); # h3*r0 - &pmuludq ($D4,$T2); # h4*r0 - - &paddq ($T1,&QWP(16*1,"esp")); - &paddq ($D2,&QWP(16*2,"esp")); - &paddq ($D3,&QWP(16*3,"esp")); - &paddq ($D4,&QWP(16*4,"esp")); - - &pmuladd_alt (sub { my $i=shift; &QWP(16*$i,"edx"); }); - - &lazy_reduction (); - - &load_input (16*2,16*5); - - &ja (&label("loop")); - -&set_label("skip_loop"); - ################################################################ - # multiply (inp[0:1]+hash) or inp[2:3] by r^2:r^1 - - &pshufd ($T2,&QWP(16*(0-9),"edx"),0x10);# r0^n - &add ("ecx",32); - &jnz (&label("long_tail")); - - &paddd ($T0,$D0); # add hash value - &paddd ($T1,$D1); - &paddd ($D2,&QWP(16*7,"esp")); - &paddd ($D3,&QWP(16*8,"esp")); - &paddd ($D4,&QWP(16*9,"esp")); - -&set_label("long_tail"); - - &movdqa (&QWP(16*0,"eax"),$T0); - &movdqa (&QWP(16*1,"eax"),$T1); - &movdqa (&QWP(16*2,"eax"),$D2); - &movdqa (&QWP(16*3,"eax"),$D3); - &movdqa (&QWP(16*4,"eax"),$D4); - - ################################################################ - # d4 = h4*r0 + h3*r1 + h2*r2 + h1*r3 + h0*r4 - # d3 = h3*r0 + h2*r1 + h1*r2 + h0*r3 + h4*5*r4 - # d2 = h2*r0 + h1*r1 + h0*r2 + h4*5*r3 + h3*5*r4 - # d1 = h1*r0 + h0*r1 + h4*5*r2 + h3*5*r3 + h2*5*r4 - # d0 = h0*r0 + h4*5*r1 + h3*5*r2 + h2*5*r3 + h1*5*r4 - - &pmuludq ($T0,$T2); # h0*r0 - &pmuludq ($T1,$T2); # h1*r0 - &pmuludq ($D2,$T2); # h2*r0 - &movdqa ($D0,$T0); - &pshufd ($T0,&QWP(16*(1-9),"edx"),0x10);# r1^n - &pmuludq ($D3,$T2); # h3*r0 - &movdqa ($D1,$T1); - &pmuludq ($D4,$T2); # h4*r0 - - &pmuladd (sub { my ($reg,$i)=@_; - &pshufd ($reg,&QWP(16*($i-9),"edx"),0x10); - },"eax"); - - &jz (&label("short_tail")); - - &load_input (-16*2,0); - - &pshufd ($T2,&QWP(16*0,"edx"),0x10); # r0^n - &paddd ($T0,&QWP(16*5,"esp")); # add hash value - &paddd ($T1,&QWP(16*6,"esp")); - &paddd ($D2,&QWP(16*7,"esp")); - &paddd ($D3,&QWP(16*8,"esp")); - &paddd ($D4,&QWP(16*9,"esp")); - - ################################################################ - # multiply inp[0:1] by r^4:r^3 and accumulate - - &movdqa (&QWP(16*0,"esp"),$T0); - &pmuludq ($T0,$T2); # h0*r0 - &movdqa (&QWP(16*1,"esp"),$T1); - &pmuludq ($T1,$T2); # h1*r0 - &paddq ($D0,$T0); - &movdqa ($T0,$D2); - &pmuludq ($D2,$T2); # h2*r0 - &paddq ($D1,$T1); - &movdqa ($T1,$D3); - &pmuludq ($D3,$T2); # h3*r0 - &paddq ($D2,&QWP(16*2,"esp")); - &movdqa (&QWP(16*2,"esp"),$T0); - &pshufd ($T0,&QWP(16*1,"edx"),0x10); # r1^n - &paddq ($D3,&QWP(16*3,"esp")); - &movdqa (&QWP(16*3,"esp"),$T1); - &movdqa ($T1,$D4); - &pmuludq ($D4,$T2); # h4*r0 - &paddq ($D4,&QWP(16*4,"esp")); - &movdqa (&QWP(16*4,"esp"),$T1); - - &pmuladd (sub { my ($reg,$i)=@_; - &pshufd ($reg,&QWP(16*$i,"edx"),0x10); - }); - -&set_label("short_tail"); - - ################################################################ - # horizontal addition - - &pshufd ($T1,$D4,0b01001110); - &pshufd ($T0,$D3,0b01001110); - &paddq ($D4,$T1); - &paddq ($D3,$T0); - &pshufd ($T1,$D0,0b01001110); - &pshufd ($T0,$D1,0b01001110); - &paddq ($D0,$T1); - &paddq ($D1,$T0); - &pshufd ($T1,$D2,0b01001110); - #&paddq ($D2,$T1); - - &lazy_reduction (sub { &paddq ($D2,$T1) }); - -&set_label("done"); - &movd (&DWP(-16*3+4*0,"edi"),$D0); # store hash value - &movd (&DWP(-16*3+4*1,"edi"),$D1); - &movd (&DWP(-16*3+4*2,"edi"),$D2); - &movd (&DWP(-16*3+4*3,"edi"),$D3); - &movd (&DWP(-16*3+4*4,"edi"),$D4); - &mov ("esp","ebp"); -&set_label("nodata"); -&function_end("_poly1305_blocks_sse2"); - -&align (32); -&function_begin("_poly1305_emit_sse2"); - &mov ("ebp",&wparam(0)); # context - - &cmp (&DWP(4*5,"ebp"),0); # is_base2_26? - &je (&label("enter_emit")); - - &mov ("eax",&DWP(4*0,"ebp")); # load hash value - &mov ("edi",&DWP(4*1,"ebp")); - &mov ("ecx",&DWP(4*2,"ebp")); - &mov ("edx",&DWP(4*3,"ebp")); - &mov ("esi",&DWP(4*4,"ebp")); - - &mov ("ebx","edi"); # base 2^26 -> base 2^32 - &shl ("edi",26); - &shr ("ebx",6); - &add ("eax","edi"); - &mov ("edi","ecx"); - &adc ("ebx",0); - - &shl ("edi",20); - &shr ("ecx",12); - &add ("ebx","edi"); - &mov ("edi","edx"); - &adc ("ecx",0); - - &shl ("edi",14); - &shr ("edx",18); - &add ("ecx","edi"); - &mov ("edi","esi"); - &adc ("edx",0); - - &shl ("edi",8); - &shr ("esi",24); - &add ("edx","edi"); - &adc ("esi",0); # can be partially reduced - - &mov ("edi","esi"); # final reduction - &and ("esi",3); - &shr ("edi",2); - &lea ("ebp",&DWP(0,"edi","edi",4)); # *5 - &mov ("edi",&wparam(1)); # output - &add ("eax","ebp"); - &mov ("ebp",&wparam(2)); # key - &adc ("ebx",0); - &adc ("ecx",0); - &adc ("edx",0); - &adc ("esi",0); - - &movd ($D0,"eax"); # offload original hash value - &add ("eax",5); # compare to modulus - &movd ($D1,"ebx"); - &adc ("ebx",0); - &movd ($D2,"ecx"); - &adc ("ecx",0); - &movd ($D3,"edx"); - &adc ("edx",0); - &adc ("esi",0); - &shr ("esi",2); # did it carry/borrow? - - &neg ("esi"); # do we choose (hash-modulus) ... - &and ("eax","esi"); - &and ("ebx","esi"); - &and ("ecx","esi"); - &and ("edx","esi"); - &mov (&DWP(4*0,"edi"),"eax"); - &movd ("eax",$D0); - &mov (&DWP(4*1,"edi"),"ebx"); - &movd ("ebx",$D1); - &mov (&DWP(4*2,"edi"),"ecx"); - &movd ("ecx",$D2); - &mov (&DWP(4*3,"edi"),"edx"); - &movd ("edx",$D3); - - ¬ ("esi"); # ... or original hash value? - &and ("eax","esi"); - &and ("ebx","esi"); - &or ("eax",&DWP(4*0,"edi")); - &and ("ecx","esi"); - &or ("ebx",&DWP(4*1,"edi")); - &and ("edx","esi"); - &or ("ecx",&DWP(4*2,"edi")); - &or ("edx",&DWP(4*3,"edi")); - - &add ("eax",&DWP(4*0,"ebp")); # accumulate key - &adc ("ebx",&DWP(4*1,"ebp")); - &mov (&DWP(4*0,"edi"),"eax"); - &adc ("ecx",&DWP(4*2,"ebp")); - &mov (&DWP(4*1,"edi"),"ebx"); - &adc ("edx",&DWP(4*3,"ebp")); - &mov (&DWP(4*2,"edi"),"ecx"); - &mov (&DWP(4*3,"edi"),"edx"); -&function_end("_poly1305_emit_sse2"); - -if ($avx>1) { -######################################################################## -# Note that poly1305_init_avx2 operates on %xmm, I could have used -# poly1305_init_sse2... - -&align (32); -&function_begin_B("_poly1305_init_avx2"); - &vmovdqu ($D4,&QWP(4*6,"edi")); # key base 2^32 - &lea ("edi",&DWP(16*3,"edi")); # size optimization - &mov ("ebp","esp"); - &sub ("esp",16*(9+5)); - &and ("esp",-16); - - #&vpand ($D4,$D4,&QWP(96,"ebx")); # magic mask - &vmovdqa ($MASK,&QWP(64,"ebx")); - - &vpand ($D0,$D4,$MASK); # -> base 2^26 - &vpsrlq ($D1,$D4,26); - &vpsrldq ($D3,$D4,6); - &vpand ($D1,$D1,$MASK); - &vpsrlq ($D2,$D3,4) - &vpsrlq ($D3,$D3,30); - &vpand ($D2,$D2,$MASK); - &vpand ($D3,$D3,$MASK); - &vpsrldq ($D4,$D4,13); - - &lea ("edx",&DWP(16*9,"esp")); # size optimization - &mov ("ecx",2); -&set_label("square"); - &vmovdqa (&QWP(16*0,"esp"),$D0); - &vmovdqa (&QWP(16*1,"esp"),$D1); - &vmovdqa (&QWP(16*2,"esp"),$D2); - &vmovdqa (&QWP(16*3,"esp"),$D3); - &vmovdqa (&QWP(16*4,"esp"),$D4); - - &vpslld ($T1,$D1,2); - &vpslld ($T0,$D2,2); - &vpaddd ($T1,$T1,$D1); # *5 - &vpaddd ($T0,$T0,$D2); # *5 - &vmovdqa (&QWP(16*5,"esp"),$T1); - &vmovdqa (&QWP(16*6,"esp"),$T0); - &vpslld ($T1,$D3,2); - &vpslld ($T0,$D4,2); - &vpaddd ($T1,$T1,$D3); # *5 - &vpaddd ($T0,$T0,$D4); # *5 - &vmovdqa (&QWP(16*7,"esp"),$T1); - &vmovdqa (&QWP(16*8,"esp"),$T0); - - &vpshufd ($T0,$D0,0b01000100); - &vmovdqa ($T1,$D1); - &vpshufd ($D1,$D1,0b01000100); - &vpshufd ($D2,$D2,0b01000100); - &vpshufd ($D3,$D3,0b01000100); - &vpshufd ($D4,$D4,0b01000100); - &vmovdqa (&QWP(16*0,"edx"),$T0); - &vmovdqa (&QWP(16*1,"edx"),$D1); - &vmovdqa (&QWP(16*2,"edx"),$D2); - &vmovdqa (&QWP(16*3,"edx"),$D3); - &vmovdqa (&QWP(16*4,"edx"),$D4); - - ################################################################ - # d4 = h4*r0 + h3*r1 + h2*r2 + h1*r3 + h0*r4 - # d3 = h3*r0 + h2*r1 + h1*r2 + h0*r3 + h4*5*r4 - # d2 = h2*r0 + h1*r1 + h0*r2 + h4*5*r3 + h3*5*r4 - # d1 = h1*r0 + h0*r1 + h4*5*r2 + h3*5*r3 + h2*5*r4 - # d0 = h0*r0 + h4*5*r1 + h3*5*r2 + h2*5*r3 + h1*5*r4 - - &vpmuludq ($D4,$D4,$D0); # h4*r0 - &vpmuludq ($D3,$D3,$D0); # h3*r0 - &vpmuludq ($D2,$D2,$D0); # h2*r0 - &vpmuludq ($D1,$D1,$D0); # h1*r0 - &vpmuludq ($D0,$T0,$D0); # h0*r0 - - &vpmuludq ($T0,$T1,&QWP(16*3,"edx")); # r1*h3 - &vpaddq ($D4,$D4,$T0); - &vpmuludq ($T2,$T1,&QWP(16*2,"edx")); # r1*h2 - &vpaddq ($D3,$D3,$T2); - &vpmuludq ($T0,$T1,&QWP(16*1,"edx")); # r1*h1 - &vpaddq ($D2,$D2,$T0); - &vmovdqa ($T2,&QWP(16*5,"esp")); # s1 - &vpmuludq ($T1,$T1,&QWP(16*0,"edx")); # r1*h0 - &vpaddq ($D1,$D1,$T1); - &vmovdqa ($T0,&QWP(16*2,"esp")); # r2 - &vpmuludq ($T2,$T2,&QWP(16*4,"edx")); # s1*h4 - &vpaddq ($D0,$D0,$T2); - - &vpmuludq ($T1,$T0,&QWP(16*2,"edx")); # r2*h2 - &vpaddq ($D4,$D4,$T1); - &vpmuludq ($T2,$T0,&QWP(16*1,"edx")); # r2*h1 - &vpaddq ($D3,$D3,$T2); - &vmovdqa ($T1,&QWP(16*6,"esp")); # s2 - &vpmuludq ($T0,$T0,&QWP(16*0,"edx")); # r2*h0 - &vpaddq ($D2,$D2,$T0); - &vpmuludq ($T2,$T1,&QWP(16*4,"edx")); # s2*h4 - &vpaddq ($D1,$D1,$T2); - &vmovdqa ($T0,&QWP(16*3,"esp")); # r3 - &vpmuludq ($T1,$T1,&QWP(16*3,"edx")); # s2*h3 - &vpaddq ($D0,$D0,$T1); - - &vpmuludq ($T2,$T0,&QWP(16*1,"edx")); # r3*h1 - &vpaddq ($D4,$D4,$T2); - &vmovdqa ($T1,&QWP(16*7,"esp")); # s3 - &vpmuludq ($T0,$T0,&QWP(16*0,"edx")); # r3*h0 - &vpaddq ($D3,$D3,$T0); - &vpmuludq ($T2,$T1,&QWP(16*4,"edx")); # s3*h4 - &vpaddq ($D2,$D2,$T2); - &vpmuludq ($T0,$T1,&QWP(16*3,"edx")); # s3*h3 - &vpaddq ($D1,$D1,$T0); - &vmovdqa ($T2,&QWP(16*4,"esp")); # r4 - &vpmuludq ($T1,$T1,&QWP(16*2,"edx")); # s3*h2 - &vpaddq ($D0,$D0,$T1); - - &vmovdqa ($T0,&QWP(16*8,"esp")); # s4 - &vpmuludq ($T2,$T2,&QWP(16*0,"edx")); # r4*h0 - &vpaddq ($D4,$D4,$T2); - &vpmuludq ($T1,$T0,&QWP(16*4,"edx")); # s4*h4 - &vpaddq ($D3,$D3,$T1); - &vpmuludq ($T2,$T0,&QWP(16*1,"edx")); # s4*h1 - &vpaddq ($D0,$D0,$T2); - &vpmuludq ($T1,$T0,&QWP(16*2,"edx")); # s4*h2 - &vpaddq ($D1,$D1,$T1); - &vmovdqa ($MASK,&QWP(64,"ebx")); - &vpmuludq ($T0,$T0,&QWP(16*3,"edx")); # s4*h3 - &vpaddq ($D2,$D2,$T0); - - ################################################################ - # lazy reduction - &vpsrlq ($T0,$D3,26); - &vpand ($D3,$D3,$MASK); - &vpsrlq ($T1,$D0,26); - &vpand ($D0,$D0,$MASK); - &vpaddq ($D4,$D4,$T0); # h3 -> h4 - &vpaddq ($D1,$D1,$T1); # h0 -> h1 - &vpsrlq ($T0,$D4,26); - &vpand ($D4,$D4,$MASK); - &vpsrlq ($T1,$D1,26); - &vpand ($D1,$D1,$MASK); - &vpaddq ($D2,$D2,$T1); # h1 -> h2 - &vpaddd ($D0,$D0,$T0); - &vpsllq ($T0,$T0,2); - &vpsrlq ($T1,$D2,26); - &vpand ($D2,$D2,$MASK); - &vpaddd ($D0,$D0,$T0); # h4 -> h0 - &vpaddd ($D3,$D3,$T1); # h2 -> h3 - &vpsrlq ($T1,$D3,26); - &vpsrlq ($T0,$D0,26); - &vpand ($D0,$D0,$MASK); - &vpand ($D3,$D3,$MASK); - &vpaddd ($D1,$D1,$T0); # h0 -> h1 - &vpaddd ($D4,$D4,$T1); # h3 -> h4 - - &dec ("ecx"); - &jz (&label("square_break")); - - &vpunpcklqdq ($D0,$D0,&QWP(16*0,"esp")); # 0:r^1:0:r^2 - &vpunpcklqdq ($D1,$D1,&QWP(16*1,"esp")); - &vpunpcklqdq ($D2,$D2,&QWP(16*2,"esp")); - &vpunpcklqdq ($D3,$D3,&QWP(16*3,"esp")); - &vpunpcklqdq ($D4,$D4,&QWP(16*4,"esp")); - &jmp (&label("square")); - -&set_label("square_break"); - &vpsllq ($D0,$D0,32); # -> r^3:0:r^4:0 - &vpsllq ($D1,$D1,32); - &vpsllq ($D2,$D2,32); - &vpsllq ($D3,$D3,32); - &vpsllq ($D4,$D4,32); - &vpor ($D0,$D0,&QWP(16*0,"esp")); # r^3:r^1:r^4:r^2 - &vpor ($D1,$D1,&QWP(16*1,"esp")); - &vpor ($D2,$D2,&QWP(16*2,"esp")); - &vpor ($D3,$D3,&QWP(16*3,"esp")); - &vpor ($D4,$D4,&QWP(16*4,"esp")); - - &vpshufd ($D0,$D0,0b10001101); # -> r^1:r^2:r^3:r^4 - &vpshufd ($D1,$D1,0b10001101); - &vpshufd ($D2,$D2,0b10001101); - &vpshufd ($D3,$D3,0b10001101); - &vpshufd ($D4,$D4,0b10001101); - - &vmovdqu (&QWP(16*0,"edi"),$D0); # save the table - &vmovdqu (&QWP(16*1,"edi"),$D1); - &vmovdqu (&QWP(16*2,"edi"),$D2); - &vmovdqu (&QWP(16*3,"edi"),$D3); - &vmovdqu (&QWP(16*4,"edi"),$D4); - - &vpslld ($T1,$D1,2); - &vpslld ($T0,$D2,2); - &vpaddd ($T1,$T1,$D1); # *5 - &vpaddd ($T0,$T0,$D2); # *5 - &vmovdqu (&QWP(16*5,"edi"),$T1); - &vmovdqu (&QWP(16*6,"edi"),$T0); - &vpslld ($T1,$D3,2); - &vpslld ($T0,$D4,2); - &vpaddd ($T1,$T1,$D3); # *5 - &vpaddd ($T0,$T0,$D4); # *5 - &vmovdqu (&QWP(16*7,"edi"),$T1); - &vmovdqu (&QWP(16*8,"edi"),$T0); - - &mov ("esp","ebp"); - &lea ("edi",&DWP(-16*3,"edi")); # size de-optimization - &ret (); -&function_end_B("_poly1305_init_avx2"); - -######################################################################## -# now it's time to switch to %ymm - -my ($D0,$D1,$D2,$D3,$D4,$T0,$T1,$T2)=map("ymm$_",(0..7)); -my $MASK=$T2; - -sub X { my $reg=shift; $reg=~s/^ymm/xmm/; $reg; } - -&align (32); -&function_begin("_poly1305_blocks_avx2"); - &mov ("edi",&wparam(0)); # ctx - &mov ("esi",&wparam(1)); # inp - &mov ("ecx",&wparam(2)); # len - - &mov ("eax",&DWP(4*5,"edi")); # is_base2_26 - &and ("ecx",-16); - &jz (&label("nodata")); - &cmp ("ecx",64); - &jae (&label("enter_avx2")); - &test ("eax","eax"); # is_base2_26? - &jz (&label("enter_blocks")); - -&set_label("enter_avx2"); - &vzeroupper (); - - &call (&label("pic_point")); -&set_label("pic_point"); - &blindpop("ebx"); - &lea ("ebx",&DWP(&label("const_sse2")."-".&label("pic_point"),"ebx")); - - &test ("eax","eax"); # is_base2_26? - &jnz (&label("base2_26")); - - &call ("_poly1305_init_avx2"); - - ################################################# base 2^32 -> base 2^26 - &mov ("eax",&DWP(0,"edi")); - &mov ("ecx",&DWP(3,"edi")); - &mov ("edx",&DWP(6,"edi")); - &mov ("esi",&DWP(9,"edi")); - &mov ("ebp",&DWP(13,"edi")); - - &shr ("ecx",2); - &and ("eax",0x3ffffff); - &shr ("edx",4); - &and ("ecx",0x3ffffff); - &shr ("esi",6); - &and ("edx",0x3ffffff); - - &mov (&DWP(4*0,"edi"),"eax"); - &mov (&DWP(4*1,"edi"),"ecx"); - &mov (&DWP(4*2,"edi"),"edx"); - &mov (&DWP(4*3,"edi"),"esi"); - &mov (&DWP(4*4,"edi"),"ebp"); - &mov (&DWP(4*5,"edi"),1); # is_base2_26 - - &mov ("esi",&wparam(1)); # [reload] inp - &mov ("ecx",&wparam(2)); # [reload] len - -&set_label("base2_26"); - &mov ("eax",&wparam(3)); # padbit - &mov ("ebp","esp"); - - &sub ("esp",32*(5+9)); - &and ("esp",-512); # ensure that frame - # doesn't cross page - # boundary, which is - # essential for - # misaligned 32-byte - # loads - - ################################################################ - # expand and copy pre-calculated table to stack - - &vmovdqu (&X($D0),&QWP(16*(3+0),"edi")); - &lea ("edx",&DWP(32*5+128,"esp")); # +128 size optimization - &vmovdqu (&X($D1),&QWP(16*(3+1),"edi")); - &vmovdqu (&X($D2),&QWP(16*(3+2),"edi")); - &vmovdqu (&X($D3),&QWP(16*(3+3),"edi")); - &vmovdqu (&X($D4),&QWP(16*(3+4),"edi")); - &lea ("edi",&DWP(16*3,"edi")); # size optimization - &vpermq ($D0,$D0,0b01000000); # 00001234 -> 12343434 - &vpermq ($D1,$D1,0b01000000); - &vpermq ($D2,$D2,0b01000000); - &vpermq ($D3,$D3,0b01000000); - &vpermq ($D4,$D4,0b01000000); - &vpshufd ($D0,$D0,0b11001000); # 12343434 -> 14243444 - &vpshufd ($D1,$D1,0b11001000); - &vpshufd ($D2,$D2,0b11001000); - &vpshufd ($D3,$D3,0b11001000); - &vpshufd ($D4,$D4,0b11001000); - &vmovdqa (&QWP(32*0-128,"edx"),$D0); - &vmovdqu (&X($D0),&QWP(16*5,"edi")); - &vmovdqa (&QWP(32*1-128,"edx"),$D1); - &vmovdqu (&X($D1),&QWP(16*6,"edi")); - &vmovdqa (&QWP(32*2-128,"edx"),$D2); - &vmovdqu (&X($D2),&QWP(16*7,"edi")); - &vmovdqa (&QWP(32*3-128,"edx"),$D3); - &vmovdqu (&X($D3),&QWP(16*8,"edi")); - &vmovdqa (&QWP(32*4-128,"edx"),$D4); - &vpermq ($D0,$D0,0b01000000); - &vpermq ($D1,$D1,0b01000000); - &vpermq ($D2,$D2,0b01000000); - &vpermq ($D3,$D3,0b01000000); - &vpshufd ($D0,$D0,0b11001000); - &vpshufd ($D1,$D1,0b11001000); - &vpshufd ($D2,$D2,0b11001000); - &vpshufd ($D3,$D3,0b11001000); - &vmovdqa (&QWP(32*5-128,"edx"),$D0); - &vmovd (&X($D0),&DWP(-16*3+4*0,"edi"));# load hash value - &vmovdqa (&QWP(32*6-128,"edx"),$D1); - &vmovd (&X($D1),&DWP(-16*3+4*1,"edi")); - &vmovdqa (&QWP(32*7-128,"edx"),$D2); - &vmovd (&X($D2),&DWP(-16*3+4*2,"edi")); - &vmovdqa (&QWP(32*8-128,"edx"),$D3); - &vmovd (&X($D3),&DWP(-16*3+4*3,"edi")); - &vmovd (&X($D4),&DWP(-16*3+4*4,"edi")); - &vmovdqa ($MASK,&QWP(64,"ebx")); - &neg ("eax"); # padbit - - &test ("ecx",63); - &jz (&label("even")); - - &mov ("edx","ecx"); - &and ("ecx",-64); - &and ("edx",63); - - &vmovdqu (&X($T0),&QWP(16*0,"esi")); - &cmp ("edx",32); - &jb (&label("one")); - - &vmovdqu (&X($T1),&QWP(16*1,"esi")); - &je (&label("two")); - - &vinserti128 ($T0,$T0,&QWP(16*2,"esi"),1); - &lea ("esi",&DWP(16*3,"esi")); - &lea ("ebx",&DWP(8,"ebx")); # three padbits - &lea ("edx",&DWP(32*5+128+8,"esp")); # --:r^1:r^2:r^3 (*) - &jmp (&label("tail")); - -&set_label("two"); - &lea ("esi",&DWP(16*2,"esi")); - &lea ("ebx",&DWP(16,"ebx")); # two padbits - &lea ("edx",&DWP(32*5+128+16,"esp"));# --:--:r^1:r^2 (*) - &jmp (&label("tail")); - -&set_label("one"); - &lea ("esi",&DWP(16*1,"esi")); - &vpxor ($T1,$T1,$T1); - &lea ("ebx",&DWP(32,"ebx","eax",8)); # one or no padbits - &lea ("edx",&DWP(32*5+128+24,"esp"));# --:--:--:r^1 (*) - &jmp (&label("tail")); - -# (*) spots marked with '--' are data from next table entry, but they -# are multiplied by 0 and therefore rendered insignificant - -&set_label("even",32); - &vmovdqu (&X($T0),&QWP(16*0,"esi")); # load input - &vmovdqu (&X($T1),&QWP(16*1,"esi")); - &vinserti128 ($T0,$T0,&QWP(16*2,"esi"),1); - &vinserti128 ($T1,$T1,&QWP(16*3,"esi"),1); - &lea ("esi",&DWP(16*4,"esi")); - &sub ("ecx",64); - &jz (&label("tail")); - -&set_label("loop"); - ################################################################ - # ((inp[0]*r^4+r[4])*r^4+r[8])*r^4 - # ((inp[1]*r^4+r[5])*r^4+r[9])*r^3 - # ((inp[2]*r^4+r[6])*r^4+r[10])*r^2 - # ((inp[3]*r^4+r[7])*r^4+r[11])*r^1 - # \________/ \_______/ - ################################################################ - -sub vsplat_input { - &vmovdqa (&QWP(32*2,"esp"),$D2); - &vpsrldq ($D2,$T0,6); # splat input - &vmovdqa (&QWP(32*0,"esp"),$D0); - &vpsrldq ($D0,$T1,6); - &vmovdqa (&QWP(32*1,"esp"),$D1); - &vpunpckhqdq ($D1,$T0,$T1); # 4 - &vpunpcklqdq ($T0,$T0,$T1); # 0:1 - &vpunpcklqdq ($D2,$D2,$D0); # 2:3 - - &vpsrlq ($D0,$D2,30); - &vpsrlq ($D2,$D2,4); - &vpsrlq ($T1,$T0,26); - &vpsrlq ($D1,$D1,40); # 4 - &vpand ($D2,$D2,$MASK); # 2 - &vpand ($T0,$T0,$MASK); # 0 - &vpand ($T1,$T1,$MASK); # 1 - &vpand ($D0,$D0,$MASK); # 3 (*) - &vpor ($D1,$D1,&QWP(0,"ebx")); # padbit, yes, always - - # (*) note that output is counterintuitive, inp[3:4] is - # returned in $D1-2, while $D3-4 are preserved; -} - &vsplat_input (); - -sub vpmuladd { -my $addr = shift; - - &vpaddq ($D2,$D2,&QWP(32*2,"esp")); # add hash value - &vpaddq ($T0,$T0,&QWP(32*0,"esp")); - &vpaddq ($T1,$T1,&QWP(32*1,"esp")); - &vpaddq ($D0,$D0,$D3); - &vpaddq ($D1,$D1,$D4); - - ################################################################ - # d3 = h2*r1 + h0*r3 + h1*r2 + h3*r0 + h4*5*r4 - # d4 = h2*r2 + h0*r4 + h1*r3 + h3*r1 + h4*r0 - # d0 = h2*5*r3 + h0*r0 + h1*5*r4 + h3*5*r2 + h4*5*r1 - # d1 = h2*5*r4 + h0*r1 + h1*r0 + h3*5*r3 + h4*5*r2 - # d2 = h2*r0 + h0*r2 + h1*r1 + h3*5*r4 + h4*5*r3 - - &vpmuludq ($D3,$D2,&$addr(1)); # d3 = h2*r1 - &vmovdqa (QWP(32*1,"esp"),$T1); - &vpmuludq ($D4,$D2,&$addr(2)); # d4 = h2*r2 - &vmovdqa (QWP(32*3,"esp"),$D0); - &vpmuludq ($D0,$D2,&$addr(7)); # d0 = h2*s3 - &vmovdqa (QWP(32*4,"esp"),$D1); - &vpmuludq ($D1,$D2,&$addr(8)); # d1 = h2*s4 - &vpmuludq ($D2,$D2,&$addr(0)); # d2 = h2*r0 - - &vpmuludq ($T2,$T0,&$addr(3)); # h0*r3 - &vpaddq ($D3,$D3,$T2); # d3 += h0*r3 - &vpmuludq ($T1,$T0,&$addr(4)); # h0*r4 - &vpaddq ($D4,$D4,$T1); # d4 + h0*r4 - &vpmuludq ($T2,$T0,&$addr(0)); # h0*r0 - &vpaddq ($D0,$D0,$T2); # d0 + h0*r0 - &vmovdqa ($T2,&QWP(32*1,"esp")); # h1 - &vpmuludq ($T1,$T0,&$addr(1)); # h0*r1 - &vpaddq ($D1,$D1,$T1); # d1 += h0*r1 - &vpmuludq ($T0,$T0,&$addr(2)); # h0*r2 - &vpaddq ($D2,$D2,$T0); # d2 += h0*r2 - - &vpmuludq ($T1,$T2,&$addr(2)); # h1*r2 - &vpaddq ($D3,$D3,$T1); # d3 += h1*r2 - &vpmuludq ($T0,$T2,&$addr(3)); # h1*r3 - &vpaddq ($D4,$D4,$T0); # d4 += h1*r3 - &vpmuludq ($T1,$T2,&$addr(8)); # h1*s4 - &vpaddq ($D0,$D0,$T1); # d0 += h1*s4 - &vmovdqa ($T1,&QWP(32*3,"esp")); # h3 - &vpmuludq ($T0,$T2,&$addr(0)); # h1*r0 - &vpaddq ($D1,$D1,$T0); # d1 += h1*r0 - &vpmuludq ($T2,$T2,&$addr(1)); # h1*r1 - &vpaddq ($D2,$D2,$T2); # d2 += h1*r1 - - &vpmuludq ($T0,$T1,&$addr(0)); # h3*r0 - &vpaddq ($D3,$D3,$T0); # d3 += h3*r0 - &vpmuludq ($T2,$T1,&$addr(1)); # h3*r1 - &vpaddq ($D4,$D4,$T2); # d4 += h3*r1 - &vpmuludq ($T0,$T1,&$addr(6)); # h3*s2 - &vpaddq ($D0,$D0,$T0); # d0 += h3*s2 - &vmovdqa ($T0,&QWP(32*4,"esp")); # h4 - &vpmuludq ($T2,$T1,&$addr(7)); # h3*s3 - &vpaddq ($D1,$D1,$T2); # d1+= h3*s3 - &vpmuludq ($T1,$T1,&$addr(8)); # h3*s4 - &vpaddq ($D2,$D2,$T1); # d2 += h3*s4 - - &vpmuludq ($T2,$T0,&$addr(8)); # h4*s4 - &vpaddq ($D3,$D3,$T2); # d3 += h4*s4 - &vpmuludq ($T1,$T0,&$addr(5)); # h4*s1 - &vpaddq ($D0,$D0,$T1); # d0 += h4*s1 - &vpmuludq ($T2,$T0,&$addr(0)); # h4*r0 - &vpaddq ($D4,$D4,$T2); # d4 += h4*r0 - &vmovdqa ($MASK,&QWP(64,"ebx")); - &vpmuludq ($T1,$T0,&$addr(6)); # h4*s2 - &vpaddq ($D1,$D1,$T1); # d1 += h4*s2 - &vpmuludq ($T0,$T0,&$addr(7)); # h4*s3 - &vpaddq ($D2,$D2,$T0); # d2 += h4*s3 -} - &vpmuladd (sub { my $i=shift; &QWP(32*$i-128,"edx"); }); - -sub vlazy_reduction { - ################################################################ - # lazy reduction - - &vpsrlq ($T0,$D3,26); - &vpand ($D3,$D3,$MASK); - &vpsrlq ($T1,$D0,26); - &vpand ($D0,$D0,$MASK); - &vpaddq ($D4,$D4,$T0); # h3 -> h4 - &vpaddq ($D1,$D1,$T1); # h0 -> h1 - &vpsrlq ($T0,$D4,26); - &vpand ($D4,$D4,$MASK); - &vpsrlq ($T1,$D1,26); - &vpand ($D1,$D1,$MASK); - &vpaddq ($D2,$D2,$T1); # h1 -> h2 - &vpaddq ($D0,$D0,$T0); - &vpsllq ($T0,$T0,2); - &vpsrlq ($T1,$D2,26); - &vpand ($D2,$D2,$MASK); - &vpaddq ($D0,$D0,$T0); # h4 -> h0 - &vpaddq ($D3,$D3,$T1); # h2 -> h3 - &vpsrlq ($T1,$D3,26); - &vpsrlq ($T0,$D0,26); - &vpand ($D0,$D0,$MASK); - &vpand ($D3,$D3,$MASK); - &vpaddq ($D1,$D1,$T0); # h0 -> h1 - &vpaddq ($D4,$D4,$T1); # h3 -> h4 -} - &vlazy_reduction(); - - &vmovdqu (&X($T0),&QWP(16*0,"esi")); # load input - &vmovdqu (&X($T1),&QWP(16*1,"esi")); - &vinserti128 ($T0,$T0,&QWP(16*2,"esi"),1); - &vinserti128 ($T1,$T1,&QWP(16*3,"esi"),1); - &lea ("esi",&DWP(16*4,"esi")); - &sub ("ecx",64); - &jnz (&label("loop")); - -&set_label("tail"); - &vsplat_input (); - &and ("ebx",-64); # restore pointer - - &vpmuladd (sub { my $i=shift; &QWP(4+32*$i-128,"edx"); }); - - ################################################################ - # horizontal addition - - &vpsrldq ($T0,$D4,8); - &vpsrldq ($T1,$D3,8); - &vpaddq ($D4,$D4,$T0); - &vpsrldq ($T0,$D0,8); - &vpaddq ($D3,$D3,$T1); - &vpsrldq ($T1,$D1,8); - &vpaddq ($D0,$D0,$T0); - &vpsrldq ($T0,$D2,8); - &vpaddq ($D1,$D1,$T1); - &vpermq ($T1,$D4,2); # keep folding - &vpaddq ($D2,$D2,$T0); - &vpermq ($T0,$D3,2); - &vpaddq ($D4,$D4,$T1); - &vpermq ($T1,$D0,2); - &vpaddq ($D3,$D3,$T0); - &vpermq ($T0,$D1,2); - &vpaddq ($D0,$D0,$T1); - &vpermq ($T1,$D2,2); - &vpaddq ($D1,$D1,$T0); - &vpaddq ($D2,$D2,$T1); - - &vlazy_reduction(); - - &cmp ("ecx",0); - &je (&label("done")); - - ################################################################ - # clear all but single word - - &vpshufd (&X($D0),&X($D0),0b11111100); - &lea ("edx",&DWP(32*5+128,"esp")); # restore pointer - &vpshufd (&X($D1),&X($D1),0b11111100); - &vpshufd (&X($D2),&X($D2),0b11111100); - &vpshufd (&X($D3),&X($D3),0b11111100); - &vpshufd (&X($D4),&X($D4),0b11111100); - &jmp (&label("even")); - -&set_label("done",16); - &vmovd (&DWP(-16*3+4*0,"edi"),&X($D0));# store hash value - &vmovd (&DWP(-16*3+4*1,"edi"),&X($D1)); - &vmovd (&DWP(-16*3+4*2,"edi"),&X($D2)); - &vmovd (&DWP(-16*3+4*3,"edi"),&X($D3)); - &vmovd (&DWP(-16*3+4*4,"edi"),&X($D4)); - &vzeroupper (); - &mov ("esp","ebp"); -&set_label("nodata"); -&function_end("_poly1305_blocks_avx2"); -} -&set_label("const_sse2",64); - &data_word(1<<24,0, 1<<24,0, 1<<24,0, 1<<24,0); - &data_word(0,0, 0,0, 0,0, 0,0); - &data_word(0x03ffffff,0,0x03ffffff,0, 0x03ffffff,0, 0x03ffffff,0); - &data_word(0x0fffffff,0x0ffffffc,0x0ffffffc,0x0ffffffc); -} -&asciz ("Poly1305 for x86, CRYPTOGAMS by "); -&align (4); - -&asm_finish(); - -close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/poly1305/build.info b/crypto/poly1305/build.info deleted file mode 100644 index e359a2225df5e1090c00dc2ffec8f10dd5257400..0000000000000000000000000000000000000000 --- a/crypto/poly1305/build.info +++ /dev/null @@ -1,53 +0,0 @@ -LIBS=../../libcrypto - -$POLY1305ASM= -IF[{- !$disabled{asm} -}] - $POLY1305ASM_x86=poly1305-x86.S - $POLY1305ASM_x86_64=poly1305-x86_64.s - - $POLY1305ASM_ia64=poly1305-ia64.s - - $POLY1305ASM_sparcv9=poly1305-sparcv9.S - - $POLY1305ASM_mips64=poly1305-mips.S - - $POLY1305ASM_s390x=poly1305-s390x.S - - $POLY1305ASM_armv4=poly1305-armv4.S - $POLY1305ASM_aarch64=poly1305-armv8.S - - $POLY1305ASM_ppc32=poly1305_ppc.c poly1305-ppc.s poly1305-ppcfp.s - $POLY1305ASM_ppc64=$POLY1305ASM_ppc32 - - $POLY1305ASM_c64xplus=poly1305-c64xplus.s - - # Now that we have defined all the arch specific variables, use the - # appropriate one, and define the appropriate macros - IF[$POLY1305ASM_{- $target{asm_arch} -}] - $POLY1305ASM=$POLY1305ASM_{- $target{asm_arch} -} - $POLY1305DEF=POLY1305_ASM - ENDIF -ENDIF - -SOURCE[../../libcrypto]=poly1305.c $POLY1305ASM - -# Implementations are now spread across several libraries, so the defines -# need to be applied to all affected libraries and modules. -DEFINE[../../libcrypto]=$POLY1305DEF - -GENERATE[poly1305-sparcv9.S]=asm/poly1305-sparcv9.pl -INCLUDE[poly1305-sparcv9.o]=.. -GENERATE[poly1305-x86.S]=asm/poly1305-x86.pl -GENERATE[poly1305-x86_64.s]=asm/poly1305-x86_64.pl -GENERATE[poly1305-ia64.s]=asm/poly1305-ia64.S -GENERATE[poly1305-ppc.s]=asm/poly1305-ppc.pl -GENERATE[poly1305-ppcfp.s]=asm/poly1305-ppcfp.pl -GENERATE[poly1305-armv4.S]=asm/poly1305-armv4.pl -INCLUDE[poly1305-armv4.o]=.. -GENERATE[poly1305-armv8.S]=asm/poly1305-armv8.pl -INCLUDE[poly1305-armv8.o]=.. -GENERATE[poly1305-mips.S]=asm/poly1305-mips.pl -INCLUDE[poly1305-mips.o]=.. -GENERATE[poly1305-c64xplus.S]=asm/poly1305-c64xplus.pl -INCLUDE[poly1305-s390x.o]=.. -GENERATE[poly1305-s390x.S]=asm/poly1305-s390x.pl diff --git a/crypto/poly1305/poly1305.c b/crypto/poly1305/poly1305.c deleted file mode 100644 index b3bf2b117bbfe25c57150d3339089ee99424f53e..0000000000000000000000000000000000000000 --- a/crypto/poly1305/poly1305.c +++ /dev/null @@ -1,529 +0,0 @@ -/* - * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include - -#include "crypto/poly1305.h" - -size_t Poly1305_ctx_size(void) -{ - return sizeof(struct poly1305_context); -} - -/* pick 32-bit unsigned integer in little endian order */ -static unsigned int U8TOU32(const unsigned char *p) -{ - return (((unsigned int)(p[0] & 0xff)) | - ((unsigned int)(p[1] & 0xff) << 8) | - ((unsigned int)(p[2] & 0xff) << 16) | - ((unsigned int)(p[3] & 0xff) << 24)); -} - -/* - * Implementations can be classified by amount of significant bits in - * words making up the multi-precision value, or in other words radix - * or base of numerical representation, e.g. base 2^64, base 2^32, - * base 2^26. Complementary characteristic is how wide is the result of - * multiplication of pair of digits, e.g. it would take 128 bits to - * accommodate multiplication result in base 2^64 case. These are used - * interchangeably. To describe implementation that is. But interface - * is designed to isolate this so that low-level primitives implemented - * in assembly can be self-contained/self-coherent. - */ -#ifndef POLY1305_ASM -/* - * Even though there is __int128 reference implementation targeting - * 64-bit platforms provided below, it's not obvious that it's optimal - * choice for every one of them. Depending on instruction set overall - * amount of instructions can be comparable to one in __int64 - * implementation. Amount of multiplication instructions would be lower, - * but not necessarily overall. And in out-of-order execution context, - * it is the latter that can be crucial... - * - * On related note. Poly1305 author, D. J. Bernstein, discusses and - * provides floating-point implementations of the algorithm in question. - * It made a lot of sense by the time of introduction, because most - * then-modern processors didn't have pipelined integer multiplier. - * [Not to mention that some had non-constant timing for integer - * multiplications.] Floating-point instructions on the other hand could - * be issued every cycle, which allowed to achieve better performance. - * Nowadays, with SIMD and/or out-or-order execution, shared or - * even emulated FPU, it's more complicated, and floating-point - * implementation is not necessarily optimal choice in every situation, - * rather contrary... - * - * - */ - -typedef unsigned int u32; - -/* - * poly1305_blocks processes a multiple of POLY1305_BLOCK_SIZE blocks - * of |inp| no longer than |len|. Behaviour for |len| not divisible by - * block size is unspecified in general case, even though in reference - * implementation the trailing chunk is simply ignored. Per algorithm - * specification, every input block, complete or last partial, is to be - * padded with a bit past most significant byte. The latter kind is then - * padded with zeros till block size. This last partial block padding - * is caller(*)'s responsibility, and because of this the last partial - * block is always processed with separate call with |len| set to - * POLY1305_BLOCK_SIZE and |padbit| to 0. In all other cases |padbit| - * should be set to 1 to perform implicit padding with 128th bit. - * poly1305_blocks does not actually check for this constraint though, - * it's caller(*)'s responsibility to comply. - * - * (*) In the context "caller" is not application code, but higher - * level Poly1305_* from this very module, so that quirks are - * handled locally. - */ -static void -poly1305_blocks(void *ctx, const unsigned char *inp, size_t len, u32 padbit); - -/* - * Type-agnostic "rip-off" from constant_time.h - */ -# define CONSTANT_TIME_CARRY(a,b) ( \ - (a ^ ((a ^ b) | ((a - b) ^ b))) >> (sizeof(a) * 8 - 1) \ - ) - -# if defined(INT64_MAX) && defined(INT128_MAX) - -typedef unsigned long u64; -typedef uint128_t u128; - -typedef struct { - u64 h[3]; - u64 r[2]; -} poly1305_internal; - -/* pick 32-bit unsigned integer in little endian order */ -static u64 U8TOU64(const unsigned char *p) -{ - return (((u64)(p[0] & 0xff)) | - ((u64)(p[1] & 0xff) << 8) | - ((u64)(p[2] & 0xff) << 16) | - ((u64)(p[3] & 0xff) << 24) | - ((u64)(p[4] & 0xff) << 32) | - ((u64)(p[5] & 0xff) << 40) | - ((u64)(p[6] & 0xff) << 48) | - ((u64)(p[7] & 0xff) << 56)); -} - -/* store a 32-bit unsigned integer in little endian */ -static void U64TO8(unsigned char *p, u64 v) -{ - p[0] = (unsigned char)((v) & 0xff); - p[1] = (unsigned char)((v >> 8) & 0xff); - p[2] = (unsigned char)((v >> 16) & 0xff); - p[3] = (unsigned char)((v >> 24) & 0xff); - p[4] = (unsigned char)((v >> 32) & 0xff); - p[5] = (unsigned char)((v >> 40) & 0xff); - p[6] = (unsigned char)((v >> 48) & 0xff); - p[7] = (unsigned char)((v >> 56) & 0xff); -} - -static void poly1305_init(void *ctx, const unsigned char key[16]) -{ - poly1305_internal *st = (poly1305_internal *) ctx; - - /* h = 0 */ - st->h[0] = 0; - st->h[1] = 0; - st->h[2] = 0; - - /* r &= 0xffffffc0ffffffc0ffffffc0fffffff */ - st->r[0] = U8TOU64(&key[0]) & 0x0ffffffc0fffffff; - st->r[1] = U8TOU64(&key[8]) & 0x0ffffffc0ffffffc; -} - -static void -poly1305_blocks(void *ctx, const unsigned char *inp, size_t len, u32 padbit) -{ - poly1305_internal *st = (poly1305_internal *)ctx; - u64 r0, r1; - u64 s1; - u64 h0, h1, h2, c; - u128 d0, d1; - - r0 = st->r[0]; - r1 = st->r[1]; - - s1 = r1 + (r1 >> 2); - - h0 = st->h[0]; - h1 = st->h[1]; - h2 = st->h[2]; - - while (len >= POLY1305_BLOCK_SIZE) { - /* h += m[i] */ - h0 = (u64)(d0 = (u128)h0 + U8TOU64(inp + 0)); - h1 = (u64)(d1 = (u128)h1 + (d0 >> 64) + U8TOU64(inp + 8)); - /* - * padbit can be zero only when original len was - * POLY1306_BLOCK_SIZE, but we don't check - */ - h2 += (u64)(d1 >> 64) + padbit; - - /* h *= r "%" p, where "%" stands for "partial remainder" */ - d0 = ((u128)h0 * r0) + - ((u128)h1 * s1); - d1 = ((u128)h0 * r1) + - ((u128)h1 * r0) + - (h2 * s1); - h2 = (h2 * r0); - - /* last reduction step: */ - /* a) h2:h0 = h2<<128 + d1<<64 + d0 */ - h0 = (u64)d0; - h1 = (u64)(d1 += d0 >> 64); - h2 += (u64)(d1 >> 64); - /* b) (h2:h0 += (h2:h0>>130) * 5) %= 2^130 */ - c = (h2 >> 2) + (h2 & ~3UL); - h2 &= 3; - h0 += c; - h1 += (c = CONSTANT_TIME_CARRY(h0,c)); - h2 += CONSTANT_TIME_CARRY(h1,c); - /* - * Occasional overflows to 3rd bit of h2 are taken care of - * "naturally". If after this point we end up at the top of - * this loop, then the overflow bit will be accounted for - * in next iteration. If we end up in poly1305_emit, then - * comparison to modulus below will still count as "carry - * into 131st bit", so that properly reduced value will be - * picked in conditional move. - */ - - inp += POLY1305_BLOCK_SIZE; - len -= POLY1305_BLOCK_SIZE; - } - - st->h[0] = h0; - st->h[1] = h1; - st->h[2] = h2; -} - -static void poly1305_emit(void *ctx, unsigned char mac[16], - const u32 nonce[4]) -{ - poly1305_internal *st = (poly1305_internal *) ctx; - u64 h0, h1, h2; - u64 g0, g1, g2; - u128 t; - u64 mask; - - h0 = st->h[0]; - h1 = st->h[1]; - h2 = st->h[2]; - - /* compare to modulus by computing h + -p */ - g0 = (u64)(t = (u128)h0 + 5); - g1 = (u64)(t = (u128)h1 + (t >> 64)); - g2 = h2 + (u64)(t >> 64); - - /* if there was carry into 131st bit, h1:h0 = g1:g0 */ - mask = 0 - (g2 >> 2); - g0 &= mask; - g1 &= mask; - mask = ~mask; - h0 = (h0 & mask) | g0; - h1 = (h1 & mask) | g1; - - /* mac = (h + nonce) % (2^128) */ - h0 = (u64)(t = (u128)h0 + nonce[0] + ((u64)nonce[1]<<32)); - h1 = (u64)(t = (u128)h1 + nonce[2] + ((u64)nonce[3]<<32) + (t >> 64)); - - U64TO8(mac + 0, h0); - U64TO8(mac + 8, h1); -} - -# else - -# if defined(_WIN32) && !defined(__MINGW32__) -typedef unsigned __int64 u64; -# elif defined(__arch64__) -typedef unsigned long u64; -# else -typedef unsigned long long u64; -# endif - -typedef struct { - u32 h[5]; - u32 r[4]; -} poly1305_internal; - -/* store a 32-bit unsigned integer in little endian */ -static void U32TO8(unsigned char *p, unsigned int v) -{ - p[0] = (unsigned char)((v) & 0xff); - p[1] = (unsigned char)((v >> 8) & 0xff); - p[2] = (unsigned char)((v >> 16) & 0xff); - p[3] = (unsigned char)((v >> 24) & 0xff); -} - -static void poly1305_init(void *ctx, const unsigned char key[16]) -{ - poly1305_internal *st = (poly1305_internal *) ctx; - - /* h = 0 */ - st->h[0] = 0; - st->h[1] = 0; - st->h[2] = 0; - st->h[3] = 0; - st->h[4] = 0; - - /* r &= 0xffffffc0ffffffc0ffffffc0fffffff */ - st->r[0] = U8TOU32(&key[0]) & 0x0fffffff; - st->r[1] = U8TOU32(&key[4]) & 0x0ffffffc; - st->r[2] = U8TOU32(&key[8]) & 0x0ffffffc; - st->r[3] = U8TOU32(&key[12]) & 0x0ffffffc; -} - -static void -poly1305_blocks(void *ctx, const unsigned char *inp, size_t len, u32 padbit) -{ - poly1305_internal *st = (poly1305_internal *)ctx; - u32 r0, r1, r2, r3; - u32 s1, s2, s3; - u32 h0, h1, h2, h3, h4, c; - u64 d0, d1, d2, d3; - - r0 = st->r[0]; - r1 = st->r[1]; - r2 = st->r[2]; - r3 = st->r[3]; - - s1 = r1 + (r1 >> 2); - s2 = r2 + (r2 >> 2); - s3 = r3 + (r3 >> 2); - - h0 = st->h[0]; - h1 = st->h[1]; - h2 = st->h[2]; - h3 = st->h[3]; - h4 = st->h[4]; - - while (len >= POLY1305_BLOCK_SIZE) { - /* h += m[i] */ - h0 = (u32)(d0 = (u64)h0 + U8TOU32(inp + 0)); - h1 = (u32)(d1 = (u64)h1 + (d0 >> 32) + U8TOU32(inp + 4)); - h2 = (u32)(d2 = (u64)h2 + (d1 >> 32) + U8TOU32(inp + 8)); - h3 = (u32)(d3 = (u64)h3 + (d2 >> 32) + U8TOU32(inp + 12)); - h4 += (u32)(d3 >> 32) + padbit; - - /* h *= r "%" p, where "%" stands for "partial remainder" */ - d0 = ((u64)h0 * r0) + - ((u64)h1 * s3) + - ((u64)h2 * s2) + - ((u64)h3 * s1); - d1 = ((u64)h0 * r1) + - ((u64)h1 * r0) + - ((u64)h2 * s3) + - ((u64)h3 * s2) + - (h4 * s1); - d2 = ((u64)h0 * r2) + - ((u64)h1 * r1) + - ((u64)h2 * r0) + - ((u64)h3 * s3) + - (h4 * s2); - d3 = ((u64)h0 * r3) + - ((u64)h1 * r2) + - ((u64)h2 * r1) + - ((u64)h3 * r0) + - (h4 * s3); - h4 = (h4 * r0); - - /* last reduction step: */ - /* a) h4:h0 = h4<<128 + d3<<96 + d2<<64 + d1<<32 + d0 */ - h0 = (u32)d0; - h1 = (u32)(d1 += d0 >> 32); - h2 = (u32)(d2 += d1 >> 32); - h3 = (u32)(d3 += d2 >> 32); - h4 += (u32)(d3 >> 32); - /* b) (h4:h0 += (h4:h0>>130) * 5) %= 2^130 */ - c = (h4 >> 2) + (h4 & ~3U); - h4 &= 3; - h0 += c; - h1 += (c = CONSTANT_TIME_CARRY(h0,c)); - h2 += (c = CONSTANT_TIME_CARRY(h1,c)); - h3 += (c = CONSTANT_TIME_CARRY(h2,c)); - h4 += CONSTANT_TIME_CARRY(h3,c); - /* - * Occasional overflows to 3rd bit of h4 are taken care of - * "naturally". If after this point we end up at the top of - * this loop, then the overflow bit will be accounted for - * in next iteration. If we end up in poly1305_emit, then - * comparison to modulus below will still count as "carry - * into 131st bit", so that properly reduced value will be - * picked in conditional move. - */ - - inp += POLY1305_BLOCK_SIZE; - len -= POLY1305_BLOCK_SIZE; - } - - st->h[0] = h0; - st->h[1] = h1; - st->h[2] = h2; - st->h[3] = h3; - st->h[4] = h4; -} - -static void poly1305_emit(void *ctx, unsigned char mac[16], - const u32 nonce[4]) -{ - poly1305_internal *st = (poly1305_internal *) ctx; - u32 h0, h1, h2, h3, h4; - u32 g0, g1, g2, g3, g4; - u64 t; - u32 mask; - - h0 = st->h[0]; - h1 = st->h[1]; - h2 = st->h[2]; - h3 = st->h[3]; - h4 = st->h[4]; - - /* compare to modulus by computing h + -p */ - g0 = (u32)(t = (u64)h0 + 5); - g1 = (u32)(t = (u64)h1 + (t >> 32)); - g2 = (u32)(t = (u64)h2 + (t >> 32)); - g3 = (u32)(t = (u64)h3 + (t >> 32)); - g4 = h4 + (u32)(t >> 32); - - /* if there was carry into 131st bit, h3:h0 = g3:g0 */ - mask = 0 - (g4 >> 2); - g0 &= mask; - g1 &= mask; - g2 &= mask; - g3 &= mask; - mask = ~mask; - h0 = (h0 & mask) | g0; - h1 = (h1 & mask) | g1; - h2 = (h2 & mask) | g2; - h3 = (h3 & mask) | g3; - - /* mac = (h + nonce) % (2^128) */ - h0 = (u32)(t = (u64)h0 + nonce[0]); - h1 = (u32)(t = (u64)h1 + (t >> 32) + nonce[1]); - h2 = (u32)(t = (u64)h2 + (t >> 32) + nonce[2]); - h3 = (u32)(t = (u64)h3 + (t >> 32) + nonce[3]); - - U32TO8(mac + 0, h0); - U32TO8(mac + 4, h1); - U32TO8(mac + 8, h2); - U32TO8(mac + 12, h3); -} -# endif -#else -int poly1305_init(void *ctx, const unsigned char key[16], void *func); -void poly1305_blocks(void *ctx, const unsigned char *inp, size_t len, - unsigned int padbit); -void poly1305_emit(void *ctx, unsigned char mac[16], - const unsigned int nonce[4]); -#endif - -void Poly1305_Init(POLY1305 *ctx, const unsigned char key[32]) -{ - ctx->nonce[0] = U8TOU32(&key[16]); - ctx->nonce[1] = U8TOU32(&key[20]); - ctx->nonce[2] = U8TOU32(&key[24]); - ctx->nonce[3] = U8TOU32(&key[28]); - -#ifndef POLY1305_ASM - poly1305_init(ctx->opaque, key); -#else - /* - * Unlike reference poly1305_init assembly counterpart is expected - * to return a value: non-zero if it initializes ctx->func, and zero - * otherwise. Latter is to simplify assembly in cases when there no - * multiple code paths to switch between. - */ - if (!poly1305_init(ctx->opaque, key, &ctx->func)) { - ctx->func.blocks = poly1305_blocks; - ctx->func.emit = poly1305_emit; - } -#endif - - ctx->num = 0; - -} - -#ifdef POLY1305_ASM -/* - * This "eclipses" poly1305_blocks and poly1305_emit, but it's - * conscious choice imposed by -Wshadow compiler warnings. - */ -# define poly1305_blocks (*poly1305_blocks_p) -# define poly1305_emit (*poly1305_emit_p) -#endif - -void Poly1305_Update(POLY1305 *ctx, const unsigned char *inp, size_t len) -{ -#ifdef POLY1305_ASM - /* - * As documented, poly1305_blocks is never called with input - * longer than single block and padbit argument set to 0. This - * property is fluently used in assembly modules to optimize - * padbit handling on loop boundary. - */ - poly1305_blocks_f poly1305_blocks_p = ctx->func.blocks; -#endif - size_t rem, num; - - if ((num = ctx->num)) { - rem = POLY1305_BLOCK_SIZE - num; - if (len >= rem) { - memcpy(ctx->data + num, inp, rem); - poly1305_blocks(ctx->opaque, ctx->data, POLY1305_BLOCK_SIZE, 1); - inp += rem; - len -= rem; - } else { - /* Still not enough data to process a block. */ - memcpy(ctx->data + num, inp, len); - ctx->num = num + len; - return; - } - } - - rem = len % POLY1305_BLOCK_SIZE; - len -= rem; - - if (len >= POLY1305_BLOCK_SIZE) { - poly1305_blocks(ctx->opaque, inp, len, 1); - inp += len; - } - - if (rem) - memcpy(ctx->data, inp, rem); - - ctx->num = rem; -} - -void Poly1305_Final(POLY1305 *ctx, unsigned char mac[16]) -{ -#ifdef POLY1305_ASM - poly1305_blocks_f poly1305_blocks_p = ctx->func.blocks; - poly1305_emit_f poly1305_emit_p = ctx->func.emit; -#endif - size_t num; - - if ((num = ctx->num)) { - ctx->data[num++] = 1; /* pad bit */ - while (num < POLY1305_BLOCK_SIZE) - ctx->data[num++] = 0; - poly1305_blocks(ctx->opaque, ctx->data, POLY1305_BLOCK_SIZE, 0); - } - - poly1305_emit(ctx->opaque, mac, ctx->nonce); - - /* zero out the state */ - OPENSSL_cleanse(ctx, sizeof(*ctx)); -} diff --git a/crypto/poly1305/poly1305_base2_44.c b/crypto/poly1305/poly1305_base2_44.c deleted file mode 100644 index a71e5e86e6b9637b6c5de1260b70e30e4731d8ca..0000000000000000000000000000000000000000 --- a/crypto/poly1305/poly1305_base2_44.c +++ /dev/null @@ -1,171 +0,0 @@ -/* - * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * This module is meant to be used as template for base 2^44 assembly - * implementation[s]. On side note compiler-generated code is not - * slower than compiler-generated base 2^64 code on [high-end] x86_64, - * even though amount of multiplications is 50% higher. Go figure... - */ -#include - -typedef unsigned char u8; -typedef unsigned int u32; -typedef unsigned long u64; -typedef uint128_t u128; - -typedef struct { - u64 h[3]; - u64 s[2]; - u64 r[3]; -} poly1305_internal; - -#define POLY1305_BLOCK_SIZE 16 - -/* pick 64-bit unsigned integer in little endian order */ -static u64 U8TOU64(const unsigned char *p) -{ - return (((u64)(p[0] & 0xff)) | - ((u64)(p[1] & 0xff) << 8) | - ((u64)(p[2] & 0xff) << 16) | - ((u64)(p[3] & 0xff) << 24) | - ((u64)(p[4] & 0xff) << 32) | - ((u64)(p[5] & 0xff) << 40) | - ((u64)(p[6] & 0xff) << 48) | - ((u64)(p[7] & 0xff) << 56)); -} - -/* store a 64-bit unsigned integer in little endian */ -static void U64TO8(unsigned char *p, u64 v) -{ - p[0] = (unsigned char)((v) & 0xff); - p[1] = (unsigned char)((v >> 8) & 0xff); - p[2] = (unsigned char)((v >> 16) & 0xff); - p[3] = (unsigned char)((v >> 24) & 0xff); - p[4] = (unsigned char)((v >> 32) & 0xff); - p[5] = (unsigned char)((v >> 40) & 0xff); - p[6] = (unsigned char)((v >> 48) & 0xff); - p[7] = (unsigned char)((v >> 56) & 0xff); -} - -int poly1305_init(void *ctx, const unsigned char key[16]) -{ - poly1305_internal *st = (poly1305_internal *)ctx; - u64 r0, r1; - - /* h = 0 */ - st->h[0] = 0; - st->h[1] = 0; - st->h[2] = 0; - - r0 = U8TOU64(&key[0]) & 0x0ffffffc0fffffff; - r1 = U8TOU64(&key[8]) & 0x0ffffffc0ffffffc; - - /* break r1:r0 to three 44-bit digits, masks are 1<<44-1 */ - st->r[0] = r0 & 0x0fffffffffff; - st->r[1] = ((r0 >> 44) | (r1 << 20)) & 0x0fffffffffff; - st->r[2] = (r1 >> 24); - - st->s[0] = (st->r[1] + (st->r[1] << 2)) << 2; - st->s[1] = (st->r[2] + (st->r[2] << 2)) << 2; - - return 0; -} - -void poly1305_blocks(void *ctx, const unsigned char *inp, size_t len, - u32 padbit) -{ - poly1305_internal *st = (poly1305_internal *)ctx; - u64 r0, r1, r2; - u64 s1, s2; - u64 h0, h1, h2, c; - u128 d0, d1, d2; - u64 pad = (u64)padbit << 40; - - r0 = st->r[0]; - r1 = st->r[1]; - r2 = st->r[2]; - - s1 = st->s[0]; - s2 = st->s[1]; - - h0 = st->h[0]; - h1 = st->h[1]; - h2 = st->h[2]; - - while (len >= POLY1305_BLOCK_SIZE) { - u64 m0, m1; - - m0 = U8TOU64(inp + 0); - m1 = U8TOU64(inp + 8); - - /* h += m[i], m[i] is broken to 44-bit digits */ - h0 += m0 & 0x0fffffffffff; - h1 += ((m0 >> 44) | (m1 << 20)) & 0x0fffffffffff; - h2 += (m1 >> 24) + pad; - - /* h *= r "%" p, where "%" stands for "partial remainder" */ - d0 = ((u128)h0 * r0) + ((u128)h1 * s2) + ((u128)h2 * s1); - d1 = ((u128)h0 * r1) + ((u128)h1 * r0) + ((u128)h2 * s2); - d2 = ((u128)h0 * r2) + ((u128)h1 * r1) + ((u128)h2 * r0); - - /* "lazy" reduction step */ - h0 = (u64)d0 & 0x0fffffffffff; - h1 = (u64)(d1 += (u64)(d0 >> 44)) & 0x0fffffffffff; - h2 = (u64)(d2 += (u64)(d1 >> 44)) & 0x03ffffffffff; /* last 42 bits */ - - c = (d2 >> 42); - h0 += c + (c << 2); - - inp += POLY1305_BLOCK_SIZE; - len -= POLY1305_BLOCK_SIZE; - } - - st->h[0] = h0; - st->h[1] = h1; - st->h[2] = h2; -} - -void poly1305_emit(void *ctx, unsigned char mac[16], const u32 nonce[4]) -{ - poly1305_internal *st = (poly1305_internal *) ctx; - u64 h0, h1, h2; - u64 g0, g1, g2; - u128 t; - u64 mask; - - h0 = st->h[0]; - h1 = st->h[1]; - h2 = st->h[2]; - - /* after "lazy" reduction, convert 44+bit digits to 64-bit ones */ - h0 = (u64)(t = (u128)h0 + (h1 << 44)); h1 >>= 20; - h1 = (u64)(t = (u128)h1 + (h2 << 24) + (t >> 64)); h2 >>= 40; - h2 += (u64)(t >> 64); - - /* compare to modulus by computing h + -p */ - g0 = (u64)(t = (u128)h0 + 5); - g1 = (u64)(t = (u128)h1 + (t >> 64)); - g2 = h2 + (u64)(t >> 64); - - /* if there was carry into 131st bit, h1:h0 = g1:g0 */ - mask = 0 - (g2 >> 2); - g0 &= mask; - g1 &= mask; - mask = ~mask; - h0 = (h0 & mask) | g0; - h1 = (h1 & mask) | g1; - - /* mac = (h + nonce) % (2^128) */ - h0 = (u64)(t = (u128)h0 + nonce[0] + ((u64)nonce[1]<<32)); - h1 = (u64)(t = (u128)h1 + nonce[2] + ((u64)nonce[3]<<32) + (t >> 64)); - - U64TO8(mac + 0, h0); - U64TO8(mac + 8, h1); -} diff --git a/crypto/poly1305/poly1305_ieee754.c b/crypto/poly1305/poly1305_ieee754.c deleted file mode 100644 index 110feb4d57203a58db6dd734a3ad238fb43e1deb..0000000000000000000000000000000000000000 --- a/crypto/poly1305/poly1305_ieee754.c +++ /dev/null @@ -1,488 +0,0 @@ -/* - * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * This module is meant to be used as template for non-x87 floating- - * point assembly modules. The template itself is x86_64-specific - * though, as it was debugged on x86_64. So that implementor would - * have to recognize platform-specific parts, UxTOy and inline asm, - * and act accordingly. - * - * Huh? x86_64-specific code as template for non-x87? Note seven, which - * is not a typo, but reference to 80-bit precision. This module on the - * other hand relies on 64-bit precision operations, which are default - * for x86_64 code. And since we are at it, just for sense of it, - * large-block performance in cycles per processed byte for *this* code - * is: - * gcc-4.8 icc-15.0 clang-3.4(*) - * - * Westmere 4.96 5.09 4.37 - * Sandy Bridge 4.95 4.90 4.17 - * Haswell 4.92 4.87 3.78 - * Bulldozer 4.67 4.49 4.68 - * VIA Nano 7.07 7.05 5.98 - * Silvermont 10.6 9.61 12.6 - * - * (*) clang managed to discover parallelism and deployed SIMD; - * - * And for range of other platforms with unspecified gcc versions: - * - * Freescale e300 12.5 - * PPC74x0 10.8 - * POWER6 4.92 - * POWER7 4.50 - * POWER8 4.10 - * - * z10 11.2 - * z196+ 7.30 - * - * UltraSPARC III 16.0 - * SPARC T4 16.1 - */ - -#if !(defined(__GNUC__) && __GNUC__>=2) -# error "this is gcc-specific template" -#endif - -#include - -typedef unsigned char u8; -typedef unsigned int u32; -typedef unsigned long long u64; -typedef union { double d; u64 u; } elem64; - -#define TWO(p) ((double)(1ULL<<(p))) -#define TWO0 TWO(0) -#define TWO32 TWO(32) -#define TWO64 (TWO32*TWO(32)) -#define TWO96 (TWO64*TWO(32)) -#define TWO130 (TWO96*TWO(34)) - -#define EXP(p) ((1023ULL+(p))<<52) - -#if defined(__x86_64__) || (defined(__PPC__) && defined(__LITTLE_ENDIAN__)) -# define U8TOU32(p) (*(const u32 *)(p)) -# define U32TO8(p,v) (*(u32 *)(p) = (v)) -#elif defined(__PPC__) -# define U8TOU32(p) ({u32 ret; asm ("lwbrx %0,0,%1":"=r"(ret):"b"(p)); ret; }) -# define U32TO8(p,v) asm ("stwbrx %0,0,%1"::"r"(v),"b"(p):"memory") -#elif defined(__s390x__) -# define U8TOU32(p) ({u32 ret; asm ("lrv %0,%1":"=d"(ret):"m"(*(u32 *)(p))); ret; }) -# define U32TO8(p,v) asm ("strv %1,%0":"=m"(*(u32 *)(p)):"d"(v)) -#endif - -#ifndef U8TOU32 -# define U8TOU32(p) ((u32)(p)[0] | (u32)(p)[1]<<8 | \ - (u32)(p)[2]<<16 | (u32)(p)[3]<<24 ) -#endif -#ifndef U32TO8 -# define U32TO8(p,v) ((p)[0] = (u8)(v), (p)[1] = (u8)((v)>>8), \ - (p)[2] = (u8)((v)>>16), (p)[3] = (u8)((v)>>24) ) -#endif - -typedef struct { - elem64 h[4]; - double r[8]; - double s[6]; -} poly1305_internal; - -/* "round toward zero (truncate), mask all exceptions" */ -#if defined(__x86_64__) -static const u32 mxcsr = 0x7f80; -#elif defined(__PPC__) -static const u64 one = 1; -#elif defined(__s390x__) -static const u32 fpc = 1; -#elif defined(__sparc__) -static const u64 fsr = 1ULL<<30; -#elif defined(__mips__) -static const u32 fcsr = 1; -#else -#error "unrecognized platform" -#endif - -int poly1305_init(void *ctx, const unsigned char key[16]) -{ - poly1305_internal *st = (poly1305_internal *) ctx; - elem64 r0, r1, r2, r3; - - /* h = 0, biased */ -#if 0 - st->h[0].d = TWO(52)*TWO0; - st->h[1].d = TWO(52)*TWO32; - st->h[2].d = TWO(52)*TWO64; - st->h[3].d = TWO(52)*TWO96; -#else - st->h[0].u = EXP(52+0); - st->h[1].u = EXP(52+32); - st->h[2].u = EXP(52+64); - st->h[3].u = EXP(52+96); -#endif - - if (key) { - /* - * set "truncate" rounding mode - */ -#if defined(__x86_64__) - u32 mxcsr_orig; - - asm volatile ("stmxcsr %0":"=m"(mxcsr_orig)); - asm volatile ("ldmxcsr %0"::"m"(mxcsr)); -#elif defined(__PPC__) - double fpscr_orig, fpscr = *(double *)&one; - - asm volatile ("mffs %0":"=f"(fpscr_orig)); - asm volatile ("mtfsf 255,%0"::"f"(fpscr)); -#elif defined(__s390x__) - u32 fpc_orig; - - asm volatile ("stfpc %0":"=m"(fpc_orig)); - asm volatile ("lfpc %0"::"m"(fpc)); -#elif defined(__sparc__) - u64 fsr_orig; - - asm volatile ("stx %%fsr,%0":"=m"(fsr_orig)); - asm volatile ("ldx %0,%%fsr"::"m"(fsr)); -#elif defined(__mips__) - u32 fcsr_orig; - - asm volatile ("cfc1 %0,$31":"=r"(fcsr_orig)); - asm volatile ("ctc1 %0,$31"::"r"(fcsr)); -#endif - - /* r &= 0xffffffc0ffffffc0ffffffc0fffffff */ - r0.u = EXP(52+0) | (U8TOU32(&key[0]) & 0x0fffffff); - r1.u = EXP(52+32) | (U8TOU32(&key[4]) & 0x0ffffffc); - r2.u = EXP(52+64) | (U8TOU32(&key[8]) & 0x0ffffffc); - r3.u = EXP(52+96) | (U8TOU32(&key[12]) & 0x0ffffffc); - - st->r[0] = r0.d - TWO(52)*TWO0; - st->r[2] = r1.d - TWO(52)*TWO32; - st->r[4] = r2.d - TWO(52)*TWO64; - st->r[6] = r3.d - TWO(52)*TWO96; - - st->s[0] = st->r[2] * (5.0/TWO130); - st->s[2] = st->r[4] * (5.0/TWO130); - st->s[4] = st->r[6] * (5.0/TWO130); - - /* - * base 2^32 -> base 2^16 - */ - st->r[1] = (st->r[0] + TWO(52)*TWO(16)*TWO0) - - TWO(52)*TWO(16)*TWO0; - st->r[0] -= st->r[1]; - - st->r[3] = (st->r[2] + TWO(52)*TWO(16)*TWO32) - - TWO(52)*TWO(16)*TWO32; - st->r[2] -= st->r[3]; - - st->r[5] = (st->r[4] + TWO(52)*TWO(16)*TWO64) - - TWO(52)*TWO(16)*TWO64; - st->r[4] -= st->r[5]; - - st->r[7] = (st->r[6] + TWO(52)*TWO(16)*TWO96) - - TWO(52)*TWO(16)*TWO96; - st->r[6] -= st->r[7]; - - st->s[1] = (st->s[0] + TWO(52)*TWO(16)*TWO0/TWO96) - - TWO(52)*TWO(16)*TWO0/TWO96; - st->s[0] -= st->s[1]; - - st->s[3] = (st->s[2] + TWO(52)*TWO(16)*TWO32/TWO96) - - TWO(52)*TWO(16)*TWO32/TWO96; - st->s[2] -= st->s[3]; - - st->s[5] = (st->s[4] + TWO(52)*TWO(16)*TWO64/TWO96) - - TWO(52)*TWO(16)*TWO64/TWO96; - st->s[4] -= st->s[5]; - - /* - * restore original FPU control register - */ -#if defined(__x86_64__) - asm volatile ("ldmxcsr %0"::"m"(mxcsr_orig)); -#elif defined(__PPC__) - asm volatile ("mtfsf 255,%0"::"f"(fpscr_orig)); -#elif defined(__s390x__) - asm volatile ("lfpc %0"::"m"(fpc_orig)); -#elif defined(__sparc__) - asm volatile ("ldx %0,%%fsr"::"m"(fsr_orig)); -#elif defined(__mips__) - asm volatile ("ctc1 %0,$31"::"r"(fcsr_orig)); -#endif - } - - return 0; -} - -void poly1305_blocks(void *ctx, const unsigned char *inp, size_t len, - int padbit) -{ - poly1305_internal *st = (poly1305_internal *)ctx; - elem64 in0, in1, in2, in3; - u64 pad = (u64)padbit<<32; - - double x0, x1, x2, x3; - double h0lo, h0hi, h1lo, h1hi, h2lo, h2hi, h3lo, h3hi; - double c0lo, c0hi, c1lo, c1hi, c2lo, c2hi, c3lo, c3hi; - - const double r0lo = st->r[0]; - const double r0hi = st->r[1]; - const double r1lo = st->r[2]; - const double r1hi = st->r[3]; - const double r2lo = st->r[4]; - const double r2hi = st->r[5]; - const double r3lo = st->r[6]; - const double r3hi = st->r[7]; - - const double s1lo = st->s[0]; - const double s1hi = st->s[1]; - const double s2lo = st->s[2]; - const double s2hi = st->s[3]; - const double s3lo = st->s[4]; - const double s3hi = st->s[5]; - - /* - * set "truncate" rounding mode - */ -#if defined(__x86_64__) - u32 mxcsr_orig; - - asm volatile ("stmxcsr %0":"=m"(mxcsr_orig)); - asm volatile ("ldmxcsr %0"::"m"(mxcsr)); -#elif defined(__PPC__) - double fpscr_orig, fpscr = *(double *)&one; - - asm volatile ("mffs %0":"=f"(fpscr_orig)); - asm volatile ("mtfsf 255,%0"::"f"(fpscr)); -#elif defined(__s390x__) - u32 fpc_orig; - - asm volatile ("stfpc %0":"=m"(fpc_orig)); - asm volatile ("lfpc %0"::"m"(fpc)); -#elif defined(__sparc__) - u64 fsr_orig; - - asm volatile ("stx %%fsr,%0":"=m"(fsr_orig)); - asm volatile ("ldx %0,%%fsr"::"m"(fsr)); -#elif defined(__mips__) - u32 fcsr_orig; - - asm volatile ("cfc1 %0,$31":"=r"(fcsr_orig)); - asm volatile ("ctc1 %0,$31"::"r"(fcsr)); -#endif - - /* - * load base 2^32 and de-bias - */ - h0lo = st->h[0].d - TWO(52)*TWO0; - h1lo = st->h[1].d - TWO(52)*TWO32; - h2lo = st->h[2].d - TWO(52)*TWO64; - h3lo = st->h[3].d - TWO(52)*TWO96; - -#ifdef __clang__ - h0hi = 0; - h1hi = 0; - h2hi = 0; - h3hi = 0; -#else - in0.u = EXP(52+0) | U8TOU32(&inp[0]); - in1.u = EXP(52+32) | U8TOU32(&inp[4]); - in2.u = EXP(52+64) | U8TOU32(&inp[8]); - in3.u = EXP(52+96) | U8TOU32(&inp[12]) | pad; - - x0 = in0.d - TWO(52)*TWO0; - x1 = in1.d - TWO(52)*TWO32; - x2 = in2.d - TWO(52)*TWO64; - x3 = in3.d - TWO(52)*TWO96; - - x0 += h0lo; - x1 += h1lo; - x2 += h2lo; - x3 += h3lo; - - goto fast_entry; -#endif - - do { - in0.u = EXP(52+0) | U8TOU32(&inp[0]); - in1.u = EXP(52+32) | U8TOU32(&inp[4]); - in2.u = EXP(52+64) | U8TOU32(&inp[8]); - in3.u = EXP(52+96) | U8TOU32(&inp[12]) | pad; - - x0 = in0.d - TWO(52)*TWO0; - x1 = in1.d - TWO(52)*TWO32; - x2 = in2.d - TWO(52)*TWO64; - x3 = in3.d - TWO(52)*TWO96; - - /* - * note that there are multiple ways to accumulate input, e.g. - * one can as well accumulate to h0lo-h1lo-h1hi-h2hi... - */ - h0lo += x0; - h0hi += x1; - h2lo += x2; - h2hi += x3; - - /* - * carries that cross 32n-bit (and 130-bit) boundaries - */ - c0lo = (h0lo + TWO(52)*TWO32) - TWO(52)*TWO32; - c1lo = (h1lo + TWO(52)*TWO64) - TWO(52)*TWO64; - c2lo = (h2lo + TWO(52)*TWO96) - TWO(52)*TWO96; - c3lo = (h3lo + TWO(52)*TWO130) - TWO(52)*TWO130; - - c0hi = (h0hi + TWO(52)*TWO32) - TWO(52)*TWO32; - c1hi = (h1hi + TWO(52)*TWO64) - TWO(52)*TWO64; - c2hi = (h2hi + TWO(52)*TWO96) - TWO(52)*TWO96; - c3hi = (h3hi + TWO(52)*TWO130) - TWO(52)*TWO130; - - /* - * base 2^48 -> base 2^32 with last reduction step - */ - x1 = (h1lo - c1lo) + c0lo; - x2 = (h2lo - c2lo) + c1lo; - x3 = (h3lo - c3lo) + c2lo; - x0 = (h0lo - c0lo) + c3lo * (5.0/TWO130); - - x1 += (h1hi - c1hi) + c0hi; - x2 += (h2hi - c2hi) + c1hi; - x3 += (h3hi - c3hi) + c2hi; - x0 += (h0hi - c0hi) + c3hi * (5.0/TWO130); - -#ifndef __clang__ - fast_entry: -#endif - /* - * base 2^32 * base 2^16 = base 2^48 - */ - h0lo = s3lo * x1 + s2lo * x2 + s1lo * x3 + r0lo * x0; - h1lo = r0lo * x1 + s3lo * x2 + s2lo * x3 + r1lo * x0; - h2lo = r1lo * x1 + r0lo * x2 + s3lo * x3 + r2lo * x0; - h3lo = r2lo * x1 + r1lo * x2 + r0lo * x3 + r3lo * x0; - - h0hi = s3hi * x1 + s2hi * x2 + s1hi * x3 + r0hi * x0; - h1hi = r0hi * x1 + s3hi * x2 + s2hi * x3 + r1hi * x0; - h2hi = r1hi * x1 + r0hi * x2 + s3hi * x3 + r2hi * x0; - h3hi = r2hi * x1 + r1hi * x2 + r0hi * x3 + r3hi * x0; - - inp += 16; - len -= 16; - - } while (len >= 16); - - /* - * carries that cross 32n-bit (and 130-bit) boundaries - */ - c0lo = (h0lo + TWO(52)*TWO32) - TWO(52)*TWO32; - c1lo = (h1lo + TWO(52)*TWO64) - TWO(52)*TWO64; - c2lo = (h2lo + TWO(52)*TWO96) - TWO(52)*TWO96; - c3lo = (h3lo + TWO(52)*TWO130) - TWO(52)*TWO130; - - c0hi = (h0hi + TWO(52)*TWO32) - TWO(52)*TWO32; - c1hi = (h1hi + TWO(52)*TWO64) - TWO(52)*TWO64; - c2hi = (h2hi + TWO(52)*TWO96) - TWO(52)*TWO96; - c3hi = (h3hi + TWO(52)*TWO130) - TWO(52)*TWO130; - - /* - * base 2^48 -> base 2^32 with last reduction step - */ - x1 = (h1lo - c1lo) + c0lo; - x2 = (h2lo - c2lo) + c1lo; - x3 = (h3lo - c3lo) + c2lo; - x0 = (h0lo - c0lo) + c3lo * (5.0/TWO130); - - x1 += (h1hi - c1hi) + c0hi; - x2 += (h2hi - c2hi) + c1hi; - x3 += (h3hi - c3hi) + c2hi; - x0 += (h0hi - c0hi) + c3hi * (5.0/TWO130); - - /* - * store base 2^32, with bias - */ - st->h[1].d = x1 + TWO(52)*TWO32; - st->h[2].d = x2 + TWO(52)*TWO64; - st->h[3].d = x3 + TWO(52)*TWO96; - st->h[0].d = x0 + TWO(52)*TWO0; - - /* - * restore original FPU control register - */ -#if defined(__x86_64__) - asm volatile ("ldmxcsr %0"::"m"(mxcsr_orig)); -#elif defined(__PPC__) - asm volatile ("mtfsf 255,%0"::"f"(fpscr_orig)); -#elif defined(__s390x__) - asm volatile ("lfpc %0"::"m"(fpc_orig)); -#elif defined(__sparc__) - asm volatile ("ldx %0,%%fsr"::"m"(fsr_orig)); -#elif defined(__mips__) - asm volatile ("ctc1 %0,$31"::"r"(fcsr_orig)); -#endif -} - -void poly1305_emit(void *ctx, unsigned char mac[16], const u32 nonce[4]) -{ - poly1305_internal *st = (poly1305_internal *) ctx; - u64 h0, h1, h2, h3, h4; - u32 g0, g1, g2, g3, g4; - u64 t; - u32 mask; - - /* - * thanks to bias masking exponent gives integer result - */ - h0 = st->h[0].u & 0x000fffffffffffffULL; - h1 = st->h[1].u & 0x000fffffffffffffULL; - h2 = st->h[2].u & 0x000fffffffffffffULL; - h3 = st->h[3].u & 0x000fffffffffffffULL; - - /* - * can be partially reduced, so reduce... - */ - h4 = h3>>32; h3 &= 0xffffffffU; - g4 = h4&-4; - h4 &= 3; - g4 += g4>>2; - - h0 += g4; - h1 += h0>>32; h0 &= 0xffffffffU; - h2 += h1>>32; h1 &= 0xffffffffU; - h3 += h2>>32; h2 &= 0xffffffffU; - - /* compute h + -p */ - g0 = (u32)(t = h0 + 5); - g1 = (u32)(t = h1 + (t >> 32)); - g2 = (u32)(t = h2 + (t >> 32)); - g3 = (u32)(t = h3 + (t >> 32)); - g4 = h4 + (u32)(t >> 32); - - /* if there was carry, select g0-g3 */ - mask = 0 - (g4 >> 2); - g0 &= mask; - g1 &= mask; - g2 &= mask; - g3 &= mask; - mask = ~mask; - g0 |= (h0 & mask); - g1 |= (h1 & mask); - g2 |= (h2 & mask); - g3 |= (h3 & mask); - - /* mac = (h + nonce) % (2^128) */ - g0 = (u32)(t = (u64)g0 + nonce[0]); - g1 = (u32)(t = (u64)g1 + (t >> 32) + nonce[1]); - g2 = (u32)(t = (u64)g2 + (t >> 32) + nonce[2]); - g3 = (u32)(t = (u64)g3 + (t >> 32) + nonce[3]); - - U32TO8(mac + 0, g0); - U32TO8(mac + 4, g1); - U32TO8(mac + 8, g2); - U32TO8(mac + 12, g3); -} diff --git a/crypto/poly1305/poly1305_ppc.c b/crypto/poly1305/poly1305_ppc.c deleted file mode 100644 index 4e4e3d1994f1840ab9ad2962491457d589ef2b78..0000000000000000000000000000000000000000 --- a/crypto/poly1305/poly1305_ppc.c +++ /dev/null @@ -1,47 +0,0 @@ -/* - * Copyright 2009-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include "crypto/poly1305.h" -#include "crypto/ppc_arch.h" - -void poly1305_init_int(void *ctx, const unsigned char key[16]); -void poly1305_blocks(void *ctx, const unsigned char *inp, size_t len, - unsigned int padbit); -void poly1305_emit(void *ctx, unsigned char mac[16], - const unsigned int nonce[4]); -void poly1305_init_fpu(void *ctx, const unsigned char key[16]); -void poly1305_blocks_fpu(void *ctx, const unsigned char *inp, size_t len, - unsigned int padbit); -void poly1305_emit_fpu(void *ctx, unsigned char mac[16], - const unsigned int nonce[4]); -void poly1305_init_vsx(void *ctx, const unsigned char key[16]); -void poly1305_blocks_vsx(void *ctx, const unsigned char *inp, size_t len, - unsigned int padbit); -void poly1305_emit_vsx(void *ctx, unsigned char mac[16], - const unsigned int nonce[4]); -int poly1305_init(void *ctx, const unsigned char key[16], void *func[2]); -int poly1305_init(void *ctx, const unsigned char key[16], void *func[2]) -{ - if (OPENSSL_ppccap_P & PPC_CRYPTO207) { - poly1305_init_int(ctx, key); - func[0] = (void*)(uintptr_t)poly1305_blocks_vsx; - func[1] = (void*)(uintptr_t)poly1305_emit; - } else if (sizeof(size_t) == 4 && (OPENSSL_ppccap_P & PPC_FPU)) { - poly1305_init_fpu(ctx, key); - func[0] = (void*)(uintptr_t)poly1305_blocks_fpu; - func[1] = (void*)(uintptr_t)poly1305_emit_fpu; - } else { - poly1305_init_int(ctx, key); - func[0] = (void*)(uintptr_t)poly1305_blocks; - func[1] = (void*)(uintptr_t)poly1305_emit; - } - return 1; -} diff --git a/crypto/ppccap.c b/crypto/ppccap.c deleted file mode 100644 index 8bcfed25e057624981a6daa325e50af3a10ef19d..0000000000000000000000000000000000000000 --- a/crypto/ppccap.c +++ /dev/null @@ -1,311 +0,0 @@ -/* - * Copyright 2009-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include -#include -#include -#if defined(__linux) || defined(_AIX) -# include -#endif -#if defined(_AIX53) /* defined even on post-5.3 */ -# include -# if !defined(__power_set) -# define __power_set(a) (_system_configuration.implementation & (a)) -# endif -#endif -#if defined(__APPLE__) && defined(__MACH__) -# include -# include -#endif -#include -#include "internal/cryptlib.h" -#include "crypto/ppc_arch.h" - -unsigned int OPENSSL_ppccap_P = 0; - -static sigset_t all_masked; - -static sigjmp_buf ill_jmp; -static void ill_handler(int sig) -{ - siglongjmp(ill_jmp, sig); -} - -void OPENSSL_fpu_probe(void); -void OPENSSL_ppc64_probe(void); -void OPENSSL_altivec_probe(void); -void OPENSSL_crypto207_probe(void); -void OPENSSL_madd300_probe(void); - -long OPENSSL_rdtsc_mftb(void); -long OPENSSL_rdtsc_mfspr268(void); - -uint32_t OPENSSL_rdtsc(void) -{ - if (OPENSSL_ppccap_P & PPC_MFTB) - return OPENSSL_rdtsc_mftb(); - else if (OPENSSL_ppccap_P & PPC_MFSPR268) - return OPENSSL_rdtsc_mfspr268(); - else - return 0; -} - -size_t OPENSSL_instrument_bus_mftb(unsigned int *, size_t); -size_t OPENSSL_instrument_bus_mfspr268(unsigned int *, size_t); - -size_t OPENSSL_instrument_bus(unsigned int *out, size_t cnt) -{ - if (OPENSSL_ppccap_P & PPC_MFTB) - return OPENSSL_instrument_bus_mftb(out, cnt); - else if (OPENSSL_ppccap_P & PPC_MFSPR268) - return OPENSSL_instrument_bus_mfspr268(out, cnt); - else - return 0; -} - -size_t OPENSSL_instrument_bus2_mftb(unsigned int *, size_t, size_t); -size_t OPENSSL_instrument_bus2_mfspr268(unsigned int *, size_t, size_t); - -size_t OPENSSL_instrument_bus2(unsigned int *out, size_t cnt, size_t max) -{ - if (OPENSSL_ppccap_P & PPC_MFTB) - return OPENSSL_instrument_bus2_mftb(out, cnt, max); - else if (OPENSSL_ppccap_P & PPC_MFSPR268) - return OPENSSL_instrument_bus2_mfspr268(out, cnt, max); - else - return 0; -} - -#if defined(__GLIBC__) && defined(__GLIBC_PREREQ) -# if __GLIBC_PREREQ(2, 16) -# include -# define OSSL_IMPLEMENT_GETAUXVAL -# elif defined(__ANDROID_API__) -/* see https://developer.android.google.cn/ndk/guides/cpu-features */ -# if __ANDROID_API__ >= 18 -# include -# define OSSL_IMPLEMENT_GETAUXVAL -# endif -# endif -#endif - -#if defined(__FreeBSD__) -# include -# if __FreeBSD_version >= 1200000 -# include -# define OSSL_IMPLEMENT_GETAUXVAL - -static unsigned long getauxval(unsigned long key) -{ - unsigned long val = 0ul; - - if (elf_aux_info((int)key, &val, sizeof(val)) != 0) - return 0ul; - - return val; -} -# endif -#endif - -/* I wish was universally available */ -#define HWCAP 16 /* AT_HWCAP */ -#define HWCAP_PPC64 (1U << 30) -#define HWCAP_ALTIVEC (1U << 28) -#define HWCAP_FPU (1U << 27) -#define HWCAP_POWER6_EXT (1U << 9) -#define HWCAP_VSX (1U << 7) - -#define HWCAP2 26 /* AT_HWCAP2 */ -#define HWCAP_VEC_CRYPTO (1U << 25) -#define HWCAP_ARCH_3_00 (1U << 23) - -# if defined(__GNUC__) && __GNUC__>=2 -__attribute__ ((constructor)) -# endif -void OPENSSL_cpuid_setup(void) -{ - char *e; - struct sigaction ill_oact, ill_act; - sigset_t oset; - static int trigger = 0; - - if (trigger) - return; - trigger = 1; - - if ((e = getenv("OPENSSL_ppccap"))) { - OPENSSL_ppccap_P = strtoul(e, NULL, 0); - return; - } - - OPENSSL_ppccap_P = 0; - -#if defined(_AIX) - OPENSSL_ppccap_P |= PPC_FPU; - - if (sizeof(size_t) == 4) { - struct utsname uts; -# if defined(_SC_AIX_KERNEL_BITMODE) - if (sysconf(_SC_AIX_KERNEL_BITMODE) != 64) - return; -# endif - if (uname(&uts) != 0 || atoi(uts.version) < 6) - return; - } - -# if defined(__power_set) - /* - * Value used in __power_set is a single-bit 1<= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; -$flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef; - -$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; -( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or -( $xlate="${dir}perlasm/ppc-xlate.pl" and -f $xlate) or -die "can't locate ppc-xlate.pl"; - -open STDOUT,"| $^X $xlate $flavour \"$output\"" - or die "can't call $xlate: $!"; - -if ($flavour=~/64/) { - $CMPLI="cmpldi"; - $SHRLI="srdi"; - $SIGNX="extsw"; -} else { - $CMPLI="cmplwi"; - $SHRLI="srwi"; - $SIGNX="mr"; -} - -$code=<<___; -.machine "any" -.text - -.globl .OPENSSL_fpu_probe -.align 4 -.OPENSSL_fpu_probe: - fmr f0,f0 - blr - .long 0 - .byte 0,12,0x14,0,0,0,0,0 -.size .OPENSSL_fpu_probe,.-.OPENSSL_fpu_probe -.globl .OPENSSL_ppc64_probe -.align 4 -.OPENSSL_ppc64_probe: - fcfid f1,f1 - extrdi r0,r0,32,0 - blr - .long 0 - .byte 0,12,0x14,0,0,0,0,0 -.size .OPENSSL_ppc64_probe,.-.OPENSSL_ppc64_probe - -.globl .OPENSSL_altivec_probe -.align 4 -.OPENSSL_altivec_probe: - .long 0x10000484 # vor v0,v0,v0 - blr - .long 0 - .byte 0,12,0x14,0,0,0,0,0 -.size .OPENSSL_altivec_probe,.-..OPENSSL_altivec_probe - -.globl .OPENSSL_crypto207_probe -.align 4 -.OPENSSL_crypto207_probe: - lvx_u v0,0,r1 - vcipher v0,v0,v0 - blr - .long 0 - .byte 0,12,0x14,0,0,0,0,0 -.size .OPENSSL_crypto207_probe,.-.OPENSSL_crypto207_probe - -.globl .OPENSSL_madd300_probe -.align 4 -.OPENSSL_madd300_probe: - xor r0,r0,r0 - maddld r3,r0,r0,r0 - maddhdu r3,r0,r0,r0 - blr - .long 0 - .byte 0,12,0x14,0,0,0,0,0 - -.globl .OPENSSL_wipe_cpu -.align 4 -.OPENSSL_wipe_cpu: - xor r0,r0,r0 - fmr f0,f31 - fmr f1,f31 - fmr f2,f31 - mr r3,r1 - fmr f3,f31 - xor r4,r4,r4 - fmr f4,f31 - xor r5,r5,r5 - fmr f5,f31 - xor r6,r6,r6 - fmr f6,f31 - xor r7,r7,r7 - fmr f7,f31 - xor r8,r8,r8 - fmr f8,f31 - xor r9,r9,r9 - fmr f9,f31 - xor r10,r10,r10 - fmr f10,f31 - xor r11,r11,r11 - fmr f11,f31 - xor r12,r12,r12 - fmr f12,f31 - fmr f13,f31 - blr - .long 0 - .byte 0,12,0x14,0,0,0,0,0 -.size .OPENSSL_wipe_cpu,.-.OPENSSL_wipe_cpu - -.globl .OPENSSL_atomic_add -.align 4 -.OPENSSL_atomic_add: -Ladd: lwarx r5,0,r3 - add r0,r4,r5 - stwcx. r0,0,r3 - bne- Ladd - $SIGNX r3,r0 - blr - .long 0 - .byte 0,12,0x14,0,0,0,2,0 - .long 0 -.size .OPENSSL_atomic_add,.-.OPENSSL_atomic_add - -.globl .OPENSSL_rdtsc_mftb -.align 4 -.OPENSSL_rdtsc_mftb: - mftb r3 - blr - .long 0 - .byte 0,12,0x14,0,0,0,0,0 -.size .OPENSSL_rdtsc_mftb,.-.OPENSSL_rdtsc_mftb - -.globl .OPENSSL_rdtsc_mfspr268 -.align 4 -.OPENSSL_rdtsc_mfspr268: - mfspr r3,268 - blr - .long 0 - .byte 0,12,0x14,0,0,0,0,0 -.size .OPENSSL_rdtsc_mfspr268,.-.OPENSSL_rdtsc_mfspr268 - -.globl .OPENSSL_cleanse -.align 4 -.OPENSSL_cleanse: - $CMPLI r4,7 - li r0,0 - bge Lot - $CMPLI r4,0 - beqlr- -Little: mtctr r4 - stb r0,0(r3) - addi r3,r3,1 - bdnz \$-8 - blr -Lot: andi. r5,r3,3 - beq Laligned - stb r0,0(r3) - subi r4,r4,1 - addi r3,r3,1 - b Lot -Laligned: - $SHRLI r5,r4,2 - mtctr r5 - stw r0,0(r3) - addi r3,r3,4 - bdnz \$-8 - andi. r4,r4,3 - bne Little - blr - .long 0 - .byte 0,12,0x14,0,0,0,2,0 - .long 0 -.size .OPENSSL_cleanse,.-.OPENSSL_cleanse - -globl .CRYPTO_memcmp -.align 4 -.CRYPTO_memcmp: - $CMPLI r5,0 - li r0,0 - beq Lno_data - mtctr r5 -Loop_cmp: - lbz r6,0(r3) - addi r3,r3,1 - lbz r7,0(r4) - addi r4,r4,1 - xor r6,r6,r7 - or r0,r0,r6 - bdnz Loop_cmp - -Lno_data: - li r3,0 - sub r3,r3,r0 - extrwi r3,r3,1,0 - blr - .long 0 - .byte 0,12,0x14,0,0,0,3,0 - .long 0 -.size .CRYPTO_memcmp,.-.CRYPTO_memcmp -___ -{ -my ($out,$cnt,$max)=("r3","r4","r5"); -my ($tick,$lasttick)=("r6","r7"); -my ($diff,$lastdiff)=("r8","r9"); - -$code.=<<___; -.globl .OPENSSL_instrument_bus_mftb -.align 4 -.OPENSSL_instrument_bus_mftb: - mtctr $cnt - - mftb $lasttick # collect 1st tick - li $diff,0 - - dcbf 0,$out # flush cache line - lwarx $tick,0,$out # load and lock - add $tick,$tick,$diff - stwcx. $tick,0,$out - stwx $tick,0,$out - -Loop: mftb $tick - sub $diff,$tick,$lasttick - mr $lasttick,$tick - dcbf 0,$out # flush cache line - lwarx $tick,0,$out # load and lock - add $tick,$tick,$diff - stwcx. $tick,0,$out - stwx $tick,0,$out - addi $out,$out,4 # ++$out - bdnz Loop - - mr r3,$cnt - blr - .long 0 - .byte 0,12,0x14,0,0,0,2,0 - .long 0 -.size .OPENSSL_instrument_bus_mftb,.-.OPENSSL_instrument_bus_mftb - -.globl .OPENSSL_instrument_bus2_mftb -.align 4 -.OPENSSL_instrument_bus2_mftb: - mr r0,$cnt - slwi $cnt,$cnt,2 - - mftb $lasttick # collect 1st tick - li $diff,0 - - dcbf 0,$out # flush cache line - lwarx $tick,0,$out # load and lock - add $tick,$tick,$diff - stwcx. $tick,0,$out - stwx $tick,0,$out - - mftb $tick # collect 1st diff - sub $diff,$tick,$lasttick - mr $lasttick,$tick - mr $lastdiff,$diff -Loop2: - dcbf 0,$out # flush cache line - lwarx $tick,0,$out # load and lock - add $tick,$tick,$diff - stwcx. $tick,0,$out - stwx $tick,0,$out - - addic. $max,$max,-1 - beq Ldone2 - - mftb $tick - sub $diff,$tick,$lasttick - mr $lasttick,$tick - cmplw 7,$diff,$lastdiff - mr $lastdiff,$diff - - mfcr $tick # pull cr - not $tick,$tick # flip bits - rlwinm $tick,$tick,1,29,29 # isolate flipped eq bit and scale - - sub. $cnt,$cnt,$tick # conditional --$cnt - add $out,$out,$tick # conditional ++$out - bne Loop2 - -Ldone2: - srwi $cnt,$cnt,2 - sub r3,r0,$cnt - blr - .long 0 - .byte 0,12,0x14,0,0,0,3,0 - .long 0 -.size .OPENSSL_instrument_bus2_mftb,.-.OPENSSL_instrument_bus2_mftb - -.globl .OPENSSL_instrument_bus_mfspr268 -.align 4 -.OPENSSL_instrument_bus_mfspr268: - mtctr $cnt - - mfspr $lasttick,268 # collect 1st tick - li $diff,0 - - dcbf 0,$out # flush cache line - lwarx $tick,0,$out # load and lock - add $tick,$tick,$diff - stwcx. $tick,0,$out - stwx $tick,0,$out - -Loop3: mfspr $tick,268 - sub $diff,$tick,$lasttick - mr $lasttick,$tick - dcbf 0,$out # flush cache line - lwarx $tick,0,$out # load and lock - add $tick,$tick,$diff - stwcx. $tick,0,$out - stwx $tick,0,$out - addi $out,$out,4 # ++$out - bdnz Loop3 - - mr r3,$cnt - blr - .long 0 - .byte 0,12,0x14,0,0,0,2,0 - .long 0 -.size .OPENSSL_instrument_bus_mfspr268,.-.OPENSSL_instrument_bus_mfspr268 - -.globl .OPENSSL_instrument_bus2_mfspr268 -.align 4 -.OPENSSL_instrument_bus2_mfspr268: - mr r0,$cnt - slwi $cnt,$cnt,2 - - mfspr $lasttick,268 # collect 1st tick - li $diff,0 - - dcbf 0,$out # flush cache line - lwarx $tick,0,$out # load and lock - add $tick,$tick,$diff - stwcx. $tick,0,$out - stwx $tick,0,$out - - mfspr $tick,268 # collect 1st diff - sub $diff,$tick,$lasttick - mr $lasttick,$tick - mr $lastdiff,$diff -Loop4: - dcbf 0,$out # flush cache line - lwarx $tick,0,$out # load and lock - add $tick,$tick,$diff - stwcx. $tick,0,$out - stwx $tick,0,$out - - addic. $max,$max,-1 - beq Ldone4 - - mfspr $tick,268 - sub $diff,$tick,$lasttick - mr $lasttick,$tick - cmplw 7,$diff,$lastdiff - mr $lastdiff,$diff - - mfcr $tick # pull cr - not $tick,$tick # flip bits - rlwinm $tick,$tick,1,29,29 # isolate flipped eq bit and scale - - sub. $cnt,$cnt,$tick # conditional --$cnt - add $out,$out,$tick # conditional ++$out - bne Loop4 - -Ldone4: - srwi $cnt,$cnt,2 - sub r3,r0,$cnt - blr - .long 0 - .byte 0,12,0x14,0,0,0,3,0 - .long 0 -.size .OPENSSL_instrument_bus2_mfspr268,.-.OPENSSL_instrument_bus2_mfspr268 -___ -} - -$code =~ s/\`([^\`]*)\`/eval $1/gem; -print $code; -close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/property/README.md b/crypto/property/README.md deleted file mode 100644 index 9d97a69873052cdbb734ed405a6190dc21492770..0000000000000000000000000000000000000000 --- a/crypto/property/README.md +++ /dev/null @@ -1,94 +0,0 @@ -Selecting algorithm implementations by properties -================================================= - -Properties are associated with algorithms and are used to select between -different implementations dynamically. - -This implementation is based on a number of assumptions: - -* Property definition is uncommon. I.e. providers will be loaded and - unloaded relatively infrequently, if at all. - -* The number of distinct property names will be small. - -* Providers will often give the same implementation properties to most or - all of their implemented algorithms. E.g. the FIPS property would be set - across an entire provider. Likewise for, hardware, accelerated, software, - HSM and, perhaps, constant_time. - -* There are a lot of algorithm implementations, therefore property - definitions should be space efficient. However... - -* ... property queries are very common. These must be fast. - -* Property queries come from a small set and are reused many times typically. - I.e. an application tends to use the same set of queries over and over, - rather than spanning a wide variety of queries. - -* Property queries can never add new property definitions. - -Some consequences of these assumptions are: - -* That definition is uncommon and queries are very common, we can treat - the property definitions as almost immutable. Specifically, a query can - never change the state of the definitions. - -* That definition is uncommon and needs to be space efficient, it will - be feasible to use a hash table to contain the names (and possibly also - values) of all properties and to reference these instead of duplicating - strings. Moreover, such a data structure need not be garbage collected. - By converting strings to integers using a structure such as this, string - comparison degenerates to integer comparison. Additionally, lists of - properties can be sorted by the string index which makes comparisons linear - time rather than quadratic time - the O(n log n) sort cost being amortised. - -* A cache for property definitions is also viable, if only implementation - properties are used and not algorithm properties, or at least these are - maintained separately. This cache would be a hash table, indexed by - the property definition string, and algorithms with the same properties - would share their definition structure. Again, reducing space use. - -* A query cache is desirable. This would be a hash table keyed by the - algorithm identifier and the entire query string and it would map to - the chosen algorithm. When a provider is loaded or unloaded, this cache - must be invalidated. The cache will also be invalidated when the global - properties are changed as doing so removes the need to index on both the - global and requested property strings. - -The implementation: - -* [property_lock.c](property_lock.c) - contains some wrapper functions to handle the global - lock more easily. The global lock is held for short periods of time with - per algorithm locking being used for longer intervals. - -* [property_string.c](property_string.c) - contains the string cache which converts property - names and values to small integer indices. Names and values are stored in - separate hash tables. The two Boolean values, the strings "yes" and "no", - are populated as the first two members of the value table. All property - names reserved by OpenSSL are also populated here. No functions are - provided to convert from an index back to the original string (this can be - done by maintaining parallel stacks of strings if required). - -* [property_parse.c](property_parse.c) - contains the property definition and query parsers. - These convert ASCII strings into lists of properties. The resulting - lists are sorted by the name index. Some additional utility functions - for dealing with property lists are also included: comparison of a query - against a definition and merging two queries into a single larger query. - -* [property.c](property.c) - contains the main APIs for defining and using properties. - Algorithms are discovered from their NID and a query string. - The results are cached. - - The caching of query results has to be efficient but it must also be robust - against a denial of service attack. The cache cannot be permitted to grow - without bounds and must garbage collect under-used entries. The garbage - collection does not have to be exact. - -* [defn_cache.c](defn_cache.c) - contains a cache that maps property definition strings to - parsed properties. It is used by property.c to improve performance when - the same definition appears multiple times. diff --git a/crypto/property/build.info b/crypto/property/build.info deleted file mode 100644 index 12a6b8c9de22a7559bb0b730ec4dc662a40c6586..0000000000000000000000000000000000000000 --- a/crypto/property/build.info +++ /dev/null @@ -1,4 +0,0 @@ -LIBS=../../libcrypto -$COMMON=property_string.c property_parse.c property_query.c property.c defn_cache.c -SOURCE[../../libcrypto]=$COMMON property_err.c -SOURCE[../../providers/libfips.a]=$COMMON diff --git a/crypto/property/defn_cache.c b/crypto/property/defn_cache.c deleted file mode 100644 index b4cd67c990010545d3d379cb5fdd048dbba65fe8..0000000000000000000000000000000000000000 --- a/crypto/property/defn_cache.c +++ /dev/null @@ -1,142 +0,0 @@ -/* - * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. - * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include "internal/propertyerr.h" -#include "internal/property.h" -#include "internal/core.h" -#include "property_local.h" - -/* - * Implement a property definition cache. - * These functions assume that they are called under a write lock. - * No attempt is made to clean out the cache, except when it is shut down. - */ - -typedef struct { - const char *prop; - OSSL_PROPERTY_LIST *defn; - char body[1]; -} PROPERTY_DEFN_ELEM; - -DEFINE_LHASH_OF(PROPERTY_DEFN_ELEM); - -static unsigned long property_defn_hash(const PROPERTY_DEFN_ELEM *a) -{ - return OPENSSL_LH_strhash(a->prop); -} - -static int property_defn_cmp(const PROPERTY_DEFN_ELEM *a, - const PROPERTY_DEFN_ELEM *b) -{ - return strcmp(a->prop, b->prop); -} - -static void property_defn_free(PROPERTY_DEFN_ELEM *elem) -{ - ossl_property_free(elem->defn); - OPENSSL_free(elem); -} - -static void property_defns_free(void *vproperty_defns) -{ - LHASH_OF(PROPERTY_DEFN_ELEM) *property_defns = vproperty_defns; - - if (property_defns != NULL) { - lh_PROPERTY_DEFN_ELEM_doall(property_defns, - &property_defn_free); - lh_PROPERTY_DEFN_ELEM_free(property_defns); - } -} - -static void *property_defns_new(OSSL_LIB_CTX *ctx) { - return lh_PROPERTY_DEFN_ELEM_new(&property_defn_hash, &property_defn_cmp); -} - -static const OSSL_LIB_CTX_METHOD property_defns_method = { - OSSL_LIB_CTX_METHOD_DEFAULT_PRIORITY, - property_defns_new, - property_defns_free, -}; - -OSSL_PROPERTY_LIST *ossl_prop_defn_get(OSSL_LIB_CTX *ctx, const char *prop) -{ - PROPERTY_DEFN_ELEM elem, *r; - LHASH_OF(PROPERTY_DEFN_ELEM) *property_defns; - - property_defns = ossl_lib_ctx_get_data(ctx, - OSSL_LIB_CTX_PROPERTY_DEFN_INDEX, - &property_defns_method); - if (property_defns == NULL || !ossl_lib_ctx_read_lock(ctx)) - return NULL; - - elem.prop = prop; - r = lh_PROPERTY_DEFN_ELEM_retrieve(property_defns, &elem); - ossl_lib_ctx_unlock(ctx); - return r != NULL ? r->defn : NULL; -} - -/* - * Cache the property list for a given property string. Callers of this function - * should call ossl_prop_defn_get first to ensure that there is no existing - * cache entry for this property string. - */ -int ossl_prop_defn_set(OSSL_LIB_CTX *ctx, const char *prop, - OSSL_PROPERTY_LIST *pl) -{ - PROPERTY_DEFN_ELEM elem, *old, *p = NULL; - size_t len; - LHASH_OF(PROPERTY_DEFN_ELEM) *property_defns; - int res = 1; - - property_defns = ossl_lib_ctx_get_data(ctx, - OSSL_LIB_CTX_PROPERTY_DEFN_INDEX, - &property_defns_method); - if (property_defns == NULL) - return 0; - - if (prop == NULL) - return 1; - - if (!ossl_lib_ctx_write_lock(ctx)) - return 0; - if (pl == NULL) { - elem.prop = prop; - lh_PROPERTY_DEFN_ELEM_delete(property_defns, &elem); - goto end; - } - len = strlen(prop); - p = OPENSSL_malloc(sizeof(*p) + len); - if (p != NULL) { - p->prop = p->body; - p->defn = pl; - memcpy(p->body, prop, len + 1); - old = lh_PROPERTY_DEFN_ELEM_insert(property_defns, p); - if (!ossl_assert(old == NULL)) { - /* - * This should not happen. Any caller of ossl_prop_defn_set should - * have called ossl_prop_defn_get first - so we should know that - * there is no existing entry. If we get here we have a bug. We - * deliberately leak the |old| reference in order to avoid a crash - * if there are any existing users of it. - */ - goto end; - } - if (!lh_PROPERTY_DEFN_ELEM_error(property_defns)) - goto end; - } - OPENSSL_free(p); - res = 0; - end: - ossl_lib_ctx_unlock(ctx); - return res; -} diff --git a/crypto/property/properties.ebnf b/crypto/property/properties.ebnf deleted file mode 100644 index a55198bd75fa4b5f23827bcdef9ff4466a208c03..0000000000000000000000000000000000000000 --- a/crypto/property/properties.ebnf +++ /dev/null @@ -1,18 +0,0 @@ -(* https://bottlecaps.de/rr/ui *) - -Definition - ::= PropertyName ( '=' Value )? ( ',' PropertyName ( '=' Value )? )* -Query ::= PropertyQuery ( ',' PropertyQuery )* -PropertyQuery ::= '-' PropertyName - | '?'? ( PropertyName (( '=' | '!=' ) Value)?) -Value ::= NumberLiteral - | StringLiteral -StringLiteral ::= QuotedString | UnquotedString -QuotedString ::= '"' [^"]* '"' - | "'" [^']* "'" -UnquotedString ::= [^{space},]+ -NumberLiteral - ::= '0' ( [0-7]* | 'x' [0-9A-Fa-f]+ ) - | '-'? [1-9] [0-9]+ -PropertyName - ::= [A-Z] [A-Z0-9_]* ( '.' [A-Z] [A-Z0-9_]* )* diff --git a/crypto/property/property.c b/crypto/property/property.c deleted file mode 100644 index 2c92cb5e5026dba9201e67a4af72a9ce41de554a..0000000000000000000000000000000000000000 --- a/crypto/property/property.c +++ /dev/null @@ -1,769 +0,0 @@ -/* - * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. - * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include -#include "internal/core.h" -#include "internal/property.h" -#include "internal/provider.h" -#include "internal/tsan_assist.h" -#include "crypto/ctype.h" -#include -#include -#include "internal/thread_once.h" -#include "crypto/lhash.h" -#include "crypto/sparse_array.h" -#include "property_local.h" - -/* - * The number of elements in the query cache before we initiate a flush. - * If reducing this, also ensure the stochastic test in test/property_test.c - * isn't likely to fail. - */ -#define IMPL_CACHE_FLUSH_THRESHOLD 500 - -typedef struct { - void *method; - int (*up_ref)(void *); - void (*free)(void *); -} METHOD; - -typedef struct { - const OSSL_PROVIDER *provider; - OSSL_PROPERTY_LIST *properties; - METHOD method; -} IMPLEMENTATION; - -DEFINE_STACK_OF(IMPLEMENTATION) - -typedef struct { - const OSSL_PROVIDER *provider; - const char *query; - METHOD method; - char body[1]; -} QUERY; - -DEFINE_LHASH_OF(QUERY); - -typedef struct { - int nid; - STACK_OF(IMPLEMENTATION) *impls; - LHASH_OF(QUERY) *cache; -} ALGORITHM; - -struct ossl_method_store_st { - OSSL_LIB_CTX *ctx; - SPARSE_ARRAY_OF(ALGORITHM) *algs; - /* - * Lock to protect the |algs| array from concurrent writing, when - * individual implementations or queries are inserted. This is used - * by the appropriate functions here. - */ - CRYPTO_RWLOCK *lock; - /* - * Lock to reserve the whole store. This is used when fetching a set - * of algorithms, via these functions, found in crypto/core_fetch.c: - * ossl_method_construct_reserve_store() - * ossl_method_construct_unreserve_store() - */ - CRYPTO_RWLOCK *biglock; - - /* query cache specific values */ - - /* Count of the query cache entries for all algs */ - size_t cache_nelem; - - /* Flag: 1 if query cache entries for all algs need flushing */ - int cache_need_flush; -}; - -typedef struct { - LHASH_OF(QUERY) *cache; - size_t nelem; - uint32_t seed; - unsigned char using_global_seed; -} IMPL_CACHE_FLUSH; - -DEFINE_SPARSE_ARRAY_OF(ALGORITHM); - -typedef struct ossl_global_properties_st { - OSSL_PROPERTY_LIST *list; -#ifndef FIPS_MODULE - unsigned int no_mirrored : 1; -#endif -} OSSL_GLOBAL_PROPERTIES; - -static void ossl_method_cache_flush_alg(OSSL_METHOD_STORE *store, - ALGORITHM *alg); -static void ossl_method_cache_flush(OSSL_METHOD_STORE *store, int nid); - -/* Global properties are stored per library context */ -static void ossl_ctx_global_properties_free(void *vglobp) -{ - OSSL_GLOBAL_PROPERTIES *globp = vglobp; - - if (globp != NULL) { - ossl_property_free(globp->list); - OPENSSL_free(globp); - } -} - -static void *ossl_ctx_global_properties_new(OSSL_LIB_CTX *ctx) -{ - return OPENSSL_zalloc(sizeof(OSSL_GLOBAL_PROPERTIES)); -} - -static const OSSL_LIB_CTX_METHOD ossl_ctx_global_properties_method = { - OSSL_LIB_CTX_METHOD_DEFAULT_PRIORITY, - ossl_ctx_global_properties_new, - ossl_ctx_global_properties_free, -}; - -OSSL_PROPERTY_LIST **ossl_ctx_global_properties(OSSL_LIB_CTX *libctx, - int loadconfig) -{ - OSSL_GLOBAL_PROPERTIES *globp; - -#ifndef FIPS_MODULE - if (loadconfig && !OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL)) - return NULL; -#endif - globp = ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_GLOBAL_PROPERTIES, - &ossl_ctx_global_properties_method); - - return globp != NULL ? &globp->list : NULL; -} - -#ifndef FIPS_MODULE -int ossl_global_properties_no_mirrored(OSSL_LIB_CTX *libctx) -{ - OSSL_GLOBAL_PROPERTIES *globp - = ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_GLOBAL_PROPERTIES, - &ossl_ctx_global_properties_method); - - return globp != NULL && globp->no_mirrored ? 1 : 0; -} - -void ossl_global_properties_stop_mirroring(OSSL_LIB_CTX *libctx) -{ - OSSL_GLOBAL_PROPERTIES *globp - = ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_GLOBAL_PROPERTIES, - &ossl_ctx_global_properties_method); - - if (globp != NULL) - globp->no_mirrored = 1; -} -#endif - -static int ossl_method_up_ref(METHOD *method) -{ - return (*method->up_ref)(method->method); -} - -static void ossl_method_free(METHOD *method) -{ - (*method->free)(method->method); -} - -static __owur int ossl_property_read_lock(OSSL_METHOD_STORE *p) -{ - return p != NULL ? CRYPTO_THREAD_read_lock(p->lock) : 0; -} - -static __owur int ossl_property_write_lock(OSSL_METHOD_STORE *p) -{ - return p != NULL ? CRYPTO_THREAD_write_lock(p->lock) : 0; -} - -static int ossl_property_unlock(OSSL_METHOD_STORE *p) -{ - return p != 0 ? CRYPTO_THREAD_unlock(p->lock) : 0; -} - -static unsigned long query_hash(const QUERY *a) -{ - return OPENSSL_LH_strhash(a->query); -} - -static int query_cmp(const QUERY *a, const QUERY *b) -{ - int res = strcmp(a->query, b->query); - - if (res == 0 && a->provider != NULL && b->provider != NULL) - res = b->provider > a->provider ? 1 - : b->provider < a->provider ? -1 - : 0; - return res; -} - -static void impl_free(IMPLEMENTATION *impl) -{ - if (impl != NULL) { - ossl_method_free(&impl->method); - OPENSSL_free(impl); - } -} - -static void impl_cache_free(QUERY *elem) -{ - if (elem != NULL) { - ossl_method_free(&elem->method); - OPENSSL_free(elem); - } -} - -static void impl_cache_flush_alg(ossl_uintmax_t idx, ALGORITHM *alg) -{ - lh_QUERY_doall(alg->cache, &impl_cache_free); - lh_QUERY_flush(alg->cache); -} - -static void alg_cleanup(ossl_uintmax_t idx, ALGORITHM *a, void *arg) -{ - OSSL_METHOD_STORE *store = arg; - - if (a != NULL) { - sk_IMPLEMENTATION_pop_free(a->impls, &impl_free); - lh_QUERY_doall(a->cache, &impl_cache_free); - lh_QUERY_free(a->cache); - OPENSSL_free(a); - } - if (store != NULL) - ossl_sa_ALGORITHM_set(store->algs, idx, NULL); -} - -/* - * The OSSL_LIB_CTX param here allows access to underlying property data needed - * for computation - */ -OSSL_METHOD_STORE *ossl_method_store_new(OSSL_LIB_CTX *ctx) -{ - OSSL_METHOD_STORE *res; - - res = OPENSSL_zalloc(sizeof(*res)); - if (res != NULL) { - res->ctx = ctx; - if ((res->algs = ossl_sa_ALGORITHM_new()) == NULL - || (res->lock = CRYPTO_THREAD_lock_new()) == NULL - || (res->biglock = CRYPTO_THREAD_lock_new()) == NULL) { - ossl_method_store_free(res); - return NULL; - } - } - return res; -} - -void ossl_method_store_free(OSSL_METHOD_STORE *store) -{ - if (store != NULL) { - if (store->algs != NULL) - ossl_sa_ALGORITHM_doall_arg(store->algs, &alg_cleanup, store); - ossl_sa_ALGORITHM_free(store->algs); - CRYPTO_THREAD_lock_free(store->lock); - CRYPTO_THREAD_lock_free(store->biglock); - OPENSSL_free(store); - } -} - -int ossl_method_lock_store(OSSL_METHOD_STORE *store) -{ - return store != NULL ? CRYPTO_THREAD_write_lock(store->biglock) : 0; -} - -int ossl_method_unlock_store(OSSL_METHOD_STORE *store) -{ - return store != NULL ? CRYPTO_THREAD_unlock(store->biglock) : 0; -} - -static ALGORITHM *ossl_method_store_retrieve(OSSL_METHOD_STORE *store, int nid) -{ - return ossl_sa_ALGORITHM_get(store->algs, nid); -} - -static int ossl_method_store_insert(OSSL_METHOD_STORE *store, ALGORITHM *alg) -{ - return ossl_sa_ALGORITHM_set(store->algs, alg->nid, alg); -} - -int ossl_method_store_add(OSSL_METHOD_STORE *store, const OSSL_PROVIDER *prov, - int nid, const char *properties, void *method, - int (*method_up_ref)(void *), - void (*method_destruct)(void *)) -{ - ALGORITHM *alg = NULL; - IMPLEMENTATION *impl; - int ret = 0; - int i; - - if (nid <= 0 || method == NULL || store == NULL) - return 0; - if (properties == NULL) - properties = ""; - - if (!ossl_assert(prov != NULL)) - return 0; - - /* Create new entry */ - impl = OPENSSL_malloc(sizeof(*impl)); - if (impl == NULL) - return 0; - impl->method.method = method; - impl->method.up_ref = method_up_ref; - impl->method.free = method_destruct; - if (!ossl_method_up_ref(&impl->method)) { - OPENSSL_free(impl); - return 0; - } - impl->provider = prov; - - /* Insert into the hash table if required */ - if (!ossl_property_write_lock(store)) { - OPENSSL_free(impl); - return 0; - } - ossl_method_cache_flush(store, nid); - if ((impl->properties = ossl_prop_defn_get(store->ctx, properties)) == NULL) { - impl->properties = ossl_parse_property(store->ctx, properties); - if (impl->properties == NULL) - goto err; - if (!ossl_prop_defn_set(store->ctx, properties, impl->properties)) { - ossl_property_free(impl->properties); - impl->properties = NULL; - goto err; - } - } - - alg = ossl_method_store_retrieve(store, nid); - if (alg == NULL) { - if ((alg = OPENSSL_zalloc(sizeof(*alg))) == NULL - || (alg->impls = sk_IMPLEMENTATION_new_null()) == NULL - || (alg->cache = lh_QUERY_new(&query_hash, &query_cmp)) == NULL) - goto err; - alg->nid = nid; - if (!ossl_method_store_insert(store, alg)) - goto err; - } - - /* Push onto stack if there isn't one there already */ - for (i = 0; i < sk_IMPLEMENTATION_num(alg->impls); i++) { - const IMPLEMENTATION *tmpimpl = sk_IMPLEMENTATION_value(alg->impls, i); - - if (tmpimpl->provider == impl->provider - && tmpimpl->properties == impl->properties) - break; - } - if (i == sk_IMPLEMENTATION_num(alg->impls) - && sk_IMPLEMENTATION_push(alg->impls, impl)) - ret = 1; - ossl_property_unlock(store); - if (ret == 0) - impl_free(impl); - return ret; - -err: - ossl_property_unlock(store); - alg_cleanup(0, alg, NULL); - impl_free(impl); - return 0; -} - -int ossl_method_store_remove(OSSL_METHOD_STORE *store, int nid, - const void *method) -{ - ALGORITHM *alg = NULL; - int i; - - if (nid <= 0 || method == NULL || store == NULL) - return 0; - - if (!ossl_property_write_lock(store)) - return 0; - ossl_method_cache_flush(store, nid); - alg = ossl_method_store_retrieve(store, nid); - if (alg == NULL) { - ossl_property_unlock(store); - return 0; - } - - /* - * A sorting find then a delete could be faster but these stacks should be - * relatively small, so we avoid the overhead. Sorting could also surprise - * users when result orderings change (even though they are not guaranteed). - */ - for (i = 0; i < sk_IMPLEMENTATION_num(alg->impls); i++) { - IMPLEMENTATION *impl = sk_IMPLEMENTATION_value(alg->impls, i); - - if (impl->method.method == method) { - impl_free(impl); - (void)sk_IMPLEMENTATION_delete(alg->impls, i); - ossl_property_unlock(store); - return 1; - } - } - ossl_property_unlock(store); - return 0; -} - -struct alg_cleanup_by_provider_data_st { - OSSL_METHOD_STORE *store; - const OSSL_PROVIDER *prov; -}; - -static void -alg_cleanup_by_provider(ossl_uintmax_t idx, ALGORITHM *alg, void *arg) -{ - struct alg_cleanup_by_provider_data_st *data = arg; - int i, count; - - /* - * We walk the stack backwards, to avoid having to deal with stack shifts - * caused by deletion - */ - for (count = 0, i = sk_IMPLEMENTATION_num(alg->impls); i-- > 0;) { - IMPLEMENTATION *impl = sk_IMPLEMENTATION_value(alg->impls, i); - - if (impl->provider == data->prov) { - impl_free(impl); - (void)sk_IMPLEMENTATION_delete(alg->impls, i); - count++; - } - } - - /* - * If we removed any implementation, we also clear the whole associated - * cache, 'cause that's the sensible thing to do. - * There's no point flushing the cache entries where we didn't remove - * any implementation, though. - */ - if (count > 0) - ossl_method_cache_flush_alg(data->store, alg); -} - -int ossl_method_store_remove_all_provided(OSSL_METHOD_STORE *store, - const OSSL_PROVIDER *prov) -{ - struct alg_cleanup_by_provider_data_st data; - - if (!ossl_property_write_lock(store)) - return 0; - data.prov = prov; - data.store = store; - ossl_sa_ALGORITHM_doall_arg(store->algs, &alg_cleanup_by_provider, &data); - ossl_property_unlock(store); - return 1; -} - -static void alg_do_one(ALGORITHM *alg, IMPLEMENTATION *impl, - void (*fn)(int id, void *method, void *fnarg), - void *fnarg) -{ - fn(alg->nid, impl->method.method, fnarg); -} - -struct alg_do_each_data_st { - void (*fn)(int id, void *method, void *fnarg); - void *fnarg; -}; - -static void alg_do_each(ossl_uintmax_t idx, ALGORITHM *alg, void *arg) -{ - struct alg_do_each_data_st *data = arg; - int i, end = sk_IMPLEMENTATION_num(alg->impls); - - for (i = 0; i < end; i++) { - IMPLEMENTATION *impl = sk_IMPLEMENTATION_value(alg->impls, i); - - alg_do_one(alg, impl, data->fn, data->fnarg); - } -} - -void ossl_method_store_do_all(OSSL_METHOD_STORE *store, - void (*fn)(int id, void *method, void *fnarg), - void *fnarg) -{ - struct alg_do_each_data_st data; - - data.fn = fn; - data.fnarg = fnarg; - if (store != NULL) - ossl_sa_ALGORITHM_doall_arg(store->algs, alg_do_each, &data); -} - -int ossl_method_store_fetch(OSSL_METHOD_STORE *store, - int nid, const char *prop_query, - const OSSL_PROVIDER **prov_rw, void **method) -{ - OSSL_PROPERTY_LIST **plp; - ALGORITHM *alg; - IMPLEMENTATION *impl, *best_impl = NULL; - OSSL_PROPERTY_LIST *pq = NULL, *p2 = NULL; - const OSSL_PROVIDER *prov = prov_rw != NULL ? *prov_rw : NULL; - int ret = 0; - int j, best = -1, score, optional; - -#ifndef FIPS_MODULE - if (!OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL)) - return 0; -#endif - - if (nid <= 0 || method == NULL || store == NULL) - return 0; - - /* This only needs to be a read lock, because the query won't create anything */ - if (!ossl_property_read_lock(store)) - return 0; - alg = ossl_method_store_retrieve(store, nid); - if (alg == NULL) { - ossl_property_unlock(store); - return 0; - } - - if (prop_query != NULL) - p2 = pq = ossl_parse_query(store->ctx, prop_query, 0); - plp = ossl_ctx_global_properties(store->ctx, 0); - if (plp != NULL && *plp != NULL) { - if (pq == NULL) { - pq = *plp; - } else { - p2 = ossl_property_merge(pq, *plp); - ossl_property_free(pq); - if (p2 == NULL) - goto fin; - pq = p2; - } - } - - if (pq == NULL) { - for (j = 0; j < sk_IMPLEMENTATION_num(alg->impls); j++) { - if ((impl = sk_IMPLEMENTATION_value(alg->impls, j)) != NULL - && (prov == NULL || impl->provider == prov)) { - best_impl = impl; - ret = 1; - break; - } - } - goto fin; - } - optional = ossl_property_has_optional(pq); - for (j = 0; j < sk_IMPLEMENTATION_num(alg->impls); j++) { - if ((impl = sk_IMPLEMENTATION_value(alg->impls, j)) != NULL - && (prov == NULL || impl->provider == prov)) { - score = ossl_property_match_count(pq, impl->properties); - if (score > best) { - best_impl = impl; - best = score; - ret = 1; - if (!optional) - goto fin; - } - } - } -fin: - if (ret && ossl_method_up_ref(&best_impl->method)) { - *method = best_impl->method.method; - if (prov_rw != NULL) - *prov_rw = best_impl->provider; - } else { - ret = 0; - } - ossl_property_unlock(store); - ossl_property_free(p2); - return ret; -} - -static void ossl_method_cache_flush_alg(OSSL_METHOD_STORE *store, - ALGORITHM *alg) -{ - store->cache_nelem -= lh_QUERY_num_items(alg->cache); - impl_cache_flush_alg(0, alg); -} - -static void ossl_method_cache_flush(OSSL_METHOD_STORE *store, int nid) -{ - ALGORITHM *alg = ossl_method_store_retrieve(store, nid); - - if (alg != NULL) - ossl_method_cache_flush_alg(store, alg); -} - -int ossl_method_store_cache_flush_all(OSSL_METHOD_STORE *store) -{ - if (!ossl_property_write_lock(store)) - return 0; - ossl_sa_ALGORITHM_doall(store->algs, &impl_cache_flush_alg); - store->cache_nelem = 0; - ossl_property_unlock(store); - return 1; -} - -IMPLEMENT_LHASH_DOALL_ARG(QUERY, IMPL_CACHE_FLUSH); - -/* - * Flush an element from the query cache (perhaps). - * - * In order to avoid taking a write lock or using atomic operations - * to keep accurate least recently used (LRU) or least frequently used - * (LFU) information, the procedure used here is to stochastically - * flush approximately half the cache. - * - * This procedure isn't ideal, LRU or LFU would be better. However, - * in normal operation, reaching a full cache would be unexpected. - * It means that no steady state of algorithm queries has been reached. - * That is, it is most likely an attack of some form. A suboptimal clearance - * strategy that doesn't degrade performance of the normal case is - * preferable to a more refined approach that imposes a performance - * impact. - */ -static void impl_cache_flush_cache(QUERY *c, IMPL_CACHE_FLUSH *state) -{ - uint32_t n; - - /* - * Implement the 32 bit xorshift as suggested by George Marsaglia in: - * https://doi.org/10.18637/jss.v008.i14 - * - * This is a very fast PRNG so there is no need to extract bits one at a - * time and use the entire value each time. - */ - n = state->seed; - n ^= n << 13; - n ^= n >> 17; - n ^= n << 5; - state->seed = n; - - if ((n & 1) != 0) - impl_cache_free(lh_QUERY_delete(state->cache, c)); - else - state->nelem++; -} - -static void impl_cache_flush_one_alg(ossl_uintmax_t idx, ALGORITHM *alg, - void *v) -{ - IMPL_CACHE_FLUSH *state = (IMPL_CACHE_FLUSH *)v; - - state->cache = alg->cache; - lh_QUERY_doall_IMPL_CACHE_FLUSH(state->cache, &impl_cache_flush_cache, - state); -} - -static void ossl_method_cache_flush_some(OSSL_METHOD_STORE *store) -{ - IMPL_CACHE_FLUSH state; - static TSAN_QUALIFIER uint32_t global_seed = 1; - - state.nelem = 0; - state.using_global_seed = 0; - if ((state.seed = OPENSSL_rdtsc()) == 0) { - /* If there is no timer available, seed another way */ - state.using_global_seed = 1; - state.seed = tsan_load(&global_seed); - } - store->cache_need_flush = 0; - ossl_sa_ALGORITHM_doall_arg(store->algs, &impl_cache_flush_one_alg, &state); - store->cache_nelem = state.nelem; - /* Without a timer, update the global seed */ - if (state.using_global_seed) - tsan_store(&global_seed, state.seed); -} - -int ossl_method_store_cache_get(OSSL_METHOD_STORE *store, OSSL_PROVIDER *prov, - int nid, const char *prop_query, void **method) -{ - ALGORITHM *alg; - QUERY elem, *r; - int res = 0; - - if (nid <= 0 || store == NULL || prop_query == NULL) - return 0; - - if (!ossl_property_read_lock(store)) - return 0; - alg = ossl_method_store_retrieve(store, nid); - if (alg == NULL) - goto err; - - elem.query = prop_query; - elem.provider = prov; - r = lh_QUERY_retrieve(alg->cache, &elem); - if (r == NULL) - goto err; - if (ossl_method_up_ref(&r->method)) { - *method = r->method.method; - res = 1; - } -err: - ossl_property_unlock(store); - return res; -} - -int ossl_method_store_cache_set(OSSL_METHOD_STORE *store, OSSL_PROVIDER *prov, - int nid, const char *prop_query, void *method, - int (*method_up_ref)(void *), - void (*method_destruct)(void *)) -{ - QUERY elem, *old, *p = NULL; - ALGORITHM *alg; - size_t len; - int res = 1; - - if (nid <= 0 || store == NULL || prop_query == NULL) - return 0; - - if (!ossl_assert(prov != NULL)) - return 0; - - if (!ossl_property_write_lock(store)) - return 0; - if (store->cache_need_flush) - ossl_method_cache_flush_some(store); - alg = ossl_method_store_retrieve(store, nid); - if (alg == NULL) - goto err; - - if (method == NULL) { - elem.query = prop_query; - elem.provider = prov; - if ((old = lh_QUERY_delete(alg->cache, &elem)) != NULL) { - impl_cache_free(old); - store->cache_nelem--; - } - goto end; - } - p = OPENSSL_malloc(sizeof(*p) + (len = strlen(prop_query))); - if (p != NULL) { - p->query = p->body; - p->provider = prov; - p->method.method = method; - p->method.up_ref = method_up_ref; - p->method.free = method_destruct; - if (!ossl_method_up_ref(&p->method)) - goto err; - memcpy((char *)p->query, prop_query, len + 1); - if ((old = lh_QUERY_insert(alg->cache, p)) != NULL) { - impl_cache_free(old); - goto end; - } - if (!lh_QUERY_error(alg->cache)) { - if (++store->cache_nelem >= IMPL_CACHE_FLUSH_THRESHOLD) - store->cache_need_flush = 1; - goto end; - } - ossl_method_free(&p->method); - } -err: - res = 0; - OPENSSL_free(p); -end: - ossl_property_unlock(store); - return res; -} diff --git a/crypto/property/property_err.c b/crypto/property/property_err.c deleted file mode 100644 index 9a25d602282ef8dc6fc883a8d3a109d989211723..0000000000000000000000000000000000000000 --- a/crypto/property/property_err.c +++ /dev/null @@ -1,46 +0,0 @@ -/* - * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/propertyerr.h" - -#ifndef OPENSSL_NO_ERR - -static const ERR_STRING_DATA PROP_str_reasons[] = { - {ERR_PACK(ERR_LIB_PROP, 0, PROP_R_NAME_TOO_LONG), "name too long"}, - {ERR_PACK(ERR_LIB_PROP, 0, PROP_R_NOT_AN_ASCII_CHARACTER), - "not an ascii character"}, - {ERR_PACK(ERR_LIB_PROP, 0, PROP_R_NOT_AN_HEXADECIMAL_DIGIT), - "not an hexadecimal digit"}, - {ERR_PACK(ERR_LIB_PROP, 0, PROP_R_NOT_AN_IDENTIFIER), "not an identifier"}, - {ERR_PACK(ERR_LIB_PROP, 0, PROP_R_NOT_AN_OCTAL_DIGIT), - "not an octal digit"}, - {ERR_PACK(ERR_LIB_PROP, 0, PROP_R_NOT_A_DECIMAL_DIGIT), - "not a decimal digit"}, - {ERR_PACK(ERR_LIB_PROP, 0, PROP_R_NO_MATCHING_STRING_DELIMITER), - "no matching string delimiter"}, - {ERR_PACK(ERR_LIB_PROP, 0, PROP_R_NO_VALUE), "no value"}, - {ERR_PACK(ERR_LIB_PROP, 0, PROP_R_PARSE_FAILED), "parse failed"}, - {ERR_PACK(ERR_LIB_PROP, 0, PROP_R_STRING_TOO_LONG), "string too long"}, - {ERR_PACK(ERR_LIB_PROP, 0, PROP_R_TRAILING_CHARACTERS), - "trailing characters"}, - {0, NULL} -}; - -#endif - -int ossl_err_load_PROP_strings(void) -{ -#ifndef OPENSSL_NO_ERR - if (ERR_reason_error_string(PROP_str_reasons[0].error) == NULL) - ERR_load_strings_const(PROP_str_reasons); -#endif - return 1; -} diff --git a/crypto/property/property_local.h b/crypto/property/property_local.h deleted file mode 100644 index 6b85ce1586e80954934e59c1d5212cf6abb005c0..0000000000000000000000000000000000000000 --- a/crypto/property/property_local.h +++ /dev/null @@ -1,55 +0,0 @@ -/* - * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. - * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/property.h" - -typedef int OSSL_PROPERTY_IDX; - -typedef enum { - OSSL_PROPERTY_OPER_EQ, OSSL_PROPERTY_OPER_NE, OSSL_PROPERTY_OVERRIDE -} OSSL_PROPERTY_OPER; - -struct ossl_property_definition_st { - OSSL_PROPERTY_IDX name_idx; - OSSL_PROPERTY_TYPE type; - OSSL_PROPERTY_OPER oper; - unsigned int optional : 1; - union { - int64_t int_val; /* Signed integer */ - OSSL_PROPERTY_IDX str_val; /* String */ - } v; -}; - -struct ossl_property_list_st { - int num_properties; - unsigned int has_optional : 1; - OSSL_PROPERTY_DEFINITION properties[1]; -}; - -#define OSSL_PROPERTY_TRUE 1 -#define OSSL_PROPERTY_FALSE 2 - -/* Property string functions */ -OSSL_PROPERTY_IDX ossl_property_name(OSSL_LIB_CTX *ctx, const char *s, - int create); -const char *ossl_property_name_str(OSSL_LIB_CTX *ctx, OSSL_PROPERTY_IDX idx); -OSSL_PROPERTY_IDX ossl_property_value(OSSL_LIB_CTX *ctx, const char *s, - int create); -const char *ossl_property_value_str(OSSL_LIB_CTX *ctx, OSSL_PROPERTY_IDX idx); - -/* Property list functions */ -void ossl_property_free(OSSL_PROPERTY_LIST *p); -int ossl_property_has_optional(const OSSL_PROPERTY_LIST *query); - -/* Property definition cache functions */ -OSSL_PROPERTY_LIST *ossl_prop_defn_get(OSSL_LIB_CTX *ctx, const char *prop); -int ossl_prop_defn_set(OSSL_LIB_CTX *ctx, const char *prop, - OSSL_PROPERTY_LIST *pl); diff --git a/crypto/property/property_parse.c b/crypto/property/property_parse.c deleted file mode 100644 index ca2bd33381bfdd03a435318c118b78d5b1c0d9bd..0000000000000000000000000000000000000000 --- a/crypto/property/property_parse.c +++ /dev/null @@ -1,706 +0,0 @@ -/* - * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. - * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include -#include "internal/propertyerr.h" -#include "internal/property.h" -#include "crypto/ctype.h" -#include "internal/nelem.h" -#include "property_local.h" -#include "e_os.h" - -DEFINE_STACK_OF(OSSL_PROPERTY_DEFINITION) - -static const char *skip_space(const char *s) -{ - while (ossl_isspace(*s)) - s++; - return s; -} - -static int match_ch(const char *t[], char m) -{ - const char *s = *t; - - if (*s == m) { - *t = skip_space(s + 1); - return 1; - } - return 0; -} - -#define MATCH(s, m) match(s, m, sizeof(m) - 1) - -static int match(const char *t[], const char m[], size_t m_len) -{ - const char *s = *t; - - if (OPENSSL_strncasecmp(s, m, m_len) == 0) { - *t = skip_space(s + m_len); - return 1; - } - return 0; -} - -static int parse_name(OSSL_LIB_CTX *ctx, const char *t[], int create, - OSSL_PROPERTY_IDX *idx) -{ - char name[100]; - int err = 0; - size_t i = 0; - const char *s = *t; - int user_name = 0; - - for (;;) { - if (!ossl_isalpha(*s)) { - ERR_raise_data(ERR_LIB_PROP, PROP_R_NOT_AN_IDENTIFIER, - "HERE-->%s", *t); - return 0; - } - do { - if (i < sizeof(name) - 1) - name[i++] = ossl_tolower(*s); - else - err = 1; - } while (*++s == '_' || ossl_isalnum(*s)); - if (*s != '.') - break; - user_name = 1; - if (i < sizeof(name) - 1) - name[i++] = *s; - else - err = 1; - s++; - } - name[i] = '\0'; - if (err) { - ERR_raise_data(ERR_LIB_PROP, PROP_R_NAME_TOO_LONG, "HERE-->%s", *t); - return 0; - } - *t = skip_space(s); - *idx = ossl_property_name(ctx, name, user_name && create); - return 1; -} - -static int parse_number(const char *t[], OSSL_PROPERTY_DEFINITION *res) -{ - const char *s = *t; - int64_t v = 0; - - if (!ossl_isdigit(*s)) - return 0; - do { - v = v * 10 + (*s++ - '0'); - } while (ossl_isdigit(*s)); - if (!ossl_isspace(*s) && *s != '\0' && *s != ',') { - ERR_raise_data(ERR_LIB_PROP, PROP_R_NOT_A_DECIMAL_DIGIT, - "HERE-->%s", *t); - return 0; - } - *t = skip_space(s); - res->type = OSSL_PROPERTY_TYPE_NUMBER; - res->v.int_val = v; - return 1; -} - -static int parse_hex(const char *t[], OSSL_PROPERTY_DEFINITION *res) -{ - const char *s = *t; - int64_t v = 0; - - if (!ossl_isxdigit(*s)) - return 0; - do { - v <<= 4; - if (ossl_isdigit(*s)) - v += *s - '0'; - else - v += ossl_tolower(*s) - 'a'; - } while (ossl_isxdigit(*++s)); - if (!ossl_isspace(*s) && *s != '\0' && *s != ',') { - ERR_raise_data(ERR_LIB_PROP, PROP_R_NOT_AN_HEXADECIMAL_DIGIT, - "HERE-->%s", *t); - return 0; - } - *t = skip_space(s); - res->type = OSSL_PROPERTY_TYPE_NUMBER; - res->v.int_val = v; - return 1; -} - -static int parse_oct(const char *t[], OSSL_PROPERTY_DEFINITION *res) -{ - const char *s = *t; - int64_t v = 0; - - if (*s == '9' || *s == '8' || !ossl_isdigit(*s)) - return 0; - do { - v = (v << 3) + (*s - '0'); - } while (ossl_isdigit(*++s) && *s != '9' && *s != '8'); - if (!ossl_isspace(*s) && *s != '\0' && *s != ',') { - ERR_raise_data(ERR_LIB_PROP, PROP_R_NOT_AN_OCTAL_DIGIT, - "HERE-->%s", *t); - return 0; - } - *t = skip_space(s); - res->type = OSSL_PROPERTY_TYPE_NUMBER; - res->v.int_val = v; - return 1; -} - -static int parse_string(OSSL_LIB_CTX *ctx, const char *t[], char delim, - OSSL_PROPERTY_DEFINITION *res, const int create) -{ - char v[1000]; - const char *s = *t; - size_t i = 0; - int err = 0; - - while (*s != '\0' && *s != delim) { - if (i < sizeof(v) - 1) - v[i++] = *s; - else - err = 1; - s++; - } - if (*s == '\0') { - ERR_raise_data(ERR_LIB_PROP, PROP_R_NO_MATCHING_STRING_DELIMITER, - "HERE-->%c%s", delim, *t); - return 0; - } - v[i] = '\0'; - if (err) { - ERR_raise_data(ERR_LIB_PROP, PROP_R_STRING_TOO_LONG, "HERE-->%s", *t); - } else { - res->v.str_val = ossl_property_value(ctx, v, create); - } - *t = skip_space(s + 1); - res->type = OSSL_PROPERTY_TYPE_STRING; - return !err; -} - -static int parse_unquoted(OSSL_LIB_CTX *ctx, const char *t[], - OSSL_PROPERTY_DEFINITION *res, const int create) -{ - char v[1000]; - const char *s = *t; - size_t i = 0; - int err = 0; - - if (*s == '\0' || *s == ',') - return 0; - while (ossl_isprint(*s) && !ossl_isspace(*s) && *s != ',') { - if (i < sizeof(v) - 1) - v[i++] = ossl_tolower(*s); - else - err = 1; - s++; - } - if (!ossl_isspace(*s) && *s != '\0' && *s != ',') { - ERR_raise_data(ERR_LIB_PROP, PROP_R_NOT_AN_ASCII_CHARACTER, - "HERE-->%s", s); - return 0; - } - v[i] = 0; - if (err) - ERR_raise_data(ERR_LIB_PROP, PROP_R_STRING_TOO_LONG, "HERE-->%s", *t); - else if ((res->v.str_val = ossl_property_value(ctx, v, create)) == 0) - err = 1; - *t = skip_space(s); - res->type = OSSL_PROPERTY_TYPE_STRING; - return !err; -} - -static int parse_value(OSSL_LIB_CTX *ctx, const char *t[], - OSSL_PROPERTY_DEFINITION *res, int create) -{ - const char *s = *t; - int r = 0; - - if (*s == '"' || *s == '\'') { - s++; - r = parse_string(ctx, &s, s[-1], res, create); - } else if (*s == '+') { - s++; - r = parse_number(&s, res); - } else if (*s == '-') { - s++; - r = parse_number(&s, res); - res->v.int_val = -res->v.int_val; - } else if (*s == '0' && s[1] == 'x') { - s += 2; - r = parse_hex(&s, res); - } else if (*s == '0' && ossl_isdigit(s[1])) { - s++; - r = parse_oct(&s, res); - } else if (ossl_isdigit(*s)) { - return parse_number(t, res); - } else if (ossl_isalpha(*s)) - return parse_unquoted(ctx, t, res, create); - if (r) - *t = s; - return r; -} - -static int pd_compare(const OSSL_PROPERTY_DEFINITION *const *p1, - const OSSL_PROPERTY_DEFINITION *const *p2) -{ - const OSSL_PROPERTY_DEFINITION *pd1 = *p1; - const OSSL_PROPERTY_DEFINITION *pd2 = *p2; - - if (pd1->name_idx < pd2->name_idx) - return -1; - if (pd1->name_idx > pd2->name_idx) - return 1; - return 0; -} - -static void pd_free(OSSL_PROPERTY_DEFINITION *pd) -{ - OPENSSL_free(pd); -} - -/* - * Convert a stack of property definitions and queries into a fixed array. - * The items are sorted for efficient query. The stack is not freed. - * This function also checks for duplicated names and returns an error if - * any exist. - */ -static OSSL_PROPERTY_LIST * -stack_to_property_list(OSSL_LIB_CTX *ctx, - STACK_OF(OSSL_PROPERTY_DEFINITION) *sk) -{ - const int n = sk_OSSL_PROPERTY_DEFINITION_num(sk); - OSSL_PROPERTY_LIST *r; - OSSL_PROPERTY_IDX prev_name_idx = 0; - int i; - - r = OPENSSL_malloc(sizeof(*r) - + (n <= 0 ? 0 : n - 1) * sizeof(r->properties[0])); - if (r != NULL) { - sk_OSSL_PROPERTY_DEFINITION_sort(sk); - - r->has_optional = 0; - for (i = 0; i < n; i++) { - r->properties[i] = *sk_OSSL_PROPERTY_DEFINITION_value(sk, i); - r->has_optional |= r->properties[i].optional; - - /* Check for duplicated names */ - if (i > 0 && r->properties[i].name_idx == prev_name_idx) { - OPENSSL_free(r); - ERR_raise_data(ERR_LIB_PROP, PROP_R_PARSE_FAILED, - "Duplicated name `%s'", - ossl_property_name_str(ctx, prev_name_idx)); - return NULL; - } - prev_name_idx = r->properties[i].name_idx; - } - r->num_properties = n; - } - return r; -} - -OSSL_PROPERTY_LIST *ossl_parse_property(OSSL_LIB_CTX *ctx, const char *defn) -{ - OSSL_PROPERTY_DEFINITION *prop = NULL; - OSSL_PROPERTY_LIST *res = NULL; - STACK_OF(OSSL_PROPERTY_DEFINITION) *sk; - const char *s = defn; - int done; - - if (s == NULL || (sk = sk_OSSL_PROPERTY_DEFINITION_new(&pd_compare)) == NULL) - return NULL; - - s = skip_space(s); - done = *s == '\0'; - while (!done) { - const char *start = s; - - prop = OPENSSL_malloc(sizeof(*prop)); - if (prop == NULL) - goto err; - memset(&prop->v, 0, sizeof(prop->v)); - prop->optional = 0; - if (!parse_name(ctx, &s, 1, &prop->name_idx)) - goto err; - prop->oper = OSSL_PROPERTY_OPER_EQ; - if (prop->name_idx == 0) { - ERR_raise_data(ERR_LIB_PROP, PROP_R_PARSE_FAILED, - "Unknown name HERE-->%s", start); - goto err; - } - if (match_ch(&s, '=')) { - if (!parse_value(ctx, &s, prop, 1)) { - ERR_raise_data(ERR_LIB_PROP, PROP_R_NO_VALUE, - "HERE-->%s", start); - goto err; - } - } else { - /* A name alone means a true Boolean */ - prop->type = OSSL_PROPERTY_TYPE_STRING; - prop->v.str_val = OSSL_PROPERTY_TRUE; - } - - if (!sk_OSSL_PROPERTY_DEFINITION_push(sk, prop)) - goto err; - prop = NULL; - done = !match_ch(&s, ','); - } - if (*s != '\0') { - ERR_raise_data(ERR_LIB_PROP, PROP_R_TRAILING_CHARACTERS, - "HERE-->%s", s); - goto err; - } - res = stack_to_property_list(ctx, sk); - -err: - OPENSSL_free(prop); - sk_OSSL_PROPERTY_DEFINITION_pop_free(sk, &pd_free); - return res; -} - -OSSL_PROPERTY_LIST *ossl_parse_query(OSSL_LIB_CTX *ctx, const char *s, - int create_values) -{ - STACK_OF(OSSL_PROPERTY_DEFINITION) *sk; - OSSL_PROPERTY_LIST *res = NULL; - OSSL_PROPERTY_DEFINITION *prop = NULL; - int done; - - if (s == NULL || (sk = sk_OSSL_PROPERTY_DEFINITION_new(&pd_compare)) == NULL) - return NULL; - - s = skip_space(s); - done = *s == '\0'; - while (!done) { - prop = OPENSSL_malloc(sizeof(*prop)); - if (prop == NULL) - goto err; - memset(&prop->v, 0, sizeof(prop->v)); - - if (match_ch(&s, '-')) { - prop->oper = OSSL_PROPERTY_OVERRIDE; - prop->optional = 0; - if (!parse_name(ctx, &s, 1, &prop->name_idx)) - goto err; - goto skip_value; - } - prop->optional = match_ch(&s, '?'); - if (!parse_name(ctx, &s, 1, &prop->name_idx)) - goto err; - - if (match_ch(&s, '=')) { - prop->oper = OSSL_PROPERTY_OPER_EQ; - } else if (MATCH(&s, "!=")) { - prop->oper = OSSL_PROPERTY_OPER_NE; - } else { - /* A name alone is a Boolean comparison for true */ - prop->oper = OSSL_PROPERTY_OPER_EQ; - prop->type = OSSL_PROPERTY_TYPE_STRING; - prop->v.str_val = OSSL_PROPERTY_TRUE; - goto skip_value; - } - if (!parse_value(ctx, &s, prop, create_values)) - prop->type = OSSL_PROPERTY_TYPE_VALUE_UNDEFINED; - -skip_value: - if (!sk_OSSL_PROPERTY_DEFINITION_push(sk, prop)) - goto err; - prop = NULL; - done = !match_ch(&s, ','); - } - if (*s != '\0') { - ERR_raise_data(ERR_LIB_PROP, PROP_R_TRAILING_CHARACTERS, - "HERE-->%s", s); - goto err; - } - res = stack_to_property_list(ctx, sk); - -err: - OPENSSL_free(prop); - sk_OSSL_PROPERTY_DEFINITION_pop_free(sk, &pd_free); - return res; -} - -/* - * Compare a query against a definition. - * Return the number of clauses matched or -1 if a mandatory clause is false. - */ -int ossl_property_match_count(const OSSL_PROPERTY_LIST *query, - const OSSL_PROPERTY_LIST *defn) -{ - const OSSL_PROPERTY_DEFINITION *const q = query->properties; - const OSSL_PROPERTY_DEFINITION *const d = defn->properties; - int i = 0, j = 0, matches = 0; - OSSL_PROPERTY_OPER oper; - - while (i < query->num_properties) { - if ((oper = q[i].oper) == OSSL_PROPERTY_OVERRIDE) { - i++; - continue; - } - if (j < defn->num_properties) { - if (q[i].name_idx > d[j].name_idx) { /* skip defn, not in query */ - j++; - continue; - } - if (q[i].name_idx == d[j].name_idx) { /* both in defn and query */ - const int eq = q[i].type == d[j].type - && memcmp(&q[i].v, &d[j].v, sizeof(q[i].v)) == 0; - - if ((eq && oper == OSSL_PROPERTY_OPER_EQ) - || (!eq && oper == OSSL_PROPERTY_OPER_NE)) - matches++; - else if (!q[i].optional) - return -1; - i++; - j++; - continue; - } - } - - /* - * Handle the cases of a missing value and a query with no corresponding - * definition. The former fails for any comparison except inequality, - * the latter is treated as a comparison against the Boolean false. - */ - if (q[i].type == OSSL_PROPERTY_TYPE_VALUE_UNDEFINED) { - if (oper == OSSL_PROPERTY_OPER_NE) - matches++; - else if (!q[i].optional) - return -1; - } else if (q[i].type != OSSL_PROPERTY_TYPE_STRING - || (oper == OSSL_PROPERTY_OPER_EQ - && q[i].v.str_val != OSSL_PROPERTY_FALSE) - || (oper == OSSL_PROPERTY_OPER_NE - && q[i].v.str_val == OSSL_PROPERTY_FALSE)) { - if (!q[i].optional) - return -1; - } else { - matches++; - } - i++; - } - return matches; -} - -void ossl_property_free(OSSL_PROPERTY_LIST *p) -{ - OPENSSL_free(p); -} - -/* - * Merge two property lists. - * If there is a common name, the one from the first list is used. - */ -OSSL_PROPERTY_LIST *ossl_property_merge(const OSSL_PROPERTY_LIST *a, - const OSSL_PROPERTY_LIST *b) -{ - const OSSL_PROPERTY_DEFINITION *const ap = a->properties; - const OSSL_PROPERTY_DEFINITION *const bp = b->properties; - const OSSL_PROPERTY_DEFINITION *copy; - OSSL_PROPERTY_LIST *r; - int i, j, n; - const int t = a->num_properties + b->num_properties; - - r = OPENSSL_malloc(sizeof(*r) - + (t == 0 ? 0 : t - 1) * sizeof(r->properties[0])); - if (r == NULL) - return NULL; - - r->has_optional = 0; - for (i = j = n = 0; i < a->num_properties || j < b->num_properties; n++) { - if (i >= a->num_properties) { - copy = &bp[j++]; - } else if (j >= b->num_properties) { - copy = &ap[i++]; - } else if (ap[i].name_idx <= bp[j].name_idx) { - if (ap[i].name_idx == bp[j].name_idx) - j++; - copy = &ap[i++]; - } else { - copy = &bp[j++]; - } - memcpy(r->properties + n, copy, sizeof(r->properties[0])); - r->has_optional |= copy->optional; - } - r->num_properties = n; - if (n != t) - r = OPENSSL_realloc(r, sizeof(*r) + (n - 1) * sizeof(r->properties[0])); - return r; -} - -int ossl_property_parse_init(OSSL_LIB_CTX *ctx) -{ - static const char *const predefined_names[] = { - "provider", /* Name of provider (default, legacy, fips) */ - "version", /* Version number of this provider */ - "fips", /* FIPS validated or FIPS supporting algorithm */ - "output", /* Output type for encoders */ - "input", /* Input type for decoders */ - "structure", /* Structure name for encoders and decoders */ - }; - size_t i; - - for (i = 0; i < OSSL_NELEM(predefined_names); i++) - if (ossl_property_name(ctx, predefined_names[i], 1) == 0) - goto err; - - /* - * Pre-populate the two Boolean values. We must do them before any other - * values and in this order so that we get the same index as the global - * OSSL_PROPERTY_TRUE and OSSL_PROPERTY_FALSE values - */ - if ((ossl_property_value(ctx, "yes", 1) != OSSL_PROPERTY_TRUE) - || (ossl_property_value(ctx, "no", 1) != OSSL_PROPERTY_FALSE)) - goto err; - - return 1; -err: - return 0; -} - -static void put_char(char ch, char **buf, size_t *remain, size_t *needed) -{ - if (*remain == 0) { - ++*needed; - return; - } - if (*remain == 1) - **buf = '\0'; - else - **buf = ch; - ++*buf; - ++*needed; - --*remain; -} - -static void put_str(const char *str, char **buf, size_t *remain, size_t *needed) -{ - size_t olen, len; - - len = olen = strlen(str); - *needed += len; - - if (*remain == 0) - return; - - if (*remain < len + 1) - len = *remain - 1; - - if (len > 0) { - memcpy(*buf, str, len); - *buf += len; - *remain -= len; - } - - if (len < olen && *remain == 1) { - **buf = '\0'; - ++*buf; - --*remain; - } -} - -static void put_num(int64_t val, char **buf, size_t *remain, size_t *needed) -{ - int64_t tmpval = val; - size_t len = 1; - - if (tmpval < 0) { - len++; - tmpval = -tmpval; - } - for (; tmpval > 9; len++, tmpval /= 10); - - *needed += len; - - if (*remain == 0) - return; - - BIO_snprintf(*buf, *remain, "%lld", (long long int)val); - if (*remain < len) { - *buf += *remain; - *remain = 0; - } else { - *buf += len; - *remain -= len; - } -} - -size_t ossl_property_list_to_string(OSSL_LIB_CTX *ctx, - const OSSL_PROPERTY_LIST *list, char *buf, - size_t bufsize) -{ - int i; - const OSSL_PROPERTY_DEFINITION *prop = NULL; - size_t needed = 0; - const char *val; - - if (list == NULL) { - if (bufsize > 0) - *buf = '\0'; - return 1; - } - if (list->num_properties != 0) - prop = &list->properties[list->num_properties - 1]; - for (i = 0; i < list->num_properties; i++, prop--) { - /* Skip invalid names */ - if (prop->name_idx == 0) - continue; - - if (needed > 0) - put_char(',', &buf, &bufsize, &needed); - - if (prop->optional) - put_char('?', &buf, &bufsize, &needed); - else if (prop->oper == OSSL_PROPERTY_OVERRIDE) - put_char('-', &buf, &bufsize, &needed); - - val = ossl_property_name_str(ctx, prop->name_idx); - if (val == NULL) - return 0; - put_str(val, &buf, &bufsize, &needed); - - switch (prop->oper) { - case OSSL_PROPERTY_OPER_NE: - put_char('!', &buf, &bufsize, &needed); - /* fall through */ - case OSSL_PROPERTY_OPER_EQ: - put_char('=', &buf, &bufsize, &needed); - /* put value */ - switch (prop->type) { - case OSSL_PROPERTY_TYPE_STRING: - val = ossl_property_value_str(ctx, prop->v.str_val); - if (val == NULL) - return 0; - put_str(val, &buf, &bufsize, &needed); - break; - - case OSSL_PROPERTY_TYPE_NUMBER: - put_num(prop->v.int_val, &buf, &bufsize, &needed); - break; - - default: - return 0; - } - break; - default: - /* do nothing */ - break; - } - } - - put_char('\0', &buf, &bufsize, &needed); - return needed; -} diff --git a/crypto/property/property_query.c b/crypto/property/property_query.c deleted file mode 100644 index 28cc704840a49cb17154e048375404031d4eee0f..0000000000000000000000000000000000000000 --- a/crypto/property/property_query.c +++ /dev/null @@ -1,82 +0,0 @@ -/* - * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include "internal/propertyerr.h" -#include "internal/property.h" -#include "property_local.h" - -static int property_idx_cmp(const void *keyp, const void *compare) -{ - OSSL_PROPERTY_IDX key = *(const OSSL_PROPERTY_IDX *)keyp; - const OSSL_PROPERTY_DEFINITION *defn = - (const OSSL_PROPERTY_DEFINITION *)compare; - - return key - defn->name_idx; -} - -const OSSL_PROPERTY_DEFINITION * -ossl_property_find_property(const OSSL_PROPERTY_LIST *list, - OSSL_LIB_CTX *libctx, const char *name) -{ - OSSL_PROPERTY_IDX name_idx; - - if (list == NULL || name == NULL - || (name_idx = ossl_property_name(libctx, name, 0)) == 0) - return NULL; - - return ossl_bsearch(&name_idx, list->properties, list->num_properties, - sizeof(*list->properties), &property_idx_cmp, 0); -} - -OSSL_PROPERTY_TYPE ossl_property_get_type(const OSSL_PROPERTY_DEFINITION *prop) -{ - return prop->type; -} - -const char *ossl_property_get_string_value(OSSL_LIB_CTX *libctx, - const OSSL_PROPERTY_DEFINITION *prop) -{ - const char *value = NULL; - - if (prop != NULL && prop->type == OSSL_PROPERTY_TYPE_STRING) - value = ossl_property_value_str(libctx, prop->v.str_val); - return value; -} - -int64_t ossl_property_get_number_value(const OSSL_PROPERTY_DEFINITION *prop) -{ - int64_t value = 0; - - if (prop != NULL && prop->type == OSSL_PROPERTY_TYPE_NUMBER) - value = prop->v.int_val; - return value; -} - -/* Does a property query have any optional clauses */ -int ossl_property_has_optional(const OSSL_PROPERTY_LIST *query) -{ - return query->has_optional ? 1 : 0; -} - -int ossl_property_is_enabled(OSSL_LIB_CTX *ctx, const char *property_name, - const OSSL_PROPERTY_LIST *prop_list) -{ - const OSSL_PROPERTY_DEFINITION *prop; - - prop = ossl_property_find_property(prop_list, ctx, property_name); - /* Do a separate check for override as it does not set type */ - if (prop == NULL || prop->optional || prop->oper == OSSL_PROPERTY_OVERRIDE) - return 0; - return (prop->type == OSSL_PROPERTY_TYPE_STRING - && ((prop->oper == OSSL_PROPERTY_OPER_EQ - && prop->v.str_val == OSSL_PROPERTY_TRUE) - || (prop->oper == OSSL_PROPERTY_OPER_NE - && prop->v.str_val != OSSL_PROPERTY_TRUE))); -} - diff --git a/crypto/property/property_string.c b/crypto/property/property_string.c deleted file mode 100644 index ef87a6a7823581102238c3c0d00608701549ea32..0000000000000000000000000000000000000000 --- a/crypto/property/property_string.c +++ /dev/null @@ -1,246 +0,0 @@ -/* - * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. - * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include "crypto/lhash.h" -#include "property_local.h" - -/* - * Property strings are a consolidation of all strings seen by the property - * subsystem. There are two name spaces to keep property names separate from - * property values (numeric values are not expected to be cached however). - * They allow a rapid conversion from a string to a unique index and any - * subsequent string comparison can be done via an integer compare. - * - * This implementation uses OpenSSL's standard hash table. There are more - * space and time efficient algorithms if this becomes a bottleneck. - */ - -typedef struct { - const char *s; - OSSL_PROPERTY_IDX idx; - char body[1]; -} PROPERTY_STRING; - -DEFINE_LHASH_OF(PROPERTY_STRING); -typedef LHASH_OF(PROPERTY_STRING) PROP_TABLE; - -typedef struct { - CRYPTO_RWLOCK *lock; - PROP_TABLE *prop_names; - PROP_TABLE *prop_values; - OSSL_PROPERTY_IDX prop_name_idx; - OSSL_PROPERTY_IDX prop_value_idx; -} PROPERTY_STRING_DATA; - -static unsigned long property_hash(const PROPERTY_STRING *a) -{ - return OPENSSL_LH_strhash(a->s); -} - -static int property_cmp(const PROPERTY_STRING *a, const PROPERTY_STRING *b) -{ - return strcmp(a->s, b->s); -} - -static void property_free(PROPERTY_STRING *ps) -{ - OPENSSL_free(ps); -} - -static void property_table_free(PROP_TABLE **pt) -{ - PROP_TABLE *t = *pt; - - if (t != NULL) { - lh_PROPERTY_STRING_doall(t, &property_free); - lh_PROPERTY_STRING_free(t); - *pt = NULL; - } -} - -static void property_string_data_free(void *vpropdata) -{ - PROPERTY_STRING_DATA *propdata = vpropdata; - - if (propdata == NULL) - return; - - CRYPTO_THREAD_lock_free(propdata->lock); - property_table_free(&propdata->prop_names); - property_table_free(&propdata->prop_values); - propdata->prop_name_idx = propdata->prop_value_idx = 0; - - OPENSSL_free(propdata); -} - -static void *property_string_data_new(OSSL_LIB_CTX *ctx) { - PROPERTY_STRING_DATA *propdata = OPENSSL_zalloc(sizeof(*propdata)); - - if (propdata == NULL) - return NULL; - - propdata->lock = CRYPTO_THREAD_lock_new(); - if (propdata->lock == NULL) - goto err; - - propdata->prop_names = lh_PROPERTY_STRING_new(&property_hash, - &property_cmp); - if (propdata->prop_names == NULL) - goto err; - - propdata->prop_values = lh_PROPERTY_STRING_new(&property_hash, - &property_cmp); - if (propdata->prop_values == NULL) - goto err; - - return propdata; - -err: - property_string_data_free(propdata); - return NULL; -} - -static const OSSL_LIB_CTX_METHOD property_string_data_method = { - OSSL_LIB_CTX_METHOD_DEFAULT_PRIORITY, - property_string_data_new, - property_string_data_free, -}; - -static PROPERTY_STRING *new_property_string(const char *s, - OSSL_PROPERTY_IDX *pidx) -{ - const size_t l = strlen(s); - PROPERTY_STRING *ps = OPENSSL_malloc(sizeof(*ps) + l); - - if (ps != NULL) { - memcpy(ps->body, s, l + 1); - ps->s = ps->body; - ps->idx = ++*pidx; - if (ps->idx == 0) { - OPENSSL_free(ps); - return NULL; - } - } - return ps; -} - -static OSSL_PROPERTY_IDX ossl_property_string(CRYPTO_RWLOCK *lock, - PROP_TABLE *t, - OSSL_PROPERTY_IDX *pidx, - const char *s) -{ - PROPERTY_STRING p, *ps, *ps_new; - - p.s = s; - if (!CRYPTO_THREAD_read_lock(lock)) { - ERR_raise(ERR_LIB_CRYPTO, ERR_R_UNABLE_TO_GET_READ_LOCK); - return 0; - } - ps = lh_PROPERTY_STRING_retrieve(t, &p); - if (ps == NULL && pidx != NULL) { - CRYPTO_THREAD_unlock(lock); - if (!CRYPTO_THREAD_write_lock(lock)) { - ERR_raise(ERR_LIB_CRYPTO, ERR_R_UNABLE_TO_GET_WRITE_LOCK); - return 0; - } - ps = lh_PROPERTY_STRING_retrieve(t, &p); - if (ps == NULL && (ps_new = new_property_string(s, pidx)) != NULL) { - lh_PROPERTY_STRING_insert(t, ps_new); - if (lh_PROPERTY_STRING_error(t)) { - property_free(ps_new); - CRYPTO_THREAD_unlock(lock); - return 0; - } - ps = ps_new; - } - } - CRYPTO_THREAD_unlock(lock); - return ps != NULL ? ps->idx : 0; -} - -struct find_str_st { - const char *str; - OSSL_PROPERTY_IDX idx; -}; - -static void find_str_fn(PROPERTY_STRING *prop, void *vfindstr) -{ - struct find_str_st *findstr = vfindstr; - - if (prop->idx == findstr->idx) - findstr->str = prop->s; -} - -static const char *ossl_property_str(int name, OSSL_LIB_CTX *ctx, - OSSL_PROPERTY_IDX idx) -{ - struct find_str_st findstr; - PROPERTY_STRING_DATA *propdata - = ossl_lib_ctx_get_data(ctx, OSSL_LIB_CTX_PROPERTY_STRING_INDEX, - &property_string_data_method); - - if (propdata == NULL) - return NULL; - - findstr.str = NULL; - findstr.idx = idx; - - if (!CRYPTO_THREAD_read_lock(propdata->lock)) { - ERR_raise(ERR_LIB_CRYPTO, ERR_R_UNABLE_TO_GET_READ_LOCK); - return NULL; - } - lh_PROPERTY_STRING_doall_arg(name ? propdata->prop_names - : propdata->prop_values, - find_str_fn, &findstr); - CRYPTO_THREAD_unlock(propdata->lock); - - return findstr.str; -} - -OSSL_PROPERTY_IDX ossl_property_name(OSSL_LIB_CTX *ctx, const char *s, - int create) -{ - PROPERTY_STRING_DATA *propdata - = ossl_lib_ctx_get_data(ctx, OSSL_LIB_CTX_PROPERTY_STRING_INDEX, - &property_string_data_method); - - if (propdata == NULL) - return 0; - return ossl_property_string(propdata->lock, propdata->prop_names, - create ? &propdata->prop_name_idx : NULL, - s); -} - -const char *ossl_property_name_str(OSSL_LIB_CTX *ctx, OSSL_PROPERTY_IDX idx) -{ - return ossl_property_str(1, ctx, idx); -} - -OSSL_PROPERTY_IDX ossl_property_value(OSSL_LIB_CTX *ctx, const char *s, - int create) -{ - PROPERTY_STRING_DATA *propdata - = ossl_lib_ctx_get_data(ctx, OSSL_LIB_CTX_PROPERTY_STRING_INDEX, - &property_string_data_method); - - if (propdata == NULL) - return 0; - return ossl_property_string(propdata->lock, propdata->prop_values, - create ? &propdata->prop_value_idx : NULL, - s); -} - -const char *ossl_property_value_str(OSSL_LIB_CTX *ctx, OSSL_PROPERTY_IDX idx) -{ - return ossl_property_str(0, ctx, idx); -} diff --git a/crypto/provider.c b/crypto/provider.c deleted file mode 100644 index 114b42692940a27567d9ceb04a993d964697fef6..0000000000000000000000000000000000000000 --- a/crypto/provider.c +++ /dev/null @@ -1,149 +0,0 @@ -/* - * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include -#include -#include "internal/provider.h" -#include "provider_local.h" - -OSSL_PROVIDER *OSSL_PROVIDER_try_load(OSSL_LIB_CTX *libctx, const char *name, - int retain_fallbacks) -{ - OSSL_PROVIDER *prov = NULL, *actual; - int isnew = 0; - - /* Find it or create it */ - if ((prov = ossl_provider_find(libctx, name, 0)) == NULL) { - if ((prov = ossl_provider_new(libctx, name, NULL, 0)) == NULL) - return NULL; - isnew = 1; - } - - if (!ossl_provider_activate(prov, 1, 0)) { - ossl_provider_free(prov); - return NULL; - } - - actual = prov; - if (isnew && !ossl_provider_add_to_store(prov, &actual, retain_fallbacks)) { - ossl_provider_deactivate(prov, 1); - ossl_provider_free(prov); - return NULL; - } - if (actual != prov) { - if (!ossl_provider_activate(actual, 1, 0)) { - ossl_provider_free(actual); - return NULL; - } - } - - return actual; -} - -OSSL_PROVIDER *OSSL_PROVIDER_load(OSSL_LIB_CTX *libctx, const char *name) -{ - /* Any attempt to load a provider disables auto-loading of defaults */ - if (ossl_provider_disable_fallback_loading(libctx)) - return OSSL_PROVIDER_try_load(libctx, name, 0); - return NULL; -} - -int OSSL_PROVIDER_unload(OSSL_PROVIDER *prov) -{ - if (!ossl_provider_deactivate(prov, 1)) - return 0; - ossl_provider_free(prov); - return 1; -} - -const OSSL_PARAM *OSSL_PROVIDER_gettable_params(const OSSL_PROVIDER *prov) -{ - return ossl_provider_gettable_params(prov); -} - -int OSSL_PROVIDER_get_params(const OSSL_PROVIDER *prov, OSSL_PARAM params[]) -{ - return ossl_provider_get_params(prov, params); -} - -const OSSL_ALGORITHM *OSSL_PROVIDER_query_operation(const OSSL_PROVIDER *prov, - int operation_id, - int *no_cache) -{ - return ossl_provider_query_operation(prov, operation_id, no_cache); -} - -void OSSL_PROVIDER_unquery_operation(const OSSL_PROVIDER *prov, - int operation_id, - const OSSL_ALGORITHM *algs) -{ - ossl_provider_unquery_operation(prov, operation_id, algs); -} - -void *OSSL_PROVIDER_get0_provider_ctx(const OSSL_PROVIDER *prov) -{ - return ossl_provider_prov_ctx(prov); -} - -const OSSL_DISPATCH *OSSL_PROVIDER_get0_dispatch(const OSSL_PROVIDER *prov) -{ - return ossl_provider_get0_dispatch(prov); -} - -int OSSL_PROVIDER_self_test(const OSSL_PROVIDER *prov) -{ - return ossl_provider_self_test(prov); -} - -int OSSL_PROVIDER_get_capabilities(const OSSL_PROVIDER *prov, - const char *capability, - OSSL_CALLBACK *cb, - void *arg) -{ - return ossl_provider_get_capabilities(prov, capability, cb, arg); -} - -int OSSL_PROVIDER_add_builtin(OSSL_LIB_CTX *libctx, const char *name, - OSSL_provider_init_fn *init_fn) -{ - OSSL_PROVIDER_INFO entry; - - if (name == NULL || init_fn == NULL) { - ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - memset(&entry, 0, sizeof(entry)); - entry.name = OPENSSL_strdup(name); - if (entry.name == NULL) { - ERR_raise(ERR_LIB_CRYPTO, ERR_R_MALLOC_FAILURE); - return 0; - } - entry.init = init_fn; - if (!ossl_provider_info_add_to_store(libctx, &entry)) { - ossl_provider_info_clear(&entry); - return 0; - } - return 1; -} - -const char *OSSL_PROVIDER_get0_name(const OSSL_PROVIDER *prov) -{ - return ossl_provider_name(prov); -} - -int OSSL_PROVIDER_do_all(OSSL_LIB_CTX *ctx, - int (*cb)(OSSL_PROVIDER *provider, - void *cbdata), - void *cbdata) -{ - return ossl_provider_doall_activated(ctx, cb, cbdata); -} diff --git a/crypto/provider_child.c b/crypto/provider_child.c deleted file mode 100644 index 16728f9c120e307dd0c863eba1f5b6487997fd24..0000000000000000000000000000000000000000 --- a/crypto/provider_child.c +++ /dev/null @@ -1,326 +0,0 @@ -/* - * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include -#include -#include -#include "internal/provider.h" -#include "internal/cryptlib.h" -#include "crypto/evp.h" - -DEFINE_STACK_OF(OSSL_PROVIDER) - -struct child_prov_globals { - const OSSL_CORE_HANDLE *handle; - const OSSL_CORE_HANDLE *curr_prov; - CRYPTO_RWLOCK *lock; - OSSL_FUNC_core_get_libctx_fn *c_get_libctx; - OSSL_FUNC_provider_register_child_cb_fn *c_provider_register_child_cb; - OSSL_FUNC_provider_deregister_child_cb_fn *c_provider_deregister_child_cb; - OSSL_FUNC_provider_name_fn *c_prov_name; - OSSL_FUNC_provider_get0_provider_ctx_fn *c_prov_get0_provider_ctx; - OSSL_FUNC_provider_get0_dispatch_fn *c_prov_get0_dispatch; - OSSL_FUNC_provider_up_ref_fn *c_prov_up_ref; - OSSL_FUNC_provider_free_fn *c_prov_free; -}; - -static void *child_prov_ossl_ctx_new(OSSL_LIB_CTX *libctx) -{ - return OPENSSL_zalloc(sizeof(struct child_prov_globals)); -} - -static void child_prov_ossl_ctx_free(void *vgbl) -{ - struct child_prov_globals *gbl = vgbl; - - CRYPTO_THREAD_lock_free(gbl->lock); - OPENSSL_free(gbl); -} - -static const OSSL_LIB_CTX_METHOD child_prov_ossl_ctx_method = { - OSSL_LIB_CTX_METHOD_LOW_PRIORITY, - child_prov_ossl_ctx_new, - child_prov_ossl_ctx_free, -}; - -static OSSL_provider_init_fn ossl_child_provider_init; - -static int ossl_child_provider_init(const OSSL_CORE_HANDLE *handle, - const OSSL_DISPATCH *in, - const OSSL_DISPATCH **out, - void **provctx) -{ - OSSL_FUNC_core_get_libctx_fn *c_get_libctx = NULL; - OSSL_LIB_CTX *ctx; - struct child_prov_globals *gbl; - - for (; in->function_id != 0; in++) { - switch (in->function_id) { - case OSSL_FUNC_CORE_GET_LIBCTX: - c_get_libctx = OSSL_FUNC_core_get_libctx(in); - break; - default: - /* Just ignore anything we don't understand */ - break; - } - } - - if (c_get_libctx == NULL) - return 0; - - /* - * We need an OSSL_LIB_CTX but c_get_libctx returns OPENSSL_CORE_CTX. We are - * a built-in provider and so we can get away with this cast. Normal - * providers can't do this. - */ - ctx = (OSSL_LIB_CTX *)c_get_libctx(handle); - - gbl = ossl_lib_ctx_get_data(ctx, OSSL_LIB_CTX_CHILD_PROVIDER_INDEX, - &child_prov_ossl_ctx_method); - if (gbl == NULL) - return 0; - - *provctx = gbl->c_prov_get0_provider_ctx(gbl->curr_prov); - *out = gbl->c_prov_get0_dispatch(gbl->curr_prov); - - return 1; -} - -static int provider_create_child_cb(const OSSL_CORE_HANDLE *prov, void *cbdata) -{ - OSSL_LIB_CTX *ctx = cbdata; - struct child_prov_globals *gbl; - const char *provname; - OSSL_PROVIDER *cprov; - int ret = 0; - - gbl = ossl_lib_ctx_get_data(ctx, OSSL_LIB_CTX_CHILD_PROVIDER_INDEX, - &child_prov_ossl_ctx_method); - if (gbl == NULL) - return 0; - - if (!CRYPTO_THREAD_write_lock(gbl->lock)) - return 0; - - provname = gbl->c_prov_name(prov); - - /* - * We're operating under a lock so we can store the "current" provider in - * the global data. - */ - gbl->curr_prov = prov; - - if ((cprov = ossl_provider_find(ctx, provname, 1)) != NULL) { - /* - * We free the newly created ref. We rely on the provider sticking around - * in the provider store. - */ - ossl_provider_free(cprov); - - /* - * The provider already exists. It could be a previously created child, - * or it could have been explicitly loaded. If explicitly loaded we - * ignore it - i.e. we don't start treating it like a child. - */ - if (!ossl_provider_activate(cprov, 0, 1)) - goto err; - } else { - /* - * Create it - passing 1 as final param so we don't try and recursively - * init children - */ - if ((cprov = ossl_provider_new(ctx, provname, ossl_child_provider_init, - 1)) == NULL) - goto err; - - if (!ossl_provider_activate(cprov, 0, 0)) - goto err; - - if (!ossl_provider_set_child(cprov, prov) - || !ossl_provider_add_to_store(cprov, NULL, 0)) { - ossl_provider_deactivate(cprov, 0); - ossl_provider_free(cprov); - goto err; - } - } - - ret = 1; - err: - CRYPTO_THREAD_unlock(gbl->lock); - return ret; -} - -static int provider_remove_child_cb(const OSSL_CORE_HANDLE *prov, void *cbdata) -{ - OSSL_LIB_CTX *ctx = cbdata; - struct child_prov_globals *gbl; - const char *provname; - OSSL_PROVIDER *cprov; - - gbl = ossl_lib_ctx_get_data(ctx, OSSL_LIB_CTX_CHILD_PROVIDER_INDEX, - &child_prov_ossl_ctx_method); - if (gbl == NULL) - return 0; - - provname = gbl->c_prov_name(prov); - cprov = ossl_provider_find(ctx, provname, 1); - if (cprov == NULL) - return 0; - /* - * ossl_provider_find ups the ref count, so we free it again here. We can - * rely on the provider store reference count. - */ - ossl_provider_free(cprov); - if (ossl_provider_is_child(cprov) - && !ossl_provider_deactivate(cprov, 1)) - return 0; - - return 1; -} - -static int provider_global_props_cb(const char *props, void *cbdata) -{ - OSSL_LIB_CTX *ctx = cbdata; - - return evp_set_default_properties_int(ctx, props, 0, 1); -} - -int ossl_provider_init_as_child(OSSL_LIB_CTX *ctx, - const OSSL_CORE_HANDLE *handle, - const OSSL_DISPATCH *in) -{ - struct child_prov_globals *gbl; - - if (ctx == NULL) - return 0; - - gbl = ossl_lib_ctx_get_data(ctx, OSSL_LIB_CTX_CHILD_PROVIDER_INDEX, - &child_prov_ossl_ctx_method); - if (gbl == NULL) - return 0; - - gbl->handle = handle; - for (; in->function_id != 0; in++) { - switch (in->function_id) { - case OSSL_FUNC_CORE_GET_LIBCTX: - gbl->c_get_libctx = OSSL_FUNC_core_get_libctx(in); - break; - case OSSL_FUNC_PROVIDER_REGISTER_CHILD_CB: - gbl->c_provider_register_child_cb - = OSSL_FUNC_provider_register_child_cb(in); - break; - case OSSL_FUNC_PROVIDER_DEREGISTER_CHILD_CB: - gbl->c_provider_deregister_child_cb - = OSSL_FUNC_provider_deregister_child_cb(in); - break; - case OSSL_FUNC_PROVIDER_NAME: - gbl->c_prov_name = OSSL_FUNC_provider_name(in); - break; - case OSSL_FUNC_PROVIDER_GET0_PROVIDER_CTX: - gbl->c_prov_get0_provider_ctx - = OSSL_FUNC_provider_get0_provider_ctx(in); - break; - case OSSL_FUNC_PROVIDER_GET0_DISPATCH: - gbl->c_prov_get0_dispatch = OSSL_FUNC_provider_get0_dispatch(in); - break; - case OSSL_FUNC_PROVIDER_UP_REF: - gbl->c_prov_up_ref - = OSSL_FUNC_provider_up_ref(in); - break; - case OSSL_FUNC_PROVIDER_FREE: - gbl->c_prov_free = OSSL_FUNC_provider_free(in); - break; - default: - /* Just ignore anything we don't understand */ - break; - } - } - - if (gbl->c_get_libctx == NULL - || gbl->c_provider_register_child_cb == NULL - || gbl->c_prov_name == NULL - || gbl->c_prov_get0_provider_ctx == NULL - || gbl->c_prov_get0_dispatch == NULL - || gbl->c_prov_up_ref == NULL - || gbl->c_prov_free == NULL) - return 0; - - gbl->lock = CRYPTO_THREAD_lock_new(); - if (gbl->lock == NULL) - return 0; - - if (!gbl->c_provider_register_child_cb(gbl->handle, - provider_create_child_cb, - provider_remove_child_cb, - provider_global_props_cb, - ctx)) - return 0; - - return 1; -} - -void ossl_provider_deinit_child(OSSL_LIB_CTX *ctx) -{ - struct child_prov_globals *gbl - = ossl_lib_ctx_get_data(ctx, OSSL_LIB_CTX_CHILD_PROVIDER_INDEX, - &child_prov_ossl_ctx_method); - if (gbl == NULL) - return; - - gbl->c_provider_deregister_child_cb(gbl->handle); -} - -/* - * ossl_provider_up_ref_parent() and ossl_provider_free_parent() do - * nothing in "self-referencing" child providers, i.e. when the parent - * of the child provider is the same as the provider where this child - * provider was created. - * This allows the teardown function in the parent provider to be called - * at the correct moment. - * For child providers in other providers, the reference count is done to - * ensure that cross referencing is recorded. These should be cleared up - * through that providers teardown, as part of freeing its child libctx. - */ - -int ossl_provider_up_ref_parent(OSSL_PROVIDER *prov, int activate) -{ - struct child_prov_globals *gbl; - const OSSL_CORE_HANDLE *parent_handle; - - gbl = ossl_lib_ctx_get_data(ossl_provider_libctx(prov), - OSSL_LIB_CTX_CHILD_PROVIDER_INDEX, - &child_prov_ossl_ctx_method); - if (gbl == NULL) - return 0; - - parent_handle = ossl_provider_get_parent(prov); - if (parent_handle == gbl->handle) - return 1; - return gbl->c_prov_up_ref(parent_handle, activate); -} - -int ossl_provider_free_parent(OSSL_PROVIDER *prov, int deactivate) -{ - struct child_prov_globals *gbl; - const OSSL_CORE_HANDLE *parent_handle; - - gbl = ossl_lib_ctx_get_data(ossl_provider_libctx(prov), - OSSL_LIB_CTX_CHILD_PROVIDER_INDEX, - &child_prov_ossl_ctx_method); - if (gbl == NULL) - return 0; - - parent_handle = ossl_provider_get_parent(prov); - if (parent_handle == gbl->handle) - return 1; - return gbl->c_prov_free(ossl_provider_get_parent(prov), deactivate); -} diff --git a/crypto/provider_conf.c b/crypto/provider_conf.c deleted file mode 100644 index c13c887c3d4aafd2caae39fc19e2e8d5d525f6a6..0000000000000000000000000000000000000000 --- a/crypto/provider_conf.c +++ /dev/null @@ -1,316 +0,0 @@ -/* - * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include -#include -#include -#include "internal/provider.h" -#include "internal/cryptlib.h" -#include "provider_local.h" - -DEFINE_STACK_OF(OSSL_PROVIDER) - -/* PROVIDER config module */ - -typedef struct { - CRYPTO_RWLOCK *lock; - STACK_OF(OSSL_PROVIDER) *activated_providers; -} PROVIDER_CONF_GLOBAL; - -static void *prov_conf_ossl_ctx_new(OSSL_LIB_CTX *libctx) -{ - PROVIDER_CONF_GLOBAL *pcgbl = OPENSSL_zalloc(sizeof(*pcgbl)); - - if (pcgbl == NULL) - return NULL; - - pcgbl->lock = CRYPTO_THREAD_lock_new(); - if (pcgbl->lock == NULL) { - OPENSSL_free(pcgbl); - return NULL; - } - - return pcgbl; -} - -static void prov_conf_ossl_ctx_free(void *vpcgbl) -{ - PROVIDER_CONF_GLOBAL *pcgbl = vpcgbl; - - sk_OSSL_PROVIDER_pop_free(pcgbl->activated_providers, - ossl_provider_free); - - OSSL_TRACE(CONF, "Cleaned up providers\n"); - CRYPTO_THREAD_lock_free(pcgbl->lock); - OPENSSL_free(pcgbl); -} - -static const OSSL_LIB_CTX_METHOD provider_conf_ossl_ctx_method = { - /* Must be freed before the provider store is freed */ - OSSL_LIB_CTX_METHOD_PRIORITY_2, - prov_conf_ossl_ctx_new, - prov_conf_ossl_ctx_free, -}; - -static const char *skip_dot(const char *name) -{ - const char *p = strchr(name, '.'); - - if (p != NULL) - return p + 1; - return name; -} - -static int provider_conf_params(OSSL_PROVIDER *prov, - OSSL_PROVIDER_INFO *provinfo, - const char *name, const char *value, - const CONF *cnf) -{ - STACK_OF(CONF_VALUE) *sect; - int ok = 1; - - sect = NCONF_get_section(cnf, value); - if (sect != NULL) { - int i; - char buffer[512]; - size_t buffer_len = 0; - - OSSL_TRACE1(CONF, "Provider params: start section %s\n", value); - - if (name != NULL) { - OPENSSL_strlcpy(buffer, name, sizeof(buffer)); - OPENSSL_strlcat(buffer, ".", sizeof(buffer)); - buffer_len = strlen(buffer); - } - - for (i = 0; i < sk_CONF_VALUE_num(sect); i++) { - CONF_VALUE *sectconf = sk_CONF_VALUE_value(sect, i); - - if (buffer_len + strlen(sectconf->name) >= sizeof(buffer)) - return 0; - buffer[buffer_len] = '\0'; - OPENSSL_strlcat(buffer, sectconf->name, sizeof(buffer)); - if (!provider_conf_params(prov, provinfo, buffer, sectconf->value, - cnf)) - return 0; - } - - OSSL_TRACE1(CONF, "Provider params: finish section %s\n", value); - } else { - OSSL_TRACE2(CONF, "Provider params: %s = %s\n", name, value); - if (prov != NULL) - ok = ossl_provider_add_parameter(prov, name, value); - else - ok = ossl_provider_info_add_parameter(provinfo, name, value); - } - - return ok; -} - -static int prov_already_activated(const char *name, - STACK_OF(OSSL_PROVIDER) *activated) -{ - int i, max; - - if (activated == NULL) - return 0; - - max = sk_OSSL_PROVIDER_num(activated); - for (i = 0; i < max; i++) { - OSSL_PROVIDER *tstprov = sk_OSSL_PROVIDER_value(activated, i); - - if (strcmp(OSSL_PROVIDER_get0_name(tstprov), name) == 0) { - return 1; - } - } - - return 0; -} - -static int provider_conf_load(OSSL_LIB_CTX *libctx, const char *name, - const char *value, const CONF *cnf) -{ - int i; - STACK_OF(CONF_VALUE) *ecmds; - int soft = 0; - OSSL_PROVIDER *prov = NULL, *actual = NULL; - const char *path = NULL; - long activate = 0; - int ok = 0; - - name = skip_dot(name); - OSSL_TRACE1(CONF, "Configuring provider %s\n", name); - /* Value is a section containing PROVIDER commands */ - ecmds = NCONF_get_section(cnf, value); - - if (!ecmds) { - ERR_raise_data(ERR_LIB_CRYPTO, CRYPTO_R_PROVIDER_SECTION_ERROR, - "section=%s not found", value); - return 0; - } - - /* Find the needed data first */ - for (i = 0; i < sk_CONF_VALUE_num(ecmds); i++) { - CONF_VALUE *ecmd = sk_CONF_VALUE_value(ecmds, i); - const char *confname = skip_dot(ecmd->name); - const char *confvalue = ecmd->value; - - OSSL_TRACE2(CONF, "Provider command: %s = %s\n", - confname, confvalue); - - /* First handle some special pseudo confs */ - - /* Override provider name to use */ - if (strcmp(confname, "identity") == 0) - name = confvalue; - else if (strcmp(confname, "soft_load") == 0) - soft = 1; - /* Load a dynamic PROVIDER */ - else if (strcmp(confname, "module") == 0) - path = confvalue; - else if (strcmp(confname, "activate") == 0) - activate = 1; - } - - if (activate) { - PROVIDER_CONF_GLOBAL *pcgbl - = ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_PROVIDER_CONF_INDEX, - &provider_conf_ossl_ctx_method); - - if (pcgbl == NULL || !CRYPTO_THREAD_write_lock(pcgbl->lock)) { - ERR_raise(ERR_LIB_CRYPTO, ERR_R_INTERNAL_ERROR); - return 0; - } - if (!prov_already_activated(name, pcgbl->activated_providers)) { - /* - * There is an attempt to activate a provider, so we should disable - * loading of fallbacks. Otherwise a misconfiguration could mean the - * intended provider does not get loaded. Subsequent fetches could - * then fallback to the default provider - which may be the wrong - * thing. - */ - if (!ossl_provider_disable_fallback_loading(libctx)) { - CRYPTO_THREAD_unlock(pcgbl->lock); - ERR_raise(ERR_LIB_CRYPTO, ERR_R_INTERNAL_ERROR); - return 0; - } - prov = ossl_provider_find(libctx, name, 1); - if (prov == NULL) - prov = ossl_provider_new(libctx, name, NULL, 1); - if (prov == NULL) { - CRYPTO_THREAD_unlock(pcgbl->lock); - if (soft) - ERR_clear_error(); - return 0; - } - - if (path != NULL) - ossl_provider_set_module_path(prov, path); - - ok = provider_conf_params(prov, NULL, NULL, value, cnf); - - if (ok) { - if (!ossl_provider_activate(prov, 1, 0)) { - ok = 0; - } else if (!ossl_provider_add_to_store(prov, &actual, 0)) { - ossl_provider_deactivate(prov, 1); - ok = 0; - } else if (actual != prov - && !ossl_provider_activate(actual, 1, 0)) { - ossl_provider_free(actual); - ok = 0; - } else { - if (pcgbl->activated_providers == NULL) - pcgbl->activated_providers = sk_OSSL_PROVIDER_new_null(); - if (pcgbl->activated_providers == NULL - || !sk_OSSL_PROVIDER_push(pcgbl->activated_providers, - actual)) { - ossl_provider_deactivate(actual, 1); - ossl_provider_free(actual); - ok = 0; - } else { - ok = 1; - } - } - } - if (!ok) - ossl_provider_free(prov); - } - CRYPTO_THREAD_unlock(pcgbl->lock); - } else { - OSSL_PROVIDER_INFO entry; - - memset(&entry, 0, sizeof(entry)); - ok = 1; - if (name != NULL) { - entry.name = OPENSSL_strdup(name); - if (entry.name == NULL) { - ERR_raise(ERR_LIB_CRYPTO, ERR_R_MALLOC_FAILURE); - ok = 0; - } - } - if (ok && path != NULL) { - entry.path = OPENSSL_strdup(path); - if (entry.path == NULL) { - ERR_raise(ERR_LIB_CRYPTO, ERR_R_MALLOC_FAILURE); - ok = 0; - } - } - if (ok) - ok = provider_conf_params(NULL, &entry, NULL, value, cnf); - if (ok && (entry.path != NULL || entry.parameters != NULL)) - ok = ossl_provider_info_add_to_store(libctx, &entry); - if (!ok || (entry.path == NULL && entry.parameters == NULL)) { - ossl_provider_info_clear(&entry); - } - - } - - /* - * Even if ok is 0, we still return success. Failure to load a provider is - * not fatal. We want to continue to load the rest of the config file. - */ - return 1; -} - -static int provider_conf_init(CONF_IMODULE *md, const CONF *cnf) -{ - STACK_OF(CONF_VALUE) *elist; - CONF_VALUE *cval; - int i; - - OSSL_TRACE1(CONF, "Loading providers module: section %s\n", - CONF_imodule_get_value(md)); - - /* Value is a section containing PROVIDERs to configure */ - elist = NCONF_get_section(cnf, CONF_imodule_get_value(md)); - - if (!elist) { - ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_PROVIDER_SECTION_ERROR); - return 0; - } - - for (i = 0; i < sk_CONF_VALUE_num(elist); i++) { - cval = sk_CONF_VALUE_value(elist, i); - if (!provider_conf_load(NCONF_get0_libctx((CONF *)cnf), - cval->name, cval->value, cnf)) - return 0; - } - - return 1; -} - -void ossl_provider_add_conf_module(void) -{ - OSSL_TRACE(CONF, "Adding config module 'providers'\n"); - CONF_module_add("providers", provider_conf_init, NULL); -} diff --git a/crypto/provider_core.c b/crypto/provider_core.c deleted file mode 100644 index 7a12328121623ede2c8de187a98fff00b0900945..0000000000000000000000000000000000000000 --- a/crypto/provider_core.c +++ /dev/null @@ -1,2171 +0,0 @@ -/* - * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include -#include -#include -#include -#include "crypto/cryptlib.h" -#ifndef FIPS_MODULE -#include "crypto/decoder.h" /* ossl_decoder_store_cache_flush */ -#include "crypto/encoder.h" /* ossl_encoder_store_cache_flush */ -#include "crypto/store.h" /* ossl_store_loader_store_cache_flush */ -#endif -#include "crypto/evp.h" /* evp_method_store_cache_flush */ -#include "crypto/rand.h" -#include "internal/nelem.h" -#include "internal/thread_once.h" -#include "internal/provider.h" -#include "internal/refcount.h" -#include "internal/bio.h" -#include "internal/core.h" -#include "provider_local.h" -#ifndef FIPS_MODULE -# include -#endif - -/* - * This file defines and uses a number of different structures: - * - * OSSL_PROVIDER (provider_st): Used to represent all information related to a - * single instance of a provider. - * - * provider_store_st: Holds information about the collection of providers that - * are available within the current library context (OSSL_LIB_CTX). It also - * holds configuration information about providers that could be loaded at some - * future point. - * - * OSSL_PROVIDER_CHILD_CB: An instance of this structure holds the callbacks - * that have been registered for a child library context and the associated - * provider that registered those callbacks. - * - * Where a child library context exists then it has its own instance of the - * provider store. Each provider that exists in the parent provider store, has - * an associated child provider in the child library context's provider store. - * As providers get activated or deactivated this needs to be mirrored in the - * associated child providers. - * - * LOCKING - * ======= - * - * There are a number of different locks used in this file and it is important - * to understand how they should be used in order to avoid deadlocks. - * - * Fields within a structure can often be "write once" on creation, and then - * "read many". Creation of a structure is done by a single thread, and - * therefore no lock is required for the "write once/read many" fields. It is - * safe for multiple threads to read these fields without a lock, because they - * will never be changed. - * - * However some fields may be changed after a structure has been created and - * shared between multiple threads. Where this is the case a lock is required. - * - * The locks available are: - * - * The provider flag_lock: Used to control updates to the various provider - * "flags" (flag_initialized, flag_activated, flag_fallback) and associated - * "counts" (activatecnt). - * - * The provider refcnt_lock: Only ever used to control updates to the provider - * refcnt value. - * - * The provider optbits_lock: Used to control access to the provider's - * operation_bits and operation_bits_sz fields. - * - * The store default_path_lock: Used to control access to the provider store's - * default search path value (default_path) - * - * The store lock: Used to control the stack of provider's held within the - * provider store, as well as the stack of registered child provider callbacks. - * - * As a general rule-of-thumb it is best to: - * - keep the scope of the code that is protected by a lock to the absolute - * minimum possible; - * - try to keep the scope of the lock to within a single function (i.e. avoid - * making calls to other functions while holding a lock); - * - try to only ever hold one lock at a time. - * - * Unfortunately, it is not always possible to stick to the above guidelines. - * Where they are not adhered to there is always a danger of inadvertently - * introducing the possibility of deadlock. The following rules MUST be adhered - * to in order to avoid that: - * - Holding multiple locks at the same time is only allowed for the - * provider store lock, the provider flag_lock and the provider refcnt_lock. - * - When holding multiple locks they must be acquired in the following order of - * precedence: - * 1) provider store lock - * 2) provider flag_lock - * 3) provider refcnt_lock - * - When releasing locks they must be released in the reverse order to which - * they were acquired - * - No locks may be held when making an upcall. NOTE: Some common functions - * can make upcalls as part of their normal operation. If you need to call - * some other function while holding a lock make sure you know whether it - * will make any upcalls or not. For example ossl_provider_up_ref() can call - * ossl_provider_up_ref_parent() which can call the c_prov_up_ref() upcall. - * - It is permissible to hold the store and flag locks when calling child - * provider callbacks. No other locks may be held during such callbacks. - */ - -static OSSL_PROVIDER *provider_new(const char *name, - OSSL_provider_init_fn *init_function, - STACK_OF(INFOPAIR) *parameters); - -/*- - * Provider Object structure - * ========================= - */ - -#ifndef FIPS_MODULE -typedef struct { - OSSL_PROVIDER *prov; - int (*create_cb)(const OSSL_CORE_HANDLE *provider, void *cbdata); - int (*remove_cb)(const OSSL_CORE_HANDLE *provider, void *cbdata); - int (*global_props_cb)(const char *props, void *cbdata); - void *cbdata; -} OSSL_PROVIDER_CHILD_CB; -DEFINE_STACK_OF(OSSL_PROVIDER_CHILD_CB) -#endif - -struct provider_store_st; /* Forward declaration */ - -struct ossl_provider_st { - /* Flag bits */ - unsigned int flag_initialized:1; - unsigned int flag_activated:1; - unsigned int flag_fallback:1; /* Can be used as fallback */ - - /* Getting and setting the flags require synchronization */ - CRYPTO_RWLOCK *flag_lock; - - /* OpenSSL library side data */ - CRYPTO_REF_COUNT refcnt; - CRYPTO_RWLOCK *refcnt_lock; /* For the ref counter */ - int activatecnt; - char *name; - char *path; - DSO *module; - OSSL_provider_init_fn *init_function; - STACK_OF(INFOPAIR) *parameters; - OSSL_LIB_CTX *libctx; /* The library context this instance is in */ - struct provider_store_st *store; /* The store this instance belongs to */ -#ifndef FIPS_MODULE - /* - * In the FIPS module inner provider, this isn't needed, since the - * error upcalls are always direct calls to the outer provider. - */ - int error_lib; /* ERR library number, one for each provider */ -# ifndef OPENSSL_NO_ERR - ERR_STRING_DATA *error_strings; /* Copy of what the provider gives us */ -# endif -#endif - - /* Provider side functions */ - OSSL_FUNC_provider_teardown_fn *teardown; - OSSL_FUNC_provider_gettable_params_fn *gettable_params; - OSSL_FUNC_provider_get_params_fn *get_params; - OSSL_FUNC_provider_get_capabilities_fn *get_capabilities; - OSSL_FUNC_provider_self_test_fn *self_test; - OSSL_FUNC_provider_query_operation_fn *query_operation; - OSSL_FUNC_provider_unquery_operation_fn *unquery_operation; - - /* - * Cache of bit to indicate of query_operation() has been called on - * a specific operation or not. - */ - unsigned char *operation_bits; - size_t operation_bits_sz; - CRYPTO_RWLOCK *opbits_lock; - -#ifndef FIPS_MODULE - /* Whether this provider is the child of some other provider */ - const OSSL_CORE_HANDLE *handle; - unsigned int ischild:1; -#endif - - /* Provider side data */ - void *provctx; - const OSSL_DISPATCH *dispatch; -}; -DEFINE_STACK_OF(OSSL_PROVIDER) - -static int ossl_provider_cmp(const OSSL_PROVIDER * const *a, - const OSSL_PROVIDER * const *b) -{ - return strcmp((*a)->name, (*b)->name); -} - -/*- - * Provider Object store - * ===================== - * - * The Provider Object store is a library context object, and therefore needs - * an index. - */ - -struct provider_store_st { - OSSL_LIB_CTX *libctx; - STACK_OF(OSSL_PROVIDER) *providers; - STACK_OF(OSSL_PROVIDER_CHILD_CB) *child_cbs; - CRYPTO_RWLOCK *default_path_lock; - CRYPTO_RWLOCK *lock; - char *default_path; - OSSL_PROVIDER_INFO *provinfo; - size_t numprovinfo; - size_t provinfosz; - unsigned int use_fallbacks:1; - unsigned int freeing:1; -}; - -/* - * provider_deactivate_free() is a wrapper around ossl_provider_deactivate() - * and ossl_provider_free(), called as needed. - * Since this is only called when the provider store is being emptied, we - * don't need to care about any lock. - */ -static void provider_deactivate_free(OSSL_PROVIDER *prov) -{ - if (prov->flag_activated) - ossl_provider_deactivate(prov, 1); - ossl_provider_free(prov); -} - -#ifndef FIPS_MODULE -static void ossl_provider_child_cb_free(OSSL_PROVIDER_CHILD_CB *cb) -{ - OPENSSL_free(cb); -} -#endif - -static void infopair_free(INFOPAIR *pair) -{ - OPENSSL_free(pair->name); - OPENSSL_free(pair->value); - OPENSSL_free(pair); -} - -static INFOPAIR *infopair_copy(const INFOPAIR *src) -{ - INFOPAIR *dest = OPENSSL_zalloc(sizeof(*dest)); - - if (dest == NULL) - return NULL; - if (src->name != NULL) { - dest->name = OPENSSL_strdup(src->name); - if (dest->name == NULL) - goto err; - } - if (src->value != NULL) { - dest->value = OPENSSL_strdup(src->value); - if (dest->value == NULL) - goto err; - } - return dest; - err: - OPENSSL_free(dest->name); - OPENSSL_free(dest); - return NULL; -} - -void ossl_provider_info_clear(OSSL_PROVIDER_INFO *info) -{ - OPENSSL_free(info->name); - OPENSSL_free(info->path); - sk_INFOPAIR_pop_free(info->parameters, infopair_free); -} - -static void provider_store_free(void *vstore) -{ - struct provider_store_st *store = vstore; - size_t i; - - if (store == NULL) - return; - store->freeing = 1; - OPENSSL_free(store->default_path); - sk_OSSL_PROVIDER_pop_free(store->providers, provider_deactivate_free); -#ifndef FIPS_MODULE - sk_OSSL_PROVIDER_CHILD_CB_pop_free(store->child_cbs, - ossl_provider_child_cb_free); -#endif - CRYPTO_THREAD_lock_free(store->default_path_lock); - CRYPTO_THREAD_lock_free(store->lock); - for (i = 0; i < store->numprovinfo; i++) - ossl_provider_info_clear(&store->provinfo[i]); - OPENSSL_free(store->provinfo); - OPENSSL_free(store); -} - -static void *provider_store_new(OSSL_LIB_CTX *ctx) -{ - struct provider_store_st *store = OPENSSL_zalloc(sizeof(*store)); - - if (store == NULL - || (store->providers = sk_OSSL_PROVIDER_new(ossl_provider_cmp)) == NULL - || (store->default_path_lock = CRYPTO_THREAD_lock_new()) == NULL -#ifndef FIPS_MODULE - || (store->child_cbs = sk_OSSL_PROVIDER_CHILD_CB_new_null()) == NULL -#endif - || (store->lock = CRYPTO_THREAD_lock_new()) == NULL) { - provider_store_free(store); - return NULL; - } - store->libctx = ctx; - store->use_fallbacks = 1; - - return store; -} - -static const OSSL_LIB_CTX_METHOD provider_store_method = { - /* Needs to be freed before the child provider data is freed */ - OSSL_LIB_CTX_METHOD_PRIORITY_1, - provider_store_new, - provider_store_free, -}; - -static struct provider_store_st *get_provider_store(OSSL_LIB_CTX *libctx) -{ - struct provider_store_st *store = NULL; - - store = ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_PROVIDER_STORE_INDEX, - &provider_store_method); - if (store == NULL) - ERR_raise(ERR_LIB_CRYPTO, ERR_R_INTERNAL_ERROR); - return store; -} - -int ossl_provider_disable_fallback_loading(OSSL_LIB_CTX *libctx) -{ - struct provider_store_st *store; - - if ((store = get_provider_store(libctx)) != NULL) { - if (!CRYPTO_THREAD_write_lock(store->lock)) - return 0; - store->use_fallbacks = 0; - CRYPTO_THREAD_unlock(store->lock); - return 1; - } - return 0; -} - -#define BUILTINS_BLOCK_SIZE 10 - -int ossl_provider_info_add_to_store(OSSL_LIB_CTX *libctx, - OSSL_PROVIDER_INFO *entry) -{ - struct provider_store_st *store = get_provider_store(libctx); - int ret = 0; - - if (entry->name == NULL) { - ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - - if (store == NULL) { - ERR_raise(ERR_LIB_CRYPTO, ERR_R_INTERNAL_ERROR); - return 0; - } - - if (!CRYPTO_THREAD_write_lock(store->lock)) - return 0; - if (store->provinfosz == 0) { - store->provinfo = OPENSSL_zalloc(sizeof(*store->provinfo) - * BUILTINS_BLOCK_SIZE); - if (store->provinfo == NULL) { - ERR_raise(ERR_LIB_CRYPTO, ERR_R_MALLOC_FAILURE); - goto err; - } - store->provinfosz = BUILTINS_BLOCK_SIZE; - } else if (store->numprovinfo == store->provinfosz) { - OSSL_PROVIDER_INFO *tmpbuiltins; - size_t newsz = store->provinfosz + BUILTINS_BLOCK_SIZE; - - tmpbuiltins = OPENSSL_realloc(store->provinfo, - sizeof(*store->provinfo) * newsz); - if (tmpbuiltins == NULL) { - ERR_raise(ERR_LIB_CRYPTO, ERR_R_MALLOC_FAILURE); - goto err; - } - store->provinfo = tmpbuiltins; - store->provinfosz = newsz; - } - store->provinfo[store->numprovinfo] = *entry; - store->numprovinfo++; - - ret = 1; - err: - CRYPTO_THREAD_unlock(store->lock); - return ret; -} - -OSSL_PROVIDER *ossl_provider_find(OSSL_LIB_CTX *libctx, const char *name, - int noconfig) -{ - struct provider_store_st *store = NULL; - OSSL_PROVIDER *prov = NULL; - - if ((store = get_provider_store(libctx)) != NULL) { - OSSL_PROVIDER tmpl = { 0, }; - int i; - -#ifndef FIPS_MODULE - /* - * Make sure any providers are loaded from config before we try to find - * them. - */ - if (!noconfig) { - if (ossl_lib_ctx_is_default(libctx)) - OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL); - } -#endif - - tmpl.name = (char *)name; - /* - * A "find" operation can sort the stack, and therefore a write lock is - * required. - */ - if (!CRYPTO_THREAD_write_lock(store->lock)) - return NULL; - if ((i = sk_OSSL_PROVIDER_find(store->providers, &tmpl)) != -1) - prov = sk_OSSL_PROVIDER_value(store->providers, i); - CRYPTO_THREAD_unlock(store->lock); - if (prov != NULL && !ossl_provider_up_ref(prov)) - prov = NULL; - } - - return prov; -} - -/*- - * Provider Object methods - * ======================= - */ - -static OSSL_PROVIDER *provider_new(const char *name, - OSSL_provider_init_fn *init_function, - STACK_OF(INFOPAIR) *parameters) -{ - OSSL_PROVIDER *prov = NULL; - - if ((prov = OPENSSL_zalloc(sizeof(*prov))) == NULL -#ifndef HAVE_ATOMICS - || (prov->refcnt_lock = CRYPTO_THREAD_lock_new()) == NULL -#endif - ) { - OPENSSL_free(prov); - ERR_raise(ERR_LIB_CRYPTO, ERR_R_MALLOC_FAILURE); - return NULL; - } - - prov->refcnt = 1; /* 1 One reference to be returned */ - - if ((prov->opbits_lock = CRYPTO_THREAD_lock_new()) == NULL - || (prov->flag_lock = CRYPTO_THREAD_lock_new()) == NULL - || (prov->name = OPENSSL_strdup(name)) == NULL - || (prov->parameters = sk_INFOPAIR_deep_copy(parameters, - infopair_copy, - infopair_free)) == NULL) { - ossl_provider_free(prov); - ERR_raise(ERR_LIB_CRYPTO, ERR_R_MALLOC_FAILURE); - return NULL; - } - - prov->init_function = init_function; - - return prov; -} - -int ossl_provider_up_ref(OSSL_PROVIDER *prov) -{ - int ref = 0; - - if (CRYPTO_UP_REF(&prov->refcnt, &ref, prov->refcnt_lock) <= 0) - return 0; - -#ifndef FIPS_MODULE - if (prov->ischild) { - if (!ossl_provider_up_ref_parent(prov, 0)) { - ossl_provider_free(prov); - return 0; - } - } -#endif - - return ref; -} - -#ifndef FIPS_MODULE -static int provider_up_ref_intern(OSSL_PROVIDER *prov, int activate) -{ - if (activate) - return ossl_provider_activate(prov, 1, 0); - - return ossl_provider_up_ref(prov); -} - -static int provider_free_intern(OSSL_PROVIDER *prov, int deactivate) -{ - if (deactivate) - return ossl_provider_deactivate(prov, 1); - - ossl_provider_free(prov); - return 1; -} -#endif - -/* - * We assume that the requested provider does not already exist in the store. - * The caller should check. If it does exist then adding it to the store later - * will fail. - */ -OSSL_PROVIDER *ossl_provider_new(OSSL_LIB_CTX *libctx, const char *name, - OSSL_provider_init_fn *init_function, - int noconfig) -{ - struct provider_store_st *store = NULL; - OSSL_PROVIDER_INFO template; - OSSL_PROVIDER *prov = NULL; - - if ((store = get_provider_store(libctx)) == NULL) - return NULL; - - memset(&template, 0, sizeof(template)); - if (init_function == NULL) { - const OSSL_PROVIDER_INFO *p; - size_t i; - - /* Check if this is a predefined builtin provider */ - for (p = ossl_predefined_providers; p->name != NULL; p++) { - if (strcmp(p->name, name) == 0) { - template = *p; - break; - } - } - if (p->name == NULL) { - /* Check if this is a user added builtin provider */ - if (!CRYPTO_THREAD_read_lock(store->lock)) - return NULL; - for (i = 0, p = store->provinfo; i < store->numprovinfo; p++, i++) { - if (strcmp(p->name, name) == 0) { - template = *p; - break; - } - } - CRYPTO_THREAD_unlock(store->lock); - } - } else { - template.init = init_function; - } - - /* provider_new() generates an error, so no need here */ - if ((prov = provider_new(name, template.init, template.parameters)) == NULL) - return NULL; - - prov->libctx = libctx; -#ifndef FIPS_MODULE - prov->error_lib = ERR_get_next_error_library(); -#endif - - /* - * At this point, the provider is only partially "loaded". To be - * fully "loaded", ossl_provider_activate() must also be called and it must - * then be added to the provider store. - */ - - return prov; -} - -/* Assumes that the store lock is held */ -static int create_provider_children(OSSL_PROVIDER *prov) -{ - int ret = 1; -#ifndef FIPS_MODULE - struct provider_store_st *store = prov->store; - OSSL_PROVIDER_CHILD_CB *child_cb; - int i, max; - - max = sk_OSSL_PROVIDER_CHILD_CB_num(store->child_cbs); - for (i = 0; i < max; i++) { - /* - * This is newly activated (activatecnt == 1), so we need to - * create child providers as necessary. - */ - child_cb = sk_OSSL_PROVIDER_CHILD_CB_value(store->child_cbs, i); - ret &= child_cb->create_cb((OSSL_CORE_HANDLE *)prov, child_cb->cbdata); - } -#endif - - return ret; -} - -int ossl_provider_add_to_store(OSSL_PROVIDER *prov, OSSL_PROVIDER **actualprov, - int retain_fallbacks) -{ - struct provider_store_st *store; - int idx; - OSSL_PROVIDER tmpl = { 0, }; - OSSL_PROVIDER *actualtmp = NULL; - - if (actualprov != NULL) - *actualprov = NULL; - - if ((store = get_provider_store(prov->libctx)) == NULL) - return 0; - - if (!CRYPTO_THREAD_write_lock(store->lock)) - return 0; - - tmpl.name = (char *)prov->name; - idx = sk_OSSL_PROVIDER_find(store->providers, &tmpl); - if (idx == -1) - actualtmp = prov; - else - actualtmp = sk_OSSL_PROVIDER_value(store->providers, idx); - - if (idx == -1) { - if (sk_OSSL_PROVIDER_push(store->providers, prov) == 0) - goto err; - prov->store = store; - if (!create_provider_children(prov)) { - sk_OSSL_PROVIDER_delete_ptr(store->providers, prov); - goto err; - } - if (!retain_fallbacks) - store->use_fallbacks = 0; - } - - CRYPTO_THREAD_unlock(store->lock); - - if (actualprov != NULL) { - if (!ossl_provider_up_ref(actualtmp)) { - ERR_raise(ERR_LIB_CRYPTO, ERR_R_MALLOC_FAILURE); - actualtmp = NULL; - return 0; - } - *actualprov = actualtmp; - } - - if (idx >= 0) { - /* - * The provider is already in the store. Probably two threads - * independently initialised their own provider objects with the same - * name and raced to put them in the store. This thread lost. We - * deactivate the one we just created and use the one that already - * exists instead. - * If we get here then we know we did not create provider children - * above, so we inform ossl_provider_deactivate not to attempt to remove - * any. - */ - ossl_provider_deactivate(prov, 0); - ossl_provider_free(prov); - } - - return 1; - - err: - CRYPTO_THREAD_unlock(store->lock); - return 0; -} - -void ossl_provider_free(OSSL_PROVIDER *prov) -{ - if (prov != NULL) { - int ref = 0; - - CRYPTO_DOWN_REF(&prov->refcnt, &ref, prov->refcnt_lock); - - /* - * When the refcount drops to zero, we clean up the provider. - * Note that this also does teardown, which may seem late, - * considering that init happens on first activation. However, - * there may be other structures hanging on to the provider after - * the last deactivation and may therefore need full access to the - * provider's services. Therefore, we deinit late. - */ - if (ref == 0) { - if (prov->flag_initialized) { - ossl_provider_teardown(prov); -#ifndef OPENSSL_NO_ERR -# ifndef FIPS_MODULE - if (prov->error_strings != NULL) { - ERR_unload_strings(prov->error_lib, prov->error_strings); - OPENSSL_free(prov->error_strings); - prov->error_strings = NULL; - } -# endif -#endif - OPENSSL_free(prov->operation_bits); - prov->operation_bits = NULL; - prov->operation_bits_sz = 0; - prov->flag_initialized = 0; - } - -#ifndef FIPS_MODULE - /* - * We deregister thread handling whether or not the provider was - * initialized. If init was attempted but was not successful then - * the provider may still have registered a thread handler. - */ - ossl_init_thread_deregister(prov); - DSO_free(prov->module); -#endif - OPENSSL_free(prov->name); - OPENSSL_free(prov->path); - sk_INFOPAIR_pop_free(prov->parameters, infopair_free); - CRYPTO_THREAD_lock_free(prov->opbits_lock); - CRYPTO_THREAD_lock_free(prov->flag_lock); -#ifndef HAVE_ATOMICS - CRYPTO_THREAD_lock_free(prov->refcnt_lock); -#endif - OPENSSL_free(prov); - } -#ifndef FIPS_MODULE - else if (prov->ischild) { - ossl_provider_free_parent(prov, 0); - } -#endif - } -} - -/* Setters */ -int ossl_provider_set_module_path(OSSL_PROVIDER *prov, const char *module_path) -{ - OPENSSL_free(prov->path); - prov->path = NULL; - if (module_path == NULL) - return 1; - if ((prov->path = OPENSSL_strdup(module_path)) != NULL) - return 1; - ERR_raise(ERR_LIB_CRYPTO, ERR_R_MALLOC_FAILURE); - return 0; -} - -static int infopair_add(STACK_OF(INFOPAIR) **infopairsk, const char *name, - const char *value) -{ - INFOPAIR *pair = NULL; - - if ((pair = OPENSSL_zalloc(sizeof(*pair))) != NULL - && (*infopairsk != NULL - || (*infopairsk = sk_INFOPAIR_new_null()) != NULL) - && (pair->name = OPENSSL_strdup(name)) != NULL - && (pair->value = OPENSSL_strdup(value)) != NULL - && sk_INFOPAIR_push(*infopairsk, pair) > 0) - return 1; - - if (pair != NULL) { - OPENSSL_free(pair->name); - OPENSSL_free(pair->value); - OPENSSL_free(pair); - } - ERR_raise(ERR_LIB_CRYPTO, ERR_R_MALLOC_FAILURE); - return 0; -} - -int ossl_provider_add_parameter(OSSL_PROVIDER *prov, - const char *name, const char *value) -{ - return infopair_add(&prov->parameters, name, value); -} - -int ossl_provider_info_add_parameter(OSSL_PROVIDER_INFO *provinfo, - const char *name, - const char *value) -{ - return infopair_add(&provinfo->parameters, name, value); -} - -/* - * Provider activation. - * - * What "activation" means depends on the provider form; for built in - * providers (in the library or the application alike), the provider - * can already be considered to be loaded, all that's needed is to - * initialize it. However, for dynamically loadable provider modules, - * we must first load that module. - * - * Built in modules are distinguished from dynamically loaded modules - * with an already assigned init function. - */ -static const OSSL_DISPATCH *core_dispatch; /* Define further down */ - -int OSSL_PROVIDER_set_default_search_path(OSSL_LIB_CTX *libctx, - const char *path) -{ - struct provider_store_st *store; - char *p = NULL; - - if (path != NULL) { - p = OPENSSL_strdup(path); - if (p == NULL) { - ERR_raise(ERR_LIB_CRYPTO, ERR_R_MALLOC_FAILURE); - return 0; - } - } - if ((store = get_provider_store(libctx)) != NULL - && CRYPTO_THREAD_write_lock(store->default_path_lock)) { - OPENSSL_free(store->default_path); - store->default_path = p; - CRYPTO_THREAD_unlock(store->default_path_lock); - return 1; - } - OPENSSL_free(p); - return 0; -} - -/* - * Internal version that doesn't affect the store flags, and thereby avoid - * locking. Direct callers must remember to set the store flags when - * appropriate. - */ -static int provider_init(OSSL_PROVIDER *prov) -{ - const OSSL_DISPATCH *provider_dispatch = NULL; - void *tmp_provctx = NULL; /* safety measure */ -#ifndef OPENSSL_NO_ERR -# ifndef FIPS_MODULE - OSSL_FUNC_provider_get_reason_strings_fn *p_get_reason_strings = NULL; -# endif -#endif - int ok = 0; - - if (!ossl_assert(!prov->flag_initialized)) { - ERR_raise(ERR_LIB_CRYPTO, ERR_R_INTERNAL_ERROR); - goto end; - } - - /* - * If the init function isn't set, it indicates that this provider is - * a loadable module. - */ - if (prov->init_function == NULL) { -#ifdef FIPS_MODULE - goto end; -#else - if (prov->module == NULL) { - char *allocated_path = NULL; - const char *module_path = NULL; - char *merged_path = NULL; - const char *load_dir = NULL; - char *allocated_load_dir = NULL; - struct provider_store_st *store; - - if ((prov->module = DSO_new()) == NULL) { - /* DSO_new() generates an error already */ - goto end; - } - - if ((store = get_provider_store(prov->libctx)) == NULL - || !CRYPTO_THREAD_read_lock(store->default_path_lock)) - goto end; - - if (store->default_path != NULL) { - allocated_load_dir = OPENSSL_strdup(store->default_path); - CRYPTO_THREAD_unlock(store->default_path_lock); - if (allocated_load_dir == NULL) { - ERR_raise(ERR_LIB_CRYPTO, ERR_R_MALLOC_FAILURE); - goto end; - } - load_dir = allocated_load_dir; - } else { - CRYPTO_THREAD_unlock(store->default_path_lock); - } - - if (load_dir == NULL) { - load_dir = ossl_safe_getenv("OPENSSL_MODULES"); - if (load_dir == NULL) - load_dir = MODULESDIR; - } - - DSO_ctrl(prov->module, DSO_CTRL_SET_FLAGS, - DSO_FLAG_NAME_TRANSLATION_EXT_ONLY, NULL); - - module_path = prov->path; - if (module_path == NULL) - module_path = allocated_path = - DSO_convert_filename(prov->module, prov->name); - if (module_path != NULL) - merged_path = DSO_merge(prov->module, module_path, load_dir); - - if (merged_path == NULL - || (DSO_load(prov->module, merged_path, NULL, 0)) == NULL) { - DSO_free(prov->module); - prov->module = NULL; - } - - OPENSSL_free(merged_path); - OPENSSL_free(allocated_path); - OPENSSL_free(allocated_load_dir); - } - - if (prov->module == NULL) { - /* DSO has already recorded errors, this is just a tracepoint */ - ERR_raise_data(ERR_LIB_CRYPTO, ERR_R_DSO_LIB, - "name=%s", prov->name); - goto end; - } - - prov->init_function = (OSSL_provider_init_fn *) - DSO_bind_func(prov->module, "OSSL_provider_init"); -#endif - } - - /* Check for and call the initialise function for the provider. */ - if (prov->init_function == NULL) { - ERR_raise_data(ERR_LIB_CRYPTO, ERR_R_UNSUPPORTED, - "name=%s, provider has no provider init function", - prov->name); - goto end; - } - - if (!prov->init_function((OSSL_CORE_HANDLE *)prov, core_dispatch, - &provider_dispatch, &tmp_provctx)) { - ERR_raise_data(ERR_LIB_CRYPTO, ERR_R_INIT_FAIL, - "name=%s", prov->name); - goto end; - } - prov->provctx = tmp_provctx; - prov->dispatch = provider_dispatch; - - for (; provider_dispatch->function_id != 0; provider_dispatch++) { - switch (provider_dispatch->function_id) { - case OSSL_FUNC_PROVIDER_TEARDOWN: - prov->teardown = - OSSL_FUNC_provider_teardown(provider_dispatch); - break; - case OSSL_FUNC_PROVIDER_GETTABLE_PARAMS: - prov->gettable_params = - OSSL_FUNC_provider_gettable_params(provider_dispatch); - break; - case OSSL_FUNC_PROVIDER_GET_PARAMS: - prov->get_params = - OSSL_FUNC_provider_get_params(provider_dispatch); - break; - case OSSL_FUNC_PROVIDER_SELF_TEST: - prov->self_test = - OSSL_FUNC_provider_self_test(provider_dispatch); - break; - case OSSL_FUNC_PROVIDER_GET_CAPABILITIES: - prov->get_capabilities = - OSSL_FUNC_provider_get_capabilities(provider_dispatch); - break; - case OSSL_FUNC_PROVIDER_QUERY_OPERATION: - prov->query_operation = - OSSL_FUNC_provider_query_operation(provider_dispatch); - break; - case OSSL_FUNC_PROVIDER_UNQUERY_OPERATION: - prov->unquery_operation = - OSSL_FUNC_provider_unquery_operation(provider_dispatch); - break; -#ifndef OPENSSL_NO_ERR -# ifndef FIPS_MODULE - case OSSL_FUNC_PROVIDER_GET_REASON_STRINGS: - p_get_reason_strings = - OSSL_FUNC_provider_get_reason_strings(provider_dispatch); - break; -# endif -#endif - } - } - -#ifndef OPENSSL_NO_ERR -# ifndef FIPS_MODULE - if (p_get_reason_strings != NULL) { - const OSSL_ITEM *reasonstrings = p_get_reason_strings(prov->provctx); - size_t cnt, cnt2; - - /* - * ERR_load_strings() handles ERR_STRING_DATA rather than OSSL_ITEM, - * although they are essentially the same type. - * Furthermore, ERR_load_strings() patches the array's error number - * with the error library number, so we need to make a copy of that - * array either way. - */ - cnt = 0; - while (reasonstrings[cnt].id != 0) { - if (ERR_GET_LIB(reasonstrings[cnt].id) != 0) - goto end; - cnt++; - } - cnt++; /* One for the terminating item */ - - /* Allocate one extra item for the "library" name */ - prov->error_strings = - OPENSSL_zalloc(sizeof(ERR_STRING_DATA) * (cnt + 1)); - if (prov->error_strings == NULL) - goto end; - - /* - * Set the "library" name. - */ - prov->error_strings[0].error = ERR_PACK(prov->error_lib, 0, 0); - prov->error_strings[0].string = prov->name; - /* - * Copy reasonstrings item 0..cnt-1 to prov->error_trings positions - * 1..cnt. - */ - for (cnt2 = 1; cnt2 <= cnt; cnt2++) { - prov->error_strings[cnt2].error = (int)reasonstrings[cnt2-1].id; - prov->error_strings[cnt2].string = reasonstrings[cnt2-1].ptr; - } - - ERR_load_strings(prov->error_lib, prov->error_strings); - } -# endif -#endif - - /* With this flag set, this provider has become fully "loaded". */ - prov->flag_initialized = 1; - ok = 1; - - end: - return ok; -} - -/* - * Deactivate a provider. If upcalls is 0 then we suppress any upcalls to a - * parent provider. If removechildren is 0 then we suppress any calls to remove - * child providers. - * Return -1 on failure and the activation count on success - */ -static int provider_deactivate(OSSL_PROVIDER *prov, int upcalls, - int removechildren) -{ - int count; - struct provider_store_st *store; -#ifndef FIPS_MODULE - int freeparent = 0; -#endif - int lock = 1; - - if (!ossl_assert(prov != NULL)) - return -1; - - /* - * No need to lock if we've got no store because we've not been shared with - * other threads. - */ - store = get_provider_store(prov->libctx); - if (store == NULL) - lock = 0; - - if (lock && !CRYPTO_THREAD_read_lock(store->lock)) - return -1; - if (lock && !CRYPTO_THREAD_write_lock(prov->flag_lock)) { - CRYPTO_THREAD_unlock(store->lock); - return -1; - } - -#ifndef FIPS_MODULE - if (prov->activatecnt >= 2 && prov->ischild && upcalls) { - /* - * We have had a direct activation in this child libctx so we need to - * now down the ref count in the parent provider. We do the actual down - * ref outside of the flag_lock, since it could involve getting other - * locks. - */ - freeparent = 1; - } -#endif - - if ((count = --prov->activatecnt) < 1) - prov->flag_activated = 0; -#ifndef FIPS_MODULE - else - removechildren = 0; -#endif - -#ifndef FIPS_MODULE - if (removechildren && store != NULL) { - int i, max = sk_OSSL_PROVIDER_CHILD_CB_num(store->child_cbs); - OSSL_PROVIDER_CHILD_CB *child_cb; - - for (i = 0; i < max; i++) { - child_cb = sk_OSSL_PROVIDER_CHILD_CB_value(store->child_cbs, i); - child_cb->remove_cb((OSSL_CORE_HANDLE *)prov, child_cb->cbdata); - } - } -#endif - if (lock) { - CRYPTO_THREAD_unlock(prov->flag_lock); - CRYPTO_THREAD_unlock(store->lock); - } -#ifndef FIPS_MODULE - if (freeparent) - ossl_provider_free_parent(prov, 1); -#endif - - /* We don't deinit here, that's done in ossl_provider_free() */ - return count; -} - -/* - * Activate a provider. - * Return -1 on failure and the activation count on success - */ -static int provider_activate(OSSL_PROVIDER *prov, int lock, int upcalls) -{ - int count = -1; - struct provider_store_st *store; - int ret = 1; - - store = prov->store; - /* - * If the provider hasn't been added to the store, then we don't need - * any locks because we've not shared it with other threads. - */ - if (store == NULL) { - lock = 0; - if (!provider_init(prov)) - return -1; - } - -#ifndef FIPS_MODULE - if (prov->ischild && upcalls && !ossl_provider_up_ref_parent(prov, 1)) - return -1; -#endif - - if (lock && !CRYPTO_THREAD_read_lock(store->lock)) { -#ifndef FIPS_MODULE - if (prov->ischild && upcalls) - ossl_provider_free_parent(prov, 1); -#endif - return -1; - } - - if (lock && !CRYPTO_THREAD_write_lock(prov->flag_lock)) { - CRYPTO_THREAD_unlock(store->lock); -#ifndef FIPS_MODULE - if (prov->ischild && upcalls) - ossl_provider_free_parent(prov, 1); -#endif - return -1; - } - - count = ++prov->activatecnt; - prov->flag_activated = 1; - - if (prov->activatecnt == 1 && store != NULL) { - ret = create_provider_children(prov); - } - if (lock) { - CRYPTO_THREAD_unlock(prov->flag_lock); - CRYPTO_THREAD_unlock(store->lock); - } - - if (!ret) - return -1; - - return count; -} - -static int provider_flush_store_cache(const OSSL_PROVIDER *prov) -{ - struct provider_store_st *store; - int freeing; - - if ((store = get_provider_store(prov->libctx)) == NULL) - return 0; - - if (!CRYPTO_THREAD_read_lock(store->lock)) - return 0; - freeing = store->freeing; - CRYPTO_THREAD_unlock(store->lock); - - if (!freeing) { - int acc - = evp_method_store_cache_flush(prov->libctx) -#ifndef FIPS_MODULE - + ossl_encoder_store_cache_flush(prov->libctx) - + ossl_decoder_store_cache_flush(prov->libctx) - + ossl_store_loader_store_cache_flush(prov->libctx) -#endif - ; - -#ifndef FIPS_MODULE - return acc == 4; -#else - return acc == 1; -#endif - } - return 1; -} - -static int provider_remove_store_methods(OSSL_PROVIDER *prov) -{ - struct provider_store_st *store; - int freeing; - - if ((store = get_provider_store(prov->libctx)) == NULL) - return 0; - - if (!CRYPTO_THREAD_read_lock(store->lock)) - return 0; - freeing = store->freeing; - CRYPTO_THREAD_unlock(store->lock); - - if (!freeing) { - int acc; - - if (!CRYPTO_THREAD_write_lock(prov->opbits_lock)) - return 0; - OPENSSL_free(prov->operation_bits); - prov->operation_bits = NULL; - prov->operation_bits_sz = 0; - CRYPTO_THREAD_unlock(prov->opbits_lock); - - acc = evp_method_store_remove_all_provided(prov) -#ifndef FIPS_MODULE - + ossl_encoder_store_remove_all_provided(prov) - + ossl_decoder_store_remove_all_provided(prov) - + ossl_store_loader_store_remove_all_provided(prov) -#endif - ; - -#ifndef FIPS_MODULE - return acc == 4; -#else - return acc == 1; -#endif - } - return 1; -} - -int ossl_provider_activate(OSSL_PROVIDER *prov, int upcalls, int aschild) -{ - int count; - - if (prov == NULL) - return 0; -#ifndef FIPS_MODULE - /* - * If aschild is true, then we only actually do the activation if the - * provider is a child. If its not, this is still success. - */ - if (aschild && !prov->ischild) - return 1; -#endif - if ((count = provider_activate(prov, 1, upcalls)) > 0) - return count == 1 ? provider_flush_store_cache(prov) : 1; - - return 0; -} - -int ossl_provider_deactivate(OSSL_PROVIDER *prov, int removechildren) -{ - int count; - - if (prov == NULL - || (count = provider_deactivate(prov, 1, removechildren)) < 0) - return 0; - return count == 0 ? provider_remove_store_methods(prov) : 1; -} - -void *ossl_provider_ctx(const OSSL_PROVIDER *prov) -{ - return prov != NULL ? prov->provctx : NULL; -} - -/* - * This function only does something once when store->use_fallbacks == 1, - * and then sets store->use_fallbacks = 0, so the second call and so on is - * effectively a no-op. - */ -static int provider_activate_fallbacks(struct provider_store_st *store) -{ - int use_fallbacks; - int activated_fallback_count = 0; - int ret = 0; - const OSSL_PROVIDER_INFO *p; - - if (!CRYPTO_THREAD_read_lock(store->lock)) - return 0; - use_fallbacks = store->use_fallbacks; - CRYPTO_THREAD_unlock(store->lock); - if (!use_fallbacks) - return 1; - - if (!CRYPTO_THREAD_write_lock(store->lock)) - return 0; - /* Check again, just in case another thread changed it */ - use_fallbacks = store->use_fallbacks; - if (!use_fallbacks) { - CRYPTO_THREAD_unlock(store->lock); - return 1; - } - - for (p = ossl_predefined_providers; p->name != NULL; p++) { - OSSL_PROVIDER *prov = NULL; - - if (!p->is_fallback) - continue; - /* - * We use the internal constructor directly here, - * otherwise we get a call loop - */ - prov = provider_new(p->name, p->init, NULL); - if (prov == NULL) - goto err; - prov->libctx = store->libctx; -#ifndef FIPS_MODULE - prov->error_lib = ERR_get_next_error_library(); -#endif - - /* - * We are calling provider_activate while holding the store lock. This - * means the init function will be called while holding a lock. Normally - * we try to avoid calling a user callback while holding a lock. - * However, fallbacks are never third party providers so we accept this. - */ - if (provider_activate(prov, 0, 0) < 0) { - ossl_provider_free(prov); - goto err; - } - prov->store = store; - if (sk_OSSL_PROVIDER_push(store->providers, prov) == 0) { - ossl_provider_free(prov); - goto err; - } - activated_fallback_count++; - } - - if (activated_fallback_count > 0) { - store->use_fallbacks = 0; - ret = 1; - } - err: - CRYPTO_THREAD_unlock(store->lock); - return ret; -} - -int ossl_provider_doall_activated(OSSL_LIB_CTX *ctx, - int (*cb)(OSSL_PROVIDER *provider, - void *cbdata), - void *cbdata) -{ - int ret = 0, curr, max, ref = 0; - struct provider_store_st *store = get_provider_store(ctx); - STACK_OF(OSSL_PROVIDER) *provs = NULL; - -#ifndef FIPS_MODULE - /* - * Make sure any providers are loaded from config before we try to use - * them. - */ - if (ossl_lib_ctx_is_default(ctx)) - OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL); -#endif - - if (store == NULL) - return 1; - if (!provider_activate_fallbacks(store)) - return 0; - - /* - * Under lock, grab a copy of the provider list and up_ref each - * provider so that they don't disappear underneath us. - */ - if (!CRYPTO_THREAD_read_lock(store->lock)) - return 0; - provs = sk_OSSL_PROVIDER_dup(store->providers); - if (provs == NULL) { - CRYPTO_THREAD_unlock(store->lock); - return 0; - } - max = sk_OSSL_PROVIDER_num(provs); - /* - * We work backwards through the stack so that we can safely delete items - * as we go. - */ - for (curr = max - 1; curr >= 0; curr--) { - OSSL_PROVIDER *prov = sk_OSSL_PROVIDER_value(provs, curr); - - if (!CRYPTO_THREAD_write_lock(prov->flag_lock)) - goto err_unlock; - if (prov->flag_activated) { - /* - * We call CRYPTO_UP_REF directly rather than ossl_provider_up_ref - * to avoid upping the ref count on the parent provider, which we - * must not do while holding locks. - */ - if (CRYPTO_UP_REF(&prov->refcnt, &ref, prov->refcnt_lock) <= 0) { - CRYPTO_THREAD_unlock(prov->flag_lock); - goto err_unlock; - } - /* - * It's already activated, but we up the activated count to ensure - * it remains activated until after we've called the user callback. - * We do this with no locking (because we already hold the locks) - * and no upcalls (which must not be called when locks are held). In - * theory this could mean the parent provider goes inactive, whilst - * still activated in the child for a short period. That's ok. - */ - if (provider_activate(prov, 0, 0) < 0) { - CRYPTO_DOWN_REF(&prov->refcnt, &ref, prov->refcnt_lock); - CRYPTO_THREAD_unlock(prov->flag_lock); - goto err_unlock; - } - } else { - sk_OSSL_PROVIDER_delete(provs, curr); - max--; - } - CRYPTO_THREAD_unlock(prov->flag_lock); - } - CRYPTO_THREAD_unlock(store->lock); - - /* - * Now, we sweep through all providers not under lock - */ - for (curr = 0; curr < max; curr++) { - OSSL_PROVIDER *prov = sk_OSSL_PROVIDER_value(provs, curr); - - if (!cb(prov, cbdata)) { - curr = -1; - goto finish; - } - } - curr = -1; - - ret = 1; - goto finish; - - err_unlock: - CRYPTO_THREAD_unlock(store->lock); - finish: - /* - * The pop_free call doesn't do what we want on an error condition. We - * either start from the first item in the stack, or part way through if - * we only processed some of the items. - */ - for (curr++; curr < max; curr++) { - OSSL_PROVIDER *prov = sk_OSSL_PROVIDER_value(provs, curr); - - provider_deactivate(prov, 0, 1); - /* - * As above where we did the up-ref, we don't call ossl_provider_free - * to avoid making upcalls. There should always be at least one ref - * to the provider in the store, so this should never drop to 0. - */ - CRYPTO_DOWN_REF(&prov->refcnt, &ref, prov->refcnt_lock); - /* - * Not much we can do if this assert ever fails. So we don't use - * ossl_assert here. - */ - assert(ref > 0); - } - sk_OSSL_PROVIDER_free(provs); - return ret; -} - -int OSSL_PROVIDER_available(OSSL_LIB_CTX *libctx, const char *name) -{ - OSSL_PROVIDER *prov = NULL; - int available = 0; - struct provider_store_st *store = get_provider_store(libctx); - - if (store == NULL || !provider_activate_fallbacks(store)) - return 0; - - prov = ossl_provider_find(libctx, name, 0); - if (prov != NULL) { - if (!CRYPTO_THREAD_read_lock(prov->flag_lock)) - return 0; - available = prov->flag_activated; - CRYPTO_THREAD_unlock(prov->flag_lock); - ossl_provider_free(prov); - } - return available; -} - -/* Setters of Provider Object data */ -int ossl_provider_set_fallback(OSSL_PROVIDER *prov) -{ - if (prov == NULL) - return 0; - - prov->flag_fallback = 1; - return 1; -} - -/* Getters of Provider Object data */ -const char *ossl_provider_name(const OSSL_PROVIDER *prov) -{ - return prov->name; -} - -const DSO *ossl_provider_dso(const OSSL_PROVIDER *prov) -{ - return prov->module; -} - -const char *ossl_provider_module_name(const OSSL_PROVIDER *prov) -{ -#ifdef FIPS_MODULE - return NULL; -#else - return DSO_get_filename(prov->module); -#endif -} - -const char *ossl_provider_module_path(const OSSL_PROVIDER *prov) -{ -#ifdef FIPS_MODULE - return NULL; -#else - /* FIXME: Ensure it's a full path */ - return DSO_get_filename(prov->module); -#endif -} - -void *ossl_provider_prov_ctx(const OSSL_PROVIDER *prov) -{ - if (prov != NULL) - return prov->provctx; - - return NULL; -} - -const OSSL_DISPATCH *ossl_provider_get0_dispatch(const OSSL_PROVIDER *prov) -{ - if (prov != NULL) - return prov->dispatch; - - return NULL; -} - -OSSL_LIB_CTX *ossl_provider_libctx(const OSSL_PROVIDER *prov) -{ - return prov != NULL ? prov->libctx : NULL; -} - -/* Wrappers around calls to the provider */ -void ossl_provider_teardown(const OSSL_PROVIDER *prov) -{ - if (prov->teardown != NULL -#ifndef FIPS_MODULE - && !prov->ischild -#endif - ) - prov->teardown(prov->provctx); -} - -const OSSL_PARAM *ossl_provider_gettable_params(const OSSL_PROVIDER *prov) -{ - return prov->gettable_params == NULL - ? NULL : prov->gettable_params(prov->provctx); -} - -int ossl_provider_get_params(const OSSL_PROVIDER *prov, OSSL_PARAM params[]) -{ - return prov->get_params == NULL - ? 0 : prov->get_params(prov->provctx, params); -} - -int ossl_provider_self_test(const OSSL_PROVIDER *prov) -{ - int ret; - - if (prov->self_test == NULL) - return 1; - ret = prov->self_test(prov->provctx); - if (ret == 0) - (void)provider_remove_store_methods((OSSL_PROVIDER *)prov); - return ret; -} - -int ossl_provider_get_capabilities(const OSSL_PROVIDER *prov, - const char *capability, - OSSL_CALLBACK *cb, - void *arg) -{ - return prov->get_capabilities == NULL - ? 1 : prov->get_capabilities(prov->provctx, capability, cb, arg); -} - -const OSSL_ALGORITHM *ossl_provider_query_operation(const OSSL_PROVIDER *prov, - int operation_id, - int *no_cache) -{ - const OSSL_ALGORITHM *res; - - if (prov->query_operation == NULL) - return NULL; - res = prov->query_operation(prov->provctx, operation_id, no_cache); -#if defined(OPENSSL_NO_CACHED_FETCH) - /* Forcing the non-caching of queries */ - if (no_cache != NULL) - *no_cache = 1; -#endif - return res; -} - -void ossl_provider_unquery_operation(const OSSL_PROVIDER *prov, - int operation_id, - const OSSL_ALGORITHM *algs) -{ - if (prov->unquery_operation != NULL) - prov->unquery_operation(prov->provctx, operation_id, algs); -} - -int ossl_provider_set_operation_bit(OSSL_PROVIDER *provider, size_t bitnum) -{ - size_t byte = bitnum / 8; - unsigned char bit = (1 << (bitnum % 8)) & 0xFF; - - if (!CRYPTO_THREAD_write_lock(provider->opbits_lock)) - return 0; - if (provider->operation_bits_sz <= byte) { - unsigned char *tmp = OPENSSL_realloc(provider->operation_bits, - byte + 1); - - if (tmp == NULL) { - CRYPTO_THREAD_unlock(provider->opbits_lock); - ERR_raise(ERR_LIB_CRYPTO, ERR_R_MALLOC_FAILURE); - return 0; - } - provider->operation_bits = tmp; - memset(provider->operation_bits + provider->operation_bits_sz, - '\0', byte + 1 - provider->operation_bits_sz); - provider->operation_bits_sz = byte + 1; - } - provider->operation_bits[byte] |= bit; - CRYPTO_THREAD_unlock(provider->opbits_lock); - return 1; -} - -int ossl_provider_test_operation_bit(OSSL_PROVIDER *provider, size_t bitnum, - int *result) -{ - size_t byte = bitnum / 8; - unsigned char bit = (1 << (bitnum % 8)) & 0xFF; - - if (!ossl_assert(result != NULL)) { - ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - - *result = 0; - if (!CRYPTO_THREAD_read_lock(provider->opbits_lock)) - return 0; - if (provider->operation_bits_sz > byte) - *result = ((provider->operation_bits[byte] & bit) != 0); - CRYPTO_THREAD_unlock(provider->opbits_lock); - return 1; -} - -#ifndef FIPS_MODULE -const OSSL_CORE_HANDLE *ossl_provider_get_parent(OSSL_PROVIDER *prov) -{ - return prov->handle; -} - -int ossl_provider_is_child(const OSSL_PROVIDER *prov) -{ - return prov->ischild; -} - -int ossl_provider_set_child(OSSL_PROVIDER *prov, const OSSL_CORE_HANDLE *handle) -{ - prov->handle = handle; - prov->ischild = 1; - - return 1; -} - -int ossl_provider_default_props_update(OSSL_LIB_CTX *libctx, const char *props) -{ -#ifndef FIPS_MODULE - struct provider_store_st *store = NULL; - int i, max; - OSSL_PROVIDER_CHILD_CB *child_cb; - - if ((store = get_provider_store(libctx)) == NULL) - return 0; - - if (!CRYPTO_THREAD_read_lock(store->lock)) - return 0; - - max = sk_OSSL_PROVIDER_CHILD_CB_num(store->child_cbs); - for (i = 0; i < max; i++) { - child_cb = sk_OSSL_PROVIDER_CHILD_CB_value(store->child_cbs, i); - child_cb->global_props_cb(props, child_cb->cbdata); - } - - CRYPTO_THREAD_unlock(store->lock); -#endif - return 1; -} - -static int ossl_provider_register_child_cb(const OSSL_CORE_HANDLE *handle, - int (*create_cb)( - const OSSL_CORE_HANDLE *provider, - void *cbdata), - int (*remove_cb)( - const OSSL_CORE_HANDLE *provider, - void *cbdata), - int (*global_props_cb)( - const char *props, - void *cbdata), - void *cbdata) -{ - /* - * This is really an OSSL_PROVIDER that we created and cast to - * OSSL_CORE_HANDLE originally. Therefore it is safe to cast it back. - */ - OSSL_PROVIDER *thisprov = (OSSL_PROVIDER *)handle; - OSSL_PROVIDER *prov; - OSSL_LIB_CTX *libctx = thisprov->libctx; - struct provider_store_st *store = NULL; - int ret = 0, i, max; - OSSL_PROVIDER_CHILD_CB *child_cb; - char *propsstr = NULL; - - if ((store = get_provider_store(libctx)) == NULL) - return 0; - - child_cb = OPENSSL_malloc(sizeof(*child_cb)); - if (child_cb == NULL) - return 0; - child_cb->prov = thisprov; - child_cb->create_cb = create_cb; - child_cb->remove_cb = remove_cb; - child_cb->global_props_cb = global_props_cb; - child_cb->cbdata = cbdata; - - if (!CRYPTO_THREAD_write_lock(store->lock)) { - OPENSSL_free(child_cb); - return 0; - } - propsstr = evp_get_global_properties_str(libctx, 0); - - if (propsstr != NULL) { - global_props_cb(propsstr, cbdata); - OPENSSL_free(propsstr); - } - max = sk_OSSL_PROVIDER_num(store->providers); - for (i = 0; i < max; i++) { - int activated; - - prov = sk_OSSL_PROVIDER_value(store->providers, i); - - if (!CRYPTO_THREAD_read_lock(prov->flag_lock)) - break; - activated = prov->flag_activated; - CRYPTO_THREAD_unlock(prov->flag_lock); - /* - * We hold the store lock while calling the user callback. This means - * that the user callback must be short and simple and not do anything - * likely to cause a deadlock. We don't hold the flag_lock during this - * call. In theory this means that another thread could deactivate it - * while we are calling create. This is ok because the other thread - * will also call remove_cb, but won't be able to do so until we release - * the store lock. - */ - if (activated && !create_cb((OSSL_CORE_HANDLE *)prov, cbdata)) - break; - } - if (i == max) { - /* Success */ - ret = sk_OSSL_PROVIDER_CHILD_CB_push(store->child_cbs, child_cb); - } - if (i != max || ret <= 0) { - /* Failed during creation. Remove everything we just added */ - for (; i >= 0; i--) { - prov = sk_OSSL_PROVIDER_value(store->providers, i); - remove_cb((OSSL_CORE_HANDLE *)prov, cbdata); - } - OPENSSL_free(child_cb); - ret = 0; - } - CRYPTO_THREAD_unlock(store->lock); - - return ret; -} - -static void ossl_provider_deregister_child_cb(const OSSL_CORE_HANDLE *handle) -{ - /* - * This is really an OSSL_PROVIDER that we created and cast to - * OSSL_CORE_HANDLE originally. Therefore it is safe to cast it back. - */ - OSSL_PROVIDER *thisprov = (OSSL_PROVIDER *)handle; - OSSL_LIB_CTX *libctx = thisprov->libctx; - struct provider_store_st *store = NULL; - int i, max; - OSSL_PROVIDER_CHILD_CB *child_cb; - - if ((store = get_provider_store(libctx)) == NULL) - return; - - if (!CRYPTO_THREAD_write_lock(store->lock)) - return; - max = sk_OSSL_PROVIDER_CHILD_CB_num(store->child_cbs); - for (i = 0; i < max; i++) { - child_cb = sk_OSSL_PROVIDER_CHILD_CB_value(store->child_cbs, i); - if (child_cb->prov == thisprov) { - /* Found an entry */ - sk_OSSL_PROVIDER_CHILD_CB_delete(store->child_cbs, i); - OPENSSL_free(child_cb); - break; - } - } - CRYPTO_THREAD_unlock(store->lock); -} -#endif - -/*- - * Core functions for the provider - * =============================== - * - * This is the set of functions that the core makes available to the provider - */ - -/* - * This returns a list of Provider Object parameters with their types, for - * discovery. We do not expect that many providers will use this, but one - * never knows. - */ -static const OSSL_PARAM param_types[] = { - OSSL_PARAM_DEFN(OSSL_PROV_PARAM_CORE_VERSION, OSSL_PARAM_UTF8_PTR, NULL, 0), - OSSL_PARAM_DEFN(OSSL_PROV_PARAM_CORE_PROV_NAME, OSSL_PARAM_UTF8_PTR, - NULL, 0), -#ifndef FIPS_MODULE - OSSL_PARAM_DEFN(OSSL_PROV_PARAM_CORE_MODULE_FILENAME, OSSL_PARAM_UTF8_PTR, - NULL, 0), -#endif - OSSL_PARAM_END -}; - -/* - * Forward declare all the functions that are provided aa dispatch. - * This ensures that the compiler will complain if they aren't defined - * with the correct signature. - */ -static OSSL_FUNC_core_gettable_params_fn core_gettable_params; -static OSSL_FUNC_core_get_params_fn core_get_params; -static OSSL_FUNC_core_get_libctx_fn core_get_libctx; -static OSSL_FUNC_core_thread_start_fn core_thread_start; -#ifndef FIPS_MODULE -static OSSL_FUNC_core_new_error_fn core_new_error; -static OSSL_FUNC_core_set_error_debug_fn core_set_error_debug; -static OSSL_FUNC_core_vset_error_fn core_vset_error; -static OSSL_FUNC_core_set_error_mark_fn core_set_error_mark; -static OSSL_FUNC_core_clear_last_error_mark_fn core_clear_last_error_mark; -static OSSL_FUNC_core_pop_error_to_mark_fn core_pop_error_to_mark; -OSSL_FUNC_BIO_new_file_fn ossl_core_bio_new_file; -OSSL_FUNC_BIO_new_membuf_fn ossl_core_bio_new_mem_buf; -OSSL_FUNC_BIO_read_ex_fn ossl_core_bio_read_ex; -OSSL_FUNC_BIO_write_ex_fn ossl_core_bio_write_ex; -OSSL_FUNC_BIO_gets_fn ossl_core_bio_gets; -OSSL_FUNC_BIO_puts_fn ossl_core_bio_puts; -OSSL_FUNC_BIO_up_ref_fn ossl_core_bio_up_ref; -OSSL_FUNC_BIO_free_fn ossl_core_bio_free; -OSSL_FUNC_BIO_vprintf_fn ossl_core_bio_vprintf; -OSSL_FUNC_BIO_vsnprintf_fn BIO_vsnprintf; -static OSSL_FUNC_self_test_cb_fn core_self_test_get_callback; -OSSL_FUNC_get_entropy_fn ossl_rand_get_entropy; -OSSL_FUNC_cleanup_entropy_fn ossl_rand_cleanup_entropy; -OSSL_FUNC_get_nonce_fn ossl_rand_get_nonce; -OSSL_FUNC_cleanup_nonce_fn ossl_rand_cleanup_nonce; -#endif -OSSL_FUNC_CRYPTO_malloc_fn CRYPTO_malloc; -OSSL_FUNC_CRYPTO_zalloc_fn CRYPTO_zalloc; -OSSL_FUNC_CRYPTO_free_fn CRYPTO_free; -OSSL_FUNC_CRYPTO_clear_free_fn CRYPTO_clear_free; -OSSL_FUNC_CRYPTO_realloc_fn CRYPTO_realloc; -OSSL_FUNC_CRYPTO_clear_realloc_fn CRYPTO_clear_realloc; -OSSL_FUNC_CRYPTO_secure_malloc_fn CRYPTO_secure_malloc; -OSSL_FUNC_CRYPTO_secure_zalloc_fn CRYPTO_secure_zalloc; -OSSL_FUNC_CRYPTO_secure_free_fn CRYPTO_secure_free; -OSSL_FUNC_CRYPTO_secure_clear_free_fn CRYPTO_secure_clear_free; -OSSL_FUNC_CRYPTO_secure_allocated_fn CRYPTO_secure_allocated; -OSSL_FUNC_OPENSSL_cleanse_fn OPENSSL_cleanse; -#ifndef FIPS_MODULE -OSSL_FUNC_provider_register_child_cb_fn ossl_provider_register_child_cb; -OSSL_FUNC_provider_deregister_child_cb_fn ossl_provider_deregister_child_cb; -static OSSL_FUNC_provider_name_fn core_provider_get0_name; -static OSSL_FUNC_provider_get0_provider_ctx_fn core_provider_get0_provider_ctx; -static OSSL_FUNC_provider_get0_dispatch_fn core_provider_get0_dispatch; -static OSSL_FUNC_provider_up_ref_fn core_provider_up_ref_intern; -static OSSL_FUNC_provider_free_fn core_provider_free_intern; -static OSSL_FUNC_core_obj_add_sigid_fn core_obj_add_sigid; -static OSSL_FUNC_core_obj_create_fn core_obj_create; -#endif - -static const OSSL_PARAM *core_gettable_params(const OSSL_CORE_HANDLE *handle) -{ - return param_types; -} - -static int core_get_params(const OSSL_CORE_HANDLE *handle, OSSL_PARAM params[]) -{ - int i; - OSSL_PARAM *p; - /* - * We created this object originally and we know it is actually an - * OSSL_PROVIDER *, so the cast is safe - */ - OSSL_PROVIDER *prov = (OSSL_PROVIDER *)handle; - - if ((p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_CORE_VERSION)) != NULL) - OSSL_PARAM_set_utf8_ptr(p, OPENSSL_VERSION_STR); - if ((p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_CORE_PROV_NAME)) != NULL) - OSSL_PARAM_set_utf8_ptr(p, prov->name); - -#ifndef FIPS_MODULE - if ((p = OSSL_PARAM_locate(params, - OSSL_PROV_PARAM_CORE_MODULE_FILENAME)) != NULL) - OSSL_PARAM_set_utf8_ptr(p, ossl_provider_module_path(prov)); -#endif - - if (prov->parameters == NULL) - return 1; - - for (i = 0; i < sk_INFOPAIR_num(prov->parameters); i++) { - INFOPAIR *pair = sk_INFOPAIR_value(prov->parameters, i); - - if ((p = OSSL_PARAM_locate(params, pair->name)) != NULL) - OSSL_PARAM_set_utf8_ptr(p, pair->value); - } - return 1; -} - -static OPENSSL_CORE_CTX *core_get_libctx(const OSSL_CORE_HANDLE *handle) -{ - /* - * We created this object originally and we know it is actually an - * OSSL_PROVIDER *, so the cast is safe - */ - OSSL_PROVIDER *prov = (OSSL_PROVIDER *)handle; - - /* - * Using ossl_provider_libctx would be wrong as that returns - * NULL for |prov| == NULL and NULL libctx has a special meaning - * that does not apply here. Here |prov| == NULL can happen only in - * case of a coding error. - */ - assert(prov != NULL); - return (OPENSSL_CORE_CTX *)prov->libctx; -} - -static int core_thread_start(const OSSL_CORE_HANDLE *handle, - OSSL_thread_stop_handler_fn handfn, - void *arg) -{ - /* - * We created this object originally and we know it is actually an - * OSSL_PROVIDER *, so the cast is safe - */ - OSSL_PROVIDER *prov = (OSSL_PROVIDER *)handle; - - return ossl_init_thread_start(prov, arg, handfn); -} - -/* - * The FIPS module inner provider doesn't implement these. They aren't - * needed there, since the FIPS module upcalls are always the outer provider - * ones. - */ -#ifndef FIPS_MODULE -/* - * These error functions should use |handle| to select the proper - * library context to report in the correct error stack if error - * stacks become tied to the library context. - * We cannot currently do that since there's no support for it in the - * ERR subsystem. - */ -static void core_new_error(const OSSL_CORE_HANDLE *handle) -{ - ERR_new(); -} - -static void core_set_error_debug(const OSSL_CORE_HANDLE *handle, - const char *file, int line, const char *func) -{ - ERR_set_debug(file, line, func); -} - -static void core_vset_error(const OSSL_CORE_HANDLE *handle, - uint32_t reason, const char *fmt, va_list args) -{ - /* - * We created this object originally and we know it is actually an - * OSSL_PROVIDER *, so the cast is safe - */ - OSSL_PROVIDER *prov = (OSSL_PROVIDER *)handle; - - /* - * If the uppermost 8 bits are non-zero, it's an OpenSSL library - * error and will be treated as such. Otherwise, it's a new style - * provider error and will be treated as such. - */ - if (ERR_GET_LIB(reason) != 0) { - ERR_vset_error(ERR_GET_LIB(reason), ERR_GET_REASON(reason), fmt, args); - } else { - ERR_vset_error(prov->error_lib, (int)reason, fmt, args); - } -} - -static int core_set_error_mark(const OSSL_CORE_HANDLE *handle) -{ - return ERR_set_mark(); -} - -static int core_clear_last_error_mark(const OSSL_CORE_HANDLE *handle) -{ - return ERR_clear_last_mark(); -} - -static int core_pop_error_to_mark(const OSSL_CORE_HANDLE *handle) -{ - return ERR_pop_to_mark(); -} - -static void core_self_test_get_callback(OPENSSL_CORE_CTX *libctx, - OSSL_CALLBACK **cb, void **cbarg) -{ - OSSL_SELF_TEST_get_callback((OSSL_LIB_CTX *)libctx, cb, cbarg); -} - -static const char *core_provider_get0_name(const OSSL_CORE_HANDLE *prov) -{ - return OSSL_PROVIDER_get0_name((const OSSL_PROVIDER *)prov); -} - -static void *core_provider_get0_provider_ctx(const OSSL_CORE_HANDLE *prov) -{ - return OSSL_PROVIDER_get0_provider_ctx((const OSSL_PROVIDER *)prov); -} - -static const OSSL_DISPATCH * -core_provider_get0_dispatch(const OSSL_CORE_HANDLE *prov) -{ - return OSSL_PROVIDER_get0_dispatch((const OSSL_PROVIDER *)prov); -} - -static int core_provider_up_ref_intern(const OSSL_CORE_HANDLE *prov, - int activate) -{ - return provider_up_ref_intern((OSSL_PROVIDER *)prov, activate); -} - -static int core_provider_free_intern(const OSSL_CORE_HANDLE *prov, - int deactivate) -{ - return provider_free_intern((OSSL_PROVIDER *)prov, deactivate); -} - -static int core_obj_add_sigid(const OSSL_CORE_HANDLE *prov, - const char *sign_name, const char *digest_name, - const char *pkey_name) -{ - int sign_nid = OBJ_txt2nid(sign_name); - int digest_nid = NID_undef; - int pkey_nid = OBJ_txt2nid(pkey_name); - - if (digest_name != NULL && digest_name[0] != '\0' - && (digest_nid = OBJ_txt2nid(digest_name)) == NID_undef) - return 0; - - if (sign_nid == NID_undef) - return 0; - - /* - * Check if it already exists. This is a success if so (even if we don't - * have nids for the digest/pkey) - */ - if (OBJ_find_sigid_algs(sign_nid, NULL, NULL)) - return 1; - - if (pkey_nid == NID_undef) - return 0; - - return OBJ_add_sigid(sign_nid, digest_nid, pkey_nid); -} - -static int core_obj_create(const OSSL_CORE_HANDLE *prov, const char *oid, - const char *sn, const char *ln) -{ - /* Check if it already exists and create it if not */ - return OBJ_txt2nid(oid) != NID_undef - || OBJ_create(oid, sn, ln) != NID_undef; -} -#endif /* FIPS_MODULE */ - -/* - * Functions provided by the core. - */ -static const OSSL_DISPATCH core_dispatch_[] = { - { OSSL_FUNC_CORE_GETTABLE_PARAMS, (void (*)(void))core_gettable_params }, - { OSSL_FUNC_CORE_GET_PARAMS, (void (*)(void))core_get_params }, - { OSSL_FUNC_CORE_GET_LIBCTX, (void (*)(void))core_get_libctx }, - { OSSL_FUNC_CORE_THREAD_START, (void (*)(void))core_thread_start }, -#ifndef FIPS_MODULE - { OSSL_FUNC_CORE_NEW_ERROR, (void (*)(void))core_new_error }, - { OSSL_FUNC_CORE_SET_ERROR_DEBUG, (void (*)(void))core_set_error_debug }, - { OSSL_FUNC_CORE_VSET_ERROR, (void (*)(void))core_vset_error }, - { OSSL_FUNC_CORE_SET_ERROR_MARK, (void (*)(void))core_set_error_mark }, - { OSSL_FUNC_CORE_CLEAR_LAST_ERROR_MARK, - (void (*)(void))core_clear_last_error_mark }, - { OSSL_FUNC_CORE_POP_ERROR_TO_MARK, (void (*)(void))core_pop_error_to_mark }, - { OSSL_FUNC_BIO_NEW_FILE, (void (*)(void))ossl_core_bio_new_file }, - { OSSL_FUNC_BIO_NEW_MEMBUF, (void (*)(void))ossl_core_bio_new_mem_buf }, - { OSSL_FUNC_BIO_READ_EX, (void (*)(void))ossl_core_bio_read_ex }, - { OSSL_FUNC_BIO_WRITE_EX, (void (*)(void))ossl_core_bio_write_ex }, - { OSSL_FUNC_BIO_GETS, (void (*)(void))ossl_core_bio_gets }, - { OSSL_FUNC_BIO_PUTS, (void (*)(void))ossl_core_bio_puts }, - { OSSL_FUNC_BIO_CTRL, (void (*)(void))ossl_core_bio_ctrl }, - { OSSL_FUNC_BIO_UP_REF, (void (*)(void))ossl_core_bio_up_ref }, - { OSSL_FUNC_BIO_FREE, (void (*)(void))ossl_core_bio_free }, - { OSSL_FUNC_BIO_VPRINTF, (void (*)(void))ossl_core_bio_vprintf }, - { OSSL_FUNC_BIO_VSNPRINTF, (void (*)(void))BIO_vsnprintf }, - { OSSL_FUNC_SELF_TEST_CB, (void (*)(void))core_self_test_get_callback }, - { OSSL_FUNC_GET_ENTROPY, (void (*)(void))ossl_rand_get_entropy }, - { OSSL_FUNC_CLEANUP_ENTROPY, (void (*)(void))ossl_rand_cleanup_entropy }, - { OSSL_FUNC_GET_NONCE, (void (*)(void))ossl_rand_get_nonce }, - { OSSL_FUNC_CLEANUP_NONCE, (void (*)(void))ossl_rand_cleanup_nonce }, -#endif - { OSSL_FUNC_CRYPTO_MALLOC, (void (*)(void))CRYPTO_malloc }, - { OSSL_FUNC_CRYPTO_ZALLOC, (void (*)(void))CRYPTO_zalloc }, - { OSSL_FUNC_CRYPTO_FREE, (void (*)(void))CRYPTO_free }, - { OSSL_FUNC_CRYPTO_CLEAR_FREE, (void (*)(void))CRYPTO_clear_free }, - { OSSL_FUNC_CRYPTO_REALLOC, (void (*)(void))CRYPTO_realloc }, - { OSSL_FUNC_CRYPTO_CLEAR_REALLOC, (void (*)(void))CRYPTO_clear_realloc }, - { OSSL_FUNC_CRYPTO_SECURE_MALLOC, (void (*)(void))CRYPTO_secure_malloc }, - { OSSL_FUNC_CRYPTO_SECURE_ZALLOC, (void (*)(void))CRYPTO_secure_zalloc }, - { OSSL_FUNC_CRYPTO_SECURE_FREE, (void (*)(void))CRYPTO_secure_free }, - { OSSL_FUNC_CRYPTO_SECURE_CLEAR_FREE, - (void (*)(void))CRYPTO_secure_clear_free }, - { OSSL_FUNC_CRYPTO_SECURE_ALLOCATED, - (void (*)(void))CRYPTO_secure_allocated }, - { OSSL_FUNC_OPENSSL_CLEANSE, (void (*)(void))OPENSSL_cleanse }, -#ifndef FIPS_MODULE - { OSSL_FUNC_PROVIDER_REGISTER_CHILD_CB, - (void (*)(void))ossl_provider_register_child_cb }, - { OSSL_FUNC_PROVIDER_DEREGISTER_CHILD_CB, - (void (*)(void))ossl_provider_deregister_child_cb }, - { OSSL_FUNC_PROVIDER_NAME, - (void (*)(void))core_provider_get0_name }, - { OSSL_FUNC_PROVIDER_GET0_PROVIDER_CTX, - (void (*)(void))core_provider_get0_provider_ctx }, - { OSSL_FUNC_PROVIDER_GET0_DISPATCH, - (void (*)(void))core_provider_get0_dispatch }, - { OSSL_FUNC_PROVIDER_UP_REF, - (void (*)(void))core_provider_up_ref_intern }, - { OSSL_FUNC_PROVIDER_FREE, - (void (*)(void))core_provider_free_intern }, - { OSSL_FUNC_CORE_OBJ_ADD_SIGID, (void (*)(void))core_obj_add_sigid }, - { OSSL_FUNC_CORE_OBJ_CREATE, (void (*)(void))core_obj_create }, -#endif - { 0, NULL } -}; -static const OSSL_DISPATCH *core_dispatch = core_dispatch_; diff --git a/crypto/provider_local.h b/crypto/provider_local.h deleted file mode 100644 index e0bcbcb9f94e3ee3975371a126c539d24e62586f..0000000000000000000000000000000000000000 --- a/crypto/provider_local.h +++ /dev/null @@ -1,33 +0,0 @@ -/* - * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include - -typedef struct { - char *name; - char *value; -} INFOPAIR; -DEFINE_STACK_OF(INFOPAIR) - -typedef struct { - char *name; - char *path; - OSSL_provider_init_fn *init; - STACK_OF(INFOPAIR) *parameters; - unsigned int is_fallback:1; -} OSSL_PROVIDER_INFO; - -extern const OSSL_PROVIDER_INFO ossl_predefined_providers[]; - -void ossl_provider_info_clear(OSSL_PROVIDER_INFO *info); -int ossl_provider_info_add_to_store(OSSL_LIB_CTX *libctx, - OSSL_PROVIDER_INFO *entry); -int ossl_provider_info_add_parameter(OSSL_PROVIDER_INFO *provinfo, - const char *name, - const char *value); diff --git a/crypto/provider_predefined.c b/crypto/provider_predefined.c deleted file mode 100644 index 068e0b7cd96a506843f73108dd8c9b200fe22913..0000000000000000000000000000000000000000 --- a/crypto/provider_predefined.c +++ /dev/null @@ -1,32 +0,0 @@ -/* - * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "provider_local.h" - -OSSL_provider_init_fn ossl_default_provider_init; -OSSL_provider_init_fn ossl_base_provider_init; -OSSL_provider_init_fn ossl_null_provider_init; -OSSL_provider_init_fn ossl_fips_intern_provider_init; -#ifdef STATIC_LEGACY -OSSL_provider_init_fn ossl_legacy_provider_init; -#endif -const OSSL_PROVIDER_INFO ossl_predefined_providers[] = { -#ifdef FIPS_MODULE - { "fips", NULL, ossl_fips_intern_provider_init, NULL, 1 }, -#else - { "default", NULL, ossl_default_provider_init, NULL, 1 }, -# ifdef STATIC_LEGACY - { "legacy", NULL, ossl_legacy_provider_init, NULL, 0 }, -# endif - { "base", NULL, ossl_base_provider_init, NULL, 0 }, - { "null", NULL, ossl_null_provider_init, NULL, 0 }, -#endif - { NULL, NULL, NULL, NULL, 0 } -}; diff --git a/crypto/punycode.c b/crypto/punycode.c deleted file mode 100644 index 2de32dc1887328ada289e7ce546a88e511eead97..0000000000000000000000000000000000000000 --- a/crypto/punycode.c +++ /dev/null @@ -1,332 +0,0 @@ -/* - * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include -#include "crypto/punycode.h" - -static const unsigned int base = 36; -static const unsigned int tmin = 1; -static const unsigned int tmax = 26; -static const unsigned int skew = 38; -static const unsigned int damp = 700; -static const unsigned int initial_bias = 72; -static const unsigned int initial_n = 0x80; -static const unsigned int maxint = 0xFFFFFFFF; -static const char delimiter = '-'; - -#define LABEL_BUF_SIZE 512 - -/*- - * Pseudocode: - * - * function adapt(delta,numpoints,firsttime): - * if firsttime then let delta = delta div damp - * else let delta = delta div 2 - * let delta = delta + (delta div numpoints) - * let k = 0 - * while delta > ((base - tmin) * tmax) div 2 do begin - * let delta = delta div (base - tmin) - * let k = k + base - * end - * return k + (((base - tmin + 1) * delta) div (delta + skew)) - */ - -static int adapt(unsigned int delta, unsigned int numpoints, - unsigned int firsttime) -{ - unsigned int k = 0; - - delta = (firsttime) ? delta / damp : delta / 2; - delta = delta + delta / numpoints; - - while (delta > ((base - tmin) * tmax) / 2) { - delta = delta / (base - tmin); - k = k + base; - } - - return k + (((base - tmin + 1) * delta) / (delta + skew)); -} - -static ossl_inline int is_basic(unsigned int a) -{ - return (a < 0x80) ? 1 : 0; -} - -/*- - * code points digit-values - * ------------ ---------------------- - * 41..5A (A-Z) = 0 to 25, respectively - * 61..7A (a-z) = 0 to 25, respectively - * 30..39 (0-9) = 26 to 35, respectively - */ -static ossl_inline int digit_decoded(const unsigned char a) -{ - if (a >= 0x41 && a <= 0x5A) - return a - 0x41; - - if (a >= 0x61 && a <= 0x7A) - return a - 0x61; - - if (a >= 0x30 && a <= 0x39) - return a - 0x30 + 26; - - return -1; -} - -/*- - * Pseudocode: - * - * function ossl_punycode_decode - * let n = initial_n - * let i = 0 - * let bias = initial_bias - * let output = an empty string indexed from 0 - * consume all code points before the last delimiter (if there is one) - * and copy them to output, fail on any non-basic code point - * if more than zero code points were consumed then consume one more - * (which will be the last delimiter) - * while the input is not exhausted do begin - * let oldi = i - * let w = 1 - * for k = base to infinity in steps of base do begin - * consume a code point, or fail if there was none to consume - * let digit = the code point's digit-value, fail if it has none - * let i = i + digit * w, fail on overflow - * let t = tmin if k <= bias {+ tmin}, or - * tmax if k >= bias + tmax, or k - bias otherwise - * if digit < t then break - * let w = w * (base - t), fail on overflow - * end - * let bias = adapt(i - oldi, length(output) + 1, test oldi is 0?) - * let n = n + i div (length(output) + 1), fail on overflow - * let i = i mod (length(output) + 1) - * {if n is a basic code point then fail} - * insert n into output at position i - * increment i - * end - */ - -int ossl_punycode_decode(const char *pEncoded, const size_t enc_len, - unsigned int *pDecoded, unsigned int *pout_length) -{ - unsigned int n = initial_n; - unsigned int i = 0; - unsigned int bias = initial_bias; - size_t processed_in = 0, written_out = 0; - unsigned int max_out = *pout_length; - unsigned int basic_count = 0; - unsigned int loop; - - for (loop = 0; loop < enc_len; loop++) { - if (pEncoded[loop] == delimiter) - basic_count = loop; - } - - if (basic_count > 0) { - if (basic_count > max_out) - return 0; - - for (loop = 0; loop < basic_count; loop++) { - if (is_basic(pEncoded[loop]) == 0) - return 0; - - pDecoded[loop] = pEncoded[loop]; - written_out++; - } - processed_in = basic_count + 1; - } - - for (loop = processed_in; loop < enc_len;) { - unsigned int oldi = i; - unsigned int w = 1; - unsigned int k, t; - int digit; - - for (k = base;; k += base) { - if (loop >= enc_len) - return 0; - - digit = digit_decoded(pEncoded[loop]); - loop++; - - if (digit < 0) - return 0; - if ((unsigned int)digit > (maxint - i) / w) - return 0; - - i = i + digit * w; - t = (k <= bias) ? tmin : (k >= bias + tmax) ? tmax : k - bias; - - if ((unsigned int)digit < t) - break; - - if (w > maxint / (base - t)) - return 0; - w = w * (base - t); - } - - bias = adapt(i - oldi, written_out + 1, (oldi == 0)); - if (i / (written_out + 1) > maxint - n) - return 0; - n = n + i / (written_out + 1); - i %= (written_out + 1); - - if (written_out >= max_out) - return 0; - - memmove(pDecoded + i + 1, pDecoded + i, - (written_out - i) * sizeof(*pDecoded)); - pDecoded[i] = n; - i++; - written_out++; - } - - *pout_length = written_out; - return 1; -} - -/* - * Encode a code point using UTF-8 - * return number of bytes on success, 0 on failure - * (also produces U+FFFD, which uses 3 bytes on failure) - */ -static int codepoint2utf8(unsigned char *out, unsigned long utf) -{ - if (utf <= 0x7F) { - /* Plain ASCII */ - out[0] = (unsigned char)utf; - out[1] = 0; - return 1; - } else if (utf <= 0x07FF) { - /* 2-byte unicode */ - out[0] = (unsigned char)(((utf >> 6) & 0x1F) | 0xC0); - out[1] = (unsigned char)(((utf >> 0) & 0x3F) | 0x80); - out[2] = 0; - return 2; - } else if (utf <= 0xFFFF) { - /* 3-byte unicode */ - out[0] = (unsigned char)(((utf >> 12) & 0x0F) | 0xE0); - out[1] = (unsigned char)(((utf >> 6) & 0x3F) | 0x80); - out[2] = (unsigned char)(((utf >> 0) & 0x3F) | 0x80); - out[3] = 0; - return 3; - } else if (utf <= 0x10FFFF) { - /* 4-byte unicode */ - out[0] = (unsigned char)(((utf >> 18) & 0x07) | 0xF0); - out[1] = (unsigned char)(((utf >> 12) & 0x3F) | 0x80); - out[2] = (unsigned char)(((utf >> 6) & 0x3F) | 0x80); - out[3] = (unsigned char)(((utf >> 0) & 0x3F) | 0x80); - out[4] = 0; - return 4; - } else { - /* error - use replacement character */ - out[0] = (unsigned char)0xEF; - out[1] = (unsigned char)0xBF; - out[2] = (unsigned char)0xBD; - out[3] = 0; - return 0; - } -} - -/*- - * Return values: - * 1 - ok, *outlen contains valid buf length - * 0 - ok but buf was too short, *outlen contains valid buf length - * -1 - bad string passed - */ - -int ossl_a2ulabel(const char *in, char *out, size_t *outlen) -{ - /*- - * Domain name has some parts consisting of ASCII chars joined with dot. - * If a part is shorter than 5 chars, it becomes U-label as is. - * If it does not start with xn--, it becomes U-label as is. - * Otherwise we try to decode it. - */ - char *outptr = out; - const char *inptr = in; - size_t size = 0, maxsize; - int result = 1; - unsigned int i, j; - unsigned int buf[LABEL_BUF_SIZE]; /* It's a hostname */ - - if (out == NULL) { - result = 0; - maxsize = 0; - } else { - maxsize = *outlen; - } - -#define PUSHC(c) \ - do \ - if (size++ < maxsize) \ - *outptr++ = c; \ - else \ - result = 0; \ - while (0) - - while (1) { - char *tmpptr = strchr(inptr, '.'); - size_t delta = tmpptr != NULL ? (size_t)(tmpptr - inptr) : strlen(inptr); - - if (strncmp(inptr, "xn--", 4) != 0) { - for (i = 0; i < delta + 1; i++) - PUSHC(inptr[i]); - } else { - unsigned int bufsize = LABEL_BUF_SIZE; - - if (ossl_punycode_decode(inptr + 4, delta - 4, buf, &bufsize) <= 0) - return -1; - - for (i = 0; i < bufsize; i++) { - unsigned char seed[6]; - size_t utfsize = codepoint2utf8(seed, buf[i]); - - if (utfsize == 0) - return -1; - - for (j = 0; j < utfsize; j++) - PUSHC(seed[j]); - } - - PUSHC(tmpptr != NULL ? '.' : '\0'); - } - - if (tmpptr == NULL) - break; - - inptr = tmpptr + 1; - } -#undef PUSHC - - *outlen = size; - return result; -} - -/*- - * a MUST be A-label - * u MUST be U-label - * Returns 0 if compared values are equal - * 1 if not - * -1 in case of errors - */ - -int ossl_a2ucompare(const char *a, const char *u) -{ - char a_ulabel[LABEL_BUF_SIZE + 1]; - size_t a_size = sizeof(a_ulabel); - - if (ossl_a2ulabel(a, a_ulabel, &a_size) <= 0) - return -1; - - return strcmp(a_ulabel, u) != 0; -} diff --git a/crypto/rand/build.info b/crypto/rand/build.info deleted file mode 100644 index a74282516f24675f388418947106ece06675238d..0000000000000000000000000000000000000000 --- a/crypto/rand/build.info +++ /dev/null @@ -1,14 +0,0 @@ -LIBS=../../libcrypto - -$COMMON=rand_lib.c -$CRYPTO=randfile.c rand_err.c rand_deprecated.c prov_seed.c rand_pool.c - -IF[{- !$disabled{'egd'} -}] - $CRYPTO=$CRYPTO rand_egd.c -ENDIF -IF[{- !$disabled{'deprecated-3.0'} -}] - $CRYPTO=$CRYPTO rand_meth.c -ENDIF - -SOURCE[../../libcrypto]=$COMMON $CRYPTO -SOURCE[../../providers/libfips.a]=$COMMON diff --git a/crypto/rand/prov_seed.c b/crypto/rand/prov_seed.c deleted file mode 100644 index 96c499c95709f943e0b997621ad6d83b5fd70599..0000000000000000000000000000000000000000 --- a/crypto/rand/prov_seed.c +++ /dev/null @@ -1,76 +0,0 @@ -/* - * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include "crypto/rand.h" -#include "crypto/rand_pool.h" -#include -#include - -size_t ossl_rand_get_entropy(ossl_unused const OSSL_CORE_HANDLE *handle, - unsigned char **pout, int entropy, - size_t min_len, size_t max_len) -{ - size_t ret = 0; - size_t entropy_available; - RAND_POOL *pool; - - pool = ossl_rand_pool_new(entropy, 1, min_len, max_len); - if (pool == NULL) { - ERR_raise(ERR_LIB_RAND, ERR_R_MALLOC_FAILURE); - return 0; - } - - /* Get entropy by polling system entropy sources. */ - entropy_available = ossl_pool_acquire_entropy(pool); - - if (entropy_available > 0) { - ret = ossl_rand_pool_length(pool); - *pout = ossl_rand_pool_detach(pool); - } - - ossl_rand_pool_free(pool); - return ret; -} - -void ossl_rand_cleanup_entropy(ossl_unused const OSSL_CORE_HANDLE *handle, - unsigned char *buf, size_t len) -{ - OPENSSL_secure_clear_free(buf, len); -} - -size_t ossl_rand_get_nonce(ossl_unused const OSSL_CORE_HANDLE *handle, - unsigned char **pout, size_t min_len, size_t max_len, - const void *salt, size_t salt_len) -{ - size_t ret = 0; - RAND_POOL *pool; - - pool = ossl_rand_pool_new(0, 0, min_len, max_len); - if (pool == NULL) { - ERR_raise(ERR_LIB_RAND, ERR_R_MALLOC_FAILURE); - return 0; - } - - if (!ossl_pool_add_nonce_data(pool)) - goto err; - - if (salt != NULL && !ossl_rand_pool_add(pool, salt, salt_len, 0)) - goto err; - ret = ossl_rand_pool_length(pool); - *pout = ossl_rand_pool_detach(pool); - err: - ossl_rand_pool_free(pool); - return ret; -} - -void ossl_rand_cleanup_nonce(ossl_unused const OSSL_CORE_HANDLE *handle, - unsigned char *buf, size_t len) -{ - OPENSSL_clear_free(buf, len); -} diff --git a/crypto/rand/rand_deprecated.c b/crypto/rand/rand_deprecated.c deleted file mode 100644 index dd69f1beb7266d9019f3f56598ecae439d5d1cc1..0000000000000000000000000000000000000000 --- a/crypto/rand/rand_deprecated.c +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include - -#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) -# include -# if OPENSSL_API_COMPAT < 0x10100000L - -# define DEPRECATED_RAND_FUNCTIONS_DEFINED - -int RAND_event(UINT iMsg, WPARAM wParam, LPARAM lParam) -{ - RAND_poll(); - return RAND_status(); -} - -void RAND_screen(void) -{ - RAND_poll(); -} -# endif -#endif - -#ifndef DEPRECATED_RAND_FUNCTIONS_DEFINED -NON_EMPTY_TRANSLATION_UNIT -#endif diff --git a/crypto/rand/rand_egd.c b/crypto/rand/rand_egd.c deleted file mode 100644 index 1699e7f38f0f19d56a7ad4f883d3db99293e3eed..0000000000000000000000000000000000000000 --- a/crypto/rand/rand_egd.c +++ /dev/null @@ -1,221 +0,0 @@ -/* - * Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include - -#include -#include -#include - -/* - * Query an EGD - */ - -#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_VOS) || defined(OPENSSL_SYS_UEFI) -int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes) -{ - return -1; -} - -int RAND_egd(const char *path) -{ - return -1; -} - -int RAND_egd_bytes(const char *path, int bytes) -{ - return -1; -} - -#else - -# include -# include -# include -# include -# ifndef NO_SYS_UN_H -# include -# else -struct sockaddr_un { - short sun_family; /* AF_UNIX */ - char sun_path[108]; /* path name (gag) */ -}; -# endif /* NO_SYS_UN_H */ -# include -# include - -# if defined(OPENSSL_SYS_TANDEM) -/* - * HPNS: - * - * This code forces the use of compatibility mode if required on HPE NonStop - * when coreutils PRNGD is used and then restores the previous mode - * after establishing the socket. This is not required on x86 where hardware - * randomization should be used instead of EGD available as of OpenSSL 3.0. - * Use --with-rand-seed=rdcpu when configuring x86 with 3.0 and above. - * - * Needs review: - * - * The better long-term solution is to either run two EGD's each in one of - * the two modes or revise the EGD code to listen on two different sockets - * (each in one of the two modes) or use the hardware randomizer. - */ -_variable -int hpns_socket(int family, - int type, - int protocol, - char* transport) -{ - int socket_rc; - char current_transport[20]; - -# define AF_UNIX_PORTABILITY "$ZAFN2" -# define AF_UNIX_COMPATIBILITY "$ZPLS" - - if (!_arg_present(transport) || transport == NULL || transport[0] == '\0') - return socket(family, type, protocol); - - socket_transport_name_get(AF_UNIX, current_transport, 20); - - if (strcmp(current_transport,transport) == 0) - return socket(family, type, protocol); - - /* set the requested socket transport */ - if (socket_transport_name_set(AF_UNIX, transport)) - return -1; - - socket_rc = socket(family,type,protocol); - - /* set mode back to what it was */ - if (socket_transport_name_set(AF_UNIX, current_transport)) - return -1; - - return socket_rc; -} - -/*#define socket(a,b,c,...) hpns_socket(a,b,c,__VA_ARGS__) */ - -static int hpns_connect_attempt = 0; - -# endif /* defined(OPENSSL_SYS_HPNS) */ - - -int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes) -{ - FILE *fp = NULL; - struct sockaddr_un addr; - int mybuffer, ret = -1, i, numbytes, fd; - unsigned char tempbuf[255]; - - if (bytes > (int)sizeof(tempbuf)) - return -1; - - /* Make socket. */ - memset(&addr, 0, sizeof(addr)); - addr.sun_family = AF_UNIX; - if (strlen(path) >= sizeof(addr.sun_path)) - return -1; - strcpy(addr.sun_path, path); - i = offsetof(struct sockaddr_un, sun_path) + strlen(path); -#if defined(OPENSSL_SYS_TANDEM) - fd = hpns_socket(AF_UNIX, SOCK_STREAM, 0, AF_UNIX_COMPATIBILITY); -#else - fd = socket(AF_UNIX, SOCK_STREAM, 0); -#endif - if (fd == -1 || (fp = fdopen(fd, "r+")) == NULL) - return -1; - setbuf(fp, NULL); - - /* Try to connect */ - for ( ; ; ) { - if (connect(fd, (struct sockaddr *)&addr, i) == 0) - break; -# ifdef EISCONN - if (errno == EISCONN) - break; -# endif - switch (errno) { -# ifdef EINTR - case EINTR: -# endif -# ifdef EAGAIN - case EAGAIN: -# endif -# ifdef EINPROGRESS - case EINPROGRESS: -# endif -# ifdef EALREADY - case EALREADY: -# endif - /* No error, try again */ - break; - default: -# if defined(OPENSSL_SYS_TANDEM) - if (hpns_connect_attempt == 0) { - /* try the other kind of AF_UNIX socket */ - close(fd); - fd = hpns_socket(AF_UNIX, SOCK_STREAM, 0, AF_UNIX_PORTABILITY); - if (fd == -1) - return -1; - ++hpns_connect_attempt; - break; /* try the connect again */ - } -# endif - - ret = -1; - goto err; - } - } - - /* Make request, see how many bytes we can get back. */ - tempbuf[0] = 1; - tempbuf[1] = bytes; - if (fwrite(tempbuf, sizeof(char), 2, fp) != 2 || fflush(fp) == EOF) - goto err; - if (fread(tempbuf, sizeof(char), 1, fp) != 1 || tempbuf[0] == 0) - goto err; - numbytes = tempbuf[0]; - - /* Which buffer are we using? */ - mybuffer = buf == NULL; - if (mybuffer) - buf = tempbuf; - - /* Read bytes. */ - i = fread(buf, sizeof(char), numbytes, fp); - if (i < numbytes) - goto err; - ret = numbytes; - if (mybuffer) - RAND_add(tempbuf, i, i); - - err: - if (fp != NULL) - fclose(fp); - return ret; -} - -int RAND_egd_bytes(const char *path, int bytes) -{ - int num; - - num = RAND_query_egd_bytes(path, NULL, bytes); - if (num < 0) - return -1; - if (RAND_status() != 1) - return -1; - return num; -} - -int RAND_egd(const char *path) -{ - return RAND_egd_bytes(path, 255); -} - -#endif diff --git a/crypto/rand/rand_err.c b/crypto/rand/rand_err.c deleted file mode 100644 index b9c2bf1760f501122b0ecc702d15936342b76b45..0000000000000000000000000000000000000000 --- a/crypto/rand/rand_err.c +++ /dev/null @@ -1,107 +0,0 @@ -/* - * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include "crypto/randerr.h" - -#ifndef OPENSSL_NO_ERR - -static const ERR_STRING_DATA RAND_str_reasons[] = { - {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_ADDITIONAL_INPUT_TOO_LONG), - "additional input too long"}, - {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_ALREADY_INSTANTIATED), - "already instantiated"}, - {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_ARGUMENT_OUT_OF_RANGE), - "argument out of range"}, - {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_CANNOT_OPEN_FILE), "Cannot open file"}, - {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_DRBG_ALREADY_INITIALIZED), - "drbg already initialized"}, - {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_DRBG_NOT_INITIALISED), - "drbg not initialised"}, - {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_ENTROPY_INPUT_TOO_LONG), - "entropy input too long"}, - {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_ENTROPY_OUT_OF_RANGE), - "entropy out of range"}, - {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_ERROR_ENTROPY_POOL_WAS_IGNORED), - "error entropy pool was ignored"}, - {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_ERROR_INITIALISING_DRBG), - "error initialising drbg"}, - {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_ERROR_INSTANTIATING_DRBG), - "error instantiating drbg"}, - {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_ERROR_RETRIEVING_ADDITIONAL_INPUT), - "error retrieving additional input"}, - {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_ERROR_RETRIEVING_ENTROPY), - "error retrieving entropy"}, - {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_ERROR_RETRIEVING_NONCE), - "error retrieving nonce"}, - {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_FAILED_TO_CREATE_LOCK), - "failed to create lock"}, - {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_FUNC_NOT_IMPLEMENTED), - "Function not implemented"}, - {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_FWRITE_ERROR), "Error writing file"}, - {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_GENERATE_ERROR), "generate error"}, - {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_INSUFFICIENT_DRBG_STRENGTH), - "insufficient drbg strength"}, - {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_INTERNAL_ERROR), "internal error"}, - {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_IN_ERROR_STATE), "in error state"}, - {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_NOT_A_REGULAR_FILE), - "Not a regular file"}, - {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_NOT_INSTANTIATED), "not instantiated"}, - {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_NO_DRBG_IMPLEMENTATION_SELECTED), - "no drbg implementation selected"}, - {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_PARENT_LOCKING_NOT_ENABLED), - "parent locking not enabled"}, - {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_PARENT_STRENGTH_TOO_WEAK), - "parent strength too weak"}, - {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_PERSONALISATION_STRING_TOO_LONG), - "personalisation string too long"}, - {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_PREDICTION_RESISTANCE_NOT_SUPPORTED), - "prediction resistance not supported"}, - {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_PRNG_NOT_SEEDED), "PRNG not seeded"}, - {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_RANDOM_POOL_OVERFLOW), - "random pool overflow"}, - {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_RANDOM_POOL_UNDERFLOW), - "random pool underflow"}, - {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_REQUEST_TOO_LARGE_FOR_DRBG), - "request too large for drbg"}, - {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_RESEED_ERROR), "reseed error"}, - {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_SELFTEST_FAILURE), "selftest failure"}, - {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_TOO_LITTLE_NONCE_REQUESTED), - "too little nonce requested"}, - {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_TOO_MUCH_NONCE_REQUESTED), - "too much nonce requested"}, - {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_UNABLE_TO_CREATE_DRBG), - "unable to create drbg"}, - {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_UNABLE_TO_FETCH_DRBG), - "unable to fetch drbg"}, - {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_UNABLE_TO_GET_PARENT_RESEED_PROP_COUNTER), - "unable to get parent reseed prop counter"}, - {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_UNABLE_TO_GET_PARENT_STRENGTH), - "unable to get parent strength"}, - {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_UNABLE_TO_LOCK_PARENT), - "unable to lock parent"}, - {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_UNSUPPORTED_DRBG_FLAGS), - "unsupported drbg flags"}, - {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_UNSUPPORTED_DRBG_TYPE), - "unsupported drbg type"}, - {0, NULL} -}; - -#endif - -int ossl_err_load_RAND_strings(void) -{ -#ifndef OPENSSL_NO_ERR - if (ERR_reason_error_string(RAND_str_reasons[0].error) == NULL) - ERR_load_strings_const(RAND_str_reasons); -#endif - return 1; -} diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c deleted file mode 100644 index c453d3226133dff729299367f8de53497ceae2e5..0000000000000000000000000000000000000000 --- a/crypto/rand/rand_lib.c +++ /dev/null @@ -1,843 +0,0 @@ -/* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* We need to use some engine deprecated APIs */ -#define OPENSSL_SUPPRESS_DEPRECATED - -#include -#include -#include -#include "internal/cryptlib.h" -#include "internal/thread_once.h" -#include "crypto/rand.h" -#include "crypto/cryptlib.h" -#include "rand_local.h" - -#ifndef FIPS_MODULE -# include -# include -# include -# include -# include -# include -# include "crypto/rand_pool.h" -# include "prov/seeding.h" -# include "e_os.h" - -# ifndef OPENSSL_NO_ENGINE -/* non-NULL if default_RAND_meth is ENGINE-provided */ -static ENGINE *funct_ref; -static CRYPTO_RWLOCK *rand_engine_lock; -# endif -# ifndef OPENSSL_NO_DEPRECATED_3_0 -static CRYPTO_RWLOCK *rand_meth_lock; -static const RAND_METHOD *default_RAND_meth; -# endif -static CRYPTO_ONCE rand_init = CRYPTO_ONCE_STATIC_INIT; - -static int rand_inited = 0; - -DEFINE_RUN_ONCE_STATIC(do_rand_init) -{ -# ifndef OPENSSL_NO_ENGINE - rand_engine_lock = CRYPTO_THREAD_lock_new(); - if (rand_engine_lock == NULL) - return 0; -# endif - -# ifndef OPENSSL_NO_DEPRECATED_3_0 - rand_meth_lock = CRYPTO_THREAD_lock_new(); - if (rand_meth_lock == NULL) - goto err; -# endif - - if (!ossl_rand_pool_init()) - goto err; - - rand_inited = 1; - return 1; - - err: -# ifndef OPENSSL_NO_DEPRECATED_3_0 - CRYPTO_THREAD_lock_free(rand_meth_lock); - rand_meth_lock = NULL; -# endif -# ifndef OPENSSL_NO_ENGINE - CRYPTO_THREAD_lock_free(rand_engine_lock); - rand_engine_lock = NULL; -# endif - return 0; -} - -void ossl_rand_cleanup_int(void) -{ -# ifndef OPENSSL_NO_DEPRECATED_3_0 - const RAND_METHOD *meth = default_RAND_meth; - - if (!rand_inited) - return; - - if (meth != NULL && meth->cleanup != NULL) - meth->cleanup(); - RAND_set_rand_method(NULL); -# endif - ossl_rand_pool_cleanup(); -# ifndef OPENSSL_NO_ENGINE - CRYPTO_THREAD_lock_free(rand_engine_lock); - rand_engine_lock = NULL; -# endif -# ifndef OPENSSL_NO_DEPRECATED_3_0 - CRYPTO_THREAD_lock_free(rand_meth_lock); - rand_meth_lock = NULL; -# endif - rand_inited = 0; -} - -/* - * RAND_close_seed_files() ensures that any seed file descriptors are - * closed after use. This only applies to libcrypto/default provider, - * it does not apply to other providers. - */ -void RAND_keep_random_devices_open(int keep) -{ - if (RUN_ONCE(&rand_init, do_rand_init)) - ossl_rand_pool_keep_random_devices_open(keep); -} - -/* - * RAND_poll() reseeds the default RNG using random input - * - * The random input is obtained from polling various entropy - * sources which depend on the operating system and are - * configurable via the --with-rand-seed configure option. - */ -int RAND_poll(void) -{ -# ifndef OPENSSL_NO_DEPRECATED_3_0 - const RAND_METHOD *meth = RAND_get_rand_method(); - int ret = meth == RAND_OpenSSL(); - - if (meth == NULL) - return 0; - - if (!ret) { - /* fill random pool and seed the current legacy RNG */ - RAND_POOL *pool = ossl_rand_pool_new(RAND_DRBG_STRENGTH, 1, - (RAND_DRBG_STRENGTH + 7) / 8, - RAND_POOL_MAX_LENGTH); - - if (pool == NULL) - return 0; - - if (ossl_pool_acquire_entropy(pool) == 0) - goto err; - - if (meth->add == NULL - || meth->add(ossl_rand_pool_buffer(pool), - ossl_rand_pool_length(pool), - (ossl_rand_pool_entropy(pool) / 8.0)) == 0) - goto err; - - ret = 1; - err: - ossl_rand_pool_free(pool); - } - return ret; -# else - static const char salt[] = "polling"; - - RAND_seed(salt, sizeof(salt)); - return 1; -# endif -} - -# ifndef OPENSSL_NO_DEPRECATED_3_0 -static int rand_set_rand_method_internal(const RAND_METHOD *meth, - ossl_unused ENGINE *e) -{ - if (!RUN_ONCE(&rand_init, do_rand_init)) - return 0; - - if (!CRYPTO_THREAD_write_lock(rand_meth_lock)) - return 0; -# ifndef OPENSSL_NO_ENGINE - ENGINE_finish(funct_ref); - funct_ref = e; -# endif - default_RAND_meth = meth; - CRYPTO_THREAD_unlock(rand_meth_lock); - return 1; -} - -int RAND_set_rand_method(const RAND_METHOD *meth) -{ - return rand_set_rand_method_internal(meth, NULL); -} - -const RAND_METHOD *RAND_get_rand_method(void) -{ - const RAND_METHOD *tmp_meth = NULL; - - if (!RUN_ONCE(&rand_init, do_rand_init)) - return NULL; - - if (!CRYPTO_THREAD_write_lock(rand_meth_lock)) - return NULL; - if (default_RAND_meth == NULL) { -# ifndef OPENSSL_NO_ENGINE - ENGINE *e; - - /* If we have an engine that can do RAND, use it. */ - if ((e = ENGINE_get_default_RAND()) != NULL - && (tmp_meth = ENGINE_get_RAND(e)) != NULL) { - funct_ref = e; - default_RAND_meth = tmp_meth; - } else { - ENGINE_finish(e); - default_RAND_meth = &ossl_rand_meth; - } -# else - default_RAND_meth = &ossl_rand_meth; -# endif - } - tmp_meth = default_RAND_meth; - CRYPTO_THREAD_unlock(rand_meth_lock); - return tmp_meth; -} - -# if !defined(OPENSSL_NO_ENGINE) -int RAND_set_rand_engine(ENGINE *engine) -{ - const RAND_METHOD *tmp_meth = NULL; - - if (!RUN_ONCE(&rand_init, do_rand_init)) - return 0; - - if (engine != NULL) { - if (!ENGINE_init(engine)) - return 0; - tmp_meth = ENGINE_get_RAND(engine); - if (tmp_meth == NULL) { - ENGINE_finish(engine); - return 0; - } - } - if (!CRYPTO_THREAD_write_lock(rand_engine_lock)) { - ENGINE_finish(engine); - return 0; - } - - /* This function releases any prior ENGINE so call it first */ - rand_set_rand_method_internal(tmp_meth, engine); - CRYPTO_THREAD_unlock(rand_engine_lock); - return 1; -} -# endif -# endif /* OPENSSL_NO_DEPRECATED_3_0 */ - -void RAND_seed(const void *buf, int num) -{ - EVP_RAND_CTX *drbg; -# ifndef OPENSSL_NO_DEPRECATED_3_0 - const RAND_METHOD *meth = RAND_get_rand_method(); - - if (meth != NULL && meth->seed != NULL) { - meth->seed(buf, num); - return; - } -# endif - - drbg = RAND_get0_primary(NULL); - if (drbg != NULL && num > 0) - EVP_RAND_reseed(drbg, 0, NULL, 0, buf, num); -} - -void RAND_add(const void *buf, int num, double randomness) -{ - EVP_RAND_CTX *drbg; -# ifndef OPENSSL_NO_DEPRECATED_3_0 - const RAND_METHOD *meth = RAND_get_rand_method(); - - if (meth != NULL && meth->add != NULL) { - meth->add(buf, num, randomness); - return; - } -# endif - drbg = RAND_get0_primary(NULL); - if (drbg != NULL && num > 0) - EVP_RAND_reseed(drbg, 0, NULL, 0, buf, num); -} - -# if !defined(OPENSSL_NO_DEPRECATED_1_1_0) -int RAND_pseudo_bytes(unsigned char *buf, int num) -{ - const RAND_METHOD *meth = RAND_get_rand_method(); - - if (meth != NULL && meth->pseudorand != NULL) - return meth->pseudorand(buf, num); - ERR_raise(ERR_LIB_RAND, RAND_R_FUNC_NOT_IMPLEMENTED); - return -1; -} -# endif - -int RAND_status(void) -{ - EVP_RAND_CTX *rand; -# ifndef OPENSSL_NO_DEPRECATED_3_0 - const RAND_METHOD *meth = RAND_get_rand_method(); - - if (meth != NULL && meth != RAND_OpenSSL()) - return meth->status != NULL ? meth->status() : 0; -# endif - - if ((rand = RAND_get0_primary(NULL)) == NULL) - return 0; - return EVP_RAND_get_state(rand) == EVP_RAND_STATE_READY; -} -# else /* !FIPS_MODULE */ - -# ifndef OPENSSL_NO_DEPRECATED_3_0 -const RAND_METHOD *RAND_get_rand_method(void) -{ - return NULL; -} -# endif -#endif /* !FIPS_MODULE */ - -/* - * This function is not part of RAND_METHOD, so if we're not using - * the default method, then just call RAND_bytes(). Otherwise make - * sure we're instantiated and use the private DRBG. - */ -int RAND_priv_bytes_ex(OSSL_LIB_CTX *ctx, unsigned char *buf, size_t num, - unsigned int strength) -{ - EVP_RAND_CTX *rand; -#if !defined(OPENSSL_NO_DEPRECATED_3_0) && !defined(FIPS_MODULE) - const RAND_METHOD *meth = RAND_get_rand_method(); - - if (meth != NULL && meth != RAND_OpenSSL()) { - if (meth->bytes != NULL) - return meth->bytes(buf, num); - ERR_raise(ERR_LIB_RAND, RAND_R_FUNC_NOT_IMPLEMENTED); - return -1; - } -#endif - - rand = RAND_get0_private(ctx); - if (rand != NULL) - return EVP_RAND_generate(rand, buf, num, strength, 0, NULL, 0); - - return 0; -} - -int RAND_priv_bytes(unsigned char *buf, int num) -{ - if (num < 0) - return 0; - return RAND_priv_bytes_ex(NULL, buf, (size_t)num, 0); -} - -int RAND_bytes_ex(OSSL_LIB_CTX *ctx, unsigned char *buf, size_t num, - unsigned int strength) -{ - EVP_RAND_CTX *rand; -#if !defined(OPENSSL_NO_DEPRECATED_3_0) && !defined(FIPS_MODULE) - const RAND_METHOD *meth = RAND_get_rand_method(); - - if (meth != NULL && meth != RAND_OpenSSL()) { - if (meth->bytes != NULL) - return meth->bytes(buf, num); - ERR_raise(ERR_LIB_RAND, RAND_R_FUNC_NOT_IMPLEMENTED); - return -1; - } -#endif - - rand = RAND_get0_public(ctx); - if (rand != NULL) - return EVP_RAND_generate(rand, buf, num, strength, 0, NULL, 0); - - return 0; -} - -int RAND_bytes(unsigned char *buf, int num) -{ - if (num < 0) - return 0; - return RAND_bytes_ex(NULL, buf, (size_t)num, 0); -} - -typedef struct rand_global_st { - /* - * The three shared DRBG instances - * - * There are three shared DRBG instances: , , and - * . The and DRBGs are secondary ones. - * These are used for non-secret (e.g. nonces) and secret - * (e.g. private keys) data respectively. - */ - CRYPTO_RWLOCK *lock; - - EVP_RAND_CTX *seed; - - /* - * The DRBG - * - * Not used directly by the application, only for reseeding the two other - * DRBGs. It reseeds itself by pulling either randomness from os entropy - * sources or by consuming randomness which was added by RAND_add(). - * - * The DRBG is a global instance which is accessed concurrently by - * all threads. The necessary locking is managed automatically by its child - * DRBG instances during reseeding. - */ - EVP_RAND_CTX *primary; - - /* - * The DRBG - * - * Used by default for generating random bytes using RAND_bytes(). - * - * The secondary DRBG is thread-local, i.e., there is one instance - * per thread. - */ - CRYPTO_THREAD_LOCAL public; - - /* - * The DRBG - * - * Used by default for generating private keys using RAND_priv_bytes() - * - * The secondary DRBG is thread-local, i.e., there is one - * instance per thread. - */ - CRYPTO_THREAD_LOCAL private; - - /* Which RNG is being used by default and it's configuration settings */ - char *rng_name; - char *rng_cipher; - char *rng_digest; - char *rng_propq; - - /* Allow the randomness source to be changed */ - char *seed_name; - char *seed_propq; -} RAND_GLOBAL; - -/* - * Initialize the OSSL_LIB_CTX global DRBGs on first use. - * Returns the allocated global data on success or NULL on failure. - */ -static void *rand_ossl_ctx_new(OSSL_LIB_CTX *libctx) -{ - RAND_GLOBAL *dgbl = OPENSSL_zalloc(sizeof(*dgbl)); - - if (dgbl == NULL) - return NULL; - -#ifndef FIPS_MODULE - /* - * We need to ensure that base libcrypto thread handling has been - * initialised. - */ - OPENSSL_init_crypto(OPENSSL_INIT_BASE_ONLY, NULL); -#endif - - dgbl->lock = CRYPTO_THREAD_lock_new(); - if (dgbl->lock == NULL) - goto err1; - - if (!CRYPTO_THREAD_init_local(&dgbl->private, NULL)) - goto err1; - - if (!CRYPTO_THREAD_init_local(&dgbl->public, NULL)) - goto err2; - - return dgbl; - - err2: - CRYPTO_THREAD_cleanup_local(&dgbl->private); - err1: - CRYPTO_THREAD_lock_free(dgbl->lock); - OPENSSL_free(dgbl); - return NULL; -} - -static void rand_ossl_ctx_free(void *vdgbl) -{ - RAND_GLOBAL *dgbl = vdgbl; - - if (dgbl == NULL) - return; - - CRYPTO_THREAD_lock_free(dgbl->lock); - CRYPTO_THREAD_cleanup_local(&dgbl->private); - CRYPTO_THREAD_cleanup_local(&dgbl->public); - EVP_RAND_CTX_free(dgbl->primary); - EVP_RAND_CTX_free(dgbl->seed); - OPENSSL_free(dgbl->rng_name); - OPENSSL_free(dgbl->rng_cipher); - OPENSSL_free(dgbl->rng_digest); - OPENSSL_free(dgbl->rng_propq); - OPENSSL_free(dgbl->seed_name); - OPENSSL_free(dgbl->seed_propq); - - OPENSSL_free(dgbl); -} - -static const OSSL_LIB_CTX_METHOD rand_drbg_ossl_ctx_method = { - OSSL_LIB_CTX_METHOD_PRIORITY_2, - rand_ossl_ctx_new, - rand_ossl_ctx_free, -}; - -static RAND_GLOBAL *rand_get_global(OSSL_LIB_CTX *libctx) -{ - return ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_DRBG_INDEX, - &rand_drbg_ossl_ctx_method); -} - -static void rand_delete_thread_state(void *arg) -{ - OSSL_LIB_CTX *ctx = arg; - RAND_GLOBAL *dgbl = rand_get_global(ctx); - EVP_RAND_CTX *rand; - - if (dgbl == NULL) - return; - - rand = CRYPTO_THREAD_get_local(&dgbl->public); - CRYPTO_THREAD_set_local(&dgbl->public, NULL); - EVP_RAND_CTX_free(rand); - - rand = CRYPTO_THREAD_get_local(&dgbl->private); - CRYPTO_THREAD_set_local(&dgbl->private, NULL); - EVP_RAND_CTX_free(rand); -} - -#ifndef FIPS_MODULE -static EVP_RAND_CTX *rand_new_seed(OSSL_LIB_CTX *libctx) -{ - EVP_RAND *rand; - RAND_GLOBAL *dgbl = rand_get_global(libctx); - EVP_RAND_CTX *ctx; - char *name; - - if (dgbl == NULL) - return NULL; - name = dgbl->seed_name != NULL ? dgbl->seed_name : "SEED-SRC"; - rand = EVP_RAND_fetch(libctx, name, dgbl->seed_propq); - if (rand == NULL) { - ERR_raise(ERR_LIB_RAND, RAND_R_UNABLE_TO_FETCH_DRBG); - return NULL; - } - ctx = EVP_RAND_CTX_new(rand, NULL); - EVP_RAND_free(rand); - if (ctx == NULL) { - ERR_raise(ERR_LIB_RAND, RAND_R_UNABLE_TO_CREATE_DRBG); - return NULL; - } - if (!EVP_RAND_instantiate(ctx, 0, 0, NULL, 0, NULL)) { - ERR_raise(ERR_LIB_RAND, RAND_R_ERROR_INSTANTIATING_DRBG); - EVP_RAND_CTX_free(ctx); - return NULL; - } - return ctx; -} -#endif - -static EVP_RAND_CTX *rand_new_drbg(OSSL_LIB_CTX *libctx, EVP_RAND_CTX *parent, - unsigned int reseed_interval, - time_t reseed_time_interval) -{ - EVP_RAND *rand; - RAND_GLOBAL *dgbl = rand_get_global(libctx); - EVP_RAND_CTX *ctx; - OSSL_PARAM params[7], *p = params; - char *name, *cipher; - - if (dgbl == NULL) - return NULL; - name = dgbl->rng_name != NULL ? dgbl->rng_name : "CTR-DRBG"; - rand = EVP_RAND_fetch(libctx, name, dgbl->rng_propq); - if (rand == NULL) { - ERR_raise(ERR_LIB_RAND, RAND_R_UNABLE_TO_FETCH_DRBG); - return NULL; - } - ctx = EVP_RAND_CTX_new(rand, parent); - EVP_RAND_free(rand); - if (ctx == NULL) { - ERR_raise(ERR_LIB_RAND, RAND_R_UNABLE_TO_CREATE_DRBG); - return NULL; - } - - /* - * Rather than trying to decode the DRBG settings, just pass them through - * and rely on the other end to ignore those it doesn't care about. - */ - cipher = dgbl->rng_cipher != NULL ? dgbl->rng_cipher : "AES-256-CTR"; - *p++ = OSSL_PARAM_construct_utf8_string(OSSL_DRBG_PARAM_CIPHER, - cipher, 0); - if (dgbl->rng_digest != NULL) - *p++ = OSSL_PARAM_construct_utf8_string(OSSL_DRBG_PARAM_DIGEST, - dgbl->rng_digest, 0); - if (dgbl->rng_propq != NULL) - *p++ = OSSL_PARAM_construct_utf8_string(OSSL_DRBG_PARAM_PROPERTIES, - dgbl->rng_propq, 0); - *p++ = OSSL_PARAM_construct_utf8_string(OSSL_ALG_PARAM_MAC, "HMAC", 0); - *p++ = OSSL_PARAM_construct_uint(OSSL_DRBG_PARAM_RESEED_REQUESTS, - &reseed_interval); - *p++ = OSSL_PARAM_construct_time_t(OSSL_DRBG_PARAM_RESEED_TIME_INTERVAL, - &reseed_time_interval); - *p = OSSL_PARAM_construct_end(); - if (!EVP_RAND_instantiate(ctx, 0, 0, NULL, 0, params)) { - ERR_raise(ERR_LIB_RAND, RAND_R_ERROR_INSTANTIATING_DRBG); - EVP_RAND_CTX_free(ctx); - return NULL; - } - return ctx; -} - -/* - * Get the primary random generator. - * Returns pointer to its EVP_RAND_CTX on success, NULL on failure. - * - */ -EVP_RAND_CTX *RAND_get0_primary(OSSL_LIB_CTX *ctx) -{ - RAND_GLOBAL *dgbl = rand_get_global(ctx); - EVP_RAND_CTX *ret; - - if (dgbl == NULL) - return NULL; - - if (!CRYPTO_THREAD_read_lock(dgbl->lock)) - return NULL; - - ret = dgbl->primary; - CRYPTO_THREAD_unlock(dgbl->lock); - - if (ret != NULL) - return ret; - - if (!CRYPTO_THREAD_write_lock(dgbl->lock)) - return NULL; - - ret = dgbl->primary; - if (ret != NULL) { - CRYPTO_THREAD_unlock(dgbl->lock); - return ret; - } - -#ifndef FIPS_MODULE - if (dgbl->seed == NULL) { - ERR_set_mark(); - dgbl->seed = rand_new_seed(ctx); - ERR_pop_to_mark(); - } -#endif - - ret = dgbl->primary = rand_new_drbg(ctx, dgbl->seed, - PRIMARY_RESEED_INTERVAL, - PRIMARY_RESEED_TIME_INTERVAL); - /* - * The primary DRBG may be shared between multiple threads so we must - * enable locking. - */ - if (ret != NULL && !EVP_RAND_enable_locking(ret)) { - ERR_raise(ERR_LIB_EVP, EVP_R_UNABLE_TO_ENABLE_LOCKING); - EVP_RAND_CTX_free(ret); - ret = dgbl->primary = NULL; - } - CRYPTO_THREAD_unlock(dgbl->lock); - - return ret; -} - -/* - * Get the public random generator. - * Returns pointer to its EVP_RAND_CTX on success, NULL on failure. - */ -EVP_RAND_CTX *RAND_get0_public(OSSL_LIB_CTX *ctx) -{ - RAND_GLOBAL *dgbl = rand_get_global(ctx); - EVP_RAND_CTX *rand, *primary; - - if (dgbl == NULL) - return NULL; - - rand = CRYPTO_THREAD_get_local(&dgbl->public); - if (rand == NULL) { - primary = RAND_get0_primary(ctx); - if (primary == NULL) - return NULL; - - ctx = ossl_lib_ctx_get_concrete(ctx); - /* - * If the private is also NULL then this is the first time we've - * used this thread. - */ - if (CRYPTO_THREAD_get_local(&dgbl->private) == NULL - && !ossl_init_thread_start(NULL, ctx, rand_delete_thread_state)) - return NULL; - rand = rand_new_drbg(ctx, primary, SECONDARY_RESEED_INTERVAL, - SECONDARY_RESEED_TIME_INTERVAL); - CRYPTO_THREAD_set_local(&dgbl->public, rand); - } - return rand; -} - -/* - * Get the private random generator. - * Returns pointer to its EVP_RAND_CTX on success, NULL on failure. - */ -EVP_RAND_CTX *RAND_get0_private(OSSL_LIB_CTX *ctx) -{ - RAND_GLOBAL *dgbl = rand_get_global(ctx); - EVP_RAND_CTX *rand, *primary; - - if (dgbl == NULL) - return NULL; - - rand = CRYPTO_THREAD_get_local(&dgbl->private); - if (rand == NULL) { - primary = RAND_get0_primary(ctx); - if (primary == NULL) - return NULL; - - ctx = ossl_lib_ctx_get_concrete(ctx); - /* - * If the public is also NULL then this is the first time we've - * used this thread. - */ - if (CRYPTO_THREAD_get_local(&dgbl->public) == NULL - && !ossl_init_thread_start(NULL, ctx, rand_delete_thread_state)) - return NULL; - rand = rand_new_drbg(ctx, primary, SECONDARY_RESEED_INTERVAL, - SECONDARY_RESEED_TIME_INTERVAL); - CRYPTO_THREAD_set_local(&dgbl->private, rand); - } - return rand; -} - -#ifndef FIPS_MODULE -static int random_set_string(char **p, const char *s) -{ - char *d = NULL; - - if (s != NULL) { - d = OPENSSL_strdup(s); - if (d == NULL) { - ERR_raise(ERR_LIB_CRYPTO, ERR_R_MALLOC_FAILURE); - return 0; - } - } - OPENSSL_free(*p); - *p = d; - return 1; -} - -/* - * Load the DRBG definitions from a configuration file. - */ -static int random_conf_init(CONF_IMODULE *md, const CONF *cnf) -{ - STACK_OF(CONF_VALUE) *elist; - CONF_VALUE *cval; - RAND_GLOBAL *dgbl = rand_get_global(NCONF_get0_libctx((CONF *)cnf)); - int i, r = 1; - - OSSL_TRACE1(CONF, "Loading random module: section %s\n", - CONF_imodule_get_value(md)); - - /* Value is a section containing RANDOM configuration */ - elist = NCONF_get_section(cnf, CONF_imodule_get_value(md)); - if (elist == NULL) { - ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_RANDOM_SECTION_ERROR); - return 0; - } - - if (dgbl == NULL) - return 0; - - for (i = 0; i < sk_CONF_VALUE_num(elist); i++) { - cval = sk_CONF_VALUE_value(elist, i); - if (OPENSSL_strcasecmp(cval->name, "random") == 0) { - if (!random_set_string(&dgbl->rng_name, cval->value)) - return 0; - } else if (OPENSSL_strcasecmp(cval->name, "cipher") == 0) { - if (!random_set_string(&dgbl->rng_cipher, cval->value)) - return 0; - } else if (OPENSSL_strcasecmp(cval->name, "digest") == 0) { - if (!random_set_string(&dgbl->rng_digest, cval->value)) - return 0; - } else if (OPENSSL_strcasecmp(cval->name, "properties") == 0) { - if (!random_set_string(&dgbl->rng_propq, cval->value)) - return 0; - } else if (OPENSSL_strcasecmp(cval->name, "seed") == 0) { - if (!random_set_string(&dgbl->seed_name, cval->value)) - return 0; - } else if (OPENSSL_strcasecmp(cval->name, "seed_properties") == 0) { - if (!random_set_string(&dgbl->seed_propq, cval->value)) - return 0; - } else { - ERR_raise_data(ERR_LIB_CRYPTO, - CRYPTO_R_UNKNOWN_NAME_IN_RANDOM_SECTION, - "name=%s, value=%s", cval->name, cval->value); - r = 0; - } - } - return r; -} - - -static void random_conf_deinit(CONF_IMODULE *md) -{ - OSSL_TRACE(CONF, "Cleaned up random\n"); -} - -void ossl_random_add_conf_module(void) -{ - OSSL_TRACE(CONF, "Adding config module 'random'\n"); - CONF_module_add("random", random_conf_init, random_conf_deinit); -} - -int RAND_set_DRBG_type(OSSL_LIB_CTX *ctx, const char *drbg, const char *propq, - const char *cipher, const char *digest) -{ - RAND_GLOBAL *dgbl = rand_get_global(ctx); - - if (dgbl == NULL) - return 0; - if (dgbl->primary != NULL) { - ERR_raise(ERR_LIB_CRYPTO, RAND_R_ALREADY_INSTANTIATED); - return 0; - } - return random_set_string(&dgbl->rng_name, drbg) - && random_set_string(&dgbl->rng_propq, propq) - && random_set_string(&dgbl->rng_cipher, cipher) - && random_set_string(&dgbl->rng_digest, digest); -} - -int RAND_set_seed_source_type(OSSL_LIB_CTX *ctx, const char *seed, - const char *propq) -{ - RAND_GLOBAL *dgbl = rand_get_global(ctx); - - if (dgbl == NULL) - return 0; - if (dgbl->primary != NULL) { - ERR_raise(ERR_LIB_CRYPTO, RAND_R_ALREADY_INSTANTIATED); - return 0; - } - return random_set_string(&dgbl->seed_name, seed) - && random_set_string(&dgbl->seed_propq, propq); -} - -#endif diff --git a/crypto/rand/rand_local.h b/crypto/rand/rand_local.h deleted file mode 100644 index 31428f20c85e40c5a6611267496fda2f9097c2cd..0000000000000000000000000000000000000000 --- a/crypto/rand/rand_local.h +++ /dev/null @@ -1,33 +0,0 @@ -/* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#ifndef OSSL_CRYPTO_RAND_LOCAL_H -# define OSSL_CRYPTO_RAND_LOCAL_H - -# include -# include -# include -# include -# include -# include -# include "internal/tsan_assist.h" -# include "crypto/rand.h" - -/* Default reseed intervals */ -# define PRIMARY_RESEED_INTERVAL (1 << 8) -# define SECONDARY_RESEED_INTERVAL (1 << 16) -# define PRIMARY_RESEED_TIME_INTERVAL (60 * 60) /* 1 hour */ -# define SECONDARY_RESEED_TIME_INTERVAL (7 * 60) /* 7 minutes */ - -# ifndef FIPS_MODULE -/* The global RAND method, and the global buffer and DRBG instance. */ -extern RAND_METHOD ossl_rand_meth; -# endif - -#endif diff --git a/crypto/rand/rand_meth.c b/crypto/rand/rand_meth.c deleted file mode 100644 index 276763057db268975c144d93f463e5b8bcd26f59..0000000000000000000000000000000000000000 --- a/crypto/rand/rand_meth.c +++ /dev/null @@ -1,65 +0,0 @@ -/* - * Copyright 2011-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include "rand_local.h" - -/* Implements the default OpenSSL RAND_add() method */ -static int drbg_add(const void *buf, int num, double randomness) -{ - EVP_RAND_CTX *drbg = RAND_get0_primary(NULL); - - if (drbg == NULL || num <= 0) - return 0; - - return EVP_RAND_reseed(drbg, 0, NULL, 0, buf, num); -} - -/* Implements the default OpenSSL RAND_seed() method */ -static int drbg_seed(const void *buf, int num) -{ - return drbg_add(buf, num, num); -} - -/* Implements the default OpenSSL RAND_status() method */ -static int drbg_status(void) -{ - EVP_RAND_CTX *drbg = RAND_get0_primary(NULL); - - if (drbg == NULL) - return 0; - - return EVP_RAND_get_state(drbg) == EVP_RAND_STATE_READY ? 1 : 0; -} - -/* Implements the default OpenSSL RAND_bytes() method */ -static int drbg_bytes(unsigned char *out, int count) -{ - EVP_RAND_CTX *drbg = RAND_get0_public(NULL); - - if (drbg == NULL) - return 0; - - return EVP_RAND_generate(drbg, out, count, 0, 0, NULL, 0); -} - -RAND_METHOD ossl_rand_meth = { - drbg_seed, - drbg_bytes, - NULL, - drbg_add, - drbg_bytes, - drbg_status -}; - -RAND_METHOD *RAND_OpenSSL(void) -{ - return &ossl_rand_meth; -} diff --git a/crypto/rand/rand_pool.c b/crypto/rand/rand_pool.c deleted file mode 100644 index 55f14be60e63a9c8e1199d3e4d75531907949e36..0000000000000000000000000000000000000000 --- a/crypto/rand/rand_pool.c +++ /dev/null @@ -1,412 +0,0 @@ -/* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include "internal/cryptlib.h" -#include -#include "crypto/rand.h" -#include -#include "internal/thread_once.h" -#include "crypto/rand_pool.h" - -/* - * Allocate memory and initialize a new random pool - */ -RAND_POOL *ossl_rand_pool_new(int entropy_requested, int secure, - size_t min_len, size_t max_len) -{ - RAND_POOL *pool = OPENSSL_zalloc(sizeof(*pool)); - size_t min_alloc_size = RAND_POOL_MIN_ALLOCATION(secure); - - if (pool == NULL) { - ERR_raise(ERR_LIB_RAND, ERR_R_MALLOC_FAILURE); - return NULL; - } - - pool->min_len = min_len; - pool->max_len = (max_len > RAND_POOL_MAX_LENGTH) ? - RAND_POOL_MAX_LENGTH : max_len; - pool->alloc_len = min_len < min_alloc_size ? min_alloc_size : min_len; - if (pool->alloc_len > pool->max_len) - pool->alloc_len = pool->max_len; - - if (secure) - pool->buffer = OPENSSL_secure_zalloc(pool->alloc_len); - else - pool->buffer = OPENSSL_zalloc(pool->alloc_len); - - if (pool->buffer == NULL) { - ERR_raise(ERR_LIB_RAND, ERR_R_MALLOC_FAILURE); - goto err; - } - - pool->entropy_requested = entropy_requested; - pool->secure = secure; - return pool; - -err: - OPENSSL_free(pool); - return NULL; -} - -/* - * Attach new random pool to the given buffer - * - * This function is intended to be used only for feeding random data - * provided by RAND_add() and RAND_seed() into the DRBG. - */ -RAND_POOL *ossl_rand_pool_attach(const unsigned char *buffer, size_t len, - size_t entropy) -{ - RAND_POOL *pool = OPENSSL_zalloc(sizeof(*pool)); - - if (pool == NULL) { - ERR_raise(ERR_LIB_RAND, ERR_R_MALLOC_FAILURE); - return NULL; - } - - /* - * The const needs to be cast away, but attached buffers will not be - * modified (in contrary to allocated buffers which are zeroed and - * freed in the end). - */ - pool->buffer = (unsigned char *) buffer; - pool->len = len; - - pool->attached = 1; - - pool->min_len = pool->max_len = pool->alloc_len = pool->len; - pool->entropy = entropy; - - return pool; -} - -/* - * Free |pool|, securely erasing its buffer. - */ -void ossl_rand_pool_free(RAND_POOL *pool) -{ - if (pool == NULL) - return; - - /* - * Although it would be advisable from a cryptographical viewpoint, - * we are not allowed to clear attached buffers, since they are passed - * to ossl_rand_pool_attach() as `const unsigned char*`. - * (see corresponding comment in ossl_rand_pool_attach()). - */ - if (!pool->attached) { - if (pool->secure) - OPENSSL_secure_clear_free(pool->buffer, pool->alloc_len); - else - OPENSSL_clear_free(pool->buffer, pool->alloc_len); - } - - OPENSSL_free(pool); -} - -/* - * Return the |pool|'s buffer to the caller (readonly). - */ -const unsigned char *ossl_rand_pool_buffer(RAND_POOL *pool) -{ - return pool->buffer; -} - -/* - * Return the |pool|'s entropy to the caller. - */ -size_t ossl_rand_pool_entropy(RAND_POOL *pool) -{ - return pool->entropy; -} - -/* - * Return the |pool|'s buffer length to the caller. - */ -size_t ossl_rand_pool_length(RAND_POOL *pool) -{ - return pool->len; -} - -/* - * Detach the |pool| buffer and return it to the caller. - * It's the responsibility of the caller to free the buffer - * using OPENSSL_secure_clear_free() or to re-attach it - * again to the pool using ossl_rand_pool_reattach(). - */ -unsigned char *ossl_rand_pool_detach(RAND_POOL *pool) -{ - unsigned char *ret = pool->buffer; - pool->buffer = NULL; - pool->entropy = 0; - return ret; -} - -/* - * Re-attach the |pool| buffer. It is only allowed to pass - * the |buffer| which was previously detached from the same pool. - */ -void ossl_rand_pool_reattach(RAND_POOL *pool, unsigned char *buffer) -{ - pool->buffer = buffer; - OPENSSL_cleanse(pool->buffer, pool->len); - pool->len = 0; -} - -/* - * If |entropy_factor| bits contain 1 bit of entropy, how many bytes does one - * need to obtain at least |bits| bits of entropy? - */ -#define ENTROPY_TO_BYTES(bits, entropy_factor) \ - (((bits) * (entropy_factor) + 7) / 8) - - -/* - * Checks whether the |pool|'s entropy is available to the caller. - * This is the case when entropy count and buffer length are high enough. - * Returns - * - * |entropy| if the entropy count and buffer size is large enough - * 0 otherwise - */ -size_t ossl_rand_pool_entropy_available(RAND_POOL *pool) -{ - if (pool->entropy < pool->entropy_requested) - return 0; - - if (pool->len < pool->min_len) - return 0; - - return pool->entropy; -} - -/* - * Returns the (remaining) amount of entropy needed to fill - * the random pool. - */ - -size_t ossl_rand_pool_entropy_needed(RAND_POOL *pool) -{ - if (pool->entropy < pool->entropy_requested) - return pool->entropy_requested - pool->entropy; - - return 0; -} - -/* Increase the allocation size -- not usable for an attached pool */ -static int rand_pool_grow(RAND_POOL *pool, size_t len) -{ - if (len > pool->alloc_len - pool->len) { - unsigned char *p; - const size_t limit = pool->max_len / 2; - size_t newlen = pool->alloc_len; - - if (pool->attached || len > pool->max_len - pool->len) { - ERR_raise(ERR_LIB_RAND, ERR_R_INTERNAL_ERROR); - return 0; - } - - do - newlen = newlen < limit ? newlen * 2 : pool->max_len; - while (len > newlen - pool->len); - - if (pool->secure) - p = OPENSSL_secure_zalloc(newlen); - else - p = OPENSSL_zalloc(newlen); - if (p == NULL) { - ERR_raise(ERR_LIB_RAND, ERR_R_MALLOC_FAILURE); - return 0; - } - memcpy(p, pool->buffer, pool->len); - if (pool->secure) - OPENSSL_secure_clear_free(pool->buffer, pool->alloc_len); - else - OPENSSL_clear_free(pool->buffer, pool->alloc_len); - pool->buffer = p; - pool->alloc_len = newlen; - } - return 1; -} - -/* - * Returns the number of bytes needed to fill the pool, assuming - * the input has 1 / |entropy_factor| entropy bits per data bit. - * In case of an error, 0 is returned. - */ - -size_t ossl_rand_pool_bytes_needed(RAND_POOL *pool, unsigned int entropy_factor) -{ - size_t bytes_needed; - size_t entropy_needed = ossl_rand_pool_entropy_needed(pool); - - if (entropy_factor < 1) { - ERR_raise(ERR_LIB_RAND, RAND_R_ARGUMENT_OUT_OF_RANGE); - return 0; - } - - bytes_needed = ENTROPY_TO_BYTES(entropy_needed, entropy_factor); - - if (bytes_needed > pool->max_len - pool->len) { - /* not enough space left */ - ERR_raise(ERR_LIB_RAND, RAND_R_RANDOM_POOL_OVERFLOW); - return 0; - } - - if (pool->len < pool->min_len && - bytes_needed < pool->min_len - pool->len) - /* to meet the min_len requirement */ - bytes_needed = pool->min_len - pool->len; - - /* - * Make sure the buffer is large enough for the requested amount - * of data. This guarantees that existing code patterns where - * ossl_rand_pool_add_begin, ossl_rand_pool_add_end or ossl_rand_pool_add - * are used to collect entropy data without any error handling - * whatsoever, continue to be valid. - * Furthermore if the allocation here fails once, make sure that - * we don't fall back to a less secure or even blocking random source, - * as that could happen by the existing code patterns. - * This is not a concern for additional data, therefore that - * is not needed if rand_pool_grow fails in other places. - */ - if (!rand_pool_grow(pool, bytes_needed)) { - /* persistent error for this pool */ - pool->max_len = pool->len = 0; - return 0; - } - - return bytes_needed; -} - -/* Returns the remaining number of bytes available */ -size_t ossl_rand_pool_bytes_remaining(RAND_POOL *pool) -{ - return pool->max_len - pool->len; -} - -/* - * Add random bytes to the random pool. - * - * It is expected that the |buffer| contains |len| bytes of - * random input which contains at least |entropy| bits of - * randomness. - * - * Returns 1 if the added amount is adequate, otherwise 0 - */ -int ossl_rand_pool_add(RAND_POOL *pool, - const unsigned char *buffer, size_t len, size_t entropy) -{ - if (len > pool->max_len - pool->len) { - ERR_raise(ERR_LIB_RAND, RAND_R_ENTROPY_INPUT_TOO_LONG); - return 0; - } - - if (pool->buffer == NULL) { - ERR_raise(ERR_LIB_RAND, ERR_R_INTERNAL_ERROR); - return 0; - } - - if (len > 0) { - /* - * This is to protect us from accidentally passing the buffer - * returned from ossl_rand_pool_add_begin. - * The check for alloc_len makes sure we do not compare the - * address of the end of the allocated memory to something - * different, since that comparison would have an - * indeterminate result. - */ - if (pool->alloc_len > pool->len && pool->buffer + pool->len == buffer) { - ERR_raise(ERR_LIB_RAND, ERR_R_INTERNAL_ERROR); - return 0; - } - /* - * We have that only for cases when a pool is used to collect - * additional data. - * For entropy data, as long as the allocation request stays within - * the limits given by ossl_rand_pool_bytes_needed this rand_pool_grow - * below is guaranteed to succeed, thus no allocation happens. - */ - if (!rand_pool_grow(pool, len)) - return 0; - memcpy(pool->buffer + pool->len, buffer, len); - pool->len += len; - pool->entropy += entropy; - } - - return 1; -} - -/* - * Start to add random bytes to the random pool in-place. - * - * Reserves the next |len| bytes for adding random bytes in-place - * and returns a pointer to the buffer. - * The caller is allowed to copy up to |len| bytes into the buffer. - * If |len| == 0 this is considered a no-op and a NULL pointer - * is returned without producing an error message. - * - * After updating the buffer, ossl_rand_pool_add_end() needs to be called - * to finish the update operation (see next comment). - */ -unsigned char *ossl_rand_pool_add_begin(RAND_POOL *pool, size_t len) -{ - if (len == 0) - return NULL; - - if (len > pool->max_len - pool->len) { - ERR_raise(ERR_LIB_RAND, RAND_R_RANDOM_POOL_OVERFLOW); - return NULL; - } - - if (pool->buffer == NULL) { - ERR_raise(ERR_LIB_RAND, ERR_R_INTERNAL_ERROR); - return NULL; - } - - /* - * As long as the allocation request stays within the limits given - * by ossl_rand_pool_bytes_needed this rand_pool_grow below is guaranteed - * to succeed, thus no allocation happens. - * We have that only for cases when a pool is used to collect - * additional data. Then the buffer might need to grow here, - * and of course the caller is responsible to check the return - * value of this function. - */ - if (!rand_pool_grow(pool, len)) - return NULL; - - return pool->buffer + pool->len; -} - -/* - * Finish to add random bytes to the random pool in-place. - * - * Finishes an in-place update of the random pool started by - * ossl_rand_pool_add_begin() (see previous comment). - * It is expected that |len| bytes of random input have been added - * to the buffer which contain at least |entropy| bits of randomness. - * It is allowed to add less bytes than originally reserved. - */ -int ossl_rand_pool_add_end(RAND_POOL *pool, size_t len, size_t entropy) -{ - if (len > pool->alloc_len - pool->len) { - ERR_raise(ERR_LIB_RAND, RAND_R_RANDOM_POOL_OVERFLOW); - return 0; - } - - if (len > 0) { - pool->len += len; - pool->entropy += entropy; - } - - return 1; -} diff --git a/crypto/rand/randfile.c b/crypto/rand/randfile.c deleted file mode 100644 index 82f41637387b21ef75fb373a66d4780f21890ce9..0000000000000000000000000000000000000000 --- a/crypto/rand/randfile.c +++ /dev/null @@ -1,321 +0,0 @@ -/* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#if defined (__TANDEM) && defined (_SPT_MODEL_) -/* - * These definitions have to come first in SPT due to scoping of the - * declarations in c99 associated with SPT use of stat. - */ -# include -# include -#endif - -#include "internal/cryptlib.h" - -#include -#include -#include -#include - -#include -#include -#include - -#ifdef OPENSSL_SYS_VMS -# include -#endif -#include -#ifndef OPENSSL_NO_POSIX_IO -# include -# include -# if defined(_WIN32) && !defined(_WIN32_WCE) -# include -# include -# define stat _stat -# define chmod _chmod -# define open _open -# define fdopen _fdopen -# define fstat _fstat -# define fileno _fileno -# endif -#endif - -/* - * Following should not be needed, and we could have been stricter - * and demand S_IS*. But some systems just don't comply... Formally - * below macros are "anatomically incorrect", because normally they - * would look like ((m) & MASK == TYPE), but since MASK availability - * is as questionable, we settle for this poor-man fallback... - */ -# if !defined(S_ISREG) -# define S_ISREG(m) ((m) & S_IFREG) -# endif - -#define RAND_BUF_SIZE 1024 -#define RFILE ".rnd" - -#ifdef OPENSSL_SYS_VMS -/* - * __FILE_ptr32 is a type provided by DEC C headers (types.h specifically) - * to make sure the FILE* is a 32-bit pointer no matter what. We know that - * stdio functions return this type (a study of stdio.h proves it). - * - * This declaration is a nasty hack to get around vms' extension to fopen for - * passing in sharing options being disabled by /STANDARD=ANSI89 - */ -static __FILE_ptr32 (*const vms_fopen)(const char *, const char *, ...) = - (__FILE_ptr32 (*)(const char *, const char *, ...))fopen; -# define VMS_OPEN_ATTRS \ - "shr=get,put,upd,del","ctx=bin,stm","rfm=stm","rat=none","mrs=0" -# define openssl_fopen(fname, mode) vms_fopen((fname), (mode), VMS_OPEN_ATTRS) -#endif - -/* - * Note that these functions are intended for seed files only. Entropy - * devices and EGD sockets are handled in rand_unix.c If |bytes| is - * -1 read the complete file; otherwise read the specified amount. - */ -int RAND_load_file(const char *file, long bytes) -{ - /* - * The load buffer size exceeds the chunk size by the comfortable amount - * of 'RAND_DRBG_STRENGTH' bytes (not bits!). This is done on purpose - * to avoid calling RAND_add() with a small final chunk. Instead, such - * a small final chunk will be added together with the previous chunk - * (unless it's the only one). - */ -#define RAND_LOAD_BUF_SIZE (RAND_BUF_SIZE + RAND_DRBG_STRENGTH) - unsigned char buf[RAND_LOAD_BUF_SIZE]; - -#ifndef OPENSSL_NO_POSIX_IO - struct stat sb; -#endif - int i, n, ret = 0; - FILE *in; - - if (bytes == 0) - return 0; - - if ((in = openssl_fopen(file, "rb")) == NULL) { - ERR_raise_data(ERR_LIB_RAND, RAND_R_CANNOT_OPEN_FILE, - "Filename=%s", file); - return -1; - } - -#ifndef OPENSSL_NO_POSIX_IO - if (fstat(fileno(in), &sb) < 0) { - ERR_raise_data(ERR_LIB_RAND, RAND_R_INTERNAL_ERROR, - "Filename=%s", file); - fclose(in); - return -1; - } - - if (bytes < 0) { - if (S_ISREG(sb.st_mode)) - bytes = sb.st_size; - else - bytes = RAND_DRBG_STRENGTH; - } -#endif - /* - * On VMS, setbuf() will only take 32-bit pointers, and a compilation - * with /POINTER_SIZE=64 will give off a MAYLOSEDATA2 warning here. - * However, we trust that the C RTL will never give us a FILE pointer - * above the first 4 GB of memory, so we simply turn off the warning - * temporarily. - */ -#if defined(OPENSSL_SYS_VMS) && defined(__DECC) -# pragma environment save -# pragma message disable maylosedata2 -#endif - /* - * Don't buffer, because even if |file| is regular file, we have - * no control over the buffer, so why would we want a copy of its - * contents lying around? - */ - setbuf(in, NULL); -#if defined(OPENSSL_SYS_VMS) && defined(__DECC) -# pragma environment restore -#endif - - for ( ; ; ) { - if (bytes > 0) - n = (bytes <= RAND_LOAD_BUF_SIZE) ? (int)bytes : RAND_BUF_SIZE; - else - n = RAND_LOAD_BUF_SIZE; - i = fread(buf, 1, n, in); -#ifdef EINTR - if (ferror(in) && errno == EINTR){ - clearerr(in); - if (i == 0) - continue; - } -#endif - if (i == 0) - break; - - RAND_add(buf, i, (double)i); - ret += i; - - /* If given a bytecount, and we did it, break. */ - if (bytes > 0 && (bytes -= i) <= 0) - break; - } - - OPENSSL_cleanse(buf, sizeof(buf)); - fclose(in); - if (!RAND_status()) { - ERR_raise_data(ERR_LIB_RAND, RAND_R_RESEED_ERROR, "Filename=%s", file); - return -1; - } - - return ret; -} - -int RAND_write_file(const char *file) -{ - unsigned char buf[RAND_BUF_SIZE]; - int ret = -1; - FILE *out = NULL; -#ifndef OPENSSL_NO_POSIX_IO - struct stat sb; - - if (stat(file, &sb) >= 0 && !S_ISREG(sb.st_mode)) { - ERR_raise_data(ERR_LIB_RAND, RAND_R_NOT_A_REGULAR_FILE, - "Filename=%s", file); - return -1; - } -#endif - - /* Collect enough random data. */ - if (RAND_priv_bytes(buf, (int)sizeof(buf)) != 1) - return -1; - -#if defined(O_CREAT) && !defined(OPENSSL_NO_POSIX_IO) && \ - !defined(OPENSSL_SYS_VMS) && !defined(OPENSSL_SYS_WINDOWS) - { -# ifndef O_BINARY -# define O_BINARY 0 -# endif - /* - * chmod(..., 0600) is too late to protect the file, permissions - * should be restrictive from the start - */ - int fd = open(file, O_WRONLY | O_CREAT | O_BINARY, 0600); - if (fd != -1) - out = fdopen(fd, "wb"); - } -#endif - -#ifdef OPENSSL_SYS_VMS - /* - * VMS NOTE: Prior versions of this routine created a _new_ version of - * the rand file for each call into this routine, then deleted all - * existing versions named ;-1, and finally renamed the current version - * as ';1'. Under concurrent usage, this resulted in an RMS race - * condition in rename() which could orphan files (see vms message help - * for RMS$_REENT). With the fopen() calls below, openssl/VMS now shares - * the top-level version of the rand file. Note that there may still be - * conditions where the top-level rand file is locked. If so, this code - * will then create a new version of the rand file. Without the delete - * and rename code, this can result in ascending file versions that stop - * at version 32767, and this routine will then return an error. The - * remedy for this is to recode the calling application to avoid - * concurrent use of the rand file, or synchronize usage at the - * application level. Also consider whether or not you NEED a persistent - * rand file in a concurrent use situation. - */ - out = openssl_fopen(file, "rb+"); -#endif - - if (out == NULL) - out = openssl_fopen(file, "wb"); - if (out == NULL) { - ERR_raise_data(ERR_LIB_RAND, RAND_R_CANNOT_OPEN_FILE, - "Filename=%s", file); - return -1; - } - -#if !defined(NO_CHMOD) && !defined(OPENSSL_NO_POSIX_IO) - /* - * Yes it's late to do this (see above comment), but better than nothing. - */ - chmod(file, 0600); -#endif - - ret = fwrite(buf, 1, RAND_BUF_SIZE, out); - fclose(out); - OPENSSL_cleanse(buf, RAND_BUF_SIZE); - return ret; -} - -const char *RAND_file_name(char *buf, size_t size) -{ - char *s = NULL; - size_t len; - int use_randfile = 1; - -#if defined(_WIN32) && defined(CP_UTF8) && !defined(_WIN32_WCE) - DWORD envlen; - WCHAR *var; - - /* Look up various environment variables. */ - if ((envlen = GetEnvironmentVariableW(var = L"RANDFILE", NULL, 0)) == 0) { - use_randfile = 0; - if ((envlen = GetEnvironmentVariableW(var = L"HOME", NULL, 0)) == 0 - && (envlen = GetEnvironmentVariableW(var = L"USERPROFILE", - NULL, 0)) == 0) - envlen = GetEnvironmentVariableW(var = L"SYSTEMROOT", NULL, 0); - } - - /* If we got a value, allocate space to hold it and then get it. */ - if (envlen != 0) { - int sz; - WCHAR *val = _alloca(envlen * sizeof(WCHAR)); - - if (GetEnvironmentVariableW(var, val, envlen) < envlen - && (sz = WideCharToMultiByte(CP_UTF8, 0, val, -1, NULL, 0, - NULL, NULL)) != 0) { - s = _alloca(sz); - if (WideCharToMultiByte(CP_UTF8, 0, val, -1, s, sz, - NULL, NULL) == 0) - s = NULL; - } - } -#else - if ((s = ossl_safe_getenv("RANDFILE")) == NULL || *s == '\0') { - use_randfile = 0; - s = ossl_safe_getenv("HOME"); - } -#endif - -#ifdef DEFAULT_HOME - if (!use_randfile && s == NULL) - s = DEFAULT_HOME; -#endif - if (s == NULL || *s == '\0') - return NULL; - - len = strlen(s); - if (use_randfile) { - if (len + 1 >= size) - return NULL; - strcpy(buf, s); - } else { - if (len + 1 + strlen(RFILE) + 1 >= size) - return NULL; - strcpy(buf, s); -#ifndef OPENSSL_SYS_VMS - strcat(buf, "/"); -#endif - strcat(buf, RFILE); - } - - return buf; -} diff --git a/crypto/rc2/build.info b/crypto/rc2/build.info deleted file mode 100644 index b6d60d6ee3060de7c822b0d8a1c1ce16348b2e39..0000000000000000000000000000000000000000 --- a/crypto/rc2/build.info +++ /dev/null @@ -1,11 +0,0 @@ -LIBS=../../libcrypto - -$ALL=rc2_ecb.c rc2_skey.c rc2_cbc.c rc2cfb64.c rc2ofb64.c - -SOURCE[../../libcrypto]=$ALL - -# When all deprecated symbols are removed, libcrypto doesn't export the -# rc2 functions, so we must include them directly in liblegacy.a -IF[{- $disabled{'deprecated-3.0'} -}] - SOURCE[../../providers/liblegacy.a]=$ALL -ENDIF diff --git a/crypto/rc2/rc2_cbc.c b/crypto/rc2/rc2_cbc.c deleted file mode 100644 index d37093fcc76c194d256294fd7228b8c513e2f7cd..0000000000000000000000000000000000000000 --- a/crypto/rc2/rc2_cbc.c +++ /dev/null @@ -1,185 +0,0 @@ -/* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * RC2 low level APIs are deprecated for public use, but still ok for internal - * use. - */ -#include "internal/deprecated.h" - -#include -#include "rc2_local.h" - -void RC2_cbc_encrypt(const unsigned char *in, unsigned char *out, long length, - RC2_KEY *ks, unsigned char *iv, int encrypt) -{ - register unsigned long tin0, tin1; - register unsigned long tout0, tout1, xor0, xor1; - register long l = length; - unsigned long tin[2]; - - if (encrypt) { - c2l(iv, tout0); - c2l(iv, tout1); - iv -= 8; - for (l -= 8; l >= 0; l -= 8) { - c2l(in, tin0); - c2l(in, tin1); - tin0 ^= tout0; - tin1 ^= tout1; - tin[0] = tin0; - tin[1] = tin1; - RC2_encrypt(tin, ks); - tout0 = tin[0]; - l2c(tout0, out); - tout1 = tin[1]; - l2c(tout1, out); - } - if (l != -8) { - c2ln(in, tin0, tin1, l + 8); - tin0 ^= tout0; - tin1 ^= tout1; - tin[0] = tin0; - tin[1] = tin1; - RC2_encrypt(tin, ks); - tout0 = tin[0]; - l2c(tout0, out); - tout1 = tin[1]; - l2c(tout1, out); - } - l2c(tout0, iv); - l2c(tout1, iv); - } else { - c2l(iv, xor0); - c2l(iv, xor1); - iv -= 8; - for (l -= 8; l >= 0; l -= 8) { - c2l(in, tin0); - tin[0] = tin0; - c2l(in, tin1); - tin[1] = tin1; - RC2_decrypt(tin, ks); - tout0 = tin[0] ^ xor0; - tout1 = tin[1] ^ xor1; - l2c(tout0, out); - l2c(tout1, out); - xor0 = tin0; - xor1 = tin1; - } - if (l != -8) { - c2l(in, tin0); - tin[0] = tin0; - c2l(in, tin1); - tin[1] = tin1; - RC2_decrypt(tin, ks); - tout0 = tin[0] ^ xor0; - tout1 = tin[1] ^ xor1; - l2cn(tout0, tout1, out, l + 8); - xor0 = tin0; - xor1 = tin1; - } - l2c(xor0, iv); - l2c(xor1, iv); - } - tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0; - tin[0] = tin[1] = 0; -} - -void RC2_encrypt(unsigned long *d, RC2_KEY *key) -{ - int i, n; - register RC2_INT *p0, *p1; - register RC2_INT x0, x1, x2, x3, t; - unsigned long l; - - l = d[0]; - x0 = (RC2_INT) l & 0xffff; - x1 = (RC2_INT) (l >> 16L); - l = d[1]; - x2 = (RC2_INT) l & 0xffff; - x3 = (RC2_INT) (l >> 16L); - - n = 3; - i = 5; - - p0 = p1 = &(key->data[0]); - for (;;) { - t = (x0 + (x1 & ~x3) + (x2 & x3) + *(p0++)) & 0xffff; - x0 = (t << 1) | (t >> 15); - t = (x1 + (x2 & ~x0) + (x3 & x0) + *(p0++)) & 0xffff; - x1 = (t << 2) | (t >> 14); - t = (x2 + (x3 & ~x1) + (x0 & x1) + *(p0++)) & 0xffff; - x2 = (t << 3) | (t >> 13); - t = (x3 + (x0 & ~x2) + (x1 & x2) + *(p0++)) & 0xffff; - x3 = (t << 5) | (t >> 11); - - if (--i == 0) { - if (--n == 0) - break; - i = (n == 2) ? 6 : 5; - - x0 += p1[x3 & 0x3f]; - x1 += p1[x0 & 0x3f]; - x2 += p1[x1 & 0x3f]; - x3 += p1[x2 & 0x3f]; - } - } - - d[0] = - (unsigned long)(x0 & 0xffff) | ((unsigned long)(x1 & 0xffff) << 16L); - d[1] = - (unsigned long)(x2 & 0xffff) | ((unsigned long)(x3 & 0xffff) << 16L); -} - -void RC2_decrypt(unsigned long *d, RC2_KEY *key) -{ - int i, n; - register RC2_INT *p0, *p1; - register RC2_INT x0, x1, x2, x3, t; - unsigned long l; - - l = d[0]; - x0 = (RC2_INT) l & 0xffff; - x1 = (RC2_INT) (l >> 16L); - l = d[1]; - x2 = (RC2_INT) l & 0xffff; - x3 = (RC2_INT) (l >> 16L); - - n = 3; - i = 5; - - p0 = &(key->data[63]); - p1 = &(key->data[0]); - for (;;) { - t = ((x3 << 11) | (x3 >> 5)) & 0xffff; - x3 = (t - (x0 & ~x2) - (x1 & x2) - *(p0--)) & 0xffff; - t = ((x2 << 13) | (x2 >> 3)) & 0xffff; - x2 = (t - (x3 & ~x1) - (x0 & x1) - *(p0--)) & 0xffff; - t = ((x1 << 14) | (x1 >> 2)) & 0xffff; - x1 = (t - (x2 & ~x0) - (x3 & x0) - *(p0--)) & 0xffff; - t = ((x0 << 15) | (x0 >> 1)) & 0xffff; - x0 = (t - (x1 & ~x3) - (x2 & x3) - *(p0--)) & 0xffff; - - if (--i == 0) { - if (--n == 0) - break; - i = (n == 2) ? 6 : 5; - - x3 = (x3 - p1[x2 & 0x3f]) & 0xffff; - x2 = (x2 - p1[x1 & 0x3f]) & 0xffff; - x1 = (x1 - p1[x0 & 0x3f]) & 0xffff; - x0 = (x0 - p1[x3 & 0x3f]) & 0xffff; - } - } - - d[0] = - (unsigned long)(x0 & 0xffff) | ((unsigned long)(x1 & 0xffff) << 16L); - d[1] = - (unsigned long)(x2 & 0xffff) | ((unsigned long)(x3 & 0xffff) << 16L); -} diff --git a/crypto/rc2/rc2_ecb.c b/crypto/rc2/rc2_ecb.c deleted file mode 100644 index 8861d05673b911691cbeb62c560df2b46f88c34b..0000000000000000000000000000000000000000 --- a/crypto/rc2/rc2_ecb.c +++ /dev/null @@ -1,46 +0,0 @@ -/* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * RC2 low level APIs are deprecated for public use, but still ok for internal - * use. - */ -#include "internal/deprecated.h" - -#include -#include "rc2_local.h" -#include - -/*- - * RC2 as implemented frm a posting from - * Newsgroups: sci.crypt - * Subject: Specification for Ron Rivests Cipher No.2 - * Message-ID: <4fk39f$f70@net.auckland.ac.nz> - * Date: 11 Feb 1996 06:45:03 GMT - */ - -void RC2_ecb_encrypt(const unsigned char *in, unsigned char *out, RC2_KEY *ks, - int encrypt) -{ - unsigned long l, d[2]; - - c2l(in, l); - d[0] = l; - c2l(in, l); - d[1] = l; - if (encrypt) - RC2_encrypt(d, ks); - else - RC2_decrypt(d, ks); - l = d[0]; - l2c(l, out); - l = d[1]; - l2c(l, out); - l = d[0] = d[1] = 0; -} diff --git a/crypto/rc2/rc2_local.h b/crypto/rc2/rc2_local.h deleted file mode 100644 index 8faa7b840a548dc68b04d39c8936db3455eeffa7..0000000000000000000000000000000000000000 --- a/crypto/rc2/rc2_local.h +++ /dev/null @@ -1,134 +0,0 @@ -/* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#undef c2l -#define c2l(c,l) (l =((unsigned long)(*((c)++))) , \ - l|=((unsigned long)(*((c)++)))<< 8L, \ - l|=((unsigned long)(*((c)++)))<<16L, \ - l|=((unsigned long)(*((c)++)))<<24L) - -/* NOTE - c is not incremented as per c2l */ -#undef c2ln -#define c2ln(c,l1,l2,n) { \ - c+=n; \ - l1=l2=0; \ - switch (n) { \ - case 8: l2 =((unsigned long)(*(--(c))))<<24L; \ - /* fall thru */ \ - case 7: l2|=((unsigned long)(*(--(c))))<<16L; \ - /* fall thru */ \ - case 6: l2|=((unsigned long)(*(--(c))))<< 8L; \ - /* fall thru */ \ - case 5: l2|=((unsigned long)(*(--(c)))); \ - /* fall thru */ \ - case 4: l1 =((unsigned long)(*(--(c))))<<24L; \ - /* fall thru */ \ - case 3: l1|=((unsigned long)(*(--(c))))<<16L; \ - /* fall thru */ \ - case 2: l1|=((unsigned long)(*(--(c))))<< 8L; \ - /* fall thru */ \ - case 1: l1|=((unsigned long)(*(--(c)))); \ - } \ - } - -#undef l2c -#define l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \ - *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \ - *((c)++)=(unsigned char)(((l)>>16L)&0xff), \ - *((c)++)=(unsigned char)(((l)>>24L)&0xff)) - -/* NOTE - c is not incremented as per l2c */ -#undef l2cn -#define l2cn(l1,l2,c,n) { \ - c+=n; \ - switch (n) { \ - case 8: *(--(c))=(unsigned char)(((l2)>>24L)&0xff); \ - /* fall thru */ \ - case 7: *(--(c))=(unsigned char)(((l2)>>16L)&0xff); \ - /* fall thru */ \ - case 6: *(--(c))=(unsigned char)(((l2)>> 8L)&0xff); \ - /* fall thru */ \ - case 5: *(--(c))=(unsigned char)(((l2) )&0xff); \ - /* fall thru */ \ - case 4: *(--(c))=(unsigned char)(((l1)>>24L)&0xff); \ - /* fall thru */ \ - case 3: *(--(c))=(unsigned char)(((l1)>>16L)&0xff); \ - /* fall thru */ \ - case 2: *(--(c))=(unsigned char)(((l1)>> 8L)&0xff); \ - /* fall thru */ \ - case 1: *(--(c))=(unsigned char)(((l1) )&0xff); \ - } \ - } - -/* NOTE - c is not incremented as per n2l */ -#define n2ln(c,l1,l2,n) { \ - c+=n; \ - l1=l2=0; \ - switch (n) { \ - case 8: l2 =((unsigned long)(*(--(c)))) ; \ - /* fall thru */ \ - case 7: l2|=((unsigned long)(*(--(c))))<< 8; \ - /* fall thru */ \ - case 6: l2|=((unsigned long)(*(--(c))))<<16; \ - /* fall thru */ \ - case 5: l2|=((unsigned long)(*(--(c))))<<24; \ - /* fall thru */ \ - case 4: l1 =((unsigned long)(*(--(c)))) ; \ - /* fall thru */ \ - case 3: l1|=((unsigned long)(*(--(c))))<< 8; \ - /* fall thru */ \ - case 2: l1|=((unsigned long)(*(--(c))))<<16; \ - /* fall thru */ \ - case 1: l1|=((unsigned long)(*(--(c))))<<24; \ - } \ - } - -/* NOTE - c is not incremented as per l2n */ -#define l2nn(l1,l2,c,n) { \ - c+=n; \ - switch (n) { \ - case 8: *(--(c))=(unsigned char)(((l2) )&0xff); \ - /* fall thru */ \ - case 7: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \ - /* fall thru */ \ - case 6: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \ - /* fall thru */ \ - case 5: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \ - /* fall thru */ \ - case 4: *(--(c))=(unsigned char)(((l1) )&0xff); \ - /* fall thru */ \ - case 3: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \ - /* fall thru */ \ - case 2: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \ - /* fall thru */ \ - case 1: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \ - } \ - } - -#undef n2l -#define n2l(c,l) (l =((unsigned long)(*((c)++)))<<24L, \ - l|=((unsigned long)(*((c)++)))<<16L, \ - l|=((unsigned long)(*((c)++)))<< 8L, \ - l|=((unsigned long)(*((c)++)))) - -#undef l2n -#define l2n(l,c) (*((c)++)=(unsigned char)(((l)>>24L)&0xff), \ - *((c)++)=(unsigned char)(((l)>>16L)&0xff), \ - *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \ - *((c)++)=(unsigned char)(((l) )&0xff)) - -#define C_RC2(n) \ - t=(x0+(x1& ~x3)+(x2&x3)+ *(p0++))&0xffff; \ - x0=(t<<1)|(t>>15); \ - t=(x1+(x2& ~x0)+(x3&x0)+ *(p0++))&0xffff; \ - x1=(t<<2)|(t>>14); \ - t=(x2+(x3& ~x1)+(x0&x1)+ *(p0++))&0xffff; \ - x2=(t<<3)|(t>>13); \ - t=(x3+(x0& ~x2)+(x1&x2)+ *(p0++))&0xffff; \ - x3=(t<<5)|(t>>11); diff --git a/crypto/rc2/rc2_skey.c b/crypto/rc2/rc2_skey.c deleted file mode 100644 index e43b84af1715f4733ba55c37bbba05eb3e389f1e..0000000000000000000000000000000000000000 --- a/crypto/rc2/rc2_skey.c +++ /dev/null @@ -1,104 +0,0 @@ -/* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * RC2 low level APIs are deprecated for public use, but still ok for internal - * use. - */ -#include "internal/deprecated.h" - -#include -#include "rc2_local.h" - -static const unsigned char key_table[256] = { - 0xd9, 0x78, 0xf9, 0xc4, 0x19, 0xdd, 0xb5, 0xed, 0x28, 0xe9, 0xfd, 0x79, - 0x4a, 0xa0, 0xd8, 0x9d, 0xc6, 0x7e, 0x37, 0x83, 0x2b, 0x76, 0x53, 0x8e, - 0x62, 0x4c, 0x64, 0x88, 0x44, 0x8b, 0xfb, 0xa2, 0x17, 0x9a, 0x59, 0xf5, - 0x87, 0xb3, 0x4f, 0x13, 0x61, 0x45, 0x6d, 0x8d, 0x09, 0x81, 0x7d, 0x32, - 0xbd, 0x8f, 0x40, 0xeb, 0x86, 0xb7, 0x7b, 0x0b, 0xf0, 0x95, 0x21, 0x22, - 0x5c, 0x6b, 0x4e, 0x82, 0x54, 0xd6, 0x65, 0x93, 0xce, 0x60, 0xb2, 0x1c, - 0x73, 0x56, 0xc0, 0x14, 0xa7, 0x8c, 0xf1, 0xdc, 0x12, 0x75, 0xca, 0x1f, - 0x3b, 0xbe, 0xe4, 0xd1, 0x42, 0x3d, 0xd4, 0x30, 0xa3, 0x3c, 0xb6, 0x26, - 0x6f, 0xbf, 0x0e, 0xda, 0x46, 0x69, 0x07, 0x57, 0x27, 0xf2, 0x1d, 0x9b, - 0xbc, 0x94, 0x43, 0x03, 0xf8, 0x11, 0xc7, 0xf6, 0x90, 0xef, 0x3e, 0xe7, - 0x06, 0xc3, 0xd5, 0x2f, 0xc8, 0x66, 0x1e, 0xd7, 0x08, 0xe8, 0xea, 0xde, - 0x80, 0x52, 0xee, 0xf7, 0x84, 0xaa, 0x72, 0xac, 0x35, 0x4d, 0x6a, 0x2a, - 0x96, 0x1a, 0xd2, 0x71, 0x5a, 0x15, 0x49, 0x74, 0x4b, 0x9f, 0xd0, 0x5e, - 0x04, 0x18, 0xa4, 0xec, 0xc2, 0xe0, 0x41, 0x6e, 0x0f, 0x51, 0xcb, 0xcc, - 0x24, 0x91, 0xaf, 0x50, 0xa1, 0xf4, 0x70, 0x39, 0x99, 0x7c, 0x3a, 0x85, - 0x23, 0xb8, 0xb4, 0x7a, 0xfc, 0x02, 0x36, 0x5b, 0x25, 0x55, 0x97, 0x31, - 0x2d, 0x5d, 0xfa, 0x98, 0xe3, 0x8a, 0x92, 0xae, 0x05, 0xdf, 0x29, 0x10, - 0x67, 0x6c, 0xba, 0xc9, 0xd3, 0x00, 0xe6, 0xcf, 0xe1, 0x9e, 0xa8, 0x2c, - 0x63, 0x16, 0x01, 0x3f, 0x58, 0xe2, 0x89, 0xa9, 0x0d, 0x38, 0x34, 0x1b, - 0xab, 0x33, 0xff, 0xb0, 0xbb, 0x48, 0x0c, 0x5f, 0xb9, 0xb1, 0xcd, 0x2e, - 0xc5, 0xf3, 0xdb, 0x47, 0xe5, 0xa5, 0x9c, 0x77, 0x0a, 0xa6, 0x20, 0x68, - 0xfe, 0x7f, 0xc1, 0xad, -}; - -#if defined(_MSC_VER) && defined(_ARM_) -# pragma optimize("g",off) -#endif - -/* - * It has come to my attention that there are 2 versions of the RC2 key - * schedule. One which is normal, and another which has a hook to use a - * reduced key length. BSAFE uses the latter version. What I previously - * shipped is the same as specifying 1024 for the 'bits' parameter. Bsafe - * uses a version where the bits parameter is the same as len*8 - */ -void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, int bits) -{ - int i, j; - unsigned char *k; - RC2_INT *ki; - unsigned int c, d; - - k = (unsigned char *)&(key->data[0]); - *k = 0; /* for if there is a zero length key */ - - if (len > 128) - len = 128; - if (bits <= 0) - bits = 1024; - if (bits > 1024) - bits = 1024; - - for (i = 0; i < len; i++) - k[i] = data[i]; - - /* expand table */ - d = k[len - 1]; - j = 0; - for (i = len; i < 128; i++, j++) { - d = key_table[(k[j] + d) & 0xff]; - k[i] = d; - } - - /* hmm.... key reduction to 'bits' bits */ - - j = (bits + 7) >> 3; - i = 128 - j; - c = (0xff >> (-bits & 0x07)); - - d = key_table[k[i] & c]; - k[i] = d; - while (i--) { - d = key_table[k[i + j] ^ d]; - k[i] = d; - } - - /* copy from bytes into RC2_INT's */ - ki = &(key->data[63]); - for (i = 127; i >= 0; i -= 2) - *(ki--) = ((k[i] << 8) | k[i - 1]) & 0xffff; -} - -#if defined(_MSC_VER) -# pragma optimize("",on) -#endif diff --git a/crypto/rc2/rc2cfb64.c b/crypto/rc2/rc2cfb64.c deleted file mode 100644 index 19612d933383d60e1afd8bbac89acf28b6a8549c..0000000000000000000000000000000000000000 --- a/crypto/rc2/rc2cfb64.c +++ /dev/null @@ -1,80 +0,0 @@ -/* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * RC2 low level APIs are deprecated for public use, but still ok for internal - * use. - */ -#include "internal/deprecated.h" - -#include -#include "rc2_local.h" - -/* - * The input and output encrypted as though 64bit cfb mode is being used. - * The extra state information to record how much of the 64bit block we have - * used is contained in *num; - */ - -void RC2_cfb64_encrypt(const unsigned char *in, unsigned char *out, - long length, RC2_KEY *schedule, unsigned char *ivec, - int *num, int encrypt) -{ - register unsigned long v0, v1, t; - register int n = *num; - register long l = length; - unsigned long ti[2]; - unsigned char *iv, c, cc; - - iv = (unsigned char *)ivec; - if (encrypt) { - while (l--) { - if (n == 0) { - c2l(iv, v0); - ti[0] = v0; - c2l(iv, v1); - ti[1] = v1; - RC2_encrypt((unsigned long *)ti, schedule); - iv = (unsigned char *)ivec; - t = ti[0]; - l2c(t, iv); - t = ti[1]; - l2c(t, iv); - iv = (unsigned char *)ivec; - } - c = *(in++) ^ iv[n]; - *(out++) = c; - iv[n] = c; - n = (n + 1) & 0x07; - } - } else { - while (l--) { - if (n == 0) { - c2l(iv, v0); - ti[0] = v0; - c2l(iv, v1); - ti[1] = v1; - RC2_encrypt((unsigned long *)ti, schedule); - iv = (unsigned char *)ivec; - t = ti[0]; - l2c(t, iv); - t = ti[1]; - l2c(t, iv); - iv = (unsigned char *)ivec; - } - cc = *(in++); - c = iv[n]; - iv[n] = cc; - *(out++) = c ^ cc; - n = (n + 1) & 0x07; - } - } - v0 = v1 = ti[0] = ti[1] = t = c = cc = 0; - *num = n; -} diff --git a/crypto/rc2/rc2ofb64.c b/crypto/rc2/rc2ofb64.c deleted file mode 100644 index 82c34b3aab02c546368aae0e73dd4aa1aba990d6..0000000000000000000000000000000000000000 --- a/crypto/rc2/rc2ofb64.c +++ /dev/null @@ -1,67 +0,0 @@ -/* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * RC2 low level APIs are deprecated for public use, but still ok for internal - * use. - */ -#include "internal/deprecated.h" - -#include -#include "rc2_local.h" - -/* - * The input and output encrypted as though 64bit ofb mode is being used. - * The extra state information to record how much of the 64bit block we have - * used is contained in *num; - */ -void RC2_ofb64_encrypt(const unsigned char *in, unsigned char *out, - long length, RC2_KEY *schedule, unsigned char *ivec, - int *num) -{ - register unsigned long v0, v1, t; - register int n = *num; - register long l = length; - unsigned char d[8]; - register char *dp; - unsigned long ti[2]; - unsigned char *iv; - int save = 0; - - iv = (unsigned char *)ivec; - c2l(iv, v0); - c2l(iv, v1); - ti[0] = v0; - ti[1] = v1; - dp = (char *)d; - l2c(v0, dp); - l2c(v1, dp); - while (l--) { - if (n == 0) { - RC2_encrypt((unsigned long *)ti, schedule); - dp = (char *)d; - t = ti[0]; - l2c(t, dp); - t = ti[1]; - l2c(t, dp); - save++; - } - *(out++) = *(in++) ^ d[n]; - n = (n + 1) & 0x07; - } - if (save) { - v0 = ti[0]; - v1 = ti[1]; - iv = (unsigned char *)ivec; - l2c(v0, iv); - l2c(v1, iv); - } - t = v0 = v1 = ti[0] = ti[1] = 0; - *num = n; -} diff --git a/crypto/rc4/asm/rc4-586.pl b/crypto/rc4/asm/rc4-586.pl deleted file mode 100644 index 1fae93ae1a7026051a6343701ab9e8f276758312..0000000000000000000000000000000000000000 --- a/crypto/rc4/asm/rc4-586.pl +++ /dev/null @@ -1,425 +0,0 @@ -#! /usr/bin/env perl -# Copyright 1998-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - - -# ==================================================================== -# [Re]written by Andy Polyakov for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# ==================================================================== - -# At some point it became apparent that the original SSLeay RC4 -# assembler implementation performs suboptimally on latest IA-32 -# microarchitectures. After re-tuning performance has changed as -# following: -# -# Pentium -10% -# Pentium III +12% -# AMD +50%(*) -# P4 +250%(**) -# -# (*) This number is actually a trade-off:-) It's possible to -# achieve +72%, but at the cost of -48% off PIII performance. -# In other words code performing further 13% faster on AMD -# would perform almost 2 times slower on Intel PIII... -# For reference! This code delivers ~80% of rc4-amd64.pl -# performance on the same Opteron machine. -# (**) This number requires compressed key schedule set up by -# RC4_set_key [see commentary below for further details]. - -# May 2011 -# -# Optimize for Core2 and Westmere [and incidentally Opteron]. Current -# performance in cycles per processed byte (less is better) and -# improvement relative to previous version of this module is: -# -# Pentium 10.2 # original numbers -# Pentium III 7.8(*) -# Intel P4 7.5 -# -# Opteron 6.1/+20% # new MMX numbers -# Core2 5.3/+67%(**) -# Westmere 5.1/+94%(**) -# Sandy Bridge 5.0/+8% -# Atom 12.6/+6% -# VIA Nano 6.4/+9% -# Ivy Bridge 4.9/±0% -# Bulldozer 4.9/+15% -# -# (*) PIII can actually deliver 6.6 cycles per byte with MMX code, -# but this specific code performs poorly on Core2. And vice -# versa, below MMX/SSE code delivering 5.8/7.1 on Core2 performs -# poorly on PIII, at 8.0/14.5:-( As PIII is not a "hot" CPU -# [anymore], I chose to discard PIII-specific code path and opt -# for original IALU-only code, which is why MMX/SSE code path -# is guarded by SSE2 bit (see below), not MMX/SSE. -# (**) Performance vs. block size on Core2 and Westmere had a maximum -# at ... 64 bytes block size. And it was quite a maximum, 40-60% -# in comparison to largest 8KB block size. Above improvement -# coefficients are for the largest block size. - -$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; -push(@INC,"${dir}","${dir}../../perlasm"); -require "x86asm.pl"; - -$output = pop and open STDOUT,">$output"; - -&asm_init($ARGV[0],$x86only = $ARGV[$#ARGV] eq "386"); - -$xx="eax"; -$yy="ebx"; -$tx="ecx"; -$ty="edx"; -$inp="esi"; -$out="ebp"; -$dat="edi"; - -sub RC4_loop { - my $i=shift; - my $func = ($i==0)?*mov:*or; - - &add (&LB($yy),&LB($tx)); - &mov ($ty,&DWP(0,$dat,$yy,4)); - &mov (&DWP(0,$dat,$yy,4),$tx); - &mov (&DWP(0,$dat,$xx,4),$ty); - &add ($ty,$tx); - &inc (&LB($xx)); - &and ($ty,0xff); - &ror ($out,8) if ($i!=0); - if ($i<3) { - &mov ($tx,&DWP(0,$dat,$xx,4)); - } else { - &mov ($tx,&wparam(3)); # reload [re-biased] out - } - &$func ($out,&DWP(0,$dat,$ty,4)); -} - -if ($alt=0) { - # >20% faster on Atom and Sandy Bridge[!], 8% faster on Opteron, - # but ~40% slower on Core2 and Westmere... Attempt to add movz - # brings down Opteron by 25%, Atom and Sandy Bridge by 15%, yet - # on Core2 with movz it's almost 20% slower than below alternative - # code... Yes, it's a total mess... - my @XX=($xx,$out); - $RC4_loop_mmx = sub { # SSE actually... - my $i=shift; - my $j=$i<=0?0:$i>>1; - my $mm=$i<=0?"mm0":"mm".($i&1); - - &add (&LB($yy),&LB($tx)); - &lea (@XX[1],&DWP(1,@XX[0])); - &pxor ("mm2","mm0") if ($i==0); - &psllq ("mm1",8) if ($i==0); - &and (@XX[1],0xff); - &pxor ("mm0","mm0") if ($i<=0); - &mov ($ty,&DWP(0,$dat,$yy,4)); - &mov (&DWP(0,$dat,$yy,4),$tx); - &pxor ("mm1","mm2") if ($i==0); - &mov (&DWP(0,$dat,$XX[0],4),$ty); - &add (&LB($ty),&LB($tx)); - &movd (@XX[0],"mm7") if ($i==0); - &mov ($tx,&DWP(0,$dat,@XX[1],4)); - &pxor ("mm1","mm1") if ($i==1); - &movq ("mm2",&QWP(0,$inp)) if ($i==1); - &movq (&QWP(-8,(@XX[0],$inp)),"mm1") if ($i==0); - &pinsrw ($mm,&DWP(0,$dat,$ty,4),$j); - - push (@XX,shift(@XX)) if ($i>=0); - } -} else { - # Using pinsrw here improves performance on Intel CPUs by 2-3%, but - # brings down AMD by 7%... - $RC4_loop_mmx = sub { - my $i=shift; - - &add (&LB($yy),&LB($tx)); - &psllq ("mm1",8*(($i-1)&7)) if (abs($i)!=1); - &mov ($ty,&DWP(0,$dat,$yy,4)); - &mov (&DWP(0,$dat,$yy,4),$tx); - &mov (&DWP(0,$dat,$xx,4),$ty); - &inc ($xx); - &add ($ty,$tx); - &movz ($xx,&LB($xx)); # (*) - &movz ($ty,&LB($ty)); # (*) - &pxor ("mm2",$i==1?"mm0":"mm1") if ($i>=0); - &movq ("mm0",&QWP(0,$inp)) if ($i<=0); - &movq (&QWP(-8,($out,$inp)),"mm2") if ($i==0); - &mov ($tx,&DWP(0,$dat,$xx,4)); - &movd ($i>0?"mm1":"mm2",&DWP(0,$dat,$ty,4)); - - # (*) This is the key to Core2 and Westmere performance. - # Without movz out-of-order execution logic confuses - # itself and fails to reorder loads and stores. Problem - # appears to be fixed in Sandy Bridge... - } -} - -&external_label("OPENSSL_ia32cap_P"); - -# void RC4(RC4_KEY *key,size_t len,const unsigned char *inp,unsigned char *out); -&function_begin("RC4"); - &mov ($dat,&wparam(0)); # load key schedule pointer - &mov ($ty, &wparam(1)); # load len - &mov ($inp,&wparam(2)); # load inp - &mov ($out,&wparam(3)); # load out - - &xor ($xx,$xx); # avoid partial register stalls - &xor ($yy,$yy); - - &cmp ($ty,0); # safety net - &je (&label("abort")); - - &mov (&LB($xx),&BP(0,$dat)); # load key->x - &mov (&LB($yy),&BP(4,$dat)); # load key->y - &add ($dat,8); - - &lea ($tx,&DWP(0,$inp,$ty)); - &sub ($out,$inp); # re-bias out - &mov (&wparam(1),$tx); # save input+len - - &inc (&LB($xx)); - - # detect compressed key schedule... - &cmp (&DWP(256,$dat),-1); - &je (&label("RC4_CHAR")); - - &mov ($tx,&DWP(0,$dat,$xx,4)); - - &and ($ty,-4); # how many 4-byte chunks? - &jz (&label("loop1")); - - &mov (&wparam(3),$out); # $out as accumulator in these loops - if ($x86only) { - &jmp (&label("go4loop4")); - } else { - &test ($ty,-8); - &jz (&label("go4loop4")); - - &picmeup($out,"OPENSSL_ia32cap_P"); - &bt (&DWP(0,$out),26); # check SSE2 bit [could have been MMX] - &jnc (&label("go4loop4")); - - &mov ($out,&wparam(3)) if (!$alt); - &movd ("mm7",&wparam(3)) if ($alt); - &and ($ty,-8); - &lea ($ty,&DWP(-8,$inp,$ty)); - &mov (&DWP(-4,$dat),$ty); # save input+(len/8)*8-8 - - &$RC4_loop_mmx(-1); - &jmp(&label("loop_mmx_enter")); - - &set_label("loop_mmx",16); - &$RC4_loop_mmx(0); - &set_label("loop_mmx_enter"); - for ($i=1;$i<8;$i++) { &$RC4_loop_mmx($i); } - &mov ($ty,$yy); - &xor ($yy,$yy); # this is second key to Core2 - &mov (&LB($yy),&LB($ty)); # and Westmere performance... - &cmp ($inp,&DWP(-4,$dat)); - &lea ($inp,&DWP(8,$inp)); - &jb (&label("loop_mmx")); - - if ($alt) { - &movd ($out,"mm7"); - &pxor ("mm2","mm0"); - &psllq ("mm1",8); - &pxor ("mm1","mm2"); - &movq (&QWP(-8,$out,$inp),"mm1"); - } else { - &psllq ("mm1",56); - &pxor ("mm2","mm1"); - &movq (&QWP(-8,$out,$inp),"mm2"); - } - &emms (); - - &cmp ($inp,&wparam(1)); # compare to input+len - &je (&label("done")); - &jmp (&label("loop1")); - } - -&set_label("go4loop4",16); - &lea ($ty,&DWP(-4,$inp,$ty)); - &mov (&wparam(2),$ty); # save input+(len/4)*4-4 - - &set_label("loop4"); - for ($i=0;$i<4;$i++) { RC4_loop($i); } - &ror ($out,8); - &xor ($out,&DWP(0,$inp)); - &cmp ($inp,&wparam(2)); # compare to input+(len/4)*4-4 - &mov (&DWP(0,$tx,$inp),$out);# $tx holds re-biased out here - &lea ($inp,&DWP(4,$inp)); - &mov ($tx,&DWP(0,$dat,$xx,4)); - &jb (&label("loop4")); - - &cmp ($inp,&wparam(1)); # compare to input+len - &je (&label("done")); - &mov ($out,&wparam(3)); # restore $out - - &set_label("loop1",16); - &add (&LB($yy),&LB($tx)); - &mov ($ty,&DWP(0,$dat,$yy,4)); - &mov (&DWP(0,$dat,$yy,4),$tx); - &mov (&DWP(0,$dat,$xx,4),$ty); - &add ($ty,$tx); - &inc (&LB($xx)); - &and ($ty,0xff); - &mov ($ty,&DWP(0,$dat,$ty,4)); - &xor (&LB($ty),&BP(0,$inp)); - &lea ($inp,&DWP(1,$inp)); - &mov ($tx,&DWP(0,$dat,$xx,4)); - &cmp ($inp,&wparam(1)); # compare to input+len - &mov (&BP(-1,$out,$inp),&LB($ty)); - &jb (&label("loop1")); - - &jmp (&label("done")); - -# this is essentially Intel P4 specific codepath... -&set_label("RC4_CHAR",16); - &movz ($tx,&BP(0,$dat,$xx)); - # strangely enough unrolled loop performs over 20% slower... - &set_label("cloop1"); - &add (&LB($yy),&LB($tx)); - &movz ($ty,&BP(0,$dat,$yy)); - &mov (&BP(0,$dat,$yy),&LB($tx)); - &mov (&BP(0,$dat,$xx),&LB($ty)); - &add (&LB($ty),&LB($tx)); - &movz ($ty,&BP(0,$dat,$ty)); - &add (&LB($xx),1); - &xor (&LB($ty),&BP(0,$inp)); - &lea ($inp,&DWP(1,$inp)); - &movz ($tx,&BP(0,$dat,$xx)); - &cmp ($inp,&wparam(1)); - &mov (&BP(-1,$out,$inp),&LB($ty)); - &jb (&label("cloop1")); - -&set_label("done"); - &dec (&LB($xx)); - &mov (&DWP(-4,$dat),$yy); # save key->y - &mov (&BP(-8,$dat),&LB($xx)); # save key->x -&set_label("abort"); -&function_end("RC4"); - -######################################################################## - -$inp="esi"; -$out="edi"; -$idi="ebp"; -$ido="ecx"; -$idx="edx"; - -# void RC4_set_key(RC4_KEY *key,int len,const unsigned char *data); -&function_begin("RC4_set_key"); - &mov ($out,&wparam(0)); # load key - &mov ($idi,&wparam(1)); # load len - &mov ($inp,&wparam(2)); # load data - &picmeup($idx,"OPENSSL_ia32cap_P"); - - &lea ($out,&DWP(2*4,$out)); # &key->data - &lea ($inp,&DWP(0,$inp,$idi)); # $inp to point at the end - &neg ($idi); - &xor ("eax","eax"); - &mov (&DWP(-4,$out),$idi); # borrow key->y - - &bt (&DWP(0,$idx),20); # check for bit#20 - &jc (&label("c1stloop")); - -&set_label("w1stloop",16); - &mov (&DWP(0,$out,"eax",4),"eax"); # key->data[i]=i; - &add (&LB("eax"),1); # i++; - &jnc (&label("w1stloop")); - - &xor ($ido,$ido); - &xor ($idx,$idx); - -&set_label("w2ndloop",16); - &mov ("eax",&DWP(0,$out,$ido,4)); - &add (&LB($idx),&BP(0,$inp,$idi)); - &add (&LB($idx),&LB("eax")); - &add ($idi,1); - &mov ("ebx",&DWP(0,$out,$idx,4)); - &jnz (&label("wnowrap")); - &mov ($idi,&DWP(-4,$out)); - &set_label("wnowrap"); - &mov (&DWP(0,$out,$idx,4),"eax"); - &mov (&DWP(0,$out,$ido,4),"ebx"); - &add (&LB($ido),1); - &jnc (&label("w2ndloop")); -&jmp (&label("exit")); - -# Unlike all other x86 [and x86_64] implementations, Intel P4 core -# [including EM64T] was found to perform poorly with above "32-bit" key -# schedule, a.k.a. RC4_INT. Performance improvement for IA-32 hand-coded -# assembler turned out to be 3.5x if re-coded for compressed 8-bit one, -# a.k.a. RC4_CHAR! It's however inappropriate to just switch to 8-bit -# schedule for x86[_64], because non-P4 implementations suffer from -# significant performance losses then, e.g. PIII exhibits >2x -# deterioration, and so does Opteron. In order to assure optimal -# all-round performance, we detect P4 at run-time and set up compressed -# key schedule, which is recognized by RC4 procedure. - -&set_label("c1stloop",16); - &mov (&BP(0,$out,"eax"),&LB("eax")); # key->data[i]=i; - &add (&LB("eax"),1); # i++; - &jnc (&label("c1stloop")); - - &xor ($ido,$ido); - &xor ($idx,$idx); - &xor ("ebx","ebx"); - -&set_label("c2ndloop",16); - &mov (&LB("eax"),&BP(0,$out,$ido)); - &add (&LB($idx),&BP(0,$inp,$idi)); - &add (&LB($idx),&LB("eax")); - &add ($idi,1); - &mov (&LB("ebx"),&BP(0,$out,$idx)); - &jnz (&label("cnowrap")); - &mov ($idi,&DWP(-4,$out)); - &set_label("cnowrap"); - &mov (&BP(0,$out,$idx),&LB("eax")); - &mov (&BP(0,$out,$ido),&LB("ebx")); - &add (&LB($ido),1); - &jnc (&label("c2ndloop")); - - &mov (&DWP(256,$out),-1); # mark schedule as compressed - -&set_label("exit"); - &xor ("eax","eax"); - &mov (&DWP(-8,$out),"eax"); # key->x=0; - &mov (&DWP(-4,$out),"eax"); # key->y=0; -&function_end("RC4_set_key"); - -# const char *RC4_options(void); -&function_begin_B("RC4_options"); - &call (&label("pic_point")); -&set_label("pic_point"); - &blindpop("eax"); - &lea ("eax",&DWP(&label("opts")."-".&label("pic_point"),"eax")); - &picmeup("edx","OPENSSL_ia32cap_P"); - &mov ("edx",&DWP(0,"edx")); - &bt ("edx",20); - &jc (&label("1xchar")); - &bt ("edx",26); - &jnc (&label("ret")); - &add ("eax",25); - &ret (); -&set_label("1xchar"); - &add ("eax",12); -&set_label("ret"); - &ret (); -&set_label("opts",64); -&asciz ("rc4(4x,int)"); -&asciz ("rc4(1x,char)"); -&asciz ("rc4(8x,mmx)"); -&asciz ("RC4 for x86, CRYPTOGAMS by "); -&align (64); -&function_end_B("RC4_options"); - -&asm_finish(); - -close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/rc4/asm/rc4-c64xplus.pl b/crypto/rc4/asm/rc4-c64xplus.pl deleted file mode 100644 index bd1745f1f32bbc3572e7e17939a69a07c0803d95..0000000000000000000000000000000000000000 --- a/crypto/rc4/asm/rc4-c64xplus.pl +++ /dev/null @@ -1,191 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2014-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - -# -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# ==================================================================== -# -# RC4 for C64x+. -# -# April 2014 -# -# RC4 subroutine processes one byte in 7.0 cycles, which is 3x faster -# than TI CGT-generated code. Loop is scheduled in such way that -# there is only one reference to memory in each cycle. This is done -# to avoid L1D memory banking conflicts, see SPRU871 TI publication -# for further details. Otherwise it should be possible to schedule -# the loop for iteration interval of 6... - -($KEY,$LEN,$INP,$OUT)=("A4","B4","A6","B6"); - -($KEYA,$XX,$TY,$xx,$ONE,$ret)=map("A$_",(5,7,8,9,1,2)); -($KEYB,$YY,$TX,$tx,$SUM,$dat)=map("B$_",(5,7,8,9,1,2)); - -$code.=<<___; - .text - - .if .ASSEMBLER_VERSION<7000000 - .asg 0,__TI_EABI__ - .endif - .if __TI_EABI__ - .nocmp - .asg RC4,_RC4 - .asg RC4_set_key,_RC4_set_key - .asg RC4_options,_RC4_options - .endif - - .global _RC4 - .align 16 -_RC4: - .asmfunc - MV $LEN,B0 - [!B0] BNOP B3 ; if (len==0) return; -||[B0] ADD $KEY,2,$KEYA -||[B0] ADD $KEY,2,$KEYB - [B0] MVK 1,$ONE -||[B0] LDBU *${KEYA}[-2],$XX ; key->x - [B0] LDBU *${KEYB}[-1],$YY ; key->y -|| NOP 4 - - ADD4 $ONE,$XX,$XX - LDBU *${KEYA}[$XX],$TX -|| MVC $LEN,ILC - NOP 4 -;;================================================== - SPLOOP 7 -|| ADD4 $TX,$YY,$YY - - LDBU *${KEYB}[$YY],$TY -|| MVD $XX,$xx -|| ADD4 $ONE,$XX,$XX - LDBU *${KEYA}[$XX],$tx - CMPEQ $YY,$XX,B0 -|| NOP 3 - STB $TX,*${KEYB}[$YY] -||[B0] ADD4 $TX,$YY,$YY - STB $TY,*${KEYA}[$xx] -||[!B0] ADD4 $tx,$YY,$YY -||[!B0] MVD $tx,$TX - ADD4 $TY,$TX,$SUM ; [0,0] $TX is not replaced by $tx yet! -|| NOP 2 - LDBU *$INP++,$dat -|| NOP 2 - LDBU *${KEYB}[$SUM],$ret -|| NOP 5 - XOR.L $dat,$ret,$ret - SPKERNEL -|| STB $ret,*$OUT++ -;;================================================== - SUB4 $XX,$ONE,$XX -|| NOP 5 - STB $XX,*${KEYA}[-2] ; key->x -|| SUB4 $YY,$TX,$YY -|| BNOP B3 - STB $YY,*${KEYB}[-1] ; key->y -|| NOP 5 - .endasmfunc - - .global _RC4_set_key - .align 16 -_RC4_set_key: - .asmfunc - .if .BIG_ENDIAN - MVK 0x00000404,$ONE -|| MVK 0x00000203,B0 - MVKH 0x04040000,$ONE -|| MVKH 0x00010000,B0 - .else - MVK 0x00000404,$ONE -|| MVK 0x00000100,B0 - MVKH 0x04040000,$ONE -|| MVKH 0x03020000,B0 - .endif - ADD $KEY,2,$KEYA -|| ADD $KEY,2,$KEYB -|| ADD $INP,$LEN,$ret ; end of input - LDBU *${INP}++,$dat -|| MVK 0,$TX - STH $TX,*${KEY}++ ; key->x=key->y=0 -|| MV B0,A0 -|| MVK 64-4,B0 - -;;================================================== - SPLOOPD 1 -|| MVC B0,ILC - - STNW A0,*${KEY}++ -|| ADD4 $ONE,A0,A0 - SPKERNEL -;;================================================== - - MVK 0,$YY -|| MVK 0,$XX - MVK 1,$ONE -|| MVK 256-1,B0 - -;;================================================== - SPLOOPD 8 -|| MVC B0,ILC - - ADD4 $dat,$YY,$YY -|| CMPEQ $INP,$ret,A0 ; end of input? - LDBU *${KEYB}[$YY],$TY -|| MVD $XX,$xx -|| ADD4 $ONE,$XX,$XX - LDBU *${KEYA}[$XX],$tx -||[A0] SUB $INP,$LEN,$INP ; rewind - LDBU *${INP}++,$dat -|| CMPEQ $YY,$XX,B0 -|| NOP 3 - STB $TX,*${KEYB}[$YY] -||[B0] ADD4 $TX,$YY,$YY - STB $TY,*${KEYA}[$xx] -||[!B0] ADD4 $tx,$YY,$YY -||[!B0] MV $tx,$TX - SPKERNEL -;;================================================== - - BNOP B3,5 - .endasmfunc - - .global _RC4_options - .align 16 -_RC4_options: -_rc4_options: - .asmfunc - BNOP B3,1 - ADDKPC _rc4_options,B4 - .if __TI_EABI__ - MVKL \$PCR_OFFSET(rc4_options,_rc4_options),A4 - MVKH \$PCR_OFFSET(rc4_options,_rc4_options),A4 - .else - MVKL (rc4_options-_rc4_options),A4 - MVKH (rc4_options-_rc4_options),A4 - .endif - ADD B4,A4,A4 - .endasmfunc - - .if __TI_EABI__ - .sect ".text:rc4_options.const" - .else - .sect ".const:rc4_options" - .endif - .align 4 -rc4_options: - .cstring "rc4(sploop,char)" - .cstring "RC4 for C64+, CRYPTOGAMS by " - .align 4 -___ - -$output = pop and open STDOUT,">$output"; -print $code; -close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/rc4/asm/rc4-md5-x86_64.pl b/crypto/rc4/asm/rc4-md5-x86_64.pl deleted file mode 100644 index 90c94dcb5e3dc8adf3af1ded1541e1b8fb7422d1..0000000000000000000000000000000000000000 --- a/crypto/rc4/asm/rc4-md5-x86_64.pl +++ /dev/null @@ -1,665 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2011-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - -# -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# ==================================================================== - -# June 2011 -# -# This is RC4+MD5 "stitch" implementation. The idea, as spelled in -# http://download.intel.com/design/intarch/papers/323686.pdf, is that -# since both algorithms exhibit instruction-level parallelism, ILP, -# below theoretical maximum, interleaving them would allow to utilize -# processor resources better and achieve better performance. RC4 -# instruction sequence is virtually identical to rc4-x86_64.pl, which -# is heavily based on submission by Maxim Perminov, Maxim Locktyukhin -# and Jim Guilford of Intel. MD5 is fresh implementation aiming to -# minimize register usage, which was used as "main thread" with RC4 -# weaved into it, one RC4 round per one MD5 round. In addition to the -# stiched subroutine the script can generate standalone replacement -# ossl_md5_block_asm_data_order and RC4. Below are performance numbers in -# cycles per processed byte, less is better, for these the standalone -# subroutines, sum of them, and stitched one: -# -# RC4 MD5 RC4+MD5 stitch gain -# Opteron 6.5(*) 5.4 11.9 7.0 +70%(*) -# Core2 6.5 5.8 12.3 7.7 +60% -# Westmere 4.3 5.2 9.5 7.0 +36% -# Sandy Bridge 4.2 5.5 9.7 6.8 +43% -# Ivy Bridge 4.1 5.2 9.3 6.0 +54% -# Haswell 4.0 5.0 9.0 5.7 +60% -# Skylake 6.3(**) 5.0 11.3 5.3 +110% -# Atom 9.3 6.5 15.8 11.1 +42% -# VIA Nano 6.3 5.4 11.7 8.6 +37% -# Bulldozer 4.5 5.4 9.9 7.7 +29% -# -# (*) rc4-x86_64.pl delivers 5.3 on Opteron, so real improvement -# is +53%... -# (**) unidentified anomaly; - -my ($rc4,$md5)=(1,1); # what to generate? -my $D="#" if (!$md5); # if set to "#", MD5 is stitched into RC4(), - # but its result is discarded. Idea here is - # to be able to use 'openssl speed rc4' for - # benchmarking the stitched subroutine... - -# $output is the last argument if it looks like a file (it has an extension) -# $flavour is the first argument if it doesn't look like a file -my $output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; -my $flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef; - -my $win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/); - -$0 =~ m/(.*[\/\\])[^\/\\]+$/; my $dir=$1; my $xlate; -( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or -( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or -die "can't locate x86_64-xlate.pl"; - -open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"" - or die "can't call $xlate: $!"; -*STDOUT=*OUT; - -my ($dat,$in0,$out,$ctx,$inp,$len, $func,$nargs); - -if ($rc4 && !$md5) { - ($dat,$len,$in0,$out) = ("%rdi","%rsi","%rdx","%rcx"); - $func="RC4"; $nargs=4; -} elsif ($md5 && !$rc4) { - ($ctx,$inp,$len) = ("%rdi","%rsi","%rdx"); - $func="ossl_md5_block_asm_data_order"; $nargs=3; -} else { - ($dat,$in0,$out,$ctx,$inp,$len) = ("%rdi","%rsi","%rdx","%rcx","%r8","%r9"); - $func="rc4_md5_enc"; $nargs=6; - # void rc4_md5_enc( - # RC4_KEY *key, # - # const void *in0, # RC4 input - # void *out, # RC4 output - # MD5_CTX *ctx, # - # const void *inp, # MD5 input - # size_t len); # number of 64-byte blocks -} - -my @K=( 0xd76aa478,0xe8c7b756,0x242070db,0xc1bdceee, - 0xf57c0faf,0x4787c62a,0xa8304613,0xfd469501, - 0x698098d8,0x8b44f7af,0xffff5bb1,0x895cd7be, - 0x6b901122,0xfd987193,0xa679438e,0x49b40821, - - 0xf61e2562,0xc040b340,0x265e5a51,0xe9b6c7aa, - 0xd62f105d,0x02441453,0xd8a1e681,0xe7d3fbc8, - 0x21e1cde6,0xc33707d6,0xf4d50d87,0x455a14ed, - 0xa9e3e905,0xfcefa3f8,0x676f02d9,0x8d2a4c8a, - - 0xfffa3942,0x8771f681,0x6d9d6122,0xfde5380c, - 0xa4beea44,0x4bdecfa9,0xf6bb4b60,0xbebfbc70, - 0x289b7ec6,0xeaa127fa,0xd4ef3085,0x04881d05, - 0xd9d4d039,0xe6db99e5,0x1fa27cf8,0xc4ac5665, - - 0xf4292244,0x432aff97,0xab9423a7,0xfc93a039, - 0x655b59c3,0x8f0ccc92,0xffeff47d,0x85845dd1, - 0x6fa87e4f,0xfe2ce6e0,0xa3014314,0x4e0811a1, - 0xf7537e82,0xbd3af235,0x2ad7d2bb,0xeb86d391 ); - -my @V=("%r8d","%r9d","%r10d","%r11d"); # MD5 registers -my $tmp="%r12d"; - -my @XX=("%rbp","%rsi"); # RC4 registers -my @TX=("%rax","%rbx"); -my $YY="%rcx"; -my $TY="%rdx"; - -my $MOD=32; # 16, 32 or 64 - -$code.=<<___; -.text -.align 16 - -.globl $func -.type $func,\@function,$nargs -$func: -.cfi_startproc - cmp \$0,$len - je .Labort - push %rbx -.cfi_push %rbx - push %rbp -.cfi_push %rbp - push %r12 -.cfi_push %r12 - push %r13 -.cfi_push %r13 - push %r14 -.cfi_push %r14 - push %r15 -.cfi_push %r15 - sub \$40,%rsp -.cfi_adjust_cfa_offset 40 -.Lbody: -___ -if ($rc4) { -$code.=<<___; -$D#md5# mov $ctx,%r11 # reassign arguments - mov $len,%r12 - mov $in0,%r13 - mov $out,%r14 -$D#md5# mov $inp,%r15 -___ - $ctx="%r11" if ($md5); # reassign arguments - $len="%r12"; - $in0="%r13"; - $out="%r14"; - $inp="%r15" if ($md5); - $inp=$in0 if (!$md5); -$code.=<<___; - xor $XX[0],$XX[0] - xor $YY,$YY - - lea 8($dat),$dat - mov -8($dat),$XX[0]#b - mov -4($dat),$YY#b - - inc $XX[0]#b - sub $in0,$out - movl ($dat,$XX[0],4),$TX[0]#d -___ -$code.=<<___ if (!$md5); - xor $TX[1],$TX[1] - test \$-128,$len - jz .Loop1 - sub $XX[0],$TX[1] - and \$`$MOD-1`,$TX[1] - jz .Loop${MOD}_is_hot - sub $TX[1],$len -.Loop${MOD}_warmup: - add $TX[0]#b,$YY#b - movl ($dat,$YY,4),$TY#d - movl $TX[0]#d,($dat,$YY,4) - movl $TY#d,($dat,$XX[0],4) - add $TY#b,$TX[0]#b - inc $XX[0]#b - movl ($dat,$TX[0],4),$TY#d - movl ($dat,$XX[0],4),$TX[0]#d - xorb ($in0),$TY#b - movb $TY#b,($out,$in0) - lea 1($in0),$in0 - dec $TX[1] - jnz .Loop${MOD}_warmup - - mov $YY,$TX[1] - xor $YY,$YY - mov $TX[1]#b,$YY#b - -.Loop${MOD}_is_hot: - mov $len,32(%rsp) # save original $len - shr \$6,$len # number of 64-byte blocks -___ - if ($D && !$md5) { # stitch in dummy MD5 - $md5=1; - $ctx="%r11"; - $inp="%r15"; - $code.=<<___; - mov %rsp,$ctx - mov $in0,$inp -___ - } -} -$code.=<<___; -#rc4# add $TX[0]#b,$YY#b -#rc4# lea ($dat,$XX[0],4),$XX[1] - shl \$6,$len - add $inp,$len # pointer to the end of input - mov $len,16(%rsp) - -#md5# mov $ctx,24(%rsp) # save pointer to MD5_CTX -#md5# mov 0*4($ctx),$V[0] # load current hash value from MD5_CTX -#md5# mov 1*4($ctx),$V[1] -#md5# mov 2*4($ctx),$V[2] -#md5# mov 3*4($ctx),$V[3] - jmp .Loop - -.align 16 -.Loop: -#md5# mov $V[0],0*4(%rsp) # put aside current hash value -#md5# mov $V[1],1*4(%rsp) -#md5# mov $V[2],2*4(%rsp) -#md5# mov $V[3],$tmp # forward reference -#md5# mov $V[3],3*4(%rsp) -___ - -sub R0 { - my ($i,$a,$b,$c,$d)=@_; - my @rot0=(7,12,17,22); - my $j=$i%16; - my $k=$i%$MOD; - my $xmm="%xmm".($j&1); - $code.=" movdqu ($in0),%xmm2\n" if ($rc4 && $j==15); - $code.=" add \$$MOD,$XX[0]#b\n" if ($rc4 && $j==15 && $k==$MOD-1); - $code.=" pxor $xmm,$xmm\n" if ($rc4 && $j<=1); - $code.=<<___; -#rc4# movl ($dat,$YY,4),$TY#d -#md5# xor $c,$tmp -#rc4# movl $TX[0]#d,($dat,$YY,4) -#md5# and $b,$tmp -#md5# add 4*`$j`($inp),$a -#rc4# add $TY#b,$TX[0]#b -#rc4# movl `4*(($k+1)%$MOD)`(`$k==$MOD-1?"$dat,$XX[0],4":"$XX[1]"`),$TX[1]#d -#md5# add \$$K[$i],$a -#md5# xor $d,$tmp -#rc4# movz $TX[0]#b,$TX[0]#d -#rc4# movl $TY#d,4*$k($XX[1]) -#md5# add $tmp,$a -#rc4# add $TX[1]#b,$YY#b -#md5# rol \$$rot0[$j%4],$a -#md5# mov `$j==15?"$b":"$c"`,$tmp # forward reference -#rc4# pinsrw \$`($j>>1)&7`,($dat,$TX[0],4),$xmm\n -#md5# add $b,$a -___ - $code.=<<___ if ($rc4 && $j==15 && $k==$MOD-1); - mov $YY,$XX[1] - xor $YY,$YY # keyword to partial register - mov $XX[1]#b,$YY#b - lea ($dat,$XX[0],4),$XX[1] -___ - $code.=<<___ if ($rc4 && $j==15); - psllq \$8,%xmm1 - pxor %xmm0,%xmm2 - pxor %xmm1,%xmm2 -___ -} -sub R1 { - my ($i,$a,$b,$c,$d)=@_; - my @rot1=(5,9,14,20); - my $j=$i%16; - my $k=$i%$MOD; - my $xmm="%xmm".($j&1); - $code.=" movdqu 16($in0),%xmm3\n" if ($rc4 && $j==15); - $code.=" add \$$MOD,$XX[0]#b\n" if ($rc4 && $j==15 && $k==$MOD-1); - $code.=" pxor $xmm,$xmm\n" if ($rc4 && $j<=1); - $code.=<<___; -#rc4# movl ($dat,$YY,4),$TY#d -#md5# xor $b,$tmp -#rc4# movl $TX[0]#d,($dat,$YY,4) -#md5# and $d,$tmp -#md5# add 4*`((1+5*$j)%16)`($inp),$a -#rc4# add $TY#b,$TX[0]#b -#rc4# movl `4*(($k+1)%$MOD)`(`$k==$MOD-1?"$dat,$XX[0],4":"$XX[1]"`),$TX[1]#d -#md5# add \$$K[$i],$a -#md5# xor $c,$tmp -#rc4# movz $TX[0]#b,$TX[0]#d -#rc4# movl $TY#d,4*$k($XX[1]) -#md5# add $tmp,$a -#rc4# add $TX[1]#b,$YY#b -#md5# rol \$$rot1[$j%4],$a -#md5# mov `$j==15?"$c":"$b"`,$tmp # forward reference -#rc4# pinsrw \$`($j>>1)&7`,($dat,$TX[0],4),$xmm\n -#md5# add $b,$a -___ - $code.=<<___ if ($rc4 && $j==15 && $k==$MOD-1); - mov $YY,$XX[1] - xor $YY,$YY # keyword to partial register - mov $XX[1]#b,$YY#b - lea ($dat,$XX[0],4),$XX[1] -___ - $code.=<<___ if ($rc4 && $j==15); - psllq \$8,%xmm1 - pxor %xmm0,%xmm3 - pxor %xmm1,%xmm3 -___ -} -sub R2 { - my ($i,$a,$b,$c,$d)=@_; - my @rot2=(4,11,16,23); - my $j=$i%16; - my $k=$i%$MOD; - my $xmm="%xmm".($j&1); - $code.=" movdqu 32($in0),%xmm4\n" if ($rc4 && $j==15); - $code.=" add \$$MOD,$XX[0]#b\n" if ($rc4 && $j==15 && $k==$MOD-1); - $code.=" pxor $xmm,$xmm\n" if ($rc4 && $j<=1); - $code.=<<___; -#rc4# movl ($dat,$YY,4),$TY#d -#md5# xor $c,$tmp -#rc4# movl $TX[0]#d,($dat,$YY,4) -#md5# xor $b,$tmp -#md5# add 4*`((5+3*$j)%16)`($inp),$a -#rc4# add $TY#b,$TX[0]#b -#rc4# movl `4*(($k+1)%$MOD)`(`$k==$MOD-1?"$dat,$XX[0],4":"$XX[1]"`),$TX[1]#d -#md5# add \$$K[$i],$a -#rc4# movz $TX[0]#b,$TX[0]#d -#md5# add $tmp,$a -#rc4# movl $TY#d,4*$k($XX[1]) -#rc4# add $TX[1]#b,$YY#b -#md5# rol \$$rot2[$j%4],$a -#md5# mov `$j==15?"\\\$-1":"$c"`,$tmp # forward reference -#rc4# pinsrw \$`($j>>1)&7`,($dat,$TX[0],4),$xmm\n -#md5# add $b,$a -___ - $code.=<<___ if ($rc4 && $j==15 && $k==$MOD-1); - mov $YY,$XX[1] - xor $YY,$YY # keyword to partial register - mov $XX[1]#b,$YY#b - lea ($dat,$XX[0],4),$XX[1] -___ - $code.=<<___ if ($rc4 && $j==15); - psllq \$8,%xmm1 - pxor %xmm0,%xmm4 - pxor %xmm1,%xmm4 -___ -} -sub R3 { - my ($i,$a,$b,$c,$d)=@_; - my @rot3=(6,10,15,21); - my $j=$i%16; - my $k=$i%$MOD; - my $xmm="%xmm".($j&1); - $code.=" movdqu 48($in0),%xmm5\n" if ($rc4 && $j==15); - $code.=" add \$$MOD,$XX[0]#b\n" if ($rc4 && $j==15 && $k==$MOD-1); - $code.=" pxor $xmm,$xmm\n" if ($rc4 && $j<=1); - $code.=<<___; -#rc4# movl ($dat,$YY,4),$TY#d -#md5# xor $d,$tmp -#rc4# movl $TX[0]#d,($dat,$YY,4) -#md5# or $b,$tmp -#md5# add 4*`((7*$j)%16)`($inp),$a -#rc4# add $TY#b,$TX[0]#b -#rc4# movl `4*(($k+1)%$MOD)`(`$k==$MOD-1?"$dat,$XX[0],4":"$XX[1]"`),$TX[1]#d -#md5# add \$$K[$i],$a -#rc4# movz $TX[0]#b,$TX[0]#d -#md5# xor $c,$tmp -#rc4# movl $TY#d,4*$k($XX[1]) -#md5# add $tmp,$a -#rc4# add $TX[1]#b,$YY#b -#md5# rol \$$rot3[$j%4],$a -#md5# mov \$-1,$tmp # forward reference -#rc4# pinsrw \$`($j>>1)&7`,($dat,$TX[0],4),$xmm\n -#md5# add $b,$a -___ - $code.=<<___ if ($rc4 && $j==15); - mov $XX[0],$XX[1] - xor $XX[0],$XX[0] # keyword to partial register - mov $XX[1]#b,$XX[0]#b - mov $YY,$XX[1] - xor $YY,$YY # keyword to partial register - mov $XX[1]#b,$YY#b - lea ($dat,$XX[0],4),$XX[1] - psllq \$8,%xmm1 - pxor %xmm0,%xmm5 - pxor %xmm1,%xmm5 -___ -} - -my $i=0; -for(;$i<16;$i++) { R0($i,@V); unshift(@V,pop(@V)); push(@TX,shift(@TX)); } -for(;$i<32;$i++) { R1($i,@V); unshift(@V,pop(@V)); push(@TX,shift(@TX)); } -for(;$i<48;$i++) { R2($i,@V); unshift(@V,pop(@V)); push(@TX,shift(@TX)); } -for(;$i<64;$i++) { R3($i,@V); unshift(@V,pop(@V)); push(@TX,shift(@TX)); } - -$code.=<<___; -#md5# add 0*4(%rsp),$V[0] # accumulate hash value -#md5# add 1*4(%rsp),$V[1] -#md5# add 2*4(%rsp),$V[2] -#md5# add 3*4(%rsp),$V[3] - -#rc4# movdqu %xmm2,($out,$in0) # write RC4 output -#rc4# movdqu %xmm3,16($out,$in0) -#rc4# movdqu %xmm4,32($out,$in0) -#rc4# movdqu %xmm5,48($out,$in0) -#md5# lea 64($inp),$inp -#rc4# lea 64($in0),$in0 - cmp 16(%rsp),$inp # are we done? - jb .Loop - -#md5# mov 24(%rsp),$len # restore pointer to MD5_CTX -#rc4# sub $TX[0]#b,$YY#b # correct $YY -#md5# mov $V[0],0*4($len) # write MD5_CTX -#md5# mov $V[1],1*4($len) -#md5# mov $V[2],2*4($len) -#md5# mov $V[3],3*4($len) -___ -$code.=<<___ if ($rc4 && (!$md5 || $D)); - mov 32(%rsp),$len # restore original $len - and \$63,$len # remaining bytes - jnz .Loop1 - jmp .Ldone - -.align 16 -.Loop1: - add $TX[0]#b,$YY#b - movl ($dat,$YY,4),$TY#d - movl $TX[0]#d,($dat,$YY,4) - movl $TY#d,($dat,$XX[0],4) - add $TY#b,$TX[0]#b - inc $XX[0]#b - movl ($dat,$TX[0],4),$TY#d - movl ($dat,$XX[0],4),$TX[0]#d - xorb ($in0),$TY#b - movb $TY#b,($out,$in0) - lea 1($in0),$in0 - dec $len - jnz .Loop1 - -.Ldone: -___ -$code.=<<___; -#rc4# sub \$1,$XX[0]#b -#rc4# movl $XX[0]#d,-8($dat) -#rc4# movl $YY#d,-4($dat) - - mov 40(%rsp),%r15 -.cfi_restore %r15 - mov 48(%rsp),%r14 -.cfi_restore %r14 - mov 56(%rsp),%r13 -.cfi_restore %r13 - mov 64(%rsp),%r12 -.cfi_restore %r12 - mov 72(%rsp),%rbp -.cfi_restore %rbp - mov 80(%rsp),%rbx -.cfi_restore %rbx - lea 88(%rsp),%rsp -.cfi_adjust_cfa_offset -88 -.Lepilogue: -.Labort: - ret -.cfi_endproc -.size $func,.-$func -___ - -if ($rc4 && $D) { # sole purpose of this section is to provide - # option to use the generated module as drop-in - # replacement for rc4-x86_64.pl for debugging - # and testing purposes... -my ($idx,$ido)=("%r8","%r9"); -my ($dat,$len,$inp)=("%rdi","%rsi","%rdx"); - -$code.=<<___; -.globl RC4_set_key -.type RC4_set_key,\@function,3 -.align 16 -RC4_set_key: -.cfi_startproc - lea 8($dat),$dat - lea ($inp,$len),$inp - neg $len - mov $len,%rcx - xor %eax,%eax - xor $ido,$ido - xor %r10,%r10 - xor %r11,%r11 - jmp .Lw1stloop - -.align 16 -.Lw1stloop: - mov %eax,($dat,%rax,4) - add \$1,%al - jnc .Lw1stloop - - xor $ido,$ido - xor $idx,$idx -.align 16 -.Lw2ndloop: - mov ($dat,$ido,4),%r10d - add ($inp,$len,1),$idx#b - add %r10b,$idx#b - add \$1,$len - mov ($dat,$idx,4),%r11d - cmovz %rcx,$len - mov %r10d,($dat,$idx,4) - mov %r11d,($dat,$ido,4) - add \$1,$ido#b - jnc .Lw2ndloop - - xor %eax,%eax - mov %eax,-8($dat) - mov %eax,-4($dat) - ret -.cfi_endproc -.size RC4_set_key,.-RC4_set_key - -.globl RC4_options -.type RC4_options,\@abi-omnipotent -.align 16 -RC4_options: - lea .Lopts(%rip),%rax - ret -.align 64 -.Lopts: -.asciz "rc4(64x,int)" -.align 64 -.size RC4_options,.-RC4_options -___ -} -# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame, -# CONTEXT *context,DISPATCHER_CONTEXT *disp) -if ($win64) { -my $rec="%rcx"; -my $frame="%rdx"; -my $context="%r8"; -my $disp="%r9"; - -$code.=<<___; -.extern __imp_RtlVirtualUnwind -.type se_handler,\@abi-omnipotent -.align 16 -se_handler: - push %rsi - push %rdi - push %rbx - push %rbp - push %r12 - push %r13 - push %r14 - push %r15 - pushfq - sub \$64,%rsp - - mov 120($context),%rax # pull context->Rax - mov 248($context),%rbx # pull context->Rip - - lea .Lbody(%rip),%r10 - cmp %r10,%rbx # context->Rip<.Lbody - jb .Lin_prologue - - mov 152($context),%rax # pull context->Rsp - - lea .Lepilogue(%rip),%r10 - cmp %r10,%rbx # context->Rip>=.Lepilogue - jae .Lin_prologue - - mov 40(%rax),%r15 - mov 48(%rax),%r14 - mov 56(%rax),%r13 - mov 64(%rax),%r12 - mov 72(%rax),%rbp - mov 80(%rax),%rbx - lea 88(%rax),%rax - - mov %rbx,144($context) # restore context->Rbx - mov %rbp,160($context) # restore context->Rbp - mov %r12,216($context) # restore context->R12 - mov %r13,224($context) # restore context->R12 - mov %r14,232($context) # restore context->R14 - mov %r15,240($context) # restore context->R15 - -.Lin_prologue: - mov 8(%rax),%rdi - mov 16(%rax),%rsi - mov %rax,152($context) # restore context->Rsp - mov %rsi,168($context) # restore context->Rsi - mov %rdi,176($context) # restore context->Rdi - - mov 40($disp),%rdi # disp->ContextRecord - mov $context,%rsi # context - mov \$154,%ecx # sizeof(CONTEXT) - .long 0xa548f3fc # cld; rep movsq - - mov $disp,%rsi - xor %rcx,%rcx # arg1, UNW_FLAG_NHANDLER - mov 8(%rsi),%rdx # arg2, disp->ImageBase - mov 0(%rsi),%r8 # arg3, disp->ControlPc - mov 16(%rsi),%r9 # arg4, disp->FunctionEntry - mov 40(%rsi),%r10 # disp->ContextRecord - lea 56(%rsi),%r11 # &disp->HandlerData - lea 24(%rsi),%r12 # &disp->EstablisherFrame - mov %r10,32(%rsp) # arg5 - mov %r11,40(%rsp) # arg6 - mov %r12,48(%rsp) # arg7 - mov %rcx,56(%rsp) # arg8, (NULL) - call *__imp_RtlVirtualUnwind(%rip) - - mov \$1,%eax # ExceptionContinueSearch - add \$64,%rsp - popfq - pop %r15 - pop %r14 - pop %r13 - pop %r12 - pop %rbp - pop %rbx - pop %rdi - pop %rsi - ret -.size se_handler,.-se_handler - -.section .pdata -.align 4 - .rva .LSEH_begin_$func - .rva .LSEH_end_$func - .rva .LSEH_info_$func - -.section .xdata -.align 8 -.LSEH_info_$func: - .byte 9,0,0,0 - .rva se_handler -___ -} - -sub reg_part { -my ($reg,$conv)=@_; - if ($reg =~ /%r[0-9]+/) { $reg .= $conv; } - elsif ($conv eq "b") { $reg =~ s/%[er]([^x]+)x?/%$1l/; } - elsif ($conv eq "w") { $reg =~ s/%[er](.+)/%$1/; } - elsif ($conv eq "d") { $reg =~ s/%[er](.+)/%e$1/; } - return $reg; -} - -$code =~ s/(%[a-z0-9]+)#([bwd])/reg_part($1,$2)/gem; -$code =~ s/\`([^\`]*)\`/eval $1/gem; -$code =~ s/pinsrw\s+\$0,/movd /gm; - -$code =~ s/#md5#//gm if ($md5); -$code =~ s/#rc4#//gm if ($rc4); - -print $code; - -close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/rc4/asm/rc4-parisc.pl b/crypto/rc4/asm/rc4-parisc.pl deleted file mode 100644 index 9a38674a59f557920ff452db8c4fba716903efdd..0000000000000000000000000000000000000000 --- a/crypto/rc4/asm/rc4-parisc.pl +++ /dev/null @@ -1,336 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2009-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - - -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# ==================================================================== - -# RC4 for PA-RISC. - -# June 2009. -# -# Performance is 33% better than gcc 3.2 generated code on PA-7100LC. -# For reference, [4x] unrolled loop is >40% faster than folded one. -# It's possible to unroll loop 8 times on PA-RISC 2.0, but improvement -# is believed to be not sufficient to justify the effort... -# -# Special thanks to polarhome.com for providing HP-UX account. - -$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; - -# $output is the last argument if it looks like a file (it has an extension) -# $flavour is the first argument if it doesn't look like a file -$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; -$flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef; - -$output and open STDOUT,">$output"; - -if ($flavour =~ /64/) { - $LEVEL ="2.0W"; - $SIZE_T =8; - $FRAME_MARKER =80; - $SAVED_RP =16; - $PUSH ="std"; - $PUSHMA ="std,ma"; - $POP ="ldd"; - $POPMB ="ldd,mb"; -} else { - $LEVEL ="1.0"; - $SIZE_T =4; - $FRAME_MARKER =48; - $SAVED_RP =20; - $PUSH ="stw"; - $PUSHMA ="stwm"; - $POP ="ldw"; - $POPMB ="ldwm"; -} - -$FRAME=4*$SIZE_T+$FRAME_MARKER; # 4 saved regs + frame marker - # [+ argument transfer] -$SZ=1; # defaults to RC4_CHAR -if (open CONF,"<${dir}../../opensslconf.h") { - while() { - if (m/#\s*define\s+RC4_INT\s+(.*)/) { - $SZ = ($1=~/char$/) ? 1 : 4; - last; - } - } - close CONF; -} - -if ($SZ==1) { # RC4_CHAR - $LD="ldb"; - $LDX="ldbx"; - $MKX="addl"; - $ST="stb"; -} else { # RC4_INT (~5% faster than RC4_CHAR on PA-7100LC) - $LD="ldw"; - $LDX="ldwx,s"; - $MKX="sh2addl"; - $ST="stw"; -} - -$key="%r26"; -$len="%r25"; -$inp="%r24"; -$out="%r23"; - -@XX=("%r19","%r20"); -@TX=("%r21","%r22"); -$YY="%r28"; -$TY="%r29"; - -$acc="%r1"; -$ix="%r2"; -$iy="%r3"; -$dat0="%r4"; -$dat1="%r5"; -$rem="%r6"; -$mask="%r31"; - -sub unrolledloopbody { -for ($i=0;$i<4;$i++) { -$code.=<<___; - ldo 1($XX[0]),$XX[1] - `sprintf("$LDX %$TY(%$key),%$dat1") if ($i>0)` - and $mask,$XX[1],$XX[1] - $LDX $YY($key),$TY - $MKX $YY,$key,$ix - $LDX $XX[1]($key),$TX[1] - $MKX $XX[0],$key,$iy - $ST $TX[0],0($ix) - comclr,<> $XX[1],$YY,%r0 ; conditional - copy $TX[0],$TX[1] ; move - `sprintf("%sdep %$dat1,%d,8,%$acc",$i==1?"z":"",8*($i-1)+7) if ($i>0)` - $ST $TY,0($iy) - addl $TX[0],$TY,$TY - addl $TX[1],$YY,$YY - and $mask,$TY,$TY - and $mask,$YY,$YY -___ -push(@TX,shift(@TX)); push(@XX,shift(@XX)); # "rotate" registers -} } - -sub foldedloop { -my ($label,$count)=@_; -$code.=<<___; -$label - $MKX $YY,$key,$iy - $LDX $YY($key),$TY - $MKX $XX[0],$key,$ix - $ST $TX[0],0($iy) - ldo 1($XX[0]),$XX[0] - $ST $TY,0($ix) - addl $TX[0],$TY,$TY - ldbx $inp($out),$dat1 - and $mask,$TY,$TY - and $mask,$XX[0],$XX[0] - $LDX $TY($key),$acc - $LDX $XX[0]($key),$TX[0] - ldo 1($out),$out - xor $dat1,$acc,$acc - addl $TX[0],$YY,$YY - stb $acc,-1($out) - addib,<> -1,$count,$label ; $count is always small - and $mask,$YY,$YY -___ -} - -$code=<<___; - .LEVEL $LEVEL - .SPACE \$TEXT\$ - .SUBSPA \$CODE\$,QUAD=0,ALIGN=8,ACCESS=0x2C,CODE_ONLY - - .EXPORT RC4,ENTRY,ARGW0=GR,ARGW1=GR,ARGW2=GR,ARGW3=GR -RC4 - .PROC - .CALLINFO FRAME=`$FRAME-4*$SIZE_T`,NO_CALLS,SAVE_RP,ENTRY_GR=6 - .ENTRY - $PUSH %r2,-$SAVED_RP(%sp) ; standard prologue - $PUSHMA %r3,$FRAME(%sp) - $PUSH %r4,`-$FRAME+1*$SIZE_T`(%sp) - $PUSH %r5,`-$FRAME+2*$SIZE_T`(%sp) - $PUSH %r6,`-$FRAME+3*$SIZE_T`(%sp) - - cmpib,*= 0,$len,L\$abort - sub $inp,$out,$inp ; distance between $inp and $out - - $LD `0*$SZ`($key),$XX[0] - $LD `1*$SZ`($key),$YY - ldo `2*$SZ`($key),$key - - ldi 0xff,$mask - ldi 3,$dat0 - - ldo 1($XX[0]),$XX[0] ; warm up loop - and $mask,$XX[0],$XX[0] - $LDX $XX[0]($key),$TX[0] - addl $TX[0],$YY,$YY - cmpib,*>>= 6,$len,L\$oop1 ; is $len large enough to bother? - and $mask,$YY,$YY - - and,<> $out,$dat0,$rem ; is $out aligned? - b L\$alignedout - subi 4,$rem,$rem - sub $len,$rem,$len -___ -&foldedloop("L\$alignout",$rem); # process till $out is aligned - -$code.=<<___; -L\$alignedout ; $len is at least 4 here - and,<> $inp,$dat0,$acc ; is $inp aligned? - b L\$oop4 - sub $inp,$acc,$rem ; align $inp - - sh3addl $acc,%r0,$acc - subi 32,$acc,$acc - mtctl $acc,%cr11 ; load %sar with vshd align factor - ldwx $rem($out),$dat0 - ldo 4($rem),$rem -L\$oop4misalignedinp -___ -&unrolledloopbody(); -$code.=<<___; - $LDX $TY($key),$ix - ldwx $rem($out),$dat1 - ldo -4($len),$len - or $ix,$acc,$acc ; last piece, no need to dep - vshd $dat0,$dat1,$iy ; align data - copy $dat1,$dat0 - xor $iy,$acc,$acc - stw $acc,0($out) - cmpib,*<< 3,$len,L\$oop4misalignedinp - ldo 4($out),$out - cmpib,*= 0,$len,L\$done - nop - b L\$oop1 - nop - - .ALIGN 8 -L\$oop4 -___ -&unrolledloopbody(); -$code.=<<___; - $LDX $TY($key),$ix - ldwx $inp($out),$dat0 - ldo -4($len),$len - or $ix,$acc,$acc ; last piece, no need to dep - xor $dat0,$acc,$acc - stw $acc,0($out) - cmpib,*<< 3,$len,L\$oop4 - ldo 4($out),$out - cmpib,*= 0,$len,L\$done - nop -___ -&foldedloop("L\$oop1",$len); -$code.=<<___; -L\$done - $POP `-$FRAME-$SAVED_RP`(%sp),%r2 - ldo -1($XX[0]),$XX[0] ; chill out loop - sub $YY,$TX[0],$YY - and $mask,$XX[0],$XX[0] - and $mask,$YY,$YY - $ST $XX[0],`-2*$SZ`($key) - $ST $YY,`-1*$SZ`($key) - $POP `-$FRAME+1*$SIZE_T`(%sp),%r4 - $POP `-$FRAME+2*$SIZE_T`(%sp),%r5 - $POP `-$FRAME+3*$SIZE_T`(%sp),%r6 -L\$abort - bv (%r2) - .EXIT - $POPMB -$FRAME(%sp),%r3 - .PROCEND -___ - -$code.=<<___; - - .EXPORT RC4_set_key,ENTRY,ARGW0=GR,ARGW1=GR,ARGW2=GR - .ALIGN 8 -RC4_set_key - .PROC - .CALLINFO NO_CALLS - .ENTRY - $ST %r0,`0*$SZ`($key) - $ST %r0,`1*$SZ`($key) - ldo `2*$SZ`($key),$key - copy %r0,@XX[0] -L\$1st - $ST @XX[0],0($key) - ldo 1(@XX[0]),@XX[0] - bb,>= @XX[0],`31-8`,L\$1st ; @XX[0]<256 - ldo $SZ($key),$key - - ldo `-256*$SZ`($key),$key ; rewind $key - addl $len,$inp,$inp ; $inp to point at the end - sub %r0,$len,%r23 ; inverse index - copy %r0,@XX[0] - copy %r0,@XX[1] - ldi 0xff,$mask - -L\$2nd - $LDX @XX[0]($key),@TX[0] - ldbx %r23($inp),@TX[1] - addi,nuv 1,%r23,%r23 ; increment and conditional - sub %r0,$len,%r23 ; inverse index - addl @TX[0],@XX[1],@XX[1] - addl @TX[1],@XX[1],@XX[1] - and $mask,@XX[1],@XX[1] - $MKX @XX[0],$key,$TY - $LDX @XX[1]($key),@TX[1] - $MKX @XX[1],$key,$YY - ldo 1(@XX[0]),@XX[0] - $ST @TX[0],0($YY) - bb,>= @XX[0],`31-8`,L\$2nd ; @XX[0]<256 - $ST @TX[1],0($TY) - - bv,n (%r2) - .EXIT - nop - .PROCEND - - .EXPORT RC4_options,ENTRY - .ALIGN 8 -RC4_options - .PROC - .CALLINFO NO_CALLS - .ENTRY - blr %r0,%r28 - ldi 3,%r1 -L\$pic - andcm %r28,%r1,%r28 - bv (%r2) - .EXIT - ldo L\$opts-L\$pic(%r28),%r28 - .PROCEND - .ALIGN 8 -L\$opts - .STRINGZ "rc4(4x,`$SZ==1?"char":"int"`)" - .STRINGZ "RC4 for PA-RISC, CRYPTOGAMS by " -___ - -if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1` - =~ /GNU assembler/) { - $gnuas = 1; -} - -foreach(split("\n",$code)) { - s/\`([^\`]*)\`/eval $1/ge; - - s/(\.LEVEL\s+2\.0)W/$1w/ if ($gnuas && $SIZE_T==8); - s/\.SPACE\s+\$TEXT\$/.text/ if ($gnuas && $SIZE_T==8); - s/\.SUBSPA.*// if ($gnuas && $SIZE_T==8); - s/cmpib,\*/comib,/ if ($SIZE_T==4); - s/\bbv\b/bve/ if ($SIZE_T==8); - - print $_,"\n"; -} -close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/rc4/asm/rc4-s390x.pl b/crypto/rc4/asm/rc4-s390x.pl deleted file mode 100644 index d5250f57f192d60df35585f8d780831d59346bbc..0000000000000000000000000000000000000000 --- a/crypto/rc4/asm/rc4-s390x.pl +++ /dev/null @@ -1,243 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2009-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - -# -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# ==================================================================== -# -# February 2009 -# -# Performance is 2x of gcc 3.4.6 on z10. Coding "secret" is to -# "cluster" Address Generation Interlocks, so that one pipeline stall -# resolves several dependencies. - -# November 2010. -# -# Adapt for -m31 build. If kernel supports what's called "highgprs" -# feature on Linux [see /proc/cpuinfo], it's possible to use 64-bit -# instructions and achieve "64-bit" performance even in 31-bit legacy -# application context. The feature is not specific to any particular -# processor, as long as it's "z-CPU". Latter implies that the code -# remains z/Architecture specific. On z990 it was measured to perform -# 50% better than code generated by gcc 4.3. - -# $output is the last argument if it looks like a file (it has an extension) -# $flavour is the first argument if it doesn't look like a file -$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; -$flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef; - -if ($flavour =~ /3[12]/) { - $SIZE_T=4; - $g=""; -} else { - $SIZE_T=8; - $g="g"; -} - -$output and open STDOUT,">$output"; - -$rp="%r14"; -$sp="%r15"; -$code=<<___; -.text - -___ - -# void RC4(RC4_KEY *key,size_t len,const void *inp,void *out) -{ -$acc="%r0"; -$cnt="%r1"; -$key="%r2"; -$len="%r3"; -$inp="%r4"; -$out="%r5"; - -@XX=("%r6","%r7"); -@TX=("%r8","%r9"); -$YY="%r10"; -$TY="%r11"; - -$code.=<<___; -.globl RC4 -.type RC4,\@function -.align 64 -RC4: - stm${g} %r6,%r11,6*$SIZE_T($sp) -___ -$code.=<<___ if ($flavour =~ /3[12]/); - llgfr $len,$len -___ -$code.=<<___; - llgc $XX[0],0($key) - llgc $YY,1($key) - la $XX[0],1($XX[0]) - nill $XX[0],0xff - srlg $cnt,$len,3 - ltgr $cnt,$cnt - llgc $TX[0],2($XX[0],$key) - jz .Lshort - j .Loop8 - -.align 64 -.Loop8: -___ -for ($i=0;$i<8;$i++) { -$code.=<<___; - la $YY,0($YY,$TX[0]) # $i - nill $YY,255 - la $XX[1],1($XX[0]) - nill $XX[1],255 -___ -$code.=<<___ if ($i==1); - llgc $acc,2($TY,$key) -___ -$code.=<<___ if ($i>1); - sllg $acc,$acc,8 - ic $acc,2($TY,$key) -___ -$code.=<<___; - llgc $TY,2($YY,$key) - stc $TX[0],2($YY,$key) - llgc $TX[1],2($XX[1],$key) - stc $TY,2($XX[0],$key) - cr $XX[1],$YY - jne .Lcmov$i - la $TX[1],0($TX[0]) -.Lcmov$i: - la $TY,0($TY,$TX[0]) - nill $TY,255 -___ -push(@TX,shift(@TX)); push(@XX,shift(@XX)); # "rotate" registers -} - -$code.=<<___; - lg $TX[1],0($inp) - sllg $acc,$acc,8 - la $inp,8($inp) - ic $acc,2($TY,$key) - xgr $acc,$TX[1] - stg $acc,0($out) - la $out,8($out) - brctg $cnt,.Loop8 - -.Lshort: - lghi $acc,7 - ngr $len,$acc - jz .Lexit - j .Loop1 - -.align 16 -.Loop1: - la $YY,0($YY,$TX[0]) - nill $YY,255 - llgc $TY,2($YY,$key) - stc $TX[0],2($YY,$key) - stc $TY,2($XX[0],$key) - ar $TY,$TX[0] - ahi $XX[0],1 - nill $TY,255 - nill $XX[0],255 - llgc $acc,0($inp) - la $inp,1($inp) - llgc $TY,2($TY,$key) - llgc $TX[0],2($XX[0],$key) - xr $acc,$TY - stc $acc,0($out) - la $out,1($out) - brct $len,.Loop1 - -.Lexit: - ahi $XX[0],-1 - stc $XX[0],0($key) - stc $YY,1($key) - lm${g} %r6,%r11,6*$SIZE_T($sp) - br $rp -.size RC4,.-RC4 -.string "RC4 for s390x, CRYPTOGAMS by " - -___ -} - -# void RC4_set_key(RC4_KEY *key,unsigned int len,const void *inp) -{ -$cnt="%r0"; -$idx="%r1"; -$key="%r2"; -$len="%r3"; -$inp="%r4"; -$acc="%r5"; -$dat="%r6"; -$ikey="%r7"; -$iinp="%r8"; - -$code.=<<___; -.globl RC4_set_key -.type RC4_set_key,\@function -.align 64 -RC4_set_key: - stm${g} %r6,%r8,6*$SIZE_T($sp) - lhi $cnt,256 - la $idx,0 - sth $idx,0($key) -.align 4 -.L1stloop: - stc $idx,2($idx,$key) - la $idx,1($idx) - brct $cnt,.L1stloop - - lghi $ikey,-256 - lr $cnt,$len - la $iinp,0 - la $idx,0 -.align 16 -.L2ndloop: - llgc $acc,2+256($ikey,$key) - llgc $dat,0($iinp,$inp) - la $idx,0($idx,$acc) - la $ikey,1($ikey) - la $idx,0($idx,$dat) - nill $idx,255 - la $iinp,1($iinp) - tml $ikey,255 - llgc $dat,2($idx,$key) - stc $dat,2+256-1($ikey,$key) - stc $acc,2($idx,$key) - jz .Ldone - brct $cnt,.L2ndloop - lr $cnt,$len - la $iinp,0 - j .L2ndloop -.Ldone: - lm${g} %r6,%r8,6*$SIZE_T($sp) - br $rp -.size RC4_set_key,.-RC4_set_key - -___ -} - -# const char *RC4_options() -$code.=<<___; -.globl RC4_options -.type RC4_options,\@function -.align 16 -RC4_options: - larl %r2,.Loptions - br %r14 -.size RC4_options,.-RC4_options -.section .rodata -.Loptions: -.align 8 -.string "rc4(8x,char)" -___ - -print $code; -close STDOUT or die "error closing STDOUT: $!"; # force flush diff --git a/crypto/rc4/asm/rc4-x86_64.pl b/crypto/rc4/asm/rc4-x86_64.pl deleted file mode 100755 index 5a903f5739e123ad519e93c8cc132d7a1ca9990c..0000000000000000000000000000000000000000 --- a/crypto/rc4/asm/rc4-x86_64.pl +++ /dev/null @@ -1,706 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2005-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - -# -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# ==================================================================== -# -# July 2004 -# -# 2.22x RC4 tune-up:-) It should be noted though that my hand [as in -# "hand-coded assembler"] doesn't stand for the whole improvement -# coefficient. It turned out that eliminating RC4_CHAR from config -# line results in ~40% improvement (yes, even for C implementation). -# Presumably it has everything to do with AMD cache architecture and -# RAW or whatever penalties. Once again! The module *requires* config -# line *without* RC4_CHAR! As for coding "secret," I bet on partial -# register arithmetics. For example instead of 'inc %r8; and $255,%r8' -# I simply 'inc %r8b'. Even though optimization manual discourages -# to operate on partial registers, it turned out to be the best bet. -# At least for AMD... How IA32E would perform remains to be seen... - -# November 2004 -# -# As was shown by Marc Bevand reordering of couple of load operations -# results in even higher performance gain of 3.3x:-) At least on -# Opteron... For reference, 1x in this case is RC4_CHAR C-code -# compiled with gcc 3.3.2, which performs at ~54MBps per 1GHz clock. -# Latter means that if you want to *estimate* what to expect from -# *your* Opteron, then multiply 54 by 3.3 and clock frequency in GHz. - -# November 2004 -# -# Intel P4 EM64T core was found to run the AMD64 code really slow... -# The only way to achieve comparable performance on P4 was to keep -# RC4_CHAR. Kind of ironic, huh? As it's apparently impossible to -# compose blended code, which would perform even within 30% marginal -# on either AMD and Intel platforms, I implement both cases. See -# rc4_skey.c for further details... - -# April 2005 -# -# P4 EM64T core appears to be "allergic" to 64-bit inc/dec. Replacing -# those with add/sub results in 50% performance improvement of folded -# loop... - -# May 2005 -# -# As was shown by Zou Nanhai loop unrolling can improve Intel EM64T -# performance by >30% [unlike P4 32-bit case that is]. But this is -# provided that loads are reordered even more aggressively! Both code -# paths, AMD64 and EM64T, reorder loads in essentially same manner -# as my IA-64 implementation. On Opteron this resulted in modest 5% -# improvement [I had to test it], while final Intel P4 performance -# achieves respectful 432MBps on 2.8GHz processor now. For reference. -# If executed on Xeon, current RC4_CHAR code-path is 2.7x faster than -# RC4_INT code-path. While if executed on Opteron, it's only 25% -# slower than the RC4_INT one [meaning that if CPU µ-arch detection -# is not implemented, then this final RC4_CHAR code-path should be -# preferred, as it provides better *all-round* performance]. - -# March 2007 -# -# Intel Core2 was observed to perform poorly on both code paths:-( It -# apparently suffers from some kind of partial register stall, which -# occurs in 64-bit mode only [as virtually identical 32-bit loop was -# observed to outperform 64-bit one by almost 50%]. Adding two movzb to -# cloop1 boosts its performance by 80%! This loop appears to be optimal -# fit for Core2 and therefore the code was modified to skip cloop8 on -# this CPU. - -# May 2010 -# -# Intel Westmere was observed to perform suboptimally. Adding yet -# another movzb to cloop1 improved performance by almost 50%! Core2 -# performance is improved too, but nominally... - -# May 2011 -# -# The only code path that was not modified is P4-specific one. Non-P4 -# Intel code path optimization is heavily based on submission by Maxim -# Perminov, Maxim Locktyukhin and Jim Guilford of Intel. I've used -# some of the ideas even in attempt to optimize the original RC4_INT -# code path... Current performance in cycles per processed byte (less -# is better) and improvement coefficients relative to previous -# version of this module are: -# -# Opteron 5.3/+0%(*) -# P4 6.5 -# Core2 6.2/+15%(**) -# Westmere 4.2/+60% -# Sandy Bridge 4.2/+120% -# Atom 9.3/+80% -# VIA Nano 6.4/+4% -# Ivy Bridge 4.1/+30% -# Bulldozer 4.5/+30%(*) -# -# (*) But corresponding loop has less instructions, which should have -# positive effect on upcoming Bulldozer, which has one less ALU. -# For reference, Intel code runs at 6.8 cpb rate on Opteron. -# (**) Note that Core2 result is ~15% lower than corresponding result -# for 32-bit code, meaning that it's possible to improve it, -# but more than likely at the cost of the others (see rc4-586.pl -# to get the idea)... - -# $output is the last argument if it looks like a file (it has an extension) -# $flavour is the first argument if it doesn't look like a file -$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; -$flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef; - -$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/); - -$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; -( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or -( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or -die "can't locate x86_64-xlate.pl"; - -open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"" - or die "can't call $xlate: $!"; -*STDOUT=*OUT; - -$dat="%rdi"; # arg1 -$len="%rsi"; # arg2 -$inp="%rdx"; # arg3 -$out="%rcx"; # arg4 - -{ -$code=<<___; -.text -.extern OPENSSL_ia32cap_P - -.globl RC4 -.type RC4,\@function,4 -.align 16 -RC4: -.cfi_startproc - endbranch - or $len,$len - jne .Lentry - ret -.Lentry: - push %rbx -.cfi_push %rbx - push %r12 -.cfi_push %r12 - push %r13 -.cfi_push %r13 -.Lprologue: - mov $len,%r11 - mov $inp,%r12 - mov $out,%r13 -___ -my $len="%r11"; # reassign input arguments -my $inp="%r12"; -my $out="%r13"; - -my @XX=("%r10","%rsi"); -my @TX=("%rax","%rbx"); -my $YY="%rcx"; -my $TY="%rdx"; - -$code.=<<___; - xor $XX[0],$XX[0] - xor $YY,$YY - - lea 8($dat),$dat - mov -8($dat),$XX[0]#b - mov -4($dat),$YY#b - cmpl \$-1,256($dat) - je .LRC4_CHAR - mov OPENSSL_ia32cap_P(%rip),%r8d - xor $TX[1],$TX[1] - inc $XX[0]#b - sub $XX[0],$TX[1] - sub $inp,$out - movl ($dat,$XX[0],4),$TX[0]#d - test \$-16,$len - jz .Lloop1 - bt \$30,%r8d # Intel CPU? - jc .Lintel - and \$7,$TX[1] - lea 1($XX[0]),$XX[1] - jz .Loop8 - sub $TX[1],$len -.Loop8_warmup: - add $TX[0]#b,$YY#b - movl ($dat,$YY,4),$TY#d - movl $TX[0]#d,($dat,$YY,4) - movl $TY#d,($dat,$XX[0],4) - add $TY#b,$TX[0]#b - inc $XX[0]#b - movl ($dat,$TX[0],4),$TY#d - movl ($dat,$XX[0],4),$TX[0]#d - xorb ($inp),$TY#b - movb $TY#b,($out,$inp) - lea 1($inp),$inp - dec $TX[1] - jnz .Loop8_warmup - - lea 1($XX[0]),$XX[1] - jmp .Loop8 -.align 16 -.Loop8: -___ -for ($i=0;$i<8;$i++) { -$code.=<<___ if ($i==7); - add \$8,$XX[1]#b -___ -$code.=<<___; - add $TX[0]#b,$YY#b - movl ($dat,$YY,4),$TY#d - movl $TX[0]#d,($dat,$YY,4) - movl `4*($i==7?-1:$i)`($dat,$XX[1],4),$TX[1]#d - ror \$8,%r8 # ror is redundant when $i=0 - movl $TY#d,4*$i($dat,$XX[0],4) - add $TX[0]#b,$TY#b - movb ($dat,$TY,4),%r8b -___ -push(@TX,shift(@TX)); #push(@XX,shift(@XX)); # "rotate" registers -} -$code.=<<___; - add \$8,$XX[0]#b - ror \$8,%r8 - sub \$8,$len - - xor ($inp),%r8 - mov %r8,($out,$inp) - lea 8($inp),$inp - - test \$-8,$len - jnz .Loop8 - cmp \$0,$len - jne .Lloop1 - jmp .Lexit - -.align 16 -.Lintel: - test \$-32,$len - jz .Lloop1 - and \$15,$TX[1] - jz .Loop16_is_hot - sub $TX[1],$len -.Loop16_warmup: - add $TX[0]#b,$YY#b - movl ($dat,$YY,4),$TY#d - movl $TX[0]#d,($dat,$YY,4) - movl $TY#d,($dat,$XX[0],4) - add $TY#b,$TX[0]#b - inc $XX[0]#b - movl ($dat,$TX[0],4),$TY#d - movl ($dat,$XX[0],4),$TX[0]#d - xorb ($inp),$TY#b - movb $TY#b,($out,$inp) - lea 1($inp),$inp - dec $TX[1] - jnz .Loop16_warmup - - mov $YY,$TX[1] - xor $YY,$YY - mov $TX[1]#b,$YY#b - -.Loop16_is_hot: - lea ($dat,$XX[0],4),$XX[1] -___ -sub RC4_loop { - my $i=shift; - my $j=$i<0?0:$i; - my $xmm="%xmm".($j&1); - - $code.=" add \$16,$XX[0]#b\n" if ($i==15); - $code.=" movdqu ($inp),%xmm2\n" if ($i==15); - $code.=" add $TX[0]#b,$YY#b\n" if ($i<=0); - $code.=" movl ($dat,$YY,4),$TY#d\n"; - $code.=" pxor %xmm0,%xmm2\n" if ($i==0); - $code.=" psllq \$8,%xmm1\n" if ($i==0); - $code.=" pxor $xmm,$xmm\n" if ($i<=1); - $code.=" movl $TX[0]#d,($dat,$YY,4)\n"; - $code.=" add $TY#b,$TX[0]#b\n"; - $code.=" movl `4*($j+1)`($XX[1]),$TX[1]#d\n" if ($i<15); - $code.=" movz $TX[0]#b,$TX[0]#d\n"; - $code.=" movl $TY#d,4*$j($XX[1])\n"; - $code.=" pxor %xmm1,%xmm2\n" if ($i==0); - $code.=" lea ($dat,$XX[0],4),$XX[1]\n" if ($i==15); - $code.=" add $TX[1]#b,$YY#b\n" if ($i<15); - $code.=" pinsrw \$`($j>>1)&7`,($dat,$TX[0],4),$xmm\n"; - $code.=" movdqu %xmm2,($out,$inp)\n" if ($i==0); - $code.=" lea 16($inp),$inp\n" if ($i==0); - $code.=" movl ($XX[1]),$TX[1]#d\n" if ($i==15); -} - RC4_loop(-1); -$code.=<<___; - jmp .Loop16_enter -.align 16 -.Loop16: -___ - -for ($i=0;$i<16;$i++) { - $code.=".Loop16_enter:\n" if ($i==1); - RC4_loop($i); - push(@TX,shift(@TX)); # "rotate" registers -} -$code.=<<___; - mov $YY,$TX[1] - xor $YY,$YY # keyword to partial register - sub \$16,$len - mov $TX[1]#b,$YY#b - test \$-16,$len - jnz .Loop16 - - psllq \$8,%xmm1 - pxor %xmm0,%xmm2 - pxor %xmm1,%xmm2 - movdqu %xmm2,($out,$inp) - lea 16($inp),$inp - - cmp \$0,$len - jne .Lloop1 - jmp .Lexit - -.align 16 -.Lloop1: - add $TX[0]#b,$YY#b - movl ($dat,$YY,4),$TY#d - movl $TX[0]#d,($dat,$YY,4) - movl $TY#d,($dat,$XX[0],4) - add $TY#b,$TX[0]#b - inc $XX[0]#b - movl ($dat,$TX[0],4),$TY#d - movl ($dat,$XX[0],4),$TX[0]#d - xorb ($inp),$TY#b - movb $TY#b,($out,$inp) - lea 1($inp),$inp - dec $len - jnz .Lloop1 - jmp .Lexit - -.align 16 -.LRC4_CHAR: - add \$1,$XX[0]#b - movzb ($dat,$XX[0]),$TX[0]#d - test \$-8,$len - jz .Lcloop1 - jmp .Lcloop8 -.align 16 -.Lcloop8: - mov ($inp),%r8d - mov 4($inp),%r9d -___ -# unroll 2x4-wise, because 64-bit rotates kill Intel P4... -for ($i=0;$i<4;$i++) { -$code.=<<___; - add $TX[0]#b,$YY#b - lea 1($XX[0]),$XX[1] - movzb ($dat,$YY),$TY#d - movzb $XX[1]#b,$XX[1]#d - movzb ($dat,$XX[1]),$TX[1]#d - movb $TX[0]#b,($dat,$YY) - cmp $XX[1],$YY - movb $TY#b,($dat,$XX[0]) - jne .Lcmov$i # Intel cmov is sloooow... - mov $TX[0],$TX[1] -.Lcmov$i: - add $TX[0]#b,$TY#b - xor ($dat,$TY),%r8b - ror \$8,%r8d -___ -push(@TX,shift(@TX)); push(@XX,shift(@XX)); # "rotate" registers -} -for ($i=4;$i<8;$i++) { -$code.=<<___; - add $TX[0]#b,$YY#b - lea 1($XX[0]),$XX[1] - movzb ($dat,$YY),$TY#d - movzb $XX[1]#b,$XX[1]#d - movzb ($dat,$XX[1]),$TX[1]#d - movb $TX[0]#b,($dat,$YY) - cmp $XX[1],$YY - movb $TY#b,($dat,$XX[0]) - jne .Lcmov$i # Intel cmov is sloooow... - mov $TX[0],$TX[1] -.Lcmov$i: - add $TX[0]#b,$TY#b - xor ($dat,$TY),%r9b - ror \$8,%r9d -___ -push(@TX,shift(@TX)); push(@XX,shift(@XX)); # "rotate" registers -} -$code.=<<___; - lea -8($len),$len - mov %r8d,($out) - lea 8($inp),$inp - mov %r9d,4($out) - lea 8($out),$out - - test \$-8,$len - jnz .Lcloop8 - cmp \$0,$len - jne .Lcloop1 - jmp .Lexit -___ -$code.=<<___; -.align 16 -.Lcloop1: - add $TX[0]#b,$YY#b - movzb $YY#b,$YY#d - movzb ($dat,$YY),$TY#d - movb $TX[0]#b,($dat,$YY) - movb $TY#b,($dat,$XX[0]) - add $TX[0]#b,$TY#b - add \$1,$XX[0]#b - movzb $TY#b,$TY#d - movzb $XX[0]#b,$XX[0]#d - movzb ($dat,$TY),$TY#d - movzb ($dat,$XX[0]),$TX[0]#d - xorb ($inp),$TY#b - lea 1($inp),$inp - movb $TY#b,($out) - lea 1($out),$out - sub \$1,$len - jnz .Lcloop1 - jmp .Lexit - -.align 16 -.Lexit: - sub \$1,$XX[0]#b - movl $XX[0]#d,-8($dat) - movl $YY#d,-4($dat) - - mov (%rsp),%r13 -.cfi_restore %r13 - mov 8(%rsp),%r12 -.cfi_restore %r12 - mov 16(%rsp),%rbx -.cfi_restore %rbx - add \$24,%rsp -.cfi_adjust_cfa_offset -24 -.Lepilogue: - ret -.cfi_endproc -.size RC4,.-RC4 -___ -} - -$idx="%r8"; -$ido="%r9"; - -$code.=<<___; -.globl RC4_set_key -.type RC4_set_key,\@function,3 -.align 16 -RC4_set_key: -.cfi_startproc - endbranch - lea 8($dat),$dat - lea ($inp,$len),$inp - neg $len - mov $len,%rcx - xor %eax,%eax - xor $ido,$ido - xor %r10,%r10 - xor %r11,%r11 - - mov OPENSSL_ia32cap_P(%rip),$idx#d - bt \$20,$idx#d # RC4_CHAR? - jc .Lc1stloop - jmp .Lw1stloop - -.align 16 -.Lw1stloop: - mov %eax,($dat,%rax,4) - add \$1,%al - jnc .Lw1stloop - - xor $ido,$ido - xor $idx,$idx -.align 16 -.Lw2ndloop: - mov ($dat,$ido,4),%r10d - add ($inp,$len,1),$idx#b - add %r10b,$idx#b - add \$1,$len - mov ($dat,$idx,4),%r11d - cmovz %rcx,$len - mov %r10d,($dat,$idx,4) - mov %r11d,($dat,$ido,4) - add \$1,$ido#b - jnc .Lw2ndloop - jmp .Lexit_key - -.align 16 -.Lc1stloop: - mov %al,($dat,%rax) - add \$1,%al - jnc .Lc1stloop - - xor $ido,$ido - xor $idx,$idx -.align 16 -.Lc2ndloop: - mov ($dat,$ido),%r10b - add ($inp,$len),$idx#b - add %r10b,$idx#b - add \$1,$len - mov ($dat,$idx),%r11b - jnz .Lcnowrap - mov %rcx,$len -.Lcnowrap: - mov %r10b,($dat,$idx) - mov %r11b,($dat,$ido) - add \$1,$ido#b - jnc .Lc2ndloop - movl \$-1,256($dat) - -.align 16 -.Lexit_key: - xor %eax,%eax - mov %eax,-8($dat) - mov %eax,-4($dat) - ret -.cfi_endproc -.size RC4_set_key,.-RC4_set_key - -.globl RC4_options -.type RC4_options,\@abi-omnipotent -.align 16 -RC4_options: -.cfi_startproc - endbranch - lea .Lopts(%rip),%rax - mov OPENSSL_ia32cap_P(%rip),%edx - bt \$20,%edx - jc .L8xchar - bt \$30,%edx - jnc .Ldone - add \$25,%rax - ret -.L8xchar: - add \$12,%rax -.Ldone: - ret -.cfi_endproc -.align 64 -.Lopts: -.asciz "rc4(8x,int)" -.asciz "rc4(8x,char)" -.asciz "rc4(16x,int)" -.asciz "RC4 for x86_64, CRYPTOGAMS by " -.align 64 -.size RC4_options,.-RC4_options -___ - -# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame, -# CONTEXT *context,DISPATCHER_CONTEXT *disp) -if ($win64) { -$rec="%rcx"; -$frame="%rdx"; -$context="%r8"; -$disp="%r9"; - -$code.=<<___; -.extern __imp_RtlVirtualUnwind -.type stream_se_handler,\@abi-omnipotent -.align 16 -stream_se_handler: - push %rsi - push %rdi - push %rbx - push %rbp - push %r12 - push %r13 - push %r14 - push %r15 - pushfq - sub \$64,%rsp - - mov 120($context),%rax # pull context->Rax - mov 248($context),%rbx # pull context->Rip - - lea .Lprologue(%rip),%r10 - cmp %r10,%rbx # context->RipRsp - - lea .Lepilogue(%rip),%r10 - cmp %r10,%rbx # context->Rip>=epilogue label - jae .Lin_prologue - - lea 24(%rax),%rax - - mov -8(%rax),%rbx - mov -16(%rax),%r12 - mov -24(%rax),%r13 - mov %rbx,144($context) # restore context->Rbx - mov %r12,216($context) # restore context->R12 - mov %r13,224($context) # restore context->R13 - -.Lin_prologue: - mov 8(%rax),%rdi - mov 16(%rax),%rsi - mov %rax,152($context) # restore context->Rsp - mov %rsi,168($context) # restore context->Rsi - mov %rdi,176($context) # restore context->Rdi - - jmp .Lcommon_seh_exit -.size stream_se_handler,.-stream_se_handler - -.type key_se_handler,\@abi-omnipotent -.align 16 -key_se_handler: - push %rsi - push %rdi - push %rbx - push %rbp - push %r12 - push %r13 - push %r14 - push %r15 - pushfq - sub \$64,%rsp - - mov 152($context),%rax # pull context->Rsp - mov 8(%rax),%rdi - mov 16(%rax),%rsi - mov %rsi,168($context) # restore context->Rsi - mov %rdi,176($context) # restore context->Rdi - -.Lcommon_seh_exit: - - mov 40($disp),%rdi # disp->ContextRecord - mov $context,%rsi # context - mov \$154,%ecx # sizeof(CONTEXT) - .long 0xa548f3fc # cld; rep movsq - - mov $disp,%rsi - xor %rcx,%rcx # arg1, UNW_FLAG_NHANDLER - mov 8(%rsi),%rdx # arg2, disp->ImageBase - mov 0(%rsi),%r8 # arg3, disp->ControlPc - mov 16(%rsi),%r9 # arg4, disp->FunctionEntry - mov 40(%rsi),%r10 # disp->ContextRecord - lea 56(%rsi),%r11 # &disp->HandlerData - lea 24(%rsi),%r12 # &disp->EstablisherFrame - mov %r10,32(%rsp) # arg5 - mov %r11,40(%rsp) # arg6 - mov %r12,48(%rsp) # arg7 - mov %rcx,56(%rsp) # arg8, (NULL) - call *__imp_RtlVirtualUnwind(%rip) - - mov \$1,%eax # ExceptionContinueSearch - add \$64,%rsp - popfq - pop %r15 - pop %r14 - pop %r13 - pop %r12 - pop %rbp - pop %rbx - pop %rdi - pop %rsi - ret -.size key_se_handler,.-key_se_handler - -.section .pdata -.align 4 - .rva .LSEH_begin_RC4 - .rva .LSEH_end_RC4 - .rva .LSEH_info_RC4 - - .rva .LSEH_begin_RC4_set_key - .rva .LSEH_end_RC4_set_key - .rva .LSEH_info_RC4_set_key - -.section .xdata -.align 8 -.LSEH_info_RC4: - .byte 9,0,0,0 - .rva stream_se_handler -.LSEH_info_RC4_set_key: - .byte 9,0,0,0 - .rva key_se_handler -___ -} - -sub reg_part { -my ($reg,$conv)=@_; - if ($reg =~ /%r[0-9]+/) { $reg .= $conv; } - elsif ($conv eq "b") { $reg =~ s/%[er]([^x]+)x?/%$1l/; } - elsif ($conv eq "w") { $reg =~ s/%[er](.+)/%$1/; } - elsif ($conv eq "d") { $reg =~ s/%[er](.+)/%e$1/; } - return $reg; -} - -$code =~ s/(%[a-z0-9]+)#([bwd])/reg_part($1,$2)/gem; -$code =~ s/\`([^\`]*)\`/eval $1/gem; - -print $code; - -close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/rc4/build.info b/crypto/rc4/build.info deleted file mode 100644 index 14ec94f9f2a7583ffa559e4e32929822a47e6993..0000000000000000000000000000000000000000 --- a/crypto/rc4/build.info +++ /dev/null @@ -1,36 +0,0 @@ -LIBS=../../libcrypto - -$RC4ASM=rc4_enc.c rc4_skey.c -IF[{- !$disabled{asm} -}] - $RC4ASM_x86=rc4-586.S - $RC4ASM_x86_64=rc4-x86_64.s rc4-md5-x86_64.s - $RC4ASM_s390x=rc4-s390x.s - $RC4ASM_parisc11=rc4-parisc.s - $RC4ASM_parisc20_64=$RC4ASM_parisc11 - $RC4ASM_c64xplus=rc4-c64xplus.s - - # Now that we have defined all the arch specific variables, use the - # appropriate one, and define the appropriate macros - IF[$RC4ASM_{- $target{asm_arch} -}] - $RC4ASM=$RC4ASM_{- $target{asm_arch} -} - $RC4DEF=RC4_ASM - ENDIF -ENDIF - -SOURCE[../../libcrypto]=$RC4ASM - -# When all deprecated symbols are removed, libcrypto doesn't export the -# rc4 functions, so we must include them directly in liblegacy.a -IF[{- $disabled{'deprecated-3.0'} -}] - SOURCE[../../providers/liblegacy.a]=$RC4ASM -ENDIF - -GENERATE[rc4-586.S]=asm/rc4-586.pl -DEPEND[rc4-586.S]=../perlasm/x86asm.pl - -GENERATE[rc4-x86_64.s]=asm/rc4-x86_64.pl -GENERATE[rc4-md5-x86_64.s]=asm/rc4-md5-x86_64.pl - -GENERATE[rc4-parisc.s]=asm/rc4-parisc.pl -GENERATE[rc4-c64xplus.s]=asm/rc4-c64xplus.pl -GENERATE[rc4-s390x.s]=asm/rc4-s390x.pl diff --git a/crypto/rc4/rc4_enc.c b/crypto/rc4/rc4_enc.c deleted file mode 100644 index 4015332757e31b439753aaa22aa2de8c855d7b48..0000000000000000000000000000000000000000 --- a/crypto/rc4/rc4_enc.c +++ /dev/null @@ -1,91 +0,0 @@ -/* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * RC4 low level APIs are deprecated for public use, but still ok for internal - * use. - */ -#include "internal/deprecated.h" - -#include -#include "rc4_local.h" - -/*- - * RC4 as implemented from a posting from - * Newsgroups: sci.crypt - * Subject: RC4 Algorithm revealed. - * Message-ID: - * Date: Wed, 14 Sep 1994 06:35:31 GMT - */ - -void RC4(RC4_KEY *key, size_t len, const unsigned char *indata, - unsigned char *outdata) -{ - register RC4_INT *d; - register RC4_INT x, y, tx, ty; - size_t i; - - x = key->x; - y = key->y; - d = key->data; - -#define LOOP(in,out) \ - x=((x+1)&0xff); \ - tx=d[x]; \ - y=(tx+y)&0xff; \ - d[x]=ty=d[y]; \ - d[y]=tx; \ - (out) = d[(tx+ty)&0xff]^ (in); - - i = len >> 3; - if (i) { - for (;;) { - LOOP(indata[0], outdata[0]); - LOOP(indata[1], outdata[1]); - LOOP(indata[2], outdata[2]); - LOOP(indata[3], outdata[3]); - LOOP(indata[4], outdata[4]); - LOOP(indata[5], outdata[5]); - LOOP(indata[6], outdata[6]); - LOOP(indata[7], outdata[7]); - indata += 8; - outdata += 8; - if (--i == 0) - break; - } - } - i = len & 0x07; - if (i) { - for (;;) { - LOOP(indata[0], outdata[0]); - if (--i == 0) - break; - LOOP(indata[1], outdata[1]); - if (--i == 0) - break; - LOOP(indata[2], outdata[2]); - if (--i == 0) - break; - LOOP(indata[3], outdata[3]); - if (--i == 0) - break; - LOOP(indata[4], outdata[4]); - if (--i == 0) - break; - LOOP(indata[5], outdata[5]); - if (--i == 0) - break; - LOOP(indata[6], outdata[6]); - if (--i == 0) - break; - } - } - key->x = x; - key->y = y; -} diff --git a/crypto/rc4/rc4_local.h b/crypto/rc4/rc4_local.h deleted file mode 100644 index f8cf9a89b3eb2fc4d713956ab7895db010ec53ce..0000000000000000000000000000000000000000 --- a/crypto/rc4/rc4_local.h +++ /dev/null @@ -1,16 +0,0 @@ -/* - * Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#ifndef OSSL_CRYPTO_RC4_LOCAL_H -# define OSSL_CRYPTO_RC4_LOCAL_H - -# include -# include "internal/cryptlib.h" - -#endif diff --git a/crypto/rc4/rc4_skey.c b/crypto/rc4/rc4_skey.c deleted file mode 100644 index 3797eff3e2b7fe19509e229ff691e230d76d0595..0000000000000000000000000000000000000000 --- a/crypto/rc4/rc4_skey.c +++ /dev/null @@ -1,63 +0,0 @@ -/* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * RC4 low level APIs are deprecated for public use, but still ok for internal - * use. - */ -#include "internal/deprecated.h" - -#include -#include "rc4_local.h" -#include - -const char *RC4_options(void) -{ - if (sizeof(RC4_INT) == 1) - return "rc4(char)"; - else - return "rc4(int)"; -} - -/*- - * RC4 as implemented from a posting from - * Newsgroups: sci.crypt - * Subject: RC4 Algorithm revealed. - * Message-ID: - * Date: Wed, 14 Sep 1994 06:35:31 GMT - */ - -void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data) -{ - register RC4_INT tmp; - register int id1, id2; - register RC4_INT *d; - unsigned int i; - - d = &(key->data[0]); - key->x = 0; - key->y = 0; - id1 = id2 = 0; - -#define SK_LOOP(d,n) { \ - tmp=d[(n)]; \ - id2 = (data[id1] + tmp + id2) & 0xff; \ - if (++id1 == len) id1=0; \ - d[(n)]=d[id2]; \ - d[id2]=tmp; } - - for (i = 0; i < 256; i++) - d[i] = i; - for (i = 0; i < 256; i += 4) { - SK_LOOP(d, i + 0); - SK_LOOP(d, i + 1); - SK_LOOP(d, i + 2); - SK_LOOP(d, i + 3); - } -} diff --git a/crypto/rc5/asm/rc5-586.pl b/crypto/rc5/asm/rc5-586.pl deleted file mode 100644 index 6def6fcacb0f4199ff32d999c63a6e612c4af4dc..0000000000000000000000000000000000000000 --- a/crypto/rc5/asm/rc5-586.pl +++ /dev/null @@ -1,121 +0,0 @@ -#! /usr/bin/env perl -# Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - - -$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; -push(@INC,"${dir}","${dir}../../perlasm"); -require "x86asm.pl"; -require "cbc.pl"; - -$output = pop and open STDOUT,">$output"; - -&asm_init($ARGV[0]); - -$RC5_MAX_ROUNDS=16; -$RC5_32_OFF=($RC5_MAX_ROUNDS+2)*4; -$A="edi"; -$B="esi"; -$S="ebp"; -$tmp1="eax"; -$r="ebx"; -$tmpc="ecx"; -$tmp4="edx"; - -&RC5_32_encrypt("RC5_32_encrypt",1); -&RC5_32_encrypt("RC5_32_decrypt",0); -&cbc("RC5_32_cbc_encrypt","RC5_32_encrypt","RC5_32_decrypt",0,4,5,3,-1,-1); -&asm_finish(); - -close STDOUT or die "error closing STDOUT: $!"; - -sub RC5_32_encrypt - { - local($name,$enc)=@_; - - &function_begin_B($name,""); - - &comment(""); - - &push("ebp"); - &push("esi"); - &push("edi"); - &mov($tmp4,&wparam(0)); - &mov($S,&wparam(1)); - - &comment("Load the 2 words"); - &mov($A,&DWP(0,$tmp4,"",0)); - &mov($B,&DWP(4,$tmp4,"",0)); - - &push($r); - &mov($r, &DWP(0,$S,"",0)); - - # encrypting part - - if ($enc) - { - &add($A, &DWP(4+0,$S,"",0)); - &add($B, &DWP(4+4,$S,"",0)); - - for ($i=0; $i<$RC5_MAX_ROUNDS; $i++) - { - &xor($A, $B); - &mov($tmp1, &DWP(12+$i*8,$S,"",0)); - &mov($tmpc, $B); - &rotl($A, &LB("ecx")); - &add($A, $tmp1); - - &xor($B, $A); - &mov($tmp1, &DWP(16+$i*8,$S,"",0)); - &mov($tmpc, $A); - &rotl($B, &LB("ecx")); - &add($B, $tmp1); - if (($i == 7) || ($i == 11)) - { - &cmp($r, $i+1); - &je(&label("rc5_exit")); - } - } - } - else - { - &cmp($r, 12); - &je(&label("rc5_dec_12")); - &cmp($r, 8); - &je(&label("rc5_dec_8")); - for ($i=$RC5_MAX_ROUNDS; $i > 0; $i--) - { - &set_label("rc5_dec_$i") if ($i == 12) || ($i == 8); - &mov($tmp1, &DWP($i*8+8,$S,"",0)); - &sub($B, $tmp1); - &mov($tmpc, $A); - &rotr($B, &LB("ecx")); - &xor($B, $A); - - &mov($tmp1, &DWP($i*8+4,$S,"",0)); - &sub($A, $tmp1); - &mov($tmpc, $B); - &rotr($A, &LB("ecx")); - &xor($A, $B); - } - &sub($B, &DWP(4+4,$S,"",0)); - &sub($A, &DWP(4+0,$S,"",0)); - } - - &set_label("rc5_exit"); - &mov(&DWP(0,$tmp4,"",0),$A); - &mov(&DWP(4,$tmp4,"",0),$B); - - &pop("ebx"); - &pop("edi"); - &pop("esi"); - &pop("ebp"); - &ret(); - &function_end_B($name); - } - - diff --git a/crypto/rc5/build.info b/crypto/rc5/build.info deleted file mode 100644 index 96ed42d2cbf702342d48e4be9db46226329f57b5..0000000000000000000000000000000000000000 --- a/crypto/rc5/build.info +++ /dev/null @@ -1,26 +0,0 @@ -LIBS=../../libcrypto - -$RC5ASM=rc5_enc.c -IF[{- !$disabled{asm} -}] - $RC5ASM_x86=rc5-586.S - - # Now that we have defined all the arch specific variables, use the - # appropriate one, and define the appropriate macros - IF[$RC5ASM_{- $target{asm_arch} -}] - $RC5ASM=$RC5ASM_{- $target{asm_arch} -} - $RC5DEF=RC5_ASM - ENDIF -ENDIF - -$ALL=rc5_skey.c rc5_ecb.c $RC5ASM rc5cfb64.c rc5ofb64.c - -SOURCE[../../libcrypto]=$ALL - -# When all deprecated symbols are removed, libcrypto doesn't export the -# rc5 functions, so we must include them directly in liblegacy.a -IF[{- $disabled{'deprecated-3.0'} -}] - SOURCE[../../providers/liblegacy.a]=$ALL -ENDIF - -GENERATE[rc5-586.S]=asm/rc5-586.pl -DEPEND[rc5-586.S]=../perlasm/x86asm.pl ../perlasm/cbc.pl diff --git a/crypto/rc5/rc5_ecb.c b/crypto/rc5/rc5_ecb.c deleted file mode 100644 index e533b9ea7e199ce1ce933bf28e5ac5ef6269aaef..0000000000000000000000000000000000000000 --- a/crypto/rc5/rc5_ecb.c +++ /dev/null @@ -1,38 +0,0 @@ -/* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * RC5 low level APIs are deprecated for public use, but still ok for internal - * use. - */ -#include "internal/deprecated.h" - -#include -#include "rc5_local.h" -#include - -void RC5_32_ecb_encrypt(const unsigned char *in, unsigned char *out, - RC5_32_KEY *ks, int encrypt) -{ - unsigned long l, d[2]; - - c2l(in, l); - d[0] = l; - c2l(in, l); - d[1] = l; - if (encrypt) - RC5_32_encrypt(d, ks); - else - RC5_32_decrypt(d, ks); - l = d[0]; - l2c(l, out); - l = d[1]; - l2c(l, out); - l = d[0] = d[1] = 0; -} diff --git a/crypto/rc5/rc5_enc.c b/crypto/rc5/rc5_enc.c deleted file mode 100644 index 2f9feee0e0f86d5567ecacbdcba864251656bcba..0000000000000000000000000000000000000000 --- a/crypto/rc5/rc5_enc.c +++ /dev/null @@ -1,166 +0,0 @@ -/* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * RC5 low level APIs are deprecated for public use, but still ok for internal - * use. - */ -#include "internal/deprecated.h" - -#include -#include -#include "rc5_local.h" - -void RC5_32_cbc_encrypt(const unsigned char *in, unsigned char *out, - long length, RC5_32_KEY *ks, unsigned char *iv, - int encrypt) -{ - register unsigned long tin0, tin1; - register unsigned long tout0, tout1, xor0, xor1; - register long l = length; - unsigned long tin[2]; - - if (encrypt) { - c2l(iv, tout0); - c2l(iv, tout1); - iv -= 8; - for (l -= 8; l >= 0; l -= 8) { - c2l(in, tin0); - c2l(in, tin1); - tin0 ^= tout0; - tin1 ^= tout1; - tin[0] = tin0; - tin[1] = tin1; - RC5_32_encrypt(tin, ks); - tout0 = tin[0]; - l2c(tout0, out); - tout1 = tin[1]; - l2c(tout1, out); - } - if (l != -8) { - c2ln(in, tin0, tin1, l + 8); - tin0 ^= tout0; - tin1 ^= tout1; - tin[0] = tin0; - tin[1] = tin1; - RC5_32_encrypt(tin, ks); - tout0 = tin[0]; - l2c(tout0, out); - tout1 = tin[1]; - l2c(tout1, out); - } - l2c(tout0, iv); - l2c(tout1, iv); - } else { - c2l(iv, xor0); - c2l(iv, xor1); - iv -= 8; - for (l -= 8; l >= 0; l -= 8) { - c2l(in, tin0); - tin[0] = tin0; - c2l(in, tin1); - tin[1] = tin1; - RC5_32_decrypt(tin, ks); - tout0 = tin[0] ^ xor0; - tout1 = tin[1] ^ xor1; - l2c(tout0, out); - l2c(tout1, out); - xor0 = tin0; - xor1 = tin1; - } - if (l != -8) { - c2l(in, tin0); - tin[0] = tin0; - c2l(in, tin1); - tin[1] = tin1; - RC5_32_decrypt(tin, ks); - tout0 = tin[0] ^ xor0; - tout1 = tin[1] ^ xor1; - l2cn(tout0, tout1, out, l + 8); - xor0 = tin0; - xor1 = tin1; - } - l2c(xor0, iv); - l2c(xor1, iv); - } - tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0; - tin[0] = tin[1] = 0; -} - -void RC5_32_encrypt(unsigned long *d, RC5_32_KEY *key) -{ - RC5_32_INT a, b, *s; - - s = key->data; - - a = d[0] + s[0]; - b = d[1] + s[1]; - E_RC5_32(a, b, s, 2); - E_RC5_32(a, b, s, 4); - E_RC5_32(a, b, s, 6); - E_RC5_32(a, b, s, 8); - E_RC5_32(a, b, s, 10); - E_RC5_32(a, b, s, 12); - E_RC5_32(a, b, s, 14); - E_RC5_32(a, b, s, 16); - if (key->rounds == 12) { - E_RC5_32(a, b, s, 18); - E_RC5_32(a, b, s, 20); - E_RC5_32(a, b, s, 22); - E_RC5_32(a, b, s, 24); - } else if (key->rounds == 16) { - /* Do a full expansion to avoid a jump */ - E_RC5_32(a, b, s, 18); - E_RC5_32(a, b, s, 20); - E_RC5_32(a, b, s, 22); - E_RC5_32(a, b, s, 24); - E_RC5_32(a, b, s, 26); - E_RC5_32(a, b, s, 28); - E_RC5_32(a, b, s, 30); - E_RC5_32(a, b, s, 32); - } - d[0] = a; - d[1] = b; -} - -void RC5_32_decrypt(unsigned long *d, RC5_32_KEY *key) -{ - RC5_32_INT a, b, *s; - - s = key->data; - - a = d[0]; - b = d[1]; - if (key->rounds == 16) { - D_RC5_32(a, b, s, 32); - D_RC5_32(a, b, s, 30); - D_RC5_32(a, b, s, 28); - D_RC5_32(a, b, s, 26); - /* Do a full expansion to avoid a jump */ - D_RC5_32(a, b, s, 24); - D_RC5_32(a, b, s, 22); - D_RC5_32(a, b, s, 20); - D_RC5_32(a, b, s, 18); - } else if (key->rounds == 12) { - D_RC5_32(a, b, s, 24); - D_RC5_32(a, b, s, 22); - D_RC5_32(a, b, s, 20); - D_RC5_32(a, b, s, 18); - } - D_RC5_32(a, b, s, 16); - D_RC5_32(a, b, s, 14); - D_RC5_32(a, b, s, 12); - D_RC5_32(a, b, s, 10); - D_RC5_32(a, b, s, 8); - D_RC5_32(a, b, s, 6); - D_RC5_32(a, b, s, 4); - D_RC5_32(a, b, s, 2); - d[0] = a - s[0]; - d[1] = b - s[1]; -} diff --git a/crypto/rc5/rc5_local.h b/crypto/rc5/rc5_local.h deleted file mode 100644 index df7df608dc0760200d7df406f51e8ed3c9950c90..0000000000000000000000000000000000000000 --- a/crypto/rc5/rc5_local.h +++ /dev/null @@ -1,186 +0,0 @@ -/* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include - -#undef c2l -#define c2l(c,l) (l =((unsigned long)(*((c)++))) , \ - l|=((unsigned long)(*((c)++)))<< 8L, \ - l|=((unsigned long)(*((c)++)))<<16L, \ - l|=((unsigned long)(*((c)++)))<<24L) - -/* NOTE - c is not incremented as per c2l */ -#undef c2ln -#define c2ln(c,l1,l2,n) { \ - c+=n; \ - l1=l2=0; \ - switch (n) { \ - case 8: l2 =((unsigned long)(*(--(c))))<<24L; \ - /* fall thru */ \ - case 7: l2|=((unsigned long)(*(--(c))))<<16L; \ - /* fall thru */ \ - case 6: l2|=((unsigned long)(*(--(c))))<< 8L; \ - /* fall thru */ \ - case 5: l2|=((unsigned long)(*(--(c)))); \ - /* fall thru */ \ - case 4: l1 =((unsigned long)(*(--(c))))<<24L; \ - /* fall thru */ \ - case 3: l1|=((unsigned long)(*(--(c))))<<16L; \ - /* fall thru */ \ - case 2: l1|=((unsigned long)(*(--(c))))<< 8L; \ - /* fall thru */ \ - case 1: l1|=((unsigned long)(*(--(c)))); \ - } \ - } - -#undef l2c -#define l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \ - *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \ - *((c)++)=(unsigned char)(((l)>>16L)&0xff), \ - *((c)++)=(unsigned char)(((l)>>24L)&0xff)) - -/* NOTE - c is not incremented as per l2c */ -#undef l2cn -#define l2cn(l1,l2,c,n) { \ - c+=n; \ - switch (n) { \ - case 8: *(--(c))=(unsigned char)(((l2)>>24L)&0xff); \ - /* fall thru */ \ - case 7: *(--(c))=(unsigned char)(((l2)>>16L)&0xff); \ - /* fall thru */ \ - case 6: *(--(c))=(unsigned char)(((l2)>> 8L)&0xff); \ - /* fall thru */ \ - case 5: *(--(c))=(unsigned char)(((l2) )&0xff); \ - /* fall thru */ \ - case 4: *(--(c))=(unsigned char)(((l1)>>24L)&0xff); \ - /* fall thru */ \ - case 3: *(--(c))=(unsigned char)(((l1)>>16L)&0xff); \ - /* fall thru */ \ - case 2: *(--(c))=(unsigned char)(((l1)>> 8L)&0xff); \ - /* fall thru */ \ - case 1: *(--(c))=(unsigned char)(((l1) )&0xff); \ - } \ - } - -/* NOTE - c is not incremented as per n2l */ -#define n2ln(c,l1,l2,n) { \ - c+=n; \ - l1=l2=0; \ - switch (n) { \ - case 8: l2 =((unsigned long)(*(--(c)))) ; \ - /* fall thru */ \ - case 7: l2|=((unsigned long)(*(--(c))))<< 8; \ - /* fall thru */ \ - case 6: l2|=((unsigned long)(*(--(c))))<<16; \ - /* fall thru */ \ - case 5: l2|=((unsigned long)(*(--(c))))<<24; \ - /* fall thru */ \ - case 4: l1 =((unsigned long)(*(--(c)))) ; \ - /* fall thru */ \ - case 3: l1|=((unsigned long)(*(--(c))))<< 8; \ - /* fall thru */ \ - case 2: l1|=((unsigned long)(*(--(c))))<<16; \ - /* fall thru */ \ - case 1: l1|=((unsigned long)(*(--(c))))<<24; \ - } \ - } - -/* NOTE - c is not incremented as per l2n */ -#define l2nn(l1,l2,c,n) { \ - c+=n; \ - switch (n) { \ - case 8: *(--(c))=(unsigned char)(((l2) )&0xff); \ - /* fall thru */ \ - case 7: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \ - /* fall thru */ \ - case 6: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \ - /* fall thru */ \ - case 5: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \ - /* fall thru */ \ - case 4: *(--(c))=(unsigned char)(((l1) )&0xff); \ - /* fall thru */ \ - case 3: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \ - /* fall thru */ \ - case 2: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \ - /* fall thru */ \ - case 1: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \ - } \ - } - -#undef n2l -#define n2l(c,l) (l =((unsigned long)(*((c)++)))<<24L, \ - l|=((unsigned long)(*((c)++)))<<16L, \ - l|=((unsigned long)(*((c)++)))<< 8L, \ - l|=((unsigned long)(*((c)++)))) - -#undef l2n -#define l2n(l,c) (*((c)++)=(unsigned char)(((l)>>24L)&0xff), \ - *((c)++)=(unsigned char)(((l)>>16L)&0xff), \ - *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \ - *((c)++)=(unsigned char)(((l) )&0xff)) - -#if (defined(OPENSSL_SYS_WIN32) && defined(_MSC_VER)) -# define ROTATE_l32(a,n) _lrotl(a,n) -# define ROTATE_r32(a,n) _lrotr(a,n) -#elif defined(__ICC) -# define ROTATE_l32(a,n) _rotl(a,n) -# define ROTATE_r32(a,n) _rotr(a,n) -#elif defined(__GNUC__) && __GNUC__>=2 && !defined(__STRICT_ANSI__) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) && !defined(PEDANTIC) -# if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__) -# define ROTATE_l32(a,n) ({ register unsigned int ret; \ - asm ("roll %%cl,%0" \ - : "=r"(ret) \ - : "c"(n),"0"((unsigned int)(a)) \ - : "cc"); \ - ret; \ - }) -# define ROTATE_r32(a,n) ({ register unsigned int ret; \ - asm ("rorl %%cl,%0" \ - : "=r"(ret) \ - : "c"(n),"0"((unsigned int)(a)) \ - : "cc"); \ - ret; \ - }) -# endif -#endif -#ifndef ROTATE_l32 -# define ROTATE_l32(a,n) (((a)<<(n&0x1f))|(((a)&0xffffffff)>>((32-n)&0x1f))) -#endif -#ifndef ROTATE_r32 -# define ROTATE_r32(a,n) (((a)<<((32-n)&0x1f))|(((a)&0xffffffff)>>(n&0x1f))) -#endif - -#define RC5_32_MASK 0xffffffffL - -#define RC5_16_P 0xB7E1 -#define RC5_16_Q 0x9E37 -#define RC5_32_P 0xB7E15163L -#define RC5_32_Q 0x9E3779B9L -#define RC5_64_P 0xB7E151628AED2A6BLL -#define RC5_64_Q 0x9E3779B97F4A7C15LL - -#define E_RC5_32(a,b,s,n) \ - a^=b; \ - a=ROTATE_l32(a,b); \ - a+=s[n]; \ - a&=RC5_32_MASK; \ - b^=a; \ - b=ROTATE_l32(b,a); \ - b+=s[n+1]; \ - b&=RC5_32_MASK; - -#define D_RC5_32(a,b,s,n) \ - b-=s[n+1]; \ - b&=RC5_32_MASK; \ - b=ROTATE_r32(b,a); \ - b^=a; \ - a-=s[n]; \ - a&=RC5_32_MASK; \ - a=ROTATE_r32(a,b); \ - a^=b; diff --git a/crypto/rc5/rc5_skey.c b/crypto/rc5/rc5_skey.c deleted file mode 100644 index a08b940badf6de511d26cb31f38270a8397bed09..0000000000000000000000000000000000000000 --- a/crypto/rc5/rc5_skey.c +++ /dev/null @@ -1,72 +0,0 @@ -/* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * RC5 low level APIs are deprecated for public use, but still ok for internal - * use. - */ -#include "internal/deprecated.h" - -#include -#include "rc5_local.h" - -int RC5_32_set_key(RC5_32_KEY *key, int len, const unsigned char *data, - int rounds) -{ - RC5_32_INT L[64], l, ll, A, B, *S, k; - int i, j, m, c, t, ii, jj; - - if (len > 255) - return 0; - - if ((rounds != RC5_16_ROUNDS) && - (rounds != RC5_12_ROUNDS) && (rounds != RC5_8_ROUNDS)) - rounds = RC5_16_ROUNDS; - - key->rounds = rounds; - S = &(key->data[0]); - j = 0; - for (i = 0; i <= (len - 8); i += 8) { - c2l(data, l); - L[j++] = l; - c2l(data, l); - L[j++] = l; - } - ii = len - i; - if (ii) { - k = len & 0x07; - c2ln(data, l, ll, k); - L[j + 0] = l; - L[j + 1] = ll; - } - - c = (len + 3) / 4; - t = (rounds + 1) * 2; - S[0] = RC5_32_P; - for (i = 1; i < t; i++) - S[i] = (S[i - 1] + RC5_32_Q) & RC5_32_MASK; - - j = (t > c) ? t : c; - j *= 3; - ii = jj = 0; - A = B = 0; - for (i = 0; i < j; i++) { - k = (S[ii] + A + B) & RC5_32_MASK; - A = S[ii] = ROTATE_l32(k, 3); - m = (int)(A + B); - k = (L[jj] + A + B) & RC5_32_MASK; - B = L[jj] = ROTATE_l32(k, m); - if (++ii >= t) - ii = 0; - if (++jj >= c) - jj = 0; - } - - return 1; -} diff --git a/crypto/rc5/rc5cfb64.c b/crypto/rc5/rc5cfb64.c deleted file mode 100644 index 9088eb7eddaea82cc968b954c85ec3804e16ec48..0000000000000000000000000000000000000000 --- a/crypto/rc5/rc5cfb64.c +++ /dev/null @@ -1,80 +0,0 @@ -/* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * RC5 low level APIs are deprecated for public use, but still ok for internal - * use. - */ -#include "internal/deprecated.h" - -#include -#include "rc5_local.h" - -/* - * The input and output encrypted as though 64bit cfb mode is being used. - * The extra state information to record how much of the 64bit block we have - * used is contained in *num; - */ - -void RC5_32_cfb64_encrypt(const unsigned char *in, unsigned char *out, - long length, RC5_32_KEY *schedule, - unsigned char *ivec, int *num, int encrypt) -{ - register unsigned long v0, v1, t; - register int n = *num; - register long l = length; - unsigned long ti[2]; - unsigned char *iv, c, cc; - - iv = (unsigned char *)ivec; - if (encrypt) { - while (l--) { - if (n == 0) { - c2l(iv, v0); - ti[0] = v0; - c2l(iv, v1); - ti[1] = v1; - RC5_32_encrypt((unsigned long *)ti, schedule); - iv = (unsigned char *)ivec; - t = ti[0]; - l2c(t, iv); - t = ti[1]; - l2c(t, iv); - iv = (unsigned char *)ivec; - } - c = *(in++) ^ iv[n]; - *(out++) = c; - iv[n] = c; - n = (n + 1) & 0x07; - } - } else { - while (l--) { - if (n == 0) { - c2l(iv, v0); - ti[0] = v0; - c2l(iv, v1); - ti[1] = v1; - RC5_32_encrypt((unsigned long *)ti, schedule); - iv = (unsigned char *)ivec; - t = ti[0]; - l2c(t, iv); - t = ti[1]; - l2c(t, iv); - iv = (unsigned char *)ivec; - } - cc = *(in++); - c = iv[n]; - iv[n] = cc; - *(out++) = c ^ cc; - n = (n + 1) & 0x07; - } - } - v0 = v1 = ti[0] = ti[1] = t = c = cc = 0; - *num = n; -} diff --git a/crypto/rc5/rc5ofb64.c b/crypto/rc5/rc5ofb64.c deleted file mode 100644 index b1128b1f4806e26897d2ddfd4c3fb1cd118b5b33..0000000000000000000000000000000000000000 --- a/crypto/rc5/rc5ofb64.c +++ /dev/null @@ -1,67 +0,0 @@ -/* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * RC5 low level APIs are deprecated for public use, but still ok for internal - * use. - */ -#include "internal/deprecated.h" - -#include -#include "rc5_local.h" - -/* - * The input and output encrypted as though 64bit ofb mode is being used. - * The extra state information to record how much of the 64bit block we have - * used is contained in *num; - */ -void RC5_32_ofb64_encrypt(const unsigned char *in, unsigned char *out, - long length, RC5_32_KEY *schedule, - unsigned char *ivec, int *num) -{ - register unsigned long v0, v1, t; - register int n = *num; - register long l = length; - unsigned char d[8]; - register char *dp; - unsigned long ti[2]; - unsigned char *iv; - int save = 0; - - iv = (unsigned char *)ivec; - c2l(iv, v0); - c2l(iv, v1); - ti[0] = v0; - ti[1] = v1; - dp = (char *)d; - l2c(v0, dp); - l2c(v1, dp); - while (l--) { - if (n == 0) { - RC5_32_encrypt((unsigned long *)ti, schedule); - dp = (char *)d; - t = ti[0]; - l2c(t, dp); - t = ti[1]; - l2c(t, dp); - save++; - } - *(out++) = *(in++) ^ d[n]; - n = (n + 1) & 0x07; - } - if (save) { - v0 = ti[0]; - v1 = ti[1]; - iv = (unsigned char *)ivec; - l2c(v0, iv); - l2c(v1, iv); - } - t = v0 = v1 = ti[0] = ti[1] = 0; - *num = n; -} diff --git a/crypto/ripemd/asm/rmd-586.pl b/crypto/ripemd/asm/rmd-586.pl deleted file mode 100644 index 354bf44e20a173a5bdec814f883b11846dbc0a17..0000000000000000000000000000000000000000 --- a/crypto/ripemd/asm/rmd-586.pl +++ /dev/null @@ -1,601 +0,0 @@ -#! /usr/bin/env perl -# Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - - -# Normal is the -# ripemd160_block_asm_data_order(RIPEMD160_CTX *c, ULONG *X,int blocks); - -$normal=0; - -$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; -push(@INC,"${dir}","${dir}../../perlasm"); -require "x86asm.pl"; - -$output=pop and open STDOUT,">$output"; - -&asm_init($ARGV[0]); - -$A="ecx"; -$B="esi"; -$C="edi"; -$D="ebx"; -$E="ebp"; -$tmp1="eax"; -$tmp2="edx"; - -$KL1=0x5A827999; -$KL2=0x6ED9EBA1; -$KL3=0x8F1BBCDC; -$KL4=0xA953FD4E; -$KR0=0x50A28BE6; -$KR1=0x5C4DD124; -$KR2=0x6D703EF3; -$KR3=0x7A6D76E9; - - -@wl=( 0, 1, 2, 3, 4, 5, 6, 7, 8, 9,10,11,12,13,14,15, - 7, 4,13, 1,10, 6,15, 3,12, 0, 9, 5, 2,14,11, 8, - 3,10,14, 4, 9,15, 8, 1, 2, 7, 0, 6,13,11, 5,12, - 1, 9,11,10, 0, 8,12, 4,13, 3, 7,15,14, 5, 6, 2, - 4, 0, 5, 9, 7,12, 2,10,14, 1, 3, 8,11, 6,15,13, - ); - -@wr=( 5,14, 7, 0, 9, 2,11, 4,13, 6,15, 8, 1,10, 3,12, - 6,11, 3, 7, 0,13, 5,10,14,15, 8,12, 4, 9, 1, 2, - 15, 5, 1, 3, 7,14, 6, 9,11, 8,12, 2,10, 0, 4,13, - 8, 6, 4, 1, 3,11,15, 0, 5,12, 2,13, 9, 7,10,14, - 12,15,10, 4, 1, 5, 8, 7, 6, 2,13,14, 0, 3, 9,11, - ); - -@sl=( 11,14,15,12, 5, 8, 7, 9,11,13,14,15, 6, 7, 9, 8, - 7, 6, 8,13,11, 9, 7,15, 7,12,15, 9,11, 7,13,12, - 11,13, 6, 7,14, 9,13,15,14, 8,13, 6, 5,12, 7, 5, - 11,12,14,15,14,15, 9, 8, 9,14, 5, 6, 8, 6, 5,12, - 9,15, 5,11, 6, 8,13,12, 5,12,13,14,11, 8, 5, 6, - ); - -@sr=( 8, 9, 9,11,13,15,15, 5, 7, 7, 8,11,14,14,12, 6, - 9,13,15, 7,12, 8, 9,11, 7, 7,12, 7, 6,15,13,11, - 9, 7,15,11, 8, 6, 6,14,12,13, 5,14,13,13, 7, 5, - 15, 5, 8,11,14,14, 6,14, 6, 9,12, 9,12, 5,15, 8, - 8, 5,12, 9,12, 5,14, 6, 8,13, 6, 5,15,13,11,11, - ); - -&ripemd160_block("ripemd160_block_asm_data_order"); -&asm_finish(); - -close STDOUT or die "error closing STDOUT: $!"; - -sub Xv - { - local($n)=@_; - return(&swtmp($n)); - # tmp on stack - } - -sub Np - { - local($p)=@_; - local(%n)=($A,$E,$B,$A,$C,$B,$D,$C,$E,$D); - return($n{$p}); - } - -sub RIP1 - { - local($a,$b,$c,$d,$e,$pos,$s,$o,$pos2)=@_; - - &comment($p++); - if ($p & 1) - { - #&mov($tmp1, $c) if $o == -1; - &xor($tmp1, $d) if $o == -1; - &mov($tmp2, &Xv($pos)); - &xor($tmp1, $b); - &add($a, $tmp2); - &rotl($c, 10); - &add($a, $tmp1); - &mov($tmp1, &Np($c)); # NEXT - # XXX - &rotl($a, $s); - &add($a, $e); - } - else - { - &xor($tmp1, $d); - &mov($tmp2, &Xv($pos)); - &xor($tmp1, $b); - &add($a, $tmp1); - &mov($tmp1, &Np($c)) if $o <= 0; - &mov($tmp1, -1) if $o == 1; - # XXX if $o == 2; - &rotl($c, 10); - &add($a, $tmp2); - &xor($tmp1, &Np($d)) if $o <= 0; - &mov($tmp2, &Xv($pos2)) if $o == 1; - &mov($tmp2, &wparam(0)) if $o == 2; - &rotl($a, $s); - &add($a, $e); - } - } - -sub RIP2 - { - local($a,$b,$c,$d,$e,$pos,$pos2,$s,$K,$o)=@_; - -# XXXXXX - &comment($p++); - if ($p & 1) - { -# &mov($tmp2, &Xv($pos)) if $o < -1; -# &mov($tmp1, -1) if $o < -1; - - &add($a, $tmp2); - &mov($tmp2, $c); - &sub($tmp1, $b); - &and($tmp2, $b); - &and($tmp1, $d); - &or($tmp2, $tmp1); - &mov($tmp1, &Xv($pos2)) if $o <= 0; # XXXXXXXXXXXXXX - # XXX - &rotl($c, 10); - &lea($a, &DWP($K,$a,$tmp2,1)); - &mov($tmp2, -1) if $o <= 0; - # XXX - &rotl($a, $s); - &add($a, $e); - } - else - { - # XXX - &add($a, $tmp1); - &mov($tmp1, $c); - &sub($tmp2, $b); - &and($tmp1, $b); - &and($tmp2, $d); - if ($o != 2) - { - &or($tmp1, $tmp2); - &mov($tmp2, &Xv($pos2)) if $o <= 0; - &mov($tmp2, -1) if $o == 1; - &rotl($c, 10); - &lea($a, &DWP($K,$a,$tmp1,1)); - &mov($tmp1, -1) if $o <= 0; - &sub($tmp2, &Np($c)) if $o == 1; - } else { - &or($tmp2, $tmp1); - &mov($tmp1, &Np($c)); - &rotl($c, 10); - &lea($a, &DWP($K,$a,$tmp2,1)); - &xor($tmp1, &Np($d)); - } - &rotl($a, $s); - &add($a, $e); - } - } - -sub RIP3 - { - local($a,$b,$c,$d,$e,$pos,$s,$K,$o,$pos2)=@_; - - &comment($p++); - if ($p & 1) - { -# &mov($tmp2, -1) if $o < -1; -# &sub($tmp2, $c) if $o < -1; - &mov($tmp1, &Xv($pos)); - &or($tmp2, $b); - &add($a, $tmp1); - &xor($tmp2, $d); - &mov($tmp1, -1) if $o <= 0; # NEXT - # XXX - &rotl($c, 10); - &lea($a, &DWP($K,$a,$tmp2,1)); - &sub($tmp1, &Np($c)) if $o <= 0; # NEXT - # XXX - &rotl($a, $s); - &add($a, $e); - } - else - { - &mov($tmp2, &Xv($pos)); - &or($tmp1, $b); - &add($a, $tmp2); - &xor($tmp1, $d); - &mov($tmp2, -1) if $o <= 0; # NEXT - &mov($tmp2, -1) if $o == 1; - &mov($tmp2, &Xv($pos2)) if $o == 2; - &rotl($c, 10); - &lea($a, &DWP($K,$a,$tmp1,1)); - &sub($tmp2, &Np($c)) if $o <= 0; # NEXT - &mov($tmp1, &Np($d)) if $o == 1; - &mov($tmp1, -1) if $o == 2; - &rotl($a, $s); - &add($a, $e); - } - } - -sub RIP4 - { - local($a,$b,$c,$d,$e,$pos,$s,$K,$o)=@_; - - &comment($p++); - if ($p & 1) - { -# &mov($tmp2, -1) if $o == -2; -# &mov($tmp1, $d) if $o == -2; - &sub($tmp2, $d); - &and($tmp1, $b); - &and($tmp2, $c); - &or($tmp2, $tmp1); - &mov($tmp1, &Xv($pos)); - &rotl($c, 10); - &lea($a, &DWP($K,$a,$tmp2)); - &mov($tmp2, -1) unless $o > 0; # NEXT - # XXX - &add($a, $tmp1); - &mov($tmp1, &Np($d)) unless $o > 0; # NEXT - # XXX - &rotl($a, $s); - &add($a, $e); - } - else - { - &sub($tmp2, $d); - &and($tmp1, $b); - &and($tmp2, $c); - &or($tmp2, $tmp1); - &mov($tmp1, &Xv($pos)); - &rotl($c, 10); - &lea($a, &DWP($K,$a,$tmp2)); - &mov($tmp2, -1) if $o == 0; # NEXT - &mov($tmp2, -1) if $o == 1; - &mov($tmp2, -1) if $o == 2; - # XXX - &add($a, $tmp1); - &mov($tmp1, &Np($d)) if $o == 0; # NEXT - &sub($tmp2, &Np($d)) if $o == 1; - &sub($tmp2, &Np($c)) if $o == 2; - # XXX - &rotl($a, $s); - &add($a, $e); - } - } - -sub RIP5 - { - local($a,$b,$c,$d,$e,$pos,$s,$K,$o)=@_; - - &comment($p++); - if ($p & 1) - { - &mov($tmp2, -1) if $o == -2; - &sub($tmp2, $d) if $o == -2; - &mov($tmp1, &Xv($pos)); - &or($tmp2, $c); - &add($a, $tmp1); - &xor($tmp2, $b); - &mov($tmp1, -1) if $o <= 0; - # XXX - &rotl($c, 10); - &lea($a, &DWP($K,$a,$tmp2,1)); - &sub($tmp1, &Np($d)) if $o <= 0; - # XXX - &rotl($a, $s); - &add($a, $e); - } - else - { - &mov($tmp2, &Xv($pos)); - &or($tmp1, $c); - &add($a, $tmp2); - &xor($tmp1, $b); - &mov($tmp2, -1) if $o <= 0; - &mov($tmp2, &wparam(0)) if $o == 1; # Middle code - &mov($tmp2, -1) if $o == 2; - &rotl($c, 10); - &lea($a, &DWP($K,$a,$tmp1,1)); - &sub($tmp2, &Np($d)) if $o <= 0; - &mov(&swtmp(16), $A) if $o == 1; - &mov($tmp1, &Np($d)) if $o == 2; - &rotl($a, $s); - &add($a, $e); - } - } - -sub ripemd160_block - { - local($name)=@_; - - &function_begin_B($name,"",3); - - # parameter 1 is the RIPEMD160_CTX structure. - # A 0 - # B 4 - # C 8 - # D 12 - # E 16 - - &mov($tmp2, &wparam(0)); - &mov($tmp1, &wparam(1)); - &push("esi"); - &mov($A, &DWP( 0,$tmp2,"",0)); - &push("edi"); - &mov($B, &DWP( 4,$tmp2,"",0)); - &push("ebp"); - &mov($C, &DWP( 8,$tmp2,"",0)); - &push("ebx"); - &stack_push(16+5+6); - # Special comment about the figure of 6. - # Idea is to pad the current frame so - # that the top of the stack gets fairly - # aligned. Well, as you realize it would - # always depend on how the frame below is - # aligned. The good news are that gcc-2.95 - # and later does keep first argument at - # least double-wise aligned. - - &set_label("start") unless $normal; - &comment(""); - - # &mov($tmp1, &wparam(1)); # Done at end of loop - # &mov($tmp2, &wparam(0)); # Done at end of loop - - for ($z=0; $z<16; $z+=2) - { - &mov($D, &DWP( $z*4,$tmp1,"",0)); - &mov($E, &DWP( ($z+1)*4,$tmp1,"",0)); - &mov(&swtmp($z), $D); - &mov(&swtmp($z+1), $E); - } - &mov($tmp1, $C); - &mov($D, &DWP(12,$tmp2,"",0)); - &mov($E, &DWP(16,$tmp2,"",0)); - - &RIP1($A,$B,$C,$D,$E,$wl[ 0],$sl[ 0],-1); - &RIP1($E,$A,$B,$C,$D,$wl[ 1],$sl[ 1],0); - &RIP1($D,$E,$A,$B,$C,$wl[ 2],$sl[ 2],0); - &RIP1($C,$D,$E,$A,$B,$wl[ 3],$sl[ 3],0); - &RIP1($B,$C,$D,$E,$A,$wl[ 4],$sl[ 4],0); - &RIP1($A,$B,$C,$D,$E,$wl[ 5],$sl[ 5],0); - &RIP1($E,$A,$B,$C,$D,$wl[ 6],$sl[ 6],0); - &RIP1($D,$E,$A,$B,$C,$wl[ 7],$sl[ 7],0); - &RIP1($C,$D,$E,$A,$B,$wl[ 8],$sl[ 8],0); - &RIP1($B,$C,$D,$E,$A,$wl[ 9],$sl[ 9],0); - &RIP1($A,$B,$C,$D,$E,$wl[10],$sl[10],0); - &RIP1($E,$A,$B,$C,$D,$wl[11],$sl[11],0); - &RIP1($D,$E,$A,$B,$C,$wl[12],$sl[12],0); - &RIP1($C,$D,$E,$A,$B,$wl[13],$sl[13],0); - &RIP1($B,$C,$D,$E,$A,$wl[14],$sl[14],0); - &RIP1($A,$B,$C,$D,$E,$wl[15],$sl[15],1,$wl[16]); - - &RIP2($E,$A,$B,$C,$D,$wl[16],$wl[17],$sl[16],$KL1,-1); - &RIP2($D,$E,$A,$B,$C,$wl[17],$wl[18],$sl[17],$KL1,0); - &RIP2($C,$D,$E,$A,$B,$wl[18],$wl[19],$sl[18],$KL1,0); - &RIP2($B,$C,$D,$E,$A,$wl[19],$wl[20],$sl[19],$KL1,0); - &RIP2($A,$B,$C,$D,$E,$wl[20],$wl[21],$sl[20],$KL1,0); - &RIP2($E,$A,$B,$C,$D,$wl[21],$wl[22],$sl[21],$KL1,0); - &RIP2($D,$E,$A,$B,$C,$wl[22],$wl[23],$sl[22],$KL1,0); - &RIP2($C,$D,$E,$A,$B,$wl[23],$wl[24],$sl[23],$KL1,0); - &RIP2($B,$C,$D,$E,$A,$wl[24],$wl[25],$sl[24],$KL1,0); - &RIP2($A,$B,$C,$D,$E,$wl[25],$wl[26],$sl[25],$KL1,0); - &RIP2($E,$A,$B,$C,$D,$wl[26],$wl[27],$sl[26],$KL1,0); - &RIP2($D,$E,$A,$B,$C,$wl[27],$wl[28],$sl[27],$KL1,0); - &RIP2($C,$D,$E,$A,$B,$wl[28],$wl[29],$sl[28],$KL1,0); - &RIP2($B,$C,$D,$E,$A,$wl[29],$wl[30],$sl[29],$KL1,0); - &RIP2($A,$B,$C,$D,$E,$wl[30],$wl[31],$sl[30],$KL1,0); - &RIP2($E,$A,$B,$C,$D,$wl[31],$wl[32],$sl[31],$KL1,1); - - &RIP3($D,$E,$A,$B,$C,$wl[32],$sl[32],$KL2,-1); - &RIP3($C,$D,$E,$A,$B,$wl[33],$sl[33],$KL2,0); - &RIP3($B,$C,$D,$E,$A,$wl[34],$sl[34],$KL2,0); - &RIP3($A,$B,$C,$D,$E,$wl[35],$sl[35],$KL2,0); - &RIP3($E,$A,$B,$C,$D,$wl[36],$sl[36],$KL2,0); - &RIP3($D,$E,$A,$B,$C,$wl[37],$sl[37],$KL2,0); - &RIP3($C,$D,$E,$A,$B,$wl[38],$sl[38],$KL2,0); - &RIP3($B,$C,$D,$E,$A,$wl[39],$sl[39],$KL2,0); - &RIP3($A,$B,$C,$D,$E,$wl[40],$sl[40],$KL2,0); - &RIP3($E,$A,$B,$C,$D,$wl[41],$sl[41],$KL2,0); - &RIP3($D,$E,$A,$B,$C,$wl[42],$sl[42],$KL2,0); - &RIP3($C,$D,$E,$A,$B,$wl[43],$sl[43],$KL2,0); - &RIP3($B,$C,$D,$E,$A,$wl[44],$sl[44],$KL2,0); - &RIP3($A,$B,$C,$D,$E,$wl[45],$sl[45],$KL2,0); - &RIP3($E,$A,$B,$C,$D,$wl[46],$sl[46],$KL2,0); - &RIP3($D,$E,$A,$B,$C,$wl[47],$sl[47],$KL2,1); - - &RIP4($C,$D,$E,$A,$B,$wl[48],$sl[48],$KL3,-1); - &RIP4($B,$C,$D,$E,$A,$wl[49],$sl[49],$KL3,0); - &RIP4($A,$B,$C,$D,$E,$wl[50],$sl[50],$KL3,0); - &RIP4($E,$A,$B,$C,$D,$wl[51],$sl[51],$KL3,0); - &RIP4($D,$E,$A,$B,$C,$wl[52],$sl[52],$KL3,0); - &RIP4($C,$D,$E,$A,$B,$wl[53],$sl[53],$KL3,0); - &RIP4($B,$C,$D,$E,$A,$wl[54],$sl[54],$KL3,0); - &RIP4($A,$B,$C,$D,$E,$wl[55],$sl[55],$KL3,0); - &RIP4($E,$A,$B,$C,$D,$wl[56],$sl[56],$KL3,0); - &RIP4($D,$E,$A,$B,$C,$wl[57],$sl[57],$KL3,0); - &RIP4($C,$D,$E,$A,$B,$wl[58],$sl[58],$KL3,0); - &RIP4($B,$C,$D,$E,$A,$wl[59],$sl[59],$KL3,0); - &RIP4($A,$B,$C,$D,$E,$wl[60],$sl[60],$KL3,0); - &RIP4($E,$A,$B,$C,$D,$wl[61],$sl[61],$KL3,0); - &RIP4($D,$E,$A,$B,$C,$wl[62],$sl[62],$KL3,0); - &RIP4($C,$D,$E,$A,$B,$wl[63],$sl[63],$KL3,1); - - &RIP5($B,$C,$D,$E,$A,$wl[64],$sl[64],$KL4,-1); - &RIP5($A,$B,$C,$D,$E,$wl[65],$sl[65],$KL4,0); - &RIP5($E,$A,$B,$C,$D,$wl[66],$sl[66],$KL4,0); - &RIP5($D,$E,$A,$B,$C,$wl[67],$sl[67],$KL4,0); - &RIP5($C,$D,$E,$A,$B,$wl[68],$sl[68],$KL4,0); - &RIP5($B,$C,$D,$E,$A,$wl[69],$sl[69],$KL4,0); - &RIP5($A,$B,$C,$D,$E,$wl[70],$sl[70],$KL4,0); - &RIP5($E,$A,$B,$C,$D,$wl[71],$sl[71],$KL4,0); - &RIP5($D,$E,$A,$B,$C,$wl[72],$sl[72],$KL4,0); - &RIP5($C,$D,$E,$A,$B,$wl[73],$sl[73],$KL4,0); - &RIP5($B,$C,$D,$E,$A,$wl[74],$sl[74],$KL4,0); - &RIP5($A,$B,$C,$D,$E,$wl[75],$sl[75],$KL4,0); - &RIP5($E,$A,$B,$C,$D,$wl[76],$sl[76],$KL4,0); - &RIP5($D,$E,$A,$B,$C,$wl[77],$sl[77],$KL4,0); - &RIP5($C,$D,$E,$A,$B,$wl[78],$sl[78],$KL4,0); - &RIP5($B,$C,$D,$E,$A,$wl[79],$sl[79],$KL4,1); - - # &mov($tmp2, &wparam(0)); # moved into last RIP5 - # &mov(&swtmp(16), $A); - &mov($A, &DWP( 0,$tmp2,"",0)); - &mov(&swtmp(16+1), $B); - &mov(&swtmp(16+2), $C); - &mov($B, &DWP( 4,$tmp2,"",0)); - &mov(&swtmp(16+3), $D); - &mov($C, &DWP( 8,$tmp2,"",0)); - &mov(&swtmp(16+4), $E); - &mov($D, &DWP(12,$tmp2,"",0)); - &mov($E, &DWP(16,$tmp2,"",0)); - - &RIP5($A,$B,$C,$D,$E,$wr[ 0],$sr[ 0],$KR0,-2); - &RIP5($E,$A,$B,$C,$D,$wr[ 1],$sr[ 1],$KR0,0); - &RIP5($D,$E,$A,$B,$C,$wr[ 2],$sr[ 2],$KR0,0); - &RIP5($C,$D,$E,$A,$B,$wr[ 3],$sr[ 3],$KR0,0); - &RIP5($B,$C,$D,$E,$A,$wr[ 4],$sr[ 4],$KR0,0); - &RIP5($A,$B,$C,$D,$E,$wr[ 5],$sr[ 5],$KR0,0); - &RIP5($E,$A,$B,$C,$D,$wr[ 6],$sr[ 6],$KR0,0); - &RIP5($D,$E,$A,$B,$C,$wr[ 7],$sr[ 7],$KR0,0); - &RIP5($C,$D,$E,$A,$B,$wr[ 8],$sr[ 8],$KR0,0); - &RIP5($B,$C,$D,$E,$A,$wr[ 9],$sr[ 9],$KR0,0); - &RIP5($A,$B,$C,$D,$E,$wr[10],$sr[10],$KR0,0); - &RIP5($E,$A,$B,$C,$D,$wr[11],$sr[11],$KR0,0); - &RIP5($D,$E,$A,$B,$C,$wr[12],$sr[12],$KR0,0); - &RIP5($C,$D,$E,$A,$B,$wr[13],$sr[13],$KR0,0); - &RIP5($B,$C,$D,$E,$A,$wr[14],$sr[14],$KR0,0); - &RIP5($A,$B,$C,$D,$E,$wr[15],$sr[15],$KR0,2); - - &RIP4($E,$A,$B,$C,$D,$wr[16],$sr[16],$KR1,-2); - &RIP4($D,$E,$A,$B,$C,$wr[17],$sr[17],$KR1,0); - &RIP4($C,$D,$E,$A,$B,$wr[18],$sr[18],$KR1,0); - &RIP4($B,$C,$D,$E,$A,$wr[19],$sr[19],$KR1,0); - &RIP4($A,$B,$C,$D,$E,$wr[20],$sr[20],$KR1,0); - &RIP4($E,$A,$B,$C,$D,$wr[21],$sr[21],$KR1,0); - &RIP4($D,$E,$A,$B,$C,$wr[22],$sr[22],$KR1,0); - &RIP4($C,$D,$E,$A,$B,$wr[23],$sr[23],$KR1,0); - &RIP4($B,$C,$D,$E,$A,$wr[24],$sr[24],$KR1,0); - &RIP4($A,$B,$C,$D,$E,$wr[25],$sr[25],$KR1,0); - &RIP4($E,$A,$B,$C,$D,$wr[26],$sr[26],$KR1,0); - &RIP4($D,$E,$A,$B,$C,$wr[27],$sr[27],$KR1,0); - &RIP4($C,$D,$E,$A,$B,$wr[28],$sr[28],$KR1,0); - &RIP4($B,$C,$D,$E,$A,$wr[29],$sr[29],$KR1,0); - &RIP4($A,$B,$C,$D,$E,$wr[30],$sr[30],$KR1,0); - &RIP4($E,$A,$B,$C,$D,$wr[31],$sr[31],$KR1,2); - - &RIP3($D,$E,$A,$B,$C,$wr[32],$sr[32],$KR2,-2); - &RIP3($C,$D,$E,$A,$B,$wr[33],$sr[33],$KR2,0); - &RIP3($B,$C,$D,$E,$A,$wr[34],$sr[34],$KR2,0); - &RIP3($A,$B,$C,$D,$E,$wr[35],$sr[35],$KR2,0); - &RIP3($E,$A,$B,$C,$D,$wr[36],$sr[36],$KR2,0); - &RIP3($D,$E,$A,$B,$C,$wr[37],$sr[37],$KR2,0); - &RIP3($C,$D,$E,$A,$B,$wr[38],$sr[38],$KR2,0); - &RIP3($B,$C,$D,$E,$A,$wr[39],$sr[39],$KR2,0); - &RIP3($A,$B,$C,$D,$E,$wr[40],$sr[40],$KR2,0); - &RIP3($E,$A,$B,$C,$D,$wr[41],$sr[41],$KR2,0); - &RIP3($D,$E,$A,$B,$C,$wr[42],$sr[42],$KR2,0); - &RIP3($C,$D,$E,$A,$B,$wr[43],$sr[43],$KR2,0); - &RIP3($B,$C,$D,$E,$A,$wr[44],$sr[44],$KR2,0); - &RIP3($A,$B,$C,$D,$E,$wr[45],$sr[45],$KR2,0); - &RIP3($E,$A,$B,$C,$D,$wr[46],$sr[46],$KR2,0); - &RIP3($D,$E,$A,$B,$C,$wr[47],$sr[47],$KR2,2,$wr[48]); - - &RIP2($C,$D,$E,$A,$B,$wr[48],$wr[49],$sr[48],$KR3,-2); - &RIP2($B,$C,$D,$E,$A,$wr[49],$wr[50],$sr[49],$KR3,0); - &RIP2($A,$B,$C,$D,$E,$wr[50],$wr[51],$sr[50],$KR3,0); - &RIP2($E,$A,$B,$C,$D,$wr[51],$wr[52],$sr[51],$KR3,0); - &RIP2($D,$E,$A,$B,$C,$wr[52],$wr[53],$sr[52],$KR3,0); - &RIP2($C,$D,$E,$A,$B,$wr[53],$wr[54],$sr[53],$KR3,0); - &RIP2($B,$C,$D,$E,$A,$wr[54],$wr[55],$sr[54],$KR3,0); - &RIP2($A,$B,$C,$D,$E,$wr[55],$wr[56],$sr[55],$KR3,0); - &RIP2($E,$A,$B,$C,$D,$wr[56],$wr[57],$sr[56],$KR3,0); - &RIP2($D,$E,$A,$B,$C,$wr[57],$wr[58],$sr[57],$KR3,0); - &RIP2($C,$D,$E,$A,$B,$wr[58],$wr[59],$sr[58],$KR3,0); - &RIP2($B,$C,$D,$E,$A,$wr[59],$wr[60],$sr[59],$KR3,0); - &RIP2($A,$B,$C,$D,$E,$wr[60],$wr[61],$sr[60],$KR3,0); - &RIP2($E,$A,$B,$C,$D,$wr[61],$wr[62],$sr[61],$KR3,0); - &RIP2($D,$E,$A,$B,$C,$wr[62],$wr[63],$sr[62],$KR3,0); - &RIP2($C,$D,$E,$A,$B,$wr[63],$wr[64],$sr[63],$KR3,2); - - &RIP1($B,$C,$D,$E,$A,$wr[64],$sr[64],-2); - &RIP1($A,$B,$C,$D,$E,$wr[65],$sr[65],0); - &RIP1($E,$A,$B,$C,$D,$wr[66],$sr[66],0); - &RIP1($D,$E,$A,$B,$C,$wr[67],$sr[67],0); - &RIP1($C,$D,$E,$A,$B,$wr[68],$sr[68],0); - &RIP1($B,$C,$D,$E,$A,$wr[69],$sr[69],0); - &RIP1($A,$B,$C,$D,$E,$wr[70],$sr[70],0); - &RIP1($E,$A,$B,$C,$D,$wr[71],$sr[71],0); - &RIP1($D,$E,$A,$B,$C,$wr[72],$sr[72],0); - &RIP1($C,$D,$E,$A,$B,$wr[73],$sr[73],0); - &RIP1($B,$C,$D,$E,$A,$wr[74],$sr[74],0); - &RIP1($A,$B,$C,$D,$E,$wr[75],$sr[75],0); - &RIP1($E,$A,$B,$C,$D,$wr[76],$sr[76],0); - &RIP1($D,$E,$A,$B,$C,$wr[77],$sr[77],0); - &RIP1($C,$D,$E,$A,$B,$wr[78],$sr[78],0); - &RIP1($B,$C,$D,$E,$A,$wr[79],$sr[79],2); - - # &mov($tmp2, &wparam(0)); # Moved into last round - - &mov($tmp1, &DWP( 4,$tmp2,"",0)); # ctx->B - &add($D, $tmp1); - &mov($tmp1, &swtmp(16+2)); # $c - &add($D, $tmp1); - - &mov($tmp1, &DWP( 8,$tmp2,"",0)); # ctx->C - &add($E, $tmp1); - &mov($tmp1, &swtmp(16+3)); # $d - &add($E, $tmp1); - - &mov($tmp1, &DWP(12,$tmp2,"",0)); # ctx->D - &add($A, $tmp1); - &mov($tmp1, &swtmp(16+4)); # $e - &add($A, $tmp1); - - - &mov($tmp1, &DWP(16,$tmp2,"",0)); # ctx->E - &add($B, $tmp1); - &mov($tmp1, &swtmp(16+0)); # $a - &add($B, $tmp1); - - &mov($tmp1, &DWP( 0,$tmp2,"",0)); # ctx->A - &add($C, $tmp1); - &mov($tmp1, &swtmp(16+1)); # $b - &add($C, $tmp1); - - &mov($tmp1, &wparam(2)); - - &mov(&DWP( 0,$tmp2,"",0), $D); - &mov(&DWP( 4,$tmp2,"",0), $E); - &mov(&DWP( 8,$tmp2,"",0), $A); - &sub($tmp1,1); - &mov(&DWP(12,$tmp2,"",0), $B); - &mov(&DWP(16,$tmp2,"",0), $C); - - &jle(&label("get_out")); - - &mov(&wparam(2),$tmp1); - &mov($C, $A); - &mov($tmp1, &wparam(1)); - &mov($A, $D); - &add($tmp1, 64); - &mov($B, $E); - &mov(&wparam(1),$tmp1); - - &jmp(&label("start")); - - &set_label("get_out"); - - &stack_pop(16+5+6); - - &pop("ebx"); - &pop("ebp"); - &pop("edi"); - &pop("esi"); - &ret(); - &function_end_B($name); - } - diff --git a/crypto/ripemd/build.info b/crypto/ripemd/build.info deleted file mode 100644 index f050480de4e56060f293747e7374eb47f48de151..0000000000000000000000000000000000000000 --- a/crypto/ripemd/build.info +++ /dev/null @@ -1,29 +0,0 @@ -LIBS=../../libcrypto - -$RMD160ASM= -IF[{- !$disabled{asm} -}] - $RMD160ASM_x86=rmd-586.S - - # Now that we have defined all the arch specific variables, use the - # appropriate one, and define the appropriate macros - IF[$RMD160ASM_{- $target{asm_arch} -}] - $RMD160ASM=$RMD160ASM_{- $target{asm_arch} -} - $RMD160DEF=RMD160_ASM - ENDIF -ENDIF - -# Implementations are now spread across several libraries, so the defines -# need to be applied to all affected libraries and modules - -SOURCE[../../libcrypto]=rmd_dgst.c rmd_one.c $RMD160ASM -DEFINE[../../libcrypto]=$RMD160DEF - -# When all deprecated symbols are removed, libcrypto doesn't export the -# RIPEMD160 functions, so we must include them directly in liblegacy.a -IF[{- $disabled{'deprecated-3.0'} && !$disabled{'module'} -}] - SOURCE[../../providers/liblegacy.a]=rmd_dgst.c rmd_one.c $RMD160ASM - DEFINE[../../providers/liblegacy.a]=$RMD160DEF -ENDIF - -GENERATE[rmd-586.S]=asm/rmd-586.pl -DEPEND[rmd-586.S]=../perlasm/x86asm.pl diff --git a/crypto/ripemd/rmd_dgst.c b/crypto/ripemd/rmd_dgst.c deleted file mode 100644 index 77b9d32d2b142c0bbebf249b76f66090316c939b..0000000000000000000000000000000000000000 --- a/crypto/ripemd/rmd_dgst.c +++ /dev/null @@ -1,288 +0,0 @@ -/* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * RIPEMD160 low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include -#include "rmd_local.h" -#include - -#ifdef RMD160_ASM -void ripemd160_block_x86(RIPEMD160_CTX *c, unsigned long *p, size_t num); -# define ripemd160_block ripemd160_block_x86 -#else -void ripemd160_block(RIPEMD160_CTX *c, unsigned long *p, size_t num); -#endif - -int RIPEMD160_Init(RIPEMD160_CTX *c) -{ - memset(c, 0, sizeof(*c)); - c->A = RIPEMD160_A; - c->B = RIPEMD160_B; - c->C = RIPEMD160_C; - c->D = RIPEMD160_D; - c->E = RIPEMD160_E; - return 1; -} - -#ifndef ripemd160_block_data_order -# ifdef X -# undef X -# endif -void ripemd160_block_data_order(RIPEMD160_CTX *ctx, const void *p, size_t num) -{ - const unsigned char *data = p; - register unsigned MD32_REG_T A, B, C, D, E; - unsigned MD32_REG_T a, b, c, d, e, l; -# ifndef MD32_XARRAY - /* See comment in crypto/sha/sha_local.h for details. */ - unsigned MD32_REG_T XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7, - XX8, XX9, XX10, XX11, XX12, XX13, XX14, XX15; -# define X(i) XX##i -# else - RIPEMD160_LONG XX[16]; -# define X(i) XX[i] -# endif - - for (; num--;) { - - A = ctx->A; - B = ctx->B; - C = ctx->C; - D = ctx->D; - E = ctx->E; - - (void)HOST_c2l(data, l); - X(0) = l; - (void)HOST_c2l(data, l); - X(1) = l; - RIP1(A, B, C, D, E, WL00, SL00); - (void)HOST_c2l(data, l); - X(2) = l; - RIP1(E, A, B, C, D, WL01, SL01); - (void)HOST_c2l(data, l); - X(3) = l; - RIP1(D, E, A, B, C, WL02, SL02); - (void)HOST_c2l(data, l); - X(4) = l; - RIP1(C, D, E, A, B, WL03, SL03); - (void)HOST_c2l(data, l); - X(5) = l; - RIP1(B, C, D, E, A, WL04, SL04); - (void)HOST_c2l(data, l); - X(6) = l; - RIP1(A, B, C, D, E, WL05, SL05); - (void)HOST_c2l(data, l); - X(7) = l; - RIP1(E, A, B, C, D, WL06, SL06); - (void)HOST_c2l(data, l); - X(8) = l; - RIP1(D, E, A, B, C, WL07, SL07); - (void)HOST_c2l(data, l); - X(9) = l; - RIP1(C, D, E, A, B, WL08, SL08); - (void)HOST_c2l(data, l); - X(10) = l; - RIP1(B, C, D, E, A, WL09, SL09); - (void)HOST_c2l(data, l); - X(11) = l; - RIP1(A, B, C, D, E, WL10, SL10); - (void)HOST_c2l(data, l); - X(12) = l; - RIP1(E, A, B, C, D, WL11, SL11); - (void)HOST_c2l(data, l); - X(13) = l; - RIP1(D, E, A, B, C, WL12, SL12); - (void)HOST_c2l(data, l); - X(14) = l; - RIP1(C, D, E, A, B, WL13, SL13); - (void)HOST_c2l(data, l); - X(15) = l; - RIP1(B, C, D, E, A, WL14, SL14); - RIP1(A, B, C, D, E, WL15, SL15); - - RIP2(E, A, B, C, D, WL16, SL16, KL1); - RIP2(D, E, A, B, C, WL17, SL17, KL1); - RIP2(C, D, E, A, B, WL18, SL18, KL1); - RIP2(B, C, D, E, A, WL19, SL19, KL1); - RIP2(A, B, C, D, E, WL20, SL20, KL1); - RIP2(E, A, B, C, D, WL21, SL21, KL1); - RIP2(D, E, A, B, C, WL22, SL22, KL1); - RIP2(C, D, E, A, B, WL23, SL23, KL1); - RIP2(B, C, D, E, A, WL24, SL24, KL1); - RIP2(A, B, C, D, E, WL25, SL25, KL1); - RIP2(E, A, B, C, D, WL26, SL26, KL1); - RIP2(D, E, A, B, C, WL27, SL27, KL1); - RIP2(C, D, E, A, B, WL28, SL28, KL1); - RIP2(B, C, D, E, A, WL29, SL29, KL1); - RIP2(A, B, C, D, E, WL30, SL30, KL1); - RIP2(E, A, B, C, D, WL31, SL31, KL1); - - RIP3(D, E, A, B, C, WL32, SL32, KL2); - RIP3(C, D, E, A, B, WL33, SL33, KL2); - RIP3(B, C, D, E, A, WL34, SL34, KL2); - RIP3(A, B, C, D, E, WL35, SL35, KL2); - RIP3(E, A, B, C, D, WL36, SL36, KL2); - RIP3(D, E, A, B, C, WL37, SL37, KL2); - RIP3(C, D, E, A, B, WL38, SL38, KL2); - RIP3(B, C, D, E, A, WL39, SL39, KL2); - RIP3(A, B, C, D, E, WL40, SL40, KL2); - RIP3(E, A, B, C, D, WL41, SL41, KL2); - RIP3(D, E, A, B, C, WL42, SL42, KL2); - RIP3(C, D, E, A, B, WL43, SL43, KL2); - RIP3(B, C, D, E, A, WL44, SL44, KL2); - RIP3(A, B, C, D, E, WL45, SL45, KL2); - RIP3(E, A, B, C, D, WL46, SL46, KL2); - RIP3(D, E, A, B, C, WL47, SL47, KL2); - - RIP4(C, D, E, A, B, WL48, SL48, KL3); - RIP4(B, C, D, E, A, WL49, SL49, KL3); - RIP4(A, B, C, D, E, WL50, SL50, KL3); - RIP4(E, A, B, C, D, WL51, SL51, KL3); - RIP4(D, E, A, B, C, WL52, SL52, KL3); - RIP4(C, D, E, A, B, WL53, SL53, KL3); - RIP4(B, C, D, E, A, WL54, SL54, KL3); - RIP4(A, B, C, D, E, WL55, SL55, KL3); - RIP4(E, A, B, C, D, WL56, SL56, KL3); - RIP4(D, E, A, B, C, WL57, SL57, KL3); - RIP4(C, D, E, A, B, WL58, SL58, KL3); - RIP4(B, C, D, E, A, WL59, SL59, KL3); - RIP4(A, B, C, D, E, WL60, SL60, KL3); - RIP4(E, A, B, C, D, WL61, SL61, KL3); - RIP4(D, E, A, B, C, WL62, SL62, KL3); - RIP4(C, D, E, A, B, WL63, SL63, KL3); - - RIP5(B, C, D, E, A, WL64, SL64, KL4); - RIP5(A, B, C, D, E, WL65, SL65, KL4); - RIP5(E, A, B, C, D, WL66, SL66, KL4); - RIP5(D, E, A, B, C, WL67, SL67, KL4); - RIP5(C, D, E, A, B, WL68, SL68, KL4); - RIP5(B, C, D, E, A, WL69, SL69, KL4); - RIP5(A, B, C, D, E, WL70, SL70, KL4); - RIP5(E, A, B, C, D, WL71, SL71, KL4); - RIP5(D, E, A, B, C, WL72, SL72, KL4); - RIP5(C, D, E, A, B, WL73, SL73, KL4); - RIP5(B, C, D, E, A, WL74, SL74, KL4); - RIP5(A, B, C, D, E, WL75, SL75, KL4); - RIP5(E, A, B, C, D, WL76, SL76, KL4); - RIP5(D, E, A, B, C, WL77, SL77, KL4); - RIP5(C, D, E, A, B, WL78, SL78, KL4); - RIP5(B, C, D, E, A, WL79, SL79, KL4); - - a = A; - b = B; - c = C; - d = D; - e = E; - /* Do other half */ - A = ctx->A; - B = ctx->B; - C = ctx->C; - D = ctx->D; - E = ctx->E; - - RIP5(A, B, C, D, E, WR00, SR00, KR0); - RIP5(E, A, B, C, D, WR01, SR01, KR0); - RIP5(D, E, A, B, C, WR02, SR02, KR0); - RIP5(C, D, E, A, B, WR03, SR03, KR0); - RIP5(B, C, D, E, A, WR04, SR04, KR0); - RIP5(A, B, C, D, E, WR05, SR05, KR0); - RIP5(E, A, B, C, D, WR06, SR06, KR0); - RIP5(D, E, A, B, C, WR07, SR07, KR0); - RIP5(C, D, E, A, B, WR08, SR08, KR0); - RIP5(B, C, D, E, A, WR09, SR09, KR0); - RIP5(A, B, C, D, E, WR10, SR10, KR0); - RIP5(E, A, B, C, D, WR11, SR11, KR0); - RIP5(D, E, A, B, C, WR12, SR12, KR0); - RIP5(C, D, E, A, B, WR13, SR13, KR0); - RIP5(B, C, D, E, A, WR14, SR14, KR0); - RIP5(A, B, C, D, E, WR15, SR15, KR0); - - RIP4(E, A, B, C, D, WR16, SR16, KR1); - RIP4(D, E, A, B, C, WR17, SR17, KR1); - RIP4(C, D, E, A, B, WR18, SR18, KR1); - RIP4(B, C, D, E, A, WR19, SR19, KR1); - RIP4(A, B, C, D, E, WR20, SR20, KR1); - RIP4(E, A, B, C, D, WR21, SR21, KR1); - RIP4(D, E, A, B, C, WR22, SR22, KR1); - RIP4(C, D, E, A, B, WR23, SR23, KR1); - RIP4(B, C, D, E, A, WR24, SR24, KR1); - RIP4(A, B, C, D, E, WR25, SR25, KR1); - RIP4(E, A, B, C, D, WR26, SR26, KR1); - RIP4(D, E, A, B, C, WR27, SR27, KR1); - RIP4(C, D, E, A, B, WR28, SR28, KR1); - RIP4(B, C, D, E, A, WR29, SR29, KR1); - RIP4(A, B, C, D, E, WR30, SR30, KR1); - RIP4(E, A, B, C, D, WR31, SR31, KR1); - - RIP3(D, E, A, B, C, WR32, SR32, KR2); - RIP3(C, D, E, A, B, WR33, SR33, KR2); - RIP3(B, C, D, E, A, WR34, SR34, KR2); - RIP3(A, B, C, D, E, WR35, SR35, KR2); - RIP3(E, A, B, C, D, WR36, SR36, KR2); - RIP3(D, E, A, B, C, WR37, SR37, KR2); - RIP3(C, D, E, A, B, WR38, SR38, KR2); - RIP3(B, C, D, E, A, WR39, SR39, KR2); - RIP3(A, B, C, D, E, WR40, SR40, KR2); - RIP3(E, A, B, C, D, WR41, SR41, KR2); - RIP3(D, E, A, B, C, WR42, SR42, KR2); - RIP3(C, D, E, A, B, WR43, SR43, KR2); - RIP3(B, C, D, E, A, WR44, SR44, KR2); - RIP3(A, B, C, D, E, WR45, SR45, KR2); - RIP3(E, A, B, C, D, WR46, SR46, KR2); - RIP3(D, E, A, B, C, WR47, SR47, KR2); - - RIP2(C, D, E, A, B, WR48, SR48, KR3); - RIP2(B, C, D, E, A, WR49, SR49, KR3); - RIP2(A, B, C, D, E, WR50, SR50, KR3); - RIP2(E, A, B, C, D, WR51, SR51, KR3); - RIP2(D, E, A, B, C, WR52, SR52, KR3); - RIP2(C, D, E, A, B, WR53, SR53, KR3); - RIP2(B, C, D, E, A, WR54, SR54, KR3); - RIP2(A, B, C, D, E, WR55, SR55, KR3); - RIP2(E, A, B, C, D, WR56, SR56, KR3); - RIP2(D, E, A, B, C, WR57, SR57, KR3); - RIP2(C, D, E, A, B, WR58, SR58, KR3); - RIP2(B, C, D, E, A, WR59, SR59, KR3); - RIP2(A, B, C, D, E, WR60, SR60, KR3); - RIP2(E, A, B, C, D, WR61, SR61, KR3); - RIP2(D, E, A, B, C, WR62, SR62, KR3); - RIP2(C, D, E, A, B, WR63, SR63, KR3); - - RIP1(B, C, D, E, A, WR64, SR64); - RIP1(A, B, C, D, E, WR65, SR65); - RIP1(E, A, B, C, D, WR66, SR66); - RIP1(D, E, A, B, C, WR67, SR67); - RIP1(C, D, E, A, B, WR68, SR68); - RIP1(B, C, D, E, A, WR69, SR69); - RIP1(A, B, C, D, E, WR70, SR70); - RIP1(E, A, B, C, D, WR71, SR71); - RIP1(D, E, A, B, C, WR72, SR72); - RIP1(C, D, E, A, B, WR73, SR73); - RIP1(B, C, D, E, A, WR74, SR74); - RIP1(A, B, C, D, E, WR75, SR75); - RIP1(E, A, B, C, D, WR76, SR76); - RIP1(D, E, A, B, C, WR77, SR77); - RIP1(C, D, E, A, B, WR78, SR78); - RIP1(B, C, D, E, A, WR79, SR79); - - D = ctx->B + c + D; - ctx->B = ctx->C + d + E; - ctx->C = ctx->D + e + A; - ctx->D = ctx->E + a + B; - ctx->E = ctx->A + b + C; - ctx->A = D; - - } -} -#endif diff --git a/crypto/ripemd/rmd_local.h b/crypto/ripemd/rmd_local.h deleted file mode 100644 index 325cb98cc3090dcb70eae36ebff65dddac58bfa4..0000000000000000000000000000000000000000 --- a/crypto/ripemd/rmd_local.h +++ /dev/null @@ -1,87 +0,0 @@ -/* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include - -/* - * DO EXAMINE COMMENTS IN crypto/md5/md5_local.h & crypto/md5/md5_dgst.c - * FOR EXPLANATIONS ON FOLLOWING "CODE." - */ -#ifdef RMD160_ASM -# if defined(__i386) || defined(__i386__) || defined(_M_IX86) -# define ripemd160_block_data_order ripemd160_block_asm_data_order -# endif -#endif - -void ripemd160_block_data_order(RIPEMD160_CTX *c, const void *p, size_t num); - -#define DATA_ORDER_IS_LITTLE_ENDIAN - -#define HASH_LONG RIPEMD160_LONG -#define HASH_CTX RIPEMD160_CTX -#define HASH_CBLOCK RIPEMD160_CBLOCK -#define HASH_UPDATE RIPEMD160_Update -#define HASH_TRANSFORM RIPEMD160_Transform -#define HASH_FINAL RIPEMD160_Final -#define HASH_MAKE_STRING(c,s) do { \ - unsigned long ll; \ - ll=(c)->A; (void)HOST_l2c(ll,(s)); \ - ll=(c)->B; (void)HOST_l2c(ll,(s)); \ - ll=(c)->C; (void)HOST_l2c(ll,(s)); \ - ll=(c)->D; (void)HOST_l2c(ll,(s)); \ - ll=(c)->E; (void)HOST_l2c(ll,(s)); \ - } while (0) -#define HASH_BLOCK_DATA_ORDER ripemd160_block_data_order - -#include "crypto/md32_common.h" - -/* - * Transformed F2 and F4 are courtesy of Wei Dai - */ -#define F1(x,y,z) ((x) ^ (y) ^ (z)) -#define F2(x,y,z) ((((y) ^ (z)) & (x)) ^ (z)) -#define F3(x,y,z) (((~(y)) | (x)) ^ (z)) -#define F4(x,y,z) ((((x) ^ (y)) & (z)) ^ (y)) -#define F5(x,y,z) (((~(z)) | (y)) ^ (x)) - -#define RIPEMD160_A 0x67452301L -#define RIPEMD160_B 0xEFCDAB89L -#define RIPEMD160_C 0x98BADCFEL -#define RIPEMD160_D 0x10325476L -#define RIPEMD160_E 0xC3D2E1F0L - -#include "rmdconst.h" - -#define RIP1(a,b,c,d,e,w,s) { \ - a+=F1(b,c,d)+X(w); \ - a=ROTATE(a,s)+e; \ - c=ROTATE(c,10); } - -#define RIP2(a,b,c,d,e,w,s,K) { \ - a+=F2(b,c,d)+X(w)+K; \ - a=ROTATE(a,s)+e; \ - c=ROTATE(c,10); } - -#define RIP3(a,b,c,d,e,w,s,K) { \ - a+=F3(b,c,d)+X(w)+K; \ - a=ROTATE(a,s)+e; \ - c=ROTATE(c,10); } - -#define RIP4(a,b,c,d,e,w,s,K) { \ - a+=F4(b,c,d)+X(w)+K; \ - a=ROTATE(a,s)+e; \ - c=ROTATE(c,10); } - -#define RIP5(a,b,c,d,e,w,s,K) { \ - a+=F5(b,c,d)+X(w)+K; \ - a=ROTATE(a,s)+e; \ - c=ROTATE(c,10); } diff --git a/crypto/ripemd/rmd_one.c b/crypto/ripemd/rmd_one.c deleted file mode 100644 index dcd7bae1dc892695c4399e8e2c8dc23ff86662ac..0000000000000000000000000000000000000000 --- a/crypto/ripemd/rmd_one.c +++ /dev/null @@ -1,34 +0,0 @@ -/* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * RIPEMD160 low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include -#include -#include -#include - -unsigned char *RIPEMD160(const unsigned char *d, size_t n, unsigned char *md) -{ - RIPEMD160_CTX c; - static unsigned char m[RIPEMD160_DIGEST_LENGTH]; - - if (md == NULL) - md = m; - if (!RIPEMD160_Init(&c)) - return NULL; - RIPEMD160_Update(&c, d, n); - RIPEMD160_Final(md, &c); - OPENSSL_cleanse(&c, sizeof(c)); /* security consideration */ - return md; -} diff --git a/crypto/ripemd/rmdconst.h b/crypto/ripemd/rmdconst.h deleted file mode 100644 index 0e19410ade10828bf6df364923ce2e11e613749b..0000000000000000000000000000000000000000 --- a/crypto/ripemd/rmdconst.h +++ /dev/null @@ -1,350 +0,0 @@ -/* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#define KL0 0x00000000L -#define KL1 0x5A827999L -#define KL2 0x6ED9EBA1L -#define KL3 0x8F1BBCDCL -#define KL4 0xA953FD4EL - -#define KR0 0x50A28BE6L -#define KR1 0x5C4DD124L -#define KR2 0x6D703EF3L -#define KR3 0x7A6D76E9L -#define KR4 0x00000000L - -#define WL00 0 -#define SL00 11 -#define WL01 1 -#define SL01 14 -#define WL02 2 -#define SL02 15 -#define WL03 3 -#define SL03 12 -#define WL04 4 -#define SL04 5 -#define WL05 5 -#define SL05 8 -#define WL06 6 -#define SL06 7 -#define WL07 7 -#define SL07 9 -#define WL08 8 -#define SL08 11 -#define WL09 9 -#define SL09 13 -#define WL10 10 -#define SL10 14 -#define WL11 11 -#define SL11 15 -#define WL12 12 -#define SL12 6 -#define WL13 13 -#define SL13 7 -#define WL14 14 -#define SL14 9 -#define WL15 15 -#define SL15 8 - -#define WL16 7 -#define SL16 7 -#define WL17 4 -#define SL17 6 -#define WL18 13 -#define SL18 8 -#define WL19 1 -#define SL19 13 -#define WL20 10 -#define SL20 11 -#define WL21 6 -#define SL21 9 -#define WL22 15 -#define SL22 7 -#define WL23 3 -#define SL23 15 -#define WL24 12 -#define SL24 7 -#define WL25 0 -#define SL25 12 -#define WL26 9 -#define SL26 15 -#define WL27 5 -#define SL27 9 -#define WL28 2 -#define SL28 11 -#define WL29 14 -#define SL29 7 -#define WL30 11 -#define SL30 13 -#define WL31 8 -#define SL31 12 - -#define WL32 3 -#define SL32 11 -#define WL33 10 -#define SL33 13 -#define WL34 14 -#define SL34 6 -#define WL35 4 -#define SL35 7 -#define WL36 9 -#define SL36 14 -#define WL37 15 -#define SL37 9 -#define WL38 8 -#define SL38 13 -#define WL39 1 -#define SL39 15 -#define WL40 2 -#define SL40 14 -#define WL41 7 -#define SL41 8 -#define WL42 0 -#define SL42 13 -#define WL43 6 -#define SL43 6 -#define WL44 13 -#define SL44 5 -#define WL45 11 -#define SL45 12 -#define WL46 5 -#define SL46 7 -#define WL47 12 -#define SL47 5 - -#define WL48 1 -#define SL48 11 -#define WL49 9 -#define SL49 12 -#define WL50 11 -#define SL50 14 -#define WL51 10 -#define SL51 15 -#define WL52 0 -#define SL52 14 -#define WL53 8 -#define SL53 15 -#define WL54 12 -#define SL54 9 -#define WL55 4 -#define SL55 8 -#define WL56 13 -#define SL56 9 -#define WL57 3 -#define SL57 14 -#define WL58 7 -#define SL58 5 -#define WL59 15 -#define SL59 6 -#define WL60 14 -#define SL60 8 -#define WL61 5 -#define SL61 6 -#define WL62 6 -#define SL62 5 -#define WL63 2 -#define SL63 12 - -#define WL64 4 -#define SL64 9 -#define WL65 0 -#define SL65 15 -#define WL66 5 -#define SL66 5 -#define WL67 9 -#define SL67 11 -#define WL68 7 -#define SL68 6 -#define WL69 12 -#define SL69 8 -#define WL70 2 -#define SL70 13 -#define WL71 10 -#define SL71 12 -#define WL72 14 -#define SL72 5 -#define WL73 1 -#define SL73 12 -#define WL74 3 -#define SL74 13 -#define WL75 8 -#define SL75 14 -#define WL76 11 -#define SL76 11 -#define WL77 6 -#define SL77 8 -#define WL78 15 -#define SL78 5 -#define WL79 13 -#define SL79 6 - -#define WR00 5 -#define SR00 8 -#define WR01 14 -#define SR01 9 -#define WR02 7 -#define SR02 9 -#define WR03 0 -#define SR03 11 -#define WR04 9 -#define SR04 13 -#define WR05 2 -#define SR05 15 -#define WR06 11 -#define SR06 15 -#define WR07 4 -#define SR07 5 -#define WR08 13 -#define SR08 7 -#define WR09 6 -#define SR09 7 -#define WR10 15 -#define SR10 8 -#define WR11 8 -#define SR11 11 -#define WR12 1 -#define SR12 14 -#define WR13 10 -#define SR13 14 -#define WR14 3 -#define SR14 12 -#define WR15 12 -#define SR15 6 - -#define WR16 6 -#define SR16 9 -#define WR17 11 -#define SR17 13 -#define WR18 3 -#define SR18 15 -#define WR19 7 -#define SR19 7 -#define WR20 0 -#define SR20 12 -#define WR21 13 -#define SR21 8 -#define WR22 5 -#define SR22 9 -#define WR23 10 -#define SR23 11 -#define WR24 14 -#define SR24 7 -#define WR25 15 -#define SR25 7 -#define WR26 8 -#define SR26 12 -#define WR27 12 -#define SR27 7 -#define WR28 4 -#define SR28 6 -#define WR29 9 -#define SR29 15 -#define WR30 1 -#define SR30 13 -#define WR31 2 -#define SR31 11 - -#define WR32 15 -#define SR32 9 -#define WR33 5 -#define SR33 7 -#define WR34 1 -#define SR34 15 -#define WR35 3 -#define SR35 11 -#define WR36 7 -#define SR36 8 -#define WR37 14 -#define SR37 6 -#define WR38 6 -#define SR38 6 -#define WR39 9 -#define SR39 14 -#define WR40 11 -#define SR40 12 -#define WR41 8 -#define SR41 13 -#define WR42 12 -#define SR42 5 -#define WR43 2 -#define SR43 14 -#define WR44 10 -#define SR44 13 -#define WR45 0 -#define SR45 13 -#define WR46 4 -#define SR46 7 -#define WR47 13 -#define SR47 5 - -#define WR48 8 -#define SR48 15 -#define WR49 6 -#define SR49 5 -#define WR50 4 -#define SR50 8 -#define WR51 1 -#define SR51 11 -#define WR52 3 -#define SR52 14 -#define WR53 11 -#define SR53 14 -#define WR54 15 -#define SR54 6 -#define WR55 0 -#define SR55 14 -#define WR56 5 -#define SR56 6 -#define WR57 12 -#define SR57 9 -#define WR58 2 -#define SR58 12 -#define WR59 13 -#define SR59 9 -#define WR60 9 -#define SR60 12 -#define WR61 7 -#define SR61 5 -#define WR62 10 -#define SR62 15 -#define WR63 14 -#define SR63 8 - -#define WR64 12 -#define SR64 8 -#define WR65 15 -#define SR65 5 -#define WR66 10 -#define SR66 12 -#define WR67 4 -#define SR67 9 -#define WR68 1 -#define SR68 12 -#define WR69 5 -#define SR69 5 -#define WR70 8 -#define SR70 14 -#define WR71 7 -#define SR71 6 -#define WR72 6 -#define SR72 8 -#define WR73 2 -#define SR73 13 -#define WR74 13 -#define SR74 6 -#define WR75 14 -#define SR75 5 -#define WR76 0 -#define SR76 15 -#define WR77 3 -#define SR77 13 -#define WR78 9 -#define SR78 11 -#define WR79 11 -#define SR79 11 diff --git a/crypto/rsa/build.info b/crypto/rsa/build.info deleted file mode 100644 index ad3370db397c229eb5dd201517dd2ff0ef1350d4..0000000000000000000000000000000000000000 --- a/crypto/rsa/build.info +++ /dev/null @@ -1,22 +0,0 @@ -LIBS=../../libcrypto - -$COMMON=rsa_ossl.c rsa_gen.c rsa_lib.c rsa_sign.c rsa_pk1.c \ - rsa_none.c rsa_oaep.c rsa_chk.c rsa_pss.c rsa_x931.c rsa_crpt.c \ - rsa_sp800_56b_gen.c rsa_sp800_56b_check.c rsa_backend.c \ - rsa_mp_names.c rsa_schemes.c - -SOURCE[../../libcrypto]=$COMMON\ - rsa_saos.c rsa_err.c rsa_asn1.c rsa_ameth.c rsa_prn.c \ - rsa_pmeth.c rsa_meth.c rsa_mp.c -IF[{- !$disabled{'deprecated-0.9.8'} -}] - SOURCE[../../libcrypto]=rsa_depr.c -ENDIF -IF[{- !$disabled{'deprecated-3.0'} -}] - SOURCE[../../libcrypto]=rsa_x931g.c -ENDIF - -SOURCE[../../providers/libfips.a]=$COMMON - -IF[{- !$disabled{'acvp-tests'} -}] - SOURCE[../../providers/libfips.a]=rsa_acvp_test_params.c -ENDIF diff --git a/crypto/rsa/rsa_acvp_test_params.c b/crypto/rsa/rsa_acvp_test_params.c deleted file mode 100644 index fddc1e09941276f689d62da54132d17c527e1b66..0000000000000000000000000000000000000000 --- a/crypto/rsa/rsa_acvp_test_params.c +++ /dev/null @@ -1,167 +0,0 @@ -/* - * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include /* memcpy */ -#include -#include -#include "crypto/rsa.h" -#include "rsa_local.h" - -int ossl_rsa_acvp_test_gen_params_new(OSSL_PARAM **dst, const OSSL_PARAM src[]) -{ - const OSSL_PARAM *p, *s; - OSSL_PARAM *d, *alloc = NULL; - int ret = 1; - - static const OSSL_PARAM settable[] = { - OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_TEST_XP, NULL, 0), - OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_TEST_XP1, NULL, 0), - OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_TEST_XP2, NULL, 0), - OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_TEST_XQ, NULL, 0), - OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_TEST_XQ1, NULL, 0), - OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_TEST_XQ2, NULL, 0), - OSSL_PARAM_END - }; - - /* Assume the first element is a required field if this feature is used */ - p = OSSL_PARAM_locate_const(src, settable[0].key); - if (p == NULL) - return 1; - - /* Zeroing here means the terminator is always set at the end */ - alloc = OPENSSL_zalloc(sizeof(settable)); - if (alloc == NULL) - return 0; - - d = alloc; - for (s = settable; s->key != NULL; ++s) { - /* If src contains a key from settable then copy the src to the dest */ - p = OSSL_PARAM_locate_const(src, s->key); - if (p != NULL) { - *d = *s; /* shallow copy from the static settable[] */ - d->data_size = p->data_size; - d->data = OPENSSL_memdup(p->data, p->data_size); - if (d->data == NULL) - ret = 0; - ++d; - } - } - if (ret == 0) { - ossl_rsa_acvp_test_gen_params_free(alloc); - alloc = NULL; - } - if (*dst != NULL) - ossl_rsa_acvp_test_gen_params_free(*dst); - *dst = alloc; - return ret; -} - -void ossl_rsa_acvp_test_gen_params_free(OSSL_PARAM *dst) -{ - OSSL_PARAM *p; - - if (dst == NULL) - return; - - for (p = dst; p->key != NULL; ++p) { - OPENSSL_free(p->data); - p->data = NULL; - } - OPENSSL_free(dst); -} - -int ossl_rsa_acvp_test_set_params(RSA *r, const OSSL_PARAM params[]) -{ - RSA_ACVP_TEST *t; - const OSSL_PARAM *p; - - if (r->acvp_test != NULL) { - ossl_rsa_acvp_test_free(r->acvp_test); - r->acvp_test = NULL; - } - - t = OPENSSL_zalloc(sizeof(*t)); - if (t == NULL) - return 0; - - /* Set the input parameters */ - if ((p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_TEST_XP1)) != NULL - && !OSSL_PARAM_get_BN(p, &t->Xp1)) - goto err; - if ((p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_TEST_XP2)) != NULL - && !OSSL_PARAM_get_BN(p, &t->Xp2)) - goto err; - if ((p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_TEST_XP)) != NULL - && !OSSL_PARAM_get_BN(p, &t->Xp)) - goto err; - if ((p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_TEST_XQ1)) != NULL - && !OSSL_PARAM_get_BN(p, &t->Xq1)) - goto err; - if ((p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_TEST_XQ2)) != NULL - && !OSSL_PARAM_get_BN(p, &t->Xq2)) - goto err; - if ((p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_TEST_XQ)) != NULL - && !OSSL_PARAM_get_BN(p, &t->Xq)) - goto err; - - /* Setup the output parameters */ - t->p1 = BN_new(); - t->p2 = BN_new(); - t->q1 = BN_new(); - t->q2 = BN_new(); - r->acvp_test = t; - return 1; -err: - ossl_rsa_acvp_test_free(t); - return 0; -} - -int ossl_rsa_acvp_test_get_params(RSA *r, OSSL_PARAM params[]) -{ - RSA_ACVP_TEST *t; - OSSL_PARAM *p; - - if (r == NULL) - return 0; - - t = r->acvp_test; - if (t != NULL) { - if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_RSA_TEST_P1)) != NULL - && !OSSL_PARAM_set_BN(p, t->p1)) - return 0; - if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_RSA_TEST_P2)) != NULL - && !OSSL_PARAM_set_BN(p, t->p2)) - return 0; - if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_RSA_TEST_Q1)) != NULL - && !OSSL_PARAM_set_BN(p, t->q1)) - return 0; - if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_RSA_TEST_Q2)) != NULL - && !OSSL_PARAM_set_BN(p, t->q2)) - return 0; - } - return 1; -} - -void ossl_rsa_acvp_test_free(RSA_ACVP_TEST *t) -{ - if (t != NULL) { - BN_free(t->Xp1); - BN_free(t->Xp2); - BN_free(t->Xp); - BN_free(t->Xq1); - BN_free(t->Xq2); - BN_free(t->Xq); - BN_free(t->p1); - BN_free(t->p2); - BN_free(t->q1); - BN_free(t->q2); - OPENSSL_free(t); - } -} - diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c deleted file mode 100644 index c15554505b37f65a7c9abf79b1d07c38f2133eb9..0000000000000000000000000000000000000000 --- a/crypto/rsa/rsa_ameth.c +++ /dev/null @@ -1,989 +0,0 @@ -/* - * Copyright 2006-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * RSA low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include -#include "internal/cryptlib.h" -#include -#include -#include -#include -#include -#include "crypto/asn1.h" -#include "crypto/evp.h" -#include "crypto/rsa.h" -#include "rsa_local.h" - -/* Set any parameters associated with pkey */ -static int rsa_param_encode(const EVP_PKEY *pkey, - ASN1_STRING **pstr, int *pstrtype) -{ - const RSA *rsa = pkey->pkey.rsa; - - *pstr = NULL; - /* If RSA it's just NULL type */ - if (RSA_test_flags(rsa, RSA_FLAG_TYPE_MASK) != RSA_FLAG_TYPE_RSASSAPSS) { - *pstrtype = V_ASN1_NULL; - return 1; - } - /* If no PSS parameters we omit parameters entirely */ - if (rsa->pss == NULL) { - *pstrtype = V_ASN1_UNDEF; - return 1; - } - /* Encode PSS parameters */ - if (ASN1_item_pack(rsa->pss, ASN1_ITEM_rptr(RSA_PSS_PARAMS), pstr) == NULL) - return 0; - - *pstrtype = V_ASN1_SEQUENCE; - return 1; -} -/* Decode any parameters and set them in RSA structure */ -static int rsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) -{ - unsigned char *penc = NULL; - int penclen; - ASN1_STRING *str; - int strtype; - - if (!rsa_param_encode(pkey, &str, &strtype)) - return 0; - penclen = i2d_RSAPublicKey(pkey->pkey.rsa, &penc); - if (penclen <= 0) - return 0; - if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(pkey->ameth->pkey_id), - strtype, str, penc, penclen)) - return 1; - - OPENSSL_free(penc); - return 0; -} - -static int rsa_pub_decode(EVP_PKEY *pkey, const X509_PUBKEY *pubkey) -{ - const unsigned char *p; - int pklen; - X509_ALGOR *alg; - RSA *rsa = NULL; - - if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, &alg, pubkey)) - return 0; - if ((rsa = d2i_RSAPublicKey(NULL, &p, pklen)) == NULL) - return 0; - if (!ossl_rsa_param_decode(rsa, alg)) { - RSA_free(rsa); - return 0; - } - - RSA_clear_flags(rsa, RSA_FLAG_TYPE_MASK); - switch (pkey->ameth->pkey_id) { - case EVP_PKEY_RSA: - RSA_set_flags(rsa, RSA_FLAG_TYPE_RSA); - break; - case EVP_PKEY_RSA_PSS: - RSA_set_flags(rsa, RSA_FLAG_TYPE_RSASSAPSS); - break; - default: - /* Leave the type bits zero */ - break; - } - - if (!EVP_PKEY_assign(pkey, pkey->ameth->pkey_id, rsa)) { - RSA_free(rsa); - return 0; - } - return 1; -} - -static int rsa_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b) -{ - /* - * Don't check the public/private key, this is mostly for smart - * cards. - */ - if (((RSA_flags(a->pkey.rsa) & RSA_METHOD_FLAG_NO_CHECK)) - || (RSA_flags(b->pkey.rsa) & RSA_METHOD_FLAG_NO_CHECK)) { - return 1; - } - - if (BN_cmp(b->pkey.rsa->n, a->pkey.rsa->n) != 0 - || BN_cmp(b->pkey.rsa->e, a->pkey.rsa->e) != 0) - return 0; - return 1; -} - -static int old_rsa_priv_decode(EVP_PKEY *pkey, - const unsigned char **pder, int derlen) -{ - RSA *rsa; - - if ((rsa = d2i_RSAPrivateKey(NULL, pder, derlen)) == NULL) - return 0; - EVP_PKEY_assign(pkey, pkey->ameth->pkey_id, rsa); - return 1; -} - -static int old_rsa_priv_encode(const EVP_PKEY *pkey, unsigned char **pder) -{ - return i2d_RSAPrivateKey(pkey->pkey.rsa, pder); -} - -static int rsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) -{ - unsigned char *rk = NULL; - int rklen; - ASN1_STRING *str; - int strtype; - - if (!rsa_param_encode(pkey, &str, &strtype)) - return 0; - rklen = i2d_RSAPrivateKey(pkey->pkey.rsa, &rk); - - if (rklen <= 0) { - ERR_raise(ERR_LIB_RSA, ERR_R_MALLOC_FAILURE); - ASN1_STRING_free(str); - return 0; - } - - if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(pkey->ameth->pkey_id), 0, - strtype, str, rk, rklen)) { - ERR_raise(ERR_LIB_RSA, ERR_R_MALLOC_FAILURE); - ASN1_STRING_free(str); - OPENSSL_clear_free(rk, rklen); - return 0; - } - - return 1; -} - -static int rsa_priv_decode(EVP_PKEY *pkey, const PKCS8_PRIV_KEY_INFO *p8) -{ - int ret = 0; - RSA *rsa = ossl_rsa_key_from_pkcs8(p8, NULL, NULL); - - if (rsa != NULL) { - ret = 1; - EVP_PKEY_assign(pkey, pkey->ameth->pkey_id, rsa); - } - return ret; -} - -static int int_rsa_size(const EVP_PKEY *pkey) -{ - return RSA_size(pkey->pkey.rsa); -} - -static int rsa_bits(const EVP_PKEY *pkey) -{ - return BN_num_bits(pkey->pkey.rsa->n); -} - -static int rsa_security_bits(const EVP_PKEY *pkey) -{ - return RSA_security_bits(pkey->pkey.rsa); -} - -static void int_rsa_free(EVP_PKEY *pkey) -{ - RSA_free(pkey->pkey.rsa); -} - -static int rsa_pss_param_print(BIO *bp, int pss_key, RSA_PSS_PARAMS *pss, - int indent) -{ - int rv = 0; - X509_ALGOR *maskHash = NULL; - - if (!BIO_indent(bp, indent, 128)) - goto err; - if (pss_key) { - if (pss == NULL) { - if (BIO_puts(bp, "No PSS parameter restrictions\n") <= 0) - return 0; - return 1; - } else { - if (BIO_puts(bp, "PSS parameter restrictions:") <= 0) - return 0; - } - } else if (pss == NULL) { - if (BIO_puts(bp,"(INVALID PSS PARAMETERS)\n") <= 0) - return 0; - return 1; - } - if (BIO_puts(bp, "\n") <= 0) - goto err; - if (pss_key) - indent += 2; - if (!BIO_indent(bp, indent, 128)) - goto err; - if (BIO_puts(bp, "Hash Algorithm: ") <= 0) - goto err; - - if (pss->hashAlgorithm) { - if (i2a_ASN1_OBJECT(bp, pss->hashAlgorithm->algorithm) <= 0) - goto err; - } else if (BIO_puts(bp, "sha1 (default)") <= 0) { - goto err; - } - - if (BIO_puts(bp, "\n") <= 0) - goto err; - - if (!BIO_indent(bp, indent, 128)) - goto err; - - if (BIO_puts(bp, "Mask Algorithm: ") <= 0) - goto err; - if (pss->maskGenAlgorithm) { - if (i2a_ASN1_OBJECT(bp, pss->maskGenAlgorithm->algorithm) <= 0) - goto err; - if (BIO_puts(bp, " with ") <= 0) - goto err; - maskHash = ossl_x509_algor_mgf1_decode(pss->maskGenAlgorithm); - if (maskHash != NULL) { - if (i2a_ASN1_OBJECT(bp, maskHash->algorithm) <= 0) - goto err; - } else if (BIO_puts(bp, "INVALID") <= 0) { - goto err; - } - } else if (BIO_puts(bp, "mgf1 with sha1 (default)") <= 0) { - goto err; - } - BIO_puts(bp, "\n"); - - if (!BIO_indent(bp, indent, 128)) - goto err; - if (BIO_printf(bp, "%s Salt Length: 0x", pss_key ? "Minimum" : "") <= 0) - goto err; - if (pss->saltLength) { - if (i2a_ASN1_INTEGER(bp, pss->saltLength) <= 0) - goto err; - } else if (BIO_puts(bp, "14 (default)") <= 0) { - goto err; - } - BIO_puts(bp, "\n"); - - if (!BIO_indent(bp, indent, 128)) - goto err; - if (BIO_puts(bp, "Trailer Field: 0x") <= 0) - goto err; - if (pss->trailerField) { - if (i2a_ASN1_INTEGER(bp, pss->trailerField) <= 0) - goto err; - } else if (BIO_puts(bp, "01 (default)") <= 0) { - goto err; - } - BIO_puts(bp, "\n"); - - rv = 1; - - err: - X509_ALGOR_free(maskHash); - return rv; - -} - -static int pkey_rsa_print(BIO *bp, const EVP_PKEY *pkey, int off, int priv) -{ - const RSA *x = pkey->pkey.rsa; - char *str; - const char *s; - int ret = 0, mod_len = 0, ex_primes; - - if (x->n != NULL) - mod_len = BN_num_bits(x->n); - ex_primes = sk_RSA_PRIME_INFO_num(x->prime_infos); - - if (!BIO_indent(bp, off, 128)) - goto err; - - if (BIO_printf(bp, "%s ", pkey_is_pss(pkey) ? "RSA-PSS" : "RSA") <= 0) - goto err; - - if (priv && x->d) { - if (BIO_printf(bp, "Private-Key: (%d bit, %d primes)\n", - mod_len, ex_primes <= 0 ? 2 : ex_primes + 2) <= 0) - goto err; - str = "modulus:"; - s = "publicExponent:"; - } else { - if (BIO_printf(bp, "Public-Key: (%d bit)\n", mod_len) <= 0) - goto err; - str = "Modulus:"; - s = "Exponent:"; - } - if (!ASN1_bn_print(bp, str, x->n, NULL, off)) - goto err; - if (!ASN1_bn_print(bp, s, x->e, NULL, off)) - goto err; - if (priv) { - int i; - - if (!ASN1_bn_print(bp, "privateExponent:", x->d, NULL, off)) - goto err; - if (!ASN1_bn_print(bp, "prime1:", x->p, NULL, off)) - goto err; - if (!ASN1_bn_print(bp, "prime2:", x->q, NULL, off)) - goto err; - if (!ASN1_bn_print(bp, "exponent1:", x->dmp1, NULL, off)) - goto err; - if (!ASN1_bn_print(bp, "exponent2:", x->dmq1, NULL, off)) - goto err; - if (!ASN1_bn_print(bp, "coefficient:", x->iqmp, NULL, off)) - goto err; - for (i = 0; i < sk_RSA_PRIME_INFO_num(x->prime_infos); i++) { - /* print multi-prime info */ - BIGNUM *bn = NULL; - RSA_PRIME_INFO *pinfo; - int j; - - pinfo = sk_RSA_PRIME_INFO_value(x->prime_infos, i); - for (j = 0; j < 3; j++) { - if (!BIO_indent(bp, off, 128)) - goto err; - switch (j) { - case 0: - if (BIO_printf(bp, "prime%d:", i + 3) <= 0) - goto err; - bn = pinfo->r; - break; - case 1: - if (BIO_printf(bp, "exponent%d:", i + 3) <= 0) - goto err; - bn = pinfo->d; - break; - case 2: - if (BIO_printf(bp, "coefficient%d:", i + 3) <= 0) - goto err; - bn = pinfo->t; - break; - default: - break; - } - if (!ASN1_bn_print(bp, "", bn, NULL, off)) - goto err; - } - } - } - if (pkey_is_pss(pkey) && !rsa_pss_param_print(bp, 1, x->pss, off)) - goto err; - ret = 1; - err: - return ret; -} - -static int rsa_pub_print(BIO *bp, const EVP_PKEY *pkey, int indent, - ASN1_PCTX *ctx) -{ - return pkey_rsa_print(bp, pkey, indent, 0); -} - -static int rsa_priv_print(BIO *bp, const EVP_PKEY *pkey, int indent, - ASN1_PCTX *ctx) -{ - return pkey_rsa_print(bp, pkey, indent, 1); -} - -static int rsa_sig_print(BIO *bp, const X509_ALGOR *sigalg, - const ASN1_STRING *sig, int indent, ASN1_PCTX *pctx) -{ - if (OBJ_obj2nid(sigalg->algorithm) == EVP_PKEY_RSA_PSS) { - int rv; - RSA_PSS_PARAMS *pss = ossl_rsa_pss_decode(sigalg); - - rv = rsa_pss_param_print(bp, 0, pss, indent); - RSA_PSS_PARAMS_free(pss); - if (!rv) - return 0; - } else if (BIO_puts(bp, "\n") <= 0) { - return 0; - } - if (sig) - return X509_signature_dump(bp, sig, indent); - return 1; -} - -static int rsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2) -{ - const EVP_MD *md; - const EVP_MD *mgf1md; - int min_saltlen; - - switch (op) { - case ASN1_PKEY_CTRL_DEFAULT_MD_NID: - if (pkey->pkey.rsa->pss != NULL) { - if (!ossl_rsa_pss_get_param(pkey->pkey.rsa->pss, &md, &mgf1md, - &min_saltlen)) { - ERR_raise(ERR_LIB_RSA, ERR_R_INTERNAL_ERROR); - return 0; - } - *(int *)arg2 = EVP_MD_get_type(md); - /* Return of 2 indicates this MD is mandatory */ - return 2; - } - *(int *)arg2 = NID_sha256; - return 1; - - default: - return -2; - } -} - -/* - * Convert EVP_PKEY_CTX in PSS mode into corresponding algorithm parameter, - * suitable for setting an AlgorithmIdentifier. - */ - -static RSA_PSS_PARAMS *rsa_ctx_to_pss(EVP_PKEY_CTX *pkctx) -{ - const EVP_MD *sigmd, *mgf1md; - EVP_PKEY *pk = EVP_PKEY_CTX_get0_pkey(pkctx); - int saltlen; - - if (EVP_PKEY_CTX_get_signature_md(pkctx, &sigmd) <= 0) - return NULL; - if (EVP_PKEY_CTX_get_rsa_mgf1_md(pkctx, &mgf1md) <= 0) - return NULL; - if (EVP_PKEY_CTX_get_rsa_pss_saltlen(pkctx, &saltlen) <= 0) - return NULL; - if (saltlen == -1) { - saltlen = EVP_MD_get_size(sigmd); - } else if (saltlen == -2 || saltlen == -3) { - saltlen = EVP_PKEY_get_size(pk) - EVP_MD_get_size(sigmd) - 2; - if ((EVP_PKEY_get_bits(pk) & 0x7) == 1) - saltlen--; - if (saltlen < 0) - return NULL; - } - - return ossl_rsa_pss_params_create(sigmd, mgf1md, saltlen); -} - -RSA_PSS_PARAMS *ossl_rsa_pss_params_create(const EVP_MD *sigmd, - const EVP_MD *mgf1md, int saltlen) -{ - RSA_PSS_PARAMS *pss = RSA_PSS_PARAMS_new(); - - if (pss == NULL) - goto err; - if (saltlen != 20) { - pss->saltLength = ASN1_INTEGER_new(); - if (pss->saltLength == NULL) - goto err; - if (!ASN1_INTEGER_set(pss->saltLength, saltlen)) - goto err; - } - if (!ossl_x509_algor_new_from_md(&pss->hashAlgorithm, sigmd)) - goto err; - if (mgf1md == NULL) - mgf1md = sigmd; - if (!ossl_x509_algor_md_to_mgf1(&pss->maskGenAlgorithm, mgf1md)) - goto err; - if (!ossl_x509_algor_new_from_md(&pss->maskHash, mgf1md)) - goto err; - return pss; - err: - RSA_PSS_PARAMS_free(pss); - return NULL; -} - -ASN1_STRING *ossl_rsa_ctx_to_pss_string(EVP_PKEY_CTX *pkctx) -{ - RSA_PSS_PARAMS *pss = rsa_ctx_to_pss(pkctx); - ASN1_STRING *os; - - if (pss == NULL) - return NULL; - - os = ASN1_item_pack(pss, ASN1_ITEM_rptr(RSA_PSS_PARAMS), NULL); - RSA_PSS_PARAMS_free(pss); - return os; -} - -/* - * From PSS AlgorithmIdentifier set public key parameters. If pkey isn't NULL - * then the EVP_MD_CTX is setup and initialised. If it is NULL parameters are - * passed to pkctx instead. - */ - -int ossl_rsa_pss_to_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pkctx, - const X509_ALGOR *sigalg, EVP_PKEY *pkey) -{ - int rv = -1; - int saltlen; - const EVP_MD *mgf1md = NULL, *md = NULL; - RSA_PSS_PARAMS *pss; - - /* Sanity check: make sure it is PSS */ - if (OBJ_obj2nid(sigalg->algorithm) != EVP_PKEY_RSA_PSS) { - ERR_raise(ERR_LIB_RSA, RSA_R_UNSUPPORTED_SIGNATURE_TYPE); - return -1; - } - /* Decode PSS parameters */ - pss = ossl_rsa_pss_decode(sigalg); - - if (!ossl_rsa_pss_get_param(pss, &md, &mgf1md, &saltlen)) { - ERR_raise(ERR_LIB_RSA, RSA_R_INVALID_PSS_PARAMETERS); - goto err; - } - - /* We have all parameters now set up context */ - if (pkey) { - if (!EVP_DigestVerifyInit(ctx, &pkctx, md, NULL, pkey)) - goto err; - } else { - const EVP_MD *checkmd; - if (EVP_PKEY_CTX_get_signature_md(pkctx, &checkmd) <= 0) - goto err; - if (EVP_MD_get_type(md) != EVP_MD_get_type(checkmd)) { - ERR_raise(ERR_LIB_RSA, RSA_R_DIGEST_DOES_NOT_MATCH); - goto err; - } - } - - if (EVP_PKEY_CTX_set_rsa_padding(pkctx, RSA_PKCS1_PSS_PADDING) <= 0) - goto err; - - if (EVP_PKEY_CTX_set_rsa_pss_saltlen(pkctx, saltlen) <= 0) - goto err; - - if (EVP_PKEY_CTX_set_rsa_mgf1_md(pkctx, mgf1md) <= 0) - goto err; - /* Carry on */ - rv = 1; - - err: - RSA_PSS_PARAMS_free(pss); - return rv; -} - -static int rsa_pss_verify_param(const EVP_MD **pmd, const EVP_MD **pmgf1md, - int *psaltlen, int *ptrailerField) -{ - if (psaltlen != NULL && *psaltlen < 0) { - ERR_raise(ERR_LIB_RSA, RSA_R_INVALID_SALT_LENGTH); - return 0; - } - /* - * low-level routines support only trailer field 0xbc (value 1) and - * PKCS#1 says we should reject any other value anyway. - */ - if (ptrailerField != NULL && *ptrailerField != 1) { - ERR_raise(ERR_LIB_RSA, RSA_R_INVALID_TRAILER); - return 0; - } - return 1; -} - -int ossl_rsa_pss_get_param(const RSA_PSS_PARAMS *pss, const EVP_MD **pmd, - const EVP_MD **pmgf1md, int *psaltlen) -{ - /* - * Callers do not care about the trailer field, and yet, we must - * pass it from get_param to verify_param, since the latter checks - * its value. - * - * When callers start caring, it's a simple thing to add another - * argument to this function. - */ - int trailerField = 0; - - return ossl_rsa_pss_get_param_unverified(pss, pmd, pmgf1md, psaltlen, - &trailerField) - && rsa_pss_verify_param(pmd, pmgf1md, psaltlen, &trailerField); -} - -/* - * Customised RSA item verification routine. This is called when a signature - * is encountered requiring special handling. We currently only handle PSS. - */ - -static int rsa_item_verify(EVP_MD_CTX *ctx, const ASN1_ITEM *it, - const void *asn, const X509_ALGOR *sigalg, - const ASN1_BIT_STRING *sig, EVP_PKEY *pkey) -{ - /* Sanity check: make sure it is PSS */ - if (OBJ_obj2nid(sigalg->algorithm) != EVP_PKEY_RSA_PSS) { - ERR_raise(ERR_LIB_RSA, RSA_R_UNSUPPORTED_SIGNATURE_TYPE); - return -1; - } - if (ossl_rsa_pss_to_ctx(ctx, NULL, sigalg, pkey) > 0) { - /* Carry on */ - return 2; - } - return -1; -} - -static int rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, const void *asn, - X509_ALGOR *alg1, X509_ALGOR *alg2, - ASN1_BIT_STRING *sig) -{ - int pad_mode; - EVP_PKEY_CTX *pkctx = EVP_MD_CTX_get_pkey_ctx(ctx); - - if (EVP_PKEY_CTX_get_rsa_padding(pkctx, &pad_mode) <= 0) - return 0; - if (pad_mode == RSA_PKCS1_PADDING) - return 2; - if (pad_mode == RSA_PKCS1_PSS_PADDING) { - ASN1_STRING *os1 = NULL; - os1 = ossl_rsa_ctx_to_pss_string(pkctx); - if (!os1) - return 0; - /* Duplicate parameters if we have to */ - if (alg2) { - ASN1_STRING *os2 = ASN1_STRING_dup(os1); - if (!os2) { - ASN1_STRING_free(os1); - return 0; - } - X509_ALGOR_set0(alg2, OBJ_nid2obj(EVP_PKEY_RSA_PSS), - V_ASN1_SEQUENCE, os2); - } - X509_ALGOR_set0(alg1, OBJ_nid2obj(EVP_PKEY_RSA_PSS), - V_ASN1_SEQUENCE, os1); - return 3; - } - return 2; -} - -static int rsa_sig_info_set(X509_SIG_INFO *siginf, const X509_ALGOR *sigalg, - const ASN1_STRING *sig) -{ - int rv = 0; - int mdnid, saltlen; - uint32_t flags; - const EVP_MD *mgf1md = NULL, *md = NULL; - RSA_PSS_PARAMS *pss; - int secbits; - - /* Sanity check: make sure it is PSS */ - if (OBJ_obj2nid(sigalg->algorithm) != EVP_PKEY_RSA_PSS) - return 0; - /* Decode PSS parameters */ - pss = ossl_rsa_pss_decode(sigalg); - if (!ossl_rsa_pss_get_param(pss, &md, &mgf1md, &saltlen)) - goto err; - mdnid = EVP_MD_get_type(md); - /* - * For TLS need SHA256, SHA384 or SHA512, digest and MGF1 digest must - * match and salt length must equal digest size - */ - if ((mdnid == NID_sha256 || mdnid == NID_sha384 || mdnid == NID_sha512) - && mdnid == EVP_MD_get_type(mgf1md) - && saltlen == EVP_MD_get_size(md)) - flags = X509_SIG_INFO_TLS; - else - flags = 0; - /* Note: security bits half number of digest bits */ - secbits = EVP_MD_get_size(md) * 4; - /* - * SHA1 and MD5 are known to be broken. Reduce security bits so that - * they're no longer accepted at security level 1. The real values don't - * really matter as long as they're lower than 80, which is our security - * level 1. - * https://eprint.iacr.org/2020/014 puts a chosen-prefix attack for SHA1 at - * 2^63.4 - * https://documents.epfl.ch/users/l/le/lenstra/public/papers/lat.pdf - * puts a chosen-prefix attack for MD5 at 2^39. - */ - if (mdnid == NID_sha1) - secbits = 64; - else if (mdnid == NID_md5_sha1) - secbits = 68; - else if (mdnid == NID_md5) - secbits = 39; - X509_SIG_INFO_set(siginf, mdnid, EVP_PKEY_RSA_PSS, secbits, - flags); - rv = 1; - err: - RSA_PSS_PARAMS_free(pss); - return rv; -} - -static int rsa_pkey_check(const EVP_PKEY *pkey) -{ - return RSA_check_key_ex(pkey->pkey.rsa, NULL); -} - -static size_t rsa_pkey_dirty_cnt(const EVP_PKEY *pkey) -{ - return pkey->pkey.rsa->dirty_cnt; -} - -/* - * There is no need to do RSA_test_flags(rsa, RSA_FLAG_TYPE_RSASSAPSS) - * checks in this method since the caller tests EVP_KEYMGMT_is_a() first. - */ -static int rsa_int_export_to(const EVP_PKEY *from, int rsa_type, - void *to_keydata, - OSSL_FUNC_keymgmt_import_fn *importer, - OSSL_LIB_CTX *libctx, const char *propq) -{ - RSA *rsa = from->pkey.rsa; - OSSL_PARAM_BLD *tmpl = OSSL_PARAM_BLD_new(); - OSSL_PARAM *params = NULL; - int selection = 0; - int rv = 0; - - if (tmpl == NULL) - return 0; - /* Public parameters must always be present */ - if (RSA_get0_n(rsa) == NULL || RSA_get0_e(rsa) == NULL) - goto err; - - if (!ossl_rsa_todata(rsa, tmpl, NULL, 1)) - goto err; - - selection |= OSSL_KEYMGMT_SELECT_PUBLIC_KEY; - if (RSA_get0_d(rsa) != NULL) - selection |= OSSL_KEYMGMT_SELECT_PRIVATE_KEY; - - if (rsa->pss != NULL) { - const EVP_MD *md = NULL, *mgf1md = NULL; - int md_nid, mgf1md_nid, saltlen, trailerfield; - RSA_PSS_PARAMS_30 pss_params; - - if (!ossl_rsa_pss_get_param_unverified(rsa->pss, &md, &mgf1md, - &saltlen, &trailerfield)) - goto err; - md_nid = EVP_MD_get_type(md); - mgf1md_nid = EVP_MD_get_type(mgf1md); - if (!ossl_rsa_pss_params_30_set_defaults(&pss_params) - || !ossl_rsa_pss_params_30_set_hashalg(&pss_params, md_nid) - || !ossl_rsa_pss_params_30_set_maskgenhashalg(&pss_params, - mgf1md_nid) - || !ossl_rsa_pss_params_30_set_saltlen(&pss_params, saltlen) - || !ossl_rsa_pss_params_30_todata(&pss_params, tmpl, NULL)) - goto err; - selection |= OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS; - } - - if ((params = OSSL_PARAM_BLD_to_param(tmpl)) == NULL) - goto err; - - /* We export, the provider imports */ - rv = importer(to_keydata, selection, params); - - err: - OSSL_PARAM_free(params); - OSSL_PARAM_BLD_free(tmpl); - return rv; -} - -static int rsa_int_import_from(const OSSL_PARAM params[], void *vpctx, - int rsa_type) -{ - EVP_PKEY_CTX *pctx = vpctx; - EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(pctx); - RSA *rsa = ossl_rsa_new_with_ctx(pctx->libctx); - RSA_PSS_PARAMS_30 rsa_pss_params = { 0, }; - int pss_defaults_set = 0; - int ok = 0; - - if (rsa == NULL) { - ERR_raise(ERR_LIB_DH, ERR_R_MALLOC_FAILURE); - return 0; - } - - RSA_clear_flags(rsa, RSA_FLAG_TYPE_MASK); - RSA_set_flags(rsa, rsa_type); - - if (!ossl_rsa_pss_params_30_fromdata(&rsa_pss_params, &pss_defaults_set, - params, pctx->libctx)) - goto err; - - switch (rsa_type) { - case RSA_FLAG_TYPE_RSA: - /* - * Were PSS parameters filled in? - * In that case, something's wrong - */ - if (!ossl_rsa_pss_params_30_is_unrestricted(&rsa_pss_params)) - goto err; - break; - case RSA_FLAG_TYPE_RSASSAPSS: - /* - * Were PSS parameters filled in? In that case, create the old - * RSA_PSS_PARAMS structure. Otherwise, this is an unrestricted key. - */ - if (!ossl_rsa_pss_params_30_is_unrestricted(&rsa_pss_params)) { - /* Create the older RSA_PSS_PARAMS from RSA_PSS_PARAMS_30 data */ - int mdnid = ossl_rsa_pss_params_30_hashalg(&rsa_pss_params); - int mgf1mdnid = ossl_rsa_pss_params_30_maskgenhashalg(&rsa_pss_params); - int saltlen = ossl_rsa_pss_params_30_saltlen(&rsa_pss_params); - const EVP_MD *md = EVP_get_digestbynid(mdnid); - const EVP_MD *mgf1md = EVP_get_digestbynid(mgf1mdnid); - - if ((rsa->pss = ossl_rsa_pss_params_create(md, mgf1md, - saltlen)) == NULL) - goto err; - } - break; - default: - /* RSA key sub-types we don't know how to handle yet */ - goto err; - } - - if (!ossl_rsa_fromdata(rsa, params, 1)) - goto err; - - switch (rsa_type) { - case RSA_FLAG_TYPE_RSA: - ok = EVP_PKEY_assign_RSA(pkey, rsa); - break; - case RSA_FLAG_TYPE_RSASSAPSS: - ok = EVP_PKEY_assign(pkey, EVP_PKEY_RSA_PSS, rsa); - break; - } - - err: - if (!ok) - RSA_free(rsa); - return ok; -} - -static int rsa_pkey_export_to(const EVP_PKEY *from, void *to_keydata, - OSSL_FUNC_keymgmt_import_fn *importer, - OSSL_LIB_CTX *libctx, const char *propq) -{ - return rsa_int_export_to(from, RSA_FLAG_TYPE_RSA, to_keydata, - importer, libctx, propq); -} - -static int rsa_pss_pkey_export_to(const EVP_PKEY *from, void *to_keydata, - OSSL_FUNC_keymgmt_import_fn *importer, - OSSL_LIB_CTX *libctx, const char *propq) -{ - return rsa_int_export_to(from, RSA_FLAG_TYPE_RSASSAPSS, to_keydata, - importer, libctx, propq); -} - -static int rsa_pkey_import_from(const OSSL_PARAM params[], void *vpctx) -{ - return rsa_int_import_from(params, vpctx, RSA_FLAG_TYPE_RSA); -} - -static int rsa_pss_pkey_import_from(const OSSL_PARAM params[], void *vpctx) -{ - return rsa_int_import_from(params, vpctx, RSA_FLAG_TYPE_RSASSAPSS); -} - -static int rsa_pkey_copy(EVP_PKEY *to, EVP_PKEY *from) -{ - RSA *rsa = from->pkey.rsa; - RSA *dupkey = NULL; - int ret; - - if (rsa != NULL) { - dupkey = ossl_rsa_dup(rsa, OSSL_KEYMGMT_SELECT_ALL); - if (dupkey == NULL) - return 0; - } - - ret = EVP_PKEY_assign(to, from->type, dupkey); - if (!ret) - RSA_free(dupkey); - return ret; -} - -const EVP_PKEY_ASN1_METHOD ossl_rsa_asn1_meths[2] = { - { - EVP_PKEY_RSA, - EVP_PKEY_RSA, - ASN1_PKEY_SIGPARAM_NULL, - - "RSA", - "OpenSSL RSA method", - - rsa_pub_decode, - rsa_pub_encode, - rsa_pub_cmp, - rsa_pub_print, - - rsa_priv_decode, - rsa_priv_encode, - rsa_priv_print, - - int_rsa_size, - rsa_bits, - rsa_security_bits, - - 0, 0, 0, 0, 0, 0, - - rsa_sig_print, - int_rsa_free, - rsa_pkey_ctrl, - old_rsa_priv_decode, - old_rsa_priv_encode, - rsa_item_verify, - rsa_item_sign, - rsa_sig_info_set, - rsa_pkey_check, - - 0, 0, - 0, 0, 0, 0, - - rsa_pkey_dirty_cnt, - rsa_pkey_export_to, - rsa_pkey_import_from, - rsa_pkey_copy - }, - - { - EVP_PKEY_RSA2, - EVP_PKEY_RSA, - ASN1_PKEY_ALIAS} -}; - -const EVP_PKEY_ASN1_METHOD ossl_rsa_pss_asn1_meth = { - EVP_PKEY_RSA_PSS, - EVP_PKEY_RSA_PSS, - ASN1_PKEY_SIGPARAM_NULL, - - "RSA-PSS", - "OpenSSL RSA-PSS method", - - rsa_pub_decode, - rsa_pub_encode, - rsa_pub_cmp, - rsa_pub_print, - - rsa_priv_decode, - rsa_priv_encode, - rsa_priv_print, - - int_rsa_size, - rsa_bits, - rsa_security_bits, - - 0, 0, 0, 0, 0, 0, - - rsa_sig_print, - int_rsa_free, - rsa_pkey_ctrl, - 0, 0, - rsa_item_verify, - rsa_item_sign, - rsa_sig_info_set, - rsa_pkey_check, - - 0, 0, - 0, 0, 0, 0, - - rsa_pkey_dirty_cnt, - rsa_pss_pkey_export_to, - rsa_pss_pkey_import_from, - rsa_pkey_copy -}; diff --git a/crypto/rsa/rsa_asn1.c b/crypto/rsa/rsa_asn1.c deleted file mode 100644 index c14cdf415e9d05961edd8aa3f7997e5590f84a96..0000000000000000000000000000000000000000 --- a/crypto/rsa/rsa_asn1.c +++ /dev/null @@ -1,128 +0,0 @@ -/* - * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * RSA low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include -#include "internal/cryptlib.h" -#include -#include -#include -#include "rsa_local.h" - -/* - * Override the default free and new methods, - * and calculate helper products for multi-prime - * RSA keys. - */ -static int rsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, - void *exarg) -{ - if (operation == ASN1_OP_NEW_PRE) { - *pval = (ASN1_VALUE *)RSA_new(); - if (*pval != NULL) - return 2; - return 0; - } else if (operation == ASN1_OP_FREE_PRE) { - RSA_free((RSA *)*pval); - *pval = NULL; - return 2; - } else if (operation == ASN1_OP_D2I_POST) { - if (((RSA *)*pval)->version != RSA_ASN1_VERSION_MULTI) { - /* not a multi-prime key, skip */ - return 1; - } - return (ossl_rsa_multip_calc_product((RSA *)*pval) == 1) ? 2 : 0; - } - return 1; -} - -/* Based on definitions in RFC 8017 appendix A.1.2 */ -ASN1_SEQUENCE(RSA_PRIME_INFO) = { - ASN1_SIMPLE(RSA_PRIME_INFO, r, CBIGNUM), - ASN1_SIMPLE(RSA_PRIME_INFO, d, CBIGNUM), - ASN1_SIMPLE(RSA_PRIME_INFO, t, CBIGNUM), -} ASN1_SEQUENCE_END(RSA_PRIME_INFO) - -ASN1_SEQUENCE_cb(RSAPrivateKey, rsa_cb) = { - ASN1_EMBED(RSA, version, INT32), - ASN1_SIMPLE(RSA, n, BIGNUM), - ASN1_SIMPLE(RSA, e, BIGNUM), - ASN1_SIMPLE(RSA, d, CBIGNUM), - ASN1_SIMPLE(RSA, p, CBIGNUM), - ASN1_SIMPLE(RSA, q, CBIGNUM), - ASN1_SIMPLE(RSA, dmp1, CBIGNUM), - ASN1_SIMPLE(RSA, dmq1, CBIGNUM), - ASN1_SIMPLE(RSA, iqmp, CBIGNUM), - ASN1_SEQUENCE_OF_OPT(RSA, prime_infos, RSA_PRIME_INFO) -} ASN1_SEQUENCE_END_cb(RSA, RSAPrivateKey) - - -ASN1_SEQUENCE_cb(RSAPublicKey, rsa_cb) = { - ASN1_SIMPLE(RSA, n, BIGNUM), - ASN1_SIMPLE(RSA, e, BIGNUM), -} ASN1_SEQUENCE_END_cb(RSA, RSAPublicKey) - -/* Free up maskHash */ -static int rsa_pss_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, - void *exarg) -{ - if (operation == ASN1_OP_FREE_PRE) { - RSA_PSS_PARAMS *pss = (RSA_PSS_PARAMS *)*pval; - X509_ALGOR_free(pss->maskHash); - } - return 1; -} - -ASN1_SEQUENCE_cb(RSA_PSS_PARAMS, rsa_pss_cb) = { - ASN1_EXP_OPT(RSA_PSS_PARAMS, hashAlgorithm, X509_ALGOR,0), - ASN1_EXP_OPT(RSA_PSS_PARAMS, maskGenAlgorithm, X509_ALGOR,1), - ASN1_EXP_OPT(RSA_PSS_PARAMS, saltLength, ASN1_INTEGER,2), - ASN1_EXP_OPT(RSA_PSS_PARAMS, trailerField, ASN1_INTEGER,3) -} ASN1_SEQUENCE_END_cb(RSA_PSS_PARAMS, RSA_PSS_PARAMS) - -IMPLEMENT_ASN1_FUNCTIONS(RSA_PSS_PARAMS) -IMPLEMENT_ASN1_DUP_FUNCTION(RSA_PSS_PARAMS) - -/* Free up maskHash */ -static int rsa_oaep_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, - void *exarg) -{ - if (operation == ASN1_OP_FREE_PRE) { - RSA_OAEP_PARAMS *oaep = (RSA_OAEP_PARAMS *)*pval; - X509_ALGOR_free(oaep->maskHash); - } - return 1; -} - -ASN1_SEQUENCE_cb(RSA_OAEP_PARAMS, rsa_oaep_cb) = { - ASN1_EXP_OPT(RSA_OAEP_PARAMS, hashFunc, X509_ALGOR, 0), - ASN1_EXP_OPT(RSA_OAEP_PARAMS, maskGenFunc, X509_ALGOR, 1), - ASN1_EXP_OPT(RSA_OAEP_PARAMS, pSourceFunc, X509_ALGOR, 2), -} ASN1_SEQUENCE_END_cb(RSA_OAEP_PARAMS, RSA_OAEP_PARAMS) - -IMPLEMENT_ASN1_FUNCTIONS(RSA_OAEP_PARAMS) - -IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(RSA, RSAPrivateKey, RSAPrivateKey) - -IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(RSA, RSAPublicKey, RSAPublicKey) - -RSA *RSAPublicKey_dup(const RSA *rsa) -{ - return ASN1_item_dup(ASN1_ITEM_rptr(RSAPublicKey), rsa); -} - -RSA *RSAPrivateKey_dup(const RSA *rsa) -{ - return ASN1_item_dup(ASN1_ITEM_rptr(RSAPrivateKey), rsa); -} diff --git a/crypto/rsa/rsa_backend.c b/crypto/rsa/rsa_backend.c deleted file mode 100644 index 58187fa2ef59df0cd337ed3d6e0813d5c0d7dda7..0000000000000000000000000000000000000000 --- a/crypto/rsa/rsa_backend.c +++ /dev/null @@ -1,595 +0,0 @@ -/* - * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * RSA low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include -#include -#include -#include -#include -#ifndef FIPS_MODULE -# include -# include "crypto/asn1.h" -#endif -#include "internal/sizes.h" -#include "internal/param_build_set.h" -#include "crypto/rsa.h" -#include "rsa_local.h" - -/* - * The intention with the "backend" source file is to offer backend support - * for legacy backends (EVP_PKEY_ASN1_METHOD and EVP_PKEY_METHOD) and provider - * implementations alike. - */ - -DEFINE_STACK_OF(BIGNUM) - -static int collect_numbers(STACK_OF(BIGNUM) *numbers, - const OSSL_PARAM params[], const char *names[]) -{ - const OSSL_PARAM *p = NULL; - int i; - - if (numbers == NULL) - return 0; - - for (i = 0; names[i] != NULL; i++){ - p = OSSL_PARAM_locate_const(params, names[i]); - if (p != NULL) { - BIGNUM *tmp = NULL; - - if (!OSSL_PARAM_get_BN(p, &tmp)) - return 0; - if (sk_BIGNUM_push(numbers, tmp) == 0) { - BN_clear_free(tmp); - return 0; - } - } - } - - return 1; -} - -int ossl_rsa_fromdata(RSA *rsa, const OSSL_PARAM params[], int include_private) -{ - const OSSL_PARAM *param_n, *param_e, *param_d = NULL; - BIGNUM *n = NULL, *e = NULL, *d = NULL; - STACK_OF(BIGNUM) *factors = NULL, *exps = NULL, *coeffs = NULL; - int is_private = 0; - - if (rsa == NULL) - return 0; - - param_n = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_N); - param_e = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_E); - if (include_private) - param_d = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_D); - - if ((param_n != NULL && !OSSL_PARAM_get_BN(param_n, &n)) - || (param_e != NULL && !OSSL_PARAM_get_BN(param_e, &e)) - || (param_d != NULL && !OSSL_PARAM_get_BN(param_d, &d))) - goto err; - - is_private = (d != NULL); - - if (!RSA_set0_key(rsa, n, e, d)) - goto err; - n = e = d = NULL; - - if (is_private) { - if (!collect_numbers(factors = sk_BIGNUM_new_null(), params, - ossl_rsa_mp_factor_names) - || !collect_numbers(exps = sk_BIGNUM_new_null(), params, - ossl_rsa_mp_exp_names) - || !collect_numbers(coeffs = sk_BIGNUM_new_null(), params, - ossl_rsa_mp_coeff_names)) - goto err; - - /* It's ok if this private key just has n, e and d */ - if (sk_BIGNUM_num(factors) != 0 - && !ossl_rsa_set0_all_params(rsa, factors, exps, coeffs)) - goto err; - } - - - sk_BIGNUM_free(factors); - sk_BIGNUM_free(exps); - sk_BIGNUM_free(coeffs); - return 1; - - err: - BN_free(n); - BN_free(e); - BN_free(d); - sk_BIGNUM_pop_free(factors, BN_free); - sk_BIGNUM_pop_free(exps, BN_free); - sk_BIGNUM_pop_free(coeffs, BN_free); - return 0; -} - -DEFINE_SPECIAL_STACK_OF_CONST(BIGNUM_const, BIGNUM) - -int ossl_rsa_todata(RSA *rsa, OSSL_PARAM_BLD *bld, OSSL_PARAM params[], - int include_private) -{ - int ret = 0; - const BIGNUM *rsa_d = NULL, *rsa_n = NULL, *rsa_e = NULL; - STACK_OF(BIGNUM_const) *factors = sk_BIGNUM_const_new_null(); - STACK_OF(BIGNUM_const) *exps = sk_BIGNUM_const_new_null(); - STACK_OF(BIGNUM_const) *coeffs = sk_BIGNUM_const_new_null(); - - if (rsa == NULL || factors == NULL || exps == NULL || coeffs == NULL) - goto err; - - RSA_get0_key(rsa, &rsa_n, &rsa_e, &rsa_d); - ossl_rsa_get0_all_params(rsa, factors, exps, coeffs); - - if (!ossl_param_build_set_bn(bld, params, OSSL_PKEY_PARAM_RSA_N, rsa_n) - || !ossl_param_build_set_bn(bld, params, OSSL_PKEY_PARAM_RSA_E, rsa_e)) - goto err; - - /* Check private key data integrity */ - if (include_private && rsa_d != NULL) { - int numprimes = sk_BIGNUM_const_num(factors); - int numexps = sk_BIGNUM_const_num(exps); - int numcoeffs = sk_BIGNUM_const_num(coeffs); - - /* - * It's permissible to have zero primes, i.e. no CRT params. - * Otherwise, there must be at least two, as many exponents, - * and one coefficient less. - */ - if (numprimes != 0 - && (numprimes < 2 || numexps < 2 || numcoeffs < 1)) - goto err; - - if (!ossl_param_build_set_bn(bld, params, OSSL_PKEY_PARAM_RSA_D, - rsa_d) - || !ossl_param_build_set_multi_key_bn(bld, params, - ossl_rsa_mp_factor_names, - factors) - || !ossl_param_build_set_multi_key_bn(bld, params, - ossl_rsa_mp_exp_names, exps) - || !ossl_param_build_set_multi_key_bn(bld, params, - ossl_rsa_mp_coeff_names, - coeffs)) - goto err; - } - -#if defined(FIPS_MODULE) && !defined(OPENSSL_NO_ACVP_TESTS) - /* The acvp test results are not meant for export so check for bld == NULL */ - if (bld == NULL) - ossl_rsa_acvp_test_get_params(rsa, params); -#endif - ret = 1; - err: - sk_BIGNUM_const_free(factors); - sk_BIGNUM_const_free(exps); - sk_BIGNUM_const_free(coeffs); - return ret; -} - -int ossl_rsa_pss_params_30_todata(const RSA_PSS_PARAMS_30 *pss, - OSSL_PARAM_BLD *bld, OSSL_PARAM params[]) -{ - if (!ossl_rsa_pss_params_30_is_unrestricted(pss)) { - int hashalg_nid = ossl_rsa_pss_params_30_hashalg(pss); - int maskgenalg_nid = ossl_rsa_pss_params_30_maskgenalg(pss); - int maskgenhashalg_nid = ossl_rsa_pss_params_30_maskgenhashalg(pss); - int saltlen = ossl_rsa_pss_params_30_saltlen(pss); - int default_hashalg_nid = ossl_rsa_pss_params_30_hashalg(NULL); - int default_maskgenalg_nid = ossl_rsa_pss_params_30_maskgenalg(NULL); - int default_maskgenhashalg_nid = - ossl_rsa_pss_params_30_maskgenhashalg(NULL); - const char *mdname = - (hashalg_nid == default_hashalg_nid - ? NULL : ossl_rsa_oaeppss_nid2name(hashalg_nid)); - const char *mgfname = - (maskgenalg_nid == default_maskgenalg_nid - ? NULL : ossl_rsa_oaeppss_nid2name(maskgenalg_nid)); - const char *mgf1mdname = - (maskgenhashalg_nid == default_maskgenhashalg_nid - ? NULL : ossl_rsa_oaeppss_nid2name(maskgenhashalg_nid)); - const char *key_md = OSSL_PKEY_PARAM_RSA_DIGEST; - const char *key_mgf = OSSL_PKEY_PARAM_RSA_MASKGENFUNC; - const char *key_mgf1_md = OSSL_PKEY_PARAM_RSA_MGF1_DIGEST; - const char *key_saltlen = OSSL_PKEY_PARAM_RSA_PSS_SALTLEN; - - /* - * To ensure that the key isn't seen as unrestricted by the recipient, - * we make sure that at least one PSS-related parameter is passed, even - * if it has a default value; saltlen. - */ - if ((mdname != NULL - && !ossl_param_build_set_utf8_string(bld, params, key_md, mdname)) - || (mgfname != NULL - && !ossl_param_build_set_utf8_string(bld, params, - key_mgf, mgfname)) - || (mgf1mdname != NULL - && !ossl_param_build_set_utf8_string(bld, params, - key_mgf1_md, mgf1mdname)) - || (!ossl_param_build_set_int(bld, params, key_saltlen, saltlen))) - return 0; - } - return 1; -} - -int ossl_rsa_pss_params_30_fromdata(RSA_PSS_PARAMS_30 *pss_params, - int *defaults_set, - const OSSL_PARAM params[], - OSSL_LIB_CTX *libctx) -{ - const OSSL_PARAM *param_md, *param_mgf, *param_mgf1md, *param_saltlen; - const OSSL_PARAM *param_propq; - const char *propq = NULL; - EVP_MD *md = NULL, *mgf1md = NULL; - int saltlen; - int ret = 0; - - if (pss_params == NULL) - return 0; - param_propq = - OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_DIGEST_PROPS); - param_md = - OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_DIGEST); - param_mgf = - OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_MASKGENFUNC); - param_mgf1md = - OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_MGF1_DIGEST); - param_saltlen = - OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_PSS_SALTLEN); - - if (param_propq != NULL) { - if (param_propq->data_type == OSSL_PARAM_UTF8_STRING) - propq = param_propq->data; - } - /* - * If we get any of the parameters, we know we have at least some - * restrictions, so we start by setting default values, and let each - * parameter override their specific restriction data. - */ - if (!*defaults_set - && (param_md != NULL || param_mgf != NULL || param_mgf1md != NULL - || param_saltlen != NULL)) { - if (!ossl_rsa_pss_params_30_set_defaults(pss_params)) - return 0; - *defaults_set = 1; - } - - if (param_mgf != NULL) { - int default_maskgenalg_nid = ossl_rsa_pss_params_30_maskgenalg(NULL); - const char *mgfname = NULL; - - if (param_mgf->data_type == OSSL_PARAM_UTF8_STRING) - mgfname = param_mgf->data; - else if (!OSSL_PARAM_get_utf8_ptr(param_mgf, &mgfname)) - return 0; - - if (OPENSSL_strcasecmp(param_mgf->data, - ossl_rsa_mgf_nid2name(default_maskgenalg_nid)) != 0) - return 0; - } - - /* - * We're only interested in the NIDs that correspond to the MDs, so the - * exact propquery is unimportant in the EVP_MD_fetch() calls below. - */ - - if (param_md != NULL) { - const char *mdname = NULL; - - if (param_md->data_type == OSSL_PARAM_UTF8_STRING) - mdname = param_md->data; - else if (!OSSL_PARAM_get_utf8_ptr(param_mgf, &mdname)) - goto err; - - if ((md = EVP_MD_fetch(libctx, mdname, propq)) == NULL - || !ossl_rsa_pss_params_30_set_hashalg(pss_params, - ossl_rsa_oaeppss_md2nid(md))) - goto err; - } - - if (param_mgf1md != NULL) { - const char *mgf1mdname = NULL; - - if (param_mgf1md->data_type == OSSL_PARAM_UTF8_STRING) - mgf1mdname = param_mgf1md->data; - else if (!OSSL_PARAM_get_utf8_ptr(param_mgf, &mgf1mdname)) - goto err; - - if ((mgf1md = EVP_MD_fetch(libctx, mgf1mdname, propq)) == NULL - || !ossl_rsa_pss_params_30_set_maskgenhashalg( - pss_params, ossl_rsa_oaeppss_md2nid(mgf1md))) - goto err; - } - - if (param_saltlen != NULL) { - if (!OSSL_PARAM_get_int(param_saltlen, &saltlen) - || !ossl_rsa_pss_params_30_set_saltlen(pss_params, saltlen)) - goto err; - } - - ret = 1; - - err: - EVP_MD_free(md); - EVP_MD_free(mgf1md); - return ret; -} - -int ossl_rsa_is_foreign(const RSA *rsa) -{ -#ifndef FIPS_MODULE - if (rsa->engine != NULL || RSA_get_method(rsa) != RSA_PKCS1_OpenSSL()) - return 1; -#endif - return 0; -} - -static ossl_inline int rsa_bn_dup_check(BIGNUM **out, const BIGNUM *f) -{ - if (f != NULL && (*out = BN_dup(f)) == NULL) - return 0; - return 1; -} - -RSA *ossl_rsa_dup(const RSA *rsa, int selection) -{ - RSA *dupkey = NULL; -#ifndef FIPS_MODULE - int pnum, i; -#endif - - /* Do not try to duplicate foreign RSA keys */ - if (ossl_rsa_is_foreign(rsa)) - return NULL; - - if ((dupkey = ossl_rsa_new_with_ctx(rsa->libctx)) == NULL) - return NULL; - - /* public key */ - if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) { - if (!rsa_bn_dup_check(&dupkey->n, rsa->n)) - goto err; - if (!rsa_bn_dup_check(&dupkey->e, rsa->e)) - goto err; - } - - if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) { - - /* private key */ - if (!rsa_bn_dup_check(&dupkey->d, rsa->d)) - goto err; - - /* factors and crt params */ - if (!rsa_bn_dup_check(&dupkey->p, rsa->p)) - goto err; - if (!rsa_bn_dup_check(&dupkey->q, rsa->q)) - goto err; - if (!rsa_bn_dup_check(&dupkey->dmp1, rsa->dmp1)) - goto err; - if (!rsa_bn_dup_check(&dupkey->dmq1, rsa->dmq1)) - goto err; - if (!rsa_bn_dup_check(&dupkey->iqmp, rsa->iqmp)) - goto err; - } - - dupkey->version = rsa->version; - dupkey->flags = rsa->flags; - /* we always copy the PSS parameters regardless of selection */ - dupkey->pss_params = rsa->pss_params; - -#ifndef FIPS_MODULE - /* multiprime */ - if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0 - && (pnum = sk_RSA_PRIME_INFO_num(rsa->prime_infos)) > 0) { - dupkey->prime_infos = sk_RSA_PRIME_INFO_new_reserve(NULL, pnum); - if (dupkey->prime_infos == NULL) - goto err; - for (i = 0; i < pnum; i++) { - const RSA_PRIME_INFO *pinfo = NULL; - RSA_PRIME_INFO *duppinfo = NULL; - - if ((duppinfo = OPENSSL_zalloc(sizeof(*duppinfo))) == NULL) { - ERR_raise(ERR_LIB_RSA, ERR_R_MALLOC_FAILURE); - goto err; - } - /* push first so cleanup in error case works */ - (void)sk_RSA_PRIME_INFO_push(dupkey->prime_infos, duppinfo); - - pinfo = sk_RSA_PRIME_INFO_value(rsa->prime_infos, i); - if (!rsa_bn_dup_check(&duppinfo->r, pinfo->r)) - goto err; - if (!rsa_bn_dup_check(&duppinfo->d, pinfo->d)) - goto err; - if (!rsa_bn_dup_check(&duppinfo->t, pinfo->t)) - goto err; - } - if (!ossl_rsa_multip_calc_product(dupkey)) - goto err; - } - - if (rsa->pss != NULL) { - dupkey->pss = RSA_PSS_PARAMS_dup(rsa->pss); - if (rsa->pss->maskGenAlgorithm != NULL - && dupkey->pss->maskGenAlgorithm == NULL) { - dupkey->pss->maskHash = ossl_x509_algor_mgf1_decode(rsa->pss->maskGenAlgorithm); - if (dupkey->pss->maskHash == NULL) - goto err; - } - } - if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_RSA, - &dupkey->ex_data, &rsa->ex_data)) - goto err; -#endif - - return dupkey; - - err: - RSA_free(dupkey); - return NULL; -} - -#ifndef FIPS_MODULE -RSA_PSS_PARAMS *ossl_rsa_pss_decode(const X509_ALGOR *alg) -{ - RSA_PSS_PARAMS *pss; - - pss = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(RSA_PSS_PARAMS), - alg->parameter); - - if (pss == NULL) - return NULL; - - if (pss->maskGenAlgorithm != NULL) { - pss->maskHash = ossl_x509_algor_mgf1_decode(pss->maskGenAlgorithm); - if (pss->maskHash == NULL) { - RSA_PSS_PARAMS_free(pss); - return NULL; - } - } - - return pss; -} - -static int ossl_rsa_sync_to_pss_params_30(RSA *rsa) -{ - const RSA_PSS_PARAMS *legacy_pss = NULL; - RSA_PSS_PARAMS_30 *pss = NULL; - - if (rsa != NULL - && (legacy_pss = RSA_get0_pss_params(rsa)) != NULL - && (pss = ossl_rsa_get0_pss_params_30(rsa)) != NULL) { - const EVP_MD *md = NULL, *mgf1md = NULL; - int md_nid, mgf1md_nid, saltlen, trailerField; - RSA_PSS_PARAMS_30 pss_params; - - /* - * We don't care about the validity of the fields here, we just - * want to synchronise values. Verifying here makes it impossible - * to even read a key with invalid values, making it hard to test - * a bad situation. - * - * Other routines use ossl_rsa_pss_get_param(), so the values will - * be checked, eventually. - */ - if (!ossl_rsa_pss_get_param_unverified(legacy_pss, &md, &mgf1md, - &saltlen, &trailerField)) - return 0; - md_nid = EVP_MD_get_type(md); - mgf1md_nid = EVP_MD_get_type(mgf1md); - if (!ossl_rsa_pss_params_30_set_defaults(&pss_params) - || !ossl_rsa_pss_params_30_set_hashalg(&pss_params, md_nid) - || !ossl_rsa_pss_params_30_set_maskgenhashalg(&pss_params, - mgf1md_nid) - || !ossl_rsa_pss_params_30_set_saltlen(&pss_params, saltlen) - || !ossl_rsa_pss_params_30_set_trailerfield(&pss_params, - trailerField)) - return 0; - *pss = pss_params; - } - return 1; -} - -int ossl_rsa_pss_get_param_unverified(const RSA_PSS_PARAMS *pss, - const EVP_MD **pmd, const EVP_MD **pmgf1md, - int *psaltlen, int *ptrailerField) -{ - RSA_PSS_PARAMS_30 pss_params; - - /* Get the defaults from the ONE place */ - (void)ossl_rsa_pss_params_30_set_defaults(&pss_params); - - if (pss == NULL) - return 0; - *pmd = ossl_x509_algor_get_md(pss->hashAlgorithm); - if (*pmd == NULL) - return 0; - *pmgf1md = ossl_x509_algor_get_md(pss->maskHash); - if (*pmgf1md == NULL) - return 0; - if (pss->saltLength) - *psaltlen = ASN1_INTEGER_get(pss->saltLength); - else - *psaltlen = ossl_rsa_pss_params_30_saltlen(&pss_params); - if (pss->trailerField) - *ptrailerField = ASN1_INTEGER_get(pss->trailerField); - else - *ptrailerField = ossl_rsa_pss_params_30_trailerfield(&pss_params);; - - return 1; -} - -int ossl_rsa_param_decode(RSA *rsa, const X509_ALGOR *alg) -{ - RSA_PSS_PARAMS *pss; - const ASN1_OBJECT *algoid; - const void *algp; - int algptype; - - X509_ALGOR_get0(&algoid, &algptype, &algp, alg); - if (OBJ_obj2nid(algoid) != EVP_PKEY_RSA_PSS) - return 1; - if (algptype == V_ASN1_UNDEF) - return 1; - if (algptype != V_ASN1_SEQUENCE) { - ERR_raise(ERR_LIB_RSA, RSA_R_INVALID_PSS_PARAMETERS); - return 0; - } - if ((pss = ossl_rsa_pss_decode(alg)) == NULL - || !ossl_rsa_set0_pss_params(rsa, pss)) { - RSA_PSS_PARAMS_free(pss); - return 0; - } - if (!ossl_rsa_sync_to_pss_params_30(rsa)) - return 0; - return 1; -} - -RSA *ossl_rsa_key_from_pkcs8(const PKCS8_PRIV_KEY_INFO *p8inf, - OSSL_LIB_CTX *libctx, const char *propq) -{ - const unsigned char *p; - RSA *rsa; - int pklen; - const X509_ALGOR *alg; - - if (!PKCS8_pkey_get0(NULL, &p, &pklen, &alg, p8inf)) - return 0; - rsa = d2i_RSAPrivateKey(NULL, &p, pklen); - if (rsa == NULL) { - ERR_raise(ERR_LIB_RSA, ERR_R_RSA_LIB); - return NULL; - } - if (!ossl_rsa_param_decode(rsa, alg)) { - RSA_free(rsa); - return NULL; - } - - RSA_clear_flags(rsa, RSA_FLAG_TYPE_MASK); - switch (OBJ_obj2nid(alg->algorithm)) { - case EVP_PKEY_RSA: - RSA_set_flags(rsa, RSA_FLAG_TYPE_RSA); - break; - case EVP_PKEY_RSA_PSS: - RSA_set_flags(rsa, RSA_FLAG_TYPE_RSASSAPSS); - break; - default: - /* Leave the type bits zero */ - break; - } - - return rsa; -} -#endif diff --git a/crypto/rsa/rsa_chk.c b/crypto/rsa/rsa_chk.c deleted file mode 100644 index cccc2d5bac2a74c312856eb51134ecd184e55e19..0000000000000000000000000000000000000000 --- a/crypto/rsa/rsa_chk.c +++ /dev/null @@ -1,266 +0,0 @@ -/* - * Copyright 1999-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * RSA low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include -#include -#include "crypto/rsa.h" -#include "rsa_local.h" - -#ifndef FIPS_MODULE -static int rsa_validate_keypair_multiprime(const RSA *key, BN_GENCB *cb) -{ - BIGNUM *i, *j, *k, *l, *m; - BN_CTX *ctx; - int ret = 1, ex_primes = 0, idx; - RSA_PRIME_INFO *pinfo; - - if (key->p == NULL || key->q == NULL || key->n == NULL - || key->e == NULL || key->d == NULL) { - ERR_raise(ERR_LIB_RSA, RSA_R_VALUE_MISSING); - return 0; - } - - /* multi-prime? */ - if (key->version == RSA_ASN1_VERSION_MULTI) { - ex_primes = sk_RSA_PRIME_INFO_num(key->prime_infos); - if (ex_primes <= 0 - || (ex_primes + 2) > ossl_rsa_multip_cap(BN_num_bits(key->n))) { - ERR_raise(ERR_LIB_RSA, RSA_R_INVALID_MULTI_PRIME_KEY); - return 0; - } - } - - i = BN_new(); - j = BN_new(); - k = BN_new(); - l = BN_new(); - m = BN_new(); - ctx = BN_CTX_new_ex(key->libctx); - if (i == NULL || j == NULL || k == NULL || l == NULL - || m == NULL || ctx == NULL) { - ret = -1; - ERR_raise(ERR_LIB_RSA, ERR_R_MALLOC_FAILURE); - goto err; - } - - if (BN_is_one(key->e)) { - ret = 0; - ERR_raise(ERR_LIB_RSA, RSA_R_BAD_E_VALUE); - } - if (!BN_is_odd(key->e)) { - ret = 0; - ERR_raise(ERR_LIB_RSA, RSA_R_BAD_E_VALUE); - } - - /* p prime? */ - if (BN_check_prime(key->p, ctx, cb) != 1) { - ret = 0; - ERR_raise(ERR_LIB_RSA, RSA_R_P_NOT_PRIME); - } - - /* q prime? */ - if (BN_check_prime(key->q, ctx, cb) != 1) { - ret = 0; - ERR_raise(ERR_LIB_RSA, RSA_R_Q_NOT_PRIME); - } - - /* r_i prime? */ - for (idx = 0; idx < ex_primes; idx++) { - pinfo = sk_RSA_PRIME_INFO_value(key->prime_infos, idx); - if (BN_check_prime(pinfo->r, ctx, cb) != 1) { - ret = 0; - ERR_raise(ERR_LIB_RSA, RSA_R_MP_R_NOT_PRIME); - } - } - - /* n = p*q * r_3...r_i? */ - if (!BN_mul(i, key->p, key->q, ctx)) { - ret = -1; - goto err; - } - for (idx = 0; idx < ex_primes; idx++) { - pinfo = sk_RSA_PRIME_INFO_value(key->prime_infos, idx); - if (!BN_mul(i, i, pinfo->r, ctx)) { - ret = -1; - goto err; - } - } - if (BN_cmp(i, key->n) != 0) { - ret = 0; - if (ex_primes) - ERR_raise(ERR_LIB_RSA, RSA_R_N_DOES_NOT_EQUAL_PRODUCT_OF_PRIMES); - else - ERR_raise(ERR_LIB_RSA, RSA_R_N_DOES_NOT_EQUAL_P_Q); - } - - /* d*e = 1 mod \lambda(n)? */ - if (!BN_sub(i, key->p, BN_value_one())) { - ret = -1; - goto err; - } - if (!BN_sub(j, key->q, BN_value_one())) { - ret = -1; - goto err; - } - - /* now compute k = \lambda(n) = LCM(i, j, r_3 - 1...) */ - if (!BN_mul(l, i, j, ctx)) { - ret = -1; - goto err; - } - if (!BN_gcd(m, i, j, ctx)) { - ret = -1; - goto err; - } - for (idx = 0; idx < ex_primes; idx++) { - pinfo = sk_RSA_PRIME_INFO_value(key->prime_infos, idx); - if (!BN_sub(k, pinfo->r, BN_value_one())) { - ret = -1; - goto err; - } - if (!BN_mul(l, l, k, ctx)) { - ret = -1; - goto err; - } - if (!BN_gcd(m, m, k, ctx)) { - ret = -1; - goto err; - } - } - if (!BN_div(k, NULL, l, m, ctx)) { /* remainder is 0 */ - ret = -1; - goto err; - } - if (!BN_mod_mul(i, key->d, key->e, k, ctx)) { - ret = -1; - goto err; - } - - if (!BN_is_one(i)) { - ret = 0; - ERR_raise(ERR_LIB_RSA, RSA_R_D_E_NOT_CONGRUENT_TO_1); - } - - if (key->dmp1 != NULL && key->dmq1 != NULL && key->iqmp != NULL) { - /* dmp1 = d mod (p-1)? */ - if (!BN_sub(i, key->p, BN_value_one())) { - ret = -1; - goto err; - } - if (!BN_mod(j, key->d, i, ctx)) { - ret = -1; - goto err; - } - if (BN_cmp(j, key->dmp1) != 0) { - ret = 0; - ERR_raise(ERR_LIB_RSA, RSA_R_DMP1_NOT_CONGRUENT_TO_D); - } - - /* dmq1 = d mod (q-1)? */ - if (!BN_sub(i, key->q, BN_value_one())) { - ret = -1; - goto err; - } - if (!BN_mod(j, key->d, i, ctx)) { - ret = -1; - goto err; - } - if (BN_cmp(j, key->dmq1) != 0) { - ret = 0; - ERR_raise(ERR_LIB_RSA, RSA_R_DMQ1_NOT_CONGRUENT_TO_D); - } - - /* iqmp = q^-1 mod p? */ - if (!BN_mod_inverse(i, key->q, key->p, ctx)) { - ret = -1; - goto err; - } - if (BN_cmp(i, key->iqmp) != 0) { - ret = 0; - ERR_raise(ERR_LIB_RSA, RSA_R_IQMP_NOT_INVERSE_OF_Q); - } - } - - for (idx = 0; idx < ex_primes; idx++) { - pinfo = sk_RSA_PRIME_INFO_value(key->prime_infos, idx); - /* d_i = d mod (r_i - 1)? */ - if (!BN_sub(i, pinfo->r, BN_value_one())) { - ret = -1; - goto err; - } - if (!BN_mod(j, key->d, i, ctx)) { - ret = -1; - goto err; - } - if (BN_cmp(j, pinfo->d) != 0) { - ret = 0; - ERR_raise(ERR_LIB_RSA, RSA_R_MP_EXPONENT_NOT_CONGRUENT_TO_D); - } - /* t_i = R_i ^ -1 mod r_i ? */ - if (!BN_mod_inverse(i, pinfo->pp, pinfo->r, ctx)) { - ret = -1; - goto err; - } - if (BN_cmp(i, pinfo->t) != 0) { - ret = 0; - ERR_raise(ERR_LIB_RSA, RSA_R_MP_COEFFICIENT_NOT_INVERSE_OF_R); - } - } - - err: - BN_free(i); - BN_free(j); - BN_free(k); - BN_free(l); - BN_free(m); - BN_CTX_free(ctx); - return ret; -} -#endif /* FIPS_MODULE */ - -int ossl_rsa_validate_public(const RSA *key) -{ - return ossl_rsa_sp800_56b_check_public(key); -} - -int ossl_rsa_validate_private(const RSA *key) -{ - return ossl_rsa_sp800_56b_check_private(key); -} - -int ossl_rsa_validate_pairwise(const RSA *key) -{ -#ifdef FIPS_MODULE - return ossl_rsa_sp800_56b_check_keypair(key, NULL, -1, RSA_bits(key)); -#else - return rsa_validate_keypair_multiprime(key, NULL) > 0; -#endif -} - -int RSA_check_key(const RSA *key) -{ - return RSA_check_key_ex(key, NULL); -} - -int RSA_check_key_ex(const RSA *key, BN_GENCB *cb) -{ -#ifdef FIPS_MODULE - return ossl_rsa_validate_public(key) - && ossl_rsa_validate_private(key) - && ossl_rsa_validate_pairwise(key); -#else - return rsa_validate_keypair_multiprime(key, cb); -#endif /* FIPS_MODULE */ -} diff --git a/crypto/rsa/rsa_crpt.c b/crypto/rsa/rsa_crpt.c deleted file mode 100644 index 6bc6aafcc893e15f1ae894f1db690b551c3c796d..0000000000000000000000000000000000000000 --- a/crypto/rsa/rsa_crpt.c +++ /dev/null @@ -1,175 +0,0 @@ -/* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * RSA low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include -#include -#include "internal/cryptlib.h" -#include "crypto/bn.h" -#include -#include "rsa_local.h" - -int RSA_bits(const RSA *r) -{ - return BN_num_bits(r->n); -} - -int RSA_size(const RSA *r) -{ - return BN_num_bytes(r->n); -} - -int RSA_public_encrypt(int flen, const unsigned char *from, unsigned char *to, - RSA *rsa, int padding) -{ - return rsa->meth->rsa_pub_enc(flen, from, to, rsa, padding); -} - -int RSA_private_encrypt(int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, int padding) -{ - return rsa->meth->rsa_priv_enc(flen, from, to, rsa, padding); -} - -int RSA_private_decrypt(int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, int padding) -{ - return rsa->meth->rsa_priv_dec(flen, from, to, rsa, padding); -} - -int RSA_public_decrypt(int flen, const unsigned char *from, unsigned char *to, - RSA *rsa, int padding) -{ - return rsa->meth->rsa_pub_dec(flen, from, to, rsa, padding); -} - -int RSA_flags(const RSA *r) -{ - return r == NULL ? 0 : r->meth->flags; -} - -void RSA_blinding_off(RSA *rsa) -{ - BN_BLINDING_free(rsa->blinding); - rsa->blinding = NULL; - rsa->flags &= ~RSA_FLAG_BLINDING; - rsa->flags |= RSA_FLAG_NO_BLINDING; -} - -int RSA_blinding_on(RSA *rsa, BN_CTX *ctx) -{ - int ret = 0; - - if (rsa->blinding != NULL) - RSA_blinding_off(rsa); - - rsa->blinding = RSA_setup_blinding(rsa, ctx); - if (rsa->blinding == NULL) - goto err; - - rsa->flags |= RSA_FLAG_BLINDING; - rsa->flags &= ~RSA_FLAG_NO_BLINDING; - ret = 1; - err: - return ret; -} - -static BIGNUM *rsa_get_public_exp(const BIGNUM *d, const BIGNUM *p, - const BIGNUM *q, BN_CTX *ctx) -{ - BIGNUM *ret = NULL, *r0, *r1, *r2; - - if (d == NULL || p == NULL || q == NULL) - return NULL; - - BN_CTX_start(ctx); - r0 = BN_CTX_get(ctx); - r1 = BN_CTX_get(ctx); - r2 = BN_CTX_get(ctx); - if (r2 == NULL) - goto err; - - if (!BN_sub(r1, p, BN_value_one())) - goto err; - if (!BN_sub(r2, q, BN_value_one())) - goto err; - if (!BN_mul(r0, r1, r2, ctx)) - goto err; - - ret = BN_mod_inverse(NULL, d, r0, ctx); - err: - BN_CTX_end(ctx); - return ret; -} - -BN_BLINDING *RSA_setup_blinding(RSA *rsa, BN_CTX *in_ctx) -{ - BIGNUM *e; - BN_CTX *ctx; - BN_BLINDING *ret = NULL; - - if (in_ctx == NULL) { - if ((ctx = BN_CTX_new_ex(rsa->libctx)) == NULL) - return 0; - } else { - ctx = in_ctx; - } - - BN_CTX_start(ctx); - e = BN_CTX_get(ctx); - if (e == NULL) { - ERR_raise(ERR_LIB_RSA, ERR_R_MALLOC_FAILURE); - goto err; - } - - if (rsa->e == NULL) { - e = rsa_get_public_exp(rsa->d, rsa->p, rsa->q, ctx); - if (e == NULL) { - ERR_raise(ERR_LIB_RSA, RSA_R_NO_PUBLIC_EXPONENT); - goto err; - } - } else { - e = rsa->e; - } - - { - BIGNUM *n = BN_new(); - - if (n == NULL) { - ERR_raise(ERR_LIB_RSA, ERR_R_MALLOC_FAILURE); - goto err; - } - BN_with_flags(n, rsa->n, BN_FLG_CONSTTIME); - - ret = BN_BLINDING_create_param(NULL, e, n, ctx, rsa->meth->bn_mod_exp, - rsa->_method_mod_n); - /* We MUST free n before any further use of rsa->n */ - BN_free(n); - } - if (ret == NULL) { - ERR_raise(ERR_LIB_RSA, ERR_R_BN_LIB); - goto err; - } - - BN_BLINDING_set_current_thread(ret); - - err: - BN_CTX_end(ctx); - if (ctx != in_ctx) - BN_CTX_free(ctx); - if (e != rsa->e) - BN_free(e); - - return ret; -} diff --git a/crypto/rsa/rsa_depr.c b/crypto/rsa/rsa_depr.c deleted file mode 100644 index 3cc89b26a99c702486cccf5d8c1d83e9d640084f..0000000000000000000000000000000000000000 --- a/crypto/rsa/rsa_depr.c +++ /dev/null @@ -1,62 +0,0 @@ -/* - * Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * NB: This file contains deprecated functions (compatibility wrappers to the - * "new" versions). - */ - -/* - * RSA low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include - -#include -#include -#include "internal/cryptlib.h" -#include -#include - -RSA *RSA_generate_key(int bits, unsigned long e_value, - void (*callback) (int, int, void *), void *cb_arg) -{ - int i; - BN_GENCB *cb = BN_GENCB_new(); - RSA *rsa = RSA_new(); - BIGNUM *e = BN_new(); - - if (cb == NULL || rsa == NULL || e == NULL) - goto err; - - /* - * The problem is when building with 8, 16, or 32 BN_ULONG, unsigned long - * can be larger - */ - for (i = 0; i < (int)sizeof(unsigned long) * 8; i++) { - if (e_value & (1UL << i)) - if (BN_set_bit(e, i) == 0) - goto err; - } - - BN_GENCB_set_old(cb, callback, cb_arg); - - if (RSA_generate_key_ex(rsa, bits, e, cb)) { - BN_free(e); - BN_GENCB_free(cb); - return rsa; - } - err: - BN_free(e); - RSA_free(rsa); - BN_GENCB_free(cb); - return 0; -} diff --git a/crypto/rsa/rsa_err.c b/crypto/rsa/rsa_err.c deleted file mode 100644 index 269971c07b8da9b7089660bc298ab6cb3f527a18..0000000000000000000000000000000000000000 --- a/crypto/rsa/rsa_err.c +++ /dev/null @@ -1,166 +0,0 @@ -/* - * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include "crypto/rsaerr.h" - -#ifndef OPENSSL_NO_ERR - -static const ERR_STRING_DATA RSA_str_reasons[] = { - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_ALGORITHM_MISMATCH), "algorithm mismatch"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_BAD_E_VALUE), "bad e value"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_BAD_FIXED_HEADER_DECRYPT), - "bad fixed header decrypt"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_BAD_PAD_BYTE_COUNT), "bad pad byte count"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_BAD_SIGNATURE), "bad signature"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_BLOCK_TYPE_IS_NOT_01), - "block type is not 01"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_BLOCK_TYPE_IS_NOT_02), - "block type is not 02"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_DATA_GREATER_THAN_MOD_LEN), - "data greater than mod len"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_DATA_TOO_LARGE), "data too large"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE), - "data too large for key size"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_DATA_TOO_LARGE_FOR_MODULUS), - "data too large for modulus"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_DATA_TOO_SMALL), "data too small"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE), - "data too small for key size"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_DIGEST_DOES_NOT_MATCH), - "digest does not match"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_DIGEST_NOT_ALLOWED), "digest not allowed"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY), - "digest too big for rsa key"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_DMP1_NOT_CONGRUENT_TO_D), - "dmp1 not congruent to d"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_DMQ1_NOT_CONGRUENT_TO_D), - "dmq1 not congruent to d"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_D_E_NOT_CONGRUENT_TO_1), - "d e not congruent to 1"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_FIRST_OCTET_INVALID), - "first octet invalid"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE), - "illegal or unsupported padding mode"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_DIGEST), "invalid digest"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_DIGEST_LENGTH), - "invalid digest length"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_HEADER), "invalid header"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_KEYPAIR), "invalid keypair"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_KEY_LENGTH), "invalid key length"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_LABEL), "invalid label"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_LENGTH), "invalid length"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_MESSAGE_LENGTH), - "invalid message length"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_MGF1_MD), "invalid mgf1 md"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_MODULUS), "invalid modulus"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_MULTI_PRIME_KEY), - "invalid multi prime key"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_OAEP_PARAMETERS), - "invalid oaep parameters"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_PADDING), "invalid padding"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_PADDING_MODE), - "invalid padding mode"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_PSS_PARAMETERS), - "invalid pss parameters"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_PSS_SALTLEN), - "invalid pss saltlen"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_REQUEST), "invalid request"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_SALT_LENGTH), - "invalid salt length"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_STRENGTH), "invalid strength"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_TRAILER), "invalid trailer"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_X931_DIGEST), - "invalid x931 digest"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_IQMP_NOT_INVERSE_OF_Q), - "iqmp not inverse of q"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_KEY_PRIME_NUM_INVALID), - "key prime num invalid"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_KEY_SIZE_TOO_SMALL), "key size too small"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_LAST_OCTET_INVALID), "last octet invalid"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_MGF1_DIGEST_NOT_ALLOWED), - "mgf1 digest not allowed"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_MISSING_PRIVATE_KEY), - "missing private key"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_MODULUS_TOO_LARGE), "modulus too large"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_MP_COEFFICIENT_NOT_INVERSE_OF_R), - "mp coefficient not inverse of r"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_MP_EXPONENT_NOT_CONGRUENT_TO_D), - "mp exponent not congruent to d"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_MP_R_NOT_PRIME), "mp r not prime"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_NO_PUBLIC_EXPONENT), "no public exponent"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_NULL_BEFORE_BLOCK_MISSING), - "null before block missing"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_N_DOES_NOT_EQUAL_PRODUCT_OF_PRIMES), - "n does not equal product of primes"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_N_DOES_NOT_EQUAL_P_Q), - "n does not equal p q"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_OAEP_DECODING_ERROR), - "oaep decoding error"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE), - "operation not supported for this keytype"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_PADDING_CHECK_FAILED), - "padding check failed"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_PAIRWISE_TEST_FAILURE), - "pairwise test failure"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_PKCS_DECODING_ERROR), - "pkcs decoding error"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_PSS_SALTLEN_TOO_SMALL), - "pss saltlen too small"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_PUB_EXPONENT_OUT_OF_RANGE), - "pub exponent out of range"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_P_NOT_PRIME), "p not prime"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_Q_NOT_PRIME), "q not prime"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_RANDOMNESS_SOURCE_STRENGTH_INSUFFICIENT), - "randomness source strength insufficient"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED), - "rsa operations not supported"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_SLEN_CHECK_FAILED), - "salt length check failed"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_SLEN_RECOVERY_FAILED), - "salt length recovery failed"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_SSLV3_ROLLBACK_ATTACK), - "sslv3 rollback attack"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD), - "the asn1 object identifier is not known for this md"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_UNKNOWN_ALGORITHM_TYPE), - "unknown algorithm type"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_UNKNOWN_DIGEST), "unknown digest"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_UNKNOWN_MASK_DIGEST), - "unknown mask digest"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_UNKNOWN_PADDING_TYPE), - "unknown padding type"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_UNSUPPORTED_ENCRYPTION_TYPE), - "unsupported encryption type"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_UNSUPPORTED_LABEL_SOURCE), - "unsupported label source"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_UNSUPPORTED_MASK_ALGORITHM), - "unsupported mask algorithm"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_UNSUPPORTED_MASK_PARAMETER), - "unsupported mask parameter"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_UNSUPPORTED_SIGNATURE_TYPE), - "unsupported signature type"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_VALUE_MISSING), "value missing"}, - {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_WRONG_SIGNATURE_LENGTH), - "wrong signature length"}, - {0, NULL} -}; - -#endif - -int ossl_err_load_RSA_strings(void) -{ -#ifndef OPENSSL_NO_ERR - if (ERR_reason_error_string(RSA_str_reasons[0].error) == NULL) - ERR_load_strings_const(RSA_str_reasons); -#endif - return 1; -} diff --git a/crypto/rsa/rsa_gen.c b/crypto/rsa/rsa_gen.c deleted file mode 100644 index e0d139d3121c40f7e9adcd4fa16e60c438416c1f..0000000000000000000000000000000000000000 --- a/crypto/rsa/rsa_gen.c +++ /dev/null @@ -1,529 +0,0 @@ -/* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * NB: these functions have been "upgraded", the deprecated versions (which - * are compatibility wrappers using these functions) are in rsa_depr.c. - - * Geoff - */ - -/* - * RSA low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include -#include -#include "internal/cryptlib.h" -#include -#include -#include "prov/providercommon.h" -#include "rsa_local.h" - -static int rsa_keygen_pairwise_test(RSA *rsa, OSSL_CALLBACK *cb, void *cbarg); -static int rsa_keygen(OSSL_LIB_CTX *libctx, RSA *rsa, int bits, int primes, - BIGNUM *e_value, BN_GENCB *cb, int pairwise_test); - -/* - * NB: this wrapper would normally be placed in rsa_lib.c and the static - * implementation would probably be in rsa_eay.c. Nonetheless, is kept here - * so that we don't introduce a new linker dependency. Eg. any application - * that wasn't previously linking object code related to key-generation won't - * have to now just because key-generation is part of RSA_METHOD. - */ -int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb) -{ - if (rsa->meth->rsa_keygen != NULL) - return rsa->meth->rsa_keygen(rsa, bits, e_value, cb); - - return RSA_generate_multi_prime_key(rsa, bits, RSA_DEFAULT_PRIME_NUM, - e_value, cb); -} - -int RSA_generate_multi_prime_key(RSA *rsa, int bits, int primes, - BIGNUM *e_value, BN_GENCB *cb) -{ -#ifndef FIPS_MODULE - /* multi-prime is only supported with the builtin key generation */ - if (rsa->meth->rsa_multi_prime_keygen != NULL) { - return rsa->meth->rsa_multi_prime_keygen(rsa, bits, primes, - e_value, cb); - } else if (rsa->meth->rsa_keygen != NULL) { - /* - * However, if rsa->meth implements only rsa_keygen, then we - * have to honour it in 2-prime case and assume that it wouldn't - * know what to do with multi-prime key generated by builtin - * subroutine... - */ - if (primes == 2) - return rsa->meth->rsa_keygen(rsa, bits, e_value, cb); - else - return 0; - } -#endif /* FIPS_MODULE */ - return rsa_keygen(rsa->libctx, rsa, bits, primes, e_value, cb, 0); -} - -#ifndef FIPS_MODULE -static int rsa_multiprime_keygen(RSA *rsa, int bits, int primes, - BIGNUM *e_value, BN_GENCB *cb) -{ - BIGNUM *r0 = NULL, *r1 = NULL, *r2 = NULL, *tmp, *prime; - int n = 0, bitsr[RSA_MAX_PRIME_NUM], bitse = 0; - int i = 0, quo = 0, rmd = 0, adj = 0, retries = 0; - RSA_PRIME_INFO *pinfo = NULL; - STACK_OF(RSA_PRIME_INFO) *prime_infos = NULL; - BN_CTX *ctx = NULL; - BN_ULONG bitst = 0; - unsigned long error = 0; - int ok = -1; - - if (bits < RSA_MIN_MODULUS_BITS) { - ok = 0; /* we set our own err */ - ERR_raise(ERR_LIB_RSA, RSA_R_KEY_SIZE_TOO_SMALL); - goto err; - } - - /* A bad value for e can cause infinite loops */ - if (e_value != NULL && !ossl_rsa_check_public_exponent(e_value)) { - ERR_raise(ERR_LIB_RSA, RSA_R_PUB_EXPONENT_OUT_OF_RANGE); - return 0; - } - - if (primes < RSA_DEFAULT_PRIME_NUM || primes > ossl_rsa_multip_cap(bits)) { - ok = 0; /* we set our own err */ - ERR_raise(ERR_LIB_RSA, RSA_R_KEY_PRIME_NUM_INVALID); - goto err; - } - - ctx = BN_CTX_new_ex(rsa->libctx); - if (ctx == NULL) - goto err; - BN_CTX_start(ctx); - r0 = BN_CTX_get(ctx); - r1 = BN_CTX_get(ctx); - r2 = BN_CTX_get(ctx); - if (r2 == NULL) - goto err; - - /* divide bits into 'primes' pieces evenly */ - quo = bits / primes; - rmd = bits % primes; - - for (i = 0; i < primes; i++) - bitsr[i] = (i < rmd) ? quo + 1 : quo; - - rsa->dirty_cnt++; - - /* We need the RSA components non-NULL */ - if (!rsa->n && ((rsa->n = BN_new()) == NULL)) - goto err; - if (!rsa->d && ((rsa->d = BN_secure_new()) == NULL)) - goto err; - BN_set_flags(rsa->d, BN_FLG_CONSTTIME); - if (!rsa->e && ((rsa->e = BN_new()) == NULL)) - goto err; - if (!rsa->p && ((rsa->p = BN_secure_new()) == NULL)) - goto err; - BN_set_flags(rsa->p, BN_FLG_CONSTTIME); - if (!rsa->q && ((rsa->q = BN_secure_new()) == NULL)) - goto err; - BN_set_flags(rsa->q, BN_FLG_CONSTTIME); - if (!rsa->dmp1 && ((rsa->dmp1 = BN_secure_new()) == NULL)) - goto err; - BN_set_flags(rsa->dmp1, BN_FLG_CONSTTIME); - if (!rsa->dmq1 && ((rsa->dmq1 = BN_secure_new()) == NULL)) - goto err; - BN_set_flags(rsa->dmq1, BN_FLG_CONSTTIME); - if (!rsa->iqmp && ((rsa->iqmp = BN_secure_new()) == NULL)) - goto err; - BN_set_flags(rsa->iqmp, BN_FLG_CONSTTIME); - - /* initialize multi-prime components */ - if (primes > RSA_DEFAULT_PRIME_NUM) { - rsa->version = RSA_ASN1_VERSION_MULTI; - prime_infos = sk_RSA_PRIME_INFO_new_reserve(NULL, primes - 2); - if (prime_infos == NULL) - goto err; - if (rsa->prime_infos != NULL) { - /* could this happen? */ - sk_RSA_PRIME_INFO_pop_free(rsa->prime_infos, - ossl_rsa_multip_info_free); - } - rsa->prime_infos = prime_infos; - - /* prime_info from 2 to |primes| -1 */ - for (i = 2; i < primes; i++) { - pinfo = ossl_rsa_multip_info_new(); - if (pinfo == NULL) - goto err; - (void)sk_RSA_PRIME_INFO_push(prime_infos, pinfo); - } - } - - if (BN_copy(rsa->e, e_value) == NULL) - goto err; - - /* generate p, q and other primes (if any) */ - for (i = 0; i < primes; i++) { - adj = 0; - retries = 0; - - if (i == 0) { - prime = rsa->p; - } else if (i == 1) { - prime = rsa->q; - } else { - pinfo = sk_RSA_PRIME_INFO_value(prime_infos, i - 2); - prime = pinfo->r; - } - BN_set_flags(prime, BN_FLG_CONSTTIME); - - for (;;) { - redo: - if (!BN_generate_prime_ex2(prime, bitsr[i] + adj, 0, NULL, NULL, - cb, ctx)) - goto err; - /* - * prime should not be equal to p, q, r_3... - * (those primes prior to this one) - */ - { - int j; - - for (j = 0; j < i; j++) { - BIGNUM *prev_prime; - - if (j == 0) - prev_prime = rsa->p; - else if (j == 1) - prev_prime = rsa->q; - else - prev_prime = sk_RSA_PRIME_INFO_value(prime_infos, - j - 2)->r; - - if (!BN_cmp(prime, prev_prime)) { - goto redo; - } - } - } - if (!BN_sub(r2, prime, BN_value_one())) - goto err; - ERR_set_mark(); - BN_set_flags(r2, BN_FLG_CONSTTIME); - if (BN_mod_inverse(r1, r2, rsa->e, ctx) != NULL) { - /* GCD == 1 since inverse exists */ - break; - } - error = ERR_peek_last_error(); - if (ERR_GET_LIB(error) == ERR_LIB_BN - && ERR_GET_REASON(error) == BN_R_NO_INVERSE) { - /* GCD != 1 */ - ERR_pop_to_mark(); - } else { - goto err; - } - if (!BN_GENCB_call(cb, 2, n++)) - goto err; - } - - bitse += bitsr[i]; - - /* calculate n immediately to see if it's sufficient */ - if (i == 1) { - /* we get at least 2 primes */ - if (!BN_mul(r1, rsa->p, rsa->q, ctx)) - goto err; - } else if (i != 0) { - /* modulus n = p * q * r_3 * r_4 ... */ - if (!BN_mul(r1, rsa->n, prime, ctx)) - goto err; - } else { - /* i == 0, do nothing */ - if (!BN_GENCB_call(cb, 3, i)) - goto err; - continue; - } - /* - * if |r1|, product of factors so far, is not as long as expected - * (by checking the first 4 bits are less than 0x9 or greater than - * 0xF). If so, re-generate the last prime. - * - * NOTE: This actually can't happen in two-prime case, because of - * the way factors are generated. - * - * Besides, another consideration is, for multi-prime case, even the - * length modulus is as long as expected, the modulus could start at - * 0x8, which could be utilized to distinguish a multi-prime private - * key by using the modulus in a certificate. This is also covered - * by checking the length should not be less than 0x9. - */ - if (!BN_rshift(r2, r1, bitse - 4)) - goto err; - bitst = BN_get_word(r2); - - if (bitst < 0x9 || bitst > 0xF) { - /* - * For keys with more than 4 primes, we attempt longer factor to - * meet length requirement. - * - * Otherwise, we just re-generate the prime with the same length. - * - * This strategy has the following goals: - * - * 1. 1024-bit factors are efficient when using 3072 and 4096-bit key - * 2. stay the same logic with normal 2-prime key - */ - bitse -= bitsr[i]; - if (!BN_GENCB_call(cb, 2, n++)) - goto err; - if (primes > 4) { - if (bitst < 0x9) - adj++; - else - adj--; - } else if (retries == 4) { - /* - * re-generate all primes from scratch, mainly used - * in 4 prime case to avoid long loop. Max retry times - * is set to 4. - */ - i = -1; - bitse = 0; - continue; - } - retries++; - goto redo; - } - /* save product of primes for further use, for multi-prime only */ - if (i > 1 && BN_copy(pinfo->pp, rsa->n) == NULL) - goto err; - if (BN_copy(rsa->n, r1) == NULL) - goto err; - if (!BN_GENCB_call(cb, 3, i)) - goto err; - } - - if (BN_cmp(rsa->p, rsa->q) < 0) { - tmp = rsa->p; - rsa->p = rsa->q; - rsa->q = tmp; - } - - /* calculate d */ - - /* p - 1 */ - if (!BN_sub(r1, rsa->p, BN_value_one())) - goto err; - /* q - 1 */ - if (!BN_sub(r2, rsa->q, BN_value_one())) - goto err; - /* (p - 1)(q - 1) */ - if (!BN_mul(r0, r1, r2, ctx)) - goto err; - /* multi-prime */ - for (i = 2; i < primes; i++) { - pinfo = sk_RSA_PRIME_INFO_value(prime_infos, i - 2); - /* save r_i - 1 to pinfo->d temporarily */ - if (!BN_sub(pinfo->d, pinfo->r, BN_value_one())) - goto err; - if (!BN_mul(r0, r0, pinfo->d, ctx)) - goto err; - } - - { - BIGNUM *pr0 = BN_new(); - - if (pr0 == NULL) - goto err; - - BN_with_flags(pr0, r0, BN_FLG_CONSTTIME); - if (!BN_mod_inverse(rsa->d, rsa->e, pr0, ctx)) { - BN_free(pr0); - goto err; /* d */ - } - /* We MUST free pr0 before any further use of r0 */ - BN_free(pr0); - } - - { - BIGNUM *d = BN_new(); - - if (d == NULL) - goto err; - - BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME); - - /* calculate d mod (p-1) and d mod (q - 1) */ - if (!BN_mod(rsa->dmp1, d, r1, ctx) - || !BN_mod(rsa->dmq1, d, r2, ctx)) { - BN_free(d); - goto err; - } - - /* calculate CRT exponents */ - for (i = 2; i < primes; i++) { - pinfo = sk_RSA_PRIME_INFO_value(prime_infos, i - 2); - /* pinfo->d == r_i - 1 */ - if (!BN_mod(pinfo->d, d, pinfo->d, ctx)) { - BN_free(d); - goto err; - } - } - - /* We MUST free d before any further use of rsa->d */ - BN_free(d); - } - - { - BIGNUM *p = BN_new(); - - if (p == NULL) - goto err; - BN_with_flags(p, rsa->p, BN_FLG_CONSTTIME); - - /* calculate inverse of q mod p */ - if (!BN_mod_inverse(rsa->iqmp, rsa->q, p, ctx)) { - BN_free(p); - goto err; - } - - /* calculate CRT coefficient for other primes */ - for (i = 2; i < primes; i++) { - pinfo = sk_RSA_PRIME_INFO_value(prime_infos, i - 2); - BN_with_flags(p, pinfo->r, BN_FLG_CONSTTIME); - if (!BN_mod_inverse(pinfo->t, pinfo->pp, p, ctx)) { - BN_free(p); - goto err; - } - } - - /* We MUST free p before any further use of rsa->p */ - BN_free(p); - } - - ok = 1; - err: - if (ok == -1) { - ERR_raise(ERR_LIB_RSA, ERR_R_BN_LIB); - ok = 0; - } - BN_CTX_end(ctx); - BN_CTX_free(ctx); - return ok; -} -#endif /* FIPS_MODULE */ - -static int rsa_keygen(OSSL_LIB_CTX *libctx, RSA *rsa, int bits, int primes, - BIGNUM *e_value, BN_GENCB *cb, int pairwise_test) -{ - int ok = 0; - -#ifdef FIPS_MODULE - ok = ossl_rsa_sp800_56b_generate_key(rsa, bits, e_value, cb); - pairwise_test = 1; /* FIPS MODE needs to always run the pairwise test */ -#else - /* - * Only multi-prime keys or insecure keys with a small key length or a - * public exponent <= 2^16 will use the older rsa_multiprime_keygen(). - */ - if (primes == 2 - && bits >= 2048 - && (e_value == NULL || BN_num_bits(e_value) > 16)) - ok = ossl_rsa_sp800_56b_generate_key(rsa, bits, e_value, cb); - else - ok = rsa_multiprime_keygen(rsa, bits, primes, e_value, cb); -#endif /* FIPS_MODULE */ - - if (pairwise_test && ok > 0) { - OSSL_CALLBACK *stcb = NULL; - void *stcbarg = NULL; - - OSSL_SELF_TEST_get_callback(libctx, &stcb, &stcbarg); - ok = rsa_keygen_pairwise_test(rsa, stcb, stcbarg); - if (!ok) { - ossl_set_error_state(OSSL_SELF_TEST_TYPE_PCT); - /* Clear intermediate results */ - BN_clear_free(rsa->d); - BN_clear_free(rsa->p); - BN_clear_free(rsa->q); - BN_clear_free(rsa->dmp1); - BN_clear_free(rsa->dmq1); - BN_clear_free(rsa->iqmp); - rsa->d = NULL; - rsa->p = NULL; - rsa->q = NULL; - rsa->dmp1 = NULL; - rsa->dmq1 = NULL; - rsa->iqmp = NULL; - } - } - return ok; -} - -/* - * For RSA key generation it is not known whether the key pair will be used - * for key transport or signatures. FIPS 140-2 IG 9.9 states that in this case - * either a signature verification OR an encryption operation may be used to - * perform the pairwise consistency check. The simpler encrypt/decrypt operation - * has been chosen for this case. - */ -static int rsa_keygen_pairwise_test(RSA *rsa, OSSL_CALLBACK *cb, void *cbarg) -{ - int ret = 0; - unsigned int ciphertxt_len; - unsigned char *ciphertxt = NULL; - const unsigned char plaintxt[16] = {0}; - unsigned char *decoded = NULL; - unsigned int decoded_len; - unsigned int plaintxt_len = (unsigned int)sizeof(plaintxt_len); - int padding = RSA_PKCS1_PADDING; - OSSL_SELF_TEST *st = NULL; - - st = OSSL_SELF_TEST_new(cb, cbarg); - if (st == NULL) - goto err; - OSSL_SELF_TEST_onbegin(st, OSSL_SELF_TEST_TYPE_PCT, - OSSL_SELF_TEST_DESC_PCT_RSA_PKCS1); - - ciphertxt_len = RSA_size(rsa); - /* - * RSA_private_encrypt() and RSA_private_decrypt() requires the 'to' - * parameter to be a maximum of RSA_size() - allocate space for both. - */ - ciphertxt = OPENSSL_zalloc(ciphertxt_len * 2); - if (ciphertxt == NULL) - goto err; - decoded = ciphertxt + ciphertxt_len; - - ciphertxt_len = RSA_public_encrypt(plaintxt_len, plaintxt, ciphertxt, rsa, - padding); - if (ciphertxt_len <= 0) - goto err; - if (ciphertxt_len == plaintxt_len - && memcmp(ciphertxt, plaintxt, plaintxt_len) == 0) - goto err; - - OSSL_SELF_TEST_oncorrupt_byte(st, ciphertxt); - - decoded_len = RSA_private_decrypt(ciphertxt_len, ciphertxt, decoded, rsa, - padding); - if (decoded_len != plaintxt_len - || memcmp(decoded, plaintxt, decoded_len) != 0) - goto err; - - ret = 1; -err: - OSSL_SELF_TEST_onend(st, ret); - OSSL_SELF_TEST_free(st); - OPENSSL_free(ciphertxt); - - return ret; -} diff --git a/crypto/rsa/rsa_lib.c b/crypto/rsa/rsa_lib.c deleted file mode 100644 index 449097b8b27afc7c473594e49dbddee38067a921..0000000000000000000000000000000000000000 --- a/crypto/rsa/rsa_lib.c +++ /dev/null @@ -1,1282 +0,0 @@ -/* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * RSA low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include -#include -#ifndef FIPS_MODULE -# include -#endif -#include -#include -#include "internal/cryptlib.h" -#include "internal/refcount.h" -#include "crypto/bn.h" -#include "crypto/evp.h" -#include "crypto/rsa.h" -#include "crypto/security_bits.h" -#include "rsa_local.h" - -static RSA *rsa_new_intern(ENGINE *engine, OSSL_LIB_CTX *libctx); - -#ifndef FIPS_MODULE -RSA *RSA_new(void) -{ - return rsa_new_intern(NULL, NULL); -} - -const RSA_METHOD *RSA_get_method(const RSA *rsa) -{ - return rsa->meth; -} - -int RSA_set_method(RSA *rsa, const RSA_METHOD *meth) -{ - /* - * NB: The caller is specifically setting a method, so it's not up to us - * to deal with which ENGINE it comes from. - */ - const RSA_METHOD *mtmp; - mtmp = rsa->meth; - if (mtmp->finish) - mtmp->finish(rsa); -#ifndef OPENSSL_NO_ENGINE - ENGINE_finish(rsa->engine); - rsa->engine = NULL; -#endif - rsa->meth = meth; - if (meth->init) - meth->init(rsa); - return 1; -} - -RSA *RSA_new_method(ENGINE *engine) -{ - return rsa_new_intern(engine, NULL); -} -#endif - -RSA *ossl_rsa_new_with_ctx(OSSL_LIB_CTX *libctx) -{ - return rsa_new_intern(NULL, libctx); -} - -static RSA *rsa_new_intern(ENGINE *engine, OSSL_LIB_CTX *libctx) -{ - RSA *ret = OPENSSL_zalloc(sizeof(*ret)); - - if (ret == NULL) { - ERR_raise(ERR_LIB_RSA, ERR_R_MALLOC_FAILURE); - return NULL; - } - - ret->references = 1; - ret->lock = CRYPTO_THREAD_lock_new(); - if (ret->lock == NULL) { - ERR_raise(ERR_LIB_RSA, ERR_R_MALLOC_FAILURE); - OPENSSL_free(ret); - return NULL; - } - - ret->libctx = libctx; - ret->meth = RSA_get_default_method(); -#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE) - ret->flags = ret->meth->flags & ~RSA_FLAG_NON_FIPS_ALLOW; - if (engine) { - if (!ENGINE_init(engine)) { - ERR_raise(ERR_LIB_RSA, ERR_R_ENGINE_LIB); - goto err; - } - ret->engine = engine; - } else { - ret->engine = ENGINE_get_default_RSA(); - } - if (ret->engine) { - ret->meth = ENGINE_get_RSA(ret->engine); - if (ret->meth == NULL) { - ERR_raise(ERR_LIB_RSA, ERR_R_ENGINE_LIB); - goto err; - } - } -#endif - - ret->flags = ret->meth->flags & ~RSA_FLAG_NON_FIPS_ALLOW; -#ifndef FIPS_MODULE - if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data)) { - goto err; - } -#endif - - if ((ret->meth->init != NULL) && !ret->meth->init(ret)) { - ERR_raise(ERR_LIB_RSA, ERR_R_INIT_FAIL); - goto err; - } - - return ret; - - err: - RSA_free(ret); - return NULL; -} - -void RSA_free(RSA *r) -{ - int i; - - if (r == NULL) - return; - - CRYPTO_DOWN_REF(&r->references, &i, r->lock); - REF_PRINT_COUNT("RSA", r); - if (i > 0) - return; - REF_ASSERT_ISNT(i < 0); - - if (r->meth != NULL && r->meth->finish != NULL) - r->meth->finish(r); -#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE) - ENGINE_finish(r->engine); -#endif - -#ifndef FIPS_MODULE - CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, r, &r->ex_data); -#endif - - CRYPTO_THREAD_lock_free(r->lock); - - BN_free(r->n); - BN_free(r->e); - BN_clear_free(r->d); - BN_clear_free(r->p); - BN_clear_free(r->q); - BN_clear_free(r->dmp1); - BN_clear_free(r->dmq1); - BN_clear_free(r->iqmp); - -#if defined(FIPS_MODULE) && !defined(OPENSSL_NO_ACVP_TESTS) - ossl_rsa_acvp_test_free(r->acvp_test); -#endif - -#ifndef FIPS_MODULE - RSA_PSS_PARAMS_free(r->pss); - sk_RSA_PRIME_INFO_pop_free(r->prime_infos, ossl_rsa_multip_info_free); -#endif - BN_BLINDING_free(r->blinding); - BN_BLINDING_free(r->mt_blinding); - OPENSSL_free(r); -} - -int RSA_up_ref(RSA *r) -{ - int i; - - if (CRYPTO_UP_REF(&r->references, &i, r->lock) <= 0) - return 0; - - REF_PRINT_COUNT("RSA", r); - REF_ASSERT_ISNT(i < 2); - return i > 1 ? 1 : 0; -} - -OSSL_LIB_CTX *ossl_rsa_get0_libctx(RSA *r) -{ - return r->libctx; -} - -void ossl_rsa_set0_libctx(RSA *r, OSSL_LIB_CTX *libctx) -{ - r->libctx = libctx; -} - -#ifndef FIPS_MODULE -int RSA_set_ex_data(RSA *r, int idx, void *arg) -{ - return CRYPTO_set_ex_data(&r->ex_data, idx, arg); -} - -void *RSA_get_ex_data(const RSA *r, int idx) -{ - return CRYPTO_get_ex_data(&r->ex_data, idx); -} -#endif - -/* - * Define a scaling constant for our fixed point arithmetic. - * This value must be a power of two because the base two logarithm code - * makes this assumption. The exponent must also be a multiple of three so - * that the scale factor has an exact cube root. Finally, the scale factor - * should not be so large that a multiplication of two scaled numbers - * overflows a 64 bit unsigned integer. - */ -static const unsigned int scale = 1 << 18; -static const unsigned int cbrt_scale = 1 << (2 * 18 / 3); - -/* Define some constants, none exceed 32 bits */ -static const unsigned int log_2 = 0x02c5c8; /* scale * log(2) */ -static const unsigned int log_e = 0x05c551; /* scale * log2(M_E) */ -static const unsigned int c1_923 = 0x07b126; /* scale * 1.923 */ -static const unsigned int c4_690 = 0x12c28f; /* scale * 4.690 */ - -/* - * Multiply two scaled integers together and rescale the result. - */ -static ossl_inline uint64_t mul2(uint64_t a, uint64_t b) -{ - return a * b / scale; -} - -/* - * Calculate the cube root of a 64 bit scaled integer. - * Although the cube root of a 64 bit number does fit into a 32 bit unsigned - * integer, this is not guaranteed after scaling, so this function has a - * 64 bit return. This uses the shifting nth root algorithm with some - * algebraic simplifications. - */ -static uint64_t icbrt64(uint64_t x) -{ - uint64_t r = 0; - uint64_t b; - int s; - - for (s = 63; s >= 0; s -= 3) { - r <<= 1; - b = 3 * r * (r + 1) + 1; - if ((x >> s) >= b) { - x -= b << s; - r++; - } - } - return r * cbrt_scale; -} - -/* - * Calculate the natural logarithm of a 64 bit scaled integer. - * This is done by calculating a base two logarithm and scaling. - * The maximum logarithm (base 2) is 64 and this reduces base e, so - * a 32 bit result should not overflow. The argument passed must be - * greater than unity so we don't need to handle negative results. - */ -static uint32_t ilog_e(uint64_t v) -{ - uint32_t i, r = 0; - - /* - * Scale down the value into the range 1 .. 2. - * - * If fractional numbers need to be processed, another loop needs - * to go here that checks v < scale and if so multiplies it by 2 and - * reduces r by scale. This also means making r signed. - */ - while (v >= 2 * scale) { - v >>= 1; - r += scale; - } - for (i = scale / 2; i != 0; i /= 2) { - v = mul2(v, v); - if (v >= 2 * scale) { - v >>= 1; - r += i; - } - } - r = (r * (uint64_t)scale) / log_e; - return r; -} - -/* - * NIST SP 800-56B rev 2 Appendix D: Maximum Security Strength Estimates for IFC - * Modulus Lengths. - * - * Note that this formula is also referred to in SP800-56A rev3 Appendix D: - * for FFC safe prime groups for modp and ffdhe. - * After Table 25 and Table 26 it refers to - * "The maximum security strength estimates were calculated using the formula in - * Section 7.5 of the FIPS 140 IG and rounded to the nearest multiple of eight - * bits". - * - * The formula is: - * - * E = \frac{1.923 \sqrt[3]{nBits \cdot log_e(2)} - * \cdot(log_e(nBits \cdot log_e(2))^{2/3} - 4.69}{log_e(2)} - * The two cube roots are merged together here. - */ -uint16_t ossl_ifc_ffc_compute_security_bits(int n) -{ - uint64_t x; - uint32_t lx; - uint16_t y, cap; - - /* - * Look for common values as listed in standards. - * These values are not exactly equal to the results from the formulae in - * the standards but are defined to be canonical. - */ - switch (n) { - case 2048: /* SP 800-56B rev 2 Appendix D and FIPS 140-2 IG 7.5 */ - return 112; - case 3072: /* SP 800-56B rev 2 Appendix D and FIPS 140-2 IG 7.5 */ - return 128; - case 4096: /* SP 800-56B rev 2 Appendix D */ - return 152; - case 6144: /* SP 800-56B rev 2 Appendix D */ - return 176; - case 7680: /* FIPS 140-2 IG 7.5 */ - return 192; - case 8192: /* SP 800-56B rev 2 Appendix D */ - return 200; - case 15360: /* FIPS 140-2 IG 7.5 */ - return 256; - } - - /* - * The first incorrect result (i.e. not accurate or off by one low) occurs - * for n = 699668. The true value here is 1200. Instead of using this n - * as the check threshold, the smallest n such that the correct result is - * 1200 is used instead. - */ - if (n >= 687737) - return 1200; - if (n < 8) - return 0; - - /* - * To ensure that the output is non-decreasing with respect to n, - * a cap needs to be applied to the two values where the function over - * estimates the strength (according to the above fast path). - */ - if (n <= 7680) - cap = 192; - else if (n <= 15360) - cap = 256; - else - cap = 1200; - - x = n * (uint64_t)log_2; - lx = ilog_e(x); - y = (uint16_t)((mul2(c1_923, icbrt64(mul2(mul2(x, lx), lx))) - c4_690) - / log_2); - y = (y + 4) & ~7; - if (y > cap) - y = cap; - return y; -} - - - -int RSA_security_bits(const RSA *rsa) -{ - int bits = BN_num_bits(rsa->n); - -#ifndef FIPS_MODULE - if (rsa->version == RSA_ASN1_VERSION_MULTI) { - /* This ought to mean that we have private key at hand. */ - int ex_primes = sk_RSA_PRIME_INFO_num(rsa->prime_infos); - - if (ex_primes <= 0 || (ex_primes + 2) > ossl_rsa_multip_cap(bits)) - return 0; - } -#endif - return ossl_ifc_ffc_compute_security_bits(bits); -} - -int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d) -{ - /* If the fields n and e in r are NULL, the corresponding input - * parameters MUST be non-NULL for n and e. d may be - * left NULL (in case only the public key is used). - */ - if ((r->n == NULL && n == NULL) - || (r->e == NULL && e == NULL)) - return 0; - - if (n != NULL) { - BN_free(r->n); - r->n = n; - } - if (e != NULL) { - BN_free(r->e); - r->e = e; - } - if (d != NULL) { - BN_clear_free(r->d); - r->d = d; - BN_set_flags(r->d, BN_FLG_CONSTTIME); - } - r->dirty_cnt++; - - return 1; -} - -int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q) -{ - /* If the fields p and q in r are NULL, the corresponding input - * parameters MUST be non-NULL. - */ - if ((r->p == NULL && p == NULL) - || (r->q == NULL && q == NULL)) - return 0; - - if (p != NULL) { - BN_clear_free(r->p); - r->p = p; - BN_set_flags(r->p, BN_FLG_CONSTTIME); - } - if (q != NULL) { - BN_clear_free(r->q); - r->q = q; - BN_set_flags(r->q, BN_FLG_CONSTTIME); - } - r->dirty_cnt++; - - return 1; -} - -int RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp) -{ - /* If the fields dmp1, dmq1 and iqmp in r are NULL, the corresponding input - * parameters MUST be non-NULL. - */ - if ((r->dmp1 == NULL && dmp1 == NULL) - || (r->dmq1 == NULL && dmq1 == NULL) - || (r->iqmp == NULL && iqmp == NULL)) - return 0; - - if (dmp1 != NULL) { - BN_clear_free(r->dmp1); - r->dmp1 = dmp1; - BN_set_flags(r->dmp1, BN_FLG_CONSTTIME); - } - if (dmq1 != NULL) { - BN_clear_free(r->dmq1); - r->dmq1 = dmq1; - BN_set_flags(r->dmq1, BN_FLG_CONSTTIME); - } - if (iqmp != NULL) { - BN_clear_free(r->iqmp); - r->iqmp = iqmp; - BN_set_flags(r->iqmp, BN_FLG_CONSTTIME); - } - r->dirty_cnt++; - - return 1; -} - -#ifndef FIPS_MODULE -/* - * Is it better to export RSA_PRIME_INFO structure - * and related functions to let user pass a triplet? - */ -int RSA_set0_multi_prime_params(RSA *r, BIGNUM *primes[], BIGNUM *exps[], - BIGNUM *coeffs[], int pnum) -{ - STACK_OF(RSA_PRIME_INFO) *prime_infos, *old = NULL; - RSA_PRIME_INFO *pinfo; - int i; - - if (primes == NULL || exps == NULL || coeffs == NULL || pnum == 0) - return 0; - - prime_infos = sk_RSA_PRIME_INFO_new_reserve(NULL, pnum); - if (prime_infos == NULL) - return 0; - - if (r->prime_infos != NULL) - old = r->prime_infos; - - for (i = 0; i < pnum; i++) { - pinfo = ossl_rsa_multip_info_new(); - if (pinfo == NULL) - goto err; - if (primes[i] != NULL && exps[i] != NULL && coeffs[i] != NULL) { - BN_clear_free(pinfo->r); - BN_clear_free(pinfo->d); - BN_clear_free(pinfo->t); - pinfo->r = primes[i]; - pinfo->d = exps[i]; - pinfo->t = coeffs[i]; - BN_set_flags(pinfo->r, BN_FLG_CONSTTIME); - BN_set_flags(pinfo->d, BN_FLG_CONSTTIME); - BN_set_flags(pinfo->t, BN_FLG_CONSTTIME); - } else { - ossl_rsa_multip_info_free(pinfo); - goto err; - } - (void)sk_RSA_PRIME_INFO_push(prime_infos, pinfo); - } - - r->prime_infos = prime_infos; - - if (!ossl_rsa_multip_calc_product(r)) { - r->prime_infos = old; - goto err; - } - - if (old != NULL) { - /* - * This is hard to deal with, since the old infos could - * also be set by this function and r, d, t should not - * be freed in that case. So currently, stay consistent - * with other *set0* functions: just free it... - */ - sk_RSA_PRIME_INFO_pop_free(old, ossl_rsa_multip_info_free); - } - - r->version = RSA_ASN1_VERSION_MULTI; - r->dirty_cnt++; - - return 1; - err: - /* r, d, t should not be freed */ - sk_RSA_PRIME_INFO_pop_free(prime_infos, ossl_rsa_multip_info_free_ex); - return 0; -} -#endif - -void RSA_get0_key(const RSA *r, - const BIGNUM **n, const BIGNUM **e, const BIGNUM **d) -{ - if (n != NULL) - *n = r->n; - if (e != NULL) - *e = r->e; - if (d != NULL) - *d = r->d; -} - -void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q) -{ - if (p != NULL) - *p = r->p; - if (q != NULL) - *q = r->q; -} - -#ifndef FIPS_MODULE -int RSA_get_multi_prime_extra_count(const RSA *r) -{ - int pnum; - - pnum = sk_RSA_PRIME_INFO_num(r->prime_infos); - if (pnum <= 0) - pnum = 0; - return pnum; -} - -int RSA_get0_multi_prime_factors(const RSA *r, const BIGNUM *primes[]) -{ - int pnum, i; - RSA_PRIME_INFO *pinfo; - - if ((pnum = RSA_get_multi_prime_extra_count(r)) == 0) - return 0; - - /* - * return other primes - * it's caller's responsibility to allocate oth_primes[pnum] - */ - for (i = 0; i < pnum; i++) { - pinfo = sk_RSA_PRIME_INFO_value(r->prime_infos, i); - primes[i] = pinfo->r; - } - - return 1; -} -#endif - -void RSA_get0_crt_params(const RSA *r, - const BIGNUM **dmp1, const BIGNUM **dmq1, - const BIGNUM **iqmp) -{ - if (dmp1 != NULL) - *dmp1 = r->dmp1; - if (dmq1 != NULL) - *dmq1 = r->dmq1; - if (iqmp != NULL) - *iqmp = r->iqmp; -} - -#ifndef FIPS_MODULE -int RSA_get0_multi_prime_crt_params(const RSA *r, const BIGNUM *exps[], - const BIGNUM *coeffs[]) -{ - int pnum; - - if ((pnum = RSA_get_multi_prime_extra_count(r)) == 0) - return 0; - - /* return other primes */ - if (exps != NULL || coeffs != NULL) { - RSA_PRIME_INFO *pinfo; - int i; - - /* it's the user's job to guarantee the buffer length */ - for (i = 0; i < pnum; i++) { - pinfo = sk_RSA_PRIME_INFO_value(r->prime_infos, i); - if (exps != NULL) - exps[i] = pinfo->d; - if (coeffs != NULL) - coeffs[i] = pinfo->t; - } - } - - return 1; -} -#endif - -const BIGNUM *RSA_get0_n(const RSA *r) -{ - return r->n; -} - -const BIGNUM *RSA_get0_e(const RSA *r) -{ - return r->e; -} - -const BIGNUM *RSA_get0_d(const RSA *r) -{ - return r->d; -} - -const BIGNUM *RSA_get0_p(const RSA *r) -{ - return r->p; -} - -const BIGNUM *RSA_get0_q(const RSA *r) -{ - return r->q; -} - -const BIGNUM *RSA_get0_dmp1(const RSA *r) -{ - return r->dmp1; -} - -const BIGNUM *RSA_get0_dmq1(const RSA *r) -{ - return r->dmq1; -} - -const BIGNUM *RSA_get0_iqmp(const RSA *r) -{ - return r->iqmp; -} - -const RSA_PSS_PARAMS *RSA_get0_pss_params(const RSA *r) -{ -#ifdef FIPS_MODULE - return NULL; -#else - return r->pss; -#endif -} - -/* Internal */ -int ossl_rsa_set0_pss_params(RSA *r, RSA_PSS_PARAMS *pss) -{ -#ifdef FIPS_MODULE - return 0; -#else - RSA_PSS_PARAMS_free(r->pss); - r->pss = pss; - return 1; -#endif -} - -/* Internal */ -RSA_PSS_PARAMS_30 *ossl_rsa_get0_pss_params_30(RSA *r) -{ - return &r->pss_params; -} - -void RSA_clear_flags(RSA *r, int flags) -{ - r->flags &= ~flags; -} - -int RSA_test_flags(const RSA *r, int flags) -{ - return r->flags & flags; -} - -void RSA_set_flags(RSA *r, int flags) -{ - r->flags |= flags; -} - -int RSA_get_version(RSA *r) -{ - /* { two-prime(0), multi(1) } */ - return r->version; -} - -#ifndef FIPS_MODULE -ENGINE *RSA_get0_engine(const RSA *r) -{ - return r->engine; -} - -int RSA_pkey_ctx_ctrl(EVP_PKEY_CTX *ctx, int optype, int cmd, int p1, void *p2) -{ - /* If key type not RSA or RSA-PSS return error */ - if (ctx != NULL && ctx->pmeth != NULL - && ctx->pmeth->pkey_id != EVP_PKEY_RSA - && ctx->pmeth->pkey_id != EVP_PKEY_RSA_PSS) - return -1; - return EVP_PKEY_CTX_ctrl(ctx, -1, optype, cmd, p1, p2); -} -#endif - -DEFINE_STACK_OF(BIGNUM) - -int ossl_rsa_set0_all_params(RSA *r, const STACK_OF(BIGNUM) *primes, - const STACK_OF(BIGNUM) *exps, - const STACK_OF(BIGNUM) *coeffs) -{ -#ifndef FIPS_MODULE - STACK_OF(RSA_PRIME_INFO) *prime_infos, *old_infos = NULL; -#endif - int pnum; - - if (primes == NULL || exps == NULL || coeffs == NULL) - return 0; - - pnum = sk_BIGNUM_num(primes); - if (pnum < 2 - || pnum != sk_BIGNUM_num(exps) - || pnum != sk_BIGNUM_num(coeffs) + 1) - return 0; - - if (!RSA_set0_factors(r, sk_BIGNUM_value(primes, 0), - sk_BIGNUM_value(primes, 1)) - || !RSA_set0_crt_params(r, sk_BIGNUM_value(exps, 0), - sk_BIGNUM_value(exps, 1), - sk_BIGNUM_value(coeffs, 0))) - return 0; - -#ifndef FIPS_MODULE - old_infos = r->prime_infos; -#endif - - if (pnum > 2) { -#ifndef FIPS_MODULE - int i; - - prime_infos = sk_RSA_PRIME_INFO_new_reserve(NULL, pnum); - if (prime_infos == NULL) - return 0; - - for (i = 2; i < pnum; i++) { - BIGNUM *prime = sk_BIGNUM_value(primes, i); - BIGNUM *exp = sk_BIGNUM_value(exps, i); - BIGNUM *coeff = sk_BIGNUM_value(coeffs, i - 1); - RSA_PRIME_INFO *pinfo = NULL; - - if (!ossl_assert(prime != NULL && exp != NULL && coeff != NULL)) - goto err; - - /* Using ossl_rsa_multip_info_new() is wasteful, so allocate directly */ - if ((pinfo = OPENSSL_zalloc(sizeof(*pinfo))) == NULL) { - ERR_raise(ERR_LIB_RSA, ERR_R_MALLOC_FAILURE); - goto err; - } - - pinfo->r = prime; - pinfo->d = exp; - pinfo->t = coeff; - BN_set_flags(pinfo->r, BN_FLG_CONSTTIME); - BN_set_flags(pinfo->d, BN_FLG_CONSTTIME); - BN_set_flags(pinfo->t, BN_FLG_CONSTTIME); - (void)sk_RSA_PRIME_INFO_push(prime_infos, pinfo); - } - - r->prime_infos = prime_infos; - - if (!ossl_rsa_multip_calc_product(r)) { - r->prime_infos = old_infos; - goto err; - } -#else - return 0; -#endif - } - -#ifndef FIPS_MODULE - if (old_infos != NULL) { - /* - * This is hard to deal with, since the old infos could - * also be set by this function and r, d, t should not - * be freed in that case. So currently, stay consistent - * with other *set0* functions: just free it... - */ - sk_RSA_PRIME_INFO_pop_free(old_infos, ossl_rsa_multip_info_free); - } -#endif - - r->version = pnum > 2 ? RSA_ASN1_VERSION_MULTI : RSA_ASN1_VERSION_DEFAULT; - r->dirty_cnt++; - - return 1; -#ifndef FIPS_MODULE - err: - /* r, d, t should not be freed */ - sk_RSA_PRIME_INFO_pop_free(prime_infos, ossl_rsa_multip_info_free_ex); - return 0; -#endif -} - -DEFINE_SPECIAL_STACK_OF_CONST(BIGNUM_const, BIGNUM) - -int ossl_rsa_get0_all_params(RSA *r, STACK_OF(BIGNUM_const) *primes, - STACK_OF(BIGNUM_const) *exps, - STACK_OF(BIGNUM_const) *coeffs) -{ -#ifndef FIPS_MODULE - RSA_PRIME_INFO *pinfo; - int i, pnum; -#endif - - if (r == NULL) - return 0; - - /* If |p| is NULL, there are no CRT parameters */ - if (RSA_get0_p(r) == NULL) - return 1; - - sk_BIGNUM_const_push(primes, RSA_get0_p(r)); - sk_BIGNUM_const_push(primes, RSA_get0_q(r)); - sk_BIGNUM_const_push(exps, RSA_get0_dmp1(r)); - sk_BIGNUM_const_push(exps, RSA_get0_dmq1(r)); - sk_BIGNUM_const_push(coeffs, RSA_get0_iqmp(r)); - -#ifndef FIPS_MODULE - pnum = RSA_get_multi_prime_extra_count(r); - for (i = 0; i < pnum; i++) { - pinfo = sk_RSA_PRIME_INFO_value(r->prime_infos, i); - sk_BIGNUM_const_push(primes, pinfo->r); - sk_BIGNUM_const_push(exps, pinfo->d); - sk_BIGNUM_const_push(coeffs, pinfo->t); - } -#endif - - return 1; -} - -#ifndef FIPS_MODULE -/* Helpers to set or get diverse hash algorithm names */ -static int int_set_rsa_md_name(EVP_PKEY_CTX *ctx, - /* For checks */ - int keytype, int optype, - /* For EVP_PKEY_CTX_set_params() */ - const char *mdkey, const char *mdname, - const char *propkey, const char *mdprops) -{ - OSSL_PARAM params[3], *p = params; - - if (ctx == NULL || mdname == NULL || (ctx->operation & optype) == 0) { - ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED); - /* Uses the same return values as EVP_PKEY_CTX_ctrl */ - return -2; - } - - /* If key type not RSA return error */ - switch (keytype) { - case -1: - if (!EVP_PKEY_CTX_is_a(ctx, "RSA") - && !EVP_PKEY_CTX_is_a(ctx, "RSA-PSS")) - return -1; - break; - default: - if (!EVP_PKEY_CTX_is_a(ctx, evp_pkey_type2name(keytype))) - return -1; - break; - } - - /* Cast away the const. This is read only so should be safe */ - *p++ = OSSL_PARAM_construct_utf8_string(mdkey, (char *)mdname, 0); - if (evp_pkey_ctx_is_provided(ctx) && mdprops != NULL) { - /* Cast away the const. This is read only so should be safe */ - *p++ = OSSL_PARAM_construct_utf8_string(propkey, (char *)mdprops, 0); - } - *p++ = OSSL_PARAM_construct_end(); - - return evp_pkey_ctx_set_params_strict(ctx, params); -} - -/* Helpers to set or get diverse hash algorithm names */ -static int int_get_rsa_md_name(EVP_PKEY_CTX *ctx, - /* For checks */ - int keytype, int optype, - /* For EVP_PKEY_CTX_get_params() */ - const char *mdkey, - char *mdname, size_t mdnamesize) -{ - OSSL_PARAM params[2], *p = params; - - if (ctx == NULL || mdname == NULL || (ctx->operation & optype) == 0) { - ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED); - /* Uses the same return values as EVP_PKEY_CTX_ctrl */ - return -2; - } - - /* If key type not RSA return error */ - switch (keytype) { - case -1: - if (!EVP_PKEY_CTX_is_a(ctx, "RSA") - && !EVP_PKEY_CTX_is_a(ctx, "RSA-PSS")) - return -1; - break; - default: - if (!EVP_PKEY_CTX_is_a(ctx, evp_pkey_type2name(keytype))) - return -1; - break; - } - - /* Cast away the const. This is read only so should be safe */ - *p++ = OSSL_PARAM_construct_utf8_string(mdkey, (char *)mdname, mdnamesize); - *p++ = OSSL_PARAM_construct_end(); - - return evp_pkey_ctx_get_params_strict(ctx, params); -} - -/* - * This one is currently implemented as an EVP_PKEY_CTX_ctrl() wrapper, - * simply because that's easier. - */ -int EVP_PKEY_CTX_set_rsa_padding(EVP_PKEY_CTX *ctx, int pad_mode) -{ - return RSA_pkey_ctx_ctrl(ctx, -1, EVP_PKEY_CTRL_RSA_PADDING, - pad_mode, NULL); -} - -/* - * This one is currently implemented as an EVP_PKEY_CTX_ctrl() wrapper, - * simply because that's easier. - */ -int EVP_PKEY_CTX_get_rsa_padding(EVP_PKEY_CTX *ctx, int *pad_mode) -{ - return RSA_pkey_ctx_ctrl(ctx, -1, EVP_PKEY_CTRL_GET_RSA_PADDING, - 0, pad_mode); -} - -/* - * This one is currently implemented as an EVP_PKEY_CTX_ctrl() wrapper, - * simply because that's easier. - */ -int EVP_PKEY_CTX_set_rsa_pss_keygen_md(EVP_PKEY_CTX *ctx, const EVP_MD *md) -{ - return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA_PSS, EVP_PKEY_OP_KEYGEN, - EVP_PKEY_CTRL_MD, 0, (void *)(md)); -} - -int EVP_PKEY_CTX_set_rsa_pss_keygen_md_name(EVP_PKEY_CTX *ctx, - const char *mdname, - const char *mdprops) -{ - return int_set_rsa_md_name(ctx, EVP_PKEY_RSA_PSS, EVP_PKEY_OP_KEYGEN, - OSSL_PKEY_PARAM_RSA_DIGEST, mdname, - OSSL_PKEY_PARAM_RSA_DIGEST_PROPS, mdprops); -} - -/* - * This one is currently implemented as an EVP_PKEY_CTX_ctrl() wrapper, - * simply because that's easier. - */ -int EVP_PKEY_CTX_set_rsa_oaep_md(EVP_PKEY_CTX *ctx, const EVP_MD *md) -{ - return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_CRYPT, - EVP_PKEY_CTRL_RSA_OAEP_MD, 0, (void *)(md)); -} - -int EVP_PKEY_CTX_set_rsa_oaep_md_name(EVP_PKEY_CTX *ctx, const char *mdname, - const char *mdprops) -{ - return - int_set_rsa_md_name(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_CRYPT, - OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST, mdname, - OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST_PROPS, mdprops); -} - -int EVP_PKEY_CTX_get_rsa_oaep_md_name(EVP_PKEY_CTX *ctx, char *name, - size_t namesize) -{ - return int_get_rsa_md_name(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_CRYPT, - OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST, - name, namesize); -} - -/* - * This one is currently implemented as an EVP_PKEY_CTX_ctrl() wrapper, - * simply because that's easier. - */ -int EVP_PKEY_CTX_get_rsa_oaep_md(EVP_PKEY_CTX *ctx, const EVP_MD **md) -{ - return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_CRYPT, - EVP_PKEY_CTRL_GET_RSA_OAEP_MD, 0, (void *)md); -} - -/* - * This one is currently implemented as an EVP_PKEY_CTX_ctrl() wrapper, - * simply because that's easier. - */ -int EVP_PKEY_CTX_set_rsa_mgf1_md(EVP_PKEY_CTX *ctx, const EVP_MD *md) -{ - return RSA_pkey_ctx_ctrl(ctx, EVP_PKEY_OP_TYPE_SIG | EVP_PKEY_OP_TYPE_CRYPT, - EVP_PKEY_CTRL_RSA_MGF1_MD, 0, (void *)(md)); -} - -int EVP_PKEY_CTX_set_rsa_mgf1_md_name(EVP_PKEY_CTX *ctx, const char *mdname, - const char *mdprops) -{ - return int_set_rsa_md_name(ctx, -1, - EVP_PKEY_OP_TYPE_CRYPT | EVP_PKEY_OP_TYPE_SIG, - OSSL_PKEY_PARAM_MGF1_DIGEST, mdname, - OSSL_PKEY_PARAM_MGF1_PROPERTIES, mdprops); -} - -int EVP_PKEY_CTX_get_rsa_mgf1_md_name(EVP_PKEY_CTX *ctx, char *name, - size_t namesize) -{ - return int_get_rsa_md_name(ctx, -1, - EVP_PKEY_OP_TYPE_CRYPT | EVP_PKEY_OP_TYPE_SIG, - OSSL_PKEY_PARAM_MGF1_DIGEST, name, namesize); -} - -/* - * This one is currently implemented as an EVP_PKEY_CTX_ctrl() wrapper, - * simply because that's easier. - */ -int EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md(EVP_PKEY_CTX *ctx, const EVP_MD *md) -{ - return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA_PSS, EVP_PKEY_OP_KEYGEN, - EVP_PKEY_CTRL_RSA_MGF1_MD, 0, (void *)(md)); -} - -int EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md_name(EVP_PKEY_CTX *ctx, - const char *mdname) -{ - return int_set_rsa_md_name(ctx, EVP_PKEY_RSA_PSS, EVP_PKEY_OP_KEYGEN, - OSSL_PKEY_PARAM_MGF1_DIGEST, mdname, - NULL, NULL); -} - -/* - * This one is currently implemented as an EVP_PKEY_CTX_ctrl() wrapper, - * simply because that's easier. - */ -int EVP_PKEY_CTX_get_rsa_mgf1_md(EVP_PKEY_CTX *ctx, const EVP_MD **md) -{ - return RSA_pkey_ctx_ctrl(ctx, EVP_PKEY_OP_TYPE_SIG | EVP_PKEY_OP_TYPE_CRYPT, - EVP_PKEY_CTRL_GET_RSA_MGF1_MD, 0, (void *)(md)); -} - -int EVP_PKEY_CTX_set0_rsa_oaep_label(EVP_PKEY_CTX *ctx, void *label, int llen) -{ - OSSL_PARAM rsa_params[2], *p = rsa_params; - int ret; - - if (ctx == NULL || !EVP_PKEY_CTX_IS_ASYM_CIPHER_OP(ctx)) { - ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED); - /* Uses the same return values as EVP_PKEY_CTX_ctrl */ - return -2; - } - - /* If key type not RSA return error */ - if (!EVP_PKEY_CTX_is_a(ctx, "RSA")) - return -1; - - /* Cast away the const. This is read only so should be safe */ - *p++ = OSSL_PARAM_construct_octet_string(OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL, - (void *)label, (size_t)llen); - *p++ = OSSL_PARAM_construct_end(); - - ret = evp_pkey_ctx_set_params_strict(ctx, rsa_params); - if (ret <= 0) - return ret; - - /* Ownership is supposed to be transfered to the callee. */ - OPENSSL_free(label); - return 1; -} - -int EVP_PKEY_CTX_get0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char **label) -{ - OSSL_PARAM rsa_params[2], *p = rsa_params; - size_t labellen; - - if (ctx == NULL || !EVP_PKEY_CTX_IS_ASYM_CIPHER_OP(ctx)) { - ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED); - /* Uses the same return values as EVP_PKEY_CTX_ctrl */ - return -2; - } - - /* If key type not RSA return error */ - if (!EVP_PKEY_CTX_is_a(ctx, "RSA")) - return -1; - - *p++ = OSSL_PARAM_construct_octet_ptr(OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL, - (void **)label, 0); - *p++ = OSSL_PARAM_construct_end(); - - if (!EVP_PKEY_CTX_get_params(ctx, rsa_params)) - return -1; - - labellen = rsa_params[0].return_size; - if (labellen > INT_MAX) - return -1; - - return (int)labellen; -} - -/* - * This one is currently implemented as an EVP_PKEY_CTX_ctrl() wrapper, - * simply because that's easier. - */ -int EVP_PKEY_CTX_set_rsa_pss_saltlen(EVP_PKEY_CTX *ctx, int saltlen) -{ - /* - * For some reason, the optype was set to this: - * - * EVP_PKEY_OP_SIGN|EVP_PKEY_OP_VERIFY - * - * However, we do use RSA-PSS with the whole gamut of diverse signature - * and verification operations, so the optype gets upgraded to this: - * - * EVP_PKEY_OP_TYPE_SIG - */ - return RSA_pkey_ctx_ctrl(ctx, EVP_PKEY_OP_TYPE_SIG, - EVP_PKEY_CTRL_RSA_PSS_SALTLEN, saltlen, NULL); -} - -/* - * This one is currently implemented as an EVP_PKEY_CTX_ctrl() wrapper, - * simply because that's easier. - */ -int EVP_PKEY_CTX_get_rsa_pss_saltlen(EVP_PKEY_CTX *ctx, int *saltlen) -{ - /* - * Because of circumstances, the optype is updated from: - * - * EVP_PKEY_OP_SIGN|EVP_PKEY_OP_VERIFY - * - * to: - * - * EVP_PKEY_OP_TYPE_SIG - */ - return RSA_pkey_ctx_ctrl(ctx, EVP_PKEY_OP_TYPE_SIG, - EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN, 0, saltlen); -} - -int EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen(EVP_PKEY_CTX *ctx, int saltlen) -{ - OSSL_PARAM pad_params[2], *p = pad_params; - - if (ctx == NULL || !EVP_PKEY_CTX_IS_GEN_OP(ctx)) { - ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED); - /* Uses the same return values as EVP_PKEY_CTX_ctrl */ - return -2; - } - - if (!EVP_PKEY_CTX_is_a(ctx, "RSA-PSS")) - return -1; - - *p++ = OSSL_PARAM_construct_int(OSSL_SIGNATURE_PARAM_PSS_SALTLEN, - &saltlen); - *p++ = OSSL_PARAM_construct_end(); - - return evp_pkey_ctx_set_params_strict(ctx, pad_params); -} - -int EVP_PKEY_CTX_set_rsa_keygen_bits(EVP_PKEY_CTX *ctx, int bits) -{ - OSSL_PARAM params[2], *p = params; - size_t bits2 = bits; - - if (ctx == NULL || !EVP_PKEY_CTX_IS_GEN_OP(ctx)) { - ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED); - /* Uses the same return values as EVP_PKEY_CTX_ctrl */ - return -2; - } - - /* If key type not RSA return error */ - if (!EVP_PKEY_CTX_is_a(ctx, "RSA") - && !EVP_PKEY_CTX_is_a(ctx, "RSA-PSS")) - return -1; - - *p++ = OSSL_PARAM_construct_size_t(OSSL_PKEY_PARAM_RSA_BITS, &bits2); - *p++ = OSSL_PARAM_construct_end(); - - return evp_pkey_ctx_set_params_strict(ctx, params); -} - -int EVP_PKEY_CTX_set_rsa_keygen_pubexp(EVP_PKEY_CTX *ctx, BIGNUM *pubexp) -{ - int ret = RSA_pkey_ctx_ctrl(ctx, EVP_PKEY_OP_KEYGEN, - EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP, 0, pubexp); - - /* - * Satisfy memory semantics for pre-3.0 callers of - * EVP_PKEY_CTX_set_rsa_keygen_pubexp(): their expectation is that input - * pubexp BIGNUM becomes managed by the EVP_PKEY_CTX on success. - */ - if (ret > 0 && evp_pkey_ctx_is_provided(ctx)) { - BN_free(ctx->rsa_pubexp); - ctx->rsa_pubexp = pubexp; - } - - return ret; -} - -int EVP_PKEY_CTX_set1_rsa_keygen_pubexp(EVP_PKEY_CTX *ctx, BIGNUM *pubexp) -{ - int ret = 0; - - /* - * When we're dealing with a provider, there's no need to duplicate - * pubexp, as it gets copied when transforming to an OSSL_PARAM anyway. - */ - if (evp_pkey_ctx_is_legacy(ctx)) { - pubexp = BN_dup(pubexp); - if (pubexp == NULL) - return 0; - } - ret = EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_KEYGEN, - EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP, 0, pubexp); - if (evp_pkey_ctx_is_legacy(ctx) && ret <= 0) - BN_free(pubexp); - return ret; -} - -int EVP_PKEY_CTX_set_rsa_keygen_primes(EVP_PKEY_CTX *ctx, int primes) -{ - OSSL_PARAM params[2], *p = params; - size_t primes2 = primes; - - if (ctx == NULL || !EVP_PKEY_CTX_IS_GEN_OP(ctx)) { - ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED); - /* Uses the same return values as EVP_PKEY_CTX_ctrl */ - return -2; - } - - /* If key type not RSA return error */ - if (!EVP_PKEY_CTX_is_a(ctx, "RSA") - && !EVP_PKEY_CTX_is_a(ctx, "RSA-PSS")) - return -1; - - *p++ = OSSL_PARAM_construct_size_t(OSSL_PKEY_PARAM_RSA_PRIMES, &primes2); - *p++ = OSSL_PARAM_construct_end(); - - return evp_pkey_ctx_set_params_strict(ctx, params); -} -#endif diff --git a/crypto/rsa/rsa_local.h b/crypto/rsa/rsa_local.h deleted file mode 100644 index ea70da05ad780e74bae5a9d77d177cebfa8d6a40..0000000000000000000000000000000000000000 --- a/crypto/rsa/rsa_local.h +++ /dev/null @@ -1,196 +0,0 @@ -/* - * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#ifndef OSSL_CRYPTO_RSA_LOCAL_H -#define OSSL_CRYPTO_RSA_LOCAL_H - -#include "internal/refcount.h" -#include "crypto/rsa.h" - -#define RSA_MAX_PRIME_NUM 5 - -typedef struct rsa_prime_info_st { - BIGNUM *r; - BIGNUM *d; - BIGNUM *t; - /* save product of primes prior to this one */ - BIGNUM *pp; - BN_MONT_CTX *m; -} RSA_PRIME_INFO; - -DECLARE_ASN1_ITEM(RSA_PRIME_INFO) -DEFINE_STACK_OF(RSA_PRIME_INFO) - -#if defined(FIPS_MODULE) && !defined(OPENSSL_NO_ACVP_TESTS) -struct rsa_acvp_test_st { - /* optional inputs */ - BIGNUM *Xp1; - BIGNUM *Xp2; - BIGNUM *Xq1; - BIGNUM *Xq2; - BIGNUM *Xp; - BIGNUM *Xq; - - /* optional outputs */ - BIGNUM *p1; - BIGNUM *p2; - BIGNUM *q1; - BIGNUM *q2; -}; -#endif - -struct rsa_st { - /* - * #legacy - * The first field is used to pickup errors where this is passed - * instead of an EVP_PKEY. It is always zero. - * THIS MUST REMAIN THE FIRST FIELD. - */ - int dummy_zero; - - OSSL_LIB_CTX *libctx; - int32_t version; - const RSA_METHOD *meth; - /* functional reference if 'meth' is ENGINE-provided */ - ENGINE *engine; - BIGNUM *n; - BIGNUM *e; - BIGNUM *d; - BIGNUM *p; - BIGNUM *q; - BIGNUM *dmp1; - BIGNUM *dmq1; - BIGNUM *iqmp; - - /* - * If a PSS only key this contains the parameter restrictions. - * There are two structures for the same thing, used in different cases. - */ - /* This is used uniquely by OpenSSL provider implementations. */ - RSA_PSS_PARAMS_30 pss_params; - -#if defined(FIPS_MODULE) && !defined(OPENSSL_NO_ACVP_TESTS) - RSA_ACVP_TEST *acvp_test; -#endif - -#ifndef FIPS_MODULE - /* This is used uniquely by rsa_ameth.c and rsa_pmeth.c. */ - RSA_PSS_PARAMS *pss; - /* for multi-prime RSA, defined in RFC 8017 */ - STACK_OF(RSA_PRIME_INFO) *prime_infos; - /* Be careful using this if the RSA structure is shared */ - CRYPTO_EX_DATA ex_data; -#endif - CRYPTO_REF_COUNT references; - int flags; - /* Used to cache montgomery values */ - BN_MONT_CTX *_method_mod_n; - BN_MONT_CTX *_method_mod_p; - BN_MONT_CTX *_method_mod_q; - BN_BLINDING *blinding; - BN_BLINDING *mt_blinding; - CRYPTO_RWLOCK *lock; - - int dirty_cnt; -}; - -struct rsa_meth_st { - char *name; - int (*rsa_pub_enc) (int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, int padding); - int (*rsa_pub_dec) (int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, int padding); - int (*rsa_priv_enc) (int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, int padding); - int (*rsa_priv_dec) (int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, int padding); - /* Can be null */ - int (*rsa_mod_exp) (BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx); - /* Can be null */ - int (*bn_mod_exp) (BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); - /* called at new */ - int (*init) (RSA *rsa); - /* called at free */ - int (*finish) (RSA *rsa); - /* RSA_METHOD_FLAG_* things */ - int flags; - /* may be needed! */ - char *app_data; - /* - * New sign and verify functions: some libraries don't allow arbitrary - * data to be signed/verified: this allows them to be used. Note: for - * this to work the RSA_public_decrypt() and RSA_private_encrypt() should - * *NOT* be used. RSA_sign(), RSA_verify() should be used instead. - */ - int (*rsa_sign) (int type, - const unsigned char *m, unsigned int m_length, - unsigned char *sigret, unsigned int *siglen, - const RSA *rsa); - int (*rsa_verify) (int dtype, const unsigned char *m, - unsigned int m_length, const unsigned char *sigbuf, - unsigned int siglen, const RSA *rsa); - /* - * If this callback is NULL, the builtin software RSA key-gen will be - * used. This is for behavioural compatibility whilst the code gets - * rewired, but one day it would be nice to assume there are no such - * things as "builtin software" implementations. - */ - int (*rsa_keygen) (RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb); - int (*rsa_multi_prime_keygen) (RSA *rsa, int bits, int primes, - BIGNUM *e, BN_GENCB *cb); -}; - -/* Macros to test if a pkey or ctx is for a PSS key */ -#define pkey_is_pss(pkey) (pkey->ameth->pkey_id == EVP_PKEY_RSA_PSS) -#define pkey_ctx_is_pss(ctx) (ctx->pmeth->pkey_id == EVP_PKEY_RSA_PSS) - -RSA_PSS_PARAMS *ossl_rsa_pss_params_create(const EVP_MD *sigmd, - const EVP_MD *mgf1md, int saltlen); -int ossl_rsa_pss_get_param(const RSA_PSS_PARAMS *pss, const EVP_MD **pmd, - const EVP_MD **pmgf1md, int *psaltlen); -/* internal function to clear and free multi-prime parameters */ -void ossl_rsa_multip_info_free_ex(RSA_PRIME_INFO *pinfo); -void ossl_rsa_multip_info_free(RSA_PRIME_INFO *pinfo); -RSA_PRIME_INFO *ossl_rsa_multip_info_new(void); -int ossl_rsa_multip_calc_product(RSA *rsa); -int ossl_rsa_multip_cap(int bits); - -int ossl_rsa_sp800_56b_validate_strength(int nbits, int strength); -int ossl_rsa_check_pminusq_diff(BIGNUM *diff, const BIGNUM *p, const BIGNUM *q, - int nbits); -int ossl_rsa_get_lcm(BN_CTX *ctx, const BIGNUM *p, const BIGNUM *q, - BIGNUM *lcm, BIGNUM *gcd, BIGNUM *p1, BIGNUM *q1, - BIGNUM *p1q1); - -int ossl_rsa_check_public_exponent(const BIGNUM *e); -int ossl_rsa_check_private_exponent(const RSA *rsa, int nbits, BN_CTX *ctx); -int ossl_rsa_check_prime_factor(BIGNUM *p, BIGNUM *e, int nbits, BN_CTX *ctx); -int ossl_rsa_check_prime_factor_range(const BIGNUM *p, int nbits, BN_CTX *ctx); -int ossl_rsa_check_crt_components(const RSA *rsa, BN_CTX *ctx); - -int ossl_rsa_sp800_56b_pairwise_test(RSA *rsa, BN_CTX *ctx); -int ossl_rsa_sp800_56b_check_public(const RSA *rsa); -int ossl_rsa_sp800_56b_check_private(const RSA *rsa); -int ossl_rsa_sp800_56b_check_keypair(const RSA *rsa, const BIGNUM *efixed, - int strength, int nbits); -int ossl_rsa_sp800_56b_generate_key(RSA *rsa, int nbits, const BIGNUM *efixed, - BN_GENCB *cb); - -int ossl_rsa_sp800_56b_derive_params_from_pq(RSA *rsa, int nbits, - const BIGNUM *e, BN_CTX *ctx); -int ossl_rsa_fips186_4_gen_prob_primes(RSA *rsa, RSA_ACVP_TEST *test, - int nbits, const BIGNUM *e, BN_CTX *ctx, - BN_GENCB *cb); - -int ossl_rsa_padding_add_PKCS1_type_2_ex(OSSL_LIB_CTX *libctx, unsigned char *to, - int tlen, const unsigned char *from, - int flen); - -#endif /* OSSL_CRYPTO_RSA_LOCAL_H */ diff --git a/crypto/rsa/rsa_meth.c b/crypto/rsa/rsa_meth.c deleted file mode 100644 index 82f13bb35976623b464e9af48a1f8bcc43d0e0f2..0000000000000000000000000000000000000000 --- a/crypto/rsa/rsa_meth.c +++ /dev/null @@ -1,293 +0,0 @@ -/* - * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * RSA low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include -#include "rsa_local.h" -#include - -RSA_METHOD *RSA_meth_new(const char *name, int flags) -{ - RSA_METHOD *meth = OPENSSL_zalloc(sizeof(*meth)); - - if (meth != NULL) { - meth->flags = flags; - - meth->name = OPENSSL_strdup(name); - if (meth->name != NULL) - return meth; - - OPENSSL_free(meth); - } - - ERR_raise(ERR_LIB_RSA, ERR_R_MALLOC_FAILURE); - return NULL; -} - -void RSA_meth_free(RSA_METHOD *meth) -{ - if (meth != NULL) { - OPENSSL_free(meth->name); - OPENSSL_free(meth); - } -} - -RSA_METHOD *RSA_meth_dup(const RSA_METHOD *meth) -{ - RSA_METHOD *ret = OPENSSL_malloc(sizeof(*ret)); - - if (ret != NULL) { - memcpy(ret, meth, sizeof(*meth)); - - ret->name = OPENSSL_strdup(meth->name); - if (ret->name != NULL) - return ret; - - OPENSSL_free(ret); - } - - ERR_raise(ERR_LIB_RSA, ERR_R_MALLOC_FAILURE); - return NULL; -} - -const char *RSA_meth_get0_name(const RSA_METHOD *meth) -{ - return meth->name; -} - -int RSA_meth_set1_name(RSA_METHOD *meth, const char *name) -{ - char *tmpname = OPENSSL_strdup(name); - - if (tmpname == NULL) { - ERR_raise(ERR_LIB_RSA, ERR_R_MALLOC_FAILURE); - return 0; - } - - OPENSSL_free(meth->name); - meth->name = tmpname; - - return 1; -} - -int RSA_meth_get_flags(const RSA_METHOD *meth) -{ - return meth->flags; -} - -int RSA_meth_set_flags(RSA_METHOD *meth, int flags) -{ - meth->flags = flags; - return 1; -} - -void *RSA_meth_get0_app_data(const RSA_METHOD *meth) -{ - return meth->app_data; -} - -int RSA_meth_set0_app_data(RSA_METHOD *meth, void *app_data) -{ - meth->app_data = app_data; - return 1; -} - -int (*RSA_meth_get_pub_enc(const RSA_METHOD *meth)) - (int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, int padding) -{ - return meth->rsa_pub_enc; -} - -int RSA_meth_set_pub_enc(RSA_METHOD *meth, - int (*pub_enc) (int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, - int padding)) -{ - meth->rsa_pub_enc = pub_enc; - return 1; -} - -int (*RSA_meth_get_pub_dec(const RSA_METHOD *meth)) - (int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, int padding) -{ - return meth->rsa_pub_dec; -} - -int RSA_meth_set_pub_dec(RSA_METHOD *meth, - int (*pub_dec) (int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, - int padding)) -{ - meth->rsa_pub_dec = pub_dec; - return 1; -} - -int (*RSA_meth_get_priv_enc(const RSA_METHOD *meth)) - (int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, int padding) -{ - return meth->rsa_priv_enc; -} - -int RSA_meth_set_priv_enc(RSA_METHOD *meth, - int (*priv_enc) (int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, - int padding)) -{ - meth->rsa_priv_enc = priv_enc; - return 1; -} - -int (*RSA_meth_get_priv_dec(const RSA_METHOD *meth)) - (int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, int padding) -{ - return meth->rsa_priv_dec; -} - -int RSA_meth_set_priv_dec(RSA_METHOD *meth, - int (*priv_dec) (int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, - int padding)) -{ - meth->rsa_priv_dec = priv_dec; - return 1; -} - - /* Can be null */ -int (*RSA_meth_get_mod_exp(const RSA_METHOD *meth)) - (BIGNUM *r0, const BIGNUM *i, RSA *rsa, BN_CTX *ctx) -{ - return meth->rsa_mod_exp; -} - -int RSA_meth_set_mod_exp(RSA_METHOD *meth, - int (*mod_exp) (BIGNUM *r0, const BIGNUM *i, RSA *rsa, - BN_CTX *ctx)) -{ - meth->rsa_mod_exp = mod_exp; - return 1; -} - - /* Can be null */ -int (*RSA_meth_get_bn_mod_exp(const RSA_METHOD *meth)) - (BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx) -{ - return meth->bn_mod_exp; -} - -int RSA_meth_set_bn_mod_exp(RSA_METHOD *meth, - int (*bn_mod_exp) (BIGNUM *r, - const BIGNUM *a, - const BIGNUM *p, - const BIGNUM *m, - BN_CTX *ctx, - BN_MONT_CTX *m_ctx)) -{ - meth->bn_mod_exp = bn_mod_exp; - return 1; -} - - /* called at new */ -int (*RSA_meth_get_init(const RSA_METHOD *meth)) (RSA *rsa) -{ - return meth->init; -} - -int RSA_meth_set_init(RSA_METHOD *meth, int (*init) (RSA *rsa)) -{ - meth->init = init; - return 1; -} - - /* called at free */ -int (*RSA_meth_get_finish(const RSA_METHOD *meth)) (RSA *rsa) -{ - return meth->finish; -} - -int RSA_meth_set_finish(RSA_METHOD *meth, int (*finish) (RSA *rsa)) -{ - meth->finish = finish; - return 1; -} - -int (*RSA_meth_get_sign(const RSA_METHOD *meth)) - (int type, - const unsigned char *m, unsigned int m_length, - unsigned char *sigret, unsigned int *siglen, - const RSA *rsa) -{ - return meth->rsa_sign; -} - -int RSA_meth_set_sign(RSA_METHOD *meth, - int (*sign) (int type, const unsigned char *m, - unsigned int m_length, - unsigned char *sigret, unsigned int *siglen, - const RSA *rsa)) -{ - meth->rsa_sign = sign; - return 1; -} - -int (*RSA_meth_get_verify(const RSA_METHOD *meth)) - (int dtype, const unsigned char *m, - unsigned int m_length, const unsigned char *sigbuf, - unsigned int siglen, const RSA *rsa) -{ - return meth->rsa_verify; -} - -int RSA_meth_set_verify(RSA_METHOD *meth, - int (*verify) (int dtype, const unsigned char *m, - unsigned int m_length, - const unsigned char *sigbuf, - unsigned int siglen, const RSA *rsa)) -{ - meth->rsa_verify = verify; - return 1; -} - -int (*RSA_meth_get_keygen(const RSA_METHOD *meth)) - (RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb) -{ - return meth->rsa_keygen; -} - -int RSA_meth_set_keygen(RSA_METHOD *meth, - int (*keygen) (RSA *rsa, int bits, BIGNUM *e, - BN_GENCB *cb)) -{ - meth->rsa_keygen = keygen; - return 1; -} - -int (*RSA_meth_get_multi_prime_keygen(const RSA_METHOD *meth)) - (RSA *rsa, int bits, int primes, BIGNUM *e, BN_GENCB *cb) -{ - return meth->rsa_multi_prime_keygen; -} - -int RSA_meth_set_multi_prime_keygen(RSA_METHOD *meth, - int (*keygen) (RSA *rsa, int bits, - int primes, BIGNUM *e, - BN_GENCB *cb)) -{ - meth->rsa_multi_prime_keygen = keygen; - return 1; -} diff --git a/crypto/rsa/rsa_mp.c b/crypto/rsa/rsa_mp.c deleted file mode 100644 index b785344cf0d0565f48076cd734b3a7c6f6d7a7c7..0000000000000000000000000000000000000000 --- a/crypto/rsa/rsa_mp.c +++ /dev/null @@ -1,115 +0,0 @@ -/* - * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. - * Copyright 2017 BaishanCloud. All rights reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include "rsa_local.h" - -void ossl_rsa_multip_info_free_ex(RSA_PRIME_INFO *pinfo) -{ - /* free pp and pinfo only */ - BN_clear_free(pinfo->pp); - OPENSSL_free(pinfo); -} - -void ossl_rsa_multip_info_free(RSA_PRIME_INFO *pinfo) -{ - /* free a RSA_PRIME_INFO structure */ - BN_clear_free(pinfo->r); - BN_clear_free(pinfo->d); - BN_clear_free(pinfo->t); - ossl_rsa_multip_info_free_ex(pinfo); -} - -RSA_PRIME_INFO *ossl_rsa_multip_info_new(void) -{ - RSA_PRIME_INFO *pinfo; - - /* create a RSA_PRIME_INFO structure */ - if ((pinfo = OPENSSL_zalloc(sizeof(RSA_PRIME_INFO))) == NULL) { - ERR_raise(ERR_LIB_RSA, ERR_R_MALLOC_FAILURE); - return NULL; - } - if ((pinfo->r = BN_secure_new()) == NULL) - goto err; - if ((pinfo->d = BN_secure_new()) == NULL) - goto err; - if ((pinfo->t = BN_secure_new()) == NULL) - goto err; - if ((pinfo->pp = BN_secure_new()) == NULL) - goto err; - - return pinfo; - - err: - BN_free(pinfo->r); - BN_free(pinfo->d); - BN_free(pinfo->t); - BN_free(pinfo->pp); - OPENSSL_free(pinfo); - return NULL; -} - -/* Refill products of primes */ -int ossl_rsa_multip_calc_product(RSA *rsa) -{ - RSA_PRIME_INFO *pinfo; - BIGNUM *p1 = NULL, *p2 = NULL; - BN_CTX *ctx = NULL; - int i, rv = 0, ex_primes; - - if ((ex_primes = sk_RSA_PRIME_INFO_num(rsa->prime_infos)) <= 0) { - /* invalid */ - goto err; - } - - if ((ctx = BN_CTX_new()) == NULL) - goto err; - - /* calculate pinfo->pp = p * q for first 'extra' prime */ - p1 = rsa->p; - p2 = rsa->q; - - for (i = 0; i < ex_primes; i++) { - pinfo = sk_RSA_PRIME_INFO_value(rsa->prime_infos, i); - if (pinfo->pp == NULL) { - pinfo->pp = BN_secure_new(); - if (pinfo->pp == NULL) - goto err; - } - if (!BN_mul(pinfo->pp, p1, p2, ctx)) - goto err; - /* save previous one */ - p1 = pinfo->pp; - p2 = pinfo->r; - } - - rv = 1; - err: - BN_CTX_free(ctx); - return rv; -} - -int ossl_rsa_multip_cap(int bits) -{ - int cap = 5; - - if (bits < 1024) - cap = 2; - else if (bits < 4096) - cap = 3; - else if (bits < 8192) - cap = 4; - - if (cap > RSA_MAX_PRIME_NUM) - cap = RSA_MAX_PRIME_NUM; - - return cap; -} diff --git a/crypto/rsa/rsa_mp_names.c b/crypto/rsa/rsa_mp_names.c deleted file mode 100644 index 8291b79e7afd434206bfaefec3ee921376a92aa7..0000000000000000000000000000000000000000 --- a/crypto/rsa/rsa_mp_names.c +++ /dev/null @@ -1,76 +0,0 @@ -/* - * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "crypto/rsa.h" - -/* - * The following tables are constants used during RSA parameter building - * operations. It is easier to point to one of these fixed strings than have - * to dynamically add and generate the names on the fly. - */ - -/* - * A fixed table of names for the RSA prime factors starting with - * P,Q and up to 8 additional primes. - */ -const char *ossl_rsa_mp_factor_names[] = { - OSSL_PKEY_PARAM_RSA_FACTOR1, - OSSL_PKEY_PARAM_RSA_FACTOR2, -#ifndef FIPS_MODULE - OSSL_PKEY_PARAM_RSA_FACTOR3, - OSSL_PKEY_PARAM_RSA_FACTOR4, - OSSL_PKEY_PARAM_RSA_FACTOR5, - OSSL_PKEY_PARAM_RSA_FACTOR6, - OSSL_PKEY_PARAM_RSA_FACTOR7, - OSSL_PKEY_PARAM_RSA_FACTOR8, - OSSL_PKEY_PARAM_RSA_FACTOR9, - OSSL_PKEY_PARAM_RSA_FACTOR10, -#endif - NULL -}; - -/* - * A fixed table of names for the RSA exponents starting with - * DP,DQ and up to 8 additional exponents. - */ -const char *ossl_rsa_mp_exp_names[] = { - OSSL_PKEY_PARAM_RSA_EXPONENT1, - OSSL_PKEY_PARAM_RSA_EXPONENT2, -#ifndef FIPS_MODULE - OSSL_PKEY_PARAM_RSA_EXPONENT3, - OSSL_PKEY_PARAM_RSA_EXPONENT4, - OSSL_PKEY_PARAM_RSA_EXPONENT5, - OSSL_PKEY_PARAM_RSA_EXPONENT6, - OSSL_PKEY_PARAM_RSA_EXPONENT7, - OSSL_PKEY_PARAM_RSA_EXPONENT8, - OSSL_PKEY_PARAM_RSA_EXPONENT9, - OSSL_PKEY_PARAM_RSA_EXPONENT10, -#endif - NULL -}; - -/* - * A fixed table of names for the RSA coefficients starting with - * QINV and up to 8 additional exponents. - */ -const char *ossl_rsa_mp_coeff_names[] = { - OSSL_PKEY_PARAM_RSA_COEFFICIENT1, -#ifndef FIPS_MODULE - OSSL_PKEY_PARAM_RSA_COEFFICIENT2, - OSSL_PKEY_PARAM_RSA_COEFFICIENT3, - OSSL_PKEY_PARAM_RSA_COEFFICIENT4, - OSSL_PKEY_PARAM_RSA_COEFFICIENT5, - OSSL_PKEY_PARAM_RSA_COEFFICIENT6, - OSSL_PKEY_PARAM_RSA_COEFFICIENT7, - OSSL_PKEY_PARAM_RSA_COEFFICIENT8, - OSSL_PKEY_PARAM_RSA_COEFFICIENT9, -#endif - NULL -}; diff --git a/crypto/rsa/rsa_none.c b/crypto/rsa/rsa_none.c deleted file mode 100644 index df93525fc5b8e72d8bb19f4edab169c8aec11620..0000000000000000000000000000000000000000 --- a/crypto/rsa/rsa_none.c +++ /dev/null @@ -1,49 +0,0 @@ -/* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * RSA low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include "internal/cryptlib.h" -#include -#include - -int RSA_padding_add_none(unsigned char *to, int tlen, - const unsigned char *from, int flen) -{ - if (flen > tlen) { - ERR_raise(ERR_LIB_RSA, RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); - return 0; - } - - if (flen < tlen) { - ERR_raise(ERR_LIB_RSA, RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE); - return 0; - } - - memcpy(to, from, (unsigned int)flen); - return 1; -} - -int RSA_padding_check_none(unsigned char *to, int tlen, - const unsigned char *from, int flen, int num) -{ - - if (flen > tlen) { - ERR_raise(ERR_LIB_RSA, RSA_R_DATA_TOO_LARGE); - return -1; - } - - memset(to, 0, tlen - flen); - memcpy(to + tlen - flen, from, flen); - return tlen; -} diff --git a/crypto/rsa/rsa_oaep.c b/crypto/rsa/rsa_oaep.c deleted file mode 100644 index d9be1a4f98c7ba0f70bcbb3946368b64b067b0f0..0000000000000000000000000000000000000000 --- a/crypto/rsa/rsa_oaep.c +++ /dev/null @@ -1,375 +0,0 @@ -/* - * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* EME-OAEP as defined in RFC 2437 (PKCS #1 v2.0) */ - -/* - * See Victor Shoup, "OAEP reconsidered," Nov. 2000, for problems with the security - * proof for the original OAEP scheme, which EME-OAEP is based on. A new - * proof can be found in E. Fujisaki, T. Okamoto, D. Pointcheval, J. Stern, - * "RSA-OEAP is Still Alive!", Dec. 2000, . The new proof has stronger requirements - * for the underlying permutation: "partial-one-wayness" instead of - * one-wayness. For the RSA function, this is an equivalent notion. - */ - -/* - * RSA low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include "internal/constant_time.h" - -#include -#include "internal/cryptlib.h" -#include -#include -#include -#include -#include "rsa_local.h" - -int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen, - const unsigned char *from, int flen, - const unsigned char *param, int plen) -{ - return ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex(NULL, to, tlen, from, flen, - param, plen, NULL, NULL); -} - -/* - * Perform the padding as per NIST 800-56B 7.2.2.3 - * from (K) is the key material. - * param (A) is the additional input. - * Step numbers are included here but not in the constant time inverse below - * to avoid complicating an already difficult enough function. - */ -int ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex(OSSL_LIB_CTX *libctx, - unsigned char *to, int tlen, - const unsigned char *from, int flen, - const unsigned char *param, - int plen, const EVP_MD *md, - const EVP_MD *mgf1md) -{ - int rv = 0; - int i, emlen = tlen - 1; - unsigned char *db, *seed; - unsigned char *dbmask = NULL; - unsigned char seedmask[EVP_MAX_MD_SIZE]; - int mdlen, dbmask_len = 0; - - if (md == NULL) { -#ifndef FIPS_MODULE - md = EVP_sha1(); -#else - ERR_raise(ERR_LIB_RSA, ERR_R_PASSED_NULL_PARAMETER); - return 0; -#endif - } - if (mgf1md == NULL) - mgf1md = md; - - mdlen = EVP_MD_get_size(md); - if (mdlen <= 0) { - ERR_raise(ERR_LIB_RSA, RSA_R_INVALID_LENGTH); - return 0; - } - - /* step 2b: check KLen > nLen - 2 HLen - 2 */ - if (flen > emlen - 2 * mdlen - 1) { - ERR_raise(ERR_LIB_RSA, RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); - return 0; - } - - if (emlen < 2 * mdlen + 1) { - ERR_raise(ERR_LIB_RSA, RSA_R_KEY_SIZE_TOO_SMALL); - return 0; - } - - /* step 3i: EM = 00000000 || maskedMGF || maskedDB */ - to[0] = 0; - seed = to + 1; - db = to + mdlen + 1; - - /* step 3a: hash the additional input */ - if (!EVP_Digest((void *)param, plen, db, NULL, md, NULL)) - goto err; - /* step 3b: zero bytes array of length nLen - KLen - 2 HLen -2 */ - memset(db + mdlen, 0, emlen - flen - 2 * mdlen - 1); - /* step 3c: DB = HA || PS || 00000001 || K */ - db[emlen - flen - mdlen - 1] = 0x01; - memcpy(db + emlen - flen - mdlen, from, (unsigned int)flen); - /* step 3d: generate random byte string */ - if (RAND_bytes_ex(libctx, seed, mdlen, 0) <= 0) - goto err; - - dbmask_len = emlen - mdlen; - dbmask = OPENSSL_malloc(dbmask_len); - if (dbmask == NULL) { - ERR_raise(ERR_LIB_RSA, ERR_R_MALLOC_FAILURE); - goto err; - } - - /* step 3e: dbMask = MGF(mgfSeed, nLen - HLen - 1) */ - if (PKCS1_MGF1(dbmask, dbmask_len, seed, mdlen, mgf1md) < 0) - goto err; - /* step 3f: maskedDB = DB XOR dbMask */ - for (i = 0; i < dbmask_len; i++) - db[i] ^= dbmask[i]; - - /* step 3g: mgfSeed = MGF(maskedDB, HLen) */ - if (PKCS1_MGF1(seedmask, mdlen, db, dbmask_len, mgf1md) < 0) - goto err; - /* stepo 3h: maskedMGFSeed = mgfSeed XOR mgfSeedMask */ - for (i = 0; i < mdlen; i++) - seed[i] ^= seedmask[i]; - rv = 1; - - err: - OPENSSL_cleanse(seedmask, sizeof(seedmask)); - OPENSSL_clear_free(dbmask, dbmask_len); - return rv; -} - -int RSA_padding_add_PKCS1_OAEP_mgf1(unsigned char *to, int tlen, - const unsigned char *from, int flen, - const unsigned char *param, int plen, - const EVP_MD *md, const EVP_MD *mgf1md) -{ - return ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex(NULL, to, tlen, from, flen, - param, plen, md, mgf1md); -} - -int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen, - const unsigned char *from, int flen, int num, - const unsigned char *param, int plen) -{ - return RSA_padding_check_PKCS1_OAEP_mgf1(to, tlen, from, flen, num, - param, plen, NULL, NULL); -} - -int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen, - const unsigned char *from, int flen, - int num, const unsigned char *param, - int plen, const EVP_MD *md, - const EVP_MD *mgf1md) -{ - int i, dblen = 0, mlen = -1, one_index = 0, msg_index; - unsigned int good = 0, found_one_byte, mask; - const unsigned char *maskedseed, *maskeddb; - /* - * |em| is the encoded message, zero-padded to exactly |num| bytes: em = - * Y || maskedSeed || maskedDB - */ - unsigned char *db = NULL, *em = NULL, seed[EVP_MAX_MD_SIZE], - phash[EVP_MAX_MD_SIZE]; - int mdlen; - - if (md == NULL) { -#ifndef FIPS_MODULE - md = EVP_sha1(); -#else - ERR_raise(ERR_LIB_RSA, ERR_R_PASSED_NULL_PARAMETER); - return -1; -#endif - } - - if (mgf1md == NULL) - mgf1md = md; - - mdlen = EVP_MD_get_size(md); - - if (tlen <= 0 || flen <= 0) - return -1; - /* - * |num| is the length of the modulus; |flen| is the length of the - * encoded message. Therefore, for any |from| that was obtained by - * decrypting a ciphertext, we must have |flen| <= |num|. Similarly, - * |num| >= 2 * |mdlen| + 2 must hold for the modulus irrespective of - * the ciphertext, see PKCS #1 v2.2, section 7.1.2. - * This does not leak any side-channel information. - */ - if (num < flen || num < 2 * mdlen + 2) { - ERR_raise(ERR_LIB_RSA, RSA_R_OAEP_DECODING_ERROR); - return -1; - } - - dblen = num - mdlen - 1; - db = OPENSSL_malloc(dblen); - if (db == NULL) { - ERR_raise(ERR_LIB_RSA, ERR_R_MALLOC_FAILURE); - goto cleanup; - } - - em = OPENSSL_malloc(num); - if (em == NULL) { - ERR_raise(ERR_LIB_RSA, ERR_R_MALLOC_FAILURE); - goto cleanup; - } - - /* - * Caller is encouraged to pass zero-padded message created with - * BN_bn2binpad. Trouble is that since we can't read out of |from|'s - * bounds, it's impossible to have an invariant memory access pattern - * in case |from| was not zero-padded in advance. - */ - for (from += flen, em += num, i = 0; i < num; i++) { - mask = ~constant_time_is_zero(flen); - flen -= 1 & mask; - from -= 1 & mask; - *--em = *from & mask; - } - - /* - * The first byte must be zero, however we must not leak if this is - * true. See James H. Manger, "A Chosen Ciphertext Attack on RSA - * Optimal Asymmetric Encryption Padding (OAEP) [...]", CRYPTO 2001). - */ - good = constant_time_is_zero(em[0]); - - maskedseed = em + 1; - maskeddb = em + 1 + mdlen; - - if (PKCS1_MGF1(seed, mdlen, maskeddb, dblen, mgf1md)) - goto cleanup; - for (i = 0; i < mdlen; i++) - seed[i] ^= maskedseed[i]; - - if (PKCS1_MGF1(db, dblen, seed, mdlen, mgf1md)) - goto cleanup; - for (i = 0; i < dblen; i++) - db[i] ^= maskeddb[i]; - - if (!EVP_Digest((void *)param, plen, phash, NULL, md, NULL)) - goto cleanup; - - good &= constant_time_is_zero(CRYPTO_memcmp(db, phash, mdlen)); - - found_one_byte = 0; - for (i = mdlen; i < dblen; i++) { - /* - * Padding consists of a number of 0-bytes, followed by a 1. - */ - unsigned int equals1 = constant_time_eq(db[i], 1); - unsigned int equals0 = constant_time_is_zero(db[i]); - one_index = constant_time_select_int(~found_one_byte & equals1, - i, one_index); - found_one_byte |= equals1; - good &= (found_one_byte | equals0); - } - - good &= found_one_byte; - - /* - * At this point |good| is zero unless the plaintext was valid, - * so plaintext-awareness ensures timing side-channels are no longer a - * concern. - */ - msg_index = one_index + 1; - mlen = dblen - msg_index; - - /* - * For good measure, do this check in constant time as well. - */ - good &= constant_time_ge(tlen, mlen); - - /* - * Move the result in-place by |dblen|-|mdlen|-1-|mlen| bytes to the left. - * Then if |good| move |mlen| bytes from |db|+|mdlen|+1 to |to|. - * Otherwise leave |to| unchanged. - * Copy the memory back in a way that does not reveal the size of - * the data being copied via a timing side channel. This requires copying - * parts of the buffer multiple times based on the bits set in the real - * length. Clear bits do a non-copy with identical access pattern. - * The loop below has overall complexity of O(N*log(N)). - */ - tlen = constant_time_select_int(constant_time_lt(dblen - mdlen - 1, tlen), - dblen - mdlen - 1, tlen); - for (msg_index = 1; msg_index < dblen - mdlen - 1; msg_index <<= 1) { - mask = ~constant_time_eq(msg_index & (dblen - mdlen - 1 - mlen), 0); - for (i = mdlen + 1; i < dblen - msg_index; i++) - db[i] = constant_time_select_8(mask, db[i + msg_index], db[i]); - } - for (i = 0; i < tlen; i++) { - mask = good & constant_time_lt(i, mlen); - to[i] = constant_time_select_8(mask, db[i + mdlen + 1], to[i]); - } - -#ifndef FIPS_MODULE - /* - * To avoid chosen ciphertext attacks, the error message should not - * reveal which kind of decoding error happened. - * - * This trick doesn't work in the FIPS provider because libcrypto manages - * the error stack. Instead we opt not to put an error on the stack at all - * in case of padding failure in the FIPS provider. - */ - ERR_raise(ERR_LIB_RSA, RSA_R_OAEP_DECODING_ERROR); - err_clear_last_constant_time(1 & good); -#endif - cleanup: - OPENSSL_cleanse(seed, sizeof(seed)); - OPENSSL_clear_free(db, dblen); - OPENSSL_clear_free(em, num); - - return constant_time_select_int(good, mlen, -1); -} - -/* - * Mask Generation Function corresponding to section 7.2.2.2 of NIST SP 800-56B. - * The variables are named differently to NIST: - * mask (T) and len (maskLen)are the returned mask. - * seed (mgfSeed). - * The range checking steps inm the process are performed outside. - */ -int PKCS1_MGF1(unsigned char *mask, long len, - const unsigned char *seed, long seedlen, const EVP_MD *dgst) -{ - long i, outlen = 0; - unsigned char cnt[4]; - EVP_MD_CTX *c = EVP_MD_CTX_new(); - unsigned char md[EVP_MAX_MD_SIZE]; - int mdlen; - int rv = -1; - - if (c == NULL) - goto err; - mdlen = EVP_MD_get_size(dgst); - if (mdlen < 0) - goto err; - /* step 4 */ - for (i = 0; outlen < len; i++) { - /* step 4a: D = I2BS(counter, 4) */ - cnt[0] = (unsigned char)((i >> 24) & 255); - cnt[1] = (unsigned char)((i >> 16) & 255); - cnt[2] = (unsigned char)((i >> 8)) & 255; - cnt[3] = (unsigned char)(i & 255); - /* step 4b: T =T || hash(mgfSeed || D) */ - if (!EVP_DigestInit_ex(c, dgst, NULL) - || !EVP_DigestUpdate(c, seed, seedlen) - || !EVP_DigestUpdate(c, cnt, 4)) - goto err; - if (outlen + mdlen <= len) { - if (!EVP_DigestFinal_ex(c, mask + outlen, NULL)) - goto err; - outlen += mdlen; - } else { - if (!EVP_DigestFinal_ex(c, md, NULL)) - goto err; - memcpy(mask + outlen, md, len - outlen); - outlen = len; - } - } - rv = 0; - err: - OPENSSL_cleanse(md, sizeof(md)); - EVP_MD_CTX_free(c); - return rv; -} diff --git a/crypto/rsa/rsa_pk1.c b/crypto/rsa/rsa_pk1.c deleted file mode 100644 index 51507fc030a7b21d3791d95e44060930cb76ee35..0000000000000000000000000000000000000000 --- a/crypto/rsa/rsa_pk1.c +++ /dev/null @@ -1,396 +0,0 @@ -/* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * RSA low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include "internal/constant_time.h" - -#include -#include -#include -#include -/* Just for the SSL_MAX_MASTER_KEY_LENGTH value */ -#include -#include "internal/cryptlib.h" -#include "crypto/rsa.h" -#include "rsa_local.h" - -int RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen, - const unsigned char *from, int flen) -{ - int j; - unsigned char *p; - - if (flen > (tlen - RSA_PKCS1_PADDING_SIZE)) { - ERR_raise(ERR_LIB_RSA, RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); - return 0; - } - - p = (unsigned char *)to; - - *(p++) = 0; - *(p++) = 1; /* Private Key BT (Block Type) */ - - /* pad out with 0xff data */ - j = tlen - 3 - flen; - memset(p, 0xff, j); - p += j; - *(p++) = '\0'; - memcpy(p, from, (unsigned int)flen); - return 1; -} - -int RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen, - const unsigned char *from, int flen, - int num) -{ - int i, j; - const unsigned char *p; - - p = from; - - /* - * The format is - * 00 || 01 || PS || 00 || D - * PS - padding string, at least 8 bytes of FF - * D - data. - */ - - if (num < RSA_PKCS1_PADDING_SIZE) - return -1; - - /* Accept inputs with and without the leading 0-byte. */ - if (num == flen) { - if ((*p++) != 0x00) { - ERR_raise(ERR_LIB_RSA, RSA_R_INVALID_PADDING); - return -1; - } - flen--; - } - - if ((num != (flen + 1)) || (*(p++) != 0x01)) { - ERR_raise(ERR_LIB_RSA, RSA_R_BLOCK_TYPE_IS_NOT_01); - return -1; - } - - /* scan over padding data */ - j = flen - 1; /* one for type. */ - for (i = 0; i < j; i++) { - if (*p != 0xff) { /* should decrypt to 0xff */ - if (*p == 0) { - p++; - break; - } else { - ERR_raise(ERR_LIB_RSA, RSA_R_BAD_FIXED_HEADER_DECRYPT); - return -1; - } - } - p++; - } - - if (i == j) { - ERR_raise(ERR_LIB_RSA, RSA_R_NULL_BEFORE_BLOCK_MISSING); - return -1; - } - - if (i < 8) { - ERR_raise(ERR_LIB_RSA, RSA_R_BAD_PAD_BYTE_COUNT); - return -1; - } - i++; /* Skip over the '\0' */ - j -= i; - if (j > tlen) { - ERR_raise(ERR_LIB_RSA, RSA_R_DATA_TOO_LARGE); - return -1; - } - memcpy(to, p, (unsigned int)j); - - return j; -} - -int ossl_rsa_padding_add_PKCS1_type_2_ex(OSSL_LIB_CTX *libctx, unsigned char *to, - int tlen, const unsigned char *from, - int flen) -{ - int i, j; - unsigned char *p; - - if (flen > (tlen - RSA_PKCS1_PADDING_SIZE)) { - ERR_raise(ERR_LIB_RSA, RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); - return 0; - } else if (flen < 0) { - ERR_raise(ERR_LIB_RSA, RSA_R_INVALID_LENGTH); - return 0; - } - - p = (unsigned char *)to; - - *(p++) = 0; - *(p++) = 2; /* Public Key BT (Block Type) */ - - /* pad out with non-zero random data */ - j = tlen - 3 - flen; - - if (RAND_bytes_ex(libctx, p, j, 0) <= 0) - return 0; - for (i = 0; i < j; i++) { - if (*p == '\0') - do { - if (RAND_bytes_ex(libctx, p, 1, 0) <= 0) - return 0; - } while (*p == '\0'); - p++; - } - - *(p++) = '\0'; - - memcpy(p, from, (unsigned int)flen); - return 1; -} - -int RSA_padding_add_PKCS1_type_2(unsigned char *to, int tlen, - const unsigned char *from, int flen) -{ - return ossl_rsa_padding_add_PKCS1_type_2_ex(NULL, to, tlen, from, flen); -} - -int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen, - const unsigned char *from, int flen, - int num) -{ - int i; - /* |em| is the encoded message, zero-padded to exactly |num| bytes */ - unsigned char *em = NULL; - unsigned int good, found_zero_byte, mask; - int zero_index = 0, msg_index, mlen = -1; - - if (tlen <= 0 || flen <= 0) - return -1; - - /* - * PKCS#1 v1.5 decryption. See "PKCS #1 v2.2: RSA Cryptography Standard", - * section 7.2.2. - */ - - if (flen > num || num < RSA_PKCS1_PADDING_SIZE) { - ERR_raise(ERR_LIB_RSA, RSA_R_PKCS_DECODING_ERROR); - return -1; - } - - em = OPENSSL_malloc(num); - if (em == NULL) { - ERR_raise(ERR_LIB_RSA, ERR_R_MALLOC_FAILURE); - return -1; - } - /* - * Caller is encouraged to pass zero-padded message created with - * BN_bn2binpad. Trouble is that since we can't read out of |from|'s - * bounds, it's impossible to have an invariant memory access pattern - * in case |from| was not zero-padded in advance. - */ - for (from += flen, em += num, i = 0; i < num; i++) { - mask = ~constant_time_is_zero(flen); - flen -= 1 & mask; - from -= 1 & mask; - *--em = *from & mask; - } - - good = constant_time_is_zero(em[0]); - good &= constant_time_eq(em[1], 2); - - /* scan over padding data */ - found_zero_byte = 0; - for (i = 2; i < num; i++) { - unsigned int equals0 = constant_time_is_zero(em[i]); - - zero_index = constant_time_select_int(~found_zero_byte & equals0, - i, zero_index); - found_zero_byte |= equals0; - } - - /* - * PS must be at least 8 bytes long, and it starts two bytes into |em|. - * If we never found a 0-byte, then |zero_index| is 0 and the check - * also fails. - */ - good &= constant_time_ge(zero_index, 2 + 8); - - /* - * Skip the zero byte. This is incorrect if we never found a zero-byte - * but in this case we also do not copy the message out. - */ - msg_index = zero_index + 1; - mlen = num - msg_index; - - /* - * For good measure, do this check in constant time as well. - */ - good &= constant_time_ge(tlen, mlen); - - /* - * Move the result in-place by |num|-RSA_PKCS1_PADDING_SIZE-|mlen| bytes to the left. - * Then if |good| move |mlen| bytes from |em|+RSA_PKCS1_PADDING_SIZE to |to|. - * Otherwise leave |to| unchanged. - * Copy the memory back in a way that does not reveal the size of - * the data being copied via a timing side channel. This requires copying - * parts of the buffer multiple times based on the bits set in the real - * length. Clear bits do a non-copy with identical access pattern. - * The loop below has overall complexity of O(N*log(N)). - */ - tlen = constant_time_select_int(constant_time_lt(num - RSA_PKCS1_PADDING_SIZE, tlen), - num - RSA_PKCS1_PADDING_SIZE, tlen); - for (msg_index = 1; msg_index < num - RSA_PKCS1_PADDING_SIZE; msg_index <<= 1) { - mask = ~constant_time_eq(msg_index & (num - RSA_PKCS1_PADDING_SIZE - mlen), 0); - for (i = RSA_PKCS1_PADDING_SIZE; i < num - msg_index; i++) - em[i] = constant_time_select_8(mask, em[i + msg_index], em[i]); - } - for (i = 0; i < tlen; i++) { - mask = good & constant_time_lt(i, mlen); - to[i] = constant_time_select_8(mask, em[i + RSA_PKCS1_PADDING_SIZE], to[i]); - } - - OPENSSL_clear_free(em, num); -#ifndef FIPS_MODULE - /* - * This trick doesn't work in the FIPS provider because libcrypto manages - * the error stack. Instead we opt not to put an error on the stack at all - * in case of padding failure in the FIPS provider. - */ - ERR_raise(ERR_LIB_RSA, RSA_R_PKCS_DECODING_ERROR); - err_clear_last_constant_time(1 & good); -#endif - - return constant_time_select_int(good, mlen, -1); -} - -/* - * ossl_rsa_padding_check_PKCS1_type_2_TLS() checks and removes the PKCS1 type 2 - * padding from a decrypted RSA message in a TLS signature. The result is stored - * in the buffer pointed to by |to| which should be |tlen| bytes long. |tlen| - * must be at least SSL_MAX_MASTER_KEY_LENGTH. The original decrypted message - * should be stored in |from| which must be |flen| bytes in length and padded - * such that |flen == RSA_size()|. The TLS protocol version that the client - * originally requested should be passed in |client_version|. Some buggy clients - * can exist which use the negotiated version instead of the originally - * requested protocol version. If it is necessary to work around this bug then - * the negotiated protocol version can be passed in |alt_version|, otherwise 0 - * should be passed. - * - * If the passed message is publicly invalid or some other error that can be - * treated in non-constant time occurs then -1 is returned. On success the - * length of the decrypted data is returned. This will always be - * SSL_MAX_MASTER_KEY_LENGTH. If an error occurs that should be treated in - * constant time then this function will appear to return successfully, but the - * decrypted data will be randomly generated (as per - * https://tools.ietf.org/html/rfc5246#section-7.4.7.1). - */ -int ossl_rsa_padding_check_PKCS1_type_2_TLS(OSSL_LIB_CTX *libctx, - unsigned char *to, size_t tlen, - const unsigned char *from, - size_t flen, int client_version, - int alt_version) -{ - unsigned int i, good, version_good; - unsigned char rand_premaster_secret[SSL_MAX_MASTER_KEY_LENGTH]; - - /* - * If these checks fail then either the message in publicly invalid, or - * we've been called incorrectly. We can fail immediately. - */ - if (flen < RSA_PKCS1_PADDING_SIZE + SSL_MAX_MASTER_KEY_LENGTH - || tlen < SSL_MAX_MASTER_KEY_LENGTH) { - ERR_raise(ERR_LIB_RSA, RSA_R_PKCS_DECODING_ERROR); - return -1; - } - - /* - * Generate a random premaster secret to use in the event that we fail - * to decrypt. - */ - if (RAND_priv_bytes_ex(libctx, rand_premaster_secret, - sizeof(rand_premaster_secret), 0) <= 0) { - ERR_raise(ERR_LIB_RSA, ERR_R_INTERNAL_ERROR); - return -1; - } - - good = constant_time_is_zero(from[0]); - good &= constant_time_eq(from[1], 2); - - /* Check we have the expected padding data */ - for (i = 2; i < flen - SSL_MAX_MASTER_KEY_LENGTH - 1; i++) - good &= ~constant_time_is_zero_8(from[i]); - good &= constant_time_is_zero_8(from[flen - SSL_MAX_MASTER_KEY_LENGTH - 1]); - - - /* - * If the version in the decrypted pre-master secret is correct then - * version_good will be 0xff, otherwise it'll be zero. The - * Klima-Pokorny-Rosa extension of Bleichenbacher's attack - * (http://eprint.iacr.org/2003/052/) exploits the version number - * check as a "bad version oracle". Thus version checks are done in - * constant time and are treated like any other decryption error. - */ - version_good = - constant_time_eq(from[flen - SSL_MAX_MASTER_KEY_LENGTH], - (client_version >> 8) & 0xff); - version_good &= - constant_time_eq(from[flen - SSL_MAX_MASTER_KEY_LENGTH + 1], - client_version & 0xff); - - /* - * The premaster secret must contain the same version number as the - * ClientHello to detect version rollback attacks (strangely, the - * protocol does not offer such protection for DH ciphersuites). - * However, buggy clients exist that send the negotiated protocol - * version instead if the server does not support the requested - * protocol version. If SSL_OP_TLS_ROLLBACK_BUG is set then we tolerate - * such clients. In that case alt_version will be non-zero and set to - * the negotiated version. - */ - if (alt_version > 0) { - unsigned int workaround_good; - - workaround_good = - constant_time_eq(from[flen - SSL_MAX_MASTER_KEY_LENGTH], - (alt_version >> 8) & 0xff); - workaround_good &= - constant_time_eq(from[flen - SSL_MAX_MASTER_KEY_LENGTH + 1], - alt_version & 0xff); - version_good |= workaround_good; - } - - good &= version_good; - - - /* - * Now copy the result over to the to buffer if good, or random data if - * not good. - */ - for (i = 0; i < SSL_MAX_MASTER_KEY_LENGTH; i++) { - to[i] = - constant_time_select_8(good, - from[flen - SSL_MAX_MASTER_KEY_LENGTH + i], - rand_premaster_secret[i]); - } - - /* - * We must not leak whether a decryption failure occurs because of - * Bleichenbacher's attack on PKCS #1 v1.5 RSA padding (see RFC 2246, - * section 7.4.7.1). The code follows that advice of the TLS RFC and - * generates a random premaster secret for the case that the decrypt - * fails. See https://tools.ietf.org/html/rfc5246#section-7.4.7.1 - * So, whether we actually succeeded or not, return success. - */ - - return SSL_MAX_MASTER_KEY_LENGTH; -} diff --git a/crypto/rsa/rsa_pmeth.c b/crypto/rsa/rsa_pmeth.c deleted file mode 100644 index 44c819a5c3ce7a2f32e3686087665db2b945ac4f..0000000000000000000000000000000000000000 --- a/crypto/rsa/rsa_pmeth.c +++ /dev/null @@ -1,896 +0,0 @@ -/* - * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * RSA low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include "internal/constant_time.h" - -#include -#include "internal/cryptlib.h" -#include -#include -#include -#include -#include -#include -#include -#include "crypto/evp.h" -#include "crypto/rsa.h" -#include "rsa_local.h" - -/* RSA pkey context structure */ - -typedef struct { - /* Key gen parameters */ - int nbits; - BIGNUM *pub_exp; - int primes; - /* Keygen callback info */ - int gentmp[2]; - /* RSA padding mode */ - int pad_mode; - /* message digest */ - const EVP_MD *md; - /* message digest for MGF1 */ - const EVP_MD *mgf1md; - /* PSS salt length */ - int saltlen; - /* Minimum salt length or -1 if no PSS parameter restriction */ - int min_saltlen; - /* Temp buffer */ - unsigned char *tbuf; - /* OAEP label */ - unsigned char *oaep_label; - size_t oaep_labellen; -} RSA_PKEY_CTX; - -/* True if PSS parameters are restricted */ -#define rsa_pss_restricted(rctx) (rctx->min_saltlen != -1) - -static int pkey_rsa_init(EVP_PKEY_CTX *ctx) -{ - RSA_PKEY_CTX *rctx = OPENSSL_zalloc(sizeof(*rctx)); - - if (rctx == NULL) - return 0; - rctx->nbits = 2048; - rctx->primes = RSA_DEFAULT_PRIME_NUM; - if (pkey_ctx_is_pss(ctx)) - rctx->pad_mode = RSA_PKCS1_PSS_PADDING; - else - rctx->pad_mode = RSA_PKCS1_PADDING; - /* Maximum for sign, auto for verify */ - rctx->saltlen = RSA_PSS_SALTLEN_AUTO; - rctx->min_saltlen = -1; - ctx->data = rctx; - ctx->keygen_info = rctx->gentmp; - ctx->keygen_info_count = 2; - - return 1; -} - -static int pkey_rsa_copy(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src) -{ - RSA_PKEY_CTX *dctx, *sctx; - - if (!pkey_rsa_init(dst)) - return 0; - sctx = src->data; - dctx = dst->data; - dctx->nbits = sctx->nbits; - if (sctx->pub_exp) { - dctx->pub_exp = BN_dup(sctx->pub_exp); - if (!dctx->pub_exp) - return 0; - } - dctx->pad_mode = sctx->pad_mode; - dctx->md = sctx->md; - dctx->mgf1md = sctx->mgf1md; - dctx->saltlen = sctx->saltlen; - if (sctx->oaep_label) { - OPENSSL_free(dctx->oaep_label); - dctx->oaep_label = OPENSSL_memdup(sctx->oaep_label, sctx->oaep_labellen); - if (!dctx->oaep_label) - return 0; - dctx->oaep_labellen = sctx->oaep_labellen; - } - return 1; -} - -static int setup_tbuf(RSA_PKEY_CTX *ctx, EVP_PKEY_CTX *pk) -{ - if (ctx->tbuf != NULL) - return 1; - if ((ctx->tbuf = - OPENSSL_malloc(RSA_size(EVP_PKEY_get0_RSA(pk->pkey)))) == NULL) { - ERR_raise(ERR_LIB_RSA, ERR_R_MALLOC_FAILURE); - return 0; - } - return 1; -} - -static void pkey_rsa_cleanup(EVP_PKEY_CTX *ctx) -{ - RSA_PKEY_CTX *rctx = ctx->data; - if (rctx) { - BN_free(rctx->pub_exp); - OPENSSL_free(rctx->tbuf); - OPENSSL_free(rctx->oaep_label); - OPENSSL_free(rctx); - } -} - -static int pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, - size_t *siglen, const unsigned char *tbs, - size_t tbslen) -{ - int ret; - RSA_PKEY_CTX *rctx = ctx->data; - /* - * Discard const. Its marked as const because this may be a cached copy of - * the "real" key. These calls don't make any modifications that need to - * be reflected back in the "original" key. - */ - RSA *rsa = (RSA *)EVP_PKEY_get0_RSA(ctx->pkey); - - if (rctx->md) { - if (tbslen != (size_t)EVP_MD_get_size(rctx->md)) { - ERR_raise(ERR_LIB_RSA, RSA_R_INVALID_DIGEST_LENGTH); - return -1; - } - - if (EVP_MD_get_type(rctx->md) == NID_mdc2) { - unsigned int sltmp; - if (rctx->pad_mode != RSA_PKCS1_PADDING) - return -1; - ret = RSA_sign_ASN1_OCTET_STRING(0, tbs, tbslen, sig, &sltmp, rsa); - - if (ret <= 0) - return ret; - ret = sltmp; - } else if (rctx->pad_mode == RSA_X931_PADDING) { - if ((size_t)RSA_size(rsa) < tbslen + 1) { - ERR_raise(ERR_LIB_RSA, RSA_R_KEY_SIZE_TOO_SMALL); - return -1; - } - if (!setup_tbuf(rctx, ctx)) { - ERR_raise(ERR_LIB_RSA, ERR_R_MALLOC_FAILURE); - return -1; - } - memcpy(rctx->tbuf, tbs, tbslen); - rctx->tbuf[tbslen] = RSA_X931_hash_id(EVP_MD_get_type(rctx->md)); - ret = RSA_private_encrypt(tbslen + 1, rctx->tbuf, - sig, rsa, RSA_X931_PADDING); - } else if (rctx->pad_mode == RSA_PKCS1_PADDING) { - unsigned int sltmp; - ret = RSA_sign(EVP_MD_get_type(rctx->md), - tbs, tbslen, sig, &sltmp, rsa); - if (ret <= 0) - return ret; - ret = sltmp; - } else if (rctx->pad_mode == RSA_PKCS1_PSS_PADDING) { - if (!setup_tbuf(rctx, ctx)) - return -1; - if (!RSA_padding_add_PKCS1_PSS_mgf1(rsa, - rctx->tbuf, tbs, - rctx->md, rctx->mgf1md, - rctx->saltlen)) - return -1; - ret = RSA_private_encrypt(RSA_size(rsa), rctx->tbuf, - sig, rsa, RSA_NO_PADDING); - } else { - return -1; - } - } else { - ret = RSA_private_encrypt(tbslen, tbs, sig, rsa, rctx->pad_mode); - } - if (ret < 0) - return ret; - *siglen = ret; - return 1; -} - -static int pkey_rsa_verifyrecover(EVP_PKEY_CTX *ctx, - unsigned char *rout, size_t *routlen, - const unsigned char *sig, size_t siglen) -{ - int ret; - RSA_PKEY_CTX *rctx = ctx->data; - /* - * Discard const. Its marked as const because this may be a cached copy of - * the "real" key. These calls don't make any modifications that need to - * be reflected back in the "original" key. - */ - RSA *rsa = (RSA *)EVP_PKEY_get0_RSA(ctx->pkey); - - if (rctx->md) { - if (rctx->pad_mode == RSA_X931_PADDING) { - if (!setup_tbuf(rctx, ctx)) - return -1; - ret = RSA_public_decrypt(siglen, sig, rctx->tbuf, rsa, - RSA_X931_PADDING); - if (ret < 1) - return 0; - ret--; - if (rctx->tbuf[ret] != RSA_X931_hash_id(EVP_MD_get_type(rctx->md))) { - ERR_raise(ERR_LIB_RSA, RSA_R_ALGORITHM_MISMATCH); - return 0; - } - if (ret != EVP_MD_get_size(rctx->md)) { - ERR_raise(ERR_LIB_RSA, RSA_R_INVALID_DIGEST_LENGTH); - return 0; - } - if (rout) - memcpy(rout, rctx->tbuf, ret); - } else if (rctx->pad_mode == RSA_PKCS1_PADDING) { - size_t sltmp; - ret = ossl_rsa_verify(EVP_MD_get_type(rctx->md), - NULL, 0, rout, &sltmp, - sig, siglen, rsa); - if (ret <= 0) - return 0; - ret = sltmp; - } else { - return -1; - } - } else { - ret = RSA_public_decrypt(siglen, sig, rout, rsa, rctx->pad_mode); - } - if (ret < 0) - return ret; - *routlen = ret; - return 1; -} - -static int pkey_rsa_verify(EVP_PKEY_CTX *ctx, - const unsigned char *sig, size_t siglen, - const unsigned char *tbs, size_t tbslen) -{ - RSA_PKEY_CTX *rctx = ctx->data; - /* - * Discard const. Its marked as const because this may be a cached copy of - * the "real" key. These calls don't make any modifications that need to - * be reflected back in the "original" key. - */ - RSA *rsa = (RSA *)EVP_PKEY_get0_RSA(ctx->pkey); - size_t rslen; - - if (rctx->md) { - if (rctx->pad_mode == RSA_PKCS1_PADDING) - return RSA_verify(EVP_MD_get_type(rctx->md), tbs, tbslen, - sig, siglen, rsa); - if (tbslen != (size_t)EVP_MD_get_size(rctx->md)) { - ERR_raise(ERR_LIB_RSA, RSA_R_INVALID_DIGEST_LENGTH); - return -1; - } - if (rctx->pad_mode == RSA_X931_PADDING) { - if (pkey_rsa_verifyrecover(ctx, NULL, &rslen, sig, siglen) <= 0) - return 0; - } else if (rctx->pad_mode == RSA_PKCS1_PSS_PADDING) { - int ret; - if (!setup_tbuf(rctx, ctx)) - return -1; - ret = RSA_public_decrypt(siglen, sig, rctx->tbuf, - rsa, RSA_NO_PADDING); - if (ret <= 0) - return 0; - ret = RSA_verify_PKCS1_PSS_mgf1(rsa, tbs, - rctx->md, rctx->mgf1md, - rctx->tbuf, rctx->saltlen); - if (ret <= 0) - return 0; - return 1; - } else { - return -1; - } - } else { - if (!setup_tbuf(rctx, ctx)) - return -1; - rslen = RSA_public_decrypt(siglen, sig, rctx->tbuf, - rsa, rctx->pad_mode); - if (rslen == 0) - return 0; - } - - if ((rslen != tbslen) || memcmp(tbs, rctx->tbuf, rslen)) - return 0; - - return 1; - -} - -static int pkey_rsa_encrypt(EVP_PKEY_CTX *ctx, - unsigned char *out, size_t *outlen, - const unsigned char *in, size_t inlen) -{ - int ret; - RSA_PKEY_CTX *rctx = ctx->data; - /* - * Discard const. Its marked as const because this may be a cached copy of - * the "real" key. These calls don't make any modifications that need to - * be reflected back in the "original" key. - */ - RSA *rsa = (RSA *)EVP_PKEY_get0_RSA(ctx->pkey); - - if (rctx->pad_mode == RSA_PKCS1_OAEP_PADDING) { - int klen = RSA_size(rsa); - if (!setup_tbuf(rctx, ctx)) - return -1; - if (!RSA_padding_add_PKCS1_OAEP_mgf1(rctx->tbuf, klen, - in, inlen, - rctx->oaep_label, - rctx->oaep_labellen, - rctx->md, rctx->mgf1md)) - return -1; - ret = RSA_public_encrypt(klen, rctx->tbuf, out, rsa, RSA_NO_PADDING); - } else { - ret = RSA_public_encrypt(inlen, in, out, rsa, rctx->pad_mode); - } - if (ret < 0) - return ret; - *outlen = ret; - return 1; -} - -static int pkey_rsa_decrypt(EVP_PKEY_CTX *ctx, - unsigned char *out, size_t *outlen, - const unsigned char *in, size_t inlen) -{ - int ret; - RSA_PKEY_CTX *rctx = ctx->data; - /* - * Discard const. Its marked as const because this may be a cached copy of - * the "real" key. These calls don't make any modifications that need to - * be reflected back in the "original" key. - */ - RSA *rsa = (RSA *)EVP_PKEY_get0_RSA(ctx->pkey); - - if (rctx->pad_mode == RSA_PKCS1_OAEP_PADDING) { - if (!setup_tbuf(rctx, ctx)) - return -1; - ret = RSA_private_decrypt(inlen, in, rctx->tbuf, rsa, RSA_NO_PADDING); - if (ret <= 0) - return ret; - ret = RSA_padding_check_PKCS1_OAEP_mgf1(out, ret, rctx->tbuf, - ret, ret, - rctx->oaep_label, - rctx->oaep_labellen, - rctx->md, rctx->mgf1md); - } else { - ret = RSA_private_decrypt(inlen, in, out, rsa, rctx->pad_mode); - } - *outlen = constant_time_select_s(constant_time_msb_s(ret), *outlen, ret); - ret = constant_time_select_int(constant_time_msb(ret), ret, 1); - return ret; -} - -static int check_padding_md(const EVP_MD *md, int padding) -{ - int mdnid; - - if (!md) - return 1; - - mdnid = EVP_MD_get_type(md); - - if (padding == RSA_NO_PADDING) { - ERR_raise(ERR_LIB_RSA, RSA_R_INVALID_PADDING_MODE); - return 0; - } - - if (padding == RSA_X931_PADDING) { - if (RSA_X931_hash_id(mdnid) == -1) { - ERR_raise(ERR_LIB_RSA, RSA_R_INVALID_X931_DIGEST); - return 0; - } - } else { - switch(mdnid) { - /* List of all supported RSA digests */ - case NID_sha1: - case NID_sha224: - case NID_sha256: - case NID_sha384: - case NID_sha512: - case NID_sha512_224: - case NID_sha512_256: - case NID_md5: - case NID_md5_sha1: - case NID_md2: - case NID_md4: - case NID_mdc2: - case NID_ripemd160: - case NID_sha3_224: - case NID_sha3_256: - case NID_sha3_384: - case NID_sha3_512: - return 1; - - default: - ERR_raise(ERR_LIB_RSA, RSA_R_INVALID_DIGEST); - return 0; - - } - } - - return 1; -} - -static int pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) -{ - RSA_PKEY_CTX *rctx = ctx->data; - - switch (type) { - case EVP_PKEY_CTRL_RSA_PADDING: - if ((p1 >= RSA_PKCS1_PADDING) && (p1 <= RSA_PKCS1_PSS_PADDING)) { - if (!check_padding_md(rctx->md, p1)) - return 0; - if (p1 == RSA_PKCS1_PSS_PADDING) { - if (!(ctx->operation & - (EVP_PKEY_OP_SIGN | EVP_PKEY_OP_VERIFY))) - goto bad_pad; - if (!rctx->md) - rctx->md = EVP_sha1(); - } else if (pkey_ctx_is_pss(ctx)) { - goto bad_pad; - } - if (p1 == RSA_PKCS1_OAEP_PADDING) { - if (!(ctx->operation & EVP_PKEY_OP_TYPE_CRYPT)) - goto bad_pad; - if (!rctx->md) - rctx->md = EVP_sha1(); - } - rctx->pad_mode = p1; - return 1; - } - bad_pad: - ERR_raise(ERR_LIB_RSA, RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE); - return -2; - - case EVP_PKEY_CTRL_GET_RSA_PADDING: - *(int *)p2 = rctx->pad_mode; - return 1; - - case EVP_PKEY_CTRL_RSA_PSS_SALTLEN: - case EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN: - if (rctx->pad_mode != RSA_PKCS1_PSS_PADDING) { - ERR_raise(ERR_LIB_RSA, RSA_R_INVALID_PSS_SALTLEN); - return -2; - } - if (type == EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN) { - *(int *)p2 = rctx->saltlen; - } else { - if (p1 < RSA_PSS_SALTLEN_MAX) - return -2; - if (rsa_pss_restricted(rctx)) { - if (p1 == RSA_PSS_SALTLEN_AUTO - && ctx->operation == EVP_PKEY_OP_VERIFY) { - ERR_raise(ERR_LIB_RSA, RSA_R_INVALID_PSS_SALTLEN); - return -2; - } - if ((p1 == RSA_PSS_SALTLEN_DIGEST - && rctx->min_saltlen > EVP_MD_get_size(rctx->md)) - || (p1 >= 0 && p1 < rctx->min_saltlen)) { - ERR_raise(ERR_LIB_RSA, RSA_R_PSS_SALTLEN_TOO_SMALL); - return 0; - } - } - rctx->saltlen = p1; - } - return 1; - - case EVP_PKEY_CTRL_RSA_KEYGEN_BITS: - if (p1 < RSA_MIN_MODULUS_BITS) { - ERR_raise(ERR_LIB_RSA, RSA_R_KEY_SIZE_TOO_SMALL); - return -2; - } - rctx->nbits = p1; - return 1; - - case EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP: - if (p2 == NULL || !BN_is_odd((BIGNUM *)p2) || BN_is_one((BIGNUM *)p2)) { - ERR_raise(ERR_LIB_RSA, RSA_R_BAD_E_VALUE); - return -2; - } - BN_free(rctx->pub_exp); - rctx->pub_exp = p2; - return 1; - - case EVP_PKEY_CTRL_RSA_KEYGEN_PRIMES: - if (p1 < RSA_DEFAULT_PRIME_NUM || p1 > RSA_MAX_PRIME_NUM) { - ERR_raise(ERR_LIB_RSA, RSA_R_KEY_PRIME_NUM_INVALID); - return -2; - } - rctx->primes = p1; - return 1; - - case EVP_PKEY_CTRL_RSA_OAEP_MD: - case EVP_PKEY_CTRL_GET_RSA_OAEP_MD: - if (rctx->pad_mode != RSA_PKCS1_OAEP_PADDING) { - ERR_raise(ERR_LIB_RSA, RSA_R_INVALID_PADDING_MODE); - return -2; - } - if (type == EVP_PKEY_CTRL_GET_RSA_OAEP_MD) - *(const EVP_MD **)p2 = rctx->md; - else - rctx->md = p2; - return 1; - - case EVP_PKEY_CTRL_MD: - if (!check_padding_md(p2, rctx->pad_mode)) - return 0; - if (rsa_pss_restricted(rctx)) { - if (EVP_MD_get_type(rctx->md) == EVP_MD_get_type(p2)) - return 1; - ERR_raise(ERR_LIB_RSA, RSA_R_DIGEST_NOT_ALLOWED); - return 0; - } - rctx->md = p2; - return 1; - - case EVP_PKEY_CTRL_GET_MD: - *(const EVP_MD **)p2 = rctx->md; - return 1; - - case EVP_PKEY_CTRL_RSA_MGF1_MD: - case EVP_PKEY_CTRL_GET_RSA_MGF1_MD: - if (rctx->pad_mode != RSA_PKCS1_PSS_PADDING - && rctx->pad_mode != RSA_PKCS1_OAEP_PADDING) { - ERR_raise(ERR_LIB_RSA, RSA_R_INVALID_MGF1_MD); - return -2; - } - if (type == EVP_PKEY_CTRL_GET_RSA_MGF1_MD) { - if (rctx->mgf1md) - *(const EVP_MD **)p2 = rctx->mgf1md; - else - *(const EVP_MD **)p2 = rctx->md; - } else { - if (rsa_pss_restricted(rctx)) { - if (EVP_MD_get_type(rctx->mgf1md) == EVP_MD_get_type(p2)) - return 1; - ERR_raise(ERR_LIB_RSA, RSA_R_MGF1_DIGEST_NOT_ALLOWED); - return 0; - } - rctx->mgf1md = p2; - } - return 1; - - case EVP_PKEY_CTRL_RSA_OAEP_LABEL: - if (rctx->pad_mode != RSA_PKCS1_OAEP_PADDING) { - ERR_raise(ERR_LIB_RSA, RSA_R_INVALID_PADDING_MODE); - return -2; - } - OPENSSL_free(rctx->oaep_label); - if (p2 && p1 > 0) { - rctx->oaep_label = p2; - rctx->oaep_labellen = p1; - } else { - rctx->oaep_label = NULL; - rctx->oaep_labellen = 0; - } - return 1; - - case EVP_PKEY_CTRL_GET_RSA_OAEP_LABEL: - if (rctx->pad_mode != RSA_PKCS1_OAEP_PADDING) { - ERR_raise(ERR_LIB_RSA, RSA_R_INVALID_PADDING_MODE); - return -2; - } - *(unsigned char **)p2 = rctx->oaep_label; - return rctx->oaep_labellen; - - case EVP_PKEY_CTRL_DIGESTINIT: - case EVP_PKEY_CTRL_PKCS7_SIGN: -#ifndef OPENSSL_NO_CMS - case EVP_PKEY_CTRL_CMS_SIGN: -#endif - return 1; - - case EVP_PKEY_CTRL_PKCS7_ENCRYPT: - case EVP_PKEY_CTRL_PKCS7_DECRYPT: -#ifndef OPENSSL_NO_CMS - case EVP_PKEY_CTRL_CMS_DECRYPT: - case EVP_PKEY_CTRL_CMS_ENCRYPT: -#endif - if (!pkey_ctx_is_pss(ctx)) - return 1; - /* fall through */ - case EVP_PKEY_CTRL_PEER_KEY: - ERR_raise(ERR_LIB_RSA, RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); - return -2; - - default: - return -2; - - } -} - -static int pkey_rsa_ctrl_str(EVP_PKEY_CTX *ctx, - const char *type, const char *value) -{ - if (value == NULL) { - ERR_raise(ERR_LIB_RSA, RSA_R_VALUE_MISSING); - return 0; - } - if (strcmp(type, "rsa_padding_mode") == 0) { - int pm; - - if (strcmp(value, "pkcs1") == 0) { - pm = RSA_PKCS1_PADDING; - } else if (strcmp(value, "none") == 0) { - pm = RSA_NO_PADDING; - } else if (strcmp(value, "oeap") == 0) { - pm = RSA_PKCS1_OAEP_PADDING; - } else if (strcmp(value, "oaep") == 0) { - pm = RSA_PKCS1_OAEP_PADDING; - } else if (strcmp(value, "x931") == 0) { - pm = RSA_X931_PADDING; - } else if (strcmp(value, "pss") == 0) { - pm = RSA_PKCS1_PSS_PADDING; - } else { - ERR_raise(ERR_LIB_RSA, RSA_R_UNKNOWN_PADDING_TYPE); - return -2; - } - return EVP_PKEY_CTX_set_rsa_padding(ctx, pm); - } - - if (strcmp(type, "rsa_pss_saltlen") == 0) { - int saltlen; - - if (!strcmp(value, "digest")) - saltlen = RSA_PSS_SALTLEN_DIGEST; - else if (!strcmp(value, "max")) - saltlen = RSA_PSS_SALTLEN_MAX; - else if (!strcmp(value, "auto")) - saltlen = RSA_PSS_SALTLEN_AUTO; - else - saltlen = atoi(value); - return EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx, saltlen); - } - - if (strcmp(type, "rsa_keygen_bits") == 0) { - int nbits = atoi(value); - - return EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, nbits); - } - - if (strcmp(type, "rsa_keygen_pubexp") == 0) { - int ret; - - BIGNUM *pubexp = NULL; - if (!BN_asc2bn(&pubexp, value)) - return 0; - ret = EVP_PKEY_CTX_set1_rsa_keygen_pubexp(ctx, pubexp); - BN_free(pubexp); - return ret; - } - - if (strcmp(type, "rsa_keygen_primes") == 0) { - int nprimes = atoi(value); - - return EVP_PKEY_CTX_set_rsa_keygen_primes(ctx, nprimes); - } - - if (strcmp(type, "rsa_mgf1_md") == 0) - return EVP_PKEY_CTX_md(ctx, - EVP_PKEY_OP_TYPE_SIG | EVP_PKEY_OP_TYPE_CRYPT, - EVP_PKEY_CTRL_RSA_MGF1_MD, value); - - if (pkey_ctx_is_pss(ctx)) { - - if (strcmp(type, "rsa_pss_keygen_mgf1_md") == 0) - return EVP_PKEY_CTX_md(ctx, EVP_PKEY_OP_KEYGEN, - EVP_PKEY_CTRL_RSA_MGF1_MD, value); - - if (strcmp(type, "rsa_pss_keygen_md") == 0) - return EVP_PKEY_CTX_md(ctx, EVP_PKEY_OP_KEYGEN, - EVP_PKEY_CTRL_MD, value); - - if (strcmp(type, "rsa_pss_keygen_saltlen") == 0) { - int saltlen = atoi(value); - - return EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen(ctx, saltlen); - } - } - - if (strcmp(type, "rsa_oaep_md") == 0) - return EVP_PKEY_CTX_md(ctx, EVP_PKEY_OP_TYPE_CRYPT, - EVP_PKEY_CTRL_RSA_OAEP_MD, value); - - if (strcmp(type, "rsa_oaep_label") == 0) { - unsigned char *lab; - long lablen; - int ret; - - lab = OPENSSL_hexstr2buf(value, &lablen); - if (!lab) - return 0; - ret = EVP_PKEY_CTX_set0_rsa_oaep_label(ctx, lab, lablen); - if (ret <= 0) - OPENSSL_free(lab); - return ret; - } - - return -2; -} - -/* Set PSS parameters when generating a key, if necessary */ -static int rsa_set_pss_param(RSA *rsa, EVP_PKEY_CTX *ctx) -{ - RSA_PKEY_CTX *rctx = ctx->data; - - if (!pkey_ctx_is_pss(ctx)) - return 1; - /* If all parameters are default values don't set pss */ - if (rctx->md == NULL && rctx->mgf1md == NULL && rctx->saltlen == -2) - return 1; - rsa->pss = ossl_rsa_pss_params_create(rctx->md, rctx->mgf1md, - rctx->saltlen == -2 - ? 0 : rctx->saltlen); - if (rsa->pss == NULL) - return 0; - return 1; -} - -static int pkey_rsa_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) -{ - RSA *rsa = NULL; - RSA_PKEY_CTX *rctx = ctx->data; - BN_GENCB *pcb; - int ret; - - if (rctx->pub_exp == NULL) { - rctx->pub_exp = BN_new(); - if (rctx->pub_exp == NULL || !BN_set_word(rctx->pub_exp, RSA_F4)) - return 0; - } - rsa = RSA_new(); - if (rsa == NULL) - return 0; - if (ctx->pkey_gencb) { - pcb = BN_GENCB_new(); - if (pcb == NULL) { - RSA_free(rsa); - return 0; - } - evp_pkey_set_cb_translate(pcb, ctx); - } else { - pcb = NULL; - } - ret = RSA_generate_multi_prime_key(rsa, rctx->nbits, rctx->primes, - rctx->pub_exp, pcb); - BN_GENCB_free(pcb); - if (ret > 0 && !rsa_set_pss_param(rsa, ctx)) { - RSA_free(rsa); - return 0; - } - if (ret > 0) - EVP_PKEY_assign(pkey, ctx->pmeth->pkey_id, rsa); - else - RSA_free(rsa); - return ret; -} - -static const EVP_PKEY_METHOD rsa_pkey_meth = { - EVP_PKEY_RSA, - EVP_PKEY_FLAG_AUTOARGLEN, - pkey_rsa_init, - pkey_rsa_copy, - pkey_rsa_cleanup, - - 0, 0, - - 0, - pkey_rsa_keygen, - - 0, - pkey_rsa_sign, - - 0, - pkey_rsa_verify, - - 0, - pkey_rsa_verifyrecover, - - 0, 0, 0, 0, - - 0, - pkey_rsa_encrypt, - - 0, - pkey_rsa_decrypt, - - 0, 0, - - pkey_rsa_ctrl, - pkey_rsa_ctrl_str -}; - -const EVP_PKEY_METHOD *ossl_rsa_pkey_method(void) -{ - return &rsa_pkey_meth; -} - -/* - * Called for PSS sign or verify initialisation: checks PSS parameter - * sanity and sets any restrictions on key usage. - */ - -static int pkey_pss_init(EVP_PKEY_CTX *ctx) -{ - const RSA *rsa; - RSA_PKEY_CTX *rctx = ctx->data; - const EVP_MD *md; - const EVP_MD *mgf1md; - int min_saltlen, max_saltlen; - - /* Should never happen */ - if (!pkey_ctx_is_pss(ctx)) - return 0; - rsa = EVP_PKEY_get0_RSA(ctx->pkey); - /* If no restrictions just return */ - if (rsa->pss == NULL) - return 1; - /* Get and check parameters */ - if (!ossl_rsa_pss_get_param(rsa->pss, &md, &mgf1md, &min_saltlen)) - return 0; - - /* See if minimum salt length exceeds maximum possible */ - max_saltlen = RSA_size(rsa) - EVP_MD_get_size(md); - if ((RSA_bits(rsa) & 0x7) == 1) - max_saltlen--; - if (min_saltlen > max_saltlen) { - ERR_raise(ERR_LIB_RSA, RSA_R_INVALID_SALT_LENGTH); - return 0; - } - - rctx->min_saltlen = min_saltlen; - - /* - * Set PSS restrictions as defaults: we can then block any attempt to - * use invalid values in pkey_rsa_ctrl - */ - - rctx->md = md; - rctx->mgf1md = mgf1md; - rctx->saltlen = min_saltlen; - - return 1; -} - -static const EVP_PKEY_METHOD rsa_pss_pkey_meth = { - EVP_PKEY_RSA_PSS, - EVP_PKEY_FLAG_AUTOARGLEN, - pkey_rsa_init, - pkey_rsa_copy, - pkey_rsa_cleanup, - - 0, 0, - - 0, - pkey_rsa_keygen, - - pkey_pss_init, - pkey_rsa_sign, - - pkey_pss_init, - pkey_rsa_verify, - - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - - pkey_rsa_ctrl, - pkey_rsa_ctrl_str -}; - -const EVP_PKEY_METHOD *ossl_rsa_pss_pkey_method(void) -{ - return &rsa_pss_pkey_meth; -} diff --git a/crypto/rsa/rsa_prn.c b/crypto/rsa/rsa_prn.c deleted file mode 100644 index 3a9892ebdd4afa69d0134c5d199214c861735c30..0000000000000000000000000000000000000000 --- a/crypto/rsa/rsa_prn.c +++ /dev/null @@ -1,50 +0,0 @@ -/* - * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * RSA low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include -#include "internal/cryptlib.h" -#include -#include - -#ifndef OPENSSL_NO_STDIO -int RSA_print_fp(FILE *fp, const RSA *x, int off) -{ - BIO *b; - int ret; - - if ((b = BIO_new(BIO_s_file())) == NULL) { - ERR_raise(ERR_LIB_RSA, ERR_R_BUF_LIB); - return 0; - } - BIO_set_fp(b, fp, BIO_NOCLOSE); - ret = RSA_print(b, x, off); - BIO_free(b); - return ret; -} -#endif - -int RSA_print(BIO *bp, const RSA *x, int off) -{ - EVP_PKEY *pk; - int ret; - pk = EVP_PKEY_new(); - if (pk == NULL) - return 0; - ret = EVP_PKEY_set1_RSA(pk, (RSA *)x); - if (ret) - ret = EVP_PKEY_print_private(bp, pk, off, NULL); - EVP_PKEY_free(pk); - return ret; -} diff --git a/crypto/rsa/rsa_pss.c b/crypto/rsa/rsa_pss.c deleted file mode 100644 index 33874bfef8a22f1ee0459a6ada919788ea70c3c4..0000000000000000000000000000000000000000 --- a/crypto/rsa/rsa_pss.c +++ /dev/null @@ -1,396 +0,0 @@ -/* - * Copyright 2005-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * RSA low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include -#include "internal/cryptlib.h" -#include -#include -#include -#include -#include -#include "rsa_local.h" - -static const unsigned char zeroes[] = { 0, 0, 0, 0, 0, 0, 0, 0 }; - -#if defined(_MSC_VER) && defined(_ARM_) -# pragma optimize("g", off) -#endif - -int RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash, - const EVP_MD *Hash, const unsigned char *EM, - int sLen) -{ - return RSA_verify_PKCS1_PSS_mgf1(rsa, mHash, Hash, NULL, EM, sLen); -} - -int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash, - const EVP_MD *Hash, const EVP_MD *mgf1Hash, - const unsigned char *EM, int sLen) -{ - int i; - int ret = 0; - int hLen, maskedDBLen, MSBits, emLen; - const unsigned char *H; - unsigned char *DB = NULL; - EVP_MD_CTX *ctx = EVP_MD_CTX_new(); - unsigned char H_[EVP_MAX_MD_SIZE]; - - if (ctx == NULL) - goto err; - - if (mgf1Hash == NULL) - mgf1Hash = Hash; - - hLen = EVP_MD_get_size(Hash); - if (hLen < 0) - goto err; - /*- - * Negative sLen has special meanings: - * -1 sLen == hLen - * -2 salt length is autorecovered from signature - * -3 salt length is maximized - * -N reserved - */ - if (sLen == RSA_PSS_SALTLEN_DIGEST) { - sLen = hLen; - } else if (sLen < RSA_PSS_SALTLEN_MAX) { - ERR_raise(ERR_LIB_RSA, RSA_R_SLEN_CHECK_FAILED); - goto err; - } - - MSBits = (BN_num_bits(rsa->n) - 1) & 0x7; - emLen = RSA_size(rsa); - if (EM[0] & (0xFF << MSBits)) { - ERR_raise(ERR_LIB_RSA, RSA_R_FIRST_OCTET_INVALID); - goto err; - } - if (MSBits == 0) { - EM++; - emLen--; - } - if (emLen < hLen + 2) { - ERR_raise(ERR_LIB_RSA, RSA_R_DATA_TOO_LARGE); - goto err; - } - if (sLen == RSA_PSS_SALTLEN_MAX) { - sLen = emLen - hLen - 2; - } else if (sLen > emLen - hLen - 2) { /* sLen can be small negative */ - ERR_raise(ERR_LIB_RSA, RSA_R_DATA_TOO_LARGE); - goto err; - } - if (EM[emLen - 1] != 0xbc) { - ERR_raise(ERR_LIB_RSA, RSA_R_LAST_OCTET_INVALID); - goto err; - } - maskedDBLen = emLen - hLen - 1; - H = EM + maskedDBLen; - DB = OPENSSL_malloc(maskedDBLen); - if (DB == NULL) { - ERR_raise(ERR_LIB_RSA, ERR_R_MALLOC_FAILURE); - goto err; - } - if (PKCS1_MGF1(DB, maskedDBLen, H, hLen, mgf1Hash) < 0) - goto err; - for (i = 0; i < maskedDBLen; i++) - DB[i] ^= EM[i]; - if (MSBits) - DB[0] &= 0xFF >> (8 - MSBits); - for (i = 0; DB[i] == 0 && i < (maskedDBLen - 1); i++) ; - if (DB[i++] != 0x1) { - ERR_raise(ERR_LIB_RSA, RSA_R_SLEN_RECOVERY_FAILED); - goto err; - } - if (sLen != RSA_PSS_SALTLEN_AUTO && (maskedDBLen - i) != sLen) { - ERR_raise_data(ERR_LIB_RSA, RSA_R_SLEN_CHECK_FAILED, - "expected: %d retrieved: %d", sLen, - maskedDBLen - i); - goto err; - } - if (!EVP_DigestInit_ex(ctx, Hash, NULL) - || !EVP_DigestUpdate(ctx, zeroes, sizeof(zeroes)) - || !EVP_DigestUpdate(ctx, mHash, hLen)) - goto err; - if (maskedDBLen - i) { - if (!EVP_DigestUpdate(ctx, DB + i, maskedDBLen - i)) - goto err; - } - if (!EVP_DigestFinal_ex(ctx, H_, NULL)) - goto err; - if (memcmp(H_, H, hLen)) { - ERR_raise(ERR_LIB_RSA, RSA_R_BAD_SIGNATURE); - ret = 0; - } else { - ret = 1; - } - - err: - OPENSSL_free(DB); - EVP_MD_CTX_free(ctx); - - return ret; - -} - -int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM, - const unsigned char *mHash, - const EVP_MD *Hash, int sLen) -{ - return RSA_padding_add_PKCS1_PSS_mgf1(rsa, EM, mHash, Hash, NULL, sLen); -} - -int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM, - const unsigned char *mHash, - const EVP_MD *Hash, const EVP_MD *mgf1Hash, - int sLen) -{ - int i; - int ret = 0; - int hLen, maskedDBLen, MSBits, emLen; - unsigned char *H, *salt = NULL, *p; - EVP_MD_CTX *ctx = NULL; - - if (mgf1Hash == NULL) - mgf1Hash = Hash; - - hLen = EVP_MD_get_size(Hash); - if (hLen < 0) - goto err; - /*- - * Negative sLen has special meanings: - * -1 sLen == hLen - * -2 salt length is maximized - * -3 same as above (on signing) - * -N reserved - */ - if (sLen == RSA_PSS_SALTLEN_DIGEST) { - sLen = hLen; - } else if (sLen == RSA_PSS_SALTLEN_MAX_SIGN) { - sLen = RSA_PSS_SALTLEN_MAX; - } else if (sLen < RSA_PSS_SALTLEN_MAX) { - ERR_raise(ERR_LIB_RSA, RSA_R_SLEN_CHECK_FAILED); - goto err; - } - - MSBits = (BN_num_bits(rsa->n) - 1) & 0x7; - emLen = RSA_size(rsa); - if (MSBits == 0) { - *EM++ = 0; - emLen--; - } - if (emLen < hLen + 2) { - ERR_raise(ERR_LIB_RSA, RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); - goto err; - } - if (sLen == RSA_PSS_SALTLEN_MAX) { - sLen = emLen - hLen - 2; - } else if (sLen > emLen - hLen - 2) { - ERR_raise(ERR_LIB_RSA, RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); - goto err; - } - if (sLen > 0) { - salt = OPENSSL_malloc(sLen); - if (salt == NULL) { - ERR_raise(ERR_LIB_RSA, ERR_R_MALLOC_FAILURE); - goto err; - } - if (RAND_bytes_ex(rsa->libctx, salt, sLen, 0) <= 0) - goto err; - } - maskedDBLen = emLen - hLen - 1; - H = EM + maskedDBLen; - ctx = EVP_MD_CTX_new(); - if (ctx == NULL) - goto err; - if (!EVP_DigestInit_ex(ctx, Hash, NULL) - || !EVP_DigestUpdate(ctx, zeroes, sizeof(zeroes)) - || !EVP_DigestUpdate(ctx, mHash, hLen)) - goto err; - if (sLen && !EVP_DigestUpdate(ctx, salt, sLen)) - goto err; - if (!EVP_DigestFinal_ex(ctx, H, NULL)) - goto err; - - /* Generate dbMask in place then perform XOR on it */ - if (PKCS1_MGF1(EM, maskedDBLen, H, hLen, mgf1Hash)) - goto err; - - p = EM; - - /* - * Initial PS XORs with all zeroes which is a NOP so just update pointer. - * Note from a test above this value is guaranteed to be non-negative. - */ - p += emLen - sLen - hLen - 2; - *p++ ^= 0x1; - if (sLen > 0) { - for (i = 0; i < sLen; i++) - *p++ ^= salt[i]; - } - if (MSBits) - EM[0] &= 0xFF >> (8 - MSBits); - - /* H is already in place so just set final 0xbc */ - - EM[emLen - 1] = 0xbc; - - ret = 1; - - err: - EVP_MD_CTX_free(ctx); - OPENSSL_clear_free(salt, (size_t)sLen); /* salt != NULL implies sLen > 0 */ - - return ret; - -} - -/* - * The defaults for PSS restrictions are defined in RFC 8017, A.2.3 RSASSA-PSS - * (https://tools.ietf.org/html/rfc8017#appendix-A.2.3): - * - * If the default values of the hashAlgorithm, maskGenAlgorithm, and - * trailerField fields of RSASSA-PSS-params are used, then the algorithm - * identifier will have the following value: - * - * rSASSA-PSS-Default-Identifier RSASSA-AlgorithmIdentifier ::= { - * algorithm id-RSASSA-PSS, - * parameters RSASSA-PSS-params : { - * hashAlgorithm sha1, - * maskGenAlgorithm mgf1SHA1, - * saltLength 20, - * trailerField trailerFieldBC - * } - * } - * - * RSASSA-AlgorithmIdentifier ::= AlgorithmIdentifier { - * {PKCS1Algorithms} - * } - */ -static const RSA_PSS_PARAMS_30 default_RSASSA_PSS_params = { - NID_sha1, /* default hashAlgorithm */ - { - NID_mgf1, /* default maskGenAlgorithm */ - NID_sha1 /* default MGF1 hash */ - }, - 20, /* default saltLength */ - 1 /* default trailerField (0xBC) */ -}; - -int ossl_rsa_pss_params_30_set_defaults(RSA_PSS_PARAMS_30 *rsa_pss_params) -{ - if (rsa_pss_params == NULL) - return 0; - *rsa_pss_params = default_RSASSA_PSS_params; - return 1; -} - -int ossl_rsa_pss_params_30_is_unrestricted(const RSA_PSS_PARAMS_30 *rsa_pss_params) -{ - static RSA_PSS_PARAMS_30 pss_params_cmp = { 0, }; - - return rsa_pss_params == NULL - || memcmp(rsa_pss_params, &pss_params_cmp, - sizeof(*rsa_pss_params)) == 0; -} - -int ossl_rsa_pss_params_30_copy(RSA_PSS_PARAMS_30 *to, - const RSA_PSS_PARAMS_30 *from) -{ - memcpy(to, from, sizeof(*to)); - return 1; -} - -int ossl_rsa_pss_params_30_set_hashalg(RSA_PSS_PARAMS_30 *rsa_pss_params, - int hashalg_nid) -{ - if (rsa_pss_params == NULL) - return 0; - rsa_pss_params->hash_algorithm_nid = hashalg_nid; - return 1; -} - -int ossl_rsa_pss_params_30_set_maskgenalg(RSA_PSS_PARAMS_30 *rsa_pss_params, - int maskgenalg_nid) -{ - if (rsa_pss_params == NULL) - return 0; - rsa_pss_params->mask_gen.algorithm_nid = maskgenalg_nid; - return 1; -} - -int ossl_rsa_pss_params_30_set_maskgenhashalg(RSA_PSS_PARAMS_30 *rsa_pss_params, - int maskgenhashalg_nid) -{ - if (rsa_pss_params == NULL) - return 0; - rsa_pss_params->mask_gen.hash_algorithm_nid = maskgenhashalg_nid; - return 1; -} - -int ossl_rsa_pss_params_30_set_saltlen(RSA_PSS_PARAMS_30 *rsa_pss_params, - int saltlen) -{ - if (rsa_pss_params == NULL) - return 0; - rsa_pss_params->salt_len = saltlen; - return 1; -} - -int ossl_rsa_pss_params_30_set_trailerfield(RSA_PSS_PARAMS_30 *rsa_pss_params, - int trailerfield) -{ - if (rsa_pss_params == NULL) - return 0; - rsa_pss_params->trailer_field = trailerfield; - return 1; -} - -int ossl_rsa_pss_params_30_hashalg(const RSA_PSS_PARAMS_30 *rsa_pss_params) -{ - if (rsa_pss_params == NULL) - return default_RSASSA_PSS_params.hash_algorithm_nid; - return rsa_pss_params->hash_algorithm_nid; -} - -int ossl_rsa_pss_params_30_maskgenalg(const RSA_PSS_PARAMS_30 *rsa_pss_params) -{ - if (rsa_pss_params == NULL) - return default_RSASSA_PSS_params.mask_gen.algorithm_nid; - return rsa_pss_params->mask_gen.algorithm_nid; -} - -int ossl_rsa_pss_params_30_maskgenhashalg(const RSA_PSS_PARAMS_30 *rsa_pss_params) -{ - if (rsa_pss_params == NULL) - return default_RSASSA_PSS_params.hash_algorithm_nid; - return rsa_pss_params->mask_gen.hash_algorithm_nid; -} - -int ossl_rsa_pss_params_30_saltlen(const RSA_PSS_PARAMS_30 *rsa_pss_params) -{ - if (rsa_pss_params == NULL) - return default_RSASSA_PSS_params.salt_len; - return rsa_pss_params->salt_len; -} - -int ossl_rsa_pss_params_30_trailerfield(const RSA_PSS_PARAMS_30 *rsa_pss_params) -{ - if (rsa_pss_params == NULL) - return default_RSASSA_PSS_params.trailer_field; - return rsa_pss_params->trailer_field; -} - -#if defined(_MSC_VER) -# pragma optimize("",on) -#endif diff --git a/crypto/rsa/rsa_saos.c b/crypto/rsa/rsa_saos.c deleted file mode 100644 index 58fa50785bd506b560d67dbd2d9e50745a2743f8..0000000000000000000000000000000000000000 --- a/crypto/rsa/rsa_saos.c +++ /dev/null @@ -1,99 +0,0 @@ -/* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * RSA low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include -#include "internal/cryptlib.h" -#include -#include -#include -#include - -int RSA_sign_ASN1_OCTET_STRING(int type, - const unsigned char *m, unsigned int m_len, - unsigned char *sigret, unsigned int *siglen, - RSA *rsa) -{ - ASN1_OCTET_STRING sig; - int i, j, ret = 1; - unsigned char *p, *s; - - sig.type = V_ASN1_OCTET_STRING; - sig.length = m_len; - sig.data = (unsigned char *)m; - - i = i2d_ASN1_OCTET_STRING(&sig, NULL); - j = RSA_size(rsa); - if (i > (j - RSA_PKCS1_PADDING_SIZE)) { - ERR_raise(ERR_LIB_RSA, RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY); - return 0; - } - s = OPENSSL_malloc((unsigned int)j + 1); - if (s == NULL) { - ERR_raise(ERR_LIB_RSA, ERR_R_MALLOC_FAILURE); - return 0; - } - p = s; - i2d_ASN1_OCTET_STRING(&sig, &p); - i = RSA_private_encrypt(i, s, sigret, rsa, RSA_PKCS1_PADDING); - if (i <= 0) - ret = 0; - else - *siglen = i; - - OPENSSL_clear_free(s, (unsigned int)j + 1); - return ret; -} - -int RSA_verify_ASN1_OCTET_STRING(int dtype, - const unsigned char *m, - unsigned int m_len, unsigned char *sigbuf, - unsigned int siglen, RSA *rsa) -{ - int i, ret = 0; - unsigned char *s; - const unsigned char *p; - ASN1_OCTET_STRING *sig = NULL; - - if (siglen != (unsigned int)RSA_size(rsa)) { - ERR_raise(ERR_LIB_RSA, RSA_R_WRONG_SIGNATURE_LENGTH); - return 0; - } - - s = OPENSSL_malloc((unsigned int)siglen); - if (s == NULL) { - ERR_raise(ERR_LIB_RSA, ERR_R_MALLOC_FAILURE); - goto err; - } - i = RSA_public_decrypt((int)siglen, sigbuf, s, rsa, RSA_PKCS1_PADDING); - - if (i <= 0) - goto err; - - p = s; - sig = d2i_ASN1_OCTET_STRING(NULL, &p, (long)i); - if (sig == NULL) - goto err; - - if (((unsigned int)sig->length != m_len) || - (memcmp(m, sig->data, m_len) != 0)) { - ERR_raise(ERR_LIB_RSA, RSA_R_BAD_SIGNATURE); - } else { - ret = 1; - } - err: - ASN1_OCTET_STRING_free(sig); - OPENSSL_clear_free(s, (unsigned int)siglen); - return ret; -} diff --git a/crypto/rsa/rsa_schemes.c b/crypto/rsa/rsa_schemes.c deleted file mode 100644 index 98ab13956dbbbda629b9c99acbe9d3e9b2644452..0000000000000000000000000000000000000000 --- a/crypto/rsa/rsa_schemes.c +++ /dev/null @@ -1,86 +0,0 @@ -/* - * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include -#include "internal/nelem.h" -#include "crypto/rsa.h" - -static int meth2nid(const void *meth, - int (*meth_is_a)(const void *meth, const char *name), - const OSSL_ITEM *items, size_t items_n) -{ - size_t i; - - if (meth != NULL) - for (i = 0; i < items_n; i++) - if (meth_is_a(meth, items[i].ptr)) - return (int)items[i].id; - return NID_undef; -} - -static const char *nid2name(int meth, const OSSL_ITEM *items, size_t items_n) -{ - size_t i; - - for (i = 0; i < items_n; i++) - if (meth == (int)items[i].id) - return items[i].ptr; - return NULL; -} - -/* - * The list of permitted hash functions are taken from - * https://tools.ietf.org/html/rfc8017#appendix-A.2.1: - * - * OAEP-PSSDigestAlgorithms ALGORITHM-IDENTIFIER ::= { - * { OID id-sha1 PARAMETERS NULL }| - * { OID id-sha224 PARAMETERS NULL }| - * { OID id-sha256 PARAMETERS NULL }| - * { OID id-sha384 PARAMETERS NULL }| - * { OID id-sha512 PARAMETERS NULL }| - * { OID id-sha512-224 PARAMETERS NULL }| - * { OID id-sha512-256 PARAMETERS NULL }, - * ... -- Allows for future expansion -- - * } - */ -static const OSSL_ITEM oaeppss_name_nid_map[] = { - { NID_sha1, OSSL_DIGEST_NAME_SHA1 }, - { NID_sha224, OSSL_DIGEST_NAME_SHA2_224 }, - { NID_sha256, OSSL_DIGEST_NAME_SHA2_256 }, - { NID_sha384, OSSL_DIGEST_NAME_SHA2_384 }, - { NID_sha512, OSSL_DIGEST_NAME_SHA2_512 }, - { NID_sha512_224, OSSL_DIGEST_NAME_SHA2_512_224 }, - { NID_sha512_256, OSSL_DIGEST_NAME_SHA2_512_256 }, -}; - -static int md_is_a(const void *md, const char *name) -{ - return EVP_MD_is_a(md, name); -} - -int ossl_rsa_oaeppss_md2nid(const EVP_MD *md) -{ - return meth2nid(md, md_is_a, - oaeppss_name_nid_map, OSSL_NELEM(oaeppss_name_nid_map)); -} - -const char *ossl_rsa_oaeppss_nid2name(int md) -{ - return nid2name(md, oaeppss_name_nid_map, OSSL_NELEM(oaeppss_name_nid_map)); -} - -const char *ossl_rsa_mgf_nid2name(int mgf) -{ - if (mgf == NID_mgf1) - return SN_mgf1; - return NULL; -} diff --git a/crypto/rsa/rsa_sign.c b/crypto/rsa/rsa_sign.c deleted file mode 100644 index c5a664dc0b0dd6522a05a6546db2b3c36be5cdff..0000000000000000000000000000000000000000 --- a/crypto/rsa/rsa_sign.c +++ /dev/null @@ -1,457 +0,0 @@ -/* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * RSA low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include -#include "internal/cryptlib.h" -#include -#include -#include -#ifndef FIPS_MODULE -# ifndef OPENSSL_NO_MD2 -# include /* uses MD2_DIGEST_LENGTH */ -# endif -# ifndef OPENSSL_NO_MD4 -# include /* uses MD4_DIGEST_LENGTH */ -# endif -# ifndef OPENSSL_NO_MD5 -# include /* uses MD5_DIGEST_LENGTH */ -# endif -# ifndef OPENSSL_NO_MDC2 -# include /* uses MDC2_DIGEST_LENGTH */ -# endif -# ifndef OPENSSL_NO_RMD160 -# include /* uses RIPEMD160_DIGEST_LENGTH */ -# endif -#endif -#include /* uses SHA???_DIGEST_LENGTH */ -#include "crypto/rsa.h" -#include "rsa_local.h" - -/* - * The general purpose ASN1 code is not available inside the FIPS provider. - * To remove the dependency RSASSA-PKCS1-v1_5 DigestInfo encodings can be - * treated as a special case by pregenerating the required ASN1 encoding. - * This encoding will also be shared by the default provider. - * - * The EMSA-PKCS1-v1_5 encoding method includes an ASN.1 value of type - * DigestInfo, where the type DigestInfo has the syntax - * - * DigestInfo ::= SEQUENCE { - * digestAlgorithm DigestAlgorithm, - * digest OCTET STRING - * } - * - * DigestAlgorithm ::= AlgorithmIdentifier { - * {PKCS1-v1-5DigestAlgorithms} - * } - * - * The AlgorithmIdentifier is a sequence containing the digest OID and - * parameters (a value of type NULL). - * - * The ENCODE_DIGESTINFO_SHA() and ENCODE_DIGESTINFO_MD() macros define an - * initialized array containing the DER encoded DigestInfo for the specified - * SHA or MD digest. The content of the OCTET STRING is not included. - * |name| is the digest name. - * |n| is last byte in the encoded OID for the digest. - * |sz| is the digest length in bytes. It must not be greater than 110. - */ - -#define ASN1_SEQUENCE 0x30 -#define ASN1_OCTET_STRING 0x04 -#define ASN1_NULL 0x05 -#define ASN1_OID 0x06 - -/* SHA OIDs are of the form: (2 16 840 1 101 3 4 2 |n|) */ -#define ENCODE_DIGESTINFO_SHA(name, n, sz) \ -static const unsigned char digestinfo_##name##_der[] = { \ - ASN1_SEQUENCE, 0x11 + sz, \ - ASN1_SEQUENCE, 0x0d, \ - ASN1_OID, 0x09, 2 * 40 + 16, 0x86, 0x48, 1, 101, 3, 4, 2, n, \ - ASN1_NULL, 0x00, \ - ASN1_OCTET_STRING, sz \ -}; - -/* MD2, MD4 and MD5 OIDs are of the form: (1 2 840 113549 2 |n|) */ -#define ENCODE_DIGESTINFO_MD(name, n, sz) \ -static const unsigned char digestinfo_##name##_der[] = { \ - ASN1_SEQUENCE, 0x10 + sz, \ - ASN1_SEQUENCE, 0x0c, \ - ASN1_OID, 0x08, 1 * 40 + 2, 0x86, 0x48, 0x86, 0xf7, 0x0d, 2, n, \ - ASN1_NULL, 0x00, \ - ASN1_OCTET_STRING, sz \ -}; - -#ifndef FIPS_MODULE -# ifndef OPENSSL_NO_MD2 -ENCODE_DIGESTINFO_MD(md2, 0x02, MD2_DIGEST_LENGTH) -# endif -# ifndef OPENSSL_NO_MD4 -ENCODE_DIGESTINFO_MD(md4, 0x03, MD4_DIGEST_LENGTH) -# endif -# ifndef OPENSSL_NO_MD5 -ENCODE_DIGESTINFO_MD(md5, 0x05, MD5_DIGEST_LENGTH) -# endif -# ifndef OPENSSL_NO_MDC2 -/* MDC-2 (2 5 8 3 101) */ -static const unsigned char digestinfo_mdc2_der[] = { - ASN1_SEQUENCE, 0x0c + MDC2_DIGEST_LENGTH, - ASN1_SEQUENCE, 0x08, - ASN1_OID, 0x04, 2 * 40 + 5, 8, 3, 101, - ASN1_NULL, 0x00, - ASN1_OCTET_STRING, MDC2_DIGEST_LENGTH -}; -# endif -# ifndef OPENSSL_NO_RMD160 -/* RIPEMD160 (1 3 36 3 2 1) */ -static const unsigned char digestinfo_ripemd160_der[] = { - ASN1_SEQUENCE, 0x0d + RIPEMD160_DIGEST_LENGTH, - ASN1_SEQUENCE, 0x09, - ASN1_OID, 0x05, 1 * 40 + 3, 36, 3, 2, 1, - ASN1_NULL, 0x00, - ASN1_OCTET_STRING, RIPEMD160_DIGEST_LENGTH -}; -# endif -#endif /* FIPS_MODULE */ - -/* SHA-1 (1 3 14 3 2 26) */ -static const unsigned char digestinfo_sha1_der[] = { - ASN1_SEQUENCE, 0x0d + SHA_DIGEST_LENGTH, - ASN1_SEQUENCE, 0x09, - ASN1_OID, 0x05, 1 * 40 + 3, 14, 3, 2, 26, - ASN1_NULL, 0x00, - ASN1_OCTET_STRING, SHA_DIGEST_LENGTH -}; - -ENCODE_DIGESTINFO_SHA(sha256, 0x01, SHA256_DIGEST_LENGTH) -ENCODE_DIGESTINFO_SHA(sha384, 0x02, SHA384_DIGEST_LENGTH) -ENCODE_DIGESTINFO_SHA(sha512, 0x03, SHA512_DIGEST_LENGTH) -ENCODE_DIGESTINFO_SHA(sha224, 0x04, SHA224_DIGEST_LENGTH) -ENCODE_DIGESTINFO_SHA(sha512_224, 0x05, SHA224_DIGEST_LENGTH) -ENCODE_DIGESTINFO_SHA(sha512_256, 0x06, SHA256_DIGEST_LENGTH) -ENCODE_DIGESTINFO_SHA(sha3_224, 0x07, SHA224_DIGEST_LENGTH) -ENCODE_DIGESTINFO_SHA(sha3_256, 0x08, SHA256_DIGEST_LENGTH) -ENCODE_DIGESTINFO_SHA(sha3_384, 0x09, SHA384_DIGEST_LENGTH) -ENCODE_DIGESTINFO_SHA(sha3_512, 0x0a, SHA512_DIGEST_LENGTH) - -#define MD_CASE(name) \ - case NID_##name: \ - *len = sizeof(digestinfo_##name##_der); \ - return digestinfo_##name##_der; - -const unsigned char *ossl_rsa_digestinfo_encoding(int md_nid, size_t *len) -{ - switch (md_nid) { -#ifndef FIPS_MODULE -# ifndef OPENSSL_NO_MDC2 - MD_CASE(mdc2) -# endif -# ifndef OPENSSL_NO_MD2 - MD_CASE(md2) -# endif -# ifndef OPENSSL_NO_MD4 - MD_CASE(md4) -# endif -# ifndef OPENSSL_NO_MD5 - MD_CASE(md5) -# endif -# ifndef OPENSSL_NO_RMD160 - MD_CASE(ripemd160) -# endif -#endif /* FIPS_MODULE */ - MD_CASE(sha1) - MD_CASE(sha224) - MD_CASE(sha256) - MD_CASE(sha384) - MD_CASE(sha512) - MD_CASE(sha512_224) - MD_CASE(sha512_256) - MD_CASE(sha3_224) - MD_CASE(sha3_256) - MD_CASE(sha3_384) - MD_CASE(sha3_512) - default: - return NULL; - } -} - -#define MD_NID_CASE(name, sz) \ - case NID_##name: \ - return sz; - -static int digest_sz_from_nid(int nid) -{ - switch (nid) { -#ifndef FIPS_MODULE -# ifndef OPENSSL_NO_MDC2 - MD_NID_CASE(mdc2, MDC2_DIGEST_LENGTH) -# endif -# ifndef OPENSSL_NO_MD2 - MD_NID_CASE(md2, MD2_DIGEST_LENGTH) -# endif -# ifndef OPENSSL_NO_MD4 - MD_NID_CASE(md4, MD4_DIGEST_LENGTH) -# endif -# ifndef OPENSSL_NO_MD5 - MD_NID_CASE(md5, MD5_DIGEST_LENGTH) -# endif -# ifndef OPENSSL_NO_RMD160 - MD_NID_CASE(ripemd160, RIPEMD160_DIGEST_LENGTH) -# endif -#endif /* FIPS_MODULE */ - MD_NID_CASE(sha1, SHA_DIGEST_LENGTH) - MD_NID_CASE(sha224, SHA224_DIGEST_LENGTH) - MD_NID_CASE(sha256, SHA256_DIGEST_LENGTH) - MD_NID_CASE(sha384, SHA384_DIGEST_LENGTH) - MD_NID_CASE(sha512, SHA512_DIGEST_LENGTH) - MD_NID_CASE(sha512_224, SHA224_DIGEST_LENGTH) - MD_NID_CASE(sha512_256, SHA256_DIGEST_LENGTH) - MD_NID_CASE(sha3_224, SHA224_DIGEST_LENGTH) - MD_NID_CASE(sha3_256, SHA256_DIGEST_LENGTH) - MD_NID_CASE(sha3_384, SHA384_DIGEST_LENGTH) - MD_NID_CASE(sha3_512, SHA512_DIGEST_LENGTH) - default: - return 0; - } -} - - -/* Size of an SSL signature: MD5+SHA1 */ -#define SSL_SIG_LENGTH 36 - -/* - * Encodes a DigestInfo prefix of hash |type| and digest |m|, as - * described in EMSA-PKCS1-v1_5-ENCODE, RFC 3447 section 9.2 step 2. This - * encodes the DigestInfo (T and tLen) but does not add the padding. - * - * On success, it returns one and sets |*out| to a newly allocated buffer - * containing the result and |*out_len| to its length. The caller must free - * |*out| with OPENSSL_free(). Otherwise, it returns zero. - */ -static int encode_pkcs1(unsigned char **out, size_t *out_len, int type, - const unsigned char *m, size_t m_len) -{ - size_t di_prefix_len, dig_info_len; - const unsigned char *di_prefix; - unsigned char *dig_info; - - if (type == NID_undef) { - ERR_raise(ERR_LIB_RSA, RSA_R_UNKNOWN_ALGORITHM_TYPE); - return 0; - } - di_prefix = ossl_rsa_digestinfo_encoding(type, &di_prefix_len); - if (di_prefix == NULL) { - ERR_raise(ERR_LIB_RSA, - RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD); - return 0; - } - dig_info_len = di_prefix_len + m_len; - dig_info = OPENSSL_malloc(dig_info_len); - if (dig_info == NULL) { - ERR_raise(ERR_LIB_RSA, ERR_R_MALLOC_FAILURE); - return 0; - } - memcpy(dig_info, di_prefix, di_prefix_len); - memcpy(dig_info + di_prefix_len, m, m_len); - - *out = dig_info; - *out_len = dig_info_len; - return 1; -} - -int RSA_sign(int type, const unsigned char *m, unsigned int m_len, - unsigned char *sigret, unsigned int *siglen, RSA *rsa) -{ - int encrypt_len, ret = 0; - size_t encoded_len = 0; - unsigned char *tmps = NULL; - const unsigned char *encoded = NULL; - -#ifndef FIPS_MODULE - if (rsa->meth->rsa_sign != NULL) - return rsa->meth->rsa_sign(type, m, m_len, sigret, siglen, rsa); -#endif /* FIPS_MODULE */ - - /* Compute the encoded digest. */ - if (type == NID_md5_sha1) { - /* - * NID_md5_sha1 corresponds to the MD5/SHA1 combination in TLS 1.1 and - * earlier. It has no DigestInfo wrapper but otherwise is - * RSASSA-PKCS1-v1_5. - */ - if (m_len != SSL_SIG_LENGTH) { - ERR_raise(ERR_LIB_RSA, RSA_R_INVALID_MESSAGE_LENGTH); - return 0; - } - encoded_len = SSL_SIG_LENGTH; - encoded = m; - } else { - if (!encode_pkcs1(&tmps, &encoded_len, type, m, m_len)) - goto err; - encoded = tmps; - } - - if (encoded_len + RSA_PKCS1_PADDING_SIZE > (size_t)RSA_size(rsa)) { - ERR_raise(ERR_LIB_RSA, RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY); - goto err; - } - encrypt_len = RSA_private_encrypt((int)encoded_len, encoded, sigret, rsa, - RSA_PKCS1_PADDING); - if (encrypt_len <= 0) - goto err; - - *siglen = encrypt_len; - ret = 1; - -err: - OPENSSL_clear_free(tmps, encoded_len); - return ret; -} - -/* - * Verify an RSA signature in |sigbuf| using |rsa|. - * |type| is the NID of the digest algorithm to use. - * If |rm| is NULL, it verifies the signature for digest |m|, otherwise - * it recovers the digest from the signature, writing the digest to |rm| and - * the length to |*prm_len|. - * - * It returns one on successful verification or zero otherwise. - */ -int ossl_rsa_verify(int type, const unsigned char *m, unsigned int m_len, - unsigned char *rm, size_t *prm_len, - const unsigned char *sigbuf, size_t siglen, RSA *rsa) -{ - int len, ret = 0; - size_t decrypt_len, encoded_len = 0; - unsigned char *decrypt_buf = NULL, *encoded = NULL; - - if (siglen != (size_t)RSA_size(rsa)) { - ERR_raise(ERR_LIB_RSA, RSA_R_WRONG_SIGNATURE_LENGTH); - return 0; - } - - /* Recover the encoded digest. */ - decrypt_buf = OPENSSL_malloc(siglen); - if (decrypt_buf == NULL) { - ERR_raise(ERR_LIB_RSA, ERR_R_MALLOC_FAILURE); - goto err; - } - - len = RSA_public_decrypt((int)siglen, sigbuf, decrypt_buf, rsa, - RSA_PKCS1_PADDING); - if (len <= 0) - goto err; - decrypt_len = len; - -#ifndef FIPS_MODULE - if (type == NID_md5_sha1) { - /* - * NID_md5_sha1 corresponds to the MD5/SHA1 combination in TLS 1.1 and - * earlier. It has no DigestInfo wrapper but otherwise is - * RSASSA-PKCS1-v1_5. - */ - if (decrypt_len != SSL_SIG_LENGTH) { - ERR_raise(ERR_LIB_RSA, RSA_R_BAD_SIGNATURE); - goto err; - } - - if (rm != NULL) { - memcpy(rm, decrypt_buf, SSL_SIG_LENGTH); - *prm_len = SSL_SIG_LENGTH; - } else { - if (m_len != SSL_SIG_LENGTH) { - ERR_raise(ERR_LIB_RSA, RSA_R_INVALID_MESSAGE_LENGTH); - goto err; - } - - if (memcmp(decrypt_buf, m, SSL_SIG_LENGTH) != 0) { - ERR_raise(ERR_LIB_RSA, RSA_R_BAD_SIGNATURE); - goto err; - } - } - } else if (type == NID_mdc2 && decrypt_len == 2 + 16 - && decrypt_buf[0] == 0x04 && decrypt_buf[1] == 0x10) { - /* - * Oddball MDC2 case: signature can be OCTET STRING. check for correct - * tag and length octets. - */ - if (rm != NULL) { - memcpy(rm, decrypt_buf + 2, 16); - *prm_len = 16; - } else { - if (m_len != 16) { - ERR_raise(ERR_LIB_RSA, RSA_R_INVALID_MESSAGE_LENGTH); - goto err; - } - - if (memcmp(m, decrypt_buf + 2, 16) != 0) { - ERR_raise(ERR_LIB_RSA, RSA_R_BAD_SIGNATURE); - goto err; - } - } - } else -#endif /* FIPS_MODULE */ - { - /* - * If recovering the digest, extract a digest-sized output from the end - * of |decrypt_buf| for |encode_pkcs1|, then compare the decryption - * output as in a standard verification. - */ - if (rm != NULL) { - len = digest_sz_from_nid(type); - - if (len <= 0) - goto err; - m_len = (unsigned int)len; - if (m_len > decrypt_len) { - ERR_raise(ERR_LIB_RSA, RSA_R_INVALID_DIGEST_LENGTH); - goto err; - } - m = decrypt_buf + decrypt_len - m_len; - } - - /* Construct the encoded digest and ensure it matches. */ - if (!encode_pkcs1(&encoded, &encoded_len, type, m, m_len)) - goto err; - - if (encoded_len != decrypt_len - || memcmp(encoded, decrypt_buf, encoded_len) != 0) { - ERR_raise(ERR_LIB_RSA, RSA_R_BAD_SIGNATURE); - goto err; - } - - /* Output the recovered digest. */ - if (rm != NULL) { - memcpy(rm, m, m_len); - *prm_len = m_len; - } - } - - ret = 1; - -err: - OPENSSL_clear_free(encoded, encoded_len); - OPENSSL_clear_free(decrypt_buf, siglen); - return ret; -} - -int RSA_verify(int type, const unsigned char *m, unsigned int m_len, - const unsigned char *sigbuf, unsigned int siglen, RSA *rsa) -{ - - if (rsa->meth->rsa_verify != NULL) - return rsa->meth->rsa_verify(type, m, m_len, sigbuf, siglen, rsa); - - return ossl_rsa_verify(type, m, m_len, NULL, NULL, sigbuf, siglen, rsa); -} diff --git a/crypto/rsa/rsa_sp800_56b_check.c b/crypto/rsa/rsa_sp800_56b_check.c deleted file mode 100644 index fc8f19b48770b1084b7a6e202d1fc5cc9bc3b53a..0000000000000000000000000000000000000000 --- a/crypto/rsa/rsa_sp800_56b_check.c +++ /dev/null @@ -1,437 +0,0 @@ -/* - * Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved. - * Copyright (c) 2018-2019, Oracle and/or its affiliates. All rights reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include "crypto/bn.h" -#include "rsa_local.h" - -/* - * Part of the RSA keypair test. - * Check the Chinese Remainder Theorem components are valid. - * - * See SP800-5bBr1 - * 6.4.1.2.3: rsakpv1-crt Step 7 - * 6.4.1.3.3: rsakpv2-crt Step 7 - */ -int ossl_rsa_check_crt_components(const RSA *rsa, BN_CTX *ctx) -{ - int ret = 0; - BIGNUM *r = NULL, *p1 = NULL, *q1 = NULL; - - /* check if only some of the crt components are set */ - if (rsa->dmp1 == NULL || rsa->dmq1 == NULL || rsa->iqmp == NULL) { - if (rsa->dmp1 != NULL || rsa->dmq1 != NULL || rsa->iqmp != NULL) - return 0; - return 1; /* return ok if all components are NULL */ - } - - BN_CTX_start(ctx); - r = BN_CTX_get(ctx); - p1 = BN_CTX_get(ctx); - q1 = BN_CTX_get(ctx); - if (q1 != NULL) { - BN_set_flags(r, BN_FLG_CONSTTIME); - BN_set_flags(p1, BN_FLG_CONSTTIME); - BN_set_flags(q1, BN_FLG_CONSTTIME); - ret = 1; - } else { - ret = 0; - } - ret = ret - /* p1 = p -1 */ - && (BN_copy(p1, rsa->p) != NULL) - && BN_sub_word(p1, 1) - /* q1 = q - 1 */ - && (BN_copy(q1, rsa->q) != NULL) - && BN_sub_word(q1, 1) - /* (a) 1 < dP < (p – 1). */ - && (BN_cmp(rsa->dmp1, BN_value_one()) > 0) - && (BN_cmp(rsa->dmp1, p1) < 0) - /* (b) 1 < dQ < (q - 1). */ - && (BN_cmp(rsa->dmq1, BN_value_one()) > 0) - && (BN_cmp(rsa->dmq1, q1) < 0) - /* (c) 1 < qInv < p */ - && (BN_cmp(rsa->iqmp, BN_value_one()) > 0) - && (BN_cmp(rsa->iqmp, rsa->p) < 0) - /* (d) 1 = (dP . e) mod (p - 1)*/ - && BN_mod_mul(r, rsa->dmp1, rsa->e, p1, ctx) - && BN_is_one(r) - /* (e) 1 = (dQ . e) mod (q - 1) */ - && BN_mod_mul(r, rsa->dmq1, rsa->e, q1, ctx) - && BN_is_one(r) - /* (f) 1 = (qInv . q) mod p */ - && BN_mod_mul(r, rsa->iqmp, rsa->q, rsa->p, ctx) - && BN_is_one(r); - BN_clear(r); - BN_clear(p1); - BN_clear(q1); - BN_CTX_end(ctx); - return ret; -} - -/* - * Part of the RSA keypair test. - * Check that (√2)(2^(nbits/2 - 1) <= p <= 2^(nbits/2) - 1 - * - * See SP800-5bBr1 6.4.1.2.1 Part 5 (c) & (g) - used for both p and q. - * - * (√2)(2^(nbits/2 - 1) = (√2/2)(2^(nbits/2)) - */ -int ossl_rsa_check_prime_factor_range(const BIGNUM *p, int nbits, BN_CTX *ctx) -{ - int ret = 0; - BIGNUM *low; - int shift; - - nbits >>= 1; - shift = nbits - BN_num_bits(&ossl_bn_inv_sqrt_2); - - /* Upper bound check */ - if (BN_num_bits(p) != nbits) - return 0; - - BN_CTX_start(ctx); - low = BN_CTX_get(ctx); - if (low == NULL) - goto err; - - /* set low = (√2)(2^(nbits/2 - 1) */ - if (!BN_copy(low, &ossl_bn_inv_sqrt_2)) - goto err; - - if (shift >= 0) { - /* - * We don't have all the bits. ossl_bn_inv_sqrt_2 contains a rounded up - * value, so there is a very low probability that we'll reject a valid - * value. - */ - if (!BN_lshift(low, low, shift)) - goto err; - } else if (!BN_rshift(low, low, -shift)) { - goto err; - } - if (BN_cmp(p, low) <= 0) - goto err; - ret = 1; -err: - BN_CTX_end(ctx); - return ret; -} - -/* - * Part of the RSA keypair test. - * Check the prime factor (for either p or q) - * i.e: p is prime AND GCD(p - 1, e) = 1 - * - * See SP800-56Br1 6.4.1.2.3 Step 5 (a to d) & (e to h). - */ -int ossl_rsa_check_prime_factor(BIGNUM *p, BIGNUM *e, int nbits, BN_CTX *ctx) -{ - int ret = 0; - BIGNUM *p1 = NULL, *gcd = NULL; - - /* (Steps 5 a-b) prime test */ - if (BN_check_prime(p, ctx, NULL) != 1 - /* (Step 5c) (√2)(2^(nbits/2 - 1) <= p <= 2^(nbits/2 - 1) */ - || ossl_rsa_check_prime_factor_range(p, nbits, ctx) != 1) - return 0; - - BN_CTX_start(ctx); - p1 = BN_CTX_get(ctx); - gcd = BN_CTX_get(ctx); - if (gcd != NULL) { - BN_set_flags(p1, BN_FLG_CONSTTIME); - BN_set_flags(gcd, BN_FLG_CONSTTIME); - ret = 1; - } else { - ret = 0; - } - ret = ret - /* (Step 5d) GCD(p-1, e) = 1 */ - && (BN_copy(p1, p) != NULL) - && BN_sub_word(p1, 1) - && BN_gcd(gcd, p1, e, ctx) - && BN_is_one(gcd); - - BN_clear(p1); - BN_CTX_end(ctx); - return ret; -} - -/* - * See SP800-56Br1 6.4.1.2.3 Part 6(a-b) Check the private exponent d - * satisfies: - * (Step 6a) 2^(nBit/2) < d < LCM(p–1, q–1). - * (Step 6b) 1 = (d*e) mod LCM(p–1, q–1) - */ -int ossl_rsa_check_private_exponent(const RSA *rsa, int nbits, BN_CTX *ctx) -{ - int ret; - BIGNUM *r, *p1, *q1, *lcm, *p1q1, *gcd; - - /* (Step 6a) 2^(nbits/2) < d */ - if (BN_num_bits(rsa->d) <= (nbits >> 1)) - return 0; - - BN_CTX_start(ctx); - r = BN_CTX_get(ctx); - p1 = BN_CTX_get(ctx); - q1 = BN_CTX_get(ctx); - lcm = BN_CTX_get(ctx); - p1q1 = BN_CTX_get(ctx); - gcd = BN_CTX_get(ctx); - if (gcd != NULL) { - BN_set_flags(r, BN_FLG_CONSTTIME); - BN_set_flags(p1, BN_FLG_CONSTTIME); - BN_set_flags(q1, BN_FLG_CONSTTIME); - BN_set_flags(lcm, BN_FLG_CONSTTIME); - BN_set_flags(p1q1, BN_FLG_CONSTTIME); - BN_set_flags(gcd, BN_FLG_CONSTTIME); - ret = 1; - } else { - ret = 0; - } - ret = (ret - /* LCM(p - 1, q - 1) */ - && (ossl_rsa_get_lcm(ctx, rsa->p, rsa->q, lcm, gcd, p1, q1, - p1q1) == 1) - /* (Step 6a) d < LCM(p - 1, q - 1) */ - && (BN_cmp(rsa->d, lcm) < 0) - /* (Step 6b) 1 = (e . d) mod LCM(p - 1, q - 1) */ - && BN_mod_mul(r, rsa->e, rsa->d, lcm, ctx) - && BN_is_one(r)); - - BN_clear(r); - BN_clear(p1); - BN_clear(q1); - BN_clear(lcm); - BN_clear(gcd); - BN_CTX_end(ctx); - return ret; -} - -/* - * Check exponent is odd. - * For FIPS also check the bit length is in the range [17..256] - */ -int ossl_rsa_check_public_exponent(const BIGNUM *e) -{ -#ifdef FIPS_MODULE - int bitlen; - - bitlen = BN_num_bits(e); - return (BN_is_odd(e) && bitlen > 16 && bitlen < 257); -#else - /* Allow small exponents larger than 1 for legacy purposes */ - return BN_is_odd(e) && BN_cmp(e, BN_value_one()) > 0; -#endif /* FIPS_MODULE */ -} - -/* - * SP800-56Br1 6.4.1.2.1 (Step 5i): |p - q| > 2^(nbits/2 - 100) - * i.e- numbits(p-q-1) > (nbits/2 -100) - */ -int ossl_rsa_check_pminusq_diff(BIGNUM *diff, const BIGNUM *p, const BIGNUM *q, - int nbits) -{ - int bitlen = (nbits >> 1) - 100; - - if (!BN_sub(diff, p, q)) - return -1; - BN_set_negative(diff, 0); - - if (BN_is_zero(diff)) - return 0; - - if (!BN_sub_word(diff, 1)) - return -1; - return (BN_num_bits(diff) > bitlen); -} - -/* - * return LCM(p-1, q-1) - * - * Caller should ensure that lcm, gcd, p1, q1, p1q1 are flagged with - * BN_FLG_CONSTTIME. - */ -int ossl_rsa_get_lcm(BN_CTX *ctx, const BIGNUM *p, const BIGNUM *q, - BIGNUM *lcm, BIGNUM *gcd, BIGNUM *p1, BIGNUM *q1, - BIGNUM *p1q1) -{ - return BN_sub(p1, p, BN_value_one()) /* p-1 */ - && BN_sub(q1, q, BN_value_one()) /* q-1 */ - && BN_mul(p1q1, p1, q1, ctx) /* (p-1)(q-1) */ - && BN_gcd(gcd, p1, q1, ctx) - && BN_div(lcm, NULL, p1q1, gcd, ctx); /* LCM((p-1, q-1)) */ -} - -/* - * SP800-56Br1 6.4.2.2 Partial Public Key Validation for RSA refers to - * SP800-89 5.3.3 (Explicit) Partial Public Key Validation for RSA - * caveat is that the modulus must be as specified in SP800-56Br1 - */ -int ossl_rsa_sp800_56b_check_public(const RSA *rsa) -{ - int ret = 0, status; - int nbits; - BN_CTX *ctx = NULL; - BIGNUM *gcd = NULL; - - if (rsa->n == NULL || rsa->e == NULL) - return 0; - - nbits = BN_num_bits(rsa->n); -#ifdef FIPS_MODULE - /* - * (Step a): modulus must be 2048 or 3072 (caveat from SP800-56Br1) - * NOTE: changed to allow keys >= 2048 - */ - if (!ossl_rsa_sp800_56b_validate_strength(nbits, -1)) { - ERR_raise(ERR_LIB_RSA, RSA_R_INVALID_KEY_LENGTH); - return 0; - } -#endif - if (!BN_is_odd(rsa->n)) { - ERR_raise(ERR_LIB_RSA, RSA_R_INVALID_MODULUS); - return 0; - } - /* (Steps b-c): 2^16 < e < 2^256, n and e must be odd */ - if (!ossl_rsa_check_public_exponent(rsa->e)) { - ERR_raise(ERR_LIB_RSA, RSA_R_PUB_EXPONENT_OUT_OF_RANGE); - return 0; - } - - ctx = BN_CTX_new_ex(rsa->libctx); - gcd = BN_new(); - if (ctx == NULL || gcd == NULL) - goto err; - - /* (Steps d-f): - * The modulus is composite, but not a power of a prime. - * The modulus has no factors smaller than 752. - */ - if (!BN_gcd(gcd, rsa->n, ossl_bn_get0_small_factors(), ctx) - || !BN_is_one(gcd)) { - ERR_raise(ERR_LIB_RSA, RSA_R_INVALID_MODULUS); - goto err; - } - - ret = ossl_bn_miller_rabin_is_prime(rsa->n, 0, ctx, NULL, 1, &status); -#ifdef FIPS_MODULE - if (ret != 1 || status != BN_PRIMETEST_COMPOSITE_NOT_POWER_OF_PRIME) { -#else - if (ret != 1 || (status != BN_PRIMETEST_COMPOSITE_NOT_POWER_OF_PRIME - && (nbits >= RSA_MIN_MODULUS_BITS - || status != BN_PRIMETEST_COMPOSITE_WITH_FACTOR))) { -#endif - ERR_raise(ERR_LIB_RSA, RSA_R_INVALID_MODULUS); - ret = 0; - goto err; - } - - ret = 1; -err: - BN_free(gcd); - BN_CTX_free(ctx); - return ret; -} - -/* - * Perform validation of the RSA private key to check that 0 < D < N. - */ -int ossl_rsa_sp800_56b_check_private(const RSA *rsa) -{ - if (rsa->d == NULL || rsa->n == NULL) - return 0; - return BN_cmp(rsa->d, BN_value_one()) >= 0 && BN_cmp(rsa->d, rsa->n) < 0; -} - -/* - * RSA key pair validation. - * - * SP800-56Br1. - * 6.4.1.2 "RSAKPV1 Family: RSA Key - Pair Validation with a Fixed Exponent" - * 6.4.1.3 "RSAKPV2 Family: RSA Key - Pair Validation with a Random Exponent" - * - * It uses: - * 6.4.1.2.3 "rsakpv1 - crt" - * 6.4.1.3.3 "rsakpv2 - crt" - */ -int ossl_rsa_sp800_56b_check_keypair(const RSA *rsa, const BIGNUM *efixed, - int strength, int nbits) -{ - int ret = 0; - BN_CTX *ctx = NULL; - BIGNUM *r = NULL; - - if (rsa->p == NULL - || rsa->q == NULL - || rsa->e == NULL - || rsa->d == NULL - || rsa->n == NULL) { - ERR_raise(ERR_LIB_RSA, RSA_R_INVALID_REQUEST); - return 0; - } - /* (Step 1): Check Ranges */ - if (!ossl_rsa_sp800_56b_validate_strength(nbits, strength)) - return 0; - - /* If the exponent is known */ - if (efixed != NULL) { - /* (2): Check fixed exponent matches public exponent. */ - if (BN_cmp(efixed, rsa->e) != 0) { - ERR_raise(ERR_LIB_RSA, RSA_R_INVALID_REQUEST); - return 0; - } - } - /* (Step 1.c): e is odd integer 65537 <= e < 2^256 */ - if (!ossl_rsa_check_public_exponent(rsa->e)) { - /* exponent out of range */ - ERR_raise(ERR_LIB_RSA, RSA_R_PUB_EXPONENT_OUT_OF_RANGE); - return 0; - } - /* (Step 3.b): check the modulus */ - if (nbits != BN_num_bits(rsa->n)) { - ERR_raise(ERR_LIB_RSA, RSA_R_INVALID_KEYPAIR); - return 0; - } - - ctx = BN_CTX_new_ex(rsa->libctx); - if (ctx == NULL) - return 0; - - BN_CTX_start(ctx); - r = BN_CTX_get(ctx); - if (r == NULL || !BN_mul(r, rsa->p, rsa->q, ctx)) - goto err; - /* (Step 4.c): Check n = pq */ - if (BN_cmp(rsa->n, r) != 0) { - ERR_raise(ERR_LIB_RSA, RSA_R_INVALID_REQUEST); - goto err; - } - - /* (Step 5): check prime factors p & q */ - ret = ossl_rsa_check_prime_factor(rsa->p, rsa->e, nbits, ctx) - && ossl_rsa_check_prime_factor(rsa->q, rsa->e, nbits, ctx) - && (ossl_rsa_check_pminusq_diff(r, rsa->p, rsa->q, nbits) > 0) - /* (Step 6): Check the private exponent d */ - && ossl_rsa_check_private_exponent(rsa, nbits, ctx) - /* 6.4.1.2.3 (Step 7): Check the CRT components */ - && ossl_rsa_check_crt_components(rsa, ctx); - if (ret != 1) - ERR_raise(ERR_LIB_RSA, RSA_R_INVALID_KEYPAIR); - -err: - BN_clear(r); - BN_CTX_end(ctx); - BN_CTX_free(ctx); - return ret; -} diff --git a/crypto/rsa/rsa_sp800_56b_gen.c b/crypto/rsa/rsa_sp800_56b_gen.c deleted file mode 100644 index df2240555bfd50869490731fc8b3db348a244d2a..0000000000000000000000000000000000000000 --- a/crypto/rsa/rsa_sp800_56b_gen.c +++ /dev/null @@ -1,440 +0,0 @@ -/* - * Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved. - * Copyright (c) 2018-2019, Oracle and/or its affiliates. All rights reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include -#include -#include "crypto/bn.h" -#include "crypto/security_bits.h" -#include "rsa_local.h" - -#define RSA_FIPS1864_MIN_KEYGEN_KEYSIZE 2048 -#define RSA_FIPS1864_MIN_KEYGEN_STRENGTH 112 - -/* - * Generate probable primes 'p' & 'q'. See FIPS 186-4 Section B.3.6 - * "Generation of Probable Primes with Conditions Based on Auxiliary Probable - * Primes". - * - * Params: - * rsa Object used to store primes p & q. - * test Object used for CAVS testing only.that contains.. - * p1, p2 The returned auxiliary primes for p. - * If NULL they are not returned. - * Xpout An optionally returned random number used during generation of p. - * Xp An optional passed in value (that is random number used during - * generation of p). - * Xp1, Xp2 Optionally passed in randomly generated numbers from which - * auxiliary primes p1 & p2 are calculated. If NULL these values - * are generated internally. - * q1, q2 The returned auxiliary primes for q. - * If NULL they are not returned. - * Xqout An optionally returned random number used during generation of q. - * Xq An optional passed in value (that is random number used during - * generation of q). - * Xq1, Xq2 Optionally passed in randomly generated numbers from which - * auxiliary primes q1 & q2 are calculated. If NULL these values - * are generated internally. - * nbits The key size in bits (The size of the modulus n). - * e The public exponent. - * ctx A BN_CTX object. - * cb An optional BIGNUM callback. - * Returns: 1 if successful, or 0 otherwise. - * Notes: - * p1, p2, q1, q2, Xpout, Xqout are returned if they are not NULL. - * Xp, Xp1, Xp2, Xq, Xq1, Xq2 are optionally passed in. - * (Required for CAVS testing). - */ -int ossl_rsa_fips186_4_gen_prob_primes(RSA *rsa, RSA_ACVP_TEST *test, - int nbits, const BIGNUM *e, BN_CTX *ctx, - BN_GENCB *cb) -{ - int ret = 0, ok; - /* Temp allocated BIGNUMS */ - BIGNUM *Xpo = NULL, *Xqo = NULL, *tmp = NULL; - /* Intermediate BIGNUMS that can be returned for testing */ - BIGNUM *p1 = NULL, *p2 = NULL; - BIGNUM *q1 = NULL, *q2 = NULL; - /* Intermediate BIGNUMS that can be input for testing */ - BIGNUM *Xpout = NULL, *Xqout = NULL; - BIGNUM *Xp = NULL, *Xp1 = NULL, *Xp2 = NULL; - BIGNUM *Xq = NULL, *Xq1 = NULL, *Xq2 = NULL; - -#if defined(FIPS_MODULE) && !defined(OPENSSL_NO_ACVP_TESTS) - if (test != NULL) { - Xp1 = test->Xp1; - Xp2 = test->Xp2; - Xq1 = test->Xq1; - Xq2 = test->Xq2; - Xp = test->Xp; - Xq = test->Xq; - p1 = test->p1; - p2 = test->p2; - q1 = test->q1; - q2 = test->q2; - } -#endif - - /* (Step 1) Check key length - * NOTE: SP800-131A Rev1 Disallows key lengths of < 2048 bits for RSA - * Signature Generation and Key Agree/Transport. - */ - if (nbits < RSA_FIPS1864_MIN_KEYGEN_KEYSIZE) { - ERR_raise(ERR_LIB_RSA, RSA_R_KEY_SIZE_TOO_SMALL); - return 0; - } - - if (!ossl_rsa_check_public_exponent(e)) { - ERR_raise(ERR_LIB_RSA, RSA_R_PUB_EXPONENT_OUT_OF_RANGE); - return 0; - } - - /* (Step 3) Determine strength and check rand generator strength is ok - - * this step is redundant because the generator always returns a higher - * strength than is required. - */ - - BN_CTX_start(ctx); - tmp = BN_CTX_get(ctx); - Xpo = (Xpout != NULL) ? Xpout : BN_CTX_get(ctx); - Xqo = (Xqout != NULL) ? Xqout : BN_CTX_get(ctx); - if (tmp == NULL || Xpo == NULL || Xqo == NULL) - goto err; - BN_set_flags(Xpo, BN_FLG_CONSTTIME); - BN_set_flags(Xqo, BN_FLG_CONSTTIME); - - if (rsa->p == NULL) - rsa->p = BN_secure_new(); - if (rsa->q == NULL) - rsa->q = BN_secure_new(); - if (rsa->p == NULL || rsa->q == NULL) - goto err; - BN_set_flags(rsa->p, BN_FLG_CONSTTIME); - BN_set_flags(rsa->q, BN_FLG_CONSTTIME); - - /* (Step 4) Generate p, Xp */ - if (!ossl_bn_rsa_fips186_4_gen_prob_primes(rsa->p, Xpo, p1, p2, Xp, Xp1, Xp2, - nbits, e, ctx, cb)) - goto err; - for(;;) { - /* (Step 5) Generate q, Xq*/ - if (!ossl_bn_rsa_fips186_4_gen_prob_primes(rsa->q, Xqo, q1, q2, Xq, Xq1, - Xq2, nbits, e, ctx, cb)) - goto err; - - /* (Step 6) |Xp - Xq| > 2^(nbitlen/2 - 100) */ - ok = ossl_rsa_check_pminusq_diff(tmp, Xpo, Xqo, nbits); - if (ok < 0) - goto err; - if (ok == 0) - continue; - - /* (Step 6) |p - q| > 2^(nbitlen/2 - 100) */ - ok = ossl_rsa_check_pminusq_diff(tmp, rsa->p, rsa->q, nbits); - if (ok < 0) - goto err; - if (ok == 0) - continue; - break; /* successfully finished */ - } - rsa->dirty_cnt++; - ret = 1; -err: - /* Zeroize any internally generated values that are not returned */ - if (Xpo != Xpout) - BN_clear(Xpo); - if (Xqo != Xqout) - BN_clear(Xqo); - BN_clear(tmp); - - BN_CTX_end(ctx); - return ret; -} - -/* - * Validates the RSA key size based on the target strength. - * See SP800-56Br1 6.3.1.1 (Steps 1a-1b) - * - * Params: - * nbits The key size in bits. - * strength The target strength in bits. -1 means the target - * strength is unknown. - * Returns: 1 if the key size matches the target strength, or 0 otherwise. - */ -int ossl_rsa_sp800_56b_validate_strength(int nbits, int strength) -{ - int s = (int)ossl_ifc_ffc_compute_security_bits(nbits); - -#ifdef FIPS_MODULE - if (s < RSA_FIPS1864_MIN_KEYGEN_STRENGTH) { - ERR_raise(ERR_LIB_RSA, RSA_R_INVALID_MODULUS); - return 0; - } -#endif - if (strength != -1 && s != strength) { - ERR_raise(ERR_LIB_RSA, RSA_R_INVALID_STRENGTH); - return 0; - } - return 1; -} - -/* - * Validate that the random bit generator is of sufficient strength to generate - * a key of the specified length. - */ -static int rsa_validate_rng_strength(EVP_RAND_CTX *rng, int nbits) -{ - if (rng == NULL) - return 0; -#ifdef FIPS_MODULE - /* - * This should become mainstream once similar tests are added to the other - * key generations and once there is a way to disable these checks. - */ - if (EVP_RAND_get_strength(rng) < ossl_ifc_ffc_compute_security_bits(nbits)) { - ERR_raise(ERR_LIB_RSA, - RSA_R_RANDOMNESS_SOURCE_STRENGTH_INSUFFICIENT); - return 0; - } -#endif - return 1; -} - -/* - * - * Using p & q, calculate other required parameters such as n, d. - * as well as the CRT parameters dP, dQ, qInv. - * - * See SP800-56Br1 - * 6.3.1.1 rsakpg1 - basic (Steps 3-4) - * 6.3.1.3 rsakpg1 - crt (Step 5) - * - * Params: - * rsa An rsa object. - * nbits The key size. - * e The public exponent. - * ctx A BN_CTX object. - * Notes: - * There is a small chance that the generated d will be too small. - * Returns: -1 = error, - * 0 = d is too small, - * 1 = success. - */ -int ossl_rsa_sp800_56b_derive_params_from_pq(RSA *rsa, int nbits, - const BIGNUM *e, BN_CTX *ctx) -{ - int ret = -1; - BIGNUM *p1, *q1, *lcm, *p1q1, *gcd; - - BN_CTX_start(ctx); - p1 = BN_CTX_get(ctx); - q1 = BN_CTX_get(ctx); - lcm = BN_CTX_get(ctx); - p1q1 = BN_CTX_get(ctx); - gcd = BN_CTX_get(ctx); - if (gcd == NULL) - goto err; - - BN_set_flags(p1, BN_FLG_CONSTTIME); - BN_set_flags(q1, BN_FLG_CONSTTIME); - BN_set_flags(lcm, BN_FLG_CONSTTIME); - BN_set_flags(p1q1, BN_FLG_CONSTTIME); - BN_set_flags(gcd, BN_FLG_CONSTTIME); - - /* LCM((p-1, q-1)) */ - if (ossl_rsa_get_lcm(ctx, rsa->p, rsa->q, lcm, gcd, p1, q1, p1q1) != 1) - goto err; - - /* copy e */ - BN_free(rsa->e); - rsa->e = BN_dup(e); - if (rsa->e == NULL) - goto err; - - BN_clear_free(rsa->d); - /* (Step 3) d = (e^-1) mod (LCM(p-1, q-1)) */ - rsa->d = BN_secure_new(); - if (rsa->d == NULL) - goto err; - BN_set_flags(rsa->d, BN_FLG_CONSTTIME); - if (BN_mod_inverse(rsa->d, e, lcm, ctx) == NULL) - goto err; - - /* (Step 3) return an error if d is too small */ - if (BN_num_bits(rsa->d) <= (nbits >> 1)) { - ret = 0; - goto err; - } - - /* (Step 4) n = pq */ - if (rsa->n == NULL) - rsa->n = BN_new(); - if (rsa->n == NULL || !BN_mul(rsa->n, rsa->p, rsa->q, ctx)) - goto err; - - /* (Step 5a) dP = d mod (p-1) */ - if (rsa->dmp1 == NULL) - rsa->dmp1 = BN_secure_new(); - if (rsa->dmp1 == NULL) - goto err; - BN_set_flags(rsa->dmp1, BN_FLG_CONSTTIME); - if (!BN_mod(rsa->dmp1, rsa->d, p1, ctx)) - goto err; - - /* (Step 5b) dQ = d mod (q-1) */ - if (rsa->dmq1 == NULL) - rsa->dmq1 = BN_secure_new(); - if (rsa->dmq1 == NULL) - goto err; - BN_set_flags(rsa->dmq1, BN_FLG_CONSTTIME); - if (!BN_mod(rsa->dmq1, rsa->d, q1, ctx)) - goto err; - - /* (Step 5c) qInv = (inverse of q) mod p */ - BN_free(rsa->iqmp); - rsa->iqmp = BN_secure_new(); - if (rsa->iqmp == NULL) - goto err; - BN_set_flags(rsa->iqmp, BN_FLG_CONSTTIME); - if (BN_mod_inverse(rsa->iqmp, rsa->q, rsa->p, ctx) == NULL) - goto err; - - rsa->dirty_cnt++; - ret = 1; -err: - if (ret != 1) { - BN_free(rsa->e); - rsa->e = NULL; - BN_free(rsa->d); - rsa->d = NULL; - BN_free(rsa->n); - rsa->n = NULL; - BN_free(rsa->iqmp); - rsa->iqmp = NULL; - BN_free(rsa->dmq1); - rsa->dmq1 = NULL; - BN_free(rsa->dmp1); - rsa->dmp1 = NULL; - } - BN_clear(p1); - BN_clear(q1); - BN_clear(lcm); - BN_clear(p1q1); - BN_clear(gcd); - - BN_CTX_end(ctx); - return ret; -} - -/* - * Generate a SP800-56B RSA key. - * - * See SP800-56Br1 6.3.1 "RSA Key-Pair Generation with a Fixed Public Exponent" - * 6.3.1.1 rsakpg1 - basic - * 6.3.1.3 rsakpg1 - crt - * - * See also FIPS 186-4 Section B.3.6 - * "Generation of Probable Primes with Conditions Based on Auxiliary - * Probable Primes." - * - * Params: - * rsa The rsa object. - * nbits The intended key size in bits. - * efixed The public exponent. If NULL a default of 65537 is used. - * cb An optional BIGNUM callback. - * Returns: 1 if successfully generated otherwise it returns 0. - */ -int ossl_rsa_sp800_56b_generate_key(RSA *rsa, int nbits, const BIGNUM *efixed, - BN_GENCB *cb) -{ - int ret = 0; - int ok; - BN_CTX *ctx = NULL; - BIGNUM *e = NULL; - RSA_ACVP_TEST *info = NULL; - -#if defined(FIPS_MODULE) && !defined(OPENSSL_NO_ACVP_TESTS) - info = rsa->acvp_test; -#endif - - /* (Steps 1a-1b) : Currently ignores the strength check */ - if (!ossl_rsa_sp800_56b_validate_strength(nbits, -1)) - return 0; - - /* Check that the RNG is capable of generating a key this large */ - if (!rsa_validate_rng_strength(RAND_get0_private(rsa->libctx), nbits)) - return 0; - - ctx = BN_CTX_new_ex(rsa->libctx); - if (ctx == NULL) - return 0; - - /* Set default if e is not passed in */ - if (efixed == NULL) { - e = BN_new(); - if (e == NULL || !BN_set_word(e, 65537)) - goto err; - } else { - e = (BIGNUM *)efixed; - } - /* (Step 1c) fixed exponent is checked later .*/ - - for (;;) { - /* (Step 2) Generate prime factors */ - if (!ossl_rsa_fips186_4_gen_prob_primes(rsa, info, nbits, e, ctx, cb)) - goto err; - /* (Steps 3-5) Compute params d, n, dP, dQ, qInv */ - ok = ossl_rsa_sp800_56b_derive_params_from_pq(rsa, nbits, e, ctx); - if (ok < 0) - goto err; - if (ok > 0) - break; - /* Gets here if computed d is too small - so try again */ - } - - /* (Step 6) Do pairwise test - optional validity test has been omitted */ - ret = ossl_rsa_sp800_56b_pairwise_test(rsa, ctx); -err: - if (efixed == NULL) - BN_free(e); - BN_CTX_free(ctx); - return ret; -} - -/* - * See SP800-56Br1 6.3.1.3 (Step 6) Perform a pair-wise consistency test by - * verifying that: k = (k^e)^d mod n for some integer k where 1 < k < n-1. - * - * Returns 1 if the RSA key passes the pairwise test or 0 it it fails. - */ -int ossl_rsa_sp800_56b_pairwise_test(RSA *rsa, BN_CTX *ctx) -{ - int ret = 0; - BIGNUM *k, *tmp; - - BN_CTX_start(ctx); - tmp = BN_CTX_get(ctx); - k = BN_CTX_get(ctx); - if (k == NULL) - goto err; - BN_set_flags(k, BN_FLG_CONSTTIME); - - ret = (BN_set_word(k, 2) - && BN_mod_exp(tmp, k, rsa->e, rsa->n, ctx) - && BN_mod_exp(tmp, tmp, rsa->d, rsa->n, ctx) - && BN_cmp(k, tmp) == 0); - if (ret == 0) - ERR_raise(ERR_LIB_RSA, RSA_R_PAIRWISE_TEST_FAILURE); -err: - BN_CTX_end(ctx); - return ret; -} diff --git a/crypto/rsa/rsa_x931.c b/crypto/rsa/rsa_x931.c deleted file mode 100644 index 9d331ab9a7f363ad160136187d5e655de2adeec6..0000000000000000000000000000000000000000 --- a/crypto/rsa/rsa_x931.c +++ /dev/null @@ -1,123 +0,0 @@ -/* - * Copyright 2005-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * RSA low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include -#include "internal/cryptlib.h" -#include -#include -#include - -int RSA_padding_add_X931(unsigned char *to, int tlen, - const unsigned char *from, int flen) -{ - int j; - unsigned char *p; - - /* - * Absolute minimum amount of padding is 1 header nibble, 1 padding - * nibble and 2 trailer bytes: but 1 hash if is already in 'from'. - */ - - j = tlen - flen - 2; - - if (j < 0) { - ERR_raise(ERR_LIB_RSA, RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); - return -1; - } - - p = (unsigned char *)to; - - /* If no padding start and end nibbles are in one byte */ - if (j == 0) { - *p++ = 0x6A; - } else { - *p++ = 0x6B; - if (j > 1) { - memset(p, 0xBB, j - 1); - p += j - 1; - } - *p++ = 0xBA; - } - memcpy(p, from, (unsigned int)flen); - p += flen; - *p = 0xCC; - return 1; -} - -int RSA_padding_check_X931(unsigned char *to, int tlen, - const unsigned char *from, int flen, int num) -{ - int i = 0, j; - const unsigned char *p; - - p = from; - if ((num != flen) || ((*p != 0x6A) && (*p != 0x6B))) { - ERR_raise(ERR_LIB_RSA, RSA_R_INVALID_HEADER); - return -1; - } - - if (*p++ == 0x6B) { - j = flen - 3; - for (i = 0; i < j; i++) { - unsigned char c = *p++; - if (c == 0xBA) - break; - if (c != 0xBB) { - ERR_raise(ERR_LIB_RSA, RSA_R_INVALID_PADDING); - return -1; - } - } - - j -= i; - - if (i == 0) { - ERR_raise(ERR_LIB_RSA, RSA_R_INVALID_PADDING); - return -1; - } - - } else { - j = flen - 2; - } - - if (p[j] != 0xCC) { - ERR_raise(ERR_LIB_RSA, RSA_R_INVALID_TRAILER); - return -1; - } - - memcpy(to, p, (unsigned int)j); - - return j; -} - -/* Translate between X931 hash ids and NIDs */ - -int RSA_X931_hash_id(int nid) -{ - switch (nid) { - case NID_sha1: - return 0x33; - - case NID_sha256: - return 0x34; - - case NID_sha384: - return 0x36; - - case NID_sha512: - return 0x35; - - } - return -1; -} diff --git a/crypto/rsa/rsa_x931g.c b/crypto/rsa/rsa_x931g.c deleted file mode 100644 index 5a309a98c347292c4882a380686635e0923e9e63..0000000000000000000000000000000000000000 --- a/crypto/rsa/rsa_x931g.c +++ /dev/null @@ -1,206 +0,0 @@ -/* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * RSA low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#define OPENSSL_SUPPRESS_DEPRECATED - -#include -#include -#include -#include -#include -#include "rsa_local.h" - -/* X9.31 RSA key derivation and generation */ - -int RSA_X931_derive_ex(RSA *rsa, BIGNUM *p1, BIGNUM *p2, BIGNUM *q1, - BIGNUM *q2, const BIGNUM *Xp1, const BIGNUM *Xp2, - const BIGNUM *Xp, const BIGNUM *Xq1, const BIGNUM *Xq2, - const BIGNUM *Xq, const BIGNUM *e, BN_GENCB *cb) -{ - BIGNUM *r0 = NULL, *r1 = NULL, *r2 = NULL, *r3 = NULL; - BN_CTX *ctx = NULL, *ctx2 = NULL; - int ret = 0; - - if (!rsa) - goto err; - - ctx = BN_CTX_new(); - if (ctx == NULL) - goto err; - BN_CTX_start(ctx); - - r0 = BN_CTX_get(ctx); - r1 = BN_CTX_get(ctx); - r2 = BN_CTX_get(ctx); - r3 = BN_CTX_get(ctx); - - if (r3 == NULL) - goto err; - if (!rsa->e) { - rsa->e = BN_dup(e); - if (!rsa->e) - goto err; - } else { - e = rsa->e; - } - - /* - * If not all parameters present only calculate what we can. This allows - * test programs to output selective parameters. - */ - - if (Xp && rsa->p == NULL) { - rsa->p = BN_new(); - if (rsa->p == NULL) - goto err; - - if (!BN_X931_derive_prime_ex(rsa->p, p1, p2, - Xp, Xp1, Xp2, e, ctx, cb)) - goto err; - } - - if (Xq && rsa->q == NULL) { - rsa->q = BN_new(); - if (rsa->q == NULL) - goto err; - if (!BN_X931_derive_prime_ex(rsa->q, q1, q2, - Xq, Xq1, Xq2, e, ctx, cb)) - goto err; - } - - if (rsa->p == NULL || rsa->q == NULL) { - BN_CTX_end(ctx); - BN_CTX_free(ctx); - return 2; - } - - /* - * Since both primes are set we can now calculate all remaining - * components. - */ - - /* calculate n */ - rsa->n = BN_new(); - if (rsa->n == NULL) - goto err; - if (!BN_mul(rsa->n, rsa->p, rsa->q, ctx)) - goto err; - - /* calculate d */ - if (!BN_sub(r1, rsa->p, BN_value_one())) - goto err; /* p-1 */ - if (!BN_sub(r2, rsa->q, BN_value_one())) - goto err; /* q-1 */ - if (!BN_mul(r0, r1, r2, ctx)) - goto err; /* (p-1)(q-1) */ - - if (!BN_gcd(r3, r1, r2, ctx)) - goto err; - - if (!BN_div(r0, NULL, r0, r3, ctx)) - goto err; /* LCM((p-1)(q-1)) */ - - ctx2 = BN_CTX_new(); - if (ctx2 == NULL) - goto err; - - rsa->d = BN_mod_inverse(NULL, rsa->e, r0, ctx2); /* d */ - if (rsa->d == NULL) - goto err; - - /* calculate d mod (p-1) */ - rsa->dmp1 = BN_new(); - if (rsa->dmp1 == NULL) - goto err; - if (!BN_mod(rsa->dmp1, rsa->d, r1, ctx)) - goto err; - - /* calculate d mod (q-1) */ - rsa->dmq1 = BN_new(); - if (rsa->dmq1 == NULL) - goto err; - if (!BN_mod(rsa->dmq1, rsa->d, r2, ctx)) - goto err; - - /* calculate inverse of q mod p */ - rsa->iqmp = BN_mod_inverse(NULL, rsa->q, rsa->p, ctx2); - if (rsa->iqmp == NULL) - goto err; - - rsa->dirty_cnt++; - ret = 1; - err: - BN_CTX_end(ctx); - BN_CTX_free(ctx); - BN_CTX_free(ctx2); - - return ret; - -} - -int RSA_X931_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e, - BN_GENCB *cb) -{ - int ok = 0; - BIGNUM *Xp = NULL, *Xq = NULL; - BN_CTX *ctx = NULL; - - ctx = BN_CTX_new(); - if (ctx == NULL) - goto error; - - BN_CTX_start(ctx); - Xp = BN_CTX_get(ctx); - Xq = BN_CTX_get(ctx); - if (Xq == NULL) - goto error; - if (!BN_X931_generate_Xpq(Xp, Xq, bits, ctx)) - goto error; - - rsa->p = BN_new(); - rsa->q = BN_new(); - if (rsa->p == NULL || rsa->q == NULL) - goto error; - - /* Generate two primes from Xp, Xq */ - - if (!BN_X931_generate_prime_ex(rsa->p, NULL, NULL, NULL, NULL, Xp, - e, ctx, cb)) - goto error; - - if (!BN_X931_generate_prime_ex(rsa->q, NULL, NULL, NULL, NULL, Xq, - e, ctx, cb)) - goto error; - - /* - * Since rsa->p and rsa->q are valid this call will just derive remaining - * RSA components. - */ - - if (!RSA_X931_derive_ex(rsa, NULL, NULL, NULL, NULL, - NULL, NULL, NULL, NULL, NULL, NULL, e, cb)) - goto error; - - rsa->dirty_cnt++; - ok = 1; - - error: - BN_CTX_end(ctx); - BN_CTX_free(ctx); - - if (ok) - return 1; - - return 0; - -} diff --git a/crypto/s390x_arch.h b/crypto/s390x_arch.h deleted file mode 100644 index a7bde67d90f531166246ca17e597aa26f21c0722..0000000000000000000000000000000000000000 --- a/crypto/s390x_arch.h +++ /dev/null @@ -1,173 +0,0 @@ -/* - * Copyright 2017-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#ifndef OSSL_CRYPTO_S390X_ARCH_H -# define OSSL_CRYPTO_S390X_ARCH_H - -# ifndef __ASSEMBLER__ - -void s390x_kimd(const unsigned char *in, size_t len, unsigned int fc, - void *param); -void s390x_klmd(const unsigned char *in, size_t inlen, unsigned char *out, - size_t outlen, unsigned int fc, void *param); -void s390x_km(const unsigned char *in, size_t len, unsigned char *out, - unsigned int fc, void *param); -void s390x_kmac(const unsigned char *in, size_t len, unsigned int fc, - void *param); -void s390x_kmo(const unsigned char *in, size_t len, unsigned char *out, - unsigned int fc, void *param); -void s390x_kmf(const unsigned char *in, size_t len, unsigned char *out, - unsigned int fc, void *param); -void s390x_kma(const unsigned char *aad, size_t alen, const unsigned char *in, - size_t len, unsigned char *out, unsigned int fc, void *param); -int s390x_pcc(unsigned int fc, void *param); -int s390x_kdsa(unsigned int fc, void *param, const unsigned char *in, - size_t len); - -void s390x_flip_endian32(unsigned char dst[32], const unsigned char src[32]); -void s390x_flip_endian64(unsigned char dst[64], const unsigned char src[64]); - -int s390x_x25519_mul(unsigned char u_dst[32], - const unsigned char u_src[32], - const unsigned char d_src[32]); -int s390x_x448_mul(unsigned char u_dst[56], - const unsigned char u_src[56], - const unsigned char d_src[56]); -int s390x_ed25519_mul(unsigned char x_dst[32], - unsigned char y_dst[32], - const unsigned char x_src[32], - const unsigned char y_src[32], - const unsigned char d_src[32]); -int s390x_ed448_mul(unsigned char x_dst[57], - unsigned char y_dst[57], - const unsigned char x_src[57], - const unsigned char y_src[57], - const unsigned char d_src[57]); - -/* - * The field elements of OPENSSL_s390xcap_P are the 64-bit words returned by - * the STFLE instruction followed by the 64-bit word pairs returned by - * instructions' QUERY functions. If STFLE returns fewer data or an instruction - * is not supported, the corresponding field elements are zero. - */ -struct OPENSSL_s390xcap_st { - unsigned long long stfle[4]; - unsigned long long kimd[2]; - unsigned long long klmd[2]; - unsigned long long km[2]; - unsigned long long kmc[2]; - unsigned long long kmac[2]; - unsigned long long kmctr[2]; - unsigned long long kmo[2]; - unsigned long long kmf[2]; - unsigned long long prno[2]; - unsigned long long kma[2]; - unsigned long long pcc[2]; - unsigned long long kdsa[2]; -}; - -#if defined(__GNUC__) && defined(__linux) -__attribute__ ((visibility("hidden"))) -#endif -extern struct OPENSSL_s390xcap_st OPENSSL_s390xcap_P; - -/* Max number of 64-bit words currently returned by STFLE */ -# define S390X_STFLE_MAX 3 - -/* convert facility bit number or function code to bit mask */ -# define S390X_CAPBIT(i) (1ULL << (63 - (i) % 64)) - -# endif - -/* OPENSSL_s390xcap_P offsets [bytes] */ -# define S390X_STFLE 0x00 -# define S390X_KIMD 0x20 -# define S390X_KLMD 0x30 -# define S390X_KM 0x40 -# define S390X_KMC 0x50 -# define S390X_KMAC 0x60 -# define S390X_KMCTR 0x70 -# define S390X_KMO 0x80 -# define S390X_KMF 0x90 -# define S390X_PRNO 0xa0 -# define S390X_KMA 0xb0 -# define S390X_PCC 0xc0 -# define S390X_KDSA 0xd0 - -/* Facility Bit Numbers */ -# define S390X_MSA 17 /* message-security-assist */ -# define S390X_STCKF 25 /* store-clock-fast */ -# define S390X_MSA5 57 /* message-security-assist-ext. 5 */ -# define S390X_MSA3 76 /* message-security-assist-ext. 3 */ -# define S390X_MSA4 77 /* message-security-assist-ext. 4 */ -# define S390X_VX 129 /* vector */ -# define S390X_VXD 134 /* vector packed decimal */ -# define S390X_VXE 135 /* vector enhancements 1 */ -# define S390X_MSA8 146 /* message-security-assist-ext. 8 */ -# define S390X_MSA9 155 /* message-security-assist-ext. 9 */ - -/* Function Codes */ - -/* all instructions */ -# define S390X_QUERY 0 - -/* kimd/klmd */ -# define S390X_SHA_1 1 -# define S390X_SHA_256 2 -# define S390X_SHA_512 3 -# define S390X_SHA3_224 32 -# define S390X_SHA3_256 33 -# define S390X_SHA3_384 34 -# define S390X_SHA3_512 35 -# define S390X_SHAKE_128 36 -# define S390X_SHAKE_256 37 -# define S390X_GHASH 65 - -/* km/kmc/kmac/kmctr/kmo/kmf/kma */ -# define S390X_AES_128 18 -# define S390X_AES_192 19 -# define S390X_AES_256 20 - -/* km */ -# define S390X_XTS_AES_128 50 -# define S390X_XTS_AES_256 52 - -/* prno */ -# define S390X_SHA_512_DRNG 3 -# define S390X_TRNG 114 - -/* pcc */ -# define S390X_SCALAR_MULTIPLY_P256 64 -# define S390X_SCALAR_MULTIPLY_P384 65 -# define S390X_SCALAR_MULTIPLY_P521 66 -# define S390X_SCALAR_MULTIPLY_ED25519 72 -# define S390X_SCALAR_MULTIPLY_ED448 73 -# define S390X_SCALAR_MULTIPLY_X25519 80 -# define S390X_SCALAR_MULTIPLY_X448 81 - -/* kdsa */ -# define S390X_ECDSA_VERIFY_P256 1 -# define S390X_ECDSA_VERIFY_P384 2 -# define S390X_ECDSA_VERIFY_P521 3 -# define S390X_ECDSA_SIGN_P256 9 -# define S390X_ECDSA_SIGN_P384 10 -# define S390X_ECDSA_SIGN_P521 11 -# define S390X_EDDSA_VERIFY_ED25519 32 -# define S390X_EDDSA_VERIFY_ED448 36 -# define S390X_EDDSA_SIGN_ED25519 40 -# define S390X_EDDSA_SIGN_ED448 44 - -/* Register 0 Flags */ -# define S390X_DECRYPT 0x80 -# define S390X_KMA_LPC 0x100 -# define S390X_KMA_LAAD 0x200 -# define S390X_KMA_HS 0x400 -# define S390X_KDSA_D 0x80 - -#endif diff --git a/crypto/s390xcap.c b/crypto/s390xcap.c deleted file mode 100644 index ea38ff8f0856e9371812d1807737dab88feadae2..0000000000000000000000000000000000000000 --- a/crypto/s390xcap.c +++ /dev/null @@ -1,745 +0,0 @@ -/* - * Copyright 2010-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include -#include -#include "internal/cryptlib.h" -#include "crypto/ctype.h" -#include "s390x_arch.h" - -#if defined(__GLIBC__) && defined(__GLIBC_PREREQ) -# if __GLIBC_PREREQ(2, 16) -# include -# if defined(HWCAP_S390_STFLE) && defined(HWCAP_S390_VX) -# define OSSL_IMPLEMENT_GETAUXVAL -# endif -# endif -#endif - -#define LEN 128 -#define STR_(S) #S -#define STR(S) STR_(S) - -#define TOK_FUNC(NAME) \ - (sscanf(tok_begin, \ - " " STR(NAME) " : %" STR(LEN) "[^:] : " \ - "%" STR(LEN) "s %" STR(LEN) "s ", \ - tok[0], tok[1], tok[2]) == 2) { \ - \ - off = (tok[0][0] == '~') ? 1 : 0; \ - if (sscanf(tok[0] + off, "%llx", &cap->NAME[0]) != 1) \ - goto ret; \ - if (off) \ - cap->NAME[0] = ~cap->NAME[0]; \ - \ - off = (tok[1][0] == '~') ? 1 : 0; \ - if (sscanf(tok[1] + off, "%llx", &cap->NAME[1]) != 1) \ - goto ret; \ - if (off) \ - cap->NAME[1] = ~cap->NAME[1]; \ - } - -#define TOK_CPU(NAME) \ - (sscanf(tok_begin, \ - " %" STR(LEN) "s %" STR(LEN) "s ", \ - tok[0], tok[1]) == 1 \ - && !strcmp(tok[0], #NAME)) { \ - memcpy(cap, &NAME, sizeof(*cap)); \ - } - -#ifndef OSSL_IMPLEMENT_GETAUXVAL -static sigjmp_buf ill_jmp; -static void ill_handler(int sig) -{ - siglongjmp(ill_jmp, sig); -} - -void OPENSSL_vx_probe(void); -#endif - -static const char *env; -static int parse_env(struct OPENSSL_s390xcap_st *cap); - -void OPENSSL_s390x_facilities(void); -void OPENSSL_s390x_functions(void); - -struct OPENSSL_s390xcap_st OPENSSL_s390xcap_P; - -#if defined(__GNUC__) && defined(__linux) -__attribute__ ((visibility("hidden"))) -#endif -void OPENSSL_cpuid_setup(void) -{ - struct OPENSSL_s390xcap_st cap; - - if (OPENSSL_s390xcap_P.stfle[0]) - return; - - /* set a bit that will not be tested later */ - OPENSSL_s390xcap_P.stfle[0] |= S390X_CAPBIT(0); - -#if defined(OSSL_IMPLEMENT_GETAUXVAL) - { - const unsigned long hwcap = getauxval(AT_HWCAP); - - /* protection against missing store-facility-list-extended */ - if (hwcap & HWCAP_S390_STFLE) - OPENSSL_s390x_facilities(); - - /* protection against disabled vector facility */ - if (!(hwcap & HWCAP_S390_VX)) { - OPENSSL_s390xcap_P.stfle[2] &= ~(S390X_CAPBIT(S390X_VX) - | S390X_CAPBIT(S390X_VXD) - | S390X_CAPBIT(S390X_VXE)); - } - } -#else - { - sigset_t oset; - struct sigaction ill_act, oact_ill, oact_fpe; - - memset(&ill_act, 0, sizeof(ill_act)); - ill_act.sa_handler = ill_handler; - sigfillset(&ill_act.sa_mask); - sigdelset(&ill_act.sa_mask, SIGILL); - sigdelset(&ill_act.sa_mask, SIGFPE); - sigdelset(&ill_act.sa_mask, SIGTRAP); - - sigprocmask(SIG_SETMASK, &ill_act.sa_mask, &oset); - sigaction(SIGILL, &ill_act, &oact_ill); - sigaction(SIGFPE, &ill_act, &oact_fpe); - - /* protection against missing store-facility-list-extended */ - if (sigsetjmp(ill_jmp, 1) == 0) - OPENSSL_s390x_facilities(); - - /* protection against disabled vector facility */ - if ((OPENSSL_s390xcap_P.stfle[2] & S390X_CAPBIT(S390X_VX)) - && (sigsetjmp(ill_jmp, 1) == 0)) { - OPENSSL_vx_probe(); - } else { - OPENSSL_s390xcap_P.stfle[2] &= ~(S390X_CAPBIT(S390X_VX) - | S390X_CAPBIT(S390X_VXD) - | S390X_CAPBIT(S390X_VXE)); - } - - sigaction(SIGFPE, &oact_fpe, NULL); - sigaction(SIGILL, &oact_ill, NULL); - sigprocmask(SIG_SETMASK, &oset, NULL); - } -#endif - - env = getenv("OPENSSL_s390xcap"); - if (env != NULL) { - if (!parse_env(&cap)) - env = NULL; - } - - if (env != NULL) { - OPENSSL_s390xcap_P.stfle[0] &= cap.stfle[0]; - OPENSSL_s390xcap_P.stfle[1] &= cap.stfle[1]; - OPENSSL_s390xcap_P.stfle[2] &= cap.stfle[2]; - } - - OPENSSL_s390x_functions(); /* check OPENSSL_s390xcap_P.stfle */ - - if (env != NULL) { - OPENSSL_s390xcap_P.kimd[0] &= cap.kimd[0]; - OPENSSL_s390xcap_P.kimd[1] &= cap.kimd[1]; - OPENSSL_s390xcap_P.klmd[0] &= cap.klmd[0]; - OPENSSL_s390xcap_P.klmd[1] &= cap.klmd[1]; - OPENSSL_s390xcap_P.km[0] &= cap.km[0]; - OPENSSL_s390xcap_P.km[1] &= cap.km[1]; - OPENSSL_s390xcap_P.kmc[0] &= cap.kmc[0]; - OPENSSL_s390xcap_P.kmc[1] &= cap.kmc[1]; - OPENSSL_s390xcap_P.kmac[0] &= cap.kmac[0]; - OPENSSL_s390xcap_P.kmac[1] &= cap.kmac[1]; - OPENSSL_s390xcap_P.kmctr[0] &= cap.kmctr[0]; - OPENSSL_s390xcap_P.kmctr[1] &= cap.kmctr[1]; - OPENSSL_s390xcap_P.kmo[0] &= cap.kmo[0]; - OPENSSL_s390xcap_P.kmo[1] &= cap.kmo[1]; - OPENSSL_s390xcap_P.kmf[0] &= cap.kmf[0]; - OPENSSL_s390xcap_P.kmf[1] &= cap.kmf[1]; - OPENSSL_s390xcap_P.prno[0] &= cap.prno[0]; - OPENSSL_s390xcap_P.prno[1] &= cap.prno[1]; - OPENSSL_s390xcap_P.kma[0] &= cap.kma[0]; - OPENSSL_s390xcap_P.kma[1] &= cap.kma[1]; - OPENSSL_s390xcap_P.pcc[0] &= cap.pcc[0]; - OPENSSL_s390xcap_P.pcc[1] &= cap.pcc[1]; - OPENSSL_s390xcap_P.kdsa[0] &= cap.kdsa[0]; - OPENSSL_s390xcap_P.kdsa[1] &= cap.kdsa[1]; - } -} - -static int parse_env(struct OPENSSL_s390xcap_st *cap) -{ - /*- - * CPU model data - * (only the STFLE- and QUERY-bits relevant to libcrypto are set) - */ - - /*- - * z900 (2000) - z/Architecture POP SA22-7832-00 - * Facility detection would fail on real hw (no STFLE). - */ - static const struct OPENSSL_s390xcap_st z900 = { - /*.stfle = */{0ULL, 0ULL, 0ULL, 0ULL}, - /*.kimd = */{0ULL, 0ULL}, - /*.klmd = */{0ULL, 0ULL}, - /*.km = */{0ULL, 0ULL}, - /*.kmc = */{0ULL, 0ULL}, - /*.kmac = */{0ULL, 0ULL}, - /*.kmctr = */{0ULL, 0ULL}, - /*.kmo = */{0ULL, 0ULL}, - /*.kmf = */{0ULL, 0ULL}, - /*.prno = */{0ULL, 0ULL}, - /*.kma = */{0ULL, 0ULL}, - /*.pcc = */{0ULL, 0ULL}, - /*.kdsa = */{0ULL, 0ULL}, - }; - - /*- - * z990 (2003) - z/Architecture POP SA22-7832-02 - * Implements MSA. Facility detection would fail on real hw (no STFLE). - */ - static const struct OPENSSL_s390xcap_st z990 = { - /*.stfle = */{S390X_CAPBIT(S390X_MSA), - 0ULL, 0ULL, 0ULL}, - /*.kimd = */{S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_SHA_1), - 0ULL}, - /*.klmd = */{S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_SHA_1), - 0ULL}, - /*.km = */{S390X_CAPBIT(S390X_QUERY), - 0ULL}, - /*.kmc = */{S390X_CAPBIT(S390X_QUERY), - 0ULL}, - /*.kmac = */{S390X_CAPBIT(S390X_QUERY), - 0ULL}, - /*.kmctr = */{0ULL, 0ULL}, - /*.kmo = */{0ULL, 0ULL}, - /*.kmf = */{0ULL, 0ULL}, - /*.prno = */{0ULL, 0ULL}, - /*.kma = */{0ULL, 0ULL}, - /*.pcc = */{0ULL, 0ULL}, - /*.kdsa = */{0ULL, 0ULL}, - }; - - /*- - * z9 (2005) - z/Architecture POP SA22-7832-04 - * Implements MSA and MSA1. - */ - static const struct OPENSSL_s390xcap_st z9 = { - /*.stfle = */{S390X_CAPBIT(S390X_MSA) - | S390X_CAPBIT(S390X_STCKF), - 0ULL, 0ULL, 0ULL}, - /*.kimd = */{S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_SHA_1) - | S390X_CAPBIT(S390X_SHA_256), - 0ULL}, - /*.klmd = */{S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_SHA_1) - | S390X_CAPBIT(S390X_SHA_256), - 0ULL}, - /*.km = */{S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_AES_128), - 0ULL}, - /*.kmc = */{S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_AES_128), - 0ULL}, - /*.kmac = */{S390X_CAPBIT(S390X_QUERY), - 0ULL}, - /*.kmctr = */{0ULL, 0ULL}, - /*.kmo = */{0ULL, 0ULL}, - /*.kmf = */{0ULL, 0ULL}, - /*.prno = */{0ULL, 0ULL}, - /*.kma = */{0ULL, 0ULL}, - /*.pcc = */{0ULL, 0ULL}, - /*.kdsa = */{0ULL, 0ULL}, - }; - - /*- - * z10 (2008) - z/Architecture POP SA22-7832-06 - * Implements MSA and MSA1-2. - */ - static const struct OPENSSL_s390xcap_st z10 = { - /*.stfle = */{S390X_CAPBIT(S390X_MSA) - | S390X_CAPBIT(S390X_STCKF), - 0ULL, 0ULL, 0ULL}, - /*.kimd = */{S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_SHA_1) - | S390X_CAPBIT(S390X_SHA_256) - | S390X_CAPBIT(S390X_SHA_512), - 0ULL}, - /*.klmd = */{S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_SHA_1) - | S390X_CAPBIT(S390X_SHA_256) - | S390X_CAPBIT(S390X_SHA_512), - 0ULL}, - /*.km = */{S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_AES_128) - | S390X_CAPBIT(S390X_AES_192) - | S390X_CAPBIT(S390X_AES_256), - 0ULL}, - /*.kmc = */{S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_AES_128) - | S390X_CAPBIT(S390X_AES_192) - | S390X_CAPBIT(S390X_AES_256), - 0ULL}, - /*.kmac = */{S390X_CAPBIT(S390X_QUERY), - 0ULL}, - /*.kmctr = */{0ULL, 0ULL}, - /*.kmo = */{0ULL, 0ULL}, - /*.kmf = */{0ULL, 0ULL}, - /*.prno = */{0ULL, 0ULL}, - /*.kma = */{0ULL, 0ULL}, - /*.pcc = */{0ULL, 0ULL}, - /*.kdsa = */{0ULL, 0ULL}, - }; - - /*- - * z196 (2010) - z/Architecture POP SA22-7832-08 - * Implements MSA and MSA1-4. - */ - static const struct OPENSSL_s390xcap_st z196 = { - /*.stfle = */{S390X_CAPBIT(S390X_MSA) - | S390X_CAPBIT(S390X_STCKF), - S390X_CAPBIT(S390X_MSA3) - | S390X_CAPBIT(S390X_MSA4), - 0ULL, 0ULL}, - /*.kimd = */{S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_SHA_1) - | S390X_CAPBIT(S390X_SHA_256) - | S390X_CAPBIT(S390X_SHA_512), - S390X_CAPBIT(S390X_GHASH)}, - /*.klmd = */{S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_SHA_1) - | S390X_CAPBIT(S390X_SHA_256) - | S390X_CAPBIT(S390X_SHA_512), - 0ULL}, - /*.km = */{S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_AES_128) - | S390X_CAPBIT(S390X_AES_192) - | S390X_CAPBIT(S390X_AES_256) - | S390X_CAPBIT(S390X_XTS_AES_128) - | S390X_CAPBIT(S390X_XTS_AES_256), - 0ULL}, - /*.kmc = */{S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_AES_128) - | S390X_CAPBIT(S390X_AES_192) - | S390X_CAPBIT(S390X_AES_256), - 0ULL}, - /*.kmac = */{S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_AES_128) - | S390X_CAPBIT(S390X_AES_192) - | S390X_CAPBIT(S390X_AES_256), - 0ULL}, - /*.kmctr = */{S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_AES_128) - | S390X_CAPBIT(S390X_AES_192) - | S390X_CAPBIT(S390X_AES_256), - 0ULL}, - /*.kmo = */{S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_AES_128) - | S390X_CAPBIT(S390X_AES_192) - | S390X_CAPBIT(S390X_AES_256), - 0ULL}, - /*.kmf = */{S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_AES_128) - | S390X_CAPBIT(S390X_AES_192) - | S390X_CAPBIT(S390X_AES_256), - 0ULL}, - /*.prno = */{0ULL, 0ULL}, - /*.kma = */{0ULL, 0ULL}, - /*.pcc = */{S390X_CAPBIT(S390X_QUERY), - 0ULL}, - /*.kdsa = */{0ULL, 0ULL}, - }; - - /*- - * zEC12 (2012) - z/Architecture POP SA22-7832-09 - * Implements MSA and MSA1-4. - */ - static const struct OPENSSL_s390xcap_st zEC12 = { - /*.stfle = */{S390X_CAPBIT(S390X_MSA) - | S390X_CAPBIT(S390X_STCKF), - S390X_CAPBIT(S390X_MSA3) - | S390X_CAPBIT(S390X_MSA4), - 0ULL, 0ULL}, - /*.kimd = */{S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_SHA_1) - | S390X_CAPBIT(S390X_SHA_256) - | S390X_CAPBIT(S390X_SHA_512), - S390X_CAPBIT(S390X_GHASH)}, - /*.klmd = */{S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_SHA_1) - | S390X_CAPBIT(S390X_SHA_256) - | S390X_CAPBIT(S390X_SHA_512), - 0ULL}, - /*.km = */{S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_AES_128) - | S390X_CAPBIT(S390X_AES_192) - | S390X_CAPBIT(S390X_AES_256) - | S390X_CAPBIT(S390X_XTS_AES_128) - | S390X_CAPBIT(S390X_XTS_AES_256), - 0ULL}, - /*.kmc = */{S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_AES_128) - | S390X_CAPBIT(S390X_AES_192) - | S390X_CAPBIT(S390X_AES_256), - 0ULL}, - /*.kmac = */{S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_AES_128) - | S390X_CAPBIT(S390X_AES_192) - | S390X_CAPBIT(S390X_AES_256), - 0ULL}, - /*.kmctr = */{S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_AES_128) - | S390X_CAPBIT(S390X_AES_192) - | S390X_CAPBIT(S390X_AES_256), - 0ULL}, - /*.kmo = */{S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_AES_128) - | S390X_CAPBIT(S390X_AES_192) - | S390X_CAPBIT(S390X_AES_256), - 0ULL}, - /*.kmf = */{S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_AES_128) - | S390X_CAPBIT(S390X_AES_192) - | S390X_CAPBIT(S390X_AES_256), - 0ULL}, - /*.prno = */{0ULL, 0ULL}, - /*.kma = */{0ULL, 0ULL}, - /*.pcc = */{S390X_CAPBIT(S390X_QUERY), - 0ULL}, - /*.kdsa = */{0ULL, 0ULL}, - }; - - /*- - * z13 (2015) - z/Architecture POP SA22-7832-10 - * Implements MSA and MSA1-5. - */ - static const struct OPENSSL_s390xcap_st z13 = { - /*.stfle = */{S390X_CAPBIT(S390X_MSA) - | S390X_CAPBIT(S390X_STCKF) - | S390X_CAPBIT(S390X_MSA5), - S390X_CAPBIT(S390X_MSA3) - | S390X_CAPBIT(S390X_MSA4), - S390X_CAPBIT(S390X_VX), - 0ULL}, - /*.kimd = */{S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_SHA_1) - | S390X_CAPBIT(S390X_SHA_256) - | S390X_CAPBIT(S390X_SHA_512), - S390X_CAPBIT(S390X_GHASH)}, - /*.klmd = */{S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_SHA_1) - | S390X_CAPBIT(S390X_SHA_256) - | S390X_CAPBIT(S390X_SHA_512), - 0ULL}, - /*.km = */{S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_AES_128) - | S390X_CAPBIT(S390X_AES_192) - | S390X_CAPBIT(S390X_AES_256) - | S390X_CAPBIT(S390X_XTS_AES_128) - | S390X_CAPBIT(S390X_XTS_AES_256), - 0ULL}, - /*.kmc = */{S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_AES_128) - | S390X_CAPBIT(S390X_AES_192) - | S390X_CAPBIT(S390X_AES_256), - 0ULL}, - /*.kmac = */{S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_AES_128) - | S390X_CAPBIT(S390X_AES_192) - | S390X_CAPBIT(S390X_AES_256), - 0ULL}, - /*.kmctr = */{S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_AES_128) - | S390X_CAPBIT(S390X_AES_192) - | S390X_CAPBIT(S390X_AES_256), - 0ULL}, - /*.kmo = */{S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_AES_128) - | S390X_CAPBIT(S390X_AES_192) - | S390X_CAPBIT(S390X_AES_256), - 0ULL}, - /*.kmf = */{S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_AES_128) - | S390X_CAPBIT(S390X_AES_192) - | S390X_CAPBIT(S390X_AES_256), - 0ULL}, - /*.prno = */{S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_SHA_512_DRNG), - 0ULL}, - /*.kma = */{0ULL, 0ULL}, - /*.pcc = */{S390X_CAPBIT(S390X_QUERY), - 0ULL}, - /*.kdsa = */{0ULL, 0ULL}, - }; - - /*- - * z14 (2017) - z/Architecture POP SA22-7832-11 - * Implements MSA and MSA1-8. - */ - static const struct OPENSSL_s390xcap_st z14 = { - /*.stfle = */{S390X_CAPBIT(S390X_MSA) - | S390X_CAPBIT(S390X_STCKF) - | S390X_CAPBIT(S390X_MSA5), - S390X_CAPBIT(S390X_MSA3) - | S390X_CAPBIT(S390X_MSA4), - S390X_CAPBIT(S390X_VX) - | S390X_CAPBIT(S390X_VXD) - | S390X_CAPBIT(S390X_VXE) - | S390X_CAPBIT(S390X_MSA8), - 0ULL}, - /*.kimd = */{S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_SHA_1) - | S390X_CAPBIT(S390X_SHA_256) - | S390X_CAPBIT(S390X_SHA_512) - | S390X_CAPBIT(S390X_SHA3_224) - | S390X_CAPBIT(S390X_SHA3_256) - | S390X_CAPBIT(S390X_SHA3_384) - | S390X_CAPBIT(S390X_SHA3_512) - | S390X_CAPBIT(S390X_SHAKE_128) - | S390X_CAPBIT(S390X_SHAKE_256), - S390X_CAPBIT(S390X_GHASH)}, - /*.klmd = */{S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_SHA_1) - | S390X_CAPBIT(S390X_SHA_256) - | S390X_CAPBIT(S390X_SHA_512) - | S390X_CAPBIT(S390X_SHA3_224) - | S390X_CAPBIT(S390X_SHA3_256) - | S390X_CAPBIT(S390X_SHA3_384) - | S390X_CAPBIT(S390X_SHA3_512) - | S390X_CAPBIT(S390X_SHAKE_128) - | S390X_CAPBIT(S390X_SHAKE_256), - 0ULL}, - /*.km = */{S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_AES_128) - | S390X_CAPBIT(S390X_AES_192) - | S390X_CAPBIT(S390X_AES_256) - | S390X_CAPBIT(S390X_XTS_AES_128) - | S390X_CAPBIT(S390X_XTS_AES_256), - 0ULL}, - /*.kmc = */{S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_AES_128) - | S390X_CAPBIT(S390X_AES_192) - | S390X_CAPBIT(S390X_AES_256), - 0ULL}, - /*.kmac = */{S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_AES_128) - | S390X_CAPBIT(S390X_AES_192) - | S390X_CAPBIT(S390X_AES_256), - 0ULL}, - /*.kmctr = */{S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_AES_128) - | S390X_CAPBIT(S390X_AES_192) - | S390X_CAPBIT(S390X_AES_256), - 0ULL}, - /*.kmo = */{S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_AES_128) - | S390X_CAPBIT(S390X_AES_192) - | S390X_CAPBIT(S390X_AES_256), - 0ULL}, - /*.kmf = */{S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_AES_128) - | S390X_CAPBIT(S390X_AES_192) - | S390X_CAPBIT(S390X_AES_256), - 0ULL}, - /*.prno = */{S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_SHA_512_DRNG), - S390X_CAPBIT(S390X_TRNG)}, - /*.kma = */{S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_AES_128) - | S390X_CAPBIT(S390X_AES_192) - | S390X_CAPBIT(S390X_AES_256), - 0ULL}, - /*.pcc = */{S390X_CAPBIT(S390X_QUERY), - 0ULL}, - /*.kdsa = */{0ULL, 0ULL}, - }; - - /*- - * z15 (2019) - z/Architecture POP SA22-7832-12 - * Implements MSA and MSA1-9. - */ - static const struct OPENSSL_s390xcap_st z15 = { - /*.stfle = */{S390X_CAPBIT(S390X_MSA) - | S390X_CAPBIT(S390X_STCKF) - | S390X_CAPBIT(S390X_MSA5), - S390X_CAPBIT(S390X_MSA3) - | S390X_CAPBIT(S390X_MSA4), - S390X_CAPBIT(S390X_VX) - | S390X_CAPBIT(S390X_VXD) - | S390X_CAPBIT(S390X_VXE) - | S390X_CAPBIT(S390X_MSA8) - | S390X_CAPBIT(S390X_MSA9), - 0ULL}, - /*.kimd = */{S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_SHA_1) - | S390X_CAPBIT(S390X_SHA_256) - | S390X_CAPBIT(S390X_SHA_512) - | S390X_CAPBIT(S390X_SHA3_224) - | S390X_CAPBIT(S390X_SHA3_256) - | S390X_CAPBIT(S390X_SHA3_384) - | S390X_CAPBIT(S390X_SHA3_512) - | S390X_CAPBIT(S390X_SHAKE_128) - | S390X_CAPBIT(S390X_SHAKE_256), - S390X_CAPBIT(S390X_GHASH)}, - /*.klmd = */{S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_SHA_1) - | S390X_CAPBIT(S390X_SHA_256) - | S390X_CAPBIT(S390X_SHA_512) - | S390X_CAPBIT(S390X_SHA3_224) - | S390X_CAPBIT(S390X_SHA3_256) - | S390X_CAPBIT(S390X_SHA3_384) - | S390X_CAPBIT(S390X_SHA3_512) - | S390X_CAPBIT(S390X_SHAKE_128) - | S390X_CAPBIT(S390X_SHAKE_256), - 0ULL}, - /*.km = */{S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_AES_128) - | S390X_CAPBIT(S390X_AES_192) - | S390X_CAPBIT(S390X_AES_256) - | S390X_CAPBIT(S390X_XTS_AES_128) - | S390X_CAPBIT(S390X_XTS_AES_256), - 0ULL}, - /*.kmc = */{S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_AES_128) - | S390X_CAPBIT(S390X_AES_192) - | S390X_CAPBIT(S390X_AES_256), - 0ULL}, - /*.kmac = */{S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_AES_128) - | S390X_CAPBIT(S390X_AES_192) - | S390X_CAPBIT(S390X_AES_256), - 0ULL}, - /*.kmctr = */{S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_AES_128) - | S390X_CAPBIT(S390X_AES_192) - | S390X_CAPBIT(S390X_AES_256), - 0ULL}, - /*.kmo = */{S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_AES_128) - | S390X_CAPBIT(S390X_AES_192) - | S390X_CAPBIT(S390X_AES_256), - 0ULL}, - /*.kmf = */{S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_AES_128) - | S390X_CAPBIT(S390X_AES_192) - | S390X_CAPBIT(S390X_AES_256), - 0ULL}, - /*.prno = */{S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_SHA_512_DRNG), - S390X_CAPBIT(S390X_TRNG)}, - /*.kma = */{S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_AES_128) - | S390X_CAPBIT(S390X_AES_192) - | S390X_CAPBIT(S390X_AES_256), - 0ULL}, - /*.pcc = */{S390X_CAPBIT(S390X_QUERY), - S390X_CAPBIT(S390X_SCALAR_MULTIPLY_P256) - | S390X_CAPBIT(S390X_SCALAR_MULTIPLY_P384) - | S390X_CAPBIT(S390X_SCALAR_MULTIPLY_P521) - | S390X_CAPBIT(S390X_SCALAR_MULTIPLY_ED25519) - | S390X_CAPBIT(S390X_SCALAR_MULTIPLY_ED448) - | S390X_CAPBIT(S390X_SCALAR_MULTIPLY_X25519) - | S390X_CAPBIT(S390X_SCALAR_MULTIPLY_X448)}, - /*.kdsa = */{S390X_CAPBIT(S390X_QUERY) - | S390X_CAPBIT(S390X_ECDSA_VERIFY_P256) - | S390X_CAPBIT(S390X_ECDSA_VERIFY_P384) - | S390X_CAPBIT(S390X_ECDSA_VERIFY_P521) - | S390X_CAPBIT(S390X_ECDSA_SIGN_P256) - | S390X_CAPBIT(S390X_ECDSA_SIGN_P384) - | S390X_CAPBIT(S390X_ECDSA_SIGN_P521) - | S390X_CAPBIT(S390X_EDDSA_VERIFY_ED25519) - | S390X_CAPBIT(S390X_EDDSA_VERIFY_ED448) - | S390X_CAPBIT(S390X_EDDSA_SIGN_ED25519) - | S390X_CAPBIT(S390X_EDDSA_SIGN_ED448), - 0ULL}, - }; - - char *tok_begin, *tok_end, *buff, tok[S390X_STFLE_MAX][LEN + 1]; - int rc, off, i, n; - - buff = malloc(strlen(env) + 1); - if (buff == NULL) - return 0; - - rc = 0; - memset(cap, ~0, sizeof(*cap)); - strcpy(buff, env); - - tok_begin = buff + strspn(buff, ";"); - strtok(tok_begin, ";"); - tok_end = strtok(NULL, ";"); - - while (tok_begin != NULL) { - /* stfle token */ - if ((n = sscanf(tok_begin, - " stfle : %" STR(LEN) "[^:] : " - "%" STR(LEN) "[^:] : %" STR(LEN) "s ", - tok[0], tok[1], tok[2]))) { - for (i = 0; i < n; i++) { - off = (tok[i][0] == '~') ? 1 : 0; - if (sscanf(tok[i] + off, "%llx", &cap->stfle[i]) != 1) - goto ret; - if (off) - cap->stfle[i] = ~cap->stfle[i]; - } - } - - /* query function tokens */ - else if TOK_FUNC(kimd) - else if TOK_FUNC(klmd) - else if TOK_FUNC(km) - else if TOK_FUNC(kmc) - else if TOK_FUNC(kmac) - else if TOK_FUNC(kmctr) - else if TOK_FUNC(kmo) - else if TOK_FUNC(kmf) - else if TOK_FUNC(prno) - else if TOK_FUNC(kma) - else if TOK_FUNC(pcc) - else if TOK_FUNC(kdsa) - - /* CPU model tokens */ - else if TOK_CPU(z900) - else if TOK_CPU(z990) - else if TOK_CPU(z9) - else if TOK_CPU(z10) - else if TOK_CPU(z196) - else if TOK_CPU(zEC12) - else if TOK_CPU(z13) - else if TOK_CPU(z14) - else if TOK_CPU(z15) - - /* whitespace(ignored) or invalid tokens */ - else { - while (*tok_begin != '\0') { - if (!ossl_isspace(*tok_begin)) - goto ret; - tok_begin++; - } - } - - tok_begin = tok_end; - tok_end = strtok(NULL, ";"); - } - - rc = 1; -ret: - free(buff); - return rc; -} diff --git a/crypto/s390xcpuid.pl b/crypto/s390xcpuid.pl deleted file mode 100755 index 560a2f09e97eb9412db78cc2bb8ff768af901fac..0000000000000000000000000000000000000000 --- a/crypto/s390xcpuid.pl +++ /dev/null @@ -1,561 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2009-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - -# $output is the last argument if it looks like a file (it has an extension) -# $flavour is the first argument if it doesn't look like a file -$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; -$flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef; - -if ($flavour =~ /3[12]/) { - $SIZE_T=4; - $g=""; -} else { - $SIZE_T=8; - $g="g"; -} - -$output and open STDOUT,">$output"; - -$ra="%r14"; -$sp="%r15"; -$stdframe=16*$SIZE_T+4*8; - -$code=<<___; -#include "s390x_arch.h" - -.text - -.globl OPENSSL_s390x_facilities -.type OPENSSL_s390x_facilities,\@function -.align 16 -OPENSSL_s390x_facilities: - lghi %r0,0 - larl %r4,OPENSSL_s390xcap_P - - stg %r0,S390X_STFLE+8(%r4) # wipe capability vectors - stg %r0,S390X_STFLE+16(%r4) - stg %r0,S390X_STFLE+24(%r4) - - .long 0xb2b04000 # stfle 0(%r4) - brc 8,.Ldone - lghi %r0,1 - .long 0xb2b04000 # stfle 0(%r4) - brc 8,.Ldone - lghi %r0,2 - .long 0xb2b04000 # stfle 0(%r4) -.Ldone: - br $ra -.size OPENSSL_s390x_facilities,.-OPENSSL_s390x_facilities - -.globl OPENSSL_s390x_functions -.type OPENSSL_s390x_functions,\@function -.align 16 -OPENSSL_s390x_functions: - lghi %r0,0 - larl %r4,OPENSSL_s390xcap_P - - stg %r0,S390X_KIMD(%r4) # wipe capability vectors - stg %r0,S390X_KIMD+8(%r4) - stg %r0,S390X_KLMD(%r4) - stg %r0,S390X_KLMD+8(%r4) - stg %r0,S390X_KM(%r4) - stg %r0,S390X_KM+8(%r4) - stg %r0,S390X_KMC(%r4) - stg %r0,S390X_KMC+8(%r4) - stg %r0,S390X_KMAC(%r4) - stg %r0,S390X_KMAC+8(%r4) - stg %r0,S390X_KMCTR(%r4) - stg %r0,S390X_KMCTR+8(%r4) - stg %r0,S390X_KMO(%r4) - stg %r0,S390X_KMO+8(%r4) - stg %r0,S390X_KMF(%r4) - stg %r0,S390X_KMF+8(%r4) - stg %r0,S390X_PRNO(%r4) - stg %r0,S390X_PRNO+8(%r4) - stg %r0,S390X_KMA(%r4) - stg %r0,S390X_KMA+8(%r4) - stg %r0,S390X_PCC(%r4) - stg %r0,S390X_PCC+8(%r4) - stg %r0,S390X_KDSA(%r4) - stg %r0,S390X_KDSA+8(%r4) - - lmg %r2,%r3,S390X_STFLE(%r4) - - tmhl %r2,0x4000 # check for message-security-assist - jz .Lret - - lghi %r0,S390X_QUERY # query kimd capabilities - la %r1,S390X_KIMD(%r4) - .long 0xb93e0002 # kimd %r0,%r2 - - lghi %r0,S390X_QUERY # query klmd capabilities - la %r1,S390X_KLMD(%r4) - .long 0xb93f0002 # klmd %r0,%r2 - - lghi %r0,S390X_QUERY # query km capability vector - la %r1,S390X_KM(%r4) - .long 0xb92e0042 # km %r4,%r2 - - lghi %r0,S390X_QUERY # query kmc capability vector - la %r1,S390X_KMC(%r4) - .long 0xb92f0042 # kmc %r4,%r2 - - lghi %r0,S390X_QUERY # query kmac capability vector - la %r1,S390X_KMAC(%r4) - .long 0xb91e0042 # kmac %r4,%r2 - - tmhh %r3,0x0008 # check for message-security-assist-3 - jz .Lret - - lghi %r0,S390X_QUERY # query pcc capability vector - la %r1,S390X_PCC(%r4) - .long 0xb92c0000 # pcc - - tmhh %r3,0x0004 # check for message-security-assist-4 - jz .Lret - - lghi %r0,S390X_QUERY # query kmctr capability vector - la %r1,S390X_KMCTR(%r4) - .long 0xb92d2042 # kmctr %r4,%r2,%r2 - - lghi %r0,S390X_QUERY # query kmo capability vector - la %r1,S390X_KMO(%r4) - .long 0xb92b0042 # kmo %r4,%r2 - - lghi %r0,S390X_QUERY # query kmf capability vector - la %r1,S390X_KMF(%r4) - .long 0xb92a0042 # kmf %r4,%r2 - - tml %r2,0x40 # check for message-security-assist-5 - jz .Lret - - lghi %r0,S390X_QUERY # query prno capability vector - la %r1,S390X_PRNO(%r4) - .long 0xb93c0042 # prno %r4,%r2 - - lg %r2,S390X_STFLE+16(%r4) - - tmhl %r2,0x2000 # check for message-security-assist-8 - jz .Lret - - lghi %r0,S390X_QUERY # query kma capability vector - la %r1,S390X_KMA(%r4) - .long 0xb9294022 # kma %r2,%r4,%r2 - - tmhl %r2,0x0010 # check for message-security-assist-9 - jz .Lret - - lghi %r0,S390X_QUERY # query kdsa capability vector - la %r1,S390X_KDSA(%r4) - .long 0xb93a0002 # kdsa %r0,%r2 - -.Lret: - br $ra -.size OPENSSL_s390x_functions,.-OPENSSL_s390x_functions - -.globl OPENSSL_rdtsc -.type OPENSSL_rdtsc,\@function -.align 16 -OPENSSL_rdtsc: - larl %r4,OPENSSL_s390xcap_P - tm S390X_STFLE+3(%r4),0x40 # check for store-clock-fast facility - jz .Lstck - - .long 0xb27cf010 # stckf 16($sp) - lg %r2,16($sp) - br $ra -.Lstck: - stck 16($sp) - lg %r2,16($sp) - br $ra -.size OPENSSL_rdtsc,.-OPENSSL_rdtsc - -.globl OPENSSL_atomic_add -.type OPENSSL_atomic_add,\@function -.align 16 -OPENSSL_atomic_add: - l %r1,0(%r2) -.Lspin: lr %r0,%r1 - ar %r0,%r3 - cs %r1,%r0,0(%r2) - brc 4,.Lspin - lgfr %r2,%r0 # OpenSSL expects the new value - br $ra -.size OPENSSL_atomic_add,.-OPENSSL_atomic_add - -.globl OPENSSL_wipe_cpu -.type OPENSSL_wipe_cpu,\@function -.align 16 -OPENSSL_wipe_cpu: - xgr %r0,%r0 - xgr %r1,%r1 - lgr %r2,$sp - xgr %r3,%r3 - xgr %r4,%r4 - lzdr %f0 - lzdr %f1 - lzdr %f2 - lzdr %f3 - lzdr %f4 - lzdr %f5 - lzdr %f6 - lzdr %f7 - br $ra -.size OPENSSL_wipe_cpu,.-OPENSSL_wipe_cpu - -.globl OPENSSL_cleanse -.type OPENSSL_cleanse,\@function -.align 16 -OPENSSL_cleanse: -#if !defined(__s390x__) && !defined(__s390x) - llgfr %r3,%r3 -#endif - lghi %r4,15 - lghi %r0,0 - clgr %r3,%r4 - jh .Lot - clgr %r3,%r0 - bcr 8,%r14 -.Little: - stc %r0,0(%r2) - la %r2,1(%r2) - brctg %r3,.Little - br %r14 -.align 4 -.Lot: tmll %r2,7 - jz .Laligned - stc %r0,0(%r2) - la %r2,1(%r2) - brctg %r3,.Lot -.Laligned: - srlg %r4,%r3,3 -.Loop: stg %r0,0(%r2) - la %r2,8(%r2) - brctg %r4,.Loop - lghi %r4,7 - ngr %r3,%r4 - jnz .Little - br $ra -.size OPENSSL_cleanse,.-OPENSSL_cleanse - -.globl CRYPTO_memcmp -.type CRYPTO_memcmp,\@function -.align 16 -CRYPTO_memcmp: -#if !defined(__s390x__) && !defined(__s390x) - llgfr %r4,%r4 -#endif - lghi %r5,0 - clgr %r4,%r5 - je .Lno_data - -.Loop_cmp: - llgc %r0,0(%r2) - la %r2,1(%r2) - llgc %r1,0(%r3) - la %r3,1(%r3) - xr %r1,%r0 - or %r5,%r1 - brctg %r4,.Loop_cmp - - lnr %r5,%r5 - srl %r5,31 -.Lno_data: - lgr %r2,%r5 - br $ra -.size CRYPTO_memcmp,.-CRYPTO_memcmp - -.globl OPENSSL_instrument_bus -.type OPENSSL_instrument_bus,\@function -.align 16 -OPENSSL_instrument_bus: - lghi %r2,0 - br %r14 -.size OPENSSL_instrument_bus,.-OPENSSL_instrument_bus - -.globl OPENSSL_instrument_bus2 -.type OPENSSL_instrument_bus2,\@function -.align 16 -OPENSSL_instrument_bus2: - lghi %r2,0 - br $ra -.size OPENSSL_instrument_bus2,.-OPENSSL_instrument_bus2 - -.globl OPENSSL_vx_probe -.type OPENSSL_vx_probe,\@function -.align 16 -OPENSSL_vx_probe: - .word 0xe700,0x0000,0x0044 # vzero %v0 - br $ra -.size OPENSSL_vx_probe,.-OPENSSL_vx_probe -___ - -{ -################ -# void s390x_kimd(const unsigned char *in, size_t len, unsigned int fc, -# void *param) -my ($in,$len,$fc,$param) = map("%r$_",(2..5)); -$code.=<<___; -.globl s390x_kimd -.type s390x_kimd,\@function -.align 16 -s390x_kimd: - llgfr %r0,$fc - lgr %r1,$param - - .long 0xb93e0002 # kimd %r0,%r2 - brc 1,.-4 # pay attention to "partial completion" - - br $ra -.size s390x_kimd,.-s390x_kimd -___ -} - -{ -################ -# void s390x_klmd(const unsigned char *in, size_t inlen, unsigned char *out, -# size_t outlen, unsigned int fc, void *param) -my ($in,$inlen,$out,$outlen,$fc) = map("%r$_",(2..6)); -$code.=<<___; -.globl s390x_klmd -.type s390x_klmd,\@function -.align 32 -s390x_klmd: - llgfr %r0,$fc - l${g} %r1,$stdframe($sp) - - .long 0xb93f0042 # klmd %r4,%r2 - brc 1,.-4 # pay attention to "partial completion" - - br $ra -.size s390x_klmd,.-s390x_klmd -___ -} - -################ -# void s390x_km(const unsigned char *in, size_t len, unsigned char *out, -# unsigned int fc, void *param) -{ -my ($in,$len,$out,$fc,$param) = map("%r$_",(2..6)); -$code.=<<___; -.globl s390x_km -.type s390x_km,\@function -.align 16 -s390x_km: - lr %r0,$fc - l${g}r %r1,$param - - .long 0xb92e0042 # km $out,$in - brc 1,.-4 # pay attention to "partial completion" - - br $ra -.size s390x_km,.-s390x_km -___ -} - -################ -# void s390x_kmac(const unsigned char *in, size_t len, unsigned int fc, -# void *param) -{ -my ($in,$len,$fc,$param) = map("%r$_",(2..5)); -$code.=<<___; -.globl s390x_kmac -.type s390x_kmac,\@function -.align 16 -s390x_kmac: - lr %r0,$fc - l${g}r %r1,$param - - .long 0xb91e0002 # kmac %r0,$in - brc 1,.-4 # pay attention to "partial completion" - - br $ra -.size s390x_kmac,.-s390x_kmac -___ -} - -################ -# void s390x_kmo(const unsigned char *in, size_t len, unsigned char *out, -# unsigned int fc, void *param) -{ -my ($in,$len,$out,$fc,$param) = map("%r$_",(2..6)); -$code.=<<___; -.globl s390x_kmo -.type s390x_kmo,\@function -.align 16 -s390x_kmo: - lr %r0,$fc - l${g}r %r1,$param - - .long 0xb92b0042 # kmo $out,$in - brc 1,.-4 # pay attention to "partial completion" - - br $ra -.size s390x_kmo,.-s390x_kmo -___ -} - -################ -# void s390x_kmf(const unsigned char *in, size_t len, unsigned char *out, -# unsigned int fc, void *param) -{ -my ($in,$len,$out,$fc,$param) = map("%r$_",(2..6)); -$code.=<<___; -.globl s390x_kmf -.type s390x_kmf,\@function -.align 16 -s390x_kmf: - lr %r0,$fc - l${g}r %r1,$param - - .long 0xb92a0042 # kmf $out,$in - brc 1,.-4 # pay attention to "partial completion" - - br $ra -.size s390x_kmf,.-s390x_kmf -___ -} - -################ -# void s390x_kma(const unsigned char *aad, size_t alen, -# const unsigned char *in, size_t len, -# unsigned char *out, unsigned int fc, void *param) -{ -my ($aad,$alen,$in,$len,$out) = map("%r$_",(2..6)); -$code.=<<___; -.globl s390x_kma -.type s390x_kma,\@function -.align 16 -s390x_kma: - st${g} $out,6*$SIZE_T($sp) - lm${g} %r0,%r1,$stdframe($sp) - - .long 0xb9292064 # kma $out,$aad,$in - brc 1,.-4 # pay attention to "partial completion" - - l${g} $out,6*$SIZE_T($sp) - br $ra -.size s390x_kma,.-s390x_kma -___ -} - -################ -# int s390x_pcc(unsigned int fc, void *param) -{ -my ($fc,$param) = map("%r$_",(2..3)); -$code.=<<___; -.globl s390x_pcc -.type s390x_pcc,\@function -.align 16 -s390x_pcc: - lr %r0,$fc - l${g}r %r1,$param - lhi %r2,0 - - .long 0xb92c0000 # pcc - brc 1,.-4 # pay attention to "partial completion" - brc 7,.Lpcc_err # if CC==0 return 0, else return 1 -.Lpcc_out: - br $ra -.Lpcc_err: - lhi %r2,1 - j .Lpcc_out -.size s390x_pcc,.-s390x_pcc -___ -} - -################ -# int s390x_kdsa(unsigned int fc, void *param, -# const unsigned char *in, size_t len) -{ -my ($fc,$param,$in,$len) = map("%r$_",(2..5)); -$code.=<<___; -.globl s390x_kdsa -.type s390x_kdsa,\@function -.align 16 -s390x_kdsa: - lr %r0,$fc - l${g}r %r1,$param - lhi %r2,0 - - .long 0xb93a0004 # kdsa %r0,$in - brc 1,.-4 # pay attention to "partial completion" - brc 7,.Lkdsa_err # if CC==0 return 0, else return 1 -.Lkdsa_out: - br $ra -.Lkdsa_err: - lhi %r2,1 - j .Lkdsa_out -.size s390x_kdsa,.-s390x_kdsa -___ -} - -################ -# void s390x_flip_endian32(unsigned char dst[32], const unsigned char src[32]) -{ -my ($dst,$src) = map("%r$_",(2..3)); -$code.=<<___; -.globl s390x_flip_endian32 -.type s390x_flip_endian32,\@function -.align 16 -s390x_flip_endian32: - lrvg %r0,0($src) - lrvg %r1,8($src) - lrvg %r4,16($src) - lrvg %r5,24($src) - stg %r0,24($dst) - stg %r1,16($dst) - stg %r4,8($dst) - stg %r5,0($dst) - br $ra -.size s390x_flip_endian32,.-s390x_flip_endian32 -___ -} - -################ -# void s390x_flip_endian64(unsigned char dst[64], const unsigned char src[64]) -{ -my ($dst,$src) = map("%r$_",(2..3)); -$code.=<<___; -.globl s390x_flip_endian64 -.type s390x_flip_endian64,\@function -.align 16 -s390x_flip_endian64: - stmg %r6,%r9,6*$SIZE_T($sp) - - lrvg %r0,0($src) - lrvg %r1,8($src) - lrvg %r4,16($src) - lrvg %r5,24($src) - lrvg %r6,32($src) - lrvg %r7,40($src) - lrvg %r8,48($src) - lrvg %r9,56($src) - stg %r0,56($dst) - stg %r1,48($dst) - stg %r4,40($dst) - stg %r5,32($dst) - stg %r6,24($dst) - stg %r7,16($dst) - stg %r8,8($dst) - stg %r9,0($dst) - - lmg %r6,%r9,6*$SIZE_T($sp) - br $ra -.size s390x_flip_endian64,.-s390x_flip_endian64 -___ -} - -$code.=<<___; -.section .init - brasl $ra,OPENSSL_cpuid_setup -___ - -$code =~ s/\`([^\`]*)\`/eval $1/gem; -print $code; -close STDOUT or die "error closing STDOUT: $!"; # force flush diff --git a/crypto/seed/build.info b/crypto/seed/build.info deleted file mode 100644 index 5336f0399cd7ed1205ee73858995b074583f7f61..0000000000000000000000000000000000000000 --- a/crypto/seed/build.info +++ /dev/null @@ -1,10 +0,0 @@ -LIBS=../../libcrypto -$ALL=seed.c seed_ecb.c seed_cbc.c seed_cfb.c seed_ofb.c - -SOURCE[../../libcrypto]=$ALL - -# When all deprecated symbols are removed, libcrypto doesn't export the -# seed functions, so we must include them directly in liblegacy.a -IF[{- $disabled{'deprecated-3.0'} -}] - SOURCE[../../providers/liblegacy.a]=$ALL -ENDIF diff --git a/crypto/seed/seed.c b/crypto/seed/seed.c deleted file mode 100644 index de3b3958ea6066bfd6e61b1fff40a5baaad625bc..0000000000000000000000000000000000000000 --- a/crypto/seed/seed.c +++ /dev/null @@ -1,596 +0,0 @@ -/* - * Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * Copyright (c) 2007 KISA(Korea Information Security Agency). All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Neither the name of author nor the names of its contributors may - * be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - */ -#ifndef OPENSSL_NO_SEED - -/* - * SEED low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -# include -# include -# include -# ifdef _WIN32 -# include -# endif - -# include -# include "seed_local.h" - -# ifdef SS /* can get defined on Solaris by inclusion of - * */ -# undef SS -# endif - -# if !defined(OPENSSL_SMALL_FOOTPRINT) - -# define G_FUNC(v) \ - SS[0][(unsigned char) (v) & 0xff] ^ \ - SS[1][(unsigned char) ((v)>>8) & 0xff] ^ \ - SS[2][(unsigned char)((v)>>16) & 0xff] ^ \ - SS[3][(unsigned char)((v)>>24) & 0xff] - -static const seed_word SS[4][256] = { - { 0x2989a1a8, 0x05858184, 0x16c6d2d4, 0x13c3d3d0, - 0x14445054, 0x1d0d111c, 0x2c8ca0ac, 0x25052124, - 0x1d4d515c, 0x03434340, 0x18081018, 0x1e0e121c, - 0x11415150, 0x3cccf0fc, 0x0acac2c8, 0x23436360, - 0x28082028, 0x04444044, 0x20002020, 0x1d8d919c, - 0x20c0e0e0, 0x22c2e2e0, 0x08c8c0c8, 0x17071314, - 0x2585a1a4, 0x0f8f838c, 0x03030300, 0x3b4b7378, - 0x3b8bb3b8, 0x13031310, 0x12c2d2d0, 0x2ecee2ec, - 0x30407070, 0x0c8c808c, 0x3f0f333c, 0x2888a0a8, - 0x32023230, 0x1dcdd1dc, 0x36c6f2f4, 0x34447074, - 0x2ccce0ec, 0x15859194, 0x0b0b0308, 0x17475354, - 0x1c4c505c, 0x1b4b5358, 0x3d8db1bc, 0x01010100, - 0x24042024, 0x1c0c101c, 0x33437370, 0x18889098, - 0x10001010, 0x0cccc0cc, 0x32c2f2f0, 0x19c9d1d8, - 0x2c0c202c, 0x27c7e3e4, 0x32427270, 0x03838380, - 0x1b8b9398, 0x11c1d1d0, 0x06868284, 0x09c9c1c8, - 0x20406060, 0x10405050, 0x2383a3a0, 0x2bcbe3e8, - 0x0d0d010c, 0x3686b2b4, 0x1e8e929c, 0x0f4f434c, - 0x3787b3b4, 0x1a4a5258, 0x06c6c2c4, 0x38487078, - 0x2686a2a4, 0x12021210, 0x2f8fa3ac, 0x15c5d1d4, - 0x21416160, 0x03c3c3c0, 0x3484b0b4, 0x01414140, - 0x12425250, 0x3d4d717c, 0x0d8d818c, 0x08080008, - 0x1f0f131c, 0x19899198, 0x00000000, 0x19091118, - 0x04040004, 0x13435350, 0x37c7f3f4, 0x21c1e1e0, - 0x3dcdf1fc, 0x36467274, 0x2f0f232c, 0x27072324, - 0x3080b0b0, 0x0b8b8388, 0x0e0e020c, 0x2b8ba3a8, - 0x2282a2a0, 0x2e4e626c, 0x13839390, 0x0d4d414c, - 0x29496168, 0x3c4c707c, 0x09090108, 0x0a0a0208, - 0x3f8fb3bc, 0x2fcfe3ec, 0x33c3f3f0, 0x05c5c1c4, - 0x07878384, 0x14041014, 0x3ecef2fc, 0x24446064, - 0x1eced2dc, 0x2e0e222c, 0x0b4b4348, 0x1a0a1218, - 0x06060204, 0x21012120, 0x2b4b6368, 0x26466264, - 0x02020200, 0x35c5f1f4, 0x12829290, 0x0a8a8288, - 0x0c0c000c, 0x3383b3b0, 0x3e4e727c, 0x10c0d0d0, - 0x3a4a7278, 0x07474344, 0x16869294, 0x25c5e1e4, - 0x26062224, 0x00808080, 0x2d8da1ac, 0x1fcfd3dc, - 0x2181a1a0, 0x30003030, 0x37073334, 0x2e8ea2ac, - 0x36063234, 0x15051114, 0x22022220, 0x38083038, - 0x34c4f0f4, 0x2787a3a4, 0x05454144, 0x0c4c404c, - 0x01818180, 0x29c9e1e8, 0x04848084, 0x17879394, - 0x35053134, 0x0bcbc3c8, 0x0ecec2cc, 0x3c0c303c, - 0x31417170, 0x11011110, 0x07c7c3c4, 0x09898188, - 0x35457174, 0x3bcbf3f8, 0x1acad2d8, 0x38c8f0f8, - 0x14849094, 0x19495158, 0x02828280, 0x04c4c0c4, - 0x3fcff3fc, 0x09494148, 0x39093138, 0x27476364, - 0x00c0c0c0, 0x0fcfc3cc, 0x17c7d3d4, 0x3888b0b8, - 0x0f0f030c, 0x0e8e828c, 0x02424240, 0x23032320, - 0x11819190, 0x2c4c606c, 0x1bcbd3d8, 0x2484a0a4, - 0x34043034, 0x31c1f1f0, 0x08484048, 0x02c2c2c0, - 0x2f4f636c, 0x3d0d313c, 0x2d0d212c, 0x00404040, - 0x3e8eb2bc, 0x3e0e323c, 0x3c8cb0bc, 0x01c1c1c0, - 0x2a8aa2a8, 0x3a8ab2b8, 0x0e4e424c, 0x15455154, - 0x3b0b3338, 0x1cccd0dc, 0x28486068, 0x3f4f737c, - 0x1c8c909c, 0x18c8d0d8, 0x0a4a4248, 0x16465254, - 0x37477374, 0x2080a0a0, 0x2dcde1ec, 0x06464244, - 0x3585b1b4, 0x2b0b2328, 0x25456164, 0x3acaf2f8, - 0x23c3e3e0, 0x3989b1b8, 0x3181b1b0, 0x1f8f939c, - 0x1e4e525c, 0x39c9f1f8, 0x26c6e2e4, 0x3282b2b0, - 0x31013130, 0x2acae2e8, 0x2d4d616c, 0x1f4f535c, - 0x24c4e0e4, 0x30c0f0f0, 0x0dcdc1cc, 0x08888088, - 0x16061214, 0x3a0a3238, 0x18485058, 0x14c4d0d4, - 0x22426260, 0x29092128, 0x07070304, 0x33033330, - 0x28c8e0e8, 0x1b0b1318, 0x05050104, 0x39497178, - 0x10809090, 0x2a4a6268, 0x2a0a2228, 0x1a8a9298 - }, - { 0x38380830, 0xe828c8e0, 0x2c2d0d21, 0xa42686a2, - 0xcc0fcfc3, 0xdc1eced2, 0xb03383b3, 0xb83888b0, - 0xac2f8fa3, 0x60204060, 0x54154551, 0xc407c7c3, - 0x44044440, 0x6c2f4f63, 0x682b4b63, 0x581b4b53, - 0xc003c3c3, 0x60224262, 0x30330333, 0xb43585b1, - 0x28290921, 0xa02080a0, 0xe022c2e2, 0xa42787a3, - 0xd013c3d3, 0x90118191, 0x10110111, 0x04060602, - 0x1c1c0c10, 0xbc3c8cb0, 0x34360632, 0x480b4b43, - 0xec2fcfe3, 0x88088880, 0x6c2c4c60, 0xa82888a0, - 0x14170713, 0xc404c4c0, 0x14160612, 0xf434c4f0, - 0xc002c2c2, 0x44054541, 0xe021c1e1, 0xd416c6d2, - 0x3c3f0f33, 0x3c3d0d31, 0x8c0e8e82, 0x98188890, - 0x28280820, 0x4c0e4e42, 0xf436c6f2, 0x3c3e0e32, - 0xa42585a1, 0xf839c9f1, 0x0c0d0d01, 0xdc1fcfd3, - 0xd818c8d0, 0x282b0b23, 0x64264662, 0x783a4a72, - 0x24270723, 0x2c2f0f23, 0xf031c1f1, 0x70324272, - 0x40024242, 0xd414c4d0, 0x40014141, 0xc000c0c0, - 0x70334373, 0x64274763, 0xac2c8ca0, 0x880b8b83, - 0xf437c7f3, 0xac2d8da1, 0x80008080, 0x1c1f0f13, - 0xc80acac2, 0x2c2c0c20, 0xa82a8aa2, 0x34340430, - 0xd012c2d2, 0x080b0b03, 0xec2ecee2, 0xe829c9e1, - 0x5c1d4d51, 0x94148490, 0x18180810, 0xf838c8f0, - 0x54174753, 0xac2e8ea2, 0x08080800, 0xc405c5c1, - 0x10130313, 0xcc0dcdc1, 0x84068682, 0xb83989b1, - 0xfc3fcff3, 0x7c3d4d71, 0xc001c1c1, 0x30310131, - 0xf435c5f1, 0x880a8a82, 0x682a4a62, 0xb03181b1, - 0xd011c1d1, 0x20200020, 0xd417c7d3, 0x00020202, - 0x20220222, 0x04040400, 0x68284860, 0x70314171, - 0x04070703, 0xd81bcbd3, 0x9c1d8d91, 0x98198991, - 0x60214161, 0xbc3e8eb2, 0xe426c6e2, 0x58194951, - 0xdc1dcdd1, 0x50114151, 0x90108090, 0xdc1cccd0, - 0x981a8a92, 0xa02383a3, 0xa82b8ba3, 0xd010c0d0, - 0x80018181, 0x0c0f0f03, 0x44074743, 0x181a0a12, - 0xe023c3e3, 0xec2ccce0, 0x8c0d8d81, 0xbc3f8fb3, - 0x94168692, 0x783b4b73, 0x5c1c4c50, 0xa02282a2, - 0xa02181a1, 0x60234363, 0x20230323, 0x4c0d4d41, - 0xc808c8c0, 0x9c1e8e92, 0x9c1c8c90, 0x383a0a32, - 0x0c0c0c00, 0x2c2e0e22, 0xb83a8ab2, 0x6c2e4e62, - 0x9c1f8f93, 0x581a4a52, 0xf032c2f2, 0x90128292, - 0xf033c3f3, 0x48094941, 0x78384870, 0xcc0cccc0, - 0x14150511, 0xf83bcbf3, 0x70304070, 0x74354571, - 0x7c3f4f73, 0x34350531, 0x10100010, 0x00030303, - 0x64244460, 0x6c2d4d61, 0xc406c6c2, 0x74344470, - 0xd415c5d1, 0xb43484b0, 0xe82acae2, 0x08090901, - 0x74364672, 0x18190911, 0xfc3ecef2, 0x40004040, - 0x10120212, 0xe020c0e0, 0xbc3d8db1, 0x04050501, - 0xf83acaf2, 0x00010101, 0xf030c0f0, 0x282a0a22, - 0x5c1e4e52, 0xa82989a1, 0x54164652, 0x40034343, - 0x84058581, 0x14140410, 0x88098981, 0x981b8b93, - 0xb03080b0, 0xe425c5e1, 0x48084840, 0x78394971, - 0x94178793, 0xfc3cccf0, 0x1c1e0e12, 0x80028282, - 0x20210121, 0x8c0c8c80, 0x181b0b13, 0x5c1f4f53, - 0x74374773, 0x54144450, 0xb03282b2, 0x1c1d0d11, - 0x24250521, 0x4c0f4f43, 0x00000000, 0x44064642, - 0xec2dcde1, 0x58184850, 0x50124252, 0xe82bcbe3, - 0x7c3e4e72, 0xd81acad2, 0xc809c9c1, 0xfc3dcdf1, - 0x30300030, 0x94158591, 0x64254561, 0x3c3c0c30, - 0xb43686b2, 0xe424c4e0, 0xb83b8bb3, 0x7c3c4c70, - 0x0c0e0e02, 0x50104050, 0x38390931, 0x24260622, - 0x30320232, 0x84048480, 0x68294961, 0x90138393, - 0x34370733, 0xe427c7e3, 0x24240420, 0xa42484a0, - 0xc80bcbc3, 0x50134353, 0x080a0a02, 0x84078783, - 0xd819c9d1, 0x4c0c4c40, 0x80038383, 0x8c0f8f83, - 0xcc0ecec2, 0x383b0b33, 0x480a4a42, 0xb43787b3 - }, - { 0xa1a82989, 0x81840585, 0xd2d416c6, 0xd3d013c3, - 0x50541444, 0x111c1d0d, 0xa0ac2c8c, 0x21242505, - 0x515c1d4d, 0x43400343, 0x10181808, 0x121c1e0e, - 0x51501141, 0xf0fc3ccc, 0xc2c80aca, 0x63602343, - 0x20282808, 0x40440444, 0x20202000, 0x919c1d8d, - 0xe0e020c0, 0xe2e022c2, 0xc0c808c8, 0x13141707, - 0xa1a42585, 0x838c0f8f, 0x03000303, 0x73783b4b, - 0xb3b83b8b, 0x13101303, 0xd2d012c2, 0xe2ec2ece, - 0x70703040, 0x808c0c8c, 0x333c3f0f, 0xa0a82888, - 0x32303202, 0xd1dc1dcd, 0xf2f436c6, 0x70743444, - 0xe0ec2ccc, 0x91941585, 0x03080b0b, 0x53541747, - 0x505c1c4c, 0x53581b4b, 0xb1bc3d8d, 0x01000101, - 0x20242404, 0x101c1c0c, 0x73703343, 0x90981888, - 0x10101000, 0xc0cc0ccc, 0xf2f032c2, 0xd1d819c9, - 0x202c2c0c, 0xe3e427c7, 0x72703242, 0x83800383, - 0x93981b8b, 0xd1d011c1, 0x82840686, 0xc1c809c9, - 0x60602040, 0x50501040, 0xa3a02383, 0xe3e82bcb, - 0x010c0d0d, 0xb2b43686, 0x929c1e8e, 0x434c0f4f, - 0xb3b43787, 0x52581a4a, 0xc2c406c6, 0x70783848, - 0xa2a42686, 0x12101202, 0xa3ac2f8f, 0xd1d415c5, - 0x61602141, 0xc3c003c3, 0xb0b43484, 0x41400141, - 0x52501242, 0x717c3d4d, 0x818c0d8d, 0x00080808, - 0x131c1f0f, 0x91981989, 0x00000000, 0x11181909, - 0x00040404, 0x53501343, 0xf3f437c7, 0xe1e021c1, - 0xf1fc3dcd, 0x72743646, 0x232c2f0f, 0x23242707, - 0xb0b03080, 0x83880b8b, 0x020c0e0e, 0xa3a82b8b, - 0xa2a02282, 0x626c2e4e, 0x93901383, 0x414c0d4d, - 0x61682949, 0x707c3c4c, 0x01080909, 0x02080a0a, - 0xb3bc3f8f, 0xe3ec2fcf, 0xf3f033c3, 0xc1c405c5, - 0x83840787, 0x10141404, 0xf2fc3ece, 0x60642444, - 0xd2dc1ece, 0x222c2e0e, 0x43480b4b, 0x12181a0a, - 0x02040606, 0x21202101, 0x63682b4b, 0x62642646, - 0x02000202, 0xf1f435c5, 0x92901282, 0x82880a8a, - 0x000c0c0c, 0xb3b03383, 0x727c3e4e, 0xd0d010c0, - 0x72783a4a, 0x43440747, 0x92941686, 0xe1e425c5, - 0x22242606, 0x80800080, 0xa1ac2d8d, 0xd3dc1fcf, - 0xa1a02181, 0x30303000, 0x33343707, 0xa2ac2e8e, - 0x32343606, 0x11141505, 0x22202202, 0x30383808, - 0xf0f434c4, 0xa3a42787, 0x41440545, 0x404c0c4c, - 0x81800181, 0xe1e829c9, 0x80840484, 0x93941787, - 0x31343505, 0xc3c80bcb, 0xc2cc0ece, 0x303c3c0c, - 0x71703141, 0x11101101, 0xc3c407c7, 0x81880989, - 0x71743545, 0xf3f83bcb, 0xd2d81aca, 0xf0f838c8, - 0x90941484, 0x51581949, 0x82800282, 0xc0c404c4, - 0xf3fc3fcf, 0x41480949, 0x31383909, 0x63642747, - 0xc0c000c0, 0xc3cc0fcf, 0xd3d417c7, 0xb0b83888, - 0x030c0f0f, 0x828c0e8e, 0x42400242, 0x23202303, - 0x91901181, 0x606c2c4c, 0xd3d81bcb, 0xa0a42484, - 0x30343404, 0xf1f031c1, 0x40480848, 0xc2c002c2, - 0x636c2f4f, 0x313c3d0d, 0x212c2d0d, 0x40400040, - 0xb2bc3e8e, 0x323c3e0e, 0xb0bc3c8c, 0xc1c001c1, - 0xa2a82a8a, 0xb2b83a8a, 0x424c0e4e, 0x51541545, - 0x33383b0b, 0xd0dc1ccc, 0x60682848, 0x737c3f4f, - 0x909c1c8c, 0xd0d818c8, 0x42480a4a, 0x52541646, - 0x73743747, 0xa0a02080, 0xe1ec2dcd, 0x42440646, - 0xb1b43585, 0x23282b0b, 0x61642545, 0xf2f83aca, - 0xe3e023c3, 0xb1b83989, 0xb1b03181, 0x939c1f8f, - 0x525c1e4e, 0xf1f839c9, 0xe2e426c6, 0xb2b03282, - 0x31303101, 0xe2e82aca, 0x616c2d4d, 0x535c1f4f, - 0xe0e424c4, 0xf0f030c0, 0xc1cc0dcd, 0x80880888, - 0x12141606, 0x32383a0a, 0x50581848, 0xd0d414c4, - 0x62602242, 0x21282909, 0x03040707, 0x33303303, - 0xe0e828c8, 0x13181b0b, 0x01040505, 0x71783949, - 0x90901080, 0x62682a4a, 0x22282a0a, 0x92981a8a - }, - { 0x08303838, 0xc8e0e828, 0x0d212c2d, 0x86a2a426, - 0xcfc3cc0f, 0xced2dc1e, 0x83b3b033, 0x88b0b838, - 0x8fa3ac2f, 0x40606020, 0x45515415, 0xc7c3c407, - 0x44404404, 0x4f636c2f, 0x4b63682b, 0x4b53581b, - 0xc3c3c003, 0x42626022, 0x03333033, 0x85b1b435, - 0x09212829, 0x80a0a020, 0xc2e2e022, 0x87a3a427, - 0xc3d3d013, 0x81919011, 0x01111011, 0x06020406, - 0x0c101c1c, 0x8cb0bc3c, 0x06323436, 0x4b43480b, - 0xcfe3ec2f, 0x88808808, 0x4c606c2c, 0x88a0a828, - 0x07131417, 0xc4c0c404, 0x06121416, 0xc4f0f434, - 0xc2c2c002, 0x45414405, 0xc1e1e021, 0xc6d2d416, - 0x0f333c3f, 0x0d313c3d, 0x8e828c0e, 0x88909818, - 0x08202828, 0x4e424c0e, 0xc6f2f436, 0x0e323c3e, - 0x85a1a425, 0xc9f1f839, 0x0d010c0d, 0xcfd3dc1f, - 0xc8d0d818, 0x0b23282b, 0x46626426, 0x4a72783a, - 0x07232427, 0x0f232c2f, 0xc1f1f031, 0x42727032, - 0x42424002, 0xc4d0d414, 0x41414001, 0xc0c0c000, - 0x43737033, 0x47636427, 0x8ca0ac2c, 0x8b83880b, - 0xc7f3f437, 0x8da1ac2d, 0x80808000, 0x0f131c1f, - 0xcac2c80a, 0x0c202c2c, 0x8aa2a82a, 0x04303434, - 0xc2d2d012, 0x0b03080b, 0xcee2ec2e, 0xc9e1e829, - 0x4d515c1d, 0x84909414, 0x08101818, 0xc8f0f838, - 0x47535417, 0x8ea2ac2e, 0x08000808, 0xc5c1c405, - 0x03131013, 0xcdc1cc0d, 0x86828406, 0x89b1b839, - 0xcff3fc3f, 0x4d717c3d, 0xc1c1c001, 0x01313031, - 0xc5f1f435, 0x8a82880a, 0x4a62682a, 0x81b1b031, - 0xc1d1d011, 0x00202020, 0xc7d3d417, 0x02020002, - 0x02222022, 0x04000404, 0x48606828, 0x41717031, - 0x07030407, 0xcbd3d81b, 0x8d919c1d, 0x89919819, - 0x41616021, 0x8eb2bc3e, 0xc6e2e426, 0x49515819, - 0xcdd1dc1d, 0x41515011, 0x80909010, 0xccd0dc1c, - 0x8a92981a, 0x83a3a023, 0x8ba3a82b, 0xc0d0d010, - 0x81818001, 0x0f030c0f, 0x47434407, 0x0a12181a, - 0xc3e3e023, 0xcce0ec2c, 0x8d818c0d, 0x8fb3bc3f, - 0x86929416, 0x4b73783b, 0x4c505c1c, 0x82a2a022, - 0x81a1a021, 0x43636023, 0x03232023, 0x4d414c0d, - 0xc8c0c808, 0x8e929c1e, 0x8c909c1c, 0x0a32383a, - 0x0c000c0c, 0x0e222c2e, 0x8ab2b83a, 0x4e626c2e, - 0x8f939c1f, 0x4a52581a, 0xc2f2f032, 0x82929012, - 0xc3f3f033, 0x49414809, 0x48707838, 0xccc0cc0c, - 0x05111415, 0xcbf3f83b, 0x40707030, 0x45717435, - 0x4f737c3f, 0x05313435, 0x00101010, 0x03030003, - 0x44606424, 0x4d616c2d, 0xc6c2c406, 0x44707434, - 0xc5d1d415, 0x84b0b434, 0xcae2e82a, 0x09010809, - 0x46727436, 0x09111819, 0xcef2fc3e, 0x40404000, - 0x02121012, 0xc0e0e020, 0x8db1bc3d, 0x05010405, - 0xcaf2f83a, 0x01010001, 0xc0f0f030, 0x0a22282a, - 0x4e525c1e, 0x89a1a829, 0x46525416, 0x43434003, - 0x85818405, 0x04101414, 0x89818809, 0x8b93981b, - 0x80b0b030, 0xc5e1e425, 0x48404808, 0x49717839, - 0x87939417, 0xccf0fc3c, 0x0e121c1e, 0x82828002, - 0x01212021, 0x8c808c0c, 0x0b13181b, 0x4f535c1f, - 0x47737437, 0x44505414, 0x82b2b032, 0x0d111c1d, - 0x05212425, 0x4f434c0f, 0x00000000, 0x46424406, - 0xcde1ec2d, 0x48505818, 0x42525012, 0xcbe3e82b, - 0x4e727c3e, 0xcad2d81a, 0xc9c1c809, 0xcdf1fc3d, - 0x00303030, 0x85919415, 0x45616425, 0x0c303c3c, - 0x86b2b436, 0xc4e0e424, 0x8bb3b83b, 0x4c707c3c, - 0x0e020c0e, 0x40505010, 0x09313839, 0x06222426, - 0x02323032, 0x84808404, 0x49616829, 0x83939013, - 0x07333437, 0xc7e3e427, 0x04202424, 0x84a0a424, - 0xcbc3c80b, 0x43535013, 0x0a02080a, 0x87838407, - 0xc9d1d819, 0x4c404c0c, 0x83838003, 0x8f838c0f, - 0xcec2cc0e, 0x0b33383b, 0x4a42480a, 0x87b3b437 - } -}; - -#else - -/* on x86_64 >5x size reduction at 40% performance penalty */ -static const unsigned char SEED_Sbox[2][256] = { -{ - 0xA9, 0x85, 0xD6, 0xD3, 0x54, 0x1D, 0xAC, 0x25, - 0x5D, 0x43, 0x18, 0x1E, 0x51, 0xFC, 0xCA, 0x63, - 0x28, 0x44, 0x20, 0x9D, 0xE0, 0xE2, 0xC8, 0x17, - 0xA5, 0x8F, 0x03, 0x7B, 0xBB, 0x13, 0xD2, 0xEE, - 0x70, 0x8C, 0x3F, 0xA8, 0x32, 0xDD, 0xF6, 0x74, - 0xEC, 0x95, 0x0B, 0x57, 0x5C, 0x5B, 0xBD, 0x01, - 0x24, 0x1C, 0x73, 0x98, 0x10, 0xCC, 0xF2, 0xD9, - 0x2C, 0xE7, 0x72, 0x83, 0x9B, 0xD1, 0x86, 0xC9, - 0x60, 0x50, 0xA3, 0xEB, 0x0D, 0xB6, 0x9E, 0x4F, - 0xB7, 0x5A, 0xC6, 0x78, 0xA6, 0x12, 0xAF, 0xD5, - 0x61, 0xC3, 0xB4, 0x41, 0x52, 0x7D, 0x8D, 0x08, - 0x1F, 0x99, 0x00, 0x19, 0x04, 0x53, 0xF7, 0xE1, - 0xFD, 0x76, 0x2F, 0x27, 0xB0, 0x8B, 0x0E, 0xAB, - 0xA2, 0x6E, 0x93, 0x4D, 0x69, 0x7C, 0x09, 0x0A, - 0xBF, 0xEF, 0xF3, 0xC5, 0x87, 0x14, 0xFE, 0x64, - 0xDE, 0x2E, 0x4B, 0x1A, 0x06, 0x21, 0x6B, 0x66, - 0x02, 0xF5, 0x92, 0x8A, 0x0C, 0xB3, 0x7E, 0xD0, - 0x7A, 0x47, 0x96, 0xE5, 0x26, 0x80, 0xAD, 0xDF, - 0xA1, 0x30, 0x37, 0xAE, 0x36, 0x15, 0x22, 0x38, - 0xF4, 0xA7, 0x45, 0x4C, 0x81, 0xE9, 0x84, 0x97, - 0x35, 0xCB, 0xCE, 0x3C, 0x71, 0x11, 0xC7, 0x89, - 0x75, 0xFB, 0xDA, 0xF8, 0x94, 0x59, 0x82, 0xC4, - 0xFF, 0x49, 0x39, 0x67, 0xC0, 0xCF, 0xD7, 0xB8, - 0x0F, 0x8E, 0x42, 0x23, 0x91, 0x6C, 0xDB, 0xA4, - 0x34, 0xF1, 0x48, 0xC2, 0x6F, 0x3D, 0x2D, 0x40, - 0xBE, 0x3E, 0xBC, 0xC1, 0xAA, 0xBA, 0x4E, 0x55, - 0x3B, 0xDC, 0x68, 0x7F, 0x9C, 0xD8, 0x4A, 0x56, - 0x77, 0xA0, 0xED, 0x46, 0xB5, 0x2B, 0x65, 0xFA, - 0xE3, 0xB9, 0xB1, 0x9F, 0x5E, 0xF9, 0xE6, 0xB2, - 0x31, 0xEA, 0x6D, 0x5F, 0xE4, 0xF0, 0xCD, 0x88, - 0x16, 0x3A, 0x58, 0xD4, 0x62, 0x29, 0x07, 0x33, - 0xE8, 0x1B, 0x05, 0x79, 0x90, 0x6A, 0x2A, 0x9A - }, - { - 0x38, 0xE8, 0x2D, 0xA6, 0xCF, 0xDE, 0xB3, 0xB8, - 0xAF, 0x60, 0x55, 0xC7, 0x44, 0x6F, 0x6B, 0x5B, - 0xC3, 0x62, 0x33, 0xB5, 0x29, 0xA0, 0xE2, 0xA7, - 0xD3, 0x91, 0x11, 0x06, 0x1C, 0xBC, 0x36, 0x4B, - 0xEF, 0x88, 0x6C, 0xA8, 0x17, 0xC4, 0x16, 0xF4, - 0xC2, 0x45, 0xE1, 0xD6, 0x3F, 0x3D, 0x8E, 0x98, - 0x28, 0x4E, 0xF6, 0x3E, 0xA5, 0xF9, 0x0D, 0xDF, - 0xD8, 0x2B, 0x66, 0x7A, 0x27, 0x2F, 0xF1, 0x72, - 0x42, 0xD4, 0x41, 0xC0, 0x73, 0x67, 0xAC, 0x8B, - 0xF7, 0xAD, 0x80, 0x1F, 0xCA, 0x2C, 0xAA, 0x34, - 0xD2, 0x0B, 0xEE, 0xE9, 0x5D, 0x94, 0x18, 0xF8, - 0x57, 0xAE, 0x08, 0xC5, 0x13, 0xCD, 0x86, 0xB9, - 0xFF, 0x7D, 0xC1, 0x31, 0xF5, 0x8A, 0x6A, 0xB1, - 0xD1, 0x20, 0xD7, 0x02, 0x22, 0x04, 0x68, 0x71, - 0x07, 0xDB, 0x9D, 0x99, 0x61, 0xBE, 0xE6, 0x59, - 0xDD, 0x51, 0x90, 0xDC, 0x9A, 0xA3, 0xAB, 0xD0, - 0x81, 0x0F, 0x47, 0x1A, 0xE3, 0xEC, 0x8D, 0xBF, - 0x96, 0x7B, 0x5C, 0xA2, 0xA1, 0x63, 0x23, 0x4D, - 0xC8, 0x9E, 0x9C, 0x3A, 0x0C, 0x2E, 0xBA, 0x6E, - 0x9F, 0x5A, 0xF2, 0x92, 0xF3, 0x49, 0x78, 0xCC, - 0x15, 0xFB, 0x70, 0x75, 0x7F, 0x35, 0x10, 0x03, - 0x64, 0x6D, 0xC6, 0x74, 0xD5, 0xB4, 0xEA, 0x09, - 0x76, 0x19, 0xFE, 0x40, 0x12, 0xE0, 0xBD, 0x05, - 0xFA, 0x01, 0xF0, 0x2A, 0x5E, 0xA9, 0x56, 0x43, - 0x85, 0x14, 0x89, 0x9B, 0xB0, 0xE5, 0x48, 0x79, - 0x97, 0xFC, 0x1E, 0x82, 0x21, 0x8C, 0x1B, 0x5F, - 0x77, 0x54, 0xB2, 0x1D, 0x25, 0x4F, 0x00, 0x46, - 0xED, 0x58, 0x52, 0xEB, 0x7E, 0xDA, 0xC9, 0xFD, - 0x30, 0x95, 0x65, 0x3C, 0xB6, 0xE4, 0xBB, 0x7C, - 0x0E, 0x50, 0x39, 0x26, 0x32, 0x84, 0x69, 0x93, - 0x37, 0xE7, 0x24, 0xA4, 0xCB, 0x53, 0x0A, 0x87, - 0xD9, 0x4C, 0x83, 0x8F, 0xCE, 0x3B, 0x4A, 0xB7 - } -}; - -static unsigned int G_FUNC(unsigned int v) -{ - unsigned int s0, s1, s2, s3, ret; - - s0 = SEED_Sbox[0][(unsigned char) (v) & 0xff]; - s1 = SEED_Sbox[1][(unsigned char)((v)>> 8) & 0xff]; - s2 = SEED_Sbox[0][(unsigned char)((v)>>16) & 0xff]; - s3 = SEED_Sbox[1][(unsigned char)((v)>>24) & 0xff]; - - ret = ((s0 & 0xFC) ^ (s1 & 0xF3) ^ (s2 & 0xCF) ^ (s3 & 0x3F)); - ret |= ((s0 & 0xF3) ^ (s1 & 0xCF) ^ (s2 & 0x3F) ^ (s3 & 0xFC)) << 8; - ret |= ((s0 & 0xCF) ^ (s1 & 0x3F) ^ (s2 & 0xFC) ^ (s3 & 0xF3)) << 16; - ret |= ((s0 & 0x3F) ^ (s1 & 0xFC) ^ (s2 & 0xF3) ^ (s3 & 0xCF)) << 24; - - return ret; -} -# endif - -/* key schedule constants - golden ratio */ -# define KC0 0x9e3779b9 -# define KC1 0x3c6ef373 -# define KC2 0x78dde6e6 -# define KC3 0xf1bbcdcc -# define KC4 0xe3779b99 -# define KC5 0xc6ef3733 -# define KC6 0x8dde6e67 -# define KC7 0x1bbcdccf -# define KC8 0x3779b99e -# define KC9 0x6ef3733c -# define KC10 0xdde6e678 -# define KC11 0xbbcdccf1 -# define KC12 0x779b99e3 -# define KC13 0xef3733c6 -# define KC14 0xde6e678d -# define KC15 0xbcdccf1b - -# if defined(OPENSSL_SMALL_FOOTPRINT) -static const seed_word KC[] = { - KC0, KC1, KC2, KC3, KC4, KC5, KC6, KC7, - KC8, KC9, KC10, KC11, KC12, KC13, KC14, KC15 -}; -# endif - -void SEED_set_key(const unsigned char rawkey[SEED_KEY_LENGTH], - SEED_KEY_SCHEDULE *ks) -{ - seed_word x1, x2, x3, x4; - seed_word t0, t1; - - char2word(rawkey, x1); - char2word(rawkey + 4, x2); - char2word(rawkey + 8, x3); - char2word(rawkey + 12, x4); - - t0 = (x1 + x3 - KC0) & 0xffffffff; - t1 = (x2 - x4 + KC0) & 0xffffffff; - KEYUPDATE_TEMP(t0, t1, &ks->data[0]); - KEYSCHEDULE_UPDATE1(t0, t1, x1, x2, x3, x4, KC1); - KEYUPDATE_TEMP(t0, t1, &ks->data[2]); - -# if !defined(OPENSSL_SMALL_FOOTPRINT) - KEYSCHEDULE_UPDATE0(t0, t1, x1, x2, x3, x4, KC2); - KEYUPDATE_TEMP(t0, t1, &ks->data[4]); - KEYSCHEDULE_UPDATE1(t0, t1, x1, x2, x3, x4, KC3); - KEYUPDATE_TEMP(t0, t1, &ks->data[6]); - KEYSCHEDULE_UPDATE0(t0, t1, x1, x2, x3, x4, KC4); - KEYUPDATE_TEMP(t0, t1, &ks->data[8]); - KEYSCHEDULE_UPDATE1(t0, t1, x1, x2, x3, x4, KC5); - KEYUPDATE_TEMP(t0, t1, &ks->data[10]); - KEYSCHEDULE_UPDATE0(t0, t1, x1, x2, x3, x4, KC6); - KEYUPDATE_TEMP(t0, t1, &ks->data[12]); - KEYSCHEDULE_UPDATE1(t0, t1, x1, x2, x3, x4, KC7); - KEYUPDATE_TEMP(t0, t1, &ks->data[14]); - KEYSCHEDULE_UPDATE0(t0, t1, x1, x2, x3, x4, KC8); - KEYUPDATE_TEMP(t0, t1, &ks->data[16]); - KEYSCHEDULE_UPDATE1(t0, t1, x1, x2, x3, x4, KC9); - KEYUPDATE_TEMP(t0, t1, &ks->data[18]); - KEYSCHEDULE_UPDATE0(t0, t1, x1, x2, x3, x4, KC10); - KEYUPDATE_TEMP(t0, t1, &ks->data[20]); - KEYSCHEDULE_UPDATE1(t0, t1, x1, x2, x3, x4, KC11); - KEYUPDATE_TEMP(t0, t1, &ks->data[22]); - KEYSCHEDULE_UPDATE0(t0, t1, x1, x2, x3, x4, KC12); - KEYUPDATE_TEMP(t0, t1, &ks->data[24]); - KEYSCHEDULE_UPDATE1(t0, t1, x1, x2, x3, x4, KC13); - KEYUPDATE_TEMP(t0, t1, &ks->data[26]); - KEYSCHEDULE_UPDATE0(t0, t1, x1, x2, x3, x4, KC14); - KEYUPDATE_TEMP(t0, t1, &ks->data[28]); - KEYSCHEDULE_UPDATE1(t0, t1, x1, x2, x3, x4, KC15); - KEYUPDATE_TEMP(t0, t1, &ks->data[30]); -# else - { - int i; - for (i = 2; i < 16; i += 2) { - KEYSCHEDULE_UPDATE0(t0, t1, x1, x2, x3, x4, KC[i]); - KEYUPDATE_TEMP(t0, t1, &ks->data[i * 2]); - KEYSCHEDULE_UPDATE1(t0, t1, x1, x2, x3, x4, KC[i + 1]); - KEYUPDATE_TEMP(t0, t1, &ks->data[i * 2 + 2]); - } - } -# endif -} - -void SEED_encrypt(const unsigned char s[SEED_BLOCK_SIZE], - unsigned char d[SEED_BLOCK_SIZE], - const SEED_KEY_SCHEDULE *ks) -{ - seed_word x1, x2, x3, x4; - seed_word t0, t1; - - char2word(s, x1); - char2word(s + 4, x2); - char2word(s + 8, x3); - char2word(s + 12, x4); - -# if !defined(OPENSSL_SMALL_FOOTPRINT) - E_SEED(t0, t1, x1, x2, x3, x4, 0); - E_SEED(t0, t1, x3, x4, x1, x2, 2); - E_SEED(t0, t1, x1, x2, x3, x4, 4); - E_SEED(t0, t1, x3, x4, x1, x2, 6); - E_SEED(t0, t1, x1, x2, x3, x4, 8); - E_SEED(t0, t1, x3, x4, x1, x2, 10); - E_SEED(t0, t1, x1, x2, x3, x4, 12); - E_SEED(t0, t1, x3, x4, x1, x2, 14); - E_SEED(t0, t1, x1, x2, x3, x4, 16); - E_SEED(t0, t1, x3, x4, x1, x2, 18); - E_SEED(t0, t1, x1, x2, x3, x4, 20); - E_SEED(t0, t1, x3, x4, x1, x2, 22); - E_SEED(t0, t1, x1, x2, x3, x4, 24); - E_SEED(t0, t1, x3, x4, x1, x2, 26); - E_SEED(t0, t1, x1, x2, x3, x4, 28); - E_SEED(t0, t1, x3, x4, x1, x2, 30); -# else - { - int i; - for (i = 0; i < 30; i += 4) { - E_SEED(t0, t1, x1, x2, x3, x4, i); - E_SEED(t0, t1, x3, x4, x1, x2, i + 2); - } - } -# endif - - word2char(x3, d); - word2char(x4, d + 4); - word2char(x1, d + 8); - word2char(x2, d + 12); -} - -void SEED_decrypt(const unsigned char s[SEED_BLOCK_SIZE], - unsigned char d[SEED_BLOCK_SIZE], - const SEED_KEY_SCHEDULE *ks) -{ - seed_word x1, x2, x3, x4; - seed_word t0, t1; - - char2word(s, x1); - char2word(s + 4, x2); - char2word(s + 8, x3); - char2word(s + 12, x4); - -# if !defined(OPENSSL_SMALL_FOOTPRINT) - E_SEED(t0, t1, x1, x2, x3, x4, 30); - E_SEED(t0, t1, x3, x4, x1, x2, 28); - E_SEED(t0, t1, x1, x2, x3, x4, 26); - E_SEED(t0, t1, x3, x4, x1, x2, 24); - E_SEED(t0, t1, x1, x2, x3, x4, 22); - E_SEED(t0, t1, x3, x4, x1, x2, 20); - E_SEED(t0, t1, x1, x2, x3, x4, 18); - E_SEED(t0, t1, x3, x4, x1, x2, 16); - E_SEED(t0, t1, x1, x2, x3, x4, 14); - E_SEED(t0, t1, x3, x4, x1, x2, 12); - E_SEED(t0, t1, x1, x2, x3, x4, 10); - E_SEED(t0, t1, x3, x4, x1, x2, 8); - E_SEED(t0, t1, x1, x2, x3, x4, 6); - E_SEED(t0, t1, x3, x4, x1, x2, 4); - E_SEED(t0, t1, x1, x2, x3, x4, 2); - E_SEED(t0, t1, x3, x4, x1, x2, 0); -# else - { - int i; - for (i = 30; i > 0; i -= 4) { - E_SEED(t0, t1, x1, x2, x3, x4, i); - E_SEED(t0, t1, x3, x4, x1, x2, i - 2); - - } - } -# endif - - word2char(x3, d); - word2char(x4, d + 4); - word2char(x1, d + 8); - word2char(x2, d + 12); -} - -#endif /* OPENSSL_NO_SEED */ diff --git a/crypto/seed/seed_cbc.c b/crypto/seed/seed_cbc.c deleted file mode 100644 index d5a324fd4443b36d1ffcf4ea83e38f95709a15c8..0000000000000000000000000000000000000000 --- a/crypto/seed/seed_cbc.c +++ /dev/null @@ -1,29 +0,0 @@ -/* - * Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * SEED low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include -#include - -void SEED_cbc_encrypt(const unsigned char *in, unsigned char *out, - size_t len, const SEED_KEY_SCHEDULE *ks, - unsigned char ivec[SEED_BLOCK_SIZE], int enc) -{ - if (enc) - CRYPTO_cbc128_encrypt(in, out, len, ks, ivec, - (block128_f) SEED_encrypt); - else - CRYPTO_cbc128_decrypt(in, out, len, ks, ivec, - (block128_f) SEED_decrypt); -} diff --git a/crypto/seed/seed_cfb.c b/crypto/seed/seed_cfb.c deleted file mode 100644 index 24fbfbf746e329906aa69ed6e9d83f929e14f3f3..0000000000000000000000000000000000000000 --- a/crypto/seed/seed_cfb.c +++ /dev/null @@ -1,26 +0,0 @@ -/* - * Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * SEED low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include -#include - -void SEED_cfb128_encrypt(const unsigned char *in, unsigned char *out, - size_t len, const SEED_KEY_SCHEDULE *ks, - unsigned char ivec[SEED_BLOCK_SIZE], int *num, - int enc) -{ - CRYPTO_cfb128_encrypt(in, out, len, ks, ivec, num, enc, - (block128_f) SEED_encrypt); -} diff --git a/crypto/seed/seed_ecb.c b/crypto/seed/seed_ecb.c deleted file mode 100644 index 9f357511cd944869910c92ff91377c8be0c99a02..0000000000000000000000000000000000000000 --- a/crypto/seed/seed_ecb.c +++ /dev/null @@ -1,25 +0,0 @@ -/* - * Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * SEED low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include - -void SEED_ecb_encrypt(const unsigned char *in, unsigned char *out, - const SEED_KEY_SCHEDULE *ks, int enc) -{ - if (enc) - SEED_encrypt(in, out, ks); - else - SEED_decrypt(in, out, ks); -} diff --git a/crypto/seed/seed_local.h b/crypto/seed/seed_local.h deleted file mode 100644 index dd40ee69deb6842acbb522131c57a7f704d80075..0000000000000000000000000000000000000000 --- a/crypto/seed/seed_local.h +++ /dev/null @@ -1,112 +0,0 @@ -/* - * Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * Copyright (c) 2007 KISA(Korea Information Security Agency). All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Neither the name of author nor the names of its contributors may - * be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - */ -#ifndef OSSL_CRYPTO_SEED_LOCAL_H -# define OSSL_CRYPTO_SEED_LOCAL_H - -# include -# include - -# ifdef SEED_LONG /* need 32-bit type */ -typedef unsigned long seed_word; -# else -typedef unsigned int seed_word; -# endif - - -# define char2word(c, i) \ - (i) = ((((seed_word)(c)[0]) << 24) | (((seed_word)(c)[1]) << 16) | (((seed_word)(c)[2]) << 8) | ((seed_word)(c)[3])) - -# define word2char(l, c) \ - *((c)+0) = (unsigned char)((l)>>24) & 0xff; \ - *((c)+1) = (unsigned char)((l)>>16) & 0xff; \ - *((c)+2) = (unsigned char)((l)>> 8) & 0xff; \ - *((c)+3) = (unsigned char)((l)) & 0xff - -# define KEYSCHEDULE_UPDATE0(T0, T1, X1, X2, X3, X4, KC) \ - (T0) = (X3); \ - (X3) = (((X3)<<8) ^ ((X4)>>24)) & 0xffffffff; \ - (X4) = (((X4)<<8) ^ ((T0)>>24)) & 0xffffffff; \ - (T0) = ((X1) + (X3) - (KC)) & 0xffffffff; \ - (T1) = ((X2) + (KC) - (X4)) & 0xffffffff - -# define KEYSCHEDULE_UPDATE1(T0, T1, X1, X2, X3, X4, KC) \ - (T0) = (X1); \ - (X1) = (((X1)>>8) ^ ((X2)<<24)) & 0xffffffff; \ - (X2) = (((X2)>>8) ^ ((T0)<<24)) & 0xffffffff; \ - (T0) = ((X1) + (X3) - (KC)) & 0xffffffff; \ - (T1) = ((X2) + (KC) - (X4)) & 0xffffffff - -# define KEYUPDATE_TEMP(T0, T1, K) \ - (K)[0] = G_FUNC((T0)); \ - (K)[1] = G_FUNC((T1)) - -# define XOR_SEEDBLOCK(DST, SRC) \ - ((DST))[0] ^= ((SRC))[0]; \ - ((DST))[1] ^= ((SRC))[1]; \ - ((DST))[2] ^= ((SRC))[2]; \ - ((DST))[3] ^= ((SRC))[3] - -# define MOV_SEEDBLOCK(DST, SRC) \ - ((DST))[0] = ((SRC))[0]; \ - ((DST))[1] = ((SRC))[1]; \ - ((DST))[2] = ((SRC))[2]; \ - ((DST))[3] = ((SRC))[3] - -# define CHAR2WORD(C, I) \ - char2word((C), (I)[0]); \ - char2word((C+4), (I)[1]); \ - char2word((C+8), (I)[2]); \ - char2word((C+12), (I)[3]) - -# define WORD2CHAR(I, C) \ - word2char((I)[0], (C)); \ - word2char((I)[1], (C+4)); \ - word2char((I)[2], (C+8)); \ - word2char((I)[3], (C+12)) - -# define E_SEED(T0, T1, X1, X2, X3, X4, rbase) \ - (T0) = (X3) ^ (ks->data)[(rbase)]; \ - (T1) = (X4) ^ (ks->data)[(rbase)+1]; \ - (T1) ^= (T0); \ - (T1) = G_FUNC((T1)); \ - (T0) = ((T0) + (T1)) & 0xffffffff; \ - (T0) = G_FUNC((T0)); \ - (T1) = ((T1) + (T0)) & 0xffffffff; \ - (T1) = G_FUNC((T1)); \ - (T0) = ((T0) + (T1)) & 0xffffffff; \ - (X1) ^= (T0); \ - (X2) ^= (T1) - -#endif /* OSSL_CRYPTO_SEED_LOCAL_H */ diff --git a/crypto/seed/seed_ofb.c b/crypto/seed/seed_ofb.c deleted file mode 100644 index b2e905331d9ffd4c6a66469367fff15ac3b363b7..0000000000000000000000000000000000000000 --- a/crypto/seed/seed_ofb.c +++ /dev/null @@ -1,25 +0,0 @@ -/* - * Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * SEED low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include -#include - -void SEED_ofb128_encrypt(const unsigned char *in, unsigned char *out, - size_t len, const SEED_KEY_SCHEDULE *ks, - unsigned char ivec[SEED_BLOCK_SIZE], int *num) -{ - CRYPTO_ofb128_encrypt(in, out, len, ks, ivec, num, - (block128_f) SEED_encrypt); -} diff --git a/crypto/self_test_core.c b/crypto/self_test_core.c deleted file mode 100644 index dad4be208a4a47119e437d3b17491b1781c06b21..0000000000000000000000000000000000000000 --- a/crypto/self_test_core.c +++ /dev/null @@ -1,172 +0,0 @@ -/* - * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include "internal/cryptlib.h" - -typedef struct self_test_cb_st -{ - OSSL_CALLBACK *cb; - void *cbarg; -} SELF_TEST_CB; - -struct ossl_self_test_st -{ - /* local state variables */ - const char *phase; - const char *type; - const char *desc; - OSSL_CALLBACK *cb; - - /* callback related variables used to pass the state back to the user */ - OSSL_PARAM params[4]; - void *cb_arg; -}; - -#ifndef FIPS_MODULE -static void *self_test_set_callback_new(OSSL_LIB_CTX *ctx) -{ - SELF_TEST_CB *stcb; - - stcb = OPENSSL_zalloc(sizeof(*stcb)); - return stcb; -} - -static void self_test_set_callback_free(void *stcb) -{ - OPENSSL_free(stcb); -} - -static const OSSL_LIB_CTX_METHOD self_test_set_callback_method = { - OSSL_LIB_CTX_METHOD_DEFAULT_PRIORITY, - self_test_set_callback_new, - self_test_set_callback_free, -}; - -static SELF_TEST_CB *get_self_test_callback(OSSL_LIB_CTX *libctx) -{ - return ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_SELF_TEST_CB_INDEX, - &self_test_set_callback_method); -} - -void OSSL_SELF_TEST_set_callback(OSSL_LIB_CTX *libctx, OSSL_CALLBACK *cb, - void *cbarg) -{ - SELF_TEST_CB *stcb = get_self_test_callback(libctx); - - if (stcb != NULL) { - stcb->cb = cb; - stcb->cbarg = cbarg; - } -} - -void OSSL_SELF_TEST_get_callback(OSSL_LIB_CTX *libctx, OSSL_CALLBACK **cb, - void **cbarg) -{ - SELF_TEST_CB *stcb = get_self_test_callback(libctx); - - if (cb != NULL) - *cb = (stcb != NULL ? stcb->cb : NULL); - if (cbarg != NULL) - *cbarg = (stcb != NULL ? stcb->cbarg : NULL); -} -#endif /* FIPS_MODULE */ - -static void self_test_setparams(OSSL_SELF_TEST *st) -{ - size_t n = 0; - - if (st->cb != NULL) { - st->params[n++] = - OSSL_PARAM_construct_utf8_string(OSSL_PROV_PARAM_SELF_TEST_PHASE, - (char *)st->phase, 0); - st->params[n++] = - OSSL_PARAM_construct_utf8_string(OSSL_PROV_PARAM_SELF_TEST_TYPE, - (char *)st->type, 0); - st->params[n++] = - OSSL_PARAM_construct_utf8_string(OSSL_PROV_PARAM_SELF_TEST_DESC, - (char *)st->desc, 0); - } - st->params[n++] = OSSL_PARAM_construct_end(); -} - -OSSL_SELF_TEST *OSSL_SELF_TEST_new(OSSL_CALLBACK *cb, void *cbarg) -{ - OSSL_SELF_TEST *ret = OPENSSL_zalloc(sizeof(*ret)); - - if (ret == NULL) - return NULL; - - ret->cb = cb; - ret->cb_arg = cbarg; - ret->phase = ""; - ret->type = ""; - ret->desc = ""; - self_test_setparams(ret); - return ret; -} - -void OSSL_SELF_TEST_free(OSSL_SELF_TEST *st) -{ - OPENSSL_free(st); -} - -/* Can be used during application testing to log that a test has started. */ -void OSSL_SELF_TEST_onbegin(OSSL_SELF_TEST *st, const char *type, - const char *desc) -{ - if (st != NULL && st->cb != NULL) { - st->phase = OSSL_SELF_TEST_PHASE_START; - st->type = type; - st->desc = desc; - self_test_setparams(st); - (void)st->cb(st->params, st->cb_arg); - } -} - -/* - * Can be used during application testing to log that a test has either - * passed or failed. - */ -void OSSL_SELF_TEST_onend(OSSL_SELF_TEST *st, int ret) -{ - if (st != NULL && st->cb != NULL) { - st->phase = - (ret == 1 ? OSSL_SELF_TEST_PHASE_PASS : OSSL_SELF_TEST_PHASE_FAIL); - self_test_setparams(st); - (void)st->cb(st->params, st->cb_arg); - - st->phase = OSSL_SELF_TEST_PHASE_NONE; - st->type = OSSL_SELF_TEST_TYPE_NONE; - st->desc = OSSL_SELF_TEST_DESC_NONE; - } -} - -/* - * Used for failure testing. - * - * Call the applications SELF_TEST_cb() if it exists. - * If the application callback decides to return 0 then the first byte of 'bytes' - * is modified (corrupted). This is used to modify output signatures or - * ciphertext before they are verified or decrypted. - */ -int OSSL_SELF_TEST_oncorrupt_byte(OSSL_SELF_TEST *st, unsigned char *bytes) -{ - if (st != NULL && st->cb != NULL) { - st->phase = OSSL_SELF_TEST_PHASE_CORRUPT; - self_test_setparams(st); - if (!st->cb(st->params, st->cb_arg)) { - bytes[0] ^= 1; - return 1; - } - } - return 0; -} diff --git a/crypto/sha/asm/keccak1600-armv4.pl b/crypto/sha/asm/keccak1600-armv4.pl deleted file mode 100755 index eaad86d39ddf7037de4a02fb0df2e1f63dbc9996..0000000000000000000000000000000000000000 --- a/crypto/sha/asm/keccak1600-armv4.pl +++ /dev/null @@ -1,1636 +0,0 @@ -#!/usr/bin/env perl -# Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html -# -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# ==================================================================== -# -# Keccak-1600 for ARMv4. -# -# June 2017. -# -# Non-NEON code is KECCAK_1X variant (see sha/keccak1600.c) with bit -# interleaving. How does it compare to Keccak Code Package? It's as -# fast, but several times smaller, and is endian- and ISA-neutral. ISA -# neutrality means that minimum ISA requirement is ARMv4, yet it can -# be assembled even as Thumb-2. NEON code path is KECCAK_1X_ALT with -# register layout taken from Keccak Code Package. It's also as fast, -# in fact faster by 10-15% on some processors, and endian-neutral. -# -# August 2017. -# -# Switch to KECCAK_2X variant for non-NEON code and merge almost 1/2 -# of rotate instructions with logical ones. This resulted in ~10% -# improvement on most processors. Switch to KECCAK_2X effectively -# minimizes re-loads from temporary storage, and merged rotates just -# eliminate corresponding instructions. As for latter. When examining -# code you'll notice commented ror instructions. These are eliminated -# ones, and you should trace destination register below to see what's -# going on. Just in case, why not all rotates are eliminated. Trouble -# is that you have operations that require both inputs to be rotated, -# e.g. 'eor a,b>>>x,c>>>y'. This conundrum is resolved by using -# 'eor a,b,c>>>(x-y)' and then merge-rotating 'a' in next operation -# that takes 'a' as input. And thing is that this next operation can -# be in next round. It's totally possible to "carry" rotate "factors" -# to the next round, but it makes code more complex. And the last word -# is the keyword, i.e. "almost 1/2" is kind of complexity cap [for the -# time being]... -# -# Reduce per-round instruction count in Thumb-2 case by 16%. This is -# achieved by folding ldr/str pairs to their double-word counterparts. -# Theoretically this should have improved performance on single-issue -# cores, such as Cortex-A5/A7, by 19%. Reality is a bit different, as -# usual... -# -######################################################################## -# Numbers are cycles per processed byte. Non-NEON results account even -# for input bit interleaving. -# -# r=1088(*) Thumb-2(**) NEON -# -# ARM11xx 82/+150% -# Cortex-A5 88/+160%, 86, 36 -# Cortex-A7 78/+160%, 68, 34 -# Cortex-A8 51/+230%, 57, 30 -# Cortex-A9 53/+210%, 51, 26 -# Cortex-A15 42/+160%, 38, 18 -# Snapdragon S4 43/+210%, 38, 24 -# -# (*) Corresponds to SHA3-256. Percentage after slash is improvement -# over compiler-generated KECCAK_2X reference code. -# (**) Thumb-2 results for Cortex-A5/A7 are likely to apply even to -# Cortex-Mx, x>=3. Otherwise, non-NEON results for NEON-capable -# processors are presented mostly for reference purposes. - -# $output is the last argument if it looks like a file (it has an extension) -# $flavour is the first argument if it doesn't look like a file -$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; -$flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef; - -if ($flavour && $flavour ne "void") { - $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; - ( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or - ( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or - die "can't locate arm-xlate.pl"; - - open STDOUT,"| \"$^X\" $xlate $flavour \"$output\"" - or die "can't call $xlate: $!"; -} else { - $output and open STDOUT,">$output"; -} - -my @C = map("r$_",(0..9)); -my @E = map("r$_",(10..12,14)); - -######################################################################## -# Stack layout -# ----->+-----------------------+ -# | uint64_t A[5][5] | -# | ... | -# +200->+-----------------------+ -# | uint64_t D[5] | -# | ... | -# +240->+-----------------------+ -# | uint64_t T[5][5] | -# | ... | -# +440->+-----------------------+ -# | saved lr | -# +444->+-----------------------+ -# | loop counter | -# +448->+-----------------------+ -# | ... - -my @A = map([ 8*$_, 8*($_+1), 8*($_+2), 8*($_+3), 8*($_+4) ], (0,5,10,15,20)); -my @D = map(8*$_, (25..29)); -my @T = map([ 8*$_, 8*($_+1), 8*($_+2), 8*($_+3), 8*($_+4) ], (30,35,40,45,50)); - -$code.=<<___; -#include "arm_arch.h" - -#if defined(__thumb2__) -.syntax unified -.thumb -#else -.code 32 -#endif - -.text - -.type iotas32, %object -.align 5 -iotas32: - .long 0x00000001, 0x00000000 - .long 0x00000000, 0x00000089 - .long 0x00000000, 0x8000008b - .long 0x00000000, 0x80008080 - .long 0x00000001, 0x0000008b - .long 0x00000001, 0x00008000 - .long 0x00000001, 0x80008088 - .long 0x00000001, 0x80000082 - .long 0x00000000, 0x0000000b - .long 0x00000000, 0x0000000a - .long 0x00000001, 0x00008082 - .long 0x00000000, 0x00008003 - .long 0x00000001, 0x0000808b - .long 0x00000001, 0x8000000b - .long 0x00000001, 0x8000008a - .long 0x00000001, 0x80000081 - .long 0x00000000, 0x80000081 - .long 0x00000000, 0x80000008 - .long 0x00000000, 0x00000083 - .long 0x00000000, 0x80008003 - .long 0x00000001, 0x80008088 - .long 0x00000000, 0x80000088 - .long 0x00000001, 0x00008000 - .long 0x00000000, 0x80008082 -.size iotas32,.-iotas32 - -.type KeccakF1600_int, %function -.align 5 -KeccakF1600_int: - add @C[9],sp,#$A[4][2] - add @E[2],sp,#$A[0][0] - add @E[0],sp,#$A[1][0] - ldmia @C[9],{@C[4]-@C[9]} @ A[4][2..4] -KeccakF1600_enter: - str lr,[sp,#440] - eor @E[1],@E[1],@E[1] - str @E[1],[sp,#444] - b .Lround2x - -.align 4 -.Lround2x: -___ -sub Round { -my (@A,@R); (@A[0..4],@R) = @_; - -$code.=<<___; - ldmia @E[2],{@C[0]-@C[3]} @ A[0][0..1] - ldmia @E[0],{@E[0]-@E[2],@E[3]} @ A[1][0..1] -#ifdef __thumb2__ - eor @C[0],@C[0],@E[0] - eor @C[1],@C[1],@E[1] - eor @C[2],@C[2],@E[2] - ldrd @E[0],@E[1],[sp,#$A[1][2]] - eor @C[3],@C[3],@E[3] - ldrd @E[2],@E[3],[sp,#$A[1][3]] - eor @C[4],@C[4],@E[0] - eor @C[5],@C[5],@E[1] - eor @C[6],@C[6],@E[2] - ldrd @E[0],@E[1],[sp,#$A[1][4]] - eor @C[7],@C[7],@E[3] - ldrd @E[2],@E[3],[sp,#$A[2][0]] - eor @C[8],@C[8],@E[0] - eor @C[9],@C[9],@E[1] - eor @C[0],@C[0],@E[2] - ldrd @E[0],@E[1],[sp,#$A[2][1]] - eor @C[1],@C[1],@E[3] - ldrd @E[2],@E[3],[sp,#$A[2][2]] - eor @C[2],@C[2],@E[0] - eor @C[3],@C[3],@E[1] - eor @C[4],@C[4],@E[2] - ldrd @E[0],@E[1],[sp,#$A[2][3]] - eor @C[5],@C[5],@E[3] - ldrd @E[2],@E[3],[sp,#$A[2][4]] - eor @C[6],@C[6],@E[0] - eor @C[7],@C[7],@E[1] - eor @C[8],@C[8],@E[2] - ldrd @E[0],@E[1],[sp,#$A[3][0]] - eor @C[9],@C[9],@E[3] - ldrd @E[2],@E[3],[sp,#$A[3][1]] - eor @C[0],@C[0],@E[0] - eor @C[1],@C[1],@E[1] - eor @C[2],@C[2],@E[2] - ldrd @E[0],@E[1],[sp,#$A[3][2]] - eor @C[3],@C[3],@E[3] - ldrd @E[2],@E[3],[sp,#$A[3][3]] - eor @C[4],@C[4],@E[0] - eor @C[5],@C[5],@E[1] - eor @C[6],@C[6],@E[2] - ldrd @E[0],@E[1],[sp,#$A[3][4]] - eor @C[7],@C[7],@E[3] - ldrd @E[2],@E[3],[sp,#$A[4][0]] - eor @C[8],@C[8],@E[0] - eor @C[9],@C[9],@E[1] - eor @C[0],@C[0],@E[2] - ldrd @E[0],@E[1],[sp,#$A[4][1]] - eor @C[1],@C[1],@E[3] - ldrd @E[2],@E[3],[sp,#$A[0][2]] - eor @C[2],@C[2],@E[0] - eor @C[3],@C[3],@E[1] - eor @C[4],@C[4],@E[2] - ldrd @E[0],@E[1],[sp,#$A[0][3]] - eor @C[5],@C[5],@E[3] - ldrd @E[2],@E[3],[sp,#$A[0][4]] -#else - eor @C[0],@C[0],@E[0] - add @E[0],sp,#$A[1][2] - eor @C[1],@C[1],@E[1] - eor @C[2],@C[2],@E[2] - eor @C[3],@C[3],@E[3] - ldmia @E[0],{@E[0]-@E[2],@E[3]} @ A[1][2..3] - eor @C[4],@C[4],@E[0] - add @E[0],sp,#$A[1][4] - eor @C[5],@C[5],@E[1] - eor @C[6],@C[6],@E[2] - eor @C[7],@C[7],@E[3] - ldmia @E[0],{@E[0]-@E[2],@E[3]} @ A[1][4]..A[2][0] - eor @C[8],@C[8],@E[0] - add @E[0],sp,#$A[2][1] - eor @C[9],@C[9],@E[1] - eor @C[0],@C[0],@E[2] - eor @C[1],@C[1],@E[3] - ldmia @E[0],{@E[0]-@E[2],@E[3]} @ A[2][1..2] - eor @C[2],@C[2],@E[0] - add @E[0],sp,#$A[2][3] - eor @C[3],@C[3],@E[1] - eor @C[4],@C[4],@E[2] - eor @C[5],@C[5],@E[3] - ldmia @E[0],{@E[0]-@E[2],@E[3]} @ A[2][3..4] - eor @C[6],@C[6],@E[0] - add @E[0],sp,#$A[3][0] - eor @C[7],@C[7],@E[1] - eor @C[8],@C[8],@E[2] - eor @C[9],@C[9],@E[3] - ldmia @E[0],{@E[0]-@E[2],@E[3]} @ A[3][0..1] - eor @C[0],@C[0],@E[0] - add @E[0],sp,#$A[3][2] - eor @C[1],@C[1],@E[1] - eor @C[2],@C[2],@E[2] - eor @C[3],@C[3],@E[3] - ldmia @E[0],{@E[0]-@E[2],@E[3]} @ A[3][2..3] - eor @C[4],@C[4],@E[0] - add @E[0],sp,#$A[3][4] - eor @C[5],@C[5],@E[1] - eor @C[6],@C[6],@E[2] - eor @C[7],@C[7],@E[3] - ldmia @E[0],{@E[0]-@E[2],@E[3]} @ A[3][4]..A[4][0] - eor @C[8],@C[8],@E[0] - ldr @E[0],[sp,#$A[4][1]] @ A[4][1] - eor @C[9],@C[9],@E[1] - ldr @E[1],[sp,#$A[4][1]+4] - eor @C[0],@C[0],@E[2] - ldr @E[2],[sp,#$A[0][2]] @ A[0][2] - eor @C[1],@C[1],@E[3] - ldr @E[3],[sp,#$A[0][2]+4] - eor @C[2],@C[2],@E[0] - add @E[0],sp,#$A[0][3] - eor @C[3],@C[3],@E[1] - eor @C[4],@C[4],@E[2] - eor @C[5],@C[5],@E[3] - ldmia @E[0],{@E[0]-@E[2],@E[3]} @ A[0][3..4] -#endif - eor @C[6],@C[6],@E[0] - eor @C[7],@C[7],@E[1] - eor @C[8],@C[8],@E[2] - eor @C[9],@C[9],@E[3] - - eor @E[0],@C[0],@C[5],ror#32-1 @ E[0] = ROL64(C[2], 1) ^ C[0]; - str.l @E[0],[sp,#$D[1]] @ D[1] = E[0] - eor @E[1],@C[1],@C[4] - str.h @E[1],[sp,#$D[1]+4] - eor @E[2],@C[6],@C[1],ror#32-1 @ E[1] = ROL64(C[0], 1) ^ C[3]; - eor @E[3],@C[7],@C[0] - str.l @E[2],[sp,#$D[4]] @ D[4] = E[1] - eor @C[0],@C[8],@C[3],ror#32-1 @ C[0] = ROL64(C[1], 1) ^ C[4]; - str.h @E[3],[sp,#$D[4]+4] - eor @C[1],@C[9],@C[2] - str.l @C[0],[sp,#$D[0]] @ D[0] = C[0] - eor @C[2],@C[2],@C[7],ror#32-1 @ C[1] = ROL64(C[3], 1) ^ C[1]; - ldr.l @C[7],[sp,#$A[3][3]] - eor @C[3],@C[3],@C[6] - str.h @C[1],[sp,#$D[0]+4] - ldr.h @C[6],[sp,#$A[3][3]+4] - str.l @C[2],[sp,#$D[2]] @ D[2] = C[1] - eor @C[4],@C[4],@C[9],ror#32-1 @ C[2] = ROL64(C[4], 1) ^ C[2]; - str.h @C[3],[sp,#$D[2]+4] - eor @C[5],@C[5],@C[8] - - ldr.l @C[8],[sp,#$A[4][4]] - ldr.h @C[9],[sp,#$A[4][4]+4] - str.l @C[4],[sp,#$D[3]] @ D[3] = C[2] - eor @C[7],@C[7],@C[4] - str.h @C[5],[sp,#$D[3]+4] - eor @C[6],@C[6],@C[5] - ldr.l @C[4],[sp,#$A[0][0]] - @ ror @C[7],@C[7],#32-10 @ C[3] = ROL64(A[3][3] ^ C[2], rhotates[3][3]); /* D[3] */ - @ ror @C[6],@C[6],#32-11 - ldr.h @C[5],[sp,#$A[0][0]+4] - eor @C[8],@C[8],@E[2] - eor @C[9],@C[9],@E[3] - ldr.l @E[2],[sp,#$A[2][2]] - eor @C[0],@C[0],@C[4] - ldr.h @E[3],[sp,#$A[2][2]+4] - @ ror @C[8],@C[8],#32-7 @ C[4] = ROL64(A[4][4] ^ E[1], rhotates[4][4]); /* D[4] */ - @ ror @C[9],@C[9],#32-7 - eor @C[1],@C[1],@C[5] @ C[0] = A[0][0] ^ C[0]; /* rotate by 0 */ /* D[0] */ - eor @E[2],@E[2],@C[2] - ldr.l @C[2],[sp,#$A[1][1]] - eor @E[3],@E[3],@C[3] - ldr.h @C[3],[sp,#$A[1][1]+4] - ror @C[5],@E[2],#32-21 @ C[2] = ROL64(A[2][2] ^ C[1], rhotates[2][2]); /* D[2] */ - ldr @E[2],[sp,#444] @ load counter - eor @C[2],@C[2],@E[0] - adr @E[0],iotas32 - ror @C[4],@E[3],#32-22 - add @E[3],@E[0],@E[2] - eor @C[3],@C[3],@E[1] -___ -$code.=<<___ if ($A[0][0] != $T[0][0]); - ldmia @E[3],{@E[0],@E[1]} @ iotas[i] -___ -$code.=<<___ if ($A[0][0] == $T[0][0]); - ldr.l @E[0],[@E[3],#8] @ iotas[i].lo - add @E[2],@E[2],#16 - ldr.h @E[1],[@E[3],#12] @ iotas[i].hi - cmp @E[2],#192 - str @E[2],[sp,#444] @ store counter -___ -$code.=<<___; - bic @E[2],@C[4],@C[2],ror#32-22 - bic @E[3],@C[5],@C[3],ror#32-22 - ror @C[2],@C[2],#32-22 @ C[1] = ROL64(A[1][1] ^ E[0], rhotates[1][1]); /* D[1] */ - ror @C[3],@C[3],#32-22 - eor @E[2],@E[2],@C[0] - eor @E[3],@E[3],@C[1] - eor @E[0],@E[0],@E[2] - eor @E[1],@E[1],@E[3] - str.l @E[0],[sp,#$R[0][0]] @ R[0][0] = C[0] ^ (~C[1] & C[2]) ^ iotas[i]; - bic @E[2],@C[6],@C[4],ror#11 - str.h @E[1],[sp,#$R[0][0]+4] - bic @E[3],@C[7],@C[5],ror#10 - bic @E[0],@C[8],@C[6],ror#32-(11-7) - bic @E[1],@C[9],@C[7],ror#32-(10-7) - eor @E[2],@C[2],@E[2],ror#32-11 - str.l @E[2],[sp,#$R[0][1]] @ R[0][1] = C[1] ^ (~C[2] & C[3]); - eor @E[3],@C[3],@E[3],ror#32-10 - str.h @E[3],[sp,#$R[0][1]+4] - eor @E[0],@C[4],@E[0],ror#32-7 - eor @E[1],@C[5],@E[1],ror#32-7 - str.l @E[0],[sp,#$R[0][2]] @ R[0][2] = C[2] ^ (~C[3] & C[4]); - bic @E[2],@C[0],@C[8],ror#32-7 - str.h @E[1],[sp,#$R[0][2]+4] - bic @E[3],@C[1],@C[9],ror#32-7 - eor @E[2],@E[2],@C[6],ror#32-11 - str.l @E[2],[sp,#$R[0][3]] @ R[0][3] = C[3] ^ (~C[4] & C[0]); - eor @E[3],@E[3],@C[7],ror#32-10 - str.h @E[3],[sp,#$R[0][3]+4] - bic @E[0],@C[2],@C[0] - add @E[3],sp,#$D[3] - ldr.l @C[0],[sp,#$A[0][3]] @ A[0][3] - bic @E[1],@C[3],@C[1] - ldr.h @C[1],[sp,#$A[0][3]+4] - eor @E[0],@E[0],@C[8],ror#32-7 - eor @E[1],@E[1],@C[9],ror#32-7 - str.l @E[0],[sp,#$R[0][4]] @ R[0][4] = C[4] ^ (~C[0] & C[1]); - add @C[9],sp,#$D[0] - str.h @E[1],[sp,#$R[0][4]+4] - - ldmia @E[3],{@E[0]-@E[2],@E[3]} @ D[3..4] - ldmia @C[9],{@C[6]-@C[9]} @ D[0..1] - - ldr.l @C[2],[sp,#$A[1][4]] @ A[1][4] - eor @C[0],@C[0],@E[0] - ldr.h @C[3],[sp,#$A[1][4]+4] - eor @C[1],@C[1],@E[1] - @ ror @C[0],@C[0],#32-14 @ C[0] = ROL64(A[0][3] ^ D[3], rhotates[0][3]); - ldr.l @E[0],[sp,#$A[3][1]] @ A[3][1] - @ ror @C[1],@C[1],#32-14 - ldr.h @E[1],[sp,#$A[3][1]+4] - - eor @C[2],@C[2],@E[2] - ldr.l @C[4],[sp,#$A[2][0]] @ A[2][0] - eor @C[3],@C[3],@E[3] - ldr.h @C[5],[sp,#$A[2][0]+4] - @ ror @C[2],@C[2],#32-10 @ C[1] = ROL64(A[1][4] ^ D[4], rhotates[1][4]); - @ ror @C[3],@C[3],#32-10 - - eor @C[6],@C[6],@C[4] - ldr.l @E[2],[sp,#$D[2]] @ D[2] - eor @C[7],@C[7],@C[5] - ldr.h @E[3],[sp,#$D[2]+4] - ror @C[5],@C[6],#32-1 @ C[2] = ROL64(A[2][0] ^ D[0], rhotates[2][0]); - ror @C[4],@C[7],#32-2 - - eor @E[0],@E[0],@C[8] - ldr.l @C[8],[sp,#$A[4][2]] @ A[4][2] - eor @E[1],@E[1],@C[9] - ldr.h @C[9],[sp,#$A[4][2]+4] - ror @C[7],@E[0],#32-22 @ C[3] = ROL64(A[3][1] ^ D[1], rhotates[3][1]); - ror @C[6],@E[1],#32-23 - - bic @E[0],@C[4],@C[2],ror#32-10 - bic @E[1],@C[5],@C[3],ror#32-10 - eor @E[2],@E[2],@C[8] - eor @E[3],@E[3],@C[9] - ror @C[9],@E[2],#32-30 @ C[4] = ROL64(A[4][2] ^ D[2], rhotates[4][2]); - ror @C[8],@E[3],#32-31 - eor @E[0],@E[0],@C[0],ror#32-14 - eor @E[1],@E[1],@C[1],ror#32-14 - str.l @E[0],[sp,#$R[1][0]] @ R[1][0] = C[0] ^ (~C[1] & C[2]) - bic @E[2],@C[6],@C[4] - str.h @E[1],[sp,#$R[1][0]+4] - bic @E[3],@C[7],@C[5] - eor @E[2],@E[2],@C[2],ror#32-10 - str.l @E[2],[sp,#$R[1][1]] @ R[1][1] = C[1] ^ (~C[2] & C[3]); - eor @E[3],@E[3],@C[3],ror#32-10 - str.h @E[3],[sp,#$R[1][1]+4] - bic @E[0],@C[8],@C[6] - bic @E[1],@C[9],@C[7] - bic @E[2],@C[0],@C[8],ror#14 - bic @E[3],@C[1],@C[9],ror#14 - eor @E[0],@E[0],@C[4] - eor @E[1],@E[1],@C[5] - str.l @E[0],[sp,#$R[1][2]] @ R[1][2] = C[2] ^ (~C[3] & C[4]); - bic @C[2],@C[2],@C[0],ror#32-(14-10) - str.h @E[1],[sp,#$R[1][2]+4] - eor @E[2],@C[6],@E[2],ror#32-14 - bic @E[1],@C[3],@C[1],ror#32-(14-10) - str.l @E[2],[sp,#$R[1][3]] @ R[1][3] = C[3] ^ (~C[4] & C[0]); - eor @E[3],@C[7],@E[3],ror#32-14 - str.h @E[3],[sp,#$R[1][3]+4] - add @E[2],sp,#$D[1] - ldr.l @C[1],[sp,#$A[0][1]] @ A[0][1] - eor @E[0],@C[8],@C[2],ror#32-10 - ldr.h @C[0],[sp,#$A[0][1]+4] - eor @E[1],@C[9],@E[1],ror#32-10 - str.l @E[0],[sp,#$R[1][4]] @ R[1][4] = C[4] ^ (~C[0] & C[1]); - str.h @E[1],[sp,#$R[1][4]+4] - - add @C[9],sp,#$D[3] - ldmia @E[2],{@E[0]-@E[2],@E[3]} @ D[1..2] - ldr.l @C[2],[sp,#$A[1][2]] @ A[1][2] - ldr.h @C[3],[sp,#$A[1][2]+4] - ldmia @C[9],{@C[6]-@C[9]} @ D[3..4] - - eor @C[1],@C[1],@E[0] - ldr.l @C[4],[sp,#$A[2][3]] @ A[2][3] - eor @C[0],@C[0],@E[1] - ldr.h @C[5],[sp,#$A[2][3]+4] - ror @C[0],@C[0],#32-1 @ C[0] = ROL64(A[0][1] ^ D[1], rhotates[0][1]); - - eor @C[2],@C[2],@E[2] - ldr.l @E[0],[sp,#$A[3][4]] @ A[3][4] - eor @C[3],@C[3],@E[3] - ldr.h @E[1],[sp,#$A[3][4]+4] - @ ror @C[2],@C[2],#32-3 @ C[1] = ROL64(A[1][2] ^ D[2], rhotates[1][2]); - ldr.l @E[2],[sp,#$D[0]] @ D[0] - @ ror @C[3],@C[3],#32-3 - ldr.h @E[3],[sp,#$D[0]+4] - - eor @C[4],@C[4],@C[6] - eor @C[5],@C[5],@C[7] - @ ror @C[5],@C[6],#32-12 @ C[2] = ROL64(A[2][3] ^ D[3], rhotates[2][3]); - @ ror @C[4],@C[7],#32-13 @ [track reverse order below] - - eor @E[0],@E[0],@C[8] - ldr.l @C[8],[sp,#$A[4][0]] @ A[4][0] - eor @E[1],@E[1],@C[9] - ldr.h @C[9],[sp,#$A[4][0]+4] - ror @C[6],@E[0],#32-4 @ C[3] = ROL64(A[3][4] ^ D[4], rhotates[3][4]); - ror @C[7],@E[1],#32-4 - - eor @E[2],@E[2],@C[8] - eor @E[3],@E[3],@C[9] - ror @C[8],@E[2],#32-9 @ C[4] = ROL64(A[4][0] ^ D[0], rhotates[4][0]); - ror @C[9],@E[3],#32-9 - - bic @E[0],@C[5],@C[2],ror#13-3 - bic @E[1],@C[4],@C[3],ror#12-3 - bic @E[2],@C[6],@C[5],ror#32-13 - bic @E[3],@C[7],@C[4],ror#32-12 - eor @E[0],@C[0],@E[0],ror#32-13 - eor @E[1],@C[1],@E[1],ror#32-12 - str.l @E[0],[sp,#$R[2][0]] @ R[2][0] = C[0] ^ (~C[1] & C[2]) - eor @E[2],@E[2],@C[2],ror#32-3 - str.h @E[1],[sp,#$R[2][0]+4] - eor @E[3],@E[3],@C[3],ror#32-3 - str.l @E[2],[sp,#$R[2][1]] @ R[2][1] = C[1] ^ (~C[2] & C[3]); - bic @E[0],@C[8],@C[6] - bic @E[1],@C[9],@C[7] - str.h @E[3],[sp,#$R[2][1]+4] - eor @E[0],@E[0],@C[5],ror#32-13 - eor @E[1],@E[1],@C[4],ror#32-12 - str.l @E[0],[sp,#$R[2][2]] @ R[2][2] = C[2] ^ (~C[3] & C[4]); - bic @E[2],@C[0],@C[8] - str.h @E[1],[sp,#$R[2][2]+4] - bic @E[3],@C[1],@C[9] - eor @E[2],@E[2],@C[6] - eor @E[3],@E[3],@C[7] - str.l @E[2],[sp,#$R[2][3]] @ R[2][3] = C[3] ^ (~C[4] & C[0]); - bic @E[0],@C[2],@C[0],ror#3 - str.h @E[3],[sp,#$R[2][3]+4] - bic @E[1],@C[3],@C[1],ror#3 - ldr.l @C[1],[sp,#$A[0][4]] @ A[0][4] [in reverse order] - eor @E[0],@C[8],@E[0],ror#32-3 - ldr.h @C[0],[sp,#$A[0][4]+4] - eor @E[1],@C[9],@E[1],ror#32-3 - str.l @E[0],[sp,#$R[2][4]] @ R[2][4] = C[4] ^ (~C[0] & C[1]); - add @C[9],sp,#$D[1] - str.h @E[1],[sp,#$R[2][4]+4] - - ldr.l @E[0],[sp,#$D[4]] @ D[4] - ldr.h @E[1],[sp,#$D[4]+4] - ldr.l @E[2],[sp,#$D[0]] @ D[0] - ldr.h @E[3],[sp,#$D[0]+4] - - ldmia @C[9],{@C[6]-@C[9]} @ D[1..2] - - eor @C[1],@C[1],@E[0] - ldr.l @C[2],[sp,#$A[1][0]] @ A[1][0] - eor @C[0],@C[0],@E[1] - ldr.h @C[3],[sp,#$A[1][0]+4] - @ ror @C[1],@E[0],#32-13 @ C[0] = ROL64(A[0][4] ^ D[4], rhotates[0][4]); - ldr.l @C[4],[sp,#$A[2][1]] @ A[2][1] - @ ror @C[0],@E[1],#32-14 @ [was loaded in reverse order] - ldr.h @C[5],[sp,#$A[2][1]+4] - - eor @C[2],@C[2],@E[2] - ldr.l @E[0],[sp,#$A[3][2]] @ A[3][2] - eor @C[3],@C[3],@E[3] - ldr.h @E[1],[sp,#$A[3][2]+4] - @ ror @C[2],@C[2],#32-18 @ C[1] = ROL64(A[1][0] ^ D[0], rhotates[1][0]); - ldr.l @E[2],[sp,#$D[3]] @ D[3] - @ ror @C[3],@C[3],#32-18 - ldr.h @E[3],[sp,#$D[3]+4] - - eor @C[6],@C[6],@C[4] - eor @C[7],@C[7],@C[5] - ror @C[4],@C[6],#32-5 @ C[2] = ROL64(A[2][1] ^ D[1], rhotates[2][1]); - ror @C[5],@C[7],#32-5 - - eor @E[0],@E[0],@C[8] - ldr.l @C[8],[sp,#$A[4][3]] @ A[4][3] - eor @E[1],@E[1],@C[9] - ldr.h @C[9],[sp,#$A[4][3]+4] - ror @C[7],@E[0],#32-7 @ C[3] = ROL64(A[3][2] ^ D[2], rhotates[3][2]); - ror @C[6],@E[1],#32-8 - - eor @E[2],@E[2],@C[8] - eor @E[3],@E[3],@C[9] - ror @C[8],@E[2],#32-28 @ C[4] = ROL64(A[4][3] ^ D[3], rhotates[4][3]); - ror @C[9],@E[3],#32-28 - - bic @E[0],@C[4],@C[2],ror#32-18 - bic @E[1],@C[5],@C[3],ror#32-18 - eor @E[0],@E[0],@C[0],ror#32-14 - eor @E[1],@E[1],@C[1],ror#32-13 - str.l @E[0],[sp,#$R[3][0]] @ R[3][0] = C[0] ^ (~C[1] & C[2]) - bic @E[2],@C[6],@C[4] - str.h @E[1],[sp,#$R[3][0]+4] - bic @E[3],@C[7],@C[5] - eor @E[2],@E[2],@C[2],ror#32-18 - str.l @E[2],[sp,#$R[3][1]] @ R[3][1] = C[1] ^ (~C[2] & C[3]); - eor @E[3],@E[3],@C[3],ror#32-18 - str.h @E[3],[sp,#$R[3][1]+4] - bic @E[0],@C[8],@C[6] - bic @E[1],@C[9],@C[7] - bic @E[2],@C[0],@C[8],ror#14 - bic @E[3],@C[1],@C[9],ror#13 - eor @E[0],@E[0],@C[4] - eor @E[1],@E[1],@C[5] - str.l @E[0],[sp,#$R[3][2]] @ R[3][2] = C[2] ^ (~C[3] & C[4]); - bic @C[2],@C[2],@C[0],ror#18-14 - str.h @E[1],[sp,#$R[3][2]+4] - eor @E[2],@C[6],@E[2],ror#32-14 - bic @E[1],@C[3],@C[1],ror#18-13 - eor @E[3],@C[7],@E[3],ror#32-13 - str.l @E[2],[sp,#$R[3][3]] @ R[3][3] = C[3] ^ (~C[4] & C[0]); - str.h @E[3],[sp,#$R[3][3]+4] - add @E[3],sp,#$D[2] - ldr.l @C[0],[sp,#$A[0][2]] @ A[0][2] - eor @E[0],@C[8],@C[2],ror#32-18 - ldr.h @C[1],[sp,#$A[0][2]+4] - eor @E[1],@C[9],@E[1],ror#32-18 - str.l @E[0],[sp,#$R[3][4]] @ R[3][4] = C[4] ^ (~C[0] & C[1]); - str.h @E[1],[sp,#$R[3][4]+4] - - ldmia @E[3],{@E[0]-@E[2],@E[3]} @ D[2..3] - ldr.l @C[2],[sp,#$A[1][3]] @ A[1][3] - ldr.h @C[3],[sp,#$A[1][3]+4] - ldr.l @C[6],[sp,#$D[4]] @ D[4] - ldr.h @C[7],[sp,#$D[4]+4] - - eor @C[0],@C[0],@E[0] - ldr.l @C[4],[sp,#$A[2][4]] @ A[2][4] - eor @C[1],@C[1],@E[1] - ldr.h @C[5],[sp,#$A[2][4]+4] - @ ror @C[0],@C[0],#32-31 @ C[0] = ROL64(A[0][2] ^ D[2], rhotates[0][2]); - ldr.l @C[8],[sp,#$D[0]] @ D[0] - @ ror @C[1],@C[1],#32-31 - ldr.h @C[9],[sp,#$D[0]+4] - - eor @E[2],@E[2],@C[2] - ldr.l @E[0],[sp,#$A[3][0]] @ A[3][0] - eor @E[3],@E[3],@C[3] - ldr.h @E[1],[sp,#$A[3][0]+4] - ror @C[3],@E[2],#32-27 @ C[1] = ROL64(A[1][3] ^ D[3], rhotates[1][3]); - ldr.l @E[2],[sp,#$D[1]] @ D[1] - ror @C[2],@E[3],#32-28 - ldr.h @E[3],[sp,#$D[1]+4] - - eor @C[6],@C[6],@C[4] - eor @C[7],@C[7],@C[5] - ror @C[5],@C[6],#32-19 @ C[2] = ROL64(A[2][4] ^ D[4], rhotates[2][4]); - ror @C[4],@C[7],#32-20 - - eor @E[0],@E[0],@C[8] - ldr.l @C[8],[sp,#$A[4][1]] @ A[4][1] - eor @E[1],@E[1],@C[9] - ldr.h @C[9],[sp,#$A[4][1]+4] - ror @C[7],@E[0],#32-20 @ C[3] = ROL64(A[3][0] ^ D[0], rhotates[3][0]); - ror @C[6],@E[1],#32-21 - - eor @C[8],@C[8],@E[2] - eor @C[9],@C[9],@E[3] - @ ror @C[8],@C[2],#32-1 @ C[4] = ROL64(A[4][1] ^ D[1], rhotates[4][1]); - @ ror @C[9],@C[3],#32-1 - - bic @E[0],@C[4],@C[2] - bic @E[1],@C[5],@C[3] - eor @E[0],@E[0],@C[0],ror#32-31 - str.l @E[0],[sp,#$R[4][0]] @ R[4][0] = C[0] ^ (~C[1] & C[2]) - eor @E[1],@E[1],@C[1],ror#32-31 - str.h @E[1],[sp,#$R[4][0]+4] - bic @E[2],@C[6],@C[4] - bic @E[3],@C[7],@C[5] - eor @E[2],@E[2],@C[2] - eor @E[3],@E[3],@C[3] - str.l @E[2],[sp,#$R[4][1]] @ R[4][1] = C[1] ^ (~C[2] & C[3]); - bic @E[0],@C[8],@C[6],ror#1 - str.h @E[3],[sp,#$R[4][1]+4] - bic @E[1],@C[9],@C[7],ror#1 - bic @E[2],@C[0],@C[8],ror#31-1 - bic @E[3],@C[1],@C[9],ror#31-1 - eor @C[4],@C[4],@E[0],ror#32-1 - str.l @C[4],[sp,#$R[4][2]] @ R[4][2] = C[2] ^= (~C[3] & C[4]); - eor @C[5],@C[5],@E[1],ror#32-1 - str.h @C[5],[sp,#$R[4][2]+4] - eor @C[6],@C[6],@E[2],ror#32-31 - eor @C[7],@C[7],@E[3],ror#32-31 - str.l @C[6],[sp,#$R[4][3]] @ R[4][3] = C[3] ^= (~C[4] & C[0]); - bic @E[0],@C[2],@C[0],ror#32-31 - str.h @C[7],[sp,#$R[4][3]+4] - bic @E[1],@C[3],@C[1],ror#32-31 - add @E[2],sp,#$R[0][0] - eor @C[8],@E[0],@C[8],ror#32-1 - add @E[0],sp,#$R[1][0] - eor @C[9],@E[1],@C[9],ror#32-1 - str.l @C[8],[sp,#$R[4][4]] @ R[4][4] = C[4] ^= (~C[0] & C[1]); - str.h @C[9],[sp,#$R[4][4]+4] -___ -} - Round(@A,@T); - Round(@T,@A); -$code.=<<___; - blo .Lround2x - -#if __ARM_ARCH__>=5 - ldr pc,[sp,#440] -#else - ldr lr,[sp,#440] - tst lr,#1 - moveq pc,lr @ be binary compatible with V4, yet - bx lr @ interoperable with Thumb ISA:-) -#endif -.size KeccakF1600_int,.-KeccakF1600_int - -.type KeccakF1600, %function -.align 5 -KeccakF1600: - stmdb sp!,{r0,r4-r11,lr} - sub sp,sp,#440+16 @ space for A[5][5],D[5],T[5][5],... - - add @E[0],r0,#$A[1][0] - add @E[1],sp,#$A[1][0] - ldmia r0, {@C[0]-@C[9]} @ copy A[5][5] to stack - stmia sp, {@C[0]-@C[9]} - ldmia @E[0]!,{@C[0]-@C[9]} - stmia @E[1]!,{@C[0]-@C[9]} - ldmia @E[0]!,{@C[0]-@C[9]} - stmia @E[1]!,{@C[0]-@C[9]} - ldmia @E[0]!,{@C[0]-@C[9]} - stmia @E[1]!,{@C[0]-@C[9]} - ldmia @E[0], {@C[0]-@C[9]} - add @E[2],sp,#$A[0][0] - add @E[0],sp,#$A[1][0] - stmia @E[1], {@C[0]-@C[9]} - - bl KeccakF1600_enter - - ldr @E[1], [sp,#440+16] @ restore pointer to A - ldmia sp, {@C[0]-@C[9]} - stmia @E[1]!,{@C[0]-@C[9]} @ return A[5][5] - ldmia @E[0]!,{@C[0]-@C[9]} - stmia @E[1]!,{@C[0]-@C[9]} - ldmia @E[0]!,{@C[0]-@C[9]} - stmia @E[1]!,{@C[0]-@C[9]} - ldmia @E[0]!,{@C[0]-@C[9]} - stmia @E[1]!,{@C[0]-@C[9]} - ldmia @E[0], {@C[0]-@C[9]} - stmia @E[1], {@C[0]-@C[9]} - - add sp,sp,#440+20 -#if __ARM_ARCH__>=5 - ldmia sp!,{r4-r11,pc} -#else - ldmia sp!,{r4-r11,lr} - tst lr,#1 - moveq pc,lr @ be binary compatible with V4, yet - bx lr @ interoperable with Thumb ISA:-) -#endif -.size KeccakF1600,.-KeccakF1600 -___ -{ my ($A_flat,$inp,$len,$bsz) = map("r$_",(10..12,14)); - -######################################################################## -# Stack layout -# ----->+-----------------------+ -# | uint64_t A[5][5] | -# | ... | -# | ... | -# +456->+-----------------------+ -# | 0x55555555 | -# +460->+-----------------------+ -# | 0x33333333 | -# +464->+-----------------------+ -# | 0x0f0f0f0f | -# +468->+-----------------------+ -# | 0x00ff00ff | -# +472->+-----------------------+ -# | uint64_t *A | -# +476->+-----------------------+ -# | const void *inp | -# +480->+-----------------------+ -# | size_t len | -# +484->+-----------------------+ -# | size_t bs | -# +488->+-----------------------+ -# | .... - -$code.=<<___; -.global SHA3_absorb -.type SHA3_absorb,%function -.align 5 -SHA3_absorb: - stmdb sp!,{r0-r12,lr} - sub sp,sp,#456+16 - - add $A_flat,r0,#$A[1][0] - @ mov $inp,r1 - mov $len,r2 - mov $bsz,r3 - cmp r2,r3 - blo .Labsorb_abort - - add $inp,sp,#0 - ldmia r0, {@C[0]-@C[9]} @ copy A[5][5] to stack - stmia $inp!, {@C[0]-@C[9]} - ldmia $A_flat!,{@C[0]-@C[9]} - stmia $inp!, {@C[0]-@C[9]} - ldmia $A_flat!,{@C[0]-@C[9]} - stmia $inp!, {@C[0]-@C[9]} - ldmia $A_flat!,{@C[0]-@C[9]} - stmia $inp!, {@C[0]-@C[9]} - ldmia $A_flat!,{@C[0]-@C[9]} - stmia $inp, {@C[0]-@C[9]} - - ldr $inp,[sp,#476] @ restore $inp -#ifdef __thumb2__ - mov r9,#0x00ff00ff - mov r8,#0x0f0f0f0f - mov r7,#0x33333333 - mov r6,#0x55555555 -#else - mov r6,#0x11 @ compose constants - mov r8,#0x0f - mov r9,#0xff - orr r6,r6,r6,lsl#8 - orr r8,r8,r8,lsl#8 - orr r6,r6,r6,lsl#16 @ 0x11111111 - orr r9,r9,r9,lsl#16 @ 0x00ff00ff - orr r8,r8,r8,lsl#16 @ 0x0f0f0f0f - orr r7,r6,r6,lsl#1 @ 0x33333333 - orr r6,r6,r6,lsl#2 @ 0x55555555 -#endif - str r9,[sp,#468] - str r8,[sp,#464] - str r7,[sp,#460] - str r6,[sp,#456] - b .Loop_absorb - -.align 4 -.Loop_absorb: - subs r0,$len,$bsz - blo .Labsorbed - add $A_flat,sp,#0 - str r0,[sp,#480] @ save len - bsz - -.align 4 -.Loop_block: - ldrb r0,[$inp],#1 - ldrb r1,[$inp],#1 - ldrb r2,[$inp],#1 - ldrb r3,[$inp],#1 - ldrb r4,[$inp],#1 - orr r0,r0,r1,lsl#8 - ldrb r1,[$inp],#1 - orr r0,r0,r2,lsl#16 - ldrb r2,[$inp],#1 - orr r0,r0,r3,lsl#24 @ lo - ldrb r3,[$inp],#1 - orr r1,r4,r1,lsl#8 - orr r1,r1,r2,lsl#16 - orr r1,r1,r3,lsl#24 @ hi - - and r2,r0,r6 @ &=0x55555555 - and r0,r0,r6,lsl#1 @ &=0xaaaaaaaa - and r3,r1,r6 @ &=0x55555555 - and r1,r1,r6,lsl#1 @ &=0xaaaaaaaa - orr r2,r2,r2,lsr#1 - orr r0,r0,r0,lsl#1 - orr r3,r3,r3,lsr#1 - orr r1,r1,r1,lsl#1 - and r2,r2,r7 @ &=0x33333333 - and r0,r0,r7,lsl#2 @ &=0xcccccccc - and r3,r3,r7 @ &=0x33333333 - and r1,r1,r7,lsl#2 @ &=0xcccccccc - orr r2,r2,r2,lsr#2 - orr r0,r0,r0,lsl#2 - orr r3,r3,r3,lsr#2 - orr r1,r1,r1,lsl#2 - and r2,r2,r8 @ &=0x0f0f0f0f - and r0,r0,r8,lsl#4 @ &=0xf0f0f0f0 - and r3,r3,r8 @ &=0x0f0f0f0f - and r1,r1,r8,lsl#4 @ &=0xf0f0f0f0 - ldmia $A_flat,{r4-r5} @ A_flat[i] - orr r2,r2,r2,lsr#4 - orr r0,r0,r0,lsl#4 - orr r3,r3,r3,lsr#4 - orr r1,r1,r1,lsl#4 - and r2,r2,r9 @ &=0x00ff00ff - and r0,r0,r9,lsl#8 @ &=0xff00ff00 - and r3,r3,r9 @ &=0x00ff00ff - and r1,r1,r9,lsl#8 @ &=0xff00ff00 - orr r2,r2,r2,lsr#8 - orr r0,r0,r0,lsl#8 - orr r3,r3,r3,lsr#8 - orr r1,r1,r1,lsl#8 - - lsl r2,r2,#16 - lsr r1,r1,#16 - eor r4,r4,r3,lsl#16 - eor r5,r5,r0,lsr#16 - eor r4,r4,r2,lsr#16 - eor r5,r5,r1,lsl#16 - stmia $A_flat!,{r4-r5} @ A_flat[i++] ^= BitInterleave(inp[0..7]) - - subs $bsz,$bsz,#8 - bhi .Loop_block - - str $inp,[sp,#476] - - bl KeccakF1600_int - - add r14,sp,#456 - ldmia r14,{r6-r12,r14} @ restore constants and variables - b .Loop_absorb - -.align 4 -.Labsorbed: - add $inp,sp,#$A[1][0] - ldmia sp, {@C[0]-@C[9]} - stmia $A_flat!,{@C[0]-@C[9]} @ return A[5][5] - ldmia $inp!, {@C[0]-@C[9]} - stmia $A_flat!,{@C[0]-@C[9]} - ldmia $inp!, {@C[0]-@C[9]} - stmia $A_flat!,{@C[0]-@C[9]} - ldmia $inp!, {@C[0]-@C[9]} - stmia $A_flat!,{@C[0]-@C[9]} - ldmia $inp, {@C[0]-@C[9]} - stmia $A_flat, {@C[0]-@C[9]} - -.Labsorb_abort: - add sp,sp,#456+32 - mov r0,$len @ return value -#if __ARM_ARCH__>=5 - ldmia sp!,{r4-r12,pc} -#else - ldmia sp!,{r4-r12,lr} - tst lr,#1 - moveq pc,lr @ be binary compatible with V4, yet - bx lr @ interoperable with Thumb ISA:-) -#endif -.size SHA3_absorb,.-SHA3_absorb -___ -} -{ my ($out,$len,$A_flat,$bsz) = map("r$_", (4,5,10,12)); - -$code.=<<___; -.global SHA3_squeeze -.type SHA3_squeeze,%function -.align 5 -SHA3_squeeze: - stmdb sp!,{r0,r3-r10,lr} - - mov $A_flat,r0 - mov $out,r1 - mov $len,r2 - mov $bsz,r3 - -#ifdef __thumb2__ - mov r9,#0x00ff00ff - mov r8,#0x0f0f0f0f - mov r7,#0x33333333 - mov r6,#0x55555555 -#else - mov r6,#0x11 @ compose constants - mov r8,#0x0f - mov r9,#0xff - orr r6,r6,r6,lsl#8 - orr r8,r8,r8,lsl#8 - orr r6,r6,r6,lsl#16 @ 0x11111111 - orr r9,r9,r9,lsl#16 @ 0x00ff00ff - orr r8,r8,r8,lsl#16 @ 0x0f0f0f0f - orr r7,r6,r6,lsl#1 @ 0x33333333 - orr r6,r6,r6,lsl#2 @ 0x55555555 -#endif - stmdb sp!,{r6-r9} - - mov r14,$A_flat - b .Loop_squeeze - -.align 4 -.Loop_squeeze: - ldmia $A_flat!,{r0,r1} @ A_flat[i++] - - lsl r2,r0,#16 - lsl r3,r1,#16 @ r3 = r1 << 16 - lsr r2,r2,#16 @ r2 = r0 & 0x0000ffff - lsr r1,r1,#16 - lsr r0,r0,#16 @ r0 = r0 >> 16 - lsl r1,r1,#16 @ r1 = r1 & 0xffff0000 - - orr r2,r2,r2,lsl#8 - orr r3,r3,r3,lsr#8 - orr r0,r0,r0,lsl#8 - orr r1,r1,r1,lsr#8 - and r2,r2,r9 @ &=0x00ff00ff - and r3,r3,r9,lsl#8 @ &=0xff00ff00 - and r0,r0,r9 @ &=0x00ff00ff - and r1,r1,r9,lsl#8 @ &=0xff00ff00 - orr r2,r2,r2,lsl#4 - orr r3,r3,r3,lsr#4 - orr r0,r0,r0,lsl#4 - orr r1,r1,r1,lsr#4 - and r2,r2,r8 @ &=0x0f0f0f0f - and r3,r3,r8,lsl#4 @ &=0xf0f0f0f0 - and r0,r0,r8 @ &=0x0f0f0f0f - and r1,r1,r8,lsl#4 @ &=0xf0f0f0f0 - orr r2,r2,r2,lsl#2 - orr r3,r3,r3,lsr#2 - orr r0,r0,r0,lsl#2 - orr r1,r1,r1,lsr#2 - and r2,r2,r7 @ &=0x33333333 - and r3,r3,r7,lsl#2 @ &=0xcccccccc - and r0,r0,r7 @ &=0x33333333 - and r1,r1,r7,lsl#2 @ &=0xcccccccc - orr r2,r2,r2,lsl#1 - orr r3,r3,r3,lsr#1 - orr r0,r0,r0,lsl#1 - orr r1,r1,r1,lsr#1 - and r2,r2,r6 @ &=0x55555555 - and r3,r3,r6,lsl#1 @ &=0xaaaaaaaa - and r0,r0,r6 @ &=0x55555555 - and r1,r1,r6,lsl#1 @ &=0xaaaaaaaa - - orr r2,r2,r3 - orr r0,r0,r1 - - cmp $len,#8 - blo .Lsqueeze_tail - lsr r1,r2,#8 - strb r2,[$out],#1 - lsr r3,r2,#16 - strb r1,[$out],#1 - lsr r2,r2,#24 - strb r3,[$out],#1 - strb r2,[$out],#1 - - lsr r1,r0,#8 - strb r0,[$out],#1 - lsr r3,r0,#16 - strb r1,[$out],#1 - lsr r0,r0,#24 - strb r3,[$out],#1 - strb r0,[$out],#1 - subs $len,$len,#8 - beq .Lsqueeze_done - - subs $bsz,$bsz,#8 @ bsz -= 8 - bhi .Loop_squeeze - - mov r0,r14 @ original $A_flat - - bl KeccakF1600 - - ldmia sp,{r6-r10,r12} @ restore constants and variables - mov r14,$A_flat - b .Loop_squeeze - -.align 4 -.Lsqueeze_tail: - strb r2,[$out],#1 - lsr r2,r2,#8 - subs $len,$len,#1 - beq .Lsqueeze_done - strb r2,[$out],#1 - lsr r2,r2,#8 - subs $len,$len,#1 - beq .Lsqueeze_done - strb r2,[$out],#1 - lsr r2,r2,#8 - subs $len,$len,#1 - beq .Lsqueeze_done - strb r2,[$out],#1 - subs $len,$len,#1 - beq .Lsqueeze_done - - strb r0,[$out],#1 - lsr r0,r0,#8 - subs $len,$len,#1 - beq .Lsqueeze_done - strb r0,[$out],#1 - lsr r0,r0,#8 - subs $len,$len,#1 - beq .Lsqueeze_done - strb r0,[$out] - b .Lsqueeze_done - -.align 4 -.Lsqueeze_done: - add sp,sp,#24 -#if __ARM_ARCH__>=5 - ldmia sp!,{r4-r10,pc} -#else - ldmia sp!,{r4-r10,lr} - tst lr,#1 - moveq pc,lr @ be binary compatible with V4, yet - bx lr @ interoperable with Thumb ISA:-) -#endif -.size SHA3_squeeze,.-SHA3_squeeze -___ -} - -$code.=<<___; -#if __ARM_MAX_ARCH__>=7 -.fpu neon - -.type iotas64, %object -.align 5 -iotas64: - .quad 0x0000000000000001 - .quad 0x0000000000008082 - .quad 0x800000000000808a - .quad 0x8000000080008000 - .quad 0x000000000000808b - .quad 0x0000000080000001 - .quad 0x8000000080008081 - .quad 0x8000000000008009 - .quad 0x000000000000008a - .quad 0x0000000000000088 - .quad 0x0000000080008009 - .quad 0x000000008000000a - .quad 0x000000008000808b - .quad 0x800000000000008b - .quad 0x8000000000008089 - .quad 0x8000000000008003 - .quad 0x8000000000008002 - .quad 0x8000000000000080 - .quad 0x000000000000800a - .quad 0x800000008000000a - .quad 0x8000000080008081 - .quad 0x8000000000008080 - .quad 0x0000000080000001 - .quad 0x8000000080008008 -.size iotas64,.-iotas64 - -.type KeccakF1600_neon, %function -.align 5 -KeccakF1600_neon: - add r1, r0, #16 - adr r2, iotas64 - mov r3, #24 @ loop counter - b .Loop_neon - -.align 4 -.Loop_neon: - @ Theta - vst1.64 {q4}, [r0,:64] @ offload A[0..1][4] - veor q13, q0, q5 @ A[0..1][0]^A[2..3][0] - vst1.64 {d18}, [r1,:64] @ offload A[2][4] - veor q14, q1, q6 @ A[0..1][1]^A[2..3][1] - veor q15, q2, q7 @ A[0..1][2]^A[2..3][2] - veor d26, d26, d27 @ C[0]=A[0][0]^A[1][0]^A[2][0]^A[3][0] - veor d27, d28, d29 @ C[1]=A[0][1]^A[1][1]^A[2][1]^A[3][1] - veor q14, q3, q8 @ A[0..1][3]^A[2..3][3] - veor q4, q4, q9 @ A[0..1][4]^A[2..3][4] - veor d30, d30, d31 @ C[2]=A[0][2]^A[1][2]^A[2][2]^A[3][2] - veor d31, d28, d29 @ C[3]=A[0][3]^A[1][3]^A[2][3]^A[3][3] - veor d25, d8, d9 @ C[4]=A[0][4]^A[1][4]^A[2][4]^A[3][4] - veor q13, q13, q10 @ C[0..1]^=A[4][0..1] - veor q14, q15, q11 @ C[2..3]^=A[4][2..3] - veor d25, d25, d24 @ C[4]^=A[4][4] - - vadd.u64 q4, q13, q13 @ C[0..1]<<1 - vadd.u64 q15, q14, q14 @ C[2..3]<<1 - vadd.u64 d18, d25, d25 @ C[4]<<1 - vsri.u64 q4, q13, #63 @ ROL64(C[0..1],1) - vsri.u64 q15, q14, #63 @ ROL64(C[2..3],1) - vsri.u64 d18, d25, #63 @ ROL64(C[4],1) - veor d25, d25, d9 @ D[0] = C[4] ^= ROL64(C[1],1) - veor q13, q13, q15 @ D[1..2] = C[0..1] ^ ROL64(C[2..3],1) - veor d28, d28, d18 @ D[3] = C[2] ^= ROL64(C[4],1) - veor d29, d29, d8 @ D[4] = C[3] ^= ROL64(C[0],1) - - veor d0, d0, d25 @ A[0][0] ^= C[4] - veor d1, d1, d25 @ A[1][0] ^= C[4] - veor d10, d10, d25 @ A[2][0] ^= C[4] - veor d11, d11, d25 @ A[3][0] ^= C[4] - veor d20, d20, d25 @ A[4][0] ^= C[4] - - veor d2, d2, d26 @ A[0][1] ^= D[1] - veor d3, d3, d26 @ A[1][1] ^= D[1] - veor d12, d12, d26 @ A[2][1] ^= D[1] - veor d13, d13, d26 @ A[3][1] ^= D[1] - veor d21, d21, d26 @ A[4][1] ^= D[1] - vmov d26, d27 - - veor d6, d6, d28 @ A[0][3] ^= C[2] - veor d7, d7, d28 @ A[1][3] ^= C[2] - veor d16, d16, d28 @ A[2][3] ^= C[2] - veor d17, d17, d28 @ A[3][3] ^= C[2] - veor d23, d23, d28 @ A[4][3] ^= C[2] - vld1.64 {q4}, [r0,:64] @ restore A[0..1][4] - vmov d28, d29 - - vld1.64 {d18}, [r1,:64] @ restore A[2][4] - veor q2, q2, q13 @ A[0..1][2] ^= D[2] - veor q7, q7, q13 @ A[2..3][2] ^= D[2] - veor d22, d22, d27 @ A[4][2] ^= D[2] - - veor q4, q4, q14 @ A[0..1][4] ^= C[3] - veor q9, q9, q14 @ A[2..3][4] ^= C[3] - veor d24, d24, d29 @ A[4][4] ^= C[3] - - @ Rho + Pi - vmov d26, d2 @ C[1] = A[0][1] - vshl.u64 d2, d3, #44 - vmov d27, d4 @ C[2] = A[0][2] - vshl.u64 d4, d14, #43 - vmov d28, d6 @ C[3] = A[0][3] - vshl.u64 d6, d17, #21 - vmov d29, d8 @ C[4] = A[0][4] - vshl.u64 d8, d24, #14 - vsri.u64 d2, d3, #64-44 @ A[0][1] = ROL64(A[1][1], rhotates[1][1]) - vsri.u64 d4, d14, #64-43 @ A[0][2] = ROL64(A[2][2], rhotates[2][2]) - vsri.u64 d6, d17, #64-21 @ A[0][3] = ROL64(A[3][3], rhotates[3][3]) - vsri.u64 d8, d24, #64-14 @ A[0][4] = ROL64(A[4][4], rhotates[4][4]) - - vshl.u64 d3, d9, #20 - vshl.u64 d14, d16, #25 - vshl.u64 d17, d15, #15 - vshl.u64 d24, d21, #2 - vsri.u64 d3, d9, #64-20 @ A[1][1] = ROL64(A[1][4], rhotates[1][4]) - vsri.u64 d14, d16, #64-25 @ A[2][2] = ROL64(A[2][3], rhotates[2][3]) - vsri.u64 d17, d15, #64-15 @ A[3][3] = ROL64(A[3][2], rhotates[3][2]) - vsri.u64 d24, d21, #64-2 @ A[4][4] = ROL64(A[4][1], rhotates[4][1]) - - vshl.u64 d9, d22, #61 - @ vshl.u64 d16, d19, #8 - vshl.u64 d15, d12, #10 - vshl.u64 d21, d7, #55 - vsri.u64 d9, d22, #64-61 @ A[1][4] = ROL64(A[4][2], rhotates[4][2]) - vext.8 d16, d19, d19, #8-1 @ A[2][3] = ROL64(A[3][4], rhotates[3][4]) - vsri.u64 d15, d12, #64-10 @ A[3][2] = ROL64(A[2][1], rhotates[2][1]) - vsri.u64 d21, d7, #64-55 @ A[4][1] = ROL64(A[1][3], rhotates[1][3]) - - vshl.u64 d22, d18, #39 - @ vshl.u64 d19, d23, #56 - vshl.u64 d12, d5, #6 - vshl.u64 d7, d13, #45 - vsri.u64 d22, d18, #64-39 @ A[4][2] = ROL64(A[2][4], rhotates[2][4]) - vext.8 d19, d23, d23, #8-7 @ A[3][4] = ROL64(A[4][3], rhotates[4][3]) - vsri.u64 d12, d5, #64-6 @ A[2][1] = ROL64(A[1][2], rhotates[1][2]) - vsri.u64 d7, d13, #64-45 @ A[1][3] = ROL64(A[3][1], rhotates[3][1]) - - vshl.u64 d18, d20, #18 - vshl.u64 d23, d11, #41 - vshl.u64 d5, d10, #3 - vshl.u64 d13, d1, #36 - vsri.u64 d18, d20, #64-18 @ A[2][4] = ROL64(A[4][0], rhotates[4][0]) - vsri.u64 d23, d11, #64-41 @ A[4][3] = ROL64(A[3][0], rhotates[3][0]) - vsri.u64 d5, d10, #64-3 @ A[1][2] = ROL64(A[2][0], rhotates[2][0]) - vsri.u64 d13, d1, #64-36 @ A[3][1] = ROL64(A[1][0], rhotates[1][0]) - - vshl.u64 d1, d28, #28 - vshl.u64 d10, d26, #1 - vshl.u64 d11, d29, #27 - vshl.u64 d20, d27, #62 - vsri.u64 d1, d28, #64-28 @ A[1][0] = ROL64(C[3], rhotates[0][3]) - vsri.u64 d10, d26, #64-1 @ A[2][0] = ROL64(C[1], rhotates[0][1]) - vsri.u64 d11, d29, #64-27 @ A[3][0] = ROL64(C[4], rhotates[0][4]) - vsri.u64 d20, d27, #64-62 @ A[4][0] = ROL64(C[2], rhotates[0][2]) - - @ Chi + Iota - vbic q13, q2, q1 - vbic q14, q3, q2 - vbic q15, q4, q3 - veor q13, q13, q0 @ A[0..1][0] ^ (~A[0..1][1] & A[0..1][2]) - veor q14, q14, q1 @ A[0..1][1] ^ (~A[0..1][2] & A[0..1][3]) - veor q2, q2, q15 @ A[0..1][2] ^= (~A[0..1][3] & A[0..1][4]) - vst1.64 {q13}, [r0,:64] @ offload A[0..1][0] - vbic q13, q0, q4 - vbic q15, q1, q0 - vmov q1, q14 @ A[0..1][1] - veor q3, q3, q13 @ A[0..1][3] ^= (~A[0..1][4] & A[0..1][0]) - veor q4, q4, q15 @ A[0..1][4] ^= (~A[0..1][0] & A[0..1][1]) - - vbic q13, q7, q6 - vmov q0, q5 @ A[2..3][0] - vbic q14, q8, q7 - vmov q15, q6 @ A[2..3][1] - veor q5, q5, q13 @ A[2..3][0] ^= (~A[2..3][1] & A[2..3][2]) - vbic q13, q9, q8 - veor q6, q6, q14 @ A[2..3][1] ^= (~A[2..3][2] & A[2..3][3]) - vbic q14, q0, q9 - veor q7, q7, q13 @ A[2..3][2] ^= (~A[2..3][3] & A[2..3][4]) - vbic q13, q15, q0 - veor q8, q8, q14 @ A[2..3][3] ^= (~A[2..3][4] & A[2..3][0]) - vmov q14, q10 @ A[4][0..1] - veor q9, q9, q13 @ A[2..3][4] ^= (~A[2..3][0] & A[2..3][1]) - - vld1.64 d25, [r2,:64]! @ Iota[i++] - vbic d26, d22, d21 - vbic d27, d23, d22 - vld1.64 {q0}, [r0,:64] @ restore A[0..1][0] - veor d20, d20, d26 @ A[4][0] ^= (~A[4][1] & A[4][2]) - vbic d26, d24, d23 - veor d21, d21, d27 @ A[4][1] ^= (~A[4][2] & A[4][3]) - vbic d27, d28, d24 - veor d22, d22, d26 @ A[4][2] ^= (~A[4][3] & A[4][4]) - vbic d26, d29, d28 - veor d23, d23, d27 @ A[4][3] ^= (~A[4][4] & A[4][0]) - veor d0, d0, d25 @ A[0][0] ^= Iota[i] - veor d24, d24, d26 @ A[4][4] ^= (~A[4][0] & A[4][1]) - - subs r3, r3, #1 - bne .Loop_neon - - ret -.size KeccakF1600_neon,.-KeccakF1600_neon - -.global SHA3_absorb_neon -.type SHA3_absorb_neon, %function -.align 5 -SHA3_absorb_neon: - stmdb sp!, {r4-r6,lr} - vstmdb sp!, {d8-d15} - - mov r4, r1 @ inp - mov r5, r2 @ len - mov r6, r3 @ bsz - - vld1.32 {d0}, [r0,:64]! @ A[0][0] - vld1.32 {d2}, [r0,:64]! @ A[0][1] - vld1.32 {d4}, [r0,:64]! @ A[0][2] - vld1.32 {d6}, [r0,:64]! @ A[0][3] - vld1.32 {d8}, [r0,:64]! @ A[0][4] - - vld1.32 {d1}, [r0,:64]! @ A[1][0] - vld1.32 {d3}, [r0,:64]! @ A[1][1] - vld1.32 {d5}, [r0,:64]! @ A[1][2] - vld1.32 {d7}, [r0,:64]! @ A[1][3] - vld1.32 {d9}, [r0,:64]! @ A[1][4] - - vld1.32 {d10}, [r0,:64]! @ A[2][0] - vld1.32 {d12}, [r0,:64]! @ A[2][1] - vld1.32 {d14}, [r0,:64]! @ A[2][2] - vld1.32 {d16}, [r0,:64]! @ A[2][3] - vld1.32 {d18}, [r0,:64]! @ A[2][4] - - vld1.32 {d11}, [r0,:64]! @ A[3][0] - vld1.32 {d13}, [r0,:64]! @ A[3][1] - vld1.32 {d15}, [r0,:64]! @ A[3][2] - vld1.32 {d17}, [r0,:64]! @ A[3][3] - vld1.32 {d19}, [r0,:64]! @ A[3][4] - - vld1.32 {d20-d23}, [r0,:64]! @ A[4][0..3] - vld1.32 {d24}, [r0,:64] @ A[4][4] - sub r0, r0, #24*8 @ rewind - b .Loop_absorb_neon - -.align 4 -.Loop_absorb_neon: - subs r12, r5, r6 @ len - bsz - blo .Labsorbed_neon - mov r5, r12 - - vld1.8 {d31}, [r4]! @ endian-neutral loads... - cmp r6, #8*2 - veor d0, d0, d31 @ A[0][0] ^= *inp++ - blo .Lprocess_neon - vld1.8 {d31}, [r4]! - veor d2, d2, d31 @ A[0][1] ^= *inp++ - beq .Lprocess_neon - vld1.8 {d31}, [r4]! - cmp r6, #8*4 - veor d4, d4, d31 @ A[0][2] ^= *inp++ - blo .Lprocess_neon - vld1.8 {d31}, [r4]! - veor d6, d6, d31 @ A[0][3] ^= *inp++ - beq .Lprocess_neon - vld1.8 {d31},[r4]! - cmp r6, #8*6 - veor d8, d8, d31 @ A[0][4] ^= *inp++ - blo .Lprocess_neon - - vld1.8 {d31}, [r4]! - veor d1, d1, d31 @ A[1][0] ^= *inp++ - beq .Lprocess_neon - vld1.8 {d31}, [r4]! - cmp r6, #8*8 - veor d3, d3, d31 @ A[1][1] ^= *inp++ - blo .Lprocess_neon - vld1.8 {d31}, [r4]! - veor d5, d5, d31 @ A[1][2] ^= *inp++ - beq .Lprocess_neon - vld1.8 {d31}, [r4]! - cmp r6, #8*10 - veor d7, d7, d31 @ A[1][3] ^= *inp++ - blo .Lprocess_neon - vld1.8 {d31}, [r4]! - veor d9, d9, d31 @ A[1][4] ^= *inp++ - beq .Lprocess_neon - - vld1.8 {d31}, [r4]! - cmp r6, #8*12 - veor d10, d10, d31 @ A[2][0] ^= *inp++ - blo .Lprocess_neon - vld1.8 {d31}, [r4]! - veor d12, d12, d31 @ A[2][1] ^= *inp++ - beq .Lprocess_neon - vld1.8 {d31}, [r4]! - cmp r6, #8*14 - veor d14, d14, d31 @ A[2][2] ^= *inp++ - blo .Lprocess_neon - vld1.8 {d31}, [r4]! - veor d16, d16, d31 @ A[2][3] ^= *inp++ - beq .Lprocess_neon - vld1.8 {d31}, [r4]! - cmp r6, #8*16 - veor d18, d18, d31 @ A[2][4] ^= *inp++ - blo .Lprocess_neon - - vld1.8 {d31}, [r4]! - veor d11, d11, d31 @ A[3][0] ^= *inp++ - beq .Lprocess_neon - vld1.8 {d31}, [r4]! - cmp r6, #8*18 - veor d13, d13, d31 @ A[3][1] ^= *inp++ - blo .Lprocess_neon - vld1.8 {d31}, [r4]! - veor d15, d15, d31 @ A[3][2] ^= *inp++ - beq .Lprocess_neon - vld1.8 {d31}, [r4]! - cmp r6, #8*20 - veor d17, d17, d31 @ A[3][3] ^= *inp++ - blo .Lprocess_neon - vld1.8 {d31}, [r4]! - veor d19, d19, d31 @ A[3][4] ^= *inp++ - beq .Lprocess_neon - - vld1.8 {d31}, [r4]! - cmp r6, #8*22 - veor d20, d20, d31 @ A[4][0] ^= *inp++ - blo .Lprocess_neon - vld1.8 {d31}, [r4]! - veor d21, d21, d31 @ A[4][1] ^= *inp++ - beq .Lprocess_neon - vld1.8 {d31}, [r4]! - cmp r6, #8*24 - veor d22, d22, d31 @ A[4][2] ^= *inp++ - blo .Lprocess_neon - vld1.8 {d31}, [r4]! - veor d23, d23, d31 @ A[4][3] ^= *inp++ - beq .Lprocess_neon - vld1.8 {d31}, [r4]! - veor d24, d24, d31 @ A[4][4] ^= *inp++ - -.Lprocess_neon: - bl KeccakF1600_neon - b .Loop_absorb_neon - -.align 4 -.Labsorbed_neon: - vst1.32 {d0}, [r0,:64]! @ A[0][0..4] - vst1.32 {d2}, [r0,:64]! - vst1.32 {d4}, [r0,:64]! - vst1.32 {d6}, [r0,:64]! - vst1.32 {d8}, [r0,:64]! - - vst1.32 {d1}, [r0,:64]! @ A[1][0..4] - vst1.32 {d3}, [r0,:64]! - vst1.32 {d5}, [r0,:64]! - vst1.32 {d7}, [r0,:64]! - vst1.32 {d9}, [r0,:64]! - - vst1.32 {d10}, [r0,:64]! @ A[2][0..4] - vst1.32 {d12}, [r0,:64]! - vst1.32 {d14}, [r0,:64]! - vst1.32 {d16}, [r0,:64]! - vst1.32 {d18}, [r0,:64]! - - vst1.32 {d11}, [r0,:64]! @ A[3][0..4] - vst1.32 {d13}, [r0,:64]! - vst1.32 {d15}, [r0,:64]! - vst1.32 {d17}, [r0,:64]! - vst1.32 {d19}, [r0,:64]! - - vst1.32 {d20-d23}, [r0,:64]! @ A[4][0..4] - vst1.32 {d24}, [r0,:64] - - mov r0, r5 @ return value - vldmia sp!, {d8-d15} - ldmia sp!, {r4-r6,pc} -.size SHA3_absorb_neon,.-SHA3_absorb_neon - -.global SHA3_squeeze_neon -.type SHA3_squeeze_neon, %function -.align 5 -SHA3_squeeze_neon: - stmdb sp!, {r4-r6,lr} - - mov r4, r1 @ out - mov r5, r2 @ len - mov r6, r3 @ bsz - mov r12, r0 @ A_flat - mov r14, r3 @ bsz - b .Loop_squeeze_neon - -.align 4 -.Loop_squeeze_neon: - cmp r5, #8 - blo .Lsqueeze_neon_tail - vld1.32 {d0}, [r12]! - vst1.8 {d0}, [r4]! @ endian-neutral store - - subs r5, r5, #8 @ len -= 8 - beq .Lsqueeze_neon_done - - subs r14, r14, #8 @ bsz -= 8 - bhi .Loop_squeeze_neon - - vstmdb sp!, {d8-d15} - - vld1.32 {d0}, [r0,:64]! @ A[0][0..4] - vld1.32 {d2}, [r0,:64]! - vld1.32 {d4}, [r0,:64]! - vld1.32 {d6}, [r0,:64]! - vld1.32 {d8}, [r0,:64]! - - vld1.32 {d1}, [r0,:64]! @ A[1][0..4] - vld1.32 {d3}, [r0,:64]! - vld1.32 {d5}, [r0,:64]! - vld1.32 {d7}, [r0,:64]! - vld1.32 {d9}, [r0,:64]! - - vld1.32 {d10}, [r0,:64]! @ A[2][0..4] - vld1.32 {d12}, [r0,:64]! - vld1.32 {d14}, [r0,:64]! - vld1.32 {d16}, [r0,:64]! - vld1.32 {d18}, [r0,:64]! - - vld1.32 {d11}, [r0,:64]! @ A[3][0..4] - vld1.32 {d13}, [r0,:64]! - vld1.32 {d15}, [r0,:64]! - vld1.32 {d17}, [r0,:64]! - vld1.32 {d19}, [r0,:64]! - - vld1.32 {d20-d23}, [r0,:64]! @ A[4][0..4] - vld1.32 {d24}, [r0,:64] - sub r0, r0, #24*8 @ rewind - - bl KeccakF1600_neon - - mov r12, r0 @ A_flat - vst1.32 {d0}, [r0,:64]! @ A[0][0..4] - vst1.32 {d2}, [r0,:64]! - vst1.32 {d4}, [r0,:64]! - vst1.32 {d6}, [r0,:64]! - vst1.32 {d8}, [r0,:64]! - - vst1.32 {d1}, [r0,:64]! @ A[1][0..4] - vst1.32 {d3}, [r0,:64]! - vst1.32 {d5}, [r0,:64]! - vst1.32 {d7}, [r0,:64]! - vst1.32 {d9}, [r0,:64]! - - vst1.32 {d10}, [r0,:64]! @ A[2][0..4] - vst1.32 {d12}, [r0,:64]! - vst1.32 {d14}, [r0,:64]! - vst1.32 {d16}, [r0,:64]! - vst1.32 {d18}, [r0,:64]! - - vst1.32 {d11}, [r0,:64]! @ A[3][0..4] - vst1.32 {d13}, [r0,:64]! - vst1.32 {d15}, [r0,:64]! - vst1.32 {d17}, [r0,:64]! - vst1.32 {d19}, [r0,:64]! - - vst1.32 {d20-d23}, [r0,:64]! @ A[4][0..4] - mov r14, r6 @ bsz - vst1.32 {d24}, [r0,:64] - mov r0, r12 @ rewind - - vldmia sp!, {d8-d15} - b .Loop_squeeze_neon - -.align 4 -.Lsqueeze_neon_tail: - ldmia r12, {r2,r3} - cmp r5, #2 - strb r2, [r4],#1 @ endian-neutral store - lsr r2, r2, #8 - blo .Lsqueeze_neon_done - strb r2, [r4], #1 - lsr r2, r2, #8 - beq .Lsqueeze_neon_done - strb r2, [r4], #1 - lsr r2, r2, #8 - cmp r5, #4 - blo .Lsqueeze_neon_done - strb r2, [r4], #1 - beq .Lsqueeze_neon_done - - strb r3, [r4], #1 - lsr r3, r3, #8 - cmp r5, #6 - blo .Lsqueeze_neon_done - strb r3, [r4], #1 - lsr r3, r3, #8 - beq .Lsqueeze_neon_done - strb r3, [r4], #1 - -.Lsqueeze_neon_done: - ldmia sp!, {r4-r6,pc} -.size SHA3_squeeze_neon,.-SHA3_squeeze_neon -#endif -.asciz "Keccak-1600 absorb and squeeze for ARMv4/NEON, CRYPTOGAMS by " -.align 2 -___ - -{ - my %ldr, %str; - - sub ldrd { - my ($mnemonic,$half,$reg,$ea) = @_; - my $op = $mnemonic eq "ldr" ? \%ldr : \%str; - - if ($half eq "l") { - $$op{reg} = $reg; - $$op{ea} = $ea; - sprintf "#ifndef __thumb2__\n" . - " %s\t%s,%s\n" . - "#endif", $mnemonic,$reg,$ea; - } else { - sprintf "#ifndef __thumb2__\n" . - " %s\t%s,%s\n" . - "#else\n" . - " %sd\t%s,%s,%s\n" . - "#endif", $mnemonic,$reg,$ea, - $mnemonic,$$op{reg},$reg,$$op{ea}; - } - } -} - -foreach (split($/,$code)) { - s/\`([^\`]*)\`/eval $1/ge; - - s/^\s+(ldr|str)\.([lh])\s+(r[0-9]+),\s*(\[.*)/ldrd($1,$2,$3,$4)/ge or - s/\b(ror|ls[rl])\s+(r[0-9]+.*)#/mov $2$1#/g or - s/\bret\b/bx lr/g or - s/\bbx\s+lr\b/.word\t0xe12fff1e/g; # make it possible to compile with -march=armv4 - - print $_,"\n"; -} - -close STDOUT or die "error closing STDOUT: $!"; # enforce flush diff --git a/crypto/sha/asm/keccak1600-armv8.pl b/crypto/sha/asm/keccak1600-armv8.pl deleted file mode 100755 index 65102e7c292f44e6454bc257811034ccf0c1f622..0000000000000000000000000000000000000000 --- a/crypto/sha/asm/keccak1600-armv8.pl +++ /dev/null @@ -1,876 +0,0 @@ -#!/usr/bin/env perl -# Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html -# -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# ==================================================================== -# -# Keccak-1600 for ARMv8. -# -# June 2017. -# -# This is straightforward KECCAK_1X_ALT implementation. It makes no -# sense to attempt SIMD/NEON implementation for following reason. -# 64-bit lanes of vector registers can't be addressed as easily as in -# 32-bit mode. This means that 64-bit NEON is bound to be slower than -# 32-bit NEON, and this implementation is faster than 32-bit NEON on -# same processor. Even though it takes more scalar xor's and andn's, -# it gets compensated by availability of rotate. Not to forget that -# most processors achieve higher issue rate with scalar instructions. -# -# February 2018. -# -# Add hardware-assisted ARMv8.2 implementation. It's KECCAK_1X_ALT -# variant with register permutation/rotation twist that allows to -# eliminate copies to temporary registers. If you look closely you'll -# notice that it uses only one lane of vector registers. The new -# instructions effectively facilitate parallel hashing, which we don't -# support [yet?]. But lowest-level core procedure is prepared for it. -# The inner round is 67 [vector] instructions, so it's not actually -# obvious that it will provide performance improvement [in serial -# hash] as long as vector instructions issue rate is limited to 1 per -# cycle... -# -###################################################################### -# Numbers are cycles per processed byte. -# -# r=1088(*) -# -# Cortex-A53 13 -# Cortex-A57 12 -# X-Gene 14 -# Mongoose 10 -# Kryo 12 -# Denver 7.8 -# Apple A7 7.2 -# ThunderX2 9.7 -# -# (*) Corresponds to SHA3-256. No improvement coefficients are listed -# because they vary too much from compiler to compiler. Newer -# compiler does much better and improvement varies from 5% on -# Cortex-A57 to 25% on Cortex-A53. While in comparison to older -# compiler this code is at least 2x faster... - -# $output is the last argument if it looks like a file (it has an extension) -# $flavour is the first argument if it doesn't look like a file -$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; -$flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef; - -$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; -( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or -( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or -die "can't locate arm-xlate.pl"; - -open OUT,"| \"$^X\" $xlate $flavour \"$output\"" - or die "can't call $xlate: $!"; -*STDOUT=*OUT; - -my @rhotates = ([ 0, 1, 62, 28, 27 ], - [ 36, 44, 6, 55, 20 ], - [ 3, 10, 43, 25, 39 ], - [ 41, 45, 15, 21, 8 ], - [ 18, 2, 61, 56, 14 ]); - -$code.=<<___; -.text - -.align 8 // strategic alignment and padding that allows to use - // address value as loop termination condition... - .quad 0,0,0,0,0,0,0,0 -.type iotas,%object -iotas: - .quad 0x0000000000000001 - .quad 0x0000000000008082 - .quad 0x800000000000808a - .quad 0x8000000080008000 - .quad 0x000000000000808b - .quad 0x0000000080000001 - .quad 0x8000000080008081 - .quad 0x8000000000008009 - .quad 0x000000000000008a - .quad 0x0000000000000088 - .quad 0x0000000080008009 - .quad 0x000000008000000a - .quad 0x000000008000808b - .quad 0x800000000000008b - .quad 0x8000000000008089 - .quad 0x8000000000008003 - .quad 0x8000000000008002 - .quad 0x8000000000000080 - .quad 0x000000000000800a - .quad 0x800000008000000a - .quad 0x8000000080008081 - .quad 0x8000000000008080 - .quad 0x0000000080000001 - .quad 0x8000000080008008 -.size iotas,.-iotas -___ - {{{ -my @A = map([ "x$_", "x".($_+1), "x".($_+2), "x".($_+3), "x".($_+4) ], - (0, 5, 10, 15, 20)); - $A[3][3] = "x25"; # x18 is reserved - -my @C = map("x$_", (26,27,28,30)); - -$code.=<<___; -.type KeccakF1600_int,%function -.align 5 -KeccakF1600_int: - adr $C[2],iotas - .inst 0xd503233f // paciasp - stp $C[2],x30,[sp,#16] // 32 bytes on top are mine - b .Loop -.align 4 -.Loop: - ////////////////////////////////////////// Theta - eor $C[0],$A[0][0],$A[1][0] - stp $A[0][4],$A[1][4],[sp,#0] // offload pair... - eor $C[1],$A[0][1],$A[1][1] - eor $C[2],$A[0][2],$A[1][2] - eor $C[3],$A[0][3],$A[1][3] -___ - $C[4]=$A[0][4]; - $C[5]=$A[1][4]; -$code.=<<___; - eor $C[4],$A[0][4],$A[1][4] - eor $C[0],$C[0],$A[2][0] - eor $C[1],$C[1],$A[2][1] - eor $C[2],$C[2],$A[2][2] - eor $C[3],$C[3],$A[2][3] - eor $C[4],$C[4],$A[2][4] - eor $C[0],$C[0],$A[3][0] - eor $C[1],$C[1],$A[3][1] - eor $C[2],$C[2],$A[3][2] - eor $C[3],$C[3],$A[3][3] - eor $C[4],$C[4],$A[3][4] - eor $C[0],$C[0],$A[4][0] - eor $C[2],$C[2],$A[4][2] - eor $C[1],$C[1],$A[4][1] - eor $C[3],$C[3],$A[4][3] - eor $C[4],$C[4],$A[4][4] - - eor $C[5],$C[0],$C[2],ror#63 - - eor $A[0][1],$A[0][1],$C[5] - eor $A[1][1],$A[1][1],$C[5] - eor $A[2][1],$A[2][1],$C[5] - eor $A[3][1],$A[3][1],$C[5] - eor $A[4][1],$A[4][1],$C[5] - - eor $C[5],$C[1],$C[3],ror#63 - eor $C[2],$C[2],$C[4],ror#63 - eor $C[3],$C[3],$C[0],ror#63 - eor $C[4],$C[4],$C[1],ror#63 - - eor $C[1], $A[0][2],$C[5] // mov $C[1],$A[0][2] - eor $A[1][2],$A[1][2],$C[5] - eor $A[2][2],$A[2][2],$C[5] - eor $A[3][2],$A[3][2],$C[5] - eor $A[4][2],$A[4][2],$C[5] - - eor $A[0][0],$A[0][0],$C[4] - eor $A[1][0],$A[1][0],$C[4] - eor $A[2][0],$A[2][0],$C[4] - eor $A[3][0],$A[3][0],$C[4] - eor $A[4][0],$A[4][0],$C[4] -___ - $C[4]=undef; - $C[5]=undef; -$code.=<<___; - ldp $A[0][4],$A[1][4],[sp,#0] // re-load offloaded data - eor $C[0], $A[0][3],$C[2] // mov $C[0],$A[0][3] - eor $A[1][3],$A[1][3],$C[2] - eor $A[2][3],$A[2][3],$C[2] - eor $A[3][3],$A[3][3],$C[2] - eor $A[4][3],$A[4][3],$C[2] - - eor $C[2], $A[0][4],$C[3] // mov $C[2],$A[0][4] - eor $A[1][4],$A[1][4],$C[3] - eor $A[2][4],$A[2][4],$C[3] - eor $A[3][4],$A[3][4],$C[3] - eor $A[4][4],$A[4][4],$C[3] - - ////////////////////////////////////////// Rho+Pi - mov $C[3],$A[0][1] - ror $A[0][1],$A[1][1],#64-$rhotates[1][1] - //mov $C[1],$A[0][2] - ror $A[0][2],$A[2][2],#64-$rhotates[2][2] - //mov $C[0],$A[0][3] - ror $A[0][3],$A[3][3],#64-$rhotates[3][3] - //mov $C[2],$A[0][4] - ror $A[0][4],$A[4][4],#64-$rhotates[4][4] - - ror $A[1][1],$A[1][4],#64-$rhotates[1][4] - ror $A[2][2],$A[2][3],#64-$rhotates[2][3] - ror $A[3][3],$A[3][2],#64-$rhotates[3][2] - ror $A[4][4],$A[4][1],#64-$rhotates[4][1] - - ror $A[1][4],$A[4][2],#64-$rhotates[4][2] - ror $A[2][3],$A[3][4],#64-$rhotates[3][4] - ror $A[3][2],$A[2][1],#64-$rhotates[2][1] - ror $A[4][1],$A[1][3],#64-$rhotates[1][3] - - ror $A[4][2],$A[2][4],#64-$rhotates[2][4] - ror $A[3][4],$A[4][3],#64-$rhotates[4][3] - ror $A[2][1],$A[1][2],#64-$rhotates[1][2] - ror $A[1][3],$A[3][1],#64-$rhotates[3][1] - - ror $A[2][4],$A[4][0],#64-$rhotates[4][0] - ror $A[4][3],$A[3][0],#64-$rhotates[3][0] - ror $A[1][2],$A[2][0],#64-$rhotates[2][0] - ror $A[3][1],$A[1][0],#64-$rhotates[1][0] - - ror $A[1][0],$C[0],#64-$rhotates[0][3] - ror $A[2][0],$C[3],#64-$rhotates[0][1] - ror $A[3][0],$C[2],#64-$rhotates[0][4] - ror $A[4][0],$C[1],#64-$rhotates[0][2] - - ////////////////////////////////////////// Chi+Iota - bic $C[0],$A[0][2],$A[0][1] - bic $C[1],$A[0][3],$A[0][2] - bic $C[2],$A[0][0],$A[0][4] - bic $C[3],$A[0][1],$A[0][0] - eor $A[0][0],$A[0][0],$C[0] - bic $C[0],$A[0][4],$A[0][3] - eor $A[0][1],$A[0][1],$C[1] - ldr $C[1],[sp,#16] - eor $A[0][3],$A[0][3],$C[2] - eor $A[0][4],$A[0][4],$C[3] - eor $A[0][2],$A[0][2],$C[0] - ldr $C[3],[$C[1]],#8 // Iota[i++] - - bic $C[0],$A[1][2],$A[1][1] - tst $C[1],#255 // are we done? - str $C[1],[sp,#16] - bic $C[1],$A[1][3],$A[1][2] - bic $C[2],$A[1][0],$A[1][4] - eor $A[0][0],$A[0][0],$C[3] // A[0][0] ^= Iota - bic $C[3],$A[1][1],$A[1][0] - eor $A[1][0],$A[1][0],$C[0] - bic $C[0],$A[1][4],$A[1][3] - eor $A[1][1],$A[1][1],$C[1] - eor $A[1][3],$A[1][3],$C[2] - eor $A[1][4],$A[1][4],$C[3] - eor $A[1][2],$A[1][2],$C[0] - - bic $C[0],$A[2][2],$A[2][1] - bic $C[1],$A[2][3],$A[2][2] - bic $C[2],$A[2][0],$A[2][4] - bic $C[3],$A[2][1],$A[2][0] - eor $A[2][0],$A[2][0],$C[0] - bic $C[0],$A[2][4],$A[2][3] - eor $A[2][1],$A[2][1],$C[1] - eor $A[2][3],$A[2][3],$C[2] - eor $A[2][4],$A[2][4],$C[3] - eor $A[2][2],$A[2][2],$C[0] - - bic $C[0],$A[3][2],$A[3][1] - bic $C[1],$A[3][3],$A[3][2] - bic $C[2],$A[3][0],$A[3][4] - bic $C[3],$A[3][1],$A[3][0] - eor $A[3][0],$A[3][0],$C[0] - bic $C[0],$A[3][4],$A[3][3] - eor $A[3][1],$A[3][1],$C[1] - eor $A[3][3],$A[3][3],$C[2] - eor $A[3][4],$A[3][4],$C[3] - eor $A[3][2],$A[3][2],$C[0] - - bic $C[0],$A[4][2],$A[4][1] - bic $C[1],$A[4][3],$A[4][2] - bic $C[2],$A[4][0],$A[4][4] - bic $C[3],$A[4][1],$A[4][0] - eor $A[4][0],$A[4][0],$C[0] - bic $C[0],$A[4][4],$A[4][3] - eor $A[4][1],$A[4][1],$C[1] - eor $A[4][3],$A[4][3],$C[2] - eor $A[4][4],$A[4][4],$C[3] - eor $A[4][2],$A[4][2],$C[0] - - bne .Loop - - ldr x30,[sp,#24] - .inst 0xd50323bf // autiasp - ret -.size KeccakF1600_int,.-KeccakF1600_int - -.type KeccakF1600,%function -.align 5 -KeccakF1600: - .inst 0xd503233f // paciasp - stp x29,x30,[sp,#-128]! - add x29,sp,#0 - stp x19,x20,[sp,#16] - stp x21,x22,[sp,#32] - stp x23,x24,[sp,#48] - stp x25,x26,[sp,#64] - stp x27,x28,[sp,#80] - sub sp,sp,#48 - - str x0,[sp,#32] // offload argument - mov $C[0],x0 - ldp $A[0][0],$A[0][1],[x0,#16*0] - ldp $A[0][2],$A[0][3],[$C[0],#16*1] - ldp $A[0][4],$A[1][0],[$C[0],#16*2] - ldp $A[1][1],$A[1][2],[$C[0],#16*3] - ldp $A[1][3],$A[1][4],[$C[0],#16*4] - ldp $A[2][0],$A[2][1],[$C[0],#16*5] - ldp $A[2][2],$A[2][3],[$C[0],#16*6] - ldp $A[2][4],$A[3][0],[$C[0],#16*7] - ldp $A[3][1],$A[3][2],[$C[0],#16*8] - ldp $A[3][3],$A[3][4],[$C[0],#16*9] - ldp $A[4][0],$A[4][1],[$C[0],#16*10] - ldp $A[4][2],$A[4][3],[$C[0],#16*11] - ldr $A[4][4],[$C[0],#16*12] - - bl KeccakF1600_int - - ldr $C[0],[sp,#32] - stp $A[0][0],$A[0][1],[$C[0],#16*0] - stp $A[0][2],$A[0][3],[$C[0],#16*1] - stp $A[0][4],$A[1][0],[$C[0],#16*2] - stp $A[1][1],$A[1][2],[$C[0],#16*3] - stp $A[1][3],$A[1][4],[$C[0],#16*4] - stp $A[2][0],$A[2][1],[$C[0],#16*5] - stp $A[2][2],$A[2][3],[$C[0],#16*6] - stp $A[2][4],$A[3][0],[$C[0],#16*7] - stp $A[3][1],$A[3][2],[$C[0],#16*8] - stp $A[3][3],$A[3][4],[$C[0],#16*9] - stp $A[4][0],$A[4][1],[$C[0],#16*10] - stp $A[4][2],$A[4][3],[$C[0],#16*11] - str $A[4][4],[$C[0],#16*12] - - ldp x19,x20,[x29,#16] - add sp,sp,#48 - ldp x21,x22,[x29,#32] - ldp x23,x24,[x29,#48] - ldp x25,x26,[x29,#64] - ldp x27,x28,[x29,#80] - ldp x29,x30,[sp],#128 - .inst 0xd50323bf // autiasp - ret -.size KeccakF1600,.-KeccakF1600 - -.globl SHA3_absorb -.type SHA3_absorb,%function -.align 5 -SHA3_absorb: - .inst 0xd503233f // paciasp - stp x29,x30,[sp,#-128]! - add x29,sp,#0 - stp x19,x20,[sp,#16] - stp x21,x22,[sp,#32] - stp x23,x24,[sp,#48] - stp x25,x26,[sp,#64] - stp x27,x28,[sp,#80] - sub sp,sp,#64 - - stp x0,x1,[sp,#32] // offload arguments - stp x2,x3,[sp,#48] - - mov $C[0],x0 // uint64_t A[5][5] - mov $C[1],x1 // const void *inp - mov $C[2],x2 // size_t len - mov $C[3],x3 // size_t bsz - ldp $A[0][0],$A[0][1],[$C[0],#16*0] - ldp $A[0][2],$A[0][3],[$C[0],#16*1] - ldp $A[0][4],$A[1][0],[$C[0],#16*2] - ldp $A[1][1],$A[1][2],[$C[0],#16*3] - ldp $A[1][3],$A[1][4],[$C[0],#16*4] - ldp $A[2][0],$A[2][1],[$C[0],#16*5] - ldp $A[2][2],$A[2][3],[$C[0],#16*6] - ldp $A[2][4],$A[3][0],[$C[0],#16*7] - ldp $A[3][1],$A[3][2],[$C[0],#16*8] - ldp $A[3][3],$A[3][4],[$C[0],#16*9] - ldp $A[4][0],$A[4][1],[$C[0],#16*10] - ldp $A[4][2],$A[4][3],[$C[0],#16*11] - ldr $A[4][4],[$C[0],#16*12] - b .Loop_absorb - -.align 4 -.Loop_absorb: - subs $C[0],$C[2],$C[3] // len - bsz - blo .Labsorbed - - str $C[0],[sp,#48] // save len - bsz -___ -for (my $i=0; $i<24; $i+=2) { -my $j = $i+1; -$code.=<<___; - ldr $C[0],[$C[1]],#8 // *inp++ -#ifdef __AARCH64EB__ - rev $C[0],$C[0] -#endif - eor $A[$i/5][$i%5],$A[$i/5][$i%5],$C[0] - cmp $C[3],#8*($i+2) - blo .Lprocess_block - ldr $C[0],[$C[1]],#8 // *inp++ -#ifdef __AARCH64EB__ - rev $C[0],$C[0] -#endif - eor $A[$j/5][$j%5],$A[$j/5][$j%5],$C[0] - beq .Lprocess_block -___ -} -$code.=<<___; - ldr $C[0],[$C[1]],#8 // *inp++ -#ifdef __AARCH64EB__ - rev $C[0],$C[0] -#endif - eor $A[4][4],$A[4][4],$C[0] - -.Lprocess_block: - str $C[1],[sp,#40] // save inp - - bl KeccakF1600_int - - ldr $C[1],[sp,#40] // restore arguments - ldp $C[2],$C[3],[sp,#48] - b .Loop_absorb - -.align 4 -.Labsorbed: - ldr $C[1],[sp,#32] - stp $A[0][0],$A[0][1],[$C[1],#16*0] - stp $A[0][2],$A[0][3],[$C[1],#16*1] - stp $A[0][4],$A[1][0],[$C[1],#16*2] - stp $A[1][1],$A[1][2],[$C[1],#16*3] - stp $A[1][3],$A[1][4],[$C[1],#16*4] - stp $A[2][0],$A[2][1],[$C[1],#16*5] - stp $A[2][2],$A[2][3],[$C[1],#16*6] - stp $A[2][4],$A[3][0],[$C[1],#16*7] - stp $A[3][1],$A[3][2],[$C[1],#16*8] - stp $A[3][3],$A[3][4],[$C[1],#16*9] - stp $A[4][0],$A[4][1],[$C[1],#16*10] - stp $A[4][2],$A[4][3],[$C[1],#16*11] - str $A[4][4],[$C[1],#16*12] - - mov x0,$C[2] // return value - ldp x19,x20,[x29,#16] - add sp,sp,#64 - ldp x21,x22,[x29,#32] - ldp x23,x24,[x29,#48] - ldp x25,x26,[x29,#64] - ldp x27,x28,[x29,#80] - ldp x29,x30,[sp],#128 - .inst 0xd50323bf // autiasp - ret -.size SHA3_absorb,.-SHA3_absorb -___ -{ -my ($A_flat,$out,$len,$bsz) = map("x$_",(19..22)); -$code.=<<___; -.globl SHA3_squeeze -.type SHA3_squeeze,%function -.align 5 -SHA3_squeeze: - .inst 0xd503233f // paciasp - stp x29,x30,[sp,#-48]! - add x29,sp,#0 - stp x19,x20,[sp,#16] - stp x21,x22,[sp,#32] - - mov $A_flat,x0 // put aside arguments - mov $out,x1 - mov $len,x2 - mov $bsz,x3 - -.Loop_squeeze: - ldr x4,[x0],#8 - cmp $len,#8 - blo .Lsqueeze_tail -#ifdef __AARCH64EB__ - rev x4,x4 -#endif - str x4,[$out],#8 - subs $len,$len,#8 - beq .Lsqueeze_done - - subs x3,x3,#8 - bhi .Loop_squeeze - - mov x0,$A_flat - bl KeccakF1600 - mov x0,$A_flat - mov x3,$bsz - b .Loop_squeeze - -.align 4 -.Lsqueeze_tail: - strb w4,[$out],#1 - lsr x4,x4,#8 - subs $len,$len,#1 - beq .Lsqueeze_done - strb w4,[$out],#1 - lsr x4,x4,#8 - subs $len,$len,#1 - beq .Lsqueeze_done - strb w4,[$out],#1 - lsr x4,x4,#8 - subs $len,$len,#1 - beq .Lsqueeze_done - strb w4,[$out],#1 - lsr x4,x4,#8 - subs $len,$len,#1 - beq .Lsqueeze_done - strb w4,[$out],#1 - lsr x4,x4,#8 - subs $len,$len,#1 - beq .Lsqueeze_done - strb w4,[$out],#1 - lsr x4,x4,#8 - subs $len,$len,#1 - beq .Lsqueeze_done - strb w4,[$out],#1 - -.Lsqueeze_done: - ldp x19,x20,[sp,#16] - ldp x21,x22,[sp,#32] - ldp x29,x30,[sp],#48 - .inst 0xd50323bf // autiasp - ret -.size SHA3_squeeze,.-SHA3_squeeze -___ -} }}} - {{{ -my @A = map([ "v".$_.".16b", "v".($_+1).".16b", "v".($_+2).".16b", - "v".($_+3).".16b", "v".($_+4).".16b" ], - (0, 5, 10, 15, 20)); - -my @C = map("v$_.16b", (25..31)); -my @D = @C[4,5,6,2,3]; - -$code.=<<___; -.type KeccakF1600_ce,%function -.align 5 -KeccakF1600_ce: - mov x9,#24 - adr x10,iotas - b .Loop_ce -.align 4 -.Loop_ce: - ////////////////////////////////////////////////// Theta - eor3 $C[0],$A[4][0],$A[3][0],$A[2][0] - eor3 $C[1],$A[4][1],$A[3][1],$A[2][1] - eor3 $C[2],$A[4][2],$A[3][2],$A[2][2] - eor3 $C[3],$A[4][3],$A[3][3],$A[2][3] - eor3 $C[4],$A[4][4],$A[3][4],$A[2][4] - eor3 $C[0],$C[0], $A[1][0],$A[0][0] - eor3 $C[1],$C[1], $A[1][1],$A[0][1] - eor3 $C[2],$C[2], $A[1][2],$A[0][2] - eor3 $C[3],$C[3], $A[1][3],$A[0][3] - eor3 $C[4],$C[4], $A[1][4],$A[0][4] - - rax1 $C[5],$C[0],$C[2] // D[1] - rax1 $C[6],$C[1],$C[3] // D[2] - rax1 $C[2],$C[2],$C[4] // D[3] - rax1 $C[3],$C[3],$C[0] // D[4] - rax1 $C[4],$C[4],$C[1] // D[0] - - ////////////////////////////////////////////////// Theta+Rho+Pi - xar $C[0], $A[0][1],$D[1],#64-$rhotates[0][1] // C[0]=A[2][0] - - xar $A[0][1],$A[1][1],$D[1],#64-$rhotates[1][1] - xar $A[1][1],$A[1][4],$D[4],#64-$rhotates[1][4] - xar $A[1][4],$A[4][2],$D[2],#64-$rhotates[4][2] - xar $A[4][2],$A[2][4],$D[4],#64-$rhotates[2][4] - xar $A[2][4],$A[4][0],$D[0],#64-$rhotates[4][0] - - xar $C[1], $A[0][2],$D[2],#64-$rhotates[0][2] // C[1]=A[4][0] - - xar $A[0][2],$A[2][2],$D[2],#64-$rhotates[2][2] - xar $A[2][2],$A[2][3],$D[3],#64-$rhotates[2][3] - xar $A[2][3],$A[3][4],$D[4],#64-$rhotates[3][4] - xar $A[3][4],$A[4][3],$D[3],#64-$rhotates[4][3] - xar $A[4][3],$A[3][0],$D[0],#64-$rhotates[3][0] - - xar $A[3][0],$A[0][4],$D[4],#64-$rhotates[0][4] - - xar $D[4], $A[4][4],$D[4],#64-$rhotates[4][4] // D[4]=A[0][4] - xar $A[4][4],$A[4][1],$D[1],#64-$rhotates[4][1] - xar $A[1][3],$A[1][3],$D[3],#64-$rhotates[1][3] // A[1][3]=A[4][1] - xar $A[0][4],$A[3][1],$D[1],#64-$rhotates[3][1] // A[0][4]=A[1][3] - xar $A[3][1],$A[1][0],$D[0],#64-$rhotates[1][0] - - xar $A[1][0],$A[0][3],$D[3],#64-$rhotates[0][3] - - eor $A[0][0],$A[0][0],$D[0] - - xar $D[3], $A[3][3],$D[3],#64-$rhotates[3][3] // D[3]=A[0][3] - xar $A[0][3],$A[3][2],$D[2],#64-$rhotates[3][2] // A[0][3]=A[3][3] - xar $D[1], $A[2][1],$D[1],#64-$rhotates[2][1] // D[1]=A[3][2] - xar $D[2], $A[1][2],$D[2],#64-$rhotates[1][2] // D[2]=A[2][1] - xar $D[0], $A[2][0],$D[0],#64-$rhotates[2][0] // D[0]=A[1][2] - - ////////////////////////////////////////////////// Chi+Iota - bcax $A[4][0],$C[1], $A[4][2],$A[1][3] // A[1][3]=A[4][1] - bcax $A[4][1],$A[1][3],$A[4][3],$A[4][2] // A[1][3]=A[4][1] - bcax $A[4][2],$A[4][2],$A[4][4],$A[4][3] - bcax $A[4][3],$A[4][3],$C[1], $A[4][4] - bcax $A[4][4],$A[4][4],$A[1][3],$C[1] // A[1][3]=A[4][1] - - ld1r {$C[1]},[x10],#8 - - bcax $A[3][2],$D[1], $A[3][4],$A[0][3] // A[0][3]=A[3][3] - bcax $A[3][3],$A[0][3],$A[3][0],$A[3][4] // A[0][3]=A[3][3] - bcax $A[3][4],$A[3][4],$A[3][1],$A[3][0] - bcax $A[3][0],$A[3][0],$D[1], $A[3][1] - bcax $A[3][1],$A[3][1],$A[0][3],$D[1] // A[0][3]=A[3][3] - - bcax $A[2][0],$C[0], $A[2][2],$D[2] - bcax $A[2][1],$D[2], $A[2][3],$A[2][2] - bcax $A[2][2],$A[2][2],$A[2][4],$A[2][3] - bcax $A[2][3],$A[2][3],$C[0], $A[2][4] - bcax $A[2][4],$A[2][4],$D[2], $C[0] - - bcax $A[1][2],$D[0], $A[1][4],$A[0][4] // A[0][4]=A[1][3] - bcax $A[1][3],$A[0][4],$A[1][0],$A[1][4] // A[0][4]=A[1][3] - bcax $A[1][4],$A[1][4],$A[1][1],$A[1][0] - bcax $A[1][0],$A[1][0],$D[0], $A[1][1] - bcax $A[1][1],$A[1][1],$A[0][4],$D[0] // A[0][4]=A[1][3] - - bcax $A[0][3],$D[3], $A[0][0],$D[4] - bcax $A[0][4],$D[4], $A[0][1],$A[0][0] - bcax $A[0][0],$A[0][0],$A[0][2],$A[0][1] - bcax $A[0][1],$A[0][1],$D[3], $A[0][2] - bcax $A[0][2],$A[0][2],$D[4], $D[3] - - eor $A[0][0],$A[0][0],$C[1] - - subs x9,x9,#1 - bne .Loop_ce - - ret -.size KeccakF1600_ce,.-KeccakF1600_ce - -.type KeccakF1600_cext,%function -.align 5 -KeccakF1600_cext: - .inst 0xd503233f // paciasp - stp x29,x30,[sp,#-80]! - add x29,sp,#0 - stp d8,d9,[sp,#16] // per ABI requirement - stp d10,d11,[sp,#32] - stp d12,d13,[sp,#48] - stp d14,d15,[sp,#64] -___ -for($i=0; $i<24; $i+=2) { # load A[5][5] -my $j=$i+1; -$code.=<<___; - ldp d$i,d$j,[x0,#8*$i] -___ -} -$code.=<<___; - ldr d24,[x0,#8*$i] - bl KeccakF1600_ce - ldr x30,[sp,#8] -___ -for($i=0; $i<24; $i+=2) { # store A[5][5] -my $j=$i+1; -$code.=<<___; - stp d$i,d$j,[x0,#8*$i] -___ -} -$code.=<<___; - str d24,[x0,#8*$i] - - ldp d8,d9,[sp,#16] - ldp d10,d11,[sp,#32] - ldp d12,d13,[sp,#48] - ldp d14,d15,[sp,#64] - ldr x29,[sp],#80 - .inst 0xd50323bf // autiasp - ret -.size KeccakF1600_cext,.-KeccakF1600_cext -___ - -{ -my ($ctx,$inp,$len,$bsz) = map("x$_",(0..3)); - -$code.=<<___; -.globl SHA3_absorb_cext -.type SHA3_absorb_cext,%function -.align 5 -SHA3_absorb_cext: - .inst 0xd503233f // paciasp - stp x29,x30,[sp,#-80]! - add x29,sp,#0 - stp d8,d9,[sp,#16] // per ABI requirement - stp d10,d11,[sp,#32] - stp d12,d13,[sp,#48] - stp d14,d15,[sp,#64] -___ -for($i=0; $i<24; $i+=2) { # load A[5][5] -my $j=$i+1; -$code.=<<___; - ldp d$i,d$j,[x0,#8*$i] -___ -} -$code.=<<___; - ldr d24,[x0,#8*$i] - b .Loop_absorb_ce - -.align 4 -.Loop_absorb_ce: - subs $len,$len,$bsz // len - bsz - blo .Labsorbed_ce -___ -for (my $i=0; $i<24; $i+=2) { -my $j = $i+1; -$code.=<<___; - ldr d31,[$inp],#8 // *inp++ -#ifdef __AARCH64EB__ - rev64 v31.16b,v31.16b -#endif - eor $A[$i/5][$i%5],$A[$i/5][$i%5],v31.16b - cmp $bsz,#8*($i+2) - blo .Lprocess_block_ce - ldr d31,[$inp],#8 // *inp++ -#ifdef __AARCH64EB__ - rev64 v31.16b,v31.16b -#endif - eor $A[$j/5][$j%5],$A[$j/5][$j%5],v31.16b - beq .Lprocess_block_ce -___ -} -$code.=<<___; - ldr d31,[$inp],#8 // *inp++ -#ifdef __AARCH64EB__ - rev64 v31.16b,v31.16b -#endif - eor $A[4][4],$A[4][4],v31.16b - -.Lprocess_block_ce: - - bl KeccakF1600_ce - - b .Loop_absorb_ce - -.align 4 -.Labsorbed_ce: -___ -for($i=0; $i<24; $i+=2) { # store A[5][5] -my $j=$i+1; -$code.=<<___; - stp d$i,d$j,[x0,#8*$i] -___ -} -$code.=<<___; - str d24,[x0,#8*$i] - add x0,$len,$bsz // return value - - ldp d8,d9,[sp,#16] - ldp d10,d11,[sp,#32] - ldp d12,d13,[sp,#48] - ldp d14,d15,[sp,#64] - ldp x29,x30,[sp],#80 - .inst 0xd50323bf // autiasp - ret -.size SHA3_absorb_cext,.-SHA3_absorb_cext -___ -} -{ -my ($ctx,$out,$len,$bsz) = map("x$_",(0..3)); -$code.=<<___; -.globl SHA3_squeeze_cext -.type SHA3_squeeze_cext,%function -.align 5 -SHA3_squeeze_cext: - .inst 0xd503233f // paciasp - stp x29,x30,[sp,#-16]! - add x29,sp,#0 - mov x9,$ctx - mov x10,$bsz - -.Loop_squeeze_ce: - ldr x4,[x9],#8 - cmp $len,#8 - blo .Lsqueeze_tail_ce -#ifdef __AARCH64EB__ - rev x4,x4 -#endif - str x4,[$out],#8 - beq .Lsqueeze_done_ce - - sub $len,$len,#8 - subs x10,x10,#8 - bhi .Loop_squeeze_ce - - bl KeccakF1600_cext - ldr x30,[sp,#8] - mov x9,$ctx - mov x10,$bsz - b .Loop_squeeze_ce - -.align 4 -.Lsqueeze_tail_ce: - strb w4,[$out],#1 - lsr x4,x4,#8 - subs $len,$len,#1 - beq .Lsqueeze_done_ce - strb w4,[$out],#1 - lsr x4,x4,#8 - subs $len,$len,#1 - beq .Lsqueeze_done_ce - strb w4,[$out],#1 - lsr x4,x4,#8 - subs $len,$len,#1 - beq .Lsqueeze_done_ce - strb w4,[$out],#1 - lsr x4,x4,#8 - subs $len,$len,#1 - beq .Lsqueeze_done_ce - strb w4,[$out],#1 - lsr x4,x4,#8 - subs $len,$len,#1 - beq .Lsqueeze_done_ce - strb w4,[$out],#1 - lsr x4,x4,#8 - subs $len,$len,#1 - beq .Lsqueeze_done_ce - strb w4,[$out],#1 - -.Lsqueeze_done_ce: - ldr x29,[sp],#16 - .inst 0xd50323bf // autiasp - ret -.size SHA3_squeeze_cext,.-SHA3_squeeze_cext -___ -} }}} -$code.=<<___; -.asciz "Keccak-1600 absorb and squeeze for ARMv8, CRYPTOGAMS by " -___ - -{ my %opcode = ( - "rax1" => 0xce608c00, "eor3" => 0xce000000, - "bcax" => 0xce200000, "xar" => 0xce800000 ); - - sub unsha3 { - my ($mnemonic,$arg)=@_; - - $arg =~ m/[qv]([0-9]+)[^,]*,\s*[qv]([0-9]+)[^,]*(?:,\s*[qv]([0-9]+)[^,]*(?:,\s*[qv#]([0-9\-]+))?)?/ - && - sprintf ".inst\t0x%08x\t//%s %s", - $opcode{$mnemonic}|$1|($2<<5)|($3<<16)|(eval($4)<<10), - $mnemonic,$arg; - } -} - -foreach(split("\n",$code)) { - - s/\`([^\`]*)\`/eval($1)/ge; - - m/\bld1r\b/ and s/\.16b/.2d/g or - s/\b(eor3|rax1|xar|bcax)\s+(v.*)/unsha3($1,$2)/ge; - - print $_,"\n"; -} - -close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/sha/asm/keccak1600-avx2.pl b/crypto/sha/asm/keccak1600-avx2.pl deleted file mode 100755 index 84682289bf7a711187c903066c6d2326e57496f7..0000000000000000000000000000000000000000 --- a/crypto/sha/asm/keccak1600-avx2.pl +++ /dev/null @@ -1,481 +0,0 @@ -#!/usr/bin/env perl -# Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html -# -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# ==================================================================== -# -# Keccak-1600 for AVX2. -# -# July 2017. -# -# To paraphrase Gilles Van Assche, if you contemplate Fig. 2.3 on page -# 20 of The Keccak reference [or Fig. 5 of FIPS PUB 202], and load data -# other than A[0][0] in magic order into 6 [256-bit] registers, *each -# dedicated to one axis*, Pi permutation is reduced to intra-register -# shuffles... -# -# It makes other steps more intricate, but overall, is it a win? To be -# more specific index permutations organized by quadruples are: -# -# [4][4] [3][3] [2][2] [1][1]<-+ -# [0][4] [0][3] [0][2] [0][1]<-+ -# [3][0] [1][0] [4][0] [2][0] | -# [4][3] [3][1] [2][4] [1][2] | -# [3][4] [1][3] [4][2] [2][1] | -# [2][3] [4][1] [1][4] [3][2] | -# [2][2] [4][4] [1][1] [3][3] -+ -# -# This however is highly impractical for Theta and Chi. What would help -# Theta is if x indices were aligned column-wise, or in other words: -# -# [0][4] [0][3] [0][2] [0][1] -# [3][0] [1][0] [4][0] [2][0] -#vpermq([4][3] [3][1] [2][4] [1][2], 0b01110010) -# [2][4] [4][3] [1][2] [3][1] -#vpermq([4][2] [3][4] [2][1] [1][3], 0b10001101) -# [3][4] [1][3] [4][2] [2][1] -#vpermq([2][3] [4][1] [1][4] [3][2], 0b01110010) -# [1][4] [2][3] [3][2] [4][1] -#vpermq([1][1] [2][2] [3][3] [4][4], 0b00011011) -# [4][4] [3][3] [2][2] [1][1] -# -# So here we have it, lines not marked with vpermq() represent the magic -# order in which data is to be loaded and maintained. [And lines marked -# with vpermq() represent Pi circular permutation in chosen layout. Note -# that first step is permutation-free.] A[0][0] is loaded to register of -# its own, to all lanes. [A[0][0] is not part of Pi permutation or Rho.] -# Digits in variables' names denote right-most coordinates: - -my ($A00, # [0][0] [0][0] [0][0] [0][0] # %ymm0 - $A01, # [0][4] [0][3] [0][2] [0][1] # %ymm1 - $A20, # [3][0] [1][0] [4][0] [2][0] # %ymm2 - $A31, # [2][4] [4][3] [1][2] [3][1] # %ymm3 - $A21, # [3][4] [1][3] [4][2] [2][1] # %ymm4 - $A41, # [1][4] [2][3] [3][2] [4][1] # %ymm5 - $A11) = # [4][4] [3][3] [2][2] [1][1] # %ymm6 - map("%ymm$_",(0..6)); - -# We also need to map the magic order into offsets within structure: - -my @A_jagged = ([0,0], [1,0], [1,1], [1,2], [1,3], # [0][0..4] - [2,2], [6,0], [3,1], [4,2], [5,3], # [1][0..4] - [2,0], [4,0], [6,1], [5,2], [3,3], # [2][0..4] - [2,3], [3,0], [5,1], [6,2], [4,3], # [3][0..4] - [2,1], [5,0], [4,1], [3,2], [6,3]); # [4][0..4] - @A_jagged = map(8*($$_[0]*4+$$_[1]), @A_jagged); # ... and now linear - -# But on the other hand Chi is much better off if y indices were aligned -# column-wise, not x. For this reason we have to shuffle data prior -# Chi and revert it afterwards. Prior shuffle is naturally merged with -# Pi itself: -# -# [0][4] [0][3] [0][2] [0][1] -# [3][0] [1][0] [4][0] [2][0] -#vpermq([4][3] [3][1] [2][4] [1][2], 0b01110010) -#vpermq([2][4] [4][3] [1][2] [3][1], 0b00011011) = 0b10001101 -# [3][1] [1][2] [4][3] [2][4] -#vpermq([4][2] [3][4] [2][1] [1][3], 0b10001101) -#vpermq([3][4] [1][3] [4][2] [2][1], 0b11100100) = 0b10001101 -# [3][4] [1][3] [4][2] [2][1] -#vpermq([2][3] [4][1] [1][4] [3][2], 0b01110010) -#vpermq([1][4] [2][3] [3][2] [4][1], 0b01110010) = 0b00011011 -# [3][2] [1][4] [4][1] [2][3] -#vpermq([1][1] [2][2] [3][3] [4][4], 0b00011011) -#vpermq([4][4] [3][3] [2][2] [1][1], 0b10001101) = 0b01110010 -# [3][3] [1][1] [4][4] [2][2] -# -# And reverse post-Chi permutation: -# -# [0][4] [0][3] [0][2] [0][1] -# [3][0] [1][0] [4][0] [2][0] -#vpermq([3][1] [1][2] [4][3] [2][4], 0b00011011) -# [2][4] [4][3] [1][2] [3][1] -#vpermq([3][4] [1][3] [4][2] [2][1], 0b11100100) = nop :-) -# [3][4] [1][3] [4][2] [2][1] -#vpermq([3][2] [1][4] [4][1] [2][3], 0b10001101) -# [1][4] [2][3] [3][2] [4][1] -#vpermq([3][3] [1][1] [4][4] [2][2], 0b01110010) -# [4][4] [3][3] [2][2] [1][1] -# -######################################################################## -# Numbers are cycles per processed byte out of large message. -# -# r=1088(*) -# -# Haswell 8.7/+10% -# Skylake 7.8/+20% -# Ryzen 17(**) -# -# (*) Corresponds to SHA3-256. Percentage after slash is improvement -# coefficient in comparison to scalar keccak1600-x86_64.pl. -# (**) It's expected that Ryzen performs poorly, because instruction -# issue rate is limited to two AVX2 instructions per cycle and -# in addition vpblendd is reportedly bound to specific port. -# Obviously this code path should not be executed on Ryzen. - -my @T = map("%ymm$_",(7..15)); -my ($C14,$C00,$D00,$D14) = @T[5..8]; - -$code.=<<___; -.text - -.type __KeccakF1600,\@function -.align 32 -__KeccakF1600: - lea rhotates_left+96(%rip),%r8 - lea rhotates_right+96(%rip),%r9 - lea iotas(%rip),%r10 - mov \$24,%eax - jmp .Loop_avx2 - -.align 32 -.Loop_avx2: - ######################################### Theta - vpshufd \$0b01001110,$A20,$C00 - vpxor $A31,$A41,$C14 - vpxor $A11,$A21,@T[2] - vpxor $A01,$C14,$C14 - vpxor @T[2],$C14,$C14 # C[1..4] - - vpermq \$0b10010011,$C14,@T[4] - vpxor $A20,$C00,$C00 - vpermq \$0b01001110,$C00,@T[0] - - vpsrlq \$63,$C14,@T[1] - vpaddq $C14,$C14,@T[2] - vpor @T[2],@T[1],@T[1] # ROL64(C[1..4],1) - - vpermq \$0b00111001,@T[1],$D14 - vpxor @T[4],@T[1],$D00 - vpermq \$0b00000000,$D00,$D00 # D[0..0] = ROL64(C[1],1) ^ C[4] - - vpxor $A00,$C00,$C00 - vpxor @T[0],$C00,$C00 # C[0..0] - - vpsrlq \$63,$C00,@T[0] - vpaddq $C00,$C00,@T[1] - vpor @T[0],@T[1],@T[1] # ROL64(C[0..0],1) - - vpxor $D00,$A20,$A20 # ^= D[0..0] - vpxor $D00,$A00,$A00 # ^= D[0..0] - - vpblendd \$0b11000000,@T[1],$D14,$D14 - vpblendd \$0b00000011,$C00,@T[4],@T[4] - vpxor @T[4],$D14,$D14 # D[1..4] = ROL64(C[2..4,0),1) ^ C[0..3] - - ######################################### Rho + Pi + pre-Chi shuffle - vpsllvq 0*32-96(%r8),$A20,@T[3] - vpsrlvq 0*32-96(%r9),$A20,$A20 - vpor @T[3],$A20,$A20 - - vpxor $D14,$A31,$A31 # ^= D[1..4] from Theta - vpsllvq 2*32-96(%r8),$A31,@T[4] - vpsrlvq 2*32-96(%r9),$A31,$A31 - vpor @T[4],$A31,$A31 - - vpxor $D14,$A21,$A21 # ^= D[1..4] from Theta - vpsllvq 3*32-96(%r8),$A21,@T[5] - vpsrlvq 3*32-96(%r9),$A21,$A21 - vpor @T[5],$A21,$A21 - - vpxor $D14,$A41,$A41 # ^= D[1..4] from Theta - vpsllvq 4*32-96(%r8),$A41,@T[6] - vpsrlvq 4*32-96(%r9),$A41,$A41 - vpor @T[6],$A41,$A41 - - vpxor $D14,$A11,$A11 # ^= D[1..4] from Theta - vpermq \$0b10001101,$A20,@T[3] # $A20 -> future $A31 - vpermq \$0b10001101,$A31,@T[4] # $A31 -> future $A21 - vpsllvq 5*32-96(%r8),$A11,@T[7] - vpsrlvq 5*32-96(%r9),$A11,@T[1] - vpor @T[7],@T[1],@T[1] # $A11 -> future $A01 - - vpxor $D14,$A01,$A01 # ^= D[1..4] from Theta - vpermq \$0b00011011,$A21,@T[5] # $A21 -> future $A41 - vpermq \$0b01110010,$A41,@T[6] # $A41 -> future $A11 - vpsllvq 1*32-96(%r8),$A01,@T[8] - vpsrlvq 1*32-96(%r9),$A01,@T[2] - vpor @T[8],@T[2],@T[2] # $A01 -> future $A20 - - ######################################### Chi - vpsrldq \$8,@T[1],@T[7] - vpandn @T[7],@T[1],@T[0] # tgting [0][0] [0][0] [0][0] [0][0] - - vpblendd \$0b00001100,@T[6],@T[2],$A31 # [4][4] [2][0] - vpblendd \$0b00001100,@T[2],@T[4],@T[8] # [4][0] [2][1] - vpblendd \$0b00001100,@T[4],@T[3],$A41 # [4][2] [2][4] - vpblendd \$0b00001100,@T[3],@T[2],@T[7] # [4][3] [2][0] - vpblendd \$0b00110000,@T[4],$A31,$A31 # [1][3] [4][4] [2][0] - vpblendd \$0b00110000,@T[5],@T[8],@T[8] # [1][4] [4][0] [2][1] - vpblendd \$0b00110000,@T[2],$A41,$A41 # [1][0] [4][2] [2][4] - vpblendd \$0b00110000,@T[6],@T[7],@T[7] # [1][1] [4][3] [2][0] - vpblendd \$0b11000000,@T[5],$A31,$A31 # [3][2] [1][3] [4][4] [2][0] - vpblendd \$0b11000000,@T[6],@T[8],@T[8] # [3][3] [1][4] [4][0] [2][1] - vpblendd \$0b11000000,@T[6],$A41,$A41 # [3][3] [1][0] [4][2] [2][4] - vpblendd \$0b11000000,@T[4],@T[7],@T[7] # [3][4] [1][1] [4][3] [2][0] - vpandn @T[8],$A31,$A31 # tgting [3][1] [1][2] [4][3] [2][4] - vpandn @T[7],$A41,$A41 # tgting [3][2] [1][4] [4][1] [2][3] - - vpblendd \$0b00001100,@T[2],@T[5],$A11 # [4][0] [2][3] - vpblendd \$0b00001100,@T[5],@T[3],@T[8] # [4][1] [2][4] - vpxor @T[3],$A31,$A31 - vpblendd \$0b00110000,@T[3],$A11,$A11 # [1][2] [4][0] [2][3] - vpblendd \$0b00110000,@T[4],@T[8],@T[8] # [1][3] [4][1] [2][4] - vpxor @T[5],$A41,$A41 - vpblendd \$0b11000000,@T[4],$A11,$A11 # [3][4] [1][2] [4][0] [2][3] - vpblendd \$0b11000000,@T[2],@T[8],@T[8] # [3][0] [1][3] [4][1] [2][4] - vpandn @T[8],$A11,$A11 # tgting [3][3] [1][1] [4][4] [2][2] - vpxor @T[6],$A11,$A11 - - vpermq \$0b00011110,@T[1],$A21 # [0][1] [0][2] [0][4] [0][3] - vpblendd \$0b00110000,$A00,$A21,@T[8] # [0][1] [0][0] [0][4] [0][3] - vpermq \$0b00111001,@T[1],$A01 # [0][1] [0][4] [0][3] [0][2] - vpblendd \$0b11000000,$A00,$A01,$A01 # [0][0] [0][4] [0][3] [0][2] - vpandn @T[8],$A01,$A01 # tgting [0][4] [0][3] [0][2] [0][1] - - vpblendd \$0b00001100,@T[5],@T[4],$A20 # [4][1] [2][1] - vpblendd \$0b00001100,@T[4],@T[6],@T[7] # [4][2] [2][2] - vpblendd \$0b00110000,@T[6],$A20,$A20 # [1][1] [4][1] [2][1] - vpblendd \$0b00110000,@T[3],@T[7],@T[7] # [1][2] [4][2] [2][2] - vpblendd \$0b11000000,@T[3],$A20,$A20 # [3][1] [1][1] [4][1] [2][1] - vpblendd \$0b11000000,@T[5],@T[7],@T[7] # [3][2] [1][2] [4][2] [2][2] - vpandn @T[7],$A20,$A20 # tgting [3][0] [1][0] [4][0] [2][0] - vpxor @T[2],$A20,$A20 - - vpermq \$0b00000000,@T[0],@T[0] # [0][0] [0][0] [0][0] [0][0] - vpermq \$0b00011011,$A31,$A31 # post-Chi shuffle - vpermq \$0b10001101,$A41,$A41 - vpermq \$0b01110010,$A11,$A11 - - vpblendd \$0b00001100,@T[3],@T[6],$A21 # [4][3] [2][2] - vpblendd \$0b00001100,@T[6],@T[5],@T[7] # [4][4] [2][3] - vpblendd \$0b00110000,@T[5],$A21,$A21 # [1][4] [4][3] [2][2] - vpblendd \$0b00110000,@T[2],@T[7],@T[7] # [1][0] [4][4] [2][3] - vpblendd \$0b11000000,@T[2],$A21,$A21 # [3][0] [1][4] [4][3] [2][2] - vpblendd \$0b11000000,@T[3],@T[7],@T[7] # [3][1] [1][0] [4][4] [2][3] - vpandn @T[7],$A21,$A21 # tgting [3][4] [1][3] [4][2] [2][1] - - vpxor @T[0],$A00,$A00 - vpxor @T[1],$A01,$A01 - vpxor @T[4],$A21,$A21 - - ######################################### Iota - vpxor (%r10),$A00,$A00 - lea 32(%r10),%r10 - - dec %eax - jnz .Loop_avx2 - - ret -.size __KeccakF1600,.-__KeccakF1600 -___ -my ($A_flat,$inp,$len,$bsz) = ("%rdi","%rsi","%rdx","%rcx"); -my $out = $inp; # in squeeze - -$code.=<<___; -.globl SHA3_absorb -.type SHA3_absorb,\@function -.align 32 -SHA3_absorb: - mov %rsp,%r11 - - lea -240(%rsp),%rsp - and \$-32,%rsp - - lea 96($A_flat),$A_flat - lea 96($inp),$inp - lea 96(%rsp),%r10 - - vzeroupper - - vpbroadcastq -96($A_flat),$A00 # load A[5][5] - vmovdqu 8+32*0-96($A_flat),$A01 - vmovdqu 8+32*1-96($A_flat),$A20 - vmovdqu 8+32*2-96($A_flat),$A31 - vmovdqu 8+32*3-96($A_flat),$A21 - vmovdqu 8+32*4-96($A_flat),$A41 - vmovdqu 8+32*5-96($A_flat),$A11 - - vpxor @T[0],@T[0],@T[0] - vmovdqa @T[0],32*2-96(%r10) # zero transfer area on stack - vmovdqa @T[0],32*3-96(%r10) - vmovdqa @T[0],32*4-96(%r10) - vmovdqa @T[0],32*5-96(%r10) - vmovdqa @T[0],32*6-96(%r10) - -.Loop_absorb_avx2: - mov $bsz,%rax - sub $bsz,$len - jc .Ldone_absorb_avx2 - - shr \$3,%eax - vpbroadcastq 0-96($inp),@T[0] - vmovdqu 8-96($inp),@T[1] - sub \$4,%eax -___ -for(my $i=5; $i<25; $i++) { -$code.=<<___ - dec %eax - jz .Labsorved_avx2 - mov 8*$i-96($inp),%r8 - mov %r8,$A_jagged[$i]-96(%r10) -___ -} -$code.=<<___; -.Labsorved_avx2: - lea ($inp,$bsz),$inp - - vpxor @T[0],$A00,$A00 - vpxor @T[1],$A01,$A01 - vpxor 32*2-96(%r10),$A20,$A20 - vpxor 32*3-96(%r10),$A31,$A31 - vpxor 32*4-96(%r10),$A21,$A21 - vpxor 32*5-96(%r10),$A41,$A41 - vpxor 32*6-96(%r10),$A11,$A11 - - call __KeccakF1600 - - lea 96(%rsp),%r10 - jmp .Loop_absorb_avx2 - -.Ldone_absorb_avx2: - vmovq %xmm0,-96($A_flat) - vmovdqu $A01,8+32*0-96($A_flat) - vmovdqu $A20,8+32*1-96($A_flat) - vmovdqu $A31,8+32*2-96($A_flat) - vmovdqu $A21,8+32*3-96($A_flat) - vmovdqu $A41,8+32*4-96($A_flat) - vmovdqu $A11,8+32*5-96($A_flat) - - vzeroupper - - lea (%r11),%rsp - lea ($len,$bsz),%rax # return value - ret -.size SHA3_absorb,.-SHA3_absorb - -.globl SHA3_squeeze -.type SHA3_squeeze,\@function -.align 32 -SHA3_squeeze: - mov %rsp,%r11 - - lea 96($A_flat),$A_flat - shr \$3,$bsz - - vzeroupper - - vpbroadcastq -96($A_flat),$A00 - vpxor @T[0],@T[0],@T[0] - vmovdqu 8+32*0-96($A_flat),$A01 - vmovdqu 8+32*1-96($A_flat),$A20 - vmovdqu 8+32*2-96($A_flat),$A31 - vmovdqu 8+32*3-96($A_flat),$A21 - vmovdqu 8+32*4-96($A_flat),$A41 - vmovdqu 8+32*5-96($A_flat),$A11 - - mov $bsz,%rax - -.Loop_squeeze_avx2: - mov @A_jagged[$i]-96($A_flat),%r8 -___ -for (my $i=0; $i<25; $i++) { -$code.=<<___; - sub \$8,$len - jc .Ltail_squeeze_avx2 - mov %r8,($out) - lea 8($out),$out - je .Ldone_squeeze_avx2 - dec %eax - je .Lextend_output_avx2 - mov @A_jagged[$i+1]-120($A_flat),%r8 -___ -} -$code.=<<___; -.Lextend_output_avx2: - call __KeccakF1600 - - vmovq %xmm0,-96($A_flat) - vmovdqu $A01,8+32*0-96($A_flat) - vmovdqu $A20,8+32*1-96($A_flat) - vmovdqu $A31,8+32*2-96($A_flat) - vmovdqu $A21,8+32*3-96($A_flat) - vmovdqu $A41,8+32*4-96($A_flat) - vmovdqu $A11,8+32*5-96($A_flat) - - mov $bsz,%rax - jmp .Loop_squeeze_avx2 - - -.Ltail_squeeze_avx2: - add \$8,$len -.Loop_tail_avx2: - mov %r8b,($out) - lea 1($out),$out - shr \$8,%r8 - dec $len - jnz .Loop_tail_avx2 - -.Ldone_squeeze_avx2: - vzeroupper - - lea (%r11),%rsp - ret -.size SHA3_squeeze,.-SHA3_squeeze - -.align 64 -rhotates_left: - .quad 3, 18, 36, 41 # [2][0] [4][0] [1][0] [3][0] - .quad 1, 62, 28, 27 # [0][1] [0][2] [0][3] [0][4] - .quad 45, 6, 56, 39 # [3][1] [1][2] [4][3] [2][4] - .quad 10, 61, 55, 8 # [2][1] [4][2] [1][3] [3][4] - .quad 2, 15, 25, 20 # [4][1] [3][2] [2][3] [1][4] - .quad 44, 43, 21, 14 # [1][1] [2][2] [3][3] [4][4] -rhotates_right: - .quad 64-3, 64-18, 64-36, 64-41 - .quad 64-1, 64-62, 64-28, 64-27 - .quad 64-45, 64-6, 64-56, 64-39 - .quad 64-10, 64-61, 64-55, 64-8 - .quad 64-2, 64-15, 64-25, 64-20 - .quad 64-44, 64-43, 64-21, 64-14 -iotas: - .quad 0x0000000000000001, 0x0000000000000001, 0x0000000000000001, 0x0000000000000001 - .quad 0x0000000000008082, 0x0000000000008082, 0x0000000000008082, 0x0000000000008082 - .quad 0x800000000000808a, 0x800000000000808a, 0x800000000000808a, 0x800000000000808a - .quad 0x8000000080008000, 0x8000000080008000, 0x8000000080008000, 0x8000000080008000 - .quad 0x000000000000808b, 0x000000000000808b, 0x000000000000808b, 0x000000000000808b - .quad 0x0000000080000001, 0x0000000080000001, 0x0000000080000001, 0x0000000080000001 - .quad 0x8000000080008081, 0x8000000080008081, 0x8000000080008081, 0x8000000080008081 - .quad 0x8000000000008009, 0x8000000000008009, 0x8000000000008009, 0x8000000000008009 - .quad 0x000000000000008a, 0x000000000000008a, 0x000000000000008a, 0x000000000000008a - .quad 0x0000000000000088, 0x0000000000000088, 0x0000000000000088, 0x0000000000000088 - .quad 0x0000000080008009, 0x0000000080008009, 0x0000000080008009, 0x0000000080008009 - .quad 0x000000008000000a, 0x000000008000000a, 0x000000008000000a, 0x000000008000000a - .quad 0x000000008000808b, 0x000000008000808b, 0x000000008000808b, 0x000000008000808b - .quad 0x800000000000008b, 0x800000000000008b, 0x800000000000008b, 0x800000000000008b - .quad 0x8000000000008089, 0x8000000000008089, 0x8000000000008089, 0x8000000000008089 - .quad 0x8000000000008003, 0x8000000000008003, 0x8000000000008003, 0x8000000000008003 - .quad 0x8000000000008002, 0x8000000000008002, 0x8000000000008002, 0x8000000000008002 - .quad 0x8000000000000080, 0x8000000000000080, 0x8000000000000080, 0x8000000000000080 - .quad 0x000000000000800a, 0x000000000000800a, 0x000000000000800a, 0x000000000000800a - .quad 0x800000008000000a, 0x800000008000000a, 0x800000008000000a, 0x800000008000000a - .quad 0x8000000080008081, 0x8000000080008081, 0x8000000080008081, 0x8000000080008081 - .quad 0x8000000000008080, 0x8000000000008080, 0x8000000000008080, 0x8000000000008080 - .quad 0x0000000080000001, 0x0000000080000001, 0x0000000080000001, 0x0000000080000001 - .quad 0x8000000080008008, 0x8000000080008008, 0x8000000080008008, 0x8000000080008008 - -.asciz "Keccak-1600 absorb and squeeze for AVX2, CRYPTOGAMS by " -___ - -$output=pop and open STDOUT,">$output"; -print $code; -close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/sha/asm/keccak1600-avx512.pl b/crypto/sha/asm/keccak1600-avx512.pl deleted file mode 100755 index 85d6e7ffe424aaeb6f7655ea00482e057f2f7245..0000000000000000000000000000000000000000 --- a/crypto/sha/asm/keccak1600-avx512.pl +++ /dev/null @@ -1,550 +0,0 @@ -#!/usr/bin/env perl -# Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html -# -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# ==================================================================== -# -# Keccak-1600 for AVX-512F. -# -# July 2017. -# -# Below code is KECCAK_1X_ALT implementation (see sha/keccak1600.c). -# Pretty straightforward, the only "magic" is data layout in registers. -# It's impossible to have one that is optimal for every step, hence -# it's changing as algorithm progresses. Data is saved in linear order, -# but in-register order morphs between rounds. Even rounds take in -# linear layout, and odd rounds - transposed, or "verticaly-shaped"... -# -######################################################################## -# Numbers are cycles per processed byte out of large message. -# -# r=1088(*) -# -# Knights Landing 7.6 -# Skylake-X 5.7 -# -# (*) Corresponds to SHA3-256. - -######################################################################## -# Below code is combination of two ideas. One is taken from Keccak Code -# Package, hereafter KCP, and another one from initial version of this -# module. What is common is observation that Pi's input and output are -# "mostly transposed", i.e. if input is aligned by x coordinate, then -# output is [mostly] aligned by y. Both versions, KCP and predecessor, -# were trying to use one of them from round to round, which resulted in -# some kind of transposition in each round. This version still does -# transpose data, but only every second round. Another essential factor -# is that KCP transposition has to be performed with instructions that -# turned to be rather expensive on Knights Landing, both latency- and -# throughput-wise. Not to mention that some of them have to depend on -# each other. On the other hand initial version of this module was -# relying heavily on blend instructions. There were lots of them, -# resulting in higher instruction count, yet it performed better on -# Knights Landing, because processor can execute pair of them each -# cycle and they have minimal latency. This module is an attempt to -# bring best parts together:-) -# -# Coordinates below correspond to those in sha/keccak1600.c. Input -# layout is straight linear: -# -# [0][4] [0][3] [0][2] [0][1] [0][0] -# [1][4] [1][3] [1][2] [1][1] [1][0] -# [2][4] [2][3] [2][2] [2][1] [2][0] -# [3][4] [3][3] [3][2] [3][1] [3][0] -# [4][4] [4][3] [4][2] [4][1] [4][0] -# -# It's perfect for Theta, while Pi is reduced to intra-register -# permutations which yield layout perfect for Chi: -# -# [4][0] [3][0] [2][0] [1][0] [0][0] -# [4][1] [3][1] [2][1] [1][1] [0][1] -# [4][2] [3][2] [2][2] [1][2] [0][2] -# [4][3] [3][3] [2][3] [1][3] [0][3] -# [4][4] [3][4] [2][4] [1][4] [0][4] -# -# Now instead of performing full transposition and feeding it to next -# identical round, we perform kind of diagonal transposition to layout -# from initial version of this module, and make it suitable for Theta: -# -# [4][4] [3][3] [2][2] [1][1] [0][0]>4.3.2.1.0>[4][4] [3][3] [2][2] [1][1] [0][0] -# [4][0] [3][4] [2][3] [1][2] [0][1]>3.2.1.0.4>[3][4] [2][3] [1][2] [0][1] [4][0] -# [4][1] [3][0] [2][4] [1][3] [0][2]>2.1.0.4.3>[2][4] [1][3] [0][2] [4][1] [3][0] -# [4][2] [3][1] [2][0] [1][4] [0][3]>1.0.4.3.2>[1][4] [0][3] [4][2] [3][1] [2][0] -# [4][3] [3][2] [2][1] [1][0] [0][4]>0.4.3.2.1>[0][4] [4][3] [3][2] [2][1] [1][0] -# -# Now intra-register permutations yield initial [almost] straight -# linear layout: -# -# [4][4] [3][3] [2][2] [1][1] [0][0] -##[0][4] [0][3] [0][2] [0][1] [0][0] -# [3][4] [2][3] [1][2] [0][1] [4][0] -##[2][3] [2][2] [2][1] [2][0] [2][4] -# [2][4] [1][3] [0][2] [4][1] [3][0] -##[4][2] [4][1] [4][0] [4][4] [4][3] -# [1][4] [0][3] [4][2] [3][1] [2][0] -##[1][1] [1][0] [1][4] [1][3] [1][2] -# [0][4] [4][3] [3][2] [2][1] [1][0] -##[3][0] [3][4] [3][3] [3][2] [3][1] -# -# This means that odd round Chi is performed in less suitable layout, -# with a number of additional permutations. But overall it turned to be -# a win. Permutations are fastest possible on Knights Landing and they -# are laid down to be independent of each other. In the essence I traded -# 20 blend instructions for 3 permutations. The result is 13% faster -# than KCP on Skylake-X, and >40% on Knights Landing. -# -# As implied, data is loaded in straight linear order. Digits in -# variables' names represent coordinates of right-most element of -# loaded data chunk: - -my ($A00, # [0][4] [0][3] [0][2] [0][1] [0][0] - $A10, # [1][4] [1][3] [1][2] [1][1] [1][0] - $A20, # [2][4] [2][3] [2][2] [2][1] [2][0] - $A30, # [3][4] [3][3] [3][2] [3][1] [3][0] - $A40) = # [4][4] [4][3] [4][2] [4][1] [4][0] - map("%zmm$_",(0..4)); - -# We also need to map the magic order into offsets within structure: - -my @A_jagged = ([0,0], [0,1], [0,2], [0,3], [0,4], - [1,0], [1,1], [1,2], [1,3], [1,4], - [2,0], [2,1], [2,2], [2,3], [2,4], - [3,0], [3,1], [3,2], [3,3], [3,4], - [4,0], [4,1], [4,2], [4,3], [4,4]); - @A_jagged = map(8*($$_[0]*8+$$_[1]), @A_jagged); # ... and now linear - -my @T = map("%zmm$_",(5..12)); -my @Theta = map("%zmm$_",(33,13..16)); # invalid @Theta[0] is not typo -my @Pi0 = map("%zmm$_",(17..21)); -my @Rhotate0 = map("%zmm$_",(22..26)); -my @Rhotate1 = map("%zmm$_",(27..31)); - -my ($C00,$D00) = @T[0..1]; -my ($k00001,$k00010,$k00100,$k01000,$k10000,$k11111) = map("%k$_",(1..6)); - -$code.=<<___; -.text - -.type __KeccakF1600,\@function -.align 32 -__KeccakF1600: - lea iotas(%rip),%r10 - mov \$12,%eax - jmp .Loop_avx512 - -.align 32 -.Loop_avx512: - ######################################### Theta, even round - vmovdqa64 $A00,@T[0] # put aside original A00 - vpternlogq \$0x96,$A20,$A10,$A00 # and use it as "C00" - vpternlogq \$0x96,$A40,$A30,$A00 - - vprolq \$1,$A00,$D00 - vpermq $A00,@Theta[1],$A00 - vpermq $D00,@Theta[4],$D00 - - vpternlogq \$0x96,$A00,$D00,@T[0] # T[0] is original A00 - vpternlogq \$0x96,$A00,$D00,$A10 - vpternlogq \$0x96,$A00,$D00,$A20 - vpternlogq \$0x96,$A00,$D00,$A30 - vpternlogq \$0x96,$A00,$D00,$A40 - - ######################################### Rho - vprolvq @Rhotate0[0],@T[0],$A00 # T[0] is original A00 - vprolvq @Rhotate0[1],$A10,$A10 - vprolvq @Rhotate0[2],$A20,$A20 - vprolvq @Rhotate0[3],$A30,$A30 - vprolvq @Rhotate0[4],$A40,$A40 - - ######################################### Pi - vpermq $A00,@Pi0[0],$A00 - vpermq $A10,@Pi0[1],$A10 - vpermq $A20,@Pi0[2],$A20 - vpermq $A30,@Pi0[3],$A30 - vpermq $A40,@Pi0[4],$A40 - - ######################################### Chi - vmovdqa64 $A00,@T[0] - vmovdqa64 $A10,@T[1] - vpternlogq \$0xD2,$A20,$A10,$A00 - vpternlogq \$0xD2,$A30,$A20,$A10 - vpternlogq \$0xD2,$A40,$A30,$A20 - vpternlogq \$0xD2,@T[0],$A40,$A30 - vpternlogq \$0xD2,@T[1],@T[0],$A40 - - ######################################### Iota - vpxorq (%r10),$A00,${A00}{$k00001} - lea 16(%r10),%r10 - - ######################################### Harmonize rounds - vpblendmq $A20,$A10,@{T[1]}{$k00010} - vpblendmq $A30,$A20,@{T[2]}{$k00010} - vpblendmq $A40,$A30,@{T[3]}{$k00010} - vpblendmq $A10,$A00,@{T[0]}{$k00010} - vpblendmq $A00,$A40,@{T[4]}{$k00010} - - vpblendmq $A30,@T[1],@{T[1]}{$k00100} - vpblendmq $A40,@T[2],@{T[2]}{$k00100} - vpblendmq $A20,@T[0],@{T[0]}{$k00100} - vpblendmq $A00,@T[3],@{T[3]}{$k00100} - vpblendmq $A10,@T[4],@{T[4]}{$k00100} - - vpblendmq $A40,@T[1],@{T[1]}{$k01000} - vpblendmq $A30,@T[0],@{T[0]}{$k01000} - vpblendmq $A00,@T[2],@{T[2]}{$k01000} - vpblendmq $A10,@T[3],@{T[3]}{$k01000} - vpblendmq $A20,@T[4],@{T[4]}{$k01000} - - vpblendmq $A40,@T[0],@{T[0]}{$k10000} - vpblendmq $A00,@T[1],@{T[1]}{$k10000} - vpblendmq $A10,@T[2],@{T[2]}{$k10000} - vpblendmq $A20,@T[3],@{T[3]}{$k10000} - vpblendmq $A30,@T[4],@{T[4]}{$k10000} - - #vpermq @T[0],@Theta[0],$A00 # doesn't actually change order - vpermq @T[1],@Theta[1],$A10 - vpermq @T[2],@Theta[2],$A20 - vpermq @T[3],@Theta[3],$A30 - vpermq @T[4],@Theta[4],$A40 - - ######################################### Theta, odd round - vmovdqa64 $T[0],$A00 # real A00 - vpternlogq \$0x96,$A20,$A10,$C00 # C00 is @T[0]'s alias - vpternlogq \$0x96,$A40,$A30,$C00 - - vprolq \$1,$C00,$D00 - vpermq $C00,@Theta[1],$C00 - vpermq $D00,@Theta[4],$D00 - - vpternlogq \$0x96,$C00,$D00,$A00 - vpternlogq \$0x96,$C00,$D00,$A30 - vpternlogq \$0x96,$C00,$D00,$A10 - vpternlogq \$0x96,$C00,$D00,$A40 - vpternlogq \$0x96,$C00,$D00,$A20 - - ######################################### Rho - vprolvq @Rhotate1[0],$A00,$A00 - vprolvq @Rhotate1[3],$A30,@T[1] - vprolvq @Rhotate1[1],$A10,@T[2] - vprolvq @Rhotate1[4],$A40,@T[3] - vprolvq @Rhotate1[2],$A20,@T[4] - - vpermq $A00,@Theta[4],@T[5] - vpermq $A00,@Theta[3],@T[6] - - ######################################### Iota - vpxorq -8(%r10),$A00,${A00}{$k00001} - - ######################################### Pi - vpermq @T[1],@Theta[2],$A10 - vpermq @T[2],@Theta[4],$A20 - vpermq @T[3],@Theta[1],$A30 - vpermq @T[4],@Theta[3],$A40 - - ######################################### Chi - vpternlogq \$0xD2,@T[6],@T[5],$A00 - - vpermq @T[1],@Theta[1],@T[7] - #vpermq @T[1],@Theta[0],@T[1] - vpternlogq \$0xD2,@T[1],@T[7],$A10 - - vpermq @T[2],@Theta[3],@T[0] - vpermq @T[2],@Theta[2],@T[2] - vpternlogq \$0xD2,@T[2],@T[0],$A20 - - #vpermq @T[3],@Theta[0],@T[3] - vpermq @T[3],@Theta[4],@T[1] - vpternlogq \$0xD2,@T[1],@T[3],$A30 - - vpermq @T[4],@Theta[2],@T[0] - vpermq @T[4],@Theta[1],@T[4] - vpternlogq \$0xD2,@T[4],@T[0],$A40 - - dec %eax - jnz .Loop_avx512 - - ret -.size __KeccakF1600,.-__KeccakF1600 -___ - -my ($A_flat,$inp,$len,$bsz) = ("%rdi","%rsi","%rdx","%rcx"); -my $out = $inp; # in squeeze - -$code.=<<___; -.globl SHA3_absorb -.type SHA3_absorb,\@function -.align 32 -SHA3_absorb: - mov %rsp,%r11 - - lea -320(%rsp),%rsp - and \$-64,%rsp - - lea 96($A_flat),$A_flat - lea 96($inp),$inp - lea 128(%rsp),%r9 - - lea theta_perm(%rip),%r8 - - kxnorw $k11111,$k11111,$k11111 - kshiftrw \$15,$k11111,$k00001 - kshiftrw \$11,$k11111,$k11111 - kshiftlw \$1,$k00001,$k00010 - kshiftlw \$2,$k00001,$k00100 - kshiftlw \$3,$k00001,$k01000 - kshiftlw \$4,$k00001,$k10000 - - #vmovdqa64 64*0(%r8),@Theta[0] - vmovdqa64 64*1(%r8),@Theta[1] - vmovdqa64 64*2(%r8),@Theta[2] - vmovdqa64 64*3(%r8),@Theta[3] - vmovdqa64 64*4(%r8),@Theta[4] - - vmovdqa64 64*5(%r8),@Rhotate1[0] - vmovdqa64 64*6(%r8),@Rhotate1[1] - vmovdqa64 64*7(%r8),@Rhotate1[2] - vmovdqa64 64*8(%r8),@Rhotate1[3] - vmovdqa64 64*9(%r8),@Rhotate1[4] - - vmovdqa64 64*10(%r8),@Rhotate0[0] - vmovdqa64 64*11(%r8),@Rhotate0[1] - vmovdqa64 64*12(%r8),@Rhotate0[2] - vmovdqa64 64*13(%r8),@Rhotate0[3] - vmovdqa64 64*14(%r8),@Rhotate0[4] - - vmovdqa64 64*15(%r8),@Pi0[0] - vmovdqa64 64*16(%r8),@Pi0[1] - vmovdqa64 64*17(%r8),@Pi0[2] - vmovdqa64 64*18(%r8),@Pi0[3] - vmovdqa64 64*19(%r8),@Pi0[4] - - vmovdqu64 40*0-96($A_flat),${A00}{$k11111}{z} - vpxorq @T[0],@T[0],@T[0] - vmovdqu64 40*1-96($A_flat),${A10}{$k11111}{z} - vmovdqu64 40*2-96($A_flat),${A20}{$k11111}{z} - vmovdqu64 40*3-96($A_flat),${A30}{$k11111}{z} - vmovdqu64 40*4-96($A_flat),${A40}{$k11111}{z} - - vmovdqa64 @T[0],0*64-128(%r9) # zero transfer area on stack - vmovdqa64 @T[0],1*64-128(%r9) - vmovdqa64 @T[0],2*64-128(%r9) - vmovdqa64 @T[0],3*64-128(%r9) - vmovdqa64 @T[0],4*64-128(%r9) - jmp .Loop_absorb_avx512 - -.align 32 -.Loop_absorb_avx512: - mov $bsz,%rax - sub $bsz,$len - jc .Ldone_absorb_avx512 - - shr \$3,%eax -___ -for(my $i=0; $i<25; $i++) { -$code.=<<___ - mov 8*$i-96($inp),%r8 - mov %r8,$A_jagged[$i]-128(%r9) - dec %eax - jz .Labsorved_avx512 -___ -} -$code.=<<___; -.Labsorved_avx512: - lea ($inp,$bsz),$inp - - vpxorq 64*0-128(%r9),$A00,$A00 - vpxorq 64*1-128(%r9),$A10,$A10 - vpxorq 64*2-128(%r9),$A20,$A20 - vpxorq 64*3-128(%r9),$A30,$A30 - vpxorq 64*4-128(%r9),$A40,$A40 - - call __KeccakF1600 - - jmp .Loop_absorb_avx512 - -.align 32 -.Ldone_absorb_avx512: - vmovdqu64 $A00,40*0-96($A_flat){$k11111} - vmovdqu64 $A10,40*1-96($A_flat){$k11111} - vmovdqu64 $A20,40*2-96($A_flat){$k11111} - vmovdqu64 $A30,40*3-96($A_flat){$k11111} - vmovdqu64 $A40,40*4-96($A_flat){$k11111} - - vzeroupper - - lea (%r11),%rsp - lea ($len,$bsz),%rax # return value - ret -.size SHA3_absorb,.-SHA3_absorb - -.globl SHA3_squeeze -.type SHA3_squeeze,\@function -.align 32 -SHA3_squeeze: - mov %rsp,%r11 - - lea 96($A_flat),$A_flat - cmp $bsz,$len - jbe .Lno_output_extension_avx512 - - lea theta_perm(%rip),%r8 - - kxnorw $k11111,$k11111,$k11111 - kshiftrw \$15,$k11111,$k00001 - kshiftrw \$11,$k11111,$k11111 - kshiftlw \$1,$k00001,$k00010 - kshiftlw \$2,$k00001,$k00100 - kshiftlw \$3,$k00001,$k01000 - kshiftlw \$4,$k00001,$k10000 - - #vmovdqa64 64*0(%r8),@Theta[0] - vmovdqa64 64*1(%r8),@Theta[1] - vmovdqa64 64*2(%r8),@Theta[2] - vmovdqa64 64*3(%r8),@Theta[3] - vmovdqa64 64*4(%r8),@Theta[4] - - vmovdqa64 64*5(%r8),@Rhotate1[0] - vmovdqa64 64*6(%r8),@Rhotate1[1] - vmovdqa64 64*7(%r8),@Rhotate1[2] - vmovdqa64 64*8(%r8),@Rhotate1[3] - vmovdqa64 64*9(%r8),@Rhotate1[4] - - vmovdqa64 64*10(%r8),@Rhotate0[0] - vmovdqa64 64*11(%r8),@Rhotate0[1] - vmovdqa64 64*12(%r8),@Rhotate0[2] - vmovdqa64 64*13(%r8),@Rhotate0[3] - vmovdqa64 64*14(%r8),@Rhotate0[4] - - vmovdqa64 64*15(%r8),@Pi0[0] - vmovdqa64 64*16(%r8),@Pi0[1] - vmovdqa64 64*17(%r8),@Pi0[2] - vmovdqa64 64*18(%r8),@Pi0[3] - vmovdqa64 64*19(%r8),@Pi0[4] - - vmovdqu64 40*0-96($A_flat),${A00}{$k11111}{z} - vmovdqu64 40*1-96($A_flat),${A10}{$k11111}{z} - vmovdqu64 40*2-96($A_flat),${A20}{$k11111}{z} - vmovdqu64 40*3-96($A_flat),${A30}{$k11111}{z} - vmovdqu64 40*4-96($A_flat),${A40}{$k11111}{z} - -.Lno_output_extension_avx512: - shr \$3,$bsz - lea -96($A_flat),%r9 - mov $bsz,%rax - jmp .Loop_squeeze_avx512 - -.align 32 -.Loop_squeeze_avx512: - cmp \$8,$len - jb .Ltail_squeeze_avx512 - - mov (%r9),%r8 - lea 8(%r9),%r9 - mov %r8,($out) - lea 8($out),$out - sub \$8,$len # len -= 8 - jz .Ldone_squeeze_avx512 - - sub \$1,%rax # bsz-- - jnz .Loop_squeeze_avx512 - - #vpermq @Theta[4],@Theta[4],@Theta[3] - #vpermq @Theta[3],@Theta[4],@Theta[2] - #vpermq @Theta[3],@Theta[3],@Theta[1] - - call __KeccakF1600 - - vmovdqu64 $A00,40*0-96($A_flat){$k11111} - vmovdqu64 $A10,40*1-96($A_flat){$k11111} - vmovdqu64 $A20,40*2-96($A_flat){$k11111} - vmovdqu64 $A30,40*3-96($A_flat){$k11111} - vmovdqu64 $A40,40*4-96($A_flat){$k11111} - - lea -96($A_flat),%r9 - mov $bsz,%rax - jmp .Loop_squeeze_avx512 - -.Ltail_squeeze_avx512: - mov $out,%rdi - mov %r9,%rsi - mov $len,%rcx - .byte 0xf3,0xa4 # rep movsb - -.Ldone_squeeze_avx512: - vzeroupper - - lea (%r11),%rsp - ret -.size SHA3_squeeze,.-SHA3_squeeze - -.align 64 -theta_perm: - .quad 0, 1, 2, 3, 4, 5, 6, 7 # [not used] - .quad 4, 0, 1, 2, 3, 5, 6, 7 - .quad 3, 4, 0, 1, 2, 5, 6, 7 - .quad 2, 3, 4, 0, 1, 5, 6, 7 - .quad 1, 2, 3, 4, 0, 5, 6, 7 - -rhotates1: - .quad 0, 44, 43, 21, 14, 0, 0, 0 # [0][0] [1][1] [2][2] [3][3] [4][4] - .quad 18, 1, 6, 25, 8, 0, 0, 0 # [4][0] [0][1] [1][2] [2][3] [3][4] - .quad 41, 2, 62, 55, 39, 0, 0, 0 # [3][0] [4][1] [0][2] [1][3] [2][4] - .quad 3, 45, 61, 28, 20, 0, 0, 0 # [2][0] [3][1] [4][2] [0][3] [1][4] - .quad 36, 10, 15, 56, 27, 0, 0, 0 # [1][0] [2][1] [3][2] [4][3] [0][4] - -rhotates0: - .quad 0, 1, 62, 28, 27, 0, 0, 0 - .quad 36, 44, 6, 55, 20, 0, 0, 0 - .quad 3, 10, 43, 25, 39, 0, 0, 0 - .quad 41, 45, 15, 21, 8, 0, 0, 0 - .quad 18, 2, 61, 56, 14, 0, 0, 0 - -pi0_perm: - .quad 0, 3, 1, 4, 2, 5, 6, 7 - .quad 1, 4, 2, 0, 3, 5, 6, 7 - .quad 2, 0, 3, 1, 4, 5, 6, 7 - .quad 3, 1, 4, 2, 0, 5, 6, 7 - .quad 4, 2, 0, 3, 1, 5, 6, 7 - - -iotas: - .quad 0x0000000000000001 - .quad 0x0000000000008082 - .quad 0x800000000000808a - .quad 0x8000000080008000 - .quad 0x000000000000808b - .quad 0x0000000080000001 - .quad 0x8000000080008081 - .quad 0x8000000000008009 - .quad 0x000000000000008a - .quad 0x0000000000000088 - .quad 0x0000000080008009 - .quad 0x000000008000000a - .quad 0x000000008000808b - .quad 0x800000000000008b - .quad 0x8000000000008089 - .quad 0x8000000000008003 - .quad 0x8000000000008002 - .quad 0x8000000000000080 - .quad 0x000000000000800a - .quad 0x800000008000000a - .quad 0x8000000080008081 - .quad 0x8000000000008080 - .quad 0x0000000080000001 - .quad 0x8000000080008008 - -.asciz "Keccak-1600 absorb and squeeze for AVX-512F, CRYPTOGAMS by " -___ - -$output=pop and open STDOUT,">$output"; -print $code; -close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/sha/asm/keccak1600-avx512vl.pl b/crypto/sha/asm/keccak1600-avx512vl.pl deleted file mode 100755 index 73e75f363f2041872bed3fea80a900f8711ecfb9..0000000000000000000000000000000000000000 --- a/crypto/sha/asm/keccak1600-avx512vl.pl +++ /dev/null @@ -1,391 +0,0 @@ -#!/usr/bin/env perl -# Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html -# -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# ==================================================================== -# -# Keccak-1600 for AVX512VL. -# -# December 2017. -# -# This is an adaptation of AVX2 module that reuses register data -# layout, but utilizes new 256-bit AVX512VL instructions. See AVX2 -# module for further information on layout. -# -######################################################################## -# Numbers are cycles per processed byte out of large message. -# -# r=1088(*) -# -# Skylake-X 6.4/+47% -# -# (*) Corresponds to SHA3-256. Percentage after slash is improvement -# coefficient in comparison to scalar keccak1600-x86_64.pl. - -# Digits in variables' names denote right-most coordinates: - -my ($A00, # [0][0] [0][0] [0][0] [0][0] # %ymm0 - $A01, # [0][4] [0][3] [0][2] [0][1] # %ymm1 - $A20, # [3][0] [1][0] [4][0] [2][0] # %ymm2 - $A31, # [2][4] [4][3] [1][2] [3][1] # %ymm3 - $A21, # [3][4] [1][3] [4][2] [2][1] # %ymm4 - $A41, # [1][4] [2][3] [3][2] [4][1] # %ymm5 - $A11) = # [4][4] [3][3] [2][2] [1][1] # %ymm6 - map("%ymm$_",(0..6)); - -# We also need to map the magic order into offsets within structure: - -my @A_jagged = ([0,0], [1,0], [1,1], [1,2], [1,3], # [0][0..4] - [2,2], [6,0], [3,1], [4,2], [5,3], # [1][0..4] - [2,0], [4,0], [6,1], [5,2], [3,3], # [2][0..4] - [2,3], [3,0], [5,1], [6,2], [4,3], # [3][0..4] - [2,1], [5,0], [4,1], [3,2], [6,3]); # [4][0..4] - @A_jagged = map(8*($$_[0]*4+$$_[1]), @A_jagged); # ... and now linear - -my @T = map("%ymm$_",(7..15)); -my ($C14,$C00,$D00,$D14) = @T[5..8]; -my ($R20,$R01,$R31,$R21,$R41,$R11) = map("%ymm$_",(16..21)); - -$code.=<<___; -.text - -.type __KeccakF1600,\@function -.align 32 -__KeccakF1600: - lea iotas(%rip),%r10 - mov \$24,%eax - jmp .Loop_avx512vl - -.align 32 -.Loop_avx512vl: - ######################################### Theta - vpshufd \$0b01001110,$A20,$C00 - vpxor $A31,$A41,$C14 - vpxor $A11,$A21,@T[2] - vpternlogq \$0x96,$A01,$T[2],$C14 # C[1..4] - - vpxor $A20,$C00,$C00 - vpermq \$0b01001110,$C00,@T[0] - - vpermq \$0b10010011,$C14,@T[4] - vprolq \$1,$C14,@T[1] # ROL64(C[1..4],1) - - vpermq \$0b00111001,@T[1],$D14 - vpxor @T[4],@T[1],$D00 - vpermq \$0b00000000,$D00,$D00 # D[0..0] = ROL64(C[1],1) ^ C[4] - - vpternlogq \$0x96,@T[0],$A00,$C00 # C[0..0] - vprolq \$1,$C00,@T[1] # ROL64(C[0..0],1) - - vpxor $D00,$A00,$A00 # ^= D[0..0] - - vpblendd \$0b11000000,@T[1],$D14,$D14 - vpblendd \$0b00000011,$C00,@T[4],@T[0] - - ######################################### Rho + Pi + pre-Chi shuffle - vpxor $D00,$A20,$A20 # ^= D[0..0] from Theta - vprolvq $R20,$A20,$A20 - - vpternlogq \$0x96,@T[0],$D14,$A31 # ^= D[1..4] from Theta - vprolvq $R31,$A31,$A31 - - vpternlogq \$0x96,@T[0],$D14,$A21 # ^= D[1..4] from Theta - vprolvq $R21,$A21,$A21 - - vpternlogq \$0x96,@T[0],$D14,$A41 # ^= D[1..4] from Theta - vprolvq $R41,$A41,$A41 - - vpermq \$0b10001101,$A20,@T[3] # $A20 -> future $A31 - vpermq \$0b10001101,$A31,@T[4] # $A31 -> future $A21 - vpternlogq \$0x96,@T[0],$D14,$A11 # ^= D[1..4] from Theta - vprolvq $R11,$A11,@T[1] # $A11 -> future $A01 - - vpermq \$0b00011011,$A21,@T[5] # $A21 -> future $A41 - vpermq \$0b01110010,$A41,@T[6] # $A41 -> future $A11 - vpternlogq \$0x96,@T[0],$D14,$A01 # ^= D[1..4] from Theta - vprolvq $R01,$A01,@T[2] # $A01 -> future $A20 - - ######################################### Chi - vpblendd \$0b00001100,@T[6],@T[2],$A31 # [4][4] [2][0] - vpblendd \$0b00001100,@T[2],@T[4],@T[8] # [4][0] [2][1] - vpblendd \$0b00001100,@T[4],@T[3],$A41 # [4][2] [2][4] - vpblendd \$0b00001100,@T[3],@T[2],@T[7] # [4][3] [2][0] - vpblendd \$0b00110000,@T[4],$A31,$A31 # [1][3] [4][4] [2][0] - vpblendd \$0b00110000,@T[5],@T[8],@T[8] # [1][4] [4][0] [2][1] - vpblendd \$0b00110000,@T[2],$A41,$A41 # [1][0] [4][2] [2][4] - vpblendd \$0b00110000,@T[6],@T[7],@T[7] # [1][1] [4][3] [2][0] - vpblendd \$0b11000000,@T[5],$A31,$A31 # [3][2] [1][3] [4][4] [2][0] - vpblendd \$0b11000000,@T[6],@T[8],@T[8] # [3][3] [1][4] [4][0] [2][1] - vpblendd \$0b11000000,@T[6],$A41,$A41 # [3][3] [1][0] [4][2] [2][4] - vpblendd \$0b11000000,@T[4],@T[7],@T[7] # [3][4] [1][1] [4][3] [2][0] - vpternlogq \$0xC6,@T[8],@T[3],$A31 # [3][1] [1][2] [4][3] [2][4] - vpternlogq \$0xC6,@T[7],@T[5],$A41 # [3][2] [1][4] [4][1] [2][3] - - vpsrldq \$8,@T[1],@T[0] - vpandn @T[0],@T[1],@T[0] # tgting [0][0] [0][0] [0][0] [0][0] - - vpblendd \$0b00001100,@T[2],@T[5],$A11 # [4][0] [2][3] - vpblendd \$0b00001100,@T[5],@T[3],@T[8] # [4][1] [2][4] - vpblendd \$0b00110000,@T[3],$A11,$A11 # [1][2] [4][0] [2][3] - vpblendd \$0b00110000,@T[4],@T[8],@T[8] # [1][3] [4][1] [2][4] - vpblendd \$0b11000000,@T[4],$A11,$A11 # [3][4] [1][2] [4][0] [2][3] - vpblendd \$0b11000000,@T[2],@T[8],@T[8] # [3][0] [1][3] [4][1] [2][4] - vpternlogq \$0xC6,@T[8],@T[6],$A11 # [3][3] [1][1] [4][4] [2][2] - - vpermq \$0b00011110,@T[1],$A21 # [0][1] [0][2] [0][4] [0][3] - vpblendd \$0b00110000,$A00,$A21,@T[8] # [0][1] [0][0] [0][4] [0][3] - vpermq \$0b00111001,@T[1],$A01 # [0][1] [0][4] [0][3] [0][2] - vpblendd \$0b11000000,$A00,$A01,$A01 # [0][0] [0][4] [0][3] [0][2] - - vpblendd \$0b00001100,@T[5],@T[4],$A20 # [4][1] [2][1] - vpblendd \$0b00001100,@T[4],@T[6],@T[7] # [4][2] [2][2] - vpblendd \$0b00110000,@T[6],$A20,$A20 # [1][1] [4][1] [2][1] - vpblendd \$0b00110000,@T[3],@T[7],@T[7] # [1][2] [4][2] [2][2] - vpblendd \$0b11000000,@T[3],$A20,$A20 # [3][1] [1][1] [4][1] [2][1] - vpblendd \$0b11000000,@T[5],@T[7],@T[7] # [3][2] [1][2] [4][2] [2][2] - vpternlogq \$0xC6,@T[7],@T[2],$A20 # [3][0] [1][0] [4][0] [2][0] - - vpermq \$0b00000000,@T[0],@T[0] # [0][0] [0][0] [0][0] [0][0] - vpermq \$0b00011011,$A31,$A31 # post-Chi shuffle - vpermq \$0b10001101,$A41,$A41 - vpermq \$0b01110010,$A11,$A11 - - vpblendd \$0b00001100,@T[3],@T[6],$A21 # [4][3] [2][2] - vpblendd \$0b00001100,@T[6],@T[5],@T[7] # [4][4] [2][3] - vpblendd \$0b00110000,@T[5],$A21,$A21 # [1][4] [4][3] [2][2] - vpblendd \$0b00110000,@T[2],@T[7],@T[7] # [1][0] [4][4] [2][3] - vpblendd \$0b11000000,@T[2],$A21,$A21 # [3][0] [1][4] [4][3] [2][2] - vpblendd \$0b11000000,@T[3],@T[7],@T[7] # [3][1] [1][0] [4][4] [2][3] - - vpternlogq \$0xC6,@T[8],@T[1],$A01 # [0][4] [0][3] [0][2] [0][1] - vpternlogq \$0xC6,@T[7],@T[4],$A21 # [3][4] [1][3] [4][2] [2][1] - - ######################################### Iota - vpternlogq \$0x96,(%r10),@T[0],$A00 - lea 32(%r10),%r10 - - dec %eax - jnz .Loop_avx512vl - - ret -.size __KeccakF1600,.-__KeccakF1600 -___ -my ($A_flat,$inp,$len,$bsz) = ("%rdi","%rsi","%rdx","%rcx"); -my $out = $inp; # in squeeze - -$code.=<<___; -.globl SHA3_absorb -.type SHA3_absorb,\@function -.align 32 -SHA3_absorb: - mov %rsp,%r11 - - lea -240(%rsp),%rsp - and \$-32,%rsp - - lea 96($A_flat),$A_flat - lea 96($inp),$inp - lea 96(%rsp),%r10 - lea rhotates_left(%rip),%r8 - - vzeroupper - - vpbroadcastq -96($A_flat),$A00 # load A[5][5] - vmovdqu 8+32*0-96($A_flat),$A01 - vmovdqu 8+32*1-96($A_flat),$A20 - vmovdqu 8+32*2-96($A_flat),$A31 - vmovdqu 8+32*3-96($A_flat),$A21 - vmovdqu 8+32*4-96($A_flat),$A41 - vmovdqu 8+32*5-96($A_flat),$A11 - - vmovdqa64 0*32(%r8),$R20 # load "rhotate" indices - vmovdqa64 1*32(%r8),$R01 - vmovdqa64 2*32(%r8),$R31 - vmovdqa64 3*32(%r8),$R21 - vmovdqa64 4*32(%r8),$R41 - vmovdqa64 5*32(%r8),$R11 - - vpxor @T[0],@T[0],@T[0] - vmovdqa @T[0],32*2-96(%r10) # zero transfer area on stack - vmovdqa @T[0],32*3-96(%r10) - vmovdqa @T[0],32*4-96(%r10) - vmovdqa @T[0],32*5-96(%r10) - vmovdqa @T[0],32*6-96(%r10) - -.Loop_absorb_avx512vl: - mov $bsz,%rax - sub $bsz,$len - jc .Ldone_absorb_avx512vl - - shr \$3,%eax - vpbroadcastq 0-96($inp),@T[0] - vmovdqu 8-96($inp),@T[1] - sub \$4,%eax -___ -for(my $i=5; $i<25; $i++) { -$code.=<<___ - dec %eax - jz .Labsorved_avx512vl - mov 8*$i-96($inp),%r8 - mov %r8,$A_jagged[$i]-96(%r10) -___ -} -$code.=<<___; -.Labsorved_avx512vl: - lea ($inp,$bsz),$inp - - vpxor @T[0],$A00,$A00 - vpxor @T[1],$A01,$A01 - vpxor 32*2-96(%r10),$A20,$A20 - vpxor 32*3-96(%r10),$A31,$A31 - vpxor 32*4-96(%r10),$A21,$A21 - vpxor 32*5-96(%r10),$A41,$A41 - vpxor 32*6-96(%r10),$A11,$A11 - - call __KeccakF1600 - - lea 96(%rsp),%r10 - jmp .Loop_absorb_avx512vl - -.Ldone_absorb_avx512vl: - vmovq %xmm0,-96($A_flat) - vmovdqu $A01,8+32*0-96($A_flat) - vmovdqu $A20,8+32*1-96($A_flat) - vmovdqu $A31,8+32*2-96($A_flat) - vmovdqu $A21,8+32*3-96($A_flat) - vmovdqu $A41,8+32*4-96($A_flat) - vmovdqu $A11,8+32*5-96($A_flat) - - vzeroupper - - lea (%r11),%rsp - lea ($len,$bsz),%rax # return value - ret -.size SHA3_absorb,.-SHA3_absorb - -.globl SHA3_squeeze -.type SHA3_squeeze,\@function -.align 32 -SHA3_squeeze: - mov %rsp,%r11 - - lea 96($A_flat),$A_flat - lea rhotates_left(%rip),%r8 - shr \$3,$bsz - - vzeroupper - - vpbroadcastq -96($A_flat),$A00 - vpxor @T[0],@T[0],@T[0] - vmovdqu 8+32*0-96($A_flat),$A01 - vmovdqu 8+32*1-96($A_flat),$A20 - vmovdqu 8+32*2-96($A_flat),$A31 - vmovdqu 8+32*3-96($A_flat),$A21 - vmovdqu 8+32*4-96($A_flat),$A41 - vmovdqu 8+32*5-96($A_flat),$A11 - - vmovdqa64 0*32(%r8),$R20 # load "rhotate" indices - vmovdqa64 1*32(%r8),$R01 - vmovdqa64 2*32(%r8),$R31 - vmovdqa64 3*32(%r8),$R21 - vmovdqa64 4*32(%r8),$R41 - vmovdqa64 5*32(%r8),$R11 - - mov $bsz,%rax - -.Loop_squeeze_avx512vl: - mov @A_jagged[$i]-96($A_flat),%r8 -___ -for (my $i=0; $i<25; $i++) { -$code.=<<___; - sub \$8,$len - jc .Ltail_squeeze_avx512vl - mov %r8,($out) - lea 8($out),$out - je .Ldone_squeeze_avx512vl - dec %eax - je .Lextend_output_avx512vl - mov @A_jagged[$i+1]-120($A_flat),%r8 -___ -} -$code.=<<___; -.Lextend_output_avx512vl: - call __KeccakF1600 - - vmovq %xmm0,-96($A_flat) - vmovdqu $A01,8+32*0-96($A_flat) - vmovdqu $A20,8+32*1-96($A_flat) - vmovdqu $A31,8+32*2-96($A_flat) - vmovdqu $A21,8+32*3-96($A_flat) - vmovdqu $A41,8+32*4-96($A_flat) - vmovdqu $A11,8+32*5-96($A_flat) - - mov $bsz,%rax - jmp .Loop_squeeze_avx512vl - - -.Ltail_squeeze_avx512vl: - add \$8,$len -.Loop_tail_avx512vl: - mov %r8b,($out) - lea 1($out),$out - shr \$8,%r8 - dec $len - jnz .Loop_tail_avx512vl - -.Ldone_squeeze_avx512vl: - vzeroupper - - lea (%r11),%rsp - ret -.size SHA3_squeeze,.-SHA3_squeeze - -.align 64 -rhotates_left: - .quad 3, 18, 36, 41 # [2][0] [4][0] [1][0] [3][0] - .quad 1, 62, 28, 27 # [0][1] [0][2] [0][3] [0][4] - .quad 45, 6, 56, 39 # [3][1] [1][2] [4][3] [2][4] - .quad 10, 61, 55, 8 # [2][1] [4][2] [1][3] [3][4] - .quad 2, 15, 25, 20 # [4][1] [3][2] [2][3] [1][4] - .quad 44, 43, 21, 14 # [1][1] [2][2] [3][3] [4][4] -iotas: - .quad 0x0000000000000001, 0x0000000000000001, 0x0000000000000001, 0x0000000000000001 - .quad 0x0000000000008082, 0x0000000000008082, 0x0000000000008082, 0x0000000000008082 - .quad 0x800000000000808a, 0x800000000000808a, 0x800000000000808a, 0x800000000000808a - .quad 0x8000000080008000, 0x8000000080008000, 0x8000000080008000, 0x8000000080008000 - .quad 0x000000000000808b, 0x000000000000808b, 0x000000000000808b, 0x000000000000808b - .quad 0x0000000080000001, 0x0000000080000001, 0x0000000080000001, 0x0000000080000001 - .quad 0x8000000080008081, 0x8000000080008081, 0x8000000080008081, 0x8000000080008081 - .quad 0x8000000000008009, 0x8000000000008009, 0x8000000000008009, 0x8000000000008009 - .quad 0x000000000000008a, 0x000000000000008a, 0x000000000000008a, 0x000000000000008a - .quad 0x0000000000000088, 0x0000000000000088, 0x0000000000000088, 0x0000000000000088 - .quad 0x0000000080008009, 0x0000000080008009, 0x0000000080008009, 0x0000000080008009 - .quad 0x000000008000000a, 0x000000008000000a, 0x000000008000000a, 0x000000008000000a - .quad 0x000000008000808b, 0x000000008000808b, 0x000000008000808b, 0x000000008000808b - .quad 0x800000000000008b, 0x800000000000008b, 0x800000000000008b, 0x800000000000008b - .quad 0x8000000000008089, 0x8000000000008089, 0x8000000000008089, 0x8000000000008089 - .quad 0x8000000000008003, 0x8000000000008003, 0x8000000000008003, 0x8000000000008003 - .quad 0x8000000000008002, 0x8000000000008002, 0x8000000000008002, 0x8000000000008002 - .quad 0x8000000000000080, 0x8000000000000080, 0x8000000000000080, 0x8000000000000080 - .quad 0x000000000000800a, 0x000000000000800a, 0x000000000000800a, 0x000000000000800a - .quad 0x800000008000000a, 0x800000008000000a, 0x800000008000000a, 0x800000008000000a - .quad 0x8000000080008081, 0x8000000080008081, 0x8000000080008081, 0x8000000080008081 - .quad 0x8000000000008080, 0x8000000000008080, 0x8000000000008080, 0x8000000000008080 - .quad 0x0000000080000001, 0x0000000080000001, 0x0000000080000001, 0x0000000080000001 - .quad 0x8000000080008008, 0x8000000080008008, 0x8000000080008008, 0x8000000080008008 - -.asciz "Keccak-1600 absorb and squeeze for AVX512VL, CRYPTOGAMS by " -___ - -$output=pop and open STDOUT,">$output"; -print $code; -close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/sha/asm/keccak1600-c64x.pl b/crypto/sha/asm/keccak1600-c64x.pl deleted file mode 100755 index 0a9dec85c29906cd7fe07615a04e7206d50fc928..0000000000000000000000000000000000000000 --- a/crypto/sha/asm/keccak1600-c64x.pl +++ /dev/null @@ -1,884 +0,0 @@ -#!/usr/bin/env perl -# Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html -# -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# ==================================================================== -# -# [ABI- and endian-neutral] Keccak-1600 for C64x. -# -# June 2017. -# -# This is straightforward KECCAK_1X_ALT variant (see sha/keccak1600.c) -# with bit interleaving. 64-bit values are simply split between A- and -# B-files, with A-file holding least significant halves. This works -# out perfectly, because all operations including cross-communications -# [in rotate operations] are always complementary. Performance is -# [incredible for a 32-bit processor] 10.9 cycles per processed byte -# for r=1088, which corresponds to SHA3-256. This is >15x faster than -# compiler-generated KECCAK_1X_ALT code, and >10x than other variants. -# On average processor ends up issuing ~4.5 instructions per cycle... - -my @A = map([ $_, ($_+1), ($_+2), ($_+3), ($_+4) ], (5,10,16,21,26)); - $A[1][4] = 31; # B14 is reserved, A14 is used as iota[] - ($A[3][0],$A[4][1]) = ($A[4][1],$A[3][0]); -my @C = (0..4,$A[3][0],$A[4][0]); -my $iotas = "A14"; - -my @rhotates = ([ 0, 1, 62, 28, 27 ], - [ 36, 44, 6, 55, 20 ], - [ 3, 10, 43, 25, 39 ], - [ 41, 45, 15, 21, 8 ], - [ 18, 2, 61, 56, 14 ]); - -sub ROL64 { - my ($src,$rot,$dst,$p) = @_; - - if ($rot&1) { -$code.=<<___; -$p ROTL B$src,$rot/2+1,A$dst -|| ROTL A$src,$rot/2, B$dst -___ - } else { -$code.=<<___; -$p ROTL A$src,$rot/2,A$dst -|| ROTL B$src,$rot/2,B$dst -___ - } -} - -######################################################################## -# Stack frame layout -# -# SP--->+------+------+ -# | | | -# +1--->+------+------+<- -9 below 4 slots are used by KeccakF1600_int -# | | | -# +2--->+------+------+<- -8 -# | | | -# +3--->+------+------+<- -7 -# | A2 | A3 | A3:A2 are preserved by KeccakF1600_int -# +4--->+------+------+<- -6 -# | B2 | B3 | B3:B2 are preserved by KeccakF1600_int -# +5--->+------+------+<- -5 below is ABI-compliant layout -# | A10 | A11 | -# +6--->+------+------+<- -4 -# | A12 | A13 | -# +7--->+------+------+<- -3 -# | A14 | B3 | -# +8--->+------+------+<- -2 -# | B10 | B11 | -# +9--->+------+------+<- -1 -# | B12 | B13 | -# +------+------+<---FP -# | A15 | -# +------+-- - -$code.=<<___; - .text - - .if .ASSEMBLER_VERSION<7000000 - .asg 0,__TI_EABI__ - .endif - .if __TI_EABI__ - .nocmp - .asg KeccakF1600,_KeccakF1600 - .asg SHA3_absorb,_SHA3_absorb - .asg SHA3_squeeze,_SHA3_squeeze - .endif - - .asg B3,RA - .asg A15,FP - .asg B15,SP - - .align 32 -_KeccakF1600_int: - .asmfunc - STDW A3:A2,*FP[-7] -|| STDW B3:B2,*SP[4] -_KeccakF1600_cheat: - .if __TI_EABI__ - ADDKPC _KeccakF1600_int,B0 -|| MVKL \$PCR_OFFSET(iotas,_KeccakF1600_int),$iotas - MVKH \$PCR_OFFSET(iotas,_KeccakF1600_int),$iotas - .else - ADDKPC _KeccakF1600_int,B0 -|| MVKL (iotas-_KeccakF1600_int),$iotas - MVKH (iotas-_KeccakF1600_int),$iotas - .endif - ADD B0,$iotas,$iotas -loop?: - XOR A$A[0][2],A$A[1][2],A$C[2] ; Theta -|| XOR B$A[0][2],B$A[1][2],B$C[2] -|| XOR A$A[0][3],A$A[1][3],A$C[3] -|| XOR B$A[0][3],B$A[1][3],B$C[3] -|| XOR A$A[0][0],A$A[1][0],A$C[0] -|| XOR B$A[0][0],B$A[1][0],B$C[0] - XOR A$A[2][2],A$C[2],A$C[2] -|| XOR B$A[2][2],B$C[2],B$C[2] -|| XOR A$A[2][3],A$C[3],A$C[3] -|| XOR B$A[2][3],B$C[3],B$C[3] -|| XOR A$A[2][0],A$C[0],A$C[0] -|| XOR B$A[2][0],B$C[0],B$C[0] - XOR A$A[3][2],A$C[2],A$C[2] -|| XOR B$A[3][2],B$C[2],B$C[2] -|| XOR A$A[3][3],A$C[3],A$C[3] -|| XOR B$A[3][3],B$C[3],B$C[3] -|| XOR A$A[3][0],A$C[0],A$C[0] -|| XOR B$A[3][0],B$C[0],B$C[0] - XOR A$A[4][2],A$C[2],A$C[2] -|| XOR B$A[4][2],B$C[2],B$C[2] -|| XOR A$A[4][3],A$C[3],A$C[3] -|| XOR B$A[4][3],B$C[3],B$C[3] -|| XOR A$A[4][0],A$C[0],A$C[0] -|| XOR B$A[4][0],B$C[0],B$C[0] - XOR A$A[0][4],A$A[1][4],A$C[4] -|| XOR B$A[0][4],B$A[1][4],B$C[4] -|| XOR A$A[0][1],A$A[1][1],A$C[1] -|| XOR B$A[0][1],B$A[1][1],B$C[1] -|| STDW A$A[3][0]:A$A[4][0],*SP[1] ; offload some data - STDW B$A[3][0]:B$A[4][0],*SP[2] -|| XOR A$A[2][4],A$C[4],A$C[4] -|| XOR B$A[2][4],B$C[4],B$C[4] -|| XOR A$A[2][1],A$C[1],A$C[1] -|| XOR B$A[2][1],B$C[1],B$C[1] -|| ROTL B$C[2],1,A$C[5] ; ROL64(C[2],1) -|| ROTL A$C[2],0,B$C[5] - XOR A$A[3][4],A$C[4],A$C[4] -|| XOR B$A[3][4],B$C[4],B$C[4] -|| XOR A$A[3][1],A$C[1],A$C[1] -|| XOR B$A[3][1],B$C[1],B$C[1] -|| ROTL B$C[3],1,A$C[6] ; ROL64(C[3],1) -|| ROTL A$C[3],0,B$C[6] - XOR A$A[4][4],A$C[4],A$C[4] -|| XOR B$A[4][4],B$C[4],B$C[4] -|| XOR A$A[4][1],A$C[1],A$C[1] -|| XOR B$A[4][1],B$C[1],B$C[1] -|| XOR A$C[0],A$C[5],A$C[5] ; C[0] ^ ROL64(C[2],1) -|| XOR B$C[0],B$C[5],B$C[5] - XOR A$C[5],A$A[0][1],A$A[0][1] -|| XOR B$C[5],B$A[0][1],B$A[0][1] -|| XOR A$C[5],A$A[1][1],A$A[1][1] -|| XOR B$C[5],B$A[1][1],B$A[1][1] -|| XOR A$C[5],A$A[2][1],A$A[2][1] -|| XOR B$C[5],B$A[2][1],B$A[2][1] - XOR A$C[5],A$A[3][1],A$A[3][1] -|| XOR B$C[5],B$A[3][1],B$A[3][1] -|| XOR A$C[5],A$A[4][1],A$A[4][1] -|| XOR B$C[5],B$A[4][1],B$A[4][1] -|| ROTL B$C[4],1,A$C[5] ; ROL64(C[4],1) -|| ROTL A$C[4],0,B$C[5] -|| XOR A$C[1],A$C[6],A$C[6] ; C[1] ^ ROL64(C[3],1) -|| XOR B$C[1],B$C[6],B$C[6] - XOR A$C[6],A$A[0][2],A$A[0][2] -|| XOR B$C[6],B$A[0][2],B$A[0][2] -|| XOR A$C[6],A$A[1][2],A$A[1][2] -|| XOR B$C[6],B$A[1][2],B$A[1][2] -|| XOR A$C[6],A$A[2][2],A$A[2][2] -|| XOR B$C[6],B$A[2][2],B$A[2][2] -|| ROTL B$C[1],1,A$C[1] ; ROL64(C[1],1) -|| ROTL A$C[1],0,B$C[1] - XOR A$C[6],A$A[3][2],A$A[3][2] -|| XOR B$C[6],B$A[3][2],B$A[3][2] -|| XOR A$C[6],A$A[4][2],A$A[4][2] -|| XOR B$C[6],B$A[4][2],B$A[4][2] -|| ROTL B$C[0],1,A$C[6] ; ROL64(C[0],1) -|| ROTL A$C[0],0,B$C[6] -|| XOR A$C[5],A$C[2],A$C[2] ; C[2] ^= ROL64(C[4],1) -|| XOR B$C[5],B$C[2],B$C[2] - XOR A$C[2],A$A[0][3],A$A[0][3] -|| XOR B$C[2],B$A[0][3],B$A[0][3] -|| XOR A$C[2],A$A[1][3],A$A[1][3] -|| XOR B$C[2],B$A[1][3],B$A[1][3] -|| XOR A$C[2],A$A[2][3],A$A[2][3] -|| XOR B$C[2],B$A[2][3],B$A[2][3] - XOR A$C[6],A$C[3],A$C[3] ; C[3] ^= ROL64(C[0],1) -|| XOR B$C[6],B$C[3],B$C[3] -|| LDDW *FP[-9],A$A[3][0]:A$A[4][0] ; restore offloaded data -|| LDDW *SP[2],B$A[3][0]:B$A[4][0] -|| XOR A$C[2],A$A[3][3],A$A[3][3] -|| XOR B$C[2],B$A[3][3],B$A[3][3] - XOR A$C[2],A$A[4][3],A$A[4][3] -|| XOR B$C[2],B$A[4][3],B$A[4][3] -|| XOR A$C[3],A$A[0][4],A$A[0][4] -|| XOR B$C[3],B$A[0][4],B$A[0][4] -|| XOR A$C[3],A$A[1][4],A$A[1][4] -|| XOR B$C[3],B$A[1][4],B$A[1][4] - XOR A$C[3],A$A[2][4],A$A[2][4] -|| XOR B$C[3],B$A[2][4],B$A[2][4] -|| XOR A$C[3],A$A[3][4],A$A[3][4] -|| XOR B$C[3],B$A[3][4],B$A[3][4] -|| XOR A$C[3],A$A[4][4],A$A[4][4] -|| XOR B$C[3],B$A[4][4],B$A[4][4] - XOR A$C[1],A$C[4],A$C[4] ; C[4] ^= ROL64(C[1],1) -|| XOR B$C[1],B$C[4],B$C[4] -|| MV A$A[0][1],A$C[1] ; Rho+Pi, "early start" -|| MV B$A[0][1],B$C[1] -___ - &ROL64 ($A[1][1],$rhotates[1][1],$A[0][1],"||"); -$code.=<<___; - XOR A$C[4],A$A[0][0],A$A[0][0] -|| XOR B$C[4],B$A[0][0],B$A[0][0] -|| XOR A$C[4],A$A[1][0],A$A[1][0] -|| XOR B$C[4],B$A[1][0],B$A[1][0] -|| MV A$A[0][3],A$C[3] -|| MV B$A[0][3],B$C[3] -___ - &ROL64 ($A[3][3],$rhotates[3][3],$A[0][3],"||"); -$code.=<<___; - XOR A$C[4],A$A[2][0],A$A[2][0] -|| XOR B$C[4],B$A[2][0],B$A[2][0] -|| XOR A$C[4],A$A[3][0],A$A[3][0] -|| XOR B$C[4],B$A[3][0],B$A[3][0] -|| MV A$A[0][2],A$C[2] -|| MV B$A[0][2],B$C[2] -___ - &ROL64 ($A[2][2],$rhotates[2][2],$A[0][2],"||"); -$code.=<<___; - XOR A$C[4],A$A[4][0],A$A[4][0] -|| XOR B$C[4],B$A[4][0],B$A[4][0] -|| MV A$A[0][4],A$C[4] -|| MV B$A[0][4],B$C[4] -___ - &ROL64 ($A[4][4],$rhotates[4][4],$A[0][4],"||"); - - &ROL64 ($A[1][4],$rhotates[1][4],$A[1][1]); -$code.=<<___; -|| LDW *${iotas}++[2],A$C[0] -___ - &ROL64 ($A[2][3],$rhotates[2][3],$A[2][2]); -$code.=<<___; -|| LDW *${iotas}[-1],B$C[0] -___ - &ROL64 ($A[3][2],$rhotates[3][2],$A[3][3]); - &ROL64 ($A[4][1],$rhotates[4][1],$A[4][4]); - - &ROL64 ($A[4][2],$rhotates[4][2],$A[1][4]); - &ROL64 ($A[3][4],$rhotates[3][4],$A[2][3]); - &ROL64 ($A[2][1],$rhotates[2][1],$A[3][2]); - &ROL64 ($A[1][3],$rhotates[1][3],$A[4][1]); - - &ROL64 ($A[2][4],$rhotates[2][4],$A[4][2]); - &ROL64 ($A[4][3],$rhotates[4][3],$A[3][4]); - &ROL64 ($A[1][2],$rhotates[1][2],$A[2][1]); - &ROL64 ($A[3][1],$rhotates[3][1],$A[1][3]); - - &ROL64 ($A[4][0],$rhotates[4][0],$A[2][4]); - &ROL64 ($A[3][0],$rhotates[3][0],$A[4][3]); - &ROL64 ($A[2][0],$rhotates[2][0],$A[1][2]); - &ROL64 ($A[1][0],$rhotates[1][0],$A[3][1]); - - #&ROL64 ($C[3], $rhotates[0][3],$A[1][0]); # moved below - &ROL64 ($C[1], $rhotates[0][1],$A[2][0]); - &ROL64 ($C[4], $rhotates[0][4],$A[3][0]); - &ROL64 ($C[2], $rhotates[0][2],$A[4][0]); -$code.=<<___; -|| ANDN A$A[0][2],A$A[0][1],A$C[4] ; Chi+Iota -|| ANDN B$A[0][2],B$A[0][1],B$C[4] -|| ANDN A$A[0][3],A$A[0][2],A$C[1] -|| ANDN B$A[0][3],B$A[0][2],B$C[1] -|| ANDN A$A[0][4],A$A[0][3],A$C[2] -|| ANDN B$A[0][4],B$A[0][3],B$C[2] -___ - &ROL64 ($C[3], $rhotates[0][3],$A[1][0]); -$code.=<<___; -|| ANDN A$A[0][0],A$A[0][4],A$C[3] -|| ANDN B$A[0][0],B$A[0][4],B$C[3] -|| XOR A$C[4],A$A[0][0],A$A[0][0] -|| XOR B$C[4],B$A[0][0],B$A[0][0] -|| ANDN A$A[0][1],A$A[0][0],A$C[4] -|| ANDN B$A[0][1],B$A[0][0],B$C[4] - XOR A$C[1],A$A[0][1],A$A[0][1] -|| XOR B$C[1],B$A[0][1],B$A[0][1] -|| XOR A$C[2],A$A[0][2],A$A[0][2] -|| XOR B$C[2],B$A[0][2],B$A[0][2] -|| XOR A$C[3],A$A[0][3],A$A[0][3] -|| XOR B$C[3],B$A[0][3],B$A[0][3] - XOR A$C[4],A$A[0][4],A$A[0][4] -|| XOR B$C[4],B$A[0][4],B$A[0][4] -|| XOR A$C[0],A$A[0][0],A$A[0][0] ; A[0][0] ^= iotas[i++]; -|| XOR B$C[0],B$A[0][0],B$A[0][0] -|| EXTU $iotas,24,24,A0 ; A0 is A$C[0], as we done? - - ANDN A$A[1][2],A$A[1][1],A$C[4] -|| ANDN B$A[1][2],B$A[1][1],B$C[4] -|| ANDN A$A[1][3],A$A[1][2],A$C[1] -|| ANDN B$A[1][3],B$A[1][2],B$C[1] -|| ANDN A$A[1][4],A$A[1][3],A$C[2] -|| ANDN B$A[1][4],B$A[1][3],B$C[2] - ANDN A$A[1][0],A$A[1][4],A$C[3] -|| ANDN B$A[1][0],B$A[1][4],B$C[3] -|| XOR A$C[4],A$A[1][0],A$A[1][0] -|| XOR B$C[4],B$A[1][0],B$A[1][0] -|| ANDN A$A[1][1],A$A[1][0],A$C[4] -|| ANDN B$A[1][1],B$A[1][0],B$C[4] - XOR A$C[1],A$A[1][1],A$A[1][1] -|| XOR B$C[1],B$A[1][1],B$A[1][1] -|| XOR A$C[2],A$A[1][2],A$A[1][2] -|| XOR B$C[2],B$A[1][2],B$A[1][2] -|| XOR A$C[3],A$A[1][3],A$A[1][3] -|| XOR B$C[3],B$A[1][3],B$A[1][3] - XOR A$C[4],A$A[1][4],A$A[1][4] -|| XOR B$C[4],B$A[1][4],B$A[1][4] - -|| ANDN A$A[2][2],A$A[2][1],A$C[4] -|| ANDN B$A[2][2],B$A[2][1],B$C[4] -|| ANDN A$A[2][3],A$A[2][2],A$C[1] -|| ANDN B$A[2][3],B$A[2][2],B$C[1] - ANDN A$A[2][4],A$A[2][3],A$C[2] -|| ANDN B$A[2][4],B$A[2][3],B$C[2] -|| ANDN A$A[2][0],A$A[2][4],A$C[3] -|| ANDN B$A[2][0],B$A[2][4],B$C[3] -|| XOR A$C[4],A$A[2][0],A$A[2][0] -|| XOR B$C[4],B$A[2][0],B$A[2][0] - ANDN A$A[2][1],A$A[2][0],A$C[4] -|| ANDN B$A[2][1],B$A[2][0],B$C[4] -|| XOR A$C[1],A$A[2][1],A$A[2][1] -|| XOR B$C[1],B$A[2][1],B$A[2][1] -|| XOR A$C[2],A$A[2][2],A$A[2][2] -|| XOR B$C[2],B$A[2][2],B$A[2][2] - XOR A$C[3],A$A[2][3],A$A[2][3] -|| XOR B$C[3],B$A[2][3],B$A[2][3] -|| XOR A$C[4],A$A[2][4],A$A[2][4] -|| XOR B$C[4],B$A[2][4],B$A[2][4] - - ANDN A$A[3][2],A$A[3][1],A$C[4] -|| ANDN B$A[3][2],B$A[3][1],B$C[4] -|| ANDN A$A[3][3],A$A[3][2],A$C[1] -|| ANDN B$A[3][3],B$A[3][2],B$C[1] -|| ANDN A$A[3][4],A$A[3][3],A$C[2] -|| ANDN B$A[3][4],B$A[3][3],B$C[2] - ANDN A$A[3][0],A$A[3][4],A$C[3] -|| ANDN B$A[3][0],B$A[3][4],B$C[3] -|| XOR A$C[4],A$A[3][0],A$A[3][0] -|| XOR B$C[4],B$A[3][0],B$A[3][0] -|| ANDN A$A[3][1],A$A[3][0],A$C[4] -|| ANDN B$A[3][1],B$A[3][0],B$C[4] - XOR A$C[1],A$A[3][1],A$A[3][1] -|| XOR B$C[1],B$A[3][1],B$A[3][1] -|| XOR A$C[2],A$A[3][2],A$A[3][2] -|| XOR B$C[2],B$A[3][2],B$A[3][2] -|| XOR A$C[3],A$A[3][3],A$A[3][3] -||[A0] BNOP loop? - XOR B$C[3],B$A[3][3],B$A[3][3] -|| XOR A$C[4],A$A[3][4],A$A[3][4] -|| XOR B$C[4],B$A[3][4],B$A[3][4] -||[!A0] LDDW *FP[-7],A3:A2 -||[!A0] LDDW *SP[4], RA:B2 - - ANDN A$A[4][2],A$A[4][1],A$C[4] -|| ANDN B$A[4][2],B$A[4][1],B$C[4] -|| ANDN A$A[4][3],A$A[4][2],A$C[1] -|| ANDN B$A[4][3],B$A[4][2],B$C[1] -|| ANDN A$A[4][4],A$A[4][3],A$C[2] -|| ANDN B$A[4][4],B$A[4][3],B$C[2] - ANDN A$A[4][0],A$A[4][4],A$C[3] -|| ANDN B$A[4][0],B$A[4][4],B$C[3] -|| XOR A$C[4],A$A[4][0],A$A[4][0] -|| XOR B$C[4],B$A[4][0],B$A[4][0] -|| ANDN A$A[4][1],A$A[4][0],A$C[4] -|| ANDN B$A[4][1],B$A[4][0],B$C[4] - XOR A$C[1],A$A[4][1],A$A[4][1] -|| XOR B$C[1],B$A[4][1],B$A[4][1] -|| XOR A$C[2],A$A[4][2],A$A[4][2] -|| XOR B$C[2],B$A[4][2],B$A[4][2] -|| XOR A$C[3],A$A[4][3],A$A[4][3] -|| XOR B$C[3],B$A[4][3],B$A[4][3] - XOR A$C[4],A$A[4][4],A$A[4][4] -|| XOR B$C[4],B$A[4][4],B$A[4][4] -;;===== branch to loop? is taken here - - BNOP RA,5 - .endasmfunc - - .newblock - .global _KeccakF1600 - .align 32 -_KeccakF1600: - .asmfunc stack_usage(80) - STW FP,*SP--(80) ; save frame pointer -|| MV SP,FP - STDW B13:B12,*SP[9] -|| STDW A13:A12,*FP[-4] - STDW B11:B10,*SP[8] -|| STDW A11:A10,*FP[-5] - STW RA, *SP[15] -|| STW A14,*FP[-6] -|| MV A4,A2 -|| ADD 4,A4,B2 - - LDW *A2++[2],A$A[0][0] ; load A[5][5] -|| LDW *B2++[2],B$A[0][0] - LDW *A2++[2],A$A[0][1] -|| LDW *B2++[2],B$A[0][1] - LDW *A2++[2],A$A[0][2] -|| LDW *B2++[2],B$A[0][2] - LDW *A2++[2],A$A[0][3] -|| LDW *B2++[2],B$A[0][3] - LDW *A2++[2],A$A[0][4] -|| LDW *B2++[2],B$A[0][4] - - LDW *A2++[2],A$A[1][0] -|| LDW *B2++[2],B$A[1][0] - LDW *A2++[2],A$A[1][1] -|| LDW *B2++[2],B$A[1][1] - LDW *A2++[2],A$A[1][2] -|| LDW *B2++[2],B$A[1][2] - LDW *A2++[2],A$A[1][3] -|| LDW *B2++[2],B$A[1][3] - LDW *A2++[2],A$A[1][4] -|| LDW *B2++[2],B$A[1][4] - - LDW *A2++[2],A$A[2][0] -|| LDW *B2++[2],B$A[2][0] - LDW *A2++[2],A$A[2][1] -|| LDW *B2++[2],B$A[2][1] - LDW *A2++[2],A$A[2][2] -|| LDW *B2++[2],B$A[2][2] - LDW *A2++[2],A$A[2][3] -|| LDW *B2++[2],B$A[2][3] - LDW *A2++[2],A$A[2][4] -|| LDW *B2++[2],B$A[2][4] - - LDW *A2++[2],A$A[3][0] -|| LDW *B2++[2],B$A[3][0] - LDW *A2++[2],A$A[3][1] -|| LDW *B2++[2],B$A[3][1] - LDW *A2++[2],A$A[3][2] -|| LDW *B2++[2],B$A[3][2] - LDW *A2++[2],A$A[3][3] -|| LDW *B2++[2],B$A[3][3] - LDW *A2++[2],A$A[3][4] -|| LDW *B2++[2],B$A[3][4] -|| BNOP _KeccakF1600_int - - ADDKPC ret?,RA -|| LDW *A2++[2],A$A[4][0] -|| LDW *B2++[2],B$A[4][0] - LDW *A2++[2],A$A[4][1] -|| LDW *B2++[2],B$A[4][1] - LDW *A2++[2],A$A[4][2] -|| LDW *B2++[2],B$A[4][2] - LDW *A2++[2],A$A[4][3] -|| LDW *B2++[2],B$A[4][3] - LDW *A2,A$A[4][4] -|| LDW *B2,B$A[4][4] -|| ADDK -192,A2 ; rewind -|| ADDK -192,B2 - - .align 16 -ret?: - STW A$A[0][0],*A2++[2] ; store A[5][5] -|| STW B$A[0][0],*B2++[2] - STW A$A[0][1],*A2++[2] -|| STW B$A[0][1],*B2++[2] - STW A$A[0][2],*A2++[2] -|| STW B$A[0][2],*B2++[2] - STW A$A[0][3],*A2++[2] -|| STW B$A[0][3],*B2++[2] - STW A$A[0][4],*A2++[2] -|| STW B$A[0][4],*B2++[2] - - STW A$A[1][0],*A2++[2] -|| STW B$A[1][0],*B2++[2] - STW A$A[1][1],*A2++[2] -|| STW B$A[1][1],*B2++[2] - STW A$A[1][2],*A2++[2] -|| STW B$A[1][2],*B2++[2] - STW A$A[1][3],*A2++[2] -|| STW B$A[1][3],*B2++[2] - STW A$A[1][4],*A2++[2] -|| STW B$A[1][4],*B2++[2] - - STW A$A[2][0],*A2++[2] -|| STW B$A[2][0],*B2++[2] - STW A$A[2][1],*A2++[2] -|| STW B$A[2][1],*B2++[2] - STW A$A[2][2],*A2++[2] -|| STW B$A[2][2],*B2++[2] - STW A$A[2][3],*A2++[2] -|| STW B$A[2][3],*B2++[2] - STW A$A[2][4],*A2++[2] -|| STW B$A[2][4],*B2++[2] - - STW A$A[3][0],*A2++[2] -|| STW B$A[3][0],*B2++[2] - STW A$A[3][1],*A2++[2] -|| STW B$A[3][1],*B2++[2] - STW A$A[3][2],*A2++[2] -|| STW B$A[3][2],*B2++[2] - STW A$A[3][3],*A2++[2] -|| STW B$A[3][3],*B2++[2] - STW A$A[3][4],*A2++[2] -|| STW B$A[3][4],*B2++[2] - - LDW *SP[15],RA -|| LDW *FP[-6],A14 - - STW A$A[4][0],*A2++[2] -|| STW B$A[4][0],*B2++[2] - STW A$A[4][1],*A2++[2] -|| STW B$A[4][1],*B2++[2] - STW A$A[4][2],*A2++[2] -|| STW B$A[4][2],*B2++[2] - STW A$A[4][3],*A2++[2] -|| STW B$A[4][3],*B2++[2] - STW A$A[4][4],*A2 -|| STW B$A[4][4],*B2 -|| ADDK -192,A2 ; rewind - - MV A2,A4 ; return original A4 -|| LDDW *SP[8], B11:B10 -|| LDDW *FP[-5],A11:A10 - LDDW *SP[9], B13:B12 -|| LDDW *FP[-4],A13:A12 -|| BNOP RA - LDW *++SP(80),FP ; restore frame pointer - NOP 4 ; wait till FP is committed - .endasmfunc - - .newblock - .asg B2,BSZ - .asg A2,INP - .asg A3,LEN - .global _SHA3_absorb - .align 32 -_SHA3_absorb: - .asmfunc stack_usage(80) - STW FP,*SP--(80) ; save frame pointer -|| MV SP,FP - STDW B13:B12,*SP[9] -|| STDW A13:A12,*FP[-4] - STDW B11:B10,*SP[8] -|| STDW A11:A10,*FP[-5] - STW RA, *SP[15] -|| STW A14,*FP[-6] - - STW A4,*SP[1] ; save A[][] -|| MV B4,INP ; reassign arguments -|| MV A6,LEN -|| MV B6,BSZ -|| ADD 4,A4,B4 - - LDW *A4++[2],A$A[0][0] ; load A[5][5] -|| LDW *B4++[2],B$A[0][0] - LDW *A4++[2],A$A[0][1] -|| LDW *B4++[2],B$A[0][1] - LDW *A4++[2],A$A[0][2] -|| LDW *B4++[2],B$A[0][2] - LDW *A4++[2],A$A[0][3] -|| LDW *B4++[2],B$A[0][3] - LDW *A4++[2],A$A[0][4] -|| LDW *B4++[2],B$A[0][4] - - LDW *A4++[2],A$A[1][0] -|| LDW *B4++[2],B$A[1][0] - LDW *A4++[2],A$A[1][1] -|| LDW *B4++[2],B$A[1][1] - LDW *A4++[2],A$A[1][2] -|| LDW *B4++[2],B$A[1][2] - LDW *A4++[2],A$A[1][3] -|| LDW *B4++[2],B$A[1][3] - LDW *A4++[2],A$A[1][4] -|| LDW *B4++[2],B$A[1][4] - - LDW *A4++[2],A$A[2][0] -|| LDW *B4++[2],B$A[2][0] - LDW *A4++[2],A$A[2][1] -|| LDW *B4++[2],B$A[2][1] - LDW *A4++[2],A$A[2][2] -|| LDW *B4++[2],B$A[2][2] - LDW *A4++[2],A$A[2][3] -|| LDW *B4++[2],B$A[2][3] - LDW *A4++[2],A$A[2][4] -|| LDW *B4++[2],B$A[2][4] - - LDW *A4++[2],A$A[3][0] -|| LDW *B4++[2],B$A[3][0] - LDW *A4++[2],A$A[3][1] -|| LDW *B4++[2],B$A[3][1] - LDW *A4++[2],A$A[3][2] -|| LDW *B4++[2],B$A[3][2] - LDW *A4++[2],A$A[3][3] -|| LDW *B4++[2],B$A[3][3] - LDW *A4++[2],A$A[3][4] -|| LDW *B4++[2],B$A[3][4] - - LDW *A4++[2],A$A[4][0] -|| LDW *B4++[2],B$A[4][0] - LDW *A4++[2],A$A[4][1] -|| LDW *B4++[2],B$A[4][1] - LDW *A4++[2],A$A[4][2] -|| LDW *B4++[2],B$A[4][2] - LDW *A4++[2],A$A[4][3] -|| LDW *B4++[2],B$A[4][3] - LDW *A4,A$A[4][4] -|| LDW *B4,B$A[4][4] -|| ADDKPC loop?,RA - STDW RA:BSZ,*SP[4] - -loop?: - CMPLTU LEN,BSZ,A0 ; len < bsz? -|| SHRU BSZ,3,BSZ - [A0] BNOP ret? -||[A0] ZERO BSZ -||[A0] LDW *SP[1],A2 ; pull A[][] - [BSZ] LDNDW *INP++,A1:A0 -||[BSZ] SUB LEN,8,LEN -||[BSZ] SUB BSZ,1,BSZ - NOP 4 -___ -for ($y = 0; $y < 5; $y++) { - for ($x = 0; $x < ($y<4 ? 5 : 4); $x++) { -$code.=<<___; - .if .BIG_ENDIAN - SWAP2 A0,A1 -|| SWAP2 A1,A0 - SWAP4 A0,A0 - SWAP4 A1,A1 -||[!BSZ]BNOP _KeccakF1600_cheat -||[!BSZ]STDW LEN:INP,*SP[3] -|| DEAL A0,A0 - .else - [!BSZ]BNOP _KeccakF1600_cheat -||[!BSZ]STDW LEN:INP,*SP[3] -|| DEAL A0,A0 - .endif - [BSZ] LDNDW *INP++,A1:A0 -|| DEAL A1,A1 - [BSZ] SUB LEN,8,LEN -||[BSZ] SUB BSZ,1,BSZ - PACK2 A1,A0,A0 -|| PACKH2 A1,A0,A1 - XOR A0,A$A[$y][$x],A$A[$y][$x] - XOR A1,B$A[$y][$x],B$A[$y][$x] -___ - } -} -$code.=<<___; - .if .BIG_ENDIAN - SWAP2 A0,A1 -|| SWAP2 A1,A0 - SWAP4 A0,A0 - SWAP4 A1,A1 - .endif - BNOP _KeccakF1600_cheat -|| STDW LEN:INP,*SP[3] -|| DEAL A0,A0 - DEAL A1,A1 - NOP - PACK2 A1,A0,A0 -|| PACKH2 A1,A0,A1 - XOR A0,A$A[4][4],A$A[4][4] - XOR A1,B$A[4][4],B$A[4][4] - - .align 16 -ret?: - MV LEN,A4 ; return value -|| ADD 4,A2,B2 - - STW A$A[0][0],*A2++[2] ; store A[5][5] -|| STW B$A[0][0],*B2++[2] - STW A$A[0][1],*A2++[2] -|| STW B$A[0][1],*B2++[2] - STW A$A[0][2],*A2++[2] -|| STW B$A[0][2],*B2++[2] - STW A$A[0][3],*A2++[2] -|| STW B$A[0][3],*B2++[2] - STW A$A[0][4],*A2++[2] -|| STW B$A[0][4],*B2++[2] - - STW A$A[1][0],*A2++[2] -|| STW B$A[1][0],*B2++[2] - STW A$A[1][1],*A2++[2] -|| STW B$A[1][1],*B2++[2] - STW A$A[1][2],*A2++[2] -|| STW B$A[1][2],*B2++[2] - STW A$A[1][3],*A2++[2] -|| STW B$A[1][3],*B2++[2] - STW A$A[1][4],*A2++[2] -|| STW B$A[1][4],*B2++[2] - - STW A$A[2][0],*A2++[2] -|| STW B$A[2][0],*B2++[2] - STW A$A[2][1],*A2++[2] -|| STW B$A[2][1],*B2++[2] - STW A$A[2][2],*A2++[2] -|| STW B$A[2][2],*B2++[2] - STW A$A[2][3],*A2++[2] -|| STW B$A[2][3],*B2++[2] - STW A$A[2][4],*A2++[2] -|| STW B$A[2][4],*B2++[2] - - LDW *SP[15],RA -|| LDW *FP[-6],A14 - - STW A$A[3][0],*A2++[2] -|| STW B$A[3][0],*B2++[2] - STW A$A[3][1],*A2++[2] -|| STW B$A[3][1],*B2++[2] - STW A$A[3][2],*A2++[2] -|| STW B$A[3][2],*B2++[2] - STW A$A[3][3],*A2++[2] -|| STW B$A[3][3],*B2++[2] - STW A$A[3][4],*A2++[2] -|| STW B$A[3][4],*B2++[2] - - LDDW *SP[8], B11:B10 -|| LDDW *FP[-5],A11:A10 - LDDW *SP[9], B13:B12 -|| LDDW *FP[-4],A13:A12 - BNOP RA -|| LDW *++SP(80),FP ; restore frame pointer - - STW A$A[4][0],*A2++[2] -|| STW B$A[4][0],*B2++[2] - STW A$A[4][1],*A2++[2] -|| STW B$A[4][1],*B2++[2] - STW A$A[4][2],*A2++[2] -|| STW B$A[4][2],*B2++[2] - STW A$A[4][3],*A2++[2] -|| STW B$A[4][3],*B2++[2] - STW A$A[4][4],*A2++[2] -|| STW B$A[4][4],*B2++[2] - .endasmfunc - - .newblock - .global _SHA3_squeeze - .asg A12,OUT - .asg A13,LEN - .asg A14,BSZ - .align 32 -_SHA3_squeeze: - .asmfunc stack_usage(24) - STW FP,*SP--(24) ; save frame pointer -|| MV SP,FP - STW RA, *SP[5] -|| STW A14,*FP[-2] - STDW A13:A12,*FP[-2] -|| MV B4,OUT ; reassign arguments - MV A6,LEN -|| MV B6,BSZ - -loop?: - LDW *SP[5],RA ; reload RA -|| SHRU BSZ,3,A1 -|| MV A4,A8 -|| ADD 4,A4,B8 -block?: - CMPLTU LEN,8,A0 ; len < 8? - [A0] BNOP tail? - LDW *A8++[2],A9 -|| LDW *B8++[2],B9 -|| SUB LEN,8,LEN ; len -= 8 - MV LEN,A0 -|| SUB A1,1,A1 ; bsz-- -|| NOP 4 - .if .BIG_ENDIAN - SWAP4 A9,A9 -|| SWAP4 B9,B9 - SWAP2 A9,A9 -|| SWAP2 B9,B9 - .endif - [!A0] BNOP ret? -||[!A0] ZERO A1 - PACK2 B9,A9,B7 -||[A1] BNOP block? - PACKH2 B9,A9,B9 -|| SHFL B7,B7 - SHFL B9,B9 - STNW B7,*OUT++ - STNW B9,*OUT++ - NOP - - BNOP _KeccakF1600,4 - ADDKPC loop?,RA - - .align 16 -tail?: - .if .BIG_ENDIAN - SWAP4 A9,A9 -|| SWAP4 B9,B9 - SWAP2 A9,A9 -|| SWAP2 B9,B9 - .endif - PACK2 B9,A9,B7 - PACKH2 B9,A9,B9 -|| SHFL B7,B7 - SHFL B9,B9 - - STB B7,*OUT++ -|| SHRU B7,8,B7 -|| ADD LEN,7,A0 - [A0] STB B7,*OUT++ -||[A0] SHRU B7,8,B7 -||[A0] SUB A0,1,A0 - [A0] STB B7,*OUT++ -||[A0] SHRU B7,8,B7 -||[A0] SUB A0,1,A0 - [A0] STB B7,*OUT++ -||[A0] SUB A0,1,A0 - [A0] STB B9,*OUT++ -||[A0] SHRU B9,8,B9 -||[A0] SUB A0,1,A0 - [A0] STB B9,*OUT++ -||[A0] SHRU B9,8,B9 -||[A0] SUB A0,1,A0 - [A0] STB B9,*OUT++ - -ret?: - LDDW *FP[-2],A13:A12 - BNOP RA -|| LDW *FP[-2],A14 - LDW *++SP(24),FP ; restore frame pointer - NOP 4 ; wait till FP is committed - .endasmfunc - - .if __TI_EABI__ - .sect ".text:sha_asm.const" - .else - .sect ".const:sha_asm" - .endif - .align 256 - .uword 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 -iotas: - .uword 0x00000001, 0x00000000 - .uword 0x00000000, 0x00000089 - .uword 0x00000000, 0x8000008b - .uword 0x00000000, 0x80008080 - .uword 0x00000001, 0x0000008b - .uword 0x00000001, 0x00008000 - .uword 0x00000001, 0x80008088 - .uword 0x00000001, 0x80000082 - .uword 0x00000000, 0x0000000b - .uword 0x00000000, 0x0000000a - .uword 0x00000001, 0x00008082 - .uword 0x00000000, 0x00008003 - .uword 0x00000001, 0x0000808b - .uword 0x00000001, 0x8000000b - .uword 0x00000001, 0x8000008a - .uword 0x00000001, 0x80000081 - .uword 0x00000000, 0x80000081 - .uword 0x00000000, 0x80000008 - .uword 0x00000000, 0x00000083 - .uword 0x00000000, 0x80008003 - .uword 0x00000001, 0x80008088 - .uword 0x00000000, 0x80000088 - .uword 0x00000001, 0x00008000 - .uword 0x00000000, 0x80008082 - - .cstring "Keccak-1600 absorb and squeeze for C64x, CRYPTOGAMS by " - .align 4 -___ - -$output=pop and open STDOUT,">$output"; -print $code; -close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/sha/asm/keccak1600-mmx.pl b/crypto/sha/asm/keccak1600-mmx.pl deleted file mode 100755 index 7657a23a9c27944eaf10257a4be94ab8e1d775bb..0000000000000000000000000000000000000000 --- a/crypto/sha/asm/keccak1600-mmx.pl +++ /dev/null @@ -1,439 +0,0 @@ -#!/usr/bin/env perl -# Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html -# -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# ==================================================================== -# -# Keccak-1600 for x86 MMX. -# -# June 2017. -# -# Below code is KECCAK_2X implementation (see sha/keccak1600.c) with -# C[5] held in register bank and D[5] offloaded to memory. Though -# instead of actually unrolling the loop pair-wise I simply flip -# pointers to T[][] and A[][] and the end of round. Since number of -# rounds is even, last round writes to A[][] and everything works out. -# It's argued that MMX is the only code path meaningful to implement -# for x86. This is because non-MMX-capable processors is an extinct -# breed, and they as well can lurk executing compiler-generated code. -# For reference gcc-5.x-generated KECCAK_2X code takes 89 cycles per -# processed byte on Pentium. Which is fair result. But older compilers -# produce worse code. On the other hand one can wonder why not 128-bit -# SSE2? Well, SSE2 won't provide double improvement, rather far from -# that, if any at all on some processors, because it will take extra -# permutations and inter-bank data transfers. Besides, contemporary -# CPUs are better off executing 64-bit code, and it makes lesser sense -# to invest into fancy 32-bit code. And the decision doesn't seem to -# be inadequate, if one compares below results to "64-bit platforms in -# 32-bit mode" SIMD data points available at -# http://keccak.noekeon.org/sw_performance.html. -# -######################################################################## -# Numbers are cycles per processed byte out of large message. -# -# r=1088(i) -# -# PIII 30/+150% -# Pentium M 27/+150% -# P4 40/+85% -# Core 2 19/+170% -# Sandy Bridge(ii) 18/+140% -# Atom 33/+180% -# Silvermont(ii) 30/+180% -# VIA Nano(ii) 43/+60% -# Sledgehammer(ii)(iii) 24/+130% -# -# (i) Corresponds to SHA3-256. Numbers after slash are improvement -# coefficients over KECCAK_2X [with bit interleave and lane -# complementing] position-independent *scalar* code generated -# by gcc-5.x. It's not exactly fair comparison, but it's a -# datapoint... -# (ii) 64-bit processor executing 32-bit code. -# (iii) Result is considered to be representative even for older AMD -# processors. - -$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; -push(@INC,"${dir}","${dir}../../perlasm"); -require "x86asm.pl"; - -$output=pop and open STDOUT,">$output"; - -&asm_init($ARGV[0],$ARGV[$#ARGV] eq "386"); - -my @C = map("mm$_",(0..4)); -my @T = map("mm$_",(5..7)); -my @A = map([ 8*$_-100, 8*($_+1)-100, 8*($_+2)-100, - 8*($_+3)-100, 8*($_+4)-100 ], (0,5,10,15,20)); -my @D = map(8*$_+4, (0..4)); -my @rhotates = ([ 0, 1, 62, 28, 27 ], - [ 36, 44, 6, 55, 20 ], - [ 3, 10, 43, 25, 39 ], - [ 41, 45, 15, 21, 8 ], - [ 18, 2, 61, 56, 14 ]); - -&static_label("iotas"); - -&function_begin_B("_KeccakF1600"); - &movq (@C[0],&QWP($A[4][0],"esi")); - &movq (@C[1],&QWP($A[4][1],"esi")); - &movq (@C[2],&QWP($A[4][2],"esi")); - &movq (@C[3],&QWP($A[4][3],"esi")); - &movq (@C[4],&QWP($A[4][4],"esi")); - - &mov ("ecx",24); # loop counter - &jmp (&label("loop")); - - &set_label("loop",16); - ######################################### Theta - &pxor (@C[0],&QWP($A[0][0],"esi")); - &pxor (@C[1],&QWP($A[0][1],"esi")); - &pxor (@C[2],&QWP($A[0][2],"esi")); - &pxor (@C[3],&QWP($A[0][3],"esi")); - &pxor (@C[4],&QWP($A[0][4],"esi")); - - &pxor (@C[0],&QWP($A[1][0],"esi")); - &pxor (@C[1],&QWP($A[1][1],"esi")); - &pxor (@C[2],&QWP($A[1][2],"esi")); - &pxor (@C[3],&QWP($A[1][3],"esi")); - &pxor (@C[4],&QWP($A[1][4],"esi")); - - &pxor (@C[0],&QWP($A[2][0],"esi")); - &pxor (@C[1],&QWP($A[2][1],"esi")); - &pxor (@C[2],&QWP($A[2][2],"esi")); - &pxor (@C[3],&QWP($A[2][3],"esi")); - &pxor (@C[4],&QWP($A[2][4],"esi")); - - &pxor (@C[2],&QWP($A[3][2],"esi")); - &pxor (@C[0],&QWP($A[3][0],"esi")); - &pxor (@C[1],&QWP($A[3][1],"esi")); - &pxor (@C[3],&QWP($A[3][3],"esi")); - &movq (@T[0],@C[2]); - &pxor (@C[4],&QWP($A[3][4],"esi")); - - &movq (@T[2],@C[2]); - &psrlq (@T[0],63); - &movq (@T[1],@C[0]); - &psllq (@T[2],1); - &pxor (@T[0],@C[0]); - &psrlq (@C[0],63); - &pxor (@T[0],@T[2]); - &psllq (@T[1],1); - &movq (@T[2],@C[1]); - &movq (&QWP(@D[1],"esp"),@T[0]); # D[1] = E[0] = ROL64(C[2], 1) ^ C[0]; - - &pxor (@T[1],@C[0]); - &psrlq (@T[2],63); - &pxor (@T[1],@C[3]); - &movq (@C[0],@C[1]); - &movq (&QWP(@D[4],"esp"),@T[1]); # D[4] = E[1] = ROL64(C[0], 1) ^ C[3]; - - &psllq (@C[0],1); - &pxor (@T[2],@C[4]); - &pxor (@C[0],@T[2]); - - &movq (@T[2],@C[3]); - &psrlq (@C[3],63); - &movq (&QWP(@D[0],"esp"),@C[0]); # D[0] = C[0] = ROL64(C[1], 1) ^ C[4]; - &psllq (@T[2],1); - &movq (@T[0],@C[4]); - &psrlq (@C[4],63); - &pxor (@C[1],@C[3]); - &psllq (@T[0],1); - &pxor (@C[1],@T[2]); - &pxor (@C[2],@C[4]); - &movq (&QWP(@D[2],"esp"),@C[1]); # D[2] = C[1] = ROL64(C[3], 1) ^ C[1]; - &pxor (@C[2],@T[0]); - - ######################################### first Rho(0) is special - &movq (@C[3],&QWP($A[3][3],"esi")); - &movq (&QWP(@D[3],"esp"),@C[2]); # D[3] = C[2] = ROL64(C[4], 1) ^ C[2]; - &pxor (@C[3],@C[2]); - &movq (@C[4],&QWP($A[4][4],"esi")); - &movq (@T[2],@C[3]); - &psrlq (@C[3],64-$rhotates[3][3]); - &pxor (@C[4],@T[1]); - &psllq (@T[2],$rhotates[3][3]); - &movq (@T[1],@C[4]); - &psrlq (@C[4],64-$rhotates[4][4]); - &por (@C[3],@T[2]); # C[3] = ROL64(A[3][3] ^ C[2], rhotates[3][3]); /* D[3] */ - &psllq (@T[1],$rhotates[4][4]); - - &movq (@C[2],&QWP($A[2][2],"esi")); - &por (@C[4],@T[1]); # C[4] = ROL64(A[4][4] ^ E[1], rhotates[4][4]); /* D[4] */ - &pxor (@C[2],@C[1]); - &movq (@C[1],&QWP($A[1][1],"esi")); - &movq (@T[1],@C[2]); - &psrlq (@C[2],64-$rhotates[2][2]); - &pxor (@C[1],&QWP(@D[1],"esp")); - &psllq (@T[1],$rhotates[2][2]); - - &movq (@T[2],@C[1]); - &psrlq (@C[1],64-$rhotates[1][1]); - &por (@C[2],@T[1]); # C[2] = ROL64(A[2][2] ^ C[1], rhotates[2][2]); /* D[2] */ - &psllq (@T[2],$rhotates[1][1]); - &pxor (@C[0],&QWP($A[0][0],"esi")); # /* rotate by 0 */ /* D[0] */ - &por (@C[1],@T[2]); # C[1] = ROL64(A[1][1] ^ D[1], rhotates[1][1]); - -sub Chi() { ######### regular Chi step - my ($y,$xrho) = @_; - - &movq (@T[0],@C[1]); - &movq (@T[1],@C[2]); - &pandn (@T[0],@C[2]); - &pandn (@C[2],@C[3]); - &pxor (@T[0],@C[0]); - &pxor (@C[2],@C[1]); - &pxor (@T[0],&QWP(0,"ebx")) if ($y == 0); - &lea ("ebx",&DWP(8,"ebx")) if ($y == 0); - - &movq (@T[2],@C[3]); - &movq (&QWP($A[$y][0],"edi"),@T[0]); # R[0][0] = C[0] ^ (~C[1] & C[2]) ^ iotas[i]; - &movq (@T[0],@C[4]); - &pandn (@C[3],@C[4]); - &pandn (@C[4],@C[0]); - &pxor (@C[3],@T[1]); - &movq (&QWP($A[$y][1],"edi"),@C[2]); # R[0][1] = C[1] ^ (~C[2] & C[3]); - &pxor (@C[4],@T[2]); - &movq (@T[2],&QWP($A[0][$xrho],"esi")) if (defined($xrho)); - - &movq (&QWP($A[$y][2],"edi"),@C[3]); # R[0][2] = C[2] ^ (~C[3] & C[4]); - &pandn (@C[0],@C[1]); - &movq (&QWP($A[$y][3],"edi"),@C[4]); # R[0][3] = C[3] ^ (~C[4] & C[0]); - &pxor (@C[0],@T[0]); - &pxor (@T[2],&QWP(@D[$xrho],"esp")) if (defined($xrho)); - &movq (&QWP($A[$y][4],"edi"),@C[0]); # R[0][4] = C[4] ^ (~C[0] & C[1]); -} - &Chi (0, 3); - -sub Rho() { ######### regular Rho step - my $x = shift; - - #&movq (@T[2],&QWP($A[0][$x],"esi")); # moved to Chi - #&pxor (@T[2],&QWP(@D[$x],"esp")); # moved to Chi - &movq (@C[0],@T[2]); - &psrlq (@T[2],64-$rhotates[0][$x]); - &movq (@C[1],&QWP($A[1][($x+1)%5],"esi")); - &psllq (@C[0],$rhotates[0][$x]); - &pxor (@C[1],&QWP(@D[($x+1)%5],"esp")); - &por (@C[0],@T[2]); # C[0] = ROL64(A[0][3] ^ D[3], rhotates[0][3]); - - &movq (@T[1],@C[1]); - &psrlq (@C[1],64-$rhotates[1][($x+1)%5]); - &movq (@C[2],&QWP($A[2][($x+2)%5],"esi")); - &psllq (@T[1],$rhotates[1][($x+1)%5]); - &pxor (@C[2],&QWP(@D[($x+2)%5],"esp")); - &por (@C[1],@T[1]); # C[1] = ROL64(A[1][4] ^ D[4], rhotates[1][4]); - - &movq (@T[2],@C[2]); - &psrlq (@C[2],64-$rhotates[2][($x+2)%5]); - &movq (@C[3],&QWP($A[3][($x+3)%5],"esi")); - &psllq (@T[2],$rhotates[2][($x+2)%5]); - &pxor (@C[3],&QWP(@D[($x+3)%5],"esp")); - &por (@C[2],@T[2]); # C[2] = ROL64(A[2][0] ^ D[0], rhotates[2][0]); - - &movq (@T[0],@C[3]); - &psrlq (@C[3],64-$rhotates[3][($x+3)%5]); - &movq (@C[4],&QWP($A[4][($x+4)%5],"esi")); - &psllq (@T[0],$rhotates[3][($x+3)%5]); - &pxor (@C[4],&QWP(@D[($x+4)%5],"esp")); - &por (@C[3],@T[0]); # C[3] = ROL64(A[3][1] ^ D[1], rhotates[3][1]); - - &movq (@T[1],@C[4]); - &psrlq (@C[4],64-$rhotates[4][($x+4)%5]); - &psllq (@T[1],$rhotates[4][($x+4)%5]); - &por (@C[4],@T[1]); # C[4] = ROL64(A[4][2] ^ D[2], rhotates[4][2]); -} - &Rho (3); &Chi (1, 1); - &Rho (1); &Chi (2, 4); - &Rho (4); &Chi (3, 2); - &Rho (2); ###&Chi (4); - - &movq (@T[0],@C[0]); ######### last Chi(4) is special - &xor ("edi","esi"); # &xchg ("esi","edi"); - &movq (&QWP(@D[1],"esp"),@C[1]); - &xor ("esi","edi"); - &xor ("edi","esi"); - - &movq (@T[1],@C[1]); - &movq (@T[2],@C[2]); - &pandn (@T[1],@C[2]); - &pandn (@T[2],@C[3]); - &pxor (@C[0],@T[1]); - &pxor (@C[1],@T[2]); - - &movq (@T[1],@C[3]); - &movq (&QWP($A[4][0],"esi"),@C[0]); # R[4][0] = C[0] ^= (~C[1] & C[2]); - &pandn (@T[1],@C[4]); - &movq (&QWP($A[4][1],"esi"),@C[1]); # R[4][1] = C[1] ^= (~C[2] & C[3]); - &pxor (@C[2],@T[1]); - &movq (@T[2],@C[4]); - &movq (&QWP($A[4][2],"esi"),@C[2]); # R[4][2] = C[2] ^= (~C[3] & C[4]); - - &pandn (@T[2],@T[0]); - &pandn (@T[0],&QWP(@D[1],"esp")); - &pxor (@C[3],@T[2]); - &pxor (@C[4],@T[0]); - &movq (&QWP($A[4][3],"esi"),@C[3]); # R[4][3] = C[3] ^= (~C[4] & D[0]); - &sub ("ecx",1); - &movq (&QWP($A[4][4],"esi"),@C[4]); # R[4][4] = C[4] ^= (~D[0] & D[1]); - &jnz (&label("loop")); - - &lea ("ebx",&DWP(-192,"ebx")); # rewind iotas - &ret (); -&function_end_B("_KeccakF1600"); - -&function_begin("KeccakF1600"); - &mov ("esi",&wparam(0)); - &mov ("ebp","esp"); - &sub ("esp",240); - &call (&label("pic_point")); - &set_label("pic_point"); - &blindpop("ebx"); - &lea ("ebx",&DWP(&label("iotas")."-".&label("pic_point"),"ebx")); - &and ("esp",-8); - &lea ("esi",&DWP(100,"esi")); # size optimization - &lea ("edi",&DWP(8*5+100,"esp")); # size optimization - - &call ("_KeccakF1600"); - - &mov ("esp","ebp"); - &emms (); -&function_end("KeccakF1600"); - -&function_begin("SHA3_absorb"); - &mov ("esi",&wparam(0)); # A[][] - &mov ("eax",&wparam(1)); # inp - &mov ("ecx",&wparam(2)); # len - &mov ("edx",&wparam(3)); # bsz - &mov ("ebp","esp"); - &sub ("esp",240+8); - &call (&label("pic_point")); - &set_label("pic_point"); - &blindpop("ebx"); - &lea ("ebx",&DWP(&label("iotas")."-".&label("pic_point"),"ebx")); - &and ("esp",-8); - - &mov ("edi","esi"); - &lea ("esi",&DWP(100,"esi")); # size optimization - &mov (&DWP(-4,"ebp"),"edx"); # save bsz - &jmp (&label("loop")); - -&set_label("loop",16); - &cmp ("ecx","edx"); # len < bsz? - &jc (&label("absorbed")); - - &shr ("edx",3); # bsz /= 8 -&set_label("block"); - &movq ("mm0",&QWP(0,"eax")); - &lea ("eax",&DWP(8,"eax")); - &pxor ("mm0",&QWP(0,"edi")); - &lea ("edi",&DWP(8,"edi")); - &sub ("ecx",8); # len -= 8 - &movq (&QWP(-8,"edi"),"mm0"); - &dec ("edx"); # bsz-- - &jnz (&label("block")); - - &lea ("edi",&DWP(8*5+100,"esp")); # size optimization - &mov (&DWP(-8,"ebp"),"ecx"); # save len - &call ("_KeccakF1600"); - &mov ("ecx",&DWP(-8,"ebp")); # pull len - &mov ("edx",&DWP(-4,"ebp")); # pull bsz - &lea ("edi",&DWP(-100,"esi")); - &jmp (&label("loop")); - -&set_label("absorbed",16); - &mov ("eax","ecx"); # return value - &mov ("esp","ebp"); - &emms (); -&function_end("SHA3_absorb"); - -&function_begin("SHA3_squeeze"); - &mov ("esi",&wparam(0)); # A[][] - &mov ("eax",&wparam(1)); # out - &mov ("ecx",&wparam(2)); # len - &mov ("edx",&wparam(3)); # bsz - &mov ("ebp","esp"); - &sub ("esp",240+8); - &call (&label("pic_point")); - &set_label("pic_point"); - &blindpop("ebx"); - &lea ("ebx",&DWP(&label("iotas")."-".&label("pic_point"),"ebx")); - &and ("esp",-8); - - &shr ("edx",3); # bsz /= 8 - &mov ("edi","esi"); - &lea ("esi",&DWP(100,"esi")); # size optimization - &mov (&DWP(-4,"ebp"),"edx"); # save bsz - &jmp (&label("loop")); - -&set_label("loop",16); - &cmp ("ecx",8); # len < 8? - &jc (&label("tail")); - - &movq ("mm0",&QWP(0,"edi")); - &lea ("edi",&DWP(8,"edi")); - &movq (&QWP(0,"eax"),"mm0"); - &lea ("eax",&DWP(8,"eax")); - &sub ("ecx",8); # len -= 8 - &jz (&label("done")); - - &dec ("edx"); # bsz-- - &jnz (&label("loop")); - - &lea ("edi",&DWP(8*5+100,"esp")); # size optimization - &mov (&DWP(-8,"ebp"),"ecx"); # save len - &call ("_KeccakF1600"); - &mov ("ecx",&DWP(-8,"ebp")); # pull len - &mov ("edx",&DWP(-4,"ebp")); # pull bsz - &lea ("edi",&DWP(-100,"esi")); - &jmp (&label("loop")); - -&set_label("tail",16); - &mov ("esi","edi"); - &mov ("edi","eax"); - &data_word("0xA4F39066"); # rep movsb - -&set_label("done"); - &mov ("esp","ebp"); - &emms (); -&function_end("SHA3_squeeze"); - -&set_label("iotas",32); - &data_word(0x00000001,0x00000000); - &data_word(0x00008082,0x00000000); - &data_word(0x0000808a,0x80000000); - &data_word(0x80008000,0x80000000); - &data_word(0x0000808b,0x00000000); - &data_word(0x80000001,0x00000000); - &data_word(0x80008081,0x80000000); - &data_word(0x00008009,0x80000000); - &data_word(0x0000008a,0x00000000); - &data_word(0x00000088,0x00000000); - &data_word(0x80008009,0x00000000); - &data_word(0x8000000a,0x00000000); - &data_word(0x8000808b,0x00000000); - &data_word(0x0000008b,0x80000000); - &data_word(0x00008089,0x80000000); - &data_word(0x00008003,0x80000000); - &data_word(0x00008002,0x80000000); - &data_word(0x00000080,0x80000000); - &data_word(0x0000800a,0x00000000); - &data_word(0x8000000a,0x80000000); - &data_word(0x80008081,0x80000000); - &data_word(0x00008080,0x80000000); - &data_word(0x80000001,0x00000000); - &data_word(0x80008008,0x80000000); -&asciz("Keccak-1600 absorb and squeeze for MMX, CRYPTOGAMS by "); - -&asm_finish(); - -close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/sha/asm/keccak1600-ppc64.pl b/crypto/sha/asm/keccak1600-ppc64.pl deleted file mode 100755 index 83f8d8ef337beaf561b1175fe26c7c571c34f32b..0000000000000000000000000000000000000000 --- a/crypto/sha/asm/keccak1600-ppc64.pl +++ /dev/null @@ -1,762 +0,0 @@ -#!/usr/bin/env perl -# Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html -# -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# ==================================================================== -# -# Keccak-1600 for PPC64. -# -# June 2017. -# -# This is straightforward KECCAK_1X_ALT implementation that works on -# *any* PPC64. Then PowerISA 2.07 adds 2x64-bit vector rotate, and -# it's possible to achieve performance better than below, but that is -# naturally option only for POWER8 and successors... -# -###################################################################### -# Numbers are cycles per processed byte. -# -# r=1088(*) -# -# PPC970/G5 14.0/+130% -# POWER7 9.7/+110% -# POWER8 10.6/+100% -# POWER9 8.2/+66% -# -# (*) Corresponds to SHA3-256. Percentage after slash is improvement -# over gcc-4.x-generated KECCAK_1X_ALT code. Newer compilers do -# much better (but watch out for them generating code specific -# to processor they execute on). - -# $output is the last argument if it looks like a file (it has an extension) -# $flavour is the first argument if it doesn't look like a file -$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; -$flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef; - -if ($flavour =~ /64/) { - $SIZE_T =8; - $LRSAVE =2*$SIZE_T; - $UCMP ="cmpld"; - $STU ="stdu"; - $POP ="ld"; - $PUSH ="std"; -} else { die "nonsense $flavour"; } - -$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; -( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or -( $xlate="${dir}../../perlasm/ppc-xlate.pl" and -f $xlate) or -die "can't locate ppc-xlate.pl"; - -open STDOUT,"| $^X $xlate $flavour \"$output\"" - or die "can't call $xlate: $!"; - -$FRAME=24*$SIZE_T+6*$SIZE_T+32; -$LOCALS=6*$SIZE_T; -$TEMP=$LOCALS+6*$SIZE_T; - -my $sp ="r1"; - -my @A = map([ "r$_", "r".($_+1), "r".($_+2), "r".($_+3), "r".($_+4) ], - (7, 12, 17, 22, 27)); - $A[1][1] = "r6"; # r13 is reserved - -my @C = map("r$_", (0,3,4,5)); - -my @rhotates = ([ 0, 1, 62, 28, 27 ], - [ 36, 44, 6, 55, 20 ], - [ 3, 10, 43, 25, 39 ], - [ 41, 45, 15, 21, 8 ], - [ 18, 2, 61, 56, 14 ]); - -$code.=<<___; -.text - -.type KeccakF1600_int,\@function -.align 5 -KeccakF1600_int: - li r0,24 - mtctr r0 - b .Loop -.align 4 -.Loop: - xor $C[0],$A[0][0],$A[1][0] ; Theta - std $A[0][4],`$TEMP+0`($sp) - xor $C[1],$A[0][1],$A[1][1] - std $A[1][4],`$TEMP+8`($sp) - xor $C[2],$A[0][2],$A[1][2] - std $A[2][4],`$TEMP+16`($sp) - xor $C[3],$A[0][3],$A[1][3] - std $A[3][4],`$TEMP+24`($sp) -___ - $C[4]=$A[0][4]; - $C[5]=$A[1][4]; - $C[6]=$A[2][4]; - $C[7]=$A[3][4]; -$code.=<<___; - xor $C[4],$A[0][4],$A[1][4] - xor $C[0],$C[0],$A[2][0] - xor $C[1],$C[1],$A[2][1] - xor $C[2],$C[2],$A[2][2] - xor $C[3],$C[3],$A[2][3] - xor $C[4],$C[4],$A[2][4] - xor $C[0],$C[0],$A[3][0] - xor $C[1],$C[1],$A[3][1] - xor $C[2],$C[2],$A[3][2] - xor $C[3],$C[3],$A[3][3] - xor $C[4],$C[4],$A[3][4] - xor $C[0],$C[0],$A[4][0] - xor $C[2],$C[2],$A[4][2] - xor $C[1],$C[1],$A[4][1] - xor $C[3],$C[3],$A[4][3] - rotldi $C[5],$C[2],1 - xor $C[4],$C[4],$A[4][4] - rotldi $C[6],$C[3],1 - xor $C[5],$C[5],$C[0] - rotldi $C[7],$C[4],1 - - xor $A[0][1],$A[0][1],$C[5] - xor $A[1][1],$A[1][1],$C[5] - xor $A[2][1],$A[2][1],$C[5] - xor $A[3][1],$A[3][1],$C[5] - xor $A[4][1],$A[4][1],$C[5] - - rotldi $C[5],$C[0],1 - xor $C[6],$C[6],$C[1] - xor $C[2],$C[2],$C[7] - rotldi $C[7],$C[1],1 - xor $C[3],$C[3],$C[5] - xor $C[4],$C[4],$C[7] - - xor $C[1], $A[0][2],$C[6] ;mr $C[1],$A[0][2] - xor $A[1][2],$A[1][2],$C[6] - xor $A[2][2],$A[2][2],$C[6] - xor $A[3][2],$A[3][2],$C[6] - xor $A[4][2],$A[4][2],$C[6] - - xor $A[0][0],$A[0][0],$C[4] - xor $A[1][0],$A[1][0],$C[4] - xor $A[2][0],$A[2][0],$C[4] - xor $A[3][0],$A[3][0],$C[4] - xor $A[4][0],$A[4][0],$C[4] -___ - $C[4]=undef; - $C[5]=undef; - $C[6]=undef; - $C[7]=undef; -$code.=<<___; - ld $A[0][4],`$TEMP+0`($sp) - xor $C[0], $A[0][3],$C[2] ;mr $C[0],$A[0][3] - ld $A[1][4],`$TEMP+8`($sp) - xor $A[1][3],$A[1][3],$C[2] - ld $A[2][4],`$TEMP+16`($sp) - xor $A[2][3],$A[2][3],$C[2] - ld $A[3][4],`$TEMP+24`($sp) - xor $A[3][3],$A[3][3],$C[2] - xor $A[4][3],$A[4][3],$C[2] - - xor $C[2], $A[0][4],$C[3] ;mr $C[2],$A[0][4] - xor $A[1][4],$A[1][4],$C[3] - xor $A[2][4],$A[2][4],$C[3] - xor $A[3][4],$A[3][4],$C[3] - xor $A[4][4],$A[4][4],$C[3] - - mr $C[3],$A[0][1] ; Rho+Pi - rotldi $A[0][1],$A[1][1],$rhotates[1][1] - ;mr $C[1],$A[0][2] - rotldi $A[0][2],$A[2][2],$rhotates[2][2] - ;mr $C[0],$A[0][3] - rotldi $A[0][3],$A[3][3],$rhotates[3][3] - ;mr $C[2],$A[0][4] - rotldi $A[0][4],$A[4][4],$rhotates[4][4] - - rotldi $A[1][1],$A[1][4],$rhotates[1][4] - rotldi $A[2][2],$A[2][3],$rhotates[2][3] - rotldi $A[3][3],$A[3][2],$rhotates[3][2] - rotldi $A[4][4],$A[4][1],$rhotates[4][1] - - rotldi $A[1][4],$A[4][2],$rhotates[4][2] - rotldi $A[2][3],$A[3][4],$rhotates[3][4] - rotldi $A[3][2],$A[2][1],$rhotates[2][1] - rotldi $A[4][1],$A[1][3],$rhotates[1][3] - - rotldi $A[4][2],$A[2][4],$rhotates[2][4] - rotldi $A[3][4],$A[4][3],$rhotates[4][3] - rotldi $A[2][1],$A[1][2],$rhotates[1][2] - rotldi $A[1][3],$A[3][1],$rhotates[3][1] - - rotldi $A[2][4],$A[4][0],$rhotates[4][0] - rotldi $A[4][3],$A[3][0],$rhotates[3][0] - rotldi $A[1][2],$A[2][0],$rhotates[2][0] - rotldi $A[3][1],$A[1][0],$rhotates[1][0] - - rotldi $A[1][0],$C[0],$rhotates[0][3] - rotldi $A[2][0],$C[3],$rhotates[0][1] - rotldi $A[3][0],$C[2],$rhotates[0][4] - rotldi $A[4][0],$C[1],$rhotates[0][2] - - andc $C[0],$A[0][2],$A[0][1] ; Chi+Iota - andc $C[1],$A[0][3],$A[0][2] - andc $C[2],$A[0][0],$A[0][4] - andc $C[3],$A[0][1],$A[0][0] - xor $A[0][0],$A[0][0],$C[0] - andc $C[0],$A[0][4],$A[0][3] - xor $A[0][1],$A[0][1],$C[1] - ld $C[1],`$LOCALS+4*$SIZE_T`($sp) - xor $A[0][3],$A[0][3],$C[2] - xor $A[0][4],$A[0][4],$C[3] - xor $A[0][2],$A[0][2],$C[0] - ldu $C[3],8($C[1]) ; Iota[i++] - - andc $C[0],$A[1][2],$A[1][1] - std $C[1],`$LOCALS+4*$SIZE_T`($sp) - andc $C[1],$A[1][3],$A[1][2] - andc $C[2],$A[1][0],$A[1][4] - xor $A[0][0],$A[0][0],$C[3] ; A[0][0] ^= Iota - andc $C[3],$A[1][1],$A[1][0] - xor $A[1][0],$A[1][0],$C[0] - andc $C[0],$A[1][4],$A[1][3] - xor $A[1][1],$A[1][1],$C[1] - xor $A[1][3],$A[1][3],$C[2] - xor $A[1][4],$A[1][4],$C[3] - xor $A[1][2],$A[1][2],$C[0] - - andc $C[0],$A[2][2],$A[2][1] - andc $C[1],$A[2][3],$A[2][2] - andc $C[2],$A[2][0],$A[2][4] - andc $C[3],$A[2][1],$A[2][0] - xor $A[2][0],$A[2][0],$C[0] - andc $C[0],$A[2][4],$A[2][3] - xor $A[2][1],$A[2][1],$C[1] - xor $A[2][3],$A[2][3],$C[2] - xor $A[2][4],$A[2][4],$C[3] - xor $A[2][2],$A[2][2],$C[0] - - andc $C[0],$A[3][2],$A[3][1] - andc $C[1],$A[3][3],$A[3][2] - andc $C[2],$A[3][0],$A[3][4] - andc $C[3],$A[3][1],$A[3][0] - xor $A[3][0],$A[3][0],$C[0] - andc $C[0],$A[3][4],$A[3][3] - xor $A[3][1],$A[3][1],$C[1] - xor $A[3][3],$A[3][3],$C[2] - xor $A[3][4],$A[3][4],$C[3] - xor $A[3][2],$A[3][2],$C[0] - - andc $C[0],$A[4][2],$A[4][1] - andc $C[1],$A[4][3],$A[4][2] - andc $C[2],$A[4][0],$A[4][4] - andc $C[3],$A[4][1],$A[4][0] - xor $A[4][0],$A[4][0],$C[0] - andc $C[0],$A[4][4],$A[4][3] - xor $A[4][1],$A[4][1],$C[1] - xor $A[4][3],$A[4][3],$C[2] - xor $A[4][4],$A[4][4],$C[3] - xor $A[4][2],$A[4][2],$C[0] - - bdnz .Loop - - blr - .long 0 - .byte 0,12,0x14,0,0,0,0,0 -.size KeccakF1600_int,.-KeccakF1600_int - -.type KeccakF1600,\@function -.align 5 -KeccakF1600: - $STU $sp,-$FRAME($sp) - mflr r0 - $PUSH r14,`$FRAME-$SIZE_T*18`($sp) - $PUSH r15,`$FRAME-$SIZE_T*17`($sp) - $PUSH r16,`$FRAME-$SIZE_T*16`($sp) - $PUSH r17,`$FRAME-$SIZE_T*15`($sp) - $PUSH r18,`$FRAME-$SIZE_T*14`($sp) - $PUSH r19,`$FRAME-$SIZE_T*13`($sp) - $PUSH r20,`$FRAME-$SIZE_T*12`($sp) - $PUSH r21,`$FRAME-$SIZE_T*11`($sp) - $PUSH r22,`$FRAME-$SIZE_T*10`($sp) - $PUSH r23,`$FRAME-$SIZE_T*9`($sp) - $PUSH r24,`$FRAME-$SIZE_T*8`($sp) - $PUSH r25,`$FRAME-$SIZE_T*7`($sp) - $PUSH r26,`$FRAME-$SIZE_T*6`($sp) - $PUSH r27,`$FRAME-$SIZE_T*5`($sp) - $PUSH r28,`$FRAME-$SIZE_T*4`($sp) - $PUSH r29,`$FRAME-$SIZE_T*3`($sp) - $PUSH r30,`$FRAME-$SIZE_T*2`($sp) - $PUSH r31,`$FRAME-$SIZE_T*1`($sp) - $PUSH r0,`$FRAME+$LRSAVE`($sp) - - bl PICmeup - subi r12,r12,8 ; prepare for ldu - - $PUSH r3,`$LOCALS+0*$SIZE_T`($sp) - ;$PUSH r4,`$LOCALS+1*$SIZE_T`($sp) - ;$PUSH r5,`$LOCALS+2*$SIZE_T`($sp) - ;$PUSH r6,`$LOCALS+3*$SIZE_T`($sp) - $PUSH r12,`$LOCALS+4*$SIZE_T`($sp) - - ld $A[0][0],`8*0`(r3) ; load A[5][5] - ld $A[0][1],`8*1`(r3) - ld $A[0][2],`8*2`(r3) - ld $A[0][3],`8*3`(r3) - ld $A[0][4],`8*4`(r3) - ld $A[1][0],`8*5`(r3) - ld $A[1][1],`8*6`(r3) - ld $A[1][2],`8*7`(r3) - ld $A[1][3],`8*8`(r3) - ld $A[1][4],`8*9`(r3) - ld $A[2][0],`8*10`(r3) - ld $A[2][1],`8*11`(r3) - ld $A[2][2],`8*12`(r3) - ld $A[2][3],`8*13`(r3) - ld $A[2][4],`8*14`(r3) - ld $A[3][0],`8*15`(r3) - ld $A[3][1],`8*16`(r3) - ld $A[3][2],`8*17`(r3) - ld $A[3][3],`8*18`(r3) - ld $A[3][4],`8*19`(r3) - ld $A[4][0],`8*20`(r3) - ld $A[4][1],`8*21`(r3) - ld $A[4][2],`8*22`(r3) - ld $A[4][3],`8*23`(r3) - ld $A[4][4],`8*24`(r3) - - bl KeccakF1600_int - - $POP r3,`$LOCALS+0*$SIZE_T`($sp) - std $A[0][0],`8*0`(r3) ; return A[5][5] - std $A[0][1],`8*1`(r3) - std $A[0][2],`8*2`(r3) - std $A[0][3],`8*3`(r3) - std $A[0][4],`8*4`(r3) - std $A[1][0],`8*5`(r3) - std $A[1][1],`8*6`(r3) - std $A[1][2],`8*7`(r3) - std $A[1][3],`8*8`(r3) - std $A[1][4],`8*9`(r3) - std $A[2][0],`8*10`(r3) - std $A[2][1],`8*11`(r3) - std $A[2][2],`8*12`(r3) - std $A[2][3],`8*13`(r3) - std $A[2][4],`8*14`(r3) - std $A[3][0],`8*15`(r3) - std $A[3][1],`8*16`(r3) - std $A[3][2],`8*17`(r3) - std $A[3][3],`8*18`(r3) - std $A[3][4],`8*19`(r3) - std $A[4][0],`8*20`(r3) - std $A[4][1],`8*21`(r3) - std $A[4][2],`8*22`(r3) - std $A[4][3],`8*23`(r3) - std $A[4][4],`8*24`(r3) - - $POP r0,`$FRAME+$LRSAVE`($sp) - $POP r14,`$FRAME-$SIZE_T*18`($sp) - $POP r15,`$FRAME-$SIZE_T*17`($sp) - $POP r16,`$FRAME-$SIZE_T*16`($sp) - $POP r17,`$FRAME-$SIZE_T*15`($sp) - $POP r18,`$FRAME-$SIZE_T*14`($sp) - $POP r19,`$FRAME-$SIZE_T*13`($sp) - $POP r20,`$FRAME-$SIZE_T*12`($sp) - $POP r21,`$FRAME-$SIZE_T*11`($sp) - $POP r22,`$FRAME-$SIZE_T*10`($sp) - $POP r23,`$FRAME-$SIZE_T*9`($sp) - $POP r24,`$FRAME-$SIZE_T*8`($sp) - $POP r25,`$FRAME-$SIZE_T*7`($sp) - $POP r26,`$FRAME-$SIZE_T*6`($sp) - $POP r27,`$FRAME-$SIZE_T*5`($sp) - $POP r28,`$FRAME-$SIZE_T*4`($sp) - $POP r29,`$FRAME-$SIZE_T*3`($sp) - $POP r30,`$FRAME-$SIZE_T*2`($sp) - $POP r31,`$FRAME-$SIZE_T*1`($sp) - mtlr r0 - addi $sp,$sp,$FRAME - blr - .long 0 - .byte 0,12,4,1,0x80,18,1,0 - .long 0 -.size KeccakF1600,.-KeccakF1600 - -.type dword_le_load,\@function -.align 5 -dword_le_load: - lbz r0,1(r3) - lbz r4,2(r3) - lbz r5,3(r3) - insrdi r0,r4,8,48 - lbz r4,4(r3) - insrdi r0,r5,8,40 - lbz r5,5(r3) - insrdi r0,r4,8,32 - lbz r4,6(r3) - insrdi r0,r5,8,24 - lbz r5,7(r3) - insrdi r0,r4,8,16 - lbzu r4,8(r3) - insrdi r0,r5,8,8 - insrdi r0,r4,8,0 - blr - .long 0 - .byte 0,12,0x14,0,0,0,1,0 - .long 0 -.size dword_le_load,.-dword_le_load - -.globl SHA3_absorb -.type SHA3_absorb,\@function -.align 5 -SHA3_absorb: - $STU $sp,-$FRAME($sp) - mflr r0 - $PUSH r14,`$FRAME-$SIZE_T*18`($sp) - $PUSH r15,`$FRAME-$SIZE_T*17`($sp) - $PUSH r16,`$FRAME-$SIZE_T*16`($sp) - $PUSH r17,`$FRAME-$SIZE_T*15`($sp) - $PUSH r18,`$FRAME-$SIZE_T*14`($sp) - $PUSH r19,`$FRAME-$SIZE_T*13`($sp) - $PUSH r20,`$FRAME-$SIZE_T*12`($sp) - $PUSH r21,`$FRAME-$SIZE_T*11`($sp) - $PUSH r22,`$FRAME-$SIZE_T*10`($sp) - $PUSH r23,`$FRAME-$SIZE_T*9`($sp) - $PUSH r24,`$FRAME-$SIZE_T*8`($sp) - $PUSH r25,`$FRAME-$SIZE_T*7`($sp) - $PUSH r26,`$FRAME-$SIZE_T*6`($sp) - $PUSH r27,`$FRAME-$SIZE_T*5`($sp) - $PUSH r28,`$FRAME-$SIZE_T*4`($sp) - $PUSH r29,`$FRAME-$SIZE_T*3`($sp) - $PUSH r30,`$FRAME-$SIZE_T*2`($sp) - $PUSH r31,`$FRAME-$SIZE_T*1`($sp) - $PUSH r0,`$FRAME+$LRSAVE`($sp) - - bl PICmeup - subi r4,r4,1 ; prepare for lbzu - subi r12,r12,8 ; prepare for ldu - - $PUSH r3,`$LOCALS+0*$SIZE_T`($sp) ; save A[][] - $PUSH r4,`$LOCALS+1*$SIZE_T`($sp) ; save inp - $PUSH r5,`$LOCALS+2*$SIZE_T`($sp) ; save len - $PUSH r6,`$LOCALS+3*$SIZE_T`($sp) ; save bsz - mr r0,r6 - $PUSH r12,`$LOCALS+4*$SIZE_T`($sp) - - ld $A[0][0],`8*0`(r3) ; load A[5][5] - ld $A[0][1],`8*1`(r3) - ld $A[0][2],`8*2`(r3) - ld $A[0][3],`8*3`(r3) - ld $A[0][4],`8*4`(r3) - ld $A[1][0],`8*5`(r3) - ld $A[1][1],`8*6`(r3) - ld $A[1][2],`8*7`(r3) - ld $A[1][3],`8*8`(r3) - ld $A[1][4],`8*9`(r3) - ld $A[2][0],`8*10`(r3) - ld $A[2][1],`8*11`(r3) - ld $A[2][2],`8*12`(r3) - ld $A[2][3],`8*13`(r3) - ld $A[2][4],`8*14`(r3) - ld $A[3][0],`8*15`(r3) - ld $A[3][1],`8*16`(r3) - ld $A[3][2],`8*17`(r3) - ld $A[3][3],`8*18`(r3) - ld $A[3][4],`8*19`(r3) - ld $A[4][0],`8*20`(r3) - ld $A[4][1],`8*21`(r3) - ld $A[4][2],`8*22`(r3) - ld $A[4][3],`8*23`(r3) - ld $A[4][4],`8*24`(r3) - - mr r3,r4 - mr r4,r5 - mr r5,r0 - - b .Loop_absorb - -.align 4 -.Loop_absorb: - $UCMP r4,r5 ; len < bsz? - blt .Labsorbed - - sub r4,r4,r5 ; len -= bsz - srwi r5,r5,3 - $PUSH r4,`$LOCALS+2*$SIZE_T`($sp) ; save len - mtctr r5 - bl dword_le_load ; *inp++ - xor $A[0][0],$A[0][0],r0 - bdz .Lprocess_block - bl dword_le_load ; *inp++ - xor $A[0][1],$A[0][1],r0 - bdz .Lprocess_block - bl dword_le_load ; *inp++ - xor $A[0][2],$A[0][2],r0 - bdz .Lprocess_block - bl dword_le_load ; *inp++ - xor $A[0][3],$A[0][3],r0 - bdz .Lprocess_block - bl dword_le_load ; *inp++ - xor $A[0][4],$A[0][4],r0 - bdz .Lprocess_block - bl dword_le_load ; *inp++ - xor $A[1][0],$A[1][0],r0 - bdz .Lprocess_block - bl dword_le_load ; *inp++ - xor $A[1][1],$A[1][1],r0 - bdz .Lprocess_block - bl dword_le_load ; *inp++ - xor $A[1][2],$A[1][2],r0 - bdz .Lprocess_block - bl dword_le_load ; *inp++ - xor $A[1][3],$A[1][3],r0 - bdz .Lprocess_block - bl dword_le_load ; *inp++ - xor $A[1][4],$A[1][4],r0 - bdz .Lprocess_block - bl dword_le_load ; *inp++ - xor $A[2][0],$A[2][0],r0 - bdz .Lprocess_block - bl dword_le_load ; *inp++ - xor $A[2][1],$A[2][1],r0 - bdz .Lprocess_block - bl dword_le_load ; *inp++ - xor $A[2][2],$A[2][2],r0 - bdz .Lprocess_block - bl dword_le_load ; *inp++ - xor $A[2][3],$A[2][3],r0 - bdz .Lprocess_block - bl dword_le_load ; *inp++ - xor $A[2][4],$A[2][4],r0 - bdz .Lprocess_block - bl dword_le_load ; *inp++ - xor $A[3][0],$A[3][0],r0 - bdz .Lprocess_block - bl dword_le_load ; *inp++ - xor $A[3][1],$A[3][1],r0 - bdz .Lprocess_block - bl dword_le_load ; *inp++ - xor $A[3][2],$A[3][2],r0 - bdz .Lprocess_block - bl dword_le_load ; *inp++ - xor $A[3][3],$A[3][3],r0 - bdz .Lprocess_block - bl dword_le_load ; *inp++ - xor $A[3][4],$A[3][4],r0 - bdz .Lprocess_block - bl dword_le_load ; *inp++ - xor $A[4][0],$A[4][0],r0 - bdz .Lprocess_block - bl dword_le_load ; *inp++ - xor $A[4][1],$A[4][1],r0 - bdz .Lprocess_block - bl dword_le_load ; *inp++ - xor $A[4][2],$A[4][2],r0 - bdz .Lprocess_block - bl dword_le_load ; *inp++ - xor $A[4][3],$A[4][3],r0 - bdz .Lprocess_block - bl dword_le_load ; *inp++ - xor $A[4][4],$A[4][4],r0 - -.Lprocess_block: - $PUSH r3,`$LOCALS+1*$SIZE_T`($sp) ; save inp - - bl KeccakF1600_int - - $POP r0,`$LOCALS+4*$SIZE_T`($sp) ; pull iotas[24] - $POP r5,`$LOCALS+3*$SIZE_T`($sp) ; restore bsz - $POP r4,`$LOCALS+2*$SIZE_T`($sp) ; restore len - $POP r3,`$LOCALS+1*$SIZE_T`($sp) ; restore inp - addic r0,r0,`-8*24` ; rewind iotas - $PUSH r0,`$LOCALS+4*$SIZE_T`($sp) - - b .Loop_absorb - -.align 4 -.Labsorbed: - $POP r3,`$LOCALS+0*$SIZE_T`($sp) - std $A[0][0],`8*0`(r3) ; return A[5][5] - std $A[0][1],`8*1`(r3) - std $A[0][2],`8*2`(r3) - std $A[0][3],`8*3`(r3) - std $A[0][4],`8*4`(r3) - std $A[1][0],`8*5`(r3) - std $A[1][1],`8*6`(r3) - std $A[1][2],`8*7`(r3) - std $A[1][3],`8*8`(r3) - std $A[1][4],`8*9`(r3) - std $A[2][0],`8*10`(r3) - std $A[2][1],`8*11`(r3) - std $A[2][2],`8*12`(r3) - std $A[2][3],`8*13`(r3) - std $A[2][4],`8*14`(r3) - std $A[3][0],`8*15`(r3) - std $A[3][1],`8*16`(r3) - std $A[3][2],`8*17`(r3) - std $A[3][3],`8*18`(r3) - std $A[3][4],`8*19`(r3) - std $A[4][0],`8*20`(r3) - std $A[4][1],`8*21`(r3) - std $A[4][2],`8*22`(r3) - std $A[4][3],`8*23`(r3) - std $A[4][4],`8*24`(r3) - - mr r3,r4 ; return value - $POP r0,`$FRAME+$LRSAVE`($sp) - $POP r14,`$FRAME-$SIZE_T*18`($sp) - $POP r15,`$FRAME-$SIZE_T*17`($sp) - $POP r16,`$FRAME-$SIZE_T*16`($sp) - $POP r17,`$FRAME-$SIZE_T*15`($sp) - $POP r18,`$FRAME-$SIZE_T*14`($sp) - $POP r19,`$FRAME-$SIZE_T*13`($sp) - $POP r20,`$FRAME-$SIZE_T*12`($sp) - $POP r21,`$FRAME-$SIZE_T*11`($sp) - $POP r22,`$FRAME-$SIZE_T*10`($sp) - $POP r23,`$FRAME-$SIZE_T*9`($sp) - $POP r24,`$FRAME-$SIZE_T*8`($sp) - $POP r25,`$FRAME-$SIZE_T*7`($sp) - $POP r26,`$FRAME-$SIZE_T*6`($sp) - $POP r27,`$FRAME-$SIZE_T*5`($sp) - $POP r28,`$FRAME-$SIZE_T*4`($sp) - $POP r29,`$FRAME-$SIZE_T*3`($sp) - $POP r30,`$FRAME-$SIZE_T*2`($sp) - $POP r31,`$FRAME-$SIZE_T*1`($sp) - mtlr r0 - addi $sp,$sp,$FRAME - blr - .long 0 - .byte 0,12,4,1,0x80,18,4,0 - .long 0 -.size SHA3_absorb,.-SHA3_absorb -___ -{ -my ($A_flat,$out,$len,$bsz) = map("r$_",(28..31)); -$code.=<<___; -.globl SHA3_squeeze -.type SHA3_squeeze,\@function -.align 5 -SHA3_squeeze: - $STU $sp,`-10*$SIZE_T`($sp) - mflr r0 - $PUSH r28,`6*$SIZE_T`($sp) - $PUSH r29,`7*$SIZE_T`($sp) - $PUSH r30,`8*$SIZE_T`($sp) - $PUSH r31,`9*$SIZE_T`($sp) - $PUSH r0,`10*$SIZE_T+$LRSAVE`($sp) - - mr $A_flat,r3 - subi r3,r3,8 ; prepare for ldu - subi $out,r4,1 ; prepare for stbu - mr $len,r5 - mr $bsz,r6 - b .Loop_squeeze - -.align 4 -.Loop_squeeze: - ldu r0,8(r3) - ${UCMP}i $len,8 - blt .Lsqueeze_tail - - stb r0,1($out) - srdi r0,r0,8 - stb r0,2($out) - srdi r0,r0,8 - stb r0,3($out) - srdi r0,r0,8 - stb r0,4($out) - srdi r0,r0,8 - stb r0,5($out) - srdi r0,r0,8 - stb r0,6($out) - srdi r0,r0,8 - stb r0,7($out) - srdi r0,r0,8 - stbu r0,8($out) - - subic. $len,$len,8 - beq .Lsqueeze_done - - subic. r6,r6,8 - bgt .Loop_squeeze - - mr r3,$A_flat - bl KeccakF1600 - subi r3,$A_flat,8 ; prepare for ldu - mr r6,$bsz - b .Loop_squeeze - -.align 4 -.Lsqueeze_tail: - mtctr $len -.Loop_tail: - stbu r0,1($out) - srdi r0,r0,8 - bdnz .Loop_tail - -.Lsqueeze_done: - $POP r0,`10*$SIZE_T+$LRSAVE`($sp) - $POP r28,`6*$SIZE_T`($sp) - $POP r29,`7*$SIZE_T`($sp) - $POP r30,`8*$SIZE_T`($sp) - $POP r31,`9*$SIZE_T`($sp) - mtlr r0 - addi $sp,$sp,`10*$SIZE_T` - blr - .long 0 - .byte 0,12,4,1,0x80,4,4,0 - .long 0 -.size SHA3_squeeze,.-SHA3_squeeze -___ -} - -# Ugly hack here, because PPC assembler syntax seem to vary too -# much from platforms to platform... -$code.=<<___; -.align 6 -PICmeup: - mflr r0 - bcl 20,31,\$+4 - mflr r12 ; vvvvvv "distance" between . and 1st data entry - addi r12,r12,`64-8` - mtlr r0 - blr - .long 0 - .byte 0,12,0x14,0,0,0,0,0 - .space `64-9*4` -.type iotas,\@object -iotas: - .quad 0x0000000000000001 - .quad 0x0000000000008082 - .quad 0x800000000000808a - .quad 0x8000000080008000 - .quad 0x000000000000808b - .quad 0x0000000080000001 - .quad 0x8000000080008081 - .quad 0x8000000000008009 - .quad 0x000000000000008a - .quad 0x0000000000000088 - .quad 0x0000000080008009 - .quad 0x000000008000000a - .quad 0x000000008000808b - .quad 0x800000000000008b - .quad 0x8000000000008089 - .quad 0x8000000000008003 - .quad 0x8000000000008002 - .quad 0x8000000000000080 - .quad 0x000000000000800a - .quad 0x800000008000000a - .quad 0x8000000080008081 - .quad 0x8000000000008080 - .quad 0x0000000080000001 - .quad 0x8000000080008008 -.size iotas,.-iotas -.asciz "Keccak-1600 absorb and squeeze for PPC64, CRYPTOGAMS by " -___ - -$code =~ s/\`([^\`]*)\`/eval $1/gem; -print $code; -close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/sha/asm/keccak1600-s390x.pl b/crypto/sha/asm/keccak1600-s390x.pl deleted file mode 100755 index 86233c7e38f2b9116a9865480236256b5fc700e2..0000000000000000000000000000000000000000 --- a/crypto/sha/asm/keccak1600-s390x.pl +++ /dev/null @@ -1,562 +0,0 @@ -#!/usr/bin/env perl -# Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html -# -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# ==================================================================== -# -# Keccak-1600 for s390x. -# -# June 2017. -# -# Below code is [lane complementing] KECCAK_2X implementation (see -# sha/keccak1600.c) with C[5] and D[5] held in register bank. Though -# instead of actually unrolling the loop pair-wise I simply flip -# pointers to T[][] and A[][] at the end of round. Since number of -# rounds is even, last round writes to A[][] and everything works out. -# In the nutshell it's transliteration of x86_64 module, because both -# architectures have similar capabilities/limitations. Performance -# measurement is problematic as I don't have access to an idle system. -# It looks like z13 processes one byte [out of long message] in ~14 -# cycles. At least the result is consistent with estimate based on -# amount of instruction and assumed instruction issue rate. It's ~2.5x -# faster than compiler-generated code. - -# $output is the last argument if it looks like a file (it has an extension) -# $flavour is the first argument if it doesn't look like a file -$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; -$flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef; - -if ($flavour =~ /3[12]/) { - $SIZE_T=4; - $g=""; -} else { - $SIZE_T=8; - $g="g"; -} - -$output and open STDOUT,">$output"; - -my @A = map([ 8*$_, 8*($_+1), 8*($_+2), 8*($_+3), 8*($_+4) ], (0,5,10,15,20)); - -my @C = map("%r$_",(0,1,5..7)); -my @D = map("%r$_",(8..12)); -my @T = map("%r$_",(13..14)); -my ($src,$dst,$iotas) = map("%r$_",(2..4)); -my $sp = "%r15"; - -$stdframe=16*$SIZE_T+4*8; -$frame=$stdframe+25*8; - -my @rhotates = ([ 0, 1, 62, 28, 27 ], - [ 36, 44, 6, 55, 20 ], - [ 3, 10, 43, 25, 39 ], - [ 41, 45, 15, 21, 8 ], - [ 18, 2, 61, 56, 14 ]); - -{ my @C = @C; # copy, because we mess them up... - my @D = @D; - -$code.=<<___; -.text - -.type __KeccakF1600,\@function -.align 32 -__KeccakF1600: - st${g} %r14,$SIZE_T*14($sp) - lg @C[0],$A[4][0]($src) - lg @C[1],$A[4][1]($src) - lg @C[2],$A[4][2]($src) - lg @C[3],$A[4][3]($src) - lg @C[4],$A[4][4]($src) - larl $iotas,iotas - j .Loop - -.align 16 -.Loop: - lg @D[0],$A[0][0]($src) - lg @D[1],$A[1][1]($src) - lg @D[2],$A[2][2]($src) - lg @D[3],$A[3][3]($src) - - xgr @C[0],@D[0] - xg @C[1],$A[0][1]($src) - xg @C[2],$A[0][2]($src) - xg @C[3],$A[0][3]($src) - lgr @D[4],@C[4] - xg @C[4],$A[0][4]($src) - - xg @C[0],$A[1][0]($src) - xgr @C[1],@D[1] - xg @C[2],$A[1][2]($src) - xg @C[3],$A[1][3]($src) - xg @C[4],$A[1][4]($src) - - xg @C[0],$A[2][0]($src) - xg @C[1],$A[2][1]($src) - xgr @C[2],@D[2] - xg @C[3],$A[2][3]($src) - xg @C[4],$A[2][4]($src) - - xg @C[0],$A[3][0]($src) - xg @C[1],$A[3][1]($src) - xg @C[2],$A[3][2]($src) - xgr @C[3],@D[3] - xg @C[4],$A[3][4]($src) - - lgr @T[0],@C[2] - rllg @C[2],@C[2],1 - xgr @C[2],@C[0] # D[1] = ROL64(C[2], 1) ^ C[0] - - rllg @C[0],@C[0],1 - xgr @C[0],@C[3] # D[4] = ROL64(C[0], 1) ^ C[3] - - rllg @C[3],@C[3],1 - xgr @C[3],@C[1] # D[2] = ROL64(C[3], 1) ^ C[1] - - rllg @C[1],@C[1],1 - xgr @C[1],@C[4] # D[0] = ROL64(C[1], 1) ^ C[4] - - rllg @C[4],@C[4],1 - xgr @C[4],@T[0] # D[3] = ROL64(C[4], 1) ^ C[2] -___ - (@D[0..4], @C) = (@C[1..4,0], @D); -$code.=<<___; - xgr @C[1],@D[1] - xgr @C[2],@D[2] - xgr @C[3],@D[3] - rllg @C[1],@C[1],$rhotates[1][1] - xgr @C[4],@D[4] - rllg @C[2],@C[2],$rhotates[2][2] - xgr @C[0],@D[0] - - lgr @T[0],@C[1] - ogr @C[1],@C[2] - rllg @C[3],@C[3],$rhotates[3][3] - xgr @C[1],@C[0] # C[0] ^ ( C[1] | C[2]) - rllg @C[4],@C[4],$rhotates[4][4] - xg @C[1],0($iotas) - la $iotas,8($iotas) - stg @C[1],$A[0][0]($dst) # R[0][0] = C[0] ^ ( C[1] | C[2]) ^ iotas[i] - - lgr @T[1],@C[4] - ngr @C[4],@C[3] - lghi @C[1],-1 # no 'not' instruction :-( - xgr @C[4],@C[2] # C[2] ^ ( C[4] & C[3]) - xgr @C[2],@C[1] # not @C[2] - stg @C[4],$A[0][2]($dst) # R[0][2] = C[2] ^ ( C[4] & C[3]) - ogr @C[2],@C[3] - xgr @C[2],@T[0] # C[1] ^ (~C[2] | C[3]) - - ngr @T[0],@C[0] - stg @C[2],$A[0][1]($dst) # R[0][1] = C[1] ^ (~C[2] | C[3]) - xgr @T[0],@T[1] # C[4] ^ ( C[1] & C[0]) - ogr @T[1],@C[0] - stg @T[0],$A[0][4]($dst) # R[0][4] = C[4] ^ ( C[1] & C[0]) - xgr @T[1],@C[3] # C[3] ^ ( C[4] | C[0]) - stg @T[1],$A[0][3]($dst) # R[0][3] = C[3] ^ ( C[4] | C[0]) - - - lg @C[0],$A[0][3]($src) - lg @C[4],$A[4][2]($src) - lg @C[3],$A[3][1]($src) - lg @C[1],$A[1][4]($src) - lg @C[2],$A[2][0]($src) - - xgr @C[0],@D[3] - xgr @C[4],@D[2] - rllg @C[0],@C[0],$rhotates[0][3] - xgr @C[3],@D[1] - rllg @C[4],@C[4],$rhotates[4][2] - xgr @C[1],@D[4] - rllg @C[3],@C[3],$rhotates[3][1] - xgr @C[2],@D[0] - - lgr @T[0],@C[0] - ogr @C[0],@C[4] - rllg @C[1],@C[1],$rhotates[1][4] - xgr @C[0],@C[3] # C[3] ^ (C[0] | C[4]) - rllg @C[2],@C[2],$rhotates[2][0] - stg @C[0],$A[1][3]($dst) # R[1][3] = C[3] ^ (C[0] | C[4]) - - lgr @T[1],@C[1] - ngr @C[1],@T[0] - lghi @C[0],-1 # no 'not' instruction :-( - xgr @C[1],@C[4] # C[4] ^ (C[1] & C[0]) - xgr @C[4],@C[0] # not @C[4] - stg @C[1],$A[1][4]($dst) # R[1][4] = C[4] ^ (C[1] & C[0]) - - ogr @C[4],@C[3] - xgr @C[4],@C[2] # C[2] ^ (~C[4] | C[3]) - - ngr @C[3],@C[2] - stg @C[4],$A[1][2]($dst) # R[1][2] = C[2] ^ (~C[4] | C[3]) - xgr @C[3],@T[1] # C[1] ^ (C[3] & C[2]) - ogr @T[1],@C[2] - stg @C[3],$A[1][1]($dst) # R[1][1] = C[1] ^ (C[3] & C[2]) - xgr @T[1],@T[0] # C[0] ^ (C[1] | C[2]) - stg @T[1],$A[1][0]($dst) # R[1][0] = C[0] ^ (C[1] | C[2]) - - - lg @C[2],$A[2][3]($src) - lg @C[3],$A[3][4]($src) - lg @C[1],$A[1][2]($src) - lg @C[4],$A[4][0]($src) - lg @C[0],$A[0][1]($src) - - xgr @C[2],@D[3] - xgr @C[3],@D[4] - rllg @C[2],@C[2],$rhotates[2][3] - xgr @C[1],@D[2] - rllg @C[3],@C[3],$rhotates[3][4] - xgr @C[4],@D[0] - rllg @C[1],@C[1],$rhotates[1][2] - xgr @C[0],@D[1] - - lgr @T[0],@C[2] - ngr @C[2],@C[3] - rllg @C[4],@C[4],$rhotates[4][0] - xgr @C[2],@C[1] # C[1] ^ ( C[2] & C[3]) - lghi @T[1],-1 # no 'not' instruction :-( - stg @C[2],$A[2][1]($dst) # R[2][1] = C[1] ^ ( C[2] & C[3]) - - xgr @C[3],@T[1] # not @C[3] - lgr @T[1],@C[4] - ngr @C[4],@C[3] - rllg @C[0],@C[0],$rhotates[0][1] - xgr @C[4],@T[0] # C[2] ^ ( C[4] & ~C[3]) - ogr @T[0],@C[1] - stg @C[4],$A[2][2]($dst) # R[2][2] = C[2] ^ ( C[4] & ~C[3]) - xgr @T[0],@C[0] # C[0] ^ ( C[2] | C[1]) - - ngr @C[1],@C[0] - stg @T[0],$A[2][0]($dst) # R[2][0] = C[0] ^ ( C[2] | C[1]) - xgr @C[1],@T[1] # C[4] ^ ( C[1] & C[0]) - ogr @C[0],@T[1] - stg @C[1],$A[2][4]($dst) # R[2][4] = C[4] ^ ( C[1] & C[0]) - xgr @C[0],@C[3] # ~C[3] ^ ( C[0] | C[4]) - stg @C[0],$A[2][3]($dst) # R[2][3] = ~C[3] ^ ( C[0] | C[4]) - - - lg @C[2],$A[2][1]($src) - lg @C[3],$A[3][2]($src) - lg @C[1],$A[1][0]($src) - lg @C[4],$A[4][3]($src) - lg @C[0],$A[0][4]($src) - - xgr @C[2],@D[1] - xgr @C[3],@D[2] - rllg @C[2],@C[2],$rhotates[2][1] - xgr @C[1],@D[0] - rllg @C[3],@C[3],$rhotates[3][2] - xgr @C[4],@D[3] - rllg @C[1],@C[1],$rhotates[1][0] - xgr @C[0],@D[4] - rllg @C[4],@C[4],$rhotates[4][3] - - lgr @T[0],@C[2] - ogr @C[2],@C[3] - lghi @T[1],-1 # no 'not' instruction :-( - xgr @C[2],@C[1] # C[1] ^ ( C[2] | C[3]) - xgr @C[3],@T[1] # not @C[3] - stg @C[2],$A[3][1]($dst) # R[3][1] = C[1] ^ ( C[2] | C[3]) - - lgr @T[1],@C[4] - ogr @C[4],@C[3] - rllg @C[0],@C[0],$rhotates[0][4] - xgr @C[4],@T[0] # C[2] ^ ( C[4] | ~C[3]) - ngr @T[0],@C[1] - stg @C[4],$A[3][2]($dst) # R[3][2] = C[2] ^ ( C[4] | ~C[3]) - xgr @T[0],@C[0] # C[0] ^ ( C[2] & C[1]) - - ogr @C[1],@C[0] - stg @T[0],$A[3][0]($dst) # R[3][0] = C[0] ^ ( C[2] & C[1]) - xgr @C[1],@T[1] # C[4] ^ ( C[1] | C[0]) - ngr @C[0],@T[1] - stg @C[1],$A[3][4]($dst) # R[3][4] = C[4] ^ ( C[1] | C[0]) - xgr @C[0],@C[3] # ~C[3] ^ ( C[0] & C[4]) - stg @C[0],$A[3][3]($dst) # R[3][3] = ~C[3] ^ ( C[0] & C[4]) - - - xg @D[2],$A[0][2]($src) - xg @D[3],$A[1][3]($src) - xg @D[1],$A[4][1]($src) - xg @D[4],$A[2][4]($src) - xgr $dst,$src # xchg $dst,$src - rllg @D[2],@D[2],$rhotates[0][2] - xg @D[0],$A[3][0]($src) - rllg @D[3],@D[3],$rhotates[1][3] - xgr $src,$dst - rllg @D[1],@D[1],$rhotates[4][1] - xgr $dst,$src - rllg @D[4],@D[4],$rhotates[2][4] -___ - @C = @D[2..4,0,1]; -$code.=<<___; - lgr @T[0],@C[0] - ngr @C[0],@C[1] - lghi @T[1],-1 # no 'not' instruction :-( - xgr @C[0],@C[4] # C[4] ^ ( C[0] & C[1]) - xgr @C[1],@T[1] # not @C[1] - stg @C[0],$A[4][4]($src) # R[4][4] = C[4] ^ ( C[0] & C[1]) - - lgr @T[1],@C[2] - ngr @C[2],@C[1] - rllg @D[0],@D[0],$rhotates[3][0] - xgr @C[2],@T[0] # C[0] ^ ( C[2] & ~C[1]) - ogr @T[0],@C[4] - stg @C[2],$A[4][0]($src) # R[4][0] = C[0] ^ ( C[2] & ~C[1]) - xgr @T[0],@C[3] # C[3] ^ ( C[0] | C[4]) - - ngr @C[4],@C[3] - stg @T[0],$A[4][3]($src) # R[4][3] = C[3] ^ ( C[0] | C[4]) - xgr @C[4],@T[1] # C[2] ^ ( C[4] & C[3]) - ogr @C[3],@T[1] - stg @C[4],$A[4][2]($src) # R[4][2] = C[2] ^ ( C[4] & C[3]) - xgr @C[3],@C[1] # ~C[1] ^ ( C[2] | C[3]) - - lgr @C[1],@C[0] # harmonize with the loop top - lgr @C[0],@T[0] - stg @C[3],$A[4][1]($src) # R[4][1] = ~C[1] ^ ( C[2] | C[3]) - - tmll $iotas,255 - jnz .Loop - - l${g} %r14,$SIZE_T*14($sp) - br %r14 -.size __KeccakF1600,.-__KeccakF1600 -___ -} -{ -$code.=<<___; -.type KeccakF1600,\@function -.align 32 -KeccakF1600: -.LKeccakF1600: - lghi %r1,-$frame - stm${g} %r6,%r15,$SIZE_T*6($sp) - lgr %r0,$sp - la $sp,0(%r1,$sp) - st${g} %r0,0($sp) - - lghi @D[0],-1 # no 'not' instruction :-( - lghi @D[1],-1 - lghi @D[2],-1 - lghi @D[3],-1 - lghi @D[4],-1 - lghi @T[0],-1 - xg @D[0],$A[0][1]($src) - xg @D[1],$A[0][2]($src) - xg @D[2],$A[1][3]($src) - xg @D[3],$A[2][2]($src) - xg @D[4],$A[3][2]($src) - xg @T[0],$A[4][0]($src) - stmg @D[0],@D[1],$A[0][1]($src) - stg @D[2],$A[1][3]($src) - stg @D[3],$A[2][2]($src) - stg @D[4],$A[3][2]($src) - stg @T[0],$A[4][0]($src) - - la $dst,$stdframe($sp) - - bras %r14,__KeccakF1600 - - lghi @D[0],-1 # no 'not' instruction :-( - lghi @D[1],-1 - lghi @D[2],-1 - lghi @D[3],-1 - lghi @D[4],-1 - lghi @T[0],-1 - xg @D[0],$A[0][1]($src) - xg @D[1],$A[0][2]($src) - xg @D[2],$A[1][3]($src) - xg @D[3],$A[2][2]($src) - xg @D[4],$A[3][2]($src) - xg @T[0],$A[4][0]($src) - stmg @D[0],@D[1],$A[0][1]($src) - stg @D[2],$A[1][3]($src) - stg @D[3],$A[2][2]($src) - stg @D[4],$A[3][2]($src) - stg @T[0],$A[4][0]($src) - - lm${g} %r6,%r15,$frame+6*$SIZE_T($sp) - br %r14 -.size KeccakF1600,.-KeccakF1600 -___ -} -{ my ($A_flat,$inp,$len,$bsz) = map("%r$_",(2..5)); - -$code.=<<___; -.globl SHA3_absorb -.type SHA3_absorb,\@function -.align 32 -SHA3_absorb: - lghi %r1,-$frame - stm${g} %r5,%r15,$SIZE_T*5($sp) - lgr %r0,$sp - la $sp,0(%r1,$sp) - st${g} %r0,0($sp) - - lghi @D[0],-1 # no 'not' instruction :-( - lghi @D[1],-1 - lghi @D[2],-1 - lghi @D[3],-1 - lghi @D[4],-1 - lghi @T[0],-1 - xg @D[0],$A[0][1]($src) - xg @D[1],$A[0][2]($src) - xg @D[2],$A[1][3]($src) - xg @D[3],$A[2][2]($src) - xg @D[4],$A[3][2]($src) - xg @T[0],$A[4][0]($src) - stmg @D[0],@D[1],$A[0][1]($src) - stg @D[2],$A[1][3]($src) - stg @D[3],$A[2][2]($src) - stg @D[4],$A[3][2]($src) - stg @T[0],$A[4][0]($src) - -.Loop_absorb: - cl${g}r $len,$bsz - jl .Ldone_absorb - - srl${g} $bsz,3 - la %r1,0($A_flat) - -.Lblock_absorb: - lrvg %r0,0($inp) - la $inp,8($inp) - xg %r0,0(%r1) - a${g}hi $len,-8 - stg %r0,0(%r1) - la %r1,8(%r1) - brct $bsz,.Lblock_absorb - - stm${g} $inp,$len,$frame+3*$SIZE_T($sp) - la $dst,$stdframe($sp) - bras %r14,__KeccakF1600 - lm${g} $inp,$bsz,$frame+3*$SIZE_T($sp) - j .Loop_absorb - -.align 16 -.Ldone_absorb: - lghi @D[0],-1 # no 'not' instruction :-( - lghi @D[1],-1 - lghi @D[2],-1 - lghi @D[3],-1 - lghi @D[4],-1 - lghi @T[0],-1 - xg @D[0],$A[0][1]($src) - xg @D[1],$A[0][2]($src) - xg @D[2],$A[1][3]($src) - xg @D[3],$A[2][2]($src) - xg @D[4],$A[3][2]($src) - xg @T[0],$A[4][0]($src) - stmg @D[0],@D[1],$A[0][1]($src) - stg @D[2],$A[1][3]($src) - stg @D[3],$A[2][2]($src) - stg @D[4],$A[3][2]($src) - stg @T[0],$A[4][0]($src) - - lgr %r2,$len # return value - - lm${g} %r6,%r15,$frame+6*$SIZE_T($sp) - br %r14 -.size SHA3_absorb,.-SHA3_absorb -___ -} -{ my ($A_flat,$out,$len,$bsz) = map("%r$_",(2..5)); - -$code.=<<___; -.globl SHA3_squeeze -.type SHA3_squeeze,\@function -.align 32 -SHA3_squeeze: - srl${g} $bsz,3 - st${g} %r14,2*$SIZE_T($sp) - lghi %r14,8 - st${g} $bsz,5*$SIZE_T($sp) - la %r1,0($A_flat) - - j .Loop_squeeze - -.align 16 -.Loop_squeeze: - cl${g}r $len,%r14 - jl .Ltail_squeeze - - lrvg %r0,0(%r1) - la %r1,8(%r1) - stg %r0,0($out) - la $out,8($out) - a${g}hi $len,-8 # len -= 8 - jz .Ldone_squeeze - - brct $bsz,.Loop_squeeze # bsz-- - - stm${g} $out,$len,3*$SIZE_T($sp) - bras %r14,.LKeccakF1600 - lm${g} $out,$bsz,3*$SIZE_T($sp) - lghi %r14,8 - la %r1,0($A_flat) - j .Loop_squeeze - -.Ltail_squeeze: - lg %r0,0(%r1) -.Loop_tail_squeeze: - stc %r0,0($out) - la $out,1($out) - srlg %r0,8 - brct $len,.Loop_tail_squeeze - -.Ldone_squeeze: - l${g} %r14,2*$SIZE_T($sp) - br %r14 -.size SHA3_squeeze,.-SHA3_squeeze -___ -} -$code.=<<___; -.align 256 - .quad 0,0,0,0,0,0,0,0 -.type iotas,\@object -iotas: - .quad 0x0000000000000001 - .quad 0x0000000000008082 - .quad 0x800000000000808a - .quad 0x8000000080008000 - .quad 0x000000000000808b - .quad 0x0000000080000001 - .quad 0x8000000080008081 - .quad 0x8000000000008009 - .quad 0x000000000000008a - .quad 0x0000000000000088 - .quad 0x0000000080008009 - .quad 0x000000008000000a - .quad 0x000000008000808b - .quad 0x800000000000008b - .quad 0x8000000000008089 - .quad 0x8000000000008003 - .quad 0x8000000000008002 - .quad 0x8000000000000080 - .quad 0x000000000000800a - .quad 0x800000008000000a - .quad 0x8000000080008081 - .quad 0x8000000000008080 - .quad 0x0000000080000001 - .quad 0x8000000080008008 -.size iotas,.-iotas -.asciz "Keccak-1600 absorb and squeeze for s390x, CRYPTOGAMS by " -___ - -# unlike 32-bit shift 64-bit one takes three arguments -$code =~ s/(srlg\s+)(%r[0-9]+),/$1$2,$2,/gm; - -print $code; -close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/sha/asm/keccak1600-x86_64.pl b/crypto/sha/asm/keccak1600-x86_64.pl deleted file mode 100755 index 02f0116014d68d2e9fa3e13058b065cd7c331eba..0000000000000000000000000000000000000000 --- a/crypto/sha/asm/keccak1600-x86_64.pl +++ /dev/null @@ -1,611 +0,0 @@ -#!/usr/bin/env perl -# Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html -# -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# ==================================================================== -# -# Keccak-1600 for x86_64. -# -# June 2017. -# -# Below code is [lane complementing] KECCAK_2X implementation (see -# sha/keccak1600.c) with C[5] and D[5] held in register bank. Though -# instead of actually unrolling the loop pair-wise I simply flip -# pointers to T[][] and A[][] at the end of round. Since number of -# rounds is even, last round writes to A[][] and everything works out. -# How does it compare to x86_64 assembly module in Keccak Code Package? -# Depending on processor it's either as fast or faster by up to 15%... -# -######################################################################## -# Numbers are cycles per processed byte out of large message. -# -# r=1088(*) -# -# P4 25.8 -# Core 2 12.9 -# Westmere 13.7 -# Sandy Bridge 12.9(**) -# Haswell 9.6 -# Skylake 9.4 -# Silvermont 22.8 -# Goldmont 15.8 -# VIA Nano 17.3 -# Sledgehammer 13.3 -# Bulldozer 16.5 -# Ryzen 8.8 -# -# (*) Corresponds to SHA3-256. Improvement over compiler-generate -# varies a lot, most common coefficient is 15% in comparison to -# gcc-5.x, 50% for gcc-4.x, 90% for gcc-3.x. -# (**) Sandy Bridge has broken rotate instruction. Performance can be -# improved by 14% by replacing rotates with double-precision -# shift with same register as source and destination. - -# $output is the last argument if it looks like a file (it has an extension) -# $flavour is the first argument if it doesn't look like a file -$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; -$flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef; - -$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/); - -$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; -( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or -( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or -die "can't locate x86_64-xlate.pl"; - -open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"" - or die "can't call $xlate: $!"; -*STDOUT=*OUT; - -my @A = map([ 8*$_-100, 8*($_+1)-100, 8*($_+2)-100, - 8*($_+3)-100, 8*($_+4)-100 ], (0,5,10,15,20)); - -my @C = ("%rax","%rbx","%rcx","%rdx","%rbp"); -my @D = map("%r$_",(8..12)); -my @T = map("%r$_",(13..14)); -my $iotas = "%r15"; - -my @rhotates = ([ 0, 1, 62, 28, 27 ], - [ 36, 44, 6, 55, 20 ], - [ 3, 10, 43, 25, 39 ], - [ 41, 45, 15, 21, 8 ], - [ 18, 2, 61, 56, 14 ]); - -$code.=<<___; -.text - -.type __KeccakF1600,\@abi-omnipotent -.align 32 -__KeccakF1600: -.cfi_startproc - mov $A[4][0](%rdi),@C[0] - mov $A[4][1](%rdi),@C[1] - mov $A[4][2](%rdi),@C[2] - mov $A[4][3](%rdi),@C[3] - mov $A[4][4](%rdi),@C[4] - jmp .Loop - -.align 32 -.Loop: - mov $A[0][0](%rdi),@D[0] - mov $A[1][1](%rdi),@D[1] - mov $A[2][2](%rdi),@D[2] - mov $A[3][3](%rdi),@D[3] - - xor $A[0][2](%rdi),@C[2] - xor $A[0][3](%rdi),@C[3] - xor @D[0], @C[0] - xor $A[0][1](%rdi),@C[1] - xor $A[1][2](%rdi),@C[2] - xor $A[1][0](%rdi),@C[0] - mov @C[4],@D[4] - xor $A[0][4](%rdi),@C[4] - - xor @D[2], @C[2] - xor $A[2][0](%rdi),@C[0] - xor $A[1][3](%rdi),@C[3] - xor @D[1], @C[1] - xor $A[1][4](%rdi),@C[4] - - xor $A[3][2](%rdi),@C[2] - xor $A[3][0](%rdi),@C[0] - xor $A[2][3](%rdi),@C[3] - xor $A[2][1](%rdi),@C[1] - xor $A[2][4](%rdi),@C[4] - - mov @C[2],@T[0] - rol \$1,@C[2] - xor @C[0],@C[2] # D[1] = ROL64(C[2], 1) ^ C[0] - xor @D[3], @C[3] - - rol \$1,@C[0] - xor @C[3],@C[0] # D[4] = ROL64(C[0], 1) ^ C[3] - xor $A[3][1](%rdi),@C[1] - - rol \$1,@C[3] - xor @C[1],@C[3] # D[2] = ROL64(C[3], 1) ^ C[1] - xor $A[3][4](%rdi),@C[4] - - rol \$1,@C[1] - xor @C[4],@C[1] # D[0] = ROL64(C[1], 1) ^ C[4] - - rol \$1,@C[4] - xor @T[0],@C[4] # D[3] = ROL64(C[4], 1) ^ C[2] -___ - (@D[0..4], @C) = (@C[1..4,0], @D); -$code.=<<___; - xor @D[1],@C[1] - xor @D[2],@C[2] - rol \$$rhotates[1][1],@C[1] - xor @D[3],@C[3] - xor @D[4],@C[4] - rol \$$rhotates[2][2],@C[2] - xor @D[0],@C[0] - mov @C[1],@T[0] - rol \$$rhotates[3][3],@C[3] - or @C[2],@C[1] - xor @C[0],@C[1] # C[0] ^ ( C[1] | C[2]) - rol \$$rhotates[4][4],@C[4] - - xor ($iotas),@C[1] - lea 8($iotas),$iotas - - mov @C[4],@T[1] - and @C[3],@C[4] - mov @C[1],$A[0][0](%rsi) # R[0][0] = C[0] ^ ( C[1] | C[2]) ^ iotas[i] - xor @C[2],@C[4] # C[2] ^ ( C[4] & C[3]) - not @C[2] - mov @C[4],$A[0][2](%rsi) # R[0][2] = C[2] ^ ( C[4] & C[3]) - - or @C[3],@C[2] - mov $A[4][2](%rdi),@C[4] - xor @T[0],@C[2] # C[1] ^ (~C[2] | C[3]) - mov @C[2],$A[0][1](%rsi) # R[0][1] = C[1] ^ (~C[2] | C[3]) - - and @C[0],@T[0] - mov $A[1][4](%rdi),@C[1] - xor @T[1],@T[0] # C[4] ^ ( C[1] & C[0]) - mov $A[2][0](%rdi),@C[2] - mov @T[0],$A[0][4](%rsi) # R[0][4] = C[4] ^ ( C[1] & C[0]) - - or @C[0],@T[1] - mov $A[0][3](%rdi),@C[0] - xor @C[3],@T[1] # C[3] ^ ( C[4] | C[0]) - mov $A[3][1](%rdi),@C[3] - mov @T[1],$A[0][3](%rsi) # R[0][3] = C[3] ^ ( C[4] | C[0]) - - - xor @D[3],@C[0] - xor @D[2],@C[4] - rol \$$rhotates[0][3],@C[0] - xor @D[1],@C[3] - xor @D[4],@C[1] - rol \$$rhotates[4][2],@C[4] - rol \$$rhotates[3][1],@C[3] - xor @D[0],@C[2] - rol \$$rhotates[1][4],@C[1] - mov @C[0],@T[0] - or @C[4],@C[0] - rol \$$rhotates[2][0],@C[2] - - xor @C[3],@C[0] # C[3] ^ (C[0] | C[4]) - mov @C[0],$A[1][3](%rsi) # R[1][3] = C[3] ^ (C[0] | C[4]) - - mov @C[1],@T[1] - and @T[0],@C[1] - mov $A[0][1](%rdi),@C[0] - xor @C[4],@C[1] # C[4] ^ (C[1] & C[0]) - not @C[4] - mov @C[1],$A[1][4](%rsi) # R[1][4] = C[4] ^ (C[1] & C[0]) - - or @C[3],@C[4] - mov $A[1][2](%rdi),@C[1] - xor @C[2],@C[4] # C[2] ^ (~C[4] | C[3]) - mov @C[4],$A[1][2](%rsi) # R[1][2] = C[2] ^ (~C[4] | C[3]) - - and @C[2],@C[3] - mov $A[4][0](%rdi),@C[4] - xor @T[1],@C[3] # C[1] ^ (C[3] & C[2]) - mov @C[3],$A[1][1](%rsi) # R[1][1] = C[1] ^ (C[3] & C[2]) - - or @C[2],@T[1] - mov $A[2][3](%rdi),@C[2] - xor @T[0],@T[1] # C[0] ^ (C[1] | C[2]) - mov $A[3][4](%rdi),@C[3] - mov @T[1],$A[1][0](%rsi) # R[1][0] = C[0] ^ (C[1] | C[2]) - - - xor @D[3],@C[2] - xor @D[4],@C[3] - rol \$$rhotates[2][3],@C[2] - xor @D[2],@C[1] - rol \$$rhotates[3][4],@C[3] - xor @D[0],@C[4] - rol \$$rhotates[1][2],@C[1] - xor @D[1],@C[0] - rol \$$rhotates[4][0],@C[4] - mov @C[2],@T[0] - and @C[3],@C[2] - rol \$$rhotates[0][1],@C[0] - - not @C[3] - xor @C[1],@C[2] # C[1] ^ ( C[2] & C[3]) - mov @C[2],$A[2][1](%rsi) # R[2][1] = C[1] ^ ( C[2] & C[3]) - - mov @C[4],@T[1] - and @C[3],@C[4] - mov $A[2][1](%rdi),@C[2] - xor @T[0],@C[4] # C[2] ^ ( C[4] & ~C[3]) - mov @C[4],$A[2][2](%rsi) # R[2][2] = C[2] ^ ( C[4] & ~C[3]) - - or @C[1],@T[0] - mov $A[4][3](%rdi),@C[4] - xor @C[0],@T[0] # C[0] ^ ( C[2] | C[1]) - mov @T[0],$A[2][0](%rsi) # R[2][0] = C[0] ^ ( C[2] | C[1]) - - and @C[0],@C[1] - xor @T[1],@C[1] # C[4] ^ ( C[1] & C[0]) - mov @C[1],$A[2][4](%rsi) # R[2][4] = C[4] ^ ( C[1] & C[0]) - - or @C[0],@T[1] - mov $A[1][0](%rdi),@C[1] - xor @C[3],@T[1] # ~C[3] ^ ( C[0] | C[4]) - mov $A[3][2](%rdi),@C[3] - mov @T[1],$A[2][3](%rsi) # R[2][3] = ~C[3] ^ ( C[0] | C[4]) - - - mov $A[0][4](%rdi),@C[0] - - xor @D[1],@C[2] - xor @D[2],@C[3] - rol \$$rhotates[2][1],@C[2] - xor @D[0],@C[1] - rol \$$rhotates[3][2],@C[3] - xor @D[3],@C[4] - rol \$$rhotates[1][0],@C[1] - xor @D[4],@C[0] - rol \$$rhotates[4][3],@C[4] - mov @C[2],@T[0] - or @C[3],@C[2] - rol \$$rhotates[0][4],@C[0] - - not @C[3] - xor @C[1],@C[2] # C[1] ^ ( C[2] | C[3]) - mov @C[2],$A[3][1](%rsi) # R[3][1] = C[1] ^ ( C[2] | C[3]) - - mov @C[4],@T[1] - or @C[3],@C[4] - xor @T[0],@C[4] # C[2] ^ ( C[4] | ~C[3]) - mov @C[4],$A[3][2](%rsi) # R[3][2] = C[2] ^ ( C[4] | ~C[3]) - - and @C[1],@T[0] - xor @C[0],@T[0] # C[0] ^ ( C[2] & C[1]) - mov @T[0],$A[3][0](%rsi) # R[3][0] = C[0] ^ ( C[2] & C[1]) - - or @C[0],@C[1] - xor @T[1],@C[1] # C[4] ^ ( C[1] | C[0]) - mov @C[1],$A[3][4](%rsi) # R[3][4] = C[4] ^ ( C[1] | C[0]) - - and @T[1],@C[0] - xor @C[3],@C[0] # ~C[3] ^ ( C[0] & C[4]) - mov @C[0],$A[3][3](%rsi) # R[3][3] = ~C[3] ^ ( C[0] & C[4]) - - - xor $A[0][2](%rdi),@D[2] - xor $A[1][3](%rdi),@D[3] - rol \$$rhotates[0][2],@D[2] - xor $A[4][1](%rdi),@D[1] - rol \$$rhotates[1][3],@D[3] - xor $A[2][4](%rdi),@D[4] - rol \$$rhotates[4][1],@D[1] - xor $A[3][0](%rdi),@D[0] - xchg %rsi,%rdi - rol \$$rhotates[2][4],@D[4] - rol \$$rhotates[3][0],@D[0] -___ - @C = @D[2..4,0,1]; -$code.=<<___; - mov @C[0],@T[0] - and @C[1],@C[0] - not @C[1] - xor @C[4],@C[0] # C[4] ^ ( C[0] & C[1]) - mov @C[0],$A[4][4](%rdi) # R[4][4] = C[4] ^ ( C[0] & C[1]) - - mov @C[2],@T[1] - and @C[1],@C[2] - xor @T[0],@C[2] # C[0] ^ ( C[2] & ~C[1]) - mov @C[2],$A[4][0](%rdi) # R[4][0] = C[0] ^ ( C[2] & ~C[1]) - - or @C[4],@T[0] - xor @C[3],@T[0] # C[3] ^ ( C[0] | C[4]) - mov @T[0],$A[4][3](%rdi) # R[4][3] = C[3] ^ ( C[0] | C[4]) - - and @C[3],@C[4] - xor @T[1],@C[4] # C[2] ^ ( C[4] & C[3]) - mov @C[4],$A[4][2](%rdi) # R[4][2] = C[2] ^ ( C[4] & C[3]) - - or @T[1],@C[3] - xor @C[1],@C[3] # ~C[1] ^ ( C[2] | C[3]) - mov @C[3],$A[4][1](%rdi) # R[4][1] = ~C[1] ^ ( C[2] | C[3]) - - mov @C[0],@C[1] # harmonize with the loop top - mov @T[0],@C[0] - - test \$255,$iotas - jnz .Loop - - lea -192($iotas),$iotas # rewind iotas - ret -.cfi_endproc -.size __KeccakF1600,.-__KeccakF1600 - -.type KeccakF1600,\@abi-omnipotent -.align 32 -KeccakF1600: -.cfi_startproc - push %rbx -.cfi_push %rbx - push %rbp -.cfi_push %rbp - push %r12 -.cfi_push %r12 - push %r13 -.cfi_push %r13 - push %r14 -.cfi_push %r14 - push %r15 -.cfi_push %r15 - - lea 100(%rdi),%rdi # size optimization - sub \$200,%rsp -.cfi_adjust_cfa_offset 200 - - notq $A[0][1](%rdi) - notq $A[0][2](%rdi) - notq $A[1][3](%rdi) - notq $A[2][2](%rdi) - notq $A[3][2](%rdi) - notq $A[4][0](%rdi) - - lea iotas(%rip),$iotas - lea 100(%rsp),%rsi # size optimization - - call __KeccakF1600 - - notq $A[0][1](%rdi) - notq $A[0][2](%rdi) - notq $A[1][3](%rdi) - notq $A[2][2](%rdi) - notq $A[3][2](%rdi) - notq $A[4][0](%rdi) - lea -100(%rdi),%rdi # preserve A[][] - - add \$200,%rsp -.cfi_adjust_cfa_offset -200 - - pop %r15 -.cfi_pop %r15 - pop %r14 -.cfi_pop %r14 - pop %r13 -.cfi_pop %r13 - pop %r12 -.cfi_pop %r12 - pop %rbp -.cfi_pop %rbp - pop %rbx -.cfi_pop %rbx - ret -.cfi_endproc -.size KeccakF1600,.-KeccakF1600 -___ - -{ my ($A_flat,$inp,$len,$bsz) = ("%rdi","%rsi","%rdx","%rcx"); - ($A_flat,$inp) = ("%r8","%r9"); -$code.=<<___; -.globl SHA3_absorb -.type SHA3_absorb,\@function,4 -.align 32 -SHA3_absorb: -.cfi_startproc - push %rbx -.cfi_push %rbx - push %rbp -.cfi_push %rbp - push %r12 -.cfi_push %r12 - push %r13 -.cfi_push %r13 - push %r14 -.cfi_push %r14 - push %r15 -.cfi_push %r15 - - lea 100(%rdi),%rdi # size optimization - sub \$232,%rsp -.cfi_adjust_cfa_offset 232 - - mov %rsi,$inp - lea 100(%rsp),%rsi # size optimization - - notq $A[0][1](%rdi) - notq $A[0][2](%rdi) - notq $A[1][3](%rdi) - notq $A[2][2](%rdi) - notq $A[3][2](%rdi) - notq $A[4][0](%rdi) - lea iotas(%rip),$iotas - - mov $bsz,216-100(%rsi) # save bsz - -.Loop_absorb: - cmp $bsz,$len - jc .Ldone_absorb - - shr \$3,$bsz - lea -100(%rdi),$A_flat - -.Lblock_absorb: - mov ($inp),%rax - lea 8($inp),$inp - xor ($A_flat),%rax - lea 8($A_flat),$A_flat - sub \$8,$len - mov %rax,-8($A_flat) - sub \$1,$bsz - jnz .Lblock_absorb - - mov $inp,200-100(%rsi) # save inp - mov $len,208-100(%rsi) # save len - call __KeccakF1600 - mov 200-100(%rsi),$inp # pull inp - mov 208-100(%rsi),$len # pull len - mov 216-100(%rsi),$bsz # pull bsz - jmp .Loop_absorb - -.align 32 -.Ldone_absorb: - mov $len,%rax # return value - - notq $A[0][1](%rdi) - notq $A[0][2](%rdi) - notq $A[1][3](%rdi) - notq $A[2][2](%rdi) - notq $A[3][2](%rdi) - notq $A[4][0](%rdi) - - add \$232,%rsp -.cfi_adjust_cfa_offset -232 - - pop %r15 -.cfi_pop %r15 - pop %r14 -.cfi_pop %r14 - pop %r13 -.cfi_pop %r13 - pop %r12 -.cfi_pop %r12 - pop %rbp -.cfi_pop %rbp - pop %rbx -.cfi_pop %rbx - ret -.cfi_endproc -.size SHA3_absorb,.-SHA3_absorb -___ -} -{ my ($A_flat,$out,$len,$bsz) = ("%rdi","%rsi","%rdx","%rcx"); - ($out,$len,$bsz) = ("%r12","%r13","%r14"); - -$code.=<<___; -.globl SHA3_squeeze -.type SHA3_squeeze,\@function,4 -.align 32 -SHA3_squeeze: -.cfi_startproc - push %r12 -.cfi_push %r12 - push %r13 -.cfi_push %r13 - push %r14 -.cfi_push %r14 - - shr \$3,%rcx - mov $A_flat,%r8 - mov %rsi,$out - mov %rdx,$len - mov %rcx,$bsz - jmp .Loop_squeeze - -.align 32 -.Loop_squeeze: - cmp \$8,$len - jb .Ltail_squeeze - - mov (%r8),%rax - lea 8(%r8),%r8 - mov %rax,($out) - lea 8($out),$out - sub \$8,$len # len -= 8 - jz .Ldone_squeeze - - sub \$1,%rcx # bsz-- - jnz .Loop_squeeze - - call KeccakF1600 - mov $A_flat,%r8 - mov $bsz,%rcx - jmp .Loop_squeeze - -.Ltail_squeeze: - mov %r8, %rsi - mov $out,%rdi - mov $len,%rcx - .byte 0xf3,0xa4 # rep movsb - -.Ldone_squeeze: - pop %r14 -.cfi_pop %r14 - pop %r13 -.cfi_pop %r13 - pop %r12 -.cfi_pop %r13 - ret -.cfi_endproc -.size SHA3_squeeze,.-SHA3_squeeze -___ -} -$code.=<<___; -.align 256 - .quad 0,0,0,0,0,0,0,0 -.type iotas,\@object -iotas: - .quad 0x0000000000000001 - .quad 0x0000000000008082 - .quad 0x800000000000808a - .quad 0x8000000080008000 - .quad 0x000000000000808b - .quad 0x0000000080000001 - .quad 0x8000000080008081 - .quad 0x8000000000008009 - .quad 0x000000000000008a - .quad 0x0000000000000088 - .quad 0x0000000080008009 - .quad 0x000000008000000a - .quad 0x000000008000808b - .quad 0x800000000000008b - .quad 0x8000000000008089 - .quad 0x8000000000008003 - .quad 0x8000000000008002 - .quad 0x8000000000000080 - .quad 0x000000000000800a - .quad 0x800000008000000a - .quad 0x8000000080008081 - .quad 0x8000000000008080 - .quad 0x0000000080000001 - .quad 0x8000000080008008 -.size iotas,.-iotas -.asciz "Keccak-1600 absorb and squeeze for x86_64, CRYPTOGAMS by " -___ - -foreach (split("\n",$code)) { - # Below replacement results in 11.2 on Sandy Bridge, 9.4 on - # Haswell, but it hurts other processors by up to 2-3-4x... - #s/rol\s+(\$[0-9]+),(%[a-z][a-z0-9]+)/shld\t$1,$2,$2/; - # Below replacement results in 9.3 on Haswell [as well as - # on Ryzen, i.e. it *hurts* Ryzen]... - #s/rol\s+\$([0-9]+),(%[a-z][a-z0-9]+)/rorx\t\$64-$1,$2,$2/; - - print $_, "\n"; -} - -close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/sha/asm/keccak1600p8-ppc.pl b/crypto/sha/asm/keccak1600p8-ppc.pl deleted file mode 100755 index 7554c87f208319c04522a360057abff689911257..0000000000000000000000000000000000000000 --- a/crypto/sha/asm/keccak1600p8-ppc.pl +++ /dev/null @@ -1,854 +0,0 @@ -#!/usr/bin/env perl -# Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html -# -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# ==================================================================== -# -# Keccak-1600 for PowerISA 2.07. -# -# June 2017. -# -# This is straightforward KECCAK_1X_ALT SIMD implementation, but with -# disjoint Rho and Pi. The module is ABI-bitness- and endian-neutral. -# POWER8 processor spends 9.8 cycles to process byte out of large -# buffer for r=1088, which matches SHA3-256. This is 17% better than -# scalar PPC64 code. It probably should be noted that if POWER8's -# successor can achieve higher scalar instruction issue rate, then -# this module will loose... And it does on POWER9 with 12.0 vs. 9.4. - -# $output is the last argument if it looks like a file (it has an extension) -# $flavour is the first argument if it doesn't look like a file -$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; -$flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef; - -if ($flavour =~ /64/) { - $SIZE_T =8; - $LRSAVE =2*$SIZE_T; - $UCMP ="cmpld"; - $STU ="stdu"; - $POP ="ld"; - $PUSH ="std"; -} elsif ($flavour =~ /32/) { - $SIZE_T =4; - $LRSAVE =$SIZE_T; - $STU ="stwu"; - $POP ="lwz"; - $PUSH ="stw"; - $UCMP ="cmplw"; -} else { die "nonsense $flavour"; } - -$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; -( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or -( $xlate="${dir}../../perlasm/ppc-xlate.pl" and -f $xlate) or -die "can't locate ppc-xlate.pl"; - -open STDOUT,"| $^X $xlate $flavour \"$output\"" - or die "can't call $xlate: $!"; - -$FRAME=6*$SIZE_T+13*16; # 13*16 is for v20-v31 offload - -my $sp ="r1"; - -my $iotas = "r12"; - -######################################################################## -# Register layout: -# -# v0 A[0][0] A[1][0] -# v1 A[0][1] A[1][1] -# v2 A[0][2] A[1][2] -# v3 A[0][3] A[1][3] -# v4 A[0][4] A[1][4] -# -# v5 A[2][0] A[3][0] -# v6 A[2][1] A[3][1] -# v7 A[2][2] A[3][2] -# v8 A[2][3] A[3][3] -# v9 A[2][4] A[3][4] -# -# v10 A[4][0] A[4][1] -# v11 A[4][2] A[4][3] -# v12 A[4][4] A[4][4] -# -# v13..25 rhotates[][] -# v26..31 volatile -# -$code.=<<___; -.machine "any" -.text - -.type KeccakF1600_int,\@function -.align 5 -KeccakF1600_int: - li r0,24 - mtctr r0 - li r0,0 - b .Loop - -.align 4 -.Loop: - ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; Theta - vxor v26,v0, v5 ; A[0..1][0]^A[2..3][0] - vxor v27,v1, v6 ; A[0..1][1]^A[2..3][1] - vxor v28,v2, v7 ; A[0..1][2]^A[2..3][2] - vxor v29,v3, v8 ; A[0..1][3]^A[2..3][3] - vxor v30,v4, v9 ; A[0..1][4]^A[2..3][4] - vpermdi v31,v26,v27,0b00 ; A[0][0..1]^A[2][0..1] - vpermdi v26,v26,v27,0b11 ; A[1][0..1]^A[3][0..1] - vpermdi v27,v28,v29,0b00 ; A[0][2..3]^A[2][2..3] - vpermdi v28,v28,v29,0b11 ; A[1][2..3]^A[3][2..3] - vpermdi v29,v30,v30,0b10 ; A[1..0][4]^A[3..2][4] - vxor v26,v26,v31 ; C[0..1] - vxor v27,v27,v28 ; C[2..3] - vxor v28,v29,v30 ; C[4..4] - vspltisb v31,1 - vxor v26,v26,v10 ; C[0..1] ^= A[4][0..1] - vxor v27,v27,v11 ; C[2..3] ^= A[4][2..3] - vxor v28,v28,v12 ; C[4..4] ^= A[4][4..4], low! - - vrld v29,v26,v31 ; ROL64(C[0..1],1) - vrld v30,v27,v31 ; ROL64(C[2..3],1) - vrld v31,v28,v31 ; ROL64(C[4..4],1) - vpermdi v31,v31,v29,0b10 - vxor v26,v26,v30 ; C[0..1] ^= ROL64(C[2..3],1) - vxor v27,v27,v31 ; C[2..3] ^= ROL64(C[4..0],1) - vxor v28,v28,v29 ; C[4..4] ^= ROL64(C[0..1],1), low! - - vpermdi v29,v26,v26,0b00 ; C[0..0] - vpermdi v30,v28,v26,0b10 ; C[4..0] - vpermdi v31,v28,v28,0b11 ; C[4..4] - vxor v1, v1, v29 ; A[0..1][1] ^= C[0..0] - vxor v6, v6, v29 ; A[2..3][1] ^= C[0..0] - vxor v10,v10,v30 ; A[4][0..1] ^= C[4..0] - vxor v0, v0, v31 ; A[0..1][0] ^= C[4..4] - vxor v5, v5, v31 ; A[2..3][0] ^= C[4..4] - - vpermdi v29,v27,v27,0b00 ; C[2..2] - vpermdi v30,v26,v26,0b11 ; C[1..1] - vpermdi v31,v26,v27,0b10 ; C[1..2] - vxor v3, v3, v29 ; A[0..1][3] ^= C[2..2] - vxor v8, v8, v29 ; A[2..3][3] ^= C[2..2] - vxor v2, v2, v30 ; A[0..1][2] ^= C[1..1] - vxor v7, v7, v30 ; A[2..3][2] ^= C[1..1] - vxor v11,v11,v31 ; A[4][2..3] ^= C[1..2] - - vpermdi v29,v27,v27,0b11 ; C[3..3] - vxor v4, v4, v29 ; A[0..1][4] ^= C[3..3] - vxor v9, v9, v29 ; A[2..3][4] ^= C[3..3] - vxor v12,v12,v29 ; A[4..4][4] ^= C[3..3] - - ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; Rho - vrld v26,v0, v13 ; v0 - vrld v1, v1, v14 - vrld v27,v2, v15 ; v2 - vrld v28,v3, v16 ; v3 - vrld v4, v4, v17 - vrld v5, v5, v18 - vrld v6, v6, v19 - vrld v29,v7, v20 ; v7 - vrld v8, v8, v21 - vrld v9, v9, v22 - vrld v10,v10,v23 - vrld v30,v11,v24 ; v11 - vrld v12,v12,v25 - - ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; Pi - vpermdi v0, v26,v28,0b00 ; [0][0] [1][0] < [0][0] [0][3] - vpermdi v2, v29,v5, 0b00 ; [0][2] [1][2] < [2][2] [2][0] - vpermdi v11,v9, v5, 0b01 ; [4][2] [4][3] < [2][4] [3][0] - vpermdi v5, v1, v4, 0b00 ; [2][0] [3][0] < [0][1] [0][4] - vpermdi v1, v1, v4, 0b11 ; [0][1] [1][1] < [1][1] [1][4] - vpermdi v3, v8, v6, 0b11 ; [0][3] [1][3] < [3][3] [3][1] - vpermdi v4, v12,v30,0b10 ; [0][4] [1][4] < [4][4] [4][2] - vpermdi v7, v8, v6, 0b00 ; [2][2] [3][2] < [2][3] [2][1] - vpermdi v6, v27,v26,0b11 ; [2][1] [3][1] < [1][2] [1][0] - vpermdi v8, v9, v29,0b11 ; [2][3] [3][3] < [3][4] [3][2] - vpermdi v12,v10,v10,0b11 ; [4][4] [4][4] < [4][1] [4][1] - vpermdi v9, v10,v30,0b01 ; [2][4] [3][4] < [4][0] [4][3] - vpermdi v10,v27,v28,0b01 ; [4][0] [4][1] < [0][2] [1][3] - - ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; Chi + Iota - lvx_u v31,$iotas,r0 ; iotas[index] - addic r0,r0,16 ; index++ - - vandc v26,v2, v1 ; (~A[0..1][1] & A[0..1][2]) - vandc v27,v3, v2 ; (~A[0..1][2] & A[0..1][3]) - vandc v28,v4, v3 ; (~A[0..1][3] & A[0..1][4]) - vandc v29,v0, v4 ; (~A[0..1][4] & A[0..1][0]) - vandc v30,v1, v0 ; (~A[0..1][0] & A[0..1][1]) - vxor v0, v0, v26 ; A[0..1][0] ^= (~A[0..1][1] & A[0..1][2]) - vxor v1, v1, v27 ; A[0..1][1] ^= (~A[0..1][2] & A[0..1][3]) - vxor v2, v2, v28 ; A[0..1][2] ^= (~A[0..1][3] & A[0..1][4]) - vxor v3, v3, v29 ; A[0..1][3] ^= (~A[0..1][4] & A[0..1][0]) - vxor v4, v4, v30 ; A[0..1][4] ^= (~A[0..1][0] & A[0..1][1]) - - vandc v26,v7, v6 ; (~A[2..3][1] & A[2..3][2]) - vandc v27,v8, v7 ; (~A[2..3][2] & A[2..3][3]) - vandc v28,v9, v8 ; (~A[2..3][3] & A[2..3][4]) - vandc v29,v5, v9 ; (~A[2..3][4] & A[2..3][0]) - vandc v30,v6, v5 ; (~A[2..3][0] & A[2..3][1]) - vxor v5, v5, v26 ; A[2..3][0] ^= (~A[2..3][1] & A[2..3][2]) - vxor v6, v6, v27 ; A[2..3][1] ^= (~A[2..3][2] & A[2..3][3]) - vxor v7, v7, v28 ; A[2..3][2] ^= (~A[2..3][3] & A[2..3][4]) - vxor v8, v8, v29 ; A[2..3][3] ^= (~A[2..3][4] & A[2..3][0]) - vxor v9, v9, v30 ; A[2..3][4] ^= (~A[2..3][0] & A[2..3][1]) - - vxor v0, v0, v31 ; A[0][0] ^= iotas[index++] - - vpermdi v26,v10,v11,0b10 ; A[4][1..2] - vpermdi v27,v12,v10,0b00 ; A[4][4..0] - vpermdi v28,v11,v12,0b10 ; A[4][3..4] - vpermdi v29,v10,v10,0b10 ; A[4][1..0] - vandc v26,v11,v26 ; (~A[4][1..2] & A[4][2..3]) - vandc v27,v27,v28 ; (~A[4][3..4] & A[4][4..0]) - vandc v28,v10,v29 ; (~A[4][1..0] & A[4][0..1]) - vxor v10,v10,v26 ; A[4][0..1] ^= (~A[4][1..2] & A[4][2..3]) - vxor v11,v11,v27 ; A[4][2..3] ^= (~A[4][3..4] & A[4][4..0]) - vxor v12,v12,v28 ; A[4][4..4] ^= (~A[4][0..1] & A[4][1..0]) - - bdnz .Loop - - vpermdi v12,v12,v12,0b11 ; broadcast A[4][4] - blr - .long 0 - .byte 0,12,0x14,0,0,0,0,0 -.size KeccakF1600_int,.-KeccakF1600_int - -.type KeccakF1600,\@function -.align 5 -KeccakF1600: - $STU $sp,-$FRAME($sp) - li r10,`15+6*$SIZE_T` - li r11,`31+6*$SIZE_T` - mflr r8 - mfspr r7, 256 ; save vrsave - stvx v20,r10,$sp - addi r10,r10,32 - stvx v21,r11,$sp - addi r11,r11,32 - stvx v22,r10,$sp - addi r10,r10,32 - stvx v23,r11,$sp - addi r11,r11,32 - stvx v24,r10,$sp - addi r10,r10,32 - stvx v25,r11,$sp - addi r11,r11,32 - stvx v26,r10,$sp - addi r10,r10,32 - stvx v27,r11,$sp - addi r11,r11,32 - stvx v28,r10,$sp - addi r10,r10,32 - stvx v29,r11,$sp - addi r11,r11,32 - stvx v30,r10,$sp - stvx v31,r11,$sp - stw r7,`$FRAME-4`($sp) ; save vrsave - li r0, -1 - $PUSH r8,`$FRAME+$LRSAVE`($sp) - mtspr 256, r0 ; preserve all AltiVec registers - - li r11,16 - lvx_4w v0,0,r3 ; load A[5][5] - li r10,32 - lvx_4w v1,r11,r3 - addi r11,r11,32 - lvx_4w v2,r10,r3 - addi r10,r10,32 - lvx_4w v3,r11,r3 - addi r11,r11,32 - lvx_4w v4,r10,r3 - addi r10,r10,32 - lvx_4w v5,r11,r3 - addi r11,r11,32 - lvx_4w v6,r10,r3 - addi r10,r10,32 - lvx_4w v7,r11,r3 - addi r11,r11,32 - lvx_4w v8,r10,r3 - addi r10,r10,32 - lvx_4w v9,r11,r3 - addi r11,r11,32 - lvx_4w v10,r10,r3 - addi r10,r10,32 - lvx_4w v11,r11,r3 - lvx_splt v12,r10,r3 - - bl PICmeup - - li r11,16 - lvx_u v13,0,r12 ; load rhotates - li r10,32 - lvx_u v14,r11,r12 - addi r11,r11,32 - lvx_u v15,r10,r12 - addi r10,r10,32 - lvx_u v16,r11,r12 - addi r11,r11,32 - lvx_u v17,r10,r12 - addi r10,r10,32 - lvx_u v18,r11,r12 - addi r11,r11,32 - lvx_u v19,r10,r12 - addi r10,r10,32 - lvx_u v20,r11,r12 - addi r11,r11,32 - lvx_u v21,r10,r12 - addi r10,r10,32 - lvx_u v22,r11,r12 - addi r11,r11,32 - lvx_u v23,r10,r12 - addi r10,r10,32 - lvx_u v24,r11,r12 - lvx_u v25,r10,r12 - addi r12,r12,`16*16` ; points at iotas - - bl KeccakF1600_int - - li r11,16 - stvx_4w v0,0,r3 ; return A[5][5] - li r10,32 - stvx_4w v1,r11,r3 - addi r11,r11,32 - stvx_4w v2,r10,r3 - addi r10,r10,32 - stvx_4w v3,r11,r3 - addi r11,r11,32 - stvx_4w v4,r10,r3 - addi r10,r10,32 - stvx_4w v5,r11,r3 - addi r11,r11,32 - stvx_4w v6,r10,r3 - addi r10,r10,32 - stvx_4w v7,r11,r3 - addi r11,r11,32 - stvx_4w v8,r10,r3 - addi r10,r10,32 - stvx_4w v9,r11,r3 - addi r11,r11,32 - stvx_4w v10,r10,r3 - addi r10,r10,32 - stvx_4w v11,r11,r3 - stvdx_u v12,r10,r3 - - li r10,`15+6*$SIZE_T` - li r11,`31+6*$SIZE_T` - mtlr r8 - mtspr 256, r7 ; restore vrsave - lvx v20,r10,$sp - addi r10,r10,32 - lvx v21,r11,$sp - addi r11,r11,32 - lvx v22,r10,$sp - addi r10,r10,32 - lvx v23,r11,$sp - addi r11,r11,32 - lvx v24,r10,$sp - addi r10,r10,32 - lvx v25,r11,$sp - addi r11,r11,32 - lvx v26,r10,$sp - addi r10,r10,32 - lvx v27,r11,$sp - addi r11,r11,32 - lvx v28,r10,$sp - addi r10,r10,32 - lvx v29,r11,$sp - addi r11,r11,32 - lvx v30,r10,$sp - lvx v31,r11,$sp - addi $sp,$sp,$FRAME - blr - .long 0 - .byte 0,12,0x04,1,0x80,0,1,0 - .long 0 -.size KeccakF1600,.-KeccakF1600 -___ -{ -my ($A_jagged,$inp,$len,$bsz) = map("r$_",(3..6)); - -$code.=<<___; -.globl SHA3_absorb -.type SHA3_absorb,\@function -.align 5 -SHA3_absorb: - $STU $sp,-$FRAME($sp) - li r10,`15+6*$SIZE_T` - li r11,`31+6*$SIZE_T` - mflr r8 - mfspr r7, 256 ; save vrsave - stvx v20,r10,$sp - addi r10,r10,32 - stvx v21,r11,$sp - addi r11,r11,32 - stvx v22,r10,$sp - addi r10,r10,32 - stvx v23,r11,$sp - addi r11,r11,32 - stvx v24,r10,$sp - addi r10,r10,32 - stvx v25,r11,$sp - addi r11,r11,32 - stvx v26,r10,$sp - addi r10,r10,32 - stvx v27,r11,$sp - addi r11,r11,32 - stvx v28,r10,$sp - addi r10,r10,32 - stvx v29,r11,$sp - addi r11,r11,32 - stvx v30,r10,$sp - stvx v31,r11,$sp - stw r7,`$FRAME-4`($sp) ; save vrsave - li r0, -1 - $PUSH r8,`$FRAME+$LRSAVE`($sp) - mtspr 256, r0 ; preserve all AltiVec registers - - li r11,16 - lvx_4w v0,0,$A_jagged ; load A[5][5] - li r10,32 - lvx_4w v1,r11,$A_jagged - addi r11,r11,32 - lvx_4w v2,r10,$A_jagged - addi r10,r10,32 - lvx_4w v3,r11,$A_jagged - addi r11,r11,32 - lvx_4w v4,r10,$A_jagged - addi r10,r10,32 - lvx_4w v5,r11,$A_jagged - addi r11,r11,32 - lvx_4w v6,r10,$A_jagged - addi r10,r10,32 - lvx_4w v7,r11,$A_jagged - addi r11,r11,32 - lvx_4w v8,r10,$A_jagged - addi r10,r10,32 - lvx_4w v9,r11,$A_jagged - addi r11,r11,32 - lvx_4w v10,r10,$A_jagged - addi r10,r10,32 - lvx_4w v11,r11,$A_jagged - lvx_splt v12,r10,$A_jagged - - bl PICmeup - - li r11,16 - lvx_u v13,0,r12 ; load rhotates - li r10,32 - lvx_u v14,r11,r12 - addi r11,r11,32 - lvx_u v15,r10,r12 - addi r10,r10,32 - lvx_u v16,r11,r12 - addi r11,r11,32 - lvx_u v17,r10,r12 - addi r10,r10,32 - lvx_u v18,r11,r12 - addi r11,r11,32 - lvx_u v19,r10,r12 - addi r10,r10,32 - lvx_u v20,r11,r12 - addi r11,r11,32 - lvx_u v21,r10,r12 - addi r10,r10,32 - lvx_u v22,r11,r12 - addi r11,r11,32 - lvx_u v23,r10,r12 - addi r10,r10,32 - lvx_u v24,r11,r12 - lvx_u v25,r10,r12 - li r10,-32 - li r11,-16 - addi r12,r12,`16*16` ; points at iotas - b .Loop_absorb - -.align 4 -.Loop_absorb: - $UCMP $len,$bsz ; len < bsz? - blt .Labsorbed - - sub $len,$len,$bsz ; len -= bsz - srwi r0,$bsz,3 - mtctr r0 - - lvx_u v30,r10,r12 ; permutation masks - lvx_u v31,r11,r12 - ?vspltisb v27,7 ; prepare masks for byte swap - ?vxor v30,v30,v27 ; on big-endian - ?vxor v31,v31,v27 - - vxor v27,v27,v27 ; zero - lvdx_u v26,0,$inp - addi $inp,$inp,8 - vperm v26,v26,v27,v30 - vxor v0, v0, v26 - bdz .Lprocess_block - lvdx_u v26,0,$inp - addi $inp,$inp,8 - vperm v26,v26,v27,v30 - vxor v1, v1, v26 - bdz .Lprocess_block - lvdx_u v26,0,$inp - addi $inp,$inp,8 - vperm v26,v26,v27,v30 - vxor v2, v2, v26 - bdz .Lprocess_block - lvdx_u v26,0,$inp - addi $inp,$inp,8 - vperm v26,v26,v27,v30 - vxor v3, v3, v26 - bdz .Lprocess_block - lvdx_u v26,0,$inp - addi $inp,$inp,8 - vperm v26,v26,v27,v30 - vxor v4, v4, v26 - bdz .Lprocess_block - lvdx_u v26,0,$inp - addi $inp,$inp,8 - vperm v26,v26,v27,v31 - vxor v0, v0, v26 - bdz .Lprocess_block - lvdx_u v26,0,$inp - addi $inp,$inp,8 - vperm v26,v26,v27,v31 - vxor v1, v1, v26 - bdz .Lprocess_block - lvdx_u v26,0,$inp - addi $inp,$inp,8 - vperm v26,v26,v27,v31 - vxor v2, v2, v26 - bdz .Lprocess_block - lvdx_u v26,0,$inp - addi $inp,$inp,8 - vperm v26,v26,v27,v31 - vxor v3, v3, v26 - bdz .Lprocess_block - lvdx_u v26,0,$inp - addi $inp,$inp,8 - vperm v26,v26,v27,v31 - vxor v4, v4, v26 - bdz .Lprocess_block - lvdx_u v26,0,$inp - addi $inp,$inp,8 - vperm v26,v26,v27,v30 - vxor v5, v5, v26 - bdz .Lprocess_block - lvdx_u v26,0,$inp - addi $inp,$inp,8 - vperm v26,v26,v27,v30 - vxor v6, v6, v26 - bdz .Lprocess_block - lvdx_u v26,0,$inp - addi $inp,$inp,8 - vperm v26,v26,v27,v30 - vxor v7, v7, v26 - bdz .Lprocess_block - lvdx_u v26,0,$inp - addi $inp,$inp,8 - vperm v26,v26,v27,v30 - vxor v8, v8, v26 - bdz .Lprocess_block - lvdx_u v26,0,$inp - addi $inp,$inp,8 - vperm v26,v26,v27,v30 - vxor v9, v9, v26 - bdz .Lprocess_block - lvdx_u v26,0,$inp - addi $inp,$inp,8 - vperm v26,v26,v27,v31 - vxor v5, v5, v26 - bdz .Lprocess_block - lvdx_u v26,0,$inp - addi $inp,$inp,8 - vperm v26,v26,v27,v31 - vxor v6, v6, v26 - bdz .Lprocess_block - lvdx_u v26,0,$inp - addi $inp,$inp,8 - vperm v26,v26,v27,v31 - vxor v7, v7, v26 - bdz .Lprocess_block - lvdx_u v26,0,$inp - addi $inp,$inp,8 - vperm v26,v26,v27,v31 - vxor v8, v8, v26 - bdz .Lprocess_block - lvdx_u v26,0,$inp - addi $inp,$inp,8 - vperm v26,v26,v27,v31 - vxor v9, v9, v26 - bdz .Lprocess_block - lvdx_u v26,0,$inp - addi $inp,$inp,8 - vperm v26,v26,v27,v30 - vxor v10, v10, v26 - bdz .Lprocess_block - lvdx_u v26,0,$inp - addi $inp,$inp,8 - vperm v26,v26,v27,v31 - vxor v10, v10, v26 - bdz .Lprocess_block - lvdx_u v26,0,$inp - addi $inp,$inp,8 - vperm v26,v26,v27,v30 - vxor v11, v11, v26 - bdz .Lprocess_block - lvdx_u v26,0,$inp - addi $inp,$inp,8 - vperm v26,v26,v27,v31 - vxor v11, v11, v26 - bdz .Lprocess_block - lvdx_u v26,0,$inp - addi $inp,$inp,8 - vperm v26,v26,v27,v31 - vxor v12, v12, v26 - -.Lprocess_block: - bl KeccakF1600_int - - b .Loop_absorb - -.align 4 -.Labsorbed: - li r11,16 - stvx_4w v0,0,$A_jagged ; return A[5][5] - li r10,32 - stvx_4w v1,r11,$A_jagged - addi r11,r11,32 - stvx_4w v2,r10,$A_jagged - addi r10,r10,32 - stvx_4w v3,r11,$A_jagged - addi r11,r11,32 - stvx_4w v4,r10,$A_jagged - addi r10,r10,32 - stvx_4w v5,r11,$A_jagged - addi r11,r11,32 - stvx_4w v6,r10,$A_jagged - addi r10,r10,32 - stvx_4w v7,r11,$A_jagged - addi r11,r11,32 - stvx_4w v8,r10,$A_jagged - addi r10,r10,32 - stvx_4w v9,r11,$A_jagged - addi r11,r11,32 - stvx_4w v10,r10,$A_jagged - addi r10,r10,32 - stvx_4w v11,r11,$A_jagged - stvdx_u v12,r10,$A_jagged - - mr r3,$len ; return value - li r10,`15+6*$SIZE_T` - li r11,`31+6*$SIZE_T` - mtlr r8 - mtspr 256, r7 ; restore vrsave - lvx v20,r10,$sp - addi r10,r10,32 - lvx v21,r11,$sp - addi r11,r11,32 - lvx v22,r10,$sp - addi r10,r10,32 - lvx v23,r11,$sp - addi r11,r11,32 - lvx v24,r10,$sp - addi r10,r10,32 - lvx v25,r11,$sp - addi r11,r11,32 - lvx v26,r10,$sp - addi r10,r10,32 - lvx v27,r11,$sp - addi r11,r11,32 - lvx v28,r10,$sp - addi r10,r10,32 - lvx v29,r11,$sp - addi r11,r11,32 - lvx v30,r10,$sp - lvx v31,r11,$sp - addi $sp,$sp,$FRAME - blr - .long 0 - .byte 0,12,0x04,1,0x80,0,4,0 - .long 0 -.size SHA3_absorb,.-SHA3_absorb -___ -} -{ -my ($A_jagged,$out,$len,$bsz) = map("r$_",(3..6)); - -$code.=<<___; -.globl SHA3_squeeze -.type SHA3_squeeze,\@function -.align 5 -SHA3_squeeze: - mflr r9 ; r9 is not touched by KeccakF1600 - subi $out,$out,1 ; prepare for stbu - addi r8,$A_jagged,4 ; prepare volatiles - mr r10,$bsz - li r11,0 - b .Loop_squeeze -.align 4 -.Loop_squeeze: - lwzx r7,r11,r8 ; lo - lwzx r0,r11,$A_jagged ; hi - ${UCMP}i $len,8 - blt .Lsqueeze_tail - - stbu r7,1($out) ; write lo - srwi r7,r7,8 - stbu r7,1($out) - srwi r7,r7,8 - stbu r7,1($out) - srwi r7,r7,8 - stbu r7,1($out) - stbu r0,1($out) ; write hi - srwi r0,r0,8 - stbu r0,1($out) - srwi r0,r0,8 - stbu r0,1($out) - srwi r0,r0,8 - stbu r0,1($out) - - subic. $len,$len,8 - beqlr ; return if done - - subic. r10,r10,8 - ble .Loutput_expand - - addi r11,r11,16 ; calculate jagged index - cmplwi r11,`16*5` - blt .Loop_squeeze - subi r11,r11,72 - beq .Loop_squeeze - addi r11,r11,72 - cmplwi r11,`16*5+8` - subi r11,r11,8 - beq .Loop_squeeze - addi r11,r11,8 - cmplwi r11,`16*10` - subi r11,r11,72 - beq .Loop_squeeze - addi r11,r11,72 - blt .Loop_squeeze - subi r11,r11,8 - b .Loop_squeeze - -.align 4 -.Loutput_expand: - bl KeccakF1600 - mtlr r9 - - addi r8,$A_jagged,4 ; restore volatiles - mr r10,$bsz - li r11,0 - b .Loop_squeeze - -.align 4 -.Lsqueeze_tail: - mtctr $len - subic. $len,$len,4 - ble .Loop_tail_lo - li r8,4 - mtctr r8 -.Loop_tail_lo: - stbu r7,1($out) - srdi r7,r7,8 - bdnz .Loop_tail_lo - ble .Lsqueeze_done - mtctr $len -.Loop_tail_hi: - stbu r0,1($out) - srdi r0,r0,8 - bdnz .Loop_tail_hi - -.Lsqueeze_done: - blr - .long 0 - .byte 0,12,0x14,0,0,0,4,0 - .long 0 -.size SHA3_squeeze,.-SHA3_squeeze -___ -} -$code.=<<___; -.align 6 -PICmeup: - mflr r0 - bcl 20,31,\$+4 - mflr r12 ; vvvvvv "distance" between . and 1st data entry - addi r12,r12,`64-8` - mtlr r0 - blr - .long 0 - .byte 0,12,0x14,0,0,0,0,0 - .space `64-9*4` -.type rhotates,\@object -.align 6 -rhotates: - .quad 0, 36 - .quad 1, 44 - .quad 62, 6 - .quad 28, 55 - .quad 27, 20 - .quad 3, 41 - .quad 10, 45 - .quad 43, 15 - .quad 25, 21 - .quad 39, 8 - .quad 18, 2 - .quad 61, 56 - .quad 14, 14 -.size rhotates,.-rhotates - .quad 0,0 - .quad 0x0001020304050607,0x1011121314151617 - .quad 0x1011121314151617,0x0001020304050607 -.type iotas,\@object -iotas: - .quad 0x0000000000000001,0 - .quad 0x0000000000008082,0 - .quad 0x800000000000808a,0 - .quad 0x8000000080008000,0 - .quad 0x000000000000808b,0 - .quad 0x0000000080000001,0 - .quad 0x8000000080008081,0 - .quad 0x8000000000008009,0 - .quad 0x000000000000008a,0 - .quad 0x0000000000000088,0 - .quad 0x0000000080008009,0 - .quad 0x000000008000000a,0 - .quad 0x000000008000808b,0 - .quad 0x800000000000008b,0 - .quad 0x8000000000008089,0 - .quad 0x8000000000008003,0 - .quad 0x8000000000008002,0 - .quad 0x8000000000000080,0 - .quad 0x000000000000800a,0 - .quad 0x800000008000000a,0 - .quad 0x8000000080008081,0 - .quad 0x8000000000008080,0 - .quad 0x0000000080000001,0 - .quad 0x8000000080008008,0 -.size iotas,.-iotas -.asciz "Keccak-1600 absorb and squeeze for PowerISA 2.07, CRYPTOGAMS by " -___ - -foreach (split("\n",$code)) { - s/\`([^\`]*)\`/eval $1/ge; - - if ($flavour =~ /le$/) { # little-endian - s/\?([a-z]+)/;$1/; - } else { # big-endian - s/\?([a-z]+)/$1/; - } - - print $_,"\n"; -} - -close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/sha/asm/sha1-586.pl b/crypto/sha/asm/sha1-586.pl deleted file mode 100644 index 00350324a117d69e5144d0e845f177324b49b8fa..0000000000000000000000000000000000000000 --- a/crypto/sha/asm/sha1-586.pl +++ /dev/null @@ -1,1490 +0,0 @@ -#! /usr/bin/env perl -# Copyright 1998-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - - -# ==================================================================== -# [Re]written by Andy Polyakov for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# ==================================================================== - -# "[Re]written" was achieved in two major overhauls. In 2004 BODY_* -# functions were re-implemented to address P4 performance issue [see -# commentary below], and in 2006 the rest was rewritten in order to -# gain freedom to liberate licensing terms. - -# January, September 2004. -# -# It was noted that Intel IA-32 C compiler generates code which -# performs ~30% *faster* on P4 CPU than original *hand-coded* -# SHA1 assembler implementation. To address this problem (and -# prove that humans are still better than machines:-), the -# original code was overhauled, which resulted in following -# performance changes: -# -# compared with original compared with Intel cc -# assembler impl. generated code -# Pentium -16% +48% -# PIII/AMD +8% +16% -# P4 +85%(!) +45% -# -# As you can see Pentium came out as looser:-( Yet I reckoned that -# improvement on P4 outweighs the loss and incorporate this -# re-tuned code to 0.9.7 and later. -# ---------------------------------------------------------------- - -# August 2009. -# -# George Spelvin has tipped that F_40_59(b,c,d) can be rewritten as -# '(c&d) + (b&(c^d))', which allows to accumulate partial results -# and lighten "pressure" on scratch registers. This resulted in -# >12% performance improvement on contemporary AMD cores (with no -# degradation on other CPUs:-). Also, the code was revised to maximize -# "distance" between instructions producing input to 'lea' instruction -# and the 'lea' instruction itself, which is essential for Intel Atom -# core and resulted in ~15% improvement. - -# October 2010. -# -# Add SSSE3, Supplemental[!] SSE3, implementation. The idea behind it -# is to offload message schedule denoted by Wt in NIST specification, -# or Xupdate in OpenSSL source, to SIMD unit. The idea is not novel, -# and in SSE2 context was first explored by Dean Gaudet in 2004, see -# http://arctic.org/~dean/crypto/sha1.html. Since then several things -# have changed that made it interesting again: -# -# a) XMM units became faster and wider; -# b) instruction set became more versatile; -# c) an important observation was made by Max Locktykhin, which made -# it possible to reduce amount of instructions required to perform -# the operation in question, for further details see -# http://software.intel.com/en-us/articles/improving-the-performance-of-the-secure-hash-algorithm-1/. - -# April 2011. -# -# Add AVX code path, probably most controversial... The thing is that -# switch to AVX alone improves performance by as little as 4% in -# comparison to SSSE3 code path. But below result doesn't look like -# 4% improvement... Trouble is that Sandy Bridge decodes 'ro[rl]' as -# pair of µ-ops, and it's the additional µ-ops, two per round, that -# make it run slower than Core2 and Westmere. But 'sh[rl]d' is decoded -# as single µ-op by Sandy Bridge and it's replacing 'ro[rl]' with -# equivalent 'sh[rl]d' that is responsible for the impressive 5.1 -# cycles per processed byte. But 'sh[rl]d' is not something that used -# to be fast, nor does it appear to be fast in upcoming Bulldozer -# [according to its optimization manual]. Which is why AVX code path -# is guarded by *both* AVX and synthetic bit denoting Intel CPUs. -# One can argue that it's unfair to AMD, but without 'sh[rl]d' it -# makes no sense to keep the AVX code path. If somebody feels that -# strongly, it's probably more appropriate to discuss possibility of -# using vector rotate XOP on AMD... - -# March 2014. -# -# Add support for Intel SHA Extensions. - -###################################################################### -# Current performance is summarized in following table. Numbers are -# CPU clock cycles spent to process single byte (less is better). -# -# x86 SSSE3 AVX -# Pentium 15.7 - -# PIII 11.5 - -# P4 10.6 - -# AMD K8 7.1 - -# Core2 7.3 6.0/+22% - -# Westmere 7.3 5.5/+33% - -# Sandy Bridge 8.8 6.2/+40% 5.1(**)/+73% -# Ivy Bridge 7.2 4.8/+51% 4.7(**)/+53% -# Haswell 6.5 4.3/+51% 4.1(**)/+58% -# Skylake 6.4 4.1/+55% 4.1(**)/+55% -# Bulldozer 11.6 6.0/+92% -# VIA Nano 10.6 7.5/+41% -# Atom 12.5 9.3(*)/+35% -# Silvermont 14.5 9.9(*)/+46% -# Goldmont 8.8 6.7/+30% 1.7(***)/+415% -# -# (*) Loop is 1056 instructions long and expected result is ~8.25. -# The discrepancy is because of front-end limitations, so -# called MS-ROM penalties, and on Silvermont even rotate's -# limited parallelism. -# -# (**) As per above comment, the result is for AVX *plus* sh[rl]d. -# -# (***) SHAEXT result - -$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; -push(@INC,"${dir}","${dir}../../perlasm"); -require "x86asm.pl"; - -$output=pop and open STDOUT,">$output"; - -&asm_init($ARGV[0],$ARGV[$#ARGV] eq "386"); - -$xmm=$ymm=0; -for (@ARGV) { $xmm=1 if (/-DOPENSSL_IA32_SSE2/); } - -$ymm=1 if ($xmm && - `$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1` - =~ /GNU assembler version ([2-9]\.[0-9]+)/ && - $1>=2.19); # first version supporting AVX - -$ymm=1 if ($xmm && !$ymm && $ARGV[0] eq "win32n" && - `nasm -v 2>&1` =~ /NASM version ([2-9]\.[0-9]+)/ && - $1>=2.03); # first version supporting AVX - -$ymm=1 if ($xmm && !$ymm && $ARGV[0] eq "win32" && - `ml 2>&1` =~ /Version ([0-9]+)\./ && - $1>=10); # first version supporting AVX - -$ymm=1 if ($xmm && !$ymm && `$ENV{CC} -v 2>&1` =~ /((?:clang|LLVM) version|based on LLVM) ([0-9]+\.[0-9]+)/ && - $2>=3.0); # first version supporting AVX - -$shaext=$xmm; ### set to zero if compiling for 1.0.1 - -&external_label("OPENSSL_ia32cap_P") if ($xmm); - - -$A="eax"; -$B="ebx"; -$C="ecx"; -$D="edx"; -$E="edi"; -$T="esi"; -$tmp1="ebp"; - -@V=($A,$B,$C,$D,$E,$T); - -$alt=0; # 1 denotes alternative IALU implementation, which performs - # 8% *worse* on P4, same on Westmere and Atom, 2% better on - # Sandy Bridge... - -sub BODY_00_15 - { - local($n,$a,$b,$c,$d,$e,$f)=@_; - - &comment("00_15 $n"); - - &mov($f,$c); # f to hold F_00_19(b,c,d) - if ($n==0) { &mov($tmp1,$a); } - else { &mov($a,$tmp1); } - &rotl($tmp1,5); # tmp1=ROTATE(a,5) - &xor($f,$d); - &add($tmp1,$e); # tmp1+=e; - &mov($e,&swtmp($n%16)); # e becomes volatile and is loaded - # with xi, also note that e becomes - # f in next round... - &and($f,$b); - &rotr($b,2); # b=ROTATE(b,30) - &xor($f,$d); # f holds F_00_19(b,c,d) - &lea($tmp1,&DWP(0x5a827999,$tmp1,$e)); # tmp1+=K_00_19+xi - - if ($n==15) { &mov($e,&swtmp(($n+1)%16));# pre-fetch f for next round - &add($f,$tmp1); } # f+=tmp1 - else { &add($tmp1,$f); } # f becomes a in next round - &mov($tmp1,$a) if ($alt && $n==15); - } - -sub BODY_16_19 - { - local($n,$a,$b,$c,$d,$e,$f)=@_; - - &comment("16_19 $n"); - -if ($alt) { - &xor($c,$d); - &xor($f,&swtmp(($n+2)%16)); # f to hold Xupdate(xi,xa,xb,xc,xd) - &and($tmp1,$c); # tmp1 to hold F_00_19(b,c,d), b&=c^d - &xor($f,&swtmp(($n+8)%16)); - &xor($tmp1,$d); # tmp1=F_00_19(b,c,d) - &xor($f,&swtmp(($n+13)%16)); # f holds xa^xb^xc^xd - &rotl($f,1); # f=ROTATE(f,1) - &add($e,$tmp1); # e+=F_00_19(b,c,d) - &xor($c,$d); # restore $c - &mov($tmp1,$a); # b in next round - &rotr($b,$n==16?2:7); # b=ROTATE(b,30) - &mov(&swtmp($n%16),$f); # xi=f - &rotl($a,5); # ROTATE(a,5) - &lea($f,&DWP(0x5a827999,$f,$e));# f+=F_00_19(b,c,d)+e - &mov($e,&swtmp(($n+1)%16)); # pre-fetch f for next round - &add($f,$a); # f+=ROTATE(a,5) -} else { - &mov($tmp1,$c); # tmp1 to hold F_00_19(b,c,d) - &xor($f,&swtmp(($n+2)%16)); # f to hold Xupdate(xi,xa,xb,xc,xd) - &xor($tmp1,$d); - &xor($f,&swtmp(($n+8)%16)); - &and($tmp1,$b); - &xor($f,&swtmp(($n+13)%16)); # f holds xa^xb^xc^xd - &rotl($f,1); # f=ROTATE(f,1) - &xor($tmp1,$d); # tmp1=F_00_19(b,c,d) - &add($e,$tmp1); # e+=F_00_19(b,c,d) - &mov($tmp1,$a); - &rotr($b,2); # b=ROTATE(b,30) - &mov(&swtmp($n%16),$f); # xi=f - &rotl($tmp1,5); # ROTATE(a,5) - &lea($f,&DWP(0x5a827999,$f,$e));# f+=F_00_19(b,c,d)+e - &mov($e,&swtmp(($n+1)%16)); # pre-fetch f for next round - &add($f,$tmp1); # f+=ROTATE(a,5) -} - } - -sub BODY_20_39 - { - local($n,$a,$b,$c,$d,$e,$f)=@_; - local $K=($n<40)?0x6ed9eba1:0xca62c1d6; - - &comment("20_39 $n"); - -if ($alt) { - &xor($tmp1,$c); # tmp1 to hold F_20_39(b,c,d), b^=c - &xor($f,&swtmp(($n+2)%16)); # f to hold Xupdate(xi,xa,xb,xc,xd) - &xor($tmp1,$d); # tmp1 holds F_20_39(b,c,d) - &xor($f,&swtmp(($n+8)%16)); - &add($e,$tmp1); # e+=F_20_39(b,c,d) - &xor($f,&swtmp(($n+13)%16)); # f holds xa^xb^xc^xd - &rotl($f,1); # f=ROTATE(f,1) - &mov($tmp1,$a); # b in next round - &rotr($b,7); # b=ROTATE(b,30) - &mov(&swtmp($n%16),$f) if($n<77);# xi=f - &rotl($a,5); # ROTATE(a,5) - &xor($b,$c) if($n==39);# warm up for BODY_40_59 - &and($tmp1,$b) if($n==39); - &lea($f,&DWP($K,$f,$e)); # f+=e+K_XX_YY - &mov($e,&swtmp(($n+1)%16)) if($n<79);# pre-fetch f for next round - &add($f,$a); # f+=ROTATE(a,5) - &rotr($a,5) if ($n==79); -} else { - &mov($tmp1,$b); # tmp1 to hold F_20_39(b,c,d) - &xor($f,&swtmp(($n+2)%16)); # f to hold Xupdate(xi,xa,xb,xc,xd) - &xor($tmp1,$c); - &xor($f,&swtmp(($n+8)%16)); - &xor($tmp1,$d); # tmp1 holds F_20_39(b,c,d) - &xor($f,&swtmp(($n+13)%16)); # f holds xa^xb^xc^xd - &rotl($f,1); # f=ROTATE(f,1) - &add($e,$tmp1); # e+=F_20_39(b,c,d) - &rotr($b,2); # b=ROTATE(b,30) - &mov($tmp1,$a); - &rotl($tmp1,5); # ROTATE(a,5) - &mov(&swtmp($n%16),$f) if($n<77);# xi=f - &lea($f,&DWP($K,$f,$e)); # f+=e+K_XX_YY - &mov($e,&swtmp(($n+1)%16)) if($n<79);# pre-fetch f for next round - &add($f,$tmp1); # f+=ROTATE(a,5) -} - } - -sub BODY_40_59 - { - local($n,$a,$b,$c,$d,$e,$f)=@_; - - &comment("40_59 $n"); - -if ($alt) { - &add($e,$tmp1); # e+=b&(c^d) - &xor($f,&swtmp(($n+2)%16)); # f to hold Xupdate(xi,xa,xb,xc,xd) - &mov($tmp1,$d); - &xor($f,&swtmp(($n+8)%16)); - &xor($c,$d); # restore $c - &xor($f,&swtmp(($n+13)%16)); # f holds xa^xb^xc^xd - &rotl($f,1); # f=ROTATE(f,1) - &and($tmp1,$c); - &rotr($b,7); # b=ROTATE(b,30) - &add($e,$tmp1); # e+=c&d - &mov($tmp1,$a); # b in next round - &mov(&swtmp($n%16),$f); # xi=f - &rotl($a,5); # ROTATE(a,5) - &xor($b,$c) if ($n<59); - &and($tmp1,$b) if ($n<59);# tmp1 to hold F_40_59(b,c,d) - &lea($f,&DWP(0x8f1bbcdc,$f,$e));# f+=K_40_59+e+(b&(c^d)) - &mov($e,&swtmp(($n+1)%16)); # pre-fetch f for next round - &add($f,$a); # f+=ROTATE(a,5) -} else { - &mov($tmp1,$c); # tmp1 to hold F_40_59(b,c,d) - &xor($f,&swtmp(($n+2)%16)); # f to hold Xupdate(xi,xa,xb,xc,xd) - &xor($tmp1,$d); - &xor($f,&swtmp(($n+8)%16)); - &and($tmp1,$b); - &xor($f,&swtmp(($n+13)%16)); # f holds xa^xb^xc^xd - &rotl($f,1); # f=ROTATE(f,1) - &add($tmp1,$e); # b&(c^d)+=e - &rotr($b,2); # b=ROTATE(b,30) - &mov($e,$a); # e becomes volatile - &rotl($e,5); # ROTATE(a,5) - &mov(&swtmp($n%16),$f); # xi=f - &lea($f,&DWP(0x8f1bbcdc,$f,$tmp1));# f+=K_40_59+e+(b&(c^d)) - &mov($tmp1,$c); - &add($f,$e); # f+=ROTATE(a,5) - &and($tmp1,$d); - &mov($e,&swtmp(($n+1)%16)); # pre-fetch f for next round - &add($f,$tmp1); # f+=c&d -} - } - -&function_begin("sha1_block_data_order"); -if ($xmm) { - &static_label("shaext_shortcut") if ($shaext); - &static_label("ssse3_shortcut"); - &static_label("avx_shortcut") if ($ymm); - &static_label("K_XX_XX"); - - &call (&label("pic_point")); # make it PIC! - &set_label("pic_point"); - &blindpop($tmp1); - &picmeup($T,"OPENSSL_ia32cap_P",$tmp1,&label("pic_point")); - &lea ($tmp1,&DWP(&label("K_XX_XX")."-".&label("pic_point"),$tmp1)); - - &mov ($A,&DWP(0,$T)); - &mov ($D,&DWP(4,$T)); - &test ($D,1<<9); # check SSSE3 bit - &jz (&label("x86")); - &mov ($C,&DWP(8,$T)); - &test ($A,1<<24); # check FXSR bit - &jz (&label("x86")); - if ($shaext) { - &test ($C,1<<29); # check SHA bit - &jnz (&label("shaext_shortcut")); - } - if ($ymm) { - &and ($D,1<<28); # mask AVX bit - &and ($A,1<<30); # mask "Intel CPU" bit - &or ($A,$D); - &cmp ($A,1<<28|1<<30); - &je (&label("avx_shortcut")); - } - &jmp (&label("ssse3_shortcut")); - &set_label("x86",16); -} - &mov($tmp1,&wparam(0)); # SHA_CTX *c - &mov($T,&wparam(1)); # const void *input - &mov($A,&wparam(2)); # size_t num - &stack_push(16+3); # allocate X[16] - &shl($A,6); - &add($A,$T); - &mov(&wparam(2),$A); # pointer beyond the end of input - &mov($E,&DWP(16,$tmp1));# pre-load E - &jmp(&label("loop")); - -&set_label("loop",16); - - # copy input chunk to X, but reversing byte order! - for ($i=0; $i<16; $i+=4) - { - &mov($A,&DWP(4*($i+0),$T)); - &mov($B,&DWP(4*($i+1),$T)); - &mov($C,&DWP(4*($i+2),$T)); - &mov($D,&DWP(4*($i+3),$T)); - &bswap($A); - &bswap($B); - &bswap($C); - &bswap($D); - &mov(&swtmp($i+0),$A); - &mov(&swtmp($i+1),$B); - &mov(&swtmp($i+2),$C); - &mov(&swtmp($i+3),$D); - } - &mov(&wparam(1),$T); # redundant in 1st spin - - &mov($A,&DWP(0,$tmp1)); # load SHA_CTX - &mov($B,&DWP(4,$tmp1)); - &mov($C,&DWP(8,$tmp1)); - &mov($D,&DWP(12,$tmp1)); - # E is pre-loaded - - for($i=0;$i<16;$i++) { &BODY_00_15($i,@V); unshift(@V,pop(@V)); } - for(;$i<20;$i++) { &BODY_16_19($i,@V); unshift(@V,pop(@V)); } - for(;$i<40;$i++) { &BODY_20_39($i,@V); unshift(@V,pop(@V)); } - for(;$i<60;$i++) { &BODY_40_59($i,@V); unshift(@V,pop(@V)); } - for(;$i<80;$i++) { &BODY_20_39($i,@V); unshift(@V,pop(@V)); } - - (($V[5] eq $D) and ($V[0] eq $E)) or die; # double-check - - &mov($tmp1,&wparam(0)); # re-load SHA_CTX* - &mov($D,&wparam(1)); # D is last "T" and is discarded - - &add($E,&DWP(0,$tmp1)); # E is last "A"... - &add($T,&DWP(4,$tmp1)); - &add($A,&DWP(8,$tmp1)); - &add($B,&DWP(12,$tmp1)); - &add($C,&DWP(16,$tmp1)); - - &mov(&DWP(0,$tmp1),$E); # update SHA_CTX - &add($D,64); # advance input pointer - &mov(&DWP(4,$tmp1),$T); - &cmp($D,&wparam(2)); # have we reached the end yet? - &mov(&DWP(8,$tmp1),$A); - &mov($E,$C); # C is last "E" which needs to be "pre-loaded" - &mov(&DWP(12,$tmp1),$B); - &mov($T,$D); # input pointer - &mov(&DWP(16,$tmp1),$C); - &jb(&label("loop")); - - &stack_pop(16+3); -&function_end("sha1_block_data_order"); - -if ($xmm) { -if ($shaext) { -###################################################################### -# Intel SHA Extensions implementation of SHA1 update function. -# -my ($ctx,$inp,$num)=("edi","esi","ecx"); -my ($ABCD,$E,$E_,$BSWAP)=map("xmm$_",(0..3)); -my @MSG=map("xmm$_",(4..7)); - -sub sha1rnds4 { - my ($dst,$src,$imm)=@_; - if ("$dst:$src" =~ /xmm([0-7]):xmm([0-7])/) - { &data_byte(0x0f,0x3a,0xcc,0xc0|($1<<3)|$2,$imm); } -} -sub sha1op38 { - my ($opcodelet,$dst,$src)=@_; - if ("$dst:$src" =~ /xmm([0-7]):xmm([0-7])/) - { &data_byte(0x0f,0x38,$opcodelet,0xc0|($1<<3)|$2); } -} -sub sha1nexte { sha1op38(0xc8,@_); } -sub sha1msg1 { sha1op38(0xc9,@_); } -sub sha1msg2 { sha1op38(0xca,@_); } - -&function_begin("_sha1_block_data_order_shaext"); - &call (&label("pic_point")); # make it PIC! - &set_label("pic_point"); - &blindpop($tmp1); - &lea ($tmp1,&DWP(&label("K_XX_XX")."-".&label("pic_point"),$tmp1)); -&set_label("shaext_shortcut"); - &mov ($ctx,&wparam(0)); - &mov ("ebx","esp"); - &mov ($inp,&wparam(1)); - &mov ($num,&wparam(2)); - &sub ("esp",32); - - &movdqu ($ABCD,&QWP(0,$ctx)); - &movd ($E,&DWP(16,$ctx)); - &and ("esp",-32); - &movdqa ($BSWAP,&QWP(0x50,$tmp1)); # byte-n-word swap - - &movdqu (@MSG[0],&QWP(0,$inp)); - &pshufd ($ABCD,$ABCD,0b00011011); # flip word order - &movdqu (@MSG[1],&QWP(0x10,$inp)); - &pshufd ($E,$E,0b00011011); # flip word order - &movdqu (@MSG[2],&QWP(0x20,$inp)); - &pshufb (@MSG[0],$BSWAP); - &movdqu (@MSG[3],&QWP(0x30,$inp)); - &pshufb (@MSG[1],$BSWAP); - &pshufb (@MSG[2],$BSWAP); - &pshufb (@MSG[3],$BSWAP); - &jmp (&label("loop_shaext")); - -&set_label("loop_shaext",16); - &dec ($num); - &lea ("eax",&DWP(0x40,$inp)); - &movdqa (&QWP(0,"esp"),$E); # offload $E - &paddd ($E,@MSG[0]); - &cmovne ($inp,"eax"); - &movdqa (&QWP(16,"esp"),$ABCD); # offload $ABCD - -for($i=0;$i<20-4;$i+=2) { - &sha1msg1 (@MSG[0],@MSG[1]); - &movdqa ($E_,$ABCD); - &sha1rnds4 ($ABCD,$E,int($i/5)); # 0-3... - &sha1nexte ($E_,@MSG[1]); - &pxor (@MSG[0],@MSG[2]); - &sha1msg1 (@MSG[1],@MSG[2]); - &sha1msg2 (@MSG[0],@MSG[3]); - - &movdqa ($E,$ABCD); - &sha1rnds4 ($ABCD,$E_,int(($i+1)/5)); - &sha1nexte ($E,@MSG[2]); - &pxor (@MSG[1],@MSG[3]); - &sha1msg2 (@MSG[1],@MSG[0]); - - push(@MSG,shift(@MSG)); push(@MSG,shift(@MSG)); -} - &movdqu (@MSG[0],&QWP(0,$inp)); - &movdqa ($E_,$ABCD); - &sha1rnds4 ($ABCD,$E,3); # 64-67 - &sha1nexte ($E_,@MSG[1]); - &movdqu (@MSG[1],&QWP(0x10,$inp)); - &pshufb (@MSG[0],$BSWAP); - - &movdqa ($E,$ABCD); - &sha1rnds4 ($ABCD,$E_,3); # 68-71 - &sha1nexte ($E,@MSG[2]); - &movdqu (@MSG[2],&QWP(0x20,$inp)); - &pshufb (@MSG[1],$BSWAP); - - &movdqa ($E_,$ABCD); - &sha1rnds4 ($ABCD,$E,3); # 72-75 - &sha1nexte ($E_,@MSG[3]); - &movdqu (@MSG[3],&QWP(0x30,$inp)); - &pshufb (@MSG[2],$BSWAP); - - &movdqa ($E,$ABCD); - &sha1rnds4 ($ABCD,$E_,3); # 76-79 - &movdqa ($E_,&QWP(0,"esp")); - &pshufb (@MSG[3],$BSWAP); - &sha1nexte ($E,$E_); - &paddd ($ABCD,&QWP(16,"esp")); - - &jnz (&label("loop_shaext")); - - &pshufd ($ABCD,$ABCD,0b00011011); - &pshufd ($E,$E,0b00011011); - &movdqu (&QWP(0,$ctx),$ABCD) - &movd (&DWP(16,$ctx),$E); - &mov ("esp","ebx"); -&function_end("_sha1_block_data_order_shaext"); -} -###################################################################### -# The SSSE3 implementation. -# -# %xmm[0-7] are used as ring @X[] buffer containing quadruples of last -# 32 elements of the message schedule or Xupdate outputs. First 4 -# quadruples are simply byte-swapped input, next 4 are calculated -# according to method originally suggested by Dean Gaudet (modulo -# being implemented in SSSE3). Once 8 quadruples or 32 elements are -# collected, it switches to routine proposed by Max Locktyukhin. -# -# Calculations inevitably require temporary registers, and there are -# no %xmm registers left to spare. For this reason part of the ring -# buffer, X[2..4] to be specific, is offloaded to 3 quadriples ring -# buffer on the stack. Keep in mind that X[2] is alias X[-6], X[3] - -# X[-5], and X[4] - X[-4]... -# -# Another notable optimization is aggressive stack frame compression -# aiming to minimize amount of 9-byte instructions... -# -# Yet another notable optimization is "jumping" $B variable. It means -# that there is no register permanently allocated for $B value. This -# allowed to eliminate one instruction from body_20_39... -# -my $Xi=4; # 4xSIMD Xupdate round, start pre-seeded -my @X=map("xmm$_",(4..7,0..3)); # pre-seeded for $Xi=4 -my @V=($A,$B,$C,$D,$E); -my $j=0; # hash round -my $rx=0; -my @T=($T,$tmp1); -my $inp; - -my $_rol=sub { &rol(@_) }; -my $_ror=sub { &ror(@_) }; - -&function_begin("_sha1_block_data_order_ssse3"); - &call (&label("pic_point")); # make it PIC! - &set_label("pic_point"); - &blindpop($tmp1); - &lea ($tmp1,&DWP(&label("K_XX_XX")."-".&label("pic_point"),$tmp1)); -&set_label("ssse3_shortcut"); - - &movdqa (@X[3],&QWP(0,$tmp1)); # K_00_19 - &movdqa (@X[4],&QWP(16,$tmp1)); # K_20_39 - &movdqa (@X[5],&QWP(32,$tmp1)); # K_40_59 - &movdqa (@X[6],&QWP(48,$tmp1)); # K_60_79 - &movdqa (@X[2],&QWP(64,$tmp1)); # pbswap mask - - &mov ($E,&wparam(0)); # load argument block - &mov ($inp=@T[1],&wparam(1)); - &mov ($D,&wparam(2)); - &mov (@T[0],"esp"); - - # stack frame layout - # - # +0 X[0]+K X[1]+K X[2]+K X[3]+K # XMM->IALU xfer area - # X[4]+K X[5]+K X[6]+K X[7]+K - # X[8]+K X[9]+K X[10]+K X[11]+K - # X[12]+K X[13]+K X[14]+K X[15]+K - # - # +64 X[0] X[1] X[2] X[3] # XMM->XMM backtrace area - # X[4] X[5] X[6] X[7] - # X[8] X[9] X[10] X[11] # even borrowed for K_00_19 - # - # +112 K_20_39 K_20_39 K_20_39 K_20_39 # constants - # K_40_59 K_40_59 K_40_59 K_40_59 - # K_60_79 K_60_79 K_60_79 K_60_79 - # K_00_19 K_00_19 K_00_19 K_00_19 - # pbswap mask - # - # +192 ctx # argument block - # +196 inp - # +200 end - # +204 esp - &sub ("esp",208); - &and ("esp",-64); - - &movdqa (&QWP(112+0,"esp"),@X[4]); # copy constants - &movdqa (&QWP(112+16,"esp"),@X[5]); - &movdqa (&QWP(112+32,"esp"),@X[6]); - &shl ($D,6); # len*64 - &movdqa (&QWP(112+48,"esp"),@X[3]); - &add ($D,$inp); # end of input - &movdqa (&QWP(112+64,"esp"),@X[2]); - &add ($inp,64); - &mov (&DWP(192+0,"esp"),$E); # save argument block - &mov (&DWP(192+4,"esp"),$inp); - &mov (&DWP(192+8,"esp"),$D); - &mov (&DWP(192+12,"esp"),@T[0]); # save original %esp - - &mov ($A,&DWP(0,$E)); # load context - &mov ($B,&DWP(4,$E)); - &mov ($C,&DWP(8,$E)); - &mov ($D,&DWP(12,$E)); - &mov ($E,&DWP(16,$E)); - &mov (@T[0],$B); # magic seed - - &movdqu (@X[-4&7],&QWP(-64,$inp)); # load input to %xmm[0-3] - &movdqu (@X[-3&7],&QWP(-48,$inp)); - &movdqu (@X[-2&7],&QWP(-32,$inp)); - &movdqu (@X[-1&7],&QWP(-16,$inp)); - &pshufb (@X[-4&7],@X[2]); # byte swap - &pshufb (@X[-3&7],@X[2]); - &pshufb (@X[-2&7],@X[2]); - &movdqa (&QWP(112-16,"esp"),@X[3]); # borrow last backtrace slot - &pshufb (@X[-1&7],@X[2]); - &paddd (@X[-4&7],@X[3]); # add K_00_19 - &paddd (@X[-3&7],@X[3]); - &paddd (@X[-2&7],@X[3]); - &movdqa (&QWP(0,"esp"),@X[-4&7]); # X[]+K xfer to IALU - &psubd (@X[-4&7],@X[3]); # restore X[] - &movdqa (&QWP(0+16,"esp"),@X[-3&7]); - &psubd (@X[-3&7],@X[3]); - &movdqa (&QWP(0+32,"esp"),@X[-2&7]); - &mov (@T[1],$C); - &psubd (@X[-2&7],@X[3]); - &xor (@T[1],$D); - &pshufd (@X[0],@X[-4&7],0xee); # was &movdqa (@X[0],@X[-3&7]); - &and (@T[0],@T[1]); - &jmp (&label("loop")); - -###################################################################### -# SSE instruction sequence is first broken to groups of independent -# instructions, independent in respect to their inputs and shifter -# (not all architectures have more than one). Then IALU instructions -# are "knitted in" between the SSE groups. Distance is maintained for -# SSE latency of 2 in hope that it fits better upcoming AMD Bulldozer -# [which allegedly also implements SSSE3]... -# -# Temporary registers usage. X[2] is volatile at the entry and at the -# end is restored from backtrace ring buffer. X[3] is expected to -# contain current K_XX_XX constant and is used to calculate X[-1]+K -# from previous round, it becomes volatile the moment the value is -# saved to stack for transfer to IALU. X[4] becomes volatile whenever -# X[-4] is accumulated and offloaded to backtrace ring buffer, at the -# end it is loaded with next K_XX_XX [which becomes X[3] in next -# round]... -# -sub Xupdate_ssse3_16_31() # recall that $Xi starts with 4 -{ use integer; - my $body = shift; - my @insns = (&$body,&$body,&$body,&$body); # 40 instructions - my ($a,$b,$c,$d,$e); - - eval(shift(@insns)); # ror - eval(shift(@insns)); - eval(shift(@insns)); - &punpcklqdq(@X[0],@X[-3&7]); # compose "X[-14]" in "X[0]", was &palignr(@X[0],@X[-4&7],8); - &movdqa (@X[2],@X[-1&7]); - eval(shift(@insns)); - eval(shift(@insns)); - - &paddd (@X[3],@X[-1&7]); - &movdqa (&QWP(64+16*(($Xi-4)%3),"esp"),@X[-4&7]);# save X[] to backtrace buffer - eval(shift(@insns)); # rol - eval(shift(@insns)); - &psrldq (@X[2],4); # "X[-3]", 3 dwords - eval(shift(@insns)); - eval(shift(@insns)); - &pxor (@X[0],@X[-4&7]); # "X[0]"^="X[-16]" - eval(shift(@insns)); - eval(shift(@insns)); # ror - - &pxor (@X[2],@X[-2&7]); # "X[-3]"^"X[-8]" - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - - &pxor (@X[0],@X[2]); # "X[0]"^="X[-3]"^"X[-8]" - eval(shift(@insns)); - eval(shift(@insns)); # rol - &movdqa (&QWP(0+16*(($Xi-1)&3),"esp"),@X[3]); # X[]+K xfer to IALU - eval(shift(@insns)); - eval(shift(@insns)); - - &movdqa (@X[4],@X[0]); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); # ror - &movdqa (@X[2],@X[0]); - eval(shift(@insns)); - - &pslldq (@X[4],12); # "X[0]"<<96, extract one dword - &paddd (@X[0],@X[0]); - eval(shift(@insns)); - eval(shift(@insns)); - - &psrld (@X[2],31); - eval(shift(@insns)); - eval(shift(@insns)); # rol - &movdqa (@X[3],@X[4]); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - - &psrld (@X[4],30); - eval(shift(@insns)); - eval(shift(@insns)); # ror - &por (@X[0],@X[2]); # "X[0]"<<<=1 - eval(shift(@insns)); - &movdqa (@X[2],&QWP(64+16*(($Xi-6)%3),"esp")) if ($Xi>5); # restore X[] from backtrace buffer - eval(shift(@insns)); - eval(shift(@insns)); - - &pslld (@X[3],2); - eval(shift(@insns)); - eval(shift(@insns)); # rol - &pxor (@X[0],@X[4]); - &movdqa (@X[4],&QWP(112-16+16*(($Xi)/5),"esp")); # K_XX_XX - eval(shift(@insns)); - eval(shift(@insns)); - - &pxor (@X[0],@X[3]); # "X[0]"^=("X[0]"<<96)<<<2 - &pshufd (@X[1],@X[-3&7],0xee) if ($Xi<7); # was &movdqa (@X[1],@X[-2&7]) - &pshufd (@X[3],@X[-1&7],0xee) if ($Xi==7); - eval(shift(@insns)); - eval(shift(@insns)); - - foreach (@insns) { eval; } # remaining instructions [if any] - - $Xi++; push(@X,shift(@X)); # "rotate" X[] -} - -sub Xupdate_ssse3_32_79() -{ use integer; - my $body = shift; - my @insns = (&$body,&$body,&$body,&$body); # 32 to 44 instructions - my ($a,$b,$c,$d,$e); - - eval(shift(@insns)); # body_20_39 - &pxor (@X[0],@X[-4&7]); # "X[0]"="X[-32]"^"X[-16]" - &punpcklqdq(@X[2],@X[-1&7]); # compose "X[-6]", was &palignr(@X[2],@X[-2&7],8) - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); # rol - - &pxor (@X[0],@X[-7&7]); # "X[0]"^="X[-28]" - &movdqa (&QWP(64+16*(($Xi-4)%3),"esp"),@X[-4&7]); # save X[] to backtrace buffer - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)) if (@insns[0] =~ /_rol/); - if ($Xi%5) { - &movdqa (@X[4],@X[3]); # "perpetuate" K_XX_XX... - } else { # ... or load next one - &movdqa (@X[4],&QWP(112-16+16*($Xi/5),"esp")); - } - eval(shift(@insns)); # ror - &paddd (@X[3],@X[-1&7]); - eval(shift(@insns)); - - &pxor (@X[0],@X[2]); # "X[0]"^="X[-6]" - eval(shift(@insns)); # body_20_39 - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); # rol - - &movdqa (@X[2],@X[0]); - &movdqa (&QWP(0+16*(($Xi-1)&3),"esp"),@X[3]); # X[]+K xfer to IALU - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); # ror - eval(shift(@insns)); - eval(shift(@insns)) if (@insns[0] =~ /_rol/); - - &pslld (@X[0],2); - eval(shift(@insns)); # body_20_39 - eval(shift(@insns)); - &psrld (@X[2],30); - eval(shift(@insns)); - eval(shift(@insns)); # rol - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); # ror - eval(shift(@insns)); - eval(shift(@insns)) if (@insns[1] =~ /_rol/); - eval(shift(@insns)) if (@insns[0] =~ /_rol/); - - &por (@X[0],@X[2]); # "X[0]"<<<=2 - eval(shift(@insns)); # body_20_39 - eval(shift(@insns)); - &movdqa (@X[2],&QWP(64+16*(($Xi-6)%3),"esp")) if($Xi<19); # restore X[] from backtrace buffer - eval(shift(@insns)); - eval(shift(@insns)); # rol - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); # ror - &pshufd (@X[3],@X[-1],0xee) if ($Xi<19); # was &movdqa (@X[3],@X[0]) - eval(shift(@insns)); - - foreach (@insns) { eval; } # remaining instructions - - $Xi++; push(@X,shift(@X)); # "rotate" X[] -} - -sub Xuplast_ssse3_80() -{ use integer; - my $body = shift; - my @insns = (&$body,&$body,&$body,&$body); # 32 instructions - my ($a,$b,$c,$d,$e); - - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - &paddd (@X[3],@X[-1&7]); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - - &movdqa (&QWP(0+16*(($Xi-1)&3),"esp"),@X[3]); # X[]+K xfer IALU - - foreach (@insns) { eval; } # remaining instructions - - &mov ($inp=@T[1],&DWP(192+4,"esp")); - &cmp ($inp,&DWP(192+8,"esp")); - &je (&label("done")); - - &movdqa (@X[3],&QWP(112+48,"esp")); # K_00_19 - &movdqa (@X[2],&QWP(112+64,"esp")); # pbswap mask - &movdqu (@X[-4&7],&QWP(0,$inp)); # load input - &movdqu (@X[-3&7],&QWP(16,$inp)); - &movdqu (@X[-2&7],&QWP(32,$inp)); - &movdqu (@X[-1&7],&QWP(48,$inp)); - &add ($inp,64); - &pshufb (@X[-4&7],@X[2]); # byte swap - &mov (&DWP(192+4,"esp"),$inp); - &movdqa (&QWP(112-16,"esp"),@X[3]); # borrow last backtrace slot - - $Xi=0; -} - -sub Xloop_ssse3() -{ use integer; - my $body = shift; - my @insns = (&$body,&$body,&$body,&$body); # 32 instructions - my ($a,$b,$c,$d,$e); - - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - &pshufb (@X[($Xi-3)&7],@X[2]); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - &paddd (@X[($Xi-4)&7],@X[3]); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - &movdqa (&QWP(0+16*$Xi,"esp"),@X[($Xi-4)&7]); # X[]+K xfer to IALU - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - &psubd (@X[($Xi-4)&7],@X[3]); - - foreach (@insns) { eval; } - $Xi++; -} - -sub Xtail_ssse3() -{ use integer; - my $body = shift; - my @insns = (&$body,&$body,&$body,&$body); # 32 instructions - my ($a,$b,$c,$d,$e); - - foreach (@insns) { eval; } -} - -sub body_00_19 () { # ((c^d)&b)^d - # on start @T[0]=(c^d)&b - return &body_20_39() if ($rx==19); $rx++; - ( - '($a,$b,$c,$d,$e)=@V;'. - '&$_ror ($b,$j?7:2);', # $b>>>2 - '&xor (@T[0],$d);', - '&mov (@T[1],$a);', # $b in next round - - '&add ($e,&DWP(4*($j&15),"esp"));', # X[]+K xfer - '&xor ($b,$c);', # $c^$d for next round - - '&$_rol ($a,5);', - '&add ($e,@T[0]);', - '&and (@T[1],$b);', # ($b&($c^$d)) for next round - - '&xor ($b,$c);', # restore $b - '&add ($e,$a);' .'$j++; unshift(@V,pop(@V)); unshift(@T,pop(@T));' - ); -} - -sub body_20_39 () { # b^d^c - # on entry @T[0]=b^d - return &body_40_59() if ($rx==39); $rx++; - ( - '($a,$b,$c,$d,$e)=@V;'. - '&add ($e,&DWP(4*($j&15),"esp"));', # X[]+K xfer - '&xor (@T[0],$d) if($j==19);'. - '&xor (@T[0],$c) if($j> 19);', # ($b^$d^$c) - '&mov (@T[1],$a);', # $b in next round - - '&$_rol ($a,5);', - '&add ($e,@T[0]);', - '&xor (@T[1],$c) if ($j< 79);', # $b^$d for next round - - '&$_ror ($b,7);', # $b>>>2 - '&add ($e,$a);' .'$j++; unshift(@V,pop(@V)); unshift(@T,pop(@T));' - ); -} - -sub body_40_59 () { # ((b^c)&(c^d))^c - # on entry @T[0]=(b^c), (c^=d) - $rx++; - ( - '($a,$b,$c,$d,$e)=@V;'. - '&add ($e,&DWP(4*($j&15),"esp"));', # X[]+K xfer - '&and (@T[0],$c) if ($j>=40);', # (b^c)&(c^d) - '&xor ($c,$d) if ($j>=40);', # restore $c - - '&$_ror ($b,7);', # $b>>>2 - '&mov (@T[1],$a);', # $b for next round - '&xor (@T[0],$c);', - - '&$_rol ($a,5);', - '&add ($e,@T[0]);', - '&xor (@T[1],$c) if ($j==59);'. - '&xor (@T[1],$b) if ($j< 59);', # b^c for next round - - '&xor ($b,$c) if ($j< 59);', # c^d for next round - '&add ($e,$a);' .'$j++; unshift(@V,pop(@V)); unshift(@T,pop(@T));' - ); -} -###### -sub bodyx_00_19 () { # ((c^d)&b)^d - # on start @T[0]=(b&c)^(~b&d), $e+=X[]+K - return &bodyx_20_39() if ($rx==19); $rx++; - ( - '($a,$b,$c,$d,$e)=@V;'. - - '&rorx ($b,$b,2) if ($j==0);'. # $b>>>2 - '&rorx ($b,@T[1],7) if ($j!=0);', # $b>>>2 - '&lea ($e,&DWP(0,$e,@T[0]));', - '&rorx (@T[0],$a,5);', - - '&andn (@T[1],$a,$c);', - '&and ($a,$b)', - '&add ($d,&DWP(4*(($j+1)&15),"esp"));', # X[]+K xfer - - '&xor (@T[1],$a)', - '&add ($e,@T[0]);' .'$j++; unshift(@V,pop(@V)); unshift(@T,pop(@T));' - ); -} - -sub bodyx_20_39 () { # b^d^c - # on start $b=b^c^d - return &bodyx_40_59() if ($rx==39); $rx++; - ( - '($a,$b,$c,$d,$e)=@V;'. - - '&add ($e,($j==19?@T[0]:$b))', - '&rorx ($b,@T[1],7);', # $b>>>2 - '&rorx (@T[0],$a,5);', - - '&xor ($a,$b) if ($j<79);', - '&add ($d,&DWP(4*(($j+1)&15),"esp")) if ($j<79);', # X[]+K xfer - '&xor ($a,$c) if ($j<79);', - '&add ($e,@T[0]);' .'$j++; unshift(@V,pop(@V)); unshift(@T,pop(@T));' - ); -} - -sub bodyx_40_59 () { # ((b^c)&(c^d))^c - # on start $b=((b^c)&(c^d))^c - return &bodyx_20_39() if ($rx==59); $rx++; - ( - '($a,$b,$c,$d,$e)=@V;'. - - '&rorx (@T[0],$a,5)', - '&lea ($e,&DWP(0,$e,$b))', - '&rorx ($b,@T[1],7)', # $b>>>2 - '&add ($d,&DWP(4*(($j+1)&15),"esp"))', # X[]+K xfer - - '&mov (@T[1],$c)', - '&xor ($a,$b)', # b^c for next round - '&xor (@T[1],$b)', # c^d for next round - - '&and ($a,@T[1])', - '&add ($e,@T[0])', - '&xor ($a,$b)' .'$j++; unshift(@V,pop(@V)); unshift(@T,pop(@T));' - ); -} - -&set_label("loop",16); - &Xupdate_ssse3_16_31(\&body_00_19); - &Xupdate_ssse3_16_31(\&body_00_19); - &Xupdate_ssse3_16_31(\&body_00_19); - &Xupdate_ssse3_16_31(\&body_00_19); - &Xupdate_ssse3_32_79(\&body_00_19); - &Xupdate_ssse3_32_79(\&body_20_39); - &Xupdate_ssse3_32_79(\&body_20_39); - &Xupdate_ssse3_32_79(\&body_20_39); - &Xupdate_ssse3_32_79(\&body_20_39); - &Xupdate_ssse3_32_79(\&body_20_39); - &Xupdate_ssse3_32_79(\&body_40_59); - &Xupdate_ssse3_32_79(\&body_40_59); - &Xupdate_ssse3_32_79(\&body_40_59); - &Xupdate_ssse3_32_79(\&body_40_59); - &Xupdate_ssse3_32_79(\&body_40_59); - &Xupdate_ssse3_32_79(\&body_20_39); - &Xuplast_ssse3_80(\&body_20_39); # can jump to "done" - - $saved_j=$j; @saved_V=@V; - - &Xloop_ssse3(\&body_20_39); - &Xloop_ssse3(\&body_20_39); - &Xloop_ssse3(\&body_20_39); - - &mov (@T[1],&DWP(192,"esp")); # update context - &add ($A,&DWP(0,@T[1])); - &add (@T[0],&DWP(4,@T[1])); # $b - &add ($C,&DWP(8,@T[1])); - &mov (&DWP(0,@T[1]),$A); - &add ($D,&DWP(12,@T[1])); - &mov (&DWP(4,@T[1]),@T[0]); - &add ($E,&DWP(16,@T[1])); - &mov (&DWP(8,@T[1]),$C); - &mov ($B,$C); - &mov (&DWP(12,@T[1]),$D); - &xor ($B,$D); - &mov (&DWP(16,@T[1]),$E); - &mov (@T[1],@T[0]); - &pshufd (@X[0],@X[-4&7],0xee); # was &movdqa (@X[0],@X[-3&7]); - &and (@T[0],$B); - &mov ($B,$T[1]); - - &jmp (&label("loop")); - -&set_label("done",16); $j=$saved_j; @V=@saved_V; - - &Xtail_ssse3(\&body_20_39); - &Xtail_ssse3(\&body_20_39); - &Xtail_ssse3(\&body_20_39); - - &mov (@T[1],&DWP(192,"esp")); # update context - &add ($A,&DWP(0,@T[1])); - &mov ("esp",&DWP(192+12,"esp")); # restore %esp - &add (@T[0],&DWP(4,@T[1])); # $b - &add ($C,&DWP(8,@T[1])); - &mov (&DWP(0,@T[1]),$A); - &add ($D,&DWP(12,@T[1])); - &mov (&DWP(4,@T[1]),@T[0]); - &add ($E,&DWP(16,@T[1])); - &mov (&DWP(8,@T[1]),$C); - &mov (&DWP(12,@T[1]),$D); - &mov (&DWP(16,@T[1]),$E); - -&function_end("_sha1_block_data_order_ssse3"); - -$rx=0; # reset - -if ($ymm) { -my $Xi=4; # 4xSIMD Xupdate round, start pre-seeded -my @X=map("xmm$_",(4..7,0..3)); # pre-seeded for $Xi=4 -my @V=($A,$B,$C,$D,$E); -my $j=0; # hash round -my @T=($T,$tmp1); -my $inp; - -my $_rol=sub { &shld(@_[0],@_) }; -my $_ror=sub { &shrd(@_[0],@_) }; - -&function_begin("_sha1_block_data_order_avx"); - &call (&label("pic_point")); # make it PIC! - &set_label("pic_point"); - &blindpop($tmp1); - &lea ($tmp1,&DWP(&label("K_XX_XX")."-".&label("pic_point"),$tmp1)); -&set_label("avx_shortcut"); - &vzeroall(); - - &vmovdqa(@X[3],&QWP(0,$tmp1)); # K_00_19 - &vmovdqa(@X[4],&QWP(16,$tmp1)); # K_20_39 - &vmovdqa(@X[5],&QWP(32,$tmp1)); # K_40_59 - &vmovdqa(@X[6],&QWP(48,$tmp1)); # K_60_79 - &vmovdqa(@X[2],&QWP(64,$tmp1)); # pbswap mask - - &mov ($E,&wparam(0)); # load argument block - &mov ($inp=@T[1],&wparam(1)); - &mov ($D,&wparam(2)); - &mov (@T[0],"esp"); - - # stack frame layout - # - # +0 X[0]+K X[1]+K X[2]+K X[3]+K # XMM->IALU xfer area - # X[4]+K X[5]+K X[6]+K X[7]+K - # X[8]+K X[9]+K X[10]+K X[11]+K - # X[12]+K X[13]+K X[14]+K X[15]+K - # - # +64 X[0] X[1] X[2] X[3] # XMM->XMM backtrace area - # X[4] X[5] X[6] X[7] - # X[8] X[9] X[10] X[11] # even borrowed for K_00_19 - # - # +112 K_20_39 K_20_39 K_20_39 K_20_39 # constants - # K_40_59 K_40_59 K_40_59 K_40_59 - # K_60_79 K_60_79 K_60_79 K_60_79 - # K_00_19 K_00_19 K_00_19 K_00_19 - # pbswap mask - # - # +192 ctx # argument block - # +196 inp - # +200 end - # +204 esp - &sub ("esp",208); - &and ("esp",-64); - - &vmovdqa(&QWP(112+0,"esp"),@X[4]); # copy constants - &vmovdqa(&QWP(112+16,"esp"),@X[5]); - &vmovdqa(&QWP(112+32,"esp"),@X[6]); - &shl ($D,6); # len*64 - &vmovdqa(&QWP(112+48,"esp"),@X[3]); - &add ($D,$inp); # end of input - &vmovdqa(&QWP(112+64,"esp"),@X[2]); - &add ($inp,64); - &mov (&DWP(192+0,"esp"),$E); # save argument block - &mov (&DWP(192+4,"esp"),$inp); - &mov (&DWP(192+8,"esp"),$D); - &mov (&DWP(192+12,"esp"),@T[0]); # save original %esp - - &mov ($A,&DWP(0,$E)); # load context - &mov ($B,&DWP(4,$E)); - &mov ($C,&DWP(8,$E)); - &mov ($D,&DWP(12,$E)); - &mov ($E,&DWP(16,$E)); - &mov (@T[0],$B); # magic seed - - &vmovdqu(@X[-4&7],&QWP(-64,$inp)); # load input to %xmm[0-3] - &vmovdqu(@X[-3&7],&QWP(-48,$inp)); - &vmovdqu(@X[-2&7],&QWP(-32,$inp)); - &vmovdqu(@X[-1&7],&QWP(-16,$inp)); - &vpshufb(@X[-4&7],@X[-4&7],@X[2]); # byte swap - &vpshufb(@X[-3&7],@X[-3&7],@X[2]); - &vpshufb(@X[-2&7],@X[-2&7],@X[2]); - &vmovdqa(&QWP(112-16,"esp"),@X[3]); # borrow last backtrace slot - &vpshufb(@X[-1&7],@X[-1&7],@X[2]); - &vpaddd (@X[0],@X[-4&7],@X[3]); # add K_00_19 - &vpaddd (@X[1],@X[-3&7],@X[3]); - &vpaddd (@X[2],@X[-2&7],@X[3]); - &vmovdqa(&QWP(0,"esp"),@X[0]); # X[]+K xfer to IALU - &mov (@T[1],$C); - &vmovdqa(&QWP(0+16,"esp"),@X[1]); - &xor (@T[1],$D); - &vmovdqa(&QWP(0+32,"esp"),@X[2]); - &and (@T[0],@T[1]); - &jmp (&label("loop")); - -sub Xupdate_avx_16_31() # recall that $Xi starts with 4 -{ use integer; - my $body = shift; - my @insns = (&$body,&$body,&$body,&$body); # 40 instructions - my ($a,$b,$c,$d,$e); - - eval(shift(@insns)); - eval(shift(@insns)); - &vpalignr(@X[0],@X[-3&7],@X[-4&7],8); # compose "X[-14]" in "X[0]" - eval(shift(@insns)); - eval(shift(@insns)); - - &vpaddd (@X[3],@X[3],@X[-1&7]); - &vmovdqa (&QWP(64+16*(($Xi-4)%3),"esp"),@X[-4&7]);# save X[] to backtrace buffer - eval(shift(@insns)); - eval(shift(@insns)); - &vpsrldq(@X[2],@X[-1&7],4); # "X[-3]", 3 dwords - eval(shift(@insns)); - eval(shift(@insns)); - &vpxor (@X[0],@X[0],@X[-4&7]); # "X[0]"^="X[-16]" - eval(shift(@insns)); - eval(shift(@insns)); - - &vpxor (@X[2],@X[2],@X[-2&7]); # "X[-3]"^"X[-8]" - eval(shift(@insns)); - eval(shift(@insns)); - &vmovdqa (&QWP(0+16*(($Xi-1)&3),"esp"),@X[3]); # X[]+K xfer to IALU - eval(shift(@insns)); - eval(shift(@insns)); - - &vpxor (@X[0],@X[0],@X[2]); # "X[0]"^="X[-3]"^"X[-8]" - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - - &vpsrld (@X[2],@X[0],31); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - - &vpslldq(@X[4],@X[0],12); # "X[0]"<<96, extract one dword - &vpaddd (@X[0],@X[0],@X[0]); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - - &vpsrld (@X[3],@X[4],30); - &vpor (@X[0],@X[0],@X[2]); # "X[0]"<<<=1 - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - - &vpslld (@X[4],@X[4],2); - &vmovdqa (@X[2],&QWP(64+16*(($Xi-6)%3),"esp")) if ($Xi>5); # restore X[] from backtrace buffer - eval(shift(@insns)); - eval(shift(@insns)); - &vpxor (@X[0],@X[0],@X[3]); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - - &vpxor (@X[0],@X[0],@X[4]); # "X[0]"^=("X[0]"<<96)<<<2 - eval(shift(@insns)); - eval(shift(@insns)); - &vmovdqa (@X[4],&QWP(112-16+16*(($Xi)/5),"esp")); # K_XX_XX - eval(shift(@insns)); - eval(shift(@insns)); - - foreach (@insns) { eval; } # remaining instructions [if any] - - $Xi++; push(@X,shift(@X)); # "rotate" X[] -} - -sub Xupdate_avx_32_79() -{ use integer; - my $body = shift; - my @insns = (&$body,&$body,&$body,&$body); # 32 to 44 instructions - my ($a,$b,$c,$d,$e); - - &vpalignr(@X[2],@X[-1&7],@X[-2&7],8); # compose "X[-6]" - &vpxor (@X[0],@X[0],@X[-4&7]); # "X[0]"="X[-32]"^"X[-16]" - eval(shift(@insns)); # body_20_39 - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); # rol - - &vpxor (@X[0],@X[0],@X[-7&7]); # "X[0]"^="X[-28]" - &vmovdqa (&QWP(64+16*(($Xi-4)%3),"esp"),@X[-4&7]); # save X[] to backtrace buffer - eval(shift(@insns)); - eval(shift(@insns)); - if ($Xi%5) { - &vmovdqa (@X[4],@X[3]); # "perpetuate" K_XX_XX... - } else { # ... or load next one - &vmovdqa (@X[4],&QWP(112-16+16*($Xi/5),"esp")); - } - &vpaddd (@X[3],@X[3],@X[-1&7]); - eval(shift(@insns)); # ror - eval(shift(@insns)); - - &vpxor (@X[0],@X[0],@X[2]); # "X[0]"^="X[-6]" - eval(shift(@insns)); # body_20_39 - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); # rol - - &vpsrld (@X[2],@X[0],30); - &vmovdqa (&QWP(0+16*(($Xi-1)&3),"esp"),@X[3]); # X[]+K xfer to IALU - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); # ror - eval(shift(@insns)); - - &vpslld (@X[0],@X[0],2); - eval(shift(@insns)); # body_20_39 - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); # rol - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); # ror - eval(shift(@insns)); - - &vpor (@X[0],@X[0],@X[2]); # "X[0]"<<<=2 - eval(shift(@insns)); # body_20_39 - eval(shift(@insns)); - &vmovdqa (@X[2],&QWP(64+16*(($Xi-6)%3),"esp")) if($Xi<19); # restore X[] from backtrace buffer - eval(shift(@insns)); - eval(shift(@insns)); # rol - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); # ror - eval(shift(@insns)); - - foreach (@insns) { eval; } # remaining instructions - - $Xi++; push(@X,shift(@X)); # "rotate" X[] -} - -sub Xuplast_avx_80() -{ use integer; - my $body = shift; - my @insns = (&$body,&$body,&$body,&$body); # 32 instructions - my ($a,$b,$c,$d,$e); - - eval(shift(@insns)); - &vpaddd (@X[3],@X[3],@X[-1&7]); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - - &vmovdqa (&QWP(0+16*(($Xi-1)&3),"esp"),@X[3]); # X[]+K xfer IALU - - foreach (@insns) { eval; } # remaining instructions - - &mov ($inp=@T[1],&DWP(192+4,"esp")); - &cmp ($inp,&DWP(192+8,"esp")); - &je (&label("done")); - - &vmovdqa(@X[3],&QWP(112+48,"esp")); # K_00_19 - &vmovdqa(@X[2],&QWP(112+64,"esp")); # pbswap mask - &vmovdqu(@X[-4&7],&QWP(0,$inp)); # load input - &vmovdqu(@X[-3&7],&QWP(16,$inp)); - &vmovdqu(@X[-2&7],&QWP(32,$inp)); - &vmovdqu(@X[-1&7],&QWP(48,$inp)); - &add ($inp,64); - &vpshufb(@X[-4&7],@X[-4&7],@X[2]); # byte swap - &mov (&DWP(192+4,"esp"),$inp); - &vmovdqa(&QWP(112-16,"esp"),@X[3]); # borrow last backtrace slot - - $Xi=0; -} - -sub Xloop_avx() -{ use integer; - my $body = shift; - my @insns = (&$body,&$body,&$body,&$body); # 32 instructions - my ($a,$b,$c,$d,$e); - - eval(shift(@insns)); - eval(shift(@insns)); - &vpshufb (@X[($Xi-3)&7],@X[($Xi-3)&7],@X[2]); - eval(shift(@insns)); - eval(shift(@insns)); - &vpaddd (@X[$Xi&7],@X[($Xi-4)&7],@X[3]); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - &vmovdqa (&QWP(0+16*$Xi,"esp"),@X[$Xi&7]); # X[]+K xfer to IALU - eval(shift(@insns)); - eval(shift(@insns)); - - foreach (@insns) { eval; } - $Xi++; -} - -sub Xtail_avx() -{ use integer; - my $body = shift; - my @insns = (&$body,&$body,&$body,&$body); # 32 instructions - my ($a,$b,$c,$d,$e); - - foreach (@insns) { eval; } -} - -&set_label("loop",16); - &Xupdate_avx_16_31(\&body_00_19); - &Xupdate_avx_16_31(\&body_00_19); - &Xupdate_avx_16_31(\&body_00_19); - &Xupdate_avx_16_31(\&body_00_19); - &Xupdate_avx_32_79(\&body_00_19); - &Xupdate_avx_32_79(\&body_20_39); - &Xupdate_avx_32_79(\&body_20_39); - &Xupdate_avx_32_79(\&body_20_39); - &Xupdate_avx_32_79(\&body_20_39); - &Xupdate_avx_32_79(\&body_20_39); - &Xupdate_avx_32_79(\&body_40_59); - &Xupdate_avx_32_79(\&body_40_59); - &Xupdate_avx_32_79(\&body_40_59); - &Xupdate_avx_32_79(\&body_40_59); - &Xupdate_avx_32_79(\&body_40_59); - &Xupdate_avx_32_79(\&body_20_39); - &Xuplast_avx_80(\&body_20_39); # can jump to "done" - - $saved_j=$j; @saved_V=@V; - - &Xloop_avx(\&body_20_39); - &Xloop_avx(\&body_20_39); - &Xloop_avx(\&body_20_39); - - &mov (@T[1],&DWP(192,"esp")); # update context - &add ($A,&DWP(0,@T[1])); - &add (@T[0],&DWP(4,@T[1])); # $b - &add ($C,&DWP(8,@T[1])); - &mov (&DWP(0,@T[1]),$A); - &add ($D,&DWP(12,@T[1])); - &mov (&DWP(4,@T[1]),@T[0]); - &add ($E,&DWP(16,@T[1])); - &mov ($B,$C); - &mov (&DWP(8,@T[1]),$C); - &xor ($B,$D); - &mov (&DWP(12,@T[1]),$D); - &mov (&DWP(16,@T[1]),$E); - &mov (@T[1],@T[0]); - &and (@T[0],$B); - &mov ($B,@T[1]); - - &jmp (&label("loop")); - -&set_label("done",16); $j=$saved_j; @V=@saved_V; - - &Xtail_avx(\&body_20_39); - &Xtail_avx(\&body_20_39); - &Xtail_avx(\&body_20_39); - - &vzeroall(); - - &mov (@T[1],&DWP(192,"esp")); # update context - &add ($A,&DWP(0,@T[1])); - &mov ("esp",&DWP(192+12,"esp")); # restore %esp - &add (@T[0],&DWP(4,@T[1])); # $b - &add ($C,&DWP(8,@T[1])); - &mov (&DWP(0,@T[1]),$A); - &add ($D,&DWP(12,@T[1])); - &mov (&DWP(4,@T[1]),@T[0]); - &add ($E,&DWP(16,@T[1])); - &mov (&DWP(8,@T[1]),$C); - &mov (&DWP(12,@T[1]),$D); - &mov (&DWP(16,@T[1]),$E); -&function_end("_sha1_block_data_order_avx"); -} -&set_label("K_XX_XX",64); -&data_word(0x5a827999,0x5a827999,0x5a827999,0x5a827999); # K_00_19 -&data_word(0x6ed9eba1,0x6ed9eba1,0x6ed9eba1,0x6ed9eba1); # K_20_39 -&data_word(0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc); # K_40_59 -&data_word(0xca62c1d6,0xca62c1d6,0xca62c1d6,0xca62c1d6); # K_60_79 -&data_word(0x00010203,0x04050607,0x08090a0b,0x0c0d0e0f); # pbswap mask -&data_byte(0xf,0xe,0xd,0xc,0xb,0xa,0x9,0x8,0x7,0x6,0x5,0x4,0x3,0x2,0x1,0x0); -} -&asciz("SHA1 block transform for x86, CRYPTOGAMS by "); - -&asm_finish(); - -close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/sha/asm/sha1-alpha.pl b/crypto/sha/asm/sha1-alpha.pl deleted file mode 100644 index 0ffc090602e1eedf2971bcb618cc0c9a626b8033..0000000000000000000000000000000000000000 --- a/crypto/sha/asm/sha1-alpha.pl +++ /dev/null @@ -1,329 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2009-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - - -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# ==================================================================== - -# SHA1 block procedure for Alpha. - -# On 21264 performance is 33% better than code generated by vendor -# compiler, and 75% better than GCC [3.4], and in absolute terms is -# 8.7 cycles per processed byte. Implementation features vectorized -# byte swap, but not Xupdate. - -@X=( "\$0", "\$1", "\$2", "\$3", "\$4", "\$5", "\$6", "\$7", - "\$8", "\$9", "\$10", "\$11", "\$12", "\$13", "\$14", "\$15"); -$ctx="a0"; # $16 -$inp="a1"; -$num="a2"; -$A="a3"; -$B="a4"; # 20 -$C="a5"; -$D="t8"; -$E="t9"; @V=($A,$B,$C,$D,$E); -$t0="t10"; # 24 -$t1="t11"; -$t2="ra"; -$t3="t12"; -$K="AT"; # 28 - -sub BODY_00_19 { -my ($i,$a,$b,$c,$d,$e)=@_; -my $j=$i+1; -$code.=<<___ if ($i==0); - ldq_u @X[0],0+0($inp) - ldq_u @X[1],0+7($inp) -___ -$code.=<<___ if (!($i&1) && $i<14); - ldq_u @X[$i+2],($i+2)*4+0($inp) - ldq_u @X[$i+3],($i+2)*4+7($inp) -___ -$code.=<<___ if (!($i&1) && $i<15); - extql @X[$i],$inp,@X[$i] - extqh @X[$i+1],$inp,@X[$i+1] - - or @X[$i+1],@X[$i],@X[$i] # pair of 32-bit values are fetched - - srl @X[$i],24,$t0 # vectorized byte swap - srl @X[$i],8,$t2 - - sll @X[$i],8,$t3 - sll @X[$i],24,@X[$i] - zapnot $t0,0x11,$t0 - zapnot $t2,0x22,$t2 - - zapnot @X[$i],0x88,@X[$i] - or $t0,$t2,$t0 - zapnot $t3,0x44,$t3 - sll $a,5,$t1 - - or @X[$i],$t0,@X[$i] - addl $K,$e,$e - and $b,$c,$t2 - zapnot $a,0xf,$a - - or @X[$i],$t3,@X[$i] - srl $a,27,$t0 - bic $d,$b,$t3 - sll $b,30,$b - - extll @X[$i],4,@X[$i+1] # extract upper half - or $t2,$t3,$t2 - addl @X[$i],$e,$e - - addl $t1,$e,$e - srl $b,32,$t3 - zapnot @X[$i],0xf,@X[$i] - - addl $t0,$e,$e - addl $t2,$e,$e - or $t3,$b,$b -___ -$code.=<<___ if (($i&1) && $i<15); - sll $a,5,$t1 - addl $K,$e,$e - and $b,$c,$t2 - zapnot $a,0xf,$a - - srl $a,27,$t0 - addl @X[$i%16],$e,$e - bic $d,$b,$t3 - sll $b,30,$b - - or $t2,$t3,$t2 - addl $t1,$e,$e - srl $b,32,$t3 - zapnot @X[$i],0xf,@X[$i] - - addl $t0,$e,$e - addl $t2,$e,$e - or $t3,$b,$b -___ -$code.=<<___ if ($i>=15); # with forward Xupdate - sll $a,5,$t1 - addl $K,$e,$e - and $b,$c,$t2 - xor @X[($j+2)%16],@X[$j%16],@X[$j%16] - - zapnot $a,0xf,$a - addl @X[$i%16],$e,$e - bic $d,$b,$t3 - xor @X[($j+8)%16],@X[$j%16],@X[$j%16] - - srl $a,27,$t0 - addl $t1,$e,$e - or $t2,$t3,$t2 - xor @X[($j+13)%16],@X[$j%16],@X[$j%16] - - sll $b,30,$b - addl $t0,$e,$e - srl @X[$j%16],31,$t1 - - addl $t2,$e,$e - srl $b,32,$t3 - addl @X[$j%16],@X[$j%16],@X[$j%16] - - or $t3,$b,$b - zapnot @X[$i%16],0xf,@X[$i%16] - or $t1,@X[$j%16],@X[$j%16] -___ -} - -sub BODY_20_39 { -my ($i,$a,$b,$c,$d,$e)=@_; -my $j=$i+1; -$code.=<<___ if ($i<79); # with forward Xupdate - sll $a,5,$t1 - addl $K,$e,$e - zapnot $a,0xf,$a - xor @X[($j+2)%16],@X[$j%16],@X[$j%16] - - sll $b,30,$t3 - addl $t1,$e,$e - xor $b,$c,$t2 - xor @X[($j+8)%16],@X[$j%16],@X[$j%16] - - srl $b,2,$b - addl @X[$i%16],$e,$e - xor $d,$t2,$t2 - xor @X[($j+13)%16],@X[$j%16],@X[$j%16] - - srl @X[$j%16],31,$t1 - addl $t2,$e,$e - srl $a,27,$t0 - addl @X[$j%16],@X[$j%16],@X[$j%16] - - or $t3,$b,$b - addl $t0,$e,$e - or $t1,@X[$j%16],@X[$j%16] -___ -$code.=<<___ if ($i<77); - zapnot @X[$i%16],0xf,@X[$i%16] -___ -$code.=<<___ if ($i==79); # with context fetch - sll $a,5,$t1 - addl $K,$e,$e - zapnot $a,0xf,$a - ldl @X[0],0($ctx) - - sll $b,30,$t3 - addl $t1,$e,$e - xor $b,$c,$t2 - ldl @X[1],4($ctx) - - srl $b,2,$b - addl @X[$i%16],$e,$e - xor $d,$t2,$t2 - ldl @X[2],8($ctx) - - srl $a,27,$t0 - addl $t2,$e,$e - ldl @X[3],12($ctx) - - or $t3,$b,$b - addl $t0,$e,$e - ldl @X[4],16($ctx) -___ -} - -sub BODY_40_59 { -my ($i,$a,$b,$c,$d,$e)=@_; -my $j=$i+1; -$code.=<<___; # with forward Xupdate - sll $a,5,$t1 - addl $K,$e,$e - zapnot $a,0xf,$a - xor @X[($j+2)%16],@X[$j%16],@X[$j%16] - - srl $a,27,$t0 - and $b,$c,$t2 - and $b,$d,$t3 - xor @X[($j+8)%16],@X[$j%16],@X[$j%16] - - sll $b,30,$b - addl $t1,$e,$e - xor @X[($j+13)%16],@X[$j%16],@X[$j%16] - - srl @X[$j%16],31,$t1 - addl $t0,$e,$e - or $t2,$t3,$t2 - and $c,$d,$t3 - - or $t2,$t3,$t2 - srl $b,32,$t3 - addl @X[$i%16],$e,$e - addl @X[$j%16],@X[$j%16],@X[$j%16] - - or $t3,$b,$b - addl $t2,$e,$e - or $t1,@X[$j%16],@X[$j%16] - zapnot @X[$i%16],0xf,@X[$i%16] -___ -} - -$code=<<___; -#ifdef __linux__ -#include -#else -#include -#include -#endif - -.text - -.set noat -.set noreorder -.globl sha1_block_data_order -.align 5 -.ent sha1_block_data_order -sha1_block_data_order: - lda sp,-64(sp) - stq ra,0(sp) - stq s0,8(sp) - stq s1,16(sp) - stq s2,24(sp) - stq s3,32(sp) - stq s4,40(sp) - stq s5,48(sp) - stq fp,56(sp) - .mask 0x0400fe00,-64 - .frame sp,64,ra - .prologue 0 - - ldl $A,0($ctx) - ldl $B,4($ctx) - sll $num,6,$num - ldl $C,8($ctx) - ldl $D,12($ctx) - ldl $E,16($ctx) - addq $inp,$num,$num - -.Lloop: - .set noreorder - ldah $K,23170(zero) - zapnot $B,0xf,$B - lda $K,31129($K) # K_00_19 -___ -for ($i=0;$i<20;$i++) { &BODY_00_19($i,@V); unshift(@V,pop(@V)); } - -$code.=<<___; - ldah $K,28378(zero) - lda $K,-5215($K) # K_20_39 -___ -for (;$i<40;$i++) { &BODY_20_39($i,@V); unshift(@V,pop(@V)); } - -$code.=<<___; - ldah $K,-28900(zero) - lda $K,-17188($K) # K_40_59 -___ -for (;$i<60;$i++) { &BODY_40_59($i,@V); unshift(@V,pop(@V)); } - -$code.=<<___; - ldah $K,-13725(zero) - lda $K,-15914($K) # K_60_79 -___ -for (;$i<80;$i++) { &BODY_20_39($i,@V); unshift(@V,pop(@V)); } - -$code.=<<___; - addl @X[0],$A,$A - addl @X[1],$B,$B - addl @X[2],$C,$C - addl @X[3],$D,$D - addl @X[4],$E,$E - stl $A,0($ctx) - stl $B,4($ctx) - addq $inp,64,$inp - stl $C,8($ctx) - stl $D,12($ctx) - stl $E,16($ctx) - cmpult $inp,$num,$t1 - bne $t1,.Lloop - - .set noreorder - ldq ra,0(sp) - ldq s0,8(sp) - ldq s1,16(sp) - ldq s2,24(sp) - ldq s3,32(sp) - ldq s4,40(sp) - ldq s5,48(sp) - ldq fp,56(sp) - lda sp,64(sp) - ret (ra) -.end sha1_block_data_order -.ascii "SHA1 block transform for Alpha, CRYPTOGAMS by " -.align 2 -___ -$output=pop and open STDOUT,">$output"; -print $code; -close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/sha/asm/sha1-armv4-large.pl b/crypto/sha/asm/sha1-armv4-large.pl deleted file mode 100644 index 6a2e12bf17d7b025dff25511ee7125d01eeed67f..0000000000000000000000000000000000000000 --- a/crypto/sha/asm/sha1-armv4-large.pl +++ /dev/null @@ -1,752 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - - -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# ==================================================================== - -# sha1_block procedure for ARMv4. -# -# January 2007. - -# Size/performance trade-off -# ==================================================================== -# impl size in bytes comp cycles[*] measured performance -# ==================================================================== -# thumb 304 3212 4420 -# armv4-small 392/+29% 1958/+64% 2250/+96% -# armv4-compact 740/+89% 1552/+26% 1840/+22% -# armv4-large 1420/+92% 1307/+19% 1370/+34%[***] -# full unroll ~5100/+260% ~1260/+4% ~1300/+5% -# ==================================================================== -# thumb = same as 'small' but in Thumb instructions[**] and -# with recurring code in two private functions; -# small = detached Xload/update, loops are folded; -# compact = detached Xload/update, 5x unroll; -# large = interleaved Xload/update, 5x unroll; -# full unroll = interleaved Xload/update, full unroll, estimated[!]; -# -# [*] Manually counted instructions in "grand" loop body. Measured -# performance is affected by prologue and epilogue overhead, -# i-cache availability, branch penalties, etc. -# [**] While each Thumb instruction is twice smaller, they are not as -# diverse as ARM ones: e.g., there are only two arithmetic -# instructions with 3 arguments, no [fixed] rotate, addressing -# modes are limited. As result it takes more instructions to do -# the same job in Thumb, therefore the code is never twice as -# small and always slower. -# [***] which is also ~35% better than compiler generated code. Dual- -# issue Cortex A8 core was measured to process input block in -# ~990 cycles. - -# August 2010. -# -# Rescheduling for dual-issue pipeline resulted in 13% improvement on -# Cortex A8 core and in absolute terms ~870 cycles per input block -# [or 13.6 cycles per byte]. - -# February 2011. -# -# Profiler-assisted and platform-specific optimization resulted in 10% -# improvement on Cortex A8 core and 12.2 cycles per byte. - -# September 2013. -# -# Add NEON implementation (see sha1-586.pl for background info). On -# Cortex A8 it was measured to process one byte in 6.7 cycles or >80% -# faster than integer-only code. Because [fully unrolled] NEON code -# is ~2.5x larger and there are some redundant instructions executed -# when processing last block, improvement is not as big for smallest -# blocks, only ~30%. Snapdragon S4 is a tad faster, 6.4 cycles per -# byte, which is also >80% faster than integer-only code. Cortex-A15 -# is even faster spending 5.6 cycles per byte outperforming integer- -# only code by factor of 2. - -# May 2014. -# -# Add ARMv8 code path performing at 2.35 cpb on Apple A7. - -# $output is the last argument if it looks like a file (it has an extension) -# $flavour is the first argument if it doesn't look like a file -$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; -$flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef; - -if ($flavour && $flavour ne "void") { - $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; - ( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or - ( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or - die "can't locate arm-xlate.pl"; - - open STDOUT,"| \"$^X\" $xlate $flavour \"$output\"" - or die "can't call $xlate: $!"; -} else { - $output and open STDOUT,">$output"; -} - -$ctx="r0"; -$inp="r1"; -$len="r2"; -$a="r3"; -$b="r4"; -$c="r5"; -$d="r6"; -$e="r7"; -$K="r8"; -$t0="r9"; -$t1="r10"; -$t2="r11"; -$t3="r12"; -$Xi="r14"; -@V=($a,$b,$c,$d,$e); - -sub Xupdate { -my ($a,$b,$c,$d,$e,$opt1,$opt2)=@_; -$code.=<<___; - ldr $t0,[$Xi,#15*4] - ldr $t1,[$Xi,#13*4] - ldr $t2,[$Xi,#7*4] - add $e,$K,$e,ror#2 @ E+=K_xx_xx - ldr $t3,[$Xi,#2*4] - eor $t0,$t0,$t1 - eor $t2,$t2,$t3 @ 1 cycle stall - eor $t1,$c,$d @ F_xx_xx - mov $t0,$t0,ror#31 - add $e,$e,$a,ror#27 @ E+=ROR(A,27) - eor $t0,$t0,$t2,ror#31 - str $t0,[$Xi,#-4]! - $opt1 @ F_xx_xx - $opt2 @ F_xx_xx - add $e,$e,$t0 @ E+=X[i] -___ -} - -sub BODY_00_15 { -my ($a,$b,$c,$d,$e)=@_; -$code.=<<___; -#if __ARM_ARCH__<7 - ldrb $t1,[$inp,#2] - ldrb $t0,[$inp,#3] - ldrb $t2,[$inp,#1] - add $e,$K,$e,ror#2 @ E+=K_00_19 - ldrb $t3,[$inp],#4 - orr $t0,$t0,$t1,lsl#8 - eor $t1,$c,$d @ F_xx_xx - orr $t0,$t0,$t2,lsl#16 - add $e,$e,$a,ror#27 @ E+=ROR(A,27) - orr $t0,$t0,$t3,lsl#24 -#else - ldr $t0,[$inp],#4 @ handles unaligned - add $e,$K,$e,ror#2 @ E+=K_00_19 - eor $t1,$c,$d @ F_xx_xx - add $e,$e,$a,ror#27 @ E+=ROR(A,27) -#ifdef __ARMEL__ - rev $t0,$t0 @ byte swap -#endif -#endif - and $t1,$b,$t1,ror#2 - add $e,$e,$t0 @ E+=X[i] - eor $t1,$t1,$d,ror#2 @ F_00_19(B,C,D) - str $t0,[$Xi,#-4]! - add $e,$e,$t1 @ E+=F_00_19(B,C,D) -___ -} - -sub BODY_16_19 { -my ($a,$b,$c,$d,$e)=@_; - &Xupdate(@_,"and $t1,$b,$t1,ror#2"); -$code.=<<___; - eor $t1,$t1,$d,ror#2 @ F_00_19(B,C,D) - add $e,$e,$t1 @ E+=F_00_19(B,C,D) -___ -} - -sub BODY_20_39 { -my ($a,$b,$c,$d,$e)=@_; - &Xupdate(@_,"eor $t1,$b,$t1,ror#2"); -$code.=<<___; - add $e,$e,$t1 @ E+=F_20_39(B,C,D) -___ -} - -sub BODY_40_59 { -my ($a,$b,$c,$d,$e)=@_; - &Xupdate(@_,"and $t1,$b,$t1,ror#2","and $t2,$c,$d"); -$code.=<<___; - add $e,$e,$t1 @ E+=F_40_59(B,C,D) - add $e,$e,$t2,ror#2 -___ -} - -$code=<<___; -#include "arm_arch.h" - -#if defined(__thumb2__) -.syntax unified -.thumb -#else -.code 32 -#endif - -.text - -.global sha1_block_data_order -.type sha1_block_data_order,%function - -.align 5 -sha1_block_data_order: -#if __ARM_MAX_ARCH__>=7 -.Lsha1_block: - ldr r12,.LOPENSSL_armcap -# if !defined(_WIN32) - adr r3,.Lsha1_block - ldr r12,[r3,r12] @ OPENSSL_armcap_P -# endif -# if defined(__APPLE__) || defined(_WIN32) - ldr r12,[r12] -# endif - tst r12,#ARMV8_SHA1 - bne .LARMv8 - tst r12,#ARMV7_NEON - bne .LNEON -#endif - stmdb sp!,{r4-r12,lr} - add $len,$inp,$len,lsl#6 @ $len to point at the end of $inp - ldmia $ctx,{$a,$b,$c,$d,$e} -.Lloop: - ldr $K,.LK_00_19 - mov $Xi,sp - sub sp,sp,#15*4 - mov $c,$c,ror#30 - mov $d,$d,ror#30 - mov $e,$e,ror#30 @ [6] -.L_00_15: -___ -for($i=0;$i<5;$i++) { - &BODY_00_15(@V); unshift(@V,pop(@V)); -} -$code.=<<___; -#if defined(__thumb2__) - mov $t3,sp - teq $Xi,$t3 -#else - teq $Xi,sp -#endif - bne .L_00_15 @ [((11+4)*5+2)*3] - sub sp,sp,#25*4 -___ - &BODY_00_15(@V); unshift(@V,pop(@V)); - &BODY_16_19(@V); unshift(@V,pop(@V)); - &BODY_16_19(@V); unshift(@V,pop(@V)); - &BODY_16_19(@V); unshift(@V,pop(@V)); - &BODY_16_19(@V); unshift(@V,pop(@V)); -$code.=<<___; - - ldr $K,.LK_20_39 @ [+15+16*4] - cmn sp,#0 @ [+3], clear carry to denote 20_39 -.L_20_39_or_60_79: -___ -for($i=0;$i<5;$i++) { - &BODY_20_39(@V); unshift(@V,pop(@V)); -} -$code.=<<___; -#if defined(__thumb2__) - mov $t3,sp - teq $Xi,$t3 -#else - teq $Xi,sp @ preserve carry -#endif - bne .L_20_39_or_60_79 @ [+((12+3)*5+2)*4] - bcs .L_done @ [+((12+3)*5+2)*4], spare 300 bytes - - ldr $K,.LK_40_59 - sub sp,sp,#20*4 @ [+2] -.L_40_59: -___ -for($i=0;$i<5;$i++) { - &BODY_40_59(@V); unshift(@V,pop(@V)); -} -$code.=<<___; -#if defined(__thumb2__) - mov $t3,sp - teq $Xi,$t3 -#else - teq $Xi,sp -#endif - bne .L_40_59 @ [+((12+5)*5+2)*4] - - ldr $K,.LK_60_79 - sub sp,sp,#20*4 - cmp sp,#0 @ set carry to denote 60_79 - b .L_20_39_or_60_79 @ [+4], spare 300 bytes -.L_done: - add sp,sp,#80*4 @ "deallocate" stack frame - ldmia $ctx,{$K,$t0,$t1,$t2,$t3} - add $a,$K,$a - add $b,$t0,$b - add $c,$t1,$c,ror#2 - add $d,$t2,$d,ror#2 - add $e,$t3,$e,ror#2 - stmia $ctx,{$a,$b,$c,$d,$e} - teq $inp,$len - bne .Lloop @ [+18], total 1307 - -#if __ARM_ARCH__>=5 - ldmia sp!,{r4-r12,pc} -#else - ldmia sp!,{r4-r12,lr} - tst lr,#1 - moveq pc,lr @ be binary compatible with V4, yet - bx lr @ interoperable with Thumb ISA:-) -#endif -.size sha1_block_data_order,.-sha1_block_data_order - -.align 5 -.LK_00_19: .word 0x5a827999 -.LK_20_39: .word 0x6ed9eba1 -.LK_40_59: .word 0x8f1bbcdc -.LK_60_79: .word 0xca62c1d6 -#if __ARM_MAX_ARCH__>=7 -.LOPENSSL_armcap: -# ifdef _WIN32 -.word OPENSSL_armcap_P -# else -.word OPENSSL_armcap_P-.Lsha1_block -# endif -#endif -.asciz "SHA1 block transform for ARMv4/NEON/ARMv8, CRYPTOGAMS by " -.align 5 -___ -##################################################################### -# NEON stuff -# -{{{ -my @V=($a,$b,$c,$d,$e); -my ($K_XX_XX,$Ki,$t0,$t1,$Xfer,$saved_sp)=map("r$_",(8..12,14)); -my $Xi=4; -my @X=map("q$_",(8..11,0..3)); -my @Tx=("q12","q13"); -my ($K,$zero)=("q14","q15"); -my $j=0; - -sub AUTOLOAD() # thunk [simplified] x86-style perlasm -{ my $opcode = $AUTOLOAD; $opcode =~ s/.*:://; $opcode =~ s/_/\./; - my $arg = pop; - $arg = "#$arg" if ($arg*1 eq $arg); - $code .= "\t$opcode\t".join(',',@_,$arg)."\n"; -} - -sub body_00_19 () { - ( - '($a,$b,$c,$d,$e)=@V;'. # '$code.="@ $j\n";'. - '&bic ($t0,$d,$b)', - '&add ($e,$e,$Ki)', # e+=X[i]+K - '&and ($t1,$c,$b)', - '&ldr ($Ki,sprintf "[sp,#%d]",4*(($j+1)&15))', - '&add ($e,$e,$a,"ror#27")', # e+=ROR(A,27) - '&eor ($t1,$t1,$t0)', # F_00_19 - '&mov ($b,$b,"ror#2")', # b=ROR(b,2) - '&add ($e,$e,$t1);'. # e+=F_00_19 - '$j++; unshift(@V,pop(@V));' - ) -} -sub body_20_39 () { - ( - '($a,$b,$c,$d,$e)=@V;'. # '$code.="@ $j\n";'. - '&eor ($t0,$b,$d)', - '&add ($e,$e,$Ki)', # e+=X[i]+K - '&ldr ($Ki,sprintf "[sp,#%d]",4*(($j+1)&15)) if ($j<79)', - '&eor ($t1,$t0,$c)', # F_20_39 - '&add ($e,$e,$a,"ror#27")', # e+=ROR(A,27) - '&mov ($b,$b,"ror#2")', # b=ROR(b,2) - '&add ($e,$e,$t1);'. # e+=F_20_39 - '$j++; unshift(@V,pop(@V));' - ) -} -sub body_40_59 () { - ( - '($a,$b,$c,$d,$e)=@V;'. # '$code.="@ $j\n";'. - '&add ($e,$e,$Ki)', # e+=X[i]+K - '&and ($t0,$c,$d)', - '&ldr ($Ki,sprintf "[sp,#%d]",4*(($j+1)&15))', - '&add ($e,$e,$a,"ror#27")', # e+=ROR(A,27) - '&eor ($t1,$c,$d)', - '&add ($e,$e,$t0)', - '&and ($t1,$t1,$b)', - '&mov ($b,$b,"ror#2")', # b=ROR(b,2) - '&add ($e,$e,$t1);'. # e+=F_40_59 - '$j++; unshift(@V,pop(@V));' - ) -} - -sub Xupdate_16_31 () -{ use integer; - my $body = shift; - my @insns = (&$body,&$body,&$body,&$body); - my ($a,$b,$c,$d,$e); - - &vext_8 (@X[0],@X[-4&7],@X[-3&7],8); # compose "X[-14]" in "X[0]" - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - &vadd_i32 (@Tx[1],@X[-1&7],$K); - eval(shift(@insns)); - &vld1_32 ("{$K\[]}","[$K_XX_XX,:32]!") if ($Xi%5==0); - eval(shift(@insns)); - &vext_8 (@Tx[0],@X[-1&7],$zero,4); # "X[-3]", 3 words - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - &veor (@X[0],@X[0],@X[-4&7]); # "X[0]"^="X[-16]" - eval(shift(@insns)); - eval(shift(@insns)); - &veor (@Tx[0],@Tx[0],@X[-2&7]); # "X[-3]"^"X[-8]" - eval(shift(@insns)); - eval(shift(@insns)); - &veor (@Tx[0],@Tx[0],@X[0]); # "X[0]"^="X[-3]"^"X[-8] - eval(shift(@insns)); - eval(shift(@insns)); - &vst1_32 ("{@Tx[1]}","[$Xfer,:128]!"); # X[]+K xfer - &sub ($Xfer,$Xfer,64) if ($Xi%4==0); - eval(shift(@insns)); - eval(shift(@insns)); - &vext_8 (@Tx[1],$zero,@Tx[0],4); # "X[0]"<<96, extract one dword - eval(shift(@insns)); - eval(shift(@insns)); - &vadd_i32 (@X[0],@Tx[0],@Tx[0]); - eval(shift(@insns)); - eval(shift(@insns)); - &vsri_32 (@X[0],@Tx[0],31); # "X[0]"<<<=1 - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - &vshr_u32 (@Tx[0],@Tx[1],30); - eval(shift(@insns)); - eval(shift(@insns)); - &vshl_u32 (@Tx[1],@Tx[1],2); - eval(shift(@insns)); - eval(shift(@insns)); - &veor (@X[0],@X[0],@Tx[0]); - eval(shift(@insns)); - eval(shift(@insns)); - &veor (@X[0],@X[0],@Tx[1]); # "X[0]"^=("X[0]">>96)<<<2 - - foreach (@insns) { eval; } # remaining instructions [if any] - - $Xi++; push(@X,shift(@X)); # "rotate" X[] -} - -sub Xupdate_32_79 () -{ use integer; - my $body = shift; - my @insns = (&$body,&$body,&$body,&$body); - my ($a,$b,$c,$d,$e); - - &vext_8 (@Tx[0],@X[-2&7],@X[-1&7],8); # compose "X[-6]" - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - &veor (@X[0],@X[0],@X[-4&7]); # "X[0]"="X[-32]"^"X[-16]" - eval(shift(@insns)); - eval(shift(@insns)); - &veor (@X[0],@X[0],@X[-7&7]); # "X[0]"^="X[-28]" - eval(shift(@insns)); - eval(shift(@insns)); - &vadd_i32 (@Tx[1],@X[-1&7],$K); - eval(shift(@insns)); - &vld1_32 ("{$K\[]}","[$K_XX_XX,:32]!") if ($Xi%5==0); - eval(shift(@insns)); - &veor (@Tx[0],@Tx[0],@X[0]); # "X[-6]"^="X[0]" - eval(shift(@insns)); - eval(shift(@insns)); - &vshr_u32 (@X[0],@Tx[0],30); - eval(shift(@insns)); - eval(shift(@insns)); - &vst1_32 ("{@Tx[1]}","[$Xfer,:128]!"); # X[]+K xfer - &sub ($Xfer,$Xfer,64) if ($Xi%4==0); - eval(shift(@insns)); - eval(shift(@insns)); - &vsli_32 (@X[0],@Tx[0],2); # "X[0]"="X[-6]"<<<2 - - foreach (@insns) { eval; } # remaining instructions [if any] - - $Xi++; push(@X,shift(@X)); # "rotate" X[] -} - -sub Xuplast_80 () -{ use integer; - my $body = shift; - my @insns = (&$body,&$body,&$body,&$body); - my ($a,$b,$c,$d,$e); - - &vadd_i32 (@Tx[1],@X[-1&7],$K); - eval(shift(@insns)); - eval(shift(@insns)); - &vst1_32 ("{@Tx[1]}","[$Xfer,:128]!"); - &sub ($Xfer,$Xfer,64); - - &teq ($inp,$len); - &sub ($K_XX_XX,$K_XX_XX,16); # rewind $K_XX_XX - &it ("eq"); - &subeq ($inp,$inp,64); # reload last block to avoid SEGV - &vld1_8 ("{@X[-4&7]-@X[-3&7]}","[$inp]!"); - eval(shift(@insns)); - eval(shift(@insns)); - &vld1_8 ("{@X[-2&7]-@X[-1&7]}","[$inp]!"); - eval(shift(@insns)); - eval(shift(@insns)); - &vld1_32 ("{$K\[]}","[$K_XX_XX,:32]!"); # load K_00_19 - eval(shift(@insns)); - eval(shift(@insns)); - &vrev32_8 (@X[-4&7],@X[-4&7]); - - foreach (@insns) { eval; } # remaining instructions - - $Xi=0; -} - -sub Xloop() -{ use integer; - my $body = shift; - my @insns = (&$body,&$body,&$body,&$body); - my ($a,$b,$c,$d,$e); - - &vrev32_8 (@X[($Xi-3)&7],@X[($Xi-3)&7]); - eval(shift(@insns)); - eval(shift(@insns)); - &vadd_i32 (@X[$Xi&7],@X[($Xi-4)&7],$K); - eval(shift(@insns)); - eval(shift(@insns)); - &vst1_32 ("{@X[$Xi&7]}","[$Xfer,:128]!");# X[]+K xfer to IALU - - foreach (@insns) { eval; } - - $Xi++; -} - -$code.=<<___; -#if __ARM_MAX_ARCH__>=7 -.arch armv7-a -.fpu neon - -.type sha1_block_data_order_neon,%function -.align 4 -sha1_block_data_order_neon: -.LNEON: - stmdb sp!,{r4-r12,lr} - add $len,$inp,$len,lsl#6 @ $len to point at the end of $inp - @ dmb @ errata #451034 on early Cortex A8 - @ vstmdb sp!,{d8-d15} @ ABI specification says so - mov $saved_sp,sp - sub $Xfer,sp,#64 - adr $K_XX_XX,.LK_00_19 - bic $Xfer,$Xfer,#15 @ align for 128-bit stores - - ldmia $ctx,{$a,$b,$c,$d,$e} @ load context - mov sp,$Xfer @ alloca - - vld1.8 {@X[-4&7]-@X[-3&7]},[$inp]! @ handles unaligned - veor $zero,$zero,$zero - vld1.8 {@X[-2&7]-@X[-1&7]},[$inp]! - vld1.32 {${K}\[]},[$K_XX_XX,:32]! @ load K_00_19 - vrev32.8 @X[-4&7],@X[-4&7] @ yes, even on - vrev32.8 @X[-3&7],@X[-3&7] @ big-endian... - vrev32.8 @X[-2&7],@X[-2&7] - vadd.i32 @X[0],@X[-4&7],$K - vrev32.8 @X[-1&7],@X[-1&7] - vadd.i32 @X[1],@X[-3&7],$K - vst1.32 {@X[0]},[$Xfer,:128]! - vadd.i32 @X[2],@X[-2&7],$K - vst1.32 {@X[1]},[$Xfer,:128]! - vst1.32 {@X[2]},[$Xfer,:128]! - ldr $Ki,[sp] @ big RAW stall - -.Loop_neon: -___ - &Xupdate_16_31(\&body_00_19); - &Xupdate_16_31(\&body_00_19); - &Xupdate_16_31(\&body_00_19); - &Xupdate_16_31(\&body_00_19); - &Xupdate_32_79(\&body_00_19); - &Xupdate_32_79(\&body_20_39); - &Xupdate_32_79(\&body_20_39); - &Xupdate_32_79(\&body_20_39); - &Xupdate_32_79(\&body_20_39); - &Xupdate_32_79(\&body_20_39); - &Xupdate_32_79(\&body_40_59); - &Xupdate_32_79(\&body_40_59); - &Xupdate_32_79(\&body_40_59); - &Xupdate_32_79(\&body_40_59); - &Xupdate_32_79(\&body_40_59); - &Xupdate_32_79(\&body_20_39); - &Xuplast_80(\&body_20_39); - &Xloop(\&body_20_39); - &Xloop(\&body_20_39); - &Xloop(\&body_20_39); -$code.=<<___; - ldmia $ctx,{$Ki,$t0,$t1,$Xfer} @ accumulate context - add $a,$a,$Ki - ldr $Ki,[$ctx,#16] - add $b,$b,$t0 - add $c,$c,$t1 - add $d,$d,$Xfer - it eq - moveq sp,$saved_sp - add $e,$e,$Ki - it ne - ldrne $Ki,[sp] - stmia $ctx,{$a,$b,$c,$d,$e} - itt ne - addne $Xfer,sp,#3*16 - bne .Loop_neon - - @ vldmia sp!,{d8-d15} - ldmia sp!,{r4-r12,pc} -.size sha1_block_data_order_neon,.-sha1_block_data_order_neon -#endif -___ -}}} -##################################################################### -# ARMv8 stuff -# -{{{ -my ($ABCD,$E,$E0,$E1)=map("q$_",(0..3)); -my @MSG=map("q$_",(4..7)); -my @Kxx=map("q$_",(8..11)); -my ($W0,$W1,$ABCD_SAVE)=map("q$_",(12..14)); -my $_byte = ($flavour =~ /win/ ? "DCB" : ".byte"); - -$code.=<<___; -#if __ARM_MAX_ARCH__>=7 - -# if defined(__thumb2__) -# define INST(a,b,c,d) $_byte c,d|0xf,a,b -# else -# define INST(a,b,c,d) $_byte a,b,c,d|0x10 -# endif - -.type sha1_block_data_order_armv8,%function -.align 5 -sha1_block_data_order_armv8: -.LARMv8: - vstmdb sp!,{d8-d15} @ ABI specification says so - - veor $E,$E,$E - adr r3,.LK_00_19 - vld1.32 {$ABCD},[$ctx]! - vld1.32 {$E\[0]},[$ctx] - sub $ctx,$ctx,#16 - vld1.32 {@Kxx[0]\[]},[r3,:32]! - vld1.32 {@Kxx[1]\[]},[r3,:32]! - vld1.32 {@Kxx[2]\[]},[r3,:32]! - vld1.32 {@Kxx[3]\[]},[r3,:32] - -.Loop_v8: - vld1.8 {@MSG[0]-@MSG[1]},[$inp]! - vld1.8 {@MSG[2]-@MSG[3]},[$inp]! - vrev32.8 @MSG[0],@MSG[0] - vrev32.8 @MSG[1],@MSG[1] - - vadd.i32 $W0,@Kxx[0],@MSG[0] - vrev32.8 @MSG[2],@MSG[2] - vmov $ABCD_SAVE,$ABCD @ offload - subs $len,$len,#1 - - vadd.i32 $W1,@Kxx[0],@MSG[1] - vrev32.8 @MSG[3],@MSG[3] - sha1h $E1,$ABCD @ 0 - sha1c $ABCD,$E,$W0 - vadd.i32 $W0,@Kxx[$j],@MSG[2] - sha1su0 @MSG[0],@MSG[1],@MSG[2] -___ -for ($j=0,$i=1;$i<20-3;$i++) { -my $f=("c","p","m","p")[$i/5]; -$code.=<<___; - sha1h $E0,$ABCD @ $i - sha1$f $ABCD,$E1,$W1 - vadd.i32 $W1,@Kxx[$j],@MSG[3] - sha1su1 @MSG[0],@MSG[3] -___ -$code.=<<___ if ($i<20-4); - sha1su0 @MSG[1],@MSG[2],@MSG[3] -___ - ($E0,$E1)=($E1,$E0); ($W0,$W1)=($W1,$W0); - push(@MSG,shift(@MSG)); $j++ if ((($i+3)%5)==0); -} -$code.=<<___; - sha1h $E0,$ABCD @ $i - sha1p $ABCD,$E1,$W1 - vadd.i32 $W1,@Kxx[$j],@MSG[3] - - sha1h $E1,$ABCD @ 18 - sha1p $ABCD,$E0,$W0 - - sha1h $E0,$ABCD @ 19 - sha1p $ABCD,$E1,$W1 - - vadd.i32 $E,$E,$E0 - vadd.i32 $ABCD,$ABCD,$ABCD_SAVE - bne .Loop_v8 - - vst1.32 {$ABCD},[$ctx]! - vst1.32 {$E\[0]},[$ctx] - - vldmia sp!,{d8-d15} - ret @ bx lr -.size sha1_block_data_order_armv8,.-sha1_block_data_order_armv8 -#endif -___ -}}} -$code.=<<___; -#if __ARM_MAX_ARCH__>=7 -.comm OPENSSL_armcap_P,4,4 -#endif -___ - -{ my %opcode = ( - "sha1c" => 0xf2000c40, "sha1p" => 0xf2100c40, - "sha1m" => 0xf2200c40, "sha1su0" => 0xf2300c40, - "sha1h" => 0xf3b902c0, "sha1su1" => 0xf3ba0380 ); - - sub unsha1 { - my ($mnemonic,$arg)=@_; - - if ($arg =~ m/q([0-9]+)(?:,\s*q([0-9]+))?,\s*q([0-9]+)/o) { - my $word = $opcode{$mnemonic}|(($1&7)<<13)|(($1&8)<<19) - |(($2&7)<<17)|(($2&8)<<4) - |(($3&7)<<1) |(($3&8)<<2); - # since ARMv7 instructions are always encoded little-endian. - # correct solution is to use .inst directive, but older - # assemblers don't implement it:-( - - # this fix-up provides Thumb encoding in conjunction with INST - $word &= ~0x10000000 if (($word & 0x0f000000) == 0x02000000); - sprintf "INST(0x%02x,0x%02x,0x%02x,0x%02x)\t@ %s %s", - $word&0xff,($word>>8)&0xff, - ($word>>16)&0xff,($word>>24)&0xff, - $mnemonic,$arg; - } - } -} - -foreach (split($/,$code)) { - s/{q([0-9]+)\[\]}/sprintf "{d%d[],d%d[]}",2*$1,2*$1+1/eo or - s/{q([0-9]+)\[0\]}/sprintf "{d%d[0]}",2*$1/eo; - - s/\b(sha1\w+)\s+(q.*)/unsha1($1,$2)/geo; - - s/\bret\b/bx lr/o or - s/\bbx\s+lr\b/.word\t0xe12fff1e/o; # make it possible to compile with -march=armv4 - - print $_,$/; -} - -close STDOUT or die "error closing STDOUT: $!"; # enforce flush diff --git a/crypto/sha/asm/sha1-armv8.pl b/crypto/sha/asm/sha1-armv8.pl deleted file mode 100644 index cdea8845af85a57df33a3f6b60a1f29684e5d7df..0000000000000000000000000000000000000000 --- a/crypto/sha/asm/sha1-armv8.pl +++ /dev/null @@ -1,358 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2014-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - -# -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# ==================================================================== -# -# SHA1 for ARMv8. -# -# Performance in cycles per processed byte and improvement coefficient -# over code generated with "default" compiler: -# -# hardware-assisted software(*) -# Apple A7 2.31 4.13 (+14%) -# Cortex-A53 2.24 8.03 (+97%) -# Cortex-A57 2.35 7.88 (+74%) -# Denver 2.13 3.97 (+0%)(**) -# X-Gene 8.80 (+200%) -# Mongoose 2.05 6.50 (+160%) -# Kryo 1.88 8.00 (+90%) -# ThunderX2 2.64 6.36 (+150%) -# -# (*) Software results are presented mostly for reference purposes. -# (**) Keep in mind that Denver relies on binary translation, which -# optimizes compiler output at run-time. - -# $output is the last argument if it looks like a file (it has an extension) -# $flavour is the first argument if it doesn't look like a file -$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; -$flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef; - -$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; -( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or -( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or -die "can't locate arm-xlate.pl"; - -open OUT,"| \"$^X\" $xlate $flavour \"$output\"" - or die "can't call $xlate: $1"; -*STDOUT=*OUT; - -($ctx,$inp,$num)=("x0","x1","x2"); -@Xw=map("w$_",(3..17,19)); -@Xx=map("x$_",(3..17,19)); -@V=($A,$B,$C,$D,$E)=map("w$_",(20..24)); -($t0,$t1,$t2,$K)=map("w$_",(25..28)); - - -sub BODY_00_19 { -my ($i,$a,$b,$c,$d,$e)=@_; -my $j=($i+2)&15; - -$code.=<<___ if ($i<15 && !($i&1)); - lsr @Xx[$i+1],@Xx[$i],#32 -___ -$code.=<<___ if ($i<14 && !($i&1)); - ldur @Xx[$i+2],[$inp,#`($i+2)*4-64`] -___ -$code.=<<___ if ($i<14 && ($i&1)); -#ifdef __AARCH64EB__ - ror @Xx[$i+1],@Xx[$i+1],#32 -#else - rev32 @Xx[$i+1],@Xx[$i+1] -#endif -___ -$code.=<<___ if ($i<14); - bic $t0,$d,$b - and $t1,$c,$b - ror $t2,$a,#27 - add $d,$d,$K // future e+=K - orr $t0,$t0,$t1 - add $e,$e,$t2 // e+=rot(a,5) - ror $b,$b,#2 - add $d,$d,@Xw[($i+1)&15] // future e+=X[i] - add $e,$e,$t0 // e+=F(b,c,d) -___ -$code.=<<___ if ($i==19); - movz $K,#0xeba1 - movk $K,#0x6ed9,lsl#16 -___ -$code.=<<___ if ($i>=14); - eor @Xw[$j],@Xw[$j],@Xw[($j+2)&15] - bic $t0,$d,$b - and $t1,$c,$b - ror $t2,$a,#27 - eor @Xw[$j],@Xw[$j],@Xw[($j+8)&15] - add $d,$d,$K // future e+=K - orr $t0,$t0,$t1 - add $e,$e,$t2 // e+=rot(a,5) - eor @Xw[$j],@Xw[$j],@Xw[($j+13)&15] - ror $b,$b,#2 - add $d,$d,@Xw[($i+1)&15] // future e+=X[i] - add $e,$e,$t0 // e+=F(b,c,d) - ror @Xw[$j],@Xw[$j],#31 -___ -} - -sub BODY_40_59 { -my ($i,$a,$b,$c,$d,$e)=@_; -my $j=($i+2)&15; - -$code.=<<___ if ($i==59); - movz $K,#0xc1d6 - movk $K,#0xca62,lsl#16 -___ -$code.=<<___; - orr $t0,$b,$c - and $t1,$b,$c - eor @Xw[$j],@Xw[$j],@Xw[($j+2)&15] - ror $t2,$a,#27 - and $t0,$t0,$d - add $d,$d,$K // future e+=K - eor @Xw[$j],@Xw[$j],@Xw[($j+8)&15] - add $e,$e,$t2 // e+=rot(a,5) - orr $t0,$t0,$t1 - ror $b,$b,#2 - eor @Xw[$j],@Xw[$j],@Xw[($j+13)&15] - add $d,$d,@Xw[($i+1)&15] // future e+=X[i] - add $e,$e,$t0 // e+=F(b,c,d) - ror @Xw[$j],@Xw[$j],#31 -___ -} - -sub BODY_20_39 { -my ($i,$a,$b,$c,$d,$e)=@_; -my $j=($i+2)&15; - -$code.=<<___ if ($i==39); - movz $K,#0xbcdc - movk $K,#0x8f1b,lsl#16 -___ -$code.=<<___ if ($i<78); - eor @Xw[$j],@Xw[$j],@Xw[($j+2)&15] - eor $t0,$d,$b - ror $t2,$a,#27 - add $d,$d,$K // future e+=K - eor @Xw[$j],@Xw[$j],@Xw[($j+8)&15] - eor $t0,$t0,$c - add $e,$e,$t2 // e+=rot(a,5) - ror $b,$b,#2 - eor @Xw[$j],@Xw[$j],@Xw[($j+13)&15] - add $d,$d,@Xw[($i+1)&15] // future e+=X[i] - add $e,$e,$t0 // e+=F(b,c,d) - ror @Xw[$j],@Xw[$j],#31 -___ -$code.=<<___ if ($i==78); - ldp @Xw[1],@Xw[2],[$ctx] - eor $t0,$d,$b - ror $t2,$a,#27 - add $d,$d,$K // future e+=K - eor $t0,$t0,$c - add $e,$e,$t2 // e+=rot(a,5) - ror $b,$b,#2 - add $d,$d,@Xw[($i+1)&15] // future e+=X[i] - add $e,$e,$t0 // e+=F(b,c,d) -___ -$code.=<<___ if ($i==79); - ldp @Xw[3],@Xw[4],[$ctx,#8] - eor $t0,$d,$b - ror $t2,$a,#27 - eor $t0,$t0,$c - add $e,$e,$t2 // e+=rot(a,5) - ror $b,$b,#2 - ldr @Xw[5],[$ctx,#16] - add $e,$e,$t0 // e+=F(b,c,d) -___ -} - -$code.=<<___; -#ifndef __KERNEL__ -# include "arm_arch.h" -.extern OPENSSL_armcap_P -.hidden OPENSSL_armcap_P -#endif - -.text - -.globl sha1_block_data_order -.type sha1_block_data_order,%function -.align 6 -sha1_block_data_order: - adrp x16,OPENSSL_armcap_P - ldr w16,[x16,#:lo12:OPENSSL_armcap_P] - tst w16,#ARMV8_SHA1 - b.ne .Lv8_entry - - stp x29,x30,[sp,#-96]! - add x29,sp,#0 - stp x19,x20,[sp,#16] - stp x21,x22,[sp,#32] - stp x23,x24,[sp,#48] - stp x25,x26,[sp,#64] - stp x27,x28,[sp,#80] - - ldp $A,$B,[$ctx] - ldp $C,$D,[$ctx,#8] - ldr $E,[$ctx,#16] - -.Loop: - ldr @Xx[0],[$inp],#64 - movz $K,#0x7999 - sub $num,$num,#1 - movk $K,#0x5a82,lsl#16 -#ifdef __AARCH64EB__ - ror $Xx[0],@Xx[0],#32 -#else - rev32 @Xx[0],@Xx[0] -#endif - add $E,$E,$K // warm it up - add $E,$E,@Xw[0] -___ -for($i=0;$i<20;$i++) { &BODY_00_19($i,@V); unshift(@V,pop(@V)); } -for(;$i<40;$i++) { &BODY_20_39($i,@V); unshift(@V,pop(@V)); } -for(;$i<60;$i++) { &BODY_40_59($i,@V); unshift(@V,pop(@V)); } -for(;$i<80;$i++) { &BODY_20_39($i,@V); unshift(@V,pop(@V)); } -$code.=<<___; - add $B,$B,@Xw[2] - add $C,$C,@Xw[3] - add $A,$A,@Xw[1] - add $D,$D,@Xw[4] - add $E,$E,@Xw[5] - stp $A,$B,[$ctx] - stp $C,$D,[$ctx,#8] - str $E,[$ctx,#16] - cbnz $num,.Loop - - ldp x19,x20,[sp,#16] - ldp x21,x22,[sp,#32] - ldp x23,x24,[sp,#48] - ldp x25,x26,[sp,#64] - ldp x27,x28,[sp,#80] - ldr x29,[sp],#96 - ret -.size sha1_block_data_order,.-sha1_block_data_order -___ -{{{ -my ($ABCD,$E,$E0,$E1)=map("v$_.16b",(0..3)); -my @MSG=map("v$_.16b",(4..7)); -my @Kxx=map("v$_.4s",(16..19)); -my ($W0,$W1)=("v20.4s","v21.4s"); -my $ABCD_SAVE="v22.16b"; - -$code.=<<___; -.type sha1_block_armv8,%function -.align 6 -sha1_block_armv8: -.Lv8_entry: - stp x29,x30,[sp,#-16]! - add x29,sp,#0 - - adr x4,.Lconst - eor $E,$E,$E - ld1.32 {$ABCD},[$ctx],#16 - ld1.32 {$E}[0],[$ctx] - sub $ctx,$ctx,#16 - ld1.32 {@Kxx[0]-@Kxx[3]},[x4] - -.Loop_hw: - ld1 {@MSG[0]-@MSG[3]},[$inp],#64 - sub $num,$num,#1 - rev32 @MSG[0],@MSG[0] - rev32 @MSG[1],@MSG[1] - - add.i32 $W0,@Kxx[0],@MSG[0] - rev32 @MSG[2],@MSG[2] - orr $ABCD_SAVE,$ABCD,$ABCD // offload - - add.i32 $W1,@Kxx[0],@MSG[1] - rev32 @MSG[3],@MSG[3] - sha1h $E1,$ABCD - sha1c $ABCD,$E,$W0 // 0 - add.i32 $W0,@Kxx[$j],@MSG[2] - sha1su0 @MSG[0],@MSG[1],@MSG[2] -___ -for ($j=0,$i=1;$i<20-3;$i++) { -my $f=("c","p","m","p")[$i/5]; -$code.=<<___; - sha1h $E0,$ABCD // $i - sha1$f $ABCD,$E1,$W1 - add.i32 $W1,@Kxx[$j],@MSG[3] - sha1su1 @MSG[0],@MSG[3] -___ -$code.=<<___ if ($i<20-4); - sha1su0 @MSG[1],@MSG[2],@MSG[3] -___ - ($E0,$E1)=($E1,$E0); ($W0,$W1)=($W1,$W0); - push(@MSG,shift(@MSG)); $j++ if ((($i+3)%5)==0); -} -$code.=<<___; - sha1h $E0,$ABCD // $i - sha1p $ABCD,$E1,$W1 - add.i32 $W1,@Kxx[$j],@MSG[3] - - sha1h $E1,$ABCD // 18 - sha1p $ABCD,$E0,$W0 - - sha1h $E0,$ABCD // 19 - sha1p $ABCD,$E1,$W1 - - add.i32 $E,$E,$E0 - add.i32 $ABCD,$ABCD,$ABCD_SAVE - - cbnz $num,.Loop_hw - - st1.32 {$ABCD},[$ctx],#16 - st1.32 {$E}[0],[$ctx] - - ldr x29,[sp],#16 - ret -.size sha1_block_armv8,.-sha1_block_armv8 -.align 6 -.Lconst: -.long 0x5a827999,0x5a827999,0x5a827999,0x5a827999 //K_00_19 -.long 0x6ed9eba1,0x6ed9eba1,0x6ed9eba1,0x6ed9eba1 //K_20_39 -.long 0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc //K_40_59 -.long 0xca62c1d6,0xca62c1d6,0xca62c1d6,0xca62c1d6 //K_60_79 -.asciz "SHA1 block transform for ARMv8, CRYPTOGAMS by " -.align 2 -___ -}}} - -{ my %opcode = ( - "sha1c" => 0x5e000000, "sha1p" => 0x5e001000, - "sha1m" => 0x5e002000, "sha1su0" => 0x5e003000, - "sha1h" => 0x5e280800, "sha1su1" => 0x5e281800 ); - - sub unsha1 { - my ($mnemonic,$arg)=@_; - - $arg =~ m/[qv]([0-9]+)[^,]*,\s*[qv]([0-9]+)[^,]*(?:,\s*[qv]([0-9]+))?/o - && - sprintf ".inst\t0x%08x\t//%s %s", - $opcode{$mnemonic}|$1|($2<<5)|($3<<16), - $mnemonic,$arg; - } -} - -foreach(split("\n",$code)) { - - s/\`([^\`]*)\`/eval($1)/geo; - - s/\b(sha1\w+)\s+([qv].*)/unsha1($1,$2)/geo; - - s/\.\w?32\b//o and s/\.16b/\.4s/go; - m/(ld|st)1[^\[]+\[0\]/o and s/\.4s/\.s/go; - - print $_,"\n"; -} - -close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/sha/asm/sha1-c64xplus.pl b/crypto/sha/asm/sha1-c64xplus.pl deleted file mode 100644 index 6a97da2b57022eeea7526952690a2fedebb1031e..0000000000000000000000000000000000000000 --- a/crypto/sha/asm/sha1-c64xplus.pl +++ /dev/null @@ -1,336 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2012-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - -# -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# ==================================================================== -# -# SHA1 for C64x+. -# -# November 2011 -# -# If compared to compiler-generated code with similar characteristics, -# i.e. compiled with OPENSSL_SMALL_FOOTPRINT and utilizing SPLOOPs, -# this implementation is 25% smaller and >2x faster. In absolute terms -# performance is (quite impressive) ~6.5 cycles per processed byte. -# Fully unrolled assembler would be ~5x larger and is likely to be -# ~15% faster. It would be free from references to intermediate ring -# buffer, but put more pressure on L1P [both because the code would be -# larger and won't be using SPLOOP buffer]. There are no plans to -# realize fully unrolled variant though... -# -# !!! Note that this module uses AMR, which means that all interrupt -# service routines are expected to preserve it and for own well-being -# zero it upon entry. - -$output = pop and open STDOUT,">$output"; - -($CTX,$INP,$NUM) = ("A4","B4","A6"); # arguments - -($A,$B,$C,$D,$E, $Arot,$F,$F0,$T,$K) = map("A$_",(16..20, 21..25)); -($X0,$X2,$X8,$X13) = ("A26","B26","A27","B27"); -($TX0,$TX1,$TX2,$TX3) = map("B$_",(28..31)); -($XPA,$XPB) = ("A5","B5"); # X circular buffer -($Actx,$Bctx,$Cctx,$Dctx,$Ectx) = map("A$_",(3,6..9)); # zaps $NUM - -$code=<<___; - .text - - .if .ASSEMBLER_VERSION<7000000 - .asg 0,__TI_EABI__ - .endif - .if __TI_EABI__ - .asg sha1_block_data_order,_sha1_block_data_order - .endif - - .asg B3,RA - .asg A15,FP - .asg B15,SP - - .if .BIG_ENDIAN - .asg MV,SWAP2 - .asg MV,SWAP4 - .endif - - .global _sha1_block_data_order -_sha1_block_data_order: - .asmfunc stack_usage(64) - MV $NUM,A0 ; reassign $NUM -|| MVK -64,B0 - [!A0] BNOP RA ; if ($NUM==0) return; -|| [A0] STW FP,*SP--[16] ; save frame pointer and alloca(64) -|| [A0] MV SP,FP - [A0] LDW *${CTX}[0],$A ; load A-E... -|| [A0] AND B0,SP,SP ; align stack at 64 bytes - [A0] LDW *${CTX}[1],$B -|| [A0] SUBAW SP,2,SP ; reserve two words above buffer - [A0] LDW *${CTX}[2],$C -|| [A0] MVK 0x00404,B0 - [A0] LDW *${CTX}[3],$D -|| [A0] MVKH 0x50000,B0 ; 0x050404, 64 bytes for $XP[AB] - [A0] LDW *${CTX}[4],$E -|| [A0] MVC B0,AMR ; setup circular addressing - LDNW *${INP}++,$TX1 ; pre-fetch input - NOP 1 - -loop?: - MVK 0x00007999,$K -|| ADDAW SP,2,$XPA -|| SUB A0,1,A0 -|| MVK 13,B0 - MVKH 0x5a820000,$K ; K_00_19 -|| ADDAW SP,2,$XPB -|| MV $A,$Actx -|| MV $B,$Bctx -;;================================================== - SPLOOPD 5 ; BODY_00_13 -|| MV $C,$Cctx -|| MV $D,$Dctx -|| MV $E,$Ectx -|| MVC B0,ILC - - ROTL $A,5,$Arot -|| AND $C,$B,$F -|| ANDN $D,$B,$F0 -|| ADD $K,$E,$T ; T=E+K - - XOR $F0,$F,$F ; F_00_19(B,C,D) -|| MV $D,$E ; E=D -|| MV $C,$D ; D=C -|| SWAP2 $TX1,$TX2 -|| LDNW *${INP}++,$TX1 - - ADD $F,$T,$T ; T+=F_00_19(B,C,D) -|| ROTL $B,30,$C ; C=ROL(B,30) -|| SWAP4 $TX2,$TX3 ; byte swap - - ADD $Arot,$T,$T ; T+=ROL(A,5) -|| MV $A,$B ; B=A - - ADD $TX3,$T,$A ; A=T+Xi -|| STW $TX3,*${XPB}++ - SPKERNEL -;;================================================== - ROTL $A,5,$Arot ; BODY_14 -|| AND $C,$B,$F -|| ANDN $D,$B,$F0 -|| ADD $K,$E,$T ; T=E+K - - XOR $F0,$F,$F ; F_00_19(B,C,D) -|| MV $D,$E ; E=D -|| MV $C,$D ; D=C -|| SWAP2 $TX1,$TX2 -|| LDNW *${INP}++,$TX1 - - ADD $F,$T,$T ; T+=F_00_19(B,C,D) -|| ROTL $B,30,$C ; C=ROL(B,30) -|| SWAP4 $TX2,$TX2 ; byte swap -|| LDW *${XPA}++,$X0 ; fetches from X ring buffer are -|| LDW *${XPB}[4],$X2 ; 2 iterations ahead - - ADD $Arot,$T,$T ; T+=ROL(A,5) -|| MV $A,$B ; B=A -|| LDW *${XPA}[7],$X8 -|| MV $TX3,$X13 ; || LDW *${XPB}[15],$X13 -|| MV $TX2,$TX3 - - ADD $TX2,$T,$A ; A=T+Xi -|| STW $TX2,*${XPB}++ -;;================================================== - ROTL $A,5,$Arot ; BODY_15 -|| AND $C,$B,$F -|| ANDN $D,$B,$F0 -|| ADD $K,$E,$T ; T=E+K - - XOR $F0,$F,$F ; F_00_19(B,C,D) -|| MV $D,$E ; E=D -|| MV $C,$D ; D=C -|| SWAP2 $TX1,$TX2 - - ADD $F,$T,$T ; T+=F_00_19(B,C,D) -|| ROTL $B,30,$C ; C=ROL(B,30) -|| SWAP4 $TX2,$TX2 ; byte swap -|| XOR $X0,$X2,$TX0 ; Xupdate XORs are 1 iteration ahead -|| LDW *${XPA}++,$X0 -|| LDW *${XPB}[4],$X2 - - ADD $Arot,$T,$T ; T+=ROL(A,5) -|| MV $A,$B ; B=A -|| XOR $X8,$X13,$TX1 -|| LDW *${XPA}[7],$X8 -|| MV $TX3,$X13 ; || LDW *${XPB}[15],$X13 -|| MV $TX2,$TX3 - - ADD $TX2,$T,$A ; A=T+Xi -|| STW $TX2,*${XPB}++ -|| XOR $TX0,$TX1,$TX1 -|| MVK 3,B0 -;;================================================== - SPLOOPD 5 ; BODY_16_19 -|| MVC B0,ILC - - ROTL $A,5,$Arot -|| AND $C,$B,$F -|| ANDN $D,$B,$F0 -|| ADD $K,$E,$T ; T=E+K -|| ROTL $TX1,1,$TX2 ; Xupdate output - - XOR $F0,$F,$F ; F_00_19(B,C,D) -|| MV $D,$E ; E=D -|| MV $C,$D ; D=C - - ADD $F,$T,$T ; T+=F_00_19(B,C,D) -|| ROTL $B,30,$C ; C=ROL(B,30) -|| XOR $X0,$X2,$TX0 -|| LDW *${XPA}++,$X0 -|| LDW *${XPB}[4],$X2 - - ADD $Arot,$T,$T ; T+=ROL(A,5) -|| MV $A,$B ; B=A -|| XOR $X8,$X13,$TX1 -|| LDW *${XPA}[7],$X8 -|| MV $TX3,$X13 ; || LDW *${XPB}[15],$X13 -|| MV $TX2,$TX3 - - ADD $TX2,$T,$A ; A=T+Xi -|| STW $TX2,*${XPB}++ -|| XOR $TX0,$TX1,$TX1 - SPKERNEL - - MVK 0xffffeba1,$K -|| MVK 19,B0 - MVKH 0x6ed90000,$K ; K_20_39 -___ -sub BODY_20_39 { -$code.=<<___; -;;================================================== - SPLOOPD 5 ; BODY_20_39 -|| MVC B0,ILC - - ROTL $A,5,$Arot -|| XOR $B,$C,$F -|| ADD $K,$E,$T ; T=E+K -|| ROTL $TX1,1,$TX2 ; Xupdate output - - XOR $D,$F,$F ; F_20_39(B,C,D) -|| MV $D,$E ; E=D -|| MV $C,$D ; D=C - - ADD $F,$T,$T ; T+=F_20_39(B,C,D) -|| ROTL $B,30,$C ; C=ROL(B,30) -|| XOR $X0,$X2,$TX0 -|| LDW *${XPA}++,$X0 -|| LDW *${XPB}[4],$X2 - - ADD $Arot,$T,$T ; T+=ROL(A,5) -|| MV $A,$B ; B=A -|| XOR $X8,$X13,$TX1 -|| LDW *${XPA}[7],$X8 -|| MV $TX3,$X13 ; || LDW *${XPB}[15],$X13 -|| MV $TX2,$TX3 - - ADD $TX2,$T,$A ; A=T+Xi -|| STW $TX2,*${XPB}++ ; last one is redundant -|| XOR $TX0,$TX1,$TX1 - SPKERNEL -___ -$code.=<<___ if (!shift); - MVK 0xffffbcdc,$K - MVKH 0x8f1b0000,$K ; K_40_59 -___ -} &BODY_20_39(); -$code.=<<___; -;;================================================== - SPLOOPD 5 ; BODY_40_59 -|| MVC B0,ILC -|| AND $B,$C,$F -|| AND $B,$D,$F0 - - ROTL $A,5,$Arot -|| XOR $F0,$F,$F -|| AND $C,$D,$F0 -|| ADD $K,$E,$T ; T=E+K -|| ROTL $TX1,1,$TX2 ; Xupdate output - - XOR $F0,$F,$F ; F_40_59(B,C,D) -|| MV $D,$E ; E=D -|| MV $C,$D ; D=C - - ADD $F,$T,$T ; T+=F_40_59(B,C,D) -|| ROTL $B,30,$C ; C=ROL(B,30) -|| XOR $X0,$X2,$TX0 -|| LDW *${XPA}++,$X0 -|| LDW *${XPB}[4],$X2 - - ADD $Arot,$T,$T ; T+=ROL(A,5) -|| MV $A,$B ; B=A -|| XOR $X8,$X13,$TX1 -|| LDW *${XPA}[7],$X8 -|| MV $TX3,$X13 ; || LDW *${XPB}[15],$X13 -|| MV $TX2,$TX3 - - ADD $TX2,$T,$A ; A=T+Xi -|| STW $TX2,*${XPB}++ -|| XOR $TX0,$TX1,$TX1 -|| AND $B,$C,$F -|| AND $B,$D,$F0 - SPKERNEL - - MVK 0xffffc1d6,$K -|| MVK 18,B0 - MVKH 0xca620000,$K ; K_60_79 -___ - &BODY_20_39(-1); # BODY_60_78 -$code.=<<___; -;;================================================== - [A0] B loop? -|| ROTL $A,5,$Arot ; BODY_79 -|| XOR $B,$C,$F -|| ROTL $TX1,1,$TX2 ; Xupdate output - - [A0] LDNW *${INP}++,$TX1 ; pre-fetch input -|| ADD $K,$E,$T ; T=E+K -|| XOR $D,$F,$F ; F_20_39(B,C,D) - - ADD $F,$T,$T ; T+=F_20_39(B,C,D) -|| ADD $Ectx,$D,$E ; E=D,E+=Ectx -|| ADD $Dctx,$C,$D ; D=C,D+=Dctx -|| ROTL $B,30,$C ; C=ROL(B,30) - - ADD $Arot,$T,$T ; T+=ROL(A,5) -|| ADD $Bctx,$A,$B ; B=A,B+=Bctx - - ADD $TX2,$T,$A ; A=T+Xi - - ADD $Actx,$A,$A ; A+=Actx -|| ADD $Cctx,$C,$C ; C+=Cctx -;; end of loop? - - BNOP RA ; return -|| MV FP,SP ; restore stack pointer -|| LDW *FP[0],FP ; restore frame pointer - STW $A,*${CTX}[0] ; emit A-E... -|| MVK 0,B0 - STW $B,*${CTX}[1] -|| MVC B0,AMR ; clear AMR - STW $C,*${CTX}[2] - STW $D,*${CTX}[3] - STW $E,*${CTX}[4] - .endasmfunc - - .sect .const - .cstring "SHA1 block transform for C64x+, CRYPTOGAMS by " - .align 4 -___ - -print $code; -close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/sha/asm/sha1-ia64.pl b/crypto/sha/asm/sha1-ia64.pl deleted file mode 100644 index f1b412dcf2e3870c7efd2c57689e8f3bbd535005..0000000000000000000000000000000000000000 --- a/crypto/sha/asm/sha1-ia64.pl +++ /dev/null @@ -1,315 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - -# -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# ==================================================================== -# -# Eternal question is what's wrong with compiler generated code? The -# trick is that it's possible to reduce the number of shifts required -# to perform rotations by maintaining copy of 32-bit value in upper -# bits of 64-bit register. Just follow mux2 and shrp instructions... -# Performance under big-endian OS such as HP-UX is 179MBps*1GHz, which -# is >50% better than HP C and >2x better than gcc. - -# $output is the last argument if it looks like a file (it has an extension) -$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; - -$code=<<___; -.ident \"sha1-ia64.s, version 1.3\" -.ident \"IA-64 ISA artwork by Andy Polyakov \" -.explicit - -___ - - -if ($^O eq "hpux") { - $ADDP="addp4"; - for (@ARGV) { $ADDP="add" if (/[\+DD|\-mlp]64/); } -} else { $ADDP="add"; } - -#$human=1; -if ($human) { # useful for visual code auditing... - ($A,$B,$C,$D,$E) = ("A","B","C","D","E"); - ($h0,$h1,$h2,$h3,$h4) = ("h0","h1","h2","h3","h4"); - ($K_00_19, $K_20_39, $K_40_59, $K_60_79) = - ( "K_00_19","K_20_39","K_40_59","K_60_79" ); - @X= ( "X0", "X1", "X2", "X3", "X4", "X5", "X6", "X7", - "X8", "X9","X10","X11","X12","X13","X14","X15" ); -} -else { - ($A,$B,$C,$D,$E) = ("loc0","loc1","loc2","loc3","loc4"); - ($h0,$h1,$h2,$h3,$h4) = ("loc5","loc6","loc7","loc8","loc9"); - ($K_00_19, $K_20_39, $K_40_59, $K_60_79) = - ( "r14", "r15", "loc10", "loc11" ); - @X= ( "r16", "r17", "r18", "r19", "r20", "r21", "r22", "r23", - "r24", "r25", "r26", "r27", "r28", "r29", "r30", "r31" ); -} - -sub BODY_00_15 { -local *code=shift; -my ($i,$a,$b,$c,$d,$e)=@_; -my $j=$i+1; -my $Xn=@X[$j%16]; - -$code.=<<___ if ($i==0); -{ .mmi; ld1 $X[$i]=[inp],2 // MSB - ld1 tmp2=[tmp3],2 };; -{ .mmi; ld1 tmp0=[inp],2 - ld1 tmp4=[tmp3],2 // LSB - dep $X[$i]=$X[$i],tmp2,8,8 };; -___ -if ($i<15) { - $code.=<<___; -{ .mmi; ld1 $Xn=[inp],2 // forward Xload - nop.m 0x0 - dep tmp1=tmp0,tmp4,8,8 };; -{ .mmi; ld1 tmp2=[tmp3],2 // forward Xload - and tmp4=$c,$b - dep $X[$i]=$X[$i],tmp1,16,16} //;; -{ .mmi; add $e=$e,$K_00_19 // e+=K_00_19 - andcm tmp1=$d,$b - dep.z tmp5=$a,5,27 };; // a<<5 -{ .mmi; add $e=$e,$X[$i] // e+=Xload - or tmp4=tmp4,tmp1 // F_00_19(b,c,d)=(b&c)|(~b&d) - extr.u tmp1=$a,27,5 };; // a>>27 -{ .mmi; ld1 tmp0=[inp],2 // forward Xload - add $e=$e,tmp4 // e+=F_00_19(b,c,d) - shrp $b=tmp6,tmp6,2 } // b=ROTATE(b,30) -{ .mmi; ld1 tmp4=[tmp3],2 // forward Xload - or tmp5=tmp1,tmp5 // ROTATE(a,5) - mux2 tmp6=$a,0x44 };; // see b in next iteration -{ .mii; add $e=$e,tmp5 // e+=ROTATE(a,5) - dep $Xn=$Xn,tmp2,8,8 // forward Xload - mux2 $X[$i]=$X[$i],0x44 } //;; - -___ - } -else { - $code.=<<___; -{ .mii; and tmp3=$c,$b - dep tmp1=tmp0,tmp4,8,8;; - dep $X[$i]=$X[$i],tmp1,16,16} //;; -{ .mmi; add $e=$e,$K_00_19 // e+=K_00_19 - andcm tmp1=$d,$b - dep.z tmp5=$a,5,27 };; // a<<5 -{ .mmi; add $e=$e,$X[$i] // e+=Xupdate - or tmp4=tmp3,tmp1 // F_00_19(b,c,d)=(b&c)|(~b&d) - extr.u tmp1=$a,27,5 } // a>>27 -{ .mmi; xor $Xn=$Xn,$X[($j+2)%16] // forward Xupdate - xor tmp3=$X[($j+8)%16],$X[($j+13)%16] // forward Xupdate - nop.i 0 };; -{ .mmi; add $e=$e,tmp4 // e+=F_00_19(b,c,d) - xor $Xn=$Xn,tmp3 // forward Xupdate - shrp $b=tmp6,tmp6,2 } // b=ROTATE(b,30) -{ .mmi; or tmp1=tmp1,tmp5 // ROTATE(a,5) - mux2 tmp6=$a,0x44 };; // see b in next iteration -{ .mii; add $e=$e,tmp1 // e+=ROTATE(a,5) - shrp $Xn=$Xn,$Xn,31 // ROTATE(x[0]^x[2]^x[8]^x[13],1) - mux2 $X[$i]=$X[$i],0x44 };; - -___ - } -} - -sub BODY_16_19 { -local *code=shift; -my ($i,$a,$b,$c,$d,$e)=@_; -my $j=$i+1; -my $Xn=@X[$j%16]; - -$code.=<<___; -{ .mib; add $e=$e,$K_00_19 // e+=K_00_19 - dep.z tmp5=$a,5,27 } // a<<5 -{ .mib; andcm tmp1=$d,$b - and tmp0=$c,$b };; -{ .mmi; add $e=$e,$X[$i%16] // e+=Xupdate - or tmp0=tmp0,tmp1 // F_00_19(b,c,d)=(b&c)|(~b&d) - extr.u tmp1=$a,27,5 } // a>>27 -{ .mmi; xor $Xn=$Xn,$X[($j+2)%16] // forward Xupdate - xor tmp3=$X[($j+8)%16],$X[($j+13)%16] // forward Xupdate - nop.i 0 };; -{ .mmi; add $e=$e,tmp0 // f+=F_00_19(b,c,d) - xor $Xn=$Xn,tmp3 // forward Xupdate - shrp $b=tmp6,tmp6,2 } // b=ROTATE(b,30) -{ .mmi; or tmp1=tmp1,tmp5 // ROTATE(a,5) - mux2 tmp6=$a,0x44 };; // see b in next iteration -{ .mii; add $e=$e,tmp1 // e+=ROTATE(a,5) - shrp $Xn=$Xn,$Xn,31 // ROTATE(x[0]^x[2]^x[8]^x[13],1) - nop.i 0 };; - -___ -} - -sub BODY_20_39 { -local *code=shift; -my ($i,$a,$b,$c,$d,$e,$Konst)=@_; - $Konst = $K_20_39 if (!defined($Konst)); -my $j=$i+1; -my $Xn=@X[$j%16]; - -if ($i<79) { -$code.=<<___; -{ .mib; add $e=$e,$Konst // e+=K_XX_XX - dep.z tmp5=$a,5,27 } // a<<5 -{ .mib; xor tmp0=$c,$b - xor $Xn=$Xn,$X[($j+2)%16] };; // forward Xupdate -{ .mib; add $e=$e,$X[$i%16] // e+=Xupdate - extr.u tmp1=$a,27,5 } // a>>27 -{ .mib; xor tmp0=tmp0,$d // F_20_39(b,c,d)=b^c^d - xor $Xn=$Xn,$X[($j+8)%16] };; // forward Xupdate -{ .mmi; add $e=$e,tmp0 // e+=F_20_39(b,c,d) - xor $Xn=$Xn,$X[($j+13)%16] // forward Xupdate - shrp $b=tmp6,tmp6,2 } // b=ROTATE(b,30) -{ .mmi; or tmp1=tmp1,tmp5 // ROTATE(a,5) - mux2 tmp6=$a,0x44 };; // see b in next iteration -{ .mii; add $e=$e,tmp1 // e+=ROTATE(a,5) - shrp $Xn=$Xn,$Xn,31 // ROTATE(x[0]^x[2]^x[8]^x[13],1) - nop.i 0 };; - -___ -} -else { -$code.=<<___; -{ .mib; add $e=$e,$Konst // e+=K_60_79 - dep.z tmp5=$a,5,27 } // a<<5 -{ .mib; xor tmp0=$c,$b - add $h1=$h1,$a };; // wrap up -{ .mib; add $e=$e,$X[$i%16] // e+=Xupdate - extr.u tmp1=$a,27,5 } // a>>27 -{ .mib; xor tmp0=tmp0,$d // F_20_39(b,c,d)=b^c^d - add $h3=$h3,$c };; // wrap up -{ .mmi; add $e=$e,tmp0 // e+=F_20_39(b,c,d) - or tmp1=tmp1,tmp5 // ROTATE(a,5) - shrp $b=tmp6,tmp6,2 };; // b=ROTATE(b,30) ;;? -{ .mmi; add $e=$e,tmp1 // e+=ROTATE(a,5) - add tmp3=1,inp // used in unaligned codepath - add $h4=$h4,$d };; // wrap up - -___ -} -} - -sub BODY_40_59 { -local *code=shift; -my ($i,$a,$b,$c,$d,$e)=@_; -my $j=$i+1; -my $Xn=@X[$j%16]; - -$code.=<<___; -{ .mib; add $e=$e,$K_40_59 // e+=K_40_59 - dep.z tmp5=$a,5,27 } // a<<5 -{ .mib; and tmp1=$c,$d - xor tmp0=$c,$d };; -{ .mmi; add $e=$e,$X[$i%16] // e+=Xupdate - add tmp5=tmp5,tmp1 // a<<5+(c&d) - extr.u tmp1=$a,27,5 } // a>>27 -{ .mmi; and tmp0=tmp0,$b - xor $Xn=$Xn,$X[($j+2)%16] // forward Xupdate - xor tmp3=$X[($j+8)%16],$X[($j+13)%16] };; // forward Xupdate -{ .mmi; add $e=$e,tmp0 // e+=b&(c^d) - add tmp5=tmp5,tmp1 // ROTATE(a,5)+(c&d) - shrp $b=tmp6,tmp6,2 } // b=ROTATE(b,30) -{ .mmi; xor $Xn=$Xn,tmp3 - mux2 tmp6=$a,0x44 };; // see b in next iteration -{ .mii; add $e=$e,tmp5 // e+=ROTATE(a,5)+(c&d) - shrp $Xn=$Xn,$Xn,31 // ROTATE(x[0]^x[2]^x[8]^x[13],1) - nop.i 0x0 };; - -___ -} -sub BODY_60_79 { &BODY_20_39(@_,$K_60_79); } - -$code.=<<___; -.text - -tmp0=r8; -tmp1=r9; -tmp2=r10; -tmp3=r11; -ctx=r32; // in0 -inp=r33; // in1 - -// void sha1_block_data_order(SHA_CTX *c,const void *p,size_t num); -.global sha1_block_data_order# -.proc sha1_block_data_order# -.align 32 -sha1_block_data_order: - .prologue -{ .mmi; alloc tmp1=ar.pfs,3,14,0,0 - $ADDP tmp0=4,ctx - .save ar.lc,r3 - mov r3=ar.lc } -{ .mmi; $ADDP ctx=0,ctx - $ADDP inp=0,inp - mov r2=pr };; -tmp4=in2; -tmp5=loc12; -tmp6=loc13; - .body -{ .mlx; ld4 $h0=[ctx],8 - movl $K_00_19=0x5a827999 } -{ .mlx; ld4 $h1=[tmp0],8 - movl $K_20_39=0x6ed9eba1 };; -{ .mlx; ld4 $h2=[ctx],8 - movl $K_40_59=0x8f1bbcdc } -{ .mlx; ld4 $h3=[tmp0] - movl $K_60_79=0xca62c1d6 };; -{ .mmi; ld4 $h4=[ctx],-16 - add in2=-1,in2 // adjust num for ar.lc - mov ar.ec=1 };; -{ .mmi; nop.m 0 - add tmp3=1,inp - mov ar.lc=in2 };; // brp.loop.imp: too far - -.Ldtop: -{ .mmi; mov $A=$h0 - mov $B=$h1 - mux2 tmp6=$h1,0x44 } -{ .mmi; mov $C=$h2 - mov $D=$h3 - mov $E=$h4 };; - -___ - -{ my $i; - my @V=($A,$B,$C,$D,$E); - - for($i=0;$i<16;$i++) { &BODY_00_15(\$code,$i,@V); unshift(@V,pop(@V)); } - for(;$i<20;$i++) { &BODY_16_19(\$code,$i,@V); unshift(@V,pop(@V)); } - for(;$i<40;$i++) { &BODY_20_39(\$code,$i,@V); unshift(@V,pop(@V)); } - for(;$i<60;$i++) { &BODY_40_59(\$code,$i,@V); unshift(@V,pop(@V)); } - for(;$i<80;$i++) { &BODY_60_79(\$code,$i,@V); unshift(@V,pop(@V)); } - - (($V[0] eq $A) and ($V[4] eq $E)) or die; # double-check -} - -$code.=<<___; -{ .mmb; add $h0=$h0,$A - add $h2=$h2,$C - br.ctop.dptk.many .Ldtop };; -.Ldend: -{ .mmi; add tmp0=4,ctx - mov ar.lc=r3 };; -{ .mmi; st4 [ctx]=$h0,8 - st4 [tmp0]=$h1,8 };; -{ .mmi; st4 [ctx]=$h2,8 - st4 [tmp0]=$h3 };; -{ .mib; st4 [ctx]=$h4,-16 - mov pr=r2,0x1ffff - br.ret.sptk.many b0 };; -.endp sha1_block_data_order# -stringz "SHA1 block transform for IA64, CRYPTOGAMS by " -___ - -open STDOUT,">$output" if $output; -print $code; diff --git a/crypto/sha/asm/sha1-mb-x86_64.pl b/crypto/sha/asm/sha1-mb-x86_64.pl deleted file mode 100644 index 67faba136d05c2f760bcf7bd0af4cdb524c31379..0000000000000000000000000000000000000000 --- a/crypto/sha/asm/sha1-mb-x86_64.pl +++ /dev/null @@ -1,1648 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2013-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - - -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# ==================================================================== - -# Multi-buffer SHA1 procedure processes n buffers in parallel by -# placing buffer data to designated lane of SIMD register. n is -# naturally limited to 4 on pre-AVX2 processors and to 8 on -# AVX2-capable processors such as Haswell. -# -# this +aesni(i) sha1 aesni-sha1 gain(iv) -# ------------------------------------------------------------------- -# Westmere(ii) 10.7/n +1.28=3.96(n=4) 5.30 6.66 +68% -# Atom(ii) 18.1/n +3.93=8.46(n=4) 9.37 12.8 +51% -# Sandy Bridge (8.16 +5.15=13.3)/n 4.99 5.98 +80% -# Ivy Bridge (8.08 +5.14=13.2)/n 4.60 5.54 +68% -# Haswell(iii) (8.96 +5.00=14.0)/n 3.57 4.55 +160% -# Skylake (8.70 +5.00=13.7)/n 3.64 4.20 +145% -# Bulldozer (9.76 +5.76=15.5)/n 5.95 6.37 +64% -# -# (i) multi-block CBC encrypt with 128-bit key; -# (ii) (HASH+AES)/n does not apply to Westmere for n>3 and Atom, -# because of lower AES-NI instruction throughput; -# (iii) "this" is for n=8, when we gather twice as much data, result -# for n=4 is 8.00+4.44=12.4; -# (iv) presented improvement coefficients are asymptotic limits and -# in real-life application are somewhat lower, e.g. for 2KB -# fragments they range from 30% to 100% (on Haswell); - -# $output is the last argument if it looks like a file (it has an extension) -# $flavour is the first argument if it doesn't look like a file -$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; -$flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef; - -$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/); - -$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; -( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or -( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or -die "can't locate x86_64-xlate.pl"; - -push(@INC,"${dir}","${dir}../../perlasm"); -require "x86_64-support.pl"; - -$ptr_size=&pointer_size($flavour); - -$avx=0; - -if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1` - =~ /GNU assembler version ([2-9]\.[0-9]+)/) { - $avx = ($1>=2.19) + ($1>=2.22); -} - -if (!$avx && $win64 && ($flavour =~ /nasm/ || $ENV{ASM} =~ /nasm/) && - `nasm -v 2>&1` =~ /NASM version ([2-9]\.[0-9]+)/) { - $avx = ($1>=2.09) + ($1>=2.10); -} - -if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) && - `ml64 2>&1` =~ /Version ([0-9]+)\./) { - $avx = ($1>=10) + ($1>=11); -} - -if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:clang|LLVM) version|.*based on LLVM) ([0-9]+\.[0-9]+)/) { - $avx = ($2>=3.0) + ($2>3.0); -} - -open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"" - or die "can't call $xlate: $!"; -*STDOUT=*OUT; - -# void sha1_multi_block ( -# struct { unsigned int A[8]; -# unsigned int B[8]; -# unsigned int C[8]; -# unsigned int D[8]; -# unsigned int E[8]; } *ctx, -# struct { void *ptr; int blocks; } inp[8], -# int num); /* 1 or 2 */ -# -$ctx="%rdi"; # 1st arg -$inp="%rsi"; # 2nd arg -$num="%edx"; -@ptr=map("%r$_",(8..11)); -$Tbl="%rbp"; -$inp_elm_size=2*$ptr_size; - -@V=($A,$B,$C,$D,$E)=map("%xmm$_",(0..4)); -($t0,$t1,$t2,$t3,$tx)=map("%xmm$_",(5..9)); -@Xi=map("%xmm$_",(10..14)); -$K="%xmm15"; - -if (1) { - # Atom-specific optimization aiming to eliminate pshufb with high - # registers [and thus get rid of 48 cycles accumulated penalty] - @Xi=map("%xmm$_",(0..4)); - ($tx,$t0,$t1,$t2,$t3)=map("%xmm$_",(5..9)); - @V=($A,$B,$C,$D,$E)=map("%xmm$_",(10..14)); -} - -$REG_SZ=16; - -sub Xi_off { -my $off = shift; - - $off %= 16; $off *= $REG_SZ; - $off<256 ? "$off-128(%rax)" : "$off-256-128(%rbx)"; -} - -sub BODY_00_19 { -my ($i,$a,$b,$c,$d,$e)=@_; -my $j=$i+1; -my $k=$i+2; - -# Loads are performed 2+3/4 iterations in advance. 3/4 means that out -# of 4 words you would expect to be loaded per given iteration one is -# spilled to next iteration. In other words indices in four input -# streams are distributed as following: -# -# $i==0: 0,0,0,0,1,1,1,1,2,2,2, -# $i==1: 2,3,3,3, -# $i==2: 3,4,4,4, -# ... -# $i==13: 14,15,15,15, -# $i==14: 15 -# -# Then at $i==15 Xupdate is applied one iteration in advance... -$code.=<<___ if ($i==0); - movd (@ptr[0]),@Xi[0] - lea `16*4`(@ptr[0]),@ptr[0] - movd (@ptr[1]),@Xi[2] # borrow @Xi[2] - lea `16*4`(@ptr[1]),@ptr[1] - movd (@ptr[2]),@Xi[3] # borrow @Xi[3] - lea `16*4`(@ptr[2]),@ptr[2] - movd (@ptr[3]),@Xi[4] # borrow @Xi[4] - lea `16*4`(@ptr[3]),@ptr[3] - punpckldq @Xi[3],@Xi[0] - movd `4*$j-16*4`(@ptr[0]),@Xi[1] - punpckldq @Xi[4],@Xi[2] - movd `4*$j-16*4`(@ptr[1]),$t3 - punpckldq @Xi[2],@Xi[0] - movd `4*$j-16*4`(@ptr[2]),$t2 - pshufb $tx,@Xi[0] -___ -$code.=<<___ if ($i<14); # just load input - movd `4*$j-16*4`(@ptr[3]),$t1 - punpckldq $t2,@Xi[1] - movdqa $a,$t2 - paddd $K,$e # e+=K_00_19 - punpckldq $t1,$t3 - movdqa $b,$t1 - movdqa $b,$t0 - pslld \$5,$t2 - pandn $d,$t1 - pand $c,$t0 - punpckldq $t3,@Xi[1] - movdqa $a,$t3 - - movdqa @Xi[0],`&Xi_off($i)` - paddd @Xi[0],$e # e+=X[i] - movd `4*$k-16*4`(@ptr[0]),@Xi[2] - psrld \$27,$t3 - pxor $t1,$t0 # Ch(b,c,d) - movdqa $b,$t1 - - por $t3,$t2 # rol(a,5) - movd `4*$k-16*4`(@ptr[1]),$t3 - pslld \$30,$t1 - paddd $t0,$e # e+=Ch(b,c,d) - - psrld \$2,$b - paddd $t2,$e # e+=rol(a,5) - pshufb $tx,@Xi[1] - movd `4*$k-16*4`(@ptr[2]),$t2 - por $t1,$b # b=rol(b,30) -___ -$code.=<<___ if ($i==14); # just load input - movd `4*$j-16*4`(@ptr[3]),$t1 - punpckldq $t2,@Xi[1] - movdqa $a,$t2 - paddd $K,$e # e+=K_00_19 - punpckldq $t1,$t3 - movdqa $b,$t1 - movdqa $b,$t0 - pslld \$5,$t2 - prefetcht0 63(@ptr[0]) - pandn $d,$t1 - pand $c,$t0 - punpckldq $t3,@Xi[1] - movdqa $a,$t3 - - movdqa @Xi[0],`&Xi_off($i)` - paddd @Xi[0],$e # e+=X[i] - psrld \$27,$t3 - pxor $t1,$t0 # Ch(b,c,d) - movdqa $b,$t1 - prefetcht0 63(@ptr[1]) - - por $t3,$t2 # rol(a,5) - pslld \$30,$t1 - paddd $t0,$e # e+=Ch(b,c,d) - prefetcht0 63(@ptr[2]) - - psrld \$2,$b - paddd $t2,$e # e+=rol(a,5) - pshufb $tx,@Xi[1] - prefetcht0 63(@ptr[3]) - por $t1,$b # b=rol(b,30) -___ -$code.=<<___ if ($i>=13 && $i<15); - movdqa `&Xi_off($j+2)`,@Xi[3] # preload "X[2]" -___ -$code.=<<___ if ($i>=15); # apply Xupdate - pxor @Xi[-2],@Xi[1] # "X[13]" - movdqa `&Xi_off($j+2)`,@Xi[3] # "X[2]" - - movdqa $a,$t2 - pxor `&Xi_off($j+8)`,@Xi[1] - paddd $K,$e # e+=K_00_19 - movdqa $b,$t1 - pslld \$5,$t2 - pxor @Xi[3],@Xi[1] - movdqa $b,$t0 - pandn $d,$t1 - movdqa @Xi[1],$tx - pand $c,$t0 - movdqa $a,$t3 - psrld \$31,$tx - paddd @Xi[1],@Xi[1] - - movdqa @Xi[0],`&Xi_off($i)` - paddd @Xi[0],$e # e+=X[i] - psrld \$27,$t3 - pxor $t1,$t0 # Ch(b,c,d) - - movdqa $b,$t1 - por $t3,$t2 # rol(a,5) - pslld \$30,$t1 - paddd $t0,$e # e+=Ch(b,c,d) - - psrld \$2,$b - paddd $t2,$e # e+=rol(a,5) - por $tx,@Xi[1] # rol \$1,@Xi[1] - por $t1,$b # b=rol(b,30) -___ -push(@Xi,shift(@Xi)); -} - -sub BODY_20_39 { -my ($i,$a,$b,$c,$d,$e)=@_; -my $j=$i+1; - -$code.=<<___ if ($i<79); - pxor @Xi[-2],@Xi[1] # "X[13]" - movdqa `&Xi_off($j+2)`,@Xi[3] # "X[2]" - - movdqa $a,$t2 - movdqa $d,$t0 - pxor `&Xi_off($j+8)`,@Xi[1] - paddd $K,$e # e+=K_20_39 - pslld \$5,$t2 - pxor $b,$t0 - - movdqa $a,$t3 -___ -$code.=<<___ if ($i<72); - movdqa @Xi[0],`&Xi_off($i)` -___ -$code.=<<___ if ($i<79); - paddd @Xi[0],$e # e+=X[i] - pxor @Xi[3],@Xi[1] - psrld \$27,$t3 - pxor $c,$t0 # Parity(b,c,d) - movdqa $b,$t1 - - pslld \$30,$t1 - movdqa @Xi[1],$tx - por $t3,$t2 # rol(a,5) - psrld \$31,$tx - paddd $t0,$e # e+=Parity(b,c,d) - paddd @Xi[1],@Xi[1] - - psrld \$2,$b - paddd $t2,$e # e+=rol(a,5) - por $tx,@Xi[1] # rol(@Xi[1],1) - por $t1,$b # b=rol(b,30) -___ -$code.=<<___ if ($i==79); - movdqa $a,$t2 - paddd $K,$e # e+=K_20_39 - movdqa $d,$t0 - pslld \$5,$t2 - pxor $b,$t0 - - movdqa $a,$t3 - paddd @Xi[0],$e # e+=X[i] - psrld \$27,$t3 - movdqa $b,$t1 - pxor $c,$t0 # Parity(b,c,d) - - pslld \$30,$t1 - por $t3,$t2 # rol(a,5) - paddd $t0,$e # e+=Parity(b,c,d) - - psrld \$2,$b - paddd $t2,$e # e+=rol(a,5) - por $t1,$b # b=rol(b,30) -___ -push(@Xi,shift(@Xi)); -} - -sub BODY_40_59 { -my ($i,$a,$b,$c,$d,$e)=@_; -my $j=$i+1; - -$code.=<<___; - pxor @Xi[-2],@Xi[1] # "X[13]" - movdqa `&Xi_off($j+2)`,@Xi[3] # "X[2]" - - movdqa $a,$t2 - movdqa $d,$t1 - pxor `&Xi_off($j+8)`,@Xi[1] - pxor @Xi[3],@Xi[1] - paddd $K,$e # e+=K_40_59 - pslld \$5,$t2 - movdqa $a,$t3 - pand $c,$t1 - - movdqa $d,$t0 - movdqa @Xi[1],$tx - psrld \$27,$t3 - paddd $t1,$e - pxor $c,$t0 - - movdqa @Xi[0],`&Xi_off($i)` - paddd @Xi[0],$e # e+=X[i] - por $t3,$t2 # rol(a,5) - psrld \$31,$tx - pand $b,$t0 - movdqa $b,$t1 - - pslld \$30,$t1 - paddd @Xi[1],@Xi[1] - paddd $t0,$e # e+=Maj(b,d,c) - - psrld \$2,$b - paddd $t2,$e # e+=rol(a,5) - por $tx,@Xi[1] # rol(@X[1],1) - por $t1,$b # b=rol(b,30) -___ -push(@Xi,shift(@Xi)); -} - -$code.=<<___; -.text - -.extern OPENSSL_ia32cap_P - -.globl sha1_multi_block -.type sha1_multi_block,\@function,3 -.align 32 -sha1_multi_block: -.cfi_startproc - mov OPENSSL_ia32cap_P+4(%rip),%rcx - bt \$61,%rcx # check SHA bit - jc _shaext_shortcut -___ -$code.=<<___ if ($avx); - test \$`1<<28`,%ecx - jnz _avx_shortcut -___ -$code.=<<___; - mov %rsp,%rax -.cfi_def_cfa_register %rax - push %rbx -.cfi_push %rbx - push %rbp -.cfi_push %rbx -___ -$code.=<<___ if ($win64); - lea -0xa8(%rsp),%rsp - movaps %xmm6,(%rsp) - movaps %xmm7,0x10(%rsp) - movaps %xmm8,0x20(%rsp) - movaps %xmm9,0x30(%rsp) - movaps %xmm10,-0x78(%rax) - movaps %xmm11,-0x68(%rax) - movaps %xmm12,-0x58(%rax) - movaps %xmm13,-0x48(%rax) - movaps %xmm14,-0x38(%rax) - movaps %xmm15,-0x28(%rax) -___ -$code.=<<___; - sub \$`$REG_SZ*18`,%rsp - and \$-256,%rsp - mov %rax,`$REG_SZ*17`(%rsp) # original %rsp -.cfi_cfa_expression %rsp+`$REG_SZ*17`,deref,+8 -.Lbody: - lea K_XX_XX(%rip),$Tbl - lea `$REG_SZ*16`(%rsp),%rbx - -.Loop_grande: - mov $num,`$REG_SZ*17+8`(%rsp) # original $num - xor $num,$num -___ -for($i=0;$i<4;$i++) { - $ptr_reg=&pointer_register($flavour,@ptr[$i]); - $code.=<<___; - # input pointer - mov `$inp_elm_size*$i+0`($inp),$ptr_reg - # number of blocks - mov `$inp_elm_size*$i+$ptr_size`($inp),%ecx - cmp $num,%ecx - cmovg %ecx,$num # find maximum - test %ecx,%ecx - mov %ecx,`4*$i`(%rbx) # initialize counters - cmovle $Tbl,@ptr[$i] # cancel input -___ -} -$code.=<<___; - test $num,$num - jz .Ldone - - movdqu 0x00($ctx),$A # load context - lea 128(%rsp),%rax - movdqu 0x20($ctx),$B - movdqu 0x40($ctx),$C - movdqu 0x60($ctx),$D - movdqu 0x80($ctx),$E - movdqa 0x60($Tbl),$tx # pbswap_mask - movdqa -0x20($Tbl),$K # K_00_19 - jmp .Loop - -.align 32 -.Loop: -___ -for($i=0;$i<20;$i++) { &BODY_00_19($i,@V); unshift(@V,pop(@V)); } -$code.=" movdqa 0x00($Tbl),$K\n"; # K_20_39 -for(;$i<40;$i++) { &BODY_20_39($i,@V); unshift(@V,pop(@V)); } -$code.=" movdqa 0x20($Tbl),$K\n"; # K_40_59 -for(;$i<60;$i++) { &BODY_40_59($i,@V); unshift(@V,pop(@V)); } -$code.=" movdqa 0x40($Tbl),$K\n"; # K_60_79 -for(;$i<80;$i++) { &BODY_20_39($i,@V); unshift(@V,pop(@V)); } -$code.=<<___; - movdqa (%rbx),@Xi[0] # pull counters - mov \$1,%ecx - cmp 4*0(%rbx),%ecx # examine counters - pxor $t2,$t2 - cmovge $Tbl,@ptr[0] # cancel input - cmp 4*1(%rbx),%ecx - movdqa @Xi[0],@Xi[1] - cmovge $Tbl,@ptr[1] - cmp 4*2(%rbx),%ecx - pcmpgtd $t2,@Xi[1] # mask value - cmovge $Tbl,@ptr[2] - cmp 4*3(%rbx),%ecx - paddd @Xi[1],@Xi[0] # counters-- - cmovge $Tbl,@ptr[3] - - movdqu 0x00($ctx),$t0 - pand @Xi[1],$A - movdqu 0x20($ctx),$t1 - pand @Xi[1],$B - paddd $t0,$A - movdqu 0x40($ctx),$t2 - pand @Xi[1],$C - paddd $t1,$B - movdqu 0x60($ctx),$t3 - pand @Xi[1],$D - paddd $t2,$C - movdqu 0x80($ctx),$tx - pand @Xi[1],$E - movdqu $A,0x00($ctx) - paddd $t3,$D - movdqu $B,0x20($ctx) - paddd $tx,$E - movdqu $C,0x40($ctx) - movdqu $D,0x60($ctx) - movdqu $E,0x80($ctx) - - movdqa @Xi[0],(%rbx) # save counters - movdqa 0x60($Tbl),$tx # pbswap_mask - movdqa -0x20($Tbl),$K # K_00_19 - dec $num - jnz .Loop - - mov `$REG_SZ*17+8`(%rsp),$num - lea $REG_SZ($ctx),$ctx - lea `$inp_elm_size*$REG_SZ/4`($inp),$inp - dec $num - jnz .Loop_grande - -.Ldone: - mov `$REG_SZ*17`(%rsp),%rax # original %rsp -.cfi_def_cfa %rax,8 -___ -$code.=<<___ if ($win64); - movaps -0xb8(%rax),%xmm6 - movaps -0xa8(%rax),%xmm7 - movaps -0x98(%rax),%xmm8 - movaps -0x88(%rax),%xmm9 - movaps -0x78(%rax),%xmm10 - movaps -0x68(%rax),%xmm11 - movaps -0x58(%rax),%xmm12 - movaps -0x48(%rax),%xmm13 - movaps -0x38(%rax),%xmm14 - movaps -0x28(%rax),%xmm15 -___ -$code.=<<___; - mov -16(%rax),%rbp -.cfi_restore %rbp - mov -8(%rax),%rbx -.cfi_restore %rbx - lea (%rax),%rsp -.cfi_def_cfa_register %rsp -.Lepilogue: - ret -.cfi_endproc -.size sha1_multi_block,.-sha1_multi_block -___ - {{{ -my ($ABCD0,$E0,$E0_,$BSWAP,$ABCD1,$E1,$E1_)=map("%xmm$_",(0..3,8..10)); -my @MSG0=map("%xmm$_",(4..7)); -my @MSG1=map("%xmm$_",(11..14)); - -$code.=<<___; -.type sha1_multi_block_shaext,\@function,3 -.align 32 -sha1_multi_block_shaext: -.cfi_startproc -_shaext_shortcut: - mov %rsp,%rax -.cfi_def_cfa_register %rax - push %rbx -.cfi_push %rbx - push %rbp -.cfi_push %rbp -___ -$code.=<<___ if ($win64); - lea -0xa8(%rsp),%rsp - movaps %xmm6,(%rsp) - movaps %xmm7,0x10(%rsp) - movaps %xmm8,0x20(%rsp) - movaps %xmm9,0x30(%rsp) - movaps %xmm10,-0x78(%rax) - movaps %xmm11,-0x68(%rax) - movaps %xmm12,-0x58(%rax) - movaps %xmm13,-0x48(%rax) - movaps %xmm14,-0x38(%rax) - movaps %xmm15,-0x28(%rax) -___ -$code.=<<___; - sub \$`$REG_SZ*18`,%rsp - shl \$1,$num # we process pair at a time - and \$-256,%rsp - lea 0x40($ctx),$ctx # size optimization - mov %rax,`$REG_SZ*17`(%rsp) # original %rsp -.Lbody_shaext: - lea `$REG_SZ*16`(%rsp),%rbx - movdqa K_XX_XX+0x80(%rip),$BSWAP # byte-n-word swap - -.Loop_grande_shaext: - mov $num,`$REG_SZ*17+8`(%rsp) # original $num - xor $num,$num -___ -for($i=0;$i<2;$i++) { - $ptr_reg=&pointer_register($flavour,@ptr[$i]); - $code.=<<___; - # input pointer - mov `$inp_elm_size*$i+0`($inp),$ptr_reg - # number of blocks - mov `$inp_elm_size*$i+$ptr_size`($inp),%ecx - cmp $num,%ecx - cmovg %ecx,$num # find maximum - test %ecx,%ecx - mov %ecx,`4*$i`(%rbx) # initialize counters - cmovle %rsp,@ptr[$i] # cancel input -___ -} -$code.=<<___; - test $num,$num - jz .Ldone_shaext - - movq 0x00-0x40($ctx),$ABCD0 # a1.a0 - movq 0x20-0x40($ctx),@MSG0[0]# b1.b0 - movq 0x40-0x40($ctx),@MSG0[1]# c1.c0 - movq 0x60-0x40($ctx),@MSG0[2]# d1.d0 - movq 0x80-0x40($ctx),@MSG0[3]# e1.e0 - - punpckldq @MSG0[0],$ABCD0 # b1.a1.b0.a0 - punpckldq @MSG0[2],@MSG0[1] # d1.c1.d0.c0 - - movdqa $ABCD0,$ABCD1 - punpcklqdq @MSG0[1],$ABCD0 # d0.c0.b0.a0 - punpckhqdq @MSG0[1],$ABCD1 # d1.c1.b1.a1 - - pshufd \$0b00111111,@MSG0[3],$E0 - pshufd \$0b01111111,@MSG0[3],$E1 - pshufd \$0b00011011,$ABCD0,$ABCD0 - pshufd \$0b00011011,$ABCD1,$ABCD1 - jmp .Loop_shaext - -.align 32 -.Loop_shaext: - movdqu 0x00(@ptr[0]),@MSG0[0] - movdqu 0x00(@ptr[1]),@MSG1[0] - movdqu 0x10(@ptr[0]),@MSG0[1] - movdqu 0x10(@ptr[1]),@MSG1[1] - movdqu 0x20(@ptr[0]),@MSG0[2] - pshufb $BSWAP,@MSG0[0] - movdqu 0x20(@ptr[1]),@MSG1[2] - pshufb $BSWAP,@MSG1[0] - movdqu 0x30(@ptr[0]),@MSG0[3] - lea 0x40(@ptr[0]),@ptr[0] - pshufb $BSWAP,@MSG0[1] - movdqu 0x30(@ptr[1]),@MSG1[3] - lea 0x40(@ptr[1]),@ptr[1] - pshufb $BSWAP,@MSG1[1] - - movdqa $E0,0x50(%rsp) # offload - paddd @MSG0[0],$E0 - movdqa $E1,0x70(%rsp) - paddd @MSG1[0],$E1 - movdqa $ABCD0,0x40(%rsp) # offload - movdqa $ABCD0,$E0_ - movdqa $ABCD1,0x60(%rsp) - movdqa $ABCD1,$E1_ - sha1rnds4 \$0,$E0,$ABCD0 # 0-3 - sha1nexte @MSG0[1],$E0_ - sha1rnds4 \$0,$E1,$ABCD1 # 0-3 - sha1nexte @MSG1[1],$E1_ - pshufb $BSWAP,@MSG0[2] - prefetcht0 127(@ptr[0]) - sha1msg1 @MSG0[1],@MSG0[0] - pshufb $BSWAP,@MSG1[2] - prefetcht0 127(@ptr[1]) - sha1msg1 @MSG1[1],@MSG1[0] - - pshufb $BSWAP,@MSG0[3] - movdqa $ABCD0,$E0 - pshufb $BSWAP,@MSG1[3] - movdqa $ABCD1,$E1 - sha1rnds4 \$0,$E0_,$ABCD0 # 4-7 - sha1nexte @MSG0[2],$E0 - sha1rnds4 \$0,$E1_,$ABCD1 # 4-7 - sha1nexte @MSG1[2],$E1 - pxor @MSG0[2],@MSG0[0] - sha1msg1 @MSG0[2],@MSG0[1] - pxor @MSG1[2],@MSG1[0] - sha1msg1 @MSG1[2],@MSG1[1] -___ -for($i=2;$i<20-4;$i++) { -$code.=<<___; - movdqa $ABCD0,$E0_ - movdqa $ABCD1,$E1_ - sha1rnds4 \$`int($i/5)`,$E0,$ABCD0 # 8-11 - sha1nexte @MSG0[3],$E0_ - sha1rnds4 \$`int($i/5)`,$E1,$ABCD1 # 8-11 - sha1nexte @MSG1[3],$E1_ - sha1msg2 @MSG0[3],@MSG0[0] - sha1msg2 @MSG1[3],@MSG1[0] - pxor @MSG0[3],@MSG0[1] - sha1msg1 @MSG0[3],@MSG0[2] - pxor @MSG1[3],@MSG1[1] - sha1msg1 @MSG1[3],@MSG1[2] -___ - ($E0,$E0_)=($E0_,$E0); ($E1,$E1_)=($E1_,$E1); - push(@MSG0,shift(@MSG0)); push(@MSG1,shift(@MSG1)); -} -$code.=<<___; - movdqa $ABCD0,$E0_ - movdqa $ABCD1,$E1_ - sha1rnds4 \$3,$E0,$ABCD0 # 64-67 - sha1nexte @MSG0[3],$E0_ - sha1rnds4 \$3,$E1,$ABCD1 # 64-67 - sha1nexte @MSG1[3],$E1_ - sha1msg2 @MSG0[3],@MSG0[0] - sha1msg2 @MSG1[3],@MSG1[0] - pxor @MSG0[3],@MSG0[1] - pxor @MSG1[3],@MSG1[1] - - mov \$1,%ecx - pxor @MSG0[2],@MSG0[2] # zero - cmp 4*0(%rbx),%ecx # examine counters - cmovge %rsp,@ptr[0] # cancel input - - movdqa $ABCD0,$E0 - movdqa $ABCD1,$E1 - sha1rnds4 \$3,$E0_,$ABCD0 # 68-71 - sha1nexte @MSG0[0],$E0 - sha1rnds4 \$3,$E1_,$ABCD1 # 68-71 - sha1nexte @MSG1[0],$E1 - sha1msg2 @MSG0[0],@MSG0[1] - sha1msg2 @MSG1[0],@MSG1[1] - - cmp 4*1(%rbx),%ecx - cmovge %rsp,@ptr[1] - movq (%rbx),@MSG0[0] # pull counters - - movdqa $ABCD0,$E0_ - movdqa $ABCD1,$E1_ - sha1rnds4 \$3,$E0,$ABCD0 # 72-75 - sha1nexte @MSG0[1],$E0_ - sha1rnds4 \$3,$E1,$ABCD1 # 72-75 - sha1nexte @MSG1[1],$E1_ - - pshufd \$0x00,@MSG0[0],@MSG1[2] - pshufd \$0x55,@MSG0[0],@MSG1[3] - movdqa @MSG0[0],@MSG0[1] - pcmpgtd @MSG0[2],@MSG1[2] - pcmpgtd @MSG0[2],@MSG1[3] - - movdqa $ABCD0,$E0 - movdqa $ABCD1,$E1 - sha1rnds4 \$3,$E0_,$ABCD0 # 76-79 - sha1nexte $MSG0[2],$E0 - sha1rnds4 \$3,$E1_,$ABCD1 # 76-79 - sha1nexte $MSG0[2],$E1 - - pcmpgtd @MSG0[2],@MSG0[1] # counter mask - pand @MSG1[2],$ABCD0 - pand @MSG1[2],$E0 - pand @MSG1[3],$ABCD1 - pand @MSG1[3],$E1 - paddd @MSG0[1],@MSG0[0] # counters-- - - paddd 0x40(%rsp),$ABCD0 - paddd 0x50(%rsp),$E0 - paddd 0x60(%rsp),$ABCD1 - paddd 0x70(%rsp),$E1 - - movq @MSG0[0],(%rbx) # save counters - dec $num - jnz .Loop_shaext - - mov `$REG_SZ*17+8`(%rsp),$num - - pshufd \$0b00011011,$ABCD0,$ABCD0 - pshufd \$0b00011011,$ABCD1,$ABCD1 - - movdqa $ABCD0,@MSG0[0] - punpckldq $ABCD1,$ABCD0 # b1.b0.a1.a0 - punpckhdq $ABCD1,@MSG0[0] # d1.d0.c1.c0 - punpckhdq $E1,$E0 # e1.e0.xx.xx - movq $ABCD0,0x00-0x40($ctx) # a1.a0 - psrldq \$8,$ABCD0 - movq @MSG0[0],0x40-0x40($ctx)# c1.c0 - psrldq \$8,@MSG0[0] - movq $ABCD0,0x20-0x40($ctx) # b1.b0 - psrldq \$8,$E0 - movq @MSG0[0],0x60-0x40($ctx)# d1.d0 - movq $E0,0x80-0x40($ctx) # e1.e0 - - lea `$REG_SZ/2`($ctx),$ctx - lea `$inp_elm_size*2`($inp),$inp - dec $num - jnz .Loop_grande_shaext - -.Ldone_shaext: - #mov `$REG_SZ*17`(%rsp),%rax # original %rsp -___ -$code.=<<___ if ($win64); - movaps -0xb8(%rax),%xmm6 - movaps -0xa8(%rax),%xmm7 - movaps -0x98(%rax),%xmm8 - movaps -0x88(%rax),%xmm9 - movaps -0x78(%rax),%xmm10 - movaps -0x68(%rax),%xmm11 - movaps -0x58(%rax),%xmm12 - movaps -0x48(%rax),%xmm13 - movaps -0x38(%rax),%xmm14 - movaps -0x28(%rax),%xmm15 -___ -$code.=<<___; - mov -16(%rax),%rbp -.cfi_restore %rbp - mov -8(%rax),%rbx -.cfi_restore %rbx - lea (%rax),%rsp -.cfi_def_cfa_register %rsp -.Lepilogue_shaext: - ret -.cfi_endproc -.size sha1_multi_block_shaext,.-sha1_multi_block_shaext -___ - }}} - - if ($avx) {{{ -sub BODY_00_19_avx { -my ($i,$a,$b,$c,$d,$e)=@_; -my $j=$i+1; -my $k=$i+2; -my $vpack = $REG_SZ==16 ? "vpunpckldq" : "vinserti128"; -my $ptr_n = $REG_SZ==16 ? @ptr[1] : @ptr[4]; - -$code.=<<___ if ($i==0 && $REG_SZ==16); - vmovd (@ptr[0]),@Xi[0] - lea `16*4`(@ptr[0]),@ptr[0] - vmovd (@ptr[1]),@Xi[2] # borrow Xi[2] - lea `16*4`(@ptr[1]),@ptr[1] - vpinsrd \$1,(@ptr[2]),@Xi[0],@Xi[0] - lea `16*4`(@ptr[2]),@ptr[2] - vpinsrd \$1,(@ptr[3]),@Xi[2],@Xi[2] - lea `16*4`(@ptr[3]),@ptr[3] - vmovd `4*$j-16*4`(@ptr[0]),@Xi[1] - vpunpckldq @Xi[2],@Xi[0],@Xi[0] - vmovd `4*$j-16*4`($ptr_n),$t3 - vpshufb $tx,@Xi[0],@Xi[0] -___ -$code.=<<___ if ($i<15 && $REG_SZ==16); # just load input - vpinsrd \$1,`4*$j-16*4`(@ptr[2]),@Xi[1],@Xi[1] - vpinsrd \$1,`4*$j-16*4`(@ptr[3]),$t3,$t3 -___ -$code.=<<___ if ($i==0 && $REG_SZ==32); - vmovd (@ptr[0]),@Xi[0] - lea `16*4`(@ptr[0]),@ptr[0] - vmovd (@ptr[4]),@Xi[2] # borrow Xi[2] - lea `16*4`(@ptr[4]),@ptr[4] - vmovd (@ptr[1]),$t2 - lea `16*4`(@ptr[1]),@ptr[1] - vmovd (@ptr[5]),$t1 - lea `16*4`(@ptr[5]),@ptr[5] - vpinsrd \$1,(@ptr[2]),@Xi[0],@Xi[0] - lea `16*4`(@ptr[2]),@ptr[2] - vpinsrd \$1,(@ptr[6]),@Xi[2],@Xi[2] - lea `16*4`(@ptr[6]),@ptr[6] - vpinsrd \$1,(@ptr[3]),$t2,$t2 - lea `16*4`(@ptr[3]),@ptr[3] - vpunpckldq $t2,@Xi[0],@Xi[0] - vpinsrd \$1,(@ptr[7]),$t1,$t1 - lea `16*4`(@ptr[7]),@ptr[7] - vpunpckldq $t1,@Xi[2],@Xi[2] - vmovd `4*$j-16*4`(@ptr[0]),@Xi[1] - vinserti128 @Xi[2],@Xi[0],@Xi[0] - vmovd `4*$j-16*4`($ptr_n),$t3 - vpshufb $tx,@Xi[0],@Xi[0] -___ -$code.=<<___ if ($i<15 && $REG_SZ==32); # just load input - vmovd `4*$j-16*4`(@ptr[1]),$t2 - vmovd `4*$j-16*4`(@ptr[5]),$t1 - vpinsrd \$1,`4*$j-16*4`(@ptr[2]),@Xi[1],@Xi[1] - vpinsrd \$1,`4*$j-16*4`(@ptr[6]),$t3,$t3 - vpinsrd \$1,`4*$j-16*4`(@ptr[3]),$t2,$t2 - vpunpckldq $t2,@Xi[1],@Xi[1] - vpinsrd \$1,`4*$j-16*4`(@ptr[7]),$t1,$t1 - vpunpckldq $t1,$t3,$t3 -___ -$code.=<<___ if ($i<14); - vpaddd $K,$e,$e # e+=K_00_19 - vpslld \$5,$a,$t2 - vpandn $d,$b,$t1 - vpand $c,$b,$t0 - - vmovdqa @Xi[0],`&Xi_off($i)` - vpaddd @Xi[0],$e,$e # e+=X[i] - $vpack $t3,@Xi[1],@Xi[1] - vpsrld \$27,$a,$t3 - vpxor $t1,$t0,$t0 # Ch(b,c,d) - vmovd `4*$k-16*4`(@ptr[0]),@Xi[2] - - vpslld \$30,$b,$t1 - vpor $t3,$t2,$t2 # rol(a,5) - vmovd `4*$k-16*4`($ptr_n),$t3 - vpaddd $t0,$e,$e # e+=Ch(b,c,d) - - vpsrld \$2,$b,$b - vpaddd $t2,$e,$e # e+=rol(a,5) - vpshufb $tx,@Xi[1],@Xi[1] - vpor $t1,$b,$b # b=rol(b,30) -___ -$code.=<<___ if ($i==14); - vpaddd $K,$e,$e # e+=K_00_19 - prefetcht0 63(@ptr[0]) - vpslld \$5,$a,$t2 - vpandn $d,$b,$t1 - vpand $c,$b,$t0 - - vmovdqa @Xi[0],`&Xi_off($i)` - vpaddd @Xi[0],$e,$e # e+=X[i] - $vpack $t3,@Xi[1],@Xi[1] - vpsrld \$27,$a,$t3 - prefetcht0 63(@ptr[1]) - vpxor $t1,$t0,$t0 # Ch(b,c,d) - - vpslld \$30,$b,$t1 - vpor $t3,$t2,$t2 # rol(a,5) - prefetcht0 63(@ptr[2]) - vpaddd $t0,$e,$e # e+=Ch(b,c,d) - - vpsrld \$2,$b,$b - vpaddd $t2,$e,$e # e+=rol(a,5) - prefetcht0 63(@ptr[3]) - vpshufb $tx,@Xi[1],@Xi[1] - vpor $t1,$b,$b # b=rol(b,30) -___ -$code.=<<___ if ($i>=13 && $i<15); - vmovdqa `&Xi_off($j+2)`,@Xi[3] # preload "X[2]" -___ -$code.=<<___ if ($i>=15); # apply Xupdate - vpxor @Xi[-2],@Xi[1],@Xi[1] # "X[13]" - vmovdqa `&Xi_off($j+2)`,@Xi[3] # "X[2]" - - vpaddd $K,$e,$e # e+=K_00_19 - vpslld \$5,$a,$t2 - vpandn $d,$b,$t1 - `"prefetcht0 63(@ptr[4])" if ($i==15 && $REG_SZ==32)` - vpand $c,$b,$t0 - - vmovdqa @Xi[0],`&Xi_off($i)` - vpaddd @Xi[0],$e,$e # e+=X[i] - vpxor `&Xi_off($j+8)`,@Xi[1],@Xi[1] - vpsrld \$27,$a,$t3 - vpxor $t1,$t0,$t0 # Ch(b,c,d) - vpxor @Xi[3],@Xi[1],@Xi[1] - `"prefetcht0 63(@ptr[5])" if ($i==15 && $REG_SZ==32)` - - vpslld \$30,$b,$t1 - vpor $t3,$t2,$t2 # rol(a,5) - vpaddd $t0,$e,$e # e+=Ch(b,c,d) - `"prefetcht0 63(@ptr[6])" if ($i==15 && $REG_SZ==32)` - vpsrld \$31,@Xi[1],$tx - vpaddd @Xi[1],@Xi[1],@Xi[1] - - vpsrld \$2,$b,$b - `"prefetcht0 63(@ptr[7])" if ($i==15 && $REG_SZ==32)` - vpaddd $t2,$e,$e # e+=rol(a,5) - vpor $tx,@Xi[1],@Xi[1] # rol \$1,@Xi[1] - vpor $t1,$b,$b # b=rol(b,30) -___ -push(@Xi,shift(@Xi)); -} - -sub BODY_20_39_avx { -my ($i,$a,$b,$c,$d,$e)=@_; -my $j=$i+1; - -$code.=<<___ if ($i<79); - vpxor @Xi[-2],@Xi[1],@Xi[1] # "X[13]" - vmovdqa `&Xi_off($j+2)`,@Xi[3] # "X[2]" - - vpslld \$5,$a,$t2 - vpaddd $K,$e,$e # e+=K_20_39 - vpxor $b,$d,$t0 -___ -$code.=<<___ if ($i<72); - vmovdqa @Xi[0],`&Xi_off($i)` -___ -$code.=<<___ if ($i<79); - vpaddd @Xi[0],$e,$e # e+=X[i] - vpxor `&Xi_off($j+8)`,@Xi[1],@Xi[1] - vpsrld \$27,$a,$t3 - vpxor $c,$t0,$t0 # Parity(b,c,d) - vpxor @Xi[3],@Xi[1],@Xi[1] - - vpslld \$30,$b,$t1 - vpor $t3,$t2,$t2 # rol(a,5) - vpaddd $t0,$e,$e # e+=Parity(b,c,d) - vpsrld \$31,@Xi[1],$tx - vpaddd @Xi[1],@Xi[1],@Xi[1] - - vpsrld \$2,$b,$b - vpaddd $t2,$e,$e # e+=rol(a,5) - vpor $tx,@Xi[1],@Xi[1] # rol(@Xi[1],1) - vpor $t1,$b,$b # b=rol(b,30) -___ -$code.=<<___ if ($i==79); - vpslld \$5,$a,$t2 - vpaddd $K,$e,$e # e+=K_20_39 - vpxor $b,$d,$t0 - - vpsrld \$27,$a,$t3 - vpaddd @Xi[0],$e,$e # e+=X[i] - vpxor $c,$t0,$t0 # Parity(b,c,d) - - vpslld \$30,$b,$t1 - vpor $t3,$t2,$t2 # rol(a,5) - vpaddd $t0,$e,$e # e+=Parity(b,c,d) - - vpsrld \$2,$b,$b - vpaddd $t2,$e,$e # e+=rol(a,5) - vpor $t1,$b,$b # b=rol(b,30) -___ -push(@Xi,shift(@Xi)); -} - -sub BODY_40_59_avx { -my ($i,$a,$b,$c,$d,$e)=@_; -my $j=$i+1; - -$code.=<<___; - vpxor @Xi[-2],@Xi[1],@Xi[1] # "X[13]" - vmovdqa `&Xi_off($j+2)`,@Xi[3] # "X[2]" - - vpaddd $K,$e,$e # e+=K_40_59 - vpslld \$5,$a,$t2 - vpand $c,$d,$t1 - vpxor `&Xi_off($j+8)`,@Xi[1],@Xi[1] - - vpaddd $t1,$e,$e - vpsrld \$27,$a,$t3 - vpxor $c,$d,$t0 - vpxor @Xi[3],@Xi[1],@Xi[1] - - vmovdqu @Xi[0],`&Xi_off($i)` - vpaddd @Xi[0],$e,$e # e+=X[i] - vpor $t3,$t2,$t2 # rol(a,5) - vpsrld \$31,@Xi[1],$tx - vpand $b,$t0,$t0 - vpaddd @Xi[1],@Xi[1],@Xi[1] - - vpslld \$30,$b,$t1 - vpaddd $t0,$e,$e # e+=Maj(b,d,c) - - vpsrld \$2,$b,$b - vpaddd $t2,$e,$e # e+=rol(a,5) - vpor $tx,@Xi[1],@Xi[1] # rol(@X[1],1) - vpor $t1,$b,$b # b=rol(b,30) -___ -push(@Xi,shift(@Xi)); -} - -$code.=<<___; -.type sha1_multi_block_avx,\@function,3 -.align 32 -sha1_multi_block_avx: -.cfi_startproc -_avx_shortcut: -___ -$code.=<<___ if ($avx>1); - shr \$32,%rcx - cmp \$2,$num - jb .Lavx - test \$`1<<5`,%ecx - jnz _avx2_shortcut - jmp .Lavx -.align 32 -.Lavx: -___ -$code.=<<___; - mov %rsp,%rax -.cfi_def_cfa_register %rax - push %rbx -.cfi_push %rbx - push %rbp -.cfi_push %rbp -___ -$code.=<<___ if ($win64); - lea -0xa8(%rsp),%rsp - movaps %xmm6,(%rsp) - movaps %xmm7,0x10(%rsp) - movaps %xmm8,0x20(%rsp) - movaps %xmm9,0x30(%rsp) - movaps %xmm10,-0x78(%rax) - movaps %xmm11,-0x68(%rax) - movaps %xmm12,-0x58(%rax) - movaps %xmm13,-0x48(%rax) - movaps %xmm14,-0x38(%rax) - movaps %xmm15,-0x28(%rax) -___ -$code.=<<___; - sub \$`$REG_SZ*18`, %rsp - and \$-256,%rsp - mov %rax,`$REG_SZ*17`(%rsp) # original %rsp -.cfi_cfa_expression %rsp+`$REG_SZ*17`,deref,+8 -.Lbody_avx: - lea K_XX_XX(%rip),$Tbl - lea `$REG_SZ*16`(%rsp),%rbx - - vzeroupper -.Loop_grande_avx: - mov $num,`$REG_SZ*17+8`(%rsp) # original $num - xor $num,$num -___ -for($i=0;$i<4;$i++) { - $ptr_reg=&pointer_register($flavour,@ptr[$i]); - $code.=<<___; - # input pointer - mov `$inp_elm_size*$i+0`($inp),$ptr_reg - # number of blocks - mov `$inp_elm_size*$i+$ptr_size`($inp),%ecx - cmp $num,%ecx - cmovg %ecx,$num # find maximum - test %ecx,%ecx - mov %ecx,`4*$i`(%rbx) # initialize counters - cmovle $Tbl,@ptr[$i] # cancel input -___ -} -$code.=<<___; - test $num,$num - jz .Ldone_avx - - vmovdqu 0x00($ctx),$A # load context - lea 128(%rsp),%rax - vmovdqu 0x20($ctx),$B - vmovdqu 0x40($ctx),$C - vmovdqu 0x60($ctx),$D - vmovdqu 0x80($ctx),$E - vmovdqu 0x60($Tbl),$tx # pbswap_mask - jmp .Loop_avx - -.align 32 -.Loop_avx: -___ -$code.=" vmovdqa -0x20($Tbl),$K\n"; # K_00_19 -for($i=0;$i<20;$i++) { &BODY_00_19_avx($i,@V); unshift(@V,pop(@V)); } -$code.=" vmovdqa 0x00($Tbl),$K\n"; # K_20_39 -for(;$i<40;$i++) { &BODY_20_39_avx($i,@V); unshift(@V,pop(@V)); } -$code.=" vmovdqa 0x20($Tbl),$K\n"; # K_40_59 -for(;$i<60;$i++) { &BODY_40_59_avx($i,@V); unshift(@V,pop(@V)); } -$code.=" vmovdqa 0x40($Tbl),$K\n"; # K_60_79 -for(;$i<80;$i++) { &BODY_20_39_avx($i,@V); unshift(@V,pop(@V)); } -$code.=<<___; - mov \$1,%ecx -___ -for($i=0;$i<4;$i++) { - $code.=<<___; - cmp `4*$i`(%rbx),%ecx # examine counters - cmovge $Tbl,@ptr[$i] # cancel input -___ -} -$code.=<<___; - vmovdqu (%rbx),$t0 # pull counters - vpxor $t2,$t2,$t2 - vmovdqa $t0,$t1 - vpcmpgtd $t2,$t1,$t1 # mask value - vpaddd $t1,$t0,$t0 # counters-- - - vpand $t1,$A,$A - vpand $t1,$B,$B - vpaddd 0x00($ctx),$A,$A - vpand $t1,$C,$C - vpaddd 0x20($ctx),$B,$B - vpand $t1,$D,$D - vpaddd 0x40($ctx),$C,$C - vpand $t1,$E,$E - vpaddd 0x60($ctx),$D,$D - vpaddd 0x80($ctx),$E,$E - vmovdqu $A,0x00($ctx) - vmovdqu $B,0x20($ctx) - vmovdqu $C,0x40($ctx) - vmovdqu $D,0x60($ctx) - vmovdqu $E,0x80($ctx) - - vmovdqu $t0,(%rbx) # save counters - vmovdqu 0x60($Tbl),$tx # pbswap_mask - dec $num - jnz .Loop_avx - - mov `$REG_SZ*17+8`(%rsp),$num - lea $REG_SZ($ctx),$ctx - lea `$inp_elm_size*$REG_SZ/4`($inp),$inp - dec $num - jnz .Loop_grande_avx - -.Ldone_avx: - mov `$REG_SZ*17`(%rsp),%rax # original %rsp -.cfi_def_cfa %rax,8 - vzeroupper -___ -$code.=<<___ if ($win64); - movaps -0xb8(%rax),%xmm6 - movaps -0xa8(%rax),%xmm7 - movaps -0x98(%rax),%xmm8 - movaps -0x88(%rax),%xmm9 - movaps -0x78(%rax),%xmm10 - movaps -0x68(%rax),%xmm11 - movaps -0x58(%rax),%xmm12 - movaps -0x48(%rax),%xmm13 - movaps -0x38(%rax),%xmm14 - movaps -0x28(%rax),%xmm15 -___ -$code.=<<___; - mov -16(%rax),%rbp -.cfi_restore %rbp - mov -8(%rax),%rbx -.cfi_restore %rbx - lea (%rax),%rsp -.cfi_def_cfa_register %rsp -.Lepilogue_avx: - ret -.cfi_endproc -.size sha1_multi_block_avx,.-sha1_multi_block_avx -___ - - if ($avx>1) { -$code =~ s/\`([^\`]*)\`/eval $1/gem; - -$REG_SZ=32; - -@ptr=map("%r$_",(12..15,8..11)); - -@V=($A,$B,$C,$D,$E)=map("%ymm$_",(0..4)); -($t0,$t1,$t2,$t3,$tx)=map("%ymm$_",(5..9)); -@Xi=map("%ymm$_",(10..14)); -$K="%ymm15"; - -$code.=<<___; -.type sha1_multi_block_avx2,\@function,3 -.align 32 -sha1_multi_block_avx2: -.cfi_startproc -_avx2_shortcut: - mov %rsp,%rax -.cfi_def_cfa_register %rax - push %rbx -.cfi_push %rbx - push %rbp -.cfi_push %rbp - push %r12 -.cfi_push %r12 - push %r13 -.cfi_push %r13 - push %r14 -.cfi_push %r14 - push %r15 -.cfi_push %r15 -___ -$code.=<<___ if ($win64); - lea -0xa8(%rsp),%rsp - movaps %xmm6,(%rsp) - movaps %xmm7,0x10(%rsp) - movaps %xmm8,0x20(%rsp) - movaps %xmm9,0x30(%rsp) - movaps %xmm10,0x40(%rsp) - movaps %xmm11,0x50(%rsp) - movaps %xmm12,-0x78(%rax) - movaps %xmm13,-0x68(%rax) - movaps %xmm14,-0x58(%rax) - movaps %xmm15,-0x48(%rax) -___ -$code.=<<___; - sub \$`$REG_SZ*18`, %rsp - and \$-256,%rsp - mov %rax,`$REG_SZ*17`(%rsp) # original %rsp -.cfi_cfa_expression %rsp+`$REG_SZ*17`,deref,+8 -.Lbody_avx2: - lea K_XX_XX(%rip),$Tbl - shr \$1,$num - - vzeroupper -.Loop_grande_avx2: - mov $num,`$REG_SZ*17+8`(%rsp) # original $num - xor $num,$num - lea `$REG_SZ*16`(%rsp),%rbx -___ -for($i=0;$i<8;$i++) { - $ptr_reg=&pointer_register($flavour,@ptr[$i]); - $code.=<<___; - # input pointer - mov `$inp_elm_size*$i+0`($inp),$ptr_reg - # number of blocks - mov `$inp_elm_size*$i+$ptr_size`($inp),%ecx - cmp $num,%ecx - cmovg %ecx,$num # find maximum - test %ecx,%ecx - mov %ecx,`4*$i`(%rbx) # initialize counters - cmovle $Tbl,@ptr[$i] # cancel input -___ -} -$code.=<<___; - vmovdqu 0x00($ctx),$A # load context - lea 128(%rsp),%rax - vmovdqu 0x20($ctx),$B - lea 256+128(%rsp),%rbx - vmovdqu 0x40($ctx),$C - vmovdqu 0x60($ctx),$D - vmovdqu 0x80($ctx),$E - vmovdqu 0x60($Tbl),$tx # pbswap_mask - jmp .Loop_avx2 - -.align 32 -.Loop_avx2: -___ -$code.=" vmovdqa -0x20($Tbl),$K\n"; # K_00_19 -for($i=0;$i<20;$i++) { &BODY_00_19_avx($i,@V); unshift(@V,pop(@V)); } -$code.=" vmovdqa 0x00($Tbl),$K\n"; # K_20_39 -for(;$i<40;$i++) { &BODY_20_39_avx($i,@V); unshift(@V,pop(@V)); } -$code.=" vmovdqa 0x20($Tbl),$K\n"; # K_40_59 -for(;$i<60;$i++) { &BODY_40_59_avx($i,@V); unshift(@V,pop(@V)); } -$code.=" vmovdqa 0x40($Tbl),$K\n"; # K_60_79 -for(;$i<80;$i++) { &BODY_20_39_avx($i,@V); unshift(@V,pop(@V)); } -$code.=<<___; - mov \$1,%ecx - lea `$REG_SZ*16`(%rsp),%rbx -___ -for($i=0;$i<8;$i++) { - $code.=<<___; - cmp `4*$i`(%rbx),%ecx # examine counters - cmovge $Tbl,@ptr[$i] # cancel input -___ -} -$code.=<<___; - vmovdqu (%rbx),$t0 # pull counters - vpxor $t2,$t2,$t2 - vmovdqa $t0,$t1 - vpcmpgtd $t2,$t1,$t1 # mask value - vpaddd $t1,$t0,$t0 # counters-- - - vpand $t1,$A,$A - vpand $t1,$B,$B - vpaddd 0x00($ctx),$A,$A - vpand $t1,$C,$C - vpaddd 0x20($ctx),$B,$B - vpand $t1,$D,$D - vpaddd 0x40($ctx),$C,$C - vpand $t1,$E,$E - vpaddd 0x60($ctx),$D,$D - vpaddd 0x80($ctx),$E,$E - vmovdqu $A,0x00($ctx) - vmovdqu $B,0x20($ctx) - vmovdqu $C,0x40($ctx) - vmovdqu $D,0x60($ctx) - vmovdqu $E,0x80($ctx) - - vmovdqu $t0,(%rbx) # save counters - lea 256+128(%rsp),%rbx - vmovdqu 0x60($Tbl),$tx # pbswap_mask - dec $num - jnz .Loop_avx2 - - #mov `$REG_SZ*17+8`(%rsp),$num - #lea $REG_SZ($ctx),$ctx - #lea `$inp_elm_size*$REG_SZ/4`($inp),$inp - #dec $num - #jnz .Loop_grande_avx2 - -.Ldone_avx2: - mov `$REG_SZ*17`(%rsp),%rax # original %rsp -.cfi_def_cfa %rax,8 - vzeroupper -___ -$code.=<<___ if ($win64); - movaps -0xd8(%rax),%xmm6 - movaps -0xc8(%rax),%xmm7 - movaps -0xb8(%rax),%xmm8 - movaps -0xa8(%rax),%xmm9 - movaps -0x98(%rax),%xmm10 - movaps -0x88(%rax),%xmm11 - movaps -0x78(%rax),%xmm12 - movaps -0x68(%rax),%xmm13 - movaps -0x58(%rax),%xmm14 - movaps -0x48(%rax),%xmm15 -___ -$code.=<<___; - mov -48(%rax),%r15 -.cfi_restore %r15 - mov -40(%rax),%r14 -.cfi_restore %r14 - mov -32(%rax),%r13 -.cfi_restore %r13 - mov -24(%rax),%r12 -.cfi_restore %r12 - mov -16(%rax),%rbp -.cfi_restore %rbp - mov -8(%rax),%rbx -.cfi_restore %rbx - lea (%rax),%rsp -.cfi_def_cfa_register %rsp -.Lepilogue_avx2: - ret -.cfi_endproc -.size sha1_multi_block_avx2,.-sha1_multi_block_avx2 -___ - } }}} -$code.=<<___; - -.align 256 - .long 0x5a827999,0x5a827999,0x5a827999,0x5a827999 # K_00_19 - .long 0x5a827999,0x5a827999,0x5a827999,0x5a827999 # K_00_19 -K_XX_XX: - .long 0x6ed9eba1,0x6ed9eba1,0x6ed9eba1,0x6ed9eba1 # K_20_39 - .long 0x6ed9eba1,0x6ed9eba1,0x6ed9eba1,0x6ed9eba1 # K_20_39 - .long 0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc # K_40_59 - .long 0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc # K_40_59 - .long 0xca62c1d6,0xca62c1d6,0xca62c1d6,0xca62c1d6 # K_60_79 - .long 0xca62c1d6,0xca62c1d6,0xca62c1d6,0xca62c1d6 # K_60_79 - .long 0x00010203,0x04050607,0x08090a0b,0x0c0d0e0f # pbswap - .long 0x00010203,0x04050607,0x08090a0b,0x0c0d0e0f # pbswap - .byte 0xf,0xe,0xd,0xc,0xb,0xa,0x9,0x8,0x7,0x6,0x5,0x4,0x3,0x2,0x1,0x0 - .asciz "SHA1 multi-block transform for x86_64, CRYPTOGAMS by " -___ - -if ($win64) { -# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame, -# CONTEXT *context,DISPATCHER_CONTEXT *disp) -$rec="%rcx"; -$frame="%rdx"; -$context="%r8"; -$disp="%r9"; - -$code.=<<___; -.extern __imp_RtlVirtualUnwind -.type se_handler,\@abi-omnipotent -.align 16 -se_handler: - push %rsi - push %rdi - push %rbx - push %rbp - push %r12 - push %r13 - push %r14 - push %r15 - pushfq - sub \$64,%rsp - - mov 120($context),%rax # pull context->Rax - mov 248($context),%rbx # pull context->Rip - - mov 8($disp),%rsi # disp->ImageBase - mov 56($disp),%r11 # disp->HandlerData - - mov 0(%r11),%r10d # HandlerData[0] - lea (%rsi,%r10),%r10 # end of prologue label - cmp %r10,%rbx # context->Rip<.Lbody - jb .Lin_prologue - - mov 152($context),%rax # pull context->Rsp - - mov 4(%r11),%r10d # HandlerData[1] - lea (%rsi,%r10),%r10 # epilogue label - cmp %r10,%rbx # context->Rip>=.Lepilogue - jae .Lin_prologue - - mov `16*17`(%rax),%rax # pull saved stack pointer - - mov -8(%rax),%rbx - mov -16(%rax),%rbp - mov %rbx,144($context) # restore context->Rbx - mov %rbp,160($context) # restore context->Rbp - - lea -24-10*16(%rax),%rsi - lea 512($context),%rdi # &context.Xmm6 - mov \$20,%ecx - .long 0xa548f3fc # cld; rep movsq - -.Lin_prologue: - mov 8(%rax),%rdi - mov 16(%rax),%rsi - mov %rax,152($context) # restore context->Rsp - mov %rsi,168($context) # restore context->Rsi - mov %rdi,176($context) # restore context->Rdi - - mov 40($disp),%rdi # disp->ContextRecord - mov $context,%rsi # context - mov \$154,%ecx # sizeof(CONTEXT) - .long 0xa548f3fc # cld; rep movsq - - mov $disp,%rsi - xor %rcx,%rcx # arg1, UNW_FLAG_NHANDLER - mov 8(%rsi),%rdx # arg2, disp->ImageBase - mov 0(%rsi),%r8 # arg3, disp->ControlPc - mov 16(%rsi),%r9 # arg4, disp->FunctionEntry - mov 40(%rsi),%r10 # disp->ContextRecord - lea 56(%rsi),%r11 # &disp->HandlerData - lea 24(%rsi),%r12 # &disp->EstablisherFrame - mov %r10,32(%rsp) # arg5 - mov %r11,40(%rsp) # arg6 - mov %r12,48(%rsp) # arg7 - mov %rcx,56(%rsp) # arg8, (NULL) - call *__imp_RtlVirtualUnwind(%rip) - - mov \$1,%eax # ExceptionContinueSearch - add \$64,%rsp - popfq - pop %r15 - pop %r14 - pop %r13 - pop %r12 - pop %rbp - pop %rbx - pop %rdi - pop %rsi - ret -.size se_handler,.-se_handler -___ -$code.=<<___ if ($avx>1); -.type avx2_handler,\@abi-omnipotent -.align 16 -avx2_handler: - push %rsi - push %rdi - push %rbx - push %rbp - push %r12 - push %r13 - push %r14 - push %r15 - pushfq - sub \$64,%rsp - - mov 120($context),%rax # pull context->Rax - mov 248($context),%rbx # pull context->Rip - - mov 8($disp),%rsi # disp->ImageBase - mov 56($disp),%r11 # disp->HandlerData - - mov 0(%r11),%r10d # HandlerData[0] - lea (%rsi,%r10),%r10 # end of prologue label - cmp %r10,%rbx # context->RipRsp - - mov 4(%r11),%r10d # HandlerData[1] - lea (%rsi,%r10),%r10 # epilogue label - cmp %r10,%rbx # context->Rip>=epilogue label - jae .Lin_prologue - - mov `32*17`($context),%rax # pull saved stack pointer - - mov -8(%rax),%rbx - mov -16(%rax),%rbp - mov -24(%rax),%r12 - mov -32(%rax),%r13 - mov -40(%rax),%r14 - mov -48(%rax),%r15 - mov %rbx,144($context) # restore context->Rbx - mov %rbp,160($context) # restore context->Rbp - mov %r12,216($context) # restore context->R12 - mov %r13,224($context) # restore context->R13 - mov %r14,232($context) # restore context->R14 - mov %r15,240($context) # restore context->R15 - - lea -56-10*16(%rax),%rsi - lea 512($context),%rdi # &context.Xmm6 - mov \$20,%ecx - .long 0xa548f3fc # cld; rep movsq - - jmp .Lin_prologue -.size avx2_handler,.-avx2_handler -___ -$code.=<<___; -.section .pdata -.align 4 - .rva .LSEH_begin_sha1_multi_block - .rva .LSEH_end_sha1_multi_block - .rva .LSEH_info_sha1_multi_block - .rva .LSEH_begin_sha1_multi_block_shaext - .rva .LSEH_end_sha1_multi_block_shaext - .rva .LSEH_info_sha1_multi_block_shaext -___ -$code.=<<___ if ($avx); - .rva .LSEH_begin_sha1_multi_block_avx - .rva .LSEH_end_sha1_multi_block_avx - .rva .LSEH_info_sha1_multi_block_avx -___ -$code.=<<___ if ($avx>1); - .rva .LSEH_begin_sha1_multi_block_avx2 - .rva .LSEH_end_sha1_multi_block_avx2 - .rva .LSEH_info_sha1_multi_block_avx2 -___ -$code.=<<___; -.section .xdata -.align 8 -.LSEH_info_sha1_multi_block: - .byte 9,0,0,0 - .rva se_handler - .rva .Lbody,.Lepilogue # HandlerData[] -.LSEH_info_sha1_multi_block_shaext: - .byte 9,0,0,0 - .rva se_handler - .rva .Lbody_shaext,.Lepilogue_shaext # HandlerData[] -___ -$code.=<<___ if ($avx); -.LSEH_info_sha1_multi_block_avx: - .byte 9,0,0,0 - .rva se_handler - .rva .Lbody_avx,.Lepilogue_avx # HandlerData[] -___ -$code.=<<___ if ($avx>1); -.LSEH_info_sha1_multi_block_avx2: - .byte 9,0,0,0 - .rva avx2_handler - .rva .Lbody_avx2,.Lepilogue_avx2 # HandlerData[] -___ -} -#################################################################### - -sub rex { - local *opcode=shift; - my ($dst,$src)=@_; - my $rex=0; - - $rex|=0x04 if ($dst>=8); - $rex|=0x01 if ($src>=8); - unshift @opcode,$rex|0x40 if ($rex); -} - -sub sha1rnds4 { - if (@_[0] =~ /\$([x0-9a-f]+),\s*%xmm([0-9]+),\s*%xmm([0-9]+)/) { - my @opcode=(0x0f,0x3a,0xcc); - rex(\@opcode,$3,$2); - push @opcode,0xc0|($2&7)|(($3&7)<<3); # ModR/M - my $c=$1; - push @opcode,$c=~/^0/?oct($c):$c; - return ".byte\t".join(',',@opcode); - } else { - return "sha1rnds4\t".@_[0]; - } -} - -sub sha1op38 { - my $instr = shift; - my %opcodelet = ( - "sha1nexte" => 0xc8, - "sha1msg1" => 0xc9, - "sha1msg2" => 0xca ); - - if (defined($opcodelet{$instr}) && @_[0] =~ /%xmm([0-9]+),\s*%xmm([0-9]+)/) { - my @opcode=(0x0f,0x38); - rex(\@opcode,$2,$1); - push @opcode,$opcodelet{$instr}; - push @opcode,0xc0|($1&7)|(($2&7)<<3); # ModR/M - return ".byte\t".join(',',@opcode); - } else { - return $instr."\t".@_[0]; - } -} - -foreach (split("\n",$code)) { - s/\`([^\`]*)\`/eval($1)/ge; - - s/\b(sha1rnds4)\s+(.*)/sha1rnds4($2)/geo or - s/\b(sha1[^\s]*)\s+(.*)/sha1op38($1,$2)/geo or - - s/\b(vmov[dq])\b(.+)%ymm([0-9]+)/$1$2%xmm$3/go or - s/\b(vmovdqu)\b(.+)%x%ymm([0-9]+)/$1$2%xmm$3/go or - s/\b(vpinsr[qd])\b(.+)%ymm([0-9]+),%ymm([0-9]+)/$1$2%xmm$3,%xmm$4/go or - s/\b(vpextr[qd])\b(.+)%ymm([0-9]+)/$1$2%xmm$3/go or - s/\b(vinserti128)\b(\s+)%ymm/$1$2\$1,%xmm/go or - s/\b(vpbroadcast[qd]\s+)%ymm([0-9]+)/$1%xmm$2/go; - - print $_,"\n"; -} - -close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/sha/asm/sha1-mips.pl b/crypto/sha/asm/sha1-mips.pl deleted file mode 100644 index b41dd7a5d269fd9deaaa5191c360196fb0fb2030..0000000000000000000000000000000000000000 --- a/crypto/sha/asm/sha1-mips.pl +++ /dev/null @@ -1,464 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2009-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - - -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# ==================================================================== - -# SHA1 block procedure for MIPS. - -# Performance improvement is 30% on unaligned input. The "secret" is -# to deploy lwl/lwr pair to load unaligned input. One could have -# vectorized Xupdate on MIPSIII/IV, but the goal was to code MIPS32- -# compatible subroutine. There is room for minor optimization on -# little-endian platforms... - -# September 2012. -# -# Add MIPS32r2 code (>25% less instructions). - -###################################################################### -# There is a number of MIPS ABI in use, O32 and N32/64 are most -# widely used. Then there is a new contender: NUBI. It appears that if -# one picks the latter, it's possible to arrange code in ABI neutral -# manner. Therefore let's stick to NUBI register layout: -# -($zero,$at,$t0,$t1,$t2)=map("\$$_",(0..2,24,25)); -($a0,$a1,$a2,$a3,$a4,$a5,$a6,$a7)=map("\$$_",(4..11)); -($s0,$s1,$s2,$s3,$s4,$s5,$s6,$s7,$s8,$s9,$s10,$s11)=map("\$$_",(12..23)); -($gp,$tp,$sp,$fp,$ra)=map("\$$_",(3,28..31)); -# -# The return value is placed in $a0. Following coding rules facilitate -# interoperability: -# -# - never ever touch $tp, "thread pointer", former $gp; -# - copy return value to $t0, former $v0 [or to $a0 if you're adapting -# old code]; -# - on O32 populate $a4-$a7 with 'lw $aN,4*N($sp)' if necessary; -# -# For reference here is register layout for N32/64 MIPS ABIs: -# -# ($zero,$at,$v0,$v1)=map("\$$_",(0..3)); -# ($a0,$a1,$a2,$a3,$a4,$a5,$a6,$a7)=map("\$$_",(4..11)); -# ($t0,$t1,$t2,$t3,$t8,$t9)=map("\$$_",(12..15,24,25)); -# ($s0,$s1,$s2,$s3,$s4,$s5,$s6,$s7)=map("\$$_",(16..23)); -# ($gp,$sp,$fp,$ra)=map("\$$_",(28..31)); - -# $output is the last argument if it looks like a file (it has an extension) -# $flavour is the first argument if it doesn't look like a file -$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; -# supported flavours are o32,n32,64,nubi32,nubi64, default is o32 -$flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : "o32"; - -if ($flavour =~ /64|n32/i) { - $PTR_ADD="daddu"; # incidentally works even on n32 - $PTR_SUB="dsubu"; # incidentally works even on n32 - $REG_S="sd"; - $REG_L="ld"; - $PTR_SLL="dsll"; # incidentally works even on n32 - $SZREG=8; -} else { - $PTR_ADD="addu"; - $PTR_SUB="subu"; - $REG_S="sw"; - $REG_L="lw"; - $PTR_SLL="sll"; - $SZREG=4; -} -# -# -# -###################################################################### - -$big_endian=(`echo MIPSEB | $ENV{CC} -E -`=~/MIPSEB/)?0:1 if ($ENV{CC}); - -$output and open STDOUT,">$output"; - -if (!defined($big_endian)) - { $big_endian=(unpack('L',pack('N',1))==1); } - -# offsets of the Most and Least Significant Bytes -$MSB=$big_endian?0:3; -$LSB=3&~$MSB; - -@X=map("\$$_",(8..23)); # a4-a7,s0-s11 - -$ctx=$a0; -$inp=$a1; -$num=$a2; -$A="\$1"; -$B="\$2"; -$C="\$3"; -$D="\$7"; -$E="\$24"; @V=($A,$B,$C,$D,$E); -$t0="\$25"; -$t1=$num; # $num is offloaded to stack -$t2="\$30"; # fp -$K="\$31"; # ra - -sub BODY_00_14 { -my ($i,$a,$b,$c,$d,$e)=@_; -my $j=$i+1; -$code.=<<___ if (!$big_endian); -#if defined(_MIPS_ARCH_MIPS32R2) || defined(_MIPS_ARCH_MIPS64R2) - wsbh @X[$i],@X[$i] # byte swap($i) - rotr @X[$i],@X[$i],16 -#else - srl $t0,@X[$i],24 # byte swap($i) - srl $t1,@X[$i],8 - andi $t2,@X[$i],0xFF00 - sll @X[$i],@X[$i],24 - andi $t1,0xFF00 - sll $t2,$t2,8 - or @X[$i],$t0 - or $t1,$t2 - or @X[$i],$t1 -#endif -___ -$code.=<<___; -#if defined(_MIPS_ARCH_MIPS32R2) || defined(_MIPS_ARCH_MIPS64R2) - addu $e,$K # $i - xor $t0,$c,$d - rotr $t1,$a,27 - and $t0,$b - addu $e,$t1 -#if defined(_MIPS_ARCH_MIPS32R6) || defined(_MIPS_ARCH_MIPS64R6) - lw @X[$j],$j*4($inp) -#else - lwl @X[$j],$j*4+$MSB($inp) - lwr @X[$j],$j*4+$LSB($inp) -#endif - xor $t0,$d - addu $e,@X[$i] - rotr $b,$b,2 - addu $e,$t0 -#else - lwl @X[$j],$j*4+$MSB($inp) - sll $t0,$a,5 # $i - addu $e,$K - lwr @X[$j],$j*4+$LSB($inp) - srl $t1,$a,27 - addu $e,$t0 - xor $t0,$c,$d - addu $e,$t1 - sll $t2,$b,30 - and $t0,$b - srl $b,$b,2 - xor $t0,$d - addu $e,@X[$i] - or $b,$t2 - addu $e,$t0 -#endif -___ -} - -sub BODY_15_19 { -my ($i,$a,$b,$c,$d,$e)=@_; -my $j=$i+1; - -$code.=<<___ if (!$big_endian && $i==15); -#if defined(_MIPS_ARCH_MIPS32R2) || defined(_MIPS_ARCH_MIPS64R2) - wsbh @X[$i],@X[$i] # byte swap($i) - rotr @X[$i],@X[$i],16 -#else - srl $t0,@X[$i],24 # byte swap($i) - srl $t1,@X[$i],8 - andi $t2,@X[$i],0xFF00 - sll @X[$i],@X[$i],24 - andi $t1,0xFF00 - sll $t2,$t2,8 - or @X[$i],$t0 - or @X[$i],$t1 - or @X[$i],$t2 -#endif -___ -$code.=<<___; -#if defined(_MIPS_ARCH_MIPS32R2) || defined(_MIPS_ARCH_MIPS64R2) - addu $e,$K # $i - xor @X[$j%16],@X[($j+2)%16] - xor $t0,$c,$d - rotr $t1,$a,27 - xor @X[$j%16],@X[($j+8)%16] - and $t0,$b - addu $e,$t1 - xor @X[$j%16],@X[($j+13)%16] - xor $t0,$d - addu $e,@X[$i%16] - rotr @X[$j%16],@X[$j%16],31 - rotr $b,$b,2 - addu $e,$t0 -#else - xor @X[$j%16],@X[($j+2)%16] - sll $t0,$a,5 # $i - addu $e,$K - srl $t1,$a,27 - addu $e,$t0 - xor @X[$j%16],@X[($j+8)%16] - xor $t0,$c,$d - addu $e,$t1 - xor @X[$j%16],@X[($j+13)%16] - sll $t2,$b,30 - and $t0,$b - srl $t1,@X[$j%16],31 - addu @X[$j%16],@X[$j%16] - srl $b,$b,2 - xor $t0,$d - or @X[$j%16],$t1 - addu $e,@X[$i%16] - or $b,$t2 - addu $e,$t0 -#endif -___ -} - -sub BODY_20_39 { -my ($i,$a,$b,$c,$d,$e)=@_; -my $j=$i+1; -$code.=<<___ if ($i<79); -#if defined(_MIPS_ARCH_MIPS32R2) || defined(_MIPS_ARCH_MIPS64R2) - xor @X[$j%16],@X[($j+2)%16] - addu $e,$K # $i - rotr $t1,$a,27 - xor @X[$j%16],@X[($j+8)%16] - xor $t0,$c,$d - addu $e,$t1 - xor @X[$j%16],@X[($j+13)%16] - xor $t0,$b - addu $e,@X[$i%16] - rotr @X[$j%16],@X[$j%16],31 - rotr $b,$b,2 - addu $e,$t0 -#else - xor @X[$j%16],@X[($j+2)%16] - sll $t0,$a,5 # $i - addu $e,$K - srl $t1,$a,27 - addu $e,$t0 - xor @X[$j%16],@X[($j+8)%16] - xor $t0,$c,$d - addu $e,$t1 - xor @X[$j%16],@X[($j+13)%16] - sll $t2,$b,30 - xor $t0,$b - srl $t1,@X[$j%16],31 - addu @X[$j%16],@X[$j%16] - srl $b,$b,2 - addu $e,@X[$i%16] - or @X[$j%16],$t1 - or $b,$t2 - addu $e,$t0 -#endif -___ -$code.=<<___ if ($i==79); -#if defined(_MIPS_ARCH_MIPS32R2) || defined(_MIPS_ARCH_MIPS64R2) - lw @X[0],0($ctx) - addu $e,$K # $i - lw @X[1],4($ctx) - rotr $t1,$a,27 - lw @X[2],8($ctx) - xor $t0,$c,$d - addu $e,$t1 - lw @X[3],12($ctx) - xor $t0,$b - addu $e,@X[$i%16] - lw @X[4],16($ctx) - rotr $b,$b,2 - addu $e,$t0 -#else - lw @X[0],0($ctx) - sll $t0,$a,5 # $i - addu $e,$K - lw @X[1],4($ctx) - srl $t1,$a,27 - addu $e,$t0 - lw @X[2],8($ctx) - xor $t0,$c,$d - addu $e,$t1 - lw @X[3],12($ctx) - sll $t2,$b,30 - xor $t0,$b - lw @X[4],16($ctx) - srl $b,$b,2 - addu $e,@X[$i%16] - or $b,$t2 - addu $e,$t0 -#endif -___ -} - -sub BODY_40_59 { -my ($i,$a,$b,$c,$d,$e)=@_; -my $j=$i+1; -$code.=<<___ if ($i<79); -#if defined(_MIPS_ARCH_MIPS32R2) || defined(_MIPS_ARCH_MIPS64R2) - addu $e,$K # $i - and $t0,$c,$d - xor @X[$j%16],@X[($j+2)%16] - rotr $t1,$a,27 - addu $e,$t0 - xor @X[$j%16],@X[($j+8)%16] - xor $t0,$c,$d - addu $e,$t1 - xor @X[$j%16],@X[($j+13)%16] - and $t0,$b - addu $e,@X[$i%16] - rotr @X[$j%16],@X[$j%16],31 - rotr $b,$b,2 - addu $e,$t0 -#else - xor @X[$j%16],@X[($j+2)%16] - sll $t0,$a,5 # $i - addu $e,$K - srl $t1,$a,27 - addu $e,$t0 - xor @X[$j%16],@X[($j+8)%16] - and $t0,$c,$d - addu $e,$t1 - xor @X[$j%16],@X[($j+13)%16] - sll $t2,$b,30 - addu $e,$t0 - srl $t1,@X[$j%16],31 - xor $t0,$c,$d - addu @X[$j%16],@X[$j%16] - and $t0,$b - srl $b,$b,2 - or @X[$j%16],$t1 - addu $e,@X[$i%16] - or $b,$t2 - addu $e,$t0 -#endif -___ -} - -$FRAMESIZE=16; # large enough to accommodate NUBI saved registers -$SAVED_REGS_MASK = ($flavour =~ /nubi/i) ? "0xc0fff008" : "0xc0ff0000"; - -$code=<<___; -#include "mips_arch.h" - -.text - -.set noat -.set noreorder -.align 5 -.globl sha1_block_data_order -.ent sha1_block_data_order -sha1_block_data_order: - .frame $sp,$FRAMESIZE*$SZREG,$ra - .mask $SAVED_REGS_MASK,-$SZREG - .set noreorder - $PTR_SUB $sp,$FRAMESIZE*$SZREG - $REG_S $ra,($FRAMESIZE-1)*$SZREG($sp) - $REG_S $fp,($FRAMESIZE-2)*$SZREG($sp) - $REG_S $s11,($FRAMESIZE-3)*$SZREG($sp) - $REG_S $s10,($FRAMESIZE-4)*$SZREG($sp) - $REG_S $s9,($FRAMESIZE-5)*$SZREG($sp) - $REG_S $s8,($FRAMESIZE-6)*$SZREG($sp) - $REG_S $s7,($FRAMESIZE-7)*$SZREG($sp) - $REG_S $s6,($FRAMESIZE-8)*$SZREG($sp) - $REG_S $s5,($FRAMESIZE-9)*$SZREG($sp) - $REG_S $s4,($FRAMESIZE-10)*$SZREG($sp) -___ -$code.=<<___ if ($flavour =~ /nubi/i); # optimize non-nubi prologue - $REG_S $s3,($FRAMESIZE-11)*$SZREG($sp) - $REG_S $s2,($FRAMESIZE-12)*$SZREG($sp) - $REG_S $s1,($FRAMESIZE-13)*$SZREG($sp) - $REG_S $s0,($FRAMESIZE-14)*$SZREG($sp) - $REG_S $gp,($FRAMESIZE-15)*$SZREG($sp) -___ -$code.=<<___; - $PTR_SLL $num,6 - $PTR_ADD $num,$inp - $REG_S $num,0($sp) - lw $A,0($ctx) - lw $B,4($ctx) - lw $C,8($ctx) - lw $D,12($ctx) - b .Loop - lw $E,16($ctx) -.align 4 -.Loop: - .set reorder -#if defined(_MIPS_ARCH_MIPS32R6) || defined(_MIPS_ARCH_MIPS64R6) - lui $K,0x5a82 - lw @X[0],($inp) - ori $K,0x7999 # K_00_19 -#else - lwl @X[0],$MSB($inp) - lui $K,0x5a82 - lwr @X[0],$LSB($inp) - ori $K,0x7999 # K_00_19 -#endif -___ -for ($i=0;$i<15;$i++) { &BODY_00_14($i,@V); unshift(@V,pop(@V)); } -for (;$i<20;$i++) { &BODY_15_19($i,@V); unshift(@V,pop(@V)); } -$code.=<<___; - lui $K,0x6ed9 - ori $K,0xeba1 # K_20_39 -___ -for (;$i<40;$i++) { &BODY_20_39($i,@V); unshift(@V,pop(@V)); } -$code.=<<___; - lui $K,0x8f1b - ori $K,0xbcdc # K_40_59 -___ -for (;$i<60;$i++) { &BODY_40_59($i,@V); unshift(@V,pop(@V)); } -$code.=<<___; - lui $K,0xca62 - ori $K,0xc1d6 # K_60_79 -___ -for (;$i<80;$i++) { &BODY_20_39($i,@V); unshift(@V,pop(@V)); } -$code.=<<___; - $PTR_ADD $inp,64 - $REG_L $num,0($sp) - - addu $A,$X[0] - addu $B,$X[1] - sw $A,0($ctx) - addu $C,$X[2] - addu $D,$X[3] - sw $B,4($ctx) - addu $E,$X[4] - sw $C,8($ctx) - sw $D,12($ctx) - sw $E,16($ctx) - .set noreorder - bne $inp,$num,.Loop - nop - - .set noreorder - $REG_L $ra,($FRAMESIZE-1)*$SZREG($sp) - $REG_L $fp,($FRAMESIZE-2)*$SZREG($sp) - $REG_L $s11,($FRAMESIZE-3)*$SZREG($sp) - $REG_L $s10,($FRAMESIZE-4)*$SZREG($sp) - $REG_L $s9,($FRAMESIZE-5)*$SZREG($sp) - $REG_L $s8,($FRAMESIZE-6)*$SZREG($sp) - $REG_L $s7,($FRAMESIZE-7)*$SZREG($sp) - $REG_L $s6,($FRAMESIZE-8)*$SZREG($sp) - $REG_L $s5,($FRAMESIZE-9)*$SZREG($sp) - $REG_L $s4,($FRAMESIZE-10)*$SZREG($sp) -___ -$code.=<<___ if ($flavour =~ /nubi/i); - $REG_L $s3,($FRAMESIZE-11)*$SZREG($sp) - $REG_L $s2,($FRAMESIZE-12)*$SZREG($sp) - $REG_L $s1,($FRAMESIZE-13)*$SZREG($sp) - $REG_L $s0,($FRAMESIZE-14)*$SZREG($sp) - $REG_L $gp,($FRAMESIZE-15)*$SZREG($sp) -___ -$code.=<<___; - jr $ra - $PTR_ADD $sp,$FRAMESIZE*$SZREG -.end sha1_block_data_order -.rdata -.asciiz "SHA1 for MIPS, CRYPTOGAMS by " -___ -print $code; -close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/sha/asm/sha1-parisc.pl b/crypto/sha/asm/sha1-parisc.pl deleted file mode 100644 index 9eb98e8036a352dadc0564aee69226e060ea726d..0000000000000000000000000000000000000000 --- a/crypto/sha/asm/sha1-parisc.pl +++ /dev/null @@ -1,282 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2009-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - - -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# ==================================================================== - -# SHA1 block procedure for PA-RISC. - -# June 2009. -# -# On PA-7100LC performance is >30% better than gcc 3.2 generated code -# for aligned input and >50% better for unaligned. Compared to vendor -# compiler on PA-8600 it's almost 60% faster in 64-bit build and just -# few percent faster in 32-bit one (this for aligned input, data for -# unaligned input is not available). -# -# Special thanks to polarhome.com for providing HP-UX account. - -# $output is the last argument if it looks like a file (it has an extension) -# $flavour is the first argument if it doesn't look like a file -$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; -$flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef; - -$output and open STDOUT,">$output"; - -if ($flavour =~ /64/) { - $LEVEL ="2.0W"; - $SIZE_T =8; - $FRAME_MARKER =80; - $SAVED_RP =16; - $PUSH ="std"; - $PUSHMA ="std,ma"; - $POP ="ldd"; - $POPMB ="ldd,mb"; -} else { - $LEVEL ="1.0"; - $SIZE_T =4; - $FRAME_MARKER =48; - $SAVED_RP =20; - $PUSH ="stw"; - $PUSHMA ="stwm"; - $POP ="ldw"; - $POPMB ="ldwm"; -} - -$FRAME=14*$SIZE_T+$FRAME_MARKER;# 14 saved regs + frame marker - # [+ argument transfer] -$ctx="%r26"; # arg0 -$inp="%r25"; # arg1 -$num="%r24"; # arg2 - -$t0="%r28"; -$t1="%r29"; -$K="%r31"; - -@X=("%r1", "%r2", "%r3", "%r4", "%r5", "%r6", "%r7", "%r8", - "%r9", "%r10","%r11","%r12","%r13","%r14","%r15","%r16",$t0); - -@V=($A,$B,$C,$D,$E)=("%r19","%r20","%r21","%r22","%r23"); - -sub BODY_00_19 { -my ($i,$a,$b,$c,$d,$e)=@_; -my $j=$i+1; -$code.=<<___ if ($i<15); - addl $K,$e,$e ; $i - shd $a,$a,27,$t1 - addl @X[$i],$e,$e - and $c,$b,$t0 - addl $t1,$e,$e - andcm $d,$b,$t1 - shd $b,$b,2,$b - or $t1,$t0,$t0 - addl $t0,$e,$e -___ -$code.=<<___ if ($i>=15); # with forward Xupdate - addl $K,$e,$e ; $i - shd $a,$a,27,$t1 - xor @X[($j+2)%16],@X[$j%16],@X[$j%16] - addl @X[$i%16],$e,$e - and $c,$b,$t0 - xor @X[($j+8)%16],@X[$j%16],@X[$j%16] - addl $t1,$e,$e - andcm $d,$b,$t1 - shd $b,$b,2,$b - or $t1,$t0,$t0 - xor @X[($j+13)%16],@X[$j%16],@X[$j%16] - add $t0,$e,$e - shd @X[$j%16],@X[$j%16],31,@X[$j%16] -___ -} - -sub BODY_20_39 { -my ($i,$a,$b,$c,$d,$e)=@_; -my $j=$i+1; -$code.=<<___ if ($i<79); - xor @X[($j+2)%16],@X[$j%16],@X[$j%16] ; $i - addl $K,$e,$e - shd $a,$a,27,$t1 - xor @X[($j+8)%16],@X[$j%16],@X[$j%16] - addl @X[$i%16],$e,$e - xor $b,$c,$t0 - xor @X[($j+13)%16],@X[$j%16],@X[$j%16] - addl $t1,$e,$e - shd $b,$b,2,$b - xor $d,$t0,$t0 - shd @X[$j%16],@X[$j%16],31,@X[$j%16] - addl $t0,$e,$e -___ -$code.=<<___ if ($i==79); # with context load - ldw 0($ctx),@X[0] ; $i - addl $K,$e,$e - shd $a,$a,27,$t1 - ldw 4($ctx),@X[1] - addl @X[$i%16],$e,$e - xor $b,$c,$t0 - ldw 8($ctx),@X[2] - addl $t1,$e,$e - shd $b,$b,2,$b - xor $d,$t0,$t0 - ldw 12($ctx),@X[3] - addl $t0,$e,$e - ldw 16($ctx),@X[4] -___ -} - -sub BODY_40_59 { -my ($i,$a,$b,$c,$d,$e)=@_; -my $j=$i+1; -$code.=<<___; - shd $a,$a,27,$t1 ; $i - addl $K,$e,$e - xor @X[($j+2)%16],@X[$j%16],@X[$j%16] - xor $d,$c,$t0 - addl @X[$i%16],$e,$e - xor @X[($j+8)%16],@X[$j%16],@X[$j%16] - and $b,$t0,$t0 - addl $t1,$e,$e - shd $b,$b,2,$b - xor @X[($j+13)%16],@X[$j%16],@X[$j%16] - addl $t0,$e,$e - and $d,$c,$t1 - shd @X[$j%16],@X[$j%16],31,@X[$j%16] - addl $t1,$e,$e -___ -} - -$code=<<___; - .LEVEL $LEVEL - .SPACE \$TEXT\$ - .SUBSPA \$CODE\$,QUAD=0,ALIGN=8,ACCESS=0x2C,CODE_ONLY - - .EXPORT sha1_block_data_order,ENTRY,ARGW0=GR,ARGW1=GR,ARGW2=GR -sha1_block_data_order - .PROC - .CALLINFO FRAME=`$FRAME-14*$SIZE_T`,NO_CALLS,SAVE_RP,ENTRY_GR=16 - .ENTRY - $PUSH %r2,-$SAVED_RP(%sp) ; standard prologue - $PUSHMA %r3,$FRAME(%sp) - $PUSH %r4,`-$FRAME+1*$SIZE_T`(%sp) - $PUSH %r5,`-$FRAME+2*$SIZE_T`(%sp) - $PUSH %r6,`-$FRAME+3*$SIZE_T`(%sp) - $PUSH %r7,`-$FRAME+4*$SIZE_T`(%sp) - $PUSH %r8,`-$FRAME+5*$SIZE_T`(%sp) - $PUSH %r9,`-$FRAME+6*$SIZE_T`(%sp) - $PUSH %r10,`-$FRAME+7*$SIZE_T`(%sp) - $PUSH %r11,`-$FRAME+8*$SIZE_T`(%sp) - $PUSH %r12,`-$FRAME+9*$SIZE_T`(%sp) - $PUSH %r13,`-$FRAME+10*$SIZE_T`(%sp) - $PUSH %r14,`-$FRAME+11*$SIZE_T`(%sp) - $PUSH %r15,`-$FRAME+12*$SIZE_T`(%sp) - $PUSH %r16,`-$FRAME+13*$SIZE_T`(%sp) - - ldw 0($ctx),$A - ldw 4($ctx),$B - ldw 8($ctx),$C - ldw 12($ctx),$D - ldw 16($ctx),$E - - extru $inp,31,2,$t0 ; t0=inp&3; - sh3addl $t0,%r0,$t0 ; t0*=8; - subi 32,$t0,$t0 ; t0=32-t0; - mtctl $t0,%cr11 ; %sar=t0; - -L\$oop - ldi 3,$t0 - andcm $inp,$t0,$t0 ; 64-bit neutral -___ - for ($i=0;$i<15;$i++) { # load input block - $code.="\tldw `4*$i`($t0),@X[$i]\n"; } -$code.=<<___; - cmpb,*= $inp,$t0,L\$aligned - ldw 60($t0),@X[15] - ldw 64($t0),@X[16] -___ - for ($i=0;$i<16;$i++) { # align input - $code.="\tvshd @X[$i],@X[$i+1],@X[$i]\n"; } -$code.=<<___; -L\$aligned - ldil L'0x5a827000,$K ; K_00_19 - ldo 0x999($K),$K -___ -for ($i=0;$i<20;$i++) { &BODY_00_19($i,@V); unshift(@V,pop(@V)); } -$code.=<<___; - ldil L'0x6ed9e000,$K ; K_20_39 - ldo 0xba1($K),$K -___ - -for (;$i<40;$i++) { &BODY_20_39($i,@V); unshift(@V,pop(@V)); } -$code.=<<___; - ldil L'0x8f1bb000,$K ; K_40_59 - ldo 0xcdc($K),$K -___ - -for (;$i<60;$i++) { &BODY_40_59($i,@V); unshift(@V,pop(@V)); } -$code.=<<___; - ldil L'0xca62c000,$K ; K_60_79 - ldo 0x1d6($K),$K -___ -for (;$i<80;$i++) { &BODY_20_39($i,@V); unshift(@V,pop(@V)); } - -$code.=<<___; - addl @X[0],$A,$A - addl @X[1],$B,$B - addl @X[2],$C,$C - addl @X[3],$D,$D - addl @X[4],$E,$E - stw $A,0($ctx) - stw $B,4($ctx) - stw $C,8($ctx) - stw $D,12($ctx) - stw $E,16($ctx) - addib,*<> -1,$num,L\$oop - ldo 64($inp),$inp - - $POP `-$FRAME-$SAVED_RP`(%sp),%r2 ; standard epilogue - $POP `-$FRAME+1*$SIZE_T`(%sp),%r4 - $POP `-$FRAME+2*$SIZE_T`(%sp),%r5 - $POP `-$FRAME+3*$SIZE_T`(%sp),%r6 - $POP `-$FRAME+4*$SIZE_T`(%sp),%r7 - $POP `-$FRAME+5*$SIZE_T`(%sp),%r8 - $POP `-$FRAME+6*$SIZE_T`(%sp),%r9 - $POP `-$FRAME+7*$SIZE_T`(%sp),%r10 - $POP `-$FRAME+8*$SIZE_T`(%sp),%r11 - $POP `-$FRAME+9*$SIZE_T`(%sp),%r12 - $POP `-$FRAME+10*$SIZE_T`(%sp),%r13 - $POP `-$FRAME+11*$SIZE_T`(%sp),%r14 - $POP `-$FRAME+12*$SIZE_T`(%sp),%r15 - $POP `-$FRAME+13*$SIZE_T`(%sp),%r16 - bv (%r2) - .EXIT - $POPMB -$FRAME(%sp),%r3 - .PROCEND - .STRINGZ "SHA1 block transform for PA-RISC, CRYPTOGAMS by " -___ - -if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1` - =~ /GNU assembler/) { - $gnuas = 1; -} - -foreach(split("\n",$code)) { - s/\`([^\`]*)\`/eval $1/ge; - - s/(\.LEVEL\s+2\.0)W/$1w/ if ($gnuas && $SIZE_T==8); - s/\.SPACE\s+\$TEXT\$/.text/ if ($gnuas && $SIZE_T==8); - s/\.SUBSPA.*// if ($gnuas && $SIZE_T==8); - s/,\*/,/ if ($SIZE_T==4); - s/\bbv\b/bve/ if ($SIZE_T==8); - - print $_,"\n"; -} -close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/sha/asm/sha1-ppc.pl b/crypto/sha/asm/sha1-ppc.pl deleted file mode 100755 index acea2e94f392264f2395b5018ca6aeada5aaab11..0000000000000000000000000000000000000000 --- a/crypto/sha/asm/sha1-ppc.pl +++ /dev/null @@ -1,355 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - - -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# ==================================================================== - -# I let hardware handle unaligned input(*), except on page boundaries -# (see below for details). Otherwise straightforward implementation -# with X vector in register bank. -# -# (*) this means that this module is inappropriate for PPC403? Does -# anybody know if pre-POWER3 can sustain unaligned load? - -# -m64 -m32 -# ---------------------------------- -# PPC970,gcc-4.0.0 +76% +59% -# Power6,xlc-7 +68% +33% - -# $output is the last argument if it looks like a file (it has an extension) -# $flavour is the first argument if it doesn't look like a file -$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; -$flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef; - -if ($flavour =~ /64/) { - $SIZE_T =8; - $LRSAVE =2*$SIZE_T; - $UCMP ="cmpld"; - $STU ="stdu"; - $POP ="ld"; - $PUSH ="std"; -} elsif ($flavour =~ /32/) { - $SIZE_T =4; - $LRSAVE =$SIZE_T; - $UCMP ="cmplw"; - $STU ="stwu"; - $POP ="lwz"; - $PUSH ="stw"; -} else { die "nonsense $flavour"; } - -# Define endianness based on flavour -# i.e.: linux64le -$LITTLE_ENDIAN = ($flavour=~/le$/) ? $SIZE_T : 0; - -$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; -( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or -( $xlate="${dir}../../perlasm/ppc-xlate.pl" and -f $xlate) or -die "can't locate ppc-xlate.pl"; - -open STDOUT,"| $^X $xlate $flavour \"$output\"" - or die "can't call $xlate: $!"; - -$FRAME=24*$SIZE_T+64; -$LOCALS=6*$SIZE_T; - -$K ="r0"; -$sp ="r1"; -$toc="r2"; -$ctx="r3"; -$inp="r4"; -$num="r5"; -$t0 ="r15"; -$t1 ="r6"; - -$A ="r7"; -$B ="r8"; -$C ="r9"; -$D ="r10"; -$E ="r11"; -$T ="r12"; - -@V=($A,$B,$C,$D,$E,$T); -@X=("r16","r17","r18","r19","r20","r21","r22","r23", - "r24","r25","r26","r27","r28","r29","r30","r31"); - -sub loadbe { -my ($dst, $src, $temp_reg) = @_; -$code.=<<___ if (!$LITTLE_ENDIAN); - lwz $dst,$src -___ -$code.=<<___ if ($LITTLE_ENDIAN); - lwz $temp_reg,$src - rotlwi $dst,$temp_reg,8 - rlwimi $dst,$temp_reg,24,0,7 - rlwimi $dst,$temp_reg,24,16,23 -___ -} - -sub BODY_00_19 { -my ($i,$a,$b,$c,$d,$e,$f)=@_; -my $j=$i+1; - - # Since the last value of $f is discarded, we can use - # it as a temp reg to swap byte-order when needed. - loadbe("@X[$i]","`$i*4`($inp)",$f) if ($i==0); - loadbe("@X[$j]","`$j*4`($inp)",$f) if ($i<15); -$code.=<<___ if ($i<15); - add $f,$K,$e - rotlwi $e,$a,5 - add $f,$f,@X[$i] - and $t0,$c,$b - add $f,$f,$e - andc $t1,$d,$b - rotlwi $b,$b,30 - or $t0,$t0,$t1 - add $f,$f,$t0 -___ -$code.=<<___ if ($i>=15); - add $f,$K,$e - rotlwi $e,$a,5 - xor @X[$j%16],@X[$j%16],@X[($j+2)%16] - add $f,$f,@X[$i%16] - and $t0,$c,$b - xor @X[$j%16],@X[$j%16],@X[($j+8)%16] - add $f,$f,$e - andc $t1,$d,$b - rotlwi $b,$b,30 - or $t0,$t0,$t1 - xor @X[$j%16],@X[$j%16],@X[($j+13)%16] - add $f,$f,$t0 - rotlwi @X[$j%16],@X[$j%16],1 -___ -} - -sub BODY_20_39 { -my ($i,$a,$b,$c,$d,$e,$f)=@_; -my $j=$i+1; -$code.=<<___ if ($i<79); - add $f,$K,$e - xor $t0,$b,$d - rotlwi $e,$a,5 - xor @X[$j%16],@X[$j%16],@X[($j+2)%16] - add $f,$f,@X[$i%16] - xor $t0,$t0,$c - xor @X[$j%16],@X[$j%16],@X[($j+8)%16] - add $f,$f,$t0 - rotlwi $b,$b,30 - xor @X[$j%16],@X[$j%16],@X[($j+13)%16] - add $f,$f,$e - rotlwi @X[$j%16],@X[$j%16],1 -___ -$code.=<<___ if ($i==79); - add $f,$K,$e - xor $t0,$b,$d - rotlwi $e,$a,5 - lwz r16,0($ctx) - add $f,$f,@X[$i%16] - xor $t0,$t0,$c - lwz r17,4($ctx) - add $f,$f,$t0 - rotlwi $b,$b,30 - lwz r18,8($ctx) - lwz r19,12($ctx) - add $f,$f,$e - lwz r20,16($ctx) -___ -} - -sub BODY_40_59 { -my ($i,$a,$b,$c,$d,$e,$f)=@_; -my $j=$i+1; -$code.=<<___; - add $f,$K,$e - rotlwi $e,$a,5 - xor @X[$j%16],@X[$j%16],@X[($j+2)%16] - add $f,$f,@X[$i%16] - and $t0,$b,$c - xor @X[$j%16],@X[$j%16],@X[($j+8)%16] - add $f,$f,$e - or $t1,$b,$c - rotlwi $b,$b,30 - xor @X[$j%16],@X[$j%16],@X[($j+13)%16] - and $t1,$t1,$d - or $t0,$t0,$t1 - rotlwi @X[$j%16],@X[$j%16],1 - add $f,$f,$t0 -___ -} - -$code=<<___; -.machine "any" -.text - -.globl .sha1_block_data_order -.align 4 -.sha1_block_data_order: - $STU $sp,-$FRAME($sp) - mflr r0 - $PUSH r15,`$FRAME-$SIZE_T*17`($sp) - $PUSH r16,`$FRAME-$SIZE_T*16`($sp) - $PUSH r17,`$FRAME-$SIZE_T*15`($sp) - $PUSH r18,`$FRAME-$SIZE_T*14`($sp) - $PUSH r19,`$FRAME-$SIZE_T*13`($sp) - $PUSH r20,`$FRAME-$SIZE_T*12`($sp) - $PUSH r21,`$FRAME-$SIZE_T*11`($sp) - $PUSH r22,`$FRAME-$SIZE_T*10`($sp) - $PUSH r23,`$FRAME-$SIZE_T*9`($sp) - $PUSH r24,`$FRAME-$SIZE_T*8`($sp) - $PUSH r25,`$FRAME-$SIZE_T*7`($sp) - $PUSH r26,`$FRAME-$SIZE_T*6`($sp) - $PUSH r27,`$FRAME-$SIZE_T*5`($sp) - $PUSH r28,`$FRAME-$SIZE_T*4`($sp) - $PUSH r29,`$FRAME-$SIZE_T*3`($sp) - $PUSH r30,`$FRAME-$SIZE_T*2`($sp) - $PUSH r31,`$FRAME-$SIZE_T*1`($sp) - $PUSH r0,`$FRAME+$LRSAVE`($sp) - lwz $A,0($ctx) - lwz $B,4($ctx) - lwz $C,8($ctx) - lwz $D,12($ctx) - lwz $E,16($ctx) - andi. r0,$inp,3 - bne Lunaligned -Laligned: - mtctr $num - bl Lsha1_block_private - b Ldone - -; PowerPC specification allows an implementation to be ill-behaved -; upon unaligned access which crosses page boundary. "Better safe -; than sorry" principle makes me treat it specially. But I don't -; look for particular offending word, but rather for 64-byte input -; block which crosses the boundary. Once found that block is aligned -; and hashed separately... -.align 4 -Lunaligned: - subfic $t1,$inp,4096 - andi. $t1,$t1,4095 ; distance to closest page boundary - srwi. $t1,$t1,6 ; t1/=64 - beq Lcross_page - $UCMP $num,$t1 - ble Laligned ; didn't cross the page boundary - mtctr $t1 - subfc $num,$t1,$num - bl Lsha1_block_private -Lcross_page: - li $t1,16 - mtctr $t1 - addi r20,$sp,$LOCALS ; spot within the frame -Lmemcpy: - lbz r16,0($inp) - lbz r17,1($inp) - lbz r18,2($inp) - lbz r19,3($inp) - addi $inp,$inp,4 - stb r16,0(r20) - stb r17,1(r20) - stb r18,2(r20) - stb r19,3(r20) - addi r20,r20,4 - bdnz Lmemcpy - - $PUSH $inp,`$FRAME-$SIZE_T*18`($sp) - li $t1,1 - addi $inp,$sp,$LOCALS - mtctr $t1 - bl Lsha1_block_private - $POP $inp,`$FRAME-$SIZE_T*18`($sp) - addic. $num,$num,-1 - bne Lunaligned - -Ldone: - $POP r0,`$FRAME+$LRSAVE`($sp) - $POP r15,`$FRAME-$SIZE_T*17`($sp) - $POP r16,`$FRAME-$SIZE_T*16`($sp) - $POP r17,`$FRAME-$SIZE_T*15`($sp) - $POP r18,`$FRAME-$SIZE_T*14`($sp) - $POP r19,`$FRAME-$SIZE_T*13`($sp) - $POP r20,`$FRAME-$SIZE_T*12`($sp) - $POP r21,`$FRAME-$SIZE_T*11`($sp) - $POP r22,`$FRAME-$SIZE_T*10`($sp) - $POP r23,`$FRAME-$SIZE_T*9`($sp) - $POP r24,`$FRAME-$SIZE_T*8`($sp) - $POP r25,`$FRAME-$SIZE_T*7`($sp) - $POP r26,`$FRAME-$SIZE_T*6`($sp) - $POP r27,`$FRAME-$SIZE_T*5`($sp) - $POP r28,`$FRAME-$SIZE_T*4`($sp) - $POP r29,`$FRAME-$SIZE_T*3`($sp) - $POP r30,`$FRAME-$SIZE_T*2`($sp) - $POP r31,`$FRAME-$SIZE_T*1`($sp) - mtlr r0 - addi $sp,$sp,$FRAME - blr - .long 0 - .byte 0,12,4,1,0x80,18,3,0 - .long 0 -___ - -# This is private block function, which uses tailored calling -# interface, namely upon entry SHA_CTX is pre-loaded to given -# registers and counter register contains amount of chunks to -# digest... -$code.=<<___; -.align 4 -Lsha1_block_private: -___ -$code.=<<___; # load K_00_19 - lis $K,0x5a82 - ori $K,$K,0x7999 -___ -for($i=0;$i<20;$i++) { &BODY_00_19($i,@V); unshift(@V,pop(@V)); } -$code.=<<___; # load K_20_39 - lis $K,0x6ed9 - ori $K,$K,0xeba1 -___ -for(;$i<40;$i++) { &BODY_20_39($i,@V); unshift(@V,pop(@V)); } -$code.=<<___; # load K_40_59 - lis $K,0x8f1b - ori $K,$K,0xbcdc -___ -for(;$i<60;$i++) { &BODY_40_59($i,@V); unshift(@V,pop(@V)); } -$code.=<<___; # load K_60_79 - lis $K,0xca62 - ori $K,$K,0xc1d6 -___ -for(;$i<80;$i++) { &BODY_20_39($i,@V); unshift(@V,pop(@V)); } -$code.=<<___; - add r16,r16,$E - add r17,r17,$T - add r18,r18,$A - add r19,r19,$B - add r20,r20,$C - stw r16,0($ctx) - mr $A,r16 - stw r17,4($ctx) - mr $B,r17 - stw r18,8($ctx) - mr $C,r18 - stw r19,12($ctx) - mr $D,r19 - stw r20,16($ctx) - mr $E,r20 - addi $inp,$inp,`16*4` - bdnz Lsha1_block_private - blr - .long 0 - .byte 0,12,0x14,0,0,0,0,0 -.size .sha1_block_data_order,.-.sha1_block_data_order -___ -$code.=<<___; -.asciz "SHA1 block transform for PPC, CRYPTOGAMS by " -___ - -$code =~ s/\`([^\`]*)\`/eval $1/gem; -print $code; -close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/sha/asm/sha1-s390x.pl b/crypto/sha/asm/sha1-s390x.pl deleted file mode 100644 index d870e0078eb8b4c8ad49c075062bd96074d91f0e..0000000000000000000000000000000000000000 --- a/crypto/sha/asm/sha1-s390x.pl +++ /dev/null @@ -1,251 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - - -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# ==================================================================== - -# SHA1 block procedure for s390x. - -# April 2007. -# -# Performance is >30% better than gcc 3.3 generated code. But the real -# twist is that SHA1 hardware support is detected and utilized. In -# which case performance can reach further >4.5x for larger chunks. - -# January 2009. -# -# Optimize Xupdate for amount of memory references and reschedule -# instructions to favour dual-issue z10 pipeline. On z10 hardware is -# "only" ~2.3x faster than software. - -# November 2010. -# -# Adapt for -m31 build. If kernel supports what's called "highgprs" -# feature on Linux [see /proc/cpuinfo], it's possible to use 64-bit -# instructions and achieve "64-bit" performance even in 31-bit legacy -# application context. The feature is not specific to any particular -# processor, as long as it's "z-CPU". Latter implies that the code -# remains z/Architecture specific. On z990 it was measured to perform -# 23% better than code generated by gcc 4.3. - -$kimdfunc=1; # magic function code for kimd instruction - -# $output is the last argument if it looks like a file (it has an extension) -# $flavour is the first argument if it doesn't look like a file -$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; -$flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef; - -if ($flavour =~ /3[12]/) { - $SIZE_T=4; - $g=""; -} else { - $SIZE_T=8; - $g="g"; -} - -$output and open STDOUT,">$output"; - -$K_00_39="%r0"; $K=$K_00_39; -$K_40_79="%r1"; -$ctx="%r2"; $prefetch="%r2"; -$inp="%r3"; -$len="%r4"; - -$A="%r5"; -$B="%r6"; -$C="%r7"; -$D="%r8"; -$E="%r9"; @V=($A,$B,$C,$D,$E); -$t0="%r10"; -$t1="%r11"; -@X=("%r12","%r13","%r14"); -$sp="%r15"; - -$stdframe=16*$SIZE_T+4*8; -$frame=$stdframe+16*4; - -sub Xupdate { -my $i=shift; - -$code.=<<___ if ($i==15); - lg $prefetch,$stdframe($sp) ### Xupdate(16) warm-up - lr $X[0],$X[2] -___ -return if ($i&1); # Xupdate is vectorized and executed every 2nd cycle -$code.=<<___ if ($i<16); - lg $X[0],`$i*4`($inp) ### Xload($i) - rllg $X[1],$X[0],32 -___ -$code.=<<___ if ($i>=16); - xgr $X[0],$prefetch ### Xupdate($i) - lg $prefetch,`$stdframe+4*(($i+2)%16)`($sp) - xg $X[0],`$stdframe+4*(($i+8)%16)`($sp) - xgr $X[0],$prefetch - rll $X[0],$X[0],1 - rllg $X[1],$X[0],32 - rll $X[1],$X[1],1 - rllg $X[0],$X[1],32 - lr $X[2],$X[1] # feedback -___ -$code.=<<___ if ($i<=70); - stg $X[0],`$stdframe+4*($i%16)`($sp) -___ -unshift(@X,pop(@X)); -} - -sub BODY_00_19 { -my ($i,$a,$b,$c,$d,$e)=@_; -my $xi=$X[1]; - - &Xupdate($i); -$code.=<<___; - alr $e,$K ### $i - rll $t1,$a,5 - lr $t0,$d - xr $t0,$c - alr $e,$t1 - nr $t0,$b - alr $e,$xi - xr $t0,$d - rll $b,$b,30 - alr $e,$t0 -___ -} - -sub BODY_20_39 { -my ($i,$a,$b,$c,$d,$e)=@_; -my $xi=$X[1]; - - &Xupdate($i); -$code.=<<___; - alr $e,$K ### $i - rll $t1,$a,5 - lr $t0,$b - alr $e,$t1 - xr $t0,$c - alr $e,$xi - xr $t0,$d - rll $b,$b,30 - alr $e,$t0 -___ -} - -sub BODY_40_59 { -my ($i,$a,$b,$c,$d,$e)=@_; -my $xi=$X[1]; - - &Xupdate($i); -$code.=<<___; - alr $e,$K ### $i - rll $t1,$a,5 - lr $t0,$b - alr $e,$t1 - or $t0,$c - lr $t1,$b - nr $t0,$d - nr $t1,$c - alr $e,$xi - or $t0,$t1 - rll $b,$b,30 - alr $e,$t0 -___ -} - -$code.=<<___; -#include "s390x_arch.h" - -.text -.align 64 -.type Ktable,\@object -Ktable: .long 0x5a827999,0x6ed9eba1,0x8f1bbcdc,0xca62c1d6 - .skip 48 #.long 0,0,0,0,0,0,0,0,0,0,0,0 -.size Ktable,.-Ktable -.globl sha1_block_data_order -.type sha1_block_data_order,\@function -sha1_block_data_order: -___ -$code.=<<___ if ($kimdfunc); - larl %r1,OPENSSL_s390xcap_P - lg %r0,S390X_KIMD(%r1) # check kimd capabilities - tmhh %r0,`0x8000>>$kimdfunc` - jz .Lsoftware - lghi %r0,$kimdfunc - lgr %r1,$ctx - lgr %r2,$inp - sllg %r3,$len,6 - .long 0xb93e0002 # kimd %r0,%r2 - brc 1,.-4 # pay attention to "partial completion" - br %r14 -.align 16 -.Lsoftware: -___ -$code.=<<___; - lghi %r1,-$frame - st${g} $ctx,`2*$SIZE_T`($sp) - stm${g} %r6,%r15,`6*$SIZE_T`($sp) - lgr %r0,$sp - la $sp,0(%r1,$sp) - st${g} %r0,0($sp) - - larl $t0,Ktable - llgf $A,0($ctx) - llgf $B,4($ctx) - llgf $C,8($ctx) - llgf $D,12($ctx) - llgf $E,16($ctx) - - lg $K_00_39,0($t0) - lg $K_40_79,8($t0) - -.Lloop: - rllg $K_00_39,$K_00_39,32 -___ -for ($i=0;$i<20;$i++) { &BODY_00_19($i,@V); unshift(@V,pop(@V)); } -$code.=<<___; - rllg $K_00_39,$K_00_39,32 -___ -for (;$i<40;$i++) { &BODY_20_39($i,@V); unshift(@V,pop(@V)); } -$code.=<<___; $K=$K_40_79; - rllg $K_40_79,$K_40_79,32 -___ -for (;$i<60;$i++) { &BODY_40_59($i,@V); unshift(@V,pop(@V)); } -$code.=<<___; - rllg $K_40_79,$K_40_79,32 -___ -for (;$i<80;$i++) { &BODY_20_39($i,@V); unshift(@V,pop(@V)); } -$code.=<<___; - - l${g} $ctx,`$frame+2*$SIZE_T`($sp) - la $inp,64($inp) - al $A,0($ctx) - al $B,4($ctx) - al $C,8($ctx) - al $D,12($ctx) - al $E,16($ctx) - st $A,0($ctx) - st $B,4($ctx) - st $C,8($ctx) - st $D,12($ctx) - st $E,16($ctx) - brct${g} $len,.Lloop - - lm${g} %r6,%r15,`$frame+6*$SIZE_T`($sp) - br %r14 -.size sha1_block_data_order,.-sha1_block_data_order -.string "SHA1 block transform for s390x, CRYPTOGAMS by " -___ - -$code =~ s/\`([^\`]*)\`/eval $1/gem; - -print $code; -close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/sha/asm/sha1-sparcv9.pl b/crypto/sha/asm/sha1-sparcv9.pl deleted file mode 100644 index 904eda64655805bd752a87b5cfac092e5c64aaa1..0000000000000000000000000000000000000000 --- a/crypto/sha/asm/sha1-sparcv9.pl +++ /dev/null @@ -1,436 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - - -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# -# Hardware SPARC T4 support by David S. Miller -# ==================================================================== - -# Performance improvement is not really impressive on pre-T1 CPU: +8% -# over Sun C and +25% over gcc [3.3]. While on T1, a.k.a. Niagara, it -# turned to be 40% faster than 64-bit code generated by Sun C 5.8 and -# >2x than 64-bit code generated by gcc 3.4. And there is a gimmick. -# X[16] vector is packed to 8 64-bit registers and as result nothing -# is spilled on stack. In addition input data is loaded in compact -# instruction sequence, thus minimizing the window when the code is -# subject to [inter-thread] cache-thrashing hazard. The goal is to -# ensure scalability on UltraSPARC T1, or rather to avoid decay when -# amount of active threads exceeds the number of physical cores. - -# SPARC T4 SHA1 hardware achieves 3.72 cycles per byte, which is 3.1x -# faster than software. Multi-process benchmark saturates at 11x -# single-process result on 8-core processor, or ~9GBps per 2.85GHz -# socket. - -$output=pop and open STDOUT,">$output"; - -@X=("%o0","%o1","%o2","%o3","%o4","%o5","%g1","%o7"); -$rot1m="%g2"; -$tmp64="%g3"; -$Xi="%g4"; -$A="%l0"; -$B="%l1"; -$C="%l2"; -$D="%l3"; -$E="%l4"; -@V=($A,$B,$C,$D,$E); -$K_00_19="%l5"; -$K_20_39="%l6"; -$K_40_59="%l7"; -$K_60_79="%g5"; -@K=($K_00_19,$K_20_39,$K_40_59,$K_60_79); - -$ctx="%i0"; -$inp="%i1"; -$len="%i2"; -$tmp0="%i3"; -$tmp1="%i4"; -$tmp2="%i5"; - -sub BODY_00_15 { -my ($i,$a,$b,$c,$d,$e)=@_; -my $xi=($i&1)?@X[($i/2)%8]:$Xi; - -$code.=<<___; - sll $a,5,$tmp0 !! $i - add @K[$i/20],$e,$e - srl $a,27,$tmp1 - add $tmp0,$e,$e - and $c,$b,$tmp0 - add $tmp1,$e,$e - sll $b,30,$tmp2 - andn $d,$b,$tmp1 - srl $b,2,$b - or $tmp1,$tmp0,$tmp1 - or $tmp2,$b,$b - add $xi,$e,$e -___ -if ($i&1 && $i<15) { - $code.= - " srlx @X[(($i+1)/2)%8],32,$Xi\n"; -} -$code.=<<___; - add $tmp1,$e,$e -___ -} - -sub Xupdate { -my ($i,$a,$b,$c,$d,$e)=@_; -my $j=$i/2; - -if ($i&1) { -$code.=<<___; - sll $a,5,$tmp0 !! $i - add @K[$i/20],$e,$e - srl $a,27,$tmp1 -___ -} else { -$code.=<<___; - sllx @X[($j+6)%8],32,$Xi ! Xupdate($i) - xor @X[($j+1)%8],@X[$j%8],@X[$j%8] - srlx @X[($j+7)%8],32,$tmp1 - xor @X[($j+4)%8],@X[$j%8],@X[$j%8] - sll $a,5,$tmp0 !! $i - or $tmp1,$Xi,$Xi - add @K[$i/20],$e,$e !! - xor $Xi,@X[$j%8],@X[$j%8] - srlx @X[$j%8],31,$Xi - add @X[$j%8],@X[$j%8],@X[$j%8] - and $Xi,$rot1m,$Xi - andn @X[$j%8],$rot1m,@X[$j%8] - srl $a,27,$tmp1 !! - or $Xi,@X[$j%8],@X[$j%8] -___ -} -} - -sub BODY_16_19 { -my ($i,$a,$b,$c,$d,$e)=@_; - - &Xupdate(@_); - if ($i&1) { - $xi=@X[($i/2)%8]; - } else { - $xi=$Xi; - $code.="\tsrlx @X[($i/2)%8],32,$xi\n"; - } -$code.=<<___; - add $tmp0,$e,$e !! - and $c,$b,$tmp0 - add $tmp1,$e,$e - sll $b,30,$tmp2 - add $xi,$e,$e - andn $d,$b,$tmp1 - srl $b,2,$b - or $tmp1,$tmp0,$tmp1 - or $tmp2,$b,$b - add $tmp1,$e,$e -___ -} - -sub BODY_20_39 { -my ($i,$a,$b,$c,$d,$e)=@_; -my $xi; - &Xupdate(@_); - if ($i&1) { - $xi=@X[($i/2)%8]; - } else { - $xi=$Xi; - $code.="\tsrlx @X[($i/2)%8],32,$xi\n"; - } -$code.=<<___; - add $tmp0,$e,$e !! - xor $c,$b,$tmp0 - add $tmp1,$e,$e - sll $b,30,$tmp2 - xor $d,$tmp0,$tmp1 - srl $b,2,$b - add $tmp1,$e,$e - or $tmp2,$b,$b - add $xi,$e,$e -___ -} - -sub BODY_40_59 { -my ($i,$a,$b,$c,$d,$e)=@_; -my $xi; - &Xupdate(@_); - if ($i&1) { - $xi=@X[($i/2)%8]; - } else { - $xi=$Xi; - $code.="\tsrlx @X[($i/2)%8],32,$xi\n"; - } -$code.=<<___; - add $tmp0,$e,$e !! - and $c,$b,$tmp0 - add $tmp1,$e,$e - sll $b,30,$tmp2 - or $c,$b,$tmp1 - srl $b,2,$b - and $d,$tmp1,$tmp1 - add $xi,$e,$e - or $tmp1,$tmp0,$tmp1 - or $tmp2,$b,$b - add $tmp1,$e,$e -___ -} - -$code.=<<___; -#ifndef __ASSEMBLER__ -# define __ASSEMBLER__ 1 -#endif -#include "crypto/sparc_arch.h" - -#ifdef __arch64__ -.register %g2,#scratch -.register %g3,#scratch -#endif - -.section ".text",#alloc,#execinstr - -#ifdef __PIC__ -SPARC_PIC_THUNK(%g1) -#endif - -.align 32 -.globl sha1_block_data_order -sha1_block_data_order: - SPARC_LOAD_ADDRESS_LEAF(OPENSSL_sparcv9cap_P,%g1,%g5) - ld [%g1+4],%g1 ! OPENSSL_sparcv9cap_P[1] - - andcc %g1, CFR_SHA1, %g0 - be .Lsoftware - nop - - ld [%o0 + 0x00], %f0 ! load context - ld [%o0 + 0x04], %f1 - ld [%o0 + 0x08], %f2 - andcc %o1, 0x7, %g0 - ld [%o0 + 0x0c], %f3 - bne,pn %icc, .Lhwunaligned - ld [%o0 + 0x10], %f4 - -.Lhw_loop: - ldd [%o1 + 0x00], %f8 - ldd [%o1 + 0x08], %f10 - ldd [%o1 + 0x10], %f12 - ldd [%o1 + 0x18], %f14 - ldd [%o1 + 0x20], %f16 - ldd [%o1 + 0x28], %f18 - ldd [%o1 + 0x30], %f20 - subcc %o2, 1, %o2 ! done yet? - ldd [%o1 + 0x38], %f22 - add %o1, 0x40, %o1 - prefetch [%o1 + 63], 20 - - .word 0x81b02820 ! SHA1 - - bne,pt SIZE_T_CC, .Lhw_loop - nop - -.Lhwfinish: - st %f0, [%o0 + 0x00] ! store context - st %f1, [%o0 + 0x04] - st %f2, [%o0 + 0x08] - st %f3, [%o0 + 0x0c] - retl - st %f4, [%o0 + 0x10] - -.align 8 -.Lhwunaligned: - alignaddr %o1, %g0, %o1 - - ldd [%o1 + 0x00], %f10 -.Lhwunaligned_loop: - ldd [%o1 + 0x08], %f12 - ldd [%o1 + 0x10], %f14 - ldd [%o1 + 0x18], %f16 - ldd [%o1 + 0x20], %f18 - ldd [%o1 + 0x28], %f20 - ldd [%o1 + 0x30], %f22 - ldd [%o1 + 0x38], %f24 - subcc %o2, 1, %o2 ! done yet? - ldd [%o1 + 0x40], %f26 - add %o1, 0x40, %o1 - prefetch [%o1 + 63], 20 - - faligndata %f10, %f12, %f8 - faligndata %f12, %f14, %f10 - faligndata %f14, %f16, %f12 - faligndata %f16, %f18, %f14 - faligndata %f18, %f20, %f16 - faligndata %f20, %f22, %f18 - faligndata %f22, %f24, %f20 - faligndata %f24, %f26, %f22 - - .word 0x81b02820 ! SHA1 - - bne,pt SIZE_T_CC, .Lhwunaligned_loop - for %f26, %f26, %f10 ! %f10=%f26 - - ba .Lhwfinish - nop - -.align 16 -.Lsoftware: - save %sp,-STACK_FRAME,%sp - sllx $len,6,$len - add $inp,$len,$len - - or %g0,1,$rot1m - sllx $rot1m,32,$rot1m - or $rot1m,1,$rot1m - - ld [$ctx+0],$A - ld [$ctx+4],$B - ld [$ctx+8],$C - ld [$ctx+12],$D - ld [$ctx+16],$E - andn $inp,7,$tmp0 - - sethi %hi(0x5a827999),$K_00_19 - or $K_00_19,%lo(0x5a827999),$K_00_19 - sethi %hi(0x6ed9eba1),$K_20_39 - or $K_20_39,%lo(0x6ed9eba1),$K_20_39 - sethi %hi(0x8f1bbcdc),$K_40_59 - or $K_40_59,%lo(0x8f1bbcdc),$K_40_59 - sethi %hi(0xca62c1d6),$K_60_79 - or $K_60_79,%lo(0xca62c1d6),$K_60_79 - -.Lloop: - ldx [$tmp0+0],@X[0] - ldx [$tmp0+16],@X[2] - ldx [$tmp0+32],@X[4] - ldx [$tmp0+48],@X[6] - and $inp,7,$tmp1 - ldx [$tmp0+8],@X[1] - sll $tmp1,3,$tmp1 - ldx [$tmp0+24],@X[3] - subcc %g0,$tmp1,$tmp2 ! should be 64-$tmp1, but -$tmp1 works too - ldx [$tmp0+40],@X[5] - bz,pt %icc,.Laligned - ldx [$tmp0+56],@X[7] - - sllx @X[0],$tmp1,@X[0] - ldx [$tmp0+64],$tmp64 -___ -for($i=0;$i<7;$i++) -{ $code.=<<___; - srlx @X[$i+1],$tmp2,$Xi - sllx @X[$i+1],$tmp1,@X[$i+1] - or $Xi,@X[$i],@X[$i] -___ -} -$code.=<<___; - srlx $tmp64,$tmp2,$tmp64 - or $tmp64,@X[7],@X[7] -.Laligned: - srlx @X[0],32,$Xi -___ -for ($i=0;$i<16;$i++) { &BODY_00_15($i,@V); unshift(@V,pop(@V)); } -for (;$i<20;$i++) { &BODY_16_19($i,@V); unshift(@V,pop(@V)); } -for (;$i<40;$i++) { &BODY_20_39($i,@V); unshift(@V,pop(@V)); } -for (;$i<60;$i++) { &BODY_40_59($i,@V); unshift(@V,pop(@V)); } -for (;$i<80;$i++) { &BODY_20_39($i,@V); unshift(@V,pop(@V)); } -$code.=<<___; - - ld [$ctx+0],@X[0] - ld [$ctx+4],@X[1] - ld [$ctx+8],@X[2] - ld [$ctx+12],@X[3] - add $inp,64,$inp - ld [$ctx+16],@X[4] - cmp $inp,$len - - add $A,@X[0],$A - st $A,[$ctx+0] - add $B,@X[1],$B - st $B,[$ctx+4] - add $C,@X[2],$C - st $C,[$ctx+8] - add $D,@X[3],$D - st $D,[$ctx+12] - add $E,@X[4],$E - st $E,[$ctx+16] - - bne SIZE_T_CC,.Lloop - andn $inp,7,$tmp0 - - ret - restore -.type sha1_block_data_order,#function -.size sha1_block_data_order,(.-sha1_block_data_order) -.asciz "SHA1 block transform for SPARCv9, CRYPTOGAMS by " -.align 4 -___ - -# Purpose of these subroutines is to explicitly encode VIS instructions, -# so that one can compile the module without having to specify VIS -# extensions on compiler command line, e.g. -xarch=v9 vs. -xarch=v9a. -# Idea is to reserve for option to produce "universal" binary and let -# programmer detect if current CPU is VIS capable at run-time. -sub unvis { -my ($mnemonic,$rs1,$rs2,$rd)=@_; -my $ref,$opf; -my %visopf = ( "faligndata" => 0x048, - "for" => 0x07c ); - - $ref = "$mnemonic\t$rs1,$rs2,$rd"; - - if ($opf=$visopf{$mnemonic}) { - foreach ($rs1,$rs2,$rd) { - return $ref if (!/%f([0-9]{1,2})/); - $_=$1; - if ($1>=32) { - return $ref if ($1&1); - # re-encode for upper double register addressing - $_=($1|$1>>5)&31; - } - } - - return sprintf ".word\t0x%08x !%s", - 0x81b00000|$rd<<25|$rs1<<14|$opf<<5|$rs2, - $ref; - } else { - return $ref; - } -} -sub unalignaddr { -my ($mnemonic,$rs1,$rs2,$rd)=@_; -my %bias = ( "g" => 0, "o" => 8, "l" => 16, "i" => 24 ); -my $ref="$mnemonic\t$rs1,$rs2,$rd"; - - foreach ($rs1,$rs2,$rd) { - if (/%([goli])([0-7])/) { $_=$bias{$1}+$2; } - else { return $ref; } - } - return sprintf ".word\t0x%08x !%s", - 0x81b00300|$rd<<25|$rs1<<14|$rs2, - $ref; -} - -foreach (split("\n",$code)) { - s/\`([^\`]*)\`/eval $1/ge; - - s/\b(f[^\s]*)\s+(%f[0-9]{1,2}),\s*(%f[0-9]{1,2}),\s*(%f[0-9]{1,2})/ - &unvis($1,$2,$3,$4) - /ge; - s/\b(alignaddr)\s+(%[goli][0-7]),\s*(%[goli][0-7]),\s*(%[goli][0-7])/ - &unalignaddr($1,$2,$3,$4) - /ge; - - print $_,"\n"; -} - -close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/sha/asm/sha1-sparcv9a.pl b/crypto/sha/asm/sha1-sparcv9a.pl deleted file mode 100644 index 1b7a7f9c912bba26de23a5b02e3da8a004f40009..0000000000000000000000000000000000000000 --- a/crypto/sha/asm/sha1-sparcv9a.pl +++ /dev/null @@ -1,607 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2009-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - - -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# ==================================================================== - -# January 2009 -# -# Provided that UltraSPARC VIS instructions are pipe-lined(*) and -# pairable(*) with IALU ones, offloading of Xupdate to the UltraSPARC -# Graphic Unit would make it possible to achieve higher instruction- -# level parallelism, ILP, and thus higher performance. It should be -# explicitly noted that ILP is the keyword, and it means that this -# code would be unsuitable for cores like UltraSPARC-Tx. The idea is -# not really novel, Sun had VIS-powered implementation for a while. -# Unlike Sun's implementation this one can process multiple unaligned -# input blocks, and as such works as drop-in replacement for OpenSSL -# sha1_block_data_order. Performance improvement was measured to be -# 40% over pure IALU sha1-sparcv9.pl on UltraSPARC-IIi, but 12% on -# UltraSPARC-III. See below for discussion... -# -# The module does not present direct interest for OpenSSL, because -# it doesn't provide better performance on contemporary SPARCv9 CPUs, -# UltraSPARC-Tx and SPARC64-V[II] to be specific. Those who feel they -# absolutely must score on UltraSPARC-I-IV can simply replace -# crypto/sha/asm/sha1-sparcv9.pl with this module. -# -# (*) "Pipe-lined" means that even if it takes several cycles to -# complete, next instruction using same functional unit [but not -# depending on the result of the current instruction] can start -# execution without having to wait for the unit. "Pairable" -# means that two [or more] independent instructions can be -# issued at the very same time. - -$bits=32; -for (@ARGV) { $bits=64 if (/\-m64/ || /\-xarch\=v9/); } -if ($bits==64) { $bias=2047; $frame=192; } -else { $bias=0; $frame=112; } - -$output=pop and open STDOUT,">$output"; - -$ctx="%i0"; -$inp="%i1"; -$len="%i2"; -$tmp0="%i3"; -$tmp1="%i4"; -$tmp2="%i5"; -$tmp3="%g5"; - -$base="%g1"; -$align="%g4"; -$Xfer="%o5"; -$nXfer=$tmp3; -$Xi="%o7"; - -$A="%l0"; -$B="%l1"; -$C="%l2"; -$D="%l3"; -$E="%l4"; -@V=($A,$B,$C,$D,$E); - -$Actx="%o0"; -$Bctx="%o1"; -$Cctx="%o2"; -$Dctx="%o3"; -$Ectx="%o4"; - -$fmul="%f32"; -$VK_00_19="%f34"; -$VK_20_39="%f36"; -$VK_40_59="%f38"; -$VK_60_79="%f40"; -@VK=($VK_00_19,$VK_20_39,$VK_40_59,$VK_60_79); -@X=("%f0", "%f1", "%f2", "%f3", "%f4", "%f5", "%f6", "%f7", - "%f8", "%f9","%f10","%f11","%f12","%f13","%f14","%f15","%f16"); - -# This is reference 2x-parallelized VIS-powered Xupdate procedure. It -# covers even K_NN_MM addition... -sub Xupdate { -my ($i)=@_; -my $K=@VK[($i+16)/20]; -my $j=($i+16)%16; - -# [ provided that GSR.alignaddr_offset is 5, $mul contains -# 0x100ULL<<32|0x100 value and K_NN_MM are pre-loaded to -# chosen registers... ] -$code.=<<___; - fxors @X[($j+13)%16],@X[$j],@X[$j] !-1/-1/-1:X[0]^=X[13] - fxors @X[($j+14)%16],@X[$j+1],@X[$j+1]! 0/ 0/ 0:X[1]^=X[14] - fxor @X[($j+2)%16],@X[($j+8)%16],%f18! 1/ 1/ 1:Tmp=X[2,3]^X[8,9] - fxor %f18,@X[$j],@X[$j] ! 2/ 4/ 3:X[0,1]^=X[2,3]^X[8,9] - faligndata @X[$j],@X[$j],%f18 ! 3/ 7/ 5:Tmp=X[0,1]>>>24 - fpadd32 @X[$j],@X[$j],@X[$j] ! 4/ 8/ 6:X[0,1]<<=1 - fmul8ulx16 %f18,$fmul,%f18 ! 5/10/ 7:Tmp>>=7, Tmp&=1 - ![fxors %f15,%f2,%f2] - for %f18,@X[$j],@X[$j] ! 8/14/10:X[0,1]|=Tmp - ![fxors %f0,%f3,%f3] !10/17/12:X[0] dependency - fpadd32 $K,@X[$j],%f20 - std %f20,[$Xfer+`4*$j`] -___ -# The numbers delimited with slash are the earliest possible dispatch -# cycles for given instruction assuming 1 cycle latency for simple VIS -# instructions, such as on UltraSPARC-I&II, 3 cycles latency, such as -# on UltraSPARC-III&IV, and 2 cycles latency(*), respectively. Being -# 2x-parallelized the procedure is "worth" 5, 8.5 or 6 ticks per SHA1 -# round. As [long as] FPU/VIS instructions are perfectly pairable with -# IALU ones, the round timing is defined by the maximum between VIS -# and IALU timings. The latter varies from round to round and averages -# out at 6.25 ticks. This means that USI&II should operate at IALU -# rate, while USIII&IV - at VIS rate. This explains why performance -# improvement varies among processors. Well, given that pure IALU -# sha1-sparcv9.pl module exhibits virtually uniform performance of -# ~9.3 cycles per SHA1 round. Timings mentioned above are theoretical -# lower limits. Real-life performance was measured to be 6.6 cycles -# per SHA1 round on USIIi and 8.3 on USIII. The latter is lower than -# half-round VIS timing, because there are 16 Xupdate-free rounds, -# which "push down" average theoretical timing to 8 cycles... - -# (*) SPARC64-V[II] was originally believed to have 2 cycles VIS -# latency. Well, it might have, but it doesn't have dedicated -# VIS-unit. Instead, VIS instructions are executed by other -# functional units, ones used here - by IALU. This doesn't -# improve effective ILP... -} - -# The reference Xupdate procedure is then "strained" over *pairs* of -# BODY_NN_MM and kind of modulo-scheduled in respect to X[n]^=X[n+13] -# and K_NN_MM addition. It's "running" 15 rounds ahead, which leaves -# plenty of room to amortize for read-after-write hazard, as well as -# to fetch and align input for the next spin. The VIS instructions are -# scheduled for latency of 2 cycles, because there are not enough IALU -# instructions to schedule for latency of 3, while scheduling for 1 -# would give no gain on USI&II anyway. - -sub BODY_00_19 { -my ($i,$a,$b,$c,$d,$e)=@_; -my $j=$i&~1; -my $k=($j+16+2)%16; # ahead reference -my $l=($j+16-2)%16; # behind reference -my $K=@VK[($j+16-2)/20]; - -$j=($j+16)%16; - -$code.=<<___ if (!($i&1)); - sll $a,5,$tmp0 !! $i - and $c,$b,$tmp3 - ld [$Xfer+`4*($i%16)`],$Xi - fxors @X[($j+14)%16],@X[$j+1],@X[$j+1]! 0/ 0/ 0:X[1]^=X[14] - srl $a,27,$tmp1 - add $tmp0,$e,$e - fxor @X[($j+2)%16],@X[($j+8)%16],%f18! 1/ 1/ 1:Tmp=X[2,3]^X[8,9] - sll $b,30,$tmp2 - add $tmp1,$e,$e - andn $d,$b,$tmp1 - add $Xi,$e,$e - fxor %f18,@X[$j],@X[$j] ! 2/ 4/ 3:X[0,1]^=X[2,3]^X[8,9] - srl $b,2,$b - or $tmp1,$tmp3,$tmp1 - or $tmp2,$b,$b - add $tmp1,$e,$e - faligndata @X[$j],@X[$j],%f18 ! 3/ 7/ 5:Tmp=X[0,1]>>>24 -___ -$code.=<<___ if ($i&1); - sll $a,5,$tmp0 !! $i - and $c,$b,$tmp3 - ld [$Xfer+`4*($i%16)`],$Xi - fpadd32 @X[$j],@X[$j],@X[$j] ! 4/ 8/ 6:X[0,1]<<=1 - srl $a,27,$tmp1 - add $tmp0,$e,$e - fmul8ulx16 %f18,$fmul,%f18 ! 5/10/ 7:Tmp>>=7, Tmp&=1 - sll $b,30,$tmp2 - add $tmp1,$e,$e - fpadd32 $K,@X[$l],%f20 ! - andn $d,$b,$tmp1 - add $Xi,$e,$e - fxors @X[($k+13)%16],@X[$k],@X[$k] !-1/-1/-1:X[0]^=X[13] - srl $b,2,$b - or $tmp1,$tmp3,$tmp1 - fxor %f18,@X[$j],@X[$j] ! 8/14/10:X[0,1]|=Tmp - or $tmp2,$b,$b - add $tmp1,$e,$e -___ -$code.=<<___ if ($i&1 && $i>=2); - std %f20,[$Xfer+`4*$l`] ! -___ -} - -sub BODY_20_39 { -my ($i,$a,$b,$c,$d,$e)=@_; -my $j=$i&~1; -my $k=($j+16+2)%16; # ahead reference -my $l=($j+16-2)%16; # behind reference -my $K=@VK[($j+16-2)/20]; - -$j=($j+16)%16; - -$code.=<<___ if (!($i&1) && $i<64); - sll $a,5,$tmp0 !! $i - ld [$Xfer+`4*($i%16)`],$Xi - fxors @X[($j+14)%16],@X[$j+1],@X[$j+1]! 0/ 0/ 0:X[1]^=X[14] - srl $a,27,$tmp1 - add $tmp0,$e,$e - fxor @X[($j+2)%16],@X[($j+8)%16],%f18! 1/ 1/ 1:Tmp=X[2,3]^X[8,9] - xor $c,$b,$tmp0 - add $tmp1,$e,$e - sll $b,30,$tmp2 - xor $d,$tmp0,$tmp1 - fxor %f18,@X[$j],@X[$j] ! 2/ 4/ 3:X[0,1]^=X[2,3]^X[8,9] - srl $b,2,$b - add $tmp1,$e,$e - or $tmp2,$b,$b - add $Xi,$e,$e - faligndata @X[$j],@X[$j],%f18 ! 3/ 7/ 5:Tmp=X[0,1]>>>24 -___ -$code.=<<___ if ($i&1 && $i<64); - sll $a,5,$tmp0 !! $i - ld [$Xfer+`4*($i%16)`],$Xi - fpadd32 @X[$j],@X[$j],@X[$j] ! 4/ 8/ 6:X[0,1]<<=1 - srl $a,27,$tmp1 - add $tmp0,$e,$e - fmul8ulx16 %f18,$fmul,%f18 ! 5/10/ 7:Tmp>>=7, Tmp&=1 - xor $c,$b,$tmp0 - add $tmp1,$e,$e - fpadd32 $K,@X[$l],%f20 ! - sll $b,30,$tmp2 - xor $d,$tmp0,$tmp1 - fxors @X[($k+13)%16],@X[$k],@X[$k] !-1/-1/-1:X[0]^=X[13] - srl $b,2,$b - add $tmp1,$e,$e - fxor %f18,@X[$j],@X[$j] ! 8/14/10:X[0,1]|=Tmp - or $tmp2,$b,$b - add $Xi,$e,$e - std %f20,[$Xfer+`4*$l`] ! -___ -$code.=<<___ if ($i==64); - sll $a,5,$tmp0 !! $i - ld [$Xfer+`4*($i%16)`],$Xi - fpadd32 $K,@X[$l],%f20 - srl $a,27,$tmp1 - add $tmp0,$e,$e - xor $c,$b,$tmp0 - add $tmp1,$e,$e - sll $b,30,$tmp2 - xor $d,$tmp0,$tmp1 - std %f20,[$Xfer+`4*$l`] - srl $b,2,$b - add $tmp1,$e,$e - or $tmp2,$b,$b - add $Xi,$e,$e -___ -$code.=<<___ if ($i>64); - sll $a,5,$tmp0 !! $i - ld [$Xfer+`4*($i%16)`],$Xi - srl $a,27,$tmp1 - add $tmp0,$e,$e - xor $c,$b,$tmp0 - add $tmp1,$e,$e - sll $b,30,$tmp2 - xor $d,$tmp0,$tmp1 - srl $b,2,$b - add $tmp1,$e,$e - or $tmp2,$b,$b - add $Xi,$e,$e -___ -} - -sub BODY_40_59 { -my ($i,$a,$b,$c,$d,$e)=@_; -my $j=$i&~1; -my $k=($j+16+2)%16; # ahead reference -my $l=($j+16-2)%16; # behind reference -my $K=@VK[($j+16-2)/20]; - -$j=($j+16)%16; - -$code.=<<___ if (!($i&1)); - sll $a,5,$tmp0 !! $i - ld [$Xfer+`4*($i%16)`],$Xi - fxors @X[($j+14)%16],@X[$j+1],@X[$j+1]! 0/ 0/ 0:X[1]^=X[14] - srl $a,27,$tmp1 - add $tmp0,$e,$e - fxor @X[($j+2)%16],@X[($j+8)%16],%f18! 1/ 1/ 1:Tmp=X[2,3]^X[8,9] - and $c,$b,$tmp0 - add $tmp1,$e,$e - sll $b,30,$tmp2 - or $c,$b,$tmp1 - fxor %f18,@X[$j],@X[$j] ! 2/ 4/ 3:X[0,1]^=X[2,3]^X[8,9] - srl $b,2,$b - and $d,$tmp1,$tmp1 - add $Xi,$e,$e - or $tmp1,$tmp0,$tmp1 - faligndata @X[$j],@X[$j],%f18 ! 3/ 7/ 5:Tmp=X[0,1]>>>24 - or $tmp2,$b,$b - add $tmp1,$e,$e - fpadd32 @X[$j],@X[$j],@X[$j] ! 4/ 8/ 6:X[0,1]<<=1 -___ -$code.=<<___ if ($i&1); - sll $a,5,$tmp0 !! $i - ld [$Xfer+`4*($i%16)`],$Xi - srl $a,27,$tmp1 - add $tmp0,$e,$e - fmul8ulx16 %f18,$fmul,%f18 ! 5/10/ 7:Tmp>>=7, Tmp&=1 - and $c,$b,$tmp0 - add $tmp1,$e,$e - fpadd32 $K,@X[$l],%f20 ! - sll $b,30,$tmp2 - or $c,$b,$tmp1 - fxors @X[($k+13)%16],@X[$k],@X[$k] !-1/-1/-1:X[0]^=X[13] - srl $b,2,$b - and $d,$tmp1,$tmp1 - fxor %f18,@X[$j],@X[$j] ! 8/14/10:X[0,1]|=Tmp - add $Xi,$e,$e - or $tmp1,$tmp0,$tmp1 - or $tmp2,$b,$b - add $tmp1,$e,$e - std %f20,[$Xfer+`4*$l`] ! -___ -} - -# If there is more data to process, then we pre-fetch the data for -# next iteration in last ten rounds... -sub BODY_70_79 { -my ($i,$a,$b,$c,$d,$e)=@_; -my $j=$i&~1; -my $m=($i%8)*2; - -$j=($j+16)%16; - -$code.=<<___ if ($i==70); - sll $a,5,$tmp0 !! $i - ld [$Xfer+`4*($i%16)`],$Xi - srl $a,27,$tmp1 - add $tmp0,$e,$e - ldd [$inp+64],@X[0] - xor $c,$b,$tmp0 - add $tmp1,$e,$e - sll $b,30,$tmp2 - xor $d,$tmp0,$tmp1 - srl $b,2,$b - add $tmp1,$e,$e - or $tmp2,$b,$b - add $Xi,$e,$e - - and $inp,-64,$nXfer - inc 64,$inp - and $nXfer,255,$nXfer - alignaddr %g0,$align,%g0 - add $base,$nXfer,$nXfer -___ -$code.=<<___ if ($i==71); - sll $a,5,$tmp0 !! $i - ld [$Xfer+`4*($i%16)`],$Xi - srl $a,27,$tmp1 - add $tmp0,$e,$e - xor $c,$b,$tmp0 - add $tmp1,$e,$e - sll $b,30,$tmp2 - xor $d,$tmp0,$tmp1 - srl $b,2,$b - add $tmp1,$e,$e - or $tmp2,$b,$b - add $Xi,$e,$e -___ -$code.=<<___ if ($i>=72); - faligndata @X[$m],@X[$m+2],@X[$m] - sll $a,5,$tmp0 !! $i - ld [$Xfer+`4*($i%16)`],$Xi - srl $a,27,$tmp1 - add $tmp0,$e,$e - xor $c,$b,$tmp0 - add $tmp1,$e,$e - fpadd32 $VK_00_19,@X[$m],%f20 - sll $b,30,$tmp2 - xor $d,$tmp0,$tmp1 - srl $b,2,$b - add $tmp1,$e,$e - or $tmp2,$b,$b - add $Xi,$e,$e -___ -$code.=<<___ if ($i<77); - ldd [$inp+`8*($i+1-70)`],@X[2*($i+1-70)] -___ -$code.=<<___ if ($i==77); # redundant if $inp was aligned - add $align,63,$tmp0 - and $tmp0,-8,$tmp0 - ldd [$inp+$tmp0],@X[16] -___ -$code.=<<___ if ($i>=72); - std %f20,[$nXfer+`4*$m`] -___ -} - -$code.=<<___; -.section ".text",#alloc,#execinstr - -.align 64 -vis_const: -.long 0x5a827999,0x5a827999 ! K_00_19 -.long 0x6ed9eba1,0x6ed9eba1 ! K_20_39 -.long 0x8f1bbcdc,0x8f1bbcdc ! K_40_59 -.long 0xca62c1d6,0xca62c1d6 ! K_60_79 -.long 0x00000100,0x00000100 -.align 64 -.type vis_const,#object -.size vis_const,(.-vis_const) - -.globl sha1_block_data_order -sha1_block_data_order: - save %sp,-$frame,%sp - add %fp,$bias-256,$base - -1: call .+8 - add %o7,vis_const-1b,$tmp0 - - ldd [$tmp0+0],$VK_00_19 - ldd [$tmp0+8],$VK_20_39 - ldd [$tmp0+16],$VK_40_59 - ldd [$tmp0+24],$VK_60_79 - ldd [$tmp0+32],$fmul - - ld [$ctx+0],$Actx - and $base,-256,$base - ld [$ctx+4],$Bctx - sub $base,$bias+$frame,%sp - ld [$ctx+8],$Cctx - and $inp,7,$align - ld [$ctx+12],$Dctx - and $inp,-8,$inp - ld [$ctx+16],$Ectx - - ! X[16] is maintained in FP register bank - alignaddr %g0,$align,%g0 - ldd [$inp+0],@X[0] - sub $inp,-64,$Xfer - ldd [$inp+8],@X[2] - and $Xfer,-64,$Xfer - ldd [$inp+16],@X[4] - and $Xfer,255,$Xfer - ldd [$inp+24],@X[6] - add $base,$Xfer,$Xfer - ldd [$inp+32],@X[8] - ldd [$inp+40],@X[10] - ldd [$inp+48],@X[12] - brz,pt $align,.Laligned - ldd [$inp+56],@X[14] - - ldd [$inp+64],@X[16] - faligndata @X[0],@X[2],@X[0] - faligndata @X[2],@X[4],@X[2] - faligndata @X[4],@X[6],@X[4] - faligndata @X[6],@X[8],@X[6] - faligndata @X[8],@X[10],@X[8] - faligndata @X[10],@X[12],@X[10] - faligndata @X[12],@X[14],@X[12] - faligndata @X[14],@X[16],@X[14] - -.Laligned: - mov 5,$tmp0 - dec 1,$len - alignaddr %g0,$tmp0,%g0 - fpadd32 $VK_00_19,@X[0],%f16 - fpadd32 $VK_00_19,@X[2],%f18 - fpadd32 $VK_00_19,@X[4],%f20 - fpadd32 $VK_00_19,@X[6],%f22 - fpadd32 $VK_00_19,@X[8],%f24 - fpadd32 $VK_00_19,@X[10],%f26 - fpadd32 $VK_00_19,@X[12],%f28 - fpadd32 $VK_00_19,@X[14],%f30 - std %f16,[$Xfer+0] - mov $Actx,$A - std %f18,[$Xfer+8] - mov $Bctx,$B - std %f20,[$Xfer+16] - mov $Cctx,$C - std %f22,[$Xfer+24] - mov $Dctx,$D - std %f24,[$Xfer+32] - mov $Ectx,$E - std %f26,[$Xfer+40] - fxors @X[13],@X[0],@X[0] - std %f28,[$Xfer+48] - ba .Loop - std %f30,[$Xfer+56] -.align 32 -.Loop: -___ -for ($i=0;$i<20;$i++) { &BODY_00_19($i,@V); unshift(@V,pop(@V)); } -for (;$i<40;$i++) { &BODY_20_39($i,@V); unshift(@V,pop(@V)); } -for (;$i<60;$i++) { &BODY_40_59($i,@V); unshift(@V,pop(@V)); } -for (;$i<70;$i++) { &BODY_20_39($i,@V); unshift(@V,pop(@V)); } -$code.=<<___; - tst $len - bz,pn `$bits==32?"%icc":"%xcc"`,.Ltail - nop -___ -for (;$i<80;$i++) { &BODY_70_79($i,@V); unshift(@V,pop(@V)); } -$code.=<<___; - add $A,$Actx,$Actx - add $B,$Bctx,$Bctx - add $C,$Cctx,$Cctx - add $D,$Dctx,$Dctx - add $E,$Ectx,$Ectx - mov 5,$tmp0 - fxors @X[13],@X[0],@X[0] - mov $Actx,$A - mov $Bctx,$B - mov $Cctx,$C - mov $Dctx,$D - mov $Ectx,$E - alignaddr %g0,$tmp0,%g0 - dec 1,$len - ba .Loop - mov $nXfer,$Xfer - -.align 32 -.Ltail: -___ -for($i=70;$i<80;$i++) { &BODY_20_39($i,@V); unshift(@V,pop(@V)); } -$code.=<<___; - add $A,$Actx,$Actx - add $B,$Bctx,$Bctx - add $C,$Cctx,$Cctx - add $D,$Dctx,$Dctx - add $E,$Ectx,$Ectx - - st $Actx,[$ctx+0] - st $Bctx,[$ctx+4] - st $Cctx,[$ctx+8] - st $Dctx,[$ctx+12] - st $Ectx,[$ctx+16] - - ret - restore -.type sha1_block_data_order,#function -.size sha1_block_data_order,(.-sha1_block_data_order) -.asciz "SHA1 block transform for SPARCv9a, CRYPTOGAMS by " -.align 4 -___ - -# Purpose of these subroutines is to explicitly encode VIS instructions, -# so that one can compile the module without having to specify VIS -# extensions on compiler command line, e.g. -xarch=v9 vs. -xarch=v9a. -# Idea is to reserve for option to produce "universal" binary and let -# programmer detect if current CPU is VIS capable at run-time. -sub unvis { -my ($mnemonic,$rs1,$rs2,$rd)=@_; -my ($ref,$opf); -my %visopf = ( "fmul8ulx16" => 0x037, - "faligndata" => 0x048, - "fpadd32" => 0x052, - "fxor" => 0x06c, - "fxors" => 0x06d ); - - $ref = "$mnemonic\t$rs1,$rs2,$rd"; - - if ($opf=$visopf{$mnemonic}) { - foreach ($rs1,$rs2,$rd) { - return $ref if (!/%f([0-9]{1,2})/); - $_=$1; - if ($1>=32) { - return $ref if ($1&1); - # re-encode for upper double register addressing - $_=($1|$1>>5)&31; - } - } - - return sprintf ".word\t0x%08x !%s", - 0x81b00000|$rd<<25|$rs1<<14|$opf<<5|$rs2, - $ref; - } else { - return $ref; - } -} -sub unalignaddr { -my ($mnemonic,$rs1,$rs2,$rd)=@_; -my %bias = ( "g" => 0, "o" => 8, "l" => 16, "i" => 24 ); -my $ref="$mnemonic\t$rs1,$rs2,$rd"; - - foreach ($rs1,$rs2,$rd) { - if (/%([goli])([0-7])/) { $_=$bias{$1}+$2; } - else { return $ref; } - } - return sprintf ".word\t0x%08x !%s", - 0x81b00300|$rd<<25|$rs1<<14|$rs2, - $ref; -} - -$code =~ s/\`([^\`]*)\`/eval $1/gem; -$code =~ s/\b(f[^\s]*)\s+(%f[0-9]{1,2}),(%f[0-9]{1,2}),(%f[0-9]{1,2})/ - &unvis($1,$2,$3,$4) - /gem; -$code =~ s/\b(alignaddr)\s+(%[goli][0-7]),(%[goli][0-7]),(%[goli][0-7])/ - &unalignaddr($1,$2,$3,$4) - /gem; -print $code; -close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/sha/asm/sha1-thumb.pl b/crypto/sha/asm/sha1-thumb.pl deleted file mode 100644 index aece5ea0cddb9afca7c0db41366414df27a31bc4..0000000000000000000000000000000000000000 --- a/crypto/sha/asm/sha1-thumb.pl +++ /dev/null @@ -1,265 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - - -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# ==================================================================== - -# sha1_block for Thumb. -# -# January 2007. -# -# The code does not present direct interest to OpenSSL, because of low -# performance. Its purpose is to establish _size_ benchmark. Pretty -# useless one I must say, because 30% or 88 bytes larger ARMv4 code -# [available on demand] is almost _twice_ as fast. It should also be -# noted that in-lining of .Lcommon and .Lrotate improves performance -# by over 40%, while code increases by only 10% or 32 bytes. But once -# again, the goal was to establish _size_ benchmark, not performance. - -$output=pop and open STDOUT,">$output"; - -$inline=0; -#$cheat_on_binutils=1; - -$t0="r0"; -$t1="r1"; -$t2="r2"; -$a="r3"; -$b="r4"; -$c="r5"; -$d="r6"; -$e="r7"; -$K="r8"; # "upper" registers can be used in add/sub and mov insns -$ctx="r9"; -$inp="r10"; -$len="r11"; -$Xi="r12"; - -sub common { -<<___; - sub $t0,#4 - ldr $t1,[$t0] - add $e,$K @ E+=K_xx_xx - lsl $t2,$a,#5 - add $t2,$e - lsr $e,$a,#27 - add $t2,$e @ E+=ROR(A,27) - add $t2,$t1 @ E+=X[i] -___ -} -sub rotate { -<<___; - mov $e,$d @ E=D - mov $d,$c @ D=C - lsl $c,$b,#30 - lsr $b,$b,#2 - orr $c,$b @ C=ROR(B,2) - mov $b,$a @ B=A - add $a,$t2,$t1 @ A=E+F_xx_xx(B,C,D) -___ -} - -sub BODY_00_19 { -$code.=$inline?&common():"\tbl .Lcommon\n"; -$code.=<<___; - mov $t1,$c - eor $t1,$d - and $t1,$b - eor $t1,$d @ F_00_19(B,C,D) -___ -$code.=$inline?&rotate():"\tbl .Lrotate\n"; -} - -sub BODY_20_39 { -$code.=$inline?&common():"\tbl .Lcommon\n"; -$code.=<<___; - mov $t1,$b - eor $t1,$c - eor $t1,$d @ F_20_39(B,C,D) -___ -$code.=$inline?&rotate():"\tbl .Lrotate\n"; -} - -sub BODY_40_59 { -$code.=$inline?&common():"\tbl .Lcommon\n"; -$code.=<<___; - mov $t1,$b - and $t1,$c - mov $e,$b - orr $e,$c - and $e,$d - orr $t1,$e @ F_40_59(B,C,D) -___ -$code.=$inline?&rotate():"\tbl .Lrotate\n"; -} - -$code=<<___; -.text -.code 16 - -.global sha1_block_data_order -.type sha1_block_data_order,%function - -.align 2 -sha1_block_data_order: -___ -if ($cheat_on_binutils) { -$code.=<<___; -.code 32 - add r3,pc,#1 - bx r3 @ switch to Thumb ISA -.code 16 -___ -} -$code.=<<___; - push {r4-r7} - mov r3,r8 - mov r4,r9 - mov r5,r10 - mov r6,r11 - mov r7,r12 - push {r3-r7,lr} - lsl r2,#6 - mov $ctx,r0 @ save context - mov $inp,r1 @ save inp - mov $len,r2 @ save len - add $len,$inp @ $len to point at inp end - -.Lloop: - mov $Xi,sp - mov $t2,sp - sub $t2,#16*4 @ [3] -.LXload: - ldrb $a,[$t1,#0] @ $t1 is r1 and holds inp - ldrb $b,[$t1,#1] - ldrb $c,[$t1,#2] - ldrb $d,[$t1,#3] - lsl $a,#24 - lsl $b,#16 - lsl $c,#8 - orr $a,$b - orr $a,$c - orr $a,$d - add $t1,#4 - push {$a} - cmp sp,$t2 - bne .LXload @ [+14*16] - - mov $inp,$t1 @ update $inp - sub $t2,#32*4 - sub $t2,#32*4 - mov $e,#31 @ [+4] -.LXupdate: - ldr $a,[sp,#15*4] - ldr $b,[sp,#13*4] - ldr $c,[sp,#7*4] - ldr $d,[sp,#2*4] - eor $a,$b - eor $a,$c - eor $a,$d - ror $a,$e - push {$a} - cmp sp,$t2 - bne .LXupdate @ [+(11+1)*64] - - ldmia $t0!,{$a,$b,$c,$d,$e} @ $t0 is r0 and holds ctx - mov $t0,$Xi - - ldr $t2,.LK_00_19 - mov $t1,$t0 - sub $t1,#20*4 - mov $Xi,$t1 - mov $K,$t2 @ [+7+4] -.L_00_19: -___ - &BODY_00_19(); -$code.=<<___; - cmp $Xi,$t0 - bne .L_00_19 @ [+(2+9+4+2+8+2)*20] - - ldr $t2,.LK_20_39 - mov $t1,$t0 - sub $t1,#20*4 - mov $Xi,$t1 - mov $K,$t2 @ [+5] -.L_20_39_or_60_79: -___ - &BODY_20_39(); -$code.=<<___; - cmp $Xi,$t0 - bne .L_20_39_or_60_79 @ [+(2+9+3+2+8+2)*20*2] - cmp sp,$t0 - beq .Ldone @ [+2] - - ldr $t2,.LK_40_59 - mov $t1,$t0 - sub $t1,#20*4 - mov $Xi,$t1 - mov $K,$t2 @ [+5] -.L_40_59: -___ - &BODY_40_59(); -$code.=<<___; - cmp $Xi,$t0 - bne .L_40_59 @ [+(2+9+6+2+8+2)*20] - - ldr $t2,.LK_60_79 - mov $Xi,sp - mov $K,$t2 - b .L_20_39_or_60_79 @ [+4] -.Ldone: - mov $t0,$ctx - ldr $t1,[$t0,#0] - ldr $t2,[$t0,#4] - add $a,$t1 - ldr $t1,[$t0,#8] - add $b,$t2 - ldr $t2,[$t0,#12] - add $c,$t1 - ldr $t1,[$t0,#16] - add $d,$t2 - add $e,$t1 - stmia $t0!,{$a,$b,$c,$d,$e} @ [+20] - - add sp,#80*4 @ deallocate stack frame - mov $t0,$ctx @ restore ctx - mov $t1,$inp @ restore inp - cmp $t1,$len - beq .Lexit - b .Lloop @ [+6] total 3212 cycles -.Lexit: - pop {r2-r7} - mov r8,r2 - mov r9,r3 - mov r10,r4 - mov r11,r5 - mov r12,r6 - mov lr,r7 - pop {r4-r7} - bx lr -.align 2 -___ -$code.=".Lcommon:\n".&common()."\tmov pc,lr\n" if (!$inline); -$code.=".Lrotate:\n".&rotate()."\tmov pc,lr\n" if (!$inline); -$code.=<<___; -.align 2 -.LK_00_19: .word 0x5a827999 -.LK_20_39: .word 0x6ed9eba1 -.LK_40_59: .word 0x8f1bbcdc -.LK_60_79: .word 0xca62c1d6 -.size sha1_block_data_order,.-sha1_block_data_order -.asciz "SHA1 block transform for Thumb, CRYPTOGAMS by " -___ - -print $code; -close STDOUT or die "error closing STDOUT: $!"; # enforce flush diff --git a/crypto/sha/asm/sha1-x86_64.pl b/crypto/sha/asm/sha1-x86_64.pl deleted file mode 100755 index c66b8fca875e87133d040ad3ff12a4719e7b8572..0000000000000000000000000000000000000000 --- a/crypto/sha/asm/sha1-x86_64.pl +++ /dev/null @@ -1,2134 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - -# -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# ==================================================================== -# -# sha1_block procedure for x86_64. -# -# It was brought to my attention that on EM64T compiler-generated code -# was far behind 32-bit assembler implementation. This is unlike on -# Opteron where compiler-generated code was only 15% behind 32-bit -# assembler, which originally made it hard to motivate the effort. -# There was suggestion to mechanically translate 32-bit code, but I -# dismissed it, reasoning that x86_64 offers enough register bank -# capacity to fully utilize SHA-1 parallelism. Therefore this fresh -# implementation:-) However! While 64-bit code does perform better -# on Opteron, I failed to beat 32-bit assembler on EM64T core. Well, -# x86_64 does offer larger *addressable* bank, but out-of-order core -# reaches for even more registers through dynamic aliasing, and EM64T -# core must have managed to run-time optimize even 32-bit code just as -# good as 64-bit one. Performance improvement is summarized in the -# following table: -# -# gcc 3.4 32-bit asm cycles/byte -# Opteron +45% +20% 6.8 -# Xeon P4 +65% +0% 9.9 -# Core2 +60% +10% 7.0 - -# August 2009. -# -# The code was revised to minimize code size and to maximize -# "distance" between instructions producing input to 'lea' -# instruction and the 'lea' instruction itself, which is essential -# for Intel Atom core. - -# October 2010. -# -# Add SSSE3, Supplemental[!] SSE3, implementation. The idea behind it -# is to offload message schedule denoted by Wt in NIST specification, -# or Xupdate in OpenSSL source, to SIMD unit. See sha1-586.pl module -# for background and implementation details. The only difference from -# 32-bit code is that 64-bit code doesn't have to spill @X[] elements -# to free temporary registers. - -# April 2011. -# -# Add AVX code path. See sha1-586.pl for further information. - -# May 2013. -# -# Add AVX2+BMI code path. Initial attempt (utilizing BMI instructions -# and loading pair of consecutive blocks to 256-bit %ymm registers) -# did not provide impressive performance improvement till a crucial -# hint regarding the number of Xupdate iterations to pre-compute in -# advance was provided by Ilya Albrekht of Intel Corp. - -# March 2014. -# -# Add support for Intel SHA Extensions. - -###################################################################### -# Current performance is summarized in following table. Numbers are -# CPU clock cycles spent to process single byte (less is better). -# -# x86_64 SSSE3 AVX[2] -# P4 9.05 - -# Opteron 6.26 - -# Core2 6.55 6.05/+8% - -# Westmere 6.73 5.30/+27% - -# Sandy Bridge 7.70 6.10/+26% 4.99/+54% -# Ivy Bridge 6.06 4.67/+30% 4.60/+32% -# Haswell 5.45 4.15/+31% 3.57/+53% -# Skylake 5.18 4.06/+28% 3.54/+46% -# Bulldozer 9.11 5.95/+53% -# Ryzen 4.75 3.80/+24% 1.93/+150%(**) -# VIA Nano 9.32 7.15/+30% -# Atom 10.3 9.17/+12% -# Silvermont 13.1(*) 9.37/+40% -# Knights L 13.2(*) 9.68/+36% 8.30/+59% -# Goldmont 8.13 6.42/+27% 1.70/+380%(**) -# -# (*) obviously suboptimal result, nothing was done about it, -# because SSSE3 code is compiled unconditionally; -# (**) SHAEXT result - -# $output is the last argument if it looks like a file (it has an extension) -# $flavour is the first argument if it doesn't look like a file -$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; -$flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef; - -$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/); - -$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; -( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or -( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or -die "can't locate x86_64-xlate.pl"; - -if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1` - =~ /GNU assembler version ([2-9]\.[0-9]+)/) { - $avx = ($1>=2.19) + ($1>=2.22); -} - -if (!$avx && $win64 && ($flavour =~ /nasm/ || $ENV{ASM} =~ /nasm/) && - `nasm -v 2>&1` =~ /NASM version ([2-9]\.[0-9]+)/) { - $avx = ($1>=2.09) + ($1>=2.10); -} - -if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) && - `ml64 2>&1` =~ /Version ([0-9]+)\./) { - $avx = ($1>=10) + ($1>=11); -} - -if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:clang|LLVM) version|.*based on LLVM) ([0-9]+\.[0-9]+)/) { - $avx = ($2>=3.0) + ($2>3.0); -} - -$shaext=1; ### set to zero if compiling for 1.0.1 -$avx=1 if (!$shaext && $avx); - -open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"" - or die "can't call $xlate: $!"; -*STDOUT=*OUT; - -$ctx="%rdi"; # 1st arg -$inp="%rsi"; # 2nd arg -$num="%rdx"; # 3rd arg - -# reassign arguments in order to produce more compact code -$ctx="%r8"; -$inp="%r9"; -$num="%r10"; - -$t0="%eax"; -$t1="%ebx"; -$t2="%ecx"; -@xi=("%edx","%ebp","%r14d"); -$A="%esi"; -$B="%edi"; -$C="%r11d"; -$D="%r12d"; -$E="%r13d"; - -@V=($A,$B,$C,$D,$E); - -sub BODY_00_19 { -my ($i,$a,$b,$c,$d,$e)=@_; -my $j=$i+1; -$code.=<<___ if ($i==0); - mov `4*$i`($inp),$xi[0] - bswap $xi[0] -___ -$code.=<<___ if ($i<15); - mov `4*$j`($inp),$xi[1] - mov $d,$t0 - mov $xi[0],`4*$i`(%rsp) - mov $a,$t2 - bswap $xi[1] - xor $c,$t0 - rol \$5,$t2 - and $b,$t0 - lea 0x5a827999($xi[0],$e),$e - add $t2,$e - xor $d,$t0 - rol \$30,$b - add $t0,$e -___ -$code.=<<___ if ($i>=15); - xor `4*($j%16)`(%rsp),$xi[1] - mov $d,$t0 - mov $xi[0],`4*($i%16)`(%rsp) - mov $a,$t2 - xor `4*(($j+2)%16)`(%rsp),$xi[1] - xor $c,$t0 - rol \$5,$t2 - xor `4*(($j+8)%16)`(%rsp),$xi[1] - and $b,$t0 - lea 0x5a827999($xi[0],$e),$e - rol \$30,$b - xor $d,$t0 - add $t2,$e - rol \$1,$xi[1] - add $t0,$e -___ -push(@xi,shift(@xi)); -} - -sub BODY_20_39 { -my ($i,$a,$b,$c,$d,$e)=@_; -my $j=$i+1; -my $K=($i<40)?0x6ed9eba1:0xca62c1d6; -$code.=<<___ if ($i<79); - xor `4*($j%16)`(%rsp),$xi[1] - mov $b,$t0 - `"mov $xi[0],".4*($i%16)."(%rsp)" if ($i<72)` - mov $a,$t2 - xor `4*(($j+2)%16)`(%rsp),$xi[1] - xor $d,$t0 - rol \$5,$t2 - xor `4*(($j+8)%16)`(%rsp),$xi[1] - lea $K($xi[0],$e),$e - xor $c,$t0 - add $t2,$e - rol \$30,$b - add $t0,$e - rol \$1,$xi[1] -___ -$code.=<<___ if ($i==79); - mov $b,$t0 - mov $a,$t2 - xor $d,$t0 - lea $K($xi[0],$e),$e - rol \$5,$t2 - xor $c,$t0 - add $t2,$e - rol \$30,$b - add $t0,$e -___ -push(@xi,shift(@xi)); -} - -sub BODY_40_59 { -my ($i,$a,$b,$c,$d,$e)=@_; -my $j=$i+1; -$code.=<<___; - xor `4*($j%16)`(%rsp),$xi[1] - mov $d,$t0 - mov $xi[0],`4*($i%16)`(%rsp) - mov $d,$t1 - xor `4*(($j+2)%16)`(%rsp),$xi[1] - and $c,$t0 - mov $a,$t2 - xor `4*(($j+8)%16)`(%rsp),$xi[1] - lea 0x8f1bbcdc($xi[0],$e),$e - xor $c,$t1 - rol \$5,$t2 - add $t0,$e - rol \$1,$xi[1] - and $b,$t1 - add $t2,$e - rol \$30,$b - add $t1,$e -___ -push(@xi,shift(@xi)); -} - -$code.=<<___; -.text -.extern OPENSSL_ia32cap_P - -.globl sha1_block_data_order -.type sha1_block_data_order,\@function,3 -.align 16 -sha1_block_data_order: -.cfi_startproc - mov OPENSSL_ia32cap_P+0(%rip),%r9d - mov OPENSSL_ia32cap_P+4(%rip),%r8d - mov OPENSSL_ia32cap_P+8(%rip),%r10d - test \$`1<<9`,%r8d # check SSSE3 bit - jz .Lialu -___ -$code.=<<___ if ($shaext); - test \$`1<<29`,%r10d # check SHA bit - jnz _shaext_shortcut -___ -$code.=<<___ if ($avx>1); - and \$`1<<3|1<<5|1<<8`,%r10d # check AVX2+BMI1+BMI2 - cmp \$`1<<3|1<<5|1<<8`,%r10d - je _avx2_shortcut -___ -$code.=<<___ if ($avx); - and \$`1<<28`,%r8d # mask AVX bit - and \$`1<<30`,%r9d # mask "Intel CPU" bit - or %r9d,%r8d - cmp \$`1<<28|1<<30`,%r8d - je _avx_shortcut -___ -$code.=<<___; - jmp _ssse3_shortcut - -.align 16 -.Lialu: - mov %rsp,%rax -.cfi_def_cfa_register %rax - push %rbx -.cfi_push %rbx - push %rbp -.cfi_push %rbp - push %r12 -.cfi_push %r12 - push %r13 -.cfi_push %r13 - push %r14 -.cfi_push %r14 - mov %rdi,$ctx # reassigned argument - sub \$`8+16*4`,%rsp - mov %rsi,$inp # reassigned argument - and \$-64,%rsp - mov %rdx,$num # reassigned argument - mov %rax,`16*4`(%rsp) -.cfi_cfa_expression %rsp+64,deref,+8 -.Lprologue: - - mov 0($ctx),$A - mov 4($ctx),$B - mov 8($ctx),$C - mov 12($ctx),$D - mov 16($ctx),$E - jmp .Lloop - -.align 16 -.Lloop: -___ -for($i=0;$i<20;$i++) { &BODY_00_19($i,@V); unshift(@V,pop(@V)); } -for(;$i<40;$i++) { &BODY_20_39($i,@V); unshift(@V,pop(@V)); } -for(;$i<60;$i++) { &BODY_40_59($i,@V); unshift(@V,pop(@V)); } -for(;$i<80;$i++) { &BODY_20_39($i,@V); unshift(@V,pop(@V)); } -$code.=<<___; - add 0($ctx),$A - add 4($ctx),$B - add 8($ctx),$C - add 12($ctx),$D - add 16($ctx),$E - mov $A,0($ctx) - mov $B,4($ctx) - mov $C,8($ctx) - mov $D,12($ctx) - mov $E,16($ctx) - - sub \$1,$num - lea `16*4`($inp),$inp - jnz .Lloop - - mov `16*4`(%rsp),%rsi -.cfi_def_cfa %rsi,8 - mov -40(%rsi),%r14 -.cfi_restore %r14 - mov -32(%rsi),%r13 -.cfi_restore %r13 - mov -24(%rsi),%r12 -.cfi_restore %r12 - mov -16(%rsi),%rbp -.cfi_restore %rbp - mov -8(%rsi),%rbx -.cfi_restore %rbx - lea (%rsi),%rsp -.cfi_def_cfa_register %rsp -.Lepilogue: - ret -.cfi_endproc -.size sha1_block_data_order,.-sha1_block_data_order -___ -if ($shaext) {{{ -###################################################################### -# Intel SHA Extensions implementation of SHA1 update function. -# -my ($ctx,$inp,$num)=("%rdi","%rsi","%rdx"); -my ($ABCD,$E,$E_,$BSWAP,$ABCD_SAVE,$E_SAVE)=map("%xmm$_",(0..3,8,9)); -my @MSG=map("%xmm$_",(4..7)); - -$code.=<<___; -.type sha1_block_data_order_shaext,\@function,3 -.align 32 -sha1_block_data_order_shaext: -_shaext_shortcut: -.cfi_startproc -___ -$code.=<<___ if ($win64); - lea `-8-4*16`(%rsp),%rsp - movaps %xmm6,-8-4*16(%rax) - movaps %xmm7,-8-3*16(%rax) - movaps %xmm8,-8-2*16(%rax) - movaps %xmm9,-8-1*16(%rax) -.Lprologue_shaext: -___ -$code.=<<___; - movdqu ($ctx),$ABCD - movd 16($ctx),$E - movdqa K_XX_XX+0xa0(%rip),$BSWAP # byte-n-word swap - - movdqu ($inp),@MSG[0] - pshufd \$0b00011011,$ABCD,$ABCD # flip word order - movdqu 0x10($inp),@MSG[1] - pshufd \$0b00011011,$E,$E # flip word order - movdqu 0x20($inp),@MSG[2] - pshufb $BSWAP,@MSG[0] - movdqu 0x30($inp),@MSG[3] - pshufb $BSWAP,@MSG[1] - pshufb $BSWAP,@MSG[2] - movdqa $E,$E_SAVE # offload $E - pshufb $BSWAP,@MSG[3] - jmp .Loop_shaext - -.align 16 -.Loop_shaext: - dec $num - lea 0x40($inp),%r8 # next input block - paddd @MSG[0],$E - cmovne %r8,$inp - movdqa $ABCD,$ABCD_SAVE # offload $ABCD -___ -for($i=0;$i<20-4;$i+=2) { -$code.=<<___; - sha1msg1 @MSG[1],@MSG[0] - movdqa $ABCD,$E_ - sha1rnds4 \$`int($i/5)`,$E,$ABCD # 0-3... - sha1nexte @MSG[1],$E_ - pxor @MSG[2],@MSG[0] - sha1msg1 @MSG[2],@MSG[1] - sha1msg2 @MSG[3],@MSG[0] - - movdqa $ABCD,$E - sha1rnds4 \$`int(($i+1)/5)`,$E_,$ABCD - sha1nexte @MSG[2],$E - pxor @MSG[3],@MSG[1] - sha1msg2 @MSG[0],@MSG[1] -___ - push(@MSG,shift(@MSG)); push(@MSG,shift(@MSG)); -} -$code.=<<___; - movdqu ($inp),@MSG[0] - movdqa $ABCD,$E_ - sha1rnds4 \$3,$E,$ABCD # 64-67 - sha1nexte @MSG[1],$E_ - movdqu 0x10($inp),@MSG[1] - pshufb $BSWAP,@MSG[0] - - movdqa $ABCD,$E - sha1rnds4 \$3,$E_,$ABCD # 68-71 - sha1nexte @MSG[2],$E - movdqu 0x20($inp),@MSG[2] - pshufb $BSWAP,@MSG[1] - - movdqa $ABCD,$E_ - sha1rnds4 \$3,$E,$ABCD # 72-75 - sha1nexte @MSG[3],$E_ - movdqu 0x30($inp),@MSG[3] - pshufb $BSWAP,@MSG[2] - - movdqa $ABCD,$E - sha1rnds4 \$3,$E_,$ABCD # 76-79 - sha1nexte $E_SAVE,$E - pshufb $BSWAP,@MSG[3] - - paddd $ABCD_SAVE,$ABCD - movdqa $E,$E_SAVE # offload $E - - jnz .Loop_shaext - - pshufd \$0b00011011,$ABCD,$ABCD - pshufd \$0b00011011,$E,$E - movdqu $ABCD,($ctx) - movd $E,16($ctx) -___ -$code.=<<___ if ($win64); - movaps -8-4*16(%rax),%xmm6 - movaps -8-3*16(%rax),%xmm7 - movaps -8-2*16(%rax),%xmm8 - movaps -8-1*16(%rax),%xmm9 - mov %rax,%rsp -.Lepilogue_shaext: -___ -$code.=<<___; - ret -.cfi_endproc -.size sha1_block_data_order_shaext,.-sha1_block_data_order_shaext -___ -}}} -{{{ -my $Xi=4; -my @X=map("%xmm$_",(4..7,0..3)); -my @Tx=map("%xmm$_",(8..10)); -my $Kx="%xmm11"; -my @V=($A,$B,$C,$D,$E)=("%eax","%ebx","%ecx","%edx","%ebp"); # size optimization -my @T=("%esi","%edi"); -my $j=0; -my $rx=0; -my $K_XX_XX="%r14"; -my $fp="%r11"; - -my $_rol=sub { &rol(@_) }; -my $_ror=sub { &ror(@_) }; - -{ my $sn; -sub align32() { - ++$sn; -$code.=<<___; - jmp .Lalign32_$sn # see "Decoded ICache" in manual -.align 32 -.Lalign32_$sn: -___ -} -} - -$code.=<<___; -.type sha1_block_data_order_ssse3,\@function,3 -.align 16 -sha1_block_data_order_ssse3: -_ssse3_shortcut: -.cfi_startproc - mov %rsp,$fp # frame pointer -.cfi_def_cfa_register $fp - push %rbx -.cfi_push %rbx - push %rbp -.cfi_push %rbp - push %r12 -.cfi_push %r12 - push %r13 # redundant, done to share Win64 SE handler -.cfi_push %r13 - push %r14 -.cfi_push %r14 - lea `-64-($win64?6*16:0)`(%rsp),%rsp -___ -$code.=<<___ if ($win64); - movaps %xmm6,-40-6*16($fp) - movaps %xmm7,-40-5*16($fp) - movaps %xmm8,-40-4*16($fp) - movaps %xmm9,-40-3*16($fp) - movaps %xmm10,-40-2*16($fp) - movaps %xmm11,-40-1*16($fp) -.Lprologue_ssse3: -___ -$code.=<<___; - and \$-64,%rsp - mov %rdi,$ctx # reassigned argument - mov %rsi,$inp # reassigned argument - mov %rdx,$num # reassigned argument - - shl \$6,$num - add $inp,$num - lea K_XX_XX+64(%rip),$K_XX_XX - - mov 0($ctx),$A # load context - mov 4($ctx),$B - mov 8($ctx),$C - mov 12($ctx),$D - mov $B,@T[0] # magic seed - mov 16($ctx),$E - mov $C,@T[1] - xor $D,@T[1] - and @T[1],@T[0] - - movdqa 64($K_XX_XX),@X[2] # pbswap mask - movdqa -64($K_XX_XX),@Tx[1] # K_00_19 - movdqu 0($inp),@X[-4&7] # load input to %xmm[0-3] - movdqu 16($inp),@X[-3&7] - movdqu 32($inp),@X[-2&7] - movdqu 48($inp),@X[-1&7] - pshufb @X[2],@X[-4&7] # byte swap - pshufb @X[2],@X[-3&7] - pshufb @X[2],@X[-2&7] - add \$64,$inp - paddd @Tx[1],@X[-4&7] # add K_00_19 - pshufb @X[2],@X[-1&7] - paddd @Tx[1],@X[-3&7] - paddd @Tx[1],@X[-2&7] - movdqa @X[-4&7],0(%rsp) # X[]+K xfer to IALU - psubd @Tx[1],@X[-4&7] # restore X[] - movdqa @X[-3&7],16(%rsp) - psubd @Tx[1],@X[-3&7] - movdqa @X[-2&7],32(%rsp) - psubd @Tx[1],@X[-2&7] - jmp .Loop_ssse3 -___ - -sub AUTOLOAD() # thunk [simplified] 32-bit style perlasm -{ my $opcode = $AUTOLOAD; $opcode =~ s/.*:://; - my $arg = pop; - $arg = "\$$arg" if ($arg*1 eq $arg); - $code .= "\t$opcode\t".join(',',$arg,reverse @_)."\n"; -} - -sub Xupdate_ssse3_16_31() # recall that $Xi starts with 4 -{ use integer; - my $body = shift; - my @insns = (&$body,&$body,&$body,&$body); # 40 instructions - my ($a,$b,$c,$d,$e); - - eval(shift(@insns)); # ror - &pshufd (@X[0],@X[-4&7],0xee); # was &movdqa (@X[0],@X[-3&7]); - eval(shift(@insns)); - &movdqa (@Tx[0],@X[-1&7]); - &paddd (@Tx[1],@X[-1&7]); - eval(shift(@insns)); - eval(shift(@insns)); - - &punpcklqdq(@X[0],@X[-3&7]); # compose "X[-14]" in "X[0]", was &palignr(@X[0],@X[-4&7],8); - eval(shift(@insns)); - eval(shift(@insns)); # rol - eval(shift(@insns)); - &psrldq (@Tx[0],4); # "X[-3]", 3 dwords - eval(shift(@insns)); - eval(shift(@insns)); - - &pxor (@X[0],@X[-4&7]); # "X[0]"^="X[-16]" - eval(shift(@insns)); - eval(shift(@insns)); # ror - &pxor (@Tx[0],@X[-2&7]); # "X[-3]"^"X[-8]" - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - - &pxor (@X[0],@Tx[0]); # "X[0]"^="X[-3]"^"X[-8]" - eval(shift(@insns)); - eval(shift(@insns)); # rol - &movdqa (eval(16*(($Xi-1)&3))."(%rsp)",@Tx[1]); # X[]+K xfer to IALU - eval(shift(@insns)); - eval(shift(@insns)); - - &movdqa (@Tx[2],@X[0]); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); # ror - &movdqa (@Tx[0],@X[0]); - eval(shift(@insns)); - - &pslldq (@Tx[2],12); # "X[0]"<<96, extract one dword - &paddd (@X[0],@X[0]); - eval(shift(@insns)); - eval(shift(@insns)); - - &psrld (@Tx[0],31); - eval(shift(@insns)); - eval(shift(@insns)); # rol - eval(shift(@insns)); - &movdqa (@Tx[1],@Tx[2]); - eval(shift(@insns)); - eval(shift(@insns)); - - &psrld (@Tx[2],30); - eval(shift(@insns)); - eval(shift(@insns)); # ror - &por (@X[0],@Tx[0]); # "X[0]"<<<=1 - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - - &pslld (@Tx[1],2); - &pxor (@X[0],@Tx[2]); - eval(shift(@insns)); - &movdqa (@Tx[2],eval(2*16*(($Xi)/5)-64)."($K_XX_XX)"); # K_XX_XX - eval(shift(@insns)); # rol - eval(shift(@insns)); - eval(shift(@insns)); - - &pxor (@X[0],@Tx[1]); # "X[0]"^=("X[0]">>96)<<<2 - &pshufd (@Tx[1],@X[-1&7],0xee) if ($Xi==7); # was &movdqa (@Tx[0],@X[-1&7]) in Xupdate_ssse3_32_79 - - foreach (@insns) { eval; } # remaining instructions [if any] - - $Xi++; push(@X,shift(@X)); # "rotate" X[] - push(@Tx,shift(@Tx)); -} - -sub Xupdate_ssse3_32_79() -{ use integer; - my $body = shift; - my @insns = (&$body,&$body,&$body,&$body); # 32 to 44 instructions - my ($a,$b,$c,$d,$e); - - eval(shift(@insns)) if ($Xi==8); - &pxor (@X[0],@X[-4&7]); # "X[0]"="X[-32]"^"X[-16]" - eval(shift(@insns)) if ($Xi==8); - eval(shift(@insns)); # body_20_39 - eval(shift(@insns)); - eval(shift(@insns)) if (@insns[1] =~ /_ror/); - eval(shift(@insns)) if (@insns[0] =~ /_ror/); - &punpcklqdq(@Tx[0],@X[-1&7]); # compose "X[-6]", was &palignr(@Tx[0],@X[-2&7],8); - eval(shift(@insns)); - eval(shift(@insns)); # rol - - &pxor (@X[0],@X[-7&7]); # "X[0]"^="X[-28]" - eval(shift(@insns)); - eval(shift(@insns)); - if ($Xi%5) { - &movdqa (@Tx[2],@Tx[1]);# "perpetuate" K_XX_XX... - } else { # ... or load next one - &movdqa (@Tx[2],eval(2*16*($Xi/5)-64)."($K_XX_XX)"); - } - eval(shift(@insns)); # ror - &paddd (@Tx[1],@X[-1&7]); - eval(shift(@insns)); - - &pxor (@X[0],@Tx[0]); # "X[0]"^="X[-6]" - eval(shift(@insns)); # body_20_39 - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); # rol - eval(shift(@insns)) if (@insns[0] =~ /_ror/); - - &movdqa (@Tx[0],@X[0]); - eval(shift(@insns)); - eval(shift(@insns)); - &movdqa (eval(16*(($Xi-1)&3))."(%rsp)",@Tx[1]); # X[]+K xfer to IALU - eval(shift(@insns)); # ror - eval(shift(@insns)); - eval(shift(@insns)); # body_20_39 - - &pslld (@X[0],2); - eval(shift(@insns)); - eval(shift(@insns)); - &psrld (@Tx[0],30); - eval(shift(@insns)) if (@insns[0] =~ /_rol/);# rol - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); # ror - - &por (@X[0],@Tx[0]); # "X[0]"<<<=2 - eval(shift(@insns)); - eval(shift(@insns)); # body_20_39 - eval(shift(@insns)) if (@insns[1] =~ /_rol/); - eval(shift(@insns)) if (@insns[0] =~ /_rol/); - &pshufd(@Tx[1],@X[-1&7],0xee) if ($Xi<19); # was &movdqa (@Tx[1],@X[0]) - eval(shift(@insns)); - eval(shift(@insns)); # rol - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); # rol - eval(shift(@insns)); - - foreach (@insns) { eval; } # remaining instructions - - $Xi++; push(@X,shift(@X)); # "rotate" X[] - push(@Tx,shift(@Tx)); -} - -sub Xuplast_ssse3_80() -{ use integer; - my $body = shift; - my @insns = (&$body,&$body,&$body,&$body); # 32 instructions - my ($a,$b,$c,$d,$e); - - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - &paddd (@Tx[1],@X[-1&7]); - eval(shift(@insns)); - eval(shift(@insns)); - - &movdqa (eval(16*(($Xi-1)&3))."(%rsp)",@Tx[1]); # X[]+K xfer IALU - - foreach (@insns) { eval; } # remaining instructions - - &cmp ($inp,$num); - &je (".Ldone_ssse3"); - - unshift(@Tx,pop(@Tx)); - - &movdqa (@X[2],"64($K_XX_XX)"); # pbswap mask - &movdqa (@Tx[1],"-64($K_XX_XX)"); # K_00_19 - &movdqu (@X[-4&7],"0($inp)"); # load input - &movdqu (@X[-3&7],"16($inp)"); - &movdqu (@X[-2&7],"32($inp)"); - &movdqu (@X[-1&7],"48($inp)"); - &pshufb (@X[-4&7],@X[2]); # byte swap - &add ($inp,64); - - $Xi=0; -} - -sub Xloop_ssse3() -{ use integer; - my $body = shift; - my @insns = (&$body,&$body,&$body,&$body); # 32 instructions - my ($a,$b,$c,$d,$e); - - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - &pshufb (@X[($Xi-3)&7],@X[2]); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - &paddd (@X[($Xi-4)&7],@Tx[1]); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - &movdqa (eval(16*$Xi)."(%rsp)",@X[($Xi-4)&7]); # X[]+K xfer to IALU - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - &psubd (@X[($Xi-4)&7],@Tx[1]); - - foreach (@insns) { eval; } - $Xi++; -} - -sub Xtail_ssse3() -{ use integer; - my $body = shift; - my @insns = (&$body,&$body,&$body,&$body); # 32 instructions - my ($a,$b,$c,$d,$e); - - foreach (@insns) { eval; } -} - -sub body_00_19 () { # ((c^d)&b)^d - # on start @T[0]=(c^d)&b - return &body_20_39() if ($rx==19); $rx++; - ( - '($a,$b,$c,$d,$e)=@V;'. - '&$_ror ($b,$j?7:2)', # $b>>>2 - '&xor (@T[0],$d)', - '&mov (@T[1],$a)', # $b for next round - - '&add ($e,eval(4*($j&15))."(%rsp)")', # X[]+K xfer - '&xor ($b,$c)', # $c^$d for next round - - '&$_rol ($a,5)', - '&add ($e,@T[0])', - '&and (@T[1],$b)', # ($b&($c^$d)) for next round - - '&xor ($b,$c)', # restore $b - '&add ($e,$a);' .'$j++; unshift(@V,pop(@V)); unshift(@T,pop(@T));' - ); -} - -sub body_20_39 () { # b^d^c - # on entry @T[0]=b^d - return &body_40_59() if ($rx==39); $rx++; - ( - '($a,$b,$c,$d,$e)=@V;'. - '&add ($e,eval(4*($j&15))."(%rsp)")', # X[]+K xfer - '&xor (@T[0],$d) if($j==19);'. - '&xor (@T[0],$c) if($j> 19)', # ($b^$d^$c) - '&mov (@T[1],$a)', # $b for next round - - '&$_rol ($a,5)', - '&add ($e,@T[0])', - '&xor (@T[1],$c) if ($j< 79)', # $b^$d for next round - - '&$_ror ($b,7)', # $b>>>2 - '&add ($e,$a);' .'$j++; unshift(@V,pop(@V)); unshift(@T,pop(@T));' - ); -} - -sub body_40_59 () { # ((b^c)&(c^d))^c - # on entry @T[0]=(b^c), (c^=d) - $rx++; - ( - '($a,$b,$c,$d,$e)=@V;'. - '&add ($e,eval(4*($j&15))."(%rsp)")', # X[]+K xfer - '&and (@T[0],$c) if ($j>=40)', # (b^c)&(c^d) - '&xor ($c,$d) if ($j>=40)', # restore $c - - '&$_ror ($b,7)', # $b>>>2 - '&mov (@T[1],$a)', # $b for next round - '&xor (@T[0],$c)', - - '&$_rol ($a,5)', - '&add ($e,@T[0])', - '&xor (@T[1],$c) if ($j==59);'. - '&xor (@T[1],$b) if ($j< 59)', # b^c for next round - - '&xor ($b,$c) if ($j< 59)', # c^d for next round - '&add ($e,$a);' .'$j++; unshift(@V,pop(@V)); unshift(@T,pop(@T));' - ); -} -$code.=<<___; -.align 16 -.Loop_ssse3: -___ - &Xupdate_ssse3_16_31(\&body_00_19); - &Xupdate_ssse3_16_31(\&body_00_19); - &Xupdate_ssse3_16_31(\&body_00_19); - &Xupdate_ssse3_16_31(\&body_00_19); - &Xupdate_ssse3_32_79(\&body_00_19); - &Xupdate_ssse3_32_79(\&body_20_39); - &Xupdate_ssse3_32_79(\&body_20_39); - &Xupdate_ssse3_32_79(\&body_20_39); - &Xupdate_ssse3_32_79(\&body_20_39); - &Xupdate_ssse3_32_79(\&body_20_39); - &Xupdate_ssse3_32_79(\&body_40_59); - &Xupdate_ssse3_32_79(\&body_40_59); - &Xupdate_ssse3_32_79(\&body_40_59); - &Xupdate_ssse3_32_79(\&body_40_59); - &Xupdate_ssse3_32_79(\&body_40_59); - &Xupdate_ssse3_32_79(\&body_20_39); - &Xuplast_ssse3_80(\&body_20_39); # can jump to "done" - - $saved_j=$j; @saved_V=@V; - - &Xloop_ssse3(\&body_20_39); - &Xloop_ssse3(\&body_20_39); - &Xloop_ssse3(\&body_20_39); - -$code.=<<___; - add 0($ctx),$A # update context - add 4($ctx),@T[0] - add 8($ctx),$C - add 12($ctx),$D - mov $A,0($ctx) - add 16($ctx),$E - mov @T[0],4($ctx) - mov @T[0],$B # magic seed - mov $C,8($ctx) - mov $C,@T[1] - mov $D,12($ctx) - xor $D,@T[1] - mov $E,16($ctx) - and @T[1],@T[0] - jmp .Loop_ssse3 - -.align 16 -.Ldone_ssse3: -___ - $j=$saved_j; @V=@saved_V; - - &Xtail_ssse3(\&body_20_39); - &Xtail_ssse3(\&body_20_39); - &Xtail_ssse3(\&body_20_39); - -$code.=<<___; - add 0($ctx),$A # update context - add 4($ctx),@T[0] - add 8($ctx),$C - mov $A,0($ctx) - add 12($ctx),$D - mov @T[0],4($ctx) - add 16($ctx),$E - mov $C,8($ctx) - mov $D,12($ctx) - mov $E,16($ctx) -___ -$code.=<<___ if ($win64); - movaps -40-6*16($fp),%xmm6 - movaps -40-5*16($fp),%xmm7 - movaps -40-4*16($fp),%xmm8 - movaps -40-3*16($fp),%xmm9 - movaps -40-2*16($fp),%xmm10 - movaps -40-1*16($fp),%xmm11 -___ -$code.=<<___; - mov -40($fp),%r14 -.cfi_restore %r14 - mov -32($fp),%r13 -.cfi_restore %r13 - mov -24($fp),%r12 -.cfi_restore %r12 - mov -16($fp),%rbp -.cfi_restore %rbp - mov -8($fp),%rbx -.cfi_restore %rbx - lea ($fp),%rsp -.cfi_def_cfa_register %rsp -.Lepilogue_ssse3: - ret -.cfi_endproc -.size sha1_block_data_order_ssse3,.-sha1_block_data_order_ssse3 -___ - -if ($avx) { -$Xi=4; # reset variables -@X=map("%xmm$_",(4..7,0..3)); -@Tx=map("%xmm$_",(8..10)); -$j=0; -$rx=0; - -my $done_avx_label=".Ldone_avx"; - -my $_rol=sub { &shld(@_[0],@_) }; -my $_ror=sub { &shrd(@_[0],@_) }; - -$code.=<<___; -.type sha1_block_data_order_avx,\@function,3 -.align 16 -sha1_block_data_order_avx: -_avx_shortcut: -.cfi_startproc - mov %rsp,$fp -.cfi_def_cfa_register $fp - push %rbx -.cfi_push %rbx - push %rbp -.cfi_push %rbp - push %r12 -.cfi_push %r12 - push %r13 # redundant, done to share Win64 SE handler -.cfi_push %r13 - push %r14 -.cfi_push %r14 - lea `-64-($win64?6*16:0)`(%rsp),%rsp - vzeroupper -___ -$code.=<<___ if ($win64); - vmovaps %xmm6,-40-6*16($fp) - vmovaps %xmm7,-40-5*16($fp) - vmovaps %xmm8,-40-4*16($fp) - vmovaps %xmm9,-40-3*16($fp) - vmovaps %xmm10,-40-2*16($fp) - vmovaps %xmm11,-40-1*16($fp) -.Lprologue_avx: -___ -$code.=<<___; - and \$-64,%rsp - mov %rdi,$ctx # reassigned argument - mov %rsi,$inp # reassigned argument - mov %rdx,$num # reassigned argument - - shl \$6,$num - add $inp,$num - lea K_XX_XX+64(%rip),$K_XX_XX - - mov 0($ctx),$A # load context - mov 4($ctx),$B - mov 8($ctx),$C - mov 12($ctx),$D - mov $B,@T[0] # magic seed - mov 16($ctx),$E - mov $C,@T[1] - xor $D,@T[1] - and @T[1],@T[0] - - vmovdqa 64($K_XX_XX),@X[2] # pbswap mask - vmovdqa -64($K_XX_XX),$Kx # K_00_19 - vmovdqu 0($inp),@X[-4&7] # load input to %xmm[0-3] - vmovdqu 16($inp),@X[-3&7] - vmovdqu 32($inp),@X[-2&7] - vmovdqu 48($inp),@X[-1&7] - vpshufb @X[2],@X[-4&7],@X[-4&7] # byte swap - add \$64,$inp - vpshufb @X[2],@X[-3&7],@X[-3&7] - vpshufb @X[2],@X[-2&7],@X[-2&7] - vpshufb @X[2],@X[-1&7],@X[-1&7] - vpaddd $Kx,@X[-4&7],@X[0] # add K_00_19 - vpaddd $Kx,@X[-3&7],@X[1] - vpaddd $Kx,@X[-2&7],@X[2] - vmovdqa @X[0],0(%rsp) # X[]+K xfer to IALU - vmovdqa @X[1],16(%rsp) - vmovdqa @X[2],32(%rsp) - jmp .Loop_avx -___ - -sub Xupdate_avx_16_31() # recall that $Xi starts with 4 -{ use integer; - my $body = shift; - my @insns = (&$body,&$body,&$body,&$body); # 40 instructions - my ($a,$b,$c,$d,$e); - - eval(shift(@insns)); - eval(shift(@insns)); - &vpalignr(@X[0],@X[-3&7],@X[-4&7],8); # compose "X[-14]" in "X[0]" - eval(shift(@insns)); - eval(shift(@insns)); - - &vpaddd (@Tx[1],$Kx,@X[-1&7]); - eval(shift(@insns)); - eval(shift(@insns)); - &vpsrldq(@Tx[0],@X[-1&7],4); # "X[-3]", 3 dwords - eval(shift(@insns)); - eval(shift(@insns)); - &vpxor (@X[0],@X[0],@X[-4&7]); # "X[0]"^="X[-16]" - eval(shift(@insns)); - eval(shift(@insns)); - - &vpxor (@Tx[0],@Tx[0],@X[-2&7]); # "X[-3]"^"X[-8]" - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - - &vpxor (@X[0],@X[0],@Tx[0]); # "X[0]"^="X[-3]"^"X[-8]" - eval(shift(@insns)); - eval(shift(@insns)); - &vmovdqa (eval(16*(($Xi-1)&3))."(%rsp)",@Tx[1]); # X[]+K xfer to IALU - eval(shift(@insns)); - eval(shift(@insns)); - - &vpsrld (@Tx[0],@X[0],31); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - - &vpslldq(@Tx[2],@X[0],12); # "X[0]"<<96, extract one dword - &vpaddd (@X[0],@X[0],@X[0]); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - - &vpsrld (@Tx[1],@Tx[2],30); - &vpor (@X[0],@X[0],@Tx[0]); # "X[0]"<<<=1 - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - - &vpslld (@Tx[2],@Tx[2],2); - &vpxor (@X[0],@X[0],@Tx[1]); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - - &vpxor (@X[0],@X[0],@Tx[2]); # "X[0]"^=("X[0]">>96)<<<2 - eval(shift(@insns)); - eval(shift(@insns)); - &vmovdqa ($Kx,eval(2*16*(($Xi)/5)-64)."($K_XX_XX)") if ($Xi%5==0); # K_XX_XX - eval(shift(@insns)); - eval(shift(@insns)); - - - foreach (@insns) { eval; } # remaining instructions [if any] - - $Xi++; push(@X,shift(@X)); # "rotate" X[] -} - -sub Xupdate_avx_32_79() -{ use integer; - my $body = shift; - my @insns = (&$body,&$body,&$body,&$body); # 32 to 44 instructions - my ($a,$b,$c,$d,$e); - - &vpalignr(@Tx[0],@X[-1&7],@X[-2&7],8); # compose "X[-6]" - &vpxor (@X[0],@X[0],@X[-4&7]); # "X[0]"="X[-32]"^"X[-16]" - eval(shift(@insns)); # body_20_39 - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); # rol - - &vpxor (@X[0],@X[0],@X[-7&7]); # "X[0]"^="X[-28]" - eval(shift(@insns)); - eval(shift(@insns)) if (@insns[0] !~ /&ro[rl]/); - &vpaddd (@Tx[1],$Kx,@X[-1&7]); - &vmovdqa ($Kx,eval(2*16*($Xi/5)-64)."($K_XX_XX)") if ($Xi%5==0); - eval(shift(@insns)); # ror - eval(shift(@insns)); - - &vpxor (@X[0],@X[0],@Tx[0]); # "X[0]"^="X[-6]" - eval(shift(@insns)); # body_20_39 - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); # rol - - &vpsrld (@Tx[0],@X[0],30); - &vmovdqa (eval(16*(($Xi-1)&3))."(%rsp)",@Tx[1]); # X[]+K xfer to IALU - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); # ror - eval(shift(@insns)); - - &vpslld (@X[0],@X[0],2); - eval(shift(@insns)); # body_20_39 - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); # rol - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); # ror - eval(shift(@insns)); - - &vpor (@X[0],@X[0],@Tx[0]); # "X[0]"<<<=2 - eval(shift(@insns)); # body_20_39 - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); # rol - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); # rol - eval(shift(@insns)); - - foreach (@insns) { eval; } # remaining instructions - - $Xi++; push(@X,shift(@X)); # "rotate" X[] -} - -sub Xuplast_avx_80() -{ use integer; - my $body = shift; - my @insns = (&$body,&$body,&$body,&$body); # 32 instructions - my ($a,$b,$c,$d,$e); - - eval(shift(@insns)); - &vpaddd (@Tx[1],$Kx,@X[-1&7]); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - - &vmovdqa (eval(16*(($Xi-1)&3))."(%rsp)",@Tx[1]); # X[]+K xfer IALU - - foreach (@insns) { eval; } # remaining instructions - - &cmp ($inp,$num); - &je ($done_avx_label); - - &vmovdqa(@X[2],"64($K_XX_XX)"); # pbswap mask - &vmovdqa($Kx,"-64($K_XX_XX)"); # K_00_19 - &vmovdqu(@X[-4&7],"0($inp)"); # load input - &vmovdqu(@X[-3&7],"16($inp)"); - &vmovdqu(@X[-2&7],"32($inp)"); - &vmovdqu(@X[-1&7],"48($inp)"); - &vpshufb(@X[-4&7],@X[-4&7],@X[2]); # byte swap - &add ($inp,64); - - $Xi=0; -} - -sub Xloop_avx() -{ use integer; - my $body = shift; - my @insns = (&$body,&$body,&$body,&$body); # 32 instructions - my ($a,$b,$c,$d,$e); - - eval(shift(@insns)); - eval(shift(@insns)); - &vpshufb(@X[($Xi-3)&7],@X[($Xi-3)&7],@X[2]); - eval(shift(@insns)); - eval(shift(@insns)); - &vpaddd (@X[$Xi&7],@X[($Xi-4)&7],$Kx); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - &vmovdqa(eval(16*$Xi)."(%rsp)",@X[$Xi&7]); # X[]+K xfer to IALU - eval(shift(@insns)); - eval(shift(@insns)); - - foreach (@insns) { eval; } - $Xi++; -} - -sub Xtail_avx() -{ use integer; - my $body = shift; - my @insns = (&$body,&$body,&$body,&$body); # 32 instructions - my ($a,$b,$c,$d,$e); - - foreach (@insns) { eval; } -} - -$code.=<<___; -.align 16 -.Loop_avx: -___ - &Xupdate_avx_16_31(\&body_00_19); - &Xupdate_avx_16_31(\&body_00_19); - &Xupdate_avx_16_31(\&body_00_19); - &Xupdate_avx_16_31(\&body_00_19); - &Xupdate_avx_32_79(\&body_00_19); - &Xupdate_avx_32_79(\&body_20_39); - &Xupdate_avx_32_79(\&body_20_39); - &Xupdate_avx_32_79(\&body_20_39); - &Xupdate_avx_32_79(\&body_20_39); - &Xupdate_avx_32_79(\&body_20_39); - &Xupdate_avx_32_79(\&body_40_59); - &Xupdate_avx_32_79(\&body_40_59); - &Xupdate_avx_32_79(\&body_40_59); - &Xupdate_avx_32_79(\&body_40_59); - &Xupdate_avx_32_79(\&body_40_59); - &Xupdate_avx_32_79(\&body_20_39); - &Xuplast_avx_80(\&body_20_39); # can jump to "done" - - $saved_j=$j; @saved_V=@V; - - &Xloop_avx(\&body_20_39); - &Xloop_avx(\&body_20_39); - &Xloop_avx(\&body_20_39); - -$code.=<<___; - add 0($ctx),$A # update context - add 4($ctx),@T[0] - add 8($ctx),$C - add 12($ctx),$D - mov $A,0($ctx) - add 16($ctx),$E - mov @T[0],4($ctx) - mov @T[0],$B # magic seed - mov $C,8($ctx) - mov $C,@T[1] - mov $D,12($ctx) - xor $D,@T[1] - mov $E,16($ctx) - and @T[1],@T[0] - jmp .Loop_avx - -.align 16 -$done_avx_label: -___ - $j=$saved_j; @V=@saved_V; - - &Xtail_avx(\&body_20_39); - &Xtail_avx(\&body_20_39); - &Xtail_avx(\&body_20_39); - -$code.=<<___; - vzeroupper - - add 0($ctx),$A # update context - add 4($ctx),@T[0] - add 8($ctx),$C - mov $A,0($ctx) - add 12($ctx),$D - mov @T[0],4($ctx) - add 16($ctx),$E - mov $C,8($ctx) - mov $D,12($ctx) - mov $E,16($ctx) -___ -$code.=<<___ if ($win64); - movaps -40-6*16($fp),%xmm6 - movaps -40-5*16($fp),%xmm7 - movaps -40-4*16($fp),%xmm8 - movaps -40-3*16($fp),%xmm9 - movaps -40-2*16($fp),%xmm10 - movaps -40-1*16($fp),%xmm11 -___ -$code.=<<___; - mov -40($fp),%r14 -.cfi_restore %r14 - mov -32($fp),%r13 -.cfi_restore %r13 - mov -24($fp),%r12 -.cfi_restore %r12 - mov -16($fp),%rbp -.cfi_restore %rbp - mov -8($fp),%rbx -.cfi_restore %rbx - lea ($fp),%rsp -.cfi_def_cfa_register %rsp -.Lepilogue_avx: - ret -.cfi_endproc -.size sha1_block_data_order_avx,.-sha1_block_data_order_avx -___ - -if ($avx>1) { -use integer; -$Xi=4; # reset variables -@X=map("%ymm$_",(4..7,0..3)); -@Tx=map("%ymm$_",(8..10)); -$Kx="%ymm11"; -$j=0; - -my @ROTX=("%eax","%ebp","%ebx","%ecx","%edx","%esi"); -my ($a5,$t0)=("%r12d","%edi"); - -my ($A,$F,$B,$C,$D,$E)=@ROTX; -my $rx=0; -my $frame="%r13"; - -$code.=<<___; -.type sha1_block_data_order_avx2,\@function,3 -.align 16 -sha1_block_data_order_avx2: -_avx2_shortcut: -.cfi_startproc - mov %rsp,$fp -.cfi_def_cfa_register $fp - push %rbx -.cfi_push %rbx - push %rbp -.cfi_push %rbp - push %r12 -.cfi_push %r12 - push %r13 -.cfi_push %r13 - push %r14 -.cfi_push %r14 - vzeroupper -___ -$code.=<<___ if ($win64); - lea -6*16(%rsp),%rsp - vmovaps %xmm6,-40-6*16($fp) - vmovaps %xmm7,-40-5*16($fp) - vmovaps %xmm8,-40-4*16($fp) - vmovaps %xmm9,-40-3*16($fp) - vmovaps %xmm10,-40-2*16($fp) - vmovaps %xmm11,-40-1*16($fp) -.Lprologue_avx2: -___ -$code.=<<___; - mov %rdi,$ctx # reassigned argument - mov %rsi,$inp # reassigned argument - mov %rdx,$num # reassigned argument - - lea -640(%rsp),%rsp - shl \$6,$num - lea 64($inp),$frame - and \$-128,%rsp - add $inp,$num - lea K_XX_XX+64(%rip),$K_XX_XX - - mov 0($ctx),$A # load context - cmp $num,$frame - cmovae $inp,$frame # next or same block - mov 4($ctx),$F - mov 8($ctx),$C - mov 12($ctx),$D - mov 16($ctx),$E - vmovdqu 64($K_XX_XX),@X[2] # pbswap mask - - vmovdqu ($inp),%xmm0 - vmovdqu 16($inp),%xmm1 - vmovdqu 32($inp),%xmm2 - vmovdqu 48($inp),%xmm3 - lea 64($inp),$inp - vinserti128 \$1,($frame),@X[-4&7],@X[-4&7] - vinserti128 \$1,16($frame),@X[-3&7],@X[-3&7] - vpshufb @X[2],@X[-4&7],@X[-4&7] - vinserti128 \$1,32($frame),@X[-2&7],@X[-2&7] - vpshufb @X[2],@X[-3&7],@X[-3&7] - vinserti128 \$1,48($frame),@X[-1&7],@X[-1&7] - vpshufb @X[2],@X[-2&7],@X[-2&7] - vmovdqu -64($K_XX_XX),$Kx # K_00_19 - vpshufb @X[2],@X[-1&7],@X[-1&7] - - vpaddd $Kx,@X[-4&7],@X[0] # add K_00_19 - vpaddd $Kx,@X[-3&7],@X[1] - vmovdqu @X[0],0(%rsp) # X[]+K xfer to IALU - vpaddd $Kx,@X[-2&7],@X[2] - vmovdqu @X[1],32(%rsp) - vpaddd $Kx,@X[-1&7],@X[3] - vmovdqu @X[2],64(%rsp) - vmovdqu @X[3],96(%rsp) -___ -for (;$Xi<8;$Xi++) { # Xupdate_avx2_16_31 - use integer; - - &vpalignr(@X[0],@X[-3&7],@X[-4&7],8); # compose "X[-14]" in "X[0]" - &vpsrldq(@Tx[0],@X[-1&7],4); # "X[-3]", 3 dwords - &vpxor (@X[0],@X[0],@X[-4&7]); # "X[0]"^="X[-16]" - &vpxor (@Tx[0],@Tx[0],@X[-2&7]); # "X[-3]"^"X[-8]" - &vpxor (@X[0],@X[0],@Tx[0]); # "X[0]"^="X[-3]"^"X[-8]" - &vpsrld (@Tx[0],@X[0],31); - &vmovdqu($Kx,eval(2*16*(($Xi)/5)-64)."($K_XX_XX)") if ($Xi%5==0); # K_XX_XX - &vpslldq(@Tx[2],@X[0],12); # "X[0]"<<96, extract one dword - &vpaddd (@X[0],@X[0],@X[0]); - &vpsrld (@Tx[1],@Tx[2],30); - &vpor (@X[0],@X[0],@Tx[0]); # "X[0]"<<<=1 - &vpslld (@Tx[2],@Tx[2],2); - &vpxor (@X[0],@X[0],@Tx[1]); - &vpxor (@X[0],@X[0],@Tx[2]); # "X[0]"^=("X[0]">>96)<<<2 - &vpaddd (@Tx[1],@X[0],$Kx); - &vmovdqu("32*$Xi(%rsp)",@Tx[1]); # X[]+K xfer to IALU - - push(@X,shift(@X)); # "rotate" X[] -} -$code.=<<___; - lea 128(%rsp),$frame - jmp .Loop_avx2 -.align 32 -.Loop_avx2: - rorx \$2,$F,$B - andn $D,$F,$t0 - and $C,$F - xor $t0,$F -___ -sub bodyx_00_19 () { # 8 instructions, 3 cycles critical path - # at start $f=(b&c)^(~b&d), $b>>>=2 - return &bodyx_20_39() if ($rx==19); $rx++; - ( - '($a,$f,$b,$c,$d,$e)=@ROTX;'. - - '&add ($e,((32*($j/4)+4*($j%4))%256-128)."($frame)");'. # e+=X[i]+K - '&lea ($frame,"256($frame)") if ($j%32==31);', - '&andn ($t0,$a,$c)', # ~b&d for next round - - '&add ($e,$f)', # e+=(b&c)^(~b&d) - '&rorx ($a5,$a,27)', # a<<<5 - '&rorx ($f,$a,2)', # b>>>2 for next round - '&and ($a,$b)', # b&c for next round - - '&add ($e,$a5)', # e+=a<<<5 - '&xor ($a,$t0);'. # f=(b&c)^(~b&d) for next round - - 'unshift(@ROTX,pop(@ROTX)); $j++;' - ) -} - -sub bodyx_20_39 () { # 7 instructions, 2 cycles critical path - # on entry $f=b^c^d, $b>>>=2 - return &bodyx_40_59() if ($rx==39); $rx++; - ( - '($a,$f,$b,$c,$d,$e)=@ROTX;'. - - '&add ($e,((32*($j/4)+4*($j%4))%256-128)."($frame)");'. # e+=X[i]+K - '&lea ($frame,"256($frame)") if ($j%32==31);', - - '&lea ($e,"($e,$f)")', # e+=b^c^d - '&rorx ($a5,$a,27)', # a<<<5 - '&rorx ($f,$a,2) if ($j<79)', # b>>>2 in next round - '&xor ($a,$b) if ($j<79)', # b^c for next round - - '&add ($e,$a5)', # e+=a<<<5 - '&xor ($a,$c) if ($j<79);'. # f=b^c^d for next round - - 'unshift(@ROTX,pop(@ROTX)); $j++;' - ) -} - -sub bodyx_40_59 () { # 10 instructions, 3 cycles critical path - # on entry $f=((b^c)&(c^d)), $b>>>=2 - $rx++; - ( - '($a,$f,$b,$c,$d,$e)=@ROTX;'. - - '&add ($e,((32*($j/4)+4*($j%4))%256-128)."($frame)");'. # e+=X[i]+K - '&lea ($frame,"256($frame)") if ($j%32==31);', - '&xor ($f,$c) if ($j>39)', # (b^c)&(c^d)^c - '&mov ($t0,$b) if ($j<59)', # count on zero latency - '&xor ($t0,$c) if ($j<59)', # c^d for next round - - '&lea ($e,"($e,$f)")', # e+=(b^c)&(c^d)^c - '&rorx ($a5,$a,27)', # a<<<5 - '&rorx ($f,$a,2)', # b>>>2 in next round - '&xor ($a,$b)', # b^c for next round - - '&add ($e,$a5)', # e+=a<<<5 - '&and ($a,$t0) if ($j< 59);'. # f=(b^c)&(c^d) for next round - '&xor ($a,$c) if ($j==59);'. # f=b^c^d for next round - - 'unshift(@ROTX,pop(@ROTX)); $j++;' - ) -} - -sub Xupdate_avx2_16_31() # recall that $Xi starts with 4 -{ use integer; - my $body = shift; - my @insns = (&$body,&$body,&$body,&$body,&$body); # 35 instructions - my ($a,$b,$c,$d,$e); - - &vpalignr(@X[0],@X[-3&7],@X[-4&7],8); # compose "X[-14]" in "X[0]" - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - - &vpsrldq(@Tx[0],@X[-1&7],4); # "X[-3]", 3 dwords - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - - &vpxor (@X[0],@X[0],@X[-4&7]); # "X[0]"^="X[-16]" - &vpxor (@Tx[0],@Tx[0],@X[-2&7]); # "X[-3]"^"X[-8]" - eval(shift(@insns)); - eval(shift(@insns)); - - &vpxor (@X[0],@X[0],@Tx[0]); # "X[0]"^="X[-3]"^"X[-8]" - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - - &vpsrld (@Tx[0],@X[0],31); - &vmovdqu($Kx,eval(2*16*(($Xi)/5)-64)."($K_XX_XX)") if ($Xi%5==0); # K_XX_XX - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - - &vpslldq(@Tx[2],@X[0],12); # "X[0]"<<96, extract one dword - &vpaddd (@X[0],@X[0],@X[0]); - eval(shift(@insns)); - eval(shift(@insns)); - - &vpsrld (@Tx[1],@Tx[2],30); - &vpor (@X[0],@X[0],@Tx[0]); # "X[0]"<<<=1 - eval(shift(@insns)); - eval(shift(@insns)); - - &vpslld (@Tx[2],@Tx[2],2); - &vpxor (@X[0],@X[0],@Tx[1]); - eval(shift(@insns)); - eval(shift(@insns)); - - &vpxor (@X[0],@X[0],@Tx[2]); # "X[0]"^=("X[0]">>96)<<<2 - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - - &vpaddd (@Tx[1],@X[0],$Kx); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - &vmovdqu(eval(32*($Xi))."(%rsp)",@Tx[1]); # X[]+K xfer to IALU - - foreach (@insns) { eval; } # remaining instructions [if any] - - $Xi++; - push(@X,shift(@X)); # "rotate" X[] -} - -sub Xupdate_avx2_32_79() -{ use integer; - my $body = shift; - my @insns = (&$body,&$body,&$body,&$body,&$body); # 35 to 50 instructions - my ($a,$b,$c,$d,$e); - - &vpalignr(@Tx[0],@X[-1&7],@X[-2&7],8); # compose "X[-6]" - &vpxor (@X[0],@X[0],@X[-4&7]); # "X[0]"="X[-32]"^"X[-16]" - eval(shift(@insns)); - eval(shift(@insns)); - - &vpxor (@X[0],@X[0],@X[-7&7]); # "X[0]"^="X[-28]" - &vmovdqu($Kx,eval(2*16*($Xi/5)-64)."($K_XX_XX)") if ($Xi%5==0); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - - &vpxor (@X[0],@X[0],@Tx[0]); # "X[0]"^="X[-6]" - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - - &vpsrld (@Tx[0],@X[0],30); - &vpslld (@X[0],@X[0],2); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - - #&vpslld (@X[0],@X[0],2); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - - &vpor (@X[0],@X[0],@Tx[0]); # "X[0]"<<<=2 - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - - &vpaddd (@Tx[1],@X[0],$Kx); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - - &vmovdqu("32*$Xi(%rsp)",@Tx[1]); # X[]+K xfer to IALU - - foreach (@insns) { eval; } # remaining instructions - - $Xi++; - push(@X,shift(@X)); # "rotate" X[] -} - -sub Xloop_avx2() -{ use integer; - my $body = shift; - my @insns = (&$body,&$body,&$body,&$body,&$body); # 32 instructions - my ($a,$b,$c,$d,$e); - - foreach (@insns) { eval; } -} - - &align32(); - &Xupdate_avx2_32_79(\&bodyx_00_19); - &Xupdate_avx2_32_79(\&bodyx_00_19); - &Xupdate_avx2_32_79(\&bodyx_00_19); - &Xupdate_avx2_32_79(\&bodyx_00_19); - - &Xupdate_avx2_32_79(\&bodyx_20_39); - &Xupdate_avx2_32_79(\&bodyx_20_39); - &Xupdate_avx2_32_79(\&bodyx_20_39); - &Xupdate_avx2_32_79(\&bodyx_20_39); - - &align32(); - &Xupdate_avx2_32_79(\&bodyx_40_59); - &Xupdate_avx2_32_79(\&bodyx_40_59); - &Xupdate_avx2_32_79(\&bodyx_40_59); - &Xupdate_avx2_32_79(\&bodyx_40_59); - - &Xloop_avx2(\&bodyx_20_39); - &Xloop_avx2(\&bodyx_20_39); - &Xloop_avx2(\&bodyx_20_39); - &Xloop_avx2(\&bodyx_20_39); - -$code.=<<___; - lea 128($inp),$frame - lea 128($inp),%rdi # borrow $t0 - cmp $num,$frame - cmovae $inp,$frame # next or previous block - - # output is d-e-[a]-f-b-c => A=d,F=e,C=f,D=b,E=c - add 0($ctx),@ROTX[0] # update context - add 4($ctx),@ROTX[1] - add 8($ctx),@ROTX[3] - mov @ROTX[0],0($ctx) - add 12($ctx),@ROTX[4] - mov @ROTX[1],4($ctx) - mov @ROTX[0],$A # A=d - add 16($ctx),@ROTX[5] - mov @ROTX[3],$a5 - mov @ROTX[3],8($ctx) - mov @ROTX[4],$D # D=b - #xchg @ROTX[5],$F # F=c, C=f - mov @ROTX[4],12($ctx) - mov @ROTX[1],$F # F=e - mov @ROTX[5],16($ctx) - #mov $F,16($ctx) - mov @ROTX[5],$E # E=c - mov $a5,$C # C=f - #xchg $F,$E # E=c, F=e - - cmp $num,$inp - je .Ldone_avx2 -___ - -$Xi=4; # reset variables -@X=map("%ymm$_",(4..7,0..3)); - -$code.=<<___; - vmovdqu 64($K_XX_XX),@X[2] # pbswap mask - cmp $num,%rdi # borrowed $t0 - ja .Last_avx2 - - vmovdqu -64(%rdi),%xmm0 # low part of @X[-4&7] - vmovdqu -48(%rdi),%xmm1 - vmovdqu -32(%rdi),%xmm2 - vmovdqu -16(%rdi),%xmm3 - vinserti128 \$1,0($frame),@X[-4&7],@X[-4&7] - vinserti128 \$1,16($frame),@X[-3&7],@X[-3&7] - vinserti128 \$1,32($frame),@X[-2&7],@X[-2&7] - vinserti128 \$1,48($frame),@X[-1&7],@X[-1&7] - jmp .Last_avx2 - -.align 32 -.Last_avx2: - lea 128+16(%rsp),$frame - rorx \$2,$F,$B - andn $D,$F,$t0 - and $C,$F - xor $t0,$F - sub \$-128,$inp -___ - $rx=$j=0; @ROTX=($A,$F,$B,$C,$D,$E); - - &Xloop_avx2 (\&bodyx_00_19); - &Xloop_avx2 (\&bodyx_00_19); - &Xloop_avx2 (\&bodyx_00_19); - &Xloop_avx2 (\&bodyx_00_19); - - &Xloop_avx2 (\&bodyx_20_39); - &vmovdqu ($Kx,"-64($K_XX_XX)"); # K_00_19 - &vpshufb (@X[-4&7],@X[-4&7],@X[2]); # byte swap - &Xloop_avx2 (\&bodyx_20_39); - &vpshufb (@X[-3&7],@X[-3&7],@X[2]); - &vpaddd (@Tx[0],@X[-4&7],$Kx); # add K_00_19 - &Xloop_avx2 (\&bodyx_20_39); - &vmovdqu ("0(%rsp)",@Tx[0]); - &vpshufb (@X[-2&7],@X[-2&7],@X[2]); - &vpaddd (@Tx[1],@X[-3&7],$Kx); - &Xloop_avx2 (\&bodyx_20_39); - &vmovdqu ("32(%rsp)",@Tx[1]); - &vpshufb (@X[-1&7],@X[-1&7],@X[2]); - &vpaddd (@X[2],@X[-2&7],$Kx); - - &Xloop_avx2 (\&bodyx_40_59); - &align32 (); - &vmovdqu ("64(%rsp)",@X[2]); - &vpaddd (@X[3],@X[-1&7],$Kx); - &Xloop_avx2 (\&bodyx_40_59); - &vmovdqu ("96(%rsp)",@X[3]); - &Xloop_avx2 (\&bodyx_40_59); - &Xupdate_avx2_16_31(\&bodyx_40_59); - - &Xupdate_avx2_16_31(\&bodyx_20_39); - &Xupdate_avx2_16_31(\&bodyx_20_39); - &Xupdate_avx2_16_31(\&bodyx_20_39); - &Xloop_avx2 (\&bodyx_20_39); - -$code.=<<___; - lea 128(%rsp),$frame - - # output is d-e-[a]-f-b-c => A=d,F=e,C=f,D=b,E=c - add 0($ctx),@ROTX[0] # update context - add 4($ctx),@ROTX[1] - add 8($ctx),@ROTX[3] - mov @ROTX[0],0($ctx) - add 12($ctx),@ROTX[4] - mov @ROTX[1],4($ctx) - mov @ROTX[0],$A # A=d - add 16($ctx),@ROTX[5] - mov @ROTX[3],$a5 - mov @ROTX[3],8($ctx) - mov @ROTX[4],$D # D=b - #xchg @ROTX[5],$F # F=c, C=f - mov @ROTX[4],12($ctx) - mov @ROTX[1],$F # F=e - mov @ROTX[5],16($ctx) - #mov $F,16($ctx) - mov @ROTX[5],$E # E=c - mov $a5,$C # C=f - #xchg $F,$E # E=c, F=e - - cmp $num,$inp - jbe .Loop_avx2 - -.Ldone_avx2: - vzeroupper -___ -$code.=<<___ if ($win64); - movaps -40-6*16($fp),%xmm6 - movaps -40-5*16($fp),%xmm7 - movaps -40-4*16($fp),%xmm8 - movaps -40-3*16($fp),%xmm9 - movaps -40-2*16($fp),%xmm10 - movaps -40-1*16($fp),%xmm11 -___ -$code.=<<___; - mov -40($fp),%r14 -.cfi_restore %r14 - mov -32($fp),%r13 -.cfi_restore %r13 - mov -24($fp),%r12 -.cfi_restore %r12 - mov -16($fp),%rbp -.cfi_restore %rbp - mov -8($fp),%rbx -.cfi_restore %rbx - lea ($fp),%rsp -.cfi_def_cfa_register %rsp -.Lepilogue_avx2: - ret -.cfi_endproc -.size sha1_block_data_order_avx2,.-sha1_block_data_order_avx2 -___ -} -} -$code.=<<___; -.align 64 -K_XX_XX: -.long 0x5a827999,0x5a827999,0x5a827999,0x5a827999 # K_00_19 -.long 0x5a827999,0x5a827999,0x5a827999,0x5a827999 # K_00_19 -.long 0x6ed9eba1,0x6ed9eba1,0x6ed9eba1,0x6ed9eba1 # K_20_39 -.long 0x6ed9eba1,0x6ed9eba1,0x6ed9eba1,0x6ed9eba1 # K_20_39 -.long 0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc # K_40_59 -.long 0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc # K_40_59 -.long 0xca62c1d6,0xca62c1d6,0xca62c1d6,0xca62c1d6 # K_60_79 -.long 0xca62c1d6,0xca62c1d6,0xca62c1d6,0xca62c1d6 # K_60_79 -.long 0x00010203,0x04050607,0x08090a0b,0x0c0d0e0f # pbswap mask -.long 0x00010203,0x04050607,0x08090a0b,0x0c0d0e0f # pbswap mask -.byte 0xf,0xe,0xd,0xc,0xb,0xa,0x9,0x8,0x7,0x6,0x5,0x4,0x3,0x2,0x1,0x0 -___ -}}} -$code.=<<___; -.asciz "SHA1 block transform for x86_64, CRYPTOGAMS by " -.align 64 -___ - -# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame, -# CONTEXT *context,DISPATCHER_CONTEXT *disp) -if ($win64) { -$rec="%rcx"; -$frame="%rdx"; -$context="%r8"; -$disp="%r9"; - -$code.=<<___; -.extern __imp_RtlVirtualUnwind -.type se_handler,\@abi-omnipotent -.align 16 -se_handler: - push %rsi - push %rdi - push %rbx - push %rbp - push %r12 - push %r13 - push %r14 - push %r15 - pushfq - sub \$64,%rsp - - mov 120($context),%rax # pull context->Rax - mov 248($context),%rbx # pull context->Rip - - lea .Lprologue(%rip),%r10 - cmp %r10,%rbx # context->Rip<.Lprologue - jb .Lcommon_seh_tail - - mov 152($context),%rax # pull context->Rsp - - lea .Lepilogue(%rip),%r10 - cmp %r10,%rbx # context->Rip>=.Lepilogue - jae .Lcommon_seh_tail - - mov `16*4`(%rax),%rax # pull saved stack pointer - - mov -8(%rax),%rbx - mov -16(%rax),%rbp - mov -24(%rax),%r12 - mov -32(%rax),%r13 - mov -40(%rax),%r14 - mov %rbx,144($context) # restore context->Rbx - mov %rbp,160($context) # restore context->Rbp - mov %r12,216($context) # restore context->R12 - mov %r13,224($context) # restore context->R13 - mov %r14,232($context) # restore context->R14 - - jmp .Lcommon_seh_tail -.size se_handler,.-se_handler -___ - -$code.=<<___ if ($shaext); -.type shaext_handler,\@abi-omnipotent -.align 16 -shaext_handler: - push %rsi - push %rdi - push %rbx - push %rbp - push %r12 - push %r13 - push %r14 - push %r15 - pushfq - sub \$64,%rsp - - mov 120($context),%rax # pull context->Rax - mov 248($context),%rbx # pull context->Rip - - lea .Lprologue_shaext(%rip),%r10 - cmp %r10,%rbx # context->Rip<.Lprologue - jb .Lcommon_seh_tail - - lea .Lepilogue_shaext(%rip),%r10 - cmp %r10,%rbx # context->Rip>=.Lepilogue - jae .Lcommon_seh_tail - - lea -8-4*16(%rax),%rsi - lea 512($context),%rdi # &context.Xmm6 - mov \$8,%ecx - .long 0xa548f3fc # cld; rep movsq - - jmp .Lcommon_seh_tail -.size shaext_handler,.-shaext_handler -___ - -$code.=<<___; -.type ssse3_handler,\@abi-omnipotent -.align 16 -ssse3_handler: - push %rsi - push %rdi - push %rbx - push %rbp - push %r12 - push %r13 - push %r14 - push %r15 - pushfq - sub \$64,%rsp - - mov 120($context),%rax # pull context->Rax - mov 248($context),%rbx # pull context->Rip - - mov 8($disp),%rsi # disp->ImageBase - mov 56($disp),%r11 # disp->HandlerData - - mov 0(%r11),%r10d # HandlerData[0] - lea (%rsi,%r10),%r10 # prologue label - cmp %r10,%rbx # context->RipR11 - - mov 4(%r11),%r10d # HandlerData[1] - lea (%rsi,%r10),%r10 # epilogue label - cmp %r10,%rbx # context->Rip>=epilogue label - jae .Lcommon_seh_tail - - lea -40-6*16(%rax),%rsi - lea 512($context),%rdi # &context.Xmm6 - mov \$12,%ecx - .long 0xa548f3fc # cld; rep movsq - - mov -8(%rax),%rbx - mov -16(%rax),%rbp - mov -24(%rax),%r12 - mov -32(%rax),%r13 - mov -40(%rax),%r14 - mov %rbx,144($context) # restore context->Rbx - mov %rbp,160($context) # restore context->Rbp - mov %r12,216($context) # restore context->R12 - mov %r13,224($context) # restore context->R13 - mov %r14,232($context) # restore context->R14 - -.Lcommon_seh_tail: - mov 8(%rax),%rdi - mov 16(%rax),%rsi - mov %rax,152($context) # restore context->Rsp - mov %rsi,168($context) # restore context->Rsi - mov %rdi,176($context) # restore context->Rdi - - mov 40($disp),%rdi # disp->ContextRecord - mov $context,%rsi # context - mov \$154,%ecx # sizeof(CONTEXT) - .long 0xa548f3fc # cld; rep movsq - - mov $disp,%rsi - xor %rcx,%rcx # arg1, UNW_FLAG_NHANDLER - mov 8(%rsi),%rdx # arg2, disp->ImageBase - mov 0(%rsi),%r8 # arg3, disp->ControlPc - mov 16(%rsi),%r9 # arg4, disp->FunctionEntry - mov 40(%rsi),%r10 # disp->ContextRecord - lea 56(%rsi),%r11 # &disp->HandlerData - lea 24(%rsi),%r12 # &disp->EstablisherFrame - mov %r10,32(%rsp) # arg5 - mov %r11,40(%rsp) # arg6 - mov %r12,48(%rsp) # arg7 - mov %rcx,56(%rsp) # arg8, (NULL) - call *__imp_RtlVirtualUnwind(%rip) - - mov \$1,%eax # ExceptionContinueSearch - add \$64,%rsp - popfq - pop %r15 - pop %r14 - pop %r13 - pop %r12 - pop %rbp - pop %rbx - pop %rdi - pop %rsi - ret -.size ssse3_handler,.-ssse3_handler - -.section .pdata -.align 4 - .rva .LSEH_begin_sha1_block_data_order - .rva .LSEH_end_sha1_block_data_order - .rva .LSEH_info_sha1_block_data_order -___ -$code.=<<___ if ($shaext); - .rva .LSEH_begin_sha1_block_data_order_shaext - .rva .LSEH_end_sha1_block_data_order_shaext - .rva .LSEH_info_sha1_block_data_order_shaext -___ -$code.=<<___; - .rva .LSEH_begin_sha1_block_data_order_ssse3 - .rva .LSEH_end_sha1_block_data_order_ssse3 - .rva .LSEH_info_sha1_block_data_order_ssse3 -___ -$code.=<<___ if ($avx); - .rva .LSEH_begin_sha1_block_data_order_avx - .rva .LSEH_end_sha1_block_data_order_avx - .rva .LSEH_info_sha1_block_data_order_avx -___ -$code.=<<___ if ($avx>1); - .rva .LSEH_begin_sha1_block_data_order_avx2 - .rva .LSEH_end_sha1_block_data_order_avx2 - .rva .LSEH_info_sha1_block_data_order_avx2 -___ -$code.=<<___; -.section .xdata -.align 8 -.LSEH_info_sha1_block_data_order: - .byte 9,0,0,0 - .rva se_handler -___ -$code.=<<___ if ($shaext); -.LSEH_info_sha1_block_data_order_shaext: - .byte 9,0,0,0 - .rva shaext_handler -___ -$code.=<<___; -.LSEH_info_sha1_block_data_order_ssse3: - .byte 9,0,0,0 - .rva ssse3_handler - .rva .Lprologue_ssse3,.Lepilogue_ssse3 # HandlerData[] -___ -$code.=<<___ if ($avx); -.LSEH_info_sha1_block_data_order_avx: - .byte 9,0,0,0 - .rva ssse3_handler - .rva .Lprologue_avx,.Lepilogue_avx # HandlerData[] -___ -$code.=<<___ if ($avx>1); -.LSEH_info_sha1_block_data_order_avx2: - .byte 9,0,0,0 - .rva ssse3_handler - .rva .Lprologue_avx2,.Lepilogue_avx2 # HandlerData[] -___ -} - -#################################################################### - -sub sha1rnds4 { - if (@_[0] =~ /\$([x0-9a-f]+),\s*%xmm([0-7]),\s*%xmm([0-7])/) { - my @opcode=(0x0f,0x3a,0xcc); - push @opcode,0xc0|($2&7)|(($3&7)<<3); # ModR/M - my $c=$1; - push @opcode,$c=~/^0/?oct($c):$c; - return ".byte\t".join(',',@opcode); - } else { - return "sha1rnds4\t".@_[0]; - } -} - -sub sha1op38 { - my $instr = shift; - my %opcodelet = ( - "sha1nexte" => 0xc8, - "sha1msg1" => 0xc9, - "sha1msg2" => 0xca ); - - if (defined($opcodelet{$instr}) && @_[0] =~ /%xmm([0-9]+),\s*%xmm([0-9]+)/) { - my @opcode=(0x0f,0x38); - my $rex=0; - $rex|=0x04 if ($2>=8); - $rex|=0x01 if ($1>=8); - unshift @opcode,0x40|$rex if ($rex); - push @opcode,$opcodelet{$instr}; - push @opcode,0xc0|($1&7)|(($2&7)<<3); # ModR/M - return ".byte\t".join(',',@opcode); - } else { - return $instr."\t".@_[0]; - } -} - -foreach (split("\n",$code)) { - s/\`([^\`]*)\`/eval $1/geo; - - s/\b(sha1rnds4)\s+(.*)/sha1rnds4($2)/geo or - s/\b(sha1[^\s]*)\s+(.*)/sha1op38($1,$2)/geo; - - print $_,"\n"; -} -close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/sha/asm/sha256-586.pl b/crypto/sha/asm/sha256-586.pl deleted file mode 100644 index 8e19cd875e3f3737f97db579f9391ae43e6f44c5..0000000000000000000000000000000000000000 --- a/crypto/sha/asm/sha256-586.pl +++ /dev/null @@ -1,1295 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - -# -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# ==================================================================== -# -# SHA256 block transform for x86. September 2007. -# -# Performance improvement over compiler generated code varies from -# 10% to 40% [see below]. Not very impressive on some µ-archs, but -# it's 5 times smaller and optimizes amount of writes. -# -# May 2012. -# -# Optimization including two of Pavel Semjanov's ideas, alternative -# Maj and full unroll, resulted in ~20-25% improvement on most CPUs, -# ~7% on Pentium, ~40% on Atom. As fully unrolled loop body is almost -# 15x larger, 8KB vs. 560B, it's fired only for longer inputs. But not -# on P4, where it kills performance, nor Sandy Bridge, where folded -# loop is approximately as fast... -# -# June 2012. -# -# Add AMD XOP-specific code path, >30% improvement on Bulldozer over -# May version, >60% over original. Add AVX+shrd code path, >25% -# improvement on Sandy Bridge over May version, 60% over original. -# -# May 2013. -# -# Replace AMD XOP code path with SSSE3 to cover more processors. -# (Biggest improvement coefficient is on upcoming Atom Silvermont, -# not shown.) Add AVX+BMI code path. -# -# March 2014. -# -# Add support for Intel SHA Extensions. -# -# Performance in clock cycles per processed byte (less is better): -# -# gcc icc x86 asm(*) SIMD x86_64 asm(**) -# Pentium 46 57 40/38 - - -# PIII 36 33 27/24 - - -# P4 41 38 28 - 17.3 -# AMD K8 27 25 19/15.5 - 14.9 -# Core2 26 23 18/15.6 14.3 13.8 -# Westmere 27 - 19/15.7 13.4 12.3 -# Sandy Bridge 25 - 15.9 12.4 11.6 -# Ivy Bridge 24 - 15.0 11.4 10.3 -# Haswell 22 - 13.9 9.46 7.80 -# Skylake 20 - 14.9 9.50 7.70 -# Bulldozer 36 - 27/22 17.0 13.6 -# VIA Nano 36 - 25/22 16.8 16.5 -# Atom 50 - 30/25 21.9 18.9 -# Silvermont 40 - 34/31 22.9 20.6 -# Goldmont 29 - 20 16.3(***) -# -# (*) numbers after slash are for unrolled loop, where applicable; -# (**) x86_64 assembly performance is presented for reference -# purposes, results are best-available; -# (***) SHAEXT result is 4.1, strangely enough better than 64-bit one; - -$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; -push(@INC,"${dir}","${dir}../../perlasm"); -require "x86asm.pl"; - -$output=pop and open STDOUT,">$output"; - -&asm_init($ARGV[0],$ARGV[$#ARGV] eq "386"); - -$xmm=$avx=0; -for (@ARGV) { $xmm=1 if (/-DOPENSSL_IA32_SSE2/); } - -if ($xmm && `$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1` - =~ /GNU assembler version ([2-9]\.[0-9]+)/) { - $avx = ($1>=2.19) + ($1>=2.22); -} - -if ($xmm && !$avx && $ARGV[0] eq "win32n" && - `nasm -v 2>&1` =~ /NASM version ([2-9]\.[0-9]+)/) { - $avx = ($1>=2.03) + ($1>=2.10); -} - -if ($xmm && !$avx && $ARGV[0] eq "win32" && - `ml 2>&1` =~ /Version ([0-9]+)\./) { - $avx = ($1>=10) + ($1>=11); -} - -if ($xmm && !$avx && `$ENV{CC} -v 2>&1` =~ /((?:clang|LLVM) version|based on LLVM) ([0-9]+\.[0-9]+)/) { - $avx = ($2>=3.0) + ($2>3.0); -} - -$shaext=$xmm; ### set to zero if compiling for 1.0.1 - -$unroll_after = 64*4; # If pre-evicted from L1P cache first spin of - # fully unrolled loop was measured to run about - # 3-4x slower. If slowdown coefficient is N and - # unrolled loop is m times faster, then you break - # even at (N-1)/(m-1) blocks. Then it needs to be - # adjusted for probability of code being evicted, - # code size/cache size=1/4. Typical m is 1.15... - -$A="eax"; -$E="edx"; -$T="ebx"; -$Aoff=&DWP(4,"esp"); -$Boff=&DWP(8,"esp"); -$Coff=&DWP(12,"esp"); -$Doff=&DWP(16,"esp"); -$Eoff=&DWP(20,"esp"); -$Foff=&DWP(24,"esp"); -$Goff=&DWP(28,"esp"); -$Hoff=&DWP(32,"esp"); -$Xoff=&DWP(36,"esp"); -$K256="ebp"; - -sub BODY_16_63() { - &mov ($T,"ecx"); # "ecx" is preloaded - &mov ("esi",&DWP(4*(9+15+16-14),"esp")); - &ror ("ecx",18-7); - &mov ("edi","esi"); - &ror ("esi",19-17); - &xor ("ecx",$T); - &shr ($T,3); - &ror ("ecx",7); - &xor ("esi","edi"); - &xor ($T,"ecx"); # T = sigma0(X[-15]) - &ror ("esi",17); - &add ($T,&DWP(4*(9+15+16),"esp")); # T += X[-16] - &shr ("edi",10); - &add ($T,&DWP(4*(9+15+16-9),"esp")); # T += X[-7] - #&xor ("edi","esi") # sigma1(X[-2]) - # &add ($T,"edi"); # T += sigma1(X[-2]) - # &mov (&DWP(4*(9+15),"esp"),$T); # save X[0] - - &BODY_00_15(1); -} -sub BODY_00_15() { - my $in_16_63=shift; - - &mov ("ecx",$E); - &xor ("edi","esi") if ($in_16_63); # sigma1(X[-2]) - &mov ("esi",$Foff); - &ror ("ecx",25-11); - &add ($T,"edi") if ($in_16_63); # T += sigma1(X[-2]) - &mov ("edi",$Goff); - &xor ("ecx",$E); - &xor ("esi","edi"); - &mov ($T,&DWP(4*(9+15),"esp")) if (!$in_16_63); - &mov (&DWP(4*(9+15),"esp"),$T) if ($in_16_63); # save X[0] - &ror ("ecx",11-6); - &and ("esi",$E); - &mov ($Eoff,$E); # modulo-scheduled - &xor ($E,"ecx"); - &add ($T,$Hoff); # T += h - &xor ("esi","edi"); # Ch(e,f,g) - &ror ($E,6); # Sigma1(e) - &mov ("ecx",$A); - &add ($T,"esi"); # T += Ch(e,f,g) - - &ror ("ecx",22-13); - &add ($T,$E); # T += Sigma1(e) - &mov ("edi",$Boff); - &xor ("ecx",$A); - &mov ($Aoff,$A); # modulo-scheduled - &lea ("esp",&DWP(-4,"esp")); - &ror ("ecx",13-2); - &mov ("esi",&DWP(0,$K256)); - &xor ("ecx",$A); - &mov ($E,$Eoff); # e in next iteration, d in this one - &xor ($A,"edi"); # a ^= b - &ror ("ecx",2); # Sigma0(a) - - &add ($T,"esi"); # T+= K[i] - &mov (&DWP(0,"esp"),$A); # (b^c) in next round - &add ($E,$T); # d += T - &and ($A,&DWP(4,"esp")); # a &= (b^c) - &add ($T,"ecx"); # T += Sigma0(a) - &xor ($A,"edi"); # h = Maj(a,b,c) = Ch(a^b,c,b) - &mov ("ecx",&DWP(4*(9+15+16-1),"esp")) if ($in_16_63); # preload T - &add ($K256,4); - &add ($A,$T); # h += T -} - -&external_label("OPENSSL_ia32cap_P") if (!$i386); - -&function_begin("sha256_block_data_order"); - &mov ("esi",wparam(0)); # ctx - &mov ("edi",wparam(1)); # inp - &mov ("eax",wparam(2)); # num - &mov ("ebx","esp"); # saved sp - - &call (&label("pic_point")); # make it PIC! -&set_label("pic_point"); - &blindpop($K256); - &lea ($K256,&DWP(&label("K256")."-".&label("pic_point"),$K256)); - - &sub ("esp",16); - &and ("esp",-64); - - &shl ("eax",6); - &add ("eax","edi"); - &mov (&DWP(0,"esp"),"esi"); # ctx - &mov (&DWP(4,"esp"),"edi"); # inp - &mov (&DWP(8,"esp"),"eax"); # inp+num*128 - &mov (&DWP(12,"esp"),"ebx"); # saved sp - if (!$i386 && $xmm) { - &picmeup("edx","OPENSSL_ia32cap_P",$K256,&label("K256")); - &mov ("ecx",&DWP(0,"edx")); - &mov ("ebx",&DWP(4,"edx")); - &test ("ecx",1<<20); # check for P4 - &jnz (&label("loop")); - &mov ("edx",&DWP(8,"edx")) if ($xmm); - &test ("ecx",1<<24); # check for FXSR - &jz ($unroll_after?&label("no_xmm"):&label("loop")); - &and ("ecx",1<<30); # mask "Intel CPU" bit - &and ("ebx",1<<28|1<<9); # mask AVX and SSSE3 bits - &test ("edx",1<<29) if ($shaext); # check for SHA - &jnz (&label("shaext")) if ($shaext); - &or ("ecx","ebx"); - &and ("ecx",1<<28|1<<30); - &cmp ("ecx",1<<28|1<<30); - if ($xmm) { - &je (&label("AVX")) if ($avx); - &test ("ebx",1<<9); # check for SSSE3 - &jnz (&label("SSSE3")); - } else { - &je (&label("loop_shrd")); - } - if ($unroll_after) { -&set_label("no_xmm"); - &sub ("eax","edi"); - &cmp ("eax",$unroll_after); - &jae (&label("unrolled")); - } } - &jmp (&label("loop")); - -sub COMPACT_LOOP() { -my $suffix=shift; - -&set_label("loop$suffix",$suffix?32:16); - # copy input block to stack reversing byte and dword order - for($i=0;$i<4;$i++) { - &mov ("eax",&DWP($i*16+0,"edi")); - &mov ("ebx",&DWP($i*16+4,"edi")); - &mov ("ecx",&DWP($i*16+8,"edi")); - &bswap ("eax"); - &mov ("edx",&DWP($i*16+12,"edi")); - &bswap ("ebx"); - &push ("eax"); - &bswap ("ecx"); - &push ("ebx"); - &bswap ("edx"); - &push ("ecx"); - &push ("edx"); - } - &add ("edi",64); - &lea ("esp",&DWP(-4*9,"esp"));# place for A,B,C,D,E,F,G,H - &mov (&DWP(4*(9+16)+4,"esp"),"edi"); - - # copy ctx->h[0-7] to A,B,C,D,E,F,G,H on stack - &mov ($A,&DWP(0,"esi")); - &mov ("ebx",&DWP(4,"esi")); - &mov ("ecx",&DWP(8,"esi")); - &mov ("edi",&DWP(12,"esi")); - # &mov ($Aoff,$A); - &mov ($Boff,"ebx"); - &xor ("ebx","ecx"); - &mov ($Coff,"ecx"); - &mov ($Doff,"edi"); - &mov (&DWP(0,"esp"),"ebx"); # magic - &mov ($E,&DWP(16,"esi")); - &mov ("ebx",&DWP(20,"esi")); - &mov ("ecx",&DWP(24,"esi")); - &mov ("edi",&DWP(28,"esi")); - # &mov ($Eoff,$E); - &mov ($Foff,"ebx"); - &mov ($Goff,"ecx"); - &mov ($Hoff,"edi"); - -&set_label("00_15$suffix",16); - - &BODY_00_15(); - - &cmp ("esi",0xc19bf174); - &jne (&label("00_15$suffix")); - - &mov ("ecx",&DWP(4*(9+15+16-1),"esp")); # preloaded in BODY_00_15(1) - &jmp (&label("16_63$suffix")); - -&set_label("16_63$suffix",16); - - &BODY_16_63(); - - &cmp ("esi",0xc67178f2); - &jne (&label("16_63$suffix")); - - &mov ("esi",&DWP(4*(9+16+64)+0,"esp"));#ctx - # &mov ($A,$Aoff); - &mov ("ebx",$Boff); - # &mov ("edi",$Coff); - &mov ("ecx",$Doff); - &add ($A,&DWP(0,"esi")); - &add ("ebx",&DWP(4,"esi")); - &add ("edi",&DWP(8,"esi")); - &add ("ecx",&DWP(12,"esi")); - &mov (&DWP(0,"esi"),$A); - &mov (&DWP(4,"esi"),"ebx"); - &mov (&DWP(8,"esi"),"edi"); - &mov (&DWP(12,"esi"),"ecx"); - # &mov ($E,$Eoff); - &mov ("eax",$Foff); - &mov ("ebx",$Goff); - &mov ("ecx",$Hoff); - &mov ("edi",&DWP(4*(9+16+64)+4,"esp"));#inp - &add ($E,&DWP(16,"esi")); - &add ("eax",&DWP(20,"esi")); - &add ("ebx",&DWP(24,"esi")); - &add ("ecx",&DWP(28,"esi")); - &mov (&DWP(16,"esi"),$E); - &mov (&DWP(20,"esi"),"eax"); - &mov (&DWP(24,"esi"),"ebx"); - &mov (&DWP(28,"esi"),"ecx"); - - &lea ("esp",&DWP(4*(9+16+64),"esp"));# destroy frame - &sub ($K256,4*64); # rewind K - - &cmp ("edi",&DWP(8,"esp")); # are we done yet? - &jb (&label("loop$suffix")); -} - &COMPACT_LOOP(); - &mov ("esp",&DWP(12,"esp")); # restore sp -&function_end_A(); - if (!$i386 && !$xmm) { - # ~20% improvement on Sandy Bridge - local *ror = sub { &shrd(@_[0],@_) }; - &COMPACT_LOOP("_shrd"); - &mov ("esp",&DWP(12,"esp")); # restore sp -&function_end_A(); - } - -&set_label("K256",64); # Yes! I keep it in the code segment! -@K256=( 0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5, - 0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5, - 0xd807aa98,0x12835b01,0x243185be,0x550c7dc3, - 0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174, - 0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc, - 0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da, - 0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7, - 0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967, - 0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13, - 0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85, - 0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3, - 0xd192e819,0xd6990624,0xf40e3585,0x106aa070, - 0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5, - 0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3, - 0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208, - 0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2 ); -&data_word(@K256); -&data_word(0x00010203,0x04050607,0x08090a0b,0x0c0d0e0f); # byte swap mask -&asciz("SHA256 block transform for x86, CRYPTOGAMS by "); - -($a,$b,$c,$d,$e,$f,$g,$h)=(0..7); # offsets -sub off { &DWP(4*(((shift)-$i)&7),"esp"); } - -if (!$i386 && $unroll_after) { -my @AH=($A,$K256); - -&set_label("unrolled",16); - &lea ("esp",&DWP(-96,"esp")); - # copy ctx->h[0-7] to A,B,C,D,E,F,G,H on stack - &mov ($AH[0],&DWP(0,"esi")); - &mov ($AH[1],&DWP(4,"esi")); - &mov ("ecx",&DWP(8,"esi")); - &mov ("ebx",&DWP(12,"esi")); - #&mov (&DWP(0,"esp"),$AH[0]); - &mov (&DWP(4,"esp"),$AH[1]); - &xor ($AH[1],"ecx"); # magic - &mov (&DWP(8,"esp"),"ecx"); - &mov (&DWP(12,"esp"),"ebx"); - &mov ($E,&DWP(16,"esi")); - &mov ("ebx",&DWP(20,"esi")); - &mov ("ecx",&DWP(24,"esi")); - &mov ("esi",&DWP(28,"esi")); - #&mov (&DWP(16,"esp"),$E); - &mov (&DWP(20,"esp"),"ebx"); - &mov (&DWP(24,"esp"),"ecx"); - &mov (&DWP(28,"esp"),"esi"); - &jmp (&label("grand_loop")); - -&set_label("grand_loop",16); - # copy input block to stack reversing byte order - for($i=0;$i<5;$i++) { - &mov ("ebx",&DWP(12*$i+0,"edi")); - &mov ("ecx",&DWP(12*$i+4,"edi")); - &bswap ("ebx"); - &mov ("esi",&DWP(12*$i+8,"edi")); - &bswap ("ecx"); - &mov (&DWP(32+12*$i+0,"esp"),"ebx"); - &bswap ("esi"); - &mov (&DWP(32+12*$i+4,"esp"),"ecx"); - &mov (&DWP(32+12*$i+8,"esp"),"esi"); - } - &mov ("ebx",&DWP($i*12,"edi")); - &add ("edi",64); - &bswap ("ebx"); - &mov (&DWP(96+4,"esp"),"edi"); - &mov (&DWP(32+12*$i,"esp"),"ebx"); - - my ($t1,$t2) = ("ecx","esi"); - - for ($i=0;$i<64;$i++) { - - if ($i>=16) { - &mov ($T,$t1); # $t1 is preloaded - # &mov ($t2,&DWP(32+4*(($i+14)&15),"esp")); - &ror ($t1,18-7); - &mov ("edi",$t2); - &ror ($t2,19-17); - &xor ($t1,$T); - &shr ($T,3); - &ror ($t1,7); - &xor ($t2,"edi"); - &xor ($T,$t1); # T = sigma0(X[-15]) - &ror ($t2,17); - &add ($T,&DWP(32+4*($i&15),"esp")); # T += X[-16] - &shr ("edi",10); - &add ($T,&DWP(32+4*(($i+9)&15),"esp")); # T += X[-7] - #&xor ("edi",$t2) # sigma1(X[-2]) - # &add ($T,"edi"); # T += sigma1(X[-2]) - # &mov (&DWP(4*(9+15),"esp"),$T); # save X[0] - } - &mov ($t1,$E); - &xor ("edi",$t2) if ($i>=16); # sigma1(X[-2]) - &mov ($t2,&off($f)); - &ror ($E,25-11); - &add ($T,"edi") if ($i>=16); # T += sigma1(X[-2]) - &mov ("edi",&off($g)); - &xor ($E,$t1); - &mov ($T,&DWP(32+4*($i&15),"esp")) if ($i<16); # X[i] - &mov (&DWP(32+4*($i&15),"esp"),$T) if ($i>=16 && $i<62); # save X[0] - &xor ($t2,"edi"); - &ror ($E,11-6); - &and ($t2,$t1); - &mov (&off($e),$t1); # save $E, modulo-scheduled - &xor ($E,$t1); - &add ($T,&off($h)); # T += h - &xor ("edi",$t2); # Ch(e,f,g) - &ror ($E,6); # Sigma1(e) - &mov ($t1,$AH[0]); - &add ($T,"edi"); # T += Ch(e,f,g) - - &ror ($t1,22-13); - &mov ($t2,$AH[0]); - &mov ("edi",&off($b)); - &xor ($t1,$AH[0]); - &mov (&off($a),$AH[0]); # save $A, modulo-scheduled - &xor ($AH[0],"edi"); # a ^= b, (b^c) in next round - &ror ($t1,13-2); - &and ($AH[1],$AH[0]); # (b^c) &= (a^b) - &lea ($E,&DWP(@K256[$i],$T,$E)); # T += Sigma1(1)+K[i] - &xor ($t1,$t2); - &xor ($AH[1],"edi"); # h = Maj(a,b,c) = Ch(a^b,c,b) - &mov ($t2,&DWP(32+4*(($i+2)&15),"esp")) if ($i>=15 && $i<63); - &ror ($t1,2); # Sigma0(a) - - &add ($AH[1],$E); # h += T - &add ($E,&off($d)); # d += T - &add ($AH[1],$t1); # h += Sigma0(a) - &mov ($t1,&DWP(32+4*(($i+15)&15),"esp")) if ($i>=15 && $i<63); - - @AH = reverse(@AH); # rotate(a,h) - ($t1,$t2) = ($t2,$t1); # rotate(t1,t2) - } - &mov ("esi",&DWP(96,"esp")); #ctx - #&mov ($AH[0],&DWP(0,"esp")); - &xor ($AH[1],"edi"); #&mov ($AH[1],&DWP(4,"esp")); - #&mov ("edi", &DWP(8,"esp")); - &mov ("ecx",&DWP(12,"esp")); - &add ($AH[0],&DWP(0,"esi")); - &add ($AH[1],&DWP(4,"esi")); - &add ("edi",&DWP(8,"esi")); - &add ("ecx",&DWP(12,"esi")); - &mov (&DWP(0,"esi"),$AH[0]); - &mov (&DWP(4,"esi"),$AH[1]); - &mov (&DWP(8,"esi"),"edi"); - &mov (&DWP(12,"esi"),"ecx"); - #&mov (&DWP(0,"esp"),$AH[0]); - &mov (&DWP(4,"esp"),$AH[1]); - &xor ($AH[1],"edi"); # magic - &mov (&DWP(8,"esp"),"edi"); - &mov (&DWP(12,"esp"),"ecx"); - #&mov ($E,&DWP(16,"esp")); - &mov ("edi",&DWP(20,"esp")); - &mov ("ebx",&DWP(24,"esp")); - &mov ("ecx",&DWP(28,"esp")); - &add ($E,&DWP(16,"esi")); - &add ("edi",&DWP(20,"esi")); - &add ("ebx",&DWP(24,"esi")); - &add ("ecx",&DWP(28,"esi")); - &mov (&DWP(16,"esi"),$E); - &mov (&DWP(20,"esi"),"edi"); - &mov (&DWP(24,"esi"),"ebx"); - &mov (&DWP(28,"esi"),"ecx"); - #&mov (&DWP(16,"esp"),$E); - &mov (&DWP(20,"esp"),"edi"); - &mov ("edi",&DWP(96+4,"esp")); # inp - &mov (&DWP(24,"esp"),"ebx"); - &mov (&DWP(28,"esp"),"ecx"); - - &cmp ("edi",&DWP(96+8,"esp")); # are we done yet? - &jb (&label("grand_loop")); - - &mov ("esp",&DWP(96+12,"esp")); # restore sp -&function_end_A(); -} - if (!$i386 && $xmm) {{{ -if ($shaext) { -###################################################################### -# Intel SHA Extensions implementation of SHA256 update function. -# -my ($ctx,$inp,$end)=("esi","edi","eax"); -my ($Wi,$ABEF,$CDGH,$TMP)=map("xmm$_",(0..2,7)); -my @MSG=map("xmm$_",(3..6)); - -sub sha256op38 { - my ($opcodelet,$dst,$src)=@_; - if ("$dst:$src" =~ /xmm([0-7]):xmm([0-7])/) - { &data_byte(0x0f,0x38,$opcodelet,0xc0|($1<<3)|$2); } -} -sub sha256rnds2 { sha256op38(0xcb,@_); } -sub sha256msg1 { sha256op38(0xcc,@_); } -sub sha256msg2 { sha256op38(0xcd,@_); } - -&set_label("shaext",32); - &sub ("esp",32); - - &movdqu ($ABEF,&QWP(0,$ctx)); # DCBA - &lea ($K256,&DWP(0x80,$K256)); - &movdqu ($CDGH,&QWP(16,$ctx)); # HGFE - &movdqa ($TMP,&QWP(0x100-0x80,$K256)); # byte swap mask - - &pshufd ($Wi,$ABEF,0x1b); # ABCD - &pshufd ($ABEF,$ABEF,0xb1); # CDAB - &pshufd ($CDGH,$CDGH,0x1b); # EFGH - &palignr ($ABEF,$CDGH,8); # ABEF - &punpcklqdq ($CDGH,$Wi); # CDGH - &jmp (&label("loop_shaext")); - -&set_label("loop_shaext",16); - &movdqu (@MSG[0],&QWP(0,$inp)); - &movdqu (@MSG[1],&QWP(0x10,$inp)); - &movdqu (@MSG[2],&QWP(0x20,$inp)); - &pshufb (@MSG[0],$TMP); - &movdqu (@MSG[3],&QWP(0x30,$inp)); - &movdqa (&QWP(16,"esp"),$CDGH); # offload - - &movdqa ($Wi,&QWP(0*16-0x80,$K256)); - &paddd ($Wi,@MSG[0]); - &pshufb (@MSG[1],$TMP); - &sha256rnds2 ($CDGH,$ABEF); # 0-3 - &pshufd ($Wi,$Wi,0x0e); - &nop (); - &movdqa (&QWP(0,"esp"),$ABEF); # offload - &sha256rnds2 ($ABEF,$CDGH); - - &movdqa ($Wi,&QWP(1*16-0x80,$K256)); - &paddd ($Wi,@MSG[1]); - &pshufb (@MSG[2],$TMP); - &sha256rnds2 ($CDGH,$ABEF); # 4-7 - &pshufd ($Wi,$Wi,0x0e); - &lea ($inp,&DWP(0x40,$inp)); - &sha256msg1 (@MSG[0],@MSG[1]); - &sha256rnds2 ($ABEF,$CDGH); - - &movdqa ($Wi,&QWP(2*16-0x80,$K256)); - &paddd ($Wi,@MSG[2]); - &pshufb (@MSG[3],$TMP); - &sha256rnds2 ($CDGH,$ABEF); # 8-11 - &pshufd ($Wi,$Wi,0x0e); - &movdqa ($TMP,@MSG[3]); - &palignr ($TMP,@MSG[2],4); - &nop (); - &paddd (@MSG[0],$TMP); - &sha256msg1 (@MSG[1],@MSG[2]); - &sha256rnds2 ($ABEF,$CDGH); - - &movdqa ($Wi,&QWP(3*16-0x80,$K256)); - &paddd ($Wi,@MSG[3]); - &sha256msg2 (@MSG[0],@MSG[3]); - &sha256rnds2 ($CDGH,$ABEF); # 12-15 - &pshufd ($Wi,$Wi,0x0e); - &movdqa ($TMP,@MSG[0]); - &palignr ($TMP,@MSG[3],4); - &nop (); - &paddd (@MSG[1],$TMP); - &sha256msg1 (@MSG[2],@MSG[3]); - &sha256rnds2 ($ABEF,$CDGH); - -for($i=4;$i<16-3;$i++) { - &movdqa ($Wi,&QWP($i*16-0x80,$K256)); - &paddd ($Wi,@MSG[0]); - &sha256msg2 (@MSG[1],@MSG[0]); - &sha256rnds2 ($CDGH,$ABEF); # 16-19... - &pshufd ($Wi,$Wi,0x0e); - &movdqa ($TMP,@MSG[1]); - &palignr ($TMP,@MSG[0],4); - &nop (); - &paddd (@MSG[2],$TMP); - &sha256msg1 (@MSG[3],@MSG[0]); - &sha256rnds2 ($ABEF,$CDGH); - - push(@MSG,shift(@MSG)); -} - &movdqa ($Wi,&QWP(13*16-0x80,$K256)); - &paddd ($Wi,@MSG[0]); - &sha256msg2 (@MSG[1],@MSG[0]); - &sha256rnds2 ($CDGH,$ABEF); # 52-55 - &pshufd ($Wi,$Wi,0x0e); - &movdqa ($TMP,@MSG[1]) - &palignr ($TMP,@MSG[0],4); - &sha256rnds2 ($ABEF,$CDGH); - &paddd (@MSG[2],$TMP); - - &movdqa ($Wi,&QWP(14*16-0x80,$K256)); - &paddd ($Wi,@MSG[1]); - &sha256rnds2 ($CDGH,$ABEF); # 56-59 - &pshufd ($Wi,$Wi,0x0e); - &sha256msg2 (@MSG[2],@MSG[1]); - &movdqa ($TMP,&QWP(0x100-0x80,$K256)); # byte swap mask - &sha256rnds2 ($ABEF,$CDGH); - - &movdqa ($Wi,&QWP(15*16-0x80,$K256)); - &paddd ($Wi,@MSG[2]); - &nop (); - &sha256rnds2 ($CDGH,$ABEF); # 60-63 - &pshufd ($Wi,$Wi,0x0e); - &cmp ($end,$inp); - &nop (); - &sha256rnds2 ($ABEF,$CDGH); - - &paddd ($CDGH,&QWP(16,"esp")); - &paddd ($ABEF,&QWP(0,"esp")); - &jnz (&label("loop_shaext")); - - &pshufd ($CDGH,$CDGH,0xb1); # DCHG - &pshufd ($TMP,$ABEF,0x1b); # FEBA - &pshufd ($ABEF,$ABEF,0xb1); # BAFE - &punpckhqdq ($ABEF,$CDGH); # DCBA - &palignr ($CDGH,$TMP,8); # HGFE - - &mov ("esp",&DWP(32+12,"esp")); - &movdqu (&QWP(0,$ctx),$ABEF); - &movdqu (&QWP(16,$ctx),$CDGH); -&function_end_A(); -} - -my @X = map("xmm$_",(0..3)); -my ($t0,$t1,$t2,$t3) = map("xmm$_",(4..7)); -my @AH = ($A,$T); - -&set_label("SSSE3",32); - &lea ("esp",&DWP(-96,"esp")); - # copy ctx->h[0-7] to A,B,C,D,E,F,G,H on stack - &mov ($AH[0],&DWP(0,"esi")); - &mov ($AH[1],&DWP(4,"esi")); - &mov ("ecx",&DWP(8,"esi")); - &mov ("edi",&DWP(12,"esi")); - #&mov (&DWP(0,"esp"),$AH[0]); - &mov (&DWP(4,"esp"),$AH[1]); - &xor ($AH[1],"ecx"); # magic - &mov (&DWP(8,"esp"),"ecx"); - &mov (&DWP(12,"esp"),"edi"); - &mov ($E,&DWP(16,"esi")); - &mov ("edi",&DWP(20,"esi")); - &mov ("ecx",&DWP(24,"esi")); - &mov ("esi",&DWP(28,"esi")); - #&mov (&DWP(16,"esp"),$E); - &mov (&DWP(20,"esp"),"edi"); - &mov ("edi",&DWP(96+4,"esp")); # inp - &mov (&DWP(24,"esp"),"ecx"); - &mov (&DWP(28,"esp"),"esi"); - &movdqa ($t3,&QWP(256,$K256)); - &jmp (&label("grand_ssse3")); - -&set_label("grand_ssse3",16); - # load input, reverse byte order, add K256[0..15], save to stack - &movdqu (@X[0],&QWP(0,"edi")); - &movdqu (@X[1],&QWP(16,"edi")); - &movdqu (@X[2],&QWP(32,"edi")); - &movdqu (@X[3],&QWP(48,"edi")); - &add ("edi",64); - &pshufb (@X[0],$t3); - &mov (&DWP(96+4,"esp"),"edi"); - &pshufb (@X[1],$t3); - &movdqa ($t0,&QWP(0,$K256)); - &pshufb (@X[2],$t3); - &movdqa ($t1,&QWP(16,$K256)); - &paddd ($t0,@X[0]); - &pshufb (@X[3],$t3); - &movdqa ($t2,&QWP(32,$K256)); - &paddd ($t1,@X[1]); - &movdqa ($t3,&QWP(48,$K256)); - &movdqa (&QWP(32+0,"esp"),$t0); - &paddd ($t2,@X[2]); - &movdqa (&QWP(32+16,"esp"),$t1); - &paddd ($t3,@X[3]); - &movdqa (&QWP(32+32,"esp"),$t2); - &movdqa (&QWP(32+48,"esp"),$t3); - &jmp (&label("ssse3_00_47")); - -&set_label("ssse3_00_47",16); - &add ($K256,64); - -sub SSSE3_00_47 () { -my $j = shift; -my $body = shift; -my @X = @_; -my @insns = (&$body,&$body,&$body,&$body); # 120 instructions - - eval(shift(@insns)); - &movdqa ($t0,@X[1]); - eval(shift(@insns)); # @ - eval(shift(@insns)); - &movdqa ($t3,@X[3]); - eval(shift(@insns)); - eval(shift(@insns)); - &palignr ($t0,@X[0],4); # X[1..4] - eval(shift(@insns)); - eval(shift(@insns)); # @ - eval(shift(@insns)); - &palignr ($t3,@X[2],4); # X[9..12] - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - &movdqa ($t1,$t0); - eval(shift(@insns)); # @ - eval(shift(@insns)); - &movdqa ($t2,$t0); - eval(shift(@insns)); - eval(shift(@insns)); - &psrld ($t0,3); - eval(shift(@insns)); - eval(shift(@insns)); # @ - &paddd (@X[0],$t3); # X[0..3] += X[9..12] - eval(shift(@insns)); - eval(shift(@insns)); - &psrld ($t2,7); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); # @ - eval(shift(@insns)); - &pshufd ($t3,@X[3],0b11111010); # X[14..15] - eval(shift(@insns)); - eval(shift(@insns)); - &pslld ($t1,32-18); - eval(shift(@insns)); - eval(shift(@insns)); # @ - &pxor ($t0,$t2); - eval(shift(@insns)); - eval(shift(@insns)); - &psrld ($t2,18-7); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); # @ - &pxor ($t0,$t1); - eval(shift(@insns)); - eval(shift(@insns)); - &pslld ($t1,18-7); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); # @ - &pxor ($t0,$t2); - eval(shift(@insns)); - eval(shift(@insns)); - &movdqa ($t2,$t3); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); # @ - &pxor ($t0,$t1); # sigma0(X[1..4]) - eval(shift(@insns)); - eval(shift(@insns)); - &psrld ($t3,10); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); # @ - &paddd (@X[0],$t0); # X[0..3] += sigma0(X[1..4]) - eval(shift(@insns)); - eval(shift(@insns)); - &psrlq ($t2,17); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); # @ - &pxor ($t3,$t2); - eval(shift(@insns)); - eval(shift(@insns)); - &psrlq ($t2,19-17); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); # @ - &pxor ($t3,$t2); - eval(shift(@insns)); - eval(shift(@insns)); - &pshufd ($t3,$t3,0b10000000); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); # @ - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); # @ - eval(shift(@insns)); - &psrldq ($t3,8); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - &paddd (@X[0],$t3); # X[0..1] += sigma1(X[14..15]) - eval(shift(@insns)); # @ - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); # @ - eval(shift(@insns)); - &pshufd ($t3,@X[0],0b01010000); # X[16..17] - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - &movdqa ($t2,$t3); - eval(shift(@insns)); # @ - &psrld ($t3,10); - eval(shift(@insns)); - &psrlq ($t2,17); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); # @ - &pxor ($t3,$t2); - eval(shift(@insns)); - eval(shift(@insns)); - &psrlq ($t2,19-17); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); # @ - &pxor ($t3,$t2); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - &pshufd ($t3,$t3,0b00001000); - eval(shift(@insns)); - eval(shift(@insns)); # @ - &movdqa ($t2,&QWP(16*$j,$K256)); - eval(shift(@insns)); - eval(shift(@insns)); - &pslldq ($t3,8); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); # @ - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); # @ - &paddd (@X[0],$t3); # X[2..3] += sigma1(X[16..17]) - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - &paddd ($t2,@X[0]); - eval(shift(@insns)); # @ - - foreach (@insns) { eval; } # remaining instructions - - &movdqa (&QWP(32+16*$j,"esp"),$t2); -} - -sub body_00_15 () { - ( - '&mov ("ecx",$E);', - '&ror ($E,25-11);', - '&mov ("esi",&off($f));', - '&xor ($E,"ecx");', - '&mov ("edi",&off($g));', - '&xor ("esi","edi");', - '&ror ($E,11-6);', - '&and ("esi","ecx");', - '&mov (&off($e),"ecx");', # save $E, modulo-scheduled - '&xor ($E,"ecx");', - '&xor ("edi","esi");', # Ch(e,f,g) - '&ror ($E,6);', # T = Sigma1(e) - '&mov ("ecx",$AH[0]);', - '&add ($E,"edi");', # T += Ch(e,f,g) - '&mov ("edi",&off($b));', - '&mov ("esi",$AH[0]);', - - '&ror ("ecx",22-13);', - '&mov (&off($a),$AH[0]);', # save $A, modulo-scheduled - '&xor ("ecx",$AH[0]);', - '&xor ($AH[0],"edi");', # a ^= b, (b^c) in next round - '&add ($E,&off($h));', # T += h - '&ror ("ecx",13-2);', - '&and ($AH[1],$AH[0]);', # (b^c) &= (a^b) - '&xor ("ecx","esi");', - '&add ($E,&DWP(32+4*($i&15),"esp"));', # T += K[i]+X[i] - '&xor ($AH[1],"edi");', # h = Maj(a,b,c) = Ch(a^b,c,b) - '&ror ("ecx",2);', # Sigma0(a) - - '&add ($AH[1],$E);', # h += T - '&add ($E,&off($d));', # d += T - '&add ($AH[1],"ecx");'. # h += Sigma0(a) - - '@AH = reverse(@AH); $i++;' # rotate(a,h) - ); -} - - for ($i=0,$j=0; $j<4; $j++) { - &SSSE3_00_47($j,\&body_00_15,@X); - push(@X,shift(@X)); # rotate(@X) - } - &cmp (&DWP(16*$j,$K256),0x00010203); - &jne (&label("ssse3_00_47")); - - for ($i=0; $i<16; ) { - foreach(body_00_15()) { eval; } - } - - &mov ("esi",&DWP(96,"esp")); #ctx - #&mov ($AH[0],&DWP(0,"esp")); - &xor ($AH[1],"edi"); #&mov ($AH[1],&DWP(4,"esp")); - #&mov ("edi", &DWP(8,"esp")); - &mov ("ecx",&DWP(12,"esp")); - &add ($AH[0],&DWP(0,"esi")); - &add ($AH[1],&DWP(4,"esi")); - &add ("edi",&DWP(8,"esi")); - &add ("ecx",&DWP(12,"esi")); - &mov (&DWP(0,"esi"),$AH[0]); - &mov (&DWP(4,"esi"),$AH[1]); - &mov (&DWP(8,"esi"),"edi"); - &mov (&DWP(12,"esi"),"ecx"); - #&mov (&DWP(0,"esp"),$AH[0]); - &mov (&DWP(4,"esp"),$AH[1]); - &xor ($AH[1],"edi"); # magic - &mov (&DWP(8,"esp"),"edi"); - &mov (&DWP(12,"esp"),"ecx"); - #&mov ($E,&DWP(16,"esp")); - &mov ("edi",&DWP(20,"esp")); - &mov ("ecx",&DWP(24,"esp")); - &add ($E,&DWP(16,"esi")); - &add ("edi",&DWP(20,"esi")); - &add ("ecx",&DWP(24,"esi")); - &mov (&DWP(16,"esi"),$E); - &mov (&DWP(20,"esi"),"edi"); - &mov (&DWP(20,"esp"),"edi"); - &mov ("edi",&DWP(28,"esp")); - &mov (&DWP(24,"esi"),"ecx"); - #&mov (&DWP(16,"esp"),$E); - &add ("edi",&DWP(28,"esi")); - &mov (&DWP(24,"esp"),"ecx"); - &mov (&DWP(28,"esi"),"edi"); - &mov (&DWP(28,"esp"),"edi"); - &mov ("edi",&DWP(96+4,"esp")); # inp - - &movdqa ($t3,&QWP(64,$K256)); - &sub ($K256,3*64); # rewind K - &cmp ("edi",&DWP(96+8,"esp")); # are we done yet? - &jb (&label("grand_ssse3")); - - &mov ("esp",&DWP(96+12,"esp")); # restore sp -&function_end_A(); - if ($avx) { -&set_label("AVX",32); - if ($avx>1) { - &and ("edx",1<<8|1<<3); # check for BMI2+BMI1 - &cmp ("edx",1<<8|1<<3); - &je (&label("AVX_BMI")); - } - &lea ("esp",&DWP(-96,"esp")); - &vzeroall (); - # copy ctx->h[0-7] to A,B,C,D,E,F,G,H on stack - &mov ($AH[0],&DWP(0,"esi")); - &mov ($AH[1],&DWP(4,"esi")); - &mov ("ecx",&DWP(8,"esi")); - &mov ("edi",&DWP(12,"esi")); - #&mov (&DWP(0,"esp"),$AH[0]); - &mov (&DWP(4,"esp"),$AH[1]); - &xor ($AH[1],"ecx"); # magic - &mov (&DWP(8,"esp"),"ecx"); - &mov (&DWP(12,"esp"),"edi"); - &mov ($E,&DWP(16,"esi")); - &mov ("edi",&DWP(20,"esi")); - &mov ("ecx",&DWP(24,"esi")); - &mov ("esi",&DWP(28,"esi")); - #&mov (&DWP(16,"esp"),$E); - &mov (&DWP(20,"esp"),"edi"); - &mov ("edi",&DWP(96+4,"esp")); # inp - &mov (&DWP(24,"esp"),"ecx"); - &mov (&DWP(28,"esp"),"esi"); - &vmovdqa ($t3,&QWP(256,$K256)); - &jmp (&label("grand_avx")); - -&set_label("grand_avx",32); - # load input, reverse byte order, add K256[0..15], save to stack - &vmovdqu (@X[0],&QWP(0,"edi")); - &vmovdqu (@X[1],&QWP(16,"edi")); - &vmovdqu (@X[2],&QWP(32,"edi")); - &vmovdqu (@X[3],&QWP(48,"edi")); - &add ("edi",64); - &vpshufb (@X[0],@X[0],$t3); - &mov (&DWP(96+4,"esp"),"edi"); - &vpshufb (@X[1],@X[1],$t3); - &vpshufb (@X[2],@X[2],$t3); - &vpaddd ($t0,@X[0],&QWP(0,$K256)); - &vpshufb (@X[3],@X[3],$t3); - &vpaddd ($t1,@X[1],&QWP(16,$K256)); - &vpaddd ($t2,@X[2],&QWP(32,$K256)); - &vpaddd ($t3,@X[3],&QWP(48,$K256)); - &vmovdqa (&QWP(32+0,"esp"),$t0); - &vmovdqa (&QWP(32+16,"esp"),$t1); - &vmovdqa (&QWP(32+32,"esp"),$t2); - &vmovdqa (&QWP(32+48,"esp"),$t3); - &jmp (&label("avx_00_47")); - -&set_label("avx_00_47",16); - &add ($K256,64); - -sub Xupdate_AVX () { - ( - '&vpalignr ($t0,@X[1],@X[0],4);', # X[1..4] - '&vpalignr ($t3,@X[3],@X[2],4);', # X[9..12] - '&vpsrld ($t2,$t0,7);', - '&vpaddd (@X[0],@X[0],$t3);', # X[0..3] += X[9..16] - '&vpsrld ($t3,$t0,3);', - '&vpslld ($t1,$t0,14);', - '&vpxor ($t0,$t3,$t2);', - '&vpshufd ($t3,@X[3],0b11111010)',# X[14..15] - '&vpsrld ($t2,$t2,18-7);', - '&vpxor ($t0,$t0,$t1);', - '&vpslld ($t1,$t1,25-14);', - '&vpxor ($t0,$t0,$t2);', - '&vpsrld ($t2,$t3,10);', - '&vpxor ($t0,$t0,$t1);', # sigma0(X[1..4]) - '&vpsrlq ($t1,$t3,17);', - '&vpaddd (@X[0],@X[0],$t0);', # X[0..3] += sigma0(X[1..4]) - '&vpxor ($t2,$t2,$t1);', - '&vpsrlq ($t3,$t3,19);', - '&vpxor ($t2,$t2,$t3);', # sigma1(X[14..15] - '&vpshufd ($t3,$t2,0b10000100);', - '&vpsrldq ($t3,$t3,8);', - '&vpaddd (@X[0],@X[0],$t3);', # X[0..1] += sigma1(X[14..15]) - '&vpshufd ($t3,@X[0],0b01010000)',# X[16..17] - '&vpsrld ($t2,$t3,10);', - '&vpsrlq ($t1,$t3,17);', - '&vpxor ($t2,$t2,$t1);', - '&vpsrlq ($t3,$t3,19);', - '&vpxor ($t2,$t2,$t3);', # sigma1(X[16..17] - '&vpshufd ($t3,$t2,0b11101000);', - '&vpslldq ($t3,$t3,8);', - '&vpaddd (@X[0],@X[0],$t3);' # X[2..3] += sigma1(X[16..17]) - ); -} - -local *ror = sub { &shrd(@_[0],@_) }; -sub AVX_00_47 () { -my $j = shift; -my $body = shift; -my @X = @_; -my @insns = (&$body,&$body,&$body,&$body); # 120 instructions -my $insn; - - foreach (Xupdate_AVX()) { # 31 instructions - eval; - eval(shift(@insns)); - eval(shift(@insns)); - eval($insn = shift(@insns)); - eval(shift(@insns)) if ($insn =~ /rorx/ && @insns[0] =~ /rorx/); - } - &vpaddd ($t2,@X[0],&QWP(16*$j,$K256)); - foreach (@insns) { eval; } # remaining instructions - &vmovdqa (&QWP(32+16*$j,"esp"),$t2); -} - - for ($i=0,$j=0; $j<4; $j++) { - &AVX_00_47($j,\&body_00_15,@X); - push(@X,shift(@X)); # rotate(@X) - } - &cmp (&DWP(16*$j,$K256),0x00010203); - &jne (&label("avx_00_47")); - - for ($i=0; $i<16; ) { - foreach(body_00_15()) { eval; } - } - - &mov ("esi",&DWP(96,"esp")); #ctx - #&mov ($AH[0],&DWP(0,"esp")); - &xor ($AH[1],"edi"); #&mov ($AH[1],&DWP(4,"esp")); - #&mov ("edi", &DWP(8,"esp")); - &mov ("ecx",&DWP(12,"esp")); - &add ($AH[0],&DWP(0,"esi")); - &add ($AH[1],&DWP(4,"esi")); - &add ("edi",&DWP(8,"esi")); - &add ("ecx",&DWP(12,"esi")); - &mov (&DWP(0,"esi"),$AH[0]); - &mov (&DWP(4,"esi"),$AH[1]); - &mov (&DWP(8,"esi"),"edi"); - &mov (&DWP(12,"esi"),"ecx"); - #&mov (&DWP(0,"esp"),$AH[0]); - &mov (&DWP(4,"esp"),$AH[1]); - &xor ($AH[1],"edi"); # magic - &mov (&DWP(8,"esp"),"edi"); - &mov (&DWP(12,"esp"),"ecx"); - #&mov ($E,&DWP(16,"esp")); - &mov ("edi",&DWP(20,"esp")); - &mov ("ecx",&DWP(24,"esp")); - &add ($E,&DWP(16,"esi")); - &add ("edi",&DWP(20,"esi")); - &add ("ecx",&DWP(24,"esi")); - &mov (&DWP(16,"esi"),$E); - &mov (&DWP(20,"esi"),"edi"); - &mov (&DWP(20,"esp"),"edi"); - &mov ("edi",&DWP(28,"esp")); - &mov (&DWP(24,"esi"),"ecx"); - #&mov (&DWP(16,"esp"),$E); - &add ("edi",&DWP(28,"esi")); - &mov (&DWP(24,"esp"),"ecx"); - &mov (&DWP(28,"esi"),"edi"); - &mov (&DWP(28,"esp"),"edi"); - &mov ("edi",&DWP(96+4,"esp")); # inp - - &vmovdqa ($t3,&QWP(64,$K256)); - &sub ($K256,3*64); # rewind K - &cmp ("edi",&DWP(96+8,"esp")); # are we done yet? - &jb (&label("grand_avx")); - - &mov ("esp",&DWP(96+12,"esp")); # restore sp - &vzeroall (); -&function_end_A(); - if ($avx>1) { -sub bodyx_00_15 () { # +10% - ( - '&rorx ("ecx",$E,6)', - '&rorx ("esi",$E,11)', - '&mov (&off($e),$E)', # save $E, modulo-scheduled - '&rorx ("edi",$E,25)', - '&xor ("ecx","esi")', - '&andn ("esi",$E,&off($g))', - '&xor ("ecx","edi")', # Sigma1(e) - '&and ($E,&off($f))', - '&mov (&off($a),$AH[0]);', # save $A, modulo-scheduled - '&or ($E,"esi")', # T = Ch(e,f,g) - - '&rorx ("edi",$AH[0],2)', - '&rorx ("esi",$AH[0],13)', - '&lea ($E,&DWP(0,$E,"ecx"))', # T += Sigma1(e) - '&rorx ("ecx",$AH[0],22)', - '&xor ("esi","edi")', - '&mov ("edi",&off($b))', - '&xor ("ecx","esi")', # Sigma0(a) - - '&xor ($AH[0],"edi")', # a ^= b, (b^c) in next round - '&add ($E,&off($h))', # T += h - '&and ($AH[1],$AH[0])', # (b^c) &= (a^b) - '&add ($E,&DWP(32+4*($i&15),"esp"))', # T += K[i]+X[i] - '&xor ($AH[1],"edi")', # h = Maj(a,b,c) = Ch(a^b,c,b) - - '&add ("ecx",$E)', # h += T - '&add ($E,&off($d))', # d += T - '&lea ($AH[1],&DWP(0,$AH[1],"ecx"));'. # h += Sigma0(a) - - '@AH = reverse(@AH); $i++;' # rotate(a,h) - ); -} - -&set_label("AVX_BMI",32); - &lea ("esp",&DWP(-96,"esp")); - &vzeroall (); - # copy ctx->h[0-7] to A,B,C,D,E,F,G,H on stack - &mov ($AH[0],&DWP(0,"esi")); - &mov ($AH[1],&DWP(4,"esi")); - &mov ("ecx",&DWP(8,"esi")); - &mov ("edi",&DWP(12,"esi")); - #&mov (&DWP(0,"esp"),$AH[0]); - &mov (&DWP(4,"esp"),$AH[1]); - &xor ($AH[1],"ecx"); # magic - &mov (&DWP(8,"esp"),"ecx"); - &mov (&DWP(12,"esp"),"edi"); - &mov ($E,&DWP(16,"esi")); - &mov ("edi",&DWP(20,"esi")); - &mov ("ecx",&DWP(24,"esi")); - &mov ("esi",&DWP(28,"esi")); - #&mov (&DWP(16,"esp"),$E); - &mov (&DWP(20,"esp"),"edi"); - &mov ("edi",&DWP(96+4,"esp")); # inp - &mov (&DWP(24,"esp"),"ecx"); - &mov (&DWP(28,"esp"),"esi"); - &vmovdqa ($t3,&QWP(256,$K256)); - &jmp (&label("grand_avx_bmi")); - -&set_label("grand_avx_bmi",32); - # load input, reverse byte order, add K256[0..15], save to stack - &vmovdqu (@X[0],&QWP(0,"edi")); - &vmovdqu (@X[1],&QWP(16,"edi")); - &vmovdqu (@X[2],&QWP(32,"edi")); - &vmovdqu (@X[3],&QWP(48,"edi")); - &add ("edi",64); - &vpshufb (@X[0],@X[0],$t3); - &mov (&DWP(96+4,"esp"),"edi"); - &vpshufb (@X[1],@X[1],$t3); - &vpshufb (@X[2],@X[2],$t3); - &vpaddd ($t0,@X[0],&QWP(0,$K256)); - &vpshufb (@X[3],@X[3],$t3); - &vpaddd ($t1,@X[1],&QWP(16,$K256)); - &vpaddd ($t2,@X[2],&QWP(32,$K256)); - &vpaddd ($t3,@X[3],&QWP(48,$K256)); - &vmovdqa (&QWP(32+0,"esp"),$t0); - &vmovdqa (&QWP(32+16,"esp"),$t1); - &vmovdqa (&QWP(32+32,"esp"),$t2); - &vmovdqa (&QWP(32+48,"esp"),$t3); - &jmp (&label("avx_bmi_00_47")); - -&set_label("avx_bmi_00_47",16); - &add ($K256,64); - - for ($i=0,$j=0; $j<4; $j++) { - &AVX_00_47($j,\&bodyx_00_15,@X); - push(@X,shift(@X)); # rotate(@X) - } - &cmp (&DWP(16*$j,$K256),0x00010203); - &jne (&label("avx_bmi_00_47")); - - for ($i=0; $i<16; ) { - foreach(bodyx_00_15()) { eval; } - } - - &mov ("esi",&DWP(96,"esp")); #ctx - #&mov ($AH[0],&DWP(0,"esp")); - &xor ($AH[1],"edi"); #&mov ($AH[1],&DWP(4,"esp")); - #&mov ("edi", &DWP(8,"esp")); - &mov ("ecx",&DWP(12,"esp")); - &add ($AH[0],&DWP(0,"esi")); - &add ($AH[1],&DWP(4,"esi")); - &add ("edi",&DWP(8,"esi")); - &add ("ecx",&DWP(12,"esi")); - &mov (&DWP(0,"esi"),$AH[0]); - &mov (&DWP(4,"esi"),$AH[1]); - &mov (&DWP(8,"esi"),"edi"); - &mov (&DWP(12,"esi"),"ecx"); - #&mov (&DWP(0,"esp"),$AH[0]); - &mov (&DWP(4,"esp"),$AH[1]); - &xor ($AH[1],"edi"); # magic - &mov (&DWP(8,"esp"),"edi"); - &mov (&DWP(12,"esp"),"ecx"); - #&mov ($E,&DWP(16,"esp")); - &mov ("edi",&DWP(20,"esp")); - &mov ("ecx",&DWP(24,"esp")); - &add ($E,&DWP(16,"esi")); - &add ("edi",&DWP(20,"esi")); - &add ("ecx",&DWP(24,"esi")); - &mov (&DWP(16,"esi"),$E); - &mov (&DWP(20,"esi"),"edi"); - &mov (&DWP(20,"esp"),"edi"); - &mov ("edi",&DWP(28,"esp")); - &mov (&DWP(24,"esi"),"ecx"); - #&mov (&DWP(16,"esp"),$E); - &add ("edi",&DWP(28,"esi")); - &mov (&DWP(24,"esp"),"ecx"); - &mov (&DWP(28,"esi"),"edi"); - &mov (&DWP(28,"esp"),"edi"); - &mov ("edi",&DWP(96+4,"esp")); # inp - - &vmovdqa ($t3,&QWP(64,$K256)); - &sub ($K256,3*64); # rewind K - &cmp ("edi",&DWP(96+8,"esp")); # are we done yet? - &jb (&label("grand_avx_bmi")); - - &mov ("esp",&DWP(96+12,"esp")); # restore sp - &vzeroall (); -&function_end_A(); - } - } - }}} -&function_end_B("sha256_block_data_order"); - -&asm_finish(); - -close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/sha/asm/sha256-armv4.pl b/crypto/sha/asm/sha256-armv4.pl deleted file mode 100644 index e8af05c2981fbb3ea0eec425f509d97078e23ee1..0000000000000000000000000000000000000000 --- a/crypto/sha/asm/sha256-armv4.pl +++ /dev/null @@ -1,742 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - - -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# -# Permission to use under GPL terms is granted. -# ==================================================================== - -# SHA256 block procedure for ARMv4. May 2007. - -# Performance is ~2x better than gcc 3.4 generated code and in "abso- -# lute" terms is ~2250 cycles per 64-byte block or ~35 cycles per -# byte [on single-issue Xscale PXA250 core]. - -# July 2010. -# -# Rescheduling for dual-issue pipeline resulted in 22% improvement on -# Cortex A8 core and ~20 cycles per processed byte. - -# February 2011. -# -# Profiler-assisted and platform-specific optimization resulted in 16% -# improvement on Cortex A8 core and ~15.4 cycles per processed byte. - -# September 2013. -# -# Add NEON implementation. On Cortex A8 it was measured to process one -# byte in 12.5 cycles or 23% faster than integer-only code. Snapdragon -# S4 does it in 12.5 cycles too, but it's 50% faster than integer-only -# code (meaning that latter performs sub-optimally, nothing was done -# about it). - -# May 2014. -# -# Add ARMv8 code path performing at 2.0 cpb on Apple A7. - -# $output is the last argument if it looks like a file (it has an extension) -# $flavour is the first argument if it doesn't look like a file -$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; -$flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef; - -if ($flavour && $flavour ne "void") { - $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; - ( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or - ( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or - die "can't locate arm-xlate.pl"; - - open STDOUT,"| \"$^X\" $xlate $flavour \"$output\"" - or die "can't call $xlate: $!"; -} else { - $output and open STDOUT,">$output"; -} - -$ctx="r0"; $t0="r0"; -$inp="r1"; $t4="r1"; -$len="r2"; $t1="r2"; -$T1="r3"; $t3="r3"; -$A="r4"; -$B="r5"; -$C="r6"; -$D="r7"; -$E="r8"; -$F="r9"; -$G="r10"; -$H="r11"; -@V=($A,$B,$C,$D,$E,$F,$G,$H); -$t2="r12"; -$Ktbl="r14"; - -@Sigma0=( 2,13,22); -@Sigma1=( 6,11,25); -@sigma0=( 7,18, 3); -@sigma1=(17,19,10); - -sub BODY_00_15 { -my ($i,$a,$b,$c,$d,$e,$f,$g,$h) = @_; - -$code.=<<___ if ($i<16); -#if __ARM_ARCH__>=7 - @ ldr $t1,[$inp],#4 @ $i -# if $i==15 - str $inp,[sp,#17*4] @ make room for $t4 -# endif - eor $t0,$e,$e,ror#`$Sigma1[1]-$Sigma1[0]` - add $a,$a,$t2 @ h+=Maj(a,b,c) from the past - eor $t0,$t0,$e,ror#`$Sigma1[2]-$Sigma1[0]` @ Sigma1(e) -# ifndef __ARMEB__ - rev $t1,$t1 -# endif -#else - @ ldrb $t1,[$inp,#3] @ $i - add $a,$a,$t2 @ h+=Maj(a,b,c) from the past - ldrb $t2,[$inp,#2] - ldrb $t0,[$inp,#1] - orr $t1,$t1,$t2,lsl#8 - ldrb $t2,[$inp],#4 - orr $t1,$t1,$t0,lsl#16 -# if $i==15 - str $inp,[sp,#17*4] @ make room for $t4 -# endif - eor $t0,$e,$e,ror#`$Sigma1[1]-$Sigma1[0]` - orr $t1,$t1,$t2,lsl#24 - eor $t0,$t0,$e,ror#`$Sigma1[2]-$Sigma1[0]` @ Sigma1(e) -#endif -___ -$code.=<<___; - ldr $t2,[$Ktbl],#4 @ *K256++ - add $h,$h,$t1 @ h+=X[i] - str $t1,[sp,#`$i%16`*4] - eor $t1,$f,$g - add $h,$h,$t0,ror#$Sigma1[0] @ h+=Sigma1(e) - and $t1,$t1,$e - add $h,$h,$t2 @ h+=K256[i] - eor $t1,$t1,$g @ Ch(e,f,g) - eor $t0,$a,$a,ror#`$Sigma0[1]-$Sigma0[0]` - add $h,$h,$t1 @ h+=Ch(e,f,g) -#if $i==31 - and $t2,$t2,#0xff - cmp $t2,#0xf2 @ done? -#endif -#if $i<15 -# if __ARM_ARCH__>=7 - ldr $t1,[$inp],#4 @ prefetch -# else - ldrb $t1,[$inp,#3] -# endif - eor $t2,$a,$b @ a^b, b^c in next round -#else - ldr $t1,[sp,#`($i+2)%16`*4] @ from future BODY_16_xx - eor $t2,$a,$b @ a^b, b^c in next round - ldr $t4,[sp,#`($i+15)%16`*4] @ from future BODY_16_xx -#endif - eor $t0,$t0,$a,ror#`$Sigma0[2]-$Sigma0[0]` @ Sigma0(a) - and $t3,$t3,$t2 @ (b^c)&=(a^b) - add $d,$d,$h @ d+=h - eor $t3,$t3,$b @ Maj(a,b,c) - add $h,$h,$t0,ror#$Sigma0[0] @ h+=Sigma0(a) - @ add $h,$h,$t3 @ h+=Maj(a,b,c) -___ - ($t2,$t3)=($t3,$t2); -} - -sub BODY_16_XX { -my ($i,$a,$b,$c,$d,$e,$f,$g,$h) = @_; - -$code.=<<___; - @ ldr $t1,[sp,#`($i+1)%16`*4] @ $i - @ ldr $t4,[sp,#`($i+14)%16`*4] - mov $t0,$t1,ror#$sigma0[0] - add $a,$a,$t2 @ h+=Maj(a,b,c) from the past - mov $t2,$t4,ror#$sigma1[0] - eor $t0,$t0,$t1,ror#$sigma0[1] - eor $t2,$t2,$t4,ror#$sigma1[1] - eor $t0,$t0,$t1,lsr#$sigma0[2] @ sigma0(X[i+1]) - ldr $t1,[sp,#`($i+0)%16`*4] - eor $t2,$t2,$t4,lsr#$sigma1[2] @ sigma1(X[i+14]) - ldr $t4,[sp,#`($i+9)%16`*4] - - add $t2,$t2,$t0 - eor $t0,$e,$e,ror#`$Sigma1[1]-$Sigma1[0]` @ from BODY_00_15 - add $t1,$t1,$t2 - eor $t0,$t0,$e,ror#`$Sigma1[2]-$Sigma1[0]` @ Sigma1(e) - add $t1,$t1,$t4 @ X[i] -___ - &BODY_00_15(@_); -} - -$code=<<___; -#ifndef __KERNEL__ -# include "arm_arch.h" -#else -# define __ARM_ARCH__ __LINUX_ARM_ARCH__ -# define __ARM_MAX_ARCH__ 7 -#endif - -#if defined(__thumb2__) -.syntax unified -.thumb -#else -.code 32 -#endif - -.text - -.type K256,%object -.align 5 -K256: -.word 0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5 -.word 0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5 -.word 0xd807aa98,0x12835b01,0x243185be,0x550c7dc3 -.word 0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174 -.word 0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc -.word 0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da -.word 0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7 -.word 0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967 -.word 0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13 -.word 0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85 -.word 0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3 -.word 0xd192e819,0xd6990624,0xf40e3585,0x106aa070 -.word 0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5 -.word 0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3 -.word 0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208 -.word 0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2 -.size K256,.-K256 -.word 0 @ terminator -#if __ARM_MAX_ARCH__>=7 && !defined(__KERNEL__) -.LOPENSSL_armcap: -# ifdef _WIN32 -.word OPENSSL_armcap_P -# else -.word OPENSSL_armcap_P-.Lsha256_block_data_order -# endif -#endif -.align 5 - -.global sha256_block_data_order -.type sha256_block_data_order,%function -sha256_block_data_order: -.Lsha256_block_data_order: -#if __ARM_ARCH__<7 && !defined(__thumb2__) - sub r3,pc,#8 @ sha256_block_data_order -#else - adr r3,.Lsha256_block_data_order -#endif -#if __ARM_MAX_ARCH__>=7 && !defined(__KERNEL__) - ldr r12,.LOPENSSL_armcap -# if !defined(_WIN32) - ldr r12,[r3,r12] @ OPENSSL_armcap_P -# endif -# if defined(__APPLE__) || defined(_WIN32) - ldr r12,[r12] -# endif - tst r12,#ARMV8_SHA256 - bne .LARMv8 - tst r12,#ARMV7_NEON - bne .LNEON -#endif - add $len,$inp,$len,lsl#6 @ len to point at the end of inp - stmdb sp!,{$ctx,$inp,$len,r4-r11,lr} - ldmia $ctx,{$A,$B,$C,$D,$E,$F,$G,$H} - sub $Ktbl,r3,#256+32 @ K256 - sub sp,sp,#16*4 @ alloca(X[16]) -.Loop: -# if __ARM_ARCH__>=7 - ldr $t1,[$inp],#4 -# else - ldrb $t1,[$inp,#3] -# endif - eor $t3,$B,$C @ magic - eor $t2,$t2,$t2 -___ -for($i=0;$i<16;$i++) { &BODY_00_15($i,@V); unshift(@V,pop(@V)); } -$code.=".Lrounds_16_xx:\n"; -for (;$i<32;$i++) { &BODY_16_XX($i,@V); unshift(@V,pop(@V)); } -$code.=<<___; -#ifdef __thumb2__ - ite eq @ Thumb2 thing, sanity check in ARM -#endif - ldreq $t3,[sp,#16*4] @ pull ctx - bne .Lrounds_16_xx - - add $A,$A,$t2 @ h+=Maj(a,b,c) from the past - ldr $t0,[$t3,#0] - ldr $t1,[$t3,#4] - ldr $t2,[$t3,#8] - add $A,$A,$t0 - ldr $t0,[$t3,#12] - add $B,$B,$t1 - ldr $t1,[$t3,#16] - add $C,$C,$t2 - ldr $t2,[$t3,#20] - add $D,$D,$t0 - ldr $t0,[$t3,#24] - add $E,$E,$t1 - ldr $t1,[$t3,#28] - add $F,$F,$t2 - ldr $inp,[sp,#17*4] @ pull inp - ldr $t2,[sp,#18*4] @ pull inp+len - add $G,$G,$t0 - add $H,$H,$t1 - stmia $t3,{$A,$B,$C,$D,$E,$F,$G,$H} - cmp $inp,$t2 - sub $Ktbl,$Ktbl,#256 @ rewind Ktbl - bne .Loop - - add sp,sp,#`16+3`*4 @ destroy frame -#if __ARM_ARCH__>=5 - ldmia sp!,{r4-r11,pc} -#else - ldmia sp!,{r4-r11,lr} - tst lr,#1 - moveq pc,lr @ be binary compatible with V4, yet - bx lr @ interoperable with Thumb ISA:-) -#endif -.size sha256_block_data_order,.-sha256_block_data_order -___ -###################################################################### -# NEON stuff -# -{{{ -my @X=map("q$_",(0..3)); -my ($T0,$T1,$T2,$T3,$T4,$T5)=("q8","q9","q10","q11","d24","d25"); -my $Xfer=$t4; -my $j=0; - -sub Dlo() { shift=~m|q([1]?[0-9])|?"d".($1*2):""; } -sub Dhi() { shift=~m|q([1]?[0-9])|?"d".($1*2+1):""; } - -sub AUTOLOAD() # thunk [simplified] x86-style perlasm -{ my $opcode = $AUTOLOAD; $opcode =~ s/.*:://; $opcode =~ s/_/\./; - my $arg = pop; - $arg = "#$arg" if ($arg*1 eq $arg); - $code .= "\t$opcode\t".join(',',@_,$arg)."\n"; -} - -sub Xupdate() -{ use integer; - my $body = shift; - my @insns = (&$body,&$body,&$body,&$body); - my ($a,$b,$c,$d,$e,$f,$g,$h); - - &vext_8 ($T0,@X[0],@X[1],4); # X[1..4] - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - &vext_8 ($T1,@X[2],@X[3],4); # X[9..12] - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - &vshr_u32 ($T2,$T0,$sigma0[0]); - eval(shift(@insns)); - eval(shift(@insns)); - &vadd_i32 (@X[0],@X[0],$T1); # X[0..3] += X[9..12] - eval(shift(@insns)); - eval(shift(@insns)); - &vshr_u32 ($T1,$T0,$sigma0[2]); - eval(shift(@insns)); - eval(shift(@insns)); - &vsli_32 ($T2,$T0,32-$sigma0[0]); - eval(shift(@insns)); - eval(shift(@insns)); - &vshr_u32 ($T3,$T0,$sigma0[1]); - eval(shift(@insns)); - eval(shift(@insns)); - &veor ($T1,$T1,$T2); - eval(shift(@insns)); - eval(shift(@insns)); - &vsli_32 ($T3,$T0,32-$sigma0[1]); - eval(shift(@insns)); - eval(shift(@insns)); - &vshr_u32 ($T4,&Dhi(@X[3]),$sigma1[0]); - eval(shift(@insns)); - eval(shift(@insns)); - &veor ($T1,$T1,$T3); # sigma0(X[1..4]) - eval(shift(@insns)); - eval(shift(@insns)); - &vsli_32 ($T4,&Dhi(@X[3]),32-$sigma1[0]); - eval(shift(@insns)); - eval(shift(@insns)); - &vshr_u32 ($T5,&Dhi(@X[3]),$sigma1[2]); - eval(shift(@insns)); - eval(shift(@insns)); - &vadd_i32 (@X[0],@X[0],$T1); # X[0..3] += sigma0(X[1..4]) - eval(shift(@insns)); - eval(shift(@insns)); - &veor ($T5,$T5,$T4); - eval(shift(@insns)); - eval(shift(@insns)); - &vshr_u32 ($T4,&Dhi(@X[3]),$sigma1[1]); - eval(shift(@insns)); - eval(shift(@insns)); - &vsli_32 ($T4,&Dhi(@X[3]),32-$sigma1[1]); - eval(shift(@insns)); - eval(shift(@insns)); - &veor ($T5,$T5,$T4); # sigma1(X[14..15]) - eval(shift(@insns)); - eval(shift(@insns)); - &vadd_i32 (&Dlo(@X[0]),&Dlo(@X[0]),$T5);# X[0..1] += sigma1(X[14..15]) - eval(shift(@insns)); - eval(shift(@insns)); - &vshr_u32 ($T4,&Dlo(@X[0]),$sigma1[0]); - eval(shift(@insns)); - eval(shift(@insns)); - &vsli_32 ($T4,&Dlo(@X[0]),32-$sigma1[0]); - eval(shift(@insns)); - eval(shift(@insns)); - &vshr_u32 ($T5,&Dlo(@X[0]),$sigma1[2]); - eval(shift(@insns)); - eval(shift(@insns)); - &veor ($T5,$T5,$T4); - eval(shift(@insns)); - eval(shift(@insns)); - &vshr_u32 ($T4,&Dlo(@X[0]),$sigma1[1]); - eval(shift(@insns)); - eval(shift(@insns)); - &vld1_32 ("{$T0}","[$Ktbl,:128]!"); - eval(shift(@insns)); - eval(shift(@insns)); - &vsli_32 ($T4,&Dlo(@X[0]),32-$sigma1[1]); - eval(shift(@insns)); - eval(shift(@insns)); - &veor ($T5,$T5,$T4); # sigma1(X[16..17]) - eval(shift(@insns)); - eval(shift(@insns)); - &vadd_i32 (&Dhi(@X[0]),&Dhi(@X[0]),$T5);# X[2..3] += sigma1(X[16..17]) - eval(shift(@insns)); - eval(shift(@insns)); - &vadd_i32 ($T0,$T0,@X[0]); - while($#insns>=2) { eval(shift(@insns)); } - &vst1_32 ("{$T0}","[$Xfer,:128]!"); - eval(shift(@insns)); - eval(shift(@insns)); - - push(@X,shift(@X)); # "rotate" X[] -} - -sub Xpreload() -{ use integer; - my $body = shift; - my @insns = (&$body,&$body,&$body,&$body); - my ($a,$b,$c,$d,$e,$f,$g,$h); - - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - &vld1_32 ("{$T0}","[$Ktbl,:128]!"); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - &vrev32_8 (@X[0],@X[0]); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - &vadd_i32 ($T0,$T0,@X[0]); - foreach (@insns) { eval; } # remaining instructions - &vst1_32 ("{$T0}","[$Xfer,:128]!"); - - push(@X,shift(@X)); # "rotate" X[] -} - -sub body_00_15 () { - ( - '($a,$b,$c,$d,$e,$f,$g,$h)=@V;'. - '&add ($h,$h,$t1)', # h+=X[i]+K[i] - '&eor ($t1,$f,$g)', - '&eor ($t0,$e,$e,"ror#".($Sigma1[1]-$Sigma1[0]))', - '&add ($a,$a,$t2)', # h+=Maj(a,b,c) from the past - '&and ($t1,$t1,$e)', - '&eor ($t2,$t0,$e,"ror#".($Sigma1[2]-$Sigma1[0]))', # Sigma1(e) - '&eor ($t0,$a,$a,"ror#".($Sigma0[1]-$Sigma0[0]))', - '&eor ($t1,$t1,$g)', # Ch(e,f,g) - '&add ($h,$h,$t2,"ror#$Sigma1[0]")', # h+=Sigma1(e) - '&eor ($t2,$a,$b)', # a^b, b^c in next round - '&eor ($t0,$t0,$a,"ror#".($Sigma0[2]-$Sigma0[0]))', # Sigma0(a) - '&add ($h,$h,$t1)', # h+=Ch(e,f,g) - '&ldr ($t1,sprintf "[sp,#%d]",4*(($j+1)&15)) if (($j&15)!=15);'. - '&ldr ($t1,"[$Ktbl]") if ($j==15);'. - '&ldr ($t1,"[sp,#64]") if ($j==31)', - '&and ($t3,$t3,$t2)', # (b^c)&=(a^b) - '&add ($d,$d,$h)', # d+=h - '&add ($h,$h,$t0,"ror#$Sigma0[0]");'. # h+=Sigma0(a) - '&eor ($t3,$t3,$b)', # Maj(a,b,c) - '$j++; unshift(@V,pop(@V)); ($t2,$t3)=($t3,$t2);' - ) -} - -$code.=<<___; -#if __ARM_MAX_ARCH__>=7 -.arch armv7-a -.fpu neon - -.global sha256_block_data_order_neon -.type sha256_block_data_order_neon,%function -.align 5 -.skip 16 -sha256_block_data_order_neon: -.LNEON: - stmdb sp!,{r4-r12,lr} - - sub $H,sp,#16*4+16 - adr $Ktbl,K256 - bic $H,$H,#15 @ align for 128-bit stores - mov $t2,sp - mov sp,$H @ alloca - add $len,$inp,$len,lsl#6 @ len to point at the end of inp - - vld1.8 {@X[0]},[$inp]! - vld1.8 {@X[1]},[$inp]! - vld1.8 {@X[2]},[$inp]! - vld1.8 {@X[3]},[$inp]! - vld1.32 {$T0},[$Ktbl,:128]! - vld1.32 {$T1},[$Ktbl,:128]! - vld1.32 {$T2},[$Ktbl,:128]! - vld1.32 {$T3},[$Ktbl,:128]! - vrev32.8 @X[0],@X[0] @ yes, even on - str $ctx,[sp,#64] - vrev32.8 @X[1],@X[1] @ big-endian - str $inp,[sp,#68] - mov $Xfer,sp - vrev32.8 @X[2],@X[2] - str $len,[sp,#72] - vrev32.8 @X[3],@X[3] - str $t2,[sp,#76] @ save original sp - vadd.i32 $T0,$T0,@X[0] - vadd.i32 $T1,$T1,@X[1] - vst1.32 {$T0},[$Xfer,:128]! - vadd.i32 $T2,$T2,@X[2] - vst1.32 {$T1},[$Xfer,:128]! - vadd.i32 $T3,$T3,@X[3] - vst1.32 {$T2},[$Xfer,:128]! - vst1.32 {$T3},[$Xfer,:128]! - - ldmia $ctx,{$A-$H} - sub $Xfer,$Xfer,#64 - ldr $t1,[sp,#0] - eor $t2,$t2,$t2 - eor $t3,$B,$C - b .L_00_48 - -.align 4 -.L_00_48: -___ - &Xupdate(\&body_00_15); - &Xupdate(\&body_00_15); - &Xupdate(\&body_00_15); - &Xupdate(\&body_00_15); -$code.=<<___; - teq $t1,#0 @ check for K256 terminator - ldr $t1,[sp,#0] - sub $Xfer,$Xfer,#64 - bne .L_00_48 - - ldr $inp,[sp,#68] - ldr $t0,[sp,#72] - sub $Ktbl,$Ktbl,#256 @ rewind $Ktbl - teq $inp,$t0 - it eq - subeq $inp,$inp,#64 @ avoid SEGV - vld1.8 {@X[0]},[$inp]! @ load next input block - vld1.8 {@X[1]},[$inp]! - vld1.8 {@X[2]},[$inp]! - vld1.8 {@X[3]},[$inp]! - it ne - strne $inp,[sp,#68] - mov $Xfer,sp -___ - &Xpreload(\&body_00_15); - &Xpreload(\&body_00_15); - &Xpreload(\&body_00_15); - &Xpreload(\&body_00_15); -$code.=<<___; - ldr $t0,[$t1,#0] - add $A,$A,$t2 @ h+=Maj(a,b,c) from the past - ldr $t2,[$t1,#4] - ldr $t3,[$t1,#8] - ldr $t4,[$t1,#12] - add $A,$A,$t0 @ accumulate - ldr $t0,[$t1,#16] - add $B,$B,$t2 - ldr $t2,[$t1,#20] - add $C,$C,$t3 - ldr $t3,[$t1,#24] - add $D,$D,$t4 - ldr $t4,[$t1,#28] - add $E,$E,$t0 - str $A,[$t1],#4 - add $F,$F,$t2 - str $B,[$t1],#4 - add $G,$G,$t3 - str $C,[$t1],#4 - add $H,$H,$t4 - str $D,[$t1],#4 - stmia $t1,{$E-$H} - - ittte ne - movne $Xfer,sp - ldrne $t1,[sp,#0] - eorne $t2,$t2,$t2 - ldreq sp,[sp,#76] @ restore original sp - itt ne - eorne $t3,$B,$C - bne .L_00_48 - - ldmia sp!,{r4-r12,pc} -.size sha256_block_data_order_neon,.-sha256_block_data_order_neon -#endif -___ -}}} -###################################################################### -# ARMv8 stuff -# -{{{ -my ($ABCD,$EFGH,$abcd)=map("q$_",(0..2)); -my @MSG=map("q$_",(8..11)); -my ($W0,$W1,$ABCD_SAVE,$EFGH_SAVE)=map("q$_",(12..15)); -my $Ktbl="r3"; -my $_byte = ($flavour =~ /win/ ? "DCB" : ".byte"); - -$code.=<<___; -#if __ARM_MAX_ARCH__>=7 && !defined(__KERNEL__) - -# if defined(__thumb2__) -# define INST(a,b,c,d) $_byte c,d|0xc,a,b -# else -# define INST(a,b,c,d) $_byte a,b,c,d -# endif - -.type sha256_block_data_order_armv8,%function -.align 5 -sha256_block_data_order_armv8: -.LARMv8: - vld1.32 {$ABCD,$EFGH},[$ctx] - sub $Ktbl,$Ktbl,#256+32 - add $len,$inp,$len,lsl#6 @ len to point at the end of inp - b .Loop_v8 - -.align 4 -.Loop_v8: - vld1.8 {@MSG[0]-@MSG[1]},[$inp]! - vld1.8 {@MSG[2]-@MSG[3]},[$inp]! - vld1.32 {$W0},[$Ktbl]! - vrev32.8 @MSG[0],@MSG[0] - vrev32.8 @MSG[1],@MSG[1] - vrev32.8 @MSG[2],@MSG[2] - vrev32.8 @MSG[3],@MSG[3] - vmov $ABCD_SAVE,$ABCD @ offload - vmov $EFGH_SAVE,$EFGH - teq $inp,$len -___ -for($i=0;$i<12;$i++) { -$code.=<<___; - vld1.32 {$W1},[$Ktbl]! - vadd.i32 $W0,$W0,@MSG[0] - sha256su0 @MSG[0],@MSG[1] - vmov $abcd,$ABCD - sha256h $ABCD,$EFGH,$W0 - sha256h2 $EFGH,$abcd,$W0 - sha256su1 @MSG[0],@MSG[2],@MSG[3] -___ - ($W0,$W1)=($W1,$W0); push(@MSG,shift(@MSG)); -} -$code.=<<___; - vld1.32 {$W1},[$Ktbl]! - vadd.i32 $W0,$W0,@MSG[0] - vmov $abcd,$ABCD - sha256h $ABCD,$EFGH,$W0 - sha256h2 $EFGH,$abcd,$W0 - - vld1.32 {$W0},[$Ktbl]! - vadd.i32 $W1,$W1,@MSG[1] - vmov $abcd,$ABCD - sha256h $ABCD,$EFGH,$W1 - sha256h2 $EFGH,$abcd,$W1 - - vld1.32 {$W1},[$Ktbl] - vadd.i32 $W0,$W0,@MSG[2] - sub $Ktbl,$Ktbl,#256-16 @ rewind - vmov $abcd,$ABCD - sha256h $ABCD,$EFGH,$W0 - sha256h2 $EFGH,$abcd,$W0 - - vadd.i32 $W1,$W1,@MSG[3] - vmov $abcd,$ABCD - sha256h $ABCD,$EFGH,$W1 - sha256h2 $EFGH,$abcd,$W1 - - vadd.i32 $ABCD,$ABCD,$ABCD_SAVE - vadd.i32 $EFGH,$EFGH,$EFGH_SAVE - it ne - bne .Loop_v8 - - vst1.32 {$ABCD,$EFGH},[$ctx] - - ret @ bx lr -.size sha256_block_data_order_armv8,.-sha256_block_data_order_armv8 -#endif -___ -}}} -$code.=<<___; -.asciz "SHA256 block transform for ARMv4/NEON/ARMv8, CRYPTOGAMS by " -.align 2 -#if __ARM_MAX_ARCH__>=7 && !defined(__KERNEL__) -.comm OPENSSL_armcap_P,4,4 -#endif -___ - -open SELF,$0; -while() { - next if (/^#!/); - last if (!s/^#/@/ and !/^$/); - print; -} -close SELF; - -{ my %opcode = ( - "sha256h" => 0xf3000c40, "sha256h2" => 0xf3100c40, - "sha256su0" => 0xf3ba03c0, "sha256su1" => 0xf3200c40 ); - - sub unsha256 { - my ($mnemonic,$arg)=@_; - - if ($arg =~ m/q([0-9]+)(?:,\s*q([0-9]+))?,\s*q([0-9]+)/o) { - my $word = $opcode{$mnemonic}|(($1&7)<<13)|(($1&8)<<19) - |(($2&7)<<17)|(($2&8)<<4) - |(($3&7)<<1) |(($3&8)<<2); - # since ARMv7 instructions are always encoded little-endian. - # correct solution is to use .inst directive, but older - # assemblers don't implement it:-( - sprintf "INST(0x%02x,0x%02x,0x%02x,0x%02x)\t@ %s %s", - $word&0xff,($word>>8)&0xff, - ($word>>16)&0xff,($word>>24)&0xff, - $mnemonic,$arg; - } - } -} - -foreach (split($/,$code)) { - - s/\`([^\`]*)\`/eval $1/geo; - - s/\b(sha256\w+)\s+(q.*)/unsha256($1,$2)/geo; - - s/\bret\b/bx lr/go or - s/\bbx\s+lr\b/.word\t0xe12fff1e/go; # make it possible to compile with -march=armv4 - - print $_,"\n"; -} - -close STDOUT or die "error closing STDOUT: $!"; # enforce flush diff --git a/crypto/sha/asm/sha256-c64xplus.pl b/crypto/sha/asm/sha256-c64xplus.pl deleted file mode 100644 index 13fd45fd762d829ff25f4538b60db1cd23a38c93..0000000000000000000000000000000000000000 --- a/crypto/sha/asm/sha256-c64xplus.pl +++ /dev/null @@ -1,319 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2012-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - -# -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# ==================================================================== -# -# SHA256 for C64x+. -# -# January 2012 -# -# Performance is just below 10 cycles per processed byte, which is -# almost 40% faster than compiler-generated code. Unroll is unlikely -# to give more than ~8% improvement... -# -# !!! Note that this module uses AMR, which means that all interrupt -# service routines are expected to preserve it and for own well-being -# zero it upon entry. - -$output = pop and open STDOUT,">$output"; - -($CTXA,$INP,$NUM) = ("A4","B4","A6"); # arguments - $K256="A3"; - -($A,$Actx,$B,$Bctx,$C,$Cctx,$D,$Dctx,$T2,$S0,$s1,$t0a,$t1a,$t2a,$X9,$X14) - =map("A$_",(16..31)); -($E,$Ectx,$F,$Fctx,$G,$Gctx,$H,$Hctx,$T1,$S1,$s0,$t0e,$t1e,$t2e,$X1,$X15) - =map("B$_",(16..31)); - -($Xia,$Xib)=("A5","B5"); # circular/ring buffer - $CTXB=$t2e; - -($Xn,$X0,$K)=("B7","B8","B9"); -($Maj,$Ch)=($T2,"B6"); - -$code.=<<___; - .text - - .if .ASSEMBLER_VERSION<7000000 - .asg 0,__TI_EABI__ - .endif - .if __TI_EABI__ - .nocmp - .asg sha256_block_data_order,_sha256_block_data_order - .endif - - .asg B3,RA - .asg A15,FP - .asg B15,SP - - .if .BIG_ENDIAN - .asg SWAP2,MV - .asg SWAP4,MV - .endif - - .global _sha256_block_data_order -_sha256_block_data_order: -__sha256_block: - .asmfunc stack_usage(64) - MV $NUM,A0 ; reassign $NUM -|| MVK -64,B0 - [!A0] BNOP RA ; if ($NUM==0) return; -|| [A0] STW FP,*SP--[16] ; save frame pointer and alloca(64) -|| [A0] MV SP,FP - [A0] ADDKPC __sha256_block,B2 -|| [A0] AND B0,SP,SP ; align stack at 64 bytes - .if __TI_EABI__ - [A0] MVK 0x00404,B1 -|| [A0] MVKL \$PCR_OFFSET(K256,__sha256_block),$K256 - [A0] MVKH 0x50000,B1 -|| [A0] MVKH \$PCR_OFFSET(K256,__sha256_block),$K256 - .else - [A0] MVK 0x00404,B1 -|| [A0] MVKL (K256-__sha256_block),$K256 - [A0] MVKH 0x50000,B1 -|| [A0] MVKH (K256-__sha256_block),$K256 - .endif - [A0] MVC B1,AMR ; setup circular addressing -|| [A0] MV SP,$Xia - [A0] MV SP,$Xib -|| [A0] ADD B2,$K256,$K256 -|| [A0] MV $CTXA,$CTXB -|| [A0] SUBAW SP,2,SP ; reserve two words above buffer - LDW *${CTXA}[0],$A ; load ctx -|| LDW *${CTXB}[4],$E - LDW *${CTXA}[1],$B -|| LDW *${CTXB}[5],$F - LDW *${CTXA}[2],$C -|| LDW *${CTXB}[6],$G - LDW *${CTXA}[3],$D -|| LDW *${CTXB}[7],$H - - LDNW *$INP++,$Xn ; pre-fetch input - LDW *$K256++,$K ; pre-fetch K256[0] - MVK 14,B0 ; loop counters - MVK 47,B1 -|| ADDAW $Xia,9,$Xia -outerloop?: - SUB A0,1,A0 -|| MV $A,$Actx -|| MV $E,$Ectx -|| MVD $B,$Bctx -|| MVD $F,$Fctx - MV $C,$Cctx -|| MV $G,$Gctx -|| MVD $D,$Dctx -|| MVD $H,$Hctx -|| SWAP4 $Xn,$X0 - - SPLOOPD 8 ; BODY_00_14 -|| MVC B0,ILC -|| SWAP2 $X0,$X0 - - LDNW *$INP++,$Xn -|| ROTL $A,30,$S0 -|| OR $A,$B,$Maj -|| AND $A,$B,$t2a -|| ROTL $E,26,$S1 -|| AND $F,$E,$Ch -|| ANDN $G,$E,$t2e - ROTL $A,19,$t0a -|| AND $C,$Maj,$Maj -|| ROTL $E,21,$t0e -|| XOR $t2e,$Ch,$Ch ; Ch(e,f,g) = (e&f)^(~e&g) - ROTL $A,10,$t1a -|| OR $t2a,$Maj,$Maj ; Maj(a,b,c) = ((a|b)&c)|(a&b) -|| ROTL $E,7,$t1e -|| ADD $K,$H,$T1 ; T1 = h + K256[i] - ADD $X0,$T1,$T1 ; T1 += X[i]; -|| STW $X0,*$Xib++ -|| XOR $t0a,$S0,$S0 -|| XOR $t0e,$S1,$S1 - XOR $t1a,$S0,$S0 ; Sigma0(a) -|| XOR $t1e,$S1,$S1 ; Sigma1(e) -|| LDW *$K256++,$K ; pre-fetch K256[i+1] -|| ADD $Ch,$T1,$T1 ; T1 += Ch(e,f,g) - ADD $S1,$T1,$T1 ; T1 += Sigma1(e) -|| ADD $S0,$Maj,$T2 ; T2 = Sigma0(a) + Maj(a,b,c) -|| ROTL $G,0,$H ; h = g -|| MV $F,$G ; g = f -|| MV $X0,$X14 -|| SWAP4 $Xn,$X0 - SWAP2 $X0,$X0 -|| MV $E,$F ; f = e -|| ADD $D,$T1,$E ; e = d + T1 -|| MV $C,$D ; d = c - MV $B,$C ; c = b -|| MV $A,$B ; b = a -|| ADD $T1,$T2,$A ; a = T1 + T2 - SPKERNEL - - ROTL $A,30,$S0 ; BODY_15 -|| OR $A,$B,$Maj -|| AND $A,$B,$t2a -|| ROTL $E,26,$S1 -|| AND $F,$E,$Ch -|| ANDN $G,$E,$t2e -|| LDW *${Xib}[1],$Xn ; modulo-scheduled - ROTL $A,19,$t0a -|| AND $C,$Maj,$Maj -|| ROTL $E,21,$t0e -|| XOR $t2e,$Ch,$Ch ; Ch(e,f,g) = (e&f)^(~e&g) -|| LDW *${Xib}[2],$X1 ; modulo-scheduled - ROTL $A,10,$t1a -|| OR $t2a,$Maj,$Maj ; Maj(a,b,c) = ((a|b)&c)|(a&b) -|| ROTL $E,7,$t1e -|| ADD $K,$H,$T1 ; T1 = h + K256[i] - ADD $X0,$T1,$T1 ; T1 += X[i]; -|| STW $X0,*$Xib++ -|| XOR $t0a,$S0,$S0 -|| XOR $t0e,$S1,$S1 - XOR $t1a,$S0,$S0 ; Sigma0(a) -|| XOR $t1e,$S1,$S1 ; Sigma1(e) -|| LDW *$K256++,$K ; pre-fetch K256[i+1] -|| ADD $Ch,$T1,$T1 ; T1 += Ch(e,f,g) - ADD $S1,$T1,$T1 ; T1 += Sigma1(e) -|| ADD $S0,$Maj,$T2 ; T2 = Sigma0(a) + Maj(a,b,c) -|| ROTL $G,0,$H ; h = g -|| MV $F,$G ; g = f -|| MV $X0,$X15 - MV $E,$F ; f = e -|| ADD $D,$T1,$E ; e = d + T1 -|| MV $C,$D ; d = c -|| MV $Xn,$X0 ; modulo-scheduled -|| LDW *$Xia,$X9 ; modulo-scheduled -|| ROTL $X1,25,$t0e ; modulo-scheduled -|| ROTL $X14,15,$t0a ; modulo-scheduled - SHRU $X1,3,$s0 ; modulo-scheduled -|| SHRU $X14,10,$s1 ; modulo-scheduled -|| ROTL $B,0,$C ; c = b -|| MV $A,$B ; b = a -|| ADD $T1,$T2,$A ; a = T1 + T2 - - SPLOOPD 10 ; BODY_16_63 -|| MVC B1,ILC -|| ROTL $X1,14,$t1e ; modulo-scheduled -|| ROTL $X14,13,$t1a ; modulo-scheduled - - XOR $t0e,$s0,$s0 -|| XOR $t0a,$s1,$s1 -|| MV $X15,$X14 -|| MV $X1,$Xn - XOR $t1e,$s0,$s0 ; sigma0(X[i+1]) -|| XOR $t1a,$s1,$s1 ; sigma1(X[i+14]) -|| LDW *${Xib}[2],$X1 ; module-scheduled - ROTL $A,30,$S0 -|| OR $A,$B,$Maj -|| AND $A,$B,$t2a -|| ROTL $E,26,$S1 -|| AND $F,$E,$Ch -|| ANDN $G,$E,$t2e -|| ADD $X9,$X0,$X0 ; X[i] += X[i+9] - ROTL $A,19,$t0a -|| AND $C,$Maj,$Maj -|| ROTL $E,21,$t0e -|| XOR $t2e,$Ch,$Ch ; Ch(e,f,g) = (e&f)^(~e&g) -|| ADD $s0,$X0,$X0 ; X[i] += sigma1(X[i+1]) - ROTL $A,10,$t1a -|| OR $t2a,$Maj,$Maj ; Maj(a,b,c) = ((a|b)&c)|(a&b) -|| ROTL $E,7,$t1e -|| ADD $H,$K,$T1 ; T1 = h + K256[i] -|| ADD $s1,$X0,$X0 ; X[i] += sigma1(X[i+14]) - XOR $t0a,$S0,$S0 -|| XOR $t0e,$S1,$S1 -|| ADD $X0,$T1,$T1 ; T1 += X[i] -|| STW $X0,*$Xib++ - XOR $t1a,$S0,$S0 ; Sigma0(a) -|| XOR $t1e,$S1,$S1 ; Sigma1(e) -|| ADD $Ch,$T1,$T1 ; T1 += Ch(e,f,g) -|| MV $X0,$X15 -|| ROTL $G,0,$H ; h = g -|| LDW *$K256++,$K ; pre-fetch K256[i+1] - ADD $S1,$T1,$T1 ; T1 += Sigma1(e) -|| ADD $S0,$Maj,$T2 ; T2 = Sigma0(a) + Maj(a,b,c) -|| MV $F,$G ; g = f -|| MV $Xn,$X0 ; modulo-scheduled -|| LDW *++$Xia,$X9 ; modulo-scheduled -|| ROTL $X1,25,$t0e ; module-scheduled -|| ROTL $X14,15,$t0a ; modulo-scheduled - ROTL $X1,14,$t1e ; modulo-scheduled -|| ROTL $X14,13,$t1a ; modulo-scheduled -|| MV $E,$F ; f = e -|| ADD $D,$T1,$E ; e = d + T1 -|| MV $C,$D ; d = c -|| MV $B,$C ; c = b - MV $A,$B ; b = a -|| ADD $T1,$T2,$A ; a = T1 + T2 -|| SHRU $X1,3,$s0 ; modulo-scheduled -|| SHRU $X14,10,$s1 ; modulo-scheduled - SPKERNEL - - [A0] B outerloop? -|| [A0] LDNW *$INP++,$Xn ; pre-fetch input -|| [A0] ADDK -260,$K256 ; rewind K256 -|| ADD $Actx,$A,$A ; accumulate ctx -|| ADD $Ectx,$E,$E -|| ADD $Bctx,$B,$B - ADD $Fctx,$F,$F -|| ADD $Cctx,$C,$C -|| ADD $Gctx,$G,$G -|| ADD $Dctx,$D,$D -|| ADD $Hctx,$H,$H -|| [A0] LDW *$K256++,$K ; pre-fetch K256[0] - - [!A0] BNOP RA -||[!A0] MV $CTXA,$CTXB - [!A0] MV FP,SP ; restore stack pointer -||[!A0] LDW *FP[0],FP ; restore frame pointer - [!A0] STW $A,*${CTXA}[0] ; save ctx -||[!A0] STW $E,*${CTXB}[4] -||[!A0] MVK 0,B0 - [!A0] STW $B,*${CTXA}[1] -||[!A0] STW $F,*${CTXB}[5] -||[!A0] MVC B0,AMR ; clear AMR - STW $C,*${CTXA}[2] -|| STW $G,*${CTXB}[6] - STW $D,*${CTXA}[3] -|| STW $H,*${CTXB}[7] - .endasmfunc - - .if __TI_EABI__ - .sect ".text:sha_asm.const" - .else - .sect ".const:sha_asm" - .endif - .align 128 -K256: - .uword 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5 - .uword 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5 - .uword 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3 - .uword 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174 - .uword 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc - .uword 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da - .uword 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7 - .uword 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967 - .uword 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13 - .uword 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85 - .uword 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3 - .uword 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070 - .uword 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5 - .uword 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3 - .uword 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208 - .uword 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2 - .cstring "SHA256 block transform for C64x+, CRYPTOGAMS by " - .align 4 - -___ - -print $code; -close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/sha/asm/sha256-mb-x86_64.pl b/crypto/sha/asm/sha256-mb-x86_64.pl deleted file mode 100644 index fa2ca86046ccacf32b12a2562f487473a786cb6e..0000000000000000000000000000000000000000 --- a/crypto/sha/asm/sha256-mb-x86_64.pl +++ /dev/null @@ -1,1634 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2013-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - - -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# ==================================================================== - -# Multi-buffer SHA256 procedure processes n buffers in parallel by -# placing buffer data to designated lane of SIMD register. n is -# naturally limited to 4 on pre-AVX2 processors and to 8 on -# AVX2-capable processors such as Haswell. -# -# this +aesni(i) sha256 aesni-sha256 gain(iv) -# ------------------------------------------------------------------- -# Westmere(ii) 23.3/n +1.28=7.11(n=4) 12.3 +3.75=16.1 +126% -# Atom(ii) 38.7/n +3.93=13.6(n=4) 20.8 +5.69=26.5 +95% -# Sandy Bridge (20.5 +5.15=25.7)/n 11.6 13.0 +103% -# Ivy Bridge (20.4 +5.14=25.5)/n 10.3 11.6 +82% -# Haswell(iii) (21.0 +5.00=26.0)/n 7.80 8.79 +170% -# Skylake (18.9 +5.00=23.9)/n 7.70 8.17 +170% -# Bulldozer (21.6 +5.76=27.4)/n 13.6 13.7 +100% -# -# (i) multi-block CBC encrypt with 128-bit key; -# (ii) (HASH+AES)/n does not apply to Westmere for n>3 and Atom, -# because of lower AES-NI instruction throughput, nor is there -# AES-NI-SHA256 stitch for these processors; -# (iii) "this" is for n=8, when we gather twice as much data, result -# for n=4 is 20.3+4.44=24.7; -# (iv) presented improvement coefficients are asymptotic limits and -# in real-life application are somewhat lower, e.g. for 2KB -# fragments they range from 75% to 130% (on Haswell); - -# $output is the last argument if it looks like a file (it has an extension) -# $flavour is the first argument if it doesn't look like a file -$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; -$flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef; - -$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/); - -$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; -( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or -( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or -die "can't locate x86_64-xlate.pl"; - -push(@INC,"${dir}","${dir}../../perlasm"); -require "x86_64-support.pl"; - -$ptr_size=&pointer_size($flavour); - -$avx=0; - -if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1` - =~ /GNU assembler version ([2-9]\.[0-9]+)/) { - $avx = ($1>=2.19) + ($1>=2.22); -} - -if (!$avx && $win64 && ($flavour =~ /nasm/ || $ENV{ASM} =~ /nasm/) && - `nasm -v 2>&1` =~ /NASM version ([2-9]\.[0-9]+)/) { - $avx = ($1>=2.09) + ($1>=2.10); -} - -if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) && - `ml64 2>&1` =~ /Version ([0-9]+)\./) { - $avx = ($1>=10) + ($1>=11); -} - -if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:clang|LLVM) version|.*based on LLVM) ([0-9]+\.[0-9]+)/) { - $avx = ($2>=3.0) + ($2>3.0); -} - -open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"" - or die "can't call $xlate: $!"; -*STDOUT=*OUT; - -# void sha256_multi_block ( -# struct { unsigned int A[8]; -# unsigned int B[8]; -# unsigned int C[8]; -# unsigned int D[8]; -# unsigned int E[8]; -# unsigned int F[8]; -# unsigned int G[8]; -# unsigned int H[8]; } *ctx, -# struct { void *ptr; int blocks; } inp[8], -# int num); /* 1 or 2 */ -# -$ctx="%rdi"; # 1st arg -$inp="%rsi"; # 2nd arg -$num="%edx"; # 3rd arg -@ptr=map("%r$_",(8..11)); -$Tbl="%rbp"; -$inp_elm_size=2*$ptr_size; - -@V=($A,$B,$C,$D,$E,$F,$G,$H)=map("%xmm$_",(8..15)); -($t1,$t2,$t3,$axb,$bxc,$Xi,$Xn,$sigma)=map("%xmm$_",(0..7)); - -$REG_SZ=16; - -sub Xi_off { -my $off = shift; - - $off %= 16; $off *= $REG_SZ; - $off<256 ? "$off-128(%rax)" : "$off-256-128(%rbx)"; -} - -sub ROUND_00_15 { -my ($i,$a,$b,$c,$d,$e,$f,$g,$h)=@_; - -$code.=<<___ if ($i<15); - movd `4*$i`(@ptr[0]),$Xi - movd `4*$i`(@ptr[1]),$t1 - movd `4*$i`(@ptr[2]),$t2 - movd `4*$i`(@ptr[3]),$t3 - punpckldq $t2,$Xi - punpckldq $t3,$t1 - punpckldq $t1,$Xi -___ -$code.=<<___ if ($i==15); - movd `4*$i`(@ptr[0]),$Xi - lea `16*4`(@ptr[0]),@ptr[0] - movd `4*$i`(@ptr[1]),$t1 - lea `16*4`(@ptr[1]),@ptr[1] - movd `4*$i`(@ptr[2]),$t2 - lea `16*4`(@ptr[2]),@ptr[2] - movd `4*$i`(@ptr[3]),$t3 - lea `16*4`(@ptr[3]),@ptr[3] - punpckldq $t2,$Xi - punpckldq $t3,$t1 - punpckldq $t1,$Xi -___ -$code.=<<___; - movdqa $e,$sigma - `"pshufb $Xn,$Xi" if ($i<=15 && ($i&1)==0)` - movdqa $e,$t3 - `"pshufb $Xn,$Xi" if ($i<=15 && ($i&1)==1)` - psrld \$6,$sigma - movdqa $e,$t2 - pslld \$7,$t3 - movdqa $Xi,`&Xi_off($i)` - paddd $h,$Xi # Xi+=h - - psrld \$11,$t2 - pxor $t3,$sigma - pslld \$21-7,$t3 - paddd `32*($i%8)-128`($Tbl),$Xi # Xi+=K[round] - pxor $t2,$sigma - - psrld \$25-11,$t2 - movdqa $e,$t1 - `"prefetcht0 63(@ptr[0])" if ($i==15)` - pxor $t3,$sigma - movdqa $e,$axb # borrow $axb - pslld \$26-21,$t3 - pandn $g,$t1 - pand $f,$axb - pxor $t2,$sigma - - `"prefetcht0 63(@ptr[1])" if ($i==15)` - movdqa $a,$t2 - pxor $t3,$sigma # Sigma1(e) - movdqa $a,$t3 - psrld \$2,$t2 - paddd $sigma,$Xi # Xi+=Sigma1(e) - pxor $axb,$t1 # Ch(e,f,g) - movdqa $b,$axb - movdqa $a,$sigma - pslld \$10,$t3 - pxor $a,$axb # a^b, b^c in next round - - `"prefetcht0 63(@ptr[2])" if ($i==15)` - psrld \$13,$sigma - pxor $t3,$t2 - paddd $t1,$Xi # Xi+=Ch(e,f,g) - pslld \$19-10,$t3 - pand $axb,$bxc - pxor $sigma,$t2 - - `"prefetcht0 63(@ptr[3])" if ($i==15)` - psrld \$22-13,$sigma - pxor $t3,$t2 - movdqa $b,$h - pslld \$30-19,$t3 - pxor $t2,$sigma - pxor $bxc,$h # h=Maj(a,b,c)=Ch(a^b,c,b) - paddd $Xi,$d # d+=Xi - pxor $t3,$sigma # Sigma0(a) - - paddd $Xi,$h # h+=Xi - paddd $sigma,$h # h+=Sigma0(a) -___ -$code.=<<___ if (($i%8)==7); - lea `32*8`($Tbl),$Tbl -___ - ($axb,$bxc)=($bxc,$axb); -} - -sub ROUND_16_XX { -my $i=shift; - -$code.=<<___; - movdqa `&Xi_off($i+1)`,$Xn - paddd `&Xi_off($i+9)`,$Xi # Xi+=X[i+9] - - movdqa $Xn,$sigma - movdqa $Xn,$t2 - psrld \$3,$sigma - movdqa $Xn,$t3 - - psrld \$7,$t2 - movdqa `&Xi_off($i+14)`,$t1 - pslld \$14,$t3 - pxor $t2,$sigma - psrld \$18-7,$t2 - movdqa $t1,$axb # borrow $axb - pxor $t3,$sigma - pslld \$25-14,$t3 - pxor $t2,$sigma - psrld \$10,$t1 - movdqa $axb,$t2 - - psrld \$17,$axb - pxor $t3,$sigma # sigma0(X[i+1]) - pslld \$13,$t2 - paddd $sigma,$Xi # Xi+=sigma0(e) - pxor $axb,$t1 - psrld \$19-17,$axb - pxor $t2,$t1 - pslld \$15-13,$t2 - pxor $axb,$t1 - pxor $t2,$t1 # sigma0(X[i+14]) - paddd $t1,$Xi # Xi+=sigma1(X[i+14]) -___ - &ROUND_00_15($i,@_); - ($Xi,$Xn)=($Xn,$Xi); -} - -$code.=<<___; -.text - -.extern OPENSSL_ia32cap_P - -.globl sha256_multi_block -.type sha256_multi_block,\@function,3 -.align 32 -sha256_multi_block: -.cfi_startproc - mov OPENSSL_ia32cap_P+4(%rip),%rcx - bt \$61,%rcx # check SHA bit - jc _shaext_shortcut -___ -$code.=<<___ if ($avx); - test \$`1<<28`,%ecx - jnz _avx_shortcut -___ -$code.=<<___; - mov %rsp,%rax -.cfi_def_cfa_register %rax - push %rbx -.cfi_push %rbx - push %rbp -.cfi_push %rbp -___ -$code.=<<___ if ($win64); - lea -0xa8(%rsp),%rsp - movaps %xmm6,(%rsp) - movaps %xmm7,0x10(%rsp) - movaps %xmm8,0x20(%rsp) - movaps %xmm9,0x30(%rsp) - movaps %xmm10,-0x78(%rax) - movaps %xmm11,-0x68(%rax) - movaps %xmm12,-0x58(%rax) - movaps %xmm13,-0x48(%rax) - movaps %xmm14,-0x38(%rax) - movaps %xmm15,-0x28(%rax) -___ -$code.=<<___; - sub \$`$REG_SZ*18`, %rsp - and \$-256,%rsp - mov %rax,`$REG_SZ*17`(%rsp) # original %rsp -.cfi_cfa_expression %rsp+`$REG_SZ*17`,deref,+8 -.Lbody: - lea K256+128(%rip),$Tbl - lea `$REG_SZ*16`(%rsp),%rbx - lea 0x80($ctx),$ctx # size optimization - -.Loop_grande: - mov $num,`$REG_SZ*17+8`(%rsp) # original $num - xor $num,$num -___ -for($i=0;$i<4;$i++) { - $ptr_reg=&pointer_register($flavour,@ptr[$i]); - $code.=<<___; - # input pointer - mov `$inp_elm_size*$i+0`($inp),$ptr_reg - # number of blocks - mov `$inp_elm_size*$i+$ptr_size`($inp),%ecx - cmp $num,%ecx - cmovg %ecx,$num # find maximum - test %ecx,%ecx - mov %ecx,`4*$i`(%rbx) # initialize counters - cmovle $Tbl,@ptr[$i] # cancel input -___ -} -$code.=<<___; - test $num,$num - jz .Ldone - - movdqu 0x00-0x80($ctx),$A # load context - lea 128(%rsp),%rax - movdqu 0x20-0x80($ctx),$B - movdqu 0x40-0x80($ctx),$C - movdqu 0x60-0x80($ctx),$D - movdqu 0x80-0x80($ctx),$E - movdqu 0xa0-0x80($ctx),$F - movdqu 0xc0-0x80($ctx),$G - movdqu 0xe0-0x80($ctx),$H - movdqu .Lpbswap(%rip),$Xn - jmp .Loop - -.align 32 -.Loop: - movdqa $C,$bxc - pxor $B,$bxc # magic seed -___ -for($i=0;$i<16;$i++) { &ROUND_00_15($i,@V); unshift(@V,pop(@V)); } -$code.=<<___; - movdqu `&Xi_off($i)`,$Xi - mov \$3,%ecx - jmp .Loop_16_xx -.align 32 -.Loop_16_xx: -___ -for(;$i<32;$i++) { &ROUND_16_XX($i,@V); unshift(@V,pop(@V)); } -$code.=<<___; - dec %ecx - jnz .Loop_16_xx - - mov \$1,%ecx - lea K256+128(%rip),$Tbl - - movdqa (%rbx),$sigma # pull counters - cmp 4*0(%rbx),%ecx # examine counters - pxor $t1,$t1 - cmovge $Tbl,@ptr[0] # cancel input - cmp 4*1(%rbx),%ecx - movdqa $sigma,$Xn - cmovge $Tbl,@ptr[1] - cmp 4*2(%rbx),%ecx - pcmpgtd $t1,$Xn # mask value - cmovge $Tbl,@ptr[2] - cmp 4*3(%rbx),%ecx - paddd $Xn,$sigma # counters-- - cmovge $Tbl,@ptr[3] - - movdqu 0x00-0x80($ctx),$t1 - pand $Xn,$A - movdqu 0x20-0x80($ctx),$t2 - pand $Xn,$B - movdqu 0x40-0x80($ctx),$t3 - pand $Xn,$C - movdqu 0x60-0x80($ctx),$Xi - pand $Xn,$D - paddd $t1,$A - movdqu 0x80-0x80($ctx),$t1 - pand $Xn,$E - paddd $t2,$B - movdqu 0xa0-0x80($ctx),$t2 - pand $Xn,$F - paddd $t3,$C - movdqu 0xc0-0x80($ctx),$t3 - pand $Xn,$G - paddd $Xi,$D - movdqu 0xe0-0x80($ctx),$Xi - pand $Xn,$H - paddd $t1,$E - paddd $t2,$F - movdqu $A,0x00-0x80($ctx) - paddd $t3,$G - movdqu $B,0x20-0x80($ctx) - paddd $Xi,$H - movdqu $C,0x40-0x80($ctx) - movdqu $D,0x60-0x80($ctx) - movdqu $E,0x80-0x80($ctx) - movdqu $F,0xa0-0x80($ctx) - movdqu $G,0xc0-0x80($ctx) - movdqu $H,0xe0-0x80($ctx) - - movdqa $sigma,(%rbx) # save counters - movdqa .Lpbswap(%rip),$Xn - dec $num - jnz .Loop - - mov `$REG_SZ*17+8`(%rsp),$num - lea $REG_SZ($ctx),$ctx - lea `$inp_elm_size*$REG_SZ/4`($inp),$inp - dec $num - jnz .Loop_grande - -.Ldone: - mov `$REG_SZ*17`(%rsp),%rax # original %rsp -.cfi_def_cfa %rax,8 -___ -$code.=<<___ if ($win64); - movaps -0xb8(%rax),%xmm6 - movaps -0xa8(%rax),%xmm7 - movaps -0x98(%rax),%xmm8 - movaps -0x88(%rax),%xmm9 - movaps -0x78(%rax),%xmm10 - movaps -0x68(%rax),%xmm11 - movaps -0x58(%rax),%xmm12 - movaps -0x48(%rax),%xmm13 - movaps -0x38(%rax),%xmm14 - movaps -0x28(%rax),%xmm15 -___ -$code.=<<___; - mov -16(%rax),%rbp -.cfi_restore %rbp - mov -8(%rax),%rbx -.cfi_restore %rbx - lea (%rax),%rsp -.cfi_def_cfa_register %rsp -.Lepilogue: - ret -.cfi_endproc -.size sha256_multi_block,.-sha256_multi_block -___ - {{{ -my ($Wi,$TMP0,$TMP1,$TMPx,$ABEF0,$CDGH0,$ABEF1,$CDGH1)=map("%xmm$_",(0..3,12..15)); -my @MSG0=map("%xmm$_",(4..7)); -my @MSG1=map("%xmm$_",(8..11)); - -$code.=<<___; -.type sha256_multi_block_shaext,\@function,3 -.align 32 -sha256_multi_block_shaext: -.cfi_startproc -_shaext_shortcut: - mov %rsp,%rax -.cfi_def_cfa_register %rax - push %rbx -.cfi_push %rbx - push %rbp -.cfi_push %rbp -___ -$code.=<<___ if ($win64); - lea -0xa8(%rsp),%rsp - movaps %xmm6,(%rsp) - movaps %xmm7,0x10(%rsp) - movaps %xmm8,0x20(%rsp) - movaps %xmm9,0x30(%rsp) - movaps %xmm10,-0x78(%rax) - movaps %xmm11,-0x68(%rax) - movaps %xmm12,-0x58(%rax) - movaps %xmm13,-0x48(%rax) - movaps %xmm14,-0x38(%rax) - movaps %xmm15,-0x28(%rax) -___ -$code.=<<___; - sub \$`$REG_SZ*18`,%rsp - shl \$1,$num # we process pair at a time - and \$-256,%rsp - lea 0x80($ctx),$ctx # size optimization - mov %rax,`$REG_SZ*17`(%rsp) # original %rsp -.Lbody_shaext: - lea `$REG_SZ*16`(%rsp),%rbx - lea K256_shaext+0x80(%rip),$Tbl - -.Loop_grande_shaext: - mov $num,`$REG_SZ*17+8`(%rsp) # original $num - xor $num,$num -___ -for($i=0;$i<2;$i++) { - $ptr_reg=&pointer_register($flavour,@ptr[$i]); - $code.=<<___; - # input pointer - mov `$inp_elm_size*$i+0`($inp),$ptr_reg - # number of blocks - mov `$inp_elm_size*$i+$ptr_size`($inp),%ecx - cmp $num,%ecx - cmovg %ecx,$num # find maximum - test %ecx,%ecx - mov %ecx,`4*$i`(%rbx) # initialize counters - cmovle %rsp,@ptr[$i] # cancel input -___ -} -$code.=<<___; - test $num,$num - jz .Ldone_shaext - - movq 0x00-0x80($ctx),$ABEF0 # A1.A0 - movq 0x20-0x80($ctx),@MSG0[0] # B1.B0 - movq 0x40-0x80($ctx),$CDGH0 # C1.C0 - movq 0x60-0x80($ctx),@MSG0[1] # D1.D0 - movq 0x80-0x80($ctx),@MSG1[0] # E1.E0 - movq 0xa0-0x80($ctx),@MSG1[1] # F1.F0 - movq 0xc0-0x80($ctx),@MSG1[2] # G1.G0 - movq 0xe0-0x80($ctx),@MSG1[3] # H1.H0 - - punpckldq @MSG0[0],$ABEF0 # B1.A1.B0.A0 - punpckldq @MSG0[1],$CDGH0 # D1.C1.D0.C0 - punpckldq @MSG1[1],@MSG1[0] # F1.E1.F0.E0 - punpckldq @MSG1[3],@MSG1[2] # H1.G1.H0.G0 - movdqa K256_shaext-0x10(%rip),$TMPx # byte swap - - movdqa $ABEF0,$ABEF1 - movdqa $CDGH0,$CDGH1 - punpcklqdq @MSG1[0],$ABEF0 # F0.E0.B0.A0 - punpcklqdq @MSG1[2],$CDGH0 # H0.G0.D0.C0 - punpckhqdq @MSG1[0],$ABEF1 # F1.E1.B1.A1 - punpckhqdq @MSG1[2],$CDGH1 # H1.G1.D1.C1 - - pshufd \$0b00011011,$ABEF0,$ABEF0 - pshufd \$0b00011011,$CDGH0,$CDGH0 - pshufd \$0b00011011,$ABEF1,$ABEF1 - pshufd \$0b00011011,$CDGH1,$CDGH1 - jmp .Loop_shaext - -.align 32 -.Loop_shaext: - movdqu 0x00(@ptr[0]),@MSG0[0] - movdqu 0x00(@ptr[1]),@MSG1[0] - movdqu 0x10(@ptr[0]),@MSG0[1] - movdqu 0x10(@ptr[1]),@MSG1[1] - movdqu 0x20(@ptr[0]),@MSG0[2] - pshufb $TMPx,@MSG0[0] - movdqu 0x20(@ptr[1]),@MSG1[2] - pshufb $TMPx,@MSG1[0] - movdqu 0x30(@ptr[0]),@MSG0[3] - lea 0x40(@ptr[0]),@ptr[0] - movdqu 0x30(@ptr[1]),@MSG1[3] - lea 0x40(@ptr[1]),@ptr[1] - - movdqa 0*16-0x80($Tbl),$Wi - pshufb $TMPx,@MSG0[1] - paddd @MSG0[0],$Wi - pxor $ABEF0,@MSG0[0] # black magic - movdqa $Wi,$TMP0 - movdqa 0*16-0x80($Tbl),$TMP1 - pshufb $TMPx,@MSG1[1] - paddd @MSG1[0],$TMP1 - movdqa $CDGH0,0x50(%rsp) # offload - sha256rnds2 $ABEF0,$CDGH0 # 0-3 - pxor $ABEF1,@MSG1[0] # black magic - movdqa $TMP1,$Wi - movdqa $CDGH1,0x70(%rsp) - sha256rnds2 $ABEF1,$CDGH1 # 0-3 - pshufd \$0x0e,$TMP0,$Wi - pxor $ABEF0,@MSG0[0] # black magic - movdqa $ABEF0,0x40(%rsp) # offload - sha256rnds2 $CDGH0,$ABEF0 - pshufd \$0x0e,$TMP1,$Wi - pxor $ABEF1,@MSG1[0] # black magic - movdqa $ABEF1,0x60(%rsp) - movdqa 1*16-0x80($Tbl),$TMP0 - paddd @MSG0[1],$TMP0 - pshufb $TMPx,@MSG0[2] - sha256rnds2 $CDGH1,$ABEF1 - - movdqa $TMP0,$Wi - movdqa 1*16-0x80($Tbl),$TMP1 - paddd @MSG1[1],$TMP1 - sha256rnds2 $ABEF0,$CDGH0 # 4-7 - movdqa $TMP1,$Wi - prefetcht0 127(@ptr[0]) - pshufb $TMPx,@MSG0[3] - pshufb $TMPx,@MSG1[2] - prefetcht0 127(@ptr[1]) - sha256rnds2 $ABEF1,$CDGH1 # 4-7 - pshufd \$0x0e,$TMP0,$Wi - pshufb $TMPx,@MSG1[3] - sha256msg1 @MSG0[1],@MSG0[0] - sha256rnds2 $CDGH0,$ABEF0 - pshufd \$0x0e,$TMP1,$Wi - movdqa 2*16-0x80($Tbl),$TMP0 - paddd @MSG0[2],$TMP0 - sha256rnds2 $CDGH1,$ABEF1 - - movdqa $TMP0,$Wi - movdqa 2*16-0x80($Tbl),$TMP1 - paddd @MSG1[2],$TMP1 - sha256rnds2 $ABEF0,$CDGH0 # 8-11 - sha256msg1 @MSG1[1],@MSG1[0] - movdqa $TMP1,$Wi - movdqa @MSG0[3],$TMPx - sha256rnds2 $ABEF1,$CDGH1 # 8-11 - pshufd \$0x0e,$TMP0,$Wi - palignr \$4,@MSG0[2],$TMPx - paddd $TMPx,@MSG0[0] - movdqa @MSG1[3],$TMPx - palignr \$4,@MSG1[2],$TMPx - sha256msg1 @MSG0[2],@MSG0[1] - sha256rnds2 $CDGH0,$ABEF0 - pshufd \$0x0e,$TMP1,$Wi - movdqa 3*16-0x80($Tbl),$TMP0 - paddd @MSG0[3],$TMP0 - sha256rnds2 $CDGH1,$ABEF1 - sha256msg1 @MSG1[2],@MSG1[1] - - movdqa $TMP0,$Wi - movdqa 3*16-0x80($Tbl),$TMP1 - paddd $TMPx,@MSG1[0] - paddd @MSG1[3],$TMP1 - sha256msg2 @MSG0[3],@MSG0[0] - sha256rnds2 $ABEF0,$CDGH0 # 12-15 - movdqa $TMP1,$Wi - movdqa @MSG0[0],$TMPx - palignr \$4,@MSG0[3],$TMPx - sha256rnds2 $ABEF1,$CDGH1 # 12-15 - sha256msg2 @MSG1[3],@MSG1[0] - pshufd \$0x0e,$TMP0,$Wi - paddd $TMPx,@MSG0[1] - movdqa @MSG1[0],$TMPx - palignr \$4,@MSG1[3],$TMPx - sha256msg1 @MSG0[3],@MSG0[2] - sha256rnds2 $CDGH0,$ABEF0 - pshufd \$0x0e,$TMP1,$Wi - movdqa 4*16-0x80($Tbl),$TMP0 - paddd @MSG0[0],$TMP0 - sha256rnds2 $CDGH1,$ABEF1 - sha256msg1 @MSG1[3],@MSG1[2] -___ -for($i=4;$i<16-3;$i++) { -$code.=<<___; - movdqa $TMP0,$Wi - movdqa $i*16-0x80($Tbl),$TMP1 - paddd $TMPx,@MSG1[1] - paddd @MSG1[0],$TMP1 - sha256msg2 @MSG0[0],@MSG0[1] - sha256rnds2 $ABEF0,$CDGH0 # 16-19... - movdqa $TMP1,$Wi - movdqa @MSG0[1],$TMPx - palignr \$4,@MSG0[0],$TMPx - sha256rnds2 $ABEF1,$CDGH1 # 16-19... - sha256msg2 @MSG1[0],@MSG1[1] - pshufd \$0x0e,$TMP0,$Wi - paddd $TMPx,@MSG0[2] - movdqa @MSG1[1],$TMPx - palignr \$4,@MSG1[0],$TMPx - sha256msg1 @MSG0[0],@MSG0[3] - sha256rnds2 $CDGH0,$ABEF0 - pshufd \$0x0e,$TMP1,$Wi - movdqa `($i+1)*16`-0x80($Tbl),$TMP0 - paddd @MSG0[1],$TMP0 - sha256rnds2 $CDGH1,$ABEF1 - sha256msg1 @MSG1[0],@MSG1[3] -___ - push(@MSG0,shift(@MSG0)); push(@MSG1,shift(@MSG1)); -} -$code.=<<___; - movdqa $TMP0,$Wi - movdqa 13*16-0x80($Tbl),$TMP1 - paddd $TMPx,@MSG1[1] - paddd @MSG1[0],$TMP1 - sha256msg2 @MSG0[0],@MSG0[1] - sha256rnds2 $ABEF0,$CDGH0 # 52-55 - movdqa $TMP1,$Wi - movdqa @MSG0[1],$TMPx - palignr \$4,@MSG0[0],$TMPx - sha256rnds2 $ABEF1,$CDGH1 # 52-55 - sha256msg2 @MSG1[0],@MSG1[1] - pshufd \$0x0e,$TMP0,$Wi - paddd $TMPx,@MSG0[2] - movdqa @MSG1[1],$TMPx - palignr \$4,@MSG1[0],$TMPx - nop - sha256rnds2 $CDGH0,$ABEF0 - pshufd \$0x0e,$TMP1,$Wi - movdqa 14*16-0x80($Tbl),$TMP0 - paddd @MSG0[1],$TMP0 - sha256rnds2 $CDGH1,$ABEF1 - - movdqa $TMP0,$Wi - movdqa 14*16-0x80($Tbl),$TMP1 - paddd $TMPx,@MSG1[2] - paddd @MSG1[1],$TMP1 - sha256msg2 @MSG0[1],@MSG0[2] - nop - sha256rnds2 $ABEF0,$CDGH0 # 56-59 - movdqa $TMP1,$Wi - mov \$1,%ecx - pxor @MSG0[1],@MSG0[1] # zero - sha256rnds2 $ABEF1,$CDGH1 # 56-59 - sha256msg2 @MSG1[1],@MSG1[2] - pshufd \$0x0e,$TMP0,$Wi - movdqa 15*16-0x80($Tbl),$TMP0 - paddd @MSG0[2],$TMP0 - movq (%rbx),@MSG0[2] # pull counters - nop - sha256rnds2 $CDGH0,$ABEF0 - pshufd \$0x0e,$TMP1,$Wi - movdqa 15*16-0x80($Tbl),$TMP1 - paddd @MSG1[2],$TMP1 - sha256rnds2 $CDGH1,$ABEF1 - - movdqa $TMP0,$Wi - cmp 4*0(%rbx),%ecx # examine counters - cmovge %rsp,@ptr[0] # cancel input - cmp 4*1(%rbx),%ecx - cmovge %rsp,@ptr[1] - pshufd \$0x00,@MSG0[2],@MSG1[0] - sha256rnds2 $ABEF0,$CDGH0 # 60-63 - movdqa $TMP1,$Wi - pshufd \$0x55,@MSG0[2],@MSG1[1] - movdqa @MSG0[2],@MSG1[2] - sha256rnds2 $ABEF1,$CDGH1 # 60-63 - pshufd \$0x0e,$TMP0,$Wi - pcmpgtd @MSG0[1],@MSG1[0] - pcmpgtd @MSG0[1],@MSG1[1] - sha256rnds2 $CDGH0,$ABEF0 - pshufd \$0x0e,$TMP1,$Wi - pcmpgtd @MSG0[1],@MSG1[2] # counter mask - movdqa K256_shaext-0x10(%rip),$TMPx - sha256rnds2 $CDGH1,$ABEF1 - - pand @MSG1[0],$CDGH0 - pand @MSG1[1],$CDGH1 - pand @MSG1[0],$ABEF0 - pand @MSG1[1],$ABEF1 - paddd @MSG0[2],@MSG1[2] # counters-- - - paddd 0x50(%rsp),$CDGH0 - paddd 0x70(%rsp),$CDGH1 - paddd 0x40(%rsp),$ABEF0 - paddd 0x60(%rsp),$ABEF1 - - movq @MSG1[2],(%rbx) # save counters - dec $num - jnz .Loop_shaext - - mov `$REG_SZ*17+8`(%rsp),$num - - pshufd \$0b00011011,$ABEF0,$ABEF0 - pshufd \$0b00011011,$CDGH0,$CDGH0 - pshufd \$0b00011011,$ABEF1,$ABEF1 - pshufd \$0b00011011,$CDGH1,$CDGH1 - - movdqa $ABEF0,@MSG0[0] - movdqa $CDGH0,@MSG0[1] - punpckldq $ABEF1,$ABEF0 # B1.B0.A1.A0 - punpckhdq $ABEF1,@MSG0[0] # F1.F0.E1.E0 - punpckldq $CDGH1,$CDGH0 # D1.D0.C1.C0 - punpckhdq $CDGH1,@MSG0[1] # H1.H0.G1.G0 - - movq $ABEF0,0x00-0x80($ctx) # A1.A0 - psrldq \$8,$ABEF0 - movq @MSG0[0],0x80-0x80($ctx) # E1.E0 - psrldq \$8,@MSG0[0] - movq $ABEF0,0x20-0x80($ctx) # B1.B0 - movq @MSG0[0],0xa0-0x80($ctx) # F1.F0 - - movq $CDGH0,0x40-0x80($ctx) # C1.C0 - psrldq \$8,$CDGH0 - movq @MSG0[1],0xc0-0x80($ctx) # G1.G0 - psrldq \$8,@MSG0[1] - movq $CDGH0,0x60-0x80($ctx) # D1.D0 - movq @MSG0[1],0xe0-0x80($ctx) # H1.H0 - - lea `$REG_SZ/2`($ctx),$ctx - lea `$inp_elm_size*2`($inp),$inp - dec $num - jnz .Loop_grande_shaext - -.Ldone_shaext: - #mov `$REG_SZ*17`(%rsp),%rax # original %rsp -___ -$code.=<<___ if ($win64); - movaps -0xb8(%rax),%xmm6 - movaps -0xa8(%rax),%xmm7 - movaps -0x98(%rax),%xmm8 - movaps -0x88(%rax),%xmm9 - movaps -0x78(%rax),%xmm10 - movaps -0x68(%rax),%xmm11 - movaps -0x58(%rax),%xmm12 - movaps -0x48(%rax),%xmm13 - movaps -0x38(%rax),%xmm14 - movaps -0x28(%rax),%xmm15 -___ -$code.=<<___; - mov -16(%rax),%rbp -.cfi_restore %rbp - mov -8(%rax),%rbx -.cfi_restore %rbx - lea (%rax),%rsp -.cfi_def_cfa_register %rsp -.Lepilogue_shaext: - ret -.cfi_endproc -.size sha256_multi_block_shaext,.-sha256_multi_block_shaext -___ - }}} - if ($avx) {{{ -sub ROUND_00_15_avx { -my ($i,$a,$b,$c,$d,$e,$f,$g,$h)=@_; - -$code.=<<___ if ($i<15 && $REG_SZ==16); - vmovd `4*$i`(@ptr[0]),$Xi - vmovd `4*$i`(@ptr[1]),$t1 - vpinsrd \$1,`4*$i`(@ptr[2]),$Xi,$Xi - vpinsrd \$1,`4*$i`(@ptr[3]),$t1,$t1 - vpunpckldq $t1,$Xi,$Xi - vpshufb $Xn,$Xi,$Xi -___ -$code.=<<___ if ($i==15 && $REG_SZ==16); - vmovd `4*$i`(@ptr[0]),$Xi - lea `16*4`(@ptr[0]),@ptr[0] - vmovd `4*$i`(@ptr[1]),$t1 - lea `16*4`(@ptr[1]),@ptr[1] - vpinsrd \$1,`4*$i`(@ptr[2]),$Xi,$Xi - lea `16*4`(@ptr[2]),@ptr[2] - vpinsrd \$1,`4*$i`(@ptr[3]),$t1,$t1 - lea `16*4`(@ptr[3]),@ptr[3] - vpunpckldq $t1,$Xi,$Xi - vpshufb $Xn,$Xi,$Xi -___ -$code.=<<___ if ($i<15 && $REG_SZ==32); - vmovd `4*$i`(@ptr[0]),$Xi - vmovd `4*$i`(@ptr[4]),$t1 - vmovd `4*$i`(@ptr[1]),$t2 - vmovd `4*$i`(@ptr[5]),$t3 - vpinsrd \$1,`4*$i`(@ptr[2]),$Xi,$Xi - vpinsrd \$1,`4*$i`(@ptr[6]),$t1,$t1 - vpinsrd \$1,`4*$i`(@ptr[3]),$t2,$t2 - vpunpckldq $t2,$Xi,$Xi - vpinsrd \$1,`4*$i`(@ptr[7]),$t3,$t3 - vpunpckldq $t3,$t1,$t1 - vinserti128 $t1,$Xi,$Xi - vpshufb $Xn,$Xi,$Xi -___ -$code.=<<___ if ($i==15 && $REG_SZ==32); - vmovd `4*$i`(@ptr[0]),$Xi - lea `16*4`(@ptr[0]),@ptr[0] - vmovd `4*$i`(@ptr[4]),$t1 - lea `16*4`(@ptr[4]),@ptr[4] - vmovd `4*$i`(@ptr[1]),$t2 - lea `16*4`(@ptr[1]),@ptr[1] - vmovd `4*$i`(@ptr[5]),$t3 - lea `16*4`(@ptr[5]),@ptr[5] - vpinsrd \$1,`4*$i`(@ptr[2]),$Xi,$Xi - lea `16*4`(@ptr[2]),@ptr[2] - vpinsrd \$1,`4*$i`(@ptr[6]),$t1,$t1 - lea `16*4`(@ptr[6]),@ptr[6] - vpinsrd \$1,`4*$i`(@ptr[3]),$t2,$t2 - lea `16*4`(@ptr[3]),@ptr[3] - vpunpckldq $t2,$Xi,$Xi - vpinsrd \$1,`4*$i`(@ptr[7]),$t3,$t3 - lea `16*4`(@ptr[7]),@ptr[7] - vpunpckldq $t3,$t1,$t1 - vinserti128 $t1,$Xi,$Xi - vpshufb $Xn,$Xi,$Xi -___ -$code.=<<___; - vpsrld \$6,$e,$sigma - vpslld \$26,$e,$t3 - vmovdqu $Xi,`&Xi_off($i)` - vpaddd $h,$Xi,$Xi # Xi+=h - - vpsrld \$11,$e,$t2 - vpxor $t3,$sigma,$sigma - vpslld \$21,$e,$t3 - vpaddd `32*($i%8)-128`($Tbl),$Xi,$Xi # Xi+=K[round] - vpxor $t2,$sigma,$sigma - - vpsrld \$25,$e,$t2 - vpxor $t3,$sigma,$sigma - `"prefetcht0 63(@ptr[0])" if ($i==15)` - vpslld \$7,$e,$t3 - vpandn $g,$e,$t1 - vpand $f,$e,$axb # borrow $axb - `"prefetcht0 63(@ptr[1])" if ($i==15)` - vpxor $t2,$sigma,$sigma - - vpsrld \$2,$a,$h # borrow $h - vpxor $t3,$sigma,$sigma # Sigma1(e) - `"prefetcht0 63(@ptr[2])" if ($i==15)` - vpslld \$30,$a,$t2 - vpxor $axb,$t1,$t1 # Ch(e,f,g) - vpxor $a,$b,$axb # a^b, b^c in next round - `"prefetcht0 63(@ptr[3])" if ($i==15)` - vpxor $t2,$h,$h - vpaddd $sigma,$Xi,$Xi # Xi+=Sigma1(e) - - vpsrld \$13,$a,$t2 - `"prefetcht0 63(@ptr[4])" if ($i==15 && $REG_SZ==32)` - vpslld \$19,$a,$t3 - vpaddd $t1,$Xi,$Xi # Xi+=Ch(e,f,g) - vpand $axb,$bxc,$bxc - `"prefetcht0 63(@ptr[5])" if ($i==15 && $REG_SZ==32)` - vpxor $t2,$h,$sigma - - vpsrld \$22,$a,$t2 - vpxor $t3,$sigma,$sigma - `"prefetcht0 63(@ptr[6])" if ($i==15 && $REG_SZ==32)` - vpslld \$10,$a,$t3 - vpxor $bxc,$b,$h # h=Maj(a,b,c)=Ch(a^b,c,b) - vpaddd $Xi,$d,$d # d+=Xi - `"prefetcht0 63(@ptr[7])" if ($i==15 && $REG_SZ==32)` - vpxor $t2,$sigma,$sigma - vpxor $t3,$sigma,$sigma # Sigma0(a) - - vpaddd $Xi,$h,$h # h+=Xi - vpaddd $sigma,$h,$h # h+=Sigma0(a) -___ -$code.=<<___ if (($i%8)==7); - add \$`32*8`,$Tbl -___ - ($axb,$bxc)=($bxc,$axb); -} - -sub ROUND_16_XX_avx { -my $i=shift; - -$code.=<<___; - vmovdqu `&Xi_off($i+1)`,$Xn - vpaddd `&Xi_off($i+9)`,$Xi,$Xi # Xi+=X[i+9] - - vpsrld \$3,$Xn,$sigma - vpsrld \$7,$Xn,$t2 - vpslld \$25,$Xn,$t3 - vpxor $t2,$sigma,$sigma - vpsrld \$18,$Xn,$t2 - vpxor $t3,$sigma,$sigma - vpslld \$14,$Xn,$t3 - vmovdqu `&Xi_off($i+14)`,$t1 - vpsrld \$10,$t1,$axb # borrow $axb - - vpxor $t2,$sigma,$sigma - vpsrld \$17,$t1,$t2 - vpxor $t3,$sigma,$sigma # sigma0(X[i+1]) - vpslld \$15,$t1,$t3 - vpaddd $sigma,$Xi,$Xi # Xi+=sigma0(e) - vpxor $t2,$axb,$sigma - vpsrld \$19,$t1,$t2 - vpxor $t3,$sigma,$sigma - vpslld \$13,$t1,$t3 - vpxor $t2,$sigma,$sigma - vpxor $t3,$sigma,$sigma # sigma0(X[i+14]) - vpaddd $sigma,$Xi,$Xi # Xi+=sigma1(X[i+14]) -___ - &ROUND_00_15_avx($i,@_); - ($Xi,$Xn)=($Xn,$Xi); -} - -$code.=<<___; -.type sha256_multi_block_avx,\@function,3 -.align 32 -sha256_multi_block_avx: -.cfi_startproc -_avx_shortcut: -___ -$code.=<<___ if ($avx>1); - shr \$32,%rcx - cmp \$2,$num - jb .Lavx - test \$`1<<5`,%ecx - jnz _avx2_shortcut - jmp .Lavx -.align 32 -.Lavx: -___ -$code.=<<___; - mov %rsp,%rax -.cfi_def_cfa_register %rax - push %rbx -.cfi_push %rbx - push %rbp -.cfi_push %rbp -___ -$code.=<<___ if ($win64); - lea -0xa8(%rsp),%rsp - movaps %xmm6,(%rsp) - movaps %xmm7,0x10(%rsp) - movaps %xmm8,0x20(%rsp) - movaps %xmm9,0x30(%rsp) - movaps %xmm10,-0x78(%rax) - movaps %xmm11,-0x68(%rax) - movaps %xmm12,-0x58(%rax) - movaps %xmm13,-0x48(%rax) - movaps %xmm14,-0x38(%rax) - movaps %xmm15,-0x28(%rax) -___ -$code.=<<___; - sub \$`$REG_SZ*18`, %rsp - and \$-256,%rsp - mov %rax,`$REG_SZ*17`(%rsp) # original %rsp -.cfi_cfa_expression %rsp+`$REG_SZ*17`,deref,+8 -.Lbody_avx: - lea K256+128(%rip),$Tbl - lea `$REG_SZ*16`(%rsp),%rbx - lea 0x80($ctx),$ctx # size optimization - -.Loop_grande_avx: - mov $num,`$REG_SZ*17+8`(%rsp) # original $num - xor $num,$num -___ -for($i=0;$i<4;$i++) { - $ptr_reg=&pointer_register($flavour,@ptr[$i]); - $code.=<<___; - # input pointer - mov `$inp_elm_size*$i+0`($inp),$ptr_reg - # number of blocks - mov `$inp_elm_size*$i+$ptr_size`($inp),%ecx - cmp $num,%ecx - cmovg %ecx,$num # find maximum - test %ecx,%ecx - mov %ecx,`4*$i`(%rbx) # initialize counters - cmovle $Tbl,@ptr[$i] # cancel input -___ -} -$code.=<<___; - test $num,$num - jz .Ldone_avx - - vmovdqu 0x00-0x80($ctx),$A # load context - lea 128(%rsp),%rax - vmovdqu 0x20-0x80($ctx),$B - vmovdqu 0x40-0x80($ctx),$C - vmovdqu 0x60-0x80($ctx),$D - vmovdqu 0x80-0x80($ctx),$E - vmovdqu 0xa0-0x80($ctx),$F - vmovdqu 0xc0-0x80($ctx),$G - vmovdqu 0xe0-0x80($ctx),$H - vmovdqu .Lpbswap(%rip),$Xn - jmp .Loop_avx - -.align 32 -.Loop_avx: - vpxor $B,$C,$bxc # magic seed -___ -for($i=0;$i<16;$i++) { &ROUND_00_15_avx($i,@V); unshift(@V,pop(@V)); } -$code.=<<___; - vmovdqu `&Xi_off($i)`,$Xi - mov \$3,%ecx - jmp .Loop_16_xx_avx -.align 32 -.Loop_16_xx_avx: -___ -for(;$i<32;$i++) { &ROUND_16_XX_avx($i,@V); unshift(@V,pop(@V)); } -$code.=<<___; - dec %ecx - jnz .Loop_16_xx_avx - - mov \$1,%ecx - lea K256+128(%rip),$Tbl -___ -for($i=0;$i<4;$i++) { - $code.=<<___; - cmp `4*$i`(%rbx),%ecx # examine counters - cmovge $Tbl,@ptr[$i] # cancel input -___ -} -$code.=<<___; - vmovdqa (%rbx),$sigma # pull counters - vpxor $t1,$t1,$t1 - vmovdqa $sigma,$Xn - vpcmpgtd $t1,$Xn,$Xn # mask value - vpaddd $Xn,$sigma,$sigma # counters-- - - vmovdqu 0x00-0x80($ctx),$t1 - vpand $Xn,$A,$A - vmovdqu 0x20-0x80($ctx),$t2 - vpand $Xn,$B,$B - vmovdqu 0x40-0x80($ctx),$t3 - vpand $Xn,$C,$C - vmovdqu 0x60-0x80($ctx),$Xi - vpand $Xn,$D,$D - vpaddd $t1,$A,$A - vmovdqu 0x80-0x80($ctx),$t1 - vpand $Xn,$E,$E - vpaddd $t2,$B,$B - vmovdqu 0xa0-0x80($ctx),$t2 - vpand $Xn,$F,$F - vpaddd $t3,$C,$C - vmovdqu 0xc0-0x80($ctx),$t3 - vpand $Xn,$G,$G - vpaddd $Xi,$D,$D - vmovdqu 0xe0-0x80($ctx),$Xi - vpand $Xn,$H,$H - vpaddd $t1,$E,$E - vpaddd $t2,$F,$F - vmovdqu $A,0x00-0x80($ctx) - vpaddd $t3,$G,$G - vmovdqu $B,0x20-0x80($ctx) - vpaddd $Xi,$H,$H - vmovdqu $C,0x40-0x80($ctx) - vmovdqu $D,0x60-0x80($ctx) - vmovdqu $E,0x80-0x80($ctx) - vmovdqu $F,0xa0-0x80($ctx) - vmovdqu $G,0xc0-0x80($ctx) - vmovdqu $H,0xe0-0x80($ctx) - - vmovdqu $sigma,(%rbx) # save counters - vmovdqu .Lpbswap(%rip),$Xn - dec $num - jnz .Loop_avx - - mov `$REG_SZ*17+8`(%rsp),$num - lea $REG_SZ($ctx),$ctx - lea `$inp_elm_size*$REG_SZ/4`($inp),$inp - dec $num - jnz .Loop_grande_avx - -.Ldone_avx: - mov `$REG_SZ*17`(%rsp),%rax # original %rsp -.cfi_def_cfa %rax,8 - vzeroupper -___ -$code.=<<___ if ($win64); - movaps -0xb8(%rax),%xmm6 - movaps -0xa8(%rax),%xmm7 - movaps -0x98(%rax),%xmm8 - movaps -0x88(%rax),%xmm9 - movaps -0x78(%rax),%xmm10 - movaps -0x68(%rax),%xmm11 - movaps -0x58(%rax),%xmm12 - movaps -0x48(%rax),%xmm13 - movaps -0x38(%rax),%xmm14 - movaps -0x28(%rax),%xmm15 -___ -$code.=<<___; - mov -16(%rax),%rbp -.cfi_restore %rbp - mov -8(%rax),%rbx -.cfi_restore %rbx - lea (%rax),%rsp -.cfi_def_cfa_register %rsp -.Lepilogue_avx: - ret -.cfi_endproc -.size sha256_multi_block_avx,.-sha256_multi_block_avx -___ - if ($avx>1) { -$code =~ s/\`([^\`]*)\`/eval $1/gem; - -$REG_SZ=32; -@ptr=map("%r$_",(12..15,8..11)); - -@V=($A,$B,$C,$D,$E,$F,$G,$H)=map("%ymm$_",(8..15)); -($t1,$t2,$t3,$axb,$bxc,$Xi,$Xn,$sigma)=map("%ymm$_",(0..7)); - -$code.=<<___; -.type sha256_multi_block_avx2,\@function,3 -.align 32 -sha256_multi_block_avx2: -.cfi_startproc -_avx2_shortcut: - mov %rsp,%rax -.cfi_def_cfa_register %rax - push %rbx -.cfi_push %rbx - push %rbp -.cfi_push %rbp - push %r12 -.cfi_push %r12 - push %r13 -.cfi_push %r13 - push %r14 -.cfi_push %r14 - push %r15 -.cfi_push %r15 -___ -$code.=<<___ if ($win64); - lea -0xa8(%rsp),%rsp - movaps %xmm6,(%rsp) - movaps %xmm7,0x10(%rsp) - movaps %xmm8,0x20(%rsp) - movaps %xmm9,0x30(%rsp) - movaps %xmm10,0x40(%rsp) - movaps %xmm11,0x50(%rsp) - movaps %xmm12,-0x78(%rax) - movaps %xmm13,-0x68(%rax) - movaps %xmm14,-0x58(%rax) - movaps %xmm15,-0x48(%rax) -___ -$code.=<<___; - sub \$`$REG_SZ*18`, %rsp - and \$-256,%rsp - mov %rax,`$REG_SZ*17`(%rsp) # original %rsp -.cfi_cfa_expression %rsp+`$REG_SZ*17`,deref,+8 -.Lbody_avx2: - lea K256+128(%rip),$Tbl - lea 0x80($ctx),$ctx # size optimization - -.Loop_grande_avx2: - mov $num,`$REG_SZ*17+8`(%rsp) # original $num - xor $num,$num - lea `$REG_SZ*16`(%rsp),%rbx -___ -for($i=0;$i<8;$i++) { - $ptr_reg=&pointer_register($flavour,@ptr[$i]); - $code.=<<___; - # input pointer - mov `$inp_elm_size*$i+0`($inp),$ptr_reg - # number of blocks - mov `$inp_elm_size*$i+$ptr_size`($inp),%ecx - cmp $num,%ecx - cmovg %ecx,$num # find maximum - test %ecx,%ecx - mov %ecx,`4*$i`(%rbx) # initialize counters - cmovle $Tbl,@ptr[$i] # cancel input -___ -} -$code.=<<___; - vmovdqu 0x00-0x80($ctx),$A # load context - lea 128(%rsp),%rax - vmovdqu 0x20-0x80($ctx),$B - lea 256+128(%rsp),%rbx - vmovdqu 0x40-0x80($ctx),$C - vmovdqu 0x60-0x80($ctx),$D - vmovdqu 0x80-0x80($ctx),$E - vmovdqu 0xa0-0x80($ctx),$F - vmovdqu 0xc0-0x80($ctx),$G - vmovdqu 0xe0-0x80($ctx),$H - vmovdqu .Lpbswap(%rip),$Xn - jmp .Loop_avx2 - -.align 32 -.Loop_avx2: - vpxor $B,$C,$bxc # magic seed -___ -for($i=0;$i<16;$i++) { &ROUND_00_15_avx($i,@V); unshift(@V,pop(@V)); } -$code.=<<___; - vmovdqu `&Xi_off($i)`,$Xi - mov \$3,%ecx - jmp .Loop_16_xx_avx2 -.align 32 -.Loop_16_xx_avx2: -___ -for(;$i<32;$i++) { &ROUND_16_XX_avx($i,@V); unshift(@V,pop(@V)); } -$code.=<<___; - dec %ecx - jnz .Loop_16_xx_avx2 - - mov \$1,%ecx - lea `$REG_SZ*16`(%rsp),%rbx - lea K256+128(%rip),$Tbl -___ -for($i=0;$i<8;$i++) { - $code.=<<___; - cmp `4*$i`(%rbx),%ecx # examine counters - cmovge $Tbl,@ptr[$i] # cancel input -___ -} -$code.=<<___; - vmovdqa (%rbx),$sigma # pull counters - vpxor $t1,$t1,$t1 - vmovdqa $sigma,$Xn - vpcmpgtd $t1,$Xn,$Xn # mask value - vpaddd $Xn,$sigma,$sigma # counters-- - - vmovdqu 0x00-0x80($ctx),$t1 - vpand $Xn,$A,$A - vmovdqu 0x20-0x80($ctx),$t2 - vpand $Xn,$B,$B - vmovdqu 0x40-0x80($ctx),$t3 - vpand $Xn,$C,$C - vmovdqu 0x60-0x80($ctx),$Xi - vpand $Xn,$D,$D - vpaddd $t1,$A,$A - vmovdqu 0x80-0x80($ctx),$t1 - vpand $Xn,$E,$E - vpaddd $t2,$B,$B - vmovdqu 0xa0-0x80($ctx),$t2 - vpand $Xn,$F,$F - vpaddd $t3,$C,$C - vmovdqu 0xc0-0x80($ctx),$t3 - vpand $Xn,$G,$G - vpaddd $Xi,$D,$D - vmovdqu 0xe0-0x80($ctx),$Xi - vpand $Xn,$H,$H - vpaddd $t1,$E,$E - vpaddd $t2,$F,$F - vmovdqu $A,0x00-0x80($ctx) - vpaddd $t3,$G,$G - vmovdqu $B,0x20-0x80($ctx) - vpaddd $Xi,$H,$H - vmovdqu $C,0x40-0x80($ctx) - vmovdqu $D,0x60-0x80($ctx) - vmovdqu $E,0x80-0x80($ctx) - vmovdqu $F,0xa0-0x80($ctx) - vmovdqu $G,0xc0-0x80($ctx) - vmovdqu $H,0xe0-0x80($ctx) - - vmovdqu $sigma,(%rbx) # save counters - lea 256+128(%rsp),%rbx - vmovdqu .Lpbswap(%rip),$Xn - dec $num - jnz .Loop_avx2 - - #mov `$REG_SZ*17+8`(%rsp),$num - #lea $REG_SZ($ctx),$ctx - #lea `$inp_elm_size*$REG_SZ/4`($inp),$inp - #dec $num - #jnz .Loop_grande_avx2 - -.Ldone_avx2: - mov `$REG_SZ*17`(%rsp),%rax # original %rsp -.cfi_def_cfa %rax,8 - vzeroupper -___ -$code.=<<___ if ($win64); - movaps -0xd8(%rax),%xmm6 - movaps -0xc8(%rax),%xmm7 - movaps -0xb8(%rax),%xmm8 - movaps -0xa8(%rax),%xmm9 - movaps -0x98(%rax),%xmm10 - movaps -0x88(%rax),%xmm11 - movaps -0x78(%rax),%xmm12 - movaps -0x68(%rax),%xmm13 - movaps -0x58(%rax),%xmm14 - movaps -0x48(%rax),%xmm15 -___ -$code.=<<___; - mov -48(%rax),%r15 -.cfi_restore %r15 - mov -40(%rax),%r14 -.cfi_restore %r14 - mov -32(%rax),%r13 -.cfi_restore %r13 - mov -24(%rax),%r12 -.cfi_restore %r12 - mov -16(%rax),%rbp -.cfi_restore %rbp - mov -8(%rax),%rbx -.cfi_restore %rbx - lea (%rax),%rsp -.cfi_def_cfa_register %rsp -.Lepilogue_avx2: - ret -.cfi_endproc -.size sha256_multi_block_avx2,.-sha256_multi_block_avx2 -___ - } }}} -$code.=<<___; -.align 256 -K256: -___ -sub TABLE { - foreach (@_) { - $code.=<<___; - .long $_,$_,$_,$_ - .long $_,$_,$_,$_ -___ - } -} -&TABLE( 0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5, - 0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5, - 0xd807aa98,0x12835b01,0x243185be,0x550c7dc3, - 0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174, - 0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc, - 0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da, - 0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7, - 0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967, - 0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13, - 0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85, - 0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3, - 0xd192e819,0xd6990624,0xf40e3585,0x106aa070, - 0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5, - 0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3, - 0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208, - 0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2 ); -$code.=<<___; -.Lpbswap: - .long 0x00010203,0x04050607,0x08090a0b,0x0c0d0e0f # pbswap - .long 0x00010203,0x04050607,0x08090a0b,0x0c0d0e0f # pbswap -K256_shaext: - .long 0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5 - .long 0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5 - .long 0xd807aa98,0x12835b01,0x243185be,0x550c7dc3 - .long 0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174 - .long 0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc - .long 0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da - .long 0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7 - .long 0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967 - .long 0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13 - .long 0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85 - .long 0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3 - .long 0xd192e819,0xd6990624,0xf40e3585,0x106aa070 - .long 0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5 - .long 0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3 - .long 0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208 - .long 0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2 - .asciz "SHA256 multi-block transform for x86_64, CRYPTOGAMS by " -___ - -if ($win64) { -# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame, -# CONTEXT *context,DISPATCHER_CONTEXT *disp) -$rec="%rcx"; -$frame="%rdx"; -$context="%r8"; -$disp="%r9"; - -$code.=<<___; -.extern __imp_RtlVirtualUnwind -.type se_handler,\@abi-omnipotent -.align 16 -se_handler: - push %rsi - push %rdi - push %rbx - push %rbp - push %r12 - push %r13 - push %r14 - push %r15 - pushfq - sub \$64,%rsp - - mov 120($context),%rax # pull context->Rax - mov 248($context),%rbx # pull context->Rip - - mov 8($disp),%rsi # disp->ImageBase - mov 56($disp),%r11 # disp->HandlerData - - mov 0(%r11),%r10d # HandlerData[0] - lea (%rsi,%r10),%r10 # end of prologue label - cmp %r10,%rbx # context->Rip<.Lbody - jb .Lin_prologue - - mov 152($context),%rax # pull context->Rsp - - mov 4(%r11),%r10d # HandlerData[1] - lea (%rsi,%r10),%r10 # epilogue label - cmp %r10,%rbx # context->Rip>=.Lepilogue - jae .Lin_prologue - - mov `16*17`(%rax),%rax # pull saved stack pointer - - mov -8(%rax),%rbx - mov -16(%rax),%rbp - mov %rbx,144($context) # restore context->Rbx - mov %rbp,160($context) # restore context->Rbp - - lea -24-10*16(%rax),%rsi - lea 512($context),%rdi # &context.Xmm6 - mov \$20,%ecx - .long 0xa548f3fc # cld; rep movsq - -.Lin_prologue: - mov 8(%rax),%rdi - mov 16(%rax),%rsi - mov %rax,152($context) # restore context->Rsp - mov %rsi,168($context) # restore context->Rsi - mov %rdi,176($context) # restore context->Rdi - - mov 40($disp),%rdi # disp->ContextRecord - mov $context,%rsi # context - mov \$154,%ecx # sizeof(CONTEXT) - .long 0xa548f3fc # cld; rep movsq - - mov $disp,%rsi - xor %rcx,%rcx # arg1, UNW_FLAG_NHANDLER - mov 8(%rsi),%rdx # arg2, disp->ImageBase - mov 0(%rsi),%r8 # arg3, disp->ControlPc - mov 16(%rsi),%r9 # arg4, disp->FunctionEntry - mov 40(%rsi),%r10 # disp->ContextRecord - lea 56(%rsi),%r11 # &disp->HandlerData - lea 24(%rsi),%r12 # &disp->EstablisherFrame - mov %r10,32(%rsp) # arg5 - mov %r11,40(%rsp) # arg6 - mov %r12,48(%rsp) # arg7 - mov %rcx,56(%rsp) # arg8, (NULL) - call *__imp_RtlVirtualUnwind(%rip) - - mov \$1,%eax # ExceptionContinueSearch - add \$64,%rsp - popfq - pop %r15 - pop %r14 - pop %r13 - pop %r12 - pop %rbp - pop %rbx - pop %rdi - pop %rsi - ret -.size se_handler,.-se_handler -___ -$code.=<<___ if ($avx>1); -.type avx2_handler,\@abi-omnipotent -.align 16 -avx2_handler: - push %rsi - push %rdi - push %rbx - push %rbp - push %r12 - push %r13 - push %r14 - push %r15 - pushfq - sub \$64,%rsp - - mov 120($context),%rax # pull context->Rax - mov 248($context),%rbx # pull context->Rip - - mov 8($disp),%rsi # disp->ImageBase - mov 56($disp),%r11 # disp->HandlerData - - mov 0(%r11),%r10d # HandlerData[0] - lea (%rsi,%r10),%r10 # end of prologue label - cmp %r10,%rbx # context->RipRsp - - mov 4(%r11),%r10d # HandlerData[1] - lea (%rsi,%r10),%r10 # epilogue label - cmp %r10,%rbx # context->Rip>=epilogue label - jae .Lin_prologue - - mov `32*17`($context),%rax # pull saved stack pointer - - mov -8(%rax),%rbx - mov -16(%rax),%rbp - mov -24(%rax),%r12 - mov -32(%rax),%r13 - mov -40(%rax),%r14 - mov -48(%rax),%r15 - mov %rbx,144($context) # restore context->Rbx - mov %rbp,160($context) # restore context->Rbp - mov %r12,216($context) # restore context->R12 - mov %r13,224($context) # restore context->R13 - mov %r14,232($context) # restore context->R14 - mov %r15,240($context) # restore context->R15 - - lea -56-10*16(%rax),%rsi - lea 512($context),%rdi # &context.Xmm6 - mov \$20,%ecx - .long 0xa548f3fc # cld; rep movsq - - jmp .Lin_prologue -.size avx2_handler,.-avx2_handler -___ -$code.=<<___; -.section .pdata -.align 4 - .rva .LSEH_begin_sha256_multi_block - .rva .LSEH_end_sha256_multi_block - .rva .LSEH_info_sha256_multi_block - .rva .LSEH_begin_sha256_multi_block_shaext - .rva .LSEH_end_sha256_multi_block_shaext - .rva .LSEH_info_sha256_multi_block_shaext -___ -$code.=<<___ if ($avx); - .rva .LSEH_begin_sha256_multi_block_avx - .rva .LSEH_end_sha256_multi_block_avx - .rva .LSEH_info_sha256_multi_block_avx -___ -$code.=<<___ if ($avx>1); - .rva .LSEH_begin_sha256_multi_block_avx2 - .rva .LSEH_end_sha256_multi_block_avx2 - .rva .LSEH_info_sha256_multi_block_avx2 -___ -$code.=<<___; -.section .xdata -.align 8 -.LSEH_info_sha256_multi_block: - .byte 9,0,0,0 - .rva se_handler - .rva .Lbody,.Lepilogue # HandlerData[] -.LSEH_info_sha256_multi_block_shaext: - .byte 9,0,0,0 - .rva se_handler - .rva .Lbody_shaext,.Lepilogue_shaext # HandlerData[] -___ -$code.=<<___ if ($avx); -.LSEH_info_sha256_multi_block_avx: - .byte 9,0,0,0 - .rva se_handler - .rva .Lbody_avx,.Lepilogue_avx # HandlerData[] -___ -$code.=<<___ if ($avx>1); -.LSEH_info_sha256_multi_block_avx2: - .byte 9,0,0,0 - .rva avx2_handler - .rva .Lbody_avx2,.Lepilogue_avx2 # HandlerData[] -___ -} -#################################################################### - -sub rex { - local *opcode=shift; - my ($dst,$src)=@_; - my $rex=0; - - $rex|=0x04 if ($dst>=8); - $rex|=0x01 if ($src>=8); - unshift @opcode,$rex|0x40 if ($rex); -} - -sub sha256op38 { - my $instr = shift; - my %opcodelet = ( - "sha256rnds2" => 0xcb, - "sha256msg1" => 0xcc, - "sha256msg2" => 0xcd ); - - if (defined($opcodelet{$instr}) && @_[0] =~ /%xmm([0-9]+),\s*%xmm([0-9]+)/) { - my @opcode=(0x0f,0x38); - rex(\@opcode,$2,$1); - push @opcode,$opcodelet{$instr}; - push @opcode,0xc0|($1&7)|(($2&7)<<3); # ModR/M - return ".byte\t".join(',',@opcode); - } else { - return $instr."\t".@_[0]; - } -} - -foreach (split("\n",$code)) { - s/\`([^\`]*)\`/eval($1)/ge; - - s/\b(sha256[^\s]*)\s+(.*)/sha256op38($1,$2)/geo or - - s/\b(vmov[dq])\b(.+)%ymm([0-9]+)/$1$2%xmm$3/go or - s/\b(vmovdqu)\b(.+)%x%ymm([0-9]+)/$1$2%xmm$3/go or - s/\b(vpinsr[qd])\b(.+)%ymm([0-9]+),%ymm([0-9]+)/$1$2%xmm$3,%xmm$4/go or - s/\b(vpextr[qd])\b(.+)%ymm([0-9]+)/$1$2%xmm$3/go or - s/\b(vinserti128)\b(\s+)%ymm/$1$2\$1,%xmm/go or - s/\b(vpbroadcast[qd]\s+)%ymm([0-9]+)/$1%xmm$2/go; - - print $_,"\n"; -} - -close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/sha/asm/sha512-586.pl b/crypto/sha/asm/sha512-586.pl deleted file mode 100644 index c25e773b0aa37e4ac2dc55a71740f0836b577ecd..0000000000000000000000000000000000000000 --- a/crypto/sha/asm/sha512-586.pl +++ /dev/null @@ -1,924 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - -# -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# ==================================================================== -# -# SHA512 block transform for x86. September 2007. -# -# May 2013. -# -# Add SSSE3 code path, 20-25% improvement [over original SSE2 code]. -# -# Performance in clock cycles per processed byte (less is better): -# -# gcc icc x86 asm SIMD(*) x86_64(**) -# Pentium 100 97 61 - - -# PIII 75 77 56 - - -# P4 116 95 82 34.6 30.8 -# AMD K8 54 55 36 20.7 9.57 -# Core2 66 57 40 15.9 9.97 -# Westmere 70 - 38 12.2 9.58 -# Sandy Bridge 58 - 35 11.9 11.2 -# Ivy Bridge 50 - 33 11.5 8.17 -# Haswell 46 - 29 11.3 7.66 -# Skylake 40 - 26 13.3 7.25 -# Bulldozer 121 - 50 14.0 13.5 -# VIA Nano 91 - 52 33 14.7 -# Atom 126 - 68 48(***) 14.7 -# Silvermont 97 - 58 42(***) 17.5 -# Goldmont 80 - 48 19.5 12.0 -# -# (*) whichever best applicable. -# (**) x86_64 assembler performance is presented for reference -# purposes, the results are for integer-only code. -# (***) paddq is incredibly slow on Atom. -# -# IALU code-path is optimized for elder Pentiums. On vanilla Pentium -# performance improvement over compiler generated code reaches ~60%, -# while on PIII - ~35%. On newer µ-archs improvement varies from 15% -# to 50%, but it's less important as they are expected to execute SSE2 -# code-path, which is commonly ~2-3x faster [than compiler generated -# code]. SSE2 code-path is as fast as original sha512-sse2.pl, even -# though it does not use 128-bit operations. The latter means that -# SSE2-aware kernel is no longer required to execute the code. Another -# difference is that new code optimizes amount of writes, but at the -# cost of increased data cache "footprint" by 1/2KB. - -$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; -push(@INC,"${dir}","${dir}../../perlasm"); -require "x86asm.pl"; - -$output=pop and open STDOUT,">$output"; - -&asm_init($ARGV[0],$ARGV[$#ARGV] eq "386"); - -$sse2=0; -for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); } - -&external_label("OPENSSL_ia32cap_P") if ($sse2); - -$Tlo=&DWP(0,"esp"); $Thi=&DWP(4,"esp"); -$Alo=&DWP(8,"esp"); $Ahi=&DWP(8+4,"esp"); -$Blo=&DWP(16,"esp"); $Bhi=&DWP(16+4,"esp"); -$Clo=&DWP(24,"esp"); $Chi=&DWP(24+4,"esp"); -$Dlo=&DWP(32,"esp"); $Dhi=&DWP(32+4,"esp"); -$Elo=&DWP(40,"esp"); $Ehi=&DWP(40+4,"esp"); -$Flo=&DWP(48,"esp"); $Fhi=&DWP(48+4,"esp"); -$Glo=&DWP(56,"esp"); $Ghi=&DWP(56+4,"esp"); -$Hlo=&DWP(64,"esp"); $Hhi=&DWP(64+4,"esp"); -$K512="ebp"; - -$Asse2=&QWP(0,"esp"); -$Bsse2=&QWP(8,"esp"); -$Csse2=&QWP(16,"esp"); -$Dsse2=&QWP(24,"esp"); -$Esse2=&QWP(32,"esp"); -$Fsse2=&QWP(40,"esp"); -$Gsse2=&QWP(48,"esp"); -$Hsse2=&QWP(56,"esp"); - -$A="mm0"; # B-D and -$E="mm4"; # F-H are commonly loaded to respectively mm1-mm3 and - # mm5-mm7, but it's done on on-demand basis... -$BxC="mm2"; # ... except for B^C - -sub BODY_00_15_sse2 { - my $phase=shift; - - #&movq ("mm5",$Fsse2); # load f - #&movq ("mm6",$Gsse2); # load g - - &movq ("mm1",$E); # %mm1 is sliding right - &pxor ("mm5","mm6"); # f^=g - &psrlq ("mm1",14); - &movq ($Esse2,$E); # modulo-scheduled save e - &pand ("mm5",$E); # f&=e - &psllq ($E,23); # $E is sliding left - &movq ($A,"mm3") if ($phase<2); - &movq (&QWP(8*9,"esp"),"mm7") # save X[i] - &movq ("mm3","mm1"); # %mm3 is T1 - &psrlq ("mm1",4); - &pxor ("mm5","mm6"); # Ch(e,f,g) - &pxor ("mm3",$E); - &psllq ($E,23); - &pxor ("mm3","mm1"); - &movq ($Asse2,$A); # modulo-scheduled save a - &paddq ("mm7","mm5"); # X[i]+=Ch(e,f,g) - &pxor ("mm3",$E); - &psrlq ("mm1",23); - &paddq ("mm7",$Hsse2); # X[i]+=h - &pxor ("mm3","mm1"); - &psllq ($E,4); - &paddq ("mm7",QWP(0,$K512)); # X[i]+=K512[i] - &pxor ("mm3",$E); # T1=Sigma1_512(e) - - &movq ($E,$Dsse2); # e = load d, e in next round - &paddq ("mm3","mm7"); # T1+=X[i] - &movq ("mm5",$A); # %mm5 is sliding right - &psrlq ("mm5",28); - &paddq ($E,"mm3"); # d += T1 - &movq ("mm6",$A); # %mm6 is sliding left - &movq ("mm7","mm5"); - &psllq ("mm6",25); - &movq ("mm1",$Bsse2); # load b - &psrlq ("mm5",6); - &pxor ("mm7","mm6"); - &sub ("esp",8); - &psllq ("mm6",5); - &pxor ("mm7","mm5"); - &pxor ($A,"mm1"); # a^b, b^c in next round - &psrlq ("mm5",5); - &pxor ("mm7","mm6"); - &pand ($BxC,$A); # (b^c)&(a^b) - &psllq ("mm6",6); - &pxor ("mm7","mm5"); - &pxor ($BxC,"mm1"); # [h=]Maj(a,b,c) - &pxor ("mm6","mm7"); # Sigma0_512(a) - &movq ("mm7",&QWP(8*(9+16-1),"esp")) if ($phase!=0); # pre-fetch - &movq ("mm5",$Fsse2) if ($phase==0); # load f - - if ($phase>1) { - &paddq ($BxC,"mm6"); # h+=Sigma0(a) - &add ($K512,8); - #&paddq ($BxC,"mm3"); # h+=T1 - - ($A,$BxC) = ($BxC,$A); # rotate registers - } else { - &paddq ("mm3",$BxC); # T1+=Maj(a,b,c) - &movq ($BxC,$A); - &add ($K512,8); - &paddq ("mm3","mm6"); # T1+=Sigma0(a) - &movq ("mm6",$Gsse2) if ($phase==0); # load g - #&movq ($A,"mm3"); # h=T1 - } -} - -sub BODY_00_15_x86 { - #define Sigma1(x) (ROTR((x),14) ^ ROTR((x),18) ^ ROTR((x),41)) - # LO lo>>14^hi<<18 ^ lo>>18^hi<<14 ^ hi>>9^lo<<23 - # HI hi>>14^lo<<18 ^ hi>>18^lo<<14 ^ lo>>9^hi<<23 - &mov ("ecx",$Elo); - &mov ("edx",$Ehi); - &mov ("esi","ecx"); - - &shr ("ecx",9); # lo>>9 - &mov ("edi","edx"); - &shr ("edx",9); # hi>>9 - &mov ("ebx","ecx"); - &shl ("esi",14); # lo<<14 - &mov ("eax","edx"); - &shl ("edi",14); # hi<<14 - &xor ("ebx","esi"); - - &shr ("ecx",14-9); # lo>>14 - &xor ("eax","edi"); - &shr ("edx",14-9); # hi>>14 - &xor ("eax","ecx"); - &shl ("esi",18-14); # lo<<18 - &xor ("ebx","edx"); - &shl ("edi",18-14); # hi<<18 - &xor ("ebx","esi"); - - &shr ("ecx",18-14); # lo>>18 - &xor ("eax","edi"); - &shr ("edx",18-14); # hi>>18 - &xor ("eax","ecx"); - &shl ("esi",23-18); # lo<<23 - &xor ("ebx","edx"); - &shl ("edi",23-18); # hi<<23 - &xor ("eax","esi"); - &xor ("ebx","edi"); # T1 = Sigma1(e) - - &mov ("ecx",$Flo); - &mov ("edx",$Fhi); - &mov ("esi",$Glo); - &mov ("edi",$Ghi); - &add ("eax",$Hlo); - &adc ("ebx",$Hhi); # T1 += h - &xor ("ecx","esi"); - &xor ("edx","edi"); - &and ("ecx",$Elo); - &and ("edx",$Ehi); - &add ("eax",&DWP(8*(9+15)+0,"esp")); - &adc ("ebx",&DWP(8*(9+15)+4,"esp")); # T1 += X[0] - &xor ("ecx","esi"); - &xor ("edx","edi"); # Ch(e,f,g) = (f^g)&e)^g - - &mov ("esi",&DWP(0,$K512)); - &mov ("edi",&DWP(4,$K512)); # K[i] - &add ("eax","ecx"); - &adc ("ebx","edx"); # T1 += Ch(e,f,g) - &mov ("ecx",$Dlo); - &mov ("edx",$Dhi); - &add ("eax","esi"); - &adc ("ebx","edi"); # T1 += K[i] - &mov ($Tlo,"eax"); - &mov ($Thi,"ebx"); # put T1 away - &add ("eax","ecx"); - &adc ("ebx","edx"); # d += T1 - - #define Sigma0(x) (ROTR((x),28) ^ ROTR((x),34) ^ ROTR((x),39)) - # LO lo>>28^hi<<4 ^ hi>>2^lo<<30 ^ hi>>7^lo<<25 - # HI hi>>28^lo<<4 ^ lo>>2^hi<<30 ^ lo>>7^hi<<25 - &mov ("ecx",$Alo); - &mov ("edx",$Ahi); - &mov ($Dlo,"eax"); - &mov ($Dhi,"ebx"); - &mov ("esi","ecx"); - - &shr ("ecx",2); # lo>>2 - &mov ("edi","edx"); - &shr ("edx",2); # hi>>2 - &mov ("ebx","ecx"); - &shl ("esi",4); # lo<<4 - &mov ("eax","edx"); - &shl ("edi",4); # hi<<4 - &xor ("ebx","esi"); - - &shr ("ecx",7-2); # lo>>7 - &xor ("eax","edi"); - &shr ("edx",7-2); # hi>>7 - &xor ("ebx","ecx"); - &shl ("esi",25-4); # lo<<25 - &xor ("eax","edx"); - &shl ("edi",25-4); # hi<<25 - &xor ("eax","esi"); - - &shr ("ecx",28-7); # lo>>28 - &xor ("ebx","edi"); - &shr ("edx",28-7); # hi>>28 - &xor ("eax","ecx"); - &shl ("esi",30-25); # lo<<30 - &xor ("ebx","edx"); - &shl ("edi",30-25); # hi<<30 - &xor ("eax","esi"); - &xor ("ebx","edi"); # Sigma0(a) - - &mov ("ecx",$Alo); - &mov ("edx",$Ahi); - &mov ("esi",$Blo); - &mov ("edi",$Bhi); - &add ("eax",$Tlo); - &adc ("ebx",$Thi); # T1 = Sigma0(a)+T1 - &or ("ecx","esi"); - &or ("edx","edi"); - &and ("ecx",$Clo); - &and ("edx",$Chi); - &and ("esi",$Alo); - &and ("edi",$Ahi); - &or ("ecx","esi"); - &or ("edx","edi"); # Maj(a,b,c) = ((a|b)&c)|(a&b) - - &add ("eax","ecx"); - &adc ("ebx","edx"); # T1 += Maj(a,b,c) - &mov ($Tlo,"eax"); - &mov ($Thi,"ebx"); - - &mov (&LB("edx"),&BP(0,$K512)); # pre-fetch LSB of *K - &sub ("esp",8); - &lea ($K512,&DWP(8,$K512)); # K++ -} - - -&function_begin("sha512_block_data_order"); - &mov ("esi",wparam(0)); # ctx - &mov ("edi",wparam(1)); # inp - &mov ("eax",wparam(2)); # num - &mov ("ebx","esp"); # saved sp - - &call (&label("pic_point")); # make it PIC! -&set_label("pic_point"); - &blindpop($K512); - &lea ($K512,&DWP(&label("K512")."-".&label("pic_point"),$K512)); - - &sub ("esp",16); - &and ("esp",-64); - - &shl ("eax",7); - &add ("eax","edi"); - &mov (&DWP(0,"esp"),"esi"); # ctx - &mov (&DWP(4,"esp"),"edi"); # inp - &mov (&DWP(8,"esp"),"eax"); # inp+num*128 - &mov (&DWP(12,"esp"),"ebx"); # saved sp - -if ($sse2) { - &picmeup("edx","OPENSSL_ia32cap_P",$K512,&label("K512")); - &mov ("ecx",&DWP(0,"edx")); - &test ("ecx",1<<26); - &jz (&label("loop_x86")); - - &mov ("edx",&DWP(4,"edx")); - - # load ctx->h[0-7] - &movq ($A,&QWP(0,"esi")); - &and ("ecx",1<<24); # XMM registers availability - &movq ("mm1",&QWP(8,"esi")); - &and ("edx",1<<9); # SSSE3 bit - &movq ($BxC,&QWP(16,"esi")); - &or ("ecx","edx"); - &movq ("mm3",&QWP(24,"esi")); - &movq ($E,&QWP(32,"esi")); - &movq ("mm5",&QWP(40,"esi")); - &movq ("mm6",&QWP(48,"esi")); - &movq ("mm7",&QWP(56,"esi")); - &cmp ("ecx",1<<24|1<<9); - &je (&label("SSSE3")); - &sub ("esp",8*10); - &jmp (&label("loop_sse2")); - -&set_label("loop_sse2",16); - #&movq ($Asse2,$A); - &movq ($Bsse2,"mm1"); - &movq ($Csse2,$BxC); - &movq ($Dsse2,"mm3"); - #&movq ($Esse2,$E); - &movq ($Fsse2,"mm5"); - &movq ($Gsse2,"mm6"); - &pxor ($BxC,"mm1"); # magic - &movq ($Hsse2,"mm7"); - &movq ("mm3",$A); # magic - - &mov ("eax",&DWP(0,"edi")); - &mov ("ebx",&DWP(4,"edi")); - &add ("edi",8); - &mov ("edx",15); # counter - &bswap ("eax"); - &bswap ("ebx"); - &jmp (&label("00_14_sse2")); - -&set_label("00_14_sse2",16); - &movd ("mm1","eax"); - &mov ("eax",&DWP(0,"edi")); - &movd ("mm7","ebx"); - &mov ("ebx",&DWP(4,"edi")); - &add ("edi",8); - &bswap ("eax"); - &bswap ("ebx"); - &punpckldq("mm7","mm1"); - - &BODY_00_15_sse2(); - - &dec ("edx"); - &jnz (&label("00_14_sse2")); - - &movd ("mm1","eax"); - &movd ("mm7","ebx"); - &punpckldq("mm7","mm1"); - - &BODY_00_15_sse2(1); - - &pxor ($A,$A); # A is in %mm3 - &mov ("edx",32); # counter - &jmp (&label("16_79_sse2")); - -&set_label("16_79_sse2",16); - for ($j=0;$j<2;$j++) { # 2x unroll - #&movq ("mm7",&QWP(8*(9+16-1),"esp")); # prefetched in BODY_00_15 - &movq ("mm5",&QWP(8*(9+16-14),"esp")); - &movq ("mm1","mm7"); - &psrlq ("mm7",1); - &movq ("mm6","mm5"); - &psrlq ("mm5",6); - &psllq ("mm1",56); - &paddq ($A,"mm3"); # from BODY_00_15 - &movq ("mm3","mm7"); - &psrlq ("mm7",7-1); - &pxor ("mm3","mm1"); - &psllq ("mm1",63-56); - &pxor ("mm3","mm7"); - &psrlq ("mm7",8-7); - &pxor ("mm3","mm1"); - &movq ("mm1","mm5"); - &psrlq ("mm5",19-6); - &pxor ("mm7","mm3"); # sigma0 - - &psllq ("mm6",3); - &pxor ("mm1","mm5"); - &paddq ("mm7",&QWP(8*(9+16),"esp")); - &pxor ("mm1","mm6"); - &psrlq ("mm5",61-19); - &paddq ("mm7",&QWP(8*(9+16-9),"esp")); - &pxor ("mm1","mm5"); - &psllq ("mm6",45-3); - &movq ("mm5",$Fsse2); # load f - &pxor ("mm1","mm6"); # sigma1 - &movq ("mm6",$Gsse2); # load g - - &paddq ("mm7","mm1"); # X[i] - #&movq (&QWP(8*9,"esp"),"mm7"); # moved to BODY_00_15 - - &BODY_00_15_sse2(2); - } - &dec ("edx"); - &jnz (&label("16_79_sse2")); - - #&movq ($A,$Asse2); - &paddq ($A,"mm3"); # from BODY_00_15 - &movq ("mm1",$Bsse2); - #&movq ($BxC,$Csse2); - &movq ("mm3",$Dsse2); - #&movq ($E,$Esse2); - &movq ("mm5",$Fsse2); - &movq ("mm6",$Gsse2); - &movq ("mm7",$Hsse2); - - &pxor ($BxC,"mm1"); # de-magic - &paddq ($A,&QWP(0,"esi")); - &paddq ("mm1",&QWP(8,"esi")); - &paddq ($BxC,&QWP(16,"esi")); - &paddq ("mm3",&QWP(24,"esi")); - &paddq ($E,&QWP(32,"esi")); - &paddq ("mm5",&QWP(40,"esi")); - &paddq ("mm6",&QWP(48,"esi")); - &paddq ("mm7",&QWP(56,"esi")); - - &mov ("eax",8*80); - &movq (&QWP(0,"esi"),$A); - &movq (&QWP(8,"esi"),"mm1"); - &movq (&QWP(16,"esi"),$BxC); - &movq (&QWP(24,"esi"),"mm3"); - &movq (&QWP(32,"esi"),$E); - &movq (&QWP(40,"esi"),"mm5"); - &movq (&QWP(48,"esi"),"mm6"); - &movq (&QWP(56,"esi"),"mm7"); - - &lea ("esp",&DWP(0,"esp","eax")); # destroy frame - &sub ($K512,"eax"); # rewind K - - &cmp ("edi",&DWP(8*10+8,"esp")); # are we done yet? - &jb (&label("loop_sse2")); - - &mov ("esp",&DWP(8*10+12,"esp")); # restore sp - &emms (); -&function_end_A(); - -&set_label("SSSE3",32); -{ my ($cnt,$frame)=("ecx","edx"); - my @X=map("xmm$_",(0..7)); - my $j; - my $i=0; - - &lea ($frame,&DWP(-64,"esp")); - &sub ("esp",256); - - # fixed stack frame layout - # - # +0 A B C D E F G H # backing store - # +64 X[0]+K[i] .. X[15]+K[i] # XMM->MM xfer area - # +192 # XMM off-load ring buffer - # +256 # saved parameters - - &movdqa (@X[1],&QWP(80*8,$K512)); # byte swap mask - &movdqu (@X[0],&QWP(0,"edi")); - &pshufb (@X[0],@X[1]); - for ($j=0;$j<8;$j++) { - &movdqa (&QWP(16*(($j-1)%4),$frame),@X[3]) if ($j>4); # off-load - &movdqa (@X[3],&QWP(16*($j%8),$K512)); - &movdqa (@X[2],@X[1]) if ($j<7); # perpetuate byte swap mask - &movdqu (@X[1],&QWP(16*($j+1),"edi")) if ($j<7); # next input - &movdqa (@X[1],&QWP(16*(($j+1)%4),$frame)) if ($j==7);# restore @X[0] - &paddq (@X[3],@X[0]); - &pshufb (@X[1],@X[2]) if ($j<7); - &movdqa (&QWP(16*($j%8)-128,$frame),@X[3]); # xfer X[i]+K[i] - - push(@X,shift(@X)); # rotate(@X) - } - #&jmp (&label("loop_ssse3")); - &nop (); - -&set_label("loop_ssse3",32); - &movdqa (@X[2],&QWP(16*(($j+1)%4),$frame)); # pre-restore @X[1] - &movdqa (&QWP(16*(($j-1)%4),$frame),@X[3]); # off-load @X[3] - &lea ($K512,&DWP(16*8,$K512)); - - #&movq ($Asse2,$A); # off-load A-H - &movq ($Bsse2,"mm1"); - &mov ("ebx","edi"); - &movq ($Csse2,$BxC); - &lea ("edi",&DWP(128,"edi")); # advance input - &movq ($Dsse2,"mm3"); - &cmp ("edi","eax"); - #&movq ($Esse2,$E); - &movq ($Fsse2,"mm5"); - &cmovb ("ebx","edi"); - &movq ($Gsse2,"mm6"); - &mov ("ecx",4); # loop counter - &pxor ($BxC,"mm1"); # magic - &movq ($Hsse2,"mm7"); - &pxor ("mm3","mm3"); # magic - - &jmp (&label("00_47_ssse3")); - -sub BODY_00_15_ssse3 { # "phase-less" copy of BODY_00_15_sse2 - ( - '&movq ("mm1",$E)', # %mm1 is sliding right - '&movq ("mm7",&QWP(((-8*$i)%128)-128,$frame))',# X[i]+K[i] - '&pxor ("mm5","mm6")', # f^=g - '&psrlq ("mm1",14)', - '&movq (&QWP(8*($i+4)%64,"esp"),$E)', # modulo-scheduled save e - '&pand ("mm5",$E)', # f&=e - '&psllq ($E,23)', # $E is sliding left - '&paddq ($A,"mm3")', # [h+=Maj(a,b,c)] - '&movq ("mm3","mm1")', # %mm3 is T1 - '&psrlq("mm1",4)', - '&pxor ("mm5","mm6")', # Ch(e,f,g) - '&pxor ("mm3",$E)', - '&psllq($E,23)', - '&pxor ("mm3","mm1")', - '&movq (&QWP(8*$i%64,"esp"),$A)', # modulo-scheduled save a - '&paddq("mm7","mm5")', # X[i]+=Ch(e,f,g) - '&pxor ("mm3",$E)', - '&psrlq("mm1",23)', - '&paddq("mm7",&QWP(8*($i+7)%64,"esp"))', # X[i]+=h - '&pxor ("mm3","mm1")', - '&psllq($E,4)', - '&pxor ("mm3",$E)', # T1=Sigma1_512(e) - - '&movq ($E,&QWP(8*($i+3)%64,"esp"))', # e = load d, e in next round - '&paddq ("mm3","mm7")', # T1+=X[i] - '&movq ("mm5",$A)', # %mm5 is sliding right - '&psrlq("mm5",28)', - '&paddq ($E,"mm3")', # d += T1 - '&movq ("mm6",$A)', # %mm6 is sliding left - '&movq ("mm7","mm5")', - '&psllq("mm6",25)', - '&movq ("mm1",&QWP(8*($i+1)%64,"esp"))', # load b - '&psrlq("mm5",6)', - '&pxor ("mm7","mm6")', - '&psllq("mm6",5)', - '&pxor ("mm7","mm5")', - '&pxor ($A,"mm1")', # a^b, b^c in next round - '&psrlq("mm5",5)', - '&pxor ("mm7","mm6")', - '&pand ($BxC,$A)', # (b^c)&(a^b) - '&psllq("mm6",6)', - '&pxor ("mm7","mm5")', - '&pxor ($BxC,"mm1")', # [h=]Maj(a,b,c) - '&pxor ("mm6","mm7")', # Sigma0_512(a) - '&movq ("mm5",&QWP(8*($i+5-1)%64,"esp"))', # pre-load f - '&paddq ($BxC,"mm6")', # h+=Sigma0(a) - '&movq ("mm6",&QWP(8*($i+6-1)%64,"esp"))', # pre-load g - - '($A,$BxC) = ($BxC,$A); $i--;' - ); -} - -&set_label("00_47_ssse3",32); - - for(;$j<16;$j++) { - my ($t0,$t2,$t1)=@X[2..4]; - my @insns = (&BODY_00_15_ssse3(),&BODY_00_15_ssse3()); - - &movdqa ($t2,@X[5]); - &movdqa (@X[1],$t0); # restore @X[1] - &palignr ($t0,@X[0],8); # X[1..2] - &movdqa (&QWP(16*($j%4),$frame),@X[4]); # off-load @X[4] - &palignr ($t2,@X[4],8); # X[9..10] - - &movdqa ($t1,$t0); - &psrlq ($t0,7); - &paddq (@X[0],$t2); # X[0..1] += X[9..10] - &movdqa ($t2,$t1); - &psrlq ($t1,1); - &psllq ($t2,64-8); - &pxor ($t0,$t1); - &psrlq ($t1,8-1); - &pxor ($t0,$t2); - &psllq ($t2,8-1); - &pxor ($t0,$t1); - &movdqa ($t1,@X[7]); - &pxor ($t0,$t2); # sigma0(X[1..2]) - &movdqa ($t2,@X[7]); - &psrlq ($t1,6); - &paddq (@X[0],$t0); # X[0..1] += sigma0(X[1..2]) - - &movdqa ($t0,@X[7]); - &psrlq ($t2,19); - &psllq ($t0,64-61); - &pxor ($t1,$t2); - &psrlq ($t2,61-19); - &pxor ($t1,$t0); - &psllq ($t0,61-19); - &pxor ($t1,$t2); - &movdqa ($t2,&QWP(16*(($j+2)%4),$frame));# pre-restore @X[1] - &pxor ($t1,$t0); # sigma0(X[1..2]) - &movdqa ($t0,&QWP(16*($j%8),$K512)); - eval(shift(@insns)); - &paddq (@X[0],$t1); # X[0..1] += sigma0(X[14..15]) - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - &paddq ($t0,@X[0]); - foreach(@insns) { eval; } - &movdqa (&QWP(16*($j%8)-128,$frame),$t0);# xfer X[i]+K[i] - - push(@X,shift(@X)); # rotate(@X) - } - &lea ($K512,&DWP(16*8,$K512)); - &dec ("ecx"); - &jnz (&label("00_47_ssse3")); - - &movdqa (@X[1],&QWP(0,$K512)); # byte swap mask - &lea ($K512,&DWP(-80*8,$K512)); # rewind - &movdqu (@X[0],&QWP(0,"ebx")); - &pshufb (@X[0],@X[1]); - - for ($j=0;$j<8;$j++) { # load next or same block - my @insns = (&BODY_00_15_ssse3(),&BODY_00_15_ssse3()); - - &movdqa (&QWP(16*(($j-1)%4),$frame),@X[3]) if ($j>4); # off-load - &movdqa (@X[3],&QWP(16*($j%8),$K512)); - &movdqa (@X[2],@X[1]) if ($j<7); # perpetuate byte swap mask - &movdqu (@X[1],&QWP(16*($j+1),"ebx")) if ($j<7); # next input - &movdqa (@X[1],&QWP(16*(($j+1)%4),$frame)) if ($j==7);# restore @X[0] - &paddq (@X[3],@X[0]); - &pshufb (@X[1],@X[2]) if ($j<7); - foreach(@insns) { eval; } - &movdqa (&QWP(16*($j%8)-128,$frame),@X[3]);# xfer X[i]+K[i] - - push(@X,shift(@X)); # rotate(@X) - } - - #&movq ($A,$Asse2); # load A-H - &movq ("mm1",$Bsse2); - &paddq ($A,"mm3"); # from BODY_00_15 - #&movq ($BxC,$Csse2); - &movq ("mm3",$Dsse2); - #&movq ($E,$Esse2); - #&movq ("mm5",$Fsse2); - #&movq ("mm6",$Gsse2); - &movq ("mm7",$Hsse2); - - &pxor ($BxC,"mm1"); # de-magic - &paddq ($A,&QWP(0,"esi")); - &paddq ("mm1",&QWP(8,"esi")); - &paddq ($BxC,&QWP(16,"esi")); - &paddq ("mm3",&QWP(24,"esi")); - &paddq ($E,&QWP(32,"esi")); - &paddq ("mm5",&QWP(40,"esi")); - &paddq ("mm6",&QWP(48,"esi")); - &paddq ("mm7",&QWP(56,"esi")); - - &movq (&QWP(0,"esi"),$A); - &movq (&QWP(8,"esi"),"mm1"); - &movq (&QWP(16,"esi"),$BxC); - &movq (&QWP(24,"esi"),"mm3"); - &movq (&QWP(32,"esi"),$E); - &movq (&QWP(40,"esi"),"mm5"); - &movq (&QWP(48,"esi"),"mm6"); - &movq (&QWP(56,"esi"),"mm7"); - - &cmp ("edi","eax") # are we done yet? - &jb (&label("loop_ssse3")); - - &mov ("esp",&DWP(64+12,$frame)); # restore sp - &emms (); -} -&function_end_A(); -} -&set_label("loop_x86",16); - # copy input block to stack reversing byte and qword order - for ($i=0;$i<8;$i++) { - &mov ("eax",&DWP($i*16+0,"edi")); - &mov ("ebx",&DWP($i*16+4,"edi")); - &mov ("ecx",&DWP($i*16+8,"edi")); - &mov ("edx",&DWP($i*16+12,"edi")); - &bswap ("eax"); - &bswap ("ebx"); - &bswap ("ecx"); - &bswap ("edx"); - &push ("eax"); - &push ("ebx"); - &push ("ecx"); - &push ("edx"); - } - &add ("edi",128); - &sub ("esp",9*8); # place for T,A,B,C,D,E,F,G,H - &mov (&DWP(8*(9+16)+4,"esp"),"edi"); - - # copy ctx->h[0-7] to A,B,C,D,E,F,G,H on stack - &lea ("edi",&DWP(8,"esp")); - &mov ("ecx",16); - &data_word(0xA5F3F689); # rep movsd - -&set_label("00_15_x86",16); - &BODY_00_15_x86(); - - &cmp (&LB("edx"),0x94); - &jne (&label("00_15_x86")); - -&set_label("16_79_x86",16); - #define sigma0(x) (ROTR((x),1) ^ ROTR((x),8) ^ ((x)>>7)) - # LO lo>>1^hi<<31 ^ lo>>8^hi<<24 ^ lo>>7^hi<<25 - # HI hi>>1^lo<<31 ^ hi>>8^lo<<24 ^ hi>>7 - &mov ("ecx",&DWP(8*(9+15+16-1)+0,"esp")); - &mov ("edx",&DWP(8*(9+15+16-1)+4,"esp")); - &mov ("esi","ecx"); - - &shr ("ecx",1); # lo>>1 - &mov ("edi","edx"); - &shr ("edx",1); # hi>>1 - &mov ("eax","ecx"); - &shl ("esi",24); # lo<<24 - &mov ("ebx","edx"); - &shl ("edi",24); # hi<<24 - &xor ("ebx","esi"); - - &shr ("ecx",7-1); # lo>>7 - &xor ("eax","edi"); - &shr ("edx",7-1); # hi>>7 - &xor ("eax","ecx"); - &shl ("esi",31-24); # lo<<31 - &xor ("ebx","edx"); - &shl ("edi",25-24); # hi<<25 - &xor ("ebx","esi"); - - &shr ("ecx",8-7); # lo>>8 - &xor ("eax","edi"); - &shr ("edx",8-7); # hi>>8 - &xor ("eax","ecx"); - &shl ("edi",31-25); # hi<<31 - &xor ("ebx","edx"); - &xor ("eax","edi"); # T1 = sigma0(X[-15]) - - &mov (&DWP(0,"esp"),"eax"); - &mov (&DWP(4,"esp"),"ebx"); # put T1 away - - #define sigma1(x) (ROTR((x),19) ^ ROTR((x),61) ^ ((x)>>6)) - # LO lo>>19^hi<<13 ^ hi>>29^lo<<3 ^ lo>>6^hi<<26 - # HI hi>>19^lo<<13 ^ lo>>29^hi<<3 ^ hi>>6 - &mov ("ecx",&DWP(8*(9+15+16-14)+0,"esp")); - &mov ("edx",&DWP(8*(9+15+16-14)+4,"esp")); - &mov ("esi","ecx"); - - &shr ("ecx",6); # lo>>6 - &mov ("edi","edx"); - &shr ("edx",6); # hi>>6 - &mov ("eax","ecx"); - &shl ("esi",3); # lo<<3 - &mov ("ebx","edx"); - &shl ("edi",3); # hi<<3 - &xor ("eax","esi"); - - &shr ("ecx",19-6); # lo>>19 - &xor ("ebx","edi"); - &shr ("edx",19-6); # hi>>19 - &xor ("eax","ecx"); - &shl ("esi",13-3); # lo<<13 - &xor ("ebx","edx"); - &shl ("edi",13-3); # hi<<13 - &xor ("ebx","esi"); - - &shr ("ecx",29-19); # lo>>29 - &xor ("eax","edi"); - &shr ("edx",29-19); # hi>>29 - &xor ("ebx","ecx"); - &shl ("edi",26-13); # hi<<26 - &xor ("eax","edx"); - &xor ("eax","edi"); # sigma1(X[-2]) - - &mov ("ecx",&DWP(8*(9+15+16)+0,"esp")); - &mov ("edx",&DWP(8*(9+15+16)+4,"esp")); - &add ("eax",&DWP(0,"esp")); - &adc ("ebx",&DWP(4,"esp")); # T1 = sigma1(X[-2])+T1 - &mov ("esi",&DWP(8*(9+15+16-9)+0,"esp")); - &mov ("edi",&DWP(8*(9+15+16-9)+4,"esp")); - &add ("eax","ecx"); - &adc ("ebx","edx"); # T1 += X[-16] - &add ("eax","esi"); - &adc ("ebx","edi"); # T1 += X[-7] - &mov (&DWP(8*(9+15)+0,"esp"),"eax"); - &mov (&DWP(8*(9+15)+4,"esp"),"ebx"); # save X[0] - - &BODY_00_15_x86(); - - &cmp (&LB("edx"),0x17); - &jne (&label("16_79_x86")); - - &mov ("esi",&DWP(8*(9+16+80)+0,"esp"));# ctx - &mov ("edi",&DWP(8*(9+16+80)+4,"esp"));# inp - for($i=0;$i<4;$i++) { - &mov ("eax",&DWP($i*16+0,"esi")); - &mov ("ebx",&DWP($i*16+4,"esi")); - &mov ("ecx",&DWP($i*16+8,"esi")); - &mov ("edx",&DWP($i*16+12,"esi")); - &add ("eax",&DWP(8+($i*16)+0,"esp")); - &adc ("ebx",&DWP(8+($i*16)+4,"esp")); - &mov (&DWP($i*16+0,"esi"),"eax"); - &mov (&DWP($i*16+4,"esi"),"ebx"); - &add ("ecx",&DWP(8+($i*16)+8,"esp")); - &adc ("edx",&DWP(8+($i*16)+12,"esp")); - &mov (&DWP($i*16+8,"esi"),"ecx"); - &mov (&DWP($i*16+12,"esi"),"edx"); - } - &add ("esp",8*(9+16+80)); # destroy frame - &sub ($K512,8*80); # rewind K - - &cmp ("edi",&DWP(8,"esp")); # are we done yet? - &jb (&label("loop_x86")); - - &mov ("esp",&DWP(12,"esp")); # restore sp -&function_end_A(); - -&set_label("K512",64); # Yes! I keep it in the code segment! - &data_word(0xd728ae22,0x428a2f98); # u64 - &data_word(0x23ef65cd,0x71374491); # u64 - &data_word(0xec4d3b2f,0xb5c0fbcf); # u64 - &data_word(0x8189dbbc,0xe9b5dba5); # u64 - &data_word(0xf348b538,0x3956c25b); # u64 - &data_word(0xb605d019,0x59f111f1); # u64 - &data_word(0xaf194f9b,0x923f82a4); # u64 - &data_word(0xda6d8118,0xab1c5ed5); # u64 - &data_word(0xa3030242,0xd807aa98); # u64 - &data_word(0x45706fbe,0x12835b01); # u64 - &data_word(0x4ee4b28c,0x243185be); # u64 - &data_word(0xd5ffb4e2,0x550c7dc3); # u64 - &data_word(0xf27b896f,0x72be5d74); # u64 - &data_word(0x3b1696b1,0x80deb1fe); # u64 - &data_word(0x25c71235,0x9bdc06a7); # u64 - &data_word(0xcf692694,0xc19bf174); # u64 - &data_word(0x9ef14ad2,0xe49b69c1); # u64 - &data_word(0x384f25e3,0xefbe4786); # u64 - &data_word(0x8b8cd5b5,0x0fc19dc6); # u64 - &data_word(0x77ac9c65,0x240ca1cc); # u64 - &data_word(0x592b0275,0x2de92c6f); # u64 - &data_word(0x6ea6e483,0x4a7484aa); # u64 - &data_word(0xbd41fbd4,0x5cb0a9dc); # u64 - &data_word(0x831153b5,0x76f988da); # u64 - &data_word(0xee66dfab,0x983e5152); # u64 - &data_word(0x2db43210,0xa831c66d); # u64 - &data_word(0x98fb213f,0xb00327c8); # u64 - &data_word(0xbeef0ee4,0xbf597fc7); # u64 - &data_word(0x3da88fc2,0xc6e00bf3); # u64 - &data_word(0x930aa725,0xd5a79147); # u64 - &data_word(0xe003826f,0x06ca6351); # u64 - &data_word(0x0a0e6e70,0x14292967); # u64 - &data_word(0x46d22ffc,0x27b70a85); # u64 - &data_word(0x5c26c926,0x2e1b2138); # u64 - &data_word(0x5ac42aed,0x4d2c6dfc); # u64 - &data_word(0x9d95b3df,0x53380d13); # u64 - &data_word(0x8baf63de,0x650a7354); # u64 - &data_word(0x3c77b2a8,0x766a0abb); # u64 - &data_word(0x47edaee6,0x81c2c92e); # u64 - &data_word(0x1482353b,0x92722c85); # u64 - &data_word(0x4cf10364,0xa2bfe8a1); # u64 - &data_word(0xbc423001,0xa81a664b); # u64 - &data_word(0xd0f89791,0xc24b8b70); # u64 - &data_word(0x0654be30,0xc76c51a3); # u64 - &data_word(0xd6ef5218,0xd192e819); # u64 - &data_word(0x5565a910,0xd6990624); # u64 - &data_word(0x5771202a,0xf40e3585); # u64 - &data_word(0x32bbd1b8,0x106aa070); # u64 - &data_word(0xb8d2d0c8,0x19a4c116); # u64 - &data_word(0x5141ab53,0x1e376c08); # u64 - &data_word(0xdf8eeb99,0x2748774c); # u64 - &data_word(0xe19b48a8,0x34b0bcb5); # u64 - &data_word(0xc5c95a63,0x391c0cb3); # u64 - &data_word(0xe3418acb,0x4ed8aa4a); # u64 - &data_word(0x7763e373,0x5b9cca4f); # u64 - &data_word(0xd6b2b8a3,0x682e6ff3); # u64 - &data_word(0x5defb2fc,0x748f82ee); # u64 - &data_word(0x43172f60,0x78a5636f); # u64 - &data_word(0xa1f0ab72,0x84c87814); # u64 - &data_word(0x1a6439ec,0x8cc70208); # u64 - &data_word(0x23631e28,0x90befffa); # u64 - &data_word(0xde82bde9,0xa4506ceb); # u64 - &data_word(0xb2c67915,0xbef9a3f7); # u64 - &data_word(0xe372532b,0xc67178f2); # u64 - &data_word(0xea26619c,0xca273ece); # u64 - &data_word(0x21c0c207,0xd186b8c7); # u64 - &data_word(0xcde0eb1e,0xeada7dd6); # u64 - &data_word(0xee6ed178,0xf57d4f7f); # u64 - &data_word(0x72176fba,0x06f067aa); # u64 - &data_word(0xa2c898a6,0x0a637dc5); # u64 - &data_word(0xbef90dae,0x113f9804); # u64 - &data_word(0x131c471b,0x1b710b35); # u64 - &data_word(0x23047d84,0x28db77f5); # u64 - &data_word(0x40c72493,0x32caab7b); # u64 - &data_word(0x15c9bebc,0x3c9ebe0a); # u64 - &data_word(0x9c100d4c,0x431d67c4); # u64 - &data_word(0xcb3e42b6,0x4cc5d4be); # u64 - &data_word(0xfc657e2a,0x597f299c); # u64 - &data_word(0x3ad6faec,0x5fcb6fab); # u64 - &data_word(0x4a475817,0x6c44198c); # u64 - - &data_word(0x04050607,0x00010203); # byte swap - &data_word(0x0c0d0e0f,0x08090a0b); # mask -&function_end_B("sha512_block_data_order"); -&asciz("SHA512 block transform for x86, CRYPTOGAMS by "); - -&asm_finish(); - -close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/sha/asm/sha512-armv4.pl b/crypto/sha/asm/sha512-armv4.pl deleted file mode 100644 index 1751c671e6d8e8aee9994e5448e8fe6fbd558c39..0000000000000000000000000000000000000000 --- a/crypto/sha/asm/sha512-armv4.pl +++ /dev/null @@ -1,680 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - - -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# -# Permission to use under GPL terms is granted. -# ==================================================================== - -# SHA512 block procedure for ARMv4. September 2007. - -# This code is ~4.5 (four and a half) times faster than code generated -# by gcc 3.4 and it spends ~72 clock cycles per byte [on single-issue -# Xscale PXA250 core]. -# -# July 2010. -# -# Rescheduling for dual-issue pipeline resulted in 6% improvement on -# Cortex A8 core and ~40 cycles per processed byte. - -# February 2011. -# -# Profiler-assisted and platform-specific optimization resulted in 7% -# improvement on Coxtex A8 core and ~38 cycles per byte. - -# March 2011. -# -# Add NEON implementation. On Cortex A8 it was measured to process -# one byte in 23.3 cycles or ~60% faster than integer-only code. - -# August 2012. -# -# Improve NEON performance by 12% on Snapdragon S4. In absolute -# terms it's 22.6 cycles per byte, which is disappointing result. -# Technical writers asserted that 3-way S4 pipeline can sustain -# multiple NEON instructions per cycle, but dual NEON issue could -# not be observed, see http://www.openssl.org/~appro/Snapdragon-S4.html -# for further details. On side note Cortex-A15 processes one byte in -# 16 cycles. - -# Byte order [in]dependence. ========================================= -# -# Originally caller was expected to maintain specific *dword* order in -# h[0-7], namely with most significant dword at *lower* address, which -# was reflected in below two parameters as 0 and 4. Now caller is -# expected to maintain native byte order for whole 64-bit values. -$hi="HI"; -$lo="LO"; -# ==================================================================== - -# $output is the last argument if it looks like a file (it has an extension) -# $flavour is the first argument if it doesn't look like a file -$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; -$flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef; - -if ($flavour && $flavour ne "void") { - $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; - ( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or - ( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or - die "can't locate arm-xlate.pl"; - - open STDOUT,"| \"$^X\" $xlate $flavour \"$output\"" - or die "can't call $xlate: $!"; -} else { - $output and open STDOUT,">$output"; -} - -$ctx="r0"; # parameter block -$inp="r1"; -$len="r2"; - -$Tlo="r3"; -$Thi="r4"; -$Alo="r5"; -$Ahi="r6"; -$Elo="r7"; -$Ehi="r8"; -$t0="r9"; -$t1="r10"; -$t2="r11"; -$t3="r12"; -############ r13 is stack pointer -$Ktbl="r14"; -############ r15 is program counter - -$Aoff=8*0; -$Boff=8*1; -$Coff=8*2; -$Doff=8*3; -$Eoff=8*4; -$Foff=8*5; -$Goff=8*6; -$Hoff=8*7; -$Xoff=8*8; - -sub BODY_00_15() { -my $magic = shift; -$code.=<<___; - @ Sigma1(x) (ROTR((x),14) ^ ROTR((x),18) ^ ROTR((x),41)) - @ LO lo>>14^hi<<18 ^ lo>>18^hi<<14 ^ hi>>9^lo<<23 - @ HI hi>>14^lo<<18 ^ hi>>18^lo<<14 ^ lo>>9^hi<<23 - mov $t0,$Elo,lsr#14 - str $Tlo,[sp,#$Xoff+0] - mov $t1,$Ehi,lsr#14 - str $Thi,[sp,#$Xoff+4] - eor $t0,$t0,$Ehi,lsl#18 - ldr $t2,[sp,#$Hoff+0] @ h.lo - eor $t1,$t1,$Elo,lsl#18 - ldr $t3,[sp,#$Hoff+4] @ h.hi - eor $t0,$t0,$Elo,lsr#18 - eor $t1,$t1,$Ehi,lsr#18 - eor $t0,$t0,$Ehi,lsl#14 - eor $t1,$t1,$Elo,lsl#14 - eor $t0,$t0,$Ehi,lsr#9 - eor $t1,$t1,$Elo,lsr#9 - eor $t0,$t0,$Elo,lsl#23 - eor $t1,$t1,$Ehi,lsl#23 @ Sigma1(e) - adds $Tlo,$Tlo,$t0 - ldr $t0,[sp,#$Foff+0] @ f.lo - adc $Thi,$Thi,$t1 @ T += Sigma1(e) - ldr $t1,[sp,#$Foff+4] @ f.hi - adds $Tlo,$Tlo,$t2 - ldr $t2,[sp,#$Goff+0] @ g.lo - adc $Thi,$Thi,$t3 @ T += h - ldr $t3,[sp,#$Goff+4] @ g.hi - - eor $t0,$t0,$t2 - str $Elo,[sp,#$Eoff+0] - eor $t1,$t1,$t3 - str $Ehi,[sp,#$Eoff+4] - and $t0,$t0,$Elo - str $Alo,[sp,#$Aoff+0] - and $t1,$t1,$Ehi - str $Ahi,[sp,#$Aoff+4] - eor $t0,$t0,$t2 - ldr $t2,[$Ktbl,#$lo] @ K[i].lo - eor $t1,$t1,$t3 @ Ch(e,f,g) - ldr $t3,[$Ktbl,#$hi] @ K[i].hi - - adds $Tlo,$Tlo,$t0 - ldr $Elo,[sp,#$Doff+0] @ d.lo - adc $Thi,$Thi,$t1 @ T += Ch(e,f,g) - ldr $Ehi,[sp,#$Doff+4] @ d.hi - adds $Tlo,$Tlo,$t2 - and $t0,$t2,#0xff - adc $Thi,$Thi,$t3 @ T += K[i] - adds $Elo,$Elo,$Tlo - ldr $t2,[sp,#$Boff+0] @ b.lo - adc $Ehi,$Ehi,$Thi @ d += T - teq $t0,#$magic - - ldr $t3,[sp,#$Coff+0] @ c.lo -#ifdef __thumb2__ - it eq @ Thumb2 thing, sanity check in ARM -#endif - orreq $Ktbl,$Ktbl,#1 - @ Sigma0(x) (ROTR((x),28) ^ ROTR((x),34) ^ ROTR((x),39)) - @ LO lo>>28^hi<<4 ^ hi>>2^lo<<30 ^ hi>>7^lo<<25 - @ HI hi>>28^lo<<4 ^ lo>>2^hi<<30 ^ lo>>7^hi<<25 - mov $t0,$Alo,lsr#28 - mov $t1,$Ahi,lsr#28 - eor $t0,$t0,$Ahi,lsl#4 - eor $t1,$t1,$Alo,lsl#4 - eor $t0,$t0,$Ahi,lsr#2 - eor $t1,$t1,$Alo,lsr#2 - eor $t0,$t0,$Alo,lsl#30 - eor $t1,$t1,$Ahi,lsl#30 - eor $t0,$t0,$Ahi,lsr#7 - eor $t1,$t1,$Alo,lsr#7 - eor $t0,$t0,$Alo,lsl#25 - eor $t1,$t1,$Ahi,lsl#25 @ Sigma0(a) - adds $Tlo,$Tlo,$t0 - and $t0,$Alo,$t2 - adc $Thi,$Thi,$t1 @ T += Sigma0(a) - - ldr $t1,[sp,#$Boff+4] @ b.hi - orr $Alo,$Alo,$t2 - ldr $t2,[sp,#$Coff+4] @ c.hi - and $Alo,$Alo,$t3 - and $t3,$Ahi,$t1 - orr $Ahi,$Ahi,$t1 - orr $Alo,$Alo,$t0 @ Maj(a,b,c).lo - and $Ahi,$Ahi,$t2 - adds $Alo,$Alo,$Tlo - orr $Ahi,$Ahi,$t3 @ Maj(a,b,c).hi - sub sp,sp,#8 - adc $Ahi,$Ahi,$Thi @ h += T - tst $Ktbl,#1 - add $Ktbl,$Ktbl,#8 -___ -} - -my $_word = ($flavour =~ /win/ ? "DCDU" : ".word"); - -$code=<<___; -#ifndef __KERNEL__ -# include "arm_arch.h" -# define VFP_ABI_PUSH vstmdb sp!,{d8-d15} -# define VFP_ABI_POP vldmia sp!,{d8-d15} -#else -# define __ARM_ARCH__ __LINUX_ARM_ARCH__ -# define __ARM_MAX_ARCH__ 7 -# define VFP_ABI_PUSH -# define VFP_ABI_POP -#endif - -#ifdef __ARMEL__ -# define LO 0 -# define HI 4 -# define WORD64(hi0,lo0,hi1,lo1) $_word lo0,hi0, lo1,hi1 -#else -# define HI 0 -# define LO 4 -# define WORD64(hi0,lo0,hi1,lo1) $_word hi0,lo0, hi1,lo1 -#endif - -#if defined(__thumb2__) -.syntax unified -.thumb -# define adrl adr -#else -.code 32 -#endif - -.text - -.type K512,%object -.align 5 -K512: -WORD64(0x428a2f98,0xd728ae22, 0x71374491,0x23ef65cd) -WORD64(0xb5c0fbcf,0xec4d3b2f, 0xe9b5dba5,0x8189dbbc) -WORD64(0x3956c25b,0xf348b538, 0x59f111f1,0xb605d019) -WORD64(0x923f82a4,0xaf194f9b, 0xab1c5ed5,0xda6d8118) -WORD64(0xd807aa98,0xa3030242, 0x12835b01,0x45706fbe) -WORD64(0x243185be,0x4ee4b28c, 0x550c7dc3,0xd5ffb4e2) -WORD64(0x72be5d74,0xf27b896f, 0x80deb1fe,0x3b1696b1) -WORD64(0x9bdc06a7,0x25c71235, 0xc19bf174,0xcf692694) -WORD64(0xe49b69c1,0x9ef14ad2, 0xefbe4786,0x384f25e3) -WORD64(0x0fc19dc6,0x8b8cd5b5, 0x240ca1cc,0x77ac9c65) -WORD64(0x2de92c6f,0x592b0275, 0x4a7484aa,0x6ea6e483) -WORD64(0x5cb0a9dc,0xbd41fbd4, 0x76f988da,0x831153b5) -WORD64(0x983e5152,0xee66dfab, 0xa831c66d,0x2db43210) -WORD64(0xb00327c8,0x98fb213f, 0xbf597fc7,0xbeef0ee4) -WORD64(0xc6e00bf3,0x3da88fc2, 0xd5a79147,0x930aa725) -WORD64(0x06ca6351,0xe003826f, 0x14292967,0x0a0e6e70) -WORD64(0x27b70a85,0x46d22ffc, 0x2e1b2138,0x5c26c926) -WORD64(0x4d2c6dfc,0x5ac42aed, 0x53380d13,0x9d95b3df) -WORD64(0x650a7354,0x8baf63de, 0x766a0abb,0x3c77b2a8) -WORD64(0x81c2c92e,0x47edaee6, 0x92722c85,0x1482353b) -WORD64(0xa2bfe8a1,0x4cf10364, 0xa81a664b,0xbc423001) -WORD64(0xc24b8b70,0xd0f89791, 0xc76c51a3,0x0654be30) -WORD64(0xd192e819,0xd6ef5218, 0xd6990624,0x5565a910) -WORD64(0xf40e3585,0x5771202a, 0x106aa070,0x32bbd1b8) -WORD64(0x19a4c116,0xb8d2d0c8, 0x1e376c08,0x5141ab53) -WORD64(0x2748774c,0xdf8eeb99, 0x34b0bcb5,0xe19b48a8) -WORD64(0x391c0cb3,0xc5c95a63, 0x4ed8aa4a,0xe3418acb) -WORD64(0x5b9cca4f,0x7763e373, 0x682e6ff3,0xd6b2b8a3) -WORD64(0x748f82ee,0x5defb2fc, 0x78a5636f,0x43172f60) -WORD64(0x84c87814,0xa1f0ab72, 0x8cc70208,0x1a6439ec) -WORD64(0x90befffa,0x23631e28, 0xa4506ceb,0xde82bde9) -WORD64(0xbef9a3f7,0xb2c67915, 0xc67178f2,0xe372532b) -WORD64(0xca273ece,0xea26619c, 0xd186b8c7,0x21c0c207) -WORD64(0xeada7dd6,0xcde0eb1e, 0xf57d4f7f,0xee6ed178) -WORD64(0x06f067aa,0x72176fba, 0x0a637dc5,0xa2c898a6) -WORD64(0x113f9804,0xbef90dae, 0x1b710b35,0x131c471b) -WORD64(0x28db77f5,0x23047d84, 0x32caab7b,0x40c72493) -WORD64(0x3c9ebe0a,0x15c9bebc, 0x431d67c4,0x9c100d4c) -WORD64(0x4cc5d4be,0xcb3e42b6, 0x597f299c,0xfc657e2a) -WORD64(0x5fcb6fab,0x3ad6faec, 0x6c44198c,0x4a475817) -.size K512,.-K512 -#if __ARM_MAX_ARCH__>=7 && !defined(__KERNEL__) -.LOPENSSL_armcap: -# ifdef _WIN32 -.word OPENSSL_armcap_P -# else -.word OPENSSL_armcap_P-.Lsha512_block_data_order -# endif -.skip 32-4 -#else -.skip 32 -#endif - -.global sha512_block_data_order -.type sha512_block_data_order,%function -sha512_block_data_order: -.Lsha512_block_data_order: -#if __ARM_ARCH__<7 && !defined(__thumb2__) - sub r3,pc,#8 @ sha512_block_data_order -#else - adr r3,.Lsha512_block_data_order -#endif -#if __ARM_MAX_ARCH__>=7 && !defined(__KERNEL__) - ldr r12,.LOPENSSL_armcap -# if !defined(_WIN32) - ldr r12,[r3,r12] @ OPENSSL_armcap_P -# endif -# if defined(__APPLE__) || defined(_WIN32) - ldr r12,[r12] -# endif - tst r12,#ARMV7_NEON - bne .LNEON -#endif - add $len,$inp,$len,lsl#7 @ len to point at the end of inp - stmdb sp!,{r4-r12,lr} - sub $Ktbl,r3,#672 @ K512 - sub sp,sp,#9*8 - - ldr $Elo,[$ctx,#$Eoff+$lo] - ldr $Ehi,[$ctx,#$Eoff+$hi] - ldr $t0, [$ctx,#$Goff+$lo] - ldr $t1, [$ctx,#$Goff+$hi] - ldr $t2, [$ctx,#$Hoff+$lo] - ldr $t3, [$ctx,#$Hoff+$hi] -.Loop: - str $t0, [sp,#$Goff+0] - str $t1, [sp,#$Goff+4] - str $t2, [sp,#$Hoff+0] - str $t3, [sp,#$Hoff+4] - ldr $Alo,[$ctx,#$Aoff+$lo] - ldr $Ahi,[$ctx,#$Aoff+$hi] - ldr $Tlo,[$ctx,#$Boff+$lo] - ldr $Thi,[$ctx,#$Boff+$hi] - ldr $t0, [$ctx,#$Coff+$lo] - ldr $t1, [$ctx,#$Coff+$hi] - ldr $t2, [$ctx,#$Doff+$lo] - ldr $t3, [$ctx,#$Doff+$hi] - str $Tlo,[sp,#$Boff+0] - str $Thi,[sp,#$Boff+4] - str $t0, [sp,#$Coff+0] - str $t1, [sp,#$Coff+4] - str $t2, [sp,#$Doff+0] - str $t3, [sp,#$Doff+4] - ldr $Tlo,[$ctx,#$Foff+$lo] - ldr $Thi,[$ctx,#$Foff+$hi] - str $Tlo,[sp,#$Foff+0] - str $Thi,[sp,#$Foff+4] - -.L00_15: -#if __ARM_ARCH__<7 - ldrb $Tlo,[$inp,#7] - ldrb $t0, [$inp,#6] - ldrb $t1, [$inp,#5] - ldrb $t2, [$inp,#4] - ldrb $Thi,[$inp,#3] - ldrb $t3, [$inp,#2] - orr $Tlo,$Tlo,$t0,lsl#8 - ldrb $t0, [$inp,#1] - orr $Tlo,$Tlo,$t1,lsl#16 - ldrb $t1, [$inp],#8 - orr $Tlo,$Tlo,$t2,lsl#24 - orr $Thi,$Thi,$t3,lsl#8 - orr $Thi,$Thi,$t0,lsl#16 - orr $Thi,$Thi,$t1,lsl#24 -#else - ldr $Tlo,[$inp,#4] - ldr $Thi,[$inp],#8 -#ifdef __ARMEL__ - rev $Tlo,$Tlo - rev $Thi,$Thi -#endif -#endif -___ - &BODY_00_15(0x94); -$code.=<<___; - tst $Ktbl,#1 - beq .L00_15 - ldr $t0,[sp,#`$Xoff+8*(16-1)`+0] - ldr $t1,[sp,#`$Xoff+8*(16-1)`+4] - bic $Ktbl,$Ktbl,#1 -.L16_79: - @ sigma0(x) (ROTR((x),1) ^ ROTR((x),8) ^ ((x)>>7)) - @ LO lo>>1^hi<<31 ^ lo>>8^hi<<24 ^ lo>>7^hi<<25 - @ HI hi>>1^lo<<31 ^ hi>>8^lo<<24 ^ hi>>7 - mov $Tlo,$t0,lsr#1 - ldr $t2,[sp,#`$Xoff+8*(16-14)`+0] - mov $Thi,$t1,lsr#1 - ldr $t3,[sp,#`$Xoff+8*(16-14)`+4] - eor $Tlo,$Tlo,$t1,lsl#31 - eor $Thi,$Thi,$t0,lsl#31 - eor $Tlo,$Tlo,$t0,lsr#8 - eor $Thi,$Thi,$t1,lsr#8 - eor $Tlo,$Tlo,$t1,lsl#24 - eor $Thi,$Thi,$t0,lsl#24 - eor $Tlo,$Tlo,$t0,lsr#7 - eor $Thi,$Thi,$t1,lsr#7 - eor $Tlo,$Tlo,$t1,lsl#25 - - @ sigma1(x) (ROTR((x),19) ^ ROTR((x),61) ^ ((x)>>6)) - @ LO lo>>19^hi<<13 ^ hi>>29^lo<<3 ^ lo>>6^hi<<26 - @ HI hi>>19^lo<<13 ^ lo>>29^hi<<3 ^ hi>>6 - mov $t0,$t2,lsr#19 - mov $t1,$t3,lsr#19 - eor $t0,$t0,$t3,lsl#13 - eor $t1,$t1,$t2,lsl#13 - eor $t0,$t0,$t3,lsr#29 - eor $t1,$t1,$t2,lsr#29 - eor $t0,$t0,$t2,lsl#3 - eor $t1,$t1,$t3,lsl#3 - eor $t0,$t0,$t2,lsr#6 - eor $t1,$t1,$t3,lsr#6 - ldr $t2,[sp,#`$Xoff+8*(16-9)`+0] - eor $t0,$t0,$t3,lsl#26 - - ldr $t3,[sp,#`$Xoff+8*(16-9)`+4] - adds $Tlo,$Tlo,$t0 - ldr $t0,[sp,#`$Xoff+8*16`+0] - adc $Thi,$Thi,$t1 - - ldr $t1,[sp,#`$Xoff+8*16`+4] - adds $Tlo,$Tlo,$t2 - adc $Thi,$Thi,$t3 - adds $Tlo,$Tlo,$t0 - adc $Thi,$Thi,$t1 -___ - &BODY_00_15(0x17); -$code.=<<___; -#ifdef __thumb2__ - ittt eq @ Thumb2 thing, sanity check in ARM -#endif - ldreq $t0,[sp,#`$Xoff+8*(16-1)`+0] - ldreq $t1,[sp,#`$Xoff+8*(16-1)`+4] - beq .L16_79 - bic $Ktbl,$Ktbl,#1 - - ldr $Tlo,[sp,#$Boff+0] - ldr $Thi,[sp,#$Boff+4] - ldr $t0, [$ctx,#$Aoff+$lo] - ldr $t1, [$ctx,#$Aoff+$hi] - ldr $t2, [$ctx,#$Boff+$lo] - ldr $t3, [$ctx,#$Boff+$hi] - adds $t0,$Alo,$t0 - str $t0, [$ctx,#$Aoff+$lo] - adc $t1,$Ahi,$t1 - str $t1, [$ctx,#$Aoff+$hi] - adds $t2,$Tlo,$t2 - str $t2, [$ctx,#$Boff+$lo] - adc $t3,$Thi,$t3 - str $t3, [$ctx,#$Boff+$hi] - - ldr $Alo,[sp,#$Coff+0] - ldr $Ahi,[sp,#$Coff+4] - ldr $Tlo,[sp,#$Doff+0] - ldr $Thi,[sp,#$Doff+4] - ldr $t0, [$ctx,#$Coff+$lo] - ldr $t1, [$ctx,#$Coff+$hi] - ldr $t2, [$ctx,#$Doff+$lo] - ldr $t3, [$ctx,#$Doff+$hi] - adds $t0,$Alo,$t0 - str $t0, [$ctx,#$Coff+$lo] - adc $t1,$Ahi,$t1 - str $t1, [$ctx,#$Coff+$hi] - adds $t2,$Tlo,$t2 - str $t2, [$ctx,#$Doff+$lo] - adc $t3,$Thi,$t3 - str $t3, [$ctx,#$Doff+$hi] - - ldr $Tlo,[sp,#$Foff+0] - ldr $Thi,[sp,#$Foff+4] - ldr $t0, [$ctx,#$Eoff+$lo] - ldr $t1, [$ctx,#$Eoff+$hi] - ldr $t2, [$ctx,#$Foff+$lo] - ldr $t3, [$ctx,#$Foff+$hi] - adds $Elo,$Elo,$t0 - str $Elo,[$ctx,#$Eoff+$lo] - adc $Ehi,$Ehi,$t1 - str $Ehi,[$ctx,#$Eoff+$hi] - adds $t2,$Tlo,$t2 - str $t2, [$ctx,#$Foff+$lo] - adc $t3,$Thi,$t3 - str $t3, [$ctx,#$Foff+$hi] - - ldr $Alo,[sp,#$Goff+0] - ldr $Ahi,[sp,#$Goff+4] - ldr $Tlo,[sp,#$Hoff+0] - ldr $Thi,[sp,#$Hoff+4] - ldr $t0, [$ctx,#$Goff+$lo] - ldr $t1, [$ctx,#$Goff+$hi] - ldr $t2, [$ctx,#$Hoff+$lo] - ldr $t3, [$ctx,#$Hoff+$hi] - adds $t0,$Alo,$t0 - str $t0, [$ctx,#$Goff+$lo] - adc $t1,$Ahi,$t1 - str $t1, [$ctx,#$Goff+$hi] - adds $t2,$Tlo,$t2 - str $t2, [$ctx,#$Hoff+$lo] - adc $t3,$Thi,$t3 - str $t3, [$ctx,#$Hoff+$hi] - - add sp,sp,#640 - sub $Ktbl,$Ktbl,#640 - - teq $inp,$len - bne .Loop - - add sp,sp,#8*9 @ destroy frame -#if __ARM_ARCH__>=5 - ldmia sp!,{r4-r12,pc} -#else - ldmia sp!,{r4-r12,lr} - tst lr,#1 - moveq pc,lr @ be binary compatible with V4, yet - bx lr @ interoperable with Thumb ISA:-) -#endif -.size sha512_block_data_order,.-sha512_block_data_order -___ - -{ -my @Sigma0=(28,34,39); -my @Sigma1=(14,18,41); -my @sigma0=(1, 8, 7); -my @sigma1=(19,61,6); - -my $Ktbl="r3"; -my $cnt="r12"; # volatile register known as ip, intra-procedure-call scratch - -my @X=map("d$_",(0..15)); -my @V=($A,$B,$C,$D,$E,$F,$G,$H)=map("d$_",(16..23)); - -sub NEON_00_15() { -my $i=shift; -my ($a,$b,$c,$d,$e,$f,$g,$h)=@_; -my ($t0,$t1,$t2,$T1,$K,$Ch,$Maj)=map("d$_",(24..31)); # temps - -$code.=<<___ if ($i<16 || $i&1); - vshr.u64 $t0,$e,#@Sigma1[0] @ $i -#if $i<16 - vld1.64 {@X[$i%16]},[$inp]! @ handles unaligned -#endif - vshr.u64 $t1,$e,#@Sigma1[1] -#if $i>0 - vadd.i64 $a,$Maj @ h+=Maj from the past -#endif - vshr.u64 $t2,$e,#@Sigma1[2] -___ -$code.=<<___; - vld1.64 {$K},[$Ktbl,:64]! @ K[i++] - vsli.64 $t0,$e,#`64-@Sigma1[0]` - vsli.64 $t1,$e,#`64-@Sigma1[1]` - vmov $Ch,$e - vsli.64 $t2,$e,#`64-@Sigma1[2]` -#if $i<16 && defined(__ARMEL__) - vrev64.8 @X[$i],@X[$i] -#endif - veor $t1,$t0 - vbsl $Ch,$f,$g @ Ch(e,f,g) - vshr.u64 $t0,$a,#@Sigma0[0] - veor $t2,$t1 @ Sigma1(e) - vadd.i64 $T1,$Ch,$h - vshr.u64 $t1,$a,#@Sigma0[1] - vsli.64 $t0,$a,#`64-@Sigma0[0]` - vadd.i64 $T1,$t2 - vshr.u64 $t2,$a,#@Sigma0[2] - vadd.i64 $K,@X[$i%16] - vsli.64 $t1,$a,#`64-@Sigma0[1]` - veor $Maj,$a,$b - vsli.64 $t2,$a,#`64-@Sigma0[2]` - veor $h,$t0,$t1 - vadd.i64 $T1,$K - vbsl $Maj,$c,$b @ Maj(a,b,c) - veor $h,$t2 @ Sigma0(a) - vadd.i64 $d,$T1 - vadd.i64 $Maj,$T1 - @ vadd.i64 $h,$Maj -___ -} - -sub NEON_16_79() { -my $i=shift; - -if ($i&1) { &NEON_00_15($i,@_); return; } - -# 2x-vectorized, therefore runs every 2nd round -my @X=map("q$_",(0..7)); # view @X as 128-bit vector -my ($t0,$t1,$s0,$s1) = map("q$_",(12..15)); # temps -my ($d0,$d1,$d2) = map("d$_",(24..26)); # temps from NEON_00_15 -my $e=@_[4]; # $e from NEON_00_15 -$i /= 2; -$code.=<<___; - vshr.u64 $t0,@X[($i+7)%8],#@sigma1[0] - vshr.u64 $t1,@X[($i+7)%8],#@sigma1[1] - vadd.i64 @_[0],d30 @ h+=Maj from the past - vshr.u64 $s1,@X[($i+7)%8],#@sigma1[2] - vsli.64 $t0,@X[($i+7)%8],#`64-@sigma1[0]` - vext.8 $s0,@X[$i%8],@X[($i+1)%8],#8 @ X[i+1] - vsli.64 $t1,@X[($i+7)%8],#`64-@sigma1[1]` - veor $s1,$t0 - vshr.u64 $t0,$s0,#@sigma0[0] - veor $s1,$t1 @ sigma1(X[i+14]) - vshr.u64 $t1,$s0,#@sigma0[1] - vadd.i64 @X[$i%8],$s1 - vshr.u64 $s1,$s0,#@sigma0[2] - vsli.64 $t0,$s0,#`64-@sigma0[0]` - vsli.64 $t1,$s0,#`64-@sigma0[1]` - vext.8 $s0,@X[($i+4)%8],@X[($i+5)%8],#8 @ X[i+9] - veor $s1,$t0 - vshr.u64 $d0,$e,#@Sigma1[0] @ from NEON_00_15 - vadd.i64 @X[$i%8],$s0 - vshr.u64 $d1,$e,#@Sigma1[1] @ from NEON_00_15 - veor $s1,$t1 @ sigma0(X[i+1]) - vshr.u64 $d2,$e,#@Sigma1[2] @ from NEON_00_15 - vadd.i64 @X[$i%8],$s1 -___ - &NEON_00_15(2*$i,@_); -} - -$code.=<<___; -#if __ARM_MAX_ARCH__>=7 -.arch armv7-a -.fpu neon - -.global sha512_block_data_order_neon -.type sha512_block_data_order_neon,%function -.align 4 -sha512_block_data_order_neon: -.LNEON: - dmb @ errata #451034 on early Cortex A8 - add $len,$inp,$len,lsl#7 @ len to point at the end of inp - adr $Ktbl,K512 - VFP_ABI_PUSH - vldmia $ctx,{$A-$H} @ load context -.Loop_neon: -___ -for($i=0;$i<16;$i++) { &NEON_00_15($i,@V); unshift(@V,pop(@V)); } -$code.=<<___; - mov $cnt,#4 -.L16_79_neon: - subs $cnt,#1 -___ -for(;$i<32;$i++) { &NEON_16_79($i,@V); unshift(@V,pop(@V)); } -$code.=<<___; - bne .L16_79_neon - - vadd.i64 $A,d30 @ h+=Maj from the past - vldmia $ctx,{d24-d31} @ load context to temp - vadd.i64 q8,q12 @ vectorized accumulate - vadd.i64 q9,q13 - vadd.i64 q10,q14 - vadd.i64 q11,q15 - vstmia $ctx,{$A-$H} @ save context - teq $inp,$len - sub $Ktbl,#640 @ rewind K512 - bne .Loop_neon - - VFP_ABI_POP - ret @ bx lr -.size sha512_block_data_order_neon,.-sha512_block_data_order_neon -#endif -___ -} -$code.=<<___; -.asciz "SHA512 block transform for ARMv4/NEON, CRYPTOGAMS by " -.align 2 -#if __ARM_MAX_ARCH__>=7 && !defined(__KERNEL__) -.comm OPENSSL_armcap_P,4,4 -#endif -___ - -$code =~ s/\`([^\`]*)\`/eval $1/gem; -$code =~ s/\bbx\s+lr\b/.word\t0xe12fff1e/gm; # make it possible to compile with -march=armv4 -$code =~ s/\bret\b/bx lr/gm; - -open SELF,$0; -while() { - next if (/^#!/); - last if (!s/^#/@/ and !/^$/); - print; -} -close SELF; - -print $code; -close STDOUT or die "error closing STDOUT: $!"; # enforce flush diff --git a/crypto/sha/asm/sha512-armv8.pl b/crypto/sha/asm/sha512-armv8.pl deleted file mode 100644 index 6bcff0b7d3f351e3c6d931e5c4e84a45f0fd8480..0000000000000000000000000000000000000000 --- a/crypto/sha/asm/sha512-armv8.pl +++ /dev/null @@ -1,889 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2014-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# -# Permission to use under GPLv2 terms is granted. -# ==================================================================== -# -# SHA256/512 for ARMv8. -# -# Performance in cycles per processed byte and improvement coefficient -# over code generated with "default" compiler: -# -# SHA256-hw SHA256(*) SHA512 -# Apple A7 1.97 10.5 (+33%) 6.73 (-1%(**)) -# Cortex-A53 2.38 15.5 (+115%) 10.0 (+150%(***)) -# Cortex-A57 2.31 11.6 (+86%) 7.51 (+260%(***)) -# Denver 2.01 10.5 (+26%) 6.70 (+8%) -# X-Gene 20.0 (+100%) 12.8 (+300%(***)) -# Mongoose 2.36 13.0 (+50%) 8.36 (+33%) -# Kryo 1.92 17.4 (+30%) 11.2 (+8%) -# ThunderX2 2.54 13.2 (+40%) 8.40 (+18%) -# -# (*) Software SHA256 results are of lesser relevance, presented -# mostly for informational purposes. -# (**) The result is a trade-off: it's possible to improve it by -# 10% (or by 1 cycle per round), but at the cost of 20% loss -# on Cortex-A53 (or by 4 cycles per round). -# (***) Super-impressive coefficients over gcc-generated code are -# indication of some compiler "pathology", most notably code -# generated with -mgeneral-regs-only is significantly faster -# and the gap is only 40-90%. -# -# October 2016. -# -# Originally it was reckoned that it makes no sense to implement NEON -# version of SHA256 for 64-bit processors. This is because performance -# improvement on most wide-spread Cortex-A5x processors was observed -# to be marginal, same on Cortex-A53 and ~10% on A57. But then it was -# observed that 32-bit NEON SHA256 performs significantly better than -# 64-bit scalar version on *some* of the more recent processors. As -# result 64-bit NEON version of SHA256 was added to provide best -# all-round performance. For example it executes ~30% faster on X-Gene -# and Mongoose. [For reference, NEON version of SHA512 is bound to -# deliver much less improvement, likely *negative* on Cortex-A5x. -# Which is why NEON support is limited to SHA256.] - -# $output is the last argument if it looks like a file (it has an extension) -# $flavour is the first argument if it doesn't look like a file -$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; -$flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef; - -if ($flavour && $flavour ne "void") { - $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; - ( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or - ( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or - die "can't locate arm-xlate.pl"; - - open OUT,"| \"$^X\" $xlate $flavour \"$output\"" - or die "can't call $xlate: $!"; - *STDOUT=*OUT; -} else { - $output and open STDOUT,">$output"; -} - -if ($output =~ /512/) { - $BITS=512; - $SZ=8; - @Sigma0=(28,34,39); - @Sigma1=(14,18,41); - @sigma0=(1, 8, 7); - @sigma1=(19,61, 6); - $rounds=80; - $reg_t="x"; -} else { - $BITS=256; - $SZ=4; - @Sigma0=( 2,13,22); - @Sigma1=( 6,11,25); - @sigma0=( 7,18, 3); - @sigma1=(17,19,10); - $rounds=64; - $reg_t="w"; -} - -$func="sha${BITS}_block_data_order"; - -($ctx,$inp,$num,$Ktbl)=map("x$_",(0..2,30)); - -@X=map("$reg_t$_",(3..15,0..2)); -@V=($A,$B,$C,$D,$E,$F,$G,$H)=map("$reg_t$_",(20..27)); -($t0,$t1,$t2,$t3)=map("$reg_t$_",(16,17,19,28)); - -sub BODY_00_xx { -my ($i,$a,$b,$c,$d,$e,$f,$g,$h)=@_; -my $j=($i+1)&15; -my ($T0,$T1,$T2)=(@X[($i-8)&15],@X[($i-9)&15],@X[($i-10)&15]); - $T0=@X[$i+3] if ($i<11); - -$code.=<<___ if ($i<16); -#ifndef __AARCH64EB__ - rev @X[$i],@X[$i] // $i -#endif -___ -$code.=<<___ if ($i<13 && ($i&1)); - ldp @X[$i+1],@X[$i+2],[$inp],#2*$SZ -___ -$code.=<<___ if ($i==13); - ldp @X[14],@X[15],[$inp] -___ -$code.=<<___ if ($i>=14); - ldr @X[($i-11)&15],[sp,#`$SZ*(($i-11)%4)`] -___ -$code.=<<___ if ($i>0 && $i<16); - add $a,$a,$t1 // h+=Sigma0(a) -___ -$code.=<<___ if ($i>=11); - str @X[($i-8)&15],[sp,#`$SZ*(($i-8)%4)`] -___ -# While ARMv8 specifies merged rotate-n-logical operation such as -# 'eor x,y,z,ror#n', it was found to negatively affect performance -# on Apple A7. The reason seems to be that it requires even 'y' to -# be available earlier. This means that such merged instruction is -# not necessarily best choice on critical path... On the other hand -# Cortex-A5x handles merged instructions much better than disjoint -# rotate and logical... See (**) footnote above. -$code.=<<___ if ($i<15); - ror $t0,$e,#$Sigma1[0] - add $h,$h,$t2 // h+=K[i] - eor $T0,$e,$e,ror#`$Sigma1[2]-$Sigma1[1]` - and $t1,$f,$e - bic $t2,$g,$e - add $h,$h,@X[$i&15] // h+=X[i] - orr $t1,$t1,$t2 // Ch(e,f,g) - eor $t2,$a,$b // a^b, b^c in next round - eor $t0,$t0,$T0,ror#$Sigma1[1] // Sigma1(e) - ror $T0,$a,#$Sigma0[0] - add $h,$h,$t1 // h+=Ch(e,f,g) - eor $t1,$a,$a,ror#`$Sigma0[2]-$Sigma0[1]` - add $h,$h,$t0 // h+=Sigma1(e) - and $t3,$t3,$t2 // (b^c)&=(a^b) - add $d,$d,$h // d+=h - eor $t3,$t3,$b // Maj(a,b,c) - eor $t1,$T0,$t1,ror#$Sigma0[1] // Sigma0(a) - add $h,$h,$t3 // h+=Maj(a,b,c) - ldr $t3,[$Ktbl],#$SZ // *K++, $t2 in next round - //add $h,$h,$t1 // h+=Sigma0(a) -___ -$code.=<<___ if ($i>=15); - ror $t0,$e,#$Sigma1[0] - add $h,$h,$t2 // h+=K[i] - ror $T1,@X[($j+1)&15],#$sigma0[0] - and $t1,$f,$e - ror $T2,@X[($j+14)&15],#$sigma1[0] - bic $t2,$g,$e - ror $T0,$a,#$Sigma0[0] - add $h,$h,@X[$i&15] // h+=X[i] - eor $t0,$t0,$e,ror#$Sigma1[1] - eor $T1,$T1,@X[($j+1)&15],ror#$sigma0[1] - orr $t1,$t1,$t2 // Ch(e,f,g) - eor $t2,$a,$b // a^b, b^c in next round - eor $t0,$t0,$e,ror#$Sigma1[2] // Sigma1(e) - eor $T0,$T0,$a,ror#$Sigma0[1] - add $h,$h,$t1 // h+=Ch(e,f,g) - and $t3,$t3,$t2 // (b^c)&=(a^b) - eor $T2,$T2,@X[($j+14)&15],ror#$sigma1[1] - eor $T1,$T1,@X[($j+1)&15],lsr#$sigma0[2] // sigma0(X[i+1]) - add $h,$h,$t0 // h+=Sigma1(e) - eor $t3,$t3,$b // Maj(a,b,c) - eor $t1,$T0,$a,ror#$Sigma0[2] // Sigma0(a) - eor $T2,$T2,@X[($j+14)&15],lsr#$sigma1[2] // sigma1(X[i+14]) - add @X[$j],@X[$j],@X[($j+9)&15] - add $d,$d,$h // d+=h - add $h,$h,$t3 // h+=Maj(a,b,c) - ldr $t3,[$Ktbl],#$SZ // *K++, $t2 in next round - add @X[$j],@X[$j],$T1 - add $h,$h,$t1 // h+=Sigma0(a) - add @X[$j],@X[$j],$T2 -___ - ($t2,$t3)=($t3,$t2); -} - -$code.=<<___; -#ifndef __KERNEL__ -# include "arm_arch.h" -.extern OPENSSL_armcap_P -.hidden OPENSSL_armcap_P -#endif - -.text - -.globl $func -.type $func,%function -.align 6 -$func: -#ifndef __KERNEL__ - adrp x16,OPENSSL_armcap_P - ldr w16,[x16,#:lo12:OPENSSL_armcap_P] -___ -$code.=<<___ if ($SZ==4); - tst w16,#ARMV8_SHA256 - b.ne .Lv8_entry - tst w16,#ARMV7_NEON - b.ne .Lneon_entry -___ -$code.=<<___ if ($SZ==8); - tst w16,#ARMV8_SHA512 - b.ne .Lv8_entry -___ -$code.=<<___; -#endif - .inst 0xd503233f // paciasp - stp x29,x30,[sp,#-128]! - add x29,sp,#0 - - stp x19,x20,[sp,#16] - stp x21,x22,[sp,#32] - stp x23,x24,[sp,#48] - stp x25,x26,[sp,#64] - stp x27,x28,[sp,#80] - sub sp,sp,#4*$SZ - - ldp $A,$B,[$ctx] // load context - ldp $C,$D,[$ctx,#2*$SZ] - ldp $E,$F,[$ctx,#4*$SZ] - add $num,$inp,$num,lsl#`log(16*$SZ)/log(2)` // end of input - ldp $G,$H,[$ctx,#6*$SZ] - adr $Ktbl,.LK$BITS - stp $ctx,$num,[x29,#96] - -.Loop: - ldp @X[0],@X[1],[$inp],#2*$SZ - ldr $t2,[$Ktbl],#$SZ // *K++ - eor $t3,$B,$C // magic seed - str $inp,[x29,#112] -___ -for ($i=0;$i<16;$i++) { &BODY_00_xx($i,@V); unshift(@V,pop(@V)); } -$code.=".Loop_16_xx:\n"; -for (;$i<32;$i++) { &BODY_00_xx($i,@V); unshift(@V,pop(@V)); } -$code.=<<___; - cbnz $t2,.Loop_16_xx - - ldp $ctx,$num,[x29,#96] - ldr $inp,[x29,#112] - sub $Ktbl,$Ktbl,#`$SZ*($rounds+1)` // rewind - - ldp @X[0],@X[1],[$ctx] - ldp @X[2],@X[3],[$ctx,#2*$SZ] - add $inp,$inp,#14*$SZ // advance input pointer - ldp @X[4],@X[5],[$ctx,#4*$SZ] - add $A,$A,@X[0] - ldp @X[6],@X[7],[$ctx,#6*$SZ] - add $B,$B,@X[1] - add $C,$C,@X[2] - add $D,$D,@X[3] - stp $A,$B,[$ctx] - add $E,$E,@X[4] - add $F,$F,@X[5] - stp $C,$D,[$ctx,#2*$SZ] - add $G,$G,@X[6] - add $H,$H,@X[7] - cmp $inp,$num - stp $E,$F,[$ctx,#4*$SZ] - stp $G,$H,[$ctx,#6*$SZ] - b.ne .Loop - - ldp x19,x20,[x29,#16] - add sp,sp,#4*$SZ - ldp x21,x22,[x29,#32] - ldp x23,x24,[x29,#48] - ldp x25,x26,[x29,#64] - ldp x27,x28,[x29,#80] - ldp x29,x30,[sp],#128 - .inst 0xd50323bf // autiasp - ret -.size $func,.-$func - -.align 6 -.type .LK$BITS,%object -.LK$BITS: -___ -$code.=<<___ if ($SZ==8); - .quad 0x428a2f98d728ae22,0x7137449123ef65cd - .quad 0xb5c0fbcfec4d3b2f,0xe9b5dba58189dbbc - .quad 0x3956c25bf348b538,0x59f111f1b605d019 - .quad 0x923f82a4af194f9b,0xab1c5ed5da6d8118 - .quad 0xd807aa98a3030242,0x12835b0145706fbe - .quad 0x243185be4ee4b28c,0x550c7dc3d5ffb4e2 - .quad 0x72be5d74f27b896f,0x80deb1fe3b1696b1 - .quad 0x9bdc06a725c71235,0xc19bf174cf692694 - .quad 0xe49b69c19ef14ad2,0xefbe4786384f25e3 - .quad 0x0fc19dc68b8cd5b5,0x240ca1cc77ac9c65 - .quad 0x2de92c6f592b0275,0x4a7484aa6ea6e483 - .quad 0x5cb0a9dcbd41fbd4,0x76f988da831153b5 - .quad 0x983e5152ee66dfab,0xa831c66d2db43210 - .quad 0xb00327c898fb213f,0xbf597fc7beef0ee4 - .quad 0xc6e00bf33da88fc2,0xd5a79147930aa725 - .quad 0x06ca6351e003826f,0x142929670a0e6e70 - .quad 0x27b70a8546d22ffc,0x2e1b21385c26c926 - .quad 0x4d2c6dfc5ac42aed,0x53380d139d95b3df - .quad 0x650a73548baf63de,0x766a0abb3c77b2a8 - .quad 0x81c2c92e47edaee6,0x92722c851482353b - .quad 0xa2bfe8a14cf10364,0xa81a664bbc423001 - .quad 0xc24b8b70d0f89791,0xc76c51a30654be30 - .quad 0xd192e819d6ef5218,0xd69906245565a910 - .quad 0xf40e35855771202a,0x106aa07032bbd1b8 - .quad 0x19a4c116b8d2d0c8,0x1e376c085141ab53 - .quad 0x2748774cdf8eeb99,0x34b0bcb5e19b48a8 - .quad 0x391c0cb3c5c95a63,0x4ed8aa4ae3418acb - .quad 0x5b9cca4f7763e373,0x682e6ff3d6b2b8a3 - .quad 0x748f82ee5defb2fc,0x78a5636f43172f60 - .quad 0x84c87814a1f0ab72,0x8cc702081a6439ec - .quad 0x90befffa23631e28,0xa4506cebde82bde9 - .quad 0xbef9a3f7b2c67915,0xc67178f2e372532b - .quad 0xca273eceea26619c,0xd186b8c721c0c207 - .quad 0xeada7dd6cde0eb1e,0xf57d4f7fee6ed178 - .quad 0x06f067aa72176fba,0x0a637dc5a2c898a6 - .quad 0x113f9804bef90dae,0x1b710b35131c471b - .quad 0x28db77f523047d84,0x32caab7b40c72493 - .quad 0x3c9ebe0a15c9bebc,0x431d67c49c100d4c - .quad 0x4cc5d4becb3e42b6,0x597f299cfc657e2a - .quad 0x5fcb6fab3ad6faec,0x6c44198c4a475817 - .quad 0 // terminator -___ -$code.=<<___ if ($SZ==4); - .long 0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5 - .long 0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5 - .long 0xd807aa98,0x12835b01,0x243185be,0x550c7dc3 - .long 0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174 - .long 0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc - .long 0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da - .long 0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7 - .long 0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967 - .long 0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13 - .long 0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85 - .long 0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3 - .long 0xd192e819,0xd6990624,0xf40e3585,0x106aa070 - .long 0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5 - .long 0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3 - .long 0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208 - .long 0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2 - .long 0 //terminator -___ -$code.=<<___; -.size .LK$BITS,.-.LK$BITS -.asciz "SHA$BITS block transform for ARMv8, CRYPTOGAMS by " -.align 2 -___ - -if ($SZ==4) { -my $Ktbl="x3"; - -my ($ABCD,$EFGH,$abcd)=map("v$_.16b",(0..2)); -my @MSG=map("v$_.16b",(4..7)); -my ($W0,$W1)=("v16.4s","v17.4s"); -my ($ABCD_SAVE,$EFGH_SAVE)=("v18.16b","v19.16b"); - -$code.=<<___; -#ifndef __KERNEL__ -.type sha256_block_armv8,%function -.align 6 -sha256_block_armv8: -.Lv8_entry: - stp x29,x30,[sp,#-16]! - add x29,sp,#0 - - ld1.32 {$ABCD,$EFGH},[$ctx] - adr $Ktbl,.LK256 - -.Loop_hw: - ld1 {@MSG[0]-@MSG[3]},[$inp],#64 - sub $num,$num,#1 - ld1.32 {$W0},[$Ktbl],#16 - rev32 @MSG[0],@MSG[0] - rev32 @MSG[1],@MSG[1] - rev32 @MSG[2],@MSG[2] - rev32 @MSG[3],@MSG[3] - orr $ABCD_SAVE,$ABCD,$ABCD // offload - orr $EFGH_SAVE,$EFGH,$EFGH -___ -for($i=0;$i<12;$i++) { -$code.=<<___; - ld1.32 {$W1},[$Ktbl],#16 - add.i32 $W0,$W0,@MSG[0] - sha256su0 @MSG[0],@MSG[1] - orr $abcd,$ABCD,$ABCD - sha256h $ABCD,$EFGH,$W0 - sha256h2 $EFGH,$abcd,$W0 - sha256su1 @MSG[0],@MSG[2],@MSG[3] -___ - ($W0,$W1)=($W1,$W0); push(@MSG,shift(@MSG)); -} -$code.=<<___; - ld1.32 {$W1},[$Ktbl],#16 - add.i32 $W0,$W0,@MSG[0] - orr $abcd,$ABCD,$ABCD - sha256h $ABCD,$EFGH,$W0 - sha256h2 $EFGH,$abcd,$W0 - - ld1.32 {$W0},[$Ktbl],#16 - add.i32 $W1,$W1,@MSG[1] - orr $abcd,$ABCD,$ABCD - sha256h $ABCD,$EFGH,$W1 - sha256h2 $EFGH,$abcd,$W1 - - ld1.32 {$W1},[$Ktbl] - add.i32 $W0,$W0,@MSG[2] - sub $Ktbl,$Ktbl,#$rounds*$SZ-16 // rewind - orr $abcd,$ABCD,$ABCD - sha256h $ABCD,$EFGH,$W0 - sha256h2 $EFGH,$abcd,$W0 - - add.i32 $W1,$W1,@MSG[3] - orr $abcd,$ABCD,$ABCD - sha256h $ABCD,$EFGH,$W1 - sha256h2 $EFGH,$abcd,$W1 - - add.i32 $ABCD,$ABCD,$ABCD_SAVE - add.i32 $EFGH,$EFGH,$EFGH_SAVE - - cbnz $num,.Loop_hw - - st1.32 {$ABCD,$EFGH},[$ctx] - - ldr x29,[sp],#16 - ret -.size sha256_block_armv8,.-sha256_block_armv8 -#endif -___ -} - -if ($SZ==4) { ######################################### NEON stuff # -# You'll surely note a lot of similarities with sha256-armv4 module, -# and of course it's not a coincidence. sha256-armv4 was used as -# initial template, but was adapted for ARMv8 instruction set and -# extensively re-tuned for all-round performance. - -my @V = ($A,$B,$C,$D,$E,$F,$G,$H) = map("w$_",(3..10)); -my ($t0,$t1,$t2,$t3,$t4) = map("w$_",(11..15)); -my $Ktbl="x16"; -my $Xfer="x17"; -my @X = map("q$_",(0..3)); -my ($T0,$T1,$T2,$T3,$T4,$T5,$T6,$T7) = map("q$_",(4..7,16..19)); -my $j=0; - -sub AUTOLOAD() # thunk [simplified] x86-style perlasm -{ my $opcode = $AUTOLOAD; $opcode =~ s/.*:://; $opcode =~ s/_/\./; - my $arg = pop; - $arg = "#$arg" if ($arg*1 eq $arg); - $code .= "\t$opcode\t".join(',',@_,$arg)."\n"; -} - -sub Dscalar { shift =~ m|[qv]([0-9]+)|?"d$1":""; } -sub Dlo { shift =~ m|[qv]([0-9]+)|?"v$1.d[0]":""; } -sub Dhi { shift =~ m|[qv]([0-9]+)|?"v$1.d[1]":""; } - -sub Xupdate() -{ use integer; - my $body = shift; - my @insns = (&$body,&$body,&$body,&$body); - my ($a,$b,$c,$d,$e,$f,$g,$h); - - &ext_8 ($T0,@X[0],@X[1],4); # X[1..4] - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - &ext_8 ($T3,@X[2],@X[3],4); # X[9..12] - eval(shift(@insns)); - eval(shift(@insns)); - &mov (&Dscalar($T7),&Dhi(@X[3])); # X[14..15] - eval(shift(@insns)); - eval(shift(@insns)); - &ushr_32 ($T2,$T0,$sigma0[0]); - eval(shift(@insns)); - &ushr_32 ($T1,$T0,$sigma0[2]); - eval(shift(@insns)); - &add_32 (@X[0],@X[0],$T3); # X[0..3] += X[9..12] - eval(shift(@insns)); - &sli_32 ($T2,$T0,32-$sigma0[0]); - eval(shift(@insns)); - eval(shift(@insns)); - &ushr_32 ($T3,$T0,$sigma0[1]); - eval(shift(@insns)); - eval(shift(@insns)); - &eor_8 ($T1,$T1,$T2); - eval(shift(@insns)); - eval(shift(@insns)); - &sli_32 ($T3,$T0,32-$sigma0[1]); - eval(shift(@insns)); - eval(shift(@insns)); - &ushr_32 ($T4,$T7,$sigma1[0]); - eval(shift(@insns)); - eval(shift(@insns)); - &eor_8 ($T1,$T1,$T3); # sigma0(X[1..4]) - eval(shift(@insns)); - eval(shift(@insns)); - &sli_32 ($T4,$T7,32-$sigma1[0]); - eval(shift(@insns)); - eval(shift(@insns)); - &ushr_32 ($T5,$T7,$sigma1[2]); - eval(shift(@insns)); - eval(shift(@insns)); - &ushr_32 ($T3,$T7,$sigma1[1]); - eval(shift(@insns)); - eval(shift(@insns)); - &add_32 (@X[0],@X[0],$T1); # X[0..3] += sigma0(X[1..4]) - eval(shift(@insns)); - eval(shift(@insns)); - &sli_u32 ($T3,$T7,32-$sigma1[1]); - eval(shift(@insns)); - eval(shift(@insns)); - &eor_8 ($T5,$T5,$T4); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - &eor_8 ($T5,$T5,$T3); # sigma1(X[14..15]) - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - &add_32 (@X[0],@X[0],$T5); # X[0..1] += sigma1(X[14..15]) - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - &ushr_32 ($T6,@X[0],$sigma1[0]); - eval(shift(@insns)); - &ushr_32 ($T7,@X[0],$sigma1[2]); - eval(shift(@insns)); - eval(shift(@insns)); - &sli_32 ($T6,@X[0],32-$sigma1[0]); - eval(shift(@insns)); - &ushr_32 ($T5,@X[0],$sigma1[1]); - eval(shift(@insns)); - eval(shift(@insns)); - &eor_8 ($T7,$T7,$T6); - eval(shift(@insns)); - eval(shift(@insns)); - &sli_32 ($T5,@X[0],32-$sigma1[1]); - eval(shift(@insns)); - eval(shift(@insns)); - &ld1_32 ("{$T0}","[$Ktbl], #16"); - eval(shift(@insns)); - &eor_8 ($T7,$T7,$T5); # sigma1(X[16..17]) - eval(shift(@insns)); - eval(shift(@insns)); - &eor_8 ($T5,$T5,$T5); - eval(shift(@insns)); - eval(shift(@insns)); - &mov (&Dhi($T5), &Dlo($T7)); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - &add_32 (@X[0],@X[0],$T5); # X[2..3] += sigma1(X[16..17]) - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - &add_32 ($T0,$T0,@X[0]); - while($#insns>=1) { eval(shift(@insns)); } - &st1_32 ("{$T0}","[$Xfer], #16"); - eval(shift(@insns)); - - push(@X,shift(@X)); # "rotate" X[] -} - -sub Xpreload() -{ use integer; - my $body = shift; - my @insns = (&$body,&$body,&$body,&$body); - my ($a,$b,$c,$d,$e,$f,$g,$h); - - eval(shift(@insns)); - eval(shift(@insns)); - &ld1_8 ("{@X[0]}","[$inp],#16"); - eval(shift(@insns)); - eval(shift(@insns)); - &ld1_32 ("{$T0}","[$Ktbl],#16"); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - &rev32 (@X[0],@X[0]); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - &add_32 ($T0,$T0,@X[0]); - foreach (@insns) { eval; } # remaining instructions - &st1_32 ("{$T0}","[$Xfer], #16"); - - push(@X,shift(@X)); # "rotate" X[] -} - -sub body_00_15 () { - ( - '($a,$b,$c,$d,$e,$f,$g,$h)=@V;'. - '&add ($h,$h,$t1)', # h+=X[i]+K[i] - '&add ($a,$a,$t4);'. # h+=Sigma0(a) from the past - '&and ($t1,$f,$e)', - '&bic ($t4,$g,$e)', - '&eor ($t0,$e,$e,"ror#".($Sigma1[1]-$Sigma1[0]))', - '&add ($a,$a,$t2)', # h+=Maj(a,b,c) from the past - '&orr ($t1,$t1,$t4)', # Ch(e,f,g) - '&eor ($t0,$t0,$e,"ror#".($Sigma1[2]-$Sigma1[0]))', # Sigma1(e) - '&eor ($t4,$a,$a,"ror#".($Sigma0[1]-$Sigma0[0]))', - '&add ($h,$h,$t1)', # h+=Ch(e,f,g) - '&ror ($t0,$t0,"#$Sigma1[0]")', - '&eor ($t2,$a,$b)', # a^b, b^c in next round - '&eor ($t4,$t4,$a,"ror#".($Sigma0[2]-$Sigma0[0]))', # Sigma0(a) - '&add ($h,$h,$t0)', # h+=Sigma1(e) - '&ldr ($t1,sprintf "[sp,#%d]",4*(($j+1)&15)) if (($j&15)!=15);'. - '&ldr ($t1,"[$Ktbl]") if ($j==15);'. - '&and ($t3,$t3,$t2)', # (b^c)&=(a^b) - '&ror ($t4,$t4,"#$Sigma0[0]")', - '&add ($d,$d,$h)', # d+=h - '&eor ($t3,$t3,$b)', # Maj(a,b,c) - '$j++; unshift(@V,pop(@V)); ($t2,$t3)=($t3,$t2);' - ) -} - -$code.=<<___; -#ifdef __KERNEL__ -.globl sha256_block_neon -#endif -.type sha256_block_neon,%function -.align 4 -sha256_block_neon: -.Lneon_entry: - stp x29, x30, [sp, #-16]! - mov x29, sp - sub sp,sp,#16*4 - - adr $Ktbl,.LK256 - add $num,$inp,$num,lsl#6 // len to point at the end of inp - - ld1.8 {@X[0]},[$inp], #16 - ld1.8 {@X[1]},[$inp], #16 - ld1.8 {@X[2]},[$inp], #16 - ld1.8 {@X[3]},[$inp], #16 - ld1.32 {$T0},[$Ktbl], #16 - ld1.32 {$T1},[$Ktbl], #16 - ld1.32 {$T2},[$Ktbl], #16 - ld1.32 {$T3},[$Ktbl], #16 - rev32 @X[0],@X[0] // yes, even on - rev32 @X[1],@X[1] // big-endian - rev32 @X[2],@X[2] - rev32 @X[3],@X[3] - mov $Xfer,sp - add.32 $T0,$T0,@X[0] - add.32 $T1,$T1,@X[1] - add.32 $T2,$T2,@X[2] - st1.32 {$T0-$T1},[$Xfer], #32 - add.32 $T3,$T3,@X[3] - st1.32 {$T2-$T3},[$Xfer] - sub $Xfer,$Xfer,#32 - - ldp $A,$B,[$ctx] - ldp $C,$D,[$ctx,#8] - ldp $E,$F,[$ctx,#16] - ldp $G,$H,[$ctx,#24] - ldr $t1,[sp,#0] - mov $t2,wzr - eor $t3,$B,$C - mov $t4,wzr - b .L_00_48 - -.align 4 -.L_00_48: -___ - &Xupdate(\&body_00_15); - &Xupdate(\&body_00_15); - &Xupdate(\&body_00_15); - &Xupdate(\&body_00_15); -$code.=<<___; - cmp $t1,#0 // check for K256 terminator - ldr $t1,[sp,#0] - sub $Xfer,$Xfer,#64 - bne .L_00_48 - - sub $Ktbl,$Ktbl,#256 // rewind $Ktbl - cmp $inp,$num - mov $Xfer, #64 - csel $Xfer, $Xfer, xzr, eq - sub $inp,$inp,$Xfer // avoid SEGV - mov $Xfer,sp -___ - &Xpreload(\&body_00_15); - &Xpreload(\&body_00_15); - &Xpreload(\&body_00_15); - &Xpreload(\&body_00_15); -$code.=<<___; - add $A,$A,$t4 // h+=Sigma0(a) from the past - ldp $t0,$t1,[$ctx,#0] - add $A,$A,$t2 // h+=Maj(a,b,c) from the past - ldp $t2,$t3,[$ctx,#8] - add $A,$A,$t0 // accumulate - add $B,$B,$t1 - ldp $t0,$t1,[$ctx,#16] - add $C,$C,$t2 - add $D,$D,$t3 - ldp $t2,$t3,[$ctx,#24] - add $E,$E,$t0 - add $F,$F,$t1 - ldr $t1,[sp,#0] - stp $A,$B,[$ctx,#0] - add $G,$G,$t2 - mov $t2,wzr - stp $C,$D,[$ctx,#8] - add $H,$H,$t3 - stp $E,$F,[$ctx,#16] - eor $t3,$B,$C - stp $G,$H,[$ctx,#24] - mov $t4,wzr - mov $Xfer,sp - b.ne .L_00_48 - - ldr x29,[x29] - add sp,sp,#16*4+16 - ret -.size sha256_block_neon,.-sha256_block_neon -___ -} - -if ($SZ==8) { -my $Ktbl="x3"; - -my @H = map("v$_.16b",(0..4)); -my ($fg,$de,$m9_10)=map("v$_.16b",(5..7)); -my @MSG=map("v$_.16b",(16..23)); -my ($W0,$W1)=("v24.2d","v25.2d"); -my ($AB,$CD,$EF,$GH)=map("v$_.16b",(26..29)); - -$code.=<<___; -#ifndef __KERNEL__ -.type sha512_block_armv8,%function -.align 6 -sha512_block_armv8: -.Lv8_entry: - stp x29,x30,[sp,#-16]! - add x29,sp,#0 - - ld1 {@MSG[0]-@MSG[3]},[$inp],#64 // load input - ld1 {@MSG[4]-@MSG[7]},[$inp],#64 - - ld1.64 {@H[0]-@H[3]},[$ctx] // load context - adr $Ktbl,.LK512 - - rev64 @MSG[0],@MSG[0] - rev64 @MSG[1],@MSG[1] - rev64 @MSG[2],@MSG[2] - rev64 @MSG[3],@MSG[3] - rev64 @MSG[4],@MSG[4] - rev64 @MSG[5],@MSG[5] - rev64 @MSG[6],@MSG[6] - rev64 @MSG[7],@MSG[7] - b .Loop_hw - -.align 4 -.Loop_hw: - ld1.64 {$W0},[$Ktbl],#16 - subs $num,$num,#1 - sub x4,$inp,#128 - orr $AB,@H[0],@H[0] // offload - orr $CD,@H[1],@H[1] - orr $EF,@H[2],@H[2] - orr $GH,@H[3],@H[3] - csel $inp,$inp,x4,ne // conditional rewind -___ -for($i=0;$i<32;$i++) { -$code.=<<___; - add.i64 $W0,$W0,@MSG[0] - ld1.64 {$W1},[$Ktbl],#16 - ext $W0,$W0,$W0,#8 - ext $fg,@H[2],@H[3],#8 - ext $de,@H[1],@H[2],#8 - add.i64 @H[3],@H[3],$W0 // "T1 + H + K512[i]" - sha512su0 @MSG[0],@MSG[1] - ext $m9_10,@MSG[4],@MSG[5],#8 - sha512h @H[3],$fg,$de - sha512su1 @MSG[0],@MSG[7],$m9_10 - add.i64 @H[4],@H[1],@H[3] // "D + T1" - sha512h2 @H[3],$H[1],@H[0] -___ - ($W0,$W1)=($W1,$W0); push(@MSG,shift(@MSG)); - @H = (@H[3],@H[0],@H[4],@H[2],@H[1]); -} -for(;$i<40;$i++) { -$code.=<<___ if ($i<39); - ld1.64 {$W1},[$Ktbl],#16 -___ -$code.=<<___ if ($i==39); - sub $Ktbl,$Ktbl,#$rounds*$SZ // rewind -___ -$code.=<<___; - add.i64 $W0,$W0,@MSG[0] - ld1 {@MSG[0]},[$inp],#16 // load next input - ext $W0,$W0,$W0,#8 - ext $fg,@H[2],@H[3],#8 - ext $de,@H[1],@H[2],#8 - add.i64 @H[3],@H[3],$W0 // "T1 + H + K512[i]" - sha512h @H[3],$fg,$de - rev64 @MSG[0],@MSG[0] - add.i64 @H[4],@H[1],@H[3] // "D + T1" - sha512h2 @H[3],$H[1],@H[0] -___ - ($W0,$W1)=($W1,$W0); push(@MSG,shift(@MSG)); - @H = (@H[3],@H[0],@H[4],@H[2],@H[1]); -} -$code.=<<___; - add.i64 @H[0],@H[0],$AB // accumulate - add.i64 @H[1],@H[1],$CD - add.i64 @H[2],@H[2],$EF - add.i64 @H[3],@H[3],$GH - - cbnz $num,.Loop_hw - - st1.64 {@H[0]-@H[3]},[$ctx] // store context - - ldr x29,[sp],#16 - ret -.size sha512_block_armv8,.-sha512_block_armv8 -#endif -___ -} - -{ my %opcode = ( - "sha256h" => 0x5e004000, "sha256h2" => 0x5e005000, - "sha256su0" => 0x5e282800, "sha256su1" => 0x5e006000 ); - - sub unsha256 { - my ($mnemonic,$arg)=@_; - - $arg =~ m/[qv]([0-9]+)[^,]*,\s*[qv]([0-9]+)[^,]*(?:,\s*[qv]([0-9]+))?/o - && - sprintf ".inst\t0x%08x\t//%s %s", - $opcode{$mnemonic}|$1|($2<<5)|($3<<16), - $mnemonic,$arg; - } -} - -{ my %opcode = ( - "sha512h" => 0xce608000, "sha512h2" => 0xce608400, - "sha512su0" => 0xcec08000, "sha512su1" => 0xce608800 ); - - sub unsha512 { - my ($mnemonic,$arg)=@_; - - $arg =~ m/[qv]([0-9]+)[^,]*,\s*[qv]([0-9]+)[^,]*(?:,\s*[qv]([0-9]+))?/o - && - sprintf ".inst\t0x%08x\t//%s %s", - $opcode{$mnemonic}|$1|($2<<5)|($3<<16), - $mnemonic,$arg; - } -} - -open SELF,$0; -while() { - next if (/^#!/); - last if (!s/^#/\/\// and !/^$/); - print; -} -close SELF; - -foreach(split("\n",$code)) { - - s/\`([^\`]*)\`/eval($1)/ge; - - s/\b(sha512\w+)\s+([qv].*)/unsha512($1,$2)/ge or - s/\b(sha256\w+)\s+([qv].*)/unsha256($1,$2)/ge; - - s/\bq([0-9]+)\b/v$1.16b/g; # old->new registers - - s/\.[ui]?8(\s)/$1/; - s/\.\w?64\b// and s/\.16b/\.2d/g or - s/\.\w?32\b// and s/\.16b/\.4s/g; - m/\bext\b/ and s/\.2d/\.16b/g or - m/(ld|st)1[^\[]+\[0\]/ and s/\.4s/\.s/g; - - print $_,"\n"; -} - -close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/sha/asm/sha512-c64xplus.pl b/crypto/sha/asm/sha512-c64xplus.pl deleted file mode 100644 index 867f2a42d65bcebe003412ac950076d73c17cf4d..0000000000000000000000000000000000000000 --- a/crypto/sha/asm/sha512-c64xplus.pl +++ /dev/null @@ -1,437 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2012-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - -# -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# ==================================================================== -# -# SHA512 for C64x+. -# -# January 2012 -# -# Performance is 19 cycles per processed byte. Compared to block -# transform function from sha512.c compiled with cl6x with -mv6400+ -# -o2 -DOPENSSL_SMALL_FOOTPRINT it's almost 7x faster and 2x smaller. -# Loop unroll won't make it, this implementation, any faster, because -# it's effectively dominated by SHRU||SHL pairs and you can't schedule -# more of them. -# -# !!! Note that this module uses AMR, which means that all interrupt -# service routines are expected to preserve it and for own well-being -# zero it upon entry. - -($output = pop) =~ m|\.\w+$| and open STDOUT,">$output"; - -($CTXA,$INP,$NUM) = ("A4","B4","A6"); # arguments - $K512="A3"; - -($Ahi,$Actxhi,$Bhi,$Bctxhi,$Chi,$Cctxhi,$Dhi,$Dctxhi, - $Ehi,$Ectxhi,$Fhi,$Fctxhi,$Ghi,$Gctxhi,$Hhi,$Hctxhi)=map("A$_",(16..31)); -($Alo,$Actxlo,$Blo,$Bctxlo,$Clo,$Cctxlo,$Dlo,$Dctxlo, - $Elo,$Ectxlo,$Flo,$Fctxlo,$Glo,$Gctxlo,$Hlo,$Hctxlo)=map("B$_",(16..31)); - -($S1hi,$CHhi,$S0hi,$t0hi)=map("A$_",(10..13)); -($S1lo,$CHlo,$S0lo,$t0lo)=map("B$_",(10..13)); -($T1hi, $T2hi)= ("A6","A7"); -($T1lo,$T1carry,$T2lo,$T2carry)=("B6","B7","B8","B9"); -($Khi,$Klo)=("A9","A8"); -($MAJhi,$MAJlo)=($T2hi,$T2lo); -($t1hi,$t1lo)=($Khi,"B2"); - $CTXB=$t1lo; - -($Xihi,$Xilo)=("A5","B5"); # circular/ring buffer - -$code.=<<___; - .text - - .if .ASSEMBLER_VERSION<7000000 - .asg 0,__TI_EABI__ - .endif - .if __TI_EABI__ - .nocmp - .asg sha512_block_data_order,_sha512_block_data_order - .endif - - .asg B3,RA - .asg A15,FP - .asg B15,SP - - .if .BIG_ENDIAN - .asg $Khi,KHI - .asg $Klo,KLO - .else - .asg $Khi,KLO - .asg $Klo,KHI - .endif - - .global _sha512_block_data_order -_sha512_block_data_order: -__sha512_block: - .asmfunc stack_usage(40+128) - MV $NUM,A0 ; reassign $NUM -|| MVK -128,B0 - [!A0] BNOP RA ; if ($NUM==0) return; -|| [A0] STW FP,*SP--(40) ; save frame pointer -|| [A0] MV SP,FP - [A0] STDW B13:B12,*SP[4] -|| [A0] MVK 0x00404,B1 - [A0] STDW B11:B10,*SP[3] -|| [A0] STDW A13:A12,*FP[-3] -|| [A0] MVKH 0x60000,B1 - [A0] STDW A11:A10,*SP[1] -|| [A0] MVC B1,AMR ; setup circular addressing -|| [A0] ADD B0,SP,SP ; alloca(128) - .if __TI_EABI__ - [A0] AND B0,SP,SP ; align stack at 128 bytes -|| [A0] ADDKPC __sha512_block,B1 -|| [A0] MVKL \$PCR_OFFSET(K512,__sha512_block),$K512 - [A0] MVKH \$PCR_OFFSET(K512,__sha512_block),$K512 -|| [A0] SUBAW SP,2,SP ; reserve two words above buffer - .else - [A0] AND B0,SP,SP ; align stack at 128 bytes -|| [A0] ADDKPC __sha512_block,B1 -|| [A0] MVKL (K512-__sha512_block),$K512 - [A0] MVKH (K512-__sha512_block),$K512 -|| [A0] SUBAW SP,2,SP ; reserve two words above buffer - .endif - ADDAW SP,3,$Xilo - ADDAW SP,2,$Xihi - -|| MV $CTXA,$CTXB - LDW *${CTXA}[0^.LITTLE_ENDIAN],$Ahi ; load ctx -|| LDW *${CTXB}[1^.LITTLE_ENDIAN],$Alo -|| ADD B1,$K512,$K512 - LDW *${CTXA}[2^.LITTLE_ENDIAN],$Bhi -|| LDW *${CTXB}[3^.LITTLE_ENDIAN],$Blo - LDW *${CTXA}[4^.LITTLE_ENDIAN],$Chi -|| LDW *${CTXB}[5^.LITTLE_ENDIAN],$Clo - LDW *${CTXA}[6^.LITTLE_ENDIAN],$Dhi -|| LDW *${CTXB}[7^.LITTLE_ENDIAN],$Dlo - LDW *${CTXA}[8^.LITTLE_ENDIAN],$Ehi -|| LDW *${CTXB}[9^.LITTLE_ENDIAN],$Elo - LDW *${CTXA}[10^.LITTLE_ENDIAN],$Fhi -|| LDW *${CTXB}[11^.LITTLE_ENDIAN],$Flo - LDW *${CTXA}[12^.LITTLE_ENDIAN],$Ghi -|| LDW *${CTXB}[13^.LITTLE_ENDIAN],$Glo - LDW *${CTXA}[14^.LITTLE_ENDIAN],$Hhi -|| LDW *${CTXB}[15^.LITTLE_ENDIAN],$Hlo - - LDNDW *$INP++,B11:B10 ; pre-fetch input - LDDW *$K512++,$Khi:$Klo ; pre-fetch K512[0] -outerloop?: - MVK 15,B0 ; loop counters -|| MVK 64,B1 -|| SUB A0,1,A0 - MV $Ahi,$Actxhi -|| MV $Alo,$Actxlo -|| MV $Bhi,$Bctxhi -|| MV $Blo,$Bctxlo -|| MV $Chi,$Cctxhi -|| MV $Clo,$Cctxlo -|| MVD $Dhi,$Dctxhi -|| MVD $Dlo,$Dctxlo - MV $Ehi,$Ectxhi -|| MV $Elo,$Ectxlo -|| MV $Fhi,$Fctxhi -|| MV $Flo,$Fctxlo -|| MV $Ghi,$Gctxhi -|| MV $Glo,$Gctxlo -|| MVD $Hhi,$Hctxhi -|| MVD $Hlo,$Hctxlo -loop0_15?: - .if .BIG_ENDIAN - MV B11,$T1hi -|| MV B10,$T1lo - .else - SWAP4 B10,$T1hi -|| SWAP4 B11,$T1lo - SWAP2 $T1hi,$T1hi -|| SWAP2 $T1lo,$T1lo - .endif -loop16_79?: - STW $T1hi,*$Xihi++[2] -|| STW $T1lo,*$Xilo++[2] ; X[i] = T1 -|| ADD $Hhi,$T1hi,$T1hi -|| ADDU $Hlo,$T1lo,$T1carry:$T1lo ; T1 += h -|| SHRU $Ehi,14,$S1hi -|| SHL $Ehi,32-14,$S1lo - XOR $Fhi,$Ghi,$CHhi -|| XOR $Flo,$Glo,$CHlo -|| ADD KHI,$T1hi,$T1hi -|| ADDU KLO,$T1carry:$T1lo,$T1carry:$T1lo ; T1 += K512[i] -|| SHRU $Elo,14,$t0lo -|| SHL $Elo,32-14,$t0hi - XOR $t0hi,$S1hi,$S1hi -|| XOR $t0lo,$S1lo,$S1lo -|| AND $Ehi,$CHhi,$CHhi -|| AND $Elo,$CHlo,$CHlo -|| ROTL $Ghi,0,$Hhi -|| ROTL $Glo,0,$Hlo ; h = g -|| SHRU $Ehi,18,$t0hi -|| SHL $Ehi,32-18,$t0lo - XOR $t0hi,$S1hi,$S1hi -|| XOR $t0lo,$S1lo,$S1lo -|| XOR $Ghi,$CHhi,$CHhi -|| XOR $Glo,$CHlo,$CHlo ; Ch(e,f,g) = ((f^g)&e)^g -|| ROTL $Fhi,0,$Ghi -|| ROTL $Flo,0,$Glo ; g = f -|| SHRU $Elo,18,$t0lo -|| SHL $Elo,32-18,$t0hi - XOR $t0hi,$S1hi,$S1hi -|| XOR $t0lo,$S1lo,$S1lo -|| OR $Ahi,$Bhi,$MAJhi -|| OR $Alo,$Blo,$MAJlo -|| ROTL $Ehi,0,$Fhi -|| ROTL $Elo,0,$Flo ; f = e -|| SHRU $Ehi,41-32,$t0lo -|| SHL $Ehi,64-41,$t0hi - XOR $t0hi,$S1hi,$S1hi -|| XOR $t0lo,$S1lo,$S1lo -|| AND $Chi,$MAJhi,$MAJhi -|| AND $Clo,$MAJlo,$MAJlo -|| ROTL $Dhi,0,$Ehi -|| ROTL $Dlo,0,$Elo ; e = d -|| SHRU $Elo,41-32,$t0hi -|| SHL $Elo,64-41,$t0lo - XOR $t0hi,$S1hi,$S1hi -|| XOR $t0lo,$S1lo,$S1lo ; Sigma1(e) -|| AND $Ahi,$Bhi,$t1hi -|| AND $Alo,$Blo,$t1lo -|| ROTL $Chi,0,$Dhi -|| ROTL $Clo,0,$Dlo ; d = c -|| SHRU $Ahi,28,$S0hi -|| SHL $Ahi,32-28,$S0lo - OR $t1hi,$MAJhi,$MAJhi -|| OR $t1lo,$MAJlo,$MAJlo ; Maj(a,b,c) = ((a|b)&c)|(a&b) -|| ADD $CHhi,$T1hi,$T1hi -|| ADDU $CHlo,$T1carry:$T1lo,$T1carry:$T1lo ; T1 += Ch(e,f,g) -|| ROTL $Bhi,0,$Chi -|| ROTL $Blo,0,$Clo ; c = b -|| SHRU $Alo,28,$t0lo -|| SHL $Alo,32-28,$t0hi - XOR $t0hi,$S0hi,$S0hi -|| XOR $t0lo,$S0lo,$S0lo -|| ADD $S1hi,$T1hi,$T1hi -|| ADDU $S1lo,$T1carry:$T1lo,$T1carry:$T1lo ; T1 += Sigma1(e) -|| ROTL $Ahi,0,$Bhi -|| ROTL $Alo,0,$Blo ; b = a -|| SHRU $Ahi,34-32,$t0lo -|| SHL $Ahi,64-34,$t0hi - XOR $t0hi,$S0hi,$S0hi -|| XOR $t0lo,$S0lo,$S0lo -|| ADD $MAJhi,$T1hi,$T2hi -|| ADDU $MAJlo,$T1carry:$T1lo,$T2carry:$T2lo ; T2 = T1+Maj(a,b,c) -|| SHRU $Alo,34-32,$t0hi -|| SHL $Alo,64-34,$t0lo - XOR $t0hi,$S0hi,$S0hi -|| XOR $t0lo,$S0lo,$S0lo -|| ADD $Ehi,$T1hi,$T1hi -|| ADDU $Elo,$T1carry:$T1lo,$T1carry:$T1lo ; T1 += e -|| [B0] BNOP loop0_15? -|| SHRU $Ahi,39-32,$t0lo -|| SHL $Ahi,64-39,$t0hi - XOR $t0hi,$S0hi,$S0hi -|| XOR $t0lo,$S0lo,$S0lo -|| [B0] LDNDW *$INP++,B11:B10 ; pre-fetch input -||[!B1] BNOP break? -|| SHRU $Alo,39-32,$t0hi -|| SHL $Alo,64-39,$t0lo - XOR $t0hi,$S0hi,$S0hi -|| XOR $t0lo,$S0lo,$S0lo ; Sigma0(a) -|| ADD $T1carry,$T1hi,$Ehi -|| MV $T1lo,$Elo ; e = T1 -||[!B0] LDW *${Xihi}[28],$T1hi -||[!B0] LDW *${Xilo}[28],$T1lo ; X[i+14] - ADD $S0hi,$T2hi,$T2hi -|| ADDU $S0lo,$T2carry:$T2lo,$T2carry:$T2lo ; T2 += Sigma0(a) -|| [B1] LDDW *$K512++,$Khi:$Klo ; pre-fetch K512[i] - NOP ; avoid cross-path stall - ADD $T2carry,$T2hi,$Ahi -|| MV $T2lo,$Alo ; a = T2 -|| [B0] SUB B0,1,B0 -;;===== branch to loop00_15? is taken here - NOP -;;===== branch to break? is taken here - LDW *${Xihi}[2],$T2hi -|| LDW *${Xilo}[2],$T2lo ; X[i+1] -|| SHRU $T1hi,19,$S1hi -|| SHL $T1hi,32-19,$S1lo - SHRU $T1lo,19,$t0lo -|| SHL $T1lo,32-19,$t0hi - XOR $t0hi,$S1hi,$S1hi -|| XOR $t0lo,$S1lo,$S1lo -|| SHRU $T1hi,61-32,$t0lo -|| SHL $T1hi,64-61,$t0hi - XOR $t0hi,$S1hi,$S1hi -|| XOR $t0lo,$S1lo,$S1lo -|| SHRU $T1lo,61-32,$t0hi -|| SHL $T1lo,64-61,$t0lo - XOR $t0hi,$S1hi,$S1hi -|| XOR $t0lo,$S1lo,$S1lo -|| SHRU $T1hi,6,$t0hi -|| SHL $T1hi,32-6,$t0lo - XOR $t0hi,$S1hi,$S1hi -|| XOR $t0lo,$S1lo,$S1lo -|| SHRU $T1lo,6,$t0lo -|| LDW *${Xihi}[18],$T1hi -|| LDW *${Xilo}[18],$T1lo ; X[i+9] - XOR $t0lo,$S1lo,$S1lo ; sigma1(Xi[i+14]) - -|| LDW *${Xihi}[0],$CHhi -|| LDW *${Xilo}[0],$CHlo ; X[i] -|| SHRU $T2hi,1,$S0hi -|| SHL $T2hi,32-1,$S0lo - SHRU $T2lo,1,$t0lo -|| SHL $T2lo,32-1,$t0hi - XOR $t0hi,$S0hi,$S0hi -|| XOR $t0lo,$S0lo,$S0lo -|| SHRU $T2hi,8,$t0hi -|| SHL $T2hi,32-8,$t0lo - XOR $t0hi,$S0hi,$S0hi -|| XOR $t0lo,$S0lo,$S0lo -|| SHRU $T2lo,8,$t0lo -|| SHL $T2lo,32-8,$t0hi - XOR $t0hi,$S0hi,$S0hi -|| XOR $t0lo,$S0lo,$S0lo -|| ADD $S1hi,$T1hi,$T1hi -|| ADDU $S1lo,$T1lo,$T1carry:$T1lo ; T1 = X[i+9]+sigma1() -|| [B1] BNOP loop16_79? -|| SHRU $T2hi,7,$t0hi -|| SHL $T2hi,32-7,$t0lo - XOR $t0hi,$S0hi,$S0hi -|| XOR $t0lo,$S0lo,$S0lo -|| ADD $CHhi,$T1hi,$T1hi -|| ADDU $CHlo,$T1carry:$T1lo,$T1carry:$T1lo ; T1 += X[i] -|| SHRU $T2lo,7,$t0lo - XOR $t0lo,$S0lo,$S0lo ; sigma0(Xi[i+1] - - ADD $S0hi,$T1hi,$T1hi -|| ADDU $S0lo,$T1carry:$T1lo,$T1carry:$T1lo ; T1 += sigma0() -|| [B1] SUB B1,1,B1 - NOP ; avoid cross-path stall - ADD $T1carry,$T1hi,$T1hi -;;===== branch to loop16_79? is taken here - -break?: - ADD $Ahi,$Actxhi,$Ahi ; accumulate ctx -|| ADDU $Alo,$Actxlo,$Actxlo:$Alo -|| [A0] LDNDW *$INP++,B11:B10 ; pre-fetch input -|| [A0] ADDK -640,$K512 ; rewind pointer to K512 - ADD $Bhi,$Bctxhi,$Bhi -|| ADDU $Blo,$Bctxlo,$Bctxlo:$Blo -|| [A0] LDDW *$K512++,$Khi:$Klo ; pre-fetch K512[0] - ADD $Chi,$Cctxhi,$Chi -|| ADDU $Clo,$Cctxlo,$Cctxlo:$Clo -|| ADD $Actxlo,$Ahi,$Ahi -||[!A0] MV $CTXA,$CTXB - ADD $Dhi,$Dctxhi,$Dhi -|| ADDU $Dlo,$Dctxlo,$Dctxlo:$Dlo -|| ADD $Bctxlo,$Bhi,$Bhi -||[!A0] STW $Ahi,*${CTXA}[0^.LITTLE_ENDIAN] ; save ctx -||[!A0] STW $Alo,*${CTXB}[1^.LITTLE_ENDIAN] - ADD $Ehi,$Ectxhi,$Ehi -|| ADDU $Elo,$Ectxlo,$Ectxlo:$Elo -|| ADD $Cctxlo,$Chi,$Chi -|| [A0] BNOP outerloop? -||[!A0] STW $Bhi,*${CTXA}[2^.LITTLE_ENDIAN] -||[!A0] STW $Blo,*${CTXB}[3^.LITTLE_ENDIAN] - ADD $Fhi,$Fctxhi,$Fhi -|| ADDU $Flo,$Fctxlo,$Fctxlo:$Flo -|| ADD $Dctxlo,$Dhi,$Dhi -||[!A0] STW $Chi,*${CTXA}[4^.LITTLE_ENDIAN] -||[!A0] STW $Clo,*${CTXB}[5^.LITTLE_ENDIAN] - ADD $Ghi,$Gctxhi,$Ghi -|| ADDU $Glo,$Gctxlo,$Gctxlo:$Glo -|| ADD $Ectxlo,$Ehi,$Ehi -||[!A0] STW $Dhi,*${CTXA}[6^.LITTLE_ENDIAN] -||[!A0] STW $Dlo,*${CTXB}[7^.LITTLE_ENDIAN] - ADD $Hhi,$Hctxhi,$Hhi -|| ADDU $Hlo,$Hctxlo,$Hctxlo:$Hlo -|| ADD $Fctxlo,$Fhi,$Fhi -||[!A0] STW $Ehi,*${CTXA}[8^.LITTLE_ENDIAN] -||[!A0] STW $Elo,*${CTXB}[9^.LITTLE_ENDIAN] - ADD $Gctxlo,$Ghi,$Ghi -||[!A0] STW $Fhi,*${CTXA}[10^.LITTLE_ENDIAN] -||[!A0] STW $Flo,*${CTXB}[11^.LITTLE_ENDIAN] - ADD $Hctxlo,$Hhi,$Hhi -||[!A0] STW $Ghi,*${CTXA}[12^.LITTLE_ENDIAN] -||[!A0] STW $Glo,*${CTXB}[13^.LITTLE_ENDIAN] -;;===== branch to outerloop? is taken here - - STW $Hhi,*${CTXA}[14^.LITTLE_ENDIAN] -|| STW $Hlo,*${CTXB}[15^.LITTLE_ENDIAN] -|| MVK -40,B0 - ADD FP,B0,SP ; destroy circular buffer -|| LDDW *FP[-4],A11:A10 - LDDW *SP[2],A13:A12 -|| LDDW *FP[-2],B11:B10 - LDDW *SP[4],B13:B12 -|| BNOP RA - LDW *++SP(40),FP ; restore frame pointer - MVK 0,B0 - MVC B0,AMR ; clear AMR - NOP 2 ; wait till FP is committed - .endasmfunc - - .if __TI_EABI__ - .sect ".text:sha_asm.const" - .else - .sect ".const:sha_asm" - .endif - .align 128 -K512: - .uword 0x428a2f98,0xd728ae22, 0x71374491,0x23ef65cd - .uword 0xb5c0fbcf,0xec4d3b2f, 0xe9b5dba5,0x8189dbbc - .uword 0x3956c25b,0xf348b538, 0x59f111f1,0xb605d019 - .uword 0x923f82a4,0xaf194f9b, 0xab1c5ed5,0xda6d8118 - .uword 0xd807aa98,0xa3030242, 0x12835b01,0x45706fbe - .uword 0x243185be,0x4ee4b28c, 0x550c7dc3,0xd5ffb4e2 - .uword 0x72be5d74,0xf27b896f, 0x80deb1fe,0x3b1696b1 - .uword 0x9bdc06a7,0x25c71235, 0xc19bf174,0xcf692694 - .uword 0xe49b69c1,0x9ef14ad2, 0xefbe4786,0x384f25e3 - .uword 0x0fc19dc6,0x8b8cd5b5, 0x240ca1cc,0x77ac9c65 - .uword 0x2de92c6f,0x592b0275, 0x4a7484aa,0x6ea6e483 - .uword 0x5cb0a9dc,0xbd41fbd4, 0x76f988da,0x831153b5 - .uword 0x983e5152,0xee66dfab, 0xa831c66d,0x2db43210 - .uword 0xb00327c8,0x98fb213f, 0xbf597fc7,0xbeef0ee4 - .uword 0xc6e00bf3,0x3da88fc2, 0xd5a79147,0x930aa725 - .uword 0x06ca6351,0xe003826f, 0x14292967,0x0a0e6e70 - .uword 0x27b70a85,0x46d22ffc, 0x2e1b2138,0x5c26c926 - .uword 0x4d2c6dfc,0x5ac42aed, 0x53380d13,0x9d95b3df - .uword 0x650a7354,0x8baf63de, 0x766a0abb,0x3c77b2a8 - .uword 0x81c2c92e,0x47edaee6, 0x92722c85,0x1482353b - .uword 0xa2bfe8a1,0x4cf10364, 0xa81a664b,0xbc423001 - .uword 0xc24b8b70,0xd0f89791, 0xc76c51a3,0x0654be30 - .uword 0xd192e819,0xd6ef5218, 0xd6990624,0x5565a910 - .uword 0xf40e3585,0x5771202a, 0x106aa070,0x32bbd1b8 - .uword 0x19a4c116,0xb8d2d0c8, 0x1e376c08,0x5141ab53 - .uword 0x2748774c,0xdf8eeb99, 0x34b0bcb5,0xe19b48a8 - .uword 0x391c0cb3,0xc5c95a63, 0x4ed8aa4a,0xe3418acb - .uword 0x5b9cca4f,0x7763e373, 0x682e6ff3,0xd6b2b8a3 - .uword 0x748f82ee,0x5defb2fc, 0x78a5636f,0x43172f60 - .uword 0x84c87814,0xa1f0ab72, 0x8cc70208,0x1a6439ec - .uword 0x90befffa,0x23631e28, 0xa4506ceb,0xde82bde9 - .uword 0xbef9a3f7,0xb2c67915, 0xc67178f2,0xe372532b - .uword 0xca273ece,0xea26619c, 0xd186b8c7,0x21c0c207 - .uword 0xeada7dd6,0xcde0eb1e, 0xf57d4f7f,0xee6ed178 - .uword 0x06f067aa,0x72176fba, 0x0a637dc5,0xa2c898a6 - .uword 0x113f9804,0xbef90dae, 0x1b710b35,0x131c471b - .uword 0x28db77f5,0x23047d84, 0x32caab7b,0x40c72493 - .uword 0x3c9ebe0a,0x15c9bebc, 0x431d67c4,0x9c100d4c - .uword 0x4cc5d4be,0xcb3e42b6, 0x597f299c,0xfc657e2a - .uword 0x5fcb6fab,0x3ad6faec, 0x6c44198c,0x4a475817 - .cstring "SHA512 block transform for C64x+, CRYPTOGAMS by " - .align 4 -___ - -print $code; -close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/sha/asm/sha512-ia64.pl b/crypto/sha/asm/sha512-ia64.pl deleted file mode 100755 index eccc6c92e767adaff5d2f0900d21cc6296a4fd97..0000000000000000000000000000000000000000 --- a/crypto/sha/asm/sha512-ia64.pl +++ /dev/null @@ -1,693 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - -# -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# ==================================================================== -# -# SHA256/512_Transform for Itanium. -# -# sha512_block runs in 1003 cycles on Itanium 2, which is almost 50% -# faster than gcc and >60%(!) faster than code generated by HP-UX -# compiler (yes, HP-UX is generating slower code, because unlike gcc, -# it failed to deploy "shift right pair," 'shrp' instruction, which -# substitutes for 64-bit rotate). -# -# 924 cycles long sha256_block outperforms gcc by over factor of 2(!) -# and HP-UX compiler - by >40% (yes, gcc won sha512_block, but lost -# this one big time). Note that "formally" 924 is about 100 cycles -# too much. I mean it's 64 32-bit rounds vs. 80 virtually identical -# 64-bit ones and 1003*64/80 gives 802. Extra cycles, 2 per round, -# are spent on extra work to provide for 32-bit rotations. 32-bit -# rotations are still handled by 'shrp' instruction and for this -# reason lower 32 bits are deposited to upper half of 64-bit register -# prior 'shrp' issue. And in order to minimize the amount of such -# operations, X[16] values are *maintained* with copies of lower -# halves in upper halves, which is why you'll spot such instructions -# as custom 'mux2', "parallel 32-bit add," 'padd4' and "parallel -# 32-bit unsigned right shift," 'pshr4.u' instructions here. -# -# Rules of engagement. -# -# There is only one integer shifter meaning that if I have two rotate, -# deposit or extract instructions in adjacent bundles, they shall -# split [at run-time if they have to]. But note that variable and -# parallel shifts are performed by multi-media ALU and *are* pairable -# with rotates [and alike]. On the backside MMALU is rather slow: it -# takes 2 extra cycles before the result of integer operation is -# available *to* MMALU and 2(*) extra cycles before the result of MM -# operation is available "back" *to* integer ALU, not to mention that -# MMALU itself has 2 cycles latency. However! I explicitly scheduled -# these MM instructions to avoid MM stalls, so that all these extra -# latencies get "hidden" in instruction-level parallelism. -# -# (*) 2 cycles on Itanium 1 and 1 cycle on Itanium 2. But I schedule -# for 2 in order to provide for best *overall* performance, -# because on Itanium 1 stall on MM result is accompanied by -# pipeline flush, which takes 6 cycles:-( -# -# June 2012 -# -# Improve performance by 15-20%. Note about "rules of engagement" -# above. Contemporary cores are equipped with additional shifter, -# so that they should perform even better than below, presumably -# by ~10%. -# -###################################################################### -# Current performance in cycles per processed byte for Itanium 2 -# pre-9000 series [little-endian] system: -# -# SHA1(*) 5.7 -# SHA256 12.6 -# SHA512 6.7 -# -# (*) SHA1 result is presented purely for reference purposes. -# -# To generate code, pass the file name with either 256 or 512 in its -# name and compiler flags. - -# $output is the last argument if it looks like a file (it has an extension) -$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; - -if ($output =~ /512.*\.[s|asm]/) { - $SZ=8; - $BITS=8*$SZ; - $LDW="ld8"; - $STW="st8"; - $ADD="add"; - $SHRU="shr.u"; - $TABLE="K512"; - $func="sha512_block_data_order"; - @Sigma0=(28,34,39); - @Sigma1=(14,18,41); - @sigma0=(1, 8, 7); - @sigma1=(19,61, 6); - $rounds=80; -} elsif ($output =~ /256.*\.[s|asm]/) { - $SZ=4; - $BITS=8*$SZ; - $LDW="ld4"; - $STW="st4"; - $ADD="padd4"; - $SHRU="pshr4.u"; - $TABLE="K256"; - $func="sha256_block_data_order"; - @Sigma0=( 2,13,22); - @Sigma1=( 6,11,25); - @sigma0=( 7,18, 3); - @sigma1=(17,19,10); - $rounds=64; -} else { die "nonsense $output"; } - -$output and (open STDOUT,">$output" or die "can't open $output: $!"); - -if ($^O eq "hpux") { - $ADDP="addp4"; - for (@ARGV) { $ADDP="add" if (/[\+DD|\-mlp]64/); } -} else { $ADDP="add"; } -for (@ARGV) { $big_endian=1 if (/\-DB_ENDIAN/); - $big_endian=0 if (/\-DL_ENDIAN/); } -if (!defined($big_endian)) - { $big_endian=(unpack('L',pack('N',1))==1); } - -$code=<<___; -.ident \"$output, version 2.0\" -.ident \"IA-64 ISA artwork by Andy Polyakov \" -.explicit -.text - -pfssave=r2; -lcsave=r3; -prsave=r14; -K=r15; -A_=r16; B_=r17; C_=r18; D_=r19; -E_=r20; F_=r21; G_=r22; H_=r23; -T1=r24; T2=r25; -s0=r26; s1=r27; t0=r28; t1=r29; -Ktbl=r30; -ctx=r31; // 1st arg -input=r56; // 2nd arg -num=r57; // 3rd arg -sgm0=r58; sgm1=r59; // small constants - -// void $func (SHA_CTX *ctx, const void *in,size_t num[,int host]) -.global $func# -.proc $func# -.align 32 -.skip 16 -$func: - .prologue - .save ar.pfs,pfssave -{ .mmi; alloc pfssave=ar.pfs,3,25,0,24 - $ADDP ctx=0,r32 // 1st arg - .save ar.lc,lcsave - mov lcsave=ar.lc } -{ .mmi; $ADDP input=0,r33 // 2nd arg - mov num=r34 // 3rd arg - .save pr,prsave - mov prsave=pr };; - - .body -{ .mib; add r8=0*$SZ,ctx - add r9=1*$SZ,ctx } -{ .mib; add r10=2*$SZ,ctx - add r11=3*$SZ,ctx };; - -// load A-H -.Lpic_point: -{ .mmi; $LDW A_=[r8],4*$SZ - $LDW B_=[r9],4*$SZ - mov Ktbl=ip } -{ .mmi; $LDW C_=[r10],4*$SZ - $LDW D_=[r11],4*$SZ - mov sgm0=$sigma0[2] };; -{ .mmi; $LDW E_=[r8] - $LDW F_=[r9] - add Ktbl=($TABLE#-.Lpic_point),Ktbl } -{ .mmi; $LDW G_=[r10] - $LDW H_=[r11] - cmp.ne p0,p16=0,r0 };; -___ -$code.=<<___ if ($BITS==64); -{ .mii; and r8=7,input - and input=~7,input;; - cmp.eq p9,p0=1,r8 } -{ .mmi; cmp.eq p10,p0=2,r8 - cmp.eq p11,p0=3,r8 - cmp.eq p12,p0=4,r8 } -{ .mmi; cmp.eq p13,p0=5,r8 - cmp.eq p14,p0=6,r8 - cmp.eq p15,p0=7,r8 };; -___ -$code.=<<___; -.L_outer: -.rotr R[8],X[16] -A=R[0]; B=R[1]; C=R[2]; D=R[3]; E=R[4]; F=R[5]; G=R[6]; H=R[7] -{ .mmi; ld1 X[15]=[input],$SZ // eliminated in sha512 - mov A=A_ - mov ar.lc=14 } -{ .mmi; mov B=B_ - mov C=C_ - mov D=D_ } -{ .mmi; mov E=E_ - mov F=F_ - mov ar.ec=2 };; -{ .mmi; mov G=G_ - mov H=H_ - mov sgm1=$sigma1[2] } -{ .mib; mov r8=0 - add r9=1-$SZ,input - brp.loop.imp .L_first16,.L_first16_end-16 };; -___ -$t0="A", $t1="E", $code.=<<___ if ($BITS==64); -// in sha512 case I load whole X[16] at once and take care of alignment... -{ .mmi; add r8=1*$SZ,input - add r9=2*$SZ,input - add r10=3*$SZ,input };; -{ .mmb; $LDW X[15]=[input],4*$SZ - $LDW X[14]=[r8],4*$SZ -(p9) br.cond.dpnt.many .L1byte };; -{ .mmb; $LDW X[13]=[r9],4*$SZ - $LDW X[12]=[r10],4*$SZ -(p10) br.cond.dpnt.many .L2byte };; -{ .mmb; $LDW X[11]=[input],4*$SZ - $LDW X[10]=[r8],4*$SZ -(p11) br.cond.dpnt.many .L3byte };; -{ .mmb; $LDW X[ 9]=[r9],4*$SZ - $LDW X[ 8]=[r10],4*$SZ -(p12) br.cond.dpnt.many .L4byte };; -{ .mmb; $LDW X[ 7]=[input],4*$SZ - $LDW X[ 6]=[r8],4*$SZ -(p13) br.cond.dpnt.many .L5byte };; -{ .mmb; $LDW X[ 5]=[r9],4*$SZ - $LDW X[ 4]=[r10],4*$SZ -(p14) br.cond.dpnt.many .L6byte };; -{ .mmb; $LDW X[ 3]=[input],4*$SZ - $LDW X[ 2]=[r8],4*$SZ -(p15) br.cond.dpnt.many .L7byte };; -{ .mmb; $LDW X[ 1]=[r9],4*$SZ - $LDW X[ 0]=[r10],4*$SZ } -{ .mib; mov r8=0 - mux1 X[15]=X[15],\@rev // eliminated on big-endian - br.many .L_first16 };; -.L1byte: -{ .mmi; $LDW X[13]=[r9],4*$SZ - $LDW X[12]=[r10],4*$SZ - shrp X[15]=X[15],X[14],56 };; -{ .mmi; $LDW X[11]=[input],4*$SZ - $LDW X[10]=[r8],4*$SZ - shrp X[14]=X[14],X[13],56 } -{ .mmi; $LDW X[ 9]=[r9],4*$SZ - $LDW X[ 8]=[r10],4*$SZ - shrp X[13]=X[13],X[12],56 };; -{ .mmi; $LDW X[ 7]=[input],4*$SZ - $LDW X[ 6]=[r8],4*$SZ - shrp X[12]=X[12],X[11],56 } -{ .mmi; $LDW X[ 5]=[r9],4*$SZ - $LDW X[ 4]=[r10],4*$SZ - shrp X[11]=X[11],X[10],56 };; -{ .mmi; $LDW X[ 3]=[input],4*$SZ - $LDW X[ 2]=[r8],4*$SZ - shrp X[10]=X[10],X[ 9],56 } -{ .mmi; $LDW X[ 1]=[r9],4*$SZ - $LDW X[ 0]=[r10],4*$SZ - shrp X[ 9]=X[ 9],X[ 8],56 };; -{ .mii; $LDW T1=[input] - shrp X[ 8]=X[ 8],X[ 7],56 - shrp X[ 7]=X[ 7],X[ 6],56 } -{ .mii; shrp X[ 6]=X[ 6],X[ 5],56 - shrp X[ 5]=X[ 5],X[ 4],56 };; -{ .mii; shrp X[ 4]=X[ 4],X[ 3],56 - shrp X[ 3]=X[ 3],X[ 2],56 } -{ .mii; shrp X[ 2]=X[ 2],X[ 1],56 - shrp X[ 1]=X[ 1],X[ 0],56 } -{ .mib; shrp X[ 0]=X[ 0],T1,56 } -{ .mib; mov r8=0 - mux1 X[15]=X[15],\@rev // eliminated on big-endian - br.many .L_first16 };; -.L2byte: -{ .mmi; $LDW X[11]=[input],4*$SZ - $LDW X[10]=[r8],4*$SZ - shrp X[15]=X[15],X[14],48 } -{ .mmi; $LDW X[ 9]=[r9],4*$SZ - $LDW X[ 8]=[r10],4*$SZ - shrp X[14]=X[14],X[13],48 };; -{ .mmi; $LDW X[ 7]=[input],4*$SZ - $LDW X[ 6]=[r8],4*$SZ - shrp X[13]=X[13],X[12],48 } -{ .mmi; $LDW X[ 5]=[r9],4*$SZ - $LDW X[ 4]=[r10],4*$SZ - shrp X[12]=X[12],X[11],48 };; -{ .mmi; $LDW X[ 3]=[input],4*$SZ - $LDW X[ 2]=[r8],4*$SZ - shrp X[11]=X[11],X[10],48 } -{ .mmi; $LDW X[ 1]=[r9],4*$SZ - $LDW X[ 0]=[r10],4*$SZ - shrp X[10]=X[10],X[ 9],48 };; -{ .mii; $LDW T1=[input] - shrp X[ 9]=X[ 9],X[ 8],48 - shrp X[ 8]=X[ 8],X[ 7],48 } -{ .mii; shrp X[ 7]=X[ 7],X[ 6],48 - shrp X[ 6]=X[ 6],X[ 5],48 };; -{ .mii; shrp X[ 5]=X[ 5],X[ 4],48 - shrp X[ 4]=X[ 4],X[ 3],48 } -{ .mii; shrp X[ 3]=X[ 3],X[ 2],48 - shrp X[ 2]=X[ 2],X[ 1],48 } -{ .mii; shrp X[ 1]=X[ 1],X[ 0],48 - shrp X[ 0]=X[ 0],T1,48 } -{ .mib; mov r8=0 - mux1 X[15]=X[15],\@rev // eliminated on big-endian - br.many .L_first16 };; -.L3byte: -{ .mmi; $LDW X[ 9]=[r9],4*$SZ - $LDW X[ 8]=[r10],4*$SZ - shrp X[15]=X[15],X[14],40 };; -{ .mmi; $LDW X[ 7]=[input],4*$SZ - $LDW X[ 6]=[r8],4*$SZ - shrp X[14]=X[14],X[13],40 } -{ .mmi; $LDW X[ 5]=[r9],4*$SZ - $LDW X[ 4]=[r10],4*$SZ - shrp X[13]=X[13],X[12],40 };; -{ .mmi; $LDW X[ 3]=[input],4*$SZ - $LDW X[ 2]=[r8],4*$SZ - shrp X[12]=X[12],X[11],40 } -{ .mmi; $LDW X[ 1]=[r9],4*$SZ - $LDW X[ 0]=[r10],4*$SZ - shrp X[11]=X[11],X[10],40 };; -{ .mii; $LDW T1=[input] - shrp X[10]=X[10],X[ 9],40 - shrp X[ 9]=X[ 9],X[ 8],40 } -{ .mii; shrp X[ 8]=X[ 8],X[ 7],40 - shrp X[ 7]=X[ 7],X[ 6],40 };; -{ .mii; shrp X[ 6]=X[ 6],X[ 5],40 - shrp X[ 5]=X[ 5],X[ 4],40 } -{ .mii; shrp X[ 4]=X[ 4],X[ 3],40 - shrp X[ 3]=X[ 3],X[ 2],40 } -{ .mii; shrp X[ 2]=X[ 2],X[ 1],40 - shrp X[ 1]=X[ 1],X[ 0],40 } -{ .mib; shrp X[ 0]=X[ 0],T1,40 } -{ .mib; mov r8=0 - mux1 X[15]=X[15],\@rev // eliminated on big-endian - br.many .L_first16 };; -.L4byte: -{ .mmi; $LDW X[ 7]=[input],4*$SZ - $LDW X[ 6]=[r8],4*$SZ - shrp X[15]=X[15],X[14],32 } -{ .mmi; $LDW X[ 5]=[r9],4*$SZ - $LDW X[ 4]=[r10],4*$SZ - shrp X[14]=X[14],X[13],32 };; -{ .mmi; $LDW X[ 3]=[input],4*$SZ - $LDW X[ 2]=[r8],4*$SZ - shrp X[13]=X[13],X[12],32 } -{ .mmi; $LDW X[ 1]=[r9],4*$SZ - $LDW X[ 0]=[r10],4*$SZ - shrp X[12]=X[12],X[11],32 };; -{ .mii; $LDW T1=[input] - shrp X[11]=X[11],X[10],32 - shrp X[10]=X[10],X[ 9],32 } -{ .mii; shrp X[ 9]=X[ 9],X[ 8],32 - shrp X[ 8]=X[ 8],X[ 7],32 };; -{ .mii; shrp X[ 7]=X[ 7],X[ 6],32 - shrp X[ 6]=X[ 6],X[ 5],32 } -{ .mii; shrp X[ 5]=X[ 5],X[ 4],32 - shrp X[ 4]=X[ 4],X[ 3],32 } -{ .mii; shrp X[ 3]=X[ 3],X[ 2],32 - shrp X[ 2]=X[ 2],X[ 1],32 } -{ .mii; shrp X[ 1]=X[ 1],X[ 0],32 - shrp X[ 0]=X[ 0],T1,32 } -{ .mib; mov r8=0 - mux1 X[15]=X[15],\@rev // eliminated on big-endian - br.many .L_first16 };; -.L5byte: -{ .mmi; $LDW X[ 5]=[r9],4*$SZ - $LDW X[ 4]=[r10],4*$SZ - shrp X[15]=X[15],X[14],24 };; -{ .mmi; $LDW X[ 3]=[input],4*$SZ - $LDW X[ 2]=[r8],4*$SZ - shrp X[14]=X[14],X[13],24 } -{ .mmi; $LDW X[ 1]=[r9],4*$SZ - $LDW X[ 0]=[r10],4*$SZ - shrp X[13]=X[13],X[12],24 };; -{ .mii; $LDW T1=[input] - shrp X[12]=X[12],X[11],24 - shrp X[11]=X[11],X[10],24 } -{ .mii; shrp X[10]=X[10],X[ 9],24 - shrp X[ 9]=X[ 9],X[ 8],24 };; -{ .mii; shrp X[ 8]=X[ 8],X[ 7],24 - shrp X[ 7]=X[ 7],X[ 6],24 } -{ .mii; shrp X[ 6]=X[ 6],X[ 5],24 - shrp X[ 5]=X[ 5],X[ 4],24 } -{ .mii; shrp X[ 4]=X[ 4],X[ 3],24 - shrp X[ 3]=X[ 3],X[ 2],24 } -{ .mii; shrp X[ 2]=X[ 2],X[ 1],24 - shrp X[ 1]=X[ 1],X[ 0],24 } -{ .mib; shrp X[ 0]=X[ 0],T1,24 } -{ .mib; mov r8=0 - mux1 X[15]=X[15],\@rev // eliminated on big-endian - br.many .L_first16 };; -.L6byte: -{ .mmi; $LDW X[ 3]=[input],4*$SZ - $LDW X[ 2]=[r8],4*$SZ - shrp X[15]=X[15],X[14],16 } -{ .mmi; $LDW X[ 1]=[r9],4*$SZ - $LDW X[ 0]=[r10],4*$SZ - shrp X[14]=X[14],X[13],16 };; -{ .mii; $LDW T1=[input] - shrp X[13]=X[13],X[12],16 - shrp X[12]=X[12],X[11],16 } -{ .mii; shrp X[11]=X[11],X[10],16 - shrp X[10]=X[10],X[ 9],16 };; -{ .mii; shrp X[ 9]=X[ 9],X[ 8],16 - shrp X[ 8]=X[ 8],X[ 7],16 } -{ .mii; shrp X[ 7]=X[ 7],X[ 6],16 - shrp X[ 6]=X[ 6],X[ 5],16 } -{ .mii; shrp X[ 5]=X[ 5],X[ 4],16 - shrp X[ 4]=X[ 4],X[ 3],16 } -{ .mii; shrp X[ 3]=X[ 3],X[ 2],16 - shrp X[ 2]=X[ 2],X[ 1],16 } -{ .mii; shrp X[ 1]=X[ 1],X[ 0],16 - shrp X[ 0]=X[ 0],T1,16 } -{ .mib; mov r8=0 - mux1 X[15]=X[15],\@rev // eliminated on big-endian - br.many .L_first16 };; -.L7byte: -{ .mmi; $LDW X[ 1]=[r9],4*$SZ - $LDW X[ 0]=[r10],4*$SZ - shrp X[15]=X[15],X[14],8 };; -{ .mii; $LDW T1=[input] - shrp X[14]=X[14],X[13],8 - shrp X[13]=X[13],X[12],8 } -{ .mii; shrp X[12]=X[12],X[11],8 - shrp X[11]=X[11],X[10],8 };; -{ .mii; shrp X[10]=X[10],X[ 9],8 - shrp X[ 9]=X[ 9],X[ 8],8 } -{ .mii; shrp X[ 8]=X[ 8],X[ 7],8 - shrp X[ 7]=X[ 7],X[ 6],8 } -{ .mii; shrp X[ 6]=X[ 6],X[ 5],8 - shrp X[ 5]=X[ 5],X[ 4],8 } -{ .mii; shrp X[ 4]=X[ 4],X[ 3],8 - shrp X[ 3]=X[ 3],X[ 2],8 } -{ .mii; shrp X[ 2]=X[ 2],X[ 1],8 - shrp X[ 1]=X[ 1],X[ 0],8 } -{ .mib; shrp X[ 0]=X[ 0],T1,8 } -{ .mib; mov r8=0 - mux1 X[15]=X[15],\@rev };; // eliminated on big-endian - -.align 32 -.L_first16: -{ .mmi; $LDW K=[Ktbl],$SZ - add A=A,r8 // H+=Sigma(0) from the past - _rotr r10=$t1,$Sigma1[0] } // ROTR(e,14) -{ .mmi; and T1=F,E - andcm r8=G,E - (p16) mux1 X[14]=X[14],\@rev };; // eliminated on big-endian -{ .mmi; and T2=A,B - and r9=A,C - _rotr r11=$t1,$Sigma1[1] } // ROTR(e,41) -{ .mmi; xor T1=T1,r8 // T1=((e & f) ^ (~e & g)) - and r8=B,C };; -___ -$t0="t0", $t1="t1", $code.=<<___ if ($BITS==32); -.align 32 -.L_first16: -{ .mmi; add A=A,r8 // H+=Sigma(0) from the past - add r10=2-$SZ,input - add r11=3-$SZ,input };; -{ .mmi; ld1 r9=[r9] - ld1 r10=[r10] - dep.z $t1=E,32,32 } -{ .mmi; ld1 r11=[r11] - $LDW K=[Ktbl],$SZ - zxt4 E=E };; -{ .mii; or $t1=$t1,E - dep X[15]=X[15],r9,8,8 - mux2 $t0=A,0x44 };; // copy lower half to upper -{ .mmi; and T1=F,E - andcm r8=G,E - dep r11=r10,r11,8,8 };; -{ .mmi; and T2=A,B - and r9=A,C - dep X[15]=X[15],r11,16,16 };; -{ .mmi; (p16) ld1 X[15-1]=[input],$SZ // prefetch - xor T1=T1,r8 // T1=((e & f) ^ (~e & g)) - _rotr r10=$t1,$Sigma1[0] } // ROTR(e,14) -{ .mmi; and r8=B,C - _rotr r11=$t1,$Sigma1[1] };; // ROTR(e,18) -___ -$code.=<<___; -{ .mmi; add T1=T1,H // T1=Ch(e,f,g)+h - xor r10=r10,r11 - _rotr r11=$t1,$Sigma1[2] } // ROTR(e,41) -{ .mmi; xor T2=T2,r9 - add K=K,X[15] };; -{ .mmi; add T1=T1,K // T1+=K[i]+X[i] - xor T2=T2,r8 // T2=((a & b) ^ (a & c) ^ (b & c)) - _rotr r8=$t0,$Sigma0[0] } // ROTR(a,28) -{ .mmi; xor r11=r11,r10 // Sigma1(e) - _rotr r9=$t0,$Sigma0[1] };; // ROTR(a,34) -{ .mmi; add T1=T1,r11 // T+=Sigma1(e) - xor r8=r8,r9 - _rotr r9=$t0,$Sigma0[2] };; // ROTR(a,39) -{ .mmi; xor r8=r8,r9 // Sigma0(a) - add D=D,T1 - mux2 H=X[15],0x44 } // mov H=X[15] in sha512 -{ .mib; (p16) add r9=1-$SZ,input // not used in sha512 - add X[15]=T1,T2 // H=T1+Maj(a,b,c) - br.ctop.sptk .L_first16 };; -.L_first16_end: - -{ .mib; mov ar.lc=$rounds-17 - brp.loop.imp .L_rest,.L_rest_end-16 } -{ .mib; mov ar.ec=1 - br.many .L_rest };; - -.align 32 -.L_rest: -{ .mmi; $LDW K=[Ktbl],$SZ - add A=A,r8 // H+=Sigma0(a) from the past - _rotr r8=X[15-1],$sigma0[0] } // ROTR(s0,1) -{ .mmi; add X[15]=X[15],X[15-9] // X[i&0xF]+=X[(i+9)&0xF] - $SHRU s0=X[15-1],sgm0 };; // s0=X[(i+1)&0xF]>>7 -{ .mib; and T1=F,E - _rotr r9=X[15-1],$sigma0[1] } // ROTR(s0,8) -{ .mib; andcm r10=G,E - $SHRU s1=X[15-14],sgm1 };; // s1=X[(i+14)&0xF]>>6 -// Pair of mmi; splits on Itanium 1 and prevents pipeline flush -// upon $SHRU output usage -{ .mmi; xor T1=T1,r10 // T1=((e & f) ^ (~e & g)) - xor r9=r8,r9 - _rotr r10=X[15-14],$sigma1[0] }// ROTR(s1,19) -{ .mmi; and T2=A,B - and r8=A,C - _rotr r11=X[15-14],$sigma1[1] };;// ROTR(s1,61) -___ -$t0="t0", $t1="t1", $code.=<<___ if ($BITS==32); -{ .mib; xor s0=s0,r9 // s0=sigma0(X[(i+1)&0xF]) - dep.z $t1=E,32,32 } -{ .mib; xor r10=r11,r10 - zxt4 E=E };; -{ .mii; xor s1=s1,r10 // s1=sigma1(X[(i+14)&0xF]) - shrp r9=E,$t1,32+$Sigma1[0] // ROTR(e,14) - mux2 $t0=A,0x44 };; // copy lower half to upper -// Pair of mmi; splits on Itanium 1 and prevents pipeline flush -// upon mux2 output usage -{ .mmi; xor T2=T2,r8 - shrp r8=E,$t1,32+$Sigma1[1]} // ROTR(e,18) -{ .mmi; and r10=B,C - add T1=T1,H // T1=Ch(e,f,g)+h - or $t1=$t1,E };; -___ -$t0="A", $t1="E", $code.=<<___ if ($BITS==64); -{ .mib; xor s0=s0,r9 // s0=sigma0(X[(i+1)&0xF]) - _rotr r9=$t1,$Sigma1[0] } // ROTR(e,14) -{ .mib; xor r10=r11,r10 - xor T2=T2,r8 };; -{ .mib; xor s1=s1,r10 // s1=sigma1(X[(i+14)&0xF]) - _rotr r8=$t1,$Sigma1[1] } // ROTR(e,18) -{ .mib; and r10=B,C - add T1=T1,H };; // T1+=H -___ -$code.=<<___; -{ .mib; xor r9=r9,r8 - _rotr r8=$t1,$Sigma1[2] } // ROTR(e,41) -{ .mib; xor T2=T2,r10 // T2=((a & b) ^ (a & c) ^ (b & c)) - add X[15]=X[15],s0 };; // X[i]+=sigma0(X[i+1]) -{ .mmi; xor r9=r9,r8 // Sigma1(e) - add X[15]=X[15],s1 // X[i]+=sigma0(X[i+14]) - _rotr r8=$t0,$Sigma0[0] };; // ROTR(a,28) -{ .mmi; add K=K,X[15] - add T1=T1,r9 // T1+=Sigma1(e) - _rotr r9=$t0,$Sigma0[1] };; // ROTR(a,34) -{ .mmi; add T1=T1,K // T1+=K[i]+X[i] - xor r8=r8,r9 - _rotr r9=$t0,$Sigma0[2] };; // ROTR(a,39) -{ .mib; add D=D,T1 - mux2 H=X[15],0x44 } // mov H=X[15] in sha512 -{ .mib; xor r8=r8,r9 // Sigma0(a) - add X[15]=T1,T2 // H=T1+Maj(a,b,c) - br.ctop.sptk .L_rest };; -.L_rest_end: - -{ .mmi; add A=A,r8 };; // H+=Sigma0(a) from the past -{ .mmi; add A_=A_,A - add B_=B_,B - add C_=C_,C } -{ .mmi; add D_=D_,D - add E_=E_,E - cmp.ltu p16,p0=1,num };; -{ .mmi; add F_=F_,F - add G_=G_,G - add H_=H_,H } -{ .mmb; add Ktbl=-$SZ*$rounds,Ktbl -(p16) add num=-1,num -(p16) br.dptk.many .L_outer };; - -{ .mib; add r8=0*$SZ,ctx - add r9=1*$SZ,ctx } -{ .mib; add r10=2*$SZ,ctx - add r11=3*$SZ,ctx };; -{ .mmi; $STW [r8]=A_,4*$SZ - $STW [r9]=B_,4*$SZ - mov ar.lc=lcsave } -{ .mmi; $STW [r10]=C_,4*$SZ - $STW [r11]=D_,4*$SZ - mov pr=prsave,0x1ffff };; -{ .mmb; $STW [r8]=E_ - $STW [r9]=F_ } -{ .mmb; $STW [r10]=G_ - $STW [r11]=H_ - br.ret.sptk.many b0 };; -.endp $func# -___ - -foreach(split($/,$code)) { - s/\`([^\`]*)\`/eval $1/gem; - s/_rotr(\s+)([^=]+)=([^,]+),([0-9]+)/shrp$1$2=$3,$3,$4/gm; - if ($BITS==64) { - s/mux2(\s+)([^=]+)=([^,]+),\S+/mov$1 $2=$3/gm; - s/mux1(\s+)\S+/nop.i$1 0x0/gm if ($big_endian); - s/(shrp\s+X\[[^=]+)=([^,]+),([^,]+),([1-9]+)/$1=$3,$2,64-$4/gm - if (!$big_endian); - s/ld1(\s+)X\[\S+/nop.m$1 0x0/gm; - } - - print $_,"\n"; -} - -print<<___ if ($BITS==32); -.align 64 -.type K256#,\@object -K256: data4 0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5 - data4 0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5 - data4 0xd807aa98,0x12835b01,0x243185be,0x550c7dc3 - data4 0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174 - data4 0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc - data4 0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da - data4 0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7 - data4 0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967 - data4 0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13 - data4 0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85 - data4 0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3 - data4 0xd192e819,0xd6990624,0xf40e3585,0x106aa070 - data4 0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5 - data4 0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3 - data4 0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208 - data4 0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2 -.size K256#,$SZ*$rounds -stringz "SHA256 block transform for IA64, CRYPTOGAMS by " -___ -print<<___ if ($BITS==64); -.align 64 -.type K512#,\@object -K512: data8 0x428a2f98d728ae22,0x7137449123ef65cd - data8 0xb5c0fbcfec4d3b2f,0xe9b5dba58189dbbc - data8 0x3956c25bf348b538,0x59f111f1b605d019 - data8 0x923f82a4af194f9b,0xab1c5ed5da6d8118 - data8 0xd807aa98a3030242,0x12835b0145706fbe - data8 0x243185be4ee4b28c,0x550c7dc3d5ffb4e2 - data8 0x72be5d74f27b896f,0x80deb1fe3b1696b1 - data8 0x9bdc06a725c71235,0xc19bf174cf692694 - data8 0xe49b69c19ef14ad2,0xefbe4786384f25e3 - data8 0x0fc19dc68b8cd5b5,0x240ca1cc77ac9c65 - data8 0x2de92c6f592b0275,0x4a7484aa6ea6e483 - data8 0x5cb0a9dcbd41fbd4,0x76f988da831153b5 - data8 0x983e5152ee66dfab,0xa831c66d2db43210 - data8 0xb00327c898fb213f,0xbf597fc7beef0ee4 - data8 0xc6e00bf33da88fc2,0xd5a79147930aa725 - data8 0x06ca6351e003826f,0x142929670a0e6e70 - data8 0x27b70a8546d22ffc,0x2e1b21385c26c926 - data8 0x4d2c6dfc5ac42aed,0x53380d139d95b3df - data8 0x650a73548baf63de,0x766a0abb3c77b2a8 - data8 0x81c2c92e47edaee6,0x92722c851482353b - data8 0xa2bfe8a14cf10364,0xa81a664bbc423001 - data8 0xc24b8b70d0f89791,0xc76c51a30654be30 - data8 0xd192e819d6ef5218,0xd69906245565a910 - data8 0xf40e35855771202a,0x106aa07032bbd1b8 - data8 0x19a4c116b8d2d0c8,0x1e376c085141ab53 - data8 0x2748774cdf8eeb99,0x34b0bcb5e19b48a8 - data8 0x391c0cb3c5c95a63,0x4ed8aa4ae3418acb - data8 0x5b9cca4f7763e373,0x682e6ff3d6b2b8a3 - data8 0x748f82ee5defb2fc,0x78a5636f43172f60 - data8 0x84c87814a1f0ab72,0x8cc702081a6439ec - data8 0x90befffa23631e28,0xa4506cebde82bde9 - data8 0xbef9a3f7b2c67915,0xc67178f2e372532b - data8 0xca273eceea26619c,0xd186b8c721c0c207 - data8 0xeada7dd6cde0eb1e,0xf57d4f7fee6ed178 - data8 0x06f067aa72176fba,0x0a637dc5a2c898a6 - data8 0x113f9804bef90dae,0x1b710b35131c471b - data8 0x28db77f523047d84,0x32caab7b40c72493 - data8 0x3c9ebe0a15c9bebc,0x431d67c49c100d4c - data8 0x4cc5d4becb3e42b6,0x597f299cfc657e2a - data8 0x5fcb6fab3ad6faec,0x6c44198c4a475817 -.size K512#,$SZ*$rounds -stringz "SHA512 block transform for IA64, CRYPTOGAMS by " -___ diff --git a/crypto/sha/asm/sha512-mips.pl b/crypto/sha/asm/sha512-mips.pl deleted file mode 100644 index 573bb574fc6d6274bed4c43fb9a2079d19145012..0000000000000000000000000000000000000000 --- a/crypto/sha/asm/sha512-mips.pl +++ /dev/null @@ -1,527 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2010-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - - -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# ==================================================================== - -# SHA2 block procedures for MIPS. - -# October 2010. -# -# SHA256 performance improvement on MIPS R5000 CPU is ~27% over gcc- -# generated code in o32 build and ~55% in n32/64 build. SHA512 [which -# for now can only be compiled for MIPS64 ISA] improvement is modest -# ~17%, but it comes for free, because it's same instruction sequence. -# Improvement coefficients are for aligned input. - -# September 2012. -# -# Add MIPS[32|64]R2 code (>25% less instructions). - -###################################################################### -# There is a number of MIPS ABI in use, O32 and N32/64 are most -# widely used. Then there is a new contender: NUBI. It appears that if -# one picks the latter, it's possible to arrange code in ABI neutral -# manner. Therefore let's stick to NUBI register layout: -# -($zero,$at,$t0,$t1,$t2)=map("\$$_",(0..2,24,25)); -($a0,$a1,$a2,$a3,$a4,$a5,$a6,$a7)=map("\$$_",(4..11)); -($s0,$s1,$s2,$s3,$s4,$s5,$s6,$s7,$s8,$s9,$s10,$s11)=map("\$$_",(12..23)); -($gp,$tp,$sp,$fp,$ra)=map("\$$_",(3,28..31)); -# -# The return value is placed in $a0. Following coding rules facilitate -# interoperability: -# -# - never ever touch $tp, "thread pointer", former $gp [o32 can be -# excluded from the rule, because it's specified volatile]; -# - copy return value to $t0, former $v0 [or to $a0 if you're adapting -# old code]; -# - on O32 populate $a4-$a7 with 'lw $aN,4*N($sp)' if necessary; -# -# For reference here is register layout for N32/64 MIPS ABIs: -# -# ($zero,$at,$v0,$v1)=map("\$$_",(0..3)); -# ($a0,$a1,$a2,$a3,$a4,$a5,$a6,$a7)=map("\$$_",(4..11)); -# ($t0,$t1,$t2,$t3,$t8,$t9)=map("\$$_",(12..15,24,25)); -# ($s0,$s1,$s2,$s3,$s4,$s5,$s6,$s7)=map("\$$_",(16..23)); -# ($gp,$sp,$fp,$ra)=map("\$$_",(28..31)); -# -# if $output doesn't have an extension, it's not an output file -# so use it for $flavour. - -# $output is the last argument if it looks like a file (it has an extension) -# $flavour is the first argument if it doesn't look like a file -$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; -# supported flavours are o32,n32,64,nubi32,nubi64, default is o32 -$flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : "o32"; - -if ($flavour =~ /64|n32/i) { - $PTR_LA="dla"; - $PTR_ADD="daddu"; # incidentally works even on n32 - $PTR_SUB="dsubu"; # incidentally works even on n32 - $REG_S="sd"; - $REG_L="ld"; - $PTR_SLL="dsll"; # incidentally works even on n32 - $SZREG=8; -} else { - $PTR_LA="la"; - $PTR_ADD="addu"; - $PTR_SUB="subu"; - $REG_S="sw"; - $REG_L="lw"; - $PTR_SLL="sll"; - $SZREG=4; -} -$pf = ($flavour =~ /nubi/i) ? $t0 : $t2; -# -# -# -###################################################################### - -$big_endian=(`echo MIPSEB | $ENV{CC} -E -`=~/MIPSEB/)?0:1 if ($ENV{CC}); - -open STDOUT,">$output"; - -if (!defined($big_endian)) { $big_endian=(unpack('L',pack('N',1))==1); } - -if ($output =~ /512/) { - $label="512"; - $SZ=8; - $LD="ld"; # load from memory - $ST="sd"; # store to memory - $SLL="dsll"; # shift left logical - $SRL="dsrl"; # shift right logical - $ADDU="daddu"; - $ROTR="drotr"; - @Sigma0=(28,34,39); - @Sigma1=(14,18,41); - @sigma0=( 7, 1, 8); # right shift first - @sigma1=( 6,19,61); # right shift first - $lastK=0x817; - $rounds=80; -} else { - $label="256"; - $SZ=4; - $LD="lw"; # load from memory - $ST="sw"; # store to memory - $SLL="sll"; # shift left logical - $SRL="srl"; # shift right logical - $ADDU="addu"; - $ROTR="rotr"; - @Sigma0=( 2,13,22); - @Sigma1=( 6,11,25); - @sigma0=( 3, 7,18); # right shift first - @sigma1=(10,17,19); # right shift first - $lastK=0x8f2; - $rounds=64; -} - -$MSB = $big_endian ? 0 : ($SZ-1); -$LSB = ($SZ-1)&~$MSB; - -@V=($A,$B,$C,$D,$E,$F,$G,$H)=map("\$$_",(1,2,3,7,24,25,30,31)); -@X=map("\$$_",(8..23)); - -$ctx=$a0; -$inp=$a1; -$len=$a2; $Ktbl=$len; - -sub BODY_00_15 { -my ($i,$a,$b,$c,$d,$e,$f,$g,$h)=@_; -my ($T1,$tmp0,$tmp1,$tmp2)=(@X[4],@X[5],@X[6],@X[7]); - -$code.=<<___ if ($i<15); -#if defined(_MIPS_ARCH_MIPS32R6) || defined(_MIPS_ARCH_MIPS64R6) - ${LD} @X[1],`($i+1)*$SZ`($inp) -#else - ${LD}l @X[1],`($i+1)*$SZ+$MSB`($inp) - ${LD}r @X[1],`($i+1)*$SZ+$LSB`($inp) -#endif -___ -$code.=<<___ if (!$big_endian && $i<16 && $SZ==4); -#if defined(_MIPS_ARCH_MIPS32R2) || defined(_MIPS_ARCH_MIPS64R2) - wsbh @X[0],@X[0] # byte swap($i) - rotr @X[0],@X[0],16 -#else - srl $tmp0,@X[0],24 # byte swap($i) - srl $tmp1,@X[0],8 - andi $tmp2,@X[0],0xFF00 - sll @X[0],@X[0],24 - andi $tmp1,0xFF00 - sll $tmp2,$tmp2,8 - or @X[0],$tmp0 - or $tmp1,$tmp2 - or @X[0],$tmp1 -#endif -___ -$code.=<<___ if (!$big_endian && $i<16 && $SZ==8); -#if defined(_MIPS_ARCH_MIPS64R2) - dsbh @X[0],@X[0] # byte swap($i) - dshd @X[0],@X[0] -#else - ori $tmp0,$zero,0xFF - dsll $tmp2,$tmp0,32 - or $tmp0,$tmp2 # 0x000000FF000000FF - and $tmp1,@X[0],$tmp0 # byte swap($i) - dsrl $tmp2,@X[0],24 - dsll $tmp1,24 - and $tmp2,$tmp0 - dsll $tmp0,8 # 0x0000FF000000FF00 - or $tmp1,$tmp2 - and $tmp2,@X[0],$tmp0 - dsrl @X[0],8 - dsll $tmp2,8 - and @X[0],$tmp0 - or $tmp1,$tmp2 - or @X[0],$tmp1 - dsrl $tmp1,@X[0],32 - dsll @X[0],32 - or @X[0],$tmp1 -#endif -___ -$code.=<<___; -#if defined(_MIPS_ARCH_MIPS32R2) || defined(_MIPS_ARCH_MIPS64R2) - xor $tmp2,$f,$g # $i - $ROTR $tmp0,$e,@Sigma1[0] - $ADDU $T1,$X[0],$h - $ROTR $tmp1,$e,@Sigma1[1] - and $tmp2,$e - $ROTR $h,$e,@Sigma1[2] - xor $tmp0,$tmp1 - $ROTR $tmp1,$a,@Sigma0[0] - xor $tmp2,$g # Ch(e,f,g) - xor $tmp0,$h # Sigma1(e) - - $ROTR $h,$a,@Sigma0[1] - $ADDU $T1,$tmp2 - $LD $tmp2,`$i*$SZ`($Ktbl) # K[$i] - xor $h,$tmp1 - $ROTR $tmp1,$a,@Sigma0[2] - $ADDU $T1,$tmp0 - and $tmp0,$b,$c - xor $h,$tmp1 # Sigma0(a) - xor $tmp1,$b,$c -#else - $ADDU $T1,$X[0],$h # $i - $SRL $h,$e,@Sigma1[0] - xor $tmp2,$f,$g - $SLL $tmp1,$e,`$SZ*8-@Sigma1[2]` - and $tmp2,$e - $SRL $tmp0,$e,@Sigma1[1] - xor $h,$tmp1 - $SLL $tmp1,$e,`$SZ*8-@Sigma1[1]` - xor $h,$tmp0 - $SRL $tmp0,$e,@Sigma1[2] - xor $h,$tmp1 - $SLL $tmp1,$e,`$SZ*8-@Sigma1[0]` - xor $h,$tmp0 - xor $tmp2,$g # Ch(e,f,g) - xor $tmp0,$tmp1,$h # Sigma1(e) - - $SRL $h,$a,@Sigma0[0] - $ADDU $T1,$tmp2 - $LD $tmp2,`$i*$SZ`($Ktbl) # K[$i] - $SLL $tmp1,$a,`$SZ*8-@Sigma0[2]` - $ADDU $T1,$tmp0 - $SRL $tmp0,$a,@Sigma0[1] - xor $h,$tmp1 - $SLL $tmp1,$a,`$SZ*8-@Sigma0[1]` - xor $h,$tmp0 - $SRL $tmp0,$a,@Sigma0[2] - xor $h,$tmp1 - $SLL $tmp1,$a,`$SZ*8-@Sigma0[0]` - xor $h,$tmp0 - and $tmp0,$b,$c - xor $h,$tmp1 # Sigma0(a) - xor $tmp1,$b,$c -#endif - $ST @X[0],`($i%16)*$SZ`($sp) # offload to ring buffer - $ADDU $h,$tmp0 - and $tmp1,$a - $ADDU $T1,$tmp2 # +=K[$i] - $ADDU $h,$tmp1 # +=Maj(a,b,c) - $ADDU $d,$T1 - $ADDU $h,$T1 -___ -$code.=<<___ if ($i>=13); - $LD @X[3],`(($i+3)%16)*$SZ`($sp) # prefetch from ring buffer -___ -} - -sub BODY_16_XX { -my $i=@_[0]; -my ($tmp0,$tmp1,$tmp2,$tmp3)=(@X[4],@X[5],@X[6],@X[7]); - -$code.=<<___; -#if defined(_MIPS_ARCH_MIPS32R2) || defined(_MIPS_ARCH_MIPS64R2) - $SRL $tmp2,@X[1],@sigma0[0] # Xupdate($i) - $ROTR $tmp0,@X[1],@sigma0[1] - $ADDU @X[0],@X[9] # +=X[i+9] - xor $tmp2,$tmp0 - $ROTR $tmp0,@X[1],@sigma0[2] - - $SRL $tmp3,@X[14],@sigma1[0] - $ROTR $tmp1,@X[14],@sigma1[1] - xor $tmp2,$tmp0 # sigma0(X[i+1]) - $ROTR $tmp0,@X[14],@sigma1[2] - xor $tmp3,$tmp1 - $ADDU @X[0],$tmp2 -#else - $SRL $tmp2,@X[1],@sigma0[0] # Xupdate($i) - $ADDU @X[0],@X[9] # +=X[i+9] - $SLL $tmp1,@X[1],`$SZ*8-@sigma0[2]` - $SRL $tmp0,@X[1],@sigma0[1] - xor $tmp2,$tmp1 - $SLL $tmp1,`@sigma0[2]-@sigma0[1]` - xor $tmp2,$tmp0 - $SRL $tmp0,@X[1],@sigma0[2] - xor $tmp2,$tmp1 - - $SRL $tmp3,@X[14],@sigma1[0] - xor $tmp2,$tmp0 # sigma0(X[i+1]) - $SLL $tmp1,@X[14],`$SZ*8-@sigma1[2]` - $ADDU @X[0],$tmp2 - $SRL $tmp0,@X[14],@sigma1[1] - xor $tmp3,$tmp1 - $SLL $tmp1,`@sigma1[2]-@sigma1[1]` - xor $tmp3,$tmp0 - $SRL $tmp0,@X[14],@sigma1[2] - xor $tmp3,$tmp1 -#endif - xor $tmp3,$tmp0 # sigma1(X[i+14]) - $ADDU @X[0],$tmp3 -___ - &BODY_00_15(@_); -} - -$FRAMESIZE=16*$SZ+16*$SZREG; -$SAVED_REGS_MASK = ($flavour =~ /nubi/i) ? "0xc0fff008" : "0xc0ff0000"; - -$code.=<<___; -#include "mips_arch.h" - -.text -.set noat -#if !defined(__mips_eabi) && (!defined(__vxworks) || defined(__pic__)) -.option pic2 -#endif - -.align 5 -.globl sha${label}_block_data_order -.ent sha${label}_block_data_order -sha${label}_block_data_order: - .frame $sp,$FRAMESIZE,$ra - .mask $SAVED_REGS_MASK,-$SZREG - .set noreorder -___ -$code.=<<___ if ($flavour =~ /o32/i); # o32 PIC-ification - .cpload $pf -___ -$code.=<<___; - $PTR_SUB $sp,$FRAMESIZE - $REG_S $ra,$FRAMESIZE-1*$SZREG($sp) - $REG_S $fp,$FRAMESIZE-2*$SZREG($sp) - $REG_S $s11,$FRAMESIZE-3*$SZREG($sp) - $REG_S $s10,$FRAMESIZE-4*$SZREG($sp) - $REG_S $s9,$FRAMESIZE-5*$SZREG($sp) - $REG_S $s8,$FRAMESIZE-6*$SZREG($sp) - $REG_S $s7,$FRAMESIZE-7*$SZREG($sp) - $REG_S $s6,$FRAMESIZE-8*$SZREG($sp) - $REG_S $s5,$FRAMESIZE-9*$SZREG($sp) - $REG_S $s4,$FRAMESIZE-10*$SZREG($sp) -___ -$code.=<<___ if ($flavour =~ /nubi/i); # optimize non-nubi prologue - $REG_S $s3,$FRAMESIZE-11*$SZREG($sp) - $REG_S $s2,$FRAMESIZE-12*$SZREG($sp) - $REG_S $s1,$FRAMESIZE-13*$SZREG($sp) - $REG_S $s0,$FRAMESIZE-14*$SZREG($sp) - $REG_S $gp,$FRAMESIZE-15*$SZREG($sp) -___ -$code.=<<___; - $PTR_SLL @X[15],$len,`log(16*$SZ)/log(2)` -___ -$code.=<<___ if ($flavour !~ /o32/i); # non-o32 PIC-ification - .cplocal $Ktbl - .cpsetup $pf,$zero,sha${label}_block_data_order -___ -$code.=<<___; - .set reorder - $PTR_LA $Ktbl,K${label} # PIC-ified 'load address' - - $LD $A,0*$SZ($ctx) # load context - $LD $B,1*$SZ($ctx) - $LD $C,2*$SZ($ctx) - $LD $D,3*$SZ($ctx) - $LD $E,4*$SZ($ctx) - $LD $F,5*$SZ($ctx) - $LD $G,6*$SZ($ctx) - $LD $H,7*$SZ($ctx) - - $PTR_ADD @X[15],$inp # pointer to the end of input - $REG_S @X[15],16*$SZ($sp) - b .Loop - -.align 5 -.Loop: -#if defined(_MIPS_ARCH_MIPS32R6) || defined(_MIPS_ARCH_MIPS64R6) - ${LD} @X[0],($inp) -#else - ${LD}l @X[0],$MSB($inp) - ${LD}r @X[0],$LSB($inp) -#endif -___ -for ($i=0;$i<16;$i++) -{ &BODY_00_15($i,@V); unshift(@V,pop(@V)); push(@X,shift(@X)); } -$code.=<<___; - b .L16_xx -.align 4 -.L16_xx: -___ -for (;$i<32;$i++) -{ &BODY_16_XX($i,@V); unshift(@V,pop(@V)); push(@X,shift(@X)); } -$code.=<<___; - and @X[6],0xfff - li @X[7],$lastK - .set noreorder - bne @X[6],@X[7],.L16_xx - $PTR_ADD $Ktbl,16*$SZ # Ktbl+=16 - - $REG_L @X[15],16*$SZ($sp) # restore pointer to the end of input - $LD @X[0],0*$SZ($ctx) - $LD @X[1],1*$SZ($ctx) - $LD @X[2],2*$SZ($ctx) - $PTR_ADD $inp,16*$SZ - $LD @X[3],3*$SZ($ctx) - $ADDU $A,@X[0] - $LD @X[4],4*$SZ($ctx) - $ADDU $B,@X[1] - $LD @X[5],5*$SZ($ctx) - $ADDU $C,@X[2] - $LD @X[6],6*$SZ($ctx) - $ADDU $D,@X[3] - $LD @X[7],7*$SZ($ctx) - $ADDU $E,@X[4] - $ST $A,0*$SZ($ctx) - $ADDU $F,@X[5] - $ST $B,1*$SZ($ctx) - $ADDU $G,@X[6] - $ST $C,2*$SZ($ctx) - $ADDU $H,@X[7] - $ST $D,3*$SZ($ctx) - $ST $E,4*$SZ($ctx) - $ST $F,5*$SZ($ctx) - $ST $G,6*$SZ($ctx) - $ST $H,7*$SZ($ctx) - - bne $inp,@X[15],.Loop - $PTR_SUB $Ktbl,`($rounds-16)*$SZ` # rewind $Ktbl - - $REG_L $ra,$FRAMESIZE-1*$SZREG($sp) - $REG_L $fp,$FRAMESIZE-2*$SZREG($sp) - $REG_L $s11,$FRAMESIZE-3*$SZREG($sp) - $REG_L $s10,$FRAMESIZE-4*$SZREG($sp) - $REG_L $s9,$FRAMESIZE-5*$SZREG($sp) - $REG_L $s8,$FRAMESIZE-6*$SZREG($sp) - $REG_L $s7,$FRAMESIZE-7*$SZREG($sp) - $REG_L $s6,$FRAMESIZE-8*$SZREG($sp) - $REG_L $s5,$FRAMESIZE-9*$SZREG($sp) - $REG_L $s4,$FRAMESIZE-10*$SZREG($sp) -___ -$code.=<<___ if ($flavour =~ /nubi/i); - $REG_L $s3,$FRAMESIZE-11*$SZREG($sp) - $REG_L $s2,$FRAMESIZE-12*$SZREG($sp) - $REG_L $s1,$FRAMESIZE-13*$SZREG($sp) - $REG_L $s0,$FRAMESIZE-14*$SZREG($sp) - $REG_L $gp,$FRAMESIZE-15*$SZREG($sp) -___ -$code.=<<___; - jr $ra - $PTR_ADD $sp,$FRAMESIZE -.end sha${label}_block_data_order - -.rdata -.align 5 -K${label}: -___ -if ($SZ==4) { -$code.=<<___; - .word 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5 - .word 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5 - .word 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3 - .word 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174 - .word 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc - .word 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da - .word 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7 - .word 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967 - .word 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13 - .word 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85 - .word 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3 - .word 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070 - .word 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5 - .word 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3 - .word 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208 - .word 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2 -___ -} else { -$code.=<<___; - .dword 0x428a2f98d728ae22, 0x7137449123ef65cd - .dword 0xb5c0fbcfec4d3b2f, 0xe9b5dba58189dbbc - .dword 0x3956c25bf348b538, 0x59f111f1b605d019 - .dword 0x923f82a4af194f9b, 0xab1c5ed5da6d8118 - .dword 0xd807aa98a3030242, 0x12835b0145706fbe - .dword 0x243185be4ee4b28c, 0x550c7dc3d5ffb4e2 - .dword 0x72be5d74f27b896f, 0x80deb1fe3b1696b1 - .dword 0x9bdc06a725c71235, 0xc19bf174cf692694 - .dword 0xe49b69c19ef14ad2, 0xefbe4786384f25e3 - .dword 0x0fc19dc68b8cd5b5, 0x240ca1cc77ac9c65 - .dword 0x2de92c6f592b0275, 0x4a7484aa6ea6e483 - .dword 0x5cb0a9dcbd41fbd4, 0x76f988da831153b5 - .dword 0x983e5152ee66dfab, 0xa831c66d2db43210 - .dword 0xb00327c898fb213f, 0xbf597fc7beef0ee4 - .dword 0xc6e00bf33da88fc2, 0xd5a79147930aa725 - .dword 0x06ca6351e003826f, 0x142929670a0e6e70 - .dword 0x27b70a8546d22ffc, 0x2e1b21385c26c926 - .dword 0x4d2c6dfc5ac42aed, 0x53380d139d95b3df - .dword 0x650a73548baf63de, 0x766a0abb3c77b2a8 - .dword 0x81c2c92e47edaee6, 0x92722c851482353b - .dword 0xa2bfe8a14cf10364, 0xa81a664bbc423001 - .dword 0xc24b8b70d0f89791, 0xc76c51a30654be30 - .dword 0xd192e819d6ef5218, 0xd69906245565a910 - .dword 0xf40e35855771202a, 0x106aa07032bbd1b8 - .dword 0x19a4c116b8d2d0c8, 0x1e376c085141ab53 - .dword 0x2748774cdf8eeb99, 0x34b0bcb5e19b48a8 - .dword 0x391c0cb3c5c95a63, 0x4ed8aa4ae3418acb - .dword 0x5b9cca4f7763e373, 0x682e6ff3d6b2b8a3 - .dword 0x748f82ee5defb2fc, 0x78a5636f43172f60 - .dword 0x84c87814a1f0ab72, 0x8cc702081a6439ec - .dword 0x90befffa23631e28, 0xa4506cebde82bde9 - .dword 0xbef9a3f7b2c67915, 0xc67178f2e372532b - .dword 0xca273eceea26619c, 0xd186b8c721c0c207 - .dword 0xeada7dd6cde0eb1e, 0xf57d4f7fee6ed178 - .dword 0x06f067aa72176fba, 0x0a637dc5a2c898a6 - .dword 0x113f9804bef90dae, 0x1b710b35131c471b - .dword 0x28db77f523047d84, 0x32caab7b40c72493 - .dword 0x3c9ebe0a15c9bebc, 0x431d67c49c100d4c - .dword 0x4cc5d4becb3e42b6, 0x597f299cfc657e2a - .dword 0x5fcb6fab3ad6faec, 0x6c44198c4a475817 -___ -} -$code.=<<___; -.asciiz "SHA${label} for MIPS, CRYPTOGAMS by " -.align 5 - -___ - -$code =~ s/\`([^\`]*)\`/eval $1/gem; -print $code; -close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/sha/asm/sha512-parisc.pl b/crypto/sha/asm/sha512-parisc.pl deleted file mode 100755 index d0e5a4d5cec2cf788a6a56867b0005aa2cb57ae6..0000000000000000000000000000000000000000 --- a/crypto/sha/asm/sha512-parisc.pl +++ /dev/null @@ -1,810 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2009-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - - -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# ==================================================================== - -# SHA256/512 block procedure for PA-RISC. - -# June 2009. -# -# SHA256 performance is >75% better than gcc 3.2 generated code on -# PA-7100LC. Compared to code generated by vendor compiler this -# implementation is almost 70% faster in 64-bit build, but delivers -# virtually same performance in 32-bit build on PA-8600. -# -# SHA512 performance is >2.9x better than gcc 3.2 generated code on -# PA-7100LC, PA-RISC 1.1 processor. Then implementation detects if the -# code is executed on PA-RISC 2.0 processor and switches to 64-bit -# code path delivering adequate performance even in "blended" 32-bit -# build. Though 64-bit code is not any faster than code generated by -# vendor compiler on PA-8600... -# -# Special thanks to polarhome.com for providing HP-UX account. - -# $output is the last argument if it looks like a file (it has an extension) -# $flavour is the first argument if it doesn't look like a file -$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; -$flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef; - -$output and open STDOUT,">$output"; - -if ($flavour =~ /64/) { - $LEVEL ="2.0W"; - $SIZE_T =8; - $FRAME_MARKER =80; - $SAVED_RP =16; - $PUSH ="std"; - $PUSHMA ="std,ma"; - $POP ="ldd"; - $POPMB ="ldd,mb"; -} else { - $LEVEL ="1.0"; - $SIZE_T =4; - $FRAME_MARKER =48; - $SAVED_RP =20; - $PUSH ="stw"; - $PUSHMA ="stwm"; - $POP ="ldw"; - $POPMB ="ldwm"; -} - -if ($output =~ /512/) { - $func="sha512_block_data_order"; - $SZ=8; - @Sigma0=(28,34,39); - @Sigma1=(14,18,41); - @sigma0=(1, 8, 7); - @sigma1=(19,61, 6); - $rounds=80; - $LAST10BITS=0x017; - $LD="ldd"; - $LDM="ldd,ma"; - $ST="std"; -} else { - $func="sha256_block_data_order"; - $SZ=4; - @Sigma0=( 2,13,22); - @Sigma1=( 6,11,25); - @sigma0=( 7,18, 3); - @sigma1=(17,19,10); - $rounds=64; - $LAST10BITS=0x0f2; - $LD="ldw"; - $LDM="ldwm"; - $ST="stw"; -} - -$FRAME=16*$SIZE_T+$FRAME_MARKER;# 16 saved regs + frame marker - # [+ argument transfer] -$XOFF=16*$SZ+32; # local variables -$FRAME+=$XOFF; -$XOFF+=$FRAME_MARKER; # distance between %sp and local variables - -$ctx="%r26"; # zapped by $a0 -$inp="%r25"; # zapped by $a1 -$num="%r24"; # zapped by $t0 - -$a0 ="%r26"; -$a1 ="%r25"; -$t0 ="%r24"; -$t1 ="%r29"; -$Tbl="%r31"; - -@V=($A,$B,$C,$D,$E,$F,$G,$H)=("%r17","%r18","%r19","%r20","%r21","%r22","%r23","%r28"); - -@X=("%r1", "%r2", "%r3", "%r4", "%r5", "%r6", "%r7", "%r8", - "%r9", "%r10","%r11","%r12","%r13","%r14","%r15","%r16",$inp); - -sub ROUND_00_15 { -my ($i,$a,$b,$c,$d,$e,$f,$g,$h)=@_; -$code.=<<___; - _ror $e,$Sigma1[0],$a0 - and $f,$e,$t0 - _ror $e,$Sigma1[1],$a1 - addl $t1,$h,$h - andcm $g,$e,$t1 - xor $a1,$a0,$a0 - _ror $a1,`$Sigma1[2]-$Sigma1[1]`,$a1 - or $t0,$t1,$t1 ; Ch(e,f,g) - addl @X[$i%16],$h,$h - xor $a0,$a1,$a1 ; Sigma1(e) - addl $t1,$h,$h - _ror $a,$Sigma0[0],$a0 - addl $a1,$h,$h - - _ror $a,$Sigma0[1],$a1 - and $a,$b,$t0 - and $a,$c,$t1 - xor $a1,$a0,$a0 - _ror $a1,`$Sigma0[2]-$Sigma0[1]`,$a1 - xor $t1,$t0,$t0 - and $b,$c,$t1 - xor $a0,$a1,$a1 ; Sigma0(a) - addl $h,$d,$d - xor $t1,$t0,$t0 ; Maj(a,b,c) - `"$LDM $SZ($Tbl),$t1" if ($i<15)` - addl $a1,$h,$h - addl $t0,$h,$h - -___ -} - -sub ROUND_16_xx { -my ($i,$a,$b,$c,$d,$e,$f,$g,$h)=@_; -$i-=16; -$code.=<<___; - _ror @X[($i+1)%16],$sigma0[0],$a0 - _ror @X[($i+1)%16],$sigma0[1],$a1 - addl @X[($i+9)%16],@X[$i],@X[$i] - _ror @X[($i+14)%16],$sigma1[0],$t0 - _ror @X[($i+14)%16],$sigma1[1],$t1 - xor $a1,$a0,$a0 - _shr @X[($i+1)%16],$sigma0[2],$a1 - xor $t1,$t0,$t0 - _shr @X[($i+14)%16],$sigma1[2],$t1 - xor $a1,$a0,$a0 ; sigma0(X[(i+1)&0x0f]) - xor $t1,$t0,$t0 ; sigma1(X[(i+14)&0x0f]) - $LDM $SZ($Tbl),$t1 - addl $a0,@X[$i],@X[$i] - addl $t0,@X[$i],@X[$i] -___ -$code.=<<___ if ($i==15); - extru $t1,31,10,$a1 - comiclr,<> $LAST10BITS,$a1,%r0 - ldo 1($Tbl),$Tbl ; signal end of $Tbl -___ -&ROUND_00_15($i+16,$a,$b,$c,$d,$e,$f,$g,$h); -} - -$code=<<___; - .LEVEL $LEVEL - .SPACE \$TEXT\$ - .SUBSPA \$CODE\$,QUAD=0,ALIGN=8,ACCESS=0x2C,CODE_ONLY - - .ALIGN 64 -L\$table -___ -$code.=<<___ if ($SZ==8); - .WORD 0x428a2f98,0xd728ae22,0x71374491,0x23ef65cd - .WORD 0xb5c0fbcf,0xec4d3b2f,0xe9b5dba5,0x8189dbbc - .WORD 0x3956c25b,0xf348b538,0x59f111f1,0xb605d019 - .WORD 0x923f82a4,0xaf194f9b,0xab1c5ed5,0xda6d8118 - .WORD 0xd807aa98,0xa3030242,0x12835b01,0x45706fbe - .WORD 0x243185be,0x4ee4b28c,0x550c7dc3,0xd5ffb4e2 - .WORD 0x72be5d74,0xf27b896f,0x80deb1fe,0x3b1696b1 - .WORD 0x9bdc06a7,0x25c71235,0xc19bf174,0xcf692694 - .WORD 0xe49b69c1,0x9ef14ad2,0xefbe4786,0x384f25e3 - .WORD 0x0fc19dc6,0x8b8cd5b5,0x240ca1cc,0x77ac9c65 - .WORD 0x2de92c6f,0x592b0275,0x4a7484aa,0x6ea6e483 - .WORD 0x5cb0a9dc,0xbd41fbd4,0x76f988da,0x831153b5 - .WORD 0x983e5152,0xee66dfab,0xa831c66d,0x2db43210 - .WORD 0xb00327c8,0x98fb213f,0xbf597fc7,0xbeef0ee4 - .WORD 0xc6e00bf3,0x3da88fc2,0xd5a79147,0x930aa725 - .WORD 0x06ca6351,0xe003826f,0x14292967,0x0a0e6e70 - .WORD 0x27b70a85,0x46d22ffc,0x2e1b2138,0x5c26c926 - .WORD 0x4d2c6dfc,0x5ac42aed,0x53380d13,0x9d95b3df - .WORD 0x650a7354,0x8baf63de,0x766a0abb,0x3c77b2a8 - .WORD 0x81c2c92e,0x47edaee6,0x92722c85,0x1482353b - .WORD 0xa2bfe8a1,0x4cf10364,0xa81a664b,0xbc423001 - .WORD 0xc24b8b70,0xd0f89791,0xc76c51a3,0x0654be30 - .WORD 0xd192e819,0xd6ef5218,0xd6990624,0x5565a910 - .WORD 0xf40e3585,0x5771202a,0x106aa070,0x32bbd1b8 - .WORD 0x19a4c116,0xb8d2d0c8,0x1e376c08,0x5141ab53 - .WORD 0x2748774c,0xdf8eeb99,0x34b0bcb5,0xe19b48a8 - .WORD 0x391c0cb3,0xc5c95a63,0x4ed8aa4a,0xe3418acb - .WORD 0x5b9cca4f,0x7763e373,0x682e6ff3,0xd6b2b8a3 - .WORD 0x748f82ee,0x5defb2fc,0x78a5636f,0x43172f60 - .WORD 0x84c87814,0xa1f0ab72,0x8cc70208,0x1a6439ec - .WORD 0x90befffa,0x23631e28,0xa4506ceb,0xde82bde9 - .WORD 0xbef9a3f7,0xb2c67915,0xc67178f2,0xe372532b - .WORD 0xca273ece,0xea26619c,0xd186b8c7,0x21c0c207 - .WORD 0xeada7dd6,0xcde0eb1e,0xf57d4f7f,0xee6ed178 - .WORD 0x06f067aa,0x72176fba,0x0a637dc5,0xa2c898a6 - .WORD 0x113f9804,0xbef90dae,0x1b710b35,0x131c471b - .WORD 0x28db77f5,0x23047d84,0x32caab7b,0x40c72493 - .WORD 0x3c9ebe0a,0x15c9bebc,0x431d67c4,0x9c100d4c - .WORD 0x4cc5d4be,0xcb3e42b6,0x597f299c,0xfc657e2a - .WORD 0x5fcb6fab,0x3ad6faec,0x6c44198c,0x4a475817 -___ -$code.=<<___ if ($SZ==4); - .WORD 0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5 - .WORD 0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5 - .WORD 0xd807aa98,0x12835b01,0x243185be,0x550c7dc3 - .WORD 0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174 - .WORD 0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc - .WORD 0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da - .WORD 0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7 - .WORD 0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967 - .WORD 0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13 - .WORD 0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85 - .WORD 0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3 - .WORD 0xd192e819,0xd6990624,0xf40e3585,0x106aa070 - .WORD 0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5 - .WORD 0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3 - .WORD 0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208 - .WORD 0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2 -___ -$code.=<<___; - - .EXPORT $func,ENTRY,ARGW0=GR,ARGW1=GR,ARGW2=GR - .ALIGN 64 -$func - .PROC - .CALLINFO FRAME=`$FRAME-16*$SIZE_T`,NO_CALLS,SAVE_RP,ENTRY_GR=18 - .ENTRY - $PUSH %r2,-$SAVED_RP(%sp) ; standard prologue - $PUSHMA %r3,$FRAME(%sp) - $PUSH %r4,`-$FRAME+1*$SIZE_T`(%sp) - $PUSH %r5,`-$FRAME+2*$SIZE_T`(%sp) - $PUSH %r6,`-$FRAME+3*$SIZE_T`(%sp) - $PUSH %r7,`-$FRAME+4*$SIZE_T`(%sp) - $PUSH %r8,`-$FRAME+5*$SIZE_T`(%sp) - $PUSH %r9,`-$FRAME+6*$SIZE_T`(%sp) - $PUSH %r10,`-$FRAME+7*$SIZE_T`(%sp) - $PUSH %r11,`-$FRAME+8*$SIZE_T`(%sp) - $PUSH %r12,`-$FRAME+9*$SIZE_T`(%sp) - $PUSH %r13,`-$FRAME+10*$SIZE_T`(%sp) - $PUSH %r14,`-$FRAME+11*$SIZE_T`(%sp) - $PUSH %r15,`-$FRAME+12*$SIZE_T`(%sp) - $PUSH %r16,`-$FRAME+13*$SIZE_T`(%sp) - $PUSH %r17,`-$FRAME+14*$SIZE_T`(%sp) - $PUSH %r18,`-$FRAME+15*$SIZE_T`(%sp) - - _shl $num,`log(16*$SZ)/log(2)`,$num - addl $inp,$num,$num ; $num to point at the end of $inp - - $PUSH $num,`-$FRAME_MARKER-4*$SIZE_T`(%sp) ; save arguments - $PUSH $inp,`-$FRAME_MARKER-3*$SIZE_T`(%sp) - $PUSH $ctx,`-$FRAME_MARKER-2*$SIZE_T`(%sp) - - blr %r0,$Tbl - ldi 3,$t1 -L\$pic - andcm $Tbl,$t1,$Tbl ; wipe privilege level - ldo L\$table-L\$pic($Tbl),$Tbl -___ -$code.=<<___ if ($SZ==8 && $SIZE_T==4); - ldi 31,$t1 - mtctl $t1,%cr11 - extrd,u,*= $t1,%sar,1,$t1 ; executes on PA-RISC 1.0 - b L\$parisc1 - nop -___ -$code.=<<___; - $LD `0*$SZ`($ctx),$A ; load context - $LD `1*$SZ`($ctx),$B - $LD `2*$SZ`($ctx),$C - $LD `3*$SZ`($ctx),$D - $LD `4*$SZ`($ctx),$E - $LD `5*$SZ`($ctx),$F - $LD `6*$SZ`($ctx),$G - $LD `7*$SZ`($ctx),$H - - extru $inp,31,`log($SZ)/log(2)`,$t0 - sh3addl $t0,%r0,$t0 - subi `8*$SZ`,$t0,$t0 - mtctl $t0,%cr11 ; load %sar with align factor - -L\$oop - ldi `$SZ-1`,$t0 - $LDM $SZ($Tbl),$t1 - andcm $inp,$t0,$t0 ; align $inp -___ - for ($i=0;$i<15;$i++) { # load input block - $code.="\t$LD `$SZ*$i`($t0),@X[$i]\n"; } -$code.=<<___; - cmpb,*= $inp,$t0,L\$aligned - $LD `$SZ*15`($t0),@X[15] - $LD `$SZ*16`($t0),@X[16] -___ - for ($i=0;$i<16;$i++) { # align data - $code.="\t_align @X[$i],@X[$i+1],@X[$i]\n"; } -$code.=<<___; -L\$aligned - nop ; otherwise /usr/ccs/bin/as is confused by below .WORD -___ - -for($i=0;$i<16;$i++) { &ROUND_00_15($i,@V); unshift(@V,pop(@V)); } -$code.=<<___; -L\$rounds - nop ; otherwise /usr/ccs/bin/as is confused by below .WORD -___ -for(;$i<32;$i++) { &ROUND_16_xx($i,@V); unshift(@V,pop(@V)); } -$code.=<<___; - bb,>= $Tbl,31,L\$rounds ; end of $Tbl signalled? - nop - - $POP `-$FRAME_MARKER-2*$SIZE_T`(%sp),$ctx ; restore arguments - $POP `-$FRAME_MARKER-3*$SIZE_T`(%sp),$inp - $POP `-$FRAME_MARKER-4*$SIZE_T`(%sp),$num - ldo `-$rounds*$SZ-1`($Tbl),$Tbl ; rewind $Tbl - - $LD `0*$SZ`($ctx),@X[0] ; load context - $LD `1*$SZ`($ctx),@X[1] - $LD `2*$SZ`($ctx),@X[2] - $LD `3*$SZ`($ctx),@X[3] - $LD `4*$SZ`($ctx),@X[4] - $LD `5*$SZ`($ctx),@X[5] - addl @X[0],$A,$A - $LD `6*$SZ`($ctx),@X[6] - addl @X[1],$B,$B - $LD `7*$SZ`($ctx),@X[7] - ldo `16*$SZ`($inp),$inp ; advance $inp - - $ST $A,`0*$SZ`($ctx) ; save context - addl @X[2],$C,$C - $ST $B,`1*$SZ`($ctx) - addl @X[3],$D,$D - $ST $C,`2*$SZ`($ctx) - addl @X[4],$E,$E - $ST $D,`3*$SZ`($ctx) - addl @X[5],$F,$F - $ST $E,`4*$SZ`($ctx) - addl @X[6],$G,$G - $ST $F,`5*$SZ`($ctx) - addl @X[7],$H,$H - $ST $G,`6*$SZ`($ctx) - $ST $H,`7*$SZ`($ctx) - - cmpb,*<>,n $inp,$num,L\$oop - $PUSH $inp,`-$FRAME_MARKER-3*$SIZE_T`(%sp) ; save $inp -___ -if ($SZ==8 && $SIZE_T==4) # SHA512 for 32-bit PA-RISC 1.0 -{{ -$code.=<<___; - b L\$done - nop - - .ALIGN 64 -L\$parisc1 -___ - -@V=( $Ahi, $Alo, $Bhi, $Blo, $Chi, $Clo, $Dhi, $Dlo, - $Ehi, $Elo, $Fhi, $Flo, $Ghi, $Glo, $Hhi, $Hlo) = - ( "%r1", "%r2", "%r3", "%r4", "%r5", "%r6", "%r7", "%r8", - "%r9","%r10","%r11","%r12","%r13","%r14","%r15","%r16"); -$a0 ="%r17"; -$a1 ="%r18"; -$a2 ="%r19"; -$a3 ="%r20"; -$t0 ="%r21"; -$t1 ="%r22"; -$t2 ="%r28"; -$t3 ="%r29"; -$Tbl="%r31"; - -@X=("%r23","%r24","%r25","%r26"); # zaps $num,$inp,$ctx - -sub ROUND_00_15_pa1 { -my ($i,$ahi,$alo,$bhi,$blo,$chi,$clo,$dhi,$dlo, - $ehi,$elo,$fhi,$flo,$ghi,$glo,$hhi,$hlo,$flag)=@_; -my ($Xhi,$Xlo,$Xnhi,$Xnlo) = @X; - -$code.=<<___ if (!$flag); - ldw `-$XOFF+8*(($i+1)%16)`(%sp),$Xnhi - ldw `-$XOFF+8*(($i+1)%16)+4`(%sp),$Xnlo ; load X[i+1] -___ -$code.=<<___; - shd $ehi,$elo,$Sigma1[0],$t0 - add $Xlo,$hlo,$hlo - shd $elo,$ehi,$Sigma1[0],$t1 - addc $Xhi,$hhi,$hhi ; h += X[i] - shd $ehi,$elo,$Sigma1[1],$t2 - ldwm 8($Tbl),$Xhi - shd $elo,$ehi,$Sigma1[1],$t3 - ldw -4($Tbl),$Xlo ; load K[i] - xor $t2,$t0,$t0 - xor $t3,$t1,$t1 - and $flo,$elo,$a0 - and $fhi,$ehi,$a1 - shd $ehi,$elo,$Sigma1[2],$t2 - andcm $glo,$elo,$a2 - shd $elo,$ehi,$Sigma1[2],$t3 - andcm $ghi,$ehi,$a3 - xor $t2,$t0,$t0 - xor $t3,$t1,$t1 ; Sigma1(e) - add $Xlo,$hlo,$hlo - xor $a2,$a0,$a0 - addc $Xhi,$hhi,$hhi ; h += K[i] - xor $a3,$a1,$a1 ; Ch(e,f,g) - - add $t0,$hlo,$hlo - shd $ahi,$alo,$Sigma0[0],$t0 - addc $t1,$hhi,$hhi ; h += Sigma1(e) - shd $alo,$ahi,$Sigma0[0],$t1 - add $a0,$hlo,$hlo - shd $ahi,$alo,$Sigma0[1],$t2 - addc $a1,$hhi,$hhi ; h += Ch(e,f,g) - shd $alo,$ahi,$Sigma0[1],$t3 - - xor $t2,$t0,$t0 - xor $t3,$t1,$t1 - shd $ahi,$alo,$Sigma0[2],$t2 - and $alo,$blo,$a0 - shd $alo,$ahi,$Sigma0[2],$t3 - and $ahi,$bhi,$a1 - xor $t2,$t0,$t0 - xor $t3,$t1,$t1 ; Sigma0(a) - - and $alo,$clo,$a2 - and $ahi,$chi,$a3 - xor $a2,$a0,$a0 - add $hlo,$dlo,$dlo - xor $a3,$a1,$a1 - addc $hhi,$dhi,$dhi ; d += h - and $blo,$clo,$a2 - add $t0,$hlo,$hlo - and $bhi,$chi,$a3 - addc $t1,$hhi,$hhi ; h += Sigma0(a) - xor $a2,$a0,$a0 - add $a0,$hlo,$hlo - xor $a3,$a1,$a1 ; Maj(a,b,c) - addc $a1,$hhi,$hhi ; h += Maj(a,b,c) - -___ -$code.=<<___ if ($i==15 && $flag); - extru $Xlo,31,10,$Xlo - comiclr,= $LAST10BITS,$Xlo,%r0 - b L\$rounds_pa1 - nop -___ -push(@X,shift(@X)); push(@X,shift(@X)); -} - -sub ROUND_16_xx_pa1 { -my ($Xhi,$Xlo,$Xnhi,$Xnlo) = @X; -my ($i)=shift; -$i-=16; -$code.=<<___; - ldw `-$XOFF+8*(($i+1)%16)`(%sp),$Xnhi - ldw `-$XOFF+8*(($i+1)%16)+4`(%sp),$Xnlo ; load X[i+1] - ldw `-$XOFF+8*(($i+9)%16)`(%sp),$a1 - ldw `-$XOFF+8*(($i+9)%16)+4`(%sp),$a0 ; load X[i+9] - ldw `-$XOFF+8*(($i+14)%16)`(%sp),$a3 - ldw `-$XOFF+8*(($i+14)%16)+4`(%sp),$a2 ; load X[i+14] - shd $Xnhi,$Xnlo,$sigma0[0],$t0 - shd $Xnlo,$Xnhi,$sigma0[0],$t1 - add $a0,$Xlo,$Xlo - shd $Xnhi,$Xnlo,$sigma0[1],$t2 - addc $a1,$Xhi,$Xhi - shd $Xnlo,$Xnhi,$sigma0[1],$t3 - xor $t2,$t0,$t0 - shd $Xnhi,$Xnlo,$sigma0[2],$t2 - xor $t3,$t1,$t1 - extru $Xnhi,`31-$sigma0[2]`,`32-$sigma0[2]`,$t3 - xor $t2,$t0,$t0 - shd $a3,$a2,$sigma1[0],$a0 - xor $t3,$t1,$t1 ; sigma0(X[i+1)&0x0f]) - shd $a2,$a3,$sigma1[0],$a1 - add $t0,$Xlo,$Xlo - shd $a3,$a2,$sigma1[1],$t2 - addc $t1,$Xhi,$Xhi - shd $a2,$a3,$sigma1[1],$t3 - xor $t2,$a0,$a0 - shd $a3,$a2,$sigma1[2],$t2 - xor $t3,$a1,$a1 - extru $a3,`31-$sigma1[2]`,`32-$sigma1[2]`,$t3 - xor $t2,$a0,$a0 - xor $t3,$a1,$a1 ; sigma0(X[i+14)&0x0f]) - add $a0,$Xlo,$Xlo - addc $a1,$Xhi,$Xhi - - stw $Xhi,`-$XOFF+8*($i%16)`(%sp) - stw $Xlo,`-$XOFF+8*($i%16)+4`(%sp) -___ -&ROUND_00_15_pa1($i,@_,1); -} -$code.=<<___; - ldw `0*4`($ctx),$Ahi ; load context - ldw `1*4`($ctx),$Alo - ldw `2*4`($ctx),$Bhi - ldw `3*4`($ctx),$Blo - ldw `4*4`($ctx),$Chi - ldw `5*4`($ctx),$Clo - ldw `6*4`($ctx),$Dhi - ldw `7*4`($ctx),$Dlo - ldw `8*4`($ctx),$Ehi - ldw `9*4`($ctx),$Elo - ldw `10*4`($ctx),$Fhi - ldw `11*4`($ctx),$Flo - ldw `12*4`($ctx),$Ghi - ldw `13*4`($ctx),$Glo - ldw `14*4`($ctx),$Hhi - ldw `15*4`($ctx),$Hlo - - extru $inp,31,2,$t0 - sh3addl $t0,%r0,$t0 - subi 32,$t0,$t0 - mtctl $t0,%cr11 ; load %sar with align factor - -L\$oop_pa1 - extru $inp,31,2,$a3 - comib,= 0,$a3,L\$aligned_pa1 - sub $inp,$a3,$inp - - ldw `0*4`($inp),$X[0] - ldw `1*4`($inp),$X[1] - ldw `2*4`($inp),$t2 - ldw `3*4`($inp),$t3 - ldw `4*4`($inp),$a0 - ldw `5*4`($inp),$a1 - ldw `6*4`($inp),$a2 - ldw `7*4`($inp),$a3 - vshd $X[0],$X[1],$X[0] - vshd $X[1],$t2,$X[1] - stw $X[0],`-$XOFF+0*4`(%sp) - ldw `8*4`($inp),$t0 - vshd $t2,$t3,$t2 - stw $X[1],`-$XOFF+1*4`(%sp) - ldw `9*4`($inp),$t1 - vshd $t3,$a0,$t3 -___ -{ -my @t=($t2,$t3,$a0,$a1,$a2,$a3,$t0,$t1); -for ($i=2;$i<=(128/4-8);$i++) { -$code.=<<___; - stw $t[0],`-$XOFF+$i*4`(%sp) - ldw `(8+$i)*4`($inp),$t[0] - vshd $t[1],$t[2],$t[1] -___ -push(@t,shift(@t)); -} -for (;$i<(128/4-1);$i++) { -$code.=<<___; - stw $t[0],`-$XOFF+$i*4`(%sp) - vshd $t[1],$t[2],$t[1] -___ -push(@t,shift(@t)); -} -$code.=<<___; - b L\$collected_pa1 - stw $t[0],`-$XOFF+$i*4`(%sp) - -___ -} -$code.=<<___; -L\$aligned_pa1 - ldw `0*4`($inp),$X[0] - ldw `1*4`($inp),$X[1] - ldw `2*4`($inp),$t2 - ldw `3*4`($inp),$t3 - ldw `4*4`($inp),$a0 - ldw `5*4`($inp),$a1 - ldw `6*4`($inp),$a2 - ldw `7*4`($inp),$a3 - stw $X[0],`-$XOFF+0*4`(%sp) - ldw `8*4`($inp),$t0 - stw $X[1],`-$XOFF+1*4`(%sp) - ldw `9*4`($inp),$t1 -___ -{ -my @t=($t2,$t3,$a0,$a1,$a2,$a3,$t0,$t1); -for ($i=2;$i<(128/4-8);$i++) { -$code.=<<___; - stw $t[0],`-$XOFF+$i*4`(%sp) - ldw `(8+$i)*4`($inp),$t[0] -___ -push(@t,shift(@t)); -} -for (;$i<128/4;$i++) { -$code.=<<___; - stw $t[0],`-$XOFF+$i*4`(%sp) -___ -push(@t,shift(@t)); -} -$code.="L\$collected_pa1\n"; -} - -for($i=0;$i<16;$i++) { &ROUND_00_15_pa1($i,@V); unshift(@V,pop(@V)); unshift(@V,pop(@V)); } -$code.="L\$rounds_pa1\n"; -for(;$i<32;$i++) { &ROUND_16_xx_pa1($i,@V); unshift(@V,pop(@V)); unshift(@V,pop(@V)); } - -$code.=<<___; - $POP `-$FRAME_MARKER-2*$SIZE_T`(%sp),$ctx ; restore arguments - $POP `-$FRAME_MARKER-3*$SIZE_T`(%sp),$inp - $POP `-$FRAME_MARKER-4*$SIZE_T`(%sp),$num - ldo `-$rounds*$SZ`($Tbl),$Tbl ; rewind $Tbl - - ldw `0*4`($ctx),$t1 ; update context - ldw `1*4`($ctx),$t0 - ldw `2*4`($ctx),$t3 - ldw `3*4`($ctx),$t2 - ldw `4*4`($ctx),$a1 - ldw `5*4`($ctx),$a0 - ldw `6*4`($ctx),$a3 - add $t0,$Alo,$Alo - ldw `7*4`($ctx),$a2 - addc $t1,$Ahi,$Ahi - ldw `8*4`($ctx),$t1 - add $t2,$Blo,$Blo - ldw `9*4`($ctx),$t0 - addc $t3,$Bhi,$Bhi - ldw `10*4`($ctx),$t3 - add $a0,$Clo,$Clo - ldw `11*4`($ctx),$t2 - addc $a1,$Chi,$Chi - ldw `12*4`($ctx),$a1 - add $a2,$Dlo,$Dlo - ldw `13*4`($ctx),$a0 - addc $a3,$Dhi,$Dhi - ldw `14*4`($ctx),$a3 - add $t0,$Elo,$Elo - ldw `15*4`($ctx),$a2 - addc $t1,$Ehi,$Ehi - stw $Ahi,`0*4`($ctx) - add $t2,$Flo,$Flo - stw $Alo,`1*4`($ctx) - addc $t3,$Fhi,$Fhi - stw $Bhi,`2*4`($ctx) - add $a0,$Glo,$Glo - stw $Blo,`3*4`($ctx) - addc $a1,$Ghi,$Ghi - stw $Chi,`4*4`($ctx) - add $a2,$Hlo,$Hlo - stw $Clo,`5*4`($ctx) - addc $a3,$Hhi,$Hhi - stw $Dhi,`6*4`($ctx) - ldo `16*$SZ`($inp),$inp ; advance $inp - stw $Dlo,`7*4`($ctx) - stw $Ehi,`8*4`($ctx) - stw $Elo,`9*4`($ctx) - stw $Fhi,`10*4`($ctx) - stw $Flo,`11*4`($ctx) - stw $Ghi,`12*4`($ctx) - stw $Glo,`13*4`($ctx) - stw $Hhi,`14*4`($ctx) - comb,= $inp,$num,L\$done - stw $Hlo,`15*4`($ctx) - b L\$oop_pa1 - $PUSH $inp,`-$FRAME_MARKER-3*$SIZE_T`(%sp) ; save $inp -L\$done -___ -}} -$code.=<<___; - $POP `-$FRAME-$SAVED_RP`(%sp),%r2 ; standard epilogue - $POP `-$FRAME+1*$SIZE_T`(%sp),%r4 - $POP `-$FRAME+2*$SIZE_T`(%sp),%r5 - $POP `-$FRAME+3*$SIZE_T`(%sp),%r6 - $POP `-$FRAME+4*$SIZE_T`(%sp),%r7 - $POP `-$FRAME+5*$SIZE_T`(%sp),%r8 - $POP `-$FRAME+6*$SIZE_T`(%sp),%r9 - $POP `-$FRAME+7*$SIZE_T`(%sp),%r10 - $POP `-$FRAME+8*$SIZE_T`(%sp),%r11 - $POP `-$FRAME+9*$SIZE_T`(%sp),%r12 - $POP `-$FRAME+10*$SIZE_T`(%sp),%r13 - $POP `-$FRAME+11*$SIZE_T`(%sp),%r14 - $POP `-$FRAME+12*$SIZE_T`(%sp),%r15 - $POP `-$FRAME+13*$SIZE_T`(%sp),%r16 - $POP `-$FRAME+14*$SIZE_T`(%sp),%r17 - $POP `-$FRAME+15*$SIZE_T`(%sp),%r18 - bv (%r2) - .EXIT - $POPMB -$FRAME(%sp),%r3 - .PROCEND - .STRINGZ "SHA`64*$SZ` block transform for PA-RISC, CRYPTOGAMS by " -___ - -# Explicitly encode PA-RISC 2.0 instructions used in this module, so -# that it can be compiled with .LEVEL 1.0. It should be noted that I -# wouldn't have to do this, if GNU assembler understood .ALLOW 2.0 -# directive... - -my $ldd = sub { - my ($mod,$args) = @_; - my $orig = "ldd$mod\t$args"; - - if ($args =~ /(\-?[0-9]+)\(%r([0-9]+)\),%r([0-9]+)/) # format 3 suffices - { my $opcode=(0x14<<26)|($2<<21)|($3<<16)|(($1&0x1FF8)<<1)|(($1>>13)&1); - $opcode|=(1<<3) if ($mod =~ /^,m/); - $opcode|=(1<<2) if ($mod =~ /^,mb/); - sprintf "\t.WORD\t0x%08x\t; %s",$opcode,$orig; - } - else { "\t".$orig; } -}; - -my $std = sub { - my ($mod,$args) = @_; - my $orig = "std$mod\t$args"; - - if ($args =~ /%r([0-9]+),(\-?[0-9]+)\(%r([0-9]+)\)/) # format 3 suffices - { my $opcode=(0x1c<<26)|($3<<21)|($1<<16)|(($2&0x1FF8)<<1)|(($2>>13)&1); - sprintf "\t.WORD\t0x%08x\t; %s",$opcode,$orig; - } - else { "\t".$orig; } -}; - -my $extrd = sub { - my ($mod,$args) = @_; - my $orig = "extrd$mod\t$args"; - - # I only have ",u" completer, it's implicitly encoded... - if ($args =~ /%r([0-9]+),([0-9]+),([0-9]+),%r([0-9]+)/) # format 15 - { my $opcode=(0x36<<26)|($1<<21)|($4<<16); - my $len=32-$3; - $opcode |= (($2&0x20)<<6)|(($2&0x1f)<<5); # encode pos - $opcode |= (($len&0x20)<<7)|($len&0x1f); # encode len - sprintf "\t.WORD\t0x%08x\t; %s",$opcode,$orig; - } - elsif ($args =~ /%r([0-9]+),%sar,([0-9]+),%r([0-9]+)/) # format 12 - { my $opcode=(0x34<<26)|($1<<21)|($3<<16)|(2<<11)|(1<<9); - my $len=32-$2; - $opcode |= (($len&0x20)<<3)|($len&0x1f); # encode len - $opcode |= (1<<13) if ($mod =~ /,\**=/); - sprintf "\t.WORD\t0x%08x\t; %s",$opcode,$orig; - } - else { "\t".$orig; } -}; - -my $shrpd = sub { - my ($mod,$args) = @_; - my $orig = "shrpd$mod\t$args"; - - if ($args =~ /%r([0-9]+),%r([0-9]+),([0-9]+),%r([0-9]+)/) # format 14 - { my $opcode=(0x34<<26)|($2<<21)|($1<<16)|(1<<10)|$4; - my $cpos=63-$3; - $opcode |= (($cpos&0x20)<<6)|(($cpos&0x1f)<<5); # encode sa - sprintf "\t.WORD\t0x%08x\t; %s",$opcode,$orig; - } - elsif ($args =~ /%r([0-9]+),%r([0-9]+),%sar,%r([0-9]+)/) # format 11 - { sprintf "\t.WORD\t0x%08x\t; %s", - (0x34<<26)|($2<<21)|($1<<16)|(1<<9)|$3,$orig; - } - else { "\t".$orig; } -}; - -sub assemble { - my ($mnemonic,$mod,$args)=@_; - my $opcode = eval("\$$mnemonic"); - - ref($opcode) eq 'CODE' ? &$opcode($mod,$args) : "\t$mnemonic$mod\t$args"; -} - -if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1` - =~ /GNU assembler/) { - $gnuas = 1; -} - -foreach (split("\n",$code)) { - s/\`([^\`]*)\`/eval $1/ge; - - s/shd\s+(%r[0-9]+),(%r[0-9]+),([0-9]+)/ - $3>31 ? sprintf("shd\t%$2,%$1,%d",$3-32) # rotation for >=32 - : sprintf("shd\t%$1,%$2,%d",$3)/e or - # translate made up instructions: _ror, _shr, _align, _shl - s/_ror(\s+)(%r[0-9]+),/ - ($SZ==4 ? "shd" : "shrpd")."$1$2,$2,"/e or - - s/_shr(\s+%r[0-9]+),([0-9]+),/ - $SZ==4 ? sprintf("extru%s,%d,%d,",$1,31-$2,32-$2) - : sprintf("extrd,u%s,%d,%d,",$1,63-$2,64-$2)/e or - - s/_align(\s+%r[0-9]+,%r[0-9]+),/ - ($SZ==4 ? "vshd$1," : "shrpd$1,%sar,")/e or - - s/_shl(\s+%r[0-9]+),([0-9]+),/ - $SIZE_T==4 ? sprintf("zdep%s,%d,%d,",$1,31-$2,32-$2) - : sprintf("depd,z%s,%d,%d,",$1,63-$2,64-$2)/e; - - s/^\s+([a-z]+)([\S]*)\s+([\S]*)/&assemble($1,$2,$3)/e if ($SIZE_T==4); - - s/(\.LEVEL\s+2\.0)W/$1w/ if ($gnuas && $SIZE_T==8); - s/\.SPACE\s+\$TEXT\$/.text/ if ($gnuas && $SIZE_T==8); - s/\.SUBSPA.*// if ($gnuas && $SIZE_T==8); - s/cmpb,\*/comb,/ if ($SIZE_T==4); - s/\bbv\b/bve/ if ($SIZE_T==8); - - print $_,"\n"; -} - -close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/sha/asm/sha512-ppc.pl b/crypto/sha/asm/sha512-ppc.pl deleted file mode 100755 index 966713936e62cd05a5f42681437db8251798e37b..0000000000000000000000000000000000000000 --- a/crypto/sha/asm/sha512-ppc.pl +++ /dev/null @@ -1,802 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - - -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# ==================================================================== - -# I let hardware handle unaligned input, except on page boundaries -# (see below for details). Otherwise straightforward implementation -# with X vector in register bank. - -# sha256 | sha512 -# -m64 -m32 | -m64 -m32 -# --------------------------------------+----------------------- -# PPC970,gcc-4.0.0 +50% +38% | +40% +410%(*) -# Power6,xlc-7 +150% +90% | +100% +430%(*) -# -# (*) 64-bit code in 32-bit application context, which actually is -# on TODO list. It should be noted that for safe deployment in -# 32-bit *multi-threaded* context asynchronous signals should be -# blocked upon entry to SHA512 block routine. This is because -# 32-bit signaling procedure invalidates upper halves of GPRs. -# Context switch procedure preserves them, but not signaling:-( - -# Second version is true multi-thread safe. Trouble with the original -# version was that it was using thread local storage pointer register. -# Well, it scrupulously preserved it, but the problem would arise the -# moment asynchronous signal was delivered and signal handler would -# dereference the TLS pointer. While it's never the case in openssl -# application or test suite, we have to respect this scenario and not -# use TLS pointer register. Alternative would be to require caller to -# block signals prior calling this routine. For the record, in 32-bit -# context R2 serves as TLS pointer, while in 64-bit context - R13. - -# $output is the last argument if it looks like a file (it has an extension) -# $flavour is the first argument if it doesn't look like a file -$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; -$flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef; - -if ($flavour =~ /64/) { - $SIZE_T=8; - $LRSAVE=2*$SIZE_T; - $STU="stdu"; - $UCMP="cmpld"; - $SHL="sldi"; - $POP="ld"; - $PUSH="std"; -} elsif ($flavour =~ /32/) { - $SIZE_T=4; - $LRSAVE=$SIZE_T; - $STU="stwu"; - $UCMP="cmplw"; - $SHL="slwi"; - $POP="lwz"; - $PUSH="stw"; -} else { die "nonsense $flavour"; } - -$LITTLE_ENDIAN = ($flavour=~/le$/) ? $SIZE_T : 0; - -$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; -( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or -( $xlate="${dir}../../perlasm/ppc-xlate.pl" and -f $xlate) or -die "can't locate ppc-xlate.pl"; - -open STDOUT,"| $^X $xlate $flavour \"$output\"" - or die "can't call $xlate: $!"; - -if ($output =~ /512/) { - $func="sha512_block_ppc"; - $SZ=8; - @Sigma0=(28,34,39); - @Sigma1=(14,18,41); - @sigma0=(1, 8, 7); - @sigma1=(19,61, 6); - $rounds=80; - $LD="ld"; - $ST="std"; - $ROR="rotrdi"; - $SHR="srdi"; -} else { - $func="sha256_block_ppc"; - $SZ=4; - @Sigma0=( 2,13,22); - @Sigma1=( 6,11,25); - @sigma0=( 7,18, 3); - @sigma1=(17,19,10); - $rounds=64; - $LD="lwz"; - $ST="stw"; - $ROR="rotrwi"; - $SHR="srwi"; -} - -$FRAME=32*$SIZE_T+16*$SZ; -$LOCALS=6*$SIZE_T; - -$sp ="r1"; -$toc="r2"; -$ctx="r3"; # zapped by $a0 -$inp="r4"; # zapped by $a1 -$num="r5"; # zapped by $t0 - -$T ="r0"; -$a0 ="r3"; -$a1 ="r4"; -$t0 ="r5"; -$t1 ="r6"; -$Tbl="r7"; - -$A ="r8"; -$B ="r9"; -$C ="r10"; -$D ="r11"; -$E ="r12"; -$F =$t1; $t1 = "r0"; # stay away from "r13"; -$G ="r14"; -$H ="r15"; - -@V=($A,$B,$C,$D,$E,$F,$G,$H); -@X=("r16","r17","r18","r19","r20","r21","r22","r23", - "r24","r25","r26","r27","r28","r29","r30","r31"); - -$inp="r31" if($SZ==4 || $SIZE_T==8); # reassigned $inp! aliases with @X[15] - -sub ROUND_00_15 { -my ($i,$a,$b,$c,$d,$e,$f,$g,$h)=@_; -$code.=<<___; - $ROR $a0,$e,$Sigma1[0] - $ROR $a1,$e,$Sigma1[1] - and $t0,$f,$e - xor $a0,$a0,$a1 - add $h,$h,$t1 - andc $t1,$g,$e - $ROR $a1,$a1,`$Sigma1[2]-$Sigma1[1]` - or $t0,$t0,$t1 ; Ch(e,f,g) - add $h,$h,@X[$i%16] - xor $a0,$a0,$a1 ; Sigma1(e) - add $h,$h,$t0 - add $h,$h,$a0 - - $ROR $a0,$a,$Sigma0[0] - $ROR $a1,$a,$Sigma0[1] - and $t0,$a,$b - and $t1,$a,$c - xor $a0,$a0,$a1 - $ROR $a1,$a1,`$Sigma0[2]-$Sigma0[1]` - xor $t0,$t0,$t1 - and $t1,$b,$c - xor $a0,$a0,$a1 ; Sigma0(a) - add $d,$d,$h - xor $t0,$t0,$t1 ; Maj(a,b,c) -___ -$code.=<<___ if ($i<15); - $LD $t1,`($i+1)*$SZ`($Tbl) -___ -$code.=<<___; - add $h,$h,$a0 - add $h,$h,$t0 - -___ -} - -sub ROUND_16_xx { -my ($i,$a,$b,$c,$d,$e,$f,$g,$h)=@_; -$i-=16; -$code.=<<___; - $ROR $a0,@X[($i+1)%16],$sigma0[0] - $ROR $a1,@X[($i+1)%16],$sigma0[1] - $ROR $t0,@X[($i+14)%16],$sigma1[0] - $ROR $t1,@X[($i+14)%16],$sigma1[1] - xor $a0,$a0,$a1 - $SHR $a1,@X[($i+1)%16],$sigma0[2] - xor $t0,$t0,$t1 - $SHR $t1,@X[($i+14)%16],$sigma1[2] - add @X[$i],@X[$i],@X[($i+9)%16] - xor $a0,$a0,$a1 ; sigma0(X[(i+1)&0x0f]) - xor $t0,$t0,$t1 ; sigma1(X[(i+14)&0x0f]) - $LD $t1,`$i*$SZ`($Tbl) - add @X[$i],@X[$i],$a0 - add @X[$i],@X[$i],$t0 -___ -&ROUND_00_15($i+16,$a,$b,$c,$d,$e,$f,$g,$h); -} - -$code=<<___; -.machine "any" -.text - -.globl $func -.align 6 -$func: - $STU $sp,-$FRAME($sp) - mflr r0 - $SHL $num,$num,`log(16*$SZ)/log(2)` - - $PUSH $ctx,`$FRAME-$SIZE_T*22`($sp) - - $PUSH r14,`$FRAME-$SIZE_T*18`($sp) - $PUSH r15,`$FRAME-$SIZE_T*17`($sp) - $PUSH r16,`$FRAME-$SIZE_T*16`($sp) - $PUSH r17,`$FRAME-$SIZE_T*15`($sp) - $PUSH r18,`$FRAME-$SIZE_T*14`($sp) - $PUSH r19,`$FRAME-$SIZE_T*13`($sp) - $PUSH r20,`$FRAME-$SIZE_T*12`($sp) - $PUSH r21,`$FRAME-$SIZE_T*11`($sp) - $PUSH r22,`$FRAME-$SIZE_T*10`($sp) - $PUSH r23,`$FRAME-$SIZE_T*9`($sp) - $PUSH r24,`$FRAME-$SIZE_T*8`($sp) - $PUSH r25,`$FRAME-$SIZE_T*7`($sp) - $PUSH r26,`$FRAME-$SIZE_T*6`($sp) - $PUSH r27,`$FRAME-$SIZE_T*5`($sp) - $PUSH r28,`$FRAME-$SIZE_T*4`($sp) - $PUSH r29,`$FRAME-$SIZE_T*3`($sp) - $PUSH r30,`$FRAME-$SIZE_T*2`($sp) - $PUSH r31,`$FRAME-$SIZE_T*1`($sp) - $PUSH r0,`$FRAME+$LRSAVE`($sp) -___ - -if ($SZ==4 || $SIZE_T==8) { -$code.=<<___; - $LD $A,`0*$SZ`($ctx) - mr $inp,r4 ; incarnate $inp - $LD $B,`1*$SZ`($ctx) - $LD $C,`2*$SZ`($ctx) - $LD $D,`3*$SZ`($ctx) - $LD $E,`4*$SZ`($ctx) - $LD $F,`5*$SZ`($ctx) - $LD $G,`6*$SZ`($ctx) - $LD $H,`7*$SZ`($ctx) -___ -} else { - for ($i=16;$i<32;$i++) { - $code.=<<___; - lwz r$i,`$LITTLE_ENDIAN^(4*($i-16))`($ctx) -___ - } -} - -$code.=<<___; - bl LPICmeup -LPICedup: - andi. r0,$inp,3 - bne Lunaligned -Laligned: - add $num,$inp,$num - $PUSH $num,`$FRAME-$SIZE_T*24`($sp) ; end pointer - $PUSH $inp,`$FRAME-$SIZE_T*23`($sp) ; inp pointer - bl Lsha2_block_private - b Ldone - -; PowerPC specification allows an implementation to be ill-behaved -; upon unaligned access which crosses page boundary. "Better safe -; than sorry" principle makes me treat it specially. But I don't -; look for particular offending word, but rather for the input -; block which crosses the boundary. Once found that block is aligned -; and hashed separately... -.align 4 -Lunaligned: - subfic $t1,$inp,4096 - andi. $t1,$t1,`4096-16*$SZ` ; distance to closest page boundary - beq Lcross_page - $UCMP $num,$t1 - ble Laligned ; didn't cross the page boundary - subfc $num,$t1,$num - add $t1,$inp,$t1 - $PUSH $num,`$FRAME-$SIZE_T*25`($sp) ; save real remaining num - $PUSH $t1,`$FRAME-$SIZE_T*24`($sp) ; intermediate end pointer - $PUSH $inp,`$FRAME-$SIZE_T*23`($sp) ; inp pointer - bl Lsha2_block_private - ; $inp equals to the intermediate end pointer here - $POP $num,`$FRAME-$SIZE_T*25`($sp) ; restore real remaining num -Lcross_page: - li $t1,`16*$SZ/4` - mtctr $t1 -___ -if ($SZ==4 || $SIZE_T==8) { -$code.=<<___; - addi r20,$sp,$LOCALS ; aligned spot below the frame -Lmemcpy: - lbz r16,0($inp) - lbz r17,1($inp) - lbz r18,2($inp) - lbz r19,3($inp) - addi $inp,$inp,4 - stb r16,0(r20) - stb r17,1(r20) - stb r18,2(r20) - stb r19,3(r20) - addi r20,r20,4 - bdnz Lmemcpy -___ -} else { -$code.=<<___; - addi r12,$sp,$LOCALS ; aligned spot below the frame -Lmemcpy: - lbz r8,0($inp) - lbz r9,1($inp) - lbz r10,2($inp) - lbz r11,3($inp) - addi $inp,$inp,4 - stb r8,0(r12) - stb r9,1(r12) - stb r10,2(r12) - stb r11,3(r12) - addi r12,r12,4 - bdnz Lmemcpy -___ -} - -$code.=<<___; - $PUSH $inp,`$FRAME-$SIZE_T*26`($sp) ; save real inp - addi $t1,$sp,`$LOCALS+16*$SZ` ; fictitious end pointer - addi $inp,$sp,$LOCALS ; fictitious inp pointer - $PUSH $num,`$FRAME-$SIZE_T*25`($sp) ; save real num - $PUSH $t1,`$FRAME-$SIZE_T*24`($sp) ; end pointer - $PUSH $inp,`$FRAME-$SIZE_T*23`($sp) ; inp pointer - bl Lsha2_block_private - $POP $inp,`$FRAME-$SIZE_T*26`($sp) ; restore real inp - $POP $num,`$FRAME-$SIZE_T*25`($sp) ; restore real num - addic. $num,$num,`-16*$SZ` ; num-- - bne Lunaligned - -Ldone: - $POP r0,`$FRAME+$LRSAVE`($sp) - $POP r14,`$FRAME-$SIZE_T*18`($sp) - $POP r15,`$FRAME-$SIZE_T*17`($sp) - $POP r16,`$FRAME-$SIZE_T*16`($sp) - $POP r17,`$FRAME-$SIZE_T*15`($sp) - $POP r18,`$FRAME-$SIZE_T*14`($sp) - $POP r19,`$FRAME-$SIZE_T*13`($sp) - $POP r20,`$FRAME-$SIZE_T*12`($sp) - $POP r21,`$FRAME-$SIZE_T*11`($sp) - $POP r22,`$FRAME-$SIZE_T*10`($sp) - $POP r23,`$FRAME-$SIZE_T*9`($sp) - $POP r24,`$FRAME-$SIZE_T*8`($sp) - $POP r25,`$FRAME-$SIZE_T*7`($sp) - $POP r26,`$FRAME-$SIZE_T*6`($sp) - $POP r27,`$FRAME-$SIZE_T*5`($sp) - $POP r28,`$FRAME-$SIZE_T*4`($sp) - $POP r29,`$FRAME-$SIZE_T*3`($sp) - $POP r30,`$FRAME-$SIZE_T*2`($sp) - $POP r31,`$FRAME-$SIZE_T*1`($sp) - mtlr r0 - addi $sp,$sp,$FRAME - blr - .long 0 - .byte 0,12,4,1,0x80,18,3,0 - .long 0 -___ - -if ($SZ==4 || $SIZE_T==8) { -$code.=<<___; -.align 4 -Lsha2_block_private: - $LD $t1,0($Tbl) -___ -for($i=0;$i<16;$i++) { -$code.=<<___ if ($SZ==4 && !$LITTLE_ENDIAN); - lwz @X[$i],`$i*$SZ`($inp) -___ -$code.=<<___ if ($SZ==4 && $LITTLE_ENDIAN); - lwz $a0,`$i*$SZ`($inp) - rotlwi @X[$i],$a0,8 - rlwimi @X[$i],$a0,24,0,7 - rlwimi @X[$i],$a0,24,16,23 -___ -# 64-bit loads are split to 2x32-bit ones, as CPU can't handle -# unaligned 64-bit loads, only 32-bit ones... -$code.=<<___ if ($SZ==8 && !$LITTLE_ENDIAN); - lwz $t0,`$i*$SZ`($inp) - lwz @X[$i],`$i*$SZ+4`($inp) - insrdi @X[$i],$t0,32,0 -___ -$code.=<<___ if ($SZ==8 && $LITTLE_ENDIAN); - lwz $a0,`$i*$SZ`($inp) - lwz $a1,`$i*$SZ+4`($inp) - rotlwi $t0,$a0,8 - rotlwi @X[$i],$a1,8 - rlwimi $t0,$a0,24,0,7 - rlwimi @X[$i],$a1,24,0,7 - rlwimi $t0,$a0,24,16,23 - rlwimi @X[$i],$a1,24,16,23 - insrdi @X[$i],$t0,32,0 -___ - &ROUND_00_15($i,@V); - unshift(@V,pop(@V)); -} -$code.=<<___; - li $t0,`$rounds/16-1` - mtctr $t0 -.align 4 -Lrounds: - addi $Tbl,$Tbl,`16*$SZ` -___ -for(;$i<32;$i++) { - &ROUND_16_xx($i,@V); - unshift(@V,pop(@V)); -} -$code.=<<___; - bdnz Lrounds - - $POP $ctx,`$FRAME-$SIZE_T*22`($sp) - $POP $inp,`$FRAME-$SIZE_T*23`($sp) ; inp pointer - $POP $num,`$FRAME-$SIZE_T*24`($sp) ; end pointer - subi $Tbl,$Tbl,`($rounds-16)*$SZ` ; rewind Tbl - - $LD r16,`0*$SZ`($ctx) - $LD r17,`1*$SZ`($ctx) - $LD r18,`2*$SZ`($ctx) - $LD r19,`3*$SZ`($ctx) - $LD r20,`4*$SZ`($ctx) - $LD r21,`5*$SZ`($ctx) - $LD r22,`6*$SZ`($ctx) - addi $inp,$inp,`16*$SZ` ; advance inp - $LD r23,`7*$SZ`($ctx) - add $A,$A,r16 - add $B,$B,r17 - $PUSH $inp,`$FRAME-$SIZE_T*23`($sp) - add $C,$C,r18 - $ST $A,`0*$SZ`($ctx) - add $D,$D,r19 - $ST $B,`1*$SZ`($ctx) - add $E,$E,r20 - $ST $C,`2*$SZ`($ctx) - add $F,$F,r21 - $ST $D,`3*$SZ`($ctx) - add $G,$G,r22 - $ST $E,`4*$SZ`($ctx) - add $H,$H,r23 - $ST $F,`5*$SZ`($ctx) - $ST $G,`6*$SZ`($ctx) - $UCMP $inp,$num - $ST $H,`7*$SZ`($ctx) - bne Lsha2_block_private - blr - .long 0 - .byte 0,12,0x14,0,0,0,0,0 -.size $func,.-$func -___ -} else { -######################################################################## -# SHA512 for PPC32, X vector is off-loaded to stack... -# -# | sha512 -# | -m32 -# ----------------------+----------------------- -# PPC74x0,gcc-4.0.1 | +48% -# POWER6,gcc-4.4.6 | +124%(*) -# POWER7,gcc-4.4.6 | +79%(*) -# e300,gcc-4.1.0 | +167% -# -# (*) ~1/3 of -m64 result [and ~20% better than -m32 code generated -# by xlc-12.1] - -my $XOFF=$LOCALS; - -my @V=map("r$_",(16..31)); # A..H - -my ($s0,$s1,$t0,$t1,$t2,$t3,$a0,$a1,$a2,$a3)=map("r$_",(0,5,6,8..12,14,15)); -my ($x0,$x1)=("r3","r4"); # zaps $ctx and $inp - -sub ROUND_00_15_ppc32 { -my ($i, $ahi,$alo,$bhi,$blo,$chi,$clo,$dhi,$dlo, - $ehi,$elo,$fhi,$flo,$ghi,$glo,$hhi,$hlo)=@_; - -$code.=<<___; - lwz $t2,`$SZ*($i%16)+($LITTLE_ENDIAN^4)`($Tbl) - xor $a0,$flo,$glo - lwz $t3,`$SZ*($i%16)+($LITTLE_ENDIAN^0)`($Tbl) - xor $a1,$fhi,$ghi - addc $hlo,$hlo,$t0 ; h+=x[i] - stw $t0,`$XOFF+0+$SZ*($i%16)`($sp) ; save x[i] - - srwi $s0,$elo,$Sigma1[0] - srwi $s1,$ehi,$Sigma1[0] - and $a0,$a0,$elo - adde $hhi,$hhi,$t1 - and $a1,$a1,$ehi - stw $t1,`$XOFF+4+$SZ*($i%16)`($sp) - srwi $t0,$elo,$Sigma1[1] - srwi $t1,$ehi,$Sigma1[1] - addc $hlo,$hlo,$t2 ; h+=K512[i] - insrwi $s0,$ehi,$Sigma1[0],0 - insrwi $s1,$elo,$Sigma1[0],0 - xor $a0,$a0,$glo ; Ch(e,f,g) - adde $hhi,$hhi,$t3 - xor $a1,$a1,$ghi - insrwi $t0,$ehi,$Sigma1[1],0 - insrwi $t1,$elo,$Sigma1[1],0 - addc $hlo,$hlo,$a0 ; h+=Ch(e,f,g) - srwi $t2,$ehi,$Sigma1[2]-32 - srwi $t3,$elo,$Sigma1[2]-32 - xor $s0,$s0,$t0 - xor $s1,$s1,$t1 - insrwi $t2,$elo,$Sigma1[2]-32,0 - insrwi $t3,$ehi,$Sigma1[2]-32,0 - xor $a0,$alo,$blo ; a^b, b^c in next round - adde $hhi,$hhi,$a1 - xor $a1,$ahi,$bhi - xor $s0,$s0,$t2 ; Sigma1(e) - xor $s1,$s1,$t3 - - srwi $t0,$alo,$Sigma0[0] - and $a2,$a2,$a0 - addc $hlo,$hlo,$s0 ; h+=Sigma1(e) - and $a3,$a3,$a1 - srwi $t1,$ahi,$Sigma0[0] - srwi $s0,$ahi,$Sigma0[1]-32 - adde $hhi,$hhi,$s1 - srwi $s1,$alo,$Sigma0[1]-32 - insrwi $t0,$ahi,$Sigma0[0],0 - insrwi $t1,$alo,$Sigma0[0],0 - xor $a2,$a2,$blo ; Maj(a,b,c) - addc $dlo,$dlo,$hlo ; d+=h - xor $a3,$a3,$bhi - insrwi $s0,$alo,$Sigma0[1]-32,0 - insrwi $s1,$ahi,$Sigma0[1]-32,0 - adde $dhi,$dhi,$hhi - srwi $t2,$ahi,$Sigma0[2]-32 - srwi $t3,$alo,$Sigma0[2]-32 - xor $s0,$s0,$t0 - addc $hlo,$hlo,$a2 ; h+=Maj(a,b,c) - xor $s1,$s1,$t1 - insrwi $t2,$alo,$Sigma0[2]-32,0 - insrwi $t3,$ahi,$Sigma0[2]-32,0 - adde $hhi,$hhi,$a3 -___ -$code.=<<___ if ($i>=15); - lwz $t0,`$XOFF+0+$SZ*(($i+2)%16)`($sp) - lwz $t1,`$XOFF+4+$SZ*(($i+2)%16)`($sp) -___ -$code.=<<___ if ($i<15 && !$LITTLE_ENDIAN); - lwz $t1,`$SZ*($i+1)+0`($inp) - lwz $t0,`$SZ*($i+1)+4`($inp) -___ -$code.=<<___ if ($i<15 && $LITTLE_ENDIAN); - lwz $a2,`$SZ*($i+1)+0`($inp) - lwz $a3,`$SZ*($i+1)+4`($inp) - rotlwi $t1,$a2,8 - rotlwi $t0,$a3,8 - rlwimi $t1,$a2,24,0,7 - rlwimi $t0,$a3,24,0,7 - rlwimi $t1,$a2,24,16,23 - rlwimi $t0,$a3,24,16,23 -___ -$code.=<<___; - xor $s0,$s0,$t2 ; Sigma0(a) - xor $s1,$s1,$t3 - addc $hlo,$hlo,$s0 ; h+=Sigma0(a) - adde $hhi,$hhi,$s1 -___ -$code.=<<___ if ($i==15); - lwz $x0,`$XOFF+0+$SZ*(($i+1)%16)`($sp) - lwz $x1,`$XOFF+4+$SZ*(($i+1)%16)`($sp) -___ -} -sub ROUND_16_xx_ppc32 { -my ($i, $ahi,$alo,$bhi,$blo,$chi,$clo,$dhi,$dlo, - $ehi,$elo,$fhi,$flo,$ghi,$glo,$hhi,$hlo)=@_; - -$code.=<<___; - srwi $s0,$t0,$sigma0[0] - srwi $s1,$t1,$sigma0[0] - srwi $t2,$t0,$sigma0[1] - srwi $t3,$t1,$sigma0[1] - insrwi $s0,$t1,$sigma0[0],0 - insrwi $s1,$t0,$sigma0[0],0 - srwi $a0,$t0,$sigma0[2] - insrwi $t2,$t1,$sigma0[1],0 - insrwi $t3,$t0,$sigma0[1],0 - insrwi $a0,$t1,$sigma0[2],0 - xor $s0,$s0,$t2 - lwz $t2,`$XOFF+0+$SZ*(($i+14)%16)`($sp) - srwi $a1,$t1,$sigma0[2] - xor $s1,$s1,$t3 - lwz $t3,`$XOFF+4+$SZ*(($i+14)%16)`($sp) - xor $a0,$a0,$s0 - srwi $s0,$t2,$sigma1[0] - xor $a1,$a1,$s1 - srwi $s1,$t3,$sigma1[0] - addc $x0,$x0,$a0 ; x[i]+=sigma0(x[i+1]) - srwi $a0,$t3,$sigma1[1]-32 - insrwi $s0,$t3,$sigma1[0],0 - insrwi $s1,$t2,$sigma1[0],0 - adde $x1,$x1,$a1 - srwi $a1,$t2,$sigma1[1]-32 - - insrwi $a0,$t2,$sigma1[1]-32,0 - srwi $t2,$t2,$sigma1[2] - insrwi $a1,$t3,$sigma1[1]-32,0 - insrwi $t2,$t3,$sigma1[2],0 - xor $s0,$s0,$a0 - lwz $a0,`$XOFF+0+$SZ*(($i+9)%16)`($sp) - srwi $t3,$t3,$sigma1[2] - xor $s1,$s1,$a1 - lwz $a1,`$XOFF+4+$SZ*(($i+9)%16)`($sp) - xor $s0,$s0,$t2 - addc $x0,$x0,$a0 ; x[i]+=x[i+9] - xor $s1,$s1,$t3 - adde $x1,$x1,$a1 - addc $x0,$x0,$s0 ; x[i]+=sigma1(x[i+14]) - adde $x1,$x1,$s1 -___ - ($t0,$t1,$x0,$x1) = ($x0,$x1,$t0,$t1); - &ROUND_00_15_ppc32(@_); -} - -$code.=<<___; -.align 4 -Lsha2_block_private: -___ -$code.=<<___ if (!$LITTLE_ENDIAN); - lwz $t1,0($inp) - xor $a2,@V[3],@V[5] ; B^C, magic seed - lwz $t0,4($inp) - xor $a3,@V[2],@V[4] -___ -$code.=<<___ if ($LITTLE_ENDIAN); - lwz $a1,0($inp) - xor $a2,@V[3],@V[5] ; B^C, magic seed - lwz $a0,4($inp) - xor $a3,@V[2],@V[4] - rotlwi $t1,$a1,8 - rotlwi $t0,$a0,8 - rlwimi $t1,$a1,24,0,7 - rlwimi $t0,$a0,24,0,7 - rlwimi $t1,$a1,24,16,23 - rlwimi $t0,$a0,24,16,23 -___ -for($i=0;$i<16;$i++) { - &ROUND_00_15_ppc32($i,@V); - unshift(@V,pop(@V)); unshift(@V,pop(@V)); - ($a0,$a1,$a2,$a3) = ($a2,$a3,$a0,$a1); -} -$code.=<<___; - li $a0,`$rounds/16-1` - mtctr $a0 -.align 4 -Lrounds: - addi $Tbl,$Tbl,`16*$SZ` -___ -for(;$i<32;$i++) { - &ROUND_16_xx_ppc32($i,@V); - unshift(@V,pop(@V)); unshift(@V,pop(@V)); - ($a0,$a1,$a2,$a3) = ($a2,$a3,$a0,$a1); -} -$code.=<<___; - bdnz Lrounds - - $POP $ctx,`$FRAME-$SIZE_T*22`($sp) - $POP $inp,`$FRAME-$SIZE_T*23`($sp) ; inp pointer - $POP $num,`$FRAME-$SIZE_T*24`($sp) ; end pointer - subi $Tbl,$Tbl,`($rounds-16)*$SZ` ; rewind Tbl - - lwz $t0,`$LITTLE_ENDIAN^0`($ctx) - lwz $t1,`$LITTLE_ENDIAN^4`($ctx) - lwz $t2,`$LITTLE_ENDIAN^8`($ctx) - lwz $t3,`$LITTLE_ENDIAN^12`($ctx) - lwz $a0,`$LITTLE_ENDIAN^16`($ctx) - lwz $a1,`$LITTLE_ENDIAN^20`($ctx) - lwz $a2,`$LITTLE_ENDIAN^24`($ctx) - addc @V[1],@V[1],$t1 - lwz $a3,`$LITTLE_ENDIAN^28`($ctx) - adde @V[0],@V[0],$t0 - lwz $t0,`$LITTLE_ENDIAN^32`($ctx) - addc @V[3],@V[3],$t3 - lwz $t1,`$LITTLE_ENDIAN^36`($ctx) - adde @V[2],@V[2],$t2 - lwz $t2,`$LITTLE_ENDIAN^40`($ctx) - addc @V[5],@V[5],$a1 - lwz $t3,`$LITTLE_ENDIAN^44`($ctx) - adde @V[4],@V[4],$a0 - lwz $a0,`$LITTLE_ENDIAN^48`($ctx) - addc @V[7],@V[7],$a3 - lwz $a1,`$LITTLE_ENDIAN^52`($ctx) - adde @V[6],@V[6],$a2 - lwz $a2,`$LITTLE_ENDIAN^56`($ctx) - addc @V[9],@V[9],$t1 - lwz $a3,`$LITTLE_ENDIAN^60`($ctx) - adde @V[8],@V[8],$t0 - stw @V[0],`$LITTLE_ENDIAN^0`($ctx) - stw @V[1],`$LITTLE_ENDIAN^4`($ctx) - addc @V[11],@V[11],$t3 - stw @V[2],`$LITTLE_ENDIAN^8`($ctx) - stw @V[3],`$LITTLE_ENDIAN^12`($ctx) - adde @V[10],@V[10],$t2 - stw @V[4],`$LITTLE_ENDIAN^16`($ctx) - stw @V[5],`$LITTLE_ENDIAN^20`($ctx) - addc @V[13],@V[13],$a1 - stw @V[6],`$LITTLE_ENDIAN^24`($ctx) - stw @V[7],`$LITTLE_ENDIAN^28`($ctx) - adde @V[12],@V[12],$a0 - stw @V[8],`$LITTLE_ENDIAN^32`($ctx) - stw @V[9],`$LITTLE_ENDIAN^36`($ctx) - addc @V[15],@V[15],$a3 - stw @V[10],`$LITTLE_ENDIAN^40`($ctx) - stw @V[11],`$LITTLE_ENDIAN^44`($ctx) - adde @V[14],@V[14],$a2 - stw @V[12],`$LITTLE_ENDIAN^48`($ctx) - stw @V[13],`$LITTLE_ENDIAN^52`($ctx) - stw @V[14],`$LITTLE_ENDIAN^56`($ctx) - stw @V[15],`$LITTLE_ENDIAN^60`($ctx) - - addi $inp,$inp,`16*$SZ` ; advance inp - $PUSH $inp,`$FRAME-$SIZE_T*23`($sp) - $UCMP $inp,$num - bne Lsha2_block_private - blr - .long 0 - .byte 0,12,0x14,0,0,0,0,0 -.size $func,.-$func -___ -} - -# Ugly hack here, because PPC assembler syntax seem to vary too -# much from platforms to platform... -$code.=<<___; -.align 6 -LPICmeup: - mflr r0 - bcl 20,31,\$+4 - mflr $Tbl ; vvvvvv "distance" between . and 1st data entry - addi $Tbl,$Tbl,`64-8` - mtlr r0 - blr - .long 0 - .byte 0,12,0x14,0,0,0,0,0 - .space `64-9*4` -___ -$code.=<<___ if ($SZ==8); - .quad 0x428a2f98d728ae22,0x7137449123ef65cd - .quad 0xb5c0fbcfec4d3b2f,0xe9b5dba58189dbbc - .quad 0x3956c25bf348b538,0x59f111f1b605d019 - .quad 0x923f82a4af194f9b,0xab1c5ed5da6d8118 - .quad 0xd807aa98a3030242,0x12835b0145706fbe - .quad 0x243185be4ee4b28c,0x550c7dc3d5ffb4e2 - .quad 0x72be5d74f27b896f,0x80deb1fe3b1696b1 - .quad 0x9bdc06a725c71235,0xc19bf174cf692694 - .quad 0xe49b69c19ef14ad2,0xefbe4786384f25e3 - .quad 0x0fc19dc68b8cd5b5,0x240ca1cc77ac9c65 - .quad 0x2de92c6f592b0275,0x4a7484aa6ea6e483 - .quad 0x5cb0a9dcbd41fbd4,0x76f988da831153b5 - .quad 0x983e5152ee66dfab,0xa831c66d2db43210 - .quad 0xb00327c898fb213f,0xbf597fc7beef0ee4 - .quad 0xc6e00bf33da88fc2,0xd5a79147930aa725 - .quad 0x06ca6351e003826f,0x142929670a0e6e70 - .quad 0x27b70a8546d22ffc,0x2e1b21385c26c926 - .quad 0x4d2c6dfc5ac42aed,0x53380d139d95b3df - .quad 0x650a73548baf63de,0x766a0abb3c77b2a8 - .quad 0x81c2c92e47edaee6,0x92722c851482353b - .quad 0xa2bfe8a14cf10364,0xa81a664bbc423001 - .quad 0xc24b8b70d0f89791,0xc76c51a30654be30 - .quad 0xd192e819d6ef5218,0xd69906245565a910 - .quad 0xf40e35855771202a,0x106aa07032bbd1b8 - .quad 0x19a4c116b8d2d0c8,0x1e376c085141ab53 - .quad 0x2748774cdf8eeb99,0x34b0bcb5e19b48a8 - .quad 0x391c0cb3c5c95a63,0x4ed8aa4ae3418acb - .quad 0x5b9cca4f7763e373,0x682e6ff3d6b2b8a3 - .quad 0x748f82ee5defb2fc,0x78a5636f43172f60 - .quad 0x84c87814a1f0ab72,0x8cc702081a6439ec - .quad 0x90befffa23631e28,0xa4506cebde82bde9 - .quad 0xbef9a3f7b2c67915,0xc67178f2e372532b - .quad 0xca273eceea26619c,0xd186b8c721c0c207 - .quad 0xeada7dd6cde0eb1e,0xf57d4f7fee6ed178 - .quad 0x06f067aa72176fba,0x0a637dc5a2c898a6 - .quad 0x113f9804bef90dae,0x1b710b35131c471b - .quad 0x28db77f523047d84,0x32caab7b40c72493 - .quad 0x3c9ebe0a15c9bebc,0x431d67c49c100d4c - .quad 0x4cc5d4becb3e42b6,0x597f299cfc657e2a - .quad 0x5fcb6fab3ad6faec,0x6c44198c4a475817 -___ -$code.=<<___ if ($SZ==4); - .long 0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5 - .long 0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5 - .long 0xd807aa98,0x12835b01,0x243185be,0x550c7dc3 - .long 0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174 - .long 0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc - .long 0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da - .long 0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7 - .long 0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967 - .long 0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13 - .long 0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85 - .long 0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3 - .long 0xd192e819,0xd6990624,0xf40e3585,0x106aa070 - .long 0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5 - .long 0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3 - .long 0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208 - .long 0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2 -___ - -$code =~ s/\`([^\`]*)\`/eval $1/gem; -print $code; -close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/sha/asm/sha512-s390x.pl b/crypto/sha/asm/sha512-s390x.pl deleted file mode 100644 index bc8ab0ca9fdd6d4acd39273a1e0566092fa955f1..0000000000000000000000000000000000000000 --- a/crypto/sha/asm/sha512-s390x.pl +++ /dev/null @@ -1,326 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - - -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# ==================================================================== - -# SHA256/512 block procedures for s390x. - -# April 2007. -# -# sha256_block_data_order is reportedly >3 times faster than gcc 3.3 -# generated code (must be a bug in compiler, as improvement is -# "pathologically" high, in particular in comparison to other SHA -# modules). But the real twist is that it detects if hardware support -# for SHA256 is available and in such case utilizes it. Then the -# performance can reach >6.5x of assembler one for larger chunks. -# -# sha512_block_data_order is ~70% faster than gcc 3.3 generated code. - -# January 2009. -# -# Add support for hardware SHA512 and reschedule instructions to -# favour dual-issue z10 pipeline. Hardware SHA256/512 is ~4.7x faster -# than software. - -# November 2010. -# -# Adapt for -m31 build. If kernel supports what's called "highgprs" -# feature on Linux [see /proc/cpuinfo], it's possible to use 64-bit -# instructions and achieve "64-bit" performance even in 31-bit legacy -# application context. The feature is not specific to any particular -# processor, as long as it's "z-CPU". Latter implies that the code -# remains z/Architecture specific. On z990 SHA256 was measured to -# perform 2.4x and SHA512 - 13x better than code generated by gcc 4.3. - -# $output is the last argument if it looks like a file (it has an extension) -# $flavour is the first argument if it doesn't look like a file -$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; -$flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef; - -if ($flavour =~ /3[12]/) { - $SIZE_T=4; - $g=""; -} else { - $SIZE_T=8; - $g="g"; -} - -$t0="%r0"; -$t1="%r1"; -$ctx="%r2"; $t2="%r2"; -$inp="%r3"; -$len="%r4"; # used as index in inner loop - -$A="%r5"; -$B="%r6"; -$C="%r7"; -$D="%r8"; -$E="%r9"; -$F="%r10"; -$G="%r11"; -$H="%r12"; @V=($A,$B,$C,$D,$E,$F,$G,$H); -$tbl="%r13"; -$T1="%r14"; -$sp="%r15"; - -open STDOUT,">$output"; - -if ($output =~ /512/) { - $label="512"; - $SZ=8; - $LD="lg"; # load from memory - $ST="stg"; # store to memory - $ADD="alg"; # add with memory operand - $ROT="rllg"; # rotate left - $SHR="srlg"; # logical right shift [see even at the end] - @Sigma0=(25,30,36); - @Sigma1=(23,46,50); - @sigma0=(56,63, 7); - @sigma1=( 3,45, 6); - $rounds=80; - $kimdfunc=3; # 0 means unknown/unsupported/unimplemented/disabled -} else { - $label="256"; - $SZ=4; - $LD="llgf"; # load from memory - $ST="st"; # store to memory - $ADD="al"; # add with memory operand - $ROT="rll"; # rotate left - $SHR="srl"; # logical right shift - @Sigma0=(10,19,30); - @Sigma1=( 7,21,26); - @sigma0=(14,25, 3); - @sigma1=(13,15,10); - $rounds=64; - $kimdfunc=2; # magic function code for kimd instruction -} -$Func="sha${label}_block_data_order"; -$Table="K${label}"; -$stdframe=16*$SIZE_T+4*8; -$frame=$stdframe+16*$SZ; - -sub BODY_00_15 { -my ($i,$a,$b,$c,$d,$e,$f,$g,$h) = @_; - -$code.=<<___ if ($i<16); - $LD $T1,`$i*$SZ`($inp) ### $i -___ -$code.=<<___; - $ROT $t0,$e,$Sigma1[0] - $ROT $t1,$e,$Sigma1[1] - lgr $t2,$f - xgr $t0,$t1 - $ROT $t1,$t1,`$Sigma1[2]-$Sigma1[1]` - xgr $t2,$g - $ST $T1,`$stdframe+$SZ*($i%16)`($sp) - xgr $t0,$t1 # Sigma1(e) - algr $T1,$h # T1+=h - ngr $t2,$e - lgr $t1,$a - algr $T1,$t0 # T1+=Sigma1(e) - $ROT $h,$a,$Sigma0[0] - xgr $t2,$g # Ch(e,f,g) - $ADD $T1,`$i*$SZ`($len,$tbl) # T1+=K[i] - $ROT $t0,$a,$Sigma0[1] - algr $T1,$t2 # T1+=Ch(e,f,g) - ogr $t1,$b - xgr $h,$t0 - lgr $t2,$a - ngr $t1,$c - $ROT $t0,$t0,`$Sigma0[2]-$Sigma0[1]` - xgr $h,$t0 # h=Sigma0(a) - ngr $t2,$b - algr $h,$T1 # h+=T1 - ogr $t2,$t1 # Maj(a,b,c) - algr $d,$T1 # d+=T1 - algr $h,$t2 # h+=Maj(a,b,c) -___ -} - -sub BODY_16_XX { -my ($i,$a,$b,$c,$d,$e,$f,$g,$h) = @_; - -$code.=<<___; - $LD $T1,`$stdframe+$SZ*(($i+1)%16)`($sp) ### $i - $LD $t1,`$stdframe+$SZ*(($i+14)%16)`($sp) - $ROT $t0,$T1,$sigma0[0] - $SHR $T1,$sigma0[2] - $ROT $t2,$t0,`$sigma0[1]-$sigma0[0]` - xgr $T1,$t0 - $ROT $t0,$t1,$sigma1[0] - xgr $T1,$t2 # sigma0(X[i+1]) - $SHR $t1,$sigma1[2] - $ADD $T1,`$stdframe+$SZ*($i%16)`($sp) # +=X[i] - xgr $t1,$t0 - $ROT $t0,$t0,`$sigma1[1]-$sigma1[0]` - $ADD $T1,`$stdframe+$SZ*(($i+9)%16)`($sp) # +=X[i+9] - xgr $t1,$t0 # sigma1(X[i+14]) - algr $T1,$t1 # +=sigma1(X[i+14]) -___ - &BODY_00_15(@_); -} - -$code.=<<___; -#include "s390x_arch.h" - -.text -.align 64 -.type $Table,\@object -$Table: -___ -$code.=<<___ if ($SZ==4); - .long 0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5 - .long 0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5 - .long 0xd807aa98,0x12835b01,0x243185be,0x550c7dc3 - .long 0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174 - .long 0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc - .long 0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da - .long 0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7 - .long 0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967 - .long 0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13 - .long 0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85 - .long 0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3 - .long 0xd192e819,0xd6990624,0xf40e3585,0x106aa070 - .long 0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5 - .long 0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3 - .long 0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208 - .long 0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2 -___ -$code.=<<___ if ($SZ==8); - .quad 0x428a2f98d728ae22,0x7137449123ef65cd - .quad 0xb5c0fbcfec4d3b2f,0xe9b5dba58189dbbc - .quad 0x3956c25bf348b538,0x59f111f1b605d019 - .quad 0x923f82a4af194f9b,0xab1c5ed5da6d8118 - .quad 0xd807aa98a3030242,0x12835b0145706fbe - .quad 0x243185be4ee4b28c,0x550c7dc3d5ffb4e2 - .quad 0x72be5d74f27b896f,0x80deb1fe3b1696b1 - .quad 0x9bdc06a725c71235,0xc19bf174cf692694 - .quad 0xe49b69c19ef14ad2,0xefbe4786384f25e3 - .quad 0x0fc19dc68b8cd5b5,0x240ca1cc77ac9c65 - .quad 0x2de92c6f592b0275,0x4a7484aa6ea6e483 - .quad 0x5cb0a9dcbd41fbd4,0x76f988da831153b5 - .quad 0x983e5152ee66dfab,0xa831c66d2db43210 - .quad 0xb00327c898fb213f,0xbf597fc7beef0ee4 - .quad 0xc6e00bf33da88fc2,0xd5a79147930aa725 - .quad 0x06ca6351e003826f,0x142929670a0e6e70 - .quad 0x27b70a8546d22ffc,0x2e1b21385c26c926 - .quad 0x4d2c6dfc5ac42aed,0x53380d139d95b3df - .quad 0x650a73548baf63de,0x766a0abb3c77b2a8 - .quad 0x81c2c92e47edaee6,0x92722c851482353b - .quad 0xa2bfe8a14cf10364,0xa81a664bbc423001 - .quad 0xc24b8b70d0f89791,0xc76c51a30654be30 - .quad 0xd192e819d6ef5218,0xd69906245565a910 - .quad 0xf40e35855771202a,0x106aa07032bbd1b8 - .quad 0x19a4c116b8d2d0c8,0x1e376c085141ab53 - .quad 0x2748774cdf8eeb99,0x34b0bcb5e19b48a8 - .quad 0x391c0cb3c5c95a63,0x4ed8aa4ae3418acb - .quad 0x5b9cca4f7763e373,0x682e6ff3d6b2b8a3 - .quad 0x748f82ee5defb2fc,0x78a5636f43172f60 - .quad 0x84c87814a1f0ab72,0x8cc702081a6439ec - .quad 0x90befffa23631e28,0xa4506cebde82bde9 - .quad 0xbef9a3f7b2c67915,0xc67178f2e372532b - .quad 0xca273eceea26619c,0xd186b8c721c0c207 - .quad 0xeada7dd6cde0eb1e,0xf57d4f7fee6ed178 - .quad 0x06f067aa72176fba,0x0a637dc5a2c898a6 - .quad 0x113f9804bef90dae,0x1b710b35131c471b - .quad 0x28db77f523047d84,0x32caab7b40c72493 - .quad 0x3c9ebe0a15c9bebc,0x431d67c49c100d4c - .quad 0x4cc5d4becb3e42b6,0x597f299cfc657e2a - .quad 0x5fcb6fab3ad6faec,0x6c44198c4a475817 -___ -$code.=<<___; -.size $Table,.-$Table -.globl $Func -.type $Func,\@function -$Func: - sllg $len,$len,`log(16*$SZ)/log(2)` -___ -$code.=<<___ if ($kimdfunc); - larl %r1,OPENSSL_s390xcap_P - lg %r0,S390X_KIMD(%r1) # check kimd capabilities - tmhh %r0,`0x8000>>$kimdfunc` - jz .Lsoftware - lghi %r0,$kimdfunc - lgr %r1,$ctx - lgr %r2,$inp - lgr %r3,$len - .long 0xb93e0002 # kimd %r0,%r2 - brc 1,.-4 # pay attention to "partial completion" - br %r14 -.align 16 -.Lsoftware: -___ -$code.=<<___; - lghi %r1,-$frame - la $len,0($len,$inp) - stm${g} $ctx,%r15,`2*$SIZE_T`($sp) - lgr %r0,$sp - la $sp,0(%r1,$sp) - st${g} %r0,0($sp) - - larl $tbl,$Table - $LD $A,`0*$SZ`($ctx) - $LD $B,`1*$SZ`($ctx) - $LD $C,`2*$SZ`($ctx) - $LD $D,`3*$SZ`($ctx) - $LD $E,`4*$SZ`($ctx) - $LD $F,`5*$SZ`($ctx) - $LD $G,`6*$SZ`($ctx) - $LD $H,`7*$SZ`($ctx) - -.Lloop: - lghi $len,0 -___ -for ($i=0;$i<16;$i++) { &BODY_00_15($i,@V); unshift(@V,pop(@V)); } -$code.=".Lrounds_16_xx:\n"; -for (;$i<32;$i++) { &BODY_16_XX($i,@V); unshift(@V,pop(@V)); } -$code.=<<___; - aghi $len,`16*$SZ` - lghi $t0,`($rounds-16)*$SZ` - clgr $len,$t0 - jne .Lrounds_16_xx - - l${g} $ctx,`$frame+2*$SIZE_T`($sp) - la $inp,`16*$SZ`($inp) - $ADD $A,`0*$SZ`($ctx) - $ADD $B,`1*$SZ`($ctx) - $ADD $C,`2*$SZ`($ctx) - $ADD $D,`3*$SZ`($ctx) - $ADD $E,`4*$SZ`($ctx) - $ADD $F,`5*$SZ`($ctx) - $ADD $G,`6*$SZ`($ctx) - $ADD $H,`7*$SZ`($ctx) - $ST $A,`0*$SZ`($ctx) - $ST $B,`1*$SZ`($ctx) - $ST $C,`2*$SZ`($ctx) - $ST $D,`3*$SZ`($ctx) - $ST $E,`4*$SZ`($ctx) - $ST $F,`5*$SZ`($ctx) - $ST $G,`6*$SZ`($ctx) - $ST $H,`7*$SZ`($ctx) - cl${g} $inp,`$frame+4*$SIZE_T`($sp) - jne .Lloop - - lm${g} %r6,%r15,`$frame+6*$SIZE_T`($sp) - br %r14 -.size $Func,.-$Func -.string "SHA${label} block transform for s390x, CRYPTOGAMS by " -___ - -$code =~ s/\`([^\`]*)\`/eval $1/gem; -# unlike 32-bit shift 64-bit one takes three arguments -$code =~ s/(srlg\s+)(%r[0-9]+),/$1$2,$2,/gm; - -print $code; -close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/sha/asm/sha512-sparcv9.pl b/crypto/sha/asm/sha512-sparcv9.pl deleted file mode 100644 index 6bf366ef124107012df0b4ae12b05fb73677dccb..0000000000000000000000000000000000000000 --- a/crypto/sha/asm/sha512-sparcv9.pl +++ /dev/null @@ -1,862 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - - -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# -# Hardware SPARC T4 support by David S. Miller -# ==================================================================== - -# SHA256 performance improvement over compiler generated code varies -# from 40% for Sun C [32-bit build] to 70% for gcc [3.3, 64-bit -# build]. Just like in SHA1 module I aim to ensure scalability on -# UltraSPARC T1 by packing X[16] to 8 64-bit registers. - -# SHA512 on pre-T1 UltraSPARC. -# -# Performance is >75% better than 64-bit code generated by Sun C and -# over 2x than 32-bit code. X[16] resides on stack, but access to it -# is scheduled for L2 latency and staged through 32 least significant -# bits of %l0-%l7. The latter is done to achieve 32-/64-bit ABI -# duality. Nevertheless it's ~40% faster than SHA256, which is pretty -# good [optimal coefficient is 50%]. -# -# SHA512 on UltraSPARC T1. -# -# It's not any faster than 64-bit code generated by Sun C 5.8. This is -# because 64-bit code generator has the advantage of using 64-bit -# loads(*) to access X[16], which I consciously traded for 32-/64-bit -# ABI duality [as per above]. But it surpasses 32-bit Sun C generated -# code by 60%, not to mention that it doesn't suffer from severe decay -# when running 4 times physical cores threads and that it leaves gcc -# [3.4] behind by over 4x factor! If compared to SHA256, single thread -# performance is only 10% better, but overall throughput for maximum -# amount of threads for given CPU exceeds corresponding one of SHA256 -# by 30% [again, optimal coefficient is 50%]. -# -# (*) Unlike pre-T1 UltraSPARC loads on T1 are executed strictly -# in-order, i.e. load instruction has to complete prior next -# instruction in given thread is executed, even if the latter is -# not dependent on load result! This means that on T1 two 32-bit -# loads are always slower than one 64-bit load. Once again this -# is unlike pre-T1 UltraSPARC, where, if scheduled appropriately, -# 2x32-bit loads can be as fast as 1x64-bit ones. -# -# SPARC T4 SHA256/512 hardware achieves 3.17/2.01 cycles per byte, -# which is 9.3x/11.1x faster than software. Multi-process benchmark -# saturates at 11.5x single-process result on 8-core processor, or -# ~11/16GBps per 2.85GHz socket. - -# $output is the last argument if it looks like a file (it has an extension) -$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; - -$output and open STDOUT,">$output"; - -if ($output =~ /512/) { - $label="512"; - $SZ=8; - $LD="ldx"; # load from memory - $ST="stx"; # store to memory - $SLL="sllx"; # shift left logical - $SRL="srlx"; # shift right logical - @Sigma0=(28,34,39); - @Sigma1=(14,18,41); - @sigma0=( 7, 1, 8); # right shift first - @sigma1=( 6,19,61); # right shift first - $lastK=0x817; - $rounds=80; - $align=4; - - $locals=16*$SZ; # X[16] - - $A="%o0"; - $B="%o1"; - $C="%o2"; - $D="%o3"; - $E="%o4"; - $F="%o5"; - $G="%g1"; - $H="%o7"; - @V=($A,$B,$C,$D,$E,$F,$G,$H); -} else { - $label="256"; - $SZ=4; - $LD="ld"; # load from memory - $ST="st"; # store to memory - $SLL="sll"; # shift left logical - $SRL="srl"; # shift right logical - @Sigma0=( 2,13,22); - @Sigma1=( 6,11,25); - @sigma0=( 3, 7,18); # right shift first - @sigma1=(10,17,19); # right shift first - $lastK=0x8f2; - $rounds=64; - $align=8; - - $locals=0; # X[16] is register resident - @X=("%o0","%o1","%o2","%o3","%o4","%o5","%g1","%o7"); - - $A="%l0"; - $B="%l1"; - $C="%l2"; - $D="%l3"; - $E="%l4"; - $F="%l5"; - $G="%l6"; - $H="%l7"; - @V=($A,$B,$C,$D,$E,$F,$G,$H); -} -$T1="%g2"; -$tmp0="%g3"; -$tmp1="%g4"; -$tmp2="%g5"; - -$ctx="%i0"; -$inp="%i1"; -$len="%i2"; -$Ktbl="%i3"; -$tmp31="%i4"; -$tmp32="%i5"; - -########### SHA256 -$Xload = sub { -my ($i,$a,$b,$c,$d,$e,$f,$g,$h)=@_; - - if ($i==0) { -$code.=<<___; - ldx [$inp+0],@X[0] - ldx [$inp+16],@X[2] - ldx [$inp+32],@X[4] - ldx [$inp+48],@X[6] - ldx [$inp+8],@X[1] - ldx [$inp+24],@X[3] - subcc %g0,$tmp31,$tmp32 ! should be 64-$tmp31, but -$tmp31 works too - ldx [$inp+40],@X[5] - bz,pt %icc,.Laligned - ldx [$inp+56],@X[7] - - sllx @X[0],$tmp31,@X[0] - ldx [$inp+64],$T1 -___ -for($j=0;$j<7;$j++) -{ $code.=<<___; - srlx @X[$j+1],$tmp32,$tmp1 - sllx @X[$j+1],$tmp31,@X[$j+1] - or $tmp1,@X[$j],@X[$j] -___ -} -$code.=<<___; - srlx $T1,$tmp32,$T1 - or $T1,@X[7],@X[7] -.Laligned: -___ - } - - if ($i&1) { - $code.="\tadd @X[$i/2],$h,$T1\n"; - } else { - $code.="\tsrlx @X[$i/2],32,$T1\n\tadd $h,$T1,$T1\n"; - } -} if ($SZ==4); - -########### SHA512 -$Xload = sub { -my ($i,$a,$b,$c,$d,$e,$f,$g,$h)=@_; -my @pair=("%l".eval(($i*2)%8),"%l".eval(($i*2)%8+1),"%l".eval((($i+1)*2)%8)); - -$code.=<<___ if ($i==0); - ld [$inp+0],%l0 - ld [$inp+4],%l1 - ld [$inp+8],%l2 - ld [$inp+12],%l3 - ld [$inp+16],%l4 - ld [$inp+20],%l5 - ld [$inp+24],%l6 - cmp $tmp31,0 - ld [$inp+28],%l7 -___ -$code.=<<___ if ($i<15); - sllx @pair[1],$tmp31,$tmp2 ! Xload($i) - add $tmp31,32,$tmp0 - sllx @pair[0],$tmp0,$tmp1 - `"ld [$inp+".eval(32+0+$i*8)."],@pair[0]" if ($i<12)` - srlx @pair[2],$tmp32,@pair[1] - or $tmp1,$tmp2,$tmp2 - or @pair[1],$tmp2,$tmp2 - `"ld [$inp+".eval(32+4+$i*8)."],@pair[1]" if ($i<12)` - add $h,$tmp2,$T1 - $ST $tmp2,[%sp+STACK_BIAS+STACK_FRAME+`$i*$SZ`] -___ -$code.=<<___ if ($i==12); - bnz,a,pn %icc,.+8 - ld [$inp+128],%l0 -___ -$code.=<<___ if ($i==15); - ld [%sp+STACK_BIAS+STACK_FRAME+`(($i+1+1)%16)*$SZ+0`],%l2 - sllx @pair[1],$tmp31,$tmp2 ! Xload($i) - add $tmp31,32,$tmp0 - ld [%sp+STACK_BIAS+STACK_FRAME+`(($i+1+1)%16)*$SZ+4`],%l3 - sllx @pair[0],$tmp0,$tmp1 - ld [%sp+STACK_BIAS+STACK_FRAME+`(($i+1+9)%16)*$SZ+0`],%l4 - srlx @pair[2],$tmp32,@pair[1] - or $tmp1,$tmp2,$tmp2 - ld [%sp+STACK_BIAS+STACK_FRAME+`(($i+1+9)%16)*$SZ+4`],%l5 - or @pair[1],$tmp2,$tmp2 - ld [%sp+STACK_BIAS+STACK_FRAME+`(($i+1+14)%16)*$SZ+0`],%l6 - add $h,$tmp2,$T1 - $ST $tmp2,[%sp+STACK_BIAS+STACK_FRAME+`$i*$SZ`] - ld [%sp+STACK_BIAS+STACK_FRAME+`(($i+1+14)%16)*$SZ+4`],%l7 - ld [%sp+STACK_BIAS+STACK_FRAME+`(($i+1+0)%16)*$SZ+0`],%l0 - ld [%sp+STACK_BIAS+STACK_FRAME+`(($i+1+0)%16)*$SZ+4`],%l1 -___ -} if ($SZ==8); - -########### common -sub BODY_00_15 { -my ($i,$a,$b,$c,$d,$e,$f,$g,$h)=@_; - - if ($i<16) { - &$Xload(@_); - } else { - $code.="\tadd $h,$T1,$T1\n"; - } - -$code.=<<___; - $SRL $e,@Sigma1[0],$h !! $i - xor $f,$g,$tmp2 - $SLL $e,`$SZ*8-@Sigma1[2]`,$tmp1 - and $e,$tmp2,$tmp2 - $SRL $e,@Sigma1[1],$tmp0 - xor $tmp1,$h,$h - $SLL $e,`$SZ*8-@Sigma1[1]`,$tmp1 - xor $tmp0,$h,$h - $SRL $e,@Sigma1[2],$tmp0 - xor $tmp1,$h,$h - $SLL $e,`$SZ*8-@Sigma1[0]`,$tmp1 - xor $tmp0,$h,$h - xor $g,$tmp2,$tmp2 ! Ch(e,f,g) - xor $tmp1,$h,$tmp0 ! Sigma1(e) - - $SRL $a,@Sigma0[0],$h - add $tmp2,$T1,$T1 - $LD [$Ktbl+`$i*$SZ`],$tmp2 ! K[$i] - $SLL $a,`$SZ*8-@Sigma0[2]`,$tmp1 - add $tmp0,$T1,$T1 - $SRL $a,@Sigma0[1],$tmp0 - xor $tmp1,$h,$h - $SLL $a,`$SZ*8-@Sigma0[1]`,$tmp1 - xor $tmp0,$h,$h - $SRL $a,@Sigma0[2],$tmp0 - xor $tmp1,$h,$h - $SLL $a,`$SZ*8-@Sigma0[0]`,$tmp1 - xor $tmp0,$h,$h - xor $tmp1,$h,$h ! Sigma0(a) - - or $a,$b,$tmp0 - and $a,$b,$tmp1 - and $c,$tmp0,$tmp0 - or $tmp0,$tmp1,$tmp1 ! Maj(a,b,c) - add $tmp2,$T1,$T1 ! +=K[$i] - add $tmp1,$h,$h - - add $T1,$d,$d - add $T1,$h,$h -___ -} - -########### SHA256 -$BODY_16_XX = sub { -my $i=@_[0]; -my $xi; - - if ($i&1) { - $xi=$tmp32; - $code.="\tsrlx @X[(($i+1)/2)%8],32,$xi\n"; - } else { - $xi=@X[(($i+1)/2)%8]; - } -$code.=<<___; - srl $xi,@sigma0[0],$T1 !! Xupdate($i) - sll $xi,`32-@sigma0[2]`,$tmp1 - srl $xi,@sigma0[1],$tmp0 - xor $tmp1,$T1,$T1 - sll $tmp1,`@sigma0[2]-@sigma0[1]`,$tmp1 - xor $tmp0,$T1,$T1 - srl $xi,@sigma0[2],$tmp0 - xor $tmp1,$T1,$T1 -___ - if ($i&1) { - $xi=@X[(($i+14)/2)%8]; - } else { - $xi=$tmp32; - $code.="\tsrlx @X[(($i+14)/2)%8],32,$xi\n"; - } -$code.=<<___; - srl $xi,@sigma1[0],$tmp2 - xor $tmp0,$T1,$T1 ! T1=sigma0(X[i+1]) - sll $xi,`32-@sigma1[2]`,$tmp1 - srl $xi,@sigma1[1],$tmp0 - xor $tmp1,$tmp2,$tmp2 - sll $tmp1,`@sigma1[2]-@sigma1[1]`,$tmp1 - xor $tmp0,$tmp2,$tmp2 - srl $xi,@sigma1[2],$tmp0 - xor $tmp1,$tmp2,$tmp2 -___ - if ($i&1) { - $xi=@X[($i/2)%8]; -$code.=<<___; - srlx @X[(($i+9)/2)%8],32,$tmp1 ! X[i+9] - xor $tmp0,$tmp2,$tmp2 ! sigma1(X[i+14]) - srl @X[($i/2)%8],0,$tmp0 - add $tmp2,$tmp1,$tmp1 - add $xi,$T1,$T1 ! +=X[i] - xor $tmp0,@X[($i/2)%8],@X[($i/2)%8] - add $tmp1,$T1,$T1 - - srl $T1,0,$T1 - or $T1,@X[($i/2)%8],@X[($i/2)%8] -___ - } else { - $xi=@X[(($i+9)/2)%8]; -$code.=<<___; - srlx @X[($i/2)%8],32,$tmp1 ! X[i] - xor $tmp0,$tmp2,$tmp2 ! sigma1(X[i+14]) - add $xi,$T1,$T1 ! +=X[i+9] - add $tmp2,$tmp1,$tmp1 - srl @X[($i/2)%8],0,@X[($i/2)%8] - add $tmp1,$T1,$T1 - - sllx $T1,32,$tmp0 - or $tmp0,@X[($i/2)%8],@X[($i/2)%8] -___ - } - &BODY_00_15(@_); -} if ($SZ==4); - -########### SHA512 -$BODY_16_XX = sub { -my $i=@_[0]; -my @pair=("%l".eval(($i*2)%8),"%l".eval(($i*2)%8+1)); - -$code.=<<___; - sllx %l2,32,$tmp0 !! Xupdate($i) - or %l3,$tmp0,$tmp0 - - srlx $tmp0,@sigma0[0],$T1 - ld [%sp+STACK_BIAS+STACK_FRAME+`(($i+1+1)%16)*$SZ+0`],%l2 - sllx $tmp0,`64-@sigma0[2]`,$tmp1 - ld [%sp+STACK_BIAS+STACK_FRAME+`(($i+1+1)%16)*$SZ+4`],%l3 - srlx $tmp0,@sigma0[1],$tmp0 - xor $tmp1,$T1,$T1 - sllx $tmp1,`@sigma0[2]-@sigma0[1]`,$tmp1 - xor $tmp0,$T1,$T1 - srlx $tmp0,`@sigma0[2]-@sigma0[1]`,$tmp0 - xor $tmp1,$T1,$T1 - sllx %l6,32,$tmp2 - xor $tmp0,$T1,$T1 ! sigma0(X[$i+1]) - or %l7,$tmp2,$tmp2 - - srlx $tmp2,@sigma1[0],$tmp1 - ld [%sp+STACK_BIAS+STACK_FRAME+`(($i+1+14)%16)*$SZ+0`],%l6 - sllx $tmp2,`64-@sigma1[2]`,$tmp0 - ld [%sp+STACK_BIAS+STACK_FRAME+`(($i+1+14)%16)*$SZ+4`],%l7 - srlx $tmp2,@sigma1[1],$tmp2 - xor $tmp0,$tmp1,$tmp1 - sllx $tmp0,`@sigma1[2]-@sigma1[1]`,$tmp0 - xor $tmp2,$tmp1,$tmp1 - srlx $tmp2,`@sigma1[2]-@sigma1[1]`,$tmp2 - xor $tmp0,$tmp1,$tmp1 - sllx %l4,32,$tmp0 - xor $tmp2,$tmp1,$tmp1 ! sigma1(X[$i+14]) - ld [%sp+STACK_BIAS+STACK_FRAME+`(($i+1+9)%16)*$SZ+0`],%l4 - or %l5,$tmp0,$tmp0 - ld [%sp+STACK_BIAS+STACK_FRAME+`(($i+1+9)%16)*$SZ+4`],%l5 - - sllx %l0,32,$tmp2 - add $tmp1,$T1,$T1 - ld [%sp+STACK_BIAS+STACK_FRAME+`(($i+1+0)%16)*$SZ+0`],%l0 - or %l1,$tmp2,$tmp2 - add $tmp0,$T1,$T1 ! +=X[$i+9] - ld [%sp+STACK_BIAS+STACK_FRAME+`(($i+1+0)%16)*$SZ+4`],%l1 - add $tmp2,$T1,$T1 ! +=X[$i] - $ST $T1,[%sp+STACK_BIAS+STACK_FRAME+`($i%16)*$SZ`] -___ - &BODY_00_15(@_); -} if ($SZ==8); - -$code.=<<___; -#ifndef __ASSEMBLER__ -# define __ASSEMBLER__ 1 -#endif -#include "crypto/sparc_arch.h" - -#ifdef __arch64__ -.register %g2,#scratch -.register %g3,#scratch -#endif - -.section ".text",#alloc,#execinstr - -.align 64 -K${label}: -.type K${label},#object -___ -if ($SZ==4) { -$code.=<<___; - .long 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5 - .long 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5 - .long 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3 - .long 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174 - .long 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc - .long 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da - .long 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7 - .long 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967 - .long 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13 - .long 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85 - .long 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3 - .long 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070 - .long 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5 - .long 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3 - .long 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208 - .long 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2 -___ -} else { -$code.=<<___; - .long 0x428a2f98,0xd728ae22, 0x71374491,0x23ef65cd - .long 0xb5c0fbcf,0xec4d3b2f, 0xe9b5dba5,0x8189dbbc - .long 0x3956c25b,0xf348b538, 0x59f111f1,0xb605d019 - .long 0x923f82a4,0xaf194f9b, 0xab1c5ed5,0xda6d8118 - .long 0xd807aa98,0xa3030242, 0x12835b01,0x45706fbe - .long 0x243185be,0x4ee4b28c, 0x550c7dc3,0xd5ffb4e2 - .long 0x72be5d74,0xf27b896f, 0x80deb1fe,0x3b1696b1 - .long 0x9bdc06a7,0x25c71235, 0xc19bf174,0xcf692694 - .long 0xe49b69c1,0x9ef14ad2, 0xefbe4786,0x384f25e3 - .long 0x0fc19dc6,0x8b8cd5b5, 0x240ca1cc,0x77ac9c65 - .long 0x2de92c6f,0x592b0275, 0x4a7484aa,0x6ea6e483 - .long 0x5cb0a9dc,0xbd41fbd4, 0x76f988da,0x831153b5 - .long 0x983e5152,0xee66dfab, 0xa831c66d,0x2db43210 - .long 0xb00327c8,0x98fb213f, 0xbf597fc7,0xbeef0ee4 - .long 0xc6e00bf3,0x3da88fc2, 0xd5a79147,0x930aa725 - .long 0x06ca6351,0xe003826f, 0x14292967,0x0a0e6e70 - .long 0x27b70a85,0x46d22ffc, 0x2e1b2138,0x5c26c926 - .long 0x4d2c6dfc,0x5ac42aed, 0x53380d13,0x9d95b3df - .long 0x650a7354,0x8baf63de, 0x766a0abb,0x3c77b2a8 - .long 0x81c2c92e,0x47edaee6, 0x92722c85,0x1482353b - .long 0xa2bfe8a1,0x4cf10364, 0xa81a664b,0xbc423001 - .long 0xc24b8b70,0xd0f89791, 0xc76c51a3,0x0654be30 - .long 0xd192e819,0xd6ef5218, 0xd6990624,0x5565a910 - .long 0xf40e3585,0x5771202a, 0x106aa070,0x32bbd1b8 - .long 0x19a4c116,0xb8d2d0c8, 0x1e376c08,0x5141ab53 - .long 0x2748774c,0xdf8eeb99, 0x34b0bcb5,0xe19b48a8 - .long 0x391c0cb3,0xc5c95a63, 0x4ed8aa4a,0xe3418acb - .long 0x5b9cca4f,0x7763e373, 0x682e6ff3,0xd6b2b8a3 - .long 0x748f82ee,0x5defb2fc, 0x78a5636f,0x43172f60 - .long 0x84c87814,0xa1f0ab72, 0x8cc70208,0x1a6439ec - .long 0x90befffa,0x23631e28, 0xa4506ceb,0xde82bde9 - .long 0xbef9a3f7,0xb2c67915, 0xc67178f2,0xe372532b - .long 0xca273ece,0xea26619c, 0xd186b8c7,0x21c0c207 - .long 0xeada7dd6,0xcde0eb1e, 0xf57d4f7f,0xee6ed178 - .long 0x06f067aa,0x72176fba, 0x0a637dc5,0xa2c898a6 - .long 0x113f9804,0xbef90dae, 0x1b710b35,0x131c471b - .long 0x28db77f5,0x23047d84, 0x32caab7b,0x40c72493 - .long 0x3c9ebe0a,0x15c9bebc, 0x431d67c4,0x9c100d4c - .long 0x4cc5d4be,0xcb3e42b6, 0x597f299c,0xfc657e2a - .long 0x5fcb6fab,0x3ad6faec, 0x6c44198c,0x4a475817 -___ -} -$code.=<<___; -.size K${label},.-K${label} - -#ifdef __PIC__ -SPARC_PIC_THUNK(%g1) -#endif - -.globl sha${label}_block_data_order -.align 32 -sha${label}_block_data_order: - SPARC_LOAD_ADDRESS_LEAF(OPENSSL_sparcv9cap_P,%g1,%g5) - ld [%g1+4],%g1 ! OPENSSL_sparcv9cap_P[1] - - andcc %g1, CFR_SHA${label}, %g0 - be .Lsoftware - nop -___ -$code.=<<___ if ($SZ==8); # SHA512 - ldd [%o0 + 0x00], %f0 ! load context - ldd [%o0 + 0x08], %f2 - ldd [%o0 + 0x10], %f4 - ldd [%o0 + 0x18], %f6 - ldd [%o0 + 0x20], %f8 - ldd [%o0 + 0x28], %f10 - andcc %o1, 0x7, %g0 - ldd [%o0 + 0x30], %f12 - bne,pn %icc, .Lhwunaligned - ldd [%o0 + 0x38], %f14 - -.Lhwaligned_loop: - ldd [%o1 + 0x00], %f16 - ldd [%o1 + 0x08], %f18 - ldd [%o1 + 0x10], %f20 - ldd [%o1 + 0x18], %f22 - ldd [%o1 + 0x20], %f24 - ldd [%o1 + 0x28], %f26 - ldd [%o1 + 0x30], %f28 - ldd [%o1 + 0x38], %f30 - ldd [%o1 + 0x40], %f32 - ldd [%o1 + 0x48], %f34 - ldd [%o1 + 0x50], %f36 - ldd [%o1 + 0x58], %f38 - ldd [%o1 + 0x60], %f40 - ldd [%o1 + 0x68], %f42 - ldd [%o1 + 0x70], %f44 - subcc %o2, 1, %o2 ! done yet? - ldd [%o1 + 0x78], %f46 - add %o1, 0x80, %o1 - prefetch [%o1 + 63], 20 - prefetch [%o1 + 64+63], 20 - - .word 0x81b02860 ! SHA512 - - bne,pt SIZE_T_CC, .Lhwaligned_loop - nop - -.Lhwfinish: - std %f0, [%o0 + 0x00] ! store context - std %f2, [%o0 + 0x08] - std %f4, [%o0 + 0x10] - std %f6, [%o0 + 0x18] - std %f8, [%o0 + 0x20] - std %f10, [%o0 + 0x28] - std %f12, [%o0 + 0x30] - retl - std %f14, [%o0 + 0x38] - -.align 16 -.Lhwunaligned: - alignaddr %o1, %g0, %o1 - - ldd [%o1 + 0x00], %f18 -.Lhwunaligned_loop: - ldd [%o1 + 0x08], %f20 - ldd [%o1 + 0x10], %f22 - ldd [%o1 + 0x18], %f24 - ldd [%o1 + 0x20], %f26 - ldd [%o1 + 0x28], %f28 - ldd [%o1 + 0x30], %f30 - ldd [%o1 + 0x38], %f32 - ldd [%o1 + 0x40], %f34 - ldd [%o1 + 0x48], %f36 - ldd [%o1 + 0x50], %f38 - ldd [%o1 + 0x58], %f40 - ldd [%o1 + 0x60], %f42 - ldd [%o1 + 0x68], %f44 - ldd [%o1 + 0x70], %f46 - ldd [%o1 + 0x78], %f48 - subcc %o2, 1, %o2 ! done yet? - ldd [%o1 + 0x80], %f50 - add %o1, 0x80, %o1 - prefetch [%o1 + 63], 20 - prefetch [%o1 + 64+63], 20 - - faligndata %f18, %f20, %f16 - faligndata %f20, %f22, %f18 - faligndata %f22, %f24, %f20 - faligndata %f24, %f26, %f22 - faligndata %f26, %f28, %f24 - faligndata %f28, %f30, %f26 - faligndata %f30, %f32, %f28 - faligndata %f32, %f34, %f30 - faligndata %f34, %f36, %f32 - faligndata %f36, %f38, %f34 - faligndata %f38, %f40, %f36 - faligndata %f40, %f42, %f38 - faligndata %f42, %f44, %f40 - faligndata %f44, %f46, %f42 - faligndata %f46, %f48, %f44 - faligndata %f48, %f50, %f46 - - .word 0x81b02860 ! SHA512 - - bne,pt SIZE_T_CC, .Lhwunaligned_loop - for %f50, %f50, %f18 ! %f18=%f50 - - ba .Lhwfinish - nop -___ -$code.=<<___ if ($SZ==4); # SHA256 - ld [%o0 + 0x00], %f0 - ld [%o0 + 0x04], %f1 - ld [%o0 + 0x08], %f2 - ld [%o0 + 0x0c], %f3 - ld [%o0 + 0x10], %f4 - ld [%o0 + 0x14], %f5 - andcc %o1, 0x7, %g0 - ld [%o0 + 0x18], %f6 - bne,pn %icc, .Lhwunaligned - ld [%o0 + 0x1c], %f7 - -.Lhwloop: - ldd [%o1 + 0x00], %f8 - ldd [%o1 + 0x08], %f10 - ldd [%o1 + 0x10], %f12 - ldd [%o1 + 0x18], %f14 - ldd [%o1 + 0x20], %f16 - ldd [%o1 + 0x28], %f18 - ldd [%o1 + 0x30], %f20 - subcc %o2, 1, %o2 ! done yet? - ldd [%o1 + 0x38], %f22 - add %o1, 0x40, %o1 - prefetch [%o1 + 63], 20 - - .word 0x81b02840 ! SHA256 - - bne,pt SIZE_T_CC, .Lhwloop - nop - -.Lhwfinish: - st %f0, [%o0 + 0x00] ! store context - st %f1, [%o0 + 0x04] - st %f2, [%o0 + 0x08] - st %f3, [%o0 + 0x0c] - st %f4, [%o0 + 0x10] - st %f5, [%o0 + 0x14] - st %f6, [%o0 + 0x18] - retl - st %f7, [%o0 + 0x1c] - -.align 8 -.Lhwunaligned: - alignaddr %o1, %g0, %o1 - - ldd [%o1 + 0x00], %f10 -.Lhwunaligned_loop: - ldd [%o1 + 0x08], %f12 - ldd [%o1 + 0x10], %f14 - ldd [%o1 + 0x18], %f16 - ldd [%o1 + 0x20], %f18 - ldd [%o1 + 0x28], %f20 - ldd [%o1 + 0x30], %f22 - ldd [%o1 + 0x38], %f24 - subcc %o2, 1, %o2 ! done yet? - ldd [%o1 + 0x40], %f26 - add %o1, 0x40, %o1 - prefetch [%o1 + 63], 20 - - faligndata %f10, %f12, %f8 - faligndata %f12, %f14, %f10 - faligndata %f14, %f16, %f12 - faligndata %f16, %f18, %f14 - faligndata %f18, %f20, %f16 - faligndata %f20, %f22, %f18 - faligndata %f22, %f24, %f20 - faligndata %f24, %f26, %f22 - - .word 0x81b02840 ! SHA256 - - bne,pt SIZE_T_CC, .Lhwunaligned_loop - for %f26, %f26, %f10 ! %f10=%f26 - - ba .Lhwfinish - nop -___ -$code.=<<___; -.align 16 -.Lsoftware: - save %sp,-STACK_FRAME-$locals,%sp - and $inp,`$align-1`,$tmp31 - sllx $len,`log(16*$SZ)/log(2)`,$len - andn $inp,`$align-1`,$inp - sll $tmp31,3,$tmp31 - add $inp,$len,$len -___ -$code.=<<___ if ($SZ==8); # SHA512 - mov 32,$tmp32 - sub $tmp32,$tmp31,$tmp32 -___ -$code.=<<___; -.Lpic: call .+8 - add %o7,K${label}-.Lpic,$Ktbl - - $LD [$ctx+`0*$SZ`],$A - $LD [$ctx+`1*$SZ`],$B - $LD [$ctx+`2*$SZ`],$C - $LD [$ctx+`3*$SZ`],$D - $LD [$ctx+`4*$SZ`],$E - $LD [$ctx+`5*$SZ`],$F - $LD [$ctx+`6*$SZ`],$G - $LD [$ctx+`7*$SZ`],$H - -.Lloop: -___ -for ($i=0;$i<16;$i++) { &BODY_00_15($i,@V); unshift(@V,pop(@V)); } -$code.=".L16_xx:\n"; -for (;$i<32;$i++) { &$BODY_16_XX($i,@V); unshift(@V,pop(@V)); } -$code.=<<___; - and $tmp2,0xfff,$tmp2 - cmp $tmp2,$lastK - bne .L16_xx - add $Ktbl,`16*$SZ`,$Ktbl ! Ktbl+=16 - -___ -$code.=<<___ if ($SZ==4); # SHA256 - $LD [$ctx+`0*$SZ`],@X[0] - $LD [$ctx+`1*$SZ`],@X[1] - $LD [$ctx+`2*$SZ`],@X[2] - $LD [$ctx+`3*$SZ`],@X[3] - $LD [$ctx+`4*$SZ`],@X[4] - $LD [$ctx+`5*$SZ`],@X[5] - $LD [$ctx+`6*$SZ`],@X[6] - $LD [$ctx+`7*$SZ`],@X[7] - - add $A,@X[0],$A - $ST $A,[$ctx+`0*$SZ`] - add $B,@X[1],$B - $ST $B,[$ctx+`1*$SZ`] - add $C,@X[2],$C - $ST $C,[$ctx+`2*$SZ`] - add $D,@X[3],$D - $ST $D,[$ctx+`3*$SZ`] - add $E,@X[4],$E - $ST $E,[$ctx+`4*$SZ`] - add $F,@X[5],$F - $ST $F,[$ctx+`5*$SZ`] - add $G,@X[6],$G - $ST $G,[$ctx+`6*$SZ`] - add $H,@X[7],$H - $ST $H,[$ctx+`7*$SZ`] -___ -$code.=<<___ if ($SZ==8); # SHA512 - ld [$ctx+`0*$SZ+0`],%l0 - ld [$ctx+`0*$SZ+4`],%l1 - ld [$ctx+`1*$SZ+0`],%l2 - ld [$ctx+`1*$SZ+4`],%l3 - ld [$ctx+`2*$SZ+0`],%l4 - ld [$ctx+`2*$SZ+4`],%l5 - ld [$ctx+`3*$SZ+0`],%l6 - - sllx %l0,32,$tmp0 - ld [$ctx+`3*$SZ+4`],%l7 - sllx %l2,32,$tmp1 - or %l1,$tmp0,$tmp0 - or %l3,$tmp1,$tmp1 - add $tmp0,$A,$A - add $tmp1,$B,$B - $ST $A,[$ctx+`0*$SZ`] - sllx %l4,32,$tmp2 - $ST $B,[$ctx+`1*$SZ`] - sllx %l6,32,$T1 - or %l5,$tmp2,$tmp2 - or %l7,$T1,$T1 - add $tmp2,$C,$C - $ST $C,[$ctx+`2*$SZ`] - add $T1,$D,$D - $ST $D,[$ctx+`3*$SZ`] - - ld [$ctx+`4*$SZ+0`],%l0 - ld [$ctx+`4*$SZ+4`],%l1 - ld [$ctx+`5*$SZ+0`],%l2 - ld [$ctx+`5*$SZ+4`],%l3 - ld [$ctx+`6*$SZ+0`],%l4 - ld [$ctx+`6*$SZ+4`],%l5 - ld [$ctx+`7*$SZ+0`],%l6 - - sllx %l0,32,$tmp0 - ld [$ctx+`7*$SZ+4`],%l7 - sllx %l2,32,$tmp1 - or %l1,$tmp0,$tmp0 - or %l3,$tmp1,$tmp1 - add $tmp0,$E,$E - add $tmp1,$F,$F - $ST $E,[$ctx+`4*$SZ`] - sllx %l4,32,$tmp2 - $ST $F,[$ctx+`5*$SZ`] - sllx %l6,32,$T1 - or %l5,$tmp2,$tmp2 - or %l7,$T1,$T1 - add $tmp2,$G,$G - $ST $G,[$ctx+`6*$SZ`] - add $T1,$H,$H - $ST $H,[$ctx+`7*$SZ`] -___ -$code.=<<___; - add $inp,`16*$SZ`,$inp ! advance inp - cmp $inp,$len - bne SIZE_T_CC,.Lloop - sub $Ktbl,`($rounds-16)*$SZ`,$Ktbl ! rewind Ktbl - - ret - restore -.type sha${label}_block_data_order,#function -.size sha${label}_block_data_order,(.-sha${label}_block_data_order) -.asciz "SHA${label} block transform for SPARCv9, CRYPTOGAMS by " -.align 4 -___ - -# Purpose of these subroutines is to explicitly encode VIS instructions, -# so that one can compile the module without having to specify VIS -# extensions on compiler command line, e.g. -xarch=v9 vs. -xarch=v9a. -# Idea is to reserve for option to produce "universal" binary and let -# programmer detect if current CPU is VIS capable at run-time. -sub unvis { -my ($mnemonic,$rs1,$rs2,$rd)=@_; -my $ref,$opf; -my %visopf = ( "faligndata" => 0x048, - "for" => 0x07c ); - - $ref = "$mnemonic\t$rs1,$rs2,$rd"; - - if ($opf=$visopf{$mnemonic}) { - foreach ($rs1,$rs2,$rd) { - return $ref if (!/%f([0-9]{1,2})/); - $_=$1; - if ($1>=32) { - return $ref if ($1&1); - # re-encode for upper double register addressing - $_=($1|$1>>5)&31; - } - } - - return sprintf ".word\t0x%08x !%s", - 0x81b00000|$rd<<25|$rs1<<14|$opf<<5|$rs2, - $ref; - } else { - return $ref; - } -} -sub unalignaddr { -my ($mnemonic,$rs1,$rs2,$rd)=@_; -my %bias = ( "g" => 0, "o" => 8, "l" => 16, "i" => 24 ); -my $ref="$mnemonic\t$rs1,$rs2,$rd"; - - foreach ($rs1,$rs2,$rd) { - if (/%([goli])([0-7])/) { $_=$bias{$1}+$2; } - else { return $ref; } - } - return sprintf ".word\t0x%08x !%s", - 0x81b00300|$rd<<25|$rs1<<14|$rs2, - $ref; -} - -foreach (split("\n",$code)) { - s/\`([^\`]*)\`/eval $1/ge; - - s/\b(f[^\s]*)\s+(%f[0-9]{1,2}),\s*(%f[0-9]{1,2}),\s*(%f[0-9]{1,2})/ - &unvis($1,$2,$3,$4) - /ge; - s/\b(alignaddr)\s+(%[goli][0-7]),\s*(%[goli][0-7]),\s*(%[goli][0-7])/ - &unalignaddr($1,$2,$3,$4) - /ge; - - print $_,"\n"; -} - -close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/sha/asm/sha512-x86_64.pl b/crypto/sha/asm/sha512-x86_64.pl deleted file mode 100755 index 1bd0256954b36344bb3d64722c1186e3d4628730..0000000000000000000000000000000000000000 --- a/crypto/sha/asm/sha512-x86_64.pl +++ /dev/null @@ -1,2560 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2005-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - -# -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. Rights for redistribution and usage in source and binary -# forms are granted according to the License. -# ==================================================================== -# -# sha256/512_block procedure for x86_64. -# -# 40% improvement over compiler-generated code on Opteron. On EM64T -# sha256 was observed to run >80% faster and sha512 - >40%. No magical -# tricks, just straight implementation... I really wonder why gcc -# [being armed with inline assembler] fails to generate as fast code. -# The only thing which is cool about this module is that it's very -# same instruction sequence used for both SHA-256 and SHA-512. In -# former case the instructions operate on 32-bit operands, while in -# latter - on 64-bit ones. All I had to do is to get one flavor right, -# the other one passed the test right away:-) -# -# sha256_block runs in ~1005 cycles on Opteron, which gives you -# asymptotic performance of 64*1000/1005=63.7MBps times CPU clock -# frequency in GHz. sha512_block runs in ~1275 cycles, which results -# in 128*1000/1275=100MBps per GHz. Is there room for improvement? -# Well, if you compare it to IA-64 implementation, which maintains -# X[16] in register bank[!], tends to 4 instructions per CPU clock -# cycle and runs in 1003 cycles, 1275 is very good result for 3-way -# issue Opteron pipeline and X[16] maintained in memory. So that *if* -# there is a way to improve it, *then* the only way would be to try to -# offload X[16] updates to SSE unit, but that would require "deeper" -# loop unroll, which in turn would naturally cause size blow-up, not -# to mention increased complexity! And once again, only *if* it's -# actually possible to noticeably improve overall ILP, instruction -# level parallelism, on a given CPU implementation in this case. -# -# Special note on Intel EM64T. While Opteron CPU exhibits perfect -# performance ratio of 1.5 between 64- and 32-bit flavors [see above], -# [currently available] EM64T CPUs apparently are far from it. On the -# contrary, 64-bit version, sha512_block, is ~30% *slower* than 32-bit -# sha256_block:-( This is presumably because 64-bit shifts/rotates -# apparently are not atomic instructions, but implemented in microcode. -# -# May 2012. -# -# Optimization including one of Pavel Semjanov's ideas, alternative -# Maj, resulted in >=5% improvement on most CPUs, +20% SHA256 and -# unfortunately -2% SHA512 on P4 [which nobody should care about -# that much]. -# -# June 2012. -# -# Add SIMD code paths, see below for improvement coefficients. SSSE3 -# code path was not attempted for SHA512, because improvement is not -# estimated to be high enough, noticeably less than 9%, to justify -# the effort, not on pre-AVX processors. [Obviously with exclusion -# for VIA Nano, but it has SHA512 instruction that is faster and -# should be used instead.] For reference, corresponding estimated -# upper limit for improvement for SSSE3 SHA256 is 28%. The fact that -# higher coefficients are observed on VIA Nano and Bulldozer has more -# to do with specifics of their architecture [which is topic for -# separate discussion]. -# -# November 2012. -# -# Add AVX2 code path. Two consecutive input blocks are loaded to -# 256-bit %ymm registers, with data from first block to least -# significant 128-bit halves and data from second to most significant. -# The data is then processed with same SIMD instruction sequence as -# for AVX, but with %ymm as operands. Side effect is increased stack -# frame, 448 additional bytes in SHA256 and 1152 in SHA512, and 1.2KB -# code size increase. -# -# March 2014. -# -# Add support for Intel SHA Extensions. - -###################################################################### -# Current performance in cycles per processed byte (less is better): -# -# SHA256 SSSE3 AVX/XOP(*) SHA512 AVX/XOP(*) -# -# AMD K8 14.9 - - 9.57 - -# P4 17.3 - - 30.8 - -# Core 2 15.6 13.8(+13%) - 9.97 - -# Westmere 14.8 12.3(+19%) - 9.58 - -# Sandy Bridge 17.4 14.2(+23%) 11.6(+50%(**)) 11.2 8.10(+38%(**)) -# Ivy Bridge 12.6 10.5(+20%) 10.3(+22%) 8.17 7.22(+13%) -# Haswell 12.2 9.28(+31%) 7.80(+56%) 7.66 5.40(+42%) -# Skylake 11.4 9.03(+26%) 7.70(+48%) 7.25 5.20(+40%) -# Bulldozer 21.1 13.6(+54%) 13.6(+54%(***)) 13.5 8.58(+57%) -# Ryzen 11.0 9.02(+22%) 2.05(+440%) 7.05 5.67(+20%) -# VIA Nano 23.0 16.5(+39%) - 14.7 - -# Atom 23.0 18.9(+22%) - 14.7 - -# Silvermont 27.4 20.6(+33%) - 17.5 - -# Knights L 27.4 21.0(+30%) 19.6(+40%) 17.5 12.8(+37%) -# Goldmont 18.9 14.3(+32%) 4.16(+350%) 12.0 - -# -# (*) whichever best applicable, including SHAEXT; -# (**) switch from ror to shrd stands for fair share of improvement; -# (***) execution time is fully determined by remaining integer-only -# part, body_00_15; reducing the amount of SIMD instructions -# below certain limit makes no difference/sense; to conserve -# space SHA256 XOP code path is therefore omitted; - -# $output is the last argument if it looks like a file (it has an extension) -# $flavour is the first argument if it doesn't look like a file -$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; -$flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef; - -$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/); - -$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; -( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or -( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or -die "can't locate x86_64-xlate.pl"; - -if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1` - =~ /GNU assembler version ([2-9]\.[0-9]+)/) { - $avx = ($1>=2.19) + ($1>=2.22); -} - -if (!$avx && $win64 && ($flavour =~ /nasm/ || $ENV{ASM} =~ /nasm/) && - `nasm -v 2>&1` =~ /NASM version ([2-9]\.[0-9]+)/) { - $avx = ($1>=2.09) + ($1>=2.10); -} - -if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) && - `ml64 2>&1` =~ /Version ([0-9]+)\./) { - $avx = ($1>=10) + ($1>=11); -} - -if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:clang|LLVM) version|.*based on LLVM) ([0-9]+\.[0-9]+)/) { - $avx = ($2>=3.0) + ($2>3.0); -} - -$shaext=1; ### set to zero if compiling for 1.0.1 -$avx=1 if (!$shaext && $avx); - -open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"" - or die "can't call $xlate: $!"; -*STDOUT=*OUT; - -if ($output =~ /512/) { - $func="sha512_block_data_order"; - $TABLE="K512"; - $SZ=8; - @ROT=($A,$B,$C,$D,$E,$F,$G,$H)=("%rax","%rbx","%rcx","%rdx", - "%r8", "%r9", "%r10","%r11"); - ($T1,$a0,$a1,$a2,$a3)=("%r12","%r13","%r14","%r15","%rdi"); - @Sigma0=(28,34,39); - @Sigma1=(14,18,41); - @sigma0=(1, 8, 7); - @sigma1=(19,61, 6); - $rounds=80; -} else { - $func="sha256_block_data_order"; - $TABLE="K256"; - $SZ=4; - @ROT=($A,$B,$C,$D,$E,$F,$G,$H)=("%eax","%ebx","%ecx","%edx", - "%r8d","%r9d","%r10d","%r11d"); - ($T1,$a0,$a1,$a2,$a3)=("%r12d","%r13d","%r14d","%r15d","%edi"); - @Sigma0=( 2,13,22); - @Sigma1=( 6,11,25); - @sigma0=( 7,18, 3); - @sigma1=(17,19,10); - $rounds=64; -} - -$ctx="%rdi"; # 1st arg, zapped by $a3 -$inp="%rsi"; # 2nd arg -$Tbl="%rbp"; - -$_ctx="16*$SZ+0*8(%rsp)"; -$_inp="16*$SZ+1*8(%rsp)"; -$_end="16*$SZ+2*8(%rsp)"; -$_rsp="`16*$SZ+3*8`(%rsp)"; -$framesz="16*$SZ+4*8"; - - -sub ROUND_00_15() -{ my ($i,$a,$b,$c,$d,$e,$f,$g,$h) = @_; - my $STRIDE=$SZ; - $STRIDE += 16 if ($i%(16/$SZ)==(16/$SZ-1)); - -$code.=<<___; - ror \$`$Sigma1[2]-$Sigma1[1]`,$a0 - mov $f,$a2 - - xor $e,$a0 - ror \$`$Sigma0[2]-$Sigma0[1]`,$a1 - xor $g,$a2 # f^g - - mov $T1,`$SZ*($i&0xf)`(%rsp) - xor $a,$a1 - and $e,$a2 # (f^g)&e - - ror \$`$Sigma1[1]-$Sigma1[0]`,$a0 - add $h,$T1 # T1+=h - xor $g,$a2 # Ch(e,f,g)=((f^g)&e)^g - - ror \$`$Sigma0[1]-$Sigma0[0]`,$a1 - xor $e,$a0 - add $a2,$T1 # T1+=Ch(e,f,g) - - mov $a,$a2 - add ($Tbl),$T1 # T1+=K[round] - xor $a,$a1 - - xor $b,$a2 # a^b, b^c in next round - ror \$$Sigma1[0],$a0 # Sigma1(e) - mov $b,$h - - and $a2,$a3 - ror \$$Sigma0[0],$a1 # Sigma0(a) - add $a0,$T1 # T1+=Sigma1(e) - - xor $a3,$h # h=Maj(a,b,c)=Ch(a^b,c,b) - add $T1,$d # d+=T1 - add $T1,$h # h+=T1 - - lea $STRIDE($Tbl),$Tbl # round++ -___ -$code.=<<___ if ($i<15); - add $a1,$h # h+=Sigma0(a) -___ - ($a2,$a3) = ($a3,$a2); -} - -sub ROUND_16_XX() -{ my ($i,$a,$b,$c,$d,$e,$f,$g,$h) = @_; - -$code.=<<___; - mov `$SZ*(($i+1)&0xf)`(%rsp),$a0 - mov `$SZ*(($i+14)&0xf)`(%rsp),$a2 - - mov $a0,$T1 - ror \$`$sigma0[1]-$sigma0[0]`,$a0 - add $a1,$a # modulo-scheduled h+=Sigma0(a) - mov $a2,$a1 - ror \$`$sigma1[1]-$sigma1[0]`,$a2 - - xor $T1,$a0 - shr \$$sigma0[2],$T1 - ror \$$sigma0[0],$a0 - xor $a1,$a2 - shr \$$sigma1[2],$a1 - - ror \$$sigma1[0],$a2 - xor $a0,$T1 # sigma0(X[(i+1)&0xf]) - xor $a1,$a2 # sigma1(X[(i+14)&0xf]) - add `$SZ*(($i+9)&0xf)`(%rsp),$T1 - - add `$SZ*($i&0xf)`(%rsp),$T1 - mov $e,$a0 - add $a2,$T1 - mov $a,$a1 -___ - &ROUND_00_15(@_); -} - -$code=<<___; -.text - -.extern OPENSSL_ia32cap_P -.globl $func -.type $func,\@function,3 -.align 16 -$func: -.cfi_startproc -___ -$code.=<<___ if ($SZ==4 || $avx); - lea OPENSSL_ia32cap_P(%rip),%r11 - mov 0(%r11),%r9d - mov 4(%r11),%r10d - mov 8(%r11),%r11d -___ -$code.=<<___ if ($SZ==4 && $shaext); - test \$`1<<29`,%r11d # check for SHA - jnz _shaext_shortcut -___ -$code.=<<___ if ($avx && $SZ==8); - test \$`1<<11`,%r10d # check for XOP - jnz .Lxop_shortcut -___ -$code.=<<___ if ($avx>1); - and \$`1<<8|1<<5|1<<3`,%r11d # check for BMI2+AVX2+BMI1 - cmp \$`1<<8|1<<5|1<<3`,%r11d - je .Lavx2_shortcut -___ -$code.=<<___ if ($avx); - and \$`1<<30`,%r9d # mask "Intel CPU" bit - and \$`1<<28|1<<9`,%r10d # mask AVX and SSSE3 bits - or %r9d,%r10d - cmp \$`1<<28|1<<9|1<<30`,%r10d - je .Lavx_shortcut -___ -$code.=<<___ if ($SZ==4); - test \$`1<<9`,%r10d - jnz .Lssse3_shortcut -___ -$code.=<<___; - mov %rsp,%rax # copy %rsp -.cfi_def_cfa_register %rax - push %rbx -.cfi_push %rbx - push %rbp -.cfi_push %rbp - push %r12 -.cfi_push %r12 - push %r13 -.cfi_push %r13 - push %r14 -.cfi_push %r14 - push %r15 -.cfi_push %r15 - shl \$4,%rdx # num*16 - sub \$$framesz,%rsp - lea ($inp,%rdx,$SZ),%rdx # inp+num*16*$SZ - and \$-64,%rsp # align stack frame - mov $ctx,$_ctx # save ctx, 1st arg - mov $inp,$_inp # save inp, 2nd arh - mov %rdx,$_end # save end pointer, "3rd" arg - mov %rax,$_rsp # save copy of %rsp -.cfi_cfa_expression $_rsp,deref,+8 -.Lprologue: - - mov $SZ*0($ctx),$A - mov $SZ*1($ctx),$B - mov $SZ*2($ctx),$C - mov $SZ*3($ctx),$D - mov $SZ*4($ctx),$E - mov $SZ*5($ctx),$F - mov $SZ*6($ctx),$G - mov $SZ*7($ctx),$H - jmp .Lloop - -.align 16 -.Lloop: - mov $B,$a3 - lea $TABLE(%rip),$Tbl - xor $C,$a3 # magic -___ - for($i=0;$i<16;$i++) { - $code.=" mov $SZ*$i($inp),$T1\n"; - $code.=" mov @ROT[4],$a0\n"; - $code.=" mov @ROT[0],$a1\n"; - $code.=" bswap $T1\n"; - &ROUND_00_15($i,@ROT); - unshift(@ROT,pop(@ROT)); - } -$code.=<<___; - jmp .Lrounds_16_xx -.align 16 -.Lrounds_16_xx: -___ - for(;$i<32;$i++) { - &ROUND_16_XX($i,@ROT); - unshift(@ROT,pop(@ROT)); - } - -$code.=<<___; - cmpb \$0,`$SZ-1`($Tbl) - jnz .Lrounds_16_xx - - mov $_ctx,$ctx - add $a1,$A # modulo-scheduled h+=Sigma0(a) - lea 16*$SZ($inp),$inp - - add $SZ*0($ctx),$A - add $SZ*1($ctx),$B - add $SZ*2($ctx),$C - add $SZ*3($ctx),$D - add $SZ*4($ctx),$E - add $SZ*5($ctx),$F - add $SZ*6($ctx),$G - add $SZ*7($ctx),$H - - cmp $_end,$inp - - mov $A,$SZ*0($ctx) - mov $B,$SZ*1($ctx) - mov $C,$SZ*2($ctx) - mov $D,$SZ*3($ctx) - mov $E,$SZ*4($ctx) - mov $F,$SZ*5($ctx) - mov $G,$SZ*6($ctx) - mov $H,$SZ*7($ctx) - jb .Lloop - - mov $_rsp,%rsi -.cfi_def_cfa %rsi,8 - mov -48(%rsi),%r15 -.cfi_restore %r15 - mov -40(%rsi),%r14 -.cfi_restore %r14 - mov -32(%rsi),%r13 -.cfi_restore %r13 - mov -24(%rsi),%r12 -.cfi_restore %r12 - mov -16(%rsi),%rbp -.cfi_restore %rbp - mov -8(%rsi),%rbx -.cfi_restore %rbx - lea (%rsi),%rsp -.cfi_def_cfa_register %rsp -.Lepilogue: - ret -.cfi_endproc -.size $func,.-$func -___ - -if ($SZ==4) { -$code.=<<___; -.align 64 -.type $TABLE,\@object -$TABLE: - .long 0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5 - .long 0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5 - .long 0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5 - .long 0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5 - .long 0xd807aa98,0x12835b01,0x243185be,0x550c7dc3 - .long 0xd807aa98,0x12835b01,0x243185be,0x550c7dc3 - .long 0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174 - .long 0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174 - .long 0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc - .long 0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc - .long 0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da - .long 0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da - .long 0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7 - .long 0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7 - .long 0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967 - .long 0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967 - .long 0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13 - .long 0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13 - .long 0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85 - .long 0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85 - .long 0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3 - .long 0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3 - .long 0xd192e819,0xd6990624,0xf40e3585,0x106aa070 - .long 0xd192e819,0xd6990624,0xf40e3585,0x106aa070 - .long 0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5 - .long 0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5 - .long 0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3 - .long 0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3 - .long 0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208 - .long 0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208 - .long 0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2 - .long 0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2 - - .long 0x00010203,0x04050607,0x08090a0b,0x0c0d0e0f - .long 0x00010203,0x04050607,0x08090a0b,0x0c0d0e0f - .long 0x03020100,0x0b0a0908,0xffffffff,0xffffffff - .long 0x03020100,0x0b0a0908,0xffffffff,0xffffffff - .long 0xffffffff,0xffffffff,0x03020100,0x0b0a0908 - .long 0xffffffff,0xffffffff,0x03020100,0x0b0a0908 - .asciz "SHA256 block transform for x86_64, CRYPTOGAMS by " -___ -} else { -$code.=<<___; -.align 64 -.type $TABLE,\@object -$TABLE: - .quad 0x428a2f98d728ae22,0x7137449123ef65cd - .quad 0x428a2f98d728ae22,0x7137449123ef65cd - .quad 0xb5c0fbcfec4d3b2f,0xe9b5dba58189dbbc - .quad 0xb5c0fbcfec4d3b2f,0xe9b5dba58189dbbc - .quad 0x3956c25bf348b538,0x59f111f1b605d019 - .quad 0x3956c25bf348b538,0x59f111f1b605d019 - .quad 0x923f82a4af194f9b,0xab1c5ed5da6d8118 - .quad 0x923f82a4af194f9b,0xab1c5ed5da6d8118 - .quad 0xd807aa98a3030242,0x12835b0145706fbe - .quad 0xd807aa98a3030242,0x12835b0145706fbe - .quad 0x243185be4ee4b28c,0x550c7dc3d5ffb4e2 - .quad 0x243185be4ee4b28c,0x550c7dc3d5ffb4e2 - .quad 0x72be5d74f27b896f,0x80deb1fe3b1696b1 - .quad 0x72be5d74f27b896f,0x80deb1fe3b1696b1 - .quad 0x9bdc06a725c71235,0xc19bf174cf692694 - .quad 0x9bdc06a725c71235,0xc19bf174cf692694 - .quad 0xe49b69c19ef14ad2,0xefbe4786384f25e3 - .quad 0xe49b69c19ef14ad2,0xefbe4786384f25e3 - .quad 0x0fc19dc68b8cd5b5,0x240ca1cc77ac9c65 - .quad 0x0fc19dc68b8cd5b5,0x240ca1cc77ac9c65 - .quad 0x2de92c6f592b0275,0x4a7484aa6ea6e483 - .quad 0x2de92c6f592b0275,0x4a7484aa6ea6e483 - .quad 0x5cb0a9dcbd41fbd4,0x76f988da831153b5 - .quad 0x5cb0a9dcbd41fbd4,0x76f988da831153b5 - .quad 0x983e5152ee66dfab,0xa831c66d2db43210 - .quad 0x983e5152ee66dfab,0xa831c66d2db43210 - .quad 0xb00327c898fb213f,0xbf597fc7beef0ee4 - .quad 0xb00327c898fb213f,0xbf597fc7beef0ee4 - .quad 0xc6e00bf33da88fc2,0xd5a79147930aa725 - .quad 0xc6e00bf33da88fc2,0xd5a79147930aa725 - .quad 0x06ca6351e003826f,0x142929670a0e6e70 - .quad 0x06ca6351e003826f,0x142929670a0e6e70 - .quad 0x27b70a8546d22ffc,0x2e1b21385c26c926 - .quad 0x27b70a8546d22ffc,0x2e1b21385c26c926 - .quad 0x4d2c6dfc5ac42aed,0x53380d139d95b3df - .quad 0x4d2c6dfc5ac42aed,0x53380d139d95b3df - .quad 0x650a73548baf63de,0x766a0abb3c77b2a8 - .quad 0x650a73548baf63de,0x766a0abb3c77b2a8 - .quad 0x81c2c92e47edaee6,0x92722c851482353b - .quad 0x81c2c92e47edaee6,0x92722c851482353b - .quad 0xa2bfe8a14cf10364,0xa81a664bbc423001 - .quad 0xa2bfe8a14cf10364,0xa81a664bbc423001 - .quad 0xc24b8b70d0f89791,0xc76c51a30654be30 - .quad 0xc24b8b70d0f89791,0xc76c51a30654be30 - .quad 0xd192e819d6ef5218,0xd69906245565a910 - .quad 0xd192e819d6ef5218,0xd69906245565a910 - .quad 0xf40e35855771202a,0x106aa07032bbd1b8 - .quad 0xf40e35855771202a,0x106aa07032bbd1b8 - .quad 0x19a4c116b8d2d0c8,0x1e376c085141ab53 - .quad 0x19a4c116b8d2d0c8,0x1e376c085141ab53 - .quad 0x2748774cdf8eeb99,0x34b0bcb5e19b48a8 - .quad 0x2748774cdf8eeb99,0x34b0bcb5e19b48a8 - .quad 0x391c0cb3c5c95a63,0x4ed8aa4ae3418acb - .quad 0x391c0cb3c5c95a63,0x4ed8aa4ae3418acb - .quad 0x5b9cca4f7763e373,0x682e6ff3d6b2b8a3 - .quad 0x5b9cca4f7763e373,0x682e6ff3d6b2b8a3 - .quad 0x748f82ee5defb2fc,0x78a5636f43172f60 - .quad 0x748f82ee5defb2fc,0x78a5636f43172f60 - .quad 0x84c87814a1f0ab72,0x8cc702081a6439ec - .quad 0x84c87814a1f0ab72,0x8cc702081a6439ec - .quad 0x90befffa23631e28,0xa4506cebde82bde9 - .quad 0x90befffa23631e28,0xa4506cebde82bde9 - .quad 0xbef9a3f7b2c67915,0xc67178f2e372532b - .quad 0xbef9a3f7b2c67915,0xc67178f2e372532b - .quad 0xca273eceea26619c,0xd186b8c721c0c207 - .quad 0xca273eceea26619c,0xd186b8c721c0c207 - .quad 0xeada7dd6cde0eb1e,0xf57d4f7fee6ed178 - .quad 0xeada7dd6cde0eb1e,0xf57d4f7fee6ed178 - .quad 0x06f067aa72176fba,0x0a637dc5a2c898a6 - .quad 0x06f067aa72176fba,0x0a637dc5a2c898a6 - .quad 0x113f9804bef90dae,0x1b710b35131c471b - .quad 0x113f9804bef90dae,0x1b710b35131c471b - .quad 0x28db77f523047d84,0x32caab7b40c72493 - .quad 0x28db77f523047d84,0x32caab7b40c72493 - .quad 0x3c9ebe0a15c9bebc,0x431d67c49c100d4c - .quad 0x3c9ebe0a15c9bebc,0x431d67c49c100d4c - .quad 0x4cc5d4becb3e42b6,0x597f299cfc657e2a - .quad 0x4cc5d4becb3e42b6,0x597f299cfc657e2a - .quad 0x5fcb6fab3ad6faec,0x6c44198c4a475817 - .quad 0x5fcb6fab3ad6faec,0x6c44198c4a475817 - - .quad 0x0001020304050607,0x08090a0b0c0d0e0f - .quad 0x0001020304050607,0x08090a0b0c0d0e0f - .asciz "SHA512 block transform for x86_64, CRYPTOGAMS by " -___ -} - -###################################################################### -# SIMD code paths -# -if ($SZ==4 && $shaext) {{{ -###################################################################### -# Intel SHA Extensions implementation of SHA256 update function. -# -my ($ctx,$inp,$num,$Tbl)=("%rdi","%rsi","%rdx","%rcx"); - -my ($Wi,$ABEF,$CDGH,$TMP,$BSWAP,$ABEF_SAVE,$CDGH_SAVE)=map("%xmm$_",(0..2,7..10)); -my @MSG=map("%xmm$_",(3..6)); - -$code.=<<___; -.type sha256_block_data_order_shaext,\@function,3 -.align 64 -sha256_block_data_order_shaext: -_shaext_shortcut: -.cfi_startproc -___ -$code.=<<___ if ($win64); - lea `-8-5*16`(%rsp),%rsp - movaps %xmm6,-8-5*16(%rax) - movaps %xmm7,-8-4*16(%rax) - movaps %xmm8,-8-3*16(%rax) - movaps %xmm9,-8-2*16(%rax) - movaps %xmm10,-8-1*16(%rax) -.Lprologue_shaext: -___ -$code.=<<___; - lea K256+0x80(%rip),$Tbl - movdqu ($ctx),$ABEF # DCBA - movdqu 16($ctx),$CDGH # HGFE - movdqa 0x200-0x80($Tbl),$TMP # byte swap mask - - pshufd \$0x1b,$ABEF,$Wi # ABCD - pshufd \$0xb1,$ABEF,$ABEF # CDAB - pshufd \$0x1b,$CDGH,$CDGH # EFGH - movdqa $TMP,$BSWAP # offload - palignr \$8,$CDGH,$ABEF # ABEF - punpcklqdq $Wi,$CDGH # CDGH - jmp .Loop_shaext - -.align 16 -.Loop_shaext: - movdqu ($inp),@MSG[0] - movdqu 0x10($inp),@MSG[1] - movdqu 0x20($inp),@MSG[2] - pshufb $TMP,@MSG[0] - movdqu 0x30($inp),@MSG[3] - - movdqa 0*32-0x80($Tbl),$Wi - paddd @MSG[0],$Wi - pshufb $TMP,@MSG[1] - movdqa $CDGH,$CDGH_SAVE # offload - sha256rnds2 $ABEF,$CDGH # 0-3 - pshufd \$0x0e,$Wi,$Wi - nop - movdqa $ABEF,$ABEF_SAVE # offload - sha256rnds2 $CDGH,$ABEF - - movdqa 1*32-0x80($Tbl),$Wi - paddd @MSG[1],$Wi - pshufb $TMP,@MSG[2] - sha256rnds2 $ABEF,$CDGH # 4-7 - pshufd \$0x0e,$Wi,$Wi - lea 0x40($inp),$inp - sha256msg1 @MSG[1],@MSG[0] - sha256rnds2 $CDGH,$ABEF - - movdqa 2*32-0x80($Tbl),$Wi - paddd @MSG[2],$Wi - pshufb $TMP,@MSG[3] - sha256rnds2 $ABEF,$CDGH # 8-11 - pshufd \$0x0e,$Wi,$Wi - movdqa @MSG[3],$TMP - palignr \$4,@MSG[2],$TMP - nop - paddd $TMP,@MSG[0] - sha256msg1 @MSG[2],@MSG[1] - sha256rnds2 $CDGH,$ABEF - - movdqa 3*32-0x80($Tbl),$Wi - paddd @MSG[3],$Wi - sha256msg2 @MSG[3],@MSG[0] - sha256rnds2 $ABEF,$CDGH # 12-15 - pshufd \$0x0e,$Wi,$Wi - movdqa @MSG[0],$TMP - palignr \$4,@MSG[3],$TMP - nop - paddd $TMP,@MSG[1] - sha256msg1 @MSG[3],@MSG[2] - sha256rnds2 $CDGH,$ABEF -___ -for($i=4;$i<16-3;$i++) { -$code.=<<___; - movdqa $i*32-0x80($Tbl),$Wi - paddd @MSG[0],$Wi - sha256msg2 @MSG[0],@MSG[1] - sha256rnds2 $ABEF,$CDGH # 16-19... - pshufd \$0x0e,$Wi,$Wi - movdqa @MSG[1],$TMP - palignr \$4,@MSG[0],$TMP - nop - paddd $TMP,@MSG[2] - sha256msg1 @MSG[0],@MSG[3] - sha256rnds2 $CDGH,$ABEF -___ - push(@MSG,shift(@MSG)); -} -$code.=<<___; - movdqa 13*32-0x80($Tbl),$Wi - paddd @MSG[0],$Wi - sha256msg2 @MSG[0],@MSG[1] - sha256rnds2 $ABEF,$CDGH # 52-55 - pshufd \$0x0e,$Wi,$Wi - movdqa @MSG[1],$TMP - palignr \$4,@MSG[0],$TMP - sha256rnds2 $CDGH,$ABEF - paddd $TMP,@MSG[2] - - movdqa 14*32-0x80($Tbl),$Wi - paddd @MSG[1],$Wi - sha256rnds2 $ABEF,$CDGH # 56-59 - pshufd \$0x0e,$Wi,$Wi - sha256msg2 @MSG[1],@MSG[2] - movdqa $BSWAP,$TMP - sha256rnds2 $CDGH,$ABEF - - movdqa 15*32-0x80($Tbl),$Wi - paddd @MSG[2],$Wi - nop - sha256rnds2 $ABEF,$CDGH # 60-63 - pshufd \$0x0e,$Wi,$Wi - dec $num - nop - sha256rnds2 $CDGH,$ABEF - - paddd $CDGH_SAVE,$CDGH - paddd $ABEF_SAVE,$ABEF - jnz .Loop_shaext - - pshufd \$0xb1,$CDGH,$CDGH # DCHG - pshufd \$0x1b,$ABEF,$TMP # FEBA - pshufd \$0xb1,$ABEF,$ABEF # BAFE - punpckhqdq $CDGH,$ABEF # DCBA - palignr \$8,$TMP,$CDGH # HGFE - - movdqu $ABEF,($ctx) - movdqu $CDGH,16($ctx) -___ -$code.=<<___ if ($win64); - movaps -8-5*16(%rax),%xmm6 - movaps -8-4*16(%rax),%xmm7 - movaps -8-3*16(%rax),%xmm8 - movaps -8-2*16(%rax),%xmm9 - movaps -8-1*16(%rax),%xmm10 - mov %rax,%rsp -.Lepilogue_shaext: -___ -$code.=<<___; - ret -.cfi_endproc -.size sha256_block_data_order_shaext,.-sha256_block_data_order_shaext -___ -}}} -{{{ - -my $a4=$T1; -my ($a,$b,$c,$d,$e,$f,$g,$h); - -sub AUTOLOAD() # thunk [simplified] 32-bit style perlasm -{ my $opcode = $AUTOLOAD; $opcode =~ s/.*:://; - my $arg = pop; - $arg = "\$$arg" if ($arg*1 eq $arg); - $code .= "\t$opcode\t".join(',',$arg,reverse @_)."\n"; -} - -sub body_00_15 () { - ( - '($a,$b,$c,$d,$e,$f,$g,$h)=@ROT;'. - - '&ror ($a0,$Sigma1[2]-$Sigma1[1])', - '&mov ($a,$a1)', - '&mov ($a4,$f)', - - '&ror ($a1,$Sigma0[2]-$Sigma0[1])', - '&xor ($a0,$e)', - '&xor ($a4,$g)', # f^g - - '&ror ($a0,$Sigma1[1]-$Sigma1[0])', - '&xor ($a1,$a)', - '&and ($a4,$e)', # (f^g)&e - - '&xor ($a0,$e)', - '&add ($h,$SZ*($i&15)."(%rsp)")', # h+=X[i]+K[i] - '&mov ($a2,$a)', - - '&xor ($a4,$g)', # Ch(e,f,g)=((f^g)&e)^g - '&ror ($a1,$Sigma0[1]-$Sigma0[0])', - '&xor ($a2,$b)', # a^b, b^c in next round - - '&add ($h,$a4)', # h+=Ch(e,f,g) - '&ror ($a0,$Sigma1[0])', # Sigma1(e) - '&and ($a3,$a2)', # (b^c)&(a^b) - - '&xor ($a1,$a)', - '&add ($h,$a0)', # h+=Sigma1(e) - '&xor ($a3,$b)', # Maj(a,b,c)=Ch(a^b,c,b) - - '&ror ($a1,$Sigma0[0])', # Sigma0(a) - '&add ($d,$h)', # d+=h - '&add ($h,$a3)', # h+=Maj(a,b,c) - - '&mov ($a0,$d)', - '&add ($a1,$h);'. # h+=Sigma0(a) - '($a2,$a3) = ($a3,$a2); unshift(@ROT,pop(@ROT)); $i++;' - ); -} - -###################################################################### -# SSSE3 code path -# -if ($SZ==4) { # SHA256 only -my @X = map("%xmm$_",(0..3)); -my ($t0,$t1,$t2,$t3, $t4,$t5) = map("%xmm$_",(4..9)); - -$code.=<<___; -.type ${func}_ssse3,\@function,3 -.align 64 -${func}_ssse3: -.cfi_startproc -.Lssse3_shortcut: - mov %rsp,%rax # copy %rsp -.cfi_def_cfa_register %rax - push %rbx -.cfi_push %rbx - push %rbp -.cfi_push %rbp - push %r12 -.cfi_push %r12 - push %r13 -.cfi_push %r13 - push %r14 -.cfi_push %r14 - push %r15 -.cfi_push %r15 - shl \$4,%rdx # num*16 - sub \$`$framesz+$win64*16*4`,%rsp - lea ($inp,%rdx,$SZ),%rdx # inp+num*16*$SZ - and \$-64,%rsp # align stack frame - mov $ctx,$_ctx # save ctx, 1st arg - mov $inp,$_inp # save inp, 2nd arh - mov %rdx,$_end # save end pointer, "3rd" arg - mov %rax,$_rsp # save copy of %rsp -.cfi_cfa_expression $_rsp,deref,+8 -___ -$code.=<<___ if ($win64); - movaps %xmm6,16*$SZ+32(%rsp) - movaps %xmm7,16*$SZ+48(%rsp) - movaps %xmm8,16*$SZ+64(%rsp) - movaps %xmm9,16*$SZ+80(%rsp) -___ -$code.=<<___; -.Lprologue_ssse3: - - mov $SZ*0($ctx),$A - mov $SZ*1($ctx),$B - mov $SZ*2($ctx),$C - mov $SZ*3($ctx),$D - mov $SZ*4($ctx),$E - mov $SZ*5($ctx),$F - mov $SZ*6($ctx),$G - mov $SZ*7($ctx),$H -___ - -$code.=<<___; - #movdqa $TABLE+`$SZ*2*$rounds`+32(%rip),$t4 - #movdqa $TABLE+`$SZ*2*$rounds`+64(%rip),$t5 - jmp .Lloop_ssse3 -.align 16 -.Lloop_ssse3: - movdqa $TABLE+`$SZ*2*$rounds`(%rip),$t3 - movdqu 0x00($inp),@X[0] - movdqu 0x10($inp),@X[1] - movdqu 0x20($inp),@X[2] - pshufb $t3,@X[0] - movdqu 0x30($inp),@X[3] - lea $TABLE(%rip),$Tbl - pshufb $t3,@X[1] - movdqa 0x00($Tbl),$t0 - movdqa 0x20($Tbl),$t1 - pshufb $t3,@X[2] - paddd @X[0],$t0 - movdqa 0x40($Tbl),$t2 - pshufb $t3,@X[3] - movdqa 0x60($Tbl),$t3 - paddd @X[1],$t1 - paddd @X[2],$t2 - paddd @X[3],$t3 - movdqa $t0,0x00(%rsp) - mov $A,$a1 - movdqa $t1,0x10(%rsp) - mov $B,$a3 - movdqa $t2,0x20(%rsp) - xor $C,$a3 # magic - movdqa $t3,0x30(%rsp) - mov $E,$a0 - jmp .Lssse3_00_47 - -.align 16 -.Lssse3_00_47: - sub \$`-16*2*$SZ`,$Tbl # size optimization -___ -sub Xupdate_256_SSSE3 () { - ( - '&movdqa ($t0,@X[1]);', - '&movdqa ($t3,@X[3])', - '&palignr ($t0,@X[0],$SZ)', # X[1..4] - '&palignr ($t3,@X[2],$SZ);', # X[9..12] - '&movdqa ($t1,$t0)', - '&movdqa ($t2,$t0);', - '&psrld ($t0,$sigma0[2])', - '&paddd (@X[0],$t3);', # X[0..3] += X[9..12] - '&psrld ($t2,$sigma0[0])', - '&pshufd ($t3,@X[3],0b11111010)',# X[14..15] - '&pslld ($t1,8*$SZ-$sigma0[1]);'. - '&pxor ($t0,$t2)', - '&psrld ($t2,$sigma0[1]-$sigma0[0]);'. - '&pxor ($t0,$t1)', - '&pslld ($t1,$sigma0[1]-$sigma0[0]);'. - '&pxor ($t0,$t2);', - '&movdqa ($t2,$t3)', - '&pxor ($t0,$t1);', # sigma0(X[1..4]) - '&psrld ($t3,$sigma1[2])', - '&paddd (@X[0],$t0);', # X[0..3] += sigma0(X[1..4]) - '&psrlq ($t2,$sigma1[0])', - '&pxor ($t3,$t2);', - '&psrlq ($t2,$sigma1[1]-$sigma1[0])', - '&pxor ($t3,$t2)', - '&pshufb ($t3,$t4)', # sigma1(X[14..15]) - '&paddd (@X[0],$t3)', # X[0..1] += sigma1(X[14..15]) - '&pshufd ($t3,@X[0],0b01010000)',# X[16..17] - '&movdqa ($t2,$t3);', - '&psrld ($t3,$sigma1[2])', - '&psrlq ($t2,$sigma1[0])', - '&pxor ($t3,$t2);', - '&psrlq ($t2,$sigma1[1]-$sigma1[0])', - '&pxor ($t3,$t2);', - '&movdqa ($t2,16*2*$j."($Tbl)")', - '&pshufb ($t3,$t5)', - '&paddd (@X[0],$t3)' # X[2..3] += sigma1(X[16..17]) - ); -} - -sub SSSE3_256_00_47 () { -my $j = shift; -my $body = shift; -my @X = @_; -my @insns = (&$body,&$body,&$body,&$body); # 104 instructions - - if (0) { - foreach (Xupdate_256_SSSE3()) { # 36 instructions - eval; - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - } - } else { # squeeze extra 4% on Westmere and 19% on Atom - eval(shift(@insns)); #@ - &movdqa ($t0,@X[1]); - eval(shift(@insns)); - eval(shift(@insns)); - &movdqa ($t3,@X[3]); - eval(shift(@insns)); #@ - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); #@ - eval(shift(@insns)); - &palignr ($t0,@X[0],$SZ); # X[1..4] - eval(shift(@insns)); - eval(shift(@insns)); - &palignr ($t3,@X[2],$SZ); # X[9..12] - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); #@ - &movdqa ($t1,$t0); - eval(shift(@insns)); - eval(shift(@insns)); - &movdqa ($t2,$t0); - eval(shift(@insns)); #@ - eval(shift(@insns)); - &psrld ($t0,$sigma0[2]); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - &paddd (@X[0],$t3); # X[0..3] += X[9..12] - eval(shift(@insns)); #@ - eval(shift(@insns)); - &psrld ($t2,$sigma0[0]); - eval(shift(@insns)); - eval(shift(@insns)); - &pshufd ($t3,@X[3],0b11111010); # X[4..15] - eval(shift(@insns)); - eval(shift(@insns)); #@ - &pslld ($t1,8*$SZ-$sigma0[1]); - eval(shift(@insns)); - eval(shift(@insns)); - &pxor ($t0,$t2); - eval(shift(@insns)); #@ - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); #@ - &psrld ($t2,$sigma0[1]-$sigma0[0]); - eval(shift(@insns)); - &pxor ($t0,$t1); - eval(shift(@insns)); - eval(shift(@insns)); - &pslld ($t1,$sigma0[1]-$sigma0[0]); - eval(shift(@insns)); - eval(shift(@insns)); - &pxor ($t0,$t2); - eval(shift(@insns)); - eval(shift(@insns)); #@ - &movdqa ($t2,$t3); - eval(shift(@insns)); - eval(shift(@insns)); - &pxor ($t0,$t1); # sigma0(X[1..4]) - eval(shift(@insns)); #@ - eval(shift(@insns)); - eval(shift(@insns)); - &psrld ($t3,$sigma1[2]); - eval(shift(@insns)); - eval(shift(@insns)); - &paddd (@X[0],$t0); # X[0..3] += sigma0(X[1..4]) - eval(shift(@insns)); #@ - eval(shift(@insns)); - &psrlq ($t2,$sigma1[0]); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - &pxor ($t3,$t2); - eval(shift(@insns)); #@ - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); #@ - &psrlq ($t2,$sigma1[1]-$sigma1[0]); - eval(shift(@insns)); - eval(shift(@insns)); - &pxor ($t3,$t2); - eval(shift(@insns)); #@ - eval(shift(@insns)); - eval(shift(@insns)); - #&pshufb ($t3,$t4); # sigma1(X[14..15]) - &pshufd ($t3,$t3,0b10000000); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - &psrldq ($t3,8); - eval(shift(@insns)); - eval(shift(@insns)); #@ - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); #@ - &paddd (@X[0],$t3); # X[0..1] += sigma1(X[14..15]) - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - &pshufd ($t3,@X[0],0b01010000); # X[16..17] - eval(shift(@insns)); - eval(shift(@insns)); #@ - eval(shift(@insns)); - &movdqa ($t2,$t3); - eval(shift(@insns)); - eval(shift(@insns)); - &psrld ($t3,$sigma1[2]); - eval(shift(@insns)); - eval(shift(@insns)); #@ - &psrlq ($t2,$sigma1[0]); - eval(shift(@insns)); - eval(shift(@insns)); - &pxor ($t3,$t2); - eval(shift(@insns)); #@ - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); #@ - eval(shift(@insns)); - &psrlq ($t2,$sigma1[1]-$sigma1[0]); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - &pxor ($t3,$t2); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); #@ - #&pshufb ($t3,$t5); - &pshufd ($t3,$t3,0b00001000); - eval(shift(@insns)); - eval(shift(@insns)); - &movdqa ($t2,16*2*$j."($Tbl)"); - eval(shift(@insns)); #@ - eval(shift(@insns)); - &pslldq ($t3,8); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - &paddd (@X[0],$t3); # X[2..3] += sigma1(X[16..17]) - eval(shift(@insns)); #@ - eval(shift(@insns)); - eval(shift(@insns)); - } - &paddd ($t2,@X[0]); - foreach (@insns) { eval; } # remaining instructions - &movdqa (16*$j."(%rsp)",$t2); -} - - for ($i=0,$j=0; $j<4; $j++) { - &SSSE3_256_00_47($j,\&body_00_15,@X); - push(@X,shift(@X)); # rotate(@X) - } - &cmpb ($SZ-1+16*2*$SZ."($Tbl)",0); - &jne (".Lssse3_00_47"); - - for ($i=0; $i<16; ) { - foreach(body_00_15()) { eval; } - } -$code.=<<___; - mov $_ctx,$ctx - mov $a1,$A - - add $SZ*0($ctx),$A - lea 16*$SZ($inp),$inp - add $SZ*1($ctx),$B - add $SZ*2($ctx),$C - add $SZ*3($ctx),$D - add $SZ*4($ctx),$E - add $SZ*5($ctx),$F - add $SZ*6($ctx),$G - add $SZ*7($ctx),$H - - cmp $_end,$inp - - mov $A,$SZ*0($ctx) - mov $B,$SZ*1($ctx) - mov $C,$SZ*2($ctx) - mov $D,$SZ*3($ctx) - mov $E,$SZ*4($ctx) - mov $F,$SZ*5($ctx) - mov $G,$SZ*6($ctx) - mov $H,$SZ*7($ctx) - jb .Lloop_ssse3 - - mov $_rsp,%rsi -.cfi_def_cfa %rsi,8 -___ -$code.=<<___ if ($win64); - movaps 16*$SZ+32(%rsp),%xmm6 - movaps 16*$SZ+48(%rsp),%xmm7 - movaps 16*$SZ+64(%rsp),%xmm8 - movaps 16*$SZ+80(%rsp),%xmm9 -___ -$code.=<<___; - mov -48(%rsi),%r15 -.cfi_restore %r15 - mov -40(%rsi),%r14 -.cfi_restore %r14 - mov -32(%rsi),%r13 -.cfi_restore %r13 - mov -24(%rsi),%r12 -.cfi_restore %r12 - mov -16(%rsi),%rbp -.cfi_restore %rbp - mov -8(%rsi),%rbx -.cfi_restore %rbx - lea (%rsi),%rsp -.cfi_def_cfa_register %rsp -.Lepilogue_ssse3: - ret -.cfi_endproc -.size ${func}_ssse3,.-${func}_ssse3 -___ -} - -if ($avx) {{ -###################################################################### -# XOP code path -# -if ($SZ==8) { # SHA512 only -$code.=<<___; -.type ${func}_xop,\@function,3 -.align 64 -${func}_xop: -.cfi_startproc -.Lxop_shortcut: - mov %rsp,%rax # copy %rsp -.cfi_def_cfa_register %rax - push %rbx -.cfi_push %rbx - push %rbp -.cfi_push %rbp - push %r12 -.cfi_push %r12 - push %r13 -.cfi_push %r13 - push %r14 -.cfi_push %r14 - push %r15 -.cfi_push %r15 - shl \$4,%rdx # num*16 - sub \$`$framesz+$win64*16*($SZ==4?4:6)`,%rsp - lea ($inp,%rdx,$SZ),%rdx # inp+num*16*$SZ - and \$-64,%rsp # align stack frame - mov $ctx,$_ctx # save ctx, 1st arg - mov $inp,$_inp # save inp, 2nd arh - mov %rdx,$_end # save end pointer, "3rd" arg - mov %rax,$_rsp # save copy of %rsp -.cfi_cfa_expression $_rsp,deref,+8 -___ -$code.=<<___ if ($win64); - movaps %xmm6,16*$SZ+32(%rsp) - movaps %xmm7,16*$SZ+48(%rsp) - movaps %xmm8,16*$SZ+64(%rsp) - movaps %xmm9,16*$SZ+80(%rsp) -___ -$code.=<<___ if ($win64 && $SZ>4); - movaps %xmm10,16*$SZ+96(%rsp) - movaps %xmm11,16*$SZ+112(%rsp) -___ -$code.=<<___; -.Lprologue_xop: - - vzeroupper - mov $SZ*0($ctx),$A - mov $SZ*1($ctx),$B - mov $SZ*2($ctx),$C - mov $SZ*3($ctx),$D - mov $SZ*4($ctx),$E - mov $SZ*5($ctx),$F - mov $SZ*6($ctx),$G - mov $SZ*7($ctx),$H - jmp .Lloop_xop -___ - if ($SZ==4) { # SHA256 - my @X = map("%xmm$_",(0..3)); - my ($t0,$t1,$t2,$t3) = map("%xmm$_",(4..7)); - -$code.=<<___; -.align 16 -.Lloop_xop: - vmovdqa $TABLE+`$SZ*2*$rounds`(%rip),$t3 - vmovdqu 0x00($inp),@X[0] - vmovdqu 0x10($inp),@X[1] - vmovdqu 0x20($inp),@X[2] - vmovdqu 0x30($inp),@X[3] - vpshufb $t3,@X[0],@X[0] - lea $TABLE(%rip),$Tbl - vpshufb $t3,@X[1],@X[1] - vpshufb $t3,@X[2],@X[2] - vpaddd 0x00($Tbl),@X[0],$t0 - vpshufb $t3,@X[3],@X[3] - vpaddd 0x20($Tbl),@X[1],$t1 - vpaddd 0x40($Tbl),@X[2],$t2 - vpaddd 0x60($Tbl),@X[3],$t3 - vmovdqa $t0,0x00(%rsp) - mov $A,$a1 - vmovdqa $t1,0x10(%rsp) - mov $B,$a3 - vmovdqa $t2,0x20(%rsp) - xor $C,$a3 # magic - vmovdqa $t3,0x30(%rsp) - mov $E,$a0 - jmp .Lxop_00_47 - -.align 16 -.Lxop_00_47: - sub \$`-16*2*$SZ`,$Tbl # size optimization -___ -sub XOP_256_00_47 () { -my $j = shift; -my $body = shift; -my @X = @_; -my @insns = (&$body,&$body,&$body,&$body); # 104 instructions - - &vpalignr ($t0,@X[1],@X[0],$SZ); # X[1..4] - eval(shift(@insns)); - eval(shift(@insns)); - &vpalignr ($t3,@X[3],@X[2],$SZ); # X[9..12] - eval(shift(@insns)); - eval(shift(@insns)); - &vprotd ($t1,$t0,8*$SZ-$sigma0[1]); - eval(shift(@insns)); - eval(shift(@insns)); - &vpsrld ($t0,$t0,$sigma0[2]); - eval(shift(@insns)); - eval(shift(@insns)); - &vpaddd (@X[0],@X[0],$t3); # X[0..3] += X[9..12] - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - &vprotd ($t2,$t1,$sigma0[1]-$sigma0[0]); - eval(shift(@insns)); - eval(shift(@insns)); - &vpxor ($t0,$t0,$t1); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - &vprotd ($t3,@X[3],8*$SZ-$sigma1[1]); - eval(shift(@insns)); - eval(shift(@insns)); - &vpxor ($t0,$t0,$t2); # sigma0(X[1..4]) - eval(shift(@insns)); - eval(shift(@insns)); - &vpsrld ($t2,@X[3],$sigma1[2]); - eval(shift(@insns)); - eval(shift(@insns)); - &vpaddd (@X[0],@X[0],$t0); # X[0..3] += sigma0(X[1..4]) - eval(shift(@insns)); - eval(shift(@insns)); - &vprotd ($t1,$t3,$sigma1[1]-$sigma1[0]); - eval(shift(@insns)); - eval(shift(@insns)); - &vpxor ($t3,$t3,$t2); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - &vpxor ($t3,$t3,$t1); # sigma1(X[14..15]) - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - &vpsrldq ($t3,$t3,8); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - &vpaddd (@X[0],@X[0],$t3); # X[0..1] += sigma1(X[14..15]) - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - &vprotd ($t3,@X[0],8*$SZ-$sigma1[1]); - eval(shift(@insns)); - eval(shift(@insns)); - &vpsrld ($t2,@X[0],$sigma1[2]); - eval(shift(@insns)); - eval(shift(@insns)); - &vprotd ($t1,$t3,$sigma1[1]-$sigma1[0]); - eval(shift(@insns)); - eval(shift(@insns)); - &vpxor ($t3,$t3,$t2); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - &vpxor ($t3,$t3,$t1); # sigma1(X[16..17]) - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - &vpslldq ($t3,$t3,8); # 22 instructions - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - &vpaddd (@X[0],@X[0],$t3); # X[2..3] += sigma1(X[16..17]) - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - &vpaddd ($t2,@X[0],16*2*$j."($Tbl)"); - foreach (@insns) { eval; } # remaining instructions - &vmovdqa (16*$j."(%rsp)",$t2); -} - - for ($i=0,$j=0; $j<4; $j++) { - &XOP_256_00_47($j,\&body_00_15,@X); - push(@X,shift(@X)); # rotate(@X) - } - &cmpb ($SZ-1+16*2*$SZ."($Tbl)",0); - &jne (".Lxop_00_47"); - - for ($i=0; $i<16; ) { - foreach(body_00_15()) { eval; } - } - - } else { # SHA512 - my @X = map("%xmm$_",(0..7)); - my ($t0,$t1,$t2,$t3) = map("%xmm$_",(8..11)); - -$code.=<<___; -.align 16 -.Lloop_xop: - vmovdqa $TABLE+`$SZ*2*$rounds`(%rip),$t3 - vmovdqu 0x00($inp),@X[0] - lea $TABLE+0x80(%rip),$Tbl # size optimization - vmovdqu 0x10($inp),@X[1] - vmovdqu 0x20($inp),@X[2] - vpshufb $t3,@X[0],@X[0] - vmovdqu 0x30($inp),@X[3] - vpshufb $t3,@X[1],@X[1] - vmovdqu 0x40($inp),@X[4] - vpshufb $t3,@X[2],@X[2] - vmovdqu 0x50($inp),@X[5] - vpshufb $t3,@X[3],@X[3] - vmovdqu 0x60($inp),@X[6] - vpshufb $t3,@X[4],@X[4] - vmovdqu 0x70($inp),@X[7] - vpshufb $t3,@X[5],@X[5] - vpaddq -0x80($Tbl),@X[0],$t0 - vpshufb $t3,@X[6],@X[6] - vpaddq -0x60($Tbl),@X[1],$t1 - vpshufb $t3,@X[7],@X[7] - vpaddq -0x40($Tbl),@X[2],$t2 - vpaddq -0x20($Tbl),@X[3],$t3 - vmovdqa $t0,0x00(%rsp) - vpaddq 0x00($Tbl),@X[4],$t0 - vmovdqa $t1,0x10(%rsp) - vpaddq 0x20($Tbl),@X[5],$t1 - vmovdqa $t2,0x20(%rsp) - vpaddq 0x40($Tbl),@X[6],$t2 - vmovdqa $t3,0x30(%rsp) - vpaddq 0x60($Tbl),@X[7],$t3 - vmovdqa $t0,0x40(%rsp) - mov $A,$a1 - vmovdqa $t1,0x50(%rsp) - mov $B,$a3 - vmovdqa $t2,0x60(%rsp) - xor $C,$a3 # magic - vmovdqa $t3,0x70(%rsp) - mov $E,$a0 - jmp .Lxop_00_47 - -.align 16 -.Lxop_00_47: - add \$`16*2*$SZ`,$Tbl -___ -sub XOP_512_00_47 () { -my $j = shift; -my $body = shift; -my @X = @_; -my @insns = (&$body,&$body); # 52 instructions - - &vpalignr ($t0,@X[1],@X[0],$SZ); # X[1..2] - eval(shift(@insns)); - eval(shift(@insns)); - &vpalignr ($t3,@X[5],@X[4],$SZ); # X[9..10] - eval(shift(@insns)); - eval(shift(@insns)); - &vprotq ($t1,$t0,8*$SZ-$sigma0[1]); - eval(shift(@insns)); - eval(shift(@insns)); - &vpsrlq ($t0,$t0,$sigma0[2]); - eval(shift(@insns)); - eval(shift(@insns)); - &vpaddq (@X[0],@X[0],$t3); # X[0..1] += X[9..10] - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - &vprotq ($t2,$t1,$sigma0[1]-$sigma0[0]); - eval(shift(@insns)); - eval(shift(@insns)); - &vpxor ($t0,$t0,$t1); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - &vprotq ($t3,@X[7],8*$SZ-$sigma1[1]); - eval(shift(@insns)); - eval(shift(@insns)); - &vpxor ($t0,$t0,$t2); # sigma0(X[1..2]) - eval(shift(@insns)); - eval(shift(@insns)); - &vpsrlq ($t2,@X[7],$sigma1[2]); - eval(shift(@insns)); - eval(shift(@insns)); - &vpaddq (@X[0],@X[0],$t0); # X[0..1] += sigma0(X[1..2]) - eval(shift(@insns)); - eval(shift(@insns)); - &vprotq ($t1,$t3,$sigma1[1]-$sigma1[0]); - eval(shift(@insns)); - eval(shift(@insns)); - &vpxor ($t3,$t3,$t2); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - &vpxor ($t3,$t3,$t1); # sigma1(X[14..15]) - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - &vpaddq (@X[0],@X[0],$t3); # X[0..1] += sigma1(X[14..15]) - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - &vpaddq ($t2,@X[0],16*2*$j-0x80."($Tbl)"); - foreach (@insns) { eval; } # remaining instructions - &vmovdqa (16*$j."(%rsp)",$t2); -} - - for ($i=0,$j=0; $j<8; $j++) { - &XOP_512_00_47($j,\&body_00_15,@X); - push(@X,shift(@X)); # rotate(@X) - } - &cmpb ($SZ-1+16*2*$SZ-0x80."($Tbl)",0); - &jne (".Lxop_00_47"); - - for ($i=0; $i<16; ) { - foreach(body_00_15()) { eval; } - } -} -$code.=<<___; - mov $_ctx,$ctx - mov $a1,$A - - add $SZ*0($ctx),$A - lea 16*$SZ($inp),$inp - add $SZ*1($ctx),$B - add $SZ*2($ctx),$C - add $SZ*3($ctx),$D - add $SZ*4($ctx),$E - add $SZ*5($ctx),$F - add $SZ*6($ctx),$G - add $SZ*7($ctx),$H - - cmp $_end,$inp - - mov $A,$SZ*0($ctx) - mov $B,$SZ*1($ctx) - mov $C,$SZ*2($ctx) - mov $D,$SZ*3($ctx) - mov $E,$SZ*4($ctx) - mov $F,$SZ*5($ctx) - mov $G,$SZ*6($ctx) - mov $H,$SZ*7($ctx) - jb .Lloop_xop - - mov $_rsp,%rsi -.cfi_def_cfa %rsi,8 - vzeroupper -___ -$code.=<<___ if ($win64); - movaps 16*$SZ+32(%rsp),%xmm6 - movaps 16*$SZ+48(%rsp),%xmm7 - movaps 16*$SZ+64(%rsp),%xmm8 - movaps 16*$SZ+80(%rsp),%xmm9 -___ -$code.=<<___ if ($win64 && $SZ>4); - movaps 16*$SZ+96(%rsp),%xmm10 - movaps 16*$SZ+112(%rsp),%xmm11 -___ -$code.=<<___; - mov -48(%rsi),%r15 -.cfi_restore %r15 - mov -40(%rsi),%r14 -.cfi_restore %r14 - mov -32(%rsi),%r13 -.cfi_restore %r13 - mov -24(%rsi),%r12 -.cfi_restore %r12 - mov -16(%rsi),%rbp -.cfi_restore %rbp - mov -8(%rsi),%rbx -.cfi_restore %rbx - lea (%rsi),%rsp -.cfi_def_cfa_register %rsp -.Lepilogue_xop: - ret -.cfi_endproc -.size ${func}_xop,.-${func}_xop -___ -} -###################################################################### -# AVX+shrd code path -# -local *ror = sub { &shrd(@_[0],@_) }; - -$code.=<<___; -.type ${func}_avx,\@function,3 -.align 64 -${func}_avx: -.cfi_startproc -.Lavx_shortcut: - mov %rsp,%rax # copy %rsp -.cfi_def_cfa_register %rax - push %rbx -.cfi_push %rbx - push %rbp -.cfi_push %rbp - push %r12 -.cfi_push %r12 - push %r13 -.cfi_push %r13 - push %r14 -.cfi_push %r14 - push %r15 -.cfi_push %r15 - shl \$4,%rdx # num*16 - sub \$`$framesz+$win64*16*($SZ==4?4:6)`,%rsp - lea ($inp,%rdx,$SZ),%rdx # inp+num*16*$SZ - and \$-64,%rsp # align stack frame - mov $ctx,$_ctx # save ctx, 1st arg - mov $inp,$_inp # save inp, 2nd arh - mov %rdx,$_end # save end pointer, "3rd" arg - mov %rax,$_rsp # save copy of %rsp -.cfi_cfa_expression $_rsp,deref,+8 -___ -$code.=<<___ if ($win64); - movaps %xmm6,16*$SZ+32(%rsp) - movaps %xmm7,16*$SZ+48(%rsp) - movaps %xmm8,16*$SZ+64(%rsp) - movaps %xmm9,16*$SZ+80(%rsp) -___ -$code.=<<___ if ($win64 && $SZ>4); - movaps %xmm10,16*$SZ+96(%rsp) - movaps %xmm11,16*$SZ+112(%rsp) -___ -$code.=<<___; -.Lprologue_avx: - - vzeroupper - mov $SZ*0($ctx),$A - mov $SZ*1($ctx),$B - mov $SZ*2($ctx),$C - mov $SZ*3($ctx),$D - mov $SZ*4($ctx),$E - mov $SZ*5($ctx),$F - mov $SZ*6($ctx),$G - mov $SZ*7($ctx),$H -___ - if ($SZ==4) { # SHA256 - my @X = map("%xmm$_",(0..3)); - my ($t0,$t1,$t2,$t3, $t4,$t5) = map("%xmm$_",(4..9)); - -$code.=<<___; - vmovdqa $TABLE+`$SZ*2*$rounds`+32(%rip),$t4 - vmovdqa $TABLE+`$SZ*2*$rounds`+64(%rip),$t5 - jmp .Lloop_avx -.align 16 -.Lloop_avx: - vmovdqa $TABLE+`$SZ*2*$rounds`(%rip),$t3 - vmovdqu 0x00($inp),@X[0] - vmovdqu 0x10($inp),@X[1] - vmovdqu 0x20($inp),@X[2] - vmovdqu 0x30($inp),@X[3] - vpshufb $t3,@X[0],@X[0] - lea $TABLE(%rip),$Tbl - vpshufb $t3,@X[1],@X[1] - vpshufb $t3,@X[2],@X[2] - vpaddd 0x00($Tbl),@X[0],$t0 - vpshufb $t3,@X[3],@X[3] - vpaddd 0x20($Tbl),@X[1],$t1 - vpaddd 0x40($Tbl),@X[2],$t2 - vpaddd 0x60($Tbl),@X[3],$t3 - vmovdqa $t0,0x00(%rsp) - mov $A,$a1 - vmovdqa $t1,0x10(%rsp) - mov $B,$a3 - vmovdqa $t2,0x20(%rsp) - xor $C,$a3 # magic - vmovdqa $t3,0x30(%rsp) - mov $E,$a0 - jmp .Lavx_00_47 - -.align 16 -.Lavx_00_47: - sub \$`-16*2*$SZ`,$Tbl # size optimization -___ -sub Xupdate_256_AVX () { - ( - '&vpalignr ($t0,@X[1],@X[0],$SZ)', # X[1..4] - '&vpalignr ($t3,@X[3],@X[2],$SZ)', # X[9..12] - '&vpsrld ($t2,$t0,$sigma0[0]);', - '&vpaddd (@X[0],@X[0],$t3)', # X[0..3] += X[9..12] - '&vpsrld ($t3,$t0,$sigma0[2])', - '&vpslld ($t1,$t0,8*$SZ-$sigma0[1]);', - '&vpxor ($t0,$t3,$t2)', - '&vpshufd ($t3,@X[3],0b11111010)',# X[14..15] - '&vpsrld ($t2,$t2,$sigma0[1]-$sigma0[0]);', - '&vpxor ($t0,$t0,$t1)', - '&vpslld ($t1,$t1,$sigma0[1]-$sigma0[0]);', - '&vpxor ($t0,$t0,$t2)', - '&vpsrld ($t2,$t3,$sigma1[2]);', - '&vpxor ($t0,$t0,$t1)', # sigma0(X[1..4]) - '&vpsrlq ($t3,$t3,$sigma1[0]);', - '&vpaddd (@X[0],@X[0],$t0)', # X[0..3] += sigma0(X[1..4]) - '&vpxor ($t2,$t2,$t3);', - '&vpsrlq ($t3,$t3,$sigma1[1]-$sigma1[0])', - '&vpxor ($t2,$t2,$t3)', - '&vpshufb ($t2,$t2,$t4)', # sigma1(X[14..15]) - '&vpaddd (@X[0],@X[0],$t2)', # X[0..1] += sigma1(X[14..15]) - '&vpshufd ($t3,@X[0],0b01010000)',# X[16..17] - '&vpsrld ($t2,$t3,$sigma1[2])', - '&vpsrlq ($t3,$t3,$sigma1[0])', - '&vpxor ($t2,$t2,$t3);', - '&vpsrlq ($t3,$t3,$sigma1[1]-$sigma1[0])', - '&vpxor ($t2,$t2,$t3)', - '&vpshufb ($t2,$t2,$t5)', - '&vpaddd (@X[0],@X[0],$t2)' # X[2..3] += sigma1(X[16..17]) - ); -} - -sub AVX_256_00_47 () { -my $j = shift; -my $body = shift; -my @X = @_; -my @insns = (&$body,&$body,&$body,&$body); # 104 instructions - - foreach (Xupdate_256_AVX()) { # 29 instructions - eval; - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - } - &vpaddd ($t2,@X[0],16*2*$j."($Tbl)"); - foreach (@insns) { eval; } # remaining instructions - &vmovdqa (16*$j."(%rsp)",$t2); -} - - for ($i=0,$j=0; $j<4; $j++) { - &AVX_256_00_47($j,\&body_00_15,@X); - push(@X,shift(@X)); # rotate(@X) - } - &cmpb ($SZ-1+16*2*$SZ."($Tbl)",0); - &jne (".Lavx_00_47"); - - for ($i=0; $i<16; ) { - foreach(body_00_15()) { eval; } - } - - } else { # SHA512 - my @X = map("%xmm$_",(0..7)); - my ($t0,$t1,$t2,$t3) = map("%xmm$_",(8..11)); - -$code.=<<___; - jmp .Lloop_avx -.align 16 -.Lloop_avx: - vmovdqa $TABLE+`$SZ*2*$rounds`(%rip),$t3 - vmovdqu 0x00($inp),@X[0] - lea $TABLE+0x80(%rip),$Tbl # size optimization - vmovdqu 0x10($inp),@X[1] - vmovdqu 0x20($inp),@X[2] - vpshufb $t3,@X[0],@X[0] - vmovdqu 0x30($inp),@X[3] - vpshufb $t3,@X[1],@X[1] - vmovdqu 0x40($inp),@X[4] - vpshufb $t3,@X[2],@X[2] - vmovdqu 0x50($inp),@X[5] - vpshufb $t3,@X[3],@X[3] - vmovdqu 0x60($inp),@X[6] - vpshufb $t3,@X[4],@X[4] - vmovdqu 0x70($inp),@X[7] - vpshufb $t3,@X[5],@X[5] - vpaddq -0x80($Tbl),@X[0],$t0 - vpshufb $t3,@X[6],@X[6] - vpaddq -0x60($Tbl),@X[1],$t1 - vpshufb $t3,@X[7],@X[7] - vpaddq -0x40($Tbl),@X[2],$t2 - vpaddq -0x20($Tbl),@X[3],$t3 - vmovdqa $t0,0x00(%rsp) - vpaddq 0x00($Tbl),@X[4],$t0 - vmovdqa $t1,0x10(%rsp) - vpaddq 0x20($Tbl),@X[5],$t1 - vmovdqa $t2,0x20(%rsp) - vpaddq 0x40($Tbl),@X[6],$t2 - vmovdqa $t3,0x30(%rsp) - vpaddq 0x60($Tbl),@X[7],$t3 - vmovdqa $t0,0x40(%rsp) - mov $A,$a1 - vmovdqa $t1,0x50(%rsp) - mov $B,$a3 - vmovdqa $t2,0x60(%rsp) - xor $C,$a3 # magic - vmovdqa $t3,0x70(%rsp) - mov $E,$a0 - jmp .Lavx_00_47 - -.align 16 -.Lavx_00_47: - add \$`16*2*$SZ`,$Tbl -___ -sub Xupdate_512_AVX () { - ( - '&vpalignr ($t0,@X[1],@X[0],$SZ)', # X[1..2] - '&vpalignr ($t3,@X[5],@X[4],$SZ)', # X[9..10] - '&vpsrlq ($t2,$t0,$sigma0[0])', - '&vpaddq (@X[0],@X[0],$t3);', # X[0..1] += X[9..10] - '&vpsrlq ($t3,$t0,$sigma0[2])', - '&vpsllq ($t1,$t0,8*$SZ-$sigma0[1]);', - '&vpxor ($t0,$t3,$t2)', - '&vpsrlq ($t2,$t2,$sigma0[1]-$sigma0[0]);', - '&vpxor ($t0,$t0,$t1)', - '&vpsllq ($t1,$t1,$sigma0[1]-$sigma0[0]);', - '&vpxor ($t0,$t0,$t2)', - '&vpsrlq ($t3,@X[7],$sigma1[2]);', - '&vpxor ($t0,$t0,$t1)', # sigma0(X[1..2]) - '&vpsllq ($t2,@X[7],8*$SZ-$sigma1[1]);', - '&vpaddq (@X[0],@X[0],$t0)', # X[0..1] += sigma0(X[1..2]) - '&vpsrlq ($t1,@X[7],$sigma1[0]);', - '&vpxor ($t3,$t3,$t2)', - '&vpsllq ($t2,$t2,$sigma1[1]-$sigma1[0]);', - '&vpxor ($t3,$t3,$t1)', - '&vpsrlq ($t1,$t1,$sigma1[1]-$sigma1[0]);', - '&vpxor ($t3,$t3,$t2)', - '&vpxor ($t3,$t3,$t1)', # sigma1(X[14..15]) - '&vpaddq (@X[0],@X[0],$t3)', # X[0..1] += sigma1(X[14..15]) - ); -} - -sub AVX_512_00_47 () { -my $j = shift; -my $body = shift; -my @X = @_; -my @insns = (&$body,&$body); # 52 instructions - - foreach (Xupdate_512_AVX()) { # 23 instructions - eval; - eval(shift(@insns)); - eval(shift(@insns)); - } - &vpaddq ($t2,@X[0],16*2*$j-0x80."($Tbl)"); - foreach (@insns) { eval; } # remaining instructions - &vmovdqa (16*$j."(%rsp)",$t2); -} - - for ($i=0,$j=0; $j<8; $j++) { - &AVX_512_00_47($j,\&body_00_15,@X); - push(@X,shift(@X)); # rotate(@X) - } - &cmpb ($SZ-1+16*2*$SZ-0x80."($Tbl)",0); - &jne (".Lavx_00_47"); - - for ($i=0; $i<16; ) { - foreach(body_00_15()) { eval; } - } -} -$code.=<<___; - mov $_ctx,$ctx - mov $a1,$A - - add $SZ*0($ctx),$A - lea 16*$SZ($inp),$inp - add $SZ*1($ctx),$B - add $SZ*2($ctx),$C - add $SZ*3($ctx),$D - add $SZ*4($ctx),$E - add $SZ*5($ctx),$F - add $SZ*6($ctx),$G - add $SZ*7($ctx),$H - - cmp $_end,$inp - - mov $A,$SZ*0($ctx) - mov $B,$SZ*1($ctx) - mov $C,$SZ*2($ctx) - mov $D,$SZ*3($ctx) - mov $E,$SZ*4($ctx) - mov $F,$SZ*5($ctx) - mov $G,$SZ*6($ctx) - mov $H,$SZ*7($ctx) - jb .Lloop_avx - - mov $_rsp,%rsi -.cfi_def_cfa %rsi,8 - vzeroupper -___ -$code.=<<___ if ($win64); - movaps 16*$SZ+32(%rsp),%xmm6 - movaps 16*$SZ+48(%rsp),%xmm7 - movaps 16*$SZ+64(%rsp),%xmm8 - movaps 16*$SZ+80(%rsp),%xmm9 -___ -$code.=<<___ if ($win64 && $SZ>4); - movaps 16*$SZ+96(%rsp),%xmm10 - movaps 16*$SZ+112(%rsp),%xmm11 -___ -$code.=<<___; - mov -48(%rsi),%r15 -.cfi_restore %r15 - mov -40(%rsi),%r14 -.cfi_restore %r14 - mov -32(%rsi),%r13 -.cfi_restore %r13 - mov -24(%rsi),%r12 -.cfi_restore %r12 - mov -16(%rsi),%rbp -.cfi_restore %rbp - mov -8(%rsi),%rbx -.cfi_restore %rbx - lea (%rsi),%rsp -.cfi_def_cfa_register %rsp -.Lepilogue_avx: - ret -.cfi_endproc -.size ${func}_avx,.-${func}_avx -___ - -if ($avx>1) {{ -###################################################################### -# AVX2+BMI code path -# -my $a5=$SZ==4?"%esi":"%rsi"; # zap $inp -my $PUSH8=8*2*$SZ; -use integer; - -sub bodyx_00_15 () { - # at start $a1 should be zero, $a3 - $b^$c and $a4 copy of $f - ( - '($a,$b,$c,$d,$e,$f,$g,$h)=@ROT;'. - - '&add ($h,(32*($i/(16/$SZ))+$SZ*($i%(16/$SZ)))%$PUSH8.$base)', # h+=X[i]+K[i] - '&and ($a4,$e)', # f&e - '&rorx ($a0,$e,$Sigma1[2])', - '&rorx ($a2,$e,$Sigma1[1])', - - '&lea ($a,"($a,$a1)")', # h+=Sigma0(a) from the past - '&lea ($h,"($h,$a4)")', - '&andn ($a4,$e,$g)', # ~e&g - '&xor ($a0,$a2)', - - '&rorx ($a1,$e,$Sigma1[0])', - '&lea ($h,"($h,$a4)")', # h+=Ch(e,f,g)=(e&f)+(~e&g) - '&xor ($a0,$a1)', # Sigma1(e) - '&mov ($a2,$a)', - - '&rorx ($a4,$a,$Sigma0[2])', - '&lea ($h,"($h,$a0)")', # h+=Sigma1(e) - '&xor ($a2,$b)', # a^b, b^c in next round - '&rorx ($a1,$a,$Sigma0[1])', - - '&rorx ($a0,$a,$Sigma0[0])', - '&lea ($d,"($d,$h)")', # d+=h - '&and ($a3,$a2)', # (b^c)&(a^b) - '&xor ($a1,$a4)', - - '&xor ($a3,$b)', # Maj(a,b,c)=Ch(a^b,c,b) - '&xor ($a1,$a0)', # Sigma0(a) - '&lea ($h,"($h,$a3)");'. # h+=Maj(a,b,c) - '&mov ($a4,$e)', # copy of f in future - - '($a2,$a3) = ($a3,$a2); unshift(@ROT,pop(@ROT)); $i++;' - ); - # and at the finish one has to $a+=$a1 -} - -$code.=<<___; -.type ${func}_avx2,\@function,3 -.align 64 -${func}_avx2: -.cfi_startproc -.Lavx2_shortcut: - mov %rsp,%rax # copy %rsp -.cfi_def_cfa_register %rax - push %rbx -.cfi_push %rbx - push %rbp -.cfi_push %rbp - push %r12 -.cfi_push %r12 - push %r13 -.cfi_push %r13 - push %r14 -.cfi_push %r14 - push %r15 -.cfi_push %r15 - sub \$`2*$SZ*$rounds+4*8+$win64*16*($SZ==4?4:6)`,%rsp - shl \$4,%rdx # num*16 - and \$-256*$SZ,%rsp # align stack frame - lea ($inp,%rdx,$SZ),%rdx # inp+num*16*$SZ - add \$`2*$SZ*($rounds-8)`,%rsp - mov $ctx,$_ctx # save ctx, 1st arg - mov $inp,$_inp # save inp, 2nd arh - mov %rdx,$_end # save end pointer, "3rd" arg - mov %rax,$_rsp # save copy of %rsp -.cfi_cfa_expression $_rsp,deref,+8 -___ -$code.=<<___ if ($win64); - movaps %xmm6,16*$SZ+32(%rsp) - movaps %xmm7,16*$SZ+48(%rsp) - movaps %xmm8,16*$SZ+64(%rsp) - movaps %xmm9,16*$SZ+80(%rsp) -___ -$code.=<<___ if ($win64 && $SZ>4); - movaps %xmm10,16*$SZ+96(%rsp) - movaps %xmm11,16*$SZ+112(%rsp) -___ -$code.=<<___; -.Lprologue_avx2: - - vzeroupper - sub \$-16*$SZ,$inp # inp++, size optimization - mov $SZ*0($ctx),$A - mov $inp,%r12 # borrow $T1 - mov $SZ*1($ctx),$B - cmp %rdx,$inp # $_end - mov $SZ*2($ctx),$C - cmove %rsp,%r12 # next block or random data - mov $SZ*3($ctx),$D - mov $SZ*4($ctx),$E - mov $SZ*5($ctx),$F - mov $SZ*6($ctx),$G - mov $SZ*7($ctx),$H -___ - if ($SZ==4) { # SHA256 - my @X = map("%ymm$_",(0..3)); - my ($t0,$t1,$t2,$t3, $t4,$t5) = map("%ymm$_",(4..9)); - -$code.=<<___; - vmovdqa $TABLE+`$SZ*2*$rounds`+32(%rip),$t4 - vmovdqa $TABLE+`$SZ*2*$rounds`+64(%rip),$t5 - jmp .Loop_avx2 -.align 16 -.Loop_avx2: - vmovdqa $TABLE+`$SZ*2*$rounds`(%rip),$t3 - vmovdqu -16*$SZ+0($inp),%xmm0 - vmovdqu -16*$SZ+16($inp),%xmm1 - vmovdqu -16*$SZ+32($inp),%xmm2 - vmovdqu -16*$SZ+48($inp),%xmm3 - #mov $inp,$_inp # offload $inp - vinserti128 \$1,(%r12),@X[0],@X[0] - vinserti128 \$1,16(%r12),@X[1],@X[1] - vpshufb $t3,@X[0],@X[0] - vinserti128 \$1,32(%r12),@X[2],@X[2] - vpshufb $t3,@X[1],@X[1] - vinserti128 \$1,48(%r12),@X[3],@X[3] - - lea $TABLE(%rip),$Tbl - vpshufb $t3,@X[2],@X[2] - vpaddd 0x00($Tbl),@X[0],$t0 - vpshufb $t3,@X[3],@X[3] - vpaddd 0x20($Tbl),@X[1],$t1 - vpaddd 0x40($Tbl),@X[2],$t2 - vpaddd 0x60($Tbl),@X[3],$t3 - vmovdqa $t0,0x00(%rsp) - xor $a1,$a1 - vmovdqa $t1,0x20(%rsp) -___ -$code.=<<___ if (!$win64); -# temporarily use %rdi as frame pointer - mov $_rsp,%rdi -.cfi_def_cfa %rdi,8 -___ -$code.=<<___; - lea -$PUSH8(%rsp),%rsp -___ -$code.=<<___ if (!$win64); -# the frame info is at $_rsp, but the stack is moving... -# so a second frame pointer is saved at -8(%rsp) -# that is in the red zone - mov %rdi,-8(%rsp) -.cfi_cfa_expression %rsp-8,deref,+8 -___ -$code.=<<___; - mov $B,$a3 - vmovdqa $t2,0x00(%rsp) - xor $C,$a3 # magic - vmovdqa $t3,0x20(%rsp) - mov $F,$a4 - sub \$-16*2*$SZ,$Tbl # size optimization - jmp .Lavx2_00_47 - -.align 16 -.Lavx2_00_47: -___ - -sub AVX2_256_00_47 () { -my $j = shift; -my $body = shift; -my @X = @_; -my @insns = (&$body,&$body,&$body,&$body); # 96 instructions -my $base = "+2*$PUSH8(%rsp)"; - - if (($j%2)==0) { - &lea ("%rsp","-$PUSH8(%rsp)"); -$code.=<<___ if (!$win64); -.cfi_cfa_expression %rsp+`$PUSH8-8`,deref,+8 -# copy secondary frame pointer to new location again at -8(%rsp) - pushq $PUSH8-8(%rsp) -.cfi_cfa_expression %rsp,deref,+8 - lea 8(%rsp),%rsp -.cfi_cfa_expression %rsp-8,deref,+8 -___ - } - - foreach (Xupdate_256_AVX()) { # 29 instructions - eval; - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - } - &vpaddd ($t2,@X[0],16*2*$j."($Tbl)"); - foreach (@insns) { eval; } # remaining instructions - &vmovdqa ((32*$j)%$PUSH8."(%rsp)",$t2); -} - - for ($i=0,$j=0; $j<4; $j++) { - &AVX2_256_00_47($j,\&bodyx_00_15,@X); - push(@X,shift(@X)); # rotate(@X) - } - &lea ($Tbl,16*2*$SZ."($Tbl)"); - &cmpb (($SZ-1)."($Tbl)",0); - &jne (".Lavx2_00_47"); - - for ($i=0; $i<16; ) { - my $base=$i<8?"+$PUSH8(%rsp)":"(%rsp)"; - foreach(bodyx_00_15()) { eval; } - } - } else { # SHA512 - my @X = map("%ymm$_",(0..7)); - my ($t0,$t1,$t2,$t3) = map("%ymm$_",(8..11)); - -$code.=<<___; - jmp .Loop_avx2 -.align 16 -.Loop_avx2: - vmovdqu -16*$SZ($inp),%xmm0 - vmovdqu -16*$SZ+16($inp),%xmm1 - vmovdqu -16*$SZ+32($inp),%xmm2 - lea $TABLE+0x80(%rip),$Tbl # size optimization - vmovdqu -16*$SZ+48($inp),%xmm3 - vmovdqu -16*$SZ+64($inp),%xmm4 - vmovdqu -16*$SZ+80($inp),%xmm5 - vmovdqu -16*$SZ+96($inp),%xmm6 - vmovdqu -16*$SZ+112($inp),%xmm7 - #mov $inp,$_inp # offload $inp - vmovdqa `$SZ*2*$rounds-0x80`($Tbl),$t2 - vinserti128 \$1,(%r12),@X[0],@X[0] - vinserti128 \$1,16(%r12),@X[1],@X[1] - vpshufb $t2,@X[0],@X[0] - vinserti128 \$1,32(%r12),@X[2],@X[2] - vpshufb $t2,@X[1],@X[1] - vinserti128 \$1,48(%r12),@X[3],@X[3] - vpshufb $t2,@X[2],@X[2] - vinserti128 \$1,64(%r12),@X[4],@X[4] - vpshufb $t2,@X[3],@X[3] - vinserti128 \$1,80(%r12),@X[5],@X[5] - vpshufb $t2,@X[4],@X[4] - vinserti128 \$1,96(%r12),@X[6],@X[6] - vpshufb $t2,@X[5],@X[5] - vinserti128 \$1,112(%r12),@X[7],@X[7] - - vpaddq -0x80($Tbl),@X[0],$t0 - vpshufb $t2,@X[6],@X[6] - vpaddq -0x60($Tbl),@X[1],$t1 - vpshufb $t2,@X[7],@X[7] - vpaddq -0x40($Tbl),@X[2],$t2 - vpaddq -0x20($Tbl),@X[3],$t3 - vmovdqa $t0,0x00(%rsp) - vpaddq 0x00($Tbl),@X[4],$t0 - vmovdqa $t1,0x20(%rsp) - vpaddq 0x20($Tbl),@X[5],$t1 - vmovdqa $t2,0x40(%rsp) - vpaddq 0x40($Tbl),@X[6],$t2 - vmovdqa $t3,0x60(%rsp) -___ -$code.=<<___ if (!$win64); -# temporarily use %rdi as frame pointer - mov $_rsp,%rdi -.cfi_def_cfa %rdi,8 -___ -$code.=<<___; - lea -$PUSH8(%rsp),%rsp -___ -$code.=<<___ if (!$win64); -# the frame info is at $_rsp, but the stack is moving... -# so a second frame pointer is saved at -8(%rsp) -# that is in the red zone - mov %rdi,-8(%rsp) -.cfi_cfa_expression %rsp-8,deref,+8 -___ -$code.=<<___; - vpaddq 0x60($Tbl),@X[7],$t3 - vmovdqa $t0,0x00(%rsp) - xor $a1,$a1 - vmovdqa $t1,0x20(%rsp) - mov $B,$a3 - vmovdqa $t2,0x40(%rsp) - xor $C,$a3 # magic - vmovdqa $t3,0x60(%rsp) - mov $F,$a4 - add \$16*2*$SZ,$Tbl - jmp .Lavx2_00_47 - -.align 16 -.Lavx2_00_47: -___ - -sub AVX2_512_00_47 () { -my $j = shift; -my $body = shift; -my @X = @_; -my @insns = (&$body,&$body); # 48 instructions -my $base = "+2*$PUSH8(%rsp)"; - - if (($j%4)==0) { - &lea ("%rsp","-$PUSH8(%rsp)"); -$code.=<<___ if (!$win64); -.cfi_cfa_expression %rsp+`$PUSH8-8`,deref,+8 -# copy secondary frame pointer to new location again at -8(%rsp) - pushq $PUSH8-8(%rsp) -.cfi_cfa_expression %rsp,deref,+8 - lea 8(%rsp),%rsp -.cfi_cfa_expression %rsp-8,deref,+8 -___ - } - - foreach (Xupdate_512_AVX()) { # 23 instructions - eval; - if ($_ !~ /\;$/) { - eval(shift(@insns)); - eval(shift(@insns)); - eval(shift(@insns)); - } - } - &vpaddq ($t2,@X[0],16*2*$j-0x80."($Tbl)"); - foreach (@insns) { eval; } # remaining instructions - &vmovdqa ((32*$j)%$PUSH8."(%rsp)",$t2); -} - - for ($i=0,$j=0; $j<8; $j++) { - &AVX2_512_00_47($j,\&bodyx_00_15,@X); - push(@X,shift(@X)); # rotate(@X) - } - &lea ($Tbl,16*2*$SZ."($Tbl)"); - &cmpb (($SZ-1-0x80)."($Tbl)",0); - &jne (".Lavx2_00_47"); - - for ($i=0; $i<16; ) { - my $base=$i<8?"+$PUSH8(%rsp)":"(%rsp)"; - foreach(bodyx_00_15()) { eval; } - } -} -$code.=<<___; - mov `2*$SZ*$rounds`(%rsp),$ctx # $_ctx - add $a1,$A - #mov `2*$SZ*$rounds+8`(%rsp),$inp # $_inp - lea `2*$SZ*($rounds-8)`(%rsp),$Tbl - - add $SZ*0($ctx),$A - add $SZ*1($ctx),$B - add $SZ*2($ctx),$C - add $SZ*3($ctx),$D - add $SZ*4($ctx),$E - add $SZ*5($ctx),$F - add $SZ*6($ctx),$G - add $SZ*7($ctx),$H - - mov $A,$SZ*0($ctx) - mov $B,$SZ*1($ctx) - mov $C,$SZ*2($ctx) - mov $D,$SZ*3($ctx) - mov $E,$SZ*4($ctx) - mov $F,$SZ*5($ctx) - mov $G,$SZ*6($ctx) - mov $H,$SZ*7($ctx) - - cmp `$PUSH8+2*8`($Tbl),$inp # $_end - je .Ldone_avx2 - - xor $a1,$a1 - mov $B,$a3 - xor $C,$a3 # magic - mov $F,$a4 - jmp .Lower_avx2 -.align 16 -.Lower_avx2: -___ - for ($i=0; $i<8; ) { - my $base="+16($Tbl)"; - foreach(bodyx_00_15()) { eval; } - } -$code.=<<___; - lea -$PUSH8($Tbl),$Tbl - cmp %rsp,$Tbl - jae .Lower_avx2 - - mov `2*$SZ*$rounds`(%rsp),$ctx # $_ctx - add $a1,$A - #mov `2*$SZ*$rounds+8`(%rsp),$inp # $_inp - lea `2*$SZ*($rounds-8)`(%rsp),%rsp -# restore frame pointer to original location at $_rsp -.cfi_cfa_expression $_rsp,deref,+8 - - add $SZ*0($ctx),$A - add $SZ*1($ctx),$B - add $SZ*2($ctx),$C - add $SZ*3($ctx),$D - add $SZ*4($ctx),$E - add $SZ*5($ctx),$F - lea `2*16*$SZ`($inp),$inp # inp+=2 - add $SZ*6($ctx),$G - mov $inp,%r12 - add $SZ*7($ctx),$H - cmp $_end,$inp - - mov $A,$SZ*0($ctx) - cmove %rsp,%r12 # next block or stale data - mov $B,$SZ*1($ctx) - mov $C,$SZ*2($ctx) - mov $D,$SZ*3($ctx) - mov $E,$SZ*4($ctx) - mov $F,$SZ*5($ctx) - mov $G,$SZ*6($ctx) - mov $H,$SZ*7($ctx) - - jbe .Loop_avx2 - lea (%rsp),$Tbl -# temporarily use $Tbl as index to $_rsp -# this avoids the need to save a secondary frame pointer at -8(%rsp) -.cfi_cfa_expression $Tbl+`16*$SZ+3*8`,deref,+8 - -.Ldone_avx2: - mov `16*$SZ+3*8`($Tbl),%rsi -.cfi_def_cfa %rsi,8 - vzeroupper -___ -$code.=<<___ if ($win64); - movaps 16*$SZ+32($Tbl),%xmm6 - movaps 16*$SZ+48($Tbl),%xmm7 - movaps 16*$SZ+64($Tbl),%xmm8 - movaps 16*$SZ+80($Tbl),%xmm9 -___ -$code.=<<___ if ($win64 && $SZ>4); - movaps 16*$SZ+96($Tbl),%xmm10 - movaps 16*$SZ+112($Tbl),%xmm11 -___ -$code.=<<___; - mov -48(%rsi),%r15 -.cfi_restore %r15 - mov -40(%rsi),%r14 -.cfi_restore %r14 - mov -32(%rsi),%r13 -.cfi_restore %r13 - mov -24(%rsi),%r12 -.cfi_restore %r12 - mov -16(%rsi),%rbp -.cfi_restore %rbp - mov -8(%rsi),%rbx -.cfi_restore %rbx - lea (%rsi),%rsp -.cfi_def_cfa_register %rsp -.Lepilogue_avx2: - ret -.cfi_endproc -.size ${func}_avx2,.-${func}_avx2 -___ -}} -}}}}} - -# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame, -# CONTEXT *context,DISPATCHER_CONTEXT *disp) -if ($win64) { -$rec="%rcx"; -$frame="%rdx"; -$context="%r8"; -$disp="%r9"; - -$code.=<<___; -.extern __imp_RtlVirtualUnwind -.type se_handler,\@abi-omnipotent -.align 16 -se_handler: - push %rsi - push %rdi - push %rbx - push %rbp - push %r12 - push %r13 - push %r14 - push %r15 - pushfq - sub \$64,%rsp - - mov 120($context),%rax # pull context->Rax - mov 248($context),%rbx # pull context->Rip - - mov 8($disp),%rsi # disp->ImageBase - mov 56($disp),%r11 # disp->HanderlData - - mov 0(%r11),%r10d # HandlerData[0] - lea (%rsi,%r10),%r10 # prologue label - cmp %r10,%rbx # context->RipRsp - - mov 4(%r11),%r10d # HandlerData[1] - lea (%rsi,%r10),%r10 # epilogue label - cmp %r10,%rbx # context->Rip>=epilogue label - jae .Lin_prologue -___ -$code.=<<___ if ($avx>1); - lea .Lavx2_shortcut(%rip),%r10 - cmp %r10,%rbx # context->RipRbx - mov %rbp,160($context) # restore context->Rbp - mov %r12,216($context) # restore context->R12 - mov %r13,224($context) # restore context->R13 - mov %r14,232($context) # restore context->R14 - mov %r15,240($context) # restore context->R15 - - lea .Lepilogue(%rip),%r10 - cmp %r10,%rbx - jb .Lin_prologue # non-AVX code - - lea 16*$SZ+4*8(%rsi),%rsi # Xmm6- save area - lea 512($context),%rdi # &context.Xmm6 - mov \$`$SZ==4?8:12`,%ecx - .long 0xa548f3fc # cld; rep movsq - -.Lin_prologue: - mov 8(%rax),%rdi - mov 16(%rax),%rsi - mov %rax,152($context) # restore context->Rsp - mov %rsi,168($context) # restore context->Rsi - mov %rdi,176($context) # restore context->Rdi - - mov 40($disp),%rdi # disp->ContextRecord - mov $context,%rsi # context - mov \$154,%ecx # sizeof(CONTEXT) - .long 0xa548f3fc # cld; rep movsq - - mov $disp,%rsi - xor %rcx,%rcx # arg1, UNW_FLAG_NHANDLER - mov 8(%rsi),%rdx # arg2, disp->ImageBase - mov 0(%rsi),%r8 # arg3, disp->ControlPc - mov 16(%rsi),%r9 # arg4, disp->FunctionEntry - mov 40(%rsi),%r10 # disp->ContextRecord - lea 56(%rsi),%r11 # &disp->HandlerData - lea 24(%rsi),%r12 # &disp->EstablisherFrame - mov %r10,32(%rsp) # arg5 - mov %r11,40(%rsp) # arg6 - mov %r12,48(%rsp) # arg7 - mov %rcx,56(%rsp) # arg8, (NULL) - call *__imp_RtlVirtualUnwind(%rip) - - mov \$1,%eax # ExceptionContinueSearch - add \$64,%rsp - popfq - pop %r15 - pop %r14 - pop %r13 - pop %r12 - pop %rbp - pop %rbx - pop %rdi - pop %rsi - ret -.size se_handler,.-se_handler -___ - -$code.=<<___ if ($SZ==4 && $shaext); -.type shaext_handler,\@abi-omnipotent -.align 16 -shaext_handler: - push %rsi - push %rdi - push %rbx - push %rbp - push %r12 - push %r13 - push %r14 - push %r15 - pushfq - sub \$64,%rsp - - mov 120($context),%rax # pull context->Rax - mov 248($context),%rbx # pull context->Rip - - lea .Lprologue_shaext(%rip),%r10 - cmp %r10,%rbx # context->Rip<.Lprologue - jb .Lin_prologue - - lea .Lepilogue_shaext(%rip),%r10 - cmp %r10,%rbx # context->Rip>=.Lepilogue - jae .Lin_prologue - - lea -8-5*16(%rax),%rsi - lea 512($context),%rdi # &context.Xmm6 - mov \$10,%ecx - .long 0xa548f3fc # cld; rep movsq - - jmp .Lin_prologue -.size shaext_handler,.-shaext_handler -___ - -$code.=<<___; -.section .pdata -.align 4 - .rva .LSEH_begin_$func - .rva .LSEH_end_$func - .rva .LSEH_info_$func -___ -$code.=<<___ if ($SZ==4 && $shaext); - .rva .LSEH_begin_${func}_shaext - .rva .LSEH_end_${func}_shaext - .rva .LSEH_info_${func}_shaext -___ -$code.=<<___ if ($SZ==4); - .rva .LSEH_begin_${func}_ssse3 - .rva .LSEH_end_${func}_ssse3 - .rva .LSEH_info_${func}_ssse3 -___ -$code.=<<___ if ($avx && $SZ==8); - .rva .LSEH_begin_${func}_xop - .rva .LSEH_end_${func}_xop - .rva .LSEH_info_${func}_xop -___ -$code.=<<___ if ($avx); - .rva .LSEH_begin_${func}_avx - .rva .LSEH_end_${func}_avx - .rva .LSEH_info_${func}_avx -___ -$code.=<<___ if ($avx>1); - .rva .LSEH_begin_${func}_avx2 - .rva .LSEH_end_${func}_avx2 - .rva .LSEH_info_${func}_avx2 -___ -$code.=<<___; -.section .xdata -.align 8 -.LSEH_info_$func: - .byte 9,0,0,0 - .rva se_handler - .rva .Lprologue,.Lepilogue # HandlerData[] -___ -$code.=<<___ if ($SZ==4 && $shaext); -.LSEH_info_${func}_shaext: - .byte 9,0,0,0 - .rva shaext_handler -___ -$code.=<<___ if ($SZ==4); -.LSEH_info_${func}_ssse3: - .byte 9,0,0,0 - .rva se_handler - .rva .Lprologue_ssse3,.Lepilogue_ssse3 # HandlerData[] -___ -$code.=<<___ if ($avx && $SZ==8); -.LSEH_info_${func}_xop: - .byte 9,0,0,0 - .rva se_handler - .rva .Lprologue_xop,.Lepilogue_xop # HandlerData[] -___ -$code.=<<___ if ($avx); -.LSEH_info_${func}_avx: - .byte 9,0,0,0 - .rva se_handler - .rva .Lprologue_avx,.Lepilogue_avx # HandlerData[] -___ -$code.=<<___ if ($avx>1); -.LSEH_info_${func}_avx2: - .byte 9,0,0,0 - .rva se_handler - .rva .Lprologue_avx2,.Lepilogue_avx2 # HandlerData[] -___ -} - -sub sha256op38 { - my $instr = shift; - my %opcodelet = ( - "sha256rnds2" => 0xcb, - "sha256msg1" => 0xcc, - "sha256msg2" => 0xcd ); - - if (defined($opcodelet{$instr}) && @_[0] =~ /%xmm([0-7]),\s*%xmm([0-7])/) { - my @opcode=(0x0f,0x38); - push @opcode,$opcodelet{$instr}; - push @opcode,0xc0|($1&7)|(($2&7)<<3); # ModR/M - return ".byte\t".join(',',@opcode); - } else { - return $instr."\t".@_[0]; - } -} - -foreach (split("\n",$code)) { - s/\`([^\`]*)\`/eval $1/geo; - - s/\b(sha256[^\s]*)\s+(.*)/sha256op38($1,$2)/geo; - - print $_,"\n"; -} -close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/sha/asm/sha512p8-ppc.pl b/crypto/sha/asm/sha512p8-ppc.pl deleted file mode 100755 index 97df14ef4ccd0547c5224b98c010753c74f0b44d..0000000000000000000000000000000000000000 --- a/crypto/sha/asm/sha512p8-ppc.pl +++ /dev/null @@ -1,423 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2014-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - - -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# ==================================================================== - -# SHA256/512 for PowerISA v2.07. -# -# Accurate performance measurements are problematic, because it's -# always virtualized setup with possibly throttled processor. -# Relative comparison is therefore more informative. This module is -# ~60% faster than integer-only sha512-ppc.pl. To anchor to something -# else, SHA256 is 24% slower than sha1-ppc.pl and 2.5x slower than -# hardware-assisted aes-128-cbc encrypt. SHA512 is 20% faster than -# sha1-ppc.pl and 1.6x slower than aes-128-cbc. Another interesting -# result is degree of computational resources' utilization. POWER8 is -# "massively multi-threaded chip" and difference between single- and -# maximum multi-process benchmark results tells that utilization is -# whooping 94%. For sha512-ppc.pl we get [not unimpressive] 84% and -# for sha1-ppc.pl - 73%. 100% means that multi-process result equals -# to single-process one, given that all threads end up on the same -# physical core. -# -###################################################################### -# Believed-to-be-accurate results in cycles per processed byte [on -# little-endian system]. Numbers in square brackets are for 64-bit -# build of sha512-ppc.pl, presented for reference. -# -# POWER8 POWER9 -# SHA256 9.7 [15.8] 11.2 [12.5] -# SHA512 6.1 [10.3] 7.0 [7.9] - -# $output is the last argument if it looks like a file (it has an extension) -# $flavour is the first argument if it doesn't look like a file -$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; -$flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef; - -if ($flavour =~ /64/) { - $SIZE_T=8; - $LRSAVE=2*$SIZE_T; - $STU="stdu"; - $POP="ld"; - $PUSH="std"; -} elsif ($flavour =~ /32/) { - $SIZE_T=4; - $LRSAVE=$SIZE_T; - $STU="stwu"; - $POP="lwz"; - $PUSH="stw"; -} else { die "nonsense $flavour"; } - -$LENDIAN=($flavour=~/le/); - -$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; -( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or -( $xlate="${dir}../../perlasm/ppc-xlate.pl" and -f $xlate) or -die "can't locate ppc-xlate.pl"; - -open STDOUT,"| $^X $xlate $flavour \"$output\"" - or die "can't call $xlate: $!"; - -if ($output =~ /512/) { - $bits=512; - $SZ=8; - $sz="d"; - $rounds=80; -} else { - $bits=256; - $SZ=4; - $sz="w"; - $rounds=64; -} - -$func="sha${bits}_block_p8"; -$LOCALS=8*$SIZE_T+8*16; -$FRAME=$LOCALS+9*16+6*$SIZE_T; - -$sp ="r1"; -$toc="r2"; -$ctx="r3"; -$inp="r4"; -$num="r5"; -$Tbl="r6"; -$idx="r7"; -$lrsave="r8"; -$offload="r11"; -$vrsave="r12"; -@I = ($x00,$x10,$x20,$x30,$x40,$x50,$x60,$x70) = (0,map("r$_",(10,26..31))); - -@V=($A,$B,$C,$D,$E,$F,$G,$H)=map("v$_",(0..7)); -@X=map("v$_",(8..19,24..27)); -($Ki,$Func,$Sigma,$lemask)=map("v$_",(28..31)); - -sub ROUND { -my ($i,$a,$b,$c,$d,$e,$f,$g,$h)=@_; -my $j=($i+1)%16; -my $k=($i+2)%8; - -$code.=<<___ if ($i<15 && ($i%(16/$SZ))==(16/$SZ-1)); - lvx_u @X[$i+1],0,$inp ; load X[i] in advance - addi $inp,$inp,16 -___ -$code.=<<___ if ($i<16 && ($i%(16/$SZ))); - vsldoi @X[$i],@X[$i-1],@X[$i-1],$SZ -___ -$code.=<<___ if ($LENDIAN && $i<16 && ($i%(16/$SZ))==0); - vperm @X[$i],@X[$i],@X[$i],$lemask -___ -$code.=<<___ if ($i>=15); - vshasigma${sz} $Sigma,@X[($j+1)%16],0,0 - vaddu${sz}m @X[$j],@X[$j],$Sigma - vshasigma${sz} $Sigma,@X[($j+14)%16],0,15 - vaddu${sz}m @X[$j],@X[$j],$Sigma - vaddu${sz}m @X[$j],@X[$j],@X[($j+9)%16] -___ -$code.=<<___; - vaddu${sz}m $h,$h,@X[$i%16] ; h+=X[i] - vsel $Func,$g,$f,$e ; Ch(e,f,g) - vaddu${sz}m $g,$g,$Ki ; future h+=K[i] - vaddu${sz}m $h,$h,$Func ; h+=Ch(e,f,g) - vshasigma${sz} $Sigma,$e,1,15 ; Sigma1(e) - vaddu${sz}m $h,$h,$Sigma ; h+=Sigma1(e) - vxor $Func,$a,$b - vsel $Func,$b,$c,$Func ; Maj(a,b,c) - vaddu${sz}m $d,$d,$h ; d+=h - vshasigma${sz} $Sigma,$a,1,0 ; Sigma0(a) - vaddu${sz}m $Sigma,$Sigma,$Func ; Sigma0(a)+Maj(a,b,c) - vaddu${sz}m $h,$h,$Sigma ; h+=Sigma0(a)+Maj(a,b,c) - lvx $Ki,@I[$k],$idx ; load next K[i] -___ -$code.=<<___ if ($k == 7); - addi $idx,$idx,0x80 -___ -} - -$code=<<___; -.machine "any" -.text - -.globl $func -.align 6 -$func: - $STU $sp,-$FRAME($sp) - mflr $lrsave - li r10,`$LOCALS+15` - li r11,`$LOCALS+31` - stvx v24,r10,$sp # ABI says so - addi r10,r10,32 - mfspr $vrsave,256 - stvx v25,r11,$sp - addi r11,r11,32 - stvx v26,r10,$sp - addi r10,r10,32 - stvx v27,r11,$sp - addi r11,r11,32 - stvx v28,r10,$sp - addi r10,r10,32 - stvx v29,r11,$sp - addi r11,r11,32 - stvx v30,r10,$sp - stvx v31,r11,$sp - li r11,-4096+255 # 0xfffff0ff - stw $vrsave,`$FRAME-6*$SIZE_T-4`($sp) # save vrsave - li $x10,0x10 - $PUSH r26,`$FRAME-6*$SIZE_T`($sp) - li $x20,0x20 - $PUSH r27,`$FRAME-5*$SIZE_T`($sp) - li $x30,0x30 - $PUSH r28,`$FRAME-4*$SIZE_T`($sp) - li $x40,0x40 - $PUSH r29,`$FRAME-3*$SIZE_T`($sp) - li $x50,0x50 - $PUSH r30,`$FRAME-2*$SIZE_T`($sp) - li $x60,0x60 - $PUSH r31,`$FRAME-1*$SIZE_T`($sp) - li $x70,0x70 - $PUSH $lrsave,`$FRAME+$LRSAVE`($sp) - mtspr 256,r11 - - bl LPICmeup - addi $offload,$sp,`8*$SIZE_T+15` -___ -$code.=<<___ if ($LENDIAN); - li $idx,8 - lvsl $lemask,0,$idx - vspltisb $Ki,0x0f - vxor $lemask,$lemask,$Ki -___ -$code.=<<___ if ($SZ==4); - lvx_4w $A,$x00,$ctx - lvx_4w $E,$x10,$ctx - vsldoi $B,$A,$A,4 # unpack - vsldoi $C,$A,$A,8 - vsldoi $D,$A,$A,12 - vsldoi $F,$E,$E,4 - vsldoi $G,$E,$E,8 - vsldoi $H,$E,$E,12 -___ -$code.=<<___ if ($SZ==8); - lvx_u $A,$x00,$ctx - lvx_u $C,$x10,$ctx - lvx_u $E,$x20,$ctx - vsldoi $B,$A,$A,8 # unpack - lvx_u $G,$x30,$ctx - vsldoi $D,$C,$C,8 - vsldoi $F,$E,$E,8 - vsldoi $H,$G,$G,8 -___ -$code.=<<___; - li r0,`($rounds-16)/16` # inner loop counter - b Loop -.align 5 -Loop: - lvx $Ki,$x00,$Tbl - lvx_u @X[0],0,$inp - addi $inp,$inp,16 - mr $idx,$Tbl # copy $Tbl - stvx $A,$x00,$offload # offload $A-$H - stvx $B,$x10,$offload - stvx $C,$x20,$offload - stvx $D,$x30,$offload - stvx $E,$x40,$offload - stvx $F,$x50,$offload - stvx $G,$x60,$offload - stvx $H,$x70,$offload - vaddu${sz}m $H,$H,$Ki # h+K[i] - lvx $Ki,$x10,$Tbl -___ -for ($i=0;$i<16;$i++) { &ROUND($i,@V); unshift(@V,pop(@V)); } -$code.=<<___; - mtctr r0 - b L16_xx -.align 5 -L16_xx: -___ -for (;$i<32;$i++) { &ROUND($i,@V); unshift(@V,pop(@V)); } -$code.=<<___; - bdnz L16_xx - - lvx @X[2],$x00,$offload - subic. $num,$num,1 - lvx @X[3],$x10,$offload - vaddu${sz}m $A,$A,@X[2] - lvx @X[4],$x20,$offload - vaddu${sz}m $B,$B,@X[3] - lvx @X[5],$x30,$offload - vaddu${sz}m $C,$C,@X[4] - lvx @X[6],$x40,$offload - vaddu${sz}m $D,$D,@X[5] - lvx @X[7],$x50,$offload - vaddu${sz}m $E,$E,@X[6] - lvx @X[8],$x60,$offload - vaddu${sz}m $F,$F,@X[7] - lvx @X[9],$x70,$offload - vaddu${sz}m $G,$G,@X[8] - vaddu${sz}m $H,$H,@X[9] - bne Loop -___ -$code.=<<___ if ($SZ==4); - lvx @X[0],$x20,$idx - vperm $A,$A,$B,$Ki # pack the answer - lvx @X[1],$x30,$idx - vperm $E,$E,$F,$Ki - vperm $A,$A,$C,@X[0] - vperm $E,$E,$G,@X[0] - vperm $A,$A,$D,@X[1] - vperm $E,$E,$H,@X[1] - stvx_4w $A,$x00,$ctx - stvx_4w $E,$x10,$ctx -___ -$code.=<<___ if ($SZ==8); - vperm $A,$A,$B,$Ki # pack the answer - vperm $C,$C,$D,$Ki - vperm $E,$E,$F,$Ki - vperm $G,$G,$H,$Ki - stvx_u $A,$x00,$ctx - stvx_u $C,$x10,$ctx - stvx_u $E,$x20,$ctx - stvx_u $G,$x30,$ctx -___ -$code.=<<___; - addi $offload,$sp,`$LOCALS+15` - mtlr $lrsave - mtspr 256,$vrsave - lvx v24,$x00,$offload # ABI says so - lvx v25,$x10,$offload - lvx v26,$x20,$offload - lvx v27,$x30,$offload - lvx v28,$x40,$offload - lvx v29,$x50,$offload - lvx v30,$x60,$offload - lvx v31,$x70,$offload - $POP r26,`$FRAME-6*$SIZE_T`($sp) - $POP r27,`$FRAME-5*$SIZE_T`($sp) - $POP r28,`$FRAME-4*$SIZE_T`($sp) - $POP r29,`$FRAME-3*$SIZE_T`($sp) - $POP r30,`$FRAME-2*$SIZE_T`($sp) - $POP r31,`$FRAME-1*$SIZE_T`($sp) - addi $sp,$sp,$FRAME - blr - .long 0 - .byte 0,12,4,1,0x80,6,3,0 - .long 0 -.size $func,.-$func -___ - -# Ugly hack here, because PPC assembler syntax seem to vary too -# much from platforms to platform... -$code.=<<___; -.align 6 -LPICmeup: - mflr r0 - bcl 20,31,\$+4 - mflr $Tbl ; vvvvvv "distance" between . and 1st data entry - addi $Tbl,$Tbl,`64-8` - mtlr r0 - blr - .long 0 - .byte 0,12,0x14,0,0,0,0,0 - .space `64-9*4` -___ - -if ($SZ==8) { - local *table = sub { - foreach(@_) { $code.=".quad $_,$_\n"; } - }; - table( - "0x428a2f98d728ae22","0x7137449123ef65cd", - "0xb5c0fbcfec4d3b2f","0xe9b5dba58189dbbc", - "0x3956c25bf348b538","0x59f111f1b605d019", - "0x923f82a4af194f9b","0xab1c5ed5da6d8118", - "0xd807aa98a3030242","0x12835b0145706fbe", - "0x243185be4ee4b28c","0x550c7dc3d5ffb4e2", - "0x72be5d74f27b896f","0x80deb1fe3b1696b1", - "0x9bdc06a725c71235","0xc19bf174cf692694", - "0xe49b69c19ef14ad2","0xefbe4786384f25e3", - "0x0fc19dc68b8cd5b5","0x240ca1cc77ac9c65", - "0x2de92c6f592b0275","0x4a7484aa6ea6e483", - "0x5cb0a9dcbd41fbd4","0x76f988da831153b5", - "0x983e5152ee66dfab","0xa831c66d2db43210", - "0xb00327c898fb213f","0xbf597fc7beef0ee4", - "0xc6e00bf33da88fc2","0xd5a79147930aa725", - "0x06ca6351e003826f","0x142929670a0e6e70", - "0x27b70a8546d22ffc","0x2e1b21385c26c926", - "0x4d2c6dfc5ac42aed","0x53380d139d95b3df", - "0x650a73548baf63de","0x766a0abb3c77b2a8", - "0x81c2c92e47edaee6","0x92722c851482353b", - "0xa2bfe8a14cf10364","0xa81a664bbc423001", - "0xc24b8b70d0f89791","0xc76c51a30654be30", - "0xd192e819d6ef5218","0xd69906245565a910", - "0xf40e35855771202a","0x106aa07032bbd1b8", - "0x19a4c116b8d2d0c8","0x1e376c085141ab53", - "0x2748774cdf8eeb99","0x34b0bcb5e19b48a8", - "0x391c0cb3c5c95a63","0x4ed8aa4ae3418acb", - "0x5b9cca4f7763e373","0x682e6ff3d6b2b8a3", - "0x748f82ee5defb2fc","0x78a5636f43172f60", - "0x84c87814a1f0ab72","0x8cc702081a6439ec", - "0x90befffa23631e28","0xa4506cebde82bde9", - "0xbef9a3f7b2c67915","0xc67178f2e372532b", - "0xca273eceea26619c","0xd186b8c721c0c207", - "0xeada7dd6cde0eb1e","0xf57d4f7fee6ed178", - "0x06f067aa72176fba","0x0a637dc5a2c898a6", - "0x113f9804bef90dae","0x1b710b35131c471b", - "0x28db77f523047d84","0x32caab7b40c72493", - "0x3c9ebe0a15c9bebc","0x431d67c49c100d4c", - "0x4cc5d4becb3e42b6","0x597f299cfc657e2a", - "0x5fcb6fab3ad6faec","0x6c44198c4a475817","0"); -$code.=<<___ if (!$LENDIAN); -.quad 0x0001020304050607,0x1011121314151617 -___ -$code.=<<___ if ($LENDIAN); # quad-swapped -.quad 0x1011121314151617,0x0001020304050607 -___ -} else { - local *table = sub { - foreach(@_) { $code.=".long $_,$_,$_,$_\n"; } - }; - table( - "0x428a2f98","0x71374491","0xb5c0fbcf","0xe9b5dba5", - "0x3956c25b","0x59f111f1","0x923f82a4","0xab1c5ed5", - "0xd807aa98","0x12835b01","0x243185be","0x550c7dc3", - "0x72be5d74","0x80deb1fe","0x9bdc06a7","0xc19bf174", - "0xe49b69c1","0xefbe4786","0x0fc19dc6","0x240ca1cc", - "0x2de92c6f","0x4a7484aa","0x5cb0a9dc","0x76f988da", - "0x983e5152","0xa831c66d","0xb00327c8","0xbf597fc7", - "0xc6e00bf3","0xd5a79147","0x06ca6351","0x14292967", - "0x27b70a85","0x2e1b2138","0x4d2c6dfc","0x53380d13", - "0x650a7354","0x766a0abb","0x81c2c92e","0x92722c85", - "0xa2bfe8a1","0xa81a664b","0xc24b8b70","0xc76c51a3", - "0xd192e819","0xd6990624","0xf40e3585","0x106aa070", - "0x19a4c116","0x1e376c08","0x2748774c","0x34b0bcb5", - "0x391c0cb3","0x4ed8aa4a","0x5b9cca4f","0x682e6ff3", - "0x748f82ee","0x78a5636f","0x84c87814","0x8cc70208", - "0x90befffa","0xa4506ceb","0xbef9a3f7","0xc67178f2","0"); -$code.=<<___ if (!$LENDIAN); -.long 0x00010203,0x10111213,0x10111213,0x10111213 -.long 0x00010203,0x04050607,0x10111213,0x10111213 -.long 0x00010203,0x04050607,0x08090a0b,0x10111213 -___ -$code.=<<___ if ($LENDIAN); # word-swapped -.long 0x10111213,0x10111213,0x10111213,0x00010203 -.long 0x10111213,0x10111213,0x04050607,0x00010203 -.long 0x10111213,0x08090a0b,0x04050607,0x00010203 -___ -} -$code.=<<___; -.asciz "SHA${bits} for PowerISA 2.07, CRYPTOGAMS by " -.align 2 -___ - -$code =~ s/\`([^\`]*)\`/eval $1/gem; -print $code; -close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/sha/build.info b/crypto/sha/build.info deleted file mode 100644 index d61f7de9b6bde8af4db7ce8aef8f2ce9d2665fed..0000000000000000000000000000000000000000 --- a/crypto/sha/build.info +++ /dev/null @@ -1,176 +0,0 @@ -LIBS=../../libcrypto - -$SHA1ASM= -IF[{- !$disabled{asm} -}] - $SHA1ASM_x86=sha1-586.S sha256-586.S sha512-586.S - $SHA1DEF_x86=SHA1_ASM SHA256_ASM SHA512_ASM - $SHA1ASM_x86_64=\ - sha1-x86_64.s sha256-x86_64.s sha512-x86_64.s sha1-mb-x86_64.s \ - sha256-mb-x86_64.s - $SHA1DEF_x86_64=SHA1_ASM SHA256_ASM SHA512_ASM - - $SHA1ASM_ia64=sha1-ia64.s sha256-ia64.s sha512-ia64.s - $SHA1DEF_ia64=SHA1_ASM SHA256_ASM SHA512_ASM - - $SHA1ASM_sparcv9=sha1-sparcv9.S sha256-sparcv9.S sha512-sparcv9.S - $SHA1DEF_sparcv9=SHA1_ASM SHA256_ASM SHA512_ASM - - $SHA1ASM_alpha=sha1-alpha.S - $SHA1DEF_alpha=SHA1_ASM - - $SHA1ASM_mips32=sha1-mips.S sha256-mips.S - $SHA1DEF_mips32=SHA1_ASM SHA256_ASM - $SHA1ASM_mips64=$SHA1ASM_mips32 sha512-mips.S - $SHA1DEF_mips64=$SHA1DEF_mips32 SHA512_ASM - - $SHA1ASM_s390x=sha1-s390x.S sha256-s390x.S sha512-s390x.S - $SHA1DEF_s390x=SHA1_ASM SHA256_ASM SHA512_ASM - - $SHA1ASM_armv4=sha1-armv4-large.S sha256-armv4.S sha512-armv4.S - $SHA1DEF_armv4=SHA1_ASM SHA256_ASM SHA512_ASM - $SHA1ASM_aarch64=sha1-armv8.S sha256-armv8.S sha512-armv8.S - $SHA1DEF_aarch64=SHA1_ASM SHA256_ASM SHA512_ASM - - $SHA1ASM_parisc11=sha1-parisc.s sha256-parisc.s sha512-parisc.s - $SHA1DEF_parisc11=SHA1_ASM SHA256_ASM SHA512_ASM - $SHA1ASM_parisc20_64=$SHA1ASM_parisc11 - $SHA1DEF_parisc20_64=$SHA1DEF_parisc11 - - $SHA1ASM_ppc32=\ - sha_ppc.c sha1-ppc.s sha256-ppc.s sha512-ppc.s sha256p8-ppc.s \ - sha512p8-ppc.s - $SHA1DEF_ppc32=SHA1_ASM SHA256_ASM SHA512_ASM - $SHA1ASM_ppc64=$SHA1ASM_ppc32 - $SHA1DEF_ppc64=$SHA1DEF_ppc32 - - $SHA1ASM_c64xplus=sha1-c64xplus.s sha256-c64xplus.s sha512-c64xplus.s - $SHA1DEF_c64xplus=SHA1_ASM SHA256_ASM SHA512_ASM - - # Now that we have defined all the arch specific variables, use the - # appropriate one, and define the appropriate macros - IF[$SHA1ASM_{- $target{asm_arch} -}] - $SHA1ASM=$SHA1ASM_{- $target{asm_arch} -} - $SHA1DEF=$SHA1DEF_{- $target{asm_arch} -} - ENDIF -ENDIF - -$KECCAK1600ASM=keccak1600.c -IF[{- !$disabled{asm} -}] - $KECCAK1600ASM_x86= - $KECCAK1600ASM_x86_64=keccak1600-x86_64.s - - $KECCAK1600ASM_s390x=keccak1600-s390x.S - - $KECCAK1600ASM_armv4=keccak1600-armv4.S - $KECCAK1600ASM_aarch64=keccak1600-armv8.S - - $KECCAK1600ASM_ppc64=keccak1600-ppc64.s - - # Now that we have defined all the arch specific variables, use the - # appropriate one, and define the appropriate macros - IF[$KECCAK1600ASM_{- $target{asm_arch} -}] - $KECCAK1600ASM=$KECCAK1600ASM_{- $target{asm_arch} -} - $KECCAK1600DEF=KECCAK1600_ASM - ENDIF -ENDIF - -$COMMON=sha1dgst.c sha256.c sha512.c sha3.c $SHA1ASM $KECCAK1600ASM -SOURCE[../../libcrypto]=$COMMON sha1_one.c -SOURCE[../../providers/libfips.a]= $COMMON - -# Implementations are now spread across several libraries, so the defines -# need to be applied to all affected libraries and modules. -DEFINE[../../libcrypto]=$SHA1DEF $KECCAK1600DEF -DEFINE[../../providers/libfips.a]=$SHA1DEF $KECCAK1600DEF -DEFINE[../../providers/libdefault.a]=$SHA1DEF $KECCAK1600DEF -# We only need to include the SHA1DEF and KECCAK1600DEF stuff in the -# legacy provider when it's a separate module and it's dynamically -# linked with libcrypto. Otherwise, it already gets everything that -# the static libcrypto.a has, and doesn't need it added again. -IF[{- !$disabled{module} && !$disabled{shared} -}] - DEFINE[../providers/liblegacy.a]=$SHA1DEF $KECCAK1600DEF -ENDIF - -GENERATE[sha1-586.S]=asm/sha1-586.pl -DEPEND[sha1-586.S]=../perlasm/x86asm.pl -GENERATE[sha256-586.S]=asm/sha256-586.pl -DEPEND[sha256-586.S]=../perlasm/x86asm.pl -GENERATE[sha512-586.S]=asm/sha512-586.pl -DEPEND[sha512-586.S]=../perlasm/x86asm.pl - -GENERATE[sha1-ia64.s]=asm/sha1-ia64.pl -GENERATE[sha256-ia64.s]=asm/sha512-ia64.pl -GENERATE[sha512-ia64.s]=asm/sha512-ia64.pl - -GENERATE[sha1-alpha.S]=asm/sha1-alpha.pl - -GENERATE[sha1-x86_64.s]=asm/sha1-x86_64.pl -GENERATE[sha1-mb-x86_64.s]=asm/sha1-mb-x86_64.pl -GENERATE[sha256-x86_64.s]=asm/sha512-x86_64.pl -GENERATE[sha256-mb-x86_64.s]=asm/sha256-mb-x86_64.pl -GENERATE[sha512-x86_64.s]=asm/sha512-x86_64.pl -GENERATE[keccak1600-x86_64.s]=asm/keccak1600-x86_64.pl - -GENERATE[sha1-sparcv9a.S]=asm/sha1-sparcv9a.pl -GENERATE[sha1-sparcv9.S]=asm/sha1-sparcv9.pl -INCLUDE[sha1-sparcv9.o]=.. -GENERATE[sha256-sparcv9.S]=asm/sha512-sparcv9.pl -INCLUDE[sha256-sparcv9.o]=.. -GENERATE[sha512-sparcv9.S]=asm/sha512-sparcv9.pl -INCLUDE[sha512-sparcv9.o]=.. - -GENERATE[sha1-ppc.s]=asm/sha1-ppc.pl -GENERATE[sha256-ppc.s]=asm/sha512-ppc.pl -GENERATE[sha512-ppc.s]=asm/sha512-ppc.pl -GENERATE[sha256p8-ppc.s]=asm/sha512p8-ppc.pl -GENERATE[sha512p8-ppc.s]=asm/sha512p8-ppc.pl -GENERATE[keccak1600-ppc64.s]=asm/keccak1600-ppc64.pl - -GENERATE[sha1-parisc.s]=asm/sha1-parisc.pl -GENERATE[sha256-parisc.s]=asm/sha512-parisc.pl -GENERATE[sha512-parisc.s]=asm/sha512-parisc.pl - -GENERATE[sha1-mips.S]=asm/sha1-mips.pl -INCLUDE[sha1-mips.o]=.. -GENERATE[sha256-mips.S]=asm/sha512-mips.pl -INCLUDE[sha256-mips.o]=.. -GENERATE[sha512-mips.S]=asm/sha512-mips.pl -INCLUDE[sha512-mips.o]=.. - -GENERATE[sha1-armv4-large.S]=asm/sha1-armv4-large.pl -INCLUDE[sha1-armv4-large.o]=.. -GENERATE[sha256-armv4.S]=asm/sha256-armv4.pl -INCLUDE[sha256-armv4.o]=.. -GENERATE[sha512-armv4.S]=asm/sha512-armv4.pl -INCLUDE[sha512-armv4.o]=.. -GENERATE[keccak1600-armv4.S]=asm/keccak1600-armv4.pl -INCLUDE[keccak1600-armv4.o]=.. - -GENERATE[sha1-armv8.S]=asm/sha1-armv8.pl -INCLUDE[sha1-armv8.o]=.. -GENERATE[sha256-armv8.S]=asm/sha512-armv8.pl -INCLUDE[sha256-armv8.o]=.. -GENERATE[sha512-armv8.S]=asm/sha512-armv8.pl -INCLUDE[sha512-armv8.o]=.. -GENERATE[keccak1600-armv8.S]=asm/keccak1600-armv8.pl - -GENERATE[sha1-s390x.S]=asm/sha1-s390x.pl -INCLUDE[sha1-s390x.o]=.. -GENERATE[sha256-s390x.S]=asm/sha512-s390x.pl -INCLUDE[sha256-s390x.o]=.. -GENERATE[sha512-s390x.S]=asm/sha512-s390x.pl -INCLUDE[sha512-s390x.o]=.. -GENERATE[keccak1600-s390x.S]=asm/keccak1600-s390x.pl - -GENERATE[sha1-c64xplus.S]=asm/sha1-c64xplus.pl -GENERATE[sha256-c64xplus.S]=asm/sha256-c64xplus.pl -GENERATE[sha512-c64xplus.S]=asm/sha512-c64xplus.pl -GENERATE[keccak1600-c64x.S]=asm/keccak1600-c64x.pl - -# These are not yet used -GENERATE[keccak1600-avx2.S]=asm/keccak1600-avx2.pl -GENERATE[keccak1600-avx512.S]=asm/keccak1600-avx512.pl -GENERATE[keccak1600-avx512vl.S]=asm/keccak1600-avx512vl.pl -GENERATE[keccak1600-mmx.S]=asm/keccak1600-mmx.pl -GENERATE[keccak1600p8-ppc.S]=asm/keccak1600p8-ppc.pl -GENERATE[sha1-thumb.S]=asm/sha1-thumb.pl diff --git a/crypto/sha/keccak1600.c b/crypto/sha/keccak1600.c deleted file mode 100644 index ccbf12b1c60dee920785c868973b27d0d25b2181..0000000000000000000000000000000000000000 --- a/crypto/sha/keccak1600.c +++ /dev/null @@ -1,1253 +0,0 @@ -/* - * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include - -size_t SHA3_absorb(uint64_t A[5][5], const unsigned char *inp, size_t len, - size_t r); -void SHA3_squeeze(uint64_t A[5][5], unsigned char *out, size_t len, size_t r); - -#if !defined(KECCAK1600_ASM) || !defined(SELFTEST) - -/* - * Choose some sensible defaults - */ -#if !defined(KECCAK_REF) && !defined(KECCAK_1X) && !defined(KECCAK_1X_ALT) && \ - !defined(KECCAK_2X) && !defined(KECCAK_INPLACE) -# define KECCAK_2X /* default to KECCAK_2X variant */ -#endif - -#if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \ - (defined(__x86_64) && !defined(__BMI__)) || defined(_M_X64) || \ - defined(__mips) || defined(__riscv) || defined(__s390__) || \ - defined(__EMSCRIPTEN__) -/* - * These don't have "and with complement" instruction, so minimize amount - * of "not"-s. Implemented only in the [default] KECCAK_2X variant. - */ -# define KECCAK_COMPLEMENTING_TRANSFORM -#endif - -#if defined(__x86_64__) || defined(__aarch64__) || \ - defined(__mips64) || defined(__ia64) || \ - (defined(__VMS) && !defined(__vax)) -/* - * These are available even in ILP32 flavours, but even then they are - * capable of performing 64-bit operations as efficiently as in *P64. - * Since it's not given that we can use sizeof(void *), just shunt it. - */ -# define BIT_INTERLEAVE (0) -#else -# define BIT_INTERLEAVE (sizeof(void *) < 8) -#endif - -#define ROL32(a, offset) (((a) << (offset)) | ((a) >> ((32 - (offset)) & 31))) - -static uint64_t ROL64(uint64_t val, int offset) -{ - if (offset == 0) { - return val; - } else if (!BIT_INTERLEAVE) { - return (val << offset) | (val >> (64-offset)); - } else { - uint32_t hi = (uint32_t)(val >> 32), lo = (uint32_t)val; - - if (offset & 1) { - uint32_t tmp = hi; - - offset >>= 1; - hi = ROL32(lo, offset); - lo = ROL32(tmp, offset + 1); - } else { - offset >>= 1; - lo = ROL32(lo, offset); - hi = ROL32(hi, offset); - } - - return ((uint64_t)hi << 32) | lo; - } -} - -static const unsigned char rhotates[5][5] = { - { 0, 1, 62, 28, 27 }, - { 36, 44, 6, 55, 20 }, - { 3, 10, 43, 25, 39 }, - { 41, 45, 15, 21, 8 }, - { 18, 2, 61, 56, 14 } -}; - -static const uint64_t iotas[] = { - BIT_INTERLEAVE ? 0x0000000000000001ULL : 0x0000000000000001ULL, - BIT_INTERLEAVE ? 0x0000008900000000ULL : 0x0000000000008082ULL, - BIT_INTERLEAVE ? 0x8000008b00000000ULL : 0x800000000000808aULL, - BIT_INTERLEAVE ? 0x8000808000000000ULL : 0x8000000080008000ULL, - BIT_INTERLEAVE ? 0x0000008b00000001ULL : 0x000000000000808bULL, - BIT_INTERLEAVE ? 0x0000800000000001ULL : 0x0000000080000001ULL, - BIT_INTERLEAVE ? 0x8000808800000001ULL : 0x8000000080008081ULL, - BIT_INTERLEAVE ? 0x8000008200000001ULL : 0x8000000000008009ULL, - BIT_INTERLEAVE ? 0x0000000b00000000ULL : 0x000000000000008aULL, - BIT_INTERLEAVE ? 0x0000000a00000000ULL : 0x0000000000000088ULL, - BIT_INTERLEAVE ? 0x0000808200000001ULL : 0x0000000080008009ULL, - BIT_INTERLEAVE ? 0x0000800300000000ULL : 0x000000008000000aULL, - BIT_INTERLEAVE ? 0x0000808b00000001ULL : 0x000000008000808bULL, - BIT_INTERLEAVE ? 0x8000000b00000001ULL : 0x800000000000008bULL, - BIT_INTERLEAVE ? 0x8000008a00000001ULL : 0x8000000000008089ULL, - BIT_INTERLEAVE ? 0x8000008100000001ULL : 0x8000000000008003ULL, - BIT_INTERLEAVE ? 0x8000008100000000ULL : 0x8000000000008002ULL, - BIT_INTERLEAVE ? 0x8000000800000000ULL : 0x8000000000000080ULL, - BIT_INTERLEAVE ? 0x0000008300000000ULL : 0x000000000000800aULL, - BIT_INTERLEAVE ? 0x8000800300000000ULL : 0x800000008000000aULL, - BIT_INTERLEAVE ? 0x8000808800000001ULL : 0x8000000080008081ULL, - BIT_INTERLEAVE ? 0x8000008800000000ULL : 0x8000000000008080ULL, - BIT_INTERLEAVE ? 0x0000800000000001ULL : 0x0000000080000001ULL, - BIT_INTERLEAVE ? 0x8000808200000000ULL : 0x8000000080008008ULL -}; - -#if defined(KECCAK_REF) -/* - * This is straightforward or "maximum clarity" implementation aiming - * to resemble section 3.2 of the FIPS PUB 202 "SHA-3 Standard: - * Permutation-Based Hash and Extendible-Output Functions" as much as - * possible. With one caveat. Because of the way C stores matrices, - * references to A[x,y] in the specification are presented as A[y][x]. - * Implementation unrolls inner x-loops so that modulo 5 operations are - * explicitly pre-computed. - */ -static void Theta(uint64_t A[5][5]) -{ - uint64_t C[5], D[5]; - size_t y; - - C[0] = A[0][0]; - C[1] = A[0][1]; - C[2] = A[0][2]; - C[3] = A[0][3]; - C[4] = A[0][4]; - - for (y = 1; y < 5; y++) { - C[0] ^= A[y][0]; - C[1] ^= A[y][1]; - C[2] ^= A[y][2]; - C[3] ^= A[y][3]; - C[4] ^= A[y][4]; - } - - D[0] = ROL64(C[1], 1) ^ C[4]; - D[1] = ROL64(C[2], 1) ^ C[0]; - D[2] = ROL64(C[3], 1) ^ C[1]; - D[3] = ROL64(C[4], 1) ^ C[2]; - D[4] = ROL64(C[0], 1) ^ C[3]; - - for (y = 0; y < 5; y++) { - A[y][0] ^= D[0]; - A[y][1] ^= D[1]; - A[y][2] ^= D[2]; - A[y][3] ^= D[3]; - A[y][4] ^= D[4]; - } -} - -static void Rho(uint64_t A[5][5]) -{ - size_t y; - - for (y = 0; y < 5; y++) { - A[y][0] = ROL64(A[y][0], rhotates[y][0]); - A[y][1] = ROL64(A[y][1], rhotates[y][1]); - A[y][2] = ROL64(A[y][2], rhotates[y][2]); - A[y][3] = ROL64(A[y][3], rhotates[y][3]); - A[y][4] = ROL64(A[y][4], rhotates[y][4]); - } -} - -static void Pi(uint64_t A[5][5]) -{ - uint64_t T[5][5]; - - /* - * T = A - * A[y][x] = T[x][(3*y+x)%5] - */ - memcpy(T, A, sizeof(T)); - - A[0][0] = T[0][0]; - A[0][1] = T[1][1]; - A[0][2] = T[2][2]; - A[0][3] = T[3][3]; - A[0][4] = T[4][4]; - - A[1][0] = T[0][3]; - A[1][1] = T[1][4]; - A[1][2] = T[2][0]; - A[1][3] = T[3][1]; - A[1][4] = T[4][2]; - - A[2][0] = T[0][1]; - A[2][1] = T[1][2]; - A[2][2] = T[2][3]; - A[2][3] = T[3][4]; - A[2][4] = T[4][0]; - - A[3][0] = T[0][4]; - A[3][1] = T[1][0]; - A[3][2] = T[2][1]; - A[3][3] = T[3][2]; - A[3][4] = T[4][3]; - - A[4][0] = T[0][2]; - A[4][1] = T[1][3]; - A[4][2] = T[2][4]; - A[4][3] = T[3][0]; - A[4][4] = T[4][1]; -} - -static void Chi(uint64_t A[5][5]) -{ - uint64_t C[5]; - size_t y; - - for (y = 0; y < 5; y++) { - C[0] = A[y][0] ^ (~A[y][1] & A[y][2]); - C[1] = A[y][1] ^ (~A[y][2] & A[y][3]); - C[2] = A[y][2] ^ (~A[y][3] & A[y][4]); - C[3] = A[y][3] ^ (~A[y][4] & A[y][0]); - C[4] = A[y][4] ^ (~A[y][0] & A[y][1]); - - A[y][0] = C[0]; - A[y][1] = C[1]; - A[y][2] = C[2]; - A[y][3] = C[3]; - A[y][4] = C[4]; - } -} - -static void Iota(uint64_t A[5][5], size_t i) -{ - assert(i < (sizeof(iotas) / sizeof(iotas[0]))); - A[0][0] ^= iotas[i]; -} - -static void KeccakF1600(uint64_t A[5][5]) -{ - size_t i; - - for (i = 0; i < 24; i++) { - Theta(A); - Rho(A); - Pi(A); - Chi(A); - Iota(A, i); - } -} - -#elif defined(KECCAK_1X) -/* - * This implementation is optimization of above code featuring unroll - * of even y-loops, their fusion and code motion. It also minimizes - * temporary storage. Compiler would normally do all these things for - * you, purpose of manual optimization is to provide "unobscured" - * reference for assembly implementation [in case this approach is - * chosen for implementation on some platform]. In the nutshell it's - * equivalent of "plane-per-plane processing" approach discussed in - * section 2.4 of "Keccak implementation overview". - */ -static void Round(uint64_t A[5][5], size_t i) -{ - uint64_t C[5], E[2]; /* registers */ - uint64_t D[5], T[2][5]; /* memory */ - - assert(i < (sizeof(iotas) / sizeof(iotas[0]))); - - C[0] = A[0][0] ^ A[1][0] ^ A[2][0] ^ A[3][0] ^ A[4][0]; - C[1] = A[0][1] ^ A[1][1] ^ A[2][1] ^ A[3][1] ^ A[4][1]; - C[2] = A[0][2] ^ A[1][2] ^ A[2][2] ^ A[3][2] ^ A[4][2]; - C[3] = A[0][3] ^ A[1][3] ^ A[2][3] ^ A[3][3] ^ A[4][3]; - C[4] = A[0][4] ^ A[1][4] ^ A[2][4] ^ A[3][4] ^ A[4][4]; - -#if defined(__arm__) - D[1] = E[0] = ROL64(C[2], 1) ^ C[0]; - D[4] = E[1] = ROL64(C[0], 1) ^ C[3]; - D[0] = C[0] = ROL64(C[1], 1) ^ C[4]; - D[2] = C[1] = ROL64(C[3], 1) ^ C[1]; - D[3] = C[2] = ROL64(C[4], 1) ^ C[2]; - - T[0][0] = A[3][0] ^ C[0]; /* borrow T[0][0] */ - T[0][1] = A[0][1] ^ E[0]; /* D[1] */ - T[0][2] = A[0][2] ^ C[1]; /* D[2] */ - T[0][3] = A[0][3] ^ C[2]; /* D[3] */ - T[0][4] = A[0][4] ^ E[1]; /* D[4] */ - - C[3] = ROL64(A[3][3] ^ C[2], rhotates[3][3]); /* D[3] */ - C[4] = ROL64(A[4][4] ^ E[1], rhotates[4][4]); /* D[4] */ - C[0] = A[0][0] ^ C[0]; /* rotate by 0 */ /* D[0] */ - C[2] = ROL64(A[2][2] ^ C[1], rhotates[2][2]); /* D[2] */ - C[1] = ROL64(A[1][1] ^ E[0], rhotates[1][1]); /* D[1] */ -#else - D[0] = ROL64(C[1], 1) ^ C[4]; - D[1] = ROL64(C[2], 1) ^ C[0]; - D[2] = ROL64(C[3], 1) ^ C[1]; - D[3] = ROL64(C[4], 1) ^ C[2]; - D[4] = ROL64(C[0], 1) ^ C[3]; - - T[0][0] = A[3][0] ^ D[0]; /* borrow T[0][0] */ - T[0][1] = A[0][1] ^ D[1]; - T[0][2] = A[0][2] ^ D[2]; - T[0][3] = A[0][3] ^ D[3]; - T[0][4] = A[0][4] ^ D[4]; - - C[0] = A[0][0] ^ D[0]; /* rotate by 0 */ - C[1] = ROL64(A[1][1] ^ D[1], rhotates[1][1]); - C[2] = ROL64(A[2][2] ^ D[2], rhotates[2][2]); - C[3] = ROL64(A[3][3] ^ D[3], rhotates[3][3]); - C[4] = ROL64(A[4][4] ^ D[4], rhotates[4][4]); -#endif - A[0][0] = C[0] ^ (~C[1] & C[2]) ^ iotas[i]; - A[0][1] = C[1] ^ (~C[2] & C[3]); - A[0][2] = C[2] ^ (~C[3] & C[4]); - A[0][3] = C[3] ^ (~C[4] & C[0]); - A[0][4] = C[4] ^ (~C[0] & C[1]); - - T[1][0] = A[1][0] ^ (C[3] = D[0]); - T[1][1] = A[2][1] ^ (C[4] = D[1]); /* borrow T[1][1] */ - T[1][2] = A[1][2] ^ (E[0] = D[2]); - T[1][3] = A[1][3] ^ (E[1] = D[3]); - T[1][4] = A[2][4] ^ (C[2] = D[4]); /* borrow T[1][4] */ - - C[0] = ROL64(T[0][3], rhotates[0][3]); - C[1] = ROL64(A[1][4] ^ C[2], rhotates[1][4]); /* D[4] */ - C[2] = ROL64(A[2][0] ^ C[3], rhotates[2][0]); /* D[0] */ - C[3] = ROL64(A[3][1] ^ C[4], rhotates[3][1]); /* D[1] */ - C[4] = ROL64(A[4][2] ^ E[0], rhotates[4][2]); /* D[2] */ - - A[1][0] = C[0] ^ (~C[1] & C[2]); - A[1][1] = C[1] ^ (~C[2] & C[3]); - A[1][2] = C[2] ^ (~C[3] & C[4]); - A[1][3] = C[3] ^ (~C[4] & C[0]); - A[1][4] = C[4] ^ (~C[0] & C[1]); - - C[0] = ROL64(T[0][1], rhotates[0][1]); - C[1] = ROL64(T[1][2], rhotates[1][2]); - C[2] = ROL64(A[2][3] ^ D[3], rhotates[2][3]); - C[3] = ROL64(A[3][4] ^ D[4], rhotates[3][4]); - C[4] = ROL64(A[4][0] ^ D[0], rhotates[4][0]); - - A[2][0] = C[0] ^ (~C[1] & C[2]); - A[2][1] = C[1] ^ (~C[2] & C[3]); - A[2][2] = C[2] ^ (~C[3] & C[4]); - A[2][3] = C[3] ^ (~C[4] & C[0]); - A[2][4] = C[4] ^ (~C[0] & C[1]); - - C[0] = ROL64(T[0][4], rhotates[0][4]); - C[1] = ROL64(T[1][0], rhotates[1][0]); - C[2] = ROL64(T[1][1], rhotates[2][1]); /* originally A[2][1] */ - C[3] = ROL64(A[3][2] ^ D[2], rhotates[3][2]); - C[4] = ROL64(A[4][3] ^ D[3], rhotates[4][3]); - - A[3][0] = C[0] ^ (~C[1] & C[2]); - A[3][1] = C[1] ^ (~C[2] & C[3]); - A[3][2] = C[2] ^ (~C[3] & C[4]); - A[3][3] = C[3] ^ (~C[4] & C[0]); - A[3][4] = C[4] ^ (~C[0] & C[1]); - - C[0] = ROL64(T[0][2], rhotates[0][2]); - C[1] = ROL64(T[1][3], rhotates[1][3]); - C[2] = ROL64(T[1][4], rhotates[2][4]); /* originally A[2][4] */ - C[3] = ROL64(T[0][0], rhotates[3][0]); /* originally A[3][0] */ - C[4] = ROL64(A[4][1] ^ D[1], rhotates[4][1]); - - A[4][0] = C[0] ^ (~C[1] & C[2]); - A[4][1] = C[1] ^ (~C[2] & C[3]); - A[4][2] = C[2] ^ (~C[3] & C[4]); - A[4][3] = C[3] ^ (~C[4] & C[0]); - A[4][4] = C[4] ^ (~C[0] & C[1]); -} - -static void KeccakF1600(uint64_t A[5][5]) -{ - size_t i; - - for (i = 0; i < 24; i++) { - Round(A, i); - } -} - -#elif defined(KECCAK_1X_ALT) -/* - * This is variant of above KECCAK_1X that reduces requirement for - * temporary storage even further, but at cost of more updates to A[][]. - * It's less suitable if A[][] is memory bound, but better if it's - * register bound. - */ - -static void Round(uint64_t A[5][5], size_t i) -{ - uint64_t C[5], D[5]; - - assert(i < (sizeof(iotas) / sizeof(iotas[0]))); - - C[0] = A[0][0] ^ A[1][0] ^ A[2][0] ^ A[3][0] ^ A[4][0]; - C[1] = A[0][1] ^ A[1][1] ^ A[2][1] ^ A[3][1] ^ A[4][1]; - C[2] = A[0][2] ^ A[1][2] ^ A[2][2] ^ A[3][2] ^ A[4][2]; - C[3] = A[0][3] ^ A[1][3] ^ A[2][3] ^ A[3][3] ^ A[4][3]; - C[4] = A[0][4] ^ A[1][4] ^ A[2][4] ^ A[3][4] ^ A[4][4]; - - D[1] = C[0] ^ ROL64(C[2], 1); - D[2] = C[1] ^ ROL64(C[3], 1); - D[3] = C[2] ^= ROL64(C[4], 1); - D[4] = C[3] ^= ROL64(C[0], 1); - D[0] = C[4] ^= ROL64(C[1], 1); - - A[0][1] ^= D[1]; - A[1][1] ^= D[1]; - A[2][1] ^= D[1]; - A[3][1] ^= D[1]; - A[4][1] ^= D[1]; - - A[0][2] ^= D[2]; - A[1][2] ^= D[2]; - A[2][2] ^= D[2]; - A[3][2] ^= D[2]; - A[4][2] ^= D[2]; - - A[0][3] ^= C[2]; - A[1][3] ^= C[2]; - A[2][3] ^= C[2]; - A[3][3] ^= C[2]; - A[4][3] ^= C[2]; - - A[0][4] ^= C[3]; - A[1][4] ^= C[3]; - A[2][4] ^= C[3]; - A[3][4] ^= C[3]; - A[4][4] ^= C[3]; - - A[0][0] ^= C[4]; - A[1][0] ^= C[4]; - A[2][0] ^= C[4]; - A[3][0] ^= C[4]; - A[4][0] ^= C[4]; - - C[1] = A[0][1]; - C[2] = A[0][2]; - C[3] = A[0][3]; - C[4] = A[0][4]; - - A[0][1] = ROL64(A[1][1], rhotates[1][1]); - A[0][2] = ROL64(A[2][2], rhotates[2][2]); - A[0][3] = ROL64(A[3][3], rhotates[3][3]); - A[0][4] = ROL64(A[4][4], rhotates[4][4]); - - A[1][1] = ROL64(A[1][4], rhotates[1][4]); - A[2][2] = ROL64(A[2][3], rhotates[2][3]); - A[3][3] = ROL64(A[3][2], rhotates[3][2]); - A[4][4] = ROL64(A[4][1], rhotates[4][1]); - - A[1][4] = ROL64(A[4][2], rhotates[4][2]); - A[2][3] = ROL64(A[3][4], rhotates[3][4]); - A[3][2] = ROL64(A[2][1], rhotates[2][1]); - A[4][1] = ROL64(A[1][3], rhotates[1][3]); - - A[4][2] = ROL64(A[2][4], rhotates[2][4]); - A[3][4] = ROL64(A[4][3], rhotates[4][3]); - A[2][1] = ROL64(A[1][2], rhotates[1][2]); - A[1][3] = ROL64(A[3][1], rhotates[3][1]); - - A[2][4] = ROL64(A[4][0], rhotates[4][0]); - A[4][3] = ROL64(A[3][0], rhotates[3][0]); - A[1][2] = ROL64(A[2][0], rhotates[2][0]); - A[3][1] = ROL64(A[1][0], rhotates[1][0]); - - A[1][0] = ROL64(C[3], rhotates[0][3]); - A[2][0] = ROL64(C[1], rhotates[0][1]); - A[3][0] = ROL64(C[4], rhotates[0][4]); - A[4][0] = ROL64(C[2], rhotates[0][2]); - - C[0] = A[0][0]; - C[1] = A[1][0]; - D[0] = A[0][1]; - D[1] = A[1][1]; - - A[0][0] ^= (~A[0][1] & A[0][2]); - A[1][0] ^= (~A[1][1] & A[1][2]); - A[0][1] ^= (~A[0][2] & A[0][3]); - A[1][1] ^= (~A[1][2] & A[1][3]); - A[0][2] ^= (~A[0][3] & A[0][4]); - A[1][2] ^= (~A[1][3] & A[1][4]); - A[0][3] ^= (~A[0][4] & C[0]); - A[1][3] ^= (~A[1][4] & C[1]); - A[0][4] ^= (~C[0] & D[0]); - A[1][4] ^= (~C[1] & D[1]); - - C[2] = A[2][0]; - C[3] = A[3][0]; - D[2] = A[2][1]; - D[3] = A[3][1]; - - A[2][0] ^= (~A[2][1] & A[2][2]); - A[3][0] ^= (~A[3][1] & A[3][2]); - A[2][1] ^= (~A[2][2] & A[2][3]); - A[3][1] ^= (~A[3][2] & A[3][3]); - A[2][2] ^= (~A[2][3] & A[2][4]); - A[3][2] ^= (~A[3][3] & A[3][4]); - A[2][3] ^= (~A[2][4] & C[2]); - A[3][3] ^= (~A[3][4] & C[3]); - A[2][4] ^= (~C[2] & D[2]); - A[3][4] ^= (~C[3] & D[3]); - - C[4] = A[4][0]; - D[4] = A[4][1]; - - A[4][0] ^= (~A[4][1] & A[4][2]); - A[4][1] ^= (~A[4][2] & A[4][3]); - A[4][2] ^= (~A[4][3] & A[4][4]); - A[4][3] ^= (~A[4][4] & C[4]); - A[4][4] ^= (~C[4] & D[4]); - A[0][0] ^= iotas[i]; -} - -static void KeccakF1600(uint64_t A[5][5]) -{ - size_t i; - - for (i = 0; i < 24; i++) { - Round(A, i); - } -} - -#elif defined(KECCAK_2X) -/* - * This implementation is variant of KECCAK_1X above with outer-most - * round loop unrolled twice. This allows to take temporary storage - * out of round procedure and simplify references to it by alternating - * it with actual data (see round loop below). Originally it was meant - * rather as reference for an assembly implementation, but it seems to - * play best with compilers [as well as provide best instruction per - * processed byte ratio at minimal round unroll factor]... - */ -static void Round(uint64_t R[5][5], uint64_t A[5][5], size_t i) -{ - uint64_t C[5], D[5]; - - assert(i < (sizeof(iotas) / sizeof(iotas[0]))); - - C[0] = A[0][0] ^ A[1][0] ^ A[2][0] ^ A[3][0] ^ A[4][0]; - C[1] = A[0][1] ^ A[1][1] ^ A[2][1] ^ A[3][1] ^ A[4][1]; - C[2] = A[0][2] ^ A[1][2] ^ A[2][2] ^ A[3][2] ^ A[4][2]; - C[3] = A[0][3] ^ A[1][3] ^ A[2][3] ^ A[3][3] ^ A[4][3]; - C[4] = A[0][4] ^ A[1][4] ^ A[2][4] ^ A[3][4] ^ A[4][4]; - - D[0] = ROL64(C[1], 1) ^ C[4]; - D[1] = ROL64(C[2], 1) ^ C[0]; - D[2] = ROL64(C[3], 1) ^ C[1]; - D[3] = ROL64(C[4], 1) ^ C[2]; - D[4] = ROL64(C[0], 1) ^ C[3]; - - C[0] = A[0][0] ^ D[0]; /* rotate by 0 */ - C[1] = ROL64(A[1][1] ^ D[1], rhotates[1][1]); - C[2] = ROL64(A[2][2] ^ D[2], rhotates[2][2]); - C[3] = ROL64(A[3][3] ^ D[3], rhotates[3][3]); - C[4] = ROL64(A[4][4] ^ D[4], rhotates[4][4]); - -#ifdef KECCAK_COMPLEMENTING_TRANSFORM - R[0][0] = C[0] ^ ( C[1] | C[2]) ^ iotas[i]; - R[0][1] = C[1] ^ (~C[2] | C[3]); - R[0][2] = C[2] ^ ( C[3] & C[4]); - R[0][3] = C[3] ^ ( C[4] | C[0]); - R[0][4] = C[4] ^ ( C[0] & C[1]); -#else - R[0][0] = C[0] ^ (~C[1] & C[2]) ^ iotas[i]; - R[0][1] = C[1] ^ (~C[2] & C[3]); - R[0][2] = C[2] ^ (~C[3] & C[4]); - R[0][3] = C[3] ^ (~C[4] & C[0]); - R[0][4] = C[4] ^ (~C[0] & C[1]); -#endif - - C[0] = ROL64(A[0][3] ^ D[3], rhotates[0][3]); - C[1] = ROL64(A[1][4] ^ D[4], rhotates[1][4]); - C[2] = ROL64(A[2][0] ^ D[0], rhotates[2][0]); - C[3] = ROL64(A[3][1] ^ D[1], rhotates[3][1]); - C[4] = ROL64(A[4][2] ^ D[2], rhotates[4][2]); - -#ifdef KECCAK_COMPLEMENTING_TRANSFORM - R[1][0] = C[0] ^ (C[1] | C[2]); - R[1][1] = C[1] ^ (C[2] & C[3]); - R[1][2] = C[2] ^ (C[3] | ~C[4]); - R[1][3] = C[3] ^ (C[4] | C[0]); - R[1][4] = C[4] ^ (C[0] & C[1]); -#else - R[1][0] = C[0] ^ (~C[1] & C[2]); - R[1][1] = C[1] ^ (~C[2] & C[3]); - R[1][2] = C[2] ^ (~C[3] & C[4]); - R[1][3] = C[3] ^ (~C[4] & C[0]); - R[1][4] = C[4] ^ (~C[0] & C[1]); -#endif - - C[0] = ROL64(A[0][1] ^ D[1], rhotates[0][1]); - C[1] = ROL64(A[1][2] ^ D[2], rhotates[1][2]); - C[2] = ROL64(A[2][3] ^ D[3], rhotates[2][3]); - C[3] = ROL64(A[3][4] ^ D[4], rhotates[3][4]); - C[4] = ROL64(A[4][0] ^ D[0], rhotates[4][0]); - -#ifdef KECCAK_COMPLEMENTING_TRANSFORM - R[2][0] = C[0] ^ ( C[1] | C[2]); - R[2][1] = C[1] ^ ( C[2] & C[3]); - R[2][2] = C[2] ^ (~C[3] & C[4]); - R[2][3] = ~C[3] ^ ( C[4] | C[0]); - R[2][4] = C[4] ^ ( C[0] & C[1]); -#else - R[2][0] = C[0] ^ (~C[1] & C[2]); - R[2][1] = C[1] ^ (~C[2] & C[3]); - R[2][2] = C[2] ^ (~C[3] & C[4]); - R[2][3] = C[3] ^ (~C[4] & C[0]); - R[2][4] = C[4] ^ (~C[0] & C[1]); -#endif - - C[0] = ROL64(A[0][4] ^ D[4], rhotates[0][4]); - C[1] = ROL64(A[1][0] ^ D[0], rhotates[1][0]); - C[2] = ROL64(A[2][1] ^ D[1], rhotates[2][1]); - C[3] = ROL64(A[3][2] ^ D[2], rhotates[3][2]); - C[4] = ROL64(A[4][3] ^ D[3], rhotates[4][3]); - -#ifdef KECCAK_COMPLEMENTING_TRANSFORM - R[3][0] = C[0] ^ ( C[1] & C[2]); - R[3][1] = C[1] ^ ( C[2] | C[3]); - R[3][2] = C[2] ^ (~C[3] | C[4]); - R[3][3] = ~C[3] ^ ( C[4] & C[0]); - R[3][4] = C[4] ^ ( C[0] | C[1]); -#else - R[3][0] = C[0] ^ (~C[1] & C[2]); - R[3][1] = C[1] ^ (~C[2] & C[3]); - R[3][2] = C[2] ^ (~C[3] & C[4]); - R[3][3] = C[3] ^ (~C[4] & C[0]); - R[3][4] = C[4] ^ (~C[0] & C[1]); -#endif - - C[0] = ROL64(A[0][2] ^ D[2], rhotates[0][2]); - C[1] = ROL64(A[1][3] ^ D[3], rhotates[1][3]); - C[2] = ROL64(A[2][4] ^ D[4], rhotates[2][4]); - C[3] = ROL64(A[3][0] ^ D[0], rhotates[3][0]); - C[4] = ROL64(A[4][1] ^ D[1], rhotates[4][1]); - -#ifdef KECCAK_COMPLEMENTING_TRANSFORM - R[4][0] = C[0] ^ (~C[1] & C[2]); - R[4][1] = ~C[1] ^ ( C[2] | C[3]); - R[4][2] = C[2] ^ ( C[3] & C[4]); - R[4][3] = C[3] ^ ( C[4] | C[0]); - R[4][4] = C[4] ^ ( C[0] & C[1]); -#else - R[4][0] = C[0] ^ (~C[1] & C[2]); - R[4][1] = C[1] ^ (~C[2] & C[3]); - R[4][2] = C[2] ^ (~C[3] & C[4]); - R[4][3] = C[3] ^ (~C[4] & C[0]); - R[4][4] = C[4] ^ (~C[0] & C[1]); -#endif -} - -static void KeccakF1600(uint64_t A[5][5]) -{ - uint64_t T[5][5]; - size_t i; - -#ifdef KECCAK_COMPLEMENTING_TRANSFORM - A[0][1] = ~A[0][1]; - A[0][2] = ~A[0][2]; - A[1][3] = ~A[1][3]; - A[2][2] = ~A[2][2]; - A[3][2] = ~A[3][2]; - A[4][0] = ~A[4][0]; -#endif - - for (i = 0; i < 24; i += 2) { - Round(T, A, i); - Round(A, T, i + 1); - } - -#ifdef KECCAK_COMPLEMENTING_TRANSFORM - A[0][1] = ~A[0][1]; - A[0][2] = ~A[0][2]; - A[1][3] = ~A[1][3]; - A[2][2] = ~A[2][2]; - A[3][2] = ~A[3][2]; - A[4][0] = ~A[4][0]; -#endif -} - -#else /* define KECCAK_INPLACE to compile this code path */ -/* - * This implementation is KECCAK_1X from above combined 4 times with - * a twist that allows to omit temporary storage and perform in-place - * processing. It's discussed in section 2.5 of "Keccak implementation - * overview". It's likely to be best suited for processors with large - * register bank... On the other hand processor with large register - * bank can as well use KECCAK_1X_ALT, it would be as fast but much - * more compact... - */ -static void FourRounds(uint64_t A[5][5], size_t i) -{ - uint64_t B[5], C[5], D[5]; - - assert(i <= (sizeof(iotas) / sizeof(iotas[0]) - 4)); - - /* Round 4*n */ - C[0] = A[0][0] ^ A[1][0] ^ A[2][0] ^ A[3][0] ^ A[4][0]; - C[1] = A[0][1] ^ A[1][1] ^ A[2][1] ^ A[3][1] ^ A[4][1]; - C[2] = A[0][2] ^ A[1][2] ^ A[2][2] ^ A[3][2] ^ A[4][2]; - C[3] = A[0][3] ^ A[1][3] ^ A[2][3] ^ A[3][3] ^ A[4][3]; - C[4] = A[0][4] ^ A[1][4] ^ A[2][4] ^ A[3][4] ^ A[4][4]; - - D[0] = ROL64(C[1], 1) ^ C[4]; - D[1] = ROL64(C[2], 1) ^ C[0]; - D[2] = ROL64(C[3], 1) ^ C[1]; - D[3] = ROL64(C[4], 1) ^ C[2]; - D[4] = ROL64(C[0], 1) ^ C[3]; - - B[0] = A[0][0] ^ D[0]; /* rotate by 0 */ - B[1] = ROL64(A[1][1] ^ D[1], rhotates[1][1]); - B[2] = ROL64(A[2][2] ^ D[2], rhotates[2][2]); - B[3] = ROL64(A[3][3] ^ D[3], rhotates[3][3]); - B[4] = ROL64(A[4][4] ^ D[4], rhotates[4][4]); - - C[0] = A[0][0] = B[0] ^ (~B[1] & B[2]) ^ iotas[i]; - C[1] = A[1][1] = B[1] ^ (~B[2] & B[3]); - C[2] = A[2][2] = B[2] ^ (~B[3] & B[4]); - C[3] = A[3][3] = B[3] ^ (~B[4] & B[0]); - C[4] = A[4][4] = B[4] ^ (~B[0] & B[1]); - - B[0] = ROL64(A[0][3] ^ D[3], rhotates[0][3]); - B[1] = ROL64(A[1][4] ^ D[4], rhotates[1][4]); - B[2] = ROL64(A[2][0] ^ D[0], rhotates[2][0]); - B[3] = ROL64(A[3][1] ^ D[1], rhotates[3][1]); - B[4] = ROL64(A[4][2] ^ D[2], rhotates[4][2]); - - C[0] ^= A[2][0] = B[0] ^ (~B[1] & B[2]); - C[1] ^= A[3][1] = B[1] ^ (~B[2] & B[3]); - C[2] ^= A[4][2] = B[2] ^ (~B[3] & B[4]); - C[3] ^= A[0][3] = B[3] ^ (~B[4] & B[0]); - C[4] ^= A[1][4] = B[4] ^ (~B[0] & B[1]); - - B[0] = ROL64(A[0][1] ^ D[1], rhotates[0][1]); - B[1] = ROL64(A[1][2] ^ D[2], rhotates[1][2]); - B[2] = ROL64(A[2][3] ^ D[3], rhotates[2][3]); - B[3] = ROL64(A[3][4] ^ D[4], rhotates[3][4]); - B[4] = ROL64(A[4][0] ^ D[0], rhotates[4][0]); - - C[0] ^= A[4][0] = B[0] ^ (~B[1] & B[2]); - C[1] ^= A[0][1] = B[1] ^ (~B[2] & B[3]); - C[2] ^= A[1][2] = B[2] ^ (~B[3] & B[4]); - C[3] ^= A[2][3] = B[3] ^ (~B[4] & B[0]); - C[4] ^= A[3][4] = B[4] ^ (~B[0] & B[1]); - - B[0] = ROL64(A[0][4] ^ D[4], rhotates[0][4]); - B[1] = ROL64(A[1][0] ^ D[0], rhotates[1][0]); - B[2] = ROL64(A[2][1] ^ D[1], rhotates[2][1]); - B[3] = ROL64(A[3][2] ^ D[2], rhotates[3][2]); - B[4] = ROL64(A[4][3] ^ D[3], rhotates[4][3]); - - C[0] ^= A[1][0] = B[0] ^ (~B[1] & B[2]); - C[1] ^= A[2][1] = B[1] ^ (~B[2] & B[3]); - C[2] ^= A[3][2] = B[2] ^ (~B[3] & B[4]); - C[3] ^= A[4][3] = B[3] ^ (~B[4] & B[0]); - C[4] ^= A[0][4] = B[4] ^ (~B[0] & B[1]); - - B[0] = ROL64(A[0][2] ^ D[2], rhotates[0][2]); - B[1] = ROL64(A[1][3] ^ D[3], rhotates[1][3]); - B[2] = ROL64(A[2][4] ^ D[4], rhotates[2][4]); - B[3] = ROL64(A[3][0] ^ D[0], rhotates[3][0]); - B[4] = ROL64(A[4][1] ^ D[1], rhotates[4][1]); - - C[0] ^= A[3][0] = B[0] ^ (~B[1] & B[2]); - C[1] ^= A[4][1] = B[1] ^ (~B[2] & B[3]); - C[2] ^= A[0][2] = B[2] ^ (~B[3] & B[4]); - C[3] ^= A[1][3] = B[3] ^ (~B[4] & B[0]); - C[4] ^= A[2][4] = B[4] ^ (~B[0] & B[1]); - - /* Round 4*n+1 */ - D[0] = ROL64(C[1], 1) ^ C[4]; - D[1] = ROL64(C[2], 1) ^ C[0]; - D[2] = ROL64(C[3], 1) ^ C[1]; - D[3] = ROL64(C[4], 1) ^ C[2]; - D[4] = ROL64(C[0], 1) ^ C[3]; - - B[0] = A[0][0] ^ D[0]; /* rotate by 0 */ - B[1] = ROL64(A[3][1] ^ D[1], rhotates[1][1]); - B[2] = ROL64(A[1][2] ^ D[2], rhotates[2][2]); - B[3] = ROL64(A[4][3] ^ D[3], rhotates[3][3]); - B[4] = ROL64(A[2][4] ^ D[4], rhotates[4][4]); - - C[0] = A[0][0] = B[0] ^ (~B[1] & B[2]) ^ iotas[i + 1]; - C[1] = A[3][1] = B[1] ^ (~B[2] & B[3]); - C[2] = A[1][2] = B[2] ^ (~B[3] & B[4]); - C[3] = A[4][3] = B[3] ^ (~B[4] & B[0]); - C[4] = A[2][4] = B[4] ^ (~B[0] & B[1]); - - B[0] = ROL64(A[3][3] ^ D[3], rhotates[0][3]); - B[1] = ROL64(A[1][4] ^ D[4], rhotates[1][4]); - B[2] = ROL64(A[4][0] ^ D[0], rhotates[2][0]); - B[3] = ROL64(A[2][1] ^ D[1], rhotates[3][1]); - B[4] = ROL64(A[0][2] ^ D[2], rhotates[4][2]); - - C[0] ^= A[4][0] = B[0] ^ (~B[1] & B[2]); - C[1] ^= A[2][1] = B[1] ^ (~B[2] & B[3]); - C[2] ^= A[0][2] = B[2] ^ (~B[3] & B[4]); - C[3] ^= A[3][3] = B[3] ^ (~B[4] & B[0]); - C[4] ^= A[1][4] = B[4] ^ (~B[0] & B[1]); - - B[0] = ROL64(A[1][1] ^ D[1], rhotates[0][1]); - B[1] = ROL64(A[4][2] ^ D[2], rhotates[1][2]); - B[2] = ROL64(A[2][3] ^ D[3], rhotates[2][3]); - B[3] = ROL64(A[0][4] ^ D[4], rhotates[3][4]); - B[4] = ROL64(A[3][0] ^ D[0], rhotates[4][0]); - - C[0] ^= A[3][0] = B[0] ^ (~B[1] & B[2]); - C[1] ^= A[1][1] = B[1] ^ (~B[2] & B[3]); - C[2] ^= A[4][2] = B[2] ^ (~B[3] & B[4]); - C[3] ^= A[2][3] = B[3] ^ (~B[4] & B[0]); - C[4] ^= A[0][4] = B[4] ^ (~B[0] & B[1]); - - B[0] = ROL64(A[4][4] ^ D[4], rhotates[0][4]); - B[1] = ROL64(A[2][0] ^ D[0], rhotates[1][0]); - B[2] = ROL64(A[0][1] ^ D[1], rhotates[2][1]); - B[3] = ROL64(A[3][2] ^ D[2], rhotates[3][2]); - B[4] = ROL64(A[1][3] ^ D[3], rhotates[4][3]); - - C[0] ^= A[2][0] = B[0] ^ (~B[1] & B[2]); - C[1] ^= A[0][1] = B[1] ^ (~B[2] & B[3]); - C[2] ^= A[3][2] = B[2] ^ (~B[3] & B[4]); - C[3] ^= A[1][3] = B[3] ^ (~B[4] & B[0]); - C[4] ^= A[4][4] = B[4] ^ (~B[0] & B[1]); - - B[0] = ROL64(A[2][2] ^ D[2], rhotates[0][2]); - B[1] = ROL64(A[0][3] ^ D[3], rhotates[1][3]); - B[2] = ROL64(A[3][4] ^ D[4], rhotates[2][4]); - B[3] = ROL64(A[1][0] ^ D[0], rhotates[3][0]); - B[4] = ROL64(A[4][1] ^ D[1], rhotates[4][1]); - - C[0] ^= A[1][0] = B[0] ^ (~B[1] & B[2]); - C[1] ^= A[4][1] = B[1] ^ (~B[2] & B[3]); - C[2] ^= A[2][2] = B[2] ^ (~B[3] & B[4]); - C[3] ^= A[0][3] = B[3] ^ (~B[4] & B[0]); - C[4] ^= A[3][4] = B[4] ^ (~B[0] & B[1]); - - /* Round 4*n+2 */ - D[0] = ROL64(C[1], 1) ^ C[4]; - D[1] = ROL64(C[2], 1) ^ C[0]; - D[2] = ROL64(C[3], 1) ^ C[1]; - D[3] = ROL64(C[4], 1) ^ C[2]; - D[4] = ROL64(C[0], 1) ^ C[3]; - - B[0] = A[0][0] ^ D[0]; /* rotate by 0 */ - B[1] = ROL64(A[2][1] ^ D[1], rhotates[1][1]); - B[2] = ROL64(A[4][2] ^ D[2], rhotates[2][2]); - B[3] = ROL64(A[1][3] ^ D[3], rhotates[3][3]); - B[4] = ROL64(A[3][4] ^ D[4], rhotates[4][4]); - - C[0] = A[0][0] = B[0] ^ (~B[1] & B[2]) ^ iotas[i + 2]; - C[1] = A[2][1] = B[1] ^ (~B[2] & B[3]); - C[2] = A[4][2] = B[2] ^ (~B[3] & B[4]); - C[3] = A[1][3] = B[3] ^ (~B[4] & B[0]); - C[4] = A[3][4] = B[4] ^ (~B[0] & B[1]); - - B[0] = ROL64(A[4][3] ^ D[3], rhotates[0][3]); - B[1] = ROL64(A[1][4] ^ D[4], rhotates[1][4]); - B[2] = ROL64(A[3][0] ^ D[0], rhotates[2][0]); - B[3] = ROL64(A[0][1] ^ D[1], rhotates[3][1]); - B[4] = ROL64(A[2][2] ^ D[2], rhotates[4][2]); - - C[0] ^= A[3][0] = B[0] ^ (~B[1] & B[2]); - C[1] ^= A[0][1] = B[1] ^ (~B[2] & B[3]); - C[2] ^= A[2][2] = B[2] ^ (~B[3] & B[4]); - C[3] ^= A[4][3] = B[3] ^ (~B[4] & B[0]); - C[4] ^= A[1][4] = B[4] ^ (~B[0] & B[1]); - - B[0] = ROL64(A[3][1] ^ D[1], rhotates[0][1]); - B[1] = ROL64(A[0][2] ^ D[2], rhotates[1][2]); - B[2] = ROL64(A[2][3] ^ D[3], rhotates[2][3]); - B[3] = ROL64(A[4][4] ^ D[4], rhotates[3][4]); - B[4] = ROL64(A[1][0] ^ D[0], rhotates[4][0]); - - C[0] ^= A[1][0] = B[0] ^ (~B[1] & B[2]); - C[1] ^= A[3][1] = B[1] ^ (~B[2] & B[3]); - C[2] ^= A[0][2] = B[2] ^ (~B[3] & B[4]); - C[3] ^= A[2][3] = B[3] ^ (~B[4] & B[0]); - C[4] ^= A[4][4] = B[4] ^ (~B[0] & B[1]); - - B[0] = ROL64(A[2][4] ^ D[4], rhotates[0][4]); - B[1] = ROL64(A[4][0] ^ D[0], rhotates[1][0]); - B[2] = ROL64(A[1][1] ^ D[1], rhotates[2][1]); - B[3] = ROL64(A[3][2] ^ D[2], rhotates[3][2]); - B[4] = ROL64(A[0][3] ^ D[3], rhotates[4][3]); - - C[0] ^= A[4][0] = B[0] ^ (~B[1] & B[2]); - C[1] ^= A[1][1] = B[1] ^ (~B[2] & B[3]); - C[2] ^= A[3][2] = B[2] ^ (~B[3] & B[4]); - C[3] ^= A[0][3] = B[3] ^ (~B[4] & B[0]); - C[4] ^= A[2][4] = B[4] ^ (~B[0] & B[1]); - - B[0] = ROL64(A[1][2] ^ D[2], rhotates[0][2]); - B[1] = ROL64(A[3][3] ^ D[3], rhotates[1][3]); - B[2] = ROL64(A[0][4] ^ D[4], rhotates[2][4]); - B[3] = ROL64(A[2][0] ^ D[0], rhotates[3][0]); - B[4] = ROL64(A[4][1] ^ D[1], rhotates[4][1]); - - C[0] ^= A[2][0] = B[0] ^ (~B[1] & B[2]); - C[1] ^= A[4][1] = B[1] ^ (~B[2] & B[3]); - C[2] ^= A[1][2] = B[2] ^ (~B[3] & B[4]); - C[3] ^= A[3][3] = B[3] ^ (~B[4] & B[0]); - C[4] ^= A[0][4] = B[4] ^ (~B[0] & B[1]); - - /* Round 4*n+3 */ - D[0] = ROL64(C[1], 1) ^ C[4]; - D[1] = ROL64(C[2], 1) ^ C[0]; - D[2] = ROL64(C[3], 1) ^ C[1]; - D[3] = ROL64(C[4], 1) ^ C[2]; - D[4] = ROL64(C[0], 1) ^ C[3]; - - B[0] = A[0][0] ^ D[0]; /* rotate by 0 */ - B[1] = ROL64(A[0][1] ^ D[1], rhotates[1][1]); - B[2] = ROL64(A[0][2] ^ D[2], rhotates[2][2]); - B[3] = ROL64(A[0][3] ^ D[3], rhotates[3][3]); - B[4] = ROL64(A[0][4] ^ D[4], rhotates[4][4]); - - /* C[0] = */ A[0][0] = B[0] ^ (~B[1] & B[2]) ^ iotas[i + 3]; - /* C[1] = */ A[0][1] = B[1] ^ (~B[2] & B[3]); - /* C[2] = */ A[0][2] = B[2] ^ (~B[3] & B[4]); - /* C[3] = */ A[0][3] = B[3] ^ (~B[4] & B[0]); - /* C[4] = */ A[0][4] = B[4] ^ (~B[0] & B[1]); - - B[0] = ROL64(A[1][3] ^ D[3], rhotates[0][3]); - B[1] = ROL64(A[1][4] ^ D[4], rhotates[1][4]); - B[2] = ROL64(A[1][0] ^ D[0], rhotates[2][0]); - B[3] = ROL64(A[1][1] ^ D[1], rhotates[3][1]); - B[4] = ROL64(A[1][2] ^ D[2], rhotates[4][2]); - - /* C[0] ^= */ A[1][0] = B[0] ^ (~B[1] & B[2]); - /* C[1] ^= */ A[1][1] = B[1] ^ (~B[2] & B[3]); - /* C[2] ^= */ A[1][2] = B[2] ^ (~B[3] & B[4]); - /* C[3] ^= */ A[1][3] = B[3] ^ (~B[4] & B[0]); - /* C[4] ^= */ A[1][4] = B[4] ^ (~B[0] & B[1]); - - B[0] = ROL64(A[2][1] ^ D[1], rhotates[0][1]); - B[1] = ROL64(A[2][2] ^ D[2], rhotates[1][2]); - B[2] = ROL64(A[2][3] ^ D[3], rhotates[2][3]); - B[3] = ROL64(A[2][4] ^ D[4], rhotates[3][4]); - B[4] = ROL64(A[2][0] ^ D[0], rhotates[4][0]); - - /* C[0] ^= */ A[2][0] = B[0] ^ (~B[1] & B[2]); - /* C[1] ^= */ A[2][1] = B[1] ^ (~B[2] & B[3]); - /* C[2] ^= */ A[2][2] = B[2] ^ (~B[3] & B[4]); - /* C[3] ^= */ A[2][3] = B[3] ^ (~B[4] & B[0]); - /* C[4] ^= */ A[2][4] = B[4] ^ (~B[0] & B[1]); - - B[0] = ROL64(A[3][4] ^ D[4], rhotates[0][4]); - B[1] = ROL64(A[3][0] ^ D[0], rhotates[1][0]); - B[2] = ROL64(A[3][1] ^ D[1], rhotates[2][1]); - B[3] = ROL64(A[3][2] ^ D[2], rhotates[3][2]); - B[4] = ROL64(A[3][3] ^ D[3], rhotates[4][3]); - - /* C[0] ^= */ A[3][0] = B[0] ^ (~B[1] & B[2]); - /* C[1] ^= */ A[3][1] = B[1] ^ (~B[2] & B[3]); - /* C[2] ^= */ A[3][2] = B[2] ^ (~B[3] & B[4]); - /* C[3] ^= */ A[3][3] = B[3] ^ (~B[4] & B[0]); - /* C[4] ^= */ A[3][4] = B[4] ^ (~B[0] & B[1]); - - B[0] = ROL64(A[4][2] ^ D[2], rhotates[0][2]); - B[1] = ROL64(A[4][3] ^ D[3], rhotates[1][3]); - B[2] = ROL64(A[4][4] ^ D[4], rhotates[2][4]); - B[3] = ROL64(A[4][0] ^ D[0], rhotates[3][0]); - B[4] = ROL64(A[4][1] ^ D[1], rhotates[4][1]); - - /* C[0] ^= */ A[4][0] = B[0] ^ (~B[1] & B[2]); - /* C[1] ^= */ A[4][1] = B[1] ^ (~B[2] & B[3]); - /* C[2] ^= */ A[4][2] = B[2] ^ (~B[3] & B[4]); - /* C[3] ^= */ A[4][3] = B[3] ^ (~B[4] & B[0]); - /* C[4] ^= */ A[4][4] = B[4] ^ (~B[0] & B[1]); -} - -static void KeccakF1600(uint64_t A[5][5]) -{ - size_t i; - - for (i = 0; i < 24; i += 4) { - FourRounds(A, i); - } -} - -#endif - -static uint64_t BitInterleave(uint64_t Ai) -{ - if (BIT_INTERLEAVE) { - uint32_t hi = (uint32_t)(Ai >> 32), lo = (uint32_t)Ai; - uint32_t t0, t1; - - t0 = lo & 0x55555555; - t0 |= t0 >> 1; t0 &= 0x33333333; - t0 |= t0 >> 2; t0 &= 0x0f0f0f0f; - t0 |= t0 >> 4; t0 &= 0x00ff00ff; - t0 |= t0 >> 8; t0 &= 0x0000ffff; - - t1 = hi & 0x55555555; - t1 |= t1 >> 1; t1 &= 0x33333333; - t1 |= t1 >> 2; t1 &= 0x0f0f0f0f; - t1 |= t1 >> 4; t1 &= 0x00ff00ff; - t1 |= t1 >> 8; t1 <<= 16; - - lo &= 0xaaaaaaaa; - lo |= lo << 1; lo &= 0xcccccccc; - lo |= lo << 2; lo &= 0xf0f0f0f0; - lo |= lo << 4; lo &= 0xff00ff00; - lo |= lo << 8; lo >>= 16; - - hi &= 0xaaaaaaaa; - hi |= hi << 1; hi &= 0xcccccccc; - hi |= hi << 2; hi &= 0xf0f0f0f0; - hi |= hi << 4; hi &= 0xff00ff00; - hi |= hi << 8; hi &= 0xffff0000; - - Ai = ((uint64_t)(hi | lo) << 32) | (t1 | t0); - } - - return Ai; -} - -static uint64_t BitDeinterleave(uint64_t Ai) -{ - if (BIT_INTERLEAVE) { - uint32_t hi = (uint32_t)(Ai >> 32), lo = (uint32_t)Ai; - uint32_t t0, t1; - - t0 = lo & 0x0000ffff; - t0 |= t0 << 8; t0 &= 0x00ff00ff; - t0 |= t0 << 4; t0 &= 0x0f0f0f0f; - t0 |= t0 << 2; t0 &= 0x33333333; - t0 |= t0 << 1; t0 &= 0x55555555; - - t1 = hi << 16; - t1 |= t1 >> 8; t1 &= 0xff00ff00; - t1 |= t1 >> 4; t1 &= 0xf0f0f0f0; - t1 |= t1 >> 2; t1 &= 0xcccccccc; - t1 |= t1 >> 1; t1 &= 0xaaaaaaaa; - - lo >>= 16; - lo |= lo << 8; lo &= 0x00ff00ff; - lo |= lo << 4; lo &= 0x0f0f0f0f; - lo |= lo << 2; lo &= 0x33333333; - lo |= lo << 1; lo &= 0x55555555; - - hi &= 0xffff0000; - hi |= hi >> 8; hi &= 0xff00ff00; - hi |= hi >> 4; hi &= 0xf0f0f0f0; - hi |= hi >> 2; hi &= 0xcccccccc; - hi |= hi >> 1; hi &= 0xaaaaaaaa; - - Ai = ((uint64_t)(hi | lo) << 32) | (t1 | t0); - } - - return Ai; -} - -/* - * SHA3_absorb can be called multiple times, but at each invocation - * largest multiple of |r| out of |len| bytes are processed. Then - * remaining amount of bytes is returned. This is done to spare caller - * trouble of calculating the largest multiple of |r|. |r| can be viewed - * as blocksize. It is commonly (1600 - 256*n)/8, e.g. 168, 136, 104, - * 72, but can also be (1600 - 448)/8 = 144. All this means that message - * padding and intermediate sub-block buffering, byte- or bitwise, is - * caller's responsibility. - */ -size_t SHA3_absorb(uint64_t A[5][5], const unsigned char *inp, size_t len, - size_t r) -{ - uint64_t *A_flat = (uint64_t *)A; - size_t i, w = r / 8; - - assert(r < (25 * sizeof(A[0][0])) && (r % 8) == 0); - - while (len >= r) { - for (i = 0; i < w; i++) { - uint64_t Ai = (uint64_t)inp[0] | (uint64_t)inp[1] << 8 | - (uint64_t)inp[2] << 16 | (uint64_t)inp[3] << 24 | - (uint64_t)inp[4] << 32 | (uint64_t)inp[5] << 40 | - (uint64_t)inp[6] << 48 | (uint64_t)inp[7] << 56; - inp += 8; - - A_flat[i] ^= BitInterleave(Ai); - } - KeccakF1600(A); - len -= r; - } - - return len; -} - -/* - * sha3_squeeze is called once at the end to generate |out| hash value - * of |len| bytes. - */ -void SHA3_squeeze(uint64_t A[5][5], unsigned char *out, size_t len, size_t r) -{ - uint64_t *A_flat = (uint64_t *)A; - size_t i, w = r / 8; - - assert(r < (25 * sizeof(A[0][0])) && (r % 8) == 0); - - while (len != 0) { - for (i = 0; i < w && len != 0; i++) { - uint64_t Ai = BitDeinterleave(A_flat[i]); - - if (len < 8) { - for (i = 0; i < len; i++) { - *out++ = (unsigned char)Ai; - Ai >>= 8; - } - return; - } - - out[0] = (unsigned char)(Ai); - out[1] = (unsigned char)(Ai >> 8); - out[2] = (unsigned char)(Ai >> 16); - out[3] = (unsigned char)(Ai >> 24); - out[4] = (unsigned char)(Ai >> 32); - out[5] = (unsigned char)(Ai >> 40); - out[6] = (unsigned char)(Ai >> 48); - out[7] = (unsigned char)(Ai >> 56); - out += 8; - len -= 8; - } - if (len) - KeccakF1600(A); - } -} -#endif - -#ifdef SELFTEST -/* - * Post-padding one-shot implementations would look as following: - * - * SHA3_224 SHA3_sponge(inp, len, out, 224/8, (1600-448)/8); - * SHA3_256 SHA3_sponge(inp, len, out, 256/8, (1600-512)/8); - * SHA3_384 SHA3_sponge(inp, len, out, 384/8, (1600-768)/8); - * SHA3_512 SHA3_sponge(inp, len, out, 512/8, (1600-1024)/8); - * SHAKE_128 SHA3_sponge(inp, len, out, d, (1600-256)/8); - * SHAKE_256 SHA3_sponge(inp, len, out, d, (1600-512)/8); - */ - -void SHA3_sponge(const unsigned char *inp, size_t len, - unsigned char *out, size_t d, size_t r) -{ - uint64_t A[5][5]; - - memset(A, 0, sizeof(A)); - SHA3_absorb(A, inp, len, r); - SHA3_squeeze(A, out, d, r); -} - -# include - -int main() -{ - /* - * This is 5-bit SHAKE128 test from http://csrc.nist.gov/groups/ST/toolkit/examples.html#aHashing - */ - unsigned char test[168] = { '\xf3', '\x3' }; - unsigned char out[512]; - size_t i; - static const unsigned char result[512] = { - 0x2E, 0x0A, 0xBF, 0xBA, 0x83, 0xE6, 0x72, 0x0B, - 0xFB, 0xC2, 0x25, 0xFF, 0x6B, 0x7A, 0xB9, 0xFF, - 0xCE, 0x58, 0xBA, 0x02, 0x7E, 0xE3, 0xD8, 0x98, - 0x76, 0x4F, 0xEF, 0x28, 0x7D, 0xDE, 0xCC, 0xCA, - 0x3E, 0x6E, 0x59, 0x98, 0x41, 0x1E, 0x7D, 0xDB, - 0x32, 0xF6, 0x75, 0x38, 0xF5, 0x00, 0xB1, 0x8C, - 0x8C, 0x97, 0xC4, 0x52, 0xC3, 0x70, 0xEA, 0x2C, - 0xF0, 0xAF, 0xCA, 0x3E, 0x05, 0xDE, 0x7E, 0x4D, - 0xE2, 0x7F, 0xA4, 0x41, 0xA9, 0xCB, 0x34, 0xFD, - 0x17, 0xC9, 0x78, 0xB4, 0x2D, 0x5B, 0x7E, 0x7F, - 0x9A, 0xB1, 0x8F, 0xFE, 0xFF, 0xC3, 0xC5, 0xAC, - 0x2F, 0x3A, 0x45, 0x5E, 0xEB, 0xFD, 0xC7, 0x6C, - 0xEA, 0xEB, 0x0A, 0x2C, 0xCA, 0x22, 0xEE, 0xF6, - 0xE6, 0x37, 0xF4, 0xCA, 0xBE, 0x5C, 0x51, 0xDE, - 0xD2, 0xE3, 0xFA, 0xD8, 0xB9, 0x52, 0x70, 0xA3, - 0x21, 0x84, 0x56, 0x64, 0xF1, 0x07, 0xD1, 0x64, - 0x96, 0xBB, 0x7A, 0xBF, 0xBE, 0x75, 0x04, 0xB6, - 0xED, 0xE2, 0xE8, 0x9E, 0x4B, 0x99, 0x6F, 0xB5, - 0x8E, 0xFD, 0xC4, 0x18, 0x1F, 0x91, 0x63, 0x38, - 0x1C, 0xBE, 0x7B, 0xC0, 0x06, 0xA7, 0xA2, 0x05, - 0x98, 0x9C, 0x52, 0x6C, 0xD1, 0xBD, 0x68, 0x98, - 0x36, 0x93, 0xB4, 0xBD, 0xC5, 0x37, 0x28, 0xB2, - 0x41, 0xC1, 0xCF, 0xF4, 0x2B, 0xB6, 0x11, 0x50, - 0x2C, 0x35, 0x20, 0x5C, 0xAB, 0xB2, 0x88, 0x75, - 0x56, 0x55, 0xD6, 0x20, 0xC6, 0x79, 0x94, 0xF0, - 0x64, 0x51, 0x18, 0x7F, 0x6F, 0xD1, 0x7E, 0x04, - 0x66, 0x82, 0xBA, 0x12, 0x86, 0x06, 0x3F, 0xF8, - 0x8F, 0xE2, 0x50, 0x8D, 0x1F, 0xCA, 0xF9, 0x03, - 0x5A, 0x12, 0x31, 0xAD, 0x41, 0x50, 0xA9, 0xC9, - 0xB2, 0x4C, 0x9B, 0x2D, 0x66, 0xB2, 0xAD, 0x1B, - 0xDE, 0x0B, 0xD0, 0xBB, 0xCB, 0x8B, 0xE0, 0x5B, - 0x83, 0x52, 0x29, 0xEF, 0x79, 0x19, 0x73, 0x73, - 0x23, 0x42, 0x44, 0x01, 0xE1, 0xD8, 0x37, 0xB6, - 0x6E, 0xB4, 0xE6, 0x30, 0xFF, 0x1D, 0xE7, 0x0C, - 0xB3, 0x17, 0xC2, 0xBA, 0xCB, 0x08, 0x00, 0x1D, - 0x34, 0x77, 0xB7, 0xA7, 0x0A, 0x57, 0x6D, 0x20, - 0x86, 0x90, 0x33, 0x58, 0x9D, 0x85, 0xA0, 0x1D, - 0xDB, 0x2B, 0x66, 0x46, 0xC0, 0x43, 0xB5, 0x9F, - 0xC0, 0x11, 0x31, 0x1D, 0xA6, 0x66, 0xFA, 0x5A, - 0xD1, 0xD6, 0x38, 0x7F, 0xA9, 0xBC, 0x40, 0x15, - 0xA3, 0x8A, 0x51, 0xD1, 0xDA, 0x1E, 0xA6, 0x1D, - 0x64, 0x8D, 0xC8, 0xE3, 0x9A, 0x88, 0xB9, 0xD6, - 0x22, 0xBD, 0xE2, 0x07, 0xFD, 0xAB, 0xC6, 0xF2, - 0x82, 0x7A, 0x88, 0x0C, 0x33, 0x0B, 0xBF, 0x6D, - 0xF7, 0x33, 0x77, 0x4B, 0x65, 0x3E, 0x57, 0x30, - 0x5D, 0x78, 0xDC, 0xE1, 0x12, 0xF1, 0x0A, 0x2C, - 0x71, 0xF4, 0xCD, 0xAD, 0x92, 0xED, 0x11, 0x3E, - 0x1C, 0xEA, 0x63, 0xB9, 0x19, 0x25, 0xED, 0x28, - 0x19, 0x1E, 0x6D, 0xBB, 0xB5, 0xAA, 0x5A, 0x2A, - 0xFD, 0xA5, 0x1F, 0xC0, 0x5A, 0x3A, 0xF5, 0x25, - 0x8B, 0x87, 0x66, 0x52, 0x43, 0x55, 0x0F, 0x28, - 0x94, 0x8A, 0xE2, 0xB8, 0xBE, 0xB6, 0xBC, 0x9C, - 0x77, 0x0B, 0x35, 0xF0, 0x67, 0xEA, 0xA6, 0x41, - 0xEF, 0xE6, 0x5B, 0x1A, 0x44, 0x90, 0x9D, 0x1B, - 0x14, 0x9F, 0x97, 0xEE, 0xA6, 0x01, 0x39, 0x1C, - 0x60, 0x9E, 0xC8, 0x1D, 0x19, 0x30, 0xF5, 0x7C, - 0x18, 0xA4, 0xE0, 0xFA, 0xB4, 0x91, 0xD1, 0xCA, - 0xDF, 0xD5, 0x04, 0x83, 0x44, 0x9E, 0xDC, 0x0F, - 0x07, 0xFF, 0xB2, 0x4D, 0x2C, 0x6F, 0x9A, 0x9A, - 0x3B, 0xFF, 0x39, 0xAE, 0x3D, 0x57, 0xF5, 0x60, - 0x65, 0x4D, 0x7D, 0x75, 0xC9, 0x08, 0xAB, 0xE6, - 0x25, 0x64, 0x75, 0x3E, 0xAC, 0x39, 0xD7, 0x50, - 0x3D, 0xA6, 0xD3, 0x7C, 0x2E, 0x32, 0xE1, 0xAF, - 0x3B, 0x8A, 0xEC, 0x8A, 0xE3, 0x06, 0x9C, 0xD9 - }; - - test[167] = '\x80'; - SHA3_sponge(test, sizeof(test), out, sizeof(out), sizeof(test)); - - /* - * Rationale behind keeping output [formatted as below] is that - * one should be able to redirect it to a file, then copy-n-paste - * final "output val" from official example to another file, and - * compare the two with diff(1). - */ - for (i = 0; i < sizeof(out);) { - printf("%02X", out[i]); - printf(++i % 16 && i != sizeof(out) ? " " : "\n"); - } - - if (memcmp(out,result,sizeof(out))) { - fprintf(stderr,"failure\n"); - return 1; - } else { - fprintf(stderr,"success\n"); - return 0; - } -} -#endif diff --git a/crypto/sha/sha1_one.c b/crypto/sha/sha1_one.c deleted file mode 100644 index d1fa3d84f12a1305e3e0ddf133d6efee52279b49..0000000000000000000000000000000000000000 --- a/crypto/sha/sha1_one.c +++ /dev/null @@ -1,81 +0,0 @@ -/* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * SHA-1 low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include -#include -#include -#include -#include -#include "crypto/sha.h" - -unsigned char *ossl_sha1(const unsigned char *d, size_t n, unsigned char *md) -{ - SHA_CTX c; - static unsigned char m[SHA_DIGEST_LENGTH]; - - if (md == NULL) - md = m; - if (!SHA1_Init(&c)) - return NULL; - SHA1_Update(&c, d, n); - SHA1_Final(md, &c); - OPENSSL_cleanse(&c, sizeof(c)); - return md; -} - -unsigned char *SHA1(const unsigned char *d, size_t n, unsigned char *md) -{ - static unsigned char m[SHA_DIGEST_LENGTH]; - - if (md == NULL) - md = m; - return EVP_Q_digest(NULL, "SHA1", NULL, d, n, md, NULL) ? md : NULL; -} - -unsigned char *SHA224(const unsigned char *d, size_t n, unsigned char *md) -{ - static unsigned char m[SHA224_DIGEST_LENGTH]; - - if (md == NULL) - md = m; - return EVP_Q_digest(NULL, "SHA224", NULL, d, n, md, NULL) ? md : NULL; -} - -unsigned char *SHA256(const unsigned char *d, size_t n, unsigned char *md) -{ - static unsigned char m[SHA256_DIGEST_LENGTH]; - - if (md == NULL) - md = m; - return EVP_Q_digest(NULL, "SHA256", NULL, d, n, md, NULL) ? md : NULL; -} - -unsigned char *SHA384(const unsigned char *d, size_t n, unsigned char *md) -{ - static unsigned char m[SHA384_DIGEST_LENGTH]; - - if (md == NULL) - md = m; - return EVP_Q_digest(NULL, "SHA384", NULL, d, n, md, NULL) ? md : NULL; -} - -unsigned char *SHA512(const unsigned char *d, size_t n, unsigned char *md) -{ - static unsigned char m[SHA512_DIGEST_LENGTH]; - - if (md == NULL) - md = m; - return EVP_Q_digest(NULL, "SHA512", NULL, d, n, md, NULL) ? md : NULL; -} diff --git a/crypto/sha/sha1dgst.c b/crypto/sha/sha1dgst.c deleted file mode 100644 index 65d7e62e58e782780b87a4a12ac8264adff5ef19..0000000000000000000000000000000000000000 --- a/crypto/sha/sha1dgst.c +++ /dev/null @@ -1,80 +0,0 @@ -/* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * SHA-1 low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include -#include - -#include -#include -#include - -/* The implementation is in ../md32_common.h */ - -#include "sha_local.h" -#include "crypto/sha.h" - -int ossl_sha1_ctrl(SHA_CTX *sha1, int cmd, int mslen, void *ms) -{ - unsigned char padtmp[40]; - unsigned char sha1tmp[SHA_DIGEST_LENGTH]; - - if (cmd != EVP_CTRL_SSL3_MASTER_SECRET) - return -2; - - if (sha1 == NULL) - return 0; - - /* SSLv3 client auth handling: see RFC-6101 5.6.8 */ - if (mslen != 48) - return 0; - - /* At this point hash contains all handshake messages, update - * with master secret and pad_1. - */ - - if (SHA1_Update(sha1, ms, mslen) <= 0) - return 0; - - /* Set padtmp to pad_1 value */ - memset(padtmp, 0x36, sizeof(padtmp)); - - if (!SHA1_Update(sha1, padtmp, sizeof(padtmp))) - return 0; - - if (!SHA1_Final(sha1tmp, sha1)) - return 0; - - /* Reinitialise context */ - - if (!SHA1_Init(sha1)) - return 0; - - if (SHA1_Update(sha1, ms, mslen) <= 0) - return 0; - - /* Set padtmp to pad_2 value */ - memset(padtmp, 0x5c, sizeof(padtmp)); - - if (!SHA1_Update(sha1, padtmp, sizeof(padtmp))) - return 0; - - if (!SHA1_Update(sha1, sha1tmp, sizeof(sha1tmp))) - return 0; - - /* Now when ctx is finalised it will return the SSL v3 hash value */ - OPENSSL_cleanse(sha1tmp, sizeof(sha1tmp)); - - return 1; -} diff --git a/crypto/sha/sha256.c b/crypto/sha/sha256.c deleted file mode 100644 index 5845c389379ed795b866d77c27264d113dd8873d..0000000000000000000000000000000000000000 --- a/crypto/sha/sha256.c +++ /dev/null @@ -1,360 +0,0 @@ -/* - * Copyright 2004-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * SHA256 low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include - -#include -#include - -#include -#include -#include -#include "internal/endian.h" - -int SHA224_Init(SHA256_CTX *c) -{ - memset(c, 0, sizeof(*c)); - c->h[0] = 0xc1059ed8UL; - c->h[1] = 0x367cd507UL; - c->h[2] = 0x3070dd17UL; - c->h[3] = 0xf70e5939UL; - c->h[4] = 0xffc00b31UL; - c->h[5] = 0x68581511UL; - c->h[6] = 0x64f98fa7UL; - c->h[7] = 0xbefa4fa4UL; - c->md_len = SHA224_DIGEST_LENGTH; - return 1; -} - -int SHA256_Init(SHA256_CTX *c) -{ - memset(c, 0, sizeof(*c)); - c->h[0] = 0x6a09e667UL; - c->h[1] = 0xbb67ae85UL; - c->h[2] = 0x3c6ef372UL; - c->h[3] = 0xa54ff53aUL; - c->h[4] = 0x510e527fUL; - c->h[5] = 0x9b05688cUL; - c->h[6] = 0x1f83d9abUL; - c->h[7] = 0x5be0cd19UL; - c->md_len = SHA256_DIGEST_LENGTH; - return 1; -} - -int SHA224_Update(SHA256_CTX *c, const void *data, size_t len) -{ - return SHA256_Update(c, data, len); -} - -int SHA224_Final(unsigned char *md, SHA256_CTX *c) -{ - return SHA256_Final(md, c); -} - -#define DATA_ORDER_IS_BIG_ENDIAN - -#define HASH_LONG SHA_LONG -#define HASH_CTX SHA256_CTX -#define HASH_CBLOCK SHA_CBLOCK - -/* - * Note that FIPS180-2 discusses "Truncation of the Hash Function Output." - * default: case below covers for it. It's not clear however if it's - * permitted to truncate to amount of bytes not divisible by 4. I bet not, - * but if it is, then default: case shall be extended. For reference. - * Idea behind separate cases for pre-defined lengths is to let the - * compiler decide if it's appropriate to unroll small loops. - */ -#define HASH_MAKE_STRING(c,s) do { \ - unsigned long ll; \ - unsigned int nn; \ - switch ((c)->md_len) \ - { case SHA224_DIGEST_LENGTH: \ - for (nn=0;nnh[nn]; (void)HOST_l2c(ll,(s)); } \ - break; \ - case SHA256_DIGEST_LENGTH: \ - for (nn=0;nnh[nn]; (void)HOST_l2c(ll,(s)); } \ - break; \ - default: \ - if ((c)->md_len > SHA256_DIGEST_LENGTH) \ - return 0; \ - for (nn=0;nn<(c)->md_len/4;nn++) \ - { ll=(c)->h[nn]; (void)HOST_l2c(ll,(s)); } \ - break; \ - } \ - } while (0) - -#define HASH_UPDATE SHA256_Update -#define HASH_TRANSFORM SHA256_Transform -#define HASH_FINAL SHA256_Final -#define HASH_BLOCK_DATA_ORDER sha256_block_data_order -#ifndef SHA256_ASM -static -#endif -void sha256_block_data_order(SHA256_CTX *ctx, const void *in, size_t num); - -#include "crypto/md32_common.h" - -#ifndef SHA256_ASM -static const SHA_LONG K256[64] = { - 0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL, - 0x3956c25bUL, 0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL, - 0xd807aa98UL, 0x12835b01UL, 0x243185beUL, 0x550c7dc3UL, - 0x72be5d74UL, 0x80deb1feUL, 0x9bdc06a7UL, 0xc19bf174UL, - 0xe49b69c1UL, 0xefbe4786UL, 0x0fc19dc6UL, 0x240ca1ccUL, - 0x2de92c6fUL, 0x4a7484aaUL, 0x5cb0a9dcUL, 0x76f988daUL, - 0x983e5152UL, 0xa831c66dUL, 0xb00327c8UL, 0xbf597fc7UL, - 0xc6e00bf3UL, 0xd5a79147UL, 0x06ca6351UL, 0x14292967UL, - 0x27b70a85UL, 0x2e1b2138UL, 0x4d2c6dfcUL, 0x53380d13UL, - 0x650a7354UL, 0x766a0abbUL, 0x81c2c92eUL, 0x92722c85UL, - 0xa2bfe8a1UL, 0xa81a664bUL, 0xc24b8b70UL, 0xc76c51a3UL, - 0xd192e819UL, 0xd6990624UL, 0xf40e3585UL, 0x106aa070UL, - 0x19a4c116UL, 0x1e376c08UL, 0x2748774cUL, 0x34b0bcb5UL, - 0x391c0cb3UL, 0x4ed8aa4aUL, 0x5b9cca4fUL, 0x682e6ff3UL, - 0x748f82eeUL, 0x78a5636fUL, 0x84c87814UL, 0x8cc70208UL, - 0x90befffaUL, 0xa4506cebUL, 0xbef9a3f7UL, 0xc67178f2UL -}; - -/* - * FIPS specification refers to right rotations, while our ROTATE macro - * is left one. This is why you might notice that rotation coefficients - * differ from those observed in FIPS document by 32-N... - */ -# define Sigma0(x) (ROTATE((x),30) ^ ROTATE((x),19) ^ ROTATE((x),10)) -# define Sigma1(x) (ROTATE((x),26) ^ ROTATE((x),21) ^ ROTATE((x),7)) -# define sigma0(x) (ROTATE((x),25) ^ ROTATE((x),14) ^ ((x)>>3)) -# define sigma1(x) (ROTATE((x),15) ^ ROTATE((x),13) ^ ((x)>>10)) - -# define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z))) -# define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z))) - -# ifdef OPENSSL_SMALL_FOOTPRINT - -static void sha256_block_data_order(SHA256_CTX *ctx, const void *in, - size_t num) -{ - unsigned MD32_REG_T a, b, c, d, e, f, g, h, s0, s1, T1, T2; - SHA_LONG X[16], l; - int i; - const unsigned char *data = in; - - while (num--) { - - a = ctx->h[0]; - b = ctx->h[1]; - c = ctx->h[2]; - d = ctx->h[3]; - e = ctx->h[4]; - f = ctx->h[5]; - g = ctx->h[6]; - h = ctx->h[7]; - - for (i = 0; i < 16; i++) { - (void)HOST_c2l(data, l); - T1 = X[i] = l; - T1 += h + Sigma1(e) + Ch(e, f, g) + K256[i]; - T2 = Sigma0(a) + Maj(a, b, c); - h = g; - g = f; - f = e; - e = d + T1; - d = c; - c = b; - b = a; - a = T1 + T2; - } - - for (; i < 64; i++) { - s0 = X[(i + 1) & 0x0f]; - s0 = sigma0(s0); - s1 = X[(i + 14) & 0x0f]; - s1 = sigma1(s1); - - T1 = X[i & 0xf] += s0 + s1 + X[(i + 9) & 0xf]; - T1 += h + Sigma1(e) + Ch(e, f, g) + K256[i]; - T2 = Sigma0(a) + Maj(a, b, c); - h = g; - g = f; - f = e; - e = d + T1; - d = c; - c = b; - b = a; - a = T1 + T2; - } - - ctx->h[0] += a; - ctx->h[1] += b; - ctx->h[2] += c; - ctx->h[3] += d; - ctx->h[4] += e; - ctx->h[5] += f; - ctx->h[6] += g; - ctx->h[7] += h; - - } -} - -# else - -# define ROUND_00_15(i,a,b,c,d,e,f,g,h) do { \ - T1 += h + Sigma1(e) + Ch(e,f,g) + K256[i]; \ - h = Sigma0(a) + Maj(a,b,c); \ - d += T1; h += T1; } while (0) - -# define ROUND_16_63(i,a,b,c,d,e,f,g,h,X) do { \ - s0 = X[(i+1)&0x0f]; s0 = sigma0(s0); \ - s1 = X[(i+14)&0x0f]; s1 = sigma1(s1); \ - T1 = X[(i)&0x0f] += s0 + s1 + X[(i+9)&0x0f]; \ - ROUND_00_15(i,a,b,c,d,e,f,g,h); } while (0) - -static void sha256_block_data_order(SHA256_CTX *ctx, const void *in, - size_t num) -{ - unsigned MD32_REG_T a, b, c, d, e, f, g, h, s0, s1, T1; - SHA_LONG X[16]; - int i; - const unsigned char *data = in; - DECLARE_IS_ENDIAN; - - while (num--) { - - a = ctx->h[0]; - b = ctx->h[1]; - c = ctx->h[2]; - d = ctx->h[3]; - e = ctx->h[4]; - f = ctx->h[5]; - g = ctx->h[6]; - h = ctx->h[7]; - - if (!IS_LITTLE_ENDIAN && sizeof(SHA_LONG) == 4 - && ((size_t)in % 4) == 0) { - const SHA_LONG *W = (const SHA_LONG *)data; - - T1 = X[0] = W[0]; - ROUND_00_15(0, a, b, c, d, e, f, g, h); - T1 = X[1] = W[1]; - ROUND_00_15(1, h, a, b, c, d, e, f, g); - T1 = X[2] = W[2]; - ROUND_00_15(2, g, h, a, b, c, d, e, f); - T1 = X[3] = W[3]; - ROUND_00_15(3, f, g, h, a, b, c, d, e); - T1 = X[4] = W[4]; - ROUND_00_15(4, e, f, g, h, a, b, c, d); - T1 = X[5] = W[5]; - ROUND_00_15(5, d, e, f, g, h, a, b, c); - T1 = X[6] = W[6]; - ROUND_00_15(6, c, d, e, f, g, h, a, b); - T1 = X[7] = W[7]; - ROUND_00_15(7, b, c, d, e, f, g, h, a); - T1 = X[8] = W[8]; - ROUND_00_15(8, a, b, c, d, e, f, g, h); - T1 = X[9] = W[9]; - ROUND_00_15(9, h, a, b, c, d, e, f, g); - T1 = X[10] = W[10]; - ROUND_00_15(10, g, h, a, b, c, d, e, f); - T1 = X[11] = W[11]; - ROUND_00_15(11, f, g, h, a, b, c, d, e); - T1 = X[12] = W[12]; - ROUND_00_15(12, e, f, g, h, a, b, c, d); - T1 = X[13] = W[13]; - ROUND_00_15(13, d, e, f, g, h, a, b, c); - T1 = X[14] = W[14]; - ROUND_00_15(14, c, d, e, f, g, h, a, b); - T1 = X[15] = W[15]; - ROUND_00_15(15, b, c, d, e, f, g, h, a); - - data += SHA256_CBLOCK; - } else { - SHA_LONG l; - - (void)HOST_c2l(data, l); - T1 = X[0] = l; - ROUND_00_15(0, a, b, c, d, e, f, g, h); - (void)HOST_c2l(data, l); - T1 = X[1] = l; - ROUND_00_15(1, h, a, b, c, d, e, f, g); - (void)HOST_c2l(data, l); - T1 = X[2] = l; - ROUND_00_15(2, g, h, a, b, c, d, e, f); - (void)HOST_c2l(data, l); - T1 = X[3] = l; - ROUND_00_15(3, f, g, h, a, b, c, d, e); - (void)HOST_c2l(data, l); - T1 = X[4] = l; - ROUND_00_15(4, e, f, g, h, a, b, c, d); - (void)HOST_c2l(data, l); - T1 = X[5] = l; - ROUND_00_15(5, d, e, f, g, h, a, b, c); - (void)HOST_c2l(data, l); - T1 = X[6] = l; - ROUND_00_15(6, c, d, e, f, g, h, a, b); - (void)HOST_c2l(data, l); - T1 = X[7] = l; - ROUND_00_15(7, b, c, d, e, f, g, h, a); - (void)HOST_c2l(data, l); - T1 = X[8] = l; - ROUND_00_15(8, a, b, c, d, e, f, g, h); - (void)HOST_c2l(data, l); - T1 = X[9] = l; - ROUND_00_15(9, h, a, b, c, d, e, f, g); - (void)HOST_c2l(data, l); - T1 = X[10] = l; - ROUND_00_15(10, g, h, a, b, c, d, e, f); - (void)HOST_c2l(data, l); - T1 = X[11] = l; - ROUND_00_15(11, f, g, h, a, b, c, d, e); - (void)HOST_c2l(data, l); - T1 = X[12] = l; - ROUND_00_15(12, e, f, g, h, a, b, c, d); - (void)HOST_c2l(data, l); - T1 = X[13] = l; - ROUND_00_15(13, d, e, f, g, h, a, b, c); - (void)HOST_c2l(data, l); - T1 = X[14] = l; - ROUND_00_15(14, c, d, e, f, g, h, a, b); - (void)HOST_c2l(data, l); - T1 = X[15] = l; - ROUND_00_15(15, b, c, d, e, f, g, h, a); - } - - for (i = 16; i < 64; i += 8) { - ROUND_16_63(i + 0, a, b, c, d, e, f, g, h, X); - ROUND_16_63(i + 1, h, a, b, c, d, e, f, g, X); - ROUND_16_63(i + 2, g, h, a, b, c, d, e, f, X); - ROUND_16_63(i + 3, f, g, h, a, b, c, d, e, X); - ROUND_16_63(i + 4, e, f, g, h, a, b, c, d, X); - ROUND_16_63(i + 5, d, e, f, g, h, a, b, c, X); - ROUND_16_63(i + 6, c, d, e, f, g, h, a, b, X); - ROUND_16_63(i + 7, b, c, d, e, f, g, h, a, X); - } - - ctx->h[0] += a; - ctx->h[1] += b; - ctx->h[2] += c; - ctx->h[3] += d; - ctx->h[4] += e; - ctx->h[5] += f; - ctx->h[6] += g; - ctx->h[7] += h; - - } -} - -# endif -#endif /* SHA256_ASM */ diff --git a/crypto/sha/sha3.c b/crypto/sha/sha3.c deleted file mode 100644 index 633bc2e1208b5c56dd8422f7b169f2020d50d89a..0000000000000000000000000000000000000000 --- a/crypto/sha/sha3.c +++ /dev/null @@ -1,109 +0,0 @@ -/* - * Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/sha3.h" - -void SHA3_squeeze(uint64_t A[5][5], unsigned char *out, size_t len, size_t r); - -void ossl_sha3_reset(KECCAK1600_CTX *ctx) -{ - memset(ctx->A, 0, sizeof(ctx->A)); - ctx->bufsz = 0; -} - -int ossl_sha3_init(KECCAK1600_CTX *ctx, unsigned char pad, size_t bitlen) -{ - size_t bsz = SHA3_BLOCKSIZE(bitlen); - - if (bsz <= sizeof(ctx->buf)) { - ossl_sha3_reset(ctx); - ctx->block_size = bsz; - ctx->md_size = bitlen / 8; - ctx->pad = pad; - return 1; - } - - return 0; -} - -int ossl_keccak_kmac_init(KECCAK1600_CTX *ctx, unsigned char pad, size_t bitlen) -{ - int ret = ossl_sha3_init(ctx, pad, bitlen); - - if (ret) - ctx->md_size *= 2; - return ret; -} - -int ossl_sha3_update(KECCAK1600_CTX *ctx, const void *_inp, size_t len) -{ - const unsigned char *inp = _inp; - size_t bsz = ctx->block_size; - size_t num, rem; - - if (len == 0) - return 1; - - if ((num = ctx->bufsz) != 0) { /* process intermediate buffer? */ - rem = bsz - num; - - if (len < rem) { - memcpy(ctx->buf + num, inp, len); - ctx->bufsz += len; - return 1; - } - /* - * We have enough data to fill or overflow the intermediate - * buffer. So we append |rem| bytes and process the block, - * leaving the rest for later processing... - */ - memcpy(ctx->buf + num, inp, rem); - inp += rem, len -= rem; - (void)SHA3_absorb(ctx->A, ctx->buf, bsz, bsz); - ctx->bufsz = 0; - /* ctx->buf is processed, ctx->num is guaranteed to be zero */ - } - - if (len >= bsz) - rem = SHA3_absorb(ctx->A, inp, len, bsz); - else - rem = len; - - if (rem) { - memcpy(ctx->buf, inp + len - rem, rem); - ctx->bufsz = rem; - } - - return 1; -} - -int ossl_sha3_final(unsigned char *md, KECCAK1600_CTX *ctx) -{ - size_t bsz = ctx->block_size; - size_t num = ctx->bufsz; - - if (ctx->md_size == 0) - return 1; - - /* - * Pad the data with 10*1. Note that |num| can be |bsz - 1| - * in which case both byte operations below are performed on - * same byte... - */ - memset(ctx->buf + num, 0, bsz - num); - ctx->buf[num] = ctx->pad; - ctx->buf[bsz - 1] |= 0x80; - - (void)SHA3_absorb(ctx->A, ctx->buf, bsz, bsz); - - SHA3_squeeze(ctx->A, md, ctx->md_size, bsz); - - return 1; -} diff --git a/crypto/sha/sha512.c b/crypto/sha/sha512.c deleted file mode 100644 index ff035c469f94000b66fd7d1d6d5f9c36d92e6198..0000000000000000000000000000000000000000 --- a/crypto/sha/sha512.c +++ /dev/null @@ -1,752 +0,0 @@ -/* - * Copyright 2004-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * SHA512 low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include -#include -/*- - * IMPLEMENTATION NOTES. - * - * As you might have noticed 32-bit hash algorithms: - * - * - permit SHA_LONG to be wider than 32-bit - * - optimized versions implement two transform functions: one operating - * on [aligned] data in host byte order and one - on data in input - * stream byte order; - * - share common byte-order neutral collector and padding function - * implementations, ../md32_common.h; - * - * Neither of the above applies to this SHA-512 implementations. Reasons - * [in reverse order] are: - * - * - it's the only 64-bit hash algorithm for the moment of this writing, - * there is no need for common collector/padding implementation [yet]; - * - by supporting only one transform function [which operates on - * *aligned* data in input stream byte order, big-endian in this case] - * we minimize burden of maintenance in two ways: a) collector/padding - * function is simpler; b) only one transform function to stare at; - * - SHA_LONG64 is required to be exactly 64-bit in order to be able to - * apply a number of optimizations to mitigate potential performance - * penalties caused by previous design decision; - * - * Caveat lector. - * - * Implementation relies on the fact that "long long" is 64-bit on - * both 32- and 64-bit platforms. If some compiler vendor comes up - * with 128-bit long long, adjustment to sha.h would be required. - * As this implementation relies on 64-bit integer type, it's totally - * inappropriate for platforms which don't support it, most notably - * 16-bit platforms. - */ -#include -#include - -#include -#include -#include - -#include "internal/cryptlib.h" -#include "crypto/sha.h" - -#if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \ - defined(__x86_64) || defined(_M_AMD64) || defined(_M_X64) || \ - defined(__s390__) || defined(__s390x__) || \ - defined(__aarch64__) || \ - defined(SHA512_ASM) -# define SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA -#endif - -#if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__) -# define U64(C) C##UI64 -#elif defined(__arch64__) -# define U64(C) C##UL -#else -# define U64(C) C##ULL -#endif - -int sha512_224_init(SHA512_CTX *c) -{ - c->h[0] = U64(0x8c3d37c819544da2); - c->h[1] = U64(0x73e1996689dcd4d6); - c->h[2] = U64(0x1dfab7ae32ff9c82); - c->h[3] = U64(0x679dd514582f9fcf); - c->h[4] = U64(0x0f6d2b697bd44da8); - c->h[5] = U64(0x77e36f7304c48942); - c->h[6] = U64(0x3f9d85a86a1d36c8); - c->h[7] = U64(0x1112e6ad91d692a1); - - c->Nl = 0; - c->Nh = 0; - c->num = 0; - c->md_len = SHA224_DIGEST_LENGTH; - return 1; -} - -int sha512_256_init(SHA512_CTX *c) -{ - c->h[0] = U64(0x22312194fc2bf72c); - c->h[1] = U64(0x9f555fa3c84c64c2); - c->h[2] = U64(0x2393b86b6f53b151); - c->h[3] = U64(0x963877195940eabd); - c->h[4] = U64(0x96283ee2a88effe3); - c->h[5] = U64(0xbe5e1e2553863992); - c->h[6] = U64(0x2b0199fc2c85b8aa); - c->h[7] = U64(0x0eb72ddc81c52ca2); - - c->Nl = 0; - c->Nh = 0; - c->num = 0; - c->md_len = SHA256_DIGEST_LENGTH; - return 1; -} - -int SHA384_Init(SHA512_CTX *c) -{ - c->h[0] = U64(0xcbbb9d5dc1059ed8); - c->h[1] = U64(0x629a292a367cd507); - c->h[2] = U64(0x9159015a3070dd17); - c->h[3] = U64(0x152fecd8f70e5939); - c->h[4] = U64(0x67332667ffc00b31); - c->h[5] = U64(0x8eb44a8768581511); - c->h[6] = U64(0xdb0c2e0d64f98fa7); - c->h[7] = U64(0x47b5481dbefa4fa4); - - c->Nl = 0; - c->Nh = 0; - c->num = 0; - c->md_len = SHA384_DIGEST_LENGTH; - return 1; -} - -int SHA512_Init(SHA512_CTX *c) -{ - c->h[0] = U64(0x6a09e667f3bcc908); - c->h[1] = U64(0xbb67ae8584caa73b); - c->h[2] = U64(0x3c6ef372fe94f82b); - c->h[3] = U64(0xa54ff53a5f1d36f1); - c->h[4] = U64(0x510e527fade682d1); - c->h[5] = U64(0x9b05688c2b3e6c1f); - c->h[6] = U64(0x1f83d9abfb41bd6b); - c->h[7] = U64(0x5be0cd19137e2179); - - c->Nl = 0; - c->Nh = 0; - c->num = 0; - c->md_len = SHA512_DIGEST_LENGTH; - return 1; -} - -#ifndef SHA512_ASM -static -#endif -void sha512_block_data_order(SHA512_CTX *ctx, const void *in, size_t num); - -int SHA512_Final(unsigned char *md, SHA512_CTX *c) -{ - unsigned char *p = (unsigned char *)c->u.p; - size_t n = c->num; - - p[n] = 0x80; /* There always is a room for one */ - n++; - if (n > (sizeof(c->u) - 16)) { - memset(p + n, 0, sizeof(c->u) - n); - n = 0; - sha512_block_data_order(c, p, 1); - } - - memset(p + n, 0, sizeof(c->u) - 16 - n); -#ifdef B_ENDIAN - c->u.d[SHA_LBLOCK - 2] = c->Nh; - c->u.d[SHA_LBLOCK - 1] = c->Nl; -#else - p[sizeof(c->u) - 1] = (unsigned char)(c->Nl); - p[sizeof(c->u) - 2] = (unsigned char)(c->Nl >> 8); - p[sizeof(c->u) - 3] = (unsigned char)(c->Nl >> 16); - p[sizeof(c->u) - 4] = (unsigned char)(c->Nl >> 24); - p[sizeof(c->u) - 5] = (unsigned char)(c->Nl >> 32); - p[sizeof(c->u) - 6] = (unsigned char)(c->Nl >> 40); - p[sizeof(c->u) - 7] = (unsigned char)(c->Nl >> 48); - p[sizeof(c->u) - 8] = (unsigned char)(c->Nl >> 56); - p[sizeof(c->u) - 9] = (unsigned char)(c->Nh); - p[sizeof(c->u) - 10] = (unsigned char)(c->Nh >> 8); - p[sizeof(c->u) - 11] = (unsigned char)(c->Nh >> 16); - p[sizeof(c->u) - 12] = (unsigned char)(c->Nh >> 24); - p[sizeof(c->u) - 13] = (unsigned char)(c->Nh >> 32); - p[sizeof(c->u) - 14] = (unsigned char)(c->Nh >> 40); - p[sizeof(c->u) - 15] = (unsigned char)(c->Nh >> 48); - p[sizeof(c->u) - 16] = (unsigned char)(c->Nh >> 56); -#endif - - sha512_block_data_order(c, p, 1); - - if (md == 0) - return 0; - - switch (c->md_len) { - /* Let compiler decide if it's appropriate to unroll... */ - case SHA224_DIGEST_LENGTH: - for (n = 0; n < SHA224_DIGEST_LENGTH / 8; n++) { - SHA_LONG64 t = c->h[n]; - - *(md++) = (unsigned char)(t >> 56); - *(md++) = (unsigned char)(t >> 48); - *(md++) = (unsigned char)(t >> 40); - *(md++) = (unsigned char)(t >> 32); - *(md++) = (unsigned char)(t >> 24); - *(md++) = (unsigned char)(t >> 16); - *(md++) = (unsigned char)(t >> 8); - *(md++) = (unsigned char)(t); - } - /* - * For 224 bits, there are four bytes left over that have to be - * processed separately. - */ - { - SHA_LONG64 t = c->h[SHA224_DIGEST_LENGTH / 8]; - - *(md++) = (unsigned char)(t >> 56); - *(md++) = (unsigned char)(t >> 48); - *(md++) = (unsigned char)(t >> 40); - *(md++) = (unsigned char)(t >> 32); - } - break; - case SHA256_DIGEST_LENGTH: - for (n = 0; n < SHA256_DIGEST_LENGTH / 8; n++) { - SHA_LONG64 t = c->h[n]; - - *(md++) = (unsigned char)(t >> 56); - *(md++) = (unsigned char)(t >> 48); - *(md++) = (unsigned char)(t >> 40); - *(md++) = (unsigned char)(t >> 32); - *(md++) = (unsigned char)(t >> 24); - *(md++) = (unsigned char)(t >> 16); - *(md++) = (unsigned char)(t >> 8); - *(md++) = (unsigned char)(t); - } - break; - case SHA384_DIGEST_LENGTH: - for (n = 0; n < SHA384_DIGEST_LENGTH / 8; n++) { - SHA_LONG64 t = c->h[n]; - - *(md++) = (unsigned char)(t >> 56); - *(md++) = (unsigned char)(t >> 48); - *(md++) = (unsigned char)(t >> 40); - *(md++) = (unsigned char)(t >> 32); - *(md++) = (unsigned char)(t >> 24); - *(md++) = (unsigned char)(t >> 16); - *(md++) = (unsigned char)(t >> 8); - *(md++) = (unsigned char)(t); - } - break; - case SHA512_DIGEST_LENGTH: - for (n = 0; n < SHA512_DIGEST_LENGTH / 8; n++) { - SHA_LONG64 t = c->h[n]; - - *(md++) = (unsigned char)(t >> 56); - *(md++) = (unsigned char)(t >> 48); - *(md++) = (unsigned char)(t >> 40); - *(md++) = (unsigned char)(t >> 32); - *(md++) = (unsigned char)(t >> 24); - *(md++) = (unsigned char)(t >> 16); - *(md++) = (unsigned char)(t >> 8); - *(md++) = (unsigned char)(t); - } - break; - /* ... as well as make sure md_len is not abused. */ - default: - return 0; - } - - return 1; -} - -int SHA384_Final(unsigned char *md, SHA512_CTX *c) -{ - return SHA512_Final(md, c); -} - -int SHA512_Update(SHA512_CTX *c, const void *_data, size_t len) -{ - SHA_LONG64 l; - unsigned char *p = c->u.p; - const unsigned char *data = (const unsigned char *)_data; - - if (len == 0) - return 1; - - l = (c->Nl + (((SHA_LONG64) len) << 3)) & U64(0xffffffffffffffff); - if (l < c->Nl) - c->Nh++; - if (sizeof(len) >= 8) - c->Nh += (((SHA_LONG64) len) >> 61); - c->Nl = l; - - if (c->num != 0) { - size_t n = sizeof(c->u) - c->num; - - if (len < n) { - memcpy(p + c->num, data, len), c->num += (unsigned int)len; - return 1; - } else { - memcpy(p + c->num, data, n), c->num = 0; - len -= n, data += n; - sha512_block_data_order(c, p, 1); - } - } - - if (len >= sizeof(c->u)) { -#ifndef SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA - if ((size_t)data % sizeof(c->u.d[0]) != 0) - while (len >= sizeof(c->u)) - memcpy(p, data, sizeof(c->u)), - sha512_block_data_order(c, p, 1), - len -= sizeof(c->u), data += sizeof(c->u); - else -#endif - sha512_block_data_order(c, data, len / sizeof(c->u)), - data += len, len %= sizeof(c->u), data -= len; - } - - if (len != 0) - memcpy(p, data, len), c->num = (int)len; - - return 1; -} - -int SHA384_Update(SHA512_CTX *c, const void *data, size_t len) -{ - return SHA512_Update(c, data, len); -} - -void SHA512_Transform(SHA512_CTX *c, const unsigned char *data) -{ -#ifndef SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA - if ((size_t)data % sizeof(c->u.d[0]) != 0) - memcpy(c->u.p, data, sizeof(c->u.p)), data = c->u.p; -#endif - sha512_block_data_order(c, data, 1); -} - -#ifndef SHA512_ASM -static const SHA_LONG64 K512[80] = { - U64(0x428a2f98d728ae22), U64(0x7137449123ef65cd), - U64(0xb5c0fbcfec4d3b2f), U64(0xe9b5dba58189dbbc), - U64(0x3956c25bf348b538), U64(0x59f111f1b605d019), - U64(0x923f82a4af194f9b), U64(0xab1c5ed5da6d8118), - U64(0xd807aa98a3030242), U64(0x12835b0145706fbe), - U64(0x243185be4ee4b28c), U64(0x550c7dc3d5ffb4e2), - U64(0x72be5d74f27b896f), U64(0x80deb1fe3b1696b1), - U64(0x9bdc06a725c71235), U64(0xc19bf174cf692694), - U64(0xe49b69c19ef14ad2), U64(0xefbe4786384f25e3), - U64(0x0fc19dc68b8cd5b5), U64(0x240ca1cc77ac9c65), - U64(0x2de92c6f592b0275), U64(0x4a7484aa6ea6e483), - U64(0x5cb0a9dcbd41fbd4), U64(0x76f988da831153b5), - U64(0x983e5152ee66dfab), U64(0xa831c66d2db43210), - U64(0xb00327c898fb213f), U64(0xbf597fc7beef0ee4), - U64(0xc6e00bf33da88fc2), U64(0xd5a79147930aa725), - U64(0x06ca6351e003826f), U64(0x142929670a0e6e70), - U64(0x27b70a8546d22ffc), U64(0x2e1b21385c26c926), - U64(0x4d2c6dfc5ac42aed), U64(0x53380d139d95b3df), - U64(0x650a73548baf63de), U64(0x766a0abb3c77b2a8), - U64(0x81c2c92e47edaee6), U64(0x92722c851482353b), - U64(0xa2bfe8a14cf10364), U64(0xa81a664bbc423001), - U64(0xc24b8b70d0f89791), U64(0xc76c51a30654be30), - U64(0xd192e819d6ef5218), U64(0xd69906245565a910), - U64(0xf40e35855771202a), U64(0x106aa07032bbd1b8), - U64(0x19a4c116b8d2d0c8), U64(0x1e376c085141ab53), - U64(0x2748774cdf8eeb99), U64(0x34b0bcb5e19b48a8), - U64(0x391c0cb3c5c95a63), U64(0x4ed8aa4ae3418acb), - U64(0x5b9cca4f7763e373), U64(0x682e6ff3d6b2b8a3), - U64(0x748f82ee5defb2fc), U64(0x78a5636f43172f60), - U64(0x84c87814a1f0ab72), U64(0x8cc702081a6439ec), - U64(0x90befffa23631e28), U64(0xa4506cebde82bde9), - U64(0xbef9a3f7b2c67915), U64(0xc67178f2e372532b), - U64(0xca273eceea26619c), U64(0xd186b8c721c0c207), - U64(0xeada7dd6cde0eb1e), U64(0xf57d4f7fee6ed178), - U64(0x06f067aa72176fba), U64(0x0a637dc5a2c898a6), - U64(0x113f9804bef90dae), U64(0x1b710b35131c471b), - U64(0x28db77f523047d84), U64(0x32caab7b40c72493), - U64(0x3c9ebe0a15c9bebc), U64(0x431d67c49c100d4c), - U64(0x4cc5d4becb3e42b6), U64(0x597f299cfc657e2a), - U64(0x5fcb6fab3ad6faec), U64(0x6c44198c4a475817) -}; - -# ifndef PEDANTIC -# if defined(__GNUC__) && __GNUC__>=2 && \ - !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) -# if defined(__x86_64) || defined(__x86_64__) -# define ROTR(a,n) ({ SHA_LONG64 ret; \ - asm ("rorq %1,%0" \ - : "=r"(ret) \ - : "J"(n),"0"(a) \ - : "cc"); ret; }) -# if !defined(B_ENDIAN) -# define PULL64(x) ({ SHA_LONG64 ret=*((const SHA_LONG64 *)(&(x))); \ - asm ("bswapq %0" \ - : "=r"(ret) \ - : "0"(ret)); ret; }) -# endif -# elif (defined(__i386) || defined(__i386__)) && !defined(B_ENDIAN) -# if defined(I386_ONLY) -# define PULL64(x) ({ const unsigned int *p=(const unsigned int *)(&(x));\ - unsigned int hi=p[0],lo=p[1]; \ - asm("xchgb %%ah,%%al;xchgb %%dh,%%dl;"\ - "roll $16,%%eax; roll $16,%%edx; "\ - "xchgb %%ah,%%al;xchgb %%dh,%%dl;"\ - : "=a"(lo),"=d"(hi) \ - : "0"(lo),"1"(hi) : "cc"); \ - ((SHA_LONG64)hi)<<32|lo; }) -# else -# define PULL64(x) ({ const unsigned int *p=(const unsigned int *)(&(x));\ - unsigned int hi=p[0],lo=p[1]; \ - asm ("bswapl %0; bswapl %1;" \ - : "=r"(lo),"=r"(hi) \ - : "0"(lo),"1"(hi)); \ - ((SHA_LONG64)hi)<<32|lo; }) -# endif -# elif (defined(_ARCH_PPC) && defined(__64BIT__)) || defined(_ARCH_PPC64) -# define ROTR(a,n) ({ SHA_LONG64 ret; \ - asm ("rotrdi %0,%1,%2" \ - : "=r"(ret) \ - : "r"(a),"K"(n)); ret; }) -# elif defined(__aarch64__) -# define ROTR(a,n) ({ SHA_LONG64 ret; \ - asm ("ror %0,%1,%2" \ - : "=r"(ret) \ - : "r"(a),"I"(n)); ret; }) -# if defined(__BYTE_ORDER__) && defined(__ORDER_LITTLE_ENDIAN__) && \ - __BYTE_ORDER__==__ORDER_LITTLE_ENDIAN__ -# define PULL64(x) ({ SHA_LONG64 ret; \ - asm ("rev %0,%1" \ - : "=r"(ret) \ - : "r"(*((const SHA_LONG64 *)(&(x))))); ret; }) -# endif -# endif -# elif defined(_MSC_VER) -# if defined(_WIN64) /* applies to both IA-64 and AMD64 */ -# pragma intrinsic(_rotr64) -# define ROTR(a,n) _rotr64((a),n) -# endif -# if defined(_M_IX86) && !defined(OPENSSL_NO_ASM) && \ - !defined(OPENSSL_NO_INLINE_ASM) -# if defined(I386_ONLY) -static SHA_LONG64 __fastcall __pull64be(const void *x) -{ - _asm mov edx,[ecx + 0] - _asm mov eax,[ecx + 4] - _asm xchg dh, dl - _asm xchg ah, al - _asm rol edx, 16 - _asm rol eax, 16 - _asm xchg dh, dl - _asm xchg ah, al -} -# else -static SHA_LONG64 __fastcall __pull64be(const void *x) -{ - _asm mov edx,[ecx + 0] - _asm mov eax,[ecx + 4] - _asm bswap edx - _asm bswap eax -} -# endif -# define PULL64(x) __pull64be(&(x)) -# endif -# endif -# endif -# ifndef PULL64 -# define B(x,j) (((SHA_LONG64)(*(((const unsigned char *)(&x))+j)))<<((7-j)*8)) -# define PULL64(x) (B(x,0)|B(x,1)|B(x,2)|B(x,3)|B(x,4)|B(x,5)|B(x,6)|B(x,7)) -# endif -# ifndef ROTR -# define ROTR(x,s) (((x)>>s) | (x)<<(64-s)) -# endif -# define Sigma0(x) (ROTR((x),28) ^ ROTR((x),34) ^ ROTR((x),39)) -# define Sigma1(x) (ROTR((x),14) ^ ROTR((x),18) ^ ROTR((x),41)) -# define sigma0(x) (ROTR((x),1) ^ ROTR((x),8) ^ ((x)>>7)) -# define sigma1(x) (ROTR((x),19) ^ ROTR((x),61) ^ ((x)>>6)) -# define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z))) -# define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z))) - -# if defined(__i386) || defined(__i386__) || defined(_M_IX86) -/* - * This code should give better results on 32-bit CPU with less than - * ~24 registers, both size and performance wise... - */ - -static void sha512_block_data_order(SHA512_CTX *ctx, const void *in, - size_t num) -{ - const SHA_LONG64 *W = in; - SHA_LONG64 A, E, T; - SHA_LONG64 X[9 + 80], *F; - int i; - - while (num--) { - - F = X + 80; - A = ctx->h[0]; - F[1] = ctx->h[1]; - F[2] = ctx->h[2]; - F[3] = ctx->h[3]; - E = ctx->h[4]; - F[5] = ctx->h[5]; - F[6] = ctx->h[6]; - F[7] = ctx->h[7]; - - for (i = 0; i < 16; i++, F--) { -# ifdef B_ENDIAN - T = W[i]; -# else - T = PULL64(W[i]); -# endif - F[0] = A; - F[4] = E; - F[8] = T; - T += F[7] + Sigma1(E) + Ch(E, F[5], F[6]) + K512[i]; - E = F[3] + T; - A = T + Sigma0(A) + Maj(A, F[1], F[2]); - } - - for (; i < 80; i++, F--) { - T = sigma0(F[8 + 16 - 1]); - T += sigma1(F[8 + 16 - 14]); - T += F[8 + 16] + F[8 + 16 - 9]; - - F[0] = A; - F[4] = E; - F[8] = T; - T += F[7] + Sigma1(E) + Ch(E, F[5], F[6]) + K512[i]; - E = F[3] + T; - A = T + Sigma0(A) + Maj(A, F[1], F[2]); - } - - ctx->h[0] += A; - ctx->h[1] += F[1]; - ctx->h[2] += F[2]; - ctx->h[3] += F[3]; - ctx->h[4] += E; - ctx->h[5] += F[5]; - ctx->h[6] += F[6]; - ctx->h[7] += F[7]; - - W += SHA_LBLOCK; - } -} - -# elif defined(OPENSSL_SMALL_FOOTPRINT) - -static void sha512_block_data_order(SHA512_CTX *ctx, const void *in, - size_t num) -{ - const SHA_LONG64 *W = in; - SHA_LONG64 a, b, c, d, e, f, g, h, s0, s1, T1, T2; - SHA_LONG64 X[16]; - int i; - - while (num--) { - - a = ctx->h[0]; - b = ctx->h[1]; - c = ctx->h[2]; - d = ctx->h[3]; - e = ctx->h[4]; - f = ctx->h[5]; - g = ctx->h[6]; - h = ctx->h[7]; - - for (i = 0; i < 16; i++) { -# ifdef B_ENDIAN - T1 = X[i] = W[i]; -# else - T1 = X[i] = PULL64(W[i]); -# endif - T1 += h + Sigma1(e) + Ch(e, f, g) + K512[i]; - T2 = Sigma0(a) + Maj(a, b, c); - h = g; - g = f; - f = e; - e = d + T1; - d = c; - c = b; - b = a; - a = T1 + T2; - } - - for (; i < 80; i++) { - s0 = X[(i + 1) & 0x0f]; - s0 = sigma0(s0); - s1 = X[(i + 14) & 0x0f]; - s1 = sigma1(s1); - - T1 = X[i & 0xf] += s0 + s1 + X[(i + 9) & 0xf]; - T1 += h + Sigma1(e) + Ch(e, f, g) + K512[i]; - T2 = Sigma0(a) + Maj(a, b, c); - h = g; - g = f; - f = e; - e = d + T1; - d = c; - c = b; - b = a; - a = T1 + T2; - } - - ctx->h[0] += a; - ctx->h[1] += b; - ctx->h[2] += c; - ctx->h[3] += d; - ctx->h[4] += e; - ctx->h[5] += f; - ctx->h[6] += g; - ctx->h[7] += h; - - W += SHA_LBLOCK; - } -} - -# else -# define ROUND_00_15(i,a,b,c,d,e,f,g,h) do { \ - T1 += h + Sigma1(e) + Ch(e,f,g) + K512[i]; \ - h = Sigma0(a) + Maj(a,b,c); \ - d += T1; h += T1; } while (0) - -# define ROUND_16_80(i,j,a,b,c,d,e,f,g,h,X) do { \ - s0 = X[(j+1)&0x0f]; s0 = sigma0(s0); \ - s1 = X[(j+14)&0x0f]; s1 = sigma1(s1); \ - T1 = X[(j)&0x0f] += s0 + s1 + X[(j+9)&0x0f]; \ - ROUND_00_15(i+j,a,b,c,d,e,f,g,h); } while (0) - -static void sha512_block_data_order(SHA512_CTX *ctx, const void *in, - size_t num) -{ - const SHA_LONG64 *W = in; - SHA_LONG64 a, b, c, d, e, f, g, h, s0, s1, T1; - SHA_LONG64 X[16]; - int i; - - while (num--) { - - a = ctx->h[0]; - b = ctx->h[1]; - c = ctx->h[2]; - d = ctx->h[3]; - e = ctx->h[4]; - f = ctx->h[5]; - g = ctx->h[6]; - h = ctx->h[7]; - -# ifdef B_ENDIAN - T1 = X[0] = W[0]; - ROUND_00_15(0, a, b, c, d, e, f, g, h); - T1 = X[1] = W[1]; - ROUND_00_15(1, h, a, b, c, d, e, f, g); - T1 = X[2] = W[2]; - ROUND_00_15(2, g, h, a, b, c, d, e, f); - T1 = X[3] = W[3]; - ROUND_00_15(3, f, g, h, a, b, c, d, e); - T1 = X[4] = W[4]; - ROUND_00_15(4, e, f, g, h, a, b, c, d); - T1 = X[5] = W[5]; - ROUND_00_15(5, d, e, f, g, h, a, b, c); - T1 = X[6] = W[6]; - ROUND_00_15(6, c, d, e, f, g, h, a, b); - T1 = X[7] = W[7]; - ROUND_00_15(7, b, c, d, e, f, g, h, a); - T1 = X[8] = W[8]; - ROUND_00_15(8, a, b, c, d, e, f, g, h); - T1 = X[9] = W[9]; - ROUND_00_15(9, h, a, b, c, d, e, f, g); - T1 = X[10] = W[10]; - ROUND_00_15(10, g, h, a, b, c, d, e, f); - T1 = X[11] = W[11]; - ROUND_00_15(11, f, g, h, a, b, c, d, e); - T1 = X[12] = W[12]; - ROUND_00_15(12, e, f, g, h, a, b, c, d); - T1 = X[13] = W[13]; - ROUND_00_15(13, d, e, f, g, h, a, b, c); - T1 = X[14] = W[14]; - ROUND_00_15(14, c, d, e, f, g, h, a, b); - T1 = X[15] = W[15]; - ROUND_00_15(15, b, c, d, e, f, g, h, a); -# else - T1 = X[0] = PULL64(W[0]); - ROUND_00_15(0, a, b, c, d, e, f, g, h); - T1 = X[1] = PULL64(W[1]); - ROUND_00_15(1, h, a, b, c, d, e, f, g); - T1 = X[2] = PULL64(W[2]); - ROUND_00_15(2, g, h, a, b, c, d, e, f); - T1 = X[3] = PULL64(W[3]); - ROUND_00_15(3, f, g, h, a, b, c, d, e); - T1 = X[4] = PULL64(W[4]); - ROUND_00_15(4, e, f, g, h, a, b, c, d); - T1 = X[5] = PULL64(W[5]); - ROUND_00_15(5, d, e, f, g, h, a, b, c); - T1 = X[6] = PULL64(W[6]); - ROUND_00_15(6, c, d, e, f, g, h, a, b); - T1 = X[7] = PULL64(W[7]); - ROUND_00_15(7, b, c, d, e, f, g, h, a); - T1 = X[8] = PULL64(W[8]); - ROUND_00_15(8, a, b, c, d, e, f, g, h); - T1 = X[9] = PULL64(W[9]); - ROUND_00_15(9, h, a, b, c, d, e, f, g); - T1 = X[10] = PULL64(W[10]); - ROUND_00_15(10, g, h, a, b, c, d, e, f); - T1 = X[11] = PULL64(W[11]); - ROUND_00_15(11, f, g, h, a, b, c, d, e); - T1 = X[12] = PULL64(W[12]); - ROUND_00_15(12, e, f, g, h, a, b, c, d); - T1 = X[13] = PULL64(W[13]); - ROUND_00_15(13, d, e, f, g, h, a, b, c); - T1 = X[14] = PULL64(W[14]); - ROUND_00_15(14, c, d, e, f, g, h, a, b); - T1 = X[15] = PULL64(W[15]); - ROUND_00_15(15, b, c, d, e, f, g, h, a); -# endif - - for (i = 16; i < 80; i += 16) { - ROUND_16_80(i, 0, a, b, c, d, e, f, g, h, X); - ROUND_16_80(i, 1, h, a, b, c, d, e, f, g, X); - ROUND_16_80(i, 2, g, h, a, b, c, d, e, f, X); - ROUND_16_80(i, 3, f, g, h, a, b, c, d, e, X); - ROUND_16_80(i, 4, e, f, g, h, a, b, c, d, X); - ROUND_16_80(i, 5, d, e, f, g, h, a, b, c, X); - ROUND_16_80(i, 6, c, d, e, f, g, h, a, b, X); - ROUND_16_80(i, 7, b, c, d, e, f, g, h, a, X); - ROUND_16_80(i, 8, a, b, c, d, e, f, g, h, X); - ROUND_16_80(i, 9, h, a, b, c, d, e, f, g, X); - ROUND_16_80(i, 10, g, h, a, b, c, d, e, f, X); - ROUND_16_80(i, 11, f, g, h, a, b, c, d, e, X); - ROUND_16_80(i, 12, e, f, g, h, a, b, c, d, X); - ROUND_16_80(i, 13, d, e, f, g, h, a, b, c, X); - ROUND_16_80(i, 14, c, d, e, f, g, h, a, b, X); - ROUND_16_80(i, 15, b, c, d, e, f, g, h, a, X); - } - - ctx->h[0] += a; - ctx->h[1] += b; - ctx->h[2] += c; - ctx->h[3] += d; - ctx->h[4] += e; - ctx->h[5] += f; - ctx->h[6] += g; - ctx->h[7] += h; - - W += SHA_LBLOCK; - } -} - -# endif - -#endif /* SHA512_ASM */ diff --git a/crypto/sha/sha_local.h b/crypto/sha/sha_local.h deleted file mode 100644 index 81de72ba4f906cab7a70203d92c7c99cbe10d1ec..0000000000000000000000000000000000000000 --- a/crypto/sha/sha_local.h +++ /dev/null @@ -1,420 +0,0 @@ -/* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include - -#include -#include -#include "internal/endian.h" - -#define DATA_ORDER_IS_BIG_ENDIAN - -#define HASH_LONG SHA_LONG -#define HASH_CTX SHA_CTX -#define HASH_CBLOCK SHA_CBLOCK -#define HASH_MAKE_STRING(c,s) do { \ - unsigned long ll; \ - ll=(c)->h0; (void)HOST_l2c(ll,(s)); \ - ll=(c)->h1; (void)HOST_l2c(ll,(s)); \ - ll=(c)->h2; (void)HOST_l2c(ll,(s)); \ - ll=(c)->h3; (void)HOST_l2c(ll,(s)); \ - ll=(c)->h4; (void)HOST_l2c(ll,(s)); \ - } while (0) - -#define HASH_UPDATE SHA1_Update -#define HASH_TRANSFORM SHA1_Transform -#define HASH_FINAL SHA1_Final -#define HASH_INIT SHA1_Init -#define HASH_BLOCK_DATA_ORDER sha1_block_data_order -#define Xupdate(a,ix,ia,ib,ic,id) ( (a)=(ia^ib^ic^id), \ - ix=(a)=ROTATE((a),1) \ - ) - -#ifndef SHA1_ASM -static void sha1_block_data_order(SHA_CTX *c, const void *p, size_t num); -#else -void sha1_block_data_order(SHA_CTX *c, const void *p, size_t num); -#endif - -#include "crypto/md32_common.h" - -#define INIT_DATA_h0 0x67452301UL -#define INIT_DATA_h1 0xefcdab89UL -#define INIT_DATA_h2 0x98badcfeUL -#define INIT_DATA_h3 0x10325476UL -#define INIT_DATA_h4 0xc3d2e1f0UL - -int HASH_INIT(SHA_CTX *c) -{ - memset(c, 0, sizeof(*c)); - c->h0 = INIT_DATA_h0; - c->h1 = INIT_DATA_h1; - c->h2 = INIT_DATA_h2; - c->h3 = INIT_DATA_h3; - c->h4 = INIT_DATA_h4; - return 1; -} - -#define K_00_19 0x5a827999UL -#define K_20_39 0x6ed9eba1UL -#define K_40_59 0x8f1bbcdcUL -#define K_60_79 0xca62c1d6UL - -/* - * As pointed out by Wei Dai, F() below can be simplified to the code in - * F_00_19. Wei attributes these optimizations to Peter Gutmann's SHS code, - * and he attributes it to Rich Schroeppel. - * #define F(x,y,z) (((x) & (y)) | ((~(x)) & (z))) - * I've just become aware of another tweak to be made, again from Wei Dai, - * in F_40_59, (x&a)|(y&a) -> (x|y)&a - */ -#define F_00_19(b,c,d) ((((c) ^ (d)) & (b)) ^ (d)) -#define F_20_39(b,c,d) ((b) ^ (c) ^ (d)) -#define F_40_59(b,c,d) (((b) & (c)) | (((b)|(c)) & (d))) -#define F_60_79(b,c,d) F_20_39(b,c,d) - -#ifndef OPENSSL_SMALL_FOOTPRINT - -# define BODY_00_15(i,a,b,c,d,e,f,xi) \ - (f)=xi+(e)+K_00_19+ROTATE((a),5)+F_00_19((b),(c),(d)); \ - (b)=ROTATE((b),30); - -# define BODY_16_19(i,a,b,c,d,e,f,xi,xa,xb,xc,xd) \ - Xupdate(f,xi,xa,xb,xc,xd); \ - (f)+=(e)+K_00_19+ROTATE((a),5)+F_00_19((b),(c),(d)); \ - (b)=ROTATE((b),30); - -# define BODY_20_31(i,a,b,c,d,e,f,xi,xa,xb,xc,xd) \ - Xupdate(f,xi,xa,xb,xc,xd); \ - (f)+=(e)+K_20_39+ROTATE((a),5)+F_20_39((b),(c),(d)); \ - (b)=ROTATE((b),30); - -# define BODY_32_39(i,a,b,c,d,e,f,xa,xb,xc,xd) \ - Xupdate(f,xa,xa,xb,xc,xd); \ - (f)+=(e)+K_20_39+ROTATE((a),5)+F_20_39((b),(c),(d)); \ - (b)=ROTATE((b),30); - -# define BODY_40_59(i,a,b,c,d,e,f,xa,xb,xc,xd) \ - Xupdate(f,xa,xa,xb,xc,xd); \ - (f)+=(e)+K_40_59+ROTATE((a),5)+F_40_59((b),(c),(d)); \ - (b)=ROTATE((b),30); - -# define BODY_60_79(i,a,b,c,d,e,f,xa,xb,xc,xd) \ - Xupdate(f,xa,xa,xb,xc,xd); \ - (f)=xa+(e)+K_60_79+ROTATE((a),5)+F_60_79((b),(c),(d)); \ - (b)=ROTATE((b),30); - -# ifdef X -# undef X -# endif -# ifndef MD32_XARRAY - /* - * Originally X was an array. As it's automatic it's natural - * to expect RISC compiler to accommodate at least part of it in - * the register bank, isn't it? Unfortunately not all compilers - * "find" this expectation reasonable:-( On order to make such - * compilers generate better code I replace X[] with a bunch of - * X0, X1, etc. See the function body below... - */ -# define X(i) XX##i -# else - /* - * However! Some compilers (most notably HP C) get overwhelmed by - * that many local variables so that we have to have the way to - * fall down to the original behavior. - */ -# define X(i) XX[i] -# endif - -# if !defined(SHA1_ASM) -static void HASH_BLOCK_DATA_ORDER(SHA_CTX *c, const void *p, size_t num) -{ - const unsigned char *data = p; - register unsigned MD32_REG_T A, B, C, D, E, T, l; -# ifndef MD32_XARRAY - unsigned MD32_REG_T XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7, - XX8, XX9, XX10, XX11, XX12, XX13, XX14, XX15; -# else - SHA_LONG XX[16]; -# endif - - A = c->h0; - B = c->h1; - C = c->h2; - D = c->h3; - E = c->h4; - - for (;;) { - DECLARE_IS_ENDIAN; - - if (!IS_LITTLE_ENDIAN && sizeof(SHA_LONG) == 4 - && ((size_t)p % 4) == 0) { - const SHA_LONG *W = (const SHA_LONG *)data; - - X(0) = W[0]; - X(1) = W[1]; - BODY_00_15(0, A, B, C, D, E, T, X(0)); - X(2) = W[2]; - BODY_00_15(1, T, A, B, C, D, E, X(1)); - X(3) = W[3]; - BODY_00_15(2, E, T, A, B, C, D, X(2)); - X(4) = W[4]; - BODY_00_15(3, D, E, T, A, B, C, X(3)); - X(5) = W[5]; - BODY_00_15(4, C, D, E, T, A, B, X(4)); - X(6) = W[6]; - BODY_00_15(5, B, C, D, E, T, A, X(5)); - X(7) = W[7]; - BODY_00_15(6, A, B, C, D, E, T, X(6)); - X(8) = W[8]; - BODY_00_15(7, T, A, B, C, D, E, X(7)); - X(9) = W[9]; - BODY_00_15(8, E, T, A, B, C, D, X(8)); - X(10) = W[10]; - BODY_00_15(9, D, E, T, A, B, C, X(9)); - X(11) = W[11]; - BODY_00_15(10, C, D, E, T, A, B, X(10)); - X(12) = W[12]; - BODY_00_15(11, B, C, D, E, T, A, X(11)); - X(13) = W[13]; - BODY_00_15(12, A, B, C, D, E, T, X(12)); - X(14) = W[14]; - BODY_00_15(13, T, A, B, C, D, E, X(13)); - X(15) = W[15]; - BODY_00_15(14, E, T, A, B, C, D, X(14)); - BODY_00_15(15, D, E, T, A, B, C, X(15)); - - data += SHA_CBLOCK; - } else { - (void)HOST_c2l(data, l); - X(0) = l; - (void)HOST_c2l(data, l); - X(1) = l; - BODY_00_15(0, A, B, C, D, E, T, X(0)); - (void)HOST_c2l(data, l); - X(2) = l; - BODY_00_15(1, T, A, B, C, D, E, X(1)); - (void)HOST_c2l(data, l); - X(3) = l; - BODY_00_15(2, E, T, A, B, C, D, X(2)); - (void)HOST_c2l(data, l); - X(4) = l; - BODY_00_15(3, D, E, T, A, B, C, X(3)); - (void)HOST_c2l(data, l); - X(5) = l; - BODY_00_15(4, C, D, E, T, A, B, X(4)); - (void)HOST_c2l(data, l); - X(6) = l; - BODY_00_15(5, B, C, D, E, T, A, X(5)); - (void)HOST_c2l(data, l); - X(7) = l; - BODY_00_15(6, A, B, C, D, E, T, X(6)); - (void)HOST_c2l(data, l); - X(8) = l; - BODY_00_15(7, T, A, B, C, D, E, X(7)); - (void)HOST_c2l(data, l); - X(9) = l; - BODY_00_15(8, E, T, A, B, C, D, X(8)); - (void)HOST_c2l(data, l); - X(10) = l; - BODY_00_15(9, D, E, T, A, B, C, X(9)); - (void)HOST_c2l(data, l); - X(11) = l; - BODY_00_15(10, C, D, E, T, A, B, X(10)); - (void)HOST_c2l(data, l); - X(12) = l; - BODY_00_15(11, B, C, D, E, T, A, X(11)); - (void)HOST_c2l(data, l); - X(13) = l; - BODY_00_15(12, A, B, C, D, E, T, X(12)); - (void)HOST_c2l(data, l); - X(14) = l; - BODY_00_15(13, T, A, B, C, D, E, X(13)); - (void)HOST_c2l(data, l); - X(15) = l; - BODY_00_15(14, E, T, A, B, C, D, X(14)); - BODY_00_15(15, D, E, T, A, B, C, X(15)); - } - - BODY_16_19(16, C, D, E, T, A, B, X(0), X(0), X(2), X(8), X(13)); - BODY_16_19(17, B, C, D, E, T, A, X(1), X(1), X(3), X(9), X(14)); - BODY_16_19(18, A, B, C, D, E, T, X(2), X(2), X(4), X(10), X(15)); - BODY_16_19(19, T, A, B, C, D, E, X(3), X(3), X(5), X(11), X(0)); - - BODY_20_31(20, E, T, A, B, C, D, X(4), X(4), X(6), X(12), X(1)); - BODY_20_31(21, D, E, T, A, B, C, X(5), X(5), X(7), X(13), X(2)); - BODY_20_31(22, C, D, E, T, A, B, X(6), X(6), X(8), X(14), X(3)); - BODY_20_31(23, B, C, D, E, T, A, X(7), X(7), X(9), X(15), X(4)); - BODY_20_31(24, A, B, C, D, E, T, X(8), X(8), X(10), X(0), X(5)); - BODY_20_31(25, T, A, B, C, D, E, X(9), X(9), X(11), X(1), X(6)); - BODY_20_31(26, E, T, A, B, C, D, X(10), X(10), X(12), X(2), X(7)); - BODY_20_31(27, D, E, T, A, B, C, X(11), X(11), X(13), X(3), X(8)); - BODY_20_31(28, C, D, E, T, A, B, X(12), X(12), X(14), X(4), X(9)); - BODY_20_31(29, B, C, D, E, T, A, X(13), X(13), X(15), X(5), X(10)); - BODY_20_31(30, A, B, C, D, E, T, X(14), X(14), X(0), X(6), X(11)); - BODY_20_31(31, T, A, B, C, D, E, X(15), X(15), X(1), X(7), X(12)); - - BODY_32_39(32, E, T, A, B, C, D, X(0), X(2), X(8), X(13)); - BODY_32_39(33, D, E, T, A, B, C, X(1), X(3), X(9), X(14)); - BODY_32_39(34, C, D, E, T, A, B, X(2), X(4), X(10), X(15)); - BODY_32_39(35, B, C, D, E, T, A, X(3), X(5), X(11), X(0)); - BODY_32_39(36, A, B, C, D, E, T, X(4), X(6), X(12), X(1)); - BODY_32_39(37, T, A, B, C, D, E, X(5), X(7), X(13), X(2)); - BODY_32_39(38, E, T, A, B, C, D, X(6), X(8), X(14), X(3)); - BODY_32_39(39, D, E, T, A, B, C, X(7), X(9), X(15), X(4)); - - BODY_40_59(40, C, D, E, T, A, B, X(8), X(10), X(0), X(5)); - BODY_40_59(41, B, C, D, E, T, A, X(9), X(11), X(1), X(6)); - BODY_40_59(42, A, B, C, D, E, T, X(10), X(12), X(2), X(7)); - BODY_40_59(43, T, A, B, C, D, E, X(11), X(13), X(3), X(8)); - BODY_40_59(44, E, T, A, B, C, D, X(12), X(14), X(4), X(9)); - BODY_40_59(45, D, E, T, A, B, C, X(13), X(15), X(5), X(10)); - BODY_40_59(46, C, D, E, T, A, B, X(14), X(0), X(6), X(11)); - BODY_40_59(47, B, C, D, E, T, A, X(15), X(1), X(7), X(12)); - BODY_40_59(48, A, B, C, D, E, T, X(0), X(2), X(8), X(13)); - BODY_40_59(49, T, A, B, C, D, E, X(1), X(3), X(9), X(14)); - BODY_40_59(50, E, T, A, B, C, D, X(2), X(4), X(10), X(15)); - BODY_40_59(51, D, E, T, A, B, C, X(3), X(5), X(11), X(0)); - BODY_40_59(52, C, D, E, T, A, B, X(4), X(6), X(12), X(1)); - BODY_40_59(53, B, C, D, E, T, A, X(5), X(7), X(13), X(2)); - BODY_40_59(54, A, B, C, D, E, T, X(6), X(8), X(14), X(3)); - BODY_40_59(55, T, A, B, C, D, E, X(7), X(9), X(15), X(4)); - BODY_40_59(56, E, T, A, B, C, D, X(8), X(10), X(0), X(5)); - BODY_40_59(57, D, E, T, A, B, C, X(9), X(11), X(1), X(6)); - BODY_40_59(58, C, D, E, T, A, B, X(10), X(12), X(2), X(7)); - BODY_40_59(59, B, C, D, E, T, A, X(11), X(13), X(3), X(8)); - - BODY_60_79(60, A, B, C, D, E, T, X(12), X(14), X(4), X(9)); - BODY_60_79(61, T, A, B, C, D, E, X(13), X(15), X(5), X(10)); - BODY_60_79(62, E, T, A, B, C, D, X(14), X(0), X(6), X(11)); - BODY_60_79(63, D, E, T, A, B, C, X(15), X(1), X(7), X(12)); - BODY_60_79(64, C, D, E, T, A, B, X(0), X(2), X(8), X(13)); - BODY_60_79(65, B, C, D, E, T, A, X(1), X(3), X(9), X(14)); - BODY_60_79(66, A, B, C, D, E, T, X(2), X(4), X(10), X(15)); - BODY_60_79(67, T, A, B, C, D, E, X(3), X(5), X(11), X(0)); - BODY_60_79(68, E, T, A, B, C, D, X(4), X(6), X(12), X(1)); - BODY_60_79(69, D, E, T, A, B, C, X(5), X(7), X(13), X(2)); - BODY_60_79(70, C, D, E, T, A, B, X(6), X(8), X(14), X(3)); - BODY_60_79(71, B, C, D, E, T, A, X(7), X(9), X(15), X(4)); - BODY_60_79(72, A, B, C, D, E, T, X(8), X(10), X(0), X(5)); - BODY_60_79(73, T, A, B, C, D, E, X(9), X(11), X(1), X(6)); - BODY_60_79(74, E, T, A, B, C, D, X(10), X(12), X(2), X(7)); - BODY_60_79(75, D, E, T, A, B, C, X(11), X(13), X(3), X(8)); - BODY_60_79(76, C, D, E, T, A, B, X(12), X(14), X(4), X(9)); - BODY_60_79(77, B, C, D, E, T, A, X(13), X(15), X(5), X(10)); - BODY_60_79(78, A, B, C, D, E, T, X(14), X(0), X(6), X(11)); - BODY_60_79(79, T, A, B, C, D, E, X(15), X(1), X(7), X(12)); - - c->h0 = (c->h0 + E) & 0xffffffffL; - c->h1 = (c->h1 + T) & 0xffffffffL; - c->h2 = (c->h2 + A) & 0xffffffffL; - c->h3 = (c->h3 + B) & 0xffffffffL; - c->h4 = (c->h4 + C) & 0xffffffffL; - - if (--num == 0) - break; - - A = c->h0; - B = c->h1; - C = c->h2; - D = c->h3; - E = c->h4; - - } -} -# endif - -#else /* OPENSSL_SMALL_FOOTPRINT */ - -# define BODY_00_15(xi) do { \ - T=E+K_00_19+F_00_19(B,C,D); \ - E=D, D=C, C=ROTATE(B,30), B=A; \ - A=ROTATE(A,5)+T+xi; } while(0) - -# define BODY_16_19(xa,xb,xc,xd) do { \ - Xupdate(T,xa,xa,xb,xc,xd); \ - T+=E+K_00_19+F_00_19(B,C,D); \ - E=D, D=C, C=ROTATE(B,30), B=A; \ - A=ROTATE(A,5)+T; } while(0) - -# define BODY_20_39(xa,xb,xc,xd) do { \ - Xupdate(T,xa,xa,xb,xc,xd); \ - T+=E+K_20_39+F_20_39(B,C,D); \ - E=D, D=C, C=ROTATE(B,30), B=A; \ - A=ROTATE(A,5)+T; } while(0) - -# define BODY_40_59(xa,xb,xc,xd) do { \ - Xupdate(T,xa,xa,xb,xc,xd); \ - T+=E+K_40_59+F_40_59(B,C,D); \ - E=D, D=C, C=ROTATE(B,30), B=A; \ - A=ROTATE(A,5)+T; } while(0) - -# define BODY_60_79(xa,xb,xc,xd) do { \ - Xupdate(T,xa,xa,xb,xc,xd); \ - T=E+K_60_79+F_60_79(B,C,D); \ - E=D, D=C, C=ROTATE(B,30), B=A; \ - A=ROTATE(A,5)+T+xa; } while(0) - -# if !defined(SHA1_ASM) -static void HASH_BLOCK_DATA_ORDER(SHA_CTX *c, const void *p, size_t num) -{ - const unsigned char *data = p; - register unsigned MD32_REG_T A, B, C, D, E, T, l; - int i; - SHA_LONG X[16]; - - A = c->h0; - B = c->h1; - C = c->h2; - D = c->h3; - E = c->h4; - - for (;;) { - for (i = 0; i < 16; i++) { - (void)HOST_c2l(data, l); - X[i] = l; - BODY_00_15(X[i]); - } - for (i = 0; i < 4; i++) { - BODY_16_19(X[i], X[i + 2], X[i + 8], X[(i + 13) & 15]); - } - for (; i < 24; i++) { - BODY_20_39(X[i & 15], X[(i + 2) & 15], X[(i + 8) & 15], - X[(i + 13) & 15]); - } - for (i = 0; i < 20; i++) { - BODY_40_59(X[(i + 8) & 15], X[(i + 10) & 15], X[i & 15], - X[(i + 5) & 15]); - } - for (i = 4; i < 24; i++) { - BODY_60_79(X[(i + 8) & 15], X[(i + 10) & 15], X[i & 15], - X[(i + 5) & 15]); - } - - c->h0 = (c->h0 + A) & 0xffffffffL; - c->h1 = (c->h1 + B) & 0xffffffffL; - c->h2 = (c->h2 + C) & 0xffffffffL; - c->h3 = (c->h3 + D) & 0xffffffffL; - c->h4 = (c->h4 + E) & 0xffffffffL; - - if (--num == 0) - break; - - A = c->h0; - B = c->h1; - C = c->h2; - D = c->h3; - E = c->h4; - - } -} -# endif - -#endif diff --git a/crypto/sha/sha_ppc.c b/crypto/sha/sha_ppc.c deleted file mode 100644 index accf19d8a23195033a0c27b08bf9adc5c21991d3..0000000000000000000000000000000000000000 --- a/crypto/sha/sha_ppc.c +++ /dev/null @@ -1,33 +0,0 @@ -/* - * Copyright 2009-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include - -#include -#include -#include "crypto/ppc_arch.h" - -void sha256_block_p8(void *ctx, const void *inp, size_t len); -void sha256_block_ppc(void *ctx, const void *inp, size_t len); -void sha256_block_data_order(void *ctx, const void *inp, size_t len); -void sha256_block_data_order(void *ctx, const void *inp, size_t len) -{ - OPENSSL_ppccap_P & PPC_CRYPTO207 ? sha256_block_p8(ctx, inp, len) : - sha256_block_ppc(ctx, inp, len); -} - -void sha512_block_p8(void *ctx, const void *inp, size_t len); -void sha512_block_ppc(void *ctx, const void *inp, size_t len); -void sha512_block_data_order(void *ctx, const void *inp, size_t len); -void sha512_block_data_order(void *ctx, const void *inp, size_t len) -{ - OPENSSL_ppccap_P & PPC_CRYPTO207 ? sha512_block_p8(ctx, inp, len) : - sha512_block_ppc(ctx, inp, len); -} diff --git a/crypto/siphash/build.info b/crypto/siphash/build.info deleted file mode 100644 index 432b6f5ec355f53cf45a67c8a4ee695411cbb3ba..0000000000000000000000000000000000000000 --- a/crypto/siphash/build.info +++ /dev/null @@ -1,3 +0,0 @@ -LIBS=../../libcrypto -SOURCE[../../libcrypto]=\ - siphash.c diff --git a/crypto/siphash/siphash.c b/crypto/siphash/siphash.c deleted file mode 100644 index 57f61c1db1a55c6400db276db2a801bb2087e0b3..0000000000000000000000000000000000000000 --- a/crypto/siphash/siphash.c +++ /dev/null @@ -1,255 +0,0 @@ -/* - * Copyright 2017-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* Based on https://131002.net/siphash C reference implementation */ -/* - SipHash reference C implementation - - Copyright (c) 2012-2016 Jean-Philippe Aumasson - Copyright (c) 2012-2014 Daniel J. Bernstein - - To the extent possible under law, the author(s) have dedicated all copyright - and related and neighboring rights to this software to the public domain - worldwide. This software is distributed without any warranty. - - You should have received a copy of the CC0 Public Domain Dedication along - with this software. If not, see - . - */ - -#include -#include -#include - -#include "crypto/siphash.h" - -#define ROTL(x, b) (uint64_t)(((x) << (b)) | ((x) >> (64 - (b)))) - -#define U32TO8_LE(p, v) \ - (p)[0] = (uint8_t)((v)); \ - (p)[1] = (uint8_t)((v) >> 8); \ - (p)[2] = (uint8_t)((v) >> 16); \ - (p)[3] = (uint8_t)((v) >> 24); - -#define U64TO8_LE(p, v) \ - U32TO8_LE((p), (uint32_t)((v))); \ - U32TO8_LE((p) + 4, (uint32_t)((v) >> 32)); - -#define U8TO64_LE(p) \ - (((uint64_t)((p)[0])) | ((uint64_t)((p)[1]) << 8) | \ - ((uint64_t)((p)[2]) << 16) | ((uint64_t)((p)[3]) << 24) | \ - ((uint64_t)((p)[4]) << 32) | ((uint64_t)((p)[5]) << 40) | \ - ((uint64_t)((p)[6]) << 48) | ((uint64_t)((p)[7]) << 56)) - -#define SIPROUND \ - do { \ - v0 += v1; \ - v1 = ROTL(v1, 13); \ - v1 ^= v0; \ - v0 = ROTL(v0, 32); \ - v2 += v3; \ - v3 = ROTL(v3, 16); \ - v3 ^= v2; \ - v0 += v3; \ - v3 = ROTL(v3, 21); \ - v3 ^= v0; \ - v2 += v1; \ - v1 = ROTL(v1, 17); \ - v1 ^= v2; \ - v2 = ROTL(v2, 32); \ - } while (0) - -size_t SipHash_ctx_size(void) -{ - return sizeof(SIPHASH); -} - -size_t SipHash_hash_size(SIPHASH *ctx) -{ - return ctx->hash_size; -} - -static size_t siphash_adjust_hash_size(size_t hash_size) -{ - if (hash_size == 0) - hash_size = SIPHASH_MAX_DIGEST_SIZE; - return hash_size; -} - -int SipHash_set_hash_size(SIPHASH *ctx, size_t hash_size) -{ - hash_size = siphash_adjust_hash_size(hash_size); - if (hash_size != SIPHASH_MIN_DIGEST_SIZE - && hash_size != SIPHASH_MAX_DIGEST_SIZE) - return 0; - - /* - * It's possible that the key was set first. If the hash size changes, - * we need to adjust v1 (see SipHash_Init(). - */ - - /* Start by adjusting the stored size, to make things easier */ - ctx->hash_size = siphash_adjust_hash_size(ctx->hash_size); - - /* Now, adjust ctx->v1 if the old and the new size differ */ - if ((size_t)ctx->hash_size != hash_size) { - ctx->v1 ^= 0xee; - ctx->hash_size = hash_size; - } - return 1; -} - -/* hash_size = crounds = drounds = 0 means SipHash24 with 16-byte output */ -int SipHash_Init(SIPHASH *ctx, const unsigned char *k, int crounds, int drounds) -{ - uint64_t k0 = U8TO64_LE(k); - uint64_t k1 = U8TO64_LE(k + 8); - - /* If the hash size wasn't set, i.e. is zero */ - ctx->hash_size = siphash_adjust_hash_size(ctx->hash_size); - - if (drounds == 0) - drounds = SIPHASH_D_ROUNDS; - if (crounds == 0) - crounds = SIPHASH_C_ROUNDS; - - ctx->crounds = crounds; - ctx->drounds = drounds; - - ctx->len = 0; - ctx->total_inlen = 0; - - ctx->v0 = 0x736f6d6570736575ULL ^ k0; - ctx->v1 = 0x646f72616e646f6dULL ^ k1; - ctx->v2 = 0x6c7967656e657261ULL ^ k0; - ctx->v3 = 0x7465646279746573ULL ^ k1; - - if (ctx->hash_size == SIPHASH_MAX_DIGEST_SIZE) - ctx->v1 ^= 0xee; - - return 1; -} - -void SipHash_Update(SIPHASH *ctx, const unsigned char *in, size_t inlen) -{ - uint64_t m; - const uint8_t *end; - int left; - unsigned int i; - uint64_t v0 = ctx->v0; - uint64_t v1 = ctx->v1; - uint64_t v2 = ctx->v2; - uint64_t v3 = ctx->v3; - - ctx->total_inlen += inlen; - - if (ctx->len) { - /* deal with leavings */ - size_t available = SIPHASH_BLOCK_SIZE - ctx->len; - - /* not enough to fill leavings */ - if (inlen < available) { - memcpy(&ctx->leavings[ctx->len], in, inlen); - ctx->len += inlen; - return; - } - - /* copy data into leavings and reduce input */ - memcpy(&ctx->leavings[ctx->len], in, available); - inlen -= available; - in += available; - - /* process leavings */ - m = U8TO64_LE(ctx->leavings); - v3 ^= m; - for (i = 0; i < ctx->crounds; ++i) - SIPROUND; - v0 ^= m; - } - left = inlen & (SIPHASH_BLOCK_SIZE-1); /* gets put into leavings */ - end = in + inlen - left; - - for (; in != end; in += 8) { - m = U8TO64_LE(in); - v3 ^= m; - for (i = 0; i < ctx->crounds; ++i) - SIPROUND; - v0 ^= m; - } - - /* save leavings and other ctx */ - if (left) - memcpy(ctx->leavings, end, left); - ctx->len = left; - - ctx->v0 = v0; - ctx->v1 = v1; - ctx->v2 = v2; - ctx->v3 = v3; -} - -int SipHash_Final(SIPHASH *ctx, unsigned char *out, size_t outlen) -{ - /* finalize hash */ - unsigned int i; - uint64_t b = ctx->total_inlen << 56; - uint64_t v0 = ctx->v0; - uint64_t v1 = ctx->v1; - uint64_t v2 = ctx->v2; - uint64_t v3 = ctx->v3; - - if (ctx->crounds == 0 || outlen == 0 || outlen != (size_t)ctx->hash_size) - return 0; - - switch (ctx->len) { - case 7: - b |= ((uint64_t)ctx->leavings[6]) << 48; - /* fall thru */ - case 6: - b |= ((uint64_t)ctx->leavings[5]) << 40; - /* fall thru */ - case 5: - b |= ((uint64_t)ctx->leavings[4]) << 32; - /* fall thru */ - case 4: - b |= ((uint64_t)ctx->leavings[3]) << 24; - /* fall thru */ - case 3: - b |= ((uint64_t)ctx->leavings[2]) << 16; - /* fall thru */ - case 2: - b |= ((uint64_t)ctx->leavings[1]) << 8; - /* fall thru */ - case 1: - b |= ((uint64_t)ctx->leavings[0]); - case 0: - break; - } - - v3 ^= b; - for (i = 0; i < ctx->crounds; ++i) - SIPROUND; - v0 ^= b; - if (ctx->hash_size == SIPHASH_MAX_DIGEST_SIZE) - v2 ^= 0xee; - else - v2 ^= 0xff; - for (i = 0; i < ctx->drounds; ++i) - SIPROUND; - b = v0 ^ v1 ^ v2 ^ v3; - U64TO8_LE(out, b); - if (ctx->hash_size == SIPHASH_MIN_DIGEST_SIZE) - return 1; - v1 ^= 0xdd; - for (i = 0; i < ctx->drounds; ++i) - SIPROUND; - b = v0 ^ v1 ^ v2 ^ v3; - U64TO8_LE(out + 8, b); - return 1; -} diff --git a/crypto/sm2/build.info b/crypto/sm2/build.info deleted file mode 100644 index a50d08d0bc9a79a896fcf11a7bb29e4d85836170..0000000000000000000000000000000000000000 --- a/crypto/sm2/build.info +++ /dev/null @@ -1,5 +0,0 @@ -LIBS=../../libcrypto -SOURCE[../../libcrypto]=\ - sm2_sign.c sm2_crypt.c sm2_err.c sm2_key.c - - diff --git a/crypto/sm2/sm2_crypt.c b/crypto/sm2/sm2_crypt.c deleted file mode 100644 index 5318c6199f68018f64772356e19ff9d29d107252..0000000000000000000000000000000000000000 --- a/crypto/sm2/sm2_crypt.c +++ /dev/null @@ -1,406 +0,0 @@ -/* - * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. - * Copyright 2017 Ribose Inc. All Rights Reserved. - * Ported from Ribose contributions from Botan. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * ECDSA low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include "crypto/sm2.h" -#include "crypto/sm2err.h" -#include "crypto/ec.h" /* ossl_ecdh_kdf_X9_63() */ -#include -#include -#include -#include -#include -#include - -typedef struct SM2_Ciphertext_st SM2_Ciphertext; -DECLARE_ASN1_FUNCTIONS(SM2_Ciphertext) - -struct SM2_Ciphertext_st { - BIGNUM *C1x; - BIGNUM *C1y; - ASN1_OCTET_STRING *C3; - ASN1_OCTET_STRING *C2; -}; - -ASN1_SEQUENCE(SM2_Ciphertext) = { - ASN1_SIMPLE(SM2_Ciphertext, C1x, BIGNUM), - ASN1_SIMPLE(SM2_Ciphertext, C1y, BIGNUM), - ASN1_SIMPLE(SM2_Ciphertext, C3, ASN1_OCTET_STRING), - ASN1_SIMPLE(SM2_Ciphertext, C2, ASN1_OCTET_STRING), -} ASN1_SEQUENCE_END(SM2_Ciphertext) - -IMPLEMENT_ASN1_FUNCTIONS(SM2_Ciphertext) - -static size_t ec_field_size(const EC_GROUP *group) -{ - /* Is there some simpler way to do this? */ - BIGNUM *p = BN_new(); - BIGNUM *a = BN_new(); - BIGNUM *b = BN_new(); - size_t field_size = 0; - - if (p == NULL || a == NULL || b == NULL) - goto done; - - if (!EC_GROUP_get_curve(group, p, a, b, NULL)) - goto done; - field_size = (BN_num_bits(p) + 7) / 8; - - done: - BN_free(p); - BN_free(a); - BN_free(b); - - return field_size; -} - -int ossl_sm2_plaintext_size(const unsigned char *ct, size_t ct_size, - size_t *pt_size) -{ - struct SM2_Ciphertext_st *sm2_ctext = NULL; - - sm2_ctext = d2i_SM2_Ciphertext(NULL, &ct, ct_size); - - if (sm2_ctext == NULL) { - ERR_raise(ERR_LIB_SM2, SM2_R_INVALID_ENCODING); - return 0; - } - - *pt_size = sm2_ctext->C2->length; - SM2_Ciphertext_free(sm2_ctext); - - return 1; -} - -int ossl_sm2_ciphertext_size(const EC_KEY *key, const EVP_MD *digest, - size_t msg_len, size_t *ct_size) -{ - const size_t field_size = ec_field_size(EC_KEY_get0_group(key)); - const int md_size = EVP_MD_get_size(digest); - size_t sz; - - if (field_size == 0 || md_size < 0) - return 0; - - /* Integer and string are simple type; set constructed = 0, means primitive and definite length encoding. */ - sz = 2 * ASN1_object_size(0, field_size + 1, V_ASN1_INTEGER) - + ASN1_object_size(0, md_size, V_ASN1_OCTET_STRING) - + ASN1_object_size(0, msg_len, V_ASN1_OCTET_STRING); - /* Sequence is structured type; set constructed = 1, means constructed and definite length encoding. */ - *ct_size = ASN1_object_size(1, sz, V_ASN1_SEQUENCE); - - return 1; -} - -int ossl_sm2_encrypt(const EC_KEY *key, - const EVP_MD *digest, - const uint8_t *msg, size_t msg_len, - uint8_t *ciphertext_buf, size_t *ciphertext_len) -{ - int rc = 0, ciphertext_leni; - size_t i; - BN_CTX *ctx = NULL; - BIGNUM *k = NULL; - BIGNUM *x1 = NULL; - BIGNUM *y1 = NULL; - BIGNUM *x2 = NULL; - BIGNUM *y2 = NULL; - EVP_MD_CTX *hash = EVP_MD_CTX_new(); - struct SM2_Ciphertext_st ctext_struct; - const EC_GROUP *group = EC_KEY_get0_group(key); - const BIGNUM *order = EC_GROUP_get0_order(group); - const EC_POINT *P = EC_KEY_get0_public_key(key); - EC_POINT *kG = NULL; - EC_POINT *kP = NULL; - uint8_t *msg_mask = NULL; - uint8_t *x2y2 = NULL; - uint8_t *C3 = NULL; - size_t field_size; - const int C3_size = EVP_MD_get_size(digest); - EVP_MD *fetched_digest = NULL; - OSSL_LIB_CTX *libctx = ossl_ec_key_get_libctx(key); - const char *propq = ossl_ec_key_get0_propq(key); - - /* NULL these before any "goto done" */ - ctext_struct.C2 = NULL; - ctext_struct.C3 = NULL; - - if (hash == NULL || C3_size <= 0) { - ERR_raise(ERR_LIB_SM2, ERR_R_INTERNAL_ERROR); - goto done; - } - - field_size = ec_field_size(group); - if (field_size == 0) { - ERR_raise(ERR_LIB_SM2, ERR_R_INTERNAL_ERROR); - goto done; - } - - kG = EC_POINT_new(group); - kP = EC_POINT_new(group); - ctx = BN_CTX_new_ex(libctx); - if (kG == NULL || kP == NULL || ctx == NULL) { - ERR_raise(ERR_LIB_SM2, ERR_R_MALLOC_FAILURE); - goto done; - } - - BN_CTX_start(ctx); - k = BN_CTX_get(ctx); - x1 = BN_CTX_get(ctx); - x2 = BN_CTX_get(ctx); - y1 = BN_CTX_get(ctx); - y2 = BN_CTX_get(ctx); - - if (y2 == NULL) { - ERR_raise(ERR_LIB_SM2, ERR_R_BN_LIB); - goto done; - } - - x2y2 = OPENSSL_zalloc(2 * field_size); - C3 = OPENSSL_zalloc(C3_size); - - if (x2y2 == NULL || C3 == NULL) { - ERR_raise(ERR_LIB_SM2, ERR_R_MALLOC_FAILURE); - goto done; - } - - memset(ciphertext_buf, 0, *ciphertext_len); - - if (!BN_priv_rand_range_ex(k, order, 0, ctx)) { - ERR_raise(ERR_LIB_SM2, ERR_R_INTERNAL_ERROR); - goto done; - } - - if (!EC_POINT_mul(group, kG, k, NULL, NULL, ctx) - || !EC_POINT_get_affine_coordinates(group, kG, x1, y1, ctx) - || !EC_POINT_mul(group, kP, NULL, P, k, ctx) - || !EC_POINT_get_affine_coordinates(group, kP, x2, y2, ctx)) { - ERR_raise(ERR_LIB_SM2, ERR_R_EC_LIB); - goto done; - } - - if (BN_bn2binpad(x2, x2y2, field_size) < 0 - || BN_bn2binpad(y2, x2y2 + field_size, field_size) < 0) { - ERR_raise(ERR_LIB_SM2, ERR_R_INTERNAL_ERROR); - goto done; - } - - msg_mask = OPENSSL_zalloc(msg_len); - if (msg_mask == NULL) { - ERR_raise(ERR_LIB_SM2, ERR_R_MALLOC_FAILURE); - goto done; - } - - /* X9.63 with no salt happens to match the KDF used in SM2 */ - if (!ossl_ecdh_kdf_X9_63(msg_mask, msg_len, x2y2, 2 * field_size, NULL, 0, - digest, libctx, propq)) { - ERR_raise(ERR_LIB_SM2, ERR_R_EVP_LIB); - goto done; - } - - for (i = 0; i != msg_len; ++i) - msg_mask[i] ^= msg[i]; - - fetched_digest = EVP_MD_fetch(libctx, EVP_MD_get0_name(digest), propq); - if (fetched_digest == NULL) { - ERR_raise(ERR_LIB_SM2, ERR_R_INTERNAL_ERROR); - goto done; - } - if (EVP_DigestInit(hash, fetched_digest) == 0 - || EVP_DigestUpdate(hash, x2y2, field_size) == 0 - || EVP_DigestUpdate(hash, msg, msg_len) == 0 - || EVP_DigestUpdate(hash, x2y2 + field_size, field_size) == 0 - || EVP_DigestFinal(hash, C3, NULL) == 0) { - ERR_raise(ERR_LIB_SM2, ERR_R_EVP_LIB); - goto done; - } - - ctext_struct.C1x = x1; - ctext_struct.C1y = y1; - ctext_struct.C3 = ASN1_OCTET_STRING_new(); - ctext_struct.C2 = ASN1_OCTET_STRING_new(); - - if (ctext_struct.C3 == NULL || ctext_struct.C2 == NULL) { - ERR_raise(ERR_LIB_SM2, ERR_R_MALLOC_FAILURE); - goto done; - } - if (!ASN1_OCTET_STRING_set(ctext_struct.C3, C3, C3_size) - || !ASN1_OCTET_STRING_set(ctext_struct.C2, msg_mask, msg_len)) { - ERR_raise(ERR_LIB_SM2, ERR_R_INTERNAL_ERROR); - goto done; - } - - ciphertext_leni = i2d_SM2_Ciphertext(&ctext_struct, &ciphertext_buf); - /* Ensure cast to size_t is safe */ - if (ciphertext_leni < 0) { - ERR_raise(ERR_LIB_SM2, ERR_R_INTERNAL_ERROR); - goto done; - } - *ciphertext_len = (size_t)ciphertext_leni; - - rc = 1; - - done: - EVP_MD_free(fetched_digest); - ASN1_OCTET_STRING_free(ctext_struct.C2); - ASN1_OCTET_STRING_free(ctext_struct.C3); - OPENSSL_free(msg_mask); - OPENSSL_free(x2y2); - OPENSSL_free(C3); - EVP_MD_CTX_free(hash); - BN_CTX_free(ctx); - EC_POINT_free(kG); - EC_POINT_free(kP); - return rc; -} - -int ossl_sm2_decrypt(const EC_KEY *key, - const EVP_MD *digest, - const uint8_t *ciphertext, size_t ciphertext_len, - uint8_t *ptext_buf, size_t *ptext_len) -{ - int rc = 0; - int i; - BN_CTX *ctx = NULL; - const EC_GROUP *group = EC_KEY_get0_group(key); - EC_POINT *C1 = NULL; - struct SM2_Ciphertext_st *sm2_ctext = NULL; - BIGNUM *x2 = NULL; - BIGNUM *y2 = NULL; - uint8_t *x2y2 = NULL; - uint8_t *computed_C3 = NULL; - const size_t field_size = ec_field_size(group); - const int hash_size = EVP_MD_get_size(digest); - uint8_t *msg_mask = NULL; - const uint8_t *C2 = NULL; - const uint8_t *C3 = NULL; - int msg_len = 0; - EVP_MD_CTX *hash = NULL; - OSSL_LIB_CTX *libctx = ossl_ec_key_get_libctx(key); - const char *propq = ossl_ec_key_get0_propq(key); - - if (field_size == 0 || hash_size <= 0) - goto done; - - memset(ptext_buf, 0xFF, *ptext_len); - - sm2_ctext = d2i_SM2_Ciphertext(NULL, &ciphertext, ciphertext_len); - - if (sm2_ctext == NULL) { - ERR_raise(ERR_LIB_SM2, SM2_R_ASN1_ERROR); - goto done; - } - - if (sm2_ctext->C3->length != hash_size) { - ERR_raise(ERR_LIB_SM2, SM2_R_INVALID_ENCODING); - goto done; - } - - C2 = sm2_ctext->C2->data; - C3 = sm2_ctext->C3->data; - msg_len = sm2_ctext->C2->length; - if (*ptext_len < (size_t)msg_len) { - ERR_raise(ERR_LIB_SM2, SM2_R_BUFFER_TOO_SMALL); - goto done; - } - - ctx = BN_CTX_new_ex(libctx); - if (ctx == NULL) { - ERR_raise(ERR_LIB_SM2, ERR_R_MALLOC_FAILURE); - goto done; - } - - BN_CTX_start(ctx); - x2 = BN_CTX_get(ctx); - y2 = BN_CTX_get(ctx); - - if (y2 == NULL) { - ERR_raise(ERR_LIB_SM2, ERR_R_BN_LIB); - goto done; - } - - msg_mask = OPENSSL_zalloc(msg_len); - x2y2 = OPENSSL_zalloc(2 * field_size); - computed_C3 = OPENSSL_zalloc(hash_size); - - if (msg_mask == NULL || x2y2 == NULL || computed_C3 == NULL) { - ERR_raise(ERR_LIB_SM2, ERR_R_MALLOC_FAILURE); - goto done; - } - - C1 = EC_POINT_new(group); - if (C1 == NULL) { - ERR_raise(ERR_LIB_SM2, ERR_R_MALLOC_FAILURE); - goto done; - } - - if (!EC_POINT_set_affine_coordinates(group, C1, sm2_ctext->C1x, - sm2_ctext->C1y, ctx) - || !EC_POINT_mul(group, C1, NULL, C1, EC_KEY_get0_private_key(key), - ctx) - || !EC_POINT_get_affine_coordinates(group, C1, x2, y2, ctx)) { - ERR_raise(ERR_LIB_SM2, ERR_R_EC_LIB); - goto done; - } - - if (BN_bn2binpad(x2, x2y2, field_size) < 0 - || BN_bn2binpad(y2, x2y2 + field_size, field_size) < 0 - || !ossl_ecdh_kdf_X9_63(msg_mask, msg_len, x2y2, 2 * field_size, - NULL, 0, digest, libctx, propq)) { - ERR_raise(ERR_LIB_SM2, ERR_R_INTERNAL_ERROR); - goto done; - } - - for (i = 0; i != msg_len; ++i) - ptext_buf[i] = C2[i] ^ msg_mask[i]; - - hash = EVP_MD_CTX_new(); - if (hash == NULL) { - ERR_raise(ERR_LIB_SM2, ERR_R_MALLOC_FAILURE); - goto done; - } - - if (!EVP_DigestInit(hash, digest) - || !EVP_DigestUpdate(hash, x2y2, field_size) - || !EVP_DigestUpdate(hash, ptext_buf, msg_len) - || !EVP_DigestUpdate(hash, x2y2 + field_size, field_size) - || !EVP_DigestFinal(hash, computed_C3, NULL)) { - ERR_raise(ERR_LIB_SM2, ERR_R_EVP_LIB); - goto done; - } - - if (CRYPTO_memcmp(computed_C3, C3, hash_size) != 0) { - ERR_raise(ERR_LIB_SM2, SM2_R_INVALID_DIGEST); - goto done; - } - - rc = 1; - *ptext_len = msg_len; - - done: - if (rc == 0) - memset(ptext_buf, 0, *ptext_len); - - OPENSSL_free(msg_mask); - OPENSSL_free(x2y2); - OPENSSL_free(computed_C3); - EC_POINT_free(C1); - BN_CTX_free(ctx); - SM2_Ciphertext_free(sm2_ctext); - EVP_MD_CTX_free(hash); - - return rc; -} diff --git a/crypto/sm2/sm2_err.c b/crypto/sm2/sm2_err.c deleted file mode 100644 index d420d4e597d19407cd159b47dfa0c0dfd3429e4d..0000000000000000000000000000000000000000 --- a/crypto/sm2/sm2_err.c +++ /dev/null @@ -1,50 +0,0 @@ -/* - * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "crypto/sm2err.h" - -#ifndef OPENSSL_NO_SM2 - -# ifndef OPENSSL_NO_ERR - -static const ERR_STRING_DATA SM2_str_reasons[] = { - {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_ASN1_ERROR), "asn1 error"}, - {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_BAD_SIGNATURE), "bad signature"}, - {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_BUFFER_TOO_SMALL), "buffer too small"}, - {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_DIST_ID_TOO_LARGE), "dist id too large"}, - {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_ID_NOT_SET), "id not set"}, - {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_ID_TOO_LARGE), "id too large"}, - {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_INVALID_CURVE), "invalid curve"}, - {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_INVALID_DIGEST), "invalid digest"}, - {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_INVALID_DIGEST_TYPE), - "invalid digest type"}, - {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_INVALID_ENCODING), "invalid encoding"}, - {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_INVALID_FIELD), "invalid field"}, - {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_INVALID_PRIVATE_KEY), - "invalid private key"}, - {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_NO_PARAMETERS_SET), "no parameters set"}, - {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_USER_ID_TOO_LARGE), "user id too large"}, - {0, NULL} -}; - -# endif - -int ossl_err_load_SM2_strings(void) -{ -# ifndef OPENSSL_NO_ERR - if (ERR_reason_error_string(SM2_str_reasons[0].error) == NULL) - ERR_load_strings_const(SM2_str_reasons); -# endif - return 1; -} -#else -NON_EMPTY_TRANSLATION_UNIT -#endif diff --git a/crypto/sm2/sm2_key.c b/crypto/sm2/sm2_key.c deleted file mode 100644 index 9d0b9208facf8a44fbfc3b8f897646b9a33cf736..0000000000000000000000000000000000000000 --- a/crypto/sm2/sm2_key.c +++ /dev/null @@ -1,51 +0,0 @@ -/* - * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include "internal/deprecated.h" /* to be able to use EC_KEY and EC_GROUP */ - -#include -#include "crypto/sm2err.h" -#include "crypto/sm2.h" -#include /* EC_KEY and EC_GROUP functions */ - -/* - * SM2 key generation is implemented within ec_generate_key() in - * crypto/ec/ec_key.c - */ - -int ossl_sm2_key_private_check(const EC_KEY *eckey) -{ - int ret = 0; - BIGNUM *max = NULL; - const EC_GROUP *group = NULL; - const BIGNUM *priv_key = NULL, *order = NULL; - - if (eckey == NULL - || (group = EC_KEY_get0_group(eckey)) == NULL - || (priv_key = EC_KEY_get0_private_key(eckey)) == NULL - || (order = EC_GROUP_get0_order(group)) == NULL ) { - ERR_raise(ERR_LIB_SM2, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - - /* range of SM2 private key is [1, n-1) */ - max = BN_dup(order); - if (max == NULL || !BN_sub_word(max, 1)) - goto end; - if (BN_cmp(priv_key, BN_value_one()) < 0 - || BN_cmp(priv_key, max) >= 0) { - ERR_raise(ERR_LIB_SM2, SM2_R_INVALID_PRIVATE_KEY); - goto end; - } - ret = 1; - - end: - BN_free(max); - return ret; -} diff --git a/crypto/sm2/sm2_sign.c b/crypto/sm2/sm2_sign.c deleted file mode 100644 index 5861f420fb6607d60d3a27e0943b5cef23f70b9b..0000000000000000000000000000000000000000 --- a/crypto/sm2/sm2_sign.c +++ /dev/null @@ -1,512 +0,0 @@ -/* - * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. - * Copyright 2017 Ribose Inc. All Rights Reserved. - * Ported from Ribose contributions from Botan. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include "internal/deprecated.h" - -#include "crypto/sm2.h" -#include "crypto/sm2err.h" -#include "crypto/ec.h" /* ossl_ec_group_do_inverse_ord() */ -#include "internal/numbers.h" -#include -#include -#include -#include -#include - -int ossl_sm2_compute_z_digest(uint8_t *out, - const EVP_MD *digest, - const uint8_t *id, - const size_t id_len, - const EC_KEY *key) -{ - int rc = 0; - const EC_GROUP *group = EC_KEY_get0_group(key); - BN_CTX *ctx = NULL; - EVP_MD_CTX *hash = NULL; - BIGNUM *p = NULL; - BIGNUM *a = NULL; - BIGNUM *b = NULL; - BIGNUM *xG = NULL; - BIGNUM *yG = NULL; - BIGNUM *xA = NULL; - BIGNUM *yA = NULL; - int p_bytes = 0; - uint8_t *buf = NULL; - uint16_t entl = 0; - uint8_t e_byte = 0; - - hash = EVP_MD_CTX_new(); - ctx = BN_CTX_new_ex(ossl_ec_key_get_libctx(key)); - if (hash == NULL || ctx == NULL) { - ERR_raise(ERR_LIB_SM2, ERR_R_MALLOC_FAILURE); - goto done; - } - - p = BN_CTX_get(ctx); - a = BN_CTX_get(ctx); - b = BN_CTX_get(ctx); - xG = BN_CTX_get(ctx); - yG = BN_CTX_get(ctx); - xA = BN_CTX_get(ctx); - yA = BN_CTX_get(ctx); - - if (yA == NULL) { - ERR_raise(ERR_LIB_SM2, ERR_R_MALLOC_FAILURE); - goto done; - } - - if (!EVP_DigestInit(hash, digest)) { - ERR_raise(ERR_LIB_SM2, ERR_R_EVP_LIB); - goto done; - } - - /* Z = h(ENTL || ID || a || b || xG || yG || xA || yA) */ - - if (id_len >= (UINT16_MAX / 8)) { - /* too large */ - ERR_raise(ERR_LIB_SM2, SM2_R_ID_TOO_LARGE); - goto done; - } - - entl = (uint16_t)(8 * id_len); - - e_byte = entl >> 8; - if (!EVP_DigestUpdate(hash, &e_byte, 1)) { - ERR_raise(ERR_LIB_SM2, ERR_R_EVP_LIB); - goto done; - } - e_byte = entl & 0xFF; - if (!EVP_DigestUpdate(hash, &e_byte, 1)) { - ERR_raise(ERR_LIB_SM2, ERR_R_EVP_LIB); - goto done; - } - - if (id_len > 0 && !EVP_DigestUpdate(hash, id, id_len)) { - ERR_raise(ERR_LIB_SM2, ERR_R_EVP_LIB); - goto done; - } - - if (!EC_GROUP_get_curve(group, p, a, b, ctx)) { - ERR_raise(ERR_LIB_SM2, ERR_R_EC_LIB); - goto done; - } - - p_bytes = BN_num_bytes(p); - buf = OPENSSL_zalloc(p_bytes); - if (buf == NULL) { - ERR_raise(ERR_LIB_SM2, ERR_R_MALLOC_FAILURE); - goto done; - } - - if (BN_bn2binpad(a, buf, p_bytes) < 0 - || !EVP_DigestUpdate(hash, buf, p_bytes) - || BN_bn2binpad(b, buf, p_bytes) < 0 - || !EVP_DigestUpdate(hash, buf, p_bytes) - || !EC_POINT_get_affine_coordinates(group, - EC_GROUP_get0_generator(group), - xG, yG, ctx) - || BN_bn2binpad(xG, buf, p_bytes) < 0 - || !EVP_DigestUpdate(hash, buf, p_bytes) - || BN_bn2binpad(yG, buf, p_bytes) < 0 - || !EVP_DigestUpdate(hash, buf, p_bytes) - || !EC_POINT_get_affine_coordinates(group, - EC_KEY_get0_public_key(key), - xA, yA, ctx) - || BN_bn2binpad(xA, buf, p_bytes) < 0 - || !EVP_DigestUpdate(hash, buf, p_bytes) - || BN_bn2binpad(yA, buf, p_bytes) < 0 - || !EVP_DigestUpdate(hash, buf, p_bytes) - || !EVP_DigestFinal(hash, out, NULL)) { - ERR_raise(ERR_LIB_SM2, ERR_R_INTERNAL_ERROR); - goto done; - } - - rc = 1; - - done: - OPENSSL_free(buf); - BN_CTX_free(ctx); - EVP_MD_CTX_free(hash); - return rc; -} - -static BIGNUM *sm2_compute_msg_hash(const EVP_MD *digest, - const EC_KEY *key, - const uint8_t *id, - const size_t id_len, - const uint8_t *msg, size_t msg_len) -{ - EVP_MD_CTX *hash = EVP_MD_CTX_new(); - const int md_size = EVP_MD_get_size(digest); - uint8_t *z = NULL; - BIGNUM *e = NULL; - EVP_MD *fetched_digest = NULL; - OSSL_LIB_CTX *libctx = ossl_ec_key_get_libctx(key); - const char *propq = ossl_ec_key_get0_propq(key); - - if (md_size < 0) { - ERR_raise(ERR_LIB_SM2, SM2_R_INVALID_DIGEST); - goto done; - } - - z = OPENSSL_zalloc(md_size); - if (hash == NULL || z == NULL) { - ERR_raise(ERR_LIB_SM2, ERR_R_MALLOC_FAILURE); - goto done; - } - - fetched_digest = EVP_MD_fetch(libctx, EVP_MD_get0_name(digest), propq); - if (fetched_digest == NULL) { - ERR_raise(ERR_LIB_SM2, ERR_R_INTERNAL_ERROR); - goto done; - } - - if (!ossl_sm2_compute_z_digest(z, fetched_digest, id, id_len, key)) { - /* SM2err already called */ - goto done; - } - - if (!EVP_DigestInit(hash, fetched_digest) - || !EVP_DigestUpdate(hash, z, md_size) - || !EVP_DigestUpdate(hash, msg, msg_len) - /* reuse z buffer to hold H(Z || M) */ - || !EVP_DigestFinal(hash, z, NULL)) { - ERR_raise(ERR_LIB_SM2, ERR_R_EVP_LIB); - goto done; - } - - e = BN_bin2bn(z, md_size, NULL); - if (e == NULL) - ERR_raise(ERR_LIB_SM2, ERR_R_INTERNAL_ERROR); - - done: - EVP_MD_free(fetched_digest); - OPENSSL_free(z); - EVP_MD_CTX_free(hash); - return e; -} - -static ECDSA_SIG *sm2_sig_gen(const EC_KEY *key, const BIGNUM *e) -{ - const BIGNUM *dA = EC_KEY_get0_private_key(key); - const EC_GROUP *group = EC_KEY_get0_group(key); - const BIGNUM *order = EC_GROUP_get0_order(group); - ECDSA_SIG *sig = NULL; - EC_POINT *kG = NULL; - BN_CTX *ctx = NULL; - BIGNUM *k = NULL; - BIGNUM *rk = NULL; - BIGNUM *r = NULL; - BIGNUM *s = NULL; - BIGNUM *x1 = NULL; - BIGNUM *tmp = NULL; - OSSL_LIB_CTX *libctx = ossl_ec_key_get_libctx(key); - - kG = EC_POINT_new(group); - ctx = BN_CTX_new_ex(libctx); - if (kG == NULL || ctx == NULL) { - ERR_raise(ERR_LIB_SM2, ERR_R_MALLOC_FAILURE); - goto done; - } - - BN_CTX_start(ctx); - k = BN_CTX_get(ctx); - rk = BN_CTX_get(ctx); - x1 = BN_CTX_get(ctx); - tmp = BN_CTX_get(ctx); - if (tmp == NULL) { - ERR_raise(ERR_LIB_SM2, ERR_R_MALLOC_FAILURE); - goto done; - } - - /* - * These values are returned and so should not be allocated out of the - * context - */ - r = BN_new(); - s = BN_new(); - - if (r == NULL || s == NULL) { - ERR_raise(ERR_LIB_SM2, ERR_R_MALLOC_FAILURE); - goto done; - } - - /* - * A3: Generate a random number k in [1,n-1] using random number generators; - * A4: Compute (x1,y1)=[k]G, and convert the type of data x1 to be integer - * as specified in clause 4.2.8 of GM/T 0003.1-2012; - * A5: Compute r=(e+x1) mod n. If r=0 or r+k=n, then go to A3; - * A6: Compute s=(1/(1+dA)*(k-r*dA)) mod n. If s=0, then go to A3; - * A7: Convert the type of data (r,s) to be bit strings according to the details - * in clause 4.2.2 of GM/T 0003.1-2012. Then the signature of message M is (r,s). - */ - for (;;) { - if (!BN_priv_rand_range_ex(k, order, 0, ctx)) { - ERR_raise(ERR_LIB_SM2, ERR_R_INTERNAL_ERROR); - goto done; - } - - if (!EC_POINT_mul(group, kG, k, NULL, NULL, ctx) - || !EC_POINT_get_affine_coordinates(group, kG, x1, NULL, - ctx) - || !BN_mod_add(r, e, x1, order, ctx)) { - ERR_raise(ERR_LIB_SM2, ERR_R_INTERNAL_ERROR); - goto done; - } - - /* try again if r == 0 or r+k == n */ - if (BN_is_zero(r)) - continue; - - if (!BN_add(rk, r, k)) { - ERR_raise(ERR_LIB_SM2, ERR_R_INTERNAL_ERROR); - goto done; - } - - if (BN_cmp(rk, order) == 0) - continue; - - if (!BN_add(s, dA, BN_value_one()) - || !ossl_ec_group_do_inverse_ord(group, s, s, ctx) - || !BN_mod_mul(tmp, dA, r, order, ctx) - || !BN_sub(tmp, k, tmp) - || !BN_mod_mul(s, s, tmp, order, ctx)) { - ERR_raise(ERR_LIB_SM2, ERR_R_BN_LIB); - goto done; - } - - /* try again if s == 0 */ - if (BN_is_zero(s)) - continue; - - sig = ECDSA_SIG_new(); - if (sig == NULL) { - ERR_raise(ERR_LIB_SM2, ERR_R_MALLOC_FAILURE); - goto done; - } - - /* takes ownership of r and s */ - ECDSA_SIG_set0(sig, r, s); - break; - } - - done: - if (sig == NULL) { - BN_free(r); - BN_free(s); - } - - BN_CTX_free(ctx); - EC_POINT_free(kG); - return sig; -} - -static int sm2_sig_verify(const EC_KEY *key, const ECDSA_SIG *sig, - const BIGNUM *e) -{ - int ret = 0; - const EC_GROUP *group = EC_KEY_get0_group(key); - const BIGNUM *order = EC_GROUP_get0_order(group); - BN_CTX *ctx = NULL; - EC_POINT *pt = NULL; - BIGNUM *t = NULL; - BIGNUM *x1 = NULL; - const BIGNUM *r = NULL; - const BIGNUM *s = NULL; - OSSL_LIB_CTX *libctx = ossl_ec_key_get_libctx(key); - - ctx = BN_CTX_new_ex(libctx); - pt = EC_POINT_new(group); - if (ctx == NULL || pt == NULL) { - ERR_raise(ERR_LIB_SM2, ERR_R_MALLOC_FAILURE); - goto done; - } - - BN_CTX_start(ctx); - t = BN_CTX_get(ctx); - x1 = BN_CTX_get(ctx); - if (x1 == NULL) { - ERR_raise(ERR_LIB_SM2, ERR_R_MALLOC_FAILURE); - goto done; - } - - /* - * B1: verify whether r' in [1,n-1], verification failed if not - * B2: verify whether s' in [1,n-1], verification failed if not - * B3: set M'~=ZA || M' - * B4: calculate e'=Hv(M'~) - * B5: calculate t = (r' + s') modn, verification failed if t=0 - * B6: calculate the point (x1', y1')=[s']G + [t]PA - * B7: calculate R=(e'+x1') modn, verification pass if yes, otherwise failed - */ - - ECDSA_SIG_get0(sig, &r, &s); - - if (BN_cmp(r, BN_value_one()) < 0 - || BN_cmp(s, BN_value_one()) < 0 - || BN_cmp(order, r) <= 0 - || BN_cmp(order, s) <= 0) { - ERR_raise(ERR_LIB_SM2, SM2_R_BAD_SIGNATURE); - goto done; - } - - if (!BN_mod_add(t, r, s, order, ctx)) { - ERR_raise(ERR_LIB_SM2, ERR_R_BN_LIB); - goto done; - } - - if (BN_is_zero(t)) { - ERR_raise(ERR_LIB_SM2, SM2_R_BAD_SIGNATURE); - goto done; - } - - if (!EC_POINT_mul(group, pt, s, EC_KEY_get0_public_key(key), t, ctx) - || !EC_POINT_get_affine_coordinates(group, pt, x1, NULL, ctx)) { - ERR_raise(ERR_LIB_SM2, ERR_R_EC_LIB); - goto done; - } - - if (!BN_mod_add(t, e, x1, order, ctx)) { - ERR_raise(ERR_LIB_SM2, ERR_R_BN_LIB); - goto done; - } - - if (BN_cmp(r, t) == 0) - ret = 1; - - done: - EC_POINT_free(pt); - BN_CTX_free(ctx); - return ret; -} - -ECDSA_SIG *ossl_sm2_do_sign(const EC_KEY *key, - const EVP_MD *digest, - const uint8_t *id, - const size_t id_len, - const uint8_t *msg, size_t msg_len) -{ - BIGNUM *e = NULL; - ECDSA_SIG *sig = NULL; - - e = sm2_compute_msg_hash(digest, key, id, id_len, msg, msg_len); - if (e == NULL) { - /* SM2err already called */ - goto done; - } - - sig = sm2_sig_gen(key, e); - - done: - BN_free(e); - return sig; -} - -int ossl_sm2_do_verify(const EC_KEY *key, - const EVP_MD *digest, - const ECDSA_SIG *sig, - const uint8_t *id, - const size_t id_len, - const uint8_t *msg, size_t msg_len) -{ - BIGNUM *e = NULL; - int ret = 0; - - e = sm2_compute_msg_hash(digest, key, id, id_len, msg, msg_len); - if (e == NULL) { - /* SM2err already called */ - goto done; - } - - ret = sm2_sig_verify(key, sig, e); - - done: - BN_free(e); - return ret; -} - -int ossl_sm2_internal_sign(const unsigned char *dgst, int dgstlen, - unsigned char *sig, unsigned int *siglen, - EC_KEY *eckey) -{ - BIGNUM *e = NULL; - ECDSA_SIG *s = NULL; - int sigleni; - int ret = -1; - - e = BN_bin2bn(dgst, dgstlen, NULL); - if (e == NULL) { - ERR_raise(ERR_LIB_SM2, ERR_R_BN_LIB); - goto done; - } - - s = sm2_sig_gen(eckey, e); - if (s == NULL) { - ERR_raise(ERR_LIB_SM2, ERR_R_INTERNAL_ERROR); - goto done; - } - - sigleni = i2d_ECDSA_SIG(s, &sig); - if (sigleni < 0) { - ERR_raise(ERR_LIB_SM2, ERR_R_INTERNAL_ERROR); - goto done; - } - *siglen = (unsigned int)sigleni; - - ret = 1; - - done: - ECDSA_SIG_free(s); - BN_free(e); - return ret; -} - -int ossl_sm2_internal_verify(const unsigned char *dgst, int dgstlen, - const unsigned char *sig, int sig_len, - EC_KEY *eckey) -{ - ECDSA_SIG *s = NULL; - BIGNUM *e = NULL; - const unsigned char *p = sig; - unsigned char *der = NULL; - int derlen = -1; - int ret = -1; - - s = ECDSA_SIG_new(); - if (s == NULL) { - ERR_raise(ERR_LIB_SM2, ERR_R_MALLOC_FAILURE); - goto done; - } - if (d2i_ECDSA_SIG(&s, &p, sig_len) == NULL) { - ERR_raise(ERR_LIB_SM2, SM2_R_INVALID_ENCODING); - goto done; - } - /* Ensure signature uses DER and doesn't have trailing garbage */ - derlen = i2d_ECDSA_SIG(s, &der); - if (derlen != sig_len || memcmp(sig, der, derlen) != 0) { - ERR_raise(ERR_LIB_SM2, SM2_R_INVALID_ENCODING); - goto done; - } - - e = BN_bin2bn(dgst, dgstlen, NULL); - if (e == NULL) { - ERR_raise(ERR_LIB_SM2, ERR_R_BN_LIB); - goto done; - } - - ret = sm2_sig_verify(eckey, s, e); - - done: - OPENSSL_free(der); - BN_free(e); - ECDSA_SIG_free(s); - return ret; -} diff --git a/crypto/sm3/build.info b/crypto/sm3/build.info deleted file mode 100644 index eca68216f27e2c2faa43006cc416bb0990ad85d2..0000000000000000000000000000000000000000 --- a/crypto/sm3/build.info +++ /dev/null @@ -1,5 +0,0 @@ -LIBS=../../libcrypto - -IF[{- !$disabled{sm3} -}] - SOURCE[../../libcrypto]=sm3.c legacy_sm3.c -ENDIF \ No newline at end of file diff --git a/crypto/sm3/legacy_sm3.c b/crypto/sm3/legacy_sm3.c deleted file mode 100644 index c81f3b4ab45d40c175be616e7119f69410e93a12..0000000000000000000000000000000000000000 --- a/crypto/sm3/legacy_sm3.c +++ /dev/null @@ -1,31 +0,0 @@ -/* - * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. - * Copyright 2017 Ribose Inc. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - - -#include "crypto/evp.h" -#include "../evp/legacy_meth.h" -#include "internal/sm3.h" - -IMPLEMENT_LEGACY_EVP_MD_METH_LC(sm3_int, ossl_sm3) - -static const EVP_MD sm3_md = { - NID_sm3, - NID_sm3WithRSAEncryption, - SM3_DIGEST_LENGTH, - 0, - EVP_ORIG_GLOBAL, - LEGACY_EVP_MD_METH_TABLE(sm3_int_init, sm3_int_update, sm3_int_final, NULL, - SM3_CBLOCK), -}; - -const EVP_MD *EVP_sm3(void) -{ - return &sm3_md; -} diff --git a/crypto/sm3/sm3.c b/crypto/sm3/sm3.c deleted file mode 100644 index ff78fb763e0071cf3195f39456f4cf978a791a6e..0000000000000000000000000000000000000000 --- a/crypto/sm3/sm3.c +++ /dev/null @@ -1,195 +0,0 @@ -/* - * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. - * Copyright 2017 Ribose Inc. All Rights Reserved. - * Ported from Ribose contributions from Botan. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "sm3_local.h" - -int ossl_sm3_init(SM3_CTX *c) -{ - memset(c, 0, sizeof(*c)); - c->A = SM3_A; - c->B = SM3_B; - c->C = SM3_C; - c->D = SM3_D; - c->E = SM3_E; - c->F = SM3_F; - c->G = SM3_G; - c->H = SM3_H; - return 1; -} - -void ossl_sm3_block_data_order(SM3_CTX *ctx, const void *p, size_t num) -{ - const unsigned char *data = p; - register unsigned MD32_REG_T A, B, C, D, E, F, G, H; - - unsigned MD32_REG_T W00, W01, W02, W03, W04, W05, W06, W07, - W08, W09, W10, W11, W12, W13, W14, W15; - - for (; num--;) { - - A = ctx->A; - B = ctx->B; - C = ctx->C; - D = ctx->D; - E = ctx->E; - F = ctx->F; - G = ctx->G; - H = ctx->H; - - /* - * We have to load all message bytes immediately since SM3 reads - * them slightly out of order. - */ - (void)HOST_c2l(data, W00); - (void)HOST_c2l(data, W01); - (void)HOST_c2l(data, W02); - (void)HOST_c2l(data, W03); - (void)HOST_c2l(data, W04); - (void)HOST_c2l(data, W05); - (void)HOST_c2l(data, W06); - (void)HOST_c2l(data, W07); - (void)HOST_c2l(data, W08); - (void)HOST_c2l(data, W09); - (void)HOST_c2l(data, W10); - (void)HOST_c2l(data, W11); - (void)HOST_c2l(data, W12); - (void)HOST_c2l(data, W13); - (void)HOST_c2l(data, W14); - (void)HOST_c2l(data, W15); - - R1(A, B, C, D, E, F, G, H, 0x79CC4519, W00, W00 ^ W04); - W00 = EXPAND(W00, W07, W13, W03, W10); - R1(D, A, B, C, H, E, F, G, 0xF3988A32, W01, W01 ^ W05); - W01 = EXPAND(W01, W08, W14, W04, W11); - R1(C, D, A, B, G, H, E, F, 0xE7311465, W02, W02 ^ W06); - W02 = EXPAND(W02, W09, W15, W05, W12); - R1(B, C, D, A, F, G, H, E, 0xCE6228CB, W03, W03 ^ W07); - W03 = EXPAND(W03, W10, W00, W06, W13); - R1(A, B, C, D, E, F, G, H, 0x9CC45197, W04, W04 ^ W08); - W04 = EXPAND(W04, W11, W01, W07, W14); - R1(D, A, B, C, H, E, F, G, 0x3988A32F, W05, W05 ^ W09); - W05 = EXPAND(W05, W12, W02, W08, W15); - R1(C, D, A, B, G, H, E, F, 0x7311465E, W06, W06 ^ W10); - W06 = EXPAND(W06, W13, W03, W09, W00); - R1(B, C, D, A, F, G, H, E, 0xE6228CBC, W07, W07 ^ W11); - W07 = EXPAND(W07, W14, W04, W10, W01); - R1(A, B, C, D, E, F, G, H, 0xCC451979, W08, W08 ^ W12); - W08 = EXPAND(W08, W15, W05, W11, W02); - R1(D, A, B, C, H, E, F, G, 0x988A32F3, W09, W09 ^ W13); - W09 = EXPAND(W09, W00, W06, W12, W03); - R1(C, D, A, B, G, H, E, F, 0x311465E7, W10, W10 ^ W14); - W10 = EXPAND(W10, W01, W07, W13, W04); - R1(B, C, D, A, F, G, H, E, 0x6228CBCE, W11, W11 ^ W15); - W11 = EXPAND(W11, W02, W08, W14, W05); - R1(A, B, C, D, E, F, G, H, 0xC451979C, W12, W12 ^ W00); - W12 = EXPAND(W12, W03, W09, W15, W06); - R1(D, A, B, C, H, E, F, G, 0x88A32F39, W13, W13 ^ W01); - W13 = EXPAND(W13, W04, W10, W00, W07); - R1(C, D, A, B, G, H, E, F, 0x11465E73, W14, W14 ^ W02); - W14 = EXPAND(W14, W05, W11, W01, W08); - R1(B, C, D, A, F, G, H, E, 0x228CBCE6, W15, W15 ^ W03); - W15 = EXPAND(W15, W06, W12, W02, W09); - R2(A, B, C, D, E, F, G, H, 0x9D8A7A87, W00, W00 ^ W04); - W00 = EXPAND(W00, W07, W13, W03, W10); - R2(D, A, B, C, H, E, F, G, 0x3B14F50F, W01, W01 ^ W05); - W01 = EXPAND(W01, W08, W14, W04, W11); - R2(C, D, A, B, G, H, E, F, 0x7629EA1E, W02, W02 ^ W06); - W02 = EXPAND(W02, W09, W15, W05, W12); - R2(B, C, D, A, F, G, H, E, 0xEC53D43C, W03, W03 ^ W07); - W03 = EXPAND(W03, W10, W00, W06, W13); - R2(A, B, C, D, E, F, G, H, 0xD8A7A879, W04, W04 ^ W08); - W04 = EXPAND(W04, W11, W01, W07, W14); - R2(D, A, B, C, H, E, F, G, 0xB14F50F3, W05, W05 ^ W09); - W05 = EXPAND(W05, W12, W02, W08, W15); - R2(C, D, A, B, G, H, E, F, 0x629EA1E7, W06, W06 ^ W10); - W06 = EXPAND(W06, W13, W03, W09, W00); - R2(B, C, D, A, F, G, H, E, 0xC53D43CE, W07, W07 ^ W11); - W07 = EXPAND(W07, W14, W04, W10, W01); - R2(A, B, C, D, E, F, G, H, 0x8A7A879D, W08, W08 ^ W12); - W08 = EXPAND(W08, W15, W05, W11, W02); - R2(D, A, B, C, H, E, F, G, 0x14F50F3B, W09, W09 ^ W13); - W09 = EXPAND(W09, W00, W06, W12, W03); - R2(C, D, A, B, G, H, E, F, 0x29EA1E76, W10, W10 ^ W14); - W10 = EXPAND(W10, W01, W07, W13, W04); - R2(B, C, D, A, F, G, H, E, 0x53D43CEC, W11, W11 ^ W15); - W11 = EXPAND(W11, W02, W08, W14, W05); - R2(A, B, C, D, E, F, G, H, 0xA7A879D8, W12, W12 ^ W00); - W12 = EXPAND(W12, W03, W09, W15, W06); - R2(D, A, B, C, H, E, F, G, 0x4F50F3B1, W13, W13 ^ W01); - W13 = EXPAND(W13, W04, W10, W00, W07); - R2(C, D, A, B, G, H, E, F, 0x9EA1E762, W14, W14 ^ W02); - W14 = EXPAND(W14, W05, W11, W01, W08); - R2(B, C, D, A, F, G, H, E, 0x3D43CEC5, W15, W15 ^ W03); - W15 = EXPAND(W15, W06, W12, W02, W09); - R2(A, B, C, D, E, F, G, H, 0x7A879D8A, W00, W00 ^ W04); - W00 = EXPAND(W00, W07, W13, W03, W10); - R2(D, A, B, C, H, E, F, G, 0xF50F3B14, W01, W01 ^ W05); - W01 = EXPAND(W01, W08, W14, W04, W11); - R2(C, D, A, B, G, H, E, F, 0xEA1E7629, W02, W02 ^ W06); - W02 = EXPAND(W02, W09, W15, W05, W12); - R2(B, C, D, A, F, G, H, E, 0xD43CEC53, W03, W03 ^ W07); - W03 = EXPAND(W03, W10, W00, W06, W13); - R2(A, B, C, D, E, F, G, H, 0xA879D8A7, W04, W04 ^ W08); - W04 = EXPAND(W04, W11, W01, W07, W14); - R2(D, A, B, C, H, E, F, G, 0x50F3B14F, W05, W05 ^ W09); - W05 = EXPAND(W05, W12, W02, W08, W15); - R2(C, D, A, B, G, H, E, F, 0xA1E7629E, W06, W06 ^ W10); - W06 = EXPAND(W06, W13, W03, W09, W00); - R2(B, C, D, A, F, G, H, E, 0x43CEC53D, W07, W07 ^ W11); - W07 = EXPAND(W07, W14, W04, W10, W01); - R2(A, B, C, D, E, F, G, H, 0x879D8A7A, W08, W08 ^ W12); - W08 = EXPAND(W08, W15, W05, W11, W02); - R2(D, A, B, C, H, E, F, G, 0x0F3B14F5, W09, W09 ^ W13); - W09 = EXPAND(W09, W00, W06, W12, W03); - R2(C, D, A, B, G, H, E, F, 0x1E7629EA, W10, W10 ^ W14); - W10 = EXPAND(W10, W01, W07, W13, W04); - R2(B, C, D, A, F, G, H, E, 0x3CEC53D4, W11, W11 ^ W15); - W11 = EXPAND(W11, W02, W08, W14, W05); - R2(A, B, C, D, E, F, G, H, 0x79D8A7A8, W12, W12 ^ W00); - W12 = EXPAND(W12, W03, W09, W15, W06); - R2(D, A, B, C, H, E, F, G, 0xF3B14F50, W13, W13 ^ W01); - W13 = EXPAND(W13, W04, W10, W00, W07); - R2(C, D, A, B, G, H, E, F, 0xE7629EA1, W14, W14 ^ W02); - W14 = EXPAND(W14, W05, W11, W01, W08); - R2(B, C, D, A, F, G, H, E, 0xCEC53D43, W15, W15 ^ W03); - W15 = EXPAND(W15, W06, W12, W02, W09); - R2(A, B, C, D, E, F, G, H, 0x9D8A7A87, W00, W00 ^ W04); - W00 = EXPAND(W00, W07, W13, W03, W10); - R2(D, A, B, C, H, E, F, G, 0x3B14F50F, W01, W01 ^ W05); - W01 = EXPAND(W01, W08, W14, W04, W11); - R2(C, D, A, B, G, H, E, F, 0x7629EA1E, W02, W02 ^ W06); - W02 = EXPAND(W02, W09, W15, W05, W12); - R2(B, C, D, A, F, G, H, E, 0xEC53D43C, W03, W03 ^ W07); - W03 = EXPAND(W03, W10, W00, W06, W13); - R2(A, B, C, D, E, F, G, H, 0xD8A7A879, W04, W04 ^ W08); - R2(D, A, B, C, H, E, F, G, 0xB14F50F3, W05, W05 ^ W09); - R2(C, D, A, B, G, H, E, F, 0x629EA1E7, W06, W06 ^ W10); - R2(B, C, D, A, F, G, H, E, 0xC53D43CE, W07, W07 ^ W11); - R2(A, B, C, D, E, F, G, H, 0x8A7A879D, W08, W08 ^ W12); - R2(D, A, B, C, H, E, F, G, 0x14F50F3B, W09, W09 ^ W13); - R2(C, D, A, B, G, H, E, F, 0x29EA1E76, W10, W10 ^ W14); - R2(B, C, D, A, F, G, H, E, 0x53D43CEC, W11, W11 ^ W15); - R2(A, B, C, D, E, F, G, H, 0xA7A879D8, W12, W12 ^ W00); - R2(D, A, B, C, H, E, F, G, 0x4F50F3B1, W13, W13 ^ W01); - R2(C, D, A, B, G, H, E, F, 0x9EA1E762, W14, W14 ^ W02); - R2(B, C, D, A, F, G, H, E, 0x3D43CEC5, W15, W15 ^ W03); - - ctx->A ^= A; - ctx->B ^= B; - ctx->C ^= C; - ctx->D ^= D; - ctx->E ^= E; - ctx->F ^= F; - ctx->G ^= G; - ctx->H ^= H; - } -} diff --git a/crypto/sm3/sm3_local.h b/crypto/sm3/sm3_local.h deleted file mode 100644 index 6daeb878a8878645f8ca8545904150120a1d0e8f..0000000000000000000000000000000000000000 --- a/crypto/sm3/sm3_local.h +++ /dev/null @@ -1,80 +0,0 @@ -/* - * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. - * Copyright 2017 Ribose Inc. All Rights Reserved. - * Ported from Ribose contributions from Botan. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/sm3.h" - -#define DATA_ORDER_IS_BIG_ENDIAN - -#define HASH_LONG SM3_WORD -#define HASH_CTX SM3_CTX -#define HASH_CBLOCK SM3_CBLOCK -#define HASH_UPDATE ossl_sm3_update -#define HASH_TRANSFORM ossl_sm3_transform -#define HASH_FINAL ossl_sm3_final -#define HASH_MAKE_STRING(c, s) \ - do { \ - unsigned long ll; \ - ll=(c)->A; (void)HOST_l2c(ll, (s)); \ - ll=(c)->B; (void)HOST_l2c(ll, (s)); \ - ll=(c)->C; (void)HOST_l2c(ll, (s)); \ - ll=(c)->D; (void)HOST_l2c(ll, (s)); \ - ll=(c)->E; (void)HOST_l2c(ll, (s)); \ - ll=(c)->F; (void)HOST_l2c(ll, (s)); \ - ll=(c)->G; (void)HOST_l2c(ll, (s)); \ - ll=(c)->H; (void)HOST_l2c(ll, (s)); \ - } while (0) -#define HASH_BLOCK_DATA_ORDER ossl_sm3_block_data_order - -void ossl_sm3_block_data_order(SM3_CTX *c, const void *p, size_t num); -void ossl_sm3_transform(SM3_CTX *c, const unsigned char *data); - -#include "crypto/md32_common.h" - -#define P0(X) (X ^ ROTATE(X, 9) ^ ROTATE(X, 17)) -#define P1(X) (X ^ ROTATE(X, 15) ^ ROTATE(X, 23)) - -#define FF0(X,Y,Z) (X ^ Y ^ Z) -#define GG0(X,Y,Z) (X ^ Y ^ Z) - -#define FF1(X,Y,Z) ((X & Y) | ((X | Y) & Z)) -#define GG1(X,Y,Z) ((Z ^ (X & (Y ^ Z)))) - -#define EXPAND(W0,W7,W13,W3,W10) \ - (P1(W0 ^ W7 ^ ROTATE(W13, 15)) ^ ROTATE(W3, 7) ^ W10) - -#define RND(A, B, C, D, E, F, G, H, TJ, Wi, Wj, FF, GG) \ - do { \ - const SM3_WORD A12 = ROTATE(A, 12); \ - const SM3_WORD A12_SM = A12 + E + TJ; \ - const SM3_WORD SS1 = ROTATE(A12_SM, 7); \ - const SM3_WORD TT1 = FF(A, B, C) + D + (SS1 ^ A12) + (Wj); \ - const SM3_WORD TT2 = GG(E, F, G) + H + SS1 + Wi; \ - B = ROTATE(B, 9); \ - D = TT1; \ - F = ROTATE(F, 19); \ - H = P0(TT2); \ - } while(0) - -#define R1(A,B,C,D,E,F,G,H,TJ,Wi,Wj) \ - RND(A,B,C,D,E,F,G,H,TJ,Wi,Wj,FF0,GG0) - -#define R2(A,B,C,D,E,F,G,H,TJ,Wi,Wj) \ - RND(A,B,C,D,E,F,G,H,TJ,Wi,Wj,FF1,GG1) - -#define SM3_A 0x7380166fUL -#define SM3_B 0x4914b2b9UL -#define SM3_C 0x172442d7UL -#define SM3_D 0xda8a0600UL -#define SM3_E 0xa96f30bcUL -#define SM3_F 0x163138aaUL -#define SM3_G 0xe38dee4dUL -#define SM3_H 0xb0fb0e4eUL diff --git a/crypto/sm4/sm4.c b/crypto/sm4/sm4.c deleted file mode 100644 index 1e11ee650632becda70d7c4445bd8bfd3f644c57..0000000000000000000000000000000000000000 --- a/crypto/sm4/sm4.c +++ /dev/null @@ -1,233 +0,0 @@ -/* - * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. - * Copyright 2017 Ribose Inc. All Rights Reserved. - * Ported from Ribose contributions from Botan. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "crypto/sm4.h" - -static const uint8_t SM4_S[256] = { - 0xD6, 0x90, 0xE9, 0xFE, 0xCC, 0xE1, 0x3D, 0xB7, 0x16, 0xB6, 0x14, 0xC2, - 0x28, 0xFB, 0x2C, 0x05, 0x2B, 0x67, 0x9A, 0x76, 0x2A, 0xBE, 0x04, 0xC3, - 0xAA, 0x44, 0x13, 0x26, 0x49, 0x86, 0x06, 0x99, 0x9C, 0x42, 0x50, 0xF4, - 0x91, 0xEF, 0x98, 0x7A, 0x33, 0x54, 0x0B, 0x43, 0xED, 0xCF, 0xAC, 0x62, - 0xE4, 0xB3, 0x1C, 0xA9, 0xC9, 0x08, 0xE8, 0x95, 0x80, 0xDF, 0x94, 0xFA, - 0x75, 0x8F, 0x3F, 0xA6, 0x47, 0x07, 0xA7, 0xFC, 0xF3, 0x73, 0x17, 0xBA, - 0x83, 0x59, 0x3C, 0x19, 0xE6, 0x85, 0x4F, 0xA8, 0x68, 0x6B, 0x81, 0xB2, - 0x71, 0x64, 0xDA, 0x8B, 0xF8, 0xEB, 0x0F, 0x4B, 0x70, 0x56, 0x9D, 0x35, - 0x1E, 0x24, 0x0E, 0x5E, 0x63, 0x58, 0xD1, 0xA2, 0x25, 0x22, 0x7C, 0x3B, - 0x01, 0x21, 0x78, 0x87, 0xD4, 0x00, 0x46, 0x57, 0x9F, 0xD3, 0x27, 0x52, - 0x4C, 0x36, 0x02, 0xE7, 0xA0, 0xC4, 0xC8, 0x9E, 0xEA, 0xBF, 0x8A, 0xD2, - 0x40, 0xC7, 0x38, 0xB5, 0xA3, 0xF7, 0xF2, 0xCE, 0xF9, 0x61, 0x15, 0xA1, - 0xE0, 0xAE, 0x5D, 0xA4, 0x9B, 0x34, 0x1A, 0x55, 0xAD, 0x93, 0x32, 0x30, - 0xF5, 0x8C, 0xB1, 0xE3, 0x1D, 0xF6, 0xE2, 0x2E, 0x82, 0x66, 0xCA, 0x60, - 0xC0, 0x29, 0x23, 0xAB, 0x0D, 0x53, 0x4E, 0x6F, 0xD5, 0xDB, 0x37, 0x45, - 0xDE, 0xFD, 0x8E, 0x2F, 0x03, 0xFF, 0x6A, 0x72, 0x6D, 0x6C, 0x5B, 0x51, - 0x8D, 0x1B, 0xAF, 0x92, 0xBB, 0xDD, 0xBC, 0x7F, 0x11, 0xD9, 0x5C, 0x41, - 0x1F, 0x10, 0x5A, 0xD8, 0x0A, 0xC1, 0x31, 0x88, 0xA5, 0xCD, 0x7B, 0xBD, - 0x2D, 0x74, 0xD0, 0x12, 0xB8, 0xE5, 0xB4, 0xB0, 0x89, 0x69, 0x97, 0x4A, - 0x0C, 0x96, 0x77, 0x7E, 0x65, 0xB9, 0xF1, 0x09, 0xC5, 0x6E, 0xC6, 0x84, - 0x18, 0xF0, 0x7D, 0xEC, 0x3A, 0xDC, 0x4D, 0x20, 0x79, 0xEE, 0x5F, 0x3E, - 0xD7, 0xCB, 0x39, 0x48 -}; - -/* - * SM4_SBOX_T[j] == L(SM4_SBOX[j]). - */ -static const uint32_t SM4_SBOX_T[256] = { - 0x8ED55B5B, 0xD0924242, 0x4DEAA7A7, 0x06FDFBFB, 0xFCCF3333, 0x65E28787, - 0xC93DF4F4, 0x6BB5DEDE, 0x4E165858, 0x6EB4DADA, 0x44145050, 0xCAC10B0B, - 0x8828A0A0, 0x17F8EFEF, 0x9C2CB0B0, 0x11051414, 0x872BACAC, 0xFB669D9D, - 0xF2986A6A, 0xAE77D9D9, 0x822AA8A8, 0x46BCFAFA, 0x14041010, 0xCFC00F0F, - 0x02A8AAAA, 0x54451111, 0x5F134C4C, 0xBE269898, 0x6D482525, 0x9E841A1A, - 0x1E061818, 0xFD9B6666, 0xEC9E7272, 0x4A430909, 0x10514141, 0x24F7D3D3, - 0xD5934646, 0x53ECBFBF, 0xF89A6262, 0x927BE9E9, 0xFF33CCCC, 0x04555151, - 0x270B2C2C, 0x4F420D0D, 0x59EEB7B7, 0xF3CC3F3F, 0x1CAEB2B2, 0xEA638989, - 0x74E79393, 0x7FB1CECE, 0x6C1C7070, 0x0DABA6A6, 0xEDCA2727, 0x28082020, - 0x48EBA3A3, 0xC1975656, 0x80820202, 0xA3DC7F7F, 0xC4965252, 0x12F9EBEB, - 0xA174D5D5, 0xB38D3E3E, 0xC33FFCFC, 0x3EA49A9A, 0x5B461D1D, 0x1B071C1C, - 0x3BA59E9E, 0x0CFFF3F3, 0x3FF0CFCF, 0xBF72CDCD, 0x4B175C5C, 0x52B8EAEA, - 0x8F810E0E, 0x3D586565, 0xCC3CF0F0, 0x7D196464, 0x7EE59B9B, 0x91871616, - 0x734E3D3D, 0x08AAA2A2, 0xC869A1A1, 0xC76AADAD, 0x85830606, 0x7AB0CACA, - 0xB570C5C5, 0xF4659191, 0xB2D96B6B, 0xA7892E2E, 0x18FBE3E3, 0x47E8AFAF, - 0x330F3C3C, 0x674A2D2D, 0xB071C1C1, 0x0E575959, 0xE99F7676, 0xE135D4D4, - 0x661E7878, 0xB4249090, 0x360E3838, 0x265F7979, 0xEF628D8D, 0x38596161, - 0x95D24747, 0x2AA08A8A, 0xB1259494, 0xAA228888, 0x8C7DF1F1, 0xD73BECEC, - 0x05010404, 0xA5218484, 0x9879E1E1, 0x9B851E1E, 0x84D75353, 0x00000000, - 0x5E471919, 0x0B565D5D, 0xE39D7E7E, 0x9FD04F4F, 0xBB279C9C, 0x1A534949, - 0x7C4D3131, 0xEE36D8D8, 0x0A020808, 0x7BE49F9F, 0x20A28282, 0xD4C71313, - 0xE8CB2323, 0xE69C7A7A, 0x42E9ABAB, 0x43BDFEFE, 0xA2882A2A, 0x9AD14B4B, - 0x40410101, 0xDBC41F1F, 0xD838E0E0, 0x61B7D6D6, 0x2FA18E8E, 0x2BF4DFDF, - 0x3AF1CBCB, 0xF6CD3B3B, 0x1DFAE7E7, 0xE5608585, 0x41155454, 0x25A38686, - 0x60E38383, 0x16ACBABA, 0x295C7575, 0x34A69292, 0xF7996E6E, 0xE434D0D0, - 0x721A6868, 0x01545555, 0x19AFB6B6, 0xDF914E4E, 0xFA32C8C8, 0xF030C0C0, - 0x21F6D7D7, 0xBC8E3232, 0x75B3C6C6, 0x6FE08F8F, 0x691D7474, 0x2EF5DBDB, - 0x6AE18B8B, 0x962EB8B8, 0x8A800A0A, 0xFE679999, 0xE2C92B2B, 0xE0618181, - 0xC0C30303, 0x8D29A4A4, 0xAF238C8C, 0x07A9AEAE, 0x390D3434, 0x1F524D4D, - 0x764F3939, 0xD36EBDBD, 0x81D65757, 0xB7D86F6F, 0xEB37DCDC, 0x51441515, - 0xA6DD7B7B, 0x09FEF7F7, 0xB68C3A3A, 0x932FBCBC, 0x0F030C0C, 0x03FCFFFF, - 0xC26BA9A9, 0xBA73C9C9, 0xD96CB5B5, 0xDC6DB1B1, 0x375A6D6D, 0x15504545, - 0xB98F3636, 0x771B6C6C, 0x13ADBEBE, 0xDA904A4A, 0x57B9EEEE, 0xA9DE7777, - 0x4CBEF2F2, 0x837EFDFD, 0x55114444, 0xBDDA6767, 0x2C5D7171, 0x45400505, - 0x631F7C7C, 0x50104040, 0x325B6969, 0xB8DB6363, 0x220A2828, 0xC5C20707, - 0xF531C4C4, 0xA88A2222, 0x31A79696, 0xF9CE3737, 0x977AEDED, 0x49BFF6F6, - 0x992DB4B4, 0xA475D1D1, 0x90D34343, 0x5A124848, 0x58BAE2E2, 0x71E69797, - 0x64B6D2D2, 0x70B2C2C2, 0xAD8B2626, 0xCD68A5A5, 0xCB955E5E, 0x624B2929, - 0x3C0C3030, 0xCE945A5A, 0xAB76DDDD, 0x867FF9F9, 0xF1649595, 0x5DBBE6E6, - 0x35F2C7C7, 0x2D092424, 0xD1C61717, 0xD66FB9B9, 0xDEC51B1B, 0x94861212, - 0x78186060, 0x30F3C3C3, 0x897CF5F5, 0x5CEFB3B3, 0xD23AE8E8, 0xACDF7373, - 0x794C3535, 0xA0208080, 0x9D78E5E5, 0x56EDBBBB, 0x235E7D7D, 0xC63EF8F8, - 0x8BD45F5F, 0xE7C82F2F, 0xDD39E4E4, 0x68492121 }; - -static ossl_inline uint32_t rotl(uint32_t a, uint8_t n) -{ - return (a << n) | (a >> (32 - n)); -} - -static ossl_inline uint32_t load_u32_be(const uint8_t *b, uint32_t n) -{ - return ((uint32_t)b[4 * n] << 24) | - ((uint32_t)b[4 * n + 1] << 16) | - ((uint32_t)b[4 * n + 2] << 8) | - ((uint32_t)b[4 * n + 3]); -} - -static ossl_inline void store_u32_be(uint32_t v, uint8_t *b) -{ - b[0] = (uint8_t)(v >> 24); - b[1] = (uint8_t)(v >> 16); - b[2] = (uint8_t)(v >> 8); - b[3] = (uint8_t)(v); -} - -static ossl_inline uint32_t SM4_T_slow(uint32_t X) -{ - uint32_t t = 0; - - t |= ((uint32_t)SM4_S[(uint8_t)(X >> 24)]) << 24; - t |= ((uint32_t)SM4_S[(uint8_t)(X >> 16)]) << 16; - t |= ((uint32_t)SM4_S[(uint8_t)(X >> 8)]) << 8; - t |= SM4_S[(uint8_t)X]; - - /* - * L linear transform - */ - return t ^ rotl(t, 2) ^ rotl(t, 10) ^ rotl(t, 18) ^ rotl(t, 24); -} - -static ossl_inline uint32_t SM4_T(uint32_t X) -{ - return SM4_SBOX_T[(uint8_t)(X >> 24)] ^ - rotl(SM4_SBOX_T[(uint8_t)(X >> 16)], 24) ^ - rotl(SM4_SBOX_T[(uint8_t)(X >> 8)], 16) ^ - rotl(SM4_SBOX_T[(uint8_t)X], 8); -} - -int ossl_sm4_set_key(const uint8_t *key, SM4_KEY *ks) -{ - /* - * Family Key - */ - static const uint32_t FK[4] = - { 0xa3b1bac6, 0x56aa3350, 0x677d9197, 0xb27022dc }; - - /* - * Constant Key - */ - static const uint32_t CK[32] = { - 0x00070E15, 0x1C232A31, 0x383F464D, 0x545B6269, - 0x70777E85, 0x8C939AA1, 0xA8AFB6BD, 0xC4CBD2D9, - 0xE0E7EEF5, 0xFC030A11, 0x181F262D, 0x343B4249, - 0x50575E65, 0x6C737A81, 0x888F969D, 0xA4ABB2B9, - 0xC0C7CED5, 0xDCE3EAF1, 0xF8FF060D, 0x141B2229, - 0x30373E45, 0x4C535A61, 0x686F767D, 0x848B9299, - 0xA0A7AEB5, 0xBCC3CAD1, 0xD8DFE6ED, 0xF4FB0209, - 0x10171E25, 0x2C333A41, 0x484F565D, 0x646B7279 - }; - - uint32_t K[4]; - int i; - - K[0] = load_u32_be(key, 0) ^ FK[0]; - K[1] = load_u32_be(key, 1) ^ FK[1]; - K[2] = load_u32_be(key, 2) ^ FK[2]; - K[3] = load_u32_be(key, 3) ^ FK[3]; - - for (i = 0; i != SM4_KEY_SCHEDULE; ++i) { - uint32_t X = K[(i + 1) % 4] ^ K[(i + 2) % 4] ^ K[(i + 3) % 4] ^ CK[i]; - uint32_t t = 0; - - t |= ((uint32_t)SM4_S[(uint8_t)(X >> 24)]) << 24; - t |= ((uint32_t)SM4_S[(uint8_t)(X >> 16)]) << 16; - t |= ((uint32_t)SM4_S[(uint8_t)(X >> 8)]) << 8; - t |= SM4_S[(uint8_t)X]; - - t = t ^ rotl(t, 13) ^ rotl(t, 23); - K[i % 4] ^= t; - ks->rk[i] = K[i % 4]; - } - - return 1; -} - -#define SM4_RNDS(k0, k1, k2, k3, F) \ - do { \ - B0 ^= F(B1 ^ B2 ^ B3 ^ ks->rk[k0]); \ - B1 ^= F(B0 ^ B2 ^ B3 ^ ks->rk[k1]); \ - B2 ^= F(B0 ^ B1 ^ B3 ^ ks->rk[k2]); \ - B3 ^= F(B0 ^ B1 ^ B2 ^ ks->rk[k3]); \ - } while(0) - -void ossl_sm4_encrypt(const uint8_t *in, uint8_t *out, const SM4_KEY *ks) -{ - uint32_t B0 = load_u32_be(in, 0); - uint32_t B1 = load_u32_be(in, 1); - uint32_t B2 = load_u32_be(in, 2); - uint32_t B3 = load_u32_be(in, 3); - - /* - * Uses byte-wise sbox in the first and last rounds to provide some - * protection from cache based side channels. - */ - SM4_RNDS( 0, 1, 2, 3, SM4_T_slow); - SM4_RNDS( 4, 5, 6, 7, SM4_T); - SM4_RNDS( 8, 9, 10, 11, SM4_T); - SM4_RNDS(12, 13, 14, 15, SM4_T); - SM4_RNDS(16, 17, 18, 19, SM4_T); - SM4_RNDS(20, 21, 22, 23, SM4_T); - SM4_RNDS(24, 25, 26, 27, SM4_T); - SM4_RNDS(28, 29, 30, 31, SM4_T_slow); - - store_u32_be(B3, out); - store_u32_be(B2, out + 4); - store_u32_be(B1, out + 8); - store_u32_be(B0, out + 12); -} - -void ossl_sm4_decrypt(const uint8_t *in, uint8_t *out, const SM4_KEY *ks) -{ - uint32_t B0 = load_u32_be(in, 0); - uint32_t B1 = load_u32_be(in, 1); - uint32_t B2 = load_u32_be(in, 2); - uint32_t B3 = load_u32_be(in, 3); - - SM4_RNDS(31, 30, 29, 28, SM4_T_slow); - SM4_RNDS(27, 26, 25, 24, SM4_T); - SM4_RNDS(23, 22, 21, 20, SM4_T); - SM4_RNDS(19, 18, 17, 16, SM4_T); - SM4_RNDS(15, 14, 13, 12, SM4_T); - SM4_RNDS(11, 10, 9, 8, SM4_T); - SM4_RNDS( 7, 6, 5, 4, SM4_T); - SM4_RNDS( 3, 2, 1, 0, SM4_T_slow); - - store_u32_be(B3, out); - store_u32_be(B2, out + 4); - store_u32_be(B1, out + 8); - store_u32_be(B0, out + 12); -} diff --git a/crypto/sparccpuid.S b/crypto/sparccpuid.S deleted file mode 100644 index 4771dd5087939f0f97dd1ec32ac3ddacd6c659dd..0000000000000000000000000000000000000000 --- a/crypto/sparccpuid.S +++ /dev/null @@ -1,578 +0,0 @@ -! Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved. -! -! Licensed under the Apache License 2.0 (the "License"). You may not use -! this file except in compliance with the License. You can obtain a copy -! in the file LICENSE in the source distribution or at -! https://www.openssl.org/source/license.html - -#if defined(__SUNPRO_C) && defined(__sparcv9) -# define ABI64 /* They've said -xarch=v9 at command line */ -#elif defined(__GNUC__) && defined(__arch64__) -# define ABI64 /* They've said -m64 at command line */ -#endif - -#ifdef ABI64 - .register %g2,#scratch - .register %g3,#scratch -# define FRAME -192 -# define BIAS 2047 -#else -# define FRAME -96 -# define BIAS 0 -#endif - -.text -.align 32 -.global OPENSSL_wipe_cpu -.type OPENSSL_wipe_cpu,#function -! Keep in mind that this does not excuse us from wiping the stack! -! This routine wipes registers, but not the backing store [which -! resides on the stack, toward lower addresses]. To facilitate for -! stack wiping I return pointer to the top of stack of the *caller*. -OPENSSL_wipe_cpu: - save %sp,FRAME,%sp - nop -#ifdef __sun -#include - ta ST_CLEAN_WINDOWS -#else - call .walk.reg.wins -#endif - nop - call .PIC.zero.up - mov .zero-(.-4),%o0 - ld [%o0],%f0 - ld [%o0],%f1 - - subcc %g0,1,%o0 - ! Following is V9 "rd %ccr,%o0" instruction. However! V8 - ! specification says that it ("rd %asr2,%o0" in V8 terms) does - ! not cause illegal_instruction trap. It therefore can be used - ! to determine if the CPU the code is executing on is V8- or - ! V9-compliant, as V9 returns a distinct value of 0x99, - ! "negative" and "borrow" bits set in both %icc and %xcc. - .word 0x91408000 !rd %ccr,%o0 - cmp %o0,0x99 - bne .v8 - nop - ! Even though we do not use %fp register bank, - ! we wipe it as memcpy might have used it... - .word 0xbfa00040 !fmovd %f0,%f62 - .word 0xbba00040 !... - .word 0xb7a00040 - .word 0xb3a00040 - .word 0xafa00040 - .word 0xaba00040 - .word 0xa7a00040 - .word 0xa3a00040 - .word 0x9fa00040 - .word 0x9ba00040 - .word 0x97a00040 - .word 0x93a00040 - .word 0x8fa00040 - .word 0x8ba00040 - .word 0x87a00040 - .word 0x83a00040 !fmovd %f0,%f32 -.v8: fmovs %f1,%f31 - clr %o0 - fmovs %f0,%f30 - clr %o1 - fmovs %f1,%f29 - clr %o2 - fmovs %f0,%f28 - clr %o3 - fmovs %f1,%f27 - clr %o4 - fmovs %f0,%f26 - clr %o5 - fmovs %f1,%f25 - clr %o7 - fmovs %f0,%f24 - clr %l0 - fmovs %f1,%f23 - clr %l1 - fmovs %f0,%f22 - clr %l2 - fmovs %f1,%f21 - clr %l3 - fmovs %f0,%f20 - clr %l4 - fmovs %f1,%f19 - clr %l5 - fmovs %f0,%f18 - clr %l6 - fmovs %f1,%f17 - clr %l7 - fmovs %f0,%f16 - clr %i0 - fmovs %f1,%f15 - clr %i1 - fmovs %f0,%f14 - clr %i2 - fmovs %f1,%f13 - clr %i3 - fmovs %f0,%f12 - clr %i4 - fmovs %f1,%f11 - clr %i5 - fmovs %f0,%f10 - clr %g1 - fmovs %f1,%f9 - clr %g2 - fmovs %f0,%f8 - clr %g3 - fmovs %f1,%f7 - clr %g4 - fmovs %f0,%f6 - clr %g5 - fmovs %f1,%f5 - fmovs %f0,%f4 - fmovs %f1,%f3 - fmovs %f0,%f2 - - add %fp,BIAS,%i0 ! return pointer to caller´s top of stack - - ret - restore - -.zero: .long 0x0,0x0 -.PIC.zero.up: - retl - add %o0,%o7,%o0 -#ifdef DEBUG -.global walk_reg_wins -.type walk_reg_wins,#function -walk_reg_wins: -#endif -.walk.reg.wins: - save %sp,FRAME,%sp - cmp %i7,%o7 - be 2f - clr %o0 - cmp %o7,0 ! compiler never cleans %o7... - be 1f ! could have been a leaf function... - clr %o1 - call .walk.reg.wins - nop -1: clr %o2 - clr %o3 - clr %o4 - clr %o5 - clr %o7 - clr %l0 - clr %l1 - clr %l2 - clr %l3 - clr %l4 - clr %l5 - clr %l6 - clr %l7 - add %o0,1,%i0 ! used for debugging -2: ret - restore -.size OPENSSL_wipe_cpu,.-OPENSSL_wipe_cpu - -.global OPENSSL_atomic_add -.type OPENSSL_atomic_add,#function -.align 32 -OPENSSL_atomic_add: -#ifndef ABI64 - subcc %g0,1,%o2 - .word 0x95408000 !rd %ccr,%o2, see comment above - cmp %o2,0x99 - be .v9 - nop - save %sp,FRAME,%sp - ba .enter - nop -#ifdef __sun -! Note that you do not have to link with libthread to call thr_yield, -! as libc provides a stub, which is overloaded the moment you link -! with *either* libpthread or libthread... -#define YIELD_CPU thr_yield -#else -! applies at least to Linux and FreeBSD... Feedback expected... -#define YIELD_CPU sched_yield -#endif -.spin: call YIELD_CPU - nop -.enter: ld [%i0],%i2 - cmp %i2,-4096 - be .spin - mov -1,%i2 - swap [%i0],%i2 - cmp %i2,-1 - be .spin - add %i2,%i1,%i2 - stbar - st %i2,[%i0] - sra %i2,%g0,%i0 - ret - restore -.v9: -#endif - ld [%o0],%o2 -1: add %o1,%o2,%o3 - .word 0xd7e2100a !cas [%o0],%o2,%o3, compare [%o0] with %o2 and swap %o3 - cmp %o2,%o3 - bne 1b - mov %o3,%o2 ! cas is always fetching to dest. register - add %o1,%o2,%o0 ! OpenSSL expects the new value - retl - sra %o0,%g0,%o0 ! we return signed int, remember? -.size OPENSSL_atomic_add,.-OPENSSL_atomic_add - -.global _sparcv9_rdtick -.align 32 -_sparcv9_rdtick: - subcc %g0,1,%o0 - .word 0x91408000 !rd %ccr,%o0 - cmp %o0,0x99 - bne .notick - xor %o0,%o0,%o0 - .word 0x91410000 !rd %tick,%o0 - retl - .word 0x93323020 !srlx %o0,32,%o1 -.notick: - retl - xor %o1,%o1,%o1 -.type _sparcv9_rdtick,#function -.size _sparcv9_rdtick,.-_sparcv9_rdtick - -.global _sparcv9_vis1_probe -.align 8 -_sparcv9_vis1_probe: - add %sp,BIAS+2,%o1 - .word 0xc19a5a40 !ldda [%o1]ASI_FP16_P,%f0 - retl - .word 0x81b00d80 !fxor %f0,%f0,%f0 -.type _sparcv9_vis1_probe,#function -.size _sparcv9_vis1_probe,.-_sparcv9_vis1_probe - -! Probe and instrument VIS1 instruction. Output is number of cycles it -! takes to execute rdtick and pair of VIS1 instructions. US-Tx VIS unit -! is slow (documented to be 6 cycles on T2) and the core is in-order -! single-issue, it should be possible to distinguish Tx reliably... -! Observed return values are: -! -! UltraSPARC IIe 7 -! UltraSPARC III 7 -! UltraSPARC T1 24 -! SPARC T4 65(*) -! -! (*) result has lesser to do with VIS instruction latencies, rdtick -! appears that slow, but it does the trick in sense that FP and -! VIS code paths are still slower than integer-only ones. -! -! Numbers for T2 and SPARC64 V-VII are more than welcomed. -! -! It would be possible to detect specifically US-T1 by instrumenting -! fmul8ulx16, which is emulated on T1 and as such accounts for quite -! a lot of %tick-s, couple of thousand on Linux... -.global _sparcv9_vis1_instrument -.align 8 -_sparcv9_vis1_instrument: - .word 0x81b00d80 !fxor %f0,%f0,%f0 - .word 0x85b08d82 !fxor %f2,%f2,%f2 - .word 0x91410000 !rd %tick,%o0 - .word 0x81b00d80 !fxor %f0,%f0,%f0 - .word 0x85b08d82 !fxor %f2,%f2,%f2 - .word 0x93410000 !rd %tick,%o1 - .word 0x81b00d80 !fxor %f0,%f0,%f0 - .word 0x85b08d82 !fxor %f2,%f2,%f2 - .word 0x95410000 !rd %tick,%o2 - .word 0x81b00d80 !fxor %f0,%f0,%f0 - .word 0x85b08d82 !fxor %f2,%f2,%f2 - .word 0x97410000 !rd %tick,%o3 - .word 0x81b00d80 !fxor %f0,%f0,%f0 - .word 0x85b08d82 !fxor %f2,%f2,%f2 - .word 0x99410000 !rd %tick,%o4 - - ! calculate intervals - sub %o1,%o0,%o0 - sub %o2,%o1,%o1 - sub %o3,%o2,%o2 - sub %o4,%o3,%o3 - - ! find minimum value - cmp %o0,%o1 - .word 0x38680002 !bgu,a %xcc,.+8 - mov %o1,%o0 - cmp %o0,%o2 - .word 0x38680002 !bgu,a %xcc,.+8 - mov %o2,%o0 - cmp %o0,%o3 - .word 0x38680002 !bgu,a %xcc,.+8 - mov %o3,%o0 - - retl - nop -.type _sparcv9_vis1_instrument,#function -.size _sparcv9_vis1_instrument,.-_sparcv9_vis1_instrument - -.global _sparcv9_vis2_probe -.align 8 -_sparcv9_vis2_probe: - retl - .word 0x81b00980 !bshuffle %f0,%f0,%f0 -.type _sparcv9_vis2_probe,#function -.size _sparcv9_vis2_probe,.-_sparcv9_vis2_probe - -.global _sparcv9_fmadd_probe -.align 8 -_sparcv9_fmadd_probe: - .word 0x81b00d80 !fxor %f0,%f0,%f0 - .word 0x85b08d82 !fxor %f2,%f2,%f2 - retl - .word 0x81b80440 !fmaddd %f0,%f0,%f2,%f0 -.type _sparcv9_fmadd_probe,#function -.size _sparcv9_fmadd_probe,.-_sparcv9_fmadd_probe - -.global _sparcv9_rdcfr -.align 8 -_sparcv9_rdcfr: - retl - .word 0x91468000 !rd %asr26,%o0 -.type _sparcv9_rdcfr,#function -.size _sparcv9_rdcfr,.-_sparcv9_rdcfr - -.global _sparcv9_vis3_probe -.align 8 -_sparcv9_vis3_probe: - retl - .word 0x81b022a0 !xmulx %g0,%g0,%g0 -.type _sparcv9_vis3_probe,#function -.size _sparcv9_vis3_probe,.-_sparcv9_vis3_probe - -.global _sparcv9_random -.align 8 -_sparcv9_random: - retl - .word 0x91b002a0 !random %o0 -.type _sparcv9_random,#function -.size _sparcv9_random,.-_sparcv9_vis3_probe - -.global _sparcv9_fjaesx_probe -.align 8 -_sparcv9_fjaesx_probe: - .word 0x81b09206 !faesencx %f2,%f6,%f0 - retl - nop -.size _sparcv9_fjaesx_probe,.-_sparcv9_fjaesx_probe - -.global OPENSSL_cleanse -.align 32 -OPENSSL_cleanse: - cmp %o1,14 - nop -#ifdef ABI64 - bgu %xcc,.Lot -#else - bgu .Lot -#endif - cmp %o1,0 - bne .Little - nop - retl - nop - -.Little: - stb %g0,[%o0] - subcc %o1,1,%o1 - bnz .Little - add %o0,1,%o0 - retl - nop -.align 32 -.Lot: -#ifndef ABI64 - subcc %g0,1,%g1 - ! see above for explanation - .word 0x83408000 !rd %ccr,%g1 - cmp %g1,0x99 - bne .v8lot - nop -#endif - -.v9lot: andcc %o0,7,%g0 - bz .v9aligned - nop - stb %g0,[%o0] - sub %o1,1,%o1 - ba .v9lot - add %o0,1,%o0 -.align 16,0x01000000 -.v9aligned: - .word 0xc0720000 !stx %g0,[%o0] - sub %o1,8,%o1 - andcc %o1,-8,%g0 -#ifdef ABI64 - .word 0x126ffffd !bnz %xcc,.v9aligned -#else - .word 0x124ffffd !bnz %icc,.v9aligned -#endif - add %o0,8,%o0 - - cmp %o1,0 - bne .Little - nop - retl - nop -#ifndef ABI64 -.v8lot: andcc %o0,3,%g0 - bz .v8aligned - nop - stb %g0,[%o0] - sub %o1,1,%o1 - ba .v8lot - add %o0,1,%o0 - nop -.v8aligned: - st %g0,[%o0] - sub %o1,4,%o1 - andcc %o1,-4,%g0 - bnz .v8aligned - add %o0,4,%o0 - - cmp %o1,0 - bne .Little - nop - retl - nop -#endif -.type OPENSSL_cleanse,#function -.size OPENSSL_cleanse,.-OPENSSL_cleanse - -.global CRYPTO_memcmp -.align 16 -CRYPTO_memcmp: - cmp %o2,0 -#ifdef ABI64 - beq,pn %xcc,.Lno_data -#else - beq .Lno_data -#endif - xor %g1,%g1,%g1 - nop - -.Loop_cmp: - ldub [%o0],%o3 - add %o0,1,%o0 - ldub [%o1],%o4 - add %o1,1,%o1 - subcc %o2,1,%o2 - xor %o3,%o4,%o4 -#ifdef ABI64 - bnz %xcc,.Loop_cmp -#else - bnz .Loop_cmp -#endif - or %o4,%g1,%g1 - - sub %g0,%g1,%g1 - srl %g1,31,%g1 -.Lno_data: - retl - mov %g1,%o0 -.type CRYPTO_memcmp,#function -.size CRYPTO_memcmp,.-CRYPTO_memcmp - -.global _sparcv9_vis1_instrument_bus -.align 8 -_sparcv9_vis1_instrument_bus: - mov %o1,%o3 ! save cnt - .word 0x99410000 !rd %tick,%o4 ! tick - mov %o4,%o5 ! lasttick = tick - set 0,%g4 ! diff - - andn %o0,63,%g1 - .word 0xc1985e00 !ldda [%g1]0xf0,%f0 ! block load - .word 0x8143e040 !membar #Sync - .word 0xc1b85c00 !stda %f0,[%g1]0xe0 ! block store and commit - .word 0x8143e040 !membar #Sync - ld [%o0],%o4 - add %o4,%g4,%g4 - .word 0xc9e2100c !cas [%o0],%o4,%g4 - -.Loop: .word 0x99410000 !rd %tick,%o4 - sub %o4,%o5,%g4 ! diff=tick-lasttick - mov %o4,%o5 ! lasttick=tick - - andn %o0,63,%g1 - .word 0xc1985e00 !ldda [%g1]0xf0,%f0 ! block load - .word 0x8143e040 !membar #Sync - .word 0xc1b85c00 !stda %f0,[%g1]0xe0 ! block store and commit - .word 0x8143e040 !membar #Sync - ld [%o0],%o4 - add %o4,%g4,%g4 - .word 0xc9e2100c !cas [%o0],%o4,%g4 - subcc %o1,1,%o1 ! --$cnt - bnz .Loop - add %o0,4,%o0 ! ++$out - - retl - mov %o3,%o0 -.type _sparcv9_vis1_instrument_bus,#function -.size _sparcv9_vis1_instrument_bus,.-_sparcv9_vis1_instrument_bus - -.global _sparcv9_vis1_instrument_bus2 -.align 8 -_sparcv9_vis1_instrument_bus2: - mov %o1,%o3 ! save cnt - sll %o1,2,%o1 ! cnt*=4 - - .word 0x99410000 !rd %tick,%o4 ! tick - mov %o4,%o5 ! lasttick = tick - set 0,%g4 ! diff - - andn %o0,63,%g1 - .word 0xc1985e00 !ldda [%g1]0xf0,%f0 ! block load - .word 0x8143e040 !membar #Sync - .word 0xc1b85c00 !stda %f0,[%g1]0xe0 ! block store and commit - .word 0x8143e040 !membar #Sync - ld [%o0],%o4 - add %o4,%g4,%g4 - .word 0xc9e2100c !cas [%o0],%o4,%g4 - - .word 0x99410000 !rd %tick,%o4 ! tick - sub %o4,%o5,%g4 ! diff=tick-lasttick - mov %o4,%o5 ! lasttick=tick - mov %g4,%g5 ! lastdiff=diff -.Loop2: - andn %o0,63,%g1 - .word 0xc1985e00 !ldda [%g1]0xf0,%f0 ! block load - .word 0x8143e040 !membar #Sync - .word 0xc1b85c00 !stda %f0,[%g1]0xe0 ! block store and commit - .word 0x8143e040 !membar #Sync - ld [%o0],%o4 - add %o4,%g4,%g4 - .word 0xc9e2100c !cas [%o0],%o4,%g4 - - subcc %o2,1,%o2 ! --max - bz .Ldone2 - nop - - .word 0x99410000 !rd %tick,%o4 ! tick - sub %o4,%o5,%g4 ! diff=tick-lasttick - mov %o4,%o5 ! lasttick=tick - cmp %g4,%g5 - mov %g4,%g5 ! lastdiff=diff - - .word 0x83408000 !rd %ccr,%g1 - and %g1,4,%g1 ! isolate zero flag - xor %g1,4,%g1 ! flip zero flag - - subcc %o1,%g1,%o1 ! conditional --$cnt - bnz .Loop2 - add %o0,%g1,%o0 ! conditional ++$out - -.Ldone2: - srl %o1,2,%o1 - retl - sub %o3,%o1,%o0 -.type _sparcv9_vis1_instrument_bus2,#function -.size _sparcv9_vis1_instrument_bus2,.-_sparcv9_vis1_instrument_bus2 - -.section ".init",#alloc,#execinstr - call OPENSSL_cpuid_setup - nop diff --git a/crypto/sparcv9cap.c b/crypto/sparcv9cap.c deleted file mode 100644 index 53c0c3e0456be541010417ef707d5c2b0549ab48..0000000000000000000000000000000000000000 --- a/crypto/sparcv9cap.c +++ /dev/null @@ -1,231 +0,0 @@ -/* - * Copyright 2005-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include "internal/cryptlib.h" -#include "crypto/sparc_arch.h" - -#if defined(__GNUC__) && defined(__linux) -__attribute__ ((visibility("hidden"))) -#endif -unsigned int OPENSSL_sparcv9cap_P[2] = { SPARCV9_TICK_PRIVILEGED, 0 }; - -unsigned long _sparcv9_rdtick(void); -void _sparcv9_vis1_probe(void); -unsigned long _sparcv9_vis1_instrument(void); -void _sparcv9_vis2_probe(void); -void _sparcv9_fmadd_probe(void); -unsigned long _sparcv9_rdcfr(void); -void _sparcv9_vis3_probe(void); -void _sparcv9_fjaesx_probe(void); -unsigned long _sparcv9_random(void); -size_t _sparcv9_vis1_instrument_bus(unsigned int *, size_t); -size_t _sparcv9_vis1_instrument_bus2(unsigned int *, size_t, size_t); - -uint32_t OPENSSL_rdtsc(void) -{ - if (OPENSSL_sparcv9cap_P[0] & SPARCV9_TICK_PRIVILEGED) -#if defined(__sun) && defined(__SVR4) - return gethrtime(); -#else - return 0; -#endif - else - return _sparcv9_rdtick(); -} - -size_t OPENSSL_instrument_bus(unsigned int *out, size_t cnt) -{ - if ((OPENSSL_sparcv9cap_P[0] & (SPARCV9_TICK_PRIVILEGED | SPARCV9_BLK)) == - SPARCV9_BLK) - return _sparcv9_vis1_instrument_bus(out, cnt); - else - return 0; -} - -size_t OPENSSL_instrument_bus2(unsigned int *out, size_t cnt, size_t max) -{ - if ((OPENSSL_sparcv9cap_P[0] & (SPARCV9_TICK_PRIVILEGED | SPARCV9_BLK)) == - SPARCV9_BLK) - return _sparcv9_vis1_instrument_bus2(out, cnt, max); - else - return 0; -} - -static sigjmp_buf common_jmp; -static void common_handler(int sig) -{ - siglongjmp(common_jmp, sig); -} - -#if defined(__sun) && defined(__SVR4) -# if defined(__GNUC__) && __GNUC__>=2 -extern unsigned int getisax(unsigned int vec[], unsigned int sz) __attribute__ ((weak)); -# elif defined(__SUNPRO_C) -#pragma weak getisax -extern unsigned int getisax(unsigned int vec[], unsigned int sz); -# else -static unsigned int (*getisax) (unsigned int vec[], unsigned int sz) = NULL; -# endif -#endif - -void OPENSSL_cpuid_setup(void) -{ - char *e; - struct sigaction common_act, ill_oact, bus_oact; - sigset_t all_masked, oset; - static int trigger = 0; - - if (trigger) - return; - trigger = 1; - - if ((e = getenv("OPENSSL_sparcv9cap"))) { - OPENSSL_sparcv9cap_P[0] = strtoul(e, NULL, 0); - if ((e = strchr(e, ':'))) - OPENSSL_sparcv9cap_P[1] = strtoul(e + 1, NULL, 0); - return; - } - -#if defined(__sun) && defined(__SVR4) - if (getisax != NULL) { - unsigned int vec[2] = { 0, 0 }; - - if (getisax (vec,2)) { - if (vec[0]&0x00020) OPENSSL_sparcv9cap_P[0] |= SPARCV9_VIS1; - if (vec[0]&0x00040) OPENSSL_sparcv9cap_P[0] |= SPARCV9_VIS2; - if (vec[0]&0x00080) OPENSSL_sparcv9cap_P[0] |= SPARCV9_BLK; - if (vec[0]&0x00100) OPENSSL_sparcv9cap_P[0] |= SPARCV9_FMADD; - if (vec[0]&0x00400) OPENSSL_sparcv9cap_P[0] |= SPARCV9_VIS3; - if (vec[0]&0x01000) OPENSSL_sparcv9cap_P[0] |= SPARCV9_FJHPCACE; - if (vec[0]&0x02000) OPENSSL_sparcv9cap_P[0] |= SPARCV9_FJDESX; - if (vec[0]&0x08000) OPENSSL_sparcv9cap_P[0] |= SPARCV9_IMA; - if (vec[0]&0x10000) OPENSSL_sparcv9cap_P[0] |= SPARCV9_FJAESX; - if (vec[1]&0x00008) OPENSSL_sparcv9cap_P[0] |= SPARCV9_VIS4; - - /* reconstruct %cfr copy */ - OPENSSL_sparcv9cap_P[1] = (vec[0]>>17)&0x3ff; - OPENSSL_sparcv9cap_P[1] |= (OPENSSL_sparcv9cap_P[1]&CFR_MONTMUL)<<1; - if (vec[0]&0x20000000) OPENSSL_sparcv9cap_P[1] |= CFR_CRC32C; - if (vec[1]&0x00000020) OPENSSL_sparcv9cap_P[1] |= CFR_XMPMUL; - if (vec[1]&0x00000040) - OPENSSL_sparcv9cap_P[1] |= CFR_XMONTMUL|CFR_XMONTSQR; - - /* Some heuristics */ - /* all known VIS2-capable CPUs have unprivileged tick counter */ - if (OPENSSL_sparcv9cap_P[0]&SPARCV9_VIS2) - OPENSSL_sparcv9cap_P[0] &= ~SPARCV9_TICK_PRIVILEGED; - - OPENSSL_sparcv9cap_P[0] |= SPARCV9_PREFER_FPU; - - /* detect UltraSPARC-Tx, see sparccpud.S for details... */ - if ((OPENSSL_sparcv9cap_P[0]&SPARCV9_VIS1) && - _sparcv9_vis1_instrument() >= 12) - OPENSSL_sparcv9cap_P[0] &= ~(SPARCV9_VIS1 | SPARCV9_PREFER_FPU); - } - - if (sizeof(size_t) == 8) - OPENSSL_sparcv9cap_P[0] |= SPARCV9_64BIT_STACK; - - return; - } -#endif - - /* Initial value, fits UltraSPARC-I&II... */ - OPENSSL_sparcv9cap_P[0] = SPARCV9_PREFER_FPU | SPARCV9_TICK_PRIVILEGED; - - sigfillset(&all_masked); - sigdelset(&all_masked, SIGILL); - sigdelset(&all_masked, SIGTRAP); -# ifdef SIGEMT - sigdelset(&all_masked, SIGEMT); -# endif - sigdelset(&all_masked, SIGFPE); - sigdelset(&all_masked, SIGBUS); - sigdelset(&all_masked, SIGSEGV); - sigprocmask(SIG_SETMASK, &all_masked, &oset); - - memset(&common_act, 0, sizeof(common_act)); - common_act.sa_handler = common_handler; - common_act.sa_mask = all_masked; - - sigaction(SIGILL, &common_act, &ill_oact); - sigaction(SIGBUS, &common_act, &bus_oact); /* T1 fails 16-bit ldda [on - * Linux] */ - - if (sigsetjmp(common_jmp, 1) == 0) { - _sparcv9_rdtick(); - OPENSSL_sparcv9cap_P[0] &= ~SPARCV9_TICK_PRIVILEGED; - } - - if (sigsetjmp(common_jmp, 1) == 0) { - _sparcv9_vis1_probe(); - OPENSSL_sparcv9cap_P[0] |= SPARCV9_VIS1 | SPARCV9_BLK; - /* detect UltraSPARC-Tx, see sparccpud.S for details... */ - if (_sparcv9_vis1_instrument() >= 12) - OPENSSL_sparcv9cap_P[0] &= ~(SPARCV9_VIS1 | SPARCV9_PREFER_FPU); - else { - _sparcv9_vis2_probe(); - OPENSSL_sparcv9cap_P[0] |= SPARCV9_VIS2; - } - } - - if (sigsetjmp(common_jmp, 1) == 0) { - _sparcv9_fmadd_probe(); - OPENSSL_sparcv9cap_P[0] |= SPARCV9_FMADD; - } - - /* - * VIS3 flag is tested independently from VIS1, unlike VIS2 that is, - * because VIS3 defines even integer instructions. - */ - if (sigsetjmp(common_jmp, 1) == 0) { - _sparcv9_vis3_probe(); - OPENSSL_sparcv9cap_P[0] |= SPARCV9_VIS3; - } - - if (sigsetjmp(common_jmp, 1) == 0) { - _sparcv9_fjaesx_probe(); - OPENSSL_sparcv9cap_P[0] |= SPARCV9_FJAESX; - } - - /* - * In wait for better solution _sparcv9_rdcfr is masked by - * VIS3 flag, because it goes to uninterruptible endless - * loop on UltraSPARC II running Solaris. Things might be - * different on Linux... - */ - if ((OPENSSL_sparcv9cap_P[0] & SPARCV9_VIS3) && - sigsetjmp(common_jmp, 1) == 0) { - OPENSSL_sparcv9cap_P[1] = (unsigned int)_sparcv9_rdcfr(); - } - - sigaction(SIGBUS, &bus_oact, NULL); - sigaction(SIGILL, &ill_oact, NULL); - - sigprocmask(SIG_SETMASK, &oset, NULL); - - if (sizeof(size_t) == 8) - OPENSSL_sparcv9cap_P[0] |= SPARCV9_64BIT_STACK; -# ifdef __linux - else { - int ret = syscall(340); - - if (ret >= 0 && ret & 1) - OPENSSL_sparcv9cap_P[0] |= SPARCV9_64BIT_STACK; - } -# endif -} diff --git a/crypto/sparse_array.c b/crypto/sparse_array.c deleted file mode 100644 index bbbc9cdb36966c9778bb83c4a484c51516284f07..0000000000000000000000000000000000000000 --- a/crypto/sparse_array.c +++ /dev/null @@ -1,216 +0,0 @@ -/* - * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. - * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include "crypto/sparse_array.h" - -/* - * How many bits are used to index each level in the tree structure? - * This setting determines the number of pointers stored in each node of the - * tree used to represent the sparse array. Having more pointers reduces the - * depth of the tree but potentially wastes more memory. That is, this is a - * direct space versus time tradeoff. - * - * The default is to use four bits which means that the are 16 - * pointers in each tree node. - * - * The library builder is also permitted to define other sizes in the closed - * interval [2, sizeof(ossl_uintmax_t) * 8]. Space use generally scales - * exponentially with the block size, although the implementation only - * creates enough blocks to support the largest used index. The depth is: - * ceil(log_2(largest index) / 2^{block size}) - * E.g. with a block size of 4, and a largest index of 1000, the depth - * will be three. - */ -#ifndef OPENSSL_SA_BLOCK_BITS -# define OPENSSL_SA_BLOCK_BITS 4 -#elif OPENSSL_SA_BLOCK_BITS < 2 || OPENSSL_SA_BLOCK_BITS > (BN_BITS2 - 1) -# error OPENSSL_SA_BLOCK_BITS is out of range -#endif - -/* - * From the number of bits, work out: - * the number of pointers in a tree node; - * a bit mask to quickly extract an index and - * the maximum depth of the tree structure. - */ -#define SA_BLOCK_MAX (1 << OPENSSL_SA_BLOCK_BITS) -#define SA_BLOCK_MASK (SA_BLOCK_MAX - 1) -#define SA_BLOCK_MAX_LEVELS (((int)sizeof(ossl_uintmax_t) * 8 \ - + OPENSSL_SA_BLOCK_BITS - 1) \ - / OPENSSL_SA_BLOCK_BITS) - -struct sparse_array_st { - int levels; - ossl_uintmax_t top; - size_t nelem; - void **nodes; -}; - -OPENSSL_SA *ossl_sa_new(void) -{ - OPENSSL_SA *res = OPENSSL_zalloc(sizeof(*res)); - - return res; -} - -static void sa_doall(const OPENSSL_SA *sa, void (*node)(void **), - void (*leaf)(ossl_uintmax_t, void *, void *), void *arg) -{ - int i[SA_BLOCK_MAX_LEVELS]; - void *nodes[SA_BLOCK_MAX_LEVELS]; - ossl_uintmax_t idx = 0; - int l = 0; - - i[0] = 0; - nodes[0] = sa->nodes; - while (l >= 0) { - const int n = i[l]; - void ** const p = nodes[l]; - - if (n >= SA_BLOCK_MAX) { - if (p != NULL && node != NULL) - (*node)(p); - l--; - idx >>= OPENSSL_SA_BLOCK_BITS; - } else { - i[l] = n + 1; - if (p != NULL && p[n] != NULL) { - idx = (idx & ~SA_BLOCK_MASK) | n; - if (l < sa->levels - 1) { - i[++l] = 0; - nodes[l] = p[n]; - idx <<= OPENSSL_SA_BLOCK_BITS; - } else if (leaf != NULL) { - (*leaf)(idx, p[n], arg); - } - } - } - } -} - -static void sa_free_node(void **p) -{ - OPENSSL_free(p); -} - -static void sa_free_leaf(ossl_uintmax_t n, void *p, void *arg) -{ - OPENSSL_free(p); -} - -void ossl_sa_free(OPENSSL_SA *sa) -{ - if (sa != NULL) { - sa_doall(sa, &sa_free_node, NULL, NULL); - OPENSSL_free(sa); - } -} - -void ossl_sa_free_leaves(OPENSSL_SA *sa) -{ - sa_doall(sa, &sa_free_node, &sa_free_leaf, NULL); - OPENSSL_free(sa); -} - -/* Wrap this in a structure to avoid compiler warnings */ -struct trampoline_st { - void (*func)(ossl_uintmax_t, void *); -}; - -static void trampoline(ossl_uintmax_t n, void *l, void *arg) -{ - ((const struct trampoline_st *)arg)->func(n, l); -} - -void ossl_sa_doall(const OPENSSL_SA *sa, void (*leaf)(ossl_uintmax_t, void *)) -{ - struct trampoline_st tramp; - - tramp.func = leaf; - if (sa != NULL) - sa_doall(sa, NULL, &trampoline, &tramp); -} - -void ossl_sa_doall_arg(const OPENSSL_SA *sa, - void (*leaf)(ossl_uintmax_t, void *, void *), - void *arg) -{ - if (sa != NULL) - sa_doall(sa, NULL, leaf, arg); -} - -size_t ossl_sa_num(const OPENSSL_SA *sa) -{ - return sa == NULL ? 0 : sa->nelem; -} - -void *ossl_sa_get(const OPENSSL_SA *sa, ossl_uintmax_t n) -{ - int level; - void **p, *r = NULL; - - if (sa == NULL || sa->nelem == 0) - return NULL; - - if (n <= sa->top) { - p = sa->nodes; - for (level = sa->levels - 1; p != NULL && level > 0; level--) - p = (void **)p[(n >> (OPENSSL_SA_BLOCK_BITS * level)) - & SA_BLOCK_MASK]; - r = p == NULL ? NULL : p[n & SA_BLOCK_MASK]; - } - return r; -} - -static ossl_inline void **alloc_node(void) -{ - return OPENSSL_zalloc(SA_BLOCK_MAX * sizeof(void *)); -} - -int ossl_sa_set(OPENSSL_SA *sa, ossl_uintmax_t posn, void *val) -{ - int i, level = 1; - ossl_uintmax_t n = posn; - void **p; - - if (sa == NULL) - return 0; - - for (level = 1; level < SA_BLOCK_MAX_LEVELS; level++) - if ((n >>= OPENSSL_SA_BLOCK_BITS) == 0) - break; - - for (;sa->levels < level; sa->levels++) { - p = alloc_node(); - if (p == NULL) - return 0; - p[0] = sa->nodes; - sa->nodes = p; - } - if (sa->top < posn) - sa->top = posn; - - p = sa->nodes; - for (level = sa->levels - 1; level > 0; level--) { - i = (posn >> (OPENSSL_SA_BLOCK_BITS * level)) & SA_BLOCK_MASK; - if (p[i] == NULL && (p[i] = alloc_node()) == NULL) - return 0; - p = p[i]; - } - p += posn & SA_BLOCK_MASK; - if (val == NULL && *p != NULL) - sa->nelem--; - else if (val != NULL && *p == NULL) - sa->nelem++; - *p = val; - return 1; -} diff --git a/crypto/srp/srp_lib.c b/crypto/srp/srp_lib.c deleted file mode 100644 index df0d3720ff0dd7ec771e4d94b05395b97b073c9c..0000000000000000000000000000000000000000 --- a/crypto/srp/srp_lib.c +++ /dev/null @@ -1,334 +0,0 @@ -/* - * Copyright 2004-2021 The OpenSSL Project Authors. All Rights Reserved. - * Copyright (c) 2004, EdelKey Project. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - * - * Originally written by Christophe Renou and Peter Sylvester, - * for the EdelKey project. - */ - -/* All the SRP APIs in this file are deprecated */ -#define OPENSSL_SUPPRESS_DEPRECATED - -#ifndef OPENSSL_NO_SRP -# include "internal/cryptlib.h" -# include -# include -# include -# include "crypto/bn_srp.h" - -/* calculate = SHA1(PAD(x) || PAD(y)) */ - -static BIGNUM *srp_Calc_xy(const BIGNUM *x, const BIGNUM *y, const BIGNUM *N, - OSSL_LIB_CTX *libctx, const char *propq) -{ - unsigned char digest[SHA_DIGEST_LENGTH]; - unsigned char *tmp = NULL; - int numN = BN_num_bytes(N); - BIGNUM *res = NULL; - EVP_MD *sha1 = EVP_MD_fetch(libctx, "SHA1", propq); - - if (sha1 == NULL) - return NULL; - - if (x != N && BN_ucmp(x, N) >= 0) - goto err; - if (y != N && BN_ucmp(y, N) >= 0) - goto err; - if ((tmp = OPENSSL_malloc(numN * 2)) == NULL) - goto err; - if (BN_bn2binpad(x, tmp, numN) < 0 - || BN_bn2binpad(y, tmp + numN, numN) < 0 - || !EVP_Digest(tmp, numN * 2, digest, NULL, sha1, NULL)) - goto err; - res = BN_bin2bn(digest, sizeof(digest), NULL); - err: - EVP_MD_free(sha1); - OPENSSL_free(tmp); - return res; -} - -static BIGNUM *srp_Calc_k(const BIGNUM *N, const BIGNUM *g, - OSSL_LIB_CTX *libctx, - const char *propq) -{ - /* k = SHA1(N | PAD(g)) -- tls-srp RFC 5054 */ - return srp_Calc_xy(N, g, N, libctx, propq); -} - -BIGNUM *SRP_Calc_u_ex(const BIGNUM *A, const BIGNUM *B, const BIGNUM *N, - OSSL_LIB_CTX *libctx, const char *propq) -{ - /* u = SHA1(PAD(A) || PAD(B) ) -- tls-srp RFC 5054 */ - return srp_Calc_xy(A, B, N, libctx, propq); -} - -BIGNUM *SRP_Calc_u(const BIGNUM *A, const BIGNUM *B, const BIGNUM *N) -{ - /* u = SHA1(PAD(A) || PAD(B) ) -- tls-srp RFC 5054 */ - return srp_Calc_xy(A, B, N, NULL, NULL); -} - -BIGNUM *SRP_Calc_server_key(const BIGNUM *A, const BIGNUM *v, const BIGNUM *u, - const BIGNUM *b, const BIGNUM *N) -{ - BIGNUM *tmp = NULL, *S = NULL; - BN_CTX *bn_ctx; - - if (u == NULL || A == NULL || v == NULL || b == NULL || N == NULL) - return NULL; - - if ((bn_ctx = BN_CTX_new()) == NULL || (tmp = BN_new()) == NULL) - goto err; - - /* S = (A*v**u) ** b */ - - if (!BN_mod_exp(tmp, v, u, N, bn_ctx)) - goto err; - if (!BN_mod_mul(tmp, A, tmp, N, bn_ctx)) - goto err; - - S = BN_new(); - if (S != NULL && !BN_mod_exp(S, tmp, b, N, bn_ctx)) { - BN_free(S); - S = NULL; - } - err: - BN_CTX_free(bn_ctx); - BN_clear_free(tmp); - return S; -} - -BIGNUM *SRP_Calc_B_ex(const BIGNUM *b, const BIGNUM *N, const BIGNUM *g, - const BIGNUM *v, OSSL_LIB_CTX *libctx, const char *propq) -{ - BIGNUM *kv = NULL, *gb = NULL; - BIGNUM *B = NULL, *k = NULL; - BN_CTX *bn_ctx; - - if (b == NULL || N == NULL || g == NULL || v == NULL || - (bn_ctx = BN_CTX_new_ex(libctx)) == NULL) - return NULL; - - if ((kv = BN_new()) == NULL || - (gb = BN_new()) == NULL || (B = BN_new()) == NULL) - goto err; - - /* B = g**b + k*v */ - - if (!BN_mod_exp(gb, g, b, N, bn_ctx) - || (k = srp_Calc_k(N, g, libctx, propq)) == NULL - || !BN_mod_mul(kv, v, k, N, bn_ctx) - || !BN_mod_add(B, gb, kv, N, bn_ctx)) { - BN_free(B); - B = NULL; - } - err: - BN_CTX_free(bn_ctx); - BN_clear_free(kv); - BN_clear_free(gb); - BN_free(k); - return B; -} - -BIGNUM *SRP_Calc_B(const BIGNUM *b, const BIGNUM *N, const BIGNUM *g, - const BIGNUM *v) -{ - return SRP_Calc_B_ex(b, N, g, v, NULL, NULL); -} - -BIGNUM *SRP_Calc_x_ex(const BIGNUM *s, const char *user, const char *pass, - OSSL_LIB_CTX *libctx, const char *propq) -{ - unsigned char dig[SHA_DIGEST_LENGTH]; - EVP_MD_CTX *ctxt; - unsigned char *cs = NULL; - BIGNUM *res = NULL; - EVP_MD *sha1 = NULL; - - if ((s == NULL) || (user == NULL) || (pass == NULL)) - return NULL; - - ctxt = EVP_MD_CTX_new(); - if (ctxt == NULL) - return NULL; - if ((cs = OPENSSL_malloc(BN_num_bytes(s))) == NULL) - goto err; - - sha1 = EVP_MD_fetch(libctx, "SHA1", propq); - if (sha1 == NULL) - goto err; - - if (!EVP_DigestInit_ex(ctxt, sha1, NULL) - || !EVP_DigestUpdate(ctxt, user, strlen(user)) - || !EVP_DigestUpdate(ctxt, ":", 1) - || !EVP_DigestUpdate(ctxt, pass, strlen(pass)) - || !EVP_DigestFinal_ex(ctxt, dig, NULL) - || !EVP_DigestInit_ex(ctxt, sha1, NULL)) - goto err; - if (BN_bn2bin(s, cs) < 0) - goto err; - if (!EVP_DigestUpdate(ctxt, cs, BN_num_bytes(s))) - goto err; - - if (!EVP_DigestUpdate(ctxt, dig, sizeof(dig)) - || !EVP_DigestFinal_ex(ctxt, dig, NULL)) - goto err; - - res = BN_bin2bn(dig, sizeof(dig), NULL); - - err: - EVP_MD_free(sha1); - OPENSSL_free(cs); - EVP_MD_CTX_free(ctxt); - return res; -} - -BIGNUM *SRP_Calc_x(const BIGNUM *s, const char *user, const char *pass) -{ - return SRP_Calc_x_ex(s, user, pass, NULL, NULL); -} - -BIGNUM *SRP_Calc_A(const BIGNUM *a, const BIGNUM *N, const BIGNUM *g) -{ - BN_CTX *bn_ctx; - BIGNUM *A = NULL; - - if (a == NULL || N == NULL || g == NULL || (bn_ctx = BN_CTX_new()) == NULL) - return NULL; - - if ((A = BN_new()) != NULL && !BN_mod_exp(A, g, a, N, bn_ctx)) { - BN_free(A); - A = NULL; - } - BN_CTX_free(bn_ctx); - return A; -} - -BIGNUM *SRP_Calc_client_key_ex(const BIGNUM *N, const BIGNUM *B, const BIGNUM *g, - const BIGNUM *x, const BIGNUM *a, const BIGNUM *u, - OSSL_LIB_CTX *libctx, const char *propq) -{ - BIGNUM *tmp = NULL, *tmp2 = NULL, *tmp3 = NULL, *k = NULL, *K = NULL; - BIGNUM *xtmp = NULL; - BN_CTX *bn_ctx; - - if (u == NULL || B == NULL || N == NULL || g == NULL || x == NULL - || a == NULL || (bn_ctx = BN_CTX_new_ex(libctx)) == NULL) - return NULL; - - if ((tmp = BN_new()) == NULL || - (tmp2 = BN_new()) == NULL || - (tmp3 = BN_new()) == NULL || - (xtmp = BN_new()) == NULL) - goto err; - - BN_with_flags(xtmp, x, BN_FLG_CONSTTIME); - BN_set_flags(tmp, BN_FLG_CONSTTIME); - if (!BN_mod_exp(tmp, g, xtmp, N, bn_ctx)) - goto err; - if ((k = srp_Calc_k(N, g, libctx, propq)) == NULL) - goto err; - if (!BN_mod_mul(tmp2, tmp, k, N, bn_ctx)) - goto err; - if (!BN_mod_sub(tmp, B, tmp2, N, bn_ctx)) - goto err; - if (!BN_mul(tmp3, u, xtmp, bn_ctx)) - goto err; - if (!BN_add(tmp2, a, tmp3)) - goto err; - K = BN_new(); - if (K != NULL && !BN_mod_exp(K, tmp, tmp2, N, bn_ctx)) { - BN_free(K); - K = NULL; - } - - err: - BN_CTX_free(bn_ctx); - BN_free(xtmp); - BN_clear_free(tmp); - BN_clear_free(tmp2); - BN_clear_free(tmp3); - BN_free(k); - return K; -} - -BIGNUM *SRP_Calc_client_key(const BIGNUM *N, const BIGNUM *B, const BIGNUM *g, - const BIGNUM *x, const BIGNUM *a, const BIGNUM *u) -{ - return SRP_Calc_client_key_ex(N, B, g, x, a, u, NULL, NULL); -} - -int SRP_Verify_B_mod_N(const BIGNUM *B, const BIGNUM *N) -{ - BIGNUM *r; - BN_CTX *bn_ctx; - int ret = 0; - - if (B == NULL || N == NULL || (bn_ctx = BN_CTX_new()) == NULL) - return 0; - - if ((r = BN_new()) == NULL) - goto err; - /* Checks if B % N == 0 */ - if (!BN_nnmod(r, B, N, bn_ctx)) - goto err; - ret = !BN_is_zero(r); - err: - BN_CTX_free(bn_ctx); - BN_free(r); - return ret; -} - -int SRP_Verify_A_mod_N(const BIGNUM *A, const BIGNUM *N) -{ - /* Checks if A % N == 0 */ - return SRP_Verify_B_mod_N(A, N); -} - -static SRP_gN knowngN[] = { - {"8192", &ossl_bn_generator_19, &ossl_bn_group_8192}, - {"6144", &ossl_bn_generator_5, &ossl_bn_group_6144}, - {"4096", &ossl_bn_generator_5, &ossl_bn_group_4096}, - {"3072", &ossl_bn_generator_5, &ossl_bn_group_3072}, - {"2048", &ossl_bn_generator_2, &ossl_bn_group_2048}, - {"1536", &ossl_bn_generator_2, &ossl_bn_group_1536}, - {"1024", &ossl_bn_generator_2, &ossl_bn_group_1024}, -}; - -# define KNOWN_GN_NUMBER sizeof(knowngN) / sizeof(SRP_gN) - -/* - * Check if G and N are known parameters. The values have been generated - * from the IETF RFC 5054 - */ -char *SRP_check_known_gN_param(const BIGNUM *g, const BIGNUM *N) -{ - size_t i; - if ((g == NULL) || (N == NULL)) - return NULL; - - for (i = 0; i < KNOWN_GN_NUMBER; i++) { - if (BN_cmp(knowngN[i].g, g) == 0 && BN_cmp(knowngN[i].N, N) == 0) - return knowngN[i].id; - } - return NULL; -} - -SRP_gN *SRP_get_default_gN(const char *id) -{ - size_t i; - - if (id == NULL) - return knowngN; - for (i = 0; i < KNOWN_GN_NUMBER; i++) { - if (strcmp(knowngN[i].id, id) == 0) - return knowngN + i; - } - return NULL; -} -#endif diff --git a/crypto/srp/srp_vfy.c b/crypto/srp/srp_vfy.c deleted file mode 100644 index e8beb60d278a08773fad58afb02bf25f9bad3e97..0000000000000000000000000000000000000000 --- a/crypto/srp/srp_vfy.c +++ /dev/null @@ -1,773 +0,0 @@ -/* - * Copyright 2004-2021 The OpenSSL Project Authors. All Rights Reserved. - * Copyright (c) 2004, EdelKey Project. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - * - * Originally written by Christophe Renou and Peter Sylvester, - * for the EdelKey project. - */ - -/* All the SRP APIs in this file are deprecated */ -#define OPENSSL_SUPPRESS_DEPRECATED - -#ifndef OPENSSL_NO_SRP -# include "internal/cryptlib.h" -# include "crypto/evp.h" -# include -# include -# include -# include -# include -# include -# include - -# define SRP_RANDOM_SALT_LEN 20 -# define MAX_LEN 2500 - -/* - * Note that SRP uses its own variant of base 64 encoding. A different base64 - * alphabet is used and no padding '=' characters are added. Instead we pad to - * the front with 0 bytes and subsequently strip off leading encoded padding. - * This variant is used for compatibility with other SRP implementations - - * notably libsrp, but also others. It is also required for backwards - * compatibility in order to load verifier files from other OpenSSL versions. - */ - -/* - * Convert a base64 string into raw byte array representation. - * Returns the length of the decoded data, or -1 on error. - */ -static int t_fromb64(unsigned char *a, size_t alen, const char *src) -{ - EVP_ENCODE_CTX *ctx; - int outl = 0, outl2 = 0; - size_t size, padsize; - const unsigned char *pad = (const unsigned char *)"00"; - - while (*src == ' ' || *src == '\t' || *src == '\n') - ++src; - size = strlen(src); - padsize = 4 - (size & 3); - padsize &= 3; - - /* Four bytes in src become three bytes output. */ - if (size > INT_MAX || ((size + padsize) / 4) * 3 > alen) - return -1; - - ctx = EVP_ENCODE_CTX_new(); - if (ctx == NULL) - return -1; - - /* - * This should never occur because 1 byte of data always requires 2 bytes of - * encoding, i.e. - * 0 bytes unencoded = 0 bytes encoded - * 1 byte unencoded = 2 bytes encoded - * 2 bytes unencoded = 3 bytes encoded - * 3 bytes unencoded = 4 bytes encoded - * 4 bytes unencoded = 6 bytes encoded - * etc - */ - if (padsize == 3) { - outl = -1; - goto err; - } - - /* Valid padsize values are now 0, 1 or 2 */ - - EVP_DecodeInit(ctx); - evp_encode_ctx_set_flags(ctx, EVP_ENCODE_CTX_USE_SRP_ALPHABET); - - /* Add any encoded padding that is required */ - if (padsize != 0 - && EVP_DecodeUpdate(ctx, a, &outl, pad, padsize) < 0) { - outl = -1; - goto err; - } - if (EVP_DecodeUpdate(ctx, a, &outl2, (const unsigned char *)src, size) < 0) { - outl = -1; - goto err; - } - outl += outl2; - EVP_DecodeFinal(ctx, a + outl, &outl2); - outl += outl2; - - /* Strip off the leading padding */ - if (padsize != 0) { - if ((int)padsize >= outl) { - outl = -1; - goto err; - } - - /* - * If we added 1 byte of padding prior to encoding then we have 2 bytes - * of "real" data which gets spread across 4 encoded bytes like this: - * (6 bits pad)(2 bits pad | 4 bits data)(6 bits data)(6 bits data) - * So 1 byte of pre-encoding padding results in 1 full byte of encoded - * padding. - * If we added 2 bytes of padding prior to encoding this gets encoded - * as: - * (6 bits pad)(6 bits pad)(4 bits pad | 2 bits data)(6 bits data) - * So 2 bytes of pre-encoding padding results in 2 full bytes of encoded - * padding, i.e. we have to strip the same number of bytes of padding - * from the encoded data as we added to the pre-encoded data. - */ - memmove(a, a + padsize, outl - padsize); - outl -= padsize; - } - - err: - EVP_ENCODE_CTX_free(ctx); - - return outl; -} - -/* - * Convert a raw byte string into a null-terminated base64 ASCII string. - * Returns 1 on success or 0 on error. - */ -static int t_tob64(char *dst, const unsigned char *src, int size) -{ - EVP_ENCODE_CTX *ctx = EVP_ENCODE_CTX_new(); - int outl = 0, outl2 = 0; - unsigned char pad[2] = {0, 0}; - size_t leadz = 0; - - if (ctx == NULL) - return 0; - - EVP_EncodeInit(ctx); - evp_encode_ctx_set_flags(ctx, EVP_ENCODE_CTX_NO_NEWLINES - | EVP_ENCODE_CTX_USE_SRP_ALPHABET); - - /* - * We pad at the front with zero bytes until the length is a multiple of 3 - * so that EVP_EncodeUpdate/EVP_EncodeFinal does not add any of its own "=" - * padding - */ - leadz = 3 - (size % 3); - if (leadz != 3 - && !EVP_EncodeUpdate(ctx, (unsigned char *)dst, &outl, pad, - leadz)) { - EVP_ENCODE_CTX_free(ctx); - return 0; - } - - if (!EVP_EncodeUpdate(ctx, (unsigned char *)dst + outl, &outl2, src, - size)) { - EVP_ENCODE_CTX_free(ctx); - return 0; - } - outl += outl2; - EVP_EncodeFinal(ctx, (unsigned char *)dst + outl, &outl2); - outl += outl2; - - /* Strip the encoded padding at the front */ - if (leadz != 3) { - memmove(dst, dst + leadz, outl - leadz); - dst[outl - leadz] = '\0'; - } - - EVP_ENCODE_CTX_free(ctx); - return 1; -} - -void SRP_user_pwd_free(SRP_user_pwd *user_pwd) -{ - if (user_pwd == NULL) - return; - BN_free(user_pwd->s); - BN_clear_free(user_pwd->v); - OPENSSL_free(user_pwd->id); - OPENSSL_free(user_pwd->info); - OPENSSL_free(user_pwd); -} - -SRP_user_pwd *SRP_user_pwd_new(void) -{ - SRP_user_pwd *ret; - - if ((ret = OPENSSL_malloc(sizeof(*ret))) == NULL) { - /* ERR_raise(ERR_LIB_SRP, ERR_R_MALLOC_FAILURE); */ /*ckerr_ignore*/ - return NULL; - } - ret->N = NULL; - ret->g = NULL; - ret->s = NULL; - ret->v = NULL; - ret->id = NULL; - ret->info = NULL; - return ret; -} - -void SRP_user_pwd_set_gN(SRP_user_pwd *vinfo, const BIGNUM *g, - const BIGNUM *N) -{ - vinfo->N = N; - vinfo->g = g; -} - -int SRP_user_pwd_set1_ids(SRP_user_pwd *vinfo, const char *id, - const char *info) -{ - OPENSSL_free(vinfo->id); - OPENSSL_free(vinfo->info); - if (id != NULL && NULL == (vinfo->id = OPENSSL_strdup(id))) - return 0; - return (info == NULL || NULL != (vinfo->info = OPENSSL_strdup(info))); -} - -static int SRP_user_pwd_set_sv(SRP_user_pwd *vinfo, const char *s, - const char *v) -{ - unsigned char tmp[MAX_LEN]; - int len; - - vinfo->v = NULL; - vinfo->s = NULL; - - len = t_fromb64(tmp, sizeof(tmp), v); - if (len < 0) - return 0; - if (NULL == (vinfo->v = BN_bin2bn(tmp, len, NULL))) - return 0; - len = t_fromb64(tmp, sizeof(tmp), s); - if (len < 0) - goto err; - vinfo->s = BN_bin2bn(tmp, len, NULL); - if (vinfo->s == NULL) - goto err; - return 1; - err: - BN_free(vinfo->v); - vinfo->v = NULL; - return 0; -} - -int SRP_user_pwd_set0_sv(SRP_user_pwd *vinfo, BIGNUM *s, BIGNUM *v) -{ - BN_free(vinfo->s); - BN_clear_free(vinfo->v); - vinfo->v = v; - vinfo->s = s; - return (vinfo->s != NULL && vinfo->v != NULL); -} - -static SRP_user_pwd *srp_user_pwd_dup(SRP_user_pwd *src) -{ - SRP_user_pwd *ret; - - if (src == NULL) - return NULL; - if ((ret = SRP_user_pwd_new()) == NULL) - return NULL; - - SRP_user_pwd_set_gN(ret, src->g, src->N); - if (!SRP_user_pwd_set1_ids(ret, src->id, src->info) - || !SRP_user_pwd_set0_sv(ret, BN_dup(src->s), BN_dup(src->v))) { - SRP_user_pwd_free(ret); - return NULL; - } - return ret; -} - -SRP_VBASE *SRP_VBASE_new(char *seed_key) -{ - SRP_VBASE *vb = OPENSSL_malloc(sizeof(*vb)); - - if (vb == NULL) - return NULL; - if ((vb->users_pwd = sk_SRP_user_pwd_new_null()) == NULL - || (vb->gN_cache = sk_SRP_gN_cache_new_null()) == NULL) { - OPENSSL_free(vb); - return NULL; - } - vb->default_g = NULL; - vb->default_N = NULL; - vb->seed_key = NULL; - if ((seed_key != NULL) && (vb->seed_key = OPENSSL_strdup(seed_key)) == NULL) { - sk_SRP_user_pwd_free(vb->users_pwd); - sk_SRP_gN_cache_free(vb->gN_cache); - OPENSSL_free(vb); - return NULL; - } - return vb; -} - -void SRP_VBASE_free(SRP_VBASE *vb) -{ - if (!vb) - return; - sk_SRP_user_pwd_pop_free(vb->users_pwd, SRP_user_pwd_free); - sk_SRP_gN_cache_free(vb->gN_cache); - OPENSSL_free(vb->seed_key); - OPENSSL_free(vb); -} - -static SRP_gN_cache *SRP_gN_new_init(const char *ch) -{ - unsigned char tmp[MAX_LEN]; - int len; - SRP_gN_cache *newgN = OPENSSL_malloc(sizeof(*newgN)); - - if (newgN == NULL) - return NULL; - - len = t_fromb64(tmp, sizeof(tmp), ch); - if (len < 0) - goto err; - - if ((newgN->b64_bn = OPENSSL_strdup(ch)) == NULL) - goto err; - - if ((newgN->bn = BN_bin2bn(tmp, len, NULL))) - return newgN; - - OPENSSL_free(newgN->b64_bn); - err: - OPENSSL_free(newgN); - return NULL; -} - -static void SRP_gN_free(SRP_gN_cache *gN_cache) -{ - if (gN_cache == NULL) - return; - OPENSSL_free(gN_cache->b64_bn); - BN_free(gN_cache->bn); - OPENSSL_free(gN_cache); -} - -static SRP_gN *SRP_get_gN_by_id(const char *id, STACK_OF(SRP_gN) *gN_tab) -{ - int i; - - SRP_gN *gN; - if (gN_tab != NULL) { - for (i = 0; i < sk_SRP_gN_num(gN_tab); i++) { - gN = sk_SRP_gN_value(gN_tab, i); - if (gN && (id == NULL || strcmp(gN->id, id) == 0)) - return gN; - } - } - - return SRP_get_default_gN(id); -} - -static BIGNUM *SRP_gN_place_bn(STACK_OF(SRP_gN_cache) *gN_cache, char *ch) -{ - int i; - if (gN_cache == NULL) - return NULL; - - /* search if we have already one... */ - for (i = 0; i < sk_SRP_gN_cache_num(gN_cache); i++) { - SRP_gN_cache *cache = sk_SRP_gN_cache_value(gN_cache, i); - if (strcmp(cache->b64_bn, ch) == 0) - return cache->bn; - } - { /* it is the first time that we find it */ - SRP_gN_cache *newgN = SRP_gN_new_init(ch); - if (newgN) { - if (sk_SRP_gN_cache_insert(gN_cache, newgN, 0) > 0) - return newgN->bn; - SRP_gN_free(newgN); - } - } - return NULL; -} - -/* - * This function parses the verifier file generated by the srp app. - * The format for each entry is: - * V base64(verifier) base64(salt) username gNid userinfo(optional) - * or - * I base64(N) base64(g) - * Note that base64 is the SRP variant of base64 encoding described - * in t_fromb64(). - */ - -int SRP_VBASE_init(SRP_VBASE *vb, char *verifier_file) -{ - int error_code; - STACK_OF(SRP_gN) *SRP_gN_tab = sk_SRP_gN_new_null(); - char *last_index = NULL; - int i; - char **pp; - - SRP_gN *gN = NULL; - SRP_user_pwd *user_pwd = NULL; - - TXT_DB *tmpdb = NULL; - BIO *in = BIO_new(BIO_s_file()); - - error_code = SRP_ERR_OPEN_FILE; - - if (in == NULL || BIO_read_filename(in, verifier_file) <= 0) - goto err; - - error_code = SRP_ERR_VBASE_INCOMPLETE_FILE; - - if ((tmpdb = TXT_DB_read(in, DB_NUMBER)) == NULL) - goto err; - - error_code = SRP_ERR_MEMORY; - - if (vb->seed_key) { - last_index = SRP_get_default_gN(NULL)->id; - } - for (i = 0; i < sk_OPENSSL_PSTRING_num(tmpdb->data); i++) { - pp = sk_OPENSSL_PSTRING_value(tmpdb->data, i); - if (pp[DB_srptype][0] == DB_SRP_INDEX) { - /* - * we add this couple in the internal Stack - */ - - if ((gN = OPENSSL_malloc(sizeof(*gN))) == NULL) - goto err; - - if ((gN->id = OPENSSL_strdup(pp[DB_srpid])) == NULL - || (gN->N = SRP_gN_place_bn(vb->gN_cache, pp[DB_srpverifier])) - == NULL - || (gN->g = SRP_gN_place_bn(vb->gN_cache, pp[DB_srpsalt])) - == NULL - || sk_SRP_gN_insert(SRP_gN_tab, gN, 0) == 0) - goto err; - - gN = NULL; - - if (vb->seed_key != NULL) { - last_index = pp[DB_srpid]; - } - } else if (pp[DB_srptype][0] == DB_SRP_VALID) { - /* it is a user .... */ - const SRP_gN *lgN; - - if ((lgN = SRP_get_gN_by_id(pp[DB_srpgN], SRP_gN_tab)) != NULL) { - error_code = SRP_ERR_MEMORY; - if ((user_pwd = SRP_user_pwd_new()) == NULL) - goto err; - - SRP_user_pwd_set_gN(user_pwd, lgN->g, lgN->N); - if (!SRP_user_pwd_set1_ids - (user_pwd, pp[DB_srpid], pp[DB_srpinfo])) - goto err; - - error_code = SRP_ERR_VBASE_BN_LIB; - if (!SRP_user_pwd_set_sv - (user_pwd, pp[DB_srpsalt], pp[DB_srpverifier])) - goto err; - - if (sk_SRP_user_pwd_insert(vb->users_pwd, user_pwd, 0) == 0) - goto err; - user_pwd = NULL; /* abandon responsibility */ - } - } - } - - if (last_index != NULL) { - /* this means that we want to simulate a default user */ - - if (((gN = SRP_get_gN_by_id(last_index, SRP_gN_tab)) == NULL)) { - error_code = SRP_ERR_VBASE_BN_LIB; - goto err; - } - vb->default_g = gN->g; - vb->default_N = gN->N; - gN = NULL; - } - error_code = SRP_NO_ERROR; - - err: - /* - * there may be still some leaks to fix, if this fails, the application - * terminates most likely - */ - - if (gN != NULL) { - OPENSSL_free(gN->id); - OPENSSL_free(gN); - } - - SRP_user_pwd_free(user_pwd); - - TXT_DB_free(tmpdb); - BIO_free_all(in); - - sk_SRP_gN_free(SRP_gN_tab); - - return error_code; - -} - -static SRP_user_pwd *find_user(SRP_VBASE *vb, char *username) -{ - int i; - SRP_user_pwd *user; - - if (vb == NULL) - return NULL; - - for (i = 0; i < sk_SRP_user_pwd_num(vb->users_pwd); i++) { - user = sk_SRP_user_pwd_value(vb->users_pwd, i); - if (strcmp(user->id, username) == 0) - return user; - } - - return NULL; -} - -int SRP_VBASE_add0_user(SRP_VBASE *vb, SRP_user_pwd *user_pwd) -{ - if (sk_SRP_user_pwd_push(vb->users_pwd, user_pwd) <= 0) - return 0; - return 1; -} - -# ifndef OPENSSL_NO_DEPRECATED_1_1_0 -/* - * DEPRECATED: use SRP_VBASE_get1_by_user instead. - * This method ignores the configured seed and fails for an unknown user. - * Ownership of the returned pointer is not released to the caller. - * In other words, caller must not free the result. - */ -SRP_user_pwd *SRP_VBASE_get_by_user(SRP_VBASE *vb, char *username) -{ - return find_user(vb, username); -} -# endif - -/* - * Ownership of the returned pointer is released to the caller. - * In other words, caller must free the result once done. - */ -SRP_user_pwd *SRP_VBASE_get1_by_user(SRP_VBASE *vb, char *username) -{ - SRP_user_pwd *user; - unsigned char digv[SHA_DIGEST_LENGTH]; - unsigned char digs[SHA_DIGEST_LENGTH]; - EVP_MD_CTX *ctxt = NULL; - EVP_MD *md = NULL; - - if (vb == NULL) - return NULL; - - if ((user = find_user(vb, username)) != NULL) - return srp_user_pwd_dup(user); - - if ((vb->seed_key == NULL) || - (vb->default_g == NULL) || (vb->default_N == NULL)) - return NULL; - -/* if the user is unknown we set parameters as well if we have a seed_key */ - - if ((user = SRP_user_pwd_new()) == NULL) - return NULL; - - SRP_user_pwd_set_gN(user, vb->default_g, vb->default_N); - - if (!SRP_user_pwd_set1_ids(user, username, NULL)) - goto err; - - if (RAND_priv_bytes(digv, SHA_DIGEST_LENGTH) <= 0) - goto err; - md = EVP_MD_fetch(NULL, SN_sha1, NULL); - if (md == NULL) - goto err; - ctxt = EVP_MD_CTX_new(); - if (ctxt == NULL - || !EVP_DigestInit_ex(ctxt, md, NULL) - || !EVP_DigestUpdate(ctxt, vb->seed_key, strlen(vb->seed_key)) - || !EVP_DigestUpdate(ctxt, username, strlen(username)) - || !EVP_DigestFinal_ex(ctxt, digs, NULL)) - goto err; - EVP_MD_CTX_free(ctxt); - ctxt = NULL; - EVP_MD_free(md); - md = NULL; - if (SRP_user_pwd_set0_sv(user, - BN_bin2bn(digs, SHA_DIGEST_LENGTH, NULL), - BN_bin2bn(digv, SHA_DIGEST_LENGTH, NULL))) - return user; - - err: - EVP_MD_free(md); - EVP_MD_CTX_free(ctxt); - SRP_user_pwd_free(user); - return NULL; -} - -/* - * create a verifier (*salt,*verifier,g and N are in base64) - */ -char *SRP_create_verifier_ex(const char *user, const char *pass, char **salt, - char **verifier, const char *N, const char *g, - OSSL_LIB_CTX *libctx, const char *propq) -{ - int len; - char *result = NULL, *vf = NULL; - const BIGNUM *N_bn = NULL, *g_bn = NULL; - BIGNUM *N_bn_alloc = NULL, *g_bn_alloc = NULL, *s = NULL, *v = NULL; - unsigned char tmp[MAX_LEN]; - unsigned char tmp2[MAX_LEN]; - char *defgNid = NULL; - int vfsize = 0; - - if ((user == NULL) || - (pass == NULL) || (salt == NULL) || (verifier == NULL)) - goto err; - - if (N) { - if ((len = t_fromb64(tmp, sizeof(tmp), N)) <= 0) - goto err; - N_bn_alloc = BN_bin2bn(tmp, len, NULL); - if (N_bn_alloc == NULL) - goto err; - N_bn = N_bn_alloc; - if ((len = t_fromb64(tmp, sizeof(tmp) ,g)) <= 0) - goto err; - g_bn_alloc = BN_bin2bn(tmp, len, NULL); - if (g_bn_alloc == NULL) - goto err; - g_bn = g_bn_alloc; - defgNid = "*"; - } else { - SRP_gN *gN = SRP_get_default_gN(g); - if (gN == NULL) - goto err; - N_bn = gN->N; - g_bn = gN->g; - defgNid = gN->id; - } - - if (*salt == NULL) { - if (RAND_bytes_ex(libctx, tmp2, SRP_RANDOM_SALT_LEN, 0) <= 0) - goto err; - - s = BN_bin2bn(tmp2, SRP_RANDOM_SALT_LEN, NULL); - } else { - if ((len = t_fromb64(tmp2, sizeof(tmp2), *salt)) <= 0) - goto err; - s = BN_bin2bn(tmp2, len, NULL); - } - if (s == NULL) - goto err; - - if (!SRP_create_verifier_BN_ex(user, pass, &s, &v, N_bn, g_bn, libctx, - propq)) - goto err; - - if (BN_bn2bin(v, tmp) < 0) - goto err; - vfsize = BN_num_bytes(v) * 2; - if (((vf = OPENSSL_malloc(vfsize)) == NULL)) - goto err; - if (!t_tob64(vf, tmp, BN_num_bytes(v))) - goto err; - - if (*salt == NULL) { - char *tmp_salt; - - if ((tmp_salt = OPENSSL_malloc(SRP_RANDOM_SALT_LEN * 2)) == NULL) { - goto err; - } - if (!t_tob64(tmp_salt, tmp2, SRP_RANDOM_SALT_LEN)) { - OPENSSL_free(tmp_salt); - goto err; - } - *salt = tmp_salt; - } - - *verifier = vf; - vf = NULL; - result = defgNid; - - err: - BN_free(N_bn_alloc); - BN_free(g_bn_alloc); - OPENSSL_clear_free(vf, vfsize); - BN_clear_free(s); - BN_clear_free(v); - return result; -} - -char *SRP_create_verifier(const char *user, const char *pass, char **salt, - char **verifier, const char *N, const char *g) -{ - return SRP_create_verifier_ex(user, pass, salt, verifier, N, g, NULL, NULL); -} - -/* - * create a verifier (*salt,*verifier,g and N are BIGNUMs). If *salt != NULL - * then the provided salt will be used. On successful exit *verifier will point - * to a newly allocated BIGNUM containing the verifier and (if a salt was not - * provided) *salt will be populated with a newly allocated BIGNUM containing a - * random salt. - * The caller is responsible for freeing the allocated *salt and *verifier - * BIGNUMS. - */ -int SRP_create_verifier_BN_ex(const char *user, const char *pass, BIGNUM **salt, - BIGNUM **verifier, const BIGNUM *N, - const BIGNUM *g, OSSL_LIB_CTX *libctx, - const char *propq) -{ - int result = 0; - BIGNUM *x = NULL; - BN_CTX *bn_ctx = BN_CTX_new_ex(libctx); - unsigned char tmp2[MAX_LEN]; - BIGNUM *salttmp = NULL, *verif; - - if ((user == NULL) || - (pass == NULL) || - (salt == NULL) || - (verifier == NULL) || (N == NULL) || (g == NULL) || (bn_ctx == NULL)) - goto err; - - if (*salt == NULL) { - if (RAND_bytes_ex(libctx, tmp2, SRP_RANDOM_SALT_LEN, 0) <= 0) - goto err; - - salttmp = BN_bin2bn(tmp2, SRP_RANDOM_SALT_LEN, NULL); - if (salttmp == NULL) - goto err; - } else { - salttmp = *salt; - } - - x = SRP_Calc_x_ex(salttmp, user, pass, libctx, propq); - if (x == NULL) - goto err; - - verif = BN_new(); - if (verif == NULL) - goto err; - - if (!BN_mod_exp(verif, g, x, N, bn_ctx)) { - BN_clear_free(verif); - goto err; - } - - result = 1; - *salt = salttmp; - *verifier = verif; - - err: - if (salt != NULL && *salt != salttmp) - BN_clear_free(salttmp); - BN_clear_free(x); - BN_CTX_free(bn_ctx); - return result; -} - -int SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt, - BIGNUM **verifier, const BIGNUM *N, - const BIGNUM *g) -{ - return SRP_create_verifier_BN_ex(user, pass, salt, verifier, N, g, NULL, - NULL); -} -#endif diff --git a/crypto/stack/build.info b/crypto/stack/build.info deleted file mode 100644 index 23d83a6f111b512208b52b29b473780bcc430c6e..0000000000000000000000000000000000000000 --- a/crypto/stack/build.info +++ /dev/null @@ -1,3 +0,0 @@ -LIBS=../../libcrypto -SOURCE[../../libcrypto]=stack.c -SOURCE[../../providers/libfips.a]=stack.c diff --git a/crypto/stack/stack.c b/crypto/stack/stack.c deleted file mode 100644 index 51080b876797c81611c9bd57a1b9af165e5e68d1..0000000000000000000000000000000000000000 --- a/crypto/stack/stack.c +++ /dev/null @@ -1,478 +0,0 @@ -/* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/cryptlib.h" -#include "internal/numbers.h" -#include -#include -#include /* For ossl_inline */ - -/* - * The initial number of nodes in the array. - */ -static const int min_nodes = 4; -static const int max_nodes = SIZE_MAX / sizeof(void *) < INT_MAX - ? (int)(SIZE_MAX / sizeof(void *)) : INT_MAX; - -struct stack_st { - int num; - const void **data; - int sorted; - int num_alloc; - OPENSSL_sk_compfunc comp; -}; - -OPENSSL_sk_compfunc OPENSSL_sk_set_cmp_func(OPENSSL_STACK *sk, - OPENSSL_sk_compfunc c) -{ - OPENSSL_sk_compfunc old = sk->comp; - - if (sk->comp != c) - sk->sorted = 0; - sk->comp = c; - - return old; -} - -OPENSSL_STACK *OPENSSL_sk_dup(const OPENSSL_STACK *sk) -{ - OPENSSL_STACK *ret; - - if ((ret = OPENSSL_malloc(sizeof(*ret))) == NULL) - goto err; - - if (sk == NULL) { - ret->num = 0; - ret->sorted = 0; - ret->comp = NULL; - } else { - /* direct structure assignment */ - *ret = *sk; - } - - if (sk == NULL || sk->num == 0) { - /* postpone |ret->data| allocation */ - ret->data = NULL; - ret->num_alloc = 0; - return ret; - } - - /* duplicate |sk->data| content */ - ret->data = OPENSSL_malloc(sizeof(*ret->data) * sk->num_alloc); - if (ret->data == NULL) - goto err; - memcpy(ret->data, sk->data, sizeof(void *) * sk->num); - return ret; - - err: - ERR_raise(ERR_LIB_CRYPTO, ERR_R_MALLOC_FAILURE); - OPENSSL_sk_free(ret); - return NULL; -} - -OPENSSL_STACK *OPENSSL_sk_deep_copy(const OPENSSL_STACK *sk, - OPENSSL_sk_copyfunc copy_func, - OPENSSL_sk_freefunc free_func) -{ - OPENSSL_STACK *ret; - int i; - - if ((ret = OPENSSL_malloc(sizeof(*ret))) == NULL) - goto err; - - if (sk == NULL) { - ret->num = 0; - ret->sorted = 0; - ret->comp = NULL; - } else { - /* direct structure assignment */ - *ret = *sk; - } - - if (sk == NULL || sk->num == 0) { - /* postpone |ret| data allocation */ - ret->data = NULL; - ret->num_alloc = 0; - return ret; - } - - ret->num_alloc = sk->num > min_nodes ? sk->num : min_nodes; - ret->data = OPENSSL_zalloc(sizeof(*ret->data) * ret->num_alloc); - if (ret->data == NULL) - goto err; - - for (i = 0; i < ret->num; ++i) { - if (sk->data[i] == NULL) - continue; - if ((ret->data[i] = copy_func(sk->data[i])) == NULL) { - while (--i >= 0) - if (ret->data[i] != NULL) - free_func((void *)ret->data[i]); - goto err; - } - } - return ret; - - err: - ERR_raise(ERR_LIB_CRYPTO, ERR_R_MALLOC_FAILURE); - OPENSSL_sk_free(ret); - return NULL; -} - -OPENSSL_STACK *OPENSSL_sk_new_null(void) -{ - return OPENSSL_sk_new_reserve(NULL, 0); -} - -OPENSSL_STACK *OPENSSL_sk_new(OPENSSL_sk_compfunc c) -{ - return OPENSSL_sk_new_reserve(c, 0); -} - -/* - * Calculate the array growth based on the target size. - * - * The growth fraction is a rational number and is defined by a numerator - * and a denominator. According to Andrew Koenig in his paper "Why Are - * Vectors Efficient?" from JOOP 11(5) 1998, this factor should be less - * than the golden ratio (1.618...). - * - * We use 3/2 = 1.5 for simplicity of calculation and overflow checking. - * Another option 8/5 = 1.6 allows for slightly faster growth, although safe - * computation is more difficult. - * - * The limit to avoid overflow is spot on. The modulo three correction term - * ensures that the limit is the largest number than can be expanded by the - * growth factor without exceeding the hard limit. - * - * Do not call it with |current| lower than 2, or it will infinitely loop. - */ -static ossl_inline int compute_growth(int target, int current) -{ - const int limit = (max_nodes / 3) * 2 + (max_nodes % 3 ? 1 : 0); - - while (current < target) { - /* Check to see if we're at the hard limit */ - if (current >= max_nodes) - return 0; - - /* Expand the size by a factor of 3/2 if it is within range */ - current = current < limit ? current + current / 2 : max_nodes; - } - return current; -} - -/* internal STACK storage allocation */ -static int sk_reserve(OPENSSL_STACK *st, int n, int exact) -{ - const void **tmpdata; - int num_alloc; - - /* Check to see the reservation isn't exceeding the hard limit */ - if (n > max_nodes - st->num) { - ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_TOO_MANY_RECORDS); - return 0; - } - - /* Figure out the new size */ - num_alloc = st->num + n; - if (num_alloc < min_nodes) - num_alloc = min_nodes; - - /* If |st->data| allocation was postponed */ - if (st->data == NULL) { - /* - * At this point, |st->num_alloc| and |st->num| are 0; - * so |num_alloc| value is |n| or |min_nodes| if greater than |n|. - */ - if ((st->data = OPENSSL_zalloc(sizeof(void *) * num_alloc)) == NULL) { - ERR_raise(ERR_LIB_CRYPTO, ERR_R_MALLOC_FAILURE); - return 0; - } - st->num_alloc = num_alloc; - return 1; - } - - if (!exact) { - if (num_alloc <= st->num_alloc) - return 1; - num_alloc = compute_growth(num_alloc, st->num_alloc); - if (num_alloc == 0) { - ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_TOO_MANY_RECORDS); - return 0; - } - } else if (num_alloc == st->num_alloc) { - return 1; - } - - tmpdata = OPENSSL_realloc((void *)st->data, sizeof(void *) * num_alloc); - if (tmpdata == NULL) { - ERR_raise(ERR_LIB_CRYPTO, ERR_R_MALLOC_FAILURE); - return 0; - } - - st->data = tmpdata; - st->num_alloc = num_alloc; - return 1; -} - -OPENSSL_STACK *OPENSSL_sk_new_reserve(OPENSSL_sk_compfunc c, int n) -{ - OPENSSL_STACK *st = OPENSSL_zalloc(sizeof(OPENSSL_STACK)); - - if (st == NULL) { - ERR_raise(ERR_LIB_CRYPTO, ERR_R_MALLOC_FAILURE); - return NULL; - } - - st->comp = c; - - if (n <= 0) - return st; - - if (!sk_reserve(st, n, 1)) { - OPENSSL_sk_free(st); - return NULL; - } - - return st; -} - -int OPENSSL_sk_reserve(OPENSSL_STACK *st, int n) -{ - if (st == NULL) { - ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - - if (n < 0) - return 1; - return sk_reserve(st, n, 1); -} - -int OPENSSL_sk_insert(OPENSSL_STACK *st, const void *data, int loc) -{ - if (st == NULL) { - ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - if (st->num == max_nodes) { - ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_TOO_MANY_RECORDS); - return 0; - } - - if (!sk_reserve(st, 1, 0)) - return 0; - - if ((loc >= st->num) || (loc < 0)) { - st->data[st->num] = data; - } else { - memmove(&st->data[loc + 1], &st->data[loc], - sizeof(st->data[0]) * (st->num - loc)); - st->data[loc] = data; - } - st->num++; - st->sorted = 0; - return st->num; -} - -static ossl_inline void *internal_delete(OPENSSL_STACK *st, int loc) -{ - const void *ret = st->data[loc]; - - if (loc != st->num - 1) - memmove(&st->data[loc], &st->data[loc + 1], - sizeof(st->data[0]) * (st->num - loc - 1)); - st->num--; - - return (void *)ret; -} - -void *OPENSSL_sk_delete_ptr(OPENSSL_STACK *st, const void *p) -{ - int i; - - if (st == NULL) - return NULL; - - for (i = 0; i < st->num; i++) - if (st->data[i] == p) - return internal_delete(st, i); - return NULL; -} - -void *OPENSSL_sk_delete(OPENSSL_STACK *st, int loc) -{ - if (st == NULL || loc < 0 || loc >= st->num) - return NULL; - - return internal_delete(st, loc); -} - -static int internal_find(OPENSSL_STACK *st, const void *data, - int ret_val_options, int *pnum) -{ - const void *r; - int i; - - if (st == NULL || st->num == 0) - return -1; - - if (st->comp == NULL) { - for (i = 0; i < st->num; i++) - if (st->data[i] == data) { - if (pnum != NULL) - *pnum = 1; - return i; - } - if (pnum != NULL) - *pnum = 0; - return -1; - } - - if (!st->sorted) { - if (st->num > 1) - qsort(st->data, st->num, sizeof(void *), st->comp); - st->sorted = 1; /* empty or single-element stack is considered sorted */ - } - if (data == NULL) - return -1; - if (pnum != NULL) - ret_val_options |= OSSL_BSEARCH_FIRST_VALUE_ON_MATCH; - r = ossl_bsearch(&data, st->data, st->num, sizeof(void *), st->comp, - ret_val_options); - - if (pnum != NULL) { - *pnum = 0; - if (r != NULL) { - const void **p = (const void **)r; - - while (p < st->data + st->num) { - if (st->comp(&data, p) != 0) - break; - ++*pnum; - ++p; - } - } - } - - return r == NULL ? -1 : (int)((const void **)r - st->data); -} - -int OPENSSL_sk_find(OPENSSL_STACK *st, const void *data) -{ - return internal_find(st, data, OSSL_BSEARCH_FIRST_VALUE_ON_MATCH, NULL); -} - -int OPENSSL_sk_find_ex(OPENSSL_STACK *st, const void *data) -{ - return internal_find(st, data, OSSL_BSEARCH_VALUE_ON_NOMATCH, NULL); -} - -int OPENSSL_sk_find_all(OPENSSL_STACK *st, const void *data, int *pnum) -{ - return internal_find(st, data, OSSL_BSEARCH_FIRST_VALUE_ON_MATCH, pnum); -} - -int OPENSSL_sk_push(OPENSSL_STACK *st, const void *data) -{ - if (st == NULL) - return -1; - return OPENSSL_sk_insert(st, data, st->num); -} - -int OPENSSL_sk_unshift(OPENSSL_STACK *st, const void *data) -{ - return OPENSSL_sk_insert(st, data, 0); -} - -void *OPENSSL_sk_shift(OPENSSL_STACK *st) -{ - if (st == NULL || st->num == 0) - return NULL; - return internal_delete(st, 0); -} - -void *OPENSSL_sk_pop(OPENSSL_STACK *st) -{ - if (st == NULL || st->num == 0) - return NULL; - return internal_delete(st, st->num - 1); -} - -void OPENSSL_sk_zero(OPENSSL_STACK *st) -{ - if (st == NULL || st->num == 0) - return; - memset(st->data, 0, sizeof(*st->data) * st->num); - st->num = 0; -} - -void OPENSSL_sk_pop_free(OPENSSL_STACK *st, OPENSSL_sk_freefunc func) -{ - int i; - - if (st == NULL) - return; - for (i = 0; i < st->num; i++) - if (st->data[i] != NULL) - func((char *)st->data[i]); - OPENSSL_sk_free(st); -} - -void OPENSSL_sk_free(OPENSSL_STACK *st) -{ - if (st == NULL) - return; - OPENSSL_free(st->data); - OPENSSL_free(st); -} - -int OPENSSL_sk_num(const OPENSSL_STACK *st) -{ - return st == NULL ? -1 : st->num; -} - -void *OPENSSL_sk_value(const OPENSSL_STACK *st, int i) -{ - if (st == NULL || i < 0 || i >= st->num) - return NULL; - return (void *)st->data[i]; -} - -void *OPENSSL_sk_set(OPENSSL_STACK *st, int i, const void *data) -{ - if (st == NULL) { - ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER); - return NULL; - } - if (i < 0 || i >= st->num) { - ERR_raise_data(ERR_LIB_CRYPTO, ERR_R_PASSED_INVALID_ARGUMENT, - "i=%d", i); - return NULL; - } - st->data[i] = data; - st->sorted = 0; - return (void *)st->data[i]; -} - -void OPENSSL_sk_sort(OPENSSL_STACK *st) -{ - if (st != NULL && !st->sorted && st->comp != NULL) { - if (st->num > 1) - qsort(st->data, st->num, sizeof(void *), st->comp); - st->sorted = 1; /* empty or single-element stack is considered sorted */ - } -} - -int OPENSSL_sk_is_sorted(const OPENSSL_STACK *st) -{ - return st == NULL ? 1 : st->sorted; -} diff --git a/crypto/store/build.info b/crypto/store/build.info deleted file mode 100644 index 43d9e544a01f4d169d3ff554d5305a723debb378..0000000000000000000000000000000000000000 --- a/crypto/store/build.info +++ /dev/null @@ -1,7 +0,0 @@ -LIBS=../../libcrypto -SOURCE[../../libcrypto]=\ - store_err.c store_lib.c store_result.c store_strings.c store_meth.c - -IF[{- !$disabled{'deprecated-3.0'} -}] - SOURCE[../../libcrypto]=store_init.c store_register.c -ENDIF diff --git a/crypto/store/store_err.c b/crypto/store/store_err.c deleted file mode 100644 index ec62b358c589b697f646055c5ab19ce84eab5dce..0000000000000000000000000000000000000000 --- a/crypto/store/store_err.c +++ /dev/null @@ -1,75 +0,0 @@ -/* - * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include "crypto/storeerr.h" - -#ifndef OPENSSL_NO_ERR - -static const ERR_STRING_DATA OSSL_STORE_str_reasons[] = { - {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_AMBIGUOUS_CONTENT_TYPE), - "ambiguous content type"}, - {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_BAD_PASSWORD_READ), - "bad password read"}, - {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_ERROR_VERIFYING_PKCS12_MAC), - "error verifying pkcs12 mac"}, - {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_FINGERPRINT_SIZE_DOES_NOT_MATCH_DIGEST), - "fingerprint size does not match digest"}, - {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_INVALID_SCHEME), - "invalid scheme"}, - {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_IS_NOT_A), "is not a"}, - {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_LOADER_INCOMPLETE), - "loader incomplete"}, - {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_LOADING_STARTED), - "loading started"}, - {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_NOT_A_CERTIFICATE), - "not a certificate"}, - {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_NOT_A_CRL), "not a crl"}, - {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_NOT_A_NAME), "not a name"}, - {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_NOT_A_PRIVATE_KEY), - "not a private key"}, - {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_NOT_A_PUBLIC_KEY), - "not a public key"}, - {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_NOT_PARAMETERS), - "not parameters"}, - {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_NO_LOADERS_FOUND), - "no loaders found"}, - {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_PASSPHRASE_CALLBACK_ERROR), - "passphrase callback error"}, - {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_PATH_MUST_BE_ABSOLUTE), - "path must be absolute"}, - {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_SEARCH_ONLY_SUPPORTED_FOR_DIRECTORIES), - "search only supported for directories"}, - {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_UI_PROCESS_INTERRUPTED_OR_CANCELLED), - "ui process interrupted or cancelled"}, - {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_UNREGISTERED_SCHEME), - "unregistered scheme"}, - {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_UNSUPPORTED_CONTENT_TYPE), - "unsupported content type"}, - {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_UNSUPPORTED_OPERATION), - "unsupported operation"}, - {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_UNSUPPORTED_SEARCH_TYPE), - "unsupported search type"}, - {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_URI_AUTHORITY_UNSUPPORTED), - "uri authority unsupported"}, - {0, NULL} -}; - -#endif - -int ossl_err_load_OSSL_STORE_strings(void) -{ -#ifndef OPENSSL_NO_ERR - if (ERR_reason_error_string(OSSL_STORE_str_reasons[0].error) == NULL) - ERR_load_strings_const(OSSL_STORE_str_reasons); -#endif - return 1; -} diff --git a/crypto/store/store_init.c b/crypto/store/store_init.c deleted file mode 100644 index 9df8ef12a2419396163e1782ba90d910a72dde48..0000000000000000000000000000000000000000 --- a/crypto/store/store_init.c +++ /dev/null @@ -1,16 +0,0 @@ -/* - * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include "crypto/store.h" -#include "store_local.h" - -void ossl_store_cleanup_int(void) -{ - ossl_store_destroy_loaders_int(); -} diff --git a/crypto/store/store_lib.c b/crypto/store/store_lib.c deleted file mode 100644 index 5ff927862916e510e120faa1aac04023a2bb9355..0000000000000000000000000000000000000000 --- a/crypto/store/store_lib.c +++ /dev/null @@ -1,1039 +0,0 @@ -/* - * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include - -/* We need to use some STORE deprecated APIs */ -#define OPENSSL_SUPPRESS_DEPRECATED - -#include "e_os.h" - -#include -#include -#include -#include -#include -#include -#include -#include "internal/thread_once.h" -#include "internal/cryptlib.h" -#include "internal/provider.h" -#include "internal/bio.h" -#include "crypto/store.h" -#include "store_local.h" - -static int ossl_store_close_it(OSSL_STORE_CTX *ctx); - -static int loader_set_params(OSSL_STORE_LOADER *loader, - OSSL_STORE_LOADER_CTX *loader_ctx, - const OSSL_PARAM params[], const char *propq) -{ - if (params != NULL) { - if (!loader->p_set_ctx_params(loader_ctx, params)) - return 0; - } - - if (propq != NULL) { - OSSL_PARAM propp[2]; - - if (OSSL_PARAM_locate_const(params, - OSSL_STORE_PARAM_PROPERTIES) != NULL) - /* use the propq from params */ - return 1; - - propp[0] = OSSL_PARAM_construct_utf8_string(OSSL_STORE_PARAM_PROPERTIES, - (char *)propq, 0); - propp[1] = OSSL_PARAM_construct_end(); - - if (!loader->p_set_ctx_params(loader_ctx, propp)) - return 0; - } - return 1; -} - -OSSL_STORE_CTX * -OSSL_STORE_open_ex(const char *uri, OSSL_LIB_CTX *libctx, const char *propq, - const UI_METHOD *ui_method, void *ui_data, - const OSSL_PARAM params[], - OSSL_STORE_post_process_info_fn post_process, - void *post_process_data) -{ - const OSSL_STORE_LOADER *loader = NULL; - OSSL_STORE_LOADER *fetched_loader = NULL; - OSSL_STORE_LOADER_CTX *loader_ctx = NULL; - OSSL_STORE_CTX *ctx = NULL; - char *propq_copy = NULL; - int no_loader_found = 1; - char scheme_copy[256], *p, *schemes[2], *scheme = NULL; - size_t schemes_n = 0; - size_t i; - - /* - * Put the file scheme first. If the uri does represent an existing file, - * possible device name and all, then it should be loaded. Only a failed - * attempt at loading a local file should have us try something else. - */ - schemes[schemes_n++] = "file"; - - /* - * Now, check if we have something that looks like a scheme, and add it - * as a second scheme. However, also check if there's an authority start - * (://), because that will invalidate the previous file scheme. Also, - * check that this isn't actually the file scheme, as there's no point - * going through that one twice! - */ - OPENSSL_strlcpy(scheme_copy, uri, sizeof(scheme_copy)); - if ((p = strchr(scheme_copy, ':')) != NULL) { - *p++ = '\0'; - if (OPENSSL_strcasecmp(scheme_copy, "file") != 0) { - if (strncmp(p, "//", 2) == 0) - schemes_n--; /* Invalidate the file scheme */ - schemes[schemes_n++] = scheme_copy; - } - } - - ERR_set_mark(); - - /* - * Try each scheme until we find one that could open the URI. - * - * For each scheme, we look for the engine implementation first, and - * failing that, we then try to fetch a provided implementation. - * This is consistent with how we handle legacy / engine implementations - * elsewhere. - */ - for (i = 0; loader_ctx == NULL && i < schemes_n; i++) { - scheme = schemes[i]; - OSSL_TRACE1(STORE, "Looking up scheme %s\n", scheme); -#ifndef OPENSSL_NO_DEPRECATED_3_0 - if ((loader = ossl_store_get0_loader_int(scheme)) != NULL) { - no_loader_found = 0; - if (loader->open_ex != NULL) - loader_ctx = loader->open_ex(loader, uri, libctx, propq, - ui_method, ui_data); - else - loader_ctx = loader->open(loader, uri, ui_method, ui_data); - } -#endif - if (loader == NULL - && (fetched_loader = - OSSL_STORE_LOADER_fetch(libctx, scheme, propq)) != NULL) { - const OSSL_PROVIDER *provider = - OSSL_STORE_LOADER_get0_provider(fetched_loader); - void *provctx = OSSL_PROVIDER_get0_provider_ctx(provider); - - no_loader_found = 0; - loader_ctx = fetched_loader->p_open(provctx, uri); - if (loader_ctx == NULL) { - OSSL_STORE_LOADER_free(fetched_loader); - fetched_loader = NULL; - } else if(!loader_set_params(fetched_loader, loader_ctx, - params, propq)) { - (void)fetched_loader->p_close(loader_ctx); - OSSL_STORE_LOADER_free(fetched_loader); - fetched_loader = NULL; - } - loader = fetched_loader; - } - } - - if (no_loader_found) - /* - * It's assumed that ossl_store_get0_loader_int() and - * OSSL_STORE_LOADER_fetch() report their own errors - */ - goto err; - - OSSL_TRACE1(STORE, "Found loader for scheme %s\n", scheme); - - if (loader_ctx == NULL) - /* - * It's assumed that the loader's open() method reports its own - * errors - */ - goto err; - - OSSL_TRACE2(STORE, "Opened %s => %p\n", uri, (void *)loader_ctx); - - if ((propq != NULL && (propq_copy = OPENSSL_strdup(propq)) == NULL) - || (ctx = OPENSSL_zalloc(sizeof(*ctx))) == NULL) { - ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE); - goto err; - } - - if (ui_method != NULL - && (!ossl_pw_set_ui_method(&ctx->pwdata, ui_method, ui_data) - || !ossl_pw_enable_passphrase_caching(&ctx->pwdata))) { - ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_CRYPTO_LIB); - goto err; - } - ctx->properties = propq_copy; - ctx->fetched_loader = fetched_loader; - ctx->loader = loader; - ctx->loader_ctx = loader_ctx; - ctx->post_process = post_process; - ctx->post_process_data = post_process_data; - - /* - * If the attempt to open with the 'file' scheme loader failed and the - * other scheme loader succeeded, the failure to open with the 'file' - * scheme loader leaves an error on the error stack. Let's remove it. - */ - ERR_pop_to_mark(); - - return ctx; - - err: - ERR_clear_last_mark(); - if (loader_ctx != NULL) { - /* - * Temporary structure so OSSL_STORE_close() can work even when - * |ctx| couldn't be allocated properly - */ - OSSL_STORE_CTX tmpctx = { NULL, }; - - tmpctx.fetched_loader = fetched_loader; - tmpctx.loader = loader; - tmpctx.loader_ctx = loader_ctx; - - /* - * We ignore a returned error because we will return NULL anyway in - * this case, so if something goes wrong when closing, that'll simply - * just add another entry on the error stack. - */ - (void)ossl_store_close_it(&tmpctx); - } - OSSL_STORE_LOADER_free(fetched_loader); - OPENSSL_free(propq_copy); - OPENSSL_free(ctx); - return NULL; -} - -OSSL_STORE_CTX *OSSL_STORE_open(const char *uri, - const UI_METHOD *ui_method, void *ui_data, - OSSL_STORE_post_process_info_fn post_process, - void *post_process_data) -{ - return OSSL_STORE_open_ex(uri, NULL, NULL, ui_method, ui_data, NULL, - post_process, post_process_data); -} - -#ifndef OPENSSL_NO_DEPRECATED_3_0 -int OSSL_STORE_ctrl(OSSL_STORE_CTX *ctx, int cmd, ...) -{ - va_list args; - int ret; - - va_start(args, cmd); - ret = OSSL_STORE_vctrl(ctx, cmd, args); - va_end(args); - - return ret; -} - -int OSSL_STORE_vctrl(OSSL_STORE_CTX *ctx, int cmd, va_list args) -{ - if (ctx->fetched_loader != NULL) { - if (ctx->fetched_loader->p_set_ctx_params != NULL) { - OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; - - switch (cmd) { - case OSSL_STORE_C_USE_SECMEM: - { - int on = *(va_arg(args, int *)); - - params[0] = OSSL_PARAM_construct_int("use_secmem", &on); - } - break; - default: - break; - } - - return ctx->fetched_loader->p_set_ctx_params(ctx->loader_ctx, - params); - } - } else if (ctx->loader->ctrl != NULL) { - return ctx->loader->ctrl(ctx->loader_ctx, cmd, args); - } - - /* - * If the fetched loader doesn't have a set_ctx_params or a ctrl, it's as - * if there was one that ignored our params, which usually returns 1. - */ - return 1; -} -#endif - -int OSSL_STORE_expect(OSSL_STORE_CTX *ctx, int expected_type) -{ - int ret = 1; - - if (ctx == NULL - || expected_type < 0 || expected_type > OSSL_STORE_INFO_CRL) { - ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_PASSED_INVALID_ARGUMENT); - return 0; - } - if (ctx->loading) { - ERR_raise(ERR_LIB_OSSL_STORE, OSSL_STORE_R_LOADING_STARTED); - return 0; - } - - ctx->expected_type = expected_type; - if (ctx->fetched_loader != NULL - && ctx->fetched_loader->p_set_ctx_params != NULL) { - OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; - - params[0] = - OSSL_PARAM_construct_int(OSSL_STORE_PARAM_EXPECT, &expected_type); - ret = ctx->fetched_loader->p_set_ctx_params(ctx->loader_ctx, params); - } -#ifndef OPENSSL_NO_DEPRECATED_3_0 - if (ctx->fetched_loader == NULL - && ctx->loader->expect != NULL) { - ret = ctx->loader->expect(ctx->loader_ctx, expected_type); - } -#endif - return ret; -} - -int OSSL_STORE_find(OSSL_STORE_CTX *ctx, const OSSL_STORE_SEARCH *search) -{ - int ret = 1; - - if (ctx->loading) { - ERR_raise(ERR_LIB_OSSL_STORE, OSSL_STORE_R_LOADING_STARTED); - return 0; - } - if (search == NULL) { - ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - - if (ctx->fetched_loader != NULL) { - OSSL_PARAM_BLD *bld; - OSSL_PARAM *params; - /* OSSL_STORE_SEARCH_BY_NAME, OSSL_STORE_SEARCH_BY_ISSUER_SERIAL*/ - void *name_der = NULL; - int name_der_sz; - /* OSSL_STORE_SEARCH_BY_ISSUER_SERIAL */ - BIGNUM *number = NULL; - - if (ctx->fetched_loader->p_set_ctx_params == NULL) { - ERR_raise(ERR_LIB_OSSL_STORE, OSSL_STORE_R_UNSUPPORTED_OPERATION); - return 0; - } - - if ((bld = OSSL_PARAM_BLD_new()) == NULL) { - ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE); - return 0; - } - - ret = 0; /* Assume the worst */ - - switch (search->search_type) { - case OSSL_STORE_SEARCH_BY_NAME: - if ((name_der_sz = i2d_X509_NAME(search->name, - (unsigned char **)&name_der)) > 0 - && OSSL_PARAM_BLD_push_octet_string(bld, - OSSL_STORE_PARAM_SUBJECT, - name_der, name_der_sz)) - ret = 1; - break; - case OSSL_STORE_SEARCH_BY_ISSUER_SERIAL: - if ((name_der_sz = i2d_X509_NAME(search->name, - (unsigned char **)&name_der)) > 0 - && (number = ASN1_INTEGER_to_BN(search->serial, NULL)) != NULL - && OSSL_PARAM_BLD_push_octet_string(bld, - OSSL_STORE_PARAM_ISSUER, - name_der, name_der_sz) - && OSSL_PARAM_BLD_push_BN(bld, OSSL_STORE_PARAM_SERIAL, - number)) - ret = 1; - break; - case OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT: - if (OSSL_PARAM_BLD_push_utf8_string(bld, OSSL_STORE_PARAM_DIGEST, - EVP_MD_get0_name(search->digest), - 0) - && OSSL_PARAM_BLD_push_octet_string(bld, - OSSL_STORE_PARAM_FINGERPRINT, - search->string, - search->stringlength)) - ret = 1; - break; - case OSSL_STORE_SEARCH_BY_ALIAS: - if (OSSL_PARAM_BLD_push_utf8_string(bld, OSSL_STORE_PARAM_ALIAS, - (char *)search->string, - search->stringlength)) - ret = 1; - break; - } - if (ret) { - params = OSSL_PARAM_BLD_to_param(bld); - ret = ctx->fetched_loader->p_set_ctx_params(ctx->loader_ctx, - params); - OSSL_PARAM_free(params); - } - OSSL_PARAM_BLD_free(bld); - OPENSSL_free(name_der); - BN_free(number); - } else { -#ifndef OPENSSL_NO_DEPRECATED_3_0 - /* legacy loader section */ - if (ctx->loader->find == NULL) { - ERR_raise(ERR_LIB_OSSL_STORE, OSSL_STORE_R_UNSUPPORTED_OPERATION); - return 0; - } - ret = ctx->loader->find(ctx->loader_ctx, search); -#endif - } - - return ret; -} - -OSSL_STORE_INFO *OSSL_STORE_load(OSSL_STORE_CTX *ctx) -{ - OSSL_STORE_INFO *v = NULL; - - ctx->loading = 1; - again: - if (OSSL_STORE_eof(ctx)) - return NULL; - - if (ctx->loader != NULL) - OSSL_TRACE(STORE, "Loading next object\n"); - - if (ctx->cached_info != NULL - && sk_OSSL_STORE_INFO_num(ctx->cached_info) == 0) { - sk_OSSL_STORE_INFO_free(ctx->cached_info); - ctx->cached_info = NULL; - } - - if (ctx->cached_info != NULL) { - v = sk_OSSL_STORE_INFO_shift(ctx->cached_info); - } else { - if (ctx->fetched_loader != NULL) { - struct ossl_load_result_data_st load_data; - - load_data.v = NULL; - load_data.ctx = ctx; - - if (!ctx->fetched_loader->p_load(ctx->loader_ctx, - ossl_store_handle_load_result, - &load_data, - ossl_pw_passphrase_callback_dec, - &ctx->pwdata)) { - if (!OSSL_STORE_eof(ctx)) - ctx->error_flag = 1; - return NULL; - } - v = load_data.v; - } -#ifndef OPENSSL_NO_DEPRECATED_3_0 - if (ctx->fetched_loader == NULL) - v = ctx->loader->load(ctx->loader_ctx, - ctx->pwdata._.ui_method.ui_method, - ctx->pwdata._.ui_method.ui_method_data); -#endif - } - - if (ctx->post_process != NULL && v != NULL) { - v = ctx->post_process(v, ctx->post_process_data); - - /* - * By returning NULL, the callback decides that this object should - * be ignored. - */ - if (v == NULL) - goto again; - } - - /* Clear any internally cached passphrase */ - (void)ossl_pw_clear_passphrase_cache(&ctx->pwdata); - - if (v != NULL && ctx->expected_type != 0) { - int returned_type = OSSL_STORE_INFO_get_type(v); - - if (returned_type != OSSL_STORE_INFO_NAME && returned_type != 0) { - if (ctx->expected_type != returned_type) { - OSSL_STORE_INFO_free(v); - goto again; - } - } - } - - if (v != NULL) - OSSL_TRACE1(STORE, "Got a %s\n", - OSSL_STORE_INFO_type_string(OSSL_STORE_INFO_get_type(v))); - - return v; -} - -int OSSL_STORE_error(OSSL_STORE_CTX *ctx) -{ - int ret = 1; - - if (ctx->fetched_loader != NULL) - ret = ctx->error_flag; -#ifndef OPENSSL_NO_DEPRECATED_3_0 - if (ctx->fetched_loader == NULL) - ret = ctx->loader->error(ctx->loader_ctx); -#endif - return ret; -} - -int OSSL_STORE_eof(OSSL_STORE_CTX *ctx) -{ - int ret = 1; - - if (ctx->fetched_loader != NULL) - ret = ctx->loader->p_eof(ctx->loader_ctx); -#ifndef OPENSSL_NO_DEPRECATED_3_0 - if (ctx->fetched_loader == NULL) - ret = ctx->loader->eof(ctx->loader_ctx); -#endif - return ret != 0; -} - -static int ossl_store_close_it(OSSL_STORE_CTX *ctx) -{ - int ret = 0; - - if (ctx == NULL) - return 1; - OSSL_TRACE1(STORE, "Closing %p\n", (void *)ctx->loader_ctx); - - if (ctx->fetched_loader != NULL) - ret = ctx->loader->p_close(ctx->loader_ctx); -#ifndef OPENSSL_NO_DEPRECATED_3_0 - if (ctx->fetched_loader == NULL) - ret = ctx->loader->closefn(ctx->loader_ctx); -#endif - - sk_OSSL_STORE_INFO_pop_free(ctx->cached_info, OSSL_STORE_INFO_free); - OSSL_STORE_LOADER_free(ctx->fetched_loader); - OPENSSL_free(ctx->properties); - ossl_pw_clear_passphrase_data(&ctx->pwdata); - return ret; -} - -int OSSL_STORE_close(OSSL_STORE_CTX *ctx) -{ - int ret = ossl_store_close_it(ctx); - - OPENSSL_free(ctx); - return ret; -} - -/* - * Functions to generate OSSL_STORE_INFOs, one function for each type we - * support having in them as well as a generic constructor. - * - * In all cases, ownership of the object is transferred to the OSSL_STORE_INFO - * and will therefore be freed when the OSSL_STORE_INFO is freed. - */ -OSSL_STORE_INFO *OSSL_STORE_INFO_new(int type, void *data) -{ - OSSL_STORE_INFO *info = OPENSSL_zalloc(sizeof(*info)); - - if (info == NULL) - return NULL; - - info->type = type; - info->_.data = data; - return info; -} - -OSSL_STORE_INFO *OSSL_STORE_INFO_new_NAME(char *name) -{ - OSSL_STORE_INFO *info = OSSL_STORE_INFO_new(OSSL_STORE_INFO_NAME, NULL); - - if (info == NULL) { - ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE); - return NULL; - } - - info->_.name.name = name; - info->_.name.desc = NULL; - - return info; -} - -int OSSL_STORE_INFO_set0_NAME_description(OSSL_STORE_INFO *info, char *desc) -{ - if (info->type != OSSL_STORE_INFO_NAME) { - ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_PASSED_INVALID_ARGUMENT); - return 0; - } - - info->_.name.desc = desc; - - return 1; -} -OSSL_STORE_INFO *OSSL_STORE_INFO_new_PARAMS(EVP_PKEY *params) -{ - OSSL_STORE_INFO *info = OSSL_STORE_INFO_new(OSSL_STORE_INFO_PARAMS, params); - - if (info == NULL) - ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE); - return info; -} - -OSSL_STORE_INFO *OSSL_STORE_INFO_new_PUBKEY(EVP_PKEY *pkey) -{ - OSSL_STORE_INFO *info = OSSL_STORE_INFO_new(OSSL_STORE_INFO_PUBKEY, pkey); - - if (info == NULL) - ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE); - return info; -} - -OSSL_STORE_INFO *OSSL_STORE_INFO_new_PKEY(EVP_PKEY *pkey) -{ - OSSL_STORE_INFO *info = OSSL_STORE_INFO_new(OSSL_STORE_INFO_PKEY, pkey); - - if (info == NULL) - ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE); - return info; -} - -OSSL_STORE_INFO *OSSL_STORE_INFO_new_CERT(X509 *x509) -{ - OSSL_STORE_INFO *info = OSSL_STORE_INFO_new(OSSL_STORE_INFO_CERT, x509); - - if (info == NULL) - ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE); - return info; -} - -OSSL_STORE_INFO *OSSL_STORE_INFO_new_CRL(X509_CRL *crl) -{ - OSSL_STORE_INFO *info = OSSL_STORE_INFO_new(OSSL_STORE_INFO_CRL, crl); - - if (info == NULL) - ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE); - return info; -} - -/* - * Functions to try to extract data from a OSSL_STORE_INFO. - */ -int OSSL_STORE_INFO_get_type(const OSSL_STORE_INFO *info) -{ - return info->type; -} - -void *OSSL_STORE_INFO_get0_data(int type, const OSSL_STORE_INFO *info) -{ - if (info->type == type) - return info->_.data; - return NULL; -} - -const char *OSSL_STORE_INFO_get0_NAME(const OSSL_STORE_INFO *info) -{ - if (info->type == OSSL_STORE_INFO_NAME) - return info->_.name.name; - return NULL; -} - -char *OSSL_STORE_INFO_get1_NAME(const OSSL_STORE_INFO *info) -{ - if (info->type == OSSL_STORE_INFO_NAME) { - char *ret = OPENSSL_strdup(info->_.name.name); - - if (ret == NULL) - ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE); - return ret; - } - ERR_raise(ERR_LIB_OSSL_STORE, OSSL_STORE_R_NOT_A_NAME); - return NULL; -} - -const char *OSSL_STORE_INFO_get0_NAME_description(const OSSL_STORE_INFO *info) -{ - if (info->type == OSSL_STORE_INFO_NAME) - return info->_.name.desc; - return NULL; -} - -char *OSSL_STORE_INFO_get1_NAME_description(const OSSL_STORE_INFO *info) -{ - if (info->type == OSSL_STORE_INFO_NAME) { - char *ret = OPENSSL_strdup(info->_.name.desc - ? info->_.name.desc : ""); - - if (ret == NULL) - ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE); - return ret; - } - ERR_raise(ERR_LIB_OSSL_STORE, OSSL_STORE_R_NOT_A_NAME); - return NULL; -} - -EVP_PKEY *OSSL_STORE_INFO_get0_PARAMS(const OSSL_STORE_INFO *info) -{ - if (info->type == OSSL_STORE_INFO_PARAMS) - return info->_.params; - return NULL; -} - -EVP_PKEY *OSSL_STORE_INFO_get1_PARAMS(const OSSL_STORE_INFO *info) -{ - if (info->type == OSSL_STORE_INFO_PARAMS) { - EVP_PKEY_up_ref(info->_.params); - return info->_.params; - } - ERR_raise(ERR_LIB_OSSL_STORE, OSSL_STORE_R_NOT_PARAMETERS); - return NULL; -} - -EVP_PKEY *OSSL_STORE_INFO_get0_PUBKEY(const OSSL_STORE_INFO *info) -{ - if (info->type == OSSL_STORE_INFO_PUBKEY) - return info->_.pubkey; - return NULL; -} - -EVP_PKEY *OSSL_STORE_INFO_get1_PUBKEY(const OSSL_STORE_INFO *info) -{ - if (info->type == OSSL_STORE_INFO_PUBKEY) { - EVP_PKEY_up_ref(info->_.pubkey); - return info->_.pubkey; - } - ERR_raise(ERR_LIB_OSSL_STORE, OSSL_STORE_R_NOT_A_PUBLIC_KEY); - return NULL; -} - -EVP_PKEY *OSSL_STORE_INFO_get0_PKEY(const OSSL_STORE_INFO *info) -{ - if (info->type == OSSL_STORE_INFO_PKEY) - return info->_.pkey; - return NULL; -} - -EVP_PKEY *OSSL_STORE_INFO_get1_PKEY(const OSSL_STORE_INFO *info) -{ - if (info->type == OSSL_STORE_INFO_PKEY) { - EVP_PKEY_up_ref(info->_.pkey); - return info->_.pkey; - } - ERR_raise(ERR_LIB_OSSL_STORE, OSSL_STORE_R_NOT_A_PRIVATE_KEY); - return NULL; -} - -X509 *OSSL_STORE_INFO_get0_CERT(const OSSL_STORE_INFO *info) -{ - if (info->type == OSSL_STORE_INFO_CERT) - return info->_.x509; - return NULL; -} - -X509 *OSSL_STORE_INFO_get1_CERT(const OSSL_STORE_INFO *info) -{ - if (info->type == OSSL_STORE_INFO_CERT) { - X509_up_ref(info->_.x509); - return info->_.x509; - } - ERR_raise(ERR_LIB_OSSL_STORE, OSSL_STORE_R_NOT_A_CERTIFICATE); - return NULL; -} - -X509_CRL *OSSL_STORE_INFO_get0_CRL(const OSSL_STORE_INFO *info) -{ - if (info->type == OSSL_STORE_INFO_CRL) - return info->_.crl; - return NULL; -} - -X509_CRL *OSSL_STORE_INFO_get1_CRL(const OSSL_STORE_INFO *info) -{ - if (info->type == OSSL_STORE_INFO_CRL) { - X509_CRL_up_ref(info->_.crl); - return info->_.crl; - } - ERR_raise(ERR_LIB_OSSL_STORE, OSSL_STORE_R_NOT_A_CRL); - return NULL; -} - -/* - * Free the OSSL_STORE_INFO - */ -void OSSL_STORE_INFO_free(OSSL_STORE_INFO *info) -{ - if (info != NULL) { - switch (info->type) { - case OSSL_STORE_INFO_NAME: - OPENSSL_free(info->_.name.name); - OPENSSL_free(info->_.name.desc); - break; - case OSSL_STORE_INFO_PARAMS: - EVP_PKEY_free(info->_.params); - break; - case OSSL_STORE_INFO_PUBKEY: - EVP_PKEY_free(info->_.pubkey); - break; - case OSSL_STORE_INFO_PKEY: - EVP_PKEY_free(info->_.pkey); - break; - case OSSL_STORE_INFO_CERT: - X509_free(info->_.x509); - break; - case OSSL_STORE_INFO_CRL: - X509_CRL_free(info->_.crl); - break; - } - OPENSSL_free(info); - } -} - -int OSSL_STORE_supports_search(OSSL_STORE_CTX *ctx, int search_type) -{ - int ret = 0; - - if (ctx->fetched_loader != NULL) { - void *provctx = - ossl_provider_ctx(OSSL_STORE_LOADER_get0_provider(ctx->fetched_loader)); - const OSSL_PARAM *params; - const OSSL_PARAM *p_subject = NULL; - const OSSL_PARAM *p_issuer = NULL; - const OSSL_PARAM *p_serial = NULL; - const OSSL_PARAM *p_fingerprint = NULL; - const OSSL_PARAM *p_alias = NULL; - - if (ctx->fetched_loader->p_settable_ctx_params == NULL) - return 0; - - params = ctx->fetched_loader->p_settable_ctx_params(provctx); - p_subject = OSSL_PARAM_locate_const(params, OSSL_STORE_PARAM_SUBJECT); - p_issuer = OSSL_PARAM_locate_const(params, OSSL_STORE_PARAM_ISSUER); - p_serial = OSSL_PARAM_locate_const(params, OSSL_STORE_PARAM_SERIAL); - p_fingerprint = - OSSL_PARAM_locate_const(params, OSSL_STORE_PARAM_FINGERPRINT); - p_alias = OSSL_PARAM_locate_const(params, OSSL_STORE_PARAM_ALIAS); - - switch (search_type) { - case OSSL_STORE_SEARCH_BY_NAME: - ret = (p_subject != NULL); - break; - case OSSL_STORE_SEARCH_BY_ISSUER_SERIAL: - ret = (p_issuer != NULL && p_serial != NULL); - break; - case OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT: - ret = (p_fingerprint != NULL); - break; - case OSSL_STORE_SEARCH_BY_ALIAS: - ret = (p_alias != NULL); - break; - } - } -#ifndef OPENSSL_NO_DEPRECATED_3_0 - if (ctx->fetched_loader == NULL) { - OSSL_STORE_SEARCH tmp_search; - - if (ctx->loader->find == NULL) - return 0; - tmp_search.search_type = search_type; - ret = ctx->loader->find(NULL, &tmp_search); - } -#endif - return ret; -} - -/* Search term constructors */ -OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_name(X509_NAME *name) -{ - OSSL_STORE_SEARCH *search = OPENSSL_zalloc(sizeof(*search)); - - if (search == NULL) { - ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE); - return NULL; - } - - search->search_type = OSSL_STORE_SEARCH_BY_NAME; - search->name = name; - return search; -} - -OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_issuer_serial(X509_NAME *name, - const ASN1_INTEGER *serial) -{ - OSSL_STORE_SEARCH *search = OPENSSL_zalloc(sizeof(*search)); - - if (search == NULL) { - ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE); - return NULL; - } - - search->search_type = OSSL_STORE_SEARCH_BY_ISSUER_SERIAL; - search->name = name; - search->serial = serial; - return search; -} - -OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_key_fingerprint(const EVP_MD *digest, - const unsigned char - *bytes, size_t len) -{ - OSSL_STORE_SEARCH *search = OPENSSL_zalloc(sizeof(*search)); - - if (search == NULL) { - ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE); - return NULL; - } - - if (digest != NULL && len != (size_t)EVP_MD_get_size(digest)) { - ERR_raise_data(ERR_LIB_OSSL_STORE, - OSSL_STORE_R_FINGERPRINT_SIZE_DOES_NOT_MATCH_DIGEST, - "%s size is %d, fingerprint size is %zu", - EVP_MD_get0_name(digest), EVP_MD_get_size(digest), len); - OPENSSL_free(search); - return NULL; - } - - search->search_type = OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT; - search->digest = digest; - search->string = bytes; - search->stringlength = len; - return search; -} - -OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_alias(const char *alias) -{ - OSSL_STORE_SEARCH *search = OPENSSL_zalloc(sizeof(*search)); - - if (search == NULL) { - ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE); - return NULL; - } - - search->search_type = OSSL_STORE_SEARCH_BY_ALIAS; - search->string = (const unsigned char *)alias; - search->stringlength = strlen(alias); - return search; -} - -/* Search term destructor */ -void OSSL_STORE_SEARCH_free(OSSL_STORE_SEARCH *search) -{ - OPENSSL_free(search); -} - -/* Search term accessors */ -int OSSL_STORE_SEARCH_get_type(const OSSL_STORE_SEARCH *criterion) -{ - return criterion->search_type; -} - -X509_NAME *OSSL_STORE_SEARCH_get0_name(const OSSL_STORE_SEARCH *criterion) -{ - return criterion->name; -} - -const ASN1_INTEGER *OSSL_STORE_SEARCH_get0_serial(const OSSL_STORE_SEARCH - *criterion) -{ - return criterion->serial; -} - -const unsigned char *OSSL_STORE_SEARCH_get0_bytes(const OSSL_STORE_SEARCH - *criterion, size_t *length) -{ - *length = criterion->stringlength; - return criterion->string; -} - -const char *OSSL_STORE_SEARCH_get0_string(const OSSL_STORE_SEARCH *criterion) -{ - return (const char *)criterion->string; -} - -const EVP_MD *OSSL_STORE_SEARCH_get0_digest(const OSSL_STORE_SEARCH *criterion) -{ - return criterion->digest; -} - -OSSL_STORE_CTX *OSSL_STORE_attach(BIO *bp, const char *scheme, - OSSL_LIB_CTX *libctx, const char *propq, - const UI_METHOD *ui_method, void *ui_data, - const OSSL_PARAM params[], - OSSL_STORE_post_process_info_fn post_process, - void *post_process_data) -{ - const OSSL_STORE_LOADER *loader = NULL; - OSSL_STORE_LOADER *fetched_loader = NULL; - OSSL_STORE_LOADER_CTX *loader_ctx = NULL; - OSSL_STORE_CTX *ctx = NULL; - - if (scheme == NULL) - scheme = "file"; - - OSSL_TRACE1(STORE, "Looking up scheme %s\n", scheme); - ERR_set_mark(); -#ifndef OPENSSL_NO_DEPRECATED_3_0 - if ((loader = ossl_store_get0_loader_int(scheme)) != NULL) - loader_ctx = loader->attach(loader, bp, libctx, propq, - ui_method, ui_data); -#endif - if (loader == NULL - && (fetched_loader = - OSSL_STORE_LOADER_fetch(libctx, scheme, propq)) != NULL) { - const OSSL_PROVIDER *provider = - OSSL_STORE_LOADER_get0_provider(fetched_loader); - void *provctx = OSSL_PROVIDER_get0_provider_ctx(provider); - OSSL_CORE_BIO *cbio = ossl_core_bio_new_from_bio(bp); - - if (cbio == NULL - || (loader_ctx = fetched_loader->p_attach(provctx, cbio)) == NULL) { - OSSL_STORE_LOADER_free(fetched_loader); - fetched_loader = NULL; - } else if (!loader_set_params(fetched_loader, loader_ctx, - params, propq)) { - (void)fetched_loader->p_close(loader_ctx); - OSSL_STORE_LOADER_free(fetched_loader); - fetched_loader = NULL; - } - loader = fetched_loader; - ossl_core_bio_free(cbio); - } - - if (loader_ctx == NULL) { - ERR_clear_last_mark(); - return NULL; - } - - if ((ctx = OPENSSL_zalloc(sizeof(*ctx))) == NULL) { - ERR_clear_last_mark(); - ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE); - return NULL; - } - - if (ui_method != NULL - && !ossl_pw_set_ui_method(&ctx->pwdata, ui_method, ui_data)) { - ERR_clear_last_mark(); - OPENSSL_free(ctx); - return NULL; - } - - ctx->fetched_loader = fetched_loader; - ctx->loader = loader; - ctx->loader_ctx = loader_ctx; - ctx->post_process = post_process; - ctx->post_process_data = post_process_data; - - /* - * ossl_store_get0_loader_int will raise an error if the loader for the - * the scheme cannot be retrieved. But if a loader was successfully - * fetched then we remove this error from the error stack. - */ - ERR_pop_to_mark(); - - return ctx; -} diff --git a/crypto/store/store_local.h b/crypto/store/store_local.h deleted file mode 100644 index 8f817fd514bb01ea77795080dc72087b8e54b79e..0000000000000000000000000000000000000000 --- a/crypto/store/store_local.h +++ /dev/null @@ -1,180 +0,0 @@ -/* - * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/thread_once.h" -#include "internal/refcount.h" -#include -#include -#include -#include -#include -#include -#include "internal/passphrase.h" - -/*- - * OSSL_STORE_INFO stuff - * --------------------- - */ - -struct ossl_store_info_st { - int type; - union { - void *data; /* used internally as generic pointer */ - - struct { - char *name; - char *desc; - } name; /* when type == OSSL_STORE_INFO_NAME */ - - EVP_PKEY *params; /* when type == OSSL_STORE_INFO_PARAMS */ - EVP_PKEY *pubkey; /* when type == OSSL_STORE_INFO_PUBKEY */ - EVP_PKEY *pkey; /* when type == OSSL_STORE_INFO_PKEY */ - X509 *x509; /* when type == OSSL_STORE_INFO_CERT */ - X509_CRL *crl; /* when type == OSSL_STORE_INFO_CRL */ - } _; -}; -DEFINE_STACK_OF(OSSL_STORE_INFO) - -/*- - * OSSL_STORE_SEARCH stuff - * ----------------------- - */ - -struct ossl_store_search_st { - int search_type; - - /* - * Used by OSSL_STORE_SEARCH_BY_NAME and - * OSSL_STORE_SEARCH_BY_ISSUER_SERIAL - */ - X509_NAME *name; - - /* Used by OSSL_STORE_SEARCH_BY_ISSUER_SERIAL */ - const ASN1_INTEGER *serial; - - /* Used by OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT */ - const EVP_MD *digest; - - /* - * Used by OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT and - * OSSL_STORE_SEARCH_BY_ALIAS - */ - const unsigned char *string; - size_t stringlength; -}; - -/*- - * OSSL_STORE_LOADER stuff - * ----------------------- - */ - -int ossl_store_register_loader_int(OSSL_STORE_LOADER *loader); -OSSL_STORE_LOADER *ossl_store_unregister_loader_int(const char *scheme); - -/* loader stuff */ -struct ossl_store_loader_st { -#ifndef OPENSSL_NO_DEPRECATED_3_0 - /* Legacy stuff */ - const char *scheme; - ENGINE *engine; - OSSL_STORE_open_fn open; - OSSL_STORE_attach_fn attach; - OSSL_STORE_ctrl_fn ctrl; - OSSL_STORE_expect_fn expect; - OSSL_STORE_find_fn find; - OSSL_STORE_load_fn load; - OSSL_STORE_eof_fn eof; - OSSL_STORE_error_fn error; - OSSL_STORE_close_fn closefn; - OSSL_STORE_open_ex_fn open_ex; -#endif - - /* Provider stuff */ - OSSL_PROVIDER *prov; - int scheme_id; - const char *propdef; - const char *description; - - CRYPTO_REF_COUNT refcnt; - CRYPTO_RWLOCK *lock; - - OSSL_FUNC_store_open_fn *p_open; - OSSL_FUNC_store_attach_fn *p_attach; - OSSL_FUNC_store_settable_ctx_params_fn *p_settable_ctx_params; - OSSL_FUNC_store_set_ctx_params_fn *p_set_ctx_params; - OSSL_FUNC_store_load_fn *p_load; - OSSL_FUNC_store_eof_fn *p_eof; - OSSL_FUNC_store_close_fn *p_close; - OSSL_FUNC_store_export_object_fn *p_export_object; -}; -DEFINE_LHASH_OF(OSSL_STORE_LOADER); - -const OSSL_STORE_LOADER *ossl_store_get0_loader_int(const char *scheme); -void ossl_store_destroy_loaders_int(void); - -#ifdef OPENSSL_NO_DEPRECATED_3_0 -/* struct ossl_store_loader_ctx_st is defined differently by each loader */ -typedef struct ossl_store_loader_ctx_st OSSL_STORE_LOADER_CTX; -#endif - -/*- - * OSSL_STORE_CTX stuff - * --------------------- - */ - -struct ossl_store_ctx_st { - const OSSL_STORE_LOADER *loader; /* legacy */ - OSSL_STORE_LOADER *fetched_loader; - OSSL_STORE_LOADER_CTX *loader_ctx; - OSSL_STORE_post_process_info_fn post_process; - void *post_process_data; - int expected_type; - - char *properties; - - /* 0 before the first STORE_load(), 1 otherwise */ - int loading; - /* 1 on load error, only valid for fetched loaders */ - int error_flag; - - /* - * Cache of stuff, to be able to return the contents of a PKCS#12 - * blob, one object at a time. - */ - STACK_OF(OSSL_STORE_INFO) *cached_info; - - struct ossl_passphrase_data_st pwdata; -}; - -/*- - * 'file' scheme stuff - * ------------------- - */ - -OSSL_STORE_LOADER_CTX *ossl_store_file_attach_pem_bio_int(BIO *bp); -int ossl_store_file_detach_pem_bio_int(OSSL_STORE_LOADER_CTX *ctx); - -/*- - * Provider stuff - * ------------------- - */ -OSSL_STORE_LOADER *ossl_store_loader_fetch(OSSL_LIB_CTX *libctx, - const char *scheme, - const char *properties); -OSSL_STORE_LOADER *ossl_store_loader_fetch_by_number(OSSL_LIB_CTX *libctx, - int scheme_id, - const char *properties); - -/* Standard function to handle the result from OSSL_FUNC_store_load() */ -struct ossl_load_result_data_st { - OSSL_STORE_INFO *v; /* To be filled in */ - OSSL_STORE_CTX *ctx; -}; -OSSL_CALLBACK ossl_store_handle_load_result; diff --git a/crypto/store/store_meth.c b/crypto/store/store_meth.c deleted file mode 100644 index a5b0d1b0957c04117c6fffb6f61ef13838dbacf4..0000000000000000000000000000000000000000 --- a/crypto/store/store_meth.c +++ /dev/null @@ -1,538 +0,0 @@ -/* - * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "crypto/store.h" -#include "internal/core.h" -#include "internal/namemap.h" -#include "internal/property.h" -#include "internal/provider.h" -#include "store_local.h" - -int OSSL_STORE_LOADER_up_ref(OSSL_STORE_LOADER *loader) -{ - int ref = 0; - - if (loader->prov != NULL) - CRYPTO_UP_REF(&loader->refcnt, &ref, loader->lock); - return 1; -} - -void OSSL_STORE_LOADER_free(OSSL_STORE_LOADER *loader) -{ - if (loader != NULL && loader->prov != NULL) { - int i; - - CRYPTO_DOWN_REF(&loader->refcnt, &i, loader->lock); - if (i > 0) - return; - ossl_provider_free(loader->prov); - CRYPTO_THREAD_lock_free(loader->lock); - } - OPENSSL_free(loader); -} - -/* - * OSSL_STORE_LOADER_new() expects the scheme as a constant string, - * which we currently don't have, so we need an alternative allocator. - */ -static OSSL_STORE_LOADER *new_loader(OSSL_PROVIDER *prov) -{ - OSSL_STORE_LOADER *loader; - - if ((loader = OPENSSL_zalloc(sizeof(*loader))) == NULL - || (loader->lock = CRYPTO_THREAD_lock_new()) == NULL) { - OPENSSL_free(loader); - return NULL; - } - loader->prov = prov; - ossl_provider_up_ref(prov); - loader->refcnt = 1; - - return loader; -} - -static int up_ref_loader(void *method) -{ - return OSSL_STORE_LOADER_up_ref(method); -} - -static void free_loader(void *method) -{ - OSSL_STORE_LOADER_free(method); -} - -/* Permanent loader method store, constructor and destructor */ -static void loader_store_free(void *vstore) -{ - ossl_method_store_free(vstore); -} - -static void *loader_store_new(OSSL_LIB_CTX *ctx) -{ - return ossl_method_store_new(ctx); -} - - -static const OSSL_LIB_CTX_METHOD loader_store_method = { - /* We want loader_store to be cleaned up before the provider store */ - OSSL_LIB_CTX_METHOD_PRIORITY_2, - loader_store_new, - loader_store_free, -}; - -/* Data to be passed through ossl_method_construct() */ -struct loader_data_st { - OSSL_LIB_CTX *libctx; - int scheme_id; /* For get_loader_from_store() */ - const char *scheme; /* For get_loader_from_store() */ - const char *propquery; /* For get_loader_from_store() */ - - OSSL_METHOD_STORE *tmp_store; /* For get_tmp_loader_store() */ - - unsigned int flag_construct_error_occurred : 1; -}; - -/* - * Generic routines to fetch / create OSSL_STORE methods with - * ossl_method_construct() - */ - -/* Temporary loader method store, constructor and destructor */ -static void *get_tmp_loader_store(void *data) -{ - struct loader_data_st *methdata = data; - - if (methdata->tmp_store == NULL) - methdata->tmp_store = ossl_method_store_new(methdata->libctx); - return methdata->tmp_store; -} - - static void dealloc_tmp_loader_store(void *store) -{ - if (store != NULL) - ossl_method_store_free(store); -} - -/* Get the permanent loader store */ -static OSSL_METHOD_STORE *get_loader_store(OSSL_LIB_CTX *libctx) -{ - return ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_STORE_LOADER_STORE_INDEX, - &loader_store_method); -} - -static int reserve_loader_store(void *store, void *data) -{ - struct loader_data_st *methdata = data; - - if (store == NULL - && (store = get_loader_store(methdata->libctx)) == NULL) - return 0; - - return ossl_method_lock_store(store); -} - -static int unreserve_loader_store(void *store, void *data) -{ - struct loader_data_st *methdata = data; - - if (store == NULL - && (store = get_loader_store(methdata->libctx)) == NULL) - return 0; - - return ossl_method_unlock_store(store); -} - -/* Get loader methods from a store, or put one in */ -static void *get_loader_from_store(void *store, const OSSL_PROVIDER **prov, - void *data) -{ - struct loader_data_st *methdata = data; - void *method = NULL; - int id; - - if ((id = methdata->scheme_id) == 0) { - OSSL_NAMEMAP *namemap = ossl_namemap_stored(methdata->libctx); - - id = ossl_namemap_name2num(namemap, methdata->scheme); - } - - if (store == NULL - && (store = get_loader_store(methdata->libctx)) == NULL) - return NULL; - - if (!ossl_method_store_fetch(store, id, methdata->propquery, prov, &method)) - return NULL; - return method; -} - -static int put_loader_in_store(void *store, void *method, - const OSSL_PROVIDER *prov, - const char *scheme, const char *propdef, - void *data) -{ - struct loader_data_st *methdata = data; - OSSL_NAMEMAP *namemap; - int id; - - if ((namemap = ossl_namemap_stored(methdata->libctx)) == NULL - || (id = ossl_namemap_name2num(namemap, scheme)) == 0) - return 0; - - if (store == NULL && (store = get_loader_store(methdata->libctx)) == NULL) - return 0; - - return ossl_method_store_add(store, prov, id, propdef, method, - up_ref_loader, free_loader); -} - -static void *loader_from_algorithm(int scheme_id, const OSSL_ALGORITHM *algodef, - OSSL_PROVIDER *prov) -{ - OSSL_STORE_LOADER *loader = NULL; - const OSSL_DISPATCH *fns = algodef->implementation; - - if ((loader = new_loader(prov)) == NULL) - return NULL; - loader->scheme_id = scheme_id; - loader->propdef = algodef->property_definition; - loader->description = algodef->algorithm_description; - - for (; fns->function_id != 0; fns++) { - switch (fns->function_id) { - case OSSL_FUNC_STORE_OPEN: - if (loader->p_open == NULL) - loader->p_open = OSSL_FUNC_store_open(fns); - break; - case OSSL_FUNC_STORE_ATTACH: - if (loader->p_attach == NULL) - loader->p_attach = OSSL_FUNC_store_attach(fns); - break; - case OSSL_FUNC_STORE_SETTABLE_CTX_PARAMS: - if (loader->p_settable_ctx_params == NULL) - loader->p_settable_ctx_params = - OSSL_FUNC_store_settable_ctx_params(fns); - break; - case OSSL_FUNC_STORE_SET_CTX_PARAMS: - if (loader->p_set_ctx_params == NULL) - loader->p_set_ctx_params = OSSL_FUNC_store_set_ctx_params(fns); - break; - case OSSL_FUNC_STORE_LOAD: - if (loader->p_load == NULL) - loader->p_load = OSSL_FUNC_store_load(fns); - break; - case OSSL_FUNC_STORE_EOF: - if (loader->p_eof == NULL) - loader->p_eof = OSSL_FUNC_store_eof(fns); - break; - case OSSL_FUNC_STORE_CLOSE: - if (loader->p_close == NULL) - loader->p_close = OSSL_FUNC_store_close(fns); - break; - case OSSL_FUNC_STORE_EXPORT_OBJECT: - if (loader->p_export_object == NULL) - loader->p_export_object = OSSL_FUNC_store_export_object(fns); - break; - } - } - - if ((loader->p_open == NULL && loader->p_attach == NULL) - || loader->p_load == NULL - || loader->p_eof == NULL - || loader->p_close == NULL) { - /* Only set_ctx_params is optionaal */ - OSSL_STORE_LOADER_free(loader); - ERR_raise(ERR_LIB_OSSL_STORE, OSSL_STORE_R_LOADER_INCOMPLETE); - return NULL; - } - return loader; -} - -/* - * The core fetching functionality passes the scheme of the implementation. - * This function is responsible to getting an identity number for them, - * then call loader_from_algorithm() with that identity number. - */ -static void *construct_loader(const OSSL_ALGORITHM *algodef, - OSSL_PROVIDER *prov, void *data) -{ - /* - * This function is only called if get_loader_from_store() returned - * NULL, so it's safe to say that of all the spots to create a new - * namemap entry, this is it. Should the scheme already exist there, we - * know that ossl_namemap_add() will return its corresponding number. - */ - struct loader_data_st *methdata = data; - OSSL_LIB_CTX *libctx = ossl_provider_libctx(prov); - OSSL_NAMEMAP *namemap = ossl_namemap_stored(libctx); - const char *scheme = algodef->algorithm_names; - int id = ossl_namemap_add_name(namemap, 0, scheme); - void *method = NULL; - - if (id != 0) - method = loader_from_algorithm(id, algodef, prov); - - /* - * Flag to indicate that there was actual construction errors. This - * helps inner_loader_fetch() determine what error it should - * record on inaccessible algorithms. - */ - if (method == NULL) - methdata->flag_construct_error_occurred = 1; - - return method; -} - -/* Intermediary function to avoid ugly casts, used below */ -static void destruct_loader(void *method, void *data) -{ - OSSL_STORE_LOADER_free(method); -} - -/* Fetching support. Can fetch by numeric identity or by scheme */ -static OSSL_STORE_LOADER * -inner_loader_fetch(struct loader_data_st *methdata, int id, - const char *scheme, const char *properties) -{ - OSSL_METHOD_STORE *store = get_loader_store(methdata->libctx); - OSSL_NAMEMAP *namemap = ossl_namemap_stored(methdata->libctx); - const char *const propq = properties != NULL ? properties : ""; - void *method = NULL; - int unsupported = 0; - - if (store == NULL || namemap == NULL) { - ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_PASSED_INVALID_ARGUMENT); - return NULL; - } - - /* - * If we have been passed both an id and a scheme, we have an - * internal programming error. - */ - if (!ossl_assert(id == 0 || scheme == NULL)) { - ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_INTERNAL_ERROR); - return NULL; - } - - /* If we haven't received a name id yet, try to get one for the name */ - if (id == 0 && scheme != NULL) - id = ossl_namemap_name2num(namemap, scheme); - - /* - * If we haven't found the name yet, chances are that the algorithm to - * be fetched is unsupported. - */ - if (id == 0) - unsupported = 1; - - if (id == 0 - || !ossl_method_store_cache_get(store, NULL, id, propq, &method)) { - OSSL_METHOD_CONSTRUCT_METHOD mcm = { - get_tmp_loader_store, - reserve_loader_store, - unreserve_loader_store, - get_loader_from_store, - put_loader_in_store, - construct_loader, - destruct_loader - }; - OSSL_PROVIDER *prov = NULL; - - methdata->scheme_id = id; - methdata->scheme = scheme; - methdata->propquery = propq; - methdata->flag_construct_error_occurred = 0; - if ((method = ossl_method_construct(methdata->libctx, OSSL_OP_STORE, - &prov, 0 /* !force_cache */, - &mcm, methdata)) != NULL) { - /* - * If construction did create a method for us, we know that there - * is a correct scheme_id, since those have already been calculated - * in get_loader_from_store() and put_loader_in_store() above. - */ - if (id == 0) - id = ossl_namemap_name2num(namemap, scheme); - ossl_method_store_cache_set(store, prov, id, propq, method, - up_ref_loader, free_loader); - } - - /* - * If we never were in the constructor, the algorithm to be fetched - * is unsupported. - */ - unsupported = !methdata->flag_construct_error_occurred; - } - - if ((id != 0 || scheme != NULL) && method == NULL) { - int code = unsupported ? ERR_R_UNSUPPORTED : ERR_R_FETCH_FAILED; - const char *helpful_msg = - unsupported - ? ( "No store loader found. For standard store loaders you need " - "at least one of the default or base providers available. " - "Did you forget to load them? Info: " ) - : ""; - - if (scheme == NULL) - scheme = ossl_namemap_num2name(namemap, id, 0); - ERR_raise_data(ERR_LIB_OSSL_STORE, code, - "%s%s, Scheme (%s : %d), Properties (%s)", - helpful_msg, - ossl_lib_ctx_get_descriptor(methdata->libctx), - scheme == NULL ? "" : scheme, id, - properties == NULL ? "" : properties); - } - - return method; -} - -OSSL_STORE_LOADER *OSSL_STORE_LOADER_fetch(OSSL_LIB_CTX *libctx, - const char *scheme, - const char *properties) -{ - struct loader_data_st methdata; - void *method; - - methdata.libctx = libctx; - methdata.tmp_store = NULL; - method = inner_loader_fetch(&methdata, 0, scheme, properties); - dealloc_tmp_loader_store(methdata.tmp_store); - return method; -} - -OSSL_STORE_LOADER *ossl_store_loader_fetch_by_number(OSSL_LIB_CTX *libctx, - int scheme_id, - const char *properties) -{ - struct loader_data_st methdata; - void *method; - - methdata.libctx = libctx; - methdata.tmp_store = NULL; - method = inner_loader_fetch(&methdata, scheme_id, NULL, properties); - dealloc_tmp_loader_store(methdata.tmp_store); - return method; -} - -int ossl_store_loader_store_cache_flush(OSSL_LIB_CTX *libctx) -{ - OSSL_METHOD_STORE *store = get_loader_store(libctx); - - if (store != NULL) - return ossl_method_store_cache_flush_all(store); - return 1; -} - -int ossl_store_loader_store_remove_all_provided(const OSSL_PROVIDER *prov) -{ - OSSL_LIB_CTX *libctx = ossl_provider_libctx(prov); - OSSL_METHOD_STORE *store = get_loader_store(libctx); - - if (store != NULL) - return ossl_method_store_remove_all_provided(store, prov); - return 1; -} - -/* - * Library of basic method functions - */ - -const OSSL_PROVIDER *OSSL_STORE_LOADER_get0_provider(const OSSL_STORE_LOADER *loader) -{ - if (!ossl_assert(loader != NULL)) { - ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - - return loader->prov; -} - -const char *OSSL_STORE_LOADER_get0_properties(const OSSL_STORE_LOADER *loader) -{ - if (!ossl_assert(loader != NULL)) { - ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - - return loader->propdef; -} - -int ossl_store_loader_get_number(const OSSL_STORE_LOADER *loader) -{ - if (!ossl_assert(loader != NULL)) { - ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - - return loader->scheme_id; -} - -const char *OSSL_STORE_LOADER_get0_description(const OSSL_STORE_LOADER *loader) -{ - return loader->description; -} - -int OSSL_STORE_LOADER_is_a(const OSSL_STORE_LOADER *loader, const char *name) -{ - if (loader->prov != NULL) { - OSSL_LIB_CTX *libctx = ossl_provider_libctx(loader->prov); - OSSL_NAMEMAP *namemap = ossl_namemap_stored(libctx); - - return ossl_namemap_name2num(namemap, name) == loader->scheme_id; - } - return 0; -} - -struct do_one_data_st { - void (*user_fn)(OSSL_STORE_LOADER *loader, void *arg); - void *user_arg; -}; - -static void do_one(ossl_unused int id, void *method, void *arg) -{ - struct do_one_data_st *data = arg; - - data->user_fn(method, data->user_arg); -} - -void OSSL_STORE_LOADER_do_all_provided(OSSL_LIB_CTX *libctx, - void (*user_fn)(OSSL_STORE_LOADER *loader, - void *arg), - void *user_arg) -{ - struct loader_data_st methdata; - struct do_one_data_st data; - - methdata.libctx = libctx; - methdata.tmp_store = NULL; - (void)inner_loader_fetch(&methdata, 0, NULL, NULL /* properties */); - - data.user_fn = user_fn; - data.user_arg = user_arg; - if (methdata.tmp_store != NULL) - ossl_method_store_do_all(methdata.tmp_store, &do_one, &data); - ossl_method_store_do_all(get_loader_store(libctx), &do_one, &data); - dealloc_tmp_loader_store(methdata.tmp_store); -} - -int OSSL_STORE_LOADER_names_do_all(const OSSL_STORE_LOADER *loader, - void (*fn)(const char *name, void *data), - void *data) -{ - if (loader == NULL) - return 0; - - if (loader->prov != NULL) { - OSSL_LIB_CTX *libctx = ossl_provider_libctx(loader->prov); - OSSL_NAMEMAP *namemap = ossl_namemap_stored(libctx); - - return ossl_namemap_doall_names(namemap, loader->scheme_id, fn, data); - } - - return 1; -} diff --git a/crypto/store/store_register.c b/crypto/store/store_register.c deleted file mode 100644 index 6fa7352ccdc181ef3c690367f4d3783d0d274550..0000000000000000000000000000000000000000 --- a/crypto/store/store_register.c +++ /dev/null @@ -1,299 +0,0 @@ -/* - * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "crypto/ctype.h" -#include - -#include -#include -#include "store_local.h" - -static CRYPTO_RWLOCK *registry_lock; -static CRYPTO_ONCE registry_init = CRYPTO_ONCE_STATIC_INIT; - -DEFINE_RUN_ONCE_STATIC(do_registry_init) -{ - registry_lock = CRYPTO_THREAD_lock_new(); - return registry_lock != NULL; -} - -/* - * Functions for manipulating OSSL_STORE_LOADERs - */ - -OSSL_STORE_LOADER *OSSL_STORE_LOADER_new(ENGINE *e, const char *scheme) -{ - OSSL_STORE_LOADER *res = NULL; - - /* - * We usually don't check NULL arguments. For loaders, though, the - * scheme is crucial and must never be NULL, or the user will get - * mysterious errors when trying to register the created loader - * later on. - */ - if (scheme == NULL) { - ERR_raise(ERR_LIB_OSSL_STORE, OSSL_STORE_R_INVALID_SCHEME); - return NULL; - } - - if ((res = OPENSSL_zalloc(sizeof(*res))) == NULL) { - ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE); - return NULL; - } - - res->engine = e; - res->scheme = scheme; - return res; -} - -const ENGINE *OSSL_STORE_LOADER_get0_engine(const OSSL_STORE_LOADER *loader) -{ - return loader->engine; -} - -const char *OSSL_STORE_LOADER_get0_scheme(const OSSL_STORE_LOADER *loader) -{ - return loader->scheme; -} - -int OSSL_STORE_LOADER_set_open(OSSL_STORE_LOADER *loader, - OSSL_STORE_open_fn open_function) -{ - loader->open = open_function; - return 1; -} - -int OSSL_STORE_LOADER_set_open_ex - (OSSL_STORE_LOADER *loader, - OSSL_STORE_open_ex_fn open_ex_function) -{ - loader->open_ex = open_ex_function; - return 1; -} - -int OSSL_STORE_LOADER_set_attach(OSSL_STORE_LOADER *loader, - OSSL_STORE_attach_fn attach_function) -{ - loader->attach = attach_function; - return 1; -} - -int OSSL_STORE_LOADER_set_ctrl(OSSL_STORE_LOADER *loader, - OSSL_STORE_ctrl_fn ctrl_function) -{ - loader->ctrl = ctrl_function; - return 1; -} - -int OSSL_STORE_LOADER_set_expect(OSSL_STORE_LOADER *loader, - OSSL_STORE_expect_fn expect_function) -{ - loader->expect = expect_function; - return 1; -} - -int OSSL_STORE_LOADER_set_find(OSSL_STORE_LOADER *loader, - OSSL_STORE_find_fn find_function) -{ - loader->find = find_function; - return 1; -} - -int OSSL_STORE_LOADER_set_load(OSSL_STORE_LOADER *loader, - OSSL_STORE_load_fn load_function) -{ - loader->load = load_function; - return 1; -} - -int OSSL_STORE_LOADER_set_eof(OSSL_STORE_LOADER *loader, - OSSL_STORE_eof_fn eof_function) -{ - loader->eof = eof_function; - return 1; -} - -int OSSL_STORE_LOADER_set_error(OSSL_STORE_LOADER *loader, - OSSL_STORE_error_fn error_function) -{ - loader->error = error_function; - return 1; -} - -int OSSL_STORE_LOADER_set_close(OSSL_STORE_LOADER *loader, - OSSL_STORE_close_fn close_function) -{ - loader->closefn = close_function; - return 1; -} - -/* - * Functions for registering OSSL_STORE_LOADERs - */ - -static unsigned long store_loader_hash(const OSSL_STORE_LOADER *v) -{ - return OPENSSL_LH_strhash(v->scheme); -} - -static int store_loader_cmp(const OSSL_STORE_LOADER *a, - const OSSL_STORE_LOADER *b) -{ - assert(a->scheme != NULL && b->scheme != NULL); - return strcmp(a->scheme, b->scheme); -} - -static LHASH_OF(OSSL_STORE_LOADER) *loader_register = NULL; -static int ossl_store_register_init(void) -{ - if (loader_register == NULL) { - loader_register = lh_OSSL_STORE_LOADER_new(store_loader_hash, - store_loader_cmp); - } - return loader_register != NULL; -} - -int ossl_store_register_loader_int(OSSL_STORE_LOADER *loader) -{ - const char *scheme = loader->scheme; - int ok = 0; - - /* - * Check that the given scheme conforms to correct scheme syntax as per - * RFC 3986: - * - * scheme = ALPHA *( ALPHA / DIGIT / "+" / "-" / "." ) - */ - if (ossl_isalpha(*scheme)) - while (*scheme != '\0' - && (ossl_isalpha(*scheme) - || ossl_isdigit(*scheme) - || strchr("+-.", *scheme) != NULL)) - scheme++; - if (*scheme != '\0') { - ERR_raise_data(ERR_LIB_OSSL_STORE, OSSL_STORE_R_INVALID_SCHEME, - "scheme=%s", loader->scheme); - return 0; - } - - /* Check that functions we absolutely require are present */ - if (loader->open == NULL || loader->load == NULL || loader->eof == NULL - || loader->error == NULL || loader->closefn == NULL) { - ERR_raise(ERR_LIB_OSSL_STORE, OSSL_STORE_R_LOADER_INCOMPLETE); - return 0; - } - - if (!RUN_ONCE(®istry_init, do_registry_init)) { - ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE); - return 0; - } - if (!CRYPTO_THREAD_write_lock(registry_lock)) - return 0; - - if (ossl_store_register_init() - && (lh_OSSL_STORE_LOADER_insert(loader_register, loader) != NULL - || lh_OSSL_STORE_LOADER_error(loader_register) == 0)) - ok = 1; - - CRYPTO_THREAD_unlock(registry_lock); - - return ok; -} -int OSSL_STORE_register_loader(OSSL_STORE_LOADER *loader) -{ - return ossl_store_register_loader_int(loader); -} - -const OSSL_STORE_LOADER *ossl_store_get0_loader_int(const char *scheme) -{ - OSSL_STORE_LOADER template; - OSSL_STORE_LOADER *loader = NULL; - - template.scheme = scheme; - template.open = NULL; - template.load = NULL; - template.eof = NULL; - template.closefn = NULL; - template.open_ex = NULL; - - if (!RUN_ONCE(®istry_init, do_registry_init)) { - ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE); - return NULL; - } - if (!CRYPTO_THREAD_write_lock(registry_lock)) - return NULL; - - if (!ossl_store_register_init()) - ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_INTERNAL_ERROR); - else if ((loader = lh_OSSL_STORE_LOADER_retrieve(loader_register, - &template)) == NULL) - ERR_raise_data(ERR_LIB_OSSL_STORE, OSSL_STORE_R_UNREGISTERED_SCHEME, - "scheme=%s", scheme); - - CRYPTO_THREAD_unlock(registry_lock); - - return loader; -} - -OSSL_STORE_LOADER *ossl_store_unregister_loader_int(const char *scheme) -{ - OSSL_STORE_LOADER template; - OSSL_STORE_LOADER *loader = NULL; - - template.scheme = scheme; - template.open = NULL; - template.load = NULL; - template.eof = NULL; - template.closefn = NULL; - - if (!RUN_ONCE(®istry_init, do_registry_init)) { - ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE); - return NULL; - } - if (!CRYPTO_THREAD_write_lock(registry_lock)) - return NULL; - - if (!ossl_store_register_init()) - ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_INTERNAL_ERROR); - else if ((loader = lh_OSSL_STORE_LOADER_delete(loader_register, - &template)) == NULL) - ERR_raise_data(ERR_LIB_OSSL_STORE, OSSL_STORE_R_UNREGISTERED_SCHEME, - "scheme=%s", scheme); - - CRYPTO_THREAD_unlock(registry_lock); - - return loader; -} -OSSL_STORE_LOADER *OSSL_STORE_unregister_loader(const char *scheme) -{ - return ossl_store_unregister_loader_int(scheme); -} - -void ossl_store_destroy_loaders_int(void) -{ - lh_OSSL_STORE_LOADER_free(loader_register); - loader_register = NULL; - CRYPTO_THREAD_lock_free(registry_lock); - registry_lock = NULL; -} - -/* - * Functions to list OSSL_STORE loaders - */ - -IMPLEMENT_LHASH_DOALL_ARG_CONST(OSSL_STORE_LOADER, void); -int OSSL_STORE_do_all_loaders(void (*do_function) (const OSSL_STORE_LOADER - *loader, void *do_arg), - void *do_arg) -{ - if (ossl_store_register_init()) - lh_OSSL_STORE_LOADER_doall_void(loader_register, do_function, do_arg); - return 1; -} diff --git a/crypto/store/store_result.c b/crypto/store/store_result.c deleted file mode 100644 index 96d31199074d6bb63dc097b66bb5bd6b5235698b..0000000000000000000000000000000000000000 --- a/crypto/store/store_result.c +++ /dev/null @@ -1,648 +0,0 @@ -/* - * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include "e_os.h" -#include - -#include -#include -#include -#include -#include -#include -#include -#include -#include "internal/provider.h" -#include "internal/passphrase.h" -#include "crypto/evp.h" -#include "crypto/x509.h" -#include "store_local.h" - -#ifndef OSSL_OBJECT_PKCS12 -/* - * The object abstraction doesn't know PKCS#12, but we want to indicate - * it anyway, so we create our own. Since the public macros use positive - * numbers, negative ones should be fine. They must never slip out from - * this translation unit anyway. - */ -# define OSSL_OBJECT_PKCS12 -1 -#endif - -/* - * ossl_store_handle_load_result() is initially written to be a companion - * to our 'file:' scheme provider implementation, but has been made generic - * to serve others as well. - * - * This result handler takes any object abstraction (see provider-object(7)) - * and does the best it can with it. If the object is passed by value (not - * by reference), the contents are currently expected to be DER encoded. - * If an object type is specified, that will be respected; otherwise, this - * handler will guess the contents, by trying the following in order: - * - * 1. Decode it into an EVP_PKEY, using OSSL_DECODER. - * 2. Decode it into an X.509 certificate, using d2i_X509 / d2i_X509_AUX. - * 3. Decode it into an X.509 CRL, using d2i_X509_CRL. - * 4. Decode it into a PKCS#12 structure, using d2i_PKCS12 (*). - * - * For the 'file:' scheme implementation, this is division of labor. Since - * the libcrypto <-> provider interface currently doesn't support certain - * structures as first class objects, they must be unpacked from DER here - * rather than in the provider. The current exception is asymmetric keys, - * which can reside within the provider boundary, most of all thanks to - * OSSL_FUNC_keymgmt_load(), which allows loading the key material by - * reference. - */ - -struct extracted_param_data_st { - int object_type; - const char *data_type; - const char *data_structure; - const char *utf8_data; - const void *octet_data; - size_t octet_data_size; - const void *ref; - size_t ref_size; - const char *desc; -}; - -static int try_name(struct extracted_param_data_st *, OSSL_STORE_INFO **); -static int try_key(struct extracted_param_data_st *, OSSL_STORE_INFO **, - OSSL_STORE_CTX *, const OSSL_PROVIDER *, - OSSL_LIB_CTX *, const char *); -static int try_cert(struct extracted_param_data_st *, OSSL_STORE_INFO **, - OSSL_LIB_CTX *, const char *); -static int try_crl(struct extracted_param_data_st *, OSSL_STORE_INFO **, - OSSL_LIB_CTX *, const char *); -static int try_pkcs12(struct extracted_param_data_st *, OSSL_STORE_INFO **, - OSSL_STORE_CTX *, OSSL_LIB_CTX *, const char *); - -int ossl_store_handle_load_result(const OSSL_PARAM params[], void *arg) -{ - struct ossl_load_result_data_st *cbdata = arg; - OSSL_STORE_INFO **v = &cbdata->v; - OSSL_STORE_CTX *ctx = cbdata->ctx; - const OSSL_PROVIDER *provider = - OSSL_STORE_LOADER_get0_provider(ctx->fetched_loader); - OSSL_LIB_CTX *libctx = ossl_provider_libctx(provider); - const char *propq = ctx->properties; - const OSSL_PARAM *p; - struct extracted_param_data_st helper_data; - - memset(&helper_data, 0, sizeof(helper_data)); - helper_data.object_type = OSSL_OBJECT_UNKNOWN; - - if ((p = OSSL_PARAM_locate_const(params, OSSL_OBJECT_PARAM_TYPE)) != NULL - && !OSSL_PARAM_get_int(p, &helper_data.object_type)) - return 0; - p = OSSL_PARAM_locate_const(params, OSSL_OBJECT_PARAM_DATA_TYPE); - if (p != NULL - && !OSSL_PARAM_get_utf8_string_ptr(p, &helper_data.data_type)) - return 0; - p = OSSL_PARAM_locate_const(params, OSSL_OBJECT_PARAM_DATA); - if (p != NULL - && !OSSL_PARAM_get_octet_string_ptr(p, &helper_data.octet_data, - &helper_data.octet_data_size) - && !OSSL_PARAM_get_utf8_string_ptr(p, &helper_data.utf8_data)) - return 0; - p = OSSL_PARAM_locate_const(params, OSSL_OBJECT_PARAM_DATA_STRUCTURE); - if (p != NULL - && !OSSL_PARAM_get_utf8_string_ptr(p, &helper_data.data_structure)) - return 0; - p = OSSL_PARAM_locate_const(params, OSSL_OBJECT_PARAM_REFERENCE); - if (p != NULL && !OSSL_PARAM_get_octet_string_ptr(p, &helper_data.ref, - &helper_data.ref_size)) - return 0; - p = OSSL_PARAM_locate_const(params, OSSL_OBJECT_PARAM_DESC); - if (p != NULL && !OSSL_PARAM_get_utf8_string_ptr(p, &helper_data.desc)) - return 0; - - /* - * The helper functions return 0 on actual errors, otherwise 1, even if - * they didn't fill out |*v|. - */ - ERR_set_mark(); - if (*v == NULL && !try_name(&helper_data, v)) - goto err; - ERR_pop_to_mark(); - ERR_set_mark(); - if (*v == NULL && !try_key(&helper_data, v, ctx, provider, libctx, propq)) - goto err; - ERR_pop_to_mark(); - ERR_set_mark(); - if (*v == NULL && !try_cert(&helper_data, v, libctx, propq)) - goto err; - ERR_pop_to_mark(); - ERR_set_mark(); - if (*v == NULL && !try_crl(&helper_data, v, libctx, propq)) - goto err; - ERR_pop_to_mark(); - ERR_set_mark(); - if (*v == NULL && !try_pkcs12(&helper_data, v, ctx, libctx, propq)) - goto err; - ERR_pop_to_mark(); - - if (*v == NULL) - ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_UNSUPPORTED); - - return (*v != NULL); - err: - ERR_clear_last_mark(); - return 0; -} - -static int try_name(struct extracted_param_data_st *data, OSSL_STORE_INFO **v) -{ - if (data->object_type == OSSL_OBJECT_NAME) { - char *newname = NULL, *newdesc = NULL; - - if (data->utf8_data == NULL) - return 0; - if ((newname = OPENSSL_strdup(data->utf8_data)) == NULL - || (data->desc != NULL - && (newdesc = OPENSSL_strdup(data->desc)) == NULL) - || (*v = OSSL_STORE_INFO_new_NAME(newname)) == NULL) { - OPENSSL_free(newname); - OPENSSL_free(newdesc); - return 0; - } - OSSL_STORE_INFO_set0_NAME_description(*v, newdesc); - } - return 1; -} - -/* - * For the rest of the object types, the provider code may not know what - * type of data it gave us, so we may need to figure that out on our own. - * Therefore, we do check for OSSL_OBJECT_UNKNOWN everywhere below, and - * only return 0 on error if the object type is known. - */ - -static EVP_PKEY *try_key_ref(struct extracted_param_data_st *data, - OSSL_STORE_CTX *ctx, - const OSSL_PROVIDER *provider, - OSSL_LIB_CTX *libctx, const char *propq) -{ - EVP_PKEY *pk = NULL; - EVP_KEYMGMT *keymgmt = NULL; - void *keydata = NULL; - int try_fallback = 2; - - /* If we have an object reference, we must have a data type */ - if (data->data_type == NULL) - return 0; - - keymgmt = EVP_KEYMGMT_fetch(libctx, data->data_type, propq); - ERR_set_mark(); - while (keymgmt != NULL && keydata == NULL && try_fallback-- > 0) { - /* - * There are two possible cases - * - * 1. The keymgmt is from the same provider as the loader, - * so we can use evp_keymgmt_load() - * 2. The keymgmt is from another provider, then we must - * do the export/import dance. - */ - if (EVP_KEYMGMT_get0_provider(keymgmt) == provider) { - /* no point trying fallback here */ - try_fallback = 0; - keydata = evp_keymgmt_load(keymgmt, data->ref, data->ref_size); - } else { - struct evp_keymgmt_util_try_import_data_st import_data; - OSSL_FUNC_store_export_object_fn *export_object = - ctx->fetched_loader->p_export_object; - - import_data.keymgmt = keymgmt; - import_data.keydata = NULL; - import_data.selection = OSSL_KEYMGMT_SELECT_ALL; - - if (export_object != NULL) { - /* - * No need to check for errors here, the value of - * |import_data.keydata| is as much an indicator. - */ - (void)export_object(ctx->loader_ctx, - data->ref, data->ref_size, - &evp_keymgmt_util_try_import, - &import_data); - } - - keydata = import_data.keydata; - } - - if (keydata == NULL && try_fallback > 0) { - EVP_KEYMGMT_free(keymgmt); - keymgmt = evp_keymgmt_fetch_from_prov((OSSL_PROVIDER *)provider, - data->data_type, propq); - if (keymgmt != NULL) { - ERR_pop_to_mark(); - ERR_set_mark(); - } - } - } - if (keydata != NULL) { - ERR_pop_to_mark(); - pk = evp_keymgmt_util_make_pkey(keymgmt, keydata); - } else { - ERR_clear_last_mark(); - } - EVP_KEYMGMT_free(keymgmt); - - return pk; -} - -static EVP_PKEY *try_key_value(struct extracted_param_data_st *data, - OSSL_STORE_CTX *ctx, - OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg, - OSSL_LIB_CTX *libctx, const char *propq) -{ - EVP_PKEY *pk = NULL; - OSSL_DECODER_CTX *decoderctx = NULL; - const unsigned char *pdata = data->octet_data; - size_t pdatalen = data->octet_data_size; - int selection = 0; - - switch (ctx->expected_type) { - case 0: - break; - case OSSL_STORE_INFO_PARAMS: - selection = OSSL_KEYMGMT_SELECT_ALL_PARAMETERS; - break; - case OSSL_STORE_INFO_PUBKEY: - selection = - OSSL_KEYMGMT_SELECT_PUBLIC_KEY - | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS; - break; - case OSSL_STORE_INFO_PKEY: - selection = OSSL_KEYMGMT_SELECT_ALL; - break; - default: - return NULL; - } - - decoderctx = - OSSL_DECODER_CTX_new_for_pkey(&pk, NULL, data->data_structure, - data->data_type, selection, libctx, - propq); - (void)OSSL_DECODER_CTX_set_passphrase_cb(decoderctx, cb, cbarg); - - /* No error if this couldn't be decoded */ - (void)OSSL_DECODER_from_data(decoderctx, &pdata, &pdatalen); - - OSSL_DECODER_CTX_free(decoderctx); - - return pk; -} - -typedef OSSL_STORE_INFO *store_info_new_fn(EVP_PKEY *); - -static EVP_PKEY *try_key_value_legacy(struct extracted_param_data_st *data, - store_info_new_fn **store_info_new, - OSSL_STORE_CTX *ctx, - OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg, - OSSL_LIB_CTX *libctx, const char *propq) -{ - EVP_PKEY *pk = NULL; - const unsigned char *der = data->octet_data, *derp; - long der_len = (long)data->octet_data_size; - - /* Try PUBKEY first, that's a real easy target */ - if (ctx->expected_type == 0 - || ctx->expected_type == OSSL_STORE_INFO_PUBKEY) { - derp = der; - pk = d2i_PUBKEY_ex(NULL, &derp, der_len, libctx, propq); - - if (pk != NULL) - *store_info_new = OSSL_STORE_INFO_new_PUBKEY; - } - - /* Try private keys next */ - if (pk == NULL - && (ctx->expected_type == 0 - || ctx->expected_type == OSSL_STORE_INFO_PKEY)) { - unsigned char *new_der = NULL; - X509_SIG *p8 = NULL; - PKCS8_PRIV_KEY_INFO *p8info = NULL; - - /* See if it's an encrypted PKCS#8 and decrypt it. */ - derp = der; - p8 = d2i_X509_SIG(NULL, &derp, der_len); - - if (p8 != NULL) { - char pbuf[PEM_BUFSIZE]; - size_t plen = 0; - - if (!cb(pbuf, sizeof(pbuf), &plen, NULL, cbarg)) { - ERR_raise(ERR_LIB_OSSL_STORE, OSSL_STORE_R_BAD_PASSWORD_READ); - } else { - const X509_ALGOR *alg = NULL; - const ASN1_OCTET_STRING *oct = NULL; - int len = 0; - - X509_SIG_get0(p8, &alg, &oct); - - /* - * No need to check the returned value, |new_der| - * will be NULL on error anyway. - */ - PKCS12_pbe_crypt(alg, pbuf, plen, - oct->data, oct->length, - &new_der, &len, 0); - der_len = len; - der = new_der; - } - X509_SIG_free(p8); - } - - /* - * If the encrypted PKCS#8 couldn't be decrypted, - * |der| is NULL - */ - if (der != NULL) { - /* Try to unpack an unencrypted PKCS#8, that's easy */ - derp = der; - p8info = d2i_PKCS8_PRIV_KEY_INFO(NULL, &derp, der_len); - - if (p8info != NULL) { - pk = EVP_PKCS82PKEY_ex(p8info, libctx, propq); - PKCS8_PRIV_KEY_INFO_free(p8info); - } - } - - if (pk != NULL) - *store_info_new = OSSL_STORE_INFO_new_PKEY; - - OPENSSL_free(new_der); - } - - return pk; -} - -static int try_key(struct extracted_param_data_st *data, OSSL_STORE_INFO **v, - OSSL_STORE_CTX *ctx, const OSSL_PROVIDER *provider, - OSSL_LIB_CTX *libctx, const char *propq) -{ - store_info_new_fn *store_info_new = NULL; - - if (data->object_type == OSSL_OBJECT_UNKNOWN - || data->object_type == OSSL_OBJECT_PKEY) { - EVP_PKEY *pk = NULL; - - /* Prefer key by reference than key by value */ - if (data->object_type == OSSL_OBJECT_PKEY && data->ref != NULL) { - pk = try_key_ref(data, ctx, provider, libctx, propq); - - /* - * If for some reason we couldn't get a key, it's an error. - * It indicates that while decoders could make a key reference, - * the keymgmt somehow couldn't handle it, or doesn't have a - * OSSL_FUNC_keymgmt_load function. - */ - if (pk == NULL) - return 0; - } else if (data->octet_data != NULL) { - OSSL_PASSPHRASE_CALLBACK *cb = ossl_pw_passphrase_callback_dec; - void *cbarg = &ctx->pwdata; - - pk = try_key_value(data, ctx, cb, cbarg, libctx, propq); - - /* - * Desperate last maneuver, in case the decoders don't support - * the data we have, then we try on our own to at least get an - * engine provided legacy key. - * This is the same as der2key_decode() does, but in a limited - * way and within the walls of libcrypto. - */ - if (pk == NULL) - pk = try_key_value_legacy(data, &store_info_new, ctx, - cb, cbarg, libctx, propq); - } - - if (pk != NULL) { - data->object_type = OSSL_OBJECT_PKEY; - - if (store_info_new == NULL) { - /* - * We determined the object type for OSSL_STORE_INFO, which - * makes an explicit difference between an EVP_PKEY with just - * (domain) parameters and an EVP_PKEY with actual key - * material. - * The logic is that an EVP_PKEY with actual key material - * always has the public half. - */ - if (evp_keymgmt_util_has(pk, OSSL_KEYMGMT_SELECT_PRIVATE_KEY)) - store_info_new = OSSL_STORE_INFO_new_PKEY; - else if (evp_keymgmt_util_has(pk, - OSSL_KEYMGMT_SELECT_PUBLIC_KEY)) - store_info_new = OSSL_STORE_INFO_new_PUBKEY; - else - store_info_new = OSSL_STORE_INFO_new_PARAMS; - } - *v = store_info_new(pk); - } - - if (*v == NULL) - EVP_PKEY_free(pk); - } - - return 1; -} - -static int try_cert(struct extracted_param_data_st *data, OSSL_STORE_INFO **v, - OSSL_LIB_CTX *libctx, const char *propq) -{ - if (data->object_type == OSSL_OBJECT_UNKNOWN - || data->object_type == OSSL_OBJECT_CERT) { - /* - * In most cases, we can try to interpret the serialized - * data as a trusted cert (X509 + X509_AUX) and fall back - * to reading it as a normal cert (just X509), but if - * |data_type| (the PEM name) specifically declares it as a - * trusted cert, then no fallback should be engaged. - * |ignore_trusted| tells if the fallback can be used (1) - * or not (0). - */ - int ignore_trusted = 1; - X509 *cert = X509_new_ex(libctx, propq); - - if (cert == NULL) - return 0; - - /* If we have a data type, it should be a PEM name */ - if (data->data_type != NULL - && (OPENSSL_strcasecmp(data->data_type, PEM_STRING_X509_TRUSTED) == 0)) - ignore_trusted = 0; - - if (d2i_X509_AUX(&cert, (const unsigned char **)&data->octet_data, - data->octet_data_size) == NULL - && (!ignore_trusted - || d2i_X509(&cert, (const unsigned char **)&data->octet_data, - data->octet_data_size) == NULL)) { - X509_free(cert); - cert = NULL; - } - - if (cert != NULL) { - /* We determined the object type */ - data->object_type = OSSL_OBJECT_CERT; - *v = OSSL_STORE_INFO_new_CERT(cert); - if (*v == NULL) - X509_free(cert); - } - } - - return 1; -} - -static int try_crl(struct extracted_param_data_st *data, OSSL_STORE_INFO **v, - OSSL_LIB_CTX *libctx, const char *propq) -{ - if (data->object_type == OSSL_OBJECT_UNKNOWN - || data->object_type == OSSL_OBJECT_CRL) { - X509_CRL *crl; - - crl = d2i_X509_CRL(NULL, (const unsigned char **)&data->octet_data, - data->octet_data_size); - - if (crl != NULL) - /* We determined the object type */ - data->object_type = OSSL_OBJECT_CRL; - - if (crl != NULL && !ossl_x509_crl_set0_libctx(crl, libctx, propq)) { - X509_CRL_free(crl); - crl = NULL; - } - - if (crl != NULL) - *v = OSSL_STORE_INFO_new_CRL(crl); - if (*v == NULL) - X509_CRL_free(crl); - } - - return 1; -} - -static int try_pkcs12(struct extracted_param_data_st *data, OSSL_STORE_INFO **v, - OSSL_STORE_CTX *ctx, - OSSL_LIB_CTX *libctx, const char *propq) -{ - int ok = 1; - - /* There is no specific object type for PKCS12 */ - if (data->object_type == OSSL_OBJECT_UNKNOWN) { - /* Initial parsing */ - PKCS12 *p12; - - p12 = d2i_PKCS12(NULL, (const unsigned char **)&data->octet_data, - data->octet_data_size); - - if (p12 != NULL) { - char *pass = NULL; - char tpass[PEM_BUFSIZE + 1]; - size_t tpass_len; - EVP_PKEY *pkey = NULL; - X509 *cert = NULL; - STACK_OF(X509) *chain = NULL; - - data->object_type = OSSL_OBJECT_PKCS12; - - ok = 0; /* Assume decryption or parse error */ - - if (PKCS12_verify_mac(p12, "", 0) - || PKCS12_verify_mac(p12, NULL, 0)) { - pass = ""; - } else { - static char prompt_info[] = "PKCS12 import pass phrase"; - OSSL_PARAM pw_params[] = { - OSSL_PARAM_utf8_string(OSSL_PASSPHRASE_PARAM_INFO, - prompt_info, - sizeof(prompt_info) - 1), - OSSL_PARAM_END - }; - - if (!ossl_pw_get_passphrase(tpass, sizeof(tpass) - 1, - &tpass_len, - pw_params, 0, &ctx->pwdata)) { - ERR_raise(ERR_LIB_OSSL_STORE, - OSSL_STORE_R_PASSPHRASE_CALLBACK_ERROR); - goto p12_end; - } - pass = tpass; - /* - * ossl_pw_get_passphrase() does not NUL terminate but - * we must do it for PKCS12_parse() - */ - pass[tpass_len] = '\0'; - if (!PKCS12_verify_mac(p12, pass, tpass_len)) { - ERR_raise_data(ERR_LIB_OSSL_STORE, - OSSL_STORE_R_ERROR_VERIFYING_PKCS12_MAC, - tpass_len == 0 ? "empty password" : - "maybe wrong password"); - goto p12_end; - } - } - - if (PKCS12_parse(p12, pass, &pkey, &cert, &chain)) { - STACK_OF(OSSL_STORE_INFO) *infos = NULL; - OSSL_STORE_INFO *osi_pkey = NULL; - OSSL_STORE_INFO *osi_cert = NULL; - OSSL_STORE_INFO *osi_ca = NULL; - - ok = 1; /* Parsing went through correctly! */ - - if ((infos = sk_OSSL_STORE_INFO_new_null()) != NULL) { - if (pkey != NULL) { - if ((osi_pkey = OSSL_STORE_INFO_new_PKEY(pkey)) != NULL - /* clearing pkey here avoids case distinctions */ - && (pkey = NULL) == NULL - && sk_OSSL_STORE_INFO_push(infos, osi_pkey) != 0) - osi_pkey = NULL; - else - ok = 0; - } - if (ok && cert != NULL) { - if ((osi_cert = OSSL_STORE_INFO_new_CERT(cert)) != NULL - /* clearing cert here avoids case distinctions */ - && (cert = NULL) == NULL - && sk_OSSL_STORE_INFO_push(infos, osi_cert) != 0) - osi_cert = NULL; - else - ok = 0; - } - while (ok && sk_X509_num(chain) > 0) { - X509 *ca = sk_X509_value(chain, 0); - - if ((osi_ca = OSSL_STORE_INFO_new_CERT(ca)) != NULL - && sk_X509_shift(chain) != NULL - && sk_OSSL_STORE_INFO_push(infos, osi_ca) != 0) - osi_ca = NULL; - else - ok = 0; - } - } - EVP_PKEY_free(pkey); - X509_free(cert); - sk_X509_pop_free(chain, X509_free); - OSSL_STORE_INFO_free(osi_pkey); - OSSL_STORE_INFO_free(osi_cert); - OSSL_STORE_INFO_free(osi_ca); - if (!ok) { - sk_OSSL_STORE_INFO_pop_free(infos, OSSL_STORE_INFO_free); - infos = NULL; - } - ctx->cached_info = infos; - } - p12_end: - OPENSSL_cleanse(tpass, sizeof(tpass)); - PKCS12_free(p12); - } - *v = sk_OSSL_STORE_INFO_shift(ctx->cached_info); - } - - return ok; -} diff --git a/crypto/store/store_strings.c b/crypto/store/store_strings.c deleted file mode 100644 index 3d4a8ea730795dbc121f990c01bd7fe1fa1e2260..0000000000000000000000000000000000000000 --- a/crypto/store/store_strings.c +++ /dev/null @@ -1,29 +0,0 @@ -/* - * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include - -static char *type_strings[] = { - "Name", /* OSSL_STORE_INFO_NAME */ - "Parameters", /* OSSL_STORE_INFO_PARAMS */ - "Public key", /* OSSL_STORE_INFO_PUBKEY */ - "Pkey", /* OSSL_STORE_INFO_PKEY */ - "Certificate", /* OSSL_STORE_INFO_CERT */ - "CRL" /* OSSL_STORE_INFO_CRL */ -}; - -const char *OSSL_STORE_INFO_type_string(int type) -{ - int types = sizeof(type_strings) / sizeof(type_strings[0]); - - if (type < 1 || type > types) - return NULL; - - return type_strings[type - 1]; -} diff --git a/crypto/threads_lib.c b/crypto/threads_lib.c deleted file mode 100644 index 0c7162392df8a3ae19d207c9311a351e2c99b5f3..0000000000000000000000000000000000000000 --- a/crypto/threads_lib.c +++ /dev/null @@ -1,25 +0,0 @@ -/* - * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ -#include - -#ifndef OPENSSL_NO_DEPRECATED_3_0 - -void OPENSSL_fork_prepare(void) -{ -} - -void OPENSSL_fork_parent(void) -{ -} - -void OPENSSL_fork_child(void) -{ -} - -#endif diff --git a/crypto/threads_none.c b/crypto/threads_none.c deleted file mode 100644 index 2570efde23787a10712f6bbaa416ec962410dc93..0000000000000000000000000000000000000000 --- a/crypto/threads_none.c +++ /dev/null @@ -1,165 +0,0 @@ -/* - * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/cryptlib.h" - -#if !defined(OPENSSL_THREADS) || defined(CRYPTO_TDEBUG) - -# if defined(OPENSSL_SYS_UNIX) -# include -# include -# endif - -CRYPTO_RWLOCK *CRYPTO_THREAD_lock_new(void) -{ - CRYPTO_RWLOCK *lock; - - if ((lock = OPENSSL_zalloc(sizeof(unsigned int))) == NULL) { - /* Don't set error, to avoid recursion blowup. */ - return NULL; - } - - *(unsigned int *)lock = 1; - - return lock; -} - -__owur int CRYPTO_THREAD_read_lock(CRYPTO_RWLOCK *lock) -{ - if (!ossl_assert(*(unsigned int *)lock == 1)) - return 0; - return 1; -} - -__owur int CRYPTO_THREAD_write_lock(CRYPTO_RWLOCK *lock) -{ - if (!ossl_assert(*(unsigned int *)lock == 1)) - return 0; - return 1; -} - -int CRYPTO_THREAD_unlock(CRYPTO_RWLOCK *lock) -{ - if (!ossl_assert(*(unsigned int *)lock == 1)) - return 0; - return 1; -} - -void CRYPTO_THREAD_lock_free(CRYPTO_RWLOCK *lock) { - if (lock == NULL) - return; - - *(unsigned int *)lock = 0; - OPENSSL_free(lock); - - return; -} - -int CRYPTO_THREAD_run_once(CRYPTO_ONCE *once, void (*init)(void)) -{ - if (*once != 0) - return 1; - - init(); - *once = 1; - - return 1; -} - -#define OPENSSL_CRYPTO_THREAD_LOCAL_KEY_MAX 256 - -static void *thread_local_storage[OPENSSL_CRYPTO_THREAD_LOCAL_KEY_MAX]; - -int CRYPTO_THREAD_init_local(CRYPTO_THREAD_LOCAL *key, void (*cleanup)(void *)) -{ - static unsigned int thread_local_key = 0; - - if (thread_local_key >= OPENSSL_CRYPTO_THREAD_LOCAL_KEY_MAX) - return 0; - - *key = thread_local_key++; - - thread_local_storage[*key] = NULL; - - return 1; -} - -void *CRYPTO_THREAD_get_local(CRYPTO_THREAD_LOCAL *key) -{ - if (*key >= OPENSSL_CRYPTO_THREAD_LOCAL_KEY_MAX) - return NULL; - - return thread_local_storage[*key]; -} - -int CRYPTO_THREAD_set_local(CRYPTO_THREAD_LOCAL *key, void *val) -{ - if (*key >= OPENSSL_CRYPTO_THREAD_LOCAL_KEY_MAX) - return 0; - - thread_local_storage[*key] = val; - - return 1; -} - -int CRYPTO_THREAD_cleanup_local(CRYPTO_THREAD_LOCAL *key) -{ - *key = OPENSSL_CRYPTO_THREAD_LOCAL_KEY_MAX + 1; - return 1; -} - -CRYPTO_THREAD_ID CRYPTO_THREAD_get_current_id(void) -{ - return 0; -} - -int CRYPTO_THREAD_compare_id(CRYPTO_THREAD_ID a, CRYPTO_THREAD_ID b) -{ - return (a == b); -} - -int CRYPTO_atomic_add(int *val, int amount, int *ret, CRYPTO_RWLOCK *lock) -{ - *val += amount; - *ret = *val; - - return 1; -} - -int CRYPTO_atomic_or(uint64_t *val, uint64_t op, uint64_t *ret, - CRYPTO_RWLOCK *lock) -{ - *val |= op; - *ret = *val; - - return 1; -} - -int CRYPTO_atomic_load(uint64_t *val, uint64_t *ret, CRYPTO_RWLOCK *lock) -{ - *ret = *val; - - return 1; -} - -int openssl_init_fork_handlers(void) -{ - return 0; -} - -int openssl_get_fork_id(void) -{ -# if defined(OPENSSL_SYS_UNIX) - return getpid(); -# else - return 0; -# endif -} -#endif diff --git a/crypto/threads_pthread.c b/crypto/threads_pthread.c deleted file mode 100644 index bfc05a4e878c258957e824d6fb8b4d82464ed06b..0000000000000000000000000000000000000000 --- a/crypto/threads_pthread.c +++ /dev/null @@ -1,286 +0,0 @@ -/* - * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* We need to use the OPENSSL_fork_*() deprecated APIs */ -#define OPENSSL_SUPPRESS_DEPRECATED - -#include -#include "internal/cryptlib.h" - -#if defined(__sun) -# include -#endif - -#if defined(__apple_build_version__) && __apple_build_version__ < 6000000 -/* - * OS/X 10.7 and 10.8 had a weird version of clang which has __ATOMIC_ACQUIRE and - * __ATOMIC_ACQ_REL but which expects only one parameter for __atomic_is_lock_free() - * rather than two which has signature __atomic_is_lock_free(sizeof(_Atomic(T))). - * All of this makes impossible to use __atomic_is_lock_free here. - * - * See: https://github.com/llvm/llvm-project/commit/a4c2602b714e6c6edb98164550a5ae829b2de760 - */ -#define BROKEN_CLANG_ATOMICS -#endif - -#if defined(OPENSSL_THREADS) && !defined(CRYPTO_TDEBUG) && !defined(OPENSSL_SYS_WINDOWS) - -# if defined(OPENSSL_SYS_UNIX) -# include -# include -#endif - -# include - -# ifdef PTHREAD_RWLOCK_INITIALIZER -# define USE_RWLOCK -# endif - -CRYPTO_RWLOCK *CRYPTO_THREAD_lock_new(void) -{ -# ifdef USE_RWLOCK - CRYPTO_RWLOCK *lock; - - if ((lock = OPENSSL_zalloc(sizeof(pthread_rwlock_t))) == NULL) { - /* Don't set error, to avoid recursion blowup. */ - return NULL; - } - - if (pthread_rwlock_init(lock, NULL) != 0) { - OPENSSL_free(lock); - return NULL; - } -# else - pthread_mutexattr_t attr; - CRYPTO_RWLOCK *lock; - - if ((lock = OPENSSL_zalloc(sizeof(pthread_mutex_t))) == NULL) { - /* Don't set error, to avoid recursion blowup. */ - return NULL; - } - - /* - * We don't use recursive mutexes, but try to catch errors if we do. - */ - pthread_mutexattr_init(&attr); -# if !defined (__TANDEM) && !defined (_SPT_MODEL_) -# if !defined(NDEBUG) && !defined(OPENSSL_NO_MUTEX_ERRORCHECK) - pthread_mutexattr_settype(&attr, PTHREAD_MUTEX_ERRORCHECK); -# else - pthread_mutexattr_settype(&attr, PTHREAD_MUTEX_NORMAL); -# endif -# else - /* The SPT Thread Library does not define MUTEX attributes. */ -# endif - - if (pthread_mutex_init(lock, &attr) != 0) { - pthread_mutexattr_destroy(&attr); - OPENSSL_free(lock); - return NULL; - } - - pthread_mutexattr_destroy(&attr); -# endif - - return lock; -} - -__owur int CRYPTO_THREAD_read_lock(CRYPTO_RWLOCK *lock) -{ -# ifdef USE_RWLOCK - if (pthread_rwlock_rdlock(lock) != 0) - return 0; -# else - if (pthread_mutex_lock(lock) != 0) { - assert(errno != EDEADLK && errno != EBUSY); - return 0; - } -# endif - - return 1; -} - -__owur int CRYPTO_THREAD_write_lock(CRYPTO_RWLOCK *lock) -{ -# ifdef USE_RWLOCK - if (pthread_rwlock_wrlock(lock) != 0) - return 0; -# else - if (pthread_mutex_lock(lock) != 0) { - assert(errno != EDEADLK && errno != EBUSY); - return 0; - } -# endif - - return 1; -} - -int CRYPTO_THREAD_unlock(CRYPTO_RWLOCK *lock) -{ -# ifdef USE_RWLOCK - if (pthread_rwlock_unlock(lock) != 0) - return 0; -# else - if (pthread_mutex_unlock(lock) != 0) { - assert(errno != EPERM); - return 0; - } -# endif - - return 1; -} - -void CRYPTO_THREAD_lock_free(CRYPTO_RWLOCK *lock) -{ - if (lock == NULL) - return; - -# ifdef USE_RWLOCK - pthread_rwlock_destroy(lock); -# else - pthread_mutex_destroy(lock); -# endif - OPENSSL_free(lock); - - return; -} - -int CRYPTO_THREAD_run_once(CRYPTO_ONCE *once, void (*init)(void)) -{ - if (pthread_once(once, init) != 0) - return 0; - - return 1; -} - -int CRYPTO_THREAD_init_local(CRYPTO_THREAD_LOCAL *key, void (*cleanup)(void *)) -{ - if (pthread_key_create(key, cleanup) != 0) - return 0; - - return 1; -} - -void *CRYPTO_THREAD_get_local(CRYPTO_THREAD_LOCAL *key) -{ - return pthread_getspecific(*key); -} - -int CRYPTO_THREAD_set_local(CRYPTO_THREAD_LOCAL *key, void *val) -{ - if (pthread_setspecific(*key, val) != 0) - return 0; - - return 1; -} - -int CRYPTO_THREAD_cleanup_local(CRYPTO_THREAD_LOCAL *key) -{ - if (pthread_key_delete(*key) != 0) - return 0; - - return 1; -} - -CRYPTO_THREAD_ID CRYPTO_THREAD_get_current_id(void) -{ - return pthread_self(); -} - -int CRYPTO_THREAD_compare_id(CRYPTO_THREAD_ID a, CRYPTO_THREAD_ID b) -{ - return pthread_equal(a, b); -} - -int CRYPTO_atomic_add(int *val, int amount, int *ret, CRYPTO_RWLOCK *lock) -{ -# if defined(__GNUC__) && defined(__ATOMIC_ACQ_REL) && !defined(BROKEN_CLANG_ATOMICS) - if (__atomic_is_lock_free(sizeof(*val), val)) { - *ret = __atomic_add_fetch(val, amount, __ATOMIC_ACQ_REL); - return 1; - } -# elif defined(__sun) && (defined(__SunOS_5_10) || defined(__SunOS_5_11)) - /* This will work for all future Solaris versions. */ - if (ret != NULL) { - *ret = atomic_add_int_nv((volatile unsigned int *)val, amount); - return 1; - } -# endif - if (lock == NULL || !CRYPTO_THREAD_write_lock(lock)) - return 0; - - *val += amount; - *ret = *val; - - if (!CRYPTO_THREAD_unlock(lock)) - return 0; - - return 1; -} - -int CRYPTO_atomic_or(uint64_t *val, uint64_t op, uint64_t *ret, - CRYPTO_RWLOCK *lock) -{ -# if defined(__GNUC__) && defined(__ATOMIC_ACQ_REL) && !defined(BROKEN_CLANG_ATOMICS) - if (__atomic_is_lock_free(sizeof(*val), val)) { - *ret = __atomic_or_fetch(val, op, __ATOMIC_ACQ_REL); - return 1; - } -# elif defined(__sun) && (defined(__SunOS_5_10) || defined(__SunOS_5_11)) - /* This will work for all future Solaris versions. */ - if (ret != NULL) { - *ret = atomic_or_64_nv(val, op); - return 1; - } -# endif - if (lock == NULL || !CRYPTO_THREAD_write_lock(lock)) - return 0; - *val |= op; - *ret = *val; - - if (!CRYPTO_THREAD_unlock(lock)) - return 0; - - return 1; -} - -int CRYPTO_atomic_load(uint64_t *val, uint64_t *ret, CRYPTO_RWLOCK *lock) -{ -# if defined(__GNUC__) && defined(__ATOMIC_ACQUIRE) && !defined(BROKEN_CLANG_ATOMICS) - if (__atomic_is_lock_free(sizeof(*val), val)) { - __atomic_load(val, ret, __ATOMIC_ACQUIRE); - return 1; - } -# elif defined(__sun) && (defined(__SunOS_5_10) || defined(__SunOS_5_11)) - /* This will work for all future Solaris versions. */ - if (ret != NULL) { - *ret = atomic_or_64_nv(val, 0); - return 1; - } -# endif - if (lock == NULL || !CRYPTO_THREAD_read_lock(lock)) - return 0; - *ret = *val; - if (!CRYPTO_THREAD_unlock(lock)) - return 0; - - return 1; -} -# ifndef FIPS_MODULE -int openssl_init_fork_handlers(void) -{ - return 1; -} -# endif /* FIPS_MODULE */ - -int openssl_get_fork_id(void) -{ - return getpid(); -} -#endif diff --git a/crypto/threads_win.c b/crypto/threads_win.c deleted file mode 100644 index f9cc73ce74f8a66e1281392b68c2c49738aa9489..0000000000000000000000000000000000000000 --- a/crypto/threads_win.c +++ /dev/null @@ -1,263 +0,0 @@ -/* - * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#if defined(_WIN32) -# include -# if defined(_WIN32_WINNT) && _WIN32_WINNT >= 0x600 -# define USE_RWLOCK -# endif -#endif - -/* - * VC++ 2008 or earlier x86 compilers do not have an inline implementation - * of InterlockedOr64 for 32bit and will fail to run on Windows XP 32bit. - * https://docs.microsoft.com/en-us/cpp/intrinsics/interlockedor-intrinsic-functions#requirements - * To work around this problem, we implement a manual locking mechanism for - * only VC++ 2008 or earlier x86 compilers. - */ - -#if (defined(_MSC_VER) && defined(_M_IX86) && _MSC_VER <= 1500) -# define NO_INTERLOCKEDOR64 -#endif - -#include - -#if defined(OPENSSL_THREADS) && !defined(CRYPTO_TDEBUG) && defined(OPENSSL_SYS_WINDOWS) - -# ifdef USE_RWLOCK -typedef struct { - SRWLOCK lock; - int exclusive; -} CRYPTO_win_rwlock; -# endif - -CRYPTO_RWLOCK *CRYPTO_THREAD_lock_new(void) -{ - CRYPTO_RWLOCK *lock; -# ifdef USE_RWLOCK - CRYPTO_win_rwlock *rwlock; - - if ((lock = OPENSSL_zalloc(sizeof(CRYPTO_win_rwlock))) == NULL) - return NULL; - rwlock = lock; - InitializeSRWLock(&rwlock->lock); -# else - - if ((lock = OPENSSL_zalloc(sizeof(CRITICAL_SECTION))) == NULL) { - /* Don't set error, to avoid recursion blowup. */ - return NULL; - } - -# if !defined(_WIN32_WCE) - /* 0x400 is the spin count value suggested in the documentation */ - if (!InitializeCriticalSectionAndSpinCount(lock, 0x400)) { - OPENSSL_free(lock); - return NULL; - } -# else - InitializeCriticalSection(lock); -# endif -# endif - - return lock; -} - -__owur int CRYPTO_THREAD_read_lock(CRYPTO_RWLOCK *lock) -{ -# ifdef USE_RWLOCK - CRYPTO_win_rwlock *rwlock = lock; - - AcquireSRWLockShared(&rwlock->lock); -# else - EnterCriticalSection(lock); -# endif - return 1; -} - -__owur int CRYPTO_THREAD_write_lock(CRYPTO_RWLOCK *lock) -{ -# ifdef USE_RWLOCK - CRYPTO_win_rwlock *rwlock = lock; - - AcquireSRWLockExclusive(&rwlock->lock); - rwlock->exclusive = 1; -# else - EnterCriticalSection(lock); -# endif - return 1; -} - -int CRYPTO_THREAD_unlock(CRYPTO_RWLOCK *lock) -{ -# ifdef USE_RWLOCK - CRYPTO_win_rwlock *rwlock = lock; - - if (rwlock->exclusive) { - rwlock->exclusive = 0; - ReleaseSRWLockExclusive(&rwlock->lock); - } else { - ReleaseSRWLockShared(&rwlock->lock); - } -# else - LeaveCriticalSection(lock); -# endif - return 1; -} - -void CRYPTO_THREAD_lock_free(CRYPTO_RWLOCK *lock) -{ - if (lock == NULL) - return; - -# ifndef USE_RWLOCK - DeleteCriticalSection(lock); -# endif - OPENSSL_free(lock); - - return; -} - -# define ONCE_UNINITED 0 -# define ONCE_ININIT 1 -# define ONCE_DONE 2 - -/* - * We don't use InitOnceExecuteOnce because that isn't available in WinXP which - * we still have to support. - */ -int CRYPTO_THREAD_run_once(CRYPTO_ONCE *once, void (*init)(void)) -{ - LONG volatile *lock = (LONG *)once; - LONG result; - - if (*lock == ONCE_DONE) - return 1; - - do { - result = InterlockedCompareExchange(lock, ONCE_ININIT, ONCE_UNINITED); - if (result == ONCE_UNINITED) { - init(); - *lock = ONCE_DONE; - return 1; - } - } while (result == ONCE_ININIT); - - return (*lock == ONCE_DONE); -} - -int CRYPTO_THREAD_init_local(CRYPTO_THREAD_LOCAL *key, void (*cleanup)(void *)) -{ - *key = TlsAlloc(); - if (*key == TLS_OUT_OF_INDEXES) - return 0; - - return 1; -} - -void *CRYPTO_THREAD_get_local(CRYPTO_THREAD_LOCAL *key) -{ - DWORD last_error; - void *ret; - - /* - * TlsGetValue clears the last error even on success, so that callers may - * distinguish it successfully returning NULL or failing. It is documented - * to never fail if the argument is a valid index from TlsAlloc, so we do - * not need to handle this. - * - * However, this error-mangling behavior interferes with the caller's use of - * GetLastError. In particular SSL_get_error queries the error queue to - * determine whether the caller should look at the OS's errors. To avoid - * destroying state, save and restore the Windows error. - * - * https://msdn.microsoft.com/en-us/library/windows/desktop/ms686812(v=vs.85).aspx - */ - last_error = GetLastError(); - ret = TlsGetValue(*key); - SetLastError(last_error); - return ret; -} - -int CRYPTO_THREAD_set_local(CRYPTO_THREAD_LOCAL *key, void *val) -{ - if (TlsSetValue(*key, val) == 0) - return 0; - - return 1; -} - -int CRYPTO_THREAD_cleanup_local(CRYPTO_THREAD_LOCAL *key) -{ - if (TlsFree(*key) == 0) - return 0; - - return 1; -} - -CRYPTO_THREAD_ID CRYPTO_THREAD_get_current_id(void) -{ - return GetCurrentThreadId(); -} - -int CRYPTO_THREAD_compare_id(CRYPTO_THREAD_ID a, CRYPTO_THREAD_ID b) -{ - return (a == b); -} - -int CRYPTO_atomic_add(int *val, int amount, int *ret, CRYPTO_RWLOCK *lock) -{ - *ret = (int)InterlockedExchangeAdd((long volatile *)val, (long)amount) + amount; - return 1; -} - -int CRYPTO_atomic_or(uint64_t *val, uint64_t op, uint64_t *ret, - CRYPTO_RWLOCK *lock) -{ -#if (defined(NO_INTERLOCKEDOR64)) - if (lock == NULL || !CRYPTO_THREAD_write_lock(lock)) - return 0; - *val |= op; - *ret = *val; - - if (!CRYPTO_THREAD_unlock(lock)) - return 0; - - return 1; -#else - *ret = (uint64_t)InterlockedOr64((LONG64 volatile *)val, (LONG64)op) | op; - return 1; -#endif -} - -int CRYPTO_atomic_load(uint64_t *val, uint64_t *ret, CRYPTO_RWLOCK *lock) -{ -#if (defined(NO_INTERLOCKEDOR64)) - if (lock == NULL || !CRYPTO_THREAD_read_lock(lock)) - return 0; - *ret = *val; - if (!CRYPTO_THREAD_unlock(lock)) - return 0; - - return 1; -#else - *ret = (uint64_t)InterlockedOr64((LONG64 volatile *)val, 0); - return 1; -#endif -} - -int openssl_init_fork_handlers(void) -{ - return 0; -} - -int openssl_get_fork_id(void) -{ - return 0; -} -#endif diff --git a/crypto/trace.c b/crypto/trace.c deleted file mode 100644 index d790409a2d6291bd6d894e838d61adf4cec85833..0000000000000000000000000000000000000000 --- a/crypto/trace.c +++ /dev/null @@ -1,520 +0,0 @@ -/* - * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include - -#include "internal/thread_once.h" -#include -#include -#include -#include "internal/bio.h" -#include "internal/nelem.h" -#include "internal/refcount.h" -#include "crypto/cryptlib.h" - -#ifndef OPENSSL_NO_TRACE - -static CRYPTO_RWLOCK *trace_lock = NULL; - -static const BIO *current_channel = NULL; - -/*- - * INTERNAL TRACE CHANNEL IMPLEMENTATION - * - * For our own flexibility, all trace categories are associated with a - * BIO sink object, also called the trace channel. Instead of a BIO object, - * the application can also provide a callback function, in which case an - * internal trace channel is attached, which simply calls the registered - * callback function. - */ -static int trace_write(BIO *b, const char *buf, - size_t num, size_t *written); -static int trace_puts(BIO *b, const char *str); -static long trace_ctrl(BIO *channel, int cmd, long argl, void *argp); -static int trace_free(BIO *b); - -static const BIO_METHOD trace_method = { - BIO_TYPE_SOURCE_SINK, - "trace", - trace_write, - NULL, /* old write */ - NULL, /* read_ex */ - NULL, /* read */ - trace_puts, - NULL, /* gets */ - trace_ctrl, /* ctrl */ - NULL, /* create */ - trace_free, /* free */ - NULL, /* callback_ctrl */ -}; - -struct trace_data_st { - OSSL_trace_cb callback; - int category; - void *data; -}; - -static int trace_write(BIO *channel, - const char *buf, size_t num, size_t *written) -{ - struct trace_data_st *ctx = BIO_get_data(channel); - size_t cnt = ctx->callback(buf, num, ctx->category, OSSL_TRACE_CTRL_WRITE, - ctx->data); - - *written = cnt; - return cnt != 0; -} - -static int trace_puts(BIO *channel, const char *str) -{ - size_t written; - - if (trace_write(channel, str, strlen(str), &written)) - return (int)written; - - return EOF; -} - -static long trace_ctrl(BIO *channel, int cmd, long argl, void *argp) -{ - struct trace_data_st *ctx = BIO_get_data(channel); - - switch (cmd) { - case OSSL_TRACE_CTRL_BEGIN: - case OSSL_TRACE_CTRL_END: - /* We know that the callback is likely to return 0 here */ - ctx->callback("", 0, ctx->category, cmd, ctx->data); - return 1; - default: - break; - } - return -2; /* Unsupported */ -} - -static int trace_free(BIO *channel) -{ - if (channel == NULL) - return 0; - OPENSSL_free(BIO_get_data(channel)); - return 1; -} -#endif - -/*- - * TRACE - */ - -/* Helper struct and macro to get name string to number mapping */ -struct trace_category_st { - const char * const name; - const int num; -}; -#define TRACE_CATEGORY_(name) { #name, OSSL_TRACE_CATEGORY_##name } - -static const struct trace_category_st trace_categories[] = { - TRACE_CATEGORY_(ALL), - TRACE_CATEGORY_(TRACE), - TRACE_CATEGORY_(INIT), - TRACE_CATEGORY_(TLS), - TRACE_CATEGORY_(TLS_CIPHER), - TRACE_CATEGORY_(CONF), -#ifndef OPENSSL_NO_ENGINE - TRACE_CATEGORY_(ENGINE_TABLE), - TRACE_CATEGORY_(ENGINE_REF_COUNT), -#endif - TRACE_CATEGORY_(PKCS5V2), - TRACE_CATEGORY_(PKCS12_KEYGEN), - TRACE_CATEGORY_(PKCS12_DECRYPT), - TRACE_CATEGORY_(X509V3_POLICY), - TRACE_CATEGORY_(BN_CTX), - TRACE_CATEGORY_(CMP), - TRACE_CATEGORY_(STORE), - TRACE_CATEGORY_(DECODER), - TRACE_CATEGORY_(ENCODER), - TRACE_CATEGORY_(REF_COUNT) -}; - -const char *OSSL_trace_get_category_name(int num) -{ - size_t i; - - for (i = 0; i < OSSL_NELEM(trace_categories); i++) - if (trace_categories[i].num == num) - return trace_categories[i].name; - return NULL; /* not found */ -} - -int OSSL_trace_get_category_num(const char *name) -{ - size_t i; - - for (i = 0; i < OSSL_NELEM(trace_categories); i++) - if (OPENSSL_strcasecmp(name, trace_categories[i].name) == 0) - return trace_categories[i].num; - return -1; /* not found */ -} - -#ifndef OPENSSL_NO_TRACE - -/* We use one trace channel for each trace category */ -static struct { - enum { SIMPLE_CHANNEL, CALLBACK_CHANNEL } type; - BIO *bio; - char *prefix; - char *suffix; -} trace_channels[OSSL_TRACE_CATEGORY_NUM] = { - { 0, NULL, NULL, NULL }, -}; - -#endif - -#ifndef OPENSSL_NO_TRACE - -enum { - CHANNEL, - PREFIX, - SUFFIX -}; - -static int trace_attach_cb(int category, int type, const void *data) -{ - switch (type) { - case CHANNEL: - OSSL_TRACE2(TRACE, "Attach channel %p to category '%s'\n", - data, trace_categories[category].name); - break; - case PREFIX: - OSSL_TRACE2(TRACE, "Attach prefix \"%s\" to category '%s'\n", - (const char *)data, trace_categories[category].name); - break; - case SUFFIX: - OSSL_TRACE2(TRACE, "Attach suffix \"%s\" to category '%s'\n", - (const char *)data, trace_categories[category].name); - break; - default: /* No clue */ - break; - } - return 1; -} - -static int trace_detach_cb(int category, int type, const void *data) -{ - switch (type) { - case CHANNEL: - OSSL_TRACE2(TRACE, "Detach channel %p from category '%s'\n", - data, trace_categories[category].name); - break; - case PREFIX: - OSSL_TRACE2(TRACE, "Detach prefix \"%s\" from category '%s'\n", - (const char *)data, trace_categories[category].name); - break; - case SUFFIX: - OSSL_TRACE2(TRACE, "Detach suffix \"%s\" from category '%s'\n", - (const char *)data, trace_categories[category].name); - break; - default: /* No clue */ - break; - } - return 1; -} - -static int do_ossl_trace_init(void); -static CRYPTO_ONCE trace_inited = CRYPTO_ONCE_STATIC_INIT; -DEFINE_RUN_ONCE_STATIC(ossl_trace_init) -{ - return do_ossl_trace_init(); -} - -static int set_trace_data(int category, int type, BIO **channel, - const char **prefix, const char **suffix, - int (*attach_cb)(int, int, const void *), - int (*detach_cb)(int, int, const void *)) -{ - BIO *curr_channel = NULL; - char *curr_prefix = NULL; - char *curr_suffix = NULL; - - /* Ensure do_ossl_trace_init() is called once */ - if (!RUN_ONCE(&trace_inited, ossl_trace_init)) - return 0; - - curr_channel = trace_channels[category].bio; - curr_prefix = trace_channels[category].prefix; - curr_suffix = trace_channels[category].suffix; - - /* Make sure to run the detach callback first on all data */ - if (prefix != NULL && curr_prefix != NULL) { - detach_cb(category, PREFIX, curr_prefix); - } - - if (suffix != NULL && curr_suffix != NULL) { - detach_cb(category, SUFFIX, curr_suffix); - } - - if (channel != NULL && curr_channel != NULL) { - detach_cb(category, CHANNEL, curr_channel); - } - - /* After detach callbacks are done, clear data where appropriate */ - if (prefix != NULL && curr_prefix != NULL) { - OPENSSL_free(curr_prefix); - trace_channels[category].prefix = NULL; - } - - if (suffix != NULL && curr_suffix != NULL) { - OPENSSL_free(curr_suffix); - trace_channels[category].suffix = NULL; - } - - if (channel != NULL && curr_channel != NULL) { - BIO_free(curr_channel); - trace_channels[category].type = 0; - trace_channels[category].bio = NULL; - } - - /* Before running callbacks are done, set new data where appropriate */ - if (channel != NULL && *channel != NULL) { - trace_channels[category].type = type; - trace_channels[category].bio = *channel; - } - - if (prefix != NULL && *prefix != NULL) { - if ((curr_prefix = OPENSSL_strdup(*prefix)) == NULL) - return 0; - trace_channels[category].prefix = curr_prefix; - } - - if (suffix != NULL && *suffix != NULL) { - if ((curr_suffix = OPENSSL_strdup(*suffix)) == NULL) - return 0; - trace_channels[category].suffix = curr_suffix; - } - - /* Finally, run the attach callback on the new data */ - if (channel != NULL && *channel != NULL) { - attach_cb(category, CHANNEL, *channel); - } - - if (prefix != NULL && *prefix != NULL) { - attach_cb(category, PREFIX, *prefix); - } - - if (suffix != NULL && *suffix != NULL) { - attach_cb(category, SUFFIX, *suffix); - } - - return 1; -} - -static int do_ossl_trace_init(void) -{ - trace_lock = CRYPTO_THREAD_lock_new(); - return trace_lock != NULL; -} - -#endif - -void ossl_trace_cleanup(void) -{ -#ifndef OPENSSL_NO_TRACE - int category; - BIO *channel = NULL; - const char *prefix = NULL; - const char *suffix = NULL; - - for (category = 0; category < OSSL_TRACE_CATEGORY_NUM; category++) { - /* We force the TRACE category to be treated last */ - if (category == OSSL_TRACE_CATEGORY_TRACE) - continue; - set_trace_data(category, 0, &channel, &prefix, &suffix, - trace_attach_cb, trace_detach_cb); - } - set_trace_data(OSSL_TRACE_CATEGORY_TRACE, 0, &channel, - &prefix, &suffix, - trace_attach_cb, trace_detach_cb); - CRYPTO_THREAD_lock_free(trace_lock); -#endif -} - -int OSSL_trace_set_channel(int category, BIO *channel) -{ -#ifndef OPENSSL_NO_TRACE - if (category >= 0 && category < OSSL_TRACE_CATEGORY_NUM) - return set_trace_data(category, SIMPLE_CHANNEL, &channel, NULL, NULL, - trace_attach_cb, trace_detach_cb); -#endif - return 0; -} - -#ifndef OPENSSL_NO_TRACE -static int trace_attach_w_callback_cb(int category, int type, const void *data) -{ - switch (type) { - case CHANNEL: - OSSL_TRACE2(TRACE, - "Attach channel %p to category '%s' (with callback)\n", - data, trace_categories[category].name); - break; - case PREFIX: - OSSL_TRACE2(TRACE, "Attach prefix \"%s\" to category '%s'\n", - (const char *)data, trace_categories[category].name); - break; - case SUFFIX: - OSSL_TRACE2(TRACE, "Attach suffix \"%s\" to category '%s'\n", - (const char *)data, trace_categories[category].name); - break; - default: /* No clue */ - break; - } - return 1; -} -#endif - -int OSSL_trace_set_callback(int category, OSSL_trace_cb callback, void *data) -{ -#ifndef OPENSSL_NO_TRACE - BIO *channel = NULL; - struct trace_data_st *trace_data = NULL; - - if (category < 0 || category >= OSSL_TRACE_CATEGORY_NUM) - return 0; - - if (callback != NULL) { - if ((channel = BIO_new(&trace_method)) == NULL - || (trace_data = - OPENSSL_zalloc(sizeof(struct trace_data_st))) == NULL) - goto err; - - trace_data->callback = callback; - trace_data->category = category; - trace_data->data = data; - - BIO_set_data(channel, trace_data); - } - - if (!set_trace_data(category, CALLBACK_CHANNEL, &channel, NULL, NULL, - trace_attach_w_callback_cb, trace_detach_cb)) - goto err; - - return 1; - - err: - BIO_free(channel); - OPENSSL_free(trace_data); -#endif - - return 0; -} - -int OSSL_trace_set_prefix(int category, const char *prefix) -{ -#ifndef OPENSSL_NO_TRACE - if (category >= 0 && category < OSSL_TRACE_CATEGORY_NUM) - return set_trace_data(category, 0, NULL, &prefix, NULL, - trace_attach_cb, trace_detach_cb); -#endif - return 0; -} - -int OSSL_trace_set_suffix(int category, const char *suffix) -{ -#ifndef OPENSSL_NO_TRACE - if (category >= 0 && category < OSSL_TRACE_CATEGORY_NUM) - return set_trace_data(category, 0, NULL, NULL, &suffix, - trace_attach_cb, trace_detach_cb); -#endif - return 0; -} - -#ifndef OPENSSL_NO_TRACE -static int ossl_trace_get_category(int category) -{ - if (category < 0 || category >= OSSL_TRACE_CATEGORY_NUM) - return -1; - if (trace_channels[category].bio != NULL) - return category; - return OSSL_TRACE_CATEGORY_ALL; -} -#endif - -int OSSL_trace_enabled(int category) -{ - int ret = 0; -#ifndef OPENSSL_NO_TRACE - category = ossl_trace_get_category(category); - if (category >= 0) - ret = trace_channels[category].bio != NULL; -#endif - return ret; -} - -BIO *OSSL_trace_begin(int category) -{ - BIO *channel = NULL; -#ifndef OPENSSL_NO_TRACE - char *prefix = NULL; - - category = ossl_trace_get_category(category); - if (category < 0) - return NULL; - - channel = trace_channels[category].bio; - prefix = trace_channels[category].prefix; - - if (channel != NULL) { - if (!CRYPTO_THREAD_write_lock(trace_lock)) - return NULL; - current_channel = channel; - switch (trace_channels[category].type) { - case SIMPLE_CHANNEL: - if (prefix != NULL) { - (void)BIO_puts(channel, prefix); - (void)BIO_puts(channel, "\n"); - } - break; - case CALLBACK_CHANNEL: - (void)BIO_ctrl(channel, OSSL_TRACE_CTRL_BEGIN, - prefix == NULL ? 0 : strlen(prefix), prefix); - break; - } - } -#endif - return channel; -} - -void OSSL_trace_end(int category, BIO * channel) -{ -#ifndef OPENSSL_NO_TRACE - char *suffix = NULL; - - category = ossl_trace_get_category(category); - if (category < 0) - return; - suffix = trace_channels[category].suffix; - if (channel != NULL - && ossl_assert(channel == current_channel)) { - (void)BIO_flush(channel); - switch (trace_channels[category].type) { - case SIMPLE_CHANNEL: - if (suffix != NULL) { - (void)BIO_puts(channel, suffix); - (void)BIO_puts(channel, "\n"); - } - break; - case CALLBACK_CHANNEL: - (void)BIO_ctrl(channel, OSSL_TRACE_CTRL_END, - suffix == NULL ? 0 : strlen(suffix), suffix); - break; - } - current_channel = NULL; - CRYPTO_THREAD_unlock(trace_lock); - } -#endif -} diff --git a/crypto/ts/ts_asn1.c b/crypto/ts/ts_asn1.c deleted file mode 100644 index ba3195eab8b369e2ecd3afdadb81284ffe9f88e8..0000000000000000000000000000000000000000 --- a/crypto/ts/ts_asn1.c +++ /dev/null @@ -1,234 +0,0 @@ -/* - * Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include "ts_local.h" - -ASN1_SEQUENCE(TS_MSG_IMPRINT) = { - ASN1_SIMPLE(TS_MSG_IMPRINT, hash_algo, X509_ALGOR), - ASN1_SIMPLE(TS_MSG_IMPRINT, hashed_msg, ASN1_OCTET_STRING) -} static_ASN1_SEQUENCE_END(TS_MSG_IMPRINT) - -IMPLEMENT_ASN1_FUNCTIONS(TS_MSG_IMPRINT) -IMPLEMENT_ASN1_DUP_FUNCTION(TS_MSG_IMPRINT) -TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_bio(BIO *bp, TS_MSG_IMPRINT **a) -{ - return ASN1_d2i_bio_of(TS_MSG_IMPRINT, TS_MSG_IMPRINT_new, - d2i_TS_MSG_IMPRINT, bp, a); -} - -int i2d_TS_MSG_IMPRINT_bio(BIO *bp, const TS_MSG_IMPRINT *a) -{ - return ASN1_i2d_bio_of(TS_MSG_IMPRINT, i2d_TS_MSG_IMPRINT, bp, a); -} -#ifndef OPENSSL_NO_STDIO -TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_fp(FILE *fp, TS_MSG_IMPRINT **a) -{ - return ASN1_d2i_fp_of(TS_MSG_IMPRINT, TS_MSG_IMPRINT_new, - d2i_TS_MSG_IMPRINT, fp, a); -} - -int i2d_TS_MSG_IMPRINT_fp(FILE *fp, const TS_MSG_IMPRINT *a) -{ - return ASN1_i2d_fp_of(TS_MSG_IMPRINT, i2d_TS_MSG_IMPRINT, fp, a); -} -#endif - -ASN1_SEQUENCE(TS_REQ) = { - ASN1_SIMPLE(TS_REQ, version, ASN1_INTEGER), - ASN1_SIMPLE(TS_REQ, msg_imprint, TS_MSG_IMPRINT), - ASN1_OPT(TS_REQ, policy_id, ASN1_OBJECT), - ASN1_OPT(TS_REQ, nonce, ASN1_INTEGER), - ASN1_OPT(TS_REQ, cert_req, ASN1_FBOOLEAN), - ASN1_IMP_SEQUENCE_OF_OPT(TS_REQ, extensions, X509_EXTENSION, 0) -} static_ASN1_SEQUENCE_END(TS_REQ) - -IMPLEMENT_ASN1_FUNCTIONS(TS_REQ) -IMPLEMENT_ASN1_DUP_FUNCTION(TS_REQ) -TS_REQ *d2i_TS_REQ_bio(BIO *bp, TS_REQ **a) -{ - return ASN1_d2i_bio_of(TS_REQ, TS_REQ_new, d2i_TS_REQ, bp, a); -} - -int i2d_TS_REQ_bio(BIO *bp, const TS_REQ *a) -{ - return ASN1_i2d_bio_of(TS_REQ, i2d_TS_REQ, bp, a); -} -#ifndef OPENSSL_NO_STDIO -TS_REQ *d2i_TS_REQ_fp(FILE *fp, TS_REQ **a) -{ - return ASN1_d2i_fp_of(TS_REQ, TS_REQ_new, d2i_TS_REQ, fp, a); -} - -int i2d_TS_REQ_fp(FILE *fp, const TS_REQ *a) -{ - return ASN1_i2d_fp_of(TS_REQ, i2d_TS_REQ, fp, a); -} -#endif - -ASN1_SEQUENCE(TS_ACCURACY) = { - ASN1_OPT(TS_ACCURACY, seconds, ASN1_INTEGER), - ASN1_IMP_OPT(TS_ACCURACY, millis, ASN1_INTEGER, 0), - ASN1_IMP_OPT(TS_ACCURACY, micros, ASN1_INTEGER, 1) -} static_ASN1_SEQUENCE_END(TS_ACCURACY) - -IMPLEMENT_ASN1_FUNCTIONS(TS_ACCURACY) -IMPLEMENT_ASN1_DUP_FUNCTION(TS_ACCURACY) - -ASN1_SEQUENCE(TS_TST_INFO) = { - ASN1_SIMPLE(TS_TST_INFO, version, ASN1_INTEGER), - ASN1_SIMPLE(TS_TST_INFO, policy_id, ASN1_OBJECT), - ASN1_SIMPLE(TS_TST_INFO, msg_imprint, TS_MSG_IMPRINT), - ASN1_SIMPLE(TS_TST_INFO, serial, ASN1_INTEGER), - ASN1_SIMPLE(TS_TST_INFO, time, ASN1_GENERALIZEDTIME), - ASN1_OPT(TS_TST_INFO, accuracy, TS_ACCURACY), - ASN1_OPT(TS_TST_INFO, ordering, ASN1_FBOOLEAN), - ASN1_OPT(TS_TST_INFO, nonce, ASN1_INTEGER), - ASN1_EXP_OPT(TS_TST_INFO, tsa, GENERAL_NAME, 0), - ASN1_IMP_SEQUENCE_OF_OPT(TS_TST_INFO, extensions, X509_EXTENSION, 1) -} static_ASN1_SEQUENCE_END(TS_TST_INFO) - -IMPLEMENT_ASN1_FUNCTIONS(TS_TST_INFO) -IMPLEMENT_ASN1_DUP_FUNCTION(TS_TST_INFO) -TS_TST_INFO *d2i_TS_TST_INFO_bio(BIO *bp, TS_TST_INFO **a) -{ - return ASN1_d2i_bio_of(TS_TST_INFO, TS_TST_INFO_new, d2i_TS_TST_INFO, bp, - a); -} - -int i2d_TS_TST_INFO_bio(BIO *bp, const TS_TST_INFO *a) -{ - return ASN1_i2d_bio_of(TS_TST_INFO, i2d_TS_TST_INFO, bp, a); -} -#ifndef OPENSSL_NO_STDIO -TS_TST_INFO *d2i_TS_TST_INFO_fp(FILE *fp, TS_TST_INFO **a) -{ - return ASN1_d2i_fp_of(TS_TST_INFO, TS_TST_INFO_new, d2i_TS_TST_INFO, fp, - a); -} - -int i2d_TS_TST_INFO_fp(FILE *fp, const TS_TST_INFO *a) -{ - return ASN1_i2d_fp_of(TS_TST_INFO, i2d_TS_TST_INFO, fp, a); -} -#endif - -ASN1_SEQUENCE(TS_STATUS_INFO) = { - ASN1_SIMPLE(TS_STATUS_INFO, status, ASN1_INTEGER), - ASN1_SEQUENCE_OF_OPT(TS_STATUS_INFO, text, ASN1_UTF8STRING), - ASN1_OPT(TS_STATUS_INFO, failure_info, ASN1_BIT_STRING) -} static_ASN1_SEQUENCE_END(TS_STATUS_INFO) - -IMPLEMENT_ASN1_FUNCTIONS(TS_STATUS_INFO) -IMPLEMENT_ASN1_DUP_FUNCTION(TS_STATUS_INFO) - -static int ts_resp_set_tst_info(TS_RESP *a) -{ - long status; - - status = ASN1_INTEGER_get(a->status_info->status); - - if (a->token) { - if (status != 0 && status != 1) { - ERR_raise(ERR_LIB_TS, TS_R_TOKEN_PRESENT); - return 0; - } - TS_TST_INFO_free(a->tst_info); - a->tst_info = PKCS7_to_TS_TST_INFO(a->token); - if (!a->tst_info) { - ERR_raise(ERR_LIB_TS, TS_R_PKCS7_TO_TS_TST_INFO_FAILED); - return 0; - } - } else if (status == 0 || status == 1) { - ERR_raise(ERR_LIB_TS, TS_R_TOKEN_NOT_PRESENT); - return 0; - } - - return 1; -} - -static int ts_resp_cb(int op, ASN1_VALUE **pval, const ASN1_ITEM *it, - void *exarg) -{ - TS_RESP *ts_resp = (TS_RESP *)*pval; - if (op == ASN1_OP_NEW_POST) { - ts_resp->tst_info = NULL; - } else if (op == ASN1_OP_FREE_POST) { - TS_TST_INFO_free(ts_resp->tst_info); - } else if (op == ASN1_OP_D2I_POST) { - if (ts_resp_set_tst_info(ts_resp) == 0) - return 0; - } - return 1; -} - -ASN1_SEQUENCE_cb(TS_RESP, ts_resp_cb) = { - ASN1_SIMPLE(TS_RESP, status_info, TS_STATUS_INFO), - ASN1_OPT(TS_RESP, token, PKCS7), -} static_ASN1_SEQUENCE_END_cb(TS_RESP, TS_RESP) - -IMPLEMENT_ASN1_FUNCTIONS(TS_RESP) - -IMPLEMENT_ASN1_DUP_FUNCTION(TS_RESP) - -TS_RESP *d2i_TS_RESP_bio(BIO *bp, TS_RESP **a) -{ - return ASN1_d2i_bio_of(TS_RESP, TS_RESP_new, d2i_TS_RESP, bp, a); -} - -int i2d_TS_RESP_bio(BIO *bp, const TS_RESP *a) -{ - return ASN1_i2d_bio_of(TS_RESP, i2d_TS_RESP, bp, a); -} -#ifndef OPENSSL_NO_STDIO -TS_RESP *d2i_TS_RESP_fp(FILE *fp, TS_RESP **a) -{ - return ASN1_d2i_fp_of(TS_RESP, TS_RESP_new, d2i_TS_RESP, fp, a); -} - -int i2d_TS_RESP_fp(FILE *fp, const TS_RESP *a) -{ - return ASN1_i2d_fp_of(TS_RESP, i2d_TS_RESP, fp, a); -} -#endif - -/* Getting encapsulated TS_TST_INFO object from PKCS7. */ -TS_TST_INFO *PKCS7_to_TS_TST_INFO(PKCS7 *token) -{ - PKCS7_SIGNED *pkcs7_signed; - PKCS7 *enveloped; - ASN1_TYPE *tst_info_wrapper; - ASN1_OCTET_STRING *tst_info_der; - const unsigned char *p; - - if (!PKCS7_type_is_signed(token)) { - ERR_raise(ERR_LIB_TS, TS_R_BAD_PKCS7_TYPE); - return NULL; - } - if (PKCS7_get_detached(token)) { - ERR_raise(ERR_LIB_TS, TS_R_DETACHED_CONTENT); - return NULL; - } - pkcs7_signed = token->d.sign; - enveloped = pkcs7_signed->contents; - if (OBJ_obj2nid(enveloped->type) != NID_id_smime_ct_TSTInfo) { - ERR_raise(ERR_LIB_TS, TS_R_BAD_PKCS7_TYPE); - return NULL; - } - tst_info_wrapper = enveloped->d.other; - if (tst_info_wrapper->type != V_ASN1_OCTET_STRING) { - ERR_raise(ERR_LIB_TS, TS_R_BAD_TYPE); - return NULL; - } - tst_info_der = tst_info_wrapper->value.octet_string; - p = tst_info_der->data; - return d2i_TS_TST_INFO(NULL, &p, tst_info_der->length); -} diff --git a/crypto/ts/ts_conf.c b/crypto/ts/ts_conf.c deleted file mode 100644 index fd2ad90754b04f20756f84c4f43f042c28bc5905..0000000000000000000000000000000000000000 --- a/crypto/ts/ts_conf.c +++ /dev/null @@ -1,498 +0,0 @@ -/* - * Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* We need to use some engine deprecated APIs */ -#define OPENSSL_SUPPRESS_DEPRECATED - -#include - -#include -#include "internal/cryptlib.h" -#include -#include -#include -#include - -/* Macro definitions for the configuration file. */ -#define BASE_SECTION "tsa" -#define ENV_DEFAULT_TSA "default_tsa" -#define ENV_SERIAL "serial" -#define ENV_CRYPTO_DEVICE "crypto_device" -#define ENV_SIGNER_CERT "signer_cert" -#define ENV_CERTS "certs" -#define ENV_SIGNER_KEY "signer_key" -#define ENV_SIGNER_DIGEST "signer_digest" -#define ENV_DEFAULT_POLICY "default_policy" -#define ENV_OTHER_POLICIES "other_policies" -#define ENV_DIGESTS "digests" -#define ENV_ACCURACY "accuracy" -#define ENV_ORDERING "ordering" -#define ENV_TSA_NAME "tsa_name" -#define ENV_ESS_CERT_ID_CHAIN "ess_cert_id_chain" -#define ENV_VALUE_SECS "secs" -#define ENV_VALUE_MILLISECS "millisecs" -#define ENV_VALUE_MICROSECS "microsecs" -#define ENV_CLOCK_PRECISION_DIGITS "clock_precision_digits" -#define ENV_VALUE_YES "yes" -#define ENV_VALUE_NO "no" -#define ENV_ESS_CERT_ID_ALG "ess_cert_id_alg" - -/* Function definitions for certificate and key loading. */ - -X509 *TS_CONF_load_cert(const char *file) -{ - BIO *cert = NULL; - X509 *x = NULL; - - if ((cert = BIO_new_file(file, "r")) == NULL) - goto end; - x = PEM_read_bio_X509_AUX(cert, NULL, NULL, NULL); - end: - if (x == NULL) - ERR_raise(ERR_LIB_TS, TS_R_CANNOT_LOAD_CERT); - BIO_free(cert); - return x; -} - -STACK_OF(X509) *TS_CONF_load_certs(const char *file) -{ - BIO *certs = NULL; - STACK_OF(X509) *othercerts = NULL; - STACK_OF(X509_INFO) *allcerts = NULL; - int i; - - if ((certs = BIO_new_file(file, "r")) == NULL) - goto end; - if ((othercerts = sk_X509_new_null()) == NULL) - goto end; - - allcerts = PEM_X509_INFO_read_bio(certs, NULL, NULL, NULL); - for (i = 0; i < sk_X509_INFO_num(allcerts); i++) { - X509_INFO *xi = sk_X509_INFO_value(allcerts, i); - - if (xi->x509 != NULL) { - if (!X509_add_cert(othercerts, xi->x509, X509_ADD_FLAG_DEFAULT)) { - sk_X509_pop_free(othercerts, X509_free); - othercerts = NULL; - goto end; - } - xi->x509 = NULL; - } - } - end: - if (othercerts == NULL) - ERR_raise(ERR_LIB_TS, TS_R_CANNOT_LOAD_CERT); - sk_X509_INFO_pop_free(allcerts, X509_INFO_free); - BIO_free(certs); - return othercerts; -} - -EVP_PKEY *TS_CONF_load_key(const char *file, const char *pass) -{ - BIO *key = NULL; - EVP_PKEY *pkey = NULL; - - if ((key = BIO_new_file(file, "r")) == NULL) - goto end; - pkey = PEM_read_bio_PrivateKey(key, NULL, NULL, (char *)pass); - end: - if (pkey == NULL) - ERR_raise(ERR_LIB_TS, TS_R_CANNOT_LOAD_KEY); - BIO_free(key); - return pkey; -} - -/* Function definitions for handling configuration options. */ - -static void ts_CONF_lookup_fail(const char *name, const char *tag) -{ - ERR_raise_data(ERR_LIB_TS, TS_R_VAR_LOOKUP_FAILURE, "%s::%s", name, tag); -} - -static void ts_CONF_invalid(const char *name, const char *tag) -{ - ERR_raise_data(ERR_LIB_TS, TS_R_VAR_BAD_VALUE, "%s::%s", name, tag); -} - -const char *TS_CONF_get_tsa_section(CONF *conf, const char *section) -{ - if (!section) { - section = NCONF_get_string(conf, BASE_SECTION, ENV_DEFAULT_TSA); - if (!section) - ts_CONF_lookup_fail(BASE_SECTION, ENV_DEFAULT_TSA); - } - return section; -} - -int TS_CONF_set_serial(CONF *conf, const char *section, TS_serial_cb cb, - TS_RESP_CTX *ctx) -{ - int ret = 0; - char *serial = NCONF_get_string(conf, section, ENV_SERIAL); - if (!serial) { - ts_CONF_lookup_fail(section, ENV_SERIAL); - goto err; - } - TS_RESP_CTX_set_serial_cb(ctx, cb, serial); - - ret = 1; - err: - return ret; -} - -#ifndef OPENSSL_NO_ENGINE - -int TS_CONF_set_crypto_device(CONF *conf, const char *section, - const char *device) -{ - int ret = 0; - - if (device == NULL) - device = NCONF_get_string(conf, section, ENV_CRYPTO_DEVICE); - - if (device && !TS_CONF_set_default_engine(device)) { - ts_CONF_invalid(section, ENV_CRYPTO_DEVICE); - goto err; - } - ret = 1; - err: - return ret; -} - -int TS_CONF_set_default_engine(const char *name) -{ - ENGINE *e = NULL; - int ret = 0; - - if (strcmp(name, "builtin") == 0) - return 1; - - if ((e = ENGINE_by_id(name)) == NULL) - goto err; - if (strcmp(name, "chil") == 0) - ENGINE_ctrl(e, ENGINE_CTRL_CHIL_SET_FORKCHECK, 1, 0, 0); - if (!ENGINE_set_default(e, ENGINE_METHOD_ALL)) - goto err; - ret = 1; - - err: - if (!ret) - ERR_raise_data(ERR_LIB_TS, TS_R_COULD_NOT_SET_ENGINE, - "engine:%s", name); - ENGINE_free(e); - return ret; -} - -#endif - -int TS_CONF_set_signer_cert(CONF *conf, const char *section, - const char *cert, TS_RESP_CTX *ctx) -{ - int ret = 0; - X509 *cert_obj = NULL; - - if (cert == NULL) { - cert = NCONF_get_string(conf, section, ENV_SIGNER_CERT); - if (cert == NULL) { - ts_CONF_lookup_fail(section, ENV_SIGNER_CERT); - goto err; - } - } - if ((cert_obj = TS_CONF_load_cert(cert)) == NULL) - goto err; - if (!TS_RESP_CTX_set_signer_cert(ctx, cert_obj)) - goto err; - - ret = 1; - err: - X509_free(cert_obj); - return ret; -} - -int TS_CONF_set_certs(CONF *conf, const char *section, const char *certs, - TS_RESP_CTX *ctx) -{ - int ret = 0; - STACK_OF(X509) *certs_obj = NULL; - - if (certs == NULL) { - /* Certificate chain is optional. */ - if ((certs = NCONF_get_string(conf, section, ENV_CERTS)) == NULL) - goto end; - } - if ((certs_obj = TS_CONF_load_certs(certs)) == NULL) - goto err; - if (!TS_RESP_CTX_set_certs(ctx, certs_obj)) - goto err; - end: - ret = 1; - err: - sk_X509_pop_free(certs_obj, X509_free); - return ret; -} - -int TS_CONF_set_signer_key(CONF *conf, const char *section, - const char *key, const char *pass, - TS_RESP_CTX *ctx) -{ - int ret = 0; - EVP_PKEY *key_obj = NULL; - if (!key) - key = NCONF_get_string(conf, section, ENV_SIGNER_KEY); - if (!key) { - ts_CONF_lookup_fail(section, ENV_SIGNER_KEY); - goto err; - } - if ((key_obj = TS_CONF_load_key(key, pass)) == NULL) - goto err; - if (!TS_RESP_CTX_set_signer_key(ctx, key_obj)) - goto err; - - ret = 1; - err: - EVP_PKEY_free(key_obj); - return ret; -} - -int TS_CONF_set_signer_digest(CONF *conf, const char *section, - const char *md, TS_RESP_CTX *ctx) -{ - int ret = 0; - const EVP_MD *sign_md = NULL; - if (md == NULL) - md = NCONF_get_string(conf, section, ENV_SIGNER_DIGEST); - if (md == NULL) { - ts_CONF_lookup_fail(section, ENV_SIGNER_DIGEST); - goto err; - } - sign_md = EVP_get_digestbyname(md); - if (sign_md == NULL) { - ts_CONF_invalid(section, ENV_SIGNER_DIGEST); - goto err; - } - if (!TS_RESP_CTX_set_signer_digest(ctx, sign_md)) - goto err; - - ret = 1; - err: - return ret; -} - -int TS_CONF_set_def_policy(CONF *conf, const char *section, - const char *policy, TS_RESP_CTX *ctx) -{ - int ret = 0; - ASN1_OBJECT *policy_obj = NULL; - - if (policy == NULL) - policy = NCONF_get_string(conf, section, ENV_DEFAULT_POLICY); - if (policy == NULL) { - ts_CONF_lookup_fail(section, ENV_DEFAULT_POLICY); - goto err; - } - if ((policy_obj = OBJ_txt2obj(policy, 0)) == NULL) { - ts_CONF_invalid(section, ENV_DEFAULT_POLICY); - goto err; - } - if (!TS_RESP_CTX_set_def_policy(ctx, policy_obj)) - goto err; - - ret = 1; - err: - ASN1_OBJECT_free(policy_obj); - return ret; -} - -int TS_CONF_set_policies(CONF *conf, const char *section, TS_RESP_CTX *ctx) -{ - int ret = 0; - int i; - STACK_OF(CONF_VALUE) *list = NULL; - char *policies = NCONF_get_string(conf, section, ENV_OTHER_POLICIES); - - /* If no other policy is specified, that's fine. */ - if (policies && (list = X509V3_parse_list(policies)) == NULL) { - ts_CONF_invalid(section, ENV_OTHER_POLICIES); - goto err; - } - for (i = 0; i < sk_CONF_VALUE_num(list); ++i) { - CONF_VALUE *val = sk_CONF_VALUE_value(list, i); - const char *extval = val->value ? val->value : val->name; - ASN1_OBJECT *objtmp; - - if ((objtmp = OBJ_txt2obj(extval, 0)) == NULL) { - ts_CONF_invalid(section, ENV_OTHER_POLICIES); - goto err; - } - if (!TS_RESP_CTX_add_policy(ctx, objtmp)) - goto err; - ASN1_OBJECT_free(objtmp); - } - - ret = 1; - err: - sk_CONF_VALUE_pop_free(list, X509V3_conf_free); - return ret; -} - -int TS_CONF_set_digests(CONF *conf, const char *section, TS_RESP_CTX *ctx) -{ - int ret = 0; - int i; - STACK_OF(CONF_VALUE) *list = NULL; - char *digests = NCONF_get_string(conf, section, ENV_DIGESTS); - - if (digests == NULL) { - ts_CONF_lookup_fail(section, ENV_DIGESTS); - goto err; - } - if ((list = X509V3_parse_list(digests)) == NULL) { - ts_CONF_invalid(section, ENV_DIGESTS); - goto err; - } - if (sk_CONF_VALUE_num(list) == 0) { - ts_CONF_invalid(section, ENV_DIGESTS); - goto err; - } - for (i = 0; i < sk_CONF_VALUE_num(list); ++i) { - CONF_VALUE *val = sk_CONF_VALUE_value(list, i); - const char *extval = val->value ? val->value : val->name; - const EVP_MD *md; - - if ((md = EVP_get_digestbyname(extval)) == NULL) { - ts_CONF_invalid(section, ENV_DIGESTS); - goto err; - } - if (!TS_RESP_CTX_add_md(ctx, md)) - goto err; - } - - ret = 1; - err: - sk_CONF_VALUE_pop_free(list, X509V3_conf_free); - return ret; -} - -int TS_CONF_set_accuracy(CONF *conf, const char *section, TS_RESP_CTX *ctx) -{ - int ret = 0; - int i; - int secs = 0, millis = 0, micros = 0; - STACK_OF(CONF_VALUE) *list = NULL; - char *accuracy = NCONF_get_string(conf, section, ENV_ACCURACY); - - if (accuracy && (list = X509V3_parse_list(accuracy)) == NULL) { - ts_CONF_invalid(section, ENV_ACCURACY); - goto err; - } - for (i = 0; i < sk_CONF_VALUE_num(list); ++i) { - CONF_VALUE *val = sk_CONF_VALUE_value(list, i); - if (strcmp(val->name, ENV_VALUE_SECS) == 0) { - if (val->value) - secs = atoi(val->value); - } else if (strcmp(val->name, ENV_VALUE_MILLISECS) == 0) { - if (val->value) - millis = atoi(val->value); - } else if (strcmp(val->name, ENV_VALUE_MICROSECS) == 0) { - if (val->value) - micros = atoi(val->value); - } else { - ts_CONF_invalid(section, ENV_ACCURACY); - goto err; - } - } - if (!TS_RESP_CTX_set_accuracy(ctx, secs, millis, micros)) - goto err; - - ret = 1; - err: - sk_CONF_VALUE_pop_free(list, X509V3_conf_free); - return ret; -} - -int TS_CONF_set_clock_precision_digits(const CONF *conf, const char *section, - TS_RESP_CTX *ctx) -{ - int ret = 0; - long digits = 0; - - /* - * If not specified, set the default value to 0, i.e. sec precision - */ - digits = _CONF_get_number(conf, section, ENV_CLOCK_PRECISION_DIGITS); - if (digits < 0 || digits > TS_MAX_CLOCK_PRECISION_DIGITS) { - ts_CONF_invalid(section, ENV_CLOCK_PRECISION_DIGITS); - goto err; - } - - if (!TS_RESP_CTX_set_clock_precision_digits(ctx, digits)) - goto err; - - return 1; - err: - return ret; -} - -static int ts_CONF_add_flag(CONF *conf, const char *section, - const char *field, int flag, TS_RESP_CTX *ctx) -{ - const char *value = NCONF_get_string(conf, section, field); - - if (value) { - if (strcmp(value, ENV_VALUE_YES) == 0) - TS_RESP_CTX_add_flags(ctx, flag); - else if (strcmp(value, ENV_VALUE_NO) != 0) { - ts_CONF_invalid(section, field); - return 0; - } - } - - return 1; -} - -int TS_CONF_set_ordering(CONF *conf, const char *section, TS_RESP_CTX *ctx) -{ - return ts_CONF_add_flag(conf, section, ENV_ORDERING, TS_ORDERING, ctx); -} - -int TS_CONF_set_tsa_name(CONF *conf, const char *section, TS_RESP_CTX *ctx) -{ - return ts_CONF_add_flag(conf, section, ENV_TSA_NAME, TS_TSA_NAME, ctx); -} - -int TS_CONF_set_ess_cert_id_chain(CONF *conf, const char *section, - TS_RESP_CTX *ctx) -{ - return ts_CONF_add_flag(conf, section, ENV_ESS_CERT_ID_CHAIN, - TS_ESS_CERT_ID_CHAIN, ctx); -} - -int TS_CONF_set_ess_cert_id_digest(CONF *conf, const char *section, - TS_RESP_CTX *ctx) -{ - int ret = 0; - const EVP_MD *cert_md = NULL; - const char *md = NCONF_get_string(conf, section, ENV_ESS_CERT_ID_ALG); - - if (md == NULL) - md = "sha1"; - - cert_md = EVP_get_digestbyname(md); - if (cert_md == NULL) { - ts_CONF_invalid(section, ENV_ESS_CERT_ID_ALG); - goto err; - } - - if (!TS_RESP_CTX_set_ess_cert_id_digest(ctx, cert_md)) - goto err; - - ret = 1; -err: - return ret; -} diff --git a/crypto/ts/ts_err.c b/crypto/ts/ts_err.c deleted file mode 100644 index 46e89beee8a2462a8293fe9175b6a376f59365ae..0000000000000000000000000000000000000000 --- a/crypto/ts/ts_err.c +++ /dev/null @@ -1,91 +0,0 @@ -/* - * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include "crypto/tserr.h" - -#ifndef OPENSSL_NO_TS - -# ifndef OPENSSL_NO_ERR - -static const ERR_STRING_DATA TS_str_reasons[] = { - {ERR_PACK(ERR_LIB_TS, 0, TS_R_BAD_PKCS7_TYPE), "bad pkcs7 type"}, - {ERR_PACK(ERR_LIB_TS, 0, TS_R_BAD_TYPE), "bad type"}, - {ERR_PACK(ERR_LIB_TS, 0, TS_R_CANNOT_LOAD_CERT), "cannot load certificate"}, - {ERR_PACK(ERR_LIB_TS, 0, TS_R_CANNOT_LOAD_KEY), "cannot load private key"}, - {ERR_PACK(ERR_LIB_TS, 0, TS_R_CERTIFICATE_VERIFY_ERROR), - "certificate verify error"}, - {ERR_PACK(ERR_LIB_TS, 0, TS_R_COULD_NOT_SET_ENGINE), - "could not set engine"}, - {ERR_PACK(ERR_LIB_TS, 0, TS_R_COULD_NOT_SET_TIME), "could not set time"}, - {ERR_PACK(ERR_LIB_TS, 0, TS_R_DETACHED_CONTENT), "detached content"}, - {ERR_PACK(ERR_LIB_TS, 0, TS_R_ESS_ADD_SIGNING_CERT_ERROR), - "ess add signing cert error"}, - {ERR_PACK(ERR_LIB_TS, 0, TS_R_ESS_ADD_SIGNING_CERT_V2_ERROR), - "ess add signing cert v2 error"}, - {ERR_PACK(ERR_LIB_TS, 0, TS_R_ESS_SIGNING_CERTIFICATE_ERROR), - "ess signing certificate error"}, - {ERR_PACK(ERR_LIB_TS, 0, TS_R_INVALID_NULL_POINTER), - "invalid null pointer"}, - {ERR_PACK(ERR_LIB_TS, 0, TS_R_INVALID_SIGNER_CERTIFICATE_PURPOSE), - "invalid signer certificate purpose"}, - {ERR_PACK(ERR_LIB_TS, 0, TS_R_MESSAGE_IMPRINT_MISMATCH), - "message imprint mismatch"}, - {ERR_PACK(ERR_LIB_TS, 0, TS_R_NONCE_MISMATCH), "nonce mismatch"}, - {ERR_PACK(ERR_LIB_TS, 0, TS_R_NONCE_NOT_RETURNED), "nonce not returned"}, - {ERR_PACK(ERR_LIB_TS, 0, TS_R_NO_CONTENT), "no content"}, - {ERR_PACK(ERR_LIB_TS, 0, TS_R_NO_TIME_STAMP_TOKEN), "no time stamp token"}, - {ERR_PACK(ERR_LIB_TS, 0, TS_R_PKCS7_ADD_SIGNATURE_ERROR), - "pkcs7 add signature error"}, - {ERR_PACK(ERR_LIB_TS, 0, TS_R_PKCS7_ADD_SIGNED_ATTR_ERROR), - "pkcs7 add signed attr error"}, - {ERR_PACK(ERR_LIB_TS, 0, TS_R_PKCS7_TO_TS_TST_INFO_FAILED), - "pkcs7 to ts tst info failed"}, - {ERR_PACK(ERR_LIB_TS, 0, TS_R_POLICY_MISMATCH), "policy mismatch"}, - {ERR_PACK(ERR_LIB_TS, 0, TS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE), - "private key does not match certificate"}, - {ERR_PACK(ERR_LIB_TS, 0, TS_R_RESPONSE_SETUP_ERROR), - "response setup error"}, - {ERR_PACK(ERR_LIB_TS, 0, TS_R_SIGNATURE_FAILURE), "signature failure"}, - {ERR_PACK(ERR_LIB_TS, 0, TS_R_THERE_MUST_BE_ONE_SIGNER), - "there must be one signer"}, - {ERR_PACK(ERR_LIB_TS, 0, TS_R_TIME_SYSCALL_ERROR), "time syscall error"}, - {ERR_PACK(ERR_LIB_TS, 0, TS_R_TOKEN_NOT_PRESENT), "token not present"}, - {ERR_PACK(ERR_LIB_TS, 0, TS_R_TOKEN_PRESENT), "token present"}, - {ERR_PACK(ERR_LIB_TS, 0, TS_R_TSA_NAME_MISMATCH), "tsa name mismatch"}, - {ERR_PACK(ERR_LIB_TS, 0, TS_R_TSA_UNTRUSTED), "tsa untrusted"}, - {ERR_PACK(ERR_LIB_TS, 0, TS_R_TST_INFO_SETUP_ERROR), - "tst info setup error"}, - {ERR_PACK(ERR_LIB_TS, 0, TS_R_TS_DATASIGN), "ts datasign"}, - {ERR_PACK(ERR_LIB_TS, 0, TS_R_UNACCEPTABLE_POLICY), "unacceptable policy"}, - {ERR_PACK(ERR_LIB_TS, 0, TS_R_UNSUPPORTED_MD_ALGORITHM), - "unsupported md algorithm"}, - {ERR_PACK(ERR_LIB_TS, 0, TS_R_UNSUPPORTED_VERSION), "unsupported version"}, - {ERR_PACK(ERR_LIB_TS, 0, TS_R_VAR_BAD_VALUE), "var bad value"}, - {ERR_PACK(ERR_LIB_TS, 0, TS_R_VAR_LOOKUP_FAILURE), - "cannot find config variable"}, - {ERR_PACK(ERR_LIB_TS, 0, TS_R_WRONG_CONTENT_TYPE), "wrong content type"}, - {0, NULL} -}; - -# endif - -int ossl_err_load_TS_strings(void) -{ -# ifndef OPENSSL_NO_ERR - if (ERR_reason_error_string(TS_str_reasons[0].error) == NULL) - ERR_load_strings_const(TS_str_reasons); -# endif - return 1; -} -#else -NON_EMPTY_TRANSLATION_UNIT -#endif diff --git a/crypto/ts/ts_lib.c b/crypto/ts/ts_lib.c deleted file mode 100644 index 5a99c9df17594e987298f73dbf9b7c85bee3fc76..0000000000000000000000000000000000000000 --- a/crypto/ts/ts_lib.c +++ /dev/null @@ -1,92 +0,0 @@ -/* - * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/cryptlib.h" -#include -#include -#include -#include -#include -#include "ts_local.h" - -int TS_ASN1_INTEGER_print_bio(BIO *bio, const ASN1_INTEGER *num) -{ - BIGNUM *num_bn; - int result = 0; - char *hex; - - num_bn = ASN1_INTEGER_to_BN(num, NULL); - if (num_bn == NULL) - return -1; - if ((hex = BN_bn2hex(num_bn))) { - result = BIO_write(bio, "0x", 2) > 0; - result = result && BIO_write(bio, hex, strlen(hex)) > 0; - OPENSSL_free(hex); - } - BN_free(num_bn); - - return result; -} - -int TS_OBJ_print_bio(BIO *bio, const ASN1_OBJECT *obj) -{ - char obj_txt[128]; - - OBJ_obj2txt(obj_txt, sizeof(obj_txt), obj, 0); - BIO_printf(bio, "%s\n", obj_txt); - - return 1; -} - -int TS_ext_print_bio(BIO *bio, const STACK_OF(X509_EXTENSION) *extensions) -{ - int i, critical, n; - X509_EXTENSION *ex; - ASN1_OBJECT *obj; - - BIO_printf(bio, "Extensions:\n"); - n = X509v3_get_ext_count(extensions); - for (i = 0; i < n; i++) { - ex = X509v3_get_ext(extensions, i); - obj = X509_EXTENSION_get_object(ex); - if (i2a_ASN1_OBJECT(bio, obj) < 0) - return 0; - critical = X509_EXTENSION_get_critical(ex); - BIO_printf(bio, ":%s\n", critical ? " critical" : ""); - if (!X509V3_EXT_print(bio, ex, 0, 4)) { - BIO_printf(bio, "%4s", ""); - ASN1_STRING_print(bio, X509_EXTENSION_get_data(ex)); - } - BIO_write(bio, "\n", 1); - } - - return 1; -} - -int TS_X509_ALGOR_print_bio(BIO *bio, const X509_ALGOR *alg) -{ - int i = OBJ_obj2nid(alg->algorithm); - return BIO_printf(bio, "Hash Algorithm: %s\n", - (i == NID_undef) ? "UNKNOWN" : OBJ_nid2ln(i)); -} - -int TS_MSG_IMPRINT_print_bio(BIO *bio, TS_MSG_IMPRINT *a) -{ - ASN1_OCTET_STRING *msg; - - TS_X509_ALGOR_print_bio(bio, a->hash_algo); - - BIO_printf(bio, "Message data:\n"); - msg = a->hashed_msg; - BIO_dump_indent(bio, (const char *)ASN1_STRING_get0_data(msg), - ASN1_STRING_length(msg), 4); - - return 1; -} diff --git a/crypto/ts/ts_local.h b/crypto/ts/ts_local.h deleted file mode 100644 index 4dcb7af960b2d349cc9224d7790a1a60bc98df3d..0000000000000000000000000000000000000000 --- a/crypto/ts/ts_local.h +++ /dev/null @@ -1,152 +0,0 @@ -/* - * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/*- - * MessageImprint ::= SEQUENCE { - * hashAlgorithm AlgorithmIdentifier, - * hashedMessage OCTET STRING } - */ -struct TS_msg_imprint_st { - X509_ALGOR *hash_algo; - ASN1_OCTET_STRING *hashed_msg; -}; - -/*- - * TimeStampResp ::= SEQUENCE { - * status PKIStatusInfo, - * timeStampToken TimeStampToken OPTIONAL } - */ -struct TS_resp_st { - TS_STATUS_INFO *status_info; - PKCS7 *token; - TS_TST_INFO *tst_info; -}; - -/*- - * TimeStampReq ::= SEQUENCE { - * version INTEGER { v1(1) }, - * messageImprint MessageImprint, - * --a hash algorithm OID and the hash value of the data to be - * --time-stamped - * reqPolicy TSAPolicyId OPTIONAL, - * nonce INTEGER OPTIONAL, - * certReq BOOLEAN DEFAULT FALSE, - * extensions [0] IMPLICIT Extensions OPTIONAL } - */ -struct TS_req_st { - ASN1_INTEGER *version; - TS_MSG_IMPRINT *msg_imprint; - ASN1_OBJECT *policy_id; - ASN1_INTEGER *nonce; - ASN1_BOOLEAN cert_req; - STACK_OF(X509_EXTENSION) *extensions; -}; - -/*- - * Accuracy ::= SEQUENCE { - * seconds INTEGER OPTIONAL, - * millis [0] INTEGER (1..999) OPTIONAL, - * micros [1] INTEGER (1..999) OPTIONAL } - */ -struct TS_accuracy_st { - ASN1_INTEGER *seconds; - ASN1_INTEGER *millis; - ASN1_INTEGER *micros; -}; - -/*- - * TSTInfo ::= SEQUENCE { - * version INTEGER { v1(1) }, - * policy TSAPolicyId, - * messageImprint MessageImprint, - * -- MUST have the same value as the similar field in - * -- TimeStampReq - * serialNumber INTEGER, - * -- Time-Stamping users MUST be ready to accommodate integers - * -- up to 160 bits. - * genTime GeneralizedTime, - * accuracy Accuracy OPTIONAL, - * ordering BOOLEAN DEFAULT FALSE, - * nonce INTEGER OPTIONAL, - * -- MUST be present if the similar field was present - * -- in TimeStampReq. In that case it MUST have the same value. - * tsa [0] GeneralName OPTIONAL, - * extensions [1] IMPLICIT Extensions OPTIONAL } - */ -struct TS_tst_info_st { - ASN1_INTEGER *version; - ASN1_OBJECT *policy_id; - TS_MSG_IMPRINT *msg_imprint; - ASN1_INTEGER *serial; - ASN1_GENERALIZEDTIME *time; - TS_ACCURACY *accuracy; - ASN1_BOOLEAN ordering; - ASN1_INTEGER *nonce; - GENERAL_NAME *tsa; - STACK_OF(X509_EXTENSION) *extensions; -}; - -struct TS_status_info_st { - ASN1_INTEGER *status; - STACK_OF(ASN1_UTF8STRING) *text; - ASN1_BIT_STRING *failure_info; -}; - -struct TS_resp_ctx { - X509 *signer_cert; - EVP_PKEY *signer_key; - const EVP_MD *signer_md; - const EVP_MD *ess_cert_id_digest; - STACK_OF(X509) *certs; /* Certs to include in signed data. */ - STACK_OF(ASN1_OBJECT) *policies; /* Acceptable policies. */ - ASN1_OBJECT *default_policy; /* It may appear in policies, too. */ - STACK_OF(EVP_MD) *mds; /* Acceptable message digests. */ - ASN1_INTEGER *seconds; /* accuracy, 0 means not specified. */ - ASN1_INTEGER *millis; /* accuracy, 0 means not specified. */ - ASN1_INTEGER *micros; /* accuracy, 0 means not specified. */ - unsigned clock_precision_digits; /* fraction of seconds in time stamp - * token. */ - unsigned flags; /* Optional info, see values above. */ - /* Callback functions. */ - TS_serial_cb serial_cb; - void *serial_cb_data; /* User data for serial_cb. */ - TS_time_cb time_cb; - void *time_cb_data; /* User data for time_cb. */ - TS_extension_cb extension_cb; - void *extension_cb_data; /* User data for extension_cb. */ - /* These members are used only while creating the response. */ - TS_REQ *request; - TS_RESP *response; - TS_TST_INFO *tst_info; - OSSL_LIB_CTX *libctx; - char *propq; -}; - -struct TS_verify_ctx { - /* Set this to the union of TS_VFY_... flags you want to carry out. */ - unsigned flags; - /* Must be set only with TS_VFY_SIGNATURE. certs is optional. */ - X509_STORE *store; - STACK_OF(X509) *certs; - /* Must be set only with TS_VFY_POLICY. */ - ASN1_OBJECT *policy; - /* - * Must be set only with TS_VFY_IMPRINT. If md_alg is NULL, the - * algorithm from the response is used. - */ - X509_ALGOR *md_alg; - unsigned char *imprint; - unsigned imprint_len; - /* Must be set only with TS_VFY_DATA. */ - BIO *data; - /* Must be set only with TS_VFY_TSA_NAME. */ - ASN1_INTEGER *nonce; - /* Must be set only with TS_VFY_TSA_NAME. */ - GENERAL_NAME *tsa_name; -}; diff --git a/crypto/ts/ts_req_print.c b/crypto/ts/ts_req_print.c deleted file mode 100644 index 968816ae285837aa8821b4674345f92d821ad0e2..0000000000000000000000000000000000000000 --- a/crypto/ts/ts_req_print.c +++ /dev/null @@ -1,51 +0,0 @@ -/* - * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/cryptlib.h" -#include -#include -#include -#include -#include "ts_local.h" - -int TS_REQ_print_bio(BIO *bio, TS_REQ *a) -{ - int v; - ASN1_OBJECT *policy_id; - - if (a == NULL) - return 0; - - v = TS_REQ_get_version(a); - BIO_printf(bio, "Version: %d\n", v); - - TS_MSG_IMPRINT_print_bio(bio, a->msg_imprint); - - BIO_printf(bio, "Policy OID: "); - policy_id = TS_REQ_get_policy_id(a); - if (policy_id == NULL) - BIO_printf(bio, "unspecified\n"); - else - TS_OBJ_print_bio(bio, policy_id); - - BIO_printf(bio, "Nonce: "); - if (a->nonce == NULL) - BIO_printf(bio, "unspecified"); - else - TS_ASN1_INTEGER_print_bio(bio, a->nonce); - BIO_write(bio, "\n", 1); - - BIO_printf(bio, "Certificate required: %s\n", - a->cert_req ? "yes" : "no"); - - TS_ext_print_bio(bio, a->extensions); - - return 1; -} diff --git a/crypto/ts/ts_req_utils.c b/crypto/ts/ts_req_utils.c deleted file mode 100644 index b560fc7b38a9261a4c701996e67a060b47d8a88e..0000000000000000000000000000000000000000 --- a/crypto/ts/ts_req_utils.c +++ /dev/null @@ -1,183 +0,0 @@ -/* - * Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/cryptlib.h" -#include -#include -#include -#include "ts_local.h" - -int TS_REQ_set_version(TS_REQ *a, long version) -{ - return ASN1_INTEGER_set(a->version, version); -} - -long TS_REQ_get_version(const TS_REQ *a) -{ - return ASN1_INTEGER_get(a->version); -} - -int TS_REQ_set_msg_imprint(TS_REQ *a, TS_MSG_IMPRINT *msg_imprint) -{ - TS_MSG_IMPRINT *new_msg_imprint; - - if (a->msg_imprint == msg_imprint) - return 1; - new_msg_imprint = TS_MSG_IMPRINT_dup(msg_imprint); - if (new_msg_imprint == NULL) { - ERR_raise(ERR_LIB_TS, ERR_R_MALLOC_FAILURE); - return 0; - } - TS_MSG_IMPRINT_free(a->msg_imprint); - a->msg_imprint = new_msg_imprint; - return 1; -} - -TS_MSG_IMPRINT *TS_REQ_get_msg_imprint(TS_REQ *a) -{ - return a->msg_imprint; -} - -int TS_MSG_IMPRINT_set_algo(TS_MSG_IMPRINT *a, X509_ALGOR *alg) -{ - X509_ALGOR *new_alg; - - if (a->hash_algo == alg) - return 1; - new_alg = X509_ALGOR_dup(alg); - if (new_alg == NULL) { - ERR_raise(ERR_LIB_TS, ERR_R_MALLOC_FAILURE); - return 0; - } - X509_ALGOR_free(a->hash_algo); - a->hash_algo = new_alg; - return 1; -} - -X509_ALGOR *TS_MSG_IMPRINT_get_algo(TS_MSG_IMPRINT *a) -{ - return a->hash_algo; -} - -int TS_MSG_IMPRINT_set_msg(TS_MSG_IMPRINT *a, unsigned char *d, int len) -{ - return ASN1_OCTET_STRING_set(a->hashed_msg, d, len); -} - -ASN1_OCTET_STRING *TS_MSG_IMPRINT_get_msg(TS_MSG_IMPRINT *a) -{ - return a->hashed_msg; -} - -int TS_REQ_set_policy_id(TS_REQ *a, const ASN1_OBJECT *policy) -{ - ASN1_OBJECT *new_policy; - - if (a->policy_id == policy) - return 1; - new_policy = OBJ_dup(policy); - if (new_policy == NULL) { - ERR_raise(ERR_LIB_TS, ERR_R_MALLOC_FAILURE); - return 0; - } - ASN1_OBJECT_free(a->policy_id); - a->policy_id = new_policy; - return 1; -} - -ASN1_OBJECT *TS_REQ_get_policy_id(TS_REQ *a) -{ - return a->policy_id; -} - -int TS_REQ_set_nonce(TS_REQ *a, const ASN1_INTEGER *nonce) -{ - ASN1_INTEGER *new_nonce; - - if (a->nonce == nonce) - return 1; - new_nonce = ASN1_INTEGER_dup(nonce); - if (new_nonce == NULL) { - ERR_raise(ERR_LIB_TS, ERR_R_MALLOC_FAILURE); - return 0; - } - ASN1_INTEGER_free(a->nonce); - a->nonce = new_nonce; - return 1; -} - -const ASN1_INTEGER *TS_REQ_get_nonce(const TS_REQ *a) -{ - return a->nonce; -} - -int TS_REQ_set_cert_req(TS_REQ *a, int cert_req) -{ - a->cert_req = cert_req ? 0xFF : 0x00; - return 1; -} - -int TS_REQ_get_cert_req(const TS_REQ *a) -{ - return a->cert_req ? 1 : 0; -} - -STACK_OF(X509_EXTENSION) *TS_REQ_get_exts(TS_REQ *a) -{ - return a->extensions; -} - -void TS_REQ_ext_free(TS_REQ *a) -{ - if (!a) - return; - sk_X509_EXTENSION_pop_free(a->extensions, X509_EXTENSION_free); - a->extensions = NULL; -} - -int TS_REQ_get_ext_count(TS_REQ *a) -{ - return X509v3_get_ext_count(a->extensions); -} - -int TS_REQ_get_ext_by_NID(TS_REQ *a, int nid, int lastpos) -{ - return X509v3_get_ext_by_NID(a->extensions, nid, lastpos); -} - -int TS_REQ_get_ext_by_OBJ(TS_REQ *a, const ASN1_OBJECT *obj, int lastpos) -{ - return X509v3_get_ext_by_OBJ(a->extensions, obj, lastpos); -} - -int TS_REQ_get_ext_by_critical(TS_REQ *a, int crit, int lastpos) -{ - return X509v3_get_ext_by_critical(a->extensions, crit, lastpos); -} - -X509_EXTENSION *TS_REQ_get_ext(TS_REQ *a, int loc) -{ - return X509v3_get_ext(a->extensions, loc); -} - -X509_EXTENSION *TS_REQ_delete_ext(TS_REQ *a, int loc) -{ - return X509v3_delete_ext(a->extensions, loc); -} - -int TS_REQ_add_ext(TS_REQ *a, X509_EXTENSION *ex, int loc) -{ - return X509v3_add_ext(&a->extensions, ex, loc) != NULL; -} - -void *TS_REQ_get_ext_d2i(TS_REQ *a, int nid, int *crit, int *idx) -{ - return X509V3_get_d2i(a->extensions, nid, crit, idx); -} diff --git a/crypto/ts/ts_rsp_print.c b/crypto/ts/ts_rsp_print.c deleted file mode 100644 index ca2d8a6dc1541dc78320e1e61600d267d1439f35..0000000000000000000000000000000000000000 --- a/crypto/ts/ts_rsp_print.c +++ /dev/null @@ -1,195 +0,0 @@ -/* - * Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/cryptlib.h" -#include -#include -#include -#include -#include "ts_local.h" - -struct status_map_st { - int bit; - const char *text; -}; - -static int ts_status_map_print(BIO *bio, const struct status_map_st *a, - const ASN1_BIT_STRING *v); -static int ts_ACCURACY_print_bio(BIO *bio, const TS_ACCURACY *accuracy); - - -int TS_RESP_print_bio(BIO *bio, TS_RESP *a) -{ - BIO_printf(bio, "Status info:\n"); - TS_STATUS_INFO_print_bio(bio, a->status_info); - - BIO_printf(bio, "\nTST info:\n"); - if (a->tst_info != NULL) - TS_TST_INFO_print_bio(bio, a->tst_info); - else - BIO_printf(bio, "Not included.\n"); - - return 1; -} - -int TS_STATUS_INFO_print_bio(BIO *bio, TS_STATUS_INFO *a) -{ - static const char *status_map[] = { - "Granted.", - "Granted with modifications.", - "Rejected.", - "Waiting.", - "Revocation warning.", - "Revoked." - }; - static const struct status_map_st failure_map[] = { - {TS_INFO_BAD_ALG, - "unrecognized or unsupported algorithm identifier"}, - {TS_INFO_BAD_REQUEST, - "transaction not permitted or supported"}, - {TS_INFO_BAD_DATA_FORMAT, - "the data submitted has the wrong format"}, - {TS_INFO_TIME_NOT_AVAILABLE, - "the TSA's time source is not available"}, - {TS_INFO_UNACCEPTED_POLICY, - "the requested TSA policy is not supported by the TSA"}, - {TS_INFO_UNACCEPTED_EXTENSION, - "the requested extension is not supported by the TSA"}, - {TS_INFO_ADD_INFO_NOT_AVAILABLE, - "the additional information requested could not be understood " - "or is not available"}, - {TS_INFO_SYSTEM_FAILURE, - "the request cannot be handled due to system failure"}, - {-1, NULL} - }; - long status; - int i, lines = 0; - - BIO_printf(bio, "Status: "); - status = ASN1_INTEGER_get(a->status); - if (0 <= status && status < (long)OSSL_NELEM(status_map)) - BIO_printf(bio, "%s\n", status_map[status]); - else - BIO_printf(bio, "out of bounds\n"); - - BIO_printf(bio, "Status description: "); - for (i = 0; i < sk_ASN1_UTF8STRING_num(a->text); ++i) { - if (i > 0) - BIO_puts(bio, "\t"); - ASN1_STRING_print_ex(bio, sk_ASN1_UTF8STRING_value(a->text, i), 0); - BIO_puts(bio, "\n"); - } - if (i == 0) - BIO_printf(bio, "unspecified\n"); - - BIO_printf(bio, "Failure info: "); - if (a->failure_info != NULL) - lines = ts_status_map_print(bio, failure_map, a->failure_info); - if (lines == 0) - BIO_printf(bio, "unspecified"); - BIO_printf(bio, "\n"); - - return 1; -} - -static int ts_status_map_print(BIO *bio, const struct status_map_st *a, - const ASN1_BIT_STRING *v) -{ - int lines = 0; - - for (; a->bit >= 0; ++a) { - if (ASN1_BIT_STRING_get_bit(v, a->bit)) { - if (++lines > 1) - BIO_printf(bio, ", "); - BIO_printf(bio, "%s", a->text); - } - } - - return lines; -} - -int TS_TST_INFO_print_bio(BIO *bio, TS_TST_INFO *a) -{ - int v; - - if (a == NULL) - return 0; - - v = ASN1_INTEGER_get(a->version); - BIO_printf(bio, "Version: %d\n", v); - - BIO_printf(bio, "Policy OID: "); - TS_OBJ_print_bio(bio, a->policy_id); - - TS_MSG_IMPRINT_print_bio(bio, a->msg_imprint); - - BIO_printf(bio, "Serial number: "); - if (a->serial == NULL) - BIO_printf(bio, "unspecified"); - else - TS_ASN1_INTEGER_print_bio(bio, a->serial); - BIO_write(bio, "\n", 1); - - BIO_printf(bio, "Time stamp: "); - ASN1_GENERALIZEDTIME_print(bio, a->time); - BIO_write(bio, "\n", 1); - - BIO_printf(bio, "Accuracy: "); - if (a->accuracy == NULL) - BIO_printf(bio, "unspecified"); - else - ts_ACCURACY_print_bio(bio, a->accuracy); - BIO_write(bio, "\n", 1); - - BIO_printf(bio, "Ordering: %s\n", a->ordering ? "yes" : "no"); - - BIO_printf(bio, "Nonce: "); - if (a->nonce == NULL) - BIO_printf(bio, "unspecified"); - else - TS_ASN1_INTEGER_print_bio(bio, a->nonce); - BIO_write(bio, "\n", 1); - - BIO_printf(bio, "TSA: "); - if (a->tsa == NULL) - BIO_printf(bio, "unspecified"); - else { - STACK_OF(CONF_VALUE) *nval; - if ((nval = i2v_GENERAL_NAME(NULL, a->tsa, NULL))) - X509V3_EXT_val_prn(bio, nval, 0, 0); - sk_CONF_VALUE_pop_free(nval, X509V3_conf_free); - } - BIO_write(bio, "\n", 1); - - TS_ext_print_bio(bio, a->extensions); - - return 1; -} - -static int ts_ACCURACY_print_bio(BIO *bio, const TS_ACCURACY *a) -{ - if (a->seconds != NULL) - TS_ASN1_INTEGER_print_bio(bio, a->seconds); - else - BIO_printf(bio, "unspecified"); - BIO_printf(bio, " seconds, "); - if (a->millis != NULL) - TS_ASN1_INTEGER_print_bio(bio, a->millis); - else - BIO_printf(bio, "unspecified"); - BIO_printf(bio, " millis, "); - if (a->micros != NULL) - TS_ASN1_INTEGER_print_bio(bio, a->micros); - else - BIO_printf(bio, "unspecified"); - BIO_printf(bio, " micros"); - - return 1; -} diff --git a/crypto/ts/ts_rsp_sign.c b/crypto/ts/ts_rsp_sign.c deleted file mode 100644 index 8937bb2d6671e6f0d4b83b6d209e7d86613dc8cc..0000000000000000000000000000000000000000 --- a/crypto/ts/ts_rsp_sign.c +++ /dev/null @@ -1,889 +0,0 @@ -/* - * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include "e_os.h" - -#include -#include -#include -#include -#include "internal/cryptlib.h" -#include "internal/sizes.h" -#include "crypto/ess.h" -#include "ts_local.h" - -DEFINE_STACK_OF_CONST(EVP_MD) - -static ASN1_INTEGER *def_serial_cb(struct TS_resp_ctx *, void *); -static int def_time_cb(struct TS_resp_ctx *, void *, long *sec, long *usec); -static int def_extension_cb(struct TS_resp_ctx *, X509_EXTENSION *, void *); - -static void ts_RESP_CTX_init(TS_RESP_CTX *ctx); -static void ts_RESP_CTX_cleanup(TS_RESP_CTX *ctx); -static int ts_RESP_check_request(TS_RESP_CTX *ctx); -static ASN1_OBJECT *ts_RESP_get_policy(TS_RESP_CTX *ctx); -static TS_TST_INFO *ts_RESP_create_tst_info(TS_RESP_CTX *ctx, - ASN1_OBJECT *policy); -static int ts_RESP_process_extensions(TS_RESP_CTX *ctx); -static int ts_RESP_sign(TS_RESP_CTX *ctx); - -static int ts_TST_INFO_content_new(PKCS7 *p7); - -static ASN1_GENERALIZEDTIME -*TS_RESP_set_genTime_with_precision(ASN1_GENERALIZEDTIME *, long, long, - unsigned); - -/* Default callback for response generation. */ -static ASN1_INTEGER *def_serial_cb(struct TS_resp_ctx *ctx, void *data) -{ - ASN1_INTEGER *serial = ASN1_INTEGER_new(); - - if (serial == NULL) - goto err; - if (!ASN1_INTEGER_set(serial, 1)) - goto err; - return serial; - - err: - ERR_raise(ERR_LIB_TS, ERR_R_MALLOC_FAILURE); - TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION, - "Error during serial number generation."); - ASN1_INTEGER_free(serial); - return NULL; -} - -#if defined(OPENSSL_SYS_UNIX) - -static int def_time_cb(struct TS_resp_ctx *ctx, void *data, - long *sec, long *usec) -{ - struct timeval tv; - if (gettimeofday(&tv, NULL) != 0) { - ERR_raise(ERR_LIB_TS, TS_R_TIME_SYSCALL_ERROR); - TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION, - "Time is not available."); - TS_RESP_CTX_add_failure_info(ctx, TS_INFO_TIME_NOT_AVAILABLE); - return 0; - } - *sec = tv.tv_sec; - *usec = tv.tv_usec; - - return 1; -} - -#else - -static int def_time_cb(struct TS_resp_ctx *ctx, void *data, - long *sec, long *usec) -{ - time_t t; - if (time(&t) == (time_t)-1) { - ERR_raise(ERR_LIB_TS, TS_R_TIME_SYSCALL_ERROR); - TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION, - "Time is not available."); - TS_RESP_CTX_add_failure_info(ctx, TS_INFO_TIME_NOT_AVAILABLE); - return 0; - } - *sec = (long)t; - *usec = 0; - - return 1; -} - -#endif - -static int def_extension_cb(struct TS_resp_ctx *ctx, X509_EXTENSION *ext, - void *data) -{ - TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION, - "Unsupported extension."); - TS_RESP_CTX_add_failure_info(ctx, TS_INFO_UNACCEPTED_EXTENSION); - return 0; -} - -/* TS_RESP_CTX management functions. */ - -TS_RESP_CTX *TS_RESP_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq) -{ - TS_RESP_CTX *ctx; - - if ((ctx = OPENSSL_zalloc(sizeof(*ctx))) == NULL) { - ERR_raise(ERR_LIB_TS, ERR_R_MALLOC_FAILURE); - return NULL; - } - - if (propq != NULL) { - ctx->propq = OPENSSL_strdup(propq); - if (ctx->propq == NULL) { - OPENSSL_free(ctx); - ERR_raise(ERR_LIB_TS, ERR_R_MALLOC_FAILURE); - return NULL; - } - } - ctx->libctx = libctx; - ctx->serial_cb = def_serial_cb; - ctx->time_cb = def_time_cb; - ctx->extension_cb = def_extension_cb; - - return ctx; -} - -TS_RESP_CTX *TS_RESP_CTX_new(void) -{ - return TS_RESP_CTX_new_ex(NULL, NULL); -} - -void TS_RESP_CTX_free(TS_RESP_CTX *ctx) -{ - if (!ctx) - return; - - OPENSSL_free(ctx->propq); - X509_free(ctx->signer_cert); - EVP_PKEY_free(ctx->signer_key); - sk_X509_pop_free(ctx->certs, X509_free); - sk_ASN1_OBJECT_pop_free(ctx->policies, ASN1_OBJECT_free); - ASN1_OBJECT_free(ctx->default_policy); - sk_EVP_MD_free(ctx->mds); /* No EVP_MD_free method exists. */ - ASN1_INTEGER_free(ctx->seconds); - ASN1_INTEGER_free(ctx->millis); - ASN1_INTEGER_free(ctx->micros); - OPENSSL_free(ctx); -} - -int TS_RESP_CTX_set_signer_cert(TS_RESP_CTX *ctx, X509 *signer) -{ - if (X509_check_purpose(signer, X509_PURPOSE_TIMESTAMP_SIGN, 0) != 1) { - ERR_raise(ERR_LIB_TS, TS_R_INVALID_SIGNER_CERTIFICATE_PURPOSE); - return 0; - } - X509_free(ctx->signer_cert); - ctx->signer_cert = signer; - X509_up_ref(ctx->signer_cert); - return 1; -} - -int TS_RESP_CTX_set_signer_key(TS_RESP_CTX *ctx, EVP_PKEY *key) -{ - EVP_PKEY_free(ctx->signer_key); - ctx->signer_key = key; - EVP_PKEY_up_ref(ctx->signer_key); - - return 1; -} - -int TS_RESP_CTX_set_signer_digest(TS_RESP_CTX *ctx, const EVP_MD *md) -{ - ctx->signer_md = md; - return 1; -} - -int TS_RESP_CTX_set_def_policy(TS_RESP_CTX *ctx, const ASN1_OBJECT *def_policy) -{ - ASN1_OBJECT_free(ctx->default_policy); - if ((ctx->default_policy = OBJ_dup(def_policy)) == NULL) - goto err; - return 1; - err: - ERR_raise(ERR_LIB_TS, ERR_R_MALLOC_FAILURE); - return 0; -} - -int TS_RESP_CTX_set_certs(TS_RESP_CTX *ctx, STACK_OF(X509) *certs) -{ - sk_X509_pop_free(ctx->certs, X509_free); - ctx->certs = NULL; - - return certs == NULL || (ctx->certs = X509_chain_up_ref(certs)) != NULL; -} - -int TS_RESP_CTX_add_policy(TS_RESP_CTX *ctx, const ASN1_OBJECT *policy) -{ - ASN1_OBJECT *copy = NULL; - - if (ctx->policies == NULL - && (ctx->policies = sk_ASN1_OBJECT_new_null()) == NULL) - goto err; - if ((copy = OBJ_dup(policy)) == NULL) - goto err; - if (!sk_ASN1_OBJECT_push(ctx->policies, copy)) - goto err; - - return 1; - err: - ERR_raise(ERR_LIB_TS, ERR_R_MALLOC_FAILURE); - ASN1_OBJECT_free(copy); - return 0; -} - -int TS_RESP_CTX_add_md(TS_RESP_CTX *ctx, const EVP_MD *md) -{ - if (ctx->mds == NULL - && (ctx->mds = sk_EVP_MD_new_null()) == NULL) - goto err; - if (!sk_EVP_MD_push(ctx->mds, md)) - goto err; - - return 1; - err: - ERR_raise(ERR_LIB_TS, ERR_R_MALLOC_FAILURE); - return 0; -} - -#define TS_RESP_CTX_accuracy_free(ctx) \ - ASN1_INTEGER_free(ctx->seconds); \ - ctx->seconds = NULL; \ - ASN1_INTEGER_free(ctx->millis); \ - ctx->millis = NULL; \ - ASN1_INTEGER_free(ctx->micros); \ - ctx->micros = NULL; - -int TS_RESP_CTX_set_accuracy(TS_RESP_CTX *ctx, - int secs, int millis, int micros) -{ - - TS_RESP_CTX_accuracy_free(ctx); - if (secs - && ((ctx->seconds = ASN1_INTEGER_new()) == NULL - || !ASN1_INTEGER_set(ctx->seconds, secs))) - goto err; - if (millis - && ((ctx->millis = ASN1_INTEGER_new()) == NULL - || !ASN1_INTEGER_set(ctx->millis, millis))) - goto err; - if (micros - && ((ctx->micros = ASN1_INTEGER_new()) == NULL - || !ASN1_INTEGER_set(ctx->micros, micros))) - goto err; - - return 1; - err: - TS_RESP_CTX_accuracy_free(ctx); - ERR_raise(ERR_LIB_TS, ERR_R_MALLOC_FAILURE); - return 0; -} - -void TS_RESP_CTX_add_flags(TS_RESP_CTX *ctx, int flags) -{ - ctx->flags |= flags; -} - -void TS_RESP_CTX_set_serial_cb(TS_RESP_CTX *ctx, TS_serial_cb cb, void *data) -{ - ctx->serial_cb = cb; - ctx->serial_cb_data = data; -} - -void TS_RESP_CTX_set_time_cb(TS_RESP_CTX *ctx, TS_time_cb cb, void *data) -{ - ctx->time_cb = cb; - ctx->time_cb_data = data; -} - -void TS_RESP_CTX_set_extension_cb(TS_RESP_CTX *ctx, - TS_extension_cb cb, void *data) -{ - ctx->extension_cb = cb; - ctx->extension_cb_data = data; -} - -int TS_RESP_CTX_set_status_info(TS_RESP_CTX *ctx, - int status, const char *text) -{ - TS_STATUS_INFO *si = NULL; - ASN1_UTF8STRING *utf8_text = NULL; - int ret = 0; - - if ((si = TS_STATUS_INFO_new()) == NULL) - goto err; - if (!ASN1_INTEGER_set(si->status, status)) - goto err; - if (text) { - if ((utf8_text = ASN1_UTF8STRING_new()) == NULL - || !ASN1_STRING_set(utf8_text, text, strlen(text))) - goto err; - if (si->text == NULL - && (si->text = sk_ASN1_UTF8STRING_new_null()) == NULL) - goto err; - if (!sk_ASN1_UTF8STRING_push(si->text, utf8_text)) - goto err; - utf8_text = NULL; /* Ownership is lost. */ - } - if (!TS_RESP_set_status_info(ctx->response, si)) - goto err; - ret = 1; - err: - if (!ret) - ERR_raise(ERR_LIB_TS, ERR_R_MALLOC_FAILURE); - TS_STATUS_INFO_free(si); - ASN1_UTF8STRING_free(utf8_text); - return ret; -} - -int TS_RESP_CTX_set_status_info_cond(TS_RESP_CTX *ctx, - int status, const char *text) -{ - int ret = 1; - TS_STATUS_INFO *si = ctx->response->status_info; - - if (ASN1_INTEGER_get(si->status) == TS_STATUS_GRANTED) { - ret = TS_RESP_CTX_set_status_info(ctx, status, text); - } - return ret; -} - -int TS_RESP_CTX_add_failure_info(TS_RESP_CTX *ctx, int failure) -{ - TS_STATUS_INFO *si = ctx->response->status_info; - if (si->failure_info == NULL - && (si->failure_info = ASN1_BIT_STRING_new()) == NULL) - goto err; - if (!ASN1_BIT_STRING_set_bit(si->failure_info, failure, 1)) - goto err; - return 1; - err: - ERR_raise(ERR_LIB_TS, ERR_R_MALLOC_FAILURE); - return 0; -} - -TS_REQ *TS_RESP_CTX_get_request(TS_RESP_CTX *ctx) -{ - return ctx->request; -} - -TS_TST_INFO *TS_RESP_CTX_get_tst_info(TS_RESP_CTX *ctx) -{ - return ctx->tst_info; -} - -int TS_RESP_CTX_set_clock_precision_digits(TS_RESP_CTX *ctx, - unsigned precision) -{ - if (precision > TS_MAX_CLOCK_PRECISION_DIGITS) - return 0; - ctx->clock_precision_digits = precision; - return 1; -} - -/* Main entry method of the response generation. */ -TS_RESP *TS_RESP_create_response(TS_RESP_CTX *ctx, BIO *req_bio) -{ - ASN1_OBJECT *policy; - TS_RESP *response; - int result = 0; - - ts_RESP_CTX_init(ctx); - - if ((ctx->response = TS_RESP_new()) == NULL) { - ERR_raise(ERR_LIB_TS, ERR_R_MALLOC_FAILURE); - goto end; - } - if ((ctx->request = d2i_TS_REQ_bio(req_bio, NULL)) == NULL) { - TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION, - "Bad request format or system error."); - TS_RESP_CTX_add_failure_info(ctx, TS_INFO_BAD_DATA_FORMAT); - goto end; - } - if (!TS_RESP_CTX_set_status_info(ctx, TS_STATUS_GRANTED, NULL)) - goto end; - if (!ts_RESP_check_request(ctx)) - goto end; - if ((policy = ts_RESP_get_policy(ctx)) == NULL) - goto end; - if ((ctx->tst_info = ts_RESP_create_tst_info(ctx, policy)) == NULL) - goto end; - if (!ts_RESP_process_extensions(ctx)) - goto end; - if (!ts_RESP_sign(ctx)) - goto end; - result = 1; - - end: - if (!result) { - ERR_raise(ERR_LIB_TS, TS_R_RESPONSE_SETUP_ERROR); - if (ctx->response != NULL) { - if (TS_RESP_CTX_set_status_info_cond(ctx, - TS_STATUS_REJECTION, - "Error during response " - "generation.") == 0) { - TS_RESP_free(ctx->response); - ctx->response = NULL; - } - } - } - response = ctx->response; - ctx->response = NULL; /* Ownership will be returned to caller. */ - ts_RESP_CTX_cleanup(ctx); - return response; -} - -/* Initializes the variable part of the context. */ -static void ts_RESP_CTX_init(TS_RESP_CTX *ctx) -{ - ctx->request = NULL; - ctx->response = NULL; - ctx->tst_info = NULL; -} - -/* Cleans up the variable part of the context. */ -static void ts_RESP_CTX_cleanup(TS_RESP_CTX *ctx) -{ - TS_REQ_free(ctx->request); - ctx->request = NULL; - TS_RESP_free(ctx->response); - ctx->response = NULL; - TS_TST_INFO_free(ctx->tst_info); - ctx->tst_info = NULL; -} - -/* Checks the format and content of the request. */ -static int ts_RESP_check_request(TS_RESP_CTX *ctx) -{ - TS_REQ *request = ctx->request; - TS_MSG_IMPRINT *msg_imprint; - X509_ALGOR *md_alg; - char md_alg_name[OSSL_MAX_NAME_SIZE]; - const ASN1_OCTET_STRING *digest; - const EVP_MD *md = NULL; - int i; - - if (TS_REQ_get_version(request) != 1) { - TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION, - "Bad request version."); - TS_RESP_CTX_add_failure_info(ctx, TS_INFO_BAD_REQUEST); - return 0; - } - - msg_imprint = request->msg_imprint; - md_alg = msg_imprint->hash_algo; - OBJ_obj2txt(md_alg_name, sizeof(md_alg_name), md_alg->algorithm, 0); - for (i = 0; !md && i < sk_EVP_MD_num(ctx->mds); ++i) { - const EVP_MD *current_md = sk_EVP_MD_value(ctx->mds, i); - if (EVP_MD_is_a(current_md, md_alg_name)) - md = current_md; - } - if (!md) { - TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION, - "Message digest algorithm is " - "not supported."); - TS_RESP_CTX_add_failure_info(ctx, TS_INFO_BAD_ALG); - return 0; - } - - if (md_alg->parameter && ASN1_TYPE_get(md_alg->parameter) != V_ASN1_NULL) { - TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION, - "Superfluous message digest " - "parameter."); - TS_RESP_CTX_add_failure_info(ctx, TS_INFO_BAD_ALG); - return 0; - } - digest = msg_imprint->hashed_msg; - if (digest->length != EVP_MD_get_size(md)) { - TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION, - "Bad message digest."); - TS_RESP_CTX_add_failure_info(ctx, TS_INFO_BAD_DATA_FORMAT); - return 0; - } - - return 1; -} - -/* Returns the TSA policy based on the requested and acceptable policies. */ -static ASN1_OBJECT *ts_RESP_get_policy(TS_RESP_CTX *ctx) -{ - ASN1_OBJECT *requested = ctx->request->policy_id; - ASN1_OBJECT *policy = NULL; - int i; - - if (ctx->default_policy == NULL) { - ERR_raise(ERR_LIB_TS, TS_R_INVALID_NULL_POINTER); - return NULL; - } - if (!requested || !OBJ_cmp(requested, ctx->default_policy)) - policy = ctx->default_policy; - - /* Check if the policy is acceptable. */ - for (i = 0; !policy && i < sk_ASN1_OBJECT_num(ctx->policies); ++i) { - ASN1_OBJECT *current = sk_ASN1_OBJECT_value(ctx->policies, i); - if (!OBJ_cmp(requested, current)) - policy = current; - } - if (policy == NULL) { - ERR_raise(ERR_LIB_TS, TS_R_UNACCEPTABLE_POLICY); - TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION, - "Requested policy is not " "supported."); - TS_RESP_CTX_add_failure_info(ctx, TS_INFO_UNACCEPTED_POLICY); - } - return policy; -} - -/* Creates the TS_TST_INFO object based on the settings of the context. */ -static TS_TST_INFO *ts_RESP_create_tst_info(TS_RESP_CTX *ctx, - ASN1_OBJECT *policy) -{ - int result = 0; - TS_TST_INFO *tst_info = NULL; - ASN1_INTEGER *serial = NULL; - ASN1_GENERALIZEDTIME *asn1_time = NULL; - long sec, usec; - TS_ACCURACY *accuracy = NULL; - const ASN1_INTEGER *nonce; - GENERAL_NAME *tsa_name = NULL; - - if ((tst_info = TS_TST_INFO_new()) == NULL) - goto end; - if (!TS_TST_INFO_set_version(tst_info, 1)) - goto end; - if (!TS_TST_INFO_set_policy_id(tst_info, policy)) - goto end; - if (!TS_TST_INFO_set_msg_imprint(tst_info, ctx->request->msg_imprint)) - goto end; - if ((serial = ctx->serial_cb(ctx, ctx->serial_cb_data)) == NULL - || !TS_TST_INFO_set_serial(tst_info, serial)) - goto end; - if (!ctx->time_cb(ctx, ctx->time_cb_data, &sec, &usec) - || (asn1_time = - TS_RESP_set_genTime_with_precision(NULL, sec, usec, - ctx->clock_precision_digits)) == NULL - || !TS_TST_INFO_set_time(tst_info, asn1_time)) - goto end; - - if ((ctx->seconds || ctx->millis || ctx->micros) - && (accuracy = TS_ACCURACY_new()) == NULL) - goto end; - if (ctx->seconds && !TS_ACCURACY_set_seconds(accuracy, ctx->seconds)) - goto end; - if (ctx->millis && !TS_ACCURACY_set_millis(accuracy, ctx->millis)) - goto end; - if (ctx->micros && !TS_ACCURACY_set_micros(accuracy, ctx->micros)) - goto end; - if (accuracy && !TS_TST_INFO_set_accuracy(tst_info, accuracy)) - goto end; - - if ((ctx->flags & TS_ORDERING) - && !TS_TST_INFO_set_ordering(tst_info, 1)) - goto end; - - if ((nonce = ctx->request->nonce) != NULL - && !TS_TST_INFO_set_nonce(tst_info, nonce)) - goto end; - - if (ctx->flags & TS_TSA_NAME) { - if ((tsa_name = GENERAL_NAME_new()) == NULL) - goto end; - tsa_name->type = GEN_DIRNAME; - tsa_name->d.dirn = - X509_NAME_dup(X509_get_subject_name(ctx->signer_cert)); - if (!tsa_name->d.dirn) - goto end; - if (!TS_TST_INFO_set_tsa(tst_info, tsa_name)) - goto end; - } - - result = 1; - end: - if (!result) { - TS_TST_INFO_free(tst_info); - tst_info = NULL; - ERR_raise(ERR_LIB_TS, TS_R_TST_INFO_SETUP_ERROR); - TS_RESP_CTX_set_status_info_cond(ctx, TS_STATUS_REJECTION, - "Error during TSTInfo " - "generation."); - } - GENERAL_NAME_free(tsa_name); - TS_ACCURACY_free(accuracy); - ASN1_GENERALIZEDTIME_free(asn1_time); - ASN1_INTEGER_free(serial); - - return tst_info; -} - -/* Processing the extensions of the request. */ -static int ts_RESP_process_extensions(TS_RESP_CTX *ctx) -{ - STACK_OF(X509_EXTENSION) *exts = ctx->request->extensions; - int i; - int ok = 1; - - for (i = 0; ok && i < sk_X509_EXTENSION_num(exts); ++i) { - X509_EXTENSION *ext = sk_X509_EXTENSION_value(exts, i); - /* - * The last argument was previously (void *)ctx->extension_cb, - * but ISO C doesn't permit converting a function pointer to void *. - * For lack of better information, I'm placing a NULL there instead. - * The callback can pick its own address out from the ctx anyway... - */ - ok = (*ctx->extension_cb) (ctx, ext, NULL); - } - - return ok; -} - -/* Functions for signing the TS_TST_INFO structure of the context. */ -static int ossl_ess_add1_signing_cert(PKCS7_SIGNER_INFO *si, - const ESS_SIGNING_CERT *sc) -{ - ASN1_STRING *seq = NULL; - int len = i2d_ESS_SIGNING_CERT(sc, NULL); - unsigned char *p, *pp = OPENSSL_malloc(len); - - if (pp == NULL) - return 0; - - p = pp; - i2d_ESS_SIGNING_CERT(sc, &p); - if ((seq = ASN1_STRING_new()) == NULL || !ASN1_STRING_set(seq, pp, len)) { - ASN1_STRING_free(seq); - OPENSSL_free(pp); - return 0; - } - - OPENSSL_free(pp); - return PKCS7_add_signed_attribute(si, NID_id_smime_aa_signingCertificate, - V_ASN1_SEQUENCE, seq); -} - -static int ossl_ess_add1_signing_cert_v2(PKCS7_SIGNER_INFO *si, - const ESS_SIGNING_CERT_V2 *sc) -{ - ASN1_STRING *seq = NULL; - int len = i2d_ESS_SIGNING_CERT_V2(sc, NULL); - unsigned char *p, *pp = OPENSSL_malloc(len); - - if (pp == NULL) - return 0; - - p = pp; - i2d_ESS_SIGNING_CERT_V2(sc, &p); - if ((seq = ASN1_STRING_new()) == NULL || !ASN1_STRING_set(seq, pp, len)) { - ASN1_STRING_free(seq); - OPENSSL_free(pp); - return 0; - } - - OPENSSL_free(pp); - return PKCS7_add_signed_attribute(si, NID_id_smime_aa_signingCertificateV2, - V_ASN1_SEQUENCE, seq); -} - -static int ts_RESP_sign(TS_RESP_CTX *ctx) -{ - int ret = 0; - PKCS7 *p7 = NULL; - PKCS7_SIGNER_INFO *si; - STACK_OF(X509) *certs; /* Certificates to include in sc. */ - ESS_SIGNING_CERT_V2 *sc2 = NULL; - ESS_SIGNING_CERT *sc = NULL; - ASN1_OBJECT *oid; - BIO *p7bio = NULL; - int i; - EVP_MD *signer_md = NULL; - - if (!X509_check_private_key(ctx->signer_cert, ctx->signer_key)) { - ERR_raise(ERR_LIB_TS, TS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE); - goto err; - } - - if ((p7 = PKCS7_new_ex(ctx->libctx, ctx->propq)) == NULL) { - ERR_raise(ERR_LIB_TS, ERR_R_MALLOC_FAILURE); - goto err; - } - if (!PKCS7_set_type(p7, NID_pkcs7_signed)) - goto err; - if (!ASN1_INTEGER_set(p7->d.sign->version, 3)) - goto err; - - if (ctx->request->cert_req) { - PKCS7_add_certificate(p7, ctx->signer_cert); - if (ctx->certs) { - for (i = 0; i < sk_X509_num(ctx->certs); ++i) { - X509 *cert = sk_X509_value(ctx->certs, i); - PKCS7_add_certificate(p7, cert); - } - } - } - - if (ctx->signer_md == NULL) - signer_md = EVP_MD_fetch(ctx->libctx, "SHA256", ctx->propq); - else if (EVP_MD_get0_provider(ctx->signer_md) == NULL) - signer_md = EVP_MD_fetch(ctx->libctx, EVP_MD_get0_name(ctx->signer_md), - ctx->propq); - else - signer_md = (EVP_MD *)ctx->signer_md; - - if ((si = PKCS7_add_signature(p7, ctx->signer_cert, - ctx->signer_key, signer_md)) == NULL) { - ERR_raise(ERR_LIB_TS, TS_R_PKCS7_ADD_SIGNATURE_ERROR); - goto err; - } - - oid = OBJ_nid2obj(NID_id_smime_ct_TSTInfo); - if (!PKCS7_add_signed_attribute(si, NID_pkcs9_contentType, - V_ASN1_OBJECT, oid)) { - ERR_raise(ERR_LIB_TS, TS_R_PKCS7_ADD_SIGNED_ATTR_ERROR); - goto err; - } - - certs = ctx->flags & TS_ESS_CERT_ID_CHAIN ? ctx->certs : NULL; - if (ctx->ess_cert_id_digest == NULL - || EVP_MD_is_a(ctx->ess_cert_id_digest, SN_sha1)) { - if ((sc = OSSL_ESS_signing_cert_new_init(ctx->signer_cert, - certs, 0)) == NULL) - goto err; - - if (!ossl_ess_add1_signing_cert(si, sc)) { - ERR_raise(ERR_LIB_TS, TS_R_ESS_ADD_SIGNING_CERT_ERROR); - goto err; - } - } else { - sc2 = OSSL_ESS_signing_cert_v2_new_init(ctx->ess_cert_id_digest, - ctx->signer_cert, certs, 0); - if (sc2 == NULL) - goto err; - - if (!ossl_ess_add1_signing_cert_v2(si, sc2)) { - ERR_raise(ERR_LIB_TS, TS_R_ESS_ADD_SIGNING_CERT_V2_ERROR); - goto err; - } - } - - if (!ts_TST_INFO_content_new(p7)) - goto err; - if ((p7bio = PKCS7_dataInit(p7, NULL)) == NULL) { - ERR_raise(ERR_LIB_TS, ERR_R_MALLOC_FAILURE); - goto err; - } - if (!i2d_TS_TST_INFO_bio(p7bio, ctx->tst_info)) { - ERR_raise(ERR_LIB_TS, TS_R_TS_DATASIGN); - goto err; - } - if (!PKCS7_dataFinal(p7, p7bio)) { - ERR_raise(ERR_LIB_TS, TS_R_TS_DATASIGN); - goto err; - } - TS_RESP_set_tst_info(ctx->response, p7, ctx->tst_info); - p7 = NULL; /* Ownership is lost. */ - ctx->tst_info = NULL; /* Ownership is lost. */ - - ret = 1; - err: - if (signer_md != ctx->signer_md) - EVP_MD_free(signer_md); - - if (!ret) - TS_RESP_CTX_set_status_info_cond(ctx, TS_STATUS_REJECTION, - "Error during signature " - "generation."); - BIO_free_all(p7bio); - ESS_SIGNING_CERT_V2_free(sc2); - ESS_SIGNING_CERT_free(sc); - PKCS7_free(p7); - return ret; -} - -static int ts_TST_INFO_content_new(PKCS7 *p7) -{ - PKCS7 *ret = NULL; - ASN1_OCTET_STRING *octet_string = NULL; - - /* Create new encapsulated NID_id_smime_ct_TSTInfo content. */ - if ((ret = PKCS7_new()) == NULL) - goto err; - if ((ret->d.other = ASN1_TYPE_new()) == NULL) - goto err; - ret->type = OBJ_nid2obj(NID_id_smime_ct_TSTInfo); - if ((octet_string = ASN1_OCTET_STRING_new()) == NULL) - goto err; - ASN1_TYPE_set(ret->d.other, V_ASN1_OCTET_STRING, octet_string); - octet_string = NULL; - - /* Add encapsulated content to signed PKCS7 structure. */ - if (!PKCS7_set_content(p7, ret)) - goto err; - - return 1; - err: - ASN1_OCTET_STRING_free(octet_string); - PKCS7_free(ret); - return 0; -} - -static ASN1_GENERALIZEDTIME *TS_RESP_set_genTime_with_precision( - ASN1_GENERALIZEDTIME *asn1_time, long sec, long usec, - unsigned precision) -{ - time_t time_sec = (time_t)sec; - struct tm *tm = NULL, tm_result; - char genTime_str[17 + TS_MAX_CLOCK_PRECISION_DIGITS]; - char *p = genTime_str; - char *p_end = genTime_str + sizeof(genTime_str); - - if (precision > TS_MAX_CLOCK_PRECISION_DIGITS) - goto err; - - if ((tm = OPENSSL_gmtime(&time_sec, &tm_result)) == NULL) - goto err; - - /* - * Put "genTime_str" in GeneralizedTime format. We work around the - * restrictions imposed by rfc3280 (i.e. "GeneralizedTime values MUST - * NOT include fractional seconds") and OpenSSL related functions to - * meet the rfc3161 requirement: "GeneralizedTime syntax can include - * fraction-of-second details". - */ - p += BIO_snprintf(p, p_end - p, - "%04d%02d%02d%02d%02d%02d", - tm->tm_year + 1900, tm->tm_mon + 1, tm->tm_mday, - tm->tm_hour, tm->tm_min, tm->tm_sec); - if (precision > 0) { - BIO_snprintf(p, 2 + precision, ".%06ld", usec); - p += strlen(p); - - /* - * To make things a bit harder, X.690 | ISO/IEC 8825-1 provides the - * following restrictions for a DER-encoding, which OpenSSL - * (specifically ASN1_GENERALIZEDTIME_check() function) doesn't - * support: "The encoding MUST terminate with a "Z" (which means - * "Zulu" time). The decimal point element, if present, MUST be the - * point option ".". The fractional-seconds elements, if present, - * MUST omit all trailing 0's; if the elements correspond to 0, they - * MUST be wholly omitted, and the decimal point element also MUST be - * omitted." - */ - /* - * Remove trailing zeros. The dot guarantees the exit condition of - * this loop even if all the digits are zero. - */ - while (*--p == '0') - continue; - if (*p != '.') - ++p; - } - *p++ = 'Z'; - *p++ = '\0'; - - if (asn1_time == NULL - && (asn1_time = ASN1_GENERALIZEDTIME_new()) == NULL) - goto err; - if (!ASN1_GENERALIZEDTIME_set_string(asn1_time, genTime_str)) { - ASN1_GENERALIZEDTIME_free(asn1_time); - goto err; - } - return asn1_time; - - err: - ERR_raise(ERR_LIB_TS, TS_R_COULD_NOT_SET_TIME); - return NULL; -} - -int TS_RESP_CTX_set_ess_cert_id_digest(TS_RESP_CTX *ctx, const EVP_MD *md) -{ - ctx->ess_cert_id_digest = md; - return 1; -} diff --git a/crypto/ts/ts_rsp_utils.c b/crypto/ts/ts_rsp_utils.c deleted file mode 100644 index cae076f21a6a0c1e9944df0b2471d6d3626ea0b7..0000000000000000000000000000000000000000 --- a/crypto/ts/ts_rsp_utils.c +++ /dev/null @@ -1,365 +0,0 @@ -/* - * Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/cryptlib.h" -#include -#include -#include -#include "ts_local.h" - -int TS_RESP_set_status_info(TS_RESP *a, TS_STATUS_INFO *status_info) -{ - TS_STATUS_INFO *new_status_info; - - if (a->status_info == status_info) - return 1; - new_status_info = TS_STATUS_INFO_dup(status_info); - if (new_status_info == NULL) { - ERR_raise(ERR_LIB_TS, ERR_R_MALLOC_FAILURE); - return 0; - } - TS_STATUS_INFO_free(a->status_info); - a->status_info = new_status_info; - - return 1; -} - -TS_STATUS_INFO *TS_RESP_get_status_info(TS_RESP *a) -{ - return a->status_info; -} - -/* Caller loses ownership of PKCS7 and TS_TST_INFO objects. */ -void TS_RESP_set_tst_info(TS_RESP *a, PKCS7 *p7, TS_TST_INFO *tst_info) -{ - PKCS7_free(a->token); - a->token = p7; - TS_TST_INFO_free(a->tst_info); - a->tst_info = tst_info; -} - -PKCS7 *TS_RESP_get_token(TS_RESP *a) -{ - return a->token; -} - -TS_TST_INFO *TS_RESP_get_tst_info(TS_RESP *a) -{ - return a->tst_info; -} - -int TS_TST_INFO_set_version(TS_TST_INFO *a, long version) -{ - return ASN1_INTEGER_set(a->version, version); -} - -long TS_TST_INFO_get_version(const TS_TST_INFO *a) -{ - return ASN1_INTEGER_get(a->version); -} - -int TS_TST_INFO_set_policy_id(TS_TST_INFO *a, ASN1_OBJECT *policy) -{ - ASN1_OBJECT *new_policy; - - if (a->policy_id == policy) - return 1; - new_policy = OBJ_dup(policy); - if (new_policy == NULL) { - ERR_raise(ERR_LIB_TS, ERR_R_MALLOC_FAILURE); - return 0; - } - ASN1_OBJECT_free(a->policy_id); - a->policy_id = new_policy; - return 1; -} - -ASN1_OBJECT *TS_TST_INFO_get_policy_id(TS_TST_INFO *a) -{ - return a->policy_id; -} - -int TS_TST_INFO_set_msg_imprint(TS_TST_INFO *a, TS_MSG_IMPRINT *msg_imprint) -{ - TS_MSG_IMPRINT *new_msg_imprint; - - if (a->msg_imprint == msg_imprint) - return 1; - new_msg_imprint = TS_MSG_IMPRINT_dup(msg_imprint); - if (new_msg_imprint == NULL) { - ERR_raise(ERR_LIB_TS, ERR_R_MALLOC_FAILURE); - return 0; - } - TS_MSG_IMPRINT_free(a->msg_imprint); - a->msg_imprint = new_msg_imprint; - return 1; -} - -TS_MSG_IMPRINT *TS_TST_INFO_get_msg_imprint(TS_TST_INFO *a) -{ - return a->msg_imprint; -} - -int TS_TST_INFO_set_serial(TS_TST_INFO *a, const ASN1_INTEGER *serial) -{ - ASN1_INTEGER *new_serial; - - if (a->serial == serial) - return 1; - new_serial = ASN1_INTEGER_dup(serial); - if (new_serial == NULL) { - ERR_raise(ERR_LIB_TS, ERR_R_MALLOC_FAILURE); - return 0; - } - ASN1_INTEGER_free(a->serial); - a->serial = new_serial; - return 1; -} - -const ASN1_INTEGER *TS_TST_INFO_get_serial(const TS_TST_INFO *a) -{ - return a->serial; -} - -int TS_TST_INFO_set_time(TS_TST_INFO *a, const ASN1_GENERALIZEDTIME *gtime) -{ - ASN1_GENERALIZEDTIME *new_time; - - if (a->time == gtime) - return 1; - new_time = ASN1_STRING_dup(gtime); - if (new_time == NULL) { - ERR_raise(ERR_LIB_TS, ERR_R_MALLOC_FAILURE); - return 0; - } - ASN1_GENERALIZEDTIME_free(a->time); - a->time = new_time; - return 1; -} - -const ASN1_GENERALIZEDTIME *TS_TST_INFO_get_time(const TS_TST_INFO *a) -{ - return a->time; -} - -int TS_TST_INFO_set_accuracy(TS_TST_INFO *a, TS_ACCURACY *accuracy) -{ - TS_ACCURACY *new_accuracy; - - if (a->accuracy == accuracy) - return 1; - new_accuracy = TS_ACCURACY_dup(accuracy); - if (new_accuracy == NULL) { - ERR_raise(ERR_LIB_TS, ERR_R_MALLOC_FAILURE); - return 0; - } - TS_ACCURACY_free(a->accuracy); - a->accuracy = new_accuracy; - return 1; -} - -TS_ACCURACY *TS_TST_INFO_get_accuracy(TS_TST_INFO *a) -{ - return a->accuracy; -} - -int TS_ACCURACY_set_seconds(TS_ACCURACY *a, const ASN1_INTEGER *seconds) -{ - ASN1_INTEGER *new_seconds; - - if (a->seconds == seconds) - return 1; - new_seconds = ASN1_INTEGER_dup(seconds); - if (new_seconds == NULL) { - ERR_raise(ERR_LIB_TS, ERR_R_MALLOC_FAILURE); - return 0; - } - ASN1_INTEGER_free(a->seconds); - a->seconds = new_seconds; - return 1; -} - -const ASN1_INTEGER *TS_ACCURACY_get_seconds(const TS_ACCURACY *a) -{ - return a->seconds; -} - -int TS_ACCURACY_set_millis(TS_ACCURACY *a, const ASN1_INTEGER *millis) -{ - ASN1_INTEGER *new_millis = NULL; - - if (a->millis == millis) - return 1; - if (millis != NULL) { - new_millis = ASN1_INTEGER_dup(millis); - if (new_millis == NULL) { - ERR_raise(ERR_LIB_TS, ERR_R_MALLOC_FAILURE); - return 0; - } - } - ASN1_INTEGER_free(a->millis); - a->millis = new_millis; - return 1; -} - -const ASN1_INTEGER *TS_ACCURACY_get_millis(const TS_ACCURACY *a) -{ - return a->millis; -} - -int TS_ACCURACY_set_micros(TS_ACCURACY *a, const ASN1_INTEGER *micros) -{ - ASN1_INTEGER *new_micros = NULL; - - if (a->micros == micros) - return 1; - if (micros != NULL) { - new_micros = ASN1_INTEGER_dup(micros); - if (new_micros == NULL) { - ERR_raise(ERR_LIB_TS, ERR_R_MALLOC_FAILURE); - return 0; - } - } - ASN1_INTEGER_free(a->micros); - a->micros = new_micros; - return 1; -} - -const ASN1_INTEGER *TS_ACCURACY_get_micros(const TS_ACCURACY *a) -{ - return a->micros; -} - -int TS_TST_INFO_set_ordering(TS_TST_INFO *a, int ordering) -{ - a->ordering = ordering ? 0xFF : 0x00; - return 1; -} - -int TS_TST_INFO_get_ordering(const TS_TST_INFO *a) -{ - return a->ordering ? 1 : 0; -} - -int TS_TST_INFO_set_nonce(TS_TST_INFO *a, const ASN1_INTEGER *nonce) -{ - ASN1_INTEGER *new_nonce; - - if (a->nonce == nonce) - return 1; - new_nonce = ASN1_INTEGER_dup(nonce); - if (new_nonce == NULL) { - ERR_raise(ERR_LIB_TS, ERR_R_MALLOC_FAILURE); - return 0; - } - ASN1_INTEGER_free(a->nonce); - a->nonce = new_nonce; - return 1; -} - -const ASN1_INTEGER *TS_TST_INFO_get_nonce(const TS_TST_INFO *a) -{ - return a->nonce; -} - -int TS_TST_INFO_set_tsa(TS_TST_INFO *a, GENERAL_NAME *tsa) -{ - GENERAL_NAME *new_tsa; - - if (a->tsa == tsa) - return 1; - new_tsa = GENERAL_NAME_dup(tsa); - if (new_tsa == NULL) { - ERR_raise(ERR_LIB_TS, ERR_R_MALLOC_FAILURE); - return 0; - } - GENERAL_NAME_free(a->tsa); - a->tsa = new_tsa; - return 1; -} - -GENERAL_NAME *TS_TST_INFO_get_tsa(TS_TST_INFO *a) -{ - return a->tsa; -} - -STACK_OF(X509_EXTENSION) *TS_TST_INFO_get_exts(TS_TST_INFO *a) -{ - return a->extensions; -} - -void TS_TST_INFO_ext_free(TS_TST_INFO *a) -{ - if (!a) - return; - sk_X509_EXTENSION_pop_free(a->extensions, X509_EXTENSION_free); - a->extensions = NULL; -} - -int TS_TST_INFO_get_ext_count(TS_TST_INFO *a) -{ - return X509v3_get_ext_count(a->extensions); -} - -int TS_TST_INFO_get_ext_by_NID(TS_TST_INFO *a, int nid, int lastpos) -{ - return X509v3_get_ext_by_NID(a->extensions, nid, lastpos); -} - -int TS_TST_INFO_get_ext_by_OBJ(TS_TST_INFO *a, const ASN1_OBJECT *obj, int lastpos) -{ - return X509v3_get_ext_by_OBJ(a->extensions, obj, lastpos); -} - -int TS_TST_INFO_get_ext_by_critical(TS_TST_INFO *a, int crit, int lastpos) -{ - return X509v3_get_ext_by_critical(a->extensions, crit, lastpos); -} - -X509_EXTENSION *TS_TST_INFO_get_ext(TS_TST_INFO *a, int loc) -{ - return X509v3_get_ext(a->extensions, loc); -} - -X509_EXTENSION *TS_TST_INFO_delete_ext(TS_TST_INFO *a, int loc) -{ - return X509v3_delete_ext(a->extensions, loc); -} - -int TS_TST_INFO_add_ext(TS_TST_INFO *a, X509_EXTENSION *ex, int loc) -{ - return X509v3_add_ext(&a->extensions, ex, loc) != NULL; -} - -void *TS_TST_INFO_get_ext_d2i(TS_TST_INFO *a, int nid, int *crit, int *idx) -{ - return X509V3_get_d2i(a->extensions, nid, crit, idx); -} - -int TS_STATUS_INFO_set_status(TS_STATUS_INFO *a, int i) -{ - return ASN1_INTEGER_set(a->status, i); -} - -const ASN1_INTEGER *TS_STATUS_INFO_get0_status(const TS_STATUS_INFO *a) -{ - return a->status; -} - -const STACK_OF(ASN1_UTF8STRING) * -TS_STATUS_INFO_get0_text(const TS_STATUS_INFO *a) -{ - return a->text; -} - -const ASN1_BIT_STRING *TS_STATUS_INFO_get0_failure_info(const TS_STATUS_INFO *a) -{ - return a->failure_info; -} diff --git a/crypto/ts/ts_rsp_verify.c b/crypto/ts/ts_rsp_verify.c deleted file mode 100644 index 792a27ce572b32c3a8c2fda59021e66c2fd952e7..0000000000000000000000000000000000000000 --- a/crypto/ts/ts_rsp_verify.c +++ /dev/null @@ -1,573 +0,0 @@ -/* - * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include -#include "internal/cryptlib.h" -#include "internal/sizes.h" -#include "crypto/ess.h" -#include "ts_local.h" - -static int ts_verify_cert(X509_STORE *store, STACK_OF(X509) *untrusted, - X509 *signer, STACK_OF(X509) **chain); -static int ts_check_signing_certs(const PKCS7_SIGNER_INFO *si, - const STACK_OF(X509) *chain); - -static int int_ts_RESP_verify_token(TS_VERIFY_CTX *ctx, - PKCS7 *token, TS_TST_INFO *tst_info); -static int ts_check_status_info(TS_RESP *response); -static char *ts_get_status_text(STACK_OF(ASN1_UTF8STRING) *text); -static int ts_check_policy(const ASN1_OBJECT *req_oid, - const TS_TST_INFO *tst_info); -static int ts_compute_imprint(BIO *data, TS_TST_INFO *tst_info, - X509_ALGOR **md_alg, - unsigned char **imprint, unsigned *imprint_len); -static int ts_check_imprints(X509_ALGOR *algor_a, - const unsigned char *imprint_a, unsigned len_a, - TS_TST_INFO *tst_info); -static int ts_check_nonces(const ASN1_INTEGER *a, TS_TST_INFO *tst_info); -static int ts_check_signer_name(GENERAL_NAME *tsa_name, X509 *signer); -static int ts_find_name(STACK_OF(GENERAL_NAME) *gen_names, - GENERAL_NAME *name); - -/* - * This must be large enough to hold all values in ts_status_text (with - * comma separator) or all text fields in ts_failure_info (also with comma). - */ -#define TS_STATUS_BUF_SIZE 256 - -/* - * Local mapping between response codes and descriptions. - */ -static const char *ts_status_text[] = { - "granted", - "grantedWithMods", - "rejection", - "waiting", - "revocationWarning", - "revocationNotification" -}; - -#define TS_STATUS_TEXT_SIZE OSSL_NELEM(ts_status_text) - -static struct { - int code; - const char *text; -} ts_failure_info[] = { - {TS_INFO_BAD_ALG, "badAlg"}, - {TS_INFO_BAD_REQUEST, "badRequest"}, - {TS_INFO_BAD_DATA_FORMAT, "badDataFormat"}, - {TS_INFO_TIME_NOT_AVAILABLE, "timeNotAvailable"}, - {TS_INFO_UNACCEPTED_POLICY, "unacceptedPolicy"}, - {TS_INFO_UNACCEPTED_EXTENSION, "unacceptedExtension"}, - {TS_INFO_ADD_INFO_NOT_AVAILABLE, "addInfoNotAvailable"}, - {TS_INFO_SYSTEM_FAILURE, "systemFailure"} -}; - - -/*- - * This function carries out the following tasks: - * - Checks if there is one and only one signer. - * - Search for the signing certificate in 'certs' and in the response. - * - Check the extended key usage and key usage fields of the signer - * certificate (done by the path validation). - * - Build and validate the certificate path. - * - Check if the certificate path meets the requirements of the - * SigningCertificate ESS signed attribute. - * - Verify the signature value. - * - Returns the signer certificate in 'signer', if 'signer' is not NULL. - */ -int TS_RESP_verify_signature(PKCS7 *token, STACK_OF(X509) *certs, - X509_STORE *store, X509 **signer_out) -{ - STACK_OF(PKCS7_SIGNER_INFO) *sinfos = NULL; - PKCS7_SIGNER_INFO *si; - STACK_OF(X509) *untrusted = NULL; - STACK_OF(X509) *signers = NULL; - X509 *signer; - STACK_OF(X509) *chain = NULL; - char buf[4096]; - int i, j = 0, ret = 0; - BIO *p7bio = NULL; - - /* Some sanity checks first. */ - if (!token) { - ERR_raise(ERR_LIB_TS, TS_R_INVALID_NULL_POINTER); - goto err; - } - if (!PKCS7_type_is_signed(token)) { - ERR_raise(ERR_LIB_TS, TS_R_WRONG_CONTENT_TYPE); - goto err; - } - sinfos = PKCS7_get_signer_info(token); - if (!sinfos || sk_PKCS7_SIGNER_INFO_num(sinfos) != 1) { - ERR_raise(ERR_LIB_TS, TS_R_THERE_MUST_BE_ONE_SIGNER); - goto err; - } - si = sk_PKCS7_SIGNER_INFO_value(sinfos, 0); - if (PKCS7_get_detached(token)) { - ERR_raise(ERR_LIB_TS, TS_R_NO_CONTENT); - goto err; - } - - /* - * Get hold of the signer certificate, search only internal certificates - * if it was requested. - */ - signers = PKCS7_get0_signers(token, certs, 0); - if (!signers || sk_X509_num(signers) != 1) - goto err; - signer = sk_X509_value(signers, 0); - - untrusted = sk_X509_new_reserve(NULL, sk_X509_num(certs) - + sk_X509_num(token->d.sign->cert)); - if (untrusted == NULL - || !X509_add_certs(untrusted, certs, 0) - || !X509_add_certs(untrusted, token->d.sign->cert, 0)) - goto err; - if (!ts_verify_cert(store, untrusted, signer, &chain)) - goto err; - if (!ts_check_signing_certs(si, chain)) - goto err; - p7bio = PKCS7_dataInit(token, NULL); - - /* We now have to 'read' from p7bio to calculate digests etc. */ - while ((i = BIO_read(p7bio, buf, sizeof(buf))) > 0) - continue; - - j = PKCS7_signatureVerify(p7bio, token, si, signer); - if (j <= 0) { - ERR_raise(ERR_LIB_TS, TS_R_SIGNATURE_FAILURE); - goto err; - } - - if (signer_out) { - *signer_out = signer; - X509_up_ref(signer); - } - ret = 1; - - err: - BIO_free_all(p7bio); - sk_X509_free(untrusted); - sk_X509_pop_free(chain, X509_free); - sk_X509_free(signers); - - return ret; -} - -/* - * The certificate chain is returned in chain. Caller is responsible for - * freeing the vector. - */ -static int ts_verify_cert(X509_STORE *store, STACK_OF(X509) *untrusted, - X509 *signer, STACK_OF(X509) **chain) -{ - X509_STORE_CTX *cert_ctx = NULL; - int i; - int ret = 0; - - *chain = NULL; - cert_ctx = X509_STORE_CTX_new(); - if (cert_ctx == NULL) { - ERR_raise(ERR_LIB_TS, ERR_R_MALLOC_FAILURE); - goto err; - } - if (!X509_STORE_CTX_init(cert_ctx, store, signer, untrusted)) - goto end; - X509_STORE_CTX_set_purpose(cert_ctx, X509_PURPOSE_TIMESTAMP_SIGN); - i = X509_verify_cert(cert_ctx); - if (i <= 0) { - int j = X509_STORE_CTX_get_error(cert_ctx); - ERR_raise_data(ERR_LIB_TS, TS_R_CERTIFICATE_VERIFY_ERROR, - "Verify error:%s", X509_verify_cert_error_string(j)); - goto err; - } - *chain = X509_STORE_CTX_get1_chain(cert_ctx); - ret = 1; - goto end; - -err: - ret = 0; - -end: - X509_STORE_CTX_free(cert_ctx); - return ret; -} - -static ESS_SIGNING_CERT *ossl_ess_get_signing_cert(const PKCS7_SIGNER_INFO *si) -{ - ASN1_TYPE *attr; - const unsigned char *p; - - attr = PKCS7_get_signed_attribute(si, NID_id_smime_aa_signingCertificate); - if (attr == NULL) - return NULL; - p = attr->value.sequence->data; - return d2i_ESS_SIGNING_CERT(NULL, &p, attr->value.sequence->length); -} - -static -ESS_SIGNING_CERT_V2 *ossl_ess_get_signing_cert_v2(const PKCS7_SIGNER_INFO *si) -{ - ASN1_TYPE *attr; - const unsigned char *p; - - attr = PKCS7_get_signed_attribute(si, NID_id_smime_aa_signingCertificateV2); - if (attr == NULL) - return NULL; - p = attr->value.sequence->data; - return d2i_ESS_SIGNING_CERT_V2(NULL, &p, attr->value.sequence->length); -} - -static int ts_check_signing_certs(const PKCS7_SIGNER_INFO *si, - const STACK_OF(X509) *chain) -{ - ESS_SIGNING_CERT *ss = ossl_ess_get_signing_cert(si); - ESS_SIGNING_CERT_V2 *ssv2 = ossl_ess_get_signing_cert_v2(si); - int ret = OSSL_ESS_check_signing_certs(ss, ssv2, chain, 1) > 0; - - ESS_SIGNING_CERT_free(ss); - ESS_SIGNING_CERT_V2_free(ssv2); - return ret; -} - -/*- - * Verifies whether 'response' contains a valid response with regards - * to the settings of the context: - * - Gives an error message if the TS_TST_INFO is not present. - * - Calls _TS_RESP_verify_token to verify the token content. - */ -int TS_RESP_verify_response(TS_VERIFY_CTX *ctx, TS_RESP *response) -{ - PKCS7 *token = response->token; - TS_TST_INFO *tst_info = response->tst_info; - int ret = 0; - - if (!ts_check_status_info(response)) - goto err; - if (!int_ts_RESP_verify_token(ctx, token, tst_info)) - goto err; - ret = 1; - - err: - return ret; -} - -/* - * Tries to extract a TS_TST_INFO structure from the PKCS7 token and - * calls the internal int_TS_RESP_verify_token function for verifying it. - */ -int TS_RESP_verify_token(TS_VERIFY_CTX *ctx, PKCS7 *token) -{ - TS_TST_INFO *tst_info = PKCS7_to_TS_TST_INFO(token); - int ret = 0; - if (tst_info) { - ret = int_ts_RESP_verify_token(ctx, token, tst_info); - TS_TST_INFO_free(tst_info); - } - return ret; -} - -/*- - * Verifies whether the 'token' contains a valid time stamp token - * with regards to the settings of the context. Only those checks are - * carried out that are specified in the context: - * - Verifies the signature of the TS_TST_INFO. - * - Checks the version number of the response. - * - Check if the requested and returned policies math. - * - Check if the message imprints are the same. - * - Check if the nonces are the same. - * - Check if the TSA name matches the signer. - * - Check if the TSA name is the expected TSA. - */ -static int int_ts_RESP_verify_token(TS_VERIFY_CTX *ctx, - PKCS7 *token, TS_TST_INFO *tst_info) -{ - X509 *signer = NULL; - GENERAL_NAME *tsa_name = tst_info->tsa; - X509_ALGOR *md_alg = NULL; - unsigned char *imprint = NULL; - unsigned imprint_len = 0; - int ret = 0; - int flags = ctx->flags; - - /* Some options require us to also check the signature */ - if (((flags & TS_VFY_SIGNER) && tsa_name != NULL) - || (flags & TS_VFY_TSA_NAME)) { - flags |= TS_VFY_SIGNATURE; - } - - if ((flags & TS_VFY_SIGNATURE) - && !TS_RESP_verify_signature(token, ctx->certs, ctx->store, &signer)) - goto err; - if ((flags & TS_VFY_VERSION) - && TS_TST_INFO_get_version(tst_info) != 1) { - ERR_raise(ERR_LIB_TS, TS_R_UNSUPPORTED_VERSION); - goto err; - } - if ((flags & TS_VFY_POLICY) - && !ts_check_policy(ctx->policy, tst_info)) - goto err; - if ((flags & TS_VFY_IMPRINT) - && !ts_check_imprints(ctx->md_alg, ctx->imprint, ctx->imprint_len, - tst_info)) - goto err; - if ((flags & TS_VFY_DATA) - && (!ts_compute_imprint(ctx->data, tst_info, - &md_alg, &imprint, &imprint_len) - || !ts_check_imprints(md_alg, imprint, imprint_len, tst_info))) - goto err; - if ((flags & TS_VFY_NONCE) - && !ts_check_nonces(ctx->nonce, tst_info)) - goto err; - if ((flags & TS_VFY_SIGNER) - && tsa_name && !ts_check_signer_name(tsa_name, signer)) { - ERR_raise(ERR_LIB_TS, TS_R_TSA_NAME_MISMATCH); - goto err; - } - if ((flags & TS_VFY_TSA_NAME) - && !ts_check_signer_name(ctx->tsa_name, signer)) { - ERR_raise(ERR_LIB_TS, TS_R_TSA_UNTRUSTED); - goto err; - } - ret = 1; - - err: - X509_free(signer); - X509_ALGOR_free(md_alg); - OPENSSL_free(imprint); - return ret; -} - -static int ts_check_status_info(TS_RESP *response) -{ - TS_STATUS_INFO *info = response->status_info; - long status = ASN1_INTEGER_get(info->status); - const char *status_text = NULL; - char *embedded_status_text = NULL; - char failure_text[TS_STATUS_BUF_SIZE] = ""; - - if (status == 0 || status == 1) - return 1; - - /* There was an error, get the description in status_text. */ - if (0 <= status && status < (long) OSSL_NELEM(ts_status_text)) - status_text = ts_status_text[status]; - else - status_text = "unknown code"; - - if (sk_ASN1_UTF8STRING_num(info->text) > 0 - && (embedded_status_text = ts_get_status_text(info->text)) == NULL) - return 0; - - /* Fill in failure_text with the failure information. */ - if (info->failure_info) { - int i; - int first = 1; - for (i = 0; i < (int)OSSL_NELEM(ts_failure_info); ++i) { - if (ASN1_BIT_STRING_get_bit(info->failure_info, - ts_failure_info[i].code)) { - if (!first) - strcat(failure_text, ","); - else - first = 0; - strcat(failure_text, ts_failure_info[i].text); - } - } - } - if (failure_text[0] == '\0') - strcpy(failure_text, "unspecified"); - - ERR_raise_data(ERR_LIB_TS, TS_R_NO_TIME_STAMP_TOKEN, - "status code: %s, status text: %s, failure codes: %s", - status_text, - embedded_status_text ? embedded_status_text : "unspecified", - failure_text); - OPENSSL_free(embedded_status_text); - - return 0; -} - -static char *ts_get_status_text(STACK_OF(ASN1_UTF8STRING) *text) -{ - return ossl_sk_ASN1_UTF8STRING2text(text, "/", TS_MAX_STATUS_LENGTH); -} - -static int ts_check_policy(const ASN1_OBJECT *req_oid, - const TS_TST_INFO *tst_info) -{ - const ASN1_OBJECT *resp_oid = tst_info->policy_id; - - if (OBJ_cmp(req_oid, resp_oid) != 0) { - ERR_raise(ERR_LIB_TS, TS_R_POLICY_MISMATCH); - return 0; - } - - return 1; -} - -static int ts_compute_imprint(BIO *data, TS_TST_INFO *tst_info, - X509_ALGOR **md_alg, - unsigned char **imprint, unsigned *imprint_len) -{ - TS_MSG_IMPRINT *msg_imprint = tst_info->msg_imprint; - X509_ALGOR *md_alg_resp = msg_imprint->hash_algo; - EVP_MD *md = NULL; - EVP_MD_CTX *md_ctx = NULL; - unsigned char buffer[4096]; - char name[OSSL_MAX_NAME_SIZE]; - int length; - - *md_alg = NULL; - *imprint = NULL; - - if ((*md_alg = X509_ALGOR_dup(md_alg_resp)) == NULL) - goto err; - - OBJ_obj2txt(name, sizeof(name), md_alg_resp->algorithm, 0); - - (void)ERR_set_mark(); - md = EVP_MD_fetch(NULL, name, NULL); - - if (md == NULL) - md = (EVP_MD *)EVP_get_digestbyname(name); - - if (md == NULL) { - (void)ERR_clear_last_mark(); - goto err; - } - (void)ERR_pop_to_mark(); - - length = EVP_MD_get_size(md); - if (length < 0) - goto err; - *imprint_len = length; - if ((*imprint = OPENSSL_malloc(*imprint_len)) == NULL) { - ERR_raise(ERR_LIB_TS, ERR_R_MALLOC_FAILURE); - goto err; - } - - md_ctx = EVP_MD_CTX_new(); - if (md_ctx == NULL) { - ERR_raise(ERR_LIB_TS, ERR_R_MALLOC_FAILURE); - goto err; - } - if (!EVP_DigestInit(md_ctx, md)) - goto err; - EVP_MD_free(md); - md = NULL; - while ((length = BIO_read(data, buffer, sizeof(buffer))) > 0) { - if (!EVP_DigestUpdate(md_ctx, buffer, length)) - goto err; - } - if (!EVP_DigestFinal(md_ctx, *imprint, NULL)) - goto err; - EVP_MD_CTX_free(md_ctx); - - return 1; - err: - EVP_MD_CTX_free(md_ctx); - EVP_MD_free(md); - X509_ALGOR_free(*md_alg); - *md_alg = NULL; - OPENSSL_free(*imprint); - *imprint_len = 0; - *imprint = 0; - return 0; -} - -static int ts_check_imprints(X509_ALGOR *algor_a, - const unsigned char *imprint_a, unsigned len_a, - TS_TST_INFO *tst_info) -{ - TS_MSG_IMPRINT *b = tst_info->msg_imprint; - X509_ALGOR *algor_b = b->hash_algo; - int ret = 0; - - if (algor_a) { - if (OBJ_cmp(algor_a->algorithm, algor_b->algorithm)) - goto err; - - /* The parameter must be NULL in both. */ - if ((algor_a->parameter - && ASN1_TYPE_get(algor_a->parameter) != V_ASN1_NULL) - || (algor_b->parameter - && ASN1_TYPE_get(algor_b->parameter) != V_ASN1_NULL)) - goto err; - } - - ret = len_a == (unsigned)ASN1_STRING_length(b->hashed_msg) && - memcmp(imprint_a, ASN1_STRING_get0_data(b->hashed_msg), len_a) == 0; - err: - if (!ret) - ERR_raise(ERR_LIB_TS, TS_R_MESSAGE_IMPRINT_MISMATCH); - return ret; -} - -static int ts_check_nonces(const ASN1_INTEGER *a, TS_TST_INFO *tst_info) -{ - const ASN1_INTEGER *b = tst_info->nonce; - - if (!b) { - ERR_raise(ERR_LIB_TS, TS_R_NONCE_NOT_RETURNED); - return 0; - } - - /* No error if a nonce is returned without being requested. */ - if (ASN1_INTEGER_cmp(a, b) != 0) { - ERR_raise(ERR_LIB_TS, TS_R_NONCE_MISMATCH); - return 0; - } - - return 1; -} - -/* - * Check if the specified TSA name matches either the subject or one of the - * subject alternative names of the TSA certificate. - */ -static int ts_check_signer_name(GENERAL_NAME *tsa_name, X509 *signer) -{ - STACK_OF(GENERAL_NAME) *gen_names = NULL; - int idx = -1; - int found = 0; - - if (tsa_name->type == GEN_DIRNAME - && X509_name_cmp(tsa_name->d.dirn, X509_get_subject_name(signer)) == 0) - return 1; - gen_names = X509_get_ext_d2i(signer, NID_subject_alt_name, NULL, &idx); - while (gen_names != NULL) { - found = ts_find_name(gen_names, tsa_name) >= 0; - if (found) - break; - /* - * Get the next subject alternative name, although there should be no - * more than one. - */ - GENERAL_NAMES_free(gen_names); - gen_names = X509_get_ext_d2i(signer, NID_subject_alt_name, NULL, &idx); - } - GENERAL_NAMES_free(gen_names); - - return found; -} - -/* Returns 1 if name is in gen_names, 0 otherwise. */ -static int ts_find_name(STACK_OF(GENERAL_NAME) *gen_names, GENERAL_NAME *name) -{ - int i, found; - for (i = 0, found = 0; !found && i < sk_GENERAL_NAME_num(gen_names); ++i) { - GENERAL_NAME *current = sk_GENERAL_NAME_value(gen_names, i); - found = GENERAL_NAME_cmp(current, name) == 0; - } - return found ? i - 1 : -1; -} diff --git a/crypto/ts/ts_verify_ctx.c b/crypto/ts/ts_verify_ctx.c deleted file mode 100644 index 2f6f00c0ccd694747645ed3d5626421a1b173e5a..0000000000000000000000000000000000000000 --- a/crypto/ts/ts_verify_ctx.c +++ /dev/null @@ -1,149 +0,0 @@ -/* - * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include "internal/cryptlib.h" -#include -#include -#include "ts_local.h" - -TS_VERIFY_CTX *TS_VERIFY_CTX_new(void) -{ - TS_VERIFY_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx)); - - if (ctx == NULL) - ERR_raise(ERR_LIB_TS, ERR_R_MALLOC_FAILURE); - return ctx; -} - -void TS_VERIFY_CTX_init(TS_VERIFY_CTX *ctx) -{ - OPENSSL_assert(ctx != NULL); - memset(ctx, 0, sizeof(*ctx)); -} - -void TS_VERIFY_CTX_free(TS_VERIFY_CTX *ctx) -{ - if (!ctx) - return; - - TS_VERIFY_CTX_cleanup(ctx); - OPENSSL_free(ctx); -} - -int TS_VERIFY_CTX_add_flags(TS_VERIFY_CTX *ctx, int f) -{ - ctx->flags |= f; - return ctx->flags; -} - -int TS_VERIFY_CTX_set_flags(TS_VERIFY_CTX *ctx, int f) -{ - ctx->flags = f; - return ctx->flags; -} - -BIO *TS_VERIFY_CTX_set_data(TS_VERIFY_CTX *ctx, BIO *b) -{ - ctx->data = b; - return ctx->data; -} - -X509_STORE *TS_VERIFY_CTX_set_store(TS_VERIFY_CTX *ctx, X509_STORE *s) -{ - ctx->store = s; - return ctx->store; -} - -STACK_OF(X509) *TS_VERIFY_CTX_set_certs(TS_VERIFY_CTX *ctx, - STACK_OF(X509) *certs) -{ - ctx->certs = certs; - return ctx->certs; -} - -unsigned char *TS_VERIFY_CTX_set_imprint(TS_VERIFY_CTX *ctx, - unsigned char *hexstr, long len) -{ - OPENSSL_free(ctx->imprint); - ctx->imprint = hexstr; - ctx->imprint_len = len; - return ctx->imprint; -} - -void TS_VERIFY_CTX_cleanup(TS_VERIFY_CTX *ctx) -{ - if (!ctx) - return; - - X509_STORE_free(ctx->store); - sk_X509_pop_free(ctx->certs, X509_free); - - ASN1_OBJECT_free(ctx->policy); - - X509_ALGOR_free(ctx->md_alg); - OPENSSL_free(ctx->imprint); - - BIO_free_all(ctx->data); - - ASN1_INTEGER_free(ctx->nonce); - - GENERAL_NAME_free(ctx->tsa_name); - - TS_VERIFY_CTX_init(ctx); -} - -TS_VERIFY_CTX *TS_REQ_to_TS_VERIFY_CTX(TS_REQ *req, TS_VERIFY_CTX *ctx) -{ - TS_VERIFY_CTX *ret = ctx; - ASN1_OBJECT *policy; - TS_MSG_IMPRINT *imprint; - X509_ALGOR *md_alg; - ASN1_OCTET_STRING *msg; - const ASN1_INTEGER *nonce; - - OPENSSL_assert(req != NULL); - if (ret) - TS_VERIFY_CTX_cleanup(ret); - else if ((ret = TS_VERIFY_CTX_new()) == NULL) - return NULL; - - ret->flags = TS_VFY_ALL_IMPRINT & ~(TS_VFY_TSA_NAME | TS_VFY_SIGNATURE); - - if ((policy = req->policy_id) != NULL) { - if ((ret->policy = OBJ_dup(policy)) == NULL) - goto err; - } else - ret->flags &= ~TS_VFY_POLICY; - - imprint = req->msg_imprint; - md_alg = imprint->hash_algo; - if ((ret->md_alg = X509_ALGOR_dup(md_alg)) == NULL) - goto err; - msg = imprint->hashed_msg; - ret->imprint_len = ASN1_STRING_length(msg); - if (ret->imprint_len <= 0) - goto err; - if ((ret->imprint = OPENSSL_malloc(ret->imprint_len)) == NULL) - goto err; - memcpy(ret->imprint, ASN1_STRING_get0_data(msg), ret->imprint_len); - - if ((nonce = req->nonce) != NULL) { - if ((ret->nonce = ASN1_INTEGER_dup(nonce)) == NULL) - goto err; - } else - ret->flags &= ~TS_VFY_NONCE; - - return ret; - err: - if (ctx) - TS_VERIFY_CTX_cleanup(ctx); - else - TS_VERIFY_CTX_free(ret); - return NULL; -} diff --git a/crypto/txt_db/txt_db.c b/crypto/txt_db/txt_db.c deleted file mode 100644 index 2c1cbfb4f1293e20bdee9aa82f46ab6c18ab82b2..0000000000000000000000000000000000000000 --- a/crypto/txt_db/txt_db.c +++ /dev/null @@ -1,315 +0,0 @@ -/* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include "internal/cryptlib.h" -#include -#include - -#undef BUFSIZE -#define BUFSIZE 512 - -TXT_DB *TXT_DB_read(BIO *in, int num) -{ - TXT_DB *ret = NULL; - int esc = 0; - int i, add, n; - int size = BUFSIZE; - int offset = 0; - char *p, *f; - OPENSSL_STRING *pp; - BUF_MEM *buf = NULL; - - if ((buf = BUF_MEM_new()) == NULL) - goto err; - if (!BUF_MEM_grow(buf, size)) - goto err; - - if ((ret = OPENSSL_malloc(sizeof(*ret))) == NULL) - goto err; - ret->num_fields = num; - ret->index = NULL; - ret->qual = NULL; - if ((ret->data = sk_OPENSSL_PSTRING_new_null()) == NULL) - goto err; - if ((ret->index = OPENSSL_malloc(sizeof(*ret->index) * num)) == NULL) - goto err; - if ((ret->qual = OPENSSL_malloc(sizeof(*(ret->qual)) * num)) == NULL) - goto err; - for (i = 0; i < num; i++) { - ret->index[i] = NULL; - ret->qual[i] = NULL; - } - - add = (num + 1) * sizeof(char *); - buf->data[size - 1] = '\0'; - offset = 0; - for (;;) { - if (offset != 0) { - size += BUFSIZE; - if (!BUF_MEM_grow_clean(buf, size)) - goto err; - } - buf->data[offset] = '\0'; - BIO_gets(in, &(buf->data[offset]), size - offset); - if (buf->data[offset] == '\0') - break; - if ((offset == 0) && (buf->data[0] == '#')) - continue; - i = strlen(&(buf->data[offset])); - offset += i; - if (buf->data[offset - 1] != '\n') - continue; - else { - buf->data[offset - 1] = '\0'; /* blat the '\n' */ - if ((p = OPENSSL_malloc(add + offset)) == NULL) - goto err; - offset = 0; - } - pp = (char **)p; - p += add; - n = 0; - pp[n++] = p; - i = 0; - f = buf->data; - - esc = 0; - for (;;) { - if (*f == '\0') - break; - if (*f == '\t') { - if (esc) - p--; - else { - *(p++) = '\0'; - f++; - if (n >= num) - break; - pp[n++] = p; - continue; - } - } - esc = (*f == '\\'); - *(p++) = *(f++); - } - *(p++) = '\0'; - if ((n != num) || (*f != '\0')) { - OPENSSL_free(pp); - ret->error = DB_ERROR_WRONG_NUM_FIELDS; - goto err; - } - pp[n] = p; - if (!sk_OPENSSL_PSTRING_push(ret->data, pp)) { - OPENSSL_free(pp); - goto err; - } - } - BUF_MEM_free(buf); - return ret; - err: - BUF_MEM_free(buf); - if (ret != NULL) { - sk_OPENSSL_PSTRING_free(ret->data); - OPENSSL_free(ret->index); - OPENSSL_free(ret->qual); - OPENSSL_free(ret); - } - return NULL; -} - -OPENSSL_STRING *TXT_DB_get_by_index(TXT_DB *db, int idx, - OPENSSL_STRING *value) -{ - OPENSSL_STRING *ret; - LHASH_OF(OPENSSL_STRING) *lh; - - if (idx >= db->num_fields) { - db->error = DB_ERROR_INDEX_OUT_OF_RANGE; - return NULL; - } - lh = db->index[idx]; - if (lh == NULL) { - db->error = DB_ERROR_NO_INDEX; - return NULL; - } - ret = lh_OPENSSL_STRING_retrieve(lh, value); - db->error = DB_ERROR_OK; - return ret; -} - -int TXT_DB_create_index(TXT_DB *db, int field, int (*qual) (OPENSSL_STRING *), - OPENSSL_LH_HASHFUNC hash, OPENSSL_LH_COMPFUNC cmp) -{ - LHASH_OF(OPENSSL_STRING) *idx; - OPENSSL_STRING *r, *k; - int i, n; - - if (field >= db->num_fields) { - db->error = DB_ERROR_INDEX_OUT_OF_RANGE; - return 0; - } - /* FIXME: we lose type checking at this point */ - if ((idx = (LHASH_OF(OPENSSL_STRING) *)OPENSSL_LH_new(hash, cmp)) == NULL) { - db->error = DB_ERROR_MALLOC; - return 0; - } - n = sk_OPENSSL_PSTRING_num(db->data); - for (i = 0; i < n; i++) { - r = sk_OPENSSL_PSTRING_value(db->data, i); - if ((qual != NULL) && (qual(r) == 0)) - continue; - if ((k = lh_OPENSSL_STRING_insert(idx, r)) != NULL) { - db->error = DB_ERROR_INDEX_CLASH; - db->arg1 = sk_OPENSSL_PSTRING_find(db->data, k); - db->arg2 = i; - lh_OPENSSL_STRING_free(idx); - return 0; - } - if (lh_OPENSSL_STRING_retrieve(idx, r) == NULL) { - db->error = DB_ERROR_MALLOC; - lh_OPENSSL_STRING_free(idx); - return 0; - } - } - lh_OPENSSL_STRING_free(db->index[field]); - db->index[field] = idx; - db->qual[field] = qual; - return 1; -} - -long TXT_DB_write(BIO *out, TXT_DB *db) -{ - long i, j, n, nn, l, tot = 0; - char *p, **pp, *f; - BUF_MEM *buf = NULL; - long ret = -1; - - if ((buf = BUF_MEM_new()) == NULL) - goto err; - n = sk_OPENSSL_PSTRING_num(db->data); - nn = db->num_fields; - for (i = 0; i < n; i++) { - pp = sk_OPENSSL_PSTRING_value(db->data, i); - - l = 0; - for (j = 0; j < nn; j++) { - if (pp[j] != NULL) - l += strlen(pp[j]); - } - if (!BUF_MEM_grow_clean(buf, (int)(l * 2 + nn))) - goto err; - - p = buf->data; - for (j = 0; j < nn; j++) { - f = pp[j]; - if (f != NULL) - for (;;) { - if (*f == '\0') - break; - if (*f == '\t') - *(p++) = '\\'; - *(p++) = *(f++); - } - *(p++) = '\t'; - } - p[-1] = '\n'; - j = p - buf->data; - if (BIO_write(out, buf->data, (int)j) != j) - goto err; - tot += j; - } - ret = tot; - err: - BUF_MEM_free(buf); - return ret; -} - -int TXT_DB_insert(TXT_DB *db, OPENSSL_STRING *row) -{ - int i; - OPENSSL_STRING *r; - - for (i = 0; i < db->num_fields; i++) { - if (db->index[i] != NULL) { - if ((db->qual[i] != NULL) && (db->qual[i] (row) == 0)) - continue; - r = lh_OPENSSL_STRING_retrieve(db->index[i], row); - if (r != NULL) { - db->error = DB_ERROR_INDEX_CLASH; - db->arg1 = i; - db->arg_row = r; - goto err; - } - } - } - - for (i = 0; i < db->num_fields; i++) { - if (db->index[i] != NULL) { - if ((db->qual[i] != NULL) && (db->qual[i] (row) == 0)) - continue; - (void)lh_OPENSSL_STRING_insert(db->index[i], row); - if (lh_OPENSSL_STRING_retrieve(db->index[i], row) == NULL) - goto err1; - } - } - if (!sk_OPENSSL_PSTRING_push(db->data, row)) - goto err1; - return 1; - - err1: - db->error = DB_ERROR_MALLOC; - while (i-- > 0) { - if (db->index[i] != NULL) { - if ((db->qual[i] != NULL) && (db->qual[i] (row) == 0)) - continue; - (void)lh_OPENSSL_STRING_delete(db->index[i], row); - } - } - err: - return 0; -} - -void TXT_DB_free(TXT_DB *db) -{ - int i, n; - char **p, *max; - - if (db == NULL) - return; - if (db->index != NULL) { - for (i = db->num_fields - 1; i >= 0; i--) - lh_OPENSSL_STRING_free(db->index[i]); - OPENSSL_free(db->index); - } - OPENSSL_free(db->qual); - if (db->data != NULL) { - for (i = sk_OPENSSL_PSTRING_num(db->data) - 1; i >= 0; i--) { - /* - * check if any 'fields' have been allocated from outside of the - * initial block - */ - p = sk_OPENSSL_PSTRING_value(db->data, i); - max = p[db->num_fields]; /* last address */ - if (max == NULL) { /* new row */ - for (n = 0; n < db->num_fields; n++) - OPENSSL_free(p[n]); - } else { - for (n = 0; n < db->num_fields; n++) { - if (((p[n] < (char *)p) || (p[n] > max))) - OPENSSL_free(p[n]); - } - } - OPENSSL_free(sk_OPENSSL_PSTRING_value(db->data, i)); - } - sk_OPENSSL_PSTRING_free(db->data); - } - OPENSSL_free(db); -} diff --git a/crypto/ui/ui_err.c b/crypto/ui/ui_err.c deleted file mode 100644 index 9b9c12133270e79c16836ea76f43be83e9f74eb0..0000000000000000000000000000000000000000 --- a/crypto/ui/ui_err.c +++ /dev/null @@ -1,47 +0,0 @@ -/* - * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include "crypto/uierr.h" - -#ifndef OPENSSL_NO_ERR - -static const ERR_STRING_DATA UI_str_reasons[] = { - {ERR_PACK(ERR_LIB_UI, 0, UI_R_COMMON_OK_AND_CANCEL_CHARACTERS), - "common ok and cancel characters"}, - {ERR_PACK(ERR_LIB_UI, 0, UI_R_INDEX_TOO_LARGE), "index too large"}, - {ERR_PACK(ERR_LIB_UI, 0, UI_R_INDEX_TOO_SMALL), "index too small"}, - {ERR_PACK(ERR_LIB_UI, 0, UI_R_NO_RESULT_BUFFER), "no result buffer"}, - {ERR_PACK(ERR_LIB_UI, 0, UI_R_PROCESSING_ERROR), "processing error"}, - {ERR_PACK(ERR_LIB_UI, 0, UI_R_RESULT_TOO_LARGE), "result too large"}, - {ERR_PACK(ERR_LIB_UI, 0, UI_R_RESULT_TOO_SMALL), "result too small"}, - {ERR_PACK(ERR_LIB_UI, 0, UI_R_SYSASSIGN_ERROR), "sys$assign error"}, - {ERR_PACK(ERR_LIB_UI, 0, UI_R_SYSDASSGN_ERROR), "sys$dassgn error"}, - {ERR_PACK(ERR_LIB_UI, 0, UI_R_SYSQIOW_ERROR), "sys$qiow error"}, - {ERR_PACK(ERR_LIB_UI, 0, UI_R_UNKNOWN_CONTROL_COMMAND), - "unknown control command"}, - {ERR_PACK(ERR_LIB_UI, 0, UI_R_UNKNOWN_TTYGET_ERRNO_VALUE), - "unknown ttyget errno value"}, - {ERR_PACK(ERR_LIB_UI, 0, UI_R_USER_DATA_DUPLICATION_UNSUPPORTED), - "user data duplication unsupported"}, - {0, NULL} -}; - -#endif - -int ossl_err_load_UI_strings(void) -{ -#ifndef OPENSSL_NO_ERR - if (ERR_reason_error_string(UI_str_reasons[0].error) == NULL) - ERR_load_strings_const(UI_str_reasons); -#endif - return 1; -} diff --git a/crypto/ui/ui_lib.c b/crypto/ui/ui_lib.c deleted file mode 100644 index 1ff8c6fa35f342482e65fbbe160ca066f545d365..0000000000000000000000000000000000000000 --- a/crypto/ui/ui_lib.c +++ /dev/null @@ -1,936 +0,0 @@ -/* - * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/cryptlib.h" -#include -#include -#include -#include -#include "ui_local.h" - -UI *UI_new(void) -{ - return UI_new_method(NULL); -} - -UI *UI_new_method(const UI_METHOD *method) -{ - UI *ret = OPENSSL_zalloc(sizeof(*ret)); - - if (ret == NULL) { - ERR_raise(ERR_LIB_UI, ERR_R_MALLOC_FAILURE); - return NULL; - } - - ret->lock = CRYPTO_THREAD_lock_new(); - if (ret->lock == NULL) { - ERR_raise(ERR_LIB_UI, ERR_R_MALLOC_FAILURE); - OPENSSL_free(ret); - return NULL; - } - - if (method == NULL) - method = UI_get_default_method(); - if (method == NULL) - method = UI_null(); - ret->meth = method; - - if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_UI, ret, &ret->ex_data)) { - UI_free(ret); - return NULL; - } - return ret; -} - -static void free_string(UI_STRING *uis) -{ - if (uis->flags & OUT_STRING_FREEABLE) { - OPENSSL_free((char *)uis->out_string); - switch (uis->type) { - case UIT_BOOLEAN: - OPENSSL_free((char *)uis->_.boolean_data.action_desc); - OPENSSL_free((char *)uis->_.boolean_data.ok_chars); - OPENSSL_free((char *)uis->_.boolean_data.cancel_chars); - break; - case UIT_NONE: - case UIT_PROMPT: - case UIT_VERIFY: - case UIT_ERROR: - case UIT_INFO: - break; - } - } - OPENSSL_free(uis); -} - -void UI_free(UI *ui) -{ - if (ui == NULL) - return; - if ((ui->flags & UI_FLAG_DUPL_DATA) != 0) { - ui->meth->ui_destroy_data(ui, ui->user_data); - } - sk_UI_STRING_pop_free(ui->strings, free_string); - CRYPTO_free_ex_data(CRYPTO_EX_INDEX_UI, ui, &ui->ex_data); - CRYPTO_THREAD_lock_free(ui->lock); - OPENSSL_free(ui); -} - -static int allocate_string_stack(UI *ui) -{ - if (ui->strings == NULL) { - ui->strings = sk_UI_STRING_new_null(); - if (ui->strings == NULL) { - return -1; - } - } - return 0; -} - -static UI_STRING *general_allocate_prompt(UI *ui, const char *prompt, - int prompt_freeable, - enum UI_string_types type, - int input_flags, char *result_buf) -{ - UI_STRING *ret = NULL; - - if (prompt == NULL) { - ERR_raise(ERR_LIB_UI, ERR_R_PASSED_NULL_PARAMETER); - } else if ((type == UIT_PROMPT || type == UIT_VERIFY - || type == UIT_BOOLEAN) && result_buf == NULL) { - ERR_raise(ERR_LIB_UI, UI_R_NO_RESULT_BUFFER); - } else if ((ret = OPENSSL_zalloc(sizeof(*ret))) != NULL) { - ret->out_string = prompt; - ret->flags = prompt_freeable ? OUT_STRING_FREEABLE : 0; - ret->input_flags = input_flags; - ret->type = type; - ret->result_buf = result_buf; - } - return ret; -} - -static int general_allocate_string(UI *ui, const char *prompt, - int prompt_freeable, - enum UI_string_types type, int input_flags, - char *result_buf, int minsize, int maxsize, - const char *test_buf) -{ - int ret = -1; - UI_STRING *s = general_allocate_prompt(ui, prompt, prompt_freeable, - type, input_flags, result_buf); - - if (s != NULL) { - if (allocate_string_stack(ui) >= 0) { - s->_.string_data.result_minsize = minsize; - s->_.string_data.result_maxsize = maxsize; - s->_.string_data.test_buf = test_buf; - ret = sk_UI_STRING_push(ui->strings, s); - /* sk_push() returns 0 on error. Let's adapt that */ - if (ret <= 0) { - ret--; - free_string(s); - } - } else - free_string(s); - } - return ret; -} - -static int general_allocate_boolean(UI *ui, - const char *prompt, - const char *action_desc, - const char *ok_chars, - const char *cancel_chars, - int prompt_freeable, - enum UI_string_types type, - int input_flags, char *result_buf) -{ - int ret = -1; - UI_STRING *s; - const char *p; - - if (ok_chars == NULL) { - ERR_raise(ERR_LIB_UI, ERR_R_PASSED_NULL_PARAMETER); - } else if (cancel_chars == NULL) { - ERR_raise(ERR_LIB_UI, ERR_R_PASSED_NULL_PARAMETER); - } else { - for (p = ok_chars; *p != '\0'; p++) { - if (strchr(cancel_chars, *p) != NULL) { - ERR_raise(ERR_LIB_UI, UI_R_COMMON_OK_AND_CANCEL_CHARACTERS); - } - } - - s = general_allocate_prompt(ui, prompt, prompt_freeable, - type, input_flags, result_buf); - - if (s != NULL) { - if (allocate_string_stack(ui) >= 0) { - s->_.boolean_data.action_desc = action_desc; - s->_.boolean_data.ok_chars = ok_chars; - s->_.boolean_data.cancel_chars = cancel_chars; - ret = sk_UI_STRING_push(ui->strings, s); - /* - * sk_push() returns 0 on error. Let's adapt that - */ - if (ret <= 0) { - ret--; - free_string(s); - } - } else - free_string(s); - } - } - return ret; -} - -/* - * Returns the index to the place in the stack or -1 for error. Uses a - * direct reference to the prompt. - */ -int UI_add_input_string(UI *ui, const char *prompt, int flags, - char *result_buf, int minsize, int maxsize) -{ - return general_allocate_string(ui, prompt, 0, - UIT_PROMPT, flags, result_buf, minsize, - maxsize, NULL); -} - -/* Same as UI_add_input_string(), excepts it takes a copy of the prompt */ -int UI_dup_input_string(UI *ui, const char *prompt, int flags, - char *result_buf, int minsize, int maxsize) -{ - char *prompt_copy = NULL; - - if (prompt != NULL) { - prompt_copy = OPENSSL_strdup(prompt); - if (prompt_copy == NULL) { - ERR_raise(ERR_LIB_UI, ERR_R_MALLOC_FAILURE); - return 0; - } - } - - return general_allocate_string(ui, prompt_copy, 1, - UIT_PROMPT, flags, result_buf, minsize, - maxsize, NULL); -} - -int UI_add_verify_string(UI *ui, const char *prompt, int flags, - char *result_buf, int minsize, int maxsize, - const char *test_buf) -{ - return general_allocate_string(ui, prompt, 0, - UIT_VERIFY, flags, result_buf, minsize, - maxsize, test_buf); -} - -int UI_dup_verify_string(UI *ui, const char *prompt, int flags, - char *result_buf, int minsize, int maxsize, - const char *test_buf) -{ - char *prompt_copy = NULL; - - if (prompt != NULL) { - prompt_copy = OPENSSL_strdup(prompt); - if (prompt_copy == NULL) { - ERR_raise(ERR_LIB_UI, ERR_R_MALLOC_FAILURE); - return -1; - } - } - - return general_allocate_string(ui, prompt_copy, 1, - UIT_VERIFY, flags, result_buf, minsize, - maxsize, test_buf); -} - -int UI_add_input_boolean(UI *ui, const char *prompt, const char *action_desc, - const char *ok_chars, const char *cancel_chars, - int flags, char *result_buf) -{ - return general_allocate_boolean(ui, prompt, action_desc, - ok_chars, cancel_chars, 0, UIT_BOOLEAN, - flags, result_buf); -} - -int UI_dup_input_boolean(UI *ui, const char *prompt, const char *action_desc, - const char *ok_chars, const char *cancel_chars, - int flags, char *result_buf) -{ - char *prompt_copy = NULL; - char *action_desc_copy = NULL; - char *ok_chars_copy = NULL; - char *cancel_chars_copy = NULL; - - if (prompt != NULL) { - prompt_copy = OPENSSL_strdup(prompt); - if (prompt_copy == NULL) { - ERR_raise(ERR_LIB_UI, ERR_R_MALLOC_FAILURE); - goto err; - } - } - - if (action_desc != NULL) { - action_desc_copy = OPENSSL_strdup(action_desc); - if (action_desc_copy == NULL) { - ERR_raise(ERR_LIB_UI, ERR_R_MALLOC_FAILURE); - goto err; - } - } - - if (ok_chars != NULL) { - ok_chars_copy = OPENSSL_strdup(ok_chars); - if (ok_chars_copy == NULL) { - ERR_raise(ERR_LIB_UI, ERR_R_MALLOC_FAILURE); - goto err; - } - } - - if (cancel_chars != NULL) { - cancel_chars_copy = OPENSSL_strdup(cancel_chars); - if (cancel_chars_copy == NULL) { - ERR_raise(ERR_LIB_UI, ERR_R_MALLOC_FAILURE); - goto err; - } - } - - return general_allocate_boolean(ui, prompt_copy, action_desc_copy, - ok_chars_copy, cancel_chars_copy, 1, - UIT_BOOLEAN, flags, result_buf); - err: - OPENSSL_free(prompt_copy); - OPENSSL_free(action_desc_copy); - OPENSSL_free(ok_chars_copy); - OPENSSL_free(cancel_chars_copy); - return -1; -} - -int UI_add_info_string(UI *ui, const char *text) -{ - return general_allocate_string(ui, text, 0, UIT_INFO, 0, NULL, 0, 0, - NULL); -} - -int UI_dup_info_string(UI *ui, const char *text) -{ - char *text_copy = NULL; - - if (text != NULL) { - text_copy = OPENSSL_strdup(text); - if (text_copy == NULL) { - ERR_raise(ERR_LIB_UI, ERR_R_MALLOC_FAILURE); - return -1; - } - } - - return general_allocate_string(ui, text_copy, 1, UIT_INFO, 0, NULL, - 0, 0, NULL); -} - -int UI_add_error_string(UI *ui, const char *text) -{ - return general_allocate_string(ui, text, 0, UIT_ERROR, 0, NULL, 0, 0, - NULL); -} - -int UI_dup_error_string(UI *ui, const char *text) -{ - char *text_copy = NULL; - - if (text != NULL) { - text_copy = OPENSSL_strdup(text); - if (text_copy == NULL) { - ERR_raise(ERR_LIB_UI, ERR_R_MALLOC_FAILURE); - return -1; - } - } - return general_allocate_string(ui, text_copy, 1, UIT_ERROR, 0, NULL, - 0, 0, NULL); -} - -char *UI_construct_prompt(UI *ui, const char *phrase_desc, - const char *object_name) -{ - char *prompt = NULL; - - if (ui != NULL && ui->meth != NULL && ui->meth->ui_construct_prompt != NULL) - prompt = ui->meth->ui_construct_prompt(ui, phrase_desc, object_name); - else { - char prompt1[] = "Enter "; - char prompt2[] = " for "; - char prompt3[] = ":"; - int len = 0; - - if (phrase_desc == NULL) - return NULL; - len = sizeof(prompt1) - 1 + strlen(phrase_desc); - if (object_name != NULL) - len += sizeof(prompt2) - 1 + strlen(object_name); - len += sizeof(prompt3) - 1; - - if ((prompt = OPENSSL_malloc(len + 1)) == NULL) { - ERR_raise(ERR_LIB_UI, ERR_R_MALLOC_FAILURE); - return NULL; - } - OPENSSL_strlcpy(prompt, prompt1, len + 1); - OPENSSL_strlcat(prompt, phrase_desc, len + 1); - if (object_name != NULL) { - OPENSSL_strlcat(prompt, prompt2, len + 1); - OPENSSL_strlcat(prompt, object_name, len + 1); - } - OPENSSL_strlcat(prompt, prompt3, len + 1); - } - return prompt; -} - -void *UI_add_user_data(UI *ui, void *user_data) -{ - void *old_data = ui->user_data; - - if ((ui->flags & UI_FLAG_DUPL_DATA) != 0) { - ui->meth->ui_destroy_data(ui, old_data); - old_data = NULL; - } - ui->user_data = user_data; - ui->flags &= ~UI_FLAG_DUPL_DATA; - return old_data; -} - -int UI_dup_user_data(UI *ui, void *user_data) -{ - void *duplicate = NULL; - - if (ui->meth->ui_duplicate_data == NULL - || ui->meth->ui_destroy_data == NULL) { - ERR_raise(ERR_LIB_UI, UI_R_USER_DATA_DUPLICATION_UNSUPPORTED); - return -1; - } - - duplicate = ui->meth->ui_duplicate_data(ui, user_data); - if (duplicate == NULL) { - ERR_raise(ERR_LIB_UI, ERR_R_MALLOC_FAILURE); - return -1; - } - - (void)UI_add_user_data(ui, duplicate); - ui->flags |= UI_FLAG_DUPL_DATA; - - return 0; -} - -void *UI_get0_user_data(UI *ui) -{ - return ui->user_data; -} - -const char *UI_get0_result(UI *ui, int i) -{ - if (i < 0) { - ERR_raise(ERR_LIB_UI, UI_R_INDEX_TOO_SMALL); - return NULL; - } - if (i >= sk_UI_STRING_num(ui->strings)) { - ERR_raise(ERR_LIB_UI, UI_R_INDEX_TOO_LARGE); - return NULL; - } - return UI_get0_result_string(sk_UI_STRING_value(ui->strings, i)); -} - -int UI_get_result_length(UI *ui, int i) -{ - if (i < 0) { - ERR_raise(ERR_LIB_UI, UI_R_INDEX_TOO_SMALL); - return -1; - } - if (i >= sk_UI_STRING_num(ui->strings)) { - ERR_raise(ERR_LIB_UI, UI_R_INDEX_TOO_LARGE); - return -1; - } - return UI_get_result_string_length(sk_UI_STRING_value(ui->strings, i)); -} - -static int print_error(const char *str, size_t len, UI *ui) -{ - UI_STRING uis; - - memset(&uis, 0, sizeof(uis)); - uis.type = UIT_ERROR; - uis.out_string = str; - - if (ui->meth->ui_write_string != NULL - && ui->meth->ui_write_string(ui, &uis) <= 0) - return -1; - return 0; -} - -int UI_process(UI *ui) -{ - int i, ok = 0; - const char *state = "processing"; - - if (ui->meth->ui_open_session != NULL - && ui->meth->ui_open_session(ui) <= 0) { - state = "opening session"; - ok = -1; - goto err; - } - - if (ui->flags & UI_FLAG_PRINT_ERRORS) - ERR_print_errors_cb((int (*)(const char *, size_t, void *)) - print_error, (void *)ui); - - for (i = 0; i < sk_UI_STRING_num(ui->strings); i++) { - if (ui->meth->ui_write_string != NULL - && (ui->meth->ui_write_string(ui, - sk_UI_STRING_value(ui->strings, i)) - <= 0)) - { - state = "writing strings"; - ok = -1; - goto err; - } - } - - if (ui->meth->ui_flush != NULL) - switch (ui->meth->ui_flush(ui)) { - case -1: /* Interrupt/Cancel/something... */ - ui->flags &= ~UI_FLAG_REDOABLE; - ok = -2; - goto err; - case 0: /* Errors */ - state = "flushing"; - ok = -1; - goto err; - default: /* Success */ - ok = 0; - break; - } - - for (i = 0; i < sk_UI_STRING_num(ui->strings); i++) { - if (ui->meth->ui_read_string != NULL) { - switch (ui->meth->ui_read_string(ui, - sk_UI_STRING_value(ui->strings, - i))) { - case -1: /* Interrupt/Cancel/something... */ - ui->flags &= ~UI_FLAG_REDOABLE; - ok = -2; - goto err; - case 0: /* Errors */ - state = "reading strings"; - ok = -1; - goto err; - default: /* Success */ - ok = 0; - break; - } - } - } - - state = NULL; - err: - if (ui->meth->ui_close_session != NULL - && ui->meth->ui_close_session(ui) <= 0) { - if (state == NULL) - state = "closing session"; - ok = -1; - } - - if (ok == -1) - ERR_raise_data(ERR_LIB_UI, UI_R_PROCESSING_ERROR, "while %s", state); - return ok; -} - -int UI_ctrl(UI *ui, int cmd, long i, void *p, void (*f) (void)) -{ - if (ui == NULL) { - ERR_raise(ERR_LIB_UI, ERR_R_PASSED_NULL_PARAMETER); - return -1; - } - switch (cmd) { - case UI_CTRL_PRINT_ERRORS: - { - int save_flag = ! !(ui->flags & UI_FLAG_PRINT_ERRORS); - if (i) - ui->flags |= UI_FLAG_PRINT_ERRORS; - else - ui->flags &= ~UI_FLAG_PRINT_ERRORS; - return save_flag; - } - case UI_CTRL_IS_REDOABLE: - return ! !(ui->flags & UI_FLAG_REDOABLE); - default: - break; - } - ERR_raise(ERR_LIB_UI, UI_R_UNKNOWN_CONTROL_COMMAND); - return -1; -} - -int UI_set_ex_data(UI *r, int idx, void *arg) -{ - return CRYPTO_set_ex_data(&r->ex_data, idx, arg); -} - -void *UI_get_ex_data(const UI *r, int idx) -{ - return CRYPTO_get_ex_data(&r->ex_data, idx); -} - -const UI_METHOD *UI_get_method(UI *ui) -{ - return ui->meth; -} - -const UI_METHOD *UI_set_method(UI *ui, const UI_METHOD *meth) -{ - ui->meth = meth; - return ui->meth; -} - -UI_METHOD *UI_create_method(const char *name) -{ - UI_METHOD *ui_method = NULL; - - if ((ui_method = OPENSSL_zalloc(sizeof(*ui_method))) == NULL - || (ui_method->name = OPENSSL_strdup(name)) == NULL - || !CRYPTO_new_ex_data(CRYPTO_EX_INDEX_UI_METHOD, ui_method, - &ui_method->ex_data)) { - if (ui_method) - OPENSSL_free(ui_method->name); - OPENSSL_free(ui_method); - ERR_raise(ERR_LIB_UI, ERR_R_MALLOC_FAILURE); - return NULL; - } - return ui_method; -} - -/* - * BIG FSCKING WARNING!!!! If you use this on a statically allocated method - * (that is, it hasn't been allocated using UI_create_method(), you deserve - * anything Murphy can throw at you and more! You have been warned. - */ -void UI_destroy_method(UI_METHOD *ui_method) -{ - if (ui_method == NULL) - return; - CRYPTO_free_ex_data(CRYPTO_EX_INDEX_UI_METHOD, ui_method, - &ui_method->ex_data); - OPENSSL_free(ui_method->name); - ui_method->name = NULL; - OPENSSL_free(ui_method); -} - -int UI_method_set_opener(UI_METHOD *method, int (*opener) (UI *ui)) -{ - if (method != NULL) { - method->ui_open_session = opener; - return 0; - } - return -1; -} - -int UI_method_set_writer(UI_METHOD *method, - int (*writer) (UI *ui, UI_STRING *uis)) -{ - if (method != NULL) { - method->ui_write_string = writer; - return 0; - } - return -1; -} - -int UI_method_set_flusher(UI_METHOD *method, int (*flusher) (UI *ui)) -{ - if (method != NULL) { - method->ui_flush = flusher; - return 0; - } - return -1; -} - -int UI_method_set_reader(UI_METHOD *method, - int (*reader) (UI *ui, UI_STRING *uis)) -{ - if (method != NULL) { - method->ui_read_string = reader; - return 0; - } - return -1; -} - -int UI_method_set_closer(UI_METHOD *method, int (*closer) (UI *ui)) -{ - if (method != NULL) { - method->ui_close_session = closer; - return 0; - } - return -1; -} - -int UI_method_set_data_duplicator(UI_METHOD *method, - void *(*duplicator) (UI *ui, void *ui_data), - void (*destructor)(UI *ui, void *ui_data)) -{ - if (method != NULL) { - method->ui_duplicate_data = duplicator; - method->ui_destroy_data = destructor; - return 0; - } - return -1; -} - -int UI_method_set_prompt_constructor(UI_METHOD *method, - char *(*prompt_constructor) (UI *ui, - const char *, - const char *)) -{ - if (method != NULL) { - method->ui_construct_prompt = prompt_constructor; - return 0; - } - return -1; -} - -int UI_method_set_ex_data(UI_METHOD *method, int idx, void *data) -{ - return CRYPTO_set_ex_data(&method->ex_data, idx, data); -} - -int (*UI_method_get_opener(const UI_METHOD *method)) (UI *) -{ - if (method != NULL) - return method->ui_open_session; - return NULL; -} - -int (*UI_method_get_writer(const UI_METHOD *method)) (UI *, UI_STRING *) -{ - if (method != NULL) - return method->ui_write_string; - return NULL; -} - -int (*UI_method_get_flusher(const UI_METHOD *method)) (UI *) -{ - if (method != NULL) - return method->ui_flush; - return NULL; -} - -int (*UI_method_get_reader(const UI_METHOD *method)) (UI *, UI_STRING *) -{ - if (method != NULL) - return method->ui_read_string; - return NULL; -} - -int (*UI_method_get_closer(const UI_METHOD *method)) (UI *) -{ - if (method != NULL) - return method->ui_close_session; - return NULL; -} - -char *(*UI_method_get_prompt_constructor(const UI_METHOD *method)) - (UI *, const char *, const char *) -{ - if (method != NULL) - return method->ui_construct_prompt; - return NULL; -} - -void *(*UI_method_get_data_duplicator(const UI_METHOD *method)) (UI *, void *) -{ - if (method != NULL) - return method->ui_duplicate_data; - return NULL; -} - -void (*UI_method_get_data_destructor(const UI_METHOD *method)) (UI *, void *) -{ - if (method != NULL) - return method->ui_destroy_data; - return NULL; -} - -const void *UI_method_get_ex_data(const UI_METHOD *method, int idx) -{ - return CRYPTO_get_ex_data(&method->ex_data, idx); -} - -enum UI_string_types UI_get_string_type(UI_STRING *uis) -{ - return uis->type; -} - -int UI_get_input_flags(UI_STRING *uis) -{ - return uis->input_flags; -} - -const char *UI_get0_output_string(UI_STRING *uis) -{ - return uis->out_string; -} - -const char *UI_get0_action_string(UI_STRING *uis) -{ - switch (uis->type) { - case UIT_BOOLEAN: - return uis->_.boolean_data.action_desc; - case UIT_PROMPT: - case UIT_NONE: - case UIT_VERIFY: - case UIT_INFO: - case UIT_ERROR: - break; - } - return NULL; -} - -const char *UI_get0_result_string(UI_STRING *uis) -{ - switch (uis->type) { - case UIT_PROMPT: - case UIT_VERIFY: - return uis->result_buf; - case UIT_NONE: - case UIT_BOOLEAN: - case UIT_INFO: - case UIT_ERROR: - break; - } - return NULL; -} - -int UI_get_result_string_length(UI_STRING *uis) -{ - switch (uis->type) { - case UIT_PROMPT: - case UIT_VERIFY: - return uis->result_len; - case UIT_NONE: - case UIT_BOOLEAN: - case UIT_INFO: - case UIT_ERROR: - break; - } - return -1; -} - -const char *UI_get0_test_string(UI_STRING *uis) -{ - switch (uis->type) { - case UIT_VERIFY: - return uis->_.string_data.test_buf; - case UIT_NONE: - case UIT_BOOLEAN: - case UIT_INFO: - case UIT_ERROR: - case UIT_PROMPT: - break; - } - return NULL; -} - -int UI_get_result_minsize(UI_STRING *uis) -{ - switch (uis->type) { - case UIT_PROMPT: - case UIT_VERIFY: - return uis->_.string_data.result_minsize; - case UIT_NONE: - case UIT_INFO: - case UIT_ERROR: - case UIT_BOOLEAN: - break; - } - return -1; -} - -int UI_get_result_maxsize(UI_STRING *uis) -{ - switch (uis->type) { - case UIT_PROMPT: - case UIT_VERIFY: - return uis->_.string_data.result_maxsize; - case UIT_NONE: - case UIT_INFO: - case UIT_ERROR: - case UIT_BOOLEAN: - break; - } - return -1; -} - -int UI_set_result(UI *ui, UI_STRING *uis, const char *result) -{ - return UI_set_result_ex(ui, uis, result, strlen(result)); -} - -int UI_set_result_ex(UI *ui, UI_STRING *uis, const char *result, int len) -{ - ui->flags &= ~UI_FLAG_REDOABLE; - - switch (uis->type) { - case UIT_PROMPT: - case UIT_VERIFY: - if (len < uis->_.string_data.result_minsize) { - ui->flags |= UI_FLAG_REDOABLE; - ERR_raise_data(ERR_LIB_UI, UI_R_RESULT_TOO_SMALL, - "You must type in %d to %d characters", - uis->_.string_data.result_minsize, - uis->_.string_data.result_maxsize); - return -1; - } - if (len > uis->_.string_data.result_maxsize) { - ui->flags |= UI_FLAG_REDOABLE; - ERR_raise_data(ERR_LIB_UI, UI_R_RESULT_TOO_LARGE, - "You must type in %d to %d characters", - uis->_.string_data.result_minsize, - uis->_.string_data.result_maxsize); - return -1; - } - - if (uis->result_buf == NULL) { - ERR_raise(ERR_LIB_UI, UI_R_NO_RESULT_BUFFER); - return -1; - } - - memcpy(uis->result_buf, result, len); - if (len <= uis->_.string_data.result_maxsize) - uis->result_buf[len] = '\0'; - uis->result_len = len; - break; - case UIT_BOOLEAN: - { - const char *p; - - if (uis->result_buf == NULL) { - ERR_raise(ERR_LIB_UI, UI_R_NO_RESULT_BUFFER); - return -1; - } - - uis->result_buf[0] = '\0'; - for (p = result; *p; p++) { - if (strchr(uis->_.boolean_data.ok_chars, *p)) { - uis->result_buf[0] = uis->_.boolean_data.ok_chars[0]; - break; - } - if (strchr(uis->_.boolean_data.cancel_chars, *p)) { - uis->result_buf[0] = uis->_.boolean_data.cancel_chars[0]; - break; - } - } - } - case UIT_NONE: - case UIT_INFO: - case UIT_ERROR: - break; - } - return 0; -} diff --git a/crypto/ui/ui_local.h b/crypto/ui/ui_local.h deleted file mode 100644 index 36b3e6194b0a1769388651b18cd3a9b38a24e5c2..0000000000000000000000000000000000000000 --- a/crypto/ui/ui_local.h +++ /dev/null @@ -1,109 +0,0 @@ -/* - * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#ifndef OSSL_CRYPTO_UI_LOCAL_H -# define OSSL_CRYPTO_UI_LOCAL_H - -# include -# include - -# ifdef _ -# undef _ -# endif - -struct ui_method_st { - char *name; - /* - * All the functions return 1 or non-NULL for success and 0 or NULL for - * failure - */ - /* - * Open whatever channel for this, be it the console, an X window or - * whatever. This function should use the ex_data structure to save - * intermediate data. - */ - int (*ui_open_session) (UI *ui); - int (*ui_write_string) (UI *ui, UI_STRING *uis); - /* - * Flush the output. If a GUI dialog box is used, this function can be - * used to actually display it. - */ - int (*ui_flush) (UI *ui); - int (*ui_read_string) (UI *ui, UI_STRING *uis); - int (*ui_close_session) (UI *ui); - /* - * Duplicate the ui_data that often comes alongside a ui_method. This - * allows some backends to save away UI information for later use. - */ - void *(*ui_duplicate_data) (UI *ui, void *ui_data); - void (*ui_destroy_data) (UI *ui, void *ui_data); - /* - * Construct a prompt in a user-defined manner. object_desc is a textual - * short description of the object, for example "pass phrase", and - * object_name is the name of the object (might be a card name or a file - * name. The returned string shall always be allocated on the heap with - * OPENSSL_malloc(), and need to be free'd with OPENSSL_free(). - */ - char *(*ui_construct_prompt) (UI *ui, const char *object_desc, - const char *object_name); - /* - * UI_METHOD specific application data. - */ - CRYPTO_EX_DATA ex_data; -}; - -struct ui_string_st { - enum UI_string_types type; /* Input */ - const char *out_string; /* Input */ - int input_flags; /* Flags from the user */ - /* - * The following parameters are completely irrelevant for UIT_INFO, and - * can therefore be set to 0 or NULL - */ - char *result_buf; /* Input and Output: If not NULL, - * user-defined with size in result_maxsize. - * Otherwise, it may be allocated by the UI - * routine, meaning result_minsize is going - * to be overwritten. */ - size_t result_len; - union { - struct { - int result_minsize; /* Input: minimum required size of the - * result. */ - int result_maxsize; /* Input: maximum permitted size of the - * result */ - const char *test_buf; /* Input: test string to verify against */ - } string_data; - struct { - const char *action_desc; /* Input */ - const char *ok_chars; /* Input */ - const char *cancel_chars; /* Input */ - } boolean_data; - } _; - -# define OUT_STRING_FREEABLE 0x01 - int flags; /* flags for internal use */ -}; - -struct ui_st { - const UI_METHOD *meth; - STACK_OF(UI_STRING) *strings; /* We might want to prompt for more than - * one thing at a time, and with different - * echoing status. */ - void *user_data; - CRYPTO_EX_DATA ex_data; -# define UI_FLAG_REDOABLE 0x0001 -# define UI_FLAG_DUPL_DATA 0x0002 /* user_data was duplicated */ -# define UI_FLAG_PRINT_ERRORS 0x0100 - int flags; - - CRYPTO_RWLOCK *lock; -}; - -#endif diff --git a/crypto/ui/ui_null.c b/crypto/ui/ui_null.c deleted file mode 100644 index f002448d2cd4a989084ae9f79753c29c2f9e1ec7..0000000000000000000000000000000000000000 --- a/crypto/ui/ui_null.c +++ /dev/null @@ -1,26 +0,0 @@ -/* - * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include "ui_local.h" - -static const UI_METHOD ui_null = { - "OpenSSL NULL UI", - NULL, /* opener */ - NULL, /* writer */ - NULL, /* flusher */ - NULL, /* reader */ - NULL, /* closer */ - NULL -}; - -/* The method with all the built-in thingies */ -const UI_METHOD *UI_null(void) -{ - return &ui_null; -} diff --git a/crypto/ui/ui_openssl.c b/crypto/ui/ui_openssl.c deleted file mode 100644 index 8007f2f70c8728a3b0152203618ed956d0b209d2..0000000000000000000000000000000000000000 --- a/crypto/ui/ui_openssl.c +++ /dev/null @@ -1,732 +0,0 @@ -/* - * Copyright 2001-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include "e_os.h" -#include -#include -#include - -#ifndef OPENSSL_NO_UI_CONSOLE -/* - * need for #define _POSIX_C_SOURCE arises whenever you pass -ansi to gcc - * [maybe others?], because it masks interfaces not discussed in standard, - * sigaction and fileno included. -pedantic would be more appropriate for the - * intended purposes, but we can't prevent users from adding -ansi. - */ -# if defined(OPENSSL_SYS_VXWORKS) -# include -# endif - -# if !defined(_POSIX_C_SOURCE) && defined(OPENSSL_SYS_VMS) -# ifndef _POSIX_C_SOURCE -# define _POSIX_C_SOURCE 2 -# endif -# endif -# include -# include -# include -# include - -# if !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VMS) -# include -/* - * If unistd.h defines _POSIX_VERSION, we conclude that we are on a POSIX - * system and have sigaction and termios. - */ -# if defined(_POSIX_VERSION) && _POSIX_VERSION>=199309L - -# define SIGACTION -# if !defined(TERMIOS) && !defined(TERMIO) && !defined(SGTTY) -# define TERMIOS -# endif - -# endif -# endif - -# include "ui_local.h" -# include "internal/cryptlib.h" - -# ifdef OPENSSL_SYS_VMS /* prototypes for sys$whatever */ -# include -# ifdef __DECC -# pragma message disable DOLLARID -# endif -# endif - -# ifdef WIN_CONSOLE_BUG -# include -# ifndef OPENSSL_SYS_WINCE -# include -# endif -# endif - -/* - * There are 6 types of terminal interface supported, TERMIO, TERMIOS, VMS, - * MSDOS, WIN32 Console and SGTTY. - * - * If someone defines one of the macros TERMIO, TERMIOS or SGTTY, it will - * remain respected. Otherwise, we default to TERMIOS except for a few - * systems that require something different. - * - * Note: we do not use SGTTY unless it's defined by the configuration. We - * may eventually opt to remove its use entirely. - */ - -# if !defined(TERMIOS) && !defined(TERMIO) && !defined(SGTTY) - -# if defined(_LIBC) -# undef TERMIOS -# define TERMIO -# undef SGTTY -/* - * We know that VMS, MSDOS, VXWORKS, use entirely other mechanisms. - */ -# elif !defined(OPENSSL_SYS_VMS) \ - && !defined(OPENSSL_SYS_MSDOS) \ - && !defined(OPENSSL_SYS_VXWORKS) -# define TERMIOS -# undef TERMIO -# undef SGTTY -# endif - -# endif - -# if defined(OPENSSL_SYS_VXWORKS) -# undef TERMIOS -# undef TERMIO -# undef SGTTY -# endif - -# ifdef TERMIOS -# include -# define TTY_STRUCT struct termios -# define TTY_FLAGS c_lflag -# define TTY_get(tty,data) tcgetattr(tty,data) -# define TTY_set(tty,data) tcsetattr(tty,TCSANOW,data) -# endif - -# ifdef TERMIO -# include -# define TTY_STRUCT struct termio -# define TTY_FLAGS c_lflag -# define TTY_get(tty,data) ioctl(tty,TCGETA,data) -# define TTY_set(tty,data) ioctl(tty,TCSETA,data) -# endif - -# ifdef SGTTY -# include -# define TTY_STRUCT struct sgttyb -# define TTY_FLAGS sg_flags -# define TTY_get(tty,data) ioctl(tty,TIOCGETP,data) -# define TTY_set(tty,data) ioctl(tty,TIOCSETP,data) -# endif - -# if !defined(_LIBC) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VMS) && ! (defined(OPENSSL_SYS_TANDEM) && defined(_SPT_MODEL_)) -# include -# endif - -# ifdef OPENSSL_SYS_MSDOS -# include -# endif - -# ifdef OPENSSL_SYS_VMS -# include -# include -# include -# include -struct IOSB { - short iosb$w_value; - short iosb$w_count; - long iosb$l_info; -}; -# endif - -# ifndef NX509_SIG -# define NX509_SIG 32 -# endif - -/* Define globals. They are protected by a lock */ -# ifdef SIGACTION -static struct sigaction savsig[NX509_SIG]; -# else -static void (*savsig[NX509_SIG]) (int); -# endif - -# ifdef OPENSSL_SYS_VMS -static struct IOSB iosb; -static $DESCRIPTOR(terminal, "TT"); -static long tty_orig[3], tty_new[3]; /* XXX Is there any guarantee that this - * will always suffice for the actual - * structures? */ -static long status; -static unsigned short channel = 0; -# elif defined(_WIN32) && !defined(_WIN32_WCE) -static DWORD tty_orig, tty_new; -# else -# if !defined(OPENSSL_SYS_MSDOS) || defined(__DJGPP__) -static TTY_STRUCT tty_orig, tty_new; -# endif -# endif -static FILE *tty_in, *tty_out; -static int is_a_tty; - -/* Declare static functions */ -# if !defined(OPENSSL_SYS_WINCE) -static int read_till_nl(FILE *); -static void recsig(int); -static void pushsig(void); -static void popsig(void); -# endif -# if defined(OPENSSL_SYS_MSDOS) && !defined(_WIN32) -static int noecho_fgets(char *buf, int size, FILE *tty); -# endif -static int read_string_inner(UI *ui, UI_STRING *uis, int echo, int strip_nl); - -static int read_string(UI *ui, UI_STRING *uis); -static int write_string(UI *ui, UI_STRING *uis); - -static int open_console(UI *ui); -static int echo_console(UI *ui); -static int noecho_console(UI *ui); -static int close_console(UI *ui); - -/* - * The following function makes sure that info and error strings are printed - * before any prompt. - */ -static int write_string(UI *ui, UI_STRING *uis) -{ - switch (UI_get_string_type(uis)) { - case UIT_ERROR: - case UIT_INFO: - fputs(UI_get0_output_string(uis), tty_out); - fflush(tty_out); - break; - case UIT_NONE: - case UIT_PROMPT: - case UIT_VERIFY: - case UIT_BOOLEAN: - break; - } - return 1; -} - -static int read_string(UI *ui, UI_STRING *uis) -{ - int ok = 0; - - switch (UI_get_string_type(uis)) { - case UIT_BOOLEAN: - fputs(UI_get0_output_string(uis), tty_out); - fputs(UI_get0_action_string(uis), tty_out); - fflush(tty_out); - return read_string_inner(ui, uis, - UI_get_input_flags(uis) & UI_INPUT_FLAG_ECHO, - 0); - case UIT_PROMPT: - fputs(UI_get0_output_string(uis), tty_out); - fflush(tty_out); - return read_string_inner(ui, uis, - UI_get_input_flags(uis) & UI_INPUT_FLAG_ECHO, - 1); - case UIT_VERIFY: - fprintf(tty_out, "Verifying - %s", UI_get0_output_string(uis)); - fflush(tty_out); - if ((ok = read_string_inner(ui, uis, - UI_get_input_flags(uis) & - UI_INPUT_FLAG_ECHO, 1)) <= 0) - return ok; - if (strcmp(UI_get0_result_string(uis), UI_get0_test_string(uis)) != 0) { - fprintf(tty_out, "Verify failure\n"); - fflush(tty_out); - return 0; - } - break; - case UIT_NONE: - case UIT_INFO: - case UIT_ERROR: - break; - } - return 1; -} - -# if !defined(OPENSSL_SYS_WINCE) -/* Internal functions to read a string without echoing */ -static int read_till_nl(FILE *in) -{ -# define SIZE 4 - char buf[SIZE + 1]; - - do { - if (!fgets(buf, SIZE, in)) - return 0; - } while (strchr(buf, '\n') == NULL); - return 1; -} - -static volatile sig_atomic_t intr_signal; -# endif - -static int read_string_inner(UI *ui, UI_STRING *uis, int echo, int strip_nl) -{ - static int ps; - int ok; - char result[BUFSIZ]; - int maxsize = BUFSIZ - 1; -# if !defined(OPENSSL_SYS_WINCE) - char *p = NULL; - int echo_eol = !echo; - - intr_signal = 0; - ok = 0; - ps = 0; - - pushsig(); - ps = 1; - - if (!echo && !noecho_console(ui)) - goto error; - ps = 2; - - result[0] = '\0'; -# if defined(_WIN32) - if (is_a_tty) { - DWORD numread; -# if defined(CP_UTF8) - if (GetEnvironmentVariableW(L"OPENSSL_WIN32_UTF8", NULL, 0) != 0) { - WCHAR wresult[BUFSIZ]; - - if (ReadConsoleW(GetStdHandle(STD_INPUT_HANDLE), - wresult, maxsize, &numread, NULL)) { - if (numread >= 2 && - wresult[numread-2] == L'\r' && - wresult[numread-1] == L'\n') { - wresult[numread-2] = L'\n'; - numread--; - } - wresult[numread] = '\0'; - if (WideCharToMultiByte(CP_UTF8, 0, wresult, -1, - result, sizeof(result), NULL, 0) > 0) - p = result; - - OPENSSL_cleanse(wresult, sizeof(wresult)); - } - } else -# endif - if (ReadConsoleA(GetStdHandle(STD_INPUT_HANDLE), - result, maxsize, &numread, NULL)) { - if (numread >= 2 && - result[numread-2] == '\r' && result[numread-1] == '\n') { - result[numread-2] = '\n'; - numread--; - } - result[numread] = '\0'; - p = result; - } - } else -# elif defined(OPENSSL_SYS_MSDOS) - if (!echo) { - noecho_fgets(result, maxsize, tty_in); - p = result; /* FIXME: noecho_fgets doesn't return errors */ - } else -# endif - p = fgets(result, maxsize, tty_in); - if (p == NULL) - goto error; - if (feof(tty_in)) - goto error; - if (ferror(tty_in)) - goto error; - if ((p = (char *)strchr(result, '\n')) != NULL) { - if (strip_nl) - *p = '\0'; - } else if (!read_till_nl(tty_in)) - goto error; - if (UI_set_result(ui, uis, result) >= 0) - ok = 1; - - error: - if (intr_signal == SIGINT) - ok = -1; - if (echo_eol) - fprintf(tty_out, "\n"); - if (ps >= 2 && !echo && !echo_console(ui)) - ok = 0; - - if (ps >= 1) - popsig(); -# else - ok = 1; -# endif - - OPENSSL_cleanse(result, BUFSIZ); - return ok; -} - -/* Internal functions to open, handle and close a channel to the console. */ -static int open_console(UI *ui) -{ - if (!CRYPTO_THREAD_write_lock(ui->lock)) - return 0; - is_a_tty = 1; - -# if defined(OPENSSL_SYS_VXWORKS) - tty_in = stdin; - tty_out = stderr; -# elif defined(_WIN32) && !defined(_WIN32_WCE) - if ((tty_out = fopen("conout$", "w")) == NULL) - tty_out = stderr; - - if (GetConsoleMode(GetStdHandle(STD_INPUT_HANDLE), &tty_orig)) { - tty_in = stdin; - } else { - is_a_tty = 0; - if ((tty_in = fopen("conin$", "r")) == NULL) - tty_in = stdin; - } -# else -# ifdef OPENSSL_SYS_MSDOS -# define DEV_TTY "con" -# else -# define DEV_TTY "/dev/tty" -# endif - if ((tty_in = fopen(DEV_TTY, "r")) == NULL) - tty_in = stdin; - if ((tty_out = fopen(DEV_TTY, "w")) == NULL) - tty_out = stderr; -# endif - -# if defined(TTY_get) && !defined(OPENSSL_SYS_VMS) - if (TTY_get(fileno(tty_in), &tty_orig) == -1) { -# ifdef ENOTTY - if (errno == ENOTTY) - is_a_tty = 0; - else -# endif -# ifdef EINVAL - /* - * Ariel Glenn reports that solaris can return EINVAL instead. - * This should be ok - */ - if (errno == EINVAL) - is_a_tty = 0; - else -# endif -# ifdef ENXIO - /* - * Solaris can return ENXIO. - * This should be ok - */ - if (errno == ENXIO) - is_a_tty = 0; - else -# endif -# ifdef EIO - /* - * Linux can return EIO. - * This should be ok - */ - if (errno == EIO) - is_a_tty = 0; - else -# endif -# ifdef EPERM - /* - * Linux can return EPERM (Operation not permitted), - * e.g. if a daemon executes openssl via fork()+execve() - * This should be ok - */ - if (errno == EPERM) - is_a_tty = 0; - else -# endif -# ifdef ENODEV - /* - * MacOS X returns ENODEV (Operation not supported by device), - * which seems appropriate. - */ - if (errno == ENODEV) - is_a_tty = 0; - else -# endif - { - ERR_raise_data(ERR_LIB_UI, UI_R_UNKNOWN_TTYGET_ERRNO_VALUE, - "errno=%d", errno); - return 0; - } - } -# endif -# ifdef OPENSSL_SYS_VMS - status = sys$assign(&terminal, &channel, 0, 0); - - /* if there isn't a TT device, something is very wrong */ - if (status != SS$_NORMAL) { - ERR_raise_data(ERR_LIB_UI, UI_R_SYSASSIGN_ERROR, - "status=%%X%08X", status); - return 0; - } - - status = sys$qiow(0, channel, IO$_SENSEMODE, &iosb, 0, 0, tty_orig, 12, - 0, 0, 0, 0); - - /* If IO$_SENSEMODE doesn't work, this is not a terminal device */ - if ((status != SS$_NORMAL) || (iosb.iosb$w_value != SS$_NORMAL)) - is_a_tty = 0; -# endif - return 1; -} - -static int noecho_console(UI *ui) -{ -# ifdef TTY_FLAGS - memcpy(&(tty_new), &(tty_orig), sizeof(tty_orig)); - tty_new.TTY_FLAGS &= ~ECHO; -# endif - -# if defined(TTY_set) && !defined(OPENSSL_SYS_VMS) - if (is_a_tty && (TTY_set(fileno(tty_in), &tty_new) == -1)) - return 0; -# endif -# ifdef OPENSSL_SYS_VMS - if (is_a_tty) { - tty_new[0] = tty_orig[0]; - tty_new[1] = tty_orig[1] | TT$M_NOECHO; - tty_new[2] = tty_orig[2]; - status = sys$qiow(0, channel, IO$_SETMODE, &iosb, 0, 0, tty_new, 12, - 0, 0, 0, 0); - if ((status != SS$_NORMAL) || (iosb.iosb$w_value != SS$_NORMAL)) { - ERR_raise_data(ERR_LIB_UI, UI_R_SYSQIOW_ERROR, - "status=%%X%08X, iosb.iosb$w_value=%%X%08X", - status, iosb.iosb$w_value); - return 0; - } - } -# endif -# if defined(_WIN32) && !defined(_WIN32_WCE) - if (is_a_tty) { - tty_new = tty_orig; - tty_new &= ~ENABLE_ECHO_INPUT; - SetConsoleMode(GetStdHandle(STD_INPUT_HANDLE), tty_new); - } -# endif - return 1; -} - -static int echo_console(UI *ui) -{ -# if defined(TTY_set) && !defined(OPENSSL_SYS_VMS) - memcpy(&(tty_new), &(tty_orig), sizeof(tty_orig)); - if (is_a_tty && (TTY_set(fileno(tty_in), &tty_new) == -1)) - return 0; -# endif -# ifdef OPENSSL_SYS_VMS - if (is_a_tty) { - tty_new[0] = tty_orig[0]; - tty_new[1] = tty_orig[1]; - tty_new[2] = tty_orig[2]; - status = sys$qiow(0, channel, IO$_SETMODE, &iosb, 0, 0, tty_new, 12, - 0, 0, 0, 0); - if ((status != SS$_NORMAL) || (iosb.iosb$w_value != SS$_NORMAL)) { - ERR_raise_data(ERR_LIB_UI, UI_R_SYSQIOW_ERROR, - "status=%%X%08X, iosb.iosb$w_value=%%X%08X", - status, iosb.iosb$w_value); - return 0; - } - } -# endif -# if defined(_WIN32) && !defined(_WIN32_WCE) - if (is_a_tty) { - tty_new = tty_orig; - SetConsoleMode(GetStdHandle(STD_INPUT_HANDLE), tty_new); - } -# endif - return 1; -} - -static int close_console(UI *ui) -{ - int ret = 1; - - if (tty_in != stdin) - fclose(tty_in); - if (tty_out != stderr) - fclose(tty_out); -# ifdef OPENSSL_SYS_VMS - status = sys$dassgn(channel); - if (status != SS$_NORMAL) { - ERR_raise_data(ERR_LIB_UI, UI_R_SYSDASSGN_ERROR, - "status=%%X%08X", status); - ret = 0; - } -# endif - CRYPTO_THREAD_unlock(ui->lock); - - return ret; -} - -# if !defined(OPENSSL_SYS_WINCE) -/* Internal functions to handle signals and act on them */ -static void pushsig(void) -{ -# ifndef OPENSSL_SYS_WIN32 - int i; -# endif -# ifdef SIGACTION - struct sigaction sa; - - memset(&sa, 0, sizeof(sa)); - sa.sa_handler = recsig; -# endif - -# ifdef OPENSSL_SYS_WIN32 - savsig[SIGABRT] = signal(SIGABRT, recsig); - savsig[SIGFPE] = signal(SIGFPE, recsig); - savsig[SIGILL] = signal(SIGILL, recsig); - savsig[SIGINT] = signal(SIGINT, recsig); - savsig[SIGSEGV] = signal(SIGSEGV, recsig); - savsig[SIGTERM] = signal(SIGTERM, recsig); -# else - for (i = 1; i < NX509_SIG; i++) { -# ifdef SIGUSR1 - if (i == SIGUSR1) - continue; -# endif -# ifdef SIGUSR2 - if (i == SIGUSR2) - continue; -# endif -# ifdef SIGKILL - if (i == SIGKILL) /* We can't make any action on that. */ - continue; -# endif -# ifdef SIGACTION - sigaction(i, &sa, &savsig[i]); -# else - savsig[i] = signal(i, recsig); -# endif - } -# endif - -# ifdef SIGWINCH - signal(SIGWINCH, SIG_DFL); -# endif -} - -static void popsig(void) -{ -# ifdef OPENSSL_SYS_WIN32 - signal(SIGABRT, savsig[SIGABRT]); - signal(SIGFPE, savsig[SIGFPE]); - signal(SIGILL, savsig[SIGILL]); - signal(SIGINT, savsig[SIGINT]); - signal(SIGSEGV, savsig[SIGSEGV]); - signal(SIGTERM, savsig[SIGTERM]); -# else - int i; - for (i = 1; i < NX509_SIG; i++) { -# ifdef SIGUSR1 - if (i == SIGUSR1) - continue; -# endif -# ifdef SIGUSR2 - if (i == SIGUSR2) - continue; -# endif -# ifdef SIGACTION - sigaction(i, &savsig[i], NULL); -# else - signal(i, savsig[i]); -# endif - } -# endif -} - -static void recsig(int i) -{ - intr_signal = i; -} -# endif - -/* Internal functions specific for Windows */ -# if defined(OPENSSL_SYS_MSDOS) && !defined(_WIN32) -static int noecho_fgets(char *buf, int size, FILE *tty) -{ - int i; - char *p; - - p = buf; - for (;;) { - if (size == 0) { - *p = '\0'; - break; - } - size--; -# if defined(_WIN32) - i = _getch(); -# else - i = getch(); -# endif - if (i == '\r') - i = '\n'; - *(p++) = i; - if (i == '\n') { - *p = '\0'; - break; - } - } -# ifdef WIN_CONSOLE_BUG - /* - * Win95 has several evil console bugs: one of these is that the last - * character read using getch() is passed to the next read: this is - * usually a CR so this can be trouble. No STDIO fix seems to work but - * flushing the console appears to do the trick. - */ - { - HANDLE inh; - inh = GetStdHandle(STD_INPUT_HANDLE); - FlushConsoleInputBuffer(inh); - } -# endif - return strlen(buf); -} -# endif - -static UI_METHOD ui_openssl = { - "OpenSSL default user interface", - open_console, - write_string, - NULL, /* No flusher is needed for command lines */ - read_string, - close_console, - NULL -}; - -/* The method with all the built-in console thingies */ -UI_METHOD *UI_OpenSSL(void) -{ - return &ui_openssl; -} - -static const UI_METHOD *default_UI_meth = &ui_openssl; - -#else - -static const UI_METHOD *default_UI_meth = NULL; - -#endif - -void UI_set_default_method(const UI_METHOD *meth) -{ - default_UI_meth = meth; -} - -const UI_METHOD *UI_get_default_method(void) -{ - return default_UI_meth; -} diff --git a/crypto/ui/ui_util.c b/crypto/ui/ui_util.c deleted file mode 100644 index 80297969ab1d660502975344f7995517ad0f311f..0000000000000000000000000000000000000000 --- a/crypto/ui/ui_util.c +++ /dev/null @@ -1,165 +0,0 @@ -/* - * Copyright 2002-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include /* PEM_def_callback() */ -#include "internal/thread_once.h" -#include "ui_local.h" - -#ifndef BUFSIZ -#define BUFSIZ 256 -#endif - -int UI_UTIL_read_pw_string(char *buf, int length, const char *prompt, - int verify) -{ - char buff[BUFSIZ]; - int ret; - - ret = - UI_UTIL_read_pw(buf, buff, (length > BUFSIZ) ? BUFSIZ : length, - prompt, verify); - OPENSSL_cleanse(buff, BUFSIZ); - return ret; -} - -int UI_UTIL_read_pw(char *buf, char *buff, int size, const char *prompt, - int verify) -{ - int ok = 0; - UI *ui; - - if (size < 1) - return -1; - - ui = UI_new(); - if (ui != NULL) { - ok = UI_add_input_string(ui, prompt, 0, buf, 0, size - 1); - if (ok >= 0 && verify) - ok = UI_add_verify_string(ui, prompt, 0, buff, 0, size - 1, buf); - if (ok >= 0) - ok = UI_process(ui); - UI_free(ui); - } - if (ok > 0) - ok = 0; - return ok; -} - -/* - * Wrapper around pem_password_cb, a method to help older APIs use newer - * ones. - */ -struct pem_password_cb_data { - pem_password_cb *cb; - int rwflag; -}; - -static void ui_new_method_data(void *parent, void *ptr, CRYPTO_EX_DATA *ad, - int idx, long argl, void *argp) -{ - /* - * Do nothing, the data is allocated externally and assigned later with - * CRYPTO_set_ex_data() - */ -} - -static int ui_dup_method_data(CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from, - void **pptr, int idx, long argl, void *argp) -{ - if (*pptr != NULL) { - *pptr = OPENSSL_memdup(*pptr, sizeof(struct pem_password_cb_data)); - if (*pptr != NULL) - return 1; - } - return 0; -} - -static void ui_free_method_data(void *parent, void *ptr, CRYPTO_EX_DATA *ad, - int idx, long argl, void *argp) -{ - OPENSSL_free(ptr); -} - -static CRYPTO_ONCE get_index_once = CRYPTO_ONCE_STATIC_INIT; -static int ui_method_data_index = -1; -DEFINE_RUN_ONCE_STATIC(ui_method_data_index_init) -{ - ui_method_data_index = CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_UI_METHOD, - 0, NULL, ui_new_method_data, - ui_dup_method_data, - ui_free_method_data); - return 1; -} - -static int ui_open(UI *ui) -{ - return 1; -} -static int ui_read(UI *ui, UI_STRING *uis) -{ - switch (UI_get_string_type(uis)) { - case UIT_PROMPT: - { - char result[PEM_BUFSIZE + 1]; - const struct pem_password_cb_data *data = - UI_method_get_ex_data(UI_get_method(ui), ui_method_data_index); - int maxsize = UI_get_result_maxsize(uis); - int len = data->cb(result, - maxsize > PEM_BUFSIZE ? PEM_BUFSIZE : maxsize, - data->rwflag, UI_get0_user_data(ui)); - - if (len >= 0) - result[len] = '\0'; - if (len < 0) - return len; - if (UI_set_result_ex(ui, uis, result, len) >= 0) - return 1; - return 0; - } - case UIT_VERIFY: - case UIT_NONE: - case UIT_BOOLEAN: - case UIT_INFO: - case UIT_ERROR: - break; - } - return 1; -} -static int ui_write(UI *ui, UI_STRING *uis) -{ - return 1; -} -static int ui_close(UI *ui) -{ - return 1; -} - -UI_METHOD *UI_UTIL_wrap_read_pem_callback(pem_password_cb *cb, int rwflag) -{ - struct pem_password_cb_data *data = NULL; - UI_METHOD *ui_method = NULL; - - if ((data = OPENSSL_zalloc(sizeof(*data))) == NULL - || (ui_method = UI_create_method("PEM password callback wrapper")) == NULL - || UI_method_set_opener(ui_method, ui_open) < 0 - || UI_method_set_reader(ui_method, ui_read) < 0 - || UI_method_set_writer(ui_method, ui_write) < 0 - || UI_method_set_closer(ui_method, ui_close) < 0 - || !RUN_ONCE(&get_index_once, ui_method_data_index_init) - || !UI_method_set_ex_data(ui_method, ui_method_data_index, data)) { - UI_destroy_method(ui_method); - OPENSSL_free(data); - return NULL; - } - data->rwflag = rwflag; - data->cb = cb != NULL ? cb : PEM_def_callback; - - return ui_method; -} diff --git a/crypto/uid.c b/crypto/uid.c deleted file mode 100644 index 698127779f54d93c5ccfb6d27cb3658d228b53fb..0000000000000000000000000000000000000000 --- a/crypto/uid.c +++ /dev/null @@ -1,55 +0,0 @@ -/* - * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include - -#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI) - -int OPENSSL_issetugid(void) -{ - return 0; -} - -#elif defined(__OpenBSD__) || (defined(__FreeBSD__) && __FreeBSD__ > 2) || defined(__DragonFly__) || (defined(__GLIBC__) && defined(__FreeBSD_kernel__)) - -# include - -int OPENSSL_issetugid(void) -{ - return issetugid(); -} - -#else - -# include -# include - -# if defined(__GLIBC__) && defined(__GLIBC_PREREQ) -# if __GLIBC_PREREQ(2, 16) -# include -# define OSSL_IMPLEMENT_GETAUXVAL -# endif -# elif defined(__ANDROID_API__) -/* see https://developer.android.google.cn/ndk/guides/cpu-features */ -# if __ANDROID_API__ >= 18 -# include -# define OSSL_IMPLEMENT_GETAUXVAL -# endif -# endif - -int OPENSSL_issetugid(void) -{ -# ifdef OSSL_IMPLEMENT_GETAUXVAL - return getauxval(AT_SECURE) != 0; -# else - return getuid() != geteuid() || getgid() != getegid(); -# endif -} -#endif diff --git a/crypto/vms_rms.h b/crypto/vms_rms.h deleted file mode 100644 index ae74ba68294e0d84ed12ef4fbdb39e9c9d9564f0..0000000000000000000000000000000000000000 --- a/crypto/vms_rms.h +++ /dev/null @@ -1,58 +0,0 @@ -/* - * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#ifdef NAML$C_MAXRSS - -# define CC_RMS_NAMX cc$rms_naml -# define FAB_NAMX fab$l_naml -# define FAB_OR_NAML( fab, naml) naml -# define FAB_OR_NAML_DNA naml$l_long_defname -# define FAB_OR_NAML_DNS naml$l_long_defname_size -# define FAB_OR_NAML_FNA naml$l_long_filename -# define FAB_OR_NAML_FNS naml$l_long_filename_size -# define NAMX_ESA naml$l_long_expand -# define NAMX_ESL naml$l_long_expand_size -# define NAMX_ESS naml$l_long_expand_alloc -# define NAMX_NOP naml$b_nop -# define SET_NAMX_NO_SHORT_UPCASE( nam) nam.naml$v_no_short_upcase = 1 - -# if __INITIAL_POINTER_SIZE == 64 -# define NAMX_DNA_FNA_SET(fab) fab.fab$l_dna = (__char_ptr32) -1; \ - fab.fab$l_fna = (__char_ptr32) -1; -# else /* __INITIAL_POINTER_SIZE == 64 */ -# define NAMX_DNA_FNA_SET(fab) fab.fab$l_dna = (char *) -1; \ - fab.fab$l_fna = (char *) -1; -# endif /* __INITIAL_POINTER_SIZE == 64 [else] */ - -# define NAMX_MAXRSS NAML$C_MAXRSS -# define NAMX_STRUCT NAML - -#else /* def NAML$C_MAXRSS */ - -# define CC_RMS_NAMX cc$rms_nam -# define FAB_NAMX fab$l_nam -# define FAB_OR_NAML( fab, naml) fab -# define FAB_OR_NAML_DNA fab$l_dna -# define FAB_OR_NAML_DNS fab$b_dns -# define FAB_OR_NAML_FNA fab$l_fna -# define FAB_OR_NAML_FNS fab$b_fns -# define NAMX_ESA nam$l_esa -# define NAMX_ESL nam$b_esl -# define NAMX_ESS nam$b_ess -# define NAMX_NOP nam$b_nop -# define NAMX_DNA_FNA_SET(fab) -# define NAMX_MAXRSS NAM$C_MAXRSS -# define NAMX_STRUCT NAM -# ifdef NAM$M_NO_SHORT_UPCASE -# define SET_NAMX_NO_SHORT_UPCASE( nam) naml.naml$v_no_short_upcase = 1 -# else /* def NAM$M_NO_SHORT_UPCASE */ -# define SET_NAMX_NO_SHORT_UPCASE( nam) -# endif /* def NAM$M_NO_SHORT_UPCASE [else] */ - -#endif /* def NAML$C_MAXRSS [else] */ diff --git a/crypto/whrlpool/asm/wp-mmx.pl b/crypto/whrlpool/asm/wp-mmx.pl deleted file mode 100644 index ad2528a9e28aaca471729aa580cbb76d1839c97f..0000000000000000000000000000000000000000 --- a/crypto/whrlpool/asm/wp-mmx.pl +++ /dev/null @@ -1,506 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2005-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - -# -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. Rights for redistribution and usage in source and binary -# forms are granted according to the License. -# ==================================================================== -# -# whirlpool_block_mmx implementation. -# -*SCALE=\(2); # 2 or 8, that is the question:-) Value of 8 results -# in 16KB large table, which is tough on L1 cache, but eliminates -# unaligned references to it. Value of 2 results in 4KB table, but -# 7/8 of references to it are unaligned. AMD cores seem to be -# allergic to the latter, while Intel ones - to former [see the -# table]. I stick to value of 2 for two reasons: 1. smaller table -# minimizes cache trashing and thus mitigates the hazard of side- -# channel leakage similar to AES cache-timing one; 2. performance -# gap among different µ-archs is smaller. -# -# Performance table lists rounded amounts of CPU cycles spent by -# whirlpool_block_mmx routine on single 64 byte input block, i.e. -# smaller is better and asymptotic throughput can be estimated by -# multiplying 64 by CPU clock frequency and dividing by relevant -# value from the given table: -# -# $SCALE=2/8 icc8 gcc3 -# Intel P4 3200/4600 4600(*) 6400 -# Intel PIII 2900/3000 4900 5400 -# AMD K[78] 2500/1800 9900 8200(**) -# -# (*) I've sketched even non-MMX assembler, but for the record -# I've failed to beat the Intel compiler on P4, without using -# MMX that is... -# (**) ... on AMD on the other hand non-MMX assembler was observed -# to perform significantly better, but I figured this MMX -# implementation is even faster anyway, so why bother? As for -# pre-MMX AMD core[s], the improvement coefficient is more -# than likely to vary anyway and I don't know how. But the -# least I know is that gcc-generated code compiled with -# -DL_ENDIAN and -DOPENSSL_SMALL_FOOTPRINT [see C module for -# details] and optimized for Pentium was observed to perform -# *better* on Pentium 100 than unrolled non-MMX assembler -# loop... So we just say that I don't know if maintaining -# non-MMX implementation would actually pay off, but till -# opposite is proved "unlikely" is assumed. - -$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; -push(@INC,"${dir}","${dir}../../perlasm"); -require "x86asm.pl"; - -$output=pop and open STDOUT,">$output"; - -&asm_init($ARGV[0]); - -sub L() { &data_byte(@_); } -sub LL() -{ if ($SCALE==2) { &data_byte(@_); &data_byte(@_); } - elsif ($SCALE==8) { for ($i=0;$i<8;$i++) { - &data_byte(@_); - unshift(@_,pop(@_)); - } - } - else { die "invalid SCALE value"; } -} - -sub scale() -{ if ($SCALE==2) { &lea(@_[0],&DWP(0,@_[1],@_[1])); } - elsif ($SCALE==8) { &lea(@_[0],&DWP(0,"",@_[1],8)); } - else { die "invalid SCALE value"; } -} - -sub row() -{ if ($SCALE==2) { ((8-shift)&7); } - elsif ($SCALE==8) { (8*shift); } - else { die "invalid SCALE value"; } -} - -$tbl="ebp"; -@mm=("mm0","mm1","mm2","mm3","mm4","mm5","mm6","mm7"); - -&function_begin_B("whirlpool_block_mmx"); - &push ("ebp"); - &push ("ebx"); - &push ("esi"); - &push ("edi"); - - &mov ("esi",&wparam(0)); # hash value - &mov ("edi",&wparam(1)); # input data stream - &mov ("ebp",&wparam(2)); # number of chunks in input - - &mov ("eax","esp"); # copy stack pointer - &sub ("esp",128+20); # allocate frame - &and ("esp",-64); # align for cache-line - - &lea ("ebx",&DWP(128,"esp")); - &mov (&DWP(0,"ebx"),"esi"); # save parameter block - &mov (&DWP(4,"ebx"),"edi"); - &mov (&DWP(8,"ebx"),"ebp"); - &mov (&DWP(16,"ebx"),"eax"); # saved stack pointer - - &call (&label("pic_point")); -&set_label("pic_point"); - &blindpop($tbl); - &lea ($tbl,&DWP(&label("table")."-".&label("pic_point"),$tbl)); - - &xor ("ecx","ecx"); - &xor ("edx","edx"); - - for($i=0;$i<8;$i++) { &movq(@mm[$i],&QWP($i*8,"esi")); } # L=H -&set_label("outerloop"); - for($i=0;$i<8;$i++) { &movq(&QWP($i*8,"esp"),@mm[$i]); } # K=L - for($i=0;$i<8;$i++) { &pxor(@mm[$i],&QWP($i*8,"edi")); } # L^=inp - for($i=0;$i<8;$i++) { &movq(&QWP(64+$i*8,"esp"),@mm[$i]); } # S=L - - &xor ("esi","esi"); - &mov (&DWP(12,"ebx"),"esi"); # zero round counter - -&set_label("round",16); - &movq (@mm[0],&QWP(2048*$SCALE,$tbl,"esi",8)); # rc[r] - &mov ("eax",&DWP(0,"esp")); - &mov ("ebx",&DWP(4,"esp")); - &movz ("ecx",&LB("eax")); - &movz ("edx",&HB("eax")); -for($i=0;$i<8;$i++) { - my $func = ($i==0)? \&movq : \&pxor; - &shr ("eax",16); - &scale ("esi","ecx"); - &movz ("ecx",&LB("eax")); - &scale ("edi","edx"); - &movz ("edx",&HB("eax")); - &pxor (@mm[0],&QWP(&row(0),$tbl,"esi",8)); - &$func (@mm[1],&QWP(&row(1),$tbl,"edi",8)); - &mov ("eax",&DWP(($i+1)*8,"esp")); - &scale ("esi","ecx"); - &movz ("ecx",&LB("ebx")); - &scale ("edi","edx"); - &movz ("edx",&HB("ebx")); - &$func (@mm[2],&QWP(&row(2),$tbl,"esi",8)); - &$func (@mm[3],&QWP(&row(3),$tbl,"edi",8)); - &shr ("ebx",16); - &scale ("esi","ecx"); - &movz ("ecx",&LB("ebx")); - &scale ("edi","edx"); - &movz ("edx",&HB("ebx")); - &$func (@mm[4],&QWP(&row(4),$tbl,"esi",8)); - &$func (@mm[5],&QWP(&row(5),$tbl,"edi",8)); - &mov ("ebx",&DWP(($i+1)*8+4,"esp")); - &scale ("esi","ecx"); - &movz ("ecx",&LB("eax")); - &scale ("edi","edx"); - &movz ("edx",&HB("eax")); - &$func (@mm[6],&QWP(&row(6),$tbl,"esi",8)); - &$func (@mm[7],&QWP(&row(7),$tbl,"edi",8)); - push(@mm,shift(@mm)); -} - - for($i=0;$i<8;$i++) { &movq(&QWP($i*8,"esp"),@mm[$i]); } # K=L - -for($i=0;$i<8;$i++) { - &shr ("eax",16); - &scale ("esi","ecx"); - &movz ("ecx",&LB("eax")); - &scale ("edi","edx"); - &movz ("edx",&HB("eax")); - &pxor (@mm[0],&QWP(&row(0),$tbl,"esi",8)); - &pxor (@mm[1],&QWP(&row(1),$tbl,"edi",8)); - &mov ("eax",&DWP(64+($i+1)*8,"esp")) if ($i<7); - &scale ("esi","ecx"); - &movz ("ecx",&LB("ebx")); - &scale ("edi","edx"); - &movz ("edx",&HB("ebx")); - &pxor (@mm[2],&QWP(&row(2),$tbl,"esi",8)); - &pxor (@mm[3],&QWP(&row(3),$tbl,"edi",8)); - &shr ("ebx",16); - &scale ("esi","ecx"); - &movz ("ecx",&LB("ebx")); - &scale ("edi","edx"); - &movz ("edx",&HB("ebx")); - &pxor (@mm[4],&QWP(&row(4),$tbl,"esi",8)); - &pxor (@mm[5],&QWP(&row(5),$tbl,"edi",8)); - &mov ("ebx",&DWP(64+($i+1)*8+4,"esp")) if ($i<7); - &scale ("esi","ecx"); - &movz ("ecx",&LB("eax")); - &scale ("edi","edx"); - &movz ("edx",&HB("eax")); - &pxor (@mm[6],&QWP(&row(6),$tbl,"esi",8)); - &pxor (@mm[7],&QWP(&row(7),$tbl,"edi",8)); - push(@mm,shift(@mm)); -} - &lea ("ebx",&DWP(128,"esp")); - &mov ("esi",&DWP(12,"ebx")); # pull round counter - &add ("esi",1); - &cmp ("esi",10); - &je (&label("roundsdone")); - - &mov (&DWP(12,"ebx"),"esi"); # update round counter - for($i=0;$i<8;$i++) { &movq(&QWP(64+$i*8,"esp"),@mm[$i]); } # S=L - &jmp (&label("round")); - -&set_label("roundsdone",16); - &mov ("esi",&DWP(0,"ebx")); # reload argument block - &mov ("edi",&DWP(4,"ebx")); - &mov ("eax",&DWP(8,"ebx")); - - for($i=0;$i<8;$i++) { &pxor(@mm[$i],&QWP($i*8,"edi")); } # L^=inp - for($i=0;$i<8;$i++) { &pxor(@mm[$i],&QWP($i*8,"esi")); } # L^=H - for($i=0;$i<8;$i++) { &movq(&QWP($i*8,"esi"),@mm[$i]); } # H=L - - &lea ("edi",&DWP(64,"edi")); # inp+=64 - &sub ("eax",1); # num-- - &jz (&label("alldone")); - &mov (&DWP(4,"ebx"),"edi"); # update argument block - &mov (&DWP(8,"ebx"),"eax"); - &jmp (&label("outerloop")); - -&set_label("alldone"); - &emms (); - &mov ("esp",&DWP(16,"ebx")); # restore saved stack pointer - &pop ("edi"); - &pop ("esi"); - &pop ("ebx"); - &pop ("ebp"); - &ret (); - -&align(64); -&set_label("table"); - &LL(0x18,0x18,0x60,0x18,0xc0,0x78,0x30,0xd8); - &LL(0x23,0x23,0x8c,0x23,0x05,0xaf,0x46,0x26); - &LL(0xc6,0xc6,0x3f,0xc6,0x7e,0xf9,0x91,0xb8); - &LL(0xe8,0xe8,0x87,0xe8,0x13,0x6f,0xcd,0xfb); - &LL(0x87,0x87,0x26,0x87,0x4c,0xa1,0x13,0xcb); - &LL(0xb8,0xb8,0xda,0xb8,0xa9,0x62,0x6d,0x11); - &LL(0x01,0x01,0x04,0x01,0x08,0x05,0x02,0x09); - &LL(0x4f,0x4f,0x21,0x4f,0x42,0x6e,0x9e,0x0d); - &LL(0x36,0x36,0xd8,0x36,0xad,0xee,0x6c,0x9b); - &LL(0xa6,0xa6,0xa2,0xa6,0x59,0x04,0x51,0xff); - &LL(0xd2,0xd2,0x6f,0xd2,0xde,0xbd,0xb9,0x0c); - &LL(0xf5,0xf5,0xf3,0xf5,0xfb,0x06,0xf7,0x0e); - &LL(0x79,0x79,0xf9,0x79,0xef,0x80,0xf2,0x96); - &LL(0x6f,0x6f,0xa1,0x6f,0x5f,0xce,0xde,0x30); - &LL(0x91,0x91,0x7e,0x91,0xfc,0xef,0x3f,0x6d); - &LL(0x52,0x52,0x55,0x52,0xaa,0x07,0xa4,0xf8); - &LL(0x60,0x60,0x9d,0x60,0x27,0xfd,0xc0,0x47); - &LL(0xbc,0xbc,0xca,0xbc,0x89,0x76,0x65,0x35); - &LL(0x9b,0x9b,0x56,0x9b,0xac,0xcd,0x2b,0x37); - &LL(0x8e,0x8e,0x02,0x8e,0x04,0x8c,0x01,0x8a); - &LL(0xa3,0xa3,0xb6,0xa3,0x71,0x15,0x5b,0xd2); - &LL(0x0c,0x0c,0x30,0x0c,0x60,0x3c,0x18,0x6c); - &LL(0x7b,0x7b,0xf1,0x7b,0xff,0x8a,0xf6,0x84); - &LL(0x35,0x35,0xd4,0x35,0xb5,0xe1,0x6a,0x80); - &LL(0x1d,0x1d,0x74,0x1d,0xe8,0x69,0x3a,0xf5); - &LL(0xe0,0xe0,0xa7,0xe0,0x53,0x47,0xdd,0xb3); - &LL(0xd7,0xd7,0x7b,0xd7,0xf6,0xac,0xb3,0x21); - &LL(0xc2,0xc2,0x2f,0xc2,0x5e,0xed,0x99,0x9c); - &LL(0x2e,0x2e,0xb8,0x2e,0x6d,0x96,0x5c,0x43); - &LL(0x4b,0x4b,0x31,0x4b,0x62,0x7a,0x96,0x29); - &LL(0xfe,0xfe,0xdf,0xfe,0xa3,0x21,0xe1,0x5d); - &LL(0x57,0x57,0x41,0x57,0x82,0x16,0xae,0xd5); - &LL(0x15,0x15,0x54,0x15,0xa8,0x41,0x2a,0xbd); - &LL(0x77,0x77,0xc1,0x77,0x9f,0xb6,0xee,0xe8); - &LL(0x37,0x37,0xdc,0x37,0xa5,0xeb,0x6e,0x92); - &LL(0xe5,0xe5,0xb3,0xe5,0x7b,0x56,0xd7,0x9e); - &LL(0x9f,0x9f,0x46,0x9f,0x8c,0xd9,0x23,0x13); - &LL(0xf0,0xf0,0xe7,0xf0,0xd3,0x17,0xfd,0x23); - &LL(0x4a,0x4a,0x35,0x4a,0x6a,0x7f,0x94,0x20); - &LL(0xda,0xda,0x4f,0xda,0x9e,0x95,0xa9,0x44); - &LL(0x58,0x58,0x7d,0x58,0xfa,0x25,0xb0,0xa2); - &LL(0xc9,0xc9,0x03,0xc9,0x06,0xca,0x8f,0xcf); - &LL(0x29,0x29,0xa4,0x29,0x55,0x8d,0x52,0x7c); - &LL(0x0a,0x0a,0x28,0x0a,0x50,0x22,0x14,0x5a); - &LL(0xb1,0xb1,0xfe,0xb1,0xe1,0x4f,0x7f,0x50); - &LL(0xa0,0xa0,0xba,0xa0,0x69,0x1a,0x5d,0xc9); - &LL(0x6b,0x6b,0xb1,0x6b,0x7f,0xda,0xd6,0x14); - &LL(0x85,0x85,0x2e,0x85,0x5c,0xab,0x17,0xd9); - &LL(0xbd,0xbd,0xce,0xbd,0x81,0x73,0x67,0x3c); - &LL(0x5d,0x5d,0x69,0x5d,0xd2,0x34,0xba,0x8f); - &LL(0x10,0x10,0x40,0x10,0x80,0x50,0x20,0x90); - &LL(0xf4,0xf4,0xf7,0xf4,0xf3,0x03,0xf5,0x07); - &LL(0xcb,0xcb,0x0b,0xcb,0x16,0xc0,0x8b,0xdd); - &LL(0x3e,0x3e,0xf8,0x3e,0xed,0xc6,0x7c,0xd3); - &LL(0x05,0x05,0x14,0x05,0x28,0x11,0x0a,0x2d); - &LL(0x67,0x67,0x81,0x67,0x1f,0xe6,0xce,0x78); - &LL(0xe4,0xe4,0xb7,0xe4,0x73,0x53,0xd5,0x97); - &LL(0x27,0x27,0x9c,0x27,0x25,0xbb,0x4e,0x02); - &LL(0x41,0x41,0x19,0x41,0x32,0x58,0x82,0x73); - &LL(0x8b,0x8b,0x16,0x8b,0x2c,0x9d,0x0b,0xa7); - &LL(0xa7,0xa7,0xa6,0xa7,0x51,0x01,0x53,0xf6); - &LL(0x7d,0x7d,0xe9,0x7d,0xcf,0x94,0xfa,0xb2); - &LL(0x95,0x95,0x6e,0x95,0xdc,0xfb,0x37,0x49); - &LL(0xd8,0xd8,0x47,0xd8,0x8e,0x9f,0xad,0x56); - &LL(0xfb,0xfb,0xcb,0xfb,0x8b,0x30,0xeb,0x70); - &LL(0xee,0xee,0x9f,0xee,0x23,0x71,0xc1,0xcd); - &LL(0x7c,0x7c,0xed,0x7c,0xc7,0x91,0xf8,0xbb); - &LL(0x66,0x66,0x85,0x66,0x17,0xe3,0xcc,0x71); - &LL(0xdd,0xdd,0x53,0xdd,0xa6,0x8e,0xa7,0x7b); - &LL(0x17,0x17,0x5c,0x17,0xb8,0x4b,0x2e,0xaf); - &LL(0x47,0x47,0x01,0x47,0x02,0x46,0x8e,0x45); - &LL(0x9e,0x9e,0x42,0x9e,0x84,0xdc,0x21,0x1a); - &LL(0xca,0xca,0x0f,0xca,0x1e,0xc5,0x89,0xd4); - &LL(0x2d,0x2d,0xb4,0x2d,0x75,0x99,0x5a,0x58); - &LL(0xbf,0xbf,0xc6,0xbf,0x91,0x79,0x63,0x2e); - &LL(0x07,0x07,0x1c,0x07,0x38,0x1b,0x0e,0x3f); - &LL(0xad,0xad,0x8e,0xad,0x01,0x23,0x47,0xac); - &LL(0x5a,0x5a,0x75,0x5a,0xea,0x2f,0xb4,0xb0); - &LL(0x83,0x83,0x36,0x83,0x6c,0xb5,0x1b,0xef); - &LL(0x33,0x33,0xcc,0x33,0x85,0xff,0x66,0xb6); - &LL(0x63,0x63,0x91,0x63,0x3f,0xf2,0xc6,0x5c); - &LL(0x02,0x02,0x08,0x02,0x10,0x0a,0x04,0x12); - &LL(0xaa,0xaa,0x92,0xaa,0x39,0x38,0x49,0x93); - &LL(0x71,0x71,0xd9,0x71,0xaf,0xa8,0xe2,0xde); - &LL(0xc8,0xc8,0x07,0xc8,0x0e,0xcf,0x8d,0xc6); - &LL(0x19,0x19,0x64,0x19,0xc8,0x7d,0x32,0xd1); - &LL(0x49,0x49,0x39,0x49,0x72,0x70,0x92,0x3b); - &LL(0xd9,0xd9,0x43,0xd9,0x86,0x9a,0xaf,0x5f); - &LL(0xf2,0xf2,0xef,0xf2,0xc3,0x1d,0xf9,0x31); - &LL(0xe3,0xe3,0xab,0xe3,0x4b,0x48,0xdb,0xa8); - &LL(0x5b,0x5b,0x71,0x5b,0xe2,0x2a,0xb6,0xb9); - &LL(0x88,0x88,0x1a,0x88,0x34,0x92,0x0d,0xbc); - &LL(0x9a,0x9a,0x52,0x9a,0xa4,0xc8,0x29,0x3e); - &LL(0x26,0x26,0x98,0x26,0x2d,0xbe,0x4c,0x0b); - &LL(0x32,0x32,0xc8,0x32,0x8d,0xfa,0x64,0xbf); - &LL(0xb0,0xb0,0xfa,0xb0,0xe9,0x4a,0x7d,0x59); - &LL(0xe9,0xe9,0x83,0xe9,0x1b,0x6a,0xcf,0xf2); - &LL(0x0f,0x0f,0x3c,0x0f,0x78,0x33,0x1e,0x77); - &LL(0xd5,0xd5,0x73,0xd5,0xe6,0xa6,0xb7,0x33); - &LL(0x80,0x80,0x3a,0x80,0x74,0xba,0x1d,0xf4); - &LL(0xbe,0xbe,0xc2,0xbe,0x99,0x7c,0x61,0x27); - &LL(0xcd,0xcd,0x13,0xcd,0x26,0xde,0x87,0xeb); - &LL(0x34,0x34,0xd0,0x34,0xbd,0xe4,0x68,0x89); - &LL(0x48,0x48,0x3d,0x48,0x7a,0x75,0x90,0x32); - &LL(0xff,0xff,0xdb,0xff,0xab,0x24,0xe3,0x54); - &LL(0x7a,0x7a,0xf5,0x7a,0xf7,0x8f,0xf4,0x8d); - &LL(0x90,0x90,0x7a,0x90,0xf4,0xea,0x3d,0x64); - &LL(0x5f,0x5f,0x61,0x5f,0xc2,0x3e,0xbe,0x9d); - &LL(0x20,0x20,0x80,0x20,0x1d,0xa0,0x40,0x3d); - &LL(0x68,0x68,0xbd,0x68,0x67,0xd5,0xd0,0x0f); - &LL(0x1a,0x1a,0x68,0x1a,0xd0,0x72,0x34,0xca); - &LL(0xae,0xae,0x82,0xae,0x19,0x2c,0x41,0xb7); - &LL(0xb4,0xb4,0xea,0xb4,0xc9,0x5e,0x75,0x7d); - &LL(0x54,0x54,0x4d,0x54,0x9a,0x19,0xa8,0xce); - &LL(0x93,0x93,0x76,0x93,0xec,0xe5,0x3b,0x7f); - &LL(0x22,0x22,0x88,0x22,0x0d,0xaa,0x44,0x2f); - &LL(0x64,0x64,0x8d,0x64,0x07,0xe9,0xc8,0x63); - &LL(0xf1,0xf1,0xe3,0xf1,0xdb,0x12,0xff,0x2a); - &LL(0x73,0x73,0xd1,0x73,0xbf,0xa2,0xe6,0xcc); - &LL(0x12,0x12,0x48,0x12,0x90,0x5a,0x24,0x82); - &LL(0x40,0x40,0x1d,0x40,0x3a,0x5d,0x80,0x7a); - &LL(0x08,0x08,0x20,0x08,0x40,0x28,0x10,0x48); - &LL(0xc3,0xc3,0x2b,0xc3,0x56,0xe8,0x9b,0x95); - &LL(0xec,0xec,0x97,0xec,0x33,0x7b,0xc5,0xdf); - &LL(0xdb,0xdb,0x4b,0xdb,0x96,0x90,0xab,0x4d); - &LL(0xa1,0xa1,0xbe,0xa1,0x61,0x1f,0x5f,0xc0); - &LL(0x8d,0x8d,0x0e,0x8d,0x1c,0x83,0x07,0x91); - &LL(0x3d,0x3d,0xf4,0x3d,0xf5,0xc9,0x7a,0xc8); - &LL(0x97,0x97,0x66,0x97,0xcc,0xf1,0x33,0x5b); - &LL(0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00); - &LL(0xcf,0xcf,0x1b,0xcf,0x36,0xd4,0x83,0xf9); - &LL(0x2b,0x2b,0xac,0x2b,0x45,0x87,0x56,0x6e); - &LL(0x76,0x76,0xc5,0x76,0x97,0xb3,0xec,0xe1); - &LL(0x82,0x82,0x32,0x82,0x64,0xb0,0x19,0xe6); - &LL(0xd6,0xd6,0x7f,0xd6,0xfe,0xa9,0xb1,0x28); - &LL(0x1b,0x1b,0x6c,0x1b,0xd8,0x77,0x36,0xc3); - &LL(0xb5,0xb5,0xee,0xb5,0xc1,0x5b,0x77,0x74); - &LL(0xaf,0xaf,0x86,0xaf,0x11,0x29,0x43,0xbe); - &LL(0x6a,0x6a,0xb5,0x6a,0x77,0xdf,0xd4,0x1d); - &LL(0x50,0x50,0x5d,0x50,0xba,0x0d,0xa0,0xea); - &LL(0x45,0x45,0x09,0x45,0x12,0x4c,0x8a,0x57); - &LL(0xf3,0xf3,0xeb,0xf3,0xcb,0x18,0xfb,0x38); - &LL(0x30,0x30,0xc0,0x30,0x9d,0xf0,0x60,0xad); - &LL(0xef,0xef,0x9b,0xef,0x2b,0x74,0xc3,0xc4); - &LL(0x3f,0x3f,0xfc,0x3f,0xe5,0xc3,0x7e,0xda); - &LL(0x55,0x55,0x49,0x55,0x92,0x1c,0xaa,0xc7); - &LL(0xa2,0xa2,0xb2,0xa2,0x79,0x10,0x59,0xdb); - &LL(0xea,0xea,0x8f,0xea,0x03,0x65,0xc9,0xe9); - &LL(0x65,0x65,0x89,0x65,0x0f,0xec,0xca,0x6a); - &LL(0xba,0xba,0xd2,0xba,0xb9,0x68,0x69,0x03); - &LL(0x2f,0x2f,0xbc,0x2f,0x65,0x93,0x5e,0x4a); - &LL(0xc0,0xc0,0x27,0xc0,0x4e,0xe7,0x9d,0x8e); - &LL(0xde,0xde,0x5f,0xde,0xbe,0x81,0xa1,0x60); - &LL(0x1c,0x1c,0x70,0x1c,0xe0,0x6c,0x38,0xfc); - &LL(0xfd,0xfd,0xd3,0xfd,0xbb,0x2e,0xe7,0x46); - &LL(0x4d,0x4d,0x29,0x4d,0x52,0x64,0x9a,0x1f); - &LL(0x92,0x92,0x72,0x92,0xe4,0xe0,0x39,0x76); - &LL(0x75,0x75,0xc9,0x75,0x8f,0xbc,0xea,0xfa); - &LL(0x06,0x06,0x18,0x06,0x30,0x1e,0x0c,0x36); - &LL(0x8a,0x8a,0x12,0x8a,0x24,0x98,0x09,0xae); - &LL(0xb2,0xb2,0xf2,0xb2,0xf9,0x40,0x79,0x4b); - &LL(0xe6,0xe6,0xbf,0xe6,0x63,0x59,0xd1,0x85); - &LL(0x0e,0x0e,0x38,0x0e,0x70,0x36,0x1c,0x7e); - &LL(0x1f,0x1f,0x7c,0x1f,0xf8,0x63,0x3e,0xe7); - &LL(0x62,0x62,0x95,0x62,0x37,0xf7,0xc4,0x55); - &LL(0xd4,0xd4,0x77,0xd4,0xee,0xa3,0xb5,0x3a); - &LL(0xa8,0xa8,0x9a,0xa8,0x29,0x32,0x4d,0x81); - &LL(0x96,0x96,0x62,0x96,0xc4,0xf4,0x31,0x52); - &LL(0xf9,0xf9,0xc3,0xf9,0x9b,0x3a,0xef,0x62); - &LL(0xc5,0xc5,0x33,0xc5,0x66,0xf6,0x97,0xa3); - &LL(0x25,0x25,0x94,0x25,0x35,0xb1,0x4a,0x10); - &LL(0x59,0x59,0x79,0x59,0xf2,0x20,0xb2,0xab); - &LL(0x84,0x84,0x2a,0x84,0x54,0xae,0x15,0xd0); - &LL(0x72,0x72,0xd5,0x72,0xb7,0xa7,0xe4,0xc5); - &LL(0x39,0x39,0xe4,0x39,0xd5,0xdd,0x72,0xec); - &LL(0x4c,0x4c,0x2d,0x4c,0x5a,0x61,0x98,0x16); - &LL(0x5e,0x5e,0x65,0x5e,0xca,0x3b,0xbc,0x94); - &LL(0x78,0x78,0xfd,0x78,0xe7,0x85,0xf0,0x9f); - &LL(0x38,0x38,0xe0,0x38,0xdd,0xd8,0x70,0xe5); - &LL(0x8c,0x8c,0x0a,0x8c,0x14,0x86,0x05,0x98); - &LL(0xd1,0xd1,0x63,0xd1,0xc6,0xb2,0xbf,0x17); - &LL(0xa5,0xa5,0xae,0xa5,0x41,0x0b,0x57,0xe4); - &LL(0xe2,0xe2,0xaf,0xe2,0x43,0x4d,0xd9,0xa1); - &LL(0x61,0x61,0x99,0x61,0x2f,0xf8,0xc2,0x4e); - &LL(0xb3,0xb3,0xf6,0xb3,0xf1,0x45,0x7b,0x42); - &LL(0x21,0x21,0x84,0x21,0x15,0xa5,0x42,0x34); - &LL(0x9c,0x9c,0x4a,0x9c,0x94,0xd6,0x25,0x08); - &LL(0x1e,0x1e,0x78,0x1e,0xf0,0x66,0x3c,0xee); - &LL(0x43,0x43,0x11,0x43,0x22,0x52,0x86,0x61); - &LL(0xc7,0xc7,0x3b,0xc7,0x76,0xfc,0x93,0xb1); - &LL(0xfc,0xfc,0xd7,0xfc,0xb3,0x2b,0xe5,0x4f); - &LL(0x04,0x04,0x10,0x04,0x20,0x14,0x08,0x24); - &LL(0x51,0x51,0x59,0x51,0xb2,0x08,0xa2,0xe3); - &LL(0x99,0x99,0x5e,0x99,0xbc,0xc7,0x2f,0x25); - &LL(0x6d,0x6d,0xa9,0x6d,0x4f,0xc4,0xda,0x22); - &LL(0x0d,0x0d,0x34,0x0d,0x68,0x39,0x1a,0x65); - &LL(0xfa,0xfa,0xcf,0xfa,0x83,0x35,0xe9,0x79); - &LL(0xdf,0xdf,0x5b,0xdf,0xb6,0x84,0xa3,0x69); - &LL(0x7e,0x7e,0xe5,0x7e,0xd7,0x9b,0xfc,0xa9); - &LL(0x24,0x24,0x90,0x24,0x3d,0xb4,0x48,0x19); - &LL(0x3b,0x3b,0xec,0x3b,0xc5,0xd7,0x76,0xfe); - &LL(0xab,0xab,0x96,0xab,0x31,0x3d,0x4b,0x9a); - &LL(0xce,0xce,0x1f,0xce,0x3e,0xd1,0x81,0xf0); - &LL(0x11,0x11,0x44,0x11,0x88,0x55,0x22,0x99); - &LL(0x8f,0x8f,0x06,0x8f,0x0c,0x89,0x03,0x83); - &LL(0x4e,0x4e,0x25,0x4e,0x4a,0x6b,0x9c,0x04); - &LL(0xb7,0xb7,0xe6,0xb7,0xd1,0x51,0x73,0x66); - &LL(0xeb,0xeb,0x8b,0xeb,0x0b,0x60,0xcb,0xe0); - &LL(0x3c,0x3c,0xf0,0x3c,0xfd,0xcc,0x78,0xc1); - &LL(0x81,0x81,0x3e,0x81,0x7c,0xbf,0x1f,0xfd); - &LL(0x94,0x94,0x6a,0x94,0xd4,0xfe,0x35,0x40); - &LL(0xf7,0xf7,0xfb,0xf7,0xeb,0x0c,0xf3,0x1c); - &LL(0xb9,0xb9,0xde,0xb9,0xa1,0x67,0x6f,0x18); - &LL(0x13,0x13,0x4c,0x13,0x98,0x5f,0x26,0x8b); - &LL(0x2c,0x2c,0xb0,0x2c,0x7d,0x9c,0x58,0x51); - &LL(0xd3,0xd3,0x6b,0xd3,0xd6,0xb8,0xbb,0x05); - &LL(0xe7,0xe7,0xbb,0xe7,0x6b,0x5c,0xd3,0x8c); - &LL(0x6e,0x6e,0xa5,0x6e,0x57,0xcb,0xdc,0x39); - &LL(0xc4,0xc4,0x37,0xc4,0x6e,0xf3,0x95,0xaa); - &LL(0x03,0x03,0x0c,0x03,0x18,0x0f,0x06,0x1b); - &LL(0x56,0x56,0x45,0x56,0x8a,0x13,0xac,0xdc); - &LL(0x44,0x44,0x0d,0x44,0x1a,0x49,0x88,0x5e); - &LL(0x7f,0x7f,0xe1,0x7f,0xdf,0x9e,0xfe,0xa0); - &LL(0xa9,0xa9,0x9e,0xa9,0x21,0x37,0x4f,0x88); - &LL(0x2a,0x2a,0xa8,0x2a,0x4d,0x82,0x54,0x67); - &LL(0xbb,0xbb,0xd6,0xbb,0xb1,0x6d,0x6b,0x0a); - &LL(0xc1,0xc1,0x23,0xc1,0x46,0xe2,0x9f,0x87); - &LL(0x53,0x53,0x51,0x53,0xa2,0x02,0xa6,0xf1); - &LL(0xdc,0xdc,0x57,0xdc,0xae,0x8b,0xa5,0x72); - &LL(0x0b,0x0b,0x2c,0x0b,0x58,0x27,0x16,0x53); - &LL(0x9d,0x9d,0x4e,0x9d,0x9c,0xd3,0x27,0x01); - &LL(0x6c,0x6c,0xad,0x6c,0x47,0xc1,0xd8,0x2b); - &LL(0x31,0x31,0xc4,0x31,0x95,0xf5,0x62,0xa4); - &LL(0x74,0x74,0xcd,0x74,0x87,0xb9,0xe8,0xf3); - &LL(0xf6,0xf6,0xff,0xf6,0xe3,0x09,0xf1,0x15); - &LL(0x46,0x46,0x05,0x46,0x0a,0x43,0x8c,0x4c); - &LL(0xac,0xac,0x8a,0xac,0x09,0x26,0x45,0xa5); - &LL(0x89,0x89,0x1e,0x89,0x3c,0x97,0x0f,0xb5); - &LL(0x14,0x14,0x50,0x14,0xa0,0x44,0x28,0xb4); - &LL(0xe1,0xe1,0xa3,0xe1,0x5b,0x42,0xdf,0xba); - &LL(0x16,0x16,0x58,0x16,0xb0,0x4e,0x2c,0xa6); - &LL(0x3a,0x3a,0xe8,0x3a,0xcd,0xd2,0x74,0xf7); - &LL(0x69,0x69,0xb9,0x69,0x6f,0xd0,0xd2,0x06); - &LL(0x09,0x09,0x24,0x09,0x48,0x2d,0x12,0x41); - &LL(0x70,0x70,0xdd,0x70,0xa7,0xad,0xe0,0xd7); - &LL(0xb6,0xb6,0xe2,0xb6,0xd9,0x54,0x71,0x6f); - &LL(0xd0,0xd0,0x67,0xd0,0xce,0xb7,0xbd,0x1e); - &LL(0xed,0xed,0x93,0xed,0x3b,0x7e,0xc7,0xd6); - &LL(0xcc,0xcc,0x17,0xcc,0x2e,0xdb,0x85,0xe2); - &LL(0x42,0x42,0x15,0x42,0x2a,0x57,0x84,0x68); - &LL(0x98,0x98,0x5a,0x98,0xb4,0xc2,0x2d,0x2c); - &LL(0xa4,0xa4,0xaa,0xa4,0x49,0x0e,0x55,0xed); - &LL(0x28,0x28,0xa0,0x28,0x5d,0x88,0x50,0x75); - &LL(0x5c,0x5c,0x6d,0x5c,0xda,0x31,0xb8,0x86); - &LL(0xf8,0xf8,0xc7,0xf8,0x93,0x3f,0xed,0x6b); - &LL(0x86,0x86,0x22,0x86,0x44,0xa4,0x11,0xc2); - - &L(0x18,0x23,0xc6,0xe8,0x87,0xb8,0x01,0x4f); # rc[ROUNDS] - &L(0x36,0xa6,0xd2,0xf5,0x79,0x6f,0x91,0x52); - &L(0x60,0xbc,0x9b,0x8e,0xa3,0x0c,0x7b,0x35); - &L(0x1d,0xe0,0xd7,0xc2,0x2e,0x4b,0xfe,0x57); - &L(0x15,0x77,0x37,0xe5,0x9f,0xf0,0x4a,0xda); - &L(0x58,0xc9,0x29,0x0a,0xb1,0xa0,0x6b,0x85); - &L(0xbd,0x5d,0x10,0xf4,0xcb,0x3e,0x05,0x67); - &L(0xe4,0x27,0x41,0x8b,0xa7,0x7d,0x95,0xd8); - &L(0xfb,0xee,0x7c,0x66,0xdd,0x17,0x47,0x9e); - &L(0xca,0x2d,0xbf,0x07,0xad,0x5a,0x83,0x33); - -&function_end_B("whirlpool_block_mmx"); -&asm_finish(); - -close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/whrlpool/asm/wp-x86_64.pl b/crypto/whrlpool/asm/wp-x86_64.pl deleted file mode 100644 index f94152af9769ebb06e3c284bcaabc8cad7fa3c17..0000000000000000000000000000000000000000 --- a/crypto/whrlpool/asm/wp-x86_64.pl +++ /dev/null @@ -1,619 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2005-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - -# -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. Rights for redistribution and usage in source and binary -# forms are granted according to the License. -# ==================================================================== -# -# whirlpool_block for x86_64. -# -# 2500 cycles per 64-byte input block on AMD64, which is *identical* -# to 32-bit MMX version executed on same CPU. So why did I bother? -# Well, it's faster than gcc 3.3.2 generated code by over 50%, and -# over 80% faster than PathScale 1.4, an "ambitious" commercial -# compiler. Furthermore it surpasses gcc 3.4.3 by 170% and Sun Studio -# 10 - by 360%[!]... What is it with x86_64 compilers? It's not the -# first example when they fail to generate more optimal code, when -# I believe they had *all* chances to... -# -# Note that register and stack frame layout are virtually identical -# to 32-bit MMX version, except that %r8-15 are used instead of -# %mm0-8. You can even notice that K[i] and S[i] are loaded to -# %eax:%ebx as pair of 32-bit values and not as single 64-bit one. -# This is done in order to avoid 64-bit shift penalties on Intel -# EM64T core. Speaking of which! I bet it's possible to improve -# Opteron performance by compressing the table to 2KB and replacing -# unaligned references with complementary rotations [which would -# incidentally replace lea instructions], but it would definitely -# just "kill" EM64T, because it has only 1 shifter/rotator [against -# 3 on Opteron] and which is *unacceptably* slow with 64-bit -# operand. - -# $output is the last argument if it looks like a file (it has an extension) -# $flavour is the first argument if it doesn't look like a file -$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; -$flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef; - -$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/); - -$0 =~ m/(.*[\/\\])[^\/\\]+$/; my $dir=$1; my $xlate; -( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or -( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or -die "can't locate x86_64-xlate.pl"; - -open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"" - or die "can't call $xlate: $!"; -*STDOUT=*OUT; - -sub L() { $code.=".byte ".join(',',@_)."\n"; } -sub LL(){ $code.=".byte ".join(',',@_).",".join(',',@_)."\n"; } - -@mm=("%r8","%r9","%r10","%r11","%r12","%r13","%r14","%r15"); - -$func="whirlpool_block"; -$table=".Ltable"; - -$code=<<___; -.text - -.globl $func -.type $func,\@function,3 -.align 16 -$func: -.cfi_startproc - mov %rsp,%rax -.cfi_def_cfa_register %rax - push %rbx -.cfi_push %rbx - push %rbp -.cfi_push %rbp - push %r12 -.cfi_push %r12 - push %r13 -.cfi_push %r13 - push %r14 -.cfi_push %r14 - push %r15 -.cfi_push %r15 - - sub \$128+40,%rsp - and \$-64,%rsp - - lea 128(%rsp),%r10 - mov %rdi,0(%r10) # save parameter block - mov %rsi,8(%r10) - mov %rdx,16(%r10) - mov %rax,32(%r10) # saved stack pointer -.cfi_cfa_expression %rsp+`128+32`,deref,+8 -.Lprologue: - - mov %r10,%rbx - lea $table(%rip),%rbp - - xor %rcx,%rcx - xor %rdx,%rdx -___ -for($i=0;$i<8;$i++) { $code.="mov $i*8(%rdi),@mm[$i]\n"; } # L=H -$code.=".Louterloop:\n"; -for($i=0;$i<8;$i++) { $code.="mov @mm[$i],$i*8(%rsp)\n"; } # K=L -for($i=0;$i<8;$i++) { $code.="xor $i*8(%rsi),@mm[$i]\n"; } # L^=inp -for($i=0;$i<8;$i++) { $code.="mov @mm[$i],64+$i*8(%rsp)\n"; } # S=L -$code.=<<___; - xor %rsi,%rsi - mov %rsi,24(%rbx) # zero round counter - jmp .Lround -.align 16 -.Lround: - mov 4096(%rbp,%rsi,8),@mm[0] # rc[r] - mov 0(%rsp),%eax - mov 4(%rsp),%ebx - movz %al,%ecx - movz %ah,%edx -___ -for($i=0;$i<8;$i++) { - my $func = ($i==0)? "mov" : "xor"; - $code.=<<___; - shr \$16,%eax - lea (%rcx,%rcx),%rsi - movz %al,%ecx - lea (%rdx,%rdx),%rdi - movz %ah,%edx - xor 0(%rbp,%rsi,8),@mm[0] - $func 7(%rbp,%rdi,8),@mm[1] - mov $i*8+8(%rsp),%eax # ($i+1)*8 - lea (%rcx,%rcx),%rsi - movz %bl,%ecx - lea (%rdx,%rdx),%rdi - movz %bh,%edx - $func 6(%rbp,%rsi,8),@mm[2] - $func 5(%rbp,%rdi,8),@mm[3] - shr \$16,%ebx - lea (%rcx,%rcx),%rsi - movz %bl,%ecx - lea (%rdx,%rdx),%rdi - movz %bh,%edx - $func 4(%rbp,%rsi,8),@mm[4] - $func 3(%rbp,%rdi,8),@mm[5] - mov $i*8+8+4(%rsp),%ebx # ($i+1)*8+4 - lea (%rcx,%rcx),%rsi - movz %al,%ecx - lea (%rdx,%rdx),%rdi - movz %ah,%edx - $func 2(%rbp,%rsi,8),@mm[6] - $func 1(%rbp,%rdi,8),@mm[7] -___ - push(@mm,shift(@mm)); -} -for($i=0;$i<8;$i++) { $code.="mov @mm[$i],$i*8(%rsp)\n"; } # K=L -for($i=0;$i<8;$i++) { - $code.=<<___; - shr \$16,%eax - lea (%rcx,%rcx),%rsi - movz %al,%ecx - lea (%rdx,%rdx),%rdi - movz %ah,%edx - xor 0(%rbp,%rsi,8),@mm[0] - xor 7(%rbp,%rdi,8),@mm[1] - `"mov 64+$i*8+8(%rsp),%eax" if($i<7);` # 64+($i+1)*8 - lea (%rcx,%rcx),%rsi - movz %bl,%ecx - lea (%rdx,%rdx),%rdi - movz %bh,%edx - xor 6(%rbp,%rsi,8),@mm[2] - xor 5(%rbp,%rdi,8),@mm[3] - shr \$16,%ebx - lea (%rcx,%rcx),%rsi - movz %bl,%ecx - lea (%rdx,%rdx),%rdi - movz %bh,%edx - xor 4(%rbp,%rsi,8),@mm[4] - xor 3(%rbp,%rdi,8),@mm[5] - `"mov 64+$i*8+8+4(%rsp),%ebx" if($i<7);` # 64+($i+1)*8+4 - lea (%rcx,%rcx),%rsi - movz %al,%ecx - lea (%rdx,%rdx),%rdi - movz %ah,%edx - xor 2(%rbp,%rsi,8),@mm[6] - xor 1(%rbp,%rdi,8),@mm[7] -___ - push(@mm,shift(@mm)); -} -$code.=<<___; - lea 128(%rsp),%rbx - mov 24(%rbx),%rsi # pull round counter - add \$1,%rsi - cmp \$10,%rsi - je .Lroundsdone - - mov %rsi,24(%rbx) # update round counter -___ -for($i=0;$i<8;$i++) { $code.="mov @mm[$i],64+$i*8(%rsp)\n"; } # S=L -$code.=<<___; - jmp .Lround -.align 16 -.Lroundsdone: - mov 0(%rbx),%rdi # reload argument block - mov 8(%rbx),%rsi - mov 16(%rbx),%rax -___ -for($i=0;$i<8;$i++) { $code.="xor $i*8(%rsi),@mm[$i]\n"; } # L^=inp -for($i=0;$i<8;$i++) { $code.="xor $i*8(%rdi),@mm[$i]\n"; } # L^=H -for($i=0;$i<8;$i++) { $code.="mov @mm[$i],$i*8(%rdi)\n"; } # H=L -$code.=<<___; - lea 64(%rsi),%rsi # inp+=64 - sub \$1,%rax # num-- - jz .Lalldone - mov %rsi,8(%rbx) # update parameter block - mov %rax,16(%rbx) - jmp .Louterloop -.Lalldone: - mov 32(%rbx),%rsi # restore saved pointer -.cfi_def_cfa %rsi,8 - mov -48(%rsi),%r15 -.cfi_restore %r15 - mov -40(%rsi),%r14 -.cfi_restore %r14 - mov -32(%rsi),%r13 -.cfi_restore %r13 - mov -24(%rsi),%r12 -.cfi_restore %r12 - mov -16(%rsi),%rbp -.cfi_restore %rbp - mov -8(%rsi),%rbx -.cfi_restore %rbx - lea (%rsi),%rsp -.cfi_def_cfa_register %rsp -.Lepilogue: - ret -.cfi_endproc -.size $func,.-$func - -.align 64 -.type $table,\@object -$table: -___ - &LL(0x18,0x18,0x60,0x18,0xc0,0x78,0x30,0xd8); - &LL(0x23,0x23,0x8c,0x23,0x05,0xaf,0x46,0x26); - &LL(0xc6,0xc6,0x3f,0xc6,0x7e,0xf9,0x91,0xb8); - &LL(0xe8,0xe8,0x87,0xe8,0x13,0x6f,0xcd,0xfb); - &LL(0x87,0x87,0x26,0x87,0x4c,0xa1,0x13,0xcb); - &LL(0xb8,0xb8,0xda,0xb8,0xa9,0x62,0x6d,0x11); - &LL(0x01,0x01,0x04,0x01,0x08,0x05,0x02,0x09); - &LL(0x4f,0x4f,0x21,0x4f,0x42,0x6e,0x9e,0x0d); - &LL(0x36,0x36,0xd8,0x36,0xad,0xee,0x6c,0x9b); - &LL(0xa6,0xa6,0xa2,0xa6,0x59,0x04,0x51,0xff); - &LL(0xd2,0xd2,0x6f,0xd2,0xde,0xbd,0xb9,0x0c); - &LL(0xf5,0xf5,0xf3,0xf5,0xfb,0x06,0xf7,0x0e); - &LL(0x79,0x79,0xf9,0x79,0xef,0x80,0xf2,0x96); - &LL(0x6f,0x6f,0xa1,0x6f,0x5f,0xce,0xde,0x30); - &LL(0x91,0x91,0x7e,0x91,0xfc,0xef,0x3f,0x6d); - &LL(0x52,0x52,0x55,0x52,0xaa,0x07,0xa4,0xf8); - &LL(0x60,0x60,0x9d,0x60,0x27,0xfd,0xc0,0x47); - &LL(0xbc,0xbc,0xca,0xbc,0x89,0x76,0x65,0x35); - &LL(0x9b,0x9b,0x56,0x9b,0xac,0xcd,0x2b,0x37); - &LL(0x8e,0x8e,0x02,0x8e,0x04,0x8c,0x01,0x8a); - &LL(0xa3,0xa3,0xb6,0xa3,0x71,0x15,0x5b,0xd2); - &LL(0x0c,0x0c,0x30,0x0c,0x60,0x3c,0x18,0x6c); - &LL(0x7b,0x7b,0xf1,0x7b,0xff,0x8a,0xf6,0x84); - &LL(0x35,0x35,0xd4,0x35,0xb5,0xe1,0x6a,0x80); - &LL(0x1d,0x1d,0x74,0x1d,0xe8,0x69,0x3a,0xf5); - &LL(0xe0,0xe0,0xa7,0xe0,0x53,0x47,0xdd,0xb3); - &LL(0xd7,0xd7,0x7b,0xd7,0xf6,0xac,0xb3,0x21); - &LL(0xc2,0xc2,0x2f,0xc2,0x5e,0xed,0x99,0x9c); - &LL(0x2e,0x2e,0xb8,0x2e,0x6d,0x96,0x5c,0x43); - &LL(0x4b,0x4b,0x31,0x4b,0x62,0x7a,0x96,0x29); - &LL(0xfe,0xfe,0xdf,0xfe,0xa3,0x21,0xe1,0x5d); - &LL(0x57,0x57,0x41,0x57,0x82,0x16,0xae,0xd5); - &LL(0x15,0x15,0x54,0x15,0xa8,0x41,0x2a,0xbd); - &LL(0x77,0x77,0xc1,0x77,0x9f,0xb6,0xee,0xe8); - &LL(0x37,0x37,0xdc,0x37,0xa5,0xeb,0x6e,0x92); - &LL(0xe5,0xe5,0xb3,0xe5,0x7b,0x56,0xd7,0x9e); - &LL(0x9f,0x9f,0x46,0x9f,0x8c,0xd9,0x23,0x13); - &LL(0xf0,0xf0,0xe7,0xf0,0xd3,0x17,0xfd,0x23); - &LL(0x4a,0x4a,0x35,0x4a,0x6a,0x7f,0x94,0x20); - &LL(0xda,0xda,0x4f,0xda,0x9e,0x95,0xa9,0x44); - &LL(0x58,0x58,0x7d,0x58,0xfa,0x25,0xb0,0xa2); - &LL(0xc9,0xc9,0x03,0xc9,0x06,0xca,0x8f,0xcf); - &LL(0x29,0x29,0xa4,0x29,0x55,0x8d,0x52,0x7c); - &LL(0x0a,0x0a,0x28,0x0a,0x50,0x22,0x14,0x5a); - &LL(0xb1,0xb1,0xfe,0xb1,0xe1,0x4f,0x7f,0x50); - &LL(0xa0,0xa0,0xba,0xa0,0x69,0x1a,0x5d,0xc9); - &LL(0x6b,0x6b,0xb1,0x6b,0x7f,0xda,0xd6,0x14); - &LL(0x85,0x85,0x2e,0x85,0x5c,0xab,0x17,0xd9); - &LL(0xbd,0xbd,0xce,0xbd,0x81,0x73,0x67,0x3c); - &LL(0x5d,0x5d,0x69,0x5d,0xd2,0x34,0xba,0x8f); - &LL(0x10,0x10,0x40,0x10,0x80,0x50,0x20,0x90); - &LL(0xf4,0xf4,0xf7,0xf4,0xf3,0x03,0xf5,0x07); - &LL(0xcb,0xcb,0x0b,0xcb,0x16,0xc0,0x8b,0xdd); - &LL(0x3e,0x3e,0xf8,0x3e,0xed,0xc6,0x7c,0xd3); - &LL(0x05,0x05,0x14,0x05,0x28,0x11,0x0a,0x2d); - &LL(0x67,0x67,0x81,0x67,0x1f,0xe6,0xce,0x78); - &LL(0xe4,0xe4,0xb7,0xe4,0x73,0x53,0xd5,0x97); - &LL(0x27,0x27,0x9c,0x27,0x25,0xbb,0x4e,0x02); - &LL(0x41,0x41,0x19,0x41,0x32,0x58,0x82,0x73); - &LL(0x8b,0x8b,0x16,0x8b,0x2c,0x9d,0x0b,0xa7); - &LL(0xa7,0xa7,0xa6,0xa7,0x51,0x01,0x53,0xf6); - &LL(0x7d,0x7d,0xe9,0x7d,0xcf,0x94,0xfa,0xb2); - &LL(0x95,0x95,0x6e,0x95,0xdc,0xfb,0x37,0x49); - &LL(0xd8,0xd8,0x47,0xd8,0x8e,0x9f,0xad,0x56); - &LL(0xfb,0xfb,0xcb,0xfb,0x8b,0x30,0xeb,0x70); - &LL(0xee,0xee,0x9f,0xee,0x23,0x71,0xc1,0xcd); - &LL(0x7c,0x7c,0xed,0x7c,0xc7,0x91,0xf8,0xbb); - &LL(0x66,0x66,0x85,0x66,0x17,0xe3,0xcc,0x71); - &LL(0xdd,0xdd,0x53,0xdd,0xa6,0x8e,0xa7,0x7b); - &LL(0x17,0x17,0x5c,0x17,0xb8,0x4b,0x2e,0xaf); - &LL(0x47,0x47,0x01,0x47,0x02,0x46,0x8e,0x45); - &LL(0x9e,0x9e,0x42,0x9e,0x84,0xdc,0x21,0x1a); - &LL(0xca,0xca,0x0f,0xca,0x1e,0xc5,0x89,0xd4); - &LL(0x2d,0x2d,0xb4,0x2d,0x75,0x99,0x5a,0x58); - &LL(0xbf,0xbf,0xc6,0xbf,0x91,0x79,0x63,0x2e); - &LL(0x07,0x07,0x1c,0x07,0x38,0x1b,0x0e,0x3f); - &LL(0xad,0xad,0x8e,0xad,0x01,0x23,0x47,0xac); - &LL(0x5a,0x5a,0x75,0x5a,0xea,0x2f,0xb4,0xb0); - &LL(0x83,0x83,0x36,0x83,0x6c,0xb5,0x1b,0xef); - &LL(0x33,0x33,0xcc,0x33,0x85,0xff,0x66,0xb6); - &LL(0x63,0x63,0x91,0x63,0x3f,0xf2,0xc6,0x5c); - &LL(0x02,0x02,0x08,0x02,0x10,0x0a,0x04,0x12); - &LL(0xaa,0xaa,0x92,0xaa,0x39,0x38,0x49,0x93); - &LL(0x71,0x71,0xd9,0x71,0xaf,0xa8,0xe2,0xde); - &LL(0xc8,0xc8,0x07,0xc8,0x0e,0xcf,0x8d,0xc6); - &LL(0x19,0x19,0x64,0x19,0xc8,0x7d,0x32,0xd1); - &LL(0x49,0x49,0x39,0x49,0x72,0x70,0x92,0x3b); - &LL(0xd9,0xd9,0x43,0xd9,0x86,0x9a,0xaf,0x5f); - &LL(0xf2,0xf2,0xef,0xf2,0xc3,0x1d,0xf9,0x31); - &LL(0xe3,0xe3,0xab,0xe3,0x4b,0x48,0xdb,0xa8); - &LL(0x5b,0x5b,0x71,0x5b,0xe2,0x2a,0xb6,0xb9); - &LL(0x88,0x88,0x1a,0x88,0x34,0x92,0x0d,0xbc); - &LL(0x9a,0x9a,0x52,0x9a,0xa4,0xc8,0x29,0x3e); - &LL(0x26,0x26,0x98,0x26,0x2d,0xbe,0x4c,0x0b); - &LL(0x32,0x32,0xc8,0x32,0x8d,0xfa,0x64,0xbf); - &LL(0xb0,0xb0,0xfa,0xb0,0xe9,0x4a,0x7d,0x59); - &LL(0xe9,0xe9,0x83,0xe9,0x1b,0x6a,0xcf,0xf2); - &LL(0x0f,0x0f,0x3c,0x0f,0x78,0x33,0x1e,0x77); - &LL(0xd5,0xd5,0x73,0xd5,0xe6,0xa6,0xb7,0x33); - &LL(0x80,0x80,0x3a,0x80,0x74,0xba,0x1d,0xf4); - &LL(0xbe,0xbe,0xc2,0xbe,0x99,0x7c,0x61,0x27); - &LL(0xcd,0xcd,0x13,0xcd,0x26,0xde,0x87,0xeb); - &LL(0x34,0x34,0xd0,0x34,0xbd,0xe4,0x68,0x89); - &LL(0x48,0x48,0x3d,0x48,0x7a,0x75,0x90,0x32); - &LL(0xff,0xff,0xdb,0xff,0xab,0x24,0xe3,0x54); - &LL(0x7a,0x7a,0xf5,0x7a,0xf7,0x8f,0xf4,0x8d); - &LL(0x90,0x90,0x7a,0x90,0xf4,0xea,0x3d,0x64); - &LL(0x5f,0x5f,0x61,0x5f,0xc2,0x3e,0xbe,0x9d); - &LL(0x20,0x20,0x80,0x20,0x1d,0xa0,0x40,0x3d); - &LL(0x68,0x68,0xbd,0x68,0x67,0xd5,0xd0,0x0f); - &LL(0x1a,0x1a,0x68,0x1a,0xd0,0x72,0x34,0xca); - &LL(0xae,0xae,0x82,0xae,0x19,0x2c,0x41,0xb7); - &LL(0xb4,0xb4,0xea,0xb4,0xc9,0x5e,0x75,0x7d); - &LL(0x54,0x54,0x4d,0x54,0x9a,0x19,0xa8,0xce); - &LL(0x93,0x93,0x76,0x93,0xec,0xe5,0x3b,0x7f); - &LL(0x22,0x22,0x88,0x22,0x0d,0xaa,0x44,0x2f); - &LL(0x64,0x64,0x8d,0x64,0x07,0xe9,0xc8,0x63); - &LL(0xf1,0xf1,0xe3,0xf1,0xdb,0x12,0xff,0x2a); - &LL(0x73,0x73,0xd1,0x73,0xbf,0xa2,0xe6,0xcc); - &LL(0x12,0x12,0x48,0x12,0x90,0x5a,0x24,0x82); - &LL(0x40,0x40,0x1d,0x40,0x3a,0x5d,0x80,0x7a); - &LL(0x08,0x08,0x20,0x08,0x40,0x28,0x10,0x48); - &LL(0xc3,0xc3,0x2b,0xc3,0x56,0xe8,0x9b,0x95); - &LL(0xec,0xec,0x97,0xec,0x33,0x7b,0xc5,0xdf); - &LL(0xdb,0xdb,0x4b,0xdb,0x96,0x90,0xab,0x4d); - &LL(0xa1,0xa1,0xbe,0xa1,0x61,0x1f,0x5f,0xc0); - &LL(0x8d,0x8d,0x0e,0x8d,0x1c,0x83,0x07,0x91); - &LL(0x3d,0x3d,0xf4,0x3d,0xf5,0xc9,0x7a,0xc8); - &LL(0x97,0x97,0x66,0x97,0xcc,0xf1,0x33,0x5b); - &LL(0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00); - &LL(0xcf,0xcf,0x1b,0xcf,0x36,0xd4,0x83,0xf9); - &LL(0x2b,0x2b,0xac,0x2b,0x45,0x87,0x56,0x6e); - &LL(0x76,0x76,0xc5,0x76,0x97,0xb3,0xec,0xe1); - &LL(0x82,0x82,0x32,0x82,0x64,0xb0,0x19,0xe6); - &LL(0xd6,0xd6,0x7f,0xd6,0xfe,0xa9,0xb1,0x28); - &LL(0x1b,0x1b,0x6c,0x1b,0xd8,0x77,0x36,0xc3); - &LL(0xb5,0xb5,0xee,0xb5,0xc1,0x5b,0x77,0x74); - &LL(0xaf,0xaf,0x86,0xaf,0x11,0x29,0x43,0xbe); - &LL(0x6a,0x6a,0xb5,0x6a,0x77,0xdf,0xd4,0x1d); - &LL(0x50,0x50,0x5d,0x50,0xba,0x0d,0xa0,0xea); - &LL(0x45,0x45,0x09,0x45,0x12,0x4c,0x8a,0x57); - &LL(0xf3,0xf3,0xeb,0xf3,0xcb,0x18,0xfb,0x38); - &LL(0x30,0x30,0xc0,0x30,0x9d,0xf0,0x60,0xad); - &LL(0xef,0xef,0x9b,0xef,0x2b,0x74,0xc3,0xc4); - &LL(0x3f,0x3f,0xfc,0x3f,0xe5,0xc3,0x7e,0xda); - &LL(0x55,0x55,0x49,0x55,0x92,0x1c,0xaa,0xc7); - &LL(0xa2,0xa2,0xb2,0xa2,0x79,0x10,0x59,0xdb); - &LL(0xea,0xea,0x8f,0xea,0x03,0x65,0xc9,0xe9); - &LL(0x65,0x65,0x89,0x65,0x0f,0xec,0xca,0x6a); - &LL(0xba,0xba,0xd2,0xba,0xb9,0x68,0x69,0x03); - &LL(0x2f,0x2f,0xbc,0x2f,0x65,0x93,0x5e,0x4a); - &LL(0xc0,0xc0,0x27,0xc0,0x4e,0xe7,0x9d,0x8e); - &LL(0xde,0xde,0x5f,0xde,0xbe,0x81,0xa1,0x60); - &LL(0x1c,0x1c,0x70,0x1c,0xe0,0x6c,0x38,0xfc); - &LL(0xfd,0xfd,0xd3,0xfd,0xbb,0x2e,0xe7,0x46); - &LL(0x4d,0x4d,0x29,0x4d,0x52,0x64,0x9a,0x1f); - &LL(0x92,0x92,0x72,0x92,0xe4,0xe0,0x39,0x76); - &LL(0x75,0x75,0xc9,0x75,0x8f,0xbc,0xea,0xfa); - &LL(0x06,0x06,0x18,0x06,0x30,0x1e,0x0c,0x36); - &LL(0x8a,0x8a,0x12,0x8a,0x24,0x98,0x09,0xae); - &LL(0xb2,0xb2,0xf2,0xb2,0xf9,0x40,0x79,0x4b); - &LL(0xe6,0xe6,0xbf,0xe6,0x63,0x59,0xd1,0x85); - &LL(0x0e,0x0e,0x38,0x0e,0x70,0x36,0x1c,0x7e); - &LL(0x1f,0x1f,0x7c,0x1f,0xf8,0x63,0x3e,0xe7); - &LL(0x62,0x62,0x95,0x62,0x37,0xf7,0xc4,0x55); - &LL(0xd4,0xd4,0x77,0xd4,0xee,0xa3,0xb5,0x3a); - &LL(0xa8,0xa8,0x9a,0xa8,0x29,0x32,0x4d,0x81); - &LL(0x96,0x96,0x62,0x96,0xc4,0xf4,0x31,0x52); - &LL(0xf9,0xf9,0xc3,0xf9,0x9b,0x3a,0xef,0x62); - &LL(0xc5,0xc5,0x33,0xc5,0x66,0xf6,0x97,0xa3); - &LL(0x25,0x25,0x94,0x25,0x35,0xb1,0x4a,0x10); - &LL(0x59,0x59,0x79,0x59,0xf2,0x20,0xb2,0xab); - &LL(0x84,0x84,0x2a,0x84,0x54,0xae,0x15,0xd0); - &LL(0x72,0x72,0xd5,0x72,0xb7,0xa7,0xe4,0xc5); - &LL(0x39,0x39,0xe4,0x39,0xd5,0xdd,0x72,0xec); - &LL(0x4c,0x4c,0x2d,0x4c,0x5a,0x61,0x98,0x16); - &LL(0x5e,0x5e,0x65,0x5e,0xca,0x3b,0xbc,0x94); - &LL(0x78,0x78,0xfd,0x78,0xe7,0x85,0xf0,0x9f); - &LL(0x38,0x38,0xe0,0x38,0xdd,0xd8,0x70,0xe5); - &LL(0x8c,0x8c,0x0a,0x8c,0x14,0x86,0x05,0x98); - &LL(0xd1,0xd1,0x63,0xd1,0xc6,0xb2,0xbf,0x17); - &LL(0xa5,0xa5,0xae,0xa5,0x41,0x0b,0x57,0xe4); - &LL(0xe2,0xe2,0xaf,0xe2,0x43,0x4d,0xd9,0xa1); - &LL(0x61,0x61,0x99,0x61,0x2f,0xf8,0xc2,0x4e); - &LL(0xb3,0xb3,0xf6,0xb3,0xf1,0x45,0x7b,0x42); - &LL(0x21,0x21,0x84,0x21,0x15,0xa5,0x42,0x34); - &LL(0x9c,0x9c,0x4a,0x9c,0x94,0xd6,0x25,0x08); - &LL(0x1e,0x1e,0x78,0x1e,0xf0,0x66,0x3c,0xee); - &LL(0x43,0x43,0x11,0x43,0x22,0x52,0x86,0x61); - &LL(0xc7,0xc7,0x3b,0xc7,0x76,0xfc,0x93,0xb1); - &LL(0xfc,0xfc,0xd7,0xfc,0xb3,0x2b,0xe5,0x4f); - &LL(0x04,0x04,0x10,0x04,0x20,0x14,0x08,0x24); - &LL(0x51,0x51,0x59,0x51,0xb2,0x08,0xa2,0xe3); - &LL(0x99,0x99,0x5e,0x99,0xbc,0xc7,0x2f,0x25); - &LL(0x6d,0x6d,0xa9,0x6d,0x4f,0xc4,0xda,0x22); - &LL(0x0d,0x0d,0x34,0x0d,0x68,0x39,0x1a,0x65); - &LL(0xfa,0xfa,0xcf,0xfa,0x83,0x35,0xe9,0x79); - &LL(0xdf,0xdf,0x5b,0xdf,0xb6,0x84,0xa3,0x69); - &LL(0x7e,0x7e,0xe5,0x7e,0xd7,0x9b,0xfc,0xa9); - &LL(0x24,0x24,0x90,0x24,0x3d,0xb4,0x48,0x19); - &LL(0x3b,0x3b,0xec,0x3b,0xc5,0xd7,0x76,0xfe); - &LL(0xab,0xab,0x96,0xab,0x31,0x3d,0x4b,0x9a); - &LL(0xce,0xce,0x1f,0xce,0x3e,0xd1,0x81,0xf0); - &LL(0x11,0x11,0x44,0x11,0x88,0x55,0x22,0x99); - &LL(0x8f,0x8f,0x06,0x8f,0x0c,0x89,0x03,0x83); - &LL(0x4e,0x4e,0x25,0x4e,0x4a,0x6b,0x9c,0x04); - &LL(0xb7,0xb7,0xe6,0xb7,0xd1,0x51,0x73,0x66); - &LL(0xeb,0xeb,0x8b,0xeb,0x0b,0x60,0xcb,0xe0); - &LL(0x3c,0x3c,0xf0,0x3c,0xfd,0xcc,0x78,0xc1); - &LL(0x81,0x81,0x3e,0x81,0x7c,0xbf,0x1f,0xfd); - &LL(0x94,0x94,0x6a,0x94,0xd4,0xfe,0x35,0x40); - &LL(0xf7,0xf7,0xfb,0xf7,0xeb,0x0c,0xf3,0x1c); - &LL(0xb9,0xb9,0xde,0xb9,0xa1,0x67,0x6f,0x18); - &LL(0x13,0x13,0x4c,0x13,0x98,0x5f,0x26,0x8b); - &LL(0x2c,0x2c,0xb0,0x2c,0x7d,0x9c,0x58,0x51); - &LL(0xd3,0xd3,0x6b,0xd3,0xd6,0xb8,0xbb,0x05); - &LL(0xe7,0xe7,0xbb,0xe7,0x6b,0x5c,0xd3,0x8c); - &LL(0x6e,0x6e,0xa5,0x6e,0x57,0xcb,0xdc,0x39); - &LL(0xc4,0xc4,0x37,0xc4,0x6e,0xf3,0x95,0xaa); - &LL(0x03,0x03,0x0c,0x03,0x18,0x0f,0x06,0x1b); - &LL(0x56,0x56,0x45,0x56,0x8a,0x13,0xac,0xdc); - &LL(0x44,0x44,0x0d,0x44,0x1a,0x49,0x88,0x5e); - &LL(0x7f,0x7f,0xe1,0x7f,0xdf,0x9e,0xfe,0xa0); - &LL(0xa9,0xa9,0x9e,0xa9,0x21,0x37,0x4f,0x88); - &LL(0x2a,0x2a,0xa8,0x2a,0x4d,0x82,0x54,0x67); - &LL(0xbb,0xbb,0xd6,0xbb,0xb1,0x6d,0x6b,0x0a); - &LL(0xc1,0xc1,0x23,0xc1,0x46,0xe2,0x9f,0x87); - &LL(0x53,0x53,0x51,0x53,0xa2,0x02,0xa6,0xf1); - &LL(0xdc,0xdc,0x57,0xdc,0xae,0x8b,0xa5,0x72); - &LL(0x0b,0x0b,0x2c,0x0b,0x58,0x27,0x16,0x53); - &LL(0x9d,0x9d,0x4e,0x9d,0x9c,0xd3,0x27,0x01); - &LL(0x6c,0x6c,0xad,0x6c,0x47,0xc1,0xd8,0x2b); - &LL(0x31,0x31,0xc4,0x31,0x95,0xf5,0x62,0xa4); - &LL(0x74,0x74,0xcd,0x74,0x87,0xb9,0xe8,0xf3); - &LL(0xf6,0xf6,0xff,0xf6,0xe3,0x09,0xf1,0x15); - &LL(0x46,0x46,0x05,0x46,0x0a,0x43,0x8c,0x4c); - &LL(0xac,0xac,0x8a,0xac,0x09,0x26,0x45,0xa5); - &LL(0x89,0x89,0x1e,0x89,0x3c,0x97,0x0f,0xb5); - &LL(0x14,0x14,0x50,0x14,0xa0,0x44,0x28,0xb4); - &LL(0xe1,0xe1,0xa3,0xe1,0x5b,0x42,0xdf,0xba); - &LL(0x16,0x16,0x58,0x16,0xb0,0x4e,0x2c,0xa6); - &LL(0x3a,0x3a,0xe8,0x3a,0xcd,0xd2,0x74,0xf7); - &LL(0x69,0x69,0xb9,0x69,0x6f,0xd0,0xd2,0x06); - &LL(0x09,0x09,0x24,0x09,0x48,0x2d,0x12,0x41); - &LL(0x70,0x70,0xdd,0x70,0xa7,0xad,0xe0,0xd7); - &LL(0xb6,0xb6,0xe2,0xb6,0xd9,0x54,0x71,0x6f); - &LL(0xd0,0xd0,0x67,0xd0,0xce,0xb7,0xbd,0x1e); - &LL(0xed,0xed,0x93,0xed,0x3b,0x7e,0xc7,0xd6); - &LL(0xcc,0xcc,0x17,0xcc,0x2e,0xdb,0x85,0xe2); - &LL(0x42,0x42,0x15,0x42,0x2a,0x57,0x84,0x68); - &LL(0x98,0x98,0x5a,0x98,0xb4,0xc2,0x2d,0x2c); - &LL(0xa4,0xa4,0xaa,0xa4,0x49,0x0e,0x55,0xed); - &LL(0x28,0x28,0xa0,0x28,0x5d,0x88,0x50,0x75); - &LL(0x5c,0x5c,0x6d,0x5c,0xda,0x31,0xb8,0x86); - &LL(0xf8,0xf8,0xc7,0xf8,0x93,0x3f,0xed,0x6b); - &LL(0x86,0x86,0x22,0x86,0x44,0xa4,0x11,0xc2); - - &L(0x18,0x23,0xc6,0xe8,0x87,0xb8,0x01,0x4f); # rc[ROUNDS] - &L(0x36,0xa6,0xd2,0xf5,0x79,0x6f,0x91,0x52); - &L(0x60,0xbc,0x9b,0x8e,0xa3,0x0c,0x7b,0x35); - &L(0x1d,0xe0,0xd7,0xc2,0x2e,0x4b,0xfe,0x57); - &L(0x15,0x77,0x37,0xe5,0x9f,0xf0,0x4a,0xda); - &L(0x58,0xc9,0x29,0x0a,0xb1,0xa0,0x6b,0x85); - &L(0xbd,0x5d,0x10,0xf4,0xcb,0x3e,0x05,0x67); - &L(0xe4,0x27,0x41,0x8b,0xa7,0x7d,0x95,0xd8); - &L(0xfb,0xee,0x7c,0x66,0xdd,0x17,0x47,0x9e); - &L(0xca,0x2d,0xbf,0x07,0xad,0x5a,0x83,0x33); - -# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame, -# CONTEXT *context,DISPATCHER_CONTEXT *disp) -if ($win64) { -$rec="%rcx"; -$frame="%rdx"; -$context="%r8"; -$disp="%r9"; - -$code.=<<___; -.extern __imp_RtlVirtualUnwind -.type se_handler,\@abi-omnipotent -.align 16 -se_handler: - push %rsi - push %rdi - push %rbx - push %rbp - push %r12 - push %r13 - push %r14 - push %r15 - pushfq - sub \$64,%rsp - - mov 120($context),%rax # pull context->Rax - mov 248($context),%rbx # pull context->Rip - - lea .Lprologue(%rip),%r10 - cmp %r10,%rbx # context->Rip<.Lprologue - jb .Lin_prologue - - mov 152($context),%rax # pull context->Rsp - - lea .Lepilogue(%rip),%r10 - cmp %r10,%rbx # context->Rip>=.Lepilogue - jae .Lin_prologue - - mov 128+32(%rax),%rax # pull saved stack pointer - - mov -8(%rax),%rbx - mov -16(%rax),%rbp - mov -24(%rax),%r12 - mov -32(%rax),%r13 - mov -40(%rax),%r14 - mov -48(%rax),%r15 - mov %rbx,144($context) # restore context->Rbx - mov %rbp,160($context) # restore context->Rbp - mov %r12,216($context) # restore context->R12 - mov %r13,224($context) # restore context->R13 - mov %r14,232($context) # restore context->R14 - mov %r15,240($context) # restore context->R15 - -.Lin_prologue: - mov 8(%rax),%rdi - mov 16(%rax),%rsi - mov %rax,152($context) # restore context->Rsp - mov %rsi,168($context) # restore context->Rsi - mov %rdi,176($context) # restore context->Rdi - - mov 40($disp),%rdi # disp->ContextRecord - mov $context,%rsi # context - mov \$154,%ecx # sizeof(CONTEXT) - .long 0xa548f3fc # cld; rep movsq - - mov $disp,%rsi - xor %rcx,%rcx # arg1, UNW_FLAG_NHANDLER - mov 8(%rsi),%rdx # arg2, disp->ImageBase - mov 0(%rsi),%r8 # arg3, disp->ControlPc - mov 16(%rsi),%r9 # arg4, disp->FunctionEntry - mov 40(%rsi),%r10 # disp->ContextRecord - lea 56(%rsi),%r11 # &disp->HandlerData - lea 24(%rsi),%r12 # &disp->EstablisherFrame - mov %r10,32(%rsp) # arg5 - mov %r11,40(%rsp) # arg6 - mov %r12,48(%rsp) # arg7 - mov %rcx,56(%rsp) # arg8, (NULL) - call *__imp_RtlVirtualUnwind(%rip) - - mov \$1,%eax # ExceptionContinueSearch - add \$64,%rsp - popfq - pop %r15 - pop %r14 - pop %r13 - pop %r12 - pop %rbp - pop %rbx - pop %rdi - pop %rsi - ret -.size se_handler,.-se_handler - -.section .pdata -.align 4 - .rva .LSEH_begin_$func - .rva .LSEH_end_$func - .rva .LSEH_info_$func - -.section .xdata -.align 8 -.LSEH_info_$func: - .byte 9,0,0,0 - .rva se_handler -___ -} - -$code =~ s/\`([^\`]*)\`/eval $1/gem; -print $code; -close STDOUT or die "error closing STDOUT: $!"; diff --git a/crypto/whrlpool/build.info b/crypto/whrlpool/build.info deleted file mode 100644 index 137f6dc6c6744fc5d853f5742d81d20b3f4df3b4..0000000000000000000000000000000000000000 --- a/crypto/whrlpool/build.info +++ /dev/null @@ -1,33 +0,0 @@ -LIBS=../../libcrypto - -$WPASM=wp_block.c -IF[{- !$disabled{asm} -}] - IF[{- $config{processor} ne "386" -}] - $WPASM_x86=wp_block.c wp-mmx.S - $WPDEF_x86=WHIRLPOOL_ASM - ENDIF - $WPASM_x86_64=wp-x86_64.s - $WPDEF_x86_64=WHIRLPOOL_ASM - - # Now that we have defined all the arch specific variables, use the - # appropriate one, and define the appropriate macros - IF[$WPASM_{- $target{asm_arch} -}] - $WPASM=$WPASM_{- $target{asm_arch} -} - $WPDEF=$WPDEF_{- $target{asm_arch} -} - ENDIF -ENDIF - -SOURCE[../../libcrypto]=wp_dgst.c $WPASM -DEFINE[../../libcrypto]=$WPDEF - -# When all deprecated symbols are removed, libcrypto doesn't export the -# WHIRLPOOL functions, so we must include them directly in liblegacy.a -IF[{- $disabled{'deprecated-3.0'} -}] - SOURCE[../../providers/liblegacy.a]=wp_dgst.c $WPASM - DEFINE[../../providers/liblegacy.a]=$WPDEF -ENDIF - -GENERATE[wp-mmx.S]=asm/wp-mmx.pl -DEPEND[wp-mmx.S]=../perlasm/x86asm.pl - -GENERATE[wp-x86_64.s]=asm/wp-x86_64.pl diff --git a/crypto/whrlpool/wp_block.c b/crypto/whrlpool/wp_block.c deleted file mode 100644 index bcf7a199ed0e8192325a0a22ea1ce9c9a0e62d2d..0000000000000000000000000000000000000000 --- a/crypto/whrlpool/wp_block.c +++ /dev/null @@ -1,805 +0,0 @@ -/* - * Copyright 2005-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/** - * The Whirlpool hashing function. - * - * See - * P.S.L.M. Barreto, V. Rijmen, - * ``The Whirlpool hashing function,'' - * NESSIE submission, 2000 (tweaked version, 2001), - * - * - * Based on "@version 3.0 (2003.03.12)" by Paulo S.L.M. Barreto and - * Vincent Rijmen. Lookup "reference implementations" on - * - * - * ============================================================================= - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS - * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED - * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE - * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR - * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, - * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE - * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, - * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ - -/* - * Whirlpool low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include "internal/cryptlib.h" -#include "wp_local.h" -#include - -typedef unsigned char u8; -#if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32) -typedef unsigned __int64 u64; -#elif defined(__arch64__) -typedef unsigned long u64; -#else -typedef unsigned long long u64; -#endif - -#define ROUNDS 10 - -#define STRICT_ALIGNMENT -#if !defined(PEDANTIC) && (defined(__i386) || defined(__i386__) || \ - defined(__x86_64) || defined(__x86_64__) || \ - defined(_M_IX86) || defined(_M_AMD64) || \ - defined(_M_X64)) -/* - * Well, formally there're couple of other architectures, which permit - * unaligned loads, specifically those not crossing cache lines, IA-64 and - * PowerPC... - */ -# undef STRICT_ALIGNMENT -#endif - -#ifndef STRICT_ALIGNMENT -# ifdef __GNUC__ -typedef u64 u64_a1 __attribute((__aligned__(1))); -# else -typedef u64 u64_a1; -# endif -#endif - -#if defined(__GNUC__) && !defined(STRICT_ALIGNMENT) -typedef u64 u64_aX __attribute((__aligned__(1))); -#else -typedef u64 u64_aX; -#endif - -#undef SMALL_REGISTER_BANK -#if defined(__i386) || defined(__i386__) || defined(_M_IX86) -# define SMALL_REGISTER_BANK -# if defined(WHIRLPOOL_ASM) -# ifndef OPENSSL_SMALL_FOOTPRINT -/* - * it appears that for elder non-MMX - * CPUs this is actually faster! - */ -# define OPENSSL_SMALL_FOOTPRINT -# endif -# define GO_FOR_MMX(ctx,inp,num) do { \ - void whirlpool_block_mmx(void *,const void *,size_t); \ - if (!(OPENSSL_ia32cap_P[0] & (1<<23))) break; \ - whirlpool_block_mmx(ctx->H.c,inp,num); return; \ - } while (0) -# endif -#endif - -#undef ROTATE -#ifndef PEDANTIC -# if defined(_MSC_VER) -# if defined(_WIN64) /* applies to both IA-64 and AMD64 */ -# include -# pragma intrinsic(_rotl64) -# define ROTATE(a,n) _rotl64((a),n) -# endif -# elif defined(__GNUC__) && __GNUC__>=2 -# if defined(__x86_64) || defined(__x86_64__) -# if defined(L_ENDIAN) -# define ROTATE(a,n) ({ u64 ret; asm ("rolq %1,%0" \ - : "=r"(ret) : "J"(n),"0"(a) : "cc"); ret; }) -# elif defined(B_ENDIAN) - /* - * Most will argue that x86_64 is always little-endian. Well, yes, but - * then we have stratus.com who has modified gcc to "emulate" - * big-endian on x86. Is there evidence that they [or somebody else] - * won't do same for x86_64? Naturally no. And this line is waiting - * ready for that brave soul:-) - */ -# define ROTATE(a,n) ({ u64 ret; asm ("rorq %1,%0" \ - : "=r"(ret) : "J"(n),"0"(a) : "cc"); ret; }) -# endif -# elif defined(__ia64) || defined(__ia64__) -# if defined(L_ENDIAN) -# define ROTATE(a,n) ({ u64 ret; asm ("shrp %0=%1,%1,%2" \ - : "=r"(ret) : "r"(a),"M"(64-(n))); ret; }) -# elif defined(B_ENDIAN) -# define ROTATE(a,n) ({ u64 ret; asm ("shrp %0=%1,%1,%2" \ - : "=r"(ret) : "r"(a),"M"(n)); ret; }) -# endif -# endif -# endif -#endif - -#if defined(OPENSSL_SMALL_FOOTPRINT) -# if !defined(ROTATE) -# if defined(L_ENDIAN) /* little-endians have to rotate left */ -# define ROTATE(i,n) ((i)<<(n) ^ (i)>>(64-n)) -# elif defined(B_ENDIAN) /* big-endians have to rotate right */ -# define ROTATE(i,n) ((i)>>(n) ^ (i)<<(64-n)) -# endif -# endif -# if defined(ROTATE) && !defined(STRICT_ALIGNMENT) -# define STRICT_ALIGNMENT /* ensure smallest table size */ -# endif -#endif - -/* - * Table size depends on STRICT_ALIGNMENT and whether or not endian- - * specific ROTATE macro is defined. If STRICT_ALIGNMENT is not - * defined, which is normally the case on x86[_64] CPUs, the table is - * 4KB large unconditionally. Otherwise if ROTATE is defined, the - * table is 2KB large, and otherwise - 16KB. 2KB table requires a - * whole bunch of additional rotations, but I'm willing to "trade," - * because 16KB table certainly trashes L1 cache. I wish all CPUs - * could handle unaligned load as 4KB table doesn't trash the cache, - * nor does it require additional rotations. - */ -/* - * Note that every Cn macro expands as two loads: one byte load and - * one quadword load. One can argue that many single-byte loads - * is too excessive, as one could load a quadword and "milk" it for - * eight 8-bit values instead. Well, yes, but in order to do so *and* - * avoid excessive loads you have to accommodate a handful of 64-bit - * values in the register bank and issue a bunch of shifts and mask. - * It's a tradeoff: loads vs. shift and mask in big register bank[!]. - * On most CPUs eight single-byte loads are faster and I let other - * ones to depend on smart compiler to fold byte loads if beneficial. - * Hand-coded assembler would be another alternative:-) - */ -#ifdef STRICT_ALIGNMENT -# if defined(ROTATE) -# define N 1 -# define LL(c0,c1,c2,c3,c4,c5,c6,c7) c0,c1,c2,c3,c4,c5,c6,c7 -# define C0(K,i) (Cx.q[K.c[(i)*8+0]]) -# define C1(K,i) ROTATE(Cx.q[K.c[(i)*8+1]],8) -# define C2(K,i) ROTATE(Cx.q[K.c[(i)*8+2]],16) -# define C3(K,i) ROTATE(Cx.q[K.c[(i)*8+3]],24) -# define C4(K,i) ROTATE(Cx.q[K.c[(i)*8+4]],32) -# define C5(K,i) ROTATE(Cx.q[K.c[(i)*8+5]],40) -# define C6(K,i) ROTATE(Cx.q[K.c[(i)*8+6]],48) -# define C7(K,i) ROTATE(Cx.q[K.c[(i)*8+7]],56) -# else -# define N 8 -# define LL(c0,c1,c2,c3,c4,c5,c6,c7) c0,c1,c2,c3,c4,c5,c6,c7, \ - c7,c0,c1,c2,c3,c4,c5,c6, \ - c6,c7,c0,c1,c2,c3,c4,c5, \ - c5,c6,c7,c0,c1,c2,c3,c4, \ - c4,c5,c6,c7,c0,c1,c2,c3, \ - c3,c4,c5,c6,c7,c0,c1,c2, \ - c2,c3,c4,c5,c6,c7,c0,c1, \ - c1,c2,c3,c4,c5,c6,c7,c0 -# define C0(K,i) (Cx.q[0+8*K.c[(i)*8+0]]) -# define C1(K,i) (Cx.q[1+8*K.c[(i)*8+1]]) -# define C2(K,i) (Cx.q[2+8*K.c[(i)*8+2]]) -# define C3(K,i) (Cx.q[3+8*K.c[(i)*8+3]]) -# define C4(K,i) (Cx.q[4+8*K.c[(i)*8+4]]) -# define C5(K,i) (Cx.q[5+8*K.c[(i)*8+5]]) -# define C6(K,i) (Cx.q[6+8*K.c[(i)*8+6]]) -# define C7(K,i) (Cx.q[7+8*K.c[(i)*8+7]]) -# endif -#else -# define N 2 -# define LL(c0,c1,c2,c3,c4,c5,c6,c7) c0,c1,c2,c3,c4,c5,c6,c7, \ - c0,c1,c2,c3,c4,c5,c6,c7 -# define C0(K,i) (((u64*)(Cx.c+0))[2*K.c[(i)*8+0]]) -# define C1(K,i) (((u64_a1*)(Cx.c+7))[2*K.c[(i)*8+1]]) -# define C2(K,i) (((u64_a1*)(Cx.c+6))[2*K.c[(i)*8+2]]) -# define C3(K,i) (((u64_a1*)(Cx.c+5))[2*K.c[(i)*8+3]]) -# define C4(K,i) (((u64_a1*)(Cx.c+4))[2*K.c[(i)*8+4]]) -# define C5(K,i) (((u64_a1*)(Cx.c+3))[2*K.c[(i)*8+5]]) -# define C6(K,i) (((u64_a1*)(Cx.c+2))[2*K.c[(i)*8+6]]) -# define C7(K,i) (((u64_a1*)(Cx.c+1))[2*K.c[(i)*8+7]]) -#endif - -static const - union { - u8 c[(256 * N + ROUNDS) * sizeof(u64)]; - u64 q[(256 * N + ROUNDS)]; -} Cx = { - { - /* Note endian-neutral representation:-) */ - LL(0x18, 0x18, 0x60, 0x18, 0xc0, 0x78, 0x30, 0xd8), - LL(0x23, 0x23, 0x8c, 0x23, 0x05, 0xaf, 0x46, 0x26), - LL(0xc6, 0xc6, 0x3f, 0xc6, 0x7e, 0xf9, 0x91, 0xb8), - LL(0xe8, 0xe8, 0x87, 0xe8, 0x13, 0x6f, 0xcd, 0xfb), - LL(0x87, 0x87, 0x26, 0x87, 0x4c, 0xa1, 0x13, 0xcb), - LL(0xb8, 0xb8, 0xda, 0xb8, 0xa9, 0x62, 0x6d, 0x11), - LL(0x01, 0x01, 0x04, 0x01, 0x08, 0x05, 0x02, 0x09), - LL(0x4f, 0x4f, 0x21, 0x4f, 0x42, 0x6e, 0x9e, 0x0d), - LL(0x36, 0x36, 0xd8, 0x36, 0xad, 0xee, 0x6c, 0x9b), - LL(0xa6, 0xa6, 0xa2, 0xa6, 0x59, 0x04, 0x51, 0xff), - LL(0xd2, 0xd2, 0x6f, 0xd2, 0xde, 0xbd, 0xb9, 0x0c), - LL(0xf5, 0xf5, 0xf3, 0xf5, 0xfb, 0x06, 0xf7, 0x0e), - LL(0x79, 0x79, 0xf9, 0x79, 0xef, 0x80, 0xf2, 0x96), - LL(0x6f, 0x6f, 0xa1, 0x6f, 0x5f, 0xce, 0xde, 0x30), - LL(0x91, 0x91, 0x7e, 0x91, 0xfc, 0xef, 0x3f, 0x6d), - LL(0x52, 0x52, 0x55, 0x52, 0xaa, 0x07, 0xa4, 0xf8), - LL(0x60, 0x60, 0x9d, 0x60, 0x27, 0xfd, 0xc0, 0x47), - LL(0xbc, 0xbc, 0xca, 0xbc, 0x89, 0x76, 0x65, 0x35), - LL(0x9b, 0x9b, 0x56, 0x9b, 0xac, 0xcd, 0x2b, 0x37), - LL(0x8e, 0x8e, 0x02, 0x8e, 0x04, 0x8c, 0x01, 0x8a), - LL(0xa3, 0xa3, 0xb6, 0xa3, 0x71, 0x15, 0x5b, 0xd2), - LL(0x0c, 0x0c, 0x30, 0x0c, 0x60, 0x3c, 0x18, 0x6c), - LL(0x7b, 0x7b, 0xf1, 0x7b, 0xff, 0x8a, 0xf6, 0x84), - LL(0x35, 0x35, 0xd4, 0x35, 0xb5, 0xe1, 0x6a, 0x80), - LL(0x1d, 0x1d, 0x74, 0x1d, 0xe8, 0x69, 0x3a, 0xf5), - LL(0xe0, 0xe0, 0xa7, 0xe0, 0x53, 0x47, 0xdd, 0xb3), - LL(0xd7, 0xd7, 0x7b, 0xd7, 0xf6, 0xac, 0xb3, 0x21), - LL(0xc2, 0xc2, 0x2f, 0xc2, 0x5e, 0xed, 0x99, 0x9c), - LL(0x2e, 0x2e, 0xb8, 0x2e, 0x6d, 0x96, 0x5c, 0x43), - LL(0x4b, 0x4b, 0x31, 0x4b, 0x62, 0x7a, 0x96, 0x29), - LL(0xfe, 0xfe, 0xdf, 0xfe, 0xa3, 0x21, 0xe1, 0x5d), - LL(0x57, 0x57, 0x41, 0x57, 0x82, 0x16, 0xae, 0xd5), - LL(0x15, 0x15, 0x54, 0x15, 0xa8, 0x41, 0x2a, 0xbd), - LL(0x77, 0x77, 0xc1, 0x77, 0x9f, 0xb6, 0xee, 0xe8), - LL(0x37, 0x37, 0xdc, 0x37, 0xa5, 0xeb, 0x6e, 0x92), - LL(0xe5, 0xe5, 0xb3, 0xe5, 0x7b, 0x56, 0xd7, 0x9e), - LL(0x9f, 0x9f, 0x46, 0x9f, 0x8c, 0xd9, 0x23, 0x13), - LL(0xf0, 0xf0, 0xe7, 0xf0, 0xd3, 0x17, 0xfd, 0x23), - LL(0x4a, 0x4a, 0x35, 0x4a, 0x6a, 0x7f, 0x94, 0x20), - LL(0xda, 0xda, 0x4f, 0xda, 0x9e, 0x95, 0xa9, 0x44), - LL(0x58, 0x58, 0x7d, 0x58, 0xfa, 0x25, 0xb0, 0xa2), - LL(0xc9, 0xc9, 0x03, 0xc9, 0x06, 0xca, 0x8f, 0xcf), - LL(0x29, 0x29, 0xa4, 0x29, 0x55, 0x8d, 0x52, 0x7c), - LL(0x0a, 0x0a, 0x28, 0x0a, 0x50, 0x22, 0x14, 0x5a), - LL(0xb1, 0xb1, 0xfe, 0xb1, 0xe1, 0x4f, 0x7f, 0x50), - LL(0xa0, 0xa0, 0xba, 0xa0, 0x69, 0x1a, 0x5d, 0xc9), - LL(0x6b, 0x6b, 0xb1, 0x6b, 0x7f, 0xda, 0xd6, 0x14), - LL(0x85, 0x85, 0x2e, 0x85, 0x5c, 0xab, 0x17, 0xd9), - LL(0xbd, 0xbd, 0xce, 0xbd, 0x81, 0x73, 0x67, 0x3c), - LL(0x5d, 0x5d, 0x69, 0x5d, 0xd2, 0x34, 0xba, 0x8f), - LL(0x10, 0x10, 0x40, 0x10, 0x80, 0x50, 0x20, 0x90), - LL(0xf4, 0xf4, 0xf7, 0xf4, 0xf3, 0x03, 0xf5, 0x07), - LL(0xcb, 0xcb, 0x0b, 0xcb, 0x16, 0xc0, 0x8b, 0xdd), - LL(0x3e, 0x3e, 0xf8, 0x3e, 0xed, 0xc6, 0x7c, 0xd3), - LL(0x05, 0x05, 0x14, 0x05, 0x28, 0x11, 0x0a, 0x2d), - LL(0x67, 0x67, 0x81, 0x67, 0x1f, 0xe6, 0xce, 0x78), - LL(0xe4, 0xe4, 0xb7, 0xe4, 0x73, 0x53, 0xd5, 0x97), - LL(0x27, 0x27, 0x9c, 0x27, 0x25, 0xbb, 0x4e, 0x02), - LL(0x41, 0x41, 0x19, 0x41, 0x32, 0x58, 0x82, 0x73), - LL(0x8b, 0x8b, 0x16, 0x8b, 0x2c, 0x9d, 0x0b, 0xa7), - LL(0xa7, 0xa7, 0xa6, 0xa7, 0x51, 0x01, 0x53, 0xf6), - LL(0x7d, 0x7d, 0xe9, 0x7d, 0xcf, 0x94, 0xfa, 0xb2), - LL(0x95, 0x95, 0x6e, 0x95, 0xdc, 0xfb, 0x37, 0x49), - LL(0xd8, 0xd8, 0x47, 0xd8, 0x8e, 0x9f, 0xad, 0x56), - LL(0xfb, 0xfb, 0xcb, 0xfb, 0x8b, 0x30, 0xeb, 0x70), - LL(0xee, 0xee, 0x9f, 0xee, 0x23, 0x71, 0xc1, 0xcd), - LL(0x7c, 0x7c, 0xed, 0x7c, 0xc7, 0x91, 0xf8, 0xbb), - LL(0x66, 0x66, 0x85, 0x66, 0x17, 0xe3, 0xcc, 0x71), - LL(0xdd, 0xdd, 0x53, 0xdd, 0xa6, 0x8e, 0xa7, 0x7b), - LL(0x17, 0x17, 0x5c, 0x17, 0xb8, 0x4b, 0x2e, 0xaf), - LL(0x47, 0x47, 0x01, 0x47, 0x02, 0x46, 0x8e, 0x45), - LL(0x9e, 0x9e, 0x42, 0x9e, 0x84, 0xdc, 0x21, 0x1a), - LL(0xca, 0xca, 0x0f, 0xca, 0x1e, 0xc5, 0x89, 0xd4), - LL(0x2d, 0x2d, 0xb4, 0x2d, 0x75, 0x99, 0x5a, 0x58), - LL(0xbf, 0xbf, 0xc6, 0xbf, 0x91, 0x79, 0x63, 0x2e), - LL(0x07, 0x07, 0x1c, 0x07, 0x38, 0x1b, 0x0e, 0x3f), - LL(0xad, 0xad, 0x8e, 0xad, 0x01, 0x23, 0x47, 0xac), - LL(0x5a, 0x5a, 0x75, 0x5a, 0xea, 0x2f, 0xb4, 0xb0), - LL(0x83, 0x83, 0x36, 0x83, 0x6c, 0xb5, 0x1b, 0xef), - LL(0x33, 0x33, 0xcc, 0x33, 0x85, 0xff, 0x66, 0xb6), - LL(0x63, 0x63, 0x91, 0x63, 0x3f, 0xf2, 0xc6, 0x5c), - LL(0x02, 0x02, 0x08, 0x02, 0x10, 0x0a, 0x04, 0x12), - LL(0xaa, 0xaa, 0x92, 0xaa, 0x39, 0x38, 0x49, 0x93), - LL(0x71, 0x71, 0xd9, 0x71, 0xaf, 0xa8, 0xe2, 0xde), - LL(0xc8, 0xc8, 0x07, 0xc8, 0x0e, 0xcf, 0x8d, 0xc6), - LL(0x19, 0x19, 0x64, 0x19, 0xc8, 0x7d, 0x32, 0xd1), - LL(0x49, 0x49, 0x39, 0x49, 0x72, 0x70, 0x92, 0x3b), - LL(0xd9, 0xd9, 0x43, 0xd9, 0x86, 0x9a, 0xaf, 0x5f), - LL(0xf2, 0xf2, 0xef, 0xf2, 0xc3, 0x1d, 0xf9, 0x31), - LL(0xe3, 0xe3, 0xab, 0xe3, 0x4b, 0x48, 0xdb, 0xa8), - LL(0x5b, 0x5b, 0x71, 0x5b, 0xe2, 0x2a, 0xb6, 0xb9), - LL(0x88, 0x88, 0x1a, 0x88, 0x34, 0x92, 0x0d, 0xbc), - LL(0x9a, 0x9a, 0x52, 0x9a, 0xa4, 0xc8, 0x29, 0x3e), - LL(0x26, 0x26, 0x98, 0x26, 0x2d, 0xbe, 0x4c, 0x0b), - LL(0x32, 0x32, 0xc8, 0x32, 0x8d, 0xfa, 0x64, 0xbf), - LL(0xb0, 0xb0, 0xfa, 0xb0, 0xe9, 0x4a, 0x7d, 0x59), - LL(0xe9, 0xe9, 0x83, 0xe9, 0x1b, 0x6a, 0xcf, 0xf2), - LL(0x0f, 0x0f, 0x3c, 0x0f, 0x78, 0x33, 0x1e, 0x77), - LL(0xd5, 0xd5, 0x73, 0xd5, 0xe6, 0xa6, 0xb7, 0x33), - LL(0x80, 0x80, 0x3a, 0x80, 0x74, 0xba, 0x1d, 0xf4), - LL(0xbe, 0xbe, 0xc2, 0xbe, 0x99, 0x7c, 0x61, 0x27), - LL(0xcd, 0xcd, 0x13, 0xcd, 0x26, 0xde, 0x87, 0xeb), - LL(0x34, 0x34, 0xd0, 0x34, 0xbd, 0xe4, 0x68, 0x89), - LL(0x48, 0x48, 0x3d, 0x48, 0x7a, 0x75, 0x90, 0x32), - LL(0xff, 0xff, 0xdb, 0xff, 0xab, 0x24, 0xe3, 0x54), - LL(0x7a, 0x7a, 0xf5, 0x7a, 0xf7, 0x8f, 0xf4, 0x8d), - LL(0x90, 0x90, 0x7a, 0x90, 0xf4, 0xea, 0x3d, 0x64), - LL(0x5f, 0x5f, 0x61, 0x5f, 0xc2, 0x3e, 0xbe, 0x9d), - LL(0x20, 0x20, 0x80, 0x20, 0x1d, 0xa0, 0x40, 0x3d), - LL(0x68, 0x68, 0xbd, 0x68, 0x67, 0xd5, 0xd0, 0x0f), - LL(0x1a, 0x1a, 0x68, 0x1a, 0xd0, 0x72, 0x34, 0xca), - LL(0xae, 0xae, 0x82, 0xae, 0x19, 0x2c, 0x41, 0xb7), - LL(0xb4, 0xb4, 0xea, 0xb4, 0xc9, 0x5e, 0x75, 0x7d), - LL(0x54, 0x54, 0x4d, 0x54, 0x9a, 0x19, 0xa8, 0xce), - LL(0x93, 0x93, 0x76, 0x93, 0xec, 0xe5, 0x3b, 0x7f), - LL(0x22, 0x22, 0x88, 0x22, 0x0d, 0xaa, 0x44, 0x2f), - LL(0x64, 0x64, 0x8d, 0x64, 0x07, 0xe9, 0xc8, 0x63), - LL(0xf1, 0xf1, 0xe3, 0xf1, 0xdb, 0x12, 0xff, 0x2a), - LL(0x73, 0x73, 0xd1, 0x73, 0xbf, 0xa2, 0xe6, 0xcc), - LL(0x12, 0x12, 0x48, 0x12, 0x90, 0x5a, 0x24, 0x82), - LL(0x40, 0x40, 0x1d, 0x40, 0x3a, 0x5d, 0x80, 0x7a), - LL(0x08, 0x08, 0x20, 0x08, 0x40, 0x28, 0x10, 0x48), - LL(0xc3, 0xc3, 0x2b, 0xc3, 0x56, 0xe8, 0x9b, 0x95), - LL(0xec, 0xec, 0x97, 0xec, 0x33, 0x7b, 0xc5, 0xdf), - LL(0xdb, 0xdb, 0x4b, 0xdb, 0x96, 0x90, 0xab, 0x4d), - LL(0xa1, 0xa1, 0xbe, 0xa1, 0x61, 0x1f, 0x5f, 0xc0), - LL(0x8d, 0x8d, 0x0e, 0x8d, 0x1c, 0x83, 0x07, 0x91), - LL(0x3d, 0x3d, 0xf4, 0x3d, 0xf5, 0xc9, 0x7a, 0xc8), - LL(0x97, 0x97, 0x66, 0x97, 0xcc, 0xf1, 0x33, 0x5b), - LL(0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), - LL(0xcf, 0xcf, 0x1b, 0xcf, 0x36, 0xd4, 0x83, 0xf9), - LL(0x2b, 0x2b, 0xac, 0x2b, 0x45, 0x87, 0x56, 0x6e), - LL(0x76, 0x76, 0xc5, 0x76, 0x97, 0xb3, 0xec, 0xe1), - LL(0x82, 0x82, 0x32, 0x82, 0x64, 0xb0, 0x19, 0xe6), - LL(0xd6, 0xd6, 0x7f, 0xd6, 0xfe, 0xa9, 0xb1, 0x28), - LL(0x1b, 0x1b, 0x6c, 0x1b, 0xd8, 0x77, 0x36, 0xc3), - LL(0xb5, 0xb5, 0xee, 0xb5, 0xc1, 0x5b, 0x77, 0x74), - LL(0xaf, 0xaf, 0x86, 0xaf, 0x11, 0x29, 0x43, 0xbe), - LL(0x6a, 0x6a, 0xb5, 0x6a, 0x77, 0xdf, 0xd4, 0x1d), - LL(0x50, 0x50, 0x5d, 0x50, 0xba, 0x0d, 0xa0, 0xea), - LL(0x45, 0x45, 0x09, 0x45, 0x12, 0x4c, 0x8a, 0x57), - LL(0xf3, 0xf3, 0xeb, 0xf3, 0xcb, 0x18, 0xfb, 0x38), - LL(0x30, 0x30, 0xc0, 0x30, 0x9d, 0xf0, 0x60, 0xad), - LL(0xef, 0xef, 0x9b, 0xef, 0x2b, 0x74, 0xc3, 0xc4), - LL(0x3f, 0x3f, 0xfc, 0x3f, 0xe5, 0xc3, 0x7e, 0xda), - LL(0x55, 0x55, 0x49, 0x55, 0x92, 0x1c, 0xaa, 0xc7), - LL(0xa2, 0xa2, 0xb2, 0xa2, 0x79, 0x10, 0x59, 0xdb), - LL(0xea, 0xea, 0x8f, 0xea, 0x03, 0x65, 0xc9, 0xe9), - LL(0x65, 0x65, 0x89, 0x65, 0x0f, 0xec, 0xca, 0x6a), - LL(0xba, 0xba, 0xd2, 0xba, 0xb9, 0x68, 0x69, 0x03), - LL(0x2f, 0x2f, 0xbc, 0x2f, 0x65, 0x93, 0x5e, 0x4a), - LL(0xc0, 0xc0, 0x27, 0xc0, 0x4e, 0xe7, 0x9d, 0x8e), - LL(0xde, 0xde, 0x5f, 0xde, 0xbe, 0x81, 0xa1, 0x60), - LL(0x1c, 0x1c, 0x70, 0x1c, 0xe0, 0x6c, 0x38, 0xfc), - LL(0xfd, 0xfd, 0xd3, 0xfd, 0xbb, 0x2e, 0xe7, 0x46), - LL(0x4d, 0x4d, 0x29, 0x4d, 0x52, 0x64, 0x9a, 0x1f), - LL(0x92, 0x92, 0x72, 0x92, 0xe4, 0xe0, 0x39, 0x76), - LL(0x75, 0x75, 0xc9, 0x75, 0x8f, 0xbc, 0xea, 0xfa), - LL(0x06, 0x06, 0x18, 0x06, 0x30, 0x1e, 0x0c, 0x36), - LL(0x8a, 0x8a, 0x12, 0x8a, 0x24, 0x98, 0x09, 0xae), - LL(0xb2, 0xb2, 0xf2, 0xb2, 0xf9, 0x40, 0x79, 0x4b), - LL(0xe6, 0xe6, 0xbf, 0xe6, 0x63, 0x59, 0xd1, 0x85), - LL(0x0e, 0x0e, 0x38, 0x0e, 0x70, 0x36, 0x1c, 0x7e), - LL(0x1f, 0x1f, 0x7c, 0x1f, 0xf8, 0x63, 0x3e, 0xe7), - LL(0x62, 0x62, 0x95, 0x62, 0x37, 0xf7, 0xc4, 0x55), - LL(0xd4, 0xd4, 0x77, 0xd4, 0xee, 0xa3, 0xb5, 0x3a), - LL(0xa8, 0xa8, 0x9a, 0xa8, 0x29, 0x32, 0x4d, 0x81), - LL(0x96, 0x96, 0x62, 0x96, 0xc4, 0xf4, 0x31, 0x52), - LL(0xf9, 0xf9, 0xc3, 0xf9, 0x9b, 0x3a, 0xef, 0x62), - LL(0xc5, 0xc5, 0x33, 0xc5, 0x66, 0xf6, 0x97, 0xa3), - LL(0x25, 0x25, 0x94, 0x25, 0x35, 0xb1, 0x4a, 0x10), - LL(0x59, 0x59, 0x79, 0x59, 0xf2, 0x20, 0xb2, 0xab), - LL(0x84, 0x84, 0x2a, 0x84, 0x54, 0xae, 0x15, 0xd0), - LL(0x72, 0x72, 0xd5, 0x72, 0xb7, 0xa7, 0xe4, 0xc5), - LL(0x39, 0x39, 0xe4, 0x39, 0xd5, 0xdd, 0x72, 0xec), - LL(0x4c, 0x4c, 0x2d, 0x4c, 0x5a, 0x61, 0x98, 0x16), - LL(0x5e, 0x5e, 0x65, 0x5e, 0xca, 0x3b, 0xbc, 0x94), - LL(0x78, 0x78, 0xfd, 0x78, 0xe7, 0x85, 0xf0, 0x9f), - LL(0x38, 0x38, 0xe0, 0x38, 0xdd, 0xd8, 0x70, 0xe5), - LL(0x8c, 0x8c, 0x0a, 0x8c, 0x14, 0x86, 0x05, 0x98), - LL(0xd1, 0xd1, 0x63, 0xd1, 0xc6, 0xb2, 0xbf, 0x17), - LL(0xa5, 0xa5, 0xae, 0xa5, 0x41, 0x0b, 0x57, 0xe4), - LL(0xe2, 0xe2, 0xaf, 0xe2, 0x43, 0x4d, 0xd9, 0xa1), - LL(0x61, 0x61, 0x99, 0x61, 0x2f, 0xf8, 0xc2, 0x4e), - LL(0xb3, 0xb3, 0xf6, 0xb3, 0xf1, 0x45, 0x7b, 0x42), - LL(0x21, 0x21, 0x84, 0x21, 0x15, 0xa5, 0x42, 0x34), - LL(0x9c, 0x9c, 0x4a, 0x9c, 0x94, 0xd6, 0x25, 0x08), - LL(0x1e, 0x1e, 0x78, 0x1e, 0xf0, 0x66, 0x3c, 0xee), - LL(0x43, 0x43, 0x11, 0x43, 0x22, 0x52, 0x86, 0x61), - LL(0xc7, 0xc7, 0x3b, 0xc7, 0x76, 0xfc, 0x93, 0xb1), - LL(0xfc, 0xfc, 0xd7, 0xfc, 0xb3, 0x2b, 0xe5, 0x4f), - LL(0x04, 0x04, 0x10, 0x04, 0x20, 0x14, 0x08, 0x24), - LL(0x51, 0x51, 0x59, 0x51, 0xb2, 0x08, 0xa2, 0xe3), - LL(0x99, 0x99, 0x5e, 0x99, 0xbc, 0xc7, 0x2f, 0x25), - LL(0x6d, 0x6d, 0xa9, 0x6d, 0x4f, 0xc4, 0xda, 0x22), - LL(0x0d, 0x0d, 0x34, 0x0d, 0x68, 0x39, 0x1a, 0x65), - LL(0xfa, 0xfa, 0xcf, 0xfa, 0x83, 0x35, 0xe9, 0x79), - LL(0xdf, 0xdf, 0x5b, 0xdf, 0xb6, 0x84, 0xa3, 0x69), - LL(0x7e, 0x7e, 0xe5, 0x7e, 0xd7, 0x9b, 0xfc, 0xa9), - LL(0x24, 0x24, 0x90, 0x24, 0x3d, 0xb4, 0x48, 0x19), - LL(0x3b, 0x3b, 0xec, 0x3b, 0xc5, 0xd7, 0x76, 0xfe), - LL(0xab, 0xab, 0x96, 0xab, 0x31, 0x3d, 0x4b, 0x9a), - LL(0xce, 0xce, 0x1f, 0xce, 0x3e, 0xd1, 0x81, 0xf0), - LL(0x11, 0x11, 0x44, 0x11, 0x88, 0x55, 0x22, 0x99), - LL(0x8f, 0x8f, 0x06, 0x8f, 0x0c, 0x89, 0x03, 0x83), - LL(0x4e, 0x4e, 0x25, 0x4e, 0x4a, 0x6b, 0x9c, 0x04), - LL(0xb7, 0xb7, 0xe6, 0xb7, 0xd1, 0x51, 0x73, 0x66), - LL(0xeb, 0xeb, 0x8b, 0xeb, 0x0b, 0x60, 0xcb, 0xe0), - LL(0x3c, 0x3c, 0xf0, 0x3c, 0xfd, 0xcc, 0x78, 0xc1), - LL(0x81, 0x81, 0x3e, 0x81, 0x7c, 0xbf, 0x1f, 0xfd), - LL(0x94, 0x94, 0x6a, 0x94, 0xd4, 0xfe, 0x35, 0x40), - LL(0xf7, 0xf7, 0xfb, 0xf7, 0xeb, 0x0c, 0xf3, 0x1c), - LL(0xb9, 0xb9, 0xde, 0xb9, 0xa1, 0x67, 0x6f, 0x18), - LL(0x13, 0x13, 0x4c, 0x13, 0x98, 0x5f, 0x26, 0x8b), - LL(0x2c, 0x2c, 0xb0, 0x2c, 0x7d, 0x9c, 0x58, 0x51), - LL(0xd3, 0xd3, 0x6b, 0xd3, 0xd6, 0xb8, 0xbb, 0x05), - LL(0xe7, 0xe7, 0xbb, 0xe7, 0x6b, 0x5c, 0xd3, 0x8c), - LL(0x6e, 0x6e, 0xa5, 0x6e, 0x57, 0xcb, 0xdc, 0x39), - LL(0xc4, 0xc4, 0x37, 0xc4, 0x6e, 0xf3, 0x95, 0xaa), - LL(0x03, 0x03, 0x0c, 0x03, 0x18, 0x0f, 0x06, 0x1b), - LL(0x56, 0x56, 0x45, 0x56, 0x8a, 0x13, 0xac, 0xdc), - LL(0x44, 0x44, 0x0d, 0x44, 0x1a, 0x49, 0x88, 0x5e), - LL(0x7f, 0x7f, 0xe1, 0x7f, 0xdf, 0x9e, 0xfe, 0xa0), - LL(0xa9, 0xa9, 0x9e, 0xa9, 0x21, 0x37, 0x4f, 0x88), - LL(0x2a, 0x2a, 0xa8, 0x2a, 0x4d, 0x82, 0x54, 0x67), - LL(0xbb, 0xbb, 0xd6, 0xbb, 0xb1, 0x6d, 0x6b, 0x0a), - LL(0xc1, 0xc1, 0x23, 0xc1, 0x46, 0xe2, 0x9f, 0x87), - LL(0x53, 0x53, 0x51, 0x53, 0xa2, 0x02, 0xa6, 0xf1), - LL(0xdc, 0xdc, 0x57, 0xdc, 0xae, 0x8b, 0xa5, 0x72), - LL(0x0b, 0x0b, 0x2c, 0x0b, 0x58, 0x27, 0x16, 0x53), - LL(0x9d, 0x9d, 0x4e, 0x9d, 0x9c, 0xd3, 0x27, 0x01), - LL(0x6c, 0x6c, 0xad, 0x6c, 0x47, 0xc1, 0xd8, 0x2b), - LL(0x31, 0x31, 0xc4, 0x31, 0x95, 0xf5, 0x62, 0xa4), - LL(0x74, 0x74, 0xcd, 0x74, 0x87, 0xb9, 0xe8, 0xf3), - LL(0xf6, 0xf6, 0xff, 0xf6, 0xe3, 0x09, 0xf1, 0x15), - LL(0x46, 0x46, 0x05, 0x46, 0x0a, 0x43, 0x8c, 0x4c), - LL(0xac, 0xac, 0x8a, 0xac, 0x09, 0x26, 0x45, 0xa5), - LL(0x89, 0x89, 0x1e, 0x89, 0x3c, 0x97, 0x0f, 0xb5), - LL(0x14, 0x14, 0x50, 0x14, 0xa0, 0x44, 0x28, 0xb4), - LL(0xe1, 0xe1, 0xa3, 0xe1, 0x5b, 0x42, 0xdf, 0xba), - LL(0x16, 0x16, 0x58, 0x16, 0xb0, 0x4e, 0x2c, 0xa6), - LL(0x3a, 0x3a, 0xe8, 0x3a, 0xcd, 0xd2, 0x74, 0xf7), - LL(0x69, 0x69, 0xb9, 0x69, 0x6f, 0xd0, 0xd2, 0x06), - LL(0x09, 0x09, 0x24, 0x09, 0x48, 0x2d, 0x12, 0x41), - LL(0x70, 0x70, 0xdd, 0x70, 0xa7, 0xad, 0xe0, 0xd7), - LL(0xb6, 0xb6, 0xe2, 0xb6, 0xd9, 0x54, 0x71, 0x6f), - LL(0xd0, 0xd0, 0x67, 0xd0, 0xce, 0xb7, 0xbd, 0x1e), - LL(0xed, 0xed, 0x93, 0xed, 0x3b, 0x7e, 0xc7, 0xd6), - LL(0xcc, 0xcc, 0x17, 0xcc, 0x2e, 0xdb, 0x85, 0xe2), - LL(0x42, 0x42, 0x15, 0x42, 0x2a, 0x57, 0x84, 0x68), - LL(0x98, 0x98, 0x5a, 0x98, 0xb4, 0xc2, 0x2d, 0x2c), - LL(0xa4, 0xa4, 0xaa, 0xa4, 0x49, 0x0e, 0x55, 0xed), - LL(0x28, 0x28, 0xa0, 0x28, 0x5d, 0x88, 0x50, 0x75), - LL(0x5c, 0x5c, 0x6d, 0x5c, 0xda, 0x31, 0xb8, 0x86), - LL(0xf8, 0xf8, 0xc7, 0xf8, 0x93, 0x3f, 0xed, 0x6b), - LL(0x86, 0x86, 0x22, 0x86, 0x44, 0xa4, 0x11, 0xc2), -#define RC (&(Cx.q[256*N])) - 0x18, 0x23, 0xc6, 0xe8, 0x87, 0xb8, 0x01, 0x4f, - /* rc[ROUNDS] */ - 0x36, 0xa6, 0xd2, 0xf5, 0x79, 0x6f, 0x91, 0x52, 0x60, 0xbc, 0x9b, - 0x8e, 0xa3, 0x0c, 0x7b, 0x35, 0x1d, 0xe0, 0xd7, 0xc2, 0x2e, 0x4b, - 0xfe, 0x57, 0x15, 0x77, 0x37, 0xe5, 0x9f, 0xf0, 0x4a, 0xda, 0x58, - 0xc9, 0x29, 0x0a, 0xb1, 0xa0, 0x6b, 0x85, 0xbd, 0x5d, 0x10, 0xf4, - 0xcb, 0x3e, 0x05, 0x67, 0xe4, 0x27, 0x41, 0x8b, 0xa7, 0x7d, 0x95, - 0xd8, 0xfb, 0xee, 0x7c, 0x66, 0xdd, 0x17, 0x47, 0x9e, 0xca, 0x2d, - 0xbf, 0x07, 0xad, 0x5a, 0x83, 0x33 - } - }; - -void whirlpool_block(WHIRLPOOL_CTX *ctx, const void *inp, size_t n) -{ - int r; - const u8 *p = inp; - union { - u64 q[8]; - u8 c[64]; - } S, K, *H = (void *)ctx->H.q; - -#ifdef GO_FOR_MMX - GO_FOR_MMX(ctx, inp, n); -#endif - do { -#ifdef OPENSSL_SMALL_FOOTPRINT - u64 L[8]; - int i; - - for (i = 0; i < 64; i++) - S.c[i] = (K.c[i] = H->c[i]) ^ p[i]; - for (r = 0; r < ROUNDS; r++) { - for (i = 0; i < 8; i++) { - L[i] = i ? 0 : RC[r]; - L[i] ^= C0(K, i) ^ C1(K, (i - 1) & 7) ^ - C2(K, (i - 2) & 7) ^ C3(K, (i - 3) & 7) ^ - C4(K, (i - 4) & 7) ^ C5(K, (i - 5) & 7) ^ - C6(K, (i - 6) & 7) ^ C7(K, (i - 7) & 7); - } - memcpy(K.q, L, 64); - for (i = 0; i < 8; i++) { - L[i] ^= C0(S, i) ^ C1(S, (i - 1) & 7) ^ - C2(S, (i - 2) & 7) ^ C3(S, (i - 3) & 7) ^ - C4(S, (i - 4) & 7) ^ C5(S, (i - 5) & 7) ^ - C6(S, (i - 6) & 7) ^ C7(S, (i - 7) & 7); - } - memcpy(S.q, L, 64); - } - for (i = 0; i < 64; i++) - H->c[i] ^= S.c[i] ^ p[i]; -#else - u64 L0, L1, L2, L3, L4, L5, L6, L7; - -# ifdef STRICT_ALIGNMENT - if ((size_t)p & 7) { - memcpy(S.c, p, 64); - S.q[0] ^= (K.q[0] = H->q[0]); - S.q[1] ^= (K.q[1] = H->q[1]); - S.q[2] ^= (K.q[2] = H->q[2]); - S.q[3] ^= (K.q[3] = H->q[3]); - S.q[4] ^= (K.q[4] = H->q[4]); - S.q[5] ^= (K.q[5] = H->q[5]); - S.q[6] ^= (K.q[6] = H->q[6]); - S.q[7] ^= (K.q[7] = H->q[7]); - } else -# endif - { - const u64_aX *pa = (const u64_aX *)p; - S.q[0] = (K.q[0] = H->q[0]) ^ pa[0]; - S.q[1] = (K.q[1] = H->q[1]) ^ pa[1]; - S.q[2] = (K.q[2] = H->q[2]) ^ pa[2]; - S.q[3] = (K.q[3] = H->q[3]) ^ pa[3]; - S.q[4] = (K.q[4] = H->q[4]) ^ pa[4]; - S.q[5] = (K.q[5] = H->q[5]) ^ pa[5]; - S.q[6] = (K.q[6] = H->q[6]) ^ pa[6]; - S.q[7] = (K.q[7] = H->q[7]) ^ pa[7]; - } - - for (r = 0; r < ROUNDS; r++) { -# ifdef SMALL_REGISTER_BANK - L0 = C0(K, 0) ^ C1(K, 7) ^ C2(K, 6) ^ C3(K, 5) ^ - C4(K, 4) ^ C5(K, 3) ^ C6(K, 2) ^ C7(K, 1) ^ RC[r]; - L1 = C0(K, 1) ^ C1(K, 0) ^ C2(K, 7) ^ C3(K, 6) ^ - C4(K, 5) ^ C5(K, 4) ^ C6(K, 3) ^ C7(K, 2); - L2 = C0(K, 2) ^ C1(K, 1) ^ C2(K, 0) ^ C3(K, 7) ^ - C4(K, 6) ^ C5(K, 5) ^ C6(K, 4) ^ C7(K, 3); - L3 = C0(K, 3) ^ C1(K, 2) ^ C2(K, 1) ^ C3(K, 0) ^ - C4(K, 7) ^ C5(K, 6) ^ C6(K, 5) ^ C7(K, 4); - L4 = C0(K, 4) ^ C1(K, 3) ^ C2(K, 2) ^ C3(K, 1) ^ - C4(K, 0) ^ C5(K, 7) ^ C6(K, 6) ^ C7(K, 5); - L5 = C0(K, 5) ^ C1(K, 4) ^ C2(K, 3) ^ C3(K, 2) ^ - C4(K, 1) ^ C5(K, 0) ^ C6(K, 7) ^ C7(K, 6); - L6 = C0(K, 6) ^ C1(K, 5) ^ C2(K, 4) ^ C3(K, 3) ^ - C4(K, 2) ^ C5(K, 1) ^ C6(K, 0) ^ C7(K, 7); - L7 = C0(K, 7) ^ C1(K, 6) ^ C2(K, 5) ^ C3(K, 4) ^ - C4(K, 3) ^ C5(K, 2) ^ C6(K, 1) ^ C7(K, 0); - - K.q[0] = L0; - K.q[1] = L1; - K.q[2] = L2; - K.q[3] = L3; - K.q[4] = L4; - K.q[5] = L5; - K.q[6] = L6; - K.q[7] = L7; - - L0 ^= C0(S, 0) ^ C1(S, 7) ^ C2(S, 6) ^ C3(S, 5) ^ - C4(S, 4) ^ C5(S, 3) ^ C6(S, 2) ^ C7(S, 1); - L1 ^= C0(S, 1) ^ C1(S, 0) ^ C2(S, 7) ^ C3(S, 6) ^ - C4(S, 5) ^ C5(S, 4) ^ C6(S, 3) ^ C7(S, 2); - L2 ^= C0(S, 2) ^ C1(S, 1) ^ C2(S, 0) ^ C3(S, 7) ^ - C4(S, 6) ^ C5(S, 5) ^ C6(S, 4) ^ C7(S, 3); - L3 ^= C0(S, 3) ^ C1(S, 2) ^ C2(S, 1) ^ C3(S, 0) ^ - C4(S, 7) ^ C5(S, 6) ^ C6(S, 5) ^ C7(S, 4); - L4 ^= C0(S, 4) ^ C1(S, 3) ^ C2(S, 2) ^ C3(S, 1) ^ - C4(S, 0) ^ C5(S, 7) ^ C6(S, 6) ^ C7(S, 5); - L5 ^= C0(S, 5) ^ C1(S, 4) ^ C2(S, 3) ^ C3(S, 2) ^ - C4(S, 1) ^ C5(S, 0) ^ C6(S, 7) ^ C7(S, 6); - L6 ^= C0(S, 6) ^ C1(S, 5) ^ C2(S, 4) ^ C3(S, 3) ^ - C4(S, 2) ^ C5(S, 1) ^ C6(S, 0) ^ C7(S, 7); - L7 ^= C0(S, 7) ^ C1(S, 6) ^ C2(S, 5) ^ C3(S, 4) ^ - C4(S, 3) ^ C5(S, 2) ^ C6(S, 1) ^ C7(S, 0); - - S.q[0] = L0; - S.q[1] = L1; - S.q[2] = L2; - S.q[3] = L3; - S.q[4] = L4; - S.q[5] = L5; - S.q[6] = L6; - S.q[7] = L7; -# else - L0 = C0(K, 0); - L1 = C1(K, 0); - L2 = C2(K, 0); - L3 = C3(K, 0); - L4 = C4(K, 0); - L5 = C5(K, 0); - L6 = C6(K, 0); - L7 = C7(K, 0); - L0 ^= RC[r]; - - L1 ^= C0(K, 1); - L2 ^= C1(K, 1); - L3 ^= C2(K, 1); - L4 ^= C3(K, 1); - L5 ^= C4(K, 1); - L6 ^= C5(K, 1); - L7 ^= C6(K, 1); - L0 ^= C7(K, 1); - - L2 ^= C0(K, 2); - L3 ^= C1(K, 2); - L4 ^= C2(K, 2); - L5 ^= C3(K, 2); - L6 ^= C4(K, 2); - L7 ^= C5(K, 2); - L0 ^= C6(K, 2); - L1 ^= C7(K, 2); - - L3 ^= C0(K, 3); - L4 ^= C1(K, 3); - L5 ^= C2(K, 3); - L6 ^= C3(K, 3); - L7 ^= C4(K, 3); - L0 ^= C5(K, 3); - L1 ^= C6(K, 3); - L2 ^= C7(K, 3); - - L4 ^= C0(K, 4); - L5 ^= C1(K, 4); - L6 ^= C2(K, 4); - L7 ^= C3(K, 4); - L0 ^= C4(K, 4); - L1 ^= C5(K, 4); - L2 ^= C6(K, 4); - L3 ^= C7(K, 4); - - L5 ^= C0(K, 5); - L6 ^= C1(K, 5); - L7 ^= C2(K, 5); - L0 ^= C3(K, 5); - L1 ^= C4(K, 5); - L2 ^= C5(K, 5); - L3 ^= C6(K, 5); - L4 ^= C7(K, 5); - - L6 ^= C0(K, 6); - L7 ^= C1(K, 6); - L0 ^= C2(K, 6); - L1 ^= C3(K, 6); - L2 ^= C4(K, 6); - L3 ^= C5(K, 6); - L4 ^= C6(K, 6); - L5 ^= C7(K, 6); - - L7 ^= C0(K, 7); - L0 ^= C1(K, 7); - L1 ^= C2(K, 7); - L2 ^= C3(K, 7); - L3 ^= C4(K, 7); - L4 ^= C5(K, 7); - L5 ^= C6(K, 7); - L6 ^= C7(K, 7); - - K.q[0] = L0; - K.q[1] = L1; - K.q[2] = L2; - K.q[3] = L3; - K.q[4] = L4; - K.q[5] = L5; - K.q[6] = L6; - K.q[7] = L7; - - L0 ^= C0(S, 0); - L1 ^= C1(S, 0); - L2 ^= C2(S, 0); - L3 ^= C3(S, 0); - L4 ^= C4(S, 0); - L5 ^= C5(S, 0); - L6 ^= C6(S, 0); - L7 ^= C7(S, 0); - - L1 ^= C0(S, 1); - L2 ^= C1(S, 1); - L3 ^= C2(S, 1); - L4 ^= C3(S, 1); - L5 ^= C4(S, 1); - L6 ^= C5(S, 1); - L7 ^= C6(S, 1); - L0 ^= C7(S, 1); - - L2 ^= C0(S, 2); - L3 ^= C1(S, 2); - L4 ^= C2(S, 2); - L5 ^= C3(S, 2); - L6 ^= C4(S, 2); - L7 ^= C5(S, 2); - L0 ^= C6(S, 2); - L1 ^= C7(S, 2); - - L3 ^= C0(S, 3); - L4 ^= C1(S, 3); - L5 ^= C2(S, 3); - L6 ^= C3(S, 3); - L7 ^= C4(S, 3); - L0 ^= C5(S, 3); - L1 ^= C6(S, 3); - L2 ^= C7(S, 3); - - L4 ^= C0(S, 4); - L5 ^= C1(S, 4); - L6 ^= C2(S, 4); - L7 ^= C3(S, 4); - L0 ^= C4(S, 4); - L1 ^= C5(S, 4); - L2 ^= C6(S, 4); - L3 ^= C7(S, 4); - - L5 ^= C0(S, 5); - L6 ^= C1(S, 5); - L7 ^= C2(S, 5); - L0 ^= C3(S, 5); - L1 ^= C4(S, 5); - L2 ^= C5(S, 5); - L3 ^= C6(S, 5); - L4 ^= C7(S, 5); - - L6 ^= C0(S, 6); - L7 ^= C1(S, 6); - L0 ^= C2(S, 6); - L1 ^= C3(S, 6); - L2 ^= C4(S, 6); - L3 ^= C5(S, 6); - L4 ^= C6(S, 6); - L5 ^= C7(S, 6); - - L7 ^= C0(S, 7); - L0 ^= C1(S, 7); - L1 ^= C2(S, 7); - L2 ^= C3(S, 7); - L3 ^= C4(S, 7); - L4 ^= C5(S, 7); - L5 ^= C6(S, 7); - L6 ^= C7(S, 7); - - S.q[0] = L0; - S.q[1] = L1; - S.q[2] = L2; - S.q[3] = L3; - S.q[4] = L4; - S.q[5] = L5; - S.q[6] = L6; - S.q[7] = L7; -# endif - } - -# ifdef STRICT_ALIGNMENT - if ((size_t)p & 7) { - int i; - for (i = 0; i < 64; i++) - H->c[i] ^= S.c[i] ^ p[i]; - } else -# endif - { - const u64_aX *pa = (const u64_aX *)p; - H->q[0] ^= S.q[0] ^ pa[0]; - H->q[1] ^= S.q[1] ^ pa[1]; - H->q[2] ^= S.q[2] ^ pa[2]; - H->q[3] ^= S.q[3] ^ pa[3]; - H->q[4] ^= S.q[4] ^ pa[4]; - H->q[5] ^= S.q[5] ^ pa[5]; - H->q[6] ^= S.q[6] ^ pa[6]; - H->q[7] ^= S.q[7] ^ pa[7]; - } -#endif - p += 64; - } while (--n); -} diff --git a/crypto/whrlpool/wp_dgst.c b/crypto/whrlpool/wp_dgst.c deleted file mode 100644 index 4a1d912d6290874fabdb250003500bb63380229f..0000000000000000000000000000000000000000 --- a/crypto/whrlpool/wp_dgst.c +++ /dev/null @@ -1,264 +0,0 @@ -/* - * Copyright 2005-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/** - * The Whirlpool hashing function. - * - * See - * P.S.L.M. Barreto, V. Rijmen, - * ``The Whirlpool hashing function,'' - * NESSIE submission, 2000 (tweaked version, 2001), - * - * - * Based on "@version 3.0 (2003.03.12)" by Paulo S.L.M. Barreto and - * Vincent Rijmen. Lookup "reference implementations" on - * - * - * ============================================================================= - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS - * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED - * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE - * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR - * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, - * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE - * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, - * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ - -/* - * OpenSSL-specific implementation notes. - * - * WHIRLPOOL_Update as well as one-stroke WHIRLPOOL both expect - * number of *bytes* as input length argument. Bit-oriented routine - * as specified by authors is called WHIRLPOOL_BitUpdate[!] and - * does not have one-stroke counterpart. - * - * WHIRLPOOL_BitUpdate implements byte-oriented loop, essentially - * to serve WHIRLPOOL_Update. This is done for performance. - * - * Unlike authors' reference implementation, block processing - * routine whirlpool_block is designed to operate on multi-block - * input. This is done for performance. - */ - -/* - * Whirlpool low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include -#include "wp_local.h" -#include - -int WHIRLPOOL_Init(WHIRLPOOL_CTX *c) -{ - memset(c, 0, sizeof(*c)); - return 1; -} - -int WHIRLPOOL_Update(WHIRLPOOL_CTX *c, const void *_inp, size_t bytes) -{ - /* - * Well, largest suitable chunk size actually is - * (1<<(sizeof(size_t)*8-3))-64, but below number is large enough for not - * to care about excessive calls to WHIRLPOOL_BitUpdate... - */ - size_t chunk = ((size_t)1) << (sizeof(size_t) * 8 - 4); - const unsigned char *inp = _inp; - - while (bytes >= chunk) { - WHIRLPOOL_BitUpdate(c, inp, chunk * 8); - bytes -= chunk; - inp += chunk; - } - if (bytes) - WHIRLPOOL_BitUpdate(c, inp, bytes * 8); - - return 1; -} - -void WHIRLPOOL_BitUpdate(WHIRLPOOL_CTX *c, const void *_inp, size_t bits) -{ - size_t n; - unsigned int bitoff = c->bitoff, - bitrem = bitoff % 8, inpgap = (8 - (unsigned int)bits % 8) & 7; - const unsigned char *inp = _inp; - - /* - * This 256-bit increment procedure relies on the size_t being natural - * size of CPU register, so that we don't have to mask the value in order - * to detect overflows. - */ - c->bitlen[0] += bits; - if (c->bitlen[0] < bits) { /* overflow */ - n = 1; - do { - c->bitlen[n]++; - } while (c->bitlen[n] == 0 - && ++n < (WHIRLPOOL_COUNTER / sizeof(size_t))); - } -#ifndef OPENSSL_SMALL_FOOTPRINT - reconsider: - if (inpgap == 0 && bitrem == 0) { /* byte-oriented loop */ - while (bits) { - if (bitoff == 0 && (n = bits / WHIRLPOOL_BBLOCK)) { - whirlpool_block(c, inp, n); - inp += n * WHIRLPOOL_BBLOCK / 8; - bits %= WHIRLPOOL_BBLOCK; - } else { - unsigned int byteoff = bitoff / 8; - - bitrem = WHIRLPOOL_BBLOCK - bitoff; /* re-use bitrem */ - if (bits >= bitrem) { - bits -= bitrem; - bitrem /= 8; - memcpy(c->data + byteoff, inp, bitrem); - inp += bitrem; - whirlpool_block(c, c->data, 1); - bitoff = 0; - } else { - memcpy(c->data + byteoff, inp, bits / 8); - bitoff += (unsigned int)bits; - bits = 0; - } - c->bitoff = bitoff; - } - } - } else /* bit-oriented loop */ -#endif - { - /*- - inp - | - +-------+-------+------- - ||||||||||||||||||||| - +-------+-------+------- - +-------+-------+-------+-------+------- - |||||||||||||| c->data - +-------+-------+-------+-------+------- - | - c->bitoff/8 - */ - while (bits) { - unsigned int byteoff = bitoff / 8; - unsigned char b; - -#ifndef OPENSSL_SMALL_FOOTPRINT - if (bitrem == inpgap) { - c->data[byteoff++] |= inp[0] & (0xff >> inpgap); - inpgap = 8 - inpgap; - bitoff += inpgap; - bitrem = 0; /* bitoff%8 */ - bits -= inpgap; - inpgap = 0; /* bits%8 */ - inp++; - if (bitoff == WHIRLPOOL_BBLOCK) { - whirlpool_block(c, c->data, 1); - bitoff = 0; - } - c->bitoff = bitoff; - goto reconsider; - } else -#endif - if (bits > 8) { - b = ((inp[0] << inpgap) | (inp[1] >> (8 - inpgap))); - b &= 0xff; - if (bitrem) - c->data[byteoff++] |= b >> bitrem; - else - c->data[byteoff++] = b; - bitoff += 8; - bits -= 8; - inp++; - if (bitoff >= WHIRLPOOL_BBLOCK) { - whirlpool_block(c, c->data, 1); - byteoff = 0; - bitoff %= WHIRLPOOL_BBLOCK; - } - if (bitrem) - c->data[byteoff] = b << (8 - bitrem); - } else { /* remaining less than or equal to 8 bits */ - - b = (inp[0] << inpgap) & 0xff; - if (bitrem) - c->data[byteoff++] |= b >> bitrem; - else - c->data[byteoff++] = b; - bitoff += (unsigned int)bits; - if (bitoff == WHIRLPOOL_BBLOCK) { - whirlpool_block(c, c->data, 1); - byteoff = 0; - bitoff %= WHIRLPOOL_BBLOCK; - } - if (bitrem) - c->data[byteoff] = b << (8 - bitrem); - bits = 0; - } - c->bitoff = bitoff; - } - } -} - -int WHIRLPOOL_Final(unsigned char *md, WHIRLPOOL_CTX *c) -{ - unsigned int bitoff = c->bitoff, byteoff = bitoff / 8; - size_t i, j, v; - unsigned char *p; - - bitoff %= 8; - if (bitoff) - c->data[byteoff] |= 0x80 >> bitoff; - else - c->data[byteoff] = 0x80; - byteoff++; - - /* pad with zeros */ - if (byteoff > (WHIRLPOOL_BBLOCK / 8 - WHIRLPOOL_COUNTER)) { - if (byteoff < WHIRLPOOL_BBLOCK / 8) - memset(&c->data[byteoff], 0, WHIRLPOOL_BBLOCK / 8 - byteoff); - whirlpool_block(c, c->data, 1); - byteoff = 0; - } - if (byteoff < (WHIRLPOOL_BBLOCK / 8 - WHIRLPOOL_COUNTER)) - memset(&c->data[byteoff], 0, - (WHIRLPOOL_BBLOCK / 8 - WHIRLPOOL_COUNTER) - byteoff); - /* smash 256-bit c->bitlen in big-endian order */ - p = &c->data[WHIRLPOOL_BBLOCK / 8 - 1]; /* last byte in c->data */ - for (i = 0; i < WHIRLPOOL_COUNTER / sizeof(size_t); i++) - for (v = c->bitlen[i], j = 0; j < sizeof(size_t); j++, v >>= 8) - *p-- = (unsigned char)(v & 0xff); - - whirlpool_block(c, c->data, 1); - - if (md) { - memcpy(md, c->H.c, WHIRLPOOL_DIGEST_LENGTH); - OPENSSL_cleanse(c, sizeof(*c)); - return 1; - } - return 0; -} - -unsigned char *WHIRLPOOL(const void *inp, size_t bytes, unsigned char *md) -{ - WHIRLPOOL_CTX ctx; - static unsigned char m[WHIRLPOOL_DIGEST_LENGTH]; - - if (md == NULL) - md = m; - WHIRLPOOL_Init(&ctx); - WHIRLPOOL_Update(&ctx, inp, bytes); - WHIRLPOOL_Final(md, &ctx); - return md; -} diff --git a/crypto/whrlpool/wp_local.h b/crypto/whrlpool/wp_local.h deleted file mode 100644 index 73dc2a003da32d468273966e3a157c57023779c8..0000000000000000000000000000000000000000 --- a/crypto/whrlpool/wp_local.h +++ /dev/null @@ -1,12 +0,0 @@ -/* - * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include - -void whirlpool_block(WHIRLPOOL_CTX *, const void *, size_t); diff --git a/crypto/x509/build.info b/crypto/x509/build.info deleted file mode 100644 index 8820f983bb3d01f04eb5adfbd82d8226e01e01b4..0000000000000000000000000000000000000000 --- a/crypto/x509/build.info +++ /dev/null @@ -1,21 +0,0 @@ -LIBS=../../libcrypto -SOURCE[../../libcrypto]=\ - x509_def.c x509_d2.c x509_r2x.c x509_cmp.c \ - x509_obj.c x509_req.c x509spki.c x509_vfy.c \ - x509_set.c x509cset.c x509rset.c x509_err.c \ - x509name.c x509_v3.c x509_ext.c x509_att.c \ - x509_meth.c x509_lu.c x_all.c x509_txt.c \ - x509_trust.c by_file.c by_dir.c by_store.c x509_vpm.c \ - x_crl.c t_crl.c x_req.c t_req.c x_x509.c t_x509.c \ - x_pubkey.c x_x509a.c x_attrib.c x_exten.c x_name.c \ - v3_bcons.c v3_bitst.c v3_conf.c v3_extku.c v3_ia5.c v3_utf8.c v3_lib.c \ - v3_prn.c v3_utl.c v3err.c v3_genn.c v3_san.c v3_skid.c v3_akid.c \ - v3_pku.c v3_int.c v3_enum.c v3_sxnet.c v3_cpols.c v3_crld.c v3_purp.c \ - v3_info.c v3_akeya.c v3_pmaps.c v3_pcons.c v3_ncons.c \ - v3_pcia.c v3_pci.c v3_ist.c \ - pcy_cache.c pcy_node.c pcy_data.c pcy_map.c pcy_tree.c pcy_lib.c \ - v3_asid.c v3_addr.c v3_tlsf.c v3_admis.c - -IF[{- !$disabled{'deprecated-3.0'} -}] - SOURCE[../../libcrypto]=x509type.c -ENDIF diff --git a/crypto/x509/by_dir.c b/crypto/x509/by_dir.c deleted file mode 100644 index 258ad518525743358e989e3de041792f9f139040..0000000000000000000000000000000000000000 --- a/crypto/x509/by_dir.c +++ /dev/null @@ -1,418 +0,0 @@ -/* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#if defined (__TANDEM) && defined (_SPT_MODEL_) - /* - * These definitions have to come first in SPT due to scoping of the - * declarations in c99 associated with SPT use of stat. - */ -# include -# include -#endif - -#include "e_os.h" -#include "internal/cryptlib.h" -#include -#include -#include -#include - -#ifndef OPENSSL_NO_POSIX_IO -# include -#endif - -#include -#include "crypto/x509.h" -#include "x509_local.h" - -struct lookup_dir_hashes_st { - unsigned long hash; - int suffix; -}; - -struct lookup_dir_entry_st { - char *dir; - int dir_type; - STACK_OF(BY_DIR_HASH) *hashes; -}; - -typedef struct lookup_dir_st { - BUF_MEM *buffer; - STACK_OF(BY_DIR_ENTRY) *dirs; - CRYPTO_RWLOCK *lock; -} BY_DIR; - -static int dir_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl, - char **retp); - -static int new_dir(X509_LOOKUP *lu); -static void free_dir(X509_LOOKUP *lu); -static int add_cert_dir(BY_DIR *ctx, const char *dir, int type); -static int get_cert_by_subject(X509_LOOKUP *xl, X509_LOOKUP_TYPE type, - const X509_NAME *name, X509_OBJECT *ret); -static int get_cert_by_subject_ex(X509_LOOKUP *xl, X509_LOOKUP_TYPE type, - const X509_NAME *name, X509_OBJECT *ret, - OSSL_LIB_CTX *libctx, const char *propq); -static X509_LOOKUP_METHOD x509_dir_lookup = { - "Load certs from files in a directory", - new_dir, /* new_item */ - free_dir, /* free */ - NULL, /* init */ - NULL, /* shutdown */ - dir_ctrl, /* ctrl */ - get_cert_by_subject, /* get_by_subject */ - NULL, /* get_by_issuer_serial */ - NULL, /* get_by_fingerprint */ - NULL, /* get_by_alias */ - get_cert_by_subject_ex, /* get_by_subject_ex */ - NULL, /* ctrl_ex */ -}; - -X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void) -{ - return &x509_dir_lookup; -} - -static int dir_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl, - char **retp) -{ - int ret = 0; - BY_DIR *ld = (BY_DIR *)ctx->method_data; - - switch (cmd) { - case X509_L_ADD_DIR: - if (argl == X509_FILETYPE_DEFAULT) { - const char *dir = ossl_safe_getenv(X509_get_default_cert_dir_env()); - - if (dir) - ret = add_cert_dir(ld, dir, X509_FILETYPE_PEM); - else - ret = add_cert_dir(ld, X509_get_default_cert_dir(), - X509_FILETYPE_PEM); - if (!ret) { - ERR_raise(ERR_LIB_X509, X509_R_LOADING_CERT_DIR); - } - } else - ret = add_cert_dir(ld, argp, (int)argl); - break; - } - return ret; -} - -static int new_dir(X509_LOOKUP *lu) -{ - BY_DIR *a = OPENSSL_malloc(sizeof(*a)); - - if (a == NULL) { - ERR_raise(ERR_LIB_X509, ERR_R_MALLOC_FAILURE); - return 0; - } - - if ((a->buffer = BUF_MEM_new()) == NULL) { - ERR_raise(ERR_LIB_X509, ERR_R_MALLOC_FAILURE); - goto err; - } - a->dirs = NULL; - a->lock = CRYPTO_THREAD_lock_new(); - if (a->lock == NULL) { - BUF_MEM_free(a->buffer); - ERR_raise(ERR_LIB_X509, ERR_R_MALLOC_FAILURE); - goto err; - } - lu->method_data = a; - return 1; - - err: - OPENSSL_free(a); - return 0; -} - -static void by_dir_hash_free(BY_DIR_HASH *hash) -{ - OPENSSL_free(hash); -} - -static int by_dir_hash_cmp(const BY_DIR_HASH *const *a, - const BY_DIR_HASH *const *b) -{ - if ((*a)->hash > (*b)->hash) - return 1; - if ((*a)->hash < (*b)->hash) - return -1; - return 0; -} - -static void by_dir_entry_free(BY_DIR_ENTRY *ent) -{ - OPENSSL_free(ent->dir); - sk_BY_DIR_HASH_pop_free(ent->hashes, by_dir_hash_free); - OPENSSL_free(ent); -} - -static void free_dir(X509_LOOKUP *lu) -{ - BY_DIR *a = (BY_DIR *)lu->method_data; - - sk_BY_DIR_ENTRY_pop_free(a->dirs, by_dir_entry_free); - BUF_MEM_free(a->buffer); - CRYPTO_THREAD_lock_free(a->lock); - OPENSSL_free(a); -} - -static int add_cert_dir(BY_DIR *ctx, const char *dir, int type) -{ - int j; - size_t len; - const char *s, *ss, *p; - - if (dir == NULL || *dir == '\0') { - ERR_raise(ERR_LIB_X509, X509_R_INVALID_DIRECTORY); - return 0; - } - - s = dir; - p = s; - do { - if ((*p == LIST_SEPARATOR_CHAR) || (*p == '\0')) { - BY_DIR_ENTRY *ent; - - ss = s; - s = p + 1; - len = p - ss; - if (len == 0) - continue; - for (j = 0; j < sk_BY_DIR_ENTRY_num(ctx->dirs); j++) { - ent = sk_BY_DIR_ENTRY_value(ctx->dirs, j); - if (strlen(ent->dir) == len && strncmp(ent->dir, ss, len) == 0) - break; - } - if (j < sk_BY_DIR_ENTRY_num(ctx->dirs)) - continue; - if (ctx->dirs == NULL) { - ctx->dirs = sk_BY_DIR_ENTRY_new_null(); - if (!ctx->dirs) { - ERR_raise(ERR_LIB_X509, ERR_R_MALLOC_FAILURE); - return 0; - } - } - ent = OPENSSL_malloc(sizeof(*ent)); - if (ent == NULL) { - ERR_raise(ERR_LIB_X509, ERR_R_MALLOC_FAILURE); - return 0; - } - ent->dir_type = type; - ent->hashes = sk_BY_DIR_HASH_new(by_dir_hash_cmp); - ent->dir = OPENSSL_strndup(ss, len); - if (ent->dir == NULL || ent->hashes == NULL) { - by_dir_entry_free(ent); - return 0; - } - if (!sk_BY_DIR_ENTRY_push(ctx->dirs, ent)) { - by_dir_entry_free(ent); - ERR_raise(ERR_LIB_X509, ERR_R_MALLOC_FAILURE); - return 0; - } - } - } while (*p++ != '\0'); - return 1; -} - -static int get_cert_by_subject_ex(X509_LOOKUP *xl, X509_LOOKUP_TYPE type, - const X509_NAME *name, X509_OBJECT *ret, - OSSL_LIB_CTX *libctx, const char *propq) -{ - BY_DIR *ctx; - union { - X509 st_x509; - X509_CRL crl; - } data; - int ok = 0; - int i, j, k; - unsigned long h; - BUF_MEM *b = NULL; - X509_OBJECT stmp, *tmp; - const char *postfix = ""; - - if (name == NULL) - return 0; - - stmp.type = type; - if (type == X509_LU_X509) { - data.st_x509.cert_info.subject = (X509_NAME *)name; /* won't modify it */ - stmp.data.x509 = &data.st_x509; - } else if (type == X509_LU_CRL) { - data.crl.crl.issuer = (X509_NAME *)name; /* won't modify it */ - stmp.data.crl = &data.crl; - postfix = "r"; - } else { - ERR_raise(ERR_LIB_X509, X509_R_WRONG_LOOKUP_TYPE); - goto finish; - } - - if ((b = BUF_MEM_new()) == NULL) { - ERR_raise(ERR_LIB_X509, ERR_R_BUF_LIB); - goto finish; - } - - ctx = (BY_DIR *)xl->method_data; - h = X509_NAME_hash_ex(name, libctx, propq, &i); - if (i == 0) - goto finish; - for (i = 0; i < sk_BY_DIR_ENTRY_num(ctx->dirs); i++) { - BY_DIR_ENTRY *ent; - int idx; - BY_DIR_HASH htmp, *hent; - - ent = sk_BY_DIR_ENTRY_value(ctx->dirs, i); - j = strlen(ent->dir) + 1 + 8 + 6 + 1 + 1; - if (!BUF_MEM_grow(b, j)) { - ERR_raise(ERR_LIB_X509, ERR_R_MALLOC_FAILURE); - goto finish; - } - if (type == X509_LU_CRL && ent->hashes) { - htmp.hash = h; - if (!CRYPTO_THREAD_read_lock(ctx->lock)) - goto finish; - idx = sk_BY_DIR_HASH_find(ent->hashes, &htmp); - if (idx >= 0) { - hent = sk_BY_DIR_HASH_value(ent->hashes, idx); - k = hent->suffix; - } else { - hent = NULL; - k = 0; - } - CRYPTO_THREAD_unlock(ctx->lock); - } else { - k = 0; - hent = NULL; - } - for (;;) { - char c = '/'; - -#ifdef OPENSSL_SYS_VMS - c = ent->dir[strlen(ent->dir) - 1]; - if (c != ':' && c != '>' && c != ']') { - /* - * If no separator is present, we assume the directory - * specifier is a logical name, and add a colon. We really - * should use better VMS routines for merging things like - * this, but this will do for now... -- Richard Levitte - */ - c = ':'; - } else { - c = '\0'; - } - - if (c == '\0') { - /* - * This is special. When c == '\0', no directory separator - * should be added. - */ - BIO_snprintf(b->data, b->max, - "%s%08lx.%s%d", ent->dir, h, postfix, k); - } else -#endif - { - BIO_snprintf(b->data, b->max, - "%s%c%08lx.%s%d", ent->dir, c, h, postfix, k); - } -#ifndef OPENSSL_NO_POSIX_IO -# ifdef _WIN32 -# define stat _stat -# endif - { - struct stat st; - if (stat(b->data, &st) < 0) - break; - } -#endif - /* found one. */ - if (type == X509_LU_X509) { - if ((X509_load_cert_file_ex(xl, b->data, ent->dir_type, libctx, - propq)) == 0) - break; - } else if (type == X509_LU_CRL) { - if ((X509_load_crl_file(xl, b->data, ent->dir_type)) == 0) - break; - } - /* else case will caught higher up */ - k++; - } - - /* - * we have added it to the cache so now pull it out again - */ - X509_STORE_lock(xl->store_ctx); - j = sk_X509_OBJECT_find(xl->store_ctx->objs, &stmp); - tmp = sk_X509_OBJECT_value(xl->store_ctx->objs, j); - X509_STORE_unlock(xl->store_ctx); - - /* If a CRL, update the last file suffix added for this */ - - if (type == X509_LU_CRL) { - if (!CRYPTO_THREAD_write_lock(ctx->lock)) - goto finish; - /* - * Look for entry again in case another thread added an entry - * first. - */ - if (hent == NULL) { - htmp.hash = h; - idx = sk_BY_DIR_HASH_find(ent->hashes, &htmp); - hent = sk_BY_DIR_HASH_value(ent->hashes, idx); - } - if (hent == NULL) { - hent = OPENSSL_malloc(sizeof(*hent)); - if (hent == NULL) { - CRYPTO_THREAD_unlock(ctx->lock); - ERR_raise(ERR_LIB_X509, ERR_R_MALLOC_FAILURE); - ok = 0; - goto finish; - } - hent->hash = h; - hent->suffix = k; - if (!sk_BY_DIR_HASH_push(ent->hashes, hent)) { - CRYPTO_THREAD_unlock(ctx->lock); - OPENSSL_free(hent); - ERR_raise(ERR_LIB_X509, ERR_R_MALLOC_FAILURE); - ok = 0; - goto finish; - } - } else if (hent->suffix < k) { - hent->suffix = k; - } - - CRYPTO_THREAD_unlock(ctx->lock); - - } - - if (tmp != NULL) { - ok = 1; - ret->type = tmp->type; - memcpy(&ret->data, &tmp->data, sizeof(ret->data)); - - /* - * Clear any errors that might have been raised processing empty - * or malformed files. - */ - ERR_clear_error(); - - goto finish; - } - } - finish: - BUF_MEM_free(b); - return ok; -} - -static int get_cert_by_subject(X509_LOOKUP *xl, X509_LOOKUP_TYPE type, - const X509_NAME *name, X509_OBJECT *ret) -{ - return get_cert_by_subject_ex(xl, type, name, ret, NULL, NULL); -} diff --git a/crypto/x509/by_file.c b/crypto/x509/by_file.c deleted file mode 100644 index 37d73ca84c541a4102e72453bc7a9c4b38ad4c77..0000000000000000000000000000000000000000 --- a/crypto/x509/by_file.c +++ /dev/null @@ -1,261 +0,0 @@ -/* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include - -#include "internal/cryptlib.h" -#include -#include -#include -#include "x509_local.h" - -static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, - long argl, char **ret); -static int by_file_ctrl_ex(X509_LOOKUP *ctx, int cmd, const char *argc, - long argl, char **ret, OSSL_LIB_CTX *libctx, - const char *propq); - - -static X509_LOOKUP_METHOD x509_file_lookup = { - "Load file into cache", - NULL, /* new_item */ - NULL, /* free */ - NULL, /* init */ - NULL, /* shutdown */ - by_file_ctrl, /* ctrl */ - NULL, /* get_by_subject */ - NULL, /* get_by_issuer_serial */ - NULL, /* get_by_fingerprint */ - NULL, /* get_by_alias */ - NULL, /* get_by_subject_ex */ - by_file_ctrl_ex, /* ctrl_ex */ -}; - -X509_LOOKUP_METHOD *X509_LOOKUP_file(void) -{ - return &x509_file_lookup; -} - -static int by_file_ctrl_ex(X509_LOOKUP *ctx, int cmd, const char *argp, - long argl, char **ret, OSSL_LIB_CTX *libctx, - const char *propq) -{ - int ok = 0; - const char *file; - - switch (cmd) { - case X509_L_FILE_LOAD: - if (argl == X509_FILETYPE_DEFAULT) { - file = ossl_safe_getenv(X509_get_default_cert_file_env()); - if (file) - ok = (X509_load_cert_crl_file_ex(ctx, file, X509_FILETYPE_PEM, - libctx, propq) != 0); - - else - ok = (X509_load_cert_crl_file_ex( - ctx, X509_get_default_cert_file(), - X509_FILETYPE_PEM, libctx, propq) != 0); - - if (!ok) { - ERR_raise(ERR_LIB_X509, X509_R_LOADING_DEFAULTS); - } - } else { - if (argl == X509_FILETYPE_PEM) - ok = (X509_load_cert_crl_file_ex(ctx, argp, X509_FILETYPE_PEM, - libctx, propq) != 0); - else - ok = (X509_load_cert_file_ex(ctx, argp, (int)argl, libctx, - propq) != 0); - } - break; - } - return ok; -} - -static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, - const char *argp, long argl, char **ret) -{ - return by_file_ctrl_ex(ctx, cmd, argp, argl, ret, NULL, NULL); -} - -int X509_load_cert_file_ex(X509_LOOKUP *ctx, const char *file, int type, - OSSL_LIB_CTX *libctx, const char *propq) -{ - int ret = 0; - BIO *in = NULL; - int i, count = 0; - X509 *x = NULL; - - in = BIO_new(BIO_s_file()); - - if ((in == NULL) || (BIO_read_filename(in, file) <= 0)) { - ERR_raise(ERR_LIB_X509, ERR_R_SYS_LIB); - goto err; - } - - if (type != X509_FILETYPE_PEM && type != X509_FILETYPE_ASN1) { - ERR_raise(ERR_LIB_X509, X509_R_BAD_X509_FILETYPE); - goto err; - } - x = X509_new_ex(libctx, propq); - if (x == NULL) { - ERR_raise(ERR_LIB_X509, ERR_R_MALLOC_FAILURE); - goto err; - } - - if (type == X509_FILETYPE_PEM) { - for (;;) { - ERR_set_mark(); - if (PEM_read_bio_X509_AUX(in, &x, NULL, "") == NULL) { - if ((ERR_GET_REASON(ERR_peek_last_error()) == - PEM_R_NO_START_LINE) && (count > 0)) { - ERR_pop_to_mark(); - break; - } else { - ERR_clear_last_mark(); - goto err; - } - } - ERR_clear_last_mark(); - i = X509_STORE_add_cert(ctx->store_ctx, x); - if (!i) - goto err; - count++; - X509_free(x); - x = NULL; - } - ret = count; - } else if (type == X509_FILETYPE_ASN1) { - if (d2i_X509_bio(in, &x) == NULL) { - ERR_raise(ERR_LIB_X509, ERR_R_ASN1_LIB); - goto err; - } - i = X509_STORE_add_cert(ctx->store_ctx, x); - if (!i) - goto err; - ret = i; - } - if (ret == 0) - ERR_raise(ERR_LIB_X509, X509_R_NO_CERTIFICATE_FOUND); - err: - X509_free(x); - BIO_free(in); - return ret; -} - -int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type) -{ - return X509_load_cert_file_ex(ctx, file, type, NULL, NULL); -} - -int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type) -{ - int ret = 0; - BIO *in = NULL; - int i, count = 0; - X509_CRL *x = NULL; - - in = BIO_new(BIO_s_file()); - - if ((in == NULL) || (BIO_read_filename(in, file) <= 0)) { - ERR_raise(ERR_LIB_X509, ERR_R_SYS_LIB); - goto err; - } - - if (type == X509_FILETYPE_PEM) { - for (;;) { - x = PEM_read_bio_X509_CRL(in, NULL, NULL, ""); - if (x == NULL) { - if ((ERR_GET_REASON(ERR_peek_last_error()) == - PEM_R_NO_START_LINE) && (count > 0)) { - ERR_clear_error(); - break; - } else { - ERR_raise(ERR_LIB_X509, ERR_R_PEM_LIB); - goto err; - } - } - i = X509_STORE_add_crl(ctx->store_ctx, x); - if (!i) - goto err; - count++; - X509_CRL_free(x); - x = NULL; - } - ret = count; - } else if (type == X509_FILETYPE_ASN1) { - x = d2i_X509_CRL_bio(in, NULL); - if (x == NULL) { - ERR_raise(ERR_LIB_X509, ERR_R_ASN1_LIB); - goto err; - } - i = X509_STORE_add_crl(ctx->store_ctx, x); - if (!i) - goto err; - ret = i; - } else { - ERR_raise(ERR_LIB_X509, X509_R_BAD_X509_FILETYPE); - goto err; - } - if (ret == 0) - ERR_raise(ERR_LIB_X509, X509_R_NO_CRL_FOUND); - err: - X509_CRL_free(x); - BIO_free(in); - return ret; -} - -int X509_load_cert_crl_file_ex(X509_LOOKUP *ctx, const char *file, int type, - OSSL_LIB_CTX *libctx, const char *propq) -{ - STACK_OF(X509_INFO) *inf; - X509_INFO *itmp; - BIO *in; - int i, count = 0; - - if (type != X509_FILETYPE_PEM) - return X509_load_cert_file_ex(ctx, file, type, libctx, propq); - in = BIO_new_file(file, "r"); - if (!in) { - ERR_raise(ERR_LIB_X509, ERR_R_SYS_LIB); - return 0; - } - inf = PEM_X509_INFO_read_bio_ex(in, NULL, NULL, "", libctx, propq); - BIO_free(in); - if (!inf) { - ERR_raise(ERR_LIB_X509, ERR_R_PEM_LIB); - return 0; - } - for (i = 0; i < sk_X509_INFO_num(inf); i++) { - itmp = sk_X509_INFO_value(inf, i); - if (itmp->x509) { - if (!X509_STORE_add_cert(ctx->store_ctx, itmp->x509)) - goto err; - count++; - } - if (itmp->crl) { - if (!X509_STORE_add_crl(ctx->store_ctx, itmp->crl)) - goto err; - count++; - } - } - if (count == 0) - ERR_raise(ERR_LIB_X509, X509_R_NO_CERTIFICATE_OR_CRL_FOUND); - err: - sk_X509_INFO_pop_free(inf, X509_INFO_free); - return count; -} - -int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type) -{ - return X509_load_cert_crl_file_ex(ctx, file, type, NULL, NULL); -} - diff --git a/crypto/x509/by_store.c b/crypto/x509/by_store.c deleted file mode 100644 index 050735ce324734c8ea116ddd71e4b8f88ff3822c..0000000000000000000000000000000000000000 --- a/crypto/x509/by_store.c +++ /dev/null @@ -1,249 +0,0 @@ -/* - * Copyright 2018-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/cryptlib.h" -#include "crypto/x509.h" -#include "x509_local.h" - -/* Generic object loader, given expected type and criterion */ -static int cache_objects(X509_LOOKUP *lctx, const char *uri, - const OSSL_STORE_SEARCH *criterion, - int depth, OSSL_LIB_CTX *libctx, const char *propq) -{ - int ok = 0; - OSSL_STORE_CTX *ctx = NULL; - X509_STORE *xstore = X509_LOOKUP_get_store(lctx); - - if ((ctx = OSSL_STORE_open_ex(uri, libctx, propq, NULL, NULL, NULL, - NULL, NULL)) == NULL) - return 0; - - /* - * We try to set the criterion, but don't care if it was valid or not. - * For a OSSL_STORE, it merely serves as an optimization, the expectation - * being that if the criterion couldn't be used, we will get *everything* - * from the container that the URI represents rather than the subset that - * the criterion indicates, so the biggest harm is that we cache more - * objects certs and CRLs than we may expect, but that's ok. - * - * Specifically for OpenSSL's own file: scheme, the only workable - * criterion is the BY_NAME one, which it can only apply on directories, - * but it's possible that the URI is a single file rather than a directory, - * and in that case, the BY_NAME criterion is pointless. - * - * We could very simply not apply any criterion at all here, and just let - * the code that selects certs and CRLs from the cached objects do its job, - * but it's a nice optimization when it can be applied (such as on an - * actual directory with a thousand CA certs). - */ - if (criterion != NULL) - OSSL_STORE_find(ctx, criterion); - - for (;;) { - OSSL_STORE_INFO *info = OSSL_STORE_load(ctx); - int infotype; - - /* NULL means error or "end of file". Either way, we break. */ - if (info == NULL) - break; - - infotype = OSSL_STORE_INFO_get_type(info); - ok = 0; - - if (infotype == OSSL_STORE_INFO_NAME) { - /* - * This is an entry in the "directory" represented by the current - * uri. if |depth| allows, dive into it. - */ - if (depth > 0) - ok = cache_objects(lctx, OSSL_STORE_INFO_get0_NAME(info), - criterion, depth - 1, libctx, propq); - } else { - /* - * We know that X509_STORE_add_{cert|crl} increments the object's - * refcount, so we can safely use OSSL_STORE_INFO_get0_{cert,crl} - * to get them. - */ - switch (infotype) { - case OSSL_STORE_INFO_CERT: - ok = X509_STORE_add_cert(xstore, - OSSL_STORE_INFO_get0_CERT(info)); - break; - case OSSL_STORE_INFO_CRL: - ok = X509_STORE_add_crl(xstore, - OSSL_STORE_INFO_get0_CRL(info)); - break; - } - } - - OSSL_STORE_INFO_free(info); - if (!ok) - break; - } - OSSL_STORE_close(ctx); - - return ok; -} - - -/* Because OPENSSL_free is a macro and for C type match */ -static void free_uri(OPENSSL_STRING data) -{ - OPENSSL_free(data); -} - -static void by_store_free(X509_LOOKUP *ctx) -{ - STACK_OF(OPENSSL_STRING) *uris = X509_LOOKUP_get_method_data(ctx); - sk_OPENSSL_STRING_pop_free(uris, free_uri); -} - -static int by_store_ctrl_ex(X509_LOOKUP *ctx, int cmd, const char *argp, - long argl, char **retp, OSSL_LIB_CTX *libctx, - const char *propq) -{ - switch (cmd) { - case X509_L_ADD_STORE: - /* If no URI is given, use the default cert dir as default URI */ - if (argp == NULL) - argp = ossl_safe_getenv(X509_get_default_cert_dir_env()); - if (argp == NULL) - argp = X509_get_default_cert_dir(); - - { - STACK_OF(OPENSSL_STRING) *uris = X509_LOOKUP_get_method_data(ctx); - char *data = OPENSSL_strdup(argp); - - if (data == NULL) { - return 0; - } - if (uris == NULL) { - uris = sk_OPENSSL_STRING_new_null(); - X509_LOOKUP_set_method_data(ctx, uris); - } - return sk_OPENSSL_STRING_push(uris, data) > 0; - } - case X509_L_LOAD_STORE: - /* This is a shortcut for quick loading of specific containers */ - return cache_objects(ctx, argp, NULL, 0, libctx, propq); - } - - return 0; -} - -static int by_store_ctrl(X509_LOOKUP *ctx, int cmd, - const char *argp, long argl, char **retp) -{ - return by_store_ctrl_ex(ctx, cmd, argp, argl, retp, NULL, NULL); -} - -static int by_store(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, - const OSSL_STORE_SEARCH *criterion, X509_OBJECT *ret, - OSSL_LIB_CTX *libctx, const char *propq) -{ - STACK_OF(OPENSSL_STRING) *uris = X509_LOOKUP_get_method_data(ctx); - int i; - int ok = 0; - - for (i = 0; i < sk_OPENSSL_STRING_num(uris); i++) { - ok = cache_objects(ctx, sk_OPENSSL_STRING_value(uris, i), criterion, - 1 /* depth */, libctx, propq); - - if (ok) - break; - } - return ok; -} - -static int by_store_subject_ex(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, - const X509_NAME *name, X509_OBJECT *ret, - OSSL_LIB_CTX *libctx, const char *propq) -{ - OSSL_STORE_SEARCH *criterion = - OSSL_STORE_SEARCH_by_name((X509_NAME *)name); /* won't modify it */ - int ok = by_store(ctx, type, criterion, ret, libctx, propq); - STACK_OF(X509_OBJECT) *store_objects = - X509_STORE_get0_objects(X509_LOOKUP_get_store(ctx)); - X509_OBJECT *tmp = NULL; - - OSSL_STORE_SEARCH_free(criterion); - - if (ok) - tmp = X509_OBJECT_retrieve_by_subject(store_objects, type, name); - - ok = 0; - if (tmp != NULL) { - /* - * This could also be done like this: - * - * if (tmp != NULL) { - * *ret = *tmp; - * ok = 1; - * } - * - * However, we want to exercise the documented API to the max, so - * we do it the hard way. - * - * To be noted is that X509_OBJECT_set1_* increment the refcount, - * but so does X509_STORE_CTX_get_by_subject upon return of this - * function, so we must ensure the refcount is decremented - * before we return, or we will get a refcount leak. We cannot do - * this with X509_OBJECT_free(), though, as that will free a bit - * too much. - */ - switch (type) { - case X509_LU_X509: - ok = X509_OBJECT_set1_X509(ret, tmp->data.x509); - if (ok) - X509_free(tmp->data.x509); - break; - case X509_LU_CRL: - ok = X509_OBJECT_set1_X509_CRL(ret, tmp->data.crl); - if (ok) - X509_CRL_free(tmp->data.crl); - break; - case X509_LU_NONE: - break; - } - } - return ok; -} - -static int by_store_subject(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, - const X509_NAME *name, X509_OBJECT *ret) -{ - return by_store_subject_ex(ctx, type, name, ret, NULL, NULL); -} - -/* - * We lack the implementations for get_by_issuer_serial, get_by_fingerprint - * and get_by_alias. There's simply not enough support in the X509_LOOKUP - * or X509_STORE APIs. - */ - -static X509_LOOKUP_METHOD x509_store_lookup = { - "Load certs from STORE URIs", - NULL, /* new_item */ - by_store_free, /* free */ - NULL, /* init */ - NULL, /* shutdown */ - by_store_ctrl, /* ctrl */ - by_store_subject, /* get_by_subject */ - NULL, /* get_by_issuer_serial */ - NULL, /* get_by_fingerprint */ - NULL, /* get_by_alias */ - by_store_subject_ex, - by_store_ctrl_ex -}; - -X509_LOOKUP_METHOD *X509_LOOKUP_store(void) -{ - return &x509_store_lookup; -} diff --git a/crypto/x509/ext_dat.h b/crypto/x509/ext_dat.h deleted file mode 100644 index a0a7f88ccd8ad63fe8cce6e06745e11a11db2fd9..0000000000000000000000000000000000000000 --- a/crypto/x509/ext_dat.h +++ /dev/null @@ -1,27 +0,0 @@ -/* - * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -int ossl_v3_name_cmp(const char *name, const char *cmp); - -extern const X509V3_EXT_METHOD ossl_v3_bcons, ossl_v3_nscert, ossl_v3_key_usage, ossl_v3_ext_ku; -extern const X509V3_EXT_METHOD ossl_v3_pkey_usage_period, ossl_v3_sxnet, ossl_v3_info, ossl_v3_sinfo; -extern const X509V3_EXT_METHOD ossl_v3_ns_ia5_list[8], ossl_v3_alt[3], ossl_v3_skey_id, ossl_v3_akey_id; -extern const X509V3_EXT_METHOD ossl_v3_crl_num, ossl_v3_crl_reason, ossl_v3_crl_invdate; -extern const X509V3_EXT_METHOD ossl_v3_delta_crl, ossl_v3_cpols, ossl_v3_crld, ossl_v3_freshest_crl; -extern const X509V3_EXT_METHOD ossl_v3_ocsp_nonce, ossl_v3_ocsp_accresp, ossl_v3_ocsp_acutoff; -extern const X509V3_EXT_METHOD ossl_v3_ocsp_crlid, ossl_v3_ocsp_nocheck, ossl_v3_ocsp_serviceloc; -extern const X509V3_EXT_METHOD ossl_v3_crl_hold, ossl_v3_pci; -extern const X509V3_EXT_METHOD ossl_v3_policy_mappings, ossl_v3_policy_constraints; -extern const X509V3_EXT_METHOD ossl_v3_name_constraints, ossl_v3_inhibit_anyp, ossl_v3_idp; -extern const X509V3_EXT_METHOD ossl_v3_addr, ossl_v3_asid; -extern const X509V3_EXT_METHOD ossl_v3_ct_scts[3]; -extern const X509V3_EXT_METHOD ossl_v3_tls_feature; -extern const X509V3_EXT_METHOD ossl_v3_ext_admission; -extern const X509V3_EXT_METHOD ossl_v3_utf8_list[1]; -extern const X509V3_EXT_METHOD ossl_v3_issuer_sign_tool; diff --git a/crypto/x509/pcy_cache.c b/crypto/x509/pcy_cache.c deleted file mode 100644 index 1339f994aee1e9d25edd1206e15be5871144aa47..0000000000000000000000000000000000000000 --- a/crypto/x509/pcy_cache.c +++ /dev/null @@ -1,225 +0,0 @@ -/* - * Copyright 2004-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include "internal/cryptlib.h" -#include -#include -#include "crypto/x509.h" - -#include "pcy_local.h" - -static int policy_data_cmp(const X509_POLICY_DATA *const *a, - const X509_POLICY_DATA *const *b); -static int policy_cache_set_int(long *out, ASN1_INTEGER *value); - -/* - * Set cache entry according to CertificatePolicies extension. Note: this - * destroys the passed CERTIFICATEPOLICIES structure. - */ - -static int policy_cache_create(X509 *x, - CERTIFICATEPOLICIES *policies, int crit) -{ - int i, num, ret = 0; - X509_POLICY_CACHE *cache = x->policy_cache; - X509_POLICY_DATA *data = NULL; - POLICYINFO *policy; - - if ((num = sk_POLICYINFO_num(policies)) <= 0) - goto bad_policy; - cache->data = sk_X509_POLICY_DATA_new(policy_data_cmp); - if (cache->data == NULL) { - ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); - goto just_cleanup; - } - for (i = 0; i < num; i++) { - policy = sk_POLICYINFO_value(policies, i); - data = ossl_policy_data_new(policy, NULL, crit); - if (data == NULL) { - ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); - goto just_cleanup; - } - /* - * Duplicate policy OIDs are illegal: reject if matches found. - */ - if (OBJ_obj2nid(data->valid_policy) == NID_any_policy) { - if (cache->anyPolicy) { - ret = -1; - goto bad_policy; - } - cache->anyPolicy = data; - } else if (sk_X509_POLICY_DATA_find(cache->data, data) >=0 ) { - ret = -1; - goto bad_policy; - } else if (!sk_X509_POLICY_DATA_push(cache->data, data)) { - ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); - goto bad_policy; - } - data = NULL; - } - ret = 1; - - bad_policy: - if (ret == -1) - x->ex_flags |= EXFLAG_INVALID_POLICY; - ossl_policy_data_free(data); - just_cleanup: - sk_POLICYINFO_pop_free(policies, POLICYINFO_free); - if (ret <= 0) { - sk_X509_POLICY_DATA_pop_free(cache->data, ossl_policy_data_free); - cache->data = NULL; - } - return ret; -} - -static int policy_cache_new(X509 *x) -{ - X509_POLICY_CACHE *cache; - ASN1_INTEGER *ext_any = NULL; - POLICY_CONSTRAINTS *ext_pcons = NULL; - CERTIFICATEPOLICIES *ext_cpols = NULL; - POLICY_MAPPINGS *ext_pmaps = NULL; - int i; - - if (x->policy_cache != NULL) - return 1; - cache = OPENSSL_malloc(sizeof(*cache)); - if (cache == NULL) { - ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); - return 0; - } - cache->anyPolicy = NULL; - cache->data = NULL; - cache->any_skip = -1; - cache->explicit_skip = -1; - cache->map_skip = -1; - - x->policy_cache = cache; - - /* - * Handle requireExplicitPolicy *first*. Need to process this even if we - * don't have any policies. - */ - ext_pcons = X509_get_ext_d2i(x, NID_policy_constraints, &i, NULL); - - if (!ext_pcons) { - if (i != -1) - goto bad_cache; - } else { - if (!ext_pcons->requireExplicitPolicy - && !ext_pcons->inhibitPolicyMapping) - goto bad_cache; - if (!policy_cache_set_int(&cache->explicit_skip, - ext_pcons->requireExplicitPolicy)) - goto bad_cache; - if (!policy_cache_set_int(&cache->map_skip, - ext_pcons->inhibitPolicyMapping)) - goto bad_cache; - } - - /* Process CertificatePolicies */ - - ext_cpols = X509_get_ext_d2i(x, NID_certificate_policies, &i, NULL); - /* - * If no CertificatePolicies extension or problem decoding then there is - * no point continuing because the valid policies will be NULL. - */ - if (!ext_cpols) { - /* If not absent some problem with extension */ - if (i != -1) - goto bad_cache; - return 1; - } - - i = policy_cache_create(x, ext_cpols, i); - - /* NB: ext_cpols freed by policy_cache_set_policies */ - - if (i <= 0) - return i; - - ext_pmaps = X509_get_ext_d2i(x, NID_policy_mappings, &i, NULL); - - if (!ext_pmaps) { - /* If not absent some problem with extension */ - if (i != -1) - goto bad_cache; - } else { - i = ossl_policy_cache_set_mapping(x, ext_pmaps); - if (i <= 0) - goto bad_cache; - } - - ext_any = X509_get_ext_d2i(x, NID_inhibit_any_policy, &i, NULL); - - if (!ext_any) { - if (i != -1) - goto bad_cache; - } else if (!policy_cache_set_int(&cache->any_skip, ext_any)) - goto bad_cache; - goto just_cleanup; - - bad_cache: - x->ex_flags |= EXFLAG_INVALID_POLICY; - - just_cleanup: - POLICY_CONSTRAINTS_free(ext_pcons); - ASN1_INTEGER_free(ext_any); - return 1; - -} - -void ossl_policy_cache_free(X509_POLICY_CACHE *cache) -{ - if (!cache) - return; - ossl_policy_data_free(cache->anyPolicy); - sk_X509_POLICY_DATA_pop_free(cache->data, ossl_policy_data_free); - OPENSSL_free(cache); -} - -const X509_POLICY_CACHE *ossl_policy_cache_set(X509 *x) -{ - - if (x->policy_cache == NULL) { - if (!CRYPTO_THREAD_write_lock(x->lock)) - return NULL; - policy_cache_new(x); - CRYPTO_THREAD_unlock(x->lock); - } - - return x->policy_cache; - -} - -X509_POLICY_DATA *ossl_policy_cache_find_data(const X509_POLICY_CACHE *cache, - const ASN1_OBJECT *id) -{ - int idx; - X509_POLICY_DATA tmp; - tmp.valid_policy = (ASN1_OBJECT *)id; - idx = sk_X509_POLICY_DATA_find(cache->data, &tmp); - return sk_X509_POLICY_DATA_value(cache->data, idx); -} - -static int policy_data_cmp(const X509_POLICY_DATA *const *a, - const X509_POLICY_DATA *const *b) -{ - return OBJ_cmp((*a)->valid_policy, (*b)->valid_policy); -} - -static int policy_cache_set_int(long *out, ASN1_INTEGER *value) -{ - if (value == NULL) - return 1; - if (value->type == V_ASN1_NEG_INTEGER) - return 0; - *out = ASN1_INTEGER_get(value); - return 1; -} diff --git a/crypto/x509/pcy_data.c b/crypto/x509/pcy_data.c deleted file mode 100644 index 6fb8f14ba8e8101deb7aa6f45dd7646da7425298..0000000000000000000000000000000000000000 --- a/crypto/x509/pcy_data.c +++ /dev/null @@ -1,82 +0,0 @@ -/* - * Copyright 2004-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include "internal/cryptlib.h" -#include -#include - -#include "pcy_local.h" - -/* Policy Node routines */ - -void ossl_policy_data_free(X509_POLICY_DATA *data) -{ - if (data == NULL) - return; - ASN1_OBJECT_free(data->valid_policy); - /* Don't free qualifiers if shared */ - if (!(data->flags & POLICY_DATA_FLAG_SHARED_QUALIFIERS)) - sk_POLICYQUALINFO_pop_free(data->qualifier_set, POLICYQUALINFO_free); - sk_ASN1_OBJECT_pop_free(data->expected_policy_set, ASN1_OBJECT_free); - OPENSSL_free(data); -} - -/* - * Create a data based on an existing policy. If 'id' is NULL use the OID in - * the policy, otherwise use 'id'. This behaviour covers the two types of - * data in RFC3280: data with from a CertificatePolicies extension and - * additional data with just the qualifiers of anyPolicy and ID from another - * source. - */ - -X509_POLICY_DATA *ossl_policy_data_new(POLICYINFO *policy, - const ASN1_OBJECT *cid, int crit) -{ - X509_POLICY_DATA *ret; - ASN1_OBJECT *id; - - if (policy == NULL && cid == NULL) - return NULL; - if (cid) { - id = OBJ_dup(cid); - if (id == NULL) - return NULL; - } else - id = NULL; - ret = OPENSSL_zalloc(sizeof(*ret)); - if (ret == NULL) { - ASN1_OBJECT_free(id); - ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); - return NULL; - } - ret->expected_policy_set = sk_ASN1_OBJECT_new_null(); - if (ret->expected_policy_set == NULL) { - OPENSSL_free(ret); - ASN1_OBJECT_free(id); - ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); - return NULL; - } - - if (crit) - ret->flags = POLICY_DATA_FLAG_CRITICAL; - - if (id) - ret->valid_policy = id; - else { - ret->valid_policy = policy->policyid; - policy->policyid = NULL; - } - - if (policy) { - ret->qualifier_set = policy->qualifiers; - policy->qualifiers = NULL; - } - - return ret; -} diff --git a/crypto/x509/pcy_lib.c b/crypto/x509/pcy_lib.c deleted file mode 100644 index c4740a0a30c57d6fdcb16e7c6aee0a95da7ca7a0..0000000000000000000000000000000000000000 --- a/crypto/x509/pcy_lib.c +++ /dev/null @@ -1,108 +0,0 @@ -/* - * Copyright 2004-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include "internal/cryptlib.h" -#include -#include - -#include "pcy_local.h" - -/* accessor functions */ - -/* X509_POLICY_TREE stuff */ - -int X509_policy_tree_level_count(const X509_POLICY_TREE *tree) -{ - if (!tree) - return 0; - return tree->nlevel; -} - -X509_POLICY_LEVEL *X509_policy_tree_get0_level(const X509_POLICY_TREE *tree, - int i) -{ - if (!tree || (i < 0) || (i >= tree->nlevel)) - return NULL; - return tree->levels + i; -} - -STACK_OF(X509_POLICY_NODE) *X509_policy_tree_get0_policies(const - X509_POLICY_TREE - *tree) -{ - if (!tree) - return NULL; - return tree->auth_policies; -} - -STACK_OF(X509_POLICY_NODE) *X509_policy_tree_get0_user_policies(const - X509_POLICY_TREE - *tree) -{ - if (!tree) - return NULL; - if (tree->flags & POLICY_FLAG_ANY_POLICY) - return tree->auth_policies; - else - return tree->user_policies; -} - -/* X509_POLICY_LEVEL stuff */ - -int X509_policy_level_node_count(X509_POLICY_LEVEL *level) -{ - int n; - if (!level) - return 0; - if (level->anyPolicy) - n = 1; - else - n = 0; - if (level->nodes) - n += sk_X509_POLICY_NODE_num(level->nodes); - return n; -} - -X509_POLICY_NODE *X509_policy_level_get0_node(const X509_POLICY_LEVEL *level, int i) -{ - if (!level) - return NULL; - if (level->anyPolicy) { - if (i == 0) - return level->anyPolicy; - i--; - } - return sk_X509_POLICY_NODE_value(level->nodes, i); -} - -/* X509_POLICY_NODE stuff */ - -const ASN1_OBJECT *X509_policy_node_get0_policy(const X509_POLICY_NODE *node) -{ - if (!node) - return NULL; - return node->data->valid_policy; -} - -STACK_OF(POLICYQUALINFO) *X509_policy_node_get0_qualifiers(const - X509_POLICY_NODE - *node) -{ - if (!node) - return NULL; - return node->data->qualifier_set; -} - -const X509_POLICY_NODE *X509_policy_node_get0_parent(const X509_POLICY_NODE - *node) -{ - if (!node) - return NULL; - return node->parent; -} diff --git a/crypto/x509/standard_exts.h b/crypto/x509/standard_exts.h deleted file mode 100644 index 27a99a4b13ed7ec1f1aaa069c14fd3510d18e67c..0000000000000000000000000000000000000000 --- a/crypto/x509/standard_exts.h +++ /dev/null @@ -1,80 +0,0 @@ -/* - * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * This table will be searched using OBJ_bsearch so it *must* kept in order - * of the ext_nid values. - */ - -static const X509V3_EXT_METHOD *standard_exts[] = { - &ossl_v3_nscert, - &ossl_v3_ns_ia5_list[0], - &ossl_v3_ns_ia5_list[1], - &ossl_v3_ns_ia5_list[2], - &ossl_v3_ns_ia5_list[3], - &ossl_v3_ns_ia5_list[4], - &ossl_v3_ns_ia5_list[5], - &ossl_v3_ns_ia5_list[6], - &ossl_v3_skey_id, - &ossl_v3_key_usage, - &ossl_v3_pkey_usage_period, - &ossl_v3_alt[0], - &ossl_v3_alt[1], - &ossl_v3_bcons, - &ossl_v3_crl_num, - &ossl_v3_cpols, - &ossl_v3_akey_id, - &ossl_v3_crld, - &ossl_v3_ext_ku, - &ossl_v3_delta_crl, - &ossl_v3_crl_reason, -#ifndef OPENSSL_NO_OCSP - &ossl_v3_crl_invdate, -#endif - &ossl_v3_sxnet, - &ossl_v3_info, -#ifndef OPENSSL_NO_RFC3779 - &ossl_v3_addr, - &ossl_v3_asid, -#endif -#ifndef OPENSSL_NO_OCSP - &ossl_v3_ocsp_nonce, - &ossl_v3_ocsp_crlid, - &ossl_v3_ocsp_accresp, - &ossl_v3_ocsp_nocheck, - &ossl_v3_ocsp_acutoff, - &ossl_v3_ocsp_serviceloc, -#endif - &ossl_v3_sinfo, - &ossl_v3_policy_constraints, -#ifndef OPENSSL_NO_OCSP - &ossl_v3_crl_hold, -#endif - &ossl_v3_pci, - &ossl_v3_name_constraints, - &ossl_v3_policy_mappings, - &ossl_v3_inhibit_anyp, - &ossl_v3_idp, - &ossl_v3_alt[2], - &ossl_v3_freshest_crl, -#ifndef OPENSSL_NO_CT - &ossl_v3_ct_scts[0], - &ossl_v3_ct_scts[1], - &ossl_v3_ct_scts[2], -#endif - &ossl_v3_utf8_list[0], - &ossl_v3_issuer_sign_tool, - &ossl_v3_tls_feature, - &ossl_v3_ext_admission -}; - -/* Number of standard extensions */ - -#define STANDARD_EXTENSION_COUNT OSSL_NELEM(standard_exts) - diff --git a/crypto/x509/t_crl.c b/crypto/x509/t_crl.c deleted file mode 100644 index e77a77978a831668f3034c31b53ca5f2d12abb3e..0000000000000000000000000000000000000000 --- a/crypto/x509/t_crl.c +++ /dev/null @@ -1,94 +0,0 @@ -/* - * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/cryptlib.h" -#include -#include -#include -#include -#include - -#ifndef OPENSSL_NO_STDIO -int X509_CRL_print_fp(FILE *fp, X509_CRL *x) -{ - BIO *b; - int ret; - - if ((b = BIO_new(BIO_s_file())) == NULL) { - ERR_raise(ERR_LIB_X509, ERR_R_BUF_LIB); - return 0; - } - BIO_set_fp(b, fp, BIO_NOCLOSE); - ret = X509_CRL_print(b, x); - BIO_free(b); - return ret; -} -#endif - -int X509_CRL_print(BIO *out, X509_CRL *x) -{ - return X509_CRL_print_ex(out, x, XN_FLAG_COMPAT); -} - -int X509_CRL_print_ex(BIO *out, X509_CRL *x, unsigned long nmflag) -{ - STACK_OF(X509_REVOKED) *rev; - X509_REVOKED *r; - const X509_ALGOR *sig_alg; - const ASN1_BIT_STRING *sig; - long l; - int i; - - BIO_printf(out, "Certificate Revocation List (CRL):\n"); - l = X509_CRL_get_version(x); - if (l >= X509_CRL_VERSION_1 && l <= X509_CRL_VERSION_2) - BIO_printf(out, "%8sVersion %ld (0x%lx)\n", "", l + 1, (unsigned long)l); - else - BIO_printf(out, "%8sVersion unknown (%ld)\n", "", l); - X509_CRL_get0_signature(x, &sig, &sig_alg); - BIO_puts(out, " "); - X509_signature_print(out, sig_alg, NULL); - BIO_printf(out, "%8sIssuer: ", ""); - X509_NAME_print_ex(out, X509_CRL_get_issuer(x), 0, nmflag); - BIO_puts(out, "\n"); - BIO_printf(out, "%8sLast Update: ", ""); - ASN1_TIME_print(out, X509_CRL_get0_lastUpdate(x)); - BIO_printf(out, "\n%8sNext Update: ", ""); - if (X509_CRL_get0_nextUpdate(x)) - ASN1_TIME_print(out, X509_CRL_get0_nextUpdate(x)); - else - BIO_printf(out, "NONE"); - BIO_printf(out, "\n"); - - X509V3_extensions_print(out, "CRL extensions", - X509_CRL_get0_extensions(x), 0, 8); - - rev = X509_CRL_get_REVOKED(x); - - if (sk_X509_REVOKED_num(rev) > 0) - BIO_printf(out, "Revoked Certificates:\n"); - else - BIO_printf(out, "No Revoked Certificates.\n"); - - for (i = 0; i < sk_X509_REVOKED_num(rev); i++) { - r = sk_X509_REVOKED_value(rev, i); - BIO_printf(out, " Serial Number: "); - i2a_ASN1_INTEGER(out, X509_REVOKED_get0_serialNumber(r)); - BIO_printf(out, "\n Revocation Date: "); - ASN1_TIME_print(out, X509_REVOKED_get0_revocationDate(r)); - BIO_printf(out, "\n"); - X509V3_extensions_print(out, "CRL entry extensions", - X509_REVOKED_get0_extensions(r), 0, 8); - } - X509_signature_print(out, sig_alg, sig); - - return 1; - -} diff --git a/crypto/x509/t_req.c b/crypto/x509/t_req.c deleted file mode 100644 index 095c16510099922c2ed94bf2344ca965d9367d2c..0000000000000000000000000000000000000000 --- a/crypto/x509/t_req.c +++ /dev/null @@ -1,214 +0,0 @@ -/* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/cryptlib.h" -#include -#include -#include -#include -#include -#include -#include - -#ifndef OPENSSL_NO_STDIO -int X509_REQ_print_fp(FILE *fp, X509_REQ *x) -{ - BIO *b; - int ret; - - if ((b = BIO_new(BIO_s_file())) == NULL) { - ERR_raise(ERR_LIB_X509, ERR_R_BUF_LIB); - return 0; - } - BIO_set_fp(b, fp, BIO_NOCLOSE); - ret = X509_REQ_print(b, x); - BIO_free(b); - return ret; -} -#endif - -int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags, - unsigned long cflag) -{ - long l; - int i; - EVP_PKEY *pkey; - STACK_OF(X509_EXTENSION) *exts; - char mlch = ' '; - int nmindent = 0; - - if ((nmflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) { - mlch = '\n'; - nmindent = 12; - } - - if (nmflags == X509_FLAG_COMPAT) - nmindent = 16; - - if (!(cflag & X509_FLAG_NO_HEADER)) { - if (BIO_write(bp, "Certificate Request:\n", 21) <= 0) - goto err; - if (BIO_write(bp, " Data:\n", 10) <= 0) - goto err; - } - if (!(cflag & X509_FLAG_NO_VERSION)) { - l = X509_REQ_get_version(x); - if (l == X509_REQ_VERSION_1) { - if (BIO_printf(bp, "%8sVersion: %ld (0x%lx)\n", "", l + 1, (unsigned long)l) <= 0) - goto err; - } else { - if (BIO_printf(bp, "%8sVersion: Unknown (%ld)\n", "", l) <= 0) - goto err; - } - } - if (!(cflag & X509_FLAG_NO_SUBJECT)) { - if (BIO_printf(bp, " Subject:%c", mlch) <= 0) - goto err; - if (X509_NAME_print_ex(bp, X509_REQ_get_subject_name(x), - nmindent, nmflags) < 0) - goto err; - if (BIO_write(bp, "\n", 1) <= 0) - goto err; - } - if (!(cflag & X509_FLAG_NO_PUBKEY)) { - X509_PUBKEY *xpkey; - ASN1_OBJECT *koid; - if (BIO_write(bp, " Subject Public Key Info:\n", 33) <= 0) - goto err; - if (BIO_printf(bp, "%12sPublic Key Algorithm: ", "") <= 0) - goto err; - xpkey = X509_REQ_get_X509_PUBKEY(x); - X509_PUBKEY_get0_param(&koid, NULL, NULL, NULL, xpkey); - if (i2a_ASN1_OBJECT(bp, koid) <= 0) - goto err; - if (BIO_puts(bp, "\n") <= 0) - goto err; - - pkey = X509_REQ_get0_pubkey(x); - if (pkey == NULL) { - if (BIO_printf(bp, "%12sUnable to load Public Key\n", "") <= 0) - goto err; - ERR_print_errors(bp); - } else { - if (EVP_PKEY_print_public(bp, pkey, 16, NULL) <= 0) - goto err; - } - } - - if (!(cflag & X509_FLAG_NO_ATTRIBUTES)) { - /* may not be */ - if (BIO_printf(bp, "%8sAttributes:\n", "") <= 0) - goto err; - - if (X509_REQ_get_attr_count(x) == 0) { - if (BIO_printf(bp, "%12s(none)\n", "") <= 0) - goto err; - } else { - for (i = 0; i < X509_REQ_get_attr_count(x); i++) { - ASN1_TYPE *at; - X509_ATTRIBUTE *a; - ASN1_BIT_STRING *bs = NULL; - ASN1_OBJECT *aobj; - int j, type = 0, count = 1, ii = 0; - - a = X509_REQ_get_attr(x, i); - aobj = X509_ATTRIBUTE_get0_object(a); - if (X509_REQ_extension_nid(OBJ_obj2nid(aobj))) - continue; - if (BIO_printf(bp, "%12s", "") <= 0) - goto err; - if ((j = i2a_ASN1_OBJECT(bp, aobj)) > 0) { - ii = 0; - count = X509_ATTRIBUTE_count(a); - if (count == 0) { - ERR_raise(ERR_LIB_X509, X509_R_INVALID_ATTRIBUTES); - return 0; - } - get_next: - at = X509_ATTRIBUTE_get0_type(a, ii); - type = at->type; - bs = at->value.asn1_string; - } - for (j = 25 - j; j > 0; j--) - if (BIO_write(bp, " ", 1) != 1) - goto err; - if (BIO_puts(bp, ":") <= 0) - goto err; - switch (type) { - case V_ASN1_PRINTABLESTRING: - case V_ASN1_T61STRING: - case V_ASN1_NUMERICSTRING: - case V_ASN1_UTF8STRING: - case V_ASN1_IA5STRING: - if (BIO_write(bp, (char *)bs->data, bs->length) - != bs->length) - goto err; - if (BIO_puts(bp, "\n") <= 0) - goto err; - break; - default: - if (BIO_puts(bp, "unable to print attribute\n") <= 0) - goto err; - break; - } - if (++ii < count) - goto get_next; - } - } - } - if (!(cflag & X509_FLAG_NO_EXTENSIONS)) { - exts = X509_REQ_get_extensions(x); - if (exts) { - if (BIO_printf(bp, "%12sRequested Extensions:\n", "") <= 0) - goto err; - for (i = 0; i < sk_X509_EXTENSION_num(exts); i++) { - ASN1_OBJECT *obj; - X509_EXTENSION *ex; - int critical; - ex = sk_X509_EXTENSION_value(exts, i); - if (BIO_printf(bp, "%16s", "") <= 0) - goto err; - obj = X509_EXTENSION_get_object(ex); - if (i2a_ASN1_OBJECT(bp, obj) <= 0) - goto err; - critical = X509_EXTENSION_get_critical(ex); - if (BIO_printf(bp, ": %s\n", critical ? "critical" : "") <= 0) - goto err; - if (!X509V3_EXT_print(bp, ex, cflag, 20)) { - if (BIO_printf(bp, "%20s", "") <= 0 - || ASN1_STRING_print(bp, - X509_EXTENSION_get_data(ex)) <= 0) - goto err; - } - if (BIO_write(bp, "\n", 1) <= 0) - goto err; - } - sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free); - } - } - - if (!(cflag & X509_FLAG_NO_SIGDUMP)) { - const X509_ALGOR *sig_alg; - const ASN1_BIT_STRING *sig; - X509_REQ_get0_signature(x, &sig, &sig_alg); - if (!X509_signature_print(bp, sig_alg, sig)) - goto err; - } - - return 1; - err: - ERR_raise(ERR_LIB_X509, ERR_R_BUF_LIB); - return 0; -} - -int X509_REQ_print(BIO *bp, X509_REQ *x) -{ - return X509_REQ_print_ex(bp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT); -} diff --git a/crypto/x509/t_x509.c b/crypto/x509/t_x509.c deleted file mode 100644 index 95ee5f519fdddca24672cc2c36f8c77d7ea8f3c5..0000000000000000000000000000000000000000 --- a/crypto/x509/t_x509.c +++ /dev/null @@ -1,529 +0,0 @@ -/* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/cryptlib.h" -#include -#include -#include -#include -#include -#include "crypto/asn1.h" -#include "crypto/x509.h" - -#ifndef OPENSSL_NO_STDIO -int X509_print_fp(FILE *fp, X509 *x) -{ - return X509_print_ex_fp(fp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT); -} - -int X509_print_ex_fp(FILE *fp, X509 *x, unsigned long nmflag, - unsigned long cflag) -{ - BIO *b; - int ret; - - if ((b = BIO_new(BIO_s_file())) == NULL) { - ERR_raise(ERR_LIB_X509, ERR_R_BUF_LIB); - return 0; - } - BIO_set_fp(b, fp, BIO_NOCLOSE); - ret = X509_print_ex(b, x, nmflag, cflag); - BIO_free(b); - return ret; -} -#endif - -int X509_print(BIO *bp, X509 *x) -{ - return X509_print_ex(bp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT); -} - -int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, - unsigned long cflag) -{ - long l; - int ret = 0, i; - char *m = NULL, mlch = ' '; - int nmindent = 0, printok = 0; - EVP_PKEY *pkey = NULL; - const char *neg; - - if ((nmflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) { - mlch = '\n'; - nmindent = 12; - } - - if (nmflags == X509_FLAG_COMPAT) { - nmindent = 16; - printok = 1; - } - - if (!(cflag & X509_FLAG_NO_HEADER)) { - if (BIO_write(bp, "Certificate:\n", 13) <= 0) - goto err; - if (BIO_write(bp, " Data:\n", 10) <= 0) - goto err; - } - if (!(cflag & X509_FLAG_NO_VERSION)) { - l = X509_get_version(x); - if (l >= X509_VERSION_1 && l <= X509_VERSION_3) { - if (BIO_printf(bp, "%8sVersion: %ld (0x%lx)\n", "", l + 1, (unsigned long)l) <= 0) - goto err; - } else { - if (BIO_printf(bp, "%8sVersion: Unknown (%ld)\n", "", l) <= 0) - goto err; - } - } - if (!(cflag & X509_FLAG_NO_SERIAL)) { - const ASN1_INTEGER *bs = X509_get0_serialNumber(x); - - if (BIO_write(bp, " Serial Number:", 22) <= 0) - goto err; - - if (bs->length <= (int)sizeof(long)) { - ERR_set_mark(); - l = ASN1_INTEGER_get(bs); - ERR_pop_to_mark(); - } else { - l = -1; - } - if (l != -1) { - unsigned long ul; - if (bs->type == V_ASN1_NEG_INTEGER) { - ul = 0 - (unsigned long)l; - neg = "-"; - } else { - ul = l; - neg = ""; - } - if (BIO_printf(bp, " %s%lu (%s0x%lx)\n", neg, ul, neg, ul) <= 0) - goto err; - } else { - neg = (bs->type == V_ASN1_NEG_INTEGER) ? " (Negative)" : ""; - if (BIO_printf(bp, "\n%12s%s", "", neg) <= 0) - goto err; - - for (i = 0; i < bs->length; i++) { - if (BIO_printf(bp, "%02x%c", bs->data[i], - ((i + 1 == bs->length) ? '\n' : ':')) <= 0) - goto err; - } - } - - } - - if (!(cflag & X509_FLAG_NO_SIGNAME)) { - const X509_ALGOR *tsig_alg = X509_get0_tbs_sigalg(x); - - if (BIO_puts(bp, " ") <= 0) - goto err; - if (X509_signature_print(bp, tsig_alg, NULL) <= 0) - goto err; - } - - if (!(cflag & X509_FLAG_NO_ISSUER)) { - if (BIO_printf(bp, " Issuer:%c", mlch) <= 0) - goto err; - if (X509_NAME_print_ex(bp, X509_get_issuer_name(x), nmindent, nmflags) - < printok) - goto err; - if (BIO_write(bp, "\n", 1) <= 0) - goto err; - } - if (!(cflag & X509_FLAG_NO_VALIDITY)) { - if (BIO_write(bp, " Validity\n", 17) <= 0) - goto err; - if (BIO_write(bp, " Not Before: ", 24) <= 0) - goto err; - if (ossl_asn1_time_print_ex(bp, X509_get0_notBefore(x), ASN1_DTFLGS_RFC822) == 0) - goto err; - if (BIO_write(bp, "\n Not After : ", 25) <= 0) - goto err; - if (ossl_asn1_time_print_ex(bp, X509_get0_notAfter(x), ASN1_DTFLGS_RFC822) == 0) - goto err; - if (BIO_write(bp, "\n", 1) <= 0) - goto err; - } - if (!(cflag & X509_FLAG_NO_SUBJECT)) { - if (BIO_printf(bp, " Subject:%c", mlch) <= 0) - goto err; - if (X509_NAME_print_ex - (bp, X509_get_subject_name(x), nmindent, nmflags) < printok) - goto err; - if (BIO_write(bp, "\n", 1) <= 0) - goto err; - } - if (!(cflag & X509_FLAG_NO_PUBKEY)) { - X509_PUBKEY *xpkey = X509_get_X509_PUBKEY(x); - ASN1_OBJECT *xpoid; - X509_PUBKEY_get0_param(&xpoid, NULL, NULL, NULL, xpkey); - if (BIO_write(bp, " Subject Public Key Info:\n", 33) <= 0) - goto err; - if (BIO_printf(bp, "%12sPublic Key Algorithm: ", "") <= 0) - goto err; - if (i2a_ASN1_OBJECT(bp, xpoid) <= 0) - goto err; - if (BIO_puts(bp, "\n") <= 0) - goto err; - - pkey = X509_get0_pubkey(x); - if (pkey == NULL) { - BIO_printf(bp, "%12sUnable to load Public Key\n", ""); - ERR_print_errors(bp); - } else { - EVP_PKEY_print_public(bp, pkey, 16, NULL); - } - } - - if (!(cflag & X509_FLAG_NO_IDS)) { - const ASN1_BIT_STRING *iuid, *suid; - X509_get0_uids(x, &iuid, &suid); - if (iuid != NULL) { - if (BIO_printf(bp, "%8sIssuer Unique ID: ", "") <= 0) - goto err; - if (!X509_signature_dump(bp, iuid, 12)) - goto err; - } - if (suid != NULL) { - if (BIO_printf(bp, "%8sSubject Unique ID: ", "") <= 0) - goto err; - if (!X509_signature_dump(bp, suid, 12)) - goto err; - } - } - - if (!(cflag & X509_FLAG_NO_EXTENSIONS) - && !X509V3_extensions_print(bp, "X509v3 extensions", - X509_get0_extensions(x), cflag, 8)) - goto err; - - if (!(cflag & X509_FLAG_NO_SIGDUMP)) { - const X509_ALGOR *sig_alg; - const ASN1_BIT_STRING *sig; - X509_get0_signature(&sig, &sig_alg, x); - if (X509_signature_print(bp, sig_alg, sig) <= 0) - goto err; - } - if (!(cflag & X509_FLAG_NO_AUX)) { - if (!X509_aux_print(bp, x, 0)) - goto err; - } - ret = 1; - err: - OPENSSL_free(m); - return ret; -} - -int X509_ocspid_print(BIO *bp, X509 *x) -{ - unsigned char *der = NULL; - unsigned char *dertmp; - int derlen; - int i; - unsigned char SHA1md[SHA_DIGEST_LENGTH]; - ASN1_BIT_STRING *keybstr; - const X509_NAME *subj; - EVP_MD *md = NULL; - - if (x == NULL || bp == NULL) - return 0; - /* - * display the hash of the subject as it would appear in OCSP requests - */ - if (BIO_printf(bp, " Subject OCSP hash: ") <= 0) - goto err; - subj = X509_get_subject_name(x); - derlen = i2d_X509_NAME(subj, NULL); - if (derlen <= 0) - goto err; - if ((der = dertmp = OPENSSL_malloc(derlen)) == NULL) - goto err; - i2d_X509_NAME(subj, &dertmp); - - md = EVP_MD_fetch(x->libctx, SN_sha1, x->propq); - if (md == NULL) - goto err; - if (!EVP_Digest(der, derlen, SHA1md, NULL, md, NULL)) - goto err; - for (i = 0; i < SHA_DIGEST_LENGTH; i++) { - if (BIO_printf(bp, "%02X", SHA1md[i]) <= 0) - goto err; - } - OPENSSL_free(der); - der = NULL; - - /* - * display the hash of the public key as it would appear in OCSP requests - */ - if (BIO_printf(bp, "\n Public key OCSP hash: ") <= 0) - goto err; - - keybstr = X509_get0_pubkey_bitstr(x); - - if (keybstr == NULL) - goto err; - - if (!EVP_Digest(ASN1_STRING_get0_data(keybstr), - ASN1_STRING_length(keybstr), SHA1md, NULL, md, NULL)) - goto err; - for (i = 0; i < SHA_DIGEST_LENGTH; i++) { - if (BIO_printf(bp, "%02X", SHA1md[i]) <= 0) - goto err; - } - BIO_printf(bp, "\n"); - EVP_MD_free(md); - - return 1; - err: - OPENSSL_free(der); - EVP_MD_free(md); - return 0; -} - -int X509_signature_dump(BIO *bp, const ASN1_STRING *sig, int indent) -{ - const unsigned char *s; - int i, n; - - n = sig->length; - s = sig->data; - for (i = 0; i < n; i++) { - if ((i % 18) == 0) { - if (i > 0 && BIO_write(bp, "\n", 1) <= 0) - return 0; - if (BIO_indent(bp, indent, indent) <= 0) - return 0; - } - if (BIO_printf(bp, "%02x%s", s[i], ((i + 1) == n) ? "" : ":") <= 0) - return 0; - } - if (BIO_write(bp, "\n", 1) != 1) - return 0; - - return 1; -} - -int X509_signature_print(BIO *bp, const X509_ALGOR *sigalg, - const ASN1_STRING *sig) -{ - int sig_nid; - int indent = 4; - if (BIO_printf(bp, "%*sSignature Algorithm: ", indent, "") <= 0) - return 0; - if (i2a_ASN1_OBJECT(bp, sigalg->algorithm) <= 0) - return 0; - - if (sig && BIO_printf(bp, "\n%*sSignature Value:", indent, "") <= 0) - return 0; - sig_nid = OBJ_obj2nid(sigalg->algorithm); - if (sig_nid != NID_undef) { - int pkey_nid, dig_nid; - const EVP_PKEY_ASN1_METHOD *ameth; - if (OBJ_find_sigid_algs(sig_nid, &dig_nid, &pkey_nid)) { - ameth = EVP_PKEY_asn1_find(NULL, pkey_nid); - if (ameth && ameth->sig_print) - return ameth->sig_print(bp, sigalg, sig, indent + 4, 0); - } - } - if (BIO_write(bp, "\n", 1) != 1) - return 0; - if (sig) - return X509_signature_dump(bp, sig, indent + 4); - return 1; -} - -int X509_aux_print(BIO *out, X509 *x, int indent) -{ - char oidstr[80], first; - STACK_OF(ASN1_OBJECT) *trust, *reject; - const unsigned char *alias, *keyid; - int keyidlen; - int i; - if (X509_trusted(x) == 0) - return 1; - trust = X509_get0_trust_objects(x); - reject = X509_get0_reject_objects(x); - if (trust) { - first = 1; - BIO_printf(out, "%*sTrusted Uses:\n%*s", indent, "", indent + 2, ""); - for (i = 0; i < sk_ASN1_OBJECT_num(trust); i++) { - if (!first) - BIO_puts(out, ", "); - else - first = 0; - OBJ_obj2txt(oidstr, sizeof(oidstr), - sk_ASN1_OBJECT_value(trust, i), 0); - BIO_puts(out, oidstr); - } - BIO_puts(out, "\n"); - } else - BIO_printf(out, "%*sNo Trusted Uses.\n", indent, ""); - if (reject) { - first = 1; - BIO_printf(out, "%*sRejected Uses:\n%*s", indent, "", indent + 2, ""); - for (i = 0; i < sk_ASN1_OBJECT_num(reject); i++) { - if (!first) - BIO_puts(out, ", "); - else - first = 0; - OBJ_obj2txt(oidstr, sizeof(oidstr), - sk_ASN1_OBJECT_value(reject, i), 0); - BIO_puts(out, oidstr); - } - BIO_puts(out, "\n"); - } else - BIO_printf(out, "%*sNo Rejected Uses.\n", indent, ""); - alias = X509_alias_get0(x, &i); - if (alias) - BIO_printf(out, "%*sAlias: %.*s\n", indent, "", i, alias); - keyid = X509_keyid_get0(x, &keyidlen); - if (keyid) { - BIO_printf(out, "%*sKey Id: ", indent, ""); - for (i = 0; i < keyidlen; i++) - BIO_printf(out, "%s%02X", i ? ":" : "", keyid[i]); - BIO_write(out, "\n", 1); - } - return 1; -} - -/* - * Helper functions for improving certificate verification error diagnostics - */ - -int ossl_x509_print_ex_brief(BIO *bio, X509 *cert, unsigned long neg_cflags) -{ - unsigned long flags = ASN1_STRFLGS_RFC2253 | ASN1_STRFLGS_ESC_QUOTE | - XN_FLAG_SEP_CPLUS_SPC | XN_FLAG_FN_SN; - - if (cert == NULL) - return BIO_printf(bio, " (no certificate)\n") > 0; - if (BIO_printf(bio, " certificate\n") <= 0 - || !X509_print_ex(bio, cert, flags, ~X509_FLAG_NO_SUBJECT)) - return 0; - if (X509_check_issued((X509 *)cert, cert) == X509_V_OK) { - if (BIO_printf(bio, " self-issued\n") <= 0) - return 0; - } else { - if (BIO_printf(bio, " ") <= 0 - || !X509_print_ex(bio, cert, flags, ~X509_FLAG_NO_ISSUER)) - return 0; - } - if (!X509_print_ex(bio, cert, flags, - ~(X509_FLAG_NO_SERIAL | X509_FLAG_NO_VALIDITY))) - return 0; - if (X509_cmp_current_time(X509_get0_notBefore(cert)) > 0) - if (BIO_printf(bio, " not yet valid\n") <= 0) - return 0; - if (X509_cmp_current_time(X509_get0_notAfter(cert)) < 0) - if (BIO_printf(bio, " no more valid\n") <= 0) - return 0; - return X509_print_ex(bio, cert, flags, - ~neg_cflags & ~X509_FLAG_EXTENSIONS_ONLY_KID); -} - -static int print_certs(BIO *bio, const STACK_OF(X509) *certs) -{ - int i; - - if (certs == NULL || sk_X509_num(certs) <= 0) - return BIO_printf(bio, " (no certificates)\n") >= 0; - - for (i = 0; i < sk_X509_num(certs); i++) { - X509 *cert = sk_X509_value(certs, i); - - if (cert != NULL) { - if (!ossl_x509_print_ex_brief(bio, cert, 0)) - return 0; - if (!X509V3_extensions_print(bio, NULL, - X509_get0_extensions(cert), - X509_FLAG_EXTENSIONS_ONLY_KID, 8)) - return 0; - } - } - return 1; -} - -static int print_store_certs(BIO *bio, X509_STORE *store) -{ - if (store != NULL) { - STACK_OF(X509) *certs = X509_STORE_get1_all_certs(store); - int ret = print_certs(bio, certs); - - sk_X509_pop_free(certs, X509_free); - return ret; - } else { - return BIO_printf(bio, " (no trusted store)\n") >= 0; - } -} - -/* Extend the error queue with details on a failed cert verification */ -int X509_STORE_CTX_print_verify_cb(int ok, X509_STORE_CTX *ctx) -{ - if (ok == 0 && ctx != NULL) { - int cert_error = X509_STORE_CTX_get_error(ctx); - BIO *bio = BIO_new(BIO_s_mem()); /* may be NULL */ - - BIO_printf(bio, "%s at depth = %d error = %d (%s)\n", - X509_STORE_CTX_get0_parent_ctx(ctx) != NULL - ? "CRL path validation" - : "Certificate verification", - X509_STORE_CTX_get_error_depth(ctx), - cert_error, X509_verify_cert_error_string(cert_error)); - { - X509_STORE *ts = X509_STORE_CTX_get0_store(ctx); - X509_VERIFY_PARAM *vpm = X509_STORE_get0_param(ts); - char *str; - int idx = 0; - - switch (cert_error) { - case X509_V_ERR_HOSTNAME_MISMATCH: - BIO_printf(bio, "Expected hostname(s) = "); - while ((str = X509_VERIFY_PARAM_get0_host(vpm, idx++)) != NULL) - BIO_printf(bio, "%s%s", idx == 1 ? "" : ", ", str); - BIO_printf(bio, "\n"); - break; - case X509_V_ERR_EMAIL_MISMATCH: - str = X509_VERIFY_PARAM_get0_email(vpm); - if (str != NULL) - BIO_printf(bio, "Expected email address = %s\n", str); - break; - case X509_V_ERR_IP_ADDRESS_MISMATCH: - str = X509_VERIFY_PARAM_get1_ip_asc(vpm); - if (str != NULL) - BIO_printf(bio, "Expected IP address = %s\n", str); - OPENSSL_free(str); - break; - default: - break; - } - } - - BIO_printf(bio, "Failure for:\n"); - ossl_x509_print_ex_brief(bio, X509_STORE_CTX_get_current_cert(ctx), - X509_FLAG_NO_EXTENSIONS); - if (cert_error == X509_V_ERR_CERT_UNTRUSTED - || cert_error == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT - || cert_error == X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN - || cert_error == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT - || cert_error == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY - || cert_error == X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER - || cert_error == X509_V_ERR_STORE_LOOKUP) { - BIO_printf(bio, "Non-trusted certs:\n"); - print_certs(bio, X509_STORE_CTX_get0_untrusted(ctx)); - BIO_printf(bio, "Certs in trust store:\n"); - print_store_certs(bio, X509_STORE_CTX_get0_store(ctx)); - } - ERR_raise(ERR_LIB_X509, X509_R_CERTIFICATE_VERIFICATION_FAILED); - ERR_add_error_mem_bio("\n", bio); - BIO_free(bio); - } - - return ok; -} diff --git a/crypto/x509/v3_addr.c b/crypto/x509/v3_addr.c deleted file mode 100644 index 3fc5f3d620159cbcb2de44eeaff1a2ecc5cd37a4..0000000000000000000000000000000000000000 --- a/crypto/x509/v3_addr.c +++ /dev/null @@ -1,1325 +0,0 @@ -/* - * Copyright 2006-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * Implementation of RFC 3779 section 2.2. - */ - -#include -#include -#include -#include - -#include "internal/cryptlib.h" -#include -#include -#include -#include -#include -#include "crypto/x509.h" -#include "ext_dat.h" -#include "x509_local.h" - -#ifndef OPENSSL_NO_RFC3779 - -/* - * OpenSSL ASN.1 template translation of RFC 3779 2.2.3. - */ - -ASN1_SEQUENCE(IPAddressRange) = { - ASN1_SIMPLE(IPAddressRange, min, ASN1_BIT_STRING), - ASN1_SIMPLE(IPAddressRange, max, ASN1_BIT_STRING) -} ASN1_SEQUENCE_END(IPAddressRange) - -ASN1_CHOICE(IPAddressOrRange) = { - ASN1_SIMPLE(IPAddressOrRange, u.addressPrefix, ASN1_BIT_STRING), - ASN1_SIMPLE(IPAddressOrRange, u.addressRange, IPAddressRange) -} ASN1_CHOICE_END(IPAddressOrRange) - -ASN1_CHOICE(IPAddressChoice) = { - ASN1_SIMPLE(IPAddressChoice, u.inherit, ASN1_NULL), - ASN1_SEQUENCE_OF(IPAddressChoice, u.addressesOrRanges, IPAddressOrRange) -} ASN1_CHOICE_END(IPAddressChoice) - -ASN1_SEQUENCE(IPAddressFamily) = { - ASN1_SIMPLE(IPAddressFamily, addressFamily, ASN1_OCTET_STRING), - ASN1_SIMPLE(IPAddressFamily, ipAddressChoice, IPAddressChoice) -} ASN1_SEQUENCE_END(IPAddressFamily) - -ASN1_ITEM_TEMPLATE(IPAddrBlocks) = - ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, - IPAddrBlocks, IPAddressFamily) -static_ASN1_ITEM_TEMPLATE_END(IPAddrBlocks) - -IMPLEMENT_ASN1_FUNCTIONS(IPAddressRange) -IMPLEMENT_ASN1_FUNCTIONS(IPAddressOrRange) -IMPLEMENT_ASN1_FUNCTIONS(IPAddressChoice) -IMPLEMENT_ASN1_FUNCTIONS(IPAddressFamily) - -/* - * How much buffer space do we need for a raw address? - */ -#define ADDR_RAW_BUF_LEN 16 - -/* - * What's the address length associated with this AFI? - */ -static int length_from_afi(const unsigned afi) -{ - switch (afi) { - case IANA_AFI_IPV4: - return 4; - case IANA_AFI_IPV6: - return 16; - default: - return 0; - } -} - -/* - * Extract the AFI from an IPAddressFamily. - */ -unsigned int X509v3_addr_get_afi(const IPAddressFamily *f) -{ - if (f == NULL - || f->addressFamily == NULL - || f->addressFamily->data == NULL - || f->addressFamily->length < 2) - return 0; - return (f->addressFamily->data[0] << 8) | f->addressFamily->data[1]; -} - -/* - * Expand the bitstring form of an address into a raw byte array. - * At the moment this is coded for simplicity, not speed. - */ -static int addr_expand(unsigned char *addr, - const ASN1_BIT_STRING *bs, - const int length, const unsigned char fill) -{ - if (bs->length < 0 || bs->length > length) - return 0; - if (bs->length > 0) { - memcpy(addr, bs->data, bs->length); - if ((bs->flags & 7) != 0) { - unsigned char mask = 0xFF >> (8 - (bs->flags & 7)); - if (fill == 0) - addr[bs->length - 1] &= ~mask; - else - addr[bs->length - 1] |= mask; - } - } - memset(addr + bs->length, fill, length - bs->length); - return 1; -} - -/* - * Extract the prefix length from a bitstring. - */ -#define addr_prefixlen(bs) ((int) ((bs)->length * 8 - ((bs)->flags & 7))) - -/* - * i2r handler for one address bitstring. - */ -static int i2r_address(BIO *out, - const unsigned afi, - const unsigned char fill, const ASN1_BIT_STRING *bs) -{ - unsigned char addr[ADDR_RAW_BUF_LEN]; - int i, n; - - if (bs->length < 0) - return 0; - switch (afi) { - case IANA_AFI_IPV4: - if (!addr_expand(addr, bs, 4, fill)) - return 0; - BIO_printf(out, "%d.%d.%d.%d", addr[0], addr[1], addr[2], addr[3]); - break; - case IANA_AFI_IPV6: - if (!addr_expand(addr, bs, 16, fill)) - return 0; - for (n = 16; n > 1 && addr[n - 1] == 0x00 && addr[n - 2] == 0x00; - n -= 2) ; - for (i = 0; i < n; i += 2) - BIO_printf(out, "%x%s", (addr[i] << 8) | addr[i + 1], - (i < 14 ? ":" : "")); - if (i < 16) - BIO_puts(out, ":"); - if (i == 0) - BIO_puts(out, ":"); - break; - default: - for (i = 0; i < bs->length; i++) - BIO_printf(out, "%s%02x", (i > 0 ? ":" : ""), bs->data[i]); - BIO_printf(out, "[%d]", (int)(bs->flags & 7)); - break; - } - return 1; -} - -/* - * i2r handler for a sequence of addresses and ranges. - */ -static int i2r_IPAddressOrRanges(BIO *out, - const int indent, - const IPAddressOrRanges *aors, - const unsigned afi) -{ - int i; - for (i = 0; i < sk_IPAddressOrRange_num(aors); i++) { - const IPAddressOrRange *aor = sk_IPAddressOrRange_value(aors, i); - BIO_printf(out, "%*s", indent, ""); - switch (aor->type) { - case IPAddressOrRange_addressPrefix: - if (!i2r_address(out, afi, 0x00, aor->u.addressPrefix)) - return 0; - BIO_printf(out, "/%d\n", addr_prefixlen(aor->u.addressPrefix)); - continue; - case IPAddressOrRange_addressRange: - if (!i2r_address(out, afi, 0x00, aor->u.addressRange->min)) - return 0; - BIO_puts(out, "-"); - if (!i2r_address(out, afi, 0xFF, aor->u.addressRange->max)) - return 0; - BIO_puts(out, "\n"); - continue; - } - } - return 1; -} - -/* - * i2r handler for an IPAddrBlocks extension. - */ -static int i2r_IPAddrBlocks(const X509V3_EXT_METHOD *method, - void *ext, BIO *out, int indent) -{ - const IPAddrBlocks *addr = ext; - int i; - for (i = 0; i < sk_IPAddressFamily_num(addr); i++) { - IPAddressFamily *f = sk_IPAddressFamily_value(addr, i); - const unsigned int afi = X509v3_addr_get_afi(f); - switch (afi) { - case IANA_AFI_IPV4: - BIO_printf(out, "%*sIPv4", indent, ""); - break; - case IANA_AFI_IPV6: - BIO_printf(out, "%*sIPv6", indent, ""); - break; - default: - BIO_printf(out, "%*sUnknown AFI %u", indent, "", afi); - break; - } - if (f->addressFamily->length > 2) { - switch (f->addressFamily->data[2]) { - case 1: - BIO_puts(out, " (Unicast)"); - break; - case 2: - BIO_puts(out, " (Multicast)"); - break; - case 3: - BIO_puts(out, " (Unicast/Multicast)"); - break; - case 4: - BIO_puts(out, " (MPLS)"); - break; - case 64: - BIO_puts(out, " (Tunnel)"); - break; - case 65: - BIO_puts(out, " (VPLS)"); - break; - case 66: - BIO_puts(out, " (BGP MDT)"); - break; - case 128: - BIO_puts(out, " (MPLS-labeled VPN)"); - break; - default: - BIO_printf(out, " (Unknown SAFI %u)", - (unsigned)f->addressFamily->data[2]); - break; - } - } - switch (f->ipAddressChoice->type) { - case IPAddressChoice_inherit: - BIO_puts(out, ": inherit\n"); - break; - case IPAddressChoice_addressesOrRanges: - BIO_puts(out, ":\n"); - if (!i2r_IPAddressOrRanges(out, - indent + 2, - f->ipAddressChoice-> - u.addressesOrRanges, afi)) - return 0; - break; - } - } - return 1; -} - -/* - * Sort comparison function for a sequence of IPAddressOrRange - * elements. - * - * There's no sane answer we can give if addr_expand() fails, and an - * assertion failure on externally supplied data is seriously uncool, - * so we just arbitrarily declare that if given invalid inputs this - * function returns -1. If this messes up your preferred sort order - * for garbage input, tough noogies. - */ -static int IPAddressOrRange_cmp(const IPAddressOrRange *a, - const IPAddressOrRange *b, const int length) -{ - unsigned char addr_a[ADDR_RAW_BUF_LEN], addr_b[ADDR_RAW_BUF_LEN]; - int prefixlen_a = 0, prefixlen_b = 0; - int r; - - switch (a->type) { - case IPAddressOrRange_addressPrefix: - if (!addr_expand(addr_a, a->u.addressPrefix, length, 0x00)) - return -1; - prefixlen_a = addr_prefixlen(a->u.addressPrefix); - break; - case IPAddressOrRange_addressRange: - if (!addr_expand(addr_a, a->u.addressRange->min, length, 0x00)) - return -1; - prefixlen_a = length * 8; - break; - } - - switch (b->type) { - case IPAddressOrRange_addressPrefix: - if (!addr_expand(addr_b, b->u.addressPrefix, length, 0x00)) - return -1; - prefixlen_b = addr_prefixlen(b->u.addressPrefix); - break; - case IPAddressOrRange_addressRange: - if (!addr_expand(addr_b, b->u.addressRange->min, length, 0x00)) - return -1; - prefixlen_b = length * 8; - break; - } - - if ((r = memcmp(addr_a, addr_b, length)) != 0) - return r; - else - return prefixlen_a - prefixlen_b; -} - -/* - * IPv4-specific closure over IPAddressOrRange_cmp, since sk_sort() - * comparison routines are only allowed two arguments. - */ -static int v4IPAddressOrRange_cmp(const IPAddressOrRange *const *a, - const IPAddressOrRange *const *b) -{ - return IPAddressOrRange_cmp(*a, *b, 4); -} - -/* - * IPv6-specific closure over IPAddressOrRange_cmp, since sk_sort() - * comparison routines are only allowed two arguments. - */ -static int v6IPAddressOrRange_cmp(const IPAddressOrRange *const *a, - const IPAddressOrRange *const *b) -{ - return IPAddressOrRange_cmp(*a, *b, 16); -} - -/* - * Calculate whether a range collapses to a prefix. - * See last paragraph of RFC 3779 2.2.3.7. - */ -static int range_should_be_prefix(const unsigned char *min, - const unsigned char *max, const int length) -{ - unsigned char mask; - int i, j; - - /* - * It is the responsibility of the caller to confirm min <= max. We don't - * use ossl_assert() here since we have no way of signalling an error from - * this function - so we just use a plain assert instead. - */ - assert(memcmp(min, max, length) <= 0); - - for (i = 0; i < length && min[i] == max[i]; i++) ; - for (j = length - 1; j >= 0 && min[j] == 0x00 && max[j] == 0xFF; j--) ; - if (i < j) - return -1; - if (i > j) - return i * 8; - mask = min[i] ^ max[i]; - switch (mask) { - case 0x01: - j = 7; - break; - case 0x03: - j = 6; - break; - case 0x07: - j = 5; - break; - case 0x0F: - j = 4; - break; - case 0x1F: - j = 3; - break; - case 0x3F: - j = 2; - break; - case 0x7F: - j = 1; - break; - default: - return -1; - } - if ((min[i] & mask) != 0 || (max[i] & mask) != mask) - return -1; - else - return i * 8 + j; -} - -/* - * Construct a prefix. - */ -static int make_addressPrefix(IPAddressOrRange **result, unsigned char *addr, - const int prefixlen, const int afilen) -{ - int bytelen = (prefixlen + 7) / 8, bitlen = prefixlen % 8; - IPAddressOrRange *aor = IPAddressOrRange_new(); - - if (prefixlen < 0 || prefixlen > (afilen * 8)) - return 0; - if (aor == NULL) - return 0; - aor->type = IPAddressOrRange_addressPrefix; - if (aor->u.addressPrefix == NULL && - (aor->u.addressPrefix = ASN1_BIT_STRING_new()) == NULL) - goto err; - if (!ASN1_BIT_STRING_set(aor->u.addressPrefix, addr, bytelen)) - goto err; - aor->u.addressPrefix->flags &= ~7; - aor->u.addressPrefix->flags |= ASN1_STRING_FLAG_BITS_LEFT; - if (bitlen > 0) { - aor->u.addressPrefix->data[bytelen - 1] &= ~(0xFF >> bitlen); - aor->u.addressPrefix->flags |= 8 - bitlen; - } - - *result = aor; - return 1; - - err: - IPAddressOrRange_free(aor); - return 0; -} - -/* - * Construct a range. If it can be expressed as a prefix, - * return a prefix instead. Doing this here simplifies - * the rest of the code considerably. - */ -static int make_addressRange(IPAddressOrRange **result, - unsigned char *min, - unsigned char *max, const int length) -{ - IPAddressOrRange *aor; - int i, prefixlen; - - if (memcmp(min, max, length) > 0) - return 0; - - if ((prefixlen = range_should_be_prefix(min, max, length)) >= 0) - return make_addressPrefix(result, min, prefixlen, length); - - if ((aor = IPAddressOrRange_new()) == NULL) - return 0; - aor->type = IPAddressOrRange_addressRange; - if ((aor->u.addressRange = IPAddressRange_new()) == NULL) - goto err; - if (aor->u.addressRange->min == NULL && - (aor->u.addressRange->min = ASN1_BIT_STRING_new()) == NULL) - goto err; - if (aor->u.addressRange->max == NULL && - (aor->u.addressRange->max = ASN1_BIT_STRING_new()) == NULL) - goto err; - - for (i = length; i > 0 && min[i - 1] == 0x00; --i) ; - if (!ASN1_BIT_STRING_set(aor->u.addressRange->min, min, i)) - goto err; - aor->u.addressRange->min->flags &= ~7; - aor->u.addressRange->min->flags |= ASN1_STRING_FLAG_BITS_LEFT; - if (i > 0) { - unsigned char b = min[i - 1]; - int j = 1; - while ((b & (0xFFU >> j)) != 0) - ++j; - aor->u.addressRange->min->flags |= 8 - j; - } - - for (i = length; i > 0 && max[i - 1] == 0xFF; --i) ; - if (!ASN1_BIT_STRING_set(aor->u.addressRange->max, max, i)) - goto err; - aor->u.addressRange->max->flags &= ~7; - aor->u.addressRange->max->flags |= ASN1_STRING_FLAG_BITS_LEFT; - if (i > 0) { - unsigned char b = max[i - 1]; - int j = 1; - while ((b & (0xFFU >> j)) != (0xFFU >> j)) - ++j; - aor->u.addressRange->max->flags |= 8 - j; - } - - *result = aor; - return 1; - - err: - IPAddressOrRange_free(aor); - return 0; -} - -/* - * Construct a new address family or find an existing one. - */ -static IPAddressFamily *make_IPAddressFamily(IPAddrBlocks *addr, - const unsigned afi, - const unsigned *safi) -{ - IPAddressFamily *f; - unsigned char key[3]; - int keylen; - int i; - - key[0] = (afi >> 8) & 0xFF; - key[1] = afi & 0xFF; - if (safi != NULL) { - key[2] = *safi & 0xFF; - keylen = 3; - } else { - keylen = 2; - } - - for (i = 0; i < sk_IPAddressFamily_num(addr); i++) { - f = sk_IPAddressFamily_value(addr, i); - if (f->addressFamily->length == keylen && - !memcmp(f->addressFamily->data, key, keylen)) - return f; - } - - if ((f = IPAddressFamily_new()) == NULL) - goto err; - if (f->ipAddressChoice == NULL && - (f->ipAddressChoice = IPAddressChoice_new()) == NULL) - goto err; - if (f->addressFamily == NULL && - (f->addressFamily = ASN1_OCTET_STRING_new()) == NULL) - goto err; - if (!ASN1_OCTET_STRING_set(f->addressFamily, key, keylen)) - goto err; - if (!sk_IPAddressFamily_push(addr, f)) - goto err; - - return f; - - err: - IPAddressFamily_free(f); - return NULL; -} - -/* - * Add an inheritance element. - */ -int X509v3_addr_add_inherit(IPAddrBlocks *addr, - const unsigned afi, const unsigned *safi) -{ - IPAddressFamily *f = make_IPAddressFamily(addr, afi, safi); - if (f == NULL || - f->ipAddressChoice == NULL || - (f->ipAddressChoice->type == IPAddressChoice_addressesOrRanges && - f->ipAddressChoice->u.addressesOrRanges != NULL)) - return 0; - if (f->ipAddressChoice->type == IPAddressChoice_inherit && - f->ipAddressChoice->u.inherit != NULL) - return 1; - if (f->ipAddressChoice->u.inherit == NULL && - (f->ipAddressChoice->u.inherit = ASN1_NULL_new()) == NULL) - return 0; - f->ipAddressChoice->type = IPAddressChoice_inherit; - return 1; -} - -/* - * Construct an IPAddressOrRange sequence, or return an existing one. - */ -static IPAddressOrRanges *make_prefix_or_range(IPAddrBlocks *addr, - const unsigned afi, - const unsigned *safi) -{ - IPAddressFamily *f = make_IPAddressFamily(addr, afi, safi); - IPAddressOrRanges *aors = NULL; - - if (f == NULL || - f->ipAddressChoice == NULL || - (f->ipAddressChoice->type == IPAddressChoice_inherit && - f->ipAddressChoice->u.inherit != NULL)) - return NULL; - if (f->ipAddressChoice->type == IPAddressChoice_addressesOrRanges) - aors = f->ipAddressChoice->u.addressesOrRanges; - if (aors != NULL) - return aors; - if ((aors = sk_IPAddressOrRange_new_null()) == NULL) - return NULL; - switch (afi) { - case IANA_AFI_IPV4: - (void)sk_IPAddressOrRange_set_cmp_func(aors, v4IPAddressOrRange_cmp); - break; - case IANA_AFI_IPV6: - (void)sk_IPAddressOrRange_set_cmp_func(aors, v6IPAddressOrRange_cmp); - break; - } - f->ipAddressChoice->type = IPAddressChoice_addressesOrRanges; - f->ipAddressChoice->u.addressesOrRanges = aors; - return aors; -} - -/* - * Add a prefix. - */ -int X509v3_addr_add_prefix(IPAddrBlocks *addr, - const unsigned afi, - const unsigned *safi, - unsigned char *a, const int prefixlen) -{ - IPAddressOrRanges *aors = make_prefix_or_range(addr, afi, safi); - IPAddressOrRange *aor; - - if (aors == NULL - || !make_addressPrefix(&aor, a, prefixlen, length_from_afi(afi))) - return 0; - if (sk_IPAddressOrRange_push(aors, aor)) - return 1; - IPAddressOrRange_free(aor); - return 0; -} - -/* - * Add a range. - */ -int X509v3_addr_add_range(IPAddrBlocks *addr, - const unsigned afi, - const unsigned *safi, - unsigned char *min, unsigned char *max) -{ - IPAddressOrRanges *aors = make_prefix_or_range(addr, afi, safi); - IPAddressOrRange *aor; - int length = length_from_afi(afi); - if (aors == NULL) - return 0; - if (!make_addressRange(&aor, min, max, length)) - return 0; - if (sk_IPAddressOrRange_push(aors, aor)) - return 1; - IPAddressOrRange_free(aor); - return 0; -} - -/* - * Extract min and max values from an IPAddressOrRange. - */ -static int extract_min_max(IPAddressOrRange *aor, - unsigned char *min, unsigned char *max, int length) -{ - if (aor == NULL || min == NULL || max == NULL) - return 0; - switch (aor->type) { - case IPAddressOrRange_addressPrefix: - return (addr_expand(min, aor->u.addressPrefix, length, 0x00) && - addr_expand(max, aor->u.addressPrefix, length, 0xFF)); - case IPAddressOrRange_addressRange: - return (addr_expand(min, aor->u.addressRange->min, length, 0x00) && - addr_expand(max, aor->u.addressRange->max, length, 0xFF)); - } - return 0; -} - -/* - * Public wrapper for extract_min_max(). - */ -int X509v3_addr_get_range(IPAddressOrRange *aor, - const unsigned afi, - unsigned char *min, - unsigned char *max, const int length) -{ - int afi_length = length_from_afi(afi); - if (aor == NULL || min == NULL || max == NULL || - afi_length == 0 || length < afi_length || - (aor->type != IPAddressOrRange_addressPrefix && - aor->type != IPAddressOrRange_addressRange) || - !extract_min_max(aor, min, max, afi_length)) - return 0; - - return afi_length; -} - -/* - * Sort comparison function for a sequence of IPAddressFamily. - * - * The last paragraph of RFC 3779 2.2.3.3 is slightly ambiguous about - * the ordering: I can read it as meaning that IPv6 without a SAFI - * comes before IPv4 with a SAFI, which seems pretty weird. The - * examples in appendix B suggest that the author intended the - * null-SAFI rule to apply only within a single AFI, which is what I - * would have expected and is what the following code implements. - */ -static int IPAddressFamily_cmp(const IPAddressFamily *const *a_, - const IPAddressFamily *const *b_) -{ - const ASN1_OCTET_STRING *a = (*a_)->addressFamily; - const ASN1_OCTET_STRING *b = (*b_)->addressFamily; - int len = ((a->length <= b->length) ? a->length : b->length); - int cmp = memcmp(a->data, b->data, len); - return cmp ? cmp : a->length - b->length; -} - -/* - * Check whether an IPAddrBLocks is in canonical form. - */ -int X509v3_addr_is_canonical(IPAddrBlocks *addr) -{ - unsigned char a_min[ADDR_RAW_BUF_LEN], a_max[ADDR_RAW_BUF_LEN]; - unsigned char b_min[ADDR_RAW_BUF_LEN], b_max[ADDR_RAW_BUF_LEN]; - IPAddressOrRanges *aors; - int i, j, k; - - /* - * Empty extension is canonical. - */ - if (addr == NULL) - return 1; - - /* - * Check whether the top-level list is in order. - */ - for (i = 0; i < sk_IPAddressFamily_num(addr) - 1; i++) { - const IPAddressFamily *a = sk_IPAddressFamily_value(addr, i); - const IPAddressFamily *b = sk_IPAddressFamily_value(addr, i + 1); - if (IPAddressFamily_cmp(&a, &b) >= 0) - return 0; - } - - /* - * Top level's ok, now check each address family. - */ - for (i = 0; i < sk_IPAddressFamily_num(addr); i++) { - IPAddressFamily *f = sk_IPAddressFamily_value(addr, i); - int length = length_from_afi(X509v3_addr_get_afi(f)); - - /* - * Inheritance is canonical. Anything other than inheritance or - * a SEQUENCE OF IPAddressOrRange is an ASN.1 error or something. - */ - if (f == NULL || f->ipAddressChoice == NULL) - return 0; - switch (f->ipAddressChoice->type) { - case IPAddressChoice_inherit: - continue; - case IPAddressChoice_addressesOrRanges: - break; - default: - return 0; - } - - /* - * It's an IPAddressOrRanges sequence, check it. - */ - aors = f->ipAddressChoice->u.addressesOrRanges; - if (sk_IPAddressOrRange_num(aors) == 0) - return 0; - for (j = 0; j < sk_IPAddressOrRange_num(aors) - 1; j++) { - IPAddressOrRange *a = sk_IPAddressOrRange_value(aors, j); - IPAddressOrRange *b = sk_IPAddressOrRange_value(aors, j + 1); - - if (!extract_min_max(a, a_min, a_max, length) || - !extract_min_max(b, b_min, b_max, length)) - return 0; - - /* - * Punt misordered list, overlapping start, or inverted range. - */ - if (memcmp(a_min, b_min, length) >= 0 || - memcmp(a_min, a_max, length) > 0 || - memcmp(b_min, b_max, length) > 0) - return 0; - - /* - * Punt if adjacent or overlapping. Check for adjacency by - * subtracting one from b_min first. - */ - for (k = length - 1; k >= 0 && b_min[k]-- == 0x00; k--) ; - if (memcmp(a_max, b_min, length) >= 0) - return 0; - - /* - * Check for range that should be expressed as a prefix. - */ - if (a->type == IPAddressOrRange_addressRange && - range_should_be_prefix(a_min, a_max, length) >= 0) - return 0; - } - - /* - * Check range to see if it's inverted or should be a - * prefix. - */ - j = sk_IPAddressOrRange_num(aors) - 1; - { - IPAddressOrRange *a = sk_IPAddressOrRange_value(aors, j); - if (a != NULL && a->type == IPAddressOrRange_addressRange) { - if (!extract_min_max(a, a_min, a_max, length)) - return 0; - if (memcmp(a_min, a_max, length) > 0 || - range_should_be_prefix(a_min, a_max, length) >= 0) - return 0; - } - } - } - - /* - * If we made it through all that, we're happy. - */ - return 1; -} - -/* - * Whack an IPAddressOrRanges into canonical form. - */ -static int IPAddressOrRanges_canonize(IPAddressOrRanges *aors, - const unsigned afi) -{ - int i, j, length = length_from_afi(afi); - - /* - * Sort the IPAddressOrRanges sequence. - */ - sk_IPAddressOrRange_sort(aors); - - /* - * Clean up representation issues, punt on duplicates or overlaps. - */ - for (i = 0; i < sk_IPAddressOrRange_num(aors) - 1; i++) { - IPAddressOrRange *a = sk_IPAddressOrRange_value(aors, i); - IPAddressOrRange *b = sk_IPAddressOrRange_value(aors, i + 1); - unsigned char a_min[ADDR_RAW_BUF_LEN], a_max[ADDR_RAW_BUF_LEN]; - unsigned char b_min[ADDR_RAW_BUF_LEN], b_max[ADDR_RAW_BUF_LEN]; - - if (!extract_min_max(a, a_min, a_max, length) || - !extract_min_max(b, b_min, b_max, length)) - return 0; - - /* - * Punt inverted ranges. - */ - if (memcmp(a_min, a_max, length) > 0 || - memcmp(b_min, b_max, length) > 0) - return 0; - - /* - * Punt overlaps. - */ - if (memcmp(a_max, b_min, length) >= 0) - return 0; - - /* - * Merge if a and b are adjacent. We check for - * adjacency by subtracting one from b_min first. - */ - for (j = length - 1; j >= 0 && b_min[j]-- == 0x00; j--) ; - if (memcmp(a_max, b_min, length) == 0) { - IPAddressOrRange *merged; - if (!make_addressRange(&merged, a_min, b_max, length)) - return 0; - (void)sk_IPAddressOrRange_set(aors, i, merged); - (void)sk_IPAddressOrRange_delete(aors, i + 1); - IPAddressOrRange_free(a); - IPAddressOrRange_free(b); - --i; - continue; - } - } - - /* - * Check for inverted final range. - */ - j = sk_IPAddressOrRange_num(aors) - 1; - { - IPAddressOrRange *a = sk_IPAddressOrRange_value(aors, j); - if (a != NULL && a->type == IPAddressOrRange_addressRange) { - unsigned char a_min[ADDR_RAW_BUF_LEN], a_max[ADDR_RAW_BUF_LEN]; - if (!extract_min_max(a, a_min, a_max, length)) - return 0; - if (memcmp(a_min, a_max, length) > 0) - return 0; - } - } - - return 1; -} - -/* - * Whack an IPAddrBlocks extension into canonical form. - */ -int X509v3_addr_canonize(IPAddrBlocks *addr) -{ - int i; - for (i = 0; i < sk_IPAddressFamily_num(addr); i++) { - IPAddressFamily *f = sk_IPAddressFamily_value(addr, i); - if (f->ipAddressChoice->type == IPAddressChoice_addressesOrRanges && - !IPAddressOrRanges_canonize(f->ipAddressChoice-> - u.addressesOrRanges, - X509v3_addr_get_afi(f))) - return 0; - } - (void)sk_IPAddressFamily_set_cmp_func(addr, IPAddressFamily_cmp); - sk_IPAddressFamily_sort(addr); - if (!ossl_assert(X509v3_addr_is_canonical(addr))) - return 0; - return 1; -} - -/* - * v2i handler for the IPAddrBlocks extension. - */ -static void *v2i_IPAddrBlocks(const struct v3_ext_method *method, - struct v3_ext_ctx *ctx, - STACK_OF(CONF_VALUE) *values) -{ - static const char v4addr_chars[] = "0123456789."; - static const char v6addr_chars[] = "0123456789.:abcdefABCDEF"; - IPAddrBlocks *addr = NULL; - char *s = NULL, *t; - int i; - - if ((addr = sk_IPAddressFamily_new(IPAddressFamily_cmp)) == NULL) { - ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); - return NULL; - } - - for (i = 0; i < sk_CONF_VALUE_num(values); i++) { - CONF_VALUE *val = sk_CONF_VALUE_value(values, i); - unsigned char min[ADDR_RAW_BUF_LEN], max[ADDR_RAW_BUF_LEN]; - unsigned afi, *safi = NULL, safi_; - const char *addr_chars = NULL; - int prefixlen, i1, i2, delim, length; - - if (!ossl_v3_name_cmp(val->name, "IPv4")) { - afi = IANA_AFI_IPV4; - } else if (!ossl_v3_name_cmp(val->name, "IPv6")) { - afi = IANA_AFI_IPV6; - } else if (!ossl_v3_name_cmp(val->name, "IPv4-SAFI")) { - afi = IANA_AFI_IPV4; - safi = &safi_; - } else if (!ossl_v3_name_cmp(val->name, "IPv6-SAFI")) { - afi = IANA_AFI_IPV6; - safi = &safi_; - } else { - ERR_raise_data(ERR_LIB_X509V3, X509V3_R_EXTENSION_NAME_ERROR, - "%s", val->name); - goto err; - } - - switch (afi) { - case IANA_AFI_IPV4: - addr_chars = v4addr_chars; - break; - case IANA_AFI_IPV6: - addr_chars = v6addr_chars; - break; - } - - length = length_from_afi(afi); - - /* - * Handle SAFI, if any, and OPENSSL_strdup() so we can null-terminate - * the other input values. - */ - if (safi != NULL) { - *safi = strtoul(val->value, &t, 0); - t += strspn(t, " \t"); - if (*safi > 0xFF || *t++ != ':') { - ERR_raise(ERR_LIB_X509V3, X509V3_R_INVALID_SAFI); - X509V3_conf_add_error_name_value(val); - goto err; - } - t += strspn(t, " \t"); - s = OPENSSL_strdup(t); - } else { - s = OPENSSL_strdup(val->value); - } - if (s == NULL) { - ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); - goto err; - } - - /* - * Check for inheritance. Not worth additional complexity to - * optimize this (seldom-used) case. - */ - if (strcmp(s, "inherit") == 0) { - if (!X509v3_addr_add_inherit(addr, afi, safi)) { - ERR_raise(ERR_LIB_X509V3, X509V3_R_INVALID_INHERITANCE); - X509V3_conf_add_error_name_value(val); - goto err; - } - OPENSSL_free(s); - s = NULL; - continue; - } - - i1 = strspn(s, addr_chars); - i2 = i1 + strspn(s + i1, " \t"); - delim = s[i2++]; - s[i1] = '\0'; - - if (ossl_a2i_ipadd(min, s) != length) { - ERR_raise(ERR_LIB_X509V3, X509V3_R_INVALID_IPADDRESS); - X509V3_conf_add_error_name_value(val); - goto err; - } - - switch (delim) { - case '/': - prefixlen = (int)strtoul(s + i2, &t, 10); - if (t == s + i2 - || *t != '\0' - || prefixlen > (length * 8) - || prefixlen < 0) { - ERR_raise(ERR_LIB_X509V3, X509V3_R_EXTENSION_VALUE_ERROR); - X509V3_conf_add_error_name_value(val); - goto err; - } - if (!X509v3_addr_add_prefix(addr, afi, safi, min, prefixlen)) { - ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); - goto err; - } - break; - case '-': - i1 = i2 + strspn(s + i2, " \t"); - i2 = i1 + strspn(s + i1, addr_chars); - if (i1 == i2 || s[i2] != '\0') { - ERR_raise(ERR_LIB_X509V3, X509V3_R_EXTENSION_VALUE_ERROR); - X509V3_conf_add_error_name_value(val); - goto err; - } - if (ossl_a2i_ipadd(max, s + i1) != length) { - ERR_raise(ERR_LIB_X509V3, X509V3_R_INVALID_IPADDRESS); - X509V3_conf_add_error_name_value(val); - goto err; - } - if (memcmp(min, max, length_from_afi(afi)) > 0) { - ERR_raise(ERR_LIB_X509V3, X509V3_R_EXTENSION_VALUE_ERROR); - X509V3_conf_add_error_name_value(val); - goto err; - } - if (!X509v3_addr_add_range(addr, afi, safi, min, max)) { - ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); - goto err; - } - break; - case '\0': - if (!X509v3_addr_add_prefix(addr, afi, safi, min, length * 8)) { - ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); - goto err; - } - break; - default: - ERR_raise(ERR_LIB_X509V3, X509V3_R_EXTENSION_VALUE_ERROR); - X509V3_conf_add_error_name_value(val); - goto err; - } - - OPENSSL_free(s); - s = NULL; - } - - /* - * Canonize the result, then we're done. - */ - if (!X509v3_addr_canonize(addr)) - goto err; - return addr; - - err: - OPENSSL_free(s); - sk_IPAddressFamily_pop_free(addr, IPAddressFamily_free); - return NULL; -} - -/* - * OpenSSL dispatch - */ -const X509V3_EXT_METHOD ossl_v3_addr = { - NID_sbgp_ipAddrBlock, /* nid */ - 0, /* flags */ - ASN1_ITEM_ref(IPAddrBlocks), /* template */ - 0, 0, 0, 0, /* old functions, ignored */ - 0, /* i2s */ - 0, /* s2i */ - 0, /* i2v */ - v2i_IPAddrBlocks, /* v2i */ - i2r_IPAddrBlocks, /* i2r */ - 0, /* r2i */ - NULL /* extension-specific data */ -}; - -/* - * Figure out whether extension sues inheritance. - */ -int X509v3_addr_inherits(IPAddrBlocks *addr) -{ - int i; - if (addr == NULL) - return 0; - for (i = 0; i < sk_IPAddressFamily_num(addr); i++) { - IPAddressFamily *f = sk_IPAddressFamily_value(addr, i); - if (f->ipAddressChoice->type == IPAddressChoice_inherit) - return 1; - } - return 0; -} - -/* - * Figure out whether parent contains child. - */ -static int addr_contains(IPAddressOrRanges *parent, - IPAddressOrRanges *child, int length) -{ - unsigned char p_min[ADDR_RAW_BUF_LEN], p_max[ADDR_RAW_BUF_LEN]; - unsigned char c_min[ADDR_RAW_BUF_LEN], c_max[ADDR_RAW_BUF_LEN]; - int p, c; - - if (child == NULL || parent == child) - return 1; - if (parent == NULL) - return 0; - - p = 0; - for (c = 0; c < sk_IPAddressOrRange_num(child); c++) { - if (!extract_min_max(sk_IPAddressOrRange_value(child, c), - c_min, c_max, length)) - return 0; - for (;; p++) { - if (p >= sk_IPAddressOrRange_num(parent)) - return 0; - if (!extract_min_max(sk_IPAddressOrRange_value(parent, p), - p_min, p_max, length)) - return 0; - if (memcmp(p_max, c_max, length) < 0) - continue; - if (memcmp(p_min, c_min, length) > 0) - return 0; - break; - } - } - - return 1; -} - -/* - * Test whether a is a subset of b. - */ -int X509v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b) -{ - int i; - if (a == NULL || a == b) - return 1; - if (b == NULL || X509v3_addr_inherits(a) || X509v3_addr_inherits(b)) - return 0; - (void)sk_IPAddressFamily_set_cmp_func(b, IPAddressFamily_cmp); - for (i = 0; i < sk_IPAddressFamily_num(a); i++) { - IPAddressFamily *fa = sk_IPAddressFamily_value(a, i); - int j = sk_IPAddressFamily_find(b, fa); - IPAddressFamily *fb; - fb = sk_IPAddressFamily_value(b, j); - if (fb == NULL) - return 0; - if (!addr_contains(fb->ipAddressChoice->u.addressesOrRanges, - fa->ipAddressChoice->u.addressesOrRanges, - length_from_afi(X509v3_addr_get_afi(fb)))) - return 0; - } - return 1; -} - -/* - * Validation error handling via callback. - */ -#define validation_err(_err_) \ - do { \ - if (ctx != NULL) { \ - ctx->error = _err_; \ - ctx->error_depth = i; \ - ctx->current_cert = x; \ - ret = ctx->verify_cb(0, ctx); \ - } else { \ - ret = 0; \ - } \ - if (!ret) \ - goto done; \ - } while (0) - -/* - * Core code for RFC 3779 2.3 path validation. - * - * Returns 1 for success, 0 on error. - * - * When returning 0, ctx->error MUST be set to an appropriate value other than - * X509_V_OK. - */ -static int addr_validate_path_internal(X509_STORE_CTX *ctx, - STACK_OF(X509) *chain, - IPAddrBlocks *ext) -{ - IPAddrBlocks *child = NULL; - int i, j, ret = 1; - X509 *x; - - if (!ossl_assert(chain != NULL && sk_X509_num(chain) > 0) - || !ossl_assert(ctx != NULL || ext != NULL) - || !ossl_assert(ctx == NULL || ctx->verify_cb != NULL)) { - if (ctx != NULL) - ctx->error = X509_V_ERR_UNSPECIFIED; - return 0; - } - - /* - * Figure out where to start. If we don't have an extension to - * check, we're done. Otherwise, check canonical form and - * set up for walking up the chain. - */ - if (ext != NULL) { - i = -1; - x = NULL; - } else { - i = 0; - x = sk_X509_value(chain, i); - if ((ext = x->rfc3779_addr) == NULL) - goto done; - } - if (!X509v3_addr_is_canonical(ext)) - validation_err(X509_V_ERR_INVALID_EXTENSION); - (void)sk_IPAddressFamily_set_cmp_func(ext, IPAddressFamily_cmp); - if ((child = sk_IPAddressFamily_dup(ext)) == NULL) { - ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); - if (ctx != NULL) - ctx->error = X509_V_ERR_OUT_OF_MEM; - ret = 0; - goto done; - } - - /* - * Now walk up the chain. No cert may list resources that its - * parent doesn't list. - */ - for (i++; i < sk_X509_num(chain); i++) { - x = sk_X509_value(chain, i); - if (!X509v3_addr_is_canonical(x->rfc3779_addr)) - validation_err(X509_V_ERR_INVALID_EXTENSION); - if (x->rfc3779_addr == NULL) { - for (j = 0; j < sk_IPAddressFamily_num(child); j++) { - IPAddressFamily *fc = sk_IPAddressFamily_value(child, j); - if (fc->ipAddressChoice->type != IPAddressChoice_inherit) { - validation_err(X509_V_ERR_UNNESTED_RESOURCE); - break; - } - } - continue; - } - (void)sk_IPAddressFamily_set_cmp_func(x->rfc3779_addr, - IPAddressFamily_cmp); - for (j = 0; j < sk_IPAddressFamily_num(child); j++) { - IPAddressFamily *fc = sk_IPAddressFamily_value(child, j); - int k = sk_IPAddressFamily_find(x->rfc3779_addr, fc); - IPAddressFamily *fp = - sk_IPAddressFamily_value(x->rfc3779_addr, k); - if (fp == NULL) { - if (fc->ipAddressChoice->type == - IPAddressChoice_addressesOrRanges) { - validation_err(X509_V_ERR_UNNESTED_RESOURCE); - break; - } - continue; - } - if (fp->ipAddressChoice->type == - IPAddressChoice_addressesOrRanges) { - if (fc->ipAddressChoice->type == IPAddressChoice_inherit - || addr_contains(fp->ipAddressChoice->u.addressesOrRanges, - fc->ipAddressChoice->u.addressesOrRanges, - length_from_afi(X509v3_addr_get_afi(fc)))) - (void)sk_IPAddressFamily_set(child, j, fp); - else - validation_err(X509_V_ERR_UNNESTED_RESOURCE); - } - } - } - - /* - * Trust anchor can't inherit. - */ - if (x->rfc3779_addr != NULL) { - for (j = 0; j < sk_IPAddressFamily_num(x->rfc3779_addr); j++) { - IPAddressFamily *fp = - sk_IPAddressFamily_value(x->rfc3779_addr, j); - if (fp->ipAddressChoice->type == IPAddressChoice_inherit - && sk_IPAddressFamily_find(child, fp) >= 0) - validation_err(X509_V_ERR_UNNESTED_RESOURCE); - } - } - - done: - sk_IPAddressFamily_free(child); - return ret; -} - -#undef validation_err - -/* - * RFC 3779 2.3 path validation -- called from X509_verify_cert(). - */ -int X509v3_addr_validate_path(X509_STORE_CTX *ctx) -{ - if (ctx->chain == NULL - || sk_X509_num(ctx->chain) == 0 - || ctx->verify_cb == NULL) { - ctx->error = X509_V_ERR_UNSPECIFIED; - return 0; - } - return addr_validate_path_internal(ctx, ctx->chain, NULL); -} - -/* - * RFC 3779 2.3 path validation of an extension. - * Test whether chain covers extension. - */ -int X509v3_addr_validate_resource_set(STACK_OF(X509) *chain, - IPAddrBlocks *ext, int allow_inheritance) -{ - if (ext == NULL) - return 1; - if (chain == NULL || sk_X509_num(chain) == 0) - return 0; - if (!allow_inheritance && X509v3_addr_inherits(ext)) - return 0; - return addr_validate_path_internal(NULL, chain, ext); -} - -#endif /* OPENSSL_NO_RFC3779 */ diff --git a/crypto/x509/v3_admis.c b/crypto/x509/v3_admis.c deleted file mode 100644 index bee9cc9931bf43d8ae26f4cb4946d7a705c63c35..0000000000000000000000000000000000000000 --- a/crypto/x509/v3_admis.c +++ /dev/null @@ -1,355 +0,0 @@ -/* - * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ -#include -#include "internal/cryptlib.h" -#include -#include -#include -#include - -#include - -#include - -#include "v3_admis.h" -#include "ext_dat.h" - -ASN1_SEQUENCE(NAMING_AUTHORITY) = { - ASN1_OPT(NAMING_AUTHORITY, namingAuthorityId, ASN1_OBJECT), - ASN1_OPT(NAMING_AUTHORITY, namingAuthorityUrl, ASN1_IA5STRING), - ASN1_OPT(NAMING_AUTHORITY, namingAuthorityText, DIRECTORYSTRING), -} ASN1_SEQUENCE_END(NAMING_AUTHORITY) - -ASN1_SEQUENCE(PROFESSION_INFO) = { - ASN1_EXP_OPT(PROFESSION_INFO, namingAuthority, NAMING_AUTHORITY, 0), - ASN1_SEQUENCE_OF(PROFESSION_INFO, professionItems, DIRECTORYSTRING), - ASN1_SEQUENCE_OF_OPT(PROFESSION_INFO, professionOIDs, ASN1_OBJECT), - ASN1_OPT(PROFESSION_INFO, registrationNumber, ASN1_PRINTABLESTRING), - ASN1_OPT(PROFESSION_INFO, addProfessionInfo, ASN1_OCTET_STRING), -} ASN1_SEQUENCE_END(PROFESSION_INFO) - -ASN1_SEQUENCE(ADMISSIONS) = { - ASN1_EXP_OPT(ADMISSIONS, admissionAuthority, GENERAL_NAME, 0), - ASN1_EXP_OPT(ADMISSIONS, namingAuthority, NAMING_AUTHORITY, 1), - ASN1_SEQUENCE_OF(ADMISSIONS, professionInfos, PROFESSION_INFO), -} ASN1_SEQUENCE_END(ADMISSIONS) - -ASN1_SEQUENCE(ADMISSION_SYNTAX) = { - ASN1_OPT(ADMISSION_SYNTAX, admissionAuthority, GENERAL_NAME), - ASN1_SEQUENCE_OF(ADMISSION_SYNTAX, contentsOfAdmissions, ADMISSIONS), -} ASN1_SEQUENCE_END(ADMISSION_SYNTAX) - -IMPLEMENT_ASN1_FUNCTIONS(NAMING_AUTHORITY) -IMPLEMENT_ASN1_FUNCTIONS(PROFESSION_INFO) -IMPLEMENT_ASN1_FUNCTIONS(ADMISSIONS) -IMPLEMENT_ASN1_FUNCTIONS(ADMISSION_SYNTAX) - -static int i2r_ADMISSION_SYNTAX(const struct v3_ext_method *method, void *in, - BIO *bp, int ind); - -const X509V3_EXT_METHOD ossl_v3_ext_admission = { - NID_x509ExtAdmission, /* .ext_nid = */ - 0, /* .ext_flags = */ - ASN1_ITEM_ref(ADMISSION_SYNTAX), /* .it = */ - NULL, NULL, NULL, NULL, - NULL, /* .i2s = */ - NULL, /* .s2i = */ - NULL, /* .i2v = */ - NULL, /* .v2i = */ - &i2r_ADMISSION_SYNTAX, /* .i2r = */ - NULL, /* .r2i = */ - NULL /* extension-specific data */ -}; - - -static int i2r_NAMING_AUTHORITY(const struct v3_ext_method *method, void *in, - BIO *bp, int ind) -{ - NAMING_AUTHORITY * namingAuthority = (NAMING_AUTHORITY*) in; - - if (namingAuthority == NULL) - return 0; - - if (namingAuthority->namingAuthorityId == NULL - && namingAuthority->namingAuthorityText == NULL - && namingAuthority->namingAuthorityUrl == NULL) - return 0; - - if (BIO_printf(bp, "%*snamingAuthority: ", ind, "") <= 0) - goto err; - - if (namingAuthority->namingAuthorityId != NULL) { - char objbuf[128]; - const char *ln = OBJ_nid2ln(OBJ_obj2nid(namingAuthority->namingAuthorityId)); - - if (BIO_printf(bp, "%*s admissionAuthorityId: ", ind, "") <= 0) - goto err; - - OBJ_obj2txt(objbuf, sizeof(objbuf), namingAuthority->namingAuthorityId, 1); - - if (BIO_printf(bp, "%s%s%s%s\n", ln ? ln : "", - ln ? " (" : "", objbuf, ln ? ")" : "") <= 0) - goto err; - } - if (namingAuthority->namingAuthorityText != NULL) { - if (BIO_printf(bp, "%*s namingAuthorityText: ", ind, "") <= 0 - || ASN1_STRING_print(bp, namingAuthority->namingAuthorityText) <= 0 - || BIO_printf(bp, "\n") <= 0) - goto err; - } - if (namingAuthority->namingAuthorityUrl != NULL ) { - if (BIO_printf(bp, "%*s namingAuthorityUrl: ", ind, "") <= 0 - || ASN1_STRING_print(bp, namingAuthority->namingAuthorityUrl) <= 0 - || BIO_printf(bp, "\n") <= 0) - goto err; - } - return 1; - -err: - return 0; -} - -static int i2r_ADMISSION_SYNTAX(const struct v3_ext_method *method, void *in, - BIO *bp, int ind) -{ - ADMISSION_SYNTAX * admission = (ADMISSION_SYNTAX *)in; - int i, j, k; - - if (admission->admissionAuthority != NULL) { - if (BIO_printf(bp, "%*sadmissionAuthority:\n", ind, "") <= 0 - || BIO_printf(bp, "%*s ", ind, "") <= 0 - || GENERAL_NAME_print(bp, admission->admissionAuthority) <= 0 - || BIO_printf(bp, "\n") <= 0) - goto err; - } - - for (i = 0; i < sk_ADMISSIONS_num(admission->contentsOfAdmissions); i++) { - ADMISSIONS* entry = sk_ADMISSIONS_value(admission->contentsOfAdmissions, i); - - if (BIO_printf(bp, "%*sEntry %0d:\n", ind, "", 1 + i) <= 0) goto err; - - if (entry->admissionAuthority != NULL) { - if (BIO_printf(bp, "%*s admissionAuthority:\n", ind, "") <= 0 - || BIO_printf(bp, "%*s ", ind, "") <= 0 - || GENERAL_NAME_print(bp, entry->admissionAuthority) <= 0 - || BIO_printf(bp, "\n") <= 0) - goto err; - } - - if (entry->namingAuthority != NULL) { - if (i2r_NAMING_AUTHORITY(method, entry->namingAuthority, bp, ind) <= 0) - goto err; - } - - for (j = 0; j < sk_PROFESSION_INFO_num(entry->professionInfos); j++) { - PROFESSION_INFO* pinfo = sk_PROFESSION_INFO_value(entry->professionInfos, j); - - if (BIO_printf(bp, "%*s Profession Info Entry %0d:\n", ind, "", 1 + j) <= 0) - goto err; - - if (pinfo->registrationNumber != NULL) { - if (BIO_printf(bp, "%*s registrationNumber: ", ind, "") <= 0 - || ASN1_STRING_print(bp, pinfo->registrationNumber) <= 0 - || BIO_printf(bp, "\n") <= 0) - goto err; - } - - if (pinfo->namingAuthority != NULL) { - if (i2r_NAMING_AUTHORITY(method, pinfo->namingAuthority, bp, ind + 2) <= 0) - goto err; - } - - if (pinfo->professionItems != NULL) { - - if (BIO_printf(bp, "%*s Info Entries:\n", ind, "") <= 0) - goto err; - for (k = 0; k < sk_ASN1_STRING_num(pinfo->professionItems); k++) { - ASN1_STRING* val = sk_ASN1_STRING_value(pinfo->professionItems, k); - - if (BIO_printf(bp, "%*s ", ind, "") <= 0 - || ASN1_STRING_print(bp, val) <= 0 - || BIO_printf(bp, "\n") <= 0) - goto err; - } - } - - if (pinfo->professionOIDs != NULL) { - if (BIO_printf(bp, "%*s Profession OIDs:\n", ind, "") <= 0) - goto err; - for (k = 0; k < sk_ASN1_OBJECT_num(pinfo->professionOIDs); k++) { - ASN1_OBJECT* obj = sk_ASN1_OBJECT_value(pinfo->professionOIDs, k); - const char *ln = OBJ_nid2ln(OBJ_obj2nid(obj)); - char objbuf[128]; - - OBJ_obj2txt(objbuf, sizeof(objbuf), obj, 1); - if (BIO_printf(bp, "%*s %s%s%s%s\n", ind, "", - ln ? ln : "", ln ? " (" : "", - objbuf, ln ? ")" : "") <= 0) - goto err; - } - } - } - } - return 1; - -err: - return -1; -} - -const ASN1_OBJECT *NAMING_AUTHORITY_get0_authorityId(const NAMING_AUTHORITY *n) -{ - return n->namingAuthorityId; -} - -void NAMING_AUTHORITY_set0_authorityId(NAMING_AUTHORITY *n, ASN1_OBJECT* id) -{ - ASN1_OBJECT_free(n->namingAuthorityId); - n->namingAuthorityId = id; -} - -const ASN1_IA5STRING *NAMING_AUTHORITY_get0_authorityURL( - const NAMING_AUTHORITY *n) -{ - return n->namingAuthorityUrl; -} - -void NAMING_AUTHORITY_set0_authorityURL(NAMING_AUTHORITY *n, ASN1_IA5STRING* u) -{ - ASN1_IA5STRING_free(n->namingAuthorityUrl); - n->namingAuthorityUrl = u; -} - -const ASN1_STRING *NAMING_AUTHORITY_get0_authorityText( - const NAMING_AUTHORITY *n) -{ - return n->namingAuthorityText; -} - -void NAMING_AUTHORITY_set0_authorityText(NAMING_AUTHORITY *n, ASN1_STRING* t) -{ - ASN1_IA5STRING_free(n->namingAuthorityText); - n->namingAuthorityText = t; -} - -const GENERAL_NAME *ADMISSION_SYNTAX_get0_admissionAuthority(const ADMISSION_SYNTAX *as) -{ - return as->admissionAuthority; -} - -void ADMISSION_SYNTAX_set0_admissionAuthority(ADMISSION_SYNTAX *as, - GENERAL_NAME *aa) -{ - GENERAL_NAME_free(as->admissionAuthority); - as->admissionAuthority = aa; -} - -const STACK_OF(ADMISSIONS) *ADMISSION_SYNTAX_get0_contentsOfAdmissions(const ADMISSION_SYNTAX *as) -{ - return as->contentsOfAdmissions; -} - -void ADMISSION_SYNTAX_set0_contentsOfAdmissions(ADMISSION_SYNTAX *as, - STACK_OF(ADMISSIONS) *a) -{ - sk_ADMISSIONS_pop_free(as->contentsOfAdmissions, ADMISSIONS_free); - as->contentsOfAdmissions = a; -} - -const GENERAL_NAME *ADMISSIONS_get0_admissionAuthority(const ADMISSIONS *a) -{ - return a->admissionAuthority; -} - -void ADMISSIONS_set0_admissionAuthority(ADMISSIONS *a, GENERAL_NAME *aa) -{ - GENERAL_NAME_free(a->admissionAuthority); - a->admissionAuthority = aa; -} - -const NAMING_AUTHORITY *ADMISSIONS_get0_namingAuthority(const ADMISSIONS *a) -{ - return a->namingAuthority; -} - -void ADMISSIONS_set0_namingAuthority(ADMISSIONS *a, NAMING_AUTHORITY *na) -{ - NAMING_AUTHORITY_free(a->namingAuthority); - a->namingAuthority = na; -} - -const PROFESSION_INFOS *ADMISSIONS_get0_professionInfos(const ADMISSIONS *a) -{ - return a->professionInfos; -} - -void ADMISSIONS_set0_professionInfos(ADMISSIONS *a, PROFESSION_INFOS *pi) -{ - sk_PROFESSION_INFO_pop_free(a->professionInfos, PROFESSION_INFO_free); - a->professionInfos = pi; -} - -const ASN1_OCTET_STRING *PROFESSION_INFO_get0_addProfessionInfo(const PROFESSION_INFO *pi) -{ - return pi->addProfessionInfo; -} - -void PROFESSION_INFO_set0_addProfessionInfo(PROFESSION_INFO *pi, - ASN1_OCTET_STRING *aos) -{ - ASN1_OCTET_STRING_free(pi->addProfessionInfo); - pi->addProfessionInfo = aos; -} - -const NAMING_AUTHORITY *PROFESSION_INFO_get0_namingAuthority(const PROFESSION_INFO *pi) -{ - return pi->namingAuthority; -} - -void PROFESSION_INFO_set0_namingAuthority(PROFESSION_INFO *pi, - NAMING_AUTHORITY *na) -{ - NAMING_AUTHORITY_free(pi->namingAuthority); - pi->namingAuthority = na; -} - -const STACK_OF(ASN1_STRING) *PROFESSION_INFO_get0_professionItems(const PROFESSION_INFO *pi) -{ - return pi->professionItems; -} - -void PROFESSION_INFO_set0_professionItems(PROFESSION_INFO *pi, - STACK_OF(ASN1_STRING) *as) -{ - sk_ASN1_STRING_pop_free(pi->professionItems, ASN1_STRING_free); - pi->professionItems = as; -} - -const STACK_OF(ASN1_OBJECT) *PROFESSION_INFO_get0_professionOIDs(const PROFESSION_INFO *pi) -{ - return pi->professionOIDs; -} - -void PROFESSION_INFO_set0_professionOIDs(PROFESSION_INFO *pi, - STACK_OF(ASN1_OBJECT) *po) -{ - sk_ASN1_OBJECT_pop_free(pi->professionOIDs, ASN1_OBJECT_free); - pi->professionOIDs = po; -} - -const ASN1_PRINTABLESTRING *PROFESSION_INFO_get0_registrationNumber(const PROFESSION_INFO *pi) -{ - return pi->registrationNumber; -} - -void PROFESSION_INFO_set0_registrationNumber(PROFESSION_INFO *pi, - ASN1_PRINTABLESTRING *rn) -{ - ASN1_PRINTABLESTRING_free(pi->registrationNumber); - pi->registrationNumber = rn; -} diff --git a/crypto/x509/v3_admis.h b/crypto/x509/v3_admis.h deleted file mode 100644 index 1e82c0f4a33fec9099eefd35dc1a239c4f65ad4c..0000000000000000000000000000000000000000 --- a/crypto/x509/v3_admis.h +++ /dev/null @@ -1,38 +0,0 @@ -/* - * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#ifndef OSSL_CRYPTO_X509_V3_ADMIS_H -# define OSSL_CRYPTO_X509_V3_ADMIS_H - -struct NamingAuthority_st { - ASN1_OBJECT* namingAuthorityId; - ASN1_IA5STRING* namingAuthorityUrl; - ASN1_STRING* namingAuthorityText; /* i.e. DIRECTORYSTRING */ -}; - -struct ProfessionInfo_st { - NAMING_AUTHORITY* namingAuthority; - STACK_OF(ASN1_STRING)* professionItems; /* i.e. DIRECTORYSTRING */ - STACK_OF(ASN1_OBJECT)* professionOIDs; - ASN1_PRINTABLESTRING* registrationNumber; - ASN1_OCTET_STRING* addProfessionInfo; -}; - -struct Admissions_st { - GENERAL_NAME* admissionAuthority; - NAMING_AUTHORITY* namingAuthority; - STACK_OF(PROFESSION_INFO)* professionInfos; -}; - -struct AdmissionSyntax_st { - GENERAL_NAME* admissionAuthority; - STACK_OF(ADMISSIONS)* contentsOfAdmissions; -}; - -#endif diff --git a/crypto/x509/v3_akeya.c b/crypto/x509/v3_akeya.c deleted file mode 100644 index aae8c21e73c2f3d1e7c0d7cf2020bb40badf6fd0..0000000000000000000000000000000000000000 --- a/crypto/x509/v3_akeya.c +++ /dev/null @@ -1,23 +0,0 @@ -/* - * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/cryptlib.h" -#include -#include -#include -#include - -ASN1_SEQUENCE(AUTHORITY_KEYID) = { - ASN1_IMP_OPT(AUTHORITY_KEYID, keyid, ASN1_OCTET_STRING, 0), - ASN1_IMP_SEQUENCE_OF_OPT(AUTHORITY_KEYID, issuer, GENERAL_NAME, 1), - ASN1_IMP_OPT(AUTHORITY_KEYID, serial, ASN1_INTEGER, 2) -} ASN1_SEQUENCE_END(AUTHORITY_KEYID) - -IMPLEMENT_ASN1_FUNCTIONS(AUTHORITY_KEYID) diff --git a/crypto/x509/v3_akid.c b/crypto/x509/v3_akid.c deleted file mode 100644 index 43b515f50c49cc6f8b475eca8fceb0aa99445db6..0000000000000000000000000000000000000000 --- a/crypto/x509/v3_akid.c +++ /dev/null @@ -1,218 +0,0 @@ -/* - * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/cryptlib.h" -#include -#include -#include -#include -#include "crypto/x509.h" -#include "ext_dat.h" - -static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, - AUTHORITY_KEYID *akeyid, - STACK_OF(CONF_VALUE) - *extlist); -static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, - STACK_OF(CONF_VALUE) *values); - -const X509V3_EXT_METHOD ossl_v3_akey_id = { - NID_authority_key_identifier, - X509V3_EXT_MULTILINE, ASN1_ITEM_ref(AUTHORITY_KEYID), - 0, 0, 0, 0, - 0, 0, - (X509V3_EXT_I2V) i2v_AUTHORITY_KEYID, - (X509V3_EXT_V2I)v2i_AUTHORITY_KEYID, - 0, 0, - NULL -}; - -static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, - AUTHORITY_KEYID *akeyid, - STACK_OF(CONF_VALUE) - *extlist) -{ - char *tmp = NULL; - STACK_OF(CONF_VALUE) *origextlist = extlist, *tmpextlist; - - if (akeyid->keyid) { - tmp = OPENSSL_buf2hexstr(akeyid->keyid->data, akeyid->keyid->length); - if (tmp == NULL) { - ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); - return NULL; - } - if (!X509V3_add_value((akeyid->issuer || akeyid->serial) ? "keyid" : NULL, - tmp, &extlist)) { - OPENSSL_free(tmp); - ERR_raise(ERR_LIB_X509V3, ERR_R_X509_LIB); - goto err; - } - OPENSSL_free(tmp); - } - if (akeyid->issuer) { - tmpextlist = i2v_GENERAL_NAMES(NULL, akeyid->issuer, extlist); - if (tmpextlist == NULL) { - ERR_raise(ERR_LIB_X509V3, ERR_R_X509_LIB); - goto err; - } - extlist = tmpextlist; - } - if (akeyid->serial) { - tmp = OPENSSL_buf2hexstr(akeyid->serial->data, akeyid->serial->length); - if (tmp == NULL) { - ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); - goto err; - } - if (!X509V3_add_value("serial", tmp, &extlist)) { - OPENSSL_free(tmp); - goto err; - } - OPENSSL_free(tmp); - } - return extlist; - err: - if (origextlist == NULL) - sk_CONF_VALUE_pop_free(extlist, X509V3_conf_free); - return NULL; -} - -/*- - * Currently two options: - * keyid: use the issuers subject keyid, the value 'always' means its is - * an error if the issuer certificate doesn't have a key id. - * issuer: use the issuers cert issuer and serial number. The default is - * to only use this if keyid is not present. With the option 'always' - * this is always included. - */ - -static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, - STACK_OF(CONF_VALUE) *values) -{ - char keyid = 0, issuer = 0; - int i, n = sk_CONF_VALUE_num(values); - CONF_VALUE *cnf; - ASN1_OCTET_STRING *ikeyid = NULL; - X509_NAME *isname = NULL; - GENERAL_NAMES *gens = NULL; - GENERAL_NAME *gen = NULL; - ASN1_INTEGER *serial = NULL; - X509_EXTENSION *ext; - X509 *issuer_cert; - int same_issuer, ss; - AUTHORITY_KEYID *akeyid = AUTHORITY_KEYID_new(); - - if (akeyid == NULL) - goto err; - - if (n == 1 && strcmp(sk_CONF_VALUE_value(values, 0)->name, "none") == 0) { - return akeyid; - } - - for (i = 0; i < n; i++) { - cnf = sk_CONF_VALUE_value(values, i); - if (strcmp(cnf->name, "keyid") == 0) { - keyid = 1; - if (cnf->value && strcmp(cnf->value, "always") == 0) - keyid = 2; - } else if (strcmp(cnf->name, "issuer") == 0) { - issuer = 1; - if (cnf->value && strcmp(cnf->value, "always") == 0) - issuer = 2; - } else { - ERR_raise_data(ERR_LIB_X509V3, X509V3_R_UNKNOWN_OPTION, - "name=%s", cnf->name); - goto err; - } - } - - if (ctx != NULL && (ctx->flags & X509V3_CTX_TEST) != 0) - return akeyid; - - if (ctx == NULL) { - ERR_raise(ERR_LIB_X509V3, ERR_R_PASSED_NULL_PARAMETER); - goto err; - } - if ((issuer_cert = ctx->issuer_cert) == NULL) { - ERR_raise(ERR_LIB_X509V3, X509V3_R_NO_ISSUER_CERTIFICATE); - goto err; - } - same_issuer = ctx->subject_cert == ctx->issuer_cert; - ERR_set_mark(); - if (ctx->issuer_pkey != NULL) - ss = X509_check_private_key(ctx->subject_cert, ctx->issuer_pkey); - else - ss = same_issuer; - ERR_pop_to_mark(); - - /* unless forced with "always", AKID is suppressed for self-signed certs */ - if (keyid == 2 || (keyid == 1 && !ss)) { - /* - * prefer any pre-existing subject key identifier of the issuer cert - * except issuer cert is same as subject cert and is not self-signed - */ - i = X509_get_ext_by_NID(issuer_cert, NID_subject_key_identifier, -1); - if (i >= 0 && (ext = X509_get_ext(issuer_cert, i)) != NULL - && !(same_issuer && !ss)) - ikeyid = X509V3_EXT_d2i(ext); - if (ikeyid == NULL && same_issuer && ctx->issuer_pkey != NULL) { - /* generate fallback AKID, emulating s2i_skey_id(..., "hash") */ - X509_PUBKEY *pubkey = NULL; - - if (X509_PUBKEY_set(&pubkey, ctx->issuer_pkey)) - ikeyid = ossl_x509_pubkey_hash(pubkey); - X509_PUBKEY_free(pubkey); - } - if ((keyid == 2 || issuer == 0) - && (ikeyid == NULL - || ASN1_STRING_length(ikeyid) <= 2) /* indicating "none" */) { - ERR_raise(ERR_LIB_X509V3, X509V3_R_UNABLE_TO_GET_ISSUER_KEYID); - goto err; - } - } - - if (issuer == 2 || (issuer == 1 && ikeyid == NULL)) { - isname = X509_NAME_dup(X509_get_issuer_name(issuer_cert)); - serial = ASN1_INTEGER_dup(X509_get0_serialNumber(issuer_cert)); - if (isname == NULL || serial == NULL) { - ERR_raise(ERR_LIB_X509V3, X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS); - goto err; - } - } - - if (isname != NULL) { - if ((gens = sk_GENERAL_NAME_new_null()) == NULL - || (gen = GENERAL_NAME_new()) == NULL - || !sk_GENERAL_NAME_push(gens, gen)) { - ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); - goto err; - } - gen->type = GEN_DIRNAME; - gen->d.dirn = isname; - } - - akeyid->issuer = gens; - gen = NULL; - gens = NULL; - akeyid->serial = serial; - akeyid->keyid = ikeyid; - - return akeyid; - - err: - sk_GENERAL_NAME_free(gens); - GENERAL_NAME_free(gen); - X509_NAME_free(isname); - ASN1_INTEGER_free(serial); - ASN1_OCTET_STRING_free(ikeyid); - AUTHORITY_KEYID_free(akeyid); - return NULL; -} diff --git a/crypto/x509/v3_asid.c b/crypto/x509/v3_asid.c deleted file mode 100644 index 86577d6ca48c5930b602c188f82d222f3afc110c..0000000000000000000000000000000000000000 --- a/crypto/x509/v3_asid.c +++ /dev/null @@ -1,896 +0,0 @@ -/* - * Copyright 2006-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * Implementation of RFC 3779 section 3.2. - */ - -#include -#include -#include -#include "internal/cryptlib.h" -#include -#include -#include -#include -#include -#include "crypto/x509.h" -#include -#include "ext_dat.h" -#include "x509_local.h" - -#ifndef OPENSSL_NO_RFC3779 - -/* - * OpenSSL ASN.1 template translation of RFC 3779 3.2.3. - */ - -ASN1_SEQUENCE(ASRange) = { - ASN1_SIMPLE(ASRange, min, ASN1_INTEGER), - ASN1_SIMPLE(ASRange, max, ASN1_INTEGER) -} ASN1_SEQUENCE_END(ASRange) - -ASN1_CHOICE(ASIdOrRange) = { - ASN1_SIMPLE(ASIdOrRange, u.id, ASN1_INTEGER), - ASN1_SIMPLE(ASIdOrRange, u.range, ASRange) -} ASN1_CHOICE_END(ASIdOrRange) - -ASN1_CHOICE(ASIdentifierChoice) = { - ASN1_SIMPLE(ASIdentifierChoice, u.inherit, ASN1_NULL), - ASN1_SEQUENCE_OF(ASIdentifierChoice, u.asIdsOrRanges, ASIdOrRange) -} ASN1_CHOICE_END(ASIdentifierChoice) - -ASN1_SEQUENCE(ASIdentifiers) = { - ASN1_EXP_OPT(ASIdentifiers, asnum, ASIdentifierChoice, 0), - ASN1_EXP_OPT(ASIdentifiers, rdi, ASIdentifierChoice, 1) -} ASN1_SEQUENCE_END(ASIdentifiers) - -IMPLEMENT_ASN1_FUNCTIONS(ASRange) -IMPLEMENT_ASN1_FUNCTIONS(ASIdOrRange) -IMPLEMENT_ASN1_FUNCTIONS(ASIdentifierChoice) -IMPLEMENT_ASN1_FUNCTIONS(ASIdentifiers) - -/* - * i2r method for an ASIdentifierChoice. - */ -static int i2r_ASIdentifierChoice(BIO *out, - ASIdentifierChoice *choice, - int indent, const char *msg) -{ - int i; - char *s; - if (choice == NULL) - return 1; - BIO_printf(out, "%*s%s:\n", indent, "", msg); - switch (choice->type) { - case ASIdentifierChoice_inherit: - BIO_printf(out, "%*sinherit\n", indent + 2, ""); - break; - case ASIdentifierChoice_asIdsOrRanges: - for (i = 0; i < sk_ASIdOrRange_num(choice->u.asIdsOrRanges); i++) { - ASIdOrRange *aor = - sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i); - switch (aor->type) { - case ASIdOrRange_id: - if ((s = i2s_ASN1_INTEGER(NULL, aor->u.id)) == NULL) - return 0; - BIO_printf(out, "%*s%s\n", indent + 2, "", s); - OPENSSL_free(s); - break; - case ASIdOrRange_range: - if ((s = i2s_ASN1_INTEGER(NULL, aor->u.range->min)) == NULL) - return 0; - BIO_printf(out, "%*s%s-", indent + 2, "", s); - OPENSSL_free(s); - if ((s = i2s_ASN1_INTEGER(NULL, aor->u.range->max)) == NULL) - return 0; - BIO_printf(out, "%s\n", s); - OPENSSL_free(s); - break; - default: - return 0; - } - } - break; - default: - return 0; - } - return 1; -} - -/* - * i2r method for an ASIdentifier extension. - */ -static int i2r_ASIdentifiers(const X509V3_EXT_METHOD *method, - void *ext, BIO *out, int indent) -{ - ASIdentifiers *asid = ext; - return (i2r_ASIdentifierChoice(out, asid->asnum, indent, - "Autonomous System Numbers") && - i2r_ASIdentifierChoice(out, asid->rdi, indent, - "Routing Domain Identifiers")); -} - -/* - * Sort comparison function for a sequence of ASIdOrRange elements. - */ -static int ASIdOrRange_cmp(const ASIdOrRange *const *a_, - const ASIdOrRange *const *b_) -{ - const ASIdOrRange *a = *a_, *b = *b_; - - assert((a->type == ASIdOrRange_id && a->u.id != NULL) || - (a->type == ASIdOrRange_range && a->u.range != NULL && - a->u.range->min != NULL && a->u.range->max != NULL)); - - assert((b->type == ASIdOrRange_id && b->u.id != NULL) || - (b->type == ASIdOrRange_range && b->u.range != NULL && - b->u.range->min != NULL && b->u.range->max != NULL)); - - if (a->type == ASIdOrRange_id && b->type == ASIdOrRange_id) - return ASN1_INTEGER_cmp(a->u.id, b->u.id); - - if (a->type == ASIdOrRange_range && b->type == ASIdOrRange_range) { - int r = ASN1_INTEGER_cmp(a->u.range->min, b->u.range->min); - return r != 0 ? r : ASN1_INTEGER_cmp(a->u.range->max, - b->u.range->max); - } - - if (a->type == ASIdOrRange_id) - return ASN1_INTEGER_cmp(a->u.id, b->u.range->min); - else - return ASN1_INTEGER_cmp(a->u.range->min, b->u.id); -} - -/* - * Add an inherit element. - */ -int X509v3_asid_add_inherit(ASIdentifiers *asid, int which) -{ - ASIdentifierChoice **choice; - if (asid == NULL) - return 0; - switch (which) { - case V3_ASID_ASNUM: - choice = &asid->asnum; - break; - case V3_ASID_RDI: - choice = &asid->rdi; - break; - default: - return 0; - } - if (*choice == NULL) { - if ((*choice = ASIdentifierChoice_new()) == NULL) - return 0; - if (((*choice)->u.inherit = ASN1_NULL_new()) == NULL) - return 0; - (*choice)->type = ASIdentifierChoice_inherit; - } - return (*choice)->type == ASIdentifierChoice_inherit; -} - -/* - * Add an ID or range to an ASIdentifierChoice. - */ -int X509v3_asid_add_id_or_range(ASIdentifiers *asid, - int which, ASN1_INTEGER *min, ASN1_INTEGER *max) -{ - ASIdentifierChoice **choice; - ASIdOrRange *aor; - if (asid == NULL) - return 0; - switch (which) { - case V3_ASID_ASNUM: - choice = &asid->asnum; - break; - case V3_ASID_RDI: - choice = &asid->rdi; - break; - default: - return 0; - } - if (*choice != NULL && (*choice)->type == ASIdentifierChoice_inherit) - return 0; - if (*choice == NULL) { - if ((*choice = ASIdentifierChoice_new()) == NULL) - return 0; - (*choice)->u.asIdsOrRanges = sk_ASIdOrRange_new(ASIdOrRange_cmp); - if ((*choice)->u.asIdsOrRanges == NULL) - return 0; - (*choice)->type = ASIdentifierChoice_asIdsOrRanges; - } - if ((aor = ASIdOrRange_new()) == NULL) - return 0; - if (max == NULL) { - aor->type = ASIdOrRange_id; - aor->u.id = min; - } else { - aor->type = ASIdOrRange_range; - if ((aor->u.range = ASRange_new()) == NULL) - goto err; - ASN1_INTEGER_free(aor->u.range->min); - aor->u.range->min = min; - ASN1_INTEGER_free(aor->u.range->max); - aor->u.range->max = max; - } - if (!(sk_ASIdOrRange_push((*choice)->u.asIdsOrRanges, aor))) - goto err; - return 1; - - err: - ASIdOrRange_free(aor); - return 0; -} - -/* - * Extract min and max values from an ASIdOrRange. - */ -static int extract_min_max(ASIdOrRange *aor, - ASN1_INTEGER **min, ASN1_INTEGER **max) -{ - if (!ossl_assert(aor != NULL)) - return 0; - switch (aor->type) { - case ASIdOrRange_id: - *min = aor->u.id; - *max = aor->u.id; - return 1; - case ASIdOrRange_range: - *min = aor->u.range->min; - *max = aor->u.range->max; - return 1; - } - - return 0; -} - -/* - * Check whether an ASIdentifierChoice is in canonical form. - */ -static int ASIdentifierChoice_is_canonical(ASIdentifierChoice *choice) -{ - ASN1_INTEGER *a_max_plus_one = NULL; - ASN1_INTEGER *orig; - BIGNUM *bn = NULL; - int i, ret = 0; - - /* - * Empty element or inheritance is canonical. - */ - if (choice == NULL || choice->type == ASIdentifierChoice_inherit) - return 1; - - /* - * If not a list, or if empty list, it's broken. - */ - if (choice->type != ASIdentifierChoice_asIdsOrRanges || - sk_ASIdOrRange_num(choice->u.asIdsOrRanges) == 0) - return 0; - - /* - * It's a list, check it. - */ - for (i = 0; i < sk_ASIdOrRange_num(choice->u.asIdsOrRanges) - 1; i++) { - ASIdOrRange *a = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i); - ASIdOrRange *b = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i + 1); - ASN1_INTEGER *a_min = NULL, *a_max = NULL, *b_min = NULL, *b_max = - NULL; - - if (!extract_min_max(a, &a_min, &a_max) - || !extract_min_max(b, &b_min, &b_max)) - goto done; - - /* - * Punt misordered list, overlapping start, or inverted range. - */ - if (ASN1_INTEGER_cmp(a_min, b_min) >= 0 || - ASN1_INTEGER_cmp(a_min, a_max) > 0 || - ASN1_INTEGER_cmp(b_min, b_max) > 0) - goto done; - - /* - * Calculate a_max + 1 to check for adjacency. - */ - if ((bn == NULL && (bn = BN_new()) == NULL) || - ASN1_INTEGER_to_BN(a_max, bn) == NULL || - !BN_add_word(bn, 1)) { - ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); - goto done; - } - - if ((a_max_plus_one = - BN_to_ASN1_INTEGER(bn, orig = a_max_plus_one)) == NULL) { - a_max_plus_one = orig; - ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); - goto done; - } - - /* - * Punt if adjacent or overlapping. - */ - if (ASN1_INTEGER_cmp(a_max_plus_one, b_min) >= 0) - goto done; - } - - /* - * Check for inverted range. - */ - i = sk_ASIdOrRange_num(choice->u.asIdsOrRanges) - 1; - { - ASIdOrRange *a = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i); - ASN1_INTEGER *a_min, *a_max; - if (a != NULL && a->type == ASIdOrRange_range) { - if (!extract_min_max(a, &a_min, &a_max) - || ASN1_INTEGER_cmp(a_min, a_max) > 0) - goto done; - } - } - - ret = 1; - - done: - ASN1_INTEGER_free(a_max_plus_one); - BN_free(bn); - return ret; -} - -/* - * Check whether an ASIdentifier extension is in canonical form. - */ -int X509v3_asid_is_canonical(ASIdentifiers *asid) -{ - return (asid == NULL || - (ASIdentifierChoice_is_canonical(asid->asnum) && - ASIdentifierChoice_is_canonical(asid->rdi))); -} - -/* - * Whack an ASIdentifierChoice into canonical form. - */ -static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice) -{ - ASN1_INTEGER *a_max_plus_one = NULL; - ASN1_INTEGER *orig; - BIGNUM *bn = NULL; - int i, ret = 0; - - /* - * Nothing to do for empty element or inheritance. - */ - if (choice == NULL || choice->type == ASIdentifierChoice_inherit) - return 1; - - /* - * If not a list, or if empty list, it's broken. - */ - if (choice->type != ASIdentifierChoice_asIdsOrRanges || - sk_ASIdOrRange_num(choice->u.asIdsOrRanges) == 0) { - ERR_raise(ERR_LIB_X509V3, X509V3_R_EXTENSION_VALUE_ERROR); - return 0; - } - - /* - * We have a non-empty list. Sort it. - */ - sk_ASIdOrRange_sort(choice->u.asIdsOrRanges); - - /* - * Now check for errors and suboptimal encoding, rejecting the - * former and fixing the latter. - */ - for (i = 0; i < sk_ASIdOrRange_num(choice->u.asIdsOrRanges) - 1; i++) { - ASIdOrRange *a = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i); - ASIdOrRange *b = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i + 1); - ASN1_INTEGER *a_min = NULL, *a_max = NULL, *b_min = NULL, *b_max = - NULL; - - if (!extract_min_max(a, &a_min, &a_max) - || !extract_min_max(b, &b_min, &b_max)) - goto done; - - /* - * Make sure we're properly sorted (paranoia). - */ - if (!ossl_assert(ASN1_INTEGER_cmp(a_min, b_min) <= 0)) - goto done; - - /* - * Punt inverted ranges. - */ - if (ASN1_INTEGER_cmp(a_min, a_max) > 0 || - ASN1_INTEGER_cmp(b_min, b_max) > 0) - goto done; - - /* - * Check for overlaps. - */ - if (ASN1_INTEGER_cmp(a_max, b_min) >= 0) { - ERR_raise(ERR_LIB_X509V3, X509V3_R_EXTENSION_VALUE_ERROR); - goto done; - } - - /* - * Calculate a_max + 1 to check for adjacency. - */ - if ((bn == NULL && (bn = BN_new()) == NULL) || - ASN1_INTEGER_to_BN(a_max, bn) == NULL || - !BN_add_word(bn, 1)) { - ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); - goto done; - } - - if ((a_max_plus_one = - BN_to_ASN1_INTEGER(bn, orig = a_max_plus_one)) == NULL) { - a_max_plus_one = orig; - ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); - goto done; - } - - /* - * If a and b are adjacent, merge them. - */ - if (ASN1_INTEGER_cmp(a_max_plus_one, b_min) == 0) { - ASRange *r; - switch (a->type) { - case ASIdOrRange_id: - if ((r = OPENSSL_malloc(sizeof(*r))) == NULL) { - ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); - goto done; - } - r->min = a_min; - r->max = b_max; - a->type = ASIdOrRange_range; - a->u.range = r; - break; - case ASIdOrRange_range: - ASN1_INTEGER_free(a->u.range->max); - a->u.range->max = b_max; - break; - } - switch (b->type) { - case ASIdOrRange_id: - b->u.id = NULL; - break; - case ASIdOrRange_range: - b->u.range->max = NULL; - break; - } - ASIdOrRange_free(b); - (void)sk_ASIdOrRange_delete(choice->u.asIdsOrRanges, i + 1); - i--; - continue; - } - } - - /* - * Check for final inverted range. - */ - i = sk_ASIdOrRange_num(choice->u.asIdsOrRanges) - 1; - { - ASIdOrRange *a = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i); - ASN1_INTEGER *a_min, *a_max; - if (a != NULL && a->type == ASIdOrRange_range) { - if (!extract_min_max(a, &a_min, &a_max) - || ASN1_INTEGER_cmp(a_min, a_max) > 0) - goto done; - } - } - - /* Paranoia */ - if (!ossl_assert(ASIdentifierChoice_is_canonical(choice))) - goto done; - - ret = 1; - - done: - ASN1_INTEGER_free(a_max_plus_one); - BN_free(bn); - return ret; -} - -/* - * Whack an ASIdentifier extension into canonical form. - */ -int X509v3_asid_canonize(ASIdentifiers *asid) -{ - return (asid == NULL || - (ASIdentifierChoice_canonize(asid->asnum) && - ASIdentifierChoice_canonize(asid->rdi))); -} - -/* - * v2i method for an ASIdentifier extension. - */ -static void *v2i_ASIdentifiers(const struct v3_ext_method *method, - struct v3_ext_ctx *ctx, - STACK_OF(CONF_VALUE) *values) -{ - ASN1_INTEGER *min = NULL, *max = NULL; - ASIdentifiers *asid = NULL; - int i; - - if ((asid = ASIdentifiers_new()) == NULL) { - ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); - return NULL; - } - - for (i = 0; i < sk_CONF_VALUE_num(values); i++) { - CONF_VALUE *val = sk_CONF_VALUE_value(values, i); - int i1 = 0, i2 = 0, i3 = 0, is_range = 0, which = 0; - - /* - * Figure out whether this is an AS or an RDI. - */ - if (!ossl_v3_name_cmp(val->name, "AS")) { - which = V3_ASID_ASNUM; - } else if (!ossl_v3_name_cmp(val->name, "RDI")) { - which = V3_ASID_RDI; - } else { - ERR_raise(ERR_LIB_X509V3, X509V3_R_EXTENSION_NAME_ERROR); - X509V3_conf_add_error_name_value(val); - goto err; - } - - /* - * Handle inheritance. - */ - if (strcmp(val->value, "inherit") == 0) { - if (X509v3_asid_add_inherit(asid, which)) - continue; - ERR_raise(ERR_LIB_X509V3, X509V3_R_INVALID_INHERITANCE); - X509V3_conf_add_error_name_value(val); - goto err; - } - - /* - * Number, range, or mistake, pick it apart and figure out which. - */ - i1 = strspn(val->value, "0123456789"); - if (val->value[i1] == '\0') { - is_range = 0; - } else { - is_range = 1; - i2 = i1 + strspn(val->value + i1, " \t"); - if (val->value[i2] != '-') { - ERR_raise(ERR_LIB_X509V3, X509V3_R_INVALID_ASNUMBER); - X509V3_conf_add_error_name_value(val); - goto err; - } - i2++; - i2 = i2 + strspn(val->value + i2, " \t"); - i3 = i2 + strspn(val->value + i2, "0123456789"); - if (val->value[i3] != '\0') { - ERR_raise(ERR_LIB_X509V3, X509V3_R_INVALID_ASRANGE); - X509V3_conf_add_error_name_value(val); - goto err; - } - } - - /* - * Syntax is ok, read and add it. - */ - if (!is_range) { - if (!X509V3_get_value_int(val, &min)) { - ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); - goto err; - } - } else { - char *s = OPENSSL_strdup(val->value); - if (s == NULL) { - ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); - goto err; - } - s[i1] = '\0'; - min = s2i_ASN1_INTEGER(NULL, s); - max = s2i_ASN1_INTEGER(NULL, s + i2); - OPENSSL_free(s); - if (min == NULL || max == NULL) { - ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); - goto err; - } - if (ASN1_INTEGER_cmp(min, max) > 0) { - ERR_raise(ERR_LIB_X509V3, X509V3_R_EXTENSION_VALUE_ERROR); - goto err; - } - } - if (!X509v3_asid_add_id_or_range(asid, which, min, max)) { - ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); - goto err; - } - min = max = NULL; - } - - /* - * Canonize the result, then we're done. - */ - if (!X509v3_asid_canonize(asid)) - goto err; - return asid; - - err: - ASIdentifiers_free(asid); - ASN1_INTEGER_free(min); - ASN1_INTEGER_free(max); - return NULL; -} - -/* - * OpenSSL dispatch. - */ -const X509V3_EXT_METHOD ossl_v3_asid = { - NID_sbgp_autonomousSysNum, /* nid */ - 0, /* flags */ - ASN1_ITEM_ref(ASIdentifiers), /* template */ - 0, 0, 0, 0, /* old functions, ignored */ - 0, /* i2s */ - 0, /* s2i */ - 0, /* i2v */ - v2i_ASIdentifiers, /* v2i */ - i2r_ASIdentifiers, /* i2r */ - 0, /* r2i */ - NULL /* extension-specific data */ -}; - -/* - * Figure out whether extension uses inheritance. - */ -int X509v3_asid_inherits(ASIdentifiers *asid) -{ - return (asid != NULL && - ((asid->asnum != NULL && - asid->asnum->type == ASIdentifierChoice_inherit) || - (asid->rdi != NULL && - asid->rdi->type == ASIdentifierChoice_inherit))); -} - -/* - * Figure out whether parent contains child. - */ -static int asid_contains(ASIdOrRanges *parent, ASIdOrRanges *child) -{ - ASN1_INTEGER *p_min = NULL, *p_max = NULL, *c_min = NULL, *c_max = NULL; - int p, c; - - if (child == NULL || parent == child) - return 1; - if (parent == NULL) - return 0; - - p = 0; - for (c = 0; c < sk_ASIdOrRange_num(child); c++) { - if (!extract_min_max(sk_ASIdOrRange_value(child, c), &c_min, &c_max)) - return 0; - for (;; p++) { - if (p >= sk_ASIdOrRange_num(parent)) - return 0; - if (!extract_min_max(sk_ASIdOrRange_value(parent, p), &p_min, - &p_max)) - return 0; - if (ASN1_INTEGER_cmp(p_max, c_max) < 0) - continue; - if (ASN1_INTEGER_cmp(p_min, c_min) > 0) - return 0; - break; - } - } - - return 1; -} - -/* - * Test whether a is a subset of b. - */ -int X509v3_asid_subset(ASIdentifiers *a, ASIdentifiers *b) -{ - int subset; - - if (a == NULL || a == b) - return 1; - - if (b == NULL) - return 0; - - if (X509v3_asid_inherits(a) || X509v3_asid_inherits(b)) - return 0; - - subset = a->asnum == NULL - || (b->asnum != NULL - && asid_contains(b->asnum->u.asIdsOrRanges, - a->asnum->u.asIdsOrRanges)); - if (!subset) - return 0; - - return a->rdi == NULL - || (b->rdi != NULL - && asid_contains(b->rdi->u.asIdsOrRanges, - a->rdi->u.asIdsOrRanges)); -} - -/* - * Validation error handling via callback. - */ -#define validation_err(_err_) \ - do { \ - if (ctx != NULL) { \ - ctx->error = _err_; \ - ctx->error_depth = i; \ - ctx->current_cert = x; \ - ret = ctx->verify_cb(0, ctx); \ - } else { \ - ret = 0; \ - } \ - if (!ret) \ - goto done; \ - } while (0) - -/* - * Core code for RFC 3779 3.3 path validation. - */ -static int asid_validate_path_internal(X509_STORE_CTX *ctx, - STACK_OF(X509) *chain, - ASIdentifiers *ext) -{ - ASIdOrRanges *child_as = NULL, *child_rdi = NULL; - int i, ret = 1, inherit_as = 0, inherit_rdi = 0; - X509 *x; - - if (!ossl_assert(chain != NULL && sk_X509_num(chain) > 0) - || !ossl_assert(ctx != NULL || ext != NULL) - || !ossl_assert(ctx == NULL || ctx->verify_cb != NULL)) { - if (ctx != NULL) - ctx->error = X509_V_ERR_UNSPECIFIED; - return 0; - } - - - /* - * Figure out where to start. If we don't have an extension to - * check, we're done. Otherwise, check canonical form and - * set up for walking up the chain. - */ - if (ext != NULL) { - i = -1; - x = NULL; - } else { - i = 0; - x = sk_X509_value(chain, i); - if ((ext = x->rfc3779_asid) == NULL) - goto done; - } - if (!X509v3_asid_is_canonical(ext)) - validation_err(X509_V_ERR_INVALID_EXTENSION); - if (ext->asnum != NULL) { - switch (ext->asnum->type) { - case ASIdentifierChoice_inherit: - inherit_as = 1; - break; - case ASIdentifierChoice_asIdsOrRanges: - child_as = ext->asnum->u.asIdsOrRanges; - break; - } - } - if (ext->rdi != NULL) { - switch (ext->rdi->type) { - case ASIdentifierChoice_inherit: - inherit_rdi = 1; - break; - case ASIdentifierChoice_asIdsOrRanges: - child_rdi = ext->rdi->u.asIdsOrRanges; - break; - } - } - - /* - * Now walk up the chain. Extensions must be in canonical form, no - * cert may list resources that its parent doesn't list. - */ - for (i++; i < sk_X509_num(chain); i++) { - x = sk_X509_value(chain, i); - if (!ossl_assert(x != NULL)) { - if (ctx != NULL) - ctx->error = X509_V_ERR_UNSPECIFIED; - return 0; - } - if (x->rfc3779_asid == NULL) { - if (child_as != NULL || child_rdi != NULL) - validation_err(X509_V_ERR_UNNESTED_RESOURCE); - continue; - } - if (!X509v3_asid_is_canonical(x->rfc3779_asid)) - validation_err(X509_V_ERR_INVALID_EXTENSION); - if (x->rfc3779_asid->asnum == NULL && child_as != NULL) { - validation_err(X509_V_ERR_UNNESTED_RESOURCE); - child_as = NULL; - inherit_as = 0; - } - if (x->rfc3779_asid->asnum != NULL && - x->rfc3779_asid->asnum->type == - ASIdentifierChoice_asIdsOrRanges) { - if (inherit_as - || asid_contains(x->rfc3779_asid->asnum->u.asIdsOrRanges, - child_as)) { - child_as = x->rfc3779_asid->asnum->u.asIdsOrRanges; - inherit_as = 0; - } else { - validation_err(X509_V_ERR_UNNESTED_RESOURCE); - } - } - if (x->rfc3779_asid->rdi == NULL && child_rdi != NULL) { - validation_err(X509_V_ERR_UNNESTED_RESOURCE); - child_rdi = NULL; - inherit_rdi = 0; - } - if (x->rfc3779_asid->rdi != NULL && - x->rfc3779_asid->rdi->type == ASIdentifierChoice_asIdsOrRanges) { - if (inherit_rdi || - asid_contains(x->rfc3779_asid->rdi->u.asIdsOrRanges, - child_rdi)) { - child_rdi = x->rfc3779_asid->rdi->u.asIdsOrRanges; - inherit_rdi = 0; - } else { - validation_err(X509_V_ERR_UNNESTED_RESOURCE); - } - } - } - - /* - * Trust anchor can't inherit. - */ - if (!ossl_assert(x != NULL)) { - if (ctx != NULL) - ctx->error = X509_V_ERR_UNSPECIFIED; - return 0; - } - if (x->rfc3779_asid != NULL) { - if (x->rfc3779_asid->asnum != NULL && - x->rfc3779_asid->asnum->type == ASIdentifierChoice_inherit) - validation_err(X509_V_ERR_UNNESTED_RESOURCE); - if (x->rfc3779_asid->rdi != NULL && - x->rfc3779_asid->rdi->type == ASIdentifierChoice_inherit) - validation_err(X509_V_ERR_UNNESTED_RESOURCE); - } - - done: - return ret; -} - -#undef validation_err - -/* - * RFC 3779 3.3 path validation -- called from X509_verify_cert(). - */ -int X509v3_asid_validate_path(X509_STORE_CTX *ctx) -{ - if (ctx->chain == NULL - || sk_X509_num(ctx->chain) == 0 - || ctx->verify_cb == NULL) { - ctx->error = X509_V_ERR_UNSPECIFIED; - return 0; - } - return asid_validate_path_internal(ctx, ctx->chain, NULL); -} - -/* - * RFC 3779 3.3 path validation of an extension. - * Test whether chain covers extension. - */ -int X509v3_asid_validate_resource_set(STACK_OF(X509) *chain, - ASIdentifiers *ext, int allow_inheritance) -{ - if (ext == NULL) - return 1; - if (chain == NULL || sk_X509_num(chain) == 0) - return 0; - if (!allow_inheritance && X509v3_asid_inherits(ext)) - return 0; - return asid_validate_path_internal(NULL, chain, ext); -} - -#endif /* OPENSSL_NO_RFC3779 */ diff --git a/crypto/x509/v3_bcons.c b/crypto/x509/v3_bcons.c deleted file mode 100644 index 6e7a165f26e890f828dac46d2619170ca918cb2c..0000000000000000000000000000000000000000 --- a/crypto/x509/v3_bcons.c +++ /dev/null @@ -1,85 +0,0 @@ -/* - * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/cryptlib.h" -#include -#include -#include -#include -#include "ext_dat.h" -#include "x509_local.h" - -static STACK_OF(CONF_VALUE) *i2v_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, - BASIC_CONSTRAINTS *bcons, - STACK_OF(CONF_VALUE) - *extlist); -static BASIC_CONSTRAINTS *v2i_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, - STACK_OF(CONF_VALUE) *values); - -const X509V3_EXT_METHOD ossl_v3_bcons = { - NID_basic_constraints, 0, - ASN1_ITEM_ref(BASIC_CONSTRAINTS), - 0, 0, 0, 0, - 0, 0, - (X509V3_EXT_I2V) i2v_BASIC_CONSTRAINTS, - (X509V3_EXT_V2I)v2i_BASIC_CONSTRAINTS, - NULL, NULL, - NULL -}; - -ASN1_SEQUENCE(BASIC_CONSTRAINTS) = { - ASN1_OPT(BASIC_CONSTRAINTS, ca, ASN1_FBOOLEAN), - ASN1_OPT(BASIC_CONSTRAINTS, pathlen, ASN1_INTEGER) -} ASN1_SEQUENCE_END(BASIC_CONSTRAINTS) - -IMPLEMENT_ASN1_FUNCTIONS(BASIC_CONSTRAINTS) - -static STACK_OF(CONF_VALUE) *i2v_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, - BASIC_CONSTRAINTS *bcons, - STACK_OF(CONF_VALUE) - *extlist) -{ - X509V3_add_value_bool("CA", bcons->ca, &extlist); - X509V3_add_value_int("pathlen", bcons->pathlen, &extlist); - return extlist; -} - -static BASIC_CONSTRAINTS *v2i_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, - STACK_OF(CONF_VALUE) *values) -{ - BASIC_CONSTRAINTS *bcons = NULL; - CONF_VALUE *val; - int i; - - if ((bcons = BASIC_CONSTRAINTS_new()) == NULL) { - ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); - return NULL; - } - for (i = 0; i < sk_CONF_VALUE_num(values); i++) { - val = sk_CONF_VALUE_value(values, i); - if (strcmp(val->name, "CA") == 0) { - if (!X509V3_get_value_bool(val, &bcons->ca)) - goto err; - } else if (strcmp(val->name, "pathlen") == 0) { - if (!X509V3_get_value_int(val, &bcons->pathlen)) - goto err; - } else { - ERR_raise(ERR_LIB_X509V3, X509V3_R_INVALID_NAME); - X509V3_conf_add_error_name_value(val); - goto err; - } - } - return bcons; - err: - BASIC_CONSTRAINTS_free(bcons); - return NULL; -} diff --git a/crypto/x509/v3_bitst.c b/crypto/x509/v3_bitst.c deleted file mode 100644 index b53c5ba3ecd348f8f911e3c0d2d0a430417410ee..0000000000000000000000000000000000000000 --- a/crypto/x509/v3_bitst.c +++ /dev/null @@ -1,91 +0,0 @@ -/* - * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/cryptlib.h" -#include -#include -#include "ext_dat.h" - -static BIT_STRING_BITNAME ns_cert_type_table[] = { - {0, "SSL Client", "client"}, - {1, "SSL Server", "server"}, - {2, "S/MIME", "email"}, - {3, "Object Signing", "objsign"}, - {4, "Unused", "reserved"}, - {5, "SSL CA", "sslCA"}, - {6, "S/MIME CA", "emailCA"}, - {7, "Object Signing CA", "objCA"}, - {-1, NULL, NULL} -}; - -static BIT_STRING_BITNAME key_usage_type_table[] = { - {0, "Digital Signature", "digitalSignature"}, - {1, "Non Repudiation", "nonRepudiation"}, - {2, "Key Encipherment", "keyEncipherment"}, - {3, "Data Encipherment", "dataEncipherment"}, - {4, "Key Agreement", "keyAgreement"}, - {5, "Certificate Sign", "keyCertSign"}, - {6, "CRL Sign", "cRLSign"}, - {7, "Encipher Only", "encipherOnly"}, - {8, "Decipher Only", "decipherOnly"}, - {-1, NULL, NULL} -}; - -const X509V3_EXT_METHOD ossl_v3_nscert = -EXT_BITSTRING(NID_netscape_cert_type, ns_cert_type_table); -const X509V3_EXT_METHOD ossl_v3_key_usage = -EXT_BITSTRING(NID_key_usage, key_usage_type_table); - -STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, - ASN1_BIT_STRING *bits, - STACK_OF(CONF_VALUE) *ret) -{ - BIT_STRING_BITNAME *bnam; - for (bnam = method->usr_data; bnam->lname; bnam++) { - if (ASN1_BIT_STRING_get_bit(bits, bnam->bitnum)) - X509V3_add_value(bnam->lname, NULL, &ret); - } - return ret; -} - -ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, - STACK_OF(CONF_VALUE) *nval) -{ - CONF_VALUE *val; - ASN1_BIT_STRING *bs; - int i; - BIT_STRING_BITNAME *bnam; - if ((bs = ASN1_BIT_STRING_new()) == NULL) { - ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); - return NULL; - } - for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { - val = sk_CONF_VALUE_value(nval, i); - for (bnam = method->usr_data; bnam->lname; bnam++) { - if (strcmp(bnam->sname, val->name) == 0 - || strcmp(bnam->lname, val->name) == 0) { - if (!ASN1_BIT_STRING_set_bit(bs, bnam->bitnum, 1)) { - ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); - ASN1_BIT_STRING_free(bs); - return NULL; - } - break; - } - } - if (!bnam->lname) { - ERR_raise_data(ERR_LIB_X509V3, X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT, - "%s", val->name); - ASN1_BIT_STRING_free(bs); - return NULL; - } - } - return bs; -} diff --git a/crypto/x509/v3_conf.c b/crypto/x509/v3_conf.c deleted file mode 100644 index 1c11d671b2edb25037e6be123d84ffeb1d023a85..0000000000000000000000000000000000000000 --- a/crypto/x509/v3_conf.c +++ /dev/null @@ -1,584 +0,0 @@ -/* - * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* extension creation utilities */ - -#include -#include "crypto/ctype.h" -#include "internal/cryptlib.h" -#include -#include -#include "crypto/x509.h" -#include - -static int v3_check_critical(const char **value); -static int v3_check_generic(const char **value); -static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, - int crit, const char *value); -static X509_EXTENSION *v3_generic_extension(const char *ext, const char *value, - int crit, int type, - X509V3_CTX *ctx); -static char *conf_lhash_get_string(void *db, const char *section, const char *value); -static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, const char *section); -static X509_EXTENSION *do_ext_i2d(const X509V3_EXT_METHOD *method, - int ext_nid, int crit, void *ext_struc); -static unsigned char *generic_asn1(const char *value, X509V3_CTX *ctx, - long *ext_len); - -static X509_EXTENSION *X509V3_EXT_nconf_int(CONF *conf, X509V3_CTX *ctx, - const char *section, - const char *name, const char *value) -{ - int crit; - int ext_type; - X509_EXTENSION *ret; - - crit = v3_check_critical(&value); - if ((ext_type = v3_check_generic(&value))) - return v3_generic_extension(name, value, crit, ext_type, ctx); - ret = do_ext_nconf(conf, ctx, OBJ_sn2nid(name), crit, value); - if (!ret) { - if (section != NULL) - ERR_raise_data(ERR_LIB_X509V3, X509V3_R_ERROR_IN_EXTENSION, - "section=%s, name=%s, value=%s", - section, name, value); - else - ERR_raise_data(ERR_LIB_X509V3, X509V3_R_ERROR_IN_EXTENSION, - "name=%s, value=%s", name, value); - } - return ret; -} - -X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, const char *name, - const char *value) -{ - return X509V3_EXT_nconf_int(conf, ctx, NULL, name, value); -} - -X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, - const char *value) -{ - int crit; - int ext_type; - - crit = v3_check_critical(&value); - if ((ext_type = v3_check_generic(&value))) - return v3_generic_extension(OBJ_nid2sn(ext_nid), - value, crit, ext_type, ctx); - return do_ext_nconf(conf, ctx, ext_nid, crit, value); -} - -/* CONF *conf: Config file */ -/* char *value: Value */ -static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, - int crit, const char *value) -{ - const X509V3_EXT_METHOD *method; - X509_EXTENSION *ext; - STACK_OF(CONF_VALUE) *nval; - void *ext_struc; - - if (ext_nid == NID_undef) { - ERR_raise(ERR_LIB_X509V3, X509V3_R_UNKNOWN_EXTENSION_NAME); - return NULL; - } - if ((method = X509V3_EXT_get_nid(ext_nid)) == NULL) { - ERR_raise(ERR_LIB_X509V3, X509V3_R_UNKNOWN_EXTENSION); - return NULL; - } - /* Now get internal extension representation based on type */ - if (method->v2i) { - if (*value == '@') - nval = NCONF_get_section(conf, value + 1); - else - nval = X509V3_parse_list(value); - if (nval == NULL || sk_CONF_VALUE_num(nval) <= 0) { - ERR_raise_data(ERR_LIB_X509V3, X509V3_R_INVALID_EXTENSION_STRING, - "name=%s,section=%s", OBJ_nid2sn(ext_nid), value); - if (*value != '@') - sk_CONF_VALUE_pop_free(nval, X509V3_conf_free); - return NULL; - } - ext_struc = method->v2i(method, ctx, nval); - if (*value != '@') - sk_CONF_VALUE_pop_free(nval, X509V3_conf_free); - if (!ext_struc) - return NULL; - } else if (method->s2i) { - if ((ext_struc = method->s2i(method, ctx, value)) == NULL) - return NULL; - } else if (method->r2i) { - if (!ctx->db || !ctx->db_meth) { - ERR_raise(ERR_LIB_X509V3, X509V3_R_NO_CONFIG_DATABASE); - return NULL; - } - if ((ext_struc = method->r2i(method, ctx, value)) == NULL) - return NULL; - } else { - ERR_raise_data(ERR_LIB_X509V3, X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED, - "name=%s", OBJ_nid2sn(ext_nid)); - return NULL; - } - - ext = do_ext_i2d(method, ext_nid, crit, ext_struc); - if (method->it) - ASN1_item_free(ext_struc, ASN1_ITEM_ptr(method->it)); - else - method->ext_free(ext_struc); - return ext; - -} - -static X509_EXTENSION *do_ext_i2d(const X509V3_EXT_METHOD *method, - int ext_nid, int crit, void *ext_struc) -{ - unsigned char *ext_der = NULL; - int ext_len; - ASN1_OCTET_STRING *ext_oct = NULL; - X509_EXTENSION *ext; - - /* Convert internal representation to DER */ - if (method->it) { - ext_der = NULL; - ext_len = - ASN1_item_i2d(ext_struc, &ext_der, ASN1_ITEM_ptr(method->it)); - if (ext_len < 0) - goto merr; - } else { - unsigned char *p; - - ext_len = method->i2d(ext_struc, NULL); - if (ext_len <= 0) - goto merr; - if ((ext_der = OPENSSL_malloc(ext_len)) == NULL) - goto merr; - p = ext_der; - method->i2d(ext_struc, &p); - } - if ((ext_oct = ASN1_OCTET_STRING_new()) == NULL) - goto merr; - ext_oct->data = ext_der; - ext_der = NULL; - ext_oct->length = ext_len; - - ext = X509_EXTENSION_create_by_NID(NULL, ext_nid, crit, ext_oct); - if (!ext) - goto merr; - ASN1_OCTET_STRING_free(ext_oct); - - return ext; - - merr: - ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); - OPENSSL_free(ext_der); - ASN1_OCTET_STRING_free(ext_oct); - return NULL; - -} - -/* Given an internal structure, nid and critical flag create an extension */ - -X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc) -{ - const X509V3_EXT_METHOD *method; - - if ((method = X509V3_EXT_get_nid(ext_nid)) == NULL) { - ERR_raise(ERR_LIB_X509V3, X509V3_R_UNKNOWN_EXTENSION); - return NULL; - } - return do_ext_i2d(method, ext_nid, crit, ext_struc); -} - -/* Check the extension string for critical flag */ -static int v3_check_critical(const char **value) -{ - const char *p = *value; - - if ((strlen(p) < 9) || strncmp(p, "critical,", 9)) - return 0; - p += 9; - while (ossl_isspace(*p)) - p++; - *value = p; - return 1; -} - -/* Check extension string for generic extension and return the type */ -static int v3_check_generic(const char **value) -{ - int gen_type = 0; - const char *p = *value; - - if ((strlen(p) >= 4) && strncmp(p, "DER:", 4) == 0) { - p += 4; - gen_type = 1; - } else if ((strlen(p) >= 5) && strncmp(p, "ASN1:", 5) == 0) { - p += 5; - gen_type = 2; - } else - return 0; - - while (ossl_isspace(*p)) - p++; - *value = p; - return gen_type; -} - -/* Create a generic extension: for now just handle DER type */ -static X509_EXTENSION *v3_generic_extension(const char *ext, const char *value, - int crit, int gen_type, - X509V3_CTX *ctx) -{ - unsigned char *ext_der = NULL; - long ext_len = 0; - ASN1_OBJECT *obj = NULL; - ASN1_OCTET_STRING *oct = NULL; - X509_EXTENSION *extension = NULL; - - if ((obj = OBJ_txt2obj(ext, 0)) == NULL) { - ERR_raise_data(ERR_LIB_X509V3, X509V3_R_EXTENSION_NAME_ERROR, - "name=%s", ext); - goto err; - } - - if (gen_type == 1) - ext_der = OPENSSL_hexstr2buf(value, &ext_len); - else if (gen_type == 2) - ext_der = generic_asn1(value, ctx, &ext_len); - - if (ext_der == NULL) { - ERR_raise_data(ERR_LIB_X509V3, X509V3_R_EXTENSION_VALUE_ERROR, - "value=%s", value); - goto err; - } - - if ((oct = ASN1_OCTET_STRING_new()) == NULL) { - ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); - goto err; - } - - oct->data = ext_der; - oct->length = ext_len; - ext_der = NULL; - - extension = X509_EXTENSION_create_by_OBJ(NULL, obj, crit, oct); - - err: - ASN1_OBJECT_free(obj); - ASN1_OCTET_STRING_free(oct); - OPENSSL_free(ext_der); - return extension; - -} - -static unsigned char *generic_asn1(const char *value, X509V3_CTX *ctx, - long *ext_len) -{ - ASN1_TYPE *typ; - unsigned char *ext_der = NULL; - - typ = ASN1_generate_v3(value, ctx); - if (typ == NULL) - return NULL; - *ext_len = i2d_ASN1_TYPE(typ, &ext_der); - ASN1_TYPE_free(typ); - return ext_der; -} - -static void delete_ext(STACK_OF(X509_EXTENSION) *sk, X509_EXTENSION *dext) -{ - int idx; - ASN1_OBJECT *obj; - - obj = X509_EXTENSION_get_object(dext); - while ((idx = X509v3_get_ext_by_OBJ(sk, obj, -1)) >= 0) - X509_EXTENSION_free(X509v3_delete_ext(sk, idx)); -} - -/* - * This is the main function: add a bunch of extensions based on a config - * file section to an extension STACK. Just check in case sk == NULL. - * Note that on error new elements may have been added to *sk if sk != NULL. - */ -int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, const char *section, - STACK_OF(X509_EXTENSION) **sk) -{ - X509_EXTENSION *ext; - STACK_OF(CONF_VALUE) *nval; - CONF_VALUE *val; - int i; - - if ((nval = NCONF_get_section(conf, section)) == NULL) - return 0; - for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { - val = sk_CONF_VALUE_value(nval, i); - if ((ext = X509V3_EXT_nconf_int(conf, ctx, val->section, - val->name, val->value)) == NULL) - return 0; - if (sk != NULL) { - if (ctx->flags == X509V3_CTX_REPLACE) - delete_ext(*sk, ext); - if (X509v3_add_ext(sk, ext, -1) == NULL) { - X509_EXTENSION_free(ext); - return 0; - } - } - X509_EXTENSION_free(ext); - } - return 1; -} - -/* - * Add extensions to a certificate. Just check in case cert == NULL. - * Note that on error new elements may remain added to cert if cert != NULL. - */ -int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section, - X509 *cert) -{ - STACK_OF(X509_EXTENSION) **sk = NULL; - if (cert != NULL) - sk = &cert->cert_info.extensions; - return X509V3_EXT_add_nconf_sk(conf, ctx, section, sk); -} - -/* - * Add extensions to a CRL. Just check in case crl == NULL. - * Note that on error new elements may remain added to crl if crl != NULL. - */ -int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section, - X509_CRL *crl) -{ - STACK_OF(X509_EXTENSION) **sk = NULL; - if (crl != NULL) - sk = &crl->crl.extensions; - return X509V3_EXT_add_nconf_sk(conf, ctx, section, sk); -} - -/* - * Add extensions to certificate request. Just check in case req is NULL. - * Note that on error new elements may remain added to req if req != NULL. - */ -int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section, - X509_REQ *req) -{ - STACK_OF(X509_EXTENSION) *exts = NULL; - int ret = X509V3_EXT_add_nconf_sk(conf, ctx, section, &exts); - - if (ret && req != NULL && exts != NULL) - ret = X509_REQ_add_extensions(req, exts); - sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free); - return ret; -} - -/* Config database functions */ - -char *X509V3_get_string(X509V3_CTX *ctx, const char *name, const char *section) -{ - if (!ctx->db || !ctx->db_meth || !ctx->db_meth->get_string) { - ERR_raise(ERR_LIB_X509V3, X509V3_R_OPERATION_NOT_DEFINED); - return NULL; - } - if (ctx->db_meth->get_string) - return ctx->db_meth->get_string(ctx->db, name, section); - return NULL; -} - -STACK_OF(CONF_VALUE) *X509V3_get_section(X509V3_CTX *ctx, const char *section) -{ - if (!ctx->db || !ctx->db_meth || !ctx->db_meth->get_section) { - ERR_raise(ERR_LIB_X509V3, X509V3_R_OPERATION_NOT_DEFINED); - return NULL; - } - if (ctx->db_meth->get_section) - return ctx->db_meth->get_section(ctx->db, section); - return NULL; -} - -void X509V3_string_free(X509V3_CTX *ctx, char *str) -{ - if (!str) - return; - if (ctx->db_meth->free_string) - ctx->db_meth->free_string(ctx->db, str); -} - -void X509V3_section_free(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section) -{ - if (!section) - return; - if (ctx->db_meth->free_section) - ctx->db_meth->free_section(ctx->db, section); -} - -static char *nconf_get_string(void *db, const char *section, const char *value) -{ - return NCONF_get_string(db, section, value); -} - -static STACK_OF(CONF_VALUE) *nconf_get_section(void *db, const char *section) -{ - return NCONF_get_section(db, section); -} - -static X509V3_CONF_METHOD nconf_method = { - nconf_get_string, - nconf_get_section, - NULL, - NULL -}; - -void X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf) -{ - if (ctx == NULL) { - ERR_raise(ERR_LIB_X509V3, ERR_R_PASSED_NULL_PARAMETER); - return; - } - ctx->db_meth = &nconf_method; - ctx->db = conf; -} - -void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subj, X509_REQ *req, - X509_CRL *crl, int flags) -{ - if (ctx == NULL) { - ERR_raise(ERR_LIB_X509V3, ERR_R_PASSED_NULL_PARAMETER); - return; - } - ctx->flags = flags; - ctx->issuer_cert = issuer; - ctx->subject_cert = subj; - ctx->subject_req = req; - ctx->crl = crl; - ctx->db_meth = NULL; - ctx->db = NULL; - ctx->issuer_pkey = NULL; -} - -/* For API backward compatibility, this is separate from X509V3_set_ctx() */ -int X509V3_set_issuer_pkey(X509V3_CTX *ctx, EVP_PKEY *pkey) -{ - if (ctx == NULL) { - ERR_raise(ERR_LIB_X509V3, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - if (ctx->subject_cert == NULL && pkey != NULL) { - ERR_raise(ERR_LIB_X509V3, ERR_R_PASSED_INVALID_ARGUMENT); - return 0; - } - ctx->issuer_pkey = pkey; - return 1; -} - -/* Old conf compatibility functions */ - -X509_EXTENSION *X509V3_EXT_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, - const char *name, const char *value) -{ - CONF *ctmp; - X509_EXTENSION *ret; - - if ((ctmp = NCONF_new(NULL)) == NULL) - return NULL; - CONF_set_nconf(ctmp, conf); - ret = X509V3_EXT_nconf(ctmp, ctx, name, value); - CONF_set_nconf(ctmp, NULL); - NCONF_free(ctmp); - return ret; -} - -X509_EXTENSION *X509V3_EXT_conf_nid(LHASH_OF(CONF_VALUE) *conf, - X509V3_CTX *ctx, int ext_nid, const char *value) -{ - CONF *ctmp; - X509_EXTENSION *ret; - - if ((ctmp = NCONF_new(NULL)) == NULL) - return NULL; - CONF_set_nconf(ctmp, conf); - ret = X509V3_EXT_nconf_nid(ctmp, ctx, ext_nid, value); - CONF_set_nconf(ctmp, NULL); - NCONF_free(ctmp); - return ret; -} - -static char *conf_lhash_get_string(void *db, const char *section, const char *value) -{ - return CONF_get_string(db, section, value); -} - -static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, const char *section) -{ - return CONF_get_section(db, section); -} - -static X509V3_CONF_METHOD conf_lhash_method = { - conf_lhash_get_string, - conf_lhash_get_section, - NULL, - NULL -}; - -void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH_OF(CONF_VALUE) *lhash) -{ - if (ctx == NULL) { - ERR_raise(ERR_LIB_X509V3, ERR_R_PASSED_NULL_PARAMETER); - return; - } - ctx->db_meth = &conf_lhash_method; - ctx->db = lhash; -} - -int X509V3_EXT_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, - const char *section, X509 *cert) -{ - CONF *ctmp; - int ret; - - if ((ctmp = NCONF_new(NULL)) == NULL) - return 0; - CONF_set_nconf(ctmp, conf); - ret = X509V3_EXT_add_nconf(ctmp, ctx, section, cert); - CONF_set_nconf(ctmp, NULL); - NCONF_free(ctmp); - return ret; -} - -/* Same as above but for a CRL */ - -int X509V3_EXT_CRL_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, - const char *section, X509_CRL *crl) -{ - CONF *ctmp; - int ret; - - if ((ctmp = NCONF_new(NULL)) == NULL) - return 0; - CONF_set_nconf(ctmp, conf); - ret = X509V3_EXT_CRL_add_nconf(ctmp, ctx, section, crl); - CONF_set_nconf(ctmp, NULL); - NCONF_free(ctmp); - return ret; -} - -/* Add extensions to certificate request */ - -int X509V3_EXT_REQ_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, - const char *section, X509_REQ *req) -{ - CONF *ctmp; - int ret; - - if ((ctmp = NCONF_new(NULL)) == NULL) - return 0; - CONF_set_nconf(ctmp, conf); - ret = X509V3_EXT_REQ_add_nconf(ctmp, ctx, section, req); - CONF_set_nconf(ctmp, NULL); - NCONF_free(ctmp); - return ret; -} diff --git a/crypto/x509/v3_cpols.c b/crypto/x509/v3_cpols.c deleted file mode 100644 index 5353a6916761c8f8b5ca1af25187db5e74fea644..0000000000000000000000000000000000000000 --- a/crypto/x509/v3_cpols.c +++ /dev/null @@ -1,500 +0,0 @@ -/* - * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/cryptlib.h" -#include -#include -#include -#include - -#include "x509_local.h" -#include "pcy_local.h" -#include "ext_dat.h" - -/* Certificate policies extension support: this one is a bit complex... */ - -static int i2r_certpol(X509V3_EXT_METHOD *method, STACK_OF(POLICYINFO) *pol, - BIO *out, int indent); -static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, const char *value); -static void print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals, - int indent); -static void print_notice(BIO *out, USERNOTICE *notice, int indent); -static POLICYINFO *policy_section(X509V3_CTX *ctx, - STACK_OF(CONF_VALUE) *polstrs, int ia5org); -static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, - STACK_OF(CONF_VALUE) *unot, int ia5org); -static int nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos); -static int displaytext_str2tag(const char *tagstr, unsigned int *tag_len); -static int displaytext_get_tag_len(const char *tagstr); - -const X509V3_EXT_METHOD ossl_v3_cpols = { - NID_certificate_policies, 0, ASN1_ITEM_ref(CERTIFICATEPOLICIES), - 0, 0, 0, 0, - 0, 0, - 0, 0, - (X509V3_EXT_I2R)i2r_certpol, - (X509V3_EXT_R2I)r2i_certpol, - NULL -}; - -ASN1_ITEM_TEMPLATE(CERTIFICATEPOLICIES) = - ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, CERTIFICATEPOLICIES, POLICYINFO) -ASN1_ITEM_TEMPLATE_END(CERTIFICATEPOLICIES) - -IMPLEMENT_ASN1_FUNCTIONS(CERTIFICATEPOLICIES) - -ASN1_SEQUENCE(POLICYINFO) = { - ASN1_SIMPLE(POLICYINFO, policyid, ASN1_OBJECT), - ASN1_SEQUENCE_OF_OPT(POLICYINFO, qualifiers, POLICYQUALINFO) -} ASN1_SEQUENCE_END(POLICYINFO) - -IMPLEMENT_ASN1_FUNCTIONS(POLICYINFO) - -ASN1_ADB_TEMPLATE(policydefault) = ASN1_SIMPLE(POLICYQUALINFO, d.other, ASN1_ANY); - -ASN1_ADB(POLICYQUALINFO) = { - ADB_ENTRY(NID_id_qt_cps, ASN1_SIMPLE(POLICYQUALINFO, d.cpsuri, ASN1_IA5STRING)), - ADB_ENTRY(NID_id_qt_unotice, ASN1_SIMPLE(POLICYQUALINFO, d.usernotice, USERNOTICE)) -} ASN1_ADB_END(POLICYQUALINFO, 0, pqualid, 0, &policydefault_tt, NULL); - -ASN1_SEQUENCE(POLICYQUALINFO) = { - ASN1_SIMPLE(POLICYQUALINFO, pqualid, ASN1_OBJECT), - ASN1_ADB_OBJECT(POLICYQUALINFO) -} ASN1_SEQUENCE_END(POLICYQUALINFO) - -IMPLEMENT_ASN1_FUNCTIONS(POLICYQUALINFO) - -ASN1_SEQUENCE(USERNOTICE) = { - ASN1_OPT(USERNOTICE, noticeref, NOTICEREF), - ASN1_OPT(USERNOTICE, exptext, DISPLAYTEXT) -} ASN1_SEQUENCE_END(USERNOTICE) - -IMPLEMENT_ASN1_FUNCTIONS(USERNOTICE) - -ASN1_SEQUENCE(NOTICEREF) = { - ASN1_SIMPLE(NOTICEREF, organization, DISPLAYTEXT), - ASN1_SEQUENCE_OF(NOTICEREF, noticenos, ASN1_INTEGER) -} ASN1_SEQUENCE_END(NOTICEREF) - -IMPLEMENT_ASN1_FUNCTIONS(NOTICEREF) - -static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, const char *value) -{ - STACK_OF(POLICYINFO) *pols; - char *pstr; - POLICYINFO *pol; - ASN1_OBJECT *pobj; - STACK_OF(CONF_VALUE) *vals = X509V3_parse_list(value); - CONF_VALUE *cnf; - const int num = sk_CONF_VALUE_num(vals); - int i, ia5org; - - if (vals == NULL) { - ERR_raise(ERR_LIB_X509V3, ERR_R_X509V3_LIB); - return NULL; - } - - pols = sk_POLICYINFO_new_reserve(NULL, num); - if (pols == NULL) { - ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); - goto err; - } - - ia5org = 0; - for (i = 0; i < num; i++) { - cnf = sk_CONF_VALUE_value(vals, i); - if (cnf->value != NULL || cnf->name == NULL) { - ERR_raise(ERR_LIB_X509V3, X509V3_R_INVALID_POLICY_IDENTIFIER); - X509V3_conf_add_error_name_value(cnf); - goto err; - } - pstr = cnf->name; - if (strcmp(pstr, "ia5org") == 0) { - ia5org = 1; - continue; - } else if (*pstr == '@') { - STACK_OF(CONF_VALUE) *polsect; - - polsect = X509V3_get_section(ctx, pstr + 1); - if (polsect == NULL) { - ERR_raise_data(ERR_LIB_X509V3, X509V3_R_INVALID_SECTION, - "%s", cnf->name); - goto err; - } - pol = policy_section(ctx, polsect, ia5org); - X509V3_section_free(ctx, polsect); - if (pol == NULL) - goto err; - } else { - if ((pobj = OBJ_txt2obj(cnf->name, 0)) == NULL) { - ERR_raise_data(ERR_LIB_X509V3, - X509V3_R_INVALID_OBJECT_IDENTIFIER, - "%s", cnf->name); - goto err; - } - pol = POLICYINFO_new(); - if (pol == NULL) { - ASN1_OBJECT_free(pobj); - ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); - goto err; - } - pol->policyid = pobj; - } - if (!sk_POLICYINFO_push(pols, pol)) { - POLICYINFO_free(pol); - ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); - goto err; - } - } - sk_CONF_VALUE_pop_free(vals, X509V3_conf_free); - return pols; - err: - sk_CONF_VALUE_pop_free(vals, X509V3_conf_free); - sk_POLICYINFO_pop_free(pols, POLICYINFO_free); - return NULL; -} - -static POLICYINFO *policy_section(X509V3_CTX *ctx, - STACK_OF(CONF_VALUE) *polstrs, int ia5org) -{ - int i; - CONF_VALUE *cnf; - POLICYINFO *pol; - POLICYQUALINFO *qual; - - if ((pol = POLICYINFO_new()) == NULL) - goto merr; - for (i = 0; i < sk_CONF_VALUE_num(polstrs); i++) { - cnf = sk_CONF_VALUE_value(polstrs, i); - if (strcmp(cnf->name, "policyIdentifier") == 0) { - ASN1_OBJECT *pobj; - - if ((pobj = OBJ_txt2obj(cnf->value, 0)) == NULL) { - ERR_raise(ERR_LIB_X509V3, X509V3_R_INVALID_OBJECT_IDENTIFIER); - X509V3_conf_err(cnf); - goto err; - } - pol->policyid = pobj; - - } else if (!ossl_v3_name_cmp(cnf->name, "CPS")) { - if (pol->qualifiers == NULL) - pol->qualifiers = sk_POLICYQUALINFO_new_null(); - if ((qual = POLICYQUALINFO_new()) == NULL) - goto merr; - if (!sk_POLICYQUALINFO_push(pol->qualifiers, qual)) - goto merr; - if ((qual->pqualid = OBJ_nid2obj(NID_id_qt_cps)) == NULL) { - ERR_raise(ERR_LIB_X509V3, ERR_R_INTERNAL_ERROR); - goto err; - } - if ((qual->d.cpsuri = ASN1_IA5STRING_new()) == NULL) - goto merr; - if (!ASN1_STRING_set(qual->d.cpsuri, cnf->value, - strlen(cnf->value))) - goto merr; - } else if (!ossl_v3_name_cmp(cnf->name, "userNotice")) { - STACK_OF(CONF_VALUE) *unot; - if (*cnf->value != '@') { - ERR_raise(ERR_LIB_X509V3, X509V3_R_EXPECTED_A_SECTION_NAME); - X509V3_conf_err(cnf); - goto err; - } - unot = X509V3_get_section(ctx, cnf->value + 1); - if (!unot) { - ERR_raise(ERR_LIB_X509V3, X509V3_R_INVALID_SECTION); - - X509V3_conf_err(cnf); - goto err; - } - qual = notice_section(ctx, unot, ia5org); - X509V3_section_free(ctx, unot); - if (!qual) - goto err; - if (pol->qualifiers == NULL) - pol->qualifiers = sk_POLICYQUALINFO_new_null(); - if (!sk_POLICYQUALINFO_push(pol->qualifiers, qual)) - goto merr; - } else { - ERR_raise(ERR_LIB_X509V3, X509V3_R_INVALID_OPTION); - X509V3_conf_err(cnf); - goto err; - } - } - if (pol->policyid == NULL) { - ERR_raise(ERR_LIB_X509V3, X509V3_R_NO_POLICY_IDENTIFIER); - goto err; - } - - return pol; - - merr: - ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); - - err: - POLICYINFO_free(pol); - return NULL; -} - -static int displaytext_get_tag_len(const char *tagstr) -{ - char *colon = strchr(tagstr, ':'); - - return (colon == NULL) ? -1 : colon - tagstr; -} - -static int displaytext_str2tag(const char *tagstr, unsigned int *tag_len) -{ - int len; - - *tag_len = 0; - len = displaytext_get_tag_len(tagstr); - - if (len == -1) - return V_ASN1_VISIBLESTRING; - *tag_len = len; - if (len == sizeof("UTF8") - 1 && strncmp(tagstr, "UTF8", len) == 0) - return V_ASN1_UTF8STRING; - if (len == sizeof("UTF8String") - 1 && strncmp(tagstr, "UTF8String", len) == 0) - return V_ASN1_UTF8STRING; - if (len == sizeof("BMP") - 1 && strncmp(tagstr, "BMP", len) == 0) - return V_ASN1_BMPSTRING; - if (len == sizeof("BMPSTRING") - 1 && strncmp(tagstr, "BMPSTRING", len) == 0) - return V_ASN1_BMPSTRING; - if (len == sizeof("VISIBLE") - 1 && strncmp(tagstr, "VISIBLE", len) == 0) - return V_ASN1_VISIBLESTRING; - if (len == sizeof("VISIBLESTRING") - 1 && strncmp(tagstr, "VISIBLESTRING", len) == 0) - return V_ASN1_VISIBLESTRING; - *tag_len = 0; - return V_ASN1_VISIBLESTRING; -} - -static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, - STACK_OF(CONF_VALUE) *unot, int ia5org) -{ - int i, ret, len, tag; - unsigned int tag_len; - CONF_VALUE *cnf; - USERNOTICE *not; - POLICYQUALINFO *qual; - char *value = NULL; - - if ((qual = POLICYQUALINFO_new()) == NULL) - goto merr; - if ((qual->pqualid = OBJ_nid2obj(NID_id_qt_unotice)) == NULL) { - ERR_raise(ERR_LIB_X509V3, ERR_R_INTERNAL_ERROR); - goto err; - } - if ((not = USERNOTICE_new()) == NULL) - goto merr; - qual->d.usernotice = not; - for (i = 0; i < sk_CONF_VALUE_num(unot); i++) { - cnf = sk_CONF_VALUE_value(unot, i); - - value = cnf->value; - if (strcmp(cnf->name, "explicitText") == 0) { - tag = displaytext_str2tag(value, &tag_len); - if ((not->exptext = ASN1_STRING_type_new(tag)) == NULL) - goto merr; - if (tag_len != 0) - value += tag_len + 1; - len = strlen(value); - if (!ASN1_STRING_set(not->exptext, value, len)) - goto merr; - } else if (strcmp(cnf->name, "organization") == 0) { - NOTICEREF *nref; - - if (!not->noticeref) { - if ((nref = NOTICEREF_new()) == NULL) - goto merr; - not->noticeref = nref; - } else - nref = not->noticeref; - if (ia5org) - nref->organization->type = V_ASN1_IA5STRING; - else - nref->organization->type = V_ASN1_VISIBLESTRING; - if (!ASN1_STRING_set(nref->organization, cnf->value, - strlen(cnf->value))) - goto merr; - } else if (strcmp(cnf->name, "noticeNumbers") == 0) { - NOTICEREF *nref; - - STACK_OF(CONF_VALUE) *nos; - if (!not->noticeref) { - if ((nref = NOTICEREF_new()) == NULL) - goto merr; - not->noticeref = nref; - } else - nref = not->noticeref; - nos = X509V3_parse_list(cnf->value); - if (!nos || !sk_CONF_VALUE_num(nos)) { - ERR_raise(ERR_LIB_X509V3, X509V3_R_INVALID_NUMBERS); - X509V3_conf_add_error_name_value(cnf); - sk_CONF_VALUE_pop_free(nos, X509V3_conf_free); - goto err; - } - ret = nref_nos(nref->noticenos, nos); - sk_CONF_VALUE_pop_free(nos, X509V3_conf_free); - if (!ret) - goto err; - } else { - ERR_raise(ERR_LIB_X509V3, X509V3_R_INVALID_OPTION); - X509V3_conf_add_error_name_value(cnf); - goto err; - } - } - - if (not->noticeref && - (!not->noticeref->noticenos || !not->noticeref->organization)) { - ERR_raise(ERR_LIB_X509V3, X509V3_R_NEED_ORGANIZATION_AND_NUMBERS); - goto err; - } - - return qual; - - merr: - ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); - - err: - POLICYQUALINFO_free(qual); - return NULL; -} - -static int nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos) -{ - CONF_VALUE *cnf; - ASN1_INTEGER *aint; - - int i; - - for (i = 0; i < sk_CONF_VALUE_num(nos); i++) { - cnf = sk_CONF_VALUE_value(nos, i); - if ((aint = s2i_ASN1_INTEGER(NULL, cnf->name)) == NULL) { - ERR_raise(ERR_LIB_X509V3, X509V3_R_INVALID_NUMBER); - goto err; - } - if (!sk_ASN1_INTEGER_push(nnums, aint)) - goto merr; - } - return 1; - - merr: - ASN1_INTEGER_free(aint); - ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); - - err: - return 0; -} - -static int i2r_certpol(X509V3_EXT_METHOD *method, STACK_OF(POLICYINFO) *pol, - BIO *out, int indent) -{ - int i; - POLICYINFO *pinfo; - /* First print out the policy OIDs */ - for (i = 0; i < sk_POLICYINFO_num(pol); i++) { - if (i > 0) - BIO_puts(out, "\n"); - pinfo = sk_POLICYINFO_value(pol, i); - BIO_printf(out, "%*sPolicy: ", indent, ""); - i2a_ASN1_OBJECT(out, pinfo->policyid); - if (pinfo->qualifiers) { - BIO_puts(out, "\n"); - print_qualifiers(out, pinfo->qualifiers, indent + 2); - } - } - return 1; -} - -static void print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals, - int indent) -{ - POLICYQUALINFO *qualinfo; - int i; - for (i = 0; i < sk_POLICYQUALINFO_num(quals); i++) { - if (i > 0) - BIO_puts(out, "\n"); - qualinfo = sk_POLICYQUALINFO_value(quals, i); - switch (OBJ_obj2nid(qualinfo->pqualid)) { - case NID_id_qt_cps: - BIO_printf(out, "%*sCPS: %.*s", indent, "", - qualinfo->d.cpsuri->length, - qualinfo->d.cpsuri->data); - break; - - case NID_id_qt_unotice: - BIO_printf(out, "%*sUser Notice:\n", indent, ""); - print_notice(out, qualinfo->d.usernotice, indent + 2); - break; - - default: - BIO_printf(out, "%*sUnknown Qualifier: ", indent + 2, ""); - - i2a_ASN1_OBJECT(out, qualinfo->pqualid); - break; - } - } -} - -static void print_notice(BIO *out, USERNOTICE *notice, int indent) -{ - int i; - if (notice->noticeref) { - NOTICEREF *ref; - ref = notice->noticeref; - BIO_printf(out, "%*sOrganization: %.*s\n", indent, "", - ref->organization->length, - ref->organization->data); - BIO_printf(out, "%*sNumber%s: ", indent, "", - sk_ASN1_INTEGER_num(ref->noticenos) > 1 ? "s" : ""); - for (i = 0; i < sk_ASN1_INTEGER_num(ref->noticenos); i++) { - ASN1_INTEGER *num; - char *tmp; - num = sk_ASN1_INTEGER_value(ref->noticenos, i); - if (i) - BIO_puts(out, ", "); - if (num == NULL) - BIO_puts(out, "(null)"); - else { - tmp = i2s_ASN1_INTEGER(NULL, num); - if (tmp == NULL) - return; - BIO_puts(out, tmp); - OPENSSL_free(tmp); - } - } - if (notice->exptext) - BIO_puts(out, "\n"); - } - if (notice->exptext) - BIO_printf(out, "%*sExplicit Text: %.*s", indent, "", - notice->exptext->length, - notice->exptext->data); -} - -void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent) -{ - const X509_POLICY_DATA *dat = node->data; - - BIO_printf(out, "%*sPolicy: ", indent, ""); - - i2a_ASN1_OBJECT(out, dat->valid_policy); - BIO_puts(out, "\n"); - BIO_printf(out, "%*s%s\n", indent + 2, "", - node_data_critical(dat) ? "Critical" : "Non Critical"); - if (dat->qualifier_set) { - print_qualifiers(out, dat->qualifier_set, indent + 2); - BIO_puts(out, "\n"); - } - else - BIO_printf(out, "%*sNo Qualifiers\n", indent + 2, ""); -} diff --git a/crypto/x509/v3_crld.c b/crypto/x509/v3_crld.c deleted file mode 100644 index 0289df4de78945977025de888b3bb3156c9d1d43..0000000000000000000000000000000000000000 --- a/crypto/x509/v3_crld.c +++ /dev/null @@ -1,508 +0,0 @@ -/* - * Copyright 1999-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/cryptlib.h" -#include -#include -#include -#include - -#include "crypto/x509.h" -#include "ext_dat.h" -#include "x509_local.h" - -static void *v2i_crld(const X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); -static int i2r_crldp(const X509V3_EXT_METHOD *method, void *pcrldp, BIO *out, - int indent); - -const X509V3_EXT_METHOD ossl_v3_crld = { - NID_crl_distribution_points, 0, ASN1_ITEM_ref(CRL_DIST_POINTS), - 0, 0, 0, 0, - 0, 0, - 0, - v2i_crld, - i2r_crldp, 0, - NULL -}; - -const X509V3_EXT_METHOD ossl_v3_freshest_crl = { - NID_freshest_crl, 0, ASN1_ITEM_ref(CRL_DIST_POINTS), - 0, 0, 0, 0, - 0, 0, - 0, - v2i_crld, - i2r_crldp, 0, - NULL -}; - -static STACK_OF(GENERAL_NAME) *gnames_from_sectname(X509V3_CTX *ctx, - char *sect) -{ - STACK_OF(CONF_VALUE) *gnsect; - STACK_OF(GENERAL_NAME) *gens; - if (*sect == '@') - gnsect = X509V3_get_section(ctx, sect + 1); - else - gnsect = X509V3_parse_list(sect); - if (!gnsect) { - ERR_raise(ERR_LIB_X509V3, X509V3_R_SECTION_NOT_FOUND); - return NULL; - } - gens = v2i_GENERAL_NAMES(NULL, ctx, gnsect); - if (*sect == '@') - X509V3_section_free(ctx, gnsect); - else - sk_CONF_VALUE_pop_free(gnsect, X509V3_conf_free); - return gens; -} - -static int set_dist_point_name(DIST_POINT_NAME **pdp, X509V3_CTX *ctx, - CONF_VALUE *cnf) -{ - STACK_OF(GENERAL_NAME) *fnm = NULL; - STACK_OF(X509_NAME_ENTRY) *rnm = NULL; - - if (strncmp(cnf->name, "fullname", 9) == 0) { - fnm = gnames_from_sectname(ctx, cnf->value); - if (!fnm) - goto err; - } else if (strcmp(cnf->name, "relativename") == 0) { - int ret; - STACK_OF(CONF_VALUE) *dnsect; - X509_NAME *nm; - nm = X509_NAME_new(); - if (nm == NULL) - return -1; - dnsect = X509V3_get_section(ctx, cnf->value); - if (!dnsect) { - X509_NAME_free(nm); - ERR_raise(ERR_LIB_X509V3, X509V3_R_SECTION_NOT_FOUND); - return -1; - } - ret = X509V3_NAME_from_section(nm, dnsect, MBSTRING_ASC); - X509V3_section_free(ctx, dnsect); - rnm = nm->entries; - nm->entries = NULL; - X509_NAME_free(nm); - if (!ret || sk_X509_NAME_ENTRY_num(rnm) <= 0) - goto err; - /* - * Since its a name fragment can't have more than one RDNSequence - */ - if (sk_X509_NAME_ENTRY_value(rnm, - sk_X509_NAME_ENTRY_num(rnm) - 1)->set) { - ERR_raise(ERR_LIB_X509V3, X509V3_R_INVALID_MULTIPLE_RDNS); - goto err; - } - } else - return 0; - - if (*pdp) { - ERR_raise(ERR_LIB_X509V3, X509V3_R_DISTPOINT_ALREADY_SET); - goto err; - } - - *pdp = DIST_POINT_NAME_new(); - if (*pdp == NULL) - goto err; - if (fnm) { - (*pdp)->type = 0; - (*pdp)->name.fullname = fnm; - } else { - (*pdp)->type = 1; - (*pdp)->name.relativename = rnm; - } - - return 1; - - err: - sk_GENERAL_NAME_pop_free(fnm, GENERAL_NAME_free); - sk_X509_NAME_ENTRY_pop_free(rnm, X509_NAME_ENTRY_free); - return -1; -} - -static const BIT_STRING_BITNAME reason_flags[] = { - {0, "Unused", "unused"}, - {1, "Key Compromise", "keyCompromise"}, - {2, "CA Compromise", "CACompromise"}, - {3, "Affiliation Changed", "affiliationChanged"}, - {4, "Superseded", "superseded"}, - {5, "Cessation Of Operation", "cessationOfOperation"}, - {6, "Certificate Hold", "certificateHold"}, - {7, "Privilege Withdrawn", "privilegeWithdrawn"}, - {8, "AA Compromise", "AACompromise"}, - {-1, NULL, NULL} -}; - -static int set_reasons(ASN1_BIT_STRING **preas, char *value) -{ - STACK_OF(CONF_VALUE) *rsk = NULL; - const BIT_STRING_BITNAME *pbn; - const char *bnam; - int i, ret = 0; - rsk = X509V3_parse_list(value); - if (rsk == NULL) - return 0; - if (*preas != NULL) - goto err; - for (i = 0; i < sk_CONF_VALUE_num(rsk); i++) { - bnam = sk_CONF_VALUE_value(rsk, i)->name; - if (*preas == NULL) { - *preas = ASN1_BIT_STRING_new(); - if (*preas == NULL) - goto err; - } - for (pbn = reason_flags; pbn->lname; pbn++) { - if (strcmp(pbn->sname, bnam) == 0) { - if (!ASN1_BIT_STRING_set_bit(*preas, pbn->bitnum, 1)) - goto err; - break; - } - } - if (pbn->lname == NULL) - goto err; - } - ret = 1; - - err: - sk_CONF_VALUE_pop_free(rsk, X509V3_conf_free); - return ret; -} - -static int print_reasons(BIO *out, const char *rname, - ASN1_BIT_STRING *rflags, int indent) -{ - int first = 1; - const BIT_STRING_BITNAME *pbn; - BIO_printf(out, "%*s%s:\n%*s", indent, "", rname, indent + 2, ""); - for (pbn = reason_flags; pbn->lname; pbn++) { - if (ASN1_BIT_STRING_get_bit(rflags, pbn->bitnum)) { - if (first) - first = 0; - else - BIO_puts(out, ", "); - BIO_puts(out, pbn->lname); - } - } - if (first) - BIO_puts(out, "\n"); - else - BIO_puts(out, "\n"); - return 1; -} - -static DIST_POINT *crldp_from_section(X509V3_CTX *ctx, - STACK_OF(CONF_VALUE) *nval) -{ - int i; - CONF_VALUE *cnf; - DIST_POINT *point = DIST_POINT_new(); - - if (point == NULL) - goto err; - for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { - int ret; - cnf = sk_CONF_VALUE_value(nval, i); - ret = set_dist_point_name(&point->distpoint, ctx, cnf); - if (ret > 0) - continue; - if (ret < 0) - goto err; - if (strcmp(cnf->name, "reasons") == 0) { - if (!set_reasons(&point->reasons, cnf->value)) - goto err; - } else if (strcmp(cnf->name, "CRLissuer") == 0) { - point->CRLissuer = gnames_from_sectname(ctx, cnf->value); - if (point->CRLissuer == NULL) - goto err; - } - } - - return point; - - err: - DIST_POINT_free(point); - return NULL; -} - -static void *v2i_crld(const X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) -{ - STACK_OF(DIST_POINT) *crld; - GENERAL_NAMES *gens = NULL; - GENERAL_NAME *gen = NULL; - CONF_VALUE *cnf; - const int num = sk_CONF_VALUE_num(nval); - int i; - - crld = sk_DIST_POINT_new_reserve(NULL, num); - if (crld == NULL) - goto merr; - for (i = 0; i < num; i++) { - DIST_POINT *point; - - cnf = sk_CONF_VALUE_value(nval, i); - if (cnf->value == NULL) { - STACK_OF(CONF_VALUE) *dpsect; - dpsect = X509V3_get_section(ctx, cnf->name); - if (!dpsect) - goto err; - point = crldp_from_section(ctx, dpsect); - X509V3_section_free(ctx, dpsect); - if (point == NULL) - goto err; - sk_DIST_POINT_push(crld, point); /* no failure as it was reserved */ - } else { - if ((gen = v2i_GENERAL_NAME(method, ctx, cnf)) == NULL) - goto err; - if ((gens = GENERAL_NAMES_new()) == NULL) - goto merr; - if (!sk_GENERAL_NAME_push(gens, gen)) - goto merr; - gen = NULL; - if ((point = DIST_POINT_new()) == NULL) - goto merr; - sk_DIST_POINT_push(crld, point); /* no failure as it was reserved */ - if ((point->distpoint = DIST_POINT_NAME_new()) == NULL) - goto merr; - point->distpoint->name.fullname = gens; - point->distpoint->type = 0; - gens = NULL; - } - } - return crld; - - merr: - ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); - err: - GENERAL_NAME_free(gen); - GENERAL_NAMES_free(gens); - sk_DIST_POINT_pop_free(crld, DIST_POINT_free); - return NULL; -} - -static int dpn_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, - void *exarg) -{ - DIST_POINT_NAME *dpn = (DIST_POINT_NAME *)*pval; - - switch (operation) { - case ASN1_OP_NEW_POST: - dpn->dpname = NULL; - break; - - case ASN1_OP_FREE_POST: - X509_NAME_free(dpn->dpname); - break; - } - return 1; -} - - -ASN1_CHOICE_cb(DIST_POINT_NAME, dpn_cb) = { - ASN1_IMP_SEQUENCE_OF(DIST_POINT_NAME, name.fullname, GENERAL_NAME, 0), - ASN1_IMP_SET_OF(DIST_POINT_NAME, name.relativename, X509_NAME_ENTRY, 1) -} ASN1_CHOICE_END_cb(DIST_POINT_NAME, DIST_POINT_NAME, type) - - -IMPLEMENT_ASN1_FUNCTIONS(DIST_POINT_NAME) - -ASN1_SEQUENCE(DIST_POINT) = { - ASN1_EXP_OPT(DIST_POINT, distpoint, DIST_POINT_NAME, 0), - ASN1_IMP_OPT(DIST_POINT, reasons, ASN1_BIT_STRING, 1), - ASN1_IMP_SEQUENCE_OF_OPT(DIST_POINT, CRLissuer, GENERAL_NAME, 2) -} ASN1_SEQUENCE_END(DIST_POINT) - -IMPLEMENT_ASN1_FUNCTIONS(DIST_POINT) - -ASN1_ITEM_TEMPLATE(CRL_DIST_POINTS) = - ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, CRLDistributionPoints, DIST_POINT) -ASN1_ITEM_TEMPLATE_END(CRL_DIST_POINTS) - -IMPLEMENT_ASN1_FUNCTIONS(CRL_DIST_POINTS) - -ASN1_SEQUENCE(ISSUING_DIST_POINT) = { - ASN1_EXP_OPT(ISSUING_DIST_POINT, distpoint, DIST_POINT_NAME, 0), - ASN1_IMP_OPT(ISSUING_DIST_POINT, onlyuser, ASN1_FBOOLEAN, 1), - ASN1_IMP_OPT(ISSUING_DIST_POINT, onlyCA, ASN1_FBOOLEAN, 2), - ASN1_IMP_OPT(ISSUING_DIST_POINT, onlysomereasons, ASN1_BIT_STRING, 3), - ASN1_IMP_OPT(ISSUING_DIST_POINT, indirectCRL, ASN1_FBOOLEAN, 4), - ASN1_IMP_OPT(ISSUING_DIST_POINT, onlyattr, ASN1_FBOOLEAN, 5) -} ASN1_SEQUENCE_END(ISSUING_DIST_POINT) - -IMPLEMENT_ASN1_FUNCTIONS(ISSUING_DIST_POINT) - -static int i2r_idp(const X509V3_EXT_METHOD *method, void *pidp, BIO *out, - int indent); -static void *v2i_idp(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, - STACK_OF(CONF_VALUE) *nval); - -const X509V3_EXT_METHOD ossl_v3_idp = { - NID_issuing_distribution_point, X509V3_EXT_MULTILINE, - ASN1_ITEM_ref(ISSUING_DIST_POINT), - 0, 0, 0, 0, - 0, 0, - 0, - v2i_idp, - i2r_idp, 0, - NULL -}; - -static void *v2i_idp(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, - STACK_OF(CONF_VALUE) *nval) -{ - ISSUING_DIST_POINT *idp = NULL; - CONF_VALUE *cnf; - char *name, *val; - int i, ret; - idp = ISSUING_DIST_POINT_new(); - if (idp == NULL) - goto merr; - for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { - cnf = sk_CONF_VALUE_value(nval, i); - name = cnf->name; - val = cnf->value; - ret = set_dist_point_name(&idp->distpoint, ctx, cnf); - if (ret > 0) - continue; - if (ret < 0) - goto err; - if (strcmp(name, "onlyuser") == 0) { - if (!X509V3_get_value_bool(cnf, &idp->onlyuser)) - goto err; - } else if (strcmp(name, "onlyCA") == 0) { - if (!X509V3_get_value_bool(cnf, &idp->onlyCA)) - goto err; - } else if (strcmp(name, "onlyAA") == 0) { - if (!X509V3_get_value_bool(cnf, &idp->onlyattr)) - goto err; - } else if (strcmp(name, "indirectCRL") == 0) { - if (!X509V3_get_value_bool(cnf, &idp->indirectCRL)) - goto err; - } else if (strcmp(name, "onlysomereasons") == 0) { - if (!set_reasons(&idp->onlysomereasons, val)) - goto err; - } else { - ERR_raise(ERR_LIB_X509V3, X509V3_R_INVALID_NAME); - X509V3_conf_add_error_name_value(cnf); - goto err; - } - } - return idp; - - merr: - ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); - err: - ISSUING_DIST_POINT_free(idp); - return NULL; -} - -static int print_gens(BIO *out, STACK_OF(GENERAL_NAME) *gens, int indent) -{ - int i; - for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) { - if (i > 0) - BIO_puts(out, "\n"); - BIO_printf(out, "%*s", indent + 2, ""); - GENERAL_NAME_print(out, sk_GENERAL_NAME_value(gens, i)); - } - return 1; -} - -static int print_distpoint(BIO *out, DIST_POINT_NAME *dpn, int indent) -{ - if (dpn->type == 0) { - BIO_printf(out, "%*sFull Name:\n", indent, ""); - print_gens(out, dpn->name.fullname, indent); - } else { - X509_NAME ntmp; - ntmp.entries = dpn->name.relativename; - BIO_printf(out, "%*sRelative Name:\n%*s", indent, "", indent + 2, ""); - X509_NAME_print_ex(out, &ntmp, 0, XN_FLAG_ONELINE); - BIO_puts(out, "\n"); - } - return 1; -} - -static int i2r_idp(const X509V3_EXT_METHOD *method, void *pidp, BIO *out, - int indent) -{ - ISSUING_DIST_POINT *idp = pidp; - if (idp->distpoint) - print_distpoint(out, idp->distpoint, indent); - if (idp->onlyuser > 0) - BIO_printf(out, "%*sOnly User Certificates\n", indent, ""); - if (idp->onlyCA > 0) - BIO_printf(out, "%*sOnly CA Certificates\n", indent, ""); - if (idp->indirectCRL > 0) - BIO_printf(out, "%*sIndirect CRL\n", indent, ""); - if (idp->onlysomereasons) - print_reasons(out, "Only Some Reasons", idp->onlysomereasons, indent); - if (idp->onlyattr > 0) - BIO_printf(out, "%*sOnly Attribute Certificates\n", indent, ""); - if (!idp->distpoint && (idp->onlyuser <= 0) && (idp->onlyCA <= 0) - && (idp->indirectCRL <= 0) && !idp->onlysomereasons - && (idp->onlyattr <= 0)) - BIO_printf(out, "%*s\n", indent, ""); - - return 1; -} - -static int i2r_crldp(const X509V3_EXT_METHOD *method, void *pcrldp, BIO *out, - int indent) -{ - STACK_OF(DIST_POINT) *crld = pcrldp; - DIST_POINT *point; - int i; - for (i = 0; i < sk_DIST_POINT_num(crld); i++) { - if (i > 0) - BIO_puts(out, "\n"); - point = sk_DIST_POINT_value(crld, i); - if (point->distpoint) - print_distpoint(out, point->distpoint, indent); - if (point->reasons) - print_reasons(out, "Reasons", point->reasons, indent); - if (point->CRLissuer) { - BIO_printf(out, "%*sCRL Issuer:\n", indent, ""); - print_gens(out, point->CRLissuer, indent); - } - } - return 1; -} - -/* Append any nameRelativeToCRLIssuer in dpn to iname, set in dpn->dpname */ -int DIST_POINT_set_dpname(DIST_POINT_NAME *dpn, const X509_NAME *iname) -{ - int i; - STACK_OF(X509_NAME_ENTRY) *frag; - X509_NAME_ENTRY *ne; - - if (dpn == NULL || dpn->type != 1) - return 1; - frag = dpn->name.relativename; - X509_NAME_free(dpn->dpname); /* just in case it was already set */ - dpn->dpname = X509_NAME_dup(iname); - if (dpn->dpname == NULL) - return 0; - for (i = 0; i < sk_X509_NAME_ENTRY_num(frag); i++) { - ne = sk_X509_NAME_ENTRY_value(frag, i); - if (!X509_NAME_add_entry(dpn->dpname, ne, -1, i ? 0 : 1)) - goto err; - } - /* generate cached encoding of name */ - if (i2d_X509_NAME(dpn->dpname, NULL) >= 0) - return 1; - - err: - X509_NAME_free(dpn->dpname); - dpn->dpname = NULL; - return 0; -} diff --git a/crypto/x509/v3_enum.c b/crypto/x509/v3_enum.c deleted file mode 100644 index b73a6d55162bbf37ae65ef24c16de43872bc5f2c..0000000000000000000000000000000000000000 --- a/crypto/x509/v3_enum.c +++ /dev/null @@ -1,53 +0,0 @@ -/* - * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/cryptlib.h" -#include -#include "ext_dat.h" - -static ENUMERATED_NAMES crl_reasons[] = { - {CRL_REASON_UNSPECIFIED, "Unspecified", "unspecified"}, - {CRL_REASON_KEY_COMPROMISE, "Key Compromise", "keyCompromise"}, - {CRL_REASON_CA_COMPROMISE, "CA Compromise", "CACompromise"}, - {CRL_REASON_AFFILIATION_CHANGED, "Affiliation Changed", - "affiliationChanged"}, - {CRL_REASON_SUPERSEDED, "Superseded", "superseded"}, - {CRL_REASON_CESSATION_OF_OPERATION, - "Cessation Of Operation", "cessationOfOperation"}, - {CRL_REASON_CERTIFICATE_HOLD, "Certificate Hold", "certificateHold"}, - {CRL_REASON_REMOVE_FROM_CRL, "Remove From CRL", "removeFromCRL"}, - {CRL_REASON_PRIVILEGE_WITHDRAWN, "Privilege Withdrawn", - "privilegeWithdrawn"}, - {CRL_REASON_AA_COMPROMISE, "AA Compromise", "AACompromise"}, - {-1, NULL, NULL} -}; - -const X509V3_EXT_METHOD ossl_v3_crl_reason = { - NID_crl_reason, 0, ASN1_ITEM_ref(ASN1_ENUMERATED), - 0, 0, 0, 0, - (X509V3_EXT_I2S)i2s_ASN1_ENUMERATED_TABLE, - 0, - 0, 0, 0, 0, - crl_reasons -}; - -char *i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *method, - const ASN1_ENUMERATED *e) -{ - ENUMERATED_NAMES *enam; - long strval; - - strval = ASN1_ENUMERATED_get(e); - for (enam = method->usr_data; enam->lname; enam++) { - if (strval == enam->bitnum) - return OPENSSL_strdup(enam->lname); - } - return i2s_ASN1_ENUMERATED(method, e); -} diff --git a/crypto/x509/v3_extku.c b/crypto/x509/v3_extku.c deleted file mode 100644 index 4f2a86bdcb2b330881d376b1aedd5deef05c9443..0000000000000000000000000000000000000000 --- a/crypto/x509/v3_extku.c +++ /dev/null @@ -1,102 +0,0 @@ -/* - * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/cryptlib.h" -#include -#include -#include -#include "ext_dat.h" - -static void *v2i_EXTENDED_KEY_USAGE(const X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, - STACK_OF(CONF_VALUE) *nval); -static STACK_OF(CONF_VALUE) *i2v_EXTENDED_KEY_USAGE(const X509V3_EXT_METHOD - *method, void *eku, STACK_OF(CONF_VALUE) - *extlist); - -const X509V3_EXT_METHOD ossl_v3_ext_ku = { - NID_ext_key_usage, 0, - ASN1_ITEM_ref(EXTENDED_KEY_USAGE), - 0, 0, 0, 0, - 0, 0, - i2v_EXTENDED_KEY_USAGE, - v2i_EXTENDED_KEY_USAGE, - 0, 0, - NULL -}; - -/* NB OCSP acceptable responses also is a SEQUENCE OF OBJECT */ -const X509V3_EXT_METHOD ossl_v3_ocsp_accresp = { - NID_id_pkix_OCSP_acceptableResponses, 0, - ASN1_ITEM_ref(EXTENDED_KEY_USAGE), - 0, 0, 0, 0, - 0, 0, - i2v_EXTENDED_KEY_USAGE, - v2i_EXTENDED_KEY_USAGE, - 0, 0, - NULL -}; - -ASN1_ITEM_TEMPLATE(EXTENDED_KEY_USAGE) = - ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, EXTENDED_KEY_USAGE, ASN1_OBJECT) -ASN1_ITEM_TEMPLATE_END(EXTENDED_KEY_USAGE) - -IMPLEMENT_ASN1_FUNCTIONS(EXTENDED_KEY_USAGE) - -static STACK_OF(CONF_VALUE) *i2v_EXTENDED_KEY_USAGE(const X509V3_EXT_METHOD - *method, void *a, STACK_OF(CONF_VALUE) - *ext_list) -{ - EXTENDED_KEY_USAGE *eku = a; - int i; - ASN1_OBJECT *obj; - char obj_tmp[80]; - for (i = 0; i < sk_ASN1_OBJECT_num(eku); i++) { - obj = sk_ASN1_OBJECT_value(eku, i); - i2t_ASN1_OBJECT(obj_tmp, 80, obj); - X509V3_add_value(NULL, obj_tmp, &ext_list); - } - return ext_list; -} - -static void *v2i_EXTENDED_KEY_USAGE(const X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, - STACK_OF(CONF_VALUE) *nval) -{ - EXTENDED_KEY_USAGE *extku; - char *extval; - ASN1_OBJECT *objtmp; - CONF_VALUE *val; - const int num = sk_CONF_VALUE_num(nval); - int i; - - extku = sk_ASN1_OBJECT_new_reserve(NULL, num); - if (extku == NULL) { - ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); - sk_ASN1_OBJECT_free(extku); - return NULL; - } - - for (i = 0; i < num; i++) { - val = sk_CONF_VALUE_value(nval, i); - if (val->value) - extval = val->value; - else - extval = val->name; - if ((objtmp = OBJ_txt2obj(extval, 0)) == NULL) { - sk_ASN1_OBJECT_pop_free(extku, ASN1_OBJECT_free); - ERR_raise_data(ERR_LIB_X509V3, X509V3_R_INVALID_OBJECT_IDENTIFIER, - "%s", extval); - return NULL; - } - sk_ASN1_OBJECT_push(extku, objtmp); /* no failure as it was reserved */ - } - return extku; -} diff --git a/crypto/x509/v3_ia5.c b/crypto/x509/v3_ia5.c deleted file mode 100644 index 6722b6c01f05e840a145a8c154c0b3c947d14961..0000000000000000000000000000000000000000 --- a/crypto/x509/v3_ia5.c +++ /dev/null @@ -1,64 +0,0 @@ -/* - * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/cryptlib.h" -#include -#include -#include -#include "ext_dat.h" - -const X509V3_EXT_METHOD ossl_v3_ns_ia5_list[8] = { - EXT_IA5STRING(NID_netscape_base_url), - EXT_IA5STRING(NID_netscape_revocation_url), - EXT_IA5STRING(NID_netscape_ca_revocation_url), - EXT_IA5STRING(NID_netscape_renewal_url), - EXT_IA5STRING(NID_netscape_ca_policy_url), - EXT_IA5STRING(NID_netscape_ssl_server_name), - EXT_IA5STRING(NID_netscape_comment), - EXT_END -}; - -char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method, ASN1_IA5STRING *ia5) -{ - char *tmp; - - if (ia5 == NULL || ia5->length <= 0) - return NULL; - if ((tmp = OPENSSL_malloc(ia5->length + 1)) == NULL) { - ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); - return NULL; - } - memcpy(tmp, ia5->data, ia5->length); - tmp[ia5->length] = 0; - return tmp; -} - -ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, const char *str) -{ - ASN1_IA5STRING *ia5; - if (str == NULL) { - ERR_raise(ERR_LIB_X509V3, X509V3_R_INVALID_NULL_ARGUMENT); - return NULL; - } - if ((ia5 = ASN1_IA5STRING_new()) == NULL) - goto err; - if (!ASN1_STRING_set((ASN1_STRING *)ia5, str, strlen(str))) { - ASN1_IA5STRING_free(ia5); - return NULL; - } -#ifdef CHARSET_EBCDIC - ebcdic2ascii(ia5->data, ia5->data, ia5->length); -#endif /* CHARSET_EBCDIC */ - return ia5; - err: - ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); - return NULL; -} diff --git a/crypto/x509/v3_info.c b/crypto/x509/v3_info.c deleted file mode 100644 index 5f21ce11e7d588642bdf846686a6b6fe4045e552..0000000000000000000000000000000000000000 --- a/crypto/x509/v3_info.c +++ /dev/null @@ -1,156 +0,0 @@ -/* - * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/cryptlib.h" -#include -#include -#include -#include -#include "ext_dat.h" - -static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD - *method, AUTHORITY_INFO_ACCESS - *ainfo, STACK_OF(CONF_VALUE) - *ret); -static AUTHORITY_INFO_ACCESS *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD - *method, - X509V3_CTX *ctx, - STACK_OF(CONF_VALUE) - *nval); - -const X509V3_EXT_METHOD ossl_v3_info = { NID_info_access, X509V3_EXT_MULTILINE, - ASN1_ITEM_ref(AUTHORITY_INFO_ACCESS), - 0, 0, 0, 0, - 0, 0, - (X509V3_EXT_I2V) i2v_AUTHORITY_INFO_ACCESS, - (X509V3_EXT_V2I)v2i_AUTHORITY_INFO_ACCESS, - 0, 0, - NULL -}; - -const X509V3_EXT_METHOD ossl_v3_sinfo = { NID_sinfo_access, X509V3_EXT_MULTILINE, - ASN1_ITEM_ref(AUTHORITY_INFO_ACCESS), - 0, 0, 0, 0, - 0, 0, - (X509V3_EXT_I2V) i2v_AUTHORITY_INFO_ACCESS, - (X509V3_EXT_V2I)v2i_AUTHORITY_INFO_ACCESS, - 0, 0, - NULL -}; - -ASN1_SEQUENCE(ACCESS_DESCRIPTION) = { - ASN1_SIMPLE(ACCESS_DESCRIPTION, method, ASN1_OBJECT), - ASN1_SIMPLE(ACCESS_DESCRIPTION, location, GENERAL_NAME) -} ASN1_SEQUENCE_END(ACCESS_DESCRIPTION) - -IMPLEMENT_ASN1_FUNCTIONS(ACCESS_DESCRIPTION) - -ASN1_ITEM_TEMPLATE(AUTHORITY_INFO_ACCESS) = - ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, GeneralNames, ACCESS_DESCRIPTION) -ASN1_ITEM_TEMPLATE_END(AUTHORITY_INFO_ACCESS) - -IMPLEMENT_ASN1_FUNCTIONS(AUTHORITY_INFO_ACCESS) - -static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS( - X509V3_EXT_METHOD *method, AUTHORITY_INFO_ACCESS *ainfo, - STACK_OF(CONF_VALUE) *ret) -{ - ACCESS_DESCRIPTION *desc; - int i, nlen; - char objtmp[80], *ntmp; - CONF_VALUE *vtmp; - STACK_OF(CONF_VALUE) *tret = ret; - - for (i = 0; i < sk_ACCESS_DESCRIPTION_num(ainfo); i++) { - STACK_OF(CONF_VALUE) *tmp; - - desc = sk_ACCESS_DESCRIPTION_value(ainfo, i); - tmp = i2v_GENERAL_NAME(method, desc->location, tret); - if (tmp == NULL) - goto err; - tret = tmp; - vtmp = sk_CONF_VALUE_value(tret, i); - i2t_ASN1_OBJECT(objtmp, sizeof(objtmp), desc->method); - nlen = strlen(objtmp) + 3 + strlen(vtmp->name) + 1; - ntmp = OPENSSL_malloc(nlen); - if (ntmp == NULL) - goto err; - BIO_snprintf(ntmp, nlen, "%s - %s", objtmp, vtmp->name); - OPENSSL_free(vtmp->name); - vtmp->name = ntmp; - } - if (ret == NULL && tret == NULL) - return sk_CONF_VALUE_new_null(); - - return tret; - err: - ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); - if (ret == NULL && tret != NULL) - sk_CONF_VALUE_pop_free(tret, X509V3_conf_free); - return NULL; -} - -static AUTHORITY_INFO_ACCESS *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD - *method, - X509V3_CTX *ctx, - STACK_OF(CONF_VALUE) - *nval) -{ - AUTHORITY_INFO_ACCESS *ainfo = NULL; - CONF_VALUE *cnf, ctmp; - ACCESS_DESCRIPTION *acc; - int i; - const int num = sk_CONF_VALUE_num(nval); - char *objtmp, *ptmp; - - if ((ainfo = sk_ACCESS_DESCRIPTION_new_reserve(NULL, num)) == NULL) { - ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); - return NULL; - } - for (i = 0; i < num; i++) { - cnf = sk_CONF_VALUE_value(nval, i); - if ((acc = ACCESS_DESCRIPTION_new()) == NULL) { - ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); - goto err; - } - sk_ACCESS_DESCRIPTION_push(ainfo, acc); /* Cannot fail due to reserve */ - ptmp = strchr(cnf->name, ';'); - if (ptmp == NULL) { - ERR_raise(ERR_LIB_X509V3, X509V3_R_INVALID_SYNTAX); - goto err; - } - ctmp.name = ptmp + 1; - ctmp.value = cnf->value; - if (!v2i_GENERAL_NAME_ex(acc->location, method, ctx, &ctmp, 0)) - goto err; - if ((objtmp = OPENSSL_strndup(cnf->name, ptmp - cnf->name)) == NULL) { - ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); - goto err; - } - acc->method = OBJ_txt2obj(objtmp, 0); - if (!acc->method) { - ERR_raise_data(ERR_LIB_X509V3, X509V3_R_BAD_OBJECT, - "value=%s", objtmp); - OPENSSL_free(objtmp); - goto err; - } - OPENSSL_free(objtmp); - } - return ainfo; - err: - sk_ACCESS_DESCRIPTION_pop_free(ainfo, ACCESS_DESCRIPTION_free); - return NULL; -} - -int i2a_ACCESS_DESCRIPTION(BIO *bp, const ACCESS_DESCRIPTION *a) -{ - i2a_ASN1_OBJECT(bp, a->method); - return 2; -} diff --git a/crypto/x509/v3_int.c b/crypto/x509/v3_int.c deleted file mode 100644 index dae26a5ba9d74ef54538544193e332f59d3204be..0000000000000000000000000000000000000000 --- a/crypto/x509/v3_int.c +++ /dev/null @@ -1,43 +0,0 @@ -/* - * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/cryptlib.h" -#include -#include "ext_dat.h" - -const X509V3_EXT_METHOD ossl_v3_crl_num = { - NID_crl_number, 0, ASN1_ITEM_ref(ASN1_INTEGER), - 0, 0, 0, 0, - (X509V3_EXT_I2S)i2s_ASN1_INTEGER, - 0, - 0, 0, 0, 0, NULL -}; - -const X509V3_EXT_METHOD ossl_v3_delta_crl = { - NID_delta_crl, 0, ASN1_ITEM_ref(ASN1_INTEGER), - 0, 0, 0, 0, - (X509V3_EXT_I2S)i2s_ASN1_INTEGER, - 0, - 0, 0, 0, 0, NULL -}; - -static void *s2i_asn1_int(X509V3_EXT_METHOD *meth, X509V3_CTX *ctx, - const char *value) -{ - return s2i_ASN1_INTEGER(meth, value); -} - -const X509V3_EXT_METHOD ossl_v3_inhibit_anyp = { - NID_inhibit_any_policy, 0, ASN1_ITEM_ref(ASN1_INTEGER), - 0, 0, 0, 0, - (X509V3_EXT_I2S)i2s_ASN1_INTEGER, - (X509V3_EXT_S2I)s2i_asn1_int, - 0, 0, 0, 0, NULL -}; diff --git a/crypto/x509/v3_ist.c b/crypto/x509/v3_ist.c deleted file mode 100644 index 0de281f668712204725cd26d5e752755bf396e9d..0000000000000000000000000000000000000000 --- a/crypto/x509/v3_ist.c +++ /dev/null @@ -1,149 +0,0 @@ -/* - * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/cryptlib.h" -#include -#include -#include -#include -#include "ext_dat.h" - -/* - * Issuer Sign Tool (1.2.643.100.112) The name of the tool used to signs the subject (ASN1_SEQUENCE) - * This extention is required to obtain the status of a qualified certificate at Russian Federation. - * RFC-style description is available here: https://tools.ietf.org/html/draft-deremin-rfc4491-bis-04#section-5 - * Russian Federal Law 63 "Digital Sign" is available here: http://www.consultant.ru/document/cons_doc_LAW_112701/ - */ - -ASN1_SEQUENCE(ISSUER_SIGN_TOOL) = { - ASN1_SIMPLE(ISSUER_SIGN_TOOL, signTool, ASN1_UTF8STRING), - ASN1_SIMPLE(ISSUER_SIGN_TOOL, cATool, ASN1_UTF8STRING), - ASN1_SIMPLE(ISSUER_SIGN_TOOL, signToolCert, ASN1_UTF8STRING), - ASN1_SIMPLE(ISSUER_SIGN_TOOL, cAToolCert, ASN1_UTF8STRING) -} ASN1_SEQUENCE_END(ISSUER_SIGN_TOOL) - -IMPLEMENT_ASN1_FUNCTIONS(ISSUER_SIGN_TOOL) - - -static ISSUER_SIGN_TOOL *v2i_issuer_sign_tool(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, - STACK_OF(CONF_VALUE) *nval) -{ - ISSUER_SIGN_TOOL *ist = ISSUER_SIGN_TOOL_new(); - int i; - - if (ist == NULL) { - ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); - return NULL; - } - for (i = 0; i < sk_CONF_VALUE_num(nval); ++i) { - CONF_VALUE *cnf = sk_CONF_VALUE_value(nval, i); - - if (cnf == NULL) { - continue; - } - if (strcmp(cnf->name, "signTool") == 0) { - ist->signTool = ASN1_UTF8STRING_new(); - if (ist->signTool == NULL) { - ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); - ISSUER_SIGN_TOOL_free(ist); - return NULL; - } - ASN1_STRING_set(ist->signTool, cnf->value, strlen(cnf->value)); - } else if (strcmp(cnf->name, "cATool") == 0) { - ist->cATool = ASN1_UTF8STRING_new(); - if (ist->cATool == NULL) { - ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); - ISSUER_SIGN_TOOL_free(ist); - return NULL; - } - ASN1_STRING_set(ist->cATool, cnf->value, strlen(cnf->value)); - } else if (strcmp(cnf->name, "signToolCert") == 0) { - ist->signToolCert = ASN1_UTF8STRING_new(); - if (ist->signToolCert == NULL) { - ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); - ISSUER_SIGN_TOOL_free(ist); - return NULL; - } - ASN1_STRING_set(ist->signToolCert, cnf->value, strlen(cnf->value)); - } else if (strcmp(cnf->name, "cAToolCert") == 0) { - ist->cAToolCert = ASN1_UTF8STRING_new(); - if (ist->cAToolCert == NULL) { - ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); - ISSUER_SIGN_TOOL_free(ist); - return NULL; - } - ASN1_STRING_set(ist->cAToolCert, cnf->value, strlen(cnf->value)); - } else { - ERR_raise(ERR_LIB_X509V3, ERR_R_PASSED_INVALID_ARGUMENT); - ISSUER_SIGN_TOOL_free(ist); - return NULL; - } - } - return ist; -} - -static int i2r_issuer_sign_tool(X509V3_EXT_METHOD *method, - ISSUER_SIGN_TOOL *ist, BIO *out, - int indent) -{ - int new_line = 0; - - if (ist == NULL) { - ERR_raise(ERR_LIB_X509V3, ERR_R_PASSED_INVALID_ARGUMENT); - return 0; - } - if (ist->signTool != NULL) { - if (new_line == 1) { - BIO_write(out, "\n", 1); - } - BIO_printf(out, "%*ssignTool : ", indent, ""); - BIO_write(out, ist->signTool->data, ist->signTool->length); - new_line = 1; - } - if (ist->cATool != NULL) { - if (new_line == 1) { - BIO_write(out, "\n", 1); - } - BIO_printf(out, "%*scATool : ", indent, ""); - BIO_write(out, ist->cATool->data, ist->cATool->length); - new_line = 1; - } - if (ist->signToolCert != NULL) { - if (new_line == 1) { - BIO_write(out, "\n", 1); - } - BIO_printf(out, "%*ssignToolCert: ", indent, ""); - BIO_write(out, ist->signToolCert->data, ist->signToolCert->length); - new_line = 1; - } - if (ist->cAToolCert != NULL) { - if (new_line == 1) { - BIO_write(out, "\n", 1); - } - BIO_printf(out, "%*scAToolCert : ", indent, ""); - BIO_write(out, ist->cAToolCert->data, ist->cAToolCert->length); - new_line = 1; - } - return 1; -} - -const X509V3_EXT_METHOD ossl_v3_issuer_sign_tool = { - NID_issuerSignTool, /* nid */ - X509V3_EXT_MULTILINE, /* flags */ - ASN1_ITEM_ref(ISSUER_SIGN_TOOL), /* template */ - 0, 0, 0, 0, /* old functions, ignored */ - 0, /* i2s */ - 0, /* s2i */ - 0, /* i2v */ - (X509V3_EXT_V2I)v2i_issuer_sign_tool, /* v2i */ - (X509V3_EXT_I2R)i2r_issuer_sign_tool, /* i2r */ - 0, /* r2i */ - NULL /* extension-specific data */ -}; diff --git a/crypto/x509/v3_lib.c b/crypto/x509/v3_lib.c deleted file mode 100644 index 5ffeb75d9f5b2af83abb21415507067dc8684bc9..0000000000000000000000000000000000000000 --- a/crypto/x509/v3_lib.c +++ /dev/null @@ -1,304 +0,0 @@ -/* - * Copyright 1999-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* X509 v3 extension utilities */ - -#include -#include "internal/cryptlib.h" -#include -#include - -#include "ext_dat.h" - -static STACK_OF(X509V3_EXT_METHOD) *ext_list = NULL; - -static int ext_cmp(const X509V3_EXT_METHOD *const *a, - const X509V3_EXT_METHOD *const *b); -static void ext_list_free(X509V3_EXT_METHOD *ext); - -int X509V3_EXT_add(X509V3_EXT_METHOD *ext) -{ - if (ext_list == NULL - && (ext_list = sk_X509V3_EXT_METHOD_new(ext_cmp)) == NULL) { - ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); - return 0; - } - if (!sk_X509V3_EXT_METHOD_push(ext_list, ext)) { - ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); - return 0; - } - return 1; -} - -static int ext_cmp(const X509V3_EXT_METHOD *const *a, - const X509V3_EXT_METHOD *const *b) -{ - return ((*a)->ext_nid - (*b)->ext_nid); -} - -DECLARE_OBJ_BSEARCH_CMP_FN(const X509V3_EXT_METHOD *, - const X509V3_EXT_METHOD *, ext); -IMPLEMENT_OBJ_BSEARCH_CMP_FN(const X509V3_EXT_METHOD *, - const X509V3_EXT_METHOD *, ext); - -#include "standard_exts.h" - -const X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid) -{ - X509V3_EXT_METHOD tmp; - const X509V3_EXT_METHOD *t = &tmp, *const *ret; - int idx; - - if (nid < 0) - return NULL; - tmp.ext_nid = nid; - ret = OBJ_bsearch_ext(&t, standard_exts, STANDARD_EXTENSION_COUNT); - if (ret) - return *ret; - if (!ext_list) - return NULL; - idx = sk_X509V3_EXT_METHOD_find(ext_list, &tmp); - return sk_X509V3_EXT_METHOD_value(ext_list, idx); -} - -const X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext) -{ - int nid; - if ((nid = OBJ_obj2nid(X509_EXTENSION_get_object(ext))) == NID_undef) - return NULL; - return X509V3_EXT_get_nid(nid); -} - -int X509V3_EXT_add_list(X509V3_EXT_METHOD *extlist) -{ - for (; extlist->ext_nid != -1; extlist++) - if (!X509V3_EXT_add(extlist)) - return 0; - return 1; -} - -int X509V3_EXT_add_alias(int nid_to, int nid_from) -{ - const X509V3_EXT_METHOD *ext; - X509V3_EXT_METHOD *tmpext; - - if ((ext = X509V3_EXT_get_nid(nid_from)) == NULL) { - ERR_raise(ERR_LIB_X509V3, X509V3_R_EXTENSION_NOT_FOUND); - return 0; - } - if ((tmpext = OPENSSL_malloc(sizeof(*tmpext))) == NULL) { - ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); - return 0; - } - *tmpext = *ext; - tmpext->ext_nid = nid_to; - tmpext->ext_flags |= X509V3_EXT_DYNAMIC; - return X509V3_EXT_add(tmpext); -} - -void X509V3_EXT_cleanup(void) -{ - sk_X509V3_EXT_METHOD_pop_free(ext_list, ext_list_free); - ext_list = NULL; -} - -static void ext_list_free(X509V3_EXT_METHOD *ext) -{ - if (ext->ext_flags & X509V3_EXT_DYNAMIC) - OPENSSL_free(ext); -} - -/* - * Legacy function: we don't need to add standard extensions any more because - * they are now kept in ext_dat.h. - */ - -int X509V3_add_standard_extensions(void) -{ - return 1; -} - -/* Return an extension internal structure */ - -void *X509V3_EXT_d2i(X509_EXTENSION *ext) -{ - const X509V3_EXT_METHOD *method; - const unsigned char *p; - ASN1_STRING *extvalue; - int extlen; - - if ((method = X509V3_EXT_get(ext)) == NULL) - return NULL; - extvalue = X509_EXTENSION_get_data(ext); - p = ASN1_STRING_get0_data(extvalue); - extlen = ASN1_STRING_length(extvalue); - if (method->it) - return ASN1_item_d2i(NULL, &p, extlen, ASN1_ITEM_ptr(method->it)); - return method->d2i(NULL, &p, extlen); -} - -/*- - * Get critical flag and decoded version of extension from a NID. - * The "idx" variable returns the last found extension and can - * be used to retrieve multiple extensions of the same NID. - * However multiple extensions with the same NID is usually - * due to a badly encoded certificate so if idx is NULL we - * choke if multiple extensions exist. - * The "crit" variable is set to the critical value. - * The return value is the decoded extension or NULL on - * error. The actual error can have several different causes, - * the value of *crit reflects the cause: - * >= 0, extension found but not decoded (reflects critical value). - * -1 extension not found. - * -2 extension occurs more than once. - */ - -void *X509V3_get_d2i(const STACK_OF(X509_EXTENSION) *x, int nid, int *crit, - int *idx) -{ - int lastpos, i; - X509_EXTENSION *ex, *found_ex = NULL; - - if (!x) { - if (idx) - *idx = -1; - if (crit) - *crit = -1; - return NULL; - } - if (idx) - lastpos = *idx + 1; - else - lastpos = 0; - if (lastpos < 0) - lastpos = 0; - for (i = lastpos; i < sk_X509_EXTENSION_num(x); i++) { - ex = sk_X509_EXTENSION_value(x, i); - if (OBJ_obj2nid(X509_EXTENSION_get_object(ex)) == nid) { - if (idx) { - *idx = i; - found_ex = ex; - break; - } else if (found_ex) { - /* Found more than one */ - if (crit) - *crit = -2; - return NULL; - } - found_ex = ex; - } - } - if (found_ex) { - /* Found it */ - if (crit) - *crit = X509_EXTENSION_get_critical(found_ex); - return X509V3_EXT_d2i(found_ex); - } - - /* Extension not found */ - if (idx) - *idx = -1; - if (crit) - *crit = -1; - return NULL; -} - -/* - * This function is a general extension append, replace and delete utility. - * The precise operation is governed by the 'flags' value. The 'crit' and - * 'value' arguments (if relevant) are the extensions internal structure. - */ - -int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, - int crit, unsigned long flags) -{ - int errcode, extidx = -1; - X509_EXTENSION *ext = NULL, *extmp; - STACK_OF(X509_EXTENSION) *ret = NULL; - unsigned long ext_op = flags & X509V3_ADD_OP_MASK; - - /* - * If appending we don't care if it exists, otherwise look for existing - * extension. - */ - if (ext_op != X509V3_ADD_APPEND) - extidx = X509v3_get_ext_by_NID(*x, nid, -1); - - /* See if extension exists */ - if (extidx >= 0) { - /* If keep existing, nothing to do */ - if (ext_op == X509V3_ADD_KEEP_EXISTING) - return 1; - /* If default then its an error */ - if (ext_op == X509V3_ADD_DEFAULT) { - errcode = X509V3_R_EXTENSION_EXISTS; - goto err; - } - /* If delete, just delete it */ - if (ext_op == X509V3_ADD_DELETE) { - extmp = sk_X509_EXTENSION_delete(*x, extidx); - if (extmp == NULL) - return -1; - X509_EXTENSION_free(extmp); - return 1; - } - } else { - /* - * If replace existing or delete, error since extension must exist - */ - if ((ext_op == X509V3_ADD_REPLACE_EXISTING) || - (ext_op == X509V3_ADD_DELETE)) { - errcode = X509V3_R_EXTENSION_NOT_FOUND; - goto err; - } - } - - /* - * If we get this far then we have to create an extension: could have - * some flags for alternative encoding schemes... - */ - - ext = X509V3_EXT_i2d(nid, crit, value); - - if (!ext) { - ERR_raise(ERR_LIB_X509V3, X509V3_R_ERROR_CREATING_EXTENSION); - return 0; - } - - /* If extension exists replace it.. */ - if (extidx >= 0) { - extmp = sk_X509_EXTENSION_value(*x, extidx); - X509_EXTENSION_free(extmp); - if (!sk_X509_EXTENSION_set(*x, extidx, ext)) - return -1; - return 1; - } - - ret = *x; - if (*x == NULL - && (ret = sk_X509_EXTENSION_new_null()) == NULL) - goto m_fail; - if (!sk_X509_EXTENSION_push(ret, ext)) - goto m_fail; - - *x = ret; - return 1; - - m_fail: - /* ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); */ - if (ret != *x) - sk_X509_EXTENSION_free(ret); - X509_EXTENSION_free(ext); - return -1; - - err: - if (!(flags & X509V3_ADD_SILENT)) - ERR_raise(ERR_LIB_X509V3, errcode); - return 0; -} diff --git a/crypto/x509/v3_pci.c b/crypto/x509/v3_pci.c deleted file mode 100644 index a931e01a9c92f3761a4d4d43365070b6f40e0b9f..0000000000000000000000000000000000000000 --- a/crypto/x509/v3_pci.c +++ /dev/null @@ -1,321 +0,0 @@ -/* - * Copyright 2004-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * This file is dual-licensed and is also available under the following - * terms: - * - * Copyright (c) 2004 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include -#include "internal/cryptlib.h" -#include -#include -#include "ext_dat.h" - -static int i2r_pci(X509V3_EXT_METHOD *method, PROXY_CERT_INFO_EXTENSION *ext, - BIO *out, int indent); -static PROXY_CERT_INFO_EXTENSION *r2i_pci(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, char *str); - -const X509V3_EXT_METHOD ossl_v3_pci = - { NID_proxyCertInfo, 0, ASN1_ITEM_ref(PROXY_CERT_INFO_EXTENSION), - 0, 0, 0, 0, - 0, 0, - NULL, NULL, - (X509V3_EXT_I2R)i2r_pci, - (X509V3_EXT_R2I)r2i_pci, - NULL, -}; - -static int i2r_pci(X509V3_EXT_METHOD *method, PROXY_CERT_INFO_EXTENSION *pci, - BIO *out, int indent) -{ - BIO_printf(out, "%*sPath Length Constraint: ", indent, ""); - if (pci->pcPathLengthConstraint) - i2a_ASN1_INTEGER(out, pci->pcPathLengthConstraint); - else - BIO_printf(out, "infinite"); - BIO_puts(out, "\n"); - BIO_printf(out, "%*sPolicy Language: ", indent, ""); - i2a_ASN1_OBJECT(out, pci->proxyPolicy->policyLanguage); - if (pci->proxyPolicy->policy && pci->proxyPolicy->policy->data) - BIO_printf(out, "\n%*sPolicy Text: %.*s", indent, "", - pci->proxyPolicy->policy->length, - pci->proxyPolicy->policy->data); - return 1; -} - -static int process_pci_value(CONF_VALUE *val, - ASN1_OBJECT **language, ASN1_INTEGER **pathlen, - ASN1_OCTET_STRING **policy) -{ - int free_policy = 0; - - if (strcmp(val->name, "language") == 0) { - if (*language) { - ERR_raise(ERR_LIB_X509V3, X509V3_R_POLICY_LANGUAGE_ALREADY_DEFINED); - X509V3_conf_err(val); - return 0; - } - if ((*language = OBJ_txt2obj(val->value, 0)) == NULL) { - ERR_raise(ERR_LIB_X509V3, X509V3_R_INVALID_OBJECT_IDENTIFIER); - X509V3_conf_err(val); - return 0; - } - } else if (strcmp(val->name, "pathlen") == 0) { - if (*pathlen) { - ERR_raise(ERR_LIB_X509V3, - X509V3_R_POLICY_PATH_LENGTH_ALREADY_DEFINED); - X509V3_conf_err(val); - return 0; - } - if (!X509V3_get_value_int(val, pathlen)) { - ERR_raise(ERR_LIB_X509V3, X509V3_R_POLICY_PATH_LENGTH); - X509V3_conf_err(val); - return 0; - } - } else if (strcmp(val->name, "policy") == 0) { - unsigned char *tmp_data = NULL; - long val_len; - - if (*policy == NULL) { - *policy = ASN1_OCTET_STRING_new(); - if (*policy == NULL) { - ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); - X509V3_conf_err(val); - return 0; - } - free_policy = 1; - } - if (strncmp(val->value, "hex:", 4) == 0) { - unsigned char *tmp_data2 = - OPENSSL_hexstr2buf(val->value + 4, &val_len); - - if (!tmp_data2) { - X509V3_conf_err(val); - goto err; - } - - tmp_data = OPENSSL_realloc((*policy)->data, - (*policy)->length + val_len + 1); - if (tmp_data) { - (*policy)->data = tmp_data; - memcpy(&(*policy)->data[(*policy)->length], - tmp_data2, val_len); - (*policy)->length += val_len; - (*policy)->data[(*policy)->length] = '\0'; - } else { - OPENSSL_free(tmp_data2); - /* - * realloc failure implies the original data space is b0rked - * too! - */ - OPENSSL_free((*policy)->data); - (*policy)->data = NULL; - (*policy)->length = 0; - ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); - X509V3_conf_err(val); - goto err; - } - OPENSSL_free(tmp_data2); - } else if (strncmp(val->value, "file:", 5) == 0) { - unsigned char buf[2048]; - int n; - BIO *b = BIO_new_file(val->value + 5, "r"); - if (!b) { - ERR_raise(ERR_LIB_X509V3, ERR_R_BIO_LIB); - X509V3_conf_err(val); - goto err; - } - while ((n = BIO_read(b, buf, sizeof(buf))) > 0 - || (n == 0 && BIO_should_retry(b))) { - if (!n) - continue; - - tmp_data = OPENSSL_realloc((*policy)->data, - (*policy)->length + n + 1); - - if (!tmp_data) { - OPENSSL_free((*policy)->data); - (*policy)->data = NULL; - (*policy)->length = 0; - ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); - X509V3_conf_err(val); - BIO_free_all(b); - goto err; - } - - (*policy)->data = tmp_data; - memcpy(&(*policy)->data[(*policy)->length], buf, n); - (*policy)->length += n; - (*policy)->data[(*policy)->length] = '\0'; - } - BIO_free_all(b); - - if (n < 0) { - ERR_raise(ERR_LIB_X509V3, ERR_R_BIO_LIB); - X509V3_conf_err(val); - goto err; - } - } else if (strncmp(val->value, "text:", 5) == 0) { - val_len = strlen(val->value + 5); - tmp_data = OPENSSL_realloc((*policy)->data, - (*policy)->length + val_len + 1); - if (tmp_data) { - (*policy)->data = tmp_data; - memcpy(&(*policy)->data[(*policy)->length], - val->value + 5, val_len); - (*policy)->length += val_len; - (*policy)->data[(*policy)->length] = '\0'; - } else { - /* - * realloc failure implies the original data space is b0rked - * too! - */ - OPENSSL_free((*policy)->data); - (*policy)->data = NULL; - (*policy)->length = 0; - ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); - X509V3_conf_err(val); - goto err; - } - } else { - ERR_raise(ERR_LIB_X509V3, X509V3_R_INCORRECT_POLICY_SYNTAX_TAG); - X509V3_conf_err(val); - goto err; - } - if (!tmp_data) { - ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); - X509V3_conf_err(val); - goto err; - } - } - return 1; - err: - if (free_policy) { - ASN1_OCTET_STRING_free(*policy); - *policy = NULL; - } - return 0; -} - -static PROXY_CERT_INFO_EXTENSION *r2i_pci(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, char *value) -{ - PROXY_CERT_INFO_EXTENSION *pci = NULL; - STACK_OF(CONF_VALUE) *vals; - ASN1_OBJECT *language = NULL; - ASN1_INTEGER *pathlen = NULL; - ASN1_OCTET_STRING *policy = NULL; - int i, j; - - vals = X509V3_parse_list(value); - for (i = 0; i < sk_CONF_VALUE_num(vals); i++) { - CONF_VALUE *cnf = sk_CONF_VALUE_value(vals, i); - - if (!cnf->name || (*cnf->name != '@' && !cnf->value)) { - ERR_raise(ERR_LIB_X509V3, X509V3_R_INVALID_PROXY_POLICY_SETTING); - X509V3_conf_err(cnf); - goto err; - } - if (*cnf->name == '@') { - STACK_OF(CONF_VALUE) *sect; - int success_p = 1; - - sect = X509V3_get_section(ctx, cnf->name + 1); - if (!sect) { - ERR_raise(ERR_LIB_X509V3, X509V3_R_INVALID_SECTION); - X509V3_conf_err(cnf); - goto err; - } - for (j = 0; success_p && j < sk_CONF_VALUE_num(sect); j++) { - success_p = - process_pci_value(sk_CONF_VALUE_value(sect, j), - &language, &pathlen, &policy); - } - X509V3_section_free(ctx, sect); - if (!success_p) - goto err; - } else { - if (!process_pci_value(cnf, &language, &pathlen, &policy)) { - X509V3_conf_err(cnf); - goto err; - } - } - } - - /* Language is mandatory */ - if (!language) { - ERR_raise(ERR_LIB_X509V3, - X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED); - goto err; - } - i = OBJ_obj2nid(language); - if ((i == NID_Independent || i == NID_id_ppl_inheritAll) && policy) { - ERR_raise(ERR_LIB_X509V3, - X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY); - goto err; - } - - pci = PROXY_CERT_INFO_EXTENSION_new(); - if (pci == NULL) { - ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); - goto err; - } - - pci->proxyPolicy->policyLanguage = language; - language = NULL; - pci->proxyPolicy->policy = policy; - policy = NULL; - pci->pcPathLengthConstraint = pathlen; - pathlen = NULL; - goto end; - err: - ASN1_OBJECT_free(language); - ASN1_INTEGER_free(pathlen); - pathlen = NULL; - ASN1_OCTET_STRING_free(policy); - policy = NULL; - PROXY_CERT_INFO_EXTENSION_free(pci); - pci = NULL; - end: - sk_CONF_VALUE_pop_free(vals, X509V3_conf_free); - return pci; -} diff --git a/crypto/x509/v3_pcia.c b/crypto/x509/v3_pcia.c deleted file mode 100644 index 7f5985f5e85958fcff29e46951d448afe5552e46..0000000000000000000000000000000000000000 --- a/crypto/x509/v3_pcia.c +++ /dev/null @@ -1,64 +0,0 @@ -/* - * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * This file is dual-licensed and is also available under the following - * terms: - * - * Copyright (c) 2004 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include -#include -#include - -ASN1_SEQUENCE(PROXY_POLICY) = - { - ASN1_SIMPLE(PROXY_POLICY,policyLanguage,ASN1_OBJECT), - ASN1_OPT(PROXY_POLICY,policy,ASN1_OCTET_STRING) -} ASN1_SEQUENCE_END(PROXY_POLICY) - -IMPLEMENT_ASN1_FUNCTIONS(PROXY_POLICY) - -ASN1_SEQUENCE(PROXY_CERT_INFO_EXTENSION) = - { - ASN1_OPT(PROXY_CERT_INFO_EXTENSION,pcPathLengthConstraint,ASN1_INTEGER), - ASN1_SIMPLE(PROXY_CERT_INFO_EXTENSION,proxyPolicy,PROXY_POLICY) -} ASN1_SEQUENCE_END(PROXY_CERT_INFO_EXTENSION) - -IMPLEMENT_ASN1_FUNCTIONS(PROXY_CERT_INFO_EXTENSION) diff --git a/crypto/x509/v3_pcons.c b/crypto/x509/v3_pcons.c deleted file mode 100644 index 128365f572e2b3b5b9f130ec5b76bb6dab877627..0000000000000000000000000000000000000000 --- a/crypto/x509/v3_pcons.c +++ /dev/null @@ -1,91 +0,0 @@ -/* - * Copyright 2003-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/cryptlib.h" -#include -#include -#include -#include -#include "ext_dat.h" - -static STACK_OF(CONF_VALUE) *i2v_POLICY_CONSTRAINTS(const X509V3_EXT_METHOD - *method, void *bcons, STACK_OF(CONF_VALUE) - *extlist); -static void *v2i_POLICY_CONSTRAINTS(const X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, - STACK_OF(CONF_VALUE) *values); - -const X509V3_EXT_METHOD ossl_v3_policy_constraints = { - NID_policy_constraints, 0, - ASN1_ITEM_ref(POLICY_CONSTRAINTS), - 0, 0, 0, 0, - 0, 0, - i2v_POLICY_CONSTRAINTS, - v2i_POLICY_CONSTRAINTS, - NULL, NULL, - NULL -}; - -ASN1_SEQUENCE(POLICY_CONSTRAINTS) = { - ASN1_IMP_OPT(POLICY_CONSTRAINTS, requireExplicitPolicy, ASN1_INTEGER,0), - ASN1_IMP_OPT(POLICY_CONSTRAINTS, inhibitPolicyMapping, ASN1_INTEGER,1) -} ASN1_SEQUENCE_END(POLICY_CONSTRAINTS) - -IMPLEMENT_ASN1_ALLOC_FUNCTIONS(POLICY_CONSTRAINTS) - -static STACK_OF(CONF_VALUE) *i2v_POLICY_CONSTRAINTS(const X509V3_EXT_METHOD - *method, void *a, STACK_OF(CONF_VALUE) - *extlist) -{ - POLICY_CONSTRAINTS *pcons = a; - X509V3_add_value_int("Require Explicit Policy", - pcons->requireExplicitPolicy, &extlist); - X509V3_add_value_int("Inhibit Policy Mapping", - pcons->inhibitPolicyMapping, &extlist); - return extlist; -} - -static void *v2i_POLICY_CONSTRAINTS(const X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, - STACK_OF(CONF_VALUE) *values) -{ - POLICY_CONSTRAINTS *pcons = NULL; - CONF_VALUE *val; - int i; - - if ((pcons = POLICY_CONSTRAINTS_new()) == NULL) { - ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); - return NULL; - } - for (i = 0; i < sk_CONF_VALUE_num(values); i++) { - val = sk_CONF_VALUE_value(values, i); - if (strcmp(val->name, "requireExplicitPolicy") == 0) { - if (!X509V3_get_value_int(val, &pcons->requireExplicitPolicy)) - goto err; - } else if (strcmp(val->name, "inhibitPolicyMapping") == 0) { - if (!X509V3_get_value_int(val, &pcons->inhibitPolicyMapping)) - goto err; - } else { - ERR_raise_data(ERR_LIB_X509V3, X509V3_R_INVALID_NAME, - "%s", val->name); - goto err; - } - } - if (pcons->inhibitPolicyMapping == NULL - && pcons->requireExplicitPolicy == NULL) { - ERR_raise(ERR_LIB_X509V3, X509V3_R_ILLEGAL_EMPTY_EXTENSION); - goto err; - } - - return pcons; - err: - POLICY_CONSTRAINTS_free(pcons); - return NULL; -} diff --git a/crypto/x509/v3_pku.c b/crypto/x509/v3_pku.c deleted file mode 100644 index 8f7e7d68130039e52d377f1cf920f4c7fea2fb5d..0000000000000000000000000000000000000000 --- a/crypto/x509/v3_pku.c +++ /dev/null @@ -1,52 +0,0 @@ -/* - * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/cryptlib.h" -#include -#include -#include -#include "ext_dat.h" - -static int i2r_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method, - PKEY_USAGE_PERIOD *usage, BIO *out, - int indent); - -const X509V3_EXT_METHOD ossl_v3_pkey_usage_period = { - NID_private_key_usage_period, 0, ASN1_ITEM_ref(PKEY_USAGE_PERIOD), - 0, 0, 0, 0, - 0, 0, 0, 0, - (X509V3_EXT_I2R)i2r_PKEY_USAGE_PERIOD, NULL, - NULL -}; - -ASN1_SEQUENCE(PKEY_USAGE_PERIOD) = { - ASN1_IMP_OPT(PKEY_USAGE_PERIOD, notBefore, ASN1_GENERALIZEDTIME, 0), - ASN1_IMP_OPT(PKEY_USAGE_PERIOD, notAfter, ASN1_GENERALIZEDTIME, 1) -} ASN1_SEQUENCE_END(PKEY_USAGE_PERIOD) - -IMPLEMENT_ASN1_FUNCTIONS(PKEY_USAGE_PERIOD) - -static int i2r_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method, - PKEY_USAGE_PERIOD *usage, BIO *out, - int indent) -{ - BIO_printf(out, "%*s", indent, ""); - if (usage->notBefore) { - BIO_write(out, "Not Before: ", 12); - ASN1_GENERALIZEDTIME_print(out, usage->notBefore); - if (usage->notAfter) - BIO_write(out, ", ", 2); - } - if (usage->notAfter) { - BIO_write(out, "Not After: ", 11); - ASN1_GENERALIZEDTIME_print(out, usage->notAfter); - } - return 1; -} diff --git a/crypto/x509/v3_pmaps.c b/crypto/x509/v3_pmaps.c deleted file mode 100644 index 2094e96711417a6301e4860739cc4dd01e39daf2..0000000000000000000000000000000000000000 --- a/crypto/x509/v3_pmaps.c +++ /dev/null @@ -1,110 +0,0 @@ -/* - * Copyright 2003-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/cryptlib.h" -#include -#include -#include -#include "ext_dat.h" - -static void *v2i_POLICY_MAPPINGS(const X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); -static STACK_OF(CONF_VALUE) *i2v_POLICY_MAPPINGS(const X509V3_EXT_METHOD - *method, void *pmps, STACK_OF(CONF_VALUE) - *extlist); - -const X509V3_EXT_METHOD ossl_v3_policy_mappings = { - NID_policy_mappings, 0, - ASN1_ITEM_ref(POLICY_MAPPINGS), - 0, 0, 0, 0, - 0, 0, - i2v_POLICY_MAPPINGS, - v2i_POLICY_MAPPINGS, - 0, 0, - NULL -}; - -ASN1_SEQUENCE(POLICY_MAPPING) = { - ASN1_SIMPLE(POLICY_MAPPING, issuerDomainPolicy, ASN1_OBJECT), - ASN1_SIMPLE(POLICY_MAPPING, subjectDomainPolicy, ASN1_OBJECT) -} ASN1_SEQUENCE_END(POLICY_MAPPING) - -ASN1_ITEM_TEMPLATE(POLICY_MAPPINGS) = - ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, POLICY_MAPPINGS, - POLICY_MAPPING) -ASN1_ITEM_TEMPLATE_END(POLICY_MAPPINGS) - -IMPLEMENT_ASN1_ALLOC_FUNCTIONS(POLICY_MAPPING) - -static STACK_OF(CONF_VALUE) *i2v_POLICY_MAPPINGS(const X509V3_EXT_METHOD - *method, void *a, STACK_OF(CONF_VALUE) - *ext_list) -{ - POLICY_MAPPINGS *pmaps = a; - POLICY_MAPPING *pmap; - int i; - char obj_tmp1[80]; - char obj_tmp2[80]; - - for (i = 0; i < sk_POLICY_MAPPING_num(pmaps); i++) { - pmap = sk_POLICY_MAPPING_value(pmaps, i); - i2t_ASN1_OBJECT(obj_tmp1, 80, pmap->issuerDomainPolicy); - i2t_ASN1_OBJECT(obj_tmp2, 80, pmap->subjectDomainPolicy); - X509V3_add_value(obj_tmp1, obj_tmp2, &ext_list); - } - return ext_list; -} - -static void *v2i_POLICY_MAPPINGS(const X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) -{ - POLICY_MAPPING *pmap = NULL; - ASN1_OBJECT *obj1 = NULL, *obj2 = NULL; - CONF_VALUE *val; - POLICY_MAPPINGS *pmaps; - const int num = sk_CONF_VALUE_num(nval); - int i; - - if ((pmaps = sk_POLICY_MAPPING_new_reserve(NULL, num)) == NULL) { - ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); - return NULL; - } - - for (i = 0; i < num; i++) { - val = sk_CONF_VALUE_value(nval, i); - if (!val->value || !val->name) { - ERR_raise_data(ERR_LIB_X509V3, X509V3_R_INVALID_OBJECT_IDENTIFIER, - "%s", val->name); - goto err; - } - obj1 = OBJ_txt2obj(val->name, 0); - obj2 = OBJ_txt2obj(val->value, 0); - if (!obj1 || !obj2) { - ERR_raise_data(ERR_LIB_X509V3, X509V3_R_INVALID_OBJECT_IDENTIFIER, - "%s", val->name); - goto err; - } - pmap = POLICY_MAPPING_new(); - if (pmap == NULL) { - ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); - goto err; - } - pmap->issuerDomainPolicy = obj1; - pmap->subjectDomainPolicy = obj2; - obj1 = obj2 = NULL; - sk_POLICY_MAPPING_push(pmaps, pmap); /* no failure as it was reserved */ - } - return pmaps; - err: - ASN1_OBJECT_free(obj1); - ASN1_OBJECT_free(obj2); - sk_POLICY_MAPPING_pop_free(pmaps, POLICY_MAPPING_free); - return NULL; -} diff --git a/crypto/x509/v3_prn.c b/crypto/x509/v3_prn.c deleted file mode 100644 index 1e4516a713c2424bbf8eff6bfd20c234e9dec29f..0000000000000000000000000000000000000000 --- a/crypto/x509/v3_prn.c +++ /dev/null @@ -1,216 +0,0 @@ -/* - * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* X509 v3 extension utilities */ - -#include -#include "internal/cryptlib.h" -#include -#include - -/* Extension printing routines */ - -static int unknown_ext_print(BIO *out, const unsigned char *ext, int extlen, - unsigned long flag, int indent, int supported); - -/* Print out a name+value stack */ - -void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent, - int ml) -{ - int i; - CONF_VALUE *nval; - if (!val) - return; - if (!ml || !sk_CONF_VALUE_num(val)) { - BIO_printf(out, "%*s", indent, ""); - if (!sk_CONF_VALUE_num(val)) - BIO_puts(out, "\n"); - } - for (i = 0; i < sk_CONF_VALUE_num(val); i++) { - if (ml) { - if (i > 0) - BIO_printf(out, "\n"); - BIO_printf(out, "%*s", indent, ""); - } - else if (i > 0) - BIO_printf(out, ", "); - nval = sk_CONF_VALUE_value(val, i); - if (!nval->name) - BIO_puts(out, nval->value); - else if (!nval->value) - BIO_puts(out, nval->name); -#ifndef CHARSET_EBCDIC - else - BIO_printf(out, "%s:%s", nval->name, nval->value); -#else - else { - int len; - char *tmp; - len = strlen(nval->value) + 1; - tmp = OPENSSL_malloc(len); - if (tmp != NULL) { - ascii2ebcdic(tmp, nval->value, len); - BIO_printf(out, "%s:%s", nval->name, tmp); - OPENSSL_free(tmp); - } - } -#endif - } -} - -/* Main routine: print out a general extension */ - -int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, - int indent) -{ - void *ext_str = NULL; - char *value = NULL; - ASN1_OCTET_STRING *extoct; - const unsigned char *p; - int extlen; - const X509V3_EXT_METHOD *method; - STACK_OF(CONF_VALUE) *nval = NULL; - int ok = 1; - - extoct = X509_EXTENSION_get_data(ext); - p = ASN1_STRING_get0_data(extoct); - extlen = ASN1_STRING_length(extoct); - - if ((method = X509V3_EXT_get(ext)) == NULL) - return unknown_ext_print(out, p, extlen, flag, indent, 0); - if (method->it) - ext_str = ASN1_item_d2i(NULL, &p, extlen, ASN1_ITEM_ptr(method->it)); - else - ext_str = method->d2i(NULL, &p, extlen); - - if (!ext_str) - return unknown_ext_print(out, p, extlen, flag, indent, 1); - - if (method->i2s) { - if ((value = method->i2s(method, ext_str)) == NULL) { - ok = 0; - goto err; - } -#ifndef CHARSET_EBCDIC - BIO_printf(out, "%*s%s", indent, "", value); -#else - { - int len; - char *tmp; - len = strlen(value) + 1; - tmp = OPENSSL_malloc(len); - if (tmp != NULL) { - ascii2ebcdic(tmp, value, len); - BIO_printf(out, "%*s%s", indent, "", tmp); - OPENSSL_free(tmp); - } - } -#endif - } else if (method->i2v) { - if ((nval = method->i2v(method, ext_str, NULL)) == NULL) { - ok = 0; - goto err; - } - X509V3_EXT_val_prn(out, nval, indent, - method->ext_flags & X509V3_EXT_MULTILINE); - } else if (method->i2r) { - if (!method->i2r(method, ext_str, out, indent)) - ok = 0; - } else - ok = 0; - - err: - sk_CONF_VALUE_pop_free(nval, X509V3_conf_free); - OPENSSL_free(value); - if (method->it) - ASN1_item_free(ext_str, ASN1_ITEM_ptr(method->it)); - else - method->ext_free(ext_str); - return ok; -} - -int X509V3_extensions_print(BIO *bp, const char *title, - const STACK_OF(X509_EXTENSION) *exts, - unsigned long flag, int indent) -{ - int i, j; - - if (sk_X509_EXTENSION_num(exts) <= 0) - return 1; - - if (title) { - BIO_printf(bp, "%*s%s:\n", indent, "", title); - indent += 4; - } - - for (i = 0; i < sk_X509_EXTENSION_num(exts); i++) { - ASN1_OBJECT *obj; - X509_EXTENSION *ex; - - ex = sk_X509_EXTENSION_value(exts, i); - obj = X509_EXTENSION_get_object(ex); - if ((flag & X509_FLAG_EXTENSIONS_ONLY_KID) != 0 - && OBJ_obj2nid(obj) != NID_subject_key_identifier - && OBJ_obj2nid(obj) != NID_authority_key_identifier) - continue; - if (indent && BIO_printf(bp, "%*s", indent, "") <= 0) - return 0; - i2a_ASN1_OBJECT(bp, obj); - j = X509_EXTENSION_get_critical(ex); - if (BIO_printf(bp, ": %s\n", j ? "critical" : "") <= 0) - return 0; - if (!X509V3_EXT_print(bp, ex, flag, indent + 4)) { - BIO_printf(bp, "%*s", indent + 4, ""); - ASN1_STRING_print(bp, X509_EXTENSION_get_data(ex)); - } - if (BIO_write(bp, "\n", 1) <= 0) - return 0; - } - return 1; -} - -static int unknown_ext_print(BIO *out, const unsigned char *ext, int extlen, - unsigned long flag, int indent, int supported) -{ - switch (flag & X509V3_EXT_UNKNOWN_MASK) { - - case X509V3_EXT_DEFAULT: - return 0; - - case X509V3_EXT_ERROR_UNKNOWN: - if (supported) - BIO_printf(out, "%*s", indent, ""); - else - BIO_printf(out, "%*s", indent, ""); - return 1; - - case X509V3_EXT_PARSE_UNKNOWN: - return ASN1_parse_dump(out, ext, extlen, indent, -1); - case X509V3_EXT_DUMP_UNKNOWN: - return BIO_dump_indent(out, (const char *)ext, extlen, indent); - - default: - return 1; - } -} - -#ifndef OPENSSL_NO_STDIO -int X509V3_EXT_print_fp(FILE *fp, X509_EXTENSION *ext, int flag, int indent) -{ - BIO *bio_tmp; - int ret; - - if ((bio_tmp = BIO_new_fp(fp, BIO_NOCLOSE)) == NULL) - return 0; - ret = X509V3_EXT_print(bio_tmp, ext, flag, indent); - BIO_free(bio_tmp); - return ret; -} -#endif diff --git a/crypto/x509/v3_purp.c b/crypto/x509/v3_purp.c deleted file mode 100644 index a6ebbd5f94f6a6ff5354922cc3d76420cf1078dc..0000000000000000000000000000000000000000 --- a/crypto/x509/v3_purp.c +++ /dev/null @@ -1,1066 +0,0 @@ -/* - * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/cryptlib.h" -#include "internal/numbers.h" -#include -#include -#include "crypto/x509.h" -#include "internal/tsan_assist.h" -#include "x509_local.h" - -static int check_ssl_ca(const X509 *x); -static int check_purpose_ssl_client(const X509_PURPOSE *xp, const X509 *x, - int require_ca); -static int check_purpose_ssl_server(const X509_PURPOSE *xp, const X509 *x, - int require_ca); -static int check_purpose_ns_ssl_server(const X509_PURPOSE *xp, const X509 *x, - int require_ca); -static int purpose_smime(const X509 *x, int require_ca); -static int check_purpose_smime_sign(const X509_PURPOSE *xp, const X509 *x, - int require_ca); -static int check_purpose_smime_encrypt(const X509_PURPOSE *xp, const X509 *x, - int require_ca); -static int check_purpose_crl_sign(const X509_PURPOSE *xp, const X509 *x, - int require_ca); -static int check_purpose_timestamp_sign(const X509_PURPOSE *xp, const X509 *x, - int require_ca); -static int no_check_purpose(const X509_PURPOSE *xp, const X509 *x, - int require_ca); -static int check_purpose_ocsp_helper(const X509_PURPOSE *xp, const X509 *x, - int require_ca); - -static int xp_cmp(const X509_PURPOSE *const *a, const X509_PURPOSE *const *b); -static void xptable_free(X509_PURPOSE *p); - -static X509_PURPOSE xstandard[] = { - {X509_PURPOSE_SSL_CLIENT, X509_TRUST_SSL_CLIENT, 0, - check_purpose_ssl_client, "SSL client", "sslclient", NULL}, - {X509_PURPOSE_SSL_SERVER, X509_TRUST_SSL_SERVER, 0, - check_purpose_ssl_server, "SSL server", "sslserver", NULL}, - {X509_PURPOSE_NS_SSL_SERVER, X509_TRUST_SSL_SERVER, 0, - check_purpose_ns_ssl_server, "Netscape SSL server", "nssslserver", NULL}, - {X509_PURPOSE_SMIME_SIGN, X509_TRUST_EMAIL, 0, check_purpose_smime_sign, - "S/MIME signing", "smimesign", NULL}, - {X509_PURPOSE_SMIME_ENCRYPT, X509_TRUST_EMAIL, 0, - check_purpose_smime_encrypt, "S/MIME encryption", "smimeencrypt", NULL}, - {X509_PURPOSE_CRL_SIGN, X509_TRUST_COMPAT, 0, check_purpose_crl_sign, - "CRL signing", "crlsign", NULL}, - {X509_PURPOSE_ANY, X509_TRUST_DEFAULT, 0, no_check_purpose, - "Any Purpose", "any", - NULL}, - {X509_PURPOSE_OCSP_HELPER, X509_TRUST_COMPAT, 0, check_purpose_ocsp_helper, - "OCSP helper", "ocsphelper", NULL}, - {X509_PURPOSE_TIMESTAMP_SIGN, X509_TRUST_TSA, 0, - check_purpose_timestamp_sign, "Time Stamp signing", "timestampsign", - NULL}, -}; - -#define X509_PURPOSE_COUNT OSSL_NELEM(xstandard) - -static STACK_OF(X509_PURPOSE) *xptable = NULL; - -static int xp_cmp(const X509_PURPOSE *const *a, const X509_PURPOSE *const *b) -{ - return (*a)->purpose - (*b)->purpose; -} - -/* - * As much as I'd like to make X509_check_purpose use a "const" X509* I really - * can't because it does recalculate hashes and do other non-const things. - * If id == -1 it just calls x509v3_cache_extensions() for its side-effect. - * Returns 1 on success, 0 if x does not allow purpose, -1 on (internal) error. - */ -int X509_check_purpose(X509 *x, int id, int require_ca) -{ - int idx; - const X509_PURPOSE *pt; - - if (!ossl_x509v3_cache_extensions(x)) - return -1; - if (id == -1) - return 1; - - idx = X509_PURPOSE_get_by_id(id); - if (idx == -1) - return -1; - pt = X509_PURPOSE_get0(idx); - return pt->check_purpose(pt, x, require_ca); -} - -int X509_PURPOSE_set(int *p, int purpose) -{ - if (X509_PURPOSE_get_by_id(purpose) == -1) { - ERR_raise(ERR_LIB_X509V3, X509V3_R_INVALID_PURPOSE); - return 0; - } - *p = purpose; - return 1; -} - -int X509_PURPOSE_get_count(void) -{ - if (!xptable) - return X509_PURPOSE_COUNT; - return sk_X509_PURPOSE_num(xptable) + X509_PURPOSE_COUNT; -} - -X509_PURPOSE *X509_PURPOSE_get0(int idx) -{ - if (idx < 0) - return NULL; - if (idx < (int)X509_PURPOSE_COUNT) - return xstandard + idx; - return sk_X509_PURPOSE_value(xptable, idx - X509_PURPOSE_COUNT); -} - -int X509_PURPOSE_get_by_sname(const char *sname) -{ - int i; - X509_PURPOSE *xptmp; - for (i = 0; i < X509_PURPOSE_get_count(); i++) { - xptmp = X509_PURPOSE_get0(i); - if (strcmp(xptmp->sname, sname) == 0) - return i; - } - return -1; -} - -/* Returns -1 on error, else an index => 0 in standard/extended purpose table */ -int X509_PURPOSE_get_by_id(int purpose) -{ - X509_PURPOSE tmp; - int idx; - - if (purpose >= X509_PURPOSE_MIN && purpose <= X509_PURPOSE_MAX) - return purpose - X509_PURPOSE_MIN; - if (xptable == NULL) - return -1; - tmp.purpose = purpose; - idx = sk_X509_PURPOSE_find(xptable, &tmp); - if (idx < 0) - return -1; - return idx + X509_PURPOSE_COUNT; -} - -int X509_PURPOSE_add(int id, int trust, int flags, - int (*ck) (const X509_PURPOSE *, const X509 *, int), - const char *name, const char *sname, void *arg) -{ - int idx; - X509_PURPOSE *ptmp; - - /* This is set according to what we change: application can't set it */ - flags &= ~X509_PURPOSE_DYNAMIC; - /* This will always be set for application modified trust entries */ - flags |= X509_PURPOSE_DYNAMIC_NAME; - /* Get existing entry if any */ - idx = X509_PURPOSE_get_by_id(id); - /* Need a new entry */ - if (idx == -1) { - if ((ptmp = OPENSSL_malloc(sizeof(*ptmp))) == NULL) { - ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); - return 0; - } - ptmp->flags = X509_PURPOSE_DYNAMIC; - } else - ptmp = X509_PURPOSE_get0(idx); - - /* OPENSSL_free existing name if dynamic */ - if (ptmp->flags & X509_PURPOSE_DYNAMIC_NAME) { - OPENSSL_free(ptmp->name); - OPENSSL_free(ptmp->sname); - } - /* Dup supplied name */ - ptmp->name = OPENSSL_strdup(name); - ptmp->sname = OPENSSL_strdup(sname); - if (ptmp->name == NULL|| ptmp->sname == NULL) { - ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); - goto err; - } - /* Keep the dynamic flag of existing entry */ - ptmp->flags &= X509_PURPOSE_DYNAMIC; - /* Set all other flags */ - ptmp->flags |= flags; - - ptmp->purpose = id; - ptmp->trust = trust; - ptmp->check_purpose = ck; - ptmp->usr_data = arg; - - /* If its a new entry manage the dynamic table */ - if (idx == -1) { - if (xptable == NULL - && (xptable = sk_X509_PURPOSE_new(xp_cmp)) == NULL) { - ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); - goto err; - } - if (!sk_X509_PURPOSE_push(xptable, ptmp)) { - ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); - goto err; - } - } - return 1; - err: - if (idx == -1) { - OPENSSL_free(ptmp->name); - OPENSSL_free(ptmp->sname); - OPENSSL_free(ptmp); - } - return 0; -} - -static void xptable_free(X509_PURPOSE *p) -{ - if (p == NULL) - return; - if (p->flags & X509_PURPOSE_DYNAMIC) { - if (p->flags & X509_PURPOSE_DYNAMIC_NAME) { - OPENSSL_free(p->name); - OPENSSL_free(p->sname); - } - OPENSSL_free(p); - } -} - -void X509_PURPOSE_cleanup(void) -{ - sk_X509_PURPOSE_pop_free(xptable, xptable_free); - xptable = NULL; -} - -int X509_PURPOSE_get_id(const X509_PURPOSE *xp) -{ - return xp->purpose; -} - -char *X509_PURPOSE_get0_name(const X509_PURPOSE *xp) -{ - return xp->name; -} - -char *X509_PURPOSE_get0_sname(const X509_PURPOSE *xp) -{ - return xp->sname; -} - -int X509_PURPOSE_get_trust(const X509_PURPOSE *xp) -{ - return xp->trust; -} - -static int nid_cmp(const int *a, const int *b) -{ - return *a - *b; -} - -DECLARE_OBJ_BSEARCH_CMP_FN(int, int, nid); -IMPLEMENT_OBJ_BSEARCH_CMP_FN(int, int, nid); - -int X509_supported_extension(X509_EXTENSION *ex) -{ - /* - * This table is a list of the NIDs of supported extensions: that is - * those which are used by the verify process. If an extension is - * critical and doesn't appear in this list then the verify process will - * normally reject the certificate. The list must be kept in numerical - * order because it will be searched using bsearch. - */ - static const int supported_nids[] = { - NID_netscape_cert_type, /* 71 */ - NID_key_usage, /* 83 */ - NID_subject_alt_name, /* 85 */ - NID_basic_constraints, /* 87 */ - NID_certificate_policies, /* 89 */ - NID_crl_distribution_points, /* 103 */ - NID_ext_key_usage, /* 126 */ -#ifndef OPENSSL_NO_RFC3779 - NID_sbgp_ipAddrBlock, /* 290 */ - NID_sbgp_autonomousSysNum, /* 291 */ -#endif - NID_id_pkix_OCSP_noCheck, /* 369 */ - NID_policy_constraints, /* 401 */ - NID_proxyCertInfo, /* 663 */ - NID_name_constraints, /* 666 */ - NID_policy_mappings, /* 747 */ - NID_inhibit_any_policy /* 748 */ - }; - - int ex_nid = OBJ_obj2nid(X509_EXTENSION_get_object(ex)); - - if (ex_nid == NID_undef) - return 0; - - if (OBJ_bsearch_nid(&ex_nid, supported_nids, OSSL_NELEM(supported_nids))) - return 1; - return 0; -} - -/* Returns 1 on success, 0 if x is invalid, -1 on (internal) error. */ -static int setup_dp(const X509 *x, DIST_POINT *dp) -{ - const X509_NAME *iname = NULL; - int i; - - if (dp->distpoint == NULL && sk_GENERAL_NAME_num(dp->CRLissuer) <= 0) { - ERR_raise(ERR_LIB_X509, X509_R_INVALID_DISTPOINT); - return 0; - } - if (dp->reasons != NULL) { - if (dp->reasons->length > 0) - dp->dp_reasons = dp->reasons->data[0]; - if (dp->reasons->length > 1) - dp->dp_reasons |= (dp->reasons->data[1] << 8); - dp->dp_reasons &= CRLDP_ALL_REASONS; - } else { - dp->dp_reasons = CRLDP_ALL_REASONS; - } - if (dp->distpoint == NULL || dp->distpoint->type != 1) - return 1; - - /* Handle name fragment given by nameRelativeToCRLIssuer */ - /* - * Note that the below way of determining iname is not really compliant - * with https://tools.ietf.org/html/rfc5280#section-4.2.1.13 - * According to it, sk_GENERAL_NAME_num(dp->CRLissuer) MUST be <= 1 - * and any CRLissuer could be of type different to GEN_DIRNAME. - */ - for (i = 0; i < sk_GENERAL_NAME_num(dp->CRLissuer); i++) { - GENERAL_NAME *gen = sk_GENERAL_NAME_value(dp->CRLissuer, i); - - if (gen->type == GEN_DIRNAME) { - iname = gen->d.directoryName; - break; - } - } - if (iname == NULL) - iname = X509_get_issuer_name(x); - return DIST_POINT_set_dpname(dp->distpoint, iname) ? 1 : -1; -} - -/* Return 1 on success, 0 if x is invalid, -1 on (internal) error. */ -static int setup_crldp(X509 *x) -{ - int i; - - x->crldp = X509_get_ext_d2i(x, NID_crl_distribution_points, &i, NULL); - if (x->crldp == NULL && i != -1) - return 0; - - for (i = 0; i < sk_DIST_POINT_num(x->crldp); i++) { - int res = setup_dp(x, sk_DIST_POINT_value(x->crldp, i)); - - if (res < 1) - return res; - } - return 1; -} - -/* Check that issuer public key algorithm matches subject signature algorithm */ -static int check_sig_alg_match(const EVP_PKEY *issuer_key, const X509 *subject) -{ - int subj_sig_nid; - - if (issuer_key == NULL) - return X509_V_ERR_NO_ISSUER_PUBLIC_KEY; - if (OBJ_find_sigid_algs(OBJ_obj2nid(subject->cert_info.signature.algorithm), - NULL, &subj_sig_nid) == 0) - return X509_V_ERR_UNSUPPORTED_SIGNATURE_ALGORITHM; - if (EVP_PKEY_is_a(issuer_key, OBJ_nid2sn(subj_sig_nid)) - || (EVP_PKEY_is_a(issuer_key, "RSA") && subj_sig_nid == NID_rsassaPss)) - return X509_V_OK; - return X509_V_ERR_SIGNATURE_ALGORITHM_MISMATCH; -} - -#define V1_ROOT (EXFLAG_V1|EXFLAG_SS) -#define ku_reject(x, usage) \ - (((x)->ex_flags & EXFLAG_KUSAGE) != 0 && ((x)->ex_kusage & (usage)) == 0) -#define xku_reject(x, usage) \ - (((x)->ex_flags & EXFLAG_XKUSAGE) != 0 && ((x)->ex_xkusage & (usage)) == 0) -#define ns_reject(x, usage) \ - (((x)->ex_flags & EXFLAG_NSCERT) != 0 && ((x)->ex_nscert & (usage)) == 0) - -/* - * Cache info on various X.509v3 extensions and further derived information, - * e.g., if cert 'x' is self-issued, in x->ex_flags and other internal fields. - * x->sha1_hash is filled in, or else EXFLAG_NO_FINGERPRINT is set in x->flags. - * X509_SIG_INFO_VALID is set in x->flags if x->siginf was filled successfully. - * Set EXFLAG_INVALID and return 0 in case the certificate is invalid. - */ -int ossl_x509v3_cache_extensions(X509 *x) -{ - BASIC_CONSTRAINTS *bs; - PROXY_CERT_INFO_EXTENSION *pci; - ASN1_BIT_STRING *usage; - ASN1_BIT_STRING *ns; - EXTENDED_KEY_USAGE *extusage; - int i; - int res; - -#ifdef tsan_ld_acq - /* Fast lock-free check, see end of the function for details. */ - if (tsan_ld_acq((TSAN_QUALIFIER int *)&x->ex_cached)) - return (x->ex_flags & EXFLAG_INVALID) == 0; -#endif - - if (!CRYPTO_THREAD_write_lock(x->lock)) - return 0; - if (x->ex_flags & EXFLAG_SET) { /* Cert has already been processed */ - CRYPTO_THREAD_unlock(x->lock); - return (x->ex_flags & EXFLAG_INVALID) == 0; - } - - /* Cache the SHA1 digest of the cert */ - if (!X509_digest(x, EVP_sha1(), x->sha1_hash, NULL)) - x->ex_flags |= EXFLAG_NO_FINGERPRINT; - - ERR_set_mark(); - - /* V1 should mean no extensions ... */ - if (X509_get_version(x) == X509_VERSION_1) - x->ex_flags |= EXFLAG_V1; - - /* Handle basic constraints */ - x->ex_pathlen = -1; - if ((bs = X509_get_ext_d2i(x, NID_basic_constraints, &i, NULL)) != NULL) { - if (bs->ca) - x->ex_flags |= EXFLAG_CA; - if (bs->pathlen != NULL) { - /* - * The error case !bs->ca is checked by check_chain() - * in case ctx->param->flags & X509_V_FLAG_X509_STRICT - */ - if (bs->pathlen->type == V_ASN1_NEG_INTEGER) { - ERR_raise(ERR_LIB_X509, X509V3_R_NEGATIVE_PATHLEN); - x->ex_flags |= EXFLAG_INVALID; - } else { - x->ex_pathlen = ASN1_INTEGER_get(bs->pathlen); - } - } - BASIC_CONSTRAINTS_free(bs); - x->ex_flags |= EXFLAG_BCONS; - } else if (i != -1) { - x->ex_flags |= EXFLAG_INVALID; - } - - /* Handle proxy certificates */ - if ((pci = X509_get_ext_d2i(x, NID_proxyCertInfo, &i, NULL)) != NULL) { - if (x->ex_flags & EXFLAG_CA - || X509_get_ext_by_NID(x, NID_subject_alt_name, -1) >= 0 - || X509_get_ext_by_NID(x, NID_issuer_alt_name, -1) >= 0) { - x->ex_flags |= EXFLAG_INVALID; - } - if (pci->pcPathLengthConstraint != NULL) - x->ex_pcpathlen = ASN1_INTEGER_get(pci->pcPathLengthConstraint); - else - x->ex_pcpathlen = -1; - PROXY_CERT_INFO_EXTENSION_free(pci); - x->ex_flags |= EXFLAG_PROXY; - } else if (i != -1) { - x->ex_flags |= EXFLAG_INVALID; - } - - /* Handle (basic) key usage */ - if ((usage = X509_get_ext_d2i(x, NID_key_usage, &i, NULL)) != NULL) { - x->ex_kusage = 0; - if (usage->length > 0) { - x->ex_kusage = usage->data[0]; - if (usage->length > 1) - x->ex_kusage |= usage->data[1] << 8; - } - x->ex_flags |= EXFLAG_KUSAGE; - ASN1_BIT_STRING_free(usage); - /* Check for empty key usage according to RFC 5280 section 4.2.1.3 */ - if (x->ex_kusage == 0) { - ERR_raise(ERR_LIB_X509, X509V3_R_EMPTY_KEY_USAGE); - x->ex_flags |= EXFLAG_INVALID; - } - } else if (i != -1) { - x->ex_flags |= EXFLAG_INVALID; - } - - /* Handle extended key usage */ - x->ex_xkusage = 0; - if ((extusage = X509_get_ext_d2i(x, NID_ext_key_usage, &i, NULL)) != NULL) { - x->ex_flags |= EXFLAG_XKUSAGE; - for (i = 0; i < sk_ASN1_OBJECT_num(extusage); i++) { - switch (OBJ_obj2nid(sk_ASN1_OBJECT_value(extusage, i))) { - case NID_server_auth: - x->ex_xkusage |= XKU_SSL_SERVER; - break; - case NID_client_auth: - x->ex_xkusage |= XKU_SSL_CLIENT; - break; - case NID_email_protect: - x->ex_xkusage |= XKU_SMIME; - break; - case NID_code_sign: - x->ex_xkusage |= XKU_CODE_SIGN; - break; - case NID_ms_sgc: - case NID_ns_sgc: - x->ex_xkusage |= XKU_SGC; - break; - case NID_OCSP_sign: - x->ex_xkusage |= XKU_OCSP_SIGN; - break; - case NID_time_stamp: - x->ex_xkusage |= XKU_TIMESTAMP; - break; - case NID_dvcs: - x->ex_xkusage |= XKU_DVCS; - break; - case NID_anyExtendedKeyUsage: - x->ex_xkusage |= XKU_ANYEKU; - break; - default: - /* Ignore unknown extended key usage */ - break; - } - } - sk_ASN1_OBJECT_pop_free(extusage, ASN1_OBJECT_free); - } else if (i != -1) { - x->ex_flags |= EXFLAG_INVALID; - } - - /* Handle legacy Netscape extension */ - if ((ns = X509_get_ext_d2i(x, NID_netscape_cert_type, &i, NULL)) != NULL) { - if (ns->length > 0) - x->ex_nscert = ns->data[0]; - else - x->ex_nscert = 0; - x->ex_flags |= EXFLAG_NSCERT; - ASN1_BIT_STRING_free(ns); - } else if (i != -1) { - x->ex_flags |= EXFLAG_INVALID; - } - - /* Handle subject key identifier and issuer/authority key identifier */ - x->skid = X509_get_ext_d2i(x, NID_subject_key_identifier, &i, NULL); - if (x->skid == NULL && i != -1) - x->ex_flags |= EXFLAG_INVALID; - - x->akid = X509_get_ext_d2i(x, NID_authority_key_identifier, &i, NULL); - if (x->akid == NULL && i != -1) - x->ex_flags |= EXFLAG_INVALID; - - /* Check if subject name matches issuer */ - if (X509_NAME_cmp(X509_get_subject_name(x), X509_get_issuer_name(x)) == 0) { - x->ex_flags |= EXFLAG_SI; /* Cert is self-issued */ - if (X509_check_akid(x, x->akid) == X509_V_OK /* SKID matches AKID */ - /* .. and the signature alg matches the PUBKEY alg: */ - && check_sig_alg_match(X509_get0_pubkey(x), x) == X509_V_OK) - x->ex_flags |= EXFLAG_SS; /* indicate self-signed */ - /* This is very related to ossl_x509_likely_issued(x, x) == X509_V_OK */ - } - - /* Handle subject alternative names and various other extensions */ - x->altname = X509_get_ext_d2i(x, NID_subject_alt_name, &i, NULL); - if (x->altname == NULL && i != -1) - x->ex_flags |= EXFLAG_INVALID; - x->nc = X509_get_ext_d2i(x, NID_name_constraints, &i, NULL); - if (x->nc == NULL && i != -1) - x->ex_flags |= EXFLAG_INVALID; - - /* Handle CRL distribution point entries */ - res = setup_crldp(x); - if (res == 0) - x->ex_flags |= EXFLAG_INVALID; - else if (res < 0) - goto err; - -#ifndef OPENSSL_NO_RFC3779 - x->rfc3779_addr = X509_get_ext_d2i(x, NID_sbgp_ipAddrBlock, &i, NULL); - if (x->rfc3779_addr == NULL && i != -1) - x->ex_flags |= EXFLAG_INVALID; - x->rfc3779_asid = X509_get_ext_d2i(x, NID_sbgp_autonomousSysNum, &i, NULL); - if (x->rfc3779_asid == NULL && i != -1) - x->ex_flags |= EXFLAG_INVALID; -#endif - for (i = 0; i < X509_get_ext_count(x); i++) { - X509_EXTENSION *ex = X509_get_ext(x, i); - int nid = OBJ_obj2nid(X509_EXTENSION_get_object(ex)); - - if (nid == NID_freshest_crl) - x->ex_flags |= EXFLAG_FRESHEST; - if (!X509_EXTENSION_get_critical(ex)) - continue; - if (!X509_supported_extension(ex)) { - x->ex_flags |= EXFLAG_CRITICAL; - break; - } - switch (nid) { - case NID_basic_constraints: - x->ex_flags |= EXFLAG_BCONS_CRITICAL; - break; - case NID_authority_key_identifier: - x->ex_flags |= EXFLAG_AKID_CRITICAL; - break; - case NID_subject_key_identifier: - x->ex_flags |= EXFLAG_SKID_CRITICAL; - break; - case NID_subject_alt_name: - x->ex_flags |= EXFLAG_SAN_CRITICAL; - break; - default: - break; - } - } - - /* Set x->siginf, ignoring errors due to unsupported algos */ - (void)ossl_x509_init_sig_info(x); - - x->ex_flags |= EXFLAG_SET; /* Indicate that cert has been processed */ -#ifdef tsan_st_rel - tsan_st_rel((TSAN_QUALIFIER int *)&x->ex_cached, 1); - /* - * Above store triggers fast lock-free check in the beginning of the - * function. But one has to ensure that the structure is "stable", i.e. - * all stores are visible on all processors. Hence the release fence. - */ -#endif - ERR_pop_to_mark(); - if ((x->ex_flags & (EXFLAG_INVALID | EXFLAG_NO_FINGERPRINT)) == 0) { - CRYPTO_THREAD_unlock(x->lock); - return 1; - } - if ((x->ex_flags & EXFLAG_INVALID) != 0) - ERR_raise(ERR_LIB_X509, X509V3_R_INVALID_CERTIFICATE); - /* If computing sha1_hash failed the error queue already reflects this. */ - - err: - x->ex_flags |= EXFLAG_SET; /* indicate that cert has been processed */ - CRYPTO_THREAD_unlock(x->lock); - return 0; -} - -/*- - * CA checks common to all purposes - * return codes: - * 0 not a CA - * 1 is a CA - * 2 Only possible in older versions of openSSL when basicConstraints are absent - * new versions will not return this value. May be a CA - * 3 basicConstraints absent but self-signed V1. - * 4 basicConstraints absent but keyUsage present and keyCertSign asserted. - * 5 Netscape specific CA Flags present - */ - -static int check_ca(const X509 *x) -{ - /* keyUsage if present should allow cert signing */ - if (ku_reject(x, KU_KEY_CERT_SIGN)) - return 0; - if ((x->ex_flags & EXFLAG_BCONS) != 0) { - /* If basicConstraints says not a CA then say so */ - return (x->ex_flags & EXFLAG_CA) != 0; - } else { - /* We support V1 roots for... uh, I don't really know why. */ - if ((x->ex_flags & V1_ROOT) == V1_ROOT) - return 3; - /* - * If key usage present it must have certSign so tolerate it - */ - else if (x->ex_flags & EXFLAG_KUSAGE) - return 4; - /* Older certificates could have Netscape-specific CA types */ - else if (x->ex_flags & EXFLAG_NSCERT && x->ex_nscert & NS_ANY_CA) - return 5; - /* Can this still be regarded a CA certificate? I doubt it. */ - return 0; - } -} - -void X509_set_proxy_flag(X509 *x) -{ - if (CRYPTO_THREAD_write_lock(x->lock)) { - x->ex_flags |= EXFLAG_PROXY; - CRYPTO_THREAD_unlock(x->lock); - } -} - -void X509_set_proxy_pathlen(X509 *x, long l) -{ - x->ex_pcpathlen = l; -} - -int X509_check_ca(X509 *x) -{ - /* Note 0 normally means "not a CA" - but in this case means error. */ - if (!ossl_x509v3_cache_extensions(x)) - return 0; - - return check_ca(x); -} - -/* Check SSL CA: common checks for SSL client and server. */ -static int check_ssl_ca(const X509 *x) -{ - int ca_ret = check_ca(x); - - if (ca_ret == 0) - return 0; - /* Check nsCertType if present */ - return ca_ret != 5 || (x->ex_nscert & NS_SSL_CA) != 0; -} - -static int check_purpose_ssl_client(const X509_PURPOSE *xp, const X509 *x, - int require_ca) -{ - if (xku_reject(x, XKU_SSL_CLIENT)) - return 0; - if (require_ca) - return check_ssl_ca(x); - /* We need to do digital signatures or key agreement */ - if (ku_reject(x, KU_DIGITAL_SIGNATURE | KU_KEY_AGREEMENT)) - return 0; - /* nsCertType if present should allow SSL client use */ - if (ns_reject(x, NS_SSL_CLIENT)) - return 0; - return 1; -} - -/* - * Key usage needed for TLS/SSL server: digital signature, encipherment or - * key agreement. The ssl code can check this more thoroughly for individual - * key types. - */ -#define KU_TLS \ - KU_DIGITAL_SIGNATURE|KU_KEY_ENCIPHERMENT|KU_KEY_AGREEMENT - -static int check_purpose_ssl_server(const X509_PURPOSE *xp, const X509 *x, - int require_ca) -{ - if (xku_reject(x, XKU_SSL_SERVER | XKU_SGC)) - return 0; - if (require_ca) - return check_ssl_ca(x); - - if (ns_reject(x, NS_SSL_SERVER)) - return 0; - if (ku_reject(x, KU_TLS)) - return 0; - - return 1; - -} - -static int check_purpose_ns_ssl_server(const X509_PURPOSE *xp, const X509 *x, - int require_ca) -{ - int ret; - ret = check_purpose_ssl_server(xp, x, require_ca); - if (!ret || require_ca) - return ret; - /* We need to encipher or Netscape complains */ - if (ku_reject(x, KU_KEY_ENCIPHERMENT)) - return 0; - return ret; -} - -/* common S/MIME checks */ -static int purpose_smime(const X509 *x, int require_ca) -{ - if (xku_reject(x, XKU_SMIME)) - return 0; - if (require_ca) { - int ca_ret; - ca_ret = check_ca(x); - if (ca_ret == 0) - return 0; - /* Check nsCertType if present */ - if (ca_ret != 5 || x->ex_nscert & NS_SMIME_CA) - return ca_ret; - else - return 0; - } - if (x->ex_flags & EXFLAG_NSCERT) { - if (x->ex_nscert & NS_SMIME) - return 1; - /* Workaround for some buggy certificates */ - if (x->ex_nscert & NS_SSL_CLIENT) - return 2; - return 0; - } - return 1; -} - -static int check_purpose_smime_sign(const X509_PURPOSE *xp, const X509 *x, - int require_ca) -{ - int ret; - ret = purpose_smime(x, require_ca); - if (!ret || require_ca) - return ret; - if (ku_reject(x, KU_DIGITAL_SIGNATURE | KU_NON_REPUDIATION)) - return 0; - return ret; -} - -static int check_purpose_smime_encrypt(const X509_PURPOSE *xp, const X509 *x, - int require_ca) -{ - int ret; - ret = purpose_smime(x, require_ca); - if (!ret || require_ca) - return ret; - if (ku_reject(x, KU_KEY_ENCIPHERMENT)) - return 0; - return ret; -} - -static int check_purpose_crl_sign(const X509_PURPOSE *xp, const X509 *x, - int require_ca) -{ - if (require_ca) { - int ca_ret; - if ((ca_ret = check_ca(x)) != 2) - return ca_ret; - else - return 0; - } - if (ku_reject(x, KU_CRL_SIGN)) - return 0; - return 1; -} - -/* - * OCSP helper: this is *not* a full OCSP check. It just checks that each CA - * is valid. Additional checks must be made on the chain. - */ -static int check_purpose_ocsp_helper(const X509_PURPOSE *xp, const X509 *x, - int require_ca) -{ - /* - * Must be a valid CA. Should we really support the "I don't know" value - * (2)? - */ - if (require_ca) - return check_ca(x); - /* Leaf certificate is checked in OCSP_verify() */ - return 1; -} - -static int check_purpose_timestamp_sign(const X509_PURPOSE *xp, const X509 *x, - int require_ca) -{ - int i_ext; - - /* If ca is true we must return if this is a valid CA certificate. */ - if (require_ca) - return check_ca(x); - - /* - * Check the optional key usage field: - * if Key Usage is present, it must be one of digitalSignature - * and/or nonRepudiation (other values are not consistent and shall - * be rejected). - */ - if ((x->ex_flags & EXFLAG_KUSAGE) - && ((x->ex_kusage & ~(KU_NON_REPUDIATION | KU_DIGITAL_SIGNATURE)) || - !(x->ex_kusage & (KU_NON_REPUDIATION | KU_DIGITAL_SIGNATURE)))) - return 0; - - /* Only time stamp key usage is permitted and it's required. */ - if (!(x->ex_flags & EXFLAG_XKUSAGE) || x->ex_xkusage != XKU_TIMESTAMP) - return 0; - - /* Extended Key Usage MUST be critical */ - i_ext = X509_get_ext_by_NID(x, NID_ext_key_usage, -1); - if (i_ext >= 0) { - X509_EXTENSION *ext = X509_get_ext((X509 *)x, i_ext); - if (!X509_EXTENSION_get_critical(ext)) - return 0; - } - - return 1; -} - -static int no_check_purpose(const X509_PURPOSE *xp, const X509 *x, - int require_ca) -{ - return 1; -} - -/*- - * Various checks to see if one certificate potentially issued the second. - * This can be used to prune a set of possible issuer certificates which - * have been looked up using some simple method such as by subject name. - * These are: - * 1. issuer_name(subject) == subject_name(issuer) - * 2. If akid(subject) exists, it matches the respective issuer fields. - * 3. subject signature algorithm == issuer public key algorithm - * 4. If key_usage(issuer) exists, it allows for signing subject. - * Note that this does not include actually checking the signature. - * Returns 0 for OK, or positive for reason for mismatch - * where reason codes match those for X509_verify_cert(). - */ -int X509_check_issued(X509 *issuer, X509 *subject) -{ - int ret; - - if ((ret = ossl_x509_likely_issued(issuer, subject)) != X509_V_OK) - return ret; - return ossl_x509_signing_allowed(issuer, subject); -} - -/* do the checks 1., 2., and 3. as described above for X509_check_issued() */ -int ossl_x509_likely_issued(X509 *issuer, X509 *subject) -{ - int ret; - - if (X509_NAME_cmp(X509_get_subject_name(issuer), - X509_get_issuer_name(subject)) != 0) - return X509_V_ERR_SUBJECT_ISSUER_MISMATCH; - - /* set issuer->skid and subject->akid */ - if (!ossl_x509v3_cache_extensions(issuer) - || !ossl_x509v3_cache_extensions(subject)) - return X509_V_ERR_UNSPECIFIED; - - ret = X509_check_akid(issuer, subject->akid); - if (ret != X509_V_OK) - return ret; - - /* Check if the subject signature alg matches the issuer's PUBKEY alg */ - return check_sig_alg_match(X509_get0_pubkey(issuer), subject); -} - -/*- - * Check if certificate I is allowed to issue certificate I - * according to the B field of I if present - * depending on any proxyCertInfo extension of I. - * Returns 0 for OK, or positive for reason for rejection - * where reason codes match those for X509_verify_cert(). - */ -int ossl_x509_signing_allowed(const X509 *issuer, const X509 *subject) -{ - if (subject->ex_flags & EXFLAG_PROXY) { - if (ku_reject(issuer, KU_DIGITAL_SIGNATURE)) - return X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE; - } else if (ku_reject(issuer, KU_KEY_CERT_SIGN)) - return X509_V_ERR_KEYUSAGE_NO_CERTSIGN; - return X509_V_OK; -} - -int X509_check_akid(const X509 *issuer, const AUTHORITY_KEYID *akid) -{ - if (akid == NULL) - return X509_V_OK; - - /* Check key ids (if present) */ - if (akid->keyid && issuer->skid && - ASN1_OCTET_STRING_cmp(akid->keyid, issuer->skid)) - return X509_V_ERR_AKID_SKID_MISMATCH; - /* Check serial number */ - if (akid->serial && - ASN1_INTEGER_cmp(X509_get0_serialNumber(issuer), akid->serial)) - return X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH; - /* Check issuer name */ - if (akid->issuer) { - /* - * Ugh, for some peculiar reason AKID includes SEQUENCE OF - * GeneralName. So look for a DirName. There may be more than one but - * we only take any notice of the first. - */ - GENERAL_NAMES *gens; - GENERAL_NAME *gen; - X509_NAME *nm = NULL; - int i; - gens = akid->issuer; - for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) { - gen = sk_GENERAL_NAME_value(gens, i); - if (gen->type == GEN_DIRNAME) { - nm = gen->d.dirn; - break; - } - } - if (nm != NULL && X509_NAME_cmp(nm, X509_get_issuer_name(issuer)) != 0) - return X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH; - } - return X509_V_OK; -} - -uint32_t X509_get_extension_flags(X509 *x) -{ - /* Call for side-effect of computing hash and caching extensions */ - X509_check_purpose(x, -1, 0); - return x->ex_flags; -} - -uint32_t X509_get_key_usage(X509 *x) -{ - /* Call for side-effect of computing hash and caching extensions */ - if (X509_check_purpose(x, -1, 0) != 1) - return 0; - if (x->ex_flags & EXFLAG_KUSAGE) - return x->ex_kusage; - return UINT32_MAX; -} - -uint32_t X509_get_extended_key_usage(X509 *x) -{ - /* Call for side-effect of computing hash and caching extensions */ - if (X509_check_purpose(x, -1, 0) != 1) - return 0; - if (x->ex_flags & EXFLAG_XKUSAGE) - return x->ex_xkusage; - return UINT32_MAX; -} - -const ASN1_OCTET_STRING *X509_get0_subject_key_id(X509 *x) -{ - /* Call for side-effect of computing hash and caching extensions */ - if (X509_check_purpose(x, -1, 0) != 1) - return NULL; - return x->skid; -} - -const ASN1_OCTET_STRING *X509_get0_authority_key_id(X509 *x) -{ - /* Call for side-effect of computing hash and caching extensions */ - if (X509_check_purpose(x, -1, 0) != 1) - return NULL; - return (x->akid != NULL ? x->akid->keyid : NULL); -} - -const GENERAL_NAMES *X509_get0_authority_issuer(X509 *x) -{ - /* Call for side-effect of computing hash and caching extensions */ - if (X509_check_purpose(x, -1, 0) != 1) - return NULL; - return (x->akid != NULL ? x->akid->issuer : NULL); -} - -const ASN1_INTEGER *X509_get0_authority_serial(X509 *x) -{ - /* Call for side-effect of computing hash and caching extensions */ - if (X509_check_purpose(x, -1, 0) != 1) - return NULL; - return (x->akid != NULL ? x->akid->serial : NULL); -} - -long X509_get_pathlen(X509 *x) -{ - /* Called for side effect of caching extensions */ - if (X509_check_purpose(x, -1, 0) != 1 - || (x->ex_flags & EXFLAG_BCONS) == 0) - return -1; - return x->ex_pathlen; -} - -long X509_get_proxy_pathlen(X509 *x) -{ - /* Called for side effect of caching extensions */ - if (X509_check_purpose(x, -1, 0) != 1 - || (x->ex_flags & EXFLAG_PROXY) == 0) - return -1; - return x->ex_pcpathlen; -} diff --git a/crypto/x509/v3_san.c b/crypto/x509/v3_san.c deleted file mode 100644 index c081f02e19e41896cd70fbb83c379507a4861499..0000000000000000000000000000000000000000 --- a/crypto/x509/v3_san.c +++ /dev/null @@ -1,691 +0,0 @@ -/* - * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/cryptlib.h" -#include "crypto/x509.h" -#include -#include -#include -#include "ext_dat.h" - -static GENERAL_NAMES *v2i_subject_alt(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, - STACK_OF(CONF_VALUE) *nval); -static GENERAL_NAMES *v2i_issuer_alt(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, - STACK_OF(CONF_VALUE) *nval); -static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p); -static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens); -static int do_othername(GENERAL_NAME *gen, const char *value, X509V3_CTX *ctx); -static int do_dirname(GENERAL_NAME *gen, const char *value, X509V3_CTX *ctx); - -const X509V3_EXT_METHOD ossl_v3_alt[3] = { - {NID_subject_alt_name, 0, ASN1_ITEM_ref(GENERAL_NAMES), - 0, 0, 0, 0, - 0, 0, - (X509V3_EXT_I2V) i2v_GENERAL_NAMES, - (X509V3_EXT_V2I)v2i_subject_alt, - NULL, NULL, NULL}, - - {NID_issuer_alt_name, 0, ASN1_ITEM_ref(GENERAL_NAMES), - 0, 0, 0, 0, - 0, 0, - (X509V3_EXT_I2V) i2v_GENERAL_NAMES, - (X509V3_EXT_V2I)v2i_issuer_alt, - NULL, NULL, NULL}, - - {NID_certificate_issuer, 0, ASN1_ITEM_ref(GENERAL_NAMES), - 0, 0, 0, 0, - 0, 0, - (X509V3_EXT_I2V) i2v_GENERAL_NAMES, - NULL, NULL, NULL, NULL}, -}; - -STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method, - GENERAL_NAMES *gens, - STACK_OF(CONF_VALUE) *ret) -{ - int i; - GENERAL_NAME *gen; - STACK_OF(CONF_VALUE) *tmpret = NULL, *origret = ret; - - for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) { - gen = sk_GENERAL_NAME_value(gens, i); - /* - * i2v_GENERAL_NAME allocates ret if it is NULL. If something goes - * wrong we need to free the stack - but only if it was empty when we - * originally entered this function. - */ - tmpret = i2v_GENERAL_NAME(method, gen, ret); - if (tmpret == NULL) { - if (origret == NULL) - sk_CONF_VALUE_pop_free(ret, X509V3_conf_free); - return NULL; - } - ret = tmpret; - } - if (ret == NULL) - return sk_CONF_VALUE_new_null(); - return ret; -} - -STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method, - GENERAL_NAME *gen, - STACK_OF(CONF_VALUE) *ret) -{ - char othername[300]; - char oline[256], *tmp; - - switch (gen->type) { - case GEN_OTHERNAME: - switch (OBJ_obj2nid(gen->d.otherName->type_id)) { - case NID_id_on_SmtpUTF8Mailbox: - if (gen->d.otherName->value->type != V_ASN1_UTF8STRING - || !x509v3_add_len_value_uchar("othername: SmtpUTF8Mailbox:", - gen->d.otherName->value->value.utf8string->data, - gen->d.otherName->value->value.utf8string->length, - &ret)) - return NULL; - break; - case NID_XmppAddr: - if (gen->d.otherName->value->type != V_ASN1_UTF8STRING - || !x509v3_add_len_value_uchar("othername: XmppAddr:", - gen->d.otherName->value->value.utf8string->data, - gen->d.otherName->value->value.utf8string->length, - &ret)) - return NULL; - break; - case NID_SRVName: - if (gen->d.otherName->value->type != V_ASN1_IA5STRING - || !x509v3_add_len_value_uchar("othername: SRVName:", - gen->d.otherName->value->value.ia5string->data, - gen->d.otherName->value->value.ia5string->length, - &ret)) - return NULL; - break; - case NID_ms_upn: - if (gen->d.otherName->value->type != V_ASN1_UTF8STRING - || !x509v3_add_len_value_uchar("othername: UPN:", - gen->d.otherName->value->value.utf8string->data, - gen->d.otherName->value->value.utf8string->length, - &ret)) - return NULL; - break; - case NID_NAIRealm: - if (gen->d.otherName->value->type != V_ASN1_UTF8STRING - || !x509v3_add_len_value_uchar("othername: NAIRealm:", - gen->d.otherName->value->value.utf8string->data, - gen->d.otherName->value->value.utf8string->length, - &ret)) - return NULL; - break; - default: - if (OBJ_obj2txt(oline, sizeof(oline), gen->d.otherName->type_id, 0) > 0) - BIO_snprintf(othername, sizeof(othername), "othername: %s:", - oline); - else - OPENSSL_strlcpy(othername, "othername:", sizeof(othername)); - - /* check if the value is something printable */ - if (gen->d.otherName->value->type == V_ASN1_IA5STRING) { - if (x509v3_add_len_value_uchar(othername, - gen->d.otherName->value->value.ia5string->data, - gen->d.otherName->value->value.ia5string->length, - &ret)) - return ret; - } - if (gen->d.otherName->value->type == V_ASN1_UTF8STRING) { - if (x509v3_add_len_value_uchar(othername, - gen->d.otherName->value->value.utf8string->data, - gen->d.otherName->value->value.utf8string->length, - &ret)) - return ret; - } - if (!X509V3_add_value(othername, "", &ret)) - return NULL; - break; - } - break; - - case GEN_X400: - if (!X509V3_add_value("X400Name", "", &ret)) - return NULL; - break; - - case GEN_EDIPARTY: - if (!X509V3_add_value("EdiPartyName", "", &ret)) - return NULL; - break; - - case GEN_EMAIL: - if (!x509v3_add_len_value_uchar("email", gen->d.ia5->data, - gen->d.ia5->length, &ret)) - return NULL; - break; - - case GEN_DNS: - if (!x509v3_add_len_value_uchar("DNS", gen->d.ia5->data, - gen->d.ia5->length, &ret)) - return NULL; - break; - - case GEN_URI: - if (!x509v3_add_len_value_uchar("URI", gen->d.ia5->data, - gen->d.ia5->length, &ret)) - return NULL; - break; - - case GEN_DIRNAME: - if (X509_NAME_oneline(gen->d.dirn, oline, sizeof(oline)) == NULL - || !X509V3_add_value("DirName", oline, &ret)) - return NULL; - break; - - case GEN_IPADD: - tmp = ossl_ipaddr_to_asc(gen->d.ip->data, gen->d.ip->length); - if (tmp == NULL || !X509V3_add_value("IP Address", tmp, &ret)) - ret = NULL; - OPENSSL_free(tmp); - break; - - case GEN_RID: - i2t_ASN1_OBJECT(oline, 256, gen->d.rid); - if (!X509V3_add_value("Registered ID", oline, &ret)) - return NULL; - break; - } - return ret; -} - -int GENERAL_NAME_print(BIO *out, GENERAL_NAME *gen) -{ - char *tmp; - int nid; - - switch (gen->type) { - case GEN_OTHERNAME: - nid = OBJ_obj2nid(gen->d.otherName->type_id); - /* Validate the types are as we expect before we use them */ - if ((nid == NID_SRVName - && gen->d.otherName->value->type != V_ASN1_IA5STRING) - || (nid != NID_SRVName - && gen->d.otherName->value->type != V_ASN1_UTF8STRING)) { - BIO_printf(out, "othername:"); - break; - } - - switch (nid) { - case NID_id_on_SmtpUTF8Mailbox: - BIO_printf(out, "othername:SmtpUTF8Mailbox:%.*s", - gen->d.otherName->value->value.utf8string->length, - gen->d.otherName->value->value.utf8string->data); - break; - case NID_XmppAddr: - BIO_printf(out, "othername:XmppAddr:%.*s", - gen->d.otherName->value->value.utf8string->length, - gen->d.otherName->value->value.utf8string->data); - break; - case NID_SRVName: - BIO_printf(out, "othername:SRVName:%.*s", - gen->d.otherName->value->value.ia5string->length, - gen->d.otherName->value->value.ia5string->data); - break; - case NID_ms_upn: - BIO_printf(out, "othername:UPN:%.*s", - gen->d.otherName->value->value.utf8string->length, - gen->d.otherName->value->value.utf8string->data); - break; - case NID_NAIRealm: - BIO_printf(out, "othername:NAIRealm:%.*s", - gen->d.otherName->value->value.utf8string->length, - gen->d.otherName->value->value.utf8string->data); - break; - default: - BIO_printf(out, "othername:"); - break; - } - break; - - case GEN_X400: - BIO_printf(out, "X400Name:"); - break; - - case GEN_EDIPARTY: - /* Maybe fix this: it is supported now */ - BIO_printf(out, "EdiPartyName:"); - break; - - case GEN_EMAIL: - BIO_printf(out, "email:"); - ASN1_STRING_print(out, gen->d.ia5); - break; - - case GEN_DNS: - BIO_printf(out, "DNS:"); - ASN1_STRING_print(out, gen->d.ia5); - break; - - case GEN_URI: - BIO_printf(out, "URI:"); - ASN1_STRING_print(out, gen->d.ia5); - break; - - case GEN_DIRNAME: - BIO_printf(out, "DirName:"); - X509_NAME_print_ex(out, gen->d.dirn, 0, XN_FLAG_ONELINE); - break; - - case GEN_IPADD: - tmp = ossl_ipaddr_to_asc(gen->d.ip->data, gen->d.ip->length); - if (tmp == NULL) - return 0; - BIO_printf(out, "IP Address:%s", tmp); - OPENSSL_free(tmp); - break; - - case GEN_RID: - BIO_printf(out, "Registered ID:"); - i2a_ASN1_OBJECT(out, gen->d.rid); - break; - } - return 1; -} - -static GENERAL_NAMES *v2i_issuer_alt(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, - STACK_OF(CONF_VALUE) *nval) -{ - const int num = sk_CONF_VALUE_num(nval); - GENERAL_NAMES *gens = sk_GENERAL_NAME_new_reserve(NULL, num); - int i; - - if (gens == NULL) { - ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); - sk_GENERAL_NAME_free(gens); - return NULL; - } - for (i = 0; i < num; i++) { - CONF_VALUE *cnf = sk_CONF_VALUE_value(nval, i); - - if (!ossl_v3_name_cmp(cnf->name, "issuer") - && cnf->value && strcmp(cnf->value, "copy") == 0) { - if (!copy_issuer(ctx, gens)) - goto err; - } else { - GENERAL_NAME *gen = v2i_GENERAL_NAME(method, ctx, cnf); - - if (gen == NULL) - goto err; - sk_GENERAL_NAME_push(gens, gen); /* no failure as it was reserved */ - } - } - return gens; - err: - sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free); - return NULL; -} - -/* Append subject altname of issuer to issuer alt name of subject */ - -static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens) -{ - GENERAL_NAMES *ialt; - GENERAL_NAME *gen; - X509_EXTENSION *ext; - int i, num; - - if (ctx != NULL && (ctx->flags & X509V3_CTX_TEST) != 0) - return 1; - if (!ctx || !ctx->issuer_cert) { - ERR_raise(ERR_LIB_X509V3, X509V3_R_NO_ISSUER_DETAILS); - goto err; - } - i = X509_get_ext_by_NID(ctx->issuer_cert, NID_subject_alt_name, -1); - if (i < 0) - return 1; - if ((ext = X509_get_ext(ctx->issuer_cert, i)) == NULL - || (ialt = X509V3_EXT_d2i(ext)) == NULL) { - ERR_raise(ERR_LIB_X509V3, X509V3_R_ISSUER_DECODE_ERROR); - goto err; - } - - num = sk_GENERAL_NAME_num(ialt); - if (!sk_GENERAL_NAME_reserve(gens, num)) { - ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); - goto err; - } - - for (i = 0; i < num; i++) { - gen = sk_GENERAL_NAME_value(ialt, i); - sk_GENERAL_NAME_push(gens, gen); /* no failure as it was reserved */ - } - sk_GENERAL_NAME_free(ialt); - - return 1; - - err: - return 0; - -} - -static GENERAL_NAMES *v2i_subject_alt(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, - STACK_OF(CONF_VALUE) *nval) -{ - GENERAL_NAMES *gens; - CONF_VALUE *cnf; - const int num = sk_CONF_VALUE_num(nval); - int i; - - gens = sk_GENERAL_NAME_new_reserve(NULL, num); - if (gens == NULL) { - ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); - sk_GENERAL_NAME_free(gens); - return NULL; - } - - for (i = 0; i < num; i++) { - cnf = sk_CONF_VALUE_value(nval, i); - if (ossl_v3_name_cmp(cnf->name, "email") == 0 - && cnf->value && strcmp(cnf->value, "copy") == 0) { - if (!copy_email(ctx, gens, 0)) - goto err; - } else if (ossl_v3_name_cmp(cnf->name, "email") == 0 - && cnf->value && strcmp(cnf->value, "move") == 0) { - if (!copy_email(ctx, gens, 1)) - goto err; - } else { - GENERAL_NAME *gen; - if ((gen = v2i_GENERAL_NAME(method, ctx, cnf)) == NULL) - goto err; - sk_GENERAL_NAME_push(gens, gen); /* no failure as it was reserved */ - } - } - return gens; - err: - sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free); - return NULL; -} - -/* - * Copy any email addresses in a certificate or request to GENERAL_NAMES - */ - -static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p) -{ - X509_NAME *nm; - ASN1_IA5STRING *email = NULL; - X509_NAME_ENTRY *ne; - GENERAL_NAME *gen = NULL; - int i = -1; - - if (ctx != NULL && (ctx->flags & X509V3_CTX_TEST) != 0) - return 1; - if (ctx == NULL - || (ctx->subject_cert == NULL && ctx->subject_req == NULL)) { - ERR_raise(ERR_LIB_X509V3, X509V3_R_NO_SUBJECT_DETAILS); - return 0; - } - /* Find the subject name */ - nm = ctx->subject_cert != NULL ? - X509_get_subject_name(ctx->subject_cert) : - X509_REQ_get_subject_name(ctx->subject_req); - - /* Now add any email address(es) to STACK */ - while ((i = X509_NAME_get_index_by_NID(nm, - NID_pkcs9_emailAddress, i)) >= 0) { - ne = X509_NAME_get_entry(nm, i); - email = ASN1_STRING_dup(X509_NAME_ENTRY_get_data(ne)); - if (move_p) { - X509_NAME_delete_entry(nm, i); - X509_NAME_ENTRY_free(ne); - i--; - } - if (email == NULL || (gen = GENERAL_NAME_new()) == NULL) { - ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); - goto err; - } - gen->d.ia5 = email; - email = NULL; - gen->type = GEN_EMAIL; - if (!sk_GENERAL_NAME_push(gens, gen)) { - ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); - goto err; - } - gen = NULL; - } - - return 1; - - err: - GENERAL_NAME_free(gen); - ASN1_IA5STRING_free(email); - return 0; - -} - -GENERAL_NAMES *v2i_GENERAL_NAMES(const X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) -{ - GENERAL_NAME *gen; - GENERAL_NAMES *gens; - CONF_VALUE *cnf; - const int num = sk_CONF_VALUE_num(nval); - int i; - - gens = sk_GENERAL_NAME_new_reserve(NULL, num); - if (gens == NULL) { - ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); - sk_GENERAL_NAME_free(gens); - return NULL; - } - - for (i = 0; i < num; i++) { - cnf = sk_CONF_VALUE_value(nval, i); - if ((gen = v2i_GENERAL_NAME(method, ctx, cnf)) == NULL) - goto err; - sk_GENERAL_NAME_push(gens, gen); /* no failure as it was reserved */ - } - return gens; - err: - sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free); - return NULL; -} - -GENERAL_NAME *v2i_GENERAL_NAME(const X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, CONF_VALUE *cnf) -{ - return v2i_GENERAL_NAME_ex(NULL, method, ctx, cnf, 0); -} - -GENERAL_NAME *a2i_GENERAL_NAME(GENERAL_NAME *out, - const X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, int gen_type, const char *value, - int is_nc) -{ - char is_string = 0; - GENERAL_NAME *gen = NULL; - - if (!value) { - ERR_raise(ERR_LIB_X509V3, X509V3_R_MISSING_VALUE); - return NULL; - } - - if (out) - gen = out; - else { - gen = GENERAL_NAME_new(); - if (gen == NULL) { - ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); - return NULL; - } - } - - switch (gen_type) { - case GEN_URI: - case GEN_EMAIL: - case GEN_DNS: - is_string = 1; - break; - - case GEN_RID: - { - ASN1_OBJECT *obj; - if ((obj = OBJ_txt2obj(value, 0)) == NULL) { - ERR_raise_data(ERR_LIB_X509V3, X509V3_R_BAD_OBJECT, - "value=%s", value); - goto err; - } - gen->d.rid = obj; - } - break; - - case GEN_IPADD: - if (is_nc) - gen->d.ip = a2i_IPADDRESS_NC(value); - else - gen->d.ip = a2i_IPADDRESS(value); - if (gen->d.ip == NULL) { - ERR_raise_data(ERR_LIB_X509V3, X509V3_R_BAD_IP_ADDRESS, - "value=%s", value); - goto err; - } - break; - - case GEN_DIRNAME: - if (!do_dirname(gen, value, ctx)) { - ERR_raise(ERR_LIB_X509V3, X509V3_R_DIRNAME_ERROR); - goto err; - } - break; - - case GEN_OTHERNAME: - if (!do_othername(gen, value, ctx)) { - ERR_raise(ERR_LIB_X509V3, X509V3_R_OTHERNAME_ERROR); - goto err; - } - break; - default: - ERR_raise(ERR_LIB_X509V3, X509V3_R_UNSUPPORTED_TYPE); - goto err; - } - - if (is_string) { - if ((gen->d.ia5 = ASN1_IA5STRING_new()) == NULL || - !ASN1_STRING_set(gen->d.ia5, (unsigned char *)value, - strlen(value))) { - ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); - goto err; - } - } - - gen->type = gen_type; - - return gen; - - err: - if (!out) - GENERAL_NAME_free(gen); - return NULL; -} - -GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out, - const X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, CONF_VALUE *cnf, int is_nc) -{ - int type; - - char *name, *value; - - name = cnf->name; - value = cnf->value; - - if (!value) { - ERR_raise(ERR_LIB_X509V3, X509V3_R_MISSING_VALUE); - return NULL; - } - - if (!ossl_v3_name_cmp(name, "email")) - type = GEN_EMAIL; - else if (!ossl_v3_name_cmp(name, "URI")) - type = GEN_URI; - else if (!ossl_v3_name_cmp(name, "DNS")) - type = GEN_DNS; - else if (!ossl_v3_name_cmp(name, "RID")) - type = GEN_RID; - else if (!ossl_v3_name_cmp(name, "IP")) - type = GEN_IPADD; - else if (!ossl_v3_name_cmp(name, "dirName")) - type = GEN_DIRNAME; - else if (!ossl_v3_name_cmp(name, "otherName")) - type = GEN_OTHERNAME; - else { - ERR_raise_data(ERR_LIB_X509V3, X509V3_R_UNSUPPORTED_OPTION, - "name=%s", name); - return NULL; - } - - return a2i_GENERAL_NAME(out, method, ctx, type, value, is_nc); - -} - -static int do_othername(GENERAL_NAME *gen, const char *value, X509V3_CTX *ctx) -{ - char *objtmp = NULL, *p; - int objlen; - - if ((p = strchr(value, ';')) == NULL) - return 0; - if ((gen->d.otherName = OTHERNAME_new()) == NULL) - return 0; - /* - * Free this up because we will overwrite it. no need to free type_id - * because it is static - */ - ASN1_TYPE_free(gen->d.otherName->value); - if ((gen->d.otherName->value = ASN1_generate_v3(p + 1, ctx)) == NULL) - return 0; - objlen = p - value; - objtmp = OPENSSL_strndup(value, objlen); - if (objtmp == NULL) - return 0; - gen->d.otherName->type_id = OBJ_txt2obj(objtmp, 0); - OPENSSL_free(objtmp); - if (!gen->d.otherName->type_id) - return 0; - return 1; -} - -static int do_dirname(GENERAL_NAME *gen, const char *value, X509V3_CTX *ctx) -{ - int ret = 0; - STACK_OF(CONF_VALUE) *sk = NULL; - X509_NAME *nm; - - if ((nm = X509_NAME_new()) == NULL) - goto err; - sk = X509V3_get_section(ctx, value); - if (!sk) { - ERR_raise_data(ERR_LIB_X509V3, X509V3_R_SECTION_NOT_FOUND, - "section=%s", value); - goto err; - } - /* FIXME: should allow other character types... */ - ret = X509V3_NAME_from_section(nm, sk, MBSTRING_ASC); - if (!ret) - goto err; - gen->d.dirn = nm; - -err: - if (ret == 0) - X509_NAME_free(nm); - X509V3_section_free(ctx, sk); - return ret; -} diff --git a/crypto/x509/v3_skid.c b/crypto/x509/v3_skid.c deleted file mode 100644 index 18223f2ef496bbcb5de75777619cf200a3d689fd..0000000000000000000000000000000000000000 --- a/crypto/x509/v3_skid.c +++ /dev/null @@ -1,111 +0,0 @@ -/* - * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/cryptlib.h" -#include -#include "crypto/x509.h" -#include "ext_dat.h" - -static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, char *str); -const X509V3_EXT_METHOD ossl_v3_skey_id = { - NID_subject_key_identifier, 0, ASN1_ITEM_ref(ASN1_OCTET_STRING), - 0, 0, 0, 0, - (X509V3_EXT_I2S)i2s_ASN1_OCTET_STRING, - (X509V3_EXT_S2I)s2i_skey_id, - 0, 0, 0, 0, - NULL -}; - -char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, - const ASN1_OCTET_STRING *oct) -{ - return OPENSSL_buf2hexstr(oct->data, oct->length); -} - -ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, const char *str) -{ - ASN1_OCTET_STRING *oct; - long length; - - if ((oct = ASN1_OCTET_STRING_new()) == NULL) { - ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); - return NULL; - } - - if ((oct->data = OPENSSL_hexstr2buf(str, &length)) == NULL) { - ASN1_OCTET_STRING_free(oct); - return NULL; - } - - oct->length = length; - - return oct; - -} - -ASN1_OCTET_STRING *ossl_x509_pubkey_hash(X509_PUBKEY *pubkey) -{ - ASN1_OCTET_STRING *oct; - const unsigned char *pk; - int pklen; - unsigned char pkey_dig[EVP_MAX_MD_SIZE]; - unsigned int diglen; - const char *propq; - OSSL_LIB_CTX *libctx; - EVP_MD *md; - - if (pubkey == NULL) { - ERR_raise(ERR_LIB_X509V3, X509V3_R_NO_PUBLIC_KEY); - return NULL; - } - if (!ossl_x509_PUBKEY_get0_libctx(&libctx, &propq, pubkey)) - return NULL; - if ((md = EVP_MD_fetch(libctx, SN_sha1, propq)) == NULL) - return NULL; - if ((oct = ASN1_OCTET_STRING_new()) == NULL) { - EVP_MD_free(md); - return NULL; - } - - X509_PUBKEY_get0_param(NULL, &pk, &pklen, NULL, pubkey); - if (EVP_Digest(pk, pklen, pkey_dig, &diglen, md, NULL) - && ASN1_OCTET_STRING_set(oct, pkey_dig, diglen)) { - EVP_MD_free(md); - return oct; - } - - EVP_MD_free(md); - ASN1_OCTET_STRING_free(oct); - return NULL; -} - -static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, char *str) -{ - if (strcmp(str, "none") == 0) - return ASN1_OCTET_STRING_new(); /* dummy */ - - if (strcmp(str, "hash") != 0) - return s2i_ASN1_OCTET_STRING(method, ctx /* not used */, str); - - if (ctx != NULL && (ctx->flags & X509V3_CTX_TEST) != 0) - return ASN1_OCTET_STRING_new(); - if (ctx == NULL - || (ctx->subject_cert == NULL && ctx->subject_req == NULL)) { - ERR_raise(ERR_LIB_X509V3, X509V3_R_NO_SUBJECT_DETAILS); - return NULL; - } - - return ossl_x509_pubkey_hash(ctx->subject_cert != NULL ? - ctx->subject_cert->cert_info.key : - ctx->subject_req->req_info.pubkey); -} diff --git a/crypto/x509/v3_sxnet.c b/crypto/x509/v3_sxnet.c deleted file mode 100644 index ca46dc1a5c321324ed9d34b79039eb8e6b3bac5e..0000000000000000000000000000000000000000 --- a/crypto/x509/v3_sxnet.c +++ /dev/null @@ -1,242 +0,0 @@ -/* - * Copyright 1999-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/cryptlib.h" -#include -#include -#include -#include -#include "ext_dat.h" - -/* Support for Thawte strong extranet extension */ - -#define SXNET_TEST - -static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out, - int indent); -#ifdef SXNET_TEST -static SXNET *sxnet_v2i(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, - STACK_OF(CONF_VALUE) *nval); -#endif -const X509V3_EXT_METHOD ossl_v3_sxnet = { - NID_sxnet, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(SXNET), - 0, 0, 0, 0, - 0, 0, - 0, -#ifdef SXNET_TEST - (X509V3_EXT_V2I)sxnet_v2i, -#else - 0, -#endif - (X509V3_EXT_I2R)sxnet_i2r, - 0, - NULL -}; - -ASN1_SEQUENCE(SXNETID) = { - ASN1_SIMPLE(SXNETID, zone, ASN1_INTEGER), - ASN1_SIMPLE(SXNETID, user, ASN1_OCTET_STRING) -} ASN1_SEQUENCE_END(SXNETID) - -IMPLEMENT_ASN1_FUNCTIONS(SXNETID) - -ASN1_SEQUENCE(SXNET) = { - ASN1_SIMPLE(SXNET, version, ASN1_INTEGER), - ASN1_SEQUENCE_OF(SXNET, ids, SXNETID) -} ASN1_SEQUENCE_END(SXNET) - -IMPLEMENT_ASN1_FUNCTIONS(SXNET) - -static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out, - int indent) -{ - int64_t v; - char *tmp; - SXNETID *id; - int i; - - /* - * Since we add 1 to the version number to display it, we don't support - * LONG_MAX since that would cause on overflow. - */ - if (!ASN1_INTEGER_get_int64(&v, sx->version) - || v >= LONG_MAX - || v < LONG_MIN) { - BIO_printf(out, "%*sVersion: ", indent, ""); - } else { - long vl = (long)v; - - BIO_printf(out, "%*sVersion: %ld (0x%lX)", indent, "", vl + 1, vl); - } - for (i = 0; i < sk_SXNETID_num(sx->ids); i++) { - id = sk_SXNETID_value(sx->ids, i); - tmp = i2s_ASN1_INTEGER(NULL, id->zone); - if (tmp == NULL) - return 0; - BIO_printf(out, "\n%*sZone: %s, User: ", indent, "", tmp); - OPENSSL_free(tmp); - ASN1_STRING_print(out, id->user); - } - return 1; -} - -#ifdef SXNET_TEST - -/* - * NBB: this is used for testing only. It should *not* be used for anything - * else because it will just take static IDs from the configuration file and - * they should really be separate values for each user. - */ - -static SXNET *sxnet_v2i(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, - STACK_OF(CONF_VALUE) *nval) -{ - CONF_VALUE *cnf; - SXNET *sx = NULL; - int i; - for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { - cnf = sk_CONF_VALUE_value(nval, i); - if (!SXNET_add_id_asc(&sx, cnf->name, cnf->value, -1)) - return NULL; - } - return sx; -} - -#endif - -/* Strong Extranet utility functions */ - -/* Add an id given the zone as an ASCII number */ - -int SXNET_add_id_asc(SXNET **psx, const char *zone, const char *user, int userlen) -{ - ASN1_INTEGER *izone; - - if ((izone = s2i_ASN1_INTEGER(NULL, zone)) == NULL) { - ERR_raise(ERR_LIB_X509V3, X509V3_R_ERROR_CONVERTING_ZONE); - return 0; - } - return SXNET_add_id_INTEGER(psx, izone, user, userlen); -} - -/* Add an id given the zone as an unsigned long */ - -int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, const char *user, - int userlen) -{ - ASN1_INTEGER *izone; - - if ((izone = ASN1_INTEGER_new()) == NULL - || !ASN1_INTEGER_set(izone, lzone)) { - ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); - ASN1_INTEGER_free(izone); - return 0; - } - return SXNET_add_id_INTEGER(psx, izone, user, userlen); - -} - -/* - * Add an id given the zone as an ASN1_INTEGER. Note this version uses the - * passed integer and doesn't make a copy so don't free it up afterwards. - */ - -int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *zone, const char *user, - int userlen) -{ - SXNET *sx = NULL; - SXNETID *id = NULL; - - if (psx == NULL || zone == NULL || user == NULL) { - ERR_raise(ERR_LIB_X509V3, X509V3_R_INVALID_NULL_ARGUMENT); - return 0; - } - if (userlen == -1) - userlen = strlen(user); - if (userlen > 64) { - ERR_raise(ERR_LIB_X509V3, X509V3_R_USER_TOO_LONG); - return 0; - } - if (*psx == NULL) { - if ((sx = SXNET_new()) == NULL) - goto err; - if (!ASN1_INTEGER_set(sx->version, 0)) - goto err; - } else - sx = *psx; - if (SXNET_get_id_INTEGER(sx, zone)) { - ERR_raise(ERR_LIB_X509V3, X509V3_R_DUPLICATE_ZONE_ID); - if (*psx == NULL) - SXNET_free(sx); - return 0; - } - - if ((id = SXNETID_new()) == NULL) - goto err; - if (userlen == -1) - userlen = strlen(user); - - if (!ASN1_OCTET_STRING_set(id->user, (const unsigned char *)user, userlen)) - goto err; - if (!sk_SXNETID_push(sx->ids, id)) - goto err; - id->zone = zone; - *psx = sx; - return 1; - - err: - ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); - SXNETID_free(id); - if (*psx == NULL) - SXNET_free(sx); - return 0; -} - -ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, const char *zone) -{ - ASN1_INTEGER *izone; - ASN1_OCTET_STRING *oct; - - if ((izone = s2i_ASN1_INTEGER(NULL, zone)) == NULL) { - ERR_raise(ERR_LIB_X509V3, X509V3_R_ERROR_CONVERTING_ZONE); - return NULL; - } - oct = SXNET_get_id_INTEGER(sx, izone); - ASN1_INTEGER_free(izone); - return oct; -} - -ASN1_OCTET_STRING *SXNET_get_id_ulong(SXNET *sx, unsigned long lzone) -{ - ASN1_INTEGER *izone; - ASN1_OCTET_STRING *oct; - - if ((izone = ASN1_INTEGER_new()) == NULL - || !ASN1_INTEGER_set(izone, lzone)) { - ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); - ASN1_INTEGER_free(izone); - return NULL; - } - oct = SXNET_get_id_INTEGER(sx, izone); - ASN1_INTEGER_free(izone); - return oct; -} - -ASN1_OCTET_STRING *SXNET_get_id_INTEGER(SXNET *sx, ASN1_INTEGER *zone) -{ - SXNETID *id; - int i; - for (i = 0; i < sk_SXNETID_num(sx->ids); i++) { - id = sk_SXNETID_value(sx->ids, i); - if (!ASN1_INTEGER_cmp(id->zone, zone)) - return id->user; - } - return NULL; -} diff --git a/crypto/x509/v3_tlsf.c b/crypto/x509/v3_tlsf.c deleted file mode 100644 index 3a457fa57bee7bb98d1e7ff9cf916c3ba6b2d165..0000000000000000000000000000000000000000 --- a/crypto/x509/v3_tlsf.c +++ /dev/null @@ -1,140 +0,0 @@ -/* - * Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include "e_os.h" -#include "internal/cryptlib.h" -#include -#include -#include -#include -#include "ext_dat.h" -#include "x509_local.h" - -static STACK_OF(CONF_VALUE) *i2v_TLS_FEATURE(const X509V3_EXT_METHOD *method, - TLS_FEATURE *tls_feature, - STACK_OF(CONF_VALUE) *ext_list); -static TLS_FEATURE *v2i_TLS_FEATURE(const X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, - STACK_OF(CONF_VALUE) *nval); - -ASN1_ITEM_TEMPLATE(TLS_FEATURE) = - ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, TLS_FEATURE, ASN1_INTEGER) -static_ASN1_ITEM_TEMPLATE_END(TLS_FEATURE) - -IMPLEMENT_ASN1_ALLOC_FUNCTIONS(TLS_FEATURE) - -const X509V3_EXT_METHOD ossl_v3_tls_feature = { - NID_tlsfeature, 0, - ASN1_ITEM_ref(TLS_FEATURE), - 0, 0, 0, 0, - 0, 0, - (X509V3_EXT_I2V)i2v_TLS_FEATURE, - (X509V3_EXT_V2I)v2i_TLS_FEATURE, - 0, 0, - NULL -}; - - -typedef struct { - long num; - const char *name; -} TLS_FEATURE_NAME; - -static TLS_FEATURE_NAME tls_feature_tbl[] = { - { 5, "status_request" }, - { 17, "status_request_v2" } -}; - -/* - * i2v_TLS_FEATURE converts the TLS_FEATURE structure tls_feature into the - * STACK_OF(CONF_VALUE) structure ext_list. STACK_OF(CONF_VALUE) is the format - * used by the CONF library to represent a multi-valued extension. ext_list is - * returned. - */ -static STACK_OF(CONF_VALUE) *i2v_TLS_FEATURE(const X509V3_EXT_METHOD *method, - TLS_FEATURE *tls_feature, - STACK_OF(CONF_VALUE) *ext_list) -{ - int i; - size_t j; - ASN1_INTEGER *ai; - long tlsextid; - for (i = 0; i < sk_ASN1_INTEGER_num(tls_feature); i++) { - ai = sk_ASN1_INTEGER_value(tls_feature, i); - tlsextid = ASN1_INTEGER_get(ai); - for (j = 0; j < OSSL_NELEM(tls_feature_tbl); j++) - if (tlsextid == tls_feature_tbl[j].num) - break; - if (j < OSSL_NELEM(tls_feature_tbl)) - X509V3_add_value(NULL, tls_feature_tbl[j].name, &ext_list); - else - X509V3_add_value_int(NULL, ai, &ext_list); - } - return ext_list; -} - -/* - * v2i_TLS_FEATURE converts the multi-valued extension nval into a TLS_FEATURE - * structure, which is returned if the conversion is successful. In case of - * error, NULL is returned. - */ -static TLS_FEATURE *v2i_TLS_FEATURE(const X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) -{ - TLS_FEATURE *tlsf; - char *extval, *endptr; - ASN1_INTEGER *ai = NULL; - CONF_VALUE *val; - int i; - size_t j; - long tlsextid; - - if ((tlsf = sk_ASN1_INTEGER_new_null()) == NULL) { - ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); - return NULL; - } - - for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { - val = sk_CONF_VALUE_value(nval, i); - if (val->value) - extval = val->value; - else - extval = val->name; - - for (j = 0; j < OSSL_NELEM(tls_feature_tbl); j++) - if (OPENSSL_strcasecmp(extval, tls_feature_tbl[j].name) == 0) - break; - if (j < OSSL_NELEM(tls_feature_tbl)) - tlsextid = tls_feature_tbl[j].num; - else { - tlsextid = strtol(extval, &endptr, 10); - if (((*endptr) != '\0') || (extval == endptr) || (tlsextid < 0) || - (tlsextid > 65535)) { - ERR_raise(ERR_LIB_X509V3, X509V3_R_INVALID_SYNTAX); - X509V3_conf_add_error_name_value(val); - goto err; - } - } - - if ((ai = ASN1_INTEGER_new()) == NULL - || !ASN1_INTEGER_set(ai, tlsextid) - || sk_ASN1_INTEGER_push(tlsf, ai) <= 0) { - ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); - goto err; - } - /* So it doesn't get purged if an error occurs next time around */ - ai = NULL; - } - return tlsf; - - err: - sk_ASN1_INTEGER_pop_free(tlsf, ASN1_INTEGER_free); - ASN1_INTEGER_free(ai); - return NULL; -} diff --git a/crypto/x509/v3_utf8.c b/crypto/x509/v3_utf8.c deleted file mode 100644 index 1c4f79c4cd9b054c0a1caa1e650426841830559f..0000000000000000000000000000000000000000 --- a/crypto/x509/v3_utf8.c +++ /dev/null @@ -1,68 +0,0 @@ -/* - * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/cryptlib.h" -#include -#include -#include -#include "ext_dat.h" - -/* - * Subject Sign Tool (1.2.643.100.111) The name of the tool used to signs the subject (UTF8String) - * This extention is required to obtain the status of a qualified certificate at Russian Federation. - * RFC-style description is available here: https://tools.ietf.org/html/draft-deremin-rfc4491-bis-04#section-5 - * Russian Federal Law 63 "Digital Sign" is available here: http://www.consultant.ru/document/cons_doc_LAW_112701/ - */ - - -const X509V3_EXT_METHOD ossl_v3_utf8_list[1] = { - EXT_UTF8STRING(NID_subjectSignTool), -}; - -char *i2s_ASN1_UTF8STRING(X509V3_EXT_METHOD *method, - ASN1_UTF8STRING *utf8) -{ - char *tmp; - - if (utf8 == NULL || utf8->length == 0) { - ERR_raise(ERR_LIB_X509V3, ERR_R_PASSED_NULL_PARAMETER); - return NULL; - } - if ((tmp = OPENSSL_malloc(utf8->length + 1)) == NULL) { - ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); - return NULL; - } - memcpy(tmp, utf8->data, utf8->length); - tmp[utf8->length] = 0; - return tmp; -} - -ASN1_UTF8STRING *s2i_ASN1_UTF8STRING(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, const char *str) -{ - ASN1_UTF8STRING *utf8; - if (str == NULL) { - ERR_raise(ERR_LIB_X509V3, X509V3_R_INVALID_NULL_ARGUMENT); - return NULL; - } - if ((utf8 = ASN1_UTF8STRING_new()) == NULL) { - ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); - return NULL; - } - if (!ASN1_STRING_set((ASN1_STRING *)utf8, str, strlen(str))) { - ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); - ASN1_UTF8STRING_free(utf8); - return NULL; - } -#ifdef CHARSET_EBCDIC - ebcdic2ascii(utf8->data, utf8->data, utf8->length); -#endif /* CHARSET_EBCDIC */ - return utf8; -} diff --git a/crypto/x509/v3_utl.c b/crypto/x509/v3_utl.c deleted file mode 100644 index 6e4ef26ed6082df39204ad2312fe39cd1b1ceeb2..0000000000000000000000000000000000000000 --- a/crypto/x509/v3_utl.c +++ /dev/null @@ -1,1358 +0,0 @@ -/* - * Copyright 1999-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* X509 v3 extension utilities */ - -#include "e_os.h" -#include "internal/cryptlib.h" -#include -#include -#include "crypto/ctype.h" -#include -#include -#include -#include "crypto/x509.h" -#include -#include "ext_dat.h" -#include "x509_local.h" - -static char *strip_spaces(char *name); -static int sk_strcmp(const char *const *a, const char *const *b); -static STACK_OF(OPENSSL_STRING) *get_email(const X509_NAME *name, - GENERAL_NAMES *gens); -static void str_free(OPENSSL_STRING str); -static int append_ia5(STACK_OF(OPENSSL_STRING) **sk, - const ASN1_IA5STRING *email); - -static int ipv4_from_asc(unsigned char *v4, const char *in); -static int ipv6_from_asc(unsigned char *v6, const char *in); -static int ipv6_cb(const char *elem, int len, void *usr); -static int ipv6_hex(unsigned char *out, const char *in, int inlen); - -/* Add a CONF_VALUE name value pair to stack */ - -static int x509v3_add_len_value(const char *name, const char *value, - size_t vallen, STACK_OF(CONF_VALUE) **extlist) -{ - CONF_VALUE *vtmp = NULL; - char *tname = NULL, *tvalue = NULL; - int sk_allocated = (*extlist == NULL); - - if (name != NULL && (tname = OPENSSL_strdup(name)) == NULL) - goto err; - if (value != NULL) { - /* We don't allow embeded NUL characters */ - if (memchr(value, 0, vallen) != NULL) - goto err; - tvalue = OPENSSL_strndup(value, vallen); - if (tvalue == NULL) - goto err; - } - if ((vtmp = OPENSSL_malloc(sizeof(*vtmp))) == NULL) - goto err; - if (sk_allocated && (*extlist = sk_CONF_VALUE_new_null()) == NULL) - goto err; - vtmp->section = NULL; - vtmp->name = tname; - vtmp->value = tvalue; - if (!sk_CONF_VALUE_push(*extlist, vtmp)) - goto err; - return 1; - err: - ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); - if (sk_allocated) { - sk_CONF_VALUE_free(*extlist); - *extlist = NULL; - } - OPENSSL_free(vtmp); - OPENSSL_free(tname); - OPENSSL_free(tvalue); - return 0; -} - -int X509V3_add_value(const char *name, const char *value, - STACK_OF(CONF_VALUE) **extlist) -{ - return x509v3_add_len_value(name, value, - value != NULL ? strlen((const char *)value) : 0, - extlist); -} - -int X509V3_add_value_uchar(const char *name, const unsigned char *value, - STACK_OF(CONF_VALUE) **extlist) -{ - return x509v3_add_len_value(name, (const char *)value, - value != NULL ? strlen((const char *)value) : 0, - extlist); -} - -int x509v3_add_len_value_uchar(const char *name, const unsigned char *value, - size_t vallen, STACK_OF(CONF_VALUE) **extlist) -{ - return x509v3_add_len_value(name, (const char *)value, vallen, extlist); -} - -/* Free function for STACK_OF(CONF_VALUE) */ - -void X509V3_conf_free(CONF_VALUE *conf) -{ - if (!conf) - return; - OPENSSL_free(conf->name); - OPENSSL_free(conf->value); - OPENSSL_free(conf->section); - OPENSSL_free(conf); -} - -int X509V3_add_value_bool(const char *name, int asn1_bool, - STACK_OF(CONF_VALUE) **extlist) -{ - if (asn1_bool) - return X509V3_add_value(name, "TRUE", extlist); - return X509V3_add_value(name, "FALSE", extlist); -} - -int X509V3_add_value_bool_nf(const char *name, int asn1_bool, - STACK_OF(CONF_VALUE) **extlist) -{ - if (asn1_bool) - return X509V3_add_value(name, "TRUE", extlist); - return 1; -} - -static char *bignum_to_string(const BIGNUM *bn) -{ - char *tmp, *ret; - size_t len; - - /* - * Display large numbers in hex and small numbers in decimal. Converting to - * decimal takes quadratic time and is no more useful than hex for large - * numbers. - */ - if (BN_num_bits(bn) < 128) - return BN_bn2dec(bn); - - tmp = BN_bn2hex(bn); - if (tmp == NULL) - return NULL; - - len = strlen(tmp) + 3; - ret = OPENSSL_malloc(len); - if (ret == NULL) { - ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); - OPENSSL_free(tmp); - return NULL; - } - - /* Prepend "0x", but place it after the "-" if negative. */ - if (tmp[0] == '-') { - OPENSSL_strlcpy(ret, "-0x", len); - OPENSSL_strlcat(ret, tmp + 1, len); - } else { - OPENSSL_strlcpy(ret, "0x", len); - OPENSSL_strlcat(ret, tmp, len); - } - OPENSSL_free(tmp); - return ret; -} - -char *i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *method, const ASN1_ENUMERATED *a) -{ - BIGNUM *bntmp = NULL; - char *strtmp = NULL; - - if (!a) - return NULL; - if ((bntmp = ASN1_ENUMERATED_to_BN(a, NULL)) == NULL - || (strtmp = bignum_to_string(bntmp)) == NULL) - ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); - BN_free(bntmp); - return strtmp; -} - -char *i2s_ASN1_INTEGER(X509V3_EXT_METHOD *method, const ASN1_INTEGER *a) -{ - BIGNUM *bntmp = NULL; - char *strtmp = NULL; - - if (!a) - return NULL; - if ((bntmp = ASN1_INTEGER_to_BN(a, NULL)) == NULL - || (strtmp = bignum_to_string(bntmp)) == NULL) - ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); - BN_free(bntmp); - return strtmp; -} - -ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *method, const char *value) -{ - BIGNUM *bn = NULL; - ASN1_INTEGER *aint; - int isneg, ishex; - int ret; - - if (value == NULL) { - ERR_raise(ERR_LIB_X509V3, X509V3_R_INVALID_NULL_VALUE); - return NULL; - } - bn = BN_new(); - if (bn == NULL) { - ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); - return NULL; - } - if (value[0] == '-') { - value++; - isneg = 1; - } else { - isneg = 0; - } - - if (value[0] == '0' && ((value[1] == 'x') || (value[1] == 'X'))) { - value += 2; - ishex = 1; - } else { - ishex = 0; - } - - if (ishex) - ret = BN_hex2bn(&bn, value); - else - ret = BN_dec2bn(&bn, value); - - if (!ret || value[ret]) { - BN_free(bn); - ERR_raise(ERR_LIB_X509V3, X509V3_R_BN_DEC2BN_ERROR); - return NULL; - } - - if (isneg && BN_is_zero(bn)) - isneg = 0; - - aint = BN_to_ASN1_INTEGER(bn, NULL); - BN_free(bn); - if (!aint) { - ERR_raise(ERR_LIB_X509V3, X509V3_R_BN_TO_ASN1_INTEGER_ERROR); - return NULL; - } - if (isneg) - aint->type |= V_ASN1_NEG; - return aint; -} - -int X509V3_add_value_int(const char *name, const ASN1_INTEGER *aint, - STACK_OF(CONF_VALUE) **extlist) -{ - char *strtmp; - int ret; - - if (!aint) - return 1; - if ((strtmp = i2s_ASN1_INTEGER(NULL, aint)) == NULL) - return 0; - ret = X509V3_add_value(name, strtmp, extlist); - OPENSSL_free(strtmp); - return ret; -} - -int X509V3_get_value_bool(const CONF_VALUE *value, int *asn1_bool) -{ - const char *btmp; - - if ((btmp = value->value) == NULL) - goto err; - if (strcmp(btmp, "TRUE") == 0 - || strcmp(btmp, "true") == 0 - || strcmp(btmp, "Y") == 0 - || strcmp(btmp, "y") == 0 - || strcmp(btmp, "YES") == 0 - || strcmp(btmp, "yes") == 0) { - *asn1_bool = 0xff; - return 1; - } - if (strcmp(btmp, "FALSE") == 0 - || strcmp(btmp, "false") == 0 - || strcmp(btmp, "N") == 0 - || strcmp(btmp, "n") == 0 - || strcmp(btmp, "NO") == 0 - || strcmp(btmp, "no") == 0) { - *asn1_bool = 0; - return 1; - } - err: - ERR_raise(ERR_LIB_X509V3, X509V3_R_INVALID_BOOLEAN_STRING); - X509V3_conf_add_error_name_value(value); - return 0; -} - -int X509V3_get_value_int(const CONF_VALUE *value, ASN1_INTEGER **aint) -{ - ASN1_INTEGER *itmp; - - if ((itmp = s2i_ASN1_INTEGER(NULL, value->value)) == NULL) { - X509V3_conf_add_error_name_value(value); - return 0; - } - *aint = itmp; - return 1; -} - -#define HDR_NAME 1 -#define HDR_VALUE 2 - -/* - * #define DEBUG - */ - -STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line) -{ - char *p, *q, c; - char *ntmp, *vtmp; - STACK_OF(CONF_VALUE) *values = NULL; - char *linebuf; - int state; - - /* We are going to modify the line so copy it first */ - linebuf = OPENSSL_strdup(line); - if (linebuf == NULL) { - ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); - goto err; - } - state = HDR_NAME; - ntmp = NULL; - /* Go through all characters */ - for (p = linebuf, q = linebuf; (c = *p) && (c != '\r') && (c != '\n'); - p++) { - - switch (state) { - case HDR_NAME: - if (c == ':') { - state = HDR_VALUE; - *p = 0; - ntmp = strip_spaces(q); - if (!ntmp) { - ERR_raise(ERR_LIB_X509V3, X509V3_R_INVALID_EMPTY_NAME); - goto err; - } - q = p + 1; - } else if (c == ',') { - *p = 0; - ntmp = strip_spaces(q); - q = p + 1; - if (!ntmp) { - ERR_raise(ERR_LIB_X509V3, X509V3_R_INVALID_EMPTY_NAME); - goto err; - } - if (!X509V3_add_value(ntmp, NULL, &values)) { - goto err; - } - } - break; - - case HDR_VALUE: - if (c == ',') { - state = HDR_NAME; - *p = 0; - vtmp = strip_spaces(q); - if (!vtmp) { - ERR_raise(ERR_LIB_X509V3, X509V3_R_INVALID_NULL_VALUE); - goto err; - } - if (!X509V3_add_value(ntmp, vtmp, &values)) { - goto err; - } - ntmp = NULL; - q = p + 1; - } - - } - } - - if (state == HDR_VALUE) { - vtmp = strip_spaces(q); - if (!vtmp) { - ERR_raise(ERR_LIB_X509V3, X509V3_R_INVALID_NULL_VALUE); - goto err; - } - if (!X509V3_add_value(ntmp, vtmp, &values)) { - goto err; - } - } else { - ntmp = strip_spaces(q); - if (!ntmp) { - ERR_raise(ERR_LIB_X509V3, X509V3_R_INVALID_EMPTY_NAME); - goto err; - } - if (!X509V3_add_value(ntmp, NULL, &values)) { - goto err; - } - } - OPENSSL_free(linebuf); - return values; - - err: - OPENSSL_free(linebuf); - sk_CONF_VALUE_pop_free(values, X509V3_conf_free); - return NULL; - -} - -/* Delete leading and trailing spaces from a string */ -static char *strip_spaces(char *name) -{ - char *p, *q; - - /* Skip over leading spaces */ - p = name; - while (*p && ossl_isspace(*p)) - p++; - if (*p == '\0') - return NULL; - q = p + strlen(p) - 1; - while ((q != p) && ossl_isspace(*q)) - q--; - if (p != q) - q[1] = 0; - if (*p == '\0') - return NULL; - return p; -} - - -/* - * V2I name comparison function: returns zero if 'name' matches cmp or cmp.* - */ - -int ossl_v3_name_cmp(const char *name, const char *cmp) -{ - int len, ret; - char c; - - len = strlen(cmp); - if ((ret = strncmp(name, cmp, len))) - return ret; - c = name[len]; - if (!c || (c == '.')) - return 0; - return 1; -} - -static int sk_strcmp(const char *const *a, const char *const *b) -{ - return strcmp(*a, *b); -} - -STACK_OF(OPENSSL_STRING) *X509_get1_email(X509 *x) -{ - GENERAL_NAMES *gens; - STACK_OF(OPENSSL_STRING) *ret; - - gens = X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL); - ret = get_email(X509_get_subject_name(x), gens); - sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free); - return ret; -} - -STACK_OF(OPENSSL_STRING) *X509_get1_ocsp(X509 *x) -{ - AUTHORITY_INFO_ACCESS *info; - STACK_OF(OPENSSL_STRING) *ret = NULL; - int i; - - info = X509_get_ext_d2i(x, NID_info_access, NULL, NULL); - if (!info) - return NULL; - for (i = 0; i < sk_ACCESS_DESCRIPTION_num(info); i++) { - ACCESS_DESCRIPTION *ad = sk_ACCESS_DESCRIPTION_value(info, i); - if (OBJ_obj2nid(ad->method) == NID_ad_OCSP) { - if (ad->location->type == GEN_URI) { - if (!append_ia5 - (&ret, ad->location->d.uniformResourceIdentifier)) - break; - } - } - } - AUTHORITY_INFO_ACCESS_free(info); - return ret; -} - -STACK_OF(OPENSSL_STRING) *X509_REQ_get1_email(X509_REQ *x) -{ - GENERAL_NAMES *gens; - STACK_OF(X509_EXTENSION) *exts; - STACK_OF(OPENSSL_STRING) *ret; - - exts = X509_REQ_get_extensions(x); - gens = X509V3_get_d2i(exts, NID_subject_alt_name, NULL, NULL); - ret = get_email(X509_REQ_get_subject_name(x), gens); - sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free); - sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free); - return ret; -} - -static STACK_OF(OPENSSL_STRING) *get_email(const X509_NAME *name, - GENERAL_NAMES *gens) -{ - STACK_OF(OPENSSL_STRING) *ret = NULL; - X509_NAME_ENTRY *ne; - const ASN1_IA5STRING *email; - GENERAL_NAME *gen; - int i = -1; - - /* Now add any email address(es) to STACK */ - /* First supplied X509_NAME */ - while ((i = X509_NAME_get_index_by_NID(name, - NID_pkcs9_emailAddress, i)) >= 0) { - ne = X509_NAME_get_entry(name, i); - email = X509_NAME_ENTRY_get_data(ne); - if (!append_ia5(&ret, email)) - return NULL; - } - for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) { - gen = sk_GENERAL_NAME_value(gens, i); - if (gen->type != GEN_EMAIL) - continue; - if (!append_ia5(&ret, gen->d.ia5)) - return NULL; - } - return ret; -} - -static void str_free(OPENSSL_STRING str) -{ - OPENSSL_free(str); -} - -static int append_ia5(STACK_OF(OPENSSL_STRING) **sk, - const ASN1_IA5STRING *email) -{ - char *emtmp; - - /* First some sanity checks */ - if (email->type != V_ASN1_IA5STRING) - return 1; - if (email->data == NULL || email->length == 0) - return 1; - if (memchr(email->data, 0, email->length) != NULL) - return 1; - if (*sk == NULL) - *sk = sk_OPENSSL_STRING_new(sk_strcmp); - if (*sk == NULL) - return 0; - - emtmp = OPENSSL_strndup((char *)email->data, email->length); - if (emtmp == NULL) { - X509_email_free(*sk); - *sk = NULL; - return 0; - } - - /* Don't add duplicates */ - if (sk_OPENSSL_STRING_find(*sk, emtmp) != -1) { - OPENSSL_free(emtmp); - return 1; - } - if (!sk_OPENSSL_STRING_push(*sk, emtmp)) { - OPENSSL_free(emtmp); /* free on push failure */ - X509_email_free(*sk); - *sk = NULL; - return 0; - } - return 1; -} - -void X509_email_free(STACK_OF(OPENSSL_STRING) *sk) -{ - sk_OPENSSL_STRING_pop_free(sk, str_free); -} - -typedef int (*equal_fn) (const unsigned char *pattern, size_t pattern_len, - const unsigned char *subject, size_t subject_len, - unsigned int flags); - -/* Skip pattern prefix to match "wildcard" subject */ -static void skip_prefix(const unsigned char **p, size_t *plen, - size_t subject_len, - unsigned int flags) -{ - const unsigned char *pattern = *p; - size_t pattern_len = *plen; - - /* - * If subject starts with a leading '.' followed by more octets, and - * pattern is longer, compare just an equal-length suffix with the - * full subject (starting at the '.'), provided the prefix contains - * no NULs. - */ - if ((flags & _X509_CHECK_FLAG_DOT_SUBDOMAINS) == 0) - return; - - while (pattern_len > subject_len && *pattern) { - if ((flags & X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS) && - *pattern == '.') - break; - ++pattern; - --pattern_len; - } - - /* Skip if entire prefix acceptable */ - if (pattern_len == subject_len) { - *p = pattern; - *plen = pattern_len; - } -} - -/* Compare while ASCII ignoring case. */ -static int equal_nocase(const unsigned char *pattern, size_t pattern_len, - const unsigned char *subject, size_t subject_len, - unsigned int flags) -{ - skip_prefix(&pattern, &pattern_len, subject_len, flags); - if (pattern_len != subject_len) - return 0; - while (pattern_len != 0) { - unsigned char l = *pattern; - unsigned char r = *subject; - - /* The pattern must not contain NUL characters. */ - if (l == 0) - return 0; - if (l != r) { - if ('A' <= l && l <= 'Z') - l = (l - 'A') + 'a'; - if ('A' <= r && r <= 'Z') - r = (r - 'A') + 'a'; - if (l != r) - return 0; - } - ++pattern; - ++subject; - --pattern_len; - } - return 1; -} - -/* Compare using memcmp. */ -static int equal_case(const unsigned char *pattern, size_t pattern_len, - const unsigned char *subject, size_t subject_len, - unsigned int flags) -{ - skip_prefix(&pattern, &pattern_len, subject_len, flags); - if (pattern_len != subject_len) - return 0; - return !memcmp(pattern, subject, pattern_len); -} - -/* - * RFC 5280, section 7.5, requires that only the domain is compared in a - * case-insensitive manner. - */ -static int equal_email(const unsigned char *a, size_t a_len, - const unsigned char *b, size_t b_len, - unsigned int unused_flags) -{ - size_t i = a_len; - - if (a_len != b_len) - return 0; - /* - * We search backwards for the '@' character, so that we do not have to - * deal with quoted local-parts. The domain part is compared in a - * case-insensitive manner. - */ - while (i > 0) { - --i; - if (a[i] == '@' || b[i] == '@') { - if (!equal_nocase(a + i, a_len - i, b + i, a_len - i, 0)) - return 0; - break; - } - } - if (i == 0) - i = a_len; - return equal_case(a, i, b, i, 0); -} - -/* - * Compare the prefix and suffix with the subject, and check that the - * characters in-between are valid. - */ -static int wildcard_match(const unsigned char *prefix, size_t prefix_len, - const unsigned char *suffix, size_t suffix_len, - const unsigned char *subject, size_t subject_len, - unsigned int flags) -{ - const unsigned char *wildcard_start; - const unsigned char *wildcard_end; - const unsigned char *p; - int allow_multi = 0; - int allow_idna = 0; - - if (subject_len < prefix_len + suffix_len) - return 0; - if (!equal_nocase(prefix, prefix_len, subject, prefix_len, flags)) - return 0; - wildcard_start = subject + prefix_len; - wildcard_end = subject + (subject_len - suffix_len); - if (!equal_nocase(wildcard_end, suffix_len, suffix, suffix_len, flags)) - return 0; - /* - * If the wildcard makes up the entire first label, it must match at - * least one character. - */ - if (prefix_len == 0 && *suffix == '.') { - if (wildcard_start == wildcard_end) - return 0; - allow_idna = 1; - if (flags & X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS) - allow_multi = 1; - } - /* IDNA labels cannot match partial wildcards */ - if (!allow_idna && - subject_len >= 4 && OPENSSL_strncasecmp((char *)subject, "xn--", 4) == 0) - return 0; - /* The wildcard may match a literal '*' */ - if (wildcard_end == wildcard_start + 1 && *wildcard_start == '*') - return 1; - /* - * Check that the part matched by the wildcard contains only - * permitted characters and only matches a single label unless - * allow_multi is set. - */ - for (p = wildcard_start; p != wildcard_end; ++p) - if (!(('0' <= *p && *p <= '9') || - ('A' <= *p && *p <= 'Z') || - ('a' <= *p && *p <= 'z') || - *p == '-' || (allow_multi && *p == '.'))) - return 0; - return 1; -} - -#define LABEL_START (1 << 0) -#define LABEL_END (1 << 1) -#define LABEL_HYPHEN (1 << 2) -#define LABEL_IDNA (1 << 3) - -static const unsigned char *valid_star(const unsigned char *p, size_t len, - unsigned int flags) -{ - const unsigned char *star = 0; - size_t i; - int state = LABEL_START; - int dots = 0; - - for (i = 0; i < len; ++i) { - /* - * Locate first and only legal wildcard, either at the start - * or end of a non-IDNA first and not final label. - */ - if (p[i] == '*') { - int atstart = (state & LABEL_START); - int atend = (i == len - 1 || p[i + 1] == '.'); - /*- - * At most one wildcard per pattern. - * No wildcards in IDNA labels. - * No wildcards after the first label. - */ - if (star != NULL || (state & LABEL_IDNA) != 0 || dots) - return NULL; - /* Only full-label '*.example.com' wildcards? */ - if ((flags & X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS) - && (!atstart || !atend)) - return NULL; - /* No 'foo*bar' wildcards */ - if (!atstart && !atend) - return NULL; - star = &p[i]; - state &= ~LABEL_START; - } else if (('a' <= p[i] && p[i] <= 'z') - || ('A' <= p[i] && p[i] <= 'Z') - || ('0' <= p[i] && p[i] <= '9')) { - if ((state & LABEL_START) != 0 - && len - i >= 4 && OPENSSL_strncasecmp((char *)&p[i], "xn--", 4) == 0) - state |= LABEL_IDNA; - state &= ~(LABEL_HYPHEN | LABEL_START); - } else if (p[i] == '.') { - if ((state & (LABEL_HYPHEN | LABEL_START)) != 0) - return NULL; - state = LABEL_START; - ++dots; - } else if (p[i] == '-') { - /* no domain/subdomain starts with '-' */ - if ((state & LABEL_START) != 0) - return NULL; - state |= LABEL_HYPHEN; - } else { - return NULL; - } - } - - /* - * The final label must not end in a hyphen or ".", and - * there must be at least two dots after the star. - */ - if ((state & (LABEL_START | LABEL_HYPHEN)) != 0 || dots < 2) - return NULL; - return star; -} - -/* Compare using wildcards. */ -static int equal_wildcard(const unsigned char *pattern, size_t pattern_len, - const unsigned char *subject, size_t subject_len, - unsigned int flags) -{ - const unsigned char *star = NULL; - - /* - * Subject names starting with '.' can only match a wildcard pattern - * via a subject sub-domain pattern suffix match. - */ - if (!(subject_len > 1 && subject[0] == '.')) - star = valid_star(pattern, pattern_len, flags); - if (star == NULL) - return equal_nocase(pattern, pattern_len, - subject, subject_len, flags); - return wildcard_match(pattern, star - pattern, - star + 1, (pattern + pattern_len) - star - 1, - subject, subject_len, flags); -} - -/* - * Compare an ASN1_STRING to a supplied string. If they match return 1. If - * cmp_type > 0 only compare if string matches the type, otherwise convert it - * to UTF8. - */ - -static int do_check_string(const ASN1_STRING *a, int cmp_type, equal_fn equal, - unsigned int flags, const char *b, size_t blen, - char **peername) -{ - int rv = 0; - - if (!a->data || !a->length) - return 0; - if (cmp_type > 0) { - if (cmp_type != a->type) - return 0; - if (cmp_type == V_ASN1_IA5STRING) - rv = equal(a->data, a->length, (unsigned char *)b, blen, flags); - else if (a->length == (int)blen && !memcmp(a->data, b, blen)) - rv = 1; - if (rv > 0 && peername != NULL) { - *peername = OPENSSL_strndup((char *)a->data, a->length); - if (*peername == NULL) - return -1; - } - } else { - int astrlen; - unsigned char *astr; - astrlen = ASN1_STRING_to_UTF8(&astr, a); - if (astrlen < 0) { - /* - * -1 could be an internal malloc failure or a decoding error from - * malformed input; we can't distinguish. - */ - return -1; - } - rv = equal(astr, astrlen, (unsigned char *)b, blen, flags); - if (rv > 0 && peername != NULL) { - *peername = OPENSSL_strndup((char *)astr, astrlen); - if (*peername == NULL) { - OPENSSL_free(astr); - return -1; - } - } - OPENSSL_free(astr); - } - return rv; -} - -static int do_x509_check(X509 *x, const char *chk, size_t chklen, - unsigned int flags, int check_type, char **peername) -{ - GENERAL_NAMES *gens = NULL; - const X509_NAME *name = NULL; - int i; - int cnid = NID_undef; - int alt_type; - int san_present = 0; - int rv = 0; - equal_fn equal; - - /* See below, this flag is internal-only */ - flags &= ~_X509_CHECK_FLAG_DOT_SUBDOMAINS; - if (check_type == GEN_EMAIL) { - cnid = NID_pkcs9_emailAddress; - alt_type = V_ASN1_IA5STRING; - equal = equal_email; - } else if (check_type == GEN_DNS) { - cnid = NID_commonName; - /* Implicit client-side DNS sub-domain pattern */ - if (chklen > 1 && chk[0] == '.') - flags |= _X509_CHECK_FLAG_DOT_SUBDOMAINS; - alt_type = V_ASN1_IA5STRING; - if (flags & X509_CHECK_FLAG_NO_WILDCARDS) - equal = equal_nocase; - else - equal = equal_wildcard; - } else { - alt_type = V_ASN1_OCTET_STRING; - equal = equal_case; - } - - if (chklen == 0) - chklen = strlen(chk); - - gens = X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL); - if (gens) { - for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) { - GENERAL_NAME *gen; - ASN1_STRING *cstr; - - gen = sk_GENERAL_NAME_value(gens, i); - if ((gen->type == GEN_OTHERNAME) && (check_type == GEN_EMAIL)) { - if (OBJ_obj2nid(gen->d.otherName->type_id) == - NID_id_on_SmtpUTF8Mailbox) { - san_present = 1; - - /* - * If it is not a UTF8String then that is unexpected and we - * treat it as no match - */ - if (gen->d.otherName->value->type == V_ASN1_UTF8STRING) { - cstr = gen->d.otherName->value->value.utf8string; - - /* Positive on success, negative on error! */ - if ((rv = do_check_string(cstr, 0, equal, flags, - chk, chklen, peername)) != 0) - break; - } - } else - continue; - } else { - if ((gen->type != check_type) && (gen->type != GEN_OTHERNAME)) - continue; - } - san_present = 1; - if (check_type == GEN_EMAIL) - cstr = gen->d.rfc822Name; - else if (check_type == GEN_DNS) - cstr = gen->d.dNSName; - else - cstr = gen->d.iPAddress; - /* Positive on success, negative on error! */ - if ((rv = do_check_string(cstr, alt_type, equal, flags, - chk, chklen, peername)) != 0) - break; - } - GENERAL_NAMES_free(gens); - if (rv != 0) - return rv; - if (san_present && !(flags & X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT)) - return 0; - } - - /* We're done if CN-ID is not pertinent */ - if (cnid == NID_undef || (flags & X509_CHECK_FLAG_NEVER_CHECK_SUBJECT)) - return 0; - - i = -1; - name = X509_get_subject_name(x); - while ((i = X509_NAME_get_index_by_NID(name, cnid, i)) >= 0) { - const X509_NAME_ENTRY *ne = X509_NAME_get_entry(name, i); - const ASN1_STRING *str = X509_NAME_ENTRY_get_data(ne); - - /* Positive on success, negative on error! */ - if ((rv = do_check_string(str, -1, equal, flags, - chk, chklen, peername)) != 0) - return rv; - } - return 0; -} - -int X509_check_host(X509 *x, const char *chk, size_t chklen, - unsigned int flags, char **peername) -{ - if (chk == NULL) - return -2; - /* - * Embedded NULs are disallowed, except as the last character of a - * string of length 2 or more (tolerate caller including terminating - * NUL in string length). - */ - if (chklen == 0) - chklen = strlen(chk); - else if (memchr(chk, '\0', chklen > 1 ? chklen - 1 : chklen)) - return -2; - if (chklen > 1 && chk[chklen - 1] == '\0') - --chklen; - return do_x509_check(x, chk, chklen, flags, GEN_DNS, peername); -} - -int X509_check_email(X509 *x, const char *chk, size_t chklen, - unsigned int flags) -{ - if (chk == NULL) - return -2; - /* - * Embedded NULs are disallowed, except as the last character of a - * string of length 2 or more (tolerate caller including terminating - * NUL in string length). - */ - if (chklen == 0) - chklen = strlen((char *)chk); - else if (memchr(chk, '\0', chklen > 1 ? chklen - 1 : chklen)) - return -2; - if (chklen > 1 && chk[chklen - 1] == '\0') - --chklen; - return do_x509_check(x, chk, chklen, flags, GEN_EMAIL, NULL); -} - -int X509_check_ip(X509 *x, const unsigned char *chk, size_t chklen, - unsigned int flags) -{ - if (chk == NULL) - return -2; - return do_x509_check(x, (char *)chk, chklen, flags, GEN_IPADD, NULL); -} - -int X509_check_ip_asc(X509 *x, const char *ipasc, unsigned int flags) -{ - unsigned char ipout[16]; - size_t iplen; - - if (ipasc == NULL) - return -2; - iplen = (size_t)ossl_a2i_ipadd(ipout, ipasc); - if (iplen == 0) - return -2; - return do_x509_check(x, (char *)ipout, iplen, flags, GEN_IPADD, NULL); -} - -char *ossl_ipaddr_to_asc(unsigned char *p, int len) -{ - /* - * 40 is enough space for the longest IPv6 address + nul terminator byte - * XXXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX\0 - */ - char buf[40], *out; - int i = 0, remain = 0, bytes = 0; - - switch (len) { - case 4: /* IPv4 */ - BIO_snprintf(buf, sizeof(buf), "%d.%d.%d.%d", p[0], p[1], p[2], p[3]); - break; - case 16: /* IPv6 */ - for (out = buf, i = 8, remain = sizeof(buf); - i-- > 0 && bytes >= 0; - remain -= bytes, out += bytes) { - const char *template = (i > 0 ? "%X:" : "%X"); - - bytes = BIO_snprintf(out, remain, template, p[0] << 8 | p[1]); - p += 2; - } - break; - default: - BIO_snprintf(buf, sizeof(buf), "", len); - break; - } - return OPENSSL_strdup(buf); -} - -/* - * Convert IP addresses both IPv4 and IPv6 into an OCTET STRING compatible - * with RFC3280. - */ - -ASN1_OCTET_STRING *a2i_IPADDRESS(const char *ipasc) -{ - unsigned char ipout[16]; - ASN1_OCTET_STRING *ret; - int iplen; - - /* If string contains a ':' assume IPv6 */ - - iplen = ossl_a2i_ipadd(ipout, ipasc); - - if (!iplen) - return NULL; - - ret = ASN1_OCTET_STRING_new(); - if (ret == NULL) - return NULL; - if (!ASN1_OCTET_STRING_set(ret, ipout, iplen)) { - ASN1_OCTET_STRING_free(ret); - return NULL; - } - return ret; -} - -ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc) -{ - ASN1_OCTET_STRING *ret = NULL; - unsigned char ipout[32]; - char *iptmp = NULL, *p; - int iplen1, iplen2; - - p = strchr(ipasc, '/'); - if (p == NULL) - return NULL; - iptmp = OPENSSL_strdup(ipasc); - if (iptmp == NULL) - return NULL; - p = iptmp + (p - ipasc); - *p++ = 0; - - iplen1 = ossl_a2i_ipadd(ipout, iptmp); - - if (!iplen1) - goto err; - - iplen2 = ossl_a2i_ipadd(ipout + iplen1, p); - - OPENSSL_free(iptmp); - iptmp = NULL; - - if (!iplen2 || (iplen1 != iplen2)) - goto err; - - ret = ASN1_OCTET_STRING_new(); - if (ret == NULL) - goto err; - if (!ASN1_OCTET_STRING_set(ret, ipout, iplen1 + iplen2)) - goto err; - - return ret; - - err: - OPENSSL_free(iptmp); - ASN1_OCTET_STRING_free(ret); - return NULL; -} - -int ossl_a2i_ipadd(unsigned char *ipout, const char *ipasc) -{ - /* If string contains a ':' assume IPv6 */ - - if (strchr(ipasc, ':')) { - if (!ipv6_from_asc(ipout, ipasc)) - return 0; - return 16; - } else { - if (!ipv4_from_asc(ipout, ipasc)) - return 0; - return 4; - } -} - -static int ipv4_from_asc(unsigned char *v4, const char *in) -{ - const char *p; - int a0, a1, a2, a3, n; - - if (sscanf(in, "%d.%d.%d.%d%n", &a0, &a1, &a2, &a3, &n) != 4) - return 0; - if ((a0 < 0) || (a0 > 255) || (a1 < 0) || (a1 > 255) - || (a2 < 0) || (a2 > 255) || (a3 < 0) || (a3 > 255)) - return 0; - p = in + n; - if (!(*p == '\0' || ossl_isspace(*p))) - return 0; - v4[0] = a0; - v4[1] = a1; - v4[2] = a2; - v4[3] = a3; - return 1; -} - -typedef struct { - /* Temporary store for IPV6 output */ - unsigned char tmp[16]; - /* Total number of bytes in tmp */ - int total; - /* The position of a zero (corresponding to '::') */ - int zero_pos; - /* Number of zeroes */ - int zero_cnt; -} IPV6_STAT; - -static int ipv6_from_asc(unsigned char *v6, const char *in) -{ - IPV6_STAT v6stat; - - v6stat.total = 0; - v6stat.zero_pos = -1; - v6stat.zero_cnt = 0; - /* - * Treat the IPv6 representation as a list of values separated by ':'. - * The presence of a '::' will parse as one, two or three zero length - * elements. - */ - if (!CONF_parse_list(in, ':', 0, ipv6_cb, &v6stat)) - return 0; - - /* Now for some sanity checks */ - - if (v6stat.zero_pos == -1) { - /* If no '::' must have exactly 16 bytes */ - if (v6stat.total != 16) - return 0; - } else { - /* If '::' must have less than 16 bytes */ - if (v6stat.total == 16) - return 0; - /* More than three zeroes is an error */ - if (v6stat.zero_cnt > 3) { - return 0; - /* Can only have three zeroes if nothing else present */ - } else if (v6stat.zero_cnt == 3) { - if (v6stat.total > 0) - return 0; - } else if (v6stat.zero_cnt == 2) { - /* Can only have two zeroes if at start or end */ - if ((v6stat.zero_pos != 0) - && (v6stat.zero_pos != v6stat.total)) - return 0; - } else { - /* Can only have one zero if *not* start or end */ - if ((v6stat.zero_pos == 0) - || (v6stat.zero_pos == v6stat.total)) - return 0; - } - } - - /* Format result */ - - if (v6stat.zero_pos >= 0) { - /* Copy initial part */ - memcpy(v6, v6stat.tmp, v6stat.zero_pos); - /* Zero middle */ - memset(v6 + v6stat.zero_pos, 0, 16 - v6stat.total); - /* Copy final part */ - if (v6stat.total != v6stat.zero_pos) - memcpy(v6 + v6stat.zero_pos + 16 - v6stat.total, - v6stat.tmp + v6stat.zero_pos, - v6stat.total - v6stat.zero_pos); - } else { - memcpy(v6, v6stat.tmp, 16); - } - - return 1; -} - -static int ipv6_cb(const char *elem, int len, void *usr) -{ - IPV6_STAT *s = usr; - - /* Error if 16 bytes written */ - if (s->total == 16) - return 0; - if (len == 0) { - /* Zero length element, corresponds to '::' */ - if (s->zero_pos == -1) - s->zero_pos = s->total; - /* If we've already got a :: its an error */ - else if (s->zero_pos != s->total) - return 0; - s->zero_cnt++; - } else { - /* If more than 4 characters could be final a.b.c.d form */ - if (len > 4) { - /* Need at least 4 bytes left */ - if (s->total > 12) - return 0; - /* Must be end of string */ - if (elem[len]) - return 0; - if (!ipv4_from_asc(s->tmp + s->total, elem)) - return 0; - s->total += 4; - } else { - if (!ipv6_hex(s->tmp + s->total, elem, len)) - return 0; - s->total += 2; - } - } - return 1; -} - -/* - * Convert a string of up to 4 hex digits into the corresponding IPv6 form. - */ - -static int ipv6_hex(unsigned char *out, const char *in, int inlen) -{ - unsigned char c; - unsigned int num = 0; - int x; - - if (inlen > 4) - return 0; - while (inlen--) { - c = *in++; - num <<= 4; - x = OPENSSL_hexchar2int(c); - if (x < 0) - return 0; - num |= (char)x; - } - out[0] = num >> 8; - out[1] = num & 0xff; - return 1; -} - -int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE) *dn_sk, - unsigned long chtype) -{ - CONF_VALUE *v; - int i, mval, spec_char, plus_char; - char *p, *type; - - if (!nm) - return 0; - - for (i = 0; i < sk_CONF_VALUE_num(dn_sk); i++) { - v = sk_CONF_VALUE_value(dn_sk, i); - type = v->name; - /* - * Skip past any leading X. X: X, etc to allow for multiple instances - */ - for (p = type; *p; p++) { -#ifndef CHARSET_EBCDIC - spec_char = ((*p == ':') || (*p == ',') || (*p == '.')); -#else - spec_char = ((*p == os_toascii[':']) || (*p == os_toascii[',']) - || (*p == os_toascii['.'])); -#endif - if (spec_char) { - p++; - if (*p) - type = p; - break; - } - } -#ifndef CHARSET_EBCDIC - plus_char = (*type == '+'); -#else - plus_char = (*type == os_toascii['+']); -#endif - if (plus_char) { - mval = -1; - type++; - } else { - mval = 0; - } - if (!X509_NAME_add_entry_by_txt(nm, type, chtype, - (unsigned char *)v->value, -1, -1, - mval)) - return 0; - - } - return 1; -} diff --git a/crypto/x509/v3err.c b/crypto/x509/v3err.c deleted file mode 100644 index 6f38034c1afe765d58a8a7f4cd4f8ff051e06474..0000000000000000000000000000000000000000 --- a/crypto/x509/v3err.c +++ /dev/null @@ -1,147 +0,0 @@ -/* - * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include "crypto/x509v3err.h" - -#ifndef OPENSSL_NO_ERR - -static const ERR_STRING_DATA X509V3_str_reasons[] = { - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_BAD_IP_ADDRESS), "bad ip address"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_BAD_OBJECT), "bad object"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_BN_DEC2BN_ERROR), "bn dec2bn error"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_BN_TO_ASN1_INTEGER_ERROR), - "bn to asn1 integer error"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_DIRNAME_ERROR), "dirname error"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_DISTPOINT_ALREADY_SET), - "distpoint already set"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_DUPLICATE_ZONE_ID), - "duplicate zone id"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_EMPTY_KEY_USAGE), "empty key usage"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_ERROR_CONVERTING_ZONE), - "error converting zone"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_ERROR_CREATING_EXTENSION), - "error creating extension"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_ERROR_IN_EXTENSION), - "error in extension"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_EXPECTED_A_SECTION_NAME), - "expected a section name"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_EXTENSION_EXISTS), - "extension exists"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_EXTENSION_NAME_ERROR), - "extension name error"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_EXTENSION_NOT_FOUND), - "extension not found"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED), - "extension setting not supported"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_EXTENSION_VALUE_ERROR), - "extension value error"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_ILLEGAL_EMPTY_EXTENSION), - "illegal empty extension"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INCORRECT_POLICY_SYNTAX_TAG), - "incorrect policy syntax tag"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_ASNUMBER), - "invalid asnumber"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_ASRANGE), "invalid asrange"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_BOOLEAN_STRING), - "invalid boolean string"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_CERTIFICATE), - "invalid certificate"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_EMPTY_NAME), - "invalid empty name"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_EXTENSION_STRING), - "invalid extension string"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_INHERITANCE), - "invalid inheritance"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_IPADDRESS), - "invalid ipaddress"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_MULTIPLE_RDNS), - "invalid multiple rdns"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_NAME), "invalid name"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_NULL_ARGUMENT), - "invalid null argument"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_NULL_VALUE), - "invalid null value"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_NUMBER), "invalid number"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_NUMBERS), "invalid numbers"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_OBJECT_IDENTIFIER), - "invalid object identifier"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_OPTION), "invalid option"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_POLICY_IDENTIFIER), - "invalid policy identifier"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_PROXY_POLICY_SETTING), - "invalid proxy policy setting"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_PURPOSE), "invalid purpose"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_SAFI), "invalid safi"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_SECTION), "invalid section"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_SYNTAX), "invalid syntax"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_ISSUER_DECODE_ERROR), - "issuer decode error"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_MISSING_VALUE), "missing value"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_NEED_ORGANIZATION_AND_NUMBERS), - "need organization and numbers"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_NEGATIVE_PATHLEN), - "negative pathlen"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_NO_CONFIG_DATABASE), - "no config database"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_NO_ISSUER_CERTIFICATE), - "no issuer certificate"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_NO_ISSUER_DETAILS), - "no issuer details"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_NO_POLICY_IDENTIFIER), - "no policy identifier"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED), - "no proxy cert policy language defined"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_NO_PUBLIC_KEY), "no public key"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_NO_SUBJECT_DETAILS), - "no subject details"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_OPERATION_NOT_DEFINED), - "operation not defined"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_OTHERNAME_ERROR), "othername error"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_POLICY_LANGUAGE_ALREADY_DEFINED), - "policy language already defined"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_POLICY_PATH_LENGTH), - "policy path length"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_POLICY_PATH_LENGTH_ALREADY_DEFINED), - "policy path length already defined"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY), - "policy when proxy language requires no policy"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_SECTION_NOT_FOUND), - "section not found"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS), - "unable to get issuer details"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_UNABLE_TO_GET_ISSUER_KEYID), - "unable to get issuer keyid"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT), - "unknown bit string argument"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_UNKNOWN_EXTENSION), - "unknown extension"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_UNKNOWN_EXTENSION_NAME), - "unknown extension name"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_UNKNOWN_OPTION), "unknown option"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_UNSUPPORTED_OPTION), - "unsupported option"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_UNSUPPORTED_TYPE), - "unsupported type"}, - {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_USER_TOO_LONG), "user too long"}, - {0, NULL} -}; - -#endif - -int ossl_err_load_X509V3_strings(void) -{ -#ifndef OPENSSL_NO_ERR - if (ERR_reason_error_string(X509V3_str_reasons[0].error) == NULL) - ERR_load_strings_const(X509V3_str_reasons); -#endif - return 1; -} diff --git a/crypto/x509/x509_att.c b/crypto/x509/x509_att.c deleted file mode 100644 index 73ac59454d1f70f0d3362d297d8d9ae35f5375b8..0000000000000000000000000000000000000000 --- a/crypto/x509/x509_att.c +++ /dev/null @@ -1,349 +0,0 @@ -/* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/cryptlib.h" -#include -#include -#include -#include -#include -#include -#include "crypto/x509.h" -#include "x509_local.h" - -int X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) *x) -{ - return sk_X509_ATTRIBUTE_num(x); -} - -int X509at_get_attr_by_NID(const STACK_OF(X509_ATTRIBUTE) *x, int nid, - int lastpos) -{ - const ASN1_OBJECT *obj = OBJ_nid2obj(nid); - - if (obj == NULL) - return -2; - return X509at_get_attr_by_OBJ(x, obj, lastpos); -} - -int X509at_get_attr_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *sk, - const ASN1_OBJECT *obj, int lastpos) -{ - int n; - X509_ATTRIBUTE *ex; - - if (sk == NULL) - return -1; - lastpos++; - if (lastpos < 0) - lastpos = 0; - n = sk_X509_ATTRIBUTE_num(sk); - for (; lastpos < n; lastpos++) { - ex = sk_X509_ATTRIBUTE_value(sk, lastpos); - if (OBJ_cmp(ex->object, obj) == 0) - return lastpos; - } - return -1; -} - -X509_ATTRIBUTE *X509at_get_attr(const STACK_OF(X509_ATTRIBUTE) *x, int loc) -{ - if (x == NULL || sk_X509_ATTRIBUTE_num(x) <= loc || loc < 0) - return NULL; - - return sk_X509_ATTRIBUTE_value(x, loc); -} - -X509_ATTRIBUTE *X509at_delete_attr(STACK_OF(X509_ATTRIBUTE) *x, int loc) -{ - X509_ATTRIBUTE *ret; - - if (x == NULL || sk_X509_ATTRIBUTE_num(x) <= loc || loc < 0) - return NULL; - ret = sk_X509_ATTRIBUTE_delete(x, loc); - return ret; -} - -STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x, - X509_ATTRIBUTE *attr) -{ - X509_ATTRIBUTE *new_attr = NULL; - STACK_OF(X509_ATTRIBUTE) *sk = NULL; - - if (x == NULL) { - ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER); - return NULL; - } - - if (*x == NULL) { - if ((sk = sk_X509_ATTRIBUTE_new_null()) == NULL) - goto err; - } else { - sk = *x; - } - - if ((new_attr = X509_ATTRIBUTE_dup(attr)) == NULL) - goto err2; - if (!sk_X509_ATTRIBUTE_push(sk, new_attr)) - goto err; - if (*x == NULL) - *x = sk; - return sk; - err: - ERR_raise(ERR_LIB_X509, ERR_R_MALLOC_FAILURE); - err2: - X509_ATTRIBUTE_free(new_attr); - if (*x == NULL) - sk_X509_ATTRIBUTE_free(sk); - return NULL; -} - -STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_OBJ(STACK_OF(X509_ATTRIBUTE) - **x, const ASN1_OBJECT *obj, - int type, - const unsigned char *bytes, - int len) -{ - X509_ATTRIBUTE *attr; - STACK_OF(X509_ATTRIBUTE) *ret; - attr = X509_ATTRIBUTE_create_by_OBJ(NULL, obj, type, bytes, len); - if (!attr) - return 0; - ret = X509at_add1_attr(x, attr); - X509_ATTRIBUTE_free(attr); - return ret; -} - -STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE) - **x, int nid, int type, - const unsigned char *bytes, - int len) -{ - X509_ATTRIBUTE *attr; - STACK_OF(X509_ATTRIBUTE) *ret; - attr = X509_ATTRIBUTE_create_by_NID(NULL, nid, type, bytes, len); - if (!attr) - return 0; - ret = X509at_add1_attr(x, attr); - X509_ATTRIBUTE_free(attr); - return ret; -} - -STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE) - **x, const char *attrname, - int type, - const unsigned char *bytes, - int len) -{ - X509_ATTRIBUTE *attr; - STACK_OF(X509_ATTRIBUTE) *ret; - attr = X509_ATTRIBUTE_create_by_txt(NULL, attrname, type, bytes, len); - if (!attr) - return 0; - ret = X509at_add1_attr(x, attr); - X509_ATTRIBUTE_free(attr); - return ret; -} - -void *X509at_get0_data_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *x, - const ASN1_OBJECT *obj, int lastpos, int type) -{ - int i; - X509_ATTRIBUTE *at; - i = X509at_get_attr_by_OBJ(x, obj, lastpos); - if (i == -1) - return NULL; - if ((lastpos <= -2) && (X509at_get_attr_by_OBJ(x, obj, i) != -1)) - return NULL; - at = X509at_get_attr(x, i); - if (lastpos <= -3 && (X509_ATTRIBUTE_count(at) != 1)) - return NULL; - return X509_ATTRIBUTE_get0_data(at, 0, type, NULL); -} - -STACK_OF(X509_ATTRIBUTE) *ossl_x509at_dup(const STACK_OF(X509_ATTRIBUTE) *x) -{ - int i, n; - STACK_OF(X509_ATTRIBUTE) *sk = NULL; - - n = sk_X509_ATTRIBUTE_num(x); - for (i = 0; i < n; ++i) { - X509_ATTRIBUTE *attr = sk_X509_ATTRIBUTE_value(x, i); - - if (X509at_add1_attr(&sk, attr) == NULL) { - sk_X509_ATTRIBUTE_pop_free(sk, X509_ATTRIBUTE_free); - return NULL; - } - } - return sk; -} - -X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid, - int atrtype, const void *data, - int len) -{ - ASN1_OBJECT *obj; - X509_ATTRIBUTE *ret; - - obj = OBJ_nid2obj(nid); - if (obj == NULL) { - ERR_raise(ERR_LIB_X509, X509_R_UNKNOWN_NID); - return NULL; - } - ret = X509_ATTRIBUTE_create_by_OBJ(attr, obj, atrtype, data, len); - if (ret == NULL) - ASN1_OBJECT_free(obj); - return ret; -} - -X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **attr, - const ASN1_OBJECT *obj, - int atrtype, const void *data, - int len) -{ - X509_ATTRIBUTE *ret; - - if ((attr == NULL) || (*attr == NULL)) { - if ((ret = X509_ATTRIBUTE_new()) == NULL) { - ERR_raise(ERR_LIB_X509, ERR_R_MALLOC_FAILURE); - return NULL; - } - } else - ret = *attr; - - if (!X509_ATTRIBUTE_set1_object(ret, obj)) - goto err; - if (!X509_ATTRIBUTE_set1_data(ret, atrtype, data, len)) - goto err; - - if ((attr != NULL) && (*attr == NULL)) - *attr = ret; - return ret; - err: - if ((attr == NULL) || (ret != *attr)) - X509_ATTRIBUTE_free(ret); - return NULL; -} - -X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_txt(X509_ATTRIBUTE **attr, - const char *atrname, int type, - const unsigned char *bytes, - int len) -{ - ASN1_OBJECT *obj; - X509_ATTRIBUTE *nattr; - - obj = OBJ_txt2obj(atrname, 0); - if (obj == NULL) { - ERR_raise_data(ERR_LIB_X509, X509_R_INVALID_FIELD_NAME, - "name=%s", atrname); - return NULL; - } - nattr = X509_ATTRIBUTE_create_by_OBJ(attr, obj, type, bytes, len); - ASN1_OBJECT_free(obj); - return nattr; -} - -int X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr, const ASN1_OBJECT *obj) -{ - if ((attr == NULL) || (obj == NULL)) - return 0; - ASN1_OBJECT_free(attr->object); - attr->object = OBJ_dup(obj); - return attr->object != NULL; -} - -int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, - const void *data, int len) -{ - ASN1_TYPE *ttmp = NULL; - ASN1_STRING *stmp = NULL; - int atype = 0; - if (!attr) - return 0; - if (attrtype & MBSTRING_FLAG) { - stmp = ASN1_STRING_set_by_NID(NULL, data, len, attrtype, - OBJ_obj2nid(attr->object)); - if (!stmp) { - ERR_raise(ERR_LIB_X509, ERR_R_ASN1_LIB); - return 0; - } - atype = stmp->type; - } else if (len != -1) { - if ((stmp = ASN1_STRING_type_new(attrtype)) == NULL) - goto err; - if (!ASN1_STRING_set(stmp, data, len)) - goto err; - atype = attrtype; - } - /* - * This is a bit naughty because the attribute should really have at - * least one value but some types use and zero length SET and require - * this. - */ - if (attrtype == 0) { - ASN1_STRING_free(stmp); - return 1; - } - if ((ttmp = ASN1_TYPE_new()) == NULL) - goto err; - if ((len == -1) && !(attrtype & MBSTRING_FLAG)) { - if (!ASN1_TYPE_set1(ttmp, attrtype, data)) - goto err; - } else { - ASN1_TYPE_set(ttmp, atype, stmp); - stmp = NULL; - } - if (!sk_ASN1_TYPE_push(attr->set, ttmp)) - goto err; - return 1; - err: - ERR_raise(ERR_LIB_X509, ERR_R_MALLOC_FAILURE); - ASN1_TYPE_free(ttmp); - ASN1_STRING_free(stmp); - return 0; -} - -int X509_ATTRIBUTE_count(const X509_ATTRIBUTE *attr) -{ - if (attr == NULL) - return 0; - return sk_ASN1_TYPE_num(attr->set); -} - -ASN1_OBJECT *X509_ATTRIBUTE_get0_object(X509_ATTRIBUTE *attr) -{ - if (attr == NULL) - return NULL; - return attr->object; -} - -void *X509_ATTRIBUTE_get0_data(X509_ATTRIBUTE *attr, int idx, - int atrtype, void *data) -{ - ASN1_TYPE *ttmp; - ttmp = X509_ATTRIBUTE_get0_type(attr, idx); - if (!ttmp) - return NULL; - if (atrtype == V_ASN1_BOOLEAN - || atrtype == V_ASN1_NULL - || atrtype != ASN1_TYPE_get(ttmp)) { - ERR_raise(ERR_LIB_X509, X509_R_WRONG_TYPE); - return NULL; - } - return ttmp->value.ptr; -} - -ASN1_TYPE *X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr, int idx) -{ - if (attr == NULL) - return NULL; - return sk_ASN1_TYPE_value(attr->set, idx); -} diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c deleted file mode 100644 index 5c9d91f4073d7480bc49f8a9ad516a368d645a35..0000000000000000000000000000000000000000 --- a/crypto/x509/x509_cmp.c +++ /dev/null @@ -1,585 +0,0 @@ -/* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/cryptlib.h" -#include -#include -#include -#include -#include -#include "crypto/x509.h" - -int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b) -{ - int i; - const X509_CINF *ai, *bi; - - if (b == NULL) - return a != NULL; - if (a == NULL) - return -1; - ai = &a->cert_info; - bi = &b->cert_info; - i = ASN1_INTEGER_cmp(&ai->serialNumber, &bi->serialNumber); - if (i != 0) - return i < 0 ? -1 : 1; - return X509_NAME_cmp(ai->issuer, bi->issuer); -} - -#ifndef OPENSSL_NO_MD5 -unsigned long X509_issuer_and_serial_hash(X509 *a) -{ - unsigned long ret = 0; - EVP_MD_CTX *ctx = EVP_MD_CTX_new(); - unsigned char md[16]; - char *f = NULL; - EVP_MD *digest = NULL; - - if (ctx == NULL) - goto err; - f = X509_NAME_oneline(a->cert_info.issuer, NULL, 0); - if (f == NULL) - goto err; - digest = EVP_MD_fetch(a->libctx, SN_md5, a->propq); - if (digest == NULL) - goto err; - - if (!EVP_DigestInit_ex(ctx, digest, NULL)) - goto err; - if (!EVP_DigestUpdate(ctx, (unsigned char *)f, strlen(f))) - goto err; - if (!EVP_DigestUpdate - (ctx, (unsigned char *)a->cert_info.serialNumber.data, - (unsigned long)a->cert_info.serialNumber.length)) - goto err; - if (!EVP_DigestFinal_ex(ctx, &(md[0]), NULL)) - goto err; - ret = (((unsigned long)md[0]) | ((unsigned long)md[1] << 8L) | - ((unsigned long)md[2] << 16L) | ((unsigned long)md[3] << 24L) - ) & 0xffffffffL; - err: - OPENSSL_free(f); - EVP_MD_free(digest); - EVP_MD_CTX_free(ctx); - return ret; -} -#endif - -int X509_issuer_name_cmp(const X509 *a, const X509 *b) -{ - return X509_NAME_cmp(a->cert_info.issuer, b->cert_info.issuer); -} - -int X509_subject_name_cmp(const X509 *a, const X509 *b) -{ - return X509_NAME_cmp(a->cert_info.subject, b->cert_info.subject); -} - -int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b) -{ - return X509_NAME_cmp(a->crl.issuer, b->crl.issuer); -} - -int X509_CRL_match(const X509_CRL *a, const X509_CRL *b) -{ - int rv; - - if ((a->flags & EXFLAG_NO_FINGERPRINT) == 0 - && (b->flags & EXFLAG_NO_FINGERPRINT) == 0) - rv = memcmp(a->sha1_hash, b->sha1_hash, SHA_DIGEST_LENGTH); - else - return -2; - - return rv < 0 ? -1 : rv > 0; -} - -X509_NAME *X509_get_issuer_name(const X509 *a) -{ - return a->cert_info.issuer; -} - -unsigned long X509_issuer_name_hash(X509 *x) -{ - return X509_NAME_hash_ex(x->cert_info.issuer, NULL, NULL, NULL); -} - -#ifndef OPENSSL_NO_MD5 -unsigned long X509_issuer_name_hash_old(X509 *x) -{ - return X509_NAME_hash_old(x->cert_info.issuer); -} -#endif - -X509_NAME *X509_get_subject_name(const X509 *a) -{ - return a->cert_info.subject; -} - -ASN1_INTEGER *X509_get_serialNumber(X509 *a) -{ - return &a->cert_info.serialNumber; -} - -const ASN1_INTEGER *X509_get0_serialNumber(const X509 *a) -{ - return &a->cert_info.serialNumber; -} - -unsigned long X509_subject_name_hash(X509 *x) -{ - return X509_NAME_hash_ex(x->cert_info.subject, NULL, NULL, NULL); -} - -#ifndef OPENSSL_NO_MD5 -unsigned long X509_subject_name_hash_old(X509 *x) -{ - return X509_NAME_hash_old(x->cert_info.subject); -} -#endif - -/* - * Compare two certificates: they must be identical for this to work. NB: - * Although "cmp" operations are generally prototyped to take "const" - * arguments (eg. for use in STACKs), the way X509 handling is - these - * operations may involve ensuring the hashes are up-to-date and ensuring - * certain cert information is cached. So this is the point where the - * "depth-first" constification tree has to halt with an evil cast. - */ -int X509_cmp(const X509 *a, const X509 *b) -{ - int rv = 0; - - if (a == b) /* for efficiency */ - return 0; - - /* attempt to compute cert hash */ - (void)X509_check_purpose((X509 *)a, -1, 0); - (void)X509_check_purpose((X509 *)b, -1, 0); - - if ((a->ex_flags & EXFLAG_NO_FINGERPRINT) == 0 - && (b->ex_flags & EXFLAG_NO_FINGERPRINT) == 0) - rv = memcmp(a->sha1_hash, b->sha1_hash, SHA_DIGEST_LENGTH); - if (rv != 0) - return rv < 0 ? -1 : 1; - - /* Check for match against stored encoding too */ - if (!a->cert_info.enc.modified && !b->cert_info.enc.modified) { - if (a->cert_info.enc.len < b->cert_info.enc.len) - return -1; - if (a->cert_info.enc.len > b->cert_info.enc.len) - return 1; - rv = memcmp(a->cert_info.enc.enc, - b->cert_info.enc.enc, a->cert_info.enc.len); - } - return rv < 0 ? -1 : rv > 0; -} - -int ossl_x509_add_cert_new(STACK_OF(X509) **p_sk, X509 *cert, int flags) -{ - if (*p_sk == NULL && (*p_sk = sk_X509_new_null()) == NULL) { - ERR_raise(ERR_LIB_X509, ERR_R_MALLOC_FAILURE); - return 0; - } - return X509_add_cert(*p_sk, cert, flags); -} - -int X509_add_cert(STACK_OF(X509) *sk, X509 *cert, int flags) -{ - if (sk == NULL) { - ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - if ((flags & X509_ADD_FLAG_NO_DUP) != 0) { - /* - * not using sk_X509_set_cmp_func() and sk_X509_find() - * because this re-orders the certs on the stack - */ - int i; - - for (i = 0; i < sk_X509_num(sk); i++) { - if (X509_cmp(sk_X509_value(sk, i), cert) == 0) - return 1; - } - } - if ((flags & X509_ADD_FLAG_NO_SS) != 0) { - int ret = X509_self_signed(cert, 0); - - if (ret != 0) - return ret > 0 ? 1 : 0; - } - if (!sk_X509_insert(sk, cert, - (flags & X509_ADD_FLAG_PREPEND) != 0 ? 0 : -1)) { - ERR_raise(ERR_LIB_X509, ERR_R_MALLOC_FAILURE); - return 0; - } - if ((flags & X509_ADD_FLAG_UP_REF) != 0) - (void)X509_up_ref(cert); - return 1; -} - -int X509_add_certs(STACK_OF(X509) *sk, STACK_OF(X509) *certs, int flags) -/* compiler would allow 'const' for the certs, yet they may get up-ref'ed */ -{ - if (sk == NULL) { - ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - return ossl_x509_add_certs_new(&sk, certs, flags); -} - -int ossl_x509_add_certs_new(STACK_OF(X509) **p_sk, STACK_OF(X509) *certs, - int flags) -/* compiler would allow 'const' for the certs, yet they may get up-ref'ed */ -{ - int n = sk_X509_num(certs /* may be NULL */); - int i; - - for (i = 0; i < n; i++) { - int j = (flags & X509_ADD_FLAG_PREPEND) == 0 ? i : n - 1 - i; - /* if prepend, add certs in reverse order to keep original order */ - - if (!ossl_x509_add_cert_new(p_sk, sk_X509_value(certs, j), flags)) - return 0; - } - return 1; -} - -int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b) -{ - int ret; - - if (b == NULL) - return a != NULL; - if (a == NULL) - return -1; - - /* Ensure canonical encoding is present and up to date */ - if (a->canon_enc == NULL || a->modified) { - ret = i2d_X509_NAME((X509_NAME *)a, NULL); - if (ret < 0) - return -2; - } - - if (b->canon_enc == NULL || b->modified) { - ret = i2d_X509_NAME((X509_NAME *)b, NULL); - if (ret < 0) - return -2; - } - - ret = a->canon_enclen - b->canon_enclen; - if (ret == 0 && a->canon_enclen == 0) - return 0; - - if (a->canon_enc == NULL || b->canon_enc == NULL) - return -2; - - if (ret == 0) - ret = memcmp(a->canon_enc, b->canon_enc, a->canon_enclen); - - return ret < 0 ? -1 : ret > 0; -} - -unsigned long X509_NAME_hash_ex(const X509_NAME *x, OSSL_LIB_CTX *libctx, - const char *propq, int *ok) -{ - unsigned long ret = 0; - unsigned char md[SHA_DIGEST_LENGTH]; - EVP_MD *sha1 = EVP_MD_fetch(libctx, "SHA1", propq); - - /* Make sure X509_NAME structure contains valid cached encoding */ - i2d_X509_NAME(x, NULL); - if (ok != NULL) - *ok = 0; - if (sha1 != NULL - && EVP_Digest(x->canon_enc, x->canon_enclen, md, NULL, sha1, NULL)) { - ret = (((unsigned long)md[0]) | ((unsigned long)md[1] << 8L) | - ((unsigned long)md[2] << 16L) | ((unsigned long)md[3] << 24L) - ) & 0xffffffffL; - if (ok != NULL) - *ok = 1; - } - EVP_MD_free(sha1); - return ret; -} - -#ifndef OPENSSL_NO_MD5 -/* - * I now DER encode the name and hash it. Since I cache the DER encoding, - * this is reasonably efficient. - */ -unsigned long X509_NAME_hash_old(const X509_NAME *x) -{ - EVP_MD *md5 = EVP_MD_fetch(NULL, OSSL_DIGEST_NAME_MD5, "-fips"); - EVP_MD_CTX *md_ctx = EVP_MD_CTX_new(); - unsigned long ret = 0; - unsigned char md[16]; - - if (md5 == NULL || md_ctx == NULL) - goto end; - - /* Make sure X509_NAME structure contains valid cached encoding */ - i2d_X509_NAME(x, NULL); - if (EVP_DigestInit_ex(md_ctx, md5, NULL) - && EVP_DigestUpdate(md_ctx, x->bytes->data, x->bytes->length) - && EVP_DigestFinal_ex(md_ctx, md, NULL)) - ret = (((unsigned long)md[0]) | ((unsigned long)md[1] << 8L) | - ((unsigned long)md[2] << 16L) | ((unsigned long)md[3] << 24L) - ) & 0xffffffffL; - - end: - EVP_MD_CTX_free(md_ctx); - EVP_MD_free(md5); - - return ret; -} -#endif - -/* Search a stack of X509 for a match */ -X509 *X509_find_by_issuer_and_serial(STACK_OF(X509) *sk, const X509_NAME *name, - const ASN1_INTEGER *serial) -{ - int i; - X509 x, *x509 = NULL; - - if (!sk) - return NULL; - - x.cert_info.serialNumber = *serial; - x.cert_info.issuer = (X509_NAME *)name; /* won't modify it */ - - for (i = 0; i < sk_X509_num(sk); i++) { - x509 = sk_X509_value(sk, i); - if (X509_issuer_and_serial_cmp(x509, &x) == 0) - return x509; - } - return NULL; -} - -X509 *X509_find_by_subject(STACK_OF(X509) *sk, const X509_NAME *name) -{ - X509 *x509; - int i; - - for (i = 0; i < sk_X509_num(sk); i++) { - x509 = sk_X509_value(sk, i); - if (X509_NAME_cmp(X509_get_subject_name(x509), name) == 0) - return x509; - } - return NULL; -} - -EVP_PKEY *X509_get0_pubkey(const X509 *x) -{ - if (x == NULL) - return NULL; - return X509_PUBKEY_get0(x->cert_info.key); -} - -EVP_PKEY *X509_get_pubkey(X509 *x) -{ - if (x == NULL) - return NULL; - return X509_PUBKEY_get(x->cert_info.key); -} - -int X509_check_private_key(const X509 *x, const EVP_PKEY *k) -{ - const EVP_PKEY *xk; - int ret; - - xk = X509_get0_pubkey(x); - if (xk == NULL) { - ERR_raise(ERR_LIB_X509, X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY); - return 0; - } - - switch (ret = EVP_PKEY_eq(xk, k)) { - case 0: - ERR_raise(ERR_LIB_X509, X509_R_KEY_VALUES_MISMATCH); - break; - case -1: - ERR_raise(ERR_LIB_X509, X509_R_KEY_TYPE_MISMATCH); - break; - case -2: - ERR_raise(ERR_LIB_X509, X509_R_UNKNOWN_KEY_TYPE); - break; - } - - return ret > 0; -} - -/* - * Check a suite B algorithm is permitted: pass in a public key and the NID - * of its signature (or 0 if no signature). The pflags is a pointer to a - * flags field which must contain the suite B verification flags. - */ - -#ifndef OPENSSL_NO_EC - -static int check_suite_b(EVP_PKEY *pkey, int sign_nid, unsigned long *pflags) -{ - char curve_name[80]; - size_t curve_name_len; - int curve_nid; - - if (pkey == NULL || !EVP_PKEY_is_a(pkey, "EC")) - return X509_V_ERR_SUITE_B_INVALID_ALGORITHM; - - if (!EVP_PKEY_get_group_name(pkey, curve_name, sizeof(curve_name), - &curve_name_len)) - return X509_V_ERR_SUITE_B_INVALID_CURVE; - - curve_nid = OBJ_txt2nid(curve_name); - /* Check curve is consistent with LOS */ - if (curve_nid == NID_secp384r1) { /* P-384 */ - /* - * Check signature algorithm is consistent with curve. - */ - if (sign_nid != -1 && sign_nid != NID_ecdsa_with_SHA384) - return X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM; - if (!(*pflags & X509_V_FLAG_SUITEB_192_LOS)) - return X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED; - /* If we encounter P-384 we cannot use P-256 later */ - *pflags &= ~X509_V_FLAG_SUITEB_128_LOS_ONLY; - } else if (curve_nid == NID_X9_62_prime256v1) { /* P-256 */ - if (sign_nid != -1 && sign_nid != NID_ecdsa_with_SHA256) - return X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM; - if (!(*pflags & X509_V_FLAG_SUITEB_128_LOS_ONLY)) - return X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED; - } else { - return X509_V_ERR_SUITE_B_INVALID_CURVE; - } - return X509_V_OK; -} - -int X509_chain_check_suiteb(int *perror_depth, X509 *x, STACK_OF(X509) *chain, - unsigned long flags) -{ - int rv, i, sign_nid; - EVP_PKEY *pk; - unsigned long tflags = flags; - - if (!(flags & X509_V_FLAG_SUITEB_128_LOS)) - return X509_V_OK; - - /* If no EE certificate passed in must be first in chain */ - if (x == NULL) { - x = sk_X509_value(chain, 0); - i = 1; - } else { - i = 0; - } - pk = X509_get0_pubkey(x); - - /* - * With DANE-EE(3) success, or DANE-EE(3)/PKIX-EE(1) failure we don't build - * a chain all, just report trust success or failure, but must also report - * Suite-B errors if applicable. This is indicated via a NULL chain - * pointer. All we need to do is check the leaf key algorithm. - */ - if (chain == NULL) - return check_suite_b(pk, -1, &tflags); - - if (X509_get_version(x) != X509_VERSION_3) { - rv = X509_V_ERR_SUITE_B_INVALID_VERSION; - /* Correct error depth */ - i = 0; - goto end; - } - - /* Check EE key only */ - rv = check_suite_b(pk, -1, &tflags); - if (rv != X509_V_OK) { - /* Correct error depth */ - i = 0; - goto end; - } - for (; i < sk_X509_num(chain); i++) { - sign_nid = X509_get_signature_nid(x); - x = sk_X509_value(chain, i); - if (X509_get_version(x) != X509_VERSION_3) { - rv = X509_V_ERR_SUITE_B_INVALID_VERSION; - goto end; - } - pk = X509_get0_pubkey(x); - rv = check_suite_b(pk, sign_nid, &tflags); - if (rv != X509_V_OK) - goto end; - } - - /* Final check: root CA signature */ - rv = check_suite_b(pk, X509_get_signature_nid(x), &tflags); - end: - if (rv != X509_V_OK) { - /* Invalid signature or LOS errors are for previous cert */ - if ((rv == X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM - || rv == X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED) && i) - i--; - /* - * If we have LOS error and flags changed then we are signing P-384 - * with P-256. Use more meaningful error. - */ - if (rv == X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED && flags != tflags) - rv = X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256; - if (perror_depth) - *perror_depth = i; - } - return rv; -} - -int X509_CRL_check_suiteb(X509_CRL *crl, EVP_PKEY *pk, unsigned long flags) -{ - int sign_nid; - if (!(flags & X509_V_FLAG_SUITEB_128_LOS)) - return X509_V_OK; - sign_nid = OBJ_obj2nid(crl->crl.sig_alg.algorithm); - return check_suite_b(pk, sign_nid, &flags); -} - -#else -int X509_chain_check_suiteb(int *perror_depth, X509 *x, STACK_OF(X509) *chain, - unsigned long flags) -{ - return 0; -} - -int X509_CRL_check_suiteb(X509_CRL *crl, EVP_PKEY *pk, unsigned long flags) -{ - return 0; -} - -#endif - -/* - * Not strictly speaking an "up_ref" as a STACK doesn't have a reference - * count but it has the same effect by duping the STACK and upping the ref of - * each X509 structure. - */ -STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *chain) -{ - STACK_OF(X509) *ret = sk_X509_dup(chain); - int i; - - if (ret == NULL) - return NULL; - for (i = 0; i < sk_X509_num(ret); i++) { - X509 *x = sk_X509_value(ret, i); - - if (!X509_up_ref(x)) - goto err; - } - return ret; - - err: - while (i-- > 0) - X509_free(sk_X509_value(ret, i)); - sk_X509_free(ret); - return NULL; -} diff --git a/crypto/x509/x509_d2.c b/crypto/x509/x509_d2.c deleted file mode 100644 index 62aceb7acade2190272798ae42a3c79c65fd6fb3..0000000000000000000000000000000000000000 --- a/crypto/x509/x509_d2.c +++ /dev/null @@ -1,111 +0,0 @@ -/* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/cryptlib.h" -#include -#include - -int X509_STORE_set_default_paths_ex(X509_STORE *ctx, OSSL_LIB_CTX *libctx, - const char *propq) -{ - X509_LOOKUP *lookup; - - lookup = X509_STORE_add_lookup(ctx, X509_LOOKUP_file()); - if (lookup == NULL) - return 0; - X509_LOOKUP_load_file_ex(lookup, NULL, X509_FILETYPE_DEFAULT, libctx, propq); - - lookup = X509_STORE_add_lookup(ctx, X509_LOOKUP_hash_dir()); - if (lookup == NULL) - return 0; - X509_LOOKUP_add_dir(lookup, NULL, X509_FILETYPE_DEFAULT); - - lookup = X509_STORE_add_lookup(ctx, X509_LOOKUP_store()); - if (lookup == NULL) - return 0; - X509_LOOKUP_add_store_ex(lookup, NULL, libctx, propq); - - /* clear any errors */ - ERR_clear_error(); - - return 1; -} -int X509_STORE_set_default_paths(X509_STORE *ctx) -{ - return X509_STORE_set_default_paths_ex(ctx, NULL, NULL); -} - -int X509_STORE_load_file_ex(X509_STORE *ctx, const char *file, - OSSL_LIB_CTX *libctx, const char *propq) -{ - X509_LOOKUP *lookup; - - if (file == NULL - || (lookup = X509_STORE_add_lookup(ctx, X509_LOOKUP_file())) == NULL - || X509_LOOKUP_load_file_ex(lookup, file, X509_FILETYPE_PEM, libctx, - propq) <= 0) - return 0; - - return 1; -} - -int X509_STORE_load_file(X509_STORE *ctx, const char *file) -{ - return X509_STORE_load_file_ex(ctx, file, NULL, NULL); -} - -int X509_STORE_load_path(X509_STORE *ctx, const char *path) -{ - X509_LOOKUP *lookup; - - if (path == NULL - || (lookup = X509_STORE_add_lookup(ctx, X509_LOOKUP_hash_dir())) == NULL - || X509_LOOKUP_add_dir(lookup, path, X509_FILETYPE_PEM) <= 0) - return 0; - - return 1; -} - -int X509_STORE_load_store_ex(X509_STORE *ctx, const char *uri, - OSSL_LIB_CTX *libctx, const char *propq) -{ - X509_LOOKUP *lookup; - - if (uri == NULL - || (lookup = X509_STORE_add_lookup(ctx, X509_LOOKUP_store())) == NULL - || X509_LOOKUP_add_store_ex(lookup, uri, libctx, propq) == 0) - return 0; - - return 1; -} - -int X509_STORE_load_store(X509_STORE *ctx, const char *uri) -{ - return X509_STORE_load_store_ex(ctx, uri, NULL, NULL); -} - -int X509_STORE_load_locations_ex(X509_STORE *ctx, const char *file, - const char *path, OSSL_LIB_CTX *libctx, - const char *propq) -{ - if (file == NULL && path == NULL) - return 0; - if (file != NULL && !X509_STORE_load_file_ex(ctx, file, libctx, propq)) - return 0; - if (path != NULL && !X509_STORE_load_path(ctx, path)) - return 0; - return 1; -} - -int X509_STORE_load_locations(X509_STORE *ctx, const char *file, - const char *path) -{ - return X509_STORE_load_locations_ex(ctx, file, path, NULL, NULL); -} diff --git a/crypto/x509/x509_def.c b/crypto/x509/x509_def.c deleted file mode 100644 index b8bdcb4841950159b15533a683bb411b505c759c..0000000000000000000000000000000000000000 --- a/crypto/x509/x509_def.c +++ /dev/null @@ -1,43 +0,0 @@ -/* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/cryptlib.h" -#include -#include - -const char *X509_get_default_private_dir(void) -{ - return X509_PRIVATE_DIR; -} - -const char *X509_get_default_cert_area(void) -{ - return X509_CERT_AREA; -} - -const char *X509_get_default_cert_dir(void) -{ - return X509_CERT_DIR; -} - -const char *X509_get_default_cert_file(void) -{ - return X509_CERT_FILE; -} - -const char *X509_get_default_cert_dir_env(void) -{ - return X509_CERT_DIR_EVP; -} - -const char *X509_get_default_cert_file_env(void) -{ - return X509_CERT_FILE_EVP; -} diff --git a/crypto/x509/x509_err.c b/crypto/x509/x509_err.c deleted file mode 100644 index a933aeef351fc544c8e35ef4f19966754d338f22..0000000000000000000000000000000000000000 --- a/crypto/x509/x509_err.c +++ /dev/null @@ -1,94 +0,0 @@ -/* - * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include "crypto/x509err.h" - -#ifndef OPENSSL_NO_ERR - -static const ERR_STRING_DATA X509_str_reasons[] = { - {ERR_PACK(ERR_LIB_X509, 0, X509_R_AKID_MISMATCH), "akid mismatch"}, - {ERR_PACK(ERR_LIB_X509, 0, X509_R_BAD_SELECTOR), "bad selector"}, - {ERR_PACK(ERR_LIB_X509, 0, X509_R_BAD_X509_FILETYPE), "bad x509 filetype"}, - {ERR_PACK(ERR_LIB_X509, 0, X509_R_BASE64_DECODE_ERROR), - "base64 decode error"}, - {ERR_PACK(ERR_LIB_X509, 0, X509_R_CANT_CHECK_DH_KEY), "cant check dh key"}, - {ERR_PACK(ERR_LIB_X509, 0, X509_R_CERTIFICATE_VERIFICATION_FAILED), - "certificate verification failed"}, - {ERR_PACK(ERR_LIB_X509, 0, X509_R_CERT_ALREADY_IN_HASH_TABLE), - "cert already in hash table"}, - {ERR_PACK(ERR_LIB_X509, 0, X509_R_CRL_ALREADY_DELTA), "crl already delta"}, - {ERR_PACK(ERR_LIB_X509, 0, X509_R_CRL_VERIFY_FAILURE), - "crl verify failure"}, - {ERR_PACK(ERR_LIB_X509, 0, X509_R_ERROR_GETTING_MD_BY_NID), - "error getting md by nid"}, - {ERR_PACK(ERR_LIB_X509, 0, X509_R_ERROR_USING_SIGINF_SET), - "error using siginf set"}, - {ERR_PACK(ERR_LIB_X509, 0, X509_R_IDP_MISMATCH), "idp mismatch"}, - {ERR_PACK(ERR_LIB_X509, 0, X509_R_INVALID_ATTRIBUTES), - "invalid attributes"}, - {ERR_PACK(ERR_LIB_X509, 0, X509_R_INVALID_DIRECTORY), "invalid directory"}, - {ERR_PACK(ERR_LIB_X509, 0, X509_R_INVALID_DISTPOINT), "invalid distpoint"}, - {ERR_PACK(ERR_LIB_X509, 0, X509_R_INVALID_FIELD_NAME), - "invalid field name"}, - {ERR_PACK(ERR_LIB_X509, 0, X509_R_INVALID_TRUST), "invalid trust"}, - {ERR_PACK(ERR_LIB_X509, 0, X509_R_ISSUER_MISMATCH), "issuer mismatch"}, - {ERR_PACK(ERR_LIB_X509, 0, X509_R_KEY_TYPE_MISMATCH), "key type mismatch"}, - {ERR_PACK(ERR_LIB_X509, 0, X509_R_KEY_VALUES_MISMATCH), - "key values mismatch"}, - {ERR_PACK(ERR_LIB_X509, 0, X509_R_LOADING_CERT_DIR), "loading cert dir"}, - {ERR_PACK(ERR_LIB_X509, 0, X509_R_LOADING_DEFAULTS), "loading defaults"}, - {ERR_PACK(ERR_LIB_X509, 0, X509_R_METHOD_NOT_SUPPORTED), - "method not supported"}, - {ERR_PACK(ERR_LIB_X509, 0, X509_R_NAME_TOO_LONG), "name too long"}, - {ERR_PACK(ERR_LIB_X509, 0, X509_R_NEWER_CRL_NOT_NEWER), - "newer crl not newer"}, - {ERR_PACK(ERR_LIB_X509, 0, X509_R_NO_CERTIFICATE_FOUND), - "no certificate found"}, - {ERR_PACK(ERR_LIB_X509, 0, X509_R_NO_CERTIFICATE_OR_CRL_FOUND), - "no certificate or crl found"}, - {ERR_PACK(ERR_LIB_X509, 0, X509_R_NO_CERT_SET_FOR_US_TO_VERIFY), - "no cert set for us to verify"}, - {ERR_PACK(ERR_LIB_X509, 0, X509_R_NO_CRL_FOUND), "no crl found"}, - {ERR_PACK(ERR_LIB_X509, 0, X509_R_NO_CRL_NUMBER), "no crl number"}, - {ERR_PACK(ERR_LIB_X509, 0, X509_R_PUBLIC_KEY_DECODE_ERROR), - "public key decode error"}, - {ERR_PACK(ERR_LIB_X509, 0, X509_R_PUBLIC_KEY_ENCODE_ERROR), - "public key encode error"}, - {ERR_PACK(ERR_LIB_X509, 0, X509_R_SHOULD_RETRY), "should retry"}, - {ERR_PACK(ERR_LIB_X509, 0, X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN), - "unable to find parameters in chain"}, - {ERR_PACK(ERR_LIB_X509, 0, X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY), - "unable to get certs public key"}, - {ERR_PACK(ERR_LIB_X509, 0, X509_R_UNKNOWN_KEY_TYPE), "unknown key type"}, - {ERR_PACK(ERR_LIB_X509, 0, X509_R_UNKNOWN_NID), "unknown nid"}, - {ERR_PACK(ERR_LIB_X509, 0, X509_R_UNKNOWN_PURPOSE_ID), - "unknown purpose id"}, - {ERR_PACK(ERR_LIB_X509, 0, X509_R_UNKNOWN_SIGID_ALGS), - "unknown sigid algs"}, - {ERR_PACK(ERR_LIB_X509, 0, X509_R_UNKNOWN_TRUST_ID), "unknown trust id"}, - {ERR_PACK(ERR_LIB_X509, 0, X509_R_UNSUPPORTED_ALGORITHM), - "unsupported algorithm"}, - {ERR_PACK(ERR_LIB_X509, 0, X509_R_WRONG_LOOKUP_TYPE), "wrong lookup type"}, - {ERR_PACK(ERR_LIB_X509, 0, X509_R_WRONG_TYPE), "wrong type"}, - {0, NULL} -}; - -#endif - -int ossl_err_load_X509_strings(void) -{ -#ifndef OPENSSL_NO_ERR - if (ERR_reason_error_string(X509_str_reasons[0].error) == NULL) - ERR_load_strings_const(X509_str_reasons); -#endif - return 1; -} diff --git a/crypto/x509/x509_ext.c b/crypto/x509/x509_ext.c deleted file mode 100644 index a7b85857bdadce603d1524f9d443affe1da8f5d4..0000000000000000000000000000000000000000 --- a/crypto/x509/x509_ext.c +++ /dev/null @@ -1,159 +0,0 @@ -/* - * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/cryptlib.h" -#include -#include -#include -#include -#include "crypto/x509.h" -#include - -int X509_CRL_get_ext_count(const X509_CRL *x) -{ - return X509v3_get_ext_count(x->crl.extensions); -} - -int X509_CRL_get_ext_by_NID(const X509_CRL *x, int nid, int lastpos) -{ - return X509v3_get_ext_by_NID(x->crl.extensions, nid, lastpos); -} - -int X509_CRL_get_ext_by_OBJ(const X509_CRL *x, const ASN1_OBJECT *obj, - int lastpos) -{ - return X509v3_get_ext_by_OBJ(x->crl.extensions, obj, lastpos); -} - -int X509_CRL_get_ext_by_critical(const X509_CRL *x, int crit, int lastpos) -{ - return X509v3_get_ext_by_critical(x->crl.extensions, crit, lastpos); -} - -X509_EXTENSION *X509_CRL_get_ext(const X509_CRL *x, int loc) -{ - return X509v3_get_ext(x->crl.extensions, loc); -} - -X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc) -{ - return X509v3_delete_ext(x->crl.extensions, loc); -} - -void *X509_CRL_get_ext_d2i(const X509_CRL *x, int nid, int *crit, int *idx) -{ - return X509V3_get_d2i(x->crl.extensions, nid, crit, idx); -} - -int X509_CRL_add1_ext_i2d(X509_CRL *x, int nid, void *value, int crit, - unsigned long flags) -{ - return X509V3_add1_i2d(&x->crl.extensions, nid, value, crit, flags); -} - -int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc) -{ - return (X509v3_add_ext(&(x->crl.extensions), ex, loc) != NULL); -} - -int X509_get_ext_count(const X509 *x) -{ - return X509v3_get_ext_count(x->cert_info.extensions); -} - -int X509_get_ext_by_NID(const X509 *x, int nid, int lastpos) -{ - return X509v3_get_ext_by_NID(x->cert_info.extensions, nid, lastpos); -} - -int X509_get_ext_by_OBJ(const X509 *x, const ASN1_OBJECT *obj, int lastpos) -{ - return X509v3_get_ext_by_OBJ(x->cert_info.extensions, obj, lastpos); -} - -int X509_get_ext_by_critical(const X509 *x, int crit, int lastpos) -{ - return (X509v3_get_ext_by_critical - (x->cert_info.extensions, crit, lastpos)); -} - -X509_EXTENSION *X509_get_ext(const X509 *x, int loc) -{ - return X509v3_get_ext(x->cert_info.extensions, loc); -} - -X509_EXTENSION *X509_delete_ext(X509 *x, int loc) -{ - return X509v3_delete_ext(x->cert_info.extensions, loc); -} - -int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc) -{ - return (X509v3_add_ext(&(x->cert_info.extensions), ex, loc) != NULL); -} - -void *X509_get_ext_d2i(const X509 *x, int nid, int *crit, int *idx) -{ - return X509V3_get_d2i(x->cert_info.extensions, nid, crit, idx); -} - -int X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit, - unsigned long flags) -{ - return X509V3_add1_i2d(&x->cert_info.extensions, nid, value, crit, - flags); -} - -int X509_REVOKED_get_ext_count(const X509_REVOKED *x) -{ - return X509v3_get_ext_count(x->extensions); -} - -int X509_REVOKED_get_ext_by_NID(const X509_REVOKED *x, int nid, int lastpos) -{ - return X509v3_get_ext_by_NID(x->extensions, nid, lastpos); -} - -int X509_REVOKED_get_ext_by_OBJ(const X509_REVOKED *x, const ASN1_OBJECT *obj, - int lastpos) -{ - return X509v3_get_ext_by_OBJ(x->extensions, obj, lastpos); -} - -int X509_REVOKED_get_ext_by_critical(const X509_REVOKED *x, int crit, int lastpos) -{ - return X509v3_get_ext_by_critical(x->extensions, crit, lastpos); -} - -X509_EXTENSION *X509_REVOKED_get_ext(const X509_REVOKED *x, int loc) -{ - return X509v3_get_ext(x->extensions, loc); -} - -X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x, int loc) -{ - return X509v3_delete_ext(x->extensions, loc); -} - -int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc) -{ - return (X509v3_add_ext(&(x->extensions), ex, loc) != NULL); -} - -void *X509_REVOKED_get_ext_d2i(const X509_REVOKED *x, int nid, int *crit, int *idx) -{ - return X509V3_get_d2i(x->extensions, nid, crit, idx); -} - -int X509_REVOKED_add1_ext_i2d(X509_REVOKED *x, int nid, void *value, int crit, - unsigned long flags) -{ - return X509V3_add1_i2d(&x->extensions, nid, value, crit, flags); -} diff --git a/crypto/x509/x509_local.h b/crypto/x509/x509_local.h deleted file mode 100644 index 6d602e1d8ef59164077ee678b783b19ec7ca846f..0000000000000000000000000000000000000000 --- a/crypto/x509/x509_local.h +++ /dev/null @@ -1,159 +0,0 @@ -/* - * Copyright 2014-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include "internal/refcount.h" - -#define X509V3_conf_add_error_name_value(val) \ - ERR_add_error_data(4, "name=", (val)->name, ", value=", (val)->value) - -/* - * This structure holds all parameters associated with a verify operation by - * including an X509_VERIFY_PARAM structure in related structures the - * parameters used can be customized - */ - -struct X509_VERIFY_PARAM_st { - char *name; - time_t check_time; /* Time to use */ - uint32_t inh_flags; /* Inheritance flags */ - unsigned long flags; /* Various verify flags */ - int purpose; /* purpose to check untrusted certificates */ - int trust; /* trust setting to check */ - int depth; /* Verify depth */ - int auth_level; /* Security level for chain verification */ - STACK_OF(ASN1_OBJECT) *policies; /* Permissible policies */ - /* Peer identity details */ - STACK_OF(OPENSSL_STRING) *hosts; /* Set of acceptable names */ - unsigned int hostflags; /* Flags to control matching features */ - char *peername; /* Matching hostname in peer certificate */ - char *email; /* If not NULL email address to match */ - size_t emaillen; - unsigned char *ip; /* If not NULL IP address to match */ - size_t iplen; /* Length of IP address */ -}; - -/* No error callback if depth < 0 */ -int ossl_x509_check_cert_time(X509_STORE_CTX *ctx, X509 *x, int depth); - -/* a sequence of these are used */ -struct x509_attributes_st { - ASN1_OBJECT *object; - STACK_OF(ASN1_TYPE) *set; -}; - -struct X509_extension_st { - ASN1_OBJECT *object; - ASN1_BOOLEAN critical; - ASN1_OCTET_STRING value; -}; - -/* - * Method to handle CRL access. In general a CRL could be very large (several - * Mb) and can consume large amounts of resources if stored in memory by - * multiple processes. This method allows general CRL operations to be - * redirected to more efficient callbacks: for example a CRL entry database. - */ - -#define X509_CRL_METHOD_DYNAMIC 1 - -struct x509_crl_method_st { - int flags; - int (*crl_init) (X509_CRL *crl); - int (*crl_free) (X509_CRL *crl); - int (*crl_lookup) (X509_CRL *crl, X509_REVOKED **ret, - const ASN1_INTEGER *ser, const X509_NAME *issuer); - int (*crl_verify) (X509_CRL *crl, EVP_PKEY *pk); -}; - -struct x509_lookup_method_st { - char *name; - int (*new_item) (X509_LOOKUP *ctx); - void (*free) (X509_LOOKUP *ctx); - int (*init) (X509_LOOKUP *ctx); - int (*shutdown) (X509_LOOKUP *ctx); - int (*ctrl) (X509_LOOKUP *ctx, int cmd, const char *argc, long argl, - char **ret); - int (*get_by_subject) (X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, - const X509_NAME *name, X509_OBJECT *ret); - int (*get_by_issuer_serial) (X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, - const X509_NAME *name, - const ASN1_INTEGER *serial, - X509_OBJECT *ret); - int (*get_by_fingerprint) (X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, - const unsigned char *bytes, int len, - X509_OBJECT *ret); - int (*get_by_alias) (X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, - const char *str, int len, X509_OBJECT *ret); - int (*get_by_subject_ex) (X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, - const X509_NAME *name, X509_OBJECT *ret, - OSSL_LIB_CTX *libctx, const char *propq); - int (*ctrl_ex) (X509_LOOKUP *ctx, int cmd, const char *argc, long argl, - char **ret, OSSL_LIB_CTX *libctx, const char *propq); -}; - -/* This is the functions plus an instance of the local variables. */ -struct x509_lookup_st { - int init; /* have we been started */ - int skip; /* don't use us. */ - X509_LOOKUP_METHOD *method; /* the functions */ - void *method_data; /* method data */ - X509_STORE *store_ctx; /* who owns us */ -}; - -/* - * This is used to hold everything. It is used for all certificate - * validation. Once we have a certificate chain, the 'verify' function is - * then called to actually check the cert chain. - */ -struct x509_store_st { - /* The following is a cache of trusted certs */ - int cache; /* if true, stash any hits */ - STACK_OF(X509_OBJECT) *objs; /* Cache of all objects */ - /* These are external lookup methods */ - STACK_OF(X509_LOOKUP) *get_cert_methods; - X509_VERIFY_PARAM *param; - /* Callbacks for various operations */ - /* called to verify a certificate */ - int (*verify) (X509_STORE_CTX *ctx); - /* error callback */ - int (*verify_cb) (int ok, X509_STORE_CTX *ctx); - /* get issuers cert from ctx */ - int (*get_issuer) (X509 **issuer, X509_STORE_CTX *ctx, X509 *x); - /* check issued */ - int (*check_issued) (X509_STORE_CTX *ctx, X509 *x, X509 *issuer); - /* Check revocation status of chain */ - int (*check_revocation) (X509_STORE_CTX *ctx); - /* retrieve CRL */ - int (*get_crl) (X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x); - /* Check CRL validity */ - int (*check_crl) (X509_STORE_CTX *ctx, X509_CRL *crl); - /* Check certificate against CRL */ - int (*cert_crl) (X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); - /* Check policy status of the chain */ - int (*check_policy) (X509_STORE_CTX *ctx); - STACK_OF(X509) *(*lookup_certs) (X509_STORE_CTX *ctx, - const X509_NAME *nm); - /* cannot constify 'ctx' param due to lookup_certs_sk() in x509_vfy.c */ - STACK_OF(X509_CRL) *(*lookup_crls) (const X509_STORE_CTX *ctx, - const X509_NAME *nm); - int (*cleanup) (X509_STORE_CTX *ctx); - CRYPTO_EX_DATA ex_data; - CRYPTO_REF_COUNT references; - CRYPTO_RWLOCK *lock; -}; - -typedef struct lookup_dir_hashes_st BY_DIR_HASH; -typedef struct lookup_dir_entry_st BY_DIR_ENTRY; -DEFINE_STACK_OF(BY_DIR_HASH) -DEFINE_STACK_OF(BY_DIR_ENTRY) -typedef STACK_OF(X509_NAME_ENTRY) STACK_OF_X509_NAME_ENTRY; -DEFINE_STACK_OF(STACK_OF_X509_NAME_ENTRY) - -int ossl_x509_likely_issued(X509 *issuer, X509 *subject); -int ossl_x509_signing_allowed(const X509 *issuer, const X509 *subject); diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c deleted file mode 100644 index d8927bda0706891dcee987bd5cb09b33a5e70870..0000000000000000000000000000000000000000 --- a/crypto/x509/x509_lu.c +++ /dev/null @@ -1,975 +0,0 @@ -/* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/cryptlib.h" -#include "internal/refcount.h" -#include -#include "crypto/x509.h" -#include -#include "x509_local.h" - -X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method) -{ - X509_LOOKUP *ret = OPENSSL_zalloc(sizeof(*ret)); - - if (ret == NULL) { - ERR_raise(ERR_LIB_X509, ERR_R_MALLOC_FAILURE); - return NULL; - } - - ret->method = method; - if (method->new_item != NULL && method->new_item(ret) == 0) { - OPENSSL_free(ret); - return NULL; - } - return ret; -} - -void X509_LOOKUP_free(X509_LOOKUP *ctx) -{ - if (ctx == NULL) - return; - if ((ctx->method != NULL) && (ctx->method->free != NULL)) - (*ctx->method->free) (ctx); - OPENSSL_free(ctx); -} - -int X509_STORE_lock(X509_STORE *s) -{ - return CRYPTO_THREAD_write_lock(s->lock); -} - -int X509_STORE_unlock(X509_STORE *s) -{ - return CRYPTO_THREAD_unlock(s->lock); -} - -int X509_LOOKUP_init(X509_LOOKUP *ctx) -{ - if (ctx->method == NULL) - return 0; - if (ctx->method->init != NULL) - return ctx->method->init(ctx); - else - return 1; -} - -int X509_LOOKUP_shutdown(X509_LOOKUP *ctx) -{ - if (ctx->method == NULL) - return 0; - if (ctx->method->shutdown != NULL) - return ctx->method->shutdown(ctx); - else - return 1; -} - -int X509_LOOKUP_ctrl_ex(X509_LOOKUP *ctx, int cmd, const char *argc, long argl, - char **ret, OSSL_LIB_CTX *libctx, const char *propq) -{ - if (ctx->method == NULL) - return -1; - if (ctx->method->ctrl_ex != NULL) - return ctx->method->ctrl_ex(ctx, cmd, argc, argl, ret, libctx, propq); - if (ctx->method->ctrl != NULL) - return ctx->method->ctrl(ctx, cmd, argc, argl, ret); - return 1; -} - -int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, long argl, - char **ret) -{ - return X509_LOOKUP_ctrl_ex(ctx, cmd, argc, argl, ret, NULL, NULL); -} - -int X509_LOOKUP_by_subject_ex(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, - const X509_NAME *name, X509_OBJECT *ret, - OSSL_LIB_CTX *libctx, const char *propq) -{ - if (ctx->skip - || ctx->method == NULL - || (ctx->method->get_by_subject == NULL - && ctx->method->get_by_subject_ex == NULL)) - return 0; - if (ctx->method->get_by_subject_ex != NULL) - return ctx->method->get_by_subject_ex(ctx, type, name, ret, libctx, - propq); - else - return ctx->method->get_by_subject(ctx, type, name, ret); -} - -int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, - const X509_NAME *name, X509_OBJECT *ret) -{ - return X509_LOOKUP_by_subject_ex(ctx, type, name, ret, NULL, NULL); -} - -int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, - const X509_NAME *name, - const ASN1_INTEGER *serial, - X509_OBJECT *ret) -{ - if ((ctx->method == NULL) || (ctx->method->get_by_issuer_serial == NULL)) - return 0; - return ctx->method->get_by_issuer_serial(ctx, type, name, serial, ret); -} - -int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, - const unsigned char *bytes, int len, - X509_OBJECT *ret) -{ - if ((ctx->method == NULL) || (ctx->method->get_by_fingerprint == NULL)) - return 0; - return ctx->method->get_by_fingerprint(ctx, type, bytes, len, ret); -} - -int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, - const char *str, int len, X509_OBJECT *ret) -{ - if ((ctx->method == NULL) || (ctx->method->get_by_alias == NULL)) - return 0; - return ctx->method->get_by_alias(ctx, type, str, len, ret); -} - -int X509_LOOKUP_set_method_data(X509_LOOKUP *ctx, void *data) -{ - ctx->method_data = data; - return 1; -} - -void *X509_LOOKUP_get_method_data(const X509_LOOKUP *ctx) -{ - return ctx->method_data; -} - -X509_STORE *X509_LOOKUP_get_store(const X509_LOOKUP *ctx) -{ - return ctx->store_ctx; -} - - -static int x509_object_cmp(const X509_OBJECT *const *a, - const X509_OBJECT *const *b) -{ - int ret; - - ret = ((*a)->type - (*b)->type); - if (ret) - return ret; - switch ((*a)->type) { - case X509_LU_X509: - ret = X509_subject_name_cmp((*a)->data.x509, (*b)->data.x509); - break; - case X509_LU_CRL: - ret = X509_CRL_cmp((*a)->data.crl, (*b)->data.crl); - break; - case X509_LU_NONE: - /* abort(); */ - return 0; - } - return ret; -} - -X509_STORE *X509_STORE_new(void) -{ - X509_STORE *ret = OPENSSL_zalloc(sizeof(*ret)); - - if (ret == NULL) { - ERR_raise(ERR_LIB_X509, ERR_R_MALLOC_FAILURE); - return NULL; - } - if ((ret->objs = sk_X509_OBJECT_new(x509_object_cmp)) == NULL) { - ERR_raise(ERR_LIB_X509, ERR_R_MALLOC_FAILURE); - goto err; - } - ret->cache = 1; - if ((ret->get_cert_methods = sk_X509_LOOKUP_new_null()) == NULL) { - ERR_raise(ERR_LIB_X509, ERR_R_MALLOC_FAILURE); - goto err; - } - - if ((ret->param = X509_VERIFY_PARAM_new()) == NULL) { - ERR_raise(ERR_LIB_X509, ERR_R_MALLOC_FAILURE); - goto err; - } - if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE, ret, &ret->ex_data)) { - ERR_raise(ERR_LIB_X509, ERR_R_MALLOC_FAILURE); - goto err; - } - - ret->lock = CRYPTO_THREAD_lock_new(); - if (ret->lock == NULL) { - ERR_raise(ERR_LIB_X509, ERR_R_MALLOC_FAILURE); - goto err; - } - ret->references = 1; - return ret; - -err: - X509_VERIFY_PARAM_free(ret->param); - sk_X509_OBJECT_free(ret->objs); - sk_X509_LOOKUP_free(ret->get_cert_methods); - OPENSSL_free(ret); - return NULL; -} - -void X509_STORE_free(X509_STORE *vfy) -{ - int i; - STACK_OF(X509_LOOKUP) *sk; - X509_LOOKUP *lu; - - if (vfy == NULL) - return; - CRYPTO_DOWN_REF(&vfy->references, &i, vfy->lock); - REF_PRINT_COUNT("X509_STORE", vfy); - if (i > 0) - return; - REF_ASSERT_ISNT(i < 0); - - sk = vfy->get_cert_methods; - for (i = 0; i < sk_X509_LOOKUP_num(sk); i++) { - lu = sk_X509_LOOKUP_value(sk, i); - X509_LOOKUP_shutdown(lu); - X509_LOOKUP_free(lu); - } - sk_X509_LOOKUP_free(sk); - sk_X509_OBJECT_pop_free(vfy->objs, X509_OBJECT_free); - - CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE, vfy, &vfy->ex_data); - X509_VERIFY_PARAM_free(vfy->param); - CRYPTO_THREAD_lock_free(vfy->lock); - OPENSSL_free(vfy); -} - -int X509_STORE_up_ref(X509_STORE *vfy) -{ - int i; - - if (CRYPTO_UP_REF(&vfy->references, &i, vfy->lock) <= 0) - return 0; - - REF_PRINT_COUNT("X509_STORE", vfy); - REF_ASSERT_ISNT(i < 2); - return ((i > 1) ? 1 : 0); -} - -X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m) -{ - int i; - STACK_OF(X509_LOOKUP) *sk; - X509_LOOKUP *lu; - - sk = v->get_cert_methods; - for (i = 0; i < sk_X509_LOOKUP_num(sk); i++) { - lu = sk_X509_LOOKUP_value(sk, i); - if (m == lu->method) { - return lu; - } - } - /* a new one */ - lu = X509_LOOKUP_new(m); - if (lu == NULL) { - ERR_raise(ERR_LIB_X509, ERR_R_MALLOC_FAILURE); - return NULL; - } - - lu->store_ctx = v; - if (sk_X509_LOOKUP_push(v->get_cert_methods, lu)) - return lu; - /* malloc failed */ - ERR_raise(ERR_LIB_X509, ERR_R_MALLOC_FAILURE); - X509_LOOKUP_free(lu); - return NULL; -} - -X509_OBJECT *X509_STORE_CTX_get_obj_by_subject(X509_STORE_CTX *vs, - X509_LOOKUP_TYPE type, - const X509_NAME *name) -{ - X509_OBJECT *ret = X509_OBJECT_new(); - - if (ret == NULL) - return NULL; - if (!X509_STORE_CTX_get_by_subject(vs, type, name, ret)) { - X509_OBJECT_free(ret); - return NULL; - } - return ret; -} - -/* Also fill the cache with all matching certificates */ -int X509_STORE_CTX_get_by_subject(const X509_STORE_CTX *vs, - X509_LOOKUP_TYPE type, - const X509_NAME *name, X509_OBJECT *ret) -{ - X509_STORE *store = vs->store; - X509_LOOKUP *lu; - X509_OBJECT stmp, *tmp; - int i, j; - - if (store == NULL) - return 0; - - stmp.type = X509_LU_NONE; - stmp.data.ptr = NULL; - - if (!X509_STORE_lock(store)) - return 0; - - tmp = X509_OBJECT_retrieve_by_subject(store->objs, type, name); - X509_STORE_unlock(store); - - if (tmp == NULL || type == X509_LU_CRL) { - for (i = 0; i < sk_X509_LOOKUP_num(store->get_cert_methods); i++) { - lu = sk_X509_LOOKUP_value(store->get_cert_methods, i); - j = X509_LOOKUP_by_subject_ex(lu, type, name, &stmp, vs->libctx, - vs->propq); - if (j) { - tmp = &stmp; - break; - } - } - if (tmp == NULL) - return 0; - } - - if (!X509_OBJECT_up_ref_count(tmp)) - return 0; - - ret->type = tmp->type; - ret->data.ptr = tmp->data.ptr; - - return 1; -} - -static int x509_store_add(X509_STORE *store, void *x, int crl) { - X509_OBJECT *obj; - int ret = 0, added = 0; - - if (x == NULL) - return 0; - obj = X509_OBJECT_new(); - if (obj == NULL) - return 0; - - if (crl) { - obj->type = X509_LU_CRL; - obj->data.crl = (X509_CRL *)x; - } else { - obj->type = X509_LU_X509; - obj->data.x509 = (X509 *)x; - } - if (!X509_OBJECT_up_ref_count(obj)) { - obj->type = X509_LU_NONE; - X509_OBJECT_free(obj); - return 0; - } - - if (!X509_STORE_lock(store)) { - obj->type = X509_LU_NONE; - X509_OBJECT_free(obj); - return 0; - } - - if (X509_OBJECT_retrieve_match(store->objs, obj)) { - ret = 1; - } else { - added = sk_X509_OBJECT_push(store->objs, obj); - ret = added != 0; - } - X509_STORE_unlock(store); - - if (added == 0) /* obj not pushed */ - X509_OBJECT_free(obj); - - return ret; -} - -int X509_STORE_add_cert(X509_STORE *ctx, X509 *x) -{ - if (!x509_store_add(ctx, x, 0)) { - ERR_raise(ERR_LIB_X509, ERR_R_MALLOC_FAILURE); - return 0; - } - return 1; -} - -int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x) -{ - if (!x509_store_add(ctx, x, 1)) { - ERR_raise(ERR_LIB_X509, ERR_R_MALLOC_FAILURE); - return 0; - } - return 1; -} - -int X509_OBJECT_up_ref_count(X509_OBJECT *a) -{ - switch (a->type) { - case X509_LU_NONE: - break; - case X509_LU_X509: - return X509_up_ref(a->data.x509); - case X509_LU_CRL: - return X509_CRL_up_ref(a->data.crl); - } - return 1; -} - -X509 *X509_OBJECT_get0_X509(const X509_OBJECT *a) -{ - if (a == NULL || a->type != X509_LU_X509) - return NULL; - return a->data.x509; -} - -X509_CRL *X509_OBJECT_get0_X509_CRL(const X509_OBJECT *a) -{ - if (a == NULL || a->type != X509_LU_CRL) - return NULL; - return a->data.crl; -} - -X509_LOOKUP_TYPE X509_OBJECT_get_type(const X509_OBJECT *a) -{ - return a->type; -} - -X509_OBJECT *X509_OBJECT_new(void) -{ - X509_OBJECT *ret = OPENSSL_zalloc(sizeof(*ret)); - - if (ret == NULL) { - ERR_raise(ERR_LIB_X509, ERR_R_MALLOC_FAILURE); - return NULL; - } - ret->type = X509_LU_NONE; - return ret; -} - -static void x509_object_free_internal(X509_OBJECT *a) -{ - if (a == NULL) - return; - switch (a->type) { - case X509_LU_NONE: - break; - case X509_LU_X509: - X509_free(a->data.x509); - break; - case X509_LU_CRL: - X509_CRL_free(a->data.crl); - break; - } -} - -int X509_OBJECT_set1_X509(X509_OBJECT *a, X509 *obj) -{ - if (a == NULL || !X509_up_ref(obj)) - return 0; - - x509_object_free_internal(a); - a->type = X509_LU_X509; - a->data.x509 = obj; - return 1; -} - -int X509_OBJECT_set1_X509_CRL(X509_OBJECT *a, X509_CRL *obj) -{ - if (a == NULL || !X509_CRL_up_ref(obj)) - return 0; - - x509_object_free_internal(a); - a->type = X509_LU_CRL; - a->data.crl = obj; - return 1; -} - -void X509_OBJECT_free(X509_OBJECT *a) -{ - x509_object_free_internal(a); - OPENSSL_free(a); -} - -static int x509_object_idx_cnt(STACK_OF(X509_OBJECT) *h, X509_LOOKUP_TYPE type, - const X509_NAME *name, int *pnmatch) -{ - X509_OBJECT stmp; - X509 x509_s; - X509_CRL crl_s; - int idx; - - stmp.type = type; - switch (type) { - case X509_LU_X509: - stmp.data.x509 = &x509_s; - x509_s.cert_info.subject = (X509_NAME *)name; /* won't modify it */ - break; - case X509_LU_CRL: - stmp.data.crl = &crl_s; - crl_s.crl.issuer = (X509_NAME *)name; /* won't modify it */ - break; - case X509_LU_NONE: - /* abort(); */ - return -1; - } - - idx = sk_X509_OBJECT_find_all(h, &stmp, pnmatch); - return idx; -} - -int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, X509_LOOKUP_TYPE type, - const X509_NAME *name) -{ - return x509_object_idx_cnt(h, type, name, NULL); -} - -X509_OBJECT *X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h, - X509_LOOKUP_TYPE type, - const X509_NAME *name) -{ - int idx; - idx = X509_OBJECT_idx_by_subject(h, type, name); - if (idx == -1) - return NULL; - return sk_X509_OBJECT_value(h, idx); -} - -STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(const X509_STORE *v) -{ - return v->objs; -} - -STACK_OF(X509) *X509_STORE_get1_all_certs(X509_STORE *store) -{ - STACK_OF(X509) *sk; - STACK_OF(X509_OBJECT) *objs; - int i; - - if (store == NULL) { - ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER); - return NULL; - } - if ((sk = sk_X509_new_null()) == NULL) - return NULL; - if (!X509_STORE_lock(store)) - goto out_free; - - objs = X509_STORE_get0_objects(store); - for (i = 0; i < sk_X509_OBJECT_num(objs); i++) { - X509 *cert = X509_OBJECT_get0_X509(sk_X509_OBJECT_value(objs, i)); - - if (cert != NULL - && !X509_add_cert(sk, cert, X509_ADD_FLAG_UP_REF)) - goto err; - } - X509_STORE_unlock(store); - return sk; - - err: - X509_STORE_unlock(store); - out_free: - sk_X509_pop_free(sk, X509_free); - return NULL; -} - -STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *ctx, - const X509_NAME *nm) -{ - int i, idx, cnt; - STACK_OF(X509) *sk = NULL; - X509 *x; - X509_OBJECT *obj; - X509_STORE *store = ctx->store; - - if (store == NULL) - return NULL; - - if (!X509_STORE_lock(store)) - return NULL; - - idx = x509_object_idx_cnt(store->objs, X509_LU_X509, nm, &cnt); - if (idx < 0) { - /* - * Nothing found in cache: do lookup to possibly add new objects to - * cache - */ - X509_OBJECT *xobj = X509_OBJECT_new(); - - X509_STORE_unlock(store); - - if (xobj == NULL) - return NULL; - if (!X509_STORE_CTX_get_by_subject(ctx, X509_LU_X509, nm, xobj)) { - X509_OBJECT_free(xobj); - return NULL; - } - X509_OBJECT_free(xobj); - if (!X509_STORE_lock(store)) - return NULL; - idx = x509_object_idx_cnt(store->objs, X509_LU_X509, nm, &cnt); - if (idx < 0) { - X509_STORE_unlock(store); - return NULL; - } - } - - sk = sk_X509_new_null(); - for (i = 0; i < cnt; i++, idx++) { - obj = sk_X509_OBJECT_value(store->objs, idx); - x = obj->data.x509; - if (!X509_add_cert(sk, x, X509_ADD_FLAG_UP_REF)) { - X509_STORE_unlock(store); - sk_X509_pop_free(sk, X509_free); - return NULL; - } - } - X509_STORE_unlock(store); - return sk; -} - -STACK_OF(X509_CRL) *X509_STORE_CTX_get1_crls(const X509_STORE_CTX *ctx, - const X509_NAME *nm) -{ - int i, idx, cnt; - STACK_OF(X509_CRL) *sk = sk_X509_CRL_new_null(); - X509_CRL *x; - X509_OBJECT *obj, *xobj = X509_OBJECT_new(); - X509_STORE *store = ctx->store; - - /* Always do lookup to possibly add new CRLs to cache */ - if (sk == NULL - || xobj == NULL - || store == NULL - || !X509_STORE_CTX_get_by_subject(ctx, X509_LU_CRL, nm, xobj)) { - X509_OBJECT_free(xobj); - sk_X509_CRL_free(sk); - return NULL; - } - X509_OBJECT_free(xobj); - if (!X509_STORE_lock(store)) { - sk_X509_CRL_free(sk); - return NULL; - } - idx = x509_object_idx_cnt(store->objs, X509_LU_CRL, nm, &cnt); - if (idx < 0) { - X509_STORE_unlock(store); - sk_X509_CRL_free(sk); - return NULL; - } - - for (i = 0; i < cnt; i++, idx++) { - obj = sk_X509_OBJECT_value(store->objs, idx); - x = obj->data.crl; - if (!X509_CRL_up_ref(x)) { - X509_STORE_unlock(store); - sk_X509_CRL_pop_free(sk, X509_CRL_free); - return NULL; - } - if (!sk_X509_CRL_push(sk, x)) { - X509_STORE_unlock(store); - X509_CRL_free(x); - sk_X509_CRL_pop_free(sk, X509_CRL_free); - return NULL; - } - } - X509_STORE_unlock(store); - return sk; -} - -X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h, - X509_OBJECT *x) -{ - int idx, i, num; - X509_OBJECT *obj; - - idx = sk_X509_OBJECT_find(h, x); - if (idx < 0) - return NULL; - if ((x->type != X509_LU_X509) && (x->type != X509_LU_CRL)) - return sk_X509_OBJECT_value(h, idx); - for (i = idx, num = sk_X509_OBJECT_num(h); i < num; i++) { - obj = sk_X509_OBJECT_value(h, i); - if (x509_object_cmp((const X509_OBJECT **)&obj, - (const X509_OBJECT **)&x)) - return NULL; - if (x->type == X509_LU_X509) { - if (!X509_cmp(obj->data.x509, x->data.x509)) - return obj; - } else if (x->type == X509_LU_CRL) { - if (X509_CRL_match(obj->data.crl, x->data.crl) == 0) - return obj; - } else - return obj; - } - return NULL; -} - -/*- - * Try to get issuer cert from |ctx->store| matching the subject name of |x|. - * Prefer the first non-expired one, else take the most recently expired one. - * - * Return values are: - * 1 lookup successful. - * 0 certificate not found. - * -1 some other error. - */ -int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x) -{ - const X509_NAME *xn; - X509_OBJECT *obj = X509_OBJECT_new(), *pobj = NULL; - X509_STORE *store = ctx->store; - int i, ok, idx, ret, nmatch = 0; - - if (obj == NULL) - return -1; - *issuer = NULL; - xn = X509_get_issuer_name(x); - ok = X509_STORE_CTX_get_by_subject(ctx, X509_LU_X509, xn, obj); - if (ok != 1) { - X509_OBJECT_free(obj); - return 0; - } - /* If certificate matches and is currently valid all OK */ - if (ctx->check_issued(ctx, x, obj->data.x509)) { - if (ossl_x509_check_cert_time(ctx, obj->data.x509, -1)) { - *issuer = obj->data.x509; - /* |*issuer| has taken over the cert reference from |obj| */ - obj->type = X509_LU_NONE; - X509_OBJECT_free(obj); - return 1; - } - } - X509_OBJECT_free(obj); - - /* - * Due to limitations of the API this can only retrieve a single cert. - * However it will fill the cache with all matching certificates, - * so we can examine the cache for all matches. - */ - if (store == NULL) - return 0; - - /* Find index of first currently valid cert accepted by 'check_issued' */ - ret = 0; - if (!X509_STORE_lock(store)) - return 0; - - idx = x509_object_idx_cnt(store->objs, X509_LU_X509, xn, &nmatch); - if (idx != -1) { /* should be true as we've had at least one match */ - /* Look through all matching certs for suitable issuer */ - for (i = idx; i < idx + nmatch; i++) { - pobj = sk_X509_OBJECT_value(store->objs, i); - /* See if we've run past the matches */ - if (pobj->type != X509_LU_X509) - break; - if (ctx->check_issued(ctx, x, pobj->data.x509)) { - ret = 1; - /* If times check fine, exit with match, else keep looking. */ - if (ossl_x509_check_cert_time(ctx, pobj->data.x509, -1)) { - *issuer = pobj->data.x509; - break; - } - /* - * Leave the so far most recently expired match in *issuer - * so we return nearest match if no certificate time is OK. - */ - if (*issuer == NULL - || ASN1_TIME_compare(X509_get0_notAfter(pobj->data.x509), - X509_get0_notAfter(*issuer)) > 0) - *issuer = pobj->data.x509; - } - } - } - if (*issuer != NULL && !X509_up_ref(*issuer)) { - *issuer = NULL; - ret = -1; - } - X509_STORE_unlock(store); - return ret; -} - -int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags) -{ - return X509_VERIFY_PARAM_set_flags(ctx->param, flags); -} - -int X509_STORE_set_depth(X509_STORE *ctx, int depth) -{ - X509_VERIFY_PARAM_set_depth(ctx->param, depth); - return 1; -} - -int X509_STORE_set_purpose(X509_STORE *ctx, int purpose) -{ - return X509_VERIFY_PARAM_set_purpose(ctx->param, purpose); -} - -int X509_STORE_set_trust(X509_STORE *ctx, int trust) -{ - return X509_VERIFY_PARAM_set_trust(ctx->param, trust); -} - -int X509_STORE_set1_param(X509_STORE *ctx, const X509_VERIFY_PARAM *param) -{ - return X509_VERIFY_PARAM_set1(ctx->param, param); -} - -X509_VERIFY_PARAM *X509_STORE_get0_param(const X509_STORE *ctx) -{ - return ctx->param; -} - -void X509_STORE_set_verify(X509_STORE *ctx, X509_STORE_CTX_verify_fn verify) -{ - ctx->verify = verify; -} - -X509_STORE_CTX_verify_fn X509_STORE_get_verify(const X509_STORE *ctx) -{ - return ctx->verify; -} - -void X509_STORE_set_verify_cb(X509_STORE *ctx, - X509_STORE_CTX_verify_cb verify_cb) -{ - ctx->verify_cb = verify_cb; -} - -X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(const X509_STORE *ctx) -{ - return ctx->verify_cb; -} - -void X509_STORE_set_get_issuer(X509_STORE *ctx, - X509_STORE_CTX_get_issuer_fn get_issuer) -{ - ctx->get_issuer = get_issuer; -} - -X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(const X509_STORE *ctx) -{ - return ctx->get_issuer; -} - -void X509_STORE_set_check_issued(X509_STORE *ctx, - X509_STORE_CTX_check_issued_fn check_issued) -{ - ctx->check_issued = check_issued; -} - -X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(const X509_STORE *ctx) -{ - return ctx->check_issued; -} - -void X509_STORE_set_check_revocation(X509_STORE *ctx, - X509_STORE_CTX_check_revocation_fn check_revocation) -{ - ctx->check_revocation = check_revocation; -} - -X509_STORE_CTX_check_revocation_fn X509_STORE_get_check_revocation(const X509_STORE *ctx) -{ - return ctx->check_revocation; -} - -void X509_STORE_set_get_crl(X509_STORE *ctx, - X509_STORE_CTX_get_crl_fn get_crl) -{ - ctx->get_crl = get_crl; -} - -X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(const X509_STORE *ctx) -{ - return ctx->get_crl; -} - -void X509_STORE_set_check_crl(X509_STORE *ctx, - X509_STORE_CTX_check_crl_fn check_crl) -{ - ctx->check_crl = check_crl; -} - -X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(const X509_STORE *ctx) -{ - return ctx->check_crl; -} - -void X509_STORE_set_cert_crl(X509_STORE *ctx, - X509_STORE_CTX_cert_crl_fn cert_crl) -{ - ctx->cert_crl = cert_crl; -} - -X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(const X509_STORE *ctx) -{ - return ctx->cert_crl; -} - -void X509_STORE_set_check_policy(X509_STORE *ctx, - X509_STORE_CTX_check_policy_fn check_policy) -{ - ctx->check_policy = check_policy; -} - -X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(const X509_STORE *ctx) -{ - return ctx->check_policy; -} - -void X509_STORE_set_lookup_certs(X509_STORE *ctx, - X509_STORE_CTX_lookup_certs_fn lookup_certs) -{ - ctx->lookup_certs = lookup_certs; -} - -X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(const X509_STORE *ctx) -{ - return ctx->lookup_certs; -} - -void X509_STORE_set_lookup_crls(X509_STORE *ctx, - X509_STORE_CTX_lookup_crls_fn lookup_crls) -{ - ctx->lookup_crls = lookup_crls; -} - -X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(const X509_STORE *ctx) -{ - return ctx->lookup_crls; -} - -void X509_STORE_set_cleanup(X509_STORE *ctx, - X509_STORE_CTX_cleanup_fn ctx_cleanup) -{ - ctx->cleanup = ctx_cleanup; -} - -X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(const X509_STORE *ctx) -{ - return ctx->cleanup; -} - -int X509_STORE_set_ex_data(X509_STORE *ctx, int idx, void *data) -{ - return CRYPTO_set_ex_data(&ctx->ex_data, idx, data); -} - -void *X509_STORE_get_ex_data(const X509_STORE *ctx, int idx) -{ - return CRYPTO_get_ex_data(&ctx->ex_data, idx); -} - -X509_STORE *X509_STORE_CTX_get0_store(const X509_STORE_CTX *ctx) -{ - return ctx->store; -} diff --git a/crypto/x509/x509_meth.c b/crypto/x509/x509_meth.c deleted file mode 100644 index a8eedd9b59af534d92fdd18718c3fd1e85bba81d..0000000000000000000000000000000000000000 --- a/crypto/x509/x509_meth.c +++ /dev/null @@ -1,166 +0,0 @@ -/* - * Copyright 2018-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include - -#include "internal/cryptlib.h" -#include -#include -#include -#include "x509_local.h" - -X509_LOOKUP_METHOD *X509_LOOKUP_meth_new(const char *name) -{ - X509_LOOKUP_METHOD *method = OPENSSL_zalloc(sizeof(X509_LOOKUP_METHOD)); - - if (method != NULL) { - method->name = OPENSSL_strdup(name); - if (method->name == NULL) { - ERR_raise(ERR_LIB_X509, ERR_R_MALLOC_FAILURE); - goto err; - } - } - - return method; - -err: - OPENSSL_free(method); - return NULL; -} - -void X509_LOOKUP_meth_free(X509_LOOKUP_METHOD *method) -{ - if (method != NULL) - OPENSSL_free(method->name); - OPENSSL_free(method); -} - -int X509_LOOKUP_meth_set_new_item(X509_LOOKUP_METHOD *method, - int (*new_item) (X509_LOOKUP *ctx)) -{ - method->new_item = new_item; - return 1; -} - -int (*X509_LOOKUP_meth_get_new_item(const X509_LOOKUP_METHOD* method)) - (X509_LOOKUP *ctx) -{ - return method->new_item; -} - -int X509_LOOKUP_meth_set_free( - X509_LOOKUP_METHOD *method, - void (*free_fn) (X509_LOOKUP *ctx)) -{ - method->free = free_fn; - return 1; -} - -void (*X509_LOOKUP_meth_get_free(const X509_LOOKUP_METHOD* method)) - (X509_LOOKUP *ctx) -{ - return method->free; -} - -int X509_LOOKUP_meth_set_init(X509_LOOKUP_METHOD *method, - int (*init) (X509_LOOKUP *ctx)) -{ - method->init = init; - return 1; -} - -int (*X509_LOOKUP_meth_get_init(const X509_LOOKUP_METHOD* method)) - (X509_LOOKUP *ctx) -{ - return method->init; -} - -int X509_LOOKUP_meth_set_shutdown( - X509_LOOKUP_METHOD *method, - int (*shutdown) (X509_LOOKUP *ctx)) -{ - method->shutdown = shutdown; - return 1; -} - -int (*X509_LOOKUP_meth_get_shutdown(const X509_LOOKUP_METHOD* method)) - (X509_LOOKUP *ctx) -{ - return method->shutdown; -} - -int X509_LOOKUP_meth_set_ctrl( - X509_LOOKUP_METHOD *method, - X509_LOOKUP_ctrl_fn ctrl) -{ - method->ctrl = ctrl; - return 1; -} - -X509_LOOKUP_ctrl_fn X509_LOOKUP_meth_get_ctrl(const X509_LOOKUP_METHOD *method) -{ - return method->ctrl; -} - -int X509_LOOKUP_meth_set_get_by_subject(X509_LOOKUP_METHOD *method, - X509_LOOKUP_get_by_subject_fn get_by_subject) -{ - method->get_by_subject = get_by_subject; - return 1; -} - -X509_LOOKUP_get_by_subject_fn X509_LOOKUP_meth_get_get_by_subject( - const X509_LOOKUP_METHOD *method) -{ - return method->get_by_subject; -} - - -int X509_LOOKUP_meth_set_get_by_issuer_serial(X509_LOOKUP_METHOD *method, - X509_LOOKUP_get_by_issuer_serial_fn get_by_issuer_serial) -{ - method->get_by_issuer_serial = get_by_issuer_serial; - return 1; -} - -X509_LOOKUP_get_by_issuer_serial_fn - X509_LOOKUP_meth_get_get_by_issuer_serial(const X509_LOOKUP_METHOD *method) -{ - return method->get_by_issuer_serial; -} - - -int X509_LOOKUP_meth_set_get_by_fingerprint(X509_LOOKUP_METHOD *method, - X509_LOOKUP_get_by_fingerprint_fn get_by_fingerprint) -{ - method->get_by_fingerprint = get_by_fingerprint; - return 1; -} - -X509_LOOKUP_get_by_fingerprint_fn X509_LOOKUP_meth_get_get_by_fingerprint( - const X509_LOOKUP_METHOD *method) -{ - return method->get_by_fingerprint; -} - -int X509_LOOKUP_meth_set_get_by_alias(X509_LOOKUP_METHOD *method, - X509_LOOKUP_get_by_alias_fn get_by_alias) -{ - method->get_by_alias = get_by_alias; - return 1; -} - -X509_LOOKUP_get_by_alias_fn X509_LOOKUP_meth_get_get_by_alias( - const X509_LOOKUP_METHOD *method) -{ - return method->get_by_alias; -} - diff --git a/crypto/x509/x509_obj.c b/crypto/x509/x509_obj.c deleted file mode 100644 index 12c6d6f78b6eb225fcf6b4fb97321468d957d27e..0000000000000000000000000000000000000000 --- a/crypto/x509/x509_obj.c +++ /dev/null @@ -1,187 +0,0 @@ -/* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/cryptlib.h" -#include -#include -#include -#include "crypto/x509.h" -#include "crypto/ctype.h" - -/* - * Limit to ensure we don't overflow: much greater than - * anything encountered in practice. - */ - -#define NAME_ONELINE_MAX (1024 * 1024) - -char *X509_NAME_oneline(const X509_NAME *a, char *buf, int len) -{ - const X509_NAME_ENTRY *ne; - int i; - int n, lold, l, l1, l2, num, j, type; - int prev_set = -1; - const char *s; - char *p; - unsigned char *q; - BUF_MEM *b = NULL; - static const char hex[17] = "0123456789ABCDEF"; - int gs_doit[4]; - char tmp_buf[80]; -#ifdef CHARSET_EBCDIC - unsigned char ebcdic_buf[1024]; -#endif - - if (buf == NULL) { - if ((b = BUF_MEM_new()) == NULL) - goto err; - if (!BUF_MEM_grow(b, 200)) - goto err; - b->data[0] = '\0'; - len = 200; - } else if (len == 0) { - return NULL; - } - if (a == NULL) { - if (b) { - buf = b->data; - OPENSSL_free(b); - } - strncpy(buf, "NO X509_NAME", len); - buf[len - 1] = '\0'; - return buf; - } - - len--; /* space for '\0' */ - l = 0; - for (i = 0; i < sk_X509_NAME_ENTRY_num(a->entries); i++) { - ne = sk_X509_NAME_ENTRY_value(a->entries, i); - n = OBJ_obj2nid(ne->object); - if ((n == NID_undef) || ((s = OBJ_nid2sn(n)) == NULL)) { - i2t_ASN1_OBJECT(tmp_buf, sizeof(tmp_buf), ne->object); - s = tmp_buf; - } - l1 = strlen(s); - - type = ne->value->type; - num = ne->value->length; - if (num > NAME_ONELINE_MAX) { - ERR_raise(ERR_LIB_X509, X509_R_NAME_TOO_LONG); - goto end; - } - q = ne->value->data; -#ifdef CHARSET_EBCDIC - if (type == V_ASN1_GENERALSTRING || - type == V_ASN1_VISIBLESTRING || - type == V_ASN1_PRINTABLESTRING || - type == V_ASN1_TELETEXSTRING || - type == V_ASN1_IA5STRING) { - if (num > (int)sizeof(ebcdic_buf)) - num = sizeof(ebcdic_buf); - ascii2ebcdic(ebcdic_buf, q, num); - q = ebcdic_buf; - } -#endif - - if ((type == V_ASN1_GENERALSTRING) && ((num % 4) == 0)) { - gs_doit[0] = gs_doit[1] = gs_doit[2] = gs_doit[3] = 0; - for (j = 0; j < num; j++) - if (q[j] != 0) - gs_doit[j & 3] = 1; - - if (gs_doit[0] | gs_doit[1] | gs_doit[2]) - gs_doit[0] = gs_doit[1] = gs_doit[2] = gs_doit[3] = 1; - else { - gs_doit[0] = gs_doit[1] = gs_doit[2] = 0; - gs_doit[3] = 1; - } - } else - gs_doit[0] = gs_doit[1] = gs_doit[2] = gs_doit[3] = 1; - - for (l2 = j = 0; j < num; j++) { - if (!gs_doit[j & 3]) - continue; - l2++; - if (q[j] == '/' || q[j] == '+') - l2++; /* char needs to be escaped */ - else if ((ossl_toascii(q[j]) < ossl_toascii(' ')) || - (ossl_toascii(q[j]) > ossl_toascii('~'))) - l2 += 3; - } - - lold = l; - l += 1 + l1 + 1 + l2; - if (l > NAME_ONELINE_MAX) { - ERR_raise(ERR_LIB_X509, X509_R_NAME_TOO_LONG); - goto end; - } - if (b != NULL) { - if (!BUF_MEM_grow(b, l + 1)) - goto err; - p = &(b->data[lold]); - } else if (l > len) { - break; - } else - p = &(buf[lold]); - *(p++) = prev_set == ne->set ? '+' : '/'; - memcpy(p, s, (unsigned int)l1); - p += l1; - *(p++) = '='; - -#ifndef CHARSET_EBCDIC /* q was assigned above already. */ - q = ne->value->data; -#endif - - for (j = 0; j < num; j++) { - if (!gs_doit[j & 3]) - continue; -#ifndef CHARSET_EBCDIC - n = q[j]; - if ((n < ' ') || (n > '~')) { - *(p++) = '\\'; - *(p++) = 'x'; - *(p++) = hex[(n >> 4) & 0x0f]; - *(p++) = hex[n & 0x0f]; - } else { - if (n == '/' || n == '+') - *(p++) = '\\'; - *(p++) = n; - } -#else - n = os_toascii[q[j]]; - if ((n < os_toascii[' ']) || (n > os_toascii['~'])) { - *(p++) = '\\'; - *(p++) = 'x'; - *(p++) = hex[(n >> 4) & 0x0f]; - *(p++) = hex[n & 0x0f]; - } else { - if (n == os_toascii['/'] || n == os_toascii['+']) - *(p++) = '\\'; - *(p++) = q[j]; - } -#endif - } - *p = '\0'; - prev_set = ne->set; - } - if (b != NULL) { - p = b->data; - OPENSSL_free(b); - } else - p = buf; - if (i == 0) - *p = '\0'; - return p; - err: - ERR_raise(ERR_LIB_X509, ERR_R_MALLOC_FAILURE); - end: - BUF_MEM_free(b); - return NULL; -} diff --git a/crypto/x509/x509_r2x.c b/crypto/x509/x509_r2x.c deleted file mode 100644 index c7f6181c446516ce08dabe98f399f4e09e05f1cf..0000000000000000000000000000000000000000 --- a/crypto/x509/x509_r2x.c +++ /dev/null @@ -1,67 +0,0 @@ -/* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/cryptlib.h" -#include -#include -#include -#include -#include "crypto/x509.h" -#include -#include - -X509 *X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey) -{ - X509 *ret = NULL; - X509_CINF *xi = NULL; - const X509_NAME *xn; - EVP_PKEY *pubkey = NULL; - - if ((ret = X509_new()) == NULL) { - ERR_raise(ERR_LIB_X509, ERR_R_MALLOC_FAILURE); - return NULL; - } - - /* duplicate the request */ - xi = &ret->cert_info; - - if (sk_X509_ATTRIBUTE_num(r->req_info.attributes) != 0) { - if ((xi->version = ASN1_INTEGER_new()) == NULL) - goto err; - if (!ASN1_INTEGER_set(xi->version, 2)) - goto err; -/*- xi->extensions=ri->attributes; <- bad, should not ever be done - ri->attributes=NULL; */ - } - - xn = X509_REQ_get_subject_name(r); - if (X509_set_subject_name(ret, xn) == 0) - goto err; - if (X509_set_issuer_name(ret, xn) == 0) - goto err; - - if (X509_gmtime_adj(xi->validity.notBefore, 0) == NULL) - goto err; - if (X509_gmtime_adj(xi->validity.notAfter, (long)60 * 60 * 24 * days) == - NULL) - goto err; - - pubkey = X509_REQ_get0_pubkey(r); - if (pubkey == NULL || !X509_set_pubkey(ret, pubkey)) - goto err; - - if (!X509_sign(ret, pkey, EVP_md5())) - goto err; - return ret; - - err: - X509_free(ret); - return NULL; -} diff --git a/crypto/x509/x509_req.c b/crypto/x509/x509_req.c deleted file mode 100644 index 5428bdaf4ca64fa8d225585b8339f2be90eae972..0000000000000000000000000000000000000000 --- a/crypto/x509/x509_req.c +++ /dev/null @@ -1,331 +0,0 @@ -/* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/cryptlib.h" -#include -#include -#include -#include -#include -#include "crypto/x509.h" -#include -#include -#include - -X509_REQ *X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md) -{ - X509_REQ *ret; - X509_REQ_INFO *ri; - int i; - EVP_PKEY *pktmp; - - ret = X509_REQ_new_ex(x->libctx, x->propq); - if (ret == NULL) { - ERR_raise(ERR_LIB_X509, ERR_R_MALLOC_FAILURE); - goto err; - } - - ri = &ret->req_info; - - ri->version->length = 1; - ri->version->data = OPENSSL_malloc(1); - if (ri->version->data == NULL) - goto err; - ri->version->data[0] = 0; /* version == 0 */ - - if (!X509_REQ_set_subject_name(ret, X509_get_subject_name(x))) - goto err; - - pktmp = X509_get0_pubkey(x); - if (pktmp == NULL) - goto err; - i = X509_REQ_set_pubkey(ret, pktmp); - if (!i) - goto err; - - if (pkey != NULL) { - if (!X509_REQ_sign(ret, pkey, md)) - goto err; - } - return ret; - err: - X509_REQ_free(ret); - return NULL; -} - -EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req) -{ - if (req == NULL) - return NULL; - return X509_PUBKEY_get(req->req_info.pubkey); -} - -EVP_PKEY *X509_REQ_get0_pubkey(X509_REQ *req) -{ - if (req == NULL) - return NULL; - return X509_PUBKEY_get0(req->req_info.pubkey); -} - -X509_PUBKEY *X509_REQ_get_X509_PUBKEY(X509_REQ *req) -{ - return req->req_info.pubkey; -} - -int X509_REQ_check_private_key(X509_REQ *x, EVP_PKEY *k) -{ - EVP_PKEY *xk = NULL; - int ok = 0; - - xk = X509_REQ_get_pubkey(x); - switch (EVP_PKEY_eq(xk, k)) { - case 1: - ok = 1; - break; - case 0: - ERR_raise(ERR_LIB_X509, X509_R_KEY_VALUES_MISMATCH); - break; - case -1: - ERR_raise(ERR_LIB_X509, X509_R_KEY_TYPE_MISMATCH); - break; - case -2: - ERR_raise(ERR_LIB_X509, X509_R_UNKNOWN_KEY_TYPE); - } - - EVP_PKEY_free(xk); - return ok; -} - -/* - * It seems several organisations had the same idea of including a list of - * extensions in a certificate request. There are at least two OIDs that are - * used and there may be more: so the list is configurable. - */ - -static int ext_nid_list[] = { NID_ext_req, NID_ms_ext_req, NID_undef }; - -static int *ext_nids = ext_nid_list; - -int X509_REQ_extension_nid(int req_nid) -{ - int i, nid; - - for (i = 0;; i++) { - nid = ext_nids[i]; - if (nid == NID_undef) - return 0; - else if (req_nid == nid) - return 1; - } -} - -int *X509_REQ_get_extension_nids(void) -{ - return ext_nids; -} - -void X509_REQ_set_extension_nids(int *nids) -{ - ext_nids = nids; -} - -STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req) -{ - X509_ATTRIBUTE *attr; - ASN1_TYPE *ext = NULL; - int idx, *pnid; - const unsigned char *p; - - if (req == NULL || !ext_nids) - return NULL; - for (pnid = ext_nids; *pnid != NID_undef; pnid++) { - idx = X509_REQ_get_attr_by_NID(req, *pnid, -1); - if (idx == -1) - continue; - attr = X509_REQ_get_attr(req, idx); - ext = X509_ATTRIBUTE_get0_type(attr, 0); - break; - } - if (ext == NULL) /* no extensions is not an error */ - return sk_X509_EXTENSION_new_null(); - if (ext->type != V_ASN1_SEQUENCE) - return NULL; - p = ext->value.sequence->data; - return (STACK_OF(X509_EXTENSION) *) - ASN1_item_d2i(NULL, &p, ext->value.sequence->length, - ASN1_ITEM_rptr(X509_EXTENSIONS)); -} - -/* - * Add a STACK_OF extensions to a certificate request: allow alternative OIDs - * in case we want to create a non standard one. - */ -int X509_REQ_add_extensions_nid(X509_REQ *req, - const STACK_OF(X509_EXTENSION) *exts, int nid) -{ - int extlen; - int rv = 0; - unsigned char *ext = NULL; - - /* Generate encoding of extensions */ - extlen = ASN1_item_i2d((const ASN1_VALUE *)exts, &ext, - ASN1_ITEM_rptr(X509_EXTENSIONS)); - if (extlen <= 0) - return 0; - rv = X509_REQ_add1_attr_by_NID(req, nid, V_ASN1_SEQUENCE, ext, extlen); - OPENSSL_free(ext); - return rv; -} - -/* This is the normal usage: use the "official" OID */ -int X509_REQ_add_extensions(X509_REQ *req, const STACK_OF(X509_EXTENSION) *exts) -{ - return X509_REQ_add_extensions_nid(req, exts, NID_ext_req); -} - -/* Request attribute functions */ - -int X509_REQ_get_attr_count(const X509_REQ *req) -{ - return X509at_get_attr_count(req->req_info.attributes); -} - -int X509_REQ_get_attr_by_NID(const X509_REQ *req, int nid, int lastpos) -{ - return X509at_get_attr_by_NID(req->req_info.attributes, nid, lastpos); -} - -int X509_REQ_get_attr_by_OBJ(const X509_REQ *req, const ASN1_OBJECT *obj, - int lastpos) -{ - return X509at_get_attr_by_OBJ(req->req_info.attributes, obj, lastpos); -} - -X509_ATTRIBUTE *X509_REQ_get_attr(const X509_REQ *req, int loc) -{ - return X509at_get_attr(req->req_info.attributes, loc); -} - -X509_ATTRIBUTE *X509_REQ_delete_attr(X509_REQ *req, int loc) -{ - X509_ATTRIBUTE *attr; - - if (req == NULL) { - ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - attr = X509at_delete_attr(req->req_info.attributes, loc); - if (attr != NULL) - req->req_info.enc.modified = 1; - return attr; -} - -int X509_REQ_add1_attr(X509_REQ *req, X509_ATTRIBUTE *attr) -{ - if (req == NULL) { - ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - if (!X509at_add1_attr(&req->req_info.attributes, attr)) - return 0; - req->req_info.enc.modified = 1; - return 1; -} - -int X509_REQ_add1_attr_by_OBJ(X509_REQ *req, - const ASN1_OBJECT *obj, int type, - const unsigned char *bytes, int len) -{ - if (req == NULL) { - ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - if (!X509at_add1_attr_by_OBJ(&req->req_info.attributes, obj, - type, bytes, len)) - return 0; - req->req_info.enc.modified = 1; - return 1; -} - -int X509_REQ_add1_attr_by_NID(X509_REQ *req, - int nid, int type, - const unsigned char *bytes, int len) -{ - if (req == NULL) { - ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - if (!X509at_add1_attr_by_NID(&req->req_info.attributes, nid, - type, bytes, len)) - return 0; - req->req_info.enc.modified = 1; - return 1; -} - -int X509_REQ_add1_attr_by_txt(X509_REQ *req, - const char *attrname, int type, - const unsigned char *bytes, int len) -{ - if (req == NULL) { - ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - if (!X509at_add1_attr_by_txt(&req->req_info.attributes, attrname, - type, bytes, len)) - return 0; - req->req_info.enc.modified = 1; - return 1; -} - -long X509_REQ_get_version(const X509_REQ *req) -{ - return ASN1_INTEGER_get(req->req_info.version); -} - -X509_NAME *X509_REQ_get_subject_name(const X509_REQ *req) -{ - return req->req_info.subject; -} - -void X509_REQ_get0_signature(const X509_REQ *req, const ASN1_BIT_STRING **psig, - const X509_ALGOR **palg) -{ - if (psig != NULL) - *psig = req->signature; - if (palg != NULL) - *palg = &req->sig_alg; -} - -void X509_REQ_set0_signature(X509_REQ *req, ASN1_BIT_STRING *psig) -{ - if (req->signature) - ASN1_BIT_STRING_free(req->signature); - req->signature = psig; -} - -int X509_REQ_set1_signature_algo(X509_REQ *req, X509_ALGOR *palg) -{ - return X509_ALGOR_copy(&req->sig_alg, palg); -} - -int X509_REQ_get_signature_nid(const X509_REQ *req) -{ - return OBJ_obj2nid(req->sig_alg.algorithm); -} - -int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp) -{ - if (req == NULL) { - ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - req->req_info.enc.modified = 1; - return i2d_X509_REQ_INFO(&req->req_info, pp); -} diff --git a/crypto/x509/x509_set.c b/crypto/x509/x509_set.c deleted file mode 100644 index d8ddde8aaa51db5dca933d3fcda12b17cacaac36..0000000000000000000000000000000000000000 --- a/crypto/x509/x509_set.c +++ /dev/null @@ -1,276 +0,0 @@ -/* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/cryptlib.h" -#include "internal/refcount.h" -#include -#include -#include -#include -#include -#include "crypto/asn1.h" -#include "crypto/x509.h" -#include "x509_local.h" - -int X509_set_version(X509 *x, long version) -{ - if (x == NULL) - return 0; - if (version == 0) { - ASN1_INTEGER_free(x->cert_info.version); - x->cert_info.version = NULL; - return 1; - } - if (x->cert_info.version == NULL) { - if ((x->cert_info.version = ASN1_INTEGER_new()) == NULL) - return 0; - } - return ASN1_INTEGER_set(x->cert_info.version, version); -} - -int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial) -{ - ASN1_INTEGER *in; - - if (x == NULL) - return 0; - in = &x->cert_info.serialNumber; - if (in != serial) - return ASN1_STRING_copy(in, serial); - return 1; -} - -int X509_set_issuer_name(X509 *x, const X509_NAME *name) -{ - if (x == NULL) - return 0; - return X509_NAME_set(&x->cert_info.issuer, name); -} - -int X509_set_subject_name(X509 *x, const X509_NAME *name) -{ - if (x == NULL) - return 0; - return X509_NAME_set(&x->cert_info.subject, name); -} - -int ossl_x509_set1_time(ASN1_TIME **ptm, const ASN1_TIME *tm) -{ - ASN1_TIME *in; - in = *ptm; - if (in != tm) { - in = ASN1_STRING_dup(tm); - if (in != NULL) { - ASN1_TIME_free(*ptm); - *ptm = in; - } - } - return (in != NULL); -} - -int X509_set1_notBefore(X509 *x, const ASN1_TIME *tm) -{ - if (x == NULL) - return 0; - return ossl_x509_set1_time(&x->cert_info.validity.notBefore, tm); -} - -int X509_set1_notAfter(X509 *x, const ASN1_TIME *tm) -{ - if (x == NULL) - return 0; - return ossl_x509_set1_time(&x->cert_info.validity.notAfter, tm); -} - -int X509_set_pubkey(X509 *x, EVP_PKEY *pkey) -{ - if (x == NULL) - return 0; - return X509_PUBKEY_set(&(x->cert_info.key), pkey); -} - -int X509_up_ref(X509 *x) -{ - int i; - - if (CRYPTO_UP_REF(&x->references, &i, x->lock) <= 0) - return 0; - - REF_PRINT_COUNT("X509", x); - REF_ASSERT_ISNT(i < 2); - return ((i > 1) ? 1 : 0); -} - -long X509_get_version(const X509 *x) -{ - return ASN1_INTEGER_get(x->cert_info.version); -} - -const ASN1_TIME *X509_get0_notBefore(const X509 *x) -{ - return x->cert_info.validity.notBefore; -} - -const ASN1_TIME *X509_get0_notAfter(const X509 *x) -{ - return x->cert_info.validity.notAfter; -} - -ASN1_TIME *X509_getm_notBefore(const X509 *x) -{ - return x->cert_info.validity.notBefore; -} - -ASN1_TIME *X509_getm_notAfter(const X509 *x) -{ - return x->cert_info.validity.notAfter; -} - -int X509_get_signature_type(const X509 *x) -{ - return EVP_PKEY_type(OBJ_obj2nid(x->sig_alg.algorithm)); -} - -X509_PUBKEY *X509_get_X509_PUBKEY(const X509 *x) -{ - return x->cert_info.key; -} - -const STACK_OF(X509_EXTENSION) *X509_get0_extensions(const X509 *x) -{ - return x->cert_info.extensions; -} - -void X509_get0_uids(const X509 *x, const ASN1_BIT_STRING **piuid, - const ASN1_BIT_STRING **psuid) -{ - if (piuid != NULL) - *piuid = x->cert_info.issuerUID; - if (psuid != NULL) - *psuid = x->cert_info.subjectUID; -} - -const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *x) -{ - return &x->cert_info.signature; -} - -int X509_SIG_INFO_get(const X509_SIG_INFO *siginf, int *mdnid, int *pknid, - int *secbits, uint32_t *flags) -{ - if (mdnid != NULL) - *mdnid = siginf->mdnid; - if (pknid != NULL) - *pknid = siginf->pknid; - if (secbits != NULL) - *secbits = siginf->secbits; - if (flags != NULL) - *flags = siginf->flags; - return (siginf->flags & X509_SIG_INFO_VALID) != 0; -} - -void X509_SIG_INFO_set(X509_SIG_INFO *siginf, int mdnid, int pknid, - int secbits, uint32_t flags) -{ - siginf->mdnid = mdnid; - siginf->pknid = pknid; - siginf->secbits = secbits; - siginf->flags = flags; -} - -int X509_get_signature_info(X509 *x, int *mdnid, int *pknid, int *secbits, - uint32_t *flags) -{ - X509_check_purpose(x, -1, -1); - return X509_SIG_INFO_get(&x->siginf, mdnid, pknid, secbits, flags); -} - -/* Modify *siginf according to alg and sig. Return 1 on success, else 0. */ -static int x509_sig_info_init(X509_SIG_INFO *siginf, const X509_ALGOR *alg, - const ASN1_STRING *sig) -{ - int pknid, mdnid; - const EVP_MD *md; - const EVP_PKEY_ASN1_METHOD *ameth; - - siginf->mdnid = NID_undef; - siginf->pknid = NID_undef; - siginf->secbits = -1; - siginf->flags = 0; - if (!OBJ_find_sigid_algs(OBJ_obj2nid(alg->algorithm), &mdnid, &pknid) - || pknid == NID_undef) { - ERR_raise(ERR_LIB_X509, X509_R_UNKNOWN_SIGID_ALGS); - return 0; - } - siginf->mdnid = mdnid; - siginf->pknid = pknid; - - switch (mdnid) { - case NID_undef: - /* If we have one, use a custom handler for this algorithm */ - ameth = EVP_PKEY_asn1_find(NULL, pknid); - if (ameth == NULL || ameth->siginf_set == NULL - || !ameth->siginf_set(siginf, alg, sig)) { - ERR_raise(ERR_LIB_X509, X509_R_ERROR_USING_SIGINF_SET); - return 0; - } - break; - /* - * SHA1 and MD5 are known to be broken. Reduce security bits so that - * they're no longer accepted at security level 1. - * The real values don't really matter as long as they're lower than 80, - * which is our security level 1. - */ - case NID_sha1: - /* - * https://eprint.iacr.org/2020/014 puts a chosen-prefix attack - * for SHA1 at2^63.4 - */ - siginf->secbits = 63; - break; - case NID_md5: - /* - * https://documents.epfl.ch/users/l/le/lenstra/public/papers/lat.pdf - * puts a chosen-prefix attack for MD5 at 2^39. - */ - siginf->secbits = 39; - break; - case NID_id_GostR3411_94: - /* - * There is a collision attack on GOST R 34.11-94 at 2^105, see - * https://link.springer.com/chapter/10.1007%2F978-3-540-85174-5_10 - */ - siginf->secbits = 105; - break; - default: - /* Security bits: half number of bits in digest */ - if ((md = EVP_get_digestbynid(mdnid)) == NULL) { - ERR_raise(ERR_LIB_X509, X509_R_ERROR_GETTING_MD_BY_NID); - return 0; - } - siginf->secbits = EVP_MD_get_size(md) * 4; - break; - } - switch (mdnid) { - case NID_sha1: - case NID_sha256: - case NID_sha384: - case NID_sha512: - siginf->flags |= X509_SIG_INFO_TLS; - } - siginf->flags |= X509_SIG_INFO_VALID; - return 1; -} - -/* Returns 1 on success, 0 on failure */ -int ossl_x509_init_sig_info(X509 *x) -{ - return x509_sig_info_init(&x->siginf, &x->sig_alg, &x->signature); -} diff --git a/crypto/x509/x509_trust.c b/crypto/x509/x509_trust.c deleted file mode 100644 index fd77b0c6fe6162b45f9bec0e0c200ee72b626338..0000000000000000000000000000000000000000 --- a/crypto/x509/x509_trust.c +++ /dev/null @@ -1,300 +0,0 @@ -/* - * Copyright 1999-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/cryptlib.h" -#include -#include "crypto/x509.h" - -static int tr_cmp(const X509_TRUST *const *a, const X509_TRUST *const *b); -static void trtable_free(X509_TRUST *p); - -static int trust_1oidany(X509_TRUST *trust, X509 *x, int flags); -static int trust_1oid(X509_TRUST *trust, X509 *x, int flags); -static int trust_compat(X509_TRUST *trust, X509 *x, int flags); - -static int obj_trust(int id, X509 *x, int flags); -static int (*default_trust) (int id, X509 *x, int flags) = obj_trust; - -/* - * WARNING: the following table should be kept in order of trust and without - * any gaps so we can just subtract the minimum trust value to get an index - * into the table - */ - -static X509_TRUST trstandard[] = { - {X509_TRUST_COMPAT, 0, trust_compat, "compatible", 0, NULL}, - {X509_TRUST_SSL_CLIENT, 0, trust_1oidany, "SSL Client", NID_client_auth, - NULL}, - {X509_TRUST_SSL_SERVER, 0, trust_1oidany, "SSL Server", NID_server_auth, - NULL}, - {X509_TRUST_EMAIL, 0, trust_1oidany, "S/MIME email", NID_email_protect, - NULL}, - {X509_TRUST_OBJECT_SIGN, 0, trust_1oidany, "Object Signer", NID_code_sign, - NULL}, - {X509_TRUST_OCSP_SIGN, 0, trust_1oid, "OCSP responder", NID_OCSP_sign, - NULL}, - {X509_TRUST_OCSP_REQUEST, 0, trust_1oid, "OCSP request", NID_ad_OCSP, - NULL}, - {X509_TRUST_TSA, 0, trust_1oidany, "TSA server", NID_time_stamp, NULL} -}; - -#define X509_TRUST_COUNT OSSL_NELEM(trstandard) - -static STACK_OF(X509_TRUST) *trtable = NULL; - -static int tr_cmp(const X509_TRUST *const *a, const X509_TRUST *const *b) -{ - return (*a)->trust - (*b)->trust; -} - -int (*X509_TRUST_set_default(int (*trust) (int, X509 *, int))) (int, X509 *, - int) { - int (*oldtrust) (int, X509 *, int); - oldtrust = default_trust; - default_trust = trust; - return oldtrust; -} - -int X509_check_trust(X509 *x, int id, int flags) -{ - X509_TRUST *pt; - int idx; - - /* We get this as a default value */ - if (id == X509_TRUST_DEFAULT) - return obj_trust(NID_anyExtendedKeyUsage, x, - flags | X509_TRUST_DO_SS_COMPAT); - idx = X509_TRUST_get_by_id(id); - if (idx < 0) - return default_trust(id, x, flags); - pt = X509_TRUST_get0(idx); - return pt->check_trust(pt, x, flags); -} - -int X509_TRUST_get_count(void) -{ - if (!trtable) - return X509_TRUST_COUNT; - return sk_X509_TRUST_num(trtable) + X509_TRUST_COUNT; -} - -X509_TRUST *X509_TRUST_get0(int idx) -{ - if (idx < 0) - return NULL; - if (idx < (int)X509_TRUST_COUNT) - return trstandard + idx; - return sk_X509_TRUST_value(trtable, idx - X509_TRUST_COUNT); -} - -int X509_TRUST_get_by_id(int id) -{ - X509_TRUST tmp; - int idx; - - if ((id >= X509_TRUST_MIN) && (id <= X509_TRUST_MAX)) - return id - X509_TRUST_MIN; - if (trtable == NULL) - return -1; - tmp.trust = id; - idx = sk_X509_TRUST_find(trtable, &tmp); - if (idx < 0) - return -1; - return idx + X509_TRUST_COUNT; -} - -int X509_TRUST_set(int *t, int trust) -{ - if (X509_TRUST_get_by_id(trust) < 0) { - ERR_raise(ERR_LIB_X509, X509_R_INVALID_TRUST); - return 0; - } - *t = trust; - return 1; -} - -int X509_TRUST_add(int id, int flags, int (*ck) (X509_TRUST *, X509 *, int), - const char *name, int arg1, void *arg2) -{ - int idx; - X509_TRUST *trtmp; - /* - * This is set according to what we change: application can't set it - */ - flags &= ~X509_TRUST_DYNAMIC; - /* This will always be set for application modified trust entries */ - flags |= X509_TRUST_DYNAMIC_NAME; - /* Get existing entry if any */ - idx = X509_TRUST_get_by_id(id); - /* Need a new entry */ - if (idx < 0) { - if ((trtmp = OPENSSL_malloc(sizeof(*trtmp))) == NULL) { - ERR_raise(ERR_LIB_X509, ERR_R_MALLOC_FAILURE); - return 0; - } - trtmp->flags = X509_TRUST_DYNAMIC; - } else - trtmp = X509_TRUST_get0(idx); - - /* OPENSSL_free existing name if dynamic */ - if (trtmp->flags & X509_TRUST_DYNAMIC_NAME) - OPENSSL_free(trtmp->name); - /* dup supplied name */ - if ((trtmp->name = OPENSSL_strdup(name)) == NULL) { - ERR_raise(ERR_LIB_X509, ERR_R_MALLOC_FAILURE); - goto err; - } - /* Keep the dynamic flag of existing entry */ - trtmp->flags &= X509_TRUST_DYNAMIC; - /* Set all other flags */ - trtmp->flags |= flags; - - trtmp->trust = id; - trtmp->check_trust = ck; - trtmp->arg1 = arg1; - trtmp->arg2 = arg2; - - /* If its a new entry manage the dynamic table */ - if (idx < 0) { - if (trtable == NULL - && (trtable = sk_X509_TRUST_new(tr_cmp)) == NULL) { - ERR_raise(ERR_LIB_X509, ERR_R_MALLOC_FAILURE); - goto err;; - } - if (!sk_X509_TRUST_push(trtable, trtmp)) { - ERR_raise(ERR_LIB_X509, ERR_R_MALLOC_FAILURE); - goto err; - } - } - return 1; - err: - if (idx < 0) { - OPENSSL_free(trtmp->name); - OPENSSL_free(trtmp); - } - return 0; -} - -static void trtable_free(X509_TRUST *p) -{ - if (p == NULL) - return; - if (p->flags & X509_TRUST_DYNAMIC) { - if (p->flags & X509_TRUST_DYNAMIC_NAME) - OPENSSL_free(p->name); - OPENSSL_free(p); - } -} - -void X509_TRUST_cleanup(void) -{ - sk_X509_TRUST_pop_free(trtable, trtable_free); - trtable = NULL; -} - -int X509_TRUST_get_flags(const X509_TRUST *xp) -{ - return xp->flags; -} - -char *X509_TRUST_get0_name(const X509_TRUST *xp) -{ - return xp->name; -} - -int X509_TRUST_get_trust(const X509_TRUST *xp) -{ - return xp->trust; -} - -static int trust_1oidany(X509_TRUST *trust, X509 *x, int flags) -{ - /* - * Declare the chain verified if the desired trust OID is not rejected in - * any auxiliary trust info for this certificate, and the OID is either - * expressly trusted, or else either "anyEKU" is trusted, or the - * certificate is self-signed and X509_TRUST_NO_SS_COMPAT is not set. - */ - flags |= X509_TRUST_DO_SS_COMPAT | X509_TRUST_OK_ANY_EKU; - return obj_trust(trust->arg1, x, flags); -} - -static int trust_1oid(X509_TRUST *trust, X509 *x, int flags) -{ - /* - * Declare the chain verified only if the desired trust OID is not - * rejected and is expressly trusted. Neither "anyEKU" nor "compat" - * trust in self-signed certificates apply. - */ - flags &= ~(X509_TRUST_DO_SS_COMPAT | X509_TRUST_OK_ANY_EKU); - return obj_trust(trust->arg1, x, flags); -} - -static int trust_compat(X509_TRUST *trust, X509 *x, int flags) -{ - /* Call for side-effect of setting EXFLAG_SS for self-signed-certs */ - if (X509_check_purpose(x, -1, 0) != 1) - return X509_TRUST_UNTRUSTED; - if ((flags & X509_TRUST_NO_SS_COMPAT) == 0 && (x->ex_flags & EXFLAG_SS)) - return X509_TRUST_TRUSTED; - else - return X509_TRUST_UNTRUSTED; -} - -static int obj_trust(int id, X509 *x, int flags) -{ - X509_CERT_AUX *ax = x->aux; - int i; - - if (ax && ax->reject) { - for (i = 0; i < sk_ASN1_OBJECT_num(ax->reject); i++) { - ASN1_OBJECT *obj = sk_ASN1_OBJECT_value(ax->reject, i); - int nid = OBJ_obj2nid(obj); - - if (nid == id || (nid == NID_anyExtendedKeyUsage && - (flags & X509_TRUST_OK_ANY_EKU))) - return X509_TRUST_REJECTED; - } - } - - if (ax && ax->trust) { - for (i = 0; i < sk_ASN1_OBJECT_num(ax->trust); i++) { - ASN1_OBJECT *obj = sk_ASN1_OBJECT_value(ax->trust, i); - int nid = OBJ_obj2nid(obj); - - if (nid == id || (nid == NID_anyExtendedKeyUsage && - (flags & X509_TRUST_OK_ANY_EKU))) - return X509_TRUST_TRUSTED; - } - /* - * Reject when explicit trust EKU are set and none match. - * - * Returning untrusted is enough for for full chains that end in - * self-signed roots, because when explicit trust is specified it - * suppresses the default blanket trust of self-signed objects. - * - * But for partial chains, this is not enough, because absent a similar - * trust-self-signed policy, non matching EKUs are indistinguishable - * from lack of EKU constraints. - * - * Therefore, failure to match any trusted purpose must trigger an - * explicit reject. - */ - return X509_TRUST_REJECTED; - } - - if ((flags & X509_TRUST_DO_SS_COMPAT) == 0) - return X509_TRUST_UNTRUSTED; - - /* - * Not rejected, and there is no list of accepted uses, try compat. - */ - return trust_compat(NULL, x, flags); -} diff --git a/crypto/x509/x509_txt.c b/crypto/x509/x509_txt.c deleted file mode 100644 index 0c7ae1ed79d01ace3e0163dd9529d6162c39ec30..0000000000000000000000000000000000000000 --- a/crypto/x509/x509_txt.c +++ /dev/null @@ -1,220 +0,0 @@ -/* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include - -#include "internal/cryptlib.h" -#include -#include -#include -#include -#include - -const char *X509_verify_cert_error_string(long n) -{ - switch ((int)n) { - case X509_V_OK: - return "ok"; - case X509_V_ERR_UNSPECIFIED: - return "unspecified certificate verification error"; - case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: - return "unable to get issuer certificate"; - case X509_V_ERR_UNABLE_TO_GET_CRL: - return "unable to get certificate CRL"; - case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: - return "unable to decrypt certificate's signature"; - case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE: - return "unable to decrypt CRL's signature"; - case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY: - return "unable to decode issuer public key"; - case X509_V_ERR_CERT_SIGNATURE_FAILURE: - return "certificate signature failure"; - case X509_V_ERR_CRL_SIGNATURE_FAILURE: - return "CRL signature failure"; - case X509_V_ERR_CERT_NOT_YET_VALID: - return "certificate is not yet valid"; - case X509_V_ERR_CERT_HAS_EXPIRED: - return "certificate has expired"; - case X509_V_ERR_CRL_NOT_YET_VALID: - return "CRL is not yet valid"; - case X509_V_ERR_CRL_HAS_EXPIRED: - return "CRL has expired"; - case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: - return "format error in certificate's notBefore field"; - case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: - return "format error in certificate's notAfter field"; - case X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD: - return "format error in CRL's lastUpdate field"; - case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD: - return "format error in CRL's nextUpdate field"; - case X509_V_ERR_OUT_OF_MEM: - return "out of memory"; - case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: - return "self-signed certificate"; - case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: - return "self-signed certificate in certificate chain"; - case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: - return "unable to get local issuer certificate"; - case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: - return "unable to verify the first certificate"; - case X509_V_ERR_CERT_CHAIN_TOO_LONG: - return "certificate chain too long"; - case X509_V_ERR_CERT_REVOKED: - return "certificate revoked"; - case X509_V_ERR_NO_ISSUER_PUBLIC_KEY: - return "issuer certificate doesn't have a public key"; - case X509_V_ERR_PATH_LENGTH_EXCEEDED: - return "path length constraint exceeded"; - case X509_V_ERR_INVALID_PURPOSE: - return "unsupported certificate purpose"; - case X509_V_ERR_CERT_UNTRUSTED: - return "certificate not trusted"; - case X509_V_ERR_CERT_REJECTED: - return "certificate rejected"; - case X509_V_ERR_SUBJECT_ISSUER_MISMATCH: - return "subject issuer mismatch"; - case X509_V_ERR_AKID_SKID_MISMATCH: - return "authority and subject key identifier mismatch"; - case X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH: - return "authority and issuer serial number mismatch"; - case X509_V_ERR_KEYUSAGE_NO_CERTSIGN: - return "key usage does not include certificate signing"; - case X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER: - return "unable to get CRL issuer certificate"; - case X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION: - return "unhandled critical extension"; - case X509_V_ERR_KEYUSAGE_NO_CRL_SIGN: - return "key usage does not include CRL signing"; - case X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION: - return "unhandled critical CRL extension"; - case X509_V_ERR_INVALID_NON_CA: - return "invalid non-CA certificate (has CA markings)"; - case X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED: - return "proxy path length constraint exceeded"; - case X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE: - return "key usage does not include digital signature"; - case X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED: - return - "proxy certificates not allowed, please set the appropriate flag"; - case X509_V_ERR_INVALID_EXTENSION: - return "invalid or inconsistent certificate extension"; - case X509_V_ERR_INVALID_POLICY_EXTENSION: - return "invalid or inconsistent certificate policy extension"; - case X509_V_ERR_NO_EXPLICIT_POLICY: - return "no explicit policy"; - case X509_V_ERR_DIFFERENT_CRL_SCOPE: - return "different CRL scope"; - case X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE: - return "unsupported extension feature"; - case X509_V_ERR_UNNESTED_RESOURCE: - return "RFC 3779 resource not subset of parent's resources"; - case X509_V_ERR_PERMITTED_VIOLATION: - return "permitted subtree violation"; - case X509_V_ERR_EXCLUDED_VIOLATION: - return "excluded subtree violation"; - case X509_V_ERR_SUBTREE_MINMAX: - return "name constraints minimum and maximum not supported"; - case X509_V_ERR_APPLICATION_VERIFICATION: - return "application verification failure"; - case X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE: - return "unsupported name constraint type"; - case X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX: - return "unsupported or invalid name constraint syntax"; - case X509_V_ERR_UNSUPPORTED_NAME_SYNTAX: - return "unsupported or invalid name syntax"; - case X509_V_ERR_CRL_PATH_VALIDATION_ERROR: - return "CRL path validation error"; - case X509_V_ERR_PATH_LOOP: - return "path loop"; - case X509_V_ERR_SUITE_B_INVALID_VERSION: - return "Suite B: certificate version invalid"; - case X509_V_ERR_SUITE_B_INVALID_ALGORITHM: - return "Suite B: invalid public key algorithm"; - case X509_V_ERR_SUITE_B_INVALID_CURVE: - return "Suite B: invalid ECC curve"; - case X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM: - return "Suite B: invalid signature algorithm"; - case X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED: - return "Suite B: curve not allowed for this LOS"; - case X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256: - return "Suite B: cannot sign P-384 with P-256"; - case X509_V_ERR_HOSTNAME_MISMATCH: - return "hostname mismatch"; - case X509_V_ERR_EMAIL_MISMATCH: - return "email address mismatch"; - case X509_V_ERR_IP_ADDRESS_MISMATCH: - return "IP address mismatch"; - case X509_V_ERR_DANE_NO_MATCH: - return "no matching DANE TLSA records"; - case X509_V_ERR_EE_KEY_TOO_SMALL: - return "EE certificate key too weak"; - case X509_V_ERR_CA_KEY_TOO_SMALL: - return "CA certificate key too weak"; - case X509_V_ERR_CA_MD_TOO_WEAK: - return "CA signature digest algorithm too weak"; - case X509_V_ERR_INVALID_CALL: - return "invalid certificate verification context"; - case X509_V_ERR_STORE_LOOKUP: - return "issuer certificate lookup error"; - case X509_V_ERR_NO_VALID_SCTS: - return "Certificate Transparency required, but no valid SCTs found"; - case X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION: - return "proxy subject name violation"; - case X509_V_ERR_OCSP_VERIFY_NEEDED: - return "OCSP verification needed"; - case X509_V_ERR_OCSP_VERIFY_FAILED: - return "OCSP verification failed"; - case X509_V_ERR_OCSP_CERT_UNKNOWN: - return "OCSP unknown cert"; - case X509_V_ERR_UNSUPPORTED_SIGNATURE_ALGORITHM: - return "Cannot find certificate signature algorithm"; - case X509_V_ERR_SIGNATURE_ALGORITHM_MISMATCH: - return "subject signature algorithm and issuer public key algorithm mismatch"; - case X509_V_ERR_SIGNATURE_ALGORITHM_INCONSISTENCY: - return "cert info siganature and signature algorithm mismatch"; - case X509_V_ERR_INVALID_CA: - return "invalid CA certificate"; - case X509_V_ERR_PATHLEN_INVALID_FOR_NON_CA: - return "Path length invalid for non-CA cert"; - case X509_V_ERR_PATHLEN_WITHOUT_KU_KEY_CERT_SIGN: - return "Path length given without key usage keyCertSign"; - case X509_V_ERR_KU_KEY_CERT_SIGN_INVALID_FOR_NON_CA: - return "Key usage keyCertSign invalid for non-CA cert"; - case X509_V_ERR_ISSUER_NAME_EMPTY: - return "Issuer name empty"; - case X509_V_ERR_SUBJECT_NAME_EMPTY: - return "Subject name empty"; - case X509_V_ERR_MISSING_AUTHORITY_KEY_IDENTIFIER: - return "Missing Authority Key Identifier"; - case X509_V_ERR_MISSING_SUBJECT_KEY_IDENTIFIER: - return "Missing Subject Key Identifier"; - case X509_V_ERR_EMPTY_SUBJECT_ALT_NAME: - return "Empty Subject Alternative Name extension"; - case X509_V_ERR_CA_BCONS_NOT_CRITICAL: - return "Basic Constraints of CA cert not marked critical"; - case X509_V_ERR_EMPTY_SUBJECT_SAN_NOT_CRITICAL: - return "Subject empty and Subject Alt Name extension not critical"; - case X509_V_ERR_AUTHORITY_KEY_IDENTIFIER_CRITICAL: - return "Authority Key Identifier marked critical"; - case X509_V_ERR_SUBJECT_KEY_IDENTIFIER_CRITICAL: - return "Subject Key Identifier marked critical"; - case X509_V_ERR_CA_CERT_MISSING_KEY_USAGE: - return "CA cert does not include key usage extension"; - case X509_V_ERR_EXTENSIONS_REQUIRE_VERSION_3: - return "Using cert extension requires at least X509v3"; - case X509_V_ERR_EC_KEY_EXPLICIT_PARAMS: - return "Certificate public key has explicit ECC parameters"; - - default: - /* Printing an error number into a static buffer is not thread-safe */ - return "unknown certificate verification error"; - } -} diff --git a/crypto/x509/x509_v3.c b/crypto/x509/x509_v3.c deleted file mode 100644 index 262061a20f0dda307fe45e221a93ec147ab67569..0000000000000000000000000000000000000000 --- a/crypto/x509/x509_v3.c +++ /dev/null @@ -1,234 +0,0 @@ -/* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/cryptlib.h" -#include -#include -#include -#include -#include -#include -#include "x509_local.h" - -int X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x) -{ - if (x == NULL) - return 0; - return sk_X509_EXTENSION_num(x); -} - -int X509v3_get_ext_by_NID(const STACK_OF(X509_EXTENSION) *x, int nid, - int lastpos) -{ - ASN1_OBJECT *obj; - - obj = OBJ_nid2obj(nid); - if (obj == NULL) - return -2; - return X509v3_get_ext_by_OBJ(x, obj, lastpos); -} - -int X509v3_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) *sk, - const ASN1_OBJECT *obj, int lastpos) -{ - int n; - X509_EXTENSION *ex; - - if (sk == NULL) - return -1; - lastpos++; - if (lastpos < 0) - lastpos = 0; - n = sk_X509_EXTENSION_num(sk); - for (; lastpos < n; lastpos++) { - ex = sk_X509_EXTENSION_value(sk, lastpos); - if (OBJ_cmp(ex->object, obj) == 0) - return lastpos; - } - return -1; -} - -int X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *sk, int crit, - int lastpos) -{ - int n; - X509_EXTENSION *ex; - - if (sk == NULL) - return -1; - lastpos++; - if (lastpos < 0) - lastpos = 0; - n = sk_X509_EXTENSION_num(sk); - for (; lastpos < n; lastpos++) { - ex = sk_X509_EXTENSION_value(sk, lastpos); - if (((ex->critical > 0) && crit) || ((ex->critical <= 0) && !crit)) - return lastpos; - } - return -1; -} - -X509_EXTENSION *X509v3_get_ext(const STACK_OF(X509_EXTENSION) *x, int loc) -{ - if (x == NULL || sk_X509_EXTENSION_num(x) <= loc || loc < 0) - return NULL; - else - return sk_X509_EXTENSION_value(x, loc); -} - -X509_EXTENSION *X509v3_delete_ext(STACK_OF(X509_EXTENSION) *x, int loc) -{ - X509_EXTENSION *ret; - - if (x == NULL || sk_X509_EXTENSION_num(x) <= loc || loc < 0) - return NULL; - ret = sk_X509_EXTENSION_delete(x, loc); - return ret; -} - -STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x, - X509_EXTENSION *ex, int loc) -{ - X509_EXTENSION *new_ex = NULL; - int n; - STACK_OF(X509_EXTENSION) *sk = NULL; - - if (x == NULL) { - ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER); - goto err2; - } - - if (*x == NULL) { - if ((sk = sk_X509_EXTENSION_new_null()) == NULL) - goto err; - } else - sk = *x; - - n = sk_X509_EXTENSION_num(sk); - if (loc > n) - loc = n; - else if (loc < 0) - loc = n; - - if ((new_ex = X509_EXTENSION_dup(ex)) == NULL) - goto err2; - if (!sk_X509_EXTENSION_insert(sk, new_ex, loc)) - goto err; - if (*x == NULL) - *x = sk; - return sk; - err: - ERR_raise(ERR_LIB_X509, ERR_R_MALLOC_FAILURE); - err2: - X509_EXTENSION_free(new_ex); - if (x != NULL && *x == NULL) - sk_X509_EXTENSION_free(sk); - return NULL; -} - -X509_EXTENSION *X509_EXTENSION_create_by_NID(X509_EXTENSION **ex, int nid, - int crit, - ASN1_OCTET_STRING *data) -{ - ASN1_OBJECT *obj; - X509_EXTENSION *ret; - - obj = OBJ_nid2obj(nid); - if (obj == NULL) { - ERR_raise(ERR_LIB_X509, X509_R_UNKNOWN_NID); - return NULL; - } - ret = X509_EXTENSION_create_by_OBJ(ex, obj, crit, data); - if (ret == NULL) - ASN1_OBJECT_free(obj); - return ret; -} - -X509_EXTENSION *X509_EXTENSION_create_by_OBJ(X509_EXTENSION **ex, - const ASN1_OBJECT *obj, int crit, - ASN1_OCTET_STRING *data) -{ - X509_EXTENSION *ret; - - if ((ex == NULL) || (*ex == NULL)) { - if ((ret = X509_EXTENSION_new()) == NULL) { - ERR_raise(ERR_LIB_X509, ERR_R_MALLOC_FAILURE); - return NULL; - } - } else - ret = *ex; - - if (!X509_EXTENSION_set_object(ret, obj)) - goto err; - if (!X509_EXTENSION_set_critical(ret, crit)) - goto err; - if (!X509_EXTENSION_set_data(ret, data)) - goto err; - - if ((ex != NULL) && (*ex == NULL)) - *ex = ret; - return ret; - err: - if ((ex == NULL) || (ret != *ex)) - X509_EXTENSION_free(ret); - return NULL; -} - -int X509_EXTENSION_set_object(X509_EXTENSION *ex, const ASN1_OBJECT *obj) -{ - if ((ex == NULL) || (obj == NULL)) - return 0; - ASN1_OBJECT_free(ex->object); - ex->object = OBJ_dup(obj); - return ex->object != NULL; -} - -int X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit) -{ - if (ex == NULL) - return 0; - ex->critical = (crit) ? 0xFF : -1; - return 1; -} - -int X509_EXTENSION_set_data(X509_EXTENSION *ex, ASN1_OCTET_STRING *data) -{ - int i; - - if (ex == NULL) - return 0; - i = ASN1_OCTET_STRING_set(&ex->value, data->data, data->length); - if (!i) - return 0; - return 1; -} - -ASN1_OBJECT *X509_EXTENSION_get_object(X509_EXTENSION *ex) -{ - if (ex == NULL) - return NULL; - return ex->object; -} - -ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ex) -{ - if (ex == NULL) - return NULL; - return &ex->value; -} - -int X509_EXTENSION_get_critical(const X509_EXTENSION *ex) -{ - if (ex == NULL) - return 0; - if (ex->critical > 0) - return 1; - return 0; -} diff --git a/crypto/x509/x509_vpm.c b/crypto/x509/x509_vpm.c deleted file mode 100644 index b4f4c45998befe513ad0097aa219b71cbf414749..0000000000000000000000000000000000000000 --- a/crypto/x509/x509_vpm.c +++ /dev/null @@ -1,634 +0,0 @@ -/* - * Copyright 2004-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include - -#include "internal/cryptlib.h" -#include -#include -#include -#include -#include "crypto/x509.h" - -#include "x509_local.h" - -/* X509_VERIFY_PARAM functions */ - -#define SET_HOST 0 -#define ADD_HOST 1 - -static char *str_copy(const char *s) -{ - return OPENSSL_strdup(s); -} - -static void str_free(char *s) -{ - OPENSSL_free(s); -} - -static int int_x509_param_set_hosts(X509_VERIFY_PARAM *vpm, int mode, - const char *name, size_t namelen) -{ - char *copy; - - /* - * Refuse names with embedded NUL bytes, except perhaps as final byte. - * XXX: Do we need to push an error onto the error stack? - */ - if (namelen == 0 || name == NULL) - namelen = name ? strlen(name) : 0; - else if (name != NULL - && memchr(name, '\0', namelen > 1 ? namelen - 1 : namelen) != NULL) - return 0; - if (namelen > 0 && name[namelen - 1] == '\0') - --namelen; - - if (mode == SET_HOST) { - sk_OPENSSL_STRING_pop_free(vpm->hosts, str_free); - vpm->hosts = NULL; - } - if (name == NULL || namelen == 0) - return 1; - - copy = OPENSSL_strndup(name, namelen); - if (copy == NULL) - return 0; - - if (vpm->hosts == NULL && - (vpm->hosts = sk_OPENSSL_STRING_new_null()) == NULL) { - OPENSSL_free(copy); - return 0; - } - - if (!sk_OPENSSL_STRING_push(vpm->hosts, copy)) { - OPENSSL_free(copy); - if (sk_OPENSSL_STRING_num(vpm->hosts) == 0) { - sk_OPENSSL_STRING_free(vpm->hosts); - vpm->hosts = NULL; - } - return 0; - } - - return 1; -} - -X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void) -{ - X509_VERIFY_PARAM *param; - - param = OPENSSL_zalloc(sizeof(*param)); - if (param == NULL) { - ERR_raise(ERR_LIB_X509, ERR_R_MALLOC_FAILURE); - return NULL; - } - param->trust = X509_TRUST_DEFAULT; - /* param->inh_flags = X509_VP_FLAG_DEFAULT; */ - param->depth = -1; - param->auth_level = -1; /* -1 means unset, 0 is explicit */ - return param; -} - -void X509_VERIFY_PARAM_free(X509_VERIFY_PARAM *param) -{ - if (param == NULL) - return; - sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free); - sk_OPENSSL_STRING_pop_free(param->hosts, str_free); - OPENSSL_free(param->peername); - OPENSSL_free(param->email); - OPENSSL_free(param->ip); - OPENSSL_free(param); -} - -/*- - * This function determines how parameters are "inherited" from one structure - * to another. There are several different ways this can happen. - * - * 1. If a child structure needs to have its values initialized from a parent - * they are simply copied across. For example SSL_CTX copied to SSL. - * 2. If the structure should take on values only if they are currently unset. - * For example the values in an SSL structure will take appropriate value - * for SSL servers or clients but only if the application has not set new - * ones. - * - * The "inh_flags" field determines how this function behaves. - * - * Normally any values which are set in the default are not copied from the - * destination and verify flags are ORed together. - * - * If X509_VP_FLAG_DEFAULT is set then anything set in the source is copied - * to the destination. Effectively the values in "to" become default values - * which will be used only if nothing new is set in "from". - * - * If X509_VP_FLAG_OVERWRITE is set then all value are copied across whether - * they are set or not. Flags is still Ored though. - * - * If X509_VP_FLAG_RESET_FLAGS is set then the flags value is copied instead - * of ORed. - * - * If X509_VP_FLAG_LOCKED is set then no values are copied. - * - * If X509_VP_FLAG_ONCE is set then the current inh_flags setting is zeroed - * after the next call. - */ - -/* Macro to test if a field should be copied from src to dest */ - -#define test_x509_verify_param_copy(field, def) \ - (to_overwrite || (src->field != def && (to_default || dest->field == def))) - -/* Macro to test and copy a field if necessary */ - -#define x509_verify_param_copy(field, def) \ - if (test_x509_verify_param_copy(field, def)) \ - dest->field = src->field; - -int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *dest, - const X509_VERIFY_PARAM *src) -{ - unsigned long inh_flags; - int to_default, to_overwrite; - - if (src == NULL) - return 1; - inh_flags = dest->inh_flags | src->inh_flags; - - if ((inh_flags & X509_VP_FLAG_ONCE) != 0) - dest->inh_flags = 0; - - if ((inh_flags & X509_VP_FLAG_LOCKED) != 0) - return 1; - - to_default = (inh_flags & X509_VP_FLAG_DEFAULT) != 0; - to_overwrite = (inh_flags & X509_VP_FLAG_OVERWRITE) != 0; - - x509_verify_param_copy(purpose, 0); - x509_verify_param_copy(trust, X509_TRUST_DEFAULT); - x509_verify_param_copy(depth, -1); - x509_verify_param_copy(auth_level, -1); - - /* If overwrite or check time not set, copy across */ - - if (to_overwrite || (dest->flags & X509_V_FLAG_USE_CHECK_TIME) == 0) { - dest->check_time = src->check_time; - dest->flags &= ~X509_V_FLAG_USE_CHECK_TIME; - /* Don't need to copy flag: that is done below */ - } - - if ((inh_flags & X509_VP_FLAG_RESET_FLAGS) != 0) - dest->flags = 0; - - dest->flags |= src->flags; - - if (test_x509_verify_param_copy(policies, NULL)) { - if (!X509_VERIFY_PARAM_set1_policies(dest, src->policies)) - return 0; - } - - x509_verify_param_copy(hostflags, 0); - - if (test_x509_verify_param_copy(hosts, NULL)) { - sk_OPENSSL_STRING_pop_free(dest->hosts, str_free); - dest->hosts = NULL; - if (src->hosts != NULL) { - dest->hosts = - sk_OPENSSL_STRING_deep_copy(src->hosts, str_copy, str_free); - if (dest->hosts == NULL) - return 0; - } - } - - if (test_x509_verify_param_copy(email, NULL)) { - if (!X509_VERIFY_PARAM_set1_email(dest, src->email, src->emaillen)) - return 0; - } - - if (test_x509_verify_param_copy(ip, NULL)) { - if (!X509_VERIFY_PARAM_set1_ip(dest, src->ip, src->iplen)) - return 0; - } - - return 1; -} - -int X509_VERIFY_PARAM_set1(X509_VERIFY_PARAM *to, - const X509_VERIFY_PARAM *from) -{ - unsigned long save_flags; - int ret; - - if (to == NULL) { - ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - save_flags = to->inh_flags; - to->inh_flags |= X509_VP_FLAG_DEFAULT; - ret = X509_VERIFY_PARAM_inherit(to, from); - to->inh_flags = save_flags; - return ret; -} - -static int int_x509_param_set1(char **pdest, size_t *pdestlen, - const char *src, size_t srclen) -{ - char *tmp; - - if (src != NULL) { - if (srclen == 0) - srclen = strlen(src); - - tmp = OPENSSL_malloc(srclen + 1); - if (tmp == NULL) - return 0; - memcpy(tmp, src, srclen); - tmp[srclen] = '\0'; /* enforce NUL termination */ - } else { - tmp = NULL; - srclen = 0; - } - OPENSSL_free(*pdest); - *pdest = tmp; - if (pdestlen != NULL) - *pdestlen = srclen; - return 1; -} - -int X509_VERIFY_PARAM_set1_name(X509_VERIFY_PARAM *param, const char *name) -{ - OPENSSL_free(param->name); - param->name = OPENSSL_strdup(name); - return param->name != NULL; -} - -int X509_VERIFY_PARAM_set_flags(X509_VERIFY_PARAM *param, unsigned long flags) -{ - param->flags |= flags; - if ((flags & X509_V_FLAG_POLICY_MASK) != 0) - param->flags |= X509_V_FLAG_POLICY_CHECK; - return 1; -} - -int X509_VERIFY_PARAM_clear_flags(X509_VERIFY_PARAM *param, - unsigned long flags) -{ - param->flags &= ~flags; - return 1; -} - -unsigned long X509_VERIFY_PARAM_get_flags(const X509_VERIFY_PARAM *param) -{ - return param->flags; -} - -uint32_t X509_VERIFY_PARAM_get_inh_flags(const X509_VERIFY_PARAM *param) -{ - return param->inh_flags; -} - -int X509_VERIFY_PARAM_set_inh_flags(X509_VERIFY_PARAM *param, uint32_t flags) -{ - param->inh_flags = flags; - return 1; -} - -int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param, int purpose) -{ - return X509_PURPOSE_set(¶m->purpose, purpose); -} - -int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust) -{ - return X509_TRUST_set(¶m->trust, trust); -} - -void X509_VERIFY_PARAM_set_depth(X509_VERIFY_PARAM *param, int depth) -{ - param->depth = depth; -} - -void X509_VERIFY_PARAM_set_auth_level(X509_VERIFY_PARAM *param, int auth_level) -{ - param->auth_level = auth_level; -} - -time_t X509_VERIFY_PARAM_get_time(const X509_VERIFY_PARAM *param) -{ - return param->check_time; -} - -void X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *param, time_t t) -{ - param->check_time = t; - param->flags |= X509_V_FLAG_USE_CHECK_TIME; -} - -int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param, - ASN1_OBJECT *policy) -{ - if (param->policies == NULL) { - param->policies = sk_ASN1_OBJECT_new_null(); - if (param->policies == NULL) - return 0; - } - return sk_ASN1_OBJECT_push(param->policies, policy); -} - -int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param, - STACK_OF(ASN1_OBJECT) *policies) -{ - int i; - ASN1_OBJECT *oid, *doid; - - if (param == NULL) { - ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free); - - if (policies == NULL) { - param->policies = NULL; - return 1; - } - - param->policies = sk_ASN1_OBJECT_new_null(); - if (param->policies == NULL) - return 0; - - for (i = 0; i < sk_ASN1_OBJECT_num(policies); i++) { - oid = sk_ASN1_OBJECT_value(policies, i); - doid = OBJ_dup(oid); - if (doid == NULL) - return 0; - if (!sk_ASN1_OBJECT_push(param->policies, doid)) { - ASN1_OBJECT_free(doid); - return 0; - } - } - param->flags |= X509_V_FLAG_POLICY_CHECK; - return 1; -} - -char *X509_VERIFY_PARAM_get0_host(X509_VERIFY_PARAM *param, int idx) -{ - return sk_OPENSSL_STRING_value(param->hosts, idx); -} - -int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param, - const char *name, size_t namelen) -{ - return int_x509_param_set_hosts(param, SET_HOST, name, namelen); -} - -int X509_VERIFY_PARAM_add1_host(X509_VERIFY_PARAM *param, - const char *name, size_t namelen) -{ - return int_x509_param_set_hosts(param, ADD_HOST, name, namelen); -} - -void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param, - unsigned int flags) -{ - param->hostflags = flags; -} - -unsigned int X509_VERIFY_PARAM_get_hostflags(const X509_VERIFY_PARAM *param) -{ - return param->hostflags; -} - -char *X509_VERIFY_PARAM_get0_peername(const X509_VERIFY_PARAM *param) -{ - return param->peername; -} - -/* - * Move peername from one param structure to another, freeing any name present - * at the target. If the source is a NULL parameter structure, free and zero - * the target peername. - */ -void X509_VERIFY_PARAM_move_peername(X509_VERIFY_PARAM *to, - X509_VERIFY_PARAM *from) -{ - char *peername = (from != NULL) ? from->peername : NULL; - - if (to->peername != peername) { - OPENSSL_free(to->peername); - to->peername = peername; - } - if (from != NULL) - from->peername = NULL; -} - -char *X509_VERIFY_PARAM_get0_email(X509_VERIFY_PARAM *param) -{ - return param->email; -} - -int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param, - const char *email, size_t emaillen) -{ - return int_x509_param_set1(¶m->email, ¶m->emaillen, - email, emaillen); -} - -static unsigned char -*int_X509_VERIFY_PARAM_get0_ip(X509_VERIFY_PARAM *param, size_t *plen) -{ - if (param == NULL || param->ip == NULL) { - ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER); - return NULL; - } - if (plen != NULL) - *plen = param->iplen; - return param->ip; -} - -char *X509_VERIFY_PARAM_get1_ip_asc(X509_VERIFY_PARAM *param) -{ - size_t iplen; - unsigned char *ip = int_X509_VERIFY_PARAM_get0_ip(param, &iplen); - - return ip == NULL ? NULL : ossl_ipaddr_to_asc(ip, iplen); -} - -int X509_VERIFY_PARAM_set1_ip(X509_VERIFY_PARAM *param, - const unsigned char *ip, size_t iplen) -{ - if (iplen != 0 && iplen != 4 && iplen != 16) { - ERR_raise(ERR_LIB_X509, ERR_R_PASSED_INVALID_ARGUMENT); - return 0; - } - return int_x509_param_set1((char **)¶m->ip, ¶m->iplen, - (char *)ip, iplen); -} - -int X509_VERIFY_PARAM_set1_ip_asc(X509_VERIFY_PARAM *param, const char *ipasc) -{ - unsigned char ipout[16]; - size_t iplen = (size_t)ossl_a2i_ipadd(ipout, ipasc); - - if (iplen == 0) - return 0; - return X509_VERIFY_PARAM_set1_ip(param, ipout, iplen); -} - -int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param) -{ - return param->depth; -} - -int X509_VERIFY_PARAM_get_auth_level(const X509_VERIFY_PARAM *param) -{ - return param->auth_level; -} - -const char *X509_VERIFY_PARAM_get0_name(const X509_VERIFY_PARAM *param) -{ - return param->name; -} - -#define vpm_empty_id NULL, 0U, NULL, NULL, 0, NULL, 0 - -/* - * Default verify parameters: these are used for various applications and can - * be overridden by the user specified table. NB: the 'name' field *must* be - * in alphabetical order because it will be searched using OBJ_search. - */ - -static const X509_VERIFY_PARAM default_table[] = { - { - "default", /* X509 default parameters */ - 0, /* check time to use */ - 0, /* inheritance flags */ - X509_V_FLAG_TRUSTED_FIRST, /* flags */ - 0, /* purpose */ - 0, /* trust */ - 100, /* depth */ - -1, /* auth_level */ - NULL, /* policies */ - vpm_empty_id}, - { - "pkcs7", /* S/MIME sign parameters */ - 0, /* check time to use */ - 0, /* inheritance flags */ - 0, /* flags */ - X509_PURPOSE_SMIME_SIGN, /* purpose */ - X509_TRUST_EMAIL, /* trust */ - -1, /* depth */ - -1, /* auth_level */ - NULL, /* policies */ - vpm_empty_id}, - { - "smime_sign", /* S/MIME sign parameters */ - 0, /* check time to use */ - 0, /* inheritance flags */ - 0, /* flags */ - X509_PURPOSE_SMIME_SIGN, /* purpose */ - X509_TRUST_EMAIL, /* trust */ - -1, /* depth */ - -1, /* auth_level */ - NULL, /* policies */ - vpm_empty_id}, - { - "ssl_client", /* SSL/TLS client parameters */ - 0, /* check time to use */ - 0, /* inheritance flags */ - 0, /* flags */ - X509_PURPOSE_SSL_CLIENT, /* purpose */ - X509_TRUST_SSL_CLIENT, /* trust */ - -1, /* depth */ - -1, /* auth_level */ - NULL, /* policies */ - vpm_empty_id}, - { - "ssl_server", /* SSL/TLS server parameters */ - 0, /* check time to use */ - 0, /* inheritance flags */ - 0, /* flags */ - X509_PURPOSE_SSL_SERVER, /* purpose */ - X509_TRUST_SSL_SERVER, /* trust */ - -1, /* depth */ - -1, /* auth_level */ - NULL, /* policies */ - vpm_empty_id} -}; - -static STACK_OF(X509_VERIFY_PARAM) *param_table = NULL; - -static int table_cmp(const X509_VERIFY_PARAM *a, const X509_VERIFY_PARAM *b) -{ - return strcmp(a->name, b->name); -} - -DECLARE_OBJ_BSEARCH_CMP_FN(X509_VERIFY_PARAM, X509_VERIFY_PARAM, table); -IMPLEMENT_OBJ_BSEARCH_CMP_FN(X509_VERIFY_PARAM, X509_VERIFY_PARAM, table); - -static int param_cmp(const X509_VERIFY_PARAM *const *a, - const X509_VERIFY_PARAM *const *b) -{ - return strcmp((*a)->name, (*b)->name); -} - -int X509_VERIFY_PARAM_add0_table(X509_VERIFY_PARAM *param) -{ - int idx; - X509_VERIFY_PARAM *ptmp; - - if (param_table == NULL) { - param_table = sk_X509_VERIFY_PARAM_new(param_cmp); - if (param_table == NULL) - return 0; - } else { - idx = sk_X509_VERIFY_PARAM_find(param_table, param); - if (idx >= 0) { - ptmp = sk_X509_VERIFY_PARAM_delete(param_table, idx); - X509_VERIFY_PARAM_free(ptmp); - } - } - return sk_X509_VERIFY_PARAM_push(param_table, param); -} - -int X509_VERIFY_PARAM_get_count(void) -{ - int num = OSSL_NELEM(default_table); - - if (param_table != NULL) - num += sk_X509_VERIFY_PARAM_num(param_table); - return num; -} - -const X509_VERIFY_PARAM *X509_VERIFY_PARAM_get0(int id) -{ - int num = OSSL_NELEM(default_table); - - if (id < num) - return default_table + id; - return sk_X509_VERIFY_PARAM_value(param_table, id - num); -} - -const X509_VERIFY_PARAM *X509_VERIFY_PARAM_lookup(const char *name) -{ - int idx; - X509_VERIFY_PARAM pm; - - pm.name = (char *)name; - if (param_table != NULL) { - idx = sk_X509_VERIFY_PARAM_find(param_table, &pm); - if (idx >= 0) - return sk_X509_VERIFY_PARAM_value(param_table, idx); - } - return OBJ_bsearch_table(&pm, default_table, OSSL_NELEM(default_table)); -} - -void X509_VERIFY_PARAM_table_cleanup(void) -{ - sk_X509_VERIFY_PARAM_pop_free(param_table, X509_VERIFY_PARAM_free); - param_table = NULL; -} diff --git a/crypto/x509/x509cset.c b/crypto/x509/x509cset.c deleted file mode 100644 index 2746b9892506ad40bb9a4cd68405e40bf4380f2d..0000000000000000000000000000000000000000 --- a/crypto/x509/x509cset.c +++ /dev/null @@ -1,183 +0,0 @@ -/* - * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/cryptlib.h" -#include "internal/refcount.h" -#include -#include -#include -#include -#include "crypto/x509.h" - -int X509_CRL_set_version(X509_CRL *x, long version) -{ - if (x == NULL) - return 0; - if (x->crl.version == NULL) { - if ((x->crl.version = ASN1_INTEGER_new()) == NULL) - return 0; - } - return ASN1_INTEGER_set(x->crl.version, version); -} - -int X509_CRL_set_issuer_name(X509_CRL *x, const X509_NAME *name) -{ - if (x == NULL) - return 0; - return X509_NAME_set(&x->crl.issuer, name); -} - -int X509_CRL_set1_lastUpdate(X509_CRL *x, const ASN1_TIME *tm) -{ - if (x == NULL) - return 0; - return ossl_x509_set1_time(&x->crl.lastUpdate, tm); -} - -int X509_CRL_set1_nextUpdate(X509_CRL *x, const ASN1_TIME *tm) -{ - if (x == NULL) - return 0; - return ossl_x509_set1_time(&x->crl.nextUpdate, tm); -} - -int X509_CRL_sort(X509_CRL *c) -{ - int i; - X509_REVOKED *r; - /* - * sort the data so it will be written in serial number order - */ - sk_X509_REVOKED_sort(c->crl.revoked); - for (i = 0; i < sk_X509_REVOKED_num(c->crl.revoked); i++) { - r = sk_X509_REVOKED_value(c->crl.revoked, i); - r->sequence = i; - } - c->crl.enc.modified = 1; - return 1; -} - -int X509_CRL_up_ref(X509_CRL *crl) -{ - int i; - - if (CRYPTO_UP_REF(&crl->references, &i, crl->lock) <= 0) - return 0; - - REF_PRINT_COUNT("X509_CRL", crl); - REF_ASSERT_ISNT(i < 2); - return ((i > 1) ? 1 : 0); -} - -long X509_CRL_get_version(const X509_CRL *crl) -{ - return ASN1_INTEGER_get(crl->crl.version); -} - -const ASN1_TIME *X509_CRL_get0_lastUpdate(const X509_CRL *crl) -{ - return crl->crl.lastUpdate; -} - -const ASN1_TIME *X509_CRL_get0_nextUpdate(const X509_CRL *crl) -{ - return crl->crl.nextUpdate; -} - -#ifndef OPENSSL_NO_DEPRECATED_1_1_0 -ASN1_TIME *X509_CRL_get_lastUpdate(X509_CRL *crl) -{ - return crl->crl.lastUpdate; -} - -ASN1_TIME *X509_CRL_get_nextUpdate(X509_CRL *crl) -{ - return crl->crl.nextUpdate; -} -#endif - -X509_NAME *X509_CRL_get_issuer(const X509_CRL *crl) -{ - return crl->crl.issuer; -} - -const STACK_OF(X509_EXTENSION) *X509_CRL_get0_extensions(const X509_CRL *crl) -{ - return crl->crl.extensions; -} - -STACK_OF(X509_REVOKED) *X509_CRL_get_REVOKED(X509_CRL *crl) -{ - return crl->crl.revoked; -} - -void X509_CRL_get0_signature(const X509_CRL *crl, const ASN1_BIT_STRING **psig, - const X509_ALGOR **palg) -{ - if (psig != NULL) - *psig = &crl->signature; - if (palg != NULL) - *palg = &crl->sig_alg; -} - -int X509_CRL_get_signature_nid(const X509_CRL *crl) -{ - return OBJ_obj2nid(crl->sig_alg.algorithm); -} - -const ASN1_TIME *X509_REVOKED_get0_revocationDate(const X509_REVOKED *x) -{ - return x->revocationDate; -} - -int X509_REVOKED_set_revocationDate(X509_REVOKED *x, ASN1_TIME *tm) -{ - ASN1_TIME *in; - - if (x == NULL) - return 0; - in = x->revocationDate; - if (in != tm) { - in = ASN1_STRING_dup(tm); - if (in != NULL) { - ASN1_TIME_free(x->revocationDate); - x->revocationDate = in; - } - } - return (in != NULL); -} - -const ASN1_INTEGER *X509_REVOKED_get0_serialNumber(const X509_REVOKED *x) -{ - return &x->serialNumber; -} - -int X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial) -{ - ASN1_INTEGER *in; - - if (x == NULL) - return 0; - in = &x->serialNumber; - if (in != serial) - return ASN1_STRING_copy(in, serial); - return 1; -} - -const STACK_OF(X509_EXTENSION) *X509_REVOKED_get0_extensions(const X509_REVOKED *r) -{ - return r->extensions; -} - -int i2d_re_X509_CRL_tbs(X509_CRL *crl, unsigned char **pp) -{ - crl->crl.enc.modified = 1; - return i2d_X509_CRL_INFO(&crl->crl, pp); -} diff --git a/crypto/x509/x509name.c b/crypto/x509/x509name.c deleted file mode 100644 index 690e2799ffcdee4cd2db9f68892b71179564df15..0000000000000000000000000000000000000000 --- a/crypto/x509/x509name.c +++ /dev/null @@ -1,356 +0,0 @@ -/* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/cryptlib.h" -#include -#include -#include -#include -#include -#include "crypto/x509.h" - -int X509_NAME_get_text_by_NID(const X509_NAME *name, int nid, - char *buf, int len) -{ - ASN1_OBJECT *obj; - - obj = OBJ_nid2obj(nid); - if (obj == NULL) - return -1; - return X509_NAME_get_text_by_OBJ(name, obj, buf, len); -} - -int X509_NAME_get_text_by_OBJ(const X509_NAME *name, const ASN1_OBJECT *obj, - char *buf, int len) -{ - int i; - const ASN1_STRING *data; - - i = X509_NAME_get_index_by_OBJ(name, obj, -1); - if (i < 0) - return -1; - data = X509_NAME_ENTRY_get_data(X509_NAME_get_entry(name, i)); - if (buf == NULL) - return data->length; - if (len <= 0) - return 0; - i = (data->length > (len - 1)) ? (len - 1) : data->length; - memcpy(buf, data->data, i); - buf[i] = '\0'; - return i; -} - -int X509_NAME_entry_count(const X509_NAME *name) -{ - if (name == NULL) - return 0; - return sk_X509_NAME_ENTRY_num(name->entries); -} - -int X509_NAME_get_index_by_NID(const X509_NAME *name, int nid, int lastpos) -{ - ASN1_OBJECT *obj; - - obj = OBJ_nid2obj(nid); - if (obj == NULL) - return -2; - return X509_NAME_get_index_by_OBJ(name, obj, lastpos); -} - -/* NOTE: you should be passing -1, not 0 as lastpos */ -int X509_NAME_get_index_by_OBJ(const X509_NAME *name, const ASN1_OBJECT *obj, - int lastpos) -{ - int n; - X509_NAME_ENTRY *ne; - STACK_OF(X509_NAME_ENTRY) *sk; - - if (name == NULL) - return -1; - if (lastpos < 0) - lastpos = -1; - sk = name->entries; - n = sk_X509_NAME_ENTRY_num(sk); - for (lastpos++; lastpos < n; lastpos++) { - ne = sk_X509_NAME_ENTRY_value(sk, lastpos); - if (OBJ_cmp(ne->object, obj) == 0) - return lastpos; - } - return -1; -} - -X509_NAME_ENTRY *X509_NAME_get_entry(const X509_NAME *name, int loc) -{ - if (name == NULL || sk_X509_NAME_ENTRY_num(name->entries) <= loc - || loc < 0) - return NULL; - - return sk_X509_NAME_ENTRY_value(name->entries, loc); -} - -X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc) -{ - X509_NAME_ENTRY *ret; - int i, n, set_prev, set_next; - STACK_OF(X509_NAME_ENTRY) *sk; - - if (name == NULL || sk_X509_NAME_ENTRY_num(name->entries) <= loc - || loc < 0) - return NULL; - - sk = name->entries; - ret = sk_X509_NAME_ENTRY_delete(sk, loc); - n = sk_X509_NAME_ENTRY_num(sk); - name->modified = 1; - if (loc == n) - return ret; - - /* else we need to fixup the set field */ - if (loc != 0) - set_prev = (sk_X509_NAME_ENTRY_value(sk, loc - 1))->set; - else - set_prev = ret->set - 1; - set_next = sk_X509_NAME_ENTRY_value(sk, loc)->set; - - /*- - * set_prev is the previous set - * set is the current set - * set_next is the following - * prev 1 1 1 1 1 1 1 1 - * set 1 1 2 2 - * next 1 1 2 2 2 2 3 2 - * so basically only if prev and next differ by 2, then - * re-number down by 1 - */ - if (set_prev + 1 < set_next) - for (i = loc; i < n; i++) - sk_X509_NAME_ENTRY_value(sk, i)->set--; - return ret; -} - -int X509_NAME_add_entry_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, int type, - const unsigned char *bytes, int len, int loc, - int set) -{ - X509_NAME_ENTRY *ne; - int ret; - - ne = X509_NAME_ENTRY_create_by_OBJ(NULL, obj, type, bytes, len); - if (!ne) - return 0; - ret = X509_NAME_add_entry(name, ne, loc, set); - X509_NAME_ENTRY_free(ne); - return ret; -} - -int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type, - const unsigned char *bytes, int len, int loc, - int set) -{ - X509_NAME_ENTRY *ne; - int ret; - ne = X509_NAME_ENTRY_create_by_NID(NULL, nid, type, bytes, len); - if (!ne) - return 0; - ret = X509_NAME_add_entry(name, ne, loc, set); - X509_NAME_ENTRY_free(ne); - return ret; -} - -int X509_NAME_add_entry_by_txt(X509_NAME *name, const char *field, int type, - const unsigned char *bytes, int len, int loc, - int set) -{ - X509_NAME_ENTRY *ne; - int ret; - ne = X509_NAME_ENTRY_create_by_txt(NULL, field, type, bytes, len); - if (!ne) - return 0; - ret = X509_NAME_add_entry(name, ne, loc, set); - X509_NAME_ENTRY_free(ne); - return ret; -} - -/* - * if set is -1, append to previous set, 0 'a new one', and 1, prepend to the - * guy we are about to stomp on. - */ -int X509_NAME_add_entry(X509_NAME *name, const X509_NAME_ENTRY *ne, int loc, - int set) -{ - X509_NAME_ENTRY *new_name = NULL; - int n, i, inc; - STACK_OF(X509_NAME_ENTRY) *sk; - - if (name == NULL) - return 0; - sk = name->entries; - n = sk_X509_NAME_ENTRY_num(sk); - if (loc > n) - loc = n; - else if (loc < 0) - loc = n; - inc = (set == 0); - name->modified = 1; - - if (set == -1) { - if (loc == 0) { - set = 0; - inc = 1; - } else { - set = sk_X509_NAME_ENTRY_value(sk, loc - 1)->set; - } - } else { /* if (set >= 0) */ - - if (loc >= n) { - if (loc != 0) - set = sk_X509_NAME_ENTRY_value(sk, loc - 1)->set + 1; - else - set = 0; - } else - set = sk_X509_NAME_ENTRY_value(sk, loc)->set; - } - - if ((new_name = X509_NAME_ENTRY_dup(ne)) == NULL) - goto err; - new_name->set = set; - if (!sk_X509_NAME_ENTRY_insert(sk, new_name, loc)) { - ERR_raise(ERR_LIB_X509, ERR_R_MALLOC_FAILURE); - goto err; - } - if (inc) { - n = sk_X509_NAME_ENTRY_num(sk); - for (i = loc + 1; i < n; i++) - sk_X509_NAME_ENTRY_value(sk, i)->set += 1; - } - return 1; - err: - X509_NAME_ENTRY_free(new_name); - return 0; -} - -X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne, - const char *field, int type, - const unsigned char *bytes, - int len) -{ - ASN1_OBJECT *obj; - X509_NAME_ENTRY *nentry; - - obj = OBJ_txt2obj(field, 0); - if (obj == NULL) { - ERR_raise_data(ERR_LIB_X509, X509_R_INVALID_FIELD_NAME, - "name=%s", field); - return NULL; - } - nentry = X509_NAME_ENTRY_create_by_OBJ(ne, obj, type, bytes, len); - ASN1_OBJECT_free(obj); - return nentry; -} - -X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid, - int type, - const unsigned char *bytes, - int len) -{ - ASN1_OBJECT *obj; - X509_NAME_ENTRY *nentry; - - obj = OBJ_nid2obj(nid); - if (obj == NULL) { - ERR_raise(ERR_LIB_X509, X509_R_UNKNOWN_NID); - return NULL; - } - nentry = X509_NAME_ENTRY_create_by_OBJ(ne, obj, type, bytes, len); - ASN1_OBJECT_free(obj); - return nentry; -} - -X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne, - const ASN1_OBJECT *obj, int type, - const unsigned char *bytes, - int len) -{ - X509_NAME_ENTRY *ret; - - if ((ne == NULL) || (*ne == NULL)) { - if ((ret = X509_NAME_ENTRY_new()) == NULL) - return NULL; - } else - ret = *ne; - - if (!X509_NAME_ENTRY_set_object(ret, obj)) - goto err; - if (!X509_NAME_ENTRY_set_data(ret, type, bytes, len)) - goto err; - - if ((ne != NULL) && (*ne == NULL)) - *ne = ret; - return ret; - err: - if ((ne == NULL) || (ret != *ne)) - X509_NAME_ENTRY_free(ret); - return NULL; -} - -int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, const ASN1_OBJECT *obj) -{ - if ((ne == NULL) || (obj == NULL)) { - ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - ASN1_OBJECT_free(ne->object); - ne->object = OBJ_dup(obj); - return ((ne->object == NULL) ? 0 : 1); -} - -int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type, - const unsigned char *bytes, int len) -{ - int i; - - if ((ne == NULL) || ((bytes == NULL) && (len != 0))) - return 0; - if ((type > 0) && (type & MBSTRING_FLAG)) - return ASN1_STRING_set_by_NID(&ne->value, bytes, - len, type, - OBJ_obj2nid(ne->object)) ? 1 : 0; - if (len < 0) - len = strlen((const char *)bytes); - i = ASN1_STRING_set(ne->value, bytes, len); - if (!i) - return 0; - if (type != V_ASN1_UNDEF) { - if (type == V_ASN1_APP_CHOOSE) - ne->value->type = ASN1_PRINTABLE_type(bytes, len); - else - ne->value->type = type; - } - return 1; -} - -ASN1_OBJECT *X509_NAME_ENTRY_get_object(const X509_NAME_ENTRY *ne) -{ - if (ne == NULL) - return NULL; - return ne->object; -} - -ASN1_STRING *X509_NAME_ENTRY_get_data(const X509_NAME_ENTRY *ne) -{ - if (ne == NULL) - return NULL; - return ne->value; -} - -int X509_NAME_ENTRY_set(const X509_NAME_ENTRY *ne) -{ - return ne->set; -} diff --git a/crypto/x509/x509rset.c b/crypto/x509/x509rset.c deleted file mode 100644 index 344993d4c78c440e44bc01ee0023b41a71fbf640..0000000000000000000000000000000000000000 --- a/crypto/x509/x509rset.c +++ /dev/null @@ -1,40 +0,0 @@ -/* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/cryptlib.h" -#include -#include -#include -#include -#include "crypto/x509.h" - -int X509_REQ_set_version(X509_REQ *x, long version) -{ - if (x == NULL) - return 0; - x->req_info.enc.modified = 1; - return ASN1_INTEGER_set(x->req_info.version, version); -} - -int X509_REQ_set_subject_name(X509_REQ *x, const X509_NAME *name) -{ - if (x == NULL) - return 0; - x->req_info.enc.modified = 1; - return X509_NAME_set(&x->req_info.subject, name); -} - -int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey) -{ - if (x == NULL) - return 0; - x->req_info.enc.modified = 1; - return X509_PUBKEY_set(&x->req_info.pubkey, pkey); -} diff --git a/crypto/x509/x509spki.c b/crypto/x509/x509spki.c deleted file mode 100644 index 1d66697db00da9d69dff903eb386911e9dfb96a3..0000000000000000000000000000000000000000 --- a/crypto/x509/x509spki.c +++ /dev/null @@ -1,78 +0,0 @@ -/* - * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/cryptlib.h" -#include - -int NETSCAPE_SPKI_set_pubkey(NETSCAPE_SPKI *x, EVP_PKEY *pkey) -{ - if ((x == NULL) || (x->spkac == NULL)) - return 0; - return X509_PUBKEY_set(&(x->spkac->pubkey), pkey); -} - -EVP_PKEY *NETSCAPE_SPKI_get_pubkey(NETSCAPE_SPKI *x) -{ - if ((x == NULL) || (x->spkac == NULL)) - return NULL; - return X509_PUBKEY_get(x->spkac->pubkey); -} - -/* Load a Netscape SPKI from a base64 encoded string */ - -NETSCAPE_SPKI *NETSCAPE_SPKI_b64_decode(const char *str, int len) -{ - unsigned char *spki_der; - const unsigned char *p; - int spki_len; - NETSCAPE_SPKI *spki; - if (len <= 0) - len = strlen(str); - if ((spki_der = OPENSSL_malloc(len + 1)) == NULL) { - ERR_raise(ERR_LIB_X509, ERR_R_MALLOC_FAILURE); - return NULL; - } - spki_len = EVP_DecodeBlock(spki_der, (const unsigned char *)str, len); - if (spki_len < 0) { - ERR_raise(ERR_LIB_X509, X509_R_BASE64_DECODE_ERROR); - OPENSSL_free(spki_der); - return NULL; - } - p = spki_der; - spki = d2i_NETSCAPE_SPKI(NULL, &p, spki_len); - OPENSSL_free(spki_der); - return spki; -} - -/* Generate a base64 encoded string from an SPKI */ - -char *NETSCAPE_SPKI_b64_encode(NETSCAPE_SPKI *spki) -{ - unsigned char *der_spki, *p; - char *b64_str; - int der_len; - - der_len = i2d_NETSCAPE_SPKI(spki, NULL); - if (der_len <= 0) - return NULL; - der_spki = OPENSSL_malloc(der_len); - b64_str = OPENSSL_malloc(der_len * 2); - if (der_spki == NULL || b64_str == NULL) { - ERR_raise(ERR_LIB_X509, ERR_R_MALLOC_FAILURE); - OPENSSL_free(der_spki); - OPENSSL_free(b64_str); - return NULL; - } - p = der_spki; - i2d_NETSCAPE_SPKI(spki, &p); - EVP_EncodeBlock((unsigned char *)b64_str, der_spki, der_len); - OPENSSL_free(der_spki); - return b64_str; -} diff --git a/crypto/x509/x509type.c b/crypto/x509/x509type.c deleted file mode 100644 index 79fd5e7db6091d72075861efcd1b21d21dbb9c4f..0000000000000000000000000000000000000000 --- a/crypto/x509/x509type.c +++ /dev/null @@ -1,84 +0,0 @@ -/* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/cryptlib.h" -#include -#include -#include - -int X509_certificate_type(const X509 *x, const EVP_PKEY *pkey) -{ - const EVP_PKEY *pk; - int ret = 0, i; - - if (x == NULL) - return 0; - - if (pkey == NULL) - pk = X509_get0_pubkey(x); - else - pk = pkey; - - if (pk == NULL) - return 0; - - switch (EVP_PKEY_get_id(pk)) { - case EVP_PKEY_RSA: - ret = EVP_PK_RSA | EVP_PKT_SIGN; -/* if (!sign only extension) */ - ret |= EVP_PKT_ENC; - break; - case EVP_PKEY_RSA_PSS: - ret = EVP_PK_RSA | EVP_PKT_SIGN; - break; - case EVP_PKEY_DSA: - ret = EVP_PK_DSA | EVP_PKT_SIGN; - break; - case EVP_PKEY_EC: - ret = EVP_PK_EC | EVP_PKT_SIGN | EVP_PKT_EXCH; - break; - case EVP_PKEY_ED448: - case EVP_PKEY_ED25519: - ret = EVP_PKT_SIGN; - break; - case EVP_PKEY_DH: - ret = EVP_PK_DH | EVP_PKT_EXCH; - break; - case NID_id_GostR3410_2001: - case NID_id_GostR3410_2012_256: - case NID_id_GostR3410_2012_512: - ret = EVP_PKT_EXCH | EVP_PKT_SIGN; - break; - default: - break; - } - - i = X509_get_signature_nid(x); - if (i && OBJ_find_sigid_algs(i, NULL, &i)) { - - switch (i) { - case NID_rsaEncryption: - case NID_rsa: - ret |= EVP_PKS_RSA; - break; - case NID_dsa: - case NID_dsa_2: - ret |= EVP_PKS_DSA; - break; - case NID_X9_62_id_ecPublicKey: - ret |= EVP_PKS_EC; - break; - default: - break; - } - } - - return ret; -} diff --git a/crypto/x509/x_all.c b/crypto/x509/x_all.c deleted file mode 100644 index e58c9ab1c117b4183c9a949bbab8de6618650eb9..0000000000000000000000000000000000000000 --- a/crypto/x509/x_all.c +++ /dev/null @@ -1,778 +0,0 @@ -/* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * Low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include -#include "internal/cryptlib.h" -#include -#include -#include -#include -#include -#include -#include -#include -#include "internal/asn1.h" -#include "crypto/pkcs7.h" -#include "crypto/x509.h" -#include "crypto/rsa.h" - -int X509_verify(X509 *a, EVP_PKEY *r) -{ - if (X509_ALGOR_cmp(&a->sig_alg, &a->cert_info.signature) != 0) - return 0; - - return ASN1_item_verify_ex(ASN1_ITEM_rptr(X509_CINF), &a->sig_alg, - &a->signature, &a->cert_info, - a->distinguishing_id, r, a->libctx, a->propq); -} - -int X509_REQ_verify_ex(X509_REQ *a, EVP_PKEY *r, OSSL_LIB_CTX *libctx, - const char *propq) -{ - return ASN1_item_verify_ex(ASN1_ITEM_rptr(X509_REQ_INFO), &a->sig_alg, - a->signature, &a->req_info, a->distinguishing_id, - r, libctx, propq); -} - -int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r) -{ - return X509_REQ_verify_ex(a, r, NULL, NULL); -} - -int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r) -{ - return ASN1_item_verify(ASN1_ITEM_rptr(NETSCAPE_SPKAC), - &a->sig_algor, a->signature, a->spkac, r); -} - -int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md) -{ - if (x == NULL) { - ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - - /* - * Setting the modified flag before signing it. This makes the cached - * encoding to be ignored, so even if the certificate fields have changed, - * they are signed correctly. - * The X509_sign_ctx, X509_REQ_sign{,_ctx}, X509_CRL_sign{,_ctx} functions - * which exist below are the same. - */ - x->cert_info.enc.modified = 1; - return ASN1_item_sign_ex(ASN1_ITEM_rptr(X509_CINF), &x->cert_info.signature, - &x->sig_alg, &x->signature, &x->cert_info, NULL, - pkey, md, x->libctx, x->propq); -} - -int X509_sign_ctx(X509 *x, EVP_MD_CTX *ctx) -{ - if (x == NULL) { - ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - x->cert_info.enc.modified = 1; - return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_CINF), - &x->cert_info.signature, - &x->sig_alg, &x->signature, &x->cert_info, ctx); -} - -static ASN1_VALUE *simple_get_asn1(const char *url, BIO *bio, BIO *rbio, - int timeout, const ASN1_ITEM *it) -{ - BIO *mem = OSSL_HTTP_get(url, NULL /* proxy */, NULL /* no_proxy */, - bio, rbio, NULL /* cb */, NULL /* arg */, - 1024 /* buf_size */, NULL /* headers */, - NULL /* expected_ct */, 1 /* expect_asn1 */, - OSSL_HTTP_DEFAULT_MAX_RESP_LEN, timeout); - ASN1_VALUE *res = ASN1_item_d2i_bio(it, mem, NULL); - - BIO_free(mem); - return res; -} - -X509 *X509_load_http(const char *url, BIO *bio, BIO *rbio, int timeout) -{ - return (X509 *)simple_get_asn1(url, bio, rbio, timeout, - ASN1_ITEM_rptr(X509)); -} - -int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md) -{ - if (x == NULL) { - ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - x->req_info.enc.modified = 1; - return ASN1_item_sign_ex(ASN1_ITEM_rptr(X509_REQ_INFO), &x->sig_alg, NULL, - x->signature, &x->req_info, NULL, - pkey, md, x->libctx, x->propq); -} - -int X509_REQ_sign_ctx(X509_REQ *x, EVP_MD_CTX *ctx) -{ - if (x == NULL) { - ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - x->req_info.enc.modified = 1; - return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_REQ_INFO), - &x->sig_alg, NULL, x->signature, &x->req_info, - ctx); -} - -int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md) -{ - if (x == NULL) { - ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - x->crl.enc.modified = 1; - return ASN1_item_sign_ex(ASN1_ITEM_rptr(X509_CRL_INFO), &x->crl.sig_alg, - &x->sig_alg, &x->signature, &x->crl, NULL, - pkey, md, x->libctx, x->propq); -} - -int X509_CRL_sign_ctx(X509_CRL *x, EVP_MD_CTX *ctx) -{ - if (x == NULL) { - ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - x->crl.enc.modified = 1; - return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_CRL_INFO), - &x->crl.sig_alg, &x->sig_alg, &x->signature, - &x->crl, ctx); -} - -X509_CRL *X509_CRL_load_http(const char *url, BIO *bio, BIO *rbio, int timeout) -{ - return (X509_CRL *)simple_get_asn1(url, bio, rbio, timeout, - ASN1_ITEM_rptr(X509_CRL)); -} - -int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md) -{ - return - ASN1_item_sign_ex(ASN1_ITEM_rptr(NETSCAPE_SPKAC), &x->sig_algor, NULL, - x->signature, x->spkac, NULL, pkey, md, NULL, NULL); -} - -#ifndef OPENSSL_NO_STDIO -X509 *d2i_X509_fp(FILE *fp, X509 **x509) -{ - return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509), fp, x509); -} - -int i2d_X509_fp(FILE *fp, const X509 *x509) -{ - return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509), fp, x509); -} -#endif - -X509 *d2i_X509_bio(BIO *bp, X509 **x509) -{ - return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509), bp, x509); -} - -int i2d_X509_bio(BIO *bp, const X509 *x509) -{ - return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509), bp, x509); -} - -#ifndef OPENSSL_NO_STDIO -X509_CRL *d2i_X509_CRL_fp(FILE *fp, X509_CRL **crl) -{ - return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509_CRL), fp, crl); -} - -int i2d_X509_CRL_fp(FILE *fp, const X509_CRL *crl) -{ - return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509_CRL), fp, crl); -} -#endif - -X509_CRL *d2i_X509_CRL_bio(BIO *bp, X509_CRL **crl) -{ - return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509_CRL), bp, crl); -} - -int i2d_X509_CRL_bio(BIO *bp, const X509_CRL *crl) -{ - return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509_CRL), bp, crl); -} - -#ifndef OPENSSL_NO_STDIO -PKCS7 *d2i_PKCS7_fp(FILE *fp, PKCS7 **p7) -{ - PKCS7 *ret; - OSSL_LIB_CTX *libctx = NULL; - const char *propq = NULL; - - if (p7 != NULL && *p7 != NULL) { - libctx = (*p7)->ctx.libctx; - propq = (*p7)->ctx.propq; - } - - ret = ASN1_item_d2i_fp_ex(ASN1_ITEM_rptr(PKCS7), fp, p7, libctx, propq); - if (ret != NULL) - ossl_pkcs7_resolve_libctx(ret); - return ret; -} - -int i2d_PKCS7_fp(FILE *fp, const PKCS7 *p7) -{ - return ASN1_item_i2d_fp(ASN1_ITEM_rptr(PKCS7), fp, p7); -} -#endif - -PKCS7 *d2i_PKCS7_bio(BIO *bp, PKCS7 **p7) -{ - PKCS7 *ret; - OSSL_LIB_CTX *libctx = NULL; - const char *propq = NULL; - - if (p7 != NULL && *p7 != NULL) { - libctx = (*p7)->ctx.libctx; - propq = (*p7)->ctx.propq; - } - - ret = ASN1_item_d2i_bio_ex(ASN1_ITEM_rptr(PKCS7), bp, p7, libctx, propq); - if (ret != NULL) - ossl_pkcs7_resolve_libctx(ret); - return ret; -} - -int i2d_PKCS7_bio(BIO *bp, const PKCS7 *p7) -{ - return ASN1_item_i2d_bio(ASN1_ITEM_rptr(PKCS7), bp, p7); -} - -#ifndef OPENSSL_NO_STDIO -X509_REQ *d2i_X509_REQ_fp(FILE *fp, X509_REQ **req) -{ - return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509_REQ), fp, req); -} - -int i2d_X509_REQ_fp(FILE *fp, const X509_REQ *req) -{ - return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509_REQ), fp, req); -} -#endif - -X509_REQ *d2i_X509_REQ_bio(BIO *bp, X509_REQ **req) -{ - OSSL_LIB_CTX *libctx = NULL; - const char *propq = NULL; - - if (req != NULL && *req != NULL) { - libctx = (*req)->libctx; - propq = (*req)->propq; - } - - return ASN1_item_d2i_bio_ex(ASN1_ITEM_rptr(X509_REQ), bp, req, libctx, propq); -} - -int i2d_X509_REQ_bio(BIO *bp, const X509_REQ *req) -{ - return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509_REQ), bp, req); -} - -#ifndef OPENSSL_NO_STDIO -RSA *d2i_RSAPrivateKey_fp(FILE *fp, RSA **rsa) -{ - return ASN1_item_d2i_fp(ASN1_ITEM_rptr(RSAPrivateKey), fp, rsa); -} - -int i2d_RSAPrivateKey_fp(FILE *fp, const RSA *rsa) -{ - return ASN1_item_i2d_fp(ASN1_ITEM_rptr(RSAPrivateKey), fp, rsa); -} - -RSA *d2i_RSAPublicKey_fp(FILE *fp, RSA **rsa) -{ - return ASN1_item_d2i_fp(ASN1_ITEM_rptr(RSAPublicKey), fp, rsa); -} - -RSA *d2i_RSA_PUBKEY_fp(FILE *fp, RSA **rsa) -{ - return ASN1_d2i_fp((void *(*)(void)) - RSA_new, (D2I_OF(void)) d2i_RSA_PUBKEY, fp, - (void **)rsa); -} - -int i2d_RSAPublicKey_fp(FILE *fp, const RSA *rsa) -{ - return ASN1_item_i2d_fp(ASN1_ITEM_rptr(RSAPublicKey), fp, rsa); -} - -int i2d_RSA_PUBKEY_fp(FILE *fp, const RSA *rsa) -{ - return ASN1_i2d_fp((I2D_OF(void))i2d_RSA_PUBKEY, fp, rsa); -} -#endif - -RSA *d2i_RSAPrivateKey_bio(BIO *bp, RSA **rsa) -{ - return ASN1_item_d2i_bio(ASN1_ITEM_rptr(RSAPrivateKey), bp, rsa); -} - -int i2d_RSAPrivateKey_bio(BIO *bp, const RSA *rsa) -{ - return ASN1_item_i2d_bio(ASN1_ITEM_rptr(RSAPrivateKey), bp, rsa); -} - -RSA *d2i_RSAPublicKey_bio(BIO *bp, RSA **rsa) -{ - return ASN1_item_d2i_bio(ASN1_ITEM_rptr(RSAPublicKey), bp, rsa); -} - -RSA *d2i_RSA_PUBKEY_bio(BIO *bp, RSA **rsa) -{ - return ASN1_d2i_bio_of(RSA, RSA_new, d2i_RSA_PUBKEY, bp, rsa); -} - -int i2d_RSAPublicKey_bio(BIO *bp, const RSA *rsa) -{ - return ASN1_item_i2d_bio(ASN1_ITEM_rptr(RSAPublicKey), bp, rsa); -} - -int i2d_RSA_PUBKEY_bio(BIO *bp, const RSA *rsa) -{ - return ASN1_i2d_bio_of(RSA, i2d_RSA_PUBKEY, bp, rsa); -} - -#ifndef OPENSSL_NO_DSA -# ifndef OPENSSL_NO_STDIO -DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa) -{ - return ASN1_d2i_fp_of(DSA, DSA_new, d2i_DSAPrivateKey, fp, dsa); -} - -int i2d_DSAPrivateKey_fp(FILE *fp, const DSA *dsa) -{ - return ASN1_i2d_fp_of(DSA, i2d_DSAPrivateKey, fp, dsa); -} - -DSA *d2i_DSA_PUBKEY_fp(FILE *fp, DSA **dsa) -{ - return ASN1_d2i_fp_of(DSA, DSA_new, d2i_DSA_PUBKEY, fp, dsa); -} - -int i2d_DSA_PUBKEY_fp(FILE *fp, const DSA *dsa) -{ - return ASN1_i2d_fp_of(DSA, i2d_DSA_PUBKEY, fp, dsa); -} -# endif - -DSA *d2i_DSAPrivateKey_bio(BIO *bp, DSA **dsa) -{ - return ASN1_d2i_bio_of(DSA, DSA_new, d2i_DSAPrivateKey, bp, dsa); -} - -int i2d_DSAPrivateKey_bio(BIO *bp, const DSA *dsa) -{ - return ASN1_i2d_bio_of(DSA, i2d_DSAPrivateKey, bp, dsa); -} - -DSA *d2i_DSA_PUBKEY_bio(BIO *bp, DSA **dsa) -{ - return ASN1_d2i_bio_of(DSA, DSA_new, d2i_DSA_PUBKEY, bp, dsa); -} - -int i2d_DSA_PUBKEY_bio(BIO *bp, const DSA *dsa) -{ - return ASN1_i2d_bio_of(DSA, i2d_DSA_PUBKEY, bp, dsa); -} - -#endif - -#ifndef OPENSSL_NO_EC -# ifndef OPENSSL_NO_STDIO -EC_KEY *d2i_EC_PUBKEY_fp(FILE *fp, EC_KEY **eckey) -{ - return ASN1_d2i_fp_of(EC_KEY, EC_KEY_new, d2i_EC_PUBKEY, fp, eckey); -} - -int i2d_EC_PUBKEY_fp(FILE *fp, const EC_KEY *eckey) -{ - return ASN1_i2d_fp_of(EC_KEY, i2d_EC_PUBKEY, fp, eckey); -} - -EC_KEY *d2i_ECPrivateKey_fp(FILE *fp, EC_KEY **eckey) -{ - return ASN1_d2i_fp_of(EC_KEY, EC_KEY_new, d2i_ECPrivateKey, fp, eckey); -} - -int i2d_ECPrivateKey_fp(FILE *fp, const EC_KEY *eckey) -{ - return ASN1_i2d_fp_of(EC_KEY, i2d_ECPrivateKey, fp, eckey); -} -# endif -EC_KEY *d2i_EC_PUBKEY_bio(BIO *bp, EC_KEY **eckey) -{ - return ASN1_d2i_bio_of(EC_KEY, EC_KEY_new, d2i_EC_PUBKEY, bp, eckey); -} - -int i2d_EC_PUBKEY_bio(BIO *bp, const EC_KEY *ecdsa) -{ - return ASN1_i2d_bio_of(EC_KEY, i2d_EC_PUBKEY, bp, ecdsa); -} - -EC_KEY *d2i_ECPrivateKey_bio(BIO *bp, EC_KEY **eckey) -{ - return ASN1_d2i_bio_of(EC_KEY, EC_KEY_new, d2i_ECPrivateKey, bp, eckey); -} - -int i2d_ECPrivateKey_bio(BIO *bp, const EC_KEY *eckey) -{ - return ASN1_i2d_bio_of(EC_KEY, i2d_ECPrivateKey, bp, eckey); -} -#endif - -int X509_pubkey_digest(const X509 *data, const EVP_MD *type, - unsigned char *md, unsigned int *len) -{ - ASN1_BIT_STRING *key = X509_get0_pubkey_bitstr(data); - - if (key == NULL) - return 0; - return EVP_Digest(key->data, key->length, md, len, type, NULL); -} - -int X509_digest(const X509 *cert, const EVP_MD *md, unsigned char *data, - unsigned int *len) -{ - if (EVP_MD_is_a(md, SN_sha1) && (cert->ex_flags & EXFLAG_SET) != 0 - && (cert->ex_flags & EXFLAG_NO_FINGERPRINT) == 0) { - /* Asking for SHA1 and we already computed it. */ - if (len != NULL) - *len = sizeof(cert->sha1_hash); - memcpy(data, cert->sha1_hash, sizeof(cert->sha1_hash)); - return 1; - } - return ossl_asn1_item_digest_ex(ASN1_ITEM_rptr(X509), md, (char *)cert, - data, len, cert->libctx, cert->propq); -} - -/* calculate cert digest using the same hash algorithm as in its signature */ -ASN1_OCTET_STRING *X509_digest_sig(const X509 *cert, - EVP_MD **md_used, int *md_is_fallback) -{ - unsigned int len; - unsigned char hash[EVP_MAX_MD_SIZE]; - int mdnid, pknid; - EVP_MD *md = NULL; - const char *md_name; - ASN1_OCTET_STRING *new; - - if (md_used != NULL) - *md_used = NULL; - if (md_is_fallback != NULL) - *md_is_fallback = 0; - - if (cert == NULL) { - ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER); - return NULL; - } - - if (!OBJ_find_sigid_algs(X509_get_signature_nid(cert), &mdnid, &pknid)) { - ERR_raise(ERR_LIB_X509, X509_R_UNKNOWN_SIGID_ALGS); - return NULL; - } - - if (mdnid == NID_undef) { - if (pknid == EVP_PKEY_RSA_PSS) { - RSA_PSS_PARAMS *pss = ossl_rsa_pss_decode(&cert->sig_alg); - const EVP_MD *mgf1md, *mmd = NULL; - int saltlen, trailerfield; - - if (pss == NULL - || !ossl_rsa_pss_get_param_unverified(pss, &mmd, &mgf1md, - &saltlen, - &trailerfield) - || mmd == NULL) { - RSA_PSS_PARAMS_free(pss); - ERR_raise(ERR_LIB_X509, X509_R_UNSUPPORTED_ALGORITHM); - return NULL; - } - RSA_PSS_PARAMS_free(pss); - /* Fetch explicitly and do not fallback */ - if ((md = EVP_MD_fetch(cert->libctx, EVP_MD_get0_name(mmd), - cert->propq)) == NULL) - /* Error code from fetch is sufficient */ - return NULL; - } else if (pknid != NID_undef) { - /* A known algorithm, but without a digest */ - switch (pknid) { - case NID_ED25519: /* Follow CMS default given in RFC8419 */ - md_name = "SHA512"; - break; - case NID_ED448: /* Follow CMS default given in RFC8419 */ - md_name = "SHAKE256"; - break; - default: /* Fall back to SHA-256 */ - md_name = "SHA256"; - break; - } - if ((md = EVP_MD_fetch(cert->libctx, md_name, - cert->propq)) == NULL) - return NULL; - if (md_is_fallback != NULL) - *md_is_fallback = 1; - } else { - /* A completely unknown algorithm */ - ERR_raise(ERR_LIB_X509, X509_R_UNSUPPORTED_ALGORITHM); - return NULL; - } - } else if ((md = EVP_MD_fetch(cert->libctx, OBJ_nid2sn(mdnid), - cert->propq)) == NULL - && (md = (EVP_MD *)EVP_get_digestbynid(mdnid)) == NULL) { - ERR_raise(ERR_LIB_X509, X509_R_UNSUPPORTED_ALGORITHM); - return NULL; - } - if (!X509_digest(cert, md, hash, &len) - || (new = ASN1_OCTET_STRING_new()) == NULL) - goto err; - if (ASN1_OCTET_STRING_set(new, hash, len)) { - if (md_used != NULL) - *md_used = md; - else - EVP_MD_free(md); - return new; - } - ASN1_OCTET_STRING_free(new); - err: - EVP_MD_free(md); - return NULL; -} - -int X509_CRL_digest(const X509_CRL *data, const EVP_MD *type, - unsigned char *md, unsigned int *len) -{ - if (type == NULL) { - ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - if (EVP_MD_is_a(type, SN_sha1) - && (data->flags & EXFLAG_SET) != 0 - && (data->flags & EXFLAG_NO_FINGERPRINT) == 0) { - /* Asking for SHA1; always computed in CRL d2i. */ - if (len != NULL) - *len = sizeof(data->sha1_hash); - memcpy(md, data->sha1_hash, sizeof(data->sha1_hash)); - return 1; - } - return ossl_asn1_item_digest_ex(ASN1_ITEM_rptr(X509_CRL), type, (char *)data, - md, len, data->libctx, data->propq); -} - -int X509_REQ_digest(const X509_REQ *data, const EVP_MD *type, - unsigned char *md, unsigned int *len) -{ - return ossl_asn1_item_digest_ex(ASN1_ITEM_rptr(X509_REQ), type, (char *)data, - md, len, data->libctx, data->propq); -} - -int X509_NAME_digest(const X509_NAME *data, const EVP_MD *type, - unsigned char *md, unsigned int *len) -{ - return ASN1_item_digest(ASN1_ITEM_rptr(X509_NAME), type, (char *)data, - md, len); -} - -int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data, - const EVP_MD *type, unsigned char *md, - unsigned int *len) -{ - return ASN1_item_digest(ASN1_ITEM_rptr(PKCS7_ISSUER_AND_SERIAL), type, - (char *)data, md, len); -} - -#ifndef OPENSSL_NO_STDIO -X509_SIG *d2i_PKCS8_fp(FILE *fp, X509_SIG **p8) -{ - return ASN1_d2i_fp_of(X509_SIG, X509_SIG_new, d2i_X509_SIG, fp, p8); -} - -int i2d_PKCS8_fp(FILE *fp, const X509_SIG *p8) -{ - return ASN1_i2d_fp_of(X509_SIG, i2d_X509_SIG, fp, p8); -} -#endif - -X509_SIG *d2i_PKCS8_bio(BIO *bp, X509_SIG **p8) -{ - return ASN1_d2i_bio_of(X509_SIG, X509_SIG_new, d2i_X509_SIG, bp, p8); -} - -int i2d_PKCS8_bio(BIO *bp, const X509_SIG *p8) -{ - return ASN1_i2d_bio_of(X509_SIG, i2d_X509_SIG, bp, p8); -} - -#ifndef OPENSSL_NO_STDIO -X509_PUBKEY *d2i_X509_PUBKEY_fp(FILE *fp, X509_PUBKEY **xpk) -{ - return ASN1_d2i_fp_of(X509_PUBKEY, X509_PUBKEY_new, d2i_X509_PUBKEY, - fp, xpk); -} - -int i2d_X509_PUBKEY_fp(FILE *fp, const X509_PUBKEY *xpk) -{ - return ASN1_i2d_fp_of(X509_PUBKEY, i2d_X509_PUBKEY, fp, xpk); -} -#endif - -X509_PUBKEY *d2i_X509_PUBKEY_bio(BIO *bp, X509_PUBKEY **xpk) -{ - return ASN1_d2i_bio_of(X509_PUBKEY, X509_PUBKEY_new, d2i_X509_PUBKEY, - bp, xpk); -} - -int i2d_X509_PUBKEY_bio(BIO *bp, const X509_PUBKEY *xpk) -{ - return ASN1_i2d_bio_of(X509_PUBKEY, i2d_X509_PUBKEY, bp, xpk); -} - -#ifndef OPENSSL_NO_STDIO -PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_fp(FILE *fp, - PKCS8_PRIV_KEY_INFO **p8inf) -{ - return ASN1_d2i_fp_of(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO_new, - d2i_PKCS8_PRIV_KEY_INFO, fp, p8inf); -} - -int i2d_PKCS8_PRIV_KEY_INFO_fp(FILE *fp, const PKCS8_PRIV_KEY_INFO *p8inf) -{ - return ASN1_i2d_fp_of(PKCS8_PRIV_KEY_INFO, i2d_PKCS8_PRIV_KEY_INFO, fp, - p8inf); -} - -int i2d_PKCS8PrivateKeyInfo_fp(FILE *fp, const EVP_PKEY *key) -{ - PKCS8_PRIV_KEY_INFO *p8inf; - int ret; - - p8inf = EVP_PKEY2PKCS8(key); - if (p8inf == NULL) - return 0; - ret = i2d_PKCS8_PRIV_KEY_INFO_fp(fp, p8inf); - PKCS8_PRIV_KEY_INFO_free(p8inf); - return ret; -} - -int i2d_PrivateKey_fp(FILE *fp, const EVP_PKEY *pkey) -{ - return ASN1_i2d_fp_of(EVP_PKEY, i2d_PrivateKey, fp, pkey); -} - -EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a) -{ - return ASN1_d2i_fp_of(EVP_PKEY, EVP_PKEY_new, d2i_AutoPrivateKey, fp, a); -} - -EVP_PKEY *d2i_PrivateKey_ex_fp(FILE *fp, EVP_PKEY **a, OSSL_LIB_CTX *libctx, - const char *propq) -{ - BIO *b; - void *ret; - - if ((b = BIO_new(BIO_s_file())) == NULL) { - ERR_raise(ERR_LIB_X509, ERR_R_BUF_LIB); - return NULL; - } - BIO_set_fp(b, fp, BIO_NOCLOSE); - ret = d2i_PrivateKey_ex_bio(b, a, libctx, propq); - BIO_free(b); - return ret; -} - -int i2d_PUBKEY_fp(FILE *fp, const EVP_PKEY *pkey) -{ - return ASN1_i2d_fp_of(EVP_PKEY, i2d_PUBKEY, fp, pkey); -} - -EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a) -{ - return ASN1_d2i_fp_of(EVP_PKEY, EVP_PKEY_new, d2i_PUBKEY, fp, a); -} - -#endif - -PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_bio(BIO *bp, - PKCS8_PRIV_KEY_INFO **p8inf) -{ - return ASN1_d2i_bio_of(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO_new, - d2i_PKCS8_PRIV_KEY_INFO, bp, p8inf); -} - -int i2d_PKCS8_PRIV_KEY_INFO_bio(BIO *bp, const PKCS8_PRIV_KEY_INFO *p8inf) -{ - return ASN1_i2d_bio_of(PKCS8_PRIV_KEY_INFO, i2d_PKCS8_PRIV_KEY_INFO, bp, - p8inf); -} - -int i2d_PKCS8PrivateKeyInfo_bio(BIO *bp, const EVP_PKEY *key) -{ - PKCS8_PRIV_KEY_INFO *p8inf; - int ret; - - p8inf = EVP_PKEY2PKCS8(key); - if (p8inf == NULL) - return 0; - ret = i2d_PKCS8_PRIV_KEY_INFO_bio(bp, p8inf); - PKCS8_PRIV_KEY_INFO_free(p8inf); - return ret; -} - -int i2d_PrivateKey_bio(BIO *bp, const EVP_PKEY *pkey) -{ - return ASN1_i2d_bio_of(EVP_PKEY, i2d_PrivateKey, bp, pkey); -} - -EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a) -{ - return ASN1_d2i_bio_of(EVP_PKEY, EVP_PKEY_new, d2i_AutoPrivateKey, bp, a); -} - -EVP_PKEY *d2i_PrivateKey_ex_bio(BIO *bp, EVP_PKEY **a, OSSL_LIB_CTX *libctx, - const char *propq) -{ - BUF_MEM *b = NULL; - const unsigned char *p; - void *ret = NULL; - int len; - - len = asn1_d2i_read_bio(bp, &b); - if (len < 0) - goto err; - - p = (unsigned char *)b->data; - ret = d2i_AutoPrivateKey_ex(a, &p, len, libctx, propq); - err: - BUF_MEM_free(b); - return ret; -} - -int i2d_PUBKEY_bio(BIO *bp, const EVP_PKEY *pkey) -{ - return ASN1_i2d_bio_of(EVP_PKEY, i2d_PUBKEY, bp, pkey); -} - -EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a) -{ - return ASN1_d2i_bio_of(EVP_PKEY, EVP_PKEY_new, d2i_PUBKEY, bp, a); -} diff --git a/crypto/x509/x_attrib.c b/crypto/x509/x_attrib.c deleted file mode 100644 index 5c7e622d1a0bc4bbd15e04cf30de67f4814bfc54..0000000000000000000000000000000000000000 --- a/crypto/x509/x_attrib.c +++ /dev/null @@ -1,58 +0,0 @@ -/* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/cryptlib.h" -#include -#include -#include -#include "x509_local.h" - -/*- - * X509_ATTRIBUTE: this has the following form: - * - * typedef struct x509_attributes_st - * { - * ASN1_OBJECT *object; - * STACK_OF(ASN1_TYPE) *set; - * } X509_ATTRIBUTE; - * - */ - -ASN1_SEQUENCE(X509_ATTRIBUTE) = { - ASN1_SIMPLE(X509_ATTRIBUTE, object, ASN1_OBJECT), - ASN1_SET_OF(X509_ATTRIBUTE, set, ASN1_ANY) -} ASN1_SEQUENCE_END(X509_ATTRIBUTE) - -IMPLEMENT_ASN1_FUNCTIONS(X509_ATTRIBUTE) -IMPLEMENT_ASN1_DUP_FUNCTION(X509_ATTRIBUTE) - -X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value) -{ - X509_ATTRIBUTE *ret = NULL; - ASN1_TYPE *val = NULL; - ASN1_OBJECT *oid; - - if ((oid = OBJ_nid2obj(nid)) == NULL) - return NULL; - if ((ret = X509_ATTRIBUTE_new()) == NULL) - return NULL; - ret->object = oid; - if ((val = ASN1_TYPE_new()) == NULL) - goto err; - if (!sk_ASN1_TYPE_push(ret->set, val)) - goto err; - - ASN1_TYPE_set(val, atrtype, value); - return ret; - err: - X509_ATTRIBUTE_free(ret); - ASN1_TYPE_free(val); - return NULL; -} diff --git a/crypto/x509/x_crl.c b/crypto/x509/x_crl.c deleted file mode 100644 index fd98ad6926cf96108df97ea2c715cb97905c8a9a..0000000000000000000000000000000000000000 --- a/crypto/x509/x_crl.c +++ /dev/null @@ -1,534 +0,0 @@ -/* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/cryptlib.h" -#include -#include -#include "crypto/x509.h" -#include -#include "x509_local.h" - -static int X509_REVOKED_cmp(const X509_REVOKED *const *a, - const X509_REVOKED *const *b); -static int setup_idp(X509_CRL *crl, ISSUING_DIST_POINT *idp); - -ASN1_SEQUENCE(X509_REVOKED) = { - ASN1_EMBED(X509_REVOKED,serialNumber, ASN1_INTEGER), - ASN1_SIMPLE(X509_REVOKED,revocationDate, ASN1_TIME), - ASN1_SEQUENCE_OF_OPT(X509_REVOKED,extensions, X509_EXTENSION) -} ASN1_SEQUENCE_END(X509_REVOKED) - -static int def_crl_verify(X509_CRL *crl, EVP_PKEY *r); -static int def_crl_lookup(X509_CRL *crl, - X509_REVOKED **ret, const ASN1_INTEGER *serial, - const X509_NAME *issuer); - -static X509_CRL_METHOD int_crl_meth = { - 0, - 0, 0, - def_crl_lookup, - def_crl_verify -}; - -static const X509_CRL_METHOD *default_crl_method = &int_crl_meth; - -/* - * The X509_CRL_INFO structure needs a bit of customisation. Since we cache - * the original encoding the signature won't be affected by reordering of the - * revoked field. - */ -static int crl_inf_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, - void *exarg) -{ - X509_CRL_INFO *a = (X509_CRL_INFO *)*pval; - - if (!a || !a->revoked) - return 1; - switch (operation) { - /* - * Just set cmp function here. We don't sort because that would - * affect the output of X509_CRL_print(). - */ - case ASN1_OP_D2I_POST: - (void)sk_X509_REVOKED_set_cmp_func(a->revoked, X509_REVOKED_cmp); - break; - } - return 1; -} - - -ASN1_SEQUENCE_enc(X509_CRL_INFO, enc, crl_inf_cb) = { - ASN1_OPT(X509_CRL_INFO, version, ASN1_INTEGER), - ASN1_EMBED(X509_CRL_INFO, sig_alg, X509_ALGOR), - ASN1_SIMPLE(X509_CRL_INFO, issuer, X509_NAME), - ASN1_SIMPLE(X509_CRL_INFO, lastUpdate, ASN1_TIME), - ASN1_OPT(X509_CRL_INFO, nextUpdate, ASN1_TIME), - ASN1_SEQUENCE_OF_OPT(X509_CRL_INFO, revoked, X509_REVOKED), - ASN1_EXP_SEQUENCE_OF_OPT(X509_CRL_INFO, extensions, X509_EXTENSION, 0) -} ASN1_SEQUENCE_END_enc(X509_CRL_INFO, X509_CRL_INFO) - -/* - * Set CRL entry issuer according to CRL certificate issuer extension. Check - * for unhandled critical CRL entry extensions. - */ - -static int crl_set_issuers(X509_CRL *crl) -{ - - int i, j; - GENERAL_NAMES *gens, *gtmp; - STACK_OF(X509_REVOKED) *revoked; - - revoked = X509_CRL_get_REVOKED(crl); - - gens = NULL; - for (i = 0; i < sk_X509_REVOKED_num(revoked); i++) { - X509_REVOKED *rev = sk_X509_REVOKED_value(revoked, i); - STACK_OF(X509_EXTENSION) *exts; - ASN1_ENUMERATED *reason; - X509_EXTENSION *ext; - gtmp = X509_REVOKED_get_ext_d2i(rev, - NID_certificate_issuer, &j, NULL); - if (!gtmp && (j != -1)) { - crl->flags |= EXFLAG_INVALID; - return 1; - } - - if (gtmp) { - gens = gtmp; - if (crl->issuers == NULL) { - crl->issuers = sk_GENERAL_NAMES_new_null(); - if (crl->issuers == NULL) { - GENERAL_NAMES_free(gtmp); - return 0; - } - } - if (!sk_GENERAL_NAMES_push(crl->issuers, gtmp)) { - GENERAL_NAMES_free(gtmp); - return 0; - } - } - rev->issuer = gens; - - reason = X509_REVOKED_get_ext_d2i(rev, NID_crl_reason, &j, NULL); - if (!reason && (j != -1)) { - crl->flags |= EXFLAG_INVALID; - return 1; - } - - if (reason) { - rev->reason = ASN1_ENUMERATED_get(reason); - ASN1_ENUMERATED_free(reason); - } else - rev->reason = CRL_REASON_NONE; - - /* Check for critical CRL entry extensions */ - - exts = rev->extensions; - - for (j = 0; j < sk_X509_EXTENSION_num(exts); j++) { - ext = sk_X509_EXTENSION_value(exts, j); - if (X509_EXTENSION_get_critical(ext)) { - if (OBJ_obj2nid(X509_EXTENSION_get_object(ext)) == NID_certificate_issuer) - continue; - crl->flags |= EXFLAG_CRITICAL; - break; - } - } - - } - - return 1; - -} - -/* - * The X509_CRL structure needs a bit of customisation. Cache some extensions - * and hash of the whole CRL or set EXFLAG_NO_FINGERPRINT if this fails. - */ -static int crl_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, - void *exarg) -{ - X509_CRL *crl = (X509_CRL *)*pval; - STACK_OF(X509_EXTENSION) *exts; - X509_EXTENSION *ext; - int idx, i; - - switch (operation) { - case ASN1_OP_D2I_PRE: - if (crl->meth->crl_free) { - if (!crl->meth->crl_free(crl)) - return 0; - } - AUTHORITY_KEYID_free(crl->akid); - ISSUING_DIST_POINT_free(crl->idp); - ASN1_INTEGER_free(crl->crl_number); - ASN1_INTEGER_free(crl->base_crl_number); - sk_GENERAL_NAMES_pop_free(crl->issuers, GENERAL_NAMES_free); - /* fall thru */ - - case ASN1_OP_NEW_POST: - crl->idp = NULL; - crl->akid = NULL; - crl->flags = 0; - crl->idp_flags = 0; - crl->idp_reasons = CRLDP_ALL_REASONS; - crl->meth = default_crl_method; - crl->meth_data = NULL; - crl->issuers = NULL; - crl->crl_number = NULL; - crl->base_crl_number = NULL; - break; - - case ASN1_OP_D2I_POST: - if (!X509_CRL_digest(crl, EVP_sha1(), crl->sha1_hash, NULL)) - crl->flags |= EXFLAG_NO_FINGERPRINT; - crl->idp = X509_CRL_get_ext_d2i(crl, - NID_issuing_distribution_point, &i, - NULL); - if (crl->idp != NULL) { - if (!setup_idp(crl, crl->idp)) - crl->flags |= EXFLAG_INVALID; - } - else if (i != -1) { - crl->flags |= EXFLAG_INVALID; - } - - crl->akid = X509_CRL_get_ext_d2i(crl, - NID_authority_key_identifier, &i, - NULL); - if (crl->akid == NULL && i != -1) - crl->flags |= EXFLAG_INVALID; - - crl->crl_number = X509_CRL_get_ext_d2i(crl, - NID_crl_number, &i, NULL); - if (crl->crl_number == NULL && i != -1) - crl->flags |= EXFLAG_INVALID; - - crl->base_crl_number = X509_CRL_get_ext_d2i(crl, - NID_delta_crl, &i, - NULL); - if (crl->base_crl_number == NULL && i != -1) - crl->flags |= EXFLAG_INVALID; - /* Delta CRLs must have CRL number */ - if (crl->base_crl_number && !crl->crl_number) - crl->flags |= EXFLAG_INVALID; - - /* - * See if we have any unhandled critical CRL extensions and indicate - * this in a flag. We only currently handle IDP so anything else - * critical sets the flag. This code accesses the X509_CRL structure - * directly: applications shouldn't do this. - */ - - exts = crl->crl.extensions; - - for (idx = 0; idx < sk_X509_EXTENSION_num(exts); idx++) { - int nid; - ext = sk_X509_EXTENSION_value(exts, idx); - nid = OBJ_obj2nid(X509_EXTENSION_get_object(ext)); - if (nid == NID_freshest_crl) - crl->flags |= EXFLAG_FRESHEST; - if (X509_EXTENSION_get_critical(ext)) { - /* We handle IDP and deltas */ - if ((nid == NID_issuing_distribution_point) - || (nid == NID_authority_key_identifier) - || (nid == NID_delta_crl)) - continue; - crl->flags |= EXFLAG_CRITICAL; - break; - } - } - - if (!crl_set_issuers(crl)) - return 0; - - if (crl->meth->crl_init) { - if (crl->meth->crl_init(crl) == 0) - return 0; - } - - crl->flags |= EXFLAG_SET; - break; - - case ASN1_OP_FREE_POST: - if (crl->meth != NULL && crl->meth->crl_free != NULL) { - if (!crl->meth->crl_free(crl)) - return 0; - } - AUTHORITY_KEYID_free(crl->akid); - ISSUING_DIST_POINT_free(crl->idp); - ASN1_INTEGER_free(crl->crl_number); - ASN1_INTEGER_free(crl->base_crl_number); - sk_GENERAL_NAMES_pop_free(crl->issuers, GENERAL_NAMES_free); - OPENSSL_free(crl->propq); - break; - case ASN1_OP_DUP_POST: - { - X509_CRL *old = exarg; - - if (!ossl_x509_crl_set0_libctx(crl, old->libctx, old->propq)) - return 0; - } - break; - } - return 1; -} - -/* Convert IDP into a more convenient form */ - -static int setup_idp(X509_CRL *crl, ISSUING_DIST_POINT *idp) -{ - int idp_only = 0; - - /* Set various flags according to IDP */ - crl->idp_flags |= IDP_PRESENT; - if (idp->onlyuser > 0) { - idp_only++; - crl->idp_flags |= IDP_ONLYUSER; - } - if (idp->onlyCA > 0) { - idp_only++; - crl->idp_flags |= IDP_ONLYCA; - } - if (idp->onlyattr > 0) { - idp_only++; - crl->idp_flags |= IDP_ONLYATTR; - } - - if (idp_only > 1) - crl->idp_flags |= IDP_INVALID; - - if (idp->indirectCRL > 0) - crl->idp_flags |= IDP_INDIRECT; - - if (idp->onlysomereasons) { - crl->idp_flags |= IDP_REASONS; - if (idp->onlysomereasons->length > 0) - crl->idp_reasons = idp->onlysomereasons->data[0]; - if (idp->onlysomereasons->length > 1) - crl->idp_reasons |= (idp->onlysomereasons->data[1] << 8); - crl->idp_reasons &= CRLDP_ALL_REASONS; - } - - return DIST_POINT_set_dpname(idp->distpoint, X509_CRL_get_issuer(crl)); -} - -ASN1_SEQUENCE_ref(X509_CRL, crl_cb) = { - ASN1_EMBED(X509_CRL, crl, X509_CRL_INFO), - ASN1_EMBED(X509_CRL, sig_alg, X509_ALGOR), - ASN1_EMBED(X509_CRL, signature, ASN1_BIT_STRING) -} ASN1_SEQUENCE_END_ref(X509_CRL, X509_CRL) - -IMPLEMENT_ASN1_FUNCTIONS(X509_REVOKED) - -IMPLEMENT_ASN1_DUP_FUNCTION(X509_REVOKED) - -IMPLEMENT_ASN1_FUNCTIONS(X509_CRL_INFO) - -IMPLEMENT_ASN1_FUNCTIONS(X509_CRL) - -IMPLEMENT_ASN1_DUP_FUNCTION(X509_CRL) - -static int X509_REVOKED_cmp(const X509_REVOKED *const *a, - const X509_REVOKED *const *b) -{ - return (ASN1_STRING_cmp((ASN1_STRING *)&(*a)->serialNumber, - (ASN1_STRING *)&(*b)->serialNumber)); -} - -X509_CRL *X509_CRL_new_ex(OSSL_LIB_CTX *libctx, const char *propq) -{ - X509_CRL *crl = NULL; - - crl = (X509_CRL *)ASN1_item_new((X509_CRL_it())); - if (!ossl_x509_crl_set0_libctx(crl, libctx, propq)) { - X509_CRL_free(crl); - crl = NULL; - } - return crl; -} - -int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev) -{ - X509_CRL_INFO *inf; - - inf = &crl->crl; - if (inf->revoked == NULL) - inf->revoked = sk_X509_REVOKED_new(X509_REVOKED_cmp); - if (inf->revoked == NULL || !sk_X509_REVOKED_push(inf->revoked, rev)) { - ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); - return 0; - } - inf->enc.modified = 1; - return 1; -} - -int X509_CRL_verify(X509_CRL *crl, EVP_PKEY *r) -{ - if (crl->meth->crl_verify) - return crl->meth->crl_verify(crl, r); - return 0; -} - -int X509_CRL_get0_by_serial(X509_CRL *crl, - X509_REVOKED **ret, const ASN1_INTEGER *serial) -{ - if (crl->meth->crl_lookup) - return crl->meth->crl_lookup(crl, ret, serial, NULL); - return 0; -} - -int X509_CRL_get0_by_cert(X509_CRL *crl, X509_REVOKED **ret, X509 *x) -{ - if (crl->meth->crl_lookup) - return crl->meth->crl_lookup(crl, ret, - X509_get0_serialNumber(x), - X509_get_issuer_name(x)); - return 0; -} - -static int def_crl_verify(X509_CRL *crl, EVP_PKEY *r) -{ - return ASN1_item_verify_ex(ASN1_ITEM_rptr(X509_CRL_INFO), - &crl->sig_alg, &crl->signature, &crl->crl, NULL, - r, crl->libctx, crl->propq); -} - -static int crl_revoked_issuer_match(X509_CRL *crl, const X509_NAME *nm, - X509_REVOKED *rev) -{ - int i; - - if (!rev->issuer) { - if (!nm) - return 1; - if (!X509_NAME_cmp(nm, X509_CRL_get_issuer(crl))) - return 1; - return 0; - } - - if (!nm) - nm = X509_CRL_get_issuer(crl); - - for (i = 0; i < sk_GENERAL_NAME_num(rev->issuer); i++) { - GENERAL_NAME *gen = sk_GENERAL_NAME_value(rev->issuer, i); - if (gen->type != GEN_DIRNAME) - continue; - if (!X509_NAME_cmp(nm, gen->d.directoryName)) - return 1; - } - return 0; - -} - -static int def_crl_lookup(X509_CRL *crl, - X509_REVOKED **ret, const ASN1_INTEGER *serial, - const X509_NAME *issuer) -{ - X509_REVOKED rtmp, *rev; - int idx, num; - - if (crl->crl.revoked == NULL) - return 0; - - /* - * Sort revoked into serial number order if not already sorted. Do this - * under a lock to avoid race condition. - */ - if (!sk_X509_REVOKED_is_sorted(crl->crl.revoked)) { - if (!CRYPTO_THREAD_write_lock(crl->lock)) - return 0; - sk_X509_REVOKED_sort(crl->crl.revoked); - CRYPTO_THREAD_unlock(crl->lock); - } - rtmp.serialNumber = *serial; - idx = sk_X509_REVOKED_find(crl->crl.revoked, &rtmp); - if (idx < 0) - return 0; - /* Need to look for matching name */ - for (num = sk_X509_REVOKED_num(crl->crl.revoked); idx < num; idx++) { - rev = sk_X509_REVOKED_value(crl->crl.revoked, idx); - if (ASN1_INTEGER_cmp(&rev->serialNumber, serial)) - return 0; - if (crl_revoked_issuer_match(crl, issuer, rev)) { - if (ret) - *ret = rev; - if (rev->reason == CRL_REASON_REMOVE_FROM_CRL) - return 2; - return 1; - } - } - return 0; -} - -void X509_CRL_set_default_method(const X509_CRL_METHOD *meth) -{ - if (meth == NULL) - default_crl_method = &int_crl_meth; - else - default_crl_method = meth; -} - -X509_CRL_METHOD *X509_CRL_METHOD_new(int (*crl_init) (X509_CRL *crl), - int (*crl_free) (X509_CRL *crl), - int (*crl_lookup) (X509_CRL *crl, - X509_REVOKED **ret, - const ASN1_INTEGER *ser, - const X509_NAME *issuer), - int (*crl_verify) (X509_CRL *crl, - EVP_PKEY *pk)) -{ - X509_CRL_METHOD *m = OPENSSL_malloc(sizeof(*m)); - - if (m == NULL) { - ERR_raise(ERR_LIB_X509, ERR_R_MALLOC_FAILURE); - return NULL; - } - m->crl_init = crl_init; - m->crl_free = crl_free; - m->crl_lookup = crl_lookup; - m->crl_verify = crl_verify; - m->flags = X509_CRL_METHOD_DYNAMIC; - return m; -} - -void X509_CRL_METHOD_free(X509_CRL_METHOD *m) -{ - if (m == NULL || !(m->flags & X509_CRL_METHOD_DYNAMIC)) - return; - OPENSSL_free(m); -} - -void X509_CRL_set_meth_data(X509_CRL *crl, void *dat) -{ - crl->meth_data = dat; -} - -void *X509_CRL_get_meth_data(X509_CRL *crl) -{ - return crl->meth_data; -} - -int ossl_x509_crl_set0_libctx(X509_CRL *x, OSSL_LIB_CTX *libctx, - const char *propq) -{ - if (x != NULL) { - x->libctx = libctx; - OPENSSL_free(x->propq); - x->propq = NULL; - if (propq != NULL) { - x->propq = OPENSSL_strdup(propq); - if (x->propq == NULL) - return 0; - } - } - return 1; -} diff --git a/crypto/x509/x_exten.c b/crypto/x509/x_exten.c deleted file mode 100644 index 4e63b50caa624c7181c0bbf0f8bb6be262ff08eb..0000000000000000000000000000000000000000 --- a/crypto/x509/x_exten.c +++ /dev/null @@ -1,28 +0,0 @@ -/* - * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include -#include "x509_local.h" - -ASN1_SEQUENCE(X509_EXTENSION) = { - ASN1_SIMPLE(X509_EXTENSION, object, ASN1_OBJECT), - ASN1_OPT(X509_EXTENSION, critical, ASN1_BOOLEAN), - ASN1_EMBED(X509_EXTENSION, value, ASN1_OCTET_STRING) -} ASN1_SEQUENCE_END(X509_EXTENSION) - -ASN1_ITEM_TEMPLATE(X509_EXTENSIONS) = - ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, Extension, X509_EXTENSION) -ASN1_ITEM_TEMPLATE_END(X509_EXTENSIONS) - -IMPLEMENT_ASN1_FUNCTIONS(X509_EXTENSION) -IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(X509_EXTENSIONS, X509_EXTENSIONS, X509_EXTENSIONS) -IMPLEMENT_ASN1_DUP_FUNCTION(X509_EXTENSION) diff --git a/crypto/x509/x_name.c b/crypto/x509/x_name.c deleted file mode 100644 index 944eb9992486d39552dfc7374354fe82f95d6097..0000000000000000000000000000000000000000 --- a/crypto/x509/x_name.c +++ /dev/null @@ -1,553 +0,0 @@ -/* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "crypto/ctype.h" -#include "internal/cryptlib.h" -#include -#include -#include "crypto/x509.h" -#include "crypto/asn1.h" -#include "x509_local.h" - -/* - * Maximum length of X509_NAME: much larger than anything we should - * ever see in practice. - */ - -#define X509_NAME_MAX (1024 * 1024) - -static int x509_name_ex_d2i(ASN1_VALUE **val, - const unsigned char **in, long len, - const ASN1_ITEM *it, - int tag, int aclass, char opt, ASN1_TLC *ctx); - -static int x509_name_ex_i2d(const ASN1_VALUE **val, unsigned char **out, - const ASN1_ITEM *it, int tag, int aclass); -static int x509_name_ex_new(ASN1_VALUE **val, const ASN1_ITEM *it); -static void x509_name_ex_free(ASN1_VALUE **val, const ASN1_ITEM *it); - -static int x509_name_encode(X509_NAME *a); -static int x509_name_canon(X509_NAME *a); -static int asn1_string_canon(ASN1_STRING *out, const ASN1_STRING *in); -static int i2d_name_canon(const STACK_OF(STACK_OF_X509_NAME_ENTRY) * intname, - unsigned char **in); - -static int x509_name_ex_print(BIO *out, const ASN1_VALUE **pval, - int indent, - const char *fname, const ASN1_PCTX *pctx); - -ASN1_SEQUENCE(X509_NAME_ENTRY) = { - ASN1_SIMPLE(X509_NAME_ENTRY, object, ASN1_OBJECT), - ASN1_SIMPLE(X509_NAME_ENTRY, value, ASN1_PRINTABLE) -} ASN1_SEQUENCE_END(X509_NAME_ENTRY) - -IMPLEMENT_ASN1_FUNCTIONS(X509_NAME_ENTRY) -IMPLEMENT_ASN1_DUP_FUNCTION(X509_NAME_ENTRY) - -/* - * For the "Name" type we need a SEQUENCE OF { SET OF X509_NAME_ENTRY } so - * declare two template wrappers for this - */ - -ASN1_ITEM_TEMPLATE(X509_NAME_ENTRIES) = - ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SET_OF, 0, RDNS, X509_NAME_ENTRY) -static_ASN1_ITEM_TEMPLATE_END(X509_NAME_ENTRIES) - -ASN1_ITEM_TEMPLATE(X509_NAME_INTERNAL) = - ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, Name, X509_NAME_ENTRIES) -static_ASN1_ITEM_TEMPLATE_END(X509_NAME_INTERNAL) - -/* - * Normally that's where it would end: we'd have two nested STACK structures - * representing the ASN1. Unfortunately X509_NAME uses a completely different - * form and caches encodings so we have to process the internal form and - * convert to the external form. - */ - -static const ASN1_EXTERN_FUNCS x509_name_ff = { - NULL, - x509_name_ex_new, - x509_name_ex_free, - 0, /* Default clear behaviour is OK */ - x509_name_ex_d2i, - x509_name_ex_i2d, - x509_name_ex_print -}; - -IMPLEMENT_EXTERN_ASN1(X509_NAME, V_ASN1_SEQUENCE, x509_name_ff) - -IMPLEMENT_ASN1_FUNCTIONS(X509_NAME) - -IMPLEMENT_ASN1_DUP_FUNCTION(X509_NAME) - -static int x509_name_ex_new(ASN1_VALUE **val, const ASN1_ITEM *it) -{ - X509_NAME *ret = OPENSSL_zalloc(sizeof(*ret)); - - if (ret == NULL) - goto memerr; - if ((ret->entries = sk_X509_NAME_ENTRY_new_null()) == NULL) - goto memerr; - if ((ret->bytes = BUF_MEM_new()) == NULL) - goto memerr; - ret->modified = 1; - *val = (ASN1_VALUE *)ret; - return 1; - - memerr: - ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); - if (ret) { - sk_X509_NAME_ENTRY_free(ret->entries); - OPENSSL_free(ret); - } - return 0; -} - -static void x509_name_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it) -{ - X509_NAME *a; - - if (pval == NULL || *pval == NULL) - return; - a = (X509_NAME *)*pval; - - BUF_MEM_free(a->bytes); - sk_X509_NAME_ENTRY_pop_free(a->entries, X509_NAME_ENTRY_free); - OPENSSL_free(a->canon_enc); - OPENSSL_free(a); - *pval = NULL; -} - -static void local_sk_X509_NAME_ENTRY_free(STACK_OF(X509_NAME_ENTRY) *ne) -{ - sk_X509_NAME_ENTRY_free(ne); -} - -static void local_sk_X509_NAME_ENTRY_pop_free(STACK_OF(X509_NAME_ENTRY) *ne) -{ - sk_X509_NAME_ENTRY_pop_free(ne, X509_NAME_ENTRY_free); -} - -static int x509_name_ex_d2i(ASN1_VALUE **val, - const unsigned char **in, long len, - const ASN1_ITEM *it, int tag, int aclass, - char opt, ASN1_TLC *ctx) -{ - const unsigned char *p = *in, *q; - union { - STACK_OF(STACK_OF_X509_NAME_ENTRY) *s; - ASN1_VALUE *a; - } intname = { - NULL - }; - union { - X509_NAME *x; - ASN1_VALUE *a; - } nm = { - NULL - }; - int i, j, ret; - STACK_OF(X509_NAME_ENTRY) *entries; - X509_NAME_ENTRY *entry; - - if (len > X509_NAME_MAX) - len = X509_NAME_MAX; - q = p; - - /* Get internal representation of Name */ - ret = ASN1_item_ex_d2i(&intname.a, - &p, len, ASN1_ITEM_rptr(X509_NAME_INTERNAL), - tag, aclass, opt, ctx); - - if (ret <= 0) - return ret; - - if (*val) - x509_name_ex_free(val, NULL); - if (!x509_name_ex_new(&nm.a, NULL)) - goto err; - /* We've decoded it: now cache encoding */ - if (!BUF_MEM_grow(nm.x->bytes, p - q)) - goto err; - memcpy(nm.x->bytes->data, q, p - q); - - /* Convert internal representation to X509_NAME structure */ - for (i = 0; i < sk_STACK_OF_X509_NAME_ENTRY_num(intname.s); i++) { - entries = sk_STACK_OF_X509_NAME_ENTRY_value(intname.s, i); - for (j = 0; j < sk_X509_NAME_ENTRY_num(entries); j++) { - entry = sk_X509_NAME_ENTRY_value(entries, j); - entry->set = i; - if (!sk_X509_NAME_ENTRY_push(nm.x->entries, entry)) - goto err; - (void)sk_X509_NAME_ENTRY_set(entries, j, NULL); - } - } - ret = x509_name_canon(nm.x); - if (!ret) - goto err; - sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname.s, - local_sk_X509_NAME_ENTRY_free); - nm.x->modified = 0; - *val = nm.a; - *in = p; - return ret; - - err: - if (nm.x != NULL) - X509_NAME_free(nm.x); - sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname.s, - local_sk_X509_NAME_ENTRY_pop_free); - ERR_raise(ERR_LIB_ASN1, ERR_R_NESTED_ASN1_ERROR); - return 0; -} - -static int x509_name_ex_i2d(const ASN1_VALUE **val, unsigned char **out, - const ASN1_ITEM *it, int tag, int aclass) -{ - int ret; - X509_NAME *a = (X509_NAME *)*val; - - if (a->modified) { - ret = x509_name_encode(a); - if (ret < 0) - return ret; - ret = x509_name_canon(a); - if (!ret) - return -1; - } - ret = a->bytes->length; - if (out != NULL) { - memcpy(*out, a->bytes->data, ret); - *out += ret; - } - return ret; -} - -static int x509_name_encode(X509_NAME *a) -{ - union { - STACK_OF(STACK_OF_X509_NAME_ENTRY) *s; - const ASN1_VALUE *a; - } intname = { - NULL - }; - int len; - unsigned char *p; - STACK_OF(X509_NAME_ENTRY) *entries = NULL; - X509_NAME_ENTRY *entry; - int i, set = -1; - - intname.s = sk_STACK_OF_X509_NAME_ENTRY_new_null(); - if (!intname.s) - goto memerr; - for (i = 0; i < sk_X509_NAME_ENTRY_num(a->entries); i++) { - entry = sk_X509_NAME_ENTRY_value(a->entries, i); - if (entry->set != set) { - entries = sk_X509_NAME_ENTRY_new_null(); - if (!entries) - goto memerr; - if (!sk_STACK_OF_X509_NAME_ENTRY_push(intname.s, entries)) { - sk_X509_NAME_ENTRY_free(entries); - goto memerr; - } - set = entry->set; - } - if (!sk_X509_NAME_ENTRY_push(entries, entry)) - goto memerr; - } - len = ASN1_item_ex_i2d(&intname.a, NULL, - ASN1_ITEM_rptr(X509_NAME_INTERNAL), -1, -1); - if (!BUF_MEM_grow(a->bytes, len)) - goto memerr; - p = (unsigned char *)a->bytes->data; - ASN1_item_ex_i2d(&intname.a, - &p, ASN1_ITEM_rptr(X509_NAME_INTERNAL), -1, -1); - sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname.s, - local_sk_X509_NAME_ENTRY_free); - a->modified = 0; - return len; - memerr: - sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname.s, - local_sk_X509_NAME_ENTRY_free); - ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); - return -1; -} - -static int x509_name_ex_print(BIO *out, const ASN1_VALUE **pval, - int indent, - const char *fname, const ASN1_PCTX *pctx) -{ - if (X509_NAME_print_ex(out, (const X509_NAME *)*pval, - indent, pctx->nm_flags) <= 0) - return 0; - return 2; -} - -/* - * This function generates the canonical encoding of the Name structure. In - * it all strings are converted to UTF8, leading, trailing and multiple - * spaces collapsed, converted to lower case and the leading SEQUENCE header - * removed. In future we could also normalize the UTF8 too. By doing this - * comparison of Name structures can be rapidly performed by just using - * memcmp() of the canonical encoding. By omitting the leading SEQUENCE name - * constraints of type dirName can also be checked with a simple memcmp(). - * NOTE: For empty X509_NAME (NULL-DN), canon_enclen == 0 && canon_enc == NULL - */ - -static int x509_name_canon(X509_NAME *a) -{ - unsigned char *p; - STACK_OF(STACK_OF_X509_NAME_ENTRY) *intname; - STACK_OF(X509_NAME_ENTRY) *entries = NULL; - X509_NAME_ENTRY *entry, *tmpentry = NULL; - int i, set = -1, ret = 0, len; - - OPENSSL_free(a->canon_enc); - a->canon_enc = NULL; - /* Special case: empty X509_NAME => null encoding */ - if (sk_X509_NAME_ENTRY_num(a->entries) == 0) { - a->canon_enclen = 0; - return 1; - } - intname = sk_STACK_OF_X509_NAME_ENTRY_new_null(); - if (intname == NULL) { - ERR_raise(ERR_LIB_X509, ERR_R_MALLOC_FAILURE); - goto err; - } - for (i = 0; i < sk_X509_NAME_ENTRY_num(a->entries); i++) { - entry = sk_X509_NAME_ENTRY_value(a->entries, i); - if (entry->set != set) { - entries = sk_X509_NAME_ENTRY_new_null(); - if (entries == NULL) - goto err; - if (!sk_STACK_OF_X509_NAME_ENTRY_push(intname, entries)) { - sk_X509_NAME_ENTRY_free(entries); - ERR_raise(ERR_LIB_X509, ERR_R_MALLOC_FAILURE); - goto err; - } - set = entry->set; - } - tmpentry = X509_NAME_ENTRY_new(); - if (tmpentry == NULL) { - ERR_raise(ERR_LIB_X509, ERR_R_MALLOC_FAILURE); - goto err; - } - tmpentry->object = OBJ_dup(entry->object); - if (tmpentry->object == NULL) { - ERR_raise(ERR_LIB_X509, ERR_R_MALLOC_FAILURE); - goto err; - } - if (!asn1_string_canon(tmpentry->value, entry->value)) - goto err; - if (!sk_X509_NAME_ENTRY_push(entries, tmpentry)) { - ERR_raise(ERR_LIB_X509, ERR_R_MALLOC_FAILURE); - goto err; - } - tmpentry = NULL; - } - - /* Finally generate encoding */ - len = i2d_name_canon(intname, NULL); - if (len < 0) - goto err; - a->canon_enclen = len; - - p = OPENSSL_malloc(a->canon_enclen); - if (p == NULL) { - ERR_raise(ERR_LIB_X509, ERR_R_MALLOC_FAILURE); - goto err; - } - - a->canon_enc = p; - - i2d_name_canon(intname, &p); - - ret = 1; - - err: - X509_NAME_ENTRY_free(tmpentry); - sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname, - local_sk_X509_NAME_ENTRY_pop_free); - return ret; -} - -/* Bitmap of all the types of string that will be canonicalized. */ - -#define ASN1_MASK_CANON \ - (B_ASN1_UTF8STRING | B_ASN1_BMPSTRING | B_ASN1_UNIVERSALSTRING \ - | B_ASN1_PRINTABLESTRING | B_ASN1_T61STRING | B_ASN1_IA5STRING \ - | B_ASN1_VISIBLESTRING) - -static int asn1_string_canon(ASN1_STRING *out, const ASN1_STRING *in) -{ - unsigned char *to, *from; - int len, i; - - /* If type not in bitmask just copy string across */ - if (!(ASN1_tag2bit(in->type) & ASN1_MASK_CANON)) { - if (!ASN1_STRING_copy(out, in)) - return 0; - return 1; - } - - out->type = V_ASN1_UTF8STRING; - out->length = ASN1_STRING_to_UTF8(&out->data, in); - if (out->length == -1) - return 0; - - to = out->data; - from = to; - - len = out->length; - - /* - * Convert string in place to canonical form. Ultimately we may need to - * handle a wider range of characters but for now ignore anything with - * MSB set and rely on the ossl_isspace() to fail on bad characters without - * needing isascii or range checks as well. - */ - - /* Ignore leading spaces */ - while (len > 0 && ossl_isspace(*from)) { - from++; - len--; - } - - to = from + len; - - /* Ignore trailing spaces */ - while (len > 0 && ossl_isspace(to[-1])) { - to--; - len--; - } - - to = out->data; - - i = 0; - while (i < len) { - /* If not ASCII set just copy across */ - if (!ossl_isascii(*from)) { - *to++ = *from++; - i++; - } - /* Collapse multiple spaces */ - else if (ossl_isspace(*from)) { - /* Copy one space across */ - *to++ = ' '; - /* - * Ignore subsequent spaces. Note: don't need to check len here - * because we know the last character is a non-space so we can't - * overflow. - */ - do { - from++; - i++; - } - while (ossl_isspace(*from)); - } else { - *to++ = ossl_tolower(*from); - from++; - i++; - } - } - - out->length = to - out->data; - - return 1; - -} - -static int i2d_name_canon(const STACK_OF(STACK_OF_X509_NAME_ENTRY) * _intname, - unsigned char **in) -{ - int i, len, ltmp; - const ASN1_VALUE *v; - STACK_OF(ASN1_VALUE) *intname = (STACK_OF(ASN1_VALUE) *)_intname; - - len = 0; - for (i = 0; i < sk_ASN1_VALUE_num(intname); i++) { - v = sk_ASN1_VALUE_value(intname, i); - ltmp = ASN1_item_ex_i2d(&v, in, - ASN1_ITEM_rptr(X509_NAME_ENTRIES), -1, -1); - if (ltmp < 0) - return ltmp; - len += ltmp; - } - return len; -} - -int X509_NAME_set(X509_NAME **xn, const X509_NAME *name) -{ - X509_NAME *name_copy; - - if (*xn == name) - return *xn != NULL; - if ((name_copy = X509_NAME_dup(name)) == NULL) - return 0; - X509_NAME_free(*xn); - *xn = name_copy; - return 1; -} - -int X509_NAME_print(BIO *bp, const X509_NAME *name, int obase) -{ - char *s, *c, *b; - int i; - - b = X509_NAME_oneline(name, NULL, 0); - if (b == NULL) - return 0; - if (*b == '\0') { - OPENSSL_free(b); - return 1; - } - s = b + 1; /* skip the first slash */ - - c = s; - for (;;) { - if (((*s == '/') && - (ossl_isupper(s[1]) && ((s[2] == '=') || - (ossl_isupper(s[2]) && (s[3] == '=')) - ))) || (*s == '\0')) - { - i = s - c; - if (BIO_write(bp, c, i) != i) - goto err; - c = s + 1; /* skip following slash */ - if (*s != '\0') { - if (BIO_write(bp, ", ", 2) != 2) - goto err; - } - } - if (*s == '\0') - break; - s++; - } - - OPENSSL_free(b); - return 1; - err: - ERR_raise(ERR_LIB_X509, ERR_R_BUF_LIB); - OPENSSL_free(b); - return 0; -} - -int X509_NAME_get0_der(const X509_NAME *nm, const unsigned char **pder, - size_t *pderlen) -{ - /* Make sure encoding is valid */ - if (i2d_X509_NAME(nm, NULL) <= 0) - return 0; - if (pder != NULL) - *pder = (unsigned char *)nm->bytes->data; - if (pderlen != NULL) - *pderlen = nm->bytes->length; - return 1; -} diff --git a/crypto/x509/x_pubkey.c b/crypto/x509/x_pubkey.c deleted file mode 100644 index bc90ddd89b4952dd751ef3f7f4c391f6a84600fc..0000000000000000000000000000000000000000 --- a/crypto/x509/x_pubkey.c +++ /dev/null @@ -1,1048 +0,0 @@ -/* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * DSA low level APIs are deprecated for public use, but still ok for - * internal use. - */ -#include "internal/deprecated.h" - -#include -#include "internal/cryptlib.h" -#include -#include -#include -#include "crypto/asn1.h" -#include "crypto/evp.h" -#include "crypto/x509.h" -#include -#include -#include -#include -#include "internal/provider.h" -#include "internal/sizes.h" - -struct X509_pubkey_st { - X509_ALGOR *algor; - ASN1_BIT_STRING *public_key; - - EVP_PKEY *pkey; - - /* extra data for the callback, used by d2i_PUBKEY_ex */ - OSSL_LIB_CTX *libctx; - char *propq; - - /* Flag to force legacy keys */ - unsigned int flag_force_legacy : 1; -}; - -static int x509_pubkey_decode(EVP_PKEY **pk, const X509_PUBKEY *key); - -static int x509_pubkey_set0_libctx(X509_PUBKEY *x, OSSL_LIB_CTX *libctx, - const char *propq) -{ - if (x != NULL) { - x->libctx = libctx; - OPENSSL_free(x->propq); - x->propq = NULL; - if (propq != NULL) { - x->propq = OPENSSL_strdup(propq); - if (x->propq == NULL) - return 0; - } - } - return 1; -} - -ASN1_SEQUENCE(X509_PUBKEY_INTERNAL) = { - ASN1_SIMPLE(X509_PUBKEY, algor, X509_ALGOR), - ASN1_SIMPLE(X509_PUBKEY, public_key, ASN1_BIT_STRING) -} static_ASN1_SEQUENCE_END_name(X509_PUBKEY, X509_PUBKEY_INTERNAL) - -X509_PUBKEY *ossl_d2i_X509_PUBKEY_INTERNAL(const unsigned char **pp, - long len, OSSL_LIB_CTX *libctx) -{ - X509_PUBKEY *xpub = OPENSSL_zalloc(sizeof(*xpub)); - - if (xpub == NULL) - return NULL; - return (X509_PUBKEY *)ASN1_item_d2i_ex((ASN1_VALUE **)&xpub, pp, len, - ASN1_ITEM_rptr(X509_PUBKEY_INTERNAL), - libctx, NULL); -} - -void ossl_X509_PUBKEY_INTERNAL_free(X509_PUBKEY *xpub) -{ - ASN1_item_free((ASN1_VALUE *)xpub, ASN1_ITEM_rptr(X509_PUBKEY_INTERNAL)); -} - -static void x509_pubkey_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it) -{ - X509_PUBKEY *pubkey; - - if (pval != NULL && (pubkey = (X509_PUBKEY *)*pval) != NULL) { - X509_ALGOR_free(pubkey->algor); - ASN1_BIT_STRING_free(pubkey->public_key); - EVP_PKEY_free(pubkey->pkey); - OPENSSL_free(pubkey->propq); - OPENSSL_free(pubkey); - *pval = NULL; - } -} - -static int x509_pubkey_ex_populate(ASN1_VALUE **pval, const ASN1_ITEM *it) -{ - X509_PUBKEY *pubkey = (X509_PUBKEY *)*pval; - - return (pubkey->algor != NULL - || (pubkey->algor = X509_ALGOR_new()) != NULL) - && (pubkey->public_key != NULL - || (pubkey->public_key = ASN1_BIT_STRING_new()) != NULL); -} - - -static int x509_pubkey_ex_new_ex(ASN1_VALUE **pval, const ASN1_ITEM *it, - OSSL_LIB_CTX *libctx, const char *propq) -{ - X509_PUBKEY *ret; - - if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL - || !x509_pubkey_ex_populate((ASN1_VALUE **)&ret, NULL) - || !x509_pubkey_set0_libctx(ret, libctx, propq)) { - x509_pubkey_ex_free((ASN1_VALUE **)&ret, NULL); - ret = NULL; - ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); - } else { - *pval = (ASN1_VALUE *)ret; - } - - return ret != NULL; -} - -static int x509_pubkey_ex_d2i_ex(ASN1_VALUE **pval, - const unsigned char **in, long len, - const ASN1_ITEM *it, int tag, int aclass, - char opt, ASN1_TLC *ctx, OSSL_LIB_CTX *libctx, - const char *propq) -{ - const unsigned char *in_saved = *in; - size_t publen; - X509_PUBKEY *pubkey; - int ret; - OSSL_DECODER_CTX *dctx = NULL; - unsigned char *tmpbuf = NULL; - - if (*pval == NULL && !x509_pubkey_ex_new_ex(pval, it, libctx, propq)) - return 0; - if (!x509_pubkey_ex_populate(pval, NULL)) { - ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); - return 0; - } - - /* This ensures that |*in| advances properly no matter what */ - if ((ret = ASN1_item_ex_d2i(pval, in, len, - ASN1_ITEM_rptr(X509_PUBKEY_INTERNAL), - tag, aclass, opt, ctx)) <= 0) - return ret; - - publen = *in - in_saved; - if (!ossl_assert(publen > 0)) { - ERR_raise(ERR_LIB_ASN1, ERR_R_INTERNAL_ERROR); - return 0; - } - - pubkey = (X509_PUBKEY *)*pval; - EVP_PKEY_free(pubkey->pkey); - pubkey->pkey = NULL; - - /* - * Opportunistically decode the key but remove any non fatal errors - * from the queue. Subsequent explicit attempts to decode/use the key - * will return an appropriate error. - */ - ERR_set_mark(); - - /* - * Try to decode with legacy method first. This ensures that engines - * aren't overriden by providers. - */ - if ((ret = x509_pubkey_decode(&pubkey->pkey, pubkey)) == -1) { - /* -1 indicates a fatal error, like malloc failure */ - ERR_clear_last_mark(); - goto end; - } - - /* Try to decode it into an EVP_PKEY with OSSL_DECODER */ - if (ret <= 0 && !pubkey->flag_force_legacy) { - const unsigned char *p; - char txtoidname[OSSL_MAX_NAME_SIZE]; - size_t slen = publen; - - /* - * The decoders don't know how to handle anything other than Universal - * class so we modify the data accordingly. - */ - if (aclass != V_ASN1_UNIVERSAL) { - tmpbuf = OPENSSL_memdup(in_saved, publen); - if (tmpbuf == NULL) { - ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); - return 0; - } - in_saved = tmpbuf; - *tmpbuf = V_ASN1_CONSTRUCTED | V_ASN1_SEQUENCE; - } - p = in_saved; - - if (OBJ_obj2txt(txtoidname, sizeof(txtoidname), - pubkey->algor->algorithm, 0) <= 0) { - ERR_clear_last_mark(); - goto end; - } - if ((dctx = - OSSL_DECODER_CTX_new_for_pkey(&pubkey->pkey, - "DER", "SubjectPublicKeyInfo", - txtoidname, EVP_PKEY_PUBLIC_KEY, - pubkey->libctx, - pubkey->propq)) != NULL) - /* - * As said higher up, we're being opportunistic. In other words, - * we don't care if we fail. - */ - if (OSSL_DECODER_from_data(dctx, &p, &slen)) { - if (slen != 0) { - /* - * If we successfully decoded then we *must* consume all the - * bytes. - */ - ERR_clear_last_mark(); - ERR_raise(ERR_LIB_ASN1, EVP_R_DECODE_ERROR); - goto end; - } - } - } - - ERR_pop_to_mark(); - ret = 1; - end: - OSSL_DECODER_CTX_free(dctx); - OPENSSL_free(tmpbuf); - return ret; -} - -static int x509_pubkey_ex_i2d(const ASN1_VALUE **pval, unsigned char **out, - const ASN1_ITEM *it, int tag, int aclass) -{ - return ASN1_item_ex_i2d(pval, out, ASN1_ITEM_rptr(X509_PUBKEY_INTERNAL), - tag, aclass); -} - -static int x509_pubkey_ex_print(BIO *out, const ASN1_VALUE **pval, int indent, - const char *fname, const ASN1_PCTX *pctx) -{ - return ASN1_item_print(out, *pval, indent, - ASN1_ITEM_rptr(X509_PUBKEY_INTERNAL), pctx); -} - -static const ASN1_EXTERN_FUNCS x509_pubkey_ff = { - NULL, - NULL, - x509_pubkey_ex_free, - 0, /* Default clear behaviour is OK */ - NULL, - x509_pubkey_ex_i2d, - x509_pubkey_ex_print, - x509_pubkey_ex_new_ex, - x509_pubkey_ex_d2i_ex, -}; - -IMPLEMENT_EXTERN_ASN1(X509_PUBKEY, V_ASN1_SEQUENCE, x509_pubkey_ff) -IMPLEMENT_ASN1_FUNCTIONS(X509_PUBKEY) - -X509_PUBKEY *X509_PUBKEY_new_ex(OSSL_LIB_CTX *libctx, const char *propq) -{ - X509_PUBKEY *pubkey = NULL; - - pubkey = (X509_PUBKEY *)ASN1_item_new_ex(X509_PUBKEY_it(), libctx, propq); - if (!x509_pubkey_set0_libctx(pubkey, libctx, propq)) { - X509_PUBKEY_free(pubkey); - pubkey = NULL; - } - return pubkey; -} - -/* - * X509_PUBKEY_dup() must be implemented manually, because there is no - * support for it in ASN1_EXTERN_FUNCS. - */ -X509_PUBKEY *X509_PUBKEY_dup(const X509_PUBKEY *a) -{ - X509_PUBKEY *pubkey = OPENSSL_zalloc(sizeof(*pubkey)); - - if (pubkey == NULL - || !x509_pubkey_set0_libctx(pubkey, a->libctx, a->propq) - || (pubkey->algor = X509_ALGOR_dup(a->algor)) == NULL - || (pubkey->public_key = ASN1_BIT_STRING_new()) == NULL - || !ASN1_BIT_STRING_set(pubkey->public_key, - a->public_key->data, - a->public_key->length)) { - x509_pubkey_ex_free((ASN1_VALUE **)&pubkey, - ASN1_ITEM_rptr(X509_PUBKEY_INTERNAL)); - ERR_raise(ERR_LIB_X509, ERR_R_MALLOC_FAILURE); - return NULL; - } - - if (a->pkey != NULL) { - ERR_set_mark(); - pubkey->pkey = EVP_PKEY_dup(a->pkey); - if (pubkey->pkey == NULL) { - pubkey->flag_force_legacy = 1; - if (x509_pubkey_decode(&pubkey->pkey, pubkey) <= 0) { - x509_pubkey_ex_free((ASN1_VALUE **)&pubkey, - ASN1_ITEM_rptr(X509_PUBKEY_INTERNAL)); - ERR_clear_last_mark(); - return NULL; - } - } - ERR_pop_to_mark(); - } - return pubkey; -} - -int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey) -{ - X509_PUBKEY *pk = NULL; - - if (x == NULL || pkey == NULL) { - ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - - if (pkey->ameth != NULL) { - if ((pk = X509_PUBKEY_new()) == NULL) { - ERR_raise(ERR_LIB_X509, ERR_R_MALLOC_FAILURE); - goto error; - } - if (pkey->ameth->pub_encode != NULL) { - if (!pkey->ameth->pub_encode(pk, pkey)) { - ERR_raise(ERR_LIB_X509, X509_R_PUBLIC_KEY_ENCODE_ERROR); - goto error; - } - } else { - ERR_raise(ERR_LIB_X509, X509_R_METHOD_NOT_SUPPORTED); - goto error; - } - } else if (evp_pkey_is_provided(pkey)) { - unsigned char *der = NULL; - size_t derlen = 0; - OSSL_ENCODER_CTX *ectx = - OSSL_ENCODER_CTX_new_for_pkey(pkey, EVP_PKEY_PUBLIC_KEY, - "DER", "SubjectPublicKeyInfo", - NULL); - - if (OSSL_ENCODER_to_data(ectx, &der, &derlen)) { - const unsigned char *pder = der; - - pk = d2i_X509_PUBKEY(NULL, &pder, (long)derlen); - } - - OSSL_ENCODER_CTX_free(ectx); - OPENSSL_free(der); - } - - if (pk == NULL) { - ERR_raise(ERR_LIB_X509, X509_R_UNSUPPORTED_ALGORITHM); - goto error; - } - - X509_PUBKEY_free(*x); - if (!EVP_PKEY_up_ref(pkey)) { - ERR_raise(ERR_LIB_X509, ERR_R_INTERNAL_ERROR); - goto error; - } - *x = pk; - - /* - * pk->pkey is NULL when using the legacy routine, but is non-NULL when - * going through the encoder, and for all intents and purposes, it's - * a perfect copy of the public key portions of |pkey|, just not the same - * instance. If that's all there was to pkey then we could simply return - * early, right here. However, some application might very well depend on - * the passed |pkey| being used and none other, so we spend a few more - * cycles throwing away the newly created |pk->pkey| and replace it with - * |pkey|. - */ - if (pk->pkey != NULL) - EVP_PKEY_free(pk->pkey); - - pk->pkey = pkey; - return 1; - - error: - X509_PUBKEY_free(pk); - return 0; -} - -/* - * Attempt to decode a public key. - * Returns 1 on success, 0 for a decode failure and -1 for a fatal - * error e.g. malloc failure. - * - * This function is #legacy. - */ -static int x509_pubkey_decode(EVP_PKEY **ppkey, const X509_PUBKEY *key) -{ - EVP_PKEY *pkey; - int nid; - - nid = OBJ_obj2nid(key->algor->algorithm); - if (!key->flag_force_legacy) { -#ifndef OPENSSL_NO_ENGINE - ENGINE *e = NULL; - - e = ENGINE_get_pkey_meth_engine(nid); - if (e == NULL) - return 0; - ENGINE_finish(e); -#else - return 0; -#endif - } - - pkey = EVP_PKEY_new(); - if (pkey == NULL) { - ERR_raise(ERR_LIB_X509, ERR_R_MALLOC_FAILURE); - return -1; - } - - if (!EVP_PKEY_set_type(pkey, nid)) { - ERR_raise(ERR_LIB_X509, X509_R_UNSUPPORTED_ALGORITHM); - goto error; - } - - if (pkey->ameth->pub_decode) { - /* - * Treat any failure of pub_decode as a decode error. In - * future we could have different return codes for decode - * errors and fatal errors such as malloc failure. - */ - if (!pkey->ameth->pub_decode(pkey, key)) - goto error; - } else { - ERR_raise(ERR_LIB_X509, X509_R_METHOD_NOT_SUPPORTED); - goto error; - } - - *ppkey = pkey; - return 1; - - error: - EVP_PKEY_free(pkey); - return 0; -} - -EVP_PKEY *X509_PUBKEY_get0(const X509_PUBKEY *key) -{ - if (key == NULL) { - ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER); - return NULL; - } - - if (key->pkey == NULL) { - /* We failed to decode the key when we loaded it, or it was never set */ - ERR_raise(ERR_LIB_EVP, EVP_R_DECODE_ERROR); - return NULL; - } - - return key->pkey; -} - -EVP_PKEY *X509_PUBKEY_get(const X509_PUBKEY *key) -{ - EVP_PKEY *ret = X509_PUBKEY_get0(key); - - if (ret != NULL && !EVP_PKEY_up_ref(ret)) { - ERR_raise(ERR_LIB_X509, ERR_R_INTERNAL_ERROR); - ret = NULL; - } - return ret; -} - -/* - * Now three pseudo ASN1 routines that take an EVP_PKEY structure and encode - * or decode as X509_PUBKEY - */ -static EVP_PKEY *d2i_PUBKEY_int(EVP_PKEY **a, - const unsigned char **pp, long length, - OSSL_LIB_CTX *libctx, const char *propq, - unsigned int force_legacy, - X509_PUBKEY * - (*d2i_x509_pubkey)(X509_PUBKEY **a, - const unsigned char **in, - long len)) -{ - X509_PUBKEY *xpk, *xpk2 = NULL, **pxpk = NULL; - EVP_PKEY *pktmp = NULL; - const unsigned char *q; - - q = *pp; - - /* - * If libctx or propq are non-NULL, we take advantage of the reuse - * feature. It's not generally recommended, but is safe enough for - * newly created structures. - */ - if (libctx != NULL || propq != NULL || force_legacy) { - xpk2 = OPENSSL_zalloc(sizeof(*xpk2)); - if (xpk2 == NULL) { - ERR_raise(ERR_LIB_X509, ERR_R_MALLOC_FAILURE); - return NULL; - } - if (!x509_pubkey_set0_libctx(xpk2, libctx, propq)) - goto end; - xpk2->flag_force_legacy = !!force_legacy; - pxpk = &xpk2; - } - xpk = d2i_x509_pubkey(pxpk, &q, length); - if (xpk == NULL) - goto end; - pktmp = X509_PUBKEY_get(xpk); - X509_PUBKEY_free(xpk); - xpk2 = NULL; /* We know that xpk == xpk2 */ - if (pktmp == NULL) - goto end; - *pp = q; - if (a != NULL) { - EVP_PKEY_free(*a); - *a = pktmp; - } - end: - X509_PUBKEY_free(xpk2); - return pktmp; -} - -/* For the algorithm specific d2i functions further down */ -EVP_PKEY *ossl_d2i_PUBKEY_legacy(EVP_PKEY **a, const unsigned char **pp, - long length) -{ - return d2i_PUBKEY_int(a, pp, length, NULL, NULL, 1, d2i_X509_PUBKEY); -} - -EVP_PKEY *d2i_PUBKEY_ex(EVP_PKEY **a, const unsigned char **pp, long length, - OSSL_LIB_CTX *libctx, const char *propq) -{ - return d2i_PUBKEY_int(a, pp, length, libctx, propq, 0, d2i_X509_PUBKEY); -} - -EVP_PKEY *d2i_PUBKEY(EVP_PKEY **a, const unsigned char **pp, long length) -{ - return d2i_PUBKEY_ex(a, pp, length, NULL, NULL); -} - -int i2d_PUBKEY(const EVP_PKEY *a, unsigned char **pp) -{ - int ret = -1; - - if (a == NULL) - return 0; - if (a->ameth != NULL) { - X509_PUBKEY *xpk = NULL; - - if ((xpk = X509_PUBKEY_new()) == NULL) - return -1; - - /* pub_encode() only encode parameters, not the key itself */ - if (a->ameth->pub_encode != NULL && a->ameth->pub_encode(xpk, a)) { - xpk->pkey = (EVP_PKEY *)a; - ret = i2d_X509_PUBKEY(xpk, pp); - xpk->pkey = NULL; - } - X509_PUBKEY_free(xpk); - } else if (a->keymgmt != NULL) { - OSSL_ENCODER_CTX *ctx = - OSSL_ENCODER_CTX_new_for_pkey(a, EVP_PKEY_PUBLIC_KEY, - "DER", "SubjectPublicKeyInfo", - NULL); - BIO *out = BIO_new(BIO_s_mem()); - BUF_MEM *buf = NULL; - - if (OSSL_ENCODER_CTX_get_num_encoders(ctx) != 0 - && out != NULL - && OSSL_ENCODER_to_bio(ctx, out) - && BIO_get_mem_ptr(out, &buf) > 0) { - ret = buf->length; - - if (pp != NULL) { - if (*pp == NULL) { - *pp = (unsigned char *)buf->data; - buf->length = 0; - buf->data = NULL; - } else { - memcpy(*pp, buf->data, ret); - *pp += ret; - } - } - } - BIO_free(out); - OSSL_ENCODER_CTX_free(ctx); - } - - return ret; -} - -/* - * The following are equivalents but which return RSA and DSA keys - */ -RSA *d2i_RSA_PUBKEY(RSA **a, const unsigned char **pp, long length) -{ - EVP_PKEY *pkey; - RSA *key = NULL; - const unsigned char *q; - - q = *pp; - pkey = ossl_d2i_PUBKEY_legacy(NULL, &q, length); - if (pkey == NULL) - return NULL; - key = EVP_PKEY_get1_RSA(pkey); - EVP_PKEY_free(pkey); - if (key == NULL) - return NULL; - *pp = q; - if (a != NULL) { - RSA_free(*a); - *a = key; - } - return key; -} - -int i2d_RSA_PUBKEY(const RSA *a, unsigned char **pp) -{ - EVP_PKEY *pktmp; - int ret; - if (!a) - return 0; - pktmp = EVP_PKEY_new(); - if (pktmp == NULL) { - ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); - return -1; - } - (void)EVP_PKEY_assign_RSA(pktmp, (RSA *)a); - ret = i2d_PUBKEY(pktmp, pp); - pktmp->pkey.ptr = NULL; - EVP_PKEY_free(pktmp); - return ret; -} - -#ifndef OPENSSL_NO_DH -DH *ossl_d2i_DH_PUBKEY(DH **a, const unsigned char **pp, long length) -{ - EVP_PKEY *pkey; - DH *key = NULL; - const unsigned char *q; - - q = *pp; - pkey = ossl_d2i_PUBKEY_legacy(NULL, &q, length); - if (pkey == NULL) - return NULL; - if (EVP_PKEY_get_id(pkey) == EVP_PKEY_DH) - key = EVP_PKEY_get1_DH(pkey); - EVP_PKEY_free(pkey); - if (key == NULL) - return NULL; - *pp = q; - if (a != NULL) { - DH_free(*a); - *a = key; - } - return key; -} - -int ossl_i2d_DH_PUBKEY(const DH *a, unsigned char **pp) -{ - EVP_PKEY *pktmp; - int ret; - if (!a) - return 0; - pktmp = EVP_PKEY_new(); - if (pktmp == NULL) { - ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); - return -1; - } - (void)EVP_PKEY_assign_DH(pktmp, (DH *)a); - ret = i2d_PUBKEY(pktmp, pp); - pktmp->pkey.ptr = NULL; - EVP_PKEY_free(pktmp); - return ret; -} - -DH *ossl_d2i_DHx_PUBKEY(DH **a, const unsigned char **pp, long length) -{ - EVP_PKEY *pkey; - DH *key = NULL; - const unsigned char *q; - - q = *pp; - pkey = ossl_d2i_PUBKEY_legacy(NULL, &q, length); - if (pkey == NULL) - return NULL; - if (EVP_PKEY_get_id(pkey) == EVP_PKEY_DHX) - key = EVP_PKEY_get1_DH(pkey); - EVP_PKEY_free(pkey); - if (key == NULL) - return NULL; - *pp = q; - if (a != NULL) { - DH_free(*a); - *a = key; - } - return key; -} - -int ossl_i2d_DHx_PUBKEY(const DH *a, unsigned char **pp) -{ - EVP_PKEY *pktmp; - int ret; - if (!a) - return 0; - pktmp = EVP_PKEY_new(); - if (pktmp == NULL) { - ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); - return -1; - } - (void)EVP_PKEY_assign(pktmp, EVP_PKEY_DHX, (DH *)a); - ret = i2d_PUBKEY(pktmp, pp); - pktmp->pkey.ptr = NULL; - EVP_PKEY_free(pktmp); - return ret; -} -#endif - -#ifndef OPENSSL_NO_DSA -DSA *d2i_DSA_PUBKEY(DSA **a, const unsigned char **pp, long length) -{ - EVP_PKEY *pkey; - DSA *key = NULL; - const unsigned char *q; - - q = *pp; - pkey = ossl_d2i_PUBKEY_legacy(NULL, &q, length); - if (pkey == NULL) - return NULL; - key = EVP_PKEY_get1_DSA(pkey); - EVP_PKEY_free(pkey); - if (key == NULL) - return NULL; - *pp = q; - if (a != NULL) { - DSA_free(*a); - *a = key; - } - return key; -} - -int i2d_DSA_PUBKEY(const DSA *a, unsigned char **pp) -{ - EVP_PKEY *pktmp; - int ret; - if (!a) - return 0; - pktmp = EVP_PKEY_new(); - if (pktmp == NULL) { - ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); - return -1; - } - (void)EVP_PKEY_assign_DSA(pktmp, (DSA *)a); - ret = i2d_PUBKEY(pktmp, pp); - pktmp->pkey.ptr = NULL; - EVP_PKEY_free(pktmp); - return ret; -} -#endif - -#ifndef OPENSSL_NO_EC -EC_KEY *d2i_EC_PUBKEY(EC_KEY **a, const unsigned char **pp, long length) -{ - EVP_PKEY *pkey; - EC_KEY *key = NULL; - const unsigned char *q; - int type; - - q = *pp; - pkey = ossl_d2i_PUBKEY_legacy(NULL, &q, length); - if (pkey == NULL) - return NULL; - type = EVP_PKEY_get_id(pkey); - if (type == EVP_PKEY_EC || type == EVP_PKEY_SM2) - key = EVP_PKEY_get1_EC_KEY(pkey); - EVP_PKEY_free(pkey); - if (key == NULL) - return NULL; - *pp = q; - if (a != NULL) { - EC_KEY_free(*a); - *a = key; - } - return key; -} - -int i2d_EC_PUBKEY(const EC_KEY *a, unsigned char **pp) -{ - EVP_PKEY *pktmp; - int ret; - - if (a == NULL) - return 0; - if ((pktmp = EVP_PKEY_new()) == NULL) { - ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); - return -1; - } - (void)EVP_PKEY_assign_EC_KEY(pktmp, (EC_KEY *)a); - ret = i2d_PUBKEY(pktmp, pp); - pktmp->pkey.ptr = NULL; - EVP_PKEY_free(pktmp); - return ret; -} - -ECX_KEY *ossl_d2i_ED25519_PUBKEY(ECX_KEY **a, - const unsigned char **pp, long length) -{ - EVP_PKEY *pkey; - ECX_KEY *key = NULL; - const unsigned char *q; - - q = *pp; - pkey = ossl_d2i_PUBKEY_legacy(NULL, &q, length); - if (pkey == NULL) - return NULL; - key = ossl_evp_pkey_get1_ED25519(pkey); - EVP_PKEY_free(pkey); - if (key == NULL) - return NULL; - *pp = q; - if (a != NULL) { - ossl_ecx_key_free(*a); - *a = key; - } - return key; -} - -int ossl_i2d_ED25519_PUBKEY(const ECX_KEY *a, unsigned char **pp) -{ - EVP_PKEY *pktmp; - int ret; - - if (a == NULL) - return 0; - if ((pktmp = EVP_PKEY_new()) == NULL) { - ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); - return -1; - } - (void)EVP_PKEY_assign(pktmp, EVP_PKEY_ED25519, (ECX_KEY *)a); - ret = i2d_PUBKEY(pktmp, pp); - pktmp->pkey.ptr = NULL; - EVP_PKEY_free(pktmp); - return ret; -} - -ECX_KEY *ossl_d2i_ED448_PUBKEY(ECX_KEY **a, - const unsigned char **pp, long length) -{ - EVP_PKEY *pkey; - ECX_KEY *key = NULL; - const unsigned char *q; - - q = *pp; - pkey = ossl_d2i_PUBKEY_legacy(NULL, &q, length); - if (pkey == NULL) - return NULL; - if (EVP_PKEY_get_id(pkey) == EVP_PKEY_ED448) - key = ossl_evp_pkey_get1_ED448(pkey); - EVP_PKEY_free(pkey); - if (key == NULL) - return NULL; - *pp = q; - if (a != NULL) { - ossl_ecx_key_free(*a); - *a = key; - } - return key; -} - -int ossl_i2d_ED448_PUBKEY(const ECX_KEY *a, unsigned char **pp) -{ - EVP_PKEY *pktmp; - int ret; - - if (a == NULL) - return 0; - if ((pktmp = EVP_PKEY_new()) == NULL) { - ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); - return -1; - } - (void)EVP_PKEY_assign(pktmp, EVP_PKEY_ED448, (ECX_KEY *)a); - ret = i2d_PUBKEY(pktmp, pp); - pktmp->pkey.ptr = NULL; - EVP_PKEY_free(pktmp); - return ret; -} - -ECX_KEY *ossl_d2i_X25519_PUBKEY(ECX_KEY **a, - const unsigned char **pp, long length) -{ - EVP_PKEY *pkey; - ECX_KEY *key = NULL; - const unsigned char *q; - - q = *pp; - pkey = ossl_d2i_PUBKEY_legacy(NULL, &q, length); - if (pkey == NULL) - return NULL; - if (EVP_PKEY_get_id(pkey) == EVP_PKEY_X25519) - key = ossl_evp_pkey_get1_X25519(pkey); - EVP_PKEY_free(pkey); - if (key == NULL) - return NULL; - *pp = q; - if (a != NULL) { - ossl_ecx_key_free(*a); - *a = key; - } - return key; -} - -int ossl_i2d_X25519_PUBKEY(const ECX_KEY *a, unsigned char **pp) -{ - EVP_PKEY *pktmp; - int ret; - - if (a == NULL) - return 0; - if ((pktmp = EVP_PKEY_new()) == NULL) { - ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); - return -1; - } - (void)EVP_PKEY_assign(pktmp, EVP_PKEY_X25519, (ECX_KEY *)a); - ret = i2d_PUBKEY(pktmp, pp); - pktmp->pkey.ptr = NULL; - EVP_PKEY_free(pktmp); - return ret; -} - -ECX_KEY *ossl_d2i_X448_PUBKEY(ECX_KEY **a, - const unsigned char **pp, long length) -{ - EVP_PKEY *pkey; - ECX_KEY *key = NULL; - const unsigned char *q; - - q = *pp; - pkey = ossl_d2i_PUBKEY_legacy(NULL, &q, length); - if (pkey == NULL) - return NULL; - if (EVP_PKEY_get_id(pkey) == EVP_PKEY_X448) - key = ossl_evp_pkey_get1_X448(pkey); - EVP_PKEY_free(pkey); - if (key == NULL) - return NULL; - *pp = q; - if (a != NULL) { - ossl_ecx_key_free(*a); - *a = key; - } - return key; -} - -int ossl_i2d_X448_PUBKEY(const ECX_KEY *a, unsigned char **pp) -{ - EVP_PKEY *pktmp; - int ret; - - if (a == NULL) - return 0; - if ((pktmp = EVP_PKEY_new()) == NULL) { - ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); - return -1; - } - (void)EVP_PKEY_assign(pktmp, EVP_PKEY_X448, (ECX_KEY *)a); - ret = i2d_PUBKEY(pktmp, pp); - pktmp->pkey.ptr = NULL; - EVP_PKEY_free(pktmp); - return ret; -} - -#endif - -int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj, - int ptype, void *pval, - unsigned char *penc, int penclen) -{ - if (!X509_ALGOR_set0(pub->algor, aobj, ptype, pval)) - return 0; - if (penc) { - OPENSSL_free(pub->public_key->data); - pub->public_key->data = penc; - pub->public_key->length = penclen; - /* Set number of unused bits to zero */ - pub->public_key->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); - pub->public_key->flags |= ASN1_STRING_FLAG_BITS_LEFT; - } - return 1; -} - -int X509_PUBKEY_get0_param(ASN1_OBJECT **ppkalg, - const unsigned char **pk, int *ppklen, - X509_ALGOR **pa, const X509_PUBKEY *pub) -{ - if (ppkalg) - *ppkalg = pub->algor->algorithm; - if (pk) { - *pk = pub->public_key->data; - *ppklen = pub->public_key->length; - } - if (pa) - *pa = pub->algor; - return 1; -} - -ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x) -{ - if (x == NULL) - return NULL; - return x->cert_info.key->public_key; -} - -/* Returns 1 for equal, 0, for non-equal, < 0 on error */ -int X509_PUBKEY_eq(const X509_PUBKEY *a, const X509_PUBKEY *b) -{ - X509_ALGOR *algA, *algB; - EVP_PKEY *pA, *pB; - - if (a == b) - return 1; - if (a == NULL || b == NULL) - return 0; - if (!X509_PUBKEY_get0_param(NULL, NULL, NULL, &algA, a) || algA == NULL - || !X509_PUBKEY_get0_param(NULL, NULL, NULL, &algB, b) || algB == NULL) - return -2; - if (X509_ALGOR_cmp(algA, algB) != 0) - return 0; - if ((pA = X509_PUBKEY_get0(a)) == NULL - || (pB = X509_PUBKEY_get0(b)) == NULL) - return -2; - return EVP_PKEY_eq(pA, pB); -} - -int ossl_x509_PUBKEY_get0_libctx(OSSL_LIB_CTX **plibctx, const char **ppropq, - const X509_PUBKEY *key) -{ - if (plibctx) - *plibctx = key->libctx; - if (ppropq) - *ppropq = key->propq; - return 1; -} diff --git a/crypto/x509/x_req.c b/crypto/x509/x_req.c deleted file mode 100644 index 293d4be7133552375c96d38ddba5f66d8850e494..0000000000000000000000000000000000000000 --- a/crypto/x509/x_req.c +++ /dev/null @@ -1,173 +0,0 @@ -/* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/cryptlib.h" -#include -#include -#include "crypto/x509.h" - -/*- - * X509_REQ_INFO is handled in an unusual way to get round - * invalid encodings. Some broken certificate requests don't - * encode the attributes field if it is empty. This is in - * violation of PKCS#10 but we need to tolerate it. We do - * this by making the attributes field OPTIONAL then using - * the callback to initialise it to an empty STACK. - * - * This means that the field will be correctly encoded unless - * we NULL out the field. - * - * As a result we no longer need the req_kludge field because - * the information is now contained in the attributes field: - * 1. If it is NULL then it's the invalid omission. - * 2. If it is empty it is the correct encoding. - * 3. If it is not empty then some attributes are present. - * - */ - -static int rinf_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, - void *exarg) -{ - X509_REQ_INFO *rinf = (X509_REQ_INFO *)*pval; - - if (operation == ASN1_OP_NEW_POST) { - rinf->attributes = sk_X509_ATTRIBUTE_new_null(); - if (!rinf->attributes) - return 0; - } - return 1; -} - -static int req_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, - void *exarg) -{ - X509_REQ *ret = (X509_REQ *)*pval; - - switch (operation) { - case ASN1_OP_D2I_PRE: - ASN1_OCTET_STRING_free(ret->distinguishing_id); - /* fall thru */ - case ASN1_OP_NEW_POST: - ret->distinguishing_id = NULL; - break; - - case ASN1_OP_FREE_POST: - ASN1_OCTET_STRING_free(ret->distinguishing_id); - OPENSSL_free(ret->propq); - break; - case ASN1_OP_DUP_POST: - { - X509_REQ *old = exarg; - - if (!ossl_x509_req_set0_libctx(ret, old->libctx, old->propq)) - return 0; - if (old->req_info.pubkey != NULL) { - EVP_PKEY *pkey = X509_PUBKEY_get0(old->req_info.pubkey); - - if (pkey != NULL) { - pkey = EVP_PKEY_dup(pkey); - if (pkey == NULL) { - ERR_raise(ERR_LIB_X509, ERR_R_MALLOC_FAILURE); - return 0; - } - if (!X509_PUBKEY_set(&ret->req_info.pubkey, pkey)) { - EVP_PKEY_free(pkey); - ERR_raise(ERR_LIB_X509, ERR_R_INTERNAL_ERROR); - return 0; - } - EVP_PKEY_free(pkey); - } - } - } - break; - case ASN1_OP_GET0_LIBCTX: - { - OSSL_LIB_CTX **libctx = exarg; - - *libctx = ret->libctx; - } - break; - case ASN1_OP_GET0_PROPQ: - { - const char **propq = exarg; - - *propq = ret->propq; - } - break; - } - - return 1; -} - -ASN1_SEQUENCE_enc(X509_REQ_INFO, enc, rinf_cb) = { - ASN1_SIMPLE(X509_REQ_INFO, version, ASN1_INTEGER), - ASN1_SIMPLE(X509_REQ_INFO, subject, X509_NAME), - ASN1_SIMPLE(X509_REQ_INFO, pubkey, X509_PUBKEY), - /* This isn't really OPTIONAL but it gets round invalid - * encodings - */ - ASN1_IMP_SET_OF_OPT(X509_REQ_INFO, attributes, X509_ATTRIBUTE, 0) -} ASN1_SEQUENCE_END_enc(X509_REQ_INFO, X509_REQ_INFO) - -IMPLEMENT_ASN1_FUNCTIONS(X509_REQ_INFO) - -ASN1_SEQUENCE_ref(X509_REQ, req_cb) = { - ASN1_EMBED(X509_REQ, req_info, X509_REQ_INFO), - ASN1_EMBED(X509_REQ, sig_alg, X509_ALGOR), - ASN1_SIMPLE(X509_REQ, signature, ASN1_BIT_STRING) -} ASN1_SEQUENCE_END_ref(X509_REQ, X509_REQ) - -IMPLEMENT_ASN1_FUNCTIONS(X509_REQ) - -IMPLEMENT_ASN1_DUP_FUNCTION(X509_REQ) - -void X509_REQ_set0_distinguishing_id(X509_REQ *x, ASN1_OCTET_STRING *d_id) -{ - ASN1_OCTET_STRING_free(x->distinguishing_id); - x->distinguishing_id = d_id; -} - -ASN1_OCTET_STRING *X509_REQ_get0_distinguishing_id(X509_REQ *x) -{ - return x->distinguishing_id; -} - -/* - * This should only be used if the X509_REQ object was embedded inside another - * asn1 object and it needs a libctx to operate. - * Use X509_REQ_new_ex() instead if possible. - */ -int ossl_x509_req_set0_libctx(X509_REQ *x, OSSL_LIB_CTX *libctx, - const char *propq) -{ - if (x != NULL) { - x->libctx = libctx; - OPENSSL_free(x->propq); - x->propq = NULL; - if (propq != NULL) { - x->propq = OPENSSL_strdup(propq); - if (x->propq == NULL) - return 0; - } - } - return 1; -} - -X509_REQ *X509_REQ_new_ex(OSSL_LIB_CTX *libctx, const char *propq) -{ - X509_REQ *req = NULL; - - req = (X509_REQ *)ASN1_item_new((X509_REQ_it())); - if (!ossl_x509_req_set0_libctx(req, libctx, propq)) { - X509_REQ_free(req); - req = NULL; - } - return req; -} diff --git a/crypto/x509/x_x509.c b/crypto/x509/x_x509.c deleted file mode 100644 index 010578b19a31107eba01954ada995d1a785f8a94..0000000000000000000000000000000000000000 --- a/crypto/x509/x_x509.c +++ /dev/null @@ -1,318 +0,0 @@ -/* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/cryptlib.h" -#include -#include -#include -#include -#include "crypto/x509.h" - -ASN1_SEQUENCE_enc(X509_CINF, enc, 0) = { - ASN1_EXP_OPT(X509_CINF, version, ASN1_INTEGER, 0), - ASN1_EMBED(X509_CINF, serialNumber, ASN1_INTEGER), - ASN1_EMBED(X509_CINF, signature, X509_ALGOR), - ASN1_SIMPLE(X509_CINF, issuer, X509_NAME), - ASN1_EMBED(X509_CINF, validity, X509_VAL), - ASN1_SIMPLE(X509_CINF, subject, X509_NAME), - ASN1_SIMPLE(X509_CINF, key, X509_PUBKEY), - ASN1_IMP_OPT(X509_CINF, issuerUID, ASN1_BIT_STRING, 1), - ASN1_IMP_OPT(X509_CINF, subjectUID, ASN1_BIT_STRING, 2), - ASN1_EXP_SEQUENCE_OF_OPT(X509_CINF, extensions, X509_EXTENSION, 3) -} ASN1_SEQUENCE_END_enc(X509_CINF, X509_CINF) - -IMPLEMENT_ASN1_FUNCTIONS(X509_CINF) -/* X509 top level structure needs a bit of customisation */ - -extern void ossl_policy_cache_free(X509_POLICY_CACHE *cache); - -static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, - void *exarg) -{ - X509 *ret = (X509 *)*pval; - - switch (operation) { - - case ASN1_OP_D2I_PRE: - CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509, ret, &ret->ex_data); - X509_CERT_AUX_free(ret->aux); - ASN1_OCTET_STRING_free(ret->skid); - AUTHORITY_KEYID_free(ret->akid); - CRL_DIST_POINTS_free(ret->crldp); - ossl_policy_cache_free(ret->policy_cache); - GENERAL_NAMES_free(ret->altname); - NAME_CONSTRAINTS_free(ret->nc); -#ifndef OPENSSL_NO_RFC3779 - sk_IPAddressFamily_pop_free(ret->rfc3779_addr, IPAddressFamily_free); - ASIdentifiers_free(ret->rfc3779_asid); -#endif - ASN1_OCTET_STRING_free(ret->distinguishing_id); - - /* fall thru */ - - case ASN1_OP_NEW_POST: - ret->ex_cached = 0; - ret->ex_kusage = 0; - ret->ex_xkusage = 0; - ret->ex_nscert = 0; - ret->ex_flags = 0; - ret->ex_pathlen = -1; - ret->ex_pcpathlen = -1; - ret->skid = NULL; - ret->akid = NULL; - ret->policy_cache = NULL; - ret->altname = NULL; - ret->nc = NULL; -#ifndef OPENSSL_NO_RFC3779 - ret->rfc3779_addr = NULL; - ret->rfc3779_asid = NULL; -#endif - ret->distinguishing_id = NULL; - ret->aux = NULL; - ret->crldp = NULL; - if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509, ret, &ret->ex_data)) - return 0; - break; - - case ASN1_OP_FREE_POST: - CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509, ret, &ret->ex_data); - X509_CERT_AUX_free(ret->aux); - ASN1_OCTET_STRING_free(ret->skid); - AUTHORITY_KEYID_free(ret->akid); - CRL_DIST_POINTS_free(ret->crldp); - ossl_policy_cache_free(ret->policy_cache); - GENERAL_NAMES_free(ret->altname); - NAME_CONSTRAINTS_free(ret->nc); -#ifndef OPENSSL_NO_RFC3779 - sk_IPAddressFamily_pop_free(ret->rfc3779_addr, IPAddressFamily_free); - ASIdentifiers_free(ret->rfc3779_asid); -#endif - ASN1_OCTET_STRING_free(ret->distinguishing_id); - OPENSSL_free(ret->propq); - break; - - case ASN1_OP_DUP_POST: - { - X509 *old = exarg; - - if (!ossl_x509_set0_libctx(ret, old->libctx, old->propq)) - return 0; - } - break; - case ASN1_OP_GET0_LIBCTX: - { - OSSL_LIB_CTX **libctx = exarg; - - *libctx = ret->libctx; - } - break; - - case ASN1_OP_GET0_PROPQ: - { - const char **propq = exarg; - - *propq = ret->propq; - } - break; - - default: - break; - } - - return 1; -} - -ASN1_SEQUENCE_ref(X509, x509_cb) = { - ASN1_EMBED(X509, cert_info, X509_CINF), - ASN1_EMBED(X509, sig_alg, X509_ALGOR), - ASN1_EMBED(X509, signature, ASN1_BIT_STRING) -} ASN1_SEQUENCE_END_ref(X509, X509) - -IMPLEMENT_ASN1_FUNCTIONS(X509) -IMPLEMENT_ASN1_DUP_FUNCTION(X509) - -/* - * This should only be used if the X509 object was embedded inside another - * asn1 object and it needs a libctx to operate. - * Use X509_new_ex() instead if possible. - */ -int ossl_x509_set0_libctx(X509 *x, OSSL_LIB_CTX *libctx, const char *propq) -{ - if (x != NULL) { - x->libctx = libctx; - OPENSSL_free(x->propq); - x->propq = NULL; - if (propq != NULL) { - x->propq = OPENSSL_strdup(propq); - if (x->propq == NULL) - return 0; - } - } - return 1; -} - -X509 *X509_new_ex(OSSL_LIB_CTX *libctx, const char *propq) -{ - X509 *cert = NULL; - - cert = (X509 *)ASN1_item_new_ex(X509_it(), libctx, propq); - if (!ossl_x509_set0_libctx(cert, libctx, propq)) { - X509_free(cert); - cert = NULL; - } - return cert; -} - -int X509_set_ex_data(X509 *r, int idx, void *arg) -{ - return CRYPTO_set_ex_data(&r->ex_data, idx, arg); -} - -void *X509_get_ex_data(const X509 *r, int idx) -{ - return CRYPTO_get_ex_data(&r->ex_data, idx); -} - -/* - * X509_AUX ASN1 routines. X509_AUX is the name given to a certificate with - * extra info tagged on the end. Since these functions set how a certificate - * is trusted they should only be used when the certificate comes from a - * reliable source such as local storage. - */ - -X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, long length) -{ - const unsigned char *q; - X509 *ret; - int freeret = 0; - - /* Save start position */ - q = *pp; - - if (a == NULL || *a == NULL) - freeret = 1; - ret = d2i_X509(a, &q, length); - /* If certificate unreadable then forget it */ - if (ret == NULL) - return NULL; - /* update length */ - length -= q - *pp; - if (length > 0 && !d2i_X509_CERT_AUX(&ret->aux, &q, length)) - goto err; - *pp = q; - return ret; - err: - if (freeret) { - X509_free(ret); - if (a) - *a = NULL; - } - return NULL; -} - -/* - * Serialize trusted certificate to *pp or just return the required buffer - * length if pp == NULL. We ultimately want to avoid modifying *pp in the - * error path, but that depends on similar hygiene in lower-level functions. - * Here we avoid compounding the problem. - */ -static int i2d_x509_aux_internal(const X509 *a, unsigned char **pp) -{ - int length, tmplen; - unsigned char *start = pp != NULL ? *pp : NULL; - - /* - * This might perturb *pp on error, but fixing that belongs in i2d_X509() - * not here. It should be that if a == NULL length is zero, but we check - * both just in case. - */ - length = i2d_X509(a, pp); - if (length <= 0 || a == NULL) - return length; - - tmplen = i2d_X509_CERT_AUX(a->aux, pp); - if (tmplen < 0) { - if (start != NULL) - *pp = start; - return tmplen; - } - length += tmplen; - - return length; -} - -/* - * Serialize trusted certificate to *pp, or just return the required buffer - * length if pp == NULL. - * - * When pp is not NULL, but *pp == NULL, we allocate the buffer, but since - * we're writing two ASN.1 objects back to back, we can't have i2d_X509() do - * the allocation, nor can we allow i2d_X509_CERT_AUX() to increment the - * allocated buffer. - */ -int i2d_X509_AUX(const X509 *a, unsigned char **pp) -{ - int length; - unsigned char *tmp; - - /* Buffer provided by caller */ - if (pp == NULL || *pp != NULL) - return i2d_x509_aux_internal(a, pp); - - /* Obtain the combined length */ - if ((length = i2d_x509_aux_internal(a, NULL)) <= 0) - return length; - - /* Allocate requisite combined storage */ - *pp = tmp = OPENSSL_malloc(length); - if (tmp == NULL) { - ERR_raise(ERR_LIB_X509, ERR_R_MALLOC_FAILURE); - return -1; - } - - /* Encode, but keep *pp at the originally malloced pointer */ - length = i2d_x509_aux_internal(a, &tmp); - if (length <= 0) { - OPENSSL_free(*pp); - *pp = NULL; - } - return length; -} - -int i2d_re_X509_tbs(X509 *x, unsigned char **pp) -{ - x->cert_info.enc.modified = 1; - return i2d_X509_CINF(&x->cert_info, pp); -} - -void X509_get0_signature(const ASN1_BIT_STRING **psig, - const X509_ALGOR **palg, const X509 *x) -{ - if (psig) - *psig = &x->signature; - if (palg) - *palg = &x->sig_alg; -} - -int X509_get_signature_nid(const X509 *x) -{ - return OBJ_obj2nid(x->sig_alg.algorithm); -} - -void X509_set0_distinguishing_id(X509 *x, ASN1_OCTET_STRING *d_id) -{ - ASN1_OCTET_STRING_free(x->distinguishing_id); - x->distinguishing_id = d_id; -} - -ASN1_OCTET_STRING *X509_get0_distinguishing_id(X509 *x) -{ - return x->distinguishing_id; -} diff --git a/crypto/x509/x_x509a.c b/crypto/x509/x_x509a.c deleted file mode 100644 index f7953c269e7cf6eb245b19de8498ec0eab1ede5f..0000000000000000000000000000000000000000 --- a/crypto/x509/x_x509a.c +++ /dev/null @@ -1,174 +0,0 @@ -/* - * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include "internal/cryptlib.h" -#include -#include -#include -#include "crypto/x509.h" - -/* - * X509_CERT_AUX routines. These are used to encode additional user - * modifiable data about a certificate. This data is appended to the X509 - * encoding when the *_X509_AUX routines are used. This means that the - * "traditional" X509 routines will simply ignore the extra data. - */ - -static X509_CERT_AUX *aux_get(X509 *x); - -ASN1_SEQUENCE(X509_CERT_AUX) = { - ASN1_SEQUENCE_OF_OPT(X509_CERT_AUX, trust, ASN1_OBJECT), - ASN1_IMP_SEQUENCE_OF_OPT(X509_CERT_AUX, reject, ASN1_OBJECT, 0), - ASN1_OPT(X509_CERT_AUX, alias, ASN1_UTF8STRING), - ASN1_OPT(X509_CERT_AUX, keyid, ASN1_OCTET_STRING), - ASN1_IMP_SEQUENCE_OF_OPT(X509_CERT_AUX, other, X509_ALGOR, 1) -} ASN1_SEQUENCE_END(X509_CERT_AUX) - -IMPLEMENT_ASN1_FUNCTIONS(X509_CERT_AUX) - -int X509_trusted(const X509 *x) -{ - return x->aux ? 1 : 0; -} - -static X509_CERT_AUX *aux_get(X509 *x) -{ - if (x == NULL) - return NULL; - if (x->aux == NULL && (x->aux = X509_CERT_AUX_new()) == NULL) - return NULL; - return x->aux; -} - -int X509_alias_set1(X509 *x, const unsigned char *name, int len) -{ - X509_CERT_AUX *aux; - if (!name) { - if (!x || !x->aux || !x->aux->alias) - return 1; - ASN1_UTF8STRING_free(x->aux->alias); - x->aux->alias = NULL; - return 1; - } - if ((aux = aux_get(x)) == NULL) - return 0; - if (aux->alias == NULL && (aux->alias = ASN1_UTF8STRING_new()) == NULL) - return 0; - return ASN1_STRING_set(aux->alias, name, len); -} - -int X509_keyid_set1(X509 *x, const unsigned char *id, int len) -{ - X509_CERT_AUX *aux; - if (!id) { - if (!x || !x->aux || !x->aux->keyid) - return 1; - ASN1_OCTET_STRING_free(x->aux->keyid); - x->aux->keyid = NULL; - return 1; - } - if ((aux = aux_get(x)) == NULL) - return 0; - if (aux->keyid == NULL - && (aux->keyid = ASN1_OCTET_STRING_new()) == NULL) - return 0; - return ASN1_STRING_set(aux->keyid, id, len); -} - -unsigned char *X509_alias_get0(X509 *x, int *len) -{ - if (!x->aux || !x->aux->alias) - return NULL; - if (len) - *len = x->aux->alias->length; - return x->aux->alias->data; -} - -unsigned char *X509_keyid_get0(X509 *x, int *len) -{ - if (!x->aux || !x->aux->keyid) - return NULL; - if (len) - *len = x->aux->keyid->length; - return x->aux->keyid->data; -} - -int X509_add1_trust_object(X509 *x, const ASN1_OBJECT *obj) -{ - X509_CERT_AUX *aux; - ASN1_OBJECT *objtmp = NULL; - if (obj) { - objtmp = OBJ_dup(obj); - if (!objtmp) - return 0; - } - if ((aux = aux_get(x)) == NULL) - goto err; - if (aux->trust == NULL - && (aux->trust = sk_ASN1_OBJECT_new_null()) == NULL) - goto err; - if (!objtmp || sk_ASN1_OBJECT_push(aux->trust, objtmp)) - return 1; - err: - ASN1_OBJECT_free(objtmp); - return 0; -} - -int X509_add1_reject_object(X509 *x, const ASN1_OBJECT *obj) -{ - X509_CERT_AUX *aux; - ASN1_OBJECT *objtmp; - int res = 0; - - if ((objtmp = OBJ_dup(obj)) == NULL) - return 0; - if ((aux = aux_get(x)) == NULL) - goto err; - if (aux->reject == NULL - && (aux->reject = sk_ASN1_OBJECT_new_null()) == NULL) - goto err; - if (sk_ASN1_OBJECT_push(aux->reject, objtmp) > 0) - res = 1; - - err: - if (!res) - ASN1_OBJECT_free(objtmp); - return res; -} - -void X509_trust_clear(X509 *x) -{ - if (x->aux) { - sk_ASN1_OBJECT_pop_free(x->aux->trust, ASN1_OBJECT_free); - x->aux->trust = NULL; - } -} - -void X509_reject_clear(X509 *x) -{ - if (x->aux) { - sk_ASN1_OBJECT_pop_free(x->aux->reject, ASN1_OBJECT_free); - x->aux->reject = NULL; - } -} - -STACK_OF(ASN1_OBJECT) *X509_get0_trust_objects(X509 *x) -{ - if (x->aux != NULL) - return x->aux->trust; - return NULL; -} - -STACK_OF(ASN1_OBJECT) *X509_get0_reject_objects(X509 *x) -{ - if (x->aux != NULL) - return x->aux->reject; - return NULL; -} diff --git a/crypto/x86_64cpuid.pl b/crypto/x86_64cpuid.pl deleted file mode 100644 index 53685ec26390d2a7393c142df03419ae5f2a5c8a..0000000000000000000000000000000000000000 --- a/crypto/x86_64cpuid.pl +++ /dev/null @@ -1,522 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2005-2021 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - - -# $output is the last argument if it looks like a file (it has an extension) -# $flavour is the first argument if it doesn't look like a file -$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; -$flavour = $#ARGV >= 0 && $ARGV[0] !~ m|\.| ? shift : undef; - -$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/); - -$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; -( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or -( $xlate="${dir}perlasm/x86_64-xlate.pl" and -f $xlate) or -die "can't locate x86_64-xlate.pl"; - -open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"" - or die "can't call $xlate: $!"; -*STDOUT=*OUT; - -($arg1,$arg2,$arg3,$arg4)=$win64?("%rcx","%rdx","%r8", "%r9") : # Win64 order - ("%rdi","%rsi","%rdx","%rcx"); # Unix order - -print<<___; -.extern OPENSSL_cpuid_setup -.hidden OPENSSL_cpuid_setup -.section .init - call OPENSSL_cpuid_setup - -.hidden OPENSSL_ia32cap_P -.comm OPENSSL_ia32cap_P,16,4 - -.text - -.globl OPENSSL_atomic_add -.type OPENSSL_atomic_add,\@abi-omnipotent -.align 16 -OPENSSL_atomic_add: -.cfi_startproc - endbranch - movl ($arg1),%eax -.Lspin: leaq ($arg2,%rax),%r8 - .byte 0xf0 # lock - cmpxchgl %r8d,($arg1) - jne .Lspin - movl %r8d,%eax - .byte 0x48,0x98 # cltq/cdqe - ret -.cfi_endproc -.size OPENSSL_atomic_add,.-OPENSSL_atomic_add - -.globl OPENSSL_rdtsc -.type OPENSSL_rdtsc,\@abi-omnipotent -.align 16 -OPENSSL_rdtsc: -.cfi_startproc - endbranch - rdtsc - shl \$32,%rdx - or %rdx,%rax - ret -.cfi_endproc -.size OPENSSL_rdtsc,.-OPENSSL_rdtsc - -.globl OPENSSL_ia32_cpuid -.type OPENSSL_ia32_cpuid,\@function,1 -.align 16 -OPENSSL_ia32_cpuid: -.cfi_startproc - endbranch - mov %rbx,%r8 # save %rbx -.cfi_register %rbx,%r8 - - xor %eax,%eax - mov %rax,8(%rdi) # clear extended feature flags - cpuid - mov %eax,%r11d # max value for standard query level - - xor %eax,%eax - cmp \$0x756e6547,%ebx # "Genu" - setne %al - mov %eax,%r9d - cmp \$0x49656e69,%edx # "ineI" - setne %al - or %eax,%r9d - cmp \$0x6c65746e,%ecx # "ntel" - setne %al - or %eax,%r9d # 0 indicates Intel CPU - jz .Lintel - - cmp \$0x68747541,%ebx # "Auth" - setne %al - mov %eax,%r10d - cmp \$0x69746E65,%edx # "enti" - setne %al - or %eax,%r10d - cmp \$0x444D4163,%ecx # "cAMD" - setne %al - or %eax,%r10d # 0 indicates AMD CPU - jnz .Lintel - - # AMD specific - mov \$0x80000000,%eax - cpuid - cmp \$0x80000001,%eax - jb .Lintel - mov %eax,%r10d - mov \$0x80000001,%eax - cpuid - or %ecx,%r9d - and \$0x00000801,%r9d # isolate AMD XOP bit, 1<<11 - - cmp \$0x80000008,%r10d - jb .Lintel - - mov \$0x80000008,%eax - cpuid - movzb %cl,%r10 # number of cores - 1 - inc %r10 # number of cores - - mov \$1,%eax - cpuid - bt \$28,%edx # test hyper-threading bit - jnc .Lgeneric - shr \$16,%ebx # number of logical processors - cmp %r10b,%bl - ja .Lgeneric - and \$0xefffffff,%edx # ~(1<<28) - jmp .Lgeneric - -.Lintel: - cmp \$4,%r11d - mov \$-1,%r10d - jb .Lnocacheinfo - - mov \$4,%eax - mov \$0,%ecx # query L1D - cpuid - mov %eax,%r10d - shr \$14,%r10d - and \$0xfff,%r10d # number of cores -1 per L1D - -.Lnocacheinfo: - mov \$1,%eax - cpuid - movd %eax,%xmm0 # put aside processor id - and \$0xbfefffff,%edx # force reserved bits to 0 - cmp \$0,%r9d - jne .Lnotintel - or \$0x40000000,%edx # set reserved bit#30 on Intel CPUs - and \$15,%ah - cmp \$15,%ah # examine Family ID - jne .LnotP4 - or \$0x00100000,%edx # set reserved bit#20 to engage RC4_CHAR -.LnotP4: - cmp \$6,%ah - jne .Lnotintel - and \$0x0fff0ff0,%eax - cmp \$0x00050670,%eax # Knights Landing - je .Lknights - cmp \$0x00080650,%eax # Knights Mill (according to sde) - jne .Lnotintel -.Lknights: - and \$0xfbffffff,%ecx # clear XSAVE flag to mimic Silvermont - -.Lnotintel: - bt \$28,%edx # test hyper-threading bit - jnc .Lgeneric - and \$0xefffffff,%edx # ~(1<<28) - cmp \$0,%r10d - je .Lgeneric - - or \$0x10000000,%edx # 1<<28 - shr \$16,%ebx - cmp \$1,%bl # see if cache is shared - ja .Lgeneric - and \$0xefffffff,%edx # ~(1<<28) -.Lgeneric: - and \$0x00000800,%r9d # isolate AMD XOP flag - and \$0xfffff7ff,%ecx - or %ecx,%r9d # merge AMD XOP flag - - mov %edx,%r10d # %r9d:%r10d is copy of %ecx:%edx - - cmp \$7,%r11d - jb .Lno_extended_info - mov \$7,%eax - xor %ecx,%ecx - cpuid - bt \$26,%r9d # check XSAVE bit, cleared on Knights - jc .Lnotknights - and \$0xfff7ffff,%ebx # clear ADCX/ADOX flag -.Lnotknights: - movd %xmm0,%eax # restore processor id - and \$0x0fff0ff0,%eax - cmp \$0x00050650,%eax # Skylake-X - jne .Lnotskylakex - and \$0xfffeffff,%ebx # ~(1<<16) - # suppress AVX512F flag on Skylake-X -.Lnotskylakex: - mov %ebx,8(%rdi) # save extended feature flags - mov %ecx,12(%rdi) -.Lno_extended_info: - - bt \$27,%r9d # check OSXSAVE bit - jnc .Lclear_avx - xor %ecx,%ecx # XCR0 - .byte 0x0f,0x01,0xd0 # xgetbv - and \$0xe6,%eax # isolate XMM, YMM and ZMM state support - cmp \$0xe6,%eax - je .Ldone - andl \$0x3fdeffff,8(%rdi) # ~(1<<31|1<<30|1<<21|1<<16) - # clear AVX512F+BW+VL+IFMA, all of - # them are EVEX-encoded, which requires - # ZMM state support even if one uses - # only XMM and YMM :-( - and \$6,%eax # isolate XMM and YMM state support - cmp \$6,%eax - je .Ldone -.Lclear_avx: - mov \$0xefffe7ff,%eax # ~(1<<28|1<<12|1<<11) - and %eax,%r9d # clear AVX, FMA and AMD XOP bits - mov \$0x3fdeffdf,%eax # ~(1<<31|1<<30|1<<21|1<<16|1<<5) - and %eax,8(%rdi) # clear AVX2 and AVX512* bits -.Ldone: - shl \$32,%r9 - mov %r10d,%eax - mov %r8,%rbx # restore %rbx -.cfi_restore %rbx - or %r9,%rax - ret -.cfi_endproc -.size OPENSSL_ia32_cpuid,.-OPENSSL_ia32_cpuid - -.globl OPENSSL_cleanse -.type OPENSSL_cleanse,\@abi-omnipotent -.align 16 -OPENSSL_cleanse: -.cfi_startproc - endbranch - xor %rax,%rax - cmp \$15,$arg2 - jae .Lot - cmp \$0,$arg2 - je .Lret -.Little: - mov %al,($arg1) - sub \$1,$arg2 - lea 1($arg1),$arg1 - jnz .Little -.Lret: - ret -.align 16 -.Lot: - test \$7,$arg1 - jz .Laligned - mov %al,($arg1) - lea -1($arg2),$arg2 - lea 1($arg1),$arg1 - jmp .Lot -.Laligned: - mov %rax,($arg1) - lea -8($arg2),$arg2 - test \$-8,$arg2 - lea 8($arg1),$arg1 - jnz .Laligned - cmp \$0,$arg2 - jne .Little - ret -.cfi_endproc -.size OPENSSL_cleanse,.-OPENSSL_cleanse - -.globl CRYPTO_memcmp -.type CRYPTO_memcmp,\@abi-omnipotent -.align 16 -CRYPTO_memcmp: -.cfi_startproc - endbranch - xor %rax,%rax - xor %r10,%r10 - cmp \$0,$arg3 - je .Lno_data - cmp \$16,$arg3 - jne .Loop_cmp - mov ($arg1),%r10 - mov 8($arg1),%r11 - mov \$1,$arg3 - xor ($arg2),%r10 - xor 8($arg2),%r11 - or %r11,%r10 - cmovnz $arg3,%rax - ret - -.align 16 -.Loop_cmp: - mov ($arg1),%r10b - lea 1($arg1),$arg1 - xor ($arg2),%r10b - lea 1($arg2),$arg2 - or %r10b,%al - dec $arg3 - jnz .Loop_cmp - neg %rax - shr \$63,%rax -.Lno_data: - ret -.cfi_endproc -.size CRYPTO_memcmp,.-CRYPTO_memcmp -___ - -print<<___ if (!$win64); -.globl OPENSSL_wipe_cpu -.type OPENSSL_wipe_cpu,\@abi-omnipotent -.align 16 -OPENSSL_wipe_cpu: -.cfi_startproc - endbranch - pxor %xmm0,%xmm0 - pxor %xmm1,%xmm1 - pxor %xmm2,%xmm2 - pxor %xmm3,%xmm3 - pxor %xmm4,%xmm4 - pxor %xmm5,%xmm5 - pxor %xmm6,%xmm6 - pxor %xmm7,%xmm7 - pxor %xmm8,%xmm8 - pxor %xmm9,%xmm9 - pxor %xmm10,%xmm10 - pxor %xmm11,%xmm11 - pxor %xmm12,%xmm12 - pxor %xmm13,%xmm13 - pxor %xmm14,%xmm14 - pxor %xmm15,%xmm15 - xorq %rcx,%rcx - xorq %rdx,%rdx - xorq %rsi,%rsi - xorq %rdi,%rdi - xorq %r8,%r8 - xorq %r9,%r9 - xorq %r10,%r10 - xorq %r11,%r11 - leaq 8(%rsp),%rax - ret -.cfi_endproc -.size OPENSSL_wipe_cpu,.-OPENSSL_wipe_cpu -___ -print<<___ if ($win64); -.globl OPENSSL_wipe_cpu -.type OPENSSL_wipe_cpu,\@abi-omnipotent -.align 16 -OPENSSL_wipe_cpu: - pxor %xmm0,%xmm0 - pxor %xmm1,%xmm1 - pxor %xmm2,%xmm2 - pxor %xmm3,%xmm3 - pxor %xmm4,%xmm4 - pxor %xmm5,%xmm5 - xorq %rcx,%rcx - xorq %rdx,%rdx - xorq %r8,%r8 - xorq %r9,%r9 - xorq %r10,%r10 - xorq %r11,%r11 - leaq 8(%rsp),%rax - ret -.size OPENSSL_wipe_cpu,.-OPENSSL_wipe_cpu -___ -{ -my $out="%r10"; -my $cnt="%rcx"; -my $max="%r11"; -my $lasttick="%r8d"; -my $lastdiff="%r9d"; -my $redzone=win64?8:-8; - -print<<___; -.globl OPENSSL_instrument_bus -.type OPENSSL_instrument_bus,\@abi-omnipotent -.align 16 -OPENSSL_instrument_bus: -.cfi_startproc - endbranch - mov $arg1,$out # tribute to Win64 - mov $arg2,$cnt - mov $arg2,$max - - rdtsc # collect 1st tick - mov %eax,$lasttick # lasttick = tick - mov \$0,$lastdiff # lastdiff = 0 - clflush ($out) - .byte 0xf0 # lock - add $lastdiff,($out) - jmp .Loop -.align 16 -.Loop: rdtsc - mov %eax,%edx - sub $lasttick,%eax - mov %edx,$lasttick - mov %eax,$lastdiff - clflush ($out) - .byte 0xf0 # lock - add %eax,($out) - lea 4($out),$out - sub \$1,$cnt - jnz .Loop - - mov $max,%rax - ret -.cfi_endproc -.size OPENSSL_instrument_bus,.-OPENSSL_instrument_bus - -.globl OPENSSL_instrument_bus2 -.type OPENSSL_instrument_bus2,\@abi-omnipotent -.align 16 -OPENSSL_instrument_bus2: -.cfi_startproc - endbranch - mov $arg1,$out # tribute to Win64 - mov $arg2,$cnt - mov $arg3,$max - mov $cnt,$redzone(%rsp) - - rdtsc # collect 1st tick - mov %eax,$lasttick # lasttick = tick - mov \$0,$lastdiff # lastdiff = 0 - - clflush ($out) - .byte 0xf0 # lock - add $lastdiff,($out) - - rdtsc # collect 1st diff - mov %eax,%edx - sub $lasttick,%eax # diff - mov %edx,$lasttick # lasttick = tick - mov %eax,$lastdiff # lastdiff = diff -.Loop2: - clflush ($out) - .byte 0xf0 # lock - add %eax,($out) # accumulate diff - - sub \$1,$max - jz .Ldone2 - - rdtsc - mov %eax,%edx - sub $lasttick,%eax # diff - mov %edx,$lasttick # lasttick = tick - cmp $lastdiff,%eax - mov %eax,$lastdiff # lastdiff = diff - mov \$0,%edx - setne %dl - sub %rdx,$cnt # conditional --$cnt - lea ($out,%rdx,4),$out # conditional ++$out - jnz .Loop2 - -.Ldone2: - mov $redzone(%rsp),%rax - sub $cnt,%rax - ret -.cfi_endproc -.size OPENSSL_instrument_bus2,.-OPENSSL_instrument_bus2 -___ -} - -sub gen_random { -my $rdop = shift; -print<<___; -.globl OPENSSL_ia32_${rdop}_bytes -.type OPENSSL_ia32_${rdop}_bytes,\@abi-omnipotent -.align 16 -OPENSSL_ia32_${rdop}_bytes: -.cfi_startproc - endbranch - xor %rax, %rax # return value - cmp \$0,$arg2 - je .Ldone_${rdop}_bytes - - mov \$8,%r11 -.Loop_${rdop}_bytes: - ${rdop} %r10 - jc .Lbreak_${rdop}_bytes - dec %r11 - jnz .Loop_${rdop}_bytes - jmp .Ldone_${rdop}_bytes - -.align 16 -.Lbreak_${rdop}_bytes: - cmp \$8,$arg2 - jb .Ltail_${rdop}_bytes - mov %r10,($arg1) - lea 8($arg1),$arg1 - add \$8,%rax - sub \$8,$arg2 - jz .Ldone_${rdop}_bytes - mov \$8,%r11 - jmp .Loop_${rdop}_bytes - -.align 16 -.Ltail_${rdop}_bytes: - mov %r10b,($arg1) - lea 1($arg1),$arg1 - inc %rax - shr \$8,%r10 - dec $arg2 - jnz .Ltail_${rdop}_bytes - -.Ldone_${rdop}_bytes: - xor %r10,%r10 # Clear sensitive data from register - ret -.cfi_endproc -.size OPENSSL_ia32_${rdop}_bytes,.-OPENSSL_ia32_${rdop}_bytes -___ -} -gen_random("rdrand"); -gen_random("rdseed"); - -close STDOUT or die "error closing STDOUT: $!"; # flush diff --git a/crypto/x86cpuid.pl b/crypto/x86cpuid.pl deleted file mode 100644 index a7bcb27e262d6a2933d4a5fe18fded409afc2fa5..0000000000000000000000000000000000000000 --- a/crypto/x86cpuid.pl +++ /dev/null @@ -1,507 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2004-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - -$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; -push(@INC, "${dir}perlasm", "perlasm"); -require "x86asm.pl"; - -$output = pop and open STDOUT,">$output"; - -&asm_init($ARGV[0]); - -for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); } - -&function_begin("OPENSSL_ia32_cpuid"); - &xor ("edx","edx"); - &pushf (); - &pop ("eax"); - &mov ("ecx","eax"); - &xor ("eax",1<<21); - &push ("eax"); - &popf (); - &pushf (); - &pop ("eax"); - &xor ("ecx","eax"); - &xor ("eax","eax"); - &mov ("esi",&wparam(0)); - &mov (&DWP(8,"esi"),"eax"); # clear extended feature flags - &bt ("ecx",21); - &jnc (&label("nocpuid")); - &cpuid (); - &mov ("edi","eax"); # max value for standard query level - - &xor ("eax","eax"); - &cmp ("ebx",0x756e6547); # "Genu" - &setne (&LB("eax")); - &mov ("ebp","eax"); - &cmp ("edx",0x49656e69); # "ineI" - &setne (&LB("eax")); - &or ("ebp","eax"); - &cmp ("ecx",0x6c65746e); # "ntel" - &setne (&LB("eax")); - &or ("ebp","eax"); # 0 indicates Intel CPU - &jz (&label("intel")); - - &cmp ("ebx",0x68747541); # "Auth" - &setne (&LB("eax")); - &mov ("esi","eax"); - &cmp ("edx",0x69746E65); # "enti" - &setne (&LB("eax")); - &or ("esi","eax"); - &cmp ("ecx",0x444D4163); # "cAMD" - &setne (&LB("eax")); - &or ("esi","eax"); # 0 indicates AMD CPU - &jnz (&label("intel")); - - # AMD specific - &mov ("eax",0x80000000); - &cpuid (); - &cmp ("eax",0x80000001); - &jb (&label("intel")); - &mov ("esi","eax"); - &mov ("eax",0x80000001); - &cpuid (); - &or ("ebp","ecx"); - &and ("ebp",1<<11|1); # isolate XOP bit - &cmp ("esi",0x80000008); - &jb (&label("intel")); - - &mov ("eax",0x80000008); - &cpuid (); - &movz ("esi",&LB("ecx")); # number of cores - 1 - &inc ("esi"); # number of cores - - &mov ("eax",1); - &xor ("ecx","ecx"); - &cpuid (); - &bt ("edx",28); - &jnc (&label("generic")); - &shr ("ebx",16); - &and ("ebx",0xff); - &cmp ("ebx","esi"); - &ja (&label("generic")); - &and ("edx",0xefffffff); # clear hyper-threading bit - &jmp (&label("generic")); - -&set_label("intel"); - &cmp ("edi",4); - &mov ("esi",-1); - &jb (&label("nocacheinfo")); - - &mov ("eax",4); - &mov ("ecx",0); # query L1D - &cpuid (); - &mov ("esi","eax"); - &shr ("esi",14); - &and ("esi",0xfff); # number of cores -1 per L1D - -&set_label("nocacheinfo"); - &mov ("eax",1); - &xor ("ecx","ecx"); - &cpuid (); - &and ("edx",0xbfefffff); # force reserved bits #20, #30 to 0 - &cmp ("ebp",0); - &jne (&label("notintel")); - &or ("edx",1<<30); # set reserved bit#30 on Intel CPUs - &and (&HB("eax"),15); # family ID - &cmp (&HB("eax"),15); # P4? - &jne (&label("notintel")); - &or ("edx",1<<20); # set reserved bit#20 to engage RC4_CHAR -&set_label("notintel"); - &bt ("edx",28); # test hyper-threading bit - &jnc (&label("generic")); - &and ("edx",0xefffffff); - &cmp ("esi",0); - &je (&label("generic")); - - &or ("edx",0x10000000); - &shr ("ebx",16); - &cmp (&LB("ebx"),1); - &ja (&label("generic")); - &and ("edx",0xefffffff); # clear hyper-threading bit if not - -&set_label("generic"); - &and ("ebp",1<<11); # isolate AMD XOP flag - &and ("ecx",0xfffff7ff); # force 11th bit to 0 - &mov ("esi","edx"); # %ebp:%esi is copy of %ecx:%edx - &or ("ebp","ecx"); # merge AMD XOP flag - - &cmp ("edi",7); - &mov ("edi",&wparam(0)); - &jb (&label("no_extended_info")); - &mov ("eax",7); - &xor ("ecx","ecx"); - &cpuid (); - &mov (&DWP(8,"edi"),"ebx"); # save extended feature flag -&set_label("no_extended_info"); - - &bt ("ebp",27); # check OSXSAVE bit - &jnc (&label("clear_avx")); - &xor ("ecx","ecx"); - &data_byte(0x0f,0x01,0xd0); # xgetbv - &and ("eax",6); - &cmp ("eax",6); - &je (&label("done")); - &cmp ("eax",2); - &je (&label("clear_avx")); -&set_label("clear_xmm"); - &and ("ebp",0xfdfffffd); # clear AESNI and PCLMULQDQ bits - &and ("esi",0xfeffffff); # clear FXSR -&set_label("clear_avx"); - &and ("ebp",0xefffe7ff); # clear AVX, FMA and AMD XOP bits - &and (&DWP(8,"edi"),0xffffffdf); # clear AVX2 -&set_label("done"); - &mov ("eax","esi"); - &mov ("edx","ebp"); -&set_label("nocpuid"); -&function_end("OPENSSL_ia32_cpuid"); - -&external_label("OPENSSL_ia32cap_P"); - -&function_begin_B("OPENSSL_rdtsc","EXTRN\t_OPENSSL_ia32cap_P:DWORD"); - &xor ("eax","eax"); - &xor ("edx","edx"); - &picmeup("ecx","OPENSSL_ia32cap_P"); - &bt (&DWP(0,"ecx"),4); - &jnc (&label("notsc")); - &rdtsc (); -&set_label("notsc"); - &ret (); -&function_end_B("OPENSSL_rdtsc"); - -# This works in Ring 0 only [read DJGPP+MS-DOS+privileged DPMI host], -# but it's safe to call it on any [supported] 32-bit platform... -# Just check for [non-]zero return value... -&function_begin_B("OPENSSL_instrument_halt","EXTRN\t_OPENSSL_ia32cap_P:DWORD"); - &picmeup("ecx","OPENSSL_ia32cap_P"); - &bt (&DWP(0,"ecx"),4); - &jnc (&label("nohalt")); # no TSC - - &data_word(0x9058900e); # push %cs; pop %eax - &and ("eax",3); - &jnz (&label("nohalt")); # not enough privileges - - &pushf (); - &pop ("eax"); - &bt ("eax",9); - &jnc (&label("nohalt")); # interrupts are disabled - - &rdtsc (); - &push ("edx"); - &push ("eax"); - &halt (); - &rdtsc (); - - &sub ("eax",&DWP(0,"esp")); - &sbb ("edx",&DWP(4,"esp")); - &add ("esp",8); - &ret (); - -&set_label("nohalt"); - &xor ("eax","eax"); - &xor ("edx","edx"); - &ret (); -&function_end_B("OPENSSL_instrument_halt"); - -# Essentially there is only one use for this function. Under DJGPP: -# -# #include -# ... -# i=OPENSSL_far_spin(_dos_ds,0x46c); -# ... -# to obtain the number of spins till closest timer interrupt. - -&function_begin_B("OPENSSL_far_spin"); - &pushf (); - &pop ("eax"); - &bt ("eax",9); - &jnc (&label("nospin")); # interrupts are disabled - - &mov ("eax",&DWP(4,"esp")); - &mov ("ecx",&DWP(8,"esp")); - &data_word (0x90d88e1e); # push %ds, mov %eax,%ds - &xor ("eax","eax"); - &mov ("edx",&DWP(0,"ecx")); - &jmp (&label("spin")); - - &align (16); -&set_label("spin"); - &inc ("eax"); - &cmp ("edx",&DWP(0,"ecx")); - &je (&label("spin")); - - &data_word (0x1f909090); # pop %ds - &ret (); - -&set_label("nospin"); - &xor ("eax","eax"); - &xor ("edx","edx"); - &ret (); -&function_end_B("OPENSSL_far_spin"); - -&function_begin_B("OPENSSL_wipe_cpu","EXTRN\t_OPENSSL_ia32cap_P:DWORD"); - &xor ("eax","eax"); - &xor ("edx","edx"); - &picmeup("ecx","OPENSSL_ia32cap_P"); - &mov ("ecx",&DWP(0,"ecx")); - &bt (&DWP(0,"ecx"),1); - &jnc (&label("no_x87")); - if ($sse2) { - &and ("ecx",1<<26|1<<24); # check SSE2 and FXSR bits - &cmp ("ecx",1<<26|1<<24); - &jne (&label("no_sse2")); - &pxor ("xmm0","xmm0"); - &pxor ("xmm1","xmm1"); - &pxor ("xmm2","xmm2"); - &pxor ("xmm3","xmm3"); - &pxor ("xmm4","xmm4"); - &pxor ("xmm5","xmm5"); - &pxor ("xmm6","xmm6"); - &pxor ("xmm7","xmm7"); - &set_label("no_sse2"); - } - # just a bunch of fldz to zap the fp/mm bank followed by finit... - &data_word(0xeed9eed9,0xeed9eed9,0xeed9eed9,0xeed9eed9,0x90e3db9b); -&set_label("no_x87"); - &lea ("eax",&DWP(4,"esp")); - &ret (); -&function_end_B("OPENSSL_wipe_cpu"); - -&function_begin_B("OPENSSL_atomic_add"); - &mov ("edx",&DWP(4,"esp")); # fetch the pointer, 1st arg - &mov ("ecx",&DWP(8,"esp")); # fetch the increment, 2nd arg - &push ("ebx"); - &nop (); - &mov ("eax",&DWP(0,"edx")); -&set_label("spin"); - &lea ("ebx",&DWP(0,"eax","ecx")); - &nop (); - &data_word(0x1ab10ff0); # lock; cmpxchg %ebx,(%edx) # %eax is involved and is always reloaded - &jne (&label("spin")); - &mov ("eax","ebx"); # OpenSSL expects the new value - &pop ("ebx"); - &ret (); -&function_end_B("OPENSSL_atomic_add"); - -&function_begin_B("OPENSSL_cleanse"); - &mov ("edx",&wparam(0)); - &mov ("ecx",&wparam(1)); - &xor ("eax","eax"); - &cmp ("ecx",7); - &jae (&label("lot")); - &cmp ("ecx",0); - &je (&label("ret")); -&set_label("little"); - &mov (&BP(0,"edx"),"al"); - &sub ("ecx",1); - &lea ("edx",&DWP(1,"edx")); - &jnz (&label("little")); -&set_label("ret"); - &ret (); - -&set_label("lot",16); - &test ("edx",3); - &jz (&label("aligned")); - &mov (&BP(0,"edx"),"al"); - &lea ("ecx",&DWP(-1,"ecx")); - &lea ("edx",&DWP(1,"edx")); - &jmp (&label("lot")); -&set_label("aligned"); - &mov (&DWP(0,"edx"),"eax"); - &lea ("ecx",&DWP(-4,"ecx")); - &test ("ecx",-4); - &lea ("edx",&DWP(4,"edx")); - &jnz (&label("aligned")); - &cmp ("ecx",0); - &jne (&label("little")); - &ret (); -&function_end_B("OPENSSL_cleanse"); - -&function_begin_B("CRYPTO_memcmp"); - &push ("esi"); - &push ("edi"); - &mov ("esi",&wparam(0)); - &mov ("edi",&wparam(1)); - &mov ("ecx",&wparam(2)); - &xor ("eax","eax"); - &xor ("edx","edx"); - &cmp ("ecx",0); - &je (&label("no_data")); -&set_label("loop"); - &mov ("dl",&BP(0,"esi")); - &lea ("esi",&DWP(1,"esi")); - &xor ("dl",&BP(0,"edi")); - &lea ("edi",&DWP(1,"edi")); - &or ("al","dl"); - &dec ("ecx"); - &jnz (&label("loop")); - &neg ("eax"); - &shr ("eax",31); -&set_label("no_data"); - &pop ("edi"); - &pop ("esi"); - &ret (); -&function_end_B("CRYPTO_memcmp"); -{ -my $lasttick = "esi"; -my $lastdiff = "ebx"; -my $out = "edi"; -my $cnt = "ecx"; -my $max = "ebp"; - -&function_begin("OPENSSL_instrument_bus"); - &mov ("eax",0); - if ($sse2) { - &picmeup("edx","OPENSSL_ia32cap_P"); - &bt (&DWP(0,"edx"),4); - &jnc (&label("nogo")); # no TSC - &bt (&DWP(0,"edx"),19); - &jnc (&label("nogo")); # no CLFLUSH - - &mov ($out,&wparam(0)); # load arguments - &mov ($cnt,&wparam(1)); - - # collect 1st tick - &rdtsc (); - &mov ($lasttick,"eax"); # lasttick = tick - &mov ($lastdiff,0); # lastdiff = 0 - &clflush(&DWP(0,$out)); - &data_byte(0xf0); # lock - &add (&DWP(0,$out),$lastdiff); - &jmp (&label("loop")); - -&set_label("loop",16); - &rdtsc (); - &mov ("edx","eax"); # put aside tick (yes, I neglect edx) - &sub ("eax",$lasttick); # diff - &mov ($lasttick,"edx"); # lasttick = tick - &mov ($lastdiff,"eax"); # lastdiff = diff - &clflush(&DWP(0,$out)); - &data_byte(0xf0); # lock - &add (&DWP(0,$out),"eax"); # accumulate diff - &lea ($out,&DWP(4,$out)); # ++$out - &sub ($cnt,1); # --$cnt - &jnz (&label("loop")); - - &mov ("eax",&wparam(1)); -&set_label("nogo"); - } -&function_end("OPENSSL_instrument_bus"); - -&function_begin("OPENSSL_instrument_bus2"); - &mov ("eax",0); - if ($sse2) { - &picmeup("edx","OPENSSL_ia32cap_P"); - &bt (&DWP(0,"edx"),4); - &jnc (&label("nogo")); # no TSC - &bt (&DWP(0,"edx"),19); - &jnc (&label("nogo")); # no CLFLUSH - - &mov ($out,&wparam(0)); # load arguments - &mov ($cnt,&wparam(1)); - &mov ($max,&wparam(2)); - - &rdtsc (); # collect 1st tick - &mov ($lasttick,"eax"); # lasttick = tick - &mov ($lastdiff,0); # lastdiff = 0 - - &clflush(&DWP(0,$out)); - &data_byte(0xf0); # lock - &add (&DWP(0,$out),$lastdiff); - - &rdtsc (); # collect 1st diff - &mov ("edx","eax"); # put aside tick (yes, I neglect edx) - &sub ("eax",$lasttick); # diff - &mov ($lasttick,"edx"); # lasttick = tick - &mov ($lastdiff,"eax"); # lastdiff = diff - &jmp (&label("loop2")); - -&set_label("loop2",16); - &clflush(&DWP(0,$out)); - &data_byte(0xf0); # lock - &add (&DWP(0,$out),"eax"); # accumulate diff - - &sub ($max,1); - &jz (&label("done2")); - - &rdtsc (); - &mov ("edx","eax"); # put aside tick (yes, I neglect edx) - &sub ("eax",$lasttick); # diff - &mov ($lasttick,"edx"); # lasttick = tick - &cmp ("eax",$lastdiff); - &mov ($lastdiff,"eax"); # lastdiff = diff - &mov ("edx",0); - &setne ("dl"); - &sub ($cnt,"edx"); # conditional --$cnt - &lea ($out,&DWP(0,$out,"edx",4)); # conditional ++$out - &jnz (&label("loop2")); - -&set_label("done2"); - &mov ("eax",&wparam(1)); - &sub ("eax",$cnt); -&set_label("nogo"); - } -&function_end("OPENSSL_instrument_bus2"); -} - -sub gen_random { -my $rdop = shift; -&function_begin_B("OPENSSL_ia32_${rdop}_bytes"); - &push ("edi"); - &push ("ebx"); - &xor ("eax","eax"); # return value - &mov ("edi",&wparam(0)); - &mov ("ebx",&wparam(1)); - - &cmp ("ebx",0); - &je (&label("done")); - - &mov ("ecx",8); -&set_label("loop"); - &${rdop}("edx"); - &jc (&label("break")); - &loop (&label("loop")); - &jmp (&label("done")); - -&set_label("break",16); - &cmp ("ebx",4); - &jb (&label("tail")); - &mov (&DWP(0,"edi"),"edx"); - &lea ("edi",&DWP(4,"edi")); - &add ("eax",4); - &sub ("ebx",4); - &jz (&label("done")); - &mov ("ecx",8); - &jmp (&label("loop")); - -&set_label("tail",16); - &mov (&BP(0,"edi"),"dl"); - &lea ("edi",&DWP(1,"edi")); - &inc ("eax"); - &shr ("edx",8); - &dec ("ebx"); - &jnz (&label("tail")); - -&set_label("done"); - &xor ("edx","edx"); # Clear random value from registers - &pop ("ebx"); - &pop ("edi"); - &ret (); -&function_end_B("OPENSSL_ia32_${rdop}_bytes"); -} -&gen_random("rdrand"); -&gen_random("rdseed"); - -&initseg("OPENSSL_cpuid_setup"); - -&hidden("OPENSSL_cpuid_setup"); -&hidden("OPENSSL_ia32cap_P"); - -&asm_finish(); - -close STDOUT or die "error closing STDOUT: $!"; diff --git a/demos/README.txt b/demos/README.txt deleted file mode 100644 index dae5c881d23e6bcd50da521fa6f008403359b066..0000000000000000000000000000000000000000 --- a/demos/README.txt +++ /dev/null @@ -1,46 +0,0 @@ -OpenSSL Demonstration Applications - -This folder contains source code that demonstrates the proper use of the OpenSSL -library API. - -bio: Demonstration of a simple TLS client and server - -certs: Demonstration of creating certs, using OCSP - -cipher: -aesgcm.c Demonstration of symmetric cipher GCM mode encrypt/decrypt -aesccm.c Demonstration of symmetric cipher CCM mode encrypt/decrypt -ariacbc.c Demonstration of symmetric cipher CBC mode encrypt/decrypt - -cms: - -digest: -EVP_MD_demo.c Compute a digest from multiple buffers -EVP_MD_stdin.c Compute a digest with data read from stdin -EVP_MD_xof.c Compute a digest using the SHAKE256 XOF -EVP_f_md.c Compute a digest using BIO and EVP_f_md - -kdf: -hkdf.c Demonstration of HMAC based key derivation -pbkdf2.c Demonstration of PBKDF2 password based key derivation -scrypt.c Demonstration of SCRYPT password based key derivation - -mac: -gmac.c Demonstration of GMAC message authentication -poly1305.c Demonstration of Poly1305-AES message authentication -siphash.c Demonstration of SIPHASH message authentication - -pkey: -EVP_PKEY_EC_keygen.c Generate an EC key. -EVP_PKEY_RSA_keygen.c Generate an RSA key. - -smime: - -pkcs12: -pkread.c Print out a description of a PKCS12 file. -pkwrite.c Add a password to an existing PKCS12 file. - -signature: -EVP_Signature_demo.c Compute and verify a signature from multiple buffers -rsa_pss_direct.c Compute and verify an RSA-PSS signature from a hash -rsa_pss_hash.c Compute and verify an RSA-PSS signature over a buffer diff --git a/demos/bio/Makefile b/demos/bio/Makefile deleted file mode 100644 index 86f19d4df3af7c431dc329d72c383491cd3a409b..0000000000000000000000000000000000000000 --- a/demos/bio/Makefile +++ /dev/null @@ -1,33 +0,0 @@ -# Quick instruction: -# To build against an OpenSSL built in the source tree, do this: -# -# make OPENSSL_INCS_LOCATION=-I../../include OPENSSL_LIBS_LOCATION=-L../.. -# -# To run the demos when linked with a shared library (default): -# -# LD_LIBRARY_PATH=../.. ./server-arg -# LD_LIBRARY_PATH=../.. ./server-cmod -# LD_LIBRARY_PATH=../.. ./server-conf -# LD_LIBRARY_PATH=../.. ./client-arg -# LD_LIBRARY_PATH=../.. ./client-conf -# LD_LIBRARY_PATH=../.. ./saccept -# LD_LIBRARY_PATH=../.. ./sconnect - -CFLAGS = $(OPENSSL_INCS_LOCATION) -LDFLAGS = $(OPENSSL_LIBS_LOCATION) -lssl -lcrypto $(EX_LIBS) - -all: client-arg client-conf saccept sconnect server-arg server-cmod server-conf - -client-arg: client-arg.o -client-conf: client-conf.o -saccept: saccept.o -sconnect: sconnect.o -server-arg: server-arg.o -server-cmod: server-cmod.o -server-conf: server-conf.o - -client-arg client-conf saccept sconnect server-arg server-cmod server-conf: - $(CC) $(CFLAGS) -o $@ $< $(LDFLAGS) - -clean: - $(RM) *.o client-arg client-conf saccept sconnect server-arg server-cmod server-conf diff --git a/demos/bio/README.txt b/demos/bio/README.txt deleted file mode 100644 index a8467cda6429cdc9995daa13afd88bb6ed443880..0000000000000000000000000000000000000000 --- a/demos/bio/README.txt +++ /dev/null @@ -1,6 +0,0 @@ -This directory contains some simple examples of the use of BIO's -to simplify socket programming. - -The client-conf, server-conf, client-arg and client-conf include examples -of how to use the SSL_CONF API for configuration file or command line -processing. diff --git a/demos/bio/accept.cnf b/demos/bio/accept.cnf deleted file mode 100644 index ce36678ee9cadabec558f1d97747e594ad7a872d..0000000000000000000000000000000000000000 --- a/demos/bio/accept.cnf +++ /dev/null @@ -1,23 +0,0 @@ -# Example configuration file - -# Comment out the next line to ignore configuration errors -config_diagnostics = 1 - -# Port to listen on -Port = 4433 - -# Disable TLS v1.2 for test. -# Protocol = ALL, -TLSv1.2 -# Only support 3 curves -Curves = P-521:P-384:P-256 - -# Restricted signature algorithms -SignatureAlgorithms = RSA+SHA512:ECDSA+SHA512 -Certificate=server.pem -PrivateKey=server.pem -ChainCAFile=root.pem -VerifyCAFile=root.pem - -# Request certificate -VerifyMode=Request -ClientCAFile=root.pem diff --git a/demos/bio/client-arg.c b/demos/bio/client-arg.c deleted file mode 100644 index 202afa1ee8ecbadb8b0d8c7afa662c4a739e6edf..0000000000000000000000000000000000000000 --- a/demos/bio/client-arg.c +++ /dev/null @@ -1,108 +0,0 @@ -/* - * Copyright 2013-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include - -int main(int argc, char **argv) -{ - BIO *sbio = NULL, *out = NULL; - int len; - char tmpbuf[1024]; - SSL_CTX *ctx; - SSL_CONF_CTX *cctx; - SSL *ssl; - char **args = argv + 1; - const char *connect_str = "localhost:4433"; - int nargs = argc - 1; - - ctx = SSL_CTX_new(TLS_client_method()); - cctx = SSL_CONF_CTX_new(); - SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_CLIENT); - SSL_CONF_CTX_set_ssl_ctx(cctx, ctx); - while (*args && **args == '-') { - int rv; - /* Parse standard arguments */ - rv = SSL_CONF_cmd_argv(cctx, &nargs, &args); - if (rv == -3) { - fprintf(stderr, "Missing argument for %s\n", *args); - goto end; - } - if (rv < 0) { - fprintf(stderr, "Error in command %s\n", *args); - ERR_print_errors_fp(stderr); - goto end; - } - /* If rv > 0 we processed something so proceed to next arg */ - if (rv > 0) - continue; - /* Otherwise application specific argument processing */ - if (strcmp(*args, "-connect") == 0) { - connect_str = args[1]; - if (connect_str == NULL) { - fprintf(stderr, "Missing -connect argument\n"); - goto end; - } - args += 2; - nargs -= 2; - continue; - } else { - fprintf(stderr, "Unknown argument %s\n", *args); - goto end; - } - } - - if (!SSL_CONF_CTX_finish(cctx)) { - fprintf(stderr, "Finish error\n"); - ERR_print_errors_fp(stderr); - goto end; - } - - /* - * We'd normally set some stuff like the verify paths and * mode here - * because as things stand this will connect to * any server whose - * certificate is signed by any CA. - */ - - sbio = BIO_new_ssl_connect(ctx); - - BIO_get_ssl(sbio, &ssl); - - if (!ssl) { - fprintf(stderr, "Can't locate SSL pointer\n"); - goto end; - } - - /* We might want to do other things with ssl here */ - - BIO_set_conn_hostname(sbio, connect_str); - - out = BIO_new_fp(stdout, BIO_NOCLOSE); - if (BIO_do_connect(sbio) <= 0) { - fprintf(stderr, "Error connecting to server\n"); - ERR_print_errors_fp(stderr); - goto end; - } - - /* Could examine ssl here to get connection info */ - - BIO_puts(sbio, "GET / HTTP/1.0\n\n"); - for (;;) { - len = BIO_read(sbio, tmpbuf, 1024); - if (len <= 0) - break; - BIO_write(out, tmpbuf, len); - } - end: - SSL_CONF_CTX_free(cctx); - BIO_free_all(sbio); - BIO_free(out); - return 0; -} diff --git a/demos/bio/client-conf.c b/demos/bio/client-conf.c deleted file mode 100644 index 916876bfab94a59543d41041702136cf2aede1fb..0000000000000000000000000000000000000000 --- a/demos/bio/client-conf.c +++ /dev/null @@ -1,117 +0,0 @@ -/* - * Copyright 2013-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include - -int main(int argc, char **argv) -{ - BIO *sbio = NULL, *out = NULL; - int i, len, rv; - char tmpbuf[1024]; - SSL_CTX *ctx = NULL; - SSL_CONF_CTX *cctx = NULL; - SSL *ssl = NULL; - CONF *conf = NULL; - STACK_OF(CONF_VALUE) *sect = NULL; - CONF_VALUE *cnf; - const char *connect_str = "localhost:4433"; - long errline = -1; - - conf = NCONF_new(NULL); - - if (NCONF_load(conf, "connect.cnf", &errline) <= 0) { - if (errline <= 0) - fprintf(stderr, "Error processing config file\n"); - else - fprintf(stderr, "Error on line %ld\n", errline); - goto end; - } - - sect = NCONF_get_section(conf, "default"); - - if (sect == NULL) { - fprintf(stderr, "Error retrieving default section\n"); - goto end; - } - - ctx = SSL_CTX_new(TLS_client_method()); - cctx = SSL_CONF_CTX_new(); - SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_CLIENT); - SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_FILE); - SSL_CONF_CTX_set_ssl_ctx(cctx, ctx); - for (i = 0; i < sk_CONF_VALUE_num(sect); i++) { - cnf = sk_CONF_VALUE_value(sect, i); - rv = SSL_CONF_cmd(cctx, cnf->name, cnf->value); - if (rv > 0) - continue; - if (rv != -2) { - fprintf(stderr, "Error processing %s = %s\n", - cnf->name, cnf->value); - ERR_print_errors_fp(stderr); - goto end; - } - if (strcmp(cnf->name, "Connect") == 0) { - connect_str = cnf->value; - } else { - fprintf(stderr, "Unknown configuration option %s\n", cnf->name); - goto end; - } - } - - if (!SSL_CONF_CTX_finish(cctx)) { - fprintf(stderr, "Finish error\n"); - ERR_print_errors_fp(stderr); - goto end; - } - - /* - * We'd normally set some stuff like the verify paths and * mode here - * because as things stand this will connect to * any server whose - * certificate is signed by any CA. - */ - - sbio = BIO_new_ssl_connect(ctx); - - BIO_get_ssl(sbio, &ssl); - - if (!ssl) { - fprintf(stderr, "Can't locate SSL pointer\n"); - goto end; - } - - /* We might want to do other things with ssl here */ - - BIO_set_conn_hostname(sbio, connect_str); - - out = BIO_new_fp(stdout, BIO_NOCLOSE); - if (BIO_do_connect(sbio) <= 0) { - fprintf(stderr, "Error connecting to server\n"); - ERR_print_errors_fp(stderr); - goto end; - } - - /* Could examine ssl here to get connection info */ - - BIO_puts(sbio, "GET / HTTP/1.0\n\n"); - for (;;) { - len = BIO_read(sbio, tmpbuf, 1024); - if (len <= 0) - break; - BIO_write(out, tmpbuf, len); - } - end: - SSL_CONF_CTX_free(cctx); - BIO_free_all(sbio); - BIO_free(out); - NCONF_free(conf); - return 0; -} diff --git a/demos/bio/cmod.cnf b/demos/bio/cmod.cnf deleted file mode 100644 index df514dba790914cd1d2409448c7d43249caf1eaf..0000000000000000000000000000000000000000 --- a/demos/bio/cmod.cnf +++ /dev/null @@ -1,27 +0,0 @@ -# Example config module configuration - -# Name supplied by application to CONF_modules_load_file -# and section containing configuration -testapp = test_sect - -# Comment out the next line to ignore configuration errors -config_diagnostics = 1 - -[test_sect] -# list of configuration modules - -# SSL configuration module -ssl_conf = ssl_sect - -[ssl_sect] -# list of SSL configurations -server = server_sect - -[server_sect] -# Only support 3 curves -Curves = P-521:P-384:P-256 -# Restricted signature algorithms -SignatureAlgorithms = RSA+SHA512:ECDSA+SHA512 -# Certificates and keys -RSA.Certificate=server.pem -ECDSA.Certificate=server-ec.pem diff --git a/demos/bio/connect.cnf b/demos/bio/connect.cnf deleted file mode 100644 index 0049a77b2d62d21fac6685208ff2153bb39b73ab..0000000000000000000000000000000000000000 --- a/demos/bio/connect.cnf +++ /dev/null @@ -1,15 +0,0 @@ -# Example configuration file - -# Comment out the next line to ignore configuration errors -config_diagnostics = 1 - -# Connects to the default port of s_server -Connect = localhost:4433 - -# Disable TLS v1.2 for test. -# Protocol = ALL, -TLSv1.2 -# Only support 3 curves -Curves = P-521:P-384:P-256 - -# Restricted signature algorithms -SignatureAlgorithms = RSA+SHA512:ECDSA+SHA512 diff --git a/demos/bio/saccept.c b/demos/bio/saccept.c deleted file mode 100644 index 6da22ea440910831a2aea9ced66db7a0b2f592fe..0000000000000000000000000000000000000000 --- a/demos/bio/saccept.c +++ /dev/null @@ -1,121 +0,0 @@ -/* - * Copyright 1998-2017 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/*- - * A minimal program to serve an SSL connection. - * It uses blocking. - * saccept host:port - * host is the interface IP to use. If any interface, use *:port - * The default it *:4433 - * - * cc -I../../include saccept.c -L../.. -lssl -lcrypto -ldl - */ - -#include -#include -#include -#include -#include - -#define CERT_FILE "server.pem" - -static volatile int done = 0; - -void interrupt(int sig) -{ - done = 1; -} - -void sigsetup(void) -{ - struct sigaction sa; - - /* - * Catch at most once, and don't restart the accept system call. - */ - sa.sa_flags = SA_RESETHAND; - sa.sa_handler = interrupt; - sigemptyset(&sa.sa_mask); - sigaction(SIGINT, &sa, NULL); -} - -int main(int argc, char *argv[]) -{ - char *port = NULL; - BIO *in = NULL; - BIO *ssl_bio, *tmp; - SSL_CTX *ctx; - char buf[512]; - int ret = EXIT_FAILURE, i; - - if (argc <= 1) - port = "*:4433"; - else - port = argv[1]; - - ctx = SSL_CTX_new(TLS_server_method()); - if (!SSL_CTX_use_certificate_chain_file(ctx, CERT_FILE)) - goto err; - if (!SSL_CTX_use_PrivateKey_file(ctx, CERT_FILE, SSL_FILETYPE_PEM)) - goto err; - if (!SSL_CTX_check_private_key(ctx)) - goto err; - - /* Setup server side SSL bio */ - ssl_bio = BIO_new_ssl(ctx, 0); - - if ((in = BIO_new_accept(port)) == NULL) - goto err; - - /* - * This means that when a new connection is accepted on 'in', The ssl_bio - * will be 'duplicated' and have the new socket BIO push into it. - * Basically it means the SSL BIO will be automatically setup - */ - BIO_set_accept_bios(in, ssl_bio); - - /* Arrange to leave server loop on interrupt */ - sigsetup(); - - again: - /* - * The first call will setup the accept socket, and the second will get a - * socket. In this loop, the first actual accept will occur in the - * BIO_read() function. - */ - - if (BIO_do_accept(in) <= 0) - goto err; - - while (!done) { - i = BIO_read(in, buf, 512); - if (i == 0) { - /* - * If we have finished, remove the underlying BIO stack so the - * next time we call any function for this BIO, it will attempt - * to do an accept - */ - printf("Done\n"); - tmp = BIO_pop(in); - BIO_free_all(tmp); - goto again; - } - if (i < 0) - goto err; - fwrite(buf, 1, i, stdout); - fflush(stdout); - } - - ret = EXIT_SUCCESS; - err: - if (ret != EXIT_SUCCESS) - ERR_print_errors_fp(stderr); - BIO_free(in); - return ret; -} diff --git a/demos/bio/sconnect.c b/demos/bio/sconnect.c deleted file mode 100644 index 18f7007ce708725273bc14acca33ca4bd2ca12c9..0000000000000000000000000000000000000000 --- a/demos/bio/sconnect.c +++ /dev/null @@ -1,128 +0,0 @@ -/* - * Copyright 1998-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/*- - * A minimal program to do SSL to a passed host and port. - * It is actually using non-blocking IO but in a very simple manner - * sconnect host:port - it does a 'GET / HTTP/1.0' - * - * cc -I../../include sconnect.c -L../.. -lssl -lcrypto - */ -#include -#include -#include -#include -#include -#include -#include - -#define HOSTPORT "localhost:4433" -#define CAFILE "root.pem" - -int main(int argc, char *argv[]) -{ - const char *hostport = HOSTPORT; - const char *CAfile = CAFILE; - const char *hostname; - char *cp; - BIO *out = NULL; - char buf[1024 * 10], *p; - SSL_CTX *ssl_ctx = NULL; - SSL *ssl; - BIO *ssl_bio; - int i, len, off, ret = EXIT_FAILURE; - - if (argc > 1) - hostport = argv[1]; - if (argc > 2) - CAfile = argv[2]; - -#ifdef WATT32 - dbug_init(); - sock_init(); -#endif - - ssl_ctx = SSL_CTX_new(TLS_client_method()); - - /* Enable trust chain verification */ - SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_PEER, NULL); - SSL_CTX_load_verify_locations(ssl_ctx, CAfile, NULL); - - /* Lets make a SSL structure */ - ssl = SSL_new(ssl_ctx); - SSL_set_connect_state(ssl); - - - /* Use it inside an SSL BIO */ - ssl_bio = BIO_new(BIO_f_ssl()); - BIO_set_ssl(ssl_bio, ssl, BIO_CLOSE); - - /* Lets use a connect BIO under the SSL BIO */ - out = BIO_new(BIO_s_connect()); - BIO_set_conn_hostname(out, hostport); - - /* The BIO has parsed the host:port and even IPv6 literals in [] */ - hostname = BIO_get_conn_hostname(out); - if (!hostname || SSL_set1_host(ssl, hostname) <= 0) - goto err; - - BIO_set_nbio(out, 1); - out = BIO_push(ssl_bio, out); - - p = "GET / HTTP/1.0\r\n\r\n"; - len = strlen(p); - - off = 0; - for (;;) { - i = BIO_write(out, &(p[off]), len); - if (i <= 0) { - if (BIO_should_retry(out)) { - fprintf(stderr, "write DELAY\n"); - sleep(1); - continue; - } else { - goto err; - } - } - off += i; - len -= i; - if (len <= 0) - break; - } - - for (;;) { - i = BIO_read(out, buf, sizeof(buf)); - if (i == 0) - break; - if (i < 0) { - if (BIO_should_retry(out)) { - fprintf(stderr, "read DELAY\n"); - sleep(1); - continue; - } - goto err; - } - fwrite(buf, 1, i, stdout); - } - - ret = EXIT_SUCCESS; - goto done; - - err: - if (ERR_peek_error() == 0) { /* system call error */ - fprintf(stderr, "errno=%d ", errno); - perror("error"); - } else { - ERR_print_errors_fp(stderr); - } - done: - BIO_free_all(out); - SSL_CTX_free(ssl_ctx); - return ret; -} diff --git a/demos/bio/server-arg.c b/demos/bio/server-arg.c deleted file mode 100644 index 60a87725a9deeb72a7085c18f65761d045799c77..0000000000000000000000000000000000000000 --- a/demos/bio/server-arg.c +++ /dev/null @@ -1,144 +0,0 @@ -/* - * Copyright 2013-2017 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * A minimal program to serve an SSL connection. It uses blocking. It use the - * SSL_CONF API with the command line. cc -I../../include server-arg.c - * -L../.. -lssl -lcrypto -ldl - */ - -#include -#include -#include -#include -#include -#include - -int main(int argc, char *argv[]) -{ - char *port = "*:4433"; - BIO *ssl_bio, *tmp; - SSL_CTX *ctx; - SSL_CONF_CTX *cctx; - char buf[512]; - BIO *in = NULL; - int ret = EXIT_FAILURE, i; - char **args = argv + 1; - int nargs = argc - 1; - - ctx = SSL_CTX_new(TLS_server_method()); - - cctx = SSL_CONF_CTX_new(); - SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_SERVER); - SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_CERTIFICATE); - SSL_CONF_CTX_set_ssl_ctx(cctx, ctx); - while (*args && **args == '-') { - int rv; - /* Parse standard arguments */ - rv = SSL_CONF_cmd_argv(cctx, &nargs, &args); - if (rv == -3) { - fprintf(stderr, "Missing argument for %s\n", *args); - goto err; - } - if (rv < 0) { - fprintf(stderr, "Error in command %s\n", *args); - ERR_print_errors_fp(stderr); - goto err; - } - /* If rv > 0 we processed something so proceed to next arg */ - if (rv > 0) - continue; - /* Otherwise application specific argument processing */ - if (strcmp(*args, "-port") == 0) { - port = args[1]; - if (port == NULL) { - fprintf(stderr, "Missing -port argument\n"); - goto err; - } - args += 2; - nargs -= 2; - continue; - } else { - fprintf(stderr, "Unknown argument %s\n", *args); - goto err; - } - } - - if (!SSL_CONF_CTX_finish(cctx)) { - fprintf(stderr, "Finish error\n"); - ERR_print_errors_fp(stderr); - goto err; - } -#ifdef ITERATE_CERTS - /* - * Demo of how to iterate over all certificates in an SSL_CTX structure. - */ - { - X509 *x; - int rv; - rv = SSL_CTX_set_current_cert(ctx, SSL_CERT_SET_FIRST); - while (rv) { - X509 *x = SSL_CTX_get0_certificate(ctx); - X509_NAME_print_ex_fp(stdout, X509_get_subject_name(x), 0, - XN_FLAG_ONELINE); - printf("\n"); - rv = SSL_CTX_set_current_cert(ctx, SSL_CERT_SET_NEXT); - } - fflush(stdout); - } -#endif - /* Setup server side SSL bio */ - ssl_bio = BIO_new_ssl(ctx, 0); - - if ((in = BIO_new_accept(port)) == NULL) - goto err; - - /* - * This means that when a new connection is accepted on 'in', The ssl_bio - * will be 'duplicated' and have the new socket BIO push into it. - * Basically it means the SSL BIO will be automatically setup - */ - BIO_set_accept_bios(in, ssl_bio); - - again: - /* - * The first call will setup the accept socket, and the second will get a - * socket. In this loop, the first actual accept will occur in the - * BIO_read() function. - */ - - if (BIO_do_accept(in) <= 0) - goto err; - - for (;;) { - i = BIO_read(in, buf, 512); - if (i == 0) { - /* - * If we have finished, remove the underlying BIO stack so the - * next time we call any function for this BIO, it will attempt - * to do an accept - */ - printf("Done\n"); - tmp = BIO_pop(in); - BIO_free_all(tmp); - goto again; - } - if (i < 0) - goto err; - fwrite(buf, 1, i, stdout); - fflush(stdout); - } - - ret = EXIT_SUCCESS; - err: - if (ret != EXIT_SUCCESS) - ERR_print_errors_fp(stderr); - BIO_free(in); - return ret; -} diff --git a/demos/bio/server-cmod.c b/demos/bio/server-cmod.c deleted file mode 100644 index 3642fbacf6cefec84b058deef004582d217f339f..0000000000000000000000000000000000000000 --- a/demos/bio/server-cmod.c +++ /dev/null @@ -1,94 +0,0 @@ -/* - * Copyright 2015-2017 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * A minimal TLS server it ses SSL_CTX_config and a configuration file to - * set most server parameters. - */ - -#include -#include -#include -#include -#include -#include - -int main(int argc, char *argv[]) -{ - unsigned char buf[512]; - char *port = "*:4433"; - BIO *in = NULL; - BIO *ssl_bio, *tmp; - SSL_CTX *ctx; - int ret = EXIT_FAILURE, i; - - ctx = SSL_CTX_new(TLS_server_method()); - - if (CONF_modules_load_file("cmod.cnf", "testapp", 0) <= 0) { - fprintf(stderr, "Error processing config file\n"); - goto err; - } - - if (SSL_CTX_config(ctx, "server") == 0) { - fprintf(stderr, "Error configuring server.\n"); - goto err; - } - - /* Setup server side SSL bio */ - ssl_bio = BIO_new_ssl(ctx, 0); - - if ((in = BIO_new_accept(port)) == NULL) - goto err; - - /* - * This means that when a new connection is accepted on 'in', The ssl_bio - * will be 'duplicated' and have the new socket BIO push into it. - * Basically it means the SSL BIO will be automatically setup - */ - BIO_set_accept_bios(in, ssl_bio); - - again: - /* - * The first call will setup the accept socket, and the second will get a - * socket. In this loop, the first actual accept will occur in the - * BIO_read() function. - */ - - if (BIO_do_accept(in) <= 0) - goto err; - - for (;;) { - i = BIO_read(in, buf, sizeof(buf)); - if (i == 0) { - /* - * If we have finished, remove the underlying BIO stack so the - * next time we call any function for this BIO, it will attempt - * to do an accept - */ - printf("Done\n"); - tmp = BIO_pop(in); - BIO_free_all(tmp); - goto again; - } - if (i < 0) { - if (BIO_should_retry(in)) - continue; - goto err; - } - fwrite(buf, 1, i, stdout); - fflush(stdout); - } - - ret = EXIT_SUCCESS; - err: - if (ret != EXIT_SUCCESS) - ERR_print_errors_fp(stderr); - BIO_free(in); - return ret; -} diff --git a/demos/bio/server-conf.c b/demos/bio/server-conf.c deleted file mode 100644 index 5e07a15e7bc70be0ee04b84bba6899a7a61e8ef2..0000000000000000000000000000000000000000 --- a/demos/bio/server-conf.c +++ /dev/null @@ -1,139 +0,0 @@ -/* - * Copyright 2013-2017 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * A minimal program to serve an SSL connection. It uses blocking. It uses - * the SSL_CONF API with a configuration file. cc -I../../include saccept.c - * -L../.. -lssl -lcrypto -ldl - */ - -#include -#include -#include -#include -#include -#include -#include - -int main(int argc, char *argv[]) -{ - char *port = "*:4433"; - BIO *in = NULL; - BIO *ssl_bio, *tmp; - SSL_CTX *ctx; - SSL_CONF_CTX *cctx = NULL; - CONF *conf = NULL; - STACK_OF(CONF_VALUE) *sect = NULL; - CONF_VALUE *cnf; - long errline = -1; - char buf[512]; - int ret = EXIT_FAILURE, i; - - ctx = SSL_CTX_new(TLS_server_method()); - - conf = NCONF_new(NULL); - - if (NCONF_load(conf, "accept.cnf", &errline) <= 0) { - if (errline <= 0) - fprintf(stderr, "Error processing config file\n"); - else - fprintf(stderr, "Error on line %ld\n", errline); - goto err; - } - - sect = NCONF_get_section(conf, "default"); - - if (sect == NULL) { - fprintf(stderr, "Error retrieving default section\n"); - goto err; - } - - cctx = SSL_CONF_CTX_new(); - SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_SERVER); - SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_CERTIFICATE); - SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_FILE); - SSL_CONF_CTX_set_ssl_ctx(cctx, ctx); - for (i = 0; i < sk_CONF_VALUE_num(sect); i++) { - int rv; - cnf = sk_CONF_VALUE_value(sect, i); - rv = SSL_CONF_cmd(cctx, cnf->name, cnf->value); - if (rv > 0) - continue; - if (rv != -2) { - fprintf(stderr, "Error processing %s = %s\n", - cnf->name, cnf->value); - ERR_print_errors_fp(stderr); - goto err; - } - if (strcmp(cnf->name, "Port") == 0) { - port = cnf->value; - } else { - fprintf(stderr, "Unknown configuration option %s\n", cnf->name); - goto err; - } - } - - if (!SSL_CONF_CTX_finish(cctx)) { - fprintf(stderr, "Finish error\n"); - ERR_print_errors_fp(stderr); - goto err; - } - - /* Setup server side SSL bio */ - ssl_bio = BIO_new_ssl(ctx, 0); - - if ((in = BIO_new_accept(port)) == NULL) - goto err; - - /* - * This means that when a new connection is accepted on 'in', The ssl_bio - * will be 'duplicated' and have the new socket BIO push into it. - * Basically it means the SSL BIO will be automatically setup - */ - BIO_set_accept_bios(in, ssl_bio); - - again: - /* - * The first call will setup the accept socket, and the second will get a - * socket. In this loop, the first actual accept will occur in the - * BIO_read() function. - */ - - if (BIO_do_accept(in) <= 0) - goto err; - - for (;;) { - i = BIO_read(in, buf, 512); - if (i == 0) { - /* - * If we have finished, remove the underlying BIO stack so the - * next time we call any function for this BIO, it will attempt - * to do an accept - */ - printf("Done\n"); - tmp = BIO_pop(in); - BIO_free_all(tmp); - goto again; - } - if (i < 0) { - if (BIO_should_retry(in)) - continue; - goto err; - } - fwrite(buf, 1, i, stdout); - fflush(stdout); - } - - ret = EXIT_SUCCESS; - err: - if (ret != EXIT_SUCCESS) - ERR_print_errors_fp(stderr); - BIO_free(in); - return ret; -} diff --git a/demos/certs/README.txt b/demos/certs/README.txt deleted file mode 100644 index 88cf56b1f8d067c4ae26e7f62b6f25928d72ba1e..0000000000000000000000000000000000000000 --- a/demos/certs/README.txt +++ /dev/null @@ -1,18 +0,0 @@ -There is often a need to generate test certificates automatically using -a script. This is often a cause for confusion which can result in incorrect -CA certificates, obsolete V1 certificates or duplicate serial numbers. -The range of command line options can be daunting for a beginner. - -The mkcerts.sh script is an example of how to generate certificates -automatically using scripts. Example creates a root CA, an intermediate CA -signed by the root and several certificates signed by the intermediate CA. - -The script then creates an empty index.txt file and adds entries for the -certificates and generates a CRL. Then one certificate is revoked and a -second CRL generated. - -The script ocsprun.sh runs the test responder on port 8888 covering the -client certificates. - -The script ocspquery.sh queries the status of the certificates using the -test responder. diff --git a/demos/certs/apps/apps.cnf b/demos/certs/apps/apps.cnf deleted file mode 100644 index 72ed70de7582ddb3e426ea123674178aabfadf89..0000000000000000000000000000000000000000 --- a/demos/certs/apps/apps.cnf +++ /dev/null @@ -1,66 +0,0 @@ -# -# OpenSSL configuration file to create apps directory certificates -# - -# This definition stops the following lines choking if HOME or CN -# is undefined. -HOME = . -CN = "Not Defined" - -# Comment out the next line to ignore configuration errors -config_diagnostics = 1 - - -#################################################################### -[ req ] -default_bits = 2048 -default_keyfile = privkey.pem -# Don't prompt for fields: use those in section directly -prompt = no -distinguished_name = req_distinguished_name -x509_extensions = v3_ca # The extensions to add to the self signed cert -string_mask = utf8only - -# req_extensions = v3_req # The extensions to add to a certificate request - -[ req_distinguished_name ] -countryName = UK - -organizationName = OpenSSL Group -organizationalUnitName = FOR TESTING PURPOSES ONLY -# Take CN from environment so it can come from a script. -commonName = $ENV::CN - -[ usr_cert ] - -# These extensions are added when 'ca' signs a request for an end entity -# certificate - -basicConstraints=critical, CA:FALSE -keyUsage=critical, nonRepudiation, digitalSignature, keyEncipherment - -[ ec_cert ] - -# These extensions are added when 'ca' signs a request for an end entity -# certificate - -basicConstraints=critical, CA:FALSE -keyUsage=critical, nonRepudiation, digitalSignature, keyAgreement - -# PKIX recommendations harmless if included in all certificates. -subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid - -[ v3_ca ] - - -# Extensions for a typical CA - -# PKIX recommendation. - -subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid:always -basicConstraints = critical,CA:true -keyUsage = critical, cRLSign, keyCertSign - - diff --git a/demos/certs/ca.cnf b/demos/certs/ca.cnf deleted file mode 100644 index e0c73c4eefee5b44b295f3954ce0ad8df4ba9c55..0000000000000000000000000000000000000000 --- a/demos/certs/ca.cnf +++ /dev/null @@ -1,82 +0,0 @@ -# -# OpenSSL example configuration file for automated certificate creation. -# - -# This definition stops the following lines choking if HOME or CN -# is undefined. -HOME = . -CN = "Not Defined" -default_ca = ca - -# Comment out the next line to ignore configuration errors -config_diagnostics = 1 - -#################################################################### -[ req ] -default_bits = 1024 -default_keyfile = privkey.pem -# Don't prompt for fields: use those in section directly -prompt = no -distinguished_name = req_distinguished_name -x509_extensions = v3_ca # The extensions to add to the self signed cert -string_mask = utf8only - -# req_extensions = v3_req # The extensions to add to a certificate request - -[ req_distinguished_name ] -countryName = UK - -organizationName = OpenSSL Group -# Take CN from environment so it can come from a script. -commonName = $ENV::CN - -[ usr_cert ] - -# These extensions are added when 'ca' signs a request for an end entity -# certificate - -basicConstraints=critical, CA:FALSE -keyUsage=critical, nonRepudiation, digitalSignature, keyEncipherment - -# PKIX recommendations harmless if included in all certificates. -subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid -# OCSP responder certificate -[ ocsp_cert ] - -basicConstraints=critical, CA:FALSE -keyUsage=critical, nonRepudiation, digitalSignature, keyEncipherment - -# PKIX recommendations harmless if included in all certificates. -subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid -extendedKeyUsage=OCSPSigning - -[ dh_cert ] - -# These extensions are added when 'ca' signs a request for an end entity -# DH certificate - -basicConstraints=critical, CA:FALSE -keyUsage=critical, keyAgreement - -# PKIX recommendations harmless if included in all certificates. -subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid - -[ v3_ca ] - - -# Extensions for a typical CA - -# PKIX recommendation. - -subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid:always -basicConstraints = critical,CA:true -keyUsage = critical, cRLSign, keyCertSign - -# Minimal CA entry to allow generation of CRLs. -[ca] -database=index.txt -crlnumber=crlnum.txt diff --git a/demos/cipher/Makefile b/demos/cipher/Makefile deleted file mode 100644 index 81f526535e20f626ec38bafa6bcd150ceb53baf7..0000000000000000000000000000000000000000 --- a/demos/cipher/Makefile +++ /dev/null @@ -1,27 +0,0 @@ -# Quick instruction: -# To build against an OpenSSL built in the source tree, do this: -# -# make OPENSSL_INCS_LOCATION=-I../../include OPENSSL_LIBS_LOCATION=-L../.. -# -# To run the demos when linked with a shared library (default): -# -# LD_LIBRARY_PATH=../.. ./aesccm -# LD_LIBRARY_PATH=../.. ./aesgcm -# LD_LIBRARY_PATH=../.. ./aeskeywrap -# LD_LIBRARY_PATH=../.. ./ariacbc - -CFLAGS = $(OPENSSL_INCS_LOCATION) -LDFLAGS = $(OPENSSL_LIBS_LOCATION) -lssl -lcrypto - -all: aesccm aesgcm aeskeywrap ariacbc - -aesccm: aesccm.o -aesgcm: aesgcm.o -aeskeywrap: aeskeywrap.o -ariacbc: ariacbc.o - -aesccm aesgcm aeskeywrap ariacbc: - $(CC) $(CFLAGS) -o $@ $< $(LDFLAGS) - -clean: - $(RM) aesccm aesgcm aeskeywrap ariacbc *.o diff --git a/demos/cipher/aesccm.c b/demos/cipher/aesccm.c deleted file mode 100644 index 5a2d4281506e159ffb7902a6007be73aa64ede7a..0000000000000000000000000000000000000000 --- a/demos/cipher/aesccm.c +++ /dev/null @@ -1,238 +0,0 @@ -/* - * Copyright 2013-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * Simple AES CCM authenticated encryption with additional data (AEAD) - * demonstration program. - */ - -#include -#include -#include -#include -#include - -/* AES-CCM test data obtained from NIST public test vectors */ - -/* AES key */ -static const unsigned char ccm_key[] = { - 0xce, 0xb0, 0x09, 0xae, 0xa4, 0x45, 0x44, 0x51, 0xfe, 0xad, 0xf0, 0xe6, - 0xb3, 0x6f, 0x45, 0x55, 0x5d, 0xd0, 0x47, 0x23, 0xba, 0xa4, 0x48, 0xe8 -}; - -/* Unique nonce to be used for this message */ -static const unsigned char ccm_nonce[] = { - 0x76, 0x40, 0x43, 0xc4, 0x94, 0x60, 0xb7 -}; - -/* - * Example of Additional Authenticated Data (AAD), i.e. unencrypted data - * which can be authenticated using the generated Tag value. - */ -static const unsigned char ccm_adata[] = { - 0x6e, 0x80, 0xdd, 0x7f, 0x1b, 0xad, 0xf3, 0xa1, 0xc9, 0xab, 0x25, 0xc7, - 0x5f, 0x10, 0xbd, 0xe7, 0x8c, 0x23, 0xfa, 0x0e, 0xb8, 0xf9, 0xaa, 0xa5, - 0x3a, 0xde, 0xfb, 0xf4, 0xcb, 0xf7, 0x8f, 0xe4 -}; - -/* Example plaintext to encrypt */ -static const unsigned char ccm_pt[] = { - 0xc8, 0xd2, 0x75, 0xf9, 0x19, 0xe1, 0x7d, 0x7f, 0xe6, 0x9c, 0x2a, 0x1f, - 0x58, 0x93, 0x9d, 0xfe, 0x4d, 0x40, 0x37, 0x91, 0xb5, 0xdf, 0x13, 0x10 -}; - -/* Expected ciphertext value */ -static const unsigned char ccm_ct[] = { - 0x8a, 0x0f, 0x3d, 0x82, 0x29, 0xe4, 0x8e, 0x74, 0x87, 0xfd, 0x95, 0xa2, - 0x8a, 0xd3, 0x92, 0xc8, 0x0b, 0x36, 0x81, 0xd4, 0xfb, 0xc7, 0xbb, 0xfd -}; - -/* Expected AEAD Tag value */ -static const unsigned char ccm_tag[] = { - 0x2d, 0xd6, 0xef, 0x1c, 0x45, 0xd4, 0xcc, 0xb7, 0x23, 0xdc, 0x07, 0x44, - 0x14, 0xdb, 0x50, 0x6d -}; - -/* - * A library context and property query can be used to select & filter - * algorithm implementations. If they are NULL then the default library - * context and properties are used. - */ -OSSL_LIB_CTX *libctx = NULL; -const char *propq = NULL; - - -int aes_ccm_encrypt(void) -{ - int ret = 0; - EVP_CIPHER_CTX *ctx; - EVP_CIPHER *cipher = NULL; - int outlen, tmplen; - size_t ccm_nonce_len = sizeof(ccm_nonce); - size_t ccm_tag_len = sizeof(ccm_tag); - unsigned char outbuf[1024]; - unsigned char outtag[16]; - OSSL_PARAM params[3] = { - OSSL_PARAM_END, OSSL_PARAM_END, OSSL_PARAM_END - }; - - printf("AES CCM Encrypt:\n"); - printf("Plaintext:\n"); - BIO_dump_fp(stdout, ccm_pt, sizeof(ccm_pt)); - - /* Create a context for the encrypt operation */ - if ((ctx = EVP_CIPHER_CTX_new()) == NULL) - goto err; - - /* Fetch the cipher implementation */ - if ((cipher = EVP_CIPHER_fetch(libctx, "AES-192-CCM", propq)) == NULL) - goto err; - - /* Set nonce length if default 96 bits is not appropriate */ - params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN, - &ccm_nonce_len); - /* Set tag length */ - params[1] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG, - NULL, ccm_tag_len); - - /* - * Initialise encrypt operation with the cipher & mode, - * nonce length and tag length parameters. - */ - if (!EVP_EncryptInit_ex2(ctx, cipher, NULL, NULL, params)) - goto err; - - /* Initialise key and nonce */ - if (!EVP_EncryptInit_ex(ctx, NULL, NULL, ccm_key, ccm_nonce)) - goto err; - - /* Set plaintext length: only needed if AAD is used */ - if (!EVP_EncryptUpdate(ctx, NULL, &outlen, NULL, sizeof(ccm_pt))) - goto err; - - /* Zero or one call to specify any AAD */ - if (!EVP_EncryptUpdate(ctx, NULL, &outlen, ccm_adata, sizeof(ccm_adata))) - goto err; - - /* Encrypt plaintext: can only be called once */ - if (!EVP_EncryptUpdate(ctx, outbuf, &outlen, ccm_pt, sizeof(ccm_pt))) - goto err; - - /* Output encrypted block */ - printf("Ciphertext:\n"); - BIO_dump_fp(stdout, outbuf, outlen); - - /* Finalise: note get no output for CCM */ - if (!EVP_EncryptFinal_ex(ctx, NULL, &tmplen)) - goto err; - - /* Get tag */ - params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG, - outtag, ccm_tag_len); - params[1] = OSSL_PARAM_construct_end(); - - if (!EVP_CIPHER_CTX_get_params(ctx, params)) - goto err; - - /* Output tag */ - printf("Tag:\n"); - BIO_dump_fp(stdout, outtag, ccm_tag_len); - - ret = 1; -err: - if (!ret) - ERR_print_errors_fp(stderr); - - EVP_CIPHER_free(cipher); - EVP_CIPHER_CTX_free(ctx); - - return ret; -} - -int aes_ccm_decrypt(void) -{ - int ret = 0; - EVP_CIPHER_CTX *ctx; - EVP_CIPHER *cipher = NULL; - int outlen, rv; - unsigned char outbuf[1024]; - size_t ccm_nonce_len = sizeof(ccm_nonce); - OSSL_PARAM params[3] = { - OSSL_PARAM_END, OSSL_PARAM_END, OSSL_PARAM_END - }; - - printf("AES CCM Decrypt:\n"); - printf("Ciphertext:\n"); - BIO_dump_fp(stdout, ccm_ct, sizeof(ccm_ct)); - - if ((ctx = EVP_CIPHER_CTX_new()) == NULL) - goto err; - - /* Fetch the cipher implementation */ - if ((cipher = EVP_CIPHER_fetch(libctx, "AES-192-CCM", propq)) == NULL) - goto err; - - /* Set nonce length if default 96 bits is not appropriate */ - params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN, - &ccm_nonce_len); - /* Set tag length */ - params[1] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG, - (unsigned char *)ccm_tag, - sizeof(ccm_tag)); - /* - * Initialise decrypt operation with the cipher & mode, - * nonce length and expected tag parameters. - */ - if (!EVP_DecryptInit_ex2(ctx, cipher, NULL, NULL, params)) - goto err; - - /* Specify key and IV */ - if (!EVP_DecryptInit_ex(ctx, NULL, NULL, ccm_key, ccm_nonce)) - goto err; - - /* Set ciphertext length: only needed if we have AAD */ - if (!EVP_DecryptUpdate(ctx, NULL, &outlen, NULL, sizeof(ccm_ct))) - goto err; - - /* Zero or one call to specify any AAD */ - if (!EVP_DecryptUpdate(ctx, NULL, &outlen, ccm_adata, sizeof(ccm_adata))) - goto err; - - /* Decrypt plaintext, verify tag: can only be called once */ - rv = EVP_DecryptUpdate(ctx, outbuf, &outlen, ccm_ct, sizeof(ccm_ct)); - - /* Output decrypted block: if tag verify failed we get nothing */ - if (rv > 0) { - printf("Tag verify successful!\nPlaintext:\n"); - BIO_dump_fp(stdout, outbuf, outlen); - } else { - printf("Tag verify failed!\nPlaintext not available\n"); - goto err; - } - ret = 1; -err: - if (!ret) - ERR_print_errors_fp(stderr); - - EVP_CIPHER_free(cipher); - EVP_CIPHER_CTX_free(ctx); - - return ret; -} - -int main(int argc, char **argv) -{ - if (!aes_ccm_encrypt()) - return 1; - - if (!aes_ccm_decrypt()) - return 1; - - return 0; -} diff --git a/demos/cipher/aesgcm.c b/demos/cipher/aesgcm.c deleted file mode 100644 index aaf4000d574fd43377f4a1906610b1a7325c41c4..0000000000000000000000000000000000000000 --- a/demos/cipher/aesgcm.c +++ /dev/null @@ -1,228 +0,0 @@ -/* - * Copyright 2012-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * Simple AES GCM authenticated encryption with additional data (AEAD) - * demonstration program. - */ - -#include -#include -#include -#include -#include - -/* AES-GCM test data obtained from NIST public test vectors */ - -/* AES key */ -static const unsigned char gcm_key[] = { - 0xee, 0xbc, 0x1f, 0x57, 0x48, 0x7f, 0x51, 0x92, 0x1c, 0x04, 0x65, 0x66, - 0x5f, 0x8a, 0xe6, 0xd1, 0x65, 0x8b, 0xb2, 0x6d, 0xe6, 0xf8, 0xa0, 0x69, - 0xa3, 0x52, 0x02, 0x93, 0xa5, 0x72, 0x07, 0x8f -}; - -/* Unique initialisation vector */ -static const unsigned char gcm_iv[] = { - 0x99, 0xaa, 0x3e, 0x68, 0xed, 0x81, 0x73, 0xa0, 0xee, 0xd0, 0x66, 0x84 -}; - -/* Example plaintext to encrypt */ -static const unsigned char gcm_pt[] = { - 0xf5, 0x6e, 0x87, 0x05, 0x5b, 0xc3, 0x2d, 0x0e, 0xeb, 0x31, 0xb2, 0xea, - 0xcc, 0x2b, 0xf2, 0xa5 -}; - -/* - * Example of Additional Authenticated Data (AAD), i.e. unencrypted data - * which can be authenticated using the generated Tag value. - */ -static const unsigned char gcm_aad[] = { - 0x4d, 0x23, 0xc3, 0xce, 0xc3, 0x34, 0xb4, 0x9b, 0xdb, 0x37, 0x0c, 0x43, - 0x7f, 0xec, 0x78, 0xde -}; - -/* Expected ciphertext value */ -static const unsigned char gcm_ct[] = { - 0xf7, 0x26, 0x44, 0x13, 0xa8, 0x4c, 0x0e, 0x7c, 0xd5, 0x36, 0x86, 0x7e, - 0xb9, 0xf2, 0x17, 0x36 -}; - -/* Expected AEAD Tag value */ -static const unsigned char gcm_tag[] = { - 0x67, 0xba, 0x05, 0x10, 0x26, 0x2a, 0xe4, 0x87, 0xd7, 0x37, 0xee, 0x62, - 0x98, 0xf7, 0x7e, 0x0c -}; - -/* - * A library context and property query can be used to select & filter - * algorithm implementations. If they are NULL then the default library - * context and properties are used. - */ -OSSL_LIB_CTX *libctx = NULL; -const char *propq = NULL; - -int aes_gcm_encrypt(void) -{ - int ret = 0; - EVP_CIPHER_CTX *ctx; - EVP_CIPHER *cipher = NULL; - int outlen, tmplen; - size_t gcm_ivlen = sizeof(gcm_iv); - unsigned char outbuf[1024]; - unsigned char outtag[16]; - OSSL_PARAM params[2] = { - OSSL_PARAM_END, OSSL_PARAM_END - }; - - printf("AES GCM Encrypt:\n"); - printf("Plaintext:\n"); - BIO_dump_fp(stdout, gcm_pt, sizeof(gcm_pt)); - - /* Create a context for the encrypt operation */ - if ((ctx = EVP_CIPHER_CTX_new()) == NULL) - goto err; - - /* Fetch the cipher implementation */ - if ((cipher = EVP_CIPHER_fetch(libctx, "AES-256-GCM", propq)) == NULL) - goto err; - - /* Set IV length if default 96 bits is not appropriate */ - params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN, - &gcm_ivlen); - - /* - * Initialise an encrypt operation with the cipher/mode, key, IV and - * IV length parameter. - * For demonstration purposes the IV is being set here. In a compliant - * application the IV would be generated internally so the iv passed in - * would be NULL. - */ - if (!EVP_EncryptInit_ex2(ctx, cipher, gcm_key, gcm_iv, params)) - goto err; - - /* Zero or more calls to specify any AAD */ - if (!EVP_EncryptUpdate(ctx, NULL, &outlen, gcm_aad, sizeof(gcm_aad))) - goto err; - - /* Encrypt plaintext */ - if (!EVP_EncryptUpdate(ctx, outbuf, &outlen, gcm_pt, sizeof(gcm_pt))) - goto err; - - /* Output encrypted block */ - printf("Ciphertext:\n"); - BIO_dump_fp(stdout, outbuf, outlen); - - /* Finalise: note get no output for GCM */ - if (!EVP_EncryptFinal_ex(ctx, outbuf, &tmplen)) - goto err; - - /* Get tag */ - params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG, - outtag, 16); - - if (!EVP_CIPHER_CTX_get_params(ctx, params)) - goto err; - - /* Output tag */ - printf("Tag:\n"); - BIO_dump_fp(stdout, outtag, 16); - - ret = 1; -err: - if (!ret) - ERR_print_errors_fp(stderr); - - EVP_CIPHER_free(cipher); - EVP_CIPHER_CTX_free(ctx); - - return ret; -} - -int aes_gcm_decrypt(void) -{ - int ret = 0; - EVP_CIPHER_CTX *ctx; - EVP_CIPHER *cipher = NULL; - int outlen, rv; - size_t gcm_ivlen = sizeof(gcm_iv); - unsigned char outbuf[1024]; - OSSL_PARAM params[2] = { - OSSL_PARAM_END, OSSL_PARAM_END - }; - - printf("AES GCM Decrypt:\n"); - printf("Ciphertext:\n"); - BIO_dump_fp(stdout, gcm_ct, sizeof(gcm_ct)); - - if ((ctx = EVP_CIPHER_CTX_new()) == NULL) - goto err; - - /* Fetch the cipher implementation */ - if ((cipher = EVP_CIPHER_fetch(libctx, "AES-256-GCM", propq)) == NULL) - goto err; - - /* Set IV length if default 96 bits is not appropriate */ - params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN, - &gcm_ivlen); - - /* - * Initialise an encrypt operation with the cipher/mode, key, IV and - * IV length parameter. - */ - if (!EVP_DecryptInit_ex2(ctx, cipher, gcm_key, gcm_iv, params)) - goto err; - - /* Zero or more calls to specify any AAD */ - if (!EVP_DecryptUpdate(ctx, NULL, &outlen, gcm_aad, sizeof(gcm_aad))) - goto err; - - /* Decrypt plaintext */ - if (!EVP_DecryptUpdate(ctx, outbuf, &outlen, gcm_ct, sizeof(gcm_ct))) - goto err; - - /* Output decrypted block */ - printf("Plaintext:\n"); - BIO_dump_fp(stdout, outbuf, outlen); - - /* Set expected tag value. */ - params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG, - (void*)gcm_tag, sizeof(gcm_tag)); - - if (!EVP_CIPHER_CTX_set_params(ctx, params)) - goto err; - - /* Finalise: note get no output for GCM */ - rv = EVP_DecryptFinal_ex(ctx, outbuf, &outlen); - /* - * Print out return value. If this is not successful authentication - * failed and plaintext is not trustworthy. - */ - printf("Tag Verify %s\n", rv > 0 ? "Successful!" : "Failed!"); - - ret = 1; -err: - if (!ret) - ERR_print_errors_fp(stderr); - - EVP_CIPHER_free(cipher); - EVP_CIPHER_CTX_free(ctx); - - return ret; -} - -int main(int argc, char **argv) -{ - if (!aes_gcm_encrypt()) - return 1; - - if (!aes_gcm_decrypt()) - return 1; - - return 0; -} diff --git a/demos/cipher/aeskeywrap.c b/demos/cipher/aeskeywrap.c deleted file mode 100644 index f987772e4ffea557f10f3590401075f352d2bd96..0000000000000000000000000000000000000000 --- a/demos/cipher/aeskeywrap.c +++ /dev/null @@ -1,181 +0,0 @@ -/* - * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * Simple aes wrap encryption demonstration program. - */ - -#include -#include -#include -#include -#include -#include - -/* aes key */ -static const unsigned char wrap_key[] = { - 0xee, 0xbc, 0x1f, 0x57, 0x48, 0x7f, 0x51, 0x92, 0x1c, 0x04, 0x65, 0x66, - 0x5f, 0x8a, 0xe6, 0xd1, 0x65, 0x8b, 0xb2, 0x6d, 0xe6, 0xf8, 0xa0, 0x69, - 0xa3, 0x52, 0x02, 0x93, 0xa5, 0x72, 0x07, 0x8f -}; - -/* Unique initialisation vector */ -static const unsigned char wrap_iv[] = { - 0x99, 0xaa, 0x3e, 0x68, 0xed, 0x81, 0x73, 0xa0, 0xee, 0xd0, 0x66, 0x84, - 0x99, 0xaa, 0x3e, 0x68, -}; - -/* Example plaintext to encrypt */ -static const unsigned char wrap_pt[] = { - 0xad, 0x4f, 0xc9, 0xfc, 0x77, 0x69, 0xc9, 0xea, 0xfc, 0xdf, 0x00, 0xac, - 0x34, 0xec, 0x40, 0xbc, 0x28, 0x3f, 0xa4, 0x5e, 0xd8, 0x99, 0xe4, 0x5d, - 0x5e, 0x7a, 0xc4, 0xe6, 0xca, 0x7b, 0xa5, 0xb7, -}; - -/* Expected ciphertext value */ -static const unsigned char wrap_ct[] = { - 0x97, 0x99, 0x55, 0xca, 0xf6, 0x3e, 0x95, 0x54, 0x39, 0xd6, 0xaf, 0x63, 0xff, 0x2c, 0xe3, 0x96, - 0xf7, 0x0d, 0x2c, 0x9c, 0xc7, 0x43, 0xc0, 0xb6, 0x31, 0x43, 0xb9, 0x20, 0xac, 0x6b, 0xd3, 0x67, - 0xad, 0x01, 0xaf, 0xa7, 0x32, 0x74, 0x26, 0x92, -}; - -/* - * A library context and property query can be used to select & filter - * algorithm implementations. If they are NULL then the default library - * context and properties are used. - */ -OSSL_LIB_CTX *libctx = NULL; -const char *propq = NULL; - -int aes_wrap_encrypt(void) -{ - int ret = 0; - EVP_CIPHER_CTX *ctx; - EVP_CIPHER *cipher = NULL; - int outlen, tmplen; - unsigned char outbuf[1024]; - - printf("aes wrap Encrypt:\n"); - printf("Plaintext:\n"); - BIO_dump_fp(stdout, wrap_pt, sizeof(wrap_pt)); - - /* Create a context for the encrypt operation */ - if ((ctx = EVP_CIPHER_CTX_new()) == NULL) - goto err; - - EVP_CIPHER_CTX_set_flags(ctx, EVP_CIPHER_CTX_FLAG_WRAP_ALLOW); - - /* Fetch the cipher implementation */ - if ((cipher = EVP_CIPHER_fetch(libctx, "AES-256-WRAP", propq)) == NULL) - goto err; - - /* - * Initialise an encrypt operation with the cipher/mode, key and IV. - * We are not setting any custom params so let params be just NULL. - */ - if (!EVP_EncryptInit_ex2(ctx, cipher, wrap_key, wrap_iv, /* params */ NULL)) - goto err; - - /* Encrypt plaintext */ - if (!EVP_EncryptUpdate(ctx, outbuf, &outlen, wrap_pt, sizeof(wrap_pt))) - goto err; - - /* Finalise: there can be some additional output from padding */ - if (!EVP_EncryptFinal_ex(ctx, outbuf + outlen, &tmplen)) - goto err; - outlen += tmplen; - - /* Output encrypted block */ - printf("Ciphertext (outlen:%d):\n", outlen); - BIO_dump_fp(stdout, outbuf, outlen); - - if (sizeof(wrap_ct) == outlen && !CRYPTO_memcmp(outbuf, wrap_ct, outlen)) - printf("Final ciphertext matches expected ciphertext\n"); - else - printf("Final ciphertext differs from expected ciphertext\n"); - - ret = 1; -err: - if (!ret) - ERR_print_errors_fp(stderr); - - EVP_CIPHER_free(cipher); - EVP_CIPHER_CTX_free(ctx); - - return ret; -} - -int aes_wrap_decrypt(void) -{ - int ret = 0; - EVP_CIPHER_CTX *ctx; - EVP_CIPHER *cipher = NULL; - int outlen, tmplen; - unsigned char outbuf[1024]; - - printf("aes wrap Decrypt:\n"); - printf("Ciphertext:\n"); - BIO_dump_fp(stdout, wrap_ct, sizeof(wrap_ct)); - - if ((ctx = EVP_CIPHER_CTX_new()) == NULL) - goto err; - - EVP_CIPHER_CTX_set_flags(ctx, EVP_CIPHER_CTX_FLAG_WRAP_ALLOW); - - /* Fetch the cipher implementation */ - if ((cipher = EVP_CIPHER_fetch(libctx, "aes-256-wrap", propq)) == NULL) - goto err; - - /* - * Initialise an encrypt operation with the cipher/mode, key and IV. - * We are not setting any custom params so let params be just NULL. - */ - if (!EVP_DecryptInit_ex2(ctx, cipher, wrap_key, wrap_iv, /* params */ NULL)) - goto err; - - /* Decrypt plaintext */ - if (!EVP_DecryptUpdate(ctx, outbuf, &outlen, wrap_ct, sizeof(wrap_ct))) - goto err; - - /* Finalise: there can be some additional output from padding */ - if (!EVP_DecryptFinal_ex(ctx, outbuf + outlen, &tmplen)) - goto err; - outlen += tmplen; - - /* Output decrypted block */ - printf("Plaintext (outlen:%d):\n", outlen); - BIO_dump_fp(stdout, outbuf, outlen); - - if (sizeof(wrap_pt) == outlen && !CRYPTO_memcmp(outbuf, wrap_pt, outlen)) - printf("Final plaintext matches original plaintext\n"); - else - printf("Final plaintext differs from original plaintext\n"); - - ret = 1; -err: - if (!ret) - ERR_print_errors_fp(stderr); - - EVP_CIPHER_free(cipher); - EVP_CIPHER_CTX_free(ctx); - - return ret; -} - -int main(int argc, char **argv) -{ - if (!aes_wrap_encrypt()) - return 1; - - if (!aes_wrap_decrypt()) - return 1; - - return 0; -} - diff --git a/demos/cipher/ariacbc.c b/demos/cipher/ariacbc.c deleted file mode 100644 index 8999fe6e701d246891c4a21d1cda0b89c4f2acaa..0000000000000000000000000000000000000000 --- a/demos/cipher/ariacbc.c +++ /dev/null @@ -1,178 +0,0 @@ -/* - * Copyright 2012-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * Simple ARIA CBC encryption demonstration program. - */ - -#include -#include -#include -#include -#include -#include - -/* ARIA key */ -static const unsigned char cbc_key[] = { - 0xee, 0xbc, 0x1f, 0x57, 0x48, 0x7f, 0x51, 0x92, 0x1c, 0x04, 0x65, 0x66, - 0x5f, 0x8a, 0xe6, 0xd1, 0x65, 0x8b, 0xb2, 0x6d, 0xe6, 0xf8, 0xa0, 0x69, - 0xa3, 0x52, 0x02, 0x93, 0xa5, 0x72, 0x07, 0x8f -}; - -/* Unique initialisation vector */ -static const unsigned char cbc_iv[] = { - 0x99, 0xaa, 0x3e, 0x68, 0xed, 0x81, 0x73, 0xa0, 0xee, 0xd0, 0x66, 0x84, - 0x99, 0xaa, 0x3e, 0x68, -}; - -/* Example plaintext to encrypt */ -static const unsigned char cbc_pt[] = { - 0xf5, 0x6e, 0x87, 0x05, 0x5b, 0xc3, 0x2d, 0x0e, 0xeb, 0x31, 0xb2, 0xea, - 0xcc, 0x2b, 0xf2, 0xa5 -}; - -/* Expected ciphertext value */ -static const unsigned char cbc_ct[] = { - 0x9a, 0x44, 0xe6, 0x85, 0x94, 0x26, 0xff, 0x30, 0x03, 0xd3, 0x7e, 0xc6, - 0xb5, 0x4a, 0x09, 0x66, 0x39, 0x28, 0xf3, 0x67, 0x14, 0xbc, 0xe8, 0xe2, - 0xcf, 0x31, 0xb8, 0x60, 0x42, 0x72, 0x6d, 0xc8 -}; - -/* - * A library context and property query can be used to select & filter - * algorithm implementations. If they are NULL then the default library - * context and properties are used. - */ -OSSL_LIB_CTX *libctx = NULL; -const char *propq = NULL; - -int aria_cbc_encrypt(void) -{ - int ret = 0; - EVP_CIPHER_CTX *ctx; - EVP_CIPHER *cipher = NULL; - int outlen, tmplen; - size_t cbc_ivlen = sizeof(cbc_iv); - unsigned char outbuf[1024]; - unsigned char outtag[16]; - - printf("ARIA CBC Encrypt:\n"); - printf("Plaintext:\n"); - BIO_dump_fp(stdout, cbc_pt, sizeof(cbc_pt)); - - /* Create a context for the encrypt operation */ - if ((ctx = EVP_CIPHER_CTX_new()) == NULL) - goto err; - - /* Fetch the cipher implementation */ - if ((cipher = EVP_CIPHER_fetch(libctx, "ARIA-256-CBC", propq)) == NULL) - goto err; - - /* - * Initialise an encrypt operation with the cipher/mode, key and IV. - * We are not setting any custom params so let params be just NULL. - */ - if (!EVP_EncryptInit_ex2(ctx, cipher, cbc_key, cbc_iv, /* params */ NULL)) - goto err; - - /* Encrypt plaintext */ - if (!EVP_EncryptUpdate(ctx, outbuf, &outlen, cbc_pt, sizeof(cbc_pt))) - goto err; - - /* Finalise: there can be some additional output from padding */ - if (!EVP_EncryptFinal_ex(ctx, outbuf + outlen, &tmplen)) - goto err; - outlen += tmplen; - - /* Output encrypted block */ - printf("Ciphertext (outlen:%d):\n", outlen); - BIO_dump_fp(stdout, outbuf, outlen); - - if (sizeof(cbc_ct) == outlen && !CRYPTO_memcmp(outbuf, cbc_ct, outlen)) - printf("Final ciphertext matches expected ciphertext\n"); - else - printf("Final ciphertext differs from expected ciphertext\n"); - - ret = 1; -err: - if (!ret) - ERR_print_errors_fp(stderr); - - EVP_CIPHER_free(cipher); - EVP_CIPHER_CTX_free(ctx); - - return ret; -} - -int aria_cbc_decrypt(void) -{ - int ret = 0; - EVP_CIPHER_CTX *ctx; - EVP_CIPHER *cipher = NULL; - int outlen, tmplen, rv; - size_t cbc_ivlen = sizeof(cbc_iv); - unsigned char outbuf[1024]; - - printf("ARIA CBC Decrypt:\n"); - printf("Ciphertext:\n"); - BIO_dump_fp(stdout, cbc_ct, sizeof(cbc_ct)); - - if ((ctx = EVP_CIPHER_CTX_new()) == NULL) - goto err; - - /* Fetch the cipher implementation */ - if ((cipher = EVP_CIPHER_fetch(libctx, "ARIA-256-CBC", propq)) == NULL) - goto err; - - /* - * Initialise an encrypt operation with the cipher/mode, key and IV. - * We are not setting any custom params so let params be just NULL. - */ - if (!EVP_DecryptInit_ex2(ctx, cipher, cbc_key, cbc_iv, /* params */ NULL)) - goto err; - - /* Decrypt plaintext */ - if (!EVP_DecryptUpdate(ctx, outbuf, &outlen, cbc_ct, sizeof(cbc_ct))) - goto err; - - /* Finalise: there can be some additional output from padding */ - if (!EVP_DecryptFinal_ex(ctx, outbuf + outlen, &tmplen)) - goto err; - outlen += tmplen; - - /* Output decrypted block */ - printf("Plaintext (outlen:%d):\n", outlen); - BIO_dump_fp(stdout, outbuf, outlen); - - if (sizeof(cbc_pt) == outlen && !CRYPTO_memcmp(outbuf, cbc_pt, outlen)) - printf("Final plaintext matches original plaintext\n"); - else - printf("Final plaintext differs from original plaintext\n"); - - ret = 1; -err: - if (!ret) - ERR_print_errors_fp(stderr); - - EVP_CIPHER_free(cipher); - EVP_CIPHER_CTX_free(ctx); - - return ret; -} - -int main(int argc, char **argv) -{ - if (!aria_cbc_encrypt()) - return 1; - - if (!aria_cbc_decrypt()) - return 1; - - return 0; -} diff --git a/demos/cms/cms_comp.c b/demos/cms/cms_comp.c deleted file mode 100644 index ee1b5a38ceefd55b40a89bebb8b09d2bf13df920..0000000000000000000000000000000000000000 --- a/demos/cms/cms_comp.c +++ /dev/null @@ -1,64 +0,0 @@ -/* - * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* Simple S/MIME compress example */ -#include -#include -#include - -int main(int argc, char **argv) -{ - BIO *in = NULL, *out = NULL; - CMS_ContentInfo *cms = NULL; - int ret = 1; - - /* - * On OpenSSL 1.0.0+ only: - * for streaming set CMS_STREAM - */ - int flags = CMS_STREAM; - - OpenSSL_add_all_algorithms(); - ERR_load_crypto_strings(); - - /* Open content being compressed */ - - in = BIO_new_file("comp.txt", "r"); - - if (!in) - goto err; - - /* compress content */ - cms = CMS_compress(in, NID_zlib_compression, flags); - - if (!cms) - goto err; - - out = BIO_new_file("smcomp.txt", "w"); - if (!out) - goto err; - - /* Write out S/MIME message */ - if (!SMIME_write_CMS(out, cms, in, flags)) - goto err; - - ret = 0; - - err: - - if (ret) { - fprintf(stderr, "Error Compressing Data\n"); - ERR_print_errors_fp(stderr); - } - - CMS_ContentInfo_free(cms); - BIO_free(in); - BIO_free(out); - return ret; -} diff --git a/demos/cms/cms_ddec.c b/demos/cms/cms_ddec.c deleted file mode 100644 index cb6c2694c69790aca051b04a95be0156f6fcaffc..0000000000000000000000000000000000000000 --- a/demos/cms/cms_ddec.c +++ /dev/null @@ -1,88 +0,0 @@ -/* - * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * S/MIME detached data decrypt example: rarely done but should the need - * arise this is an example.... - */ -#include -#include -#include - -int main(int argc, char **argv) -{ - BIO *in = NULL, *out = NULL, *tbio = NULL, *dcont = NULL; - X509 *rcert = NULL; - EVP_PKEY *rkey = NULL; - CMS_ContentInfo *cms = NULL; - int ret = 1; - - OpenSSL_add_all_algorithms(); - ERR_load_crypto_strings(); - - /* Read in recipient certificate and private key */ - tbio = BIO_new_file("signer.pem", "r"); - - if (!tbio) - goto err; - - rcert = PEM_read_bio_X509(tbio, NULL, 0, NULL); - - BIO_reset(tbio); - - rkey = PEM_read_bio_PrivateKey(tbio, NULL, 0, NULL); - - if (!rcert || !rkey) - goto err; - - /* Open PEM file containing enveloped data */ - - in = BIO_new_file("smencr.pem", "r"); - - if (!in) - goto err; - - /* Parse PEM content */ - cms = PEM_read_bio_CMS(in, NULL, 0, NULL); - - if (!cms) - goto err; - - /* Open file containing detached content */ - dcont = BIO_new_file("smencr.out", "rb"); - - if (!in) - goto err; - - out = BIO_new_file("encrout.txt", "w"); - if (!out) - goto err; - - /* Decrypt S/MIME message */ - if (!CMS_decrypt(cms, rkey, rcert, dcont, out, 0)) - goto err; - - ret = 0; - - err: - - if (ret) { - fprintf(stderr, "Error Decrypting Data\n"); - ERR_print_errors_fp(stderr); - } - - CMS_ContentInfo_free(cms); - X509_free(rcert); - EVP_PKEY_free(rkey); - BIO_free(in); - BIO_free(out); - BIO_free(tbio); - BIO_free(dcont); - return ret; -} diff --git a/demos/cms/cms_dec.c b/demos/cms/cms_dec.c deleted file mode 100644 index f33ef1eb78f56e29360dce21865ad5200a7a960a..0000000000000000000000000000000000000000 --- a/demos/cms/cms_dec.c +++ /dev/null @@ -1,78 +0,0 @@ -/* - * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* Simple S/MIME decryption example */ -#include -#include -#include - -int main(int argc, char **argv) -{ - BIO *in = NULL, *out = NULL, *tbio = NULL; - X509 *rcert = NULL; - EVP_PKEY *rkey = NULL; - CMS_ContentInfo *cms = NULL; - int ret = 1; - - OpenSSL_add_all_algorithms(); - ERR_load_crypto_strings(); - - /* Read in recipient certificate and private key */ - tbio = BIO_new_file("signer.pem", "r"); - - if (!tbio) - goto err; - - rcert = PEM_read_bio_X509(tbio, NULL, 0, NULL); - - BIO_reset(tbio); - - rkey = PEM_read_bio_PrivateKey(tbio, NULL, 0, NULL); - - if (!rcert || !rkey) - goto err; - - /* Open S/MIME message to decrypt */ - - in = BIO_new_file("smencr.txt", "r"); - - if (!in) - goto err; - - /* Parse message */ - cms = SMIME_read_CMS(in, NULL); - - if (!cms) - goto err; - - out = BIO_new_file("decout.txt", "w"); - if (!out) - goto err; - - /* Decrypt S/MIME message */ - if (!CMS_decrypt(cms, rkey, rcert, NULL, out, 0)) - goto err; - - ret = 0; - - err: - - if (ret) { - fprintf(stderr, "Error Decrypting Data\n"); - ERR_print_errors_fp(stderr); - } - - CMS_ContentInfo_free(cms); - X509_free(rcert); - EVP_PKEY_free(rkey); - BIO_free(in); - BIO_free(out); - BIO_free(tbio); - return ret; -} diff --git a/demos/cms/cms_denc.c b/demos/cms/cms_denc.c deleted file mode 100644 index 60b0aa192bc008ddf2ea5bfb3136283c6e12e834..0000000000000000000000000000000000000000 --- a/demos/cms/cms_denc.c +++ /dev/null @@ -1,97 +0,0 @@ -/* - * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * S/MIME detached data encrypt example: rarely done but should the need - * arise this is an example.... - */ -#include -#include -#include - -int main(int argc, char **argv) -{ - BIO *in = NULL, *out = NULL, *tbio = NULL, *dout = NULL; - X509 *rcert = NULL; - STACK_OF(X509) *recips = NULL; - CMS_ContentInfo *cms = NULL; - int ret = 1; - - int flags = CMS_STREAM | CMS_DETACHED; - - OpenSSL_add_all_algorithms(); - ERR_load_crypto_strings(); - - /* Read in recipient certificate */ - tbio = BIO_new_file("signer.pem", "r"); - - if (!tbio) - goto err; - - rcert = PEM_read_bio_X509(tbio, NULL, 0, NULL); - - if (!rcert) - goto err; - - /* Create recipient STACK and add recipient cert to it */ - recips = sk_X509_new_null(); - - if (!recips || !sk_X509_push(recips, rcert)) - goto err; - - /* - * sk_X509_pop_free will free up recipient STACK and its contents so set - * rcert to NULL so it isn't freed up twice. - */ - rcert = NULL; - - /* Open content being encrypted */ - - in = BIO_new_file("encr.txt", "r"); - - dout = BIO_new_file("smencr.out", "wb"); - - if (!in) - goto err; - - /* encrypt content */ - cms = CMS_encrypt(recips, in, EVP_des_ede3_cbc(), flags); - - if (!cms) - goto err; - - out = BIO_new_file("smencr.pem", "w"); - if (!out) - goto err; - - if (!CMS_final(cms, in, dout, flags)) - goto err; - - /* Write out CMS structure without content */ - if (!PEM_write_bio_CMS(out, cms)) - goto err; - - ret = 0; - - err: - - if (ret) { - fprintf(stderr, "Error Encrypting Data\n"); - ERR_print_errors_fp(stderr); - } - - CMS_ContentInfo_free(cms); - X509_free(rcert); - sk_X509_pop_free(recips, X509_free); - BIO_free(in); - BIO_free(out); - BIO_free(dout); - BIO_free(tbio); - return ret; -} diff --git a/demos/cms/cms_enc.c b/demos/cms/cms_enc.c deleted file mode 100644 index 9ef7a395583dc8191e1d1cee093631a7f3ea9e18..0000000000000000000000000000000000000000 --- a/demos/cms/cms_enc.c +++ /dev/null @@ -1,92 +0,0 @@ -/* - * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* Simple S/MIME encrypt example */ -#include -#include -#include - -int main(int argc, char **argv) -{ - BIO *in = NULL, *out = NULL, *tbio = NULL; - X509 *rcert = NULL; - STACK_OF(X509) *recips = NULL; - CMS_ContentInfo *cms = NULL; - int ret = 1; - - /* - * On OpenSSL 1.0.0 and later only: - * for streaming set CMS_STREAM - */ - int flags = CMS_STREAM; - - OpenSSL_add_all_algorithms(); - ERR_load_crypto_strings(); - - /* Read in recipient certificate */ - tbio = BIO_new_file("signer.pem", "r"); - - if (!tbio) - goto err; - - rcert = PEM_read_bio_X509(tbio, NULL, 0, NULL); - - if (!rcert) - goto err; - - /* Create recipient STACK and add recipient cert to it */ - recips = sk_X509_new_null(); - - if (!recips || !sk_X509_push(recips, rcert)) - goto err; - - /* - * sk_X509_pop_free will free up recipient STACK and its contents so set - * rcert to NULL so it isn't freed up twice. - */ - rcert = NULL; - - /* Open content being encrypted */ - - in = BIO_new_file("encr.txt", "r"); - - if (!in) - goto err; - - /* encrypt content */ - cms = CMS_encrypt(recips, in, EVP_des_ede3_cbc(), flags); - - if (!cms) - goto err; - - out = BIO_new_file("smencr.txt", "w"); - if (!out) - goto err; - - /* Write out S/MIME message */ - if (!SMIME_write_CMS(out, cms, in, flags)) - goto err; - - ret = 0; - - err: - - if (ret) { - fprintf(stderr, "Error Encrypting Data\n"); - ERR_print_errors_fp(stderr); - } - - CMS_ContentInfo_free(cms); - X509_free(rcert); - sk_X509_pop_free(recips, X509_free); - BIO_free(in); - BIO_free(out); - BIO_free(tbio); - return ret; -} diff --git a/demos/cms/cms_sign.c b/demos/cms/cms_sign.c deleted file mode 100644 index a52f5cec0fa5e7d1ec6241a480813e100545422a..0000000000000000000000000000000000000000 --- a/demos/cms/cms_sign.c +++ /dev/null @@ -1,88 +0,0 @@ -/* - * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* Simple S/MIME signing example */ -#include -#include -#include - -int main(int argc, char **argv) -{ - BIO *in = NULL, *out = NULL, *tbio = NULL; - X509 *scert = NULL; - EVP_PKEY *skey = NULL; - CMS_ContentInfo *cms = NULL; - int ret = 1; - - /* - * For simple S/MIME signing use CMS_DETACHED. On OpenSSL 1.0.0 only: for - * streaming detached set CMS_DETACHED|CMS_STREAM for streaming - * non-detached set CMS_STREAM - */ - int flags = CMS_DETACHED | CMS_STREAM; - - OpenSSL_add_all_algorithms(); - ERR_load_crypto_strings(); - - /* Read in signer certificate and private key */ - tbio = BIO_new_file("signer.pem", "r"); - - if (!tbio) - goto err; - - scert = PEM_read_bio_X509(tbio, NULL, 0, NULL); - - BIO_reset(tbio); - - skey = PEM_read_bio_PrivateKey(tbio, NULL, 0, NULL); - - if (!scert || !skey) - goto err; - - /* Open content being signed */ - - in = BIO_new_file("sign.txt", "r"); - - if (!in) - goto err; - - /* Sign content */ - cms = CMS_sign(scert, skey, NULL, in, flags); - - if (!cms) - goto err; - - out = BIO_new_file("smout.txt", "w"); - if (!out) - goto err; - - if (!(flags & CMS_STREAM)) - BIO_reset(in); - - /* Write out S/MIME message */ - if (!SMIME_write_CMS(out, cms, in, flags)) - goto err; - - ret = 0; - - err: - - if (ret) { - fprintf(stderr, "Error Signing Data\n"); - ERR_print_errors_fp(stderr); - } - - CMS_ContentInfo_free(cms); - X509_free(scert); - EVP_PKEY_free(skey); - BIO_free(in); - BIO_free(out); - BIO_free(tbio); - return ret; -} diff --git a/demos/cms/cms_sign2.c b/demos/cms/cms_sign2.c deleted file mode 100644 index beda9779a3fba71fd3149f12bf3d6bee6c116ccb..0000000000000000000000000000000000000000 --- a/demos/cms/cms_sign2.c +++ /dev/null @@ -1,98 +0,0 @@ -/* - * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* S/MIME signing example: 2 signers */ -#include -#include -#include - -int main(int argc, char **argv) -{ - BIO *in = NULL, *out = NULL, *tbio = NULL; - X509 *scert = NULL, *scert2 = NULL; - EVP_PKEY *skey = NULL, *skey2 = NULL; - CMS_ContentInfo *cms = NULL; - int ret = 1; - - OpenSSL_add_all_algorithms(); - ERR_load_crypto_strings(); - - tbio = BIO_new_file("signer.pem", "r"); - - if (!tbio) - goto err; - - scert = PEM_read_bio_X509(tbio, NULL, 0, NULL); - - BIO_reset(tbio); - - skey = PEM_read_bio_PrivateKey(tbio, NULL, 0, NULL); - - BIO_free(tbio); - - tbio = BIO_new_file("signer2.pem", "r"); - - if (!tbio) - goto err; - - scert2 = PEM_read_bio_X509(tbio, NULL, 0, NULL); - - BIO_reset(tbio); - - skey2 = PEM_read_bio_PrivateKey(tbio, NULL, 0, NULL); - - if (!scert2 || !skey2) - goto err; - - in = BIO_new_file("sign.txt", "r"); - - if (!in) - goto err; - - cms = CMS_sign(NULL, NULL, NULL, in, CMS_STREAM | CMS_PARTIAL); - - if (!cms) - goto err; - - /* Add each signer in turn */ - - if (!CMS_add1_signer(cms, scert, skey, NULL, 0)) - goto err; - - if (!CMS_add1_signer(cms, scert2, skey2, NULL, 0)) - goto err; - - out = BIO_new_file("smout.txt", "w"); - if (!out) - goto err; - - /* NB: content included and finalized by SMIME_write_CMS */ - - if (!SMIME_write_CMS(out, cms, in, CMS_STREAM)) - goto err; - - ret = 0; - - err: - - if (ret) { - fprintf(stderr, "Error Signing Data\n"); - ERR_print_errors_fp(stderr); - } - - CMS_ContentInfo_free(cms); - X509_free(scert); - EVP_PKEY_free(skey); - X509_free(scert2); - EVP_PKEY_free(skey2); - BIO_free(in); - BIO_free(out); - BIO_free(tbio); - return ret; -} diff --git a/demos/cms/cms_uncomp.c b/demos/cms/cms_uncomp.c deleted file mode 100644 index 35e68ebcc603af8c1bc4dae321518ba6f7a3f2cf..0000000000000000000000000000000000000000 --- a/demos/cms/cms_uncomp.c +++ /dev/null @@ -1,58 +0,0 @@ -/* - * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* Simple S/MIME uncompression example */ -#include -#include -#include - -int main(int argc, char **argv) -{ - BIO *in = NULL, *out = NULL; - CMS_ContentInfo *cms = NULL; - int ret = 1; - - OpenSSL_add_all_algorithms(); - ERR_load_crypto_strings(); - - /* Open compressed content */ - - in = BIO_new_file("smcomp.txt", "r"); - - if (!in) - goto err; - - /* Sign content */ - cms = SMIME_read_CMS(in, NULL); - - if (!cms) - goto err; - - out = BIO_new_file("smuncomp.txt", "w"); - if (!out) - goto err; - - /* Uncompress S/MIME message */ - if (!CMS_uncompress(cms, out, NULL, 0)) - goto err; - - ret = 0; - - err: - - if (ret) { - fprintf(stderr, "Error Uncompressing Data\n"); - ERR_print_errors_fp(stderr); - } - - CMS_ContentInfo_free(cms); - BIO_free(in); - BIO_free(out); - return ret; -} diff --git a/demos/cms/cms_ver.c b/demos/cms/cms_ver.c deleted file mode 100644 index 3c0a7aa19edec5c8287d42c984f76ed26e339e6c..0000000000000000000000000000000000000000 --- a/demos/cms/cms_ver.c +++ /dev/null @@ -1,88 +0,0 @@ -/* - * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* Simple S/MIME verification example */ -#include -#include -#include - -int main(int argc, char **argv) -{ - BIO *in = NULL, *out = NULL, *tbio = NULL, *cont = NULL; - X509_STORE *st = NULL; - X509 *cacert = NULL; - CMS_ContentInfo *cms = NULL; - - int ret = 1; - - OpenSSL_add_all_algorithms(); - ERR_load_crypto_strings(); - - /* Set up trusted CA certificate store */ - - st = X509_STORE_new(); - if (st == NULL) - goto err; - - /* Read in CA certificate */ - tbio = BIO_new_file("cacert.pem", "r"); - - if (tbio == NULL) - goto err; - - cacert = PEM_read_bio_X509(tbio, NULL, 0, NULL); - - if (cacert == NULL) - goto err; - - if (!X509_STORE_add_cert(st, cacert)) - goto err; - - /* Open message being verified */ - - in = BIO_new_file("smout.txt", "r"); - - if (in == NULL) - goto err; - - /* parse message */ - cms = SMIME_read_CMS(in, &cont); - - if (cms == NULL) - goto err; - - /* File to output verified content to */ - out = BIO_new_file("smver.txt", "w"); - if (out == NULL) - goto err; - - if (!CMS_verify(cms, NULL, st, cont, out, 0)) { - fprintf(stderr, "Verification Failure\n"); - goto err; - } - - fprintf(stderr, "Verification Successful\n"); - - ret = 0; - - err: - - if (ret) { - fprintf(stderr, "Error Verifying Data\n"); - ERR_print_errors_fp(stderr); - } - - X509_STORE_free(st); - CMS_ContentInfo_free(cms); - X509_free(cacert); - BIO_free(in); - BIO_free(out); - BIO_free(tbio); - return ret; -} diff --git a/demos/digest/BIO_f_md.c b/demos/digest/BIO_f_md.c deleted file mode 100644 index 2ecc53e137ae2b2c2f6ff39007dcef588363ae4d..0000000000000000000000000000000000000000 --- a/demos/digest/BIO_f_md.c +++ /dev/null @@ -1,122 +0,0 @@ -/*- - * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/*- - * Example of using EVP_MD_fetch and EVP_Digest* methods to calculate - * a digest of static buffers - * You can find SHA3 test vectors from NIST here: - * https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Algorithm-Validation-Program/documents/sha3/sha-3bytetestvectors.zip - * For example, contains these lines: - Len = 80 - Msg = 1ca984dcc913344370cf - MD = 6915ea0eeffb99b9b246a0e34daf3947852684c3d618260119a22835659e4f23d4eb66a15d0affb8e93771578f5e8f25b7a5f2a55f511fb8b96325ba2cd14816 - * use xxd convert the hex message string to binary input for BIO_f_md: - * echo "1ca984dcc913344370cf" | xxd -r -p | ./BIO_f_md - * and then verify the output matches MD above. - */ - -#include -#include -#include -#include -#include - -/*- - * This demonstration will show how to digest data using - * a BIO configured with a message digest - * A message digest name may be passed as an argument. - * The default digest is SHA3-512 - */ - -int main(int argc, char * argv[]) -{ - int result = 1; - OSSL_LIB_CTX *library_context = NULL; - BIO *input = NULL; - BIO *bio_digest = NULL; - EVP_MD *md = NULL; - unsigned char buffer[512]; - size_t readct, writect; - size_t digest_size; - char *digest_value=NULL; - int j; - - input = BIO_new_fd( fileno(stdin), 1 ); - if (input == NULL) { - fprintf(stderr, "BIO_new_fd() for stdin returned NULL\n"); - goto cleanup; - } - library_context = OSSL_LIB_CTX_new(); - if (library_context == NULL) { - fprintf(stderr, "OSSL_LIB_CTX_new() returned NULL\n"); - goto cleanup; - } - - /* - * Fetch a message digest by name - * The algorithm name is case insensitive. - * See providers(7) for details about algorithm fetching - */ - md = EVP_MD_fetch( library_context, "SHA3-512", NULL ); - if (md == NULL) { - fprintf(stderr, "EVP_MD_fetch did not find SHA3-512.\n"); - goto cleanup; - } - digest_size = EVP_MD_get_size(md); - digest_value = OPENSSL_malloc(digest_size); - if (digest_value == NULL) { - fprintf(stderr, "Can't allocate %lu bytes for the digest value.\n", (unsigned long)digest_size); - goto cleanup; - } - /* Make a bio that uses the digest */ - bio_digest = BIO_new(BIO_f_md()); - if (bio_digest == NULL) { - fprintf(stderr, "BIO_new(BIO_f_md()) returned NULL\n"); - goto cleanup; - } - /* set our bio_digest BIO to digest data */ - if (BIO_set_md(bio_digest,md) != 1) { - fprintf(stderr, "BIO_set_md failed.\n"); - goto cleanup; - } - /*- - * We will use BIO chaining so that as we read, the digest gets updated - * See the man page for BIO_push - */ - BIO *reading = BIO_push( bio_digest, input ); - - while( BIO_read(reading, buffer, sizeof(buffer)) > 0 ) - ; - - /*- - * BIO_gets must be used to calculate the final - * digest value and then copy it to digest_value. - */ - if (BIO_gets(bio_digest, digest_value, digest_size) != digest_size) { - fprintf(stderr, "BIO_gets(bio_digest) failed\n"); - goto cleanup; - } - for (j=0; j -#include -#include -#include - -/*- - * This demonstration will show how to digest data using - * the soliloqy from Hamlet scene 1 act 3 - * The soliloqy is split into two parts to demonstrate using EVP_DigestUpdate - * more than once. - */ - -const char * hamlet_1 = - "To be, or not to be, that is the question,\n" - "Whether tis nobler in the minde to suffer\n" - "The ſlings and arrowes of outragious fortune,\n" - "Or to take Armes again in a sea of troubles,\n" - "And by opposing, end them, to die to sleep;\n" - "No more, and by a sleep, to say we end\n" - "The heart-ache, and the thousand natural shocks\n" - "That flesh is heir to? tis a consumation\n" - "Devoutly to be wished. To die to sleep,\n" - "To sleepe, perchance to dreame, Aye, there's the rub,\n" - "For in that sleep of death what dreams may come\n" - "When we haue shuffled off this mortal coil\n" - "Must give us pause. There's the respect\n" - "That makes calamity of so long life:\n" - "For who would bear the Ships and Scorns of time,\n" - "The oppressor's wrong, the proud man's Contumely,\n" - "The pangs of dispised love, the Law's delay,\n" -; -const char * hamlet_2 = - "The insolence of Office, and the spurns\n" - "That patient merit of the'unworthy takes,\n" - "When he himself might his Quietas make\n" - "With a bare bodkin? Who would fardels bear,\n" - "To grunt and sweat under a weary life,\n" - "But that the dread of something after death,\n" - "The undiscovered country, from whose bourn\n" - "No traveller returns, puzzles the will,\n" - "And makes us rather bear those ills we have,\n" - "Then fly to others we know not of?\n" - "Thus conscience does make cowards of us all,\n" - "And thus the native hue of Resolution\n" - "Is sickled o'er with the pale cast of Thought,\n" - "And enterprises of great pith and moment,\n" - "With this regard their currents turn awry,\n" - "And lose the name of Action. Soft you now,\n" - "The fair Ophelia? Nymph in thy Orisons\n" - "Be all my sins remember'd.\n" -; - -/* The known value of the SHA3-512 digest of the above soliloqy */ -const unsigned char known_answer[] = { - 0xbb, 0x69, 0xf8, 0x09, 0x9c, 0x2e, 0x00, 0x3d, - 0xa4, 0x29, 0x5f, 0x59, 0x4b, 0x89, 0xe4, 0xd9, - 0xdb, 0xa2, 0xe5, 0xaf, 0xa5, 0x87, 0x73, 0x9d, - 0x83, 0x72, 0xcf, 0xea, 0x84, 0x66, 0xc1, 0xf9, - 0xc9, 0x78, 0xef, 0xba, 0x3d, 0xe9, 0xc1, 0xff, - 0xa3, 0x75, 0xc7, 0x58, 0x74, 0x8e, 0x9c, 0x1d, - 0x14, 0xd9, 0xdd, 0xd1, 0xfd, 0x24, 0x30, 0xd6, - 0x81, 0xca, 0x8f, 0x78, 0x29, 0x19, 0x9a, 0xfe, -}; - -int demonstrate_digest(void) -{ - OSSL_LIB_CTX *library_context; - int result = 0; - const char *option_properties = NULL; - EVP_MD *message_digest = NULL; - EVP_MD_CTX *digest_context = NULL; - unsigned int digest_length; - unsigned char *digest_value = NULL; - int j; - - library_context = OSSL_LIB_CTX_new(); - if (library_context == NULL) { - fprintf(stderr, "OSSL_LIB_CTX_new() returned NULL\n"); - goto cleanup; - } - - /* - * Fetch a message digest by name - * The algorithm name is case insensitive. - * See providers(7) for details about algorithm fetching - */ - message_digest = EVP_MD_fetch(library_context, - "SHA3-512", option_properties); - if (message_digest == NULL) { - fprintf(stderr, "EVP_MD_fetch could not find SHA3-512."); - goto cleanup; - } - /* Determine the length of the fetched digest type */ - digest_length = EVP_MD_get_size(message_digest); - if (digest_length <= 0) { - fprintf(stderr, "EVP_MD_get_size returned invalid size.\n"); - goto cleanup; - } - - digest_value = OPENSSL_malloc(digest_length); - if (digest_value == NULL) { - fprintf(stderr, "No memory.\n"); - goto cleanup; - } - /* - * Make a message digest context to hold temporary state - * during digest creation - */ - digest_context = EVP_MD_CTX_new(); - if (digest_context == NULL) { - fprintf(stderr, "EVP_MD_CTX_new failed.\n"); - goto cleanup; - } - /* - * Initialize the message digest context to use the fetched - * digest provider - */ - if (EVP_DigestInit(digest_context, message_digest) != 1) { - fprintf(stderr, "EVP_DigestInit failed.\n"); - goto cleanup; - } - /* Digest parts one and two of the soliloqy */ - if (EVP_DigestUpdate(digest_context, hamlet_1, strlen(hamlet_1)) != 1) { - fprintf(stderr, "EVP_DigestUpdate(hamlet_1) failed.\n"); - goto cleanup; - } - if (EVP_DigestUpdate(digest_context, hamlet_2, strlen(hamlet_2)) != 1) { - fprintf(stderr, "EVP_DigestUpdate(hamlet_2) failed.\n"); - goto cleanup; - } - if (EVP_DigestFinal(digest_context, digest_value, &digest_length) != 1) { - fprintf(stderr, "EVP_DigestFinal() failed.\n"); - goto cleanup; - } - for (j=0; j -#include -#include -#include - -/*- - * This demonstration will show how to digest data using - * a BIO created to read from stdin - */ - -int demonstrate_digest(BIO *input) -{ - OSSL_LIB_CTX *library_context = NULL; - int result = 0; - const char * option_properties = NULL; - EVP_MD *message_digest = NULL; - EVP_MD_CTX *digest_context = NULL; - unsigned int digest_length; - unsigned char *digest_value = NULL; - unsigned char buffer[512]; - int ii; - - library_context = OSSL_LIB_CTX_new(); - if (library_context == NULL) { - fprintf(stderr, "OSSL_LIB_CTX_new() returned NULL\n"); - goto cleanup; - } - - /* - * Fetch a message digest by name - * The algorithm name is case insensitive. - * See providers(7) for details about algorithm fetching - */ - message_digest = EVP_MD_fetch(library_context, - "SHA3-512", option_properties); - if (message_digest == NULL) { - fprintf(stderr, "EVP_MD_fetch could not find SHA3-512."); - ERR_print_errors_fp(stderr); - OSSL_LIB_CTX_free(library_context); - return 0; - } - /* Determine the length of the fetched digest type */ - digest_length = EVP_MD_get_size(message_digest); - if (digest_length <= 0) { - fprintf(stderr, "EVP_MD_get_size returned invalid size.\n"); - goto cleanup; - } - - digest_value = OPENSSL_malloc(digest_length); - if (digest_value == NULL) { - fprintf(stderr, "No memory.\n"); - goto cleanup; - } - /* - * Make a message digest context to hold temporary state - * during digest creation - */ - digest_context = EVP_MD_CTX_new(); - if (digest_context == NULL) { - fprintf(stderr, "EVP_MD_CTX_new failed.\n"); - ERR_print_errors_fp(stderr); - goto cleanup; - } - /* - * Initialize the message digest context to use the fetched - * digest provider - */ - if (EVP_DigestInit(digest_context, message_digest) != 1) { - fprintf(stderr, "EVP_DigestInit failed.\n"); - ERR_print_errors_fp(stderr); - goto cleanup; - } - while ((ii = BIO_read(input, buffer, sizeof(buffer))) > 0) { - if (EVP_DigestUpdate(digest_context, buffer, ii) != 1) { - fprintf(stderr, "EVP_DigestUpdate() failed.\n"); - goto cleanup; - } - } - if (EVP_DigestFinal(digest_context, digest_value, &digest_length) != 1) { - fprintf(stderr, "EVP_DigestFinal() failed.\n"); - goto cleanup; - } - result = 1; - for (ii=0; ii -#include -#include -#include -#include - -/* - * Example of using an extendable-output hash function (XOF). A XOF is a hash - * function with configurable output length and which can generate an - * arbitrarily large output. - * - * This example uses SHAKE256, an extendable output variant of SHA3 (Keccak). - * - * To generate different output lengths, you can pass a single integer argument - * on the command line, which is the output size in bytes. By default, a 20-byte - * output is generated and (for this length only) a known answer test is - * performed. - */ - -/* Our input to the XOF hash function. */ -const char message[] = "This is a test message."; - -/* Expected output when an output length of 20 bytes is used. */ -static const char known_answer[] = { - 0x52, 0x97, 0x93, 0x78, 0x27, 0x58, 0x7d, 0x62, - 0x8b, 0x00, 0x25, 0xb5, 0xec, 0x39, 0x5e, 0x2d, - 0x7f, 0x3e, 0xd4, 0x19 -}; - -/* - * A property query used for selecting the SHAKE256 implementation. - */ -static const char *propq = NULL; - -int main(int argc, char **argv) -{ - int rv = 1; - OSSL_LIB_CTX *libctx = NULL; - EVP_MD *md = NULL; - EVP_MD_CTX *ctx = NULL; - unsigned int digest_len = 20; - int digest_len_i; - unsigned char *digest = NULL; - - /* Allow digest length to be changed for demonstration purposes. */ - if (argc > 1) { - digest_len_i = atoi(argv[1]); - if (digest_len_i <= 0) { - fprintf(stderr, "Specify a non-negative digest length\n"); - goto end; - } - - digest_len = (unsigned int)digest_len_i; - } - - /* - * Retrieve desired algorithm. This must be a hash algorithm which supports - * XOF. - */ - md = EVP_MD_fetch(libctx, "SHAKE256", propq); - if (md == NULL) { - fprintf(stderr, "Failed to retrieve SHAKE256 algorithm\n"); - goto end; - } - - /* Create context. */ - ctx = EVP_MD_CTX_new(); - if (ctx == NULL) { - fprintf(stderr, "Failed to create digest context\n"); - goto end; - } - - /* Initialize digest context. */ - if (EVP_DigestInit(ctx, md) == 0) { - fprintf(stderr, "Failed to initialize digest\n"); - goto end; - } - - /* - * Feed our message into the digest function. - * This may be called multiple times. - */ - if (EVP_DigestUpdate(ctx, message, sizeof(message)) == 0) { - fprintf(stderr, "Failed to hash input message\n"); - goto end; - } - - /* Allocate enough memory for our digest length. */ - digest = OPENSSL_malloc(digest_len); - if (digest == NULL) { - fprintf(stderr, "Failed to allocate memory for digest\n"); - goto end; - } - - /* Get computed digest. The digest will be of whatever length we specify. */ - if (EVP_DigestFinalXOF(ctx, digest, digest_len) == 0) { - fprintf(stderr, "Failed to finalize hash\n"); - goto end; - } - - printf("Output digest:\n"); - BIO_dump_indent_fp(stdout, digest, digest_len, 2); - - /* If digest length is 20 bytes, check it matches our known answer. */ - if (digest_len == 20) { - /* - * Always use a constant-time function such as CRYPTO_memcmp - * when comparing cryptographic values. Do not use memcmp(3). - */ - if (CRYPTO_memcmp(digest, known_answer, sizeof(known_answer)) != 0) { - fprintf(stderr, "Output does not match expected result\n"); - goto end; - } - } - - rv = 0; -end: - OPENSSL_free(digest); - EVP_MD_CTX_free(ctx); - EVP_MD_free(md); - OSSL_LIB_CTX_free(libctx); - return rv; -} diff --git a/demos/digest/Makefile b/demos/digest/Makefile deleted file mode 100644 index 0bfb6dd5f04470038f9796728f2552ea1660c1bf..0000000000000000000000000000000000000000 --- a/demos/digest/Makefile +++ /dev/null @@ -1,23 +0,0 @@ -# -# To run the demos when linked with a shared library (default): -# -# LD_LIBRARY_PATH=../.. ./EVP_MD_demo - -CFLAGS = -I../../include -g -Wall -LDFLAGS = -L../.. -LDLIBS = -lcrypto - -all: EVP_MD_demo EVP_MD_stdin EVP_MD_xof BIO_f_md - -%.o: %.c - $(CC) $(CFLAGS) -c $< - -EVP_MD_demo: EVP_MD_demo.o -EVP_MD_stdin: EVP_MD_stdin.o -EVP_MD_xof: EVP_MD_xof.o -BIO_f_md: BIO_f_md.o - -test: ; - -clean: - $(RM) *.o EVP_MD_demo EVP_MD_stdin EVP_MD_xof BIO_f_md diff --git a/demos/encode/Makefile b/demos/encode/Makefile deleted file mode 100644 index b88d76b51de353254321be7edea18909dda3587c..0000000000000000000000000000000000000000 --- a/demos/encode/Makefile +++ /dev/null @@ -1,20 +0,0 @@ -# -# To run the demos when linked with a shared library (default): -# -# LD_LIBRARY_PATH=../.. ./rsa_encode - -CFLAGS = -I../../include -g -Wall -LDFLAGS = -L../.. -LDLIBS = -lcrypto - -all: ec_encode rsa_encode - -%.o: %.c - $(CC) $(CFLAGS) -c $< - -%_encode: %_encode.o - -test: ; - -clean: - $(RM) *.o rsa_encode ec_encode diff --git a/demos/encode/ec_encode.c b/demos/encode/ec_encode.c deleted file mode 100644 index 8c296fbad852ea5293f25b32ce12210fd200c8f4..0000000000000000000000000000000000000000 --- a/demos/encode/ec_encode.c +++ /dev/null @@ -1,205 +0,0 @@ -/*- - * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ -#include -#include -#include -#include - -/* - * Example showing the encoding and decoding of EC public and private keys. A - * PEM-encoded EC key is read in from stdin, decoded, and then re-encoded and - * output for demonstration purposes. Both public and private keys are accepted. - * - * This can be used to load EC keys from a file or save EC keys to a file. - */ - -/* A property query used for selecting algorithm implementations. */ -static const char *propq = NULL; - -/* - * Load a PEM-encoded EC key from a file, optionally decrypting it with a - * supplied passphrase. - */ -static EVP_PKEY *load_key(OSSL_LIB_CTX *libctx, FILE *f, const char *passphrase) -{ - int rv = 0; - EVP_PKEY *pkey = NULL; - OSSL_DECODER_CTX *dctx = NULL; - int selection = 0; - - /* - * Create PEM decoder context expecting an EC key. - * - * For raw (non-PEM-encoded) keys, change "PEM" to "DER". - * - * The selection argument here specifies whether we are willing to accept a - * public key, private key, or either. If it is set to zero, either will be - * accepted. If set to EVP_PKEY_KEYPAIR, a private key will be required, and - * if set to EVP_PKEY_PUBLIC_KEY, a public key will be required. - */ - dctx = OSSL_DECODER_CTX_new_for_pkey(&pkey, "PEM", NULL, "EC", - selection, - libctx, propq); - if (dctx == NULL) { - fprintf(stderr, "OSSL_DECODER_CTX_new_for_pkey() failed\n"); - goto cleanup; - } - - /* - * Set passphrase if provided; needed to decrypt encrypted PEM files. - * If the input is not encrypted, any passphrase provided is ignored. - * - * Alternative methods for specifying passphrases exist, such as a callback - * (see OSSL_DECODER_CTX_set_passphrase_cb(3)), which may be more useful for - * interactive applications which do not know if a passphrase should be - * prompted for in advance, or for GUI applications. - */ - if (passphrase != NULL) { - if (OSSL_DECODER_CTX_set_passphrase(dctx, - (const unsigned char *)passphrase, - strlen(passphrase)) == 0) { - fprintf(stderr, "OSSL_DECODER_CTX_set_passphrase() failed\n"); - goto cleanup; - } - } - - /* Do the decode, reading from file. */ - if (OSSL_DECODER_from_fp(dctx, f) == 0) { - fprintf(stderr, "OSSL_DECODER_from_fp() failed\n"); - goto cleanup; - } - - rv = 1; -cleanup: - OSSL_DECODER_CTX_free(dctx); - - /* - * pkey is created by OSSL_DECODER_CTX_new_for_pkey, but we - * might fail subsequently, so ensure it's properly freed - * in this case. - */ - if (rv == 0) { - EVP_PKEY_free(pkey); - pkey = NULL; - } - - return pkey; -} - -/* - * Store a EC public or private key to a file using PEM encoding. - * - * If a passphrase is supplied, the file is encrypted, otherwise - * it is unencrypted. - */ -static int store_key(EVP_PKEY *pkey, FILE *f, const char *passphrase) -{ - int rv = 0; - int selection; - OSSL_ENCODER_CTX *ectx = NULL; - - /* - * Create a PEM encoder context. - * - * For raw (non-PEM-encoded) output, change "PEM" to "DER". - * - * The selection argument controls whether the private key is exported - * (EVP_PKEY_KEYPAIR), or only the public key (EVP_PKEY_PUBLIC_KEY). The - * former will fail if we only have a public key. - * - * Note that unlike the decode API, you cannot specify zero here. - * - * Purely for the sake of demonstration, here we choose to export the whole - * key if a passphrase is provided and the public key otherwise. - */ - selection = (passphrase != NULL) - ? EVP_PKEY_KEYPAIR - : EVP_PKEY_PUBLIC_KEY; - - ectx = OSSL_ENCODER_CTX_new_for_pkey(pkey, selection, "PEM", NULL, propq); - if (ectx == NULL) { - fprintf(stderr, "OSSL_ENCODER_CTX_new_for_pkey() failed\n"); - goto cleanup; - } - - /* - * Set passphrase if provided; the encoded output will then be encrypted - * using the passphrase. - * - * Alternative methods for specifying passphrases exist, such as a callback - * (see OSSL_ENCODER_CTX_set_passphrase_cb(3), just as for OSSL_DECODER_CTX; - * however you are less likely to need them as you presumably know whether - * encryption is desired in advance. - * - * Note that specifying a passphrase alone is not enough to cause the - * key to be encrypted. You must set both a cipher and a passphrase. - */ - if (passphrase != NULL) { - /* - * Set cipher. Let's use AES-256-CBC, because it is - * more quantum resistant. - */ - if (OSSL_ENCODER_CTX_set_cipher(ectx, "AES-256-CBC", propq) == 0) { - fprintf(stderr, "OSSL_ENCODER_CTX_set_cipher() failed\n"); - goto cleanup; - } - - /* Set passphrase. */ - if (OSSL_ENCODER_CTX_set_passphrase(ectx, - (const unsigned char *)passphrase, - strlen(passphrase)) == 0) { - fprintf(stderr, "OSSL_ENCODER_CTX_set_passphrase() failed\n"); - goto cleanup; - } - } - - /* Do the encode, writing to the given file. */ - if (OSSL_ENCODER_to_fp(ectx, f) == 0) { - fprintf(stderr, "OSSL_ENCODER_to_fp() failed\n"); - goto cleanup; - } - - rv = 1; -cleanup: - OSSL_ENCODER_CTX_free(ectx); - return rv; -} - -int main(int argc, char **argv) -{ - int rv = 1; - OSSL_LIB_CTX *libctx = NULL; - EVP_PKEY *pkey = NULL; - const char *passphrase_in = NULL, *passphrase_out = NULL; - - /* usage: ec_encode */ - if (argc > 1 && argv[1][0]) - passphrase_in = argv[1]; - - if (argc > 2 && argv[2][0]) - passphrase_out = argv[2]; - - /* Decode PEM key from stdin and then PEM encode it to stdout. */ - pkey = load_key(libctx, stdin, passphrase_in); - if (pkey == NULL) { - fprintf(stderr, "Failed to decode key\n"); - goto cleanup; - } - - if (store_key(pkey, stdout, passphrase_out) == 0) { - fprintf(stderr, "Failed to encode key\n"); - goto cleanup; - } - - rv = 0; -cleanup: - EVP_PKEY_free(pkey); - OSSL_LIB_CTX_free(libctx); - return rv; -} diff --git a/demos/kdf/Makefile b/demos/kdf/Makefile deleted file mode 100644 index 0aa5113105045c2852350c7afb90fb4d600a5e94..0000000000000000000000000000000000000000 --- a/demos/kdf/Makefile +++ /dev/null @@ -1,22 +0,0 @@ -# -# To run the demos when linked with a shared library (default): -# -# LD_LIBRARY_PATH=../.. ./hkdf - -CFLAGS = -I../../include -g -LDFLAGS = -L../.. -LDLIBS = -lcrypto - -all: hkdf pbkdf2 scrypt - -%.o: %.c - $(CC) $(CFLAGS) -c $< - -hkdf: hkdf.o -pbkdf2: pbkdf2.o -scrypt: scrypt.o - -test: ; - -clean: - $(RM) *.o hkdf pbkdf2 scrypt diff --git a/demos/kdf/hkdf.c b/demos/kdf/hkdf.c deleted file mode 100644 index cb7a170e948e9f80553cdc36c42a2a0b36cd7d0d..0000000000000000000000000000000000000000 --- a/demos/kdf/hkdf.c +++ /dev/null @@ -1,104 +0,0 @@ -/* - * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include -#include -#include - -/* - * test vector from - * https://datatracker.ietf.org/doc/html/rfc5869 - */ - -static unsigned char hkdf_salt[] = { - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, - 0x0c -}; - -static unsigned char hkdf_ikm[] = { - 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, - 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b -}; - -static unsigned char hkdf_info[] = { - 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 0xf8, 0xf9 -}; - -/* Expected output keying material */ -static unsigned char hkdf_okm[] = { - 0x3c, 0xb2, 0x5f, 0x25, 0xfa, 0xac, 0xd5, 0x7a, 0x90, 0x43, 0x4f, 0x64, - 0xd0, 0x36, 0x2f, 0x2a, 0x2d, 0x2d, 0x0a, 0x90, 0xcf, 0x1a, 0x5a, 0x4c, - 0x5d, 0xb0, 0x2d, 0x56, 0xec, 0xc4, 0xc5, 0xbf, 0x34, 0x00, 0x72, 0x08, - 0xd5, 0xb8, 0x87, 0x18, 0x58, 0x65 -}; - -int main(int argc, char **argv) -{ - int rv = 1; - EVP_KDF *kdf = NULL; - EVP_KDF_CTX *kctx = NULL; - unsigned char out[42]; - OSSL_PARAM params[5], *p = params; - OSSL_LIB_CTX *library_context = NULL; - - library_context = OSSL_LIB_CTX_new(); - if (library_context == NULL) { - fprintf(stderr, "OSSL_LIB_CTX_new() returned NULL\n"); - goto end; - } - - /* Fetch the key derivation function implementation */ - kdf = EVP_KDF_fetch(library_context, "HKDF", NULL); - if (kdf == NULL) { - fprintf(stderr, "EVP_KDF_fetch() returned NULL\n"); - goto end; - } - - /* Create a context for the key derivation operation */ - kctx = EVP_KDF_CTX_new(kdf); - if (kctx == NULL) { - fprintf(stderr, "EVP_KDF_CTX_new() returned NULL\n"); - goto end; - } - - /* Set the underlying hash function used to derive the key */ - *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, - "SHA256", 0); - /* Set input keying material */ - *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, hkdf_ikm, - sizeof(hkdf_ikm)); - /* Set application specific information */ - *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, hkdf_info, - sizeof(hkdf_info)); - /* Set salt */ - *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT, hkdf_salt, - sizeof(hkdf_salt)); - *p = OSSL_PARAM_construct_end(); - - /* Derive the key */ - if (EVP_KDF_derive(kctx, out, sizeof(out), params) != 1) { - fprintf(stderr, "EVP_KDF_derive() failed\n"); - goto end; - } - - if (CRYPTO_memcmp(hkdf_okm, out, sizeof(hkdf_okm)) != 0) { - fprintf(stderr, "Generated key does not match expected value\n"); - goto end; - } - - rv = 0; -end: - EVP_KDF_CTX_free(kctx); - EVP_KDF_free(kdf); - OSSL_LIB_CTX_free(library_context); - return rv; -} diff --git a/demos/kdf/pbkdf2.c b/demos/kdf/pbkdf2.c deleted file mode 100644 index 3e0adaee795f1a58323daf34e95c50bf85fc50cf..0000000000000000000000000000000000000000 --- a/demos/kdf/pbkdf2.c +++ /dev/null @@ -1,117 +0,0 @@ -/* - * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include -#include -#include - -/* - * test vector from - * https://datatracker.ietf.org/doc/html/rfc7914 - */ - -/* - * Hard coding a password into an application is very bad. - * It is done here solely for educational purposes. - */ -static unsigned char password[] = { - 'P', 'a', 's', 's', 'w', 'o', 'r', 'd' -}; - -/* - * The salt is better not being hard coded too. Each password should have a - * different salt if possible. The salt is not considered secret information - * and is safe to store with an encrypted password. - */ -static unsigned char pbkdf2_salt[] = { - 'N', 'a', 'C', 'l' -}; - -/* - * The iteration parameter can be variable or hard coded. The disadvantage with - * hard coding them is that they cannot easily be adjusted for future - * technological improvements appear. - */ -static unsigned int pbkdf2_iterations = 80000; - -static const unsigned char expected_output[] = { - - 0x4d, 0xdc, 0xd8, 0xf6, 0x0b, 0x98, 0xbe, 0x21, - 0x83, 0x0c, 0xee, 0x5e, 0xf2, 0x27, 0x01, 0xf9, - 0x64, 0x1a, 0x44, 0x18, 0xd0, 0x4c, 0x04, 0x14, - 0xae, 0xff, 0x08, 0x87, 0x6b, 0x34, 0xab, 0x56, - 0xa1, 0xd4, 0x25, 0xa1, 0x22, 0x58, 0x33, 0x54, - 0x9a, 0xdb, 0x84, 0x1b, 0x51, 0xc9, 0xb3, 0x17, - 0x6a, 0x27, 0x2b, 0xde, 0xbb, 0xa1, 0xd0, 0x78, - 0x47, 0x8f, 0x62, 0xb3, 0x97, 0xf3, 0x3c, 0x8d -}; - -int main(int argc, char **argv) -{ - int rv = 1; - EVP_KDF *kdf = NULL; - EVP_KDF_CTX *kctx = NULL; - unsigned char out[64]; - OSSL_PARAM params[5], *p = params; - OSSL_LIB_CTX *library_context = NULL; - - library_context = OSSL_LIB_CTX_new(); - if (library_context == NULL) { - fprintf(stderr, "OSSL_LIB_CTX_new() returned NULL\n"); - goto end; - } - - /* Fetch the key derivation function implementation */ - kdf = EVP_KDF_fetch(library_context, "PBKDF2", NULL); - if (kdf == NULL) { - fprintf(stderr, "EVP_KDF_fetch() returned NULL\n"); - goto end; - } - - /* Create a context for the key derivation operation */ - kctx = EVP_KDF_CTX_new(kdf); - if (kctx == NULL) { - fprintf(stderr, "EVP_KDF_CTX_new() returned NULL\n"); - goto end; - } - - /* Set password */ - *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_PASSWORD, password, - sizeof(password)); - /* Set salt */ - *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT, pbkdf2_salt, - sizeof(pbkdf2_salt)); - /* Set iteration count (default 2048) */ - *p++ = OSSL_PARAM_construct_uint(OSSL_KDF_PARAM_ITER, &pbkdf2_iterations); - /* Set the underlying hash function used to derive the key */ - *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, - "SHA256", 0); - *p = OSSL_PARAM_construct_end(); - - /* Derive the key */ - if (EVP_KDF_derive(kctx, out, sizeof(out), params) != 1) { - fprintf(stderr, "EVP_KDF_derive() failed\n"); - goto end; - } - - if (CRYPTO_memcmp(expected_output, out, sizeof(expected_output)) != 0) { - fprintf(stderr, "Generated key does not match expected value\n"); - goto end; - } - - rv = 0; -end: - EVP_KDF_CTX_free(kctx); - EVP_KDF_free(kdf); - OSSL_LIB_CTX_free(library_context); - return rv; -} diff --git a/demos/kdf/scrypt.c b/demos/kdf/scrypt.c deleted file mode 100644 index 2be99088007e36e8287cab136bc5810de9d503b9..0000000000000000000000000000000000000000 --- a/demos/kdf/scrypt.c +++ /dev/null @@ -1,120 +0,0 @@ -/* - * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include -#include -#include - -/* - * test vector from - * https://datatracker.ietf.org/doc/html/rfc7914 - */ - -/* - * Hard coding a password into an application is very bad. - * It is done here solely for educational purposes. - */ -static unsigned char password[] = { - 'p', 'a', 's', 's', 'w', 'o', 'r', 'd' -}; - -/* - * The salt is better not being hard coded too. Each password should have a - * different salt if possible. The salt is not considered secret information - * and is safe to store with an encrypted password. - */ -static unsigned char scrypt_salt[] = { - 'N', 'a', 'C', 'l' -}; - -/* - * The SCRYPT parameters can be variable or hard coded. The disadvantage with - * hard coding them is that they cannot easily be adjusted for future - * technological improvements appear. - */ -static unsigned int scrypt_n = 1024; -static unsigned int scrypt_r = 8; -static unsigned int scrypt_p = 16; - -static const unsigned char expected_output[] = { - - 0xfd, 0xba, 0xbe, 0x1c, 0x9d, 0x34, 0x72, 0x00, - 0x78, 0x56, 0xe7, 0x19, 0x0d, 0x01, 0xe9, 0xfe, - 0x7c, 0x6a, 0xd7, 0xcb, 0xc8, 0x23, 0x78, 0x30, - 0xe7, 0x73, 0x76, 0x63, 0x4b, 0x37, 0x31, 0x62, - 0x2e, 0xaf, 0x30, 0xd9, 0x2e, 0x22, 0xa3, 0x88, - 0x6f, 0xf1, 0x09, 0x27, 0x9d, 0x98, 0x30, 0xda, - 0xc7, 0x27, 0xaf, 0xb9, 0x4a, 0x83, 0xee, 0x6d, - 0x83, 0x60, 0xcb, 0xdf, 0xa2, 0xcc, 0x06, 0x40 -}; - -int main(int argc, char **argv) -{ - int rv = 1; - EVP_KDF *kdf = NULL; - EVP_KDF_CTX *kctx = NULL; - unsigned char out[64]; - OSSL_PARAM params[6], *p = params; - OSSL_LIB_CTX *library_context = NULL; - - library_context = OSSL_LIB_CTX_new(); - if (library_context == NULL) { - fprintf(stderr, "OSSL_LIB_CTX_new() returned NULL\n"); - goto end; - } - - /* Fetch the key derivation function implementation */ - kdf = EVP_KDF_fetch(library_context, "SCRYPT", NULL); - if (kdf == NULL) { - fprintf(stderr, "EVP_KDF_fetch() returned NULL\n"); - goto end; - } - - /* Create a context for the key derivation operation */ - kctx = EVP_KDF_CTX_new(kdf); - if (kctx == NULL) { - fprintf(stderr, "EVP_KDF_CTX_new() returned NULL\n"); - goto end; - } - - /* Set password */ - *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_PASSWORD, password, - sizeof(password)); - /* Set salt */ - *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT, scrypt_salt, - sizeof(scrypt_salt)); - /* Set N (default 1048576) */ - *p++ = OSSL_PARAM_construct_uint(OSSL_KDF_PARAM_SCRYPT_N, &scrypt_n); - /* Set R (default 8) */ - *p++ = OSSL_PARAM_construct_uint(OSSL_KDF_PARAM_SCRYPT_R, &scrypt_r); - /* Set P (default 1) */ - *p++ = OSSL_PARAM_construct_uint(OSSL_KDF_PARAM_SCRYPT_P, &scrypt_p); - *p = OSSL_PARAM_construct_end(); - - /* Derive the key */ - if (EVP_KDF_derive(kctx, out, sizeof(out), params) != 1) { - fprintf(stderr, "EVP_KDF_derive() failed\n"); - goto end; - } - - if (CRYPTO_memcmp(expected_output, out, sizeof(expected_output)) != 0) { - fprintf(stderr, "Generated key does not match expected value\n"); - goto end; - } - - rv = 0; -end: - EVP_KDF_CTX_free(kctx); - EVP_KDF_free(kdf); - OSSL_LIB_CTX_free(library_context); - return rv; -} diff --git a/demos/keyexch/x25519.c b/demos/keyexch/x25519.c deleted file mode 100644 index bd35e0a98c14533280ee92a608fc7c7cc4acec3f..0000000000000000000000000000000000000000 --- a/demos/keyexch/x25519.c +++ /dev/null @@ -1,278 +0,0 @@ -/* - * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include - -/* - * This is a demonstration of key exchange using X25519. - * - * The variables beginning `peer1_` / `peer2_` are data which would normally be - * accessible to that peer. - * - * Ordinarily you would use random keys, which are demonstrated - * below when use_kat=0. A known answer test is demonstrated - * when use_kat=1. - */ - -/* A property query used for selecting the X25519 implementation. */ -static const char *propq = NULL; - -static const unsigned char peer1_privk_data[32] = { - 0x80, 0x5b, 0x30, 0x20, 0x25, 0x4a, 0x70, 0x2c, - 0xad, 0xa9, 0x8d, 0x7d, 0x47, 0xf8, 0x1b, 0x20, - 0x89, 0xd2, 0xf9, 0x14, 0xac, 0x92, 0x27, 0xf2, - 0x10, 0x7e, 0xdb, 0x21, 0xbd, 0x73, 0x73, 0x5d -}; - -static const unsigned char peer2_privk_data[32] = { - 0xf8, 0x84, 0x19, 0x69, 0x79, 0x13, 0x0d, 0xbd, - 0xb1, 0x76, 0xd7, 0x0e, 0x7e, 0x0f, 0xb6, 0xf4, - 0x8c, 0x4a, 0x8c, 0x5f, 0xd8, 0x15, 0x09, 0x0a, - 0x71, 0x78, 0x74, 0x92, 0x0f, 0x85, 0xc8, 0x43 -}; - -static const unsigned char expected_result[32] = { - 0x19, 0x71, 0x26, 0x12, 0x74, 0xb5, 0xb1, 0xce, - 0x77, 0xd0, 0x79, 0x24, 0xb6, 0x0a, 0x5c, 0x72, - 0x0c, 0xa6, 0x56, 0xc0, 0x11, 0xeb, 0x43, 0x11, - 0x94, 0x3b, 0x01, 0x45, 0xca, 0x19, 0xfe, 0x09 -}; - -typedef struct peer_data_st { - const char *name; /* name of peer */ - EVP_PKEY *privk; /* privk generated for peer */ - unsigned char pubk_data[32]; /* generated pubk to send to other peer */ - - unsigned char *secret; /* allocated shared secret buffer */ - size_t secret_len; -} PEER_DATA; - -/* - * Prepare for X25519 key exchange. The public key to be sent to the remote peer - * is put in pubk_data, which should be a 32-byte buffer. Returns 1 on success. - */ -static int keyexch_x25519_before( - OSSL_LIB_CTX *libctx, - const unsigned char *kat_privk_data, - PEER_DATA *local_peer) -{ - int rv = 0; - size_t pubk_data_len = 0; - - /* Generate or load X25519 key for the peer */ - if (kat_privk_data != NULL) - local_peer->privk = - EVP_PKEY_new_raw_private_key_ex(libctx, "X25519", propq, - kat_privk_data, - sizeof(peer1_privk_data)); - else - local_peer->privk = EVP_PKEY_Q_keygen(libctx, propq, "X25519"); - - if (local_peer->privk == NULL) { - fprintf(stderr, "Could not load or generate private key\n"); - goto end; - } - - /* Get public key corresponding to the private key */ - if (EVP_PKEY_get_octet_string_param(local_peer->privk, - OSSL_PKEY_PARAM_PUB_KEY, - local_peer->pubk_data, - sizeof(local_peer->pubk_data), - &pubk_data_len) == 0) { - fprintf(stderr, "EVP_PKEY_get_octet_string_param() failed\n"); - goto end; - } - - /* X25519 public keys are always 32 bytes */ - if (pubk_data_len != 32) { - fprintf(stderr, "EVP_PKEY_get_octet_string_param() " - "yielded wrong length\n"); - goto end; - } - - rv = 1; -end: - if (rv == 0) { - EVP_PKEY_free(local_peer->privk); - local_peer->privk = NULL; - } - - return rv; -} - -/* - * Complete X25519 key exchange. remote_peer_pubk_data should be the 32 byte - * public key value received from the remote peer. On success, returns 1 and the - * secret is pointed to by *secret. The caller must free it. - */ -static int keyexch_x25519_after( - OSSL_LIB_CTX *libctx, - int use_kat, - PEER_DATA *local_peer, - const unsigned char *remote_peer_pubk_data) -{ - int rv = 0; - EVP_PKEY *remote_peer_pubk = NULL; - EVP_PKEY_CTX *ctx = NULL; - - local_peer->secret = NULL; - - /* Load public key for remote peer. */ - remote_peer_pubk = - EVP_PKEY_new_raw_public_key_ex(libctx, "X25519", propq, - remote_peer_pubk_data, 32); - if (remote_peer_pubk == NULL) { - fprintf(stderr, "EVP_PKEY_new_raw_public_key_ex() failed\n"); - goto end; - } - - /* Create key exchange context. */ - ctx = EVP_PKEY_CTX_new_from_pkey(libctx, local_peer->privk, propq); - if (ctx == NULL) { - fprintf(stderr, "EVP_PKEY_CTX_new_from_pkey() failed\n"); - goto end; - } - - /* Initialize derivation process. */ - if (EVP_PKEY_derive_init(ctx) == 0) { - fprintf(stderr, "EVP_PKEY_derive_init() failed\n"); - goto end; - } - - /* Configure each peer with the other peer's public key. */ - if (EVP_PKEY_derive_set_peer(ctx, remote_peer_pubk) == 0) { - fprintf(stderr, "EVP_PKEY_derive_set_peer() failed\n"); - goto end; - } - - /* Determine the secret length. */ - if (EVP_PKEY_derive(ctx, NULL, &local_peer->secret_len) == 0) { - fprintf(stderr, "EVP_PKEY_derive() failed\n"); - goto end; - } - - /* - * We are using X25519, so the secret generated will always be 32 bytes. - * However for exposition, the code below demonstrates a generic - * implementation for arbitrary lengths. - */ - if (local_peer->secret_len != 32) { /* unreachable */ - fprintf(stderr, "Secret is always 32 bytes for X25519\n"); - goto end; - } - - /* Allocate memory for shared secrets. */ - local_peer->secret = OPENSSL_malloc(local_peer->secret_len); - if (local_peer->secret == NULL) { - fprintf(stderr, "Could not allocate memory for secret\n"); - goto end; - } - - /* Derive the shared secret. */ - if (EVP_PKEY_derive(ctx, local_peer->secret, - &local_peer->secret_len) == 0) { - fprintf(stderr, "EVP_PKEY_derive() failed\n"); - goto end; - } - - printf("Shared secret (%s):\n", local_peer->name); - BIO_dump_indent_fp(stdout, local_peer->secret, local_peer->secret_len, 2); - putchar('\n'); - - rv = 1; -end: - EVP_PKEY_CTX_free(ctx); - EVP_PKEY_free(remote_peer_pubk); - if (rv == 0) { - OPENSSL_clear_free(local_peer->secret, local_peer->secret_len); - local_peer->secret = NULL; - } - - return rv; -} - -static int keyexch_x25519(int use_kat) -{ - int rv = 0; - OSSL_LIB_CTX *libctx = NULL; - PEER_DATA peer1 = {"peer 1"}, peer2 = {"peer 2"}; - - /* - * Each peer generates its private key and sends its public key - * to the other peer. The private key is stored locally for - * later use. - */ - if (keyexch_x25519_before(libctx, use_kat ? peer1_privk_data : NULL, - &peer1) == 0) - return 0; - - if (keyexch_x25519_before(libctx, use_kat ? peer2_privk_data : NULL, - &peer2) == 0) - return 0; - - /* - * Each peer uses the other peer's public key to perform key exchange. - * After this succeeds, each peer has the same secret in its - * PEER_DATA. - */ - if (keyexch_x25519_after(libctx, use_kat, &peer1, peer2.pubk_data) == 0) - return 0; - - if (keyexch_x25519_after(libctx, use_kat, &peer2, peer1.pubk_data) == 0) - return 0; - - /* - * Here we demonstrate the secrets are equal for exposition purposes. - * - * Although in practice you will generally not need to compare secrets - * produced through key exchange, if you do compare cryptographic secrets, - * always do so using a constant-time function such as CRYPTO_memcmp, never - * using memcmp(3). - */ - if (CRYPTO_memcmp(peer1.secret, peer2.secret, peer1.secret_len) != 0) { - fprintf(stderr, "Negotiated secrets do not match\n"); - goto end; - } - - /* If we are doing the KAT, the secret should equal our reference result. */ - if (use_kat && CRYPTO_memcmp(peer1.secret, expected_result, - peer1.secret_len) != 0) { - fprintf(stderr, "Did not get expected result\n"); - goto end; - } - - rv = 1; -end: - /* The secrets are sensitive, so ensure they are erased before freeing. */ - OPENSSL_clear_free(peer1.secret, peer1.secret_len); - OPENSSL_clear_free(peer2.secret, peer2.secret_len); - - EVP_PKEY_free(peer1.privk); - EVP_PKEY_free(peer2.privk); - OSSL_LIB_CTX_free(libctx); - return rv; -} - -int main(int argc, char **argv) -{ - /* Test X25519 key exchange with known result. */ - printf("Key exchange using known answer (deterministic):\n"); - if (keyexch_x25519(1) == 0) - return 1; - - /* Test X25519 key exchange with random keys. */ - printf("Key exchange using random keys:\n"); - if (keyexch_x25519(0) == 0) - return 1; - - return 0; -} diff --git a/demos/mac/Makefile b/demos/mac/Makefile deleted file mode 100644 index 00d2d8dbe64aca28c6385e002ca299a8e4fa8820..0000000000000000000000000000000000000000 --- a/demos/mac/Makefile +++ /dev/null @@ -1,25 +0,0 @@ -# Quick instruction: -# To build against an OpenSSL built in the source tree, do this: -# -# make OPENSSL_INCS_LOCATION=-I../../include OPENSSL_LIBS_LOCATION=-L../.. -# -# To run the demos when linked with a shared library (default): -# -# LD_LIBRARY_PATH=../.. ./gmac -# LD_LIBRARY_PATH=../.. ./poly1305 - -CFLAGS = $(OPENSSL_INCS_LOCATION) -Wall -LDFLAGS = $(OPENSSL_LIBS_LOCATION) -lssl -lcrypto - -all: gmac hmac-sha512 cmac-aes256 poly1305 - -gmac: gmac.o -hmac-sha512: hmac-sha512.o -cmac-aes256: cmac-aes256.o -poly1305: poly1305.o - -gmac hmac-sha512 cmac-aes256 poly1305: - $(CC) $(CFLAGS) -o $@ $< $(LDFLAGS) - -clean: - $(RM) gmac hmac-sha512 cmac-aes256 poly1305 *.o diff --git a/demos/mac/cmac-aes256.c b/demos/mac/cmac-aes256.c deleted file mode 100644 index 6f4fd78b699f969b1fc1efb938d1ba1efad5f9bc..0000000000000000000000000000000000000000 --- a/demos/mac/cmac-aes256.c +++ /dev/null @@ -1,154 +0,0 @@ -/*- - * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * Example of using EVP_MAC_ methods to calculate - * a CMAC of static buffers - */ - -#include -#include -#include -#include -#include -#include -#include -#include - -/* - * Hard coding the key into an application is very bad. - * It is done here solely for educational purposes. - */ -static unsigned char key[] = { - 0x6c, 0xde, 0x14, 0xf5, 0xd5, 0x2a, 0x4a, 0xdf, - 0x12, 0x39, 0x1e, 0xbf, 0x36, 0xf9, 0x6a, 0x46, - 0x48, 0xd0, 0xb6, 0x51, 0x89, 0xfc, 0x24, 0x85, - 0xa8, 0x8d, 0xdf, 0x7e, 0x80, 0x14, 0xc8, 0xce, -}; - -static const unsigned char data[] = - "To be, or not to be, that is the question,\n" - "Whether tis nobler in the minde to suffer\n" - "The ſlings and arrowes of outragious fortune,\n" - "Or to take Armes again in a sea of troubles,\n" - "And by opposing, end them, to die to sleep;\n" - "No more, and by a sleep, to say we end\n" - "The heart-ache, and the thousand natural shocks\n" - "That flesh is heir to? tis a consumation\n" - "Devoutly to be wished. To die to sleep,\n" - "To sleepe, perchance to dreame, Aye, there's the rub,\n" - "For in that sleep of death what dreams may come\n" - "When we haue shuffled off this mortal coil\n" - "Must give us pause. There's the respect\n" - "That makes calamity of so long life:\n" - "For who would bear the Ships and Scorns of time,\n" - "The oppressor's wrong, the proud man's Contumely,\n" - "The pangs of dispised love, the Law's delay,\n" -; - -/* The known value of the CMAC/AES256 MAC of the above soliloqy */ -static const unsigned char expected_output[] = { - 0x67, 0x92, 0x32, 0x23, 0x50, 0x3d, 0xc5, 0xba, - 0x78, 0xd4, 0x6d, 0x63, 0xf2, 0x2b, 0xe9, 0x56, -}; - -/* - * A property query used for selecting the MAC implementation. - */ -static const char *propq = NULL; - -int main(void) -{ - int rv = EXIT_FAILURE; - OSSL_LIB_CTX *library_context = NULL; - EVP_MAC *mac = NULL; - EVP_MAC_CTX *mctx = NULL; - unsigned char *out = NULL; - size_t out_len = 0; - OSSL_PARAM params[4], *p = params; - char cipher_name[] = "aes256"; - - library_context = OSSL_LIB_CTX_new(); - if (library_context == NULL) { - fprintf(stderr, "OSSL_LIB_CTX_new() returned NULL\n"); - goto end; - } - - /* Fetch the CMAC implementation */ - mac = EVP_MAC_fetch(library_context, "CMAC", propq); - if (mac == NULL) { - fprintf(stderr, "EVP_MAC_fetch() returned NULL\n"); - goto end; - } - - /* Create a context for the CMAC operation */ - mctx = EVP_MAC_CTX_new(mac); - if (mctx == NULL) { - fprintf(stderr, "EVP_MAC_CTX_new() returned NULL\n"); - goto end; - } - - /* The underlying cipher to be used */ - *p++ = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_CIPHER, cipher_name, - sizeof(cipher_name)); - *p = OSSL_PARAM_construct_end(); - - /* Initialise the CMAC operation */ - if (!EVP_MAC_init(mctx, key, sizeof(key), params)) { - fprintf(stderr, "EVP_MAC_init() failed\n"); - goto end; - } - - /* Make one or more calls to process the data to be authenticated */ - if (!EVP_MAC_update(mctx, data, sizeof(data))) { - fprintf(stderr, "EVP_MAC_update() failed\n"); - goto end; - } - - /* Make a call to the final with a NULL buffer to get the length of the MAC */ - if (!EVP_MAC_final(mctx, NULL, &out_len, 0)) { - fprintf(stderr, "EVP_MAC_final() failed\n"); - goto end; - } - out = OPENSSL_malloc(out_len); - if (out == NULL) { - fprintf(stderr, "malloc failed\n"); - goto end; - } - /* Make one call to the final to get the MAC */ - if (!EVP_MAC_final(mctx, out, &out_len, out_len)) { - fprintf(stderr, "EVP_MAC_final() failed\n"); - goto end; - } - - printf("Generated MAC:\n"); - BIO_dump_indent_fp(stdout, out, out_len, 2); - putchar('\n'); - - if (out_len != sizeof(expected_output)) { - fprintf(stderr, "Generated MAC has an unexpected length\n"); - goto end; - } - - if (CRYPTO_memcmp(expected_output, out, sizeof(expected_output)) != 0) { - fprintf(stderr, "Generated MAC does not match expected value\n"); - goto end; - } - - rv = EXIT_SUCCESS; -end: - if (rv != EXIT_SUCCESS) - ERR_print_errors_fp(stderr); - /* OpenSSL free functions will ignore NULL arguments */ - OPENSSL_free(out); - EVP_MAC_CTX_free(mctx); - EVP_MAC_free(mac); - OSSL_LIB_CTX_free(library_context); - return rv; -} diff --git a/demos/mac/gmac.c b/demos/mac/gmac.c deleted file mode 100644 index bdaa9b1daa31a5014f2430f351011d43f5025ac0..0000000000000000000000000000000000000000 --- a/demos/mac/gmac.c +++ /dev/null @@ -1,145 +0,0 @@ -/* - * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include -#include -#include - -/* - * Taken from NIST's GCM Test Vectors - * http://csrc.nist.gov/groups/STM/cavp/ - */ - -/* - * Hard coding the key into an application is very bad. - * It is done here solely for educational purposes. - */ -static unsigned char key[] = { - 0x77, 0xbe, 0x63, 0x70, 0x89, 0x71, 0xc4, 0xe2, - 0x40, 0xd1, 0xcb, 0x79, 0xe8, 0xd7, 0x7f, 0xeb -}; - -/* - * The initialisation vector (IV) is better not being hard coded too. - * Repeating password/IV pairs compromises the integrity of GMAC. - * The IV is not considered secret information and is safe to store with - * an encrypted password. - */ -static unsigned char iv[] = { - 0xe0, 0xe0, 0x0f, 0x19, 0xfe, 0xd7, 0xba, - 0x01, 0x36, 0xa7, 0x97, 0xf3 -}; - -static unsigned char data[] = { - 0x7a, 0x43, 0xec, 0x1d, 0x9c, 0x0a, 0x5a, 0x78, - 0xa0, 0xb1, 0x65, 0x33, 0xa6, 0x21, 0x3c, 0xab -}; - -static const unsigned char expected_output[] = { - 0x20, 0x9f, 0xcc, 0x8d, 0x36, 0x75, 0xed, 0x93, - 0x8e, 0x9c, 0x71, 0x66, 0x70, 0x9d, 0xd9, 0x46 -}; - -/* - * A property query used for selecting the GMAC implementation and the - * underlying GCM mode cipher. - */ -static char *propq = NULL; - -int main(int argc, char **argv) -{ - int rv = EXIT_FAILURE; - EVP_MAC *mac = NULL; - EVP_MAC_CTX *mctx = NULL; - unsigned char out[16]; - OSSL_PARAM params[4], *p = params; - OSSL_LIB_CTX *library_context = NULL; - size_t out_len = 0; - - library_context = OSSL_LIB_CTX_new(); - if (library_context == NULL) { - fprintf(stderr, "OSSL_LIB_CTX_new() returned NULL\n"); - goto end; - } - - /* Fetch the GMAC implementation */ - mac = EVP_MAC_fetch(library_context, "GMAC", propq); - if (mac == NULL) { - fprintf(stderr, "EVP_MAC_fetch() returned NULL\n"); - goto end; - } - - /* Create a context for the GMAC operation */ - mctx = EVP_MAC_CTX_new(mac); - if (mctx == NULL) { - fprintf(stderr, "EVP_MAC_CTX_new() returned NULL\n"); - goto end; - } - - /* GMAC requries a GCM mode cipher to be specified */ - *p++ = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_CIPHER, - "AES-128-GCM", 0); - - /* - * If a non-default property query is required when fetching the GCM mode - * cipher, it needs to be specified too. - */ - if (propq != NULL) - *p++ = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_PROPERTIES, - propq, 0); - - /* Set the initialisation vector (IV) */ - *p++ = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_IV, - iv, sizeof(iv)); - *p = OSSL_PARAM_construct_end(); - - /* Initialise the GMAC operation */ - if (!EVP_MAC_init(mctx, key, sizeof(key), params)) { - fprintf(stderr, "EVP_MAC_init() failed\n"); - goto end; - } - - /* Make one or more calls to process the data to be authenticated */ - if (!EVP_MAC_update(mctx, data, sizeof(data))) { - fprintf(stderr, "EVP_MAC_update() failed\n"); - goto end; - } - - /* Make one call to the final to get the MAC */ - if (!EVP_MAC_final(mctx, out, &out_len, sizeof(out))) { - fprintf(stderr, "EVP_MAC_final() failed\n"); - goto end; - } - - printf("Generated MAC:\n"); - BIO_dump_indent_fp(stdout, out, out_len, 2); - putchar('\n'); - - if (out_len != sizeof(expected_output)) { - fprintf(stderr, "Generated MAC has an unexpected length\n"); - goto end; - } - - if (CRYPTO_memcmp(expected_output, out, sizeof(expected_output)) != 0) { - fprintf(stderr, "Generated MAC does not match expected value\n"); - goto end; - } - - rv = EXIT_SUCCESS; -end: - EVP_MAC_CTX_free(mctx); - EVP_MAC_free(mac); - OSSL_LIB_CTX_free(library_context); - if (rv != EXIT_SUCCESS) - ERR_print_errors_fp(stderr); - return rv; -} diff --git a/demos/mac/hmac-sha512.c b/demos/mac/hmac-sha512.c deleted file mode 100644 index c258b90ee3952b3f8eee702d57187d3d49c544d8..0000000000000000000000000000000000000000 --- a/demos/mac/hmac-sha512.c +++ /dev/null @@ -1,166 +0,0 @@ -/*- - * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * Example of using EVP_MAC_ methods to calculate - * a HMAC of static buffers - */ - -#include -#include -#include -#include -#include -#include -#include -#include - -/* - * Hard coding the key into an application is very bad. - * It is done here solely for educational purposes. - */ -static unsigned char key[] = { - 0x25, 0xfd, 0x12, 0x99, 0xdf, 0xad, 0x1a, 0x03, - 0x0a, 0x81, 0x3c, 0x2d, 0xcc, 0x05, 0xd1, 0x5c, - 0x17, 0x7a, 0x36, 0x73, 0x17, 0xef, 0x41, 0x75, - 0x71, 0x18, 0xe0, 0x1a, 0xda, 0x99, 0xc3, 0x61, - 0x38, 0xb5, 0xb1, 0xe0, 0x82, 0x2c, 0x70, 0xa4, - 0xc0, 0x8e, 0x5e, 0xf9, 0x93, 0x9f, 0xcf, 0xf7, - 0x32, 0x4d, 0x0c, 0xbd, 0x31, 0x12, 0x0f, 0x9a, - 0x15, 0xee, 0x82, 0xdb, 0x8d, 0x29, 0x54, 0x14, -}; - -static const unsigned char data[] = - "To be, or not to be, that is the question,\n" - "Whether tis nobler in the minde to suffer\n" - "The ſlings and arrowes of outragious fortune,\n" - "Or to take Armes again in a sea of troubles,\n" - "And by opposing, end them, to die to sleep;\n" - "No more, and by a sleep, to say we end\n" - "The heart-ache, and the thousand natural shocks\n" - "That flesh is heir to? tis a consumation\n" - "Devoutly to be wished. To die to sleep,\n" - "To sleepe, perchance to dreame, Aye, there's the rub,\n" - "For in that sleep of death what dreams may come\n" - "When we haue shuffled off this mortal coil\n" - "Must give us pause. There's the respect\n" - "That makes calamity of so long life:\n" - "For who would bear the Ships and Scorns of time,\n" - "The oppressor's wrong, the proud man's Contumely,\n" - "The pangs of dispised love, the Law's delay,\n" -; - -/* The known value of the HMAC/SHA3-512 MAC of the above soliloqy */ -static const unsigned char expected_output[] = { - 0x3b, 0x77, 0x5f, 0xf1, 0x4f, 0x9e, 0xb9, 0x23, - 0x8f, 0xdc, 0xa0, 0x68, 0x15, 0x7b, 0x8a, 0xf1, - 0x96, 0x23, 0xaa, 0x3c, 0x1f, 0xe9, 0xdc, 0x89, - 0x11, 0x7d, 0x58, 0x07, 0xe7, 0x96, 0x17, 0xe3, - 0x44, 0x8b, 0x03, 0x37, 0x91, 0xc0, 0x6e, 0x06, - 0x7c, 0x54, 0xe4, 0xa4, 0xcc, 0xd5, 0x16, 0xbb, - 0x5e, 0x4d, 0x64, 0x7d, 0x88, 0x23, 0xc9, 0xb7, - 0x25, 0xda, 0xbe, 0x4b, 0xe4, 0xd5, 0x34, 0x30, -}; - -/* - * A property query used for selecting the MAC implementation. - */ -static const char *propq = NULL; - -int main(void) -{ - int rv = EXIT_FAILURE; - OSSL_LIB_CTX *library_context = NULL; - EVP_MAC *mac = NULL; - EVP_MAC_CTX *mctx = NULL; - EVP_MD_CTX *digest_context = NULL; - unsigned char *out = NULL; - size_t out_len = 0; - OSSL_PARAM params[4], *p = params; - char digest_name[] = "SHA3-512"; - - library_context = OSSL_LIB_CTX_new(); - if (library_context == NULL) { - fprintf(stderr, "OSSL_LIB_CTX_new() returned NULL\n"); - goto end; - } - - /* Fetch the HMAC implementation */ - mac = EVP_MAC_fetch(library_context, "HMAC", propq); - if (mac == NULL) { - fprintf(stderr, "EVP_MAC_fetch() returned NULL\n"); - goto end; - } - - /* Create a context for the HMAC operation */ - mctx = EVP_MAC_CTX_new(mac); - if (mctx == NULL) { - fprintf(stderr, "EVP_MAC_CTX_new() returned NULL\n"); - goto end; - } - - /* The underlying digest to be used */ - *p++ = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST, digest_name, - sizeof(digest_name)); - *p = OSSL_PARAM_construct_end(); - - /* Initialise the HMAC operation */ - if (!EVP_MAC_init(mctx, key, sizeof(key), params)) { - fprintf(stderr, "EVP_MAC_init() failed\n"); - goto end; - } - - /* Make one or more calls to process the data to be authenticated */ - if (!EVP_MAC_update(mctx, data, sizeof(data))) { - fprintf(stderr, "EVP_MAC_update() failed\n"); - goto end; - } - - /* Make a call to the final with a NULL buffer to get the length of the MAC */ - if (!EVP_MAC_final(mctx, NULL, &out_len, 0)) { - fprintf(stderr, "EVP_MAC_final() failed\n"); - goto end; - } - out = OPENSSL_malloc(out_len); - if (out == NULL) { - fprintf(stderr, "malloc failed\n"); - goto end; - } - /* Make one call to the final to get the MAC */ - if (!EVP_MAC_final(mctx, out, &out_len, out_len)) { - fprintf(stderr, "EVP_MAC_final() failed\n"); - goto end; - } - - printf("Generated MAC:\n"); - BIO_dump_indent_fp(stdout, out, out_len, 2); - putchar('\n'); - - if (out_len != sizeof(expected_output)) { - fprintf(stderr, "Generated MAC has an unexpected length\n"); - goto end; - } - - if (CRYPTO_memcmp(expected_output, out, sizeof(expected_output)) != 0) { - fprintf(stderr, "Generated MAC does not match expected value\n"); - goto end; - } - - rv = EXIT_SUCCESS; -end: - if (rv != EXIT_SUCCESS) - ERR_print_errors_fp(stderr); - /* OpenSSL free functions will ignore NULL arguments */ - OPENSSL_free(out); - EVP_MD_CTX_free(digest_context); - EVP_MAC_CTX_free(mctx); - EVP_MAC_free(mac); - OSSL_LIB_CTX_free(library_context); - return rv; -} diff --git a/demos/mac/poly1305.c b/demos/mac/poly1305.c deleted file mode 100644 index 1aa95e583dadde46f84ae13378c6dc03344854d1..0000000000000000000000000000000000000000 --- a/demos/mac/poly1305.c +++ /dev/null @@ -1,209 +0,0 @@ -/* - * Copyright 2021-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include -#include -#include -#include - -/* - * This is a demonstration of how to compute Poly1305-AES using the OpenSSL - * Poly1305 and AES providers and the EVP API. - * - * Please note that: - * - * - Poly1305 must never be used alone and must be used in conjunction with - * another primitive which processes the input nonce to be secure; - * - * - you must never pass a nonce to the Poly1305 primitive directly; - * - * - Poly1305 exhibits catastrophic failure (that is, can be broken) if a - * nonce is ever reused for a given key. - * - * If you are looking for a general purpose MAC, you should consider using a - * different MAC and looking at one of the other examples, unless you have a - * good familiarity with the details and caveats of Poly1305. - * - * This example uses AES, as described in the original paper, "The Poly1305-AES - * message authentication code": - * https://cr.yp.to/mac/poly1305-20050329.pdf - * - * The test vectors below are from that paper. - */ - -/* - * Hard coding the key into an application is very bad. - * It is done here solely for educational purposes. - * These are the "r" and "k" inputs to Poly1305-AES. - */ -static const unsigned char test_r[] = { - 0x85, 0x1f, 0xc4, 0x0c, 0x34, 0x67, 0xac, 0x0b, - 0xe0, 0x5c, 0xc2, 0x04, 0x04, 0xf3, 0xf7, 0x00 -}; - -static const unsigned char test_k[] = { - 0xec, 0x07, 0x4c, 0x83, 0x55, 0x80, 0x74, 0x17, - 0x01, 0x42, 0x5b, 0x62, 0x32, 0x35, 0xad, 0xd6 -}; - -/* - * Hard coding a nonce must not be done under any circumstances and is done here - * purely for demonstration purposes. Please note that Poly1305 exhibits - * catastrophic failure (that is, can be broken) if a nonce is ever reused for a - * given key. - */ -static const unsigned char test_n[] = { - 0xfb, 0x44, 0x73, 0x50, 0xc4, 0xe8, 0x68, 0xc5, - 0x2a, 0xc3, 0x27, 0x5c, 0xf9, 0xd4, 0x32, 0x7e -}; - -/* Input message. */ -static const unsigned char test_m[] = { - 0xf3, 0xf6 -}; - -static const unsigned char expected_output[] = { - 0xf4, 0xc6, 0x33, 0xc3, 0x04, 0x4f, 0xc1, 0x45, - 0xf8, 0x4f, 0x33, 0x5c, 0xb8, 0x19, 0x53, 0xde -}; - -/* - * A property query used for selecting the POLY1305 implementation. - */ -static char *propq = NULL; - -int main(int argc, char **argv) -{ - int rv = EXIT_FAILURE; - EVP_CIPHER *aes = NULL; - EVP_CIPHER_CTX *aesctx = NULL; - EVP_MAC *mac = NULL; - EVP_MAC_CTX *mctx = NULL; - unsigned char composite_key[32]; - unsigned char out[16]; - OSSL_LIB_CTX *library_context = NULL; - size_t out_len = 0; - int aes_len = 0; - - library_context = OSSL_LIB_CTX_new(); - if (library_context == NULL) { - fprintf(stderr, "OSSL_LIB_CTX_new() returned NULL\n"); - goto end; - } - - /* Fetch the Poly1305 implementation */ - mac = EVP_MAC_fetch(library_context, "POLY1305", propq); - if (mac == NULL) { - fprintf(stderr, "EVP_MAC_fetch() returned NULL\n"); - goto end; - } - - /* Create a context for the Poly1305 operation */ - mctx = EVP_MAC_CTX_new(mac); - if (mctx == NULL) { - fprintf(stderr, "EVP_MAC_CTX_new() returned NULL\n"); - goto end; - } - - /* Fetch the AES implementation */ - aes = EVP_CIPHER_fetch(library_context, "AES-128-ECB", propq); - if (aes == NULL) { - fprintf(stderr, "EVP_CIPHER_fetch() returned NULL\n"); - goto end; - } - - /* Create a context for AES */ - aesctx = EVP_CIPHER_CTX_new(); - if (aesctx == NULL) { - fprintf(stderr, "EVP_CIPHER_CTX_new() returned NULL\n"); - goto end; - } - - /* Initialize the AES cipher with the 128-bit key k */ - if (!EVP_EncryptInit_ex(aesctx, aes, NULL, test_k, NULL)) { - fprintf(stderr, "EVP_EncryptInit_ex() failed\n"); - goto end; - } - - /* - * Disable padding for the AES cipher. We do not strictly need to do this as - * we are encrypting a single block and thus there are no alignment or - * padding concerns, but this ensures that the operation below fails if - * padding would be required for some reason, which in this circumstance - * would indicate an implementation bug. - */ - if (!EVP_CIPHER_CTX_set_padding(aesctx, 0)) { - fprintf(stderr, "EVP_CIPHER_CTX_set_padding() failed\n"); - goto end; - } - - /* - * Computes the value AES_k(n) which we need for our Poly1305-AES - * computation below. - */ - if (!EVP_EncryptUpdate(aesctx, composite_key + 16, &aes_len, - test_n, sizeof(test_n))) { - fprintf(stderr, "EVP_EncryptUpdate() failed\n"); - goto end; - } - - /* - * The Poly1305 provider expects the key r to be passed as the first 16 - * bytes of the "key" and the processed nonce (that is, AES_k(n)) to be - * passed as the second 16 bytes of the "key". We already put the processed - * nonce in the correct place above, so copy r into place. - */ - memcpy(composite_key, test_r, 16); - - /* Initialise the Poly1305 operation */ - if (!EVP_MAC_init(mctx, composite_key, sizeof(composite_key), NULL)) { - fprintf(stderr, "EVP_MAC_init() failed\n"); - goto end; - } - - /* Make one or more calls to process the data to be authenticated */ - if (!EVP_MAC_update(mctx, test_m, sizeof(test_m))) { - fprintf(stderr, "EVP_MAC_update() failed\n"); - goto end; - } - - /* Make one call to the final to get the MAC */ - if (!EVP_MAC_final(mctx, out, &out_len, sizeof(out))) { - fprintf(stderr, "EVP_MAC_final() failed\n"); - goto end; - } - - printf("Generated MAC:\n"); - BIO_dump_indent_fp(stdout, out, out_len, 2); - putchar('\n'); - - if (out_len != sizeof(expected_output)) { - fprintf(stderr, "Generated MAC has an unexpected length\n"); - goto end; - } - - if (CRYPTO_memcmp(expected_output, out, sizeof(expected_output)) != 0) { - fprintf(stderr, "Generated MAC does not match expected value\n"); - goto end; - } - - rv = EXIT_SUCCESS; -end: - EVP_CIPHER_CTX_free(aesctx); - EVP_CIPHER_free(aes); - EVP_MAC_CTX_free(mctx); - EVP_MAC_free(mac); - OSSL_LIB_CTX_free(library_context); - if (rv != EXIT_SUCCESS) - ERR_print_errors_fp(stderr); - return rv; -} diff --git a/demos/mac/siphash.c b/demos/mac/siphash.c deleted file mode 100644 index 4d36a9d4868b865a10932e1394db7982ed728a44..0000000000000000000000000000000000000000 --- a/demos/mac/siphash.c +++ /dev/null @@ -1,129 +0,0 @@ -/* - * Copyright 2021-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include -#include -#include - -/* - * Taken from the test vector from the paper "SipHash: a fast short-input PRF". - * https://www.aumasson.jp/siphash/siphash.pdf - */ - -/* - * Hard coding the key into an application is very bad. - * It is done here solely for educational purposes. - */ -static unsigned char key[] = { - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f -}; - -static unsigned char data[] = { - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e -}; - -static const unsigned char expected_output[] = { - 0xe5, 0x45, 0xbe, 0x49, 0x61, 0xca, 0x29, 0xa1 -}; - -/* - * A property query used for selecting the SIPHASH implementation. - */ -static char *propq = NULL; - -int main(int argc, char **argv) -{ - int rv = EXIT_FAILURE; - EVP_MAC *mac = NULL; - EVP_MAC_CTX *mctx = NULL; - unsigned char out[8]; - OSSL_PARAM params[4], *p = params; - OSSL_LIB_CTX *library_context = NULL; - unsigned int digest_len = 8, c_rounds = 2, d_rounds = 4; - size_t out_len = 0; - - library_context = OSSL_LIB_CTX_new(); - if (library_context == NULL) { - fprintf(stderr, "OSSL_LIB_CTX_new() returned NULL\n"); - goto end; - } - - /* Fetch the SipHash implementation */ - mac = EVP_MAC_fetch(library_context, "SIPHASH", propq); - if (mac == NULL) { - fprintf(stderr, "EVP_MAC_fetch() returned NULL\n"); - goto end; - } - - /* Create a context for the SipHash operation */ - mctx = EVP_MAC_CTX_new(mac); - if (mctx == NULL) { - fprintf(stderr, "EVP_MAC_CTX_new() returned NULL\n"); - goto end; - } - - /* SipHash can support either 8 or 16-byte digests. */ - *p++ = OSSL_PARAM_construct_uint(OSSL_MAC_PARAM_SIZE, &digest_len); - - /* - * The number of C-rounds and D-rounds is configurable. Standard SipHash - * uses values of 2 and 4 respectively. The following lines are unnecessary - * as they set the default, but demonstrate how to change these values. - */ - *p++ = OSSL_PARAM_construct_uint(OSSL_MAC_PARAM_C_ROUNDS, &c_rounds); - *p++ = OSSL_PARAM_construct_uint(OSSL_MAC_PARAM_D_ROUNDS, &d_rounds); - - *p = OSSL_PARAM_construct_end(); - - /* Initialise the SIPHASH operation */ - if (!EVP_MAC_init(mctx, key, sizeof(key), params)) { - fprintf(stderr, "EVP_MAC_init() failed\n"); - goto end; - } - - /* Make one or more calls to process the data to be authenticated */ - if (!EVP_MAC_update(mctx, data, sizeof(data))) { - fprintf(stderr, "EVP_MAC_update() failed\n"); - goto end; - } - - /* Make one call to the final to get the MAC */ - if (!EVP_MAC_final(mctx, out, &out_len, sizeof(out))) { - fprintf(stderr, "EVP_MAC_final() failed\n"); - goto end; - } - - printf("Generated MAC:\n"); - BIO_dump_indent_fp(stdout, out, out_len, 2); - putchar('\n'); - - if (out_len != sizeof(expected_output)) { - fprintf(stderr, "Generated MAC has an unexpected length\n"); - goto end; - } - - if (CRYPTO_memcmp(expected_output, out, sizeof(expected_output)) != 0) { - fprintf(stderr, "Generated MAC does not match expected value\n"); - goto end; - } - - rv = EXIT_SUCCESS; -end: - EVP_MAC_CTX_free(mctx); - EVP_MAC_free(mac); - OSSL_LIB_CTX_free(library_context); - if (rv != EXIT_SUCCESS) - ERR_print_errors_fp(stderr); - return rv; -} diff --git a/demos/pkcs12/pkread.c b/demos/pkcs12/pkread.c deleted file mode 100644 index 3b153f8edf151fbbaaccc48f693912b1179325ab..0000000000000000000000000000000000000000 --- a/demos/pkcs12/pkread.c +++ /dev/null @@ -1,111 +0,0 @@ -/* - * Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include -#include - -/* Simple PKCS#12 file reader */ - -static char *find_friendly_name(PKCS12 *p12) -{ - STACK_OF(PKCS7) *safes; - int n, m; - char *name = NULL; - PKCS7 *safe; - STACK_OF(PKCS12_SAFEBAG) *bags; - PKCS12_SAFEBAG *bag; - - if ((safes = PKCS12_unpack_authsafes(p12)) == NULL) - return NULL; - - for (n = 0; n < sk_PKCS7_num(safes) && name == NULL; n++) { - safe = sk_PKCS7_value(safes, n); - if (OBJ_obj2nid(safe->type) != NID_pkcs7_data - || (bags = PKCS12_unpack_p7data(safe)) == NULL) - continue; - - for (m = 0; m < sk_PKCS12_SAFEBAG_num(bags) && name == NULL; m++) { - bag = sk_PKCS12_SAFEBAG_value(bags, m); - name = PKCS12_get_friendlyname(bag); - } - sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); - } - - sk_PKCS7_pop_free(safes, PKCS7_free); - - return name; -} - -int main(int argc, char **argv) -{ - FILE *fp; - EVP_PKEY *pkey = NULL; - X509 *cert = NULL; - STACK_OF(X509) *ca = NULL; - PKCS12 *p12 = NULL; - char *name = NULL; - int i, ret = EXIT_FAILURE; - - if (argc != 4) { - fprintf(stderr, "Usage: pkread p12file password opfile\n"); - exit(EXIT_FAILURE); - } - - if ((fp = fopen(argv[1], "rb")) == NULL) { - fprintf(stderr, "Error opening file %s\n", argv[1]); - exit(EXIT_FAILURE); - } - p12 = d2i_PKCS12_fp(fp, NULL); - fclose(fp); - if (p12 == NULL) { - fprintf(stderr, "Error reading PKCS#12 file\n"); - ERR_print_errors_fp(stderr); - goto err; - } - if (!PKCS12_parse(p12, argv[2], &pkey, &cert, &ca)) { - fprintf(stderr, "Error parsing PKCS#12 file\n"); - ERR_print_errors_fp(stderr); - goto err; - } - name = find_friendly_name(p12); - PKCS12_free(p12); - if ((fp = fopen(argv[3], "w")) == NULL) { - fprintf(stderr, "Error opening file %s\n", argv[3]); - goto err; - } - if (name != NULL) - fprintf(fp, "***Friendly Name***\n%s\n", name); - if (pkey != NULL) { - fprintf(fp, "***Private Key***\n"); - PEM_write_PrivateKey(fp, pkey, NULL, NULL, 0, NULL, NULL); - } - if (cert != NULL) { - fprintf(fp, "***User Certificate***\n"); - PEM_write_X509_AUX(fp, cert); - } - if (ca != NULL && sk_X509_num(ca) > 0) { - fprintf(fp, "***Other Certificates***\n"); - for (i = 0; i < sk_X509_num(ca); i++) - PEM_write_X509_AUX(fp, sk_X509_value(ca, i)); - } - fclose(fp); - - ret = EXIT_SUCCESS; - - err: - OPENSSL_free(name); - X509_free(cert); - EVP_PKEY_free(pkey); - sk_X509_pop_free(ca, X509_free); - - return ret; -} diff --git a/demos/pkcs12/pkwrite.c b/demos/pkcs12/pkwrite.c deleted file mode 100644 index 51afd25a260d8367c6ee19b2bc49874c54776c6b..0000000000000000000000000000000000000000 --- a/demos/pkcs12/pkwrite.c +++ /dev/null @@ -1,53 +0,0 @@ -/* - * Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include -#include - -/* Simple PKCS#12 file creator */ - -int main(int argc, char **argv) -{ - FILE *fp; - EVP_PKEY *pkey; - X509 *cert; - PKCS12 *p12; - if (argc != 5) { - fprintf(stderr, "Usage: pkwrite infile password name p12file\n"); - exit(1); - } - OpenSSL_add_all_algorithms(); - ERR_load_crypto_strings(); - if ((fp = fopen(argv[1], "r")) == NULL) { - fprintf(stderr, "Error opening file %s\n", argv[1]); - exit(1); - } - cert = PEM_read_X509(fp, NULL, NULL, NULL); - rewind(fp); - pkey = PEM_read_PrivateKey(fp, NULL, NULL, NULL); - fclose(fp); - p12 = PKCS12_create(argv[2], argv[3], pkey, cert, NULL, 0, 0, 0, 0, 0); - if (!p12) { - fprintf(stderr, "Error creating PKCS#12 structure\n"); - ERR_print_errors_fp(stderr); - exit(1); - } - if ((fp = fopen(argv[4], "wb")) == NULL) { - fprintf(stderr, "Error opening file %s\n", argv[4]); - ERR_print_errors_fp(stderr); - exit(1); - } - i2d_PKCS12_fp(fp, p12); - PKCS12_free(p12); - fclose(fp); - return 0; -} diff --git a/demos/pkey/EVP_PKEY_EC_keygen.c b/demos/pkey/EVP_PKEY_EC_keygen.c deleted file mode 100644 index fa862bdaa07ef6d1b694413cf5b06b0174fa3f97..0000000000000000000000000000000000000000 --- a/demos/pkey/EVP_PKEY_EC_keygen.c +++ /dev/null @@ -1,155 +0,0 @@ -/*- - * Copyright 2021-2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * Example showing how to generate an EC key and extract values from the - * generated key. - */ - -#include -#include -#include -#include -#include - -static int get_key_values(EVP_PKEY *pkey); - -/* - * The following code shows how to generate an EC key from a curve name - * with additional parameters. If only the curve name is required then the - * simple helper can be used instead i.e. Either - * pkey = EVP_EC_gen(curvename); OR - * pkey = EVP_PKEY_Q_keygen(libctx, propq, "EC", curvename); - */ -static EVP_PKEY *do_ec_keygen(void) -{ - /* - * The libctx and propq can be set if required, they are included here - * to show how they are passed to EVP_PKEY_CTX_new_from_name(). - */ - OSSL_LIB_CTX *libctx = NULL; - const char *propq = NULL; - EVP_PKEY *key = NULL; - OSSL_PARAM params[3]; - EVP_PKEY_CTX *genctx = NULL; - const char *curvename = "P-256"; - int use_cofactordh = 1; - - genctx = EVP_PKEY_CTX_new_from_name(libctx, "EC", propq); - if (genctx == NULL) { - fprintf(stderr, "EVP_PKEY_CTX_new_from_name() failed\n"); - goto cleanup; - } - - if (EVP_PKEY_keygen_init(genctx) <= 0) { - fprintf(stderr, "EVP_PKEY_keygen_init() failed\n"); - goto cleanup; - } - - params[0] = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME, - (char *)curvename, 0); - /* - * This is an optional parameter. - * For many curves where the cofactor is 1, setting this has no effect. - */ - params[1] = OSSL_PARAM_construct_int(OSSL_PKEY_PARAM_USE_COFACTOR_ECDH, - &use_cofactordh); - params[2] = OSSL_PARAM_construct_end(); - if (!EVP_PKEY_CTX_set_params(genctx, params)) { - fprintf(stderr, "EVP_PKEY_CTX_set_params() failed\n"); - goto cleanup; - } - - fprintf(stdout, "Generating EC key\n\n"); - if (EVP_PKEY_generate(genctx, &key) <= 0) { - fprintf(stderr, "EVP_PKEY_generate() failed\n"); - goto cleanup; - } -cleanup: - EVP_PKEY_CTX_free(genctx); - return key; -} - -/* - * The following code shows how retrieve key data from the generated - * EC key. See doc/man7/EVP_PKEY-EC.pod for more information. - * - * EVP_PKEY_print_private() could also be used to display the values. - */ -static int get_key_values(EVP_PKEY *pkey) -{ - int result = 0; - char out_curvename[80]; - unsigned char out_pubkey[80]; - unsigned char out_privkey[80]; - BIGNUM *out_priv = NULL; - size_t out_pubkey_len, out_privkey_len = 0; - - if (!EVP_PKEY_get_utf8_string_param(pkey, OSSL_PKEY_PARAM_GROUP_NAME, - out_curvename, sizeof(out_curvename), - NULL)) { - fprintf(stderr, "Failed to get curve name\n"); - goto cleanup; - } - - if (!EVP_PKEY_get_octet_string_param(pkey, OSSL_PKEY_PARAM_PUB_KEY, - out_pubkey, sizeof(out_pubkey), - &out_pubkey_len)) { - fprintf(stderr, "Failed to get public key\n"); - goto cleanup; - } - - if (!EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_PRIV_KEY, &out_priv)) { - fprintf(stderr, "Failed to get private key\n"); - goto cleanup; - } - - out_privkey_len = BN_bn2bin(out_priv, out_privkey); - if (out_privkey_len <= 0 || out_privkey_len > sizeof(out_privkey)) { - fprintf(stderr, "BN_bn2bin failed\n"); - goto cleanup; - } - - fprintf(stdout, "Curve name: %s\n", out_curvename); - fprintf(stdout, "Public key:\n"); - BIO_dump_indent_fp(stdout, out_pubkey, out_pubkey_len, 2); - fprintf(stdout, "Private Key:\n"); - BIO_dump_indent_fp(stdout, out_privkey, out_privkey_len, 2); - - result = 1; -cleanup: - /* Zeroize the private key data when we free it */ - BN_clear_free(out_priv); - return result; -} - -int main(void) -{ - int result = 0; - EVP_PKEY *pkey; - - pkey = do_ec_keygen(); - if (pkey == NULL) - goto cleanup; - - if (!get_key_values(pkey)) - goto cleanup; - - /* - * At this point we can write out the generated key using - * i2d_PrivateKey() and i2d_PublicKey() if required. - */ - result = 1; -cleanup: - if (result != 1) - ERR_print_errors_fp(stderr); - - EVP_PKEY_free(pkey); - return result == 0; -} diff --git a/demos/pkey/EVP_PKEY_RSA_keygen.c b/demos/pkey/EVP_PKEY_RSA_keygen.c deleted file mode 100644 index fbecfb6bdb0ab7ecdd9214f4d02aa8dcbd7a25c4..0000000000000000000000000000000000000000 --- a/demos/pkey/EVP_PKEY_RSA_keygen.c +++ /dev/null @@ -1,289 +0,0 @@ -/*- - * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * Example showing how to generate an RSA key pair. - * - * When generating an RSA key, you must specify the number of bits in the key. A - * reasonable value would be 4096. Avoid using values below 2048. These values - * are reasonable as of 2022. - */ - -#include -#include -#include -#include -#include -#include -#include - -/* A property query used for selecting algorithm implementations. */ -static const char *propq = NULL; - -/* - * Generates an RSA public-private key pair and returns it. - * The number of bits is specified by the bits argument. - * - * This uses the long way of generating an RSA key. - */ -static EVP_PKEY *generate_rsa_key_long(OSSL_LIB_CTX *libctx, unsigned int bits) -{ - EVP_PKEY_CTX *genctx = NULL; - EVP_PKEY *pkey = NULL; - unsigned int primes = 2; - - /* Create context using RSA algorithm. "RSA-PSS" could also be used here. */ - genctx = EVP_PKEY_CTX_new_from_name(libctx, "RSA", propq); - if (genctx == NULL) { - fprintf(stderr, "EVP_PKEY_CTX_new_from_name() failed\n"); - goto cleanup; - } - - /* Initialize context for key generation purposes. */ - if (EVP_PKEY_keygen_init(genctx) <= 0) { - fprintf(stderr, "EVP_PKEY_keygen_init() failed\n"); - goto cleanup; - } - - /* - * Here we set the number of bits to use in the RSA key. - * See comment at top of file for information on appropriate values. - */ - if (EVP_PKEY_CTX_set_rsa_keygen_bits(genctx, bits) <= 0) { - fprintf(stderr, "EVP_PKEY_CTX_set_rsa_keygen_bits() failed\n"); - goto cleanup; - } - - /* - * It is possible to create an RSA key using more than two primes. - * Do not do this unless you know why you need this. - * You ordinarily do not need to specify this, as the default is two. - * - * Both of these parameters can also be set via EVP_PKEY_CTX_set_params, but - * these functions provide a more concise way to do so. - */ - if (EVP_PKEY_CTX_set_rsa_keygen_primes(genctx, primes) <= 0) { - fprintf(stderr, "EVP_PKEY_CTX_set_rsa_keygen_primes() failed\n"); - goto cleanup; - } - - /* - * Generating an RSA key with a number of bits large enough to be secure for - * modern applications can take a fairly substantial amount of time (e.g. - * one second). If you require fast key generation, consider using an EC key - * instead. - * - * If you require progress information during the key generation process, - * you can set a progress callback using EVP_PKEY_set_cb; see the example in - * EVP_PKEY_generate(3). - */ - fprintf(stderr, "Generating RSA key, this may take some time...\n"); - if (EVP_PKEY_generate(genctx, &pkey) <= 0) { - fprintf(stderr, "EVP_PKEY_generate() failed\n"); - goto cleanup; - } - - /* pkey is now set to an object representing the generated key pair. */ - -cleanup: - EVP_PKEY_CTX_free(genctx); - return pkey; -} - -/* - * Generates an RSA public-private key pair and returns it. - * The number of bits is specified by the bits argument. - * - * This uses a more concise way of generating an RSA key, which is suitable for - * simple cases. It is used if -s is passed on the command line, otherwise the - * long method above is used. The ability to choose between these two methods is - * shown here only for demonstration; the results are equivalent. - */ -static EVP_PKEY *generate_rsa_key_short(OSSL_LIB_CTX *libctx, unsigned int bits) -{ - EVP_PKEY *pkey = NULL; - - fprintf(stderr, "Generating RSA key, this may take some time...\n"); - pkey = EVP_PKEY_Q_keygen(libctx, propq, "RSA", (size_t)bits); - - if (pkey == NULL) - fprintf(stderr, "EVP_PKEY_Q_keygen() failed\n"); - - return pkey; -} - -/* - * Prints information on an EVP_PKEY object representing an RSA key pair. - */ -static int dump_key(const EVP_PKEY *pkey) -{ - int rv = 0; - int bits = 0; - BIGNUM *n = NULL, *e = NULL, *d = NULL, *p = NULL, *q = NULL; - - /* - * Retrieve value of n. This value is not secret and forms part of the - * public key. - * - * Calling EVP_PKEY_get_bn_param with a NULL BIGNUM pointer causes - * a new BIGNUM to be allocated, so these must be freed subsequently. - */ - if (EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_N, &n) == 0) { - fprintf(stderr, "Failed to retrieve n\n"); - goto cleanup; - } - - /* - * Retrieve value of e. This value is not secret and forms part of the - * public key. It is typically 65537 and need not be changed. - */ - if (EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_E, &e) == 0) { - fprintf(stderr, "Failed to retrieve e\n"); - goto cleanup; - } - - /* - * Retrieve value of d. This value is secret and forms part of the private - * key. It must not be published. - */ - if (EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_D, &d) == 0) { - fprintf(stderr, "Failed to retrieve d\n"); - goto cleanup; - } - - /* - * Retrieve value of the first prime factor, commonly known as p. This value - * is secret and forms part of the private key. It must not be published. - */ - if (EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_FACTOR1, &p) == 0) { - fprintf(stderr, "Failed to retrieve p\n"); - goto cleanup; - } - - /* - * Retrieve value of the second prime factor, commonly known as q. This value - * is secret and forms part of the private key. It must not be published. - * - * If you are creating an RSA key with more than two primes for special - * applications, you can retrieve these primes with - * OSSL_PKEY_PARAM_RSA_FACTOR3, etc. - */ - if (EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_FACTOR2, &q) == 0) { - fprintf(stderr, "Failed to retrieve q\n"); - goto cleanup; - } - - /* - * We can also retrieve the key size in bits for informational purposes. - */ - if (EVP_PKEY_get_int_param(pkey, OSSL_PKEY_PARAM_BITS, &bits) == 0) { - fprintf(stderr, "Failed to retrieve bits\n"); - goto cleanup; - } - - /* Output hexadecimal representations of the BIGNUM objects. */ - fprintf(stdout, "\nNumber of bits: %d\n\n", bits); - fprintf(stderr, "Public values:\n"); - fprintf(stdout, " n = 0x"); - BN_print_fp(stdout, n); - fprintf(stdout, "\n"); - - fprintf(stdout, " e = 0x"); - BN_print_fp(stdout, e); - fprintf(stdout, "\n\n"); - - fprintf(stdout, "Private values:\n"); - fprintf(stdout, " d = 0x"); - BN_print_fp(stdout, d); - fprintf(stdout, "\n"); - - fprintf(stdout, " p = 0x"); - BN_print_fp(stdout, p); - fprintf(stdout, "\n"); - - fprintf(stdout, " q = 0x"); - BN_print_fp(stdout, q); - fprintf(stdout, "\n\n"); - - /* Output a PEM encoding of the public key. */ - if (PEM_write_PUBKEY(stdout, pkey) == 0) { - fprintf(stderr, "Failed to output PEM-encoded public key\n"); - goto cleanup; - } - - /* - * Output a PEM encoding of the private key. Please note that this output is - * not encrypted. You may wish to use the arguments to specify encryption of - * the key if you are storing it on disk. See PEM_write_PrivateKey(3). - */ - if (PEM_write_PrivateKey(stdout, pkey, NULL, NULL, 0, NULL, NULL) == 0) { - fprintf(stderr, "Failed to output PEM-encoded private key\n"); - goto cleanup; - } - - rv = 1; -cleanup: - BN_free(n); /* not secret */ - BN_free(e); /* not secret */ - BN_clear_free(d); /* secret - scrub before freeing */ - BN_clear_free(p); /* secret - scrub before freeing */ - BN_clear_free(q); /* secret - scrub before freeing */ - return rv; -} - -int main(int argc, char **argv) -{ - int rv = 1; - OSSL_LIB_CTX *libctx = NULL; - EVP_PKEY *pkey = NULL; - unsigned int bits = 4096; - int bits_i, use_short = 0; - - /* usage: [-s] [] */ - if (argc > 1 && strcmp(argv[1], "-s") == 0) { - --argc; - ++argv; - use_short = 1; - } - - if (argc > 1) { - bits_i = atoi(argv[1]); - if (bits < 512) { - fprintf(stderr, "Invalid RSA key size\n"); - return 1; - } - - bits = (unsigned int)bits_i; - } - - /* Avoid using key sizes less than 2048 bits; see comment at top of file. */ - if (bits < 2048) - fprintf(stderr, "Warning: very weak key size\n\n"); - - /* Generate RSA key. */ - if (use_short) - pkey = generate_rsa_key_short(libctx, bits); - else - pkey = generate_rsa_key_long(libctx, bits); - - if (pkey == NULL) - goto cleanup; - - /* Dump the integers comprising the key. */ - if (dump_key(pkey) == 0) { - fprintf(stderr, "Failed to dump key\n"); - goto cleanup; - } - - rv = 0; -cleanup: - EVP_PKEY_free(pkey); - OSSL_LIB_CTX_free(libctx); - return rv; -} diff --git a/demos/pkey/Makefile b/demos/pkey/Makefile deleted file mode 100644 index f19c0d14f4e4d96a5a874d17aacebf0ccf697f8d..0000000000000000000000000000000000000000 --- a/demos/pkey/Makefile +++ /dev/null @@ -1,23 +0,0 @@ -# -# To run the demos when linked with a shared library (default): -# -# LD_LIBRARY_PATH=../.. ./EVP_PKEY_EC_keygen -# LD_LIBRARY_PATH=../.. ./EVP_PKEY_RSA_keygen - -CFLAGS = -I../../include -g -Wall -LDFLAGS = -L../.. -LDLIBS = -lcrypto - -all: EVP_PKEY_EC_keygen EVP_PKEY_RSA_keygen - -%.o: %.c - $(CC) $(CFLAGS) -c $< - -EVP_PKEY_EC_keygen: EVP_PKEY_EC_keygen.o - -EVP_PKEY_RSA_keygen: EVP_PKEY_RSA_keygen.o - -test: ; - -clean: - $(RM) *.o EVP_PKEY_EC_keygen EVP_PKEY_RSA_keygen diff --git a/demos/signature/EVP_Signature_demo.c b/demos/signature/EVP_Signature_demo.c deleted file mode 100644 index 123c95c26ad8a1642c9f9dcbc06081ec0f4b9be8..0000000000000000000000000000000000000000 --- a/demos/signature/EVP_Signature_demo.c +++ /dev/null @@ -1,235 +0,0 @@ -/*- - * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* - * An example that uses the EVP_MD*, EVP_DigestSign* and EVP_DigestVerify* - * methods to calculate and verify a signature of two static buffers. - */ - -#include -#include -#include -#include -#include -#include "EVP_Signature_demo.h" - -/* - * This demonstration will calculate and verify a signature of data using - * the soliloquy from Hamlet scene 1 act 3 - */ - -static const char *hamlet_1 = - "To be, or not to be, that is the question,\n" - "Whether tis nobler in the minde to suffer\n" - "The slings and arrowes of outragious fortune,\n" - "Or to take Armes again in a sea of troubles,\n" -; -static const char *hamlet_2 = - "And by opposing, end them, to die to sleep;\n" - "No more, and by a sleep, to say we end\n" - "The heart-ache, and the thousand natural shocks\n" - "That flesh is heir to? tis a consumation\n" -; - -/* - * For demo_sign, load EC private key priv_key from priv_key_der[]. - * For demo_verify, load EC public key pub_key from pub_key_der[]. - */ -static EVP_PKEY *get_key(OSSL_LIB_CTX *libctx, const char *propq, int public) -{ - OSSL_DECODER_CTX *dctx = NULL; - EVP_PKEY *pkey = NULL; - int selection; - const unsigned char *data; - size_t data_len; - - if (public) { - selection = EVP_PKEY_PUBLIC_KEY; - data = pub_key_der; - data_len = sizeof(pub_key_der); - } else { - selection = EVP_PKEY_KEYPAIR; - data = priv_key_der; - data_len = sizeof(priv_key_der); - } - dctx = OSSL_DECODER_CTX_new_for_pkey(&pkey, "DER", NULL, "EC", - selection, libctx, propq); - (void)OSSL_DECODER_from_data(dctx, &data, &data_len); - OSSL_DECODER_CTX_free(dctx); - if (pkey == NULL) - fprintf(stderr, "Failed to load %s key.\n", public ? "public" : "private"); - return pkey; -} - -static int demo_sign(OSSL_LIB_CTX *libctx, const char *sig_name, - size_t *sig_out_len, unsigned char **sig_out_value) -{ - int result = 0, public = 0; - size_t sig_len; - unsigned char *sig_value = NULL; - const char *propq = NULL; - EVP_MD_CTX *sign_context = NULL; - EVP_PKEY *priv_key = NULL; - - /* Get private key */ - priv_key = get_key(libctx, propq, public); - if (priv_key == NULL) { - fprintf(stderr, "Get private key failed.\n"); - goto cleanup; - } - /* - * Make a message signature context to hold temporary state - * during signature creation - */ - sign_context = EVP_MD_CTX_new(); - if (sign_context == NULL) { - fprintf(stderr, "EVP_MD_CTX_new failed.\n"); - goto cleanup; - } - /* - * Initialize the sign context to use the fetched - * sign provider. - */ - if (!EVP_DigestSignInit_ex(sign_context, NULL, sig_name, - libctx, NULL, priv_key, NULL)) { - fprintf(stderr, "EVP_DigestSignInit_ex failed.\n"); - goto cleanup; - } - /* - * EVP_DigestSignUpdate() can be called several times on the same context - * to include additional data. - */ - if (!EVP_DigestSignUpdate(sign_context, hamlet_1, strlen(hamlet_1))) { - fprintf(stderr, "EVP_DigestSignUpdate(hamlet_1) failed.\n"); - goto cleanup; - } - if (!EVP_DigestSignUpdate(sign_context, hamlet_2, strlen(hamlet_2))) { - fprintf(stderr, "EVP_DigestSignUpdate(hamlet_2) failed.\n"); - goto cleanup; - } - /* Call EVP_DigestSignFinal to get signature length sig_len */ - if (!EVP_DigestSignFinal(sign_context, NULL, &sig_len)) { - fprintf(stderr, "EVP_DigestSignFinal failed.\n"); - goto cleanup; - } - if (sig_len <= 0) { - fprintf(stderr, "EVP_DigestSignFinal returned invalid signature length.\n"); - goto cleanup; - } - sig_value = OPENSSL_malloc(sig_len); - if (sig_value == NULL) { - fprintf(stderr, "No memory.\n"); - goto cleanup; - } - if (!EVP_DigestSignFinal(sign_context, sig_value, &sig_len)) { - fprintf(stderr, "EVP_DigestSignFinal failed.\n"); - goto cleanup; - } - *sig_out_len = sig_len; - *sig_out_value = sig_value; - fprintf(stdout, "Generating signature:\n"); - BIO_dump_indent_fp(stdout, sig_value, sig_len, 2); - fprintf(stdout, "\n"); - result = 1; - -cleanup: - /* OpenSSL free functions will ignore NULL arguments */ - if (!result) - OPENSSL_free(sig_value); - EVP_PKEY_free(priv_key); - EVP_MD_CTX_free(sign_context); - return result; -} - -static int demo_verify(OSSL_LIB_CTX *libctx, const char *sig_name, - size_t sig_len, unsigned char *sig_value) -{ - int result = 0, public = 1; - const char *propq = NULL; - EVP_MD_CTX *verify_context = NULL; - EVP_PKEY *pub_key = NULL; - - /* - * Make a verify signature context to hold temporary state - * during signature verification - */ - verify_context = EVP_MD_CTX_new(); - if (verify_context == NULL) { - fprintf(stderr, "EVP_MD_CTX_new failed.\n"); - goto cleanup; - } - /* Get public key */ - pub_key = get_key(libctx, propq, public); - if (pub_key == NULL) { - fprintf(stderr, "Get public key failed.\n"); - goto cleanup; - } - /* Verify */ - if (!EVP_DigestVerifyInit_ex(verify_context, NULL, sig_name, - libctx, NULL, pub_key, NULL)) { - fprintf(stderr, "EVP_DigestVerifyInit failed.\n"); - goto cleanup; - } - /* - * EVP_DigestVerifyUpdate() can be called several times on the same context - * to include additional data. - */ - if (!EVP_DigestVerifyUpdate(verify_context, hamlet_1, strlen(hamlet_1))) { - fprintf(stderr, "EVP_DigestVerifyUpdate(hamlet_1) failed.\n"); - goto cleanup; - } - if (!EVP_DigestVerifyUpdate(verify_context, hamlet_2, strlen(hamlet_2))) { - fprintf(stderr, "EVP_DigestVerifyUpdate(hamlet_2) failed.\n"); - goto cleanup; - } - if (EVP_DigestVerifyFinal(verify_context, sig_value, sig_len) <= 0) { - fprintf(stderr, "EVP_DigestVerifyFinal failed.\n"); - goto cleanup; - } - fprintf(stdout, "Signature verified.\n"); - result = 1; - -cleanup: - /* OpenSSL free functions will ignore NULL arguments */ - EVP_PKEY_free(pub_key); - EVP_MD_CTX_free(verify_context); - return result; -} - -int main(void) -{ - OSSL_LIB_CTX *libctx = NULL; - const char *sig_name = "SHA3-512"; - size_t sig_len = 0; - unsigned char *sig_value = NULL; - int result = 0; - - libctx = OSSL_LIB_CTX_new(); - if (libctx == NULL) { - fprintf(stderr, "OSSL_LIB_CTX_new() returned NULL\n"); - goto cleanup; - } - if (!demo_sign(libctx, sig_name, &sig_len, &sig_value)) { - fprintf(stderr, "demo_sign failed.\n"); - goto cleanup; - } - if (!demo_verify(libctx, sig_name, sig_len, sig_value)) { - fprintf(stderr, "demo_verify failed.\n"); - goto cleanup; - } - result = 1; - -cleanup: - if (result != 1) - ERR_print_errors_fp(stderr); - /* OpenSSL free functions will ignore NULL arguments */ - OSSL_LIB_CTX_free(libctx); - OPENSSL_free(sig_value); - return result == 0; -} diff --git a/demos/signature/EVP_Signature_demo.h b/demos/signature/EVP_Signature_demo.h deleted file mode 100644 index aef3e60783e85ad60816ac9630e078b9b5436ae5..0000000000000000000000000000000000000000 --- a/demos/signature/EVP_Signature_demo.h +++ /dev/null @@ -1,76 +0,0 @@ -/*- - * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* Signers private EC key */ -static const unsigned char priv_key_der[] = { -0x30, 0x82, 0x01, 0x68, 0x02, 0x01, 0x01, 0x04, 0x20, 0x51, 0x77, 0xae, -0xf4, 0x18, 0xf4, 0x6b, 0xc4, 0xe5, 0xbb, 0xe9, 0xe6, 0x9e, 0x6d, 0xb0, -0xea, 0x12, 0xf9, 0xf3, 0xdb, 0x9d, 0x56, 0x59, 0xf7, 0x5a, 0x17, 0xd7, -0xd1, 0xe4, 0xd7, 0x47, 0x28, 0xa0, 0x81, 0xfa, 0x30, 0x81, 0xf7, 0x02, -0x01, 0x01, 0x30, 0x2c, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x01, -0x01, 0x02, 0x21, 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x01, -0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, -0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -0x30, 0x5b, 0x04, 0x20, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x01, -0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, -0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfc, -0x04, 0x20, 0x5a, 0xc6, 0x35, 0xd8, 0xaa, 0x3a, 0x93, 0xe7, 0xb3, 0xeb, -0xbd, 0x55, 0x76, 0x98, 0x86, 0xbc, 0x65, 0x1d, 0x06, 0xb0, 0xcc, 0x53, -0xb0, 0xf6, 0x3b, 0xce, 0x3c, 0x3e, 0x27, 0xd2, 0x60, 0x4b, 0x03, 0x15, -0x00, 0xc4, 0x9d, 0x36, 0x08, 0x86, 0xe7, 0x04, 0x93, 0x6a, 0x66, 0x78, -0xe1, 0x13, 0x9d, 0x26, 0xb7, 0x81, 0x9f, 0x7e, 0x90, 0x04, 0x41, 0x04, -0x6b, 0x17, 0xd1, 0xf2, 0xe1, 0x2c, 0x42, 0x47, 0xf8, 0xbc, 0xe6, 0xe5, -0x63, 0xa4, 0x40, 0xf2, 0x77, 0x03, 0x7d, 0x81, 0x2d, 0xeb, 0x33, 0xa0, -0xf4, 0xa1, 0x39, 0x45, 0xd8, 0x98, 0xc2, 0x96, 0x4f, 0xe3, 0x42, 0xe2, -0xfe, 0x1a, 0x7f, 0x9b, 0x8e, 0xe7, 0xeb, 0x4a, 0x7c, 0x0f, 0x9e, 0x16, -0x2b, 0xce, 0x33, 0x57, 0x6b, 0x31, 0x5e, 0xce, 0xcb, 0xb6, 0x40, 0x68, -0x37, 0xbf, 0x51, 0xf5, 0x02, 0x21, 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, -0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xbc, -0xe6, 0xfa, 0xad, 0xa7, 0x17, 0x9e, 0x84, 0xf3, 0xb9, 0xca, 0xc2, 0xfc, -0x63, 0x25, 0x51, 0x02, 0x01, 0x01, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, -0x4f, 0xe7, 0x7b, 0xb6, 0xbb, 0x54, 0x42, 0x39, 0xed, 0x5d, 0xe5, 0x40, -0xc8, 0xd8, 0x71, 0xca, 0x6d, 0x83, 0x71, 0xd1, 0x88, 0x2a, 0x65, 0x00, -0x6c, 0xc6, 0x2f, 0x01, 0x31, 0x49, 0xbe, 0x76, 0x7a, 0x67, 0x6a, 0x28, -0x33, 0xc7, 0x5b, 0xb9, 0x24, 0x45, 0x24, 0x6e, 0xf0, 0x6d, 0x2f, 0x34, -0x06, 0x53, 0x73, 0x6a, 0xff, 0x90, 0x90, 0xc1, 0x6d, 0x9b, 0x94, 0x0d, -0x0e, 0x1f, 0x95, 0x65, -}; - -/* The matching public key used for verifying */ -static const unsigned char pub_key_der[] = { -0x30, 0x82, 0x01, 0x4b, 0x30, 0x82, 0x01, 0x03, 0x06, 0x07, 0x2a, 0x86, -0x48, 0xce, 0x3d, 0x02, 0x01, 0x30, 0x81, 0xf7, 0x02, 0x01, 0x01, 0x30, -0x2c, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x01, 0x01, 0x02, 0x21, -0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, -0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, -0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x30, 0x5b, 0x04, -0x20, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, -0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, -0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfc, 0x04, 0x20, 0x5a, -0xc6, 0x35, 0xd8, 0xaa, 0x3a, 0x93, 0xe7, 0xb3, 0xeb, 0xbd, 0x55, 0x76, -0x98, 0x86, 0xbc, 0x65, 0x1d, 0x06, 0xb0, 0xcc, 0x53, 0xb0, 0xf6, 0x3b, -0xce, 0x3c, 0x3e, 0x27, 0xd2, 0x60, 0x4b, 0x03, 0x15, 0x00, 0xc4, 0x9d, -0x36, 0x08, 0x86, 0xe7, 0x04, 0x93, 0x6a, 0x66, 0x78, 0xe1, 0x13, 0x9d, -0x26, 0xb7, 0x81, 0x9f, 0x7e, 0x90, 0x04, 0x41, 0x04, 0x6b, 0x17, 0xd1, -0xf2, 0xe1, 0x2c, 0x42, 0x47, 0xf8, 0xbc, 0xe6, 0xe5, 0x63, 0xa4, 0x40, -0xf2, 0x77, 0x03, 0x7d, 0x81, 0x2d, 0xeb, 0x33, 0xa0, 0xf4, 0xa1, 0x39, -0x45, 0xd8, 0x98, 0xc2, 0x96, 0x4f, 0xe3, 0x42, 0xe2, 0xfe, 0x1a, 0x7f, -0x9b, 0x8e, 0xe7, 0xeb, 0x4a, 0x7c, 0x0f, 0x9e, 0x16, 0x2b, 0xce, 0x33, -0x57, 0x6b, 0x31, 0x5e, 0xce, 0xcb, 0xb6, 0x40, 0x68, 0x37, 0xbf, 0x51, -0xf5, 0x02, 0x21, 0x00, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, -0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xbc, 0xe6, 0xfa, 0xad, -0xa7, 0x17, 0x9e, 0x84, 0xf3, 0xb9, 0xca, 0xc2, 0xfc, 0x63, 0x25, 0x51, -0x02, 0x01, 0x01, 0x03, 0x42, 0x00, 0x04, 0x4f, 0xe7, 0x7b, 0xb6, 0xbb, -0x54, 0x42, 0x39, 0xed, 0x5d, 0xe5, 0x40, 0xc8, 0xd8, 0x71, 0xca, 0x6d, -0x83, 0x71, 0xd1, 0x88, 0x2a, 0x65, 0x00, 0x6c, 0xc6, 0x2f, 0x01, 0x31, -0x49, 0xbe, 0x76, 0x7a, 0x67, 0x6a, 0x28, 0x33, 0xc7, 0x5b, 0xb9, 0x24, -0x45, 0x24, 0x6e, 0xf0, 0x6d, 0x2f, 0x34, 0x06, 0x53, 0x73, 0x6a, 0xff, -0x90, 0x90, 0xc1, 0x6d, 0x9b, 0x94, 0x0d, 0x0e, 0x1f, 0x95, 0x65, -}; - diff --git a/demos/signature/Makefile b/demos/signature/Makefile deleted file mode 100644 index 563ec7799fb8b4607835752bb3eabd1903d9b491..0000000000000000000000000000000000000000 --- a/demos/signature/Makefile +++ /dev/null @@ -1,22 +0,0 @@ -# -# To run the demos when linked with a shared library (default): -# -# LD_LIBRARY_PATH=../.. ./EVP_Signature_demo - -CFLAGS = -I../../include -g -Wall -LDFLAGS = -L../.. -LDLIBS = -lcrypto - -all: EVP_Signature_demo rsa_pss_direct rsa_pss_hash - -%.o: %.c - $(CC) $(CFLAGS) -c $< - -EVP_Signature_demo: EVP_Signature_demo.o -rsa_pss_direct: rsa_pss_direct.o -rsa_pss_hash: rsa_pss_hash.o - -test: ; - -clean: - $(RM) *.o EVP_Signature_demo rsa_pss_direct rsa_pss_hash diff --git a/demos/signature/rsa_pss.h b/demos/signature/rsa_pss.h deleted file mode 100644 index bdab9f891e3c0ae5c1b808e5f5f8f6e317edd739..0000000000000000000000000000000000000000 --- a/demos/signature/rsa_pss.h +++ /dev/null @@ -1,256 +0,0 @@ -/*- - * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* 4096-bit RSA private key, DER. */ -static const unsigned char rsa_priv_key[] = { - 0x30, 0x82, 0x09, 0x28, 0x02, 0x01, 0x00, 0x02, 0x82, 0x02, 0x01, 0x00, - 0xa3, 0x14, 0xe4, 0xb8, 0xd8, 0x58, 0x0d, 0xab, 0xd7, 0x87, 0xa4, 0xf6, - 0x84, 0x51, 0x74, 0x60, 0x4c, 0xe3, 0x60, 0x28, 0x89, 0x49, 0x65, 0x18, - 0x5c, 0x8f, 0x1a, 0x1b, 0xe9, 0xdb, 0xc1, 0xc1, 0xf7, 0x08, 0x27, 0x44, - 0xe5, 0x9d, 0x9a, 0x33, 0xc3, 0xac, 0x5a, 0xca, 0xba, 0x20, 0x5a, 0x9e, - 0x3a, 0x18, 0xb5, 0x3d, 0xe3, 0x9d, 0x94, 0x58, 0xa7, 0xa9, 0x5a, 0x0b, - 0x4f, 0xb8, 0xe5, 0xa3, 0x7b, 0x01, 0x11, 0x0f, 0x16, 0x11, 0xb8, 0x65, - 0x2f, 0xa8, 0x95, 0xf7, 0x58, 0x2c, 0xec, 0x1d, 0x41, 0xad, 0xd1, 0x12, - 0xca, 0x4a, 0x80, 0x35, 0x35, 0x43, 0x7e, 0xe0, 0x97, 0xfc, 0x86, 0x8f, - 0xcf, 0x4b, 0xdc, 0xbc, 0x15, 0x2c, 0x8e, 0x90, 0x84, 0x26, 0x83, 0xc1, - 0x96, 0x97, 0xf4, 0xd7, 0x90, 0xce, 0xfe, 0xd4, 0xf3, 0x70, 0x22, 0xa8, - 0xb0, 0x1f, 0xed, 0x08, 0xd7, 0xc5, 0xc0, 0xd6, 0x41, 0x6b, 0x24, 0x68, - 0x5c, 0x07, 0x1f, 0x44, 0x97, 0xd8, 0x6e, 0x18, 0x93, 0x67, 0xc3, 0xba, - 0x3a, 0xaf, 0xfd, 0xc2, 0x65, 0x00, 0x21, 0x63, 0xdf, 0xb7, 0x28, 0x68, - 0xd6, 0xc0, 0x20, 0x86, 0x92, 0xed, 0x68, 0x6a, 0x27, 0x3a, 0x07, 0xec, - 0x66, 0x00, 0xfe, 0x51, 0x51, 0x86, 0x41, 0x6f, 0x83, 0x69, 0xd2, 0xf0, - 0xe6, 0xf7, 0x61, 0xda, 0x12, 0x45, 0x53, 0x09, 0xdf, 0xf8, 0x42, 0xc7, - 0x30, 0x6a, 0xe5, 0xd8, 0x2b, 0xa2, 0x49, 0x7a, 0x05, 0x10, 0xee, 0xb2, - 0x59, 0x0a, 0xe5, 0xbe, 0xf8, 0x4d, 0x0f, 0xa8, 0x9e, 0x63, 0x81, 0x39, - 0x32, 0xaa, 0xfd, 0xa8, 0x03, 0xf6, 0xd8, 0xc6, 0xaa, 0x02, 0x93, 0x03, - 0xeb, 0x15, 0xd3, 0x38, 0xc8, 0x1a, 0x78, 0xcf, 0xf3, 0xa7, 0x9f, 0x98, - 0x4b, 0x91, 0x5b, 0x79, 0xf8, 0x4e, 0x53, 0xaf, 0x0c, 0x65, 0xe9, 0xb0, - 0x93, 0xc2, 0xcb, 0x5d, 0x3c, 0x5f, 0x6e, 0x39, 0xd2, 0x58, 0x23, 0x50, - 0xe5, 0x2e, 0xef, 0x12, 0x00, 0xa4, 0x59, 0x13, 0x2b, 0x2f, 0x2c, 0x0a, - 0x7b, 0x36, 0x89, 0xc5, 0xe5, 0x8f, 0x95, 0x5e, 0x14, 0x0f, 0x0f, 0x94, - 0x5a, 0xe9, 0xdc, 0x0b, 0x49, 0x14, 0xbe, 0x0a, 0x70, 0x45, 0xc1, 0x7c, - 0xbf, 0x83, 0x70, 0xfd, 0x3d, 0x99, 0xe6, 0x8a, 0xf5, 0x9c, 0x09, 0x71, - 0x84, 0x9a, 0x18, 0xa0, 0xe0, 0x6c, 0x43, 0x5c, 0x7e, 0x48, 0x33, 0xc8, - 0xbe, 0x5d, 0xdd, 0xd8, 0x77, 0xe3, 0xe7, 0x6b, 0x34, 0x4b, 0xa2, 0xb7, - 0x54, 0x07, 0x72, 0x2e, 0xab, 0xa9, 0x91, 0x1e, 0x4b, 0xe3, 0xb5, 0xd8, - 0xfa, 0x35, 0x64, 0x8a, 0xe9, 0x03, 0xa1, 0xa8, 0x26, 0xbd, 0x72, 0x58, - 0x10, 0x6a, 0xec, 0x1a, 0xf6, 0x1e, 0xb8, 0xc0, 0x46, 0x19, 0x31, 0x2c, - 0xca, 0xf9, 0x6a, 0xd7, 0x2e, 0xd0, 0xa7, 0x2c, 0x60, 0x58, 0xc4, 0x8f, - 0x46, 0x63, 0x61, 0x8d, 0x29, 0x6f, 0xe2, 0x5f, 0xe2, 0x43, 0x90, 0x9c, - 0xe6, 0xfc, 0x08, 0x41, 0xc8, 0xb5, 0x23, 0x56, 0x24, 0x3e, 0x3a, 0x2c, - 0x41, 0x22, 0x43, 0xda, 0x22, 0x15, 0x2b, 0xad, 0xd0, 0xfa, 0xc8, 0x47, - 0x44, 0xe6, 0x2a, 0xf9, 0x38, 0x90, 0x13, 0x62, 0x22, 0xea, 0x06, 0x8c, - 0x44, 0x9c, 0xd6, 0xca, 0x50, 0x93, 0xe9, 0xd4, 0x03, 0xd8, 0x3e, 0x71, - 0x36, 0x4b, 0xaa, 0xab, 0xbb, 0xe2, 0x48, 0x66, 0x26, 0x53, 0xb1, 0x6d, - 0x3b, 0x82, 0x2c, 0x8c, 0x25, 0x05, 0xf0, 0xf8, 0xcf, 0x55, 0xbf, 0x8e, - 0x29, 0xf7, 0x54, 0x5b, 0x6f, 0x30, 0x54, 0xa6, 0xad, 0x46, 0xff, 0x22, - 0x95, 0xb1, 0x87, 0x98, 0x00, 0x51, 0x69, 0x15, 0x07, 0xbd, 0x3d, 0x9c, - 0x6e, 0xaa, 0xaa, 0x3b, 0x0b, 0x74, 0x65, 0x4c, 0x04, 0xe0, 0x80, 0x3e, - 0xaf, 0x5e, 0x10, 0xd6, 0x9b, 0x28, 0x37, 0x6f, 0x02, 0x03, 0x01, 0x00, - 0x01, 0x02, 0x82, 0x02, 0x00, 0x09, 0x6e, 0xf8, 0xf8, 0x14, 0x53, 0xab, - 0x9e, 0xc8, 0x1d, 0xe9, 0x95, 0xf4, 0xfb, 0x7d, 0x3e, 0xe0, 0xd3, 0xba, - 0x49, 0x3d, 0xff, 0xc7, 0xe0, 0x4b, 0xe2, 0x5f, 0x41, 0x44, 0x1a, 0xd9, - 0x2f, 0x6e, 0x29, 0xc3, 0x93, 0xc1, 0xb0, 0x87, 0x2d, 0xfd, 0x60, 0xa7, - 0xf3, 0xd8, 0x26, 0x6c, 0xf7, 0x80, 0x26, 0xd3, 0xbd, 0x1b, 0xc0, 0x8e, - 0xc7, 0x3e, 0x13, 0x96, 0xc8, 0xd6, 0xb8, 0xbc, 0x57, 0xe3, 0x92, 0xa1, - 0x38, 0xfd, 0x2e, 0xd3, 0x3a, 0xcf, 0x31, 0xf2, 0x52, 0xd7, 0x7f, 0xe9, - 0xbc, 0x9b, 0x83, 0x01, 0x78, 0x13, 0xc9, 0x91, 0x77, 0x02, 0x78, 0xc0, - 0x0b, 0x1f, 0xdf, 0x94, 0xad, 0x16, 0xf1, 0xad, 0x78, 0x17, 0xc5, 0x77, - 0x0d, 0xb7, 0x07, 0x3f, 0x51, 0xe0, 0x73, 0x33, 0xcf, 0x90, 0x69, 0xd8, - 0xe5, 0xda, 0x9b, 0x1e, 0xf6, 0x21, 0x12, 0x07, 0xb5, 0x1e, 0x3e, 0x2b, - 0x34, 0x79, 0x9e, 0x48, 0x01, 0xdd, 0x68, 0xf0, 0x0f, 0x18, 0xb5, 0x85, - 0x50, 0xd8, 0x9e, 0x04, 0xfd, 0x6d, 0xcd, 0xa6, 0x61, 0x2b, 0x54, 0x81, - 0x99, 0xf4, 0x63, 0xf4, 0xeb, 0x73, 0x98, 0xb3, 0x88, 0xf5, 0x50, 0xd4, - 0x5c, 0x67, 0x9e, 0x7c, 0xbc, 0xd8, 0xfd, 0xaf, 0xb8, 0x66, 0x7d, 0xdc, - 0xa5, 0x25, 0xb5, 0xe6, 0x64, 0xd7, 0x07, 0x72, 0x5a, 0x99, 0xf9, 0xf6, - 0x9e, 0xb8, 0x9c, 0xf4, 0xc7, 0xee, 0xee, 0x10, 0x13, 0x9c, 0x1a, 0x8c, - 0x23, 0x89, 0xcd, 0x7b, 0xf1, 0x47, 0x23, 0x51, 0x3c, 0xe5, 0xc2, 0x17, - 0x68, 0xca, 0x98, 0xb8, 0xed, 0xe5, 0x17, 0x6d, 0x0a, 0xde, 0x07, 0xd6, - 0x6c, 0x4f, 0x83, 0x4c, 0x9b, 0xca, 0x6a, 0x7d, 0xc8, 0x68, 0x12, 0xd7, - 0xf0, 0x37, 0x88, 0xf7, 0xbb, 0x68, 0x8b, 0xa4, 0xfd, 0xfe, 0x36, 0x11, - 0xb3, 0x2b, 0x85, 0x6d, 0xaa, 0x30, 0x31, 0xf1, 0x6f, 0x80, 0x72, 0x42, - 0x23, 0xfe, 0x93, 0x88, 0xcc, 0x1e, 0x4b, 0x53, 0x4f, 0x8e, 0x24, 0x67, - 0x4a, 0x72, 0xb6, 0x3c, 0x13, 0x00, 0x11, 0x4f, 0xe1, 0x30, 0xd6, 0xe7, - 0x45, 0x8f, 0xaf, 0xdd, 0xe5, 0xaa, 0xb7, 0x02, 0x17, 0x04, 0xf8, 0xd2, - 0xc1, 0x7b, 0x6c, 0x92, 0xec, 0x76, 0x94, 0x1b, 0xb0, 0xe4, 0xc3, 0x0c, - 0x9e, 0xee, 0xb5, 0xdc, 0x97, 0xca, 0x10, 0x1d, 0x17, 0x96, 0x45, 0xd4, - 0x04, 0x0c, 0xea, 0xca, 0x45, 0xfc, 0x52, 0x54, 0x82, 0x9b, 0xdf, 0x64, - 0xd6, 0x59, 0x6c, 0x12, 0x70, 0xf0, 0x19, 0xd8, 0x46, 0xbb, 0x08, 0x43, - 0x81, 0xa1, 0x73, 0xa8, 0x00, 0xc9, 0x4e, 0xb9, 0xd5, 0xfd, 0x42, 0x5f, - 0xcf, 0x94, 0x14, 0x18, 0xab, 0x9d, 0x11, 0xd0, 0xbd, 0x44, 0x88, 0x2c, - 0xd8, 0x29, 0xec, 0x94, 0x70, 0xf9, 0x42, 0x14, 0xf4, 0xb0, 0x3f, 0xfe, - 0x27, 0x16, 0x43, 0x59, 0x90, 0x14, 0x48, 0x61, 0x8c, 0x91, 0xd9, 0x37, - 0x41, 0xef, 0xf1, 0xe9, 0x15, 0x4a, 0x4f, 0x5e, 0x1f, 0x50, 0x25, 0x20, - 0x2d, 0xa6, 0xf8, 0x79, 0x0d, 0x92, 0xb0, 0x00, 0x0b, 0xa2, 0xfb, 0xc3, - 0x7b, 0x0f, 0xa6, 0xff, 0x75, 0x5d, 0x70, 0xaa, 0xcf, 0x0a, 0xdf, 0xe1, - 0xfc, 0x32, 0x53, 0x1e, 0xf6, 0xe6, 0x69, 0x9f, 0x09, 0xd0, 0xc8, 0xab, - 0xaf, 0xec, 0xb0, 0x04, 0xfa, 0x83, 0xe2, 0x29, 0x23, 0x54, 0x37, 0x87, - 0x63, 0x47, 0x75, 0x9b, 0xdb, 0x1f, 0x4f, 0x1b, 0x6b, 0xa6, 0xe2, 0x67, - 0x1c, 0xb4, 0x74, 0x9e, 0x48, 0x77, 0x61, 0xc2, 0x9a, 0x3e, 0x6b, 0x89, - 0xa9, 0x68, 0x74, 0x27, 0x01, 0x29, 0xd6, 0x46, 0xe8, 0x0f, 0xd0, 0x33, - 0x22, 0x00, 0x45, 0x6c, 0xde, 0x32, 0x28, 0x42, 0x57, 0xaf, 0x70, 0x28, - 0xa0, 0xd5, 0x99, 0xbb, 0x1f, 0xd7, 0x3c, 0x84, 0x20, 0x70, 0x1f, 0xe3, - 0xa9, 0x02, 0x82, 0x01, 0x01, 0x00, 0xe6, 0x68, 0xfe, 0x5f, 0x75, 0x71, - 0x2a, 0xd8, 0xcf, 0x0d, 0x1d, 0xf4, 0xa1, 0x06, 0x8b, 0xa5, 0x70, 0x6f, - 0x29, 0x03, 0xf3, 0x50, 0xd3, 0x83, 0x39, 0xf9, 0xf6, 0xe5, 0x79, 0x7a, - 0x29, 0x75, 0xde, 0xda, 0x6a, 0x98, 0x7c, 0x33, 0xf8, 0x64, 0xca, 0x86, - 0x5a, 0xda, 0x55, 0x5b, 0x4d, 0x7b, 0x1a, 0xe5, 0x5d, 0x19, 0x7d, 0xf3, - 0x57, 0x49, 0x3d, 0x7a, 0xe8, 0x3f, 0x5a, 0x40, 0x8c, 0x15, 0xc7, 0xb0, - 0x53, 0xf8, 0x63, 0x42, 0x17, 0x7c, 0x20, 0xb9, 0xfc, 0xff, 0x27, 0xd0, - 0xc2, 0x0c, 0x45, 0x52, 0x1b, 0x75, 0x1f, 0x89, 0x87, 0xc4, 0xa8, 0x07, - 0x3b, 0x73, 0x16, 0xc7, 0xd7, 0x77, 0x2e, 0x47, 0xa2, 0x7d, 0x12, 0xb4, - 0x25, 0x24, 0x5e, 0xa5, 0xb2, 0x12, 0x76, 0x65, 0xd1, 0xcd, 0xa4, 0x66, - 0x33, 0x2d, 0xed, 0xb2, 0x85, 0xb0, 0xb3, 0x33, 0x56, 0x18, 0x5a, 0xb3, - 0x75, 0x43, 0x4d, 0x40, 0x14, 0x22, 0x55, 0xf6, 0x5a, 0x0c, 0x6a, 0xb3, - 0xc3, 0x8a, 0x9b, 0x76, 0x1e, 0x23, 0x8d, 0x4a, 0x8f, 0x38, 0x21, 0x25, - 0x43, 0x45, 0xf6, 0x25, 0x46, 0xdb, 0xae, 0x42, 0x43, 0x74, 0x69, 0x15, - 0x46, 0xf0, 0x3a, 0x41, 0x4f, 0x9f, 0xfe, 0xda, 0x07, 0x0b, 0x38, 0xbe, - 0x6b, 0xad, 0xc2, 0xef, 0x5b, 0x97, 0x18, 0x42, 0x13, 0xac, 0x13, 0x15, - 0x70, 0x7b, 0xe2, 0x00, 0xbb, 0x41, 0x22, 0x99, 0xe5, 0xd3, 0x67, 0xfe, - 0xfd, 0xbd, 0x8e, 0xc3, 0xca, 0x60, 0x59, 0x3d, 0x8f, 0x85, 0x76, 0x41, - 0xf0, 0xb8, 0x09, 0x1a, 0x48, 0x50, 0xe4, 0x9c, 0x4a, 0x56, 0x02, 0x60, - 0x76, 0xff, 0xde, 0xd4, 0x8e, 0x76, 0xa3, 0x9c, 0x30, 0xb4, 0xa4, 0x73, - 0xe6, 0xb0, 0x70, 0xac, 0x67, 0x5f, 0x25, 0xd2, 0x94, 0xc5, 0x25, 0xb6, - 0xbf, 0xf6, 0x0b, 0xd8, 0x9f, 0x35, 0x8c, 0x20, 0xb6, 0xdd, 0x02, 0x82, - 0x01, 0x01, 0x00, 0xb5, 0x31, 0x9e, 0xa2, 0x10, 0x38, 0xca, 0x2b, 0x07, - 0xc9, 0x3f, 0x0f, 0x18, 0x2c, 0x98, 0x7f, 0x15, 0x87, 0x92, 0x93, 0x2e, - 0xce, 0x6b, 0x11, 0x42, 0x2a, 0x94, 0x3e, 0x31, 0xd0, 0xf5, 0xae, 0x9d, - 0xc7, 0x67, 0x51, 0x3c, 0x0a, 0x52, 0x04, 0x94, 0x86, 0x2e, 0x50, 0x32, - 0xe1, 0x48, 0x83, 0x85, 0xe8, 0x82, 0x04, 0x2f, 0x25, 0xbc, 0xea, 0xfc, - 0x3d, 0x4b, 0xd1, 0x53, 0x90, 0x61, 0x97, 0x47, 0x73, 0xcd, 0x1f, 0xa9, - 0x5a, 0x3f, 0xfb, 0xbf, 0xc3, 0xd5, 0x19, 0xb6, 0xd3, 0x59, 0x57, 0x37, - 0xd9, 0x09, 0x29, 0xd3, 0x80, 0xc4, 0xae, 0x52, 0xce, 0xce, 0x82, 0x29, - 0x6b, 0x95, 0x44, 0x69, 0x33, 0xfd, 0x6a, 0x6d, 0x65, 0xf7, 0xa9, 0xc0, - 0x65, 0x25, 0x91, 0x05, 0xdf, 0x07, 0xbe, 0x61, 0x5c, 0xaa, 0x8f, 0x87, - 0xc8, 0x43, 0xd7, 0x30, 0xd0, 0x8b, 0x25, 0xaf, 0xb8, 0x5d, 0x50, 0x4e, - 0x31, 0x4a, 0xc9, 0x79, 0x56, 0xbf, 0x8d, 0xcc, 0x40, 0xa7, 0xea, 0xd4, - 0xf7, 0x66, 0x86, 0xe2, 0x0b, 0xf3, 0x13, 0xbc, 0xdc, 0x0d, 0x62, 0x28, - 0x4e, 0xb7, 0x31, 0xb4, 0x5a, 0x9b, 0x97, 0x65, 0x76, 0x24, 0xbb, 0xef, - 0x90, 0x1b, 0xdb, 0x93, 0x98, 0xae, 0xce, 0xb0, 0x69, 0x82, 0x49, 0x94, - 0xc0, 0xc3, 0x8f, 0x9c, 0x5d, 0x26, 0x45, 0xa0, 0xad, 0x15, 0x3b, 0x6e, - 0xda, 0x6e, 0x78, 0xc1, 0x78, 0xc3, 0x15, 0x8e, 0x64, 0xaf, 0x50, 0xa6, - 0xb7, 0xd9, 0xfb, 0x8f, 0x68, 0xa0, 0x2d, 0x59, 0xa9, 0xce, 0x5b, 0xa7, - 0x91, 0x36, 0xb8, 0x05, 0x28, 0x31, 0x25, 0xc7, 0x7e, 0xa4, 0x68, 0x9d, - 0xea, 0x5c, 0x71, 0x10, 0x84, 0xab, 0xc4, 0xd7, 0xbe, 0x7d, 0xe9, 0x4a, - 0x11, 0x22, 0xa6, 0xd5, 0xa3, 0x6e, 0x46, 0x07, 0x70, 0x78, 0xcc, 0xd5, - 0xbc, 0xfe, 0xc4, 0x39, 0x58, 0xf4, 0xbb, 0x02, 0x82, 0x01, 0x01, 0x00, - 0xaa, 0x0c, 0x73, 0x30, 0x20, 0x8d, 0x15, 0x02, 0x4e, 0x4d, 0x6f, 0xfe, - 0x4b, 0x99, 0x79, 0x16, 0xf0, 0x94, 0x19, 0xc1, 0x40, 0xa2, 0x36, 0x78, - 0x73, 0x21, 0x78, 0x86, 0x83, 0xd1, 0x15, 0x28, 0x59, 0x00, 0xfa, 0x0a, - 0xf0, 0x1f, 0xab, 0x03, 0x38, 0x35, 0x50, 0x78, 0x32, 0xe6, 0xdf, 0x98, - 0x2b, 0x91, 0x7b, 0xd4, 0x84, 0x90, 0x43, 0xab, 0x5a, 0x24, 0x8b, 0xa3, - 0xb6, 0x08, 0x4d, 0x5b, 0x05, 0xb5, 0xad, 0x43, 0x74, 0x7e, 0x22, 0xb7, - 0x09, 0xb0, 0x3a, 0x78, 0x55, 0xfa, 0x4c, 0x3c, 0xa2, 0x2c, 0xa6, 0xf7, - 0x19, 0xff, 0x76, 0xa4, 0x3d, 0x1e, 0x99, 0x51, 0xa7, 0x4e, 0x76, 0x47, - 0x0f, 0x70, 0xef, 0x0b, 0x3f, 0xf2, 0x94, 0x36, 0xf3, 0x63, 0x76, 0xb9, - 0x09, 0x88, 0xbb, 0xfe, 0xf9, 0x86, 0x33, 0xdf, 0x81, 0xbe, 0x6f, 0xcc, - 0xa9, 0x75, 0x09, 0xe5, 0x8f, 0x8b, 0x42, 0xd0, 0x19, 0x03, 0x61, 0xd8, - 0xb5, 0x78, 0xcb, 0x9c, 0xbe, 0x63, 0x4d, 0xbd, 0xce, 0x5e, 0xae, 0x7f, - 0xae, 0x97, 0x88, 0x7b, 0xf4, 0x7a, 0x7b, 0xdb, 0xf6, 0x7e, 0x2c, 0x7d, - 0x95, 0x6e, 0x72, 0x3a, 0x48, 0x13, 0xdb, 0xf7, 0x10, 0x07, 0x83, 0xac, - 0xa1, 0x7a, 0x68, 0x18, 0x70, 0x18, 0x99, 0x7f, 0xf4, 0x8e, 0x93, 0x1a, - 0x40, 0x5d, 0x04, 0x07, 0xcb, 0x4d, 0xd7, 0x66, 0x96, 0xb5, 0xd3, 0x7d, - 0x8e, 0xfb, 0xe6, 0x12, 0xd0, 0x7d, 0xf0, 0xe7, 0x25, 0xa6, 0x7a, 0x86, - 0x01, 0x56, 0xdd, 0xc5, 0xb2, 0x31, 0x98, 0x67, 0x3a, 0xd0, 0x9a, 0xee, - 0x98, 0xca, 0x80, 0x52, 0x5a, 0x0e, 0xb7, 0xc4, 0xbf, 0xc0, 0x40, 0x24, - 0x6f, 0x3b, 0xa6, 0xf6, 0xab, 0x28, 0x9e, 0xe9, 0x39, 0x3f, 0x04, 0x4b, - 0xc4, 0xae, 0x55, 0xfd, 0xea, 0x87, 0xa5, 0xc5, 0x01, 0x99, 0x2e, 0x67, - 0x66, 0xb3, 0xfe, 0x41, 0x02, 0x82, 0x01, 0x00, 0x05, 0x26, 0x96, 0xf2, - 0xd6, 0x71, 0x36, 0xd6, 0x08, 0x4f, 0xa1, 0x3a, 0x45, 0x9e, 0xa6, 0xeb, - 0x1d, 0xea, 0x8f, 0xb1, 0x1d, 0x68, 0x82, 0xc4, 0xa7, 0xd3, 0xdc, 0x08, - 0xf4, 0x93, 0x93, 0x18, 0x56, 0xa5, 0xdf, 0x7b, 0x00, 0xb0, 0xee, 0x69, - 0xf0, 0xea, 0xeb, 0x90, 0x1e, 0x12, 0x27, 0x64, 0x8d, 0xbe, 0xf1, 0x4b, - 0x3b, 0x27, 0xe0, 0x79, 0xf1, 0x97, 0xb0, 0x7b, 0x0f, 0xdc, 0x0f, 0xda, - 0x24, 0x0e, 0xd7, 0xaa, 0xe9, 0xbe, 0x86, 0x09, 0x1b, 0x07, 0x6f, 0x1c, - 0x5f, 0x05, 0x1d, 0x0a, 0x0c, 0xad, 0x5f, 0xc4, 0x4f, 0x9d, 0xde, 0x79, - 0x72, 0x23, 0x2c, 0xdd, 0xa8, 0x5d, 0xc5, 0x8d, 0x7f, 0x4c, 0x1a, 0x0d, - 0x17, 0x75, 0x09, 0x98, 0x4a, 0xbe, 0xd5, 0x55, 0x8d, 0x0c, 0x2d, 0x05, - 0x2d, 0x71, 0x5b, 0xeb, 0xde, 0x99, 0x43, 0xcc, 0x6f, 0x37, 0xce, 0x6c, - 0xd0, 0xd4, 0xf5, 0xda, 0x1d, 0x8e, 0xeb, 0x28, 0x55, 0x09, 0xb1, 0x42, - 0x4f, 0xa7, 0x1a, 0xde, 0xe3, 0x14, 0xf1, 0x56, 0x2e, 0x40, 0xd6, 0xb5, - 0x1d, 0xee, 0x47, 0x77, 0x1d, 0xdc, 0x36, 0xfa, 0xf3, 0xbc, 0x8b, 0xa5, - 0xbf, 0x1d, 0x9f, 0xa7, 0xb4, 0x04, 0xad, 0xb6, 0x0d, 0x39, 0x0e, 0xe7, - 0x13, 0x3e, 0xbc, 0x94, 0x68, 0xe5, 0x1d, 0xea, 0x0c, 0x30, 0xdd, 0xb0, - 0xa7, 0x03, 0xa4, 0x91, 0xde, 0xf1, 0xd8, 0xa8, 0x18, 0x1f, 0xdd, 0xb3, - 0xd4, 0x2b, 0x6a, 0x8c, 0x69, 0x60, 0xda, 0x92, 0x7b, 0x1e, 0x27, 0x47, - 0x82, 0xbf, 0xff, 0xfc, 0xbd, 0x03, 0xb4, 0xc1, 0x80, 0x6c, 0x07, 0x11, - 0xa2, 0xdd, 0x27, 0xc1, 0x4d, 0x93, 0xe6, 0xf2, 0xd3, 0xdc, 0x61, 0xa1, - 0xa3, 0xdc, 0x67, 0x69, 0xe5, 0x50, 0x1d, 0x63, 0x0e, 0xb9, 0xa9, 0x9d, - 0xd6, 0x02, 0x4d, 0x7c, 0xcd, 0x2a, 0xa5, 0x37, 0x60, 0xc5, 0xf5, 0x97, - 0x02, 0x82, 0x01, 0x00, 0x14, 0x8b, 0x04, 0xdb, 0x4e, 0x41, 0x4a, 0xcd, - 0x86, 0x2e, 0x5f, 0x13, 0xb3, 0x48, 0x1e, 0x00, 0xdf, 0x8d, 0x0b, 0x35, - 0x51, 0x51, 0x1b, 0x16, 0x3d, 0x49, 0x4e, 0xe1, 0xee, 0x4d, 0xc7, 0x03, - 0xc0, 0xf6, 0x5c, 0x6c, 0x36, 0xe8, 0x22, 0xa5, 0x79, 0xb4, 0x4c, 0xce, - 0xa8, 0x45, 0x12, 0x2c, 0xf3, 0x6a, 0xcd, 0x33, 0xbd, 0xd0, 0x84, 0x4d, - 0xf7, 0x8f, 0xb5, 0x80, 0x1f, 0x18, 0x52, 0xad, 0xad, 0xce, 0xcd, 0x94, - 0xc9, 0xc6, 0xb4, 0xd2, 0x14, 0x29, 0xe4, 0xc7, 0x40, 0xf1, 0x0b, 0x85, - 0x43, 0xaf, 0x11, 0xd3, 0x46, 0x0a, 0xb1, 0x15, 0x87, 0x1f, 0x4e, 0x2e, - 0xc1, 0x11, 0xe9, 0x24, 0x70, 0x40, 0xba, 0x0b, 0x0e, 0x4a, 0xac, 0x45, - 0x21, 0xcc, 0x6d, 0xa4, 0x1d, 0x55, 0x33, 0x89, 0x4c, 0x65, 0x21, 0x23, - 0xab, 0x61, 0x31, 0xcb, 0x11, 0x65, 0xb3, 0x80, 0xa4, 0x5a, 0x2b, 0xf1, - 0x65, 0xdb, 0x4c, 0x58, 0x5a, 0xbe, 0xf3, 0x15, 0xcd, 0x94, 0xa1, 0xe4, - 0xcb, 0x30, 0xfa, 0xe1, 0x28, 0x51, 0x52, 0xd2, 0xb8, 0xb4, 0x8c, 0xfc, - 0x3a, 0xcc, 0xd1, 0x19, 0xa2, 0x27, 0x36, 0xfa, 0xc4, 0x23, 0x96, 0xb9, - 0xc7, 0x74, 0xca, 0xf1, 0x45, 0x1f, 0x4b, 0xc2, 0x77, 0x4d, 0x32, 0x3f, - 0xab, 0x7a, 0xd9, 0x2b, 0x22, 0x1d, 0xcb, 0x24, 0x58, 0x29, 0xa3, 0xb8, - 0x92, 0xdb, 0x1c, 0xda, 0x84, 0x01, 0xca, 0x6d, 0x4a, 0x50, 0xd4, 0x2b, - 0x79, 0xfa, 0xc5, 0x4c, 0x9d, 0x79, 0x49, 0xf1, 0xde, 0xbd, 0x3f, 0x50, - 0xa7, 0xa6, 0xc6, 0xc7, 0x99, 0x61, 0x9b, 0xda, 0x38, 0xdc, 0xbe, 0x85, - 0x75, 0x81, 0xb9, 0x0f, 0x33, 0xd0, 0xd4, 0xd0, 0xaa, 0xbd, 0x32, 0xc9, - 0x62, 0xe8, 0x21, 0x24, 0xeb, 0x03, 0x73, 0x46, 0xb3, 0x84, 0x65, 0xf2, - 0x40, 0x7d, 0x1b, 0x1b, 0x8f, 0x86, 0x7c, 0xe7 -}; - -/* The corresponding public key, DER. */ -static const unsigned char rsa_pub_key[] = { - 0x30, 0x82, 0x02, 0x0a, 0x02, 0x82, 0x02, 0x01, 0x00, 0xa3, 0x14, 0xe4, - 0xb8, 0xd8, 0x58, 0x0d, 0xab, 0xd7, 0x87, 0xa4, 0xf6, 0x84, 0x51, 0x74, - 0x60, 0x4c, 0xe3, 0x60, 0x28, 0x89, 0x49, 0x65, 0x18, 0x5c, 0x8f, 0x1a, - 0x1b, 0xe9, 0xdb, 0xc1, 0xc1, 0xf7, 0x08, 0x27, 0x44, 0xe5, 0x9d, 0x9a, - 0x33, 0xc3, 0xac, 0x5a, 0xca, 0xba, 0x20, 0x5a, 0x9e, 0x3a, 0x18, 0xb5, - 0x3d, 0xe3, 0x9d, 0x94, 0x58, 0xa7, 0xa9, 0x5a, 0x0b, 0x4f, 0xb8, 0xe5, - 0xa3, 0x7b, 0x01, 0x11, 0x0f, 0x16, 0x11, 0xb8, 0x65, 0x2f, 0xa8, 0x95, - 0xf7, 0x58, 0x2c, 0xec, 0x1d, 0x41, 0xad, 0xd1, 0x12, 0xca, 0x4a, 0x80, - 0x35, 0x35, 0x43, 0x7e, 0xe0, 0x97, 0xfc, 0x86, 0x8f, 0xcf, 0x4b, 0xdc, - 0xbc, 0x15, 0x2c, 0x8e, 0x90, 0x84, 0x26, 0x83, 0xc1, 0x96, 0x97, 0xf4, - 0xd7, 0x90, 0xce, 0xfe, 0xd4, 0xf3, 0x70, 0x22, 0xa8, 0xb0, 0x1f, 0xed, - 0x08, 0xd7, 0xc5, 0xc0, 0xd6, 0x41, 0x6b, 0x24, 0x68, 0x5c, 0x07, 0x1f, - 0x44, 0x97, 0xd8, 0x6e, 0x18, 0x93, 0x67, 0xc3, 0xba, 0x3a, 0xaf, 0xfd, - 0xc2, 0x65, 0x00, 0x21, 0x63, 0xdf, 0xb7, 0x28, 0x68, 0xd6, 0xc0, 0x20, - 0x86, 0x92, 0xed, 0x68, 0x6a, 0x27, 0x3a, 0x07, 0xec, 0x66, 0x00, 0xfe, - 0x51, 0x51, 0x86, 0x41, 0x6f, 0x83, 0x69, 0xd2, 0xf0, 0xe6, 0xf7, 0x61, - 0xda, 0x12, 0x45, 0x53, 0x09, 0xdf, 0xf8, 0x42, 0xc7, 0x30, 0x6a, 0xe5, - 0xd8, 0x2b, 0xa2, 0x49, 0x7a, 0x05, 0x10, 0xee, 0xb2, 0x59, 0x0a, 0xe5, - 0xbe, 0xf8, 0x4d, 0x0f, 0xa8, 0x9e, 0x63, 0x81, 0x39, 0x32, 0xaa, 0xfd, - 0xa8, 0x03, 0xf6, 0xd8, 0xc6, 0xaa, 0x02, 0x93, 0x03, 0xeb, 0x15, 0xd3, - 0x38, 0xc8, 0x1a, 0x78, 0xcf, 0xf3, 0xa7, 0x9f, 0x98, 0x4b, 0x91, 0x5b, - 0x79, 0xf8, 0x4e, 0x53, 0xaf, 0x0c, 0x65, 0xe9, 0xb0, 0x93, 0xc2, 0xcb, - 0x5d, 0x3c, 0x5f, 0x6e, 0x39, 0xd2, 0x58, 0x23, 0x50, 0xe5, 0x2e, 0xef, - 0x12, 0x00, 0xa4, 0x59, 0x13, 0x2b, 0x2f, 0x2c, 0x0a, 0x7b, 0x36, 0x89, - 0xc5, 0xe5, 0x8f, 0x95, 0x5e, 0x14, 0x0f, 0x0f, 0x94, 0x5a, 0xe9, 0xdc, - 0x0b, 0x49, 0x14, 0xbe, 0x0a, 0x70, 0x45, 0xc1, 0x7c, 0xbf, 0x83, 0x70, - 0xfd, 0x3d, 0x99, 0xe6, 0x8a, 0xf5, 0x9c, 0x09, 0x71, 0x84, 0x9a, 0x18, - 0xa0, 0xe0, 0x6c, 0x43, 0x5c, 0x7e, 0x48, 0x33, 0xc8, 0xbe, 0x5d, 0xdd, - 0xd8, 0x77, 0xe3, 0xe7, 0x6b, 0x34, 0x4b, 0xa2, 0xb7, 0x54, 0x07, 0x72, - 0x2e, 0xab, 0xa9, 0x91, 0x1e, 0x4b, 0xe3, 0xb5, 0xd8, 0xfa, 0x35, 0x64, - 0x8a, 0xe9, 0x03, 0xa1, 0xa8, 0x26, 0xbd, 0x72, 0x58, 0x10, 0x6a, 0xec, - 0x1a, 0xf6, 0x1e, 0xb8, 0xc0, 0x46, 0x19, 0x31, 0x2c, 0xca, 0xf9, 0x6a, - 0xd7, 0x2e, 0xd0, 0xa7, 0x2c, 0x60, 0x58, 0xc4, 0x8f, 0x46, 0x63, 0x61, - 0x8d, 0x29, 0x6f, 0xe2, 0x5f, 0xe2, 0x43, 0x90, 0x9c, 0xe6, 0xfc, 0x08, - 0x41, 0xc8, 0xb5, 0x23, 0x56, 0x24, 0x3e, 0x3a, 0x2c, 0x41, 0x22, 0x43, - 0xda, 0x22, 0x15, 0x2b, 0xad, 0xd0, 0xfa, 0xc8, 0x47, 0x44, 0xe6, 0x2a, - 0xf9, 0x38, 0x90, 0x13, 0x62, 0x22, 0xea, 0x06, 0x8c, 0x44, 0x9c, 0xd6, - 0xca, 0x50, 0x93, 0xe9, 0xd4, 0x03, 0xd8, 0x3e, 0x71, 0x36, 0x4b, 0xaa, - 0xab, 0xbb, 0xe2, 0x48, 0x66, 0x26, 0x53, 0xb1, 0x6d, 0x3b, 0x82, 0x2c, - 0x8c, 0x25, 0x05, 0xf0, 0xf8, 0xcf, 0x55, 0xbf, 0x8e, 0x29, 0xf7, 0x54, - 0x5b, 0x6f, 0x30, 0x54, 0xa6, 0xad, 0x46, 0xff, 0x22, 0x95, 0xb1, 0x87, - 0x98, 0x00, 0x51, 0x69, 0x15, 0x07, 0xbd, 0x3d, 0x9c, 0x6e, 0xaa, 0xaa, - 0x3b, 0x0b, 0x74, 0x65, 0x4c, 0x04, 0xe0, 0x80, 0x3e, 0xaf, 0x5e, 0x10, - 0xd6, 0x9b, 0x28, 0x37, 0x6f, 0x02, 0x03, 0x01, 0x00, 0x01 -}; diff --git a/demos/signature/rsa_pss_direct.c b/demos/signature/rsa_pss_direct.c deleted file mode 100644 index 1ecfa9d89747e74a8c5dc7ee15b139f12a480d86..0000000000000000000000000000000000000000 --- a/demos/signature/rsa_pss_direct.c +++ /dev/null @@ -1,204 +0,0 @@ -/* - * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include "rsa_pss.h" - -/* - * The digest to be signed. This should be the output of a hash function. - * Here we sign an all-zeroes digest for demonstration purposes. - */ -static const unsigned char test_digest[32] = {0}; - -/* A property query used for selecting algorithm implementations. */ -static const char *propq = NULL; - -/* - * This function demonstrates RSA signing of a SHA-256 digest using the PSS - * padding scheme. You must already have hashed the data you want to sign. - * For a higher-level demonstration which does the hashing for you, see - * rsa_pss_hash.c. - * - * For more information, see RFC 8017 section 9.1. The digest passed in - * (test_digest above) corresponds to the 'mHash' value. - */ -static int sign(OSSL_LIB_CTX *libctx, unsigned char **sig, size_t *sig_len) -{ - int rv = 0; - EVP_PKEY *pkey = NULL; - EVP_PKEY_CTX *ctx = NULL; - EVP_MD *md = NULL; - const unsigned char *ppriv_key = NULL; - - *sig = NULL; - - /* Load DER-encoded RSA private key. */ - ppriv_key = rsa_priv_key; - pkey = d2i_PrivateKey_ex(EVP_PKEY_RSA, NULL, &ppriv_key, - sizeof(rsa_priv_key), libctx, propq); - if (pkey == NULL) { - fprintf(stderr, "Failed to load private key\n"); - goto end; - } - - /* Fetch hash algorithm we want to use. */ - md = EVP_MD_fetch(libctx, "SHA256", propq); - if (md == NULL) { - fprintf(stderr, "Failed to fetch hash algorithm\n"); - goto end; - } - - /* Create signing context. */ - ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, propq); - if (ctx == NULL) { - fprintf(stderr, "Failed to create signing context\n"); - goto end; - } - - /* Initialize context for signing and set options. */ - if (EVP_PKEY_sign_init(ctx) == 0) { - fprintf(stderr, "Failed to initialize signing context\n"); - goto end; - } - - if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PSS_PADDING) == 0) { - fprintf(stderr, "Failed to configure padding\n"); - goto end; - } - - if (EVP_PKEY_CTX_set_signature_md(ctx, md) == 0) { - fprintf(stderr, "Failed to configure digest type\n"); - goto end; - } - - /* Determine length of signature. */ - if (EVP_PKEY_sign(ctx, NULL, sig_len, - test_digest, sizeof(test_digest)) == 0) { - fprintf(stderr, "Failed to get signature length\n"); - goto end; - } - - /* Allocate memory for signature. */ - *sig = OPENSSL_malloc(*sig_len); - if (*sig == NULL) { - fprintf(stderr, "Failed to allocate memory for signature\n"); - goto end; - } - - /* Generate signature. */ - if (EVP_PKEY_sign(ctx, *sig, sig_len, - test_digest, sizeof(test_digest)) != 1) { - fprintf(stderr, "Failed to sign\n"); - goto end; - } - - rv = 1; -end: - EVP_PKEY_CTX_free(ctx); - EVP_PKEY_free(pkey); - EVP_MD_free(md); - - if (rv == 0) - OPENSSL_free(*sig); - - return rv; -} - -/* - * This function demonstrates verification of an RSA signature over a SHA-256 - * digest using the PSS signature scheme. - */ -static int verify(OSSL_LIB_CTX *libctx, const unsigned char *sig, size_t sig_len) -{ - int rv = 0; - const unsigned char *ppub_key = NULL; - EVP_PKEY *pkey = NULL; - EVP_PKEY_CTX *ctx = NULL; - EVP_MD *md = NULL; - - /* Load DER-encoded RSA public key. */ - ppub_key = rsa_pub_key; - pkey = d2i_PublicKey(EVP_PKEY_RSA, NULL, &ppub_key, sizeof(rsa_pub_key)); - if (pkey == NULL) { - fprintf(stderr, "Failed to load public key\n"); - goto end; - } - - /* Fetch hash algorithm we want to use. */ - md = EVP_MD_fetch(libctx, "SHA256", propq); - if (md == NULL) { - fprintf(stderr, "Failed to fetch hash algorithm\n"); - goto end; - } - - /* Create verification context. */ - ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, propq); - if (ctx == NULL) { - fprintf(stderr, "Failed to create verification context\n"); - goto end; - } - - /* Initialize context for verification and set options. */ - if (EVP_PKEY_verify_init(ctx) == 0) { - fprintf(stderr, "Failed to initialize verification context\n"); - goto end; - } - - if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PSS_PADDING) == 0) { - fprintf(stderr, "Failed to configure padding\n"); - goto end; - } - - if (EVP_PKEY_CTX_set_signature_md(ctx, md) == 0) { - fprintf(stderr, "Failed to configure digest type\n"); - goto end; - } - - /* Verify signature. */ - if (EVP_PKEY_verify(ctx, sig, sig_len, - test_digest, sizeof(test_digest)) == 0) { - fprintf(stderr, "Failed to verify signature; " - "signature may be invalid\n"); - goto end; - } - - rv = 1; -end: - EVP_PKEY_CTX_free(ctx); - EVP_PKEY_free(pkey); - EVP_MD_free(md); - return rv; -} - -int main(int argc, char **argv) -{ - int rv = 1; - OSSL_LIB_CTX *libctx = NULL; - unsigned char *sig = NULL; - size_t sig_len = 0; - - if (sign(libctx, &sig, &sig_len) == 0) - goto end; - - if (verify(libctx, sig, sig_len) == 0) - goto end; - - rv = 0; -end: - OPENSSL_free(sig); - OSSL_LIB_CTX_free(libctx); - return rv; -} diff --git a/demos/signature/rsa_pss_hash.c b/demos/signature/rsa_pss_hash.c deleted file mode 100644 index e1d4e7cc9d0b5ee3d94aa9a2678e9292716dfa3e..0000000000000000000000000000000000000000 --- a/demos/signature/rsa_pss_hash.c +++ /dev/null @@ -1,189 +0,0 @@ -/* - * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include "rsa_pss.h" - -/* The data to be signed. This will be hashed. */ -static const char test_message[] = - "This is an example message to be signed."; - -/* A property query used for selecting algorithm implementations. */ -static const char *propq = NULL; - -/* - * This function demonstrates RSA signing of an arbitrary-length message. - * Hashing is performed automatically. In this example, SHA-256 is used. If you - * have already hashed your message and simply want to sign the hash directly, - * see rsa_pss_direct.c. - */ -static int sign(OSSL_LIB_CTX *libctx, unsigned char **sig, size_t *sig_len) -{ - int rv = 0; - EVP_PKEY *pkey = NULL; - EVP_MD_CTX *mctx = NULL; - OSSL_PARAM params[2], *p = params; - const unsigned char *ppriv_key = NULL; - - *sig = NULL; - - /* Load DER-encoded RSA private key. */ - ppriv_key = rsa_priv_key; - pkey = d2i_PrivateKey_ex(EVP_PKEY_RSA, NULL, &ppriv_key, - sizeof(rsa_priv_key), libctx, propq); - if (pkey == NULL) { - fprintf(stderr, "Failed to load private key\n"); - goto end; - } - - /* Create MD context used for signing. */ - mctx = EVP_MD_CTX_new(); - if (mctx == NULL) { - fprintf(stderr, "Failed to create MD context\n"); - goto end; - } - - /* Initialize MD context for signing. */ - *p++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_PAD_MODE, - OSSL_PKEY_RSA_PAD_MODE_PSS, 0); - *p = OSSL_PARAM_construct_end(); - - if (EVP_DigestSignInit_ex(mctx, NULL, "SHA256", libctx, propq, - pkey, params) == 0) { - fprintf(stderr, "Failed to initialize signing context\n"); - goto end; - } - - /* - * Feed data to be signed into the algorithm. This may - * be called multiple times. - */ - if (EVP_DigestSignUpdate(mctx, test_message, sizeof(test_message)) == 0) { - fprintf(stderr, "Failed to hash message into signing context\n"); - goto end; - } - - /* Determine signature length. */ - if (EVP_DigestSignFinal(mctx, NULL, sig_len) == 0) { - fprintf(stderr, "Failed to get signature length\n"); - goto end; - } - - /* Allocate memory for signature. */ - *sig = OPENSSL_malloc(*sig_len); - if (*sig == NULL) { - fprintf(stderr, "Failed to allocate memory for signature\n"); - goto end; - } - - /* Generate signature. */ - if (EVP_DigestSignFinal(mctx, *sig, sig_len) == 0) { - fprintf(stderr, "Failed to sign\n"); - goto end; - } - - rv = 1; -end: - EVP_MD_CTX_free(mctx); - EVP_PKEY_free(pkey); - - if (rv == 0) - OPENSSL_free(*sig); - - return rv; -} - -/* - * This function demonstrates verification of an RSA signature over an - * arbitrary-length message using the PSS signature scheme. Hashing is performed - * automatically. - */ -static int verify(OSSL_LIB_CTX *libctx, const unsigned char *sig, size_t sig_len) -{ - int rv = 0; - EVP_PKEY *pkey = NULL; - EVP_MD_CTX *mctx = NULL; - OSSL_PARAM params[2], *p = params; - const unsigned char *ppub_key = NULL; - - /* Load DER-encoded RSA public key. */ - ppub_key = rsa_pub_key; - pkey = d2i_PublicKey(EVP_PKEY_RSA, NULL, &ppub_key, sizeof(rsa_pub_key)); - if (pkey == NULL) { - fprintf(stderr, "Failed to load public key\n"); - goto end; - } - - /* Create MD context used for verification. */ - mctx = EVP_MD_CTX_new(); - if (mctx == NULL) { - fprintf(stderr, "Failed to create MD context\n"); - goto end; - } - - /* Initialize MD context for verification. */ - *p++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_PAD_MODE, - OSSL_PKEY_RSA_PAD_MODE_PSS, 0); - *p = OSSL_PARAM_construct_end(); - - if (EVP_DigestVerifyInit_ex(mctx, NULL, "SHA256", libctx, propq, - pkey, params) == 0) { - fprintf(stderr, "Failed to initialize signing context\n"); - goto end; - } - - /* - * Feed data to be signed into the algorithm. This may - * be called multiple times. - */ - if (EVP_DigestVerifyUpdate(mctx, test_message, sizeof(test_message)) == 0) { - fprintf(stderr, "Failed to hash message into signing context\n"); - goto end; - } - - /* Verify signature. */ - if (EVP_DigestVerifyFinal(mctx, sig, sig_len) == 0) { - fprintf(stderr, "Failed to verify signature; " - "signature may be invalid\n"); - goto end; - } - - rv = 1; -end: - EVP_MD_CTX_free(mctx); - EVP_PKEY_free(pkey); - return rv; -} - -int main(int argc, char **argv) -{ - int rv = 1; - OSSL_LIB_CTX *libctx = NULL; - unsigned char *sig = NULL; - size_t sig_len = 0; - - if (sign(libctx, &sig, &sig_len) == 0) - goto end; - - if (verify(libctx, sig, sig_len) == 0) - goto end; - - rv = 0; -end: - OPENSSL_free(sig); - OSSL_LIB_CTX_free(libctx); - return rv; -} diff --git a/demos/smime/smdec.c b/demos/smime/smdec.c deleted file mode 100644 index debcedd5e866cfe9772f7c0dec27ea03f0f799fc..0000000000000000000000000000000000000000 --- a/demos/smime/smdec.c +++ /dev/null @@ -1,78 +0,0 @@ -/* - * Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* Simple S/MIME signing example */ -#include -#include -#include - -int main(int argc, char **argv) -{ - BIO *in = NULL, *out = NULL, *tbio = NULL; - X509 *rcert = NULL; - EVP_PKEY *rkey = NULL; - PKCS7 *p7 = NULL; - int ret = 1; - - OpenSSL_add_all_algorithms(); - ERR_load_crypto_strings(); - - /* Read in recipient certificate and private key */ - tbio = BIO_new_file("signer.pem", "r"); - - if (!tbio) - goto err; - - rcert = PEM_read_bio_X509(tbio, NULL, 0, NULL); - - BIO_reset(tbio); - - rkey = PEM_read_bio_PrivateKey(tbio, NULL, 0, NULL); - - if (!rcert || !rkey) - goto err; - - /* Open content being signed */ - - in = BIO_new_file("smencr.txt", "r"); - - if (!in) - goto err; - - /* Sign content */ - p7 = SMIME_read_PKCS7(in, NULL); - - if (!p7) - goto err; - - out = BIO_new_file("encrout.txt", "w"); - if (!out) - goto err; - - /* Decrypt S/MIME message */ - if (!PKCS7_decrypt(p7, rkey, rcert, out, 0)) - goto err; - - ret = 0; - - err: - if (ret) { - fprintf(stderr, "Error Signing Data\n"); - ERR_print_errors_fp(stderr); - } - PKCS7_free(p7); - X509_free(rcert); - EVP_PKEY_free(rkey); - BIO_free(in); - BIO_free(out); - BIO_free(tbio); - - return ret; - -} diff --git a/demos/smime/smenc.c b/demos/smime/smenc.c deleted file mode 100644 index 0714dddfd2c917cfff61c02df9639f1d2310e5e6..0000000000000000000000000000000000000000 --- a/demos/smime/smenc.c +++ /dev/null @@ -1,91 +0,0 @@ -/* - * Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* Simple S/MIME encrypt example */ -#include -#include -#include - -int main(int argc, char **argv) -{ - BIO *in = NULL, *out = NULL, *tbio = NULL; - X509 *rcert = NULL; - STACK_OF(X509) *recips = NULL; - PKCS7 *p7 = NULL; - int ret = 1; - - /* - * On OpenSSL 0.9.9 only: - * for streaming set PKCS7_STREAM - */ - int flags = PKCS7_STREAM; - - OpenSSL_add_all_algorithms(); - ERR_load_crypto_strings(); - - /* Read in recipient certificate */ - tbio = BIO_new_file("signer.pem", "r"); - - if (!tbio) - goto err; - - rcert = PEM_read_bio_X509(tbio, NULL, 0, NULL); - - if (!rcert) - goto err; - - /* Create recipient STACK and add recipient cert to it */ - recips = sk_X509_new_null(); - - if (!recips || !sk_X509_push(recips, rcert)) - goto err; - - /* - * sk_X509_pop_free will free up recipient STACK and its contents so set - * rcert to NULL so it isn't freed up twice. - */ - rcert = NULL; - - /* Open content being encrypted */ - - in = BIO_new_file("encr.txt", "r"); - - if (!in) - goto err; - - /* encrypt content */ - p7 = PKCS7_encrypt(recips, in, EVP_des_ede3_cbc(), flags); - - if (!p7) - goto err; - - out = BIO_new_file("smencr.txt", "w"); - if (!out) - goto err; - - /* Write out S/MIME message */ - if (!SMIME_write_PKCS7(out, p7, in, flags)) - goto err; - - ret = 0; - - err: - if (ret) { - fprintf(stderr, "Error Encrypting Data\n"); - ERR_print_errors_fp(stderr); - } - PKCS7_free(p7); - X509_free(rcert); - sk_X509_pop_free(recips, X509_free); - BIO_free(in); - BIO_free(out); - BIO_free(tbio); - return ret; - -} diff --git a/demos/smime/smsign.c b/demos/smime/smsign.c deleted file mode 100644 index ac2c27b52591b8111f8ef5c29ec8b7bee42ea5ed..0000000000000000000000000000000000000000 --- a/demos/smime/smsign.c +++ /dev/null @@ -1,88 +0,0 @@ -/* - * Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* Simple S/MIME signing example */ -#include -#include -#include - -int main(int argc, char **argv) -{ - BIO *in = NULL, *out = NULL, *tbio = NULL; - X509 *scert = NULL; - EVP_PKEY *skey = NULL; - PKCS7 *p7 = NULL; - int ret = 1; - - /* - * For simple S/MIME signing use PKCS7_DETACHED. On OpenSSL 0.9.9 only: - * for streaming detached set PKCS7_DETACHED|PKCS7_STREAM for streaming - * non-detached set PKCS7_STREAM - */ - int flags = PKCS7_DETACHED | PKCS7_STREAM; - - OpenSSL_add_all_algorithms(); - ERR_load_crypto_strings(); - - /* Read in signer certificate and private key */ - tbio = BIO_new_file("signer.pem", "r"); - - if (!tbio) - goto err; - - scert = PEM_read_bio_X509(tbio, NULL, 0, NULL); - - BIO_reset(tbio); - - skey = PEM_read_bio_PrivateKey(tbio, NULL, 0, NULL); - - if (!scert || !skey) - goto err; - - /* Open content being signed */ - - in = BIO_new_file("sign.txt", "r"); - - if (!in) - goto err; - - /* Sign content */ - p7 = PKCS7_sign(scert, skey, NULL, in, flags); - - if (!p7) - goto err; - - out = BIO_new_file("smout.txt", "w"); - if (!out) - goto err; - - if (!(flags & PKCS7_STREAM)) - BIO_reset(in); - - /* Write out S/MIME message */ - if (!SMIME_write_PKCS7(out, p7, in, flags)) - goto err; - - ret = 0; - - err: - if (ret) { - fprintf(stderr, "Error Signing Data\n"); - ERR_print_errors_fp(stderr); - } - PKCS7_free(p7); - X509_free(scert); - EVP_PKEY_free(skey); - BIO_free(in); - BIO_free(out); - BIO_free(tbio); - - return ret; - -} diff --git a/demos/smime/smsign2.c b/demos/smime/smsign2.c deleted file mode 100644 index a9e70257481bda42e23eeae41630877ecee6e940..0000000000000000000000000000000000000000 --- a/demos/smime/smsign2.c +++ /dev/null @@ -1,96 +0,0 @@ -/* - * Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* S/MIME signing example: 2 signers. OpenSSL 0.9.9 only */ -#include -#include -#include - -int main(int argc, char **argv) -{ - BIO *in = NULL, *out = NULL, *tbio = NULL; - X509 *scert = NULL, *scert2 = NULL; - EVP_PKEY *skey = NULL, *skey2 = NULL; - PKCS7 *p7 = NULL; - int ret = 1; - - OpenSSL_add_all_algorithms(); - ERR_load_crypto_strings(); - - tbio = BIO_new_file("signer.pem", "r"); - - if (!tbio) - goto err; - - scert = PEM_read_bio_X509(tbio, NULL, 0, NULL); - - BIO_reset(tbio); - - skey = PEM_read_bio_PrivateKey(tbio, NULL, 0, NULL); - - BIO_free(tbio); - - tbio = BIO_new_file("signer2.pem", "r"); - - if (!tbio) - goto err; - - scert2 = PEM_read_bio_X509(tbio, NULL, 0, NULL); - - BIO_reset(tbio); - - skey2 = PEM_read_bio_PrivateKey(tbio, NULL, 0, NULL); - - if (!scert2 || !skey2) - goto err; - - in = BIO_new_file("sign.txt", "r"); - - if (!in) - goto err; - - p7 = PKCS7_sign(NULL, NULL, NULL, in, PKCS7_STREAM | PKCS7_PARTIAL); - - if (!p7) - goto err; - - /* Add each signer in turn */ - - if (!PKCS7_sign_add_signer(p7, scert, skey, NULL, 0)) - goto err; - - if (!PKCS7_sign_add_signer(p7, scert2, skey2, NULL, 0)) - goto err; - - out = BIO_new_file("smout.txt", "w"); - if (!out) - goto err; - - /* NB: content included and finalized by SMIME_write_PKCS7 */ - - if (!SMIME_write_PKCS7(out, p7, in, PKCS7_STREAM)) - goto err; - - ret = 0; - - err: - if (ret) { - fprintf(stderr, "Error Signing Data\n"); - ERR_print_errors_fp(stderr); - } - PKCS7_free(p7); - X509_free(scert); - EVP_PKEY_free(skey); - X509_free(scert2); - EVP_PKEY_free(skey2); - BIO_free(in); - BIO_free(out); - BIO_free(tbio); - return ret; -} diff --git a/demos/smime/smver.c b/demos/smime/smver.c deleted file mode 100644 index 5d552b18082ab5a77bfabbc8c0746ef77f29726e..0000000000000000000000000000000000000000 --- a/demos/smime/smver.c +++ /dev/null @@ -1,87 +0,0 @@ -/* - * Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -/* Simple S/MIME verification example */ -#include -#include -#include - -int main(int argc, char **argv) -{ - BIO *in = NULL, *out = NULL, *tbio = NULL, *cont = NULL; - X509_STORE *st = NULL; - X509 *cacert = NULL; - PKCS7 *p7 = NULL; - - int ret = 1; - - OpenSSL_add_all_algorithms(); - ERR_load_crypto_strings(); - - /* Set up trusted CA certificate store */ - - st = X509_STORE_new(); - if (st == NULL) - goto err; - - /* Read in signer certificate and private key */ - tbio = BIO_new_file("cacert.pem", "r"); - - if (tbio == NULL) - goto err; - - cacert = PEM_read_bio_X509(tbio, NULL, 0, NULL); - - if (cacert == NULL) - goto err; - - if (!X509_STORE_add_cert(st, cacert)) - goto err; - - /* Open content being signed */ - - in = BIO_new_file("smout.txt", "r"); - - if (in == NULL) - goto err; - - /* Sign content */ - p7 = SMIME_read_PKCS7(in, &cont); - - if (p7 == NULL) - goto err; - - /* File to output verified content to */ - out = BIO_new_file("smver.txt", "w"); - if (out == NULL) - goto err; - - if (!PKCS7_verify(p7, NULL, st, cont, out, 0)) { - fprintf(stderr, "Verification Failure\n"); - goto err; - } - - fprintf(stderr, "Verification Successful\n"); - - ret = 0; - - err: - if (ret) { - fprintf(stderr, "Error Verifying Data\n"); - ERR_print_errors_fp(stderr); - } - - X509_STORE_free(st); - PKCS7_free(p7); - X509_free(cacert); - BIO_free(in); - BIO_free(out); - BIO_free(tbio); - return ret; -} diff --git a/doc/README.md b/doc/README.md deleted file mode 100644 index 12bb37ddb8fce0b3be3bb7c2adcf36e146558b46..0000000000000000000000000000000000000000 --- a/doc/README.md +++ /dev/null @@ -1,30 +0,0 @@ -OpenSSL Documentation -===================== - -README.md This file - -[fingerprints.txt](fingerprints.txt) - PGP fingerprints of authorised release signers - -standards.txt -standards.txt - Moved to the web, - -[HOWTO/](HOWTO/) - A few how-to documents; not necessarily up-to-date - -[man1/](man1/) - The openssl command-line tools; start with openssl.pod - -[man3/](man3/) - The SSL library and the crypto library - -[man5/](man5/) - File formats - -[man7/](man7/) - Overviews; start with crypto.pod and ssl.pod, for example - Algorithm specific EVP_PKEY documentation. - -Formatted versions of the manpages (apps,ssl,crypto) can be found at - diff --git a/doc/build.info b/doc/build.info deleted file mode 100644 index 36a792c2bda414ef6792a4d3096762a5cebbd82a..0000000000000000000000000000000000000000 --- a/doc/build.info +++ /dev/null @@ -1,4812 +0,0 @@ -SUBDIRS = man1 - -DEPEND[html/man1/CA.pl.html]=man1/CA.pl.pod -GENERATE[html/man1/CA.pl.html]=man1/CA.pl.pod -DEPEND[man/man1/CA.pl.1]=man1/CA.pl.pod -GENERATE[man/man1/CA.pl.1]=man1/CA.pl.pod -DEPEND[html/man1/openssl-asn1parse.html]=man1/openssl-asn1parse.pod -GENERATE[html/man1/openssl-asn1parse.html]=man1/openssl-asn1parse.pod -DEPEND[man/man1/openssl-asn1parse.1]=man1/openssl-asn1parse.pod -GENERATE[man/man1/openssl-asn1parse.1]=man1/openssl-asn1parse.pod -DEPEND[man1/openssl-asn1parse.pod]{pod}=man1/openssl-asn1parse.pod.in -GENERATE[man1/openssl-asn1parse.pod]=man1/openssl-asn1parse.pod.in -DEPEND[html/man1/openssl-ca.html]=man1/openssl-ca.pod -GENERATE[html/man1/openssl-ca.html]=man1/openssl-ca.pod -DEPEND[man/man1/openssl-ca.1]=man1/openssl-ca.pod -GENERATE[man/man1/openssl-ca.1]=man1/openssl-ca.pod -DEPEND[man1/openssl-ca.pod]{pod}=man1/openssl-ca.pod.in -GENERATE[man1/openssl-ca.pod]=man1/openssl-ca.pod.in -DEPEND[html/man1/openssl-ciphers.html]=man1/openssl-ciphers.pod -GENERATE[html/man1/openssl-ciphers.html]=man1/openssl-ciphers.pod -DEPEND[man/man1/openssl-ciphers.1]=man1/openssl-ciphers.pod -GENERATE[man/man1/openssl-ciphers.1]=man1/openssl-ciphers.pod -DEPEND[man1/openssl-ciphers.pod]{pod}=man1/openssl-ciphers.pod.in -GENERATE[man1/openssl-ciphers.pod]=man1/openssl-ciphers.pod.in -DEPEND[html/man1/openssl-cmds.html]=man1/openssl-cmds.pod -GENERATE[html/man1/openssl-cmds.html]=man1/openssl-cmds.pod -DEPEND[man/man1/openssl-cmds.1]=man1/openssl-cmds.pod -GENERATE[man/man1/openssl-cmds.1]=man1/openssl-cmds.pod -DEPEND[man1/openssl-cmds.pod]{pod}=man1/openssl-cmds.pod.in -GENERATE[man1/openssl-cmds.pod]=man1/openssl-cmds.pod.in -DEPEND[html/man1/openssl-cmp.html]=man1/openssl-cmp.pod -GENERATE[html/man1/openssl-cmp.html]=man1/openssl-cmp.pod -DEPEND[man/man1/openssl-cmp.1]=man1/openssl-cmp.pod -GENERATE[man/man1/openssl-cmp.1]=man1/openssl-cmp.pod -DEPEND[man1/openssl-cmp.pod]{pod}=man1/openssl-cmp.pod.in -GENERATE[man1/openssl-cmp.pod]=man1/openssl-cmp.pod.in -DEPEND[html/man1/openssl-cms.html]=man1/openssl-cms.pod -GENERATE[html/man1/openssl-cms.html]=man1/openssl-cms.pod -DEPEND[man/man1/openssl-cms.1]=man1/openssl-cms.pod -GENERATE[man/man1/openssl-cms.1]=man1/openssl-cms.pod -DEPEND[man1/openssl-cms.pod]{pod}=man1/openssl-cms.pod.in -GENERATE[man1/openssl-cms.pod]=man1/openssl-cms.pod.in -DEPEND[html/man1/openssl-crl.html]=man1/openssl-crl.pod -GENERATE[html/man1/openssl-crl.html]=man1/openssl-crl.pod -DEPEND[man/man1/openssl-crl.1]=man1/openssl-crl.pod -GENERATE[man/man1/openssl-crl.1]=man1/openssl-crl.pod -DEPEND[man1/openssl-crl.pod]{pod}=man1/openssl-crl.pod.in -GENERATE[man1/openssl-crl.pod]=man1/openssl-crl.pod.in -DEPEND[html/man1/openssl-crl2pkcs7.html]=man1/openssl-crl2pkcs7.pod -GENERATE[html/man1/openssl-crl2pkcs7.html]=man1/openssl-crl2pkcs7.pod -DEPEND[man/man1/openssl-crl2pkcs7.1]=man1/openssl-crl2pkcs7.pod -GENERATE[man/man1/openssl-crl2pkcs7.1]=man1/openssl-crl2pkcs7.pod -DEPEND[man1/openssl-crl2pkcs7.pod]{pod}=man1/openssl-crl2pkcs7.pod.in -GENERATE[man1/openssl-crl2pkcs7.pod]=man1/openssl-crl2pkcs7.pod.in -DEPEND[html/man1/openssl-dgst.html]=man1/openssl-dgst.pod -GENERATE[html/man1/openssl-dgst.html]=man1/openssl-dgst.pod -DEPEND[man/man1/openssl-dgst.1]=man1/openssl-dgst.pod -GENERATE[man/man1/openssl-dgst.1]=man1/openssl-dgst.pod -DEPEND[man1/openssl-dgst.pod]{pod}=man1/openssl-dgst.pod.in -GENERATE[man1/openssl-dgst.pod]=man1/openssl-dgst.pod.in -DEPEND[html/man1/openssl-dhparam.html]=man1/openssl-dhparam.pod -GENERATE[html/man1/openssl-dhparam.html]=man1/openssl-dhparam.pod -DEPEND[man/man1/openssl-dhparam.1]=man1/openssl-dhparam.pod -GENERATE[man/man1/openssl-dhparam.1]=man1/openssl-dhparam.pod -DEPEND[man1/openssl-dhparam.pod]{pod}=man1/openssl-dhparam.pod.in -GENERATE[man1/openssl-dhparam.pod]=man1/openssl-dhparam.pod.in -DEPEND[html/man1/openssl-dsa.html]=man1/openssl-dsa.pod -GENERATE[html/man1/openssl-dsa.html]=man1/openssl-dsa.pod -DEPEND[man/man1/openssl-dsa.1]=man1/openssl-dsa.pod -GENERATE[man/man1/openssl-dsa.1]=man1/openssl-dsa.pod -DEPEND[man1/openssl-dsa.pod]{pod}=man1/openssl-dsa.pod.in -GENERATE[man1/openssl-dsa.pod]=man1/openssl-dsa.pod.in -DEPEND[html/man1/openssl-dsaparam.html]=man1/openssl-dsaparam.pod -GENERATE[html/man1/openssl-dsaparam.html]=man1/openssl-dsaparam.pod -DEPEND[man/man1/openssl-dsaparam.1]=man1/openssl-dsaparam.pod -GENERATE[man/man1/openssl-dsaparam.1]=man1/openssl-dsaparam.pod -DEPEND[man1/openssl-dsaparam.pod]{pod}=man1/openssl-dsaparam.pod.in -GENERATE[man1/openssl-dsaparam.pod]=man1/openssl-dsaparam.pod.in -DEPEND[html/man1/openssl-ec.html]=man1/openssl-ec.pod -GENERATE[html/man1/openssl-ec.html]=man1/openssl-ec.pod -DEPEND[man/man1/openssl-ec.1]=man1/openssl-ec.pod -GENERATE[man/man1/openssl-ec.1]=man1/openssl-ec.pod -DEPEND[man1/openssl-ec.pod]{pod}=man1/openssl-ec.pod.in -GENERATE[man1/openssl-ec.pod]=man1/openssl-ec.pod.in -DEPEND[html/man1/openssl-ecparam.html]=man1/openssl-ecparam.pod -GENERATE[html/man1/openssl-ecparam.html]=man1/openssl-ecparam.pod -DEPEND[man/man1/openssl-ecparam.1]=man1/openssl-ecparam.pod -GENERATE[man/man1/openssl-ecparam.1]=man1/openssl-ecparam.pod -DEPEND[man1/openssl-ecparam.pod]{pod}=man1/openssl-ecparam.pod.in -GENERATE[man1/openssl-ecparam.pod]=man1/openssl-ecparam.pod.in -DEPEND[html/man1/openssl-enc.html]=man1/openssl-enc.pod -GENERATE[html/man1/openssl-enc.html]=man1/openssl-enc.pod -DEPEND[man/man1/openssl-enc.1]=man1/openssl-enc.pod -GENERATE[man/man1/openssl-enc.1]=man1/openssl-enc.pod -DEPEND[man1/openssl-enc.pod]{pod}=man1/openssl-enc.pod.in -GENERATE[man1/openssl-enc.pod]=man1/openssl-enc.pod.in -DEPEND[html/man1/openssl-engine.html]=man1/openssl-engine.pod -GENERATE[html/man1/openssl-engine.html]=man1/openssl-engine.pod -DEPEND[man/man1/openssl-engine.1]=man1/openssl-engine.pod -GENERATE[man/man1/openssl-engine.1]=man1/openssl-engine.pod -DEPEND[man1/openssl-engine.pod]{pod}=man1/openssl-engine.pod.in -GENERATE[man1/openssl-engine.pod]=man1/openssl-engine.pod.in -DEPEND[html/man1/openssl-errstr.html]=man1/openssl-errstr.pod -GENERATE[html/man1/openssl-errstr.html]=man1/openssl-errstr.pod -DEPEND[man/man1/openssl-errstr.1]=man1/openssl-errstr.pod -GENERATE[man/man1/openssl-errstr.1]=man1/openssl-errstr.pod -DEPEND[man1/openssl-errstr.pod]{pod}=man1/openssl-errstr.pod.in -GENERATE[man1/openssl-errstr.pod]=man1/openssl-errstr.pod.in -DEPEND[html/man1/openssl-fipsinstall.html]=man1/openssl-fipsinstall.pod -GENERATE[html/man1/openssl-fipsinstall.html]=man1/openssl-fipsinstall.pod -DEPEND[man/man1/openssl-fipsinstall.1]=man1/openssl-fipsinstall.pod -GENERATE[man/man1/openssl-fipsinstall.1]=man1/openssl-fipsinstall.pod -DEPEND[man1/openssl-fipsinstall.pod]{pod}=man1/openssl-fipsinstall.pod.in -GENERATE[man1/openssl-fipsinstall.pod]=man1/openssl-fipsinstall.pod.in -DEPEND[html/man1/openssl-format-options.html]=man1/openssl-format-options.pod -GENERATE[html/man1/openssl-format-options.html]=man1/openssl-format-options.pod -DEPEND[man/man1/openssl-format-options.1]=man1/openssl-format-options.pod -GENERATE[man/man1/openssl-format-options.1]=man1/openssl-format-options.pod -DEPEND[html/man1/openssl-gendsa.html]=man1/openssl-gendsa.pod -GENERATE[html/man1/openssl-gendsa.html]=man1/openssl-gendsa.pod -DEPEND[man/man1/openssl-gendsa.1]=man1/openssl-gendsa.pod -GENERATE[man/man1/openssl-gendsa.1]=man1/openssl-gendsa.pod -DEPEND[man1/openssl-gendsa.pod]{pod}=man1/openssl-gendsa.pod.in -GENERATE[man1/openssl-gendsa.pod]=man1/openssl-gendsa.pod.in -DEPEND[html/man1/openssl-genpkey.html]=man1/openssl-genpkey.pod -GENERATE[html/man1/openssl-genpkey.html]=man1/openssl-genpkey.pod -DEPEND[man/man1/openssl-genpkey.1]=man1/openssl-genpkey.pod -GENERATE[man/man1/openssl-genpkey.1]=man1/openssl-genpkey.pod -DEPEND[man1/openssl-genpkey.pod]{pod}=man1/openssl-genpkey.pod.in -GENERATE[man1/openssl-genpkey.pod]=man1/openssl-genpkey.pod.in -DEPEND[html/man1/openssl-genrsa.html]=man1/openssl-genrsa.pod -GENERATE[html/man1/openssl-genrsa.html]=man1/openssl-genrsa.pod -DEPEND[man/man1/openssl-genrsa.1]=man1/openssl-genrsa.pod -GENERATE[man/man1/openssl-genrsa.1]=man1/openssl-genrsa.pod -DEPEND[man1/openssl-genrsa.pod]{pod}=man1/openssl-genrsa.pod.in -GENERATE[man1/openssl-genrsa.pod]=man1/openssl-genrsa.pod.in -DEPEND[html/man1/openssl-info.html]=man1/openssl-info.pod -GENERATE[html/man1/openssl-info.html]=man1/openssl-info.pod -DEPEND[man/man1/openssl-info.1]=man1/openssl-info.pod -GENERATE[man/man1/openssl-info.1]=man1/openssl-info.pod -DEPEND[man1/openssl-info.pod]{pod}=man1/openssl-info.pod.in -GENERATE[man1/openssl-info.pod]=man1/openssl-info.pod.in -DEPEND[html/man1/openssl-kdf.html]=man1/openssl-kdf.pod -GENERATE[html/man1/openssl-kdf.html]=man1/openssl-kdf.pod -DEPEND[man/man1/openssl-kdf.1]=man1/openssl-kdf.pod -GENERATE[man/man1/openssl-kdf.1]=man1/openssl-kdf.pod -DEPEND[man1/openssl-kdf.pod]{pod}=man1/openssl-kdf.pod.in -GENERATE[man1/openssl-kdf.pod]=man1/openssl-kdf.pod.in -DEPEND[html/man1/openssl-list.html]=man1/openssl-list.pod -GENERATE[html/man1/openssl-list.html]=man1/openssl-list.pod -DEPEND[man/man1/openssl-list.1]=man1/openssl-list.pod -GENERATE[man/man1/openssl-list.1]=man1/openssl-list.pod -DEPEND[man1/openssl-list.pod]{pod}=man1/openssl-list.pod.in -GENERATE[man1/openssl-list.pod]=man1/openssl-list.pod.in -DEPEND[html/man1/openssl-mac.html]=man1/openssl-mac.pod -GENERATE[html/man1/openssl-mac.html]=man1/openssl-mac.pod -DEPEND[man/man1/openssl-mac.1]=man1/openssl-mac.pod -GENERATE[man/man1/openssl-mac.1]=man1/openssl-mac.pod -DEPEND[man1/openssl-mac.pod]{pod}=man1/openssl-mac.pod.in -GENERATE[man1/openssl-mac.pod]=man1/openssl-mac.pod.in -DEPEND[html/man1/openssl-namedisplay-options.html]=man1/openssl-namedisplay-options.pod -GENERATE[html/man1/openssl-namedisplay-options.html]=man1/openssl-namedisplay-options.pod -DEPEND[man/man1/openssl-namedisplay-options.1]=man1/openssl-namedisplay-options.pod -GENERATE[man/man1/openssl-namedisplay-options.1]=man1/openssl-namedisplay-options.pod -DEPEND[html/man1/openssl-nseq.html]=man1/openssl-nseq.pod -GENERATE[html/man1/openssl-nseq.html]=man1/openssl-nseq.pod -DEPEND[man/man1/openssl-nseq.1]=man1/openssl-nseq.pod -GENERATE[man/man1/openssl-nseq.1]=man1/openssl-nseq.pod -DEPEND[man1/openssl-nseq.pod]{pod}=man1/openssl-nseq.pod.in -GENERATE[man1/openssl-nseq.pod]=man1/openssl-nseq.pod.in -DEPEND[html/man1/openssl-ocsp.html]=man1/openssl-ocsp.pod -GENERATE[html/man1/openssl-ocsp.html]=man1/openssl-ocsp.pod -DEPEND[man/man1/openssl-ocsp.1]=man1/openssl-ocsp.pod -GENERATE[man/man1/openssl-ocsp.1]=man1/openssl-ocsp.pod -DEPEND[man1/openssl-ocsp.pod]{pod}=man1/openssl-ocsp.pod.in -GENERATE[man1/openssl-ocsp.pod]=man1/openssl-ocsp.pod.in -DEPEND[html/man1/openssl-passphrase-options.html]=man1/openssl-passphrase-options.pod -GENERATE[html/man1/openssl-passphrase-options.html]=man1/openssl-passphrase-options.pod -DEPEND[man/man1/openssl-passphrase-options.1]=man1/openssl-passphrase-options.pod -GENERATE[man/man1/openssl-passphrase-options.1]=man1/openssl-passphrase-options.pod -DEPEND[html/man1/openssl-passwd.html]=man1/openssl-passwd.pod -GENERATE[html/man1/openssl-passwd.html]=man1/openssl-passwd.pod -DEPEND[man/man1/openssl-passwd.1]=man1/openssl-passwd.pod -GENERATE[man/man1/openssl-passwd.1]=man1/openssl-passwd.pod -DEPEND[man1/openssl-passwd.pod]{pod}=man1/openssl-passwd.pod.in -GENERATE[man1/openssl-passwd.pod]=man1/openssl-passwd.pod.in -DEPEND[html/man1/openssl-pkcs12.html]=man1/openssl-pkcs12.pod -GENERATE[html/man1/openssl-pkcs12.html]=man1/openssl-pkcs12.pod -DEPEND[man/man1/openssl-pkcs12.1]=man1/openssl-pkcs12.pod -GENERATE[man/man1/openssl-pkcs12.1]=man1/openssl-pkcs12.pod -DEPEND[man1/openssl-pkcs12.pod]{pod}=man1/openssl-pkcs12.pod.in -GENERATE[man1/openssl-pkcs12.pod]=man1/openssl-pkcs12.pod.in -DEPEND[html/man1/openssl-pkcs7.html]=man1/openssl-pkcs7.pod -GENERATE[html/man1/openssl-pkcs7.html]=man1/openssl-pkcs7.pod -DEPEND[man/man1/openssl-pkcs7.1]=man1/openssl-pkcs7.pod -GENERATE[man/man1/openssl-pkcs7.1]=man1/openssl-pkcs7.pod -DEPEND[man1/openssl-pkcs7.pod]{pod}=man1/openssl-pkcs7.pod.in -GENERATE[man1/openssl-pkcs7.pod]=man1/openssl-pkcs7.pod.in -DEPEND[html/man1/openssl-pkcs8.html]=man1/openssl-pkcs8.pod -GENERATE[html/man1/openssl-pkcs8.html]=man1/openssl-pkcs8.pod -DEPEND[man/man1/openssl-pkcs8.1]=man1/openssl-pkcs8.pod -GENERATE[man/man1/openssl-pkcs8.1]=man1/openssl-pkcs8.pod -DEPEND[man1/openssl-pkcs8.pod]{pod}=man1/openssl-pkcs8.pod.in -GENERATE[man1/openssl-pkcs8.pod]=man1/openssl-pkcs8.pod.in -DEPEND[html/man1/openssl-pkey.html]=man1/openssl-pkey.pod -GENERATE[html/man1/openssl-pkey.html]=man1/openssl-pkey.pod -DEPEND[man/man1/openssl-pkey.1]=man1/openssl-pkey.pod -GENERATE[man/man1/openssl-pkey.1]=man1/openssl-pkey.pod -DEPEND[man1/openssl-pkey.pod]{pod}=man1/openssl-pkey.pod.in -GENERATE[man1/openssl-pkey.pod]=man1/openssl-pkey.pod.in -DEPEND[html/man1/openssl-pkeyparam.html]=man1/openssl-pkeyparam.pod -GENERATE[html/man1/openssl-pkeyparam.html]=man1/openssl-pkeyparam.pod -DEPEND[man/man1/openssl-pkeyparam.1]=man1/openssl-pkeyparam.pod -GENERATE[man/man1/openssl-pkeyparam.1]=man1/openssl-pkeyparam.pod -DEPEND[man1/openssl-pkeyparam.pod]{pod}=man1/openssl-pkeyparam.pod.in -GENERATE[man1/openssl-pkeyparam.pod]=man1/openssl-pkeyparam.pod.in -DEPEND[html/man1/openssl-pkeyutl.html]=man1/openssl-pkeyutl.pod -GENERATE[html/man1/openssl-pkeyutl.html]=man1/openssl-pkeyutl.pod -DEPEND[man/man1/openssl-pkeyutl.1]=man1/openssl-pkeyutl.pod -GENERATE[man/man1/openssl-pkeyutl.1]=man1/openssl-pkeyutl.pod -DEPEND[man1/openssl-pkeyutl.pod]{pod}=man1/openssl-pkeyutl.pod.in -GENERATE[man1/openssl-pkeyutl.pod]=man1/openssl-pkeyutl.pod.in -DEPEND[html/man1/openssl-prime.html]=man1/openssl-prime.pod -GENERATE[html/man1/openssl-prime.html]=man1/openssl-prime.pod -DEPEND[man/man1/openssl-prime.1]=man1/openssl-prime.pod -GENERATE[man/man1/openssl-prime.1]=man1/openssl-prime.pod -DEPEND[man1/openssl-prime.pod]{pod}=man1/openssl-prime.pod.in -GENERATE[man1/openssl-prime.pod]=man1/openssl-prime.pod.in -DEPEND[html/man1/openssl-rand.html]=man1/openssl-rand.pod -GENERATE[html/man1/openssl-rand.html]=man1/openssl-rand.pod -DEPEND[man/man1/openssl-rand.1]=man1/openssl-rand.pod -GENERATE[man/man1/openssl-rand.1]=man1/openssl-rand.pod -DEPEND[man1/openssl-rand.pod]{pod}=man1/openssl-rand.pod.in -GENERATE[man1/openssl-rand.pod]=man1/openssl-rand.pod.in -DEPEND[html/man1/openssl-rehash.html]=man1/openssl-rehash.pod -GENERATE[html/man1/openssl-rehash.html]=man1/openssl-rehash.pod -DEPEND[man/man1/openssl-rehash.1]=man1/openssl-rehash.pod -GENERATE[man/man1/openssl-rehash.1]=man1/openssl-rehash.pod -DEPEND[man1/openssl-rehash.pod]{pod}=man1/openssl-rehash.pod.in -GENERATE[man1/openssl-rehash.pod]=man1/openssl-rehash.pod.in -DEPEND[html/man1/openssl-req.html]=man1/openssl-req.pod -GENERATE[html/man1/openssl-req.html]=man1/openssl-req.pod -DEPEND[man/man1/openssl-req.1]=man1/openssl-req.pod -GENERATE[man/man1/openssl-req.1]=man1/openssl-req.pod -DEPEND[man1/openssl-req.pod]{pod}=man1/openssl-req.pod.in -GENERATE[man1/openssl-req.pod]=man1/openssl-req.pod.in -DEPEND[html/man1/openssl-rsa.html]=man1/openssl-rsa.pod -GENERATE[html/man1/openssl-rsa.html]=man1/openssl-rsa.pod -DEPEND[man/man1/openssl-rsa.1]=man1/openssl-rsa.pod -GENERATE[man/man1/openssl-rsa.1]=man1/openssl-rsa.pod -DEPEND[man1/openssl-rsa.pod]{pod}=man1/openssl-rsa.pod.in -GENERATE[man1/openssl-rsa.pod]=man1/openssl-rsa.pod.in -DEPEND[html/man1/openssl-rsautl.html]=man1/openssl-rsautl.pod -GENERATE[html/man1/openssl-rsautl.html]=man1/openssl-rsautl.pod -DEPEND[man/man1/openssl-rsautl.1]=man1/openssl-rsautl.pod -GENERATE[man/man1/openssl-rsautl.1]=man1/openssl-rsautl.pod -DEPEND[man1/openssl-rsautl.pod]{pod}=man1/openssl-rsautl.pod.in -GENERATE[man1/openssl-rsautl.pod]=man1/openssl-rsautl.pod.in -DEPEND[html/man1/openssl-s_client.html]=man1/openssl-s_client.pod -GENERATE[html/man1/openssl-s_client.html]=man1/openssl-s_client.pod -DEPEND[man/man1/openssl-s_client.1]=man1/openssl-s_client.pod -GENERATE[man/man1/openssl-s_client.1]=man1/openssl-s_client.pod -DEPEND[man1/openssl-s_client.pod]{pod}=man1/openssl-s_client.pod.in -GENERATE[man1/openssl-s_client.pod]=man1/openssl-s_client.pod.in -DEPEND[html/man1/openssl-s_server.html]=man1/openssl-s_server.pod -GENERATE[html/man1/openssl-s_server.html]=man1/openssl-s_server.pod -DEPEND[man/man1/openssl-s_server.1]=man1/openssl-s_server.pod -GENERATE[man/man1/openssl-s_server.1]=man1/openssl-s_server.pod -DEPEND[man1/openssl-s_server.pod]{pod}=man1/openssl-s_server.pod.in -GENERATE[man1/openssl-s_server.pod]=man1/openssl-s_server.pod.in -DEPEND[html/man1/openssl-s_time.html]=man1/openssl-s_time.pod -GENERATE[html/man1/openssl-s_time.html]=man1/openssl-s_time.pod -DEPEND[man/man1/openssl-s_time.1]=man1/openssl-s_time.pod -GENERATE[man/man1/openssl-s_time.1]=man1/openssl-s_time.pod -DEPEND[man1/openssl-s_time.pod]{pod}=man1/openssl-s_time.pod.in -GENERATE[man1/openssl-s_time.pod]=man1/openssl-s_time.pod.in -DEPEND[html/man1/openssl-sess_id.html]=man1/openssl-sess_id.pod -GENERATE[html/man1/openssl-sess_id.html]=man1/openssl-sess_id.pod -DEPEND[man/man1/openssl-sess_id.1]=man1/openssl-sess_id.pod -GENERATE[man/man1/openssl-sess_id.1]=man1/openssl-sess_id.pod -DEPEND[man1/openssl-sess_id.pod]{pod}=man1/openssl-sess_id.pod.in -GENERATE[man1/openssl-sess_id.pod]=man1/openssl-sess_id.pod.in -DEPEND[html/man1/openssl-smime.html]=man1/openssl-smime.pod -GENERATE[html/man1/openssl-smime.html]=man1/openssl-smime.pod -DEPEND[man/man1/openssl-smime.1]=man1/openssl-smime.pod -GENERATE[man/man1/openssl-smime.1]=man1/openssl-smime.pod -DEPEND[man1/openssl-smime.pod]{pod}=man1/openssl-smime.pod.in -GENERATE[man1/openssl-smime.pod]=man1/openssl-smime.pod.in -DEPEND[html/man1/openssl-speed.html]=man1/openssl-speed.pod -GENERATE[html/man1/openssl-speed.html]=man1/openssl-speed.pod -DEPEND[man/man1/openssl-speed.1]=man1/openssl-speed.pod -GENERATE[man/man1/openssl-speed.1]=man1/openssl-speed.pod -DEPEND[man1/openssl-speed.pod]{pod}=man1/openssl-speed.pod.in -GENERATE[man1/openssl-speed.pod]=man1/openssl-speed.pod.in -DEPEND[html/man1/openssl-spkac.html]=man1/openssl-spkac.pod -GENERATE[html/man1/openssl-spkac.html]=man1/openssl-spkac.pod -DEPEND[man/man1/openssl-spkac.1]=man1/openssl-spkac.pod -GENERATE[man/man1/openssl-spkac.1]=man1/openssl-spkac.pod -DEPEND[man1/openssl-spkac.pod]{pod}=man1/openssl-spkac.pod.in -GENERATE[man1/openssl-spkac.pod]=man1/openssl-spkac.pod.in -DEPEND[html/man1/openssl-srp.html]=man1/openssl-srp.pod -GENERATE[html/man1/openssl-srp.html]=man1/openssl-srp.pod -DEPEND[man/man1/openssl-srp.1]=man1/openssl-srp.pod -GENERATE[man/man1/openssl-srp.1]=man1/openssl-srp.pod -DEPEND[man1/openssl-srp.pod]{pod}=man1/openssl-srp.pod.in -GENERATE[man1/openssl-srp.pod]=man1/openssl-srp.pod.in -DEPEND[html/man1/openssl-storeutl.html]=man1/openssl-storeutl.pod -GENERATE[html/man1/openssl-storeutl.html]=man1/openssl-storeutl.pod -DEPEND[man/man1/openssl-storeutl.1]=man1/openssl-storeutl.pod -GENERATE[man/man1/openssl-storeutl.1]=man1/openssl-storeutl.pod -DEPEND[man1/openssl-storeutl.pod]{pod}=man1/openssl-storeutl.pod.in -GENERATE[man1/openssl-storeutl.pod]=man1/openssl-storeutl.pod.in -DEPEND[html/man1/openssl-ts.html]=man1/openssl-ts.pod -GENERATE[html/man1/openssl-ts.html]=man1/openssl-ts.pod -DEPEND[man/man1/openssl-ts.1]=man1/openssl-ts.pod -GENERATE[man/man1/openssl-ts.1]=man1/openssl-ts.pod -DEPEND[man1/openssl-ts.pod]{pod}=man1/openssl-ts.pod.in -GENERATE[man1/openssl-ts.pod]=man1/openssl-ts.pod.in -DEPEND[html/man1/openssl-verification-options.html]=man1/openssl-verification-options.pod -GENERATE[html/man1/openssl-verification-options.html]=man1/openssl-verification-options.pod -DEPEND[man/man1/openssl-verification-options.1]=man1/openssl-verification-options.pod -GENERATE[man/man1/openssl-verification-options.1]=man1/openssl-verification-options.pod -DEPEND[html/man1/openssl-verify.html]=man1/openssl-verify.pod -GENERATE[html/man1/openssl-verify.html]=man1/openssl-verify.pod -DEPEND[man/man1/openssl-verify.1]=man1/openssl-verify.pod -GENERATE[man/man1/openssl-verify.1]=man1/openssl-verify.pod -DEPEND[man1/openssl-verify.pod]{pod}=man1/openssl-verify.pod.in -GENERATE[man1/openssl-verify.pod]=man1/openssl-verify.pod.in -DEPEND[html/man1/openssl-version.html]=man1/openssl-version.pod -GENERATE[html/man1/openssl-version.html]=man1/openssl-version.pod -DEPEND[man/man1/openssl-version.1]=man1/openssl-version.pod -GENERATE[man/man1/openssl-version.1]=man1/openssl-version.pod -DEPEND[man1/openssl-version.pod]{pod}=man1/openssl-version.pod.in -GENERATE[man1/openssl-version.pod]=man1/openssl-version.pod.in -DEPEND[html/man1/openssl-x509.html]=man1/openssl-x509.pod -GENERATE[html/man1/openssl-x509.html]=man1/openssl-x509.pod -DEPEND[man/man1/openssl-x509.1]=man1/openssl-x509.pod -GENERATE[man/man1/openssl-x509.1]=man1/openssl-x509.pod -DEPEND[man1/openssl-x509.pod]{pod}=man1/openssl-x509.pod.in -GENERATE[man1/openssl-x509.pod]=man1/openssl-x509.pod.in -DEPEND[html/man1/openssl.html]=man1/openssl.pod -GENERATE[html/man1/openssl.html]=man1/openssl.pod -DEPEND[man/man1/openssl.1]=man1/openssl.pod -GENERATE[man/man1/openssl.1]=man1/openssl.pod -DEPEND[html/man1/tsget.html]=man1/tsget.pod -GENERATE[html/man1/tsget.html]=man1/tsget.pod -DEPEND[man/man1/tsget.1]=man1/tsget.pod -GENERATE[man/man1/tsget.1]=man1/tsget.pod -IMAGEDOCS[man1]= -HTMLDOCS[man1]=html/man1/CA.pl.html \ -html/man1/openssl-asn1parse.html \ -html/man1/openssl-ca.html \ -html/man1/openssl-ciphers.html \ -html/man1/openssl-cmds.html \ -html/man1/openssl-cmp.html \ -html/man1/openssl-cms.html \ -html/man1/openssl-crl.html \ -html/man1/openssl-crl2pkcs7.html \ -html/man1/openssl-dgst.html \ -html/man1/openssl-dhparam.html \ -html/man1/openssl-dsa.html \ -html/man1/openssl-dsaparam.html \ -html/man1/openssl-ec.html \ -html/man1/openssl-ecparam.html \ -html/man1/openssl-enc.html \ -html/man1/openssl-engine.html \ -html/man1/openssl-errstr.html \ -html/man1/openssl-fipsinstall.html \ -html/man1/openssl-format-options.html \ -html/man1/openssl-gendsa.html \ -html/man1/openssl-genpkey.html \ -html/man1/openssl-genrsa.html \ -html/man1/openssl-info.html \ -html/man1/openssl-kdf.html \ -html/man1/openssl-list.html \ -html/man1/openssl-mac.html \ -html/man1/openssl-namedisplay-options.html \ -html/man1/openssl-nseq.html \ -html/man1/openssl-ocsp.html \ -html/man1/openssl-passphrase-options.html \ -html/man1/openssl-passwd.html \ -html/man1/openssl-pkcs12.html \ -html/man1/openssl-pkcs7.html \ -html/man1/openssl-pkcs8.html \ -html/man1/openssl-pkey.html \ -html/man1/openssl-pkeyparam.html \ -html/man1/openssl-pkeyutl.html \ -html/man1/openssl-prime.html \ -html/man1/openssl-rand.html \ -html/man1/openssl-rehash.html \ -html/man1/openssl-req.html \ -html/man1/openssl-rsa.html \ -html/man1/openssl-rsautl.html \ -html/man1/openssl-s_client.html \ -html/man1/openssl-s_server.html \ -html/man1/openssl-s_time.html \ -html/man1/openssl-sess_id.html \ -html/man1/openssl-smime.html \ -html/man1/openssl-speed.html \ -html/man1/openssl-spkac.html \ -html/man1/openssl-srp.html \ -html/man1/openssl-storeutl.html \ -html/man1/openssl-ts.html \ -html/man1/openssl-verification-options.html \ -html/man1/openssl-verify.html \ -html/man1/openssl-version.html \ -html/man1/openssl-x509.html \ -html/man1/openssl.html \ -html/man1/tsget.html -MANDOCS[man1]=man/man1/CA.pl.1 \ -man/man1/openssl-asn1parse.1 \ -man/man1/openssl-ca.1 \ -man/man1/openssl-ciphers.1 \ -man/man1/openssl-cmds.1 \ -man/man1/openssl-cmp.1 \ -man/man1/openssl-cms.1 \ -man/man1/openssl-crl.1 \ -man/man1/openssl-crl2pkcs7.1 \ -man/man1/openssl-dgst.1 \ -man/man1/openssl-dhparam.1 \ -man/man1/openssl-dsa.1 \ -man/man1/openssl-dsaparam.1 \ -man/man1/openssl-ec.1 \ -man/man1/openssl-ecparam.1 \ -man/man1/openssl-enc.1 \ -man/man1/openssl-engine.1 \ -man/man1/openssl-errstr.1 \ -man/man1/openssl-fipsinstall.1 \ -man/man1/openssl-format-options.1 \ -man/man1/openssl-gendsa.1 \ -man/man1/openssl-genpkey.1 \ -man/man1/openssl-genrsa.1 \ -man/man1/openssl-info.1 \ -man/man1/openssl-kdf.1 \ -man/man1/openssl-list.1 \ -man/man1/openssl-mac.1 \ -man/man1/openssl-namedisplay-options.1 \ -man/man1/openssl-nseq.1 \ -man/man1/openssl-ocsp.1 \ -man/man1/openssl-passphrase-options.1 \ -man/man1/openssl-passwd.1 \ -man/man1/openssl-pkcs12.1 \ -man/man1/openssl-pkcs7.1 \ -man/man1/openssl-pkcs8.1 \ -man/man1/openssl-pkey.1 \ -man/man1/openssl-pkeyparam.1 \ -man/man1/openssl-pkeyutl.1 \ -man/man1/openssl-prime.1 \ -man/man1/openssl-rand.1 \ -man/man1/openssl-rehash.1 \ -man/man1/openssl-req.1 \ -man/man1/openssl-rsa.1 \ -man/man1/openssl-rsautl.1 \ -man/man1/openssl-s_client.1 \ -man/man1/openssl-s_server.1 \ -man/man1/openssl-s_time.1 \ -man/man1/openssl-sess_id.1 \ -man/man1/openssl-smime.1 \ -man/man1/openssl-speed.1 \ -man/man1/openssl-spkac.1 \ -man/man1/openssl-srp.1 \ -man/man1/openssl-storeutl.1 \ -man/man1/openssl-ts.1 \ -man/man1/openssl-verification-options.1 \ -man/man1/openssl-verify.1 \ -man/man1/openssl-version.1 \ -man/man1/openssl-x509.1 \ -man/man1/openssl.1 \ -man/man1/tsget.1 -DEPEND[html/man3/ADMISSIONS.html]=man3/ADMISSIONS.pod -GENERATE[html/man3/ADMISSIONS.html]=man3/ADMISSIONS.pod -DEPEND[man/man3/ADMISSIONS.3]=man3/ADMISSIONS.pod -GENERATE[man/man3/ADMISSIONS.3]=man3/ADMISSIONS.pod -DEPEND[html/man3/ASN1_EXTERN_FUNCS.html]=man3/ASN1_EXTERN_FUNCS.pod -GENERATE[html/man3/ASN1_EXTERN_FUNCS.html]=man3/ASN1_EXTERN_FUNCS.pod -DEPEND[man/man3/ASN1_EXTERN_FUNCS.3]=man3/ASN1_EXTERN_FUNCS.pod -GENERATE[man/man3/ASN1_EXTERN_FUNCS.3]=man3/ASN1_EXTERN_FUNCS.pod -DEPEND[html/man3/ASN1_INTEGER_get_int64.html]=man3/ASN1_INTEGER_get_int64.pod -GENERATE[html/man3/ASN1_INTEGER_get_int64.html]=man3/ASN1_INTEGER_get_int64.pod -DEPEND[man/man3/ASN1_INTEGER_get_int64.3]=man3/ASN1_INTEGER_get_int64.pod -GENERATE[man/man3/ASN1_INTEGER_get_int64.3]=man3/ASN1_INTEGER_get_int64.pod -DEPEND[html/man3/ASN1_INTEGER_new.html]=man3/ASN1_INTEGER_new.pod -GENERATE[html/man3/ASN1_INTEGER_new.html]=man3/ASN1_INTEGER_new.pod -DEPEND[man/man3/ASN1_INTEGER_new.3]=man3/ASN1_INTEGER_new.pod -GENERATE[man/man3/ASN1_INTEGER_new.3]=man3/ASN1_INTEGER_new.pod -DEPEND[html/man3/ASN1_ITEM_lookup.html]=man3/ASN1_ITEM_lookup.pod -GENERATE[html/man3/ASN1_ITEM_lookup.html]=man3/ASN1_ITEM_lookup.pod -DEPEND[man/man3/ASN1_ITEM_lookup.3]=man3/ASN1_ITEM_lookup.pod -GENERATE[man/man3/ASN1_ITEM_lookup.3]=man3/ASN1_ITEM_lookup.pod -DEPEND[html/man3/ASN1_OBJECT_new.html]=man3/ASN1_OBJECT_new.pod -GENERATE[html/man3/ASN1_OBJECT_new.html]=man3/ASN1_OBJECT_new.pod -DEPEND[man/man3/ASN1_OBJECT_new.3]=man3/ASN1_OBJECT_new.pod -GENERATE[man/man3/ASN1_OBJECT_new.3]=man3/ASN1_OBJECT_new.pod -DEPEND[html/man3/ASN1_STRING_TABLE_add.html]=man3/ASN1_STRING_TABLE_add.pod -GENERATE[html/man3/ASN1_STRING_TABLE_add.html]=man3/ASN1_STRING_TABLE_add.pod -DEPEND[man/man3/ASN1_STRING_TABLE_add.3]=man3/ASN1_STRING_TABLE_add.pod -GENERATE[man/man3/ASN1_STRING_TABLE_add.3]=man3/ASN1_STRING_TABLE_add.pod -DEPEND[html/man3/ASN1_STRING_length.html]=man3/ASN1_STRING_length.pod -GENERATE[html/man3/ASN1_STRING_length.html]=man3/ASN1_STRING_length.pod -DEPEND[man/man3/ASN1_STRING_length.3]=man3/ASN1_STRING_length.pod -GENERATE[man/man3/ASN1_STRING_length.3]=man3/ASN1_STRING_length.pod -DEPEND[html/man3/ASN1_STRING_new.html]=man3/ASN1_STRING_new.pod -GENERATE[html/man3/ASN1_STRING_new.html]=man3/ASN1_STRING_new.pod -DEPEND[man/man3/ASN1_STRING_new.3]=man3/ASN1_STRING_new.pod -GENERATE[man/man3/ASN1_STRING_new.3]=man3/ASN1_STRING_new.pod -DEPEND[html/man3/ASN1_STRING_print_ex.html]=man3/ASN1_STRING_print_ex.pod -GENERATE[html/man3/ASN1_STRING_print_ex.html]=man3/ASN1_STRING_print_ex.pod -DEPEND[man/man3/ASN1_STRING_print_ex.3]=man3/ASN1_STRING_print_ex.pod -GENERATE[man/man3/ASN1_STRING_print_ex.3]=man3/ASN1_STRING_print_ex.pod -DEPEND[html/man3/ASN1_TIME_set.html]=man3/ASN1_TIME_set.pod -GENERATE[html/man3/ASN1_TIME_set.html]=man3/ASN1_TIME_set.pod -DEPEND[man/man3/ASN1_TIME_set.3]=man3/ASN1_TIME_set.pod -GENERATE[man/man3/ASN1_TIME_set.3]=man3/ASN1_TIME_set.pod -DEPEND[html/man3/ASN1_TYPE_get.html]=man3/ASN1_TYPE_get.pod -GENERATE[html/man3/ASN1_TYPE_get.html]=man3/ASN1_TYPE_get.pod -DEPEND[man/man3/ASN1_TYPE_get.3]=man3/ASN1_TYPE_get.pod -GENERATE[man/man3/ASN1_TYPE_get.3]=man3/ASN1_TYPE_get.pod -DEPEND[html/man3/ASN1_aux_cb.html]=man3/ASN1_aux_cb.pod -GENERATE[html/man3/ASN1_aux_cb.html]=man3/ASN1_aux_cb.pod -DEPEND[man/man3/ASN1_aux_cb.3]=man3/ASN1_aux_cb.pod -GENERATE[man/man3/ASN1_aux_cb.3]=man3/ASN1_aux_cb.pod -DEPEND[html/man3/ASN1_generate_nconf.html]=man3/ASN1_generate_nconf.pod -GENERATE[html/man3/ASN1_generate_nconf.html]=man3/ASN1_generate_nconf.pod -DEPEND[man/man3/ASN1_generate_nconf.3]=man3/ASN1_generate_nconf.pod -GENERATE[man/man3/ASN1_generate_nconf.3]=man3/ASN1_generate_nconf.pod -DEPEND[html/man3/ASN1_item_d2i_bio.html]=man3/ASN1_item_d2i_bio.pod -GENERATE[html/man3/ASN1_item_d2i_bio.html]=man3/ASN1_item_d2i_bio.pod -DEPEND[man/man3/ASN1_item_d2i_bio.3]=man3/ASN1_item_d2i_bio.pod -GENERATE[man/man3/ASN1_item_d2i_bio.3]=man3/ASN1_item_d2i_bio.pod -DEPEND[html/man3/ASN1_item_new.html]=man3/ASN1_item_new.pod -GENERATE[html/man3/ASN1_item_new.html]=man3/ASN1_item_new.pod -DEPEND[man/man3/ASN1_item_new.3]=man3/ASN1_item_new.pod -GENERATE[man/man3/ASN1_item_new.3]=man3/ASN1_item_new.pod -DEPEND[html/man3/ASN1_item_sign.html]=man3/ASN1_item_sign.pod -GENERATE[html/man3/ASN1_item_sign.html]=man3/ASN1_item_sign.pod -DEPEND[man/man3/ASN1_item_sign.3]=man3/ASN1_item_sign.pod -GENERATE[man/man3/ASN1_item_sign.3]=man3/ASN1_item_sign.pod -DEPEND[html/man3/ASYNC_WAIT_CTX_new.html]=man3/ASYNC_WAIT_CTX_new.pod -GENERATE[html/man3/ASYNC_WAIT_CTX_new.html]=man3/ASYNC_WAIT_CTX_new.pod -DEPEND[man/man3/ASYNC_WAIT_CTX_new.3]=man3/ASYNC_WAIT_CTX_new.pod -GENERATE[man/man3/ASYNC_WAIT_CTX_new.3]=man3/ASYNC_WAIT_CTX_new.pod -DEPEND[html/man3/ASYNC_start_job.html]=man3/ASYNC_start_job.pod -GENERATE[html/man3/ASYNC_start_job.html]=man3/ASYNC_start_job.pod -DEPEND[man/man3/ASYNC_start_job.3]=man3/ASYNC_start_job.pod -GENERATE[man/man3/ASYNC_start_job.3]=man3/ASYNC_start_job.pod -DEPEND[html/man3/BF_encrypt.html]=man3/BF_encrypt.pod -GENERATE[html/man3/BF_encrypt.html]=man3/BF_encrypt.pod -DEPEND[man/man3/BF_encrypt.3]=man3/BF_encrypt.pod -GENERATE[man/man3/BF_encrypt.3]=man3/BF_encrypt.pod -DEPEND[html/man3/BIO_ADDR.html]=man3/BIO_ADDR.pod -GENERATE[html/man3/BIO_ADDR.html]=man3/BIO_ADDR.pod -DEPEND[man/man3/BIO_ADDR.3]=man3/BIO_ADDR.pod -GENERATE[man/man3/BIO_ADDR.3]=man3/BIO_ADDR.pod -DEPEND[html/man3/BIO_ADDRINFO.html]=man3/BIO_ADDRINFO.pod -GENERATE[html/man3/BIO_ADDRINFO.html]=man3/BIO_ADDRINFO.pod -DEPEND[man/man3/BIO_ADDRINFO.3]=man3/BIO_ADDRINFO.pod -GENERATE[man/man3/BIO_ADDRINFO.3]=man3/BIO_ADDRINFO.pod -DEPEND[html/man3/BIO_connect.html]=man3/BIO_connect.pod -GENERATE[html/man3/BIO_connect.html]=man3/BIO_connect.pod -DEPEND[man/man3/BIO_connect.3]=man3/BIO_connect.pod -GENERATE[man/man3/BIO_connect.3]=man3/BIO_connect.pod -DEPEND[html/man3/BIO_ctrl.html]=man3/BIO_ctrl.pod -GENERATE[html/man3/BIO_ctrl.html]=man3/BIO_ctrl.pod -DEPEND[man/man3/BIO_ctrl.3]=man3/BIO_ctrl.pod -GENERATE[man/man3/BIO_ctrl.3]=man3/BIO_ctrl.pod -DEPEND[html/man3/BIO_f_base64.html]=man3/BIO_f_base64.pod -GENERATE[html/man3/BIO_f_base64.html]=man3/BIO_f_base64.pod -DEPEND[man/man3/BIO_f_base64.3]=man3/BIO_f_base64.pod -GENERATE[man/man3/BIO_f_base64.3]=man3/BIO_f_base64.pod -DEPEND[html/man3/BIO_f_buffer.html]=man3/BIO_f_buffer.pod -GENERATE[html/man3/BIO_f_buffer.html]=man3/BIO_f_buffer.pod -DEPEND[man/man3/BIO_f_buffer.3]=man3/BIO_f_buffer.pod -GENERATE[man/man3/BIO_f_buffer.3]=man3/BIO_f_buffer.pod -DEPEND[html/man3/BIO_f_cipher.html]=man3/BIO_f_cipher.pod -GENERATE[html/man3/BIO_f_cipher.html]=man3/BIO_f_cipher.pod -DEPEND[man/man3/BIO_f_cipher.3]=man3/BIO_f_cipher.pod -GENERATE[man/man3/BIO_f_cipher.3]=man3/BIO_f_cipher.pod -DEPEND[html/man3/BIO_f_md.html]=man3/BIO_f_md.pod -GENERATE[html/man3/BIO_f_md.html]=man3/BIO_f_md.pod -DEPEND[man/man3/BIO_f_md.3]=man3/BIO_f_md.pod -GENERATE[man/man3/BIO_f_md.3]=man3/BIO_f_md.pod -DEPEND[html/man3/BIO_f_null.html]=man3/BIO_f_null.pod -GENERATE[html/man3/BIO_f_null.html]=man3/BIO_f_null.pod -DEPEND[man/man3/BIO_f_null.3]=man3/BIO_f_null.pod -GENERATE[man/man3/BIO_f_null.3]=man3/BIO_f_null.pod -DEPEND[html/man3/BIO_f_prefix.html]=man3/BIO_f_prefix.pod -GENERATE[html/man3/BIO_f_prefix.html]=man3/BIO_f_prefix.pod -DEPEND[man/man3/BIO_f_prefix.3]=man3/BIO_f_prefix.pod -GENERATE[man/man3/BIO_f_prefix.3]=man3/BIO_f_prefix.pod -DEPEND[html/man3/BIO_f_readbuffer.html]=man3/BIO_f_readbuffer.pod -GENERATE[html/man3/BIO_f_readbuffer.html]=man3/BIO_f_readbuffer.pod -DEPEND[man/man3/BIO_f_readbuffer.3]=man3/BIO_f_readbuffer.pod -GENERATE[man/man3/BIO_f_readbuffer.3]=man3/BIO_f_readbuffer.pod -DEPEND[html/man3/BIO_f_ssl.html]=man3/BIO_f_ssl.pod -GENERATE[html/man3/BIO_f_ssl.html]=man3/BIO_f_ssl.pod -DEPEND[man/man3/BIO_f_ssl.3]=man3/BIO_f_ssl.pod -GENERATE[man/man3/BIO_f_ssl.3]=man3/BIO_f_ssl.pod -DEPEND[html/man3/BIO_find_type.html]=man3/BIO_find_type.pod -GENERATE[html/man3/BIO_find_type.html]=man3/BIO_find_type.pod -DEPEND[man/man3/BIO_find_type.3]=man3/BIO_find_type.pod -GENERATE[man/man3/BIO_find_type.3]=man3/BIO_find_type.pod -DEPEND[html/man3/BIO_get_data.html]=man3/BIO_get_data.pod -GENERATE[html/man3/BIO_get_data.html]=man3/BIO_get_data.pod -DEPEND[man/man3/BIO_get_data.3]=man3/BIO_get_data.pod -GENERATE[man/man3/BIO_get_data.3]=man3/BIO_get_data.pod -DEPEND[html/man3/BIO_get_ex_new_index.html]=man3/BIO_get_ex_new_index.pod -GENERATE[html/man3/BIO_get_ex_new_index.html]=man3/BIO_get_ex_new_index.pod -DEPEND[man/man3/BIO_get_ex_new_index.3]=man3/BIO_get_ex_new_index.pod -GENERATE[man/man3/BIO_get_ex_new_index.3]=man3/BIO_get_ex_new_index.pod -DEPEND[html/man3/BIO_meth_new.html]=man3/BIO_meth_new.pod -GENERATE[html/man3/BIO_meth_new.html]=man3/BIO_meth_new.pod -DEPEND[man/man3/BIO_meth_new.3]=man3/BIO_meth_new.pod -GENERATE[man/man3/BIO_meth_new.3]=man3/BIO_meth_new.pod -DEPEND[html/man3/BIO_new.html]=man3/BIO_new.pod -GENERATE[html/man3/BIO_new.html]=man3/BIO_new.pod -DEPEND[man/man3/BIO_new.3]=man3/BIO_new.pod -GENERATE[man/man3/BIO_new.3]=man3/BIO_new.pod -DEPEND[html/man3/BIO_new_CMS.html]=man3/BIO_new_CMS.pod -GENERATE[html/man3/BIO_new_CMS.html]=man3/BIO_new_CMS.pod -DEPEND[man/man3/BIO_new_CMS.3]=man3/BIO_new_CMS.pod -GENERATE[man/man3/BIO_new_CMS.3]=man3/BIO_new_CMS.pod -DEPEND[html/man3/BIO_parse_hostserv.html]=man3/BIO_parse_hostserv.pod -GENERATE[html/man3/BIO_parse_hostserv.html]=man3/BIO_parse_hostserv.pod -DEPEND[man/man3/BIO_parse_hostserv.3]=man3/BIO_parse_hostserv.pod -GENERATE[man/man3/BIO_parse_hostserv.3]=man3/BIO_parse_hostserv.pod -DEPEND[html/man3/BIO_printf.html]=man3/BIO_printf.pod -GENERATE[html/man3/BIO_printf.html]=man3/BIO_printf.pod -DEPEND[man/man3/BIO_printf.3]=man3/BIO_printf.pod -GENERATE[man/man3/BIO_printf.3]=man3/BIO_printf.pod -DEPEND[html/man3/BIO_push.html]=man3/BIO_push.pod -GENERATE[html/man3/BIO_push.html]=man3/BIO_push.pod -DEPEND[man/man3/BIO_push.3]=man3/BIO_push.pod -GENERATE[man/man3/BIO_push.3]=man3/BIO_push.pod -DEPEND[html/man3/BIO_read.html]=man3/BIO_read.pod -GENERATE[html/man3/BIO_read.html]=man3/BIO_read.pod -DEPEND[man/man3/BIO_read.3]=man3/BIO_read.pod -GENERATE[man/man3/BIO_read.3]=man3/BIO_read.pod -DEPEND[html/man3/BIO_s_accept.html]=man3/BIO_s_accept.pod -GENERATE[html/man3/BIO_s_accept.html]=man3/BIO_s_accept.pod -DEPEND[man/man3/BIO_s_accept.3]=man3/BIO_s_accept.pod -GENERATE[man/man3/BIO_s_accept.3]=man3/BIO_s_accept.pod -DEPEND[html/man3/BIO_s_bio.html]=man3/BIO_s_bio.pod -GENERATE[html/man3/BIO_s_bio.html]=man3/BIO_s_bio.pod -DEPEND[man/man3/BIO_s_bio.3]=man3/BIO_s_bio.pod -GENERATE[man/man3/BIO_s_bio.3]=man3/BIO_s_bio.pod -DEPEND[html/man3/BIO_s_connect.html]=man3/BIO_s_connect.pod -GENERATE[html/man3/BIO_s_connect.html]=man3/BIO_s_connect.pod -DEPEND[man/man3/BIO_s_connect.3]=man3/BIO_s_connect.pod -GENERATE[man/man3/BIO_s_connect.3]=man3/BIO_s_connect.pod -DEPEND[html/man3/BIO_s_core.html]=man3/BIO_s_core.pod -GENERATE[html/man3/BIO_s_core.html]=man3/BIO_s_core.pod -DEPEND[man/man3/BIO_s_core.3]=man3/BIO_s_core.pod -GENERATE[man/man3/BIO_s_core.3]=man3/BIO_s_core.pod -DEPEND[html/man3/BIO_s_fd.html]=man3/BIO_s_fd.pod -GENERATE[html/man3/BIO_s_fd.html]=man3/BIO_s_fd.pod -DEPEND[man/man3/BIO_s_fd.3]=man3/BIO_s_fd.pod -GENERATE[man/man3/BIO_s_fd.3]=man3/BIO_s_fd.pod -DEPEND[html/man3/BIO_s_file.html]=man3/BIO_s_file.pod -GENERATE[html/man3/BIO_s_file.html]=man3/BIO_s_file.pod -DEPEND[man/man3/BIO_s_file.3]=man3/BIO_s_file.pod -GENERATE[man/man3/BIO_s_file.3]=man3/BIO_s_file.pod -DEPEND[html/man3/BIO_s_mem.html]=man3/BIO_s_mem.pod -GENERATE[html/man3/BIO_s_mem.html]=man3/BIO_s_mem.pod -DEPEND[man/man3/BIO_s_mem.3]=man3/BIO_s_mem.pod -GENERATE[man/man3/BIO_s_mem.3]=man3/BIO_s_mem.pod -DEPEND[html/man3/BIO_s_null.html]=man3/BIO_s_null.pod -GENERATE[html/man3/BIO_s_null.html]=man3/BIO_s_null.pod -DEPEND[man/man3/BIO_s_null.3]=man3/BIO_s_null.pod -GENERATE[man/man3/BIO_s_null.3]=man3/BIO_s_null.pod -DEPEND[html/man3/BIO_s_socket.html]=man3/BIO_s_socket.pod -GENERATE[html/man3/BIO_s_socket.html]=man3/BIO_s_socket.pod -DEPEND[man/man3/BIO_s_socket.3]=man3/BIO_s_socket.pod -GENERATE[man/man3/BIO_s_socket.3]=man3/BIO_s_socket.pod -DEPEND[html/man3/BIO_set_callback.html]=man3/BIO_set_callback.pod -GENERATE[html/man3/BIO_set_callback.html]=man3/BIO_set_callback.pod -DEPEND[man/man3/BIO_set_callback.3]=man3/BIO_set_callback.pod -GENERATE[man/man3/BIO_set_callback.3]=man3/BIO_set_callback.pod -DEPEND[html/man3/BIO_should_retry.html]=man3/BIO_should_retry.pod -GENERATE[html/man3/BIO_should_retry.html]=man3/BIO_should_retry.pod -DEPEND[man/man3/BIO_should_retry.3]=man3/BIO_should_retry.pod -GENERATE[man/man3/BIO_should_retry.3]=man3/BIO_should_retry.pod -DEPEND[html/man3/BIO_socket_wait.html]=man3/BIO_socket_wait.pod -GENERATE[html/man3/BIO_socket_wait.html]=man3/BIO_socket_wait.pod -DEPEND[man/man3/BIO_socket_wait.3]=man3/BIO_socket_wait.pod -GENERATE[man/man3/BIO_socket_wait.3]=man3/BIO_socket_wait.pod -DEPEND[html/man3/BN_BLINDING_new.html]=man3/BN_BLINDING_new.pod -GENERATE[html/man3/BN_BLINDING_new.html]=man3/BN_BLINDING_new.pod -DEPEND[man/man3/BN_BLINDING_new.3]=man3/BN_BLINDING_new.pod -GENERATE[man/man3/BN_BLINDING_new.3]=man3/BN_BLINDING_new.pod -DEPEND[html/man3/BN_CTX_new.html]=man3/BN_CTX_new.pod -GENERATE[html/man3/BN_CTX_new.html]=man3/BN_CTX_new.pod -DEPEND[man/man3/BN_CTX_new.3]=man3/BN_CTX_new.pod -GENERATE[man/man3/BN_CTX_new.3]=man3/BN_CTX_new.pod -DEPEND[html/man3/BN_CTX_start.html]=man3/BN_CTX_start.pod -GENERATE[html/man3/BN_CTX_start.html]=man3/BN_CTX_start.pod -DEPEND[man/man3/BN_CTX_start.3]=man3/BN_CTX_start.pod -GENERATE[man/man3/BN_CTX_start.3]=man3/BN_CTX_start.pod -DEPEND[html/man3/BN_add.html]=man3/BN_add.pod -GENERATE[html/man3/BN_add.html]=man3/BN_add.pod -DEPEND[man/man3/BN_add.3]=man3/BN_add.pod -GENERATE[man/man3/BN_add.3]=man3/BN_add.pod -DEPEND[html/man3/BN_add_word.html]=man3/BN_add_word.pod -GENERATE[html/man3/BN_add_word.html]=man3/BN_add_word.pod -DEPEND[man/man3/BN_add_word.3]=man3/BN_add_word.pod -GENERATE[man/man3/BN_add_word.3]=man3/BN_add_word.pod -DEPEND[html/man3/BN_bn2bin.html]=man3/BN_bn2bin.pod -GENERATE[html/man3/BN_bn2bin.html]=man3/BN_bn2bin.pod -DEPEND[man/man3/BN_bn2bin.3]=man3/BN_bn2bin.pod -GENERATE[man/man3/BN_bn2bin.3]=man3/BN_bn2bin.pod -DEPEND[html/man3/BN_cmp.html]=man3/BN_cmp.pod -GENERATE[html/man3/BN_cmp.html]=man3/BN_cmp.pod -DEPEND[man/man3/BN_cmp.3]=man3/BN_cmp.pod -GENERATE[man/man3/BN_cmp.3]=man3/BN_cmp.pod -DEPEND[html/man3/BN_copy.html]=man3/BN_copy.pod -GENERATE[html/man3/BN_copy.html]=man3/BN_copy.pod -DEPEND[man/man3/BN_copy.3]=man3/BN_copy.pod -GENERATE[man/man3/BN_copy.3]=man3/BN_copy.pod -DEPEND[html/man3/BN_generate_prime.html]=man3/BN_generate_prime.pod -GENERATE[html/man3/BN_generate_prime.html]=man3/BN_generate_prime.pod -DEPEND[man/man3/BN_generate_prime.3]=man3/BN_generate_prime.pod -GENERATE[man/man3/BN_generate_prime.3]=man3/BN_generate_prime.pod -DEPEND[html/man3/BN_mod_exp_mont.html]=man3/BN_mod_exp_mont.pod -GENERATE[html/man3/BN_mod_exp_mont.html]=man3/BN_mod_exp_mont.pod -DEPEND[man/man3/BN_mod_exp_mont.3]=man3/BN_mod_exp_mont.pod -GENERATE[man/man3/BN_mod_exp_mont.3]=man3/BN_mod_exp_mont.pod -DEPEND[html/man3/BN_mod_inverse.html]=man3/BN_mod_inverse.pod -GENERATE[html/man3/BN_mod_inverse.html]=man3/BN_mod_inverse.pod -DEPEND[man/man3/BN_mod_inverse.3]=man3/BN_mod_inverse.pod -GENERATE[man/man3/BN_mod_inverse.3]=man3/BN_mod_inverse.pod -DEPEND[html/man3/BN_mod_mul_montgomery.html]=man3/BN_mod_mul_montgomery.pod -GENERATE[html/man3/BN_mod_mul_montgomery.html]=man3/BN_mod_mul_montgomery.pod -DEPEND[man/man3/BN_mod_mul_montgomery.3]=man3/BN_mod_mul_montgomery.pod -GENERATE[man/man3/BN_mod_mul_montgomery.3]=man3/BN_mod_mul_montgomery.pod -DEPEND[html/man3/BN_mod_mul_reciprocal.html]=man3/BN_mod_mul_reciprocal.pod -GENERATE[html/man3/BN_mod_mul_reciprocal.html]=man3/BN_mod_mul_reciprocal.pod -DEPEND[man/man3/BN_mod_mul_reciprocal.3]=man3/BN_mod_mul_reciprocal.pod -GENERATE[man/man3/BN_mod_mul_reciprocal.3]=man3/BN_mod_mul_reciprocal.pod -DEPEND[html/man3/BN_new.html]=man3/BN_new.pod -GENERATE[html/man3/BN_new.html]=man3/BN_new.pod -DEPEND[man/man3/BN_new.3]=man3/BN_new.pod -GENERATE[man/man3/BN_new.3]=man3/BN_new.pod -DEPEND[html/man3/BN_num_bytes.html]=man3/BN_num_bytes.pod -GENERATE[html/man3/BN_num_bytes.html]=man3/BN_num_bytes.pod -DEPEND[man/man3/BN_num_bytes.3]=man3/BN_num_bytes.pod -GENERATE[man/man3/BN_num_bytes.3]=man3/BN_num_bytes.pod -DEPEND[html/man3/BN_rand.html]=man3/BN_rand.pod -GENERATE[html/man3/BN_rand.html]=man3/BN_rand.pod -DEPEND[man/man3/BN_rand.3]=man3/BN_rand.pod -GENERATE[man/man3/BN_rand.3]=man3/BN_rand.pod -DEPEND[html/man3/BN_security_bits.html]=man3/BN_security_bits.pod -GENERATE[html/man3/BN_security_bits.html]=man3/BN_security_bits.pod -DEPEND[man/man3/BN_security_bits.3]=man3/BN_security_bits.pod -GENERATE[man/man3/BN_security_bits.3]=man3/BN_security_bits.pod -DEPEND[html/man3/BN_set_bit.html]=man3/BN_set_bit.pod -GENERATE[html/man3/BN_set_bit.html]=man3/BN_set_bit.pod -DEPEND[man/man3/BN_set_bit.3]=man3/BN_set_bit.pod -GENERATE[man/man3/BN_set_bit.3]=man3/BN_set_bit.pod -DEPEND[html/man3/BN_swap.html]=man3/BN_swap.pod -GENERATE[html/man3/BN_swap.html]=man3/BN_swap.pod -DEPEND[man/man3/BN_swap.3]=man3/BN_swap.pod -GENERATE[man/man3/BN_swap.3]=man3/BN_swap.pod -DEPEND[html/man3/BN_zero.html]=man3/BN_zero.pod -GENERATE[html/man3/BN_zero.html]=man3/BN_zero.pod -DEPEND[man/man3/BN_zero.3]=man3/BN_zero.pod -GENERATE[man/man3/BN_zero.3]=man3/BN_zero.pod -DEPEND[html/man3/BUF_MEM_new.html]=man3/BUF_MEM_new.pod -GENERATE[html/man3/BUF_MEM_new.html]=man3/BUF_MEM_new.pod -DEPEND[man/man3/BUF_MEM_new.3]=man3/BUF_MEM_new.pod -GENERATE[man/man3/BUF_MEM_new.3]=man3/BUF_MEM_new.pod -DEPEND[html/man3/CMS_EncryptedData_decrypt.html]=man3/CMS_EncryptedData_decrypt.pod -GENERATE[html/man3/CMS_EncryptedData_decrypt.html]=man3/CMS_EncryptedData_decrypt.pod -DEPEND[man/man3/CMS_EncryptedData_decrypt.3]=man3/CMS_EncryptedData_decrypt.pod -GENERATE[man/man3/CMS_EncryptedData_decrypt.3]=man3/CMS_EncryptedData_decrypt.pod -DEPEND[html/man3/CMS_EncryptedData_encrypt.html]=man3/CMS_EncryptedData_encrypt.pod -GENERATE[html/man3/CMS_EncryptedData_encrypt.html]=man3/CMS_EncryptedData_encrypt.pod -DEPEND[man/man3/CMS_EncryptedData_encrypt.3]=man3/CMS_EncryptedData_encrypt.pod -GENERATE[man/man3/CMS_EncryptedData_encrypt.3]=man3/CMS_EncryptedData_encrypt.pod -DEPEND[html/man3/CMS_EnvelopedData_create.html]=man3/CMS_EnvelopedData_create.pod -GENERATE[html/man3/CMS_EnvelopedData_create.html]=man3/CMS_EnvelopedData_create.pod -DEPEND[man/man3/CMS_EnvelopedData_create.3]=man3/CMS_EnvelopedData_create.pod -GENERATE[man/man3/CMS_EnvelopedData_create.3]=man3/CMS_EnvelopedData_create.pod -DEPEND[html/man3/CMS_add0_cert.html]=man3/CMS_add0_cert.pod -GENERATE[html/man3/CMS_add0_cert.html]=man3/CMS_add0_cert.pod -DEPEND[man/man3/CMS_add0_cert.3]=man3/CMS_add0_cert.pod -GENERATE[man/man3/CMS_add0_cert.3]=man3/CMS_add0_cert.pod -DEPEND[html/man3/CMS_add1_recipient_cert.html]=man3/CMS_add1_recipient_cert.pod -GENERATE[html/man3/CMS_add1_recipient_cert.html]=man3/CMS_add1_recipient_cert.pod -DEPEND[man/man3/CMS_add1_recipient_cert.3]=man3/CMS_add1_recipient_cert.pod -GENERATE[man/man3/CMS_add1_recipient_cert.3]=man3/CMS_add1_recipient_cert.pod -DEPEND[html/man3/CMS_add1_signer.html]=man3/CMS_add1_signer.pod -GENERATE[html/man3/CMS_add1_signer.html]=man3/CMS_add1_signer.pod -DEPEND[man/man3/CMS_add1_signer.3]=man3/CMS_add1_signer.pod -GENERATE[man/man3/CMS_add1_signer.3]=man3/CMS_add1_signer.pod -DEPEND[html/man3/CMS_compress.html]=man3/CMS_compress.pod -GENERATE[html/man3/CMS_compress.html]=man3/CMS_compress.pod -DEPEND[man/man3/CMS_compress.3]=man3/CMS_compress.pod -GENERATE[man/man3/CMS_compress.3]=man3/CMS_compress.pod -DEPEND[html/man3/CMS_data_create.html]=man3/CMS_data_create.pod -GENERATE[html/man3/CMS_data_create.html]=man3/CMS_data_create.pod -DEPEND[man/man3/CMS_data_create.3]=man3/CMS_data_create.pod -GENERATE[man/man3/CMS_data_create.3]=man3/CMS_data_create.pod -DEPEND[html/man3/CMS_decrypt.html]=man3/CMS_decrypt.pod -GENERATE[html/man3/CMS_decrypt.html]=man3/CMS_decrypt.pod -DEPEND[man/man3/CMS_decrypt.3]=man3/CMS_decrypt.pod -GENERATE[man/man3/CMS_decrypt.3]=man3/CMS_decrypt.pod -DEPEND[html/man3/CMS_digest_create.html]=man3/CMS_digest_create.pod -GENERATE[html/man3/CMS_digest_create.html]=man3/CMS_digest_create.pod -DEPEND[man/man3/CMS_digest_create.3]=man3/CMS_digest_create.pod -GENERATE[man/man3/CMS_digest_create.3]=man3/CMS_digest_create.pod -DEPEND[html/man3/CMS_encrypt.html]=man3/CMS_encrypt.pod -GENERATE[html/man3/CMS_encrypt.html]=man3/CMS_encrypt.pod -DEPEND[man/man3/CMS_encrypt.3]=man3/CMS_encrypt.pod -GENERATE[man/man3/CMS_encrypt.3]=man3/CMS_encrypt.pod -DEPEND[html/man3/CMS_final.html]=man3/CMS_final.pod -GENERATE[html/man3/CMS_final.html]=man3/CMS_final.pod -DEPEND[man/man3/CMS_final.3]=man3/CMS_final.pod -GENERATE[man/man3/CMS_final.3]=man3/CMS_final.pod -DEPEND[html/man3/CMS_get0_RecipientInfos.html]=man3/CMS_get0_RecipientInfos.pod -GENERATE[html/man3/CMS_get0_RecipientInfos.html]=man3/CMS_get0_RecipientInfos.pod -DEPEND[man/man3/CMS_get0_RecipientInfos.3]=man3/CMS_get0_RecipientInfos.pod -GENERATE[man/man3/CMS_get0_RecipientInfos.3]=man3/CMS_get0_RecipientInfos.pod -DEPEND[html/man3/CMS_get0_SignerInfos.html]=man3/CMS_get0_SignerInfos.pod -GENERATE[html/man3/CMS_get0_SignerInfos.html]=man3/CMS_get0_SignerInfos.pod -DEPEND[man/man3/CMS_get0_SignerInfos.3]=man3/CMS_get0_SignerInfos.pod -GENERATE[man/man3/CMS_get0_SignerInfos.3]=man3/CMS_get0_SignerInfos.pod -DEPEND[html/man3/CMS_get0_type.html]=man3/CMS_get0_type.pod -GENERATE[html/man3/CMS_get0_type.html]=man3/CMS_get0_type.pod -DEPEND[man/man3/CMS_get0_type.3]=man3/CMS_get0_type.pod -GENERATE[man/man3/CMS_get0_type.3]=man3/CMS_get0_type.pod -DEPEND[html/man3/CMS_get1_ReceiptRequest.html]=man3/CMS_get1_ReceiptRequest.pod -GENERATE[html/man3/CMS_get1_ReceiptRequest.html]=man3/CMS_get1_ReceiptRequest.pod -DEPEND[man/man3/CMS_get1_ReceiptRequest.3]=man3/CMS_get1_ReceiptRequest.pod -GENERATE[man/man3/CMS_get1_ReceiptRequest.3]=man3/CMS_get1_ReceiptRequest.pod -DEPEND[html/man3/CMS_sign.html]=man3/CMS_sign.pod -GENERATE[html/man3/CMS_sign.html]=man3/CMS_sign.pod -DEPEND[man/man3/CMS_sign.3]=man3/CMS_sign.pod -GENERATE[man/man3/CMS_sign.3]=man3/CMS_sign.pod -DEPEND[html/man3/CMS_sign_receipt.html]=man3/CMS_sign_receipt.pod -GENERATE[html/man3/CMS_sign_receipt.html]=man3/CMS_sign_receipt.pod -DEPEND[man/man3/CMS_sign_receipt.3]=man3/CMS_sign_receipt.pod -GENERATE[man/man3/CMS_sign_receipt.3]=man3/CMS_sign_receipt.pod -DEPEND[html/man3/CMS_uncompress.html]=man3/CMS_uncompress.pod -GENERATE[html/man3/CMS_uncompress.html]=man3/CMS_uncompress.pod -DEPEND[man/man3/CMS_uncompress.3]=man3/CMS_uncompress.pod -GENERATE[man/man3/CMS_uncompress.3]=man3/CMS_uncompress.pod -DEPEND[html/man3/CMS_verify.html]=man3/CMS_verify.pod -GENERATE[html/man3/CMS_verify.html]=man3/CMS_verify.pod -DEPEND[man/man3/CMS_verify.3]=man3/CMS_verify.pod -GENERATE[man/man3/CMS_verify.3]=man3/CMS_verify.pod -DEPEND[html/man3/CMS_verify_receipt.html]=man3/CMS_verify_receipt.pod -GENERATE[html/man3/CMS_verify_receipt.html]=man3/CMS_verify_receipt.pod -DEPEND[man/man3/CMS_verify_receipt.3]=man3/CMS_verify_receipt.pod -GENERATE[man/man3/CMS_verify_receipt.3]=man3/CMS_verify_receipt.pod -DEPEND[html/man3/CONF_modules_free.html]=man3/CONF_modules_free.pod -GENERATE[html/man3/CONF_modules_free.html]=man3/CONF_modules_free.pod -DEPEND[man/man3/CONF_modules_free.3]=man3/CONF_modules_free.pod -GENERATE[man/man3/CONF_modules_free.3]=man3/CONF_modules_free.pod -DEPEND[html/man3/CONF_modules_load_file.html]=man3/CONF_modules_load_file.pod -GENERATE[html/man3/CONF_modules_load_file.html]=man3/CONF_modules_load_file.pod -DEPEND[man/man3/CONF_modules_load_file.3]=man3/CONF_modules_load_file.pod -GENERATE[man/man3/CONF_modules_load_file.3]=man3/CONF_modules_load_file.pod -DEPEND[html/man3/CRYPTO_THREAD_run_once.html]=man3/CRYPTO_THREAD_run_once.pod -GENERATE[html/man3/CRYPTO_THREAD_run_once.html]=man3/CRYPTO_THREAD_run_once.pod -DEPEND[man/man3/CRYPTO_THREAD_run_once.3]=man3/CRYPTO_THREAD_run_once.pod -GENERATE[man/man3/CRYPTO_THREAD_run_once.3]=man3/CRYPTO_THREAD_run_once.pod -DEPEND[html/man3/CRYPTO_get_ex_new_index.html]=man3/CRYPTO_get_ex_new_index.pod -GENERATE[html/man3/CRYPTO_get_ex_new_index.html]=man3/CRYPTO_get_ex_new_index.pod -DEPEND[man/man3/CRYPTO_get_ex_new_index.3]=man3/CRYPTO_get_ex_new_index.pod -GENERATE[man/man3/CRYPTO_get_ex_new_index.3]=man3/CRYPTO_get_ex_new_index.pod -DEPEND[html/man3/CRYPTO_memcmp.html]=man3/CRYPTO_memcmp.pod -GENERATE[html/man3/CRYPTO_memcmp.html]=man3/CRYPTO_memcmp.pod -DEPEND[man/man3/CRYPTO_memcmp.3]=man3/CRYPTO_memcmp.pod -GENERATE[man/man3/CRYPTO_memcmp.3]=man3/CRYPTO_memcmp.pod -DEPEND[html/man3/CTLOG_STORE_get0_log_by_id.html]=man3/CTLOG_STORE_get0_log_by_id.pod -GENERATE[html/man3/CTLOG_STORE_get0_log_by_id.html]=man3/CTLOG_STORE_get0_log_by_id.pod -DEPEND[man/man3/CTLOG_STORE_get0_log_by_id.3]=man3/CTLOG_STORE_get0_log_by_id.pod -GENERATE[man/man3/CTLOG_STORE_get0_log_by_id.3]=man3/CTLOG_STORE_get0_log_by_id.pod -DEPEND[html/man3/CTLOG_STORE_new.html]=man3/CTLOG_STORE_new.pod -GENERATE[html/man3/CTLOG_STORE_new.html]=man3/CTLOG_STORE_new.pod -DEPEND[man/man3/CTLOG_STORE_new.3]=man3/CTLOG_STORE_new.pod -GENERATE[man/man3/CTLOG_STORE_new.3]=man3/CTLOG_STORE_new.pod -DEPEND[html/man3/CTLOG_new.html]=man3/CTLOG_new.pod -GENERATE[html/man3/CTLOG_new.html]=man3/CTLOG_new.pod -DEPEND[man/man3/CTLOG_new.3]=man3/CTLOG_new.pod -GENERATE[man/man3/CTLOG_new.3]=man3/CTLOG_new.pod -DEPEND[html/man3/CT_POLICY_EVAL_CTX_new.html]=man3/CT_POLICY_EVAL_CTX_new.pod -GENERATE[html/man3/CT_POLICY_EVAL_CTX_new.html]=man3/CT_POLICY_EVAL_CTX_new.pod -DEPEND[man/man3/CT_POLICY_EVAL_CTX_new.3]=man3/CT_POLICY_EVAL_CTX_new.pod -GENERATE[man/man3/CT_POLICY_EVAL_CTX_new.3]=man3/CT_POLICY_EVAL_CTX_new.pod -DEPEND[html/man3/DEFINE_STACK_OF.html]=man3/DEFINE_STACK_OF.pod -GENERATE[html/man3/DEFINE_STACK_OF.html]=man3/DEFINE_STACK_OF.pod -DEPEND[man/man3/DEFINE_STACK_OF.3]=man3/DEFINE_STACK_OF.pod -GENERATE[man/man3/DEFINE_STACK_OF.3]=man3/DEFINE_STACK_OF.pod -DEPEND[html/man3/DES_random_key.html]=man3/DES_random_key.pod -GENERATE[html/man3/DES_random_key.html]=man3/DES_random_key.pod -DEPEND[man/man3/DES_random_key.3]=man3/DES_random_key.pod -GENERATE[man/man3/DES_random_key.3]=man3/DES_random_key.pod -DEPEND[html/man3/DH_generate_key.html]=man3/DH_generate_key.pod -GENERATE[html/man3/DH_generate_key.html]=man3/DH_generate_key.pod -DEPEND[man/man3/DH_generate_key.3]=man3/DH_generate_key.pod -GENERATE[man/man3/DH_generate_key.3]=man3/DH_generate_key.pod -DEPEND[html/man3/DH_generate_parameters.html]=man3/DH_generate_parameters.pod -GENERATE[html/man3/DH_generate_parameters.html]=man3/DH_generate_parameters.pod -DEPEND[man/man3/DH_generate_parameters.3]=man3/DH_generate_parameters.pod -GENERATE[man/man3/DH_generate_parameters.3]=man3/DH_generate_parameters.pod -DEPEND[html/man3/DH_get0_pqg.html]=man3/DH_get0_pqg.pod -GENERATE[html/man3/DH_get0_pqg.html]=man3/DH_get0_pqg.pod -DEPEND[man/man3/DH_get0_pqg.3]=man3/DH_get0_pqg.pod -GENERATE[man/man3/DH_get0_pqg.3]=man3/DH_get0_pqg.pod -DEPEND[html/man3/DH_get_1024_160.html]=man3/DH_get_1024_160.pod -GENERATE[html/man3/DH_get_1024_160.html]=man3/DH_get_1024_160.pod -DEPEND[man/man3/DH_get_1024_160.3]=man3/DH_get_1024_160.pod -GENERATE[man/man3/DH_get_1024_160.3]=man3/DH_get_1024_160.pod -DEPEND[html/man3/DH_meth_new.html]=man3/DH_meth_new.pod -GENERATE[html/man3/DH_meth_new.html]=man3/DH_meth_new.pod -DEPEND[man/man3/DH_meth_new.3]=man3/DH_meth_new.pod -GENERATE[man/man3/DH_meth_new.3]=man3/DH_meth_new.pod -DEPEND[html/man3/DH_new.html]=man3/DH_new.pod -GENERATE[html/man3/DH_new.html]=man3/DH_new.pod -DEPEND[man/man3/DH_new.3]=man3/DH_new.pod -GENERATE[man/man3/DH_new.3]=man3/DH_new.pod -DEPEND[html/man3/DH_new_by_nid.html]=man3/DH_new_by_nid.pod -GENERATE[html/man3/DH_new_by_nid.html]=man3/DH_new_by_nid.pod -DEPEND[man/man3/DH_new_by_nid.3]=man3/DH_new_by_nid.pod -GENERATE[man/man3/DH_new_by_nid.3]=man3/DH_new_by_nid.pod -DEPEND[html/man3/DH_set_method.html]=man3/DH_set_method.pod -GENERATE[html/man3/DH_set_method.html]=man3/DH_set_method.pod -DEPEND[man/man3/DH_set_method.3]=man3/DH_set_method.pod -GENERATE[man/man3/DH_set_method.3]=man3/DH_set_method.pod -DEPEND[html/man3/DH_size.html]=man3/DH_size.pod -GENERATE[html/man3/DH_size.html]=man3/DH_size.pod -DEPEND[man/man3/DH_size.3]=man3/DH_size.pod -GENERATE[man/man3/DH_size.3]=man3/DH_size.pod -DEPEND[html/man3/DSA_SIG_new.html]=man3/DSA_SIG_new.pod -GENERATE[html/man3/DSA_SIG_new.html]=man3/DSA_SIG_new.pod -DEPEND[man/man3/DSA_SIG_new.3]=man3/DSA_SIG_new.pod -GENERATE[man/man3/DSA_SIG_new.3]=man3/DSA_SIG_new.pod -DEPEND[html/man3/DSA_do_sign.html]=man3/DSA_do_sign.pod -GENERATE[html/man3/DSA_do_sign.html]=man3/DSA_do_sign.pod -DEPEND[man/man3/DSA_do_sign.3]=man3/DSA_do_sign.pod -GENERATE[man/man3/DSA_do_sign.3]=man3/DSA_do_sign.pod -DEPEND[html/man3/DSA_dup_DH.html]=man3/DSA_dup_DH.pod -GENERATE[html/man3/DSA_dup_DH.html]=man3/DSA_dup_DH.pod -DEPEND[man/man3/DSA_dup_DH.3]=man3/DSA_dup_DH.pod -GENERATE[man/man3/DSA_dup_DH.3]=man3/DSA_dup_DH.pod -DEPEND[html/man3/DSA_generate_key.html]=man3/DSA_generate_key.pod -GENERATE[html/man3/DSA_generate_key.html]=man3/DSA_generate_key.pod -DEPEND[man/man3/DSA_generate_key.3]=man3/DSA_generate_key.pod -GENERATE[man/man3/DSA_generate_key.3]=man3/DSA_generate_key.pod -DEPEND[html/man3/DSA_generate_parameters.html]=man3/DSA_generate_parameters.pod -GENERATE[html/man3/DSA_generate_parameters.html]=man3/DSA_generate_parameters.pod -DEPEND[man/man3/DSA_generate_parameters.3]=man3/DSA_generate_parameters.pod -GENERATE[man/man3/DSA_generate_parameters.3]=man3/DSA_generate_parameters.pod -DEPEND[html/man3/DSA_get0_pqg.html]=man3/DSA_get0_pqg.pod -GENERATE[html/man3/DSA_get0_pqg.html]=man3/DSA_get0_pqg.pod -DEPEND[man/man3/DSA_get0_pqg.3]=man3/DSA_get0_pqg.pod -GENERATE[man/man3/DSA_get0_pqg.3]=man3/DSA_get0_pqg.pod -DEPEND[html/man3/DSA_meth_new.html]=man3/DSA_meth_new.pod -GENERATE[html/man3/DSA_meth_new.html]=man3/DSA_meth_new.pod -DEPEND[man/man3/DSA_meth_new.3]=man3/DSA_meth_new.pod -GENERATE[man/man3/DSA_meth_new.3]=man3/DSA_meth_new.pod -DEPEND[html/man3/DSA_new.html]=man3/DSA_new.pod -GENERATE[html/man3/DSA_new.html]=man3/DSA_new.pod -DEPEND[man/man3/DSA_new.3]=man3/DSA_new.pod -GENERATE[man/man3/DSA_new.3]=man3/DSA_new.pod -DEPEND[html/man3/DSA_set_method.html]=man3/DSA_set_method.pod -GENERATE[html/man3/DSA_set_method.html]=man3/DSA_set_method.pod -DEPEND[man/man3/DSA_set_method.3]=man3/DSA_set_method.pod -GENERATE[man/man3/DSA_set_method.3]=man3/DSA_set_method.pod -DEPEND[html/man3/DSA_sign.html]=man3/DSA_sign.pod -GENERATE[html/man3/DSA_sign.html]=man3/DSA_sign.pod -DEPEND[man/man3/DSA_sign.3]=man3/DSA_sign.pod -GENERATE[man/man3/DSA_sign.3]=man3/DSA_sign.pod -DEPEND[html/man3/DSA_size.html]=man3/DSA_size.pod -GENERATE[html/man3/DSA_size.html]=man3/DSA_size.pod -DEPEND[man/man3/DSA_size.3]=man3/DSA_size.pod -GENERATE[man/man3/DSA_size.3]=man3/DSA_size.pod -DEPEND[html/man3/DTLS_get_data_mtu.html]=man3/DTLS_get_data_mtu.pod -GENERATE[html/man3/DTLS_get_data_mtu.html]=man3/DTLS_get_data_mtu.pod -DEPEND[man/man3/DTLS_get_data_mtu.3]=man3/DTLS_get_data_mtu.pod -GENERATE[man/man3/DTLS_get_data_mtu.3]=man3/DTLS_get_data_mtu.pod -DEPEND[html/man3/DTLS_set_timer_cb.html]=man3/DTLS_set_timer_cb.pod -GENERATE[html/man3/DTLS_set_timer_cb.html]=man3/DTLS_set_timer_cb.pod -DEPEND[man/man3/DTLS_set_timer_cb.3]=man3/DTLS_set_timer_cb.pod -GENERATE[man/man3/DTLS_set_timer_cb.3]=man3/DTLS_set_timer_cb.pod -DEPEND[html/man3/DTLSv1_listen.html]=man3/DTLSv1_listen.pod -GENERATE[html/man3/DTLSv1_listen.html]=man3/DTLSv1_listen.pod -DEPEND[man/man3/DTLSv1_listen.3]=man3/DTLSv1_listen.pod -GENERATE[man/man3/DTLSv1_listen.3]=man3/DTLSv1_listen.pod -DEPEND[html/man3/ECDSA_SIG_new.html]=man3/ECDSA_SIG_new.pod -GENERATE[html/man3/ECDSA_SIG_new.html]=man3/ECDSA_SIG_new.pod -DEPEND[man/man3/ECDSA_SIG_new.3]=man3/ECDSA_SIG_new.pod -GENERATE[man/man3/ECDSA_SIG_new.3]=man3/ECDSA_SIG_new.pod -DEPEND[html/man3/ECPKParameters_print.html]=man3/ECPKParameters_print.pod -GENERATE[html/man3/ECPKParameters_print.html]=man3/ECPKParameters_print.pod -DEPEND[man/man3/ECPKParameters_print.3]=man3/ECPKParameters_print.pod -GENERATE[man/man3/ECPKParameters_print.3]=man3/ECPKParameters_print.pod -DEPEND[html/man3/EC_GFp_simple_method.html]=man3/EC_GFp_simple_method.pod -GENERATE[html/man3/EC_GFp_simple_method.html]=man3/EC_GFp_simple_method.pod -DEPEND[man/man3/EC_GFp_simple_method.3]=man3/EC_GFp_simple_method.pod -GENERATE[man/man3/EC_GFp_simple_method.3]=man3/EC_GFp_simple_method.pod -DEPEND[html/man3/EC_GROUP_copy.html]=man3/EC_GROUP_copy.pod -GENERATE[html/man3/EC_GROUP_copy.html]=man3/EC_GROUP_copy.pod -DEPEND[man/man3/EC_GROUP_copy.3]=man3/EC_GROUP_copy.pod -GENERATE[man/man3/EC_GROUP_copy.3]=man3/EC_GROUP_copy.pod -DEPEND[html/man3/EC_GROUP_new.html]=man3/EC_GROUP_new.pod -GENERATE[html/man3/EC_GROUP_new.html]=man3/EC_GROUP_new.pod -DEPEND[man/man3/EC_GROUP_new.3]=man3/EC_GROUP_new.pod -GENERATE[man/man3/EC_GROUP_new.3]=man3/EC_GROUP_new.pod -DEPEND[html/man3/EC_KEY_get_enc_flags.html]=man3/EC_KEY_get_enc_flags.pod -GENERATE[html/man3/EC_KEY_get_enc_flags.html]=man3/EC_KEY_get_enc_flags.pod -DEPEND[man/man3/EC_KEY_get_enc_flags.3]=man3/EC_KEY_get_enc_flags.pod -GENERATE[man/man3/EC_KEY_get_enc_flags.3]=man3/EC_KEY_get_enc_flags.pod -DEPEND[html/man3/EC_KEY_new.html]=man3/EC_KEY_new.pod -GENERATE[html/man3/EC_KEY_new.html]=man3/EC_KEY_new.pod -DEPEND[man/man3/EC_KEY_new.3]=man3/EC_KEY_new.pod -GENERATE[man/man3/EC_KEY_new.3]=man3/EC_KEY_new.pod -DEPEND[html/man3/EC_POINT_add.html]=man3/EC_POINT_add.pod -GENERATE[html/man3/EC_POINT_add.html]=man3/EC_POINT_add.pod -DEPEND[man/man3/EC_POINT_add.3]=man3/EC_POINT_add.pod -GENERATE[man/man3/EC_POINT_add.3]=man3/EC_POINT_add.pod -DEPEND[html/man3/EC_POINT_new.html]=man3/EC_POINT_new.pod -GENERATE[html/man3/EC_POINT_new.html]=man3/EC_POINT_new.pod -DEPEND[man/man3/EC_POINT_new.3]=man3/EC_POINT_new.pod -GENERATE[man/man3/EC_POINT_new.3]=man3/EC_POINT_new.pod -DEPEND[html/man3/ENGINE_add.html]=man3/ENGINE_add.pod -GENERATE[html/man3/ENGINE_add.html]=man3/ENGINE_add.pod -DEPEND[man/man3/ENGINE_add.3]=man3/ENGINE_add.pod -GENERATE[man/man3/ENGINE_add.3]=man3/ENGINE_add.pod -DEPEND[html/man3/ERR_GET_LIB.html]=man3/ERR_GET_LIB.pod -GENERATE[html/man3/ERR_GET_LIB.html]=man3/ERR_GET_LIB.pod -DEPEND[man/man3/ERR_GET_LIB.3]=man3/ERR_GET_LIB.pod -GENERATE[man/man3/ERR_GET_LIB.3]=man3/ERR_GET_LIB.pod -DEPEND[html/man3/ERR_clear_error.html]=man3/ERR_clear_error.pod -GENERATE[html/man3/ERR_clear_error.html]=man3/ERR_clear_error.pod -DEPEND[man/man3/ERR_clear_error.3]=man3/ERR_clear_error.pod -GENERATE[man/man3/ERR_clear_error.3]=man3/ERR_clear_error.pod -DEPEND[html/man3/ERR_error_string.html]=man3/ERR_error_string.pod -GENERATE[html/man3/ERR_error_string.html]=man3/ERR_error_string.pod -DEPEND[man/man3/ERR_error_string.3]=man3/ERR_error_string.pod -GENERATE[man/man3/ERR_error_string.3]=man3/ERR_error_string.pod -DEPEND[html/man3/ERR_get_error.html]=man3/ERR_get_error.pod -GENERATE[html/man3/ERR_get_error.html]=man3/ERR_get_error.pod -DEPEND[man/man3/ERR_get_error.3]=man3/ERR_get_error.pod -GENERATE[man/man3/ERR_get_error.3]=man3/ERR_get_error.pod -DEPEND[html/man3/ERR_load_crypto_strings.html]=man3/ERR_load_crypto_strings.pod -GENERATE[html/man3/ERR_load_crypto_strings.html]=man3/ERR_load_crypto_strings.pod -DEPEND[man/man3/ERR_load_crypto_strings.3]=man3/ERR_load_crypto_strings.pod -GENERATE[man/man3/ERR_load_crypto_strings.3]=man3/ERR_load_crypto_strings.pod -DEPEND[html/man3/ERR_load_strings.html]=man3/ERR_load_strings.pod -GENERATE[html/man3/ERR_load_strings.html]=man3/ERR_load_strings.pod -DEPEND[man/man3/ERR_load_strings.3]=man3/ERR_load_strings.pod -GENERATE[man/man3/ERR_load_strings.3]=man3/ERR_load_strings.pod -DEPEND[html/man3/ERR_new.html]=man3/ERR_new.pod -GENERATE[html/man3/ERR_new.html]=man3/ERR_new.pod -DEPEND[man/man3/ERR_new.3]=man3/ERR_new.pod -GENERATE[man/man3/ERR_new.3]=man3/ERR_new.pod -DEPEND[html/man3/ERR_print_errors.html]=man3/ERR_print_errors.pod -GENERATE[html/man3/ERR_print_errors.html]=man3/ERR_print_errors.pod -DEPEND[man/man3/ERR_print_errors.3]=man3/ERR_print_errors.pod -GENERATE[man/man3/ERR_print_errors.3]=man3/ERR_print_errors.pod -DEPEND[html/man3/ERR_put_error.html]=man3/ERR_put_error.pod -GENERATE[html/man3/ERR_put_error.html]=man3/ERR_put_error.pod -DEPEND[man/man3/ERR_put_error.3]=man3/ERR_put_error.pod -GENERATE[man/man3/ERR_put_error.3]=man3/ERR_put_error.pod -DEPEND[html/man3/ERR_remove_state.html]=man3/ERR_remove_state.pod -GENERATE[html/man3/ERR_remove_state.html]=man3/ERR_remove_state.pod -DEPEND[man/man3/ERR_remove_state.3]=man3/ERR_remove_state.pod -GENERATE[man/man3/ERR_remove_state.3]=man3/ERR_remove_state.pod -DEPEND[html/man3/ERR_set_mark.html]=man3/ERR_set_mark.pod -GENERATE[html/man3/ERR_set_mark.html]=man3/ERR_set_mark.pod -DEPEND[man/man3/ERR_set_mark.3]=man3/ERR_set_mark.pod -GENERATE[man/man3/ERR_set_mark.3]=man3/ERR_set_mark.pod -DEPEND[html/man3/EVP_ASYM_CIPHER_free.html]=man3/EVP_ASYM_CIPHER_free.pod -GENERATE[html/man3/EVP_ASYM_CIPHER_free.html]=man3/EVP_ASYM_CIPHER_free.pod -DEPEND[man/man3/EVP_ASYM_CIPHER_free.3]=man3/EVP_ASYM_CIPHER_free.pod -GENERATE[man/man3/EVP_ASYM_CIPHER_free.3]=man3/EVP_ASYM_CIPHER_free.pod -DEPEND[html/man3/EVP_BytesToKey.html]=man3/EVP_BytesToKey.pod -GENERATE[html/man3/EVP_BytesToKey.html]=man3/EVP_BytesToKey.pod -DEPEND[man/man3/EVP_BytesToKey.3]=man3/EVP_BytesToKey.pod -GENERATE[man/man3/EVP_BytesToKey.3]=man3/EVP_BytesToKey.pod -DEPEND[html/man3/EVP_CIPHER_CTX_get_cipher_data.html]=man3/EVP_CIPHER_CTX_get_cipher_data.pod -GENERATE[html/man3/EVP_CIPHER_CTX_get_cipher_data.html]=man3/EVP_CIPHER_CTX_get_cipher_data.pod -DEPEND[man/man3/EVP_CIPHER_CTX_get_cipher_data.3]=man3/EVP_CIPHER_CTX_get_cipher_data.pod -GENERATE[man/man3/EVP_CIPHER_CTX_get_cipher_data.3]=man3/EVP_CIPHER_CTX_get_cipher_data.pod -DEPEND[html/man3/EVP_CIPHER_CTX_get_original_iv.html]=man3/EVP_CIPHER_CTX_get_original_iv.pod -GENERATE[html/man3/EVP_CIPHER_CTX_get_original_iv.html]=man3/EVP_CIPHER_CTX_get_original_iv.pod -DEPEND[man/man3/EVP_CIPHER_CTX_get_original_iv.3]=man3/EVP_CIPHER_CTX_get_original_iv.pod -GENERATE[man/man3/EVP_CIPHER_CTX_get_original_iv.3]=man3/EVP_CIPHER_CTX_get_original_iv.pod -DEPEND[html/man3/EVP_CIPHER_meth_new.html]=man3/EVP_CIPHER_meth_new.pod -GENERATE[html/man3/EVP_CIPHER_meth_new.html]=man3/EVP_CIPHER_meth_new.pod -DEPEND[man/man3/EVP_CIPHER_meth_new.3]=man3/EVP_CIPHER_meth_new.pod -GENERATE[man/man3/EVP_CIPHER_meth_new.3]=man3/EVP_CIPHER_meth_new.pod -DEPEND[html/man3/EVP_DigestInit.html]=man3/EVP_DigestInit.pod -GENERATE[html/man3/EVP_DigestInit.html]=man3/EVP_DigestInit.pod -DEPEND[man/man3/EVP_DigestInit.3]=man3/EVP_DigestInit.pod -GENERATE[man/man3/EVP_DigestInit.3]=man3/EVP_DigestInit.pod -DEPEND[html/man3/EVP_DigestSignInit.html]=man3/EVP_DigestSignInit.pod -GENERATE[html/man3/EVP_DigestSignInit.html]=man3/EVP_DigestSignInit.pod -DEPEND[man/man3/EVP_DigestSignInit.3]=man3/EVP_DigestSignInit.pod -GENERATE[man/man3/EVP_DigestSignInit.3]=man3/EVP_DigestSignInit.pod -DEPEND[html/man3/EVP_DigestVerifyInit.html]=man3/EVP_DigestVerifyInit.pod -GENERATE[html/man3/EVP_DigestVerifyInit.html]=man3/EVP_DigestVerifyInit.pod -DEPEND[man/man3/EVP_DigestVerifyInit.3]=man3/EVP_DigestVerifyInit.pod -GENERATE[man/man3/EVP_DigestVerifyInit.3]=man3/EVP_DigestVerifyInit.pod -DEPEND[html/man3/EVP_EncodeInit.html]=man3/EVP_EncodeInit.pod -GENERATE[html/man3/EVP_EncodeInit.html]=man3/EVP_EncodeInit.pod -DEPEND[man/man3/EVP_EncodeInit.3]=man3/EVP_EncodeInit.pod -GENERATE[man/man3/EVP_EncodeInit.3]=man3/EVP_EncodeInit.pod -DEPEND[html/man3/EVP_EncryptInit.html]=man3/EVP_EncryptInit.pod -GENERATE[html/man3/EVP_EncryptInit.html]=man3/EVP_EncryptInit.pod -DEPEND[man/man3/EVP_EncryptInit.3]=man3/EVP_EncryptInit.pod -GENERATE[man/man3/EVP_EncryptInit.3]=man3/EVP_EncryptInit.pod -DEPEND[html/man3/EVP_KDF.html]=man3/EVP_KDF.pod -GENERATE[html/man3/EVP_KDF.html]=man3/EVP_KDF.pod -DEPEND[man/man3/EVP_KDF.3]=man3/EVP_KDF.pod -GENERATE[man/man3/EVP_KDF.3]=man3/EVP_KDF.pod -DEPEND[html/man3/EVP_KEM_free.html]=man3/EVP_KEM_free.pod -GENERATE[html/man3/EVP_KEM_free.html]=man3/EVP_KEM_free.pod -DEPEND[man/man3/EVP_KEM_free.3]=man3/EVP_KEM_free.pod -GENERATE[man/man3/EVP_KEM_free.3]=man3/EVP_KEM_free.pod -DEPEND[html/man3/EVP_KEYEXCH_free.html]=man3/EVP_KEYEXCH_free.pod -GENERATE[html/man3/EVP_KEYEXCH_free.html]=man3/EVP_KEYEXCH_free.pod -DEPEND[man/man3/EVP_KEYEXCH_free.3]=man3/EVP_KEYEXCH_free.pod -GENERATE[man/man3/EVP_KEYEXCH_free.3]=man3/EVP_KEYEXCH_free.pod -DEPEND[html/man3/EVP_KEYMGMT.html]=man3/EVP_KEYMGMT.pod -GENERATE[html/man3/EVP_KEYMGMT.html]=man3/EVP_KEYMGMT.pod -DEPEND[man/man3/EVP_KEYMGMT.3]=man3/EVP_KEYMGMT.pod -GENERATE[man/man3/EVP_KEYMGMT.3]=man3/EVP_KEYMGMT.pod -DEPEND[html/man3/EVP_MAC.html]=man3/EVP_MAC.pod -GENERATE[html/man3/EVP_MAC.html]=man3/EVP_MAC.pod -DEPEND[man/man3/EVP_MAC.3]=man3/EVP_MAC.pod -GENERATE[man/man3/EVP_MAC.3]=man3/EVP_MAC.pod -DEPEND[html/man3/EVP_MD_meth_new.html]=man3/EVP_MD_meth_new.pod -GENERATE[html/man3/EVP_MD_meth_new.html]=man3/EVP_MD_meth_new.pod -DEPEND[man/man3/EVP_MD_meth_new.3]=man3/EVP_MD_meth_new.pod -GENERATE[man/man3/EVP_MD_meth_new.3]=man3/EVP_MD_meth_new.pod -DEPEND[html/man3/EVP_OpenInit.html]=man3/EVP_OpenInit.pod -GENERATE[html/man3/EVP_OpenInit.html]=man3/EVP_OpenInit.pod -DEPEND[man/man3/EVP_OpenInit.3]=man3/EVP_OpenInit.pod -GENERATE[man/man3/EVP_OpenInit.3]=man3/EVP_OpenInit.pod -DEPEND[html/man3/EVP_PBE_CipherInit.html]=man3/EVP_PBE_CipherInit.pod -GENERATE[html/man3/EVP_PBE_CipherInit.html]=man3/EVP_PBE_CipherInit.pod -DEPEND[man/man3/EVP_PBE_CipherInit.3]=man3/EVP_PBE_CipherInit.pod -GENERATE[man/man3/EVP_PBE_CipherInit.3]=man3/EVP_PBE_CipherInit.pod -DEPEND[html/man3/EVP_PKEY2PKCS8.html]=man3/EVP_PKEY2PKCS8.pod -GENERATE[html/man3/EVP_PKEY2PKCS8.html]=man3/EVP_PKEY2PKCS8.pod -DEPEND[man/man3/EVP_PKEY2PKCS8.3]=man3/EVP_PKEY2PKCS8.pod -GENERATE[man/man3/EVP_PKEY2PKCS8.3]=man3/EVP_PKEY2PKCS8.pod -DEPEND[html/man3/EVP_PKEY_ASN1_METHOD.html]=man3/EVP_PKEY_ASN1_METHOD.pod -GENERATE[html/man3/EVP_PKEY_ASN1_METHOD.html]=man3/EVP_PKEY_ASN1_METHOD.pod -DEPEND[man/man3/EVP_PKEY_ASN1_METHOD.3]=man3/EVP_PKEY_ASN1_METHOD.pod -GENERATE[man/man3/EVP_PKEY_ASN1_METHOD.3]=man3/EVP_PKEY_ASN1_METHOD.pod -DEPEND[html/man3/EVP_PKEY_CTX_ctrl.html]=man3/EVP_PKEY_CTX_ctrl.pod -GENERATE[html/man3/EVP_PKEY_CTX_ctrl.html]=man3/EVP_PKEY_CTX_ctrl.pod -DEPEND[man/man3/EVP_PKEY_CTX_ctrl.3]=man3/EVP_PKEY_CTX_ctrl.pod -GENERATE[man/man3/EVP_PKEY_CTX_ctrl.3]=man3/EVP_PKEY_CTX_ctrl.pod -DEPEND[html/man3/EVP_PKEY_CTX_get0_libctx.html]=man3/EVP_PKEY_CTX_get0_libctx.pod -GENERATE[html/man3/EVP_PKEY_CTX_get0_libctx.html]=man3/EVP_PKEY_CTX_get0_libctx.pod -DEPEND[man/man3/EVP_PKEY_CTX_get0_libctx.3]=man3/EVP_PKEY_CTX_get0_libctx.pod -GENERATE[man/man3/EVP_PKEY_CTX_get0_libctx.3]=man3/EVP_PKEY_CTX_get0_libctx.pod -DEPEND[html/man3/EVP_PKEY_CTX_new.html]=man3/EVP_PKEY_CTX_new.pod -GENERATE[html/man3/EVP_PKEY_CTX_new.html]=man3/EVP_PKEY_CTX_new.pod -DEPEND[man/man3/EVP_PKEY_CTX_new.3]=man3/EVP_PKEY_CTX_new.pod -GENERATE[man/man3/EVP_PKEY_CTX_new.3]=man3/EVP_PKEY_CTX_new.pod -DEPEND[html/man3/EVP_PKEY_CTX_set1_pbe_pass.html]=man3/EVP_PKEY_CTX_set1_pbe_pass.pod -GENERATE[html/man3/EVP_PKEY_CTX_set1_pbe_pass.html]=man3/EVP_PKEY_CTX_set1_pbe_pass.pod -DEPEND[man/man3/EVP_PKEY_CTX_set1_pbe_pass.3]=man3/EVP_PKEY_CTX_set1_pbe_pass.pod -GENERATE[man/man3/EVP_PKEY_CTX_set1_pbe_pass.3]=man3/EVP_PKEY_CTX_set1_pbe_pass.pod -DEPEND[html/man3/EVP_PKEY_CTX_set_hkdf_md.html]=man3/EVP_PKEY_CTX_set_hkdf_md.pod -GENERATE[html/man3/EVP_PKEY_CTX_set_hkdf_md.html]=man3/EVP_PKEY_CTX_set_hkdf_md.pod -DEPEND[man/man3/EVP_PKEY_CTX_set_hkdf_md.3]=man3/EVP_PKEY_CTX_set_hkdf_md.pod -GENERATE[man/man3/EVP_PKEY_CTX_set_hkdf_md.3]=man3/EVP_PKEY_CTX_set_hkdf_md.pod -DEPEND[html/man3/EVP_PKEY_CTX_set_params.html]=man3/EVP_PKEY_CTX_set_params.pod -GENERATE[html/man3/EVP_PKEY_CTX_set_params.html]=man3/EVP_PKEY_CTX_set_params.pod -DEPEND[man/man3/EVP_PKEY_CTX_set_params.3]=man3/EVP_PKEY_CTX_set_params.pod -GENERATE[man/man3/EVP_PKEY_CTX_set_params.3]=man3/EVP_PKEY_CTX_set_params.pod -DEPEND[html/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.html]=man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.pod -GENERATE[html/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.html]=man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.pod -DEPEND[man/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3]=man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.pod -GENERATE[man/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3]=man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.pod -DEPEND[html/man3/EVP_PKEY_CTX_set_scrypt_N.html]=man3/EVP_PKEY_CTX_set_scrypt_N.pod -GENERATE[html/man3/EVP_PKEY_CTX_set_scrypt_N.html]=man3/EVP_PKEY_CTX_set_scrypt_N.pod -DEPEND[man/man3/EVP_PKEY_CTX_set_scrypt_N.3]=man3/EVP_PKEY_CTX_set_scrypt_N.pod -GENERATE[man/man3/EVP_PKEY_CTX_set_scrypt_N.3]=man3/EVP_PKEY_CTX_set_scrypt_N.pod -DEPEND[html/man3/EVP_PKEY_CTX_set_tls1_prf_md.html]=man3/EVP_PKEY_CTX_set_tls1_prf_md.pod -GENERATE[html/man3/EVP_PKEY_CTX_set_tls1_prf_md.html]=man3/EVP_PKEY_CTX_set_tls1_prf_md.pod -DEPEND[man/man3/EVP_PKEY_CTX_set_tls1_prf_md.3]=man3/EVP_PKEY_CTX_set_tls1_prf_md.pod -GENERATE[man/man3/EVP_PKEY_CTX_set_tls1_prf_md.3]=man3/EVP_PKEY_CTX_set_tls1_prf_md.pod -DEPEND[html/man3/EVP_PKEY_asn1_get_count.html]=man3/EVP_PKEY_asn1_get_count.pod -GENERATE[html/man3/EVP_PKEY_asn1_get_count.html]=man3/EVP_PKEY_asn1_get_count.pod -DEPEND[man/man3/EVP_PKEY_asn1_get_count.3]=man3/EVP_PKEY_asn1_get_count.pod -GENERATE[man/man3/EVP_PKEY_asn1_get_count.3]=man3/EVP_PKEY_asn1_get_count.pod -DEPEND[html/man3/EVP_PKEY_check.html]=man3/EVP_PKEY_check.pod -GENERATE[html/man3/EVP_PKEY_check.html]=man3/EVP_PKEY_check.pod -DEPEND[man/man3/EVP_PKEY_check.3]=man3/EVP_PKEY_check.pod -GENERATE[man/man3/EVP_PKEY_check.3]=man3/EVP_PKEY_check.pod -DEPEND[html/man3/EVP_PKEY_copy_parameters.html]=man3/EVP_PKEY_copy_parameters.pod -GENERATE[html/man3/EVP_PKEY_copy_parameters.html]=man3/EVP_PKEY_copy_parameters.pod -DEPEND[man/man3/EVP_PKEY_copy_parameters.3]=man3/EVP_PKEY_copy_parameters.pod -GENERATE[man/man3/EVP_PKEY_copy_parameters.3]=man3/EVP_PKEY_copy_parameters.pod -DEPEND[html/man3/EVP_PKEY_decapsulate.html]=man3/EVP_PKEY_decapsulate.pod -GENERATE[html/man3/EVP_PKEY_decapsulate.html]=man3/EVP_PKEY_decapsulate.pod -DEPEND[man/man3/EVP_PKEY_decapsulate.3]=man3/EVP_PKEY_decapsulate.pod -GENERATE[man/man3/EVP_PKEY_decapsulate.3]=man3/EVP_PKEY_decapsulate.pod -DEPEND[html/man3/EVP_PKEY_decrypt.html]=man3/EVP_PKEY_decrypt.pod -GENERATE[html/man3/EVP_PKEY_decrypt.html]=man3/EVP_PKEY_decrypt.pod -DEPEND[man/man3/EVP_PKEY_decrypt.3]=man3/EVP_PKEY_decrypt.pod -GENERATE[man/man3/EVP_PKEY_decrypt.3]=man3/EVP_PKEY_decrypt.pod -DEPEND[html/man3/EVP_PKEY_derive.html]=man3/EVP_PKEY_derive.pod -GENERATE[html/man3/EVP_PKEY_derive.html]=man3/EVP_PKEY_derive.pod -DEPEND[man/man3/EVP_PKEY_derive.3]=man3/EVP_PKEY_derive.pod -GENERATE[man/man3/EVP_PKEY_derive.3]=man3/EVP_PKEY_derive.pod -DEPEND[html/man3/EVP_PKEY_digestsign_supports_digest.html]=man3/EVP_PKEY_digestsign_supports_digest.pod -GENERATE[html/man3/EVP_PKEY_digestsign_supports_digest.html]=man3/EVP_PKEY_digestsign_supports_digest.pod -DEPEND[man/man3/EVP_PKEY_digestsign_supports_digest.3]=man3/EVP_PKEY_digestsign_supports_digest.pod -GENERATE[man/man3/EVP_PKEY_digestsign_supports_digest.3]=man3/EVP_PKEY_digestsign_supports_digest.pod -DEPEND[html/man3/EVP_PKEY_encapsulate.html]=man3/EVP_PKEY_encapsulate.pod -GENERATE[html/man3/EVP_PKEY_encapsulate.html]=man3/EVP_PKEY_encapsulate.pod -DEPEND[man/man3/EVP_PKEY_encapsulate.3]=man3/EVP_PKEY_encapsulate.pod -GENERATE[man/man3/EVP_PKEY_encapsulate.3]=man3/EVP_PKEY_encapsulate.pod -DEPEND[html/man3/EVP_PKEY_encrypt.html]=man3/EVP_PKEY_encrypt.pod -GENERATE[html/man3/EVP_PKEY_encrypt.html]=man3/EVP_PKEY_encrypt.pod -DEPEND[man/man3/EVP_PKEY_encrypt.3]=man3/EVP_PKEY_encrypt.pod -GENERATE[man/man3/EVP_PKEY_encrypt.3]=man3/EVP_PKEY_encrypt.pod -DEPEND[html/man3/EVP_PKEY_fromdata.html]=man3/EVP_PKEY_fromdata.pod -GENERATE[html/man3/EVP_PKEY_fromdata.html]=man3/EVP_PKEY_fromdata.pod -DEPEND[man/man3/EVP_PKEY_fromdata.3]=man3/EVP_PKEY_fromdata.pod -GENERATE[man/man3/EVP_PKEY_fromdata.3]=man3/EVP_PKEY_fromdata.pod -DEPEND[html/man3/EVP_PKEY_get_default_digest_nid.html]=man3/EVP_PKEY_get_default_digest_nid.pod -GENERATE[html/man3/EVP_PKEY_get_default_digest_nid.html]=man3/EVP_PKEY_get_default_digest_nid.pod -DEPEND[man/man3/EVP_PKEY_get_default_digest_nid.3]=man3/EVP_PKEY_get_default_digest_nid.pod -GENERATE[man/man3/EVP_PKEY_get_default_digest_nid.3]=man3/EVP_PKEY_get_default_digest_nid.pod -DEPEND[html/man3/EVP_PKEY_get_field_type.html]=man3/EVP_PKEY_get_field_type.pod -GENERATE[html/man3/EVP_PKEY_get_field_type.html]=man3/EVP_PKEY_get_field_type.pod -DEPEND[man/man3/EVP_PKEY_get_field_type.3]=man3/EVP_PKEY_get_field_type.pod -GENERATE[man/man3/EVP_PKEY_get_field_type.3]=man3/EVP_PKEY_get_field_type.pod -DEPEND[html/man3/EVP_PKEY_get_group_name.html]=man3/EVP_PKEY_get_group_name.pod -GENERATE[html/man3/EVP_PKEY_get_group_name.html]=man3/EVP_PKEY_get_group_name.pod -DEPEND[man/man3/EVP_PKEY_get_group_name.3]=man3/EVP_PKEY_get_group_name.pod -GENERATE[man/man3/EVP_PKEY_get_group_name.3]=man3/EVP_PKEY_get_group_name.pod -DEPEND[html/man3/EVP_PKEY_get_size.html]=man3/EVP_PKEY_get_size.pod -GENERATE[html/man3/EVP_PKEY_get_size.html]=man3/EVP_PKEY_get_size.pod -DEPEND[man/man3/EVP_PKEY_get_size.3]=man3/EVP_PKEY_get_size.pod -GENERATE[man/man3/EVP_PKEY_get_size.3]=man3/EVP_PKEY_get_size.pod -DEPEND[html/man3/EVP_PKEY_gettable_params.html]=man3/EVP_PKEY_gettable_params.pod -GENERATE[html/man3/EVP_PKEY_gettable_params.html]=man3/EVP_PKEY_gettable_params.pod -DEPEND[man/man3/EVP_PKEY_gettable_params.3]=man3/EVP_PKEY_gettable_params.pod -GENERATE[man/man3/EVP_PKEY_gettable_params.3]=man3/EVP_PKEY_gettable_params.pod -DEPEND[html/man3/EVP_PKEY_is_a.html]=man3/EVP_PKEY_is_a.pod -GENERATE[html/man3/EVP_PKEY_is_a.html]=man3/EVP_PKEY_is_a.pod -DEPEND[man/man3/EVP_PKEY_is_a.3]=man3/EVP_PKEY_is_a.pod -GENERATE[man/man3/EVP_PKEY_is_a.3]=man3/EVP_PKEY_is_a.pod -DEPEND[html/man3/EVP_PKEY_keygen.html]=man3/EVP_PKEY_keygen.pod -GENERATE[html/man3/EVP_PKEY_keygen.html]=man3/EVP_PKEY_keygen.pod -DEPEND[man/man3/EVP_PKEY_keygen.3]=man3/EVP_PKEY_keygen.pod -GENERATE[man/man3/EVP_PKEY_keygen.3]=man3/EVP_PKEY_keygen.pod -DEPEND[html/man3/EVP_PKEY_meth_get_count.html]=man3/EVP_PKEY_meth_get_count.pod -GENERATE[html/man3/EVP_PKEY_meth_get_count.html]=man3/EVP_PKEY_meth_get_count.pod -DEPEND[man/man3/EVP_PKEY_meth_get_count.3]=man3/EVP_PKEY_meth_get_count.pod -GENERATE[man/man3/EVP_PKEY_meth_get_count.3]=man3/EVP_PKEY_meth_get_count.pod -DEPEND[html/man3/EVP_PKEY_meth_new.html]=man3/EVP_PKEY_meth_new.pod -GENERATE[html/man3/EVP_PKEY_meth_new.html]=man3/EVP_PKEY_meth_new.pod -DEPEND[man/man3/EVP_PKEY_meth_new.3]=man3/EVP_PKEY_meth_new.pod -GENERATE[man/man3/EVP_PKEY_meth_new.3]=man3/EVP_PKEY_meth_new.pod -DEPEND[html/man3/EVP_PKEY_new.html]=man3/EVP_PKEY_new.pod -GENERATE[html/man3/EVP_PKEY_new.html]=man3/EVP_PKEY_new.pod -DEPEND[man/man3/EVP_PKEY_new.3]=man3/EVP_PKEY_new.pod -GENERATE[man/man3/EVP_PKEY_new.3]=man3/EVP_PKEY_new.pod -DEPEND[html/man3/EVP_PKEY_print_private.html]=man3/EVP_PKEY_print_private.pod -GENERATE[html/man3/EVP_PKEY_print_private.html]=man3/EVP_PKEY_print_private.pod -DEPEND[man/man3/EVP_PKEY_print_private.3]=man3/EVP_PKEY_print_private.pod -GENERATE[man/man3/EVP_PKEY_print_private.3]=man3/EVP_PKEY_print_private.pod -DEPEND[html/man3/EVP_PKEY_set1_RSA.html]=man3/EVP_PKEY_set1_RSA.pod -GENERATE[html/man3/EVP_PKEY_set1_RSA.html]=man3/EVP_PKEY_set1_RSA.pod -DEPEND[man/man3/EVP_PKEY_set1_RSA.3]=man3/EVP_PKEY_set1_RSA.pod -GENERATE[man/man3/EVP_PKEY_set1_RSA.3]=man3/EVP_PKEY_set1_RSA.pod -DEPEND[html/man3/EVP_PKEY_set1_encoded_public_key.html]=man3/EVP_PKEY_set1_encoded_public_key.pod -GENERATE[html/man3/EVP_PKEY_set1_encoded_public_key.html]=man3/EVP_PKEY_set1_encoded_public_key.pod -DEPEND[man/man3/EVP_PKEY_set1_encoded_public_key.3]=man3/EVP_PKEY_set1_encoded_public_key.pod -GENERATE[man/man3/EVP_PKEY_set1_encoded_public_key.3]=man3/EVP_PKEY_set1_encoded_public_key.pod -DEPEND[html/man3/EVP_PKEY_set_type.html]=man3/EVP_PKEY_set_type.pod -GENERATE[html/man3/EVP_PKEY_set_type.html]=man3/EVP_PKEY_set_type.pod -DEPEND[man/man3/EVP_PKEY_set_type.3]=man3/EVP_PKEY_set_type.pod -GENERATE[man/man3/EVP_PKEY_set_type.3]=man3/EVP_PKEY_set_type.pod -DEPEND[html/man3/EVP_PKEY_settable_params.html]=man3/EVP_PKEY_settable_params.pod -GENERATE[html/man3/EVP_PKEY_settable_params.html]=man3/EVP_PKEY_settable_params.pod -DEPEND[man/man3/EVP_PKEY_settable_params.3]=man3/EVP_PKEY_settable_params.pod -GENERATE[man/man3/EVP_PKEY_settable_params.3]=man3/EVP_PKEY_settable_params.pod -DEPEND[html/man3/EVP_PKEY_sign.html]=man3/EVP_PKEY_sign.pod -GENERATE[html/man3/EVP_PKEY_sign.html]=man3/EVP_PKEY_sign.pod -DEPEND[man/man3/EVP_PKEY_sign.3]=man3/EVP_PKEY_sign.pod -GENERATE[man/man3/EVP_PKEY_sign.3]=man3/EVP_PKEY_sign.pod -DEPEND[html/man3/EVP_PKEY_todata.html]=man3/EVP_PKEY_todata.pod -GENERATE[html/man3/EVP_PKEY_todata.html]=man3/EVP_PKEY_todata.pod -DEPEND[man/man3/EVP_PKEY_todata.3]=man3/EVP_PKEY_todata.pod -GENERATE[man/man3/EVP_PKEY_todata.3]=man3/EVP_PKEY_todata.pod -DEPEND[html/man3/EVP_PKEY_verify.html]=man3/EVP_PKEY_verify.pod -GENERATE[html/man3/EVP_PKEY_verify.html]=man3/EVP_PKEY_verify.pod -DEPEND[man/man3/EVP_PKEY_verify.3]=man3/EVP_PKEY_verify.pod -GENERATE[man/man3/EVP_PKEY_verify.3]=man3/EVP_PKEY_verify.pod -DEPEND[html/man3/EVP_PKEY_verify_recover.html]=man3/EVP_PKEY_verify_recover.pod -GENERATE[html/man3/EVP_PKEY_verify_recover.html]=man3/EVP_PKEY_verify_recover.pod -DEPEND[man/man3/EVP_PKEY_verify_recover.3]=man3/EVP_PKEY_verify_recover.pod -GENERATE[man/man3/EVP_PKEY_verify_recover.3]=man3/EVP_PKEY_verify_recover.pod -DEPEND[html/man3/EVP_RAND.html]=man3/EVP_RAND.pod -GENERATE[html/man3/EVP_RAND.html]=man3/EVP_RAND.pod -DEPEND[man/man3/EVP_RAND.3]=man3/EVP_RAND.pod -GENERATE[man/man3/EVP_RAND.3]=man3/EVP_RAND.pod -DEPEND[html/man3/EVP_SIGNATURE.html]=man3/EVP_SIGNATURE.pod -GENERATE[html/man3/EVP_SIGNATURE.html]=man3/EVP_SIGNATURE.pod -DEPEND[man/man3/EVP_SIGNATURE.3]=man3/EVP_SIGNATURE.pod -GENERATE[man/man3/EVP_SIGNATURE.3]=man3/EVP_SIGNATURE.pod -DEPEND[html/man3/EVP_SealInit.html]=man3/EVP_SealInit.pod -GENERATE[html/man3/EVP_SealInit.html]=man3/EVP_SealInit.pod -DEPEND[man/man3/EVP_SealInit.3]=man3/EVP_SealInit.pod -GENERATE[man/man3/EVP_SealInit.3]=man3/EVP_SealInit.pod -DEPEND[html/man3/EVP_SignInit.html]=man3/EVP_SignInit.pod -GENERATE[html/man3/EVP_SignInit.html]=man3/EVP_SignInit.pod -DEPEND[man/man3/EVP_SignInit.3]=man3/EVP_SignInit.pod -GENERATE[man/man3/EVP_SignInit.3]=man3/EVP_SignInit.pod -DEPEND[html/man3/EVP_VerifyInit.html]=man3/EVP_VerifyInit.pod -GENERATE[html/man3/EVP_VerifyInit.html]=man3/EVP_VerifyInit.pod -DEPEND[man/man3/EVP_VerifyInit.3]=man3/EVP_VerifyInit.pod -GENERATE[man/man3/EVP_VerifyInit.3]=man3/EVP_VerifyInit.pod -DEPEND[html/man3/EVP_aes_128_gcm.html]=man3/EVP_aes_128_gcm.pod -GENERATE[html/man3/EVP_aes_128_gcm.html]=man3/EVP_aes_128_gcm.pod -DEPEND[man/man3/EVP_aes_128_gcm.3]=man3/EVP_aes_128_gcm.pod -GENERATE[man/man3/EVP_aes_128_gcm.3]=man3/EVP_aes_128_gcm.pod -DEPEND[html/man3/EVP_aria_128_gcm.html]=man3/EVP_aria_128_gcm.pod -GENERATE[html/man3/EVP_aria_128_gcm.html]=man3/EVP_aria_128_gcm.pod -DEPEND[man/man3/EVP_aria_128_gcm.3]=man3/EVP_aria_128_gcm.pod -GENERATE[man/man3/EVP_aria_128_gcm.3]=man3/EVP_aria_128_gcm.pod -DEPEND[html/man3/EVP_bf_cbc.html]=man3/EVP_bf_cbc.pod -GENERATE[html/man3/EVP_bf_cbc.html]=man3/EVP_bf_cbc.pod -DEPEND[man/man3/EVP_bf_cbc.3]=man3/EVP_bf_cbc.pod -GENERATE[man/man3/EVP_bf_cbc.3]=man3/EVP_bf_cbc.pod -DEPEND[html/man3/EVP_blake2b512.html]=man3/EVP_blake2b512.pod -GENERATE[html/man3/EVP_blake2b512.html]=man3/EVP_blake2b512.pod -DEPEND[man/man3/EVP_blake2b512.3]=man3/EVP_blake2b512.pod -GENERATE[man/man3/EVP_blake2b512.3]=man3/EVP_blake2b512.pod -DEPEND[html/man3/EVP_camellia_128_ecb.html]=man3/EVP_camellia_128_ecb.pod -GENERATE[html/man3/EVP_camellia_128_ecb.html]=man3/EVP_camellia_128_ecb.pod -DEPEND[man/man3/EVP_camellia_128_ecb.3]=man3/EVP_camellia_128_ecb.pod -GENERATE[man/man3/EVP_camellia_128_ecb.3]=man3/EVP_camellia_128_ecb.pod -DEPEND[html/man3/EVP_cast5_cbc.html]=man3/EVP_cast5_cbc.pod -GENERATE[html/man3/EVP_cast5_cbc.html]=man3/EVP_cast5_cbc.pod -DEPEND[man/man3/EVP_cast5_cbc.3]=man3/EVP_cast5_cbc.pod -GENERATE[man/man3/EVP_cast5_cbc.3]=man3/EVP_cast5_cbc.pod -DEPEND[html/man3/EVP_chacha20.html]=man3/EVP_chacha20.pod -GENERATE[html/man3/EVP_chacha20.html]=man3/EVP_chacha20.pod -DEPEND[man/man3/EVP_chacha20.3]=man3/EVP_chacha20.pod -GENERATE[man/man3/EVP_chacha20.3]=man3/EVP_chacha20.pod -DEPEND[html/man3/EVP_des_cbc.html]=man3/EVP_des_cbc.pod -GENERATE[html/man3/EVP_des_cbc.html]=man3/EVP_des_cbc.pod -DEPEND[man/man3/EVP_des_cbc.3]=man3/EVP_des_cbc.pod -GENERATE[man/man3/EVP_des_cbc.3]=man3/EVP_des_cbc.pod -DEPEND[html/man3/EVP_desx_cbc.html]=man3/EVP_desx_cbc.pod -GENERATE[html/man3/EVP_desx_cbc.html]=man3/EVP_desx_cbc.pod -DEPEND[man/man3/EVP_desx_cbc.3]=man3/EVP_desx_cbc.pod -GENERATE[man/man3/EVP_desx_cbc.3]=man3/EVP_desx_cbc.pod -DEPEND[html/man3/EVP_idea_cbc.html]=man3/EVP_idea_cbc.pod -GENERATE[html/man3/EVP_idea_cbc.html]=man3/EVP_idea_cbc.pod -DEPEND[man/man3/EVP_idea_cbc.3]=man3/EVP_idea_cbc.pod -GENERATE[man/man3/EVP_idea_cbc.3]=man3/EVP_idea_cbc.pod -DEPEND[html/man3/EVP_md2.html]=man3/EVP_md2.pod -GENERATE[html/man3/EVP_md2.html]=man3/EVP_md2.pod -DEPEND[man/man3/EVP_md2.3]=man3/EVP_md2.pod -GENERATE[man/man3/EVP_md2.3]=man3/EVP_md2.pod -DEPEND[html/man3/EVP_md4.html]=man3/EVP_md4.pod -GENERATE[html/man3/EVP_md4.html]=man3/EVP_md4.pod -DEPEND[man/man3/EVP_md4.3]=man3/EVP_md4.pod -GENERATE[man/man3/EVP_md4.3]=man3/EVP_md4.pod -DEPEND[html/man3/EVP_md5.html]=man3/EVP_md5.pod -GENERATE[html/man3/EVP_md5.html]=man3/EVP_md5.pod -DEPEND[man/man3/EVP_md5.3]=man3/EVP_md5.pod -GENERATE[man/man3/EVP_md5.3]=man3/EVP_md5.pod -DEPEND[html/man3/EVP_mdc2.html]=man3/EVP_mdc2.pod -GENERATE[html/man3/EVP_mdc2.html]=man3/EVP_mdc2.pod -DEPEND[man/man3/EVP_mdc2.3]=man3/EVP_mdc2.pod -GENERATE[man/man3/EVP_mdc2.3]=man3/EVP_mdc2.pod -DEPEND[html/man3/EVP_rc2_cbc.html]=man3/EVP_rc2_cbc.pod -GENERATE[html/man3/EVP_rc2_cbc.html]=man3/EVP_rc2_cbc.pod -DEPEND[man/man3/EVP_rc2_cbc.3]=man3/EVP_rc2_cbc.pod -GENERATE[man/man3/EVP_rc2_cbc.3]=man3/EVP_rc2_cbc.pod -DEPEND[html/man3/EVP_rc4.html]=man3/EVP_rc4.pod -GENERATE[html/man3/EVP_rc4.html]=man3/EVP_rc4.pod -DEPEND[man/man3/EVP_rc4.3]=man3/EVP_rc4.pod -GENERATE[man/man3/EVP_rc4.3]=man3/EVP_rc4.pod -DEPEND[html/man3/EVP_rc5_32_12_16_cbc.html]=man3/EVP_rc5_32_12_16_cbc.pod -GENERATE[html/man3/EVP_rc5_32_12_16_cbc.html]=man3/EVP_rc5_32_12_16_cbc.pod -DEPEND[man/man3/EVP_rc5_32_12_16_cbc.3]=man3/EVP_rc5_32_12_16_cbc.pod -GENERATE[man/man3/EVP_rc5_32_12_16_cbc.3]=man3/EVP_rc5_32_12_16_cbc.pod -DEPEND[html/man3/EVP_ripemd160.html]=man3/EVP_ripemd160.pod -GENERATE[html/man3/EVP_ripemd160.html]=man3/EVP_ripemd160.pod -DEPEND[man/man3/EVP_ripemd160.3]=man3/EVP_ripemd160.pod -GENERATE[man/man3/EVP_ripemd160.3]=man3/EVP_ripemd160.pod -DEPEND[html/man3/EVP_seed_cbc.html]=man3/EVP_seed_cbc.pod -GENERATE[html/man3/EVP_seed_cbc.html]=man3/EVP_seed_cbc.pod -DEPEND[man/man3/EVP_seed_cbc.3]=man3/EVP_seed_cbc.pod -GENERATE[man/man3/EVP_seed_cbc.3]=man3/EVP_seed_cbc.pod -DEPEND[html/man3/EVP_set_default_properties.html]=man3/EVP_set_default_properties.pod -GENERATE[html/man3/EVP_set_default_properties.html]=man3/EVP_set_default_properties.pod -DEPEND[man/man3/EVP_set_default_properties.3]=man3/EVP_set_default_properties.pod -GENERATE[man/man3/EVP_set_default_properties.3]=man3/EVP_set_default_properties.pod -DEPEND[html/man3/EVP_sha1.html]=man3/EVP_sha1.pod -GENERATE[html/man3/EVP_sha1.html]=man3/EVP_sha1.pod -DEPEND[man/man3/EVP_sha1.3]=man3/EVP_sha1.pod -GENERATE[man/man3/EVP_sha1.3]=man3/EVP_sha1.pod -DEPEND[html/man3/EVP_sha224.html]=man3/EVP_sha224.pod -GENERATE[html/man3/EVP_sha224.html]=man3/EVP_sha224.pod -DEPEND[man/man3/EVP_sha224.3]=man3/EVP_sha224.pod -GENERATE[man/man3/EVP_sha224.3]=man3/EVP_sha224.pod -DEPEND[html/man3/EVP_sha3_224.html]=man3/EVP_sha3_224.pod -GENERATE[html/man3/EVP_sha3_224.html]=man3/EVP_sha3_224.pod -DEPEND[man/man3/EVP_sha3_224.3]=man3/EVP_sha3_224.pod -GENERATE[man/man3/EVP_sha3_224.3]=man3/EVP_sha3_224.pod -DEPEND[html/man3/EVP_sm3.html]=man3/EVP_sm3.pod -GENERATE[html/man3/EVP_sm3.html]=man3/EVP_sm3.pod -DEPEND[man/man3/EVP_sm3.3]=man3/EVP_sm3.pod -GENERATE[man/man3/EVP_sm3.3]=man3/EVP_sm3.pod -DEPEND[html/man3/EVP_sm4_cbc.html]=man3/EVP_sm4_cbc.pod -GENERATE[html/man3/EVP_sm4_cbc.html]=man3/EVP_sm4_cbc.pod -DEPEND[man/man3/EVP_sm4_cbc.3]=man3/EVP_sm4_cbc.pod -GENERATE[man/man3/EVP_sm4_cbc.3]=man3/EVP_sm4_cbc.pod -DEPEND[html/man3/EVP_whirlpool.html]=man3/EVP_whirlpool.pod -GENERATE[html/man3/EVP_whirlpool.html]=man3/EVP_whirlpool.pod -DEPEND[man/man3/EVP_whirlpool.3]=man3/EVP_whirlpool.pod -GENERATE[man/man3/EVP_whirlpool.3]=man3/EVP_whirlpool.pod -DEPEND[html/man3/HMAC.html]=man3/HMAC.pod -GENERATE[html/man3/HMAC.html]=man3/HMAC.pod -DEPEND[man/man3/HMAC.3]=man3/HMAC.pod -GENERATE[man/man3/HMAC.3]=man3/HMAC.pod -DEPEND[html/man3/MD5.html]=man3/MD5.pod -GENERATE[html/man3/MD5.html]=man3/MD5.pod -DEPEND[man/man3/MD5.3]=man3/MD5.pod -GENERATE[man/man3/MD5.3]=man3/MD5.pod -DEPEND[html/man3/MDC2_Init.html]=man3/MDC2_Init.pod -GENERATE[html/man3/MDC2_Init.html]=man3/MDC2_Init.pod -DEPEND[man/man3/MDC2_Init.3]=man3/MDC2_Init.pod -GENERATE[man/man3/MDC2_Init.3]=man3/MDC2_Init.pod -DEPEND[html/man3/NCONF_new_ex.html]=man3/NCONF_new_ex.pod -GENERATE[html/man3/NCONF_new_ex.html]=man3/NCONF_new_ex.pod -DEPEND[man/man3/NCONF_new_ex.3]=man3/NCONF_new_ex.pod -GENERATE[man/man3/NCONF_new_ex.3]=man3/NCONF_new_ex.pod -DEPEND[html/man3/OBJ_nid2obj.html]=man3/OBJ_nid2obj.pod -GENERATE[html/man3/OBJ_nid2obj.html]=man3/OBJ_nid2obj.pod -DEPEND[man/man3/OBJ_nid2obj.3]=man3/OBJ_nid2obj.pod -GENERATE[man/man3/OBJ_nid2obj.3]=man3/OBJ_nid2obj.pod -DEPEND[html/man3/OCSP_REQUEST_new.html]=man3/OCSP_REQUEST_new.pod -GENERATE[html/man3/OCSP_REQUEST_new.html]=man3/OCSP_REQUEST_new.pod -DEPEND[man/man3/OCSP_REQUEST_new.3]=man3/OCSP_REQUEST_new.pod -GENERATE[man/man3/OCSP_REQUEST_new.3]=man3/OCSP_REQUEST_new.pod -DEPEND[html/man3/OCSP_cert_to_id.html]=man3/OCSP_cert_to_id.pod -GENERATE[html/man3/OCSP_cert_to_id.html]=man3/OCSP_cert_to_id.pod -DEPEND[man/man3/OCSP_cert_to_id.3]=man3/OCSP_cert_to_id.pod -GENERATE[man/man3/OCSP_cert_to_id.3]=man3/OCSP_cert_to_id.pod -DEPEND[html/man3/OCSP_request_add1_nonce.html]=man3/OCSP_request_add1_nonce.pod -GENERATE[html/man3/OCSP_request_add1_nonce.html]=man3/OCSP_request_add1_nonce.pod -DEPEND[man/man3/OCSP_request_add1_nonce.3]=man3/OCSP_request_add1_nonce.pod -GENERATE[man/man3/OCSP_request_add1_nonce.3]=man3/OCSP_request_add1_nonce.pod -DEPEND[html/man3/OCSP_resp_find_status.html]=man3/OCSP_resp_find_status.pod -GENERATE[html/man3/OCSP_resp_find_status.html]=man3/OCSP_resp_find_status.pod -DEPEND[man/man3/OCSP_resp_find_status.3]=man3/OCSP_resp_find_status.pod -GENERATE[man/man3/OCSP_resp_find_status.3]=man3/OCSP_resp_find_status.pod -DEPEND[html/man3/OCSP_response_status.html]=man3/OCSP_response_status.pod -GENERATE[html/man3/OCSP_response_status.html]=man3/OCSP_response_status.pod -DEPEND[man/man3/OCSP_response_status.3]=man3/OCSP_response_status.pod -GENERATE[man/man3/OCSP_response_status.3]=man3/OCSP_response_status.pod -DEPEND[html/man3/OCSP_sendreq_new.html]=man3/OCSP_sendreq_new.pod -GENERATE[html/man3/OCSP_sendreq_new.html]=man3/OCSP_sendreq_new.pod -DEPEND[man/man3/OCSP_sendreq_new.3]=man3/OCSP_sendreq_new.pod -GENERATE[man/man3/OCSP_sendreq_new.3]=man3/OCSP_sendreq_new.pod -DEPEND[html/man3/OPENSSL_Applink.html]=man3/OPENSSL_Applink.pod -GENERATE[html/man3/OPENSSL_Applink.html]=man3/OPENSSL_Applink.pod -DEPEND[man/man3/OPENSSL_Applink.3]=man3/OPENSSL_Applink.pod -GENERATE[man/man3/OPENSSL_Applink.3]=man3/OPENSSL_Applink.pod -DEPEND[html/man3/OPENSSL_FILE.html]=man3/OPENSSL_FILE.pod -GENERATE[html/man3/OPENSSL_FILE.html]=man3/OPENSSL_FILE.pod -DEPEND[man/man3/OPENSSL_FILE.3]=man3/OPENSSL_FILE.pod -GENERATE[man/man3/OPENSSL_FILE.3]=man3/OPENSSL_FILE.pod -DEPEND[html/man3/OPENSSL_LH_COMPFUNC.html]=man3/OPENSSL_LH_COMPFUNC.pod -GENERATE[html/man3/OPENSSL_LH_COMPFUNC.html]=man3/OPENSSL_LH_COMPFUNC.pod -DEPEND[man/man3/OPENSSL_LH_COMPFUNC.3]=man3/OPENSSL_LH_COMPFUNC.pod -GENERATE[man/man3/OPENSSL_LH_COMPFUNC.3]=man3/OPENSSL_LH_COMPFUNC.pod -DEPEND[html/man3/OPENSSL_LH_stats.html]=man3/OPENSSL_LH_stats.pod -GENERATE[html/man3/OPENSSL_LH_stats.html]=man3/OPENSSL_LH_stats.pod -DEPEND[man/man3/OPENSSL_LH_stats.3]=man3/OPENSSL_LH_stats.pod -GENERATE[man/man3/OPENSSL_LH_stats.3]=man3/OPENSSL_LH_stats.pod -DEPEND[html/man3/OPENSSL_config.html]=man3/OPENSSL_config.pod -GENERATE[html/man3/OPENSSL_config.html]=man3/OPENSSL_config.pod -DEPEND[man/man3/OPENSSL_config.3]=man3/OPENSSL_config.pod -GENERATE[man/man3/OPENSSL_config.3]=man3/OPENSSL_config.pod -DEPEND[html/man3/OPENSSL_fork_prepare.html]=man3/OPENSSL_fork_prepare.pod -GENERATE[html/man3/OPENSSL_fork_prepare.html]=man3/OPENSSL_fork_prepare.pod -DEPEND[man/man3/OPENSSL_fork_prepare.3]=man3/OPENSSL_fork_prepare.pod -GENERATE[man/man3/OPENSSL_fork_prepare.3]=man3/OPENSSL_fork_prepare.pod -DEPEND[html/man3/OPENSSL_gmtime.html]=man3/OPENSSL_gmtime.pod -GENERATE[html/man3/OPENSSL_gmtime.html]=man3/OPENSSL_gmtime.pod -DEPEND[man/man3/OPENSSL_gmtime.3]=man3/OPENSSL_gmtime.pod -GENERATE[man/man3/OPENSSL_gmtime.3]=man3/OPENSSL_gmtime.pod -DEPEND[html/man3/OPENSSL_hexchar2int.html]=man3/OPENSSL_hexchar2int.pod -GENERATE[html/man3/OPENSSL_hexchar2int.html]=man3/OPENSSL_hexchar2int.pod -DEPEND[man/man3/OPENSSL_hexchar2int.3]=man3/OPENSSL_hexchar2int.pod -GENERATE[man/man3/OPENSSL_hexchar2int.3]=man3/OPENSSL_hexchar2int.pod -DEPEND[html/man3/OPENSSL_ia32cap.html]=man3/OPENSSL_ia32cap.pod -GENERATE[html/man3/OPENSSL_ia32cap.html]=man3/OPENSSL_ia32cap.pod -DEPEND[man/man3/OPENSSL_ia32cap.3]=man3/OPENSSL_ia32cap.pod -GENERATE[man/man3/OPENSSL_ia32cap.3]=man3/OPENSSL_ia32cap.pod -DEPEND[html/man3/OPENSSL_init_crypto.html]=man3/OPENSSL_init_crypto.pod -GENERATE[html/man3/OPENSSL_init_crypto.html]=man3/OPENSSL_init_crypto.pod -DEPEND[man/man3/OPENSSL_init_crypto.3]=man3/OPENSSL_init_crypto.pod -GENERATE[man/man3/OPENSSL_init_crypto.3]=man3/OPENSSL_init_crypto.pod -DEPEND[html/man3/OPENSSL_init_ssl.html]=man3/OPENSSL_init_ssl.pod -GENERATE[html/man3/OPENSSL_init_ssl.html]=man3/OPENSSL_init_ssl.pod -DEPEND[man/man3/OPENSSL_init_ssl.3]=man3/OPENSSL_init_ssl.pod -GENERATE[man/man3/OPENSSL_init_ssl.3]=man3/OPENSSL_init_ssl.pod -DEPEND[html/man3/OPENSSL_instrument_bus.html]=man3/OPENSSL_instrument_bus.pod -GENERATE[html/man3/OPENSSL_instrument_bus.html]=man3/OPENSSL_instrument_bus.pod -DEPEND[man/man3/OPENSSL_instrument_bus.3]=man3/OPENSSL_instrument_bus.pod -GENERATE[man/man3/OPENSSL_instrument_bus.3]=man3/OPENSSL_instrument_bus.pod -DEPEND[html/man3/OPENSSL_load_builtin_modules.html]=man3/OPENSSL_load_builtin_modules.pod -GENERATE[html/man3/OPENSSL_load_builtin_modules.html]=man3/OPENSSL_load_builtin_modules.pod -DEPEND[man/man3/OPENSSL_load_builtin_modules.3]=man3/OPENSSL_load_builtin_modules.pod -GENERATE[man/man3/OPENSSL_load_builtin_modules.3]=man3/OPENSSL_load_builtin_modules.pod -DEPEND[html/man3/OPENSSL_malloc.html]=man3/OPENSSL_malloc.pod -GENERATE[html/man3/OPENSSL_malloc.html]=man3/OPENSSL_malloc.pod -DEPEND[man/man3/OPENSSL_malloc.3]=man3/OPENSSL_malloc.pod -GENERATE[man/man3/OPENSSL_malloc.3]=man3/OPENSSL_malloc.pod -DEPEND[html/man3/OPENSSL_s390xcap.html]=man3/OPENSSL_s390xcap.pod -GENERATE[html/man3/OPENSSL_s390xcap.html]=man3/OPENSSL_s390xcap.pod -DEPEND[man/man3/OPENSSL_s390xcap.3]=man3/OPENSSL_s390xcap.pod -GENERATE[man/man3/OPENSSL_s390xcap.3]=man3/OPENSSL_s390xcap.pod -DEPEND[html/man3/OPENSSL_secure_malloc.html]=man3/OPENSSL_secure_malloc.pod -GENERATE[html/man3/OPENSSL_secure_malloc.html]=man3/OPENSSL_secure_malloc.pod -DEPEND[man/man3/OPENSSL_secure_malloc.3]=man3/OPENSSL_secure_malloc.pod -GENERATE[man/man3/OPENSSL_secure_malloc.3]=man3/OPENSSL_secure_malloc.pod -DEPEND[html/man3/OPENSSL_strcasecmp.html]=man3/OPENSSL_strcasecmp.pod -GENERATE[html/man3/OPENSSL_strcasecmp.html]=man3/OPENSSL_strcasecmp.pod -DEPEND[man/man3/OPENSSL_strcasecmp.3]=man3/OPENSSL_strcasecmp.pod -GENERATE[man/man3/OPENSSL_strcasecmp.3]=man3/OPENSSL_strcasecmp.pod -DEPEND[html/man3/OSSL_CMP_CTX_new.html]=man3/OSSL_CMP_CTX_new.pod -GENERATE[html/man3/OSSL_CMP_CTX_new.html]=man3/OSSL_CMP_CTX_new.pod -DEPEND[man/man3/OSSL_CMP_CTX_new.3]=man3/OSSL_CMP_CTX_new.pod -GENERATE[man/man3/OSSL_CMP_CTX_new.3]=man3/OSSL_CMP_CTX_new.pod -DEPEND[html/man3/OSSL_CMP_HDR_get0_transactionID.html]=man3/OSSL_CMP_HDR_get0_transactionID.pod -GENERATE[html/man3/OSSL_CMP_HDR_get0_transactionID.html]=man3/OSSL_CMP_HDR_get0_transactionID.pod -DEPEND[man/man3/OSSL_CMP_HDR_get0_transactionID.3]=man3/OSSL_CMP_HDR_get0_transactionID.pod -GENERATE[man/man3/OSSL_CMP_HDR_get0_transactionID.3]=man3/OSSL_CMP_HDR_get0_transactionID.pod -DEPEND[html/man3/OSSL_CMP_ITAV_set0.html]=man3/OSSL_CMP_ITAV_set0.pod -GENERATE[html/man3/OSSL_CMP_ITAV_set0.html]=man3/OSSL_CMP_ITAV_set0.pod -DEPEND[man/man3/OSSL_CMP_ITAV_set0.3]=man3/OSSL_CMP_ITAV_set0.pod -GENERATE[man/man3/OSSL_CMP_ITAV_set0.3]=man3/OSSL_CMP_ITAV_set0.pod -DEPEND[html/man3/OSSL_CMP_MSG_get0_header.html]=man3/OSSL_CMP_MSG_get0_header.pod -GENERATE[html/man3/OSSL_CMP_MSG_get0_header.html]=man3/OSSL_CMP_MSG_get0_header.pod -DEPEND[man/man3/OSSL_CMP_MSG_get0_header.3]=man3/OSSL_CMP_MSG_get0_header.pod -GENERATE[man/man3/OSSL_CMP_MSG_get0_header.3]=man3/OSSL_CMP_MSG_get0_header.pod -DEPEND[html/man3/OSSL_CMP_MSG_http_perform.html]=man3/OSSL_CMP_MSG_http_perform.pod -GENERATE[html/man3/OSSL_CMP_MSG_http_perform.html]=man3/OSSL_CMP_MSG_http_perform.pod -DEPEND[man/man3/OSSL_CMP_MSG_http_perform.3]=man3/OSSL_CMP_MSG_http_perform.pod -GENERATE[man/man3/OSSL_CMP_MSG_http_perform.3]=man3/OSSL_CMP_MSG_http_perform.pod -DEPEND[html/man3/OSSL_CMP_SRV_CTX_new.html]=man3/OSSL_CMP_SRV_CTX_new.pod -GENERATE[html/man3/OSSL_CMP_SRV_CTX_new.html]=man3/OSSL_CMP_SRV_CTX_new.pod -DEPEND[man/man3/OSSL_CMP_SRV_CTX_new.3]=man3/OSSL_CMP_SRV_CTX_new.pod -GENERATE[man/man3/OSSL_CMP_SRV_CTX_new.3]=man3/OSSL_CMP_SRV_CTX_new.pod -DEPEND[html/man3/OSSL_CMP_STATUSINFO_new.html]=man3/OSSL_CMP_STATUSINFO_new.pod -GENERATE[html/man3/OSSL_CMP_STATUSINFO_new.html]=man3/OSSL_CMP_STATUSINFO_new.pod -DEPEND[man/man3/OSSL_CMP_STATUSINFO_new.3]=man3/OSSL_CMP_STATUSINFO_new.pod -GENERATE[man/man3/OSSL_CMP_STATUSINFO_new.3]=man3/OSSL_CMP_STATUSINFO_new.pod -DEPEND[html/man3/OSSL_CMP_exec_certreq.html]=man3/OSSL_CMP_exec_certreq.pod -GENERATE[html/man3/OSSL_CMP_exec_certreq.html]=man3/OSSL_CMP_exec_certreq.pod -DEPEND[man/man3/OSSL_CMP_exec_certreq.3]=man3/OSSL_CMP_exec_certreq.pod -GENERATE[man/man3/OSSL_CMP_exec_certreq.3]=man3/OSSL_CMP_exec_certreq.pod -DEPEND[html/man3/OSSL_CMP_log_open.html]=man3/OSSL_CMP_log_open.pod -GENERATE[html/man3/OSSL_CMP_log_open.html]=man3/OSSL_CMP_log_open.pod -DEPEND[man/man3/OSSL_CMP_log_open.3]=man3/OSSL_CMP_log_open.pod -GENERATE[man/man3/OSSL_CMP_log_open.3]=man3/OSSL_CMP_log_open.pod -DEPEND[html/man3/OSSL_CMP_validate_msg.html]=man3/OSSL_CMP_validate_msg.pod -GENERATE[html/man3/OSSL_CMP_validate_msg.html]=man3/OSSL_CMP_validate_msg.pod -DEPEND[man/man3/OSSL_CMP_validate_msg.3]=man3/OSSL_CMP_validate_msg.pod -GENERATE[man/man3/OSSL_CMP_validate_msg.3]=man3/OSSL_CMP_validate_msg.pod -DEPEND[html/man3/OSSL_CORE_MAKE_FUNC.html]=man3/OSSL_CORE_MAKE_FUNC.pod -GENERATE[html/man3/OSSL_CORE_MAKE_FUNC.html]=man3/OSSL_CORE_MAKE_FUNC.pod -DEPEND[man/man3/OSSL_CORE_MAKE_FUNC.3]=man3/OSSL_CORE_MAKE_FUNC.pod -GENERATE[man/man3/OSSL_CORE_MAKE_FUNC.3]=man3/OSSL_CORE_MAKE_FUNC.pod -DEPEND[html/man3/OSSL_CRMF_MSG_get0_tmpl.html]=man3/OSSL_CRMF_MSG_get0_tmpl.pod -GENERATE[html/man3/OSSL_CRMF_MSG_get0_tmpl.html]=man3/OSSL_CRMF_MSG_get0_tmpl.pod -DEPEND[man/man3/OSSL_CRMF_MSG_get0_tmpl.3]=man3/OSSL_CRMF_MSG_get0_tmpl.pod -GENERATE[man/man3/OSSL_CRMF_MSG_get0_tmpl.3]=man3/OSSL_CRMF_MSG_get0_tmpl.pod -DEPEND[html/man3/OSSL_CRMF_MSG_set0_validity.html]=man3/OSSL_CRMF_MSG_set0_validity.pod -GENERATE[html/man3/OSSL_CRMF_MSG_set0_validity.html]=man3/OSSL_CRMF_MSG_set0_validity.pod -DEPEND[man/man3/OSSL_CRMF_MSG_set0_validity.3]=man3/OSSL_CRMF_MSG_set0_validity.pod -GENERATE[man/man3/OSSL_CRMF_MSG_set0_validity.3]=man3/OSSL_CRMF_MSG_set0_validity.pod -DEPEND[html/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.html]=man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.pod -GENERATE[html/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.html]=man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.pod -DEPEND[man/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.3]=man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.pod -GENERATE[man/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.3]=man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.pod -DEPEND[html/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.html]=man3/OSSL_CRMF_MSG_set1_regInfo_certReq.pod -GENERATE[html/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.html]=man3/OSSL_CRMF_MSG_set1_regInfo_certReq.pod -DEPEND[man/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.3]=man3/OSSL_CRMF_MSG_set1_regInfo_certReq.pod -GENERATE[man/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.3]=man3/OSSL_CRMF_MSG_set1_regInfo_certReq.pod -DEPEND[html/man3/OSSL_CRMF_pbmp_new.html]=man3/OSSL_CRMF_pbmp_new.pod -GENERATE[html/man3/OSSL_CRMF_pbmp_new.html]=man3/OSSL_CRMF_pbmp_new.pod -DEPEND[man/man3/OSSL_CRMF_pbmp_new.3]=man3/OSSL_CRMF_pbmp_new.pod -GENERATE[man/man3/OSSL_CRMF_pbmp_new.3]=man3/OSSL_CRMF_pbmp_new.pod -DEPEND[html/man3/OSSL_DECODER.html]=man3/OSSL_DECODER.pod -GENERATE[html/man3/OSSL_DECODER.html]=man3/OSSL_DECODER.pod -DEPEND[man/man3/OSSL_DECODER.3]=man3/OSSL_DECODER.pod -GENERATE[man/man3/OSSL_DECODER.3]=man3/OSSL_DECODER.pod -DEPEND[html/man3/OSSL_DECODER_CTX.html]=man3/OSSL_DECODER_CTX.pod -GENERATE[html/man3/OSSL_DECODER_CTX.html]=man3/OSSL_DECODER_CTX.pod -DEPEND[man/man3/OSSL_DECODER_CTX.3]=man3/OSSL_DECODER_CTX.pod -GENERATE[man/man3/OSSL_DECODER_CTX.3]=man3/OSSL_DECODER_CTX.pod -DEPEND[html/man3/OSSL_DECODER_CTX_new_for_pkey.html]=man3/OSSL_DECODER_CTX_new_for_pkey.pod -GENERATE[html/man3/OSSL_DECODER_CTX_new_for_pkey.html]=man3/OSSL_DECODER_CTX_new_for_pkey.pod -DEPEND[man/man3/OSSL_DECODER_CTX_new_for_pkey.3]=man3/OSSL_DECODER_CTX_new_for_pkey.pod -GENERATE[man/man3/OSSL_DECODER_CTX_new_for_pkey.3]=man3/OSSL_DECODER_CTX_new_for_pkey.pod -DEPEND[html/man3/OSSL_DECODER_from_bio.html]=man3/OSSL_DECODER_from_bio.pod -GENERATE[html/man3/OSSL_DECODER_from_bio.html]=man3/OSSL_DECODER_from_bio.pod -DEPEND[man/man3/OSSL_DECODER_from_bio.3]=man3/OSSL_DECODER_from_bio.pod -GENERATE[man/man3/OSSL_DECODER_from_bio.3]=man3/OSSL_DECODER_from_bio.pod -DEPEND[html/man3/OSSL_ENCODER.html]=man3/OSSL_ENCODER.pod -GENERATE[html/man3/OSSL_ENCODER.html]=man3/OSSL_ENCODER.pod -DEPEND[man/man3/OSSL_ENCODER.3]=man3/OSSL_ENCODER.pod -GENERATE[man/man3/OSSL_ENCODER.3]=man3/OSSL_ENCODER.pod -DEPEND[html/man3/OSSL_ENCODER_CTX.html]=man3/OSSL_ENCODER_CTX.pod -GENERATE[html/man3/OSSL_ENCODER_CTX.html]=man3/OSSL_ENCODER_CTX.pod -DEPEND[man/man3/OSSL_ENCODER_CTX.3]=man3/OSSL_ENCODER_CTX.pod -GENERATE[man/man3/OSSL_ENCODER_CTX.3]=man3/OSSL_ENCODER_CTX.pod -DEPEND[html/man3/OSSL_ENCODER_CTX_new_for_pkey.html]=man3/OSSL_ENCODER_CTX_new_for_pkey.pod -GENERATE[html/man3/OSSL_ENCODER_CTX_new_for_pkey.html]=man3/OSSL_ENCODER_CTX_new_for_pkey.pod -DEPEND[man/man3/OSSL_ENCODER_CTX_new_for_pkey.3]=man3/OSSL_ENCODER_CTX_new_for_pkey.pod -GENERATE[man/man3/OSSL_ENCODER_CTX_new_for_pkey.3]=man3/OSSL_ENCODER_CTX_new_for_pkey.pod -DEPEND[html/man3/OSSL_ENCODER_to_bio.html]=man3/OSSL_ENCODER_to_bio.pod -GENERATE[html/man3/OSSL_ENCODER_to_bio.html]=man3/OSSL_ENCODER_to_bio.pod -DEPEND[man/man3/OSSL_ENCODER_to_bio.3]=man3/OSSL_ENCODER_to_bio.pod -GENERATE[man/man3/OSSL_ENCODER_to_bio.3]=man3/OSSL_ENCODER_to_bio.pod -DEPEND[html/man3/OSSL_ESS_check_signing_certs.html]=man3/OSSL_ESS_check_signing_certs.pod -GENERATE[html/man3/OSSL_ESS_check_signing_certs.html]=man3/OSSL_ESS_check_signing_certs.pod -DEPEND[man/man3/OSSL_ESS_check_signing_certs.3]=man3/OSSL_ESS_check_signing_certs.pod -GENERATE[man/man3/OSSL_ESS_check_signing_certs.3]=man3/OSSL_ESS_check_signing_certs.pod -DEPEND[html/man3/OSSL_HTTP_REQ_CTX.html]=man3/OSSL_HTTP_REQ_CTX.pod -GENERATE[html/man3/OSSL_HTTP_REQ_CTX.html]=man3/OSSL_HTTP_REQ_CTX.pod -DEPEND[man/man3/OSSL_HTTP_REQ_CTX.3]=man3/OSSL_HTTP_REQ_CTX.pod -GENERATE[man/man3/OSSL_HTTP_REQ_CTX.3]=man3/OSSL_HTTP_REQ_CTX.pod -DEPEND[html/man3/OSSL_HTTP_parse_url.html]=man3/OSSL_HTTP_parse_url.pod -GENERATE[html/man3/OSSL_HTTP_parse_url.html]=man3/OSSL_HTTP_parse_url.pod -DEPEND[man/man3/OSSL_HTTP_parse_url.3]=man3/OSSL_HTTP_parse_url.pod -GENERATE[man/man3/OSSL_HTTP_parse_url.3]=man3/OSSL_HTTP_parse_url.pod -DEPEND[html/man3/OSSL_HTTP_transfer.html]=man3/OSSL_HTTP_transfer.pod -GENERATE[html/man3/OSSL_HTTP_transfer.html]=man3/OSSL_HTTP_transfer.pod -DEPEND[man/man3/OSSL_HTTP_transfer.3]=man3/OSSL_HTTP_transfer.pod -GENERATE[man/man3/OSSL_HTTP_transfer.3]=man3/OSSL_HTTP_transfer.pod -DEPEND[html/man3/OSSL_LIB_CTX.html]=man3/OSSL_LIB_CTX.pod -GENERATE[html/man3/OSSL_LIB_CTX.html]=man3/OSSL_LIB_CTX.pod -DEPEND[man/man3/OSSL_LIB_CTX.3]=man3/OSSL_LIB_CTX.pod -GENERATE[man/man3/OSSL_LIB_CTX.3]=man3/OSSL_LIB_CTX.pod -DEPEND[html/man3/OSSL_PARAM.html]=man3/OSSL_PARAM.pod -GENERATE[html/man3/OSSL_PARAM.html]=man3/OSSL_PARAM.pod -DEPEND[man/man3/OSSL_PARAM.3]=man3/OSSL_PARAM.pod -GENERATE[man/man3/OSSL_PARAM.3]=man3/OSSL_PARAM.pod -DEPEND[html/man3/OSSL_PARAM_BLD.html]=man3/OSSL_PARAM_BLD.pod -GENERATE[html/man3/OSSL_PARAM_BLD.html]=man3/OSSL_PARAM_BLD.pod -DEPEND[man/man3/OSSL_PARAM_BLD.3]=man3/OSSL_PARAM_BLD.pod -GENERATE[man/man3/OSSL_PARAM_BLD.3]=man3/OSSL_PARAM_BLD.pod -DEPEND[html/man3/OSSL_PARAM_allocate_from_text.html]=man3/OSSL_PARAM_allocate_from_text.pod -GENERATE[html/man3/OSSL_PARAM_allocate_from_text.html]=man3/OSSL_PARAM_allocate_from_text.pod -DEPEND[man/man3/OSSL_PARAM_allocate_from_text.3]=man3/OSSL_PARAM_allocate_from_text.pod -GENERATE[man/man3/OSSL_PARAM_allocate_from_text.3]=man3/OSSL_PARAM_allocate_from_text.pod -DEPEND[html/man3/OSSL_PARAM_dup.html]=man3/OSSL_PARAM_dup.pod -GENERATE[html/man3/OSSL_PARAM_dup.html]=man3/OSSL_PARAM_dup.pod -DEPEND[man/man3/OSSL_PARAM_dup.3]=man3/OSSL_PARAM_dup.pod -GENERATE[man/man3/OSSL_PARAM_dup.3]=man3/OSSL_PARAM_dup.pod -DEPEND[html/man3/OSSL_PARAM_int.html]=man3/OSSL_PARAM_int.pod -GENERATE[html/man3/OSSL_PARAM_int.html]=man3/OSSL_PARAM_int.pod -DEPEND[man/man3/OSSL_PARAM_int.3]=man3/OSSL_PARAM_int.pod -GENERATE[man/man3/OSSL_PARAM_int.3]=man3/OSSL_PARAM_int.pod -DEPEND[html/man3/OSSL_PROVIDER.html]=man3/OSSL_PROVIDER.pod -GENERATE[html/man3/OSSL_PROVIDER.html]=man3/OSSL_PROVIDER.pod -DEPEND[man/man3/OSSL_PROVIDER.3]=man3/OSSL_PROVIDER.pod -GENERATE[man/man3/OSSL_PROVIDER.3]=man3/OSSL_PROVIDER.pod -DEPEND[html/man3/OSSL_SELF_TEST_new.html]=man3/OSSL_SELF_TEST_new.pod -GENERATE[html/man3/OSSL_SELF_TEST_new.html]=man3/OSSL_SELF_TEST_new.pod -DEPEND[man/man3/OSSL_SELF_TEST_new.3]=man3/OSSL_SELF_TEST_new.pod -GENERATE[man/man3/OSSL_SELF_TEST_new.3]=man3/OSSL_SELF_TEST_new.pod -DEPEND[html/man3/OSSL_SELF_TEST_set_callback.html]=man3/OSSL_SELF_TEST_set_callback.pod -GENERATE[html/man3/OSSL_SELF_TEST_set_callback.html]=man3/OSSL_SELF_TEST_set_callback.pod -DEPEND[man/man3/OSSL_SELF_TEST_set_callback.3]=man3/OSSL_SELF_TEST_set_callback.pod -GENERATE[man/man3/OSSL_SELF_TEST_set_callback.3]=man3/OSSL_SELF_TEST_set_callback.pod -DEPEND[html/man3/OSSL_STORE_INFO.html]=man3/OSSL_STORE_INFO.pod -GENERATE[html/man3/OSSL_STORE_INFO.html]=man3/OSSL_STORE_INFO.pod -DEPEND[man/man3/OSSL_STORE_INFO.3]=man3/OSSL_STORE_INFO.pod -GENERATE[man/man3/OSSL_STORE_INFO.3]=man3/OSSL_STORE_INFO.pod -DEPEND[html/man3/OSSL_STORE_LOADER.html]=man3/OSSL_STORE_LOADER.pod -GENERATE[html/man3/OSSL_STORE_LOADER.html]=man3/OSSL_STORE_LOADER.pod -DEPEND[man/man3/OSSL_STORE_LOADER.3]=man3/OSSL_STORE_LOADER.pod -GENERATE[man/man3/OSSL_STORE_LOADER.3]=man3/OSSL_STORE_LOADER.pod -DEPEND[html/man3/OSSL_STORE_SEARCH.html]=man3/OSSL_STORE_SEARCH.pod -GENERATE[html/man3/OSSL_STORE_SEARCH.html]=man3/OSSL_STORE_SEARCH.pod -DEPEND[man/man3/OSSL_STORE_SEARCH.3]=man3/OSSL_STORE_SEARCH.pod -GENERATE[man/man3/OSSL_STORE_SEARCH.3]=man3/OSSL_STORE_SEARCH.pod -DEPEND[html/man3/OSSL_STORE_attach.html]=man3/OSSL_STORE_attach.pod -GENERATE[html/man3/OSSL_STORE_attach.html]=man3/OSSL_STORE_attach.pod -DEPEND[man/man3/OSSL_STORE_attach.3]=man3/OSSL_STORE_attach.pod -GENERATE[man/man3/OSSL_STORE_attach.3]=man3/OSSL_STORE_attach.pod -DEPEND[html/man3/OSSL_STORE_expect.html]=man3/OSSL_STORE_expect.pod -GENERATE[html/man3/OSSL_STORE_expect.html]=man3/OSSL_STORE_expect.pod -DEPEND[man/man3/OSSL_STORE_expect.3]=man3/OSSL_STORE_expect.pod -GENERATE[man/man3/OSSL_STORE_expect.3]=man3/OSSL_STORE_expect.pod -DEPEND[html/man3/OSSL_STORE_open.html]=man3/OSSL_STORE_open.pod -GENERATE[html/man3/OSSL_STORE_open.html]=man3/OSSL_STORE_open.pod -DEPEND[man/man3/OSSL_STORE_open.3]=man3/OSSL_STORE_open.pod -GENERATE[man/man3/OSSL_STORE_open.3]=man3/OSSL_STORE_open.pod -DEPEND[html/man3/OSSL_trace_enabled.html]=man3/OSSL_trace_enabled.pod -GENERATE[html/man3/OSSL_trace_enabled.html]=man3/OSSL_trace_enabled.pod -DEPEND[man/man3/OSSL_trace_enabled.3]=man3/OSSL_trace_enabled.pod -GENERATE[man/man3/OSSL_trace_enabled.3]=man3/OSSL_trace_enabled.pod -DEPEND[html/man3/OSSL_trace_get_category_num.html]=man3/OSSL_trace_get_category_num.pod -GENERATE[html/man3/OSSL_trace_get_category_num.html]=man3/OSSL_trace_get_category_num.pod -DEPEND[man/man3/OSSL_trace_get_category_num.3]=man3/OSSL_trace_get_category_num.pod -GENERATE[man/man3/OSSL_trace_get_category_num.3]=man3/OSSL_trace_get_category_num.pod -DEPEND[html/man3/OSSL_trace_set_channel.html]=man3/OSSL_trace_set_channel.pod -GENERATE[html/man3/OSSL_trace_set_channel.html]=man3/OSSL_trace_set_channel.pod -DEPEND[man/man3/OSSL_trace_set_channel.3]=man3/OSSL_trace_set_channel.pod -GENERATE[man/man3/OSSL_trace_set_channel.3]=man3/OSSL_trace_set_channel.pod -DEPEND[html/man3/OpenSSL_add_all_algorithms.html]=man3/OpenSSL_add_all_algorithms.pod -GENERATE[html/man3/OpenSSL_add_all_algorithms.html]=man3/OpenSSL_add_all_algorithms.pod -DEPEND[man/man3/OpenSSL_add_all_algorithms.3]=man3/OpenSSL_add_all_algorithms.pod -GENERATE[man/man3/OpenSSL_add_all_algorithms.3]=man3/OpenSSL_add_all_algorithms.pod -DEPEND[html/man3/OpenSSL_version.html]=man3/OpenSSL_version.pod -GENERATE[html/man3/OpenSSL_version.html]=man3/OpenSSL_version.pod -DEPEND[man/man3/OpenSSL_version.3]=man3/OpenSSL_version.pod -GENERATE[man/man3/OpenSSL_version.3]=man3/OpenSSL_version.pod -DEPEND[html/man3/PEM_X509_INFO_read_bio_ex.html]=man3/PEM_X509_INFO_read_bio_ex.pod -GENERATE[html/man3/PEM_X509_INFO_read_bio_ex.html]=man3/PEM_X509_INFO_read_bio_ex.pod -DEPEND[man/man3/PEM_X509_INFO_read_bio_ex.3]=man3/PEM_X509_INFO_read_bio_ex.pod -GENERATE[man/man3/PEM_X509_INFO_read_bio_ex.3]=man3/PEM_X509_INFO_read_bio_ex.pod -DEPEND[html/man3/PEM_bytes_read_bio.html]=man3/PEM_bytes_read_bio.pod -GENERATE[html/man3/PEM_bytes_read_bio.html]=man3/PEM_bytes_read_bio.pod -DEPEND[man/man3/PEM_bytes_read_bio.3]=man3/PEM_bytes_read_bio.pod -GENERATE[man/man3/PEM_bytes_read_bio.3]=man3/PEM_bytes_read_bio.pod -DEPEND[html/man3/PEM_read.html]=man3/PEM_read.pod -GENERATE[html/man3/PEM_read.html]=man3/PEM_read.pod -DEPEND[man/man3/PEM_read.3]=man3/PEM_read.pod -GENERATE[man/man3/PEM_read.3]=man3/PEM_read.pod -DEPEND[html/man3/PEM_read_CMS.html]=man3/PEM_read_CMS.pod -GENERATE[html/man3/PEM_read_CMS.html]=man3/PEM_read_CMS.pod -DEPEND[man/man3/PEM_read_CMS.3]=man3/PEM_read_CMS.pod -GENERATE[man/man3/PEM_read_CMS.3]=man3/PEM_read_CMS.pod -DEPEND[html/man3/PEM_read_bio_PrivateKey.html]=man3/PEM_read_bio_PrivateKey.pod -GENERATE[html/man3/PEM_read_bio_PrivateKey.html]=man3/PEM_read_bio_PrivateKey.pod -DEPEND[man/man3/PEM_read_bio_PrivateKey.3]=man3/PEM_read_bio_PrivateKey.pod -GENERATE[man/man3/PEM_read_bio_PrivateKey.3]=man3/PEM_read_bio_PrivateKey.pod -DEPEND[html/man3/PEM_read_bio_ex.html]=man3/PEM_read_bio_ex.pod -GENERATE[html/man3/PEM_read_bio_ex.html]=man3/PEM_read_bio_ex.pod -DEPEND[man/man3/PEM_read_bio_ex.3]=man3/PEM_read_bio_ex.pod -GENERATE[man/man3/PEM_read_bio_ex.3]=man3/PEM_read_bio_ex.pod -DEPEND[html/man3/PEM_write_bio_CMS_stream.html]=man3/PEM_write_bio_CMS_stream.pod -GENERATE[html/man3/PEM_write_bio_CMS_stream.html]=man3/PEM_write_bio_CMS_stream.pod -DEPEND[man/man3/PEM_write_bio_CMS_stream.3]=man3/PEM_write_bio_CMS_stream.pod -GENERATE[man/man3/PEM_write_bio_CMS_stream.3]=man3/PEM_write_bio_CMS_stream.pod -DEPEND[html/man3/PEM_write_bio_PKCS7_stream.html]=man3/PEM_write_bio_PKCS7_stream.pod -GENERATE[html/man3/PEM_write_bio_PKCS7_stream.html]=man3/PEM_write_bio_PKCS7_stream.pod -DEPEND[man/man3/PEM_write_bio_PKCS7_stream.3]=man3/PEM_write_bio_PKCS7_stream.pod -GENERATE[man/man3/PEM_write_bio_PKCS7_stream.3]=man3/PEM_write_bio_PKCS7_stream.pod -DEPEND[html/man3/PKCS12_PBE_keyivgen.html]=man3/PKCS12_PBE_keyivgen.pod -GENERATE[html/man3/PKCS12_PBE_keyivgen.html]=man3/PKCS12_PBE_keyivgen.pod -DEPEND[man/man3/PKCS12_PBE_keyivgen.3]=man3/PKCS12_PBE_keyivgen.pod -GENERATE[man/man3/PKCS12_PBE_keyivgen.3]=man3/PKCS12_PBE_keyivgen.pod -DEPEND[html/man3/PKCS12_SAFEBAG_create_cert.html]=man3/PKCS12_SAFEBAG_create_cert.pod -GENERATE[html/man3/PKCS12_SAFEBAG_create_cert.html]=man3/PKCS12_SAFEBAG_create_cert.pod -DEPEND[man/man3/PKCS12_SAFEBAG_create_cert.3]=man3/PKCS12_SAFEBAG_create_cert.pod -GENERATE[man/man3/PKCS12_SAFEBAG_create_cert.3]=man3/PKCS12_SAFEBAG_create_cert.pod -DEPEND[html/man3/PKCS12_SAFEBAG_get0_attrs.html]=man3/PKCS12_SAFEBAG_get0_attrs.pod -GENERATE[html/man3/PKCS12_SAFEBAG_get0_attrs.html]=man3/PKCS12_SAFEBAG_get0_attrs.pod -DEPEND[man/man3/PKCS12_SAFEBAG_get0_attrs.3]=man3/PKCS12_SAFEBAG_get0_attrs.pod -GENERATE[man/man3/PKCS12_SAFEBAG_get0_attrs.3]=man3/PKCS12_SAFEBAG_get0_attrs.pod -DEPEND[html/man3/PKCS12_SAFEBAG_get1_cert.html]=man3/PKCS12_SAFEBAG_get1_cert.pod -GENERATE[html/man3/PKCS12_SAFEBAG_get1_cert.html]=man3/PKCS12_SAFEBAG_get1_cert.pod -DEPEND[man/man3/PKCS12_SAFEBAG_get1_cert.3]=man3/PKCS12_SAFEBAG_get1_cert.pod -GENERATE[man/man3/PKCS12_SAFEBAG_get1_cert.3]=man3/PKCS12_SAFEBAG_get1_cert.pod -DEPEND[html/man3/PKCS12_add1_attr_by_NID.html]=man3/PKCS12_add1_attr_by_NID.pod -GENERATE[html/man3/PKCS12_add1_attr_by_NID.html]=man3/PKCS12_add1_attr_by_NID.pod -DEPEND[man/man3/PKCS12_add1_attr_by_NID.3]=man3/PKCS12_add1_attr_by_NID.pod -GENERATE[man/man3/PKCS12_add1_attr_by_NID.3]=man3/PKCS12_add1_attr_by_NID.pod -DEPEND[html/man3/PKCS12_add_CSPName_asc.html]=man3/PKCS12_add_CSPName_asc.pod -GENERATE[html/man3/PKCS12_add_CSPName_asc.html]=man3/PKCS12_add_CSPName_asc.pod -DEPEND[man/man3/PKCS12_add_CSPName_asc.3]=man3/PKCS12_add_CSPName_asc.pod -GENERATE[man/man3/PKCS12_add_CSPName_asc.3]=man3/PKCS12_add_CSPName_asc.pod -DEPEND[html/man3/PKCS12_add_cert.html]=man3/PKCS12_add_cert.pod -GENERATE[html/man3/PKCS12_add_cert.html]=man3/PKCS12_add_cert.pod -DEPEND[man/man3/PKCS12_add_cert.3]=man3/PKCS12_add_cert.pod -GENERATE[man/man3/PKCS12_add_cert.3]=man3/PKCS12_add_cert.pod -DEPEND[html/man3/PKCS12_add_friendlyname_asc.html]=man3/PKCS12_add_friendlyname_asc.pod -GENERATE[html/man3/PKCS12_add_friendlyname_asc.html]=man3/PKCS12_add_friendlyname_asc.pod -DEPEND[man/man3/PKCS12_add_friendlyname_asc.3]=man3/PKCS12_add_friendlyname_asc.pod -GENERATE[man/man3/PKCS12_add_friendlyname_asc.3]=man3/PKCS12_add_friendlyname_asc.pod -DEPEND[html/man3/PKCS12_add_localkeyid.html]=man3/PKCS12_add_localkeyid.pod -GENERATE[html/man3/PKCS12_add_localkeyid.html]=man3/PKCS12_add_localkeyid.pod -DEPEND[man/man3/PKCS12_add_localkeyid.3]=man3/PKCS12_add_localkeyid.pod -GENERATE[man/man3/PKCS12_add_localkeyid.3]=man3/PKCS12_add_localkeyid.pod -DEPEND[html/man3/PKCS12_add_safe.html]=man3/PKCS12_add_safe.pod -GENERATE[html/man3/PKCS12_add_safe.html]=man3/PKCS12_add_safe.pod -DEPEND[man/man3/PKCS12_add_safe.3]=man3/PKCS12_add_safe.pod -GENERATE[man/man3/PKCS12_add_safe.3]=man3/PKCS12_add_safe.pod -DEPEND[html/man3/PKCS12_create.html]=man3/PKCS12_create.pod -GENERATE[html/man3/PKCS12_create.html]=man3/PKCS12_create.pod -DEPEND[man/man3/PKCS12_create.3]=man3/PKCS12_create.pod -GENERATE[man/man3/PKCS12_create.3]=man3/PKCS12_create.pod -DEPEND[html/man3/PKCS12_decrypt_skey.html]=man3/PKCS12_decrypt_skey.pod -GENERATE[html/man3/PKCS12_decrypt_skey.html]=man3/PKCS12_decrypt_skey.pod -DEPEND[man/man3/PKCS12_decrypt_skey.3]=man3/PKCS12_decrypt_skey.pod -GENERATE[man/man3/PKCS12_decrypt_skey.3]=man3/PKCS12_decrypt_skey.pod -DEPEND[html/man3/PKCS12_gen_mac.html]=man3/PKCS12_gen_mac.pod -GENERATE[html/man3/PKCS12_gen_mac.html]=man3/PKCS12_gen_mac.pod -DEPEND[man/man3/PKCS12_gen_mac.3]=man3/PKCS12_gen_mac.pod -GENERATE[man/man3/PKCS12_gen_mac.3]=man3/PKCS12_gen_mac.pod -DEPEND[html/man3/PKCS12_get_friendlyname.html]=man3/PKCS12_get_friendlyname.pod -GENERATE[html/man3/PKCS12_get_friendlyname.html]=man3/PKCS12_get_friendlyname.pod -DEPEND[man/man3/PKCS12_get_friendlyname.3]=man3/PKCS12_get_friendlyname.pod -GENERATE[man/man3/PKCS12_get_friendlyname.3]=man3/PKCS12_get_friendlyname.pod -DEPEND[html/man3/PKCS12_init.html]=man3/PKCS12_init.pod -GENERATE[html/man3/PKCS12_init.html]=man3/PKCS12_init.pod -DEPEND[man/man3/PKCS12_init.3]=man3/PKCS12_init.pod -GENERATE[man/man3/PKCS12_init.3]=man3/PKCS12_init.pod -DEPEND[html/man3/PKCS12_item_decrypt_d2i.html]=man3/PKCS12_item_decrypt_d2i.pod -GENERATE[html/man3/PKCS12_item_decrypt_d2i.html]=man3/PKCS12_item_decrypt_d2i.pod -DEPEND[man/man3/PKCS12_item_decrypt_d2i.3]=man3/PKCS12_item_decrypt_d2i.pod -GENERATE[man/man3/PKCS12_item_decrypt_d2i.3]=man3/PKCS12_item_decrypt_d2i.pod -DEPEND[html/man3/PKCS12_key_gen_utf8_ex.html]=man3/PKCS12_key_gen_utf8_ex.pod -GENERATE[html/man3/PKCS12_key_gen_utf8_ex.html]=man3/PKCS12_key_gen_utf8_ex.pod -DEPEND[man/man3/PKCS12_key_gen_utf8_ex.3]=man3/PKCS12_key_gen_utf8_ex.pod -GENERATE[man/man3/PKCS12_key_gen_utf8_ex.3]=man3/PKCS12_key_gen_utf8_ex.pod -DEPEND[html/man3/PKCS12_newpass.html]=man3/PKCS12_newpass.pod -GENERATE[html/man3/PKCS12_newpass.html]=man3/PKCS12_newpass.pod -DEPEND[man/man3/PKCS12_newpass.3]=man3/PKCS12_newpass.pod -GENERATE[man/man3/PKCS12_newpass.3]=man3/PKCS12_newpass.pod -DEPEND[html/man3/PKCS12_pack_p7encdata.html]=man3/PKCS12_pack_p7encdata.pod -GENERATE[html/man3/PKCS12_pack_p7encdata.html]=man3/PKCS12_pack_p7encdata.pod -DEPEND[man/man3/PKCS12_pack_p7encdata.3]=man3/PKCS12_pack_p7encdata.pod -GENERATE[man/man3/PKCS12_pack_p7encdata.3]=man3/PKCS12_pack_p7encdata.pod -DEPEND[html/man3/PKCS12_parse.html]=man3/PKCS12_parse.pod -GENERATE[html/man3/PKCS12_parse.html]=man3/PKCS12_parse.pod -DEPEND[man/man3/PKCS12_parse.3]=man3/PKCS12_parse.pod -GENERATE[man/man3/PKCS12_parse.3]=man3/PKCS12_parse.pod -DEPEND[html/man3/PKCS5_PBE_keyivgen.html]=man3/PKCS5_PBE_keyivgen.pod -GENERATE[html/man3/PKCS5_PBE_keyivgen.html]=man3/PKCS5_PBE_keyivgen.pod -DEPEND[man/man3/PKCS5_PBE_keyivgen.3]=man3/PKCS5_PBE_keyivgen.pod -GENERATE[man/man3/PKCS5_PBE_keyivgen.3]=man3/PKCS5_PBE_keyivgen.pod -DEPEND[html/man3/PKCS5_PBKDF2_HMAC.html]=man3/PKCS5_PBKDF2_HMAC.pod -GENERATE[html/man3/PKCS5_PBKDF2_HMAC.html]=man3/PKCS5_PBKDF2_HMAC.pod -DEPEND[man/man3/PKCS5_PBKDF2_HMAC.3]=man3/PKCS5_PBKDF2_HMAC.pod -GENERATE[man/man3/PKCS5_PBKDF2_HMAC.3]=man3/PKCS5_PBKDF2_HMAC.pod -DEPEND[html/man3/PKCS7_decrypt.html]=man3/PKCS7_decrypt.pod -GENERATE[html/man3/PKCS7_decrypt.html]=man3/PKCS7_decrypt.pod -DEPEND[man/man3/PKCS7_decrypt.3]=man3/PKCS7_decrypt.pod -GENERATE[man/man3/PKCS7_decrypt.3]=man3/PKCS7_decrypt.pod -DEPEND[html/man3/PKCS7_encrypt.html]=man3/PKCS7_encrypt.pod -GENERATE[html/man3/PKCS7_encrypt.html]=man3/PKCS7_encrypt.pod -DEPEND[man/man3/PKCS7_encrypt.3]=man3/PKCS7_encrypt.pod -GENERATE[man/man3/PKCS7_encrypt.3]=man3/PKCS7_encrypt.pod -DEPEND[html/man3/PKCS7_get_octet_string.html]=man3/PKCS7_get_octet_string.pod -GENERATE[html/man3/PKCS7_get_octet_string.html]=man3/PKCS7_get_octet_string.pod -DEPEND[man/man3/PKCS7_get_octet_string.3]=man3/PKCS7_get_octet_string.pod -GENERATE[man/man3/PKCS7_get_octet_string.3]=man3/PKCS7_get_octet_string.pod -DEPEND[html/man3/PKCS7_sign.html]=man3/PKCS7_sign.pod -GENERATE[html/man3/PKCS7_sign.html]=man3/PKCS7_sign.pod -DEPEND[man/man3/PKCS7_sign.3]=man3/PKCS7_sign.pod -GENERATE[man/man3/PKCS7_sign.3]=man3/PKCS7_sign.pod -DEPEND[html/man3/PKCS7_sign_add_signer.html]=man3/PKCS7_sign_add_signer.pod -GENERATE[html/man3/PKCS7_sign_add_signer.html]=man3/PKCS7_sign_add_signer.pod -DEPEND[man/man3/PKCS7_sign_add_signer.3]=man3/PKCS7_sign_add_signer.pod -GENERATE[man/man3/PKCS7_sign_add_signer.3]=man3/PKCS7_sign_add_signer.pod -DEPEND[html/man3/PKCS7_type_is_other.html]=man3/PKCS7_type_is_other.pod -GENERATE[html/man3/PKCS7_type_is_other.html]=man3/PKCS7_type_is_other.pod -DEPEND[man/man3/PKCS7_type_is_other.3]=man3/PKCS7_type_is_other.pod -GENERATE[man/man3/PKCS7_type_is_other.3]=man3/PKCS7_type_is_other.pod -DEPEND[html/man3/PKCS7_verify.html]=man3/PKCS7_verify.pod -GENERATE[html/man3/PKCS7_verify.html]=man3/PKCS7_verify.pod -DEPEND[man/man3/PKCS7_verify.3]=man3/PKCS7_verify.pod -GENERATE[man/man3/PKCS7_verify.3]=man3/PKCS7_verify.pod -DEPEND[html/man3/PKCS8_encrypt.html]=man3/PKCS8_encrypt.pod -GENERATE[html/man3/PKCS8_encrypt.html]=man3/PKCS8_encrypt.pod -DEPEND[man/man3/PKCS8_encrypt.3]=man3/PKCS8_encrypt.pod -GENERATE[man/man3/PKCS8_encrypt.3]=man3/PKCS8_encrypt.pod -DEPEND[html/man3/PKCS8_pkey_add1_attr.html]=man3/PKCS8_pkey_add1_attr.pod -GENERATE[html/man3/PKCS8_pkey_add1_attr.html]=man3/PKCS8_pkey_add1_attr.pod -DEPEND[man/man3/PKCS8_pkey_add1_attr.3]=man3/PKCS8_pkey_add1_attr.pod -GENERATE[man/man3/PKCS8_pkey_add1_attr.3]=man3/PKCS8_pkey_add1_attr.pod -DEPEND[html/man3/RAND_add.html]=man3/RAND_add.pod -GENERATE[html/man3/RAND_add.html]=man3/RAND_add.pod -DEPEND[man/man3/RAND_add.3]=man3/RAND_add.pod -GENERATE[man/man3/RAND_add.3]=man3/RAND_add.pod -DEPEND[html/man3/RAND_bytes.html]=man3/RAND_bytes.pod -GENERATE[html/man3/RAND_bytes.html]=man3/RAND_bytes.pod -DEPEND[man/man3/RAND_bytes.3]=man3/RAND_bytes.pod -GENERATE[man/man3/RAND_bytes.3]=man3/RAND_bytes.pod -DEPEND[html/man3/RAND_cleanup.html]=man3/RAND_cleanup.pod -GENERATE[html/man3/RAND_cleanup.html]=man3/RAND_cleanup.pod -DEPEND[man/man3/RAND_cleanup.3]=man3/RAND_cleanup.pod -GENERATE[man/man3/RAND_cleanup.3]=man3/RAND_cleanup.pod -DEPEND[html/man3/RAND_egd.html]=man3/RAND_egd.pod -GENERATE[html/man3/RAND_egd.html]=man3/RAND_egd.pod -DEPEND[man/man3/RAND_egd.3]=man3/RAND_egd.pod -GENERATE[man/man3/RAND_egd.3]=man3/RAND_egd.pod -DEPEND[html/man3/RAND_get0_primary.html]=man3/RAND_get0_primary.pod -GENERATE[html/man3/RAND_get0_primary.html]=man3/RAND_get0_primary.pod -DEPEND[man/man3/RAND_get0_primary.3]=man3/RAND_get0_primary.pod -GENERATE[man/man3/RAND_get0_primary.3]=man3/RAND_get0_primary.pod -DEPEND[html/man3/RAND_load_file.html]=man3/RAND_load_file.pod -GENERATE[html/man3/RAND_load_file.html]=man3/RAND_load_file.pod -DEPEND[man/man3/RAND_load_file.3]=man3/RAND_load_file.pod -GENERATE[man/man3/RAND_load_file.3]=man3/RAND_load_file.pod -DEPEND[html/man3/RAND_set_DRBG_type.html]=man3/RAND_set_DRBG_type.pod -GENERATE[html/man3/RAND_set_DRBG_type.html]=man3/RAND_set_DRBG_type.pod -DEPEND[man/man3/RAND_set_DRBG_type.3]=man3/RAND_set_DRBG_type.pod -GENERATE[man/man3/RAND_set_DRBG_type.3]=man3/RAND_set_DRBG_type.pod -DEPEND[html/man3/RAND_set_rand_method.html]=man3/RAND_set_rand_method.pod -GENERATE[html/man3/RAND_set_rand_method.html]=man3/RAND_set_rand_method.pod -DEPEND[man/man3/RAND_set_rand_method.3]=man3/RAND_set_rand_method.pod -GENERATE[man/man3/RAND_set_rand_method.3]=man3/RAND_set_rand_method.pod -DEPEND[html/man3/RC4_set_key.html]=man3/RC4_set_key.pod -GENERATE[html/man3/RC4_set_key.html]=man3/RC4_set_key.pod -DEPEND[man/man3/RC4_set_key.3]=man3/RC4_set_key.pod -GENERATE[man/man3/RC4_set_key.3]=man3/RC4_set_key.pod -DEPEND[html/man3/RIPEMD160_Init.html]=man3/RIPEMD160_Init.pod -GENERATE[html/man3/RIPEMD160_Init.html]=man3/RIPEMD160_Init.pod -DEPEND[man/man3/RIPEMD160_Init.3]=man3/RIPEMD160_Init.pod -GENERATE[man/man3/RIPEMD160_Init.3]=man3/RIPEMD160_Init.pod -DEPEND[html/man3/RSA_blinding_on.html]=man3/RSA_blinding_on.pod -GENERATE[html/man3/RSA_blinding_on.html]=man3/RSA_blinding_on.pod -DEPEND[man/man3/RSA_blinding_on.3]=man3/RSA_blinding_on.pod -GENERATE[man/man3/RSA_blinding_on.3]=man3/RSA_blinding_on.pod -DEPEND[html/man3/RSA_check_key.html]=man3/RSA_check_key.pod -GENERATE[html/man3/RSA_check_key.html]=man3/RSA_check_key.pod -DEPEND[man/man3/RSA_check_key.3]=man3/RSA_check_key.pod -GENERATE[man/man3/RSA_check_key.3]=man3/RSA_check_key.pod -DEPEND[html/man3/RSA_generate_key.html]=man3/RSA_generate_key.pod -GENERATE[html/man3/RSA_generate_key.html]=man3/RSA_generate_key.pod -DEPEND[man/man3/RSA_generate_key.3]=man3/RSA_generate_key.pod -GENERATE[man/man3/RSA_generate_key.3]=man3/RSA_generate_key.pod -DEPEND[html/man3/RSA_get0_key.html]=man3/RSA_get0_key.pod -GENERATE[html/man3/RSA_get0_key.html]=man3/RSA_get0_key.pod -DEPEND[man/man3/RSA_get0_key.3]=man3/RSA_get0_key.pod -GENERATE[man/man3/RSA_get0_key.3]=man3/RSA_get0_key.pod -DEPEND[html/man3/RSA_meth_new.html]=man3/RSA_meth_new.pod -GENERATE[html/man3/RSA_meth_new.html]=man3/RSA_meth_new.pod -DEPEND[man/man3/RSA_meth_new.3]=man3/RSA_meth_new.pod -GENERATE[man/man3/RSA_meth_new.3]=man3/RSA_meth_new.pod -DEPEND[html/man3/RSA_new.html]=man3/RSA_new.pod -GENERATE[html/man3/RSA_new.html]=man3/RSA_new.pod -DEPEND[man/man3/RSA_new.3]=man3/RSA_new.pod -GENERATE[man/man3/RSA_new.3]=man3/RSA_new.pod -DEPEND[html/man3/RSA_padding_add_PKCS1_type_1.html]=man3/RSA_padding_add_PKCS1_type_1.pod -GENERATE[html/man3/RSA_padding_add_PKCS1_type_1.html]=man3/RSA_padding_add_PKCS1_type_1.pod -DEPEND[man/man3/RSA_padding_add_PKCS1_type_1.3]=man3/RSA_padding_add_PKCS1_type_1.pod -GENERATE[man/man3/RSA_padding_add_PKCS1_type_1.3]=man3/RSA_padding_add_PKCS1_type_1.pod -DEPEND[html/man3/RSA_print.html]=man3/RSA_print.pod -GENERATE[html/man3/RSA_print.html]=man3/RSA_print.pod -DEPEND[man/man3/RSA_print.3]=man3/RSA_print.pod -GENERATE[man/man3/RSA_print.3]=man3/RSA_print.pod -DEPEND[html/man3/RSA_private_encrypt.html]=man3/RSA_private_encrypt.pod -GENERATE[html/man3/RSA_private_encrypt.html]=man3/RSA_private_encrypt.pod -DEPEND[man/man3/RSA_private_encrypt.3]=man3/RSA_private_encrypt.pod -GENERATE[man/man3/RSA_private_encrypt.3]=man3/RSA_private_encrypt.pod -DEPEND[html/man3/RSA_public_encrypt.html]=man3/RSA_public_encrypt.pod -GENERATE[html/man3/RSA_public_encrypt.html]=man3/RSA_public_encrypt.pod -DEPEND[man/man3/RSA_public_encrypt.3]=man3/RSA_public_encrypt.pod -GENERATE[man/man3/RSA_public_encrypt.3]=man3/RSA_public_encrypt.pod -DEPEND[html/man3/RSA_set_method.html]=man3/RSA_set_method.pod -GENERATE[html/man3/RSA_set_method.html]=man3/RSA_set_method.pod -DEPEND[man/man3/RSA_set_method.3]=man3/RSA_set_method.pod -GENERATE[man/man3/RSA_set_method.3]=man3/RSA_set_method.pod -DEPEND[html/man3/RSA_sign.html]=man3/RSA_sign.pod -GENERATE[html/man3/RSA_sign.html]=man3/RSA_sign.pod -DEPEND[man/man3/RSA_sign.3]=man3/RSA_sign.pod -GENERATE[man/man3/RSA_sign.3]=man3/RSA_sign.pod -DEPEND[html/man3/RSA_sign_ASN1_OCTET_STRING.html]=man3/RSA_sign_ASN1_OCTET_STRING.pod -GENERATE[html/man3/RSA_sign_ASN1_OCTET_STRING.html]=man3/RSA_sign_ASN1_OCTET_STRING.pod -DEPEND[man/man3/RSA_sign_ASN1_OCTET_STRING.3]=man3/RSA_sign_ASN1_OCTET_STRING.pod -GENERATE[man/man3/RSA_sign_ASN1_OCTET_STRING.3]=man3/RSA_sign_ASN1_OCTET_STRING.pod -DEPEND[html/man3/RSA_size.html]=man3/RSA_size.pod -GENERATE[html/man3/RSA_size.html]=man3/RSA_size.pod -DEPEND[man/man3/RSA_size.3]=man3/RSA_size.pod -GENERATE[man/man3/RSA_size.3]=man3/RSA_size.pod -DEPEND[html/man3/SCT_new.html]=man3/SCT_new.pod -GENERATE[html/man3/SCT_new.html]=man3/SCT_new.pod -DEPEND[man/man3/SCT_new.3]=man3/SCT_new.pod -GENERATE[man/man3/SCT_new.3]=man3/SCT_new.pod -DEPEND[html/man3/SCT_print.html]=man3/SCT_print.pod -GENERATE[html/man3/SCT_print.html]=man3/SCT_print.pod -DEPEND[man/man3/SCT_print.3]=man3/SCT_print.pod -GENERATE[man/man3/SCT_print.3]=man3/SCT_print.pod -DEPEND[html/man3/SCT_validate.html]=man3/SCT_validate.pod -GENERATE[html/man3/SCT_validate.html]=man3/SCT_validate.pod -DEPEND[man/man3/SCT_validate.3]=man3/SCT_validate.pod -GENERATE[man/man3/SCT_validate.3]=man3/SCT_validate.pod -DEPEND[html/man3/SHA256_Init.html]=man3/SHA256_Init.pod -GENERATE[html/man3/SHA256_Init.html]=man3/SHA256_Init.pod -DEPEND[man/man3/SHA256_Init.3]=man3/SHA256_Init.pod -GENERATE[man/man3/SHA256_Init.3]=man3/SHA256_Init.pod -DEPEND[html/man3/SMIME_read_ASN1.html]=man3/SMIME_read_ASN1.pod -GENERATE[html/man3/SMIME_read_ASN1.html]=man3/SMIME_read_ASN1.pod -DEPEND[man/man3/SMIME_read_ASN1.3]=man3/SMIME_read_ASN1.pod -GENERATE[man/man3/SMIME_read_ASN1.3]=man3/SMIME_read_ASN1.pod -DEPEND[html/man3/SMIME_read_CMS.html]=man3/SMIME_read_CMS.pod -GENERATE[html/man3/SMIME_read_CMS.html]=man3/SMIME_read_CMS.pod -DEPEND[man/man3/SMIME_read_CMS.3]=man3/SMIME_read_CMS.pod -GENERATE[man/man3/SMIME_read_CMS.3]=man3/SMIME_read_CMS.pod -DEPEND[html/man3/SMIME_read_PKCS7.html]=man3/SMIME_read_PKCS7.pod -GENERATE[html/man3/SMIME_read_PKCS7.html]=man3/SMIME_read_PKCS7.pod -DEPEND[man/man3/SMIME_read_PKCS7.3]=man3/SMIME_read_PKCS7.pod -GENERATE[man/man3/SMIME_read_PKCS7.3]=man3/SMIME_read_PKCS7.pod -DEPEND[html/man3/SMIME_write_ASN1.html]=man3/SMIME_write_ASN1.pod -GENERATE[html/man3/SMIME_write_ASN1.html]=man3/SMIME_write_ASN1.pod -DEPEND[man/man3/SMIME_write_ASN1.3]=man3/SMIME_write_ASN1.pod -GENERATE[man/man3/SMIME_write_ASN1.3]=man3/SMIME_write_ASN1.pod -DEPEND[html/man3/SMIME_write_CMS.html]=man3/SMIME_write_CMS.pod -GENERATE[html/man3/SMIME_write_CMS.html]=man3/SMIME_write_CMS.pod -DEPEND[man/man3/SMIME_write_CMS.3]=man3/SMIME_write_CMS.pod -GENERATE[man/man3/SMIME_write_CMS.3]=man3/SMIME_write_CMS.pod -DEPEND[html/man3/SMIME_write_PKCS7.html]=man3/SMIME_write_PKCS7.pod -GENERATE[html/man3/SMIME_write_PKCS7.html]=man3/SMIME_write_PKCS7.pod -DEPEND[man/man3/SMIME_write_PKCS7.3]=man3/SMIME_write_PKCS7.pod -GENERATE[man/man3/SMIME_write_PKCS7.3]=man3/SMIME_write_PKCS7.pod -DEPEND[html/man3/SRP_Calc_B.html]=man3/SRP_Calc_B.pod -GENERATE[html/man3/SRP_Calc_B.html]=man3/SRP_Calc_B.pod -DEPEND[man/man3/SRP_Calc_B.3]=man3/SRP_Calc_B.pod -GENERATE[man/man3/SRP_Calc_B.3]=man3/SRP_Calc_B.pod -DEPEND[html/man3/SRP_VBASE_new.html]=man3/SRP_VBASE_new.pod -GENERATE[html/man3/SRP_VBASE_new.html]=man3/SRP_VBASE_new.pod -DEPEND[man/man3/SRP_VBASE_new.3]=man3/SRP_VBASE_new.pod -GENERATE[man/man3/SRP_VBASE_new.3]=man3/SRP_VBASE_new.pod -DEPEND[html/man3/SRP_create_verifier.html]=man3/SRP_create_verifier.pod -GENERATE[html/man3/SRP_create_verifier.html]=man3/SRP_create_verifier.pod -DEPEND[man/man3/SRP_create_verifier.3]=man3/SRP_create_verifier.pod -GENERATE[man/man3/SRP_create_verifier.3]=man3/SRP_create_verifier.pod -DEPEND[html/man3/SRP_user_pwd_new.html]=man3/SRP_user_pwd_new.pod -GENERATE[html/man3/SRP_user_pwd_new.html]=man3/SRP_user_pwd_new.pod -DEPEND[man/man3/SRP_user_pwd_new.3]=man3/SRP_user_pwd_new.pod -GENERATE[man/man3/SRP_user_pwd_new.3]=man3/SRP_user_pwd_new.pod -DEPEND[html/man3/SSL_CIPHER_get_name.html]=man3/SSL_CIPHER_get_name.pod -GENERATE[html/man3/SSL_CIPHER_get_name.html]=man3/SSL_CIPHER_get_name.pod -DEPEND[man/man3/SSL_CIPHER_get_name.3]=man3/SSL_CIPHER_get_name.pod -GENERATE[man/man3/SSL_CIPHER_get_name.3]=man3/SSL_CIPHER_get_name.pod -DEPEND[html/man3/SSL_COMP_add_compression_method.html]=man3/SSL_COMP_add_compression_method.pod -GENERATE[html/man3/SSL_COMP_add_compression_method.html]=man3/SSL_COMP_add_compression_method.pod -DEPEND[man/man3/SSL_COMP_add_compression_method.3]=man3/SSL_COMP_add_compression_method.pod -GENERATE[man/man3/SSL_COMP_add_compression_method.3]=man3/SSL_COMP_add_compression_method.pod -DEPEND[html/man3/SSL_CONF_CTX_new.html]=man3/SSL_CONF_CTX_new.pod -GENERATE[html/man3/SSL_CONF_CTX_new.html]=man3/SSL_CONF_CTX_new.pod -DEPEND[man/man3/SSL_CONF_CTX_new.3]=man3/SSL_CONF_CTX_new.pod -GENERATE[man/man3/SSL_CONF_CTX_new.3]=man3/SSL_CONF_CTX_new.pod -DEPEND[html/man3/SSL_CONF_CTX_set1_prefix.html]=man3/SSL_CONF_CTX_set1_prefix.pod -GENERATE[html/man3/SSL_CONF_CTX_set1_prefix.html]=man3/SSL_CONF_CTX_set1_prefix.pod -DEPEND[man/man3/SSL_CONF_CTX_set1_prefix.3]=man3/SSL_CONF_CTX_set1_prefix.pod -GENERATE[man/man3/SSL_CONF_CTX_set1_prefix.3]=man3/SSL_CONF_CTX_set1_prefix.pod -DEPEND[html/man3/SSL_CONF_CTX_set_flags.html]=man3/SSL_CONF_CTX_set_flags.pod -GENERATE[html/man3/SSL_CONF_CTX_set_flags.html]=man3/SSL_CONF_CTX_set_flags.pod -DEPEND[man/man3/SSL_CONF_CTX_set_flags.3]=man3/SSL_CONF_CTX_set_flags.pod -GENERATE[man/man3/SSL_CONF_CTX_set_flags.3]=man3/SSL_CONF_CTX_set_flags.pod -DEPEND[html/man3/SSL_CONF_CTX_set_ssl_ctx.html]=man3/SSL_CONF_CTX_set_ssl_ctx.pod -GENERATE[html/man3/SSL_CONF_CTX_set_ssl_ctx.html]=man3/SSL_CONF_CTX_set_ssl_ctx.pod -DEPEND[man/man3/SSL_CONF_CTX_set_ssl_ctx.3]=man3/SSL_CONF_CTX_set_ssl_ctx.pod -GENERATE[man/man3/SSL_CONF_CTX_set_ssl_ctx.3]=man3/SSL_CONF_CTX_set_ssl_ctx.pod -DEPEND[html/man3/SSL_CONF_cmd.html]=man3/SSL_CONF_cmd.pod -GENERATE[html/man3/SSL_CONF_cmd.html]=man3/SSL_CONF_cmd.pod -DEPEND[man/man3/SSL_CONF_cmd.3]=man3/SSL_CONF_cmd.pod -GENERATE[man/man3/SSL_CONF_cmd.3]=man3/SSL_CONF_cmd.pod -DEPEND[html/man3/SSL_CONF_cmd_argv.html]=man3/SSL_CONF_cmd_argv.pod -GENERATE[html/man3/SSL_CONF_cmd_argv.html]=man3/SSL_CONF_cmd_argv.pod -DEPEND[man/man3/SSL_CONF_cmd_argv.3]=man3/SSL_CONF_cmd_argv.pod -GENERATE[man/man3/SSL_CONF_cmd_argv.3]=man3/SSL_CONF_cmd_argv.pod -DEPEND[html/man3/SSL_CTX_add1_chain_cert.html]=man3/SSL_CTX_add1_chain_cert.pod -GENERATE[html/man3/SSL_CTX_add1_chain_cert.html]=man3/SSL_CTX_add1_chain_cert.pod -DEPEND[man/man3/SSL_CTX_add1_chain_cert.3]=man3/SSL_CTX_add1_chain_cert.pod -GENERATE[man/man3/SSL_CTX_add1_chain_cert.3]=man3/SSL_CTX_add1_chain_cert.pod -DEPEND[html/man3/SSL_CTX_add_extra_chain_cert.html]=man3/SSL_CTX_add_extra_chain_cert.pod -GENERATE[html/man3/SSL_CTX_add_extra_chain_cert.html]=man3/SSL_CTX_add_extra_chain_cert.pod -DEPEND[man/man3/SSL_CTX_add_extra_chain_cert.3]=man3/SSL_CTX_add_extra_chain_cert.pod -GENERATE[man/man3/SSL_CTX_add_extra_chain_cert.3]=man3/SSL_CTX_add_extra_chain_cert.pod -DEPEND[html/man3/SSL_CTX_add_session.html]=man3/SSL_CTX_add_session.pod -GENERATE[html/man3/SSL_CTX_add_session.html]=man3/SSL_CTX_add_session.pod -DEPEND[man/man3/SSL_CTX_add_session.3]=man3/SSL_CTX_add_session.pod -GENERATE[man/man3/SSL_CTX_add_session.3]=man3/SSL_CTX_add_session.pod -DEPEND[html/man3/SSL_CTX_config.html]=man3/SSL_CTX_config.pod -GENERATE[html/man3/SSL_CTX_config.html]=man3/SSL_CTX_config.pod -DEPEND[man/man3/SSL_CTX_config.3]=man3/SSL_CTX_config.pod -GENERATE[man/man3/SSL_CTX_config.3]=man3/SSL_CTX_config.pod -DEPEND[html/man3/SSL_CTX_ctrl.html]=man3/SSL_CTX_ctrl.pod -GENERATE[html/man3/SSL_CTX_ctrl.html]=man3/SSL_CTX_ctrl.pod -DEPEND[man/man3/SSL_CTX_ctrl.3]=man3/SSL_CTX_ctrl.pod -GENERATE[man/man3/SSL_CTX_ctrl.3]=man3/SSL_CTX_ctrl.pod -DEPEND[html/man3/SSL_CTX_dane_enable.html]=man3/SSL_CTX_dane_enable.pod -GENERATE[html/man3/SSL_CTX_dane_enable.html]=man3/SSL_CTX_dane_enable.pod -DEPEND[man/man3/SSL_CTX_dane_enable.3]=man3/SSL_CTX_dane_enable.pod -GENERATE[man/man3/SSL_CTX_dane_enable.3]=man3/SSL_CTX_dane_enable.pod -DEPEND[html/man3/SSL_CTX_flush_sessions.html]=man3/SSL_CTX_flush_sessions.pod -GENERATE[html/man3/SSL_CTX_flush_sessions.html]=man3/SSL_CTX_flush_sessions.pod -DEPEND[man/man3/SSL_CTX_flush_sessions.3]=man3/SSL_CTX_flush_sessions.pod -GENERATE[man/man3/SSL_CTX_flush_sessions.3]=man3/SSL_CTX_flush_sessions.pod -DEPEND[html/man3/SSL_CTX_free.html]=man3/SSL_CTX_free.pod -GENERATE[html/man3/SSL_CTX_free.html]=man3/SSL_CTX_free.pod -DEPEND[man/man3/SSL_CTX_free.3]=man3/SSL_CTX_free.pod -GENERATE[man/man3/SSL_CTX_free.3]=man3/SSL_CTX_free.pod -DEPEND[html/man3/SSL_CTX_get0_param.html]=man3/SSL_CTX_get0_param.pod -GENERATE[html/man3/SSL_CTX_get0_param.html]=man3/SSL_CTX_get0_param.pod -DEPEND[man/man3/SSL_CTX_get0_param.3]=man3/SSL_CTX_get0_param.pod -GENERATE[man/man3/SSL_CTX_get0_param.3]=man3/SSL_CTX_get0_param.pod -DEPEND[html/man3/SSL_CTX_get_verify_mode.html]=man3/SSL_CTX_get_verify_mode.pod -GENERATE[html/man3/SSL_CTX_get_verify_mode.html]=man3/SSL_CTX_get_verify_mode.pod -DEPEND[man/man3/SSL_CTX_get_verify_mode.3]=man3/SSL_CTX_get_verify_mode.pod -GENERATE[man/man3/SSL_CTX_get_verify_mode.3]=man3/SSL_CTX_get_verify_mode.pod -DEPEND[html/man3/SSL_CTX_has_client_custom_ext.html]=man3/SSL_CTX_has_client_custom_ext.pod -GENERATE[html/man3/SSL_CTX_has_client_custom_ext.html]=man3/SSL_CTX_has_client_custom_ext.pod -DEPEND[man/man3/SSL_CTX_has_client_custom_ext.3]=man3/SSL_CTX_has_client_custom_ext.pod -GENERATE[man/man3/SSL_CTX_has_client_custom_ext.3]=man3/SSL_CTX_has_client_custom_ext.pod -DEPEND[html/man3/SSL_CTX_load_verify_locations.html]=man3/SSL_CTX_load_verify_locations.pod -GENERATE[html/man3/SSL_CTX_load_verify_locations.html]=man3/SSL_CTX_load_verify_locations.pod -DEPEND[man/man3/SSL_CTX_load_verify_locations.3]=man3/SSL_CTX_load_verify_locations.pod -GENERATE[man/man3/SSL_CTX_load_verify_locations.3]=man3/SSL_CTX_load_verify_locations.pod -DEPEND[html/man3/SSL_CTX_new.html]=man3/SSL_CTX_new.pod -GENERATE[html/man3/SSL_CTX_new.html]=man3/SSL_CTX_new.pod -DEPEND[man/man3/SSL_CTX_new.3]=man3/SSL_CTX_new.pod -GENERATE[man/man3/SSL_CTX_new.3]=man3/SSL_CTX_new.pod -DEPEND[html/man3/SSL_CTX_sess_number.html]=man3/SSL_CTX_sess_number.pod -GENERATE[html/man3/SSL_CTX_sess_number.html]=man3/SSL_CTX_sess_number.pod -DEPEND[man/man3/SSL_CTX_sess_number.3]=man3/SSL_CTX_sess_number.pod -GENERATE[man/man3/SSL_CTX_sess_number.3]=man3/SSL_CTX_sess_number.pod -DEPEND[html/man3/SSL_CTX_sess_set_cache_size.html]=man3/SSL_CTX_sess_set_cache_size.pod -GENERATE[html/man3/SSL_CTX_sess_set_cache_size.html]=man3/SSL_CTX_sess_set_cache_size.pod -DEPEND[man/man3/SSL_CTX_sess_set_cache_size.3]=man3/SSL_CTX_sess_set_cache_size.pod -GENERATE[man/man3/SSL_CTX_sess_set_cache_size.3]=man3/SSL_CTX_sess_set_cache_size.pod -DEPEND[html/man3/SSL_CTX_sess_set_get_cb.html]=man3/SSL_CTX_sess_set_get_cb.pod -GENERATE[html/man3/SSL_CTX_sess_set_get_cb.html]=man3/SSL_CTX_sess_set_get_cb.pod -DEPEND[man/man3/SSL_CTX_sess_set_get_cb.3]=man3/SSL_CTX_sess_set_get_cb.pod -GENERATE[man/man3/SSL_CTX_sess_set_get_cb.3]=man3/SSL_CTX_sess_set_get_cb.pod -DEPEND[html/man3/SSL_CTX_sessions.html]=man3/SSL_CTX_sessions.pod -GENERATE[html/man3/SSL_CTX_sessions.html]=man3/SSL_CTX_sessions.pod -DEPEND[man/man3/SSL_CTX_sessions.3]=man3/SSL_CTX_sessions.pod -GENERATE[man/man3/SSL_CTX_sessions.3]=man3/SSL_CTX_sessions.pod -DEPEND[html/man3/SSL_CTX_set0_CA_list.html]=man3/SSL_CTX_set0_CA_list.pod -GENERATE[html/man3/SSL_CTX_set0_CA_list.html]=man3/SSL_CTX_set0_CA_list.pod -DEPEND[man/man3/SSL_CTX_set0_CA_list.3]=man3/SSL_CTX_set0_CA_list.pod -GENERATE[man/man3/SSL_CTX_set0_CA_list.3]=man3/SSL_CTX_set0_CA_list.pod -DEPEND[html/man3/SSL_CTX_set1_curves.html]=man3/SSL_CTX_set1_curves.pod -GENERATE[html/man3/SSL_CTX_set1_curves.html]=man3/SSL_CTX_set1_curves.pod -DEPEND[man/man3/SSL_CTX_set1_curves.3]=man3/SSL_CTX_set1_curves.pod -GENERATE[man/man3/SSL_CTX_set1_curves.3]=man3/SSL_CTX_set1_curves.pod -DEPEND[html/man3/SSL_CTX_set1_sigalgs.html]=man3/SSL_CTX_set1_sigalgs.pod -GENERATE[html/man3/SSL_CTX_set1_sigalgs.html]=man3/SSL_CTX_set1_sigalgs.pod -DEPEND[man/man3/SSL_CTX_set1_sigalgs.3]=man3/SSL_CTX_set1_sigalgs.pod -GENERATE[man/man3/SSL_CTX_set1_sigalgs.3]=man3/SSL_CTX_set1_sigalgs.pod -DEPEND[html/man3/SSL_CTX_set1_verify_cert_store.html]=man3/SSL_CTX_set1_verify_cert_store.pod -GENERATE[html/man3/SSL_CTX_set1_verify_cert_store.html]=man3/SSL_CTX_set1_verify_cert_store.pod -DEPEND[man/man3/SSL_CTX_set1_verify_cert_store.3]=man3/SSL_CTX_set1_verify_cert_store.pod -GENERATE[man/man3/SSL_CTX_set1_verify_cert_store.3]=man3/SSL_CTX_set1_verify_cert_store.pod -DEPEND[html/man3/SSL_CTX_set_alpn_select_cb.html]=man3/SSL_CTX_set_alpn_select_cb.pod -GENERATE[html/man3/SSL_CTX_set_alpn_select_cb.html]=man3/SSL_CTX_set_alpn_select_cb.pod -DEPEND[man/man3/SSL_CTX_set_alpn_select_cb.3]=man3/SSL_CTX_set_alpn_select_cb.pod -GENERATE[man/man3/SSL_CTX_set_alpn_select_cb.3]=man3/SSL_CTX_set_alpn_select_cb.pod -DEPEND[html/man3/SSL_CTX_set_cert_cb.html]=man3/SSL_CTX_set_cert_cb.pod -GENERATE[html/man3/SSL_CTX_set_cert_cb.html]=man3/SSL_CTX_set_cert_cb.pod -DEPEND[man/man3/SSL_CTX_set_cert_cb.3]=man3/SSL_CTX_set_cert_cb.pod -GENERATE[man/man3/SSL_CTX_set_cert_cb.3]=man3/SSL_CTX_set_cert_cb.pod -DEPEND[html/man3/SSL_CTX_set_cert_store.html]=man3/SSL_CTX_set_cert_store.pod -GENERATE[html/man3/SSL_CTX_set_cert_store.html]=man3/SSL_CTX_set_cert_store.pod -DEPEND[man/man3/SSL_CTX_set_cert_store.3]=man3/SSL_CTX_set_cert_store.pod -GENERATE[man/man3/SSL_CTX_set_cert_store.3]=man3/SSL_CTX_set_cert_store.pod -DEPEND[html/man3/SSL_CTX_set_cert_verify_callback.html]=man3/SSL_CTX_set_cert_verify_callback.pod -GENERATE[html/man3/SSL_CTX_set_cert_verify_callback.html]=man3/SSL_CTX_set_cert_verify_callback.pod -DEPEND[man/man3/SSL_CTX_set_cert_verify_callback.3]=man3/SSL_CTX_set_cert_verify_callback.pod -GENERATE[man/man3/SSL_CTX_set_cert_verify_callback.3]=man3/SSL_CTX_set_cert_verify_callback.pod -DEPEND[html/man3/SSL_CTX_set_cipher_list.html]=man3/SSL_CTX_set_cipher_list.pod -GENERATE[html/man3/SSL_CTX_set_cipher_list.html]=man3/SSL_CTX_set_cipher_list.pod -DEPEND[man/man3/SSL_CTX_set_cipher_list.3]=man3/SSL_CTX_set_cipher_list.pod -GENERATE[man/man3/SSL_CTX_set_cipher_list.3]=man3/SSL_CTX_set_cipher_list.pod -DEPEND[html/man3/SSL_CTX_set_client_cert_cb.html]=man3/SSL_CTX_set_client_cert_cb.pod -GENERATE[html/man3/SSL_CTX_set_client_cert_cb.html]=man3/SSL_CTX_set_client_cert_cb.pod -DEPEND[man/man3/SSL_CTX_set_client_cert_cb.3]=man3/SSL_CTX_set_client_cert_cb.pod -GENERATE[man/man3/SSL_CTX_set_client_cert_cb.3]=man3/SSL_CTX_set_client_cert_cb.pod -DEPEND[html/man3/SSL_CTX_set_client_hello_cb.html]=man3/SSL_CTX_set_client_hello_cb.pod -GENERATE[html/man3/SSL_CTX_set_client_hello_cb.html]=man3/SSL_CTX_set_client_hello_cb.pod -DEPEND[man/man3/SSL_CTX_set_client_hello_cb.3]=man3/SSL_CTX_set_client_hello_cb.pod -GENERATE[man/man3/SSL_CTX_set_client_hello_cb.3]=man3/SSL_CTX_set_client_hello_cb.pod -DEPEND[html/man3/SSL_CTX_set_ct_validation_callback.html]=man3/SSL_CTX_set_ct_validation_callback.pod -GENERATE[html/man3/SSL_CTX_set_ct_validation_callback.html]=man3/SSL_CTX_set_ct_validation_callback.pod -DEPEND[man/man3/SSL_CTX_set_ct_validation_callback.3]=man3/SSL_CTX_set_ct_validation_callback.pod -GENERATE[man/man3/SSL_CTX_set_ct_validation_callback.3]=man3/SSL_CTX_set_ct_validation_callback.pod -DEPEND[html/man3/SSL_CTX_set_ctlog_list_file.html]=man3/SSL_CTX_set_ctlog_list_file.pod -GENERATE[html/man3/SSL_CTX_set_ctlog_list_file.html]=man3/SSL_CTX_set_ctlog_list_file.pod -DEPEND[man/man3/SSL_CTX_set_ctlog_list_file.3]=man3/SSL_CTX_set_ctlog_list_file.pod -GENERATE[man/man3/SSL_CTX_set_ctlog_list_file.3]=man3/SSL_CTX_set_ctlog_list_file.pod -DEPEND[html/man3/SSL_CTX_set_default_passwd_cb.html]=man3/SSL_CTX_set_default_passwd_cb.pod -GENERATE[html/man3/SSL_CTX_set_default_passwd_cb.html]=man3/SSL_CTX_set_default_passwd_cb.pod -DEPEND[man/man3/SSL_CTX_set_default_passwd_cb.3]=man3/SSL_CTX_set_default_passwd_cb.pod -GENERATE[man/man3/SSL_CTX_set_default_passwd_cb.3]=man3/SSL_CTX_set_default_passwd_cb.pod -DEPEND[html/man3/SSL_CTX_set_generate_session_id.html]=man3/SSL_CTX_set_generate_session_id.pod -GENERATE[html/man3/SSL_CTX_set_generate_session_id.html]=man3/SSL_CTX_set_generate_session_id.pod -DEPEND[man/man3/SSL_CTX_set_generate_session_id.3]=man3/SSL_CTX_set_generate_session_id.pod -GENERATE[man/man3/SSL_CTX_set_generate_session_id.3]=man3/SSL_CTX_set_generate_session_id.pod -DEPEND[html/man3/SSL_CTX_set_info_callback.html]=man3/SSL_CTX_set_info_callback.pod -GENERATE[html/man3/SSL_CTX_set_info_callback.html]=man3/SSL_CTX_set_info_callback.pod -DEPEND[man/man3/SSL_CTX_set_info_callback.3]=man3/SSL_CTX_set_info_callback.pod -GENERATE[man/man3/SSL_CTX_set_info_callback.3]=man3/SSL_CTX_set_info_callback.pod -DEPEND[html/man3/SSL_CTX_set_keylog_callback.html]=man3/SSL_CTX_set_keylog_callback.pod -GENERATE[html/man3/SSL_CTX_set_keylog_callback.html]=man3/SSL_CTX_set_keylog_callback.pod -DEPEND[man/man3/SSL_CTX_set_keylog_callback.3]=man3/SSL_CTX_set_keylog_callback.pod -GENERATE[man/man3/SSL_CTX_set_keylog_callback.3]=man3/SSL_CTX_set_keylog_callback.pod -DEPEND[html/man3/SSL_CTX_set_max_cert_list.html]=man3/SSL_CTX_set_max_cert_list.pod -GENERATE[html/man3/SSL_CTX_set_max_cert_list.html]=man3/SSL_CTX_set_max_cert_list.pod -DEPEND[man/man3/SSL_CTX_set_max_cert_list.3]=man3/SSL_CTX_set_max_cert_list.pod -GENERATE[man/man3/SSL_CTX_set_max_cert_list.3]=man3/SSL_CTX_set_max_cert_list.pod -DEPEND[html/man3/SSL_CTX_set_min_proto_version.html]=man3/SSL_CTX_set_min_proto_version.pod -GENERATE[html/man3/SSL_CTX_set_min_proto_version.html]=man3/SSL_CTX_set_min_proto_version.pod -DEPEND[man/man3/SSL_CTX_set_min_proto_version.3]=man3/SSL_CTX_set_min_proto_version.pod -GENERATE[man/man3/SSL_CTX_set_min_proto_version.3]=man3/SSL_CTX_set_min_proto_version.pod -DEPEND[html/man3/SSL_CTX_set_mode.html]=man3/SSL_CTX_set_mode.pod -GENERATE[html/man3/SSL_CTX_set_mode.html]=man3/SSL_CTX_set_mode.pod -DEPEND[man/man3/SSL_CTX_set_mode.3]=man3/SSL_CTX_set_mode.pod -GENERATE[man/man3/SSL_CTX_set_mode.3]=man3/SSL_CTX_set_mode.pod -DEPEND[html/man3/SSL_CTX_set_msg_callback.html]=man3/SSL_CTX_set_msg_callback.pod -GENERATE[html/man3/SSL_CTX_set_msg_callback.html]=man3/SSL_CTX_set_msg_callback.pod -DEPEND[man/man3/SSL_CTX_set_msg_callback.3]=man3/SSL_CTX_set_msg_callback.pod -GENERATE[man/man3/SSL_CTX_set_msg_callback.3]=man3/SSL_CTX_set_msg_callback.pod -DEPEND[html/man3/SSL_CTX_set_num_tickets.html]=man3/SSL_CTX_set_num_tickets.pod -GENERATE[html/man3/SSL_CTX_set_num_tickets.html]=man3/SSL_CTX_set_num_tickets.pod -DEPEND[man/man3/SSL_CTX_set_num_tickets.3]=man3/SSL_CTX_set_num_tickets.pod -GENERATE[man/man3/SSL_CTX_set_num_tickets.3]=man3/SSL_CTX_set_num_tickets.pod -DEPEND[html/man3/SSL_CTX_set_options.html]=man3/SSL_CTX_set_options.pod -GENERATE[html/man3/SSL_CTX_set_options.html]=man3/SSL_CTX_set_options.pod -DEPEND[man/man3/SSL_CTX_set_options.3]=man3/SSL_CTX_set_options.pod -GENERATE[man/man3/SSL_CTX_set_options.3]=man3/SSL_CTX_set_options.pod -DEPEND[html/man3/SSL_CTX_set_psk_client_callback.html]=man3/SSL_CTX_set_psk_client_callback.pod -GENERATE[html/man3/SSL_CTX_set_psk_client_callback.html]=man3/SSL_CTX_set_psk_client_callback.pod -DEPEND[man/man3/SSL_CTX_set_psk_client_callback.3]=man3/SSL_CTX_set_psk_client_callback.pod -GENERATE[man/man3/SSL_CTX_set_psk_client_callback.3]=man3/SSL_CTX_set_psk_client_callback.pod -DEPEND[html/man3/SSL_CTX_set_quiet_shutdown.html]=man3/SSL_CTX_set_quiet_shutdown.pod -GENERATE[html/man3/SSL_CTX_set_quiet_shutdown.html]=man3/SSL_CTX_set_quiet_shutdown.pod -DEPEND[man/man3/SSL_CTX_set_quiet_shutdown.3]=man3/SSL_CTX_set_quiet_shutdown.pod -GENERATE[man/man3/SSL_CTX_set_quiet_shutdown.3]=man3/SSL_CTX_set_quiet_shutdown.pod -DEPEND[html/man3/SSL_CTX_set_read_ahead.html]=man3/SSL_CTX_set_read_ahead.pod -GENERATE[html/man3/SSL_CTX_set_read_ahead.html]=man3/SSL_CTX_set_read_ahead.pod -DEPEND[man/man3/SSL_CTX_set_read_ahead.3]=man3/SSL_CTX_set_read_ahead.pod -GENERATE[man/man3/SSL_CTX_set_read_ahead.3]=man3/SSL_CTX_set_read_ahead.pod -DEPEND[html/man3/SSL_CTX_set_record_padding_callback.html]=man3/SSL_CTX_set_record_padding_callback.pod -GENERATE[html/man3/SSL_CTX_set_record_padding_callback.html]=man3/SSL_CTX_set_record_padding_callback.pod -DEPEND[man/man3/SSL_CTX_set_record_padding_callback.3]=man3/SSL_CTX_set_record_padding_callback.pod -GENERATE[man/man3/SSL_CTX_set_record_padding_callback.3]=man3/SSL_CTX_set_record_padding_callback.pod -DEPEND[html/man3/SSL_CTX_set_security_level.html]=man3/SSL_CTX_set_security_level.pod -GENERATE[html/man3/SSL_CTX_set_security_level.html]=man3/SSL_CTX_set_security_level.pod -DEPEND[man/man3/SSL_CTX_set_security_level.3]=man3/SSL_CTX_set_security_level.pod -GENERATE[man/man3/SSL_CTX_set_security_level.3]=man3/SSL_CTX_set_security_level.pod -DEPEND[html/man3/SSL_CTX_set_session_cache_mode.html]=man3/SSL_CTX_set_session_cache_mode.pod -GENERATE[html/man3/SSL_CTX_set_session_cache_mode.html]=man3/SSL_CTX_set_session_cache_mode.pod -DEPEND[man/man3/SSL_CTX_set_session_cache_mode.3]=man3/SSL_CTX_set_session_cache_mode.pod -GENERATE[man/man3/SSL_CTX_set_session_cache_mode.3]=man3/SSL_CTX_set_session_cache_mode.pod -DEPEND[html/man3/SSL_CTX_set_session_id_context.html]=man3/SSL_CTX_set_session_id_context.pod -GENERATE[html/man3/SSL_CTX_set_session_id_context.html]=man3/SSL_CTX_set_session_id_context.pod -DEPEND[man/man3/SSL_CTX_set_session_id_context.3]=man3/SSL_CTX_set_session_id_context.pod -GENERATE[man/man3/SSL_CTX_set_session_id_context.3]=man3/SSL_CTX_set_session_id_context.pod -DEPEND[html/man3/SSL_CTX_set_session_ticket_cb.html]=man3/SSL_CTX_set_session_ticket_cb.pod -GENERATE[html/man3/SSL_CTX_set_session_ticket_cb.html]=man3/SSL_CTX_set_session_ticket_cb.pod -DEPEND[man/man3/SSL_CTX_set_session_ticket_cb.3]=man3/SSL_CTX_set_session_ticket_cb.pod -GENERATE[man/man3/SSL_CTX_set_session_ticket_cb.3]=man3/SSL_CTX_set_session_ticket_cb.pod -DEPEND[html/man3/SSL_CTX_set_split_send_fragment.html]=man3/SSL_CTX_set_split_send_fragment.pod -GENERATE[html/man3/SSL_CTX_set_split_send_fragment.html]=man3/SSL_CTX_set_split_send_fragment.pod -DEPEND[man/man3/SSL_CTX_set_split_send_fragment.3]=man3/SSL_CTX_set_split_send_fragment.pod -GENERATE[man/man3/SSL_CTX_set_split_send_fragment.3]=man3/SSL_CTX_set_split_send_fragment.pod -DEPEND[html/man3/SSL_CTX_set_srp_password.html]=man3/SSL_CTX_set_srp_password.pod -GENERATE[html/man3/SSL_CTX_set_srp_password.html]=man3/SSL_CTX_set_srp_password.pod -DEPEND[man/man3/SSL_CTX_set_srp_password.3]=man3/SSL_CTX_set_srp_password.pod -GENERATE[man/man3/SSL_CTX_set_srp_password.3]=man3/SSL_CTX_set_srp_password.pod -DEPEND[html/man3/SSL_CTX_set_ssl_version.html]=man3/SSL_CTX_set_ssl_version.pod -GENERATE[html/man3/SSL_CTX_set_ssl_version.html]=man3/SSL_CTX_set_ssl_version.pod -DEPEND[man/man3/SSL_CTX_set_ssl_version.3]=man3/SSL_CTX_set_ssl_version.pod -GENERATE[man/man3/SSL_CTX_set_ssl_version.3]=man3/SSL_CTX_set_ssl_version.pod -DEPEND[html/man3/SSL_CTX_set_stateless_cookie_generate_cb.html]=man3/SSL_CTX_set_stateless_cookie_generate_cb.pod -GENERATE[html/man3/SSL_CTX_set_stateless_cookie_generate_cb.html]=man3/SSL_CTX_set_stateless_cookie_generate_cb.pod -DEPEND[man/man3/SSL_CTX_set_stateless_cookie_generate_cb.3]=man3/SSL_CTX_set_stateless_cookie_generate_cb.pod -GENERATE[man/man3/SSL_CTX_set_stateless_cookie_generate_cb.3]=man3/SSL_CTX_set_stateless_cookie_generate_cb.pod -DEPEND[html/man3/SSL_CTX_set_timeout.html]=man3/SSL_CTX_set_timeout.pod -GENERATE[html/man3/SSL_CTX_set_timeout.html]=man3/SSL_CTX_set_timeout.pod -DEPEND[man/man3/SSL_CTX_set_timeout.3]=man3/SSL_CTX_set_timeout.pod -GENERATE[man/man3/SSL_CTX_set_timeout.3]=man3/SSL_CTX_set_timeout.pod -DEPEND[html/man3/SSL_CTX_set_tlsext_servername_callback.html]=man3/SSL_CTX_set_tlsext_servername_callback.pod -GENERATE[html/man3/SSL_CTX_set_tlsext_servername_callback.html]=man3/SSL_CTX_set_tlsext_servername_callback.pod -DEPEND[man/man3/SSL_CTX_set_tlsext_servername_callback.3]=man3/SSL_CTX_set_tlsext_servername_callback.pod -GENERATE[man/man3/SSL_CTX_set_tlsext_servername_callback.3]=man3/SSL_CTX_set_tlsext_servername_callback.pod -DEPEND[html/man3/SSL_CTX_set_tlsext_status_cb.html]=man3/SSL_CTX_set_tlsext_status_cb.pod -GENERATE[html/man3/SSL_CTX_set_tlsext_status_cb.html]=man3/SSL_CTX_set_tlsext_status_cb.pod -DEPEND[man/man3/SSL_CTX_set_tlsext_status_cb.3]=man3/SSL_CTX_set_tlsext_status_cb.pod -GENERATE[man/man3/SSL_CTX_set_tlsext_status_cb.3]=man3/SSL_CTX_set_tlsext_status_cb.pod -DEPEND[html/man3/SSL_CTX_set_tlsext_ticket_key_cb.html]=man3/SSL_CTX_set_tlsext_ticket_key_cb.pod -GENERATE[html/man3/SSL_CTX_set_tlsext_ticket_key_cb.html]=man3/SSL_CTX_set_tlsext_ticket_key_cb.pod -DEPEND[man/man3/SSL_CTX_set_tlsext_ticket_key_cb.3]=man3/SSL_CTX_set_tlsext_ticket_key_cb.pod -GENERATE[man/man3/SSL_CTX_set_tlsext_ticket_key_cb.3]=man3/SSL_CTX_set_tlsext_ticket_key_cb.pod -DEPEND[html/man3/SSL_CTX_set_tlsext_use_srtp.html]=man3/SSL_CTX_set_tlsext_use_srtp.pod -GENERATE[html/man3/SSL_CTX_set_tlsext_use_srtp.html]=man3/SSL_CTX_set_tlsext_use_srtp.pod -DEPEND[man/man3/SSL_CTX_set_tlsext_use_srtp.3]=man3/SSL_CTX_set_tlsext_use_srtp.pod -GENERATE[man/man3/SSL_CTX_set_tlsext_use_srtp.3]=man3/SSL_CTX_set_tlsext_use_srtp.pod -DEPEND[html/man3/SSL_CTX_set_tmp_dh_callback.html]=man3/SSL_CTX_set_tmp_dh_callback.pod -GENERATE[html/man3/SSL_CTX_set_tmp_dh_callback.html]=man3/SSL_CTX_set_tmp_dh_callback.pod -DEPEND[man/man3/SSL_CTX_set_tmp_dh_callback.3]=man3/SSL_CTX_set_tmp_dh_callback.pod -GENERATE[man/man3/SSL_CTX_set_tmp_dh_callback.3]=man3/SSL_CTX_set_tmp_dh_callback.pod -DEPEND[html/man3/SSL_CTX_set_tmp_ecdh.html]=man3/SSL_CTX_set_tmp_ecdh.pod -GENERATE[html/man3/SSL_CTX_set_tmp_ecdh.html]=man3/SSL_CTX_set_tmp_ecdh.pod -DEPEND[man/man3/SSL_CTX_set_tmp_ecdh.3]=man3/SSL_CTX_set_tmp_ecdh.pod -GENERATE[man/man3/SSL_CTX_set_tmp_ecdh.3]=man3/SSL_CTX_set_tmp_ecdh.pod -DEPEND[html/man3/SSL_CTX_set_verify.html]=man3/SSL_CTX_set_verify.pod -GENERATE[html/man3/SSL_CTX_set_verify.html]=man3/SSL_CTX_set_verify.pod -DEPEND[man/man3/SSL_CTX_set_verify.3]=man3/SSL_CTX_set_verify.pod -GENERATE[man/man3/SSL_CTX_set_verify.3]=man3/SSL_CTX_set_verify.pod -DEPEND[html/man3/SSL_CTX_use_certificate.html]=man3/SSL_CTX_use_certificate.pod -GENERATE[html/man3/SSL_CTX_use_certificate.html]=man3/SSL_CTX_use_certificate.pod -DEPEND[man/man3/SSL_CTX_use_certificate.3]=man3/SSL_CTX_use_certificate.pod -GENERATE[man/man3/SSL_CTX_use_certificate.3]=man3/SSL_CTX_use_certificate.pod -DEPEND[html/man3/SSL_CTX_use_psk_identity_hint.html]=man3/SSL_CTX_use_psk_identity_hint.pod -GENERATE[html/man3/SSL_CTX_use_psk_identity_hint.html]=man3/SSL_CTX_use_psk_identity_hint.pod -DEPEND[man/man3/SSL_CTX_use_psk_identity_hint.3]=man3/SSL_CTX_use_psk_identity_hint.pod -GENERATE[man/man3/SSL_CTX_use_psk_identity_hint.3]=man3/SSL_CTX_use_psk_identity_hint.pod -DEPEND[html/man3/SSL_CTX_use_serverinfo.html]=man3/SSL_CTX_use_serverinfo.pod -GENERATE[html/man3/SSL_CTX_use_serverinfo.html]=man3/SSL_CTX_use_serverinfo.pod -DEPEND[man/man3/SSL_CTX_use_serverinfo.3]=man3/SSL_CTX_use_serverinfo.pod -GENERATE[man/man3/SSL_CTX_use_serverinfo.3]=man3/SSL_CTX_use_serverinfo.pod -DEPEND[html/man3/SSL_SESSION_free.html]=man3/SSL_SESSION_free.pod -GENERATE[html/man3/SSL_SESSION_free.html]=man3/SSL_SESSION_free.pod -DEPEND[man/man3/SSL_SESSION_free.3]=man3/SSL_SESSION_free.pod -GENERATE[man/man3/SSL_SESSION_free.3]=man3/SSL_SESSION_free.pod -DEPEND[html/man3/SSL_SESSION_get0_cipher.html]=man3/SSL_SESSION_get0_cipher.pod -GENERATE[html/man3/SSL_SESSION_get0_cipher.html]=man3/SSL_SESSION_get0_cipher.pod -DEPEND[man/man3/SSL_SESSION_get0_cipher.3]=man3/SSL_SESSION_get0_cipher.pod -GENERATE[man/man3/SSL_SESSION_get0_cipher.3]=man3/SSL_SESSION_get0_cipher.pod -DEPEND[html/man3/SSL_SESSION_get0_hostname.html]=man3/SSL_SESSION_get0_hostname.pod -GENERATE[html/man3/SSL_SESSION_get0_hostname.html]=man3/SSL_SESSION_get0_hostname.pod -DEPEND[man/man3/SSL_SESSION_get0_hostname.3]=man3/SSL_SESSION_get0_hostname.pod -GENERATE[man/man3/SSL_SESSION_get0_hostname.3]=man3/SSL_SESSION_get0_hostname.pod -DEPEND[html/man3/SSL_SESSION_get0_id_context.html]=man3/SSL_SESSION_get0_id_context.pod -GENERATE[html/man3/SSL_SESSION_get0_id_context.html]=man3/SSL_SESSION_get0_id_context.pod -DEPEND[man/man3/SSL_SESSION_get0_id_context.3]=man3/SSL_SESSION_get0_id_context.pod -GENERATE[man/man3/SSL_SESSION_get0_id_context.3]=man3/SSL_SESSION_get0_id_context.pod -DEPEND[html/man3/SSL_SESSION_get0_peer.html]=man3/SSL_SESSION_get0_peer.pod -GENERATE[html/man3/SSL_SESSION_get0_peer.html]=man3/SSL_SESSION_get0_peer.pod -DEPEND[man/man3/SSL_SESSION_get0_peer.3]=man3/SSL_SESSION_get0_peer.pod -GENERATE[man/man3/SSL_SESSION_get0_peer.3]=man3/SSL_SESSION_get0_peer.pod -DEPEND[html/man3/SSL_SESSION_get_compress_id.html]=man3/SSL_SESSION_get_compress_id.pod -GENERATE[html/man3/SSL_SESSION_get_compress_id.html]=man3/SSL_SESSION_get_compress_id.pod -DEPEND[man/man3/SSL_SESSION_get_compress_id.3]=man3/SSL_SESSION_get_compress_id.pod -GENERATE[man/man3/SSL_SESSION_get_compress_id.3]=man3/SSL_SESSION_get_compress_id.pod -DEPEND[html/man3/SSL_SESSION_get_protocol_version.html]=man3/SSL_SESSION_get_protocol_version.pod -GENERATE[html/man3/SSL_SESSION_get_protocol_version.html]=man3/SSL_SESSION_get_protocol_version.pod -DEPEND[man/man3/SSL_SESSION_get_protocol_version.3]=man3/SSL_SESSION_get_protocol_version.pod -GENERATE[man/man3/SSL_SESSION_get_protocol_version.3]=man3/SSL_SESSION_get_protocol_version.pod -DEPEND[html/man3/SSL_SESSION_get_time.html]=man3/SSL_SESSION_get_time.pod -GENERATE[html/man3/SSL_SESSION_get_time.html]=man3/SSL_SESSION_get_time.pod -DEPEND[man/man3/SSL_SESSION_get_time.3]=man3/SSL_SESSION_get_time.pod -GENERATE[man/man3/SSL_SESSION_get_time.3]=man3/SSL_SESSION_get_time.pod -DEPEND[html/man3/SSL_SESSION_has_ticket.html]=man3/SSL_SESSION_has_ticket.pod -GENERATE[html/man3/SSL_SESSION_has_ticket.html]=man3/SSL_SESSION_has_ticket.pod -DEPEND[man/man3/SSL_SESSION_has_ticket.3]=man3/SSL_SESSION_has_ticket.pod -GENERATE[man/man3/SSL_SESSION_has_ticket.3]=man3/SSL_SESSION_has_ticket.pod -DEPEND[html/man3/SSL_SESSION_is_resumable.html]=man3/SSL_SESSION_is_resumable.pod -GENERATE[html/man3/SSL_SESSION_is_resumable.html]=man3/SSL_SESSION_is_resumable.pod -DEPEND[man/man3/SSL_SESSION_is_resumable.3]=man3/SSL_SESSION_is_resumable.pod -GENERATE[man/man3/SSL_SESSION_is_resumable.3]=man3/SSL_SESSION_is_resumable.pod -DEPEND[html/man3/SSL_SESSION_print.html]=man3/SSL_SESSION_print.pod -GENERATE[html/man3/SSL_SESSION_print.html]=man3/SSL_SESSION_print.pod -DEPEND[man/man3/SSL_SESSION_print.3]=man3/SSL_SESSION_print.pod -GENERATE[man/man3/SSL_SESSION_print.3]=man3/SSL_SESSION_print.pod -DEPEND[html/man3/SSL_SESSION_set1_id.html]=man3/SSL_SESSION_set1_id.pod -GENERATE[html/man3/SSL_SESSION_set1_id.html]=man3/SSL_SESSION_set1_id.pod -DEPEND[man/man3/SSL_SESSION_set1_id.3]=man3/SSL_SESSION_set1_id.pod -GENERATE[man/man3/SSL_SESSION_set1_id.3]=man3/SSL_SESSION_set1_id.pod -DEPEND[html/man3/SSL_accept.html]=man3/SSL_accept.pod -GENERATE[html/man3/SSL_accept.html]=man3/SSL_accept.pod -DEPEND[man/man3/SSL_accept.3]=man3/SSL_accept.pod -GENERATE[man/man3/SSL_accept.3]=man3/SSL_accept.pod -DEPEND[html/man3/SSL_alert_type_string.html]=man3/SSL_alert_type_string.pod -GENERATE[html/man3/SSL_alert_type_string.html]=man3/SSL_alert_type_string.pod -DEPEND[man/man3/SSL_alert_type_string.3]=man3/SSL_alert_type_string.pod -GENERATE[man/man3/SSL_alert_type_string.3]=man3/SSL_alert_type_string.pod -DEPEND[html/man3/SSL_alloc_buffers.html]=man3/SSL_alloc_buffers.pod -GENERATE[html/man3/SSL_alloc_buffers.html]=man3/SSL_alloc_buffers.pod -DEPEND[man/man3/SSL_alloc_buffers.3]=man3/SSL_alloc_buffers.pod -GENERATE[man/man3/SSL_alloc_buffers.3]=man3/SSL_alloc_buffers.pod -DEPEND[html/man3/SSL_check_chain.html]=man3/SSL_check_chain.pod -GENERATE[html/man3/SSL_check_chain.html]=man3/SSL_check_chain.pod -DEPEND[man/man3/SSL_check_chain.3]=man3/SSL_check_chain.pod -GENERATE[man/man3/SSL_check_chain.3]=man3/SSL_check_chain.pod -DEPEND[html/man3/SSL_clear.html]=man3/SSL_clear.pod -GENERATE[html/man3/SSL_clear.html]=man3/SSL_clear.pod -DEPEND[man/man3/SSL_clear.3]=man3/SSL_clear.pod -GENERATE[man/man3/SSL_clear.3]=man3/SSL_clear.pod -DEPEND[html/man3/SSL_connect.html]=man3/SSL_connect.pod -GENERATE[html/man3/SSL_connect.html]=man3/SSL_connect.pod -DEPEND[man/man3/SSL_connect.3]=man3/SSL_connect.pod -GENERATE[man/man3/SSL_connect.3]=man3/SSL_connect.pod -DEPEND[html/man3/SSL_do_handshake.html]=man3/SSL_do_handshake.pod -GENERATE[html/man3/SSL_do_handshake.html]=man3/SSL_do_handshake.pod -DEPEND[man/man3/SSL_do_handshake.3]=man3/SSL_do_handshake.pod -GENERATE[man/man3/SSL_do_handshake.3]=man3/SSL_do_handshake.pod -DEPEND[html/man3/SSL_export_keying_material.html]=man3/SSL_export_keying_material.pod -GENERATE[html/man3/SSL_export_keying_material.html]=man3/SSL_export_keying_material.pod -DEPEND[man/man3/SSL_export_keying_material.3]=man3/SSL_export_keying_material.pod -GENERATE[man/man3/SSL_export_keying_material.3]=man3/SSL_export_keying_material.pod -DEPEND[html/man3/SSL_extension_supported.html]=man3/SSL_extension_supported.pod -GENERATE[html/man3/SSL_extension_supported.html]=man3/SSL_extension_supported.pod -DEPEND[man/man3/SSL_extension_supported.3]=man3/SSL_extension_supported.pod -GENERATE[man/man3/SSL_extension_supported.3]=man3/SSL_extension_supported.pod -DEPEND[html/man3/SSL_free.html]=man3/SSL_free.pod -GENERATE[html/man3/SSL_free.html]=man3/SSL_free.pod -DEPEND[man/man3/SSL_free.3]=man3/SSL_free.pod -GENERATE[man/man3/SSL_free.3]=man3/SSL_free.pod -DEPEND[html/man3/SSL_get0_peer_scts.html]=man3/SSL_get0_peer_scts.pod -GENERATE[html/man3/SSL_get0_peer_scts.html]=man3/SSL_get0_peer_scts.pod -DEPEND[man/man3/SSL_get0_peer_scts.3]=man3/SSL_get0_peer_scts.pod -GENERATE[man/man3/SSL_get0_peer_scts.3]=man3/SSL_get0_peer_scts.pod -DEPEND[html/man3/SSL_get_SSL_CTX.html]=man3/SSL_get_SSL_CTX.pod -GENERATE[html/man3/SSL_get_SSL_CTX.html]=man3/SSL_get_SSL_CTX.pod -DEPEND[man/man3/SSL_get_SSL_CTX.3]=man3/SSL_get_SSL_CTX.pod -GENERATE[man/man3/SSL_get_SSL_CTX.3]=man3/SSL_get_SSL_CTX.pod -DEPEND[html/man3/SSL_get_all_async_fds.html]=man3/SSL_get_all_async_fds.pod -GENERATE[html/man3/SSL_get_all_async_fds.html]=man3/SSL_get_all_async_fds.pod -DEPEND[man/man3/SSL_get_all_async_fds.3]=man3/SSL_get_all_async_fds.pod -GENERATE[man/man3/SSL_get_all_async_fds.3]=man3/SSL_get_all_async_fds.pod -DEPEND[html/man3/SSL_get_certificate.html]=man3/SSL_get_certificate.pod -GENERATE[html/man3/SSL_get_certificate.html]=man3/SSL_get_certificate.pod -DEPEND[man/man3/SSL_get_certificate.3]=man3/SSL_get_certificate.pod -GENERATE[man/man3/SSL_get_certificate.3]=man3/SSL_get_certificate.pod -DEPEND[html/man3/SSL_get_ciphers.html]=man3/SSL_get_ciphers.pod -GENERATE[html/man3/SSL_get_ciphers.html]=man3/SSL_get_ciphers.pod -DEPEND[man/man3/SSL_get_ciphers.3]=man3/SSL_get_ciphers.pod -GENERATE[man/man3/SSL_get_ciphers.3]=man3/SSL_get_ciphers.pod -DEPEND[html/man3/SSL_get_client_random.html]=man3/SSL_get_client_random.pod -GENERATE[html/man3/SSL_get_client_random.html]=man3/SSL_get_client_random.pod -DEPEND[man/man3/SSL_get_client_random.3]=man3/SSL_get_client_random.pod -GENERATE[man/man3/SSL_get_client_random.3]=man3/SSL_get_client_random.pod -DEPEND[html/man3/SSL_get_current_cipher.html]=man3/SSL_get_current_cipher.pod -GENERATE[html/man3/SSL_get_current_cipher.html]=man3/SSL_get_current_cipher.pod -DEPEND[man/man3/SSL_get_current_cipher.3]=man3/SSL_get_current_cipher.pod -GENERATE[man/man3/SSL_get_current_cipher.3]=man3/SSL_get_current_cipher.pod -DEPEND[html/man3/SSL_get_default_timeout.html]=man3/SSL_get_default_timeout.pod -GENERATE[html/man3/SSL_get_default_timeout.html]=man3/SSL_get_default_timeout.pod -DEPEND[man/man3/SSL_get_default_timeout.3]=man3/SSL_get_default_timeout.pod -GENERATE[man/man3/SSL_get_default_timeout.3]=man3/SSL_get_default_timeout.pod -DEPEND[html/man3/SSL_get_error.html]=man3/SSL_get_error.pod -GENERATE[html/man3/SSL_get_error.html]=man3/SSL_get_error.pod -DEPEND[man/man3/SSL_get_error.3]=man3/SSL_get_error.pod -GENERATE[man/man3/SSL_get_error.3]=man3/SSL_get_error.pod -DEPEND[html/man3/SSL_get_extms_support.html]=man3/SSL_get_extms_support.pod -GENERATE[html/man3/SSL_get_extms_support.html]=man3/SSL_get_extms_support.pod -DEPEND[man/man3/SSL_get_extms_support.3]=man3/SSL_get_extms_support.pod -GENERATE[man/man3/SSL_get_extms_support.3]=man3/SSL_get_extms_support.pod -DEPEND[html/man3/SSL_get_fd.html]=man3/SSL_get_fd.pod -GENERATE[html/man3/SSL_get_fd.html]=man3/SSL_get_fd.pod -DEPEND[man/man3/SSL_get_fd.3]=man3/SSL_get_fd.pod -GENERATE[man/man3/SSL_get_fd.3]=man3/SSL_get_fd.pod -DEPEND[html/man3/SSL_get_peer_cert_chain.html]=man3/SSL_get_peer_cert_chain.pod -GENERATE[html/man3/SSL_get_peer_cert_chain.html]=man3/SSL_get_peer_cert_chain.pod -DEPEND[man/man3/SSL_get_peer_cert_chain.3]=man3/SSL_get_peer_cert_chain.pod -GENERATE[man/man3/SSL_get_peer_cert_chain.3]=man3/SSL_get_peer_cert_chain.pod -DEPEND[html/man3/SSL_get_peer_certificate.html]=man3/SSL_get_peer_certificate.pod -GENERATE[html/man3/SSL_get_peer_certificate.html]=man3/SSL_get_peer_certificate.pod -DEPEND[man/man3/SSL_get_peer_certificate.3]=man3/SSL_get_peer_certificate.pod -GENERATE[man/man3/SSL_get_peer_certificate.3]=man3/SSL_get_peer_certificate.pod -DEPEND[html/man3/SSL_get_peer_signature_nid.html]=man3/SSL_get_peer_signature_nid.pod -GENERATE[html/man3/SSL_get_peer_signature_nid.html]=man3/SSL_get_peer_signature_nid.pod -DEPEND[man/man3/SSL_get_peer_signature_nid.3]=man3/SSL_get_peer_signature_nid.pod -GENERATE[man/man3/SSL_get_peer_signature_nid.3]=man3/SSL_get_peer_signature_nid.pod -DEPEND[html/man3/SSL_get_peer_tmp_key.html]=man3/SSL_get_peer_tmp_key.pod -GENERATE[html/man3/SSL_get_peer_tmp_key.html]=man3/SSL_get_peer_tmp_key.pod -DEPEND[man/man3/SSL_get_peer_tmp_key.3]=man3/SSL_get_peer_tmp_key.pod -GENERATE[man/man3/SSL_get_peer_tmp_key.3]=man3/SSL_get_peer_tmp_key.pod -DEPEND[html/man3/SSL_get_psk_identity.html]=man3/SSL_get_psk_identity.pod -GENERATE[html/man3/SSL_get_psk_identity.html]=man3/SSL_get_psk_identity.pod -DEPEND[man/man3/SSL_get_psk_identity.3]=man3/SSL_get_psk_identity.pod -GENERATE[man/man3/SSL_get_psk_identity.3]=man3/SSL_get_psk_identity.pod -DEPEND[html/man3/SSL_get_rbio.html]=man3/SSL_get_rbio.pod -GENERATE[html/man3/SSL_get_rbio.html]=man3/SSL_get_rbio.pod -DEPEND[man/man3/SSL_get_rbio.3]=man3/SSL_get_rbio.pod -GENERATE[man/man3/SSL_get_rbio.3]=man3/SSL_get_rbio.pod -DEPEND[html/man3/SSL_get_session.html]=man3/SSL_get_session.pod -GENERATE[html/man3/SSL_get_session.html]=man3/SSL_get_session.pod -DEPEND[man/man3/SSL_get_session.3]=man3/SSL_get_session.pod -GENERATE[man/man3/SSL_get_session.3]=man3/SSL_get_session.pod -DEPEND[html/man3/SSL_get_shared_sigalgs.html]=man3/SSL_get_shared_sigalgs.pod -GENERATE[html/man3/SSL_get_shared_sigalgs.html]=man3/SSL_get_shared_sigalgs.pod -DEPEND[man/man3/SSL_get_shared_sigalgs.3]=man3/SSL_get_shared_sigalgs.pod -GENERATE[man/man3/SSL_get_shared_sigalgs.3]=man3/SSL_get_shared_sigalgs.pod -DEPEND[html/man3/SSL_get_verify_result.html]=man3/SSL_get_verify_result.pod -GENERATE[html/man3/SSL_get_verify_result.html]=man3/SSL_get_verify_result.pod -DEPEND[man/man3/SSL_get_verify_result.3]=man3/SSL_get_verify_result.pod -GENERATE[man/man3/SSL_get_verify_result.3]=man3/SSL_get_verify_result.pod -DEPEND[html/man3/SSL_get_version.html]=man3/SSL_get_version.pod -GENERATE[html/man3/SSL_get_version.html]=man3/SSL_get_version.pod -DEPEND[man/man3/SSL_get_version.3]=man3/SSL_get_version.pod -GENERATE[man/man3/SSL_get_version.3]=man3/SSL_get_version.pod -DEPEND[html/man3/SSL_group_to_name.html]=man3/SSL_group_to_name.pod -GENERATE[html/man3/SSL_group_to_name.html]=man3/SSL_group_to_name.pod -DEPEND[man/man3/SSL_group_to_name.3]=man3/SSL_group_to_name.pod -GENERATE[man/man3/SSL_group_to_name.3]=man3/SSL_group_to_name.pod -DEPEND[html/man3/SSL_in_init.html]=man3/SSL_in_init.pod -GENERATE[html/man3/SSL_in_init.html]=man3/SSL_in_init.pod -DEPEND[man/man3/SSL_in_init.3]=man3/SSL_in_init.pod -GENERATE[man/man3/SSL_in_init.3]=man3/SSL_in_init.pod -DEPEND[html/man3/SSL_key_update.html]=man3/SSL_key_update.pod -GENERATE[html/man3/SSL_key_update.html]=man3/SSL_key_update.pod -DEPEND[man/man3/SSL_key_update.3]=man3/SSL_key_update.pod -GENERATE[man/man3/SSL_key_update.3]=man3/SSL_key_update.pod -DEPEND[html/man3/SSL_library_init.html]=man3/SSL_library_init.pod -GENERATE[html/man3/SSL_library_init.html]=man3/SSL_library_init.pod -DEPEND[man/man3/SSL_library_init.3]=man3/SSL_library_init.pod -GENERATE[man/man3/SSL_library_init.3]=man3/SSL_library_init.pod -DEPEND[html/man3/SSL_load_client_CA_file.html]=man3/SSL_load_client_CA_file.pod -GENERATE[html/man3/SSL_load_client_CA_file.html]=man3/SSL_load_client_CA_file.pod -DEPEND[man/man3/SSL_load_client_CA_file.3]=man3/SSL_load_client_CA_file.pod -GENERATE[man/man3/SSL_load_client_CA_file.3]=man3/SSL_load_client_CA_file.pod -DEPEND[html/man3/SSL_new.html]=man3/SSL_new.pod -GENERATE[html/man3/SSL_new.html]=man3/SSL_new.pod -DEPEND[man/man3/SSL_new.3]=man3/SSL_new.pod -GENERATE[man/man3/SSL_new.3]=man3/SSL_new.pod -DEPEND[html/man3/SSL_pending.html]=man3/SSL_pending.pod -GENERATE[html/man3/SSL_pending.html]=man3/SSL_pending.pod -DEPEND[man/man3/SSL_pending.3]=man3/SSL_pending.pod -GENERATE[man/man3/SSL_pending.3]=man3/SSL_pending.pod -DEPEND[html/man3/SSL_read.html]=man3/SSL_read.pod -GENERATE[html/man3/SSL_read.html]=man3/SSL_read.pod -DEPEND[man/man3/SSL_read.3]=man3/SSL_read.pod -GENERATE[man/man3/SSL_read.3]=man3/SSL_read.pod -DEPEND[html/man3/SSL_read_early_data.html]=man3/SSL_read_early_data.pod -GENERATE[html/man3/SSL_read_early_data.html]=man3/SSL_read_early_data.pod -DEPEND[man/man3/SSL_read_early_data.3]=man3/SSL_read_early_data.pod -GENERATE[man/man3/SSL_read_early_data.3]=man3/SSL_read_early_data.pod -DEPEND[html/man3/SSL_rstate_string.html]=man3/SSL_rstate_string.pod -GENERATE[html/man3/SSL_rstate_string.html]=man3/SSL_rstate_string.pod -DEPEND[man/man3/SSL_rstate_string.3]=man3/SSL_rstate_string.pod -GENERATE[man/man3/SSL_rstate_string.3]=man3/SSL_rstate_string.pod -DEPEND[html/man3/SSL_session_reused.html]=man3/SSL_session_reused.pod -GENERATE[html/man3/SSL_session_reused.html]=man3/SSL_session_reused.pod -DEPEND[man/man3/SSL_session_reused.3]=man3/SSL_session_reused.pod -GENERATE[man/man3/SSL_session_reused.3]=man3/SSL_session_reused.pod -DEPEND[html/man3/SSL_set1_host.html]=man3/SSL_set1_host.pod -GENERATE[html/man3/SSL_set1_host.html]=man3/SSL_set1_host.pod -DEPEND[man/man3/SSL_set1_host.3]=man3/SSL_set1_host.pod -GENERATE[man/man3/SSL_set1_host.3]=man3/SSL_set1_host.pod -DEPEND[html/man3/SSL_set_async_callback.html]=man3/SSL_set_async_callback.pod -GENERATE[html/man3/SSL_set_async_callback.html]=man3/SSL_set_async_callback.pod -DEPEND[man/man3/SSL_set_async_callback.3]=man3/SSL_set_async_callback.pod -GENERATE[man/man3/SSL_set_async_callback.3]=man3/SSL_set_async_callback.pod -DEPEND[html/man3/SSL_set_bio.html]=man3/SSL_set_bio.pod -GENERATE[html/man3/SSL_set_bio.html]=man3/SSL_set_bio.pod -DEPEND[man/man3/SSL_set_bio.3]=man3/SSL_set_bio.pod -GENERATE[man/man3/SSL_set_bio.3]=man3/SSL_set_bio.pod -DEPEND[html/man3/SSL_set_connect_state.html]=man3/SSL_set_connect_state.pod -GENERATE[html/man3/SSL_set_connect_state.html]=man3/SSL_set_connect_state.pod -DEPEND[man/man3/SSL_set_connect_state.3]=man3/SSL_set_connect_state.pod -GENERATE[man/man3/SSL_set_connect_state.3]=man3/SSL_set_connect_state.pod -DEPEND[html/man3/SSL_set_fd.html]=man3/SSL_set_fd.pod -GENERATE[html/man3/SSL_set_fd.html]=man3/SSL_set_fd.pod -DEPEND[man/man3/SSL_set_fd.3]=man3/SSL_set_fd.pod -GENERATE[man/man3/SSL_set_fd.3]=man3/SSL_set_fd.pod -DEPEND[html/man3/SSL_set_retry_verify.html]=man3/SSL_set_retry_verify.pod -GENERATE[html/man3/SSL_set_retry_verify.html]=man3/SSL_set_retry_verify.pod -DEPEND[man/man3/SSL_set_retry_verify.3]=man3/SSL_set_retry_verify.pod -GENERATE[man/man3/SSL_set_retry_verify.3]=man3/SSL_set_retry_verify.pod -DEPEND[html/man3/SSL_set_session.html]=man3/SSL_set_session.pod -GENERATE[html/man3/SSL_set_session.html]=man3/SSL_set_session.pod -DEPEND[man/man3/SSL_set_session.3]=man3/SSL_set_session.pod -GENERATE[man/man3/SSL_set_session.3]=man3/SSL_set_session.pod -DEPEND[html/man3/SSL_set_shutdown.html]=man3/SSL_set_shutdown.pod -GENERATE[html/man3/SSL_set_shutdown.html]=man3/SSL_set_shutdown.pod -DEPEND[man/man3/SSL_set_shutdown.3]=man3/SSL_set_shutdown.pod -GENERATE[man/man3/SSL_set_shutdown.3]=man3/SSL_set_shutdown.pod -DEPEND[html/man3/SSL_set_verify_result.html]=man3/SSL_set_verify_result.pod -GENERATE[html/man3/SSL_set_verify_result.html]=man3/SSL_set_verify_result.pod -DEPEND[man/man3/SSL_set_verify_result.3]=man3/SSL_set_verify_result.pod -GENERATE[man/man3/SSL_set_verify_result.3]=man3/SSL_set_verify_result.pod -DEPEND[html/man3/SSL_shutdown.html]=man3/SSL_shutdown.pod -GENERATE[html/man3/SSL_shutdown.html]=man3/SSL_shutdown.pod -DEPEND[man/man3/SSL_shutdown.3]=man3/SSL_shutdown.pod -GENERATE[man/man3/SSL_shutdown.3]=man3/SSL_shutdown.pod -DEPEND[html/man3/SSL_state_string.html]=man3/SSL_state_string.pod -GENERATE[html/man3/SSL_state_string.html]=man3/SSL_state_string.pod -DEPEND[man/man3/SSL_state_string.3]=man3/SSL_state_string.pod -GENERATE[man/man3/SSL_state_string.3]=man3/SSL_state_string.pod -DEPEND[html/man3/SSL_want.html]=man3/SSL_want.pod -GENERATE[html/man3/SSL_want.html]=man3/SSL_want.pod -DEPEND[man/man3/SSL_want.3]=man3/SSL_want.pod -GENERATE[man/man3/SSL_want.3]=man3/SSL_want.pod -DEPEND[html/man3/SSL_write.html]=man3/SSL_write.pod -GENERATE[html/man3/SSL_write.html]=man3/SSL_write.pod -DEPEND[man/man3/SSL_write.3]=man3/SSL_write.pod -GENERATE[man/man3/SSL_write.3]=man3/SSL_write.pod -DEPEND[html/man3/TS_RESP_CTX_new.html]=man3/TS_RESP_CTX_new.pod -GENERATE[html/man3/TS_RESP_CTX_new.html]=man3/TS_RESP_CTX_new.pod -DEPEND[man/man3/TS_RESP_CTX_new.3]=man3/TS_RESP_CTX_new.pod -GENERATE[man/man3/TS_RESP_CTX_new.3]=man3/TS_RESP_CTX_new.pod -DEPEND[html/man3/TS_VERIFY_CTX_set_certs.html]=man3/TS_VERIFY_CTX_set_certs.pod -GENERATE[html/man3/TS_VERIFY_CTX_set_certs.html]=man3/TS_VERIFY_CTX_set_certs.pod -DEPEND[man/man3/TS_VERIFY_CTX_set_certs.3]=man3/TS_VERIFY_CTX_set_certs.pod -GENERATE[man/man3/TS_VERIFY_CTX_set_certs.3]=man3/TS_VERIFY_CTX_set_certs.pod -DEPEND[html/man3/UI_STRING.html]=man3/UI_STRING.pod -GENERATE[html/man3/UI_STRING.html]=man3/UI_STRING.pod -DEPEND[man/man3/UI_STRING.3]=man3/UI_STRING.pod -GENERATE[man/man3/UI_STRING.3]=man3/UI_STRING.pod -DEPEND[html/man3/UI_UTIL_read_pw.html]=man3/UI_UTIL_read_pw.pod -GENERATE[html/man3/UI_UTIL_read_pw.html]=man3/UI_UTIL_read_pw.pod -DEPEND[man/man3/UI_UTIL_read_pw.3]=man3/UI_UTIL_read_pw.pod -GENERATE[man/man3/UI_UTIL_read_pw.3]=man3/UI_UTIL_read_pw.pod -DEPEND[html/man3/UI_create_method.html]=man3/UI_create_method.pod -GENERATE[html/man3/UI_create_method.html]=man3/UI_create_method.pod -DEPEND[man/man3/UI_create_method.3]=man3/UI_create_method.pod -GENERATE[man/man3/UI_create_method.3]=man3/UI_create_method.pod -DEPEND[html/man3/UI_new.html]=man3/UI_new.pod -GENERATE[html/man3/UI_new.html]=man3/UI_new.pod -DEPEND[man/man3/UI_new.3]=man3/UI_new.pod -GENERATE[man/man3/UI_new.3]=man3/UI_new.pod -DEPEND[html/man3/X509V3_get_d2i.html]=man3/X509V3_get_d2i.pod -GENERATE[html/man3/X509V3_get_d2i.html]=man3/X509V3_get_d2i.pod -DEPEND[man/man3/X509V3_get_d2i.3]=man3/X509V3_get_d2i.pod -GENERATE[man/man3/X509V3_get_d2i.3]=man3/X509V3_get_d2i.pod -DEPEND[html/man3/X509V3_set_ctx.html]=man3/X509V3_set_ctx.pod -GENERATE[html/man3/X509V3_set_ctx.html]=man3/X509V3_set_ctx.pod -DEPEND[man/man3/X509V3_set_ctx.3]=man3/X509V3_set_ctx.pod -GENERATE[man/man3/X509V3_set_ctx.3]=man3/X509V3_set_ctx.pod -DEPEND[html/man3/X509_ALGOR_dup.html]=man3/X509_ALGOR_dup.pod -GENERATE[html/man3/X509_ALGOR_dup.html]=man3/X509_ALGOR_dup.pod -DEPEND[man/man3/X509_ALGOR_dup.3]=man3/X509_ALGOR_dup.pod -GENERATE[man/man3/X509_ALGOR_dup.3]=man3/X509_ALGOR_dup.pod -DEPEND[html/man3/X509_CRL_get0_by_serial.html]=man3/X509_CRL_get0_by_serial.pod -GENERATE[html/man3/X509_CRL_get0_by_serial.html]=man3/X509_CRL_get0_by_serial.pod -DEPEND[man/man3/X509_CRL_get0_by_serial.3]=man3/X509_CRL_get0_by_serial.pod -GENERATE[man/man3/X509_CRL_get0_by_serial.3]=man3/X509_CRL_get0_by_serial.pod -DEPEND[html/man3/X509_EXTENSION_set_object.html]=man3/X509_EXTENSION_set_object.pod -GENERATE[html/man3/X509_EXTENSION_set_object.html]=man3/X509_EXTENSION_set_object.pod -DEPEND[man/man3/X509_EXTENSION_set_object.3]=man3/X509_EXTENSION_set_object.pod -GENERATE[man/man3/X509_EXTENSION_set_object.3]=man3/X509_EXTENSION_set_object.pod -DEPEND[html/man3/X509_LOOKUP.html]=man3/X509_LOOKUP.pod -GENERATE[html/man3/X509_LOOKUP.html]=man3/X509_LOOKUP.pod -DEPEND[man/man3/X509_LOOKUP.3]=man3/X509_LOOKUP.pod -GENERATE[man/man3/X509_LOOKUP.3]=man3/X509_LOOKUP.pod -DEPEND[html/man3/X509_LOOKUP_hash_dir.html]=man3/X509_LOOKUP_hash_dir.pod -GENERATE[html/man3/X509_LOOKUP_hash_dir.html]=man3/X509_LOOKUP_hash_dir.pod -DEPEND[man/man3/X509_LOOKUP_hash_dir.3]=man3/X509_LOOKUP_hash_dir.pod -GENERATE[man/man3/X509_LOOKUP_hash_dir.3]=man3/X509_LOOKUP_hash_dir.pod -DEPEND[html/man3/X509_LOOKUP_meth_new.html]=man3/X509_LOOKUP_meth_new.pod -GENERATE[html/man3/X509_LOOKUP_meth_new.html]=man3/X509_LOOKUP_meth_new.pod -DEPEND[man/man3/X509_LOOKUP_meth_new.3]=man3/X509_LOOKUP_meth_new.pod -GENERATE[man/man3/X509_LOOKUP_meth_new.3]=man3/X509_LOOKUP_meth_new.pod -DEPEND[html/man3/X509_NAME_ENTRY_get_object.html]=man3/X509_NAME_ENTRY_get_object.pod -GENERATE[html/man3/X509_NAME_ENTRY_get_object.html]=man3/X509_NAME_ENTRY_get_object.pod -DEPEND[man/man3/X509_NAME_ENTRY_get_object.3]=man3/X509_NAME_ENTRY_get_object.pod -GENERATE[man/man3/X509_NAME_ENTRY_get_object.3]=man3/X509_NAME_ENTRY_get_object.pod -DEPEND[html/man3/X509_NAME_add_entry_by_txt.html]=man3/X509_NAME_add_entry_by_txt.pod -GENERATE[html/man3/X509_NAME_add_entry_by_txt.html]=man3/X509_NAME_add_entry_by_txt.pod -DEPEND[man/man3/X509_NAME_add_entry_by_txt.3]=man3/X509_NAME_add_entry_by_txt.pod -GENERATE[man/man3/X509_NAME_add_entry_by_txt.3]=man3/X509_NAME_add_entry_by_txt.pod -DEPEND[html/man3/X509_NAME_get0_der.html]=man3/X509_NAME_get0_der.pod -GENERATE[html/man3/X509_NAME_get0_der.html]=man3/X509_NAME_get0_der.pod -DEPEND[man/man3/X509_NAME_get0_der.3]=man3/X509_NAME_get0_der.pod -GENERATE[man/man3/X509_NAME_get0_der.3]=man3/X509_NAME_get0_der.pod -DEPEND[html/man3/X509_NAME_get_index_by_NID.html]=man3/X509_NAME_get_index_by_NID.pod -GENERATE[html/man3/X509_NAME_get_index_by_NID.html]=man3/X509_NAME_get_index_by_NID.pod -DEPEND[man/man3/X509_NAME_get_index_by_NID.3]=man3/X509_NAME_get_index_by_NID.pod -GENERATE[man/man3/X509_NAME_get_index_by_NID.3]=man3/X509_NAME_get_index_by_NID.pod -DEPEND[html/man3/X509_NAME_print_ex.html]=man3/X509_NAME_print_ex.pod -GENERATE[html/man3/X509_NAME_print_ex.html]=man3/X509_NAME_print_ex.pod -DEPEND[man/man3/X509_NAME_print_ex.3]=man3/X509_NAME_print_ex.pod -GENERATE[man/man3/X509_NAME_print_ex.3]=man3/X509_NAME_print_ex.pod -DEPEND[html/man3/X509_PUBKEY_new.html]=man3/X509_PUBKEY_new.pod -GENERATE[html/man3/X509_PUBKEY_new.html]=man3/X509_PUBKEY_new.pod -DEPEND[man/man3/X509_PUBKEY_new.3]=man3/X509_PUBKEY_new.pod -GENERATE[man/man3/X509_PUBKEY_new.3]=man3/X509_PUBKEY_new.pod -DEPEND[html/man3/X509_SIG_get0.html]=man3/X509_SIG_get0.pod -GENERATE[html/man3/X509_SIG_get0.html]=man3/X509_SIG_get0.pod -DEPEND[man/man3/X509_SIG_get0.3]=man3/X509_SIG_get0.pod -GENERATE[man/man3/X509_SIG_get0.3]=man3/X509_SIG_get0.pod -DEPEND[html/man3/X509_STORE_CTX_get_error.html]=man3/X509_STORE_CTX_get_error.pod -GENERATE[html/man3/X509_STORE_CTX_get_error.html]=man3/X509_STORE_CTX_get_error.pod -DEPEND[man/man3/X509_STORE_CTX_get_error.3]=man3/X509_STORE_CTX_get_error.pod -GENERATE[man/man3/X509_STORE_CTX_get_error.3]=man3/X509_STORE_CTX_get_error.pod -DEPEND[html/man3/X509_STORE_CTX_new.html]=man3/X509_STORE_CTX_new.pod -GENERATE[html/man3/X509_STORE_CTX_new.html]=man3/X509_STORE_CTX_new.pod -DEPEND[man/man3/X509_STORE_CTX_new.3]=man3/X509_STORE_CTX_new.pod -GENERATE[man/man3/X509_STORE_CTX_new.3]=man3/X509_STORE_CTX_new.pod -DEPEND[html/man3/X509_STORE_CTX_set_verify_cb.html]=man3/X509_STORE_CTX_set_verify_cb.pod -GENERATE[html/man3/X509_STORE_CTX_set_verify_cb.html]=man3/X509_STORE_CTX_set_verify_cb.pod -DEPEND[man/man3/X509_STORE_CTX_set_verify_cb.3]=man3/X509_STORE_CTX_set_verify_cb.pod -GENERATE[man/man3/X509_STORE_CTX_set_verify_cb.3]=man3/X509_STORE_CTX_set_verify_cb.pod -DEPEND[html/man3/X509_STORE_add_cert.html]=man3/X509_STORE_add_cert.pod -GENERATE[html/man3/X509_STORE_add_cert.html]=man3/X509_STORE_add_cert.pod -DEPEND[man/man3/X509_STORE_add_cert.3]=man3/X509_STORE_add_cert.pod -GENERATE[man/man3/X509_STORE_add_cert.3]=man3/X509_STORE_add_cert.pod -DEPEND[html/man3/X509_STORE_get0_param.html]=man3/X509_STORE_get0_param.pod -GENERATE[html/man3/X509_STORE_get0_param.html]=man3/X509_STORE_get0_param.pod -DEPEND[man/man3/X509_STORE_get0_param.3]=man3/X509_STORE_get0_param.pod -GENERATE[man/man3/X509_STORE_get0_param.3]=man3/X509_STORE_get0_param.pod -DEPEND[html/man3/X509_STORE_new.html]=man3/X509_STORE_new.pod -GENERATE[html/man3/X509_STORE_new.html]=man3/X509_STORE_new.pod -DEPEND[man/man3/X509_STORE_new.3]=man3/X509_STORE_new.pod -GENERATE[man/man3/X509_STORE_new.3]=man3/X509_STORE_new.pod -DEPEND[html/man3/X509_STORE_set_verify_cb_func.html]=man3/X509_STORE_set_verify_cb_func.pod -GENERATE[html/man3/X509_STORE_set_verify_cb_func.html]=man3/X509_STORE_set_verify_cb_func.pod -DEPEND[man/man3/X509_STORE_set_verify_cb_func.3]=man3/X509_STORE_set_verify_cb_func.pod -GENERATE[man/man3/X509_STORE_set_verify_cb_func.3]=man3/X509_STORE_set_verify_cb_func.pod -DEPEND[html/man3/X509_VERIFY_PARAM_set_flags.html]=man3/X509_VERIFY_PARAM_set_flags.pod -GENERATE[html/man3/X509_VERIFY_PARAM_set_flags.html]=man3/X509_VERIFY_PARAM_set_flags.pod -DEPEND[man/man3/X509_VERIFY_PARAM_set_flags.3]=man3/X509_VERIFY_PARAM_set_flags.pod -GENERATE[man/man3/X509_VERIFY_PARAM_set_flags.3]=man3/X509_VERIFY_PARAM_set_flags.pod -DEPEND[html/man3/X509_add_cert.html]=man3/X509_add_cert.pod -GENERATE[html/man3/X509_add_cert.html]=man3/X509_add_cert.pod -DEPEND[man/man3/X509_add_cert.3]=man3/X509_add_cert.pod -GENERATE[man/man3/X509_add_cert.3]=man3/X509_add_cert.pod -DEPEND[html/man3/X509_check_ca.html]=man3/X509_check_ca.pod -GENERATE[html/man3/X509_check_ca.html]=man3/X509_check_ca.pod -DEPEND[man/man3/X509_check_ca.3]=man3/X509_check_ca.pod -GENERATE[man/man3/X509_check_ca.3]=man3/X509_check_ca.pod -DEPEND[html/man3/X509_check_host.html]=man3/X509_check_host.pod -GENERATE[html/man3/X509_check_host.html]=man3/X509_check_host.pod -DEPEND[man/man3/X509_check_host.3]=man3/X509_check_host.pod -GENERATE[man/man3/X509_check_host.3]=man3/X509_check_host.pod -DEPEND[html/man3/X509_check_issued.html]=man3/X509_check_issued.pod -GENERATE[html/man3/X509_check_issued.html]=man3/X509_check_issued.pod -DEPEND[man/man3/X509_check_issued.3]=man3/X509_check_issued.pod -GENERATE[man/man3/X509_check_issued.3]=man3/X509_check_issued.pod -DEPEND[html/man3/X509_check_private_key.html]=man3/X509_check_private_key.pod -GENERATE[html/man3/X509_check_private_key.html]=man3/X509_check_private_key.pod -DEPEND[man/man3/X509_check_private_key.3]=man3/X509_check_private_key.pod -GENERATE[man/man3/X509_check_private_key.3]=man3/X509_check_private_key.pod -DEPEND[html/man3/X509_check_purpose.html]=man3/X509_check_purpose.pod -GENERATE[html/man3/X509_check_purpose.html]=man3/X509_check_purpose.pod -DEPEND[man/man3/X509_check_purpose.3]=man3/X509_check_purpose.pod -GENERATE[man/man3/X509_check_purpose.3]=man3/X509_check_purpose.pod -DEPEND[html/man3/X509_cmp.html]=man3/X509_cmp.pod -GENERATE[html/man3/X509_cmp.html]=man3/X509_cmp.pod -DEPEND[man/man3/X509_cmp.3]=man3/X509_cmp.pod -GENERATE[man/man3/X509_cmp.3]=man3/X509_cmp.pod -DEPEND[html/man3/X509_cmp_time.html]=man3/X509_cmp_time.pod -GENERATE[html/man3/X509_cmp_time.html]=man3/X509_cmp_time.pod -DEPEND[man/man3/X509_cmp_time.3]=man3/X509_cmp_time.pod -GENERATE[man/man3/X509_cmp_time.3]=man3/X509_cmp_time.pod -DEPEND[html/man3/X509_digest.html]=man3/X509_digest.pod -GENERATE[html/man3/X509_digest.html]=man3/X509_digest.pod -DEPEND[man/man3/X509_digest.3]=man3/X509_digest.pod -GENERATE[man/man3/X509_digest.3]=man3/X509_digest.pod -DEPEND[html/man3/X509_dup.html]=man3/X509_dup.pod -GENERATE[html/man3/X509_dup.html]=man3/X509_dup.pod -DEPEND[man/man3/X509_dup.3]=man3/X509_dup.pod -GENERATE[man/man3/X509_dup.3]=man3/X509_dup.pod -DEPEND[html/man3/X509_get0_distinguishing_id.html]=man3/X509_get0_distinguishing_id.pod -GENERATE[html/man3/X509_get0_distinguishing_id.html]=man3/X509_get0_distinguishing_id.pod -DEPEND[man/man3/X509_get0_distinguishing_id.3]=man3/X509_get0_distinguishing_id.pod -GENERATE[man/man3/X509_get0_distinguishing_id.3]=man3/X509_get0_distinguishing_id.pod -DEPEND[html/man3/X509_get0_notBefore.html]=man3/X509_get0_notBefore.pod -GENERATE[html/man3/X509_get0_notBefore.html]=man3/X509_get0_notBefore.pod -DEPEND[man/man3/X509_get0_notBefore.3]=man3/X509_get0_notBefore.pod -GENERATE[man/man3/X509_get0_notBefore.3]=man3/X509_get0_notBefore.pod -DEPEND[html/man3/X509_get0_signature.html]=man3/X509_get0_signature.pod -GENERATE[html/man3/X509_get0_signature.html]=man3/X509_get0_signature.pod -DEPEND[man/man3/X509_get0_signature.3]=man3/X509_get0_signature.pod -GENERATE[man/man3/X509_get0_signature.3]=man3/X509_get0_signature.pod -DEPEND[html/man3/X509_get0_uids.html]=man3/X509_get0_uids.pod -GENERATE[html/man3/X509_get0_uids.html]=man3/X509_get0_uids.pod -DEPEND[man/man3/X509_get0_uids.3]=man3/X509_get0_uids.pod -GENERATE[man/man3/X509_get0_uids.3]=man3/X509_get0_uids.pod -DEPEND[html/man3/X509_get_extension_flags.html]=man3/X509_get_extension_flags.pod -GENERATE[html/man3/X509_get_extension_flags.html]=man3/X509_get_extension_flags.pod -DEPEND[man/man3/X509_get_extension_flags.3]=man3/X509_get_extension_flags.pod -GENERATE[man/man3/X509_get_extension_flags.3]=man3/X509_get_extension_flags.pod -DEPEND[html/man3/X509_get_pubkey.html]=man3/X509_get_pubkey.pod -GENERATE[html/man3/X509_get_pubkey.html]=man3/X509_get_pubkey.pod -DEPEND[man/man3/X509_get_pubkey.3]=man3/X509_get_pubkey.pod -GENERATE[man/man3/X509_get_pubkey.3]=man3/X509_get_pubkey.pod -DEPEND[html/man3/X509_get_serialNumber.html]=man3/X509_get_serialNumber.pod -GENERATE[html/man3/X509_get_serialNumber.html]=man3/X509_get_serialNumber.pod -DEPEND[man/man3/X509_get_serialNumber.3]=man3/X509_get_serialNumber.pod -GENERATE[man/man3/X509_get_serialNumber.3]=man3/X509_get_serialNumber.pod -DEPEND[html/man3/X509_get_subject_name.html]=man3/X509_get_subject_name.pod -GENERATE[html/man3/X509_get_subject_name.html]=man3/X509_get_subject_name.pod -DEPEND[man/man3/X509_get_subject_name.3]=man3/X509_get_subject_name.pod -GENERATE[man/man3/X509_get_subject_name.3]=man3/X509_get_subject_name.pod -DEPEND[html/man3/X509_get_version.html]=man3/X509_get_version.pod -GENERATE[html/man3/X509_get_version.html]=man3/X509_get_version.pod -DEPEND[man/man3/X509_get_version.3]=man3/X509_get_version.pod -GENERATE[man/man3/X509_get_version.3]=man3/X509_get_version.pod -DEPEND[html/man3/X509_load_http.html]=man3/X509_load_http.pod -GENERATE[html/man3/X509_load_http.html]=man3/X509_load_http.pod -DEPEND[man/man3/X509_load_http.3]=man3/X509_load_http.pod -GENERATE[man/man3/X509_load_http.3]=man3/X509_load_http.pod -DEPEND[html/man3/X509_new.html]=man3/X509_new.pod -GENERATE[html/man3/X509_new.html]=man3/X509_new.pod -DEPEND[man/man3/X509_new.3]=man3/X509_new.pod -GENERATE[man/man3/X509_new.3]=man3/X509_new.pod -DEPEND[html/man3/X509_sign.html]=man3/X509_sign.pod -GENERATE[html/man3/X509_sign.html]=man3/X509_sign.pod -DEPEND[man/man3/X509_sign.3]=man3/X509_sign.pod -GENERATE[man/man3/X509_sign.3]=man3/X509_sign.pod -DEPEND[html/man3/X509_verify.html]=man3/X509_verify.pod -GENERATE[html/man3/X509_verify.html]=man3/X509_verify.pod -DEPEND[man/man3/X509_verify.3]=man3/X509_verify.pod -GENERATE[man/man3/X509_verify.3]=man3/X509_verify.pod -DEPEND[html/man3/X509_verify_cert.html]=man3/X509_verify_cert.pod -GENERATE[html/man3/X509_verify_cert.html]=man3/X509_verify_cert.pod -DEPEND[man/man3/X509_verify_cert.3]=man3/X509_verify_cert.pod -GENERATE[man/man3/X509_verify_cert.3]=man3/X509_verify_cert.pod -DEPEND[html/man3/X509v3_get_ext_by_NID.html]=man3/X509v3_get_ext_by_NID.pod -GENERATE[html/man3/X509v3_get_ext_by_NID.html]=man3/X509v3_get_ext_by_NID.pod -DEPEND[man/man3/X509v3_get_ext_by_NID.3]=man3/X509v3_get_ext_by_NID.pod -GENERATE[man/man3/X509v3_get_ext_by_NID.3]=man3/X509v3_get_ext_by_NID.pod -DEPEND[html/man3/b2i_PVK_bio_ex.html]=man3/b2i_PVK_bio_ex.pod -GENERATE[html/man3/b2i_PVK_bio_ex.html]=man3/b2i_PVK_bio_ex.pod -DEPEND[man/man3/b2i_PVK_bio_ex.3]=man3/b2i_PVK_bio_ex.pod -GENERATE[man/man3/b2i_PVK_bio_ex.3]=man3/b2i_PVK_bio_ex.pod -DEPEND[html/man3/d2i_PKCS8PrivateKey_bio.html]=man3/d2i_PKCS8PrivateKey_bio.pod -GENERATE[html/man3/d2i_PKCS8PrivateKey_bio.html]=man3/d2i_PKCS8PrivateKey_bio.pod -DEPEND[man/man3/d2i_PKCS8PrivateKey_bio.3]=man3/d2i_PKCS8PrivateKey_bio.pod -GENERATE[man/man3/d2i_PKCS8PrivateKey_bio.3]=man3/d2i_PKCS8PrivateKey_bio.pod -DEPEND[html/man3/d2i_PrivateKey.html]=man3/d2i_PrivateKey.pod -GENERATE[html/man3/d2i_PrivateKey.html]=man3/d2i_PrivateKey.pod -DEPEND[man/man3/d2i_PrivateKey.3]=man3/d2i_PrivateKey.pod -GENERATE[man/man3/d2i_PrivateKey.3]=man3/d2i_PrivateKey.pod -DEPEND[html/man3/d2i_RSAPrivateKey.html]=man3/d2i_RSAPrivateKey.pod -GENERATE[html/man3/d2i_RSAPrivateKey.html]=man3/d2i_RSAPrivateKey.pod -DEPEND[man/man3/d2i_RSAPrivateKey.3]=man3/d2i_RSAPrivateKey.pod -GENERATE[man/man3/d2i_RSAPrivateKey.3]=man3/d2i_RSAPrivateKey.pod -DEPEND[html/man3/d2i_SSL_SESSION.html]=man3/d2i_SSL_SESSION.pod -GENERATE[html/man3/d2i_SSL_SESSION.html]=man3/d2i_SSL_SESSION.pod -DEPEND[man/man3/d2i_SSL_SESSION.3]=man3/d2i_SSL_SESSION.pod -GENERATE[man/man3/d2i_SSL_SESSION.3]=man3/d2i_SSL_SESSION.pod -DEPEND[html/man3/d2i_X509.html]=man3/d2i_X509.pod -GENERATE[html/man3/d2i_X509.html]=man3/d2i_X509.pod -DEPEND[man/man3/d2i_X509.3]=man3/d2i_X509.pod -GENERATE[man/man3/d2i_X509.3]=man3/d2i_X509.pod -DEPEND[html/man3/i2d_CMS_bio_stream.html]=man3/i2d_CMS_bio_stream.pod -GENERATE[html/man3/i2d_CMS_bio_stream.html]=man3/i2d_CMS_bio_stream.pod -DEPEND[man/man3/i2d_CMS_bio_stream.3]=man3/i2d_CMS_bio_stream.pod -GENERATE[man/man3/i2d_CMS_bio_stream.3]=man3/i2d_CMS_bio_stream.pod -DEPEND[html/man3/i2d_PKCS7_bio_stream.html]=man3/i2d_PKCS7_bio_stream.pod -GENERATE[html/man3/i2d_PKCS7_bio_stream.html]=man3/i2d_PKCS7_bio_stream.pod -DEPEND[man/man3/i2d_PKCS7_bio_stream.3]=man3/i2d_PKCS7_bio_stream.pod -GENERATE[man/man3/i2d_PKCS7_bio_stream.3]=man3/i2d_PKCS7_bio_stream.pod -DEPEND[html/man3/i2d_re_X509_tbs.html]=man3/i2d_re_X509_tbs.pod -GENERATE[html/man3/i2d_re_X509_tbs.html]=man3/i2d_re_X509_tbs.pod -DEPEND[man/man3/i2d_re_X509_tbs.3]=man3/i2d_re_X509_tbs.pod -GENERATE[man/man3/i2d_re_X509_tbs.3]=man3/i2d_re_X509_tbs.pod -DEPEND[html/man3/o2i_SCT_LIST.html]=man3/o2i_SCT_LIST.pod -GENERATE[html/man3/o2i_SCT_LIST.html]=man3/o2i_SCT_LIST.pod -DEPEND[man/man3/o2i_SCT_LIST.3]=man3/o2i_SCT_LIST.pod -GENERATE[man/man3/o2i_SCT_LIST.3]=man3/o2i_SCT_LIST.pod -DEPEND[html/man3/s2i_ASN1_IA5STRING.html]=man3/s2i_ASN1_IA5STRING.pod -GENERATE[html/man3/s2i_ASN1_IA5STRING.html]=man3/s2i_ASN1_IA5STRING.pod -DEPEND[man/man3/s2i_ASN1_IA5STRING.3]=man3/s2i_ASN1_IA5STRING.pod -GENERATE[man/man3/s2i_ASN1_IA5STRING.3]=man3/s2i_ASN1_IA5STRING.pod -IMAGEDOCS[man3]= -HTMLDOCS[man3]=html/man3/ADMISSIONS.html \ -html/man3/ASN1_EXTERN_FUNCS.html \ -html/man3/ASN1_INTEGER_get_int64.html \ -html/man3/ASN1_INTEGER_new.html \ -html/man3/ASN1_ITEM_lookup.html \ -html/man3/ASN1_OBJECT_new.html \ -html/man3/ASN1_STRING_TABLE_add.html \ -html/man3/ASN1_STRING_length.html \ -html/man3/ASN1_STRING_new.html \ -html/man3/ASN1_STRING_print_ex.html \ -html/man3/ASN1_TIME_set.html \ -html/man3/ASN1_TYPE_get.html \ -html/man3/ASN1_aux_cb.html \ -html/man3/ASN1_generate_nconf.html \ -html/man3/ASN1_item_d2i_bio.html \ -html/man3/ASN1_item_new.html \ -html/man3/ASN1_item_sign.html \ -html/man3/ASYNC_WAIT_CTX_new.html \ -html/man3/ASYNC_start_job.html \ -html/man3/BF_encrypt.html \ -html/man3/BIO_ADDR.html \ -html/man3/BIO_ADDRINFO.html \ -html/man3/BIO_connect.html \ -html/man3/BIO_ctrl.html \ -html/man3/BIO_f_base64.html \ -html/man3/BIO_f_buffer.html \ -html/man3/BIO_f_cipher.html \ -html/man3/BIO_f_md.html \ -html/man3/BIO_f_null.html \ -html/man3/BIO_f_prefix.html \ -html/man3/BIO_f_readbuffer.html \ -html/man3/BIO_f_ssl.html \ -html/man3/BIO_find_type.html \ -html/man3/BIO_get_data.html \ -html/man3/BIO_get_ex_new_index.html \ -html/man3/BIO_meth_new.html \ -html/man3/BIO_new.html \ -html/man3/BIO_new_CMS.html \ -html/man3/BIO_parse_hostserv.html \ -html/man3/BIO_printf.html \ -html/man3/BIO_push.html \ -html/man3/BIO_read.html \ -html/man3/BIO_s_accept.html \ -html/man3/BIO_s_bio.html \ -html/man3/BIO_s_connect.html \ -html/man3/BIO_s_core.html \ -html/man3/BIO_s_fd.html \ -html/man3/BIO_s_file.html \ -html/man3/BIO_s_mem.html \ -html/man3/BIO_s_null.html \ -html/man3/BIO_s_socket.html \ -html/man3/BIO_set_callback.html \ -html/man3/BIO_should_retry.html \ -html/man3/BIO_socket_wait.html \ -html/man3/BN_BLINDING_new.html \ -html/man3/BN_CTX_new.html \ -html/man3/BN_CTX_start.html \ -html/man3/BN_add.html \ -html/man3/BN_add_word.html \ -html/man3/BN_bn2bin.html \ -html/man3/BN_cmp.html \ -html/man3/BN_copy.html \ -html/man3/BN_generate_prime.html \ -html/man3/BN_mod_exp_mont.html \ -html/man3/BN_mod_inverse.html \ -html/man3/BN_mod_mul_montgomery.html \ -html/man3/BN_mod_mul_reciprocal.html \ -html/man3/BN_new.html \ -html/man3/BN_num_bytes.html \ -html/man3/BN_rand.html \ -html/man3/BN_security_bits.html \ -html/man3/BN_set_bit.html \ -html/man3/BN_swap.html \ -html/man3/BN_zero.html \ -html/man3/BUF_MEM_new.html \ -html/man3/CMS_EncryptedData_decrypt.html \ -html/man3/CMS_EncryptedData_encrypt.html \ -html/man3/CMS_EnvelopedData_create.html \ -html/man3/CMS_add0_cert.html \ -html/man3/CMS_add1_recipient_cert.html \ -html/man3/CMS_add1_signer.html \ -html/man3/CMS_compress.html \ -html/man3/CMS_data_create.html \ -html/man3/CMS_decrypt.html \ -html/man3/CMS_digest_create.html \ -html/man3/CMS_encrypt.html \ -html/man3/CMS_final.html \ -html/man3/CMS_get0_RecipientInfos.html \ -html/man3/CMS_get0_SignerInfos.html \ -html/man3/CMS_get0_type.html \ -html/man3/CMS_get1_ReceiptRequest.html \ -html/man3/CMS_sign.html \ -html/man3/CMS_sign_receipt.html \ -html/man3/CMS_uncompress.html \ -html/man3/CMS_verify.html \ -html/man3/CMS_verify_receipt.html \ -html/man3/CONF_modules_free.html \ -html/man3/CONF_modules_load_file.html \ -html/man3/CRYPTO_THREAD_run_once.html \ -html/man3/CRYPTO_get_ex_new_index.html \ -html/man3/CRYPTO_memcmp.html \ -html/man3/CTLOG_STORE_get0_log_by_id.html \ -html/man3/CTLOG_STORE_new.html \ -html/man3/CTLOG_new.html \ -html/man3/CT_POLICY_EVAL_CTX_new.html \ -html/man3/DEFINE_STACK_OF.html \ -html/man3/DES_random_key.html \ -html/man3/DH_generate_key.html \ -html/man3/DH_generate_parameters.html \ -html/man3/DH_get0_pqg.html \ -html/man3/DH_get_1024_160.html \ -html/man3/DH_meth_new.html \ -html/man3/DH_new.html \ -html/man3/DH_new_by_nid.html \ -html/man3/DH_set_method.html \ -html/man3/DH_size.html \ -html/man3/DSA_SIG_new.html \ -html/man3/DSA_do_sign.html \ -html/man3/DSA_dup_DH.html \ -html/man3/DSA_generate_key.html \ -html/man3/DSA_generate_parameters.html \ -html/man3/DSA_get0_pqg.html \ -html/man3/DSA_meth_new.html \ -html/man3/DSA_new.html \ -html/man3/DSA_set_method.html \ -html/man3/DSA_sign.html \ -html/man3/DSA_size.html \ -html/man3/DTLS_get_data_mtu.html \ -html/man3/DTLS_set_timer_cb.html \ -html/man3/DTLSv1_listen.html \ -html/man3/ECDSA_SIG_new.html \ -html/man3/ECPKParameters_print.html \ -html/man3/EC_GFp_simple_method.html \ -html/man3/EC_GROUP_copy.html \ -html/man3/EC_GROUP_new.html \ -html/man3/EC_KEY_get_enc_flags.html \ -html/man3/EC_KEY_new.html \ -html/man3/EC_POINT_add.html \ -html/man3/EC_POINT_new.html \ -html/man3/ENGINE_add.html \ -html/man3/ERR_GET_LIB.html \ -html/man3/ERR_clear_error.html \ -html/man3/ERR_error_string.html \ -html/man3/ERR_get_error.html \ -html/man3/ERR_load_crypto_strings.html \ -html/man3/ERR_load_strings.html \ -html/man3/ERR_new.html \ -html/man3/ERR_print_errors.html \ -html/man3/ERR_put_error.html \ -html/man3/ERR_remove_state.html \ -html/man3/ERR_set_mark.html \ -html/man3/EVP_ASYM_CIPHER_free.html \ -html/man3/EVP_BytesToKey.html \ -html/man3/EVP_CIPHER_CTX_get_cipher_data.html \ -html/man3/EVP_CIPHER_CTX_get_original_iv.html \ -html/man3/EVP_CIPHER_meth_new.html \ -html/man3/EVP_DigestInit.html \ -html/man3/EVP_DigestSignInit.html \ -html/man3/EVP_DigestVerifyInit.html \ -html/man3/EVP_EncodeInit.html \ -html/man3/EVP_EncryptInit.html \ -html/man3/EVP_KDF.html \ -html/man3/EVP_KEM_free.html \ -html/man3/EVP_KEYEXCH_free.html \ -html/man3/EVP_KEYMGMT.html \ -html/man3/EVP_MAC.html \ -html/man3/EVP_MD_meth_new.html \ -html/man3/EVP_OpenInit.html \ -html/man3/EVP_PBE_CipherInit.html \ -html/man3/EVP_PKEY2PKCS8.html \ -html/man3/EVP_PKEY_ASN1_METHOD.html \ -html/man3/EVP_PKEY_CTX_ctrl.html \ -html/man3/EVP_PKEY_CTX_get0_libctx.html \ -html/man3/EVP_PKEY_CTX_new.html \ -html/man3/EVP_PKEY_CTX_set1_pbe_pass.html \ -html/man3/EVP_PKEY_CTX_set_hkdf_md.html \ -html/man3/EVP_PKEY_CTX_set_params.html \ -html/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.html \ -html/man3/EVP_PKEY_CTX_set_scrypt_N.html \ -html/man3/EVP_PKEY_CTX_set_tls1_prf_md.html \ -html/man3/EVP_PKEY_asn1_get_count.html \ -html/man3/EVP_PKEY_check.html \ -html/man3/EVP_PKEY_copy_parameters.html \ -html/man3/EVP_PKEY_decapsulate.html \ -html/man3/EVP_PKEY_decrypt.html \ -html/man3/EVP_PKEY_derive.html \ -html/man3/EVP_PKEY_digestsign_supports_digest.html \ -html/man3/EVP_PKEY_encapsulate.html \ -html/man3/EVP_PKEY_encrypt.html \ -html/man3/EVP_PKEY_fromdata.html \ -html/man3/EVP_PKEY_get_default_digest_nid.html \ -html/man3/EVP_PKEY_get_field_type.html \ -html/man3/EVP_PKEY_get_group_name.html \ -html/man3/EVP_PKEY_get_size.html \ -html/man3/EVP_PKEY_gettable_params.html \ -html/man3/EVP_PKEY_is_a.html \ -html/man3/EVP_PKEY_keygen.html \ -html/man3/EVP_PKEY_meth_get_count.html \ -html/man3/EVP_PKEY_meth_new.html \ -html/man3/EVP_PKEY_new.html \ -html/man3/EVP_PKEY_print_private.html \ -html/man3/EVP_PKEY_set1_RSA.html \ -html/man3/EVP_PKEY_set1_encoded_public_key.html \ -html/man3/EVP_PKEY_set_type.html \ -html/man3/EVP_PKEY_settable_params.html \ -html/man3/EVP_PKEY_sign.html \ -html/man3/EVP_PKEY_todata.html \ -html/man3/EVP_PKEY_verify.html \ -html/man3/EVP_PKEY_verify_recover.html \ -html/man3/EVP_RAND.html \ -html/man3/EVP_SIGNATURE.html \ -html/man3/EVP_SealInit.html \ -html/man3/EVP_SignInit.html \ -html/man3/EVP_VerifyInit.html \ -html/man3/EVP_aes_128_gcm.html \ -html/man3/EVP_aria_128_gcm.html \ -html/man3/EVP_bf_cbc.html \ -html/man3/EVP_blake2b512.html \ -html/man3/EVP_camellia_128_ecb.html \ -html/man3/EVP_cast5_cbc.html \ -html/man3/EVP_chacha20.html \ -html/man3/EVP_des_cbc.html \ -html/man3/EVP_desx_cbc.html \ -html/man3/EVP_idea_cbc.html \ -html/man3/EVP_md2.html \ -html/man3/EVP_md4.html \ -html/man3/EVP_md5.html \ -html/man3/EVP_mdc2.html \ -html/man3/EVP_rc2_cbc.html \ -html/man3/EVP_rc4.html \ -html/man3/EVP_rc5_32_12_16_cbc.html \ -html/man3/EVP_ripemd160.html \ -html/man3/EVP_seed_cbc.html \ -html/man3/EVP_set_default_properties.html \ -html/man3/EVP_sha1.html \ -html/man3/EVP_sha224.html \ -html/man3/EVP_sha3_224.html \ -html/man3/EVP_sm3.html \ -html/man3/EVP_sm4_cbc.html \ -html/man3/EVP_whirlpool.html \ -html/man3/HMAC.html \ -html/man3/MD5.html \ -html/man3/MDC2_Init.html \ -html/man3/NCONF_new_ex.html \ -html/man3/OBJ_nid2obj.html \ -html/man3/OCSP_REQUEST_new.html \ -html/man3/OCSP_cert_to_id.html \ -html/man3/OCSP_request_add1_nonce.html \ -html/man3/OCSP_resp_find_status.html \ -html/man3/OCSP_response_status.html \ -html/man3/OCSP_sendreq_new.html \ -html/man3/OPENSSL_Applink.html \ -html/man3/OPENSSL_FILE.html \ -html/man3/OPENSSL_LH_COMPFUNC.html \ -html/man3/OPENSSL_LH_stats.html \ -html/man3/OPENSSL_config.html \ -html/man3/OPENSSL_fork_prepare.html \ -html/man3/OPENSSL_gmtime.html \ -html/man3/OPENSSL_hexchar2int.html \ -html/man3/OPENSSL_ia32cap.html \ -html/man3/OPENSSL_init_crypto.html \ -html/man3/OPENSSL_init_ssl.html \ -html/man3/OPENSSL_instrument_bus.html \ -html/man3/OPENSSL_load_builtin_modules.html \ -html/man3/OPENSSL_malloc.html \ -html/man3/OPENSSL_s390xcap.html \ -html/man3/OPENSSL_secure_malloc.html \ -html/man3/OPENSSL_strcasecmp.html \ -html/man3/OSSL_CMP_CTX_new.html \ -html/man3/OSSL_CMP_HDR_get0_transactionID.html \ -html/man3/OSSL_CMP_ITAV_set0.html \ -html/man3/OSSL_CMP_MSG_get0_header.html \ -html/man3/OSSL_CMP_MSG_http_perform.html \ -html/man3/OSSL_CMP_SRV_CTX_new.html \ -html/man3/OSSL_CMP_STATUSINFO_new.html \ -html/man3/OSSL_CMP_exec_certreq.html \ -html/man3/OSSL_CMP_log_open.html \ -html/man3/OSSL_CMP_validate_msg.html \ -html/man3/OSSL_CORE_MAKE_FUNC.html \ -html/man3/OSSL_CRMF_MSG_get0_tmpl.html \ -html/man3/OSSL_CRMF_MSG_set0_validity.html \ -html/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.html \ -html/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.html \ -html/man3/OSSL_CRMF_pbmp_new.html \ -html/man3/OSSL_DECODER.html \ -html/man3/OSSL_DECODER_CTX.html \ -html/man3/OSSL_DECODER_CTX_new_for_pkey.html \ -html/man3/OSSL_DECODER_from_bio.html \ -html/man3/OSSL_ENCODER.html \ -html/man3/OSSL_ENCODER_CTX.html \ -html/man3/OSSL_ENCODER_CTX_new_for_pkey.html \ -html/man3/OSSL_ENCODER_to_bio.html \ -html/man3/OSSL_ESS_check_signing_certs.html \ -html/man3/OSSL_HTTP_REQ_CTX.html \ -html/man3/OSSL_HTTP_parse_url.html \ -html/man3/OSSL_HTTP_transfer.html \ -html/man3/OSSL_LIB_CTX.html \ -html/man3/OSSL_PARAM.html \ -html/man3/OSSL_PARAM_BLD.html \ -html/man3/OSSL_PARAM_allocate_from_text.html \ -html/man3/OSSL_PARAM_dup.html \ -html/man3/OSSL_PARAM_int.html \ -html/man3/OSSL_PROVIDER.html \ -html/man3/OSSL_SELF_TEST_new.html \ -html/man3/OSSL_SELF_TEST_set_callback.html \ -html/man3/OSSL_STORE_INFO.html \ -html/man3/OSSL_STORE_LOADER.html \ -html/man3/OSSL_STORE_SEARCH.html \ -html/man3/OSSL_STORE_attach.html \ -html/man3/OSSL_STORE_expect.html \ -html/man3/OSSL_STORE_open.html \ -html/man3/OSSL_trace_enabled.html \ -html/man3/OSSL_trace_get_category_num.html \ -html/man3/OSSL_trace_set_channel.html \ -html/man3/OpenSSL_add_all_algorithms.html \ -html/man3/OpenSSL_version.html \ -html/man3/PEM_X509_INFO_read_bio_ex.html \ -html/man3/PEM_bytes_read_bio.html \ -html/man3/PEM_read.html \ -html/man3/PEM_read_CMS.html \ -html/man3/PEM_read_bio_PrivateKey.html \ -html/man3/PEM_read_bio_ex.html \ -html/man3/PEM_write_bio_CMS_stream.html \ -html/man3/PEM_write_bio_PKCS7_stream.html \ -html/man3/PKCS12_PBE_keyivgen.html \ -html/man3/PKCS12_SAFEBAG_create_cert.html \ -html/man3/PKCS12_SAFEBAG_get0_attrs.html \ -html/man3/PKCS12_SAFEBAG_get1_cert.html \ -html/man3/PKCS12_add1_attr_by_NID.html \ -html/man3/PKCS12_add_CSPName_asc.html \ -html/man3/PKCS12_add_cert.html \ -html/man3/PKCS12_add_friendlyname_asc.html \ -html/man3/PKCS12_add_localkeyid.html \ -html/man3/PKCS12_add_safe.html \ -html/man3/PKCS12_create.html \ -html/man3/PKCS12_decrypt_skey.html \ -html/man3/PKCS12_gen_mac.html \ -html/man3/PKCS12_get_friendlyname.html \ -html/man3/PKCS12_init.html \ -html/man3/PKCS12_item_decrypt_d2i.html \ -html/man3/PKCS12_key_gen_utf8_ex.html \ -html/man3/PKCS12_newpass.html \ -html/man3/PKCS12_pack_p7encdata.html \ -html/man3/PKCS12_parse.html \ -html/man3/PKCS5_PBE_keyivgen.html \ -html/man3/PKCS5_PBKDF2_HMAC.html \ -html/man3/PKCS7_decrypt.html \ -html/man3/PKCS7_encrypt.html \ -html/man3/PKCS7_get_octet_string.html \ -html/man3/PKCS7_sign.html \ -html/man3/PKCS7_sign_add_signer.html \ -html/man3/PKCS7_type_is_other.html \ -html/man3/PKCS7_verify.html \ -html/man3/PKCS8_encrypt.html \ -html/man3/PKCS8_pkey_add1_attr.html \ -html/man3/RAND_add.html \ -html/man3/RAND_bytes.html \ -html/man3/RAND_cleanup.html \ -html/man3/RAND_egd.html \ -html/man3/RAND_get0_primary.html \ -html/man3/RAND_load_file.html \ -html/man3/RAND_set_DRBG_type.html \ -html/man3/RAND_set_rand_method.html \ -html/man3/RC4_set_key.html \ -html/man3/RIPEMD160_Init.html \ -html/man3/RSA_blinding_on.html \ -html/man3/RSA_check_key.html \ -html/man3/RSA_generate_key.html \ -html/man3/RSA_get0_key.html \ -html/man3/RSA_meth_new.html \ -html/man3/RSA_new.html \ -html/man3/RSA_padding_add_PKCS1_type_1.html \ -html/man3/RSA_print.html \ -html/man3/RSA_private_encrypt.html \ -html/man3/RSA_public_encrypt.html \ -html/man3/RSA_set_method.html \ -html/man3/RSA_sign.html \ -html/man3/RSA_sign_ASN1_OCTET_STRING.html \ -html/man3/RSA_size.html \ -html/man3/SCT_new.html \ -html/man3/SCT_print.html \ -html/man3/SCT_validate.html \ -html/man3/SHA256_Init.html \ -html/man3/SMIME_read_ASN1.html \ -html/man3/SMIME_read_CMS.html \ -html/man3/SMIME_read_PKCS7.html \ -html/man3/SMIME_write_ASN1.html \ -html/man3/SMIME_write_CMS.html \ -html/man3/SMIME_write_PKCS7.html \ -html/man3/SRP_Calc_B.html \ -html/man3/SRP_VBASE_new.html \ -html/man3/SRP_create_verifier.html \ -html/man3/SRP_user_pwd_new.html \ -html/man3/SSL_CIPHER_get_name.html \ -html/man3/SSL_COMP_add_compression_method.html \ -html/man3/SSL_CONF_CTX_new.html \ -html/man3/SSL_CONF_CTX_set1_prefix.html \ -html/man3/SSL_CONF_CTX_set_flags.html \ -html/man3/SSL_CONF_CTX_set_ssl_ctx.html \ -html/man3/SSL_CONF_cmd.html \ -html/man3/SSL_CONF_cmd_argv.html \ -html/man3/SSL_CTX_add1_chain_cert.html \ -html/man3/SSL_CTX_add_extra_chain_cert.html \ -html/man3/SSL_CTX_add_session.html \ -html/man3/SSL_CTX_config.html \ -html/man3/SSL_CTX_ctrl.html \ -html/man3/SSL_CTX_dane_enable.html \ -html/man3/SSL_CTX_flush_sessions.html \ -html/man3/SSL_CTX_free.html \ -html/man3/SSL_CTX_get0_param.html \ -html/man3/SSL_CTX_get_verify_mode.html \ -html/man3/SSL_CTX_has_client_custom_ext.html \ -html/man3/SSL_CTX_load_verify_locations.html \ -html/man3/SSL_CTX_new.html \ -html/man3/SSL_CTX_sess_number.html \ -html/man3/SSL_CTX_sess_set_cache_size.html \ -html/man3/SSL_CTX_sess_set_get_cb.html \ -html/man3/SSL_CTX_sessions.html \ -html/man3/SSL_CTX_set0_CA_list.html \ -html/man3/SSL_CTX_set1_curves.html \ -html/man3/SSL_CTX_set1_sigalgs.html \ -html/man3/SSL_CTX_set1_verify_cert_store.html \ -html/man3/SSL_CTX_set_alpn_select_cb.html \ -html/man3/SSL_CTX_set_cert_cb.html \ -html/man3/SSL_CTX_set_cert_store.html \ -html/man3/SSL_CTX_set_cert_verify_callback.html \ -html/man3/SSL_CTX_set_cipher_list.html \ -html/man3/SSL_CTX_set_client_cert_cb.html \ -html/man3/SSL_CTX_set_client_hello_cb.html \ -html/man3/SSL_CTX_set_ct_validation_callback.html \ -html/man3/SSL_CTX_set_ctlog_list_file.html \ -html/man3/SSL_CTX_set_default_passwd_cb.html \ -html/man3/SSL_CTX_set_generate_session_id.html \ -html/man3/SSL_CTX_set_info_callback.html \ -html/man3/SSL_CTX_set_keylog_callback.html \ -html/man3/SSL_CTX_set_max_cert_list.html \ -html/man3/SSL_CTX_set_min_proto_version.html \ -html/man3/SSL_CTX_set_mode.html \ -html/man3/SSL_CTX_set_msg_callback.html \ -html/man3/SSL_CTX_set_num_tickets.html \ -html/man3/SSL_CTX_set_options.html \ -html/man3/SSL_CTX_set_psk_client_callback.html \ -html/man3/SSL_CTX_set_quiet_shutdown.html \ -html/man3/SSL_CTX_set_read_ahead.html \ -html/man3/SSL_CTX_set_record_padding_callback.html \ -html/man3/SSL_CTX_set_security_level.html \ -html/man3/SSL_CTX_set_session_cache_mode.html \ -html/man3/SSL_CTX_set_session_id_context.html \ -html/man3/SSL_CTX_set_session_ticket_cb.html \ -html/man3/SSL_CTX_set_split_send_fragment.html \ -html/man3/SSL_CTX_set_srp_password.html \ -html/man3/SSL_CTX_set_ssl_version.html \ -html/man3/SSL_CTX_set_stateless_cookie_generate_cb.html \ -html/man3/SSL_CTX_set_timeout.html \ -html/man3/SSL_CTX_set_tlsext_servername_callback.html \ -html/man3/SSL_CTX_set_tlsext_status_cb.html \ -html/man3/SSL_CTX_set_tlsext_ticket_key_cb.html \ -html/man3/SSL_CTX_set_tlsext_use_srtp.html \ -html/man3/SSL_CTX_set_tmp_dh_callback.html \ -html/man3/SSL_CTX_set_tmp_ecdh.html \ -html/man3/SSL_CTX_set_verify.html \ -html/man3/SSL_CTX_use_certificate.html \ -html/man3/SSL_CTX_use_psk_identity_hint.html \ -html/man3/SSL_CTX_use_serverinfo.html \ -html/man3/SSL_SESSION_free.html \ -html/man3/SSL_SESSION_get0_cipher.html \ -html/man3/SSL_SESSION_get0_hostname.html \ -html/man3/SSL_SESSION_get0_id_context.html \ -html/man3/SSL_SESSION_get0_peer.html \ -html/man3/SSL_SESSION_get_compress_id.html \ -html/man3/SSL_SESSION_get_protocol_version.html \ -html/man3/SSL_SESSION_get_time.html \ -html/man3/SSL_SESSION_has_ticket.html \ -html/man3/SSL_SESSION_is_resumable.html \ -html/man3/SSL_SESSION_print.html \ -html/man3/SSL_SESSION_set1_id.html \ -html/man3/SSL_accept.html \ -html/man3/SSL_alert_type_string.html \ -html/man3/SSL_alloc_buffers.html \ -html/man3/SSL_check_chain.html \ -html/man3/SSL_clear.html \ -html/man3/SSL_connect.html \ -html/man3/SSL_do_handshake.html \ -html/man3/SSL_export_keying_material.html \ -html/man3/SSL_extension_supported.html \ -html/man3/SSL_free.html \ -html/man3/SSL_get0_peer_scts.html \ -html/man3/SSL_get_SSL_CTX.html \ -html/man3/SSL_get_all_async_fds.html \ -html/man3/SSL_get_certificate.html \ -html/man3/SSL_get_ciphers.html \ -html/man3/SSL_get_client_random.html \ -html/man3/SSL_get_current_cipher.html \ -html/man3/SSL_get_default_timeout.html \ -html/man3/SSL_get_error.html \ -html/man3/SSL_get_extms_support.html \ -html/man3/SSL_get_fd.html \ -html/man3/SSL_get_peer_cert_chain.html \ -html/man3/SSL_get_peer_certificate.html \ -html/man3/SSL_get_peer_signature_nid.html \ -html/man3/SSL_get_peer_tmp_key.html \ -html/man3/SSL_get_psk_identity.html \ -html/man3/SSL_get_rbio.html \ -html/man3/SSL_get_session.html \ -html/man3/SSL_get_shared_sigalgs.html \ -html/man3/SSL_get_verify_result.html \ -html/man3/SSL_get_version.html \ -html/man3/SSL_group_to_name.html \ -html/man3/SSL_in_init.html \ -html/man3/SSL_key_update.html \ -html/man3/SSL_library_init.html \ -html/man3/SSL_load_client_CA_file.html \ -html/man3/SSL_new.html \ -html/man3/SSL_pending.html \ -html/man3/SSL_read.html \ -html/man3/SSL_read_early_data.html \ -html/man3/SSL_rstate_string.html \ -html/man3/SSL_session_reused.html \ -html/man3/SSL_set1_host.html \ -html/man3/SSL_set_async_callback.html \ -html/man3/SSL_set_bio.html \ -html/man3/SSL_set_connect_state.html \ -html/man3/SSL_set_fd.html \ -html/man3/SSL_set_retry_verify.html \ -html/man3/SSL_set_session.html \ -html/man3/SSL_set_shutdown.html \ -html/man3/SSL_set_verify_result.html \ -html/man3/SSL_shutdown.html \ -html/man3/SSL_state_string.html \ -html/man3/SSL_want.html \ -html/man3/SSL_write.html \ -html/man3/TS_RESP_CTX_new.html \ -html/man3/TS_VERIFY_CTX_set_certs.html \ -html/man3/UI_STRING.html \ -html/man3/UI_UTIL_read_pw.html \ -html/man3/UI_create_method.html \ -html/man3/UI_new.html \ -html/man3/X509V3_get_d2i.html \ -html/man3/X509V3_set_ctx.html \ -html/man3/X509_ALGOR_dup.html \ -html/man3/X509_CRL_get0_by_serial.html \ -html/man3/X509_EXTENSION_set_object.html \ -html/man3/X509_LOOKUP.html \ -html/man3/X509_LOOKUP_hash_dir.html \ -html/man3/X509_LOOKUP_meth_new.html \ -html/man3/X509_NAME_ENTRY_get_object.html \ -html/man3/X509_NAME_add_entry_by_txt.html \ -html/man3/X509_NAME_get0_der.html \ -html/man3/X509_NAME_get_index_by_NID.html \ -html/man3/X509_NAME_print_ex.html \ -html/man3/X509_PUBKEY_new.html \ -html/man3/X509_SIG_get0.html \ -html/man3/X509_STORE_CTX_get_error.html \ -html/man3/X509_STORE_CTX_new.html \ -html/man3/X509_STORE_CTX_set_verify_cb.html \ -html/man3/X509_STORE_add_cert.html \ -html/man3/X509_STORE_get0_param.html \ -html/man3/X509_STORE_new.html \ -html/man3/X509_STORE_set_verify_cb_func.html \ -html/man3/X509_VERIFY_PARAM_set_flags.html \ -html/man3/X509_add_cert.html \ -html/man3/X509_check_ca.html \ -html/man3/X509_check_host.html \ -html/man3/X509_check_issued.html \ -html/man3/X509_check_private_key.html \ -html/man3/X509_check_purpose.html \ -html/man3/X509_cmp.html \ -html/man3/X509_cmp_time.html \ -html/man3/X509_digest.html \ -html/man3/X509_dup.html \ -html/man3/X509_get0_distinguishing_id.html \ -html/man3/X509_get0_notBefore.html \ -html/man3/X509_get0_signature.html \ -html/man3/X509_get0_uids.html \ -html/man3/X509_get_extension_flags.html \ -html/man3/X509_get_pubkey.html \ -html/man3/X509_get_serialNumber.html \ -html/man3/X509_get_subject_name.html \ -html/man3/X509_get_version.html \ -html/man3/X509_load_http.html \ -html/man3/X509_new.html \ -html/man3/X509_sign.html \ -html/man3/X509_verify.html \ -html/man3/X509_verify_cert.html \ -html/man3/X509v3_get_ext_by_NID.html \ -html/man3/b2i_PVK_bio_ex.html \ -html/man3/d2i_PKCS8PrivateKey_bio.html \ -html/man3/d2i_PrivateKey.html \ -html/man3/d2i_RSAPrivateKey.html \ -html/man3/d2i_SSL_SESSION.html \ -html/man3/d2i_X509.html \ -html/man3/i2d_CMS_bio_stream.html \ -html/man3/i2d_PKCS7_bio_stream.html \ -html/man3/i2d_re_X509_tbs.html \ -html/man3/o2i_SCT_LIST.html \ -html/man3/s2i_ASN1_IA5STRING.html -MANDOCS[man3]=man/man3/ADMISSIONS.3 \ -man/man3/ASN1_EXTERN_FUNCS.3 \ -man/man3/ASN1_INTEGER_get_int64.3 \ -man/man3/ASN1_INTEGER_new.3 \ -man/man3/ASN1_ITEM_lookup.3 \ -man/man3/ASN1_OBJECT_new.3 \ -man/man3/ASN1_STRING_TABLE_add.3 \ -man/man3/ASN1_STRING_length.3 \ -man/man3/ASN1_STRING_new.3 \ -man/man3/ASN1_STRING_print_ex.3 \ -man/man3/ASN1_TIME_set.3 \ -man/man3/ASN1_TYPE_get.3 \ -man/man3/ASN1_aux_cb.3 \ -man/man3/ASN1_generate_nconf.3 \ -man/man3/ASN1_item_d2i_bio.3 \ -man/man3/ASN1_item_new.3 \ -man/man3/ASN1_item_sign.3 \ -man/man3/ASYNC_WAIT_CTX_new.3 \ -man/man3/ASYNC_start_job.3 \ -man/man3/BF_encrypt.3 \ -man/man3/BIO_ADDR.3 \ -man/man3/BIO_ADDRINFO.3 \ -man/man3/BIO_connect.3 \ -man/man3/BIO_ctrl.3 \ -man/man3/BIO_f_base64.3 \ -man/man3/BIO_f_buffer.3 \ -man/man3/BIO_f_cipher.3 \ -man/man3/BIO_f_md.3 \ -man/man3/BIO_f_null.3 \ -man/man3/BIO_f_prefix.3 \ -man/man3/BIO_f_readbuffer.3 \ -man/man3/BIO_f_ssl.3 \ -man/man3/BIO_find_type.3 \ -man/man3/BIO_get_data.3 \ -man/man3/BIO_get_ex_new_index.3 \ -man/man3/BIO_meth_new.3 \ -man/man3/BIO_new.3 \ -man/man3/BIO_new_CMS.3 \ -man/man3/BIO_parse_hostserv.3 \ -man/man3/BIO_printf.3 \ -man/man3/BIO_push.3 \ -man/man3/BIO_read.3 \ -man/man3/BIO_s_accept.3 \ -man/man3/BIO_s_bio.3 \ -man/man3/BIO_s_connect.3 \ -man/man3/BIO_s_core.3 \ -man/man3/BIO_s_fd.3 \ -man/man3/BIO_s_file.3 \ -man/man3/BIO_s_mem.3 \ -man/man3/BIO_s_null.3 \ -man/man3/BIO_s_socket.3 \ -man/man3/BIO_set_callback.3 \ -man/man3/BIO_should_retry.3 \ -man/man3/BIO_socket_wait.3 \ -man/man3/BN_BLINDING_new.3 \ -man/man3/BN_CTX_new.3 \ -man/man3/BN_CTX_start.3 \ -man/man3/BN_add.3 \ -man/man3/BN_add_word.3 \ -man/man3/BN_bn2bin.3 \ -man/man3/BN_cmp.3 \ -man/man3/BN_copy.3 \ -man/man3/BN_generate_prime.3 \ -man/man3/BN_mod_exp_mont.3 \ -man/man3/BN_mod_inverse.3 \ -man/man3/BN_mod_mul_montgomery.3 \ -man/man3/BN_mod_mul_reciprocal.3 \ -man/man3/BN_new.3 \ -man/man3/BN_num_bytes.3 \ -man/man3/BN_rand.3 \ -man/man3/BN_security_bits.3 \ -man/man3/BN_set_bit.3 \ -man/man3/BN_swap.3 \ -man/man3/BN_zero.3 \ -man/man3/BUF_MEM_new.3 \ -man/man3/CMS_EncryptedData_decrypt.3 \ -man/man3/CMS_EncryptedData_encrypt.3 \ -man/man3/CMS_EnvelopedData_create.3 \ -man/man3/CMS_add0_cert.3 \ -man/man3/CMS_add1_recipient_cert.3 \ -man/man3/CMS_add1_signer.3 \ -man/man3/CMS_compress.3 \ -man/man3/CMS_data_create.3 \ -man/man3/CMS_decrypt.3 \ -man/man3/CMS_digest_create.3 \ -man/man3/CMS_encrypt.3 \ -man/man3/CMS_final.3 \ -man/man3/CMS_get0_RecipientInfos.3 \ -man/man3/CMS_get0_SignerInfos.3 \ -man/man3/CMS_get0_type.3 \ -man/man3/CMS_get1_ReceiptRequest.3 \ -man/man3/CMS_sign.3 \ -man/man3/CMS_sign_receipt.3 \ -man/man3/CMS_uncompress.3 \ -man/man3/CMS_verify.3 \ -man/man3/CMS_verify_receipt.3 \ -man/man3/CONF_modules_free.3 \ -man/man3/CONF_modules_load_file.3 \ -man/man3/CRYPTO_THREAD_run_once.3 \ -man/man3/CRYPTO_get_ex_new_index.3 \ -man/man3/CRYPTO_memcmp.3 \ -man/man3/CTLOG_STORE_get0_log_by_id.3 \ -man/man3/CTLOG_STORE_new.3 \ -man/man3/CTLOG_new.3 \ -man/man3/CT_POLICY_EVAL_CTX_new.3 \ -man/man3/DEFINE_STACK_OF.3 \ -man/man3/DES_random_key.3 \ -man/man3/DH_generate_key.3 \ -man/man3/DH_generate_parameters.3 \ -man/man3/DH_get0_pqg.3 \ -man/man3/DH_get_1024_160.3 \ -man/man3/DH_meth_new.3 \ -man/man3/DH_new.3 \ -man/man3/DH_new_by_nid.3 \ -man/man3/DH_set_method.3 \ -man/man3/DH_size.3 \ -man/man3/DSA_SIG_new.3 \ -man/man3/DSA_do_sign.3 \ -man/man3/DSA_dup_DH.3 \ -man/man3/DSA_generate_key.3 \ -man/man3/DSA_generate_parameters.3 \ -man/man3/DSA_get0_pqg.3 \ -man/man3/DSA_meth_new.3 \ -man/man3/DSA_new.3 \ -man/man3/DSA_set_method.3 \ -man/man3/DSA_sign.3 \ -man/man3/DSA_size.3 \ -man/man3/DTLS_get_data_mtu.3 \ -man/man3/DTLS_set_timer_cb.3 \ -man/man3/DTLSv1_listen.3 \ -man/man3/ECDSA_SIG_new.3 \ -man/man3/ECPKParameters_print.3 \ -man/man3/EC_GFp_simple_method.3 \ -man/man3/EC_GROUP_copy.3 \ -man/man3/EC_GROUP_new.3 \ -man/man3/EC_KEY_get_enc_flags.3 \ -man/man3/EC_KEY_new.3 \ -man/man3/EC_POINT_add.3 \ -man/man3/EC_POINT_new.3 \ -man/man3/ENGINE_add.3 \ -man/man3/ERR_GET_LIB.3 \ -man/man3/ERR_clear_error.3 \ -man/man3/ERR_error_string.3 \ -man/man3/ERR_get_error.3 \ -man/man3/ERR_load_crypto_strings.3 \ -man/man3/ERR_load_strings.3 \ -man/man3/ERR_new.3 \ -man/man3/ERR_print_errors.3 \ -man/man3/ERR_put_error.3 \ -man/man3/ERR_remove_state.3 \ -man/man3/ERR_set_mark.3 \ -man/man3/EVP_ASYM_CIPHER_free.3 \ -man/man3/EVP_BytesToKey.3 \ -man/man3/EVP_CIPHER_CTX_get_cipher_data.3 \ -man/man3/EVP_CIPHER_CTX_get_original_iv.3 \ -man/man3/EVP_CIPHER_meth_new.3 \ -man/man3/EVP_DigestInit.3 \ -man/man3/EVP_DigestSignInit.3 \ -man/man3/EVP_DigestVerifyInit.3 \ -man/man3/EVP_EncodeInit.3 \ -man/man3/EVP_EncryptInit.3 \ -man/man3/EVP_KDF.3 \ -man/man3/EVP_KEM_free.3 \ -man/man3/EVP_KEYEXCH_free.3 \ -man/man3/EVP_KEYMGMT.3 \ -man/man3/EVP_MAC.3 \ -man/man3/EVP_MD_meth_new.3 \ -man/man3/EVP_OpenInit.3 \ -man/man3/EVP_PBE_CipherInit.3 \ -man/man3/EVP_PKEY2PKCS8.3 \ -man/man3/EVP_PKEY_ASN1_METHOD.3 \ -man/man3/EVP_PKEY_CTX_ctrl.3 \ -man/man3/EVP_PKEY_CTX_get0_libctx.3 \ -man/man3/EVP_PKEY_CTX_new.3 \ -man/man3/EVP_PKEY_CTX_set1_pbe_pass.3 \ -man/man3/EVP_PKEY_CTX_set_hkdf_md.3 \ -man/man3/EVP_PKEY_CTX_set_params.3 \ -man/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.3 \ -man/man3/EVP_PKEY_CTX_set_scrypt_N.3 \ -man/man3/EVP_PKEY_CTX_set_tls1_prf_md.3 \ -man/man3/EVP_PKEY_asn1_get_count.3 \ -man/man3/EVP_PKEY_check.3 \ -man/man3/EVP_PKEY_copy_parameters.3 \ -man/man3/EVP_PKEY_decapsulate.3 \ -man/man3/EVP_PKEY_decrypt.3 \ -man/man3/EVP_PKEY_derive.3 \ -man/man3/EVP_PKEY_digestsign_supports_digest.3 \ -man/man3/EVP_PKEY_encapsulate.3 \ -man/man3/EVP_PKEY_encrypt.3 \ -man/man3/EVP_PKEY_fromdata.3 \ -man/man3/EVP_PKEY_get_default_digest_nid.3 \ -man/man3/EVP_PKEY_get_field_type.3 \ -man/man3/EVP_PKEY_get_group_name.3 \ -man/man3/EVP_PKEY_get_size.3 \ -man/man3/EVP_PKEY_gettable_params.3 \ -man/man3/EVP_PKEY_is_a.3 \ -man/man3/EVP_PKEY_keygen.3 \ -man/man3/EVP_PKEY_meth_get_count.3 \ -man/man3/EVP_PKEY_meth_new.3 \ -man/man3/EVP_PKEY_new.3 \ -man/man3/EVP_PKEY_print_private.3 \ -man/man3/EVP_PKEY_set1_RSA.3 \ -man/man3/EVP_PKEY_set1_encoded_public_key.3 \ -man/man3/EVP_PKEY_set_type.3 \ -man/man3/EVP_PKEY_settable_params.3 \ -man/man3/EVP_PKEY_sign.3 \ -man/man3/EVP_PKEY_todata.3 \ -man/man3/EVP_PKEY_verify.3 \ -man/man3/EVP_PKEY_verify_recover.3 \ -man/man3/EVP_RAND.3 \ -man/man3/EVP_SIGNATURE.3 \ -man/man3/EVP_SealInit.3 \ -man/man3/EVP_SignInit.3 \ -man/man3/EVP_VerifyInit.3 \ -man/man3/EVP_aes_128_gcm.3 \ -man/man3/EVP_aria_128_gcm.3 \ -man/man3/EVP_bf_cbc.3 \ -man/man3/EVP_blake2b512.3 \ -man/man3/EVP_camellia_128_ecb.3 \ -man/man3/EVP_cast5_cbc.3 \ -man/man3/EVP_chacha20.3 \ -man/man3/EVP_des_cbc.3 \ -man/man3/EVP_desx_cbc.3 \ -man/man3/EVP_idea_cbc.3 \ -man/man3/EVP_md2.3 \ -man/man3/EVP_md4.3 \ -man/man3/EVP_md5.3 \ -man/man3/EVP_mdc2.3 \ -man/man3/EVP_rc2_cbc.3 \ -man/man3/EVP_rc4.3 \ -man/man3/EVP_rc5_32_12_16_cbc.3 \ -man/man3/EVP_ripemd160.3 \ -man/man3/EVP_seed_cbc.3 \ -man/man3/EVP_set_default_properties.3 \ -man/man3/EVP_sha1.3 \ -man/man3/EVP_sha224.3 \ -man/man3/EVP_sha3_224.3 \ -man/man3/EVP_sm3.3 \ -man/man3/EVP_sm4_cbc.3 \ -man/man3/EVP_whirlpool.3 \ -man/man3/HMAC.3 \ -man/man3/MD5.3 \ -man/man3/MDC2_Init.3 \ -man/man3/NCONF_new_ex.3 \ -man/man3/OBJ_nid2obj.3 \ -man/man3/OCSP_REQUEST_new.3 \ -man/man3/OCSP_cert_to_id.3 \ -man/man3/OCSP_request_add1_nonce.3 \ -man/man3/OCSP_resp_find_status.3 \ -man/man3/OCSP_response_status.3 \ -man/man3/OCSP_sendreq_new.3 \ -man/man3/OPENSSL_Applink.3 \ -man/man3/OPENSSL_FILE.3 \ -man/man3/OPENSSL_LH_COMPFUNC.3 \ -man/man3/OPENSSL_LH_stats.3 \ -man/man3/OPENSSL_config.3 \ -man/man3/OPENSSL_fork_prepare.3 \ -man/man3/OPENSSL_gmtime.3 \ -man/man3/OPENSSL_hexchar2int.3 \ -man/man3/OPENSSL_ia32cap.3 \ -man/man3/OPENSSL_init_crypto.3 \ -man/man3/OPENSSL_init_ssl.3 \ -man/man3/OPENSSL_instrument_bus.3 \ -man/man3/OPENSSL_load_builtin_modules.3 \ -man/man3/OPENSSL_malloc.3 \ -man/man3/OPENSSL_s390xcap.3 \ -man/man3/OPENSSL_secure_malloc.3 \ -man/man3/OPENSSL_strcasecmp.3 \ -man/man3/OSSL_CMP_CTX_new.3 \ -man/man3/OSSL_CMP_HDR_get0_transactionID.3 \ -man/man3/OSSL_CMP_ITAV_set0.3 \ -man/man3/OSSL_CMP_MSG_get0_header.3 \ -man/man3/OSSL_CMP_MSG_http_perform.3 \ -man/man3/OSSL_CMP_SRV_CTX_new.3 \ -man/man3/OSSL_CMP_STATUSINFO_new.3 \ -man/man3/OSSL_CMP_exec_certreq.3 \ -man/man3/OSSL_CMP_log_open.3 \ -man/man3/OSSL_CMP_validate_msg.3 \ -man/man3/OSSL_CORE_MAKE_FUNC.3 \ -man/man3/OSSL_CRMF_MSG_get0_tmpl.3 \ -man/man3/OSSL_CRMF_MSG_set0_validity.3 \ -man/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.3 \ -man/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.3 \ -man/man3/OSSL_CRMF_pbmp_new.3 \ -man/man3/OSSL_DECODER.3 \ -man/man3/OSSL_DECODER_CTX.3 \ -man/man3/OSSL_DECODER_CTX_new_for_pkey.3 \ -man/man3/OSSL_DECODER_from_bio.3 \ -man/man3/OSSL_ENCODER.3 \ -man/man3/OSSL_ENCODER_CTX.3 \ -man/man3/OSSL_ENCODER_CTX_new_for_pkey.3 \ -man/man3/OSSL_ENCODER_to_bio.3 \ -man/man3/OSSL_ESS_check_signing_certs.3 \ -man/man3/OSSL_HTTP_REQ_CTX.3 \ -man/man3/OSSL_HTTP_parse_url.3 \ -man/man3/OSSL_HTTP_transfer.3 \ -man/man3/OSSL_LIB_CTX.3 \ -man/man3/OSSL_PARAM.3 \ -man/man3/OSSL_PARAM_BLD.3 \ -man/man3/OSSL_PARAM_allocate_from_text.3 \ -man/man3/OSSL_PARAM_dup.3 \ -man/man3/OSSL_PARAM_int.3 \ -man/man3/OSSL_PROVIDER.3 \ -man/man3/OSSL_SELF_TEST_new.3 \ -man/man3/OSSL_SELF_TEST_set_callback.3 \ -man/man3/OSSL_STORE_INFO.3 \ -man/man3/OSSL_STORE_LOADER.3 \ -man/man3/OSSL_STORE_SEARCH.3 \ -man/man3/OSSL_STORE_attach.3 \ -man/man3/OSSL_STORE_expect.3 \ -man/man3/OSSL_STORE_open.3 \ -man/man3/OSSL_trace_enabled.3 \ -man/man3/OSSL_trace_get_category_num.3 \ -man/man3/OSSL_trace_set_channel.3 \ -man/man3/OpenSSL_add_all_algorithms.3 \ -man/man3/OpenSSL_version.3 \ -man/man3/PEM_X509_INFO_read_bio_ex.3 \ -man/man3/PEM_bytes_read_bio.3 \ -man/man3/PEM_read.3 \ -man/man3/PEM_read_CMS.3 \ -man/man3/PEM_read_bio_PrivateKey.3 \ -man/man3/PEM_read_bio_ex.3 \ -man/man3/PEM_write_bio_CMS_stream.3 \ -man/man3/PEM_write_bio_PKCS7_stream.3 \ -man/man3/PKCS12_PBE_keyivgen.3 \ -man/man3/PKCS12_SAFEBAG_create_cert.3 \ -man/man3/PKCS12_SAFEBAG_get0_attrs.3 \ -man/man3/PKCS12_SAFEBAG_get1_cert.3 \ -man/man3/PKCS12_add1_attr_by_NID.3 \ -man/man3/PKCS12_add_CSPName_asc.3 \ -man/man3/PKCS12_add_cert.3 \ -man/man3/PKCS12_add_friendlyname_asc.3 \ -man/man3/PKCS12_add_localkeyid.3 \ -man/man3/PKCS12_add_safe.3 \ -man/man3/PKCS12_create.3 \ -man/man3/PKCS12_decrypt_skey.3 \ -man/man3/PKCS12_gen_mac.3 \ -man/man3/PKCS12_get_friendlyname.3 \ -man/man3/PKCS12_init.3 \ -man/man3/PKCS12_item_decrypt_d2i.3 \ -man/man3/PKCS12_key_gen_utf8_ex.3 \ -man/man3/PKCS12_newpass.3 \ -man/man3/PKCS12_pack_p7encdata.3 \ -man/man3/PKCS12_parse.3 \ -man/man3/PKCS5_PBE_keyivgen.3 \ -man/man3/PKCS5_PBKDF2_HMAC.3 \ -man/man3/PKCS7_decrypt.3 \ -man/man3/PKCS7_encrypt.3 \ -man/man3/PKCS7_get_octet_string.3 \ -man/man3/PKCS7_sign.3 \ -man/man3/PKCS7_sign_add_signer.3 \ -man/man3/PKCS7_type_is_other.3 \ -man/man3/PKCS7_verify.3 \ -man/man3/PKCS8_encrypt.3 \ -man/man3/PKCS8_pkey_add1_attr.3 \ -man/man3/RAND_add.3 \ -man/man3/RAND_bytes.3 \ -man/man3/RAND_cleanup.3 \ -man/man3/RAND_egd.3 \ -man/man3/RAND_get0_primary.3 \ -man/man3/RAND_load_file.3 \ -man/man3/RAND_set_DRBG_type.3 \ -man/man3/RAND_set_rand_method.3 \ -man/man3/RC4_set_key.3 \ -man/man3/RIPEMD160_Init.3 \ -man/man3/RSA_blinding_on.3 \ -man/man3/RSA_check_key.3 \ -man/man3/RSA_generate_key.3 \ -man/man3/RSA_get0_key.3 \ -man/man3/RSA_meth_new.3 \ -man/man3/RSA_new.3 \ -man/man3/RSA_padding_add_PKCS1_type_1.3 \ -man/man3/RSA_print.3 \ -man/man3/RSA_private_encrypt.3 \ -man/man3/RSA_public_encrypt.3 \ -man/man3/RSA_set_method.3 \ -man/man3/RSA_sign.3 \ -man/man3/RSA_sign_ASN1_OCTET_STRING.3 \ -man/man3/RSA_size.3 \ -man/man3/SCT_new.3 \ -man/man3/SCT_print.3 \ -man/man3/SCT_validate.3 \ -man/man3/SHA256_Init.3 \ -man/man3/SMIME_read_ASN1.3 \ -man/man3/SMIME_read_CMS.3 \ -man/man3/SMIME_read_PKCS7.3 \ -man/man3/SMIME_write_ASN1.3 \ -man/man3/SMIME_write_CMS.3 \ -man/man3/SMIME_write_PKCS7.3 \ -man/man3/SRP_Calc_B.3 \ -man/man3/SRP_VBASE_new.3 \ -man/man3/SRP_create_verifier.3 \ -man/man3/SRP_user_pwd_new.3 \ -man/man3/SSL_CIPHER_get_name.3 \ -man/man3/SSL_COMP_add_compression_method.3 \ -man/man3/SSL_CONF_CTX_new.3 \ -man/man3/SSL_CONF_CTX_set1_prefix.3 \ -man/man3/SSL_CONF_CTX_set_flags.3 \ -man/man3/SSL_CONF_CTX_set_ssl_ctx.3 \ -man/man3/SSL_CONF_cmd.3 \ -man/man3/SSL_CONF_cmd_argv.3 \ -man/man3/SSL_CTX_add1_chain_cert.3 \ -man/man3/SSL_CTX_add_extra_chain_cert.3 \ -man/man3/SSL_CTX_add_session.3 \ -man/man3/SSL_CTX_config.3 \ -man/man3/SSL_CTX_ctrl.3 \ -man/man3/SSL_CTX_dane_enable.3 \ -man/man3/SSL_CTX_flush_sessions.3 \ -man/man3/SSL_CTX_free.3 \ -man/man3/SSL_CTX_get0_param.3 \ -man/man3/SSL_CTX_get_verify_mode.3 \ -man/man3/SSL_CTX_has_client_custom_ext.3 \ -man/man3/SSL_CTX_load_verify_locations.3 \ -man/man3/SSL_CTX_new.3 \ -man/man3/SSL_CTX_sess_number.3 \ -man/man3/SSL_CTX_sess_set_cache_size.3 \ -man/man3/SSL_CTX_sess_set_get_cb.3 \ -man/man3/SSL_CTX_sessions.3 \ -man/man3/SSL_CTX_set0_CA_list.3 \ -man/man3/SSL_CTX_set1_curves.3 \ -man/man3/SSL_CTX_set1_sigalgs.3 \ -man/man3/SSL_CTX_set1_verify_cert_store.3 \ -man/man3/SSL_CTX_set_alpn_select_cb.3 \ -man/man3/SSL_CTX_set_cert_cb.3 \ -man/man3/SSL_CTX_set_cert_store.3 \ -man/man3/SSL_CTX_set_cert_verify_callback.3 \ -man/man3/SSL_CTX_set_cipher_list.3 \ -man/man3/SSL_CTX_set_client_cert_cb.3 \ -man/man3/SSL_CTX_set_client_hello_cb.3 \ -man/man3/SSL_CTX_set_ct_validation_callback.3 \ -man/man3/SSL_CTX_set_ctlog_list_file.3 \ -man/man3/SSL_CTX_set_default_passwd_cb.3 \ -man/man3/SSL_CTX_set_generate_session_id.3 \ -man/man3/SSL_CTX_set_info_callback.3 \ -man/man3/SSL_CTX_set_keylog_callback.3 \ -man/man3/SSL_CTX_set_max_cert_list.3 \ -man/man3/SSL_CTX_set_min_proto_version.3 \ -man/man3/SSL_CTX_set_mode.3 \ -man/man3/SSL_CTX_set_msg_callback.3 \ -man/man3/SSL_CTX_set_num_tickets.3 \ -man/man3/SSL_CTX_set_options.3 \ -man/man3/SSL_CTX_set_psk_client_callback.3 \ -man/man3/SSL_CTX_set_quiet_shutdown.3 \ -man/man3/SSL_CTX_set_read_ahead.3 \ -man/man3/SSL_CTX_set_record_padding_callback.3 \ -man/man3/SSL_CTX_set_security_level.3 \ -man/man3/SSL_CTX_set_session_cache_mode.3 \ -man/man3/SSL_CTX_set_session_id_context.3 \ -man/man3/SSL_CTX_set_session_ticket_cb.3 \ -man/man3/SSL_CTX_set_split_send_fragment.3 \ -man/man3/SSL_CTX_set_srp_password.3 \ -man/man3/SSL_CTX_set_ssl_version.3 \ -man/man3/SSL_CTX_set_stateless_cookie_generate_cb.3 \ -man/man3/SSL_CTX_set_timeout.3 \ -man/man3/SSL_CTX_set_tlsext_servername_callback.3 \ -man/man3/SSL_CTX_set_tlsext_status_cb.3 \ -man/man3/SSL_CTX_set_tlsext_ticket_key_cb.3 \ -man/man3/SSL_CTX_set_tlsext_use_srtp.3 \ -man/man3/SSL_CTX_set_tmp_dh_callback.3 \ -man/man3/SSL_CTX_set_tmp_ecdh.3 \ -man/man3/SSL_CTX_set_verify.3 \ -man/man3/SSL_CTX_use_certificate.3 \ -man/man3/SSL_CTX_use_psk_identity_hint.3 \ -man/man3/SSL_CTX_use_serverinfo.3 \ -man/man3/SSL_SESSION_free.3 \ -man/man3/SSL_SESSION_get0_cipher.3 \ -man/man3/SSL_SESSION_get0_hostname.3 \ -man/man3/SSL_SESSION_get0_id_context.3 \ -man/man3/SSL_SESSION_get0_peer.3 \ -man/man3/SSL_SESSION_get_compress_id.3 \ -man/man3/SSL_SESSION_get_protocol_version.3 \ -man/man3/SSL_SESSION_get_time.3 \ -man/man3/SSL_SESSION_has_ticket.3 \ -man/man3/SSL_SESSION_is_resumable.3 \ -man/man3/SSL_SESSION_print.3 \ -man/man3/SSL_SESSION_set1_id.3 \ -man/man3/SSL_accept.3 \ -man/man3/SSL_alert_type_string.3 \ -man/man3/SSL_alloc_buffers.3 \ -man/man3/SSL_check_chain.3 \ -man/man3/SSL_clear.3 \ -man/man3/SSL_connect.3 \ -man/man3/SSL_do_handshake.3 \ -man/man3/SSL_export_keying_material.3 \ -man/man3/SSL_extension_supported.3 \ -man/man3/SSL_free.3 \ -man/man3/SSL_get0_peer_scts.3 \ -man/man3/SSL_get_SSL_CTX.3 \ -man/man3/SSL_get_all_async_fds.3 \ -man/man3/SSL_get_certificate.3 \ -man/man3/SSL_get_ciphers.3 \ -man/man3/SSL_get_client_random.3 \ -man/man3/SSL_get_current_cipher.3 \ -man/man3/SSL_get_default_timeout.3 \ -man/man3/SSL_get_error.3 \ -man/man3/SSL_get_extms_support.3 \ -man/man3/SSL_get_fd.3 \ -man/man3/SSL_get_peer_cert_chain.3 \ -man/man3/SSL_get_peer_certificate.3 \ -man/man3/SSL_get_peer_signature_nid.3 \ -man/man3/SSL_get_peer_tmp_key.3 \ -man/man3/SSL_get_psk_identity.3 \ -man/man3/SSL_get_rbio.3 \ -man/man3/SSL_get_session.3 \ -man/man3/SSL_get_shared_sigalgs.3 \ -man/man3/SSL_get_verify_result.3 \ -man/man3/SSL_get_version.3 \ -man/man3/SSL_group_to_name.3 \ -man/man3/SSL_in_init.3 \ -man/man3/SSL_key_update.3 \ -man/man3/SSL_library_init.3 \ -man/man3/SSL_load_client_CA_file.3 \ -man/man3/SSL_new.3 \ -man/man3/SSL_pending.3 \ -man/man3/SSL_read.3 \ -man/man3/SSL_read_early_data.3 \ -man/man3/SSL_rstate_string.3 \ -man/man3/SSL_session_reused.3 \ -man/man3/SSL_set1_host.3 \ -man/man3/SSL_set_async_callback.3 \ -man/man3/SSL_set_bio.3 \ -man/man3/SSL_set_connect_state.3 \ -man/man3/SSL_set_fd.3 \ -man/man3/SSL_set_retry_verify.3 \ -man/man3/SSL_set_session.3 \ -man/man3/SSL_set_shutdown.3 \ -man/man3/SSL_set_verify_result.3 \ -man/man3/SSL_shutdown.3 \ -man/man3/SSL_state_string.3 \ -man/man3/SSL_want.3 \ -man/man3/SSL_write.3 \ -man/man3/TS_RESP_CTX_new.3 \ -man/man3/TS_VERIFY_CTX_set_certs.3 \ -man/man3/UI_STRING.3 \ -man/man3/UI_UTIL_read_pw.3 \ -man/man3/UI_create_method.3 \ -man/man3/UI_new.3 \ -man/man3/X509V3_get_d2i.3 \ -man/man3/X509V3_set_ctx.3 \ -man/man3/X509_ALGOR_dup.3 \ -man/man3/X509_CRL_get0_by_serial.3 \ -man/man3/X509_EXTENSION_set_object.3 \ -man/man3/X509_LOOKUP.3 \ -man/man3/X509_LOOKUP_hash_dir.3 \ -man/man3/X509_LOOKUP_meth_new.3 \ -man/man3/X509_NAME_ENTRY_get_object.3 \ -man/man3/X509_NAME_add_entry_by_txt.3 \ -man/man3/X509_NAME_get0_der.3 \ -man/man3/X509_NAME_get_index_by_NID.3 \ -man/man3/X509_NAME_print_ex.3 \ -man/man3/X509_PUBKEY_new.3 \ -man/man3/X509_SIG_get0.3 \ -man/man3/X509_STORE_CTX_get_error.3 \ -man/man3/X509_STORE_CTX_new.3 \ -man/man3/X509_STORE_CTX_set_verify_cb.3 \ -man/man3/X509_STORE_add_cert.3 \ -man/man3/X509_STORE_get0_param.3 \ -man/man3/X509_STORE_new.3 \ -man/man3/X509_STORE_set_verify_cb_func.3 \ -man/man3/X509_VERIFY_PARAM_set_flags.3 \ -man/man3/X509_add_cert.3 \ -man/man3/X509_check_ca.3 \ -man/man3/X509_check_host.3 \ -man/man3/X509_check_issued.3 \ -man/man3/X509_check_private_key.3 \ -man/man3/X509_check_purpose.3 \ -man/man3/X509_cmp.3 \ -man/man3/X509_cmp_time.3 \ -man/man3/X509_digest.3 \ -man/man3/X509_dup.3 \ -man/man3/X509_get0_distinguishing_id.3 \ -man/man3/X509_get0_notBefore.3 \ -man/man3/X509_get0_signature.3 \ -man/man3/X509_get0_uids.3 \ -man/man3/X509_get_extension_flags.3 \ -man/man3/X509_get_pubkey.3 \ -man/man3/X509_get_serialNumber.3 \ -man/man3/X509_get_subject_name.3 \ -man/man3/X509_get_version.3 \ -man/man3/X509_load_http.3 \ -man/man3/X509_new.3 \ -man/man3/X509_sign.3 \ -man/man3/X509_verify.3 \ -man/man3/X509_verify_cert.3 \ -man/man3/X509v3_get_ext_by_NID.3 \ -man/man3/b2i_PVK_bio_ex.3 \ -man/man3/d2i_PKCS8PrivateKey_bio.3 \ -man/man3/d2i_PrivateKey.3 \ -man/man3/d2i_RSAPrivateKey.3 \ -man/man3/d2i_SSL_SESSION.3 \ -man/man3/d2i_X509.3 \ -man/man3/i2d_CMS_bio_stream.3 \ -man/man3/i2d_PKCS7_bio_stream.3 \ -man/man3/i2d_re_X509_tbs.3 \ -man/man3/o2i_SCT_LIST.3 \ -man/man3/s2i_ASN1_IA5STRING.3 -DEPEND[html/man5/config.html]=man5/config.pod -GENERATE[html/man5/config.html]=man5/config.pod -DEPEND[man/man5/config.5]=man5/config.pod -GENERATE[man/man5/config.5]=man5/config.pod -DEPEND[html/man5/fips_config.html]=man5/fips_config.pod -GENERATE[html/man5/fips_config.html]=man5/fips_config.pod -DEPEND[man/man5/fips_config.5]=man5/fips_config.pod -GENERATE[man/man5/fips_config.5]=man5/fips_config.pod -DEPEND[html/man5/x509v3_config.html]=man5/x509v3_config.pod -GENERATE[html/man5/x509v3_config.html]=man5/x509v3_config.pod -DEPEND[man/man5/x509v3_config.5]=man5/x509v3_config.pod -GENERATE[man/man5/x509v3_config.5]=man5/x509v3_config.pod -IMAGEDOCS[man5]= -HTMLDOCS[man5]=html/man5/config.html \ -html/man5/fips_config.html \ -html/man5/x509v3_config.html -MANDOCS[man5]=man/man5/config.5 \ -man/man5/fips_config.5 \ -man/man5/x509v3_config.5 -DEPEND[html/man7/EVP_ASYM_CIPHER-SM2.html]=man7/EVP_ASYM_CIPHER-SM2.pod -GENERATE[html/man7/EVP_ASYM_CIPHER-SM2.html]=man7/EVP_ASYM_CIPHER-SM2.pod -DEPEND[man/man7/EVP_ASYM_CIPHER-SM2.7]=man7/EVP_ASYM_CIPHER-SM2.pod -GENERATE[man/man7/EVP_ASYM_CIPHER-SM2.7]=man7/EVP_ASYM_CIPHER-SM2.pod -DEPEND[html/man7/EVP_CIPHER-AES.html]=man7/EVP_CIPHER-AES.pod -GENERATE[html/man7/EVP_CIPHER-AES.html]=man7/EVP_CIPHER-AES.pod -DEPEND[man/man7/EVP_CIPHER-AES.7]=man7/EVP_CIPHER-AES.pod -GENERATE[man/man7/EVP_CIPHER-AES.7]=man7/EVP_CIPHER-AES.pod -DEPEND[html/man7/EVP_CIPHER-ARIA.html]=man7/EVP_CIPHER-ARIA.pod -GENERATE[html/man7/EVP_CIPHER-ARIA.html]=man7/EVP_CIPHER-ARIA.pod -DEPEND[man/man7/EVP_CIPHER-ARIA.7]=man7/EVP_CIPHER-ARIA.pod -GENERATE[man/man7/EVP_CIPHER-ARIA.7]=man7/EVP_CIPHER-ARIA.pod -DEPEND[html/man7/EVP_CIPHER-BLOWFISH.html]=man7/EVP_CIPHER-BLOWFISH.pod -GENERATE[html/man7/EVP_CIPHER-BLOWFISH.html]=man7/EVP_CIPHER-BLOWFISH.pod -DEPEND[man/man7/EVP_CIPHER-BLOWFISH.7]=man7/EVP_CIPHER-BLOWFISH.pod -GENERATE[man/man7/EVP_CIPHER-BLOWFISH.7]=man7/EVP_CIPHER-BLOWFISH.pod -DEPEND[html/man7/EVP_CIPHER-CAMELLIA.html]=man7/EVP_CIPHER-CAMELLIA.pod -GENERATE[html/man7/EVP_CIPHER-CAMELLIA.html]=man7/EVP_CIPHER-CAMELLIA.pod -DEPEND[man/man7/EVP_CIPHER-CAMELLIA.7]=man7/EVP_CIPHER-CAMELLIA.pod -GENERATE[man/man7/EVP_CIPHER-CAMELLIA.7]=man7/EVP_CIPHER-CAMELLIA.pod -DEPEND[html/man7/EVP_CIPHER-CAST.html]=man7/EVP_CIPHER-CAST.pod -GENERATE[html/man7/EVP_CIPHER-CAST.html]=man7/EVP_CIPHER-CAST.pod -DEPEND[man/man7/EVP_CIPHER-CAST.7]=man7/EVP_CIPHER-CAST.pod -GENERATE[man/man7/EVP_CIPHER-CAST.7]=man7/EVP_CIPHER-CAST.pod -DEPEND[html/man7/EVP_CIPHER-CHACHA.html]=man7/EVP_CIPHER-CHACHA.pod -GENERATE[html/man7/EVP_CIPHER-CHACHA.html]=man7/EVP_CIPHER-CHACHA.pod -DEPEND[man/man7/EVP_CIPHER-CHACHA.7]=man7/EVP_CIPHER-CHACHA.pod -GENERATE[man/man7/EVP_CIPHER-CHACHA.7]=man7/EVP_CIPHER-CHACHA.pod -DEPEND[html/man7/EVP_CIPHER-DES.html]=man7/EVP_CIPHER-DES.pod -GENERATE[html/man7/EVP_CIPHER-DES.html]=man7/EVP_CIPHER-DES.pod -DEPEND[man/man7/EVP_CIPHER-DES.7]=man7/EVP_CIPHER-DES.pod -GENERATE[man/man7/EVP_CIPHER-DES.7]=man7/EVP_CIPHER-DES.pod -DEPEND[html/man7/EVP_CIPHER-IDEA.html]=man7/EVP_CIPHER-IDEA.pod -GENERATE[html/man7/EVP_CIPHER-IDEA.html]=man7/EVP_CIPHER-IDEA.pod -DEPEND[man/man7/EVP_CIPHER-IDEA.7]=man7/EVP_CIPHER-IDEA.pod -GENERATE[man/man7/EVP_CIPHER-IDEA.7]=man7/EVP_CIPHER-IDEA.pod -DEPEND[html/man7/EVP_CIPHER-RC2.html]=man7/EVP_CIPHER-RC2.pod -GENERATE[html/man7/EVP_CIPHER-RC2.html]=man7/EVP_CIPHER-RC2.pod -DEPEND[man/man7/EVP_CIPHER-RC2.7]=man7/EVP_CIPHER-RC2.pod -GENERATE[man/man7/EVP_CIPHER-RC2.7]=man7/EVP_CIPHER-RC2.pod -DEPEND[html/man7/EVP_CIPHER-RC4.html]=man7/EVP_CIPHER-RC4.pod -GENERATE[html/man7/EVP_CIPHER-RC4.html]=man7/EVP_CIPHER-RC4.pod -DEPEND[man/man7/EVP_CIPHER-RC4.7]=man7/EVP_CIPHER-RC4.pod -GENERATE[man/man7/EVP_CIPHER-RC4.7]=man7/EVP_CIPHER-RC4.pod -DEPEND[html/man7/EVP_CIPHER-RC5.html]=man7/EVP_CIPHER-RC5.pod -GENERATE[html/man7/EVP_CIPHER-RC5.html]=man7/EVP_CIPHER-RC5.pod -DEPEND[man/man7/EVP_CIPHER-RC5.7]=man7/EVP_CIPHER-RC5.pod -GENERATE[man/man7/EVP_CIPHER-RC5.7]=man7/EVP_CIPHER-RC5.pod -DEPEND[html/man7/EVP_CIPHER-SEED.html]=man7/EVP_CIPHER-SEED.pod -GENERATE[html/man7/EVP_CIPHER-SEED.html]=man7/EVP_CIPHER-SEED.pod -DEPEND[man/man7/EVP_CIPHER-SEED.7]=man7/EVP_CIPHER-SEED.pod -GENERATE[man/man7/EVP_CIPHER-SEED.7]=man7/EVP_CIPHER-SEED.pod -DEPEND[html/man7/EVP_CIPHER-SM4.html]=man7/EVP_CIPHER-SM4.pod -GENERATE[html/man7/EVP_CIPHER-SM4.html]=man7/EVP_CIPHER-SM4.pod -DEPEND[man/man7/EVP_CIPHER-SM4.7]=man7/EVP_CIPHER-SM4.pod -GENERATE[man/man7/EVP_CIPHER-SM4.7]=man7/EVP_CIPHER-SM4.pod -DEPEND[html/man7/EVP_KDF-HKDF.html]=man7/EVP_KDF-HKDF.pod -GENERATE[html/man7/EVP_KDF-HKDF.html]=man7/EVP_KDF-HKDF.pod -DEPEND[man/man7/EVP_KDF-HKDF.7]=man7/EVP_KDF-HKDF.pod -GENERATE[man/man7/EVP_KDF-HKDF.7]=man7/EVP_KDF-HKDF.pod -DEPEND[html/man7/EVP_KDF-KB.html]=man7/EVP_KDF-KB.pod -GENERATE[html/man7/EVP_KDF-KB.html]=man7/EVP_KDF-KB.pod -DEPEND[man/man7/EVP_KDF-KB.7]=man7/EVP_KDF-KB.pod -GENERATE[man/man7/EVP_KDF-KB.7]=man7/EVP_KDF-KB.pod -DEPEND[html/man7/EVP_KDF-KRB5KDF.html]=man7/EVP_KDF-KRB5KDF.pod -GENERATE[html/man7/EVP_KDF-KRB5KDF.html]=man7/EVP_KDF-KRB5KDF.pod -DEPEND[man/man7/EVP_KDF-KRB5KDF.7]=man7/EVP_KDF-KRB5KDF.pod -GENERATE[man/man7/EVP_KDF-KRB5KDF.7]=man7/EVP_KDF-KRB5KDF.pod -DEPEND[html/man7/EVP_KDF-PBKDF1.html]=man7/EVP_KDF-PBKDF1.pod -GENERATE[html/man7/EVP_KDF-PBKDF1.html]=man7/EVP_KDF-PBKDF1.pod -DEPEND[man/man7/EVP_KDF-PBKDF1.7]=man7/EVP_KDF-PBKDF1.pod -GENERATE[man/man7/EVP_KDF-PBKDF1.7]=man7/EVP_KDF-PBKDF1.pod -DEPEND[html/man7/EVP_KDF-PBKDF2.html]=man7/EVP_KDF-PBKDF2.pod -GENERATE[html/man7/EVP_KDF-PBKDF2.html]=man7/EVP_KDF-PBKDF2.pod -DEPEND[man/man7/EVP_KDF-PBKDF2.7]=man7/EVP_KDF-PBKDF2.pod -GENERATE[man/man7/EVP_KDF-PBKDF2.7]=man7/EVP_KDF-PBKDF2.pod -DEPEND[html/man7/EVP_KDF-PKCS12KDF.html]=man7/EVP_KDF-PKCS12KDF.pod -GENERATE[html/man7/EVP_KDF-PKCS12KDF.html]=man7/EVP_KDF-PKCS12KDF.pod -DEPEND[man/man7/EVP_KDF-PKCS12KDF.7]=man7/EVP_KDF-PKCS12KDF.pod -GENERATE[man/man7/EVP_KDF-PKCS12KDF.7]=man7/EVP_KDF-PKCS12KDF.pod -DEPEND[html/man7/EVP_KDF-SCRYPT.html]=man7/EVP_KDF-SCRYPT.pod -GENERATE[html/man7/EVP_KDF-SCRYPT.html]=man7/EVP_KDF-SCRYPT.pod -DEPEND[man/man7/EVP_KDF-SCRYPT.7]=man7/EVP_KDF-SCRYPT.pod -GENERATE[man/man7/EVP_KDF-SCRYPT.7]=man7/EVP_KDF-SCRYPT.pod -DEPEND[html/man7/EVP_KDF-SS.html]=man7/EVP_KDF-SS.pod -GENERATE[html/man7/EVP_KDF-SS.html]=man7/EVP_KDF-SS.pod -DEPEND[man/man7/EVP_KDF-SS.7]=man7/EVP_KDF-SS.pod -GENERATE[man/man7/EVP_KDF-SS.7]=man7/EVP_KDF-SS.pod -DEPEND[html/man7/EVP_KDF-SSHKDF.html]=man7/EVP_KDF-SSHKDF.pod -GENERATE[html/man7/EVP_KDF-SSHKDF.html]=man7/EVP_KDF-SSHKDF.pod -DEPEND[man/man7/EVP_KDF-SSHKDF.7]=man7/EVP_KDF-SSHKDF.pod -GENERATE[man/man7/EVP_KDF-SSHKDF.7]=man7/EVP_KDF-SSHKDF.pod -DEPEND[html/man7/EVP_KDF-TLS13_KDF.html]=man7/EVP_KDF-TLS13_KDF.pod -GENERATE[html/man7/EVP_KDF-TLS13_KDF.html]=man7/EVP_KDF-TLS13_KDF.pod -DEPEND[man/man7/EVP_KDF-TLS13_KDF.7]=man7/EVP_KDF-TLS13_KDF.pod -GENERATE[man/man7/EVP_KDF-TLS13_KDF.7]=man7/EVP_KDF-TLS13_KDF.pod -DEPEND[html/man7/EVP_KDF-TLS1_PRF.html]=man7/EVP_KDF-TLS1_PRF.pod -GENERATE[html/man7/EVP_KDF-TLS1_PRF.html]=man7/EVP_KDF-TLS1_PRF.pod -DEPEND[man/man7/EVP_KDF-TLS1_PRF.7]=man7/EVP_KDF-TLS1_PRF.pod -GENERATE[man/man7/EVP_KDF-TLS1_PRF.7]=man7/EVP_KDF-TLS1_PRF.pod -DEPEND[html/man7/EVP_KDF-X942-ASN1.html]=man7/EVP_KDF-X942-ASN1.pod -GENERATE[html/man7/EVP_KDF-X942-ASN1.html]=man7/EVP_KDF-X942-ASN1.pod -DEPEND[man/man7/EVP_KDF-X942-ASN1.7]=man7/EVP_KDF-X942-ASN1.pod -GENERATE[man/man7/EVP_KDF-X942-ASN1.7]=man7/EVP_KDF-X942-ASN1.pod -DEPEND[html/man7/EVP_KDF-X942-CONCAT.html]=man7/EVP_KDF-X942-CONCAT.pod -GENERATE[html/man7/EVP_KDF-X942-CONCAT.html]=man7/EVP_KDF-X942-CONCAT.pod -DEPEND[man/man7/EVP_KDF-X942-CONCAT.7]=man7/EVP_KDF-X942-CONCAT.pod -GENERATE[man/man7/EVP_KDF-X942-CONCAT.7]=man7/EVP_KDF-X942-CONCAT.pod -DEPEND[html/man7/EVP_KDF-X963.html]=man7/EVP_KDF-X963.pod -GENERATE[html/man7/EVP_KDF-X963.html]=man7/EVP_KDF-X963.pod -DEPEND[man/man7/EVP_KDF-X963.7]=man7/EVP_KDF-X963.pod -GENERATE[man/man7/EVP_KDF-X963.7]=man7/EVP_KDF-X963.pod -DEPEND[html/man7/EVP_KEM-RSA.html]=man7/EVP_KEM-RSA.pod -GENERATE[html/man7/EVP_KEM-RSA.html]=man7/EVP_KEM-RSA.pod -DEPEND[man/man7/EVP_KEM-RSA.7]=man7/EVP_KEM-RSA.pod -GENERATE[man/man7/EVP_KEM-RSA.7]=man7/EVP_KEM-RSA.pod -DEPEND[html/man7/EVP_KEYEXCH-DH.html]=man7/EVP_KEYEXCH-DH.pod -GENERATE[html/man7/EVP_KEYEXCH-DH.html]=man7/EVP_KEYEXCH-DH.pod -DEPEND[man/man7/EVP_KEYEXCH-DH.7]=man7/EVP_KEYEXCH-DH.pod -GENERATE[man/man7/EVP_KEYEXCH-DH.7]=man7/EVP_KEYEXCH-DH.pod -DEPEND[html/man7/EVP_KEYEXCH-ECDH.html]=man7/EVP_KEYEXCH-ECDH.pod -GENERATE[html/man7/EVP_KEYEXCH-ECDH.html]=man7/EVP_KEYEXCH-ECDH.pod -DEPEND[man/man7/EVP_KEYEXCH-ECDH.7]=man7/EVP_KEYEXCH-ECDH.pod -GENERATE[man/man7/EVP_KEYEXCH-ECDH.7]=man7/EVP_KEYEXCH-ECDH.pod -DEPEND[html/man7/EVP_KEYEXCH-X25519.html]=man7/EVP_KEYEXCH-X25519.pod -GENERATE[html/man7/EVP_KEYEXCH-X25519.html]=man7/EVP_KEYEXCH-X25519.pod -DEPEND[man/man7/EVP_KEYEXCH-X25519.7]=man7/EVP_KEYEXCH-X25519.pod -GENERATE[man/man7/EVP_KEYEXCH-X25519.7]=man7/EVP_KEYEXCH-X25519.pod -DEPEND[html/man7/EVP_MAC-BLAKE2.html]=man7/EVP_MAC-BLAKE2.pod -GENERATE[html/man7/EVP_MAC-BLAKE2.html]=man7/EVP_MAC-BLAKE2.pod -DEPEND[man/man7/EVP_MAC-BLAKE2.7]=man7/EVP_MAC-BLAKE2.pod -GENERATE[man/man7/EVP_MAC-BLAKE2.7]=man7/EVP_MAC-BLAKE2.pod -DEPEND[html/man7/EVP_MAC-CMAC.html]=man7/EVP_MAC-CMAC.pod -GENERATE[html/man7/EVP_MAC-CMAC.html]=man7/EVP_MAC-CMAC.pod -DEPEND[man/man7/EVP_MAC-CMAC.7]=man7/EVP_MAC-CMAC.pod -GENERATE[man/man7/EVP_MAC-CMAC.7]=man7/EVP_MAC-CMAC.pod -DEPEND[html/man7/EVP_MAC-GMAC.html]=man7/EVP_MAC-GMAC.pod -GENERATE[html/man7/EVP_MAC-GMAC.html]=man7/EVP_MAC-GMAC.pod -DEPEND[man/man7/EVP_MAC-GMAC.7]=man7/EVP_MAC-GMAC.pod -GENERATE[man/man7/EVP_MAC-GMAC.7]=man7/EVP_MAC-GMAC.pod -DEPEND[html/man7/EVP_MAC-HMAC.html]=man7/EVP_MAC-HMAC.pod -GENERATE[html/man7/EVP_MAC-HMAC.html]=man7/EVP_MAC-HMAC.pod -DEPEND[man/man7/EVP_MAC-HMAC.7]=man7/EVP_MAC-HMAC.pod -GENERATE[man/man7/EVP_MAC-HMAC.7]=man7/EVP_MAC-HMAC.pod -DEPEND[html/man7/EVP_MAC-KMAC.html]=man7/EVP_MAC-KMAC.pod -GENERATE[html/man7/EVP_MAC-KMAC.html]=man7/EVP_MAC-KMAC.pod -DEPEND[man/man7/EVP_MAC-KMAC.7]=man7/EVP_MAC-KMAC.pod -GENERATE[man/man7/EVP_MAC-KMAC.7]=man7/EVP_MAC-KMAC.pod -DEPEND[html/man7/EVP_MAC-Poly1305.html]=man7/EVP_MAC-Poly1305.pod -GENERATE[html/man7/EVP_MAC-Poly1305.html]=man7/EVP_MAC-Poly1305.pod -DEPEND[man/man7/EVP_MAC-Poly1305.7]=man7/EVP_MAC-Poly1305.pod -GENERATE[man/man7/EVP_MAC-Poly1305.7]=man7/EVP_MAC-Poly1305.pod -DEPEND[html/man7/EVP_MAC-Siphash.html]=man7/EVP_MAC-Siphash.pod -GENERATE[html/man7/EVP_MAC-Siphash.html]=man7/EVP_MAC-Siphash.pod -DEPEND[man/man7/EVP_MAC-Siphash.7]=man7/EVP_MAC-Siphash.pod -GENERATE[man/man7/EVP_MAC-Siphash.7]=man7/EVP_MAC-Siphash.pod -DEPEND[html/man7/EVP_MD-BLAKE2.html]=man7/EVP_MD-BLAKE2.pod -GENERATE[html/man7/EVP_MD-BLAKE2.html]=man7/EVP_MD-BLAKE2.pod -DEPEND[man/man7/EVP_MD-BLAKE2.7]=man7/EVP_MD-BLAKE2.pod -GENERATE[man/man7/EVP_MD-BLAKE2.7]=man7/EVP_MD-BLAKE2.pod -DEPEND[html/man7/EVP_MD-MD2.html]=man7/EVP_MD-MD2.pod -GENERATE[html/man7/EVP_MD-MD2.html]=man7/EVP_MD-MD2.pod -DEPEND[man/man7/EVP_MD-MD2.7]=man7/EVP_MD-MD2.pod -GENERATE[man/man7/EVP_MD-MD2.7]=man7/EVP_MD-MD2.pod -DEPEND[html/man7/EVP_MD-MD4.html]=man7/EVP_MD-MD4.pod -GENERATE[html/man7/EVP_MD-MD4.html]=man7/EVP_MD-MD4.pod -DEPEND[man/man7/EVP_MD-MD4.7]=man7/EVP_MD-MD4.pod -GENERATE[man/man7/EVP_MD-MD4.7]=man7/EVP_MD-MD4.pod -DEPEND[html/man7/EVP_MD-MD5-SHA1.html]=man7/EVP_MD-MD5-SHA1.pod -GENERATE[html/man7/EVP_MD-MD5-SHA1.html]=man7/EVP_MD-MD5-SHA1.pod -DEPEND[man/man7/EVP_MD-MD5-SHA1.7]=man7/EVP_MD-MD5-SHA1.pod -GENERATE[man/man7/EVP_MD-MD5-SHA1.7]=man7/EVP_MD-MD5-SHA1.pod -DEPEND[html/man7/EVP_MD-MD5.html]=man7/EVP_MD-MD5.pod -GENERATE[html/man7/EVP_MD-MD5.html]=man7/EVP_MD-MD5.pod -DEPEND[man/man7/EVP_MD-MD5.7]=man7/EVP_MD-MD5.pod -GENERATE[man/man7/EVP_MD-MD5.7]=man7/EVP_MD-MD5.pod -DEPEND[html/man7/EVP_MD-MDC2.html]=man7/EVP_MD-MDC2.pod -GENERATE[html/man7/EVP_MD-MDC2.html]=man7/EVP_MD-MDC2.pod -DEPEND[man/man7/EVP_MD-MDC2.7]=man7/EVP_MD-MDC2.pod -GENERATE[man/man7/EVP_MD-MDC2.7]=man7/EVP_MD-MDC2.pod -DEPEND[html/man7/EVP_MD-RIPEMD160.html]=man7/EVP_MD-RIPEMD160.pod -GENERATE[html/man7/EVP_MD-RIPEMD160.html]=man7/EVP_MD-RIPEMD160.pod -DEPEND[man/man7/EVP_MD-RIPEMD160.7]=man7/EVP_MD-RIPEMD160.pod -GENERATE[man/man7/EVP_MD-RIPEMD160.7]=man7/EVP_MD-RIPEMD160.pod -DEPEND[html/man7/EVP_MD-SHA1.html]=man7/EVP_MD-SHA1.pod -GENERATE[html/man7/EVP_MD-SHA1.html]=man7/EVP_MD-SHA1.pod -DEPEND[man/man7/EVP_MD-SHA1.7]=man7/EVP_MD-SHA1.pod -GENERATE[man/man7/EVP_MD-SHA1.7]=man7/EVP_MD-SHA1.pod -DEPEND[html/man7/EVP_MD-SHA2.html]=man7/EVP_MD-SHA2.pod -GENERATE[html/man7/EVP_MD-SHA2.html]=man7/EVP_MD-SHA2.pod -DEPEND[man/man7/EVP_MD-SHA2.7]=man7/EVP_MD-SHA2.pod -GENERATE[man/man7/EVP_MD-SHA2.7]=man7/EVP_MD-SHA2.pod -DEPEND[html/man7/EVP_MD-SHA3.html]=man7/EVP_MD-SHA3.pod -GENERATE[html/man7/EVP_MD-SHA3.html]=man7/EVP_MD-SHA3.pod -DEPEND[man/man7/EVP_MD-SHA3.7]=man7/EVP_MD-SHA3.pod -GENERATE[man/man7/EVP_MD-SHA3.7]=man7/EVP_MD-SHA3.pod -DEPEND[html/man7/EVP_MD-SHAKE.html]=man7/EVP_MD-SHAKE.pod -GENERATE[html/man7/EVP_MD-SHAKE.html]=man7/EVP_MD-SHAKE.pod -DEPEND[man/man7/EVP_MD-SHAKE.7]=man7/EVP_MD-SHAKE.pod -GENERATE[man/man7/EVP_MD-SHAKE.7]=man7/EVP_MD-SHAKE.pod -DEPEND[html/man7/EVP_MD-SM3.html]=man7/EVP_MD-SM3.pod -GENERATE[html/man7/EVP_MD-SM3.html]=man7/EVP_MD-SM3.pod -DEPEND[man/man7/EVP_MD-SM3.7]=man7/EVP_MD-SM3.pod -GENERATE[man/man7/EVP_MD-SM3.7]=man7/EVP_MD-SM3.pod -DEPEND[html/man7/EVP_MD-WHIRLPOOL.html]=man7/EVP_MD-WHIRLPOOL.pod -GENERATE[html/man7/EVP_MD-WHIRLPOOL.html]=man7/EVP_MD-WHIRLPOOL.pod -DEPEND[man/man7/EVP_MD-WHIRLPOOL.7]=man7/EVP_MD-WHIRLPOOL.pod -GENERATE[man/man7/EVP_MD-WHIRLPOOL.7]=man7/EVP_MD-WHIRLPOOL.pod -DEPEND[html/man7/EVP_MD-common.html]=man7/EVP_MD-common.pod -GENERATE[html/man7/EVP_MD-common.html]=man7/EVP_MD-common.pod -DEPEND[man/man7/EVP_MD-common.7]=man7/EVP_MD-common.pod -GENERATE[man/man7/EVP_MD-common.7]=man7/EVP_MD-common.pod -DEPEND[html/man7/EVP_PKEY-DH.html]=man7/EVP_PKEY-DH.pod -GENERATE[html/man7/EVP_PKEY-DH.html]=man7/EVP_PKEY-DH.pod -DEPEND[man/man7/EVP_PKEY-DH.7]=man7/EVP_PKEY-DH.pod -GENERATE[man/man7/EVP_PKEY-DH.7]=man7/EVP_PKEY-DH.pod -DEPEND[html/man7/EVP_PKEY-DSA.html]=man7/EVP_PKEY-DSA.pod -GENERATE[html/man7/EVP_PKEY-DSA.html]=man7/EVP_PKEY-DSA.pod -DEPEND[man/man7/EVP_PKEY-DSA.7]=man7/EVP_PKEY-DSA.pod -GENERATE[man/man7/EVP_PKEY-DSA.7]=man7/EVP_PKEY-DSA.pod -DEPEND[html/man7/EVP_PKEY-EC.html]=man7/EVP_PKEY-EC.pod -GENERATE[html/man7/EVP_PKEY-EC.html]=man7/EVP_PKEY-EC.pod -DEPEND[man/man7/EVP_PKEY-EC.7]=man7/EVP_PKEY-EC.pod -GENERATE[man/man7/EVP_PKEY-EC.7]=man7/EVP_PKEY-EC.pod -DEPEND[html/man7/EVP_PKEY-FFC.html]=man7/EVP_PKEY-FFC.pod -GENERATE[html/man7/EVP_PKEY-FFC.html]=man7/EVP_PKEY-FFC.pod -DEPEND[man/man7/EVP_PKEY-FFC.7]=man7/EVP_PKEY-FFC.pod -GENERATE[man/man7/EVP_PKEY-FFC.7]=man7/EVP_PKEY-FFC.pod -DEPEND[html/man7/EVP_PKEY-HMAC.html]=man7/EVP_PKEY-HMAC.pod -GENERATE[html/man7/EVP_PKEY-HMAC.html]=man7/EVP_PKEY-HMAC.pod -DEPEND[man/man7/EVP_PKEY-HMAC.7]=man7/EVP_PKEY-HMAC.pod -GENERATE[man/man7/EVP_PKEY-HMAC.7]=man7/EVP_PKEY-HMAC.pod -DEPEND[html/man7/EVP_PKEY-RSA.html]=man7/EVP_PKEY-RSA.pod -GENERATE[html/man7/EVP_PKEY-RSA.html]=man7/EVP_PKEY-RSA.pod -DEPEND[man/man7/EVP_PKEY-RSA.7]=man7/EVP_PKEY-RSA.pod -GENERATE[man/man7/EVP_PKEY-RSA.7]=man7/EVP_PKEY-RSA.pod -DEPEND[html/man7/EVP_PKEY-SM2.html]=man7/EVP_PKEY-SM2.pod -GENERATE[html/man7/EVP_PKEY-SM2.html]=man7/EVP_PKEY-SM2.pod -DEPEND[man/man7/EVP_PKEY-SM2.7]=man7/EVP_PKEY-SM2.pod -GENERATE[man/man7/EVP_PKEY-SM2.7]=man7/EVP_PKEY-SM2.pod -DEPEND[html/man7/EVP_PKEY-X25519.html]=man7/EVP_PKEY-X25519.pod -GENERATE[html/man7/EVP_PKEY-X25519.html]=man7/EVP_PKEY-X25519.pod -DEPEND[man/man7/EVP_PKEY-X25519.7]=man7/EVP_PKEY-X25519.pod -GENERATE[man/man7/EVP_PKEY-X25519.7]=man7/EVP_PKEY-X25519.pod -DEPEND[html/man7/EVP_RAND-CTR-DRBG.html]=man7/EVP_RAND-CTR-DRBG.pod -GENERATE[html/man7/EVP_RAND-CTR-DRBG.html]=man7/EVP_RAND-CTR-DRBG.pod -DEPEND[man/man7/EVP_RAND-CTR-DRBG.7]=man7/EVP_RAND-CTR-DRBG.pod -GENERATE[man/man7/EVP_RAND-CTR-DRBG.7]=man7/EVP_RAND-CTR-DRBG.pod -DEPEND[html/man7/EVP_RAND-HASH-DRBG.html]=man7/EVP_RAND-HASH-DRBG.pod -GENERATE[html/man7/EVP_RAND-HASH-DRBG.html]=man7/EVP_RAND-HASH-DRBG.pod -DEPEND[man/man7/EVP_RAND-HASH-DRBG.7]=man7/EVP_RAND-HASH-DRBG.pod -GENERATE[man/man7/EVP_RAND-HASH-DRBG.7]=man7/EVP_RAND-HASH-DRBG.pod -DEPEND[html/man7/EVP_RAND-HMAC-DRBG.html]=man7/EVP_RAND-HMAC-DRBG.pod -GENERATE[html/man7/EVP_RAND-HMAC-DRBG.html]=man7/EVP_RAND-HMAC-DRBG.pod -DEPEND[man/man7/EVP_RAND-HMAC-DRBG.7]=man7/EVP_RAND-HMAC-DRBG.pod -GENERATE[man/man7/EVP_RAND-HMAC-DRBG.7]=man7/EVP_RAND-HMAC-DRBG.pod -DEPEND[html/man7/EVP_RAND-SEED-SRC.html]=man7/EVP_RAND-SEED-SRC.pod -GENERATE[html/man7/EVP_RAND-SEED-SRC.html]=man7/EVP_RAND-SEED-SRC.pod -DEPEND[man/man7/EVP_RAND-SEED-SRC.7]=man7/EVP_RAND-SEED-SRC.pod -GENERATE[man/man7/EVP_RAND-SEED-SRC.7]=man7/EVP_RAND-SEED-SRC.pod -DEPEND[html/man7/EVP_RAND-TEST-RAND.html]=man7/EVP_RAND-TEST-RAND.pod -GENERATE[html/man7/EVP_RAND-TEST-RAND.html]=man7/EVP_RAND-TEST-RAND.pod -DEPEND[man/man7/EVP_RAND-TEST-RAND.7]=man7/EVP_RAND-TEST-RAND.pod -GENERATE[man/man7/EVP_RAND-TEST-RAND.7]=man7/EVP_RAND-TEST-RAND.pod -DEPEND[html/man7/EVP_RAND.html]=man7/EVP_RAND.pod -GENERATE[html/man7/EVP_RAND.html]=man7/EVP_RAND.pod -DEPEND[man/man7/EVP_RAND.7]=man7/EVP_RAND.pod -GENERATE[man/man7/EVP_RAND.7]=man7/EVP_RAND.pod -DEPEND[html/man7/EVP_SIGNATURE-DSA.html]=man7/EVP_SIGNATURE-DSA.pod -GENERATE[html/man7/EVP_SIGNATURE-DSA.html]=man7/EVP_SIGNATURE-DSA.pod -DEPEND[man/man7/EVP_SIGNATURE-DSA.7]=man7/EVP_SIGNATURE-DSA.pod -GENERATE[man/man7/EVP_SIGNATURE-DSA.7]=man7/EVP_SIGNATURE-DSA.pod -DEPEND[html/man7/EVP_SIGNATURE-ECDSA.html]=man7/EVP_SIGNATURE-ECDSA.pod -GENERATE[html/man7/EVP_SIGNATURE-ECDSA.html]=man7/EVP_SIGNATURE-ECDSA.pod -DEPEND[man/man7/EVP_SIGNATURE-ECDSA.7]=man7/EVP_SIGNATURE-ECDSA.pod -GENERATE[man/man7/EVP_SIGNATURE-ECDSA.7]=man7/EVP_SIGNATURE-ECDSA.pod -DEPEND[html/man7/EVP_SIGNATURE-ED25519.html]=man7/EVP_SIGNATURE-ED25519.pod -GENERATE[html/man7/EVP_SIGNATURE-ED25519.html]=man7/EVP_SIGNATURE-ED25519.pod -DEPEND[man/man7/EVP_SIGNATURE-ED25519.7]=man7/EVP_SIGNATURE-ED25519.pod -GENERATE[man/man7/EVP_SIGNATURE-ED25519.7]=man7/EVP_SIGNATURE-ED25519.pod -DEPEND[html/man7/EVP_SIGNATURE-HMAC.html]=man7/EVP_SIGNATURE-HMAC.pod -GENERATE[html/man7/EVP_SIGNATURE-HMAC.html]=man7/EVP_SIGNATURE-HMAC.pod -DEPEND[man/man7/EVP_SIGNATURE-HMAC.7]=man7/EVP_SIGNATURE-HMAC.pod -GENERATE[man/man7/EVP_SIGNATURE-HMAC.7]=man7/EVP_SIGNATURE-HMAC.pod -DEPEND[html/man7/EVP_SIGNATURE-RSA.html]=man7/EVP_SIGNATURE-RSA.pod -GENERATE[html/man7/EVP_SIGNATURE-RSA.html]=man7/EVP_SIGNATURE-RSA.pod -DEPEND[man/man7/EVP_SIGNATURE-RSA.7]=man7/EVP_SIGNATURE-RSA.pod -GENERATE[man/man7/EVP_SIGNATURE-RSA.7]=man7/EVP_SIGNATURE-RSA.pod -DEPEND[html/man7/OSSL_PROVIDER-FIPS.html]=man7/OSSL_PROVIDER-FIPS.pod -GENERATE[html/man7/OSSL_PROVIDER-FIPS.html]=man7/OSSL_PROVIDER-FIPS.pod -DEPEND[man/man7/OSSL_PROVIDER-FIPS.7]=man7/OSSL_PROVIDER-FIPS.pod -GENERATE[man/man7/OSSL_PROVIDER-FIPS.7]=man7/OSSL_PROVIDER-FIPS.pod -DEPEND[html/man7/OSSL_PROVIDER-base.html]=man7/OSSL_PROVIDER-base.pod -GENERATE[html/man7/OSSL_PROVIDER-base.html]=man7/OSSL_PROVIDER-base.pod -DEPEND[man/man7/OSSL_PROVIDER-base.7]=man7/OSSL_PROVIDER-base.pod -GENERATE[man/man7/OSSL_PROVIDER-base.7]=man7/OSSL_PROVIDER-base.pod -DEPEND[html/man7/OSSL_PROVIDER-default.html]=man7/OSSL_PROVIDER-default.pod -GENERATE[html/man7/OSSL_PROVIDER-default.html]=man7/OSSL_PROVIDER-default.pod -DEPEND[man/man7/OSSL_PROVIDER-default.7]=man7/OSSL_PROVIDER-default.pod -GENERATE[man/man7/OSSL_PROVIDER-default.7]=man7/OSSL_PROVIDER-default.pod -DEPEND[html/man7/OSSL_PROVIDER-legacy.html]=man7/OSSL_PROVIDER-legacy.pod -GENERATE[html/man7/OSSL_PROVIDER-legacy.html]=man7/OSSL_PROVIDER-legacy.pod -DEPEND[man/man7/OSSL_PROVIDER-legacy.7]=man7/OSSL_PROVIDER-legacy.pod -GENERATE[man/man7/OSSL_PROVIDER-legacy.7]=man7/OSSL_PROVIDER-legacy.pod -DEPEND[html/man7/OSSL_PROVIDER-null.html]=man7/OSSL_PROVIDER-null.pod -GENERATE[html/man7/OSSL_PROVIDER-null.html]=man7/OSSL_PROVIDER-null.pod -DEPEND[man/man7/OSSL_PROVIDER-null.7]=man7/OSSL_PROVIDER-null.pod -GENERATE[man/man7/OSSL_PROVIDER-null.7]=man7/OSSL_PROVIDER-null.pod -DEPEND[html/man7/RAND.html]=man7/RAND.pod -GENERATE[html/man7/RAND.html]=man7/RAND.pod -DEPEND[man/man7/RAND.7]=man7/RAND.pod -GENERATE[man/man7/RAND.7]=man7/RAND.pod -DEPEND[html/man7/RSA-PSS.html]=man7/RSA-PSS.pod -GENERATE[html/man7/RSA-PSS.html]=man7/RSA-PSS.pod -DEPEND[man/man7/RSA-PSS.7]=man7/RSA-PSS.pod -GENERATE[man/man7/RSA-PSS.7]=man7/RSA-PSS.pod -DEPEND[html/man7/X25519.html]=man7/X25519.pod -GENERATE[html/man7/X25519.html]=man7/X25519.pod -DEPEND[man/man7/X25519.7]=man7/X25519.pod -GENERATE[man/man7/X25519.7]=man7/X25519.pod -DEPEND[html/man7/bio.html]=man7/bio.pod -GENERATE[html/man7/bio.html]=man7/bio.pod -DEPEND[man/man7/bio.7]=man7/bio.pod -GENERATE[man/man7/bio.7]=man7/bio.pod -DEPEND[html/man7/crypto.html]=man7/crypto.pod -GENERATE[html/man7/crypto.html]=man7/crypto.pod -DEPEND[man/man7/crypto.7]=man7/crypto.pod -GENERATE[man/man7/crypto.7]=man7/crypto.pod -DEPEND[html/man7/ct.html]=man7/ct.pod -GENERATE[html/man7/ct.html]=man7/ct.pod -DEPEND[man/man7/ct.7]=man7/ct.pod -GENERATE[man/man7/ct.7]=man7/ct.pod -DEPEND[html/man7/des_modes.html]=man7/des_modes.pod -GENERATE[html/man7/des_modes.html]=man7/des_modes.pod -DEPEND[man/man7/des_modes.7]=man7/des_modes.pod -GENERATE[man/man7/des_modes.7]=man7/des_modes.pod -DEPEND[html/man7/evp.html]=man7/evp.pod -GENERATE[html/man7/evp.html]=man7/evp.pod -DEPEND[man/man7/evp.7]=man7/evp.pod -GENERATE[man/man7/evp.7]=man7/evp.pod -DEPEND[html/man7/fips_module.html]=man7/fips_module.pod -GENERATE[html/man7/fips_module.html]=man7/fips_module.pod -DEPEND[man/man7/fips_module.7]=man7/fips_module.pod -GENERATE[man/man7/fips_module.7]=man7/fips_module.pod -DEPEND[html/man7/life_cycle-cipher.html]=man7/life_cycle-cipher.pod -GENERATE[html/man7/life_cycle-cipher.html]=man7/life_cycle-cipher.pod -DEPEND[man/man7/life_cycle-cipher.7]=man7/life_cycle-cipher.pod -GENERATE[man/man7/life_cycle-cipher.7]=man7/life_cycle-cipher.pod -DEPEND[html/man7/life_cycle-digest.html]=man7/life_cycle-digest.pod -GENERATE[html/man7/life_cycle-digest.html]=man7/life_cycle-digest.pod -DEPEND[man/man7/life_cycle-digest.7]=man7/life_cycle-digest.pod -GENERATE[man/man7/life_cycle-digest.7]=man7/life_cycle-digest.pod -DEPEND[html/man7/life_cycle-kdf.html]=man7/life_cycle-kdf.pod -GENERATE[html/man7/life_cycle-kdf.html]=man7/life_cycle-kdf.pod -DEPEND[man/man7/life_cycle-kdf.7]=man7/life_cycle-kdf.pod -GENERATE[man/man7/life_cycle-kdf.7]=man7/life_cycle-kdf.pod -DEPEND[html/man7/life_cycle-mac.html]=man7/life_cycle-mac.pod -GENERATE[html/man7/life_cycle-mac.html]=man7/life_cycle-mac.pod -DEPEND[man/man7/life_cycle-mac.7]=man7/life_cycle-mac.pod -GENERATE[man/man7/life_cycle-mac.7]=man7/life_cycle-mac.pod -DEPEND[html/man7/life_cycle-pkey.html]=man7/life_cycle-pkey.pod -GENERATE[html/man7/life_cycle-pkey.html]=man7/life_cycle-pkey.pod -DEPEND[man/man7/life_cycle-pkey.7]=man7/life_cycle-pkey.pod -GENERATE[man/man7/life_cycle-pkey.7]=man7/life_cycle-pkey.pod -DEPEND[html/man7/life_cycle-rand.html]=man7/life_cycle-rand.pod -GENERATE[html/man7/life_cycle-rand.html]=man7/life_cycle-rand.pod -DEPEND[man/man7/life_cycle-rand.7]=man7/life_cycle-rand.pod -GENERATE[man/man7/life_cycle-rand.7]=man7/life_cycle-rand.pod -DEPEND[html/man7/migration_guide.html]=man7/migration_guide.pod -GENERATE[html/man7/migration_guide.html]=man7/migration_guide.pod -DEPEND[man/man7/migration_guide.7]=man7/migration_guide.pod -GENERATE[man/man7/migration_guide.7]=man7/migration_guide.pod -DEPEND[html/man7/openssl-core.h.html]=man7/openssl-core.h.pod -GENERATE[html/man7/openssl-core.h.html]=man7/openssl-core.h.pod -DEPEND[man/man7/openssl-core.h.7]=man7/openssl-core.h.pod -GENERATE[man/man7/openssl-core.h.7]=man7/openssl-core.h.pod -DEPEND[html/man7/openssl-core_dispatch.h.html]=man7/openssl-core_dispatch.h.pod -GENERATE[html/man7/openssl-core_dispatch.h.html]=man7/openssl-core_dispatch.h.pod -DEPEND[man/man7/openssl-core_dispatch.h.7]=man7/openssl-core_dispatch.h.pod -GENERATE[man/man7/openssl-core_dispatch.h.7]=man7/openssl-core_dispatch.h.pod -DEPEND[html/man7/openssl-core_names.h.html]=man7/openssl-core_names.h.pod -GENERATE[html/man7/openssl-core_names.h.html]=man7/openssl-core_names.h.pod -DEPEND[man/man7/openssl-core_names.h.7]=man7/openssl-core_names.h.pod -GENERATE[man/man7/openssl-core_names.h.7]=man7/openssl-core_names.h.pod -DEPEND[html/man7/openssl-env.html]=man7/openssl-env.pod -GENERATE[html/man7/openssl-env.html]=man7/openssl-env.pod -DEPEND[man/man7/openssl-env.7]=man7/openssl-env.pod -GENERATE[man/man7/openssl-env.7]=man7/openssl-env.pod -DEPEND[html/man7/openssl-glossary.html]=man7/openssl-glossary.pod -GENERATE[html/man7/openssl-glossary.html]=man7/openssl-glossary.pod -DEPEND[man/man7/openssl-glossary.7]=man7/openssl-glossary.pod -GENERATE[man/man7/openssl-glossary.7]=man7/openssl-glossary.pod -DEPEND[html/man7/openssl-threads.html]=man7/openssl-threads.pod -GENERATE[html/man7/openssl-threads.html]=man7/openssl-threads.pod -DEPEND[man/man7/openssl-threads.7]=man7/openssl-threads.pod -GENERATE[man/man7/openssl-threads.7]=man7/openssl-threads.pod -DEPEND[html/man7/openssl_user_macros.html]=man7/openssl_user_macros.pod -GENERATE[html/man7/openssl_user_macros.html]=man7/openssl_user_macros.pod -DEPEND[man/man7/openssl_user_macros.7]=man7/openssl_user_macros.pod -GENERATE[man/man7/openssl_user_macros.7]=man7/openssl_user_macros.pod -DEPEND[man7/openssl_user_macros.pod]{pod}=man7/openssl_user_macros.pod.in -GENERATE[man7/openssl_user_macros.pod]=man7/openssl_user_macros.pod.in -DEPEND[html/man7/ossl_store-file.html]=man7/ossl_store-file.pod -GENERATE[html/man7/ossl_store-file.html]=man7/ossl_store-file.pod -DEPEND[man/man7/ossl_store-file.7]=man7/ossl_store-file.pod -GENERATE[man/man7/ossl_store-file.7]=man7/ossl_store-file.pod -DEPEND[html/man7/ossl_store.html]=man7/ossl_store.pod -GENERATE[html/man7/ossl_store.html]=man7/ossl_store.pod -DEPEND[man/man7/ossl_store.7]=man7/ossl_store.pod -GENERATE[man/man7/ossl_store.7]=man7/ossl_store.pod -DEPEND[html/man7/passphrase-encoding.html]=man7/passphrase-encoding.pod -GENERATE[html/man7/passphrase-encoding.html]=man7/passphrase-encoding.pod -DEPEND[man/man7/passphrase-encoding.7]=man7/passphrase-encoding.pod -GENERATE[man/man7/passphrase-encoding.7]=man7/passphrase-encoding.pod -DEPEND[html/man7/property.html]=man7/property.pod -GENERATE[html/man7/property.html]=man7/property.pod -DEPEND[man/man7/property.7]=man7/property.pod -GENERATE[man/man7/property.7]=man7/property.pod -DEPEND[html/man7/provider-asym_cipher.html]=man7/provider-asym_cipher.pod -GENERATE[html/man7/provider-asym_cipher.html]=man7/provider-asym_cipher.pod -DEPEND[man/man7/provider-asym_cipher.7]=man7/provider-asym_cipher.pod -GENERATE[man/man7/provider-asym_cipher.7]=man7/provider-asym_cipher.pod -DEPEND[html/man7/provider-base.html]=man7/provider-base.pod -GENERATE[html/man7/provider-base.html]=man7/provider-base.pod -DEPEND[man/man7/provider-base.7]=man7/provider-base.pod -GENERATE[man/man7/provider-base.7]=man7/provider-base.pod -DEPEND[html/man7/provider-cipher.html]=man7/provider-cipher.pod -GENERATE[html/man7/provider-cipher.html]=man7/provider-cipher.pod -DEPEND[man/man7/provider-cipher.7]=man7/provider-cipher.pod -GENERATE[man/man7/provider-cipher.7]=man7/provider-cipher.pod -DEPEND[html/man7/provider-decoder.html]=man7/provider-decoder.pod -GENERATE[html/man7/provider-decoder.html]=man7/provider-decoder.pod -DEPEND[man/man7/provider-decoder.7]=man7/provider-decoder.pod -GENERATE[man/man7/provider-decoder.7]=man7/provider-decoder.pod -DEPEND[html/man7/provider-digest.html]=man7/provider-digest.pod -GENERATE[html/man7/provider-digest.html]=man7/provider-digest.pod -DEPEND[man/man7/provider-digest.7]=man7/provider-digest.pod -GENERATE[man/man7/provider-digest.7]=man7/provider-digest.pod -DEPEND[html/man7/provider-encoder.html]=man7/provider-encoder.pod -GENERATE[html/man7/provider-encoder.html]=man7/provider-encoder.pod -DEPEND[man/man7/provider-encoder.7]=man7/provider-encoder.pod -GENERATE[man/man7/provider-encoder.7]=man7/provider-encoder.pod -DEPEND[html/man7/provider-kdf.html]=man7/provider-kdf.pod -GENERATE[html/man7/provider-kdf.html]=man7/provider-kdf.pod -DEPEND[man/man7/provider-kdf.7]=man7/provider-kdf.pod -GENERATE[man/man7/provider-kdf.7]=man7/provider-kdf.pod -DEPEND[html/man7/provider-kem.html]=man7/provider-kem.pod -GENERATE[html/man7/provider-kem.html]=man7/provider-kem.pod -DEPEND[man/man7/provider-kem.7]=man7/provider-kem.pod -GENERATE[man/man7/provider-kem.7]=man7/provider-kem.pod -DEPEND[html/man7/provider-keyexch.html]=man7/provider-keyexch.pod -GENERATE[html/man7/provider-keyexch.html]=man7/provider-keyexch.pod -DEPEND[man/man7/provider-keyexch.7]=man7/provider-keyexch.pod -GENERATE[man/man7/provider-keyexch.7]=man7/provider-keyexch.pod -DEPEND[html/man7/provider-keymgmt.html]=man7/provider-keymgmt.pod -GENERATE[html/man7/provider-keymgmt.html]=man7/provider-keymgmt.pod -DEPEND[man/man7/provider-keymgmt.7]=man7/provider-keymgmt.pod -GENERATE[man/man7/provider-keymgmt.7]=man7/provider-keymgmt.pod -DEPEND[html/man7/provider-mac.html]=man7/provider-mac.pod -GENERATE[html/man7/provider-mac.html]=man7/provider-mac.pod -DEPEND[man/man7/provider-mac.7]=man7/provider-mac.pod -GENERATE[man/man7/provider-mac.7]=man7/provider-mac.pod -DEPEND[html/man7/provider-object.html]=man7/provider-object.pod -GENERATE[html/man7/provider-object.html]=man7/provider-object.pod -DEPEND[man/man7/provider-object.7]=man7/provider-object.pod -GENERATE[man/man7/provider-object.7]=man7/provider-object.pod -DEPEND[html/man7/provider-rand.html]=man7/provider-rand.pod -GENERATE[html/man7/provider-rand.html]=man7/provider-rand.pod -DEPEND[man/man7/provider-rand.7]=man7/provider-rand.pod -GENERATE[man/man7/provider-rand.7]=man7/provider-rand.pod -DEPEND[html/man7/provider-signature.html]=man7/provider-signature.pod -GENERATE[html/man7/provider-signature.html]=man7/provider-signature.pod -DEPEND[man/man7/provider-signature.7]=man7/provider-signature.pod -GENERATE[man/man7/provider-signature.7]=man7/provider-signature.pod -DEPEND[html/man7/provider-storemgmt.html]=man7/provider-storemgmt.pod -GENERATE[html/man7/provider-storemgmt.html]=man7/provider-storemgmt.pod -DEPEND[man/man7/provider-storemgmt.7]=man7/provider-storemgmt.pod -GENERATE[man/man7/provider-storemgmt.7]=man7/provider-storemgmt.pod -DEPEND[html/man7/provider.html]=man7/provider.pod -GENERATE[html/man7/provider.html]=man7/provider.pod -DEPEND[man/man7/provider.7]=man7/provider.pod -GENERATE[man/man7/provider.7]=man7/provider.pod -DEPEND[html/man7/proxy-certificates.html]=man7/proxy-certificates.pod -GENERATE[html/man7/proxy-certificates.html]=man7/proxy-certificates.pod -DEPEND[man/man7/proxy-certificates.7]=man7/proxy-certificates.pod -GENERATE[man/man7/proxy-certificates.7]=man7/proxy-certificates.pod -DEPEND[html/man7/ssl.html]=man7/ssl.pod -GENERATE[html/man7/ssl.html]=man7/ssl.pod -DEPEND[man/man7/ssl.7]=man7/ssl.pod -GENERATE[man/man7/ssl.7]=man7/ssl.pod -DEPEND[html/man7/x509.html]=man7/x509.pod -GENERATE[html/man7/x509.html]=man7/x509.pod -DEPEND[man/man7/x509.7]=man7/x509.pod -GENERATE[man/man7/x509.7]=man7/x509.pod -IMAGEDOCS[man7]=man7/img/cipher.png \ -man7/img/digest.png \ -man7/img/kdf.png \ -man7/img/mac.png \ -man7/img/pkey.png \ -man7/img/rand.png -HTMLDOCS[man7]=html/man7/EVP_ASYM_CIPHER-SM2.html \ -html/man7/EVP_CIPHER-AES.html \ -html/man7/EVP_CIPHER-ARIA.html \ -html/man7/EVP_CIPHER-BLOWFISH.html \ -html/man7/EVP_CIPHER-CAMELLIA.html \ -html/man7/EVP_CIPHER-CAST.html \ -html/man7/EVP_CIPHER-CHACHA.html \ -html/man7/EVP_CIPHER-DES.html \ -html/man7/EVP_CIPHER-IDEA.html \ -html/man7/EVP_CIPHER-RC2.html \ -html/man7/EVP_CIPHER-RC4.html \ -html/man7/EVP_CIPHER-RC5.html \ -html/man7/EVP_CIPHER-SEED.html \ -html/man7/EVP_CIPHER-SM4.html \ -html/man7/EVP_KDF-HKDF.html \ -html/man7/EVP_KDF-KB.html \ -html/man7/EVP_KDF-KRB5KDF.html \ -html/man7/EVP_KDF-PBKDF1.html \ -html/man7/EVP_KDF-PBKDF2.html \ -html/man7/EVP_KDF-PKCS12KDF.html \ -html/man7/EVP_KDF-SCRYPT.html \ -html/man7/EVP_KDF-SS.html \ -html/man7/EVP_KDF-SSHKDF.html \ -html/man7/EVP_KDF-TLS13_KDF.html \ -html/man7/EVP_KDF-TLS1_PRF.html \ -html/man7/EVP_KDF-X942-ASN1.html \ -html/man7/EVP_KDF-X942-CONCAT.html \ -html/man7/EVP_KDF-X963.html \ -html/man7/EVP_KEM-RSA.html \ -html/man7/EVP_KEYEXCH-DH.html \ -html/man7/EVP_KEYEXCH-ECDH.html \ -html/man7/EVP_KEYEXCH-X25519.html \ -html/man7/EVP_MAC-BLAKE2.html \ -html/man7/EVP_MAC-CMAC.html \ -html/man7/EVP_MAC-GMAC.html \ -html/man7/EVP_MAC-HMAC.html \ -html/man7/EVP_MAC-KMAC.html \ -html/man7/EVP_MAC-Poly1305.html \ -html/man7/EVP_MAC-Siphash.html \ -html/man7/EVP_MD-BLAKE2.html \ -html/man7/EVP_MD-MD2.html \ -html/man7/EVP_MD-MD4.html \ -html/man7/EVP_MD-MD5-SHA1.html \ -html/man7/EVP_MD-MD5.html \ -html/man7/EVP_MD-MDC2.html \ -html/man7/EVP_MD-RIPEMD160.html \ -html/man7/EVP_MD-SHA1.html \ -html/man7/EVP_MD-SHA2.html \ -html/man7/EVP_MD-SHA3.html \ -html/man7/EVP_MD-SHAKE.html \ -html/man7/EVP_MD-SM3.html \ -html/man7/EVP_MD-WHIRLPOOL.html \ -html/man7/EVP_MD-common.html \ -html/man7/EVP_PKEY-DH.html \ -html/man7/EVP_PKEY-DSA.html \ -html/man7/EVP_PKEY-EC.html \ -html/man7/EVP_PKEY-FFC.html \ -html/man7/EVP_PKEY-HMAC.html \ -html/man7/EVP_PKEY-RSA.html \ -html/man7/EVP_PKEY-SM2.html \ -html/man7/EVP_PKEY-X25519.html \ -html/man7/EVP_RAND-CTR-DRBG.html \ -html/man7/EVP_RAND-HASH-DRBG.html \ -html/man7/EVP_RAND-HMAC-DRBG.html \ -html/man7/EVP_RAND-SEED-SRC.html \ -html/man7/EVP_RAND-TEST-RAND.html \ -html/man7/EVP_RAND.html \ -html/man7/EVP_SIGNATURE-DSA.html \ -html/man7/EVP_SIGNATURE-ECDSA.html \ -html/man7/EVP_SIGNATURE-ED25519.html \ -html/man7/EVP_SIGNATURE-HMAC.html \ -html/man7/EVP_SIGNATURE-RSA.html \ -html/man7/OSSL_PROVIDER-FIPS.html \ -html/man7/OSSL_PROVIDER-base.html \ -html/man7/OSSL_PROVIDER-default.html \ -html/man7/OSSL_PROVIDER-legacy.html \ -html/man7/OSSL_PROVIDER-null.html \ -html/man7/RAND.html \ -html/man7/RSA-PSS.html \ -html/man7/X25519.html \ -html/man7/bio.html \ -html/man7/crypto.html \ -html/man7/ct.html \ -html/man7/des_modes.html \ -html/man7/evp.html \ -html/man7/fips_module.html \ -html/man7/life_cycle-cipher.html \ -html/man7/life_cycle-digest.html \ -html/man7/life_cycle-kdf.html \ -html/man7/life_cycle-mac.html \ -html/man7/life_cycle-pkey.html \ -html/man7/life_cycle-rand.html \ -html/man7/migration_guide.html \ -html/man7/openssl-core.h.html \ -html/man7/openssl-core_dispatch.h.html \ -html/man7/openssl-core_names.h.html \ -html/man7/openssl-env.html \ -html/man7/openssl-glossary.html \ -html/man7/openssl-threads.html \ -html/man7/openssl_user_macros.html \ -html/man7/ossl_store-file.html \ -html/man7/ossl_store.html \ -html/man7/passphrase-encoding.html \ -html/man7/property.html \ -html/man7/provider-asym_cipher.html \ -html/man7/provider-base.html \ -html/man7/provider-cipher.html \ -html/man7/provider-decoder.html \ -html/man7/provider-digest.html \ -html/man7/provider-encoder.html \ -html/man7/provider-kdf.html \ -html/man7/provider-kem.html \ -html/man7/provider-keyexch.html \ -html/man7/provider-keymgmt.html \ -html/man7/provider-mac.html \ -html/man7/provider-object.html \ -html/man7/provider-rand.html \ -html/man7/provider-signature.html \ -html/man7/provider-storemgmt.html \ -html/man7/provider.html \ -html/man7/proxy-certificates.html \ -html/man7/ssl.html \ -html/man7/x509.html -MANDOCS[man7]=man/man7/EVP_ASYM_CIPHER-SM2.7 \ -man/man7/EVP_CIPHER-AES.7 \ -man/man7/EVP_CIPHER-ARIA.7 \ -man/man7/EVP_CIPHER-BLOWFISH.7 \ -man/man7/EVP_CIPHER-CAMELLIA.7 \ -man/man7/EVP_CIPHER-CAST.7 \ -man/man7/EVP_CIPHER-CHACHA.7 \ -man/man7/EVP_CIPHER-DES.7 \ -man/man7/EVP_CIPHER-IDEA.7 \ -man/man7/EVP_CIPHER-RC2.7 \ -man/man7/EVP_CIPHER-RC4.7 \ -man/man7/EVP_CIPHER-RC5.7 \ -man/man7/EVP_CIPHER-SEED.7 \ -man/man7/EVP_CIPHER-SM4.7 \ -man/man7/EVP_KDF-HKDF.7 \ -man/man7/EVP_KDF-KB.7 \ -man/man7/EVP_KDF-KRB5KDF.7 \ -man/man7/EVP_KDF-PBKDF1.7 \ -man/man7/EVP_KDF-PBKDF2.7 \ -man/man7/EVP_KDF-PKCS12KDF.7 \ -man/man7/EVP_KDF-SCRYPT.7 \ -man/man7/EVP_KDF-SS.7 \ -man/man7/EVP_KDF-SSHKDF.7 \ -man/man7/EVP_KDF-TLS13_KDF.7 \ -man/man7/EVP_KDF-TLS1_PRF.7 \ -man/man7/EVP_KDF-X942-ASN1.7 \ -man/man7/EVP_KDF-X942-CONCAT.7 \ -man/man7/EVP_KDF-X963.7 \ -man/man7/EVP_KEM-RSA.7 \ -man/man7/EVP_KEYEXCH-DH.7 \ -man/man7/EVP_KEYEXCH-ECDH.7 \ -man/man7/EVP_KEYEXCH-X25519.7 \ -man/man7/EVP_MAC-BLAKE2.7 \ -man/man7/EVP_MAC-CMAC.7 \ -man/man7/EVP_MAC-GMAC.7 \ -man/man7/EVP_MAC-HMAC.7 \ -man/man7/EVP_MAC-KMAC.7 \ -man/man7/EVP_MAC-Poly1305.7 \ -man/man7/EVP_MAC-Siphash.7 \ -man/man7/EVP_MD-BLAKE2.7 \ -man/man7/EVP_MD-MD2.7 \ -man/man7/EVP_MD-MD4.7 \ -man/man7/EVP_MD-MD5-SHA1.7 \ -man/man7/EVP_MD-MD5.7 \ -man/man7/EVP_MD-MDC2.7 \ -man/man7/EVP_MD-RIPEMD160.7 \ -man/man7/EVP_MD-SHA1.7 \ -man/man7/EVP_MD-SHA2.7 \ -man/man7/EVP_MD-SHA3.7 \ -man/man7/EVP_MD-SHAKE.7 \ -man/man7/EVP_MD-SM3.7 \ -man/man7/EVP_MD-WHIRLPOOL.7 \ -man/man7/EVP_MD-common.7 \ -man/man7/EVP_PKEY-DH.7 \ -man/man7/EVP_PKEY-DSA.7 \ -man/man7/EVP_PKEY-EC.7 \ -man/man7/EVP_PKEY-FFC.7 \ -man/man7/EVP_PKEY-HMAC.7 \ -man/man7/EVP_PKEY-RSA.7 \ -man/man7/EVP_PKEY-SM2.7 \ -man/man7/EVP_PKEY-X25519.7 \ -man/man7/EVP_RAND-CTR-DRBG.7 \ -man/man7/EVP_RAND-HASH-DRBG.7 \ -man/man7/EVP_RAND-HMAC-DRBG.7 \ -man/man7/EVP_RAND-SEED-SRC.7 \ -man/man7/EVP_RAND-TEST-RAND.7 \ -man/man7/EVP_RAND.7 \ -man/man7/EVP_SIGNATURE-DSA.7 \ -man/man7/EVP_SIGNATURE-ECDSA.7 \ -man/man7/EVP_SIGNATURE-ED25519.7 \ -man/man7/EVP_SIGNATURE-HMAC.7 \ -man/man7/EVP_SIGNATURE-RSA.7 \ -man/man7/OSSL_PROVIDER-FIPS.7 \ -man/man7/OSSL_PROVIDER-base.7 \ -man/man7/OSSL_PROVIDER-default.7 \ -man/man7/OSSL_PROVIDER-legacy.7 \ -man/man7/OSSL_PROVIDER-null.7 \ -man/man7/RAND.7 \ -man/man7/RSA-PSS.7 \ -man/man7/X25519.7 \ -man/man7/bio.7 \ -man/man7/crypto.7 \ -man/man7/ct.7 \ -man/man7/des_modes.7 \ -man/man7/evp.7 \ -man/man7/fips_module.7 \ -man/man7/life_cycle-cipher.7 \ -man/man7/life_cycle-digest.7 \ -man/man7/life_cycle-kdf.7 \ -man/man7/life_cycle-mac.7 \ -man/man7/life_cycle-pkey.7 \ -man/man7/life_cycle-rand.7 \ -man/man7/migration_guide.7 \ -man/man7/openssl-core.h.7 \ -man/man7/openssl-core_dispatch.h.7 \ -man/man7/openssl-core_names.h.7 \ -man/man7/openssl-env.7 \ -man/man7/openssl-glossary.7 \ -man/man7/openssl-threads.7 \ -man/man7/openssl_user_macros.7 \ -man/man7/ossl_store-file.7 \ -man/man7/ossl_store.7 \ -man/man7/passphrase-encoding.7 \ -man/man7/property.7 \ -man/man7/provider-asym_cipher.7 \ -man/man7/provider-base.7 \ -man/man7/provider-cipher.7 \ -man/man7/provider-decoder.7 \ -man/man7/provider-digest.7 \ -man/man7/provider-encoder.7 \ -man/man7/provider-kdf.7 \ -man/man7/provider-kem.7 \ -man/man7/provider-keyexch.7 \ -man/man7/provider-keymgmt.7 \ -man/man7/provider-mac.7 \ -man/man7/provider-object.7 \ -man/man7/provider-rand.7 \ -man/man7/provider-signature.7 \ -man/man7/provider-storemgmt.7 \ -man/man7/provider.7 \ -man/man7/proxy-certificates.7 \ -man/man7/ssl.7 \ -man/man7/x509.7 - diff --git a/doc/build.info.in b/doc/build.info.in deleted file mode 100644 index e8dae7058a6effd5b92f97c2a7c3dfd7fe07e4ae..0000000000000000000000000000000000000000 --- a/doc/build.info.in +++ /dev/null @@ -1,80 +0,0 @@ -SUBDIRS = man1 - -{- - use File::Spec::Functions qw(:DEFAULT abs2rel rel2abs); - use File::Basename; - - my $sourcedir = catdir($config{sourcedir}, 'doc'); - - foreach my $section ((1, 3, 5, 7)) { - my @imagefiles = (); - my @htmlfiles = (); - my @manfiles = (); - my %pngfiles = - map { $_ => 1 } glob catfile($sourcedir, "man$section", "img", "*.png"); - my %podfiles = - map { $_ => 1 } glob catfile($sourcedir, "man$section", "*.pod"); - my %podinfiles = - map { $_ => 1 } glob catfile($sourcedir, "man$section", "*.pod.in"); - - foreach (keys %podinfiles) { - (my $p = $_) =~ s|\.in$||i; - $podfiles{$p} = 1; - } - - foreach my $p (sort keys %podfiles) { - my $podfile = abs2rel($p, $sourcedir); - my $podname = basename($podfile, '.pod'); - my $podinfile = $podinfiles{"$p.in"} ? "$podfile.in" : undef; - - my $podname = basename($podfile, ".pod"); - - my $htmlfile = abs2rel(catfile($buildtop, "doc", "html", "man$section", - "$podname.html"), - catdir($buildtop, "doc")); - my $manfile = abs2rel(catfile($buildtop, "doc", "man", "man$section", - "$podname.$section"), - catdir($buildtop, "doc")); - - # The build.info format requires file specs to be in Unix format. - # Especially, since VMS file specs use [ and ], the build.info parser - # will otherwise get terribly confused. - if ($^O eq 'VMS') { - $htmlfile = VMS::Filespec::unixify($htmlfile); - $manfile = VMS::Filespec::unixify($manfile); - $podfile = VMS::Filespec::unixify($podfile); - $podinfile = VMS::Filespec::unixify($podinfile) - if defined $podinfile; - } elsif ($^O eq 'MSWin32') { - $htmlfile =~ s|\\|/|g; - $manfile =~ s|\\|/|g; - $podfile =~ s|\\|/|g; - $podinfile =~ s|\\|/|g - if defined $podinfile; - } - push @htmlfiles, $htmlfile; - push @manfiles, $manfile; - $OUT .= << "_____"; -DEPEND[$htmlfile]=$podfile -GENERATE[$htmlfile]=$podfile -DEPEND[$manfile]=$podfile -GENERATE[$manfile]=$podfile -_____ - $OUT .= << "_____" if $podinfile; -DEPEND[$podfile]{pod}=$podinfile -GENERATE[$podfile]=$podinfile -_____ - } - - foreach my $p (sort keys %pngfiles) { - my $relpath = abs2rel($p, $sourcedir); - my $imagefile = abs2rel(catfile($buildtop, "doc", "$relpath"), - catdir($buildtop, "doc")); - push @imagefiles, $imagefile; - } - - $OUT .= "IMAGEDOCS[man$section]=" . join(" \\\n", @imagefiles) . "\n"; - $OUT .= "HTMLDOCS[man$section]=" . join(" \\\n", @htmlfiles) . "\n"; - $OUT .= "MANDOCS[man$section]=" . join(" \\\n", @manfiles) . "\n"; - } - -} diff --git a/doc/fingerprints.txt b/doc/fingerprints.txt deleted file mode 100644 index 4f95f2beaec831ad328d0dc157af25c33d6d5bc9..0000000000000000000000000000000000000000 --- a/doc/fingerprints.txt +++ /dev/null @@ -1,25 +0,0 @@ -Fingerprints for Signing Releases - -OpenSSL releases are signed with PGP/GnuPG keys. This file contains -the fingerprints of team members who are "authorized" to sign the -next release. - -The signature is a detached cleartxt signature, with the same name -as the release but with ".asc" appended. For example, release -1.0.1h can be found in openssl-1.0.1h.tar.gz with the signature -in the file named openssl-1.0.1h.tar.gz.asc. - -The following is the list of fingerprints for the keys that are -currently in use to sign OpenSSL distributions: - -Richard Levitte: -7953 AC1F BC3D C8B3 B292 393E D5E9 E43F 7DF9 EE8C - -Matt Caswell: -8657 ABB2 60F0 56B1 E519 0839 D9C4 D26D 0E60 4491 - -Paul Dale: -B7C1 C143 60F3 53A3 6862 E4D5 231C 84CD DCC6 9C45 - -Tomáš Mráz: -A21F AB74 B008 8AA3 6115 2586 B8EF 1A6B A9DA 2D5C diff --git a/doc/images/openssl.svg b/doc/images/openssl.svg deleted file mode 100644 index 9cd6794fbdcfaf07528494af55acce6898fe7f3d..0000000000000000000000000000000000000000 --- a/doc/images/openssl.svg +++ /dev/null @@ -1,41 +0,0 @@ - - - - - OpenSSL - Cryptography and SSL/TLS Toolkit - - diff --git a/doc/internal/man3/OPENSSL_SA.pod b/doc/internal/man3/OPENSSL_SA.pod deleted file mode 100644 index 8124003d77a62b9be9dadf6781d1e9638e34ba3c..0000000000000000000000000000000000000000 --- a/doc/internal/man3/OPENSSL_SA.pod +++ /dev/null @@ -1,131 +0,0 @@ -=pod - -=head1 NAME - -OPENSSL_SA, ossl_sa_TYPE_new, ossl_sa_TYPE_free, -ossl_sa_TYPE_free_leaves, ossl_sa_TYPE_num, ossl_sa_TYPE_doall, -ossl_sa_TYPE_doall_arg, ossl_sa_TYPE_get, ossl_sa_TYPE_set -- sparse array container - -=head1 SYNOPSIS - - #include "crypto/sparse_array.h" - - typedef struct sparse_array_st OPENSSL_SA; - - SPARSE_ARRAY_OF(TYPE) - DEFINE_SPARSE_ARRAY_OF(TYPE) - - SPARSE_ARRAY_OF(TYPE) *ossl_sa_TYPE_new(void); - void ossl_sa_TYPE_free(const SPARSE_ARRAY_OF(TYPE) *sa); - void ossl_sa_TYPE_free_leaves(const SPARSE_ARRAY_OF(TYPE) *sa); - size_t ossl_sa_TYPE_num(const SPARSE_ARRAY_OF(TYPE) *sa); - void ossl_sa_TYPE_doall(const OPENSSL_SA *sa, void (*leaf)(ossl_uintmax_t, - void *)); - void ossl_sa_TYPE_doall_arg(const OPENSSL_SA *sa, - void (*leaf)(ossl_uintmax_t, void *, void *), - void *arg); - TYPE *ossl_sa_TYPE_get(const SPARSE_ARRAY_OF(TYPE) *sa, ossl_uintmax_t idx); - int ossl_sa_TYPE_set(SPARSE_ARRAY_OF(TYPE) *sa, ossl_uintmax_t idx, - TYPE *value); - -=head1 DESCRIPTION - -=begin comment - -POD is pretty good at recognising function names and making them appropriately -bold... however, when part of the function name is variable, we have to help -the processor along - -=end comment - -SPARSE_ARRAY_OF() returns the name for a sparse array of the specified -B>. DEFINE_SPARSE_ARRAY_OF() creates set of functions for a sparse -array of B>. This will mean that a pointer to type B> -is stored in each element of a sparse array, the type is referenced by -B(B>) and each function name begins with -B_>. For example: - - TYPE *ossl_sa_TYPE_get(SPARSE_ARRAY_OF(TYPE) *sa, ossl_uintmax_t idx); - -B_num>() returns the number of elements in I or 0 if I -is NULL. - -B_get>() returns element I in I, where I starts -at zero. If I refers to a value that has not been set then NULL is -returned. - -B_set>() sets element I in I to I, where I -starts at zero. The sparse array will be resized as required. - -B_new>() allocates a new empty sparse array. - -B_free>() frees up the I structure. It does I free up any -elements of I. After this call I is no longer valid. - -B_free_leaves>() frees up the I structure and all of its -elements. After this call I is no longer valid. - -B_doall>() calls the function I for each element in I -in ascending index order. The index position, within the sparse array, -of each item is passed as the first argument to the leaf function and a -pointer to the associated value is passed as the second argument. - -B_doall_arg>() calls the function I for each element in -I in ascending index order. The index position, within the sparse -array, of each item is passed as the first argument to the leaf function, -a pointer to the associated value is passed as the second argument and -the third argument is the user supplied I. - - -=head1 NOTES - -Sparse arrays are an internal data structure and should B be used by user -applications. - -Care should be taken when accessing sparse arrays in multi-threaded -environments. The B_set>() operation can cause the internal -structure of the sparse array to change which causes race conditions if the -sparse array is accessed in a different thread. - -SPARSE_ARRAY_OF() and DEFINE_SPARSE_ARRAY_OF() are implemented as macros. - -The underlying utility B API should not be used directly. It -defines these functions: OPENSSL_SA_doall, OPENSSL_SA_doall_arg, -OPENSSL_SA_free, OPENSSL_SA_free_leaves, OPENSSL_SA_get, OPENSSL_SA_new, -OPENSSL_SA_num and OPENSSL_SA_set. - -=head1 RETURN VALUES - -B_num>() returns the number of elements in the sparse array or -B<0> if the passed sparse array is NULL. - -B_get>() returns a pointer to a sparse array element or NULL if -the element has not be set. - -B_set>() return B<1> on success and B<0> on error. In the latter -case, the elements of the sparse array remain unchanged, although the internal -structures might have. - -B_new>() returns an empty sparse array or NULL if an error -occurs. - -B_doall>(), B_doall_arg>(), -B_free>() and B_free_leaves>() -do not return values. - -=head1 HISTORY - -This functionality was added to OpenSSL 3.0. - -=head1 COPYRIGHT - -Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. Copyright -(c) 2019, Oracle and/or its affiliates. All rights reserved. - -Licensed under the Apache License 2.0 (the "License"). You may not use this -file except in compliance with the License. You can obtain a copy in the file -LICENSE in the source distribution or at -L. - -=cut diff --git a/doc/internal/man3/OPTIONS.pod b/doc/internal/man3/OPTIONS.pod deleted file mode 100644 index 90593ca46f6fd3f3204e63d037ba7440730e794a..0000000000000000000000000000000000000000 --- a/doc/internal/man3/OPTIONS.pod +++ /dev/null @@ -1,343 +0,0 @@ -=pod - -=head1 NAME - -OPTIONS, OPT_PAIR, OPT_COMMON, OPT_ERR, OPT_EOF, OPT_HELP, -opt_init, opt_progname, opt_appname, opt_getprog, opt_help, -opt_begin, opt_next, opt_flag, opt_arg, opt_unknown, opt_cipher, -opt_cipher_any, opt_cipher_silent, opt_md, -opt_int, opt_int_arg, opt_long, opt_ulong, opt_intmax, opt_uintmax, -opt_format, opt_isdir, opt_string, opt_pair, -opt_num_rest, opt_rest, opt_legacy_okay -- Option parsing for commands and tests - -=head1 SYNOPSIS - - #include "opt.h" - - typedef struct { ... } OPTIONS; - typedef struct { ... } OPT_PAIR; - #define OPT_COMMON - #define OPT_ERR - #define OPT_EOF - #define OPT_HELP - - char *opt_init(int argc, char **argv, const OPTIONS *o); - char *opt_progname(const char *argv0); - char *opt_appname(const char *argv0); - char *opt_getprog(void); - void opt_help(const OPTIONS *list); - - void opt_begin(void); - int opt_next(void); - char *opt_flag(void); - char *opt_arg(void); - char *opt_unknown(void); - int opt_cipher(const char *name, EVP_CIPHER **cipherp); - int opt_cipher_any(const char *name, EVP_CIPHER **cipherp); - int opt_cipher_silent(const char *name, EVP_CIPHER **cipherp); - int opt_md(const char *name, EVP_MD **mdp); - - int opt_int(const char *value, int *result); - int opt_int_arg(void); - int opt_long(const char *value, long *result); - int opt_ulong(const char *value, unsigned long *result); - int opt_intmax(const char *value, intmax_t *result); - int opt_uintmax(const char *value, uintmax_t *result); - - int opt_format(const char *s, unsigned long flags, int *result); - int opt_isdir(const char *name); - int opt_string(const char *name, const char **options); - int opt_pair(const char *name, const OPT_PAIR* pairs, int *result); - - int opt_num_rest(void); - char **opt_rest(void); - - int opt_legacy_okay(void); - -=head1 DESCRIPTION - -The functions on this page provide a common set of option-parsing for -the OpenSSL command and the internal test programs. -It is intended to be used like the standard getopt(3) routine, except -that multi-character flag names are supported, and a variety of parsing -and other utility functions are also provided. - -Programs that use this should make sure to set the appropriate C<-I> -flag. - -These routines expect a global B named B to point to -the equivalent of B. This is already done in the OpenSSL -application. - -=head2 Data Types - -Each program should define, near the main() routine, an enumeration -that is the set of options the program accepts. For example: - - typedef enum OPTION_choice { - OPT_COMMON, - OPT_YES, OPT_NAME, OPT_COUNT, OPT_OFILE, - ... - } OPTION_CHOICE; - -The first two lines must appear exactly as shown. -OPT_COMMON is a macro that expands to C. -In addition to defining symbolic names for the constants that opt_next() -returns, it also helps guarantee that every command has a C<-help> option. -The third line is a sample -set of flags, and the closing C name is used for error-checking -as discussed below. -By declaring the variable as an C, with the right warning -flags, the compiler could check that all specified options are handled. - -The B C specifies an option: what type of argument -it takes (if any), and an optional "help" string. It is a C -containing these fields: - - const char *name; - int retval; - int valtype; - const char *helpstr; - -The B is the name of the option that the user would type. Options -are words prefaced with a minus sign. If the user uses two minus signs, -this is also accepted for compatibility with other GNU software. Some -names are special, and are described below. - -The B is the value to return if the option is found. It should be -one of the choices in the enumeration above. - -The B defines what the option's parameter must be. It should -be chosen from the following set: - - \0 No value - '-' No value - 's' A text string - '/' A directory - '<' Name of file to open for input - '>' Name of file to open for output - 'n' A signed number that fits in the C type - 'p' A positive number that fits in the C type - 'N' A nonnegative number that fits in the C type - 'M' A signed number that fits in the C type - 'U' An unsigned number that fits in the C type - 'l' A signed number that fits in the C type - 'u' An unsigned number that fits in the C type - 'c' File in PEM, DER, or S/MIME format - 'F' A file in PEM or DER format - 'E' Like 'F' but also allows ENGINE - 'f' Any file format - -The B is what to display when the user uses the help option, -which should be C<"help">. - -A program should declare its options right after the enumeration, -and should follow the ordering of the enumeration as this helps -readability and maintainability: - - static OPTIONS my_options[] = { - {"help", OPT_HELP, '-', "Display this summary"}, - {"yes", OPT_YES, '-', "Print an affirmative reply"}, - {"count", OPT_COUNT, 'p', "Repeat count"}, - {"output" OPT_OFILE, '>', "Output file; default is stdout"}, - {NULL} - }; - -Note that the B option is explicitly listed, and the list ends with -an entry of all-null's. The other two special options, B and B -should not appear in the array. - -If the help string is too long to fit into one line, it may be continued -on multiple lines; each entry should use B, like this: - - {"output" OPT_OFILE, '>', "Output file; default is stdout"}, - {OPT_MORE_STR, 0, 0, - "This flag is not really needed on Unix systems"}, - {OPT_MORE_STR, 0, 0, - "(Unix and descendents for ths win!)"} - -Each subsequent line will be indented the correct amount. - -By default, the help display will include a standard prolog: - - Usage: PROGRAM [options] - Valid options are: - ...detailed list of options... - -Sometimes there are parameters that should appear in the synopsis. -Use B as the first entry in your array: - - {OPT_HELP_STR, 1, '-', Usage: %s [options] [text...]\n"} - -The B and B are ignored, and the B should -follow the general construction as shown. The C<%s> will get the program -name. - -If a command has a large set of options, it can be useful to break them -into sections. Use the macro B or B -to indicate this. The two lines below are equivalent: - - OPT_SECTION("Validation"), - {OPT_SECTION_STR, 1, '-', "Validation options:\n"}, - -In addition to providing help about options, you can provide a description -of the parameters a command takes. These should appear at the end of -the options and are indicated by using B or the -B macro: - - OPT_PARAMETERS() - {OPT_PARAM_STR, 1, '-', "Parameters:\n"} - -Every "option" after after this should contain the parameter and -the help string: - - {"text", 0, 0, "Words to display (optional)"}, - -=head2 Functions - -The opt_init() function takes the I and I arguments given to main() -and a pointer I to the list of options. It returns the simple program -name, as defined by opt_progname(). - -The opt_progname() function takes the full pathname C in its I -parameter and returns -the simple short name of the executable, to be used for error messages and -the like. - -The opt_appname() function takes in its I parameter -the "application" name (such -as the specific command from L and appends it to the program -name. This function should only be called once. - -The opt_getprog() function returns the value set by opt_appname(). - -The opt_help() function takes a list of option definitions and prints a -nicely-formatted output. - -The opt_begin() function, which is called automatically by opt_init(), -can be used to reset the option parsing loop. - -The opt_next() function is called, once opt_init() has been called, -in a loop to fetch each option in turn. It returns -1, or B when the -end of arguments has been reached. This is typically done like this: - - prog = opt_init(argc, argv, my_options); - while ((o = opt_next()) != OPT_EOF) { - switch (o) { - case OPT_EOF: - case OPT_ERR: - opthelp: - fprintf(stderr, "%s: Use -help for summary\n", prog); - exit(1); - case OPT_HELP: - opt_help(my_options); - exit(0); - ...other options... - } - } - -Within the option parsing loop, the following functions may be called. - -The opt_flag() function returns the most recent option name -including the preceding C<->. - -The opt_arg() function returns the option's argument value, if there is one. - -The opt_unknown() function returns the unknown option. -In an option list, there can be at most one option with the empty string. -This is a "wildcard" or "unknown" option. For example, it allows an -option to be be taken as digest algorithm, like C<-sha1>. The function -opt_md() takes the specified I and fills in the digest into I. -The functions opt_cipher(), opt_cipher_any() and opt_cipher_silent() -each takes the specified I and fills in the cipher into I. -The function opt_cipher() only accepts ciphers which are not -AEAD and are not using XTS mode. The functions opt_cipher_any() and -opt_cipher_silent() accept any cipher, the latter not emitting an error -if the cipher is not located. - -There are a several useful functions for parsing numbers. These are -opt_int(), opt_long(), opt_ulong(), opt_intmax(), and opt_uintmax(). They all -take C<0x> to mean hexadecimal and C<0> to mean octal, and will do the -necessary range-checking. They return 1 if successful and fill in the -C pointer with the value, or 0 on error. Note that opt_next() -will also do range-check on the argument if the appropriate B -field is specified for the option. This means that error-checking inside -the C C can often be elided. - -The opt_int_arg() function is a convenience abbreviation to opt_int(). -It parses and returns an integer, assuming its range has been checked before. - -The opt_format() function takes a string value, -such as used with the B<-informat> or similar option, and fills -the value from the constants in F file. - -The opt_isdir() function returns 1 if the specified I is -a directory, or 0 if not. - -The opt_string() function checks that I appears in the -NULL-terminated array of strings. It returns 1 if found, -or prints a diagnostic and returns 0 if not. - -The opt_pair() function takes a list of I, each of which -has a text name and an integer. The specified I is -found on the list, it puts the index in I<*result>, and returns -1. If not found, it returns 0. - -The following functions can be used after processing all the options. - -The opt_num_rest() function returns what is left. - -The opt_rest() function returns a pointer to the first non-option. -If there were no parameters, it will point to the NULL that is -at the end of the standard I array. - -The opt_legacy_okay() function returns true if no options have been -specified that would preclude using legacy code paths. Currently, -the various provider options preclude legacy operation. This means, -for example, that specifying both B<-provider> and B<-engine> in the -same command line will not work as expected. - -=head2 Common Options - -There are a few groups of options that are common to many OpenSSL programs. -These are handled with sets of macros that define common option names -and common code to handle them. The categories are identified by a -letter: - - V Validation - X Extended certificate - S TLS/SSL - R Random state - -The B macro is used to define the numeration values, where B -is one of the letters above. The B macro is used to -list the set of common options, and the B is used in -the C statement. - -The common options are used throughout the sources for the OpenSSL commands. -They are also used with common descriptions when generating the -manpages, in the file F, which follow a similar naming -convention. - -=head1 RETURN VALUES - -Detailed above. - -=head1 EXAMPLES - -The best examples can be found in sources for the commands in the F -directory of the source tree. -A notable exception is F which uses this API, but does -things very differently. - -=head1 COPYRIGHT - -Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. - -Licensed under the Apache License 2.0 (the "License"). You may not use this -file except in compliance with the License. You can obtain a copy in the file -LICENSE in the source distribution or at -L. - -=cut diff --git a/doc/internal/man3/OSSL_DEPRECATED.pod b/doc/internal/man3/OSSL_DEPRECATED.pod deleted file mode 100644 index 8370d60f18fbc80594199ed1ff81fc394ae52ab8..0000000000000000000000000000000000000000 --- a/doc/internal/man3/OSSL_DEPRECATED.pod +++ /dev/null @@ -1,54 +0,0 @@ -=pod - -=head1 NAME - -OSSL_DEPRECATED, OSSL_DEPRECATED_FOR - General deprecation macros - -=head1 SYNOPSIS - - #include - - #define OSSL_DEPRECATED(since) - #define OSSL_DEPRECATED_FOR(since, msg) - -=head1 DESCRIPTION - -OSSL_DEPRECATED() implements the deprecated attribute if the compiler -supports it, otherwise it expands to nothing. It takes one argument -I that should be set to the OpenSSL version where the symbol was -deprecated, and will be displayed with the deprecation warning message, -for compilers that support user specified deprecation messages. - -OSSL_DEPRECATED_FOR() does the same as OSSL_DEPRECATED(), but also takes a -second argument I, which is an additional text messages to be displayed -with the deprecation warning along with the OpenSSL version number, for -compilers that support user specified deprecation messages. - -These macros are used to define the version specific deprecation macros -described in L. - -=begin comment - -[RETURN VALUES isn't relevant for these macros, but find-doc-nits demands -the presence of this section] - -=head1 RETURN VALUES - -[podchecker doesn't like empty sections] - -=end comment - -=head1 SEE ALSO - -L - -=head1 COPYRIGHT - -Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. - -Licensed under the Apache License 2.0 (the "License"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file LICENSE in the source distribution or at -L. - -=cut diff --git a/doc/internal/man3/OSSL_METHOD_STORE.pod b/doc/internal/man3/OSSL_METHOD_STORE.pod deleted file mode 100644 index 70f6eb520ff311459e9e1d20ddb93aa6debde8f2..0000000000000000000000000000000000000000 --- a/doc/internal/man3/OSSL_METHOD_STORE.pod +++ /dev/null @@ -1,144 +0,0 @@ -=pod - -=head1 NAME - -OSSL_METHOD_STORE, ossl_method_store_new, ossl_method_store_free, -ossl_method_store_init, ossl_method_store_cleanup, -ossl_method_store_add, ossl_method_store_fetch, -ossl_method_store_remove, ossl_method_store_remove_all_provided, -ossl_method_store_cache_get, ossl_method_store_cache_set, -ossl_method_store_cache_flush_all -- implementation method store and query - -=head1 SYNOPSIS - - #include "internal/property.h" - - typedef struct ossl_method_store_st OSSL_METHOD_STORE; - - OSSL_METHOD_STORE *ossl_method_store_new(OSSL_LIB_CTX *ctx); - void ossl_method_store_free(OSSL_METHOD_STORE *store); - int ossl_method_store_init(OSSL_LIB_CTX *ctx); - void ossl_method_store_cleanup(OSSL_LIB_CTX *ctx); - int ossl_method_store_add(OSSL_METHOD_STORE *store, const OSSL_PROVIDER *prov, - int nid, const char *properties, void *method, - int (*method_up_ref)(void *), - void (*method_destruct)(void *)); - int ossl_method_store_remove(OSSL_METHOD_STORE *store, - int nid, const void *method); - int ossl_method_store_fetch(OSSL_METHOD_STORE *store, - int nid, const char *properties, - void **method, const OSSL_PROVIDER **prov_rw); - int ossl_method_store_remove_all_provided(OSSL_METHOD_STORE *store, - const OSSL_PROVIDER *prov); - - int ossl_method_store_cache_get(OSSL_METHOD_STORE *store, OSSL_PROVIDER *prov, - int nid, const char *prop_query, void **method); - int ossl_method_store_cache_set(OSSL_METHOD_STORE *store, OSSL_PROVIDER *prov, - int nid, const char *prop_query, void *method, - int (*method_up_ref)(void *), - void (*method_destruct)(void *)); - void ossl_method_store_cache_flush_all(OSSL_METHOD_STORE *store); - -=head1 DESCRIPTION - -OSSL_METHOD_STORE stores methods that can be queried using properties and a -numeric identity (nid). - -Methods are expected to be library internal structures. -It's left to the caller to define the exact contents. - -Numeric identities are expected to be an algorithm identity for the methods. -It's left to the caller to define exactly what an algorithm is, and to allocate -these numeric identities accordingly. - -The B also holds an internal query cache, which is accessed -separately (see L below). - -=head2 Store Functions - -ossl_method_store_init() initialises the method store subsystem in the scope of -the library context I. - -ossl_method_store_cleanup() cleans up and shuts down the implementation method -store subsystem in the scope of the library context I. - -ossl_method_store_new() create a new empty method store using the supplied -I to allow access to the required underlying property data. - -ossl_method_store_free() frees resources allocated to I. - -ossl_method_store_add() adds the I constructed from an implementation in -the provider I to the I as an instance of an algorithm indicated by -I and the property definition I, unless the I already -has a method from the same provider with the same I and I. -If the I function is given, it's called to increment the -reference count of the method. -If the I function is given, it's called when this function -fails to add the method to the store, or later on when it is being released from -the I. - -ossl_method_store_remove() removes the I identified by I from the -I. - -ossl_method_store_fetch() queries I for a method identified by I -that matches the property query I. -I<*prop> may be a pointer to a provider, which will narrow the search -to methods from that provider. -The result, if any, is returned in I<*method>, and its provider in I<*prov>. - -ossl_method_store_remove_all_provided() removes all methods from I -that are provided by I. -When doing so, it also flushes the corresponding cache entries. - -=head2 Cache Functions - -ossl_method_store_cache_get() queries the cache associated with the I -for a method identified by I that matches the property query -I. -Additionally, if I isn't NULL, it will be used to narrow the search -to only include methods from that provider. -The result, if any, is returned in I. - -ossl_method_store_cache_set() sets a cache entry identified by I from the -provider I, with the property query I in the I. -Future calls to ossl_method_store_cache_get() will return the specified I. -The I function is called to increment the -reference count of the method and the I function is called -to decrement it. - -ossl_method_store_cache_flush_all() flushes all cached entries associated with -I. - -=head1 NOTES - -The I argument to ossl_method_store_cache_get() and -ossl_method_store_cache_set() is not allowed to be NULL. Use "" for an -empty property definition or query. - -=head1 RETURN VALUES - -ossl_method_store_new() returns a new method store object or NULL on failure. - -ossl_method_store_free(), ossl_method_store_add(), -ossl_method_store_remove(), ossl_method_store_fetch(), -ossl_method_store_cache_get(), ossl_method_store_cache_set() and -ossl_method_store_flush_cache() return B<1> on success and B<0> on error. - -ossl_method_store_free() and ossl_method_store_cleanup() do not return any value. - -=head1 HISTORY - -This functionality was added to OpenSSL 3.0. - -=head1 COPYRIGHT - -Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. -Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved. - -Licensed under the Apache License 2.0 (the "License"). You may not use this -file except in compliance with the License. You can obtain a copy in the file -LICENSE in the source distribution or at -L. - -=cut diff --git a/doc/internal/man3/cms_add1_signing_cert.pod b/doc/internal/man3/cms_add1_signing_cert.pod deleted file mode 100644 index cc2747dcde6e70e6465603b632859b2f404f485e..0000000000000000000000000000000000000000 --- a/doc/internal/man3/cms_add1_signing_cert.pod +++ /dev/null @@ -1,46 +0,0 @@ -=pod - -=head1 NAME - -cms_add1_signing_cert, cms_add1_signing_cert_v2 -- add ESS signing-certificate signed attribute to a -CMS_SignerInfo data structure - -=head1 SYNOPSIS - - #include - - int cms_add1_signing_cert(CMS_SignerInfo *si, ESS_SIGNING_CERT *sc); - - int cms_add1_signing_cert_v2(CMS_SignerInfo *si, ESS_SIGNING_CERT_V2 *sc2); - -=head1 DESCRIPTION - -cms_add1_signing_cert() adds an ESS Signing Certificate I (version 1) signed -attribute to the CMS_SignerInfo I. -cms_add1_signing_cert_v2() adds an ESS Signing Certificate I (version 2) signed -attribute to the CMS_SignerInfo I. -The ESS Signing Certificate attributes version 1 and 2 are defined in RFC 5035 -which updates Section 5.4 of RFC 2634. - -=head1 NOTES - -This attribute is mandatory to make a CMS compliant with CAdES-BES -(European Standard ETSI EN 319 122-1 V1.1.1). -For a fuller description see L). - -=head1 RETURN VALUES - -cms_add1_signing_cert() and cms_add1_signing_cert_v2() return 1 if attribute -is added or 0 if an error occurred. - -=head1 COPYRIGHT - -Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. - -Licensed under the Apache License 2.0 (the "License"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file LICENSE in the source distribution or at -L. - -=cut diff --git a/doc/internal/man3/evp_generic_fetch.pod b/doc/internal/man3/evp_generic_fetch.pod deleted file mode 100644 index b23d2ec0eaa244e3c8dfd94a1df5031d1cea0eaa..0000000000000000000000000000000000000000 --- a/doc/internal/man3/evp_generic_fetch.pod +++ /dev/null @@ -1,285 +0,0 @@ -=pod - -=head1 NAME - -evp_generic_fetch, evp_generic_fetch_by_number, evp_generic_fetch_from_prov -- generic algorithm fetchers and method creators for EVP - -=head1 SYNOPSIS - - /* Only for EVP source */ - #include "evp_local.h" - - void *evp_generic_fetch(OSSL_LIB_CTX *libctx, int operation_id, - const char *name, const char *properties, - void *(*new_method)(int name_id, - const OSSL_DISPATCH *fns, - OSSL_PROVIDER *prov, - void *method_data), - void *method_data, - int (*up_ref_method)(void *), - void (*free_method)(void *)); - - void *evp_generic_fetch_by_number(OSSL_LIB_CTX *ctx, int operation_id, - int name_id, const char *properties, - void *(*new_method)(int name_id, - const OSSL_DISPATCH *fns, - OSSL_PROVIDER *prov, - void *method_data), - void *method_data, - int (*up_ref_method)(void *), - void (*free_method)(void *)); - void *evp_generic_fetch_from_prov(OSSL_PROVIDER *prov, int operation_id, - int name_id, const char *properties, - void *(*new_method)(int name_id, - const OSSL_DISPATCH *fns, - OSSL_PROVIDER *prov, - void *method_data), - void *method_data, - int (*up_ref_method)(void *), - void (*free_method)(void *)); - -=head1 DESCRIPTION - -evp_generic_fetch() calls ossl_method_construct() with the given -I, I, I, and I and uses -it to create an EVP method with the help of the functions -I, I, and I. - -evp_generic_fetch_by_number() does the same thing as evp_generic_fetch(), -but takes a numeric I instead of a name. -I must always be nonzero; as a matter of fact, it being zero -is considered a programming error. -This is meant to be used when one method needs to fetch an associated -method, and is typically called from inside the given function -I. - -evp_generic_fetch_from_prov() does the same thing as evp_generic_fetch(), -but limits the search of methods to the provider given with I. -This is meant to be used when one method needs to fetch an associated -method in the same provider. - -The three functions I, I, and -I are supposed to: - -=over 4 - -=item new_method() - -creates an internal method from function pointers found in the -dispatch table I, with name identity I. -The provider I and I are also passed to be used as -new_method() sees fit. - -=item up_ref_method() - -increments the reference counter for the given method, if there is -one. - -=item free_method() - -frees the given method. - -=back - -=head1 RETURN VALUES - -evp_generic_fetch() returns a method on success, or NULL on error. - -=head1 EXAMPLES - -This is a short example of the fictitious EVP API and operation called -B. - -To begin with, let's assume something like this in -F: - - #define OSSL_OP_FOO 100 - - #define OSSL_FUNC_FOO_NEWCTX_FUNC 2001 - #define OSSL_FUNC_FOO_INIT 2002 - #define OSSL_FUNC_FOO_OPERATE 2003 - #define OSSL_FUNC_FOO_CLEANCTX_FUNC 2004 - #define OSSL_FUNC_FOO_FREECTX_FUNC 2005 - - OSSL_CORE_MAKE_FUNC(void *, foo_newctx, (void)) - OSSL_CORE_MAKE_FUNC(int, foo_init, (void *vctx)) - OSSL_CORE_MAKE_FUNC(int, foo_operate, (void *vctx, - unsigned char *out, size_t *out_l, - unsigned char *in, size_t in_l)) - OSSL_CORE_MAKE_FUNC(void, foo_cleanctx, (void *vctx)) - OSSL_CORE_MAKE_FUNC(void, foo_freectx, (void *vctx)) - -And here's the implementation of the FOO method fetcher: - - /* typedef struct evp_foo_st EVP_FOO */ - struct evp_foo_st { - OSSL_PROVIDER *prov; - int name_id; - CRYPTO_REF_COUNT refcnt; - OSSL_FUNC_foo_newctx_fn *newctx; - OSSL_FUNC_foo_init_fn *init; - OSSL_FUNC_foo_operate_fn *operate; - OSSL_FUNC_foo_cleanctx_fn *cleanctx; - OSSL_FUNC_foo_freectx_fn *freectx; - }; - - /* - * In this example, we have a public method creator and destructor. - * It's not absolutely necessary, but is in the spirit of OpenSSL. - */ - EVP_FOO *EVP_FOO_meth_from_algorithm(int name_id, - const OSSL_DISPATCH *fns, - OSSL_PROVIDER *prov, - void *data) - { - EVP_FOO *foo = NULL; - - if ((foo = OPENSSL_zalloc(sizeof(*foo))) == NULL) - return NULL; - - foo->name_id = name_id; - - for (; fns->function_id != 0; fns++) { - switch (fns->function_id) { - case OSSL_FUNC_FOO_NEWCTX: - foo->newctx = OSSL_FUNC_foo_newctx(fns); - break; - case OSSL_FUNC_FOO_INIT: - foo->init = OSSL_FUNC_foo_init(fns); - break; - case OSSL_FUNC_FOO_OPERATE: - foo->operate = OSSL_FUNC_foo_operate(fns); - break; - case OSSL_FUNC_FOO_CLEANCTX: - foo->cleanctx = OSSL_FUNC_foo_cleanctx(fns); - break; - case OSSL_FUNC_FOO_FREECTX: - foo->freectx = OSSL_FUNC_foo_freectx(fns); - break; - } - } - foo->prov = prov; - if (prov) - ossl_provider_up_ref(prov); - - return foo; - } - - EVP_FOO_meth_free(EVP_FOO *foo) - { - if (foo != NULL) { - OSSL_PROVIDER *prov = foo->prov; - - OPENSSL_free(foo); - ossl_provider_free(prov); - } - } - - static void *foo_from_algorithm(const OSSL_DISPATCH *fns, - OSSL_PROVIDER *prov) - { - return EVP_FOO_meth_from_algorithm(fns, prov); - } - - static int foo_up_ref(void *vfoo) - { - EVP_FOO *foo = vfoo; - int ref = 0; - - CRYPTO_UP_REF(&foo->refcnt, &ref, foo_lock); - return 1; - } - - static void foo_free(void *vfoo) - { - EVP_FOO_meth_free(vfoo); - } - - EVP_FOO *EVP_FOO_fetch(OSSL_LIB_CTX *ctx, - const char *name, - const char *properties) - { - EVP_FOO *foo = - evp_generic_fetch(ctx, OSSL_OP_FOO, name, properties, - foo_from_algorithm, foo_up_ref, foo_free); - - /* - * If this method exists in legacy form, with a constant NID for the - * given |name|, this is the spot to find that NID and set it in - * the newly constructed EVP_FOO instance. - */ - - return foo; - - } - -And finally, the library functions: - - /* typedef struct evp_foo_st EVP_FOO_CTX */ - struct evp_foo_ctx_st { - const EVP_FOO *foo; - void *provctx; /* corresponding provider context */ - }; - - int EVP_FOO_CTX_reset(EVP_FOO_CTX *c) - { - if (c == NULL) - return 1; - if (c->foo != NULL && c->foo->cleanctx != NULL) - c->foo->cleanctx(c->provctx); - return 1; - } - - EVP_FOO_CTX *EVP_FOO_CTX_new(void) - { - return OPENSSL_zalloc(sizeof(EVP_FOO_CTX)); - } - - void EVP_FOO_CTX_free(EVP_FOO_CTX *c) - { - EVP_FOO_CTX_reset(c); - c->foo->freectx(c->provctx); - OPENSSL_free(c); - } - - int EVP_FooInit(EVP_FOO_CTX *c, const EVP_FOO *foo) - { - int ok = 1; - - c->foo = foo; - if (c->provctx == NULL) - c->provctx = c->foo->newctx(); - - ok = c->foo->init(c->provctx); - - return ok; - } - - int EVP_FooOperate(EVP_FOO_CTX *c, unsigned char *out, size_t *outl, - const unsigned char *in, size_t inl) - { - int ok = 1; - - ok = c->foo->update(c->provctx, out, inl, &outl, in, inl); - return ok; - } - -=head1 SEE ALSO - -L - -=head1 HISTORY - -The functions described here were all added in OpenSSL 3.0. - -=head1 COPYRIGHT - -Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. - -Licensed under the Apache License 2.0 (the "License"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file LICENSE in the source distribution or at -L. - -=cut diff --git a/doc/internal/man3/evp_keymgmt_newdata.pod b/doc/internal/man3/evp_keymgmt_newdata.pod deleted file mode 100644 index 9b3f2c55f160d2a55da43aa890a626ca19475dd1..0000000000000000000000000000000000000000 --- a/doc/internal/man3/evp_keymgmt_newdata.pod +++ /dev/null @@ -1,88 +0,0 @@ -=pod - -=head1 NAME - -evp_keymgmt_newdata, evp_keymgmt_freedata, -evp_keymgmt_get_params, -evp_keymgmt_has, evp_keymgmt_validate, -evp_keymgmt_import, evp_keymgmt_import_types, -evp_keymgmt_export, evp_keymgmt_export_types -- internal KEYMGMT interface functions - -=head1 SYNOPSIS - - #include "crypto/evp.h" - - void *evp_keymgmt_newdata(const EVP_KEYMGMT *keymgmt); - void evp_keymgmt_freedata(const EVP_KEYMGMT *keymgmt, void *keyddata); - int evp_keymgmt_get_params(const EVP_KEYMGMT *keymgmt, - void *keydata, OSSL_PARAM params[]); - - int evp_keymgmt_has(const EVP_KEYMGMT *keymgmt, void *keyddata, int selection); - int evp_keymgmt_validate(const EVP_KEYMGMT *keymgmt, void *keydata, - int selection); - - int evp_keymgmt_import(const EVP_KEYMGMT *keymgmt, void *keydata, - int selection, const OSSL_PARAM params[]); - const OSSL_PARAM *evp_keymgmt_import_types(const EVP_KEYMGMT *keymgmt, - int selection); - int evp_keymgmt_export(const EVP_KEYMGMT *keymgmt, void *keydata, - int selection, OSSL_CALLBACK *param_cb, void *cbarg); - const OSSL_PARAM *evp_keymgmt_export_types(const EVP_KEYMGMT *keymgmt, - int selection); - -=head1 DESCRIPTION - -All these functions are helpers to call the provider's corresponding -function. They all have in common that they take a B as -first argument, which they also retrieve a provider context from when -needed. The rest of the arguments are simply passed on to the -function they wrap around. - -evp_keymgmt_newdata() calls the method's new() function. - -evp_keymgmt_freedata() calls the method's free() function. - -(the name evp_keymgmt_freedata() was chosen to avoid a clash with -EVP_KEYMGMT_free() on case insensitive systems, the name -evp_keymgmt_newdata() was chosen for consistency) - -evp_keymgmt_get_params() calls the method's get_params() function. - -evp_keymgmt_has() calls the method's has() function. - -evp_keymgmt_validate() calls the method's validate() function. - -evp_keymgmt_import() calls the method's import() function. - -evp_keymgmt_import_types() calls the method's import_types() function. - -evp_keymgmt_export() calls the method's export() function. - -evp_keymgmt_export_types() calls the method's export_types() function. - -=head1 RETURN VALUES - -evp_keymgmt_newdata() returns a pointer to a provider side key object, -or NULL on error. - -evp_keymgmt_import_types(), and evp_keymgmt_export_types() return a parameter -descriptor for importing and exporting key data, or NULL if there are no such -descriptors. - -All other functions return 1 on success and 0 on error. - -=head1 HISTORY - -The functions described here were all added in OpenSSL 3.0. - -=head1 COPYRIGHT - -Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. - -Licensed under the Apache License 2.0 (the "License"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file LICENSE in the source distribution or at -L. - -=cut diff --git a/doc/internal/man3/evp_keymgmt_util_export_to_provider.pod b/doc/internal/man3/evp_keymgmt_util_export_to_provider.pod deleted file mode 100644 index 1fee9f6ff9729e7025b1e0643a099b774bc91f10..0000000000000000000000000000000000000000 --- a/doc/internal/man3/evp_keymgmt_util_export_to_provider.pod +++ /dev/null @@ -1,99 +0,0 @@ -=pod - -=head1 NAME - -evp_keymgmt_util_export, -evp_keymgmt_util_export_to_provider, -evp_keymgmt_util_find_operation_cache, -evp_keymgmt_util_clear_operation_cache, -evp_keymgmt_util_cache_keydata, -evp_keymgmt_util_cache_keyinfo, -evp_keymgmt_util_fromdata, -OP_CACHE_ELEM -- internal KEYMGMT utility functions - -=head1 SYNOPSIS - - #include "crypto/evp.h" - - typedef struct OP_CACHE_ELEM; - - int evp_keymgmt_util_export(const EVP_PKEY *pk, int selection, - OSSL_CALLBACK *export_cb, void *export_cbarg); - void *evp_keymgmt_util_export_to_provider(EVP_PKEY *pk, EVP_KEYMGMT *keymgmt); - OP_CACHE_ELEM *evp_keymgmt_util_find_operation_cache(EVP_PKEY *pk, - EVP_KEYMGMT *keymgmt); - int evp_keymgmt_util_clear_operation_cache(EVP_PKEY *pk, int locking); - int evp_keymgmt_util_cache_keydata(EVP_PKEY *pk, - EVP_KEYMGMT *keymgmt, void *keydata); - void evp_keymgmt_util_cache_keyinfo(EVP_PKEY *pk); - void *evp_keymgmt_util_fromdata(EVP_PKEY *target, EVP_KEYMGMT *keymgmt, - int selection, const OSSL_PARAM params[]); - -=head1 DESCRIPTION - -evp_keymgmt_util_export() calls L with the -I and I from I. This is used as a -helper for L. - -evp_keymgmt_util_export_to_provider() exports cached key material -(provider side key material) from the given key I to a provider -via a B interface, if this hasn't already been done. -It maintains a cache of provider key references in I to keep track -of all provider side keys. - -To export a legacy key, use L instead, -as this function ignores any legacy key data. - -evp_keymgmt_util_find_operation_cache() finds -I in I's cache of provided keys for operations. -It should only be called while holding I's lock (read or write). - -evp_keymgmt_util_clear_operation_cache() can be used to explicitly -clear the cache of operation key references. If I is set to 1 then -then I's lock will be obtained while doing the clear. Otherwise it will be -assumed that the lock has already been obtained or is not required. - -evp_keymgmt_util_cache_keydata() can be used to add a provider key -object to a B. - -evp_keymgmt_util_cache_keyinfo() can be used to get all kinds of -information from the provvider "origin" and save it in I's -information cache. - -evp_keymgmt_util_fromdata() can be used to add key object data to a -given key I via a B interface. This is used as a -helper for L. - -=head1 RETURN VALUES - -evp_keymgmt_export_to_provider() and evp_keymgmt_util_fromdata() -return a pointer to the appropriate provider side key (created or -found again), or NULL on error. - -evp_keymgmt_util_find_operation_cache() returns a pointer to the -operation cache slot. If I is NULL, or if there is no slot -with a match for I, NULL is returned. - -evp_keymgmt_util_cache_keydata() and evp_keymgmt_util_clear_operation_cache() -return 1 on success or 0 otherwise. - -=head1 NOTES - -"Legacy key" is the term used for any key that has been assigned to an -B with EVP_PKEY_assign_RSA() and similar functions. - -=head1 SEE ALSO - -L, L - -=head1 COPYRIGHT - -Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. - -Licensed under the Apache License 2.0 (the "License"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file LICENSE in the source distribution or at -L. - -=cut diff --git a/doc/internal/man3/evp_md_get_number.pod b/doc/internal/man3/evp_md_get_number.pod deleted file mode 100644 index 1f913551aad61eeca4ad1e89a6a7d122a3859b4e..0000000000000000000000000000000000000000 --- a/doc/internal/man3/evp_md_get_number.pod +++ /dev/null @@ -1,112 +0,0 @@ -=pod - -=head1 NAME - -ossl_decoder_get_number, evp_md_get_number, evp_cipher_get_number, -evp_mac_get_number, evp_rand_get_number, evp_keymgmt_get_number, -evp_signature_get_number, evp_asym_cipher_get_number, evp_kem_get_number, -evp_keyexch_get_number, evp_kdf_get_number, ossl_encoder_get_number, -ossl_store_loader_get_number - EVP get internal identification numbers - -=head1 SYNOPSIS - - #include "crypto/evp.h" - - int evp_asym_cipher_get_number(const EVP_ASYM_CIPHER *cipher); - int evp_cipher_get_number(const EVP_CIPHER *e); - int evp_kdf_get_number(const EVP_KDF *kdf); - int evp_kem_get_number(const EVP_KEM *kem); - int evp_keyexch_get_number(const EVP_KEYEXCH *exchange); - int evp_keymgmt_get_number(const EVP_KEYMGMT *keymgmt); - int evp_mac_get_number(const EVP_MAC *mac); - int evp_md_get_number(const EVP_MD *md); - int evp_rand_get_number(const EVP_RAND *rand); - int evp_signature_get_number(const EVP_SIGNATURE *signature); - int ossl_decoder_get_number(const OSSL_DECODER *decoder); - int ossl_encoder_get_number(const OSSL_ENCODER *encoder); - int ossl_store_loader_get_number(const OSSL_STORE_LOADER *loader); - -=head1 DESCRIPTION - -All provided algorithms get an associated integer identification number. -This number is dynamic and should be expected to vary from run to run. -These numbers should only be considered to be unique per provider per -library context. - -=over 4 - -=item evp_asym_cipher_get_number() - -Returns the internal dynamic number assigned to I. - -=item evp_cipher_get_number() - -Returns the internal dynamic number assigned to the I. This is only -useful with fetched Bs. - -=item evp_kdf_get_number() - -Keturns the internal dynamic number assigned to I. - -=item evp_kem_get_number() - -Returns the internal dynamic number assigned to I. - -=item evp_keyexch_get_number() - -Returns the internal dynamic number assigned to the I. - -=item evp_keymgmt_get_number() - -Returns the internal dynamic number assigned to the I. - -=item evp_mac_get_number() - -Returns the internal dynamic number assigned to I. - -=item evp_md_get_number() - -Returns the internal dynamic number assigned to the I. This is -only useful with fetched Bs. - -=item evp_rand_get_number() - -Returns the internal dynamic number assigned to I. - -=item evp_signature_get_number() - -Returns the internal dynamic number assigned to I. - -=item ossl_decoder_get_number() - -Returns the internal dynamic number assigned to the given I. - -=item ossl_encoder_get_number() - -Returns the internal dynamic number assigned to the given I. - -=item ossl_store_loader_get_number() - -Returns the internal dynamic number assigned to the given I. - -=back - -=head1 RETURN VALUES - -All of these functions return the provider specific identification number -for the specified algorithm. - -=head1 HISTORY - -This functionality was added to OpenSSL 3.0. - -=head1 COPYRIGHT - -Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. - -Licensed under the Apache License 2.0 (the "License"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file LICENSE in the source distribution or at -L. - -=cut diff --git a/doc/internal/man3/evp_pkey_export_to_provider.pod b/doc/internal/man3/evp_pkey_export_to_provider.pod deleted file mode 100644 index 44efbbe2668f0d0b860a76a9b1740dd9535ad572..0000000000000000000000000000000000000000 --- a/doc/internal/man3/evp_pkey_export_to_provider.pod +++ /dev/null @@ -1,80 +0,0 @@ -=pod - -=head1 NAME - -evp_pkey_export_to_provider, evp_pkey_copy_downgraded, evp_pkey_get_legacy -- internal EVP_PKEY support functions for providers - -=head1 SYNOPSIS - - /* Only for EVP source */ - #include "evp_local.h" - - void *evp_pkey_export_to_provider(EVP_PKEY *pk, OSSL_LIB_CTX *libctx, - EVP_KEYMGMT **keymgmt, - const char *propquery); - int evp_pkey_copy_downgraded(EVP_PKEY **dest, const EVP_PKEY *src); - void *evp_pkey_get_legacy(EVP_PKEY *pk); - -=head1 DESCRIPTION - -This manual uses the term "origin", which is explained in internal -L. - -evp_pkey_export_to_provider() exports the "origin" key contained in I -to its operation cache to make it suitable for an B given either -with I<*keymgmt> or with an implicit fetch using I (NULL means the -default context), the name of the legacy type of I, and the I -(NULL means the default property query settings). - -If I isn't NULL but I<*keymgmt> is, and the "origin" was successfully -exported, then I<*keymgmt> is assigned the implicitly fetched B. - -evp_pkey_copy_downgraded() makes a copy of I in legacy form into I<*dest>, -if there's a corresponding legacy implementation. This should be used if the -use of a downgraded key is temporary. -For example, L uses this to try its -best to get "traditional" PEM output even if the input B has a -provider-native internal key. - -evp_pkey_get_legacy() obtains and returns a legacy key structure. If the -EVP_PKEY already contains a legacy key then it is simply returned. If it is a -provider based key, then a new legacy key is constructed based on the provider -key. The legacy key is cached inside the EVP_PKEY and its value returned from -this function. Subsequent calls to evp_pkey_get_legacy() will return the cached -key. Subsequent changes to the provider key are not reflected back in the -legacy key. Similarly changes to the legacy key are not reflected back in the -provider key. - -=head1 RETURN VALUES - -evp_pkey_export_to_provider() returns the provider key data if there was any -allocated. It also either sets I<*keymgmt> to the B associated -with the returned key data, or NULL on error. - -evp_pkey_get_legacy() returns the legacy key or NULL on error. - -=head1 NOTES - -Some functions calling evp_pkey_export_to_provider() may have received a const -key, and may therefore have to cast the key to non-const form to call this -function. Since B is always dynamically allocated, this is OK. - -=head1 SEE ALSO - -L, L - -=head1 HISTORY - -The functions described here were all added in OpenSSL 3.0. - -=head1 COPYRIGHT - -Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. - -Licensed under the Apache License 2.0 (the "License"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file LICENSE in the source distribution or at -L. - -=cut diff --git a/doc/internal/man3/evp_pkey_get1_ED25519.pod b/doc/internal/man3/evp_pkey_get1_ED25519.pod deleted file mode 100644 index 37b41e4591667ef27f1a615b1fbb9d16577af593..0000000000000000000000000000000000000000 --- a/doc/internal/man3/evp_pkey_get1_ED25519.pod +++ /dev/null @@ -1,43 +0,0 @@ -=pod - -=head1 NAME - -evp_pkey_get1_ED25519, evp_pkey_get1_ED448, -evp_pkey_get1_X25519, evp_pkey_get1_X448 -- internal ECX from EVP_PKEY getter functions - -=head1 SYNOPSIS - - #include "internal/evp.h" - - ECX_KEY *evp_pkey_get1_ED25519(EVP_PKEY *pkey); - ECX_KEY *evp_pkey_get1_ED448(EVP_PKEY *pkey); - ECX_KEY *evp_pkey_get1_X25519(EVP_PKEY *pkey); - ECX_KEY *evp_pkey_get1_X448(EVP_PKEY *pkey); - -=head1 DESCRIPTION - -evp_pkey_get1_ED25519(), evp_pkey_get1_ED448(), evp_pkey_get1_X25519() and -evp_pkey_get1_X448() return the referenced key in I or NULL if the key -is not of the correct type. The returned key must be freed after use. - -=head1 RETURN VALUES - -evp_pkey_get1_ED25519(), evp_pkey_get1_ED448(), evp_pkey_get1_X25519() and -evp_pkey_get1_X448() return the referenced key or NULL if an error -occurred. - -=head1 HISTORY - -This functionality was added to OpenSSL 3.0. - -=head1 COPYRIGHT - -Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. - -Licensed under the Apache License 2.0 (the "License"). You may not use this -file except in compliance with the License. You can obtain a copy in the file -LICENSE in the source distribution or at -L. - -=cut diff --git a/doc/internal/man3/ossl_DER_w_begin_sequence.pod b/doc/internal/man3/ossl_DER_w_begin_sequence.pod deleted file mode 100644 index b78056f6e121c341adbba40c9741d7f775a83187..0000000000000000000000000000000000000000 --- a/doc/internal/man3/ossl_DER_w_begin_sequence.pod +++ /dev/null @@ -1,48 +0,0 @@ -=pod - -=head1 NAME - -ossl_DER_w_begin_sequence, ossl_DER_w_end_sequence -- internal DER writers for DER constructed elements - -=head1 SYNOPSIS - - #include "internal/der.h" - - int ossl_DER_w_begin_sequence(WPACKET *pkt, int tag); - int ossl_DER_w_end_sequence(WPACKET *pkt, int tag); - -=head1 DESCRIPTION - -All functions described here are wrappers for constructed structures, -i.e. the ASN.1 SEQUENCE, SET and CHOICE specifications. They all come -in pairs, as noted by the function names containing the words C -and B. - -When using these, special care must be taken to ensure that the ASN.1 tag -value I is the same in the matching C and C function calls. - -ossl_DER_w_begin_sequence() and ossl_DER_w_end_sequence() begins and ends a -SEQUENCE. - -=head1 RETURN VALUES - -All the functions return 1 on success and 0 on failure. Failure may -mean that the buffer held by the I is too small, but may also -mean that the values given to the functions are invalid, such as the provided -I value being too large for the implementation. - -=head1 SEE ALSO - -L - -=head1 COPYRIGHT - -Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. - -Licensed under the Apache License 2.0 (the "License"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file LICENSE in the source distribution or at -L. - -=cut diff --git a/doc/internal/man3/ossl_DER_w_bn.pod b/doc/internal/man3/ossl_DER_w_bn.pod deleted file mode 100644 index 49644ffd058f96b7703a0dbbc397bc62ce852c35..0000000000000000000000000000000000000000 --- a/doc/internal/man3/ossl_DER_w_bn.pod +++ /dev/null @@ -1,66 +0,0 @@ -=pod - -=head1 NAME - -ossl_DER_w_boolean, ossl_DER_w_uint32, ossl_DER_w_bn, ossl_DER_w_null, -ossl_DER_w_octet_string, ossl_DER_w_octet_string_uint32 -- internal DER writers for DER primitives - -=head1 SYNOPSIS - - #include "internal/der.h" - - int ossl_DER_w_boolean(WPACKET *pkt, int tag, int b); - int ossl_DER_w_uint32(WPACKET *pkt, int tag, uint32_t v); - int ossl_DER_w_bn(WPACKET *pkt, int tag, const BIGNUM *v); - int ossl_DER_w_null(WPACKET *pkt, int tag); - int ossl_DER_w_octet_string(WPACKET *pkt, int tag, - const unsigned char *data, size_t data_n); - int ossl_DER_w_octet_string_uint32(WPACKET *pkt, int tag, uint32_t value); - -=head1 DESCRIPTION - -All functions described here behave the same way, they prepend -(remember that DER writers are used backwards) the DER encoding of -their respective value to the already written output buffer held by -I. - -ossl_DER_w_boolean() writes the primitive BOOLEAN using the value I. -Any value that evaluates as true will render a B BOOLEAN, -otherwise a B BOOLEAN. - -ossl_DER_w_uint32() and ossl_DER_w_bn() both write the primitive INTEGER using -the value I. - -=for comment Other similar functions for diverse C integers should be -added. - -ossl_DER_w_null() writes the primitive NULL. - -ossl_DER_w_octet_string() writes the primitive OCTET STRING using the bytes -from I with a length of I. - -ossl_DER_w_octet_string_uint32() writes the primitive OCTET STRING using a -32 bit value in I. - -=head1 RETURN VALUES - -All the functions return 1 on success and 0 on failure. Failure may -mean that the buffer held by the I is too small, but may also -mean that the values given to the functions are invalid, such as the provided -I value being too large for the implementation. - -=head1 SEE ALSO - -L - -=head1 COPYRIGHT - -Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. - -Licensed under the Apache License 2.0 (the "License"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file LICENSE in the source distribution or at -L. - -=cut diff --git a/doc/internal/man3/ossl_DER_w_precompiled.pod b/doc/internal/man3/ossl_DER_w_precompiled.pod deleted file mode 100644 index aa7fa3930f8907a55d446799e64fa3df9ed19542..0000000000000000000000000000000000000000 --- a/doc/internal/man3/ossl_DER_w_precompiled.pod +++ /dev/null @@ -1,48 +0,0 @@ -=pod - -=head1 NAME - -ossl_DER_w_precompiled -- internal DER writers for precompiled DER blobs - -=head1 SYNOPSIS - - #include "internal/der.h" - - int ossl_DER_w_precompiled(WPACKET *pkt, int tag, - const unsigned char *precompiled, - size_t precompiled_n); - -=head1 DESCRIPTION - -There may be already existing DER blobs that can simply be copied to -the buffer held by I. For example, precompiled values, such as -OIDs (for example, C) or complete AlgorithmIdentifiers -(for example, C). To add those as an element in a -structure being DER encoded, use ossl_DER_w_precompiled(). - -ossl_DER_w_precompiled() will simply take the DER encoded blob given as -I with length I and add it to the buffer -held by I. - -=head1 RETURN VALUES - -ossl_DER_w_precompiled() returns 1 on success and 0 on failure. Failure -may mean that the buffer held by the I is too small, but may also -mean that the values given to the functions are invalid, such as the provided -I value being too large for the implementation. - -=head1 SEE ALSO - -L - -=head1 COPYRIGHT - -Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. - -Licensed under the Apache License 2.0 (the "License"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file LICENSE in the source distribution or at -L. - -=cut diff --git a/doc/internal/man3/ossl_algorithm_do_all.pod b/doc/internal/man3/ossl_algorithm_do_all.pod deleted file mode 100644 index 7a321d492a0463b84de9cfcd771d4b0e47182315..0000000000000000000000000000000000000000 --- a/doc/internal/man3/ossl_algorithm_do_all.pod +++ /dev/null @@ -1,63 +0,0 @@ -=pod - -=head1 NAME - -ossl_algorithm_do_all - generic algorithm implementation iterator - -=head1 SYNOPSIS - - void ossl_algorithm_do_all(OSSL_LIB_CTX *libctx, int operation_id, - OSSL_PROVIDER *provider, - void (*fn)(OSSL_PROVIDER *provider, - const OSSL_ALGORITHM *algo, - int no_store, void *data), - void *data); - -=head1 DESCRIPTION - -ossl_algorithm_do_all() looks up every algorithm it can find, given a -library context I, an operation identity I and a -provider I. -I may be NULL to signify that the default library context should -be used. -I may be zero to signify that all kinds of operations -will be looked up. -I may be NULL to signify that all loaded providers will be -queried. - -For each implementation found, the function I is called with the -I for the implementation, the algorithm descriptor I, -the flag I indicating whether the algorithm descriptor may -be remembered or not, and the caller I that was passed to -ossl_algorithm_do_all(). - -=head1 RETURN VALUES - -ossl_algorithm_do_all() doesn't return any value. - -=head1 NOTES - -The function described here are mainly useful for discovery, and -possibly display of what has been discovered, for example an -application that wants to display the loaded providers and what they -may offer, but also for constructors, such as -L. - -=head1 SEE ALSO - -L, L - -=head1 HISTORY - -This functionality was added to OpenSSL 3.0. - -=head1 COPYRIGHT - -Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. - -Licensed under the Apache License 2.0 (the "License"). You may not use this -file except in compliance with the License. You can obtain a copy in the file -LICENSE in the source distribution or at -L. - -=cut diff --git a/doc/internal/man3/ossl_cmp_X509_STORE_add1_certs.pod b/doc/internal/man3/ossl_cmp_X509_STORE_add1_certs.pod deleted file mode 100644 index 97304ee40d920ac025332ad4316f2c1ff5802420..0000000000000000000000000000000000000000 --- a/doc/internal/man3/ossl_cmp_X509_STORE_add1_certs.pod +++ /dev/null @@ -1,44 +0,0 @@ -=pod - -=head1 NAME - -ossl_cmp_X509_STORE_add1_certs, -ossl_cmp_X509_STORE_get1_certs -- functions manipulating stores of certificates - -=head1 SYNOPSIS - - #include - - int ossl_cmp_X509_STORE_add1_certs(X509_STORE *store, STACK_OF(X509) *certs, - int only_self_signed); - STACK_OF(X509) *ossl_cmp_X509_STORE_get1_certs(X509_STORE *store); - -=head1 DESCRIPTION - -ossl_cmp_X509_STORE_add1_certs() adds all or only self-signed certificates from -the given stack to given store. The I parameter may be NULL. - -ossl_cmp_X509_STORE_get1_certs() retrieves a copy of all certificates in the -given store. - -=head1 RETURN VALUES - -ossl_cmp_X509_STORE_add1_certs() returns 1 on success, 0 on error. - -ossl_cmp_X509_STORE_get1_certs() returns a list of certificates, NULL on error. - -=head1 HISTORY - -The OpenSSL CMP support was added in OpenSSL 3.0. - -=head1 COPYRIGHT - -Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved. - -Licensed under the Apache License 2.0 (the "License"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file LICENSE in the source distribution or at -L. - -=cut diff --git a/doc/internal/man3/ossl_cmp_asn1_octet_string_set1.pod b/doc/internal/man3/ossl_cmp_asn1_octet_string_set1.pod deleted file mode 100644 index a154cda1c989ff115a2bed8685cf7e8e0461eaae..0000000000000000000000000000000000000000 --- a/doc/internal/man3/ossl_cmp_asn1_octet_string_set1.pod +++ /dev/null @@ -1,45 +0,0 @@ -=pod - -=head1 NAME - -ossl_cmp_asn1_octet_string_set1, -ossl_cmp_asn1_octet_string_set1_bytes -- ASN.1 octet string utility functions - -=head1 SYNOPSIS - - #include "cmp_local.h" - - int ossl_cmp_asn1_octet_string_set1(ASN1_OCTET_STRING **tgt, - const ASN1_OCTET_STRING *src); - int ossl_cmp_asn1_octet_string_set1_bytes(ASN1_OCTET_STRING **tgt, - const unsigned char *bytes, int len); - -=head1 DESCRIPTION - -ossl_cmp_asn1_octet_string_set1() frees any previous value of the variable -referenced via the I argument and assigns either a copy of -the ASN1_OCTET_STRING given as the I argument or NULL. - -ossl_cmp_asn1_octet_string_set1_bytes() frees any previous value of the variable -referenced via the I argument and assigns either a copy of the given byte -string (with the given length) or NULL. - -=head1 RETURN VALUES - -All functions return 1 on success, 0 on error. - -=head1 HISTORY - -The OpenSSL CMP support was added in OpenSSL 3.0. - -=head1 COPYRIGHT - -Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved. - -Licensed under the Apache License 2.0 (the "License"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file LICENSE in the source distribution or at -L. - -=cut diff --git a/doc/internal/man3/ossl_cmp_certreq_new.pod b/doc/internal/man3/ossl_cmp_certreq_new.pod deleted file mode 100644 index 068e1b29b9779714fa0d6e655580d51a58d35758..0000000000000000000000000000000000000000 --- a/doc/internal/man3/ossl_cmp_certreq_new.pod +++ /dev/null @@ -1,177 +0,0 @@ -=pod - -=head1 NAME - -ossl_cmp_certreq_new, -ossl_cmp_certrep_new, -ossl_cmp_rr_new, -ossl_cmp_rp_new, -ossl_cmp_certConf_new, -ossl_cmp_pkiconf_new, -ossl_cmp_pollReq_new, -ossl_cmp_pollRep_new, -ossl_cmp_genm_new, -ossl_cmp_genp_new, -ossl_cmp_error_new -- functions for generating CMP messages - -=head1 SYNOPSIS - - #include "cmp_local.h" - - OSSL_ossl_cmp_MSG *ossl_cmp_certreq_new(OSSL_CMP_CTX *ctx, int bodytype, - const OSSL_CRMF_MSG *crm); - OSSL_CMP_MSG *ossl_cmp_certrep_new(OSSL_CMP_CTX *ctx, int bodytype, - int certReqId, const OSSL_CMP_PKISI *si, - X509 *cert, const X509 *encryption_recip, - STACK_OF(X509) *chain, STACK_OF(X509) *caPubs, - int unprotectedErrors); - OSSL_CMP_MSG *ossl_cmp_rr_new(OSSL_CMP_CTX *ctx); - OSSL_CMP_MSG *ossl_cmp_rp_new(OSSL_CMP_CTX *ctx, const OSSL_CMP_PKISI *si, - const OSSL_CRMF_CERTID *cid, - int unprotectedErrors); - OSSL_CMP_MSG *ossl_cmp_certConf_new(OSSL_CMP_CTX *ctx, int fail_info, - const char *text); - OSSL_CMP_MSG *ossl_cmp_pkiconf_new(OSSL_CMP_CTX *ctx); - OSSL_CMP_MSG *ossl_cmp_pollReq_new(OSSL_CMP_CTX *ctx, int crid); - OSSL_CMP_MSG *ossl_cmp_pollRep_new(OSSL_CMP_CTX *ctx, int crid, int poll_after); - OSSL_CMP_MSG *ossl_cmp_genm_new(OSSL_CMP_CTX *ctx); - OSSL_CMP_MSG *ossl_cmp_genp_new(OSSL_CMP_CTX *ctx); - OSSL_CMP_MSG *ossl_cmp_error_new(OSSL_CMP_CTX *ctx, const OSSL_CMP_PKISI *si, - int64_t errorCode, const char *details, - int unprotected); - -=head1 DESCRIPTION - -This is the internal API for creating various CMP PKIMESSAGES. -All functions are based on L. -The allocate a new message, fill it with the relevant data derived from -the given B, and create the applicable protection. - -ossl_cmp_certreq_new() creates a PKIMessage for requesting a certificate, -which can be either of IR/CR/KUR/P10CR, depending on the given I. -The CRMF message to use may be given explicitly via a non-NULL I argument, -otherwise it is created from the information in the I. - -Available CMP certificate request PKIMessage Is are: - -=over 4 - -=item * B - Initialization Request - -=item * B - Certification Request - -=item * B - PKCS#10 Certification Request - -=item * B - Key Update Request - -=back - -ossl_cmp_certrep_new() creates a PKIMessage for certificate response, -which can be either of IP/CP/KUP, depending on the given I, -with the given I and I values and optionally with I, -I, and I. The I, I, and I arguments -are not consumed if present but their internal reference counter is increased. -The I is currently unsupported. -The function does not protect the message if the B value in I -is B and I is nonzero. - -Available CMP certificate response PKIMessage Is are: - -=over 4 - -=item * B - Initialization Response - -=item * B - Certification Response - -=item * B - Key Update Response - -=back - -The list of all CMP PKIMessage Is is: - - #define OSSL_CMP_PKIBODY_IR 0 - #define OSSL_CMP_PKIBODY_IP 1 - #define OSSL_CMP_PKIBODY_CR 2 - #define OSSL_CMP_PKIBODY_CP 3 - #define OSSL_CMP_PKIBODY_P10CR 4 - #define OSSL_CMP_PKIBODY_POPDECC 5 - #define OSSL_CMP_PKIBODY_POPDECR 6 - #define OSSL_CMP_PKIBODY_KRR 9 - #define OSSL_CMP_PKIBODY_KRP 10 - #define OSSL_CMP_PKIBODY_RR 11 - #define OSSL_CMP_PKIBODY_RP 12 - #define OSSL_CMP_PKIBODY_CCR 13 - #define OSSL_CMP_PKIBODY_CCP 14 - #define OSSL_CMP_PKIBODY_CKUANN 15 - #define OSSL_CMP_PKIBODY_CANN 16 - #define OSSL_CMP_PKIBODY_RANN 17 - #define OSSL_CMP_PKIBODY_CRLANN 18 - #define OSSL_CMP_PKIBODY_PKICONF 19 - #define OSSL_CMP_PKIBODY_NESTED 20 - #define OSSL_CMP_PKIBODY_GENM 21 - #define OSSL_CMP_PKIBODY_GENP 22 - #define OSSL_CMP_PKIBODY_ERROR 23 - #define OSSL_CMP_PKIBODY_CERTCONF 24 - #define OSSL_CMP_PKIBODY_POLLREQ 25 - #define OSSL_CMP_PKIBODY_POLLREP 26 - -ossl_cmp_rr_new() creates a Revocation Request message from the -information set via OSSL_CMP_CTX_set1_oldClCert(). - -ossl_cmp_rp_new() creates a Revocation Response message with I and I. -It does not protect the message if the B value in I is B -and I is nonzero. - -ossl_cmp_certConf_new() creates a Certificate Confirmation message for the last -received certificate. PKIStatus defaults to B if the I bit -field is 0. Else it is taken as the failInfo of the PKIStatusInfo, PKIStatus is -set to B, and I is copied to statusString unless it is NULL. - -ossl_cmp_pkiconf_new() creates a PKI Confirmation message. - -ossl_cmp_pollReq_new() creates a Polling Request message with certReqId set to -I. - -ossl_cmp_pollRep_new() creates a Polling Response message with certReqId set to -I and pollAfter to I. - -ossl_cmp_genm_new() creates a new General Message with an empty ITAV stack. - -ossl_cmp_genp_new() creates a new General Response with an empty ITAV stack. - -ossl_cmp_error_new() creates a new Error Message with the given contents -I, I, and optional I
. -If I is positive and in the range of an OpenSSL error code, -the library and reason strings are included in the B field. -If given, the I
are added to the contents of the B field. -The function does not protect the message if I is nonzero. - -=head1 NOTES - -CMP is specified in RFC 4210 (and CRMF in RFC 4211). - -=head1 RETURN VALUES - -All of the functions return a new OSSL_CMP_MSG structure containing -the generated message on success, or NULL on error. - -=head1 SEE ALSO - -L, -L, L - -=head1 HISTORY - -The OpenSSL CMP support was added in OpenSSL 3.0. - -=head1 COPYRIGHT - -Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved. - -Licensed under the Apache License 2.0 (the "License"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file LICENSE in the source distribution or at -L. - -=cut diff --git a/doc/internal/man3/ossl_cmp_ctx_set1_caPubs.pod b/doc/internal/man3/ossl_cmp_ctx_set1_caPubs.pod deleted file mode 100644 index f3c45ed56c65ba7595665988804ca71287ca7e5e..0000000000000000000000000000000000000000 --- a/doc/internal/man3/ossl_cmp_ctx_set1_caPubs.pod +++ /dev/null @@ -1,76 +0,0 @@ -=pod - -=head1 NAME - -ossl_cmp_ctx_set1_caPubs, -ossl_cmp_ctx_set0_validatedSrvCert, -ossl_cmp_ctx_set_status, -ossl_cmp_ctx_set0_statusString, -ossl_cmp_ctx_set_failInfoCode, -ossl_cmp_ctx_set0_newCert, -ossl_cmp_ctx_set1_extraCertsIn, -ossl_cmp_ctx_set1_recipNonce -- internal functions for managing the CMP client context datastructure - -=head1 SYNOPSIS - - #include - - int ossl_cmp_ctx_set1_caPubs(OSSL_CMP_CTX *ctx, STACK_OF(X509) *caPubs); - int ossl_cmp_ctx_set0_validatedSrvCert(OSSL_CMP_CTX *ctx, X509 *cert); - int ossl_cmp_ctx_set_status(OSSL_CMP_CTX *ctx, int status); - int ossl_cmp_ctx_set0_statusString(OSSL_CMP_CTX *ctx, - OSSL_CMP_PKIFREETEXT *text); - int ossl_cmp_ctx_set_failInfoCode(OSSL_CMP_CTX *ctx, int fail_info); - int ossl_cmp_ctx_set0_newCert(OSSL_CMP_CTX *ctx, X509 *cert); - int ossl_cmp_ctx_set1_extraCertsIn(OSSL_CMP_CTX *ctx, - STACK_OF(X509) *extraCertsIn); - int ossl_cmp_ctx_set1_recipNonce(OSSL_CMP_CTX *ctx, - const ASN1_OCTET_STRING *nonce); - -=head1 DESCRIPTION - -ossl_cmp_ctx_set1_caPubs() copies the given stack of CA certificates -to the caPubs field of the context. -The reference counts of those certificates handled successfully are increased. - -ossl_cmp_ctx_set0_validatedSrvCert() sets the validatedSrvCert of the context, -which caches any already validated server cert, or NULL if not available. - -ossl_cmp_ctx_set_status() sets the status field of the context. - -ossl_cmp_ctx_set0_statusString() sets the statusString field of the context. - -ossl_cmp_ctx_set_failInfoCode() sets the error code bits in the failInfoCode -field of the context based on the given OSSL_CMP_PKIFAILUREINFO structure. - -ossl_cmp_ctx_set0_newCert() sets the given (newly enrolled) certificate -in the context. - -ossl_cmp_ctx_set1_extraCertsIn() sets the extraCertsIn field of the context. -The reference counts of those certificates handled successfully are increased. - -ossl_cmp_ctx_set1_recipNonce() sets the given recipient nonce in the context. - -=head1 NOTES - -CMP is defined in RFC 4210 (and CRMF in RFC 4211). - -=head1 RETURN VALUES - -All functions return 1 on success, 0 on error. - -=head1 HISTORY - -The OpenSSL CMP support was added in OpenSSL 3.0. - -=head1 COPYRIGHT - -Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved. - -Licensed under the Apache License 2.0 (the "License"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file LICENSE in the source distribution or at -L. - -=cut diff --git a/doc/internal/man3/ossl_cmp_hdr_init.pod b/doc/internal/man3/ossl_cmp_hdr_init.pod deleted file mode 100644 index a0804aa4cf2a46dcc7ce3355f300e2ff2bdac68c..0000000000000000000000000000000000000000 --- a/doc/internal/man3/ossl_cmp_hdr_init.pod +++ /dev/null @@ -1,151 +0,0 @@ -=pod - -=head1 NAME - -ossl_cmp_hdr_set_pvno, -ossl_cmp_hdr_get_pvno, -ossl_cmp_hdr_get_protection_nid, -ossl_cmp_hdr_get0_sendernonce, -ossl_cmp_general_name_is_NULL_DN, -ossl_cmp_hdr_set1_sender, -ossl_cmp_hdr_set1_recipient, -ossl_cmp_hdr_update_messagetime, -ossl_cmp_hdr_set1_senderKID, -ossl_cmp_hdr_push0_freeText, -ossl_cmp_hdr_push1_freeText, -ossl_cmp_hdr_generalinfo_item_push0, -ossl_cmp_hdr_generalinfo_items_push1, -ossl_cmp_hdr_set_implicitConfirm, -ossl_cmp_hdr_has_implicitConfirm, -ossl_cmp_hdr_set_transactionID, -ossl_cmp_hdr_init -- functions handling CMP message headers - -=head1 SYNOPSIS - - #include "cmp_local.h" - - int ossl_cmp_hdr_set_pvno(OSSL_CMP_PKIHEADER *hdr, int pvno); - int ossl_cmp_hdr_get_pvno(const OSSL_CMP_PKIHEADER *hdr); - int ossl_cmp_hdr_get_protection_nid(const OSSL_CMP_PKIHEADER *hdr); - ASN1_OCTET_STRING - *ossl_cmp_hdr_get0_sendernonce(const OSSL_CMP_PKIHEADER *hdr); - int ossl_cmp_general_name_is_NULL_DN(GENERAL_NAME *name); - - int ossl_cmp_hdr_set1_sender(OSSL_CMP_PKIHEADER *hdr, const X509_NAME *nm); - int ossl_cmp_hdr_set1_recipient(OSSL_CMP_PKIHEADER *hdr, const X509_NAME *nm); - int ossl_cmp_hdr_update_messagetime(OSSL_CMP_PKIHEADER *hdr); - int ossl_cmp_hdr_set1_senderKID(OSSL_CMP_PKIHEADER *hdr, - const ASN1_OCTET_STRING *senderKID); - int ossl_cmp_hdr_generalinfo_item_push0(OSSL_CMP_PKIHEADER *hdr, - OSSL_CMP_ITAV *itav); - int ossl_cmp_hdr_generalinfo_items_push1(OSSL_CMP_PKIHEADER *hdr, - STACK_OF(OSSL_CMP_ITAV) *itavs); - int ossl_cmp_hdr_push0_freeText(OSSL_CMP_PKIHEADER *hdr, - ASN1_UTF8STRING *text); - int ossl_cmp_hdr_push1_freeText(OSSL_CMP_PKIHEADER *hdr, - ASN1_UTF8STRING *text); - int ossl_cmp_hdr_set_implicitConfirm(OSSL_CMP_PKIHEADER *hdr); - int ossl_cmp_hdr_has_implicitConfirm(OSSL_CMP_PKIHEADER *hdr); - int ossl_cmp_hdr_set_transactionID(OSSL_CMP_CTX *ctx, OSSL_CMP_PKIHEADER *hdr); - int ossl_cmp_hdr_init(OSSL_CMP_CTX *ctx, OSSL_CMP_PKIHEADER *hdr); - -=head1 DESCRIPTION - -ossl_cmp_hdr_set_pvno() sets hdr->pvno to the given B. - -ossl_cmp_hdr_get_pvno() returns the pvno of the given B or -1 on error. - -ossl_cmp_hdr_get_protection_nid returns the NID of the protection algorithm -in B or NID_undef on error. - -ossl_cmp_hdr_get0_sendernonce() returns the sender nonce of the given PKIHeader. - -ossl_cmp_general_name_is_NULL_DN() determines if the given GENERAL_NAME -is the NULL-DN. - -ossl_cmp_hdr_set1_sender() sets the sender field in the given PKIHeader -to the given X509 Name value, without consuming the pointer. - -ossl_cmp_hdr_set1_recipient() sets the recipient field in the given -PKIHeader to the given X509 Name value, without consuming the pointer. -If B is NULL, recipient is set to the NULL DN (the empty list of strings). - -ossl_cmp_hdr_update_messagetime() (re-)sets the messageTime to the current -system time. As written in RFC 4210, section 5.1.1: -The messageTime field contains the time at which the sender created the message. -This may be useful to allow end entities to correct/check their local time for -consistency with the time on a central system. - -ossl_cmp_hdr_set1_senderKID() Sets hdr->senderKID to the given string. -In an PBMAC-protected IR this usually is a reference number issued by the CA, -else the subject key ID of the sender's protecting certificate. - -ossl_cmp_hdr_push0_freeText() pushes an ASN1_UTF8STRING to -hdr->freeText and consumes the given pointer. - -ossl_cmp_hdr_push1_freeText() pushes an ASN1_UTF8STRING to -hdr->freeText and does not consume the pointer. - -ossl_cmp_hdr_generalinfo_item_push0() adds the given InfoTypeAndValue -item to the hdr->generalInfo stack. Consumes the B pointer. - -ossl_cmp_hdr_generalinfo_items_push1() adds a copy of the B stack to -the generalInfo field of PKIheader of the B. Does not consume the B -pointer. - -ossl_cmp_hdr_set_implicitConfirm() sets implicitConfirm in the generalInfo field -of the PKIMessage header. - -ossl_cmp_hdr_has_implicitConfirm() returns 1 if implicitConfirm is -set int generalInfo field of the given PKIMessage header, 0 if not. - -ossl_cmp_hdr_set_transactionID() sets the B field in C. -In case ctx->transactionID is NULL, it starts a new transaction -by creating and storing a new random valuee with 128 bits length. - -ossl_cmp_hdr_init() initializes a PKIHeader structure based on the -values in the given OSSL_CMP_CTX structure. -This starts a new transaction in case ctx->transactionID is NULL. -The sender name is copied from the subject of the client cert, if any, -or else from the subject name provided for certification requests. -As required by RFC 4210 section 5.1.1., if the sender name is not known -to the client it set to the NULL-DN. In this case for identification at least -the senderKID must be set, which we take from any referenceValue provided. - -=head1 NOTES - -CMP is defined in RFC 4210 (and CRMF in RFC 4211). - -=head1 RETURN VALUES - -ossl_cmp_hdr_get_pvno() returns the pvno of the given B or -1 on error. - -ossl_cmp_hdr_get_protection_nid returns the respective NID, NID_undef on error. - -ossl_cmp_hdr_get0_sendernonce() returns the respective nonce, or NULL. - -ossl_cmp_general_name_is_NULL_DN() returns 1 given a NULL-DN, else 0. - -All other functions return 1 on success, 0 on error. - -See the individual functions above. - -=head1 SEE ALSO - -L - -=head1 HISTORY - -The OpenSSL CMP support was added in OpenSSL 3.0. - -=head1 COPYRIGHT - -Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved. - -Licensed under the Apache License 2.0 (the "License"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file LICENSE in the source distribution or at -L. - -=cut diff --git a/doc/internal/man3/ossl_cmp_mock_srv_new.pod b/doc/internal/man3/ossl_cmp_mock_srv_new.pod deleted file mode 100644 index 837ca06bb34c9b34ab892edafb2a6607064129d4..0000000000000000000000000000000000000000 --- a/doc/internal/man3/ossl_cmp_mock_srv_new.pod +++ /dev/null @@ -1,87 +0,0 @@ -=pod - -=head1 NAME - -ossl_cmp_mock_srv_new, -ossl_cmp_mock_srv_free, -ossl_cmp_mock_srv_set1_certOut, -ossl_cmp_mock_srv_set1_chainOut, -ossl_cmp_mock_srv_set1_caPubsOut, -ossl_cmp_mock_srv_set_statusInfo, -ossl_cmp_mock_srv_set_send_error, -ossl_cmp_mock_srv_set_pollCount, -ossl_cmp_mock_srv_set_checkAfterTime -- functions used for testing with CMP mock server - -=head1 SYNOPSIS - - #include "apps/cmp_mock_srv.h" - - OSSL_CMP_SRV_CTX *ossl_cmp_mock_srv_new(OSSL_LIB_CTX *libctx, const char *propq); - void ossl_cmp_mock_srv_free(OSSL_CMP_SRV_CTX *srv_ctx); - - int ossl_cmp_mock_srv_set1_certOut(OSSL_CMP_SRV_CTX *srv_ctx, X509 *cert); - int ossl_cmp_mock_srv_set1_chainOut(OSSL_CMP_SRV_CTX *srv_ctx, - STACK_OF(X509) *chain); - int ossl_cmp_mock_srv_set1_caPubsOut(OSSL_CMP_SRV_CTX *srv_ctx, - STACK_OF(X509) *caPubs); - int ossl_cmp_mock_srv_set_statusInfo(OSSL_CMP_SRV_CTX *srv_ctx, int status, - int fail_info, const char *text); - int ossl_cmp_mock_srv_set_send_error(OSSL_CMP_SRV_CTX *srv_ctx, int val); - int ossl_cmp_mock_srv_set_pollCount(OSSL_CMP_SRV_CTX *srv_ctx, int count); - int ossl_cmp_mock_srv_set_checkAfterTime(OSSL_CMP_SRV_CTX *srv_ctx, int sec); - -=head1 DESCRIPTION - -ossl_cmp_mock_srv_new() allocates the contexts for the CMP mock server -associated with the library context I and property query string -I, both of which may be NULL to select the defaults. - -ossl_cmp_mock_srv_free() deallocates the contexts for the CMP mock server. - -OSSL_CMP_SRV_CTX_set1_certOut() sets the certificate to be returned in -cp/ip/kup. - -OSSL_CMP_SRV_CTX_set1_chainOut() sets the certificate chain to be added to -the extraCerts in a cp/ip/kup. -It should to useful to validate B. - -OSSL_CMP_SRV_CTX_set1_caPubsOut() sets the caPubs to be returned in an ip. - -OSSL_CMP_SRV_CTX_set_statusInfo() sets the status info to be returned. - -OSSL_CMP_SRV_CTX_set_send_error() enables enforcement of error responses. - -OSSL_CMP_SRV_CTX_set_pollCount() sets the number of polls before cert response. - -OSSL_CMP_SRV_CTX_set_checkAfterTime() sets the number of seconds -the client should wait for the next poll. - - -=head1 NOTES - -CMP is defined in RFC 4210 (and CRMF in RFC 4211). - -=head1 RETURN VALUES - -ossl_cmp_mock_srv() returns a B structure on success, -NULL on error. - -ossl_cmp_mock_srv_free() does not return a value. - -All other functions return 1 on success, 0 on error. - -=head1 HISTORY - -The OpenSSL CMP support was added in OpenSSL 3.0. - -=head1 COPYRIGHT - -Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved. - -Licensed under the Apache License 2.0 (the "License"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file LICENSE in the source distribution or at -L. - -=cut diff --git a/doc/internal/man3/ossl_cmp_msg_check_update.pod b/doc/internal/man3/ossl_cmp_msg_check_update.pod deleted file mode 100644 index 4e7a9224afddd1757f06a205c30ea4fe10692804..0000000000000000000000000000000000000000 --- a/doc/internal/man3/ossl_cmp_msg_check_update.pod +++ /dev/null @@ -1,95 +0,0 @@ -=pod - -=head1 NAME - -ossl_cmp_allow_unprotected_cb_t, -ossl_cmp_msg_check_update -- generic checks on a received CMP message, updating the context - -=head1 SYNOPSIS - - #include "cmp_local.h" - - typedef int (*ossl_cmp_allow_unprotected_cb_t)(const OSSL_CMP_CTX *ctx, - const OSSL_CMP_MSG *msg, - int invalid_protection, int arg); - - int ossl_cmp_msg_check_update(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg, - ossl_cmp_allow_unprotected_cb_t cb, int cb_arg); - -=head1 DESCRIPTION - -ossl_cmp_msg_check_update() does all generic checks on the given message B, -which may be a server response or a request by some client, -and updates the B accordingly. - -The B is checked for the following: - -=over 4 - -=item its sender is of appropriate type (currently only B) - and matches any expected sender or srvCert subject given in B, - -=item its protection is present and valid (or a callback function B -is present and indicates that a missing or invalid protection is acceptable), - -=item its CMP protocol version is acceptable, namely B, - -=item its body type is valid, - -=item its transaction ID matches any transaction ID given in B, and - -=item its recipNonce matches any senderNonce given in B. - -=back - -In case no protection is present and B is not NULL then this callback -function is called with its B parameter being 0, while in -case an invalid protection is present the B parameter is 1. -The callback is passed also the arguments B, B, and -(which typically contains the expected message type). -The callback should return 1 on acceptance, 0 on rejection, or -1 on error. -It should not put an error on the error stack since this could be misleading. - -ossl_cmp_msg_check_update() adds all extraCerts contained in the to -the list of untrusted certificates in B such that they are already usable -for OSSL_CMP_validate_msg(), which is called internally, and for future use. -Thus they are available also to the certificate confirmation callback, and the -peer does not need to send them again (at least not in the same transaction). -Note that it does not help validating the message before storing the extraCerts -because they are not part of the protected portion of the message anyway. -For efficiency, the extraCerts are prepended to the list so they get used first. - -If all checks pass then ossl_cmp_msg_check_update() -records in B the senderNonce of the received message as the new recipNonce -and learns the transaction ID if none is currently present in B. - -Moreover, according to RFC 4210 section 5.3.2, if the message protection is -PBM-based then any certificates in the caPubs field are added to the list of -trusted certificates (if set via L). -This way these certs are available for validating subsequent messages in the -same context and could apply to any Polling Response (pollRep), error, or PKI -Confirmation (PKIConf) messages following in the same or future transactions. - -=head1 RETURN VALUES - -ossl_cmp_msg_check_update() returns 1 on success, -1 on error. - -=head1 SEE ALSO - -L - -=head1 HISTORY - -The OpenSSL CMP support was added in OpenSSL 3.0. - -=head1 COPYRIGHT - -Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved. - -Licensed under the Apache License 2.0 (the "License"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file LICENSE in the source distribution or at -L. - -=cut diff --git a/doc/internal/man3/ossl_cmp_msg_create.pod b/doc/internal/man3/ossl_cmp_msg_create.pod deleted file mode 100644 index d4294d3e9fa65cf667d83782d8c3c3729ca081c8..0000000000000000000000000000000000000000 --- a/doc/internal/man3/ossl_cmp_msg_create.pod +++ /dev/null @@ -1,134 +0,0 @@ -=pod - -=head1 NAME - -OSSL_CMP_PKIBODY_IR, -OSSL_CMP_PKIBODY_IP, -OSSL_CMP_PKIBODY_CR, -OSSL_CMP_PKIBODY_CP, -OSSL_CMP_PKIBODY_P10CR, -OSSL_CMP_PKIBODY_POPDECC, -OSSL_CMP_PKIBODY_POPDECR, -OSSL_CMP_PKIBODY_KUR, -OSSL_CMP_PKIBODY_KUP, -OSSL_CMP_PKIBODY_KRR, -OSSL_CMP_PKIBODY_KRP, -OSSL_CMP_PKIBODY_RR, -OSSL_CMP_PKIBODY_RP, -OSSL_CMP_PKIBODY_CCR, -OSSL_CMP_PKIBODY_CCP, -OSSL_CMP_PKIBODY_CKUANN, -OSSL_CMP_PKIBODY_CANN, -OSSL_CMP_PKIBODY_RANN, -OSSL_CMP_PKIBODY_CRLANN, -OSSL_CMP_PKIBODY_PKICONF, -OSSL_CMP_PKIBODY_NESTED, -OSSL_CMP_PKIBODY_GENM, -OSSL_CMP_PKIBODY_GENP, -OSSL_CMP_PKIBODY_ERROR, -OSSL_CMP_PKIBODY_CERTCONF, -OSSL_CMP_PKIBODY_POLLREQ, -OSSL_CMP_PKIBODY_POLLREP, -ossl_cmp_bodytype_to_string, -ossl_cmp_msg_get_bodytype, -ossl_cmp_msg_set_bodytype, -ossl_cmp_msg_create, -ossl_cmp_msg_gen_ITAV_push0, -ossl_cmp_msg_gen_ITAVs_push1 -- functions handling CMP messages - -=head1 SYNOPSIS - - #include "cmp_local.h" - - #define OSSL_CMP_PKIBODY_IR 0 - #define OSSL_CMP_PKIBODY_IP 1 - #define OSSL_CMP_PKIBODY_CR 2 - #define OSSL_CMP_PKIBODY_CP 3 - #define OSSL_CMP_PKIBODY_P10CR 4 - #define OSSL_CMP_PKIBODY_POPDECC 5 - #define OSSL_CMP_PKIBODY_POPDECR 6 - #define OSSL_CMP_PKIBODY_KUR 7 - #define OSSL_CMP_PKIBODY_KUP 8 - #define OSSL_CMP_PKIBODY_KRR 9 - #define OSSL_CMP_PKIBODY_KRP 10 - #define OSSL_CMP_PKIBODY_RR 11 - #define OSSL_CMP_PKIBODY_RP 12 - #define OSSL_CMP_PKIBODY_CCR 13 - #define OSSL_CMP_PKIBODY_CCP 14 - #define OSSL_CMP_PKIBODY_CKUANN 15 - #define OSSL_CMP_PKIBODY_CANN 16 - #define OSSL_CMP_PKIBODY_RANN 17 - #define OSSL_CMP_PKIBODY_CRLANN 18 - #define OSSL_CMP_PKIBODY_PKICONF 19 - #define OSSL_CMP_PKIBODY_NESTED 20 - #define OSSL_CMP_PKIBODY_GENM 21 - #define OSSL_CMP_PKIBODY_GENP 22 - #define OSSL_CMP_PKIBODY_ERROR 23 - #define OSSL_CMP_PKIBODY_CERTCONF 24 - #define OSSL_CMP_PKIBODY_POLLREQ 25 - #define OSSL_CMP_PKIBODY_POLLREP 26 - - const char *ossl_cmp_bodytype_to_string(int type); - int ossl_cmp_msg_get_bodytype(const OSSL_CMP_MSG *msg); - int ossl_cmp_msg_set_bodytype( OSSL_CMP_MSG *msg, int type); - OSSL_CMP_MSG *ossl_cmp_msg_create(OSSL_CMP_CTX *ctx, int bodytype); - int ossl_cmp_msg_gen_ITAV_push0(OSSL_CMP_MSG *msg, OSSL_CMP_ITAV *itav); - int ossl_cmp_msg_gen_ITAVs_push1(OSSL_CMP_MSG *msg, - STACK_OF(OSSL_CMP_ITAV) *itavs); - -=head1 DESCRIPTION - -ossl_cmp_bodytype_to_string() returns the name of the given body type as string, -or "illegal body type" on error. - -ossl_cmp_msg_get_bodytype() returns the body type of the given PKIMessage, -or -1 on error. - -ossl_cmp_msg_set_bodytype() sets the type of the message contained in -the PKIMessage body field. -Returns 1 on success, 0 on error. - -ossl_cmp_msg_create() creates and initializes an B structure, -using fields of B for the header and B for the body. -If the current B field in I indicates that there is no -current transaction, it creates and stores a random one with 128 bits length. -Thus, the I may be modified by this and related ossl_cmp_*_new() functions. -Returns pointer to created B on success, NULL on error. - -ossl_cmp_msg_gen_ITAV_push0() pushes the B to the body of the -PKIMessage B of GenMsg or GenRep type. Consumes the B pointer. -Returns 1 on success, 0 on error. - -ossl_cmp_msg_gen_ITAVs_push1() adds a copy of the B stack to the body -of the PKIMessage B of GenMsg or GenRep type. -Does not consume the B pointer nor its elements. -Returns 1 on success, 0 on error. - -=head1 NOTES - -CMP is defined in RFC 4210 (and CRMF in RFC 4211). - -=head1 RETURN VALUES - -See the individual functions above. - -=head1 SEE ALSO - -L, -L, L - -=head1 HISTORY - -The OpenSSL CMP support was added in OpenSSL 3.0. - -=head1 COPYRIGHT - -Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved. - -Licensed under the Apache License 2.0 (the "License"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file LICENSE in the source distribution or at -L. - -=cut diff --git a/doc/internal/man3/ossl_cmp_msg_protect.pod b/doc/internal/man3/ossl_cmp_msg_protect.pod deleted file mode 100644 index ae7771280763e31fedda14b02e5350a4e0608612..0000000000000000000000000000000000000000 --- a/doc/internal/man3/ossl_cmp_msg_protect.pod +++ /dev/null @@ -1,62 +0,0 @@ -=pod - -=head1 NAME - -ossl_cmp_calc_protection, -ossl_cmp_msg_protect, -ossl_cmp_msg_add_extraCerts -- functions for producing CMP message protection - -=head1 SYNOPSIS - - #include "cmp_local.h" - - ASN1_BIT_STRING *ossl_cmp_calc_protection(const OSSL_CMP_CTX *ctx, - const OSSL_CMP_MSG *msg); - int ossl_cmp_msg_protect(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg); - int ossl_cmp_msg_add_extraCerts(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg); - -=head1 DESCRIPTION - -ossl_cmp_calc_protection() calculates the protection for the given I -according to the algorithm and parameters in the message header's protectionAlg -using the credentials, library context, and property criteria in the I. - -ossl_cmp_msg_protect() (re-)protects the given message I using an algorithm -depending on the available context information given in the I. -If there is a secretValue it selects PBMAC, else if there is a protection cert -it selects Signature and uses L. -It also sets the protectionAlg field in the message header accordingly. - -ossl_cmp_msg_add_extraCerts() adds elements to the extraCerts field in I. -If signature-based message protection is used it adds first the CMP signer cert -ctx->cert and then its chain ctx->chain. If this chain is not present in I -tries to build it using ctx->untrusted and caches the result in ctx->chain. -In any case all the certificates explicitly specified to be sent out (i.e., -IextraCertsOut>) are added. Note that it will NOT add the root certificate -of the chain, i.e, the trust anchor (unless it is part of extraCertsOut). - -=head1 NOTES - -CMP is defined in RFC 4210 (and CRMF in RFC 4211). - -=head1 RETURN VALUES - -ossl_cmp_calc_protection() returns the protection on success, else NULL. - -All other functions return 1 on success, 0 on error. - -=head1 HISTORY - -The OpenSSL CMP support was added in OpenSSL 3.0. - -=head1 COPYRIGHT - -Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved. - -Licensed under the Apache License 2.0 (the "License"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file LICENSE in the source distribution or at -L. - -=cut diff --git a/doc/internal/man3/ossl_cmp_pkisi_get_status.pod b/doc/internal/man3/ossl_cmp_pkisi_get_status.pod deleted file mode 100644 index 21f6f90b39d3de1e925f50d57d4729c7bdfa64da..0000000000000000000000000000000000000000 --- a/doc/internal/man3/ossl_cmp_pkisi_get_status.pod +++ /dev/null @@ -1,99 +0,0 @@ -=pod - -=head1 NAME - -ossl_cmp_certresponse_get1_cert, -ossl_cmp_pkisi_get_status, -ossl_cmp_PKIStatus_to_string, -ossl_cmp_pkisi_get0_statusString, -ossl_cmp_pkisi_get_pkifailureinfo, -ossl_cmp_pkisi_check_pkifailureinfo -- functions for managing PKI status information - -=head1 SYNOPSIS - - #include "cmp.h" - -# define OSSL_CMP_PKIFAILUREINFO_badAlg 0 -# define OSSL_CMP_PKIFAILUREINFO_badMessageCheck 1 -# define OSSL_CMP_PKIFAILUREINFO_badRequest 2 -# define OSSL_CMP_PKIFAILUREINFO_badTime 3 -# define OSSL_CMP_PKIFAILUREINFO_badCertId 4 -# define OSSL_CMP_PKIFAILUREINFO_badDataFormat 5 -# define OSSL_CMP_PKIFAILUREINFO_wrongAuthority 6 -# define OSSL_CMP_PKIFAILUREINFO_incorrectData 7 -# define OSSL_CMP_PKIFAILUREINFO_missingTimeStamp 8 -# define OSSL_CMP_PKIFAILUREINFO_badPOP 9 -# define OSSL_CMP_PKIFAILUREINFO_certRevoked 10 -# define OSSL_CMP_PKIFAILUREINFO_certConfirmed 11 -# define OSSL_CMP_PKIFAILUREINFO_wrongIntegrity 12 -# define OSSL_CMP_PKIFAILUREINFO_badRecipientNonce 13 -# define OSSL_CMP_PKIFAILUREINFO_timeNotAvailable 14 -# define OSSL_CMP_PKIFAILUREINFO_unacceptedPolicy 15 -# define OSSL_CMP_PKIFAILUREINFO_unacceptedExtension 16 -# define OSSL_CMP_PKIFAILUREINFO_addInfoNotAvailable 17 -# define OSSL_CMP_PKIFAILUREINFO_badSenderNonce 18 -# define OSSL_CMP_PKIFAILUREINFO_badCertTemplate 19 -# define OSSL_CMP_PKIFAILUREINFO_signerNotTrusted 20 -# define OSSL_CMP_PKIFAILUREINFO_transactionIdInUse 21 -# define OSSL_CMP_PKIFAILUREINFO_unsupportedVersion 22 -# define OSSL_CMP_PKIFAILUREINFO_notAuthorized 23 -# define OSSL_CMP_PKIFAILUREINFO_systemUnavail 24 -# define OSSL_CMP_PKIFAILUREINFO_systemFailure 25 -# define OSSL_CMP_PKIFAILUREINFO_duplicateCertReq 26 -# define OSSL_CMP_PKIFAILUREINFO_MAX 26 - - X509 *ossl_cmp_certresponse_get1_cert(const OSSL_CMP_CERTRESPONSE *crep, - const OSSL_CMP_CTX *ctx, EVP_PKEY *pkey); - int ossl_cmp_pkisi_get_status(const OSSL_CMP_PKISI *si); - const char *ossl_cmp_PKIStatus_to_string(int status); - OSSL_CMP_PKIFREETEXT *ossl_cmp_pkisi_get0_statusString(const OSSL_CMP_PKISI *si); - int ossl_cmp_pkisi_get_pkifailureinfo(const OSSL_CMP_PKISI *si); - int ossl_cmp_pkisi_check_pkifailureinfo(const OSSL_CMP_PKISI *si, int index); - -=head1 DESCRIPTION - -ossl_cmp_certresponse_get1_cert() returns a pointer to a copy of the newly -enrolled certificate from the given certResponse I, or NULL on error. -In case of indirect POPO uses data from the I and the private key I. - -ossl_cmp_pkisi_get_status() returns the PKIStatus of I, or -1 on error. - -ossl_cmp_PKIStatus_to_string() returns a human-readable string representing -the PKIStatus values as specified in RFC 4210, Appendix F. - -ossl_cmp_pkisi_get0_statusString() returns a direct pointer to the statusString -field contained in I. - -ossl_cmp_pkisi_get_pkifailureinfo() returns the PKIFailureInfo bits -of I, encoded as integer, or -1 on error. - -ossl_cmp_pkisi_check_pkifailureinfo() returns the state of the bit (0 or 1) -with index I in the PKIFailureInfo of the I, or -1 on error. - -=head1 NOTES - -CMP is defined in RFC 4210 (and CRMF in RFC 4211). - -=head1 RETURN VALUES - -See the individual functions above. - -=head1 SEE ALSO - -L, L - -=head1 HISTORY - -The OpenSSL CMP support was added in OpenSSL 3.0. - -=head1 COPYRIGHT - -Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved. - -Licensed under the Apache License 2.0 (the "License"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file LICENSE in the source distribution or at -L. - -=cut diff --git a/doc/internal/man3/ossl_cmp_print_log.pod b/doc/internal/man3/ossl_cmp_print_log.pod deleted file mode 100644 index f4384402e584aa694b97ad09709746eb7e088bee..0000000000000000000000000000000000000000 --- a/doc/internal/man3/ossl_cmp_print_log.pod +++ /dev/null @@ -1,108 +0,0 @@ -=pod - -=head1 NAME - -ossl_cmp_print_log, -ossl_cmp_alert, -ossl_cmp_err, -ossl_cmp_warn, -ossl_cmp_info, -ossl_cmp_debug, -ossl_cmp_log, -ossl_cmp_log1, -ossl_cmp_log2, -ossl_cmp_log3, -ossl_cmp_log4, -ossl_cmp_log_parse_metadata, -ossl_cmp_add_error_data, -ossl_cmp_add_error_line -- logging and error reporting support for CMP - -=head1 SYNOPSIS - - #include "cmp_local.h" - - int ossl_cmp_print_log(OSSL_CMP_severity level, const OSSL_CMP_CTX *ctx, - const char *func, const char *file, int line, - const char *level_str, const char *format, ...); - #define ossl_cmp_alert(ctx, msg) - #define ossl_cmp_err(ctx, msg) - #define ossl_cmp_warn(ctx, msg) - #define ossl_cmp_info(ctx, msg) - #define ossl_cmp_debug(ctx, (msg) - #define ossl_cmp_log(level, ctx, msg) - #define ossl_cmp_log1(level, ctx, fmt, arg1) - #define ossl_cmp_log2(level, ctx, fmt, arg1, arg2) - #define ossl_cmp_log3(level, ctx, fmt, arg1, arg2, arg3) - #define ossl_cmp_log4(level, ctx, fmt, arg1, arg2, arg3, arg4) - const char *ossl_cmp_log_parse_metadata(const char *buf, - OSSL_CMP_severity *level, char **func, - char **file, int *line); - - #define ossl_cmp_add_error_data(txt) - #define ossl_cmp_add_error_line(txt) - -=head1 DESCRIPTION - -ossl_cmp_print_log() prints CMP log messages (i.e., diagnostic info) via the -log callback of the B if present and the severity level is sufficient. -If the trace API if enabled the function uses it, prepending the function name, -filename, line number, and severity information to the message being output. -In any case the B, B, B, and B parameters -and the message constructed using the given B and variable further -argument list are passed to the log callback function (unless it is NULL). -The B, B, B, and B arguments may be NULL. - -ossl_cmp_alert(), ossl_cmp_err(), ossl_cmp_warn(), ossl_cmp_info(), and -ossl_cmp_debug() output a simple alert/error/warning/info/debug message -via ossl_cmp_print_log(). - -ossl_cmp_log(), ossl_cmp_log1(), ossl_cmp_log2(), ossl_cmp_log3(), and -ossl_cmp_log4() output a log message with the given severity, -constructing the message text from the given format and arguments. - -ossl_cmp_log_parse_metadata() parses the given message buffer I populated -by ossl_cmp_log() etc. -according to the pattern OSSL_CMP_LOG_START#level ": %s\n", filling in -the variable pointed to by I with the severity level or -1, -the variable pointed to by I with the function name string or NULL, -the variable pointed to by I with the filename string or NULL, and -the variable pointed to by I with the line number or -1. -Any string returned via I<*func> and I<*file> must be freed by the caller. - -ossl_cmp_add_error_data() is a macro calling -L with the separator being ":". - -ossl_cmp_add_error_line() is a macro calling -L with the separator being "\n". - -=head1 RETURN VALUES - -ossl_cmp_log_parse_metadata() returns the pointer to the actual message text -after the OSSL_CMP_LOG_PREFIX and level and ':' if found in the buffer, -else the beginning of the buffer. - -ossl_cmp_add_error_data() and -ossl_cmp_add_error_line() -do not return anything. - -All other functions return 1 on success, 0 on error. - -=head1 SEE ALSO - -L - -=head1 HISTORY - -The OpenSSL CMP support was added in OpenSSL 3.0. - -=head1 COPYRIGHT - -Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved. - -Licensed under the Apache License 2.0 (the "License"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file LICENSE in the source distribution or at -L. - -=cut diff --git a/doc/internal/man3/ossl_ends_with_dirsep.pod b/doc/internal/man3/ossl_ends_with_dirsep.pod deleted file mode 100644 index d19ce7a3b97c4da3ce55ce9d453040cc8e972f54..0000000000000000000000000000000000000000 --- a/doc/internal/man3/ossl_ends_with_dirsep.pod +++ /dev/null @@ -1,45 +0,0 @@ -=pod - -=head1 NAME - -ossl_ends_with_dirsep, ossl_is_absolute_path -- internal functions to work with paths - -=head1 SYNOPSIS - - #include "internal/cryptlib.h" - - int ossl_ends_with_dirsep(const char *path); - - int ossl_is_absolute_path(const char *path); - -=head1 DESCRIPTION - -ossl_ends_with_dirsep() detects whether the I ends with a directory -separator in a platform agnostic way. - -ossl_is_absolute_path() detects whether the I is absolute path in -a platform agnostic way. - -=head1 RETURN VALUES - -ossl_ends_with_dirsep() returns 1 if the I ends with a directory -separator, 0 otherwise. - -ossl_is_absolute_path() returns 1 if the I is absolute, 0 otherwise. - -=head1 HISTORY - -The functions described here were added in OpenSSL 3.0. - -=head1 COPYRIGHT - -Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. - -Licensed under the Apache License 2.0 (the "License"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file LICENSE in the source distribution or at -L. - -=cut - diff --git a/doc/internal/man3/ossl_global_properties_no_mirrored.pod b/doc/internal/man3/ossl_global_properties_no_mirrored.pod deleted file mode 100644 index 6c39ccbc0ffe9b58a35e336ebee5458a1baec825..0000000000000000000000000000000000000000 --- a/doc/internal/man3/ossl_global_properties_no_mirrored.pod +++ /dev/null @@ -1,56 +0,0 @@ -=pod - -=head1 NAME - -ossl_property_list_to_string, ossl_global_properties_no_mirrored -- internal property routines - -=head1 SYNOPSIS - - #include "internal/property.h" - - size_t ossl_property_list_to_string(OSSL_LIB_CTX *ctx, - const OSSL_PROPERTY_LIST *list, char *buf, - size_t bufsize); - - int ossl_global_properties_no_mirrored(OSSL_LIB_CTX *libctx); - void ossl_global_properties_no_mirrored(OSSL_LIB_CTX *libctx); - - -=head1 DESCRIPTION - -ossl_property_list_to_string() takes a given OSSL_PROPERTY_LIST in I and -converts it to a string. If I is non NULL then the string will be stored -in I. The size of the buffer is provided in I. If I is -too short then the string will be truncated. If I is NULL then the length -of the string is still calculated and returned. If the property list has no -properties in it then the empty string will be stored in I. - -ossl_global_properties_no_mirrored() checks whether mirroring of global -properties from a parent library context is allowed for the current library -context. - -ossl_global_properties_no_mirrored() prevents future mirroring of global -properties from a parent library context for the current library context. - -=head1 RETURN VALUES - -ossl_property_list_to_string() returns the length of the string, or 0 on error. - -ossl_global_properties_no_mirrored() returns 1 if mirroring of global properties -is not allowed, or 0 otherwise. - -=head1 HISTORY - -The functions described here were all added in OpenSSL 3.0. - -=head1 COPYRIGHT - -Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. - -Licensed under the Apache License 2.0 (the "License"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file LICENSE in the source distribution or at -L. - -=cut diff --git a/doc/internal/man3/ossl_init_thread_deregister.pod b/doc/internal/man3/ossl_init_thread_deregister.pod deleted file mode 100644 index 6c9e0b5b8998cf841aff3ddee3d8eadc06c73446..0000000000000000000000000000000000000000 --- a/doc/internal/man3/ossl_init_thread_deregister.pod +++ /dev/null @@ -1,66 +0,0 @@ -=pod - -=head1 NAME - -OSSL_thread_stop_handler_fn, -ossl_init_thread_start, -ossl_init_thread_deregister -- internal thread routines - -=head1 SYNOPSIS - - #include "crypto/cryptlib.h" - #include - - typedef void (*OSSL_thread_stop_handler_fn)(void *arg); - - int ossl_init_thread_start(const void *index, void *arg, - OSSL_thread_stop_handler_fn handfn); - int ossl_init_thread_deregister(void *index); - -=head1 DESCRIPTION - -Thread aware code may be informed about when a thread is stopping, typically to -perform some cleanup operation. -Thread stop events may be detected by OpenSSL either automatically (using the -capabilities of the underlying threading library) where possible or explicitly -by the application calling OPENSSL_thread_stop() or OPENSSL_thread_stop_ex(). - -Thread aware code registers a "stop handler" for each new thread that it uses. -Typically, when a new thread is being used, code will add a new value to some -thread local variable and then register a stop handler. When the thread is -stopping the stop handler is called (while on that thread) and the code can -clean up the value stored in the thread local variable. - -A new stop handler is registered using the function ossl_init_thread_start(). -The I parameter should be a unique value that can be used to identify a -set of common stop handlers and is passed in a later call to -ossl_init_thread_deregister. If no later call to ossl_init_thread_deregister is -made then NULL can be passed for this parameter. The I parameter is passed -back as an argument to the stop handler when it is later invoked. Finally the -I is a function pointer to the stop handler itself. - -In the event that previously registered stop handlers need to be deregistered -then this can be done using the function ossl_init_thread_deregister(). -This will deregister all stop handlers (no matter which thread they were -registered for) which the same I value. - -=head1 RETURN VALUES - -ossl_init_thread_start() and ossl_init_thread_deregister() return 1 for success -or 0 on error. - -=head1 HISTORY - -The functions described here were all added in OpenSSL 3.0. - -=head1 COPYRIGHT - -Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. - -Licensed under the Apache License 2.0 (the "License"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file LICENSE in the source distribution or at -L. - -=cut diff --git a/doc/internal/man3/ossl_lib_ctx_get_data.pod b/doc/internal/man3/ossl_lib_ctx_get_data.pod deleted file mode 100644 index faedf7275f08d6561f5b0c2c29e70b2bb61250f7..0000000000000000000000000000000000000000 --- a/doc/internal/man3/ossl_lib_ctx_get_data.pod +++ /dev/null @@ -1,154 +0,0 @@ -=pod - -=head1 NAME - -ossl_lib_ctx_get_data, ossl_lib_ctx_run_once, ossl_lib_ctx_onfree, -ossl_lib_ctx_is_child -- internal OSSL_LIB_CTX routines - -=head1 SYNOPSIS - - #include - #include "internal/cryptlib.h" - - typedef struct ossl_lib_ctx_method { - int priority; - void *(*new_func)(OSSL_LIB_CTX *ctx); - void (*free_func)(void *); - } OSSL_LIB_CTX_METHOD; - - void *ossl_lib_ctx_get_data(OSSL_LIB_CTX *ctx, int index, - const OSSL_LIB_CTX_METHOD *meth); - - int ossl_lib_ctx_run_once(OSSL_LIB_CTX *ctx, unsigned int idx, - ossl_lib_ctx_run_once_fn run_once_fn); - int ossl_lib_ctx_onfree(OSSL_LIB_CTX *ctx, ossl_lib_ctx_onfree_fn onfreefn); - - int ossl_lib_ctx_is_child(OSSL_LIB_CTX *ctx); - -=head1 DESCRIPTION - -Internally, the OpenSSL library context B is implemented -as a B, which allows data from diverse parts of the -library to be added and removed dynamically. -Each such data item must have a corresponding CRYPTO_EX_DATA index -associated with it. Unlike normal CRYPTO_EX_DATA objects we use static indexes -to identify data items. These are mapped transparently to CRYPTO_EX_DATA dynamic -indexes internally to the implementation. -See the example further down to see how that's done. - -ossl_lib_ctx_get_data() is used to retrieve a pointer to the data in -the library context I associated with the given I. An -OSSL_LIB_CTX_METHOD must be defined and given in the I parameter. The index -for it should be defined in cryptlib.h. The functions through the method are -used to create or free items that are stored at that index whenever a library -context is created or freed, meaning that the code that use a data item of that -index doesn't have to worry about that, just use the data available. - -Deallocation of an index happens automatically when the library -context is freed. - -ossl_lib_ctx_run_once is used to run some initialisation routine I -exactly once per library context I object. Each initialisation routine -should be allocate a unique run once index in cryptlib.h. - -Any resources allocated via a run once initialisation routine can be cleaned up -using ossl_lib_ctx_onfree. This associates an "on free" routine I with -the library context I. When I is freed all associated "on free" -routines are called. - -ossl_lib_ctx_is_child() returns 1 if this library context is a child and 0 -otherwise. - -=head1 RETURN VALUES - -ossl_lib_ctx_get_data() returns a pointer on success, or NULL on -failure. - -=head1 EXAMPLES - -=head2 Initialization - -For a type C that should end up in the OpenSSL library context, a -small bit of initialization is needed, i.e. to associate a constructor -and a destructor to an index. - - typedef struct foo_st { - int i; - void *data; - } FOO; - - static void *foo_new(OSSL_LIB_CTX *ctx) - { - FOO *ptr = OPENSSL_zalloc(sizeof(*foo)); - if (ptr != NULL) - ptr->i = 42; - return ptr; - } - static void foo_free(void *ptr) - { - OPENSSL_free(ptr); - } - - /* - * Include a reference to this in the methods table in context.c - * OSSL_LIB_CTX_FOO_INDEX should be added to internal/cryptlib.h - * Priorities can be OSSL_LIB_CTX_METHOD_DEFAULT_PRIORITY, - * OSSL_LIB_CTX_METHOD_PRIORITY_1, OSSL_LIB_CTX_METHOD_PRIORITY_2, etc. - * Default priority is low (0). The higher the priority the earlier the - * method's destructor will be called when the library context is cleaned up. - */ - const OSSL_LIB_CTX_METHOD foo_method = { - OSSL_LIB_CTX_METHOD_DEFAULT_PRIORITY, - foo_new, - foo_free - }; - -=head2 Usage - -To get and use the data stored in the library context, simply do this: - - /* - * ctx is received from a caller, - */ - FOO *data = ossl_lib_ctx_get_data(ctx, OSSL_LIB_CTX_FOO_INDEX, &foo_method); - -=head2 Run Once - - void foo_cleanup(OSSL_LIB_CTX *ctx) - { - /* Free foo resources associated with ctx */ - } - - static ossl_lib_ctx_run_once_fn do_foo_init; - static int do_foo_init(OSSL_LIB_CTX *ctx) - { - /* Allocate and initialise some foo resources and associated with ctx */ - return ossl_lib_ctx_onfree(ctx, &foo_cleanup) - } - - int foo_some_function(OSSL_LIB_CTX *ctx) - { - if (!ossl_lib_ctx_run_once(ctx, - OSSL_LIB_CTX_FOO_RUN_ONCE_INDEX, - do_foo_init)) - return 0; - - /* Do some work using foo resources in ctx */ - } - - -=head1 SEE ALSO - -L - -=head1 COPYRIGHT - -Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. - -Licensed under the Apache License 2.0 (the "License"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file LICENSE in the source distribution or at -L. - -=cut diff --git a/doc/internal/man3/ossl_method_construct.pod b/doc/internal/man3/ossl_method_construct.pod deleted file mode 100644 index 3683798b06b49b8c65b7a7592d7a8cc0c05b0c92..0000000000000000000000000000000000000000 --- a/doc/internal/man3/ossl_method_construct.pod +++ /dev/null @@ -1,158 +0,0 @@ -=pod - -=head1 NAME - -OSSL_METHOD_CONSTRUCT_METHOD, ossl_method_construct -- generic method constructor - -=head1 SYNOPSIS - - #include "internal/core.h" - - struct ossl_method_construct_method_st { - /* Get a temporary store */ - void *(*get_tmp_store)(void *data); - /* Get an already existing method from a store */ - void *(*get)(void *store, const OSSL_PROVIDER *prov, void *data); - /* Store a method in a store */ - int (*put)(void *store, void *method, const OSSL_PROVIDER *prov, - const char *name, const char *propdef, void *data); - /* Construct a new method */ - void *(*construct)(const OSSL_ALGORITHM *algodef, OSSL_PROVIDER *prov, - void *data); - /* Destruct a method */ - void (*destruct)(void *method, void *data); - }; - typedef struct ossl_method_construct_method OSSL_METHOD_CONSTRUCT_METHOD; - - void *ossl_method_construct(OSSL_LIB_CTX *ctx, int operation_id, - OSSL_PROVIDER *prov, int force_cache, - OSSL_METHOD_CONSTRUCT_METHOD *mcm, void *mcm_data); - - -=head1 DESCRIPTION - -All libcrypto subsystems that want to create their own methods based -on provider dispatch tables need to do so in exactly the same way. -ossl_method_construct() does this while leaving it to the subsystems -to define more precisely how the methods are created, stored, etc. - -It's important to keep in mind that a method is identified by three things: - -=over 4 - -=item The operation identity - -=item The name of the algorithm - -=item The properties associated with the algorithm implementation - -=back - -=head2 Functions - -ossl_method_construct() creates a method by asking all available -providers for a dispatch table given an I, and then -calling the appropriate functions given by the subsystem specific -method creator through I and the data in I (which is -passed by ossl_method_construct()). -If I is not NULL, only that provider is considered, which is -useful in the case a method must be found in that particular -provider. - -This function assumes that the subsystem method creator implements -reference counting and acts accordingly (i.e. it will call the -subsystem destruct() method to decrement the reference count when -appropriate). - -=head2 Structures - -A central part of constructing a subsystem specific method is to give -ossl_method_construct a set of functions, all in the -B structure, which holds the following -function pointers: - -=over 4 - -=item get_tmp_store() - -Create a temporary method store in the scope of the library context I. -This store is used to temporarily store methods for easier lookup, for -when the provider doesn't want its dispatch table stored in a longer -term cache. - -=item get() - -Look up an already existing method from a store by name. - -The store may be given with I. -NULL is a valid value and means that a subsystem default store -must be used. -This default store should be stored in the library context I. - -The method to be looked up should be identified with data found in I -(which is the I that was passed to ossl_construct_method()). -In other words, the ossl_method_construct() caller is entirely responsible -for ensuring the necesssary data is made available. - -Optionally, I may be given as a search criterion, to narrow down the -search of a method belonging to just one provider. - -This function is expected to increment the resulting method's reference count. - -=item put() - -Places the I created by the construct() function (see below) -in a store. - -The store may be given with I. -NULL is a valid value and means that a subsystem default store -must be used. -This default store should be stored in the library context I. - -The method should be associated with the given provider I, -I and property definition I as well as any -identification data given through I (which is the I -that was passed to ossl_construct_method()). - -This function is expected to increment the I's reference count. - -=item construct() - -Constructs a subsystem method for the given I and the given -dispatch table I. - -The associated provider object I is passed as well, to make -it possible for the subsystem constructor to keep a reference, which -is recommended. -If such a reference is kept, the I reference counter -must be incremented, using ossl_provider_up_ref(). - -This function is expected to set the method's reference count to 1. - -=item destruct() - -Decrement the I's reference count, and destruct it when -the reference count reaches zero. - -=back - -=head1 RETURN VALUES - -ossl_method_construct() returns a constructed method on success, or -NULL on error. - -=head1 HISTORY - -This functionality was added to OpenSSL 3.0. - -=head1 COPYRIGHT - -Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. - -Licensed under the Apache License 2.0 (the "License"). You may not use this -file except in compliance with the License. You can obtain a copy in the file -LICENSE in the source distribution or at -L. - -=cut diff --git a/doc/internal/man3/ossl_namemap_new.pod b/doc/internal/man3/ossl_namemap_new.pod deleted file mode 100644 index ff247e87b03c0b76be6cd94e4d5dfca79157f641..0000000000000000000000000000000000000000 --- a/doc/internal/man3/ossl_namemap_new.pod +++ /dev/null @@ -1,129 +0,0 @@ -=pod - -=head1 NAME - -ossl_namemap_new, ossl_namemap_free, ossl_namemap_stored, ossl_namemap_empty, -ossl_namemap_add_name, ossl_namemap_add_name_n, ossl_namemap_add_names, -ossl_namemap_name2num, ossl_namemap_name2num_n, -ossl_namemap_doall_names -- internal number E-E name map - -=head1 SYNOPSIS - - #include "internal/cryptlib.h" - - OSSL_NAMEMAP *ossl_namemap_stored(OSSL_LIB_CTX *libctx); - - OSSL_NAMEMAP *ossl_namemap_new(void); - void ossl_namemap_free(OSSL_NAMEMAP *namemap); - int ossl_namemap_empty(OSSL_NAMEMAP *namemap); - - int ossl_namemap_add_name(OSSL_NAMEMAP *namemap, int number, const char *name); - int ossl_namemap_add_name_n(OSSL_NAMEMAP *namemap, int number, - const char *name, size_t name_len); - - int ossl_namemap_name2num(const OSSL_NAMEMAP *namemap, const char *name); - int ossl_namemap_name2num_n(const OSSL_NAMEMAP *namemap, - const char *name, size_t name_len); - int ossl_namemap_doall_names(const OSSL_NAMEMAP *namemap, int number, - void (*fn)(const char *name, void *data), - void *data); - - int ossl_namemap_add_names(OSSL_NAMEMAP *namemap, int number, - const char *names, const char separator); - -=head1 DESCRIPTION - -A B is a one-to-many number E-E names map, which -can be used to give any arbitrary set of names (any string) a unique -dynamic identity that is valid throughout the lifetime of the associated -library context. - -ossl_namemap_new() and ossl_namemap_free() construct and destruct a -new B. -This is suitable to use when the B is embedded in other -structures, or should be independent for any reason. - -ossl_namemap_empty() checks if the given B is empty or -not. - -ossl_namemap_stored() finds or auto-creates the default namemap in the -given library context. -The returned B can't be destructed using -ossl_namemap_free(). - -ossl_namemap_add_name() adds a new name to the namemap if it's not already -present. -If the given I is zero, a new number will be allocated to -identify this I. -If the given I is nonzero, the I is added to the set of -names already associated with that number. - -ossl_namemap_name2num() finds the number corresponding to the given -I. - -ossl_namemap_add_name_n() and ossl_namemap_name2num_n() do the same thing -as ossl_namemap_add_name() and ossl_namemap_name2num(), but take a string -length I as well, allowing the caller to use a fragment of -a string as a name. - -ossl_namemap_doall_names() walks through all names associated with -I in the given I and calls the function I for -each of them. -I is also passed the I argument, which allows any caller to -pass extra data for that function to use. - -ossl_namemap_add_names() divides up a set of names given in I, -separated by I, and adds each to the I, all with -the same number. If some of them already exist in the I, -they must all have the same associated number, which will be adopted -for any name that doesn't exist yet. - -=head1 RETURN VALUES - -ossl_namemap_new() and ossl_namemap_stored() return the pointer to a -B, or NULL on error. - -ossl_namemap_empty() returns 1 if the B is NULL or -empty, 0 if it's not empty, or -1 on internal error (such as inability -to lock). - -ossl_namemap_add_name() and ossl_namemap_add_name_n() return the number -associated with the added string, or zero on error. - -ossl_namemap_num2names() returns a pointer to a NULL-terminated list of -pointers to the names corresponding to the given number, or NULL if -it's undefined in the given B. - -ossl_namemap_name2num() and ossl_namemap_name2num_n() return the number -corresponding to the given name, or 0 if it's undefined in the given -B. - -ossl_namemap_doall_names() returns 1 if the callback was called for all names. A -return value of 0 means that the callback was not called for any names. - -ossl_namemap_add_names() returns the number associated with the added -names, or zero on error. - -=head1 NOTES - -The result from ossl_namemap_num2names() isn't thread safe, other threads -dealing with the same namemap may cause the list of names to change -location. -It is therefore strongly recommended to only use the result in code -guarded by a thread lock. - -=head1 HISTORY - -The functions described here were all added in OpenSSL 3.0. - -=head1 COPYRIGHT - -Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. - -Licensed under the Apache License 2.0 (the "License"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file LICENSE in the source distribution or at -L. - -=cut diff --git a/doc/internal/man3/ossl_provider_add_conf_module.pod b/doc/internal/man3/ossl_provider_add_conf_module.pod deleted file mode 100644 index 7e4d5097f6346b0cf307904f9b70dbf6f646f716..0000000000000000000000000000000000000000 --- a/doc/internal/man3/ossl_provider_add_conf_module.pod +++ /dev/null @@ -1,41 +0,0 @@ -=pod - -=head1 NAME - -ossl_provider_add_conf_module - internal standard configuration module - -=head1 SYNOPSIS - - #include "internal/provider.h" - - /* Configuration */ - void ossl_provider_add_conf_module(void); - -=head1 DESCRIPTION - -ossl_provider_add_conf_module() adds the standard configuration module -for providers. -This allows providers to be configured with an OpenSSL L file. - -=head1 RETURN VALUES - -ossl_provider_add_conf_module() doesn't return any value. - -=head1 SEE ALSO - -L, L - -=head1 HISTORY - -The functions described here were all added in OpenSSL 3.0. - -=head1 COPYRIGHT - -Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. - -Licensed under the Apache License 2.0 (the "License"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file LICENSE in the source distribution or at -L. - -=cut diff --git a/doc/internal/man3/ossl_provider_new.pod b/doc/internal/man3/ossl_provider_new.pod deleted file mode 100644 index 591c3451934bd218107688d8770529a39f56652c..0000000000000000000000000000000000000000 --- a/doc/internal/man3/ossl_provider_new.pod +++ /dev/null @@ -1,400 +0,0 @@ -=pod - -=head1 NAME - -ossl_provider_find, ossl_provider_new, ossl_provider_up_ref, -ossl_provider_free, -ossl_provider_set_fallback, ossl_provider_set_module_path, -ossl_provider_add_parameter, ossl_provider_set_child, ossl_provider_get_parent, -ossl_provider_up_ref_parent, ossl_provider_free_parent, -ossl_provider_default_props_update, ossl_provider_get0_dispatch, -ossl_provider_init_as_child, ossl_provider_deinit_child, -ossl_provider_activate, ossl_provider_deactivate, ossl_provider_add_to_store, -ossl_provider_ctx, -ossl_provider_doall_activated, -ossl_provider_name, ossl_provider_dso, -ossl_provider_module_name, ossl_provider_module_path, -ossl_provider_libctx, -ossl_provider_teardown, ossl_provider_gettable_params, -ossl_provider_get_params, -ossl_provider_query_operation, ossl_provider_unquery_operation, -ossl_provider_set_operation_bit, ossl_provider_test_operation_bit, -ossl_provider_get_capabilities -- internal provider routines - -=head1 SYNOPSIS - - #include "internal/provider.h" - - OSSL_PROVIDER *ossl_provider_find(OSSL_LIB_CTX *libctx, const char *name, - int noconfig); - OSSL_PROVIDER *ossl_provider_new(OSSL_LIB_CTX *libctx, const char *name, - ossl_provider_init_fn *init_function - int noconfig); - int ossl_provider_up_ref(OSSL_PROVIDER *prov); - void ossl_provider_free(OSSL_PROVIDER *prov); - - /* Setters */ - int ossl_provider_set_fallback(OSSL_PROVIDER *prov); - int ossl_provider_set_module_path(OSSL_PROVIDER *prov, const char *path); - int ossl_provider_add_parameter(OSSL_PROVIDER *prov, const char *name, - const char *value); - - /* Child Providers */ - int ossl_provider_set_child(OSSL_PROVIDER *prov, - const OSSL_CORE_HANDLE *handle); - const OSSL_CORE_HANDLE *ossl_provider_get_parent(OSSL_PROVIDER *prov); - int ossl_provider_up_ref_parent(OSSL_PROVIDER *prov, int activate); - int ossl_provider_free_parent(OSSL_PROVIDER *prov, int deactivate); - int ossl_provider_default_props_update(OSSL_LIB_CTX *libctx, - const char *props); - - /* - * Activate the Provider - * If the Provider is a module, the module will be loaded - */ - int ossl_provider_activate(OSSL_PROVIDER *prov, int upcalls, int aschild); - int ossl_provider_deactivate(OSSL_PROVIDER *prov, int removechildren); - int ossl_provider_add_to_store(OSSL_PROVIDER *prov, OSSL_PROVIDER **actualprov, - int retain_fallbacks); - - /* Return pointer to the provider's context */ - void *ossl_provider_ctx(const OSSL_PROVIDER *prov); - - const OSSL_DISPATCH *ossl_provider_get0_dispatch(const OSSL_PROVIDER *prov); - - /* Iterate over all loaded providers */ - int ossl_provider_doall_activated(OSSL_LIB_CTX *, - int (*cb)(OSSL_PROVIDER *provider, - void *cbdata), - void *cbdata); - - /* Getters for other library functions */ - const char *ossl_provider_name(OSSL_PROVIDER *prov); - const DSO *ossl_provider_dso(OSSL_PROVIDER *prov); - const char *ossl_provider_module_name(OSSL_PROVIDER *prov); - const char *ossl_provider_module_path(OSSL_PROVIDER *prov); - OSSL_LIB_CTX *ossl_provider_libctx(const OSSL_PROVIDER *prov); - - /* Thin wrappers around calls to the provider */ - void ossl_provider_teardown(const OSSL_PROVIDER *prov); - const OSSL_PARAM *ossl_provider_gettable_params(const OSSL_PROVIDER *prov); - int ossl_provider_get_params(const OSSL_PROVIDER *prov, OSSL_PARAM params[]); - int ossl_provider_get_capabilities(const OSSL_PROVIDER *prov, - const char *capability, - OSSL_CALLBACK *cb, - void *arg); - const OSSL_ALGORITHM *ossl_provider_query_operation(const OSSL_PROVIDER *prov, - int operation_id, - int *no_cache); - void ossl_provider_unquery_operation(const OSSL_PROVIDER *prov, - int operation_id, - const OSSL_ALGORITHM *algs); - - int ossl_provider_set_operation_bit(OSSL_PROVIDER *provider, size_t bitnum); - int ossl_provider_test_operation_bit(OSSL_PROVIDER *provider, size_t bitnum, - int *result); - - int ossl_provider_init_as_child(OSSL_LIB_CTX *ctx, - const OSSL_CORE_HANDLE *handle, - const OSSL_DISPATCH *in); - void ossl_provider_deinit_child(OSSL_LIB_CTX *ctx); - -=head1 DESCRIPTION - -I is a type that holds all the necessary information -to handle a provider, regardless of if it's built in to the -application or the OpenSSL libraries, or if it's a loadable provider -module. -Instances of this type are commonly referred to as "provider objects". - -A provider object is always stored in a set of provider objects -in the library context. - -Provider objects are reference counted. - -Provider objects are initially inactive, i.e. they are only recorded -in the store, but are not used. -They are activated with the first call to ossl_provider_activate(), -and are deactivated with the last call to ossl_provider_deactivate(). -Activation affects a separate counter. - -=head2 Functions - -ossl_provider_find() finds an existing provider object in the provider -object store by I. -The config file will be automatically loaded unless I is set. -Typically I should be 0. -We set I to 1 only when calling these functions while processing a -config file in order to avoid recursively attempting to load the file. -The provider object it finds has its reference count incremented. - -ossl_provider_new() creates a new provider object named I and -stores it in the provider object store, unless there already is one -there with the same name. -If there already is one with the same name, it's returned with its -reference count incremented. -The config file will be automatically loaded unless I is set. -Typically I should be 0. -We set I to 1 only when calling these functions while processing a -config file in order to avoid recursively attempting to load the file. -The reference count of a newly created provider object will always -be 2; one for being added to the store, and one for the returned -reference. -If I is NULL, the provider is assumed to be a -dynamically loadable module, with the symbol B as -its initialisation function. -If I isn't NULL, the provider is assumed to be built -in, with I being the pointer to its initialisation -function. -For further description of the initialisation function, see the -description of ossl_provider_activate() below. - -ossl_provider_up_ref() increments the provider object I's -reference count. - -ossl_provider_free() decrements the provider object I's -reference count; when it drops to zero, the provider object is assumed -to have fallen out of use and will be deinitialized (its I -function is called), and the associated module will be unloaded if one -was loaded, and I itself will be freed. - -ossl_provider_set_fallback() marks an available provider I as -fallback. -Note that after this call, the provider object pointer that was -used can simply be dropped, but not freed. - -ossl_provider_set_module_path() sets the module path to load the -provider module given the provider object I. -This will be used in preference to automatically trying to figure out -the path from the provider name and the default module directory (more -on this in L). - -ossl_provider_libctx() returns the library context the given -provider I is registered in. - -ossl_provider_add_parameter() adds a global parameter for the provider -to retrieve as it sees fit. -The parameters are a combination of I and I, and the -provider will use the name to find the value it wants. -Only text parameters can be given, and it's up to the provider to -interpret them. - -ossl_provider_set_child() marks this provider as a child of a provider in the -parent library context. I is the B object passed to -the provider's B function. - -ossl_provider_get_parent() obtains the handle on the parent provider. - -ossl_provider_up_ref_parent() increases the reference count on the parent -provider. If I is nonzero then the parent provider is also activated. - -ossl_provider_free_parent() decreases the reference count on the parent -provider. If I is nonzero then the parent provider is also -deactivated. - -ossl_provider_default_props_update() is responsible for informing any child -providers of an update to the default properties. The new properties are -supplied in the I string. - -ossl_provider_activate() "activates" the provider for the given -provider object I by incrementing its activation count, flagging -it as activated, and initializing it if it isn't already initialized. -Initializing means one of the following: - -=over 4 - -=item * - -If an initialization function was given with ossl_provider_new(), that -function will get called. - -=item * - -If no initialization function was given with ossl_provider_new(), a -loadable module with the I that was given to ossl_provider_new() -will be located and loaded, then the symbol B will -be located in that module, and called. - -=back - -If I is nonzero then, if this is a child provider, upcalls to the -parent libctx will be made to inform it of an up-ref. If I is nonzero -then the provider will only be activated if it is a child provider. Otherwise -no action is taken and ossl_provider_activate() returns success. - -ossl_provider_deactivate() "deactivates" the provider for the given -provider object I by decrementing its activation count. When -that count reaches zero, the activation flag is cleared. If the -I parameter is 0 then no attempt is made to remove any -associated child providers. - -ossl_provider_add_to_store() adds the provider I to the provider store and -makes it available to other threads. This will prevent future automatic loading -of fallback providers, unless I is true. If a provider of the -same name already exists in the store then it is not added but this function -still returns success. On success the I value is populated with a -pointer to the provider of the given name that is now in the store. The -reference passed in the I argument is consumed by this function. A -reference to the provider that should be used is passed back in the -I argument. - -ossl_provider_ctx() returns a context created by the provider. -Outside of the provider, it's completely opaque, but it needs to be -passed back to some of the provider functions. - -ossl_provider_get0_dispatch() returns the dispatch table that the provider -initially returned in the I parameter of its B -function. - -ossl_provider_doall_activated() iterates over all the currently -"activated" providers, and calls I for each of them. -If no providers have been "activated" yet, it tries to activate all -available fallback providers before iterating over them. - -ossl_provider_name() returns the name that was given with -ossl_provider_new(). - -ossl_provider_dso() returns a reference to the module, for providers -that come in the form of loadable modules. - -ossl_provider_module_name() returns the filename of the module, for -providers that come in the form of loadable modules. - -ossl_provider_module_path() returns the full path of the module file, -for providers that come in the form of loadable modules. - -ossl_provider_teardown() calls the provider's I function, if -the provider has one. - -ossl_provider_gettable_params() calls the provider's I -function, if the provider has one. -It should return an array of I to describe all the -parameters that the provider has for the provider object. - -ossl_provider_get_params() calls the provider's parameter request -responder. -It should treat the given I array as described in -L. - -ossl_provider_get_capabilities() calls the provider's I function, -if the provider has one. It provides the name of the I and a -callback I parameter to call for each capability that has a matching name in -the provider. The callback gets passed OSSL_PARAM details about the capability as -well as the caller supplied argument I. - -ossl_provider_query_operation() calls the provider's -I function, if the provider has one. -It should return an array of I for the given -I. - -ossl_provider_unquery_operation() informs the provider that the result of -ossl_provider_query_operation() is no longer going to be directly accessed and -that all relevant information has been copied. - -ossl_provider_set_operation_bit() registers a 1 for operation I -in a bitstring that's internal to I. - -ossl_provider_test_operation_bit() checks if the bit operation I -is set (1) or not (0) in the internal I bitstring, and sets -I<*result> to 1 or 0 accorddingly. - -ossl_provider_init_as_child() stores in the library context I references to -the necessary upcalls for managing child providers. The I and I -parameters are the B and B pointers that were -passed to the provider's B function. - -ossl_provider_deinit_child() deregisters callbacks from the parent library -context about provider creation or removal events for the child library context -I. Must only be called if I is a child library context. - -=head1 NOTES - -Locating a provider module happens as follows: - -=over 4 - -=item 1. - -If a path was given with ossl_provider_set_module_path(), use that as -module path. -Otherwise, use the provider object's name as module path, with -platform specific standard extensions added. - -=item 2. - -If the environment variable B is defined, assume its -value is a directory specification and merge it with the module path. -Otherwise, merge the value of the OpenSSL built in macro B -with the module path. - -=back - -When this process is done, the result is used when trying to load the -provider module. - -The command C can be used to find out the value -of the built in macro B. - -=head1 RETURN VALUES - -ossl_provider_find() and ossl_provider_new() return a pointer to a -provider object (I) on success, or NULL on error. - -ossl_provider_up_ref() returns the value of the reference count after -it has been incremented. - -ossl_provider_free() doesn't return any value. - -ossl_provider_doall_activated() returns 1 if the callback was called for all -activated providers. A return value of 0 means that the callback was not -called for any activated providers. - -ossl_provider_set_module_path(), ossl_provider_set_fallback(), -ossl_provider_activate(), ossl_provider_activate_leave_fallbacks() and -ossl_provider_deactivate(), ossl_provider_add_to_store(), -ossl_provider_default_props_update() return 1 on success, or 0 on error. - -ossl_provider_name(), ossl_provider_dso(), -ossl_provider_module_name(), and ossl_provider_module_path() return a -pointer to their respective data if it's available, otherwise NULL -is returned. - -ossl_provider_libctx() return a pointer to the library context. -This may be NULL, and is perfectly valid, as it denotes the default -global library context. - -ossl_provider_teardown() doesn't return any value. - -ossl_provider_gettable_params() returns a pointer to a constant -I array if this function is available in the provider, -otherwise NULL. - -ossl_provider_get_params() returns 1 on success, or 0 on error. -If this function isn't available in the provider, 0 is returned. - -ossl_provider_set_operation_bit() and ossl_provider_test_operation_bit() -return 1 on success, or 0 on error. - -ossl_provider_get_capabilities() returns 1 on success, or 0 on error. -If this function isn't available in the provider or the provider does not -support the requested capability then 0 is returned. - -=head1 SEE ALSO - -L, L, L - -=head1 HISTORY - -The functions described here were all added in OpenSSL 3.0. - -=head1 COPYRIGHT - -Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. - -Licensed under the Apache License 2.0 (the "License"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file LICENSE in the source distribution or at -L. - -=cut diff --git a/doc/internal/man3/ossl_punycode_decode.pod b/doc/internal/man3/ossl_punycode_decode.pod deleted file mode 100644 index 652626159e3ac8f1a6fa4d079033aad0ad215edc..0000000000000000000000000000000000000000 --- a/doc/internal/man3/ossl_punycode_decode.pod +++ /dev/null @@ -1,60 +0,0 @@ -=pod - -=head1 NAME - -ossl_punycode_decode, ossl_a2ulabel, ossl_a2ucompare -- internal punycode-related functions - -=head1 SYNOPSIS - - #include "crypto/punycode.h" - - int ossl_punycode_decode(const char *pEncoded, const size_t enc_len, - unsigned int *pDecoded, unsigned int *pout_length); - - int ossl_a2ulabel(const char *in, char *out, size_t *outlen); - - int ossl_a2ucompare(const char *a, const char *u); - -=head1 DESCRIPTION - -PUNYCODE encoding introduced in RFCs 3490-3492 is widely used for -representation of host names in ASCII-only format. Some specifications, -such as RFC 8398, require comparison of host names encoded in UTF-8 charset. - -ossl_a2ulabel() decodes NUL-terminated hostname from PUNYCODE to UTF-8, -using a provided buffer for output. - -ossl_a2ucompare() accepts two NUL-terminated hostnames, decodes the 1st -from PUNYCODE to UTF-8 and compares it with the 2nd one as is. - -ossl_punycode_decode() decodes one label (one dot-separated part) from -a hostname, with stripped PUNYCODE marker I. - -=head1 RETURN VALUES - -ossl_a2ulabel() returns 1 on success, 0 on not enough buf passed, --1 on invalid PUNYCODE string passed. When valid string is provided, it sets the -I<*outlen> to the length of required buffer to perform correct decoding. - -ossl_a2ucompare() returns 1 on non-equal strings, 0 on equal strings, --1 when invalid PUNYCODE string passed. - -ossl_punycode_decode() returns 1 on success, 0 on error. On success, -*pout_length contains the number of codepoints decoded. - -=head1 HISTORY - -The functions described here were all added in OpenSSL 3.0. - -=head1 COPYRIGHT - -Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. - -Licensed under the Apache License 2.0 (the "License"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file LICENSE in the source distribution or at -L. - -=cut - diff --git a/doc/internal/man3/ossl_rand_get_entropy.pod b/doc/internal/man3/ossl_rand_get_entropy.pod deleted file mode 100644 index 4da3f1f4d9db5f80e2769bbc95d8b1f4bd40854f..0000000000000000000000000000000000000000 --- a/doc/internal/man3/ossl_rand_get_entropy.pod +++ /dev/null @@ -1,66 +0,0 @@ -=pod - -=head1 NAME - -ossl_rand_get_entropy, ossl_rand_cleanup_entropy, -ossl_rand_get_nonce, ossl_rand_cleanup_nonce -- get seed material from the operating system - -=head1 SYNOPSIS - - #include "crypto/rand.h" - - size_t ossl_rand_get_entropy(OSSL_CORE_HANDLE *handle, - unsigned char **pout, int entropy, - size_t min_len, size_t max_len); - void ossl_rand_cleanup_entropy(OSSL_CORE_HANDLE *handle, - unsigned char *buf, size_t len); - size_t ossl_rand_get_nonce(OSSL_CORE_HANDLE *handle, - unsigned char **pout, size_t min_len, - size_t max_len, const void *salt, size_t salt_len); - void ossl_rand_cleanup_nonce(OSSL_CORE_HANDLE *handle, - unsigned char *buf, size_t len); - -=head1 DESCRIPTION - -ossl_rand_get_entropy() retrieves seeding material from the operating system. -The seeding material will have at least I bytes of randomness and is -stored in a buffer which contains at least I and at most I -bytes. The buffer address is stored in I<*pout> and the buffer length is -returned to the caller. - -ossl_rand_cleanup_entropy() cleanses and frees any storage allocated by -ossl_rand_get_entropy(). The seeding buffer is pointed to by I and is -of length I bytes. - -ossl_rand_get_nonce() retrieves a nonce using the passed I parameter -of length I and operating system specific information. -The I should contain uniquely identifying information and this is -included, in an unspecified manner, as part of the output. -The output is stored in a buffer which contains at least I and at -most I bytes. The buffer address is stored in I<*pout> and the -buffer length returned to the caller. - -ossl_rand_cleanup_nonce() cleanses and frees any storage allocated by -ossl_rand_get_nonce(). The nonce buffer is pointed to by I and is -of length I bytes. - -=head1 RETURN VALUES - -ossl_rand_get_entropy() and ossl_rand_get_nonce() return the number of bytes -in I<*pout> or 0 on error. - -=head1 HISTORY - -The functions described here were all added in OpenSSL 3.0. - -=head1 COPYRIGHT - -Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. - -Licensed under the Apache License 2.0 (the "License"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file LICENSE in the source distribution or at -L. - -=cut diff --git a/doc/internal/man3/ossl_random_add_conf_module.pod b/doc/internal/man3/ossl_random_add_conf_module.pod deleted file mode 100644 index 6d4f5810dcddb7dfd1e9d008813eff412098aa09..0000000000000000000000000000000000000000 --- a/doc/internal/man3/ossl_random_add_conf_module.pod +++ /dev/null @@ -1,42 +0,0 @@ -=pod - -=head1 NAME - -ossl_random_add_conf_module - internal random configuration module - -=head1 SYNOPSIS - - #include "crypto/rand.h" - - /* Configuration */ - void ossl_random_add_conf_module(void); - -=head1 DESCRIPTION - -ossl_random_add_conf_module() adds the random configuration module -for providers. -This allows the type and parameters of the stardard setup of random number -generators to be configured with an OpenSSL L file. - -=head1 RETURN VALUES - -ossl_random_add_conf_module() doesn't return any value. - -=head1 SEE ALSO - -L, L, L - -=head1 HISTORY - -The functions described here were all added in OpenSSL 3.0. - -=head1 COPYRIGHT - -Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. - -Licensed under the Apache License 2.0 (the "License"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file LICENSE in the source distribution or at -L. - -=cut diff --git a/doc/internal/man3/ossl_rsa_get0_all_params.pod b/doc/internal/man3/ossl_rsa_get0_all_params.pod deleted file mode 100644 index a7ebb613bb025f8cf15e81384ee1dbd37b170696..0000000000000000000000000000000000000000 --- a/doc/internal/man3/ossl_rsa_get0_all_params.pod +++ /dev/null @@ -1,75 +0,0 @@ -=pod - -=head1 NAME - -ossl_rsa_set0_all_params, ossl_rsa_get0_all_params -- Internal routines for getting and setting data in an RSA object - -=head1 SYNOPSIS - - #include "crypto/rsa.h" - - int ossl_rsa_get0_all_params(RSA *r, STACK_OF(BIGNUM_const) *primes, - STACK_OF(BIGNUM_const) *exps, - STACK_OF(BIGNUM_const) *coeffs); - int ossl_rsa_set0_all_params(RSA *r, const STACK_OF(BIGNUM) *primes, - const STACK_OF(BIGNUM) *exps, - const STACK_OF(BIGNUM) *coeffs); - -=head1 DESCRIPTION - -ossl_rsa_set0_all_params() sets all primes, CRT exponents and CRT coefficients -in the B object I to the contents of the stacks of BIGNUMs I, -I and I. The B object takes ownership of the BIGNUMs, -but not of the stacks. - -ossl_rsa_get0_all_params() gets all primes, CRT exponents and CRT coefficients -in the B object I and pushes them on the stacks of constant BIGNUMs -I, I and I. The B object retains ownership of the -BIGNUMs, but not of the stacks. - -=head1 NOTES - -For RSA_set0_all_params() and RSA_get0_all_params(): - -=over 4 - -=item * - -the I stack contains I

, I, and then the rest of the primes -if the B object is a multi-prime RSA key. - -=item * - -the I stack contains I, I, and then the rest of the exponents -if the B object is a multi-prime RSA key. - -=item * - -the I stack contains I, and then the rest of the coefficients -if the B object is a multi-prime RSA key. - -=back - -The number of primes must always be equal to the number of exponents, and -the number of coefficients must be one less than the number of primes. - -=head1 RETURN VALUES - -ossl_rsa_get0_all_params() and ossl_rsa_set0_all_params() return 1 on success, -or 0 on failure. - -=head1 SEE ALSO - -L - -=head1 COPYRIGHT - -Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. - -Licensed under the Apache License 2.0 (the "License"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file LICENSE in the source distribution or at -L. - -=cut diff --git a/doc/internal/man3/x509v3_cache_extensions.pod b/doc/internal/man3/x509v3_cache_extensions.pod deleted file mode 100644 index cc0aeb6079a896055a9047dd13f36cc31d0217c6..0000000000000000000000000000000000000000 --- a/doc/internal/man3/x509v3_cache_extensions.pod +++ /dev/null @@ -1,41 +0,0 @@ -=pod - -=head1 NAME - -x509v3_cache_extensions -- cache info on various X.509v3 extensions and further derived certificate data - -=head1 SYNOPSIS - - #include - - int x509v3_cache_extensions(X509 *x, OSSL_LIB_CTX *libctx, const char *propq); - -=head1 DESCRIPTION - -This function processes any X509v3 extensions present in an X509 object I -and caches the result of that processing as well as further derived info, -for instance whether the certificate is self-issued or has version X.509v1. -It computes the SHA1 digest of the certificate using the default library context -and property query string and stores the result in x->sha1_hash, -or on failure sets B in x->flags. -It sets B in x->flags if x->siginf was filled successfully, -which may not be possible if a referenced algorithm is unknown or not available. -Many OpenSSL functions that use an X509 object call this function implicitly. - -=head1 RETURN VALUES - -This function returns 0 if the extensions or other portions of the certificate -are invalid or an error occurred. -Otherwise it returns 1. - -=head1 COPYRIGHT - -Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. - -Licensed under the Apache License 2.0 (the "License"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file LICENSE in the source distribution or at -L. - -=cut diff --git a/doc/internal/man7/DERlib.pod b/doc/internal/man7/DERlib.pod deleted file mode 100644 index 24280b976b344e1448b804632d639f85960e8261..0000000000000000000000000000000000000000 --- a/doc/internal/man7/DERlib.pod +++ /dev/null @@ -1,149 +0,0 @@ -=pod - -=head1 NAME - -DERlib - internal OpenSSL DER library - -=head1 DESCRIPTION - -OpenSSL contains an internal small DER reading and writing library, -as an alternative to the publicly known i2d and d2i functions. It's -solely constituted of functions that work as building blocks to create -more similar functions to encode and decode larger structures. - -All these functions have similar function signatures (C -will vary depending on what the function will encode): - - int DER_w_something(WPACKET *pkt, int tag, ...); - -=begin comment - -When readers are added, add this: - - int DER_r_something(PACKET *pkt, int tag, ...); - -=end comment - -I is the packet context used, and I should be the -context-specific tag value of the element being handled, or -1 if there -is no tag number for that element (you may use the convenience macro -B instead of -1). Any argument following is the C -variable that's being encoded or decoded. - -=head2 DER writers / encoders - -DER writers are based in L, a generic packet writing -library, so before using any of them, I must be initialized -using L or L - -DER writers must be used in reverse order, except for the wrapping -functions that implement a constructed element. The latter are easily -recognised by their function name including the words C and -C. As an example, we can look at the DSA signature structure, -which is defined like this in ASN.1 terms: - - -- Copied from RFC 3279, section 2.2.2 - Dss-Sig-Value ::= SEQUENCE { - r INTEGER, - s INTEGER } - -With the DER library, this is the corresponding code, given two OpenSSL -Bs I and I: - - int ok = ossl_DER_w_begin_sequence(pkt, -1) - && ossl_DER_w_bn(pkg, -1, s) - && ossl_DER_w_bn(pkg, -1, r) - && ossl_DER_w_end_sequence(pkt, -1); - -As an example of the use of I, an ASN.1 element like this: - - v [1] INTEGER OPTIONAL - -Would be encoded like this: - - ossl_DER_w_bn(pkt, 1, v) - -=begin comment - -=head2 DER readers / decoders - -TBA - -=end comment - -=head1 EXAMPLES - -A more complex example, encoding the AlgorithmIdentifier with -RSASSA-PSS values. - -As a reminder, the AlgorithmIdentifier is specified like this: - - -- From RFC 3280, section 4.1.1.2 - AlgorithmIdentifier ::= SEQUENCE { - algorithm OBJECT IDENTIFIER, - parameters ANY DEFINED BY algorithm OPTIONAL } - -And the RSASSA-PSS OID and parameters are specified like this: - - -- From RFC 3279, section 3.1 - id-RSASSA-PSS OBJECT IDENTIFIER ::= { pkcs-1 10 } - - RSASSA-PSS-params ::= SEQUENCE { - hashAlgorithm [0] HashAlgorithm DEFAULT - sha1Identifier, - maskGenAlgorithm [1] MaskGenAlgorithm DEFAULT - mgf1SHA1Identifier, - saltLength [2] INTEGER DEFAULT 20, - trailerField [3] INTEGER DEFAULT 1 } - -The value we want to encode, written in ASN.1 syntax: - - { - algorithm id-RSASSA-PSS, - parameters { - hashAlgorithm sha256Identifier, - maskGenAlgorithm mgf1SHA256Identifier, - saltLength 20 -- unnecessarily explicit - } - } - -Assuming that we have precompiled constants for C, -C and C, the DER writing code -looks as follows. This is a complete function to write that specific -value: - - int DER_w_AlgorithmIdentifier_RSASSA_PSS_special(WPACKET *pkt, - int tag, - RSA *rsa) - { - return ossl_DER_w_begin_sequence(pkt, tag) - && (ossl_DER_w_begin_sequence(pkt, DER_NO_CONTEXT) - && ossl_DER_w_uint32(pkt, 2, 20) - && ossl_DER_w_precompiled(pkt, 1, - der_mgf1SHA256Identifier, - sizeof(der_mgf1SHA256Identifier)) - && ossl_DER_w_precompiled(pkt, 0, - der_sha256Identifier, - sizeof(der_sha256Identifier)) - && ossl_DER_w_end_sequence(pkt, DER_NO_CONTEXT)) - && ossl_DER_w_precompiled(pkt, DER_NO_CONTEXT, - der_id_RSASSA_PSS, - sizeof(der_id_RSASSA_PSS)) - && ossl_DER_w_end_sequence(pkt, tag); - } - -=head1 SEE ALSO - -L, L, -L - -=head1 COPYRIGHT - -Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. - -Licensed under the Apache License 2.0 (the "License"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file LICENSE in the source distribution or at -L. - -=cut diff --git a/doc/internal/man7/EVP_PKEY.pod b/doc/internal/man7/EVP_PKEY.pod deleted file mode 100644 index cc738b9c28ebcc58177ae2c6accc132f384c3803..0000000000000000000000000000000000000000 --- a/doc/internal/man7/EVP_PKEY.pod +++ /dev/null @@ -1,212 +0,0 @@ -=pod - -=head1 NAME - -EVP_PKEY - an internal description - -=head1 SYNOPSIS - - #include "crypto/evp.h" - - typedef struct evp_pkey_st EVP_PKEY; - -=head1 DESCRIPTION - -I - -B is a complex type that's essentially a container for -private/public key pairs, but has had other uses as well. - -=for comment "uses" could as well be "abuses"... - -The private/public key pair that an B contains is refered to -as its "internal key" or "origin" (the reason for "origin" is -explained further down, in L), -and it can take one of the following forms: - -=over 4 - -=item legacy origin - -This is the form that an B in OpenSSL prior to 3.0 had. The -internal key in the B is a pointer to the low-level key -types, such as B, B and B, or an engine driven -structure, and is governed by an associated L and -an L. - -The functions available through those two method structures get full -access to the B and therefore have a lot of freedom to -modify whatever they want. This also means that an B is a -shared structure between libcrypto and any ENGINE that serves such -methods. - -=item provider-native origin - -This is a new form in OpenSSL 3.0, which permits providers to hold the -key data (see L). The internal key in the -B is a pointer to that key data held by the provider, and -is governed by an associated L method structure. - -The functions available through the L have no access -to the B, and can therefore not make any direct changes. -Similarly, the key data that the B points at is only known -to the functions pointed at in the L. - -=back - -These two forms can never co-exist in the same B, the main -reason being that having both at the same time will create problems -with synchronising between the two forms, and potentially make it -confusing which one of the two is the origin. - -=head2 Key mutability - -The B internal keys are mutable. - -This is especially visible with internal legacy keys, since they can -be extracted with functions like L and then -modified at will with functions like L. Note that if the -internal key is a provider key then the return value from functions such as -L is a cached copy of the key. Changes to the cached -copy are not reflected back in the provider key. - -Internal provider native keys are also possible to be modified, if the -associated L implementation allows it. This is done -with L and its specialised derivatives. The -OpenSSL providers allow it for the following: - -=over 4 - -=item DH, EC, X25519, X448: - -It's possible to set the encoded public key. This is supported in -particular through L. - -=item EC: - -It's possible to flip the ECDH cofactor mode. - -=back - -Every time the B internal key mutates, an internal dirty -count is incremented. The need for a dirty count is explained further -in L. - -For provider native origin keys, this doesn't require any help from -the L, the dirty count is maintained in the B -itself, and is incremented every time L or its -specialised derivatives are called. -For legacy origin keys, this requires the associated -L to implement the dirty_cnt() function. All -of OpenSSL's built-in L implement this -function. - -=head2 Export cache for provider operations - -OpenSSL 3.0 can handle operations such as signing, encrypting, etc in -diverse providers, potentially others than the provider of the -L. Two providers, possibly from different vendors, -can't be expected to share internal key structures. There are -therefore instances where key data will need to be exported to the -provider that is going to perform the operation (this also implies -that every provider that implements a key pair based operation must -also implement an L). - -For performance reasons, libcrypto tries to minimize the need to -perform such an export, so it maintains a cache of such exports in the -B. Each cache entry has two items, a pointer to the -provider side key data and the associated L. - -I - -The export to the operation key cache can be performed independent of -what form the origin has. -For a legacy origin, this requires that the associated -L implements the functions export_to() and -dirty_cnt(). -For a provider native origin, this requires that the associated -L implements the OSSL_FUNC_keymgmt_export() function -(see L). -In all cases, the receiving L (the one associated with -the exported key data) must implement OSSL_FUNC_keymgmt_import(). - -If such caching isn't supported, the operations that can be performed -with that key are limited to the same backend as the origin key -(ENGINE for legacy origin keys, provider for provider side origin -keys). - -=head3 Exporting implementation details - - -Exporting a key to the operation cache involves the following: - -=over 4 - -=item 1. - -Check if the dirty count for the internal origin key has changed since -the previous time. This is done by comparing it with a copy of the -dirty count, which is maintained by the export function. - -If the dirty count has changed, the export cache is cleared. - -=item 2. - -Check if there's an entry in the export cache with the same -L that's the same provider that an export is to be -made to (which is the provider that's going to perform an operation -for which the current B is going to be used). - -If such an entry is found, nothing more is done, the key data and -L found in that export cache entry will be used for -the operation to be performed. - -=item 3. - -Export the internal origin key to the provider, using the appropriate -method. - -For legacy origin keys, that's done with the help of the -L export_to() function. - -For provider native origin keys, that's done by retrieving the key -data in L form from the origin keys, using the -OSSL_FUNC_keymgmt_export() functions of the associated -L, and sending that data to the L of -the provider that's to perform the operation, using its -OSSL_FUNC_keymgmt_import() function. - -=back - -=head2 Changing a key origin - -It is never possible to change the origin of a key. An B with a legacy -origin will I be upgraded to become an B with a provider -native origin. Instead, we have the operation cache as described above, that -takes care of the needs of the diverse operation the application may want to -perform. - -Similarly an B with a provider native origin, will I be -I into an B with a legacy origin. Instead we may have a -cached copy of the provider key in legacy form. Once the cached copy is created -it is never updated. Changes made to the provider key are not reflected back in -the cached legacy copy. Similarly changes made to the cached legacy copy are not -reflected back in the provider key. - -=head1 SEE ALSO - -L - -=head1 COPYRIGHT - -Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. - -Licensed under the Apache License 2.0 (the "License"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file LICENSE in the source distribution or at -L. - -=cut diff --git a/doc/internal/man7/VERSION.pod b/doc/internal/man7/VERSION.pod deleted file mode 100644 index 4bc8ba6b932752c33393914e5c001594b6aa7f04..0000000000000000000000000000000000000000 --- a/doc/internal/man7/VERSION.pod +++ /dev/null @@ -1,149 +0,0 @@ -=pod - -=head1 NAME - -VERSION - OpenSSL version information - -=head1 SYNOPSIS - - MAJOR=3 - MINOR=0 - PATCH=0 - PRE_RELEASE_TAG=dev - BUILD_METADATA= - RELEASE_DATE= - SHLIB_VERSION=3 - -=head1 DESCRIPTION - -This file is a set of keyed information looking like simple variable -assignments. When given an empty value, they are seen as unassigned. -The keys that are recognised are: - -=over 4 - -=item B, B, B - -The three parts of OpenSSL's 3 numbered version number, MAJOR.MINOR.PATCH. -These are used to compose the values for the C macros B, -B, B. - -=item B - -This is the added pre-release tag, which is added to the version separated by -a dash. For a value C, the C macro B gets -the string C<-foo> (dash added). - -=item B - -Extra metadata to be used by anyone for their own purposes. This is added to -the version and possible pre-release tag, separated by a plus sign. For a -value C, the C macro B gets the string -C<+bar>. - -=item B - -Defined in releases. When not set, it gets the value C. - -=item B - -The shared library version, which is something other than the project version. - -=back - -It is a configuration error if B, B, B and B -don't have values. Configuration will stop in that case. - -=head2 Affected configuration data - -The following items in %config from F are affected: - -=over 4 - -=item $config{major}, $config{minor}, $config{patch}, $config{shlib_version} - -These items get their values from B, B, B, and -B, respectively. - -=item $config{prerelease} - -If B is assigned a value, $config{prerelease} gets that same value, -prefixed by a dash, otherwise the empty string. - -=item $config{build_metadata} - -If B is assigned a value, $config{build_metadata} gets that same -value, prefixed by a plus sign, otherwise the empty string. - -=item $config{release_date} - -If B is assigned a value, $config{release_date} gets that same -value, otherwise the string C. - -=item $config{version} - -The minimal version number, a string composed from B, B and -B, separated by periods. For C, C and C, -the string will be C<3.0.0>. - -=item $config{full_version} - -The fully loaded version number, a string composed from $config{version}, -$config{prerelease} and $config{build_metadata}. See See L for -a few examples. - -=back - -=head1 EXAMPLES - -=over 4 - -=item 1. - - MAJOR=3 - MINOR=0 - PATCH=0 - PRE_RELEASE_TAG=dev - BUILD_METADATA= - -The fully loaded version number ($config{full_version}) will be -C<3.0.0-dev>. - -=item 2. - - MAJOR=3 - MINOR=0 - PATCH=0 - PRE_RELEASE_TAG= - BUILD_METADATA=something - -The fully loaded version number ($config{full_version}) will be -C<3.0.0+something>. - -=item 3. - - MAJOR=3 - MINOR=0 - PATCH=0 - PRE_RELEASE_TAG=alpha3 - BUILD_METADATA=something - -The fully loaded version number ($config{full_version}) will be -C<3.0.0-alpha3+something>. - -=back - -=head1 SEE ALSO - -L - -=head1 COPYRIGHT - -Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. - -Licensed under the Apache License 2.0 (the "License"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file LICENSE in the source distribution or at -L. - -=cut diff --git a/doc/internal/man7/build.info.pod b/doc/internal/man7/build.info.pod deleted file mode 100644 index 080c9e444eea4b010aabf27bd64b130a06494184..0000000000000000000000000000000000000000 --- a/doc/internal/man7/build.info.pod +++ /dev/null @@ -1,644 +0,0 @@ -=pod - -=head1 NAME - -build.info - Building information files - -=head1 SYNOPSIS - -B0|1B<]> - -B0|1B<]> - -B - -B - -B I

... - -B I ... - -B I ... - -B I ... - -B I ... - -BIB<]=> I ... - -BIB<]=> I I ... - -BIB<]=> I ... - -BIB<]=> I ... - -BIB<]=> I[B<=>I] ... - -BIB<]=> I ... - -B<$>IB<=>I - -=head1 DESCRIPTION - -OpenSSL's build system revolves around three questions: - -=over 4 - -=item What to build for? - -This is about choice of platform (combination of hardware, operating -system, and toolchain). - -=item What to build? - -This is about having all the information on what needs to be built and -from what. - -=item How to build it? - -This is about build file generation. - -=back - -This document is all about the second item, "What to build?", and most -of all, how to specify that information. - -For some terms used in this document, please see the L at -the end. - -=head2 F files - -F files are meta data files for OpenSSL's built file -generators, and are used to specify exactly what end product files -(programs, libraries, modules or scripts) are to be produced, and from -what sources. - -Intermediate files, such as object files, are seldom referred to at -all. They sometimes can be, if there's a need, but this should happen -very rarely, and support for that sort of thing is added on as-needed -basis. - -Any time a directory or file is expected in a statement value, Unix -syntax must be used, which means that the slash C must be used as -the directory separator. - -=head2 General syntax - -=head3 Comments - -Comments are any line that start with a hash sign (C<#>). The hash -sign may be preceded by any number of horizontal spaces. - -=head3 Filenames - -F files are platform agnostic. This means that there is -some information in them that is representative rather than specific. - -This is particularly visible with end product names, they work more -like a tag than as the actual filename that's going to be produced. -This is because different platforms have different decorations on -different types of files. - -For example, if we say that we want to produce a program C, it -would look like this: - - PROGRAM=foo - -However, the program filename may end up being just C (typical -for Unix), or C (typical for Windows), or even C -(possible on VMS, depending on policy). - -These platform specific decorations are not the concern of -F files. The build file generators are responsible for -transforming these platform agnostic names to their platform specific -counterparts. - -=head3 Statements - -With the exception of variables and conditions, the general statement -syntax is one of: - -=over 4 - -=item B> B<=> I ... - -=item B[>IB<]> B<=> I ... - -=back - -Every B> represents some particular type of information. - -The first form (sometimes called "plain statement") is used to specify -information on what end products need to be built, for example: - - PROGRAMS=foo bar - LIBS=libpoly libcookie - MODULES=awesome-plugin - SCRIPTS=tool1 tool2 - SUBDIRS=dir1 dir2 - -This says that we want to build programs C and C, the -libraries C and C, an awesome plugin module -C, a couple of scripts C and C, and -finally that there are more F files in subdirectories -C and C. - -The second form (sometimes called "indexed statement") is used to -specify further details for existing items, for example: - - SOURCE[foo]=foo.c details.c - DEPEND[foo]=libcookie - -This says that the program C is built from the source files -F and F, and that it depends on the library -C (in other words, the library will be included when -linking that program together). - -Multiple space separated items are allowed too: - - SOURCE[foo]=foo.c - SOURCE[details]=details.c - DEPEND[foo details]=libcookie - -For any indexed statement for which the items haven't been specified -through any plain statement, or where the items exists but the indexed -statement does not apply, the value is simply ignored by the build -file generators. - -=head3 Statement attributes - -Some statements can have attributes added to them, to allow for -variations on how they are treated. - -=over 4 - -=item B{> I | IB<=>I [,...]B<}> -B<=> I ... - -=item B[>IB<]{> I | IB<=>I -[,...]B<}> B<=> I ... - -=back - -Attributes are passed as they are to the build file generators, and -the exact interpretation of those attributes is entirely up to them -(see L below for details). - -A current example: - - LIBS{noinst,has_main}=libtestutil.a - -This says that the static library C should not be -installed (C), and that it includes an object file that has -the C
symbol (C). Most platforms don't need to know -the latter, but there are some where the program linker will not look -for C
in libraries unless it's explicitly told so, so this is -way to tell the build file generator to emit the necessary command -options to make that happen. - -Attributes are accumulated globally. This means that a library could -be given like this in different places: - - # Location 1 - LIBS=libwhatever - - # Location 2 - LIBS{noinst}=libwhatever - - # Location 3 - LIBS{has_main}=libwhatever - -The end result is that the library C will have the -attributes C and C attached to it. - -=head3 Quoting and tokens - -Statement values are normally split into a list of tokens, separated -by spaces. - -To avoid having a value split up into several tokens, they may be -quoted with double (C<">) or single (C<'>) quotes. - -For example: - - PROGRAMS=foo "space cadet" bar - -This says that we sant to build three programs, C, C -and C. - -=head3 Conditionals - -F files include a very simple condition system, involving -the following keywords: - -=over 4 - -=item B0|1B<]> - -=item B0|1B<]> - -=item B - -=item B - -=back - -This works like any condition system with similar syntax, and the -condition value in B and B can really be any literal value -that perl can interpret as true or false. - -Conditional statements are nesting. - -In itself, this is not very powerful, but together with L, -it can be. - -=head3 Variables - -F handles simple variables. They are defined by -assignment: - -=over 4 - -=item B<$>I B<=> I - -=back - -These variables can then be used as part of any statement value or -indexed statement item. This should be used with some care, as -I. - -I - -Variable references can be one of: - -=over 4 - -=item B<$>I or B<${>IB<}> - -Simple reference; the variable reference is replaced with its value, -verbatim. - -=item B<${>IBIBIB<}> - -Substitution reference; the variable reference is replaced with its -value, modified by replacing all occurrences of I with I. - -=back - -=head2 Scope - -Most of the statement values are accumulated globally from all the -F files that are digested. There are two exceptions, -F variables and B statement, for which the scope -is the F file they are in. - -=head2 Perl nuggets - -Whenever a F file is read, it is passed through the Perl -template processor L, which is a small extension of -L. - -Perl nuggets are anything between C<{-> and C<-}>, and whatever the -result from such a nugget is, that value will replace the nugget in -text form. This is useful to get dynamically generated F -statements, and is most often seen used together with the B and -B conditional statements. - -For example: - - IF[{- $disabled{something} -}] - # do whatever's needed when "something" is disabled - ELSIF[{- $somethingelse eq 'blah' -}] - # do whatever's needed to satisfy this condition - ELSE - # fallback - ENDIF - -Normal Perl scope applies, so it's possible to have an initial perl -nugget that sets diverse global variables that are used in later -nuggets. Each nugget is a Perl block of its own, so B definitions -are only in scope within the same nugget, while B definitions are -in scope within the whole F file. - -=head1 REFERENCE - -=head2 Conditionals - -=over 4 - -=item B0|1B<]> - -If the condition is true (represented as C<1> here), everything -between this B and the next corresponding B or B -applies, and the rest until the corresponding B is skipped -over. - -If the condition is false (represented as C<0> here), everything -from this B is skipped over until the next corresponding B -or B, at which point processing continues. - -=item B - -If F statements have been skipped over to this point since -the corresponding B or B, F processing starts -again following this line. - -=item B0|1B<]> - -This is B and B combined. - -=item B - -Marks the end of a conditional. - -=back - -=head2 Plain statements - -=over 4 - -=item B I ... - -This instructs the F reader to also read the F -file in every specified directory. All directories should be given -relative to the location of the current F file. - -=item B I ... - -Collects names of programs that should be built. - -B statements may have attributes, which apply to all the -programs given in such a statement. For example: - - PROGRAMS=foo - PROGRAMS{noinst}=bar - -With those two lines, the program C will not have the attribute -C, while the program C will. - -=item B I ... - -Collects names of libraries that should be built. - -The normal case is that libraries are built in both static and shared -form. However, if a name ends with C<.a>, only the static form will -be produced. - -Similarly, libraries may be referred in indexed statements as just the -plain name, or the name including the ending C<.a>. If given without -the ending C<.a>, any form available will be used, but if given with -the ending C<.a>, the static library form is used unconditionally. - -B statements may have attributes, which apply to all the -libraries given in such a statement. For example: - - LIBS=libfoo - LIBS{noinst}=libbar - -With those two lines, the library C will not have the -attribute C, while the library C will. - -=item B I - -Collects names of dynamically loadable modules that should be built. - -B statements may have attributes, which apply to all the -modules given in such a statement. For example: - - MODULES=foo - MODULES{noinst}=bar - -With those two lines, the module C will not have the attribute -C, while the module C will. - -=item B I - -Collects names of scripts that should be built, or that just exist. -That is how they differ from programs, as programs are always expected -to be compiled from multiple sources. - -B statements may have attributes, which apply to all the -scripts given in such a statement. For example: - - SCRIPTS=foo - SCRIPTS{noinst}=bar - -With those two lines, the script C will not have the attribute -C, while the script C will. - -=back - -=head2 Indexed statements - -=over 4 - -=item BIB<]> B<=> I ... - -Collects dependencies, where I depend on the given Is. - -As a special case, the I may be empty, for which the build file -generators should make the whole build depend on the given Is, -rather than the specific I. - -The I may be any program, library, module, script, or any -filename used as a value anywhere. - -The I may also be literal build file targets. Those are -recognised by being surrounded be vertical bars (also known as the -"pipe" character), C<|>. For example: - - DEPEND[|tests|]=fipsmodule.cnf - -B statements may have attributes, which apply to each -individual dependency in such a statement. For example: - - DEPEND[libfoo.a]=libmandatory.a - DEPEND[libfoo.a]{weak}=libbar.a libcookie.a - -With those statements, the dependency between C and -C is strong, while the dependency between C -and C and C is weak. See the description of -B in L for more information. - -=item BIB<]> B<=> I I ... - -This specifies that the I is generated using the I -with the Is as arguments, plus the name of the output -file as last argument. - -For Is where this is applicable, any B statement -for the same I will be given to the I as its -inclusion directories. Likewise, any B statement for the same -I will be given to the I as an extra file or module -to load, where this is applicable. - -The build file generators must be able to recognise the I. -Currently, they at least recognise files ending in C<.pl>, and will -execute them to generate the I, and files ending in C<.in>, -which will be used as input for L to generate -I (in other words, we use the exact same style of -L mechanism that is used to read F files). - -=item BIB<]> B<=> I ... - -Collects filenames that will be used as source files for I. - -The I must be a singular item, and may be any program, library, -module or script given with B, B, B and -B. - -Static libraries may be sources. In that case, its object files are -used directly when building I instead of relying on library -dependency and symbol resolution (through B statements). - -B statements may have attributes, which apply to each -individual dependency in such a statement. For example: - - SOURCE[prog]=prog_a.c - SOURCE[prog]{check}=prog_b.c prog_c.c - -With those statements, the association between C and C -comes with no extra attributes, while the association between C -and C as well as C comes with the extra attribute -C. - -=item BIB<]> B<=> I ... - -Collects filenames that will be used as source files for I. - -The I must be a singular item, and may be any library or module -given with B or B. For libraries, the given filenames -are only used for their shared form, so if the item is a library name -ending with C<.a>, the filenames will be ignored. - -B statements may have attributes, just as B -statements. - -=item BIB<]> B<=> I[B<=>I] ... - -Collects I / I pairs (or just I with no defined -value if no I is given) associated with I. - -The build file generators will decide what to do with them. For -example, these pairs should become C macro definitions whenever a -C<.c> file is built into an object file. - -=item BIB<]> B<=> I ... - -Collects inclusion directories that will be used when building the -I components (object files and whatever else). This is used at -the discretion of the build file generators. - -=back - -=head2 Known attributes - -Note: this will never be a complete list of attributes. - -=over 4 - -=item B - -This is used to specify that the end products this is set for should -not be installed, that they are only internal. This is applicable on -internal static libraries, or on test programs. - -=item B - -This is used with B, to specify that some scripts should be -installed in the "misc" directory rather than the normal program -directory. - -=item B - -This is used with B, to specify what modules are engines and -should be installed in the engines directory instead of the modules -directory. - -=item B - -This is used with B where libraries are involved, to specify -that the dependency between two libraries is weak and is only there to -infer order. - -Without this attribute, a dependency between two libraries, expressed -like this, means that if C appears in a linking command -line, so will C: - - DEPEND[libfoo.a]=libmandatory.a - -With this attribute, a dependency between two libraries, expressed -like this, means that if I C and C -appear in a linking command line (because of recursive dependencies -through other libraries), they will be ordered in such a way that this -dependency is maintained: - - DEPEND[libfoo.a]{weak}=libfoo.a libcookie.a - -This is useful in complex dependency trees where two libraries can be -used as alternatives for each other. In this example, C and -C have alternative implementations of the same thing, and -C has unresolved references to that same thing, and is -therefore depending on either of them, but not both at the same time: - - DEPEND[program1]=libmandatory.a lib1.a - DEPEND[program2]=libmandatory.a lib2.a - DEPEND[libmandatory]{weak}=lib1.a lib2.a - -=back - -=head1 GLOSSARY - -=over 4 - -=item "build file" - -This is any platform specific file that describes the complete build, -with platform specific commands. On Unix, this is typically -F; on VMS, this is typically F. - -=item "build file generator" - -Perl code that generates build files, given configuration data and -data collected from F files. - -=item "plain statement" - -Any F statement of the form B>=I, with -the exception of conditional statements and variable assignments. - -=item "indexed statement" - -Any F statement of the form B[>IB<]=>I, -with the exception of conditional statements. - -=item "intermediate file" - -Any file that's an intermediate between a source file and an end -product. - -=item "end product" - -Any file that is mentioned in the B, B, B or -B. - -=back - -=head1 SEE ALSO - -For OpenSSL::Template documentation, -C - -L - -=head1 COPYRIGHT - -Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. - -Licensed under the Apache License 2.0 (the "License"). You may not use this -file except in compliance with the License. You can obtain a copy in the file -LICENSE in the source distribution or at -L. - -=cut diff --git a/doc/internal/man7/deprecation.pod b/doc/internal/man7/deprecation.pod deleted file mode 100644 index 13a4b059a04cced5a88d27e87dd431d23bfcc264..0000000000000000000000000000000000000000 --- a/doc/internal/man7/deprecation.pod +++ /dev/null @@ -1,140 +0,0 @@ -=pod - -=head1 NAME - -OPENSSL_NO_DEPRECATED_3_0, OSSL_DEPRECATEDIN_3_0, -OPENSSL_NO_DEPRECATED_1_1_1, OSSL_DEPRECATEDIN_1_1_1, -OPENSSL_NO_DEPRECATED_1_1_0, OSSL_DEPRECATEDIN_1_1_0, -OPENSSL_NO_DEPRECATED_1_0_2, OSSL_DEPRECATEDIN_1_0_2, -OPENSSL_NO_DEPRECATED_1_0_1, OSSL_DEPRECATEDIN_1_0_1, -OPENSSL_NO_DEPRECATED_1_0_0, OSSL_DEPRECATEDIN_1_0_0, -OPENSSL_NO_DEPRECATED_0_9_8, OSSL_DEPRECATEDIN_0_9_8, -deprecation - How to do deprecation - -=head1 DESCRIPTION - -Deprecation of a symbol is adding an attribute to the declaration of that -symbol (function, type, variable, but we currently only do that for -functions in our public header files, F<< >>). - -Removal of a symbol is not the same thing as deprecation, as it actually -explicitly removes the symbol from public view. - -OpenSSL configuration supports deprecation as well as simulating removal of -symbols from public view (with the configuration option C, or -if the user chooses to do so, with L), and also -supports doing this in terms of a specified OpenSSL version (with the -configuration option C<--api>, or if the user chooses to do so, with -L). - -Deprecation is done using attribute macros named -B>, used with any declaration it applies to. - -Simulating removal is done with C<#ifndef> preprocessor guards using macros -named B>. - -B> and B> are -defined in F<< >>. - -In those macro names, B> corresponds to the OpenSSL release since -which the deprecation applies, with underscores instead of periods. Because -of the change in version scheme with OpenSSL 3.0, the B> for -versions before that are three numbers (such as C<1_1_0>), while they are -two numbers (such as C<3_0>) from 3.0 and on. - -The implementation of a deprecated symbol is kept for one of two reasons: - -=over 4 - -=item Planned to be removed - -The symbol and its implementation are planned to be removed some time in the -future, but needs to remain available until that time. -Such an implementation needs to be guarded appropriately, as shown in -L below. - -=item Planned to remain internally - -The symbol is planned to be removed from public view, but will otherwise -remain for internal purposes. In this case, the implementation doesn't need -to change or be guarded. - -However, it's necessary to ensure that the declaration remains available for -the translation unit where the symbol is used or implemented, even when the -symbol is publicly unavailable through simulated removal. That's done by -including an internal header file very early in the affected translation -units. See L below. - -In the future, when the deprecated declaration is to actually be removed -from public view, it should be moved to an internal header file, with the -deprecation attribute removed, and the translation units that implement or -use that symbol should adjust their header inclusions accordingly. - -=back - -=head1 EXAMPLES - -=head2 Header files - -In public header files (F<< >>), this is what a deprecation is -expected to look like, including the preprocessor wrapping for simulated -removal: - - # ifndef OPENSSL_NO_DEPRECATED_3_0 - /* ... */ - - OSSL_DEPRECATEDIN_3_0 RSA *RSA_new_method(ENGINE *engine); - - /* ... */ - # endif - -=head2 Implementations to be removed - -For a deprecated function that we plan to remove in the future, for example -RSA_new_method(), the following should be found very early (before including -any OpenSSL header file) in the translation unit that implements it and in -any translation unit that uses it: - - /* - * Suppress deprecation warnings for RSA low level implementations that are - * kept until removal. - */ - #define OPENSSL_SUPPRESS_DEPRECATED - -The RSA_new_method() implementation itself must be guarded the same way as -its declaration in the public header file is: - - #ifndef OPENSSL_NO_DEPRECATED_3_0 - RSA *RSA_new_method(ENGINE *engine) - { - /* ... */ - } - #endif - -=head2 Implementations to remain internally - -For a deprecated function that we plan to keep internally, for example -RSA_size(), the following should be found very early (before including any -other OpenSSL header file) in the translation unit that implements it and in -any translation unit that uses it: - - /* - * RSA low level APIs are deprecated for public use, but are kept for - * internal use. - */ - #include "internal/deprecated.h" - -=head1 SEE ALSO - -L - -=head1 COPYRIGHT - -Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. - -Licensed under the Apache License 2.0 (the "License"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file LICENSE in the source distribution or at -L. - -=cut diff --git a/doc/life-cycles/Makefile b/doc/life-cycles/Makefile deleted file mode 100644 index 4c12558e63df4b2fdf9f724d2f4ed4bfa0c64578..0000000000000000000000000000000000000000 --- a/doc/life-cycles/Makefile +++ /dev/null @@ -1,26 +0,0 @@ -GRAPHS=cipher.dot digest.dot kdf.dot mac.dot pkey.dot rand.dot -IMAGES= - -all: png txt -png: $(subst .dot,.png,$(GRAPHS)) -txt: $(subst .dot,.txt,$(GRAPHS)) - @echo - @echo Remember to check and manually fix the mistakes before merging - @echo into the man pages. - @echo - -# for the dot program: -# sudo apt install graphviz -%.png: %.dot - dot -Tpng -O $< - @mv $<.png $@ - -# for the graph-easy program: -# sudo apt install cpanminus -# sudo cpanm Graph::Easy -%.txt: %.dot - graph-easy --from=dot --as_ascii < $< > $@ - -clean: - rm -f $(wildcard *.png) $(wildcard *.txt) - diff --git a/doc/life-cycles/README.md b/doc/life-cycles/README.md deleted file mode 100644 index e65c3d3435fc0aa7262ad3d06e85fedc6d8971ae..0000000000000000000000000000000000000000 --- a/doc/life-cycles/README.md +++ /dev/null @@ -1,20 +0,0 @@ -Algorithm Life-Cycle Diagrams -============================= - -This directory contains the algorithm life-cycle diagram sources. - -The canonical life-cycles are in the spreadsheet. - -The various .dot files are graph descriptions for the -[GraphViz](https://www.graphviz.org/) tool. These omit edges and should -be used for guidance only. - -To generate the rendered images, you need to install the following packages: - - sudo apt install graphviz cpanminus - sudo cpanm Graph::Easy - -Running `make` will produce a number of `.txt` and `.png` files. -These are the rendered `.dot` files. The `.txt` files require -additional editing before they can be added to the manual pages in -`internal/man7/life_cycle-*.pod`. diff --git a/doc/life-cycles/cipher.dot b/doc/life-cycles/cipher.dot deleted file mode 100644 index c1d5b8346890da34fa87550b387a50e9a497ef40..0000000000000000000000000000000000000000 --- a/doc/life-cycles/cipher.dot +++ /dev/null @@ -1,72 +0,0 @@ -digraph cipher { - bgcolor="transparent"; - - begin [label=start, color="#deeaee", style="filled"]; - newed [fontcolor="#c94c4c", style="solid"]; - - initialised [fontcolor="#c94c4c"]; - updated [fontcolor="#c94c4c"]; - finaled [fontcolor="#c94c4c"]; - end [label="freed", color="#deeaee", style="filled"]; - - d_initialised [label="initialised\n(decryption)", fontcolor="#c94c4c"]; - d_updated [label="updated\n(decryption)", fontcolor="#c94c4c"]; - e_initialised [label="initialised\n(encryption)", fontcolor="#c94c4c"]; - e_updated [label="updated\n(encryption)", fontcolor="#c94c4c"]; - - begin -> newed [label="EVP_CIPHER_CTX_new"]; - newed -> initialised [label="EVP_CipherInit"]; - initialised -> initialised [label="EVP_CipherInit\n(not required but allowed)", - style=dashed]; - initialised -> updated [label="EVP_CipherUpdate", weight=2]; - updated -> updated [label="EVP_CipherUpdate"]; - updated -> finaled [label="EVP_CipherFinal"]; - finaled -> finaled [label="EVP_CIPHER_CTX_get_params\n(AEAD encryption)", - style=dashed]; - finaled -> end [label="EVP_CIPHER_CTX_free"]; - newed -> d_initialised [label="EVP_DecryptInit"]; - d_initialised -> d_initialised [label="EVP_DecryptInit\n(not required but allowed)", - style=dashed]; - d_initialised -> d_updated [label="EVP_DecryptUpdate", weight=2]; - d_updated -> d_updated [label="EVP_DecryptUpdate"]; - d_updated -> finaled [label="EVP_DecryptFinal"]; - newed -> e_initialised [label="EVP_EncryptInit"]; - e_initialised -> e_initialised [label="EVP_EncryptInit\n(not required but allowed)", - style=dashed]; - e_initialised -> e_updated [label="EVP_EncryptUpdate", weight=2]; - e_updated -> e_updated [label="EVP_EncryptUpdate"]; - e_updated -> finaled [label="EVP_EncryptFinal"]; - most -> newed [label="EVP_CIPHER_CTX_reset", style=dashed, - color="#034f84", fontcolor="#034f84"]; - most [label="any of the initialised\nupdated or finaled states", style=dashed, - color="#034f84", fontcolor="#034f84"]; -} - -/* This is a version with a single flavour which is easier to comprehend -digraph cipher { - bgcolor="transparent"; - - begin [label=start, color="#deeaee", style="filled"]; - newed [fontcolor="#c94c4c", style="solid"]; - initialised [fontcolor="#c94c4c"]; - updated [fontcolor="#c94c4c"]; - finaled [fontcolor="#c94c4c"]; - end [label="freed", color="#deeaee", style="filled"]; - - begin -> newed [label="EVP_CIPHER_CTX_new"]; - newed -> initialised [label="EVP_CipherInit"]; - initialised -> initialised [label="EVP_CipherInit\n(not required but allowed)", - style=dashed]; - initialised -> updated [label="EVP_CipherUpdate", weight=2]; - updated -> updated [label="EVP_CipherUpdate"]; - updated -> finaled [label="EVP_CipherFinal"]; - finaled -> finaled [label="EVP_CIPHER_CTX_get_params\n(AEAD encryption)", - style=dashed]; - finaled -> end [label="EVP_CIPHER_CTX_free"]; - finaled -> newed [label="EVP_CIPHER_CTX_reset", style=dashed, - color="#034f84", fontcolor="#034f84"]; - updated -> newed [label="EVP_CIPHER_CTX_reset", style=dashed, - color="#034f84", fontcolor="#034f84"]; -} -*/ - diff --git a/doc/life-cycles/digest.dot b/doc/life-cycles/digest.dot deleted file mode 100644 index 8d4d72480c9accda24a287ad0a870598c85def5f..0000000000000000000000000000000000000000 --- a/doc/life-cycles/digest.dot +++ /dev/null @@ -1,33 +0,0 @@ -digraph digest { - bgcolor="transparent"; - - begin [label=start, color="#deeaee", style="filled"]; - newed [label=newed, fontcolor="#c94c4c", style="solid"]; - initialised [label=initialised, fontcolor="#c94c4c"]; - updated [label=updated, fontcolor="#c94c4c"]; - finaled [label="finaled", fontcolor="#c94c4c"]; - end [label="freed", color="#deeaee", style="filled"]; - - begin -> newed [label="EVP_MD_CTX_new"]; - newed -> initialised [label="EVP_DigestInit"]; - initialised -> updated [label="EVP_DigestUpdate", weight=3]; - updated -> updated [label="EVP_DigestUpdate"]; - updated -> finaled [label="EVP_DigestFinal"]; - updated -> finaled [label="EVP_DigestFinalXOF", - fontcolor="#808080", color="#808080"]; - /* Once this works it should go back in: - finaled -> finaled [taillabel="EVP_DigestFinalXOF", - labeldistance=9, labelangle=345, - labelfontcolor="#808080", color="#808080"]; - */ - finaled -> end [label="EVP_MD_CTX_free"]; - finaled -> newed [label="EVP_MD_CTX_reset", style=dashed, weight=2, - color="#034f84", fontcolor="#034f84"]; - updated -> newed [label="EVP_MD_CTX_reset", style=dashed, - color="#034f84", fontcolor="#034f84"]; - updated -> initialised [label="EVP_DigestInit", weight=0, style=dashed, - color="#034f84", fontcolor="#034f84"]; - finaled -> initialised [label="EVP_DigestInit", style=dashed, - color="#034f84", fontcolor="#034f84"]; -} - diff --git a/doc/life-cycles/kdf.dot b/doc/life-cycles/kdf.dot deleted file mode 100644 index 2dce34377db661bdaa721c04b69b0d60f4ae2c19..0000000000000000000000000000000000000000 --- a/doc/life-cycles/kdf.dot +++ /dev/null @@ -1,16 +0,0 @@ -strict digraph kdf { - bgcolor="transparent"; - - begin [label=start, color="#deeaee", style="filled"]; - newed [label="newed", fontcolor="#c94c4c", style="solid"]; - deriving [label="deriving", fontcolor="#c94c4c"]; - end [label="freed", color="#deeaee", style="filled"]; - - begin -> newed [label="EVP_KDF_CTX_new"]; - newed -> deriving [label="EVP_KDF_derive"]; - deriving -> deriving [label="EVP_KDF_derive", style=dashed]; - deriving -> end [label="EVP_KDF_CTX_free"]; - deriving -> newed [label="EVP_KDF_CTX_reset", style=dashed, - color="#034f84", fontcolor="#034f84"]; -} - diff --git a/doc/life-cycles/lifecycles.ods b/doc/life-cycles/lifecycles.ods deleted file mode 100644 index 6cc2030a9efa0f49ea8707b0e65f11f9743448c6..0000000000000000000000000000000000000000 Binary files a/doc/life-cycles/lifecycles.ods and /dev/null differ diff --git a/doc/life-cycles/mac.dot b/doc/life-cycles/mac.dot deleted file mode 100644 index fe277f8328e613cd00650c94503478654328c301..0000000000000000000000000000000000000000 --- a/doc/life-cycles/mac.dot +++ /dev/null @@ -1,28 +0,0 @@ -digraph mac { - bgcolor="transparent"; - - begin [label=start, color="#deeaee", style="filled"]; - newed [fontcolor="#c94c4c", style="solid"]; - initialised [fontcolor="#c94c4c"]; - updated [fontcolor="#c94c4c"]; - finaled [fontcolor="#c94c4c"]; - end [label=freed, color="#deeaee", style="filled"]; - - begin -> newed [label="EVP_MAC_CTX_new"]; - newed -> initialised [label="EVP_MAC_init"]; - initialised -> updated [label="EVP_MAC_update"]; - updated -> updated [label="EVP_MAC_update"]; - updated -> finaled [label="EVP_MAC_final"]; - updated -> finaled [label="EVP_MAC_finalXOF", - fontcolor="#808080", color="#808080"]; - /* Once this works it should go back in: - finaled -> finaled [label="EVP_MAC_final_XOF", - fontcolor="#808080", color="#808080"]; - */ - finaled -> end [label="EVP_MAC_CTX_free"]; - updated -> initialised [label="EVP_MAC_init", style=dashed, - color="#034f84", fontcolor="#034f84"]; - finaled -> initialised [label="EVP_MAC_init", style=dashed, - color="#034f84", fontcolor="#034f84"]; -} - diff --git a/doc/life-cycles/pkey.dot b/doc/life-cycles/pkey.dot deleted file mode 100644 index 58b3a0c5bb77e78b5bc3d4350fc06a187db2ef44..0000000000000000000000000000000000000000 --- a/doc/life-cycles/pkey.dot +++ /dev/null @@ -1,49 +0,0 @@ -strict digraph pkey { - bgcolor="transparent"; - layout=circo - - begin [label=start, color="#deeaee", style="filled"]; - newed [fontcolor="#c94c4c", style="solid"]; - digestsign [label="digest sign", fontcolor="#AB3910", color="#AB3910"] - verify [fontcolor="#F8CF2C", color="#F8CF2C"] - verifyrecover [label="verify recover", fontcolor="#B19FF9", color="#B19FF9"] - encrypt [fontcolor="#63AAC0", color="#63AAC0"] - decrypt [fontcolor="#425F06", color="#425F06"] - derive [fontcolor="#FEA303", color="#FEA303"] - encapsulate [fontcolor="#D95980", color="#D95980"] - decapsulate [fontcolor="#A16AE8", color="#A16AE8"] - paramgen [label="parameter\ngeneration", fontcolor="#2879C0", color="#2879C0"] - keygen [label="key\ngeneration", fontcolor="#2F7604", color="#2F7604"] - - begin -> newed [label="EVP_PKEY_CTX_new"]; - - newed -> digestsign [label="EVP_PKEY_sign_init", color="#AB3910", fontcolor="#AB3910"]; - digestsign -> digestsign [label="EVP_PKEY_sign", color="#AB3910", fontcolor="#AB3910"]; - - newed -> verify [label="EVP_PKEY_verify_init", fontcolor="#F8CF2C", color="#F8CF2C"]; - verify -> verify [label="EVP_PKEY_verify", fontcolor="#F8CF2C", color="#F8CF2C"]; - - newed -> verifyrecover [label="EVP_PKEY_verify_recover_init", fontcolor="#B19FF9", color="#B19FF9"]; - verifyrecover -> verifyrecover [label="EVP_PKEY_verify_recover", fontcolor="#B19FF9", color="#B19FF9"]; - - newed -> encrypt [label="EVP_PKEY_encrypt_init", fontcolor="#63AAC0", color="#63AAC0"]; - encrypt -> encrypt [label="EVP_PKEY_encrypt", fontcolor="#63AAC0", color="#63AAC0"]; - - newed -> decrypt [label="EVP_PKEY_decrypt_init", fontcolor="#425F06", color="#425F06"]; - decrypt -> decrypt [label="EVP_PKEY_decrypt", fontcolor="#425F06", color="#425F06"]; - - newed -> derive [label="EVP_PKEY_derive_init", fontcolor="#FEA303", color="#FEA303"]; - derive -> derive [label="EVP_PKEY_derive\nEVP_PKEY_derive_set_peer", fontcolor="#FEA303", color="#FEA303"]; - - newed -> encapsulate [label="EVP_PKEY_encapsulate_init", fontcolor="#D95980", color="#D95980"]; - encapsulate -> encapsulate [label="EVP_PKEY_encapsulate", fontcolor="#D95980", color="#D95980"]; - - newed -> decapsulate [label="EVP_PKEY_decapsulate_init", fontcolor="#A16AE8", color="#A16AE8"]; - decapsulate -> decapsulate [label="EVP_PKEY_decapsulate", fontcolor="#A16AE8", color="#A16AE8"]; - - newed -> paramgen [label="EVP_PKEY_paramgen_init", fontcolor="#2879C0", color="#2879C0"]; - paramgen -> paramgen [label="EVP_PKEY_paramgen\nEVP_PKEY_gen", fontcolor="#2879C0", color="#2879C0"]; - - newed -> keygen [label="EVP_PKEY_keygen_init", fontcolor="#2F7604", color="#2F7604"]; - keygen -> keygen [label="EVP_PKEY_keygen\nEVP_PKEY_gen", fontcolor="#2F7604", color="#2F7604"]; -} diff --git a/doc/life-cycles/rand.dot b/doc/life-cycles/rand.dot deleted file mode 100644 index a57cf710c75d520a2b4d8bbac522bb8573f830b1..0000000000000000000000000000000000000000 --- a/doc/life-cycles/rand.dot +++ /dev/null @@ -1,17 +0,0 @@ -strict digraph rand { - bgcolor="transparent"; - - begin [label=start, color="#deeaee", style="filled"]; - newed [fontcolor="#c94c4c", style="solid"]; - instantiated [fontcolor="#c94c4c"]; - uninstantiated [fontcolor="#c94c4c"]; - end [label="freed", color="#deeaee", style="filled"]; - - begin -> newed [label="EVP_RAND_CTX_new"]; - newed -> instantiated [label="EVP_RAND_instantiate"]; - instantiated -> instantiated [label="EVP_RAND_generate"]; - instantiated -> uninstantiated [label="EVP_RAND_uninstantiate"]; - uninstantiated -> end [label="EVP_RAND_CTX_free"]; - uninstantiated -> instantiated [label="EVP_RAND_instantiate", style=dashed, color="#034f84", fontcolor="#034f84"]; -} - diff --git a/doc/man1/CA.pl.pod b/doc/man1/CA.pl.pod deleted file mode 100644 index e05775cdca668c4bf7287361d9f9305f6b276ec0..0000000000000000000000000000000000000000 --- a/doc/man1/CA.pl.pod +++ /dev/null @@ -1,199 +0,0 @@ -=pod - -=head1 NAME - -CA.pl - friendlier interface for OpenSSL certificate programs - -=head1 SYNOPSIS - -B -B<-?> | -B<-h> | -B<-help> - -B -B<-newcert> | -B<-newreq> | -B<-newreq-nodes> | -B<-xsign> | -B<-sign> | -B<-signCA> | -B<-signcert> | -B<-crl> | -B<-newca> -[B<-extra-I> I] - -B B<-pkcs12> [I] - -B B<-verify> I ... - -B B<-revoke> I [I] - -=head1 DESCRIPTION - -The B script is a perl script that supplies the relevant command line -arguments to the L command for some common certificate operations. -It is intended to simplify the process of certificate creation and management -by the use of some simple options. - -The script is intended as a simple front end for the L program for -use by a beginner. Its behaviour isn't always what is wanted. For more control -over the behaviour of the certificate commands call the L command -directly. - -Most of the filenames mentioned below can be modified by editing the -B script. - -Under some environments it may not be possible to run the B script -directly (for example Win32) and the default configuration file location may -be wrong. In this case the command: - - perl -S CA.pl - -can be used and the B environment variable can be set to point to -the correct path of the configuration file. - -=head1 OPTIONS - -=over 4 - -=item B<-?>, B<-h>, B<-help> - -Prints a usage message. - -=item B<-newcert> - -Creates a new self signed certificate. The private key is written to the file -F and the request written to the file F. -Invokes L. - -=item B<-newreq> - -Creates a new certificate request. The private key is written to the file -F and the request written to the file F. -Executes L under the hood. - -=item B<-newreq-nodes> - -Is like B<-newreq> except that the private key will not be encrypted. -Uses L. - -=item B<-newca> - -Creates a new CA hierarchy for use with the B program (or the B<-signcert> -and B<-xsign> options). The user is prompted to enter the filename of the CA -certificates (which should also contain the private key) or by hitting ENTER -details of the CA will be prompted for. The relevant files and directories -are created in a directory called F in the current directory. -Uses L and L. - -If the F directory already exists then the B<-newca> command will not -overwrite it and will do nothing. This can happen if a previous call using -the B<-newca> option terminated abnormally. To get the correct behaviour -delete the directory if it already exists. - -=item B<-pkcs12> - -Create a PKCS#12 file containing the user certificate, private key and CA -certificate. It expects the user certificate and private key to be in the -file F and the CA certificate to be in the file F, -it creates a file F. This command can thus be called after the -B<-sign> option. The PKCS#12 file can be imported directly into a browser. -If there is an additional argument on the command line it will be used as the -"friendly name" for the certificate (which is typically displayed in the browser -list box), otherwise the name "My Certificate" is used. -Delegates work to L. - -=item B<-sign>, B<-signcert>, B<-xsign> - -Calls the L command to sign a certificate request. It expects the -request to be in the file F. The new certificate is written to the -file F except in the case of the B<-xsign> option when it is -written to standard output. - -=item B<-signCA> - -This option is the same as the B<-sign> option except it uses the -configuration file section B and so makes the signed request a -valid CA certificate. This is useful when creating intermediate CA from -a root CA. Extra params are passed to L. - -=item B<-signcert> - -This option is the same as B<-sign> except it expects a self signed certificate -to be present in the file F. -Extra params are passed to L and L. - -=item B<-crl> - -Generate a CRL. Executes L. - -=item B<-revoke> I [I] - -Revoke the certificate contained in the specified B. An optional -reason may be specified, and must be one of: B, -B, B, B, B, -B, B, or B. -Leverages L. - -=item B<-verify> - -Verifies certificates against the CA certificate for F. If no -certificates are specified on the command line it tries to verify the file -F. Invokes L. - -=item B<-extra-I> I - -For each option B>, pass I to the L -sub-command with the same name as I, if that sub-command is invoked. -For example, if L is invoked, the I given with -B<-extra-req> will be passed to it. -For multi-word parameters, either repeat the option or quote the I -so it looks like one word to your shell. -See the individual command documentation for more information. - -=back - -=head1 EXAMPLES - -Create a CA hierarchy: - - CA.pl -newca - -Complete certificate creation example: create a CA, create a request, sign -the request and finally create a PKCS#12 file containing it. - - CA.pl -newca - CA.pl -newreq - CA.pl -sign - CA.pl -pkcs12 "My Test Certificate" - -=head1 ENVIRONMENT - -The environment variable B may be used to specify the name of -the OpenSSL program. It can be a full pathname, or a relative one. - -The environment variable B may be used to specify a -configuration option and value to the B and B commands invoked by -this script. It's value should be the option and pathname, as in -C<-config /path/to/conf-file>. - -=head1 SEE ALSO - -L, -L, -L, -L, -L, -L - -=head1 COPYRIGHT - -Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. - -Licensed under the Apache License 2.0 (the "License"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file LICENSE in the source distribution or at -L. - -=cut diff --git a/doc/man1/build.info b/doc/man1/build.info deleted file mode 100644 index b796fce42fdd900ef6ed6f37954fa551e15cd176..0000000000000000000000000000000000000000 --- a/doc/man1/build.info +++ /dev/null @@ -1,57 +0,0 @@ -# All .pod.in files are detected by build.info in the parent directory, and -# turned into appropriate DEPEND and GENERATE lines. All we need here are -# the additional dependencies on ../perlvars.pm. - -DEPEND[openssl-asn1parse.pod]=../perlvars.pm -DEPEND[openssl-ca.pod]=../perlvars.pm -DEPEND[openssl-ciphers.pod]=../perlvars.pm -DEPEND[openssl-cmds.pod]=../perlvars.pm -DEPEND[openssl-cmp.pod]=../perlvars.pm -DEPEND[openssl-cms.pod]=../perlvars.pm -DEPEND[openssl-crl2pkcs7.pod]=../perlvars.pm -DEPEND[openssl-crl.pod]=../perlvars.pm -DEPEND[openssl-dgst.pod]=../perlvars.pm -DEPEND[openssl-dhparam.pod]=../perlvars.pm -DEPEND[openssl-dsaparam.pod]=../perlvars.pm -DEPEND[openssl-dsa.pod]=../perlvars.pm -DEPEND[openssl-ecparam.pod]=../perlvars.pm -DEPEND[openssl-ec.pod]=../perlvars.pm -DEPEND[openssl-enc.pod]=../perlvars.pm -DEPEND[openssl-engine.pod]=../perlvars.pm -DEPEND[openssl-errstr.pod]=../perlvars.pm -DEPEND[openssl-fipsinstall.pod]=../perlvars.pm -DEPEND[openssl-gendsa.pod]=../perlvars.pm -DEPEND[openssl-genpkey.pod]=../perlvars.pm -DEPEND[openssl-genrsa.pod]=../perlvars.pm -DEPEND[openssl-info.pod]=../perlvars.pm -DEPEND[openssl-kdf.pod]=../perlvars.pm -DEPEND[openssl-list.pod]=../perlvars.pm -DEPEND[openssl-mac.pod]=../perlvars.pm -DEPEND[openssl-nseq.pod]=../perlvars.pm -DEPEND[openssl-ocsp.pod]=../perlvars.pm -DEPEND[openssl-passwd.pod]=../perlvars.pm -DEPEND[openssl-pkcs12.pod]=../perlvars.pm -DEPEND[openssl-pkcs7.pod]=../perlvars.pm -DEPEND[openssl-pkcs8.pod]=../perlvars.pm -DEPEND[openssl-pkeyparam.pod]=../perlvars.pm -DEPEND[openssl-pkey.pod]=../perlvars.pm -DEPEND[openssl-pkeyutl.pod]=../perlvars.pm -DEPEND[openssl-prime.pod]=../perlvars.pm -DEPEND[openssl-rand.pod]=../perlvars.pm -DEPEND[openssl-rehash.pod]=../perlvars.pm -DEPEND[openssl-req.pod]=../perlvars.pm -DEPEND[openssl-rsa.pod]=../perlvars.pm -DEPEND[openssl-rsautl.pod]=../perlvars.pm -DEPEND[openssl-s_client.pod]=../perlvars.pm -DEPEND[openssl-sess_id.pod]=../perlvars.pm -DEPEND[openssl-smime.pod]=../perlvars.pm -DEPEND[openssl-speed.pod]=../perlvars.pm -DEPEND[openssl-spkac.pod]=../perlvars.pm -DEPEND[openssl-srp.pod]=../perlvars.pm -DEPEND[openssl-s_server.pod]=../perlvars.pm -DEPEND[openssl-s_time.pod]=../perlvars.pm -DEPEND[openssl-storeutl.pod]=../perlvars.pm -DEPEND[openssl-ts.pod]=../perlvars.pm -DEPEND[openssl-verify.pod]=../perlvars.pm -DEPEND[openssl-version.pod]=../perlvars.pm -DEPEND[openssl-x509.pod]=../perlvars.pm diff --git a/doc/man1/openssl-asn1parse.pod.in b/doc/man1/openssl-asn1parse.pod.in deleted file mode 100644 index f098c89c33822fec94c9fddcaac9fefb7c9e08d4..0000000000000000000000000000000000000000 --- a/doc/man1/openssl-asn1parse.pod.in +++ /dev/null @@ -1,220 +0,0 @@ -=pod -{- OpenSSL::safe::output_do_not_edit_headers(); -} - -=head1 NAME - -openssl-asn1parse - ASN.1 parsing command - -=head1 SYNOPSIS - -B B -[B<-help>] -[B<-inform> B|B] -[B<-in> I] -[B<-out> I] -[B<-noout>] -[B<-offset> I] -[B<-length> I] -[B<-i>] -[B<-oid> I] -[B<-dump>] -[B<-dlimit> I] -[B<-strparse> I] -[B<-genstr> I] -[B<-genconf> I] -[B<-strictpem>] -[B<-item> I] - -=head1 DESCRIPTION - -This command is a diagnostic utility that can parse ASN.1 structures. -It can also be used to extract data from ASN.1 formatted data. - -=head1 OPTIONS - -=over 4 - -=item B<-help> - -Print out a usage message. - -=item B<-inform> B|B - -The input format; the default is B. -See L for details. - -=item B<-in> I - -The input file, default is standard input. - -=item B<-out> I - -Output file to place the DER encoded data into. If this -option is not present then no data will be output. This is most useful when -combined with the B<-strparse> option. - -=item B<-noout> - -Don't output the parsed version of the input file. - -=item B<-offset> I - -Starting offset to begin parsing, default is start of file. - -=item B<-length> I - -Number of bytes to parse, default is until end of file. - -=item B<-i> - -Indents the output according to the "depth" of the structures. - -=item B<-oid> I - -A file containing additional OBJECT IDENTIFIERs (OIDs). The format of this -file is described in the NOTES section below. - -=item B<-dump> - -Dump unknown data in hex format. - -=item B<-dlimit> I - -Like B<-dump>, but only the first B bytes are output. - -=item B<-strparse> I - -Parse the contents octets of the ASN.1 object starting at B. This -option can be used multiple times to "drill down" into a nested structure. - -=item B<-genstr> I, B<-genconf> I - -Generate encoded data based on I, I or both using -L format. If I only is -present then the string is obtained from the default section using the name -B. The encoded data is passed through the ASN1 parser and printed out as -though it came from a file, the contents can thus be examined and written to a -file using the B<-out> option. - -=item B<-strictpem> - -If this option is used then B<-inform> will be ignored. Without this option any -data in a PEM format input file will be treated as being base64 encoded and -processed whether it has the normal PEM BEGIN and END markers or not. This -option will ignore any data prior to the start of the BEGIN marker, or after an -END marker in a PEM file. - -=item B<-item> I - -Attempt to decode and print the data as an B I. This can be -used to print out the fields of any supported ASN.1 structure if the type is -known. - -=back - -=head2 Output - -The output will typically contain lines like this: - - 0:d=0 hl=4 l= 681 cons: SEQUENCE - -..... - - 229:d=3 hl=3 l= 141 prim: BIT STRING - 373:d=2 hl=3 l= 162 cons: cont [ 3 ] - 376:d=3 hl=3 l= 159 cons: SEQUENCE - 379:d=4 hl=2 l= 29 cons: SEQUENCE - 381:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Subject Key Identifier - 386:d=5 hl=2 l= 22 prim: OCTET STRING - 410:d=4 hl=2 l= 112 cons: SEQUENCE - 412:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Authority Key Identifier - 417:d=5 hl=2 l= 105 prim: OCTET STRING - 524:d=4 hl=2 l= 12 cons: SEQUENCE - -..... - -This example is part of a self-signed certificate. Each line starts with the -offset in decimal. C specifies the current depth. The depth is increased -within the scope of any SET or SEQUENCE. C gives the header length -(tag and length octets) of the current type. C gives the length of -the contents octets. - -The B<-i> option can be used to make the output more readable. - -Some knowledge of the ASN.1 structure is needed to interpret the output. - -In this example the BIT STRING at offset 229 is the certificate public key. -The contents octets of this will contain the public key information. This can -be examined using the option C<-strparse 229> to yield: - - 0:d=0 hl=3 l= 137 cons: SEQUENCE - 3:d=1 hl=3 l= 129 prim: INTEGER :E5D21E1F5C8D208EA7A2166C7FAF9F6BDF2059669C60876DDB70840F1A5AAFA59699FE471F379F1DD6A487E7D5409AB6A88D4A9746E24B91D8CF55DB3521015460C8EDE44EE8A4189F7A7BE77D6CD3A9AF2696F486855CF58BF0EDF2B4068058C7A947F52548DDF7E15E96B385F86422BEA9064A3EE9E1158A56E4A6F47E5897 - 135:d=1 hl=2 l= 3 prim: INTEGER :010001 - -=head1 NOTES - -If an OID is not part of OpenSSL's internal table it will be represented in -numerical form (for example 1.2.3.4). The file passed to the B<-oid> option -allows additional OIDs to be included. Each line consists of three columns, -the first column is the OID in numerical format and should be followed by white -space. The second column is the "short name" which is a single word followed -by whitespace. The final column is the rest of the line and is the -"long name". Example: - -C<1.2.3.4 shortName A long name> - -For any OID with an associated short and long name, this command will display -the long name. - -=head1 EXAMPLES - -Parse a file: - - openssl asn1parse -in file.pem - -Parse a DER file: - - openssl asn1parse -inform DER -in file.der - -Generate a simple UTF8String: - - openssl asn1parse -genstr 'UTF8:Hello World' - -Generate and write out a UTF8String, don't print parsed output: - - openssl asn1parse -genstr 'UTF8:Hello World' -noout -out utf8.der - -Generate using a config file: - - openssl asn1parse -genconf asn1.cnf -noout -out asn1.der - -Example config file: - - asn1=SEQUENCE:seq_sect - - [seq_sect] - - field1=BOOL:TRUE - field2=EXP:0, UTF8:some random string - - -=head1 BUGS - -There should be options to change the format of output lines. The output of some -ASN.1 types is not well handled (if at all). - -=head1 SEE ALSO - -L, -L - -=head1 COPYRIGHT - -Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. - -Licensed under the Apache License 2.0 (the "License"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file LICENSE in the source distribution or at -L. - -=cut diff --git a/doc/man1/openssl-ca.pod.in b/doc/man1/openssl-ca.pod.in deleted file mode 100644 index 1d497e848e796e0e65647895df781c93ede95134..0000000000000000000000000000000000000000 --- a/doc/man1/openssl-ca.pod.in +++ /dev/null @@ -1,849 +0,0 @@ -=pod -{- OpenSSL::safe::output_do_not_edit_headers(); -} - -=head1 NAME - -openssl-ca - sample minimal CA application - -=head1 SYNOPSIS - -B B -[B<-help>] -[B<-verbose>] -[B<-config> I] -[B<-name> I
] -[B<-section> I
] -[B<-gencrl>] -[B<-revoke> I] -[B<-valid> I] -[B<-status> I] -[B<-updatedb>] -[B<-crl_reason> I] -[B<-crl_hold> I] -[B<-crl_compromise> I